Play interactive tour

Edit tour

Analysis Report $RDPLVFM.exe

Overview

General Information

Sample Name:	$RDPLVFM.exe
Analysis ID:	392874
MD5:	9cbcd1d8dae34cd6cc49460103e521c4
SHA1:	b07e7b15752e1e25dd1e9fd480cacd5f3a79c5de
SHA256:	a9497a467b5846d60f2c12a3fd03c4fce70e38a7237a916d93ee440048b9c59b
Infos:
Most interesting Screenshot:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Binary is likely a compiled AutoIt script file

Binary contains a suspicious time stamp

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a DirectInput object (often for capturing keystrokes)

Detected potential crypto function

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains strange resources

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sleep loop found (likely to delay execution)

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Startup

System is w10x64

$RDPLVFM.exe (PID: 7136 cmdline: 'C:\Users\user\Desktop\$RDPLVFM.exe' MD5: 9CBCD1D8DAE34CD6CC49460103E521C4)

7za.exe (PID: 6420 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe x -y patchfiles.zip MD5: 0184E6EBE133EF41A8CC6EF98A263712)

conhost.exe (PID: 2804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

alp.exe (PID: 6752 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe MD5: BF506999F29EAAB4910A08ED740C12FB)

rundll32.exe (PID: 5940 cmdline: 'C:\Windows\system32\rundll32.exe' C:\Windows\system32\advpack.dll,DelNodeRunDLL32 'C:\Users\user\AppData\Local\Temp\IXP000.TMP\' MD5: 73C519F050C20580F8A62C849D49215A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\config\ajax.php	webshell_php_generic_tiny	php webshell having some kind of input and some kind of payload. restricted to small files or would give lots of false positives	Arnim Rupp	0x0:$php_short: <? 0x0:$php_new2: <?php 0x10:$inp3: _POST[ 0x33:$cpayload4: passthru(" 0x7f:$cpayload4: passthru(" 0xbb:$cpayload4: passthru(" 0x10d:$cpayload4: passthru(" 0x164:$cpayload4: passthru("
C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\chip\dataupd.php	webshell_php_generic_tiny	php webshell having some kind of input and some kind of payload. restricted to small files or would give lots of false positives	Arnim Rupp	0x0:$php_short: <? 0x0:$php_new2: <?php 0x94:$inp3: _POST[ 0xb8:$inp3: _POST[ 0xd6:$inp3: _POST[ 0xf7:$inp3: _POST[ 0x129:$inp3: _POST[ 0x153:$inp3: _POST[ 0x187:$inp3: _POST[ 0x1aa:$inp3: _POST[ 0x1df:$inp3: _POST[ 0x212:$inp3: _POST[ 0x259:$inp3: _POST[ 0x28b:$inp3: _POST[ 0x2b4:$inp3: _POST[ 0x2f1:$inp3: _POST[ 0x329:$inp3: _POST[ 0x365:$inp3: _POST[ 0x38a:$inp3: _POST[ 0x3be:$inp3: _POST[ 0x3d7:$cpayload2: exec($
C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\logfile.php	webshell_php_generic_tiny	php webshell having some kind of input and some kind of payload. restricted to small files or would give lots of false positives	Arnim Rupp	0x0:$php_short: <? 0x0:$php_new2: <?php 0xf8:$inp2: _GET[ 0xb8:$inp3: _POST[ 0x355:$cpayload2: exec("
C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\chip\index.php	webshell_phpshell3	Web Shell - file phpshell3.php	Florian Roth	0x4741:$s2: <input name="nounce" type="hidden" value="<?php echo $_SESSION['nounce']; 0x2746:$s7: $_SESSION['output'] .= "cd: could not change to: $new_dir\n";

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: $RDPLVFM.exe

Virustotal: Detection: 11%

Perma Link

Source: $RDPLVFM.exe

Static PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

Source:	Binary string: wextract.pdb source: $RDPLVFM.exe
Source:	Binary string: wextract.pdbGCTL source: $RDPLVFM.exe

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00405FB7 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,		2_2_00405FB7
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00407D3F FindFirstFileW,		2_2_00407D3F

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	File opened: C:\Users\user\AppData\Local\Temp\IXP000.TMP\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	File opened: C:\Users\user\AppData\Local\Temp\IXP000.TMP\lang.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	File opened: C:\Users\user\	Jump to behavior

Source: status.php.2.dr	String found in binary or memory: http://192.168.0.100/
Source: crypt.php.2.dr	String found in binary or memory: http://aspirine.org/htpasswd_en.html
Source: libcurl.so.4.2.dr	String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html
Source: documentation.php.2.dr	String found in binary or memory: http://docs.allnetnetworks.com/
Source: documentation.php.2.dr	String found in binary or memory: http://docs.allnetnetworks.com/check.php
Source: documentation.php.2.dr	String found in binary or memory: http://docs.allnetnetworks.com/direct.php
Source: crypt.php.2.dr	String found in binary or memory: http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
Source: jquery-ui-1.11.4.custom.min.css.2.dr	String found in binary or memory: http://jqueryui.com
Source: jquery-ui-1.11.4.custom.min.css.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Arial%2C%20Helvetica%2C%20sans-serif&fwDefault=normal&fsD
Source: jquery.blockUI.min.js.2.dr	String found in binary or memory: http://malsup.com/jquery/block/
Source: 7za.exe, 00000002.00000003.645520903.00000000007C0000.00000004.00000001.sdmp	String found in binary or memory: http://openweathermap.org/
Source: crypt.php.2.dr	String found in binary or memory: http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/crypto/apr_md5.c?view=co
Source: jquery.timepicker.min.js.2.dr	String found in binary or memory: http://trentrichardson.com/examples/timepicker
Source: jquery.simplecolorpicker.css.2.dr	String found in binary or memory: http://twitter.github.com/bootstrap/assets/css/bootstrap.css
Source: test_connection.sh.2.dr	String found in binary or memory: http://www.allnet.de
Source: about.html.2.dr	String found in binary or memory: http://www.allnet.de/gpl.html
Source: alp.exe, 00000006.00000000.648836045.0000000000FB4000.00000002.00020000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/R
Source: crypt.php.2.dr	String found in binary or memory: http://www.cryptologie.net/article/126/bruteforce-apr1-hashes/
Source: openssl.cnf.2.dr	String found in binary or memory: http://www.domain.dom/ca-crl.pem
Source: jquery.download.js.2.dr	String found in binary or memory: http://www.filamentgroup.com
Source: jquery.download.js.2.dr	String found in binary or memory: http://www.filamentgroup.com/lab/jquery_plugin_for_requesting_ajax_like_file_downloads/
Source: about.html.2.dr	String found in binary or memory: http://www.flotcharts.org/
Source: jquery-ui.icon-font.css.2.dr, jquery.blockUI.min.js.2.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: test_connection.sh.2.dr	String found in binary or memory: http://www.google.de
Source: access_log.conf.2.dr	String found in binary or memory: http://www.lighttpd.net/documentation/access.html
Source: jquery.blockUI.min.js.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: libcrypto.so.2.dr	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: libcrypto.so.2.dr	String found in binary or memory: http://www.openssl.org/support/faq.htmlRAND
Source: crypt.php.2.dr	String found in binary or memory: http://www.php.net/manual/en/function.crypt.php#73619
Source: jquery.short_cuts.js.2.dr	String found in binary or memory: http://www.stepanreznikov.com/js-shortcuts/
Source: lang_fr.ini.2.dr	String found in binary or memory: http://www.wetter.com/wetter_rss/wetter.xml)
Source: 7za.exe, 00000002.00000003.645520903.00000000007C0000.00000004.00000001.sdmp, jsonswitch.php.2.dr	String found in binary or memory: https://192.168.1.19/xml/jsonswitch.php?id=168&set=8.8&fading=16.9
Source: jquery-ui.icon-font.css.2.dr	String found in binary or memory: https://creativecommons.org/licenses/by-sa/3.0/
Source: about.html.2.dr	String found in binary or memory: https://github.com/HanSolo/SteelSeries-Canvas/
Source: about.html.2.dr	String found in binary or memory: https://github.com/flot/flot/blob/master/LICENSE.txt
Source: jquery.simplecolorpicker.css.2.dr	String found in binary or memory: https://github.com/twitter/bootstrap/blob/master/less/dropdowns.less
Source: crypt.php.2.dr	String found in binary or memory: https://github.com/whitehat101/apr1-md5
Source: ca-certificates.crt.2.dr	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/cert
Source: about.html.2.dr	String found in binary or memory: https://jquery.com/
Source: about.html.2.dr	String found in binary or memory: https://jquery.org/license/
Source: about.html.2.dr	String found in binary or memory: https://plus.google.com/105784522827877256999
Source: checkupdate.sh.2.dr	String found in binary or memory: https://update.allnet.de/
Source: offlineupdate.sh.2.dr	String found in binary or memory: https://update.allnet.de/v3/

Source: 7za.exe, 00000002.00000002.646626684.00000000007DA000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\chip\index.php, type: DROPPED

Matched rule: Web Shell - file phpshell3.php Author: Florian Roth

Binary is likely a compiled AutoIt script file

Show sources

Source: alp.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: alp.exe, 00000006.00000000.648738365.0000000000F9E000.00000002.00020000.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe

Code function: 2_2_004084D7: DeviceIoControl,GetModuleHandleW,GetProcAddress,GetDiskFreeSpaceW,

2_2_004084D7

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00468500	2_2_00468500
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_004559DF	2_2_004559DF
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0041B079	2_2_0041B079
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0045B5AB	2_2_0045B5AB
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00488250	2_2_00488250
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0046C350	2_2_0046C350
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00478490	2_2_00478490
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_004785A0	2_2_004785A0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_004089A6	2_2_004089A6
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0043CAE1	2_2_0043CAE1
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0047CD68	2_2_0047CD68
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00404E85	2_2_00404E85
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0044D018	2_2_0044D018
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0048D0D3	2_2_0048D0D3
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00445081	2_2_00445081
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_004750A0	2_2_004750A0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0048D261	2_2_0048D261
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00481290	2_2_00481290
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0048D33B	2_2_0048D33B
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0048D421	2_2_0048D421
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0047D4D0	2_2_0047D4D0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_004015C8	2_2_004015C8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_004019BD	2_2_004019BD
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00471A00	2_2_00471A00
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00475C80	2_2_00475C80
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00471D10	2_2_00471D10
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00475D80	2_2_00475D80
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00469EC0	2_2_00469EC0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0047DE90	2_2_0047DE90
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00465FE0	2_2_00465FE0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_004221D5	2_2_004221D5
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_004721A0	2_2_004721A0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0045E376	2_2_0045E376
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0044E32B	2_2_0044E32B
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00486460	2_2_00486460
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Code function: 6_2_00F1B043	6_2_00F1B043
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Code function: 6_2_00F2410F	6_2_00F2410F
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Code function: 6_2_00F03200	6_2_00F03200
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Code function: 6_2_00F24BEF	6_2_00F24BEF
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Code function: 6_2_00EFE3B0	6_2_00EFE3B0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Code function: 6_2_00EF9B60	6_2_00EF9B60
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Code function: 6_2_00F0F563	6_2_00F0F563
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Code function: 6_2_00F19ED0	6_2_00F19ED0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Code function: 6_2_00EF77B0	6_2_00EF77B0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Code function: 6_2_00EF6F07	6_2_00EF6F07

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: String function: 00401CEB appears 121 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: String function: 0048C9C0 appears 430 times

Source: $RDPLVFM.exe

Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 7557622 bytes, 9 files

Source: $RDPLVFM.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: $RDPLVFM.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: $RDPLVFM.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: alp.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: alp.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: alp.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: alp.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: alp.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: alp.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: $RDPLVFM.exe, 00000000.00000003.638525072.000002368D6D1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilename7za.exe, vs $RDPLVFM.exe
Source: $RDPLVFM.exe	Binary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs $RDPLVFM.exe
Source: $RDPLVFM.exe	Binary or memory string: OriginalFilenameWEXTRACT.EXE D vs $RDPLVFM.exe

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\config\ajax.php, type: DROPPED	Matched rule: webshell_php_generic_tiny date = 2021/01/14, author = Arnim Rupp, description = php webshell having some kind of input and some kind of payload. restricted to small files or would give lots of false positives, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = bee1b76b1455105d4bfe2f45191071cf05e83a309ae9defcf759248ca9bceddd
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\chip\dataupd.php, type: DROPPED	Matched rule: webshell_php_generic_tiny date = 2021/01/14, author = Arnim Rupp, description = php webshell having some kind of input and some kind of payload. restricted to small files or would give lots of false positives, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = bee1b76b1455105d4bfe2f45191071cf05e83a309ae9defcf759248ca9bceddd
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\logfile.php, type: DROPPED	Matched rule: webshell_php_generic_tiny date = 2021/01/14, author = Arnim Rupp, description = php webshell having some kind of input and some kind of payload. restricted to small files or would give lots of false positives, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = bee1b76b1455105d4bfe2f45191071cf05e83a309ae9defcf759248ca9bceddd
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\chip\index.php, type: DROPPED	Matched rule: webshell_phpshell3 date = 2014/01/28, author = Florian Roth, description = Web Shell - file phpshell3.php, score = 76117b2ee4a7ac06832d50b2d04070b8

Source: classification engine

Classification label: mal60.winEXE@7/561@0/0

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe

Code function: 6_2_00F3CE7A GetLastError,FormatMessageW,

6_2_00F3CE7A

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00408598 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,		2_2_00408598
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0041A004 __EH_prolog,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		2_2_0041A004

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe

Code function: 2_2_004084D7 DeviceIoControl,GetModuleHandleW,GetProcAddress,GetDiskFreeSpaceW,

2_2_004084D7

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe

Code function: 6_2_00F36532 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,

6_2_00F36532

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe

Code function: 6_2_00EF406B CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

6_2_00EF406B

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2804:120:WilError_01

Source: C:\Users\user\Desktop\$RDPLVFM.exe

File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP

Jump to behavior

Source: $RDPLVFM.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe

File read: C:\Users\user\AppData\Local\Temp\IXP000.TMP\lang.ini

Jump to behavior

Source: C:\Users\user\Desktop\$RDPLVFM.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Windows\system32\advpack.dll,DelNodeRunDLL32 'C:\Users\user\AppData\Local\Temp\IXP000.TMP\'

Source: sqldb_write.2.dr	Binary or memory string: SELECT value FROM config WHERE tag='%s';%sINSERT INTO config (tag,value) values ('%s','%s');UPDATE config SET value='%s' where tag='%s';Y@@?
Source: timer_demon.2.dr	Binary or memory string: INSERT INTO config (tag,value) values ('%s','%s');UPDATE config SET value='%s' where tag='%s';%4.2f%ld* SQLDB_READ_STRING ERROR: LOCKED ! SQL="%s" *
Source: sqldb_write.2.dr	Binary or memory string: SELECT value FROM config WHERE tag='%s';
Source: restore.sql.2.dr	Binary or memory string: INSERT or REPLACE INTO frontend select * from merge.frontend;
Source: i2c_demon.2.dr	Binary or memory string: CREATE TABLE [i2c_new] ([id] INTEGER NOT NULL PRIMARY KEY, [chip_number] INTEGER NOT NULL DEFAULT '0',[chip_address] INTEGER NOT NULL DEFAULT '0',[i2c_bus] INTEGER NOT NULL DEFAULT '0',[i2c_group] INTEGER NOT NULL DEFAULT '0',[i2c_port] INTEGER NOT NULL DEFAULT '0',[i2c_mux_enabled] INTEGER NOT NULL DEFAULT '0',[i2c_mux_port] INTEGER NOT NULL DEFAULT '0',[timestamp] TEXT NOT NULL DEFAULT '00000000', [comment] TEXT default '');
Source: restore.sql.2.dr	Binary or memory string: INSERT or REPLACE INTO sensors_logical select * from merge.sensors_logical;
Source: restore.sql.2.dr	Binary or memory string: INSERT or REPLACE INTO timer select * from merge.timer;
Source: update_demon.2.dr	Binary or memory string: INSERT INTO config (tag,value) values ('%s','%s');UPDATE config SET value='%s' where tag='%s';%4.2f/etc/allnetenv/config.s3db* SQLDB_READ_STRING ERROR: LOCKED ! SQL="%s" *
Source: restore.sql.2.dr	Binary or memory string: INSERT or REPLACE INTO users select * from merge.users;
Source: sqldb_write.2.dr	Binary or memory string: UPDATE config SET value='%s' where tag='%s';
Source: sqldb_write.2.dr	Binary or memory string: INSERT INTO config (tag,value) values ('%s','%s');
Source: i2c_demon.2.dr	Binary or memory string: INSERT INTO config (tag,value) values ('%s','%s');UPDATE config SET value='%s' where tag='%s';%4.2f* SQLDB_READ_STRING ERROR: LOCKED ! SQL="%s" *
Source: restore.sql.2.dr	Binary or memory string: INSERT or REPLACE INTO external select * from merge.external;
Source: i2c_demon.2.dr	Binary or memory string: CREATE TABLE [i2c_all] ([id] INTEGER NOT NULL PRIMARY KEY, [chip_number] INTEGER NOT NULL DEFAULT '0',[chip_address] INTEGER NOT NULL DEFAULT '0',[i2c_bus] INTEGER NOT NULL DEFAULT '0',[i2c_group] INTEGER NOT NULL DEFAULT '0',[i2c_port] INTEGER NOT NULL DEFAULT '0',[i2c_mux_enabled] INTEGER NOT NULL DEFAULT '0',[i2c_mux_port] INTEGER NOT NULL DEFAULT '0',[external_dbid] INTEGER NOT NULL DEFAULT '0',[timestamp] TEXT NOT NULL DEFAULT '00000000', [comment] TEXT default '');
Source: query_resetbutton.2.dr	Binary or memory string: INSERT INTO config (tag,value) values ('%s','%s');UPDATE config SET value='%s' where tag='%s';%4.2f%ld/etc/allnetenv/config.s3db* SQLDB_READ_STRING ERROR: LOCKED ! SQL="%s" *
Source: restore.sql.2.dr	Binary or memory string: INSERT or REPLACE INTO mapping select * from merge.mapping;
Source: restore.sql.2.dr	Binary or memory string: INSERT or REPLACE INTO config select * from merge.config;
Source: restore.sql.2.dr	Binary or memory string: INSERT or REPLACE INTO camera_upload select * from merge.camera_upload;
Source: restore.sql.2.dr	Binary or memory string: INSERT or REPLACE INTO matrix select * from merge.matrix;

Source: $RDPLVFM.exe

Virustotal: Detection: 11%

Source: unknown	Process created: C:\Users\user\Desktop\$RDPLVFM.exe 'C:\Users\user\Desktop\$RDPLVFM.exe'
Source: C:\Users\user\Desktop\$RDPLVFM.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe x -y patchfiles.zip
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\$RDPLVFM.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe
Source: unknown	Process created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Windows\system32\advpack.dll,DelNodeRunDLL32 'C:\Users\user\AppData\Local\Temp\IXP000.TMP\'
Source: C:\Users\user\Desktop\$RDPLVFM.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe x -y patchfiles.zip	Jump to behavior
Source: C:\Users\user\Desktop\$RDPLVFM.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Jump to behavior

Source: C:\Users\user\Desktop\$RDPLVFM.exe

File written: C:\Users\user\AppData\Local\Temp\IXP000.TMP\lang.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe

Window found: window name: SysTabControl32

Jump to behavior

Source: $RDPLVFM.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: $RDPLVFM.exe

Static file information: File size 7715840 > 1048576

Source: $RDPLVFM.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x751400

Source: $RDPLVFM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: $RDPLVFM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: $RDPLVFM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: $RDPLVFM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: $RDPLVFM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: $RDPLVFM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: $RDPLVFM.exe

Static PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

Source: $RDPLVFM.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wextract.pdb source: $RDPLVFM.exe
Source:	Binary string: wextract.pdbGCTL source: $RDPLVFM.exe

Source: $RDPLVFM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: $RDPLVFM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: $RDPLVFM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: $RDPLVFM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: $RDPLVFM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: $RDPLVFM.exe

Static PE information: 0xE68AAE13 [Fri Jul 25 18:16:51 2092 UTC]

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe

Code function: 6_2_00F23920 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,

6_2_00F23920

Source: alp.exe.0.dr

Static PE information: real checksum: 0xf38fa should be: 0xfdcb3

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0048C9C0 push eax; ret	2_2_0048C9DE
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_0048CD70 push eax; ret	2_2_0048CD9E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Code function: 6_2_00F16B05 push ecx; ret	6_2_00F16B18

Source: C:\Users\user\Desktop\$RDPLVFM.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\plink.exe	Jump to dropped file
Source: C:\Users\user\Desktop\$RDPLVFM.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pscp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\$RDPLVFM.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Jump to dropped file
Source: C:\Users\user\Desktop\$RDPLVFM.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Jump to dropped file

Source: C:\Users\user\Desktop\$RDPLVFM.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0	Jump to behavior
Source: C:\Users\user\Desktop\$RDPLVFM.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0	Jump to behavior
Source: C:\Users\user\Desktop\$RDPLVFM.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0	Jump to behavior
Source: C:\Users\user\Desktop\$RDPLVFM.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Window / User API: threadDelayed 9998	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Window / User API: foregroundWindowGot 500	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Window / User API: foregroundWindowGot 1274	Jump to behavior

Source: C:\Users\user\Desktop\$RDPLVFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\plink.exe			Jump to dropped file
Source: C:\Users\user\Desktop\$RDPLVFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pscp.exe			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe TID: 6748

Thread sleep time: -99980s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe

Thread sleep count: Count: 9998 delay: -10

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00405FB7 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,		2_2_00405FB7
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	Code function: 2_2_00407D3F FindFirstFileW,		2_2_00407D3F

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe

Code function: 2_2_00408D40 GetSystemInfo,

2_2_00408D40

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	File opened: C:\Users\user\AppData\Local\Temp\IXP000.TMP\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	File opened: C:\Users\user\AppData\Local\Temp\IXP000.TMP\lang.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	File opened: C:\Users\user\	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe

Code function: 6_2_00F23920 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,

6_2_00F23920

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe

Code function: 6_2_00F23920 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,

6_2_00F23920

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe

Code function: 6_2_00F23920 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,

6_2_00F23920

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe

Code function: 6_2_00F26F40 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

6_2_00F26F40

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe

Code function: 6_2_00F181AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,

6_2_00F181AC

Source: $RDPLVFM.exe, 00000000.00000002.1160682065.000002368DB40000.00000002.00000001.sdmp, alp.exe, 00000006.00000002.1162446635.0000000001FD0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: $RDPLVFM.exe, 00000000.00000002.1160682065.000002368DB40000.00000002.00000001.sdmp, alp.exe, 00000006.00000002.1162446635.0000000001FD0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: $RDPLVFM.exe, 00000000.00000002.1160682065.000002368DB40000.00000002.00000001.sdmp, alp.exe, 00000006.00000002.1162446635.0000000001FD0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: alp.exe, 00000006.00000000.648738365.0000000000F9E000.00000002.00020000.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
Source: $RDPLVFM.exe, 00000000.00000002.1160682065.000002368DB40000.00000002.00000001.sdmp, alp.exe, 00000006.00000002.1162446635.0000000001FD0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\$RDPLVFM.exe

Code function: 0_2_00007FF63C4B80F0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,GetTickCount,QueryPerformanceCounter,

0_2_00007FF63C4B80F0

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API1	Registry Run Keys / Startup Folder1	Access Token Manipulation1	Virtualization/Sandbox Evasion2	Input Capture1	System Time Discovery1	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Process Injection2	Access Token Manipulation1	LSASS Memory	Security Software Discovery3	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Registry Run Keys / Startup Folder1	Process Injection2	Security Account Manager	Virtualization/Sandbox Evasion2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Deobfuscate/Decode Files or Information1	NTDS	Process Discovery2	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information2	LSA Secrets	Application Window Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Rundll321	Cached Domain Credentials	File and Directory Discovery4	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Timestomp1	DCSync	System Information Discovery4	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
$RDPLVFM.exe	12%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe	8%	ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.cryptologie.net/article/126/bruteforce-apr1-hashes/	0%	Avira URL Cloud	safe
http://docs.allnetnetworks.com/direct.php	0%	Avira URL Cloud	safe
http://www.domain.dom/ca-crl.pem	0%	Avira URL Cloud	safe
http://docs.allnetnetworks.com/	0%	Avira URL Cloud	safe
http://www.stepanreznikov.com/js-shortcuts/	0%	Avira URL Cloud	safe
https://192.168.1.19/xml/jsonswitch.php?id=168&set=8.8&fading=16.9	0%	Avira URL Cloud	safe
http://docs.allnetnetworks.com/check.php	0%	Avira URL Cloud	safe
http://192.168.0.100/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.cryptologie.net/article/126/bruteforce-apr1-hashes/	crypt.php.2.dr	false	Avira URL Cloud: safe	unknown
http://www.filamentgroup.com	jquery.download.js.2.dr	false		high
https://update.allnet.de/v3/	offlineupdate.sh.2.dr	false		high
http://www.autoitscript.com/autoit3/R	alp.exe, 00000006.00000000.648836045.0000000000FB4000.00000002.00020000.sdmp	false		high
http://www.wetter.com/wetter_rss/wetter.xml)	lang_fr.ini.2.dr	false		high
http://docs.allnetnetworks.com/direct.php	documentation.php.2.dr	false	Avira URL Cloud: safe	unknown
http://www.domain.dom/ca-crl.pem	openssl.cnf.2.dr	false	Avira URL Cloud: safe	unknown
http://jqueryui.com	jquery-ui-1.11.4.custom.min.css.2.dr	false		high
http://www.lighttpd.net/documentation/access.html	access_log.conf.2.dr	false		high
https://jquery.org/license/	about.html.2.dr	false		high
https://github.com/whitehat101/apr1-md5	crypt.php.2.dr	false		high
https://github.com/HanSolo/SteelSeries-Canvas/	about.html.2.dr	false		high
http://www.allnet.de	test_connection.sh.2.dr	false		high
http://docs.allnetnetworks.com/	documentation.php.2.dr	false	Avira URL Cloud: safe	unknown
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/cert	ca-certificates.crt.2.dr	false		high
http://www.openssl.org/support/faq.html	libcrypto.so.2.dr	false		high
http://curl.haxx.se/docs/http-cookies.html	libcurl.so.4.2.dr	false		high
http://twitter.github.com/bootstrap/assets/css/bootstrap.css	jquery.simplecolorpicker.css.2.dr	false		high
http://www.php.net/manual/en/function.crypt.php#73619	crypt.php.2.dr	false		high
http://www.stepanreznikov.com/js-shortcuts/	jquery.short_cuts.js.2.dr	false	Avira URL Cloud: safe	unknown
http://aspirine.org/htpasswd_en.html	crypt.php.2.dr	false		high
https://github.com/flot/flot/blob/master/LICENSE.txt	about.html.2.dr	false		high
http://www.opensource.org/licenses/mit-license.php	jquery.blockUI.min.js.2.dr	false		high
https://update.allnet.de/	checkupdate.sh.2.dr	false		high
http://www.openssl.org/support/faq.htmlRAND	libcrypto.so.2.dr	false		high
https://creativecommons.org/licenses/by-sa/3.0/	jquery-ui.icon-font.css.2.dr	false		high
http://jqueryui.com/themeroller/?ffDefault=Arial%2C%20Helvetica%2C%20sans-serif&fwDefault=normal&fsD	jquery-ui-1.11.4.custom.min.css.2.dr	false		high
https://192.168.1.19/xml/jsonswitch.php?id=168&set=8.8&fading=16.9	7za.exe, 00000002.00000003.645520903.00000000007C0000.00000004.00000001.sdmp, jsonswitch.php.2.dr	false	Avira URL Cloud: safe	unknown
http://www.google.de	test_connection.sh.2.dr	false		high
https://jquery.com/	about.html.2.dr	false		high
http://www.filamentgroup.com/lab/jquery_plugin_for_requesting_ajax_like_file_downloads/	jquery.download.js.2.dr	false		high
http://www.allnet.de/gpl.html	about.html.2.dr	false		high
http://malsup.com/jquery/block/	jquery.blockUI.min.js.2.dr	false		high
http://docs.allnetnetworks.com/check.php	documentation.php.2.dr	false	Avira URL Cloud: safe	unknown
http://192.168.0.100/	status.php.2.dr	false	Avira URL Cloud: safe	unknown
http://www.gnu.org/licenses/gpl.html	jquery-ui.icon-font.css.2.dr, jquery.blockUI.min.js.2.dr	false		high
https://github.com/twitter/bootstrap/blob/master/less/dropdowns.less	jquery.simplecolorpicker.css.2.dr	false		high
http://httpd.apache.org/docs/2.2/misc/password_encryptions.html	crypt.php.2.dr	false		high
http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/crypto/apr_md5.c?view=co	crypt.php.2.dr	false		high
http://openweathermap.org/	7za.exe, 00000002.00000003.645520903.00000000007C0000.00000004.00000001.sdmp	false		high
http://trentrichardson.com/examples/timepicker	jquery.timepicker.min.js.2.dr	false		high
http://www.flotcharts.org/	about.html.2.dr	false		high

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	392874
Start date:	19.04.2021
Start time:	23:29:12
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	$RDPLVFM.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.winEXE@7/561@0/0
EGA Information:	Successful, ratio: 66.7%
HDC Information:	Successful, ratio: 0.4% (good quality ratio 0.3%) Quality average: 70% Quality standard deviation: 31.7%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, wermgr.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe Execution Graph export aborted for target $RDPLVFM.exe, PID 7136 because there are no executed function Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe	IEUser.exe	Get hash	malicious	Browse
	2018_19_S1_A1.exe	Get hash	malicious	Browse
	2018_19_S1_A1.exe	Get hash	malicious	Browse
	2018_19_S1_A1.exe	Get hash	malicious	Browse
	CDaNsQ7Rrd.exe	Get hash	malicious	Browse
	runme.exe	Get hash	malicious	Browse
	tes2.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe Download File
Process:	C:\Users\user\Desktop\$RDPLVFM.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	690688
Entropy (8bit):	6.581619840895496
Encrypted:	false
SSDEEP:	12288:rmJysC11szmzqS/Vf3gny3MhcGsnWrfATfkeafIO3rn1ExwnZE1f:r9s/zmT/my8zoW6ff4rn1ExwZE
MD5:	0184E6EBE133EF41A8CC6EF98A263712
SHA1:	CB9F603E061AEF833A2DB501AA8BA6BA007D768E
SHA-256:	DD6D7AF00EF4CA89A319A230CDD094275C3A1D365807FE5B34133324BDAA0229
SHA-512:	6FEC04E7369858970063E94358AEC7FE872886B5EA440B4A11713B08511BA3EBE8F3D9312E32883B38BAE66E42BC8E208E11678C383A5AD0F7CC0ABE29C3A8ED
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: IEUser.exe, Detection: malicious, Browse Filename: 2018_19_S1_A1.exe, Detection: malicious, Browse Filename: 2018_19_S1_A1.exe, Detection: malicious, Browse Filename: 2018_19_S1_A1.exe, Detection: malicious, Browse Filename: CDaNsQ7Rrd.exe, Detection: malicious, Browse Filename: runme.exe, Detection: malicious, Browse Filename: tes2.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,"..Bq..Bq..Bq..Nq.Bq..Iq.BqB.Lq.Bq..Hq.Bq..Fq.BqO..q..Bq..CqN.BqB..q.Bq..Iqy.Bq...q.Bq...q.Bq..Dq..BqRich..Bq........................PE..L...+.Y........../......8...................P....@..........................@..............................................,...x....0..@............................................................................P..(............................text....7.......8.................. ..`.rdata...@...P...B...<..............@..@.data....r...........~..............@....sxdata...... ......................@....rsrc...@....0......................@..@........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\allnet.ico Download File
Process:	C:\Users\user\Desktop\$RDPLVFM.exe
File Type:	MS Windows icon resource - 1 icon, 16x12, 8 bits/pixel
Category:	dropped
Size (bytes):	1326
Entropy (8bit):	3.83221656975948
Encrypted:	false
SSDEEP:	24:QlTYSDdj/lJmJf5Qf1wSy+mH/Mx5dpNqD9a:6jFlYJf6fSSy+KUxDTq
MD5:	6B395E553E4925B2D51F9B545D065867
SHA1:	8A5D106507ADEE4878514AD55CCC332DCA419CDC
SHA-256:	CE16DBE6B0A50CE54A2BD0BBFA86F0E357B94D4327B336686588255749D7A89A
SHA-512:	23B953ED866F4CFFD497FAD72B65653CCDAF1B9A588223F028A0067BDF83E03D8440C377FACAB5448B1A2A3444184591A209F0BC922B90A3C64EFD16298F53BF
Malicious:	false
Reputation:	low
Preview:	......................(.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.au3 Download File
Process:	C:\Users\user\Desktop\$RDPLVFM.exe
File Type:	C source, ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	11337
Entropy (8bit):	5.592504389889568
Encrypted:	false
SSDEEP:	192:0Omn37k80hkTsTdjilUT74yEQCYxiMza8q2T453f5/78aa3qn9d7dQtrVW1SwvGu:0Oi37k80hkUEQCYIGaZI41fBYaa3q9dl
MD5:	D1B3DE90B68F99BAD69B845FFAE0A954
SHA1:	98DFC9B732E9FCF04411C059310BEFF3C987748D
SHA-256:	81318D237D6907B38B7819F5EF738206AFDEBE9ECEC85CC69D9FED13F3B6022A
SHA-512:	99441B6B82081F7D5504279626DE6430C45C21464B0DD2A6CD9A08F45D8431760F785BA225D66F4F8FEFC9F58DDCFE5D902840451243FFABC0C47C701DF7651F
Malicious:	false
Reputation:	low
Preview:	#Region ;** Directives created by AutoIt3Wrapper_GUI ..#AutoIt3Wrapper_Res_Description=ALLNET Local Patcher..#AutoIt3Wrapper_Res_Fileversion=1.2..#AutoIt3Wrapper_Res_LegalCopyright=ALLNET GmbH Computersysteme..#AutoIt3Wrapper_Add_Constants=n..#EndRegion ; Directives created by AutoIt3Wrapper_GUI **..#include <Constants.au3>..#include <AutoItConstants.au3>..#include <MsgBoxConstants.au3>..#include <Array.au3>..#include <ButtonConstants.au3>..#include <EditConstants.au3>..#include <Date.au3>..#include <GUIConstantsEx.au3>..#include <StaticConstants.au3>..#include <TabConstants.au3>..#include <WindowsConstants.au3>..#Region ### START Koda GUI section ### Form=c:\users\normal\desktop\au\lp_form.kxf....Global $iGuiWidth = 323, $iGuiHeight = 233, $iGuiXPos = (@DesktopWidth / 2) - $iGuiWidth / 2, $iGuiYPos = (@DesktopHeight / 2) - $iGuiHeight / 2....Local $lang = IniReadSection(@ScriptDir & "\lang.ini", "de")....Local $source = IniRead(@ScriptDir & "\patch.ini", "path", "source",

C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe Download File
Process:	C:\Users\user\Desktop\$RDPLVFM.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	985600
Entropy (8bit):	6.81888999580384
Encrypted:	false
SSDEEP:	12288:dtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga+TheynGHFTxKXSt6A:dtb20pkaCqT5TBWgNQ7amhrnGRCSt6A
MD5:	BF506999F29EAAB4910A08ED740C12FB
SHA1:	63D54DF698490405F147C020A7EA8835AA41264E
SHA-256:	4A6000E16261941A671473DC67CBE7C7DA90A88A13ACA63E8B2EA1968D9E3AD6
SHA-512:	E2870B422AEF4A95C62F37152D331632B4A59643999DBB73D3F2B93FDAD95ED3D12A9F8D70C19EC06FD366112DD7E0CF1E70B379D11ECCB11C278CDDE05284B8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d...........'.a....H.k....H.h.....H.i....}%....}5............~.......k......o.....1......j....Rich....................PE..L....^.Y.........."..........P......t_............@..........................p.......8....@...@.......@......................p..\|....@..@y......................Ll..................................0'..@...............`............................text...O........................... ..`.rdata..B...........................@..@.data...T........b..................@....rsrc...@y...@...z..................@..@.reloc..t............d..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\lang.ini Download File
Process:	C:\Users\user\Desktop\$RDPLVFM.exe
File Type:	ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	1310
Entropy (8bit):	5.191323439459187
Encrypted:	false
SSDEEP:	24:wWXIW4SPFpuATSgLlqvwMVuE11cRqUPQ7bTWy0+Byvc2JxfJSWt3snnEohbBbf+4:JIgFoA5kI3E11cRnkbTYD7BB3snEmbRl
MD5:	EBD1F6AA84ECA83F3BE7E9D122AD91E8
SHA1:	35FF5533F80EBA4FC23085AC99A95CC60BDEB341
SHA-256:	EA79D91121A27035349BD2D15DDD8B2C5042439EA02B48799A2174E6073B50D0
SHA-512:	B63EB97FF185746DB3EFBE71BBB3E3E4D5A43651100A37704C01385C8115F72B9157DF22EB5350BD6864A1257346A899B31C8DEA9EB04065FD10927783D32B5E
Malicious:	false
Reputation:	low
Preview:	[de]..1=Standard..2=Start..3=Abbrechen..4=Ger.te IP Adresse..5=(z.B. 192.168.0.100)..6=Benutzer..7=Passwort..8=Port..9=Felder leer lassen wenn Standard..10=Pr.fe Ger.t..11=KEINE g.ltige IP-Adresse ..12=Bitte warten.....13=kopiere aktuelle Dateien.....14=Ein Fehler ist aufgetreten..15=Benutzer oder Passwort falsch..16=Falscher Ger.te Typ: Dieser Patch ist nicht geeignet f.r dieses Ger.t..17=Falsche Version: Ger.te Version..18=Ger.t erf.llt nicht die Voraussetzungen: ..19=Ger.t gefunden:..20=Version:..21=Korrigiere Berechtigungen.....22= nicht gefunden!..23=Failed to connect..24=Fertig.....25=Aktualisierung beendet...26=BITTE STARTEN SIE DAS GER.T NEU!!!..27=Erweitert....[en]..1=Standard..2=Start..3=Cancel..4=Device IP Address..5=(e.g. 192.168.0.100)..6=User..7=Password..8=Port..9=Leave fields blank for default..10=Check device accessibility..11=NOT a valid IP address ..12=Please wait.....13=Copy current files.....14=An Error has Occurred..15=User or Password wrong..16=Wrong Devicetype:

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patch.ini Download File
Process:	C:\Users\user\Desktop\$RDPLVFM.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	847
Entropy (8bit):	4.891955094061641
Encrypted:	false
SSDEEP:	12:/XDvOZXFo1BFo9tNPUKA1BF4fpNPUBNBFAfpNPURKxMfm1XXN6vCEN4AGA:/XDOxFoLmrKRLSBKVKBKRAMfmXgakrGA
MD5:	B1D77CA9010A53546B254D33F05EFB3B
SHA1:	2117C34F1599F4A2604E8A61300EDADF635E719F
SHA-256:	35BC69B411F1F551F4D501FE2BEE0880206E9672EEF620C972E470973C63909E
SHA-512:	10D1B439BC734930FA7FD6E6ED648F87DDBEF6F6D4DCB85A116E6B1783D4373B77CFEAE11868C744EC7B78AD2A5503D88D9D5C694907750D10123D2FA578D143
Malicious:	false
Reputation:	low
Preview:	[check]..deviceType=ALL3505..major=3..version=1000..[path]..source=\patchfiles\..target=/..[command]..check=[ -f /etc/default/device ] && { cat /etc/default/device \| tr -d '\n' > /root/info;echo -n '#' >> /root/info;cat /etc/default/version \| tr -d '\n' >> /root/info; } \|\| { /usr/sbin/allnet/sqldb_read /control/devicetype \| tr -d '\n' > /root/info;echo -n '#' >> /root/info;/usr/sbin/allnet/sqldb_read /sys/firmware/versionnum \| tr -d '\n' >> /root/info;echo -n ';' >> /root/info;/usr/sbin/allnet/sqldb_read /sys/firmware/patch \| tr -d '\n' >> /root/info; };cat /root/info;rm -rf /root/info;"..cleanupbefore=/etc/scripts/allnet.sh stop;/etc/scripts/httpd.sh stop;sleep 2;rm -rf /etc/init.d/;rm -rf /etc/scripts/;rm -rf /www;rm -rf /usr/sbin/allnet/;rm -rf /usr/apache;..start=/bin/chmod -R 775 /etc/scripts/*;/etc/scripts/laststate.sh;......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles.zip Download File
Process:	C:\Users\user\Desktop\$RDPLVFM.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	7888797
Entropy (8bit):	7.984738501222126
Encrypted:	false
SSDEEP:	196608:oeQePs7OSbEb0rOEb0rmWyescTxSyIXmZj727vt:BDPKEbREba9R7u
MD5:	1C3573EC49D388226060CF7494660017
SHA1:	1AC4498CBA4457D1CB3DBC07D54C7B2F56571FD2
SHA-256:	E72D614F1E5BF8F3897F166F0CE1CAFDD6CA1C263795871034AA80440AB690A9
SHA-512:	39C7FFC90E08BBE3A7E50BFCCB380C6550DF452107B2EDF237F9EC2E1A2146F34F52FA4515351273BC8A41D6991F8B24BB2F7177314FDA5763BE06FA10B415E8
Malicious:	false
Reputation:	low
Preview:	PK.........q.J................patchfiles/PK........Mq;K................patchfiles/etc/PK.........q.J................patchfiles/etc/crontab/PK........)q.J..K.%...%.......patchfiles/etc/crontab/root/15 * * * /etc/scripts/ntpdate.sh.PK........P\uJ................patchfiles/etc/data_accessPK.........>=K................patchfiles/etc/default/PK........f<3Kt...G...t...(...patchfiles/etc/default/accessHelper.json..!.. ....1~&..fO...~Cvf.-...n..7.r..&..T...tU.D..x.j.....[:....r...s_>PK.........>=K.a..14.........patchfiles/etc/default/config_default.s3db...T...$9..RC)%...hbH.K.ech..B.Z..H......z..V..{......{.w_..\|.74lI...K......?...y..&....DI.!..8t+Q..wN?.!.Ef....>d......(w.=.G......$.N...Sx...MB..^......n_J.d...2...v...KV..S.........i.q0..j..6.%noWW...=.f)......#..$...!.1..$.[.>3.(.,..M..^.........3..sn..xn......S$..%..m..)..,.7J.\|.X,%.%gt"....;.Jeg.....[-..)..Wv-c..^.+..'..l"..%..fD....a6.xj.....eQ1...D&.v!.)3.a.....9%.O.n.x.$..V3..\|.T.gL0...'ywf)...rn&........m.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\crontab\root Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	37
Entropy (8bit):	3.858800164249569
Encrypted:	false
SSDEEP:	3:HQFPF/w2URvr4Auv:6CBRvr4Auv
MD5:	DAA087CC6BF5DA2118A1F6FF9FFCAC91
SHA1:	71D3DE81EC1751CD9D042066AA35F1701753A7F0
SHA-256:	028CD79911144DA67B81D5F8DCE64C5E960E207E6A06D4E4B13E05D378420F8A
SHA-512:	9CC2B9C68EDA45433F14ECCC59E7781458147064901FC6883E33A0D5A5620408742E17B494261CA863E97CBB5CAA5D85080ADFD7A657177485864EE5F73974AD
Malicious:	false
Reputation:	low
Preview:	/15 * * * /etc/scripts/ntpdate.sh.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\default\accessHelper.json Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	116
Entropy (8bit):	4.168516940483497
Encrypted:	false
SSDEEP:	3:YERmRXmaCirJ3A3sLxmaCirJ2INKVgwCKCn:YEM0aCmZL0aCmYPrCKCn
MD5:	471F2250EB48633B9E9EC07BDBCA3B98
SHA1:	D6469CD09897D4D3A18215619675452662728CC7
SHA-256:	8E1F68F78B6A1240E97A9FC5CE3C62D1A2930F7CCD4C2811EEC55348AF570B35
SHA-512:	6A9ABE3EBC5048FCA803CC56B9B930BD0E479A10E7E2D06C6C6011E09694B0A3AA501CD791EC754EFB0E32E41DF33666574191CFDFD2C1D1EB3FCA023D756B2A
Malicious:	false
Reputation:	low
Preview:	{"accessControl":{"enabled":"0","users":[]},"remoteControl":{"enabled":"0","users":[]},"slaveMode":{"enabled":"0"}}.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\default\config_default.s3db Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	SQLite 3.x database, last written using SQLite version 3015002
Category:	dropped
Size (bytes):	56320
Entropy (8bit):	5.405214449328123
Encrypted:	false
SSDEEP:	768:+D1vlLc+pLqFDIpAZLfG4fQ6Yp8Z+HUmQaBmel:+BlLbOFspAZLfBYn0+vnl
MD5:	9347C01E0F4A9B29484E4012AC676897
SHA1:	223A54D551E828E3C0ECCEEA4B55CE687999CC14
SHA-256:	E8515C6EAE200F591B5F755B9DF902079F82067660FF473A0D47445AF319469D
SHA-512:	2D8CA699050CF7EDAAEE144C274450B87D01A64399C52647BDA89CD6AB68B9F1FEFA1A06603112CA55E87410025C2ADB9497D9E5057061548E88C888519916C3
Malicious:	false
Preview:	SQLite format 3......@ ..F....7..............................................................F....Z....................................................................................................................................................................................................................................................P...++.Ytablesqlite_sequencesqlite_sequence.CREATE TABLE sqlite_sequence(name,seq).S........tabletimertimer.CREATE TABLE [timer] (. [id] INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,. [name] text NULL,. [description] text NULL,. [start] text NULL,. [action] text NULL,. [mo] text NULL,. [tu] text NULL,. [we] text NULL,. [th] text NULL,. [fr] text NULL,. [sa] text NULL,. [su] text NULL,. [actor] text NULL,. [active] text NULL,. [command] text NULL., [actor_type] text NOT NULL DEFAULT 2, [actor_analogValue] text, matrixID TEXT, matrixAction TEXT, flowControlID TEXT, timerType TEXT NOT NULL DEFAULT 0, sunInfo.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\default\daemons Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	128
Entropy (8bit):	3.9347392422078142
Encrypted:	false
SSDEEP:	3:CMviMXsIQvRJYIKbNXRMcqt6XlqBtQvXgXMN27vIK7Xo4QVBERfBAIQvELgKd73b:piM8IQvzwJRMt61q4vU7vIKTo4Qr4fBT
MD5:	5063C29EFAE4AF6C67B6544972C10831
SHA1:	7760BDFB54580B49A0F9371E3951B843C6E57037
SHA-256:	6329F108469D63C976F1FC99C0B23A95638413BFE04310FD6AA53C33A898CFAE
SHA-512:	895336E0782EBCF5BEE8D78C9FF65E41F079916395CF98F18ADD041C30D341161FA7D4C6120FD29357618857532B118C5DB999FE0E42C3241A2C6083FBF3CC18
Malicious:	false
Preview:	sensor_shm_demon.i2c_demon.timer_demon.history_demon.rc_read_demon.rc_write_demon.monitoring_demon.update_demon.analogctl_demon.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\default\dependent Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	15
Entropy (8bit):	3.773557262275185
Encrypted:	false
SSDEEP:	3:5xL2IQ6n:vKB6
MD5:	5699C3BBB2C27F1123B2C48CAB9FD7D6
SHA1:	B8D461347D5DD70CB0581A5C21960EF9099FCEAD
SHA-256:	A69326345C3C58E0FE00DB14682ECEF30FCFD3A10763D6C04BCCAD01A9D89F95
SHA-512:	6EBA6F87AC596A84DDAB53AECF5529BEBFD72DBF169E160393478A2DE13AA46497275EF162D6E3EF3EF180811D65FE885D6E17AE5D7F826EBD854ECCA914766D
Malicious:	false
Preview:	matrix_demon 5.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\default\device Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.2359263506290326
Encrypted:	false
SSDEEP:	3:sX6n:F
MD5:	87A0308ACC5106AA0B707E5062EFEC57
SHA1:	4E9FC12BEE7772597C5EC1A41A112BBC6D73F7EE
SHA-256:	CACE767F096157DF4C06797AC7D572A0F2DCD7EF7BF3001DFBCDCA85658D647F
SHA-512:	3631AC15BF13D672D84645FCD0BEA2CC6C1AD5F001326B8011F330460BDFBD316B9A2C2299BED85A5E710B10E4967B5682FCC3EDCB63E752D1E0529A8EE0FD26
Malicious:	false
Preview:	ALL3505

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\default\sqlite.cnf Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	14
Entropy (8bit):	3.3787834934861767
Encrypted:	false
SSDEEP:	3:pEURKe:pVKe
MD5:	01FD8BD297D99AC87E52D57AFC0A9B24
SHA1:	EFA85AB74E173AFCC532C0DA462F7363BD8306C4
SHA-256:	B55D279AFCE626E557C854498BA6A12C40675D6ED73C59A9A713C9D918D36F01
SHA-512:	DB132312B9DA431567C5F06E4FFFB1C85610CD8D6A8C24391A800ACFE7534CE8572ED10EFF1BE40249B4B9323290B4FE64F7EEE636C06EF960D948DE5DBF86DD
Malicious:	false
Preview:	.separator ';'

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\default\version Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.75
Encrypted:	false
SSDEEP:	3:RLU3X:5Un
MD5:	951F5DBFD3B0B2F7BDCB669CDD60B8F6
SHA1:	AC43518A75C6340E66452E4AC208A551A4F5F5EB
SHA-256:	381495CF80973CD0AD8A52481D2B4CC2364077D8504A03316E1B7E8D300A03CD
SHA-512:	272FD35F6054141F617406645017919707AD276BC1795C11D44D85AEC42F701001E11CCE65C00C69CD221702E3CD68AB878D59D2225497B0F777523332E7846C
Malicious:	false
Preview:	335;1082

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\group Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	224
Entropy (8bit):	4.251232014207013
Encrypted:	false
SSDEEP:	6:fzMmmd4MWo7oQ5P2vujzYTQv4XfDv1Lly+YQtUV/Hn:fz2d4XowmjzYTQvKL1LlyVQtUV/n
MD5:	DA358ADBF58E54ADBF01A2CF21FED955
SHA1:	05B8EAB2CCA239F208D41D2DF3A8BBDFEA8FA6F0
SHA-256:	AEB15A0A594B49B5422A2A7ADC938CFE22F9959B154C380D80773399B2E56D25
SHA-512:	83ADFF94683F3EFDB25BB736A8107B48A424E4328F5750DCF2CEDAA0501F1FA31732C59687D338F09667C2F06C89CE0484D2F3B4FD5700AD945D8934D6601625
Malicious:	false
Preview:	root:x:0:.daemon:x:1:.bin:x:2:.sys:x:3:.adm:x:4:.tty:x:5:.disk:x:6:.wheel:x:10:root.audio:x:29:.utmp:x:43:.staff:x:50:.haldaemon:x:68:.dbus:x:81:.netdev:x:82:.ftp:x:83.nobody:x:99:.nogroup:x:99:.users:x:100:.default:x:1000:.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\init.d\S00_firststart Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1782
Entropy (8bit):	5.326815325531047
Encrypted:	false
SSDEEP:	48:ZDHjt3ishi4kUDwuSP02/ENEJegRkghIlL3EPEq:xNi4JeP02/ENEJNQ3EPEq
MD5:	74ADB5E6F977C9D0E661F71DA2F88FA1
SHA1:	84C1DEBDFE644390A464428C70BBD0FFB8226417
SHA-256:	DB9C4A57019548401ACF8943E722B71A369B7F0DEFDF2D4E5C2006999491838A
SHA-512:	46CABBF3B47498F52D22D90DE8EB7985742AC4F702E621CBC3ADAB99013A03CA97B366C71325E0F755184DCEFD0BB21D1244446DD4D6A3CFE9D635BA705D6DF6
Malicious:	false
Preview:	#!/bin/sh.setTestChip() {../usr/bin/sqlite3 /etc/default/config_default.s3db "UPDATE external SET i2c_chip_id = '$chipid', i2c_primary_chip_number = '$primarychipnumber', i2c_primary_chip_address = '$primarychipaddress' WHERE id ='1';"..result=$?..echo "RES: $result".}..testTemperatureChip() {..echo -e "\033[01;33m[S00] -- FIRST START -> Check chip id \033[01;0m" #> /dev/console..count=3..result=1..chip=$(/usr/sbin/allnet/chip_type_test)..chipid=$(echo $chip \| cut -d';' -f1)..primarychipnumber=$(echo $chip \| cut -d';' -f2)..primarychipaddress=$(echo $chip \| cut -d';' -f3)...echo "Try inject config_default.s3db with found chip information: $chip"..while [ $result -ne 0 ]..do...setTestChip...compare=$(/usr/bin/sqlite3 -init /etc/default/sqlite.cnf /etc/default/config_default.s3db "SELECT i2c_chip_id, i2c_primary_chip_number, i2c_primary_chip_address FROM external WHERE id = '1';" 2> /dev/nul )...if [ $compare == $chip ]; then....echo -e "\033[01;32mInject config_default.s3db with found c

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\init.d\S10_init Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3488
Entropy (8bit):	5.394353925604677
Encrypted:	false
SSDEEP:	48:93Ba209MBaYBCFEDiWgnz9xBBvp1GJuKdT2:K20WB5Gz9xBlp122
MD5:	8CF9630E8AAB90AAE563B10FE536CC18
SHA1:	0010DF25AF313F62EDBF408B03C832B66F03D1DA
SHA-256:	A12B054989895A65BE40F0636AB102063724BB792EAF01197246EC8B7A610C85
SHA-512:	3CA6484E26B58BF6040223565A7A8A62678FB8B54C62144FADD8B7CDAFBA89151054AD52C1716F22414E03A88E6E4DD10DD0998E89FE63364C109D70712D5F3C
Malicious:	false
Preview:	#!/bin/sh.checkDirectories() {..HWID=`cat /etc/default/device`..printf "\e[1;33m%-50s\e[0m%s" "Starting Checking directories"..[ ! -d /tmp/wwwreports ] && mkdir -m777 /tmp/wwwreports..[ ! -d /tmp/wwwxml ] && mkdir -m777 /tmp/wwwxml..[ ! -d /tmp/svg ] && mkdir -m777 /tmp/svg..[ ! -d /var/run/lighttpd ] && mkdir -m777 /var/run/lighttpd..# Directorys for Version V3..[ ! -d /etc/allnetenv/log ] && mkdir -m775 /etc/allnetenv/log..[ ! -d /etc/allnetenv/log/day-0 ] && mkdir -m775 /etc/allnetenv/log/day-0..[ ! -d /etc/allnetenv/log/day-1 ] && mkdir -m775 /etc/allnetenv/log/day-1..[ ! -d /etc/allnetenv/log/day-2 ] && mkdir -m775 /etc/allnetenv/log/day-2..[ ! -d /etc/allnetenv/outputs ] && mkdir -m775 /etc/allnetenv/outputs..[ ! -d /etc/allnetenv/counter ] && mkdir -m775 /etc/allnetenv/counter..[ ! -h /usr/bin/php ] && ln -s /usr/bin/call.sh /usr/bin/php..[ ! -f /etc/allnetenv/accessHelper.json ] && cp /etc/default/accessHelper.json /etc/allnetenv/..if [ -f /etc/default/extend.json ];

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\init.d\S15_drivers Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2554
Entropy (8bit):	4.994948767256248
Encrypted:	false
SSDEEP:	48:/sNF/MfN8zNspPBykXHGlN83TmGeQT2NuCqvgF8elavcYvHvOsOJpLH:GJMfN8zNsJB1XN/2BavcYvHvtOJpr
MD5:	33DEA4DBD30B15C36CA72F740286ED5F
SHA1:	274CC3C9A4D4339C63FEC145347D697FE74B8B4E
SHA-256:	E1A495CFC7E6C2C3C5023C8DE886ECEBA97D519492ECF5F68EA7AF485C0C8F2F
SHA-512:	EA92D76BDF68B75A136969CA765D9347AA045D648E3644A0B4DD3218E64F11D84A52B2EC0FEC33FB673FDBFB77E882E9DF02A76F916F8CCE23FD90FCA0A6AF23
Malicious:	false
Preview:	#!/bin/sh.#modprobe usbserial.modprobe ftdi_sio.#.# udev.This is a minimal non-LSB version of a UDEV startup script. It.#.was derived by stripping down the udev-058 LSB version for use.#.with buildroot on embedded hardware using Linux 2.6.12+ kernels..#.#.You may need to customize this for your system's resource limits.#.(including startup time!) and administration. For example, if.#.your early userspace has a custom initramfs or initrd you might.#.need /dev much earlier; or without hotpluggable busses (like USB,.#.PCMCIA, MMC/SD, and so on) your /dev might be static after boot..#.#.This script assumes your system boots right into the eventual root.#.filesystem, and that init runs this udev script before any programs.#.needing more device nodes than the bare-bones set -- /dev/console,.#./dev/zero, /dev/null -- that's needed to boot and run this script..#..# old kernels don't use udev.case $(uname -r) in. 2.6\|2.7).;;. *)..exit 0;;.esac..# Check for missing binaries.UDEV_BIN=/s

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\init.d\S20_network Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1147
Entropy (8bit):	5.3348840809902685
Encrypted:	false
SSDEEP:	24:nKiRKF5mK3KNtPrD3jwmunAD/kj/N/Y/vvFX:K5f6NVTw3ADcj1w3vFX
MD5:	D20BADC24EAF3A25D400748B2E362458
SHA1:	6C199E8CEAC519FD56F219D843B03B3C32B1289A
SHA-256:	6FCD9C27D789493AB6E7A918B5886E610D522F8FF1B9D2CF9581ED47C306C58C
SHA-512:	C6438BA18287C6D2C7A5FB7E875565CFA1CEC14F1F3E1BFDDB48364B0752CEFDD07510BDEA7C1916465F26378DB4997C7634624E476F4B6765523C8CE337E0AD
Malicious:	false
Preview:	#!/bin/sh.HOSTNAME=`/usr/sbin/allnet/sqldb_read /sys/network/hostname`.LOCALDOMAIN=`/usr/sbin/allnet/sqldb_read /sys/network/localdomain`.IP=`/usr/sbin/allnet/sqldb_read /sys/network/lan/ipaddress`.WLAN_MODE=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/mode`..echo -e "\033[01;33m[S20] -- Setting hostname -> \033[00;32m$HOSTNAME\033[00;0m" > /dev/console.echo "$IP.$HOSTNAME.$LOCALDOMAIN.$HOSTNAME" > /etc/hosts.echo "127.0.0.1.localhost.$LOCALDOMAIN.localhost" >> /etc/hosts./bin/hostname $HOSTNAME.$LOCALDOMAIN..if [ ${WLAN_MODE} = "ap" ] ;then..#insmod /root/rt3070ap.ko..modprobe rt2860v2_ap.fi.if [ ${WLAN_MODE} = "sta" ] ;then..#insmod /root/rt3070sta.ko..modprobe rt2860v2_sta.fi.if [ ${WLAN_MODE} = "disabled" ] ;then..#insmod /root/rt3070sta.ko..modprobe rt2860v2_sta.fi.#fi..# Setup bridge.brctl addbr br0 .> /dev/console.brctl stp br0 off.> /dev/console.brctl setfd br0 0.> /dev/console..# Start up LAN interface.ifconfig br0 0.0.0.0 up...> /dev/console./etc/scripts/lan.sh start

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\init.d\S29ntp Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	571
Entropy (8bit):	4.903480886882991
Encrypted:	false
SSDEEP:	12:aNbcADBqAQrzvRaI2ygR5ejT4AJOxWUMkGKqdURuGKXpy1:aNIAMJxsRUjTNUMVujGpY
MD5:	EA3360C4196BBD5D1F7D92E0082CAC8B
SHA1:	D4A3ECF8E7FCAE320D88EC2A1063DB4A118F88DE
SHA-256:	13E2C2B1B3A1AC6F4AC5DC4CEA5A534443563EBA54A0C3BEED422FB05B6CD21C
SHA-512:	FF55B550913B0A92D674A4E363163D2F8FC719B01BDFD44A29895160936DF97DEB0CE26BC3A2E2962E294A6170A0F284993237935663EBFD60549C7C69A3BB3F
Malicious:	false
Preview:	#! /bin/sh.ENABLE=`/etc/scripts/get /sys/network/ntpd/enabled`.scriptid() {..printf "\n\n\e[42m------------------------------- [S29] -------------------------------\e[0m\n\n".}.case "$1" in. start)..scriptid..if [ ${ENABLE} = "1" ] ; then.. printf "\e[1:33mget/set time\e[0m\n".. /etc/scripts/ntpdate.sh..else. . printf "\e[1:33mtimeserver is disabled!\e[0m\n"..fi..;;. stop)..printf "\e[1:33mget/set time nothing to stop\e[0m\n". ;;. restart\|reload). $0 start. ;;. *). echo "Usage: $0 {start\|stop\|restart\|reload}" >&2. exit 1. ;;.esac..exit 0.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\init.d\S30_devicefirst Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	409
Entropy (8bit):	5.108539216491394
Encrypted:	false
SSDEEP:	12:1mNPUXvk9VL1J6beNF4FZeNFTQV6beNuB64FZ6MAi6o:1mKXv0JdYuMH4ytLo
MD5:	A0B9483A71411F19418782BACB546F84
SHA1:	3CE912357AFAB851D7DC4327B47731165B3F8538
SHA-256:	39F000B70A376D9F11FEEA85967BF1A8B2E3FD654D11D3A35DA3D5F423514F1E
SHA-512:	45009670AF98481031ADEBF0913F2C8A528D83D51C9236A42BAC1AE5116158296BEF0D1CA2FFED337EB3A42E4727FE1F827393A9E27AC67359D1EA2C12F3DB6A
Malicious:	false
Preview:	#!/bin/sh.HWID=`/usr/sbin/allnet/sqldb_read /sys/hardware/numeric_model`.echo -e -n "\033[01;33m[S30] -- ".if [ ${HWID} = "3651" ] ;then../usr/sbin/allnet/rgb_demon > /dev/console &..sleep 2../usr/sbin/allnet/rgb_out 0 64 0 0 0 0 64 0 0 0.fi.if [ ${HWID} = "5000" ] ;then../usr/sbin/allnet/lcd_demon > /dev/console &..sleep 2.fi.echo -e "\033[01;0m".if [ -f "/tmp/dhcplease" ] ; then..rm -rf /tmp/dhcplease.fi

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\init.d\S50_systools Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1942
Entropy (8bit):	5.320679733921808
Encrypted:	false
SSDEEP:	24:1mKXv1mK8ACmK+AqmKDZbKDH8Ks4OjY4E/5JkO+sj4YCnA/xi4oCn0X/Dl/LQhO:1ndngn+3nDQDleUPkP6CAxmC0vhTQM
MD5:	E8781DB880550F419F4846AE7A6EAFB1
SHA1:	3684E30E8A50041927CE8133BB3D87AF0493A237
SHA-256:	115454FDDDE3D8152E0D1366F7BC7C4AB157F4E0AF90A1C58F66A2BDDA8DC51A
SHA-512:	6989DC25751A98ADFF5F9FA2D54EB310F30666E6196DB65AB853520612775BBBD1D202C35B72D9812D632EEF32C10DFDF16776E4FDB8A7FF2D542CF4331131D8
Malicious:	false
Preview:	#!/bin/sh.HWID=`/usr/sbin/allnet/sqldb_read /sys/hardware/numeric_model`.FTPENABLED=`/usr/sbin/allnet/sqldb_read /sys/network/ftp/enabled`.SSHENABLED=`/usr/sbin/allnet/sqldb_read /sys/network/sshd/enabled`.SYSLOG_ENABLED=`/usr/sbin/allnet/sqldb_read /sys/logging/syslog_enabled`.SYSLOG_SERVER=`/usr/sbin/allnet/sqldb_read /sys/logging/syslog_server`.INIT=`/usr/sbin/allnet/sqldb_read /device/language`.if [ $INIT = "INIT" ] ; then. SSHENABLED=1.fi.echo -e -n "\033[01;33m[S50] -- Start AVAHI -> \033[01;0m".if [ ${HWID} = "5000" ] ;then../usr/sbin/allnet/lcd_write 0 "Start AVAHI".fi./etc/scripts/avahi.sh start > /dev/console.echo -e "\033[00;32mdone.\033[00;0m" > /dev/console.# SYSLOG.echo -e -n "\033[01;33m[S50] -- Checking syslog -> \033[01;0m".if [ ${SYSLOG_ENABLED} = "1" ] ; then..echo -e "\033[00;32menabled - Logging to: $SYSLOG_SERVER\033[00;0m" > /dev/console../sbin/syslogd -R $SYSLOG_SERVER.else..echo -e "\033[00;32mdisabled - NOTHING TO DO!\033[00;0m" >

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\init.d\S70daemons Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2804
Entropy (8bit):	5.274702844136209
Encrypted:	false
SSDEEP:	24:aBkrUmEmpB57Nso9iNE4D2awoJsMD8DSU+wmzmpB57NLoJr7XDN7goTPD8DySJh0:Gkr3zsteoU+70LQWcxSJhzN1GNeWj/
MD5:	6C4327C42A1C71BCB8DB960B1043FD40
SHA1:	8AD62B62A5BE0CDBBDC30A8E379AC840E4688299
SHA-256:	2548DF5284B3013074247404F0CA7D5A859B44CB22CE31FA92691DEC43A103A2
SHA-512:	F956D1EED8478DA1D1CB3E3188185116A6576BB88C83932FE06BC1E202848A954BD639F3088AEBCACF3B7033B93EB1D1A9E19736124AE74C286762DB416F1CAB
Malicious:	false
Preview:	#! /bin/sh.daemons() {..cat /etc/default/daemons \| while read action; do...PARAM=""...CHECK=$(echo "$action" \| wc -w)...if [ ${CHECK} -gt 1 ]; then....PARAM=$( echo "$action" \|cut -d\ -f2 )...fi...NAME=$( echo "$action" \|cut -d\ -f0 )...DAEMON=/usr/sbin/allnet/$NAME...if [ $1 -eq 1 ] ;then....test -x $DAEMON....if [ $? -eq 1 ] ;then.....printf "\e[1;33m%-50s\e[0m\e[41m%s\e[0m\n" "Starting $NAME" "NO EXECUTABLE FOUND".....continue....fi....printf "\e[1;33m%-50s\e[0m%s" "Starting $NAME $PARAM"....start-stop-daemon -S -q -b -m -p /var/run/$NAME$PARAM.pid --exec $DAEMON $PARAM >/dev/null....[ $? = 0 ] && printf "\e[42m OK \e[0m\n" \|\| printf "\e[41mFAIL\e[0m\n"...fi;...if [ $1 -eq 0 ] ;then....test -f /var/run/$NAME$PARAM.pid....if [ $? -eq 1 ] ;then.....printf "\e[1;33m%-50s\e[0m\e[41m%s\e[0m\n" "Stopping $NAME $PARAM" "NO PID-FILE FOUND".....continue....fi....printf "\e[1;33m%-50s\e[0m%s" "Stopping $NAME $PARAM"....start-stop-daemon -K -q -p /var/run/$NAME$PARAM.pid >/dev/null....[ $? =

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\init.d\S73commands Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.276052251638356
Encrypted:	false
SSDEEP:	3:TFKxKvM2/RdTVgF45kVAPKdTVgbu:JkKFPTVgQPgTVgbu
MD5:	EF4969C354BC8CA9C78929DE0652EE81
SHA1:	35E0A38C7CA223338C6903403799CAF30D9AFD84
SHA-256:	7D9163D0F8D3E1361991B1330AB51AC3EE2B85A7E65CC111B7FFAFEAF02587AC
SHA-512:	8849958507E146B774AFE22F6EA022A3AB7C177CADDBFE82A9910D7D46118B6AF31D03FA7B59C68470BB0B9AC967AE71B3110116F6734D3DFE9FF8A7A924BC05
Malicious:	false
Preview:	#! /bin/sh.if [ -f /etc/default/commands ] ; then. ash /etc/default/commands.fi.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\init.d\rcS Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	408
Entropy (8bit):	4.574016736974536
Encrypted:	false
SSDEEP:	12:3lpzVmZiVzOdmAiz6ty/DuAUNsPXjfM4MxXqN:3TAB5iz6gRYsPjfexaN
MD5:	76F02A748149F1AA945AA418EA65B2BC
SHA1:	754718A94931AF7EF00EB485B947B6BEA5E5496D
SHA-256:	DC1615DF9F2012B20B81FFAD8E07E16293039BA7FD897854CA3646D6CFEA0C0F
SHA-512:	04D4E5716A8B4D5AAFCB8E5F11A3592A33C13658992E9223C52EB40663C6DBF4F007F72F7BD013E4C2F5B4FFB09EF0255D39802AF80577B333D8683FAE95BCC6
Malicious:	false
Preview:	#!/bin/sh...# Start all init scripts in /etc/init.d.# executing them in numerical order..#.for i in /etc/init.d/S??* ;do.. # Ignore dangling symlinks (if any).. [ ! -f "$i" ] && continue.. case "$i" in...sh).. # Source shell script for speed... (...trap - INT QUIT TSTP...set start.... $i.. ).. ;;..).. # No sh extension, so fork subprocess... $i start.. ;;. esac.done..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\inittab Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1259
Entropy (8bit):	4.988079865434424
Encrypted:	false
SSDEEP:	24:v3AX8eCzRVMB43S58MmktqGDzLSqn8uEMuaj3:AjCzRVMB43SEYF83M7
MD5:	3958B17DC283F7FFACABE410F549515C
SHA1:	98F0CE2EE2639E1A4102289D14FC495368F2B369
SHA-256:	C2B38E16BEA425CA3D1DCFA31CB82DF1CAEBD4EE2C08BE78C36034CC0374C17D
SHA-512:	55AE626440F6591CA18E86469BCA29CE9E8F3D6A03AEFD9D6765F7FA58F781AEAA83610F410F7C83E190CEE685A09053031CC45DB3CB96DE550E2112E95ED40F
Malicious:	false
Preview:	# /etc/inittab.#.# Copyright (C) 2001 Erik Andersen <andersen@codepoet.org>.#.# Note: BusyBox init doesn't support runlevels. The runlevels field is.# completely ignored by BusyBox init. If you want runlevels, use.# sysvinit..#.# Format for each entry: <id>:<runlevels>:<action>:<process>.#.# id == tty to run on, or empty for /dev/console.# runlevels == ignored.# action == one of sysinit, respawn, askfirst, wait, and once.# process == program to run..# Startup the system.null::sysinit:/bin/mount -t proc proc /proc.null::sysinit:/bin/mount -o remount,rw / # REMOUNT_ROOTFS_RW.null::sysinit:/bin/mkdir -p /dev/pts.null::sysinit:/bin/mkdir -p /dev/shm.null::sysinit:/bin/mount -a.null::sysinit:/bin/hostname -F /etc/hostname.# now run any rc scripts.::sysinit:/etc/init.d/rcS.::respawn:/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf..# Put a getty on the serial port.ttyS1::respawn:/sbin/getty -L ttyS1 57600 vt100 # GENERIC_SERIAL.ttyS1::respawn:/sbin/getty -L ttyS1 57600 vt100

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\issue Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	73
Entropy (8bit):	4.74598770386279
Encrypted:	false
SSDEEP:	3:sX/LNb2kQ2uQoYrGL9tklQ3v:AZbBGRtkWv
MD5:	28A522CD3A52621058444F1454D47C11
SHA1:	80CD3CCB9C952846C7E7B593DAD26B9EC830543F
SHA-256:	02F64171F8C380E4ECACCE111EB9398CC24E58146EB30DD20F729FD37CA8017D
SHA-512:	174975F1D36ABD0C9AF0DE804497E10F4BBEF47FA842CA612B99712D1C17E7F7B425316B72FC665DD2253D33501116A405D4F7E557DCFC0C74CB74F6B7C7B74C
Malicious:	false
Preview:	ALL3500 (C) 2011-2017 Allnet GmbH Computersysteme..Devicename: ALL3505...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\lighttpd\certs\allnet.pem Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	3225
Entropy (8bit):	5.990990271070895
Encrypted:	false
SSDEEP:	96:LrrBfB9xofCTFGQMpJnxacLppXAAFkBC4F7Zb7:HrBJ98sFEGcLp/FkBf7l7
MD5:	A08E4CCF884F1A78201108504977D894
SHA1:	2262478F5E70D36B327D7707EA0256E5750DF093
SHA-256:	5FE0186472B8BB57B94DA879E4402089013583B4DAFE65B2165FBF2EC2A2D041
SHA-512:	3E287120CBFE55E23455A1F24FFB6E030918C1A8C3DC6689AFF94904F88F0C631569945694C2B8DD0ED835EA69FFFE4C009AFB3A917C398E899505DE8714B103
Malicious:	false
Preview:	-----BEGIN PRIVATE KEY-----.MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCz+5FaCK1EPmlx.dzVMrMXVxD83fzZT+O8sOKhN6UlPokcwTT1PwTEHBCGGkD0kI+pCQ8iGewhCPByy.cC31LgJF+Q7tMgWDLRHpEbj+jLTicfMTeo6Mel+Y5/o7aYAz0k1V0ZyfHWW+aZNi.UBqX9FCdk8rZtLcPF07pGVae//N8jZ8A8hZPkMvaSssKzkVlp7AjlwV2DcltpFib.CgVZu1pO2S6IFp61S/tqCswxHgSPvdJwPCTj/OJnofbOZkv0Dyo1maF27gI91+np.rIynecTqdYGHE26wIkEV7HIzx6Xcf2ei6fmx4Advx7b/dMt4naVS0qOM5sr74UO2.JZndmCXBAgMBAAECggEAcj4Jigud54ZyKaqQM2YrgT+7HL/rvStyrTAdbK7acOjB.pSAx/bDULO7rVN2zYYBGjt81pl7r5BcB5CWellUo7j9jwR2SMCxohPdR5Iltu5q2.vzN4ziRTD9yXkiSqUrp3ijSt5LWlQlMDUVElQDS9Avivtralx7d0yDLkL7KpW/H7.YA3h94xisoGgJ3RuBsyPrO+JROH6PAwSKxE2fg1hcMnqcPDgOZvWQqDvF3nE+OK2.ManA93auZnmznSbGYjcQALSR9x96Hvw8NFtiKSTlJB9bxh52ziLa1Fe3ecx8L5E4.3iOhypx2cp/jiDKy9aItPO9XgSULw2i40ZumvFTMAQKBgQDqZIMtW2sLBPs++RO/.XlRrmblO+cOWqnc1atGoKcvRng1ypN5UpQudfkH2bRybz1R92q/jAWlK7KBRRkCI.GvUF27cNCiLemeudXnYZMG9kxYH4H8rYc4kKeygBHtQIYKyBxkeDWeCSHtjLiiwI.LreqR8AwcW6R4VuTyEz34gqdoQKBgQDEkwWuxWyXImsVC1sKlyP3F/d1uwjRSg

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\lighttpd\conf.d\access_log.conf Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	723
Entropy (8bit):	4.354072358710162
Encrypted:	false
SSDEEP:	12:2fSMabYDzV85EpNVUEQSB8f38Pq0uKsuwKws1IBNFI8yIn:7M7VUEQC8gq0uSParFI8yI
MD5:	CE82C4347F72EA482CCA4039B0DFE2EC
SHA1:	7F32320877732C59371CC455A32C6DF69ACD530E
SHA-256:	EFEB1261C691FEE0374AE5B3FB7FFA6DD8782051A6227276B62D98F9732261AD
SHA-512:	977511BF674CFCF775BA11B73175C22DE7B598C55D4281DEA6720C9FB3E778BC1942709724EAF266B823D6629C2312A06B7B0E5D2618A078076328F8590C90F7
Malicious:	false
Preview:	#######################################################################.##.## Corresponding documentation:.##.## http://www.lighttpd.net/documentation/access.html.##.server.modules += ( "mod_accesslog" )..##.## Default access log..##.accesslog.filename = log_root + "/lighttpd-access.log"..##.## The default format produces CLF compatible output..## For available parameters see access.txt .##.#accesslog.format = "%h %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\""..##.## If you want to log to syslog you have to unset the .## accesslog.use-syslog setting and uncomment the next line..##.#accesslog.use-syslog = "enable"..#.#######################################################################.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\lighttpd\conf.d\debug.conf Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	967
Entropy (8bit):	4.166737422314292
Encrypted:	false
SSDEEP:	24:X1IK7iA8reJV1hhUZJuoIOuZWlJKLub5LKc9ud:l1VKI7WJKW5G3d
MD5:	3F6C5A7003594C6319A3F42310AF9B98
SHA1:	EA6790750024043EF97192F5B1554E435D8AB410
SHA-256:	D9C5C36DCC5C10BC133054EE0EC0BBAF5F7348A50CB1173E3389DEA861B32087
SHA-512:	2E6D778D5503A9BB0AF0D3D2FF40079080D066204EA01FD020438410135E5B7A649E8AA3CC8361CE6FB9AB16B8056A222952781A07F3B143E1EF9A8F38AA9051
Malicious:	false
Preview:	#######################################################################.##.## Debug options.## ---------------.##.## Enable those options for debugging the behavior.##.## The settings can be set per location/vhost..## ..## .## log-request-handling allows you to track the request.## handing inside lighttpd. .##.#debug.log-request-handling = "enable"..## .## log all request headers. .##.#debug.log-request-header = "enable"..## .## similar to log-request-header..## but only logs if we encountered an error..## (return codes 400 and 5xx).##.#debug.log-request-header-on-error = "enable"..## .## log the header we send out to the client..##.#debug.log-response-header = "enable"..## .## log if a file wasnt found in the error log..##.#debug.log-file-not-found = "enable"..## .## debug conditionals handling.##.#debug.log-condition-handling = "enable"..#.#######################################################################...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\lighttpd\conf.d\dirlisting.conf Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1382
Entropy (8bit):	4.56392104712804
Encrypted:	false
SSDEEP:	24:C4K0G6eR37Q1DuKyPFXCE0Gt8iTmERQnx61zkYAx6ahwcc9:RKPM1DZbE1nTmERmx61zkYAx6ahRu
MD5:	854231B547C36AFD9680E17CDA7BF35F
SHA1:	CECAD8920A01D8924EABA4559D31EDFDA3F7F101
SHA-256:	D6FA941B014AEB4CF21386AE03CF421D3B595AA168DFD0428F97BAE9588941C7
SHA-512:	2CDD34EA2A5C4A6EE4060F2B5AD61DCDF771EDE909881A4A0E56F31BB62DE0CF06706FBB0C23DDA239AB4774E05AC450445701BFCCA8C365DA9C365C3D57B986
Malicious:	false
Preview:	#######################################################################.##.## Dirlisting Module .## ------------------- .##.## See http://www.lighttpd.net/documentation/dirlisting.html.##..##.## Enabled Directory listing.##.dir-listing.activate = "disable"..##.## Hide dot files from the listing?.## By default they are listed..##.dir-listing.hide-dotfiles = "disable" ..##.## list of regular expressions. Files that match any of the specified.## regular expressions will be excluded from directory listings..##.dir-listing.exclude = ( "~$" )..##.## set a encoding for the generated directory listing.##.## If you file-system is not using ASCII you have to set the encoding of.## the filenames as they are put into the HTML listing AS IS (with XML.## encoding).##.dir-listing.encoding = "UTF-8"..##.## Specify the url to an optional CSS file. .##.#dir-listing.external-css = "/dirindex.css"..##.## Include HEADER.txt files above the directory listing. .## You can disable showing the HEA

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\lighttpd\conf.d\fastcgi.conf Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	200
Entropy (8bit):	3.495336130283416
Encrypted:	false
SSDEEP:	3:uXMiNVC7/F/nK32FCN2V7zFF2KwnvGO4NFox9dWHFYbuHE:5wGBaXR4YbUlYME
MD5:	55569978A2CE3EF0582C432AC6F1B43F
SHA1:	33AB80B79486B8D884DAB7105706940E1292FA6A
SHA-256:	3C0F8F8E0523E6895462A410A2A5136C9AAAAF0F63DBEBF45F5C5238F590C3F8
SHA-512:	A1EA9B475B62D0E509B7D4E6F3B846AB6EE12A6AF6C0D173F245A0FFA9BB6F452C26AC3103DC122E68A058BB64D7B9246B79F0AAFFA4F313823AD8DFC94AAE11
Malicious:	false
Preview:	fastcgi.server = ( ".php" => (( . "bin-path" => "/usr/bin/php-cgi",. "socket" => "/tmp/php.socket",. "max-procs" => 1. )))..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\lighttpd\conf.d\mime.conf Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	3011
Entropy (8bit):	4.02500525956968
Encrypted:	false
SSDEEP:	48:z1pc+re6WqOwQ/hiJ7aFQr+ncqoqPAwqWOXy6gZocmFZ3MDMlh+:zl4qpQ5iJ7aFQScqoqYwqWOXy3ZsU
MD5:	D6D0AD62C22DC0A73C758E6A742F1EBD
SHA1:	F75D06A2EF2DFBE686BDF1012559012D98C3D984
SHA-256:	440B99771515827E8267A56BAA794103AF4EF2B831F824025758962D500E0105
SHA-512:	0CFD3D46BC834B9F2EF0629E0A0518AF58A1D7A94D7BC2DB3AF3CAFEF686E768F4562C819FE104385B427F8939DDD241D26AC6C26B966DE2562C6BCF42D74DFA
Malicious:	false
Preview:	#######################################################################.##.## MimeType handling.## -------------------.##.## http://www.lighttpd.net/documentation/configuration.html#mimetypes.##.## Use the "Content-Type" extended attribute to obtain mime type if.## possible.##.mimetype.use-xattr = "disable"..##.## mimetype mapping.##.mimetype.assign = (. ".pdf" => "application/pdf",. ".sig" => "application/pgp-signature",. ".spl" => "application/futuresplash",. ".class" => "application/octet-stream",. ".ps" => "application/postscript",. ".torrent" => "application/x-bittorrent",. ".dvi" => "application/x-dvi",. ".gz" => "application/x-gzip",. ".pac" => "application/x-ns-proxy-autoconfig",. ".swf" => "application/x-shockwave-flash",. ".tar.gz" => "application/x-tgz",. ".tgz" => "application/x-tgz",

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\lighttpd\conf.d\remote_access.conf Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:v:v
MD5:	68B329DA9893E34099C7D8AD5CB9C940
SHA1:	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
SHA-256:	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
SHA-512:	BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\lighttpd\conf.d\remote_access.on Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	366
Entropy (8bit):	3.9359051050913303
Encrypted:	false
SSDEEP:	3:rZhFSzA3ZNRoSBHJ01qERV/WSBLDATMJHH1zbGGWHJ01HPH/FgeF/JdNF9CigiF3:rMzAjxmnRPFATM55bisHP669x0ryiR29
MD5:	2D7DE87CCFB40746BC02C50A031B82D1
SHA1:	A60E1F0DA7A0E0A29FD61CE2AC88AE4AE5DA08D6
SHA-256:	E0DCD2A3E660956364603B10507FA730F3A273279B567682A5DE204C9ADD909D
SHA-512:	7EFA93A14FD9F458637727752C86A4229EC56797AE6B2854A4273BEE758F5F1BCDD58A36DFC3AB12A118BD6E0A3985B67262D3DDF38519C6812AC73505F38E69
Malicious:	false
Preview:	$HTTP["url"] =~ "^/xml/" {..auth.backend = "htpasswd",..auth.backend.htpasswd.userfile = "/etc/remote_access",..auth.require = ( "/xml/" =>. (. "method" => "basic",. "realm" => "Username and Password Required",. "require" => "valid-user". ). ),.}

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\lighttpd\lighttpd.conf Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	C source, ASCII text
Category:	dropped
Size (bytes):	2762
Entropy (8bit):	5.031888007997016
Encrypted:	false
SSDEEP:	48:rRt77zYxi7wFDfLKfGlmyA/1uUEfCH8L8IWC3NKdjVrMFXOvp:rRt77zUiEF7LKObANuUoCHnIWHEq
MD5:	F4BC1961F72AC171EEEABD9A9E6C0932
SHA1:	BAC73FFD9721BB405E94BBD3C764B2732A26BACB
SHA-256:	EB76660CB44D3077077A14078E13A98184110EF180979F463F606F38E7806FDB
SHA-512:	8ADB6B5F3C126AD2649F7DF7A6F5CF5AF02306CDD657B95D1B095E87242DC9B888133DA2E3CE8D3A7BB9021FD454A859C20A9390BD14349E8925E51C1B6D463B
Malicious:	false
Preview:	#######################################################################.##.## /etc/lighttpd/lighttpd.conf.##.## Created: 2015-08-05 Allnet/ir.## LastChange: 2016-04-18 Allnet/ir.##.#######################################################################..server.modules = (.."mod_access",.."mod_alias",.."mod_compress",. ."mod_redirect",.."mod_auth",.."mod_setenv",.."mod_fastcgi",.).setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ).#server.document-root = "/var/www/system".server.document-root = "/www".server.upload-dirs = ( "/var/run/lighttpd" ).server.pid-file = "/tmp/lighttpd.pid".server.groupname. = "root".server.username.. = "root".server.errorlog = "/tmp/lighttpd-error.log".server.port = 80.server.event-handler = "linux-sysepoll".server.network-backend = "writev".server.max-fds = 512.server.max-connections = 256.server.stat-cache-engine = "simple".server.max-keep-alive-requests = 8.server.follow-symlink = "enable".server.tag="".# server.use-ipv6 = "en

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\passwd Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	596
Entropy (8bit):	4.605599539194125
Encrypted:	false
SSDEEP:	12:fsMKjh5GEhWXhUkyKCMA+FnO+IQJ+pY3qMMH7qRCiNYktUVjNJ0:Yh5GEhHGfnO+spY6MtikmVjE
MD5:	A451888143DFCD81AAABD851BAC09AA7
SHA1:	9CA4D44AEEBFD9DB4641A1841E6B218C29561B34
SHA-256:	16CD77A47698D4929643F7FC9077C185A9998090EF322F36E82CCE49452BBABE
SHA-512:	DF43F18BEFFDA69BC196F5974763A882AEAF2AFF6A9F9AF10471597E51D95A87EF9747EBD11175D08CBB21940499563E1C775DB315A59957470FFC874B46B191
Malicious:	false
Preview:	root:x:0:0:root:/root:/bin/sh.daemon:x:1:1:daemon:/usr/sbin:/bin/sh.bin:x:2:2:bin:/bin:/bin/sh.sys:x:3:3:sys:/dev:/bin/sh.sync:x:4:100:sync:/bin:/bin/sync.mail:x:8:8:mail:/var/spool/mail:/bin/sh.proxy:x:13:13:proxy:/bin:/bin/sh.www-data:x:33:33:www-data:/var/www:/bin/sh.backup:x:34:34:backup:/var/backups:/bin/sh.operator:x:37:37:Operator:/var:/bin/sh.haldaemon:x:68:68:hald:/:/bin/sh.dbus:x:81:81:dbus:/var/run/dbus:/bin/sh.ftp:x:83:83:ftp:/home/ftp:/bin/sh.nobody:x:99:99:nobody:/home:/bin/sh.sshd:x:103:99:Operator:/var:/bin/sh.default:x:1000:1000:Default non-root user:/home/default:/bin/sh.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\php.ini Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	31242
Entropy (8bit):	4.905658442559905
Encrypted:	false
SSDEEP:	384:zDhqFY7HrNs86/W7/6f+O/XllDt/5RslfoEhKwgJ+v3Ewme:zDhq27Hhsxyift/XlNt/5RPzwpvpme
MD5:	068FD5AC3E07A683CB5F42C48F416523
SHA1:	7C08E390C06834894CE26F53AE029D4719A187D1
SHA-256:	1449D2E873F5211C3E392D2E800A0487914887A4994DAA0DF566444E0A6D6BCE
SHA-512:	1CEA2C4D559524E3567F847A743ABF9DAB90884C4C864C31A138172E223A658DC4070E4752DF3C61D0102356251B17F4D8021F4E97DC8A6F1E82800F3E6A2BAC
Malicious:	false
Preview:	[PHP].; display_errors.; Default Value: On.; Development Value: On.; Production Value: Off..; display_startup_errors.; Default Value: Off.; Development Value: On.; Production Value: Off..; error_reporting.; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED.; Development Value: E_ALL.; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT..; html_errors.; Default Value: On.; Development Value: On.; Production value: On..; max_input_time.; Default Value: -1 (Unlimited).; Development Value: 60 (60 seconds).; Production Value: 60 (60 seconds)..; output_buffering.; Default Value: Off.; Development Value: 4096.; Production Value: 4096..; register_argc_argv.; Default Value: On.; Development Value: Off.; Production Value: Off..; request_order.; Default Value: None.; Development Value: "GP".; Production Value: "GP"..; session.gc_divisor.; Default Value: 100.; Development Value: 1000.; Production Value: 1000..; session.hash_bits_per_

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\profile Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.368843527677657
Encrypted:	false
SSDEEP:	24:90GQS/aeToL9rrpvcWKtoojYbXjWac3uC6cdiKNDBkDMWmRXQg8BTVNx56j/pjY8:90GA9BKtooiS68lNAgCVMLpjV7Syj
MD5:	8168697208A26B0F40D83E90B9927473
SHA1:	53FFEB47910C1415FA0104F06BF7720DCC9C5077
SHA-256:	A07AA92F1068DB8A5E273D51765D1D8E8EF0CC3C471A0049D367CF621B99EBED
SHA-512:	A6533109B77C7DCD6056078578E99EF154C9002B9D288584F2F66382A2B9FB82743B4938001F438008651DF1C23AD6CC7233023BF567B913916662F118F1DA67
Malicious:	false
Preview:	# ~/.bashrc: executed by bash(1) for non-login interactive shells...export PATH=\./bin:\./sbin:\./usr/bin:\./usr/sbin:\./usr/bin/X11:\./usr/local/bin:\./usr/sbin/allnet:\./opt/allnet:\./etc/scripts..# If running interactively, then:...export PS1="[\u@\h \W]\\$ "..alias ll='/bin/ls --color=tty -laFh'..alias ls='/bin/ls --color=tty -F'..export LS_COLORS='no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:.tar=01;31:.tgz=01;31:.arj=01;31:.taz=01;31:.lzh=01;31:.zip=01;31:.z=01;31:.Z=01;31:.gz=01;31:.bz2=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.jpg=01;35:.jpeg=01;35:.png=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.mpg=01;35:.mpeg=01;35:.avi=01;35:.fli=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:';.. export USER=`id -un`. export LOGNAME=$USER. export HOSTNAME=`/bin/hostname`. export HISTSIZE=1000. export HISTFILESIZE=

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\proftpd.conf Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	4.961943652167098
Encrypted:	false
SSDEEP:	24:qNOPAcz0+FHW5eYUH56VLZKZv0KTmYCNhJqgMDW7xFWdvwx1fijff2cujQE4/rb6:jYcdWuY+M0Uj1r3wv12iGx
MD5:	47DB1DC31E6B70615A9A978885647365
SHA1:	E98E28CF7E3361907CCB9A36D524A81446725D4F
SHA-256:	3A44AA4835C03915F91DD9E0446D01B71B55B24C25D6EC027040B20D36DD0169
SHA-512:	148A8E73D963DFBA75CE86916659260A3B9AAF3CA50B21C119531C29D7A194F6BE0E0521847E464A1E41E1E2BB9B4B372CA649F118220206968D7B00C0E9074D
Malicious:	false
Preview:	# This is a basic ProFTPD configuration file (rename it to.# 'proftpd.conf' for actual use. It establishes a single server.# and a single anonymous login. It assumes that you have a user/group.# "nobody" and "ftp" for normal operation and anon...ServerName..."FTP server".ServerType...standalone.DefaultServer...on.RootLogin...on.TimeoutIdle 1440..Port 21..# Don't use IPv6 support by default..UseIPv6....off..# Umask 022 is a good standard umask to prevent new dirs and files.# from being group and world writable..#Umask....022..# To prevent DoS attacks, set the maximum number of child processes.# to 30. If you need to allow more than 30 concurrent connections.# at once, simply increase this value. Note that this ONLY works.# in standalone mode, in inetd mode you should use an inetd server.# that allows you to limit maximum number of processes per service.# (such as xinetd)..MaxInstances...30..# Set the user and group under which the server will run..User....root.Group....root.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\avahi.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	699
Entropy (8bit):	5.340432763688548
Encrypted:	false
SSDEEP:	12:MTAonNPUhayNPUhjD2R6v3/viGiWeBK6V3AUiWeMK6V3A5kBnAdptZaUz+nItPzd:MTjnKlKkQ3qGiWe80PiWeL0WkBnWHZa2
MD5:	C301560162670D280BAEFE8CB8D6D06A
SHA1:	29CF7AC88F5C5CD66B6836E9F7200BE89092CBA2
SHA-256:	34D0BFE0CD098AAB7B0499402D24EDBA2DF40B38396AD32B591329AA5C3ED481
SHA-512:	6569F72AFF2F76948ED2DBBAF724505726108EAF90E602966E1F2C6F0208387E7D264AF714D654EF20FBD6EED33BA83675D0098883A94789C40CC975669CAC80
Malicious:	false
Preview:	#!/bin/sh.#.# avahi-daemon init script.HOSTNAME=`/usr/sbin/allnet/sqldb_read /sys/network/hostname`.#ETH=`/usr/sbin/allnet/sqldb_read /sys/network/interface`.#MAC=`/sbin/ifconfig \| grep $ETH \| tr -s ' ' \| cut -d ' ' -f5 \| cut -b 10-17 \| tr -d ':'`.#HOSTNAMEMAC="${HOSTNAME}-${MAC}"..#sed -i 's/host-name=./host-name='${HOSTNAMEMAC}'/g' /etc/avahi/avahi-daemon.conf.sed -i 's/host-name=./host-name='${HOSTNAME}'/g' /etc/avahi/avahi-daemon.conf.DAEMON=/usr/sbin/avahi-daemon.case "$1" in. start)..$DAEMON -c \|\| $DAEMON -D..;;. stop)..$DAEMON -c && $DAEMON -k..;;. reload)..$DAEMON -c && $DAEMON -r..;;. *)..echo "Usage: S50avahi-daemon {start\|stop\|reload}" >&2..exit 1..;;.esac.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\cget.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	269
Entropy (8bit):	5.322358297497027
Encrypted:	false
SSDEEP:	6:h//d1rHyWGD5/FoB8Gw3GYgtIM0KCeRxS1dgOdvdjXotMr:5/3bytzyb6zKxkHq2
MD5:	C98FCA0BD625333BF9CFEF7C43AC8018
SHA1:	FCB1122EFE2A9A4C8A564D1992BD65B833E99911
SHA-256:	CCFA5A905BD7E95E06345F313077E996BF588FD2ADF734B2B094C1169C758058
SHA-512:	3722D8DF7A8F168018F14E892CFED0A6478CDCD2BAAD421D3B7DBDD4D4FBFDD4F6AE0F8755F35372718CFF6EF2844120854F3A6D61B304C869F3BF13F4F72E68
Malicious:	false
Preview:	#!/bin/sh.BASE="config".FIELD="tag, value".WHERE="tag".[ ${#2} -gt 0 ] && { BASE=$2; }.[ ${#3} -gt 0 ] && { FIELD=$3; }.[ ${#4} -gt 0 ] && { WHERE=$4; }.sqlite3 -init /etc/scripts/sqliterc /etc/allnetenv/config.s3db "SELECT $FIELD FROM $BASE WHERE $WHERE like '%$1%';".

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\checkupdate.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable, with very long lines
Category:	dropped
Size (bytes):	2408
Entropy (8bit):	5.270155531370698
Encrypted:	false
SSDEEP:	48:rtfFWvm3ujZH0hJ4pQjbVSqhVw5ws3yRyBWyw:rtfwvm3mZH0hJ4+tSqhDz1
MD5:	2A6017CF2FCD511E287E28F3EB5B8023
SHA1:	3FB49F60D3170464534A85561E913E4C0AC350A7
SHA-256:	D68A18FC1EC9CA383F34A69C28D0D75C833A4FA6EAA7D12EB494DC8BE3A19E38
SHA-512:	94BA2DCB72E351D8927E11A974B53F382A0FCB1AFDF7255053D74D0BA36823866BE5DEE1C07408C08AEAE839CE27AA70CF23BDD4534738D0A1D7F0A665101C92
Malicious:	false
Preview:	#!/bin/sh.export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt.URL="https://update.allnet.de/".DIR="/tmp/update".prepare() {. rm /tmp/update.result > /dev/null 2>&1. FIRMWARE=`cat /etc/default/version`. VERSION=`echo $FIRMWARE \| cut -d';' -f1 `. PATCH=`echo $FIRMWARE \| cut -d';' -f2 `. INTERFACE=`/usr/sbin/allnet/sqldb_read /sys/network/interface`. MAC=`/sbin/ifconfig \| grep $INTERFACE \| tr -s ' ' \| cut -d ' ' -f5`. UUID=`cat /etc/default/uuid`. DEVICETYPE=`/usr/sbin/allnet/sqldb_read /control/devicetype`. REVISION=`/usr/sbin/allnet/sqldb_read /sys/hardware/revision`. DATE=`/usr/sbin/allnet/sqldb_read /sys/firmware/datenum`. DEVICEDATE=`date`. RELOADLAST="false". FORMAT="false". CHECK="check". if echo $@ \| grep "user"; then CHECK="user"; fi > /dev/null. if echo $@ \| grep "short"; then FORMAT="true"; fi > /dev/null. if echo $@ \| grep "reload"; then RELOADLAST="true"; fi > /dev/null.}.check() {. prepare $1 $2. if [ ! -f /tmp/update.lock ] ;then. cleanprocess. f

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\cset Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.415584307558354
Encrypted:	false
SSDEEP:	6:h5nnpOdeGFEb9EYsk1NfpqEI6c5nqQDlUmH3Ysk1NfpqEI6c5G4ieRzQlq6n:vnSetbKYG6c5BhnXYG6c5DieRzQlq6n
MD5:	9AC719B9977B5794636BE8AD7CA273F4
SHA1:	27A5E1DE0FD3471816A8DF7E673E654FEA8075DC
SHA-256:	A1DC5AFFC2713CE8A9346CC0DD9C02DB5BEA95437C07AB10B58CB9D7A36F5D0E
SHA-512:	E91B5AC58270BDEBC378C3C2E3BF3B812AF3570C34A7C40B7CD1D9717B61772A9453B64944A320D3E71147CF632826767C28FDA2B4ABE54AE52A24FB8ECB1649
Malicious:	false
Preview:	#!/bin/sh.DBFILE="/etc/allnetenv/config.s3db".TABLE="config".if [ -n "$1" ] \|\| [ -n "$2" ] ;then..echo "INSERT OR REPLACE INTO $TABLE (tag, value) VALUES ('$1', '$2');"..[ -f $DBFILE ] && sqlite3 $DBFILE "INSERT OR REPLACE INTO $TABLE (tag, value) VALUES ('$1', '$2');".else..echo "USAGE: set {tag} {value}";..exit 1.fi.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\curlmail.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	878
Entropy (8bit):	5.374403397939404
Encrypted:	false
SSDEEP:	12:MoXHvj3rbJ2MWb0bgKb2wnbEnbTYtVSu1b82Sw3tBSIoXKR1EWwC1E:TvjbEMWgsKiU8AN1AASLKR+
MD5:	2FD739D3768B4D52EE5DAB7E517CB1C6
SHA1:	72DA973678A584D3CC0EEF1333AED68F258ABDDD
SHA-256:	C5E027358165E5D010081D61BF48E3882724626C57AD46982CF22F44F963BCED
SHA-512:	2EFD386D37C7C4DF697347F8941B70E984643BCE0E2A8362F6A3A6242C13E17EF6D3ED118E763B9B26AE2965CEA0F81BE0DD1D4DA2E36B366238F9104775E8B6
Malicious:	false
Preview:	#!/bin/sh.CURL_LOG="/tmp/mail.log".FROM=`/etc/scripts/get /sys/network/mail/sender`.SMTP=`/etc/scripts/get /sys/network/mail/smtp`.PORT=`/etc/scripts/get /sys/network/mail/smtpport`.USER=`/etc/scripts/get /sys/network/mail/user`.PASS=`/etc/scripts/get /sys/network/mail/pass`.STYP=`/etc/scripts/get /sys/network/mail/smtpssl`.DATE=`date +%d.%m.%Y`.TIME=`date +%H:%M:%S`.#SIG=`/etc/scripts/get /sys/network/mail/signature`.PROTO="smtp".[ ${STYP} -eq 0 ] && { PARAM=""; }.[ ${STYP} -eq 1 ] && { PARAM="--ssl";PROTO="smtps"; }.[ ${STYP} -eq 2 ] && { PARAM="--ssl --ssl-reqd"; }.#echo -e "\n$SIG\n" >> /tmp/mail.txt.sed -i 's/%D/'${DATE}'/g' /tmp/mail.txt.sed -i 's/%T/'${TIME}'/g' /tmp/mail.txt.curl $PARAM --insecure --mail-from "$FROM" --mail-rcpt "$1" --url $PROTO://$SMTP:$PORT -u "$USER:$PASS" --upload-file /tmp/mail.txt --anyauth --verbose --silent --show-error 2>$CURL_LOG.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\devicedaemons.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	734
Entropy (8bit):	4.616084380516708
Encrypted:	false
SSDEEP:	12:BvourdwK3pJFv5I56NFpiGwJVMfqB4WwMmTq6YJ6TKojxjpHo2RujROqdDe:BQu+Kpl06NFpOJmy4tqFqpt6Oqte
MD5:	E82B4CEA0D818A74BE113BA4C3C73A36
SHA1:	04597FC4273DFBB95CA5A2AA8D80DD7415BF698B
SHA-256:	6331C07EC3C432FA78495946E11B779FF3C8C445D6E825D07C32E5C23B09C5FF
SHA-512:	72649AE9418BDE4100096FE0392B07263C3E828F814B757125C66DFAB3015D1FBC05855A68614DAE1132851CDE164A057863DAB618E014BFF4DFFF10C6D07F45
Malicious:	false
Preview:	#!/bin/sh.CS="/etc/scripts/startstop.sh".daemons() {. cat /etc/default/daemons \| while read daemon; do. $CS $daemon $1. done < /etc/default/daemons. if [ -f /etc/default/commands ] ; then. ash /etc/default/commands. fi. if [ -f /etc/default/dependent ] ; then. cat /etc/default/dependent \| while read daemon; do. WAIT=$( echo "$daemon" \|cut -d\ -f2 ). START=$( echo "$daemon" \|cut -d\ -f0 ). sleep $WAIT. $CS $START $1. done < /etc/default/dependent. fi.}.case "$1" in. start). .daemons $1. .;;. stop). .daemons $1. .;;. restart\|force-reload). daemons $1. ;;. pid). daemons $1. ;;. *). echo $"Usage: $0 {start\|stop\|restart\|force-reload\|pid}". exit 3. ;;.esac.exit $?

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\dnsmasq.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2559
Entropy (8bit):	5.376669883823185
Encrypted:	false
SSDEEP:	48:JmIB095xqgSkRWUl0RQYqnDDRFBXsmdRxmEqJ+RzrBya:Jmky5xnSkRWiaQhnDDRHXsmvxmEqcF5
MD5:	E1F11476062F701B695F14192B58422C
SHA1:	24119A47841A2902DF3B702DB63EB14F26C25E1B
SHA-256:	E6F83331AA3A271782821A8BC99A1A7FF7FFD452BBFB4C863AFA08BB58526405
SHA-512:	C5056860B55689952DD8EA4F259E272A47AAC03C8BD34C1170A8397521D55F0065CBEC2918ECF3B10358147D32087A0EB549E3D78C4648AD57D2A50DA4BCACC6
Malicious:	false
Preview:	#!/bin/sh.#.# $Id: dhcp3-server.init.d,v 1.4 2003/07/13 19:12:41 mdz Exp $.#.# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?.# Separate multiple interfaces with spaces, e.g. "eth0 eth1"..#INTERFACES="br0"..# It is not safe to start if we don't have a default configuration....#echo "/etc/init.d/dhcp-server not yet configured! - Aborting...".#exit 1;.ENABLE=`/etc/scripts/get /sys/network/udhcpd/enable`.IFACE=`/etc/scripts/get./sys/network/udhcpd/iface`.LEASEFILE=`/etc/scripts/get ./sys/network/udhcpd/leasefile`.PIDFILE=`/etc/scripts/get ./sys/network/udhcpd/pidfile`.AUTOTIME=`/etc/scripts/get ./sys/network/udhcpd/autotime`.DOMAIN=`/etc/scripts/get ./sys/network/udhcpd/domain`.ROUTER=`/etc/scripts/get ./sys/network/udhcpd/router`.STARTIP=`/etc/scripts/get ./sys/network/udhcpd/startip`.STOPIP=`/etc/scripts/get ./sys/network/udhcpd/stopip`.SUBNET=`/etc/scripts/get ./sys/network/udhcpd/subnet`.DNS1=`/etc/scripts/get ./sys/network/udhcpd/dns1`.DNS2=`/etc/scripts

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\dropbear.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1768
Entropy (8bit):	5.163438393821446
Encrypted:	false
SSDEEP:	24:BmK+AIKs4xKtDKAqK8iTO2A7BnRDO5DHnMI0mVJW8Y2qm5cy:Bn+YctGArzTqBnRDO5DHh0aJWyqm5cy
MD5:	1D06CECA34AA3FC784519C6A1ED182BF
SHA1:	40AA9460A1F21067B472736DBE1B6B8891129660
SHA-256:	B972453086B34B68A6ABEAEEA7B27572CB767489CD00DFD9AE6A6F34ABB0E33C
SHA-512:	D0EDE5A1A1E3E6F8358858DCC2B3D49AF561CD4E766DD2B76F08ED43D75E87CA038DAE15246683226BA9C2C8301A4DE908735C5A1F8F187BE504556B7F655323
Malicious:	false
Preview:	#!/bin/sh.#.# Starts dropbear sshd..#.ENABLED=`/usr/sbin/allnet/sqldb_read /sys/network/sshd/enabled`.INIT=`/usr/sbin/allnet/sqldb_read /device/language`.DEVTYPE=`/usr/sbin/allnet/sqldb_read /control/devicetype`.DEVNAME=`/usr/sbin/allnet/sqldb_read /control/devicename`.LOGINPROMPT=`/usr/sbin/allnet/sqldb_read /sys/network/sshd/loginprompt`.if [ $INIT = "INIT" ] ; then..ENABLED=1.fi.# Make sure the dropbearkey progam exists.[ -f /usr/bin/dropbearkey ] \|\| exit 0..start() {..if [ ${ENABLED} = "1" ] ; then...echo -e "$DEVTYPE $LOGINPROMPT\n\nDevicename: $DEVNAME\n\n" > /etc/issue. ..echo -n "Starting dropbear sshd: "...# Make sure dropbear directory exists...if [ ! -d /etc/dropbear ] ; then....mkdir -p /etc/dropbear...fi...# Check for the Dropbear RSA key...if [ ! -f /etc/dropbear/dropbear_rsa_host_key ] ; then....echo -n "generating rsa key... "..../usr/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1...fi....# Check for the Dropbear DSS key...if [ ! -f /etc/

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\dtool.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	a /bin/ash script, UTF-8 Unicode text executable
Category:	dropped
Size (bytes):	4250
Entropy (8bit):	5.350853833830543
Encrypted:	false
SSDEEP:	96:+zAc6n4Uv7h9pLl2rDx1OY81q9OBz9OTulXfEdPfEdLNqiF3:1Dh9pLl2rDx1OY79c9cwXfEdPfEdYiF3
MD5:	B12AF4FCE2E7159F869ADBE88E7B0D4C
SHA1:	FE426635043E8F6FEF7AC9FF6CF936561F121A1F
SHA-256:	B80584FD75A6E57C5DA68D7B2E5EF001E2FD1B9D10622E0DA1DEB8ECD67A99DA
SHA-512:	3BA9396CA0C58ECF7CD1CFB366718C2BDEB8DE16BA55BB678929319BD155E7EA40DD59CA8F29C277768C62477421D1EE62D2F581069921A0CFB3C7915FB168F5
Malicious:	false
Preview:	#!/bin/ash.VERSION="0.22".PLATFORM=`get /sys/platform`.DEVTYP=`get /control/devicetype`.printf "\e[96m%-15s\e[32m%s\e[0m\n" "DaemonTools: " "$VERSION".printf "\n\e[96m%-15s\e[32m%s\e[0m" "Platform: " "$PLATFORM".printf "\n\e[96m%-15s\e[32m%s\e[0m" "Device Typ: " "$DEVTYP".if [ ! -z $1 ]; then..case $1 in...start\|stop\|restart)....printf "\n\e[96m%-15s\e[32m%s\e[0m\n\n" "Aktion: " "$1"....cat /etc/default/daemons > /tmp/daemons.tmp....cat /etc/default/dependent >> /tmp/daemons.tmp....i=1....while read daemon; do....if [ "$i" -le 9 ]; then.....printf "\e[1;32m%-5s\e[0m\e[97m%s\e[0m\n" "0$i " "$daemon"....else.....printf "\e[1;32m%-5s\e[0m\e[97m%s\e[0m\n" "$i " "$daemon"....fi....i=$(($i+1))....done < /tmp/daemons.tmp....if [ ${DEVTYP} = "ALL3690" ]; then.....printf "\n\e[1;32m%-5s\e[0m\e[97m%s" "30 " "ALL3690 S0"....fi....if [ ${DEVTYP} = "ALL3691" ]; then.....printf "\n\e[1;32m%-5s\e[0m\e[97m%s" "31 " "ALL3691 D0".....printf "\n\e[1;32m%-5s\e[0m\e[97m%s" "32 " "ALL3691 S0"....fi....if [

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\factory_reset.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	93
Entropy (8bit):	4.457718060489596
Encrypted:	false
SSDEEP:	3:TKH4vGegVBmQOF71GKhURhBADXRdLXTNOXY:hevmLbGKeRQrPTTN4Y
MD5:	F6C16EDEEC963449B42F92D4C056FB07
SHA1:	171A0A089A7BBFE12302B0F12DEA9A6A25133848
SHA-256:	05125FC552E1766AD5EB8409A9ADBD0E596464E092C634E8240F49B112FFDE9A
SHA-512:	3C5F8617589F21FBCE3FC20EAB6FD98BC6B077EC4767D0065B4F3ABEF84300DAC4BD61CB1E3FAC0802D91FC7ECF88B64901DB5CB932EB1BC5F3482C8ABE1786C
Malicious:	false
Preview:	#!/bin/sh./etc/init.d/S70daemons stop.sleep 3./etc/scripts/gendefaultconfig.sh.sleep 3.reboot

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\fget Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	175
Entropy (8bit):	5.219946585275294
Encrypted:	false
SSDEEP:	3:TKH4vhnnp6uGdZYtLQKCSACSIJQDHWUJ8FBlJjDBjBBsOFySUytgcMlJ:h5nnpOdefdQDlUddjXHfrtMr
MD5:	174516C9584D791747F99D9ED89C00EB
SHA1:	36EB751E801C52174DFDC57DEEF6E0DF34AA58F8
SHA-256:	B1F4704B74A786E9AD6B87C1B0D38357412DDBC204A11B13F417C7C9978B627F
SHA-512:	61022F4BE7B7D6C45A4EFC16F99F3577624C4C0174A32A4AA5A39597E2F35D917A0BA0270EDD50D38302570FE953288A798524ED5D316BB452F10CE6F49438EE
Malicious:	false
Preview:	#!/bin/sh.DBFILE="/etc/allnetenv/config.s3db".TABLE="config".FIELD="value".WHERE="tag".[ -f $DBFILE ] && sqlite3 $DBFILE "SELECT $FIELD FROM $TABLE WHERE $WHERE like '%$1%';".

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\gendefaultconfig.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1137
Entropy (8bit):	5.0004775554401135
Encrypted:	false
SSDEEP:	12:OjKRxaeLKH1VQ/F/W93ofQaDqQl5QSFQaDDQFg02ZFTL6swfVQASFWsKTxQTi9Os:gyEe9Nk3on7PrQ7TxQTaOeGDqrIHmHdn
MD5:	42D966BEBDE3930135C7C393BFD2037C
SHA1:	ACDA019353DC615AAB235F69B634577E7217D00E
SHA-256:	2E75D0FF31AF4094DD06C8E9C77E156A2E05FBAECAF468EE86AA83B572CCD542
SHA-512:	8834FE8C977CC5E49F7FD17A26E9C1DFD3A8F9035043E918F74EBA9559EFDA2235F3F9C7BAD0A4257D88ED76F5146D9A8A94860673B1C36EADFF77A85BB09E73
Malicious:	false
Preview:	#!/bin/sh.DEVTYP=`cat /etc/default/device`./etc/init.d/S70daemons stop.if [ -f "/etc/allnetenv/config.s3db" ] ; then..rm /etc/allnetenv/config.s3db..echo 'INFO SQLITE DB: config.s3db found and deleted'.fi.rm -rf /etc/allnetenv/sensorhistory_ts_.rm -rf /etc/allnetenv/log/day-0/.rm -rf /etc/allnetenv/log/day-1/.rm -rf /etc/allnetenv/log/day-2/.rm -rf /data/.csv.rm -rf /data/pm/.csv.rm -rf /data/el/.csv.if [ -f "/etc/lighttpd/conf.d/remote_access.off" ]; then..mv /etc/lighttpd/conf.d/remote_access.conf /etc/lighttpd/conf.d/remote_access.on..mv /etc/lighttpd/conf.d/remote_access.off /etc/lighttpd/conf.d/remote_access.conf.fi.cp -p /etc/default/config_default.s3db /etc/allnetenv/config.s3db.cp -p /etc/default/accessHelper.json /etc/allnetenv/accessHelper.json.echo 'INFO SQLITE DB: config.s3db from config_default.s3db generated'./etc/scripts/setpass.sh root PortaLuce23./etc/scripts/setpass.sh ftp PortaLuce23*.if [ ${DEVTYP} = "ALL3653" ] ; then..rm -rf /opt/flowcontrol..if [ -f "/et

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\get Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	173
Entropy (8bit):	5.18912942909637
Encrypted:	false
SSDEEP:	3:TKH4vhnnp6uGdZYtLQKCSACSIJQDHWUJ8FBlJjDBjBBsOFySUytgcMkUV:h5nnpOdefdQDlUddjXHfrtMkO
MD5:	1517D6C7B6FCAAECD8C51694CB364AD0
SHA1:	A9A161846F6C5AADF3D96C563A8F7262835468BB
SHA-256:	75A9155766542C0C0D973EB4B370B4C60912A4F24883E477157F56659F1D4708
SHA-512:	7D2A31887AC4AE8671386EA1542CE2712FEECED81565A10794BAD0025037014E6D24ACD9E27BD1A57640F4A04B1AD955FDF425949BD7E24AADAD9F17602230BB
Malicious:	false
Preview:	#!/bin/sh.DBFILE="/etc/allnetenv/config.s3db".TABLE="config".FIELD="value".WHERE="tag".[ -f $DBFILE ] && sqlite3 $DBFILE "SELECT $FIELD FROM $TABLE WHERE $WHERE like '$1';".

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\httpdConfig.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.700815129331847
Encrypted:	false
SSDEEP:	3:TKH4vQYvcLHyx7IEj5CN3V8E:hDEr8IEj5O3V8E
MD5:	B84AB7D272AF2A3CCD3AD150183C8AF8
SHA1:	5C5878F75E8A763F95A0EEE590C1ABC6C37011FE
SHA-256:	5D91F23DA2A682E9CD3D589EAED853BF0D0D5016B5877FD91E55E75EF3853E96
SHA-512:	E72AB46310CD04AF971E93983AD57E97418EB6862196A2B5CD21B511D504D9317FA7D100CC77EC37DAF24E1223EC620D2AD1413F6AECF2F5020294D65B283C00
Malicious:	false
Preview:	#!/bin/sh.usleep 10000 .kill -TERM $(cat /tmp/lighttpd.pid).

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\lan.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1381
Entropy (8bit):	5.160054208670794
Encrypted:	false
SSDEEP:	24:mmKCtKfKlKTKFK6mKXvgKvOkSJ4X24wdL5LSnSOJack4V4Py0u:WC4Cw2Q6nxv+dUSaWy0u
MD5:	3A90307DC171119C99BC58BD100923BF
SHA1:	4E48485EF54EF59B9B16B5E68796EFCF5A8039F1
SHA-256:	81C2DBD549FA21065790DA0ED87BB4C75853024F102F7E06201A46C0413B4E0C
SHA-512:	58A8063AC9D5088A479993EB6747691EE00582E742E2E7DD1927F7A0A91B8331206C531C47328752069A346326C68B27EE30D1D84C4172A2323B2D9CB1747D3D
Malicious:	false
Preview:	#!/bin/sh..IP=`/usr/sbin/allnet/sqldb_read /sys/network/lan/ipaddress`.NETMASK=`/usr/sbin/allnet/sqldb_read /sys/network/lan/netmask`.GW=`/usr/sbin/allnet/sqldb_read /sys/network/lan/gateway`.HOSTNAME=`/usr/sbin/allnet/sqldb_read /sys/network/hostname`.DNS1=`/usr/sbin/allnet/sqldb_read /sys/network/lan/dns1`.DNS2=`/usr/sbin/allnet/sqldb_read /sys/network/lan/dns2`.HWID=`/usr/sbin/allnet/sqldb_read /sys/hardware/numeric_model`.ETH=`/usr/sbin/allnet/sqldb_read /sys/network/interface`.case $1 in.. .start)..echo -e "\033[01;33m[lan] -- Start network...\033[01;0m"..ifconfig ${ETH} 0.0.0.0 up..brctl addif br0 ${ETH}../sbin/ifconfig br0 ${IP} netmask ${NETMASK} > /dev/null 2>&1..route delete default..route add -net 0.0.0.0 netmask 0.0.0.0 gw ${GW}..if [ ${HWID} = "5000" ] ;then.../usr/sbin/allnet/lcd_write 0 `hostname`.../usr/sbin/allnet/lcd_write 1 `ifconfig br0 \| grep "inet addr:" \| cut -f1 -dB \| cut -f2 -d:`..fi..echo "search allnet.local" > /etc/resolv.conf..echo "nameserver $DNS1" >> /et

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\laststate.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1145
Entropy (8bit):	4.507788548248957
Encrypted:	false
SSDEEP:	24:Z+So3i3tbY3tH303tHoS4G4A4tX8P93dETkdETdj939B4B45Y4B4te/Md/MNsG0:3o3i3RY3Z303ZoS4G4A4tX8P93dETkdn
MD5:	168C1B54036DDA2EF2C4D7E54CA598D8
SHA1:	1DB0C6E8F0B76AACA09E95CE63B85F7CEA3454EA
SHA-256:	3C1A91EC5C98214DA7EA615C3F4CA85F797191C1E0BAB034DE1A63C157D21C30
SHA-512:	AF99E6EBCFB31DB95712BA071C067E9AF8B84EA97023052E847E8E4D1BE83037FAECE88DC5C1AF64CE3189BE83721327D2A7A9D59A4CCF2AF903F1702635DEDF
Malicious:	false
Preview:	#!/bin/sh./bin/chmod -R 775 /usr/sbin/./bin/chmod -R 775 /usr/sbin/allnet/./bin/chmod -R 775 /etc/init.d/./bin/chmod -R 775 /www/.rm -rf /usr/lib/libcurl.so.rm -rf /usr/lib/libcurl.so.4.rm -rf /usr/lib/libcurl.so.4.2.0.ln -s /usr/lib/libcurl.so.4.3.0 /usr/lib/libcurl.so.4.ln -s /usr/lib/libcurl.so.4.3.0 /usr/lib/libcurl.so.rm -rf /usr/lib/libpcre.so.rm -rf /usr/lib/libpcreposix.so.0.0.0.rm -rf /usr/lib/libpcreposix.so.rm -rf /usr/lib/libpcreposix.so.0.rm -rf /usr/lib/libpcrecpp.so.0.0.0.rm -rf /usr/lib/libpcrecpp.so.rm -rf /usr/lib/libpcrecpp.so.0.ln -s /usr/lib/libpcre.so.1.2.5 /usr/lib/libpcre.so.ln -s /usr/lib/libpcre.so.1.2.5 /usr/lib/libpcre.so.1.ln -s /usr/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.ln -s /usr/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.ln -s /usr/lib/libpcreposix.so.0.0.3 /usr/lib/libpcreposix.so.ln -s /usr/lib/libpcreposix.so.0.0.3 /usr/lib/libpcreposix.so.0.ln -s /usr/lib/libpcrecpp.so.0.0.1 /usr/lib/libpcrecpp.so.ln -s /usr/lib/libpcrecpp.so.0.0.1 /us

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\lightly.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	76
Entropy (8bit):	4.819910079062262
Encrypted:	false
SSDEEP:	3:TKH4v++FiFBUFIstJ9iy8Ix7IEj5CN3V8E:h8QXJo+IEj5O3V8E
MD5:	3F48849B89F949EBB326EAE7DDF3CFA7
SHA1:	04EF2B2510D4ABC008A76FFB7E4FC9AB0689D1A3
SHA-256:	30D894DF50B6D608D254393889151603B1B032F98416F4F150966B25BE9EC8F8
SHA-512:	2188DB2627DC053A0789EC724682521D64C28D2ACF19E6434843ED72C694F691D91CB595869A366C1FE183152B34AECD2390B4E0BEE7BB964D7422DEB9946ED0
Malicious:	false
Preview:	#!/bin/sh.[ ! -z $1 ] && { usleep $1; }.kill -TERM $(cat /tmp/lighttpd.pid).

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\mem Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	474
Entropy (8bit):	4.9643256742219135
Encrypted:	false
SSDEEP:	12:GGK4q3o+TQ3SAArF+Tj3o+Tcm3SAArF+TcWRLM69sLR+be:yPQClrKjPJClrKrt2ae
MD5:	4B9541CE5EA2A912646D6A5B903AB531
SHA1:	CD9AAFC329F96D3BE2A2355064B43251BB26A65E
SHA-256:	227A73C4AF05D0F81C87F3B4AAD0BF52EC620D1668C0354C005E5C2BAD2FA383
SHA-512:	0CA0486BA8672EC9584F1B1330E9F5C9A0D780F9CC1ACE7146AC57634BE43807366A9D92B629BF104BE3089BCDB49A362B86AEDEF7E521785EA21C8805FA91E5
Malicious:	false
Preview:	#!/bin/sh..# (^ )(.) kB..#T=`cat /proc/meminfo \| grep MemTotal: \| cut -d ':' -f2 \| sed 's/^ //g'`.#F=`cat /proc/meminfo \| grep MemFree: \| cut -d ':' -f2 \| sed 's/^ //g'`.T=`cat /proc/meminfo \| grep MemTotal: \| cut -d ':' -f2 \| sed 's/^ //g' \| sed 's/ kB//g'`.F=`cat /proc/meminfo \| grep MemFree: \| cut -d ':' -f2 \| sed 's/^ //g' \| sed 's/ kB//g'`.#U=$(expr $T-$F).printf "Total:\t$T\n".printf "Free:\t$F\n".printf 'Used:\t%s\n' "$(( $T - $F))".#printf "Used:\t$U\n".

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\networking.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1681
Entropy (8bit):	5.27060490779872
Encrypted:	false
SSDEEP:	24:nKcmKXvmoktFPzHCD1Wgz4X24wGE9N1qC1z7k4jR4P1DkVUm3:Kcnq/4W2GmDy1g6m3
MD5:	E5CF876572D59B41ACEA4E2ECABF257B
SHA1:	A78E0AF896E09FEE01256FF7964E16E00CEF0A86
SHA-256:	AA94758409DC9CBB1611947C5300511A51031007C991899EC454B700210FAEF7
SHA-512:	3476E1B98D0F848ECE4B2B9F891F9057312509B4EBDE56993E7BE9EDFA8F55438DC9343E0741F3795912CF5206562B613C4F85F813620F9DC816E00BA0C7F88F
Malicious:	false
Preview:	#!/bin/sh.HOSTNAME=`/usr/sbin/allnet/sqldb_read /sys/network/hostname`.HWID=`/usr/sbin/allnet/sqldb_read /sys/hardware/numeric_model`.case "$1" in.start)..echo -e "\033[01;33m[NETWORKING] -- START\033[01;0m"..echo -e "\033[00;32mStart LAN\033[00;0m" > /dev/console../etc/scripts/lan.sh start..> /dev/console..echo -e "\033[00;32mStart WLAN\033[00;0m" > /dev/console../etc/scripts/wlan.sh start..> /dev/console..echo -e "\033[00;32mStart DHCP\033[00;0m" > /dev/console../etc/scripts/udhcpc.sh start..> /dev/console../etc/scripts/test_gateway.sh..if [ "$?" = "0" ] ;then. echo -e -n "\033[01;33m[S50] -- Set time -> \033[00;32m". /usr/bin/ntpdate -t5 -p1 pool.ntp.org. fi..echo -e "\033[00;32mStart NTP\033[00;0m" > /dev/console..if [ ${HWID} = "5000" ] ;then.../usr/sbin/allnet/lcd_write 0 `hostname`.../usr/sbin/allnet/lcd_write 1 `ifconfig br0 \| grep "inet addr:" \| cut -f1 -dB \| cut -f2 -d:`..fi..;;.stop)..echo -e "\033[01;33m[NETWORKING] -- STOP\033[01;0m"..echo -e "\033[0

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\nodtest.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	308
Entropy (8bit):	4.749234870788986
Encrypted:	false
SSDEEP:	6:hqasXGLsCsBW/1GjwuXjP0yyT/Y7/xVnwj99JSTSunyd3LM9kLZV:8asXGLxsBWNcbXjPhy0NNCBSTAd3Gkf
MD5:	DEF2B13770867E32BFC816B8BBDD0247
SHA1:	30BDCBF272D693EA0F645CD1D4133A9CC4F11661
SHA-256:	44FB76657478B1A4E2336D5559D4BA527BE3CA18CC0960E5BE10A49CF040549B
SHA-512:	395D16C5CA94769C00A6ED086E3FE55B3F37CB432DEE8C37BAF925F40C81748572550CF8FBA960183EC9EBE1D7A20F76317A88D17CDB660F4B566A182CA6621A
Malicious:	false
Preview:	#!/bin/sh.check="/dev/ttyUSB"..checkDevice() {.if [ -c "$1" ].then. echo "$1 is a character device. [OK]".else. echo "$1 is anything else. [DELETE $1]". rm -rf $1. echo "Create character device $1". mknod -m 666 $1 c 188 $2.fi.}.for i in `seq $1 $2`;.do. device="$check$i". checkDevice $device $i.done

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\ntp.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1450
Entropy (8bit):	5.322022173745269
Encrypted:	false
SSDEEP:	12:aapu4Ln5xGNwkHlH1kBjAdQRD8FfGhL6ugsGyJGbQI3f5ijILgsaaj5iGGxvLgsV:aaphGZqBdRDNLAn3fuM37zsKjVU
MD5:	7370C1570CC4712B5B483FB69B6E65AC
SHA1:	B55E7041FBF53DC1BE4FE605632F440E547D127C
SHA-256:	78B1749624E64B472B1E356DC4EC4A287DBCE836A727D1AD643865C071DDD04D
SHA-512:	B2F68FD0D25F3FBA0618F225115698269826CD58BBEEB5F1E16AAC8E5B000DF4CD0389A4743323FDCF62A8490BB5879934D8E5DFEB72D60A48D6A680D4B23B85
Malicious:	false
Preview:	#! /bin/sh.#.# System-V init script for the openntp daemon.#..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/sbin/allnet.DESC="network time protocol daemon".NAME=ntpd.DAEMON=/usr/sbin/$NAME.NTPDATE_BIN=/usr/bin/ntpdate..# Gracefully exit if the package has been removed..test -x $DAEMON \|\| exit 0..# Read config file if it is present..if [ -r /etc/default/$NAME ].then... /etc/default/$NAME.fi..case "$1" in. start). .echo -e -n "\033[01;33m[NTP] -- \033[01;0m"..if [ -x $NTPDATE_BIN ] ; then...echo -e "\033[00;32mGetting initial time via ntp\033[00;0m" > /dev/console...$NTPDATE_BIN $NTPDATE_OPTS $NTPSERVERS > /dev/null 2>&1..fi..echo -e "\033[00;32mStarting $DESC: $NAME\033[00;0m" > /dev/console..start-stop-daemon -S -q -x $DAEMON..;;. stop). echo -e -n "\033[01;33m[NTP] -- \033[01;0m". echo -e "\033[00;32mStopping $DESC: $NAME\033[00;0m" > /dev/console..start-stop-daemon -K -q -n $NAME..;;. reload\|force-reload). echo -e -n "\033[01;33m[NTP] -- \033[01;

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\ntpdate.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.080816000769497
Encrypted:	false
SSDEEP:	6:hm4o0JJSB0PJRnFh0v1K/XCvlqiAlvpazS2E4AJJEA+4z:AK/wAiAl4zflAJ3+4z
MD5:	95A42AA8D9781911112612E4EC4A9463
SHA1:	704CFDAF8EAE321FBF746712A771BC2A6B788D0F
SHA-256:	AF3F2916323AB9599B7AA12D299FC6F6E39D5871A76CB25ED9DC77F392B2D844
SHA-512:	63DB99772222B9788111FE30EF5CD660CEC660640E57B03FD203C73F401E730A1D848C9C58B43968C4E4E571D4E8FA4573F5B17CF455452803128B2BE6898F5B
Malicious:	false
Preview:	#!/bin/sh.if [ -z ${1} ]; then. if [ -f /etc/ntp.conf ] ; then. NTPSERVERS=`cat /etc/ntp.conf \| cut -d ' ' -f2 \| xargs`. else. NTPSERVERS="pool.ntp.org ntp0.fau.de". fi.else. NTPSERVERS=$*.fi.echo -e "Time Servers used: $NTPSERVERS\n" > /tmp/ntp.log./usr/bin/ntpdate -t5 -p1 $NTPSERVERS >> /tmp/ntp.log 2>&1 &.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\offlineupdate.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2704
Entropy (8bit):	4.934447135275207
Encrypted:	false
SSDEEP:	48:HG12sjFrBY1HBAUNzNC/xBuHuVsp9Y/kJ5BBfydD/Bhz2XE7BNYB1DnXB6mBOBW4:HGfjM1+UN4mHudQ6DDXsIiOBHQXchf
MD5:	E98E42B65DE3C5353D3D6228E8289AB0
SHA1:	DF3CD8688698EB967DB09E8FA780F4AC6A0CEFB0
SHA-256:	0911781A03624C972288F16E159333074A4401558189B967D7289D219BD904F5
SHA-512:	685BE26A88BDE31C29C6C3BD478898A04F7189B85AE0A12136072E92FC4B67534D9C4C70D9DCADAFED39EF4B63F8777387BBB7199DF25F54577F1417335597DF
Malicious:	false
Preview:	#!/bin/sh.HW=`/usr/sbin/allnet/sqldb_read /sys/hardware`.DIR="/tmp/update".PATCHFILE="/tmp/update.zip".PROCESS="/tmp/update.process".MINMEM=1000.URL="https://update.allnet.de/v3/"..extract() {. unzip -o -q $PATCHFILE -d $DIR/ >> $PROCESS 2>&1. if [ $? -eq 0 ] ;then.. if [ ! -f $DIR/patch.inf ] \|\| [ ! -f $DIR/desc.txt ];then...echo "004# No information files found" >> $PROCESS...cleanprocess 4.. else...chmod -R 775 $DIR/...chown -R root:root $DIR/...rm /tmp/update.lock > /dev/null 2>&1...exit 0.. fi. else. echo "005# Extract error - No files found" >> $PROCESS. cleanprocess 5. fi.}...cleanprocess() {. rm /tmp/update.lock > /dev/null 2>&1. rm /tmp/update.result > /dev/null 2>&1. rm /tmp/update.zip > /dev/null 2>&1. rm -rf $DIR > /dev/null 2>&1. exit $1.}..runupdate() {. if [ -f /tmp/update.lock ] ;then. echo "PROCESS RUNNING ! ABORT !". exit 255. fi. if [ ${HW} = "arm" ] ;then. MEM=`/bin/df /tmp \| grep "/tmp" \| tr -s ' ' \| cut -d ' ' -f4`. else. MEM=`/

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\proftpd.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	696
Entropy (8bit):	5.1161656080943265
Encrypted:	false
SSDEEP:	12:5NPUhmdK8K+CBBi+eqF+NtTNsoeqircPSoVUTZDWghJ1ma4ORtFh+oqvRiQLglKN:5Kl+CBwoZiKDvEJQbs2k
MD5:	709B71AA8A5A53FA7B529336929E34C9
SHA1:	43887562147425E7349BF40E070530C55578BAE0
SHA-256:	9F4A452023738F8EB739CFF1BB72563FD7ECCDA41C0BA3978875B0490042222B
SHA-512:	5129E717E653B6CC4DD3CBEE3FB8B0980F765BE4573DAC296A9CBA439D5C5B4E63A9A6670E1E9F14EB20C976E53DCDFD78C253C9534655E504697A284CADD71D
Malicious:	false
Preview:	#!/bin/sh.PORT=`/usr/sbin/allnet/sqldb_read /sys/network/ftp/port`.sed -i 's/Port ./Port '${PORT}'/g' /etc/proftpd.conf..DAEMON=/usr/sbin/proftpd.trap "" 1.trap "" 15.test -f $DAEMON \|\| exit 0.[ ! -d /var/run/proftpd ] && mkdir /var/run/proftpd.[ ! -f /var/log/wtmp ] && touch /var/log/wtmp..start() {..echo -n "Starting ProFTPD on Port "$PORT..$DAEMON..if [ $? != 0 ]; then...echo "FAILED"...exit 1..else...echo "done"..fi.}..stop() {..echo -n "Stopping ProFTPD"..killall -9 proftpd. echo "done".}..case "$1" in. start)..start..;;.. stop)..stop..;;.. restart). .stop. .start..;;.. )..echo "Usage: /etc/scripts/proftpd.sh {start\|stop\|restart}"..exit 1..;;.esac..exit 0.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\reconfigure_wlan.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3886
Entropy (8bit):	5.319014338936497
Encrypted:	false
SSDEEP:	48:Nvc5G870FoF0FHaFPxZ6xrfi0krRLnwl0M1sJRSNn/A0M1s2RSNn/30M1eJRSNnT:Nvc5Gs0quUF3655U0Ev17VXjw
MD5:	2389A48CD1A73D1A8C2A6D4CA9F8665A
SHA1:	E592080C4C8B386148B512677CF13E7F5A0A0CAF
SHA-256:	D0214EAF92C1F5BC7E4D4948542A96BBB45EF9B3AC4E60480A14EA81D44C7009
SHA-512:	31B2FC26F306FE8B18DBCD8F59B4E5203A78CC74B50A226F9CAF1FDEE7AACE2E474F571CFE1E1E401EE7F4DA69E4F53319B4B06A566C1A68C4ECC4CD0F7AC09B
Malicious:	false
Preview:	#!/bin/sh..WLAN_MODE=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/mode`..WLAN_AUTHMODE_AP=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/ap/authmode`.CHANNEL_AP=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/ap/channel`.ENCKEY_AP=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/ap/enckey`.SSID_AP=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/ap/ssid`..WLAN_AUTHMODE_STA=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/sta/authmode`.CHANNEL_STA=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/sta/channel`.ENCKEY_STA=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/sta/enckey`.SSID_STA=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/sta/ssid`..if [ ${WLAN_MODE} = "disabled" ] ;then...iwpriv ra0 radio_off..brctl stp ra0 off..fi..if [ ${WLAN_MODE} = "ap" ] ;then...iwpriv ra0 set Channel=$CHANNEL_AP..iwpriv ra0 set SiteSurvey=1...if [ ${WLAN_AUTHMODE_AP} = "SHARED-WEP" ] ;then...iwpriv ra0 set AuthMode=SHARED...iwpriv ra0 set EncrypType=WEP...iwpriv ra0 set IEEE8021X=0...iwpriv ra0 set KEY1=$ENCKE

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\restore.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1362
Entropy (8bit):	5.056271736698825
Encrypted:	false
SSDEEP:	24:u4Ux+6N6S63A8HMZM8o9vJA8LK83lQhpq9xnIVJAlnIZnI3pnIyS:w06nh0P64nIqnIZnIZnIyS
MD5:	6B459CF98A4750CF63FC18FA5DB10E9B
SHA1:	2E1025175E56F9470D08D9FC4E79800232057D31
SHA-256:	37193A2426E7743231CA582BE36047755423E79D81808A575AC73897B4BFD290
SHA-512:	C6EC4D80873CA0150DCB8EFA3E4935C408F1737FD24C1C7B3785D325358BCC9D2330D0BF4644EC0A997F00C73A4115D12AFB3506BB704774ED2834771BFAEB22
Malicious:	false
Preview:	#!/bin/sh./etc/init.d/S70daemons stop &> /dev/null.rm -rf /etc/allnetenv/sensorhistory_ts* &> /dev/null.rm -rf /etc/allnetenv/log &> /dev/null.cp -rpf /tmp/restore/data / &> /dev/null.cp -rpf /tmp/restore/www / &> /dev/null.cp -rpf /tmp/restore/etc / &> /dev/null.if [ -d "/tmp/restore/opt" ] ; then..cp -rpf /tmp/restore/opt / &> /dev/null..cp -rpf /tmp/restore/wwwuser / &> /dev/null.fi.cp -rpf /etc/default/config_default.s3db /tmp/restore/confignew.s3db &> /dev/null.if [ -f "/etc/scripts/restoreupd.sql" ]; then../usr/bin/sqlite3 /tmp/restore/restore.s3db ".read '/etc/scripts/restoreupd.sql" &> /dev/null..sleep 1.fi./usr/bin/sqlite3 /tmp/restore/confignew.s3db ".read '/etc/scripts/restore.sql" &> /dev/null.sleep 1.cp -rpf /tmp/restore/confignew.s3db /etc/allnetenv/config.s3db &> /dev/null.MODE=`/usr/bin/sqlite3 /etc/allnetenv/config.s3db "SELECT value FROM config WHERE tag = '/sys/network/lan/ipmode';"`.IP=$MODE.if [ ${MODE} = "static" ] ;then..IP=`/usr/bin/sqlite3 /etc/allnetenv/config

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\restore.sql Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	861
Entropy (8bit):	4.958839675676771
Encrypted:	false
SSDEEP:	24:e3HUuIUuOUuUUuTCSZZYMcIa7aQBAabIU1TMZC:Tu9uzuBu2SZZlc13BhPVM8
MD5:	C817542FBF74DE6CC7584CDE25905C3D
SHA1:	7DF8068967CC96640792CAE1B0B1EB449A618EF7
SHA-256:	1F9E67AA29BE017D2B15047F4D03253B30224C1E1B257CBC9D57D2AFDDD0DE08
SHA-512:	64EAF33EA92A1B45FFA9E8852D11EA56A814E5CD69AE348B177D8A04B78C9DC8BBB53CBA88BFF0A0368C17D04FA363925D20D762C341E1ABBEBC1B2ACB3BA267
Malicious:	false
Preview:	attach '/tmp/restore/restore.s3db' as merge;.DELETE FROM merge.config WHERE tag = '/sys/firmware/versionnum';.DELETE FROM merge.config WHERE tag = '/sys/firmware/version';.DELETE FROM merge.config WHERE tag = '/sys/firmware/date';.DELETE FROM merge.config WHERE tag = '/sys/firmware/datenum';.INSERT or REPLACE INTO sensors_logical select * from merge.sensors_logical;.INSERT or REPLACE INTO external select * from merge.external;.INSERT or REPLACE INTO mapping select * from merge.mapping;.INSERT or REPLACE INTO frontend select * from merge.frontend;.INSERT or REPLACE INTO timer select * from merge.timer;.INSERT or REPLACE INTO matrix select * from merge.matrix;.INSERT or REPLACE INTO config select * from merge.config;.INSERT or REPLACE INTO camera_upload select * from merge.camera_upload;.INSERT or REPLACE INTO users select * from merge.users;.vacuum;.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\restoreupd.sql Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	941
Entropy (8bit):	4.952896966058967
Encrypted:	false
SSDEEP:	24:DkNMP0kNMjIMYkNMz78kNMHOMkNokEcYtukEc4MkEcgZ7kEcTZ7kEcAnZ7kktuks:D6MM6MjIMY6Mz786MHXUo2Ytu2Z282J6
MD5:	CC50E82FDF83E79EC0AB3309EF9BE7B1
SHA1:	BB0D6198FEBC70173727DCC13AC1809820B977C6
SHA-256:	EA22499DB0B05EF46627EF2B89F7341C85CC5BF88FAD1E33E4BE29BD1DC74018
SHA-512:	0B54EBA7922D8981AAEE01D49D1D6921E2AE85D1224EABD6589D97CBA8FC6FE1D4CB7AED53C02F5E67D4B50870F0DAB842AC4DC0B3E9ED2CA5AE8054ACF11D71
Malicious:	false
Preview:	BEGIN TRANSACTION;.ALTER TABLE sensors_logical ADD COLUMN [actor_analogValue] text;.ALTER TABLE sensors_logical ADD COLUMN [digitalToText] text NOT NULL DEFAULT "0;;";.ALTER TABLE sensors_logical ADD COLUMN 'tileColors' TEXT NOT NULL DEFAULT '1E7EAC;900000;900000';.ALTER TABLE sensors_logical ADD COLUMN 'tileFormats' TEXT NOT NULL DEFAULT '55;';.ALTER TABLE external ADD COLUMN 'buildgroup' text NULL;.ALTER TABLE timer ADD COLUMN actor_type text NOT NULL DEFAULT 2;.ALTER TABLE timer ADD COLUMN actor_analogValue text;.ALTER TABLE timer ADD COLUMN matrixID TEXT;.ALTER TABLE timer ADD COLUMN matrixAction TEXT;.ALTER TABLE timer ADD COLUMN flowControlID TEXT;.ALTER TABLE matrix ADD COLUMN actor_type text NOT NULL DEFAULT 2;.ALTER TABLE matrix ADD COLUMN actor_analogValue text;.ALTER TABLE matrix ADD COLUMN flowControlID TEXT;.ALTER TABLE matrix ADD COLUMN validateValue TEXT;.ALTER TABLE matrix ADD COLUMN sortExecution TEXT;.COMMIT;.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\runscript.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.9701755214643457
Encrypted:	false
SSDEEP:	3:TKH4vWJPQpS:hgsS
MD5:	C2EC1AB7F442247B8A540173C883842A
SHA1:	C88DDE7AADEEF3641ED5343EE6B7D3F68F00A9DC
SHA-256:	10DE256A842F36FB36CE60FD19D75F1107D15148F3DA50FC3D35241498C2FEF2
SHA-512:	8E7A299F223FB66D2D8A651C724AE8CBE6BAE02E941CBC736FC7AD7167168C9EB471B50C132087117A325C037FE2C447F65CDBE943296126295604CAB094B0B3
Malicious:	false
Preview:	#!/bin/sh.sleep $1.$2 $3

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\setpass.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	65
Entropy (8bit):	4.242329531539919
Encrypted:	false
SSDEEP:	3:TKH4veA9FABjXHaYmFABjXHEiWrFHBUH:hmAABTaoBTEhe
MD5:	D6A3F76BDEDF51F9B3B328ABB1CBA172
SHA1:	14F574F4420465B29AA5596A561A0528778A9227
SHA-256:	31A0EAF3A52768FAF387A8272F266157FD513D6A9FFB5FCE95968555B4F2F366
SHA-512:	27834C387618D02B0DF4AA4D532DFF4DB1B6D2F147F84770A6560DD312BC15AF8C22C826EE1663554D715CCFB62441EA8088C5E1258DB3EB6911D8D29713A253
Malicious:	false
Preview:	#!/bin/sh.( sleep 2; echo "$2"; sleep 2; echo "$2") \| passwd "$1"

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\sqliterc Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.729725089502267
Encrypted:	false
SSDEEP:	3:OnSKvIKqKAv:OSKQKqKK
MD5:	BA8C98C02B372DA06206DD0EC11CE5EA
SHA1:	F0D5949870B0699F2B427DDBA8BAD397D0A9E08E
SHA-256:	CC235BB8390A643C609BB3EFFFD68E04E9A8049CFDD829AC4B5F18541A4AB8F4
SHA-512:	A1D5E75E85DD9D78487273B7CFAF96F5615A6C7B9829B23BF60163433E560D9BD53255A807A8E181D8954AFE43133EB894406496985FAC3653B894719925DEFF
Malicious:	false
Preview:	.timer on..headers on..mode line.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\startstop.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2379
Entropy (8bit):	5.145153703840673
Encrypted:	false
SSDEEP:	48:LBDL4dkKo3PH3zSXD/Hz0WI//dAm4w7Ro3MAm4wT4Boxnv69tw:LBDL4KPH3zSXDvz0WIHKmfmmBxnGe
MD5:	FAA431EEE71244E78D678DC9069441D1
SHA1:	4C12770A9D6F764BC885D6A8CE06C38175CD3A68
SHA-256:	2732CF511406599E175C8DB33C88D5059F75CD792D47C9DC2FB45B78950451B4
SHA-512:	C17BB9BD4B47DE308B0E1BED60478A8A0E8B36F0467E0960D3957F096ADCD71F89E7E8F896C78CDE1CF4EFD02043864BDD0FE318564FD6C81E8735CFA141BBC3
Malicious:	false
Preview:	#!/bin/sh.PLATFORM=`/etc/scripts/get /sys/platform`.PIDFILE="/var/run/".if [ ${PLATFORM} = "arm" ] \|\| [ ${PLATFORM} = "RT3352" ];then..PIDFILE="/tmp/".fi.DAEMON_PATH="/usr/sbin/allnet/".LOGFILE="/tmp/startdaemon.log".QUIET="--quiet".if [ "$3" = 1 ] ; then. QUIET="--verbose".fi.startd() {. /sbin/start-stop-daemon --start $QUIET --background --make-pidfile --pidfile "$PIDFILE$1.pid" --exec "$DAEMON_PATH$1" --test #> /dev/null. # /sbin/start-stop-daemon --start $QUIET --background --pidfile "$PIDFILE$1.pid" --exec "$DAEMON_PATH$1" --startas /bin/sh -- -c "root:root" >> $LOGFILE 2>&1 \. # \|\| return 2.}..stopd() {. /sbin/start-stop-daemon --stop --quiet --retry=TERM/1/KILL/5 --signal 5 --pidfile $PIDFILE$1.pid. RETVAL="$?". [ "$?" = 2 ] && return 2. /sbin/start-stop-daemon --stop --quiet --oknodo --retry=0/1/KILL/5 --signal 9 --exec $DAEMON_PATH$1. [ "$?" = 2 ] && return 2. RETVAL="$?". rm -rf $PIDFILE$1.pid. return $RETVAL.}..pidd() {. if [ -f "$PIDFILE$1.pid" ] ; then. .PID=`c

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\startupdate.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3802
Entropy (8bit):	5.164431526133882
Encrypted:	false
SSDEEP:	96:rKdjA+4lgL9Zf+Zgmp+M1S3T9H6jTHLqCtbD7MEEQFTh4Ec:mAu9Z7mpf4TYPhbD7XlC
MD5:	BDB7303FC7DBA6A28F7CFE61D64FCF56
SHA1:	C2E1F7F54D0B612832164FA8AD2D49C7A11BFA29
SHA-256:	1A4999A7E0D9E9BA48C8B10E1437C175C82CCE8D866C7CBBFFA91B70B05FD912
SHA-512:	67A4C55CA30FD24B7FCCC9765AE58733857D8BD1617BD3B00942B5742C03B8873E27772E7BE1EF0830A5C2F45A1C083DA450707CA124B74F2B801CB448CB84C7
Malicious:	false
Preview:	#!/bin/sh.export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt.HW=`/usr/sbin/allnet/sqldb_read /sys/hardware`.DIR="/tmp/update".DWLDDIR="https://update.allnet.de/files".PROCESS="/tmp/update.process".MINMEM=5000.URL="https://update.allnet.de/"..getfile() {.# ACHTUNG ZUM TESTE FALSCHE SERVER PFAD ANGEGEBEN!!!!!. if curl --tlsv1.2 --ssl-reqd --output /dev/null --silent --head --fail $DWLDDIR/$1. then. curl --tlsv1.2 --ssl-reqd --silent --output $DIR/update.zip --remote-name $DWLDDIR/$1. processinfo 1 $2. if [ ! -f $DIR/update.zip ] \|\| [ ! -s $DIR/update.zip ] ;then. echo "003# No file or filesize is 0" >> $PROCESS. processerror 1 $2. cleanprocess 3. # exit 3. fi. else. .echo "002# No file downloaded, file not exists" >> $PROCESS. processerror 1 $2. cleanprocess 2. # exit 2. fi.}..extract() {. #TEST=`unzip -o -q $DIR/update.zip -d $DIR/ >> $PROCESS 2>&1`. unzip -o -q $DIR/update.zip -d $DIR/ >> $PROCESS 2>&1. if [ $? -eq 0 ] ;then. proce

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\suninfo.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	a /usr/bin/php script, ASCII text executable
Category:	dropped
Size (bytes):	1804
Entropy (8bit):	5.329021711895984
Encrypted:	false
SSDEEP:	48:QtMhsc2EiEYxXeIP1p5x4ukx451Vx4+Cx4bAU5x4bAo4x41Hx4dmx4UNx4otGK5Y:KMhsc2TzXlPD94s9xyov88iRGGvjfRY
MD5:	EF1B7700A92BE8EB80835C355F4BF8E8
SHA1:	EC0464CEF8C2B706081933B91AFA24411BFD9154
SHA-256:	B9D289671E2857FD4C236CA90F88AF494A215CD91770E00188C48EA39B521B0B
SHA-512:	5C79E6E68A843BB9925C8DBD49FC7648B1D68E8E40D39F1D9337BB848DF6095492081D1BC27AB41B1DF801C773929EB0B4AAEBE028F9A3BC9AE2D97279A3671C
Malicious:	false
Preview:	#!/usr/bin/php.<?php.$db = new PDO('sqlite:/etc/allnetenv/config.s3db', '', '');.// $output ="day;date;sunrise;sunset;transit;civil_twilight_begin;civil_twilight_end;nautical_twilight_begin;nautical_twilight_end;astronomical_twilight_begin;astronomical_twilight_end\n";.$output=null;.if($argc==2) {..$id=$argv[1];..$stm="SELECT sunInfo FROM timer WHERE id='".$id."';";..$result = $db->query($stm)->fetchColumn(0);..$data=json_decode($result, true);..$north=$data['geoData']['city_lat'];..$west=$data['geoData']['city_lng'];..$today=date("Y-m-d");..$nextday=date('Y-m-d',strtotime($today . "+1 days"));..$suninfoTDY = date_sun_info(strtotime($today), $north, $west); // lat = Nord long = West..$suninfoNXD = date_sun_info(strtotime($nextday), $north, $west); // lat = Nord long = West..if($data['sunType']=="0" \|\| $data['sunType']=="") {...echo "99:99:99";..} else {...switch ($data['sunType']) {....case 1:.....$output=date("H:i:s",$suninfoTDY['sunrise']);.....break;....case 2:.....$output=date("H

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\test_connection.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1017
Entropy (8bit):	5.295832307389989
Encrypted:	false
SSDEEP:	24:o1cmKXvEiTSriuFg79M9Jd/0FLriuFfb4s4s4o8FEy:acnMJrv+iJ/0FLrvfb4s4tFT
MD5:	F1E89E500255CE1704DDA1DC453B962C
SHA1:	2BF26F54B63C6C60C8D3F91D0B437ADDA69D2BAD
SHA-256:	A839CB3B07903A5E8D5957A752EBBD507A56DE86E264F20590B22B71C1D5BC71
SHA-512:	303284377C740D4F8E4C6B556B5F6D8B433B79F100C1C4DB586A91813E73798C446CC188A92E972310AFFA7430316F321949F9B79A8B31A40EBE048F7D63F473
Malicious:	false
Preview:	#!/bin/sh./etc/scripts/test_gateway.sh.if [ "$?" = "0" ] ; then. HWID=`/usr/sbin/allnet/sqldb_read /sys/hardware/numeric_model`. printf "test connection (1 try google)\t\t". CONNECTION_A=`curl -s --connect-timeout 3 --max-time 5 --head http://www.google.de \| head -n1 \| sed 's/HTTP\/1\.[10]\ //' \| sed 's/\ OK//'`. if [ -n "$CONNECTION_A" ] && [ "$CONNECTION_A" -ge "200" ] && [ "$CONNECTION_A" -le "307" ] ; then..echo -e "[\033[1;32mOK\033[0m]"..exit 0. else. .echo -e "[\033[1;31mFAILED\033[0m]". printf "test connection (2 try allnet)\t\t"..CONNECTION_B=`curl -s --connect-timeout 3 --max-time 5 --head http://www.allnet.de \| head -n1 \| sed 's/HTTP\/1\.[10]\ //' \| sed 's/\ OK//'`..if [ -n "$CONNECTION_B" ] && [ "$CONNECTION_B" -ge "200" ] && [ "$CONNECTION_B" -le "307" ] ; then.. echo -e "[\033[1;32mOK\033[0m]".. exit 0..else.. if [ ${HWID} = "5000" ] ;then. /usr/sbin/allnet/lcd_write 0 "NO INTERNET CONNECTION". fi. echo -e "[\033[1;31mFAILED\033[0m]". exi

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\test_gateway.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	244
Entropy (8bit):	5.290912425156432
Encrypted:	false
SSDEEP:	6:hZWyqUGvVXamN3EMSMrccvghbIc5r5JU5y6vn:OyFY53gXSBi16vn
MD5:	060251C4C532BCAD5F8BA4E439BD7746
SHA1:	4C129AC167655112BB28DA031CBEF065A0D2D488
SHA-256:	42367624B56819A0F2795FBCBEBE7D41C1BEBFFD91FD75275945CEDBE28BA7A5
SHA-512:	89F3CA7D602066B6C17348CB8EB2AB870E5057B132730CA19CC911824AA442ED3206C8DC6B18D4B3590AFAB7DB0FE2C675FC144A60377D30CEEDDF43B749B57A
Malicious:	false
Preview:	#!/bin/sh.dgw=`route -n \| grep ^0.0.0.0 \| awk '{print $2}'`.printf "test default gateway ($dgw)\t".ping -c1 -W 1 $dgw &>/dev/null.if [ "$?" = "0" ].then.echo -e "[\033[1;32mOK\033[0m]".exit 0.else.echo -e "[\033[1;31mFAILED\033[0m]".exit 1.fi..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\test_mail.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1953
Entropy (8bit):	4.80134829340931
Encrypted:	false
SSDEEP:	24:5EpOCvj+KuMQmKVKCtKIDKomKyQ7TLK+j1InwgHLKRdkWh5K+j1An5FBSLKRj:5EpvD+AC4HUTBj1ASdkqj1gHj
MD5:	77FD7AD962768482D844AC57D473389F
SHA1:	737BCB110AFAB963021A2237B8755158FEC933F0
SHA-256:	A43D01BAC22D14EF99B7E5E64457F933F4FAAA64C35AD91807163AAA54FA0038
SHA-512:	1C10D6CC641A9AE086ACF06F6AE53B27243EC8E367243ABCE78DFC764E417D7DC6A237FB976F1FE0F5EDB10E26DB6AB89D32B7BDE1D1ADF2D06B3F700903F116
Malicious:	false
Preview:	#!/bin/sh.if [ "$#" -ne 2 ]; then. echo "Usage: test_mail.sh demo@demo.com /tmp/mail.txt". exit 1.fi.############################# UPDATE CONFIG FILES chip, device.if [ -f "$2" ] ; then. CURL_LOG="/tmp/mail.log".FROM=`/usr/sbin/allnet/sqldb_read /sys/network/mail/sender`.SMTP=`/usr/sbin/allnet/sqldb_read /sys/network/mail/smtp`.PORT=`/usr/sbin/allnet/sqldb_read /sys/network/mail/smtpport`.USER=`/usr/sbin/allnet/sqldb_read /sys/network/mail/user`.PASS=`/usr/sbin/allnet/sqldb_read /sys/network/mail/pass`.STYP=`/usr/sbin/allnet/sqldb_read /sys/network/mail/smtpssl`.PROTO="smtp".[ ${STYP} -eq 0 ] && { PARAM=""; }.[ ${STYP} -eq 1 ] && { PARAM="--ssl";PROTO="smtps"; }.[ ${STYP} -eq 2 ] && { PARAM="--ssl --ssl-reqd"; }. echo "----------------------------------------------------------------------------------------------------". echo -e "USING PARAMETER:\n $PARAM --insecure --mail-from \"$FROM\" --mail-rcpt \"$1\" --url $PROTO://$SMTP:$PORT --u \"$USER:*****\" --upload-file $2 --anyaut

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\test_timeserver.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	a /usr/bin/php script, ASCII text executable
Category:	dropped
Size (bytes):	2575
Entropy (8bit):	5.278710236064136
Encrypted:	false
SSDEEP:	48:Or3DOb+JQIuEu9t8TMVl4z1zYeRqd4C2gW2H2uag2CwoBU7IOXYKxQ8Y5:Orqb+JatoMVly1zYeRqJKOXTpp8M
MD5:	6A16108189B905CCA614C7626DDF260B
SHA1:	3FE7D9AC8CB4834DF3035971A4E8513BDA71D2DD
SHA-256:	10B625426039ED3E56BE77FF181DAA601F32B44A367B5B7E12BE262A844CE343
SHA-512:	47C034F092C5A06B1E65B4508A6750126D1D3FCCFAA8FD1A8AD8C87679E8AB4C7C4D9B101CDDF9C2DE98D673C9699D6AE08C1273E0BCBCEA1C057728A183009A
Malicious:	false
Preview:	#!/usr/bin/php.<?php.$platform=exec("/etc/scripts/get /sys/platform");.$path="/etc/ntp.conf";.if($platform=="arm") {..$path="/etc/default/ntpd";.}.if(count($argv)==1) {..echo "\$Usage: /etc/scripts/test_time_server.sh\n";..echo " -s Set Date & Time\n";..echo " -o Print Response (JSON)\n";..exit();.}.$response=array("error"=>"false", "error_on"=>null, "server_count"=> null, "timestamp"=>null, "setdate"=>null, "datestr"=>null, "timezone"=> null, "timeserver"=>null);.function test_time_server($timeserver) {..error_reporting(0);..$sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);..socket_set_option($sock, SOL_SOCKET, SO_RCVTIMEO, array('sec' => 2, 'usec' => 0));..socket_set_option($sock, SOL_SOCKET, SO_SNDTIMEO, array('sec' => 2, 'usec' => 0));..$response['timeserver']=$timeserver;..$response['exit']=0;..if(socket_connect($sock, $timeserver, 123)) {...// Request - Connect Ok...$msg = "\010" . str_repeat("\0", 47);...if(socket_send($sock, $msg, strlen($msg), 0)) {....// Receive - Se

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\udhcpc.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1288
Entropy (8bit):	5.307689955814726
Encrypted:	false
SSDEEP:	24:GKqiKiRKFFgtMPA46yaEjZyyCFjxmPADIXgUblF8DkDH:Ha5DQJyH4y4txeLf88H
MD5:	6987B132FB65B057D7F2661ED604F3B3
SHA1:	7DA34DAC78A91D5F00E71A8557F8514D4EEAD7A9
SHA-256:	9DCCB18C6678BE8414749EB630F7A9048CD8DFD2404C526D91B09A170068E58C
SHA-512:	86BD31E5C07C3684ACA6054C246A4037B572A62ED9AF0D3E515572BC3884F66D77908D2BD7F255C6F752F5BA1959DC57CFD4A47CC7E6BC09671E56A1009FDAB7
Malicious:	false
Preview:	#!/bin/sh..IPMODE=`/usr/sbin/allnet/sqldb_read /sys/network/lan/ipmode`.HOSTNAME=`/usr/sbin/allnet/sqldb_read /sys/network/hostname`.LOCALDOMAIN=`/usr/sbin/allnet/sqldb_read /sys/network/localdomain`..case $1 in.. .start)....if [ "$IPMODE" = "dhcp" ] ; then....echo -e "\033[01;33m[udhcpc] -- Start udhcpc client\033[01;0m".#.../sbin/udhcpc -b -H $HOSTNAME -F $HOSTNAME -i br0 -p /tmp/udhcpc.pid > /tmp/dhcplease 2>&1..../sbin/udhcpc -b -H $HOSTNAME -F $HOSTNAME -i br0 -t3 -p /tmp/udhcpc.pid > /tmp/dhcplease 2>&1....if [ -f "/tmp/dhcphelperadd" ] ; then...../tmp/dhcphelperadd > /dev/null....fi....IP=`cat /tmp/dhcplease \| awk '/Lease of/{print $3}'`....LOCALDOMAIN=`cat /etc/resolv.conf \| awk '/search/{print $2}'`....echo -e "\033[01;33m[S20] -- Setting hostname -> \033[00;32m$HOSTNAME\033[00;0m" > /dev/console....echo "$IP.$HOSTNAME.$LOCALDOMAIN.$HOSTNAME" > /etc/hosts....echo "127.0.0.1.localhost.$LOCALDOMAIN.localhost" >> /etc/hosts..../bin/hostname $HOSTNAME.$LOCALDOMAIN...else if

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\udhcpd.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2622
Entropy (8bit):	5.365941264673914
Encrypted:	false
SSDEEP:	48:JmIL0Fxn8sj1UTIXnfaX9XFIe4blUNRqZMZAZ2ZneZ9xZSZnZVgZSZ8XZtZQZGZ0:Jm8yxnXj1UTIXnfaX9XFIe4pUnqZMZA2
MD5:	64C646DA82A4DDE24646C0E22C55AEE0
SHA1:	59C9C81DC286812C2C14FE73F7FCAA8800C6266F
SHA-256:	ABD45B4DF8BF22991FD319A396163F98498CB1BC0F549E6D0908CB7161BB6827
SHA-512:	DF4697872ACED710A78EDDD2CCE00028E853DF05CD6682565BCC1EDD3A4803B3B41A6D54179ACF5B0655CBDA6B2AD37715D6E726F57D73245927601F1E7DB2F3
Malicious:	false
Preview:	#!/bin/sh.#.# $Id: dhcp3-server.init.d,v 1.4 2003/07/13 19:12:41 mdz Exp $.#....# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?.# Separate multiple interfaces with spaces, e.g. "eth0 eth1"..#INTERFACES="br0"...# It is not safe to start if we don't have a default configuration....#echo "/etc/init.d/dhcp-server not yet configured! - Aborting...".#exit 1;.ENABLE=`/usr/sbin/allnet/sqldb_read /sys/network/udhcpd/enable`.IFACE=`/usr/sbin/allnet/sqldb_read./sys/network/udhcpd/iface`.LEASEFILE=`/usr/sbin/allnet/sqldb_read ./sys/network/udhcpd/leasefile`.PIDFILE=`/usr/sbin/allnet/sqldb_read ./sys/network/udhcpd/pidfile`.AUTOTIME=`/usr/sbin/allnet/sqldb_read ./sys/network/udhcpd/autotime`.DOMAIN=`/usr/sbin/allnet/sqldb_read ./sys/network/udhcpd/domain`.ROUTER=`/usr/sbin/allnet/sqldb_read ./sys/network/udhcpd/router`.STARTIP=`/usr/sbin/allnet/sqldb_read ./sys/network/udhcpd/startip`.STOPIP=`/usr/sbin/allnet/sqldb_read ./sys/network/udhcpd/stopip`.SUBNET=`/usr/sbin/a

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\umtsdial.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	517
Entropy (8bit):	4.680197298016819
Encrypted:	false
SSDEEP:	12:WNPUhuuaJlNiKGBNuB6d2NuB6lq1kaYFhOlKNTl9:WKlaJ3iKs4a24R2QM
MD5:	F32023F7A205F68A7A5F76C097114E48
SHA1:	A4C5626007D16F4DAD90D3ACF5CADDAB599EC48A
SHA-256:	AFCA6AE42FD934BECC16E523ACA011CF034DE9B4336C194C3A0EA6A19896133D
SHA-512:	B73E5EDD45D249DE5A43AE24AB087CD345D690404288465A30771F7A1F959A3A9633AFABA079456B5F93B68585A31D7291AFD53E4CD0D7CE09BDA5F1B829E900
Malicious:	false
Preview:	#!/bin/sh..GW=`/usr/sbin/allnet/sqldb_read /sys/network/lan/gateway`..case $1 in.. .start)..echo "dialing umts network....."..route del default../usr/sbin/pppd call 3gdial../usr/sbin/allnet/lcd_write 0 `hostname`../usr/sbin/allnet/lcd_write 1 `ifconfig ppp0 \| grep "inet addr:" \| cut -f1 -dB \| cut -f2 -d:`. ;;.. stop)...killall -9 pppd..route add -net 0.0.0.0 netmask 0.0.0.0 gw ${GW}.. ;;.. restart). $0 stop. sleep 3. $0 start. ;;.. *). $0 restart. ;;.esac...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\wlan.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	545
Entropy (8bit):	4.714224024214437
Encrypted:	false
SSDEEP:	12:hqLYeKmwsaElASSJ1E1A/t0wW8allKN2RBl9:gLHHtdAS+EOteXH
MD5:	A3F4714CE3A973D751B7BC75B62E367D
SHA1:	0D20CA70932A0A5F9F9D7925759FAE5535144ECC
SHA-256:	3635C617A3C98AA41C1293EF56884D1BC6DDE8BFB6EC62E28948B4AE8A7F1243
SHA-512:	43CE4B8BBC11C3C4517E5604C02153495ECF24ED92F468BD63B5ABCAC3CDF4548AFA8B37695F16C55EF16B5DD73EAA1162561750405518864AB816BB20FC1D25
Malicious:	false
Preview:	#!/bin/sh..case $1 in.. .start)..echo -e "\033[01;33m[wlan] -- Start wireless in ${WLAN_MODE} mode\033[01;0m"..ifconfig ra0 0.0.0.0 up..brctl addif br0 ra0..MACBR=`/sbin/ifconfig \| grep 'ra0' \| tr -s ' ' \| cut -d ' ' -f 5`. /sbin/ifconfig br0 hw eth ${MACBR}. /etc/scripts/reconfigure_wlan.sh.> /dev/console.. ;;.. stop)...#ifconfig br0 down..ifconfig ra0 down..brctl delif br0 ra0... ;;.. restart). $0 stop.# sleep 1 second. sleep 1. $0 start. ;;.. *). $0 restart. ;;.esac.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\scripts\wlan_arm.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	6534
Entropy (8bit):	5.348028470273635
Encrypted:	false
SSDEEP:	192:kt/FDltAF01bYUFG1ly+F/ChpQequ6IYZkHqu6InZkGru6IYZk/ru6InZk9zo0P8:kt5ltAF01bYUFGHy+F/ChpQeqNIYWHqc
MD5:	49B86D628D89701E30C43A1D3B2B450D
SHA1:	C2C5808CEA493B1B734231BC3C18AB47097FA7CF
SHA-256:	0F44163D7CA672802F30E8E7C38994B95EF5F17E4B6319C8E008AF87CA305FD1
SHA-512:	689072A518A6BD89AB493BEBAEBFE8548BF6B746AED9D6FCF4E980986506214C6C1B4B767101129224D1400D96CDBC3DD23F6D5883DEF4095B4207D9BE9BB917
Malicious:	false
Preview:	#!/bin/sh..WLAN_MODE=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/mode`..WLAN_AUTHMODE_AP=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/ap/authmode`.CHANNEL_AP=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/ap/channel`.ENCKEY_AP=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/ap/enckey`.SSID_AP=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/ap/ssid`..WLAN_AUTHMODE_STA=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/sta/authmode`.CHANNEL_STA=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/sta/channel`.ENCKEY_STA=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/sta/enckey`.SSID_STA=`/usr/sbin/allnet/sqldb_read /sys/network/wlan/sta/ssid`..if [ ${WLAN_MODE} = "disabled" ] ;then..ifconfig wlan0 up..fi..case "$1" in..start)...if [ ${WLAN_MODE} = "ap" ] ;then. ...echo -e "\033[01;33m[wlan] -- Start wireless in ${WLAN_MODE} mode\033[01;0m". ..ifconfig wlan0 0.0.0.0 up. .test -f /usr/sbin/hostapd \|\| exit 0. .MACBR=`/sbin/ifconfig \| grep 'wlan0' \| tr -

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\shadow Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	371
Entropy (8bit):	3.829313510683769
Encrypted:	false
SSDEEP:	6:fHukc63mEcW4ltc63S45W4ltc63G4ltc63Y4ltc639x4ltc63qQHW4ltc632J5nX:fHukA1hto45htrt1tWtEQHhtMJ5btktc
MD5:	D36FC78CE50CEA0D378B8DADF5DCF2B7
SHA1:	50C3A6E56247FE98DE7E6C13F66F70DDCD111A2C
SHA-256:	474E3B655B55FFAFA59039E131F634814BD01F4B03553AC4F43B93B7E2D8684D
SHA-512:	477DC407777AD6FCC062F86629BFCF297A63CEE4424A5990AC30D092816902112870B879E0090ED29A86D1B509B3C5512E31E6834D9EB0560187D0E8969C84AD
Malicious:	false
Preview:	root:ruGUiVbAPJ2nQ:16223:0:99999:7:::.bin::10933:0:99999:7:::.daemon::10933:0:99999:7:::.adm::10933:0:99999:7:::.lp::10933:0:99999:7:::.sync::10933:0:99999:7:::.shutdown::10933:0:99999:7:::.halt::10933:0:99999:7:::.uucp::10933:0:99999:7:::.operator::10933:0:99999:7:::.ftp:J6L6ovIjro0/I:16223:0:99999:7:::.nobody::10933:0:99999:7:::.default::10933:0:99999:7:::.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\ssl\certs\ca-certificates.crt Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	261921
Entropy (8bit):	6.003495140026641
Encrypted:	false
SSDEEP:	6144:/Ny5WXkqx9NGUqd9Eo7kiNR6ntcm+d4tLKb0wbTDdT2:/NyALYBd76tI4tLC0wbTp2
MD5:	D98D2BB479D837E60A3D3C5071D8D482
SHA1:	F749F6F4D7A85CF6BAC736DF6673654593C922B7
SHA-256:	CC08915AA0D60881B8F48D5C347D51C5091965D2C013D9B011E0D8122CAB4FBE
SHA-512:	917760629388C56D4DD3B1755ACA7B1BD8435E3EA20249BC63773F25118E59BE4D01A7E63B3155D10E3B6CBC12CFD5D1A75070A652AB632E58AA7E2B16C7F2DF
Malicious:	false
Preview:	##.## Bundle of CA Root Certificates.##.## Certificate data from Mozilla as of: Wed Jan 18 04:12:05 2017 GMT.##.## This is a bundle of X.509 certificates of public Certificate Authorities.## (CA). These were automatically extracted from Mozilla's root certificates.## file (certdata.txt). This file can be found in the mozilla source tree:.## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt.##.## It contains the certificates in PEM format and therefore.## can be directly used with curl / libcurl / php_curl, or with.## an Apache+mod_ssl webserver for SSL client authentication..## Just configure this file as the SSLCACertificateFile..##.## Conversion done with mk-ca-bundle.pl version 1.27..## SHA256: dffa79e6aa993f558e82884abf7bb54bf440ab66ee91d82a27a627f6f2a4ace4.##...GlobalSign Root CA.==================.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx.GTAXBgNVBAoTEEdsb2Jh

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\ssl\misc\CA.pl Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	Perl script text executable
Category:	dropped
Size (bytes):	5679
Entropy (8bit):	5.315617831218575
Encrypted:	false
SSDEEP:	96:Q4Ssk299ohQ2ljKumEt0PG0XP0XHAs1fCnVnWc1uvC008y0qbVx0xE09dlhqpzEl:g2ToJl9JtBOKT1fYRZua0EFbVxqE6lgm
MD5:	9909F53BAAB25B734795232346823D2F
SHA1:	8DF1FB57B69AD653EAB06442212639298A00A988
SHA-256:	5F6CA05AC40FA2AD32818BE7B073171AFFEE2D4DE870C6D499B4934EA4383A59
SHA-512:	4C5B7A2BE20877AAA72040444FCDDFDEC1086933CE1D6123CF4DFC8A75420061B48E07909F22186437CB47A50291AD4D45A07AFE1455C59CED644C9E39E04B7C
Malicious:	false
Preview:	#!/usr/bin/perl.#.# CA - wrapper around ca to make it easier to use ... basically ca requires.# some setup stuff to be done before you can use it and this makes.# things easier between now and when Eric is convinced to fix it :-).#.# CA -newca ... will setup the right stuff.# CA -newreq[-nodes] ... will generate a certificate request .# CA -sign ... will sign the generated request and output .#.# At the end of that grab newreq.pem and newcert.pem (one has the key .# and the other the certificate) and cat them together and that is what.# you want/need ... I'll make even this a little cleaner later..#.#.# 12-Jan-96 tjh Added more things ... including CA -signcert which.# converts a certificate to a request and then signs it..# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG.#.. environment variable so this can be driven from.#.. a script..# 25-Jul-96 eay Cleaned up filenames some more..# 11-Jun-96 eay Fixed a few filename missmat

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\ssl\misc\CA.sh Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	5175
Entropy (8bit):	5.131915190918098
Encrypted:	false
SSDEEP:	96:N4mTH29bB2aylD2FDO0ge+Rdnzf6UATRXaXa2xzv4UUB8Hl1vspFrR1IdfNpQVH:pH2RQaw2xONe+3ziU04K2Zk8Hl1vsHRP
MD5:	948439FD3F17DC7D9511305AA1F1355A
SHA1:	5549C358473A0ED23A335360BEFC29D1B03492EA
SHA-256:	E3498565C807F32574F11B10A29AFA7462FB556B09DE77D9BD631EC24B6EBBA8
SHA-512:	5027860D83C35DC454034B9B394BA6B72DD5DAFB6B287289AFAF28F3FA2DF07EFED92D009B5D8EED3794A13334897F45596516D3978687331D34A9892D7706F1
Malicious:	false
Preview:	#!/bin/sh.#.# CA - wrapper around ca to make it easier to use ... basically ca requires.# some setup stuff to be done before you can use it and this makes.# things easier between now and when Eric is convinced to fix it :-).#.# CA -newca ... will setup the right stuff.# CA -newreq ... will generate a certificate request.# CA -sign ... will sign the generated request and output.#.# At the end of that grab newreq.pem and newcert.pem (one has the key.# and the other the certificate) and cat them together and that is what.# you want/need ... I'll make even this a little cleaner later..#.#.# 12-Jan-96 tjh Added more things ... including CA -signcert which.# converts a certificate to a request and then signs it..# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG.# environment variable so this can be driven from.# a script..# 25-Jul-96 eay Cleaned up filenames some more..# 11-Jun-96 eay Fixed a few filenam

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\ssl\misc\c_hash Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	119
Entropy (8bit):	4.60920891689247
Encrypted:	false
SSDEEP:	3:TKH4vSVXKFf8bgQACv4vQFEePZV2vnQVxFtlFNIVhrBNL35F:heXefqVACvi7C2vnMlFUP35F
MD5:	11612E0BAC6E19E1BB35D038E691B72C
SHA1:	DEBB1D58B936BE53E4DE00FCCA51453964A2E7CB
SHA-256:	AD7354E44D8B30FBF151691DFF0032D3D4C9AA622B264CCF5760D6495EEEAAA4
SHA-512:	D7A80AD956812B90237B0E0D1BC2D95A7C676AE2C6822FCC45CE7DA90C3C762856EC866860E8422BF0EA88A6CD70E0856A29A61A66F613A91CF36703CB8228F6
Malicious:	false
Preview:	#!/bin/sh.# print out the hash values .#..for i in $*.do..h=`openssl x509 -hash -noout -in $i`..echo "$h.0 => $i".done.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\ssl\misc\c_info Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	152
Entropy (8bit):	4.548403102077728
Encrypted:	false
SSDEEP:	3:TKH4vT6Fn8NFEePZV2nQV97VVjKQRFNIVhrBMPQNK9BLHP9I1ob:hanBC2nC7jlFU64allI1i
MD5:	45BBF2E1F1A5A2FF772AC81ECAB10729
SHA1:	1A667FC7A808530F5C71FB69171EC2443FF29125
SHA-256:	82117236E134A04BF3D1CDAEC8B8E3D2FEF69E1BADB4335E3FC948166AC77A8D
SHA-512:	C3698AA1137E1078D3DC20E1A22C0B08CFBE81ABF38B2243F8F93EDB4C50861352DE429B3B62F01DDE56B3C8FB093D42132AE041D8231D329008C87BFCCE6C8A
Malicious:	false
Preview:	#!/bin/sh.#.# print the subject.#..for i in $*.do..n=`openssl x509 -subject -issuer -enddate -noout -in $i`..echo "$i"..echo "$n"..echo "--------".done.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\ssl\misc\c_issuer Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.469769482094298
Encrypted:	false
SSDEEP:	3:TKH4vT6Ff9WX8iQFEePZV2nQVeVTFNIVhrBMs5v:haf9W37C2nLFU6s5v
MD5:	7A5EC6CC06CA0D45332FEB59A9AAAF1A
SHA1:	0CC791B7DC5957BF43B4CFCB5E689DEA8D83B1AE
SHA-256:	EDF51769D41AD6ACE7E5D885AED7A22C5D5ABAFBE8EE26E94BD2850492C1D727
SHA-512:	1C8C4F45838680515618642A8C811DFA1B3791E2C630E739862878A3320BBA54AB280F63F0A38E7C7D13F4CB9269F3EC4E4F6EEB313ADB790635D847E8CD47B5
Malicious:	false
Preview:	#!/bin/sh.#.# print out the issuer.#..for i in $*.do..n=`openssl x509 -issuer -noout -in $i`..echo "$i.$n".done.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\ssl\misc\c_name Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.587455114929241
Encrypted:	false
SSDEEP:	3:TKH4vT6Fn8NFEePZV2nQV9lKEFNIVhrBMs5v:hanBC2nCQEFU6s5v
MD5:	E6828944A8B442B7A040405FBE3F9A1F
SHA1:	76ADFC186FF506274FA80660079DACA8E52BB0BC
SHA-256:	9F6B9E3FFB35358503BBDB87D11D7F7E051A22A001978B45419C06DF008608DE
SHA-512:	E111BA186512D20C6E3BD5163A7213708E2FDD73D93C4E5529CAFFCE74CF72FD0BAFFF200EF933F1FD4CE92E0F103BEEDB2A7FCBB85614B83CD40BA446CFE259
Malicious:	false
Preview:	#!/bin/sh.#.# print the subject.#..for i in $*.do..n=`openssl x509 -subject -noout -in $i`..echo "$i.$n".done.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\ssl\misc\tsget Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	Perl script text executable
Category:	dropped
Size (bytes):	6419
Entropy (8bit):	5.3228061418295995
Encrypted:	false
SSDEEP:	96:aQCouJPt+2Qtanc/Z3dbpmNajCC23E2iwJSxzoiQLQvN5leXtv4G8bvtLI/x:aQ8Pt+2QAc3b3/22zoiQEXl8v4GCIJ
MD5:	9EBE114DE208F59F38826D70AEAA9122
SHA1:	DB05155818B1827F3E7133AC67326D87CB7DDD2E
SHA-256:	EEB39D9E6C27F76B654D0C8EDA2F534BFB40FF34175CB351A71B2FFE29B66937
SHA-512:	E852388FB5DE7BDA0BFD52DCE13077331D85FD9D8476AD3EFE44FFA7B6BB63D6B6ACEA79EA7D725A6264C2E12663806B87BE0576CB6A9E2949BF374F86CC5555
Malicious:	false
Preview:	#!/usr/bin/perl -w.# Written by Zoltan Glozik <zglozik@stones.com>..# Copyright (c) 2002 The OpenTSA Project. All rights reserved..$::version = '$Id: tsget,v 1.1.2.2 2009/09/07 17:57:02 steve Exp $';..use strict;.use IO::Handle;.use Getopt::Std;.use File::Basename;.use WWW::Curl::Easy;..use vars qw(%options);..# Callback for reading the body..sub read_body {. my ($maxlength, $state) = @_;. my $return_data = "";. my $data_len = length ${$state->{data}};. if ($state->{bytes} < $data_len) {..$data_len = $data_len - $state->{bytes};..$data_len = $maxlength if $data_len > $maxlength;..$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;..$state->{bytes} += $data_len;. }. return $return_data;.}..# Callback for writing the body into a variable..sub write_body {. my ($data, $pointer) = @_;. ${$pointer} .= $data;. return length($data);.}..# Initialise a new Curl object..sub create_curl {. my $url = shift;.. # Create Curl object.. my $curl = W

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\ssl\openssl.cnf Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	10819
Entropy (8bit):	5.005696671009127
Encrypted:	false
SSDEEP:	192:L8b9fYZNtKMpr/kWJGXgvr/YHKLJA+smghNuFo8fA+smgaHMLlEpFGzmB2jl:LChUpr/kCGwvr/YHYg77es/L
MD5:	3F0EE810B7A5E7CC8C862EFEA1DD77EE
SHA1:	C7C90B2A1C247D4531321D06B51FAEFCDEA479C3
SHA-256:	CFE6094182FFEDE14C8A1A64A671511D6F1C88A7AA42881A493CD6A51ECEC8DC
SHA-512:	BF46FC8BC3BC50703D649CBE1B6AE226510266067FA092AE8300C60B53E254B1F9F25D3F633B6A59347AC76E9EAF5D5F6592C66FC5144E69E20B03E295CBD24D
Malicious:	false
Preview:	#.# OpenSSL example configuration file..# This is mostly being used for generation of certificate requests..#..# This definition stops the following lines choking if HOME isn't.# defined..HOME...= ..RANDFILE..= $ENV::HOME/.rnd..# Extra OBJECT IDENTIFIER info:.#oid_file..= $ENV::HOME/.oid.oid_section..= new_oids..# To use this configuration file with the "-extfile" option of the.# "openssl x509" utility, name here the section containing the.# X.509v3 extensions to use:.# extensions..= .# (Alternatively, use a configuration file that has only.# X.509v3 extensions in its main [= default] section.)..[ new_oids ]..# We can add new OIDs in here for use by 'ca', 'req' and 'ts'..# Add a simple OID like this:.# testoid1=1.2.3.4.# Or use config file substitution like this:.# testoid2=${testoid1}.5.6..# Policies used by the TSA examples..tsa_policy1 = 1.2.3.4.1.tsa_policy2 = 1.2.3.4.5.6.tsa_policy3 = 1.2.3.4.5.7..####################################################################.[ ca ].default_

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\etc\support Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	38
Entropy (8bit):	4.839775539645511
Encrypted:	false
SSDEEP:	3:B5V/1Su/YDkn:fV9vQDk
MD5:	9CD25574A08EB18CA71153209973A792
SHA1:	B6CFAA54A3DF30DA24B95A5BFEED0712A71E8829
SHA-256:	F9AC71007071AF30452A2B614BB8E99F3D0155ACAD62A9E1C77111D62C7A1336
SHA-512:	889CFA6FC23D799FE03FAAC09DAB2E2988EFB13AE6F25F051EC8B178037BD2692570BAAF7767D846F5C4B1FAE84876C414CCEA363812D8238892374A2B63EF6F
Malicious:	false
Preview:	root:{SHA}+uCXKwbaKKgn/vae5Yfg33D0j1g=

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\bin\curl Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	119628
Entropy (8bit):	5.640329159260421
Encrypted:	false
SSDEEP:	1536:FY+nbU1U0KejppRbquurQkQsfLqSvNmFsiq9cgNgB4+c:FYWbYlrppXeQkQsrNmFjq9fma
MD5:	4497C019881B525615A344122BA5D401
SHA1:	E7B90AE6B37AC9CE69CBC3446DADF8E30B93FDB8
SHA-256:	FB9CB517B5322194D0AC55602B6D931AFB25CFD7F7D70FEB48793A1156EACF31
SHA-512:	34B8424A3D313C2645A4CA2A2089AED36085DD82E76E2A5895692F174291904EC2DF9358C38025885006C5E6CFA042702C3ACAF160F6358A1C48BCA18F59D7A7
Malicious:	false
Preview:	.ELF.....................#@.4..........p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.......................B..B.\...,...............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0......................8C.....).......g.......................(.......0#@.....@?A.....X.@.......@.......@....................p..B...............B....p.......p.......p..@....pv......p.......p%......py......o.#@....o.......oT!@.........................................................r...-...t...........U..._...#.......D.......C.......\.................../.......c...e...`...........................}...............................H...............<...p...........=...............1...z.......................V...S...[.......n...........................]...Z...........)...g.......j...N...6...........................E...................k...u...........m...Q...................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\bin\openssl Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	543944
Entropy (8bit):	5.654771479745123
Encrypted:	false
SSDEEP:	6144:kgcPWx28anX0eWRkdaXPieDEO4kjGc4nI0T2vAQoAtkMKxWsDNQxDVReSixtEfZ/:r2XIq2OMzwhu
MD5:	8E8E4E7F353EF4F5611BBE6A8C61B357
SHA1:	4B733A223BF6758731DAAFCA01C891AAA8255F2E
SHA-256:	28C0C089661E0A879BC9B9288A37AA6726DE3A991CBFDA6A45172ABC5B38A779
SHA-512:	D1B08C075D376311F428A2902BC300A74D2A2BA36630BB25776CA77761F62CEACAE63CE72DCDBAB112C6CE175567ED6CEB09ACAB9DEB1641AC632A931A014F2E
Malicious:	false
Preview:	.ELF......................@.4...@H.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.4...4.....................H...H.`8...I..............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.I......P......"Q......5Q.......Q.......Q.......Q......\|.@.......F.....`.@......q@......%@......Q.............p0.I.............@.I....p.......p.......p..@....p.......p.......p&......p.......o\.@....o.......o..@.........................................................................R.......<...............Z...............................................$...U...........-...........x...............+...............b...............}...X...........W...........................\|.......o..."..................._...........u...............................b...........................T...........<...........................................f.......q.......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\bin\php-cgi Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, with debug_info, not stripped
Category:	dropped
Size (bytes):	6069202
Entropy (8bit):	5.998134841021303
Encrypted:	false
SSDEEP:	98304:MybZUDFISK+ZW8eXJOM5xOkCJAumkFH8rbNURTp15XemmJFfb78SmVaJjhs8:MydM+AFH8rbNUR35XemmJFfb78SmVaJN
MD5:	3E7B39CF6FFC23D737981EB80DA3FA9A
SHA1:	7245E1371F4908BBF19F4381A0FA656698C240F2
SHA-256:	45F6DF899B807EF70397F7CF61DEAB74D57353422DD1E00801B4BE239F9E1829
SHA-512:	E70D98D2F3A8EAF7532960C168ABF6E9907068AF50001007D9566F61A9012F2FD2D001BE67E8C1456CE49F2616C443998BFB8F4A2081AD0A556E4E2FA2242D3F
Malicious:	false
Preview:	.ELF....................P_B.4...luT....p4. ...(.*.'.....4...4.@.4.@. ... ...............T...T.@.T.@....................ph...h.@.h.@...........................@...@.T%J.T%J.............T%J.T%..T%......'....................@...@.h...h...........P.td.$J..$...$..,...,...........Q.td............................................................/lib/ld-uClibc.so.0.....................................:.......E.......O.......Z.......j.......z...........................................................................<.B.....@.m.......@.......A......R@.....L..............p......................,.B....................p.......p.......p..@....pL......p.......p'......pa......o,.B....o.......o\.A.....................................................................................................5...................".......o.......................................................................................................z...................A...........1...............y.......................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\libcrypto.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	1841080
Entropy (8bit):	5.65569737720376
Encrypted:	false
SSDEEP:	24576:NUsrWolzXuVfCScF87MqNUP4/7bs3bK2CjvCC304Wku6i31BGvotPA:9TNHFss3JbGwtP
MD5:	5E5A7F8664D929F05E32E911ED9D1F94
SHA1:	55E92684438DE63474E389D5FE2C1B4EEA263AC3
SHA-256:	3CB1CB0D4F938E9081AC444E88A4239FE89A24320BE1F1BAE9CEEE42A71F1FA9
SHA-512:	2E5F56E127C1A018CA226436B95D10FBBBE327F6C58660BB9D109C49AEF95B8F816CAD10B9E8E8287037D71D3EBFFF8D92482FE3644D3A7EE1A6F9D6E3550C16
Malicious:	false
Preview:	.ELF........................4...0......p4. ...(........p............................................,{..,{...........................R...y..............,...,...,...................P.td.{...{...{..................Q.td.................................................................................,.......(.......(.......(.......(..............p.......p.......,.......<_.......a.......(.............................h..............p.......p.......p.......p.......p.......p&......pr......o......o.......o&...................................................................................=...G.......-.......................[.......n...A...P...........{.......Y...S.......r...^...........................................................................................d.......................C.......c...G...F...1...................................(...H.......:...y.......B...U...............N.......T...........l...........7...............~...........$...=...4....... ...........O...w...............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\libcrypto.so.1.0.0 Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	1841080
Entropy (8bit):	5.65569737720376
Encrypted:	false
SSDEEP:	24576:NUsrWolzXuVfCScF87MqNUP4/7bs3bK2CjvCC304Wku6i31BGvotPA:9TNHFss3JbGwtP
MD5:	5E5A7F8664D929F05E32E911ED9D1F94
SHA1:	55E92684438DE63474E389D5FE2C1B4EEA263AC3
SHA-256:	3CB1CB0D4F938E9081AC444E88A4239FE89A24320BE1F1BAE9CEEE42A71F1FA9
SHA-512:	2E5F56E127C1A018CA226436B95D10FBBBE327F6C58660BB9D109C49AEF95B8F816CAD10B9E8E8287037D71D3EBFFF8D92482FE3644D3A7EE1A6F9D6E3550C16
Malicious:	false
Preview:	.ELF........................4...0......p4. ...(........p............................................,{..,{...........................R...y..............,...,...,...................P.td.{...{...{..................Q.td.................................................................................,.......(.......(.......(.......(..............p.......p.......,.......<_.......a.......(.............................h..............p.......p.......p.......p.......p.......p&......pr......o......o.......o&...................................................................................=...G.......-.......................[.......n...A...P...........{.......Y...S.......r...^...........................................................................................d.......................C.......c...G...F...1...................................(...H.......:...y.......B...U...............N.......T...........l...........7...............~...........$...=...4....... ...........O...w...............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\libcurl.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	396412
Entropy (8bit):	5.371567018944902
Encrypted:	false
SSDEEP:	6144:1w//vlJl3V1hhrAMaUJd5NoJoT4iZaiFY7+KYNkbeDyg+R:m/vZXr/5T42amYFLbeug
MD5:	DD017592983743BA04B606E1DEBB793F
SHA1:	6F2B73AB6D7A7FF6C74D41B5679A6C35726A8B46
SHA-256:	AD09B89BB9AB0639B10724EFB2D8088C8E391B891E114CE5948BC4209C9C3F96
SHA-512:	7C4D03707E78BE05262415259913DBFED3718E5198B31A8AE91A5761C99E085B5EC1434133AEFB2FCEE6215C47D669FE92E3E8E36061B1FCDC98E3BA7AE2C0FE
Malicious:	false
Preview:	.ELF.....................<..4..........p4. ...(........p..............................................................................@...............,...,...,...................P.td............$...$...........Q.td.................................................................................(......].......m.......................................$<.......9......4...............h...............................<4.....................p.......p.......p.......p.......pD......p%......p0......o.4.....o.......o.1......................................................D.......N...S...J...~...............................[...........R...............t...........L...............g...<...................................7.......................=...........s.......;...x.......-...4...8...o...............................9...................v...B.......H.......K.......................8.......Y.......c.......................*...................d...............T...............:.......................?...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\libcurl.so.4 Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	396412
Entropy (8bit):	5.371567018944902
Encrypted:	false
SSDEEP:	6144:1w//vlJl3V1hhrAMaUJd5NoJoT4iZaiFY7+KYNkbeDyg+R:m/vZXr/5T42amYFLbeug
MD5:	DD017592983743BA04B606E1DEBB793F
SHA1:	6F2B73AB6D7A7FF6C74D41B5679A6C35726A8B46
SHA-256:	AD09B89BB9AB0639B10724EFB2D8088C8E391B891E114CE5948BC4209C9C3F96
SHA-512:	7C4D03707E78BE05262415259913DBFED3718E5198B31A8AE91A5761C99E085B5EC1434133AEFB2FCEE6215C47D669FE92E3E8E36061B1FCDC98E3BA7AE2C0FE
Malicious:	false
Preview:	.ELF.....................<..4..........p4. ...(........p..............................................................................@...............,...,...,...................P.td............$...$...........Q.td.................................................................................(......].......m.......................................$<.......9......4...............h...............................<4.....................p.......p.......p.......p.......pD......p%......p0......o.4.....o.......o.1......................................................D.......N...S...J...~...............................[...........R...............t...........L...............g...<...................................7.......................=...........s.......;...x.......-...4...8...o...............................9...................v...B.......H.......K.......................8.......Y.......c.......................*...................d...............T...............:.......................?...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\libcurl.so.4.3.0 Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	396412
Entropy (8bit):	5.371567018944902
Encrypted:	false
SSDEEP:	6144:1w//vlJl3V1hhrAMaUJd5NoJoT4iZaiFY7+KYNkbeDyg+R:m/vZXr/5T42amYFLbeug
MD5:	DD017592983743BA04B606E1DEBB793F
SHA1:	6F2B73AB6D7A7FF6C74D41B5679A6C35726A8B46
SHA-256:	AD09B89BB9AB0639B10724EFB2D8088C8E391B891E114CE5948BC4209C9C3F96
SHA-512:	7C4D03707E78BE05262415259913DBFED3718E5198B31A8AE91A5761C99E085B5EC1434133AEFB2FCEE6215C47D669FE92E3E8E36061B1FCDC98E3BA7AE2C0FE
Malicious:	false
Preview:	.ELF.....................<..4..........p4. ...(........p..............................................................................@...............,...,...,...................P.td............$...$...........Q.td.................................................................................(......].......m.......................................$<.......9......4...............h...............................<4.....................p.......p.......p.......p.......pD......p%......p0......o.4.....o.......o.1......................................................D.......N...S...J...~...............................[...........R...............t...........L...............g...<...................................7.......................=...........s.......;...x.......-...4...8...o...............................9...................v...B.......H.......K.......................8.......Y.......c.......................*...................d...............T...............:.......................?...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\libmcrypt.so.4.4.8 Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	175296
Entropy (8bit):	6.319245719013245
Encrypted:	false
SSDEEP:	3072:k6chVgwA50fAeePZoGAK/hV24v5717sYPdmZDRtOvDg4Lz4fRYKwPj7P3FmIcdIx:kfhVgwA50fAeeP8khV24v5R7sYPdmZDW
MD5:	0BB76B5CC421FD925BECCD3B09E32D57
SHA1:	6E859C1BE9137BA1A527E069903A770B4CC15B6E
SHA-256:	9CC97D2CA695718620CCBEE02097AA61B496618C4A003CB8B3F6B9C01BDA4188
SHA-512:	2FAC2BB6C69F82A2DB53B1B8317039EDA22D911EFA91E592DDFCFCCD1262A03D14BD01B187D3F57D87D992145C51A921582EFC77B098538BA3E5E16D8A1E71D1
Malicious:	false
Preview:	.ELF....................."..4.........p4. ...(........p............................................$Q..$Q..............$Q..$Q..$Q..\"...\|..........................................Q.td................................................................................0.......................\|!......0...............h...............................@p......T.......(..............p.......p.......p.......p.......pF......p.......p"...................................................C...F.......#.......8.......6...............9...5...........D...*...........'...........................+...................)...,...!... ...........4...=...................................&...............%...........A...........:...?...............(..."...<.......0.......3...................................B...................@.......................>.......7.......C.......-.................../...................$...............................1.......;.......2...........................E...............................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\libpcre.so.1.2.5 Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	98004
Entropy (8bit):	5.9051791918978225
Encrypted:	false
SSDEEP:	1536:6kS5txFEKoYpV5pGrihHQ82y9MYtKZ7Cs9ICt4vm2Xl2BAsWq8uRz/hueB7XpcIA:s5txnoYpV5pGWhw8FHtOmoICt4vvVUAZ
MD5:	09B0EAE38B8D2E761417ABDA0B974CF3
SHA1:	F4075E34DB509453018794E538D52FD27AC4BB53
SHA-256:	41949636BA56B4E5DA307273F39473F492D354AD3025D2FBB340D53EA00FE636
SHA-512:	60742058961DC6588A457A15894E2398484429FF3F61DBBC852385BA687824D37CCD70BA298BEA54132C6624FC955F61943D44F38372C99F29E3C0B2D80CE4CF
Malicious:	false
Preview:	.ELF....................`...4....{.....p4. ...(........p.............................................q...q...............q...q...q......,...........................................Q.td........................................................................................+.......a...............@I..............<.......l.......n................q..............0..............p.......p.......p.......p.......p=......p.......p ...................................................%...=...(...!...........................:.../...........................%.......#...............2.......&.......8...0...........5...<...*.......".......1...............................7.......6...........-...;...................+.......,.......................................$... .......)...'...........................4...................9...........3...............................................................................<....q..........Y...X...l............................6..t...........................D...(...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\libpcrecpp.so.0.0.1 Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	32608
Entropy (8bit):	5.3939401513646565
Encrypted:	false
SSDEEP:	768:FJir9Teon8q9HN2M+oJN31Y9A+VsBj98oJjJ61lXmNjkaKaDvNkXeqzqeqpw9bob:FJeKg8q9HN2M+qN31Y9A+yBj98oFk1to
MD5:	5091B7993A414C3B97E4AFB229593EF6
SHA1:	A8966E2FA40DE2E415A93EDF76F03F1728879CD7
SHA-256:	24EBBF572C0FA843B150B4ECDD35416CF8C5BD9DAEE3C66E345E904E180C28A9
SHA-512:	62760283F13F5FDD805F4CA55C88C7A1A61086B6E885CD3761C42E4190943B80D82206F44D7D34B73BFFE7B84C499666102394D98FCFCE306C1FBFB07E263182
Malicious:	false
Preview:	.ELF.....................(..4....{.....p4. ...(........p.............................................l...l...............l...l...l..4...................,...,...,...................P.td.^...^...^..................Q.td................................................................................`...............................................W.......g........'......P[......D.......................-...............pm......0$......8..............p.......p.......p.......p.......p.......p.......pI......o.#.....o.......o."......................................................................................d.......x...b...(...R...o...:...M...c.......r...........................L...p...V.......I.......k...........".......[...v...................g...}.............../.......O...J...l...S...Q...K...C...W...............@.......j...............`...?...........%...\|...>...........h...........!...F.......;..._.......,...{...1...A.......9...........s.......G...~...).......]...'...P...a.......e...X...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\libpcreposix.so.0.0.3 Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	6280
Entropy (8bit):	4.632861093291947
Encrypted:	false
SSDEEP:	192:emj8chNWA1raSwoAONIA8aGbL7OZI2rUL:bt1rCon18dbL7OZIqa
MD5:	4AF6A0C8C139424224019CA1DE7958D3
SHA1:	4FE831836E688067B91B7E21FBB0F71DFA33A688
SHA-256:	BE036CDC14CE3E44B63C1C91978F6C5A34DC361BDE06D216693F5A094D6AC700
SHA-512:	BE0C73C7BB032A2BC2EB0177B0AAF2EC1AB0584435D8F403934C772811E35D875EF6E0CADB8340169B07837EAE0846C1819D893E411DE47B083C94CA181D263E
Malicious:	false
Preview:	.ELF....................P...4..........p4. ...(........p............................................t...t...............t...t...t...................................................Q.td........................................................................................................O.......a.......................................................................8......................p.......p.......p.......p.......p.......p.......p........................................................................................................................................................................................................................................................................................*...............................................#...P...........................8...8...............x...t...........................P...........1...8...........J...`...............l...........D...8...........................s..........."............................... ...........

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\libssl.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	400176
Entropy (8bit):	5.426004980283883
Encrypted:	false
SSDEEP:	6144:z4x8ruhdh9pFRwvFg3tLp4RfwqeXDdeNEFYrUd:zsDdhfFRGg3tGheXDdei
MD5:	513EE19037FD9850E014881759257FC0
SHA1:	AF75F62279C17CFB35DBDF23B547069E327B79DF
SHA-256:	FD653177F7712428C4E15D6BC5A8FD351ABF774CF485F354A17C081BC721C39E
SHA-512:	B07EAEF19C19F722584AE83FC3B15F70D8F4668E3A45F7524C36C5CCABD61C859683FCDCA5EBCE60ED34E331C720107EF7FCFFF28EE30E2F5E83C932A8CFEF44
Malicious:	false
Preview:	.ELF....................0...4..........p4. ...(........p............................................Lx..Lx..............Lx..Lx..Lx...P...P..........................................Q.td.................................................................................=.......C.......C.......C.......C.......D...................... ...............8S.............. D.............................*.............p.......p.......p.......p9......p.......p.......p;......o.......o.......oX...........................................................X...........j.......I.......q.......L.......v...h...............]...................m.......5...................................r...........;...............w...............R.......0...................(...........................~.......................)...........(...S...........8........... ...\.......'...0...........................\.......................................6...(...............7...........H...........U......._...............3.......{.......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\libssl.so.1.0.0 Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	400176
Entropy (8bit):	5.426004980283883
Encrypted:	false
SSDEEP:	6144:z4x8ruhdh9pFRwvFg3tLp4RfwqeXDdeNEFYrUd:zsDdhfFRGg3tGheXDdei
MD5:	513EE19037FD9850E014881759257FC0
SHA1:	AF75F62279C17CFB35DBDF23B547069E327B79DF
SHA-256:	FD653177F7712428C4E15D6BC5A8FD351ABF774CF485F354A17C081BC721C39E
SHA-512:	B07EAEF19C19F722584AE83FC3B15F70D8F4668E3A45F7524C36C5CCABD61C859683FCDCA5EBCE60ED34E331C720107EF7FCFFF28EE30E2F5E83C932A8CFEF44
Malicious:	false
Preview:	.ELF....................0...4..........p4. ...(........p............................................Lx..Lx..............Lx..Lx..Lx...P...P..........................................Q.td.................................................................................=.......C.......C.......C.......C.......D...................... ...............8S.............. D.............................*.............p.......p.......p.......p9......p.......p.......p;......o.......o.......oX...........................................................X...........j.......I.......q.......L.......v...h...............]...................m.......5...................................r...........;...............w...............R.......0...................(...........................~.......................)...........(...S...........8........... ...\.......'...0...........................\.......................................6...(...............7...........H...........U......._...............3.......{.......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_access.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	5664
Entropy (8bit):	4.52059179835717
Encrypted:	false
SSDEEP:	96:pg4UBWBShNRe9qIqi+rjW4aagGyWLwodx5FTO0xYebCzqzeoyD:pg4U8chNRW+rjW4DgGtModx5FTO0xY1
MD5:	EB9576FB944B3FAEE9A652B06065083A
SHA1:	BCE379FAF6E05C503F40F1ABE83B34C5595CB84B
SHA-256:	E64F9B4FAB65A98088F241B4A7E05B890D3240AC62BC9B8AE30644749530EA43
SHA-512:	BDAD9C5D65EDE60B225B157BF069F6E201019CA8D7993D7FFB3BBBE0A39780AC956EB1ECE4C941A2CABB87A9A6A5E442F77220559688F56D1AAAE801C7F52DBD
Malicious:	false
Preview:	.ELF........................4...`......p4. ...(........p............................................p...p...........................................................................Q.td................................................................................0.......N...............,.......................................................@..............................p.......p.......p.......p.......p.......p.......p............................................................................................................................................................................................................................................................................,..........._... ...............0...........$...............5...,...........X...............m...............................f...............................y...............................m..........."............................... .......p...........;...`...............P....................... .......@...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_accesslog.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	13552
Entropy (8bit):	5.325857449421321
Encrypted:	false
SSDEEP:	384:nXp0FnMUVCmkePyFQigmIZWas9C8zEAW8ciGO2WNIC6O4S8r0k82GBGme3GFR6PI:nZinMUVCmkePyCiYZWas9C8zEAW8ciGh
MD5:	4ACAD95584B1FD60B3DD42039DBC23CF
SHA1:	11AC23BD979C868FE4070AA5435489A12150BF0E
SHA-256:	026A69B811E9A8720368D8B6EF21CD8770CA35493315B1DE7A597D653859DD33
SHA-512:	BFD3AA096E0701B5471845DF235925F6E06F347ECDC5F6DD428A15E6C50F820BFD95A61AAAC1F2D7BE5C8BA3CD7A21A155A8772812E1D2D51299FA22533B355F
Malicious:	false
Preview:	.ELF........................4...01.....p4. ...(........p.............................................-...-...............-...-...-..P...\|...........................................Q.td................................................................................P...............4.......x........(......................`.......E...............`.......H.......0..............p.......p.......p.......p.......p:......p.......p....................................................%...:.......................!.......9...............2...$...................#.......................+...(...........%...........'...........................................................................................................&...,.......6...8.../...........*..."....... ...3...................).......1.......-...5...0.......4...................7...................................................x...............................P...............x...............................D/...............(..............D/..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_alias.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	5996
Entropy (8bit):	4.728724107996996
Encrypted:	false
SSDEEP:	96:ymHraBWBShNZzww0qCqx0xdoOjF4qvoZ7C/W1gVxB2bMNbKPOCWGm5OYuHNqZ:ySra8chNZkwkoOjF47Z7qW1kT2bMNbKm
MD5:	1B7125D472404329FD483A317381539D
SHA1:	331511D75EDE4BD7430D1380208F42E20B40D9B9
SHA-256:	7FBE1559C479597ECB457C57D6170DA62CB48A86BA33E25EF7889FE17DDB329C
SHA-512:	3F93DECCE0B02A4549953D93E5B6FB5C4FE27263CD70C3109790B04D7B252EA249D8656F7BEB181C2932DD5B95E7B4B9BB4BFCD14AD085AA8D5C8CDE10D5C133
Malicious:	false
Preview:	.ELF.................... ...4..........p4. ...(........p............................................D...D...............D...D...D...................................................Q.td................................................................................p..............................................................................................................p.......p.......p.......p.......p!......p.......p........................................................!........................................................................................................................................................... ...................................................................................`...............p...........j................... ...........Z................................................................... ...............................p...........m...........".......`....................... .......P...........p...@...............0.......................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_auth.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	25580
Entropy (8bit):	5.661867846215721
Encrypted:	false
SSDEEP:	768:wypDWOrz+hvdqqnrADvafcYUwMIEg8q27BTYNfxXbTev4Bfqh5Hn2tzqdnulJyWh:1WOrz+hvdqqnrADvafcYUwMIEg8F7BTK
MD5:	71420758CF42925A85700151B18C76F7
SHA1:	4FB8A9F874A172FEF1ADA20E10271A124E877AD0
SHA-256:	3DD0405ECCEB3A9BCDEA378A83AC1546EFE28D351550C808FB9395E547872AF3
SHA-512:	D8A541478E4689115A5ED885C2BCB3AFEAACE9B591D2770EF2491827FC3349EAEC7F183D8A16107857278699123862ACFA25DC174615C0DD3DA58FDBB72ECB6A
Malicious:	false
Preview:	.ELF........................4...,`.....p4. ...(........p.............................................Z...Z...............Z...Z...Z..................................................Q.td................................................................................ ....................... .......3.......i.......T........M......................<.......u...............0\.............................p.......p.......p.......p.......pM......p.......p....................................................C...M...........,...A...-... .......................@.......9...7...........!...................(...4...D...#.......................K...B.......................................0...................6...................E...............8...........J...<.......................................>.......+...?.......2...*.............../...&...$......."...........5...%.......................3.......'...........)...................=...F...G...............1.......C...;...L...............................H...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_cgi.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	5.48086883378061
Encrypted:	false
SSDEEP:	384:ZFx0RrsIdDmjWy0+2ZV1qgghrIbRR260graOg2qicWZkLw8h/Js08UVlD7DnmR/v:F0RYSDmjWy0+2ZV1qgghrIbRR260grat
MD5:	CF5BA91A4EFD4AF51FE5E5E53EFF2C45
SHA1:	657DDF4A12CE52FF6F3410457F2F52D5513C17D3
SHA-256:	DE80FF3D9F4E52FBAC4BE1A8A77ECC26BAEA808A2594F33EAA051C2C93C081C1
SHA-512:	3B22E20FFB1DC952501B542532A2B475D4ECB026DA631CD19CBBC6E1BDC67F89E96757C85FF35D680D1B5745505B903A034C9529BE9C8805B986FFE1EF9B36B9
Malicious:	false
Preview:	.ELF....................p...4...@L.....p4. ...(........p.............................................G...G...............G...G...G..................................................Q.td.................................................................................................................C......................X........................H.............. ..............p.......p.......p.......p.......pZ......p.......p....................................................C...Z...L.......G...?.......9.......@.............../.......".......O...........H...T....... ...#...;...'...........................!...4...A.......,...-.......S.......=...8.......*...............5...........:...M.......D.......2...N.......U...............I...........(...........................F...<.......P...+...V...E.......Q.......................................3...&...%...........$...........0...........Y...........1...........)...........6.......K.......7.......W...........>...........X...................C...B...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_cml.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	7576
Entropy (8bit):	4.969868220080454
Encrypted:	false
SSDEEP:	192:3pAgy8chNPJ5uU4uWwRHORjnXkQ4sTQ1uJy2GioOWiG12BK712BKUA2pEOmWhF:3XsmhfnXkhsTQMJy2GioOWiG1OK71OKc
MD5:	F6F1762D73A1DC3B8B44ACD875F11B80
SHA1:	8B9246EAAC5689A9AC6DC1A1E319891FA084504E
SHA-256:	C1D2113842D726526B53106F64A5832DE7B4DA40E8FF46D15708962CFEF3AB39
SHA-512:	54F4C3BD7AF94B256E561EE49E4B8F64A36C9DA085E88166E484FB8216FA64ED5BD8346F959D1AEFCBC824487004D7E4DB193A6726B673C31311A582D436F8E3
Malicious:	false
Preview:	.ELF........................4..........p4. ...(........p............................................................................................................................Q.td................................................................................................................4....................................................... ...............0..............p.......p.......p.......p.......p$......p.......p........................................................$..................................................................................................."...!... ...........................................................................................#...................................4...............................................d...............4...........................................................................................................I...p...........m..........."...2...`....................... ...B...P...............@...............0...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_compress.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	8532
Entropy (8bit):	5.044590934020755
Encrypted:	false
SSDEEP:	192:/rFcy8chNcleQjSkxCHOjJ40zx/8LTHSB1KAsIgXO4DNiPhOmm2:/rFc3p2kxCHOjJ40zx/8LTHSB1K5TO4k
MD5:	5927FE72A980E2DB066F8909C3CCB8A9
SHA1:	377CE68208ECDA86E7FADA50D9EEF31FCB5AD760
SHA-256:	ED8A72DD4641B2ABEC51B9B426DBF91170E895755C0AE3D7BAF86D4BE5703A97
SHA-512:	ECE24F11109DE6066B689286D37B37DDECF2D7F3B49C9C384AB561F2E867A8CA611A2B87D57000F782A9CC836EE7C0DCBAEE63E3B5AD09CABFA9B8DA0F238C6E
Malicious:	false
Preview:	.ELF........................4..........p4. ...(........p............................................................................(...P...........................................Q.td................................................................................ .......g.......................................$.......4.......................0...............0..............p.......p.......p.......p.......p/......p.......p....................................................%.../...............................................*... .......................................................#...!...........................................................$...........................................................-.......,.......%...".......'...(.......&...............................)...............+...................................................x................... ...........N...............q...............................................;...................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_dirlisting.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	16560
Entropy (8bit):	5.655548451766008
Encrypted:	false
SSDEEP:	384:PjM3a3rTJ4N+CKecKibz0tArMnTe4j2u/fV2EVUMDvn4tkpZEzrzoo+QEfobCCCV:rF3rTJ4N+CKecKibz0tArMS4j2u/d2Ex
MD5:	0BC8BCA28EA5A632A0FEFB8847630816
SHA1:	C4138D1E483F6E88624BA8741AFF62AE555D8DD5
SHA-256:	3DE3E070BB801F274A3BC66D9F9776D11CB6F10B1B4B5086F7FEABBF1BEED7E7
SHA-512:	E61338B65B75217212826851D6BB1D0AF93774312D3684F88D3B1BC6D494B6D330660B50231F4B60D40C5CE12DDCD11C66913C0183FB9EA88D3EDC4AA81B4848
Malicious:	false
Preview:	.ELF....................P...4....<.....p4. ...(........p.............................................9...9...............9...9...9......$...........................................Q.td........................................................................................3.......@.......v.......................................`................................:......P......................p.......p.......p.......p.......p>......p.......p....................................................%...>...............................................9...'...%...............&...........+...........$...........2...)...........6...........".......................................4.......7.......................................!...............,............... .......=...........#...<............../.......3...(.......-...8...........0...1...5.......................................:...;...............................................Q... 9.........................................................J...P...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_evasive.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	5672
Entropy (8bit):	4.547084161712805
Encrypted:	false
SSDEEP:	96:5cdAQT2BWBShNLC3qkq3dvF01CZsgkHlx9IvaCy1z5xaO7lrzqze4KGq:5028chNuWdvFkC6gkHj9IvaCy1z5xaOl
MD5:	0359D7CE7589B67C494BA247AF9D572E
SHA1:	4119274164CE746BC50AFCC5725E6C0CB01372B9
SHA-256:	D177340E4A79B8DB90EDB888EDD5B5D2479C77C3EDD9D04974AA8A9991301A17
SHA-512:	1C05755CC6F6EC7F407F5FBC57DB749D4C62DB615A747BD26CFAFFB298FFD317D4F1582B7FBF2C284025147EA2364FB0E76A87B6FB574EA606D63725A784BBD9
Malicious:	false
Preview:	.ELF........................4...h......p4. ...(........p............................................p...p...........................................................................Q.td................................................................................@.......H.......~...............................X...............................P............... ..............p.......p.......p.......p.......p.......p.......p................................................................................................................................................................................................................................................................................Y... ...............@.........................../...............R...............g...............................`...............y...............s...............................m..........."............................... .......p...........5...`...............P....................... .......@...........

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_evhost.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	7784
Entropy (8bit):	4.9172993537118765
Encrypted:	false
SSDEEP:	192:ahUW0Q8chN+hhT53KhcGNmCRq7+Tv5tEd9sAVnlH593NHu0hjV1lpY4A5xcv4Omj:3HLrl3KhcGNmCg7sv389sElH5VNHu05U
MD5:	A16FE5051DA7A58116224A86EEEB28CB
SHA1:	17CAC5CC962B82A8BDBD0D0655DEBF26684C0484
SHA-256:	9BA1617612564D1BA3B1967FEE6D6B89CCAAAC0D1A70895679840883BBB10EE0
SHA-512:	9E2D4212CEBA7215B7C33E43CBEC6A41EA240931A66491D9C475B64D9EF7BB647F564DB65F9079E68CAF03342F60F7833F5E1E9C6197D30C4246AB97271C666F
Malicious:	false
Preview:	.ELF........................4..........p4. ...(........p............................................................................................................................Q.td................................................................................@.......M.......................p.......................(.......................P.......\|......................p.......p.......p.......p.......p,......p.......p....................................................%...,.......................).......&...............*...............................................#...........$...............'......................."...........................%...............................................................+.......(........... ...!...............................................................................................^...0...............@...........#...............7...............W...............l...................p...........e...............~... ...........x...............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_expire.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	8256
Entropy (8bit):	5.058317507147846
Encrypted:	false
SSDEEP:	192:phC/z8chNgDnI1OjF44scHDljngDqY4VMnbqKOmvilDs:puIDI1OjF44scRjngDqX6nmKzalD
MD5:	A2F400773EB24CD0E4A56A61937648D5
SHA1:	23D84D6016C5F2E00E230E5FF626A922BD8929EA
SHA-256:	02EB9A98408D03146A63496BA18B8882D21B59C24FC97D6314126A5443500C15
SHA-512:	43122305DEF7B05B3AD7B03CC85D5DC0E042F97BA2EC94561E73C66BE689ECD485DCC03959C3259D72D8BE4FC7D0721E83ACC7CDFBC4DA7C783844B5605146DC
Malicious:	false
Preview:	.ELF........................4..........p4. ...(........p............................................................................................................................Q.td................................................................................................9....... .......@....................... .......G..............................................p.......p.......p.......p.......p......p.......p....................................................%.................................................................."...........................................!...............$....................... .......................%...#...................................................................'...)...&...........................(........................................................... ............................................... ..........................................."...................@...........................4................................... ...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_extforward.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	9200
Entropy (8bit):	5.193150112642324
Encrypted:	false
SSDEEP:	192:dowH8chNjFAI8OnCjJ411wcUePbg8R2UPwQ9aZKkZ3wfT3d4n1X7rMubr5z9SOm1:dTvWI8OnCjJ41CcUePbg8kUN9aZKNbdZ
MD5:	FA4C9B81D11F5BD19F5001F53561F55E
SHA1:	FA5CB42F8EE6A0A747BD05975819D387A8A63080
SHA-256:	36D227FA8C786CCD7083CFCF4CCE290EF0BD69E230A11FAB97B0629F1DC497C6
SHA-512:	CFA7ECA51F0EDD43CBE25A4BD406A3F40E989383930B6BC7CD4F133ADD8671625DB39D7AA628C1EC77232CEBA609B194CF70FDE503A07859C379B2B396FD6C97
Malicious:	false
Preview:	.ELF....................P...4...0 .....p4. ...(........p............................................D...D...............D...D...D.......,...........................................Q.td........................................................................................Y.......................`.......................0....................................... ..............p.......p.......p.......p.......p.......p.......p....................................................%...................................................,...!.......................................'...............%..."...........).......................#...........................$........................... ...................................-...............&...+...........(...............................*...............................................................+...............j...`...........................................c...P...........x...D...............`...........q...D...............p...............D...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_fastcgi.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	48052
Entropy (8bit):	5.748702036620471
Encrypted:	false
SSDEEP:	768:yXU8AtFfCEs+/AyaKGD6mmEIE8aiUtCUz8UpLDXh/2rQN0gbqKf5BZCiU5Agpf6u:56h+/AyaKGD6mmEIE8aiUtCUz8UpnR+5
MD5:	9664A0BB8A13F0E628616B3F85E85104
SHA1:	74E2A43D3948BFB355362285612134C5FEF3DF4F
SHA-256:	0C20C9EDA4BBD653BEBE9D9564B772E5580562A02B0F9C5E82D961B1EA3A153D
SHA-512:	BBB2C3BF1D24CE6D04493012D1D4EC8CF6D17310BC41C2415513705CC292C373DF52F2AF760D0EBBAFD5E087F1E637970743AE5BB4672CD062311BF6DE7A2452
Malicious:	false
Preview:	.ELF........................4..........p4. ...(........p..........................................................................H...p...........................................Q.td................................................................................`1......................L..............................H.......................p..............................p.......p.......p.......p.......px......p.......p....................................................a...x...................e...k.......*.......F.......p...........S...$...f.......................%...Y.......<...8...............#.......&...........W...@...".......................=...c...!.......U...d.......N...........t... ...........0...D...,...]...........Z...)...........+...............3.......E...G.......V.../.......1...B...H.......C...........I...............5.......L...m.......R...................................X...........\...................q...w.......[.......................................4.......2.......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_flv_streaming.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	7080
Entropy (8bit):	4.805044383743014
Encrypted:	false
SSDEEP:	192:ShURr9CU8chNvRVo4OjFguiiJdhBHhEyX/3Le7XYZvNKOmuQfmp:/RMCRG4OjFguiiz3HhEyX/3LeLYZ1Kz
MD5:	D0F0CDD304565B0B57671C528F3F16AB
SHA1:	50F33500E6F82813B0C835066C1133F07E3514C1
SHA-256:	31A084E83589D3A855CFD19FECA02A5A0F27F0DC8948D920A6F3B59F8B607B92
SHA-512:	D20BCB93F23DA24DF993D3E244D4D90AA3C8E0254394AE9ECF9D4817E5D41EA7E5EF7064D2E52CBDE40AC9A049B17B8DC62C899354CA97FD4FBF7D4A0CDAD88E
Malicious:	false
Preview:	.ELF....................0...4..........p4. ...(........p............................................T...T...............T...T...T...................................................Q.td........................................................................................_...............................................(......................................................p.......p.......p.......p.......p,......p.......p....................................................%...,...............................%...............................#..........................................."... ...........'...........................................&...$.......(...................................+...........................!...*...)...........................................................................................................p...p...........................z...............i...0...........~...<...........................w...<...............`...............................<...........

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_indexfile.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	6344
Entropy (8bit):	4.801814172177169
Encrypted:	false
SSDEEP:	192:9nf8chNLqiYd+OjFomFtV0WQj2n8D9GOUP3mMyOm:9nQd+OjFomFti7j2n8D9vUP3Jyz
MD5:	83057AA3DF162A94DFEA7EBA06628853
SHA1:	288105F711F3DE2000FDA698F8279D94C7532AB9
SHA-256:	DF2AE35ABEF6E51CF3675442A3C51F1136B7394F93244D5F120557C84EDC6339
SHA-512:	B2B42CDF3297225524308314722416A7EB42D43E110BF25DEE5C4648BD9254215FE695FD34430D1F3207BB43E414D0242B5E9120CCB276B9FF6490570EC9B888
Malicious:	false
Preview:	.ELF........................4..........p4. ...(........p............................................................................................................................Q.td........................................................................................................(....................................................................... ..............p.......p.......p.......p.......p$......p.......p........................................................$....................................................................................................... .......................................................".......................!...........#.......................................(...............................................(...............l...............................\...............................\...............................\...............p...........m...........".......`....................... .......P...............@...............0...........

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_magnet.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	3180
Entropy (8bit):	3.9657340312097276
Encrypted:	false
SSDEEP:	48:VyYLbIwgd6UDBWBSouoW+PPoXei6qyvqo4b18ZjPBJVhu3ir8uS0uP4vU:VxXIRDBWBShNdx6qcqo+KZTeoS0uP4v
MD5:	DD75336F2A13B568CCA55735197B1B15
SHA1:	1511D0A7E064E684EB12C03CC89C3A4F806A5A4F
SHA-256:	3D32000CB5BB6A88DB62C3BDACB273004DF7B4791ADFDA5CC82D848776EF7FA4
SHA-512:	466469DBC7DD4A735CD6BB52B9E4AFF16170B753DAB3A701C1D5CBA1FCAF34DA0D36F7B38DCB614EE08315C38D1A3B2EC8FB9455AE03113BB55F06467D32A188
Malicious:	false
Preview:	.ELF........................4...$......p4. ...(........p............................................................................`...............................................Q.td................................................................................................................l.......`...............`.......@...............................\......................p.......p.......p.......p.......p.......p.......p....................................................................................................................................................................l...............................................................l...............................................`...............................@...........................m..........."............... ............... ...,........... ...U..........."...F..........."...._gp_disp._fini._ITM_deregisterTMCloneTable._ITM_registerTMCloneTable.__cxa_finalize.__deregister_frame_info.__register_frame_info._Jv_R

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_mysql_vhost.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	3492
Entropy (8bit):	3.997084802020289
Encrypted:	false
SSDEEP:	48:azfunACSDBWBSouoWzVHdI1qqKqQHjvYWKmPbIj9B9II33tfsD6D47:aCSDBWBShNMAqKqQHjvi0EJoI2D6D47
MD5:	F926D8A1750E989317937A045D0A5EC2
SHA1:	1346E18AFCDB9A99E8468ABB69A5993722A597D7
SHA-256:	7C0D5F9F732DDE63B1556807A96130C1778986599E24E40F05D6CACE7C1B8A31
SHA-512:	7FE49EF61053722DDB2219A95BFC547334E44B3F295AD195D02E97080F418C1A4A99C78C46AD4EDACE8DC2A6F27160CBC1F45E1E52897ED15168638042E6ED51
Malicious:	false
Preview:	.ELF....................@...4..........p4. ...(........p............................................................................h...............................................Q.td................................................................................................................ .......................t......................................................p.......p.......p.......p.......p.......p.......p................................................................................................................................................................................................................................................................................@...T...........................@............................... ...........................................................m..........."............... ............................... ...,........... ...U..........."...F..........."...._gp_disp._fini._ITM_deregisterTMCloneTable._ITM_registerTMCloneTabl

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_proxy.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	19668
Entropy (8bit):	5.500084705082006
Encrypted:	false
SSDEEP:	384:D1ek/I9Qq2idue31b8ju2+3xjF4rfI/VC/2IVzRGDcWfzsUdVOcjUZaea6w9dtuy:Zek/I9Qq20uel8ju2+3xjF4rfI/VWDVI
MD5:	7945B3C1F532633E1A49704737725CAA
SHA1:	6BA465F9E71B7EECFEB6AC98E22586689087D898
SHA-256:	A741082BAC9DD722FDC0D3AEC46D5900E0B6BA73F7CA6455C06506B66E2605E6
SHA-512:	978C8E2A4662C1FAE0EC6AE80B2926438AB9A6FBAC5A5DA10C1EEAD30FB3D243C17203840C3970DE0264D570E4C92A71E5D500C82046623657BDF0B3E5A40B31
Malicious:	false
Preview:	.ELF....................0...4....I.....p4. ...(........p.............................................D...D...............D...D...D..................................................Q.td................................................................................0...............................0?..............l.......<.......................@E......\|.......8..............p.......p.......p.......p.......pS......p.......p....................................................C...S...E.......A...9.......3.......................(...@...........I...........B...G...........&...5...#........................... ...-...............D...............7...................,...................4...F.......=.......+...H.......'...............C.......6...$...............................<.......J.../...N...;...........L...8...................%.......?...".......!.......P.......).......0...........2...........*...........1.......O...........................R.......................:.......Q.......>...........

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_redirect.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	7696
Entropy (8bit):	5.022673349516503
Encrypted:	false
SSDEEP:	192:duknsY8chN5iCMAkjWESiq0AJgcb2UvL887J+fvSsnOmuhm:dukseiCDkjWESiqlgG26PJ+fv9nzD
MD5:	99B52408DDAB969E64CE7EDB11D647F4
SHA1:	8D0BC11B66907F64A151241ECF4F4165E319515B
SHA-256:	3B1B3E632C4087F21D55B9C7FF5B41BC868CC8FF5F852766593EE0311A118FC4
SHA-512:	A510BDB07ED9CFC2B3AC8A0F276E7C5F72031196B41CA37BA05D29DBBE587CC766F7B786D7F30AA74555A9F7D67AA4F36211D9674F24E3D81E7DEA6D17056921
Malicious:	false
Preview:	.ELF....................`...4...P......p4. ...(........p............................................................................................................................Q.td.......................................................................................>.......K...............................P.......................0....................................... ..............p.......p.......p.......p.......p......p.......p....................................................%..............................................................................................................#... ...........&.......................!...........................................................................................%.......)...$..........................."...............'...(...................................................\..............................%...............U...`...........j...................P...........................c...............\|...............v.......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_rewrite.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	10080
Entropy (8bit):	5.153402824585753
Encrypted:	false
SSDEEP:	192:ZkZ8chNrnn59pJjIlzNRP/jq4UM9teeGFYz3qLx7VQy/gImOPp:Zk1nn5ZcRP/jq4UM9t1G6GLx7yUgIm
MD5:	65EE99E81FCA8244B8204A8C6436C284
SHA1:	55AFFB36A1EF4D753691A8C7296B75F3AE44B041
SHA-256:	2AD872BA5031CDC615791952EBC3FF812E33933B2B9170081073ACFC63F4B50D
SHA-512:	3B63226A15DD2A99AC4E49B79A35856378A7DC457A467312DC0B800438FC8A7430E37C8F8874B4812C72FAF442BF62E2D19C9020E224CC0048362102E90F6E0D
Malicious:	false
Preview:	.ELF....................p...4....#.....p4. ...(........p................................................................. ... ... ..4...`...........................................Q.td......................................................................................../.......<.......r...............................................0........................ ..............@..............p.......p.......p.......p.......p......p.......p....................................................%..............................................................................................................#...............'.......................!.......................%...........................................)...............................$...&............... ..........."...............(.......................................................M... ..........................................F...p...........[...4!..........................................T...4!..........m...`!..........g...4!..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_rrdtool.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	15832
Entropy (8bit):	5.371763245447981
Encrypted:	false
SSDEEP:	384:sVmrc6FT0CP4ThvqNC10v7X4Hv7fneMGapCeDC7S62fd8hwEBp5BpARW6mCV7UU+:UKfFTf4ThvqNC10v7X4Hv7fneMGapCee
MD5:	4BBC2FBBEC97380846E446747E69D1D9
SHA1:	14DE89102DCC49442D38D250438B42C3C0416CCC
SHA-256:	3ABA0EBAFFA519A34DED60F2F755EF5D585FBEC9F132257EF804E8EFE3BBC3AE
SHA-512:	C4CEFA3057BD64F3CFFEDCD86BE6463268834DA4E6CD70FD931991C84C7857FDA00F7D768EE729A7426B01AC091C7AD88078ADA42A13BEAAE6DE128778BFFDF9
Malicious:	false
Preview:	.ELF........................4....:.....p4. ...(........p............................................\|4..\|4..............\|4..\|4..\|4..P...t...........................................Q.td........................................................................................N........................1..............`.......@........................4.............. ..............p.......p.......p.......p.......p2......p ......p....................................................%...2...............................1...............*.......&.......................................#... ...........!...................................................................................................................$...,.../..."...+.......0...%...............(...)...............'...........................-..............................................................._....4..........................5...............X...............m....5...............1..........#...$...........f....5...............5..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_scgi.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	35712
Entropy (8bit):	5.656668523979725
Encrypted:	false
SSDEEP:	768:XuIInHLVkAkm2zGekpkMGiUlXUKSd6DOZ0sDtyJRh0JJjwkbTKf1+uX2Y3ms3rQQ:iHLrkm2zGekpkMGiUlXUKSd6DOZ0sDto
MD5:	8928441ABC55667E55109FB902639F2F
SHA1:	38317DB8338C11C6E5431D7F5A3FB3FC9EB0E77E
SHA-256:	2B86E03E4C7DBFD4003FCB273127A99465CD80C66FC6C684107C260C0A1D1FFA
SHA-512:	EEECFBCF3E76B5404492C27653EC08C36BD65A96D41C162639C4517A8F7AB3688091E3860087134EEC1510660FE5A4F570BE50F706217B09B15962267A820981
Malicious:	false
Preview:	.ELF........................4..........p4. ...(........p............................................................................................................................Q.td........................................................................................................P........s.............................................................................p.......p.......p.......p.......pk......p.......p....................................................a...k...............+...[..._.......(.......B.......e...............$...\.......................%...R.......9...6...............#.......5...........P...h...".......................:...Y...!......./...Z.......I............... ...........-...@...)...T...............F...........H...............1.......A...C.......O...,...........>...D.......?...........E...............3.......G...a.......M.......................................Q.......S...................f...j.......................................c.......2.......0.......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_secdownload.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	7536
Entropy (8bit):	4.931163567488561
Encrypted:	false
SSDEEP:	192:Iff+h38chNDc/e/NaCuom4i9JfcsMUSTkeSdtGs2emT/naBBOmO4Y/:Iff+c/e/NaCuom4iLfcsMUSQeSdtGFeI
MD5:	27BB47C646AF28BD9B7660E20AEB133F
SHA1:	A4A8F42C736BBF2E8C9BADB2AAC1C91DD997BB52
SHA-256:	5C8D1AC8EF9446CFC988E9CCCAB3B0A70F3E236A0CCA7B956BF5C2728A7D3C32
SHA-512:	22B4070F7033801583622153AC4B7EC6DDAF87F8277680B668AD83065211201FE3A6F800175169BE4F9553499F5B6AF4EE29B622EB86C736C7512C2DA7A9A663
Malicious:	false
Preview:	.ELF........................4..........p4. ...(........p................................................................................4...........................................Q.td................................................................................0.......4.......j.......p............................... .......}...............@.......@.......0..............p.......p.......p.......p.......p......p.......p....................................................%..............................................................................................%...............!.......(..."...&...............................................#.......................................).......................'.......$....................... .......................................................................p...........E...................0...............p...........>...............S...............................................L...............e..............._...................`...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_setenv.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	6232
Entropy (8bit):	4.746836689613937
Encrypted:	false
SSDEEP:	192:7NY8chNDsWU4aiO4zodBLU7pQ5qTk5iCzMoOjdO:7NWsWU4aiO4M7LU+5qY5iCwo
MD5:	D4566B9B66AE5312725B9B5E617A1C7F
SHA1:	1D711736F0036CB525D32A899420C35B04118267
SHA-256:	B0F75CB80DBBD858478EE856CE898205910D8ECC5A5CD58BA3765AA26A82EE55
SHA-512:	60EDD81A900B369DA820F36373AB565D7776CD18EE371BA3953373AE3BD043F2F11BE6FADA86CE9FC5081566C8F7B47B28090E027EE433741FC93E1B0D09F84E
Malicious:	false
Preview:	.ELF....................0...4..........p4. ...(........p............................................................................................................................Q.td................................................................................@...............................P...............................................P...............(..............p.......p.......p.......p.......p ......p.......p........................................................ ...........................................................................................................................................................................................................................................................@...........$...................0...............................P...........o...`...............................................................0............... ...........m..........."............... ............................................................... ...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_simple_vhost.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	7408
Entropy (8bit):	4.944748260111816
Encrypted:	false
SSDEEP:	192:rY5XqM8chNViuFs2S+Ku2aEG217KMcrlOb01Hnd7PYbmiRBTsQkobCHHOmU:rQXq4Fs2S+Ku2aEGoJs0b01Hnd7PYbmB
MD5:	E037B6441C0AD3274DDBE48A67C3388D
SHA1:	A062D49F3CFE634B135444E879F6AA9E7769597A
SHA-256:	4A87C7633A535967F346274905F6B31530F95B9B1B3FA35EFB7408C7D3D3691F
SHA-512:	8F5742008207E7E8C3E4D4DB7D5D33197E8232300E8782855AC44515D2D8030F715A09CB36B419FB41909135E79FB4800E1C79762CB4A595BD28D15D0B23A13F
Malicious:	false
Preview:	.ELF........................4...0......p4. ...(........p............................................h...h...............h...h...h.......(...........................................Q.td................................................................................................3...............P............... ...............G.......................h.......0..............p.......p.......p.......p.......p&......p.......p........................................................&...................................................................!.......................%..........."... .......................................................#...................................$...........................................................................................................................................d...............P...............d...........................(...d...............0...........m..........."...N... ....................... ...................................p.......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_ssi.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	24696
Entropy (8bit):	5.613882226900409
Encrypted:	false
SSDEEP:	768:NjAPlLE8A9o7D5ZjqxWmrzCfu7yex7Gbana1Dp3jNILbRtr0JNbNtxTUJU/yOLyM:+lLE8A9o7tZjqxWmrzCfu7yeBGbanMDc
MD5:	66F65C83933A69938A7B75D439D1F2C8
SHA1:	37EF88AE6C3C2AC6E85ED74AE916E96903A34A11
SHA-256:	EB347C5C2513076DC8EEEF4A36C142396DF913E27112C2CF2E57AA055874B09D
SHA-512:	7117312C93DA5785278DA3F296153EB1E478D49E03A461DAFC0F8DF511C7A05EDFB7EBECCE7D5D1FC2E2A8FA775E7B29129D949046A24CCA9DF739C7D7A4094E
Malicious:	false
Preview:	.ELF........................4....\.....p4. ...(........p.............................................V...V...............V...V...V..................................................Q.td........................................................................................r...............................H........N..............H...............%................W......p......................p.......p.......p.......p.......pd......p.......p....................................................a...d...............4.......X.......0...............%...........G.......S...........]...........-...K.......N...b.......................,....................... .................../...Q.......2.......R...........P...#.......(...........1...O...3...............L...<.......'...C...............U.......$.......E.......5.......+...>.......&...?...)......."...........................Z.......F...!...........................T.......................................D..........._...................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_staticfile.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	10664
Entropy (8bit):	5.2605414762375
Encrypted:	false
SSDEEP:	192:1aDGZ8chNJqlreNjWgm4WxxQgHGPk/0uW2o6ROK0CacEQYkHoqelJ9B9uhxOetuL:1aGHqlreNjWgm42WgHGPM0uW2o6RO/CR
MD5:	FE5445B59A855651AD5A3DD6A9222FFF
SHA1:	CFB5BBBDBFD38586DF5A5B93B059CC913EF4C10A
SHA-256:	4682EFAD10C9D5C84C3A19B34BD48F59A9024E2982E86125A86C5B3F70CF3296
SHA-512:	A2BCF8D554AE6632670E94B58D563675BEDB277ED86D71BC3FC3C94E0C17607C7CD0865AF7C43F7A0085060E035531B293954160C521CD1D64A81F1E43853A4A
Malicious:	false
Preview:	.ELF........................4....%.....p4. ...(........p.............................................#...#...............#...#...#..,...P...........................................Q.td................................................................................`...............I...............P ......................H.......[...............p#..............(..............p.......p.......p.......p.......p4......p.......p....................................................%...4...............................................................................................$...........&...!...........+...............................................'.......,...............................1...............)...*.......(...#.......-......."....... ...............%...3...........................2.../...0...................................................................$...0#..............`...........................................2...<$..............P ..........+...<$..........D...`$..........

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_status.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	24288
Entropy (8bit):	5.750791239309846
Encrypted:	false
SSDEEP:	384:dL7FRjmzike0SGAguknA5ZzFK6imAakqQ+GqoE1eqZJXZc/SqG7y19smphULCqYy:d7Pjmzike0SGAguknAzFK6imAakqQ+GC
MD5:	BAD7C6A170DE4354FD6517728F2F3B63
SHA1:	0DB69494C59E9D3D279A870729C574AEEC128520
SHA-256:	704252B870DE953D49E65C4FB17E0B91E2045CB1CF4F1623C26B97C936069A9B
SHA-512:	879F331790AF7EE8EBC2BB3046058257B20F2A9B750FF4C01C38B3E1F66342A1C4551E0FA4B51021B4D5303D69AF9D175704A0D89B0444D8BCD830FA5DCF8808
Malicious:	false
Preview:	.ELF........................4... [.....p4. ...(........p............................................TU..TU..............TU..TU..TU..................................................Q.td.................................................................................................................C..............8.......8........................U......P.......H..............p.......p.......p.......p.......p0......p ......p....................................................%...0...............................................................................................#... .......%...!...........&...........................................................'.................................../..............."...........(...*...................,...........$.......+...)...-...............................................................................................pU...............................................................V...............C...............V...............W..........

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_trigger_b4_dl.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	7228
Entropy (8bit):	4.9882439411344945
Encrypted:	false
SSDEEP:	192:pj8chNJjr5F6t6SWOKfnoG7yTsksoBk5eljkBP/lOmJ:pVFot6SWOKfnoG7yTsksoBmcjwnlz
MD5:	82857666ADACBBDE496A2DD88EE1E379
SHA1:	D4A752E07F676EF139963835E675CD3AF99BD3F4
SHA-256:	E36F0E2BDC6AE6DF39FB16BCA753C7A4977C7827595658CA0134E21C1B6D1EFF
SHA-512:	DA93D126DBC3FE4B77CF9E7572A1385E41AD218730D8C793D7B44703F837A0792DE440577AB152A123556767A1110AC562B1337059CA8ED5F2351602C38988B6
Malicious:	false
Preview:	.ELF........................4...\|......p4. ...(........p............................................................................,...L...........................................Q.td................................................................................@.......................................\.......................................=...............P...............P..............p.......p.......p.......p.......p!......p.......p........................................................!........................................................................................................................................................................................... ...................................\...............................@...........g...\...........................................................................................................O...............................m..........."............................... ...................8...........................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_userdir.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	7764
Entropy (8bit):	4.884674189844932
Encrypted:	false
SSDEEP:	192:taHtp8chNbgUSwe2eiESi+jK9Vz8gF9Rv2X6teTaKddAZmiOmmJ5K:taHQjwe2eiESi+jKfz8gFbv2X6temKTE
MD5:	AB286A548E3FA1B69386EA152C0699BC
SHA1:	63C424FB0693709D325BA44121301A0A90CBDC17
SHA-256:	F6F373D9327AC5128F1D032E4D1F1A0A8DA665628424C834BA84238448546E91
SHA-512:	D172F9E8E3BCCC7E7C064715CADCBCBA3D164F71AC0B7B78B3018D467C4C390FD1382139A89FDE564A544DD454251475FFD315941250EE7E6E27F3691C4D29DF
Malicious:	false
Preview:	.ELF.................... ...4..........p4. ...(........p............................................................................0...X...........................................Q.td................................................................................0.......I...............................................$.......................@.......d.......@..............p.......p.......p.......p.......p+......p.......p....................................................%...+.......................&.......................'..........................................."...............!.......).......$...................................................................................(...............*...............%........................... ...........#...........................................................................Z...................0...........0...............S... ...........h...............................a...............z...................H...........t...................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_usertrack.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	7724
Entropy (8bit):	4.930697088066384
Encrypted:	false
SSDEEP:	192:xoorGRh8chNTMywSAPCjq4nMr7KYdhtDKHAN8J1QLBL3kRCBLIReSEYbVJWyOmYh:xd6lMywSAPCjq4Mr7KYdhtD2AN8J1QLx
MD5:	BA158483C7EE7407F6F645464CCC7C51
SHA1:	7EDC69FE58CDF59DE96E9695B22B0A564DCB5DAB
SHA-256:	5544A0E8FCB22C9E9494FDF65A8662EC2444D42D569A775BDF5C86272D9EBD64
SHA-512:	9C7385D5F08AC0F7CBED4B633106D0A43E691B5C8E2CBD916BC46519FABBE7CFC503842C5177B00BB093142A0CCA963CC14D5B71C46CE095C7A5BD7C4F4959E8
Malicious:	false
Preview:	.ELF....................P...4...l......p4. ...(........p................................................................................4...........................................Q.td........................................................................................_.......................0.......................,.......................................0..............p.......p.......p.......p.......p-......p.......p....................................................%...-........................... ...'...................................................!...............".......%...#...+.......................................................(...............................................................,...........$...............*...&.......).......................................................................................p...............................2...x...........................i...P...........~...................0...........w...........................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\lib\lighttpd\mod_webdav.so Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB shared object, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, stripped
Category:	dropped
Size (bytes):	20668
Entropy (8bit):	5.518758199269084
Encrypted:	false
SSDEEP:	384:dglSTH0srIC6TTLWWjF0GS+aqmiOm3mKkFv1aTd/atq4SSQxl0sdiXyCfz9vz7cU:aSD0srIC6TTLWWjF0GS+aqmiOm3jkFve
MD5:	81C6BED5B87995F788CEC95121701CE4
SHA1:	55A0016F2CC272B45BB47B514305C720A5F19849
SHA-256:	8D05E419A999E0960ECBD54076E864A98C84B232D4ADD7F307D0C7C6A6B6DD38
SHA-512:	5DD1D915569C6E97425A956C3F53C95F539D71C55A7B00B07C1A7373A860D77D8119AD7765F66D4F08A37C2FE6B88E55E30222CA5B1569FD22A808509F0379D2
Malicious:	false
Preview:	.ELF........................4....L.....p4. ...(........p............................................4H..4H..............4H..4H..4H......,...........................................Q.td........................................................................................'.......].......\|........@..............0.......0.......k................I.............................p.......p.......p.......p.......pP......p.......p....................................................C...P...............;......./.......<.......................'.......$...............F...........(...6...*.......-...................%...8...........A...E...........................&... ...2...................B...................1..............."...............................................@...............4...K...7...?.......9...................J...!...0...#...:.......N...)...=...G...,...................I...........................+...H.......................5...L...3.......................>...C...................D...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_r_read_all Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19376
Entropy (8bit):	5.095463790600376
Encrypted:	false
SSDEEP:	192:GZMl8yphNY2NVtczAxTjCHUY4ZxM21hd52w50JYb288XrvqN7A2sJwxylfpftX5/:CMl8ecGEXiTQOVQlfpftX5XV/dfQ3NC
MD5:	06A2FBE1D3A7AF270386470A2BFFBC2D
SHA1:	0EC8C2EF23FB67875FA2D636A7F971F0670275ED
SHA-256:	9EB1277FACB0FD5A0596D9C767C15B72A2366319406AC5EB3A094004D9919F2A
SHA-512:	995DBC1A222062E08960A43A1522B92E189A670AB0E52B0EF48AAD46D14FE7D9ABCCDFD36DFF1D4D8C8D06D4605F89397FF6124F5C01DC9C3FFE4025CBB924A4
Malicious:	false
Preview:	.ELF......................@.4...(G.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..=...=...............@...@A..@A.....P. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.....\..............8.......\|.@.....P6@.....H.@.....l.@.......@.....\|..............p0@A.............@@A....p.......p.......p..@....p'......p:......p%......p+......o\.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,..........+...................'.......6...3.......#...2..."... ...!...............................................7...........9...........................4...............................................1.............../...................5...$.......&.......................................................................g....AA.....

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_r_read_float Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19696
Entropy (8bit):	5.078831129121223
Encrypted:	false
SSDEEP:	384:wy9etCJRIqJ2wSiOVclfpftX5XV/dfQ3NCT:wo2Cgdnc5dFJZxSNM
MD5:	709F4B7CAE829562A8500110A1E5FA76
SHA1:	BD036254AAB257041AA9FB741DD44F4AAE0F9063
SHA-256:	F7692C5153C71E6471E80E93AB5DF91C747385A1AB706A927BC0CE53C2045B5C
SHA-512:	0F7F0AA9358FA8DC8892739ABE7D8F3D44E4F521014DB7B9C080C1EDAD1BE2EB3C7BD4317C816778AD09BA202C07E7F2886ADE463A534EC6A0D9901D6885402E
Malicious:	false
Preview:	.ELF......................@.4...hH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..<...<...............@...@A..@A.\...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................d.@......5@.....@.@.....d.@.......@.....i..............ppAA..............AA....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T...\BA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_r_read_int Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19696
Entropy (8bit):	5.075959625551808
Encrypted:	false
SSDEEP:	384:wy9CtCJRIqJ2SiOVclfpftX5XV/dfQ3NCq:woaCZnc5dFJZxSNl
MD5:	18B4DE6DCFCBAD18028256AB1276D77A
SHA1:	C657522BA9FC9ADAB67003908794AB83A41A4F67
SHA-256:	00FBB2872CE7988B66C1E9482AAFEF5345E79B97B24F6B2DA95915A217F73AE2
SHA-512:	8BD3E67A754C6E8F1F2358A8DA5EC12836D7747C7D6BDF7D3420BFF6B7C1CCD91669044ED66A83B8E56FF47E88189630ED32A6358B4053730B974352502918AC
Malicious:	false
Preview:	.ELF......................@.4...hH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..<...<...............@...@A..@A.\...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................d.@......5@.....@.@.....d.@.......@.....i..............ppAA..............AA....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T...\BA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_r_read_string Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19696
Entropy (8bit):	5.078323267505093
Encrypted:	false
SSDEEP:	384:wy9CtCJRIqJzSiOVclfpftX5XV/dfQ3NCvr:woaCsnc5dFJZxSNqr
MD5:	357416EDDD6873F8F93A27689A7F5B7A
SHA1:	5D03E18A94FA5AA251A4A513BA10B88F5D5419DC
SHA-256:	00E10B8CE0DDC1BD06DCACB6B85220D1860053246F0D18F175DF79A4AD7FC051
SHA-512:	70A61978862957ADBBEB126A2D7A8434FC81B2B9D7B44572224703FA674F2EA2487FE3D6E62A13AD41C59030C6FE1B5565D393DE0F7B703C8B78C0B92D0F21D7
Malicious:	false
Preview:	.ELF......................@.4...hH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..<...<...............@...@A..@A.\...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................d.@......5@.....@.@.....d.@.......@.....i..............ppAA..............AA....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T...\BA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_r_write_float Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	23648
Entropy (8bit):	5.037053108017594
Encrypted:	false
SSDEEP:	384:98W7b8lPAfX9D3RAtTVtlfpftX5XV/dfQ3NCFV:9dn8j/t5dFJZxSNI
MD5:	12E9A5F1F1BF61E6BC47CC23BFEFC223
SHA1:	7AC41CDFBB59664C443C985164F0DC40B8300CE6
SHA-256:	45A74F1BC58485A033FEF6A43EFD4A49099A82BB893F0B2827C86CB00CA40489
SHA-512:	CC071A604550CCBAF5FB61FF8C2C9D5BD2CEC68BAF06D07421634CBDE6058FA84AE04A7DB6F2609431DEDCE1135EF1F51146AFA7AEF5EEB6FED1AE91CA5D9CFD
Malicious:	false
Preview:	.ELF....................p.@.4....W.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..I...I...............P...PA..PA.,...`. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.............:.........@......A@.....@.@.......@.......@....................p0PA.............@PA....p.......p.......p..@....p+......p>......p%......p/......o..@....o.......oH.@.................................................%...>.......2...<...)...-.......,...................&........... ...1...........0.........../...%...............+...................'...6...$..."...#...................................................;...........=...........................8...............7...................9...............5.......!.......4.......3...................:...(.......*...........................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_r_write_int Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19548
Entropy (8bit):	5.258194776273241
Encrypted:	false
SSDEEP:	384:uAZWk97zPH50EA7eVHlfpftX5XV/dfQ3NCro:uRke76H5dFJZxSNGo
MD5:	46C7D8EC2A616F13555CD95C8DFE1D63
SHA1:	CCC17B801A07951B0D690DB96D67F44511B6D395
SHA-256:	98DFC236472DFE194F9FD803A1D8015B13C70470E173985BA0FAB9658933F9B8
SHA-512:	CFC401904D60F4D6A20C9901A30705ADD84ABC3A0A58D8D47F31395A8388EBAEA5DAB7B6973450094AB882CF440788FDD97C140789196D19AF637E57F312C463
Malicious:	false
Preview:	.ELF....................P.@.4....G.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.D@..D@..............D@..D@A.D@A.$...\. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A............./.........@.....09@.....@.@.......@.......@....................pp@A..............@A....p.......p.......p..@....p......p=......p%......p.......o..@....o.......o.@.................................................%...=.......1...;...(...,.......+...................%...............0.........../...-...........$...............*...........6.......&...5...#...!..."...................................................:...........<...........................7...............................8...............4....... .......3.......2...................9...'.......).......................................................................t...hAA.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_r_write_string Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	23648
Entropy (8bit):	5.044894464459773
Encrypted:	false
SSDEEP:	384:N8rhglvT/CUjZw9bVRlfpftX5XV/dfQ3NCSr:N6gK3R5dFJZxSNN
MD5:	FF62D10C16D0D6E089E3A8CB84C273D3
SHA1:	D6BDF2ECAA5728A133D15E13E8B9F1C5233CD106
SHA-256:	5FF42701BF6DA55E1766A0E663EC0FF076CC16C452637AB6548D1369F225A847
SHA-512:	87659148843CCFB828BED3447236D490C551F36D5A27A935DE94087F12F13A96231B5E6C5907018D805CF289E41CC68C8F8DAF251E950336F14D0358A581BB13
Malicious:	false
Preview:	.ELF....................p.@.4....W.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.$I..$I...............P...PA..PA.,...`. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.............:.........@..... A@.....@.@.......@.......@....................p0PA.............@PA....p.......p.......p..@....p+......p>......p%......p/......o..@....o.......oH.@.................................................%...>.......2...<...)...-.......,...................&........... ...1...........0.........../...%...............+...................'...6...$..."...#...................................................;...........=...........................8...............7...................9...............5.......!.......4.......3...................:...(.......*...........................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_w_read_float Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19696
Entropy (8bit):	5.079453186995223
Encrypted:	false
SSDEEP:	384:wy9etCJRIqJGwSiOVclfpftX5XV/dfQ3NCf:wo2Cgdnc5dFJZxSNY
MD5:	34F7C9AB92C452CDE59405962A8F19F9
SHA1:	9766E0466A7648470F07F147F58D5ED46AFC4CE7
SHA-256:	DA3D6509BDAE7501E2F7456AD4CBE072A184802E3C8FDBE0A300067225D816F7
SHA-512:	E12FF8D0A53B6276088C28837D9C182036FD5F0EB2A472CA4DAC55BA151D98DD8C60E8A34E4261CE4EA5275B1ED2EB6DEE92EC66C6C51D253CAF8C557394BCF1
Malicious:	false
Preview:	.ELF......................@.4...hH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..<...<...............@...@A..@A.\...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................d.@......5@.....@.@.....d.@.......@.....i..............ppAA..............AA....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T...\BA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_w_read_int Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19696
Entropy (8bit):	5.07601374804685
Encrypted:	false
SSDEEP:	384:wy9CtCJRIqJuSiOVclfpftX5XV/dfQ3NCX:woaChnc5dFJZxSNo
MD5:	827279AE10B03D1ED7C589FAC82D7CAA
SHA1:	BEE4E89E601948A27B3C8044F4DE5300610DD623
SHA-256:	9177EC8F70A24CA8B7C790ABFDBCD14BD0C78423A936E48B0CE7860CCB747A6C
SHA-512:	AAA218BED67FBD5782C348CB90182E9DC816874F8375C6955DAE83DBDDD61029DE269D96F07A14C2D2B4A1DD0237F40055C880B1029D94D70E4BCE1FF10E6722
Malicious:	false
Preview:	.ELF......................@.4...hH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..<...<...............@...@A..@A.\...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................d.@......5@.....@.@.....d.@.......@.....i..............ppAA..............AA....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T...\BA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_w_read_string Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19696
Entropy (8bit):	5.078458698948317
Encrypted:	false
SSDEEP:	384:wy9CtCJRIqJrSiOVclfpftX5XV/dfQ3NCQr:woaCUnc5dFJZxSNRr
MD5:	662B955BD22955359CAE89D3E8D5C2BE
SHA1:	DA170FFE686600CE85DCE9ACD7CBDF1C24C7F593
SHA-256:	CB629404EA35CA599E374D60A5045E0D5E2CDEA43409B70D96F04B5CD029BEB1
SHA-512:	CCA1D618BCFDD9D9428B9EC583E437B2A36DEF24FB2B63D41B28513C8CC25686D3018067516C15E1F529863870925B423A069D2CB6055E61F5F9E93478E5F09D
Malicious:	false
Preview:	.ELF......................@.4...hH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..<...<...............@...@A..@A.\...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................d.@......5@.....@.@.....d.@.......@.....i..............ppAA..............AA....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T...\BA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_w_write_float Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	23648
Entropy (8bit):	5.037578105257332
Encrypted:	false
SSDEEP:	384:98W7b8lPAfX0z3RAtTVtlfpftX5XV/dfQ3NCS3:9dn8s/t5dFJZxSNj
MD5:	B7AEF0B9D9F10ABB3F6FA9CAA37EAE6F
SHA1:	BF386260EFB772B44AA87106E4B9EF2074AED6AD
SHA-256:	0A821BAC5E01E5D674BD6B21E533D96EC4ED087211FE1A1530C34A26CC9B90B8
SHA-512:	8A4AAE796D015405DABE01A3FEA40A1CC2822A7D40A9793461A12ECD76D2BF81EBC86E01438B2EA14C260BFFA43CC6F5ECFFC9333E0FEFF2D093EF28E9FD635A
Malicious:	false
Preview:	.ELF....................p.@.4....W.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..I...I...............P...PA..PA.,...`. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.............:.........@......A@.....@.@.......@.......@....................p0PA.............@PA....p.......p.......p..@....p+......p>......p%......p/......o..@....o.......oH.@.................................................%...>.......2...<...)...-.......,...................&........... ...1...........0.........../...%...............+...................'...6...$..."...#...................................................;...........=...........................8...............7...................9...............5.......!.......4.......3...................:...(.......*...........................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_w_write_int Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19548
Entropy (8bit):	5.258122276561774
Encrypted:	false
SSDEEP:	384:uAZWk97zPH59MA7eVHlfpftX5XV/dfQ3NCmo:uRkN76H5dFJZxSNbo
MD5:	A11B6FA2A135C444B8D8D00D8F7BB0F9
SHA1:	DF5FA7534EB7BF24D3EB6426BCE6DB7EFA26F1D8
SHA-256:	7E4240B333756DB026543E4C094D0A89203D58D3E91323A5016E2BE4A7CF7D59
SHA-512:	488BD91E6B89E28E0E9C44C51AB96F8615CA3552DBD8D37B57F3B417B428DF858BCA2CFF1CFB6A20E3A9B1DD749CE103501EF0F30E2BF44A2F78CD2C43400943
Malicious:	false
Preview:	.ELF....................P.@.4....G.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.D@..D@..............D@..D@A.D@A.$...\. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A............./.........@.....09@.....@.@.......@.......@....................pp@A..............@A....p.......p.......p..@....p......p=......p%......p.......o..@....o.......o.@.................................................%...=.......1...;...(...,.......+...................%...............0.........../...-...........$...............*...........6.......&...5...#...!..."...................................................:...........<...........................7...............................8...............4....... .......3.......2...................9...'.......).......................................................................t...hAA.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\actor_w_write_string Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	23648
Entropy (8bit):	5.045104778029506
Encrypted:	false
SSDEEP:	384:N8rhglvT/CFjZw9bVRlfpftX5XV/dfQ3NCxr:N6gJ3R5dFJZxSNu
MD5:	CA4253C97F0AF30A0200BBE7CDDC59B6
SHA1:	7D010153446D29D58CFD19AEB451A5DDAB7A58DC
SHA-256:	7FA36A45913456A107C1CC0172DDC640D39CA695B758037C16B43807A3F9EE1C
SHA-512:	389B2891B06389812FF5414460EA4A65E4FCD193343B67C4E03D5339D71199C3363A5D088EC418EF35412D90A0EA2D6DF97D1C6BC3DE64B2ECBC63959508179A
Malicious:	false
Preview:	.ELF....................p.@.4....W.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.$I..$I...............P...PA..PA.,...`. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.............:.........@..... A@.....@.@.......@.......@....................p0PA.............@PA....p.......p.......p..@....p+......p>......p%......p/......o..@....o.......oH.@.................................................%...>.......2...<...)...-.......,...................&........... ...1...........0.........../...%...............+...................'...6...$..."...#...................................................;...........=...........................8...............7...................9...............5.......!.......4.......3...................:...(.......*...........................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\analogctl_demon Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	36816
Entropy (8bit):	5.4689462252041
Encrypted:	false
SSDEEP:	384:R74VrT1tZB66S4x+ya8Q+T71W0xhTWmf38PfE+Njw2jVYlfpftX5XV/dfQ3NCmFf:lkrT1rvdUPdNRY5dFJZxSN7FDeC2at
MD5:	0E453975C4E389DF89EAB42DC6810FA7
SHA1:	0CE619FF5544D34A5FC9494C8B33F07E8C2B568E
SHA-256:	4B65FE6E98C6C7DA5210CBA90EF54262BE269E52CF45981226750FD6E9616C70
SHA-512:	2A3B548D39CC25F991D94EE22344052204317EB6444371E085BD0AE7D1D7C080AFAE5CF676A806B2CEFF3E9BBB022FFD22021B90A429CFF84C2AB9563854C8A3
Malicious:	false
Preview:	.ELF....................0.@.4...H......p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.t}..t}....................A...A....... .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................P.B.....w.......E.......S.........@......o@.....H.@.......@.....\|.@....................pP.A.............`.A....p.......p.......p..@....p8......pj......p%......p<......o..@....o.......o..@.................................................a...j...........V...)...&...........;.......$.......=...D...................9.......H...5...............8...M.......1...........^.......C...B...a...........:...F...2.......*...]...S...,...4...Q...........?...............E.......\.......O.......6...#...........................3...U...+...........Y..._.......J... .../...............%.......7...........'...........<...>...A...........X...b...f.......................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\chip_type_test Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	173872
Entropy (8bit):	5.795347255938191
Encrypted:	false
SSDEEP:	1536:r2BSvTj/9lA3A489ydwVXRZtojAx4N1lB8qTJA2xVcYgX+UZ1MDAFTU:rjDD9bqlHxV41MDAF
MD5:	69788E2BD3E2F70D943C64CAA3673F6F
SHA1:	2D22BA5F76047B404C3219A320A399E7DBD82AB7
SHA-256:	2BE94FB2142AE5133BDB18F0E48DA56D4D871D48A435A94A76B0A74B3417FF16
SHA-512:	ABC878A5B303C512EBA15B44441B6BC731CA277027641C13980BBEE35AFBF7E286C53A295B2256CF82B2D8AE9374FAEDB670CF2C782EF2DA2AA98F05AFBBC3FD
Malicious:	false
Preview:	.ELF......................@.4..........p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.Dt..Dt....................C...C....................`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.D.....................7.......E.......L.@.......A.....P.@.....l.@.......@....................pp.C...............C....p.......p.......p..@....pY......p.......p%......p]......o,.@....o.......o..@.........................................................7...-.......c...s.......L...]...........*...S...R...l...................[...........I...j...+...........h.......................G.../...N...>.......i...z...U.......H...K...........Y.......P...........2...............d...V...................................b...............m...............................T.......^.......`...f.......D...A...Q..._...1...\.......6...........M...)...'.......B...a...g...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\demon_readstatus Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	5.1649474823606365
Encrypted:	false
SSDEEP:	384:bIqikbqjxvxCS2cyKnVClfpftX5XV/dfQ3NC/3LVrzOP:b9ikbwjDVC5dFJZxSNi3BvO
MD5:	E8B42518D0AF924CD4192437EFB81851
SHA1:	5EDD4168505D1EDFD2D80BD5EC1A20B4BBEFCAD8
SHA-256:	75CE3A9A0BF124321CC6CAE96DEB9BA3D440ED30265E29EA24C03B91538A6D64
SHA-512:	A6A38834914358B5122A0840F13AF56D293302FF0DEE5E7FCBC813419717BB6EBBB044ED5BD0F085D491C7901446862FBB3831F12526816F2B1099FAC88A7C7F
Malicious:	false
Preview:	.ELF....................P.@.4...xW.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..J...J...............P...PA..PA.,...`. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.............#.........@......@@.....@.@.......@.......@.....}..............p0PA.............@PA....p.......p.......p..@....p'......p>......p%......p+......o..@....o.......o2.@.................................................%...>......./...;...%...).......(...................1...............-...........,...*.......+...................'.......8...5.......#...4..."... ...!...............................................:...........=...........................6...........................<...........9.......2...............0...................3...$.......&...........................7...........................................................h...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\history_demon Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	96576
Entropy (8bit):	5.830740656344717
Encrypted:	false
SSDEEP:	1536:ANWtwcLFBOOP8TsdT5HhvEq57oFLUdkEIykpmo8E+C5f6Dm:Ltww+orHqq5MF4dk7moH+CgDm
MD5:	F3F3542493A09F0A99964AA8A1CAE293
SHA1:	B32A1C89CB20FBE7787DAC0BA8588F73FFB48610
SHA-256:	0A285D1747E0F3B6B3B5B42ECC4A2A717E4B5F33BB91962755A330E2FB1517A0
SHA-512:	E283FBDCD30F068803112B693A2C7A56BD344D78C5536EF9CC9CA251274AA8F4907A209471C2FEA13D98DD666BBB55DFA29298DD07BEDD40901233D239C32B2F
Malicious:	false
Preview:	.ELF.....................#@.4....t.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..]...]...............`...`B..`B.L....HF.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.......................B.............................."@......,A.....H.@.......@.......@....................p.bB..............bB....p.......p.......p..@....p.......p.......p%......p.......oh"@....o.......o. @.............................................................D...h...:.......~...........v.......m...............\|...........................o...d...............y...............$...........................................................^...L...........4.......t...n...........S...0...i...................J...........g.......!...................................w.......x...+.......`.......................................u...........z.......E...?...............P...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\hwdetect Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	24252
Entropy (8bit):	4.787634647517238
Encrypted:	false
SSDEEP:	384:js281bi1nsxDpw4rXsswG4EbYVStlfpftX5XV/dfQ3NCuLI:js281biUrXvwG4EbISt5dFJZxSN
MD5:	F655250A0BDF9C3B161A3A8289A76452
SHA1:	CD09411EEAB33A3E78B8A1F5982073F52BB566FB
SHA-256:	F447B952BAEB92CD849251533439ADEF05CFF9CD3187B34F4862BAEEF3EB174C
SHA-512:	5ED9E0AC04BFDFB86F89D4E5C1C10A088439F39C3550473698C43F30F860274DC02C9E577D3E5A0979CA00D3C0577FA9432C3D8754AB7892FCD26D351C7CE331
Malicious:	false
Preview:	.ELF....................0.@.4...4Z.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..F...F...............P...PA..PA....... .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.......................A...............................@..... ?@.....H.@.......@.....p.@.....?..............p.QA..............QA....p.......p.......p..@....p/......pE......p%......p3......o..@....o.......o..@.................................................C...E...&...?...............3...............0...-...=.......9.......5...........%.......!...;...............:...2...........*...6.........../...4...,........................... ...7.......<...#...........'...........................A...................................(...1...........................................D.......C...............................B...........................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\i2c_demon Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	386276
Entropy (8bit):	5.314052756434275
Encrypted:	false
SSDEEP:	3072:QLKisDD/+RboJMM0ixe55sWbUQ7lIPNOWeWM20M4AEZRI1wDU:yUJJ2wJekcdZ+1Q
MD5:	37E0C6D38C92C6B59F0B9B7CE69D2EF4
SHA1:	13F12EC185AA9F92A7F3372065216DC5B3DA21A8
SHA-256:	FA75790B52E98DF46F0E94E459C314F34C81DC73CD149D4BD34BDFBFAEB3CE94
SHA-512:	F3A40FA81C00B8509EFA065F7632D84F9FAE184DD90E1AF111F838B11565FBBC8E5554F6F75794F74A02D7F2DDA6C4E2710765F695358ECDF28C0698F705597D
Malicious:	false
Preview:	.ELF.....................8@.4...\......p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.D...D.....................E...E.....@.C.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0......................3G......................................7@.......C.....P.@.....< @.......@....................p..F..............F....p.......p.......p..@....p.......pJ......p%......p.......o.7@....o.......oD5@.....................................................J...................9...p...e...........................f...................................m...................a...........8...........3...........=...D...................................6...........-...............................................3.......k.......................t...........0...............}.......................E...*...............D...................................@...........]...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\i2c_scan Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	195760
Entropy (8bit):	5.909521572819672
Encrypted:	false
SSDEEP:	1536:VieDkGWJ/rEQhebHo6rZCabt1kDXYIGkDX+DqHNDqLVHI5D6L2rfArKaa0STkV80:AiMrDmEBCkbjWXLhy11D2K
MD5:	D2983002F4239D9157DD4C30C4FCCB8C
SHA1:	45F2B6F04B34923C9C5866111B5FBD55B7ABD129
SHA-256:	1F179044C4BA2253C6703D7F40954088A88EB4787A244A322447E7BA93A5178D
SHA-512:	4B472CE011470906D6AEA1DE22A9D45D0493EE9E5A56247D94FA96299B7287AA5196C28B01A7F4CF8B601558055E9C7810705BFB8A59F465623AE5266F5D4858
Malicious:	false
Preview:	.ELF.....................$@.4...(......p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.T...T...............T...T.C.T.C.......*.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0......................SD......................................#@......?B.....P.@.......@.......@....................p..C...............C....p.......p.......p..@....p.......p.......p%......p.......oh#@....o.......o.!@.....................................................................6...-...w...............................\|...\...............................p.......G...[...........>...................M.......................(...................b...e...Q...........2...........q... ...s...Y.......k...@...........B...O...................................E.......y.......c...?...U...{...........g.......l...&...J.......................z...x...................=...........

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\iopin_direction Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	24248
Entropy (8bit):	4.935827659200423
Encrypted:	false
SSDEEP:	384:SM6T6aJRMtI7JaZ/pj/0V6V+JlfpftX5XV/dfQ3NCevLGeJ:5c6aJRM9pjMVm+J5dFJZxSNh
MD5:	E45454AF8DC07F5A3057E1CA363CB5F4
SHA1:	AA84CE372A7AF4E24738C8A4171C5CC5D6CC54B3
SHA-256:	DB64F40A263997087ECC48DA46F21F50EDA3F4FD1266B72532B8215A7D534627
SHA-512:	DB8EA45803C46418E2A56E098F9F4D118A45FDEEF6EEEEA2F810E71786719A1F759B375D37EBBFDC0550A0DC60678D9206E69412B677026A02DB02496B6129D0
Malicious:	false
Preview:	.ELF......................@.4...0Z.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.4H..4H...............P...PA..PA....... .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.......................A.....................T.@.....`?@.....@.@.......@.....d.@....................p.QA..............QA....p.......p.......p..@....p-......pD......p%......p1......o4.@....o.......o..@.................................................C...D...%...?...............1.......3...........+...=.......9.......5...........$....... ...;...4...........:...0...........(...6...........-...2...*.......,.......................7.......<..."...........&...........................A...................................'.../...........................................C.......B...................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\iopin_read Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	24248
Entropy (8bit):	4.859448446252683
Encrypted:	false
SSDEEP:	384:p95az7al8WVulglWHRbArVdhlfpftX5XV/dfQ3NCNjLV:b5az7a1WHBAZdh5dFJZxSNG
MD5:	75BEF16EB995686F5486163738D35108
SHA1:	075152BFCABE1BD8B43A843029A5AE394B7D9DF5
SHA-256:	86BD27FDFFAF764792F692F0550D322A67411547927B26324C3C46E43C81D14C
SHA-512:	9770DD0B15A17378622C474DE5080333124FFB27136801B63EBD7705A02362A3EBD4B67F54029E283677F39838B4808A4C383EC115D3557B598D79014A2A2B17
Malicious:	false
Preview:	.ELF......................@.4...0Z.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..G...G...............P...PA..PA....... .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.......................A.....\|...............L.@......>@.....@.@.......@.....d.@....................p.QA..............QA....p.......p.......p..@....p-......pD......p%......p1......o,.@....o.......o..@.................................................C...D...%...?...............1.......3...........+...=.......9.......5...........$....... ...;...4...........:...0...........(...6...........-...2...*.......,.......................7.......<..."...........&...........................A...................................'.../...........................................C.......B...................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\iopin_write Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	24248
Entropy (8bit):	4.923600341630916
Encrypted:	false
SSDEEP:	384:Ru8i0aB7ZNIzJkY56xz/kl0kVeBlfpftX5XV/dfQ3NCw4Lhgr:Ru8i0aB7Zzxzcl3eB5dFJZxSNn
MD5:	E6D100E4E2A4317A61AA9072B7C4E94E
SHA1:	8081CB1FBE6C81D5667C5A91A78E820CDCDB8D4B
SHA-256:	D95FF580F53D4BE300D99F2B1658AC79A536E264F383FC0F6DDD28A22FACCE0C
SHA-512:	1888F85BFA531AB5040D8C9B100F1C4D8A80E6287F6D7258716517FFD06E9F412844C92D1D514943DBFB94E53FA0F01F5BF176BA2AAFA71B6E26C2D538C65FCD
Malicious:	false
Preview:	.ELF......................@.4...0Z.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..H...H...............P...PA..PA....... .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.......................A.....}...............L.@.....p?@.....@.@.......@.....d.@....................p.QA..............QA....p.......p.......p..@....p-......pD......p%......p1......o,.@....o.......o..@.................................................C...D...$...?...............1.......3...........+...=.......9.......5...........#...........;...4...........:...0...........(...6...........-...2...*.......,.......................7.......<...!...........%...........................A...................................&.../...........................................C.......B...................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\matrix_demon Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	79212
Entropy (8bit):	5.686221104508408
Encrypted:	false
SSDEEP:	768:vvKGyLTj4zlURTH9dnDnI/VSMc0msN5V0Wjxtrxz1KJCF8sk7YF5dFJZxSNN8DYQ:X7yLTRdRIdisN5Vvh1CdlU28DYs2D
MD5:	34CFD8DC019B84B4A17D377706AAA0EB
SHA1:	62D1D67D812BDFA1A24CB0F3DC91C5E4808FFC6D
SHA-256:	31BAD2E623674459A1A63768B52DEC9B79F1A4AED86CD2FC799B92836683490A
SHA-512:	F3640FF9E66895E9AE7B2B550CA25F17B7E28FD8F32C8029376E6BC4F306AD1F2FA6EDBD4F03EB14A8B95F9FEBE5352EF110E6C01B922A6B06FC7880F948C986
Malicious:	false
Preview:	.ELF......................@.4....0.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@...................... ... B.. B.X....L2.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................`.B.....Y.......'.......5.......4.@.....0.@.....H.@..... .@.....P.@.....y..............p` B.............p B....p.......p.......p..@....p.......p.......p%......p.......o..@....o.......o..@.........................................................K...5...........j.......q...................0...G...........]...X...........................1...................................l...Z...s...f...............\|...4.......p... .......~...........=.......?...8.......y...............D...............................A.......c...S...g.......u...W...#...w.......I.......................9...i...b...v.......>...[.......%.......!...r...2...T...................\.......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\matrix_readstatus Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	23564
Entropy (8bit):	5.325487420688058
Encrypted:	false
SSDEEP:	384:7JCIla8iA0tEOhgiKze9Llye9SVXlfpftX5XV/dfQ3NCTSwHJz:7JTpUbcyeX5dFJZxSN2hJ
MD5:	DEAE0E4E7E89D515BEB217D2CB2BA567
SHA1:	58EB20D0A3253ADEE6B881A7C2FB5FECD6CFF5A5
SHA-256:	2BAB040F1B725756B5E6242BA1A75EA852FF8397E13CBBA04ECFCE652E7731CB
SHA-512:	C62393ED0FC3E3D3DF8EA4CBBBD8AC6DB5AEA06DE95669B5BDA36704377EAB2C41F3C402B8576D211D347CA7CBCBFAE36BA93D51C4C1F35C085CB103F6299D7B
Malicious:	false
Preview:	.ELF......................@.4....W.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..O...O...............P...PA..PA.8...p. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.............H.......4.@......E@.....@.@.......@.......@....................p0PA.............@PA....p.......p.......p..@....p(......pA......p%......p,......o..@....o.......o..@.................................................%...A......./...=...&...*.......)...................2...........................-...+.......,...................(.......;...8.......$...4..."... ...!...............................................<...........@...........................9.......?...................>...........7.......3.......1...........0...................5...%.......'.......#...................6...:.......................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\memknecht Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	11472
Entropy (8bit):	4.974409366991856
Encrypted:	false
SSDEEP:	192:16jPUhNerbMhJrNJn9qDp83XLXUXopW8bC1RK2UJQ2692fh:8FrohJrNJn9qF83XLXUXop1
MD5:	0957E3CEF2D9BE21A045321AA049FCC3
SHA1:	E78AE16347005512D116185E9FC4C5E339CA2FFB
SHA-256:	D079D081098CF416AD5ADB44E856662DBE84732B93195F0AB78B361E68586D87
SHA-512:	82612BEAB99E0949B2D4DB57F8AF8B6C3CF3004F51492ADF20C17D0E52078CDD1B25156CF1C49DAC8095AE987C1B3BE88FC2F6F83F2EFDA42BF9D35471000EE0
Malicious:	false
Preview:	.ELF......................@.4...H(.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..$...$...............$...$A..$A.....T. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.....i...............L.@...... @.....@.@.......@.......@....................p0$A.............@$A....p.......p.......p..@....p.......p3......p%......p$......o,.@....o.......o..@.................................................%...3.../..............."........................... ...............%...........$...#...............-...............)...........................................................0.......2.......................................1...+...................,...................'...........*...................&.......!...(....................................................................$A.........B.....@.........w...............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\monitoring_demon Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	50120
Entropy (8bit):	5.582478677778447
Encrypted:	false
SSDEEP:	768:QYa+TZReQjbCKdpfB/ajAzykZyS/5dFJZxSNp/vFDmCsf:HfLlH1ffNajvMnSVD
MD5:	97A98CBEF564868CD12AEFAA8113EAB4
SHA1:	E4B5FF5191B111B3FA7D2385A9766FE89AF91E5B
SHA-256:	BBC96AF1B122FA818A852CEEEC45B2C4C32A62E3B1783238027C165778BC3D43
SHA-512:	B84259753F5FCA861A7554B6777B68A263A73F14556207A70FF8CC34935205E518DB42B2B23EEF548AE2F5FF8C6D2D49AC3FE21450342DDF855D6FCDD43A26E1
Malicious:	false
Preview:	.ELF......................@.4...@......p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.........................A...A.......=.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0......................1B.....d.......2.......@....... .@.......@.....H.@.......@.......@....................p..A...............A....p.......p.......p..@....pB......p\|......p%......pF......o..@....o.......o..@.................................................a...\|......./.......*...'...........E.......$.......G...P...........9.......C.......T...>...............B...[.......8...........n.......N...M...r.......&...D...R...:.......@...m...0...2...=...`...<.......I.......K.......Q.......l.......^.......?...#...Z.......X...........v...;...e...........O...i...o.......V... ...6...5...........%.......A.......4...(...........F...H...L...........h...s...x.......................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\query_resetbutton Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	33060
Entropy (8bit):	5.185648120638222
Encrypted:	false
SSDEEP:	384:Cq2lXHDziW8RBYGEdfhJhYhMhX5fhY/TjdMbx/ZV2D+7vjV8lfpftX5XV/dfQ3NB:J0XHDdLumzkR+Z/vR85dFJZxSNXC2WY
MD5:	A48AFA9D88908C249013FA2034C52652
SHA1:	270A5F09B44F83998C4865E5F2E12839A2600E07
SHA-256:	C45A856E776184C3A62833AD2B881B237A8E9EC06F0FC24E10753DC074CD2A22
SHA-512:	9A93AEF86DBB9F3C279817C2D128D062353840A98B812DCF3CCD2810B3D97F6D836EAF169EDF910E2D053F34661FCAE2690AAAAA65468FB314E3EBC387EAD9B4
Malicious:	false
Preview:	.ELF......................@.4....\|.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..i...i...............p...pA..pA.0..... .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.......................A...............................@......_@.....H.@.....(.@.......@....................p.qA..............qA....p.......p.......p..@....p1......pW......p%......p5......o..@....o.......o(.@.................................................C...W...'...M...N...........5.......8.......1.......J.......A...D...:...@.......>......."...E........... ...B...4.......O...6...;...........0...7...-......./...2...9...........!...=.......H...$...........(...................G.......<...................................)...3...........................................T.......S...............................R...........................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\rc_read_demon Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	55056
Entropy (8bit):	5.685233597307634
Encrypted:	false
SSDEEP:	768:Etpgwsz0qTXeysD1ZCUmFJQYa9WeHmKi80WByv8Syw5dFJZxSNzW5FDmCnMny8:EWzjuysDXOFJQYoWwZ0GW+aDgy8
MD5:	1409D5C2CAAE6A9B72AEEDCB13F60AB6
SHA1:	62A1E38A3D564416B7BBA9C8F7CD6D849969BD84
SHA-256:	7D178C5533321D4D9773C5F0E2E4549DC983D7CC7D582DC77DBA30F98403A6D6
SHA-512:	3D6783417A34DE3217BD54F41FCDD0BA12017E263CA3FF65A20F7BDCA7F2532A13A703CAAD683B4BA1D1AC1EF78938FAAFCCA68FCED9B40B4D9383D04AB2D70A
Malicious:	false
Preview:	.ELF....................p.@.4..........p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@...........................A...A.......=.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0DB.....Y...............m.......{.........@......@.....P.@.......@.......@....................p0.A.............@.A....p.......p.......p..@....pG......p.......p%......pK......o..@....o.......o..@.................................................a...........3...".......+...........J.......(.......L...U...........=.......G.......Y...B...#...........F...`.......I...........s... ...S...R...x.......*...H...W...>.......D...r...h...6...A...e...@.......N.......P.......V.......q.......c.......C...'..._.......]...!.......v...?...j...2.......T...n...t.......[...$...:...9...........).......E.......8...,...........K...M...Q...........m...y...~...............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\rc_write_demon Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	45528
Entropy (8bit):	5.329281471456464
Encrypted:	false
SSDEEP:	768:4A65k8NlTTM3a9Y70b+q2qfyk+T2+iM5dFJZxSNkBtFDmCx:f6G8jWai70p2WyDTAGDt
MD5:	849184B9A24B57531958BDC233BFD30D
SHA1:	69920FCFAA77BB412BE002E20057A7BD848D2E1F
SHA-256:	FA9D4E2DEA065F6CBC02E18FE43926EA955E3B7A0786818322FF0AF9FA2B9FFC
SHA-512:	1B2A3580A73D25A70CAB36F504F2CED11CBA2F39ECC4D32E19ED643906749ECCB553BE35E7E04704BC901EE7A0CDFD2C837142FC0FCDE4902DCFC96D48803FD3
Malicious:	false
Preview:	.ELF......................@.4...P......p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@...........................A...A.d...`.=.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0......................!B.......................................@.......@.....P.@.......@.......@....................p..A...............A....p.......p.......p..@....p<......pp......p%......p@......ol.@....o.......o..@.................................................a...p.......+...Z...*...'...........?.......%.......A...H...................=.......L...8... ...........<...Q.......4...........b.......G...F...g...........>...J...5.......:...a...W.......7...U...........C...............I.......`.......S.......9...$.......................e...6...Y...-...........]...c.......N...!...2...1...........&.......;.......0...(...........@...B...E...........\...h...l...............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\reloadcounter_increment Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19376
Entropy (8bit):	5.180376434578617
Encrypted:	false
SSDEEP:	384:W3CfU9Z6lqAvV9lfpftX5XV/dfQ3NCzD:W3CfUkd95dFJZxSN+D
MD5:	8672164A58DACC849E937634012EF126
SHA1:	E652B49D0F3468719F91543CAA7876B9944464D5
SHA-256:	2EF358672D422AD16AEE80C3098640C20B4C44C89DAC6993F35361051105869A
SHA-512:	9E5FD70C2D6A91F07140BCE8FA62EC404654DFA91210B4962C6AE762B61A0B3E50E7F9D51EA30DEA002292B3FEF7E6F2AB703F4CDCDAC23A2A4B32DAB79177B0
Malicious:	false
Preview:	.ELF......................@.4...(G.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.$>..$>...............@...@A..@A.....P. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.....................d.@.....`6@.....@.@.....d.@.......@.....i..............p0@A.............@@A....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:......./...8...%...).......(...................1...............-...........,...*.......+...................'...........4.......#...3..."... ...!...............................................7...........9...........................5...............................................2...............0...................6...$.......&.......................................................................T....AA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\reloadcounter_read Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19376
Entropy (8bit):	5.175444943917169
Encrypted:	false
SSDEEP:	384:W4CHU95CFNpAnV9lfpftX5XV/dfQ3NChk:W4CHU9V95dFJZxSNQk
MD5:	F444298B981DA20FCE5A51C03A746DD6
SHA1:	BE959DB756AB738328924DA7493B111D562559AF
SHA-256:	1D4BD497823E085D6AD6E5A617FE738266D735D140161B45AE70C0E2DAE486AF
SHA-512:	B1849A475175FE647E14E78B163B7395200898F45A509895EFACE537795CB0FB80679D04D6B7876798A19ED3418F773ADC72BF9BC4B4458A4C909D9213931B43
Malicious:	false
Preview:	.ELF......................@.4...(G.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..>...>...............@...@A..@A.....P. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.....................d.@.....`6@.....@.@.....d.@.......@.....i..............p0@A.............@@A....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:......./...8...%...).......(...................1...............-...........,...*.......+...................'...........4.......#...3..."... ...!...............................................7...........9...........................5...............................................2...............0...................6...$.......&.......................................................................T....AA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\reloadcounter_readstatus Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	31772
Entropy (8bit):	5.696005721078903
Encrypted:	false
SSDEEP:	384:chLPMYRWluLEwey/6h0ww7zEtXcWVIlfpftX5XV/dfQ3NCEjM8073+Pn:chLPMYgl+WcSI5dFJZxSNhn
MD5:	13A1F2E307481779F81F4A7080682866
SHA1:	AED83CEC4E64B82D632C83BD752BE4F52C9EAAFB
SHA-256:	BFE5F6DE3D090D550C92C616BEE06081AFD0CEEA8694711A62B7BD8BE2472370
SHA-512:	E79599ED377B28C54BC73FE747931727B8B0E5FEADDA10F740914AFAD9238DAAD42604AE2D49FCACA36464403DB9D8C8376E1170066CCCB2F46C58B0BA1930DD
Malicious:	false
Preview:	.ELF....................@.@.4....w.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..n...n...............p...pA..pA.(...`.".............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A......................@......W@.....@.@.......@.......@....................p0pA.............@pA....p.......p.......p..@....p(......p=......p%......p,......o..@....o.......o$.@.................................................%...=......./...:...&..........)...................1...........................-...+.......,...................(.......8...5.......$.......#...!..."...............................................9...........<...........................6...................4...........;...................2....... .......0...................3...%.......'.......................7.......................................................o...(qA.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\reloadcounter_write Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19380
Entropy (8bit):	5.18621509338984
Encrypted:	false
SSDEEP:	384:EIfTAwmrUNlpZklVMlfpftX5XV/dfQ3NCmR:EIMwmnXM5dFJZxSNbR
MD5:	56C3719187187353122156ED8675AE90
SHA1:	3DDA3489765BDCDFE156BF95453AD8D756C834EB
SHA-256:	183083D24DA135F2479B391C2D00E876E98850A6644627193292C7CBD7B83B4A
SHA-512:	00DD06EB999A2AFD6FC24464DC036E2BAB778407AC5C48339FEE58AD69BCE387F148754CF57EED02A819BF57D04CB5BD32D020B0F0D7C7E4AB730AC684FFB3FB
Malicious:	false
Preview:	.ELF......................@.4...,G.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.T>..T>...............@...@A..@A. ...`. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.....................\|.@......6@.....@.@.....x.@.......@.....n..............p0@A.............@@A....p.......p.......p..@....p'......p;......p%......p+......o\.@....o.......o..@.................................................%...;......./...9...%...).......(...................1...............-...........,...*.......+...................'...........4.......#...3..."... ...!...............................................8...........:...........................5...............................6...............2...............0...................7...$.......&...........................................................................Y... AA.........

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_read_all Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19696
Entropy (8bit):	5.101528967697046
Encrypted:	false
SSDEEP:	384:nSBSDdll+gWPyEoVUlfpftX5XV/dfQ3NC:ncSDS6EYU5dFJZxSN
MD5:	F8A7A21D291D57469104B3A3AF7CB095
SHA1:	15EFBEB16E25666ADDC589E6612549FD76462BD4
SHA-256:	5A3C31D66863FDBB728EB26A4D16175DDB885D3EFB19C586F3F327C7DE2C163B
SHA-512:	13E433681FFD271B9A28423BF48E36B7BDF372F11842EC711C9966CD15368AA9340DE45B987D423E5CA13D6B9AFAD0DA8625CCC67E9AB7E005D5CC25CE7134F1
Malicious:	false
Preview:	.ELF......................@.4...hH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.T=..T=...............@...@A..@A.\...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................d.@.....P6@.....@.@.....d.@.......@.....i..............ppAA..............AA....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T...\BA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_read_errorcode Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19696
Entropy (8bit):	5.080289363420204
Encrypted:	false
SSDEEP:	384:QydCtCJxACWSiGVclfpftX5XV/dfQ3NCv:QoaCZvc5dFJZxSNk
MD5:	5CCB9A374AD6B3415F63DABCA7C1EAD3
SHA1:	117C9E75CDF4CCDE2F0E868A09B5F26C021086D3
SHA-256:	9D85713232F7FC19C8B2BDD014E7BE3B3ABA9ACF7599319DDD8BBF195199542B
SHA-512:	01D8EFD01B045C75A6252AFA478C33E9F636128DE97B1B77FAC8178B46C364E493D393BCCA0A683FC3759292BCBDFEEB063E7FB8B10954B09032E416A9BD4254
Malicious:	false
Preview:	.ELF......................@.4...hH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..<...<...............@...@A..@A.\...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................d.@......5@.....@.@.....d.@.......@.....i..............ppAA..............AA....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T...\BA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_read_errormessage Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19696
Entropy (8bit):	5.082095371976939
Encrypted:	false
SSDEEP:	384:QydCtCpR4iPSi+VclfpftX5XV/dfQ3NCC:QoaCgXc5dFJZxSNF
MD5:	F3042D5ECCABD782085F444EB0CEA1C8
SHA1:	1DFA09AA189230124318D1C060707D741425BD87
SHA-256:	8551155ABFA5720E6B24F54805A1A7B07BEBC9A4FBE5FA214CBB9D152E646503
SHA-512:	81A13A6174C6D31BAF714626DF0D876A2656936B88088814D09BA0B9FCDB493D4C3B80C283490CFD2F74929588290967592C3F0E2BA271A58FCE573154CDE916
Malicious:	false
Preview:	.ELF......................@.4...hH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..<...<...............@...@A..@A.\...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................d.@......5@.....@.@.....d.@.......@.....i..............ppAA..............AA....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T...\BA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_read_float Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19696
Entropy (8bit):	5.078318592206472
Encrypted:	false
SSDEEP:	384:wy9etCJRIqJGASiOVclfpftX5XV/dfQ3NCv:wo2CAtnc5dFJZxSN0
MD5:	4B3893A758BFF5D92F4AEB21B95A209F
SHA1:	50DB1AB0E32F6EB497BBF1555733B82AD05746C8
SHA-256:	A5AC537E7CB9657854460AAC329D7318108D8C49F39BCEA08197F02136217FC8
SHA-512:	3C40353D7F8551E699754BBA022B5B8BA913907B3AA44328536C4FC35E41EE1F2EB74CD23DC566BF21E11C03C0B56C8ECE627D888657C5D05C4DD49FD19D2C33
Malicious:	false
Preview:	.ELF......................@.4...hH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..<...<...............@...@A..@A.\...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................d.@......5@.....@.@.....d.@.......@.....i..............ppAA..............AA....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T...\BA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_read_int Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19696
Entropy (8bit):	5.075441934235795
Encrypted:	false
SSDEEP:	384:wy9CtCpxQgJiSiWVclfpftX5XV/dfQ3NC/:woaCH1/c5dFJZxSNU
MD5:	EF8006ECC9BD9B5DCEC70642015617B6
SHA1:	47888180131A701C77541B3B557018B5905B155D
SHA-256:	54C132932C0358F2E78277B7FC875B38F361C66883B52156181D746FA905310C
SHA-512:	1F392CEA468B1CB01775C6CF439EF9BCBFCFD228C80601F6071A7CE57372B6991BCC93B423B1630DCA34BE0DD4917554C746689F3FF468411B57DF7757095524
Malicious:	false
Preview:	.ELF......................@.4...hH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..<...<...............@...@A..@A.\...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................d.@......5@.....@.@.....d.@.......@.....i..............ppAA..............AA....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T...\BA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_read_string Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19692
Entropy (8bit):	5.066701820863671
Encrypted:	false
SSDEEP:	384:/I8wQFcXKoehAOyxuqQValfpftX5XV/dfQ3NCS:/I8j4KoGqAa5dFJZxSN9
MD5:	D1489715B4521137DB408D5801CE50A9
SHA1:	11934A41D98C803A201E17F6322F7EAB32DF27E2
SHA-256:	1A2BB39CF6852CCE9AC1AC39ACB3AD8C4D36E1CE7449639FD78A12E67B2CAD84
SHA-512:	0387CE84A8632D2EC9B27356E1F88713E66CCA50758C4C5A25B28D48207A90467DBC6F2BF5673A3BFB8D352CF210F0A4D8DD869A863420AB380F73A91351BEB2
Malicious:	false
Preview:	.ELF......................@.4...dH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..<...<...............@...@A..@A.X...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................L.@......5@.....@.@.....P.@.......@.....i..............ppAA..............AA....p.......p.......p..@....p'......p9......p%......p+......o,.@....o.......o..@.................................................%...9.......-...7...%...).......(.................../...........................,...*.......+...................'...........2.......#...1..."... ...!...............................................6...........8...........................3...............................4...............0...................................5...$.......&...................................................................T...XBA.............P$@.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_readstatus Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	23584
Entropy (8bit):	5.291310296417204
Encrypted:	false
SSDEEP:	384:TH7uApJ1O7hcXcgH8YVeb+V5lfpftX5XV/dfQ3NC6:TbuOsgHzca55dFJZxSN
MD5:	F0D586E0A3F13764A2C08492C032641C
SHA1:	A8B1E30A8BEB7B34749419A0490C5D7561A80CB7
SHA-256:	68C4D606175159F1E3AAE659D0D2424991BBFDDF08BD84AAEF889CC560B2832F
SHA-512:	E53CD16E923F70C557ACDACFD3D986E5ACD1D606918AA2D30B770B194FC4C7E3A24C95B5F29B2F14128271620A61BF023D6A1CE7710A102647CBB1DA6CA3CDC7
Malicious:	false
Preview:	.ELF....................`.@.4....W.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.tN..tN...............P...PA..PA.,...`. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.............+.........@......F@.....@.@.......@.......@....................p0PA.............@PA....p.......p.......p..@....p(......p>......p%......p,......o..@....o.......o:.@.................................................%...>......./...;...&...*.......)...................1...........................-...+.......,...................(.......9...5.......$...4...#...!..."...................................................:...........=...........................6...........................<...7...............2....... .......0...................3...%.......'.......................8...........................................................p...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_shm_demon Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	62308
Entropy (8bit):	5.511433292329337
Encrypted:	false
SSDEEP:	768:P8GMLqirTE4yd98WD/MVMP/QTj0UgJqP2mLbOq7Sa6H8N5dFJZxSNWiaFDmCW3B6:PtMe4ygakVMPTvkP2Abe8fbDSx
MD5:	D1D1CFFEBF856858DE9D56067ADBACEB
SHA1:	E39E3F2AC1F41A9D3CBB44452AEF9296F9018202
SHA-256:	F2131C3188CC9A6653D7243DDE4881ECCF9FCE3299489BEA4213CC2C2F3F4651
SHA-512:	9F1AD432179AEB627B2137D5863C28444920B288E845FF088D9281EE4CE9804AA93E089EB3C7378073455EFAD952CF4A43314D364AE2E44E70CCC300A12281A9
Malicious:	false
Preview:	.ELF......................@.4..........p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@...........................A...A.p...P/<.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0......................aB.....9.........................@.....@.@.....H.@..... .@.......@.....Y..............p..A...............A....p.......p.......p..@....pC......pw......p%......pG......oh.@....o.......oz.@.................................................a...w...........b...-...)...........F.......'.......H...P...................C.......T...<...5...........B...Y.......E...........j.......O...N...n...........D...R...9.......?...i..._...1...;...]...........K...............Q.......h.......[.......=...&............... ...........:...a...0...........e...k.......V.......6...4...........(.......@.......3...*...........G...I...M...........d...o...s.......................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_write_errorcode Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19376
Entropy (8bit):	5.107462640918202
Encrypted:	false
SSDEEP:	384:2eRSrkGE3iew1QuVxlfpftX5XV/dfQ3NC:2QSrkFKx5dFJZxSN
MD5:	4077A2B749D9FA7516814CF8B0F579F6
SHA1:	C1538D74187467CC426D3837127A026FA7502963
SHA-256:	C615CEA6F11C2A5106EA7DDF06DA26F5E0D318CB3D0C5896A89D380F6FD42315
SHA-512:	0B3356EA2681052375E7938F3352C92FFBDC47A218DD2FFCF4603C8068DB13B763F77596704E35BBE1EC5C5A6814EC44D0741F31F83EA84F6F1AD58C81982D3C
Malicious:	false
Preview:	.ELF......................@.4...(G.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.$=..$=...............@...@A..@A.....P. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.....................d.@.....P6@.....@.@.....d.@.......@.....i..............p0@A.............@@A....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T....AA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_write_errormessage Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19376
Entropy (8bit):	5.116149698996348
Encrypted:	false
SSDEEP:	384:mO8C74mEGSpAPVllfpftX5XV/dfQ3NCJ:mdC74g9l5dFJZxSNa
MD5:	A9138A5F53B94A0EA5CE8CCDE66B2B17
SHA1:	48EAF7A03759F91ED7E5BDB71D6F42FFB0A49B1E
SHA-256:	D1A34763FA3E7A82EC4A9F00E06BE0EBFD8A7F45A2BB22657D326ACE1FC2CEE2
SHA-512:	AB3EEA5D25D108B927789189029A29FBB1E3ADF192C7323640AB72D6D0201839B701E2F6064EA680D51EC3BDAAB73D7D4C844791D17300832B77AD8B9002D077
Malicious:	false
Preview:	.ELF......................@.4...(G.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.D=..D=...............@...@A..@A.....P. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.....................d.@.....`6@.....@.@.....d.@.......@.....i..............p0@A.............@@A....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T....AA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_write_float Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	23648
Entropy (8bit):	5.036761847397694
Encrypted:	false
SSDEEP:	384:98W7b8lPAfX3z5RAtTVtlfpftX5XV/dfQ3NCu:9dn8P/t5dFJZxSN5
MD5:	3B8DD2C2BF0140FE889D60CD13408F6E
SHA1:	51C08E3B269B165ECA1278B5EF1812EF4728021A
SHA-256:	439F082A3A18369CFD6679DEA48B249A291E54D1E96FCEC1871FA701AF79FCE1
SHA-512:	92AF09EBA0A80DC2FD8CE8B1C3AA1C22C0444E8A02BA3528BF368C83BA40D4163C6FAF117709E9B095DDC19E308406708AC9DC5181941BBDAE9A7B1D883AE8A4
Malicious:	false
Preview:	.ELF....................p.@.4....W.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..I...I...............P...PA..PA.,...`. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.............:.........@......A@.....@.@.......@.......@....................p0PA.............@PA....p.......p.......p..@....p+......p>......p%......p/......o..@....o.......oH.@.................................................%...>.......2...<...)...-.......,...................&........... ...1...........0.........../...%...............+...................'...6...$..."...#...................................................;...........=...........................8...............7...................9...............5.......!.......4.......3...................:...(.......*...........................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_write_int Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19548
Entropy (8bit):	5.2575410709896895
Encrypted:	false
SSDEEP:	384:uAZWk97zPH5K+A7eVHlfpftX5XV/dfQ3NCKo:uRke76H5dFJZxSNXo
MD5:	FD689C47D7CE0347E5D055C16038C4FD
SHA1:	ACA5189E8A7C96C48E008C2F8E3535DA09AA6935
SHA-256:	431F5771AD43CA3B468A536961A43BD098FE321BAE8BE79061BF4B64FB940189
SHA-512:	EBB7A23C877A9EB33F6B14C1B7319216F0E53361A1F830FD176111F14383CB38BC9E74C00225E9EA61F64E9175D11418CB6DFE86927AA2A06884615F9074CACB
Malicious:	false
Preview:	.ELF....................P.@.4....G.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.D@..D@..............D@..D@A.D@A.$...\. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A............./.........@.....09@.....@.@.......@.......@....................pp@A..............@A....p.......p.......p..@....p......p=......p%......p.......o..@....o.......o.@.................................................%...=.......1...;...(...,.......+...................%...............0.........../...-...........$...............*...........6.......&...5...#...!..."...................................................:...........<...........................7...............................8...............4....... .......3.......2...................9...'.......).......................................................................t...hAA.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_write_string Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	23648
Entropy (8bit):	5.055926647961275
Encrypted:	false
SSDEEP:	384:d84ODXp7jzxkSA6A4SV0lfpftX5XV/dfQ3NCZ+g:dfaXjez05dFJZxSNK
MD5:	9ABEDAAD1BC03B69EDFA192639B7CF51
SHA1:	1E7B4C077E9E6B0615C89D73CD18D8846BCC390F
SHA-256:	13E6CF811849A7D69F8E76803E4983132C45E5C3FCCACA083BF783448C3EDD88
SHA-512:	EDE2669EA2749D12232005A31AFD662985FE15304945296CC71C4E8110003353BA03BB3CC72FAFD02F560AF6D0FABD565E36C29B098649EFB26DC34EEFC4ED46
Malicious:	false
Preview:	.ELF....................p.@.4....W.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.TI..TI...............P...PA..PA.,...`. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.............:.........@.....PA@.....@.@.......@.......@....................p0PA.............@PA....p.......p.......p..@....p+......p>......p%......p/......o..@....o.......oH.@.................................................%...>.......2...<...)...-.......,...................&........... ...1...........0.........../...%...............+...................'...6...$..."...#...................................................;...........=...........................8...............7...................9...............5.......!.......4.......3...................:...(.......*...........................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sensor_write_string_only Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19408
Entropy (8bit):	5.163160624858157
Encrypted:	false
SSDEEP:	384:Dibay3s66x/GdOmwxV5lfpftX5XV/dfQ3NC4B:Di2y3s6AlD55dFJZxSNJB
MD5:	593ED3DC6A363C08A9441F3BF925E857
SHA1:	0D018AE130A633479ADDCBC79F3666A0CC7F399E
SHA-256:	617BF560A6FF091DDCD0BE46B75C08B8293418A7CF36B9A0580B52087144DE21
SHA-512:	4033E9166410D2CE93E11DA3A65986AB40CF441D7D6E36D88F46D921B1A60042CC227CB0307F6BCEFFAEA45A88C96AC0A98961525E094488E320297AE8A7608C
Malicious:	false
Preview:	.ELF......................@.4...HG.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..=...=...............@...@A..@A.....P. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.....................d.@......6@.....@.@.....d.@.......@.....i..............p0@A.............@@A....p.......p.......p..@....p'......p:......p%......p+......oD.@....o.......o..@.................................................%...:...........8...%...).......(...................0...............-...........,...*.......+...................'...........3.......#...2..."... ...!...............................................7...........9...........................4...............................5...............1.............../...................6...$.......&.......................................................................T....AA.............

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\shm_create Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	30456
Entropy (8bit):	5.4972862060250485
Encrypted:	false
SSDEEP:	384:Ft0qDik+lPHfJgML3G6c+aV68sI68cZV6lfpftX5XV/dfQ3NCL9gMYC2j:c2WgMLdE6g265dFJZxSNk9gdC2
MD5:	0D96F33B805C0151263D7C2ED59229EB
SHA1:	AD89E5EEB5C68049252595196A1CAC9E9FECFED2
SHA-256:	A010F38C4A4CF8E64CA2407DFBEC4447C20AD603D561DAF403742E0D5651B43C
SHA-512:	D0E264837C4E250E6EA5C696EEEB597BCA51C8DBC975B978D50CFCC020DC7416ADDAB12A82347E64161D0C5F201BFCE12A48C5E99AE2459782D9BAEDE4E52991
Malicious:	false
Preview:	.ELF......................@.4...pr.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..g...g...............g...gA..gA......39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A.....,.......................P.@......X@.....H.@.....L.@.......@.....L..............p0iA.............@iA....p.......p.......p..@....p)......pL......p%......p-......o0.@....o.......o..@.................................................C...L...!...C...D...........-.......0...........'...........9...;...2...8.......5...........<...............B...,.......E.......3...........).../...&.......(...*...1.......................?..............."...................>.......4...................................#...+.......................................I...............................H.......................................................K.......@.......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\shm_destroy Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	19692
Entropy (8bit):	5.140278474335757
Encrypted:	false
SSDEEP:	384:bWv6onADKgpezpJMQVjlfpftX5XV/dfQ3NCmb:bc6opzpeAj5dFJZxSNz
MD5:	915B02F5B5458DB50D4B5A9A0EAE63E3
SHA1:	9B523F10050D22DE0411F55A5971C627C84E6A1B
SHA-256:	1408EBACEC4307B1903F0A59A949AE5996FE0C33D9CB738A3A9E1241B330DF8F
SHA-512:	7B1BEE3976A08C5F068C175E12E3DA098284DE3237B902FC138A0C43DCABA8D1A35B54336D612A13F977DEE3A5793C78EB2E8C7D239FA09FD900A129BAD58D0B
Malicious:	false
Preview:	.ELF......................@.4...dH.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.T>..T>...............@...@A..@A.X...x39.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................p.A.....................P.@......7@.....@.@.....P.@.......@.....k..............ppAA..............AA....p.......p.......p..@....p'......p9......p%......p+......o0.@....o.......o..@.................................................%...9.......-...7...%...).......(...................0...........................,...*.......+...................'...........3.......#...2..."... ...!...............................................6...........8...........................4...............................................1...................................5...$.......&......./...........................................................V...XBA.............`&@.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sqldb_read Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	5552
Entropy (8bit):	4.436291376257614
Encrypted:	false
SSDEEP:	96:P6kZ7whNbOjLTGCYzsLOmTHAmD5Vhhbc6RCoB2s:ndwhNbO3CCvLOmTHtLh
MD5:	604E9533A3E59A59BBD8A218DAB399D7
SHA1:	E3AA0A244A10B0B0BD25BB4E547A68BC125E192D
SHA-256:	DB72B22AFFC8C24FF1B12B377B9288F5DD9B3FF50BAF4F1F5DEF4774690EF091
SHA-512:	1DFE0F085A2EE2AC0D6221A19C05B0F4DDAAB731E6642C0E5242417EE783E32B6521C62B2A19683B780EF2E9986AE1ED962081E5D22CEAE1897E62B7587082E7
Malicious:	false
Preview:	.ELF......................@.4...P......p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@...........................A...A.....................`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.......................A.............P.......^.......X.@.......@.....H.@.....P.@..... .@....................p..A...............A....p.......p.......p..@....p.......p#......p.......p.......o8.@....o.......o..@.....................................................#....................................................................................... ...................................................................................................!......."...................................h.A...............................@.........:.....A.........v.....A.........o.....A.............h.A.........h.....@...............A.........0.....A.........z...h.A...............@.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\sqldb_write Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	20736
Entropy (8bit):	5.318106571679952
Encrypted:	false
SSDEEP:	384:wGUhJzajpOoH7Idtf9hV2lfpftX5XV/dfQ3NCZ0kfp2:LUDajAnz25dFJZxSNq02w
MD5:	3EE3B247A80AF09B4BB59C0009617470
SHA1:	5FC7F43FE1A84F99295F00AAB14FC1DC83C90D5F
SHA-256:	6AAAC4BDFC4C0C71AD967EAF579B7E12A50928066123049C953A4FD70D29427C
SHA-512:	4827D96A410B8E5017E18F3A16D670DC7E21D40C22AAE2FB0F3F6044BE9CC2F355C2BEE015EB57AFB3B2BCB8CA6A78F7F0A230A667F5F2C44BAE5FD4D06DBAE4
Malicious:	false
Preview:	.ELF......................@.4...xL.....p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@..E...E...............E...EA..EA.H...\|. .............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................0.A...............................@......<@.....H.@.......@.....t.@....................p0EA.............@EA....p.......p.......p..@....p'......pF......p%......p+......ol.@....o.......o..@.................................................C...F... ...>...?...........+...................&...........6...8...0...5.......3...........9...................*.......@...,...1...........(...-...%.......'......./.......................;...............!...........................2..................................."...).......................................D...............................C...........................................................<...........

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\timer_demon Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	58420
Entropy (8bit):	5.721157921206139
Encrypted:	false
SSDEEP:	768:V6+TQbQZD1bp6EuNw2w0PU4SIflqLAYsoCga5dFJZxSNbFFDmCMsn:pO61Vbz0P9SItpYVZ9D
MD5:	0271E72436A81DA549114DD916268E5B
SHA1:	F9AC02E66B2094EA60BF921D841ED5AEBA48BC75
SHA-256:	549D072924C992E324BC96FC46072DF00BCECEE3752B765A40CDD65609407BE0
SHA-512:	56B65CA8C1C2A1520F887A13C5C866B1FBA37AB62F9B9B68D3C29E4728580CF645B654CA11174E90CC6AD1088C7121D4A86C679C88E353223E750147599A9B74
Malicious:	false
Preview:	.ELF......................@.4..........p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@...........................A...A......p%.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................`QB.....z.......H.......V.........@.......@.....H.@.....(.@.......@....................p`.A.............p.A....p.......p.......p..@....p]......p.......p%......pa......o..@....o.......o..@.............................................................$.......f...H.......N...a...............!.......o...........:...t...`...............m...............k.......................S..."...P...G.......l...R.......2...K...M...........\...................)...?...........g.......@...............................{...............4...........B...8.......U.......A.......b.......Y...i...........D...T...c...(.......................O...#...5...........e...j...<...r...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\allnet\update_demon Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	53940
Entropy (8bit):	5.564855394023852
Encrypted:	false
SSDEEP:	768:Ah9e8SQV+O0fsWnf4fUdCYe5yCmYV49mb1OFfWa5dFJZxSNkJSO6FDrCsJja:fQwfsi4fU1zC1O9m6uASND
MD5:	E3DADC83F2F722AEC3A461285ED61393
SHA1:	96E918C5129D013059A7BF122844A676E86B0738
SHA-256:	FD6E3C89973C16CD5E2CAE44FF677B6755A884F5303FDF0C2E5BE15C53572FFE
SHA-512:	EEE2D1CB98E93D12F2A31F6AA3AEF268685B507343BAC07C3BD61D78FCD6754884891DD5915D73309983868D2FF15BFCEDC5960728DB572A91B3C7EDE0181758
Malicious:	false
Preview:	.ELF......................@.4...,......p4. ...(.........4...4.@.4.@.....................4...4.@.4.@....................pH...H.@.H.@...........................@...@.T...T.....................A...A.....(.$.............`...`.@.`.@.................Q.td............................................................/lib/ld-uClibc.so.0.....................P@B.............O.......].........@..... .@.....H.@.....8.@.......@....................pP.A.............`.A....p.......p.......p..@....pP......p.......p%......pT......o..@....o.......o..@.............................................................".......Y...A.......G...T.......................c...z...B...8...h...S...............a...............^......._...6...........C.......I...4.......`...>...........D...F...........Q...........K.......'...............Z...............$.......v...............o...............3...........~...7.......M...............U.......W...\...........=...L...V...&.......................H...).......t.......X...]...:...f...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\usr\sbin\lighttpd Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
Category:	dropped
Size (bytes):	189520
Entropy (8bit):	5.904243043560016
Encrypted:	false
SSDEEP:	3072:KpfrUiGgZwI8C6K2SOiOESYXHauHXTDnvDHqMJVymihBTyh9ViAhvjMPeDuh9VWT:KpfrUiGgZwI8C6K2SOiOESYXauHXTDnB
MD5:	BC242D93342B98C10341AC8716180178
SHA1:	61BE0803AC9A166BF93E32BA3ED21418E135824D
SHA-256:	E162C75B44B3CF2FC08F022596F4BCD1C3F583DBCED3E08B1011620881EBD0BA
SHA-512:	4D6499489287BE7D4FF446277CADF2D473C68636D35B226A8B230B3267728DD6263374BDCE7A76598457C2C1F7FA80D042BBEF5ECBF7FEA5FD6550AB9D115CDB
Malicious:	false
Preview:	.ELF.....................l@.4...@......p4. ...(.........4...4.@.4.@. ... ...............T...T.@.T.@....................ph...h.@.h.@...........................@...@.......................C..C.....T.....................@...@.................P.td......B...B.................Q.td............................................................/lib/ld-uClibc.so.0.....................p0D.....................%.......5.......H.......~.......XG@.....`NB.....h.@......*@.......@....................pp.C...............C....p.......p.......p..@....p.......p.......p!......p............................................................D.......E...o...t...........;.......-.......)...^...@...1..."...............2.......................................................%...u...................M...............................'...............................................X...5...............................................Y...................#...........B...............U...............o...........$...v.......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\about.html Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	54823
Entropy (8bit):	4.90985981274309
Encrypted:	false
SSDEEP:	768:sMK3n1rp3fAbQBFgR7sY9fp8Ymrp7jkr7isUVP12uj:dK3n1l3jY9TkWuseN2s
MD5:	B662C11B311A51AA456436AB531E6192
SHA1:	12AB8C53918BC35E982561DCF6692514BB32CB60
SHA-256:	9D60F5D8CA33BEC882FC29DFE53EB52EA9BA12183C82961B0E8EAB865FEE20B6
SHA-512:	341B3D0ED3CF20FAAC054C7015AE8765ACD719B960A12DF50BC6441FF3D9B32E657540D9737A044478D62740212A5E192EE94BEDC131451D904812B2FCD4372A
Malicious:	false
Preview:	<div style="color:#666;border:1px solid #DDD;border-radius:4px;padding:12px;font-style:italic"><b>DISCLAIMER_OF_WARRANTY</b><br>.....This Program is free software; you can redistribute it and/or modify it under.....the terms of the GNU General Public License as published by the Free Software.....Foundation; version 2 of the License.<br>.....This Program is distributed in the hope that it will be useful, but WITHOUT.....ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS.....FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.<br>.....You should have received a copy of the GNU General Public License along with.....this Program; if not, write to the Free Software Foundation, Inc., 59 Temple.....Place, Suite 330, Boston, MA 02111-1307 USA.<br>.....The full text of the GNU General Public License version 2 is included.....with the software distribution in the file LICENSE.GPLv2<br><br>....<b>NO WARRANTY</b><br>.....BECAUSE THE PROGRAM IS L

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\change_loglevel.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.378789942226842
Encrypted:	false
SSDEEP:	6:mxGJUAfvk2xGJUAGFnRMQovjXuDOVrBL6e07+cZ5sfwl:mHAfv9HAcqnvjXuDOVrBL27JZyfwl
MD5:	CBE438D50AA8B62B8434D6A951DAD862
SHA1:	B306845B0526492EB708CF247CAB19D65A0E332F
SHA-256:	FEA7005A61CB7E29E923E20ADC92B04F7908ACD9067E25489F80AF9767CE0F7E
SHA-512:	F80AFE2FF6DB2225CB7C6E09CFC6F4300FCE9101D0830F99E63D20B58291717B8A4B8DCCCB6A851A448992DDF17EBD84A1DC8E2CA4423D51DCDA7AEFDD6C8B1B
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/xhrSession.php";.if(isset($_POST['field'])) {..db_write( str_replace("f_", "", $_POST['field']), $_POST['loglevel'] );..reloader(array(4,6,12,13,22,23,36,37,38,39));.}.?>

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\config_actuator.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	22277
Entropy (8bit):	5.372195974018369
Encrypted:	false
SSDEEP:	384:jeL0b9NQ6rhN3ZsmbNrwBZUskbXznqGOIOtzewDAjy88AtAKbo9MzvSpAdh6:lNQORED0biMzvSpG4
MD5:	68A53AABDBA871C4B5AAB1746AD34954
SHA1:	0843B68D8973DB4EF0322BB5189007012EA7C5AE
SHA-256:	2347239ACF399DDC84292D207016180C27F39AD28DC5C607C6DF1CFF534D77A4
SHA-512:	7B89E3E78313182C40E230E3327787977FEA7559A42773AE05E166049219B774ECA562D55A46EBDFAE5F89AE790D346DEDE1993DECC2ECF343123826DA2A3EFB
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..include "/www/include/xhrSession.php";..include "/www/include/option.php";..$device=trim(file_get_contents("/etc/default/device"));..$expert= db_read("/control/frontend/expert");.if(!isset($_POST['gw'])) {..$disabled="false";..if(isset($_POST['disabled']) && $_POST['disabled']=='1') {...$disabled="true";..}..$config_sensor_logical_id=$_POST['config_sensor'];..$site_count=db_read("/control/frontend/sites");..$sitenames=json_decode(db_read("/control/frontend/sitenames"));..$display_expert=null;..$display_limit=null;..$displayAveraging="display:none;";..$stm = "SELECT sensors_logical., external., mapping.* ";.$stm .= "FROM mapping ";..$stm .= "INNER JOIN sensors_logical ";..$stm .= "ON mapping.id_logical= sensors_logical.id ";..$stm .= "INNER JOIN external ";..$stm .= "ON mapping.id_physical= external.id ";..$stm .= "WHERE sensors_logical.id = '".$config_sensor_logical_id."'";..$sensors=db_all_read_single($stm);..$chipinfo=$sensors['i2c_chip_id'

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\config_analog.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	26649
Entropy (8bit):	5.389567764787096
Encrypted:	false
SSDEEP:	384:VS1X+f4+LVbR11pK1BoCAFSN/QEtO6r3AsmbFU61wTb1Kbsb2B2g5zrBtwTmEOvr:V6X+ZK1zfr3ARXvbi/zvCpl8wd9
MD5:	69CA223CBD962C073436685201FE27C7
SHA1:	EB99B4C912C0B6B9FAC7AE6C7E6F575385D0D918
SHA-256:	849AD655A9734743ACFA0BFABF263618A721F3758109592CF4CC420C6E223858
SHA-512:	459A4E6FA0F7538DDBF1B126A7247F2428CDA4B29208A90730F4362A135F5D310119890DEF9A982CBBED9F873F99361B88E76410B836AFEDDE9DCC334AD7B040
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..include "/www/include/xhrSession.php";..include "/www/include/option.php";..$device=trim(file_get_contents("/etc/default/device"));..$expert=db_read("/control/frontend/expert");.if(!isset($_POST['gw'])) {..$disabled="false";..if(isset($_POST['disabled']) && $_POST['disabled']=='1') {...$disabled="true";..}..$config_sensor_logical_id=$_POST['config_sensor'];..$site_count=db_read("/control/frontend/sites");..$sitenames=json_decode(db_read("/control/frontend/sitenames"));..$display_TileHeight=null;..$showActorActionSpinner=null;..$displayAveraging="display:none;";..$stm = "SELECT sensors_logical., external., mapping.* ";..$stm .= "FROM mapping ";..$stm .= "INNER JOIN sensors_logical ";..$stm .= "ON mapping.id_logical= sensors_logical.id ";..$stm .= "INNER JOIN external ";..$stm .= "ON mapping.id_physical= external.id ";..$stm .= "WHERE sensors_logical.id = '".$config_sensor_logical_id."'";..$sensors=db_all_read_single($stm);..$chipinfo=$sensors[

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\config_digital.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	24225
Entropy (8bit):	5.387258571557625
Encrypted:	false
SSDEEP:	384:yGLhbxcR4LNrNkA4j6ZUsfAAAKRbGaqGxub6pmTQYWb4TzvSp9n2fnYYb:R3AA40b4TzvSpVtYb
MD5:	E81F6587C9342F5DDFBF9113AE69A57E
SHA1:	6C95D73479D2972FFDBBA968953D24D77FAFFD5D
SHA-256:	2D9DD0FC75EEE64A9E03B1F6B9B5F4FB064C18657AADB91C91BC3C43A557CAEA
SHA-512:	F9919D57315D097E043C83FABF06CC53789867023D31F2B6706EDA38E92703E40BFA3DA40ADCCD959411BB9E3A2340BEEE82C3D845B55FC05A40FB8328F40839
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..include "/www/include/xhrSession.php";..include "/www/include/option.php";..$device=trim(file_get_contents("/etc/default/device"));..$expert=db_read("/control/frontend/expert");..$mathFunction=true;.if(!isset($_POST['gw'])) {..$disabled="false";..if(isset($_POST['disabled']) && $_POST['disabled']=='1') {...$disabled="true";..}..$config_sensor_logical_id=$_POST['config_sensor'];..$site_count=db_read("/control/frontend/sites");..$sitenames=json_decode(db_read("/control/frontend/sitenames"));..$display_expert=null;..$display_limit=null;..$showToday=null;..$showAbs=null;..$display_config_fontSize=null;..$stm = "SELECT sensors_logical., external., mapping.* ";..$stm .= "FROM mapping ";..$stm .= "INNER JOIN sensors_logical ";..$stm .= "ON mapping.id_logical= sensors_logical.id ";..$stm .= "INNER JOIN external ";..$stm .= "ON mapping.id_physical= external.id ";..$stm .= "WHERE sensors_logical.id = '".$config_sensor_logical_id."'";..$sensors=db_all_r

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\config_download.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	2465
Entropy (8bit):	5.459949630332517
Encrypted:	false
SSDEEP:	48:l2z7v1lhnvp/f8bXUrdL/f9ja+qADfXhByfXhUU3hx4mF:l2f1RzaWyusj
MD5:	754A05B344D562E75EEC9D198578EA90
SHA1:	8263E0C3471A5D5A3B309C60D6C453F6AE8A8108
SHA-256:	F4FEDBF1D32EBC36202CB06A205F1E89F01134D0C544E53315DB2411380E266D
SHA-512:	E49BE213F457FBED7B3EB51BBE0B1D511187BB8AB602D43D683E0A67E7BE0EF3FD96BD17E8D444C33C421CAD72FC3A6FF2E7AE187CD55861BDC7A70CBC977920
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..$page = basename(__FILE__, '.php');..if(session_status()=== PHP_SESSION_NONE) { // PHP_SESSION_ACTIVE...session_start();..}..if(!isset($_COOKIE["ALLSESSID"]) \|\| $_COOKIE["ALLSESSID"]!=session_id()) {...die("no permission");..}..$devicetype=trim(file_get_contents("/etc/default/device"));. .$devicename = $devicetype."_config_".date("Ymd-his").".cfg";..$uuid=trim(file_get_contents("/etc/default/uuid"));..$configSave=$devicetype."_".$uuid;.//******************* NEW..$zip= new ZipArchive();..$zipFile="/tmp/".$devicename;..if ($zip->open($zipFile, ZipArchive::CREATE)!==TRUE) {...echo json_decode(array("error"=>"777XXX", "text"=>"_CONFIGURATION BACKUP KONNTE NICHT ERSTELLT WERDEN_"));.. exit;..}..$zip->addFile("/etc/allnetenv/config.s3db",$configSave);..$zip->addFile("/etc/allnetenv/accessHelper.json","/etc/allnetenv/accessHelper.json");..$zip->addFile("/etc/remote_access","/etc/remote_access");..$zip->addFile("/etc/passwd","/etc/passwd");..$zip->a

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\config_expert_inc.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	6584
Entropy (8bit):	5.19467350306431
Encrypted:	false
SSDEEP:	96:SOTJJpMM0X1M+AN1p11No1wNg7UXXg7k84b5GC0Tz3xpVbfd:SOtJ2M0lM+AnpPNSwNgAngYb5GC0TDFR
MD5:	20EED1C76BBB4A2FD68EF21D161ED7D1
SHA1:	0F945C65F51CA3066A7590B8AFA1067C6B56F65F
SHA-256:	A066817CA15B9B88C71B10BFBF8ECECDF98F38F1D974BD6CB58EFF1D72F7633A
SHA-512:	AF6368FFE474C5D4D18D06DA2AE280E37A70E326A8366F5784CE2A05A9C9454BED9A6FB4639B4B4C53D6DF7B3AA119610EE39317C66AE4F1CEA4ACE4460D9CBE
Malicious:	false
Preview:	<?php if(isset($mathFunction)) { ?>....<div id="3">.....<fieldset>......<div>.......<span class="radio">........<input type="radio" id="f_math_on" name="f_math" <?php if($sensors['math_activ'] =="1") { echo "checked=\"checked\""; } ?> value="1" /><label for="f_math_on"><?php echo _000016_; ?></label>........<input type="radio" id="f_math_of" name="f_math" <?php if($sensors['math_activ'] !="1") { echo "checked=\"checked\""; } ?> value="0" /><label for="f_math_of"><?php echo _000017_; ?></label>.......</span>.......<br />.......<span><label class="config"><?php echo _001600_; ?></label></span>......</div>......<div class="mt10">.......<span class="config"><?php echo _001604_; ?></span>......</div>......<div class="mt15">.......<span><input class="itext add" id="f_add1" name="f_add1" type="text" value="<?php echo $sensors['add_1']; ?>" /></span>.......<br />.......<span><label class="config"><?php echo str_replace("%", "1", _001601_); ?></label></span>......</div>......<div class="mt15">.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\config_load.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	3515
Entropy (8bit):	5.351810889457629
Encrypted:	false
SSDEEP:	96:l2GncCMt7OWm8T9Xh+NjiwT14H6jU7rXIfIWW2b/+oeO0ey+A:TTC7nZaL6fr5EbWxOdyv
MD5:	7E9F25E6273AF80745C397F41E4468A6
SHA1:	39793600612F4B43BD9BE9C47D8EE85E4EAA1B91
SHA-256:	E29A27FADFB1EA8A3AC6D048F9BC1F10765A60A3235E0C95CD9FD649BD919211
SHA-512:	59F6350E61FFAD53BE2B17507414DFB433ABA9F6CBD085DCF165C8E5D8D03AE94E8872A2547E96C86622B4D38223D424549C3C33DF3A46C9DC48C222B4BACBCF
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..include "/www/include/xhrSession.php";..$db= new PDO('sqlite:/etc/allnetenv/config.s3db', '', '');..$devicetype=trim(file_get_contents("/etc/default/device"));..$uuid=trim(file_get_contents("/etc/default/uuid"));..$result=array("error"=>false, "message"=>null, "ip"=>null);.//.$devicetype_current=$db->query("SELECT tag, value FROM config WHERE tag = '/control/devicename'")->fetchColumn(1);..$uploaddir = '/tmp/restore/';..if(file_exists($uploaddir)) {...exec("rm -rf ".$uploaddir."/*");..} else {...mkdir($uploaddir, 0777, true);..}..$uploadfile = $uploaddir. "restore.cfg";..$temp= json_encode(print_r($_FILES, true));..if (move_uploaded_file($_FILES['configfile']['tmp_name'], $uploadfile)) { // Datei verschieben, falls eine Datei geladen wurde...$zip = new ZipArchive;...$restoreFile = $zip->open($uploadfile);...if ($restoreFile === TRUE) {....$configFile=$zip->getNameIndex(0);....$test=explode("_",$configFile);....if(count($test)==1 \|\| substr($tes

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\config_sensor.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	42709
Entropy (8bit):	5.358166176516003
Encrypted:	false
SSDEEP:	384:fKALhbxcR4LNrNkA4j6ZUsfAAAKWbNKbgb7zbKp5RROtHZvznbaM3XPNXh1hpcQn:z3AA4L2bwUzvSpVCYb
MD5:	44EB5925D6A39CC251DB612545B8C097
SHA1:	CCBE7AD9ABE021123D478E5ABCA16529EB901901
SHA-256:	C234D2F69E146F55038DF0AA4E7C545AE4F992BDD839EC945036B4A567F970AF
SHA-512:	8E4C5AE6F5FBAB6A604D50E9B3684A36080C6A25B1DC0407ACD5D5D7A5C0BE0AC4C8991129FB92C9F73E28DD20A51DF96B54908A4D332698C2926ED83A9AC237
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..include "/www/include/xhrSession.php";..include "/www/include/option.php";..$device=trim(file_get_contents("/etc/default/device"));..$expert=db_read("/control/frontend/expert");..$mathFunction=true;.if(!isset($_POST['gw'])) {..$disabled="false";..$showAbs=$showToday=$display_minmax=null;..if(isset($_POST['disabled']) && $_POST['disabled']=='1') {...$disabled="true";..}..$config_sensor_logical_id=$_POST['config_sensor'];..$site_count=db_read("/control/frontend/sites");..$sitenames=json_decode(db_read("/control/frontend/sitenames"));..$display_expert=null;..$display_limit=null;..$display_config_text=null;..$display_config_fontSize=null;..$display_config_canvas=null;..$display_show_section=null;..$display_show_area=null;..$display_show_threshold=null;..$display_show_lcd=null;..$display_config_chart=null;..$displayAveraging=null;..$stm = "SELECT sensors_logical., external., mapping.* ";..$stm .= "FROM mapping ";..$stm .= "INNER JOIN sensors_logic

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\config_sun.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	9179
Entropy (8bit):	5.342644589309772
Encrypted:	false
SSDEEP:	192:oIp8h186+/gg4td4Wcv0ggGbiqppQvQbOGCZt:oCk+/8tdzmiD
MD5:	FFF447F819F4B1474880D06DB42374C9
SHA1:	E4C65C44B1B88DAC177F7F1604EBA39E58047B88
SHA-256:	9BF939C2781F658EF78E931D09BBFD2AAE605080677AFD8EB946B1F45870472D
SHA-512:	EF9ED30D29524E749E29E6D3182DF2BFC05309DDDA6B7E63A3ADF701EB7D252C772AA3930D322BEB20B8ADA1EBE25954375D90B99A212D7285102FD8923A46E8
Malicious:	false
Preview:	<?php.function getSunInfo($sunTimerData) {..$sunInfo = date_sun_info(strtotime(date("Y-m-d")), $sunTimerData['city_lat'], $sunTimerData['city_lng']);..foreach ($sunInfo as $key => $val) {...$return[$key]=date("H:i:s", $val);..}..return json_encode($return);.}.include "/www/include/sqldb.php";.include "/www/include/xhrSession.php";.include "/www/include/option.php";.$expert=db_read("/control/frontend/expert");.$device=file_get_contents("/etc/default/device");.if(!isset($_POST['gw'])) {..$geoTimezone=db_read("/geodata/city_timezone_id");..$geoname=db_read("/geodata/geonames");..$dataSunJson=json_encode($_POST['sunTimerData']);..$sunTimerData=$_POST['sunTimerData']['geoData'];.?>.<style>..table {.width:100%; }..tr { .line-height: 30px; }..td { .white-space: nowrap;....width: 33%;...}...tag { .font-size: 14px;....margin: 7px;....font-variant: small-caps;....color: #fff;.</style>.<script type="text/javascript">..$( ".radio" ).buttonset();..$( ".button, #delete" ).button();.</script>..<div i

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\config_weather.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	12759
Entropy (8bit):	5.426551192844064
Encrypted:	false
SSDEEP:	384:mYJ1iWTNrNI9H6RHO2mjOO+yDcIubaI8E:PTOGIubd8E
MD5:	3378E3B3D1589F4F9FCF3FDCE574F9E8
SHA1:	26539D6497FB04404DA8C0A5EA3F3E4B902EF001
SHA-256:	543169EF91A0AD93CED54300A47A77D95A19A802C3F15CA4FA205A7807FDDB00
SHA-512:	150471D04FDC71982F11B30818AA02FD2253CAD424F64B4E98ACBC753002594654049ACAA6E66762131ED5047291EF3818FB0ED423637C9ACAAA29905B946EAB
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..include "/www/include/xhrSession.php";..include "/www/include/option.php";..$expert=db_read("/control/frontend/expert");..$device=file_get_contents("/etc/default/device");.// .$weatherAppIds=array("a71719068a9321b883bdbd8b6d11d5bb",.// ......"8c640e32fa11b12bbc9c5e2bf464f4be",.// ......"294f595c89d758814444575e32332a2f",.// ......"966a046ababd415510f254bec270f823",.// ......"f2db21738b91140f3a30ea16cc42edae",.// ......"94a95727557ddba51ed8b7b169d53edd");..$weatherAppIds=array("ALL3072" => "f2db21738b91140f3a30ea16cc42edae",......."ALL3073" => "f2db21738b91140f3a30ea16cc42edae",......."ALL307503" => "f2db21738b91140f3a30ea16cc42edae",......."ALL3418" => "966a046ababd415510f254bec270f823",......."ALL3419" => "966a046ababd415510f254bec270f823",......."ALL3500" => "8c640e32fa11b12bbc9c5e2bf464f4be",......."ALL3505" => "8c640e32fa11b12bbc9c5e2bf464f4be",......."ALL3653" => "f2db21738b91140f3a30ea16cc42edae",......."ALL3690" => "294f595c89d7588144445

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\connection.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	5.556264475260619
Encrypted:	false
SSDEEP:	24:AUvlUenSv7v51vCGIp+PsIh4J9M19M7Mh5A9M4oMp9Mu2MNhQYaDBy7+FFiLM+Mu:A2lUenSv7v5oGIp4sIhv5qoehxa3DiM8
MD5:	C7206C0076BED179DFEA159BE6104FFA
SHA1:	42C5E284F97AC58DB5764337F1439988F61BC45C
SHA-256:	D047656E1C8935E00981CB6CDE67393CA5B20FBAD9461DDBD75901BF4C6188DF
SHA-512:	15B2C9400817CCCABC264298AF9A1B3BC93E95E62F64B89DC32018E8A125A067A170A7E9A13D38DD05436C5B7059F0D9F8E69814C4B5D7774BED675D0F606C65
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.//include "/www/include/xhrSession.php";.$hwid = db_read("/sys/hardware/numeric_model");.$localnetwork=db_read('/control/device/localnetwork');.if($localnetwork=="1") {..die("{\"connection\":\"ok\"}");.}.$result=array();.$curl = curl_init();.curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);.curl_setopt($curl, CURLOPT_URL, "http://www.google.de");.#curl_setopt($curl, CURLOPT_URL, "http://www.googleXXXXX.de");.curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, "3");.curl_setopt($curl, CURLOPT_TIMEOUT, "5");.#curl_setopt($curl, CURLOPT_HTTP200ALIASES , array(200,201,202,203,204,205,206));.curl_exec($curl);.$result_a = curl_getinfo($curl);.if($result_a['http_code']>=200 && $result_a['http_code']<=307) {..$result['connection']= "ok";.} else {..curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);..curl_setopt($curl, CURLOPT_URL, "http://www.allnet.de");.#.curl_setopt($curl, CURLOPT_URL, "http://www.allnetXXXXXX.de");..curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, "3

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\daemonStatus.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	2853
Entropy (8bit):	5.314924738117918
Encrypted:	false
SSDEEP:	48:9gPJ156gpItINg5iv4bUl+VT1tdm7vGCW4KU3TjixbX/2/:u7wtp1taBW4KUjv
MD5:	3812556BEAC0CE72BCA683FED0B174B6
SHA1:	4A618ED793E84A1B048BC1F1C34DEC8399C71A2E
SHA-256:	6BCA78551996FACEC6D62960A25E2CF00C21A8F7B30144885ECC47F43F24AD48
SHA-512:	8AFDB18BE86CC694763A72B3B82073BB3C9A48210AD63254910DE164ED175FC23B69CD4BD3D53F38339DA32163D16DD5EC4ABF57555FDB791EB935B91903DDFE
Malicious:	false
Preview:	<?php..if( isset($_POST['cmd']) \|\| isset($_POST['call']) ) {...if(isset($_POST['cmd'])) {....$cmd=$_POST['cmd'];....exec("/usr/sbin/allnet/".$cmd."_readstatus -j", $output, $return);....header('Content-Type: application/json; charset=utf8');....echo file_get_contents("/tmp/".$cmd."_status.json");...}...if(isset($_POST['call'])) {....file_put_contents("/tmp/statusCall", $_POST['call']);...}..} else {...$cmd=file_get_contents("/tmp/statusCall");.?>..<html>..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />...<meta http-equiv="x-ua-compatible" content="IE=edge">. <title>Daemon Status</title>...<link type="text/css" rel="stylesheet" media="screen" href="/css/jquery-ui-1.11.4.custom.min.css">...<link type="text/css" rel="stylesheet" media="screen" href="/css/allnet.css">...<link type="text/css" rel="stylesheet" media="screen" href="/css/allnet_table.css">...<link rel="shortcut icon" href="/favicon.ico" />...<script type="text/javascript" src="/script/jqu

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\data.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	512
Entropy (8bit):	5.285879423662649
Encrypted:	false
SSDEEP:	12:eyAOJnxO6Lu3eVMeAO9O9INWCPWCI9AM3yAMb:DxVM/SPPd4AVAS
MD5:	48F091B118EB001F4CB784206C49E7A3
SHA1:	9A133DE83D39C9D2A6A54472A4110127384DD188
SHA-256:	FEFF276EC03F2C04CA3822288EE1791EC84E6D9A9CAACE3720AFA3913420F41B
SHA-512:	8B184E5922A8FB71D1AA92DCED564F3838CEA9DCDC8938492ABCE7F155EC18FF08A1E6D10995C19119F31CFF061F8C18F2EF641FA7DF17627B726EA87BD58E28
Malicious:	false
Preview:	<?php.if( isset($_POST['type']) && $_POST['type']==="short") {..if(isset($_POST['id']) && is_int(intval($_POST['id']))) {...echo file_get_contents("/tmp/svg/sensor_".$_POST['id'].".json");..}.}.if( isset($_POST['type']) && $_POST['type']==="3day") {..if(isset($_POST['id']) && is_string($_POST['id']) ) {...if(file_exists("/etc/allnetenv".$_POST['id'])) {....echo file_get_contents("/etc/allnetenv".$_POST['id']);...} else {....echo "\"ID\";\"DATE\";\"TIME\";\"0\"\n\"TS\";\"DATE\";\"TIME\";\"0\"";...}..}.}.?>

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\db_tools.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	7566
Entropy (8bit):	5.552235959394298
Encrypted:	false
SSDEEP:	96:A2qfOQEMtKIW4skJce+erKLjGkHtYMrFb2jLIXAma2TIwJsePTpJsaz65Y6waVCf:cfOQVHbfk7NpFb2/Pin/2bM8/ENzacsG
MD5:	99F034A62DA9260B6118E358DB5AAC9B
SHA1:	00C62D2CEBDBD9FE34683EBD20AA748AA8B0A78B
SHA-256:	2AC83035611557727306FB6EA8FDA83CDB80DAFC2D590030BF651FFFF2E3D8C1
SHA-512:	6355DC8D14921A97387537ECA9E01C8956F542B1D136A80C17C875486260E552187D9C6844F6222B50F0224AD416C953A5D19C5F4E76CB2EE58FF60B310FC07C
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$id=$_POST['id'];.switch ($id) {..case "expert":...if(isset($_POST['show'])) {....if($_POST['show']=="0" \|\| $_POST['show']=="1") {.....$sql="UPDATE frontend SET activ = '".$_POST['show']."' WHERE entry='menu_config_basic' AND value = 'deviceservices'";.....db_all_update($sql);....}...}..exit;..case "tileBackground_analog": // Farbwechsel f.r Analoge Elemente De-/Aktivieren...$stm="UPDATE sensors_logical SET fe_show_alert='".$_POST['set']."' WHERE fe_view<='2' AND fe_digital='0'";...db_all_update($stm);..break;..case "tileColor_analog": // Reset aller EIN/AUS Farben f.r Digitale Elemente auf gew.hlte Farbe...$newColor=$_POST['normal'].";".$_POST['min'].";".$_POST['max'];...$newColor=str_replace("#", "", $newColor);. ..$stm="UPDATE sensors_logical SET tileColors='".$newColor."' WHERE fe_view<='2' AND fe_digital='0'";. ..db_all_update($stm);. ..db_write('/control/frontend/tileColor_analog', $newColor);..break;..case "tileBackground_digital": // F

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\delete.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	5987
Entropy (8bit):	5.430005917494712
Encrypted:	false
SSDEEP:	96:A2BncTqsI2sQCWbj+q+D/kD78yDDND+fWTsuNDVmWipD8/szLsQLWEQhiqBliwiR:fuyvGUlfMi8C8ieliwiROzVVujI3UxBP
MD5:	762911D733E6CC7BA4DD08945CEFB323
SHA1:	28D0A437152B3E47CA5222F742B3AE0769899A47
SHA-256:	4B710F67407CDB523ECC6515A51BE2C81F3F7E4E4CBE4AC6E4F6C3E70441965A
SHA-512:	46B3D8B895B3C1AC3790629CE44F3083947C4270D606D0CB39E4EF532B6547C41CEE54329763A90214D7BC125F71315CC1726E135D18808B80060B060FF1EF49
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/xhrSession.php";.if(isset($_POST['db'])) {..$reload_energy=array('20','21');..switch($_POST['db']) {...case "actor":....$stm="SELECT id, id_physical FROM mapping WHERE id_logical='".$_POST['id']."'";....$map = $db->query($stm)->fetch(PDO::FETCH_ASSOC);....$stm ="SELECT id_logical FROM mapping WHERE id_physical='".$map['id_physical']."'";....$delete=$db->query($stm)->fetchAll(PDO::FETCH_ASSOC);....$stm="DELETE FROM external WHERE id='".$map['id_physical']."'";....$db->exec($stm);....$stm="DELETE FROM sensors_logical WHERE id IN ( SELECT id_logical FROM mapping WHERE id_physical='".$map['id_physical']."' )";....$db->exec($stm);....$stm="DELETE FROM mapping WHERE id_physical='".$map['id_physical']."'";....$db->exec($stm);....reloader(array(1,3,4,5,7,9));....foreach($delete as $d) {.....$file="/etc/allnetenv/sensorhistory_ts_".$d['id_logical'].".dat";.....if(is_file($file)) {......unlink($file);.....}....}....break;...case 'matr

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\dhcp_range.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	2260
Entropy (8bit):	5.235919772005674
Encrypted:	false
SSDEEP:	48:A2BnSvKngNl3lBXORiLp6ORmLpsjBgxioiMh5+L58u58QK8Rg8tgZvFNYly:A2BncgEl3kiLnmLWSxPFaBGhTZvkly
MD5:	AB19F821B3A84115F6298EF890808E50
SHA1:	B60E08EB7B6ABD16F3FB586B8A9D89FACCDBDB77
SHA-256:	173493F417104CBCEA1938A051B9E45AAF01E2A61EF63F440CC05298357C1DBA
SHA-512:	EB1B9E96CA85F55181E83FE8902806D549215264DA49D9CB4452D379FD331EE9022AC043A0E529084D66167406935AAE99BF6A31CB8EF42B1E893958897BE8E9
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/xhrSession.php";.$lanPart=db_read('/sys/network/udhcpd/lanPart');.$dhcpStartIp=db_read('/sys/network/udhcpd/startPart');.$dhcpStopIp=db_read('/sys/network/udhcpd/stopPart');.if ( !isset($_POST['gw'])) {..$display = "none";..?>..<form id="dhcpconfig" name="dhcpconfig" method="post">...<input type="hidden" id="gw" name="gw" value="1" />...<input type="hidden" id="lanPart" name="lanPart" value="<?php echo $lanPart; ?>" />...<div id="enabled" style="display:block;">....<fieldset style="width:450px;">.....<div>......<span>.......<input class="itextuser" style="text-align:right;width:100px;" disabled="disabled" type="text" value="<?php echo $lanPart; ?>" />.......<input class="itextuser" style="width:85px;" id="f_ipstart" name="f_ipstart" type="text" maxlength="3" value="<?php echo $dhcpStartIp; ?>" />......</span>......<br />......<span><label class="config"><?php echo _000301_; ?></label></span>.....</div>.....<div class="mt15">

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\dragsave.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	785
Entropy (8bit):	5.397983977851014
Encrypted:	false
SSDEEP:	24:VfUvGnSvNsiQ9MIzTQBpYNd3pYXpYbPtkYAOP+KXKTQ4de8U:Vf2GnSvNYMIzTopM3pEpgSODXKTr5U
MD5:	A4B4DBDC6EB52E10CF07343303E66F1A
SHA1:	78667154E8D9D720EF50D247D52372A6F2C7F566
SHA-256:	B3F8D8094F0EA8A106DF7B1F2E881A9F3D3A4845BB2B3AD3922E4A498339D648
SHA-512:	51A54DF1A4F82BED1705EDB3822E8A85ACB5129D14456468ED1FF90E9441C37411B2A0AF6A3C8C9AEE6F0F0F246BDF03F057BADEA01BE2A62E078123DDD1AAED
Malicious:	false
Preview:	<?php.if(isset($_POST['param'])) {..$required=1023;..include "/www/include/sqldb.php";..include "/www/include/xhrSession.php";..extract($_POST,EXTR_OVERWRITE);..if($_POST['param']=="save_position") {...$update="";...foreach($data as $element) {....$update.="UPDATE sensors_logical SET fe_position = '".$element['row']."', fe_column='".$element['col']."' WHERE id = '".$element['id']."';";...}...db_all_update($update);..}..if($_POST['param']=="change_panel") {...$sql="SELECT max(fe_position) AS lastrow FROM sensors_logical WHERE fe_site='".$newpanel."'";...$lastrow=db_all_read_single($sql);...$row=intval($lastrow['lastrow'])+1;...$sql="UPDATE sensors_logical SET fe_position='".$row."', fe_column='1', fe_site = '".$newpanel."' WHERE id = '".$id."'";...db_all_update($sql);..}.}.?>

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\extend.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	456
Entropy (8bit):	5.220558875141832
Encrypted:	false
SSDEEP:	12:BHAcqnvseAz2OONvyPNOwyXQze/LXrbA+MRelcjmWw:lnSvDZwPNyAq/L7M+oe+lw
MD5:	EDE7F5BD099ACCFB61A1468CEA3518E3
SHA1:	5CDAC69899723799FEC6B79C0036668390321EB4
SHA-256:	6904155195EA9E44DC3E1DD5BB400D9B009F2CABF22D677FBAA3C51D6D89FD7D
SHA-512:	8AE0FC085654D608E276D6F79B10329838C23811CAED1896D5C92D5F31127B3C1E30B8A063567F5FD892EF4445FFCBBC1EC24C8A878F72D682E1BBF6F4F7FC4F
Malicious:	false
Preview:	<?php..include "/www/include/xhrSession.php";..$result=["result"=>false];..if(isset($_POST['id']) && $_POST['id'] >=1 && $_POST['id'] <=16) {...$data=json_decode(file_get_contents("/etc/allnetenv/extend.json"),true);...$data['actuator'][$_POST['id']]['switchType']=$_POST['switchType'];...file_put_contents("/etc/allnetenv/extend.json", json_encode($data));...$result["result"]=true;...all_shm_increment_reloadcounter(87);..}..echo json_encode($result);.?>

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\geodata.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	2518
Entropy (8bit):	5.5453690243564004
Encrypted:	false
SSDEEP:	48:A2BnSvJ2FsOMRF3ctkLupil8zXnkgZ81jUViTCivWYBZ9I4YBZHcu2x:A2BncrbaGSMCbk7poag2x
MD5:	5136501BE782F59DD8F139EBF48BB4A3
SHA1:	F7E5D47D0CDC7B3632A4B651E949C6A79D21D42A
SHA-256:	3F68718C7D9ABD0536F657ECD7C89E69FE2B16B7474C12D382596B4F47C1B882
SHA-512:	C4D1744A9022635942F30E89046F5B256B26AEC636E4AE02B945B68C05663E0CC1DCCAF01FC90E66CB9981E209ED3AD9A72ED12B24991E09079DD8EF53CADFD7
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/xhrSession.php";.$geoname=db_read("/geodata/geonames");.$geoweather=db_read("/geodata/geoweather");.if( isset($_POST['geo']) && $_POST['geo']=="save") {..$stm = "SELECT id, custom_port_name FROM sensors_logical WHERE id='99'";..$sensor=db_all_read_single($stm);..$citys=explode(",", $sensor['custom_port_name']);..db_write("/geodata/city_name", $_POST['city_name']);..db_write("/geodata/city_name_en", $_POST['city_name_en']);..db_write("/geodata/city_name_full", $_POST['city_name_full']);..db_write("/geodata/city_lat", $_POST['city_lat']);..db_write("/geodata/city_lng", $_POST['city_lng']);..db_write("/geodata/city_timezone_dstOffset", $_POST['city_timezone']['dstOffset']);..db_write("/geodata/city_timezone_gmtOffset", $_POST['city_timezone']['gmtOffset']);..db_write("/geodata/city_timezone_id", $_POST['city_timezone']['timeZoneId']);..db_write("/geodata/city_geoid", $_POST['city_geoid']);..$citys[0]=$_POST['city_name

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\getcsvfiles.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	2819
Entropy (8bit):	5.102373772022393
Encrypted:	false
SSDEEP:	48:AnSvt5DB82gycmoTRy7Zyk49WNv8cwKwsH+wRmi9WNSPwsH+wRIYfHikKWvRBeEb:Anct51822Tgd4EJWNKZRbEA4KZRI6Hz3
MD5:	73D1D9584E3B42247706FFB26D0BCC00
SHA1:	E6E454B7D6AC8FF69A2CEBA096BA2DF648A27F86
SHA-256:	C6DC40C52F7F7E062FC0EA169F492548AB4B7BB2288E6B9F2D863400CD4C853E
SHA-512:	42F00698B9BF636B1952AC570C424171F880A5D0A84171C891407A55B728F0ED0D0678F441AEFA096E5E5E34ECAF92F914B10BF1CA533221C0D32518A22AC73A
Malicious:	false
Preview:	<?php.include "/www/include/xhrSession.php";.$files= array();.$index_el=3;.$path=$_POST['p'];.$year=$_POST['y'];.$do=$_POST['d'];.$month=$_POST['m'];.$month_start=$_POST['ms'];.$month_end=$_POST['me'];.$year_start=$_POST['ys'];.$year_end=$_POST['ye'];.if( isset($_POST["nots"]) ) { $index_el=2; }.switch ($do) {..case "0":...if ($handle = opendir('/'.$path)) {....while (false !== ($file = readdir($handle))) {.....$info = pathinfo($file);.....if ($file != "." && $file != ".." && $info['extension']=="csv" && $info['filename']!="measurement") {......$tmp=explode("_",$info['filename']);......#echo "$tmp[1] \n";......$files[]=$year."_".$tmp[1].".csv";.....}....}....closedir($handle);...}...break;..case "1":...$zero=null;...if($month<=9) { $zero="0"; }...$files[]=$year."_".$zero.$month.".csv";...break;..case "2";...for($i=$month_start;$i<=$month_end;$i++) {....$zero=null;....if($i<=9) { $zero="0"; }....if(file_exists($path.$year."_".$zero.$i.".csv")) {.....$files[]=$year."_".$zero.$i.".csv";..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\logfile.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	980
Entropy (8bit):	5.220457747386004
Encrypted:	false
SSDEEP:	24:AUvBnSv8s/LbwTGowhP2Jo11UtNYeKTYajJ:A2BnSv8s/Lbw4h+q1U/YeiYkJ
MD5:	C73B0A40C6F1F317E87143A3B92992F3
SHA1:	E406C37572EC36794EB2B2DCFE1EA520DC7E879A
SHA-256:	D230CCB92922FA8784146A0F9EC04534BBF33072A345B9BC9F900344AA88B4BF
SHA-512:	5D3633B0259F55B5D7DE3CDA57D8F022814E543B483510EEF3D6409CE69A0CFA79708EC20FBBD35A66B4412C04A39EFE656DA6DFB81CC530B0188DC835D499B5
Malicious:	false
Yara Hits:	Rule: webshell_php_generic_tiny, Description: php webshell having some kind of input and some kind of payload. restricted to small files or would give lots of false positives, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\logfile.php, Author: Arnim Rupp
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/xhrSession.php";.if( isset( $argv[1] ) ) {..$values=array("cmd"=>$argv[1], "id"=>$argv[2]);..$valuesSet=true;.}.if(isset($_POST["cmd"])) {..$values=$_POST;..$valuesSet=true;.}.if(isset($_GET["cmd"])) {..$values=$_GET;..$valuesSet=true;.}..if(isset($valuesSet)) {..if( $values['cmd']=="log" ) {...echo get_logfile($values['id']);..}..if( $values['cmd']=="test" ) {...echo run_test($values);..}.}...function get_logfile($val) {...$logfile="/tmp/".$val.".log";...if( is_file($logfile) ) {....$modified=date ("d.m.Y H:i:s", filemtime($logfile))."\n\n";....return json_encode(array("response"=>$modified.file_get_contents("/tmp/".$val.".log"), "error"=>"0"));...} else {....return json_encode(array("response"=>"", "error"=>"1"));...}..}...function run_test($val) {...if($val['id']=="ntp") {....exec("/etc/scripts/ntpdate.sh ".$val['ntpservers'],$output,$return);....sleep(1);....return get_logfile($val['id']);...}..}..?>

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\login.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	1669
Entropy (8bit):	4.940687671053275
Encrypted:	false
SSDEEP:	48:vco5nu5UJTo5V65509JWb9WCXO/49WCdO4:v109iK09W2i49WKX
MD5:	802D664FA7F94EACF4F3F9356B3415BF
SHA1:	DC8A6316FD918BA32500A6BE2B2E81ADBCF3E2C3
SHA-256:	2100FD37E93D5FA12AB7EA3B4FF496D5DAF56CAF8609FE0C2F72DAFAE85D0ADE
SHA-512:	BCEDC69697DAC16EF815DB69C638D0195B2E463382829DC77D1A3E0F847C2BF524D226F148C4707D00C43545C88FC4E4C26A809EEA0CD4E70EBBEE6370DF8D66
Malicious:	false
Preview:	<?php./* SV: 2.51. * DT: 20121026 . */.include "/www/include/sqldb.php";..$browser_ip = $_SERVER["REMOTE_ADDR"];.$httpuser0_username = db_read("/sys/network/httpserver/user0_username");.$httpuser0_password = db_read("/sys/network/httpserver/user0_password");.$httpuser1_username = db_read("/sys/network/httpserver/user1_username");.$httpuser1_password = db_read("/sys/network/httpserver/user1_password");.$message=array("title" => constant("_000267_"), "msg" => constant("_000050_"));.if(isset($_POST['user'])) {. $username = $_POST['user'];. $password = $_POST['pass'];. if($username == $httpuser0_username) {. if($password == $httpuser0_password) {. $userlevel = 0;. db_write("/sys/network/httpserver/servercookies/ip" . $browser_ip . "/day",date("d"));. db_write("/sys/network/httpserver/servercookies/ip" . $browser_ip . "/month",date("m"));. db_write("/sys/network/httpserver/servercookies/ip" . $browser_ip . "/userlevel",$userlevel);. $messag

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\meas_tools.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	1531
Entropy (8bit):	5.047398398803713
Encrypted:	false
SSDEEP:	24:lUvenSvs7L+e39v1vp8A6v1vpBDv1vpuzSpM5MgvRv1vpWzSpM5zks/gvRv1vp7f:l2enSvs7L+Y6VQW0MOXcW0B/OXJW0v7F
MD5:	51FD7AC648E4AF4913E455D59B1A5057
SHA1:	12AE5B4D38D16BCB37CEAB48E74E85F2534A4491
SHA-256:	CC019172FB7260C64D31736C337D87AA599BA612F0838ABDBEC408A656410871
SHA-512:	CDDA9CE66239FBB3A92368C7184FB73300D186786FDAA73BB496F1FE0BFCC479B0EA946260CD2EC1CEE4979332FF56A289838E5066E23070B947A342E89D5AEA
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..$required=8;..include "/www/include/xhrSession.php";..$file = db_read("/control/database/path");..$destination = "/mnt/usbmemory/allnet";..if(isset($_POST['what'])) {...switch($_POST['what']) {....case "delete":.....$command="rm ".$file.".csv";.....exec($command);.....echo _000822_;.....reloader(array(22));....exit;....case "edelete":.....$command="rm ".$file."el/.csv";.....exec($command);.....echo _000822_;.....reloader(array(22));....exit;....case "pdelete":.....$command="rm ".$file."pm/.csv";.....exec($command);.....echo _000822_;.....reloader(array(22));....exit;....case "copy":.....$destination=CheckCreateUSBDir($destination, "interval");.....$source = $file."";.....$command="cp ".$source." ".$destination;.....exec($command);.....echo "READY";....exit;....case "ecopy":.....$destination=CheckCreateUSBDir($destination, "energy");.....$source = $file."el/*";.....$command="cp ".$source." ".$destination;.....exec($command);.....echo "READY"

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\modul_management.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	3286
Entropy (8bit):	5.174036817648018
Encrypted:	false
SSDEEP:	96:A286R5bSKTVGGdS67J9/ZGb0Kxezufa+aBlK62:LRlVgY/4aB+
MD5:	4E7838864F63088DA3CA8EE1E6E93689
SHA1:	1677ACDC2F90B57E119061BA154C33594F5D5390
SHA-256:	8E0BDF220CF916224B9507E5699714CA2D5F060EA563EFF32FFC51776CB50C7C
SHA-512:	24CC6891F5886AC0527BCB2EB48A0C75BE56AE31AF3606683A66BA8EAFF2997B541729A9508437E4C8325DEF5499F571776E1DF2773D33EB925F09F860F5D8AC
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.if( isset( $argv[1] ) ) {..$values=array("cmd"=>$argv[1], "id"=>$argv[2]);..$valuesSet=true;.}.if(isset($_POST["cmd"])) {..$values=$_POST;..$valuesSet=true;.}.if(isset($_GET["cmd"])) {..$values=$_GET;..$valuesSet=true;.}..if(isset($valuesSet)) {..if($values['cmd']=="create") {...$newModulMenuFile=$values['id'];...if( is_file("/wwwuser/modulmenu.json") ) {....create_menu($newModulMenuFile);...} else {....copy($newModulMenuFile, "/wwwuser/modulmenu.json" );...}..}...if( $values['cmd']=="delete" ) {...echo delete_menu($values['id']);..}...if( $values['cmd']=="master" ) {...echo delete_master();..}...if( $values['cmd']=="log" ) {...echo get_logfile($values['id']);..}...if( $values['cmd']=="test" ) {...$modulCmd=null;...if(isset($values['modulCmd'])) {....$modulCmd=" ".$values['modulCmd'];...}...echo run_test($values['id'], $modulCmd);..}...if( $values['cmd']=="isActiv" ) {...echo isModulActiv($values['id']);..}...}...function create_menu($newModulMe

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\patch.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	5115
Entropy (8bit):	5.526393813254151
Encrypted:	false
SSDEEP:	96:A2R6I7+50CZVGPqCi+t+i+lUFnltGTUhm7Iq+6Ttr1WR18md5RINbFac:f6B5RNShKTNxh45+Np/
MD5:	7370385F3012B8A050CFCB1CBBDA3211
SHA1:	3F1E0420D6D1C9ADA2B1E81034DF8A27AB41FAEC
SHA-256:	5E832165DF666B6D892C8D05129CB9F4D61486826550D631596275E21EE76893
SHA-512:	59D769AEB2CF50EDBBD788F9E914A311C63B857E634B85B60AE8764087E0C204A1FCE2844C1D56F3DADF1D3F2350526A001291DB8EA455F8E7C42DFD68F3D289
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$page = basename(__FILE__, '.php');.if(session_status()=== PHP_SESSION_NONE) { // PHP_SESSION_ACTIVE..session_start();.}.if(!isset($_COOKIE["ALLSESSID"]) \|\| $_COOKIE["ALLSESSID"]!=session_id()) {..die("no permission");.}.session_write_close();.include "/www/include/error_codes.php";.$devicetype=db_read("/control/devicetype");.$firmware = explode(";", file_get_contents('/etc/default/version'));.$version=$firmware[0];.$patchlevel=$firmware[1];.$versionnum=intval($version.$patchlevel);.if(isset($_POST['check'])) {.//.if($_POST['check']==0) { // Lock File l.schen zum Freigeben evtl. Automatischer Updates.//..unlink("/tmp/update.lock");.//.}..if($_POST['check']==1) { // Pr.fen ob ein Update vorhanden ist und ggf. Update anzeigen...if (!file_exists("/tmp/update.lock")) {....exec('/etc/scripts/checkupdate.sh user', $upd, $errno);....if ($errno > 0) {.....if(array_key_exists($errno, $curlerr)) {......$err_message="<p>".str_replace( array("%1","%2") , a

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\poeInfo.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	2481
Entropy (8bit):	5.284960588855044
Encrypted:	false
SSDEEP:	48:/3aySF3KjJUkTgKt+NaF+TdV34xrlnM37KMdsCLD:/3as7T/t+Nakr3ROFqD
MD5:	D8FA49F6281F035B28E6311B32024E1A
SHA1:	576717AA1477E0DECB061CC5CC96D208F4D9B0B4
SHA-256:	FE4C06682A6AE7AF3A8D407F00EAA4548386CAF28359C3A4D8CAA074A222B060
SHA-512:	F322ABDA1145B5A7EC338BEE9E42B6B579569DCE9B213AECEB356AD7474EC51CBD681CF85E0CD049F02385D5866CFCCFF33D34FEA14C4AD10B28EE6462DC2997
Malicious:	false
Preview:	<?php.$info = [."p_ch" => "PoE port power on connector",."p_rq" => "PoE port power requested",."state" => "State",."det0" => "Detection value without port for HW test",."det36" => "Detection value on lines 1236",."det78" => "Detection value on lines 4578",."det3678" => "Detection value on all lines",."det3678k12" => "Detection value on all lines with additional 12k Resistor",."cls36" => "Classification value on lines 1236",."cls78" => "Classification value on lines 4578",."cls3678" => "Classification value on all lines",."sig" => "Signature resistance on all lines",."u_ch" => "PoE port voltage on connector",."p_al" => "PoE port power allowed".];.$det0= [."0" => "-",."1" => "SHORT (<2.4k)",."2" => "Cpd too high (>2,7.F)",."3" => "Rsig too low (2.4....17k)",."4" => "Rsig good (17...29k)",."5" => "Rsig too high (>29k)",."6" => "Open Circuit (>50k)",."7" => "Detection Voltage outside range".];.$clsClass= [."0" => "-",."1" => "af CLASS1",."2" => "af CLASS2",."3" => "af CLASS3",."4" => "at

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\portscan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	18649
Entropy (8bit):	5.424539882837127
Encrypted:	false
SSDEEP:	384:46s/HIagkpfIciTDeiuyONsjZlHsOOHe/KE:Ps/HIagkpfIckSiuyODOzx
MD5:	59672EA83DA86E32AB5FE1C2981C11CB
SHA1:	024DACFDAFFEE112CD830CC3BCFA795A3420CA85
SHA-256:	EB8A5E24A2FED5939C7F9D676E92B4FC18C8CF3EE4EDB3EB954E19BA0083559B
SHA-512:	A33E1919A9EAC1E98C277EE9F5FD301A2739DFC9F5A9CBF2581DEA997176FFE85324CA7509F9CA54958BC05AFB9D0EF1B730AC3E5FEBFD4C295DB71B9F3A690F
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$resultFile="/tmp/portscan.result";.$deviceType=db_read("/control/devicetype");.$deviceList=json_decode(file_get_contents("/www/config/device.json"),true);.$deviceConfig=$deviceList[$deviceType];.$scan=$_POST['scan']; // \|\| $_GET['scan'];..if(isset($scan)) {.// ------------------------------------------------------------------------------------------------.// readconfig.// ------------------------------------------------------------------------------------------------..if($scan=="readPortConfig") {...foreach($deviceConfig['group'] AS $group) {....foreach($deviceConfig['port'] AS $port) {.....$stm="SELECT count(*) FROM external WHERE i2c_mux_enabled='0' AND i2c_bus='".$deviceConfig['bus']."' AND i2c_group='".$group."' AND i2c_port='".$port."' AND i2c_chip_id NOT BETWEEN '3000' AND '20000'";.....$r=$db->query($stm)->fetch(PDO::FETCH_NUM);.....if($r[0]==0) {......$portIndex[$port]="false";.....} else {.// .....$stm="SELECT i2c_chip_id FROM external

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\proxy.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	458
Entropy (8bit):	5.553871955348876
Encrypted:	false
SSDEEP:	12:AxSZBazLwnLw3RBUDBvLwt1n1LwdH4SaVQ2HMM:BZByMnM3nUDBvMt/Mdta2g
MD5:	60978C417983AC1B56BB32B23F7BF18A
SHA1:	B6FEDE1F2ADCBF06BD04994DC404984297EE5AFF
SHA-256:	958F44DF63889C0F3445BFA2373C8D4DB88B26F1D95B76AB03955273EB1F1892
SHA-512:	0A92931C64B35BC062A3B166FCC3B6CFDC3F9748848AA2F657969F63C7280D5DE583125587B9B4FF3255609FFEC0431DF4C86DCC8EAD94BFD6E1CF02223CCFA2
Malicious:	false
Preview:	<?php..$url=urldecode($_GET['url']);..$curl = curl_init();..curl_setopt($curl, CURLOPT_URL, $url);..curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 GTB5');..curl_setopt($curl, CURLOPT_FOLLOWLOCATION, TRUE);..curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);..$input = curl_exec($curl);..$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);..if($status==200) {...echo $input;..}.?>

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\read_sensors.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	1507
Entropy (8bit):	5.178761081198553
Encrypted:	false
SSDEEP:	24:W7nSvPEHEuessPa5HlkK9TbPkednvgc0APsoePTtscPOs:mnSv0Euesea5SAzkSvgc0Ss7TtsOOs
MD5:	74B13F6BAD7B519486DA88B6C8D66C4D
SHA1:	A566D641FF0E405E005B828914DCC617E6EC7E41
SHA-256:	14732D7667073B3399CAB2438A15A4340F04ABC86F0CC75A973AA1C573A8A415
SHA-512:	6450AF16966F688D2B00E799305B094FD52632285A3C87590AF1318DD164B733711A8AA3449A3455B1E82F494183461FAE4249DA1EF481BDD9A64A98E9E48DC3
Malicious:	false
Preview:	<?php.$required=1;.include "/www/include/xhrSession.php";.$analogActuators=array("40","41");.if($_POST['q']=="0") {..$out = array();..$sensors=explode(",",$_POST['elements']);..$chart=array('chart' => all_shm_read_reloadcounter(10));..$out[0]=$chart;..foreach( $sensors as $i) {...array_pad($out,1,$i);...$value = all_shm_read_sensor_string($i);...if($value<= -2048000) { $value="false"; }...$circle=array('value' => $value);...$out[$i]=$circle;..}..echo json_encode($out);.}.if($_POST['q']=="1") {..$out = array();..$sensors=$_POST['elements'];..$chart=array('chart' => all_shm_read_reloadcounter(10));..$out[0]=$chart;..foreach( $sensors as $i) {...array_pad($out,1,$i['id']);...$code=intval(all_shm_read_error_code($i['id']));...if($code!=0) {....$value="false";....$circle=array('value' => $value, 'error' => $code);...} else {....if(isset($i['view']) && $i['view']=="50") {.....$value = all_shm_read_actor_int($i['id']);.....if($value==100) { $value=1; }.....if($value<= -204800000) { $value="fa

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\remote_device_data.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	5.485464134751098
Encrypted:	false
SSDEEP:	48:A2BnSvm41auahXEaTnsyY8HXOJrKxY8HXOJriLwMfiyaBIGBjwDWyOOjYGEbEHGw:A2Bncm41auA00nNMYMiTiyrGBjwigjYE
MD5:	A53BAD491BA80609797D12A5F62FCF9D
SHA1:	E056F6350ADF01DCAE995457A4B1F7CC117DEC4B
SHA-256:	618E686A521BFA52190F7BCBD3D759CE4CFEC7C4B5B91408244A3AC75FC168A9
SHA-512:	CFAC3EA8A4E5B7D0625FA0AF43CA4BC053D16A5ABD66AC82A20ACE4E81C8E332FF87851AF137FB425B5FF5B05DA380B4D48A17DB19D5DCAB27AAAE2B6230859F
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/xhrSession.php";.if(isset($_POST['type']) && $_POST['type']=="init" \|\| $_POST['type']=="edit") {..$auth=$_POST['auth'];..$address=$_POST['ip'];..$type="16";..$curl=getRemoteData("https://".$address."/xml/json.php?mode=remoteinit", $auth);..$response=curl_exec($curl);..$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);. if($status!=200 && $status!=401) {...$curl=getRemoteData("http://".$address."/xml/json.php?mode=remoteinit", $auth);...$response=curl_exec($curl);...$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);...$type="15";. }. $tmp=json_decode($response, true);..if($status==200) {...if(isset($tmp['sensor'])) {....foreach($tmp['sensor'] as $id=>$element) {.....if($element['name']=="") {......preg_match_all('/_\d{6}_/', $element['lang_port_identifier'] ,$found);......$tmp['actuator'][$id]['name'] = trim(str_replace($found[0][0], constant($found[0][0]), $element['lang_port_identifier']));.....}....}...}...if(iss

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\reset.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	2216
Entropy (8bit):	5.4130283692589325
Encrypted:	false
SSDEEP:	48:AnSvlW5Lr9kK9X0TbgQzG4wUyRTAHSMP1HeuTSrCtEL:Ancc9kK10TcQy4wUyRTADP1HemSrCaL
MD5:	1053F544E3B0223C76932D2369C304E4
SHA1:	F0AB8209F69B17BD8F461BB3C2457404668389FE
SHA-256:	3BC6B677DA9AAA08B8CAA9AD08C3B28D3431A8757533C7C30F89B6C893D29AC3
SHA-512:	390619391EFBB0D5F4ED30C7AEFDE402140F9D9B0FFE614E51B1EB1D24BF4FBD3E33001F0FD9C617456A75819E0C2EADB4C31B53F263EE19DD3BA689E6BFDE3A
Malicious:	false
Preview:	<?php.include "/www/include/xhrSession.php";.$db = new PDO('sqlite:/etc/allnetenv/config.s3db', '', '');.if(!isset($_POST['call'])) {..exit;.} else {..$arr = array ('ok'=>1, 'err'=>1);..$call=$_POST['call'];..switch ($call) {...case "1":....exec("reboot");...break;...case "2":....echo json_encode($arr);...break;...case "3":....sleep($_POST['wait']);....exec("reboot");...break;...case "4":....$isDHCP=array("result"=>"wait", "dhcp"=>"wait");....if (file_exists("/tmp/dhcplease")) {.....$checkResult = file_get_contents('/tmp/dhcplease');.....if(strpos($checkResult, 'Lease of') !== false) {......$DHCP=explode(";", exec("sleep 1;ifconfig br0 \| awk '/inet addr/{printf substr($2,6)\";\"substr($3,7)\";\"substr($4,6)\";\"}';ip route \| awk '/default/ {printf $3}'", $result, $errorno ));......$configDHCP=array("ip"=>$DHCP[0],"mask"=>$DHCP[2],"gateway"=>$DHCP[3],"broadcast"=>$DHCP[1]);......$isDHCP["result"]="true";......$isDHCP["dhcp"]="true";......$isDHCP["lease"]=$configDHCP;.....}.....if(strpos

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\run.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	11199
Entropy (8bit):	5.52245743318288
Encrypted:	false
SSDEEP:	96:AncOxqL7w9hrKN4Nlyn2KvsuD5Y+ti2leOW2+YOpoQr6jdP7ry2TFmYIlBYrSPNK:irxqLUiUIo2Lrr0PieOAHEL266Se7e
MD5:	38C4F800B59474174417A89159F8B5E1
SHA1:	23EE1F6D18E411AFE3052EA55B09BBA8CC0D601A
SHA-256:	7D46080401821BD7B2FC3B7BDACA8ED1FAF78FED8CA4AE46F59F299B3782075D
SHA-512:	BAA290FAA8CB5BDE5F9E9EBFECE6929AF2CC3D027A35C27601B75127E3D16CA100AD9A0AEA9459FB5185407CDC993AF6EF56FC08024159DAFCB19126F7AFC3CF
Malicious:	false
Preview:	<?php.include "/www/include/xhrSession.php";.if( isset($_POST['flowControl']) && isset($_POST['run']) ) {..$logical=(isset($_POST['logical']))?$_POST['logical']:0;. .if( $_POST['run'] == "true" ) {.//ps -o comm -o pid \| grep flow \| awk '{print $2}'...exec("ps \| grep flow \| grep -v grep \| grep -v flock \| awk '{print $1}' \| xargs kill -15 > /dev/null 2>&1", $output, $return);...all_shm_write_actor_float($logical, "0");..} else {...exec("ps \| grep flow \| grep -v grep \| grep -v flock \| awk '{print $1}' \| xargs kill -15 > /dev/null 2>&1", $output, $return);...$file="flock -n /tmp/".$_POST['flowControl'].".lock -c /opt/flowcontrol/".$_POST['flowControl'].".sh > /dev/null 2>&1 &";...file_put_contents("/tmp/start", $file);...$return=0;...all_shm_write_actor_float($logical, "1");.// ..exec($file, $output, $return);. .}. .echo $return;.}..if( isset($_POST['flowControl']) && $_POST['flowControl']=="check" ) {..exec("ps -o comm \| grep flow \| uniq", $output, $return);..if(count($output)==1) {...ech

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\rw_actor.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	1641
Entropy (8bit):	5.45263344994674
Encrypted:	false
SSDEEP:	48:rnSvlVw+haK0G7Fu7P0ZiJZ1tD0ynKat/AdfouN0Cis/Pgq:rncvNtPFgsStguKat/6fdKYX5
MD5:	B4919EB6345259FFDFC5F8D03007B1FE
SHA1:	545BCA61BDAB0E2412228A09EEEBE1861FDC8196
SHA-256:	B4E3D71C172C699263EBB2AD13086EE27992C626C183959C73C07D6B4FF19B9E
SHA-512:	EDF2847A859CD4D82CC0ACA312015FD0630530EFA7ECD50E94C06038274C6E03099A65493C859D4F9FF128A8FA05EFDB36CE60F3416AA39D00770512450C817F
Malicious:	false
Preview:	<?php.$required=4;.include "/www/include/xhrSession.php";.$db = new PDO('sqlite:/etc/allnetenv/config.s3db', '', '');.$slaveMode = $db->query("SELECT tag, value FROM config WHERE tag = '/remote_control/slaveMode'")->fetchColumn(1);.if($slaveMode) {..die();.}.if($_POST['rw']==1) { /* Aktor setzten /.// .all_shm_write_actor_int($_POST['actor_nr'], $_POST['on_off']);..all_shm_write_actor_float($_POST['actor_nr'], $_POST['on_off']);.}.if($_POST['rw']==2) { / Aktior lesen /..$actor_check = all_shm_read_actor_int($i);..if($actor_check <= -204800000) {...echo "false";..} else {...echo $actor_check;..}.}.if($_POST['rw']==3) { / Zur Zeit ohne Funktion */..$out = array();..for ($i = 1;$i < $_POST['max_powerline'];$i++) { ##### TODO: !!!!!!...array_pad($out,1,$i);...$oo = all_shm_read_actor_int($i);...if($oo<= -204800000) { $oo="false"; }...$circle=array('onoff' => $oo, 'watt' => null);...$out[$i]=$circle;..}..echo json_encode($out);.}.if($_POST['rw']==4) {..$out = array();..$actors=explode(

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\scan_accesspoints.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	2783
Entropy (8bit):	4.807269029533274
Encrypted:	false
SSDEEP:	48:ey2e5v0xfJxf+mTxfj3xZTRbGT0atXJxg0+EEixhz89L6eqlwjS1paMxSWCq7qn2:B2Ev2/hbwT0yB58HqlUSvanWCqQqI1f6
MD5:	6AFC51B29E6FCECA2C539139BCB176A7
SHA1:	24E1B7DE6FDAD6070D1A25D54EF7395086923585
SHA-256:	F092C7C54CA52133A3818111A1F26221156DB173E12A502D89175B5767A5A054
SHA-512:	391098860287FC29D0BADE76F055B2050E3CD924D36F60644B67B1E738AEF904B62AA0D0D07B3DAC47FB1C9A02E90628E08C3686C6AB356703F3A9EBFB4315E5
Malicious:	false
Preview:	<?php.$getaccesspoints=false;.$new=null;.include "/www/include/sqldb.php";.$platform = db_read("/sys/platform");.if($_POST['mode'] == "sta") {. $getaccesspoints=true;. if($platform=="RT7688") {.. exec("iwpriv ra0 set SiteSurvey=0");..}.}.if($_POST['mode'] == "ap") {. exec("iwpriv ra0 set SiteSurvey=1");. sleep(1);. $getaccesspoints=true;.}.if($_POST['mode'] == "disabled") {..if($platform=="RT7688") {.. exec("iwpriv ra0 set SiteSurvey=0");..} else {.. exec("iwpriv ra0 radio_on");..}. sleep(1);. $getaccesspoints=true;.}.function sortmulti ($array, $index, $order, $natsort, $case_sensitive) {..$sorted=array();. if(is_array($array) && count($array)>0) {. foreach(array_keys($array) as $key). $temp[$key]=$array[$key][$index];. if(!$natsort) {. if ($order=='asc') {. asort($temp);. } else {. arsort($temp);. }. } else {. if ($case_sensitive===true) {

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\scan_accesspoints_arm.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	3685
Entropy (8bit):	5.255350666129719
Encrypted:	false
SSDEEP:	96:9cRamTWyB58HqlUSgKyEJfnNPtFu5e46x651IoraTT8nYkJNZh:9ccmayB586USLe5o5KaHw
MD5:	E519803EB34B27F8F3F154AFF85248F8
SHA1:	BCCF2DA99B84A422C9565BE50E2217BCF2E2D5FA
SHA-256:	AC7B71777C2E147D5E70A586988668108D2A3E04AC60DBC22E4DA83C8F2B4061
SHA-512:	5AD38C7ECCF5BDEFB0F2C024E563781E78F7C837AD19758B26518361AD61E78872C90A854A8372855971F697975A9E11800848C9A707E6B059DED47674F627B8
Malicious:	false
Preview:	<?php./* SV: 2.52. * DT: 20121218. /../.ZIELFORMAT:.[{"channel":"1","ssid":"ALLNET-Guest","bssid":"50:a7:33:5c:e9:58","security":"WPA2PSK-AES","signal":"55","wlanmode":"11b\/g\/n"},.{"channel":"1","ssid":"ALLNET-INT1","bssid":"50:a7:33:1c:e9:58","security":"WPA2PSK-AES","signal":"44","wlanmode":"11b\/g\/n"}].*/.$var=shell_exec("iwlist wlan0 scanning");.$arr= explode("\n",$var);.$cells=array();.function sortmulti ($array, $index, $order, $natsort, $case_sensitive) {. if(is_array($array) && count($array)>0) {. foreach(array_keys($array) as $key). $temp[$key]=$array[$key][$index];. if(!$natsort) {. if ($order=='asc') {. asort($temp);. } else {. arsort($temp);. }. } else {. if ($case_sensitive===true) {. natsort($temp);. } else {. natcasesort($temp);. }. if($order!='asc') {. $t

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\send_test.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	1287
Entropy (8bit):	5.336427621460658
Encrypted:	false
SSDEEP:	24:AUvBnSvB7MuVQCoTgCXnMw53NdGkk69XCyv+sMY8L6W6VV8LksxHEM+MhP2Jo1yO:A2BnSvB7DtoTgUnH3NdGB6gy5o6W63op
MD5:	8A966273BC00CC1FE76C91B9C23C2A09
SHA1:	6463200CA56FBD8C777C3FEAF422E415CA8E5750
SHA-256:	B9D486EB4183FA74EED063444A4AE22B3514EB80803BF9A6D86EB98F47AA0570
SHA-512:	81E52447FA531010407C94CAC044CD9E109965281D0A246A99DE78B62BBCEBBF2D92F853EC3EA35EA8B2B48435D572A9A0B15D31C4D23A9743E36C0F5428333E
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/xhrSession.php";.include "/www/include/error_codes.php";.$cmd=$_POST['cmd'];.switch ($cmd) {..case "smstest":.../* reseved for future use */..break;..case "emailtest":...$file="/tmp/testmail.send";...$filecontent = "X-Mailer: ALLNET MSR/3.20 (RALINK/ARM; rv:3.6)\nContent-Type: text/plain; charset=\"utf-8\"\n";...$filecontent .= "from: ".$_POST['from']."\nto: ".$_POST['to']."\n";...$filecontent .= "subject: ".$_POST['subject']."\n\n".$_POST['body']."\n".$_POST['signature'];...if (file_exists($file)) { unlink($file); }...file_put_contents("/tmp/mail.txt", $filecontent);...$cmd="/etc/scripts/curlmail.sh ".$_POST['to'];...exec($cmd, $null, $result);...if($result==0) {....echo json_encode(array("result"=>$result, "error"=>""));...} else {....$error=file_get_contents("/tmp/mail.log");....echo json_encode(array("result"=>$result, "error"=>$error, "message"=>$curlerr[$result]));...}..break;..case "MailLog":...$logfile="/tmp/mail.l

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\sensor_history.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	8426
Entropy (8bit):	5.3374287112567895
Encrypted:	false
SSDEEP:	96:l2NncGzGZuXrGQXEDyAMY89uMNoXWJXWP/TQJj9hnXSnTMhBMsMUZcQjjs3Phz+O:uym0Dm9WUJj/CnwhxZcQXs3Ph+0mq
MD5:	A67358BFF8F5EA9929DFEF6CF66A3570
SHA1:	9F47BB63B632D233004845513F3A6790AC163CC8
SHA-256:	F2FC4C7DEC4259EEA3AC6142A73A95FD55CFCF6C74578E2EAD94A228CB73596F
SHA-512:	147F40502A0F6574EFF7F96094D31936387FF399E6F713D0CA71BDD365669AD58D8F2F8607B1C46A2B18FB91EFB6215BC3248E85F9C40C98C82111974C065099
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..$required=1;..include "/www/include/xhrSession.php";..include "/www/include/option.php";..$month_names="['"._000076_."', '"._000077_."', '"._000078_."', '"._000079_."', '"._000080_."', '"._000081_."', '"._000082_."', '"._000083_."', '"._000084_."', '"._000085_."', '"._000086_."', '"._000087_."']";..$month_names_short="['"._000064_."', '"._000065_."', '"._000066_."', '"._000067_."', '"._000068_."', '"._000069_."', '"._000070_."', '"._000071_."', '"._000072_."', '"._000073_."', '"._000074_."', '"._000075_."']";..$day_names="['"._000094_."','"._000088_."','"._000089_."','"._000090_."','"._000091_."','"._000092_."','"._000093_."']";..$day_names_short="['"._000059_."','"._000053_."','"._000054_."','"._000055_."','"._000056_."','"._000057_."','"._000058_."']";.?>..<div id="graph" style="width:840px;height:500px;margin:0 auto;" class="graph"></div>..<div class="tag" id="choices" style="float:left;margin:0 auto;margin-top:15px;table-layout:auto;"></div

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ajax\system.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	5700
Entropy (8bit):	5.436172173233356
Encrypted:	false
SSDEEP:	96:A2lUenc5JrW9996xf59JCR8MmA4x0Gq09WT7ix5KRx0f2ne7wh8LRhKD63rHL+Lf:1aJwAcRcTRq09WXwZvw6bH+tR/CWXZCC
MD5:	EB3D29EE4A56C761E7B56A5FFB844029
SHA1:	B08181608DD4B829F88570BADA009B1B7874640F
SHA-256:	0EBF0647D98F65B66EC7F5935D12B8E9000322975D03A330E78D2923BB24F666
SHA-512:	7AAB11ADF462907EDF14053894D4DA60B307028357E3403A0F3A81038AF579F998911429F6735288D9DB0BCEB5E649253A6415793450AB0883CDF454B0DDE698
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.//include "/www/include/xhrSession.php";.switch($_POST['what']) {..case "mem":...$mem=array();.//..exec("echo 3 > /proc/sys/vm/drop_caches");...$mem['total'] = trim(exec ("cat /proc/meminfo \| grep MemTotal: \| cut -d ':' -f2"));...$mem['free'] = trim(exec ("cat /proc/meminfo \| grep MemFree: \| cut -d ':' -f2"));...$mem['used'] = ($mem['total']-$mem['free']) . " kB";...$mem['system'] = round((disk_free_space("/")/1024000),2)." MB";...echo json_encode($mem);...break;..case "uptime":...$text = array();...$uptime = exec ("uptime");...$time = explode(",",$uptime);...if(count($time)<=4) {....$start=strpos($time[0],"up")+2;....if(!strstr($time[0],"min")) {.....$time[0]=$time[0]." "._000025_;....}....$text['uptime'] = trim(substr($time[0],$start));...} else {....$start=strpos($time[0],"up")+2;....if(!strstr($time[1],"min")) {.....$time[1]=$time[1]." "._000025_;....}....$text['uptime'] = trim(str_replace("day",_000035_,str_replace("days",_

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\alert.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	40940
Entropy (8bit):	5.283405481533438
Encrypted:	false
SSDEEP:	768:+GCbmgYKAZcZzi2qSArNurPNhlbh7JcGi/sowa/1K7U:YbmgYFZQi2qSArErPjlbh7JcGi/sowab
MD5:	03EDD82202851B2DCD79D61111C4FC32
SHA1:	D1E03ECEB5477A4D45402357080D041B9BB72009
SHA-256:	D8891F4056C5DF4E08FAEBD67836075847EB30200496C22002262A910024BA31
SHA-512:	40F1D80532C659C6B793FA139C6C0751C2B60CBB95CBB0D421416E40BF9ECD03720E007AD67FCB75CA51656CF36B4AF1AAB7813E9913E49D81F31424EF2A779B
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/option.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$usb_umts=db_read("/sys/usbumts");.$umts_lan=db_read("/sys/network/umts/lan");.$device=trim(file_get_contents("/etc/default/device"));.$expert=db_read("/control/frontend/expert");.$actuatorAction=null;.$analogActuatorChoose=1;.$analogActuatorToggleViewSet=null;.$analogActuatorToggleView="display:none;";.$analogActuatorToggleLastStateText="display:none;";.if($device=="ALL3653") {..$showFlowControl=$showFlowControlToggle="display:none;";..$stm="SELECT id, name FROM flowcontrol WHERE active='true' ORDER BY name;";..$flowControls=db_all_read($stm);.}.if($_POST['gw']!=1) {..$smtp_display = "display:block;";..$smtp_error = "display:none;";..$smtp_server = db_read("/sys/network/mail/smtp");..$smtp_user = db_read("/sys/network/mail/user");..$smtp_pass = db_read("/sys/net

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\alerts.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	5708
Entropy (8bit):	5.362185340828549
Encrypted:	false
SSDEEP:	96:A2ymAxER7Gf1/LpbtGwF0ckcXKHTEdrwtiOrMQVQ504oUlRp:Y5xN36IdsFQ50/Ip
MD5:	3851F7C4BE343E1204441634E15C5318
SHA1:	B083B1175BAFDE587D0575C35690DA51452B434F
SHA-256:	9826ECE5314447C356E88DE0565BA87B52BDCAF41762F741209256F7F96F6873
SHA-512:	5047D20D7A3235D305141387F09AAD2FEAC8F5F98E0EC869F79921C4AB18066A3434DC2591A369A47E74C3B157301836D07764C754E17441AE57EA95AA64AAB0
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$expert=db_read("/control/frontend/expert");.if($expert) {..$alerts = db_all_read("SELECT id, name, description, enabled as 'active' FROM matrix ORDER BY active DESC, name");.} else {..$alerts = db_all_read("SELECT id, name, description, enabled as 'active' FROM matrix WHERE automatic = '0' ORDER BY active DESC, name");.}..if($_POST['gw']!=1) {..$stop=0;.?>.<link type="text/css" rel="stylesheet" media="screen" href="css/allnet_table.css">.<div class="message" style="display:none;"><h1><?php echo db_read("/control/devicetype"); ?></h1><h2><?php echo _000014_; ?><br /></h2></div>.<div id="comm" style="display:none;"></div>.<div id="daemonStatus" style="display:none;"></div>.<form method="post">. <fieldset>.. <div class="subline"> <?php echo _menu019_ ?> </div>.. <div style="margin-top: 1

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\alive.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	58
Entropy (8bit):	4.782009064841939
Encrypted:	false
SSDEEP:	3:7o6ieIL79hRPKoVwQ:k6NIX3RyoVwQ
MD5:	1C9F4CD9C8D6C0200AA90AF6064C1911
SHA1:	F3DBD59DEC294FD63292BD5F6A0534BD1147FA67
SHA-256:	EAE545A2CB79E30B92348E27FBFF22F6946397276C27AA2FD84DB1F98CB0988A
SHA-512:	23B36E5CADA4E7C4D0D0FA1E3E1CB05F8488E5C5BF38CD3139B175743A4B108A132BF288BA4E77D19C2279B612311B3E3DBF780604B2BE698B71BFD93906CBC6
Malicious:	false
Preview:	<?php..echo $_GET['callback'] . '({ "test" : "ok" });';.?>

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\base.flwctrl Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5120
Entropy (8bit):	5.054552583066365
Encrypted:	false
SSDEEP:	96:lpQEO5/vh3no1rRGT+JLVI+zph2KGieKzf+Irj2aeU7Z7ed7cce43/N:lpQ5dno1rRGyXVAKGJO7edB
MD5:	1EAFA2BB983F22A08FD9900992F0FA86
SHA1:	65DFD77AE8A01614CF6566AE94146991DA167981
SHA-256:	C2F4341472872C1F449B9576BDCDBF923BBFF9FC1DFA666BB14F644605F73D42
SHA-512:	3DEB35245EDA264CDF648BD15170E986BA084215B7B47ADC3658E7F261CFE0D317DE77C6F1FA639FE8346B8370EDD177C36F8593DAD28756CC71B84D5E2D68C2
Malicious:	false
Preview:	Oje7aGo0ea6taPhePae2oosuiaBa6thiaev0ZiekeinaeSh8aibeiZ1Feicee1CaaeY9veu4tae8OhChheeJ0iphChi8seiwaqu5Cueloohe2Iofpae7uoLaYaep5fiSyoeYee0CAht8daicAht2phaiGe1iezahOhc8Aeshaeh6zooXraht0EiGShu0aifeUh2aibeiChur1beixai4UXeeuVuKoo6oRooru9XuLooce9saaus0eiDuaey4pe8BaeR5mi5hweiL0uo6Uo7Ier4iweeH5Oomooth6Hiezee9Ohcoohyo1Xuotoo9mahGeiS6eezoAth7Laihkeere2aBohCh3voiiesh2Thiacub6ohNyuvah9OoPeish7boOhl6uchijohj2EicaeCoap3xeepoh3Ueheoz9iGukai6ShahEijee6thaingah8Achu9IeziahbeeH7iDaiwohm7boiJaiw3nahch1AeaeShiuY4ooS8Hod1gae8Oj2lieNg1XexmieN7epeBoh2aem7Ahbaeco3eu1quooPNuDe9kieshiu2Ootyoo3vieZquoo6jiRDaex2ceeoopia6FuCe7wa6eeiechoh1Zahj3deWoIP7rohikaiHu1wiiEeM7Eet6Uev2uuF9oS5echaeusaoz7ViumahH4Dowie6EeboSah5aighjoVaiG0uoofahJu2iFo1gohfjaey9caVAiqu6arubohx3eiSohCie5siien8naiVwao9Pheiaech4AivChoh9JiaphooS1ooshahy4Eipheek5Iede5IayieieSh8se2Choh6ei9dahb5AivaeJaB3ThiePh2WieEiGh1eiBtib4Miefewie2EifdohT1aejeeVah7ooIefoh8UfOx6iliuXHoo5woheoop5wohYueGh1lo1Aigh3NieChei3caeaQuu8eh2phae9AigVooN1shesae4EiNgog1eQu6iwaik1ieL

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\d0bus_counter.json Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	3641
Entropy (8bit):	4.346537480606299
Encrypted:	false
SSDEEP:	48:vhHDxvOChHDxrlWhHkxRhHDxPhHDx/WhHkxnhHDxZWhHq/xpgnhHkxPhHDxo0FBu:njBx7J0pKcp
MD5:	3EB74446C010E1715182D4ECCEDF6E76
SHA1:	8BA4A4644A9C379DF0A39A01C7B2AB75D9315880
SHA-256:	CAE9EF69BD2418C46D5BA48F57224F3748124571AA03C9882243386041132F62
SHA-512:	E5FE9C41D0CB020850525699C96A76C1F849CA2B620C7298E8E7CB2EB335BFD97554A7B4DDE7906EA18F569558D8B10340A2EE19DB630D2F9D50B98D9157E110
Malicious:	false
Preview:	{.."1":{..."description":"NZR EHZ",..."params":{...."in":"2",...."out":"0",...."build":"0;4",...."devicetype":"14",...."directions":"1",...."kwh":{....."min":"0",....."max":"10".....},...."watt":{....."min":"0",....."max":"10000".....}....}...},.."2":{..."description":"Easy Meter Q3D %1 3.03",..."params":{...."in":"2",...."out":"0",...."build":"0;4",...."devicetype":"14",...."directions":"1",...."kwh":{....."min":"0",....."max":"10".....},...."watt":{....."min":"0",....."max":"10000".....}....}...},.."3":{..."description":"EMH ED300L W2EV-0N-E00-D2-000002-E50/Q2",..."params":{...."in":"3",...."out":"0",...."build":"0;3;4",...."devicetype":"14",...."directions":"2",...."kwh":{....."min":"0",....."max":"10".....},...."watt":{....."min":"0",....."max":"10000".....}....}...},.."4":{..."description":"EMH ED100L",..."params":{...."in":"2",...."out":"0",...."build":"3;4",...."devicetype":"14",...."directions":"1",...."kwh":{....."min":"0",....."max":"10".....},...."watt":{....."min":"0",.....

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\d0bus_create.json Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	668
Entropy (8bit):	4.728713187819431
Encrypted:	false
SSDEEP:	12:9421rsBdA1Jusg1SnusrCNg1IsxtERsLphNusAh+js/f:9421raA1Y31Suc0g1IoOkphEX+jEf
MD5:	07814E117289ED38DDFBE4747E85B631
SHA1:	8E9708648DBB94F77ED62D1B1F48AE962A361CCC
SHA-256:	55F16083C46C204CE590B414183ADCB8B7CD26E1FD6BC71C38997392C7B1B280
SHA-512:	5D9EBF1B9DB198DAAD8047C4DAD5567592B71513F18082CDC55F85A5F04E8FA1B27454D704CB011FB12210CFF14C3E3E75D13038467D2BDE2E340A8A3D84C0DA
Malicious:	false
Preview:	{.."0":{..."name":"_008100_",..."description":"Z.hler Bezug Summe",..."unit":"KWh"...},.."1":{..."name":"_008108_",..."description":"Z.hler Bezug T1 (HT)",..."unit":"KWh"...},.."2":{..."name":"_008109_",..."description":"Z.hler Bezug T2 (NT)",..."unit":"KWh"...},.."3":{..."name":"_008101_",..."description":"Z.hler Einspeisung Summe",..."unit":"KWh"...},.."4":{..."name":"_008102_",..."description":"Watt Gesamt",..."unit":"Watt"...},.."5":{..."name":"_008105_",..."description":"Watt L1",..."unit":"Watt"...},.."6":{..."name":"_008106_",..."description":"Watt L2",..."unit":"Watt"...},.."7":{..."name":"_008107_",..."description":"Watt L3",..."unit":"Watt"...}.}

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\device.json Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	3.688878113768442
Encrypted:	false
SSDEEP:	48:ZQ2h2QLkkRLHqtiLPqtnLP+kLZwoQL6k22RLFkIL8k62fL62PLd+e4LdL:ZQ2h2QgkRDqti7qtn7+ktwoQ2k22RRkV
MD5:	EB4F6BBC77C1A398AA83BF47E5D2C707
SHA1:	B6C4F1544946E1601B65FD9793D587A6D2BE44D7
SHA-256:	26B09764E75EB1BA7A15F09D69D174CFC662857907E66B0C6DD47435DED5B0DD
SHA-512:	3A7D0380705424DF4ED9DDB4021F2546C8C0644AE48C0A1F8050BC052D57775DE4CA9B393C71873BD4BF6AB50FFBA1A89CA808E87FCD94C8F2EC0F033B93C4A5
Malicious:	false
Preview:	{. "ALL3072": {. "visible": false,. "bus": 0,. "group": [],. "port": []. },. "ALL3073": {. "visible": false,. "bus": 0,. "group": [],. "port": []. },. "ALL3418": {. "visible": true,. "bus": 66,. "group": [0],. "port": [0]. },. "ALL3419": {. "visible": true,. "bus": 30,. "group": [0],. "port": [0, 1, 2, 3]. },. "ALL3500": {. "visible": true,. "bus": 67,. "group": [0],. "port": [0, 1, 2, 3]. },. "ALL3505": {. "visible": true,. "bus": 67,. "group": [0],. "port": [0, 1, 2, 3, 4, 5, 6, 7]. },. "ALL3692": {. "visible": true,. "bus": 69,. "group": [0],. "port": [0, 1],. "zeroSkip": true. },. "ALL3697": {. "visible": true,. "bus": 82,. "group": [0],. "port": [0]. },. "ALL4075": {. "visible": false,. "bu

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\lang_cn.ini Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	44094
Entropy (8bit):	6.1614115125491855
Encrypted:	false
SSDEEP:	768:B+27qv4Fis8MqJjiOcDf3F6j0KHNf6GuEclFOBZPo7A7fTKkYgcMOQBsJ/mZdPLi:I27qv4Fis8MI8DfXCqMZPo8qKBAca
MD5:	03E309DF9615BE7917F466323B53E9AA
SHA1:	E321CBB1F799886A12F9C5F11D5906EEA0885585
SHA-256:	2DFE9461508C63B33FD35CD18C29ED0505113E2FD6152B92AFC30A32D2100D30
SHA-512:	B8C02730CA22624667E6E7C54835AB99321BD6B849652515F8F8501C9A71DB0F9043B48361AAABEA5B7B4A4F600D09C767472D1480D8101F2D406AD20F6C3B45
Malicious:	false
Preview:	[cn LANGUAGE FILE FOR Version 3.0]..[actuators]._190001_="Last state"._190002_="Permanent state of output"._190003_="Minimum value is not to be sub-steps"._190004_="Maximum value is not to be Exceeded"._190005_="Increment / Resolution"._190006_="Analog element display type"._190007_="Slider"._190008_="Numeric input"._190009_="Height of the tile"._190010_="Single"._190011_="Double"._190012_="Fading value (0=Off)"._190013_="Show current value as text"._190014_="Configure button"._190015_="Group"._190016_="Enforce equal status on all actuators"._190017_="Groups override Slider"._190018_="Analog actuator permanent state of output"..[ALL3075]._101000_="ALL3075...."._101011_="ALL3075.IP.."._101020_="..."._101021_=".."..[Cameras]._101900_="...."._101901_="..../.."._101902_="....."._101903_="...."._101904_="....."._101905_="..."._101906_="...."._101907_="...."._101908_="...."._101909_="...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\lang_de.ini Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	51178
Entropy (8bit):	5.292567829659071
Encrypted:	false
SSDEEP:	1536:4WqfcmTw/3rfih/6WRM2FqwTyPIHaPU6vE:4TcmiKhM2cwx6c
MD5:	664477C71CEAF6E906F1C48D5A93DCAF
SHA1:	BAE798A43BBC1DC334A254AE9FB8A4BFFC33DA28
SHA-256:	089C6DA4D11E598B3442AC0D3C6C7CE9FCAC09103E6C79D865AA54B073004290
SHA-512:	347088EAC1FC4CC668D9E1192E5F9CC2E0021799FB863A1BC42F732D06EA9229F377AA72B7983DAC93408D30FF292AAFDE7123EDD2D058AE83F6E4B37CF2B174
Malicious:	false
Preview:	[de LANGUAGE FILE FOR Version 3.0]..[actuators]._190001_="Letzter Zustand"._190002_="Zustand des Ausgangs nach Neustart"._190003_="Minimalwert der nicht Unterschritten werden soll"._190004_="Maximalwert der nicht .berschritten werden soll"._190005_="Schrittweite / Aufl.sung"._190006_="Analog Element Darstellungsart"._190007_="Schieberegler"._190008_="Zifferneingabe"._190009_="H.he der Kachel"._190010_="Einfach"._190011_="Doppelt"._190012_="Fading Wert (0=Aus)"._190013_="Ist Wert als Text anzeigen"._190014_="Schaltfl.che konfigurieren"._190015_="Gruppe"._190016_="Gleicher Zustand auf allen Aktoren erzwingen"._190017_="Gruppen Slider .berschreiben"._190018_="Zustand des Analogen Ausgangs nach Neustart"..[ALL3075]._101000_="ALL3075 Dienst"._101011_="ALL3075 IP Adresse"._101020_="Benutzername"._101021_="Passwort"..[Cameras]._101900_="Kamera Upload"._101901_="Upload Aktivieren / Deaktivieren"._101902_="Kamera Name"._101903_="Kamera Beschreibung"._101904_="Kamera Adresse"._101905_="Benu

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\lang_en.ini Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	46023
Entropy (8bit):	5.209591449363549
Encrypted:	false
SSDEEP:	768:zGqQ7kY8FeuHS4E6taL60uESFKqN3C+1wUTKNJSJPQvxvj4a:Ny4Em9/mdNJQ2Nka
MD5:	EA56662ED31BCC7FE053F164C90F2326
SHA1:	D147E192180CDB054ED222F3EAB97DBB44520773
SHA-256:	22743529926C7EF3EEAE72DC9C19FCDE968650552E9E4876BBDD003424AC0898
SHA-512:	02DCEF44CE5FF2D7A3BEF77A9D4EF4138AD542B74FFA443D5E1C22175C18FC402EDC77A27C444798F00218F88B8B952B6AED81933A45D22680E10465691C5C5D
Malicious:	false
Preview:	[en LANGUAGE FILE FOR Version 3.0]..[actuators]._190001_="Last state"._190002_="Permanent state of output"._190003_="Minimum value is not to be sub-steps"._190004_="Maximum value is not to be Exceeded"._190005_="Increment / Resolution"._190006_="Analog element display type"._190007_="Slider"._190008_="Numeric input"._190009_="Height of the tile"._190010_="Single"._190011_="Double"._190012_="Fading value (0=Off)"._190013_="Show current value as text"._190014_="Configure button"._190015_="Group"._190016_="Enforce equal status on all actuators"._190017_="Groups override Slider"._190018_="Analog actuator permanent state of output"..[ALL3075]._101000_="ALL3075 Demon"._101011_="ALL3075 IP Address"._101020_="Username"._101021_="Password"..[Cameras]._101900_="Camera Upload"._101901_="Upload activate / deactivate"._101902_="Camera Name"._101903_="Camera description"._101904_="Camera address"._101905_="User name"._101906_="User password"._101907_="Text top"._101908_="Text bottom"._101909_="Choos

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\lang_es.ini Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	53187
Entropy (8bit):	5.217075749904226
Encrypted:	false
SSDEEP:	768:8CeHAhAoI8c7o9BQcEyGUPCNCJmJHRtvTKQFrUkLuRsYh:3EcMD7o9BIgCd3eQF7qRsYh
MD5:	F15355E98DB3A68015070F06E8A4ADF9
SHA1:	DB134FD8021D599656A42ABBB643BDC1B7ADF4F6
SHA-256:	E9834F23DA192B82391660214665BF820FAE6587E883425AD55016EFB8DA7C05
SHA-512:	ABF4D8551AA216EB1F7325BA59F0B56D302CF434F6C9970E463A15A579B8EC7E7524D3553CCF86DAD5C2C1C42AD6345815457AD67ABFD77544B48F04EF041D0B
Malicious:	false
Preview:	[es LANGUAGE FILE FOR Version 3.0]..[actuators]._190001_=".tlimo estado"._190002_="Estado de la salida despu.s del reinicio"._190003_="Valor m.nimo que no se debe pasar"._190004_="Valor m.ximo que no se debe pasar"._190005_="Medida / Resoluci.n"._190006_="Tipo de visualizaci.n para elementos anal.gicos"._190007_="Deslizador"._190008_="Introducci.n de n.meros"._190009_="Altura de la baldosa"._190010_="Simple"._190011_="Duplicado"._190012_="Valor fading (0=Off)"._190013_="Mostrar valor actual como texto"._190014_="Configurar bot.n"._190015_="Grupo"._190016_="Forzar misma condici.n en todos los actuadores"._190017_="Groups override Slider"._190018_="Analog actuator permanent state of output"..[ALL3075]._101000_="Servicio ALL3075"._101011_="ALL3075 Direcci.n IP"._101020_="Nombre de usuario"._101021_="Contrase.a"..[Cameras]._101900_="Upload C.mara"._101901_="Activar / Desactivar Upload"._101902_="Nombre de la c.mara"._101903_="Descripci.n de c.mera"._101904_="Direcci.n de

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\lang_fr.ini Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	51116
Entropy (8bit):	5.197427371838576
Encrypted:	false
SSDEEP:	768:339bQ2cYEgKr/MKFbw9FLjGEWLVREaYRjt0caNVAjUG9lITKWvFwUxjGO035wla:pWM39FHGEWLV7oB0zejTJWNTaOqwla
MD5:	1CE13C45EC67BA1FD661D747FA7B0C7D
SHA1:	03B067517B91AAA829645E3CFCF1860BE573705A
SHA-256:	4C629605E97B762AAE7E4133734EA0CE31386068AE90DD25B8881B450C3C4073
SHA-512:	1DF21000D2B721B94724C026A7C06F9A1EA1813BF59D0FBC475D59F21F41BF7906B68870F2DFCE05488197811EC4F1DDBDA375BD7043D9B35680FF839407FA8F
Malicious:	false
Preview:	[fr LANGUAGE FILE FOR Version 3.0]..[actuators]._190001_="dernier .tat"._190002_=".tat apr.s red.marrage"._190003_="Minimum value is not to be sub-steps"._190004_="Maximum value is not to be Exceeded"._190005_="Increment / Resolution"._190006_="Analog element display type"._190007_="Slider"._190008_="Numeric input"._190009_="Height of the tile"._190010_="Single"._190011_="Double"._190012_="Fading value (0=Off)"._190013_="Show current value as text"._190014_="Configure button"._190015_="Group"._190016_="Enforce equal status on all actuators"._190017_="Groups override Slider"._190018_="Analog actuator permanent state of output"..[ALL3075]._101000_="service ALL3075"._101011_="adresse IP ALL3075"._101020_="identifiant"._101021_="mot de passe"..[Cameras]._101900_="cam.ra upload"._101901_="upload activer / deactiver"._101902_="nom de cam.ra"._101903_="description de la cam.ra"._101904_="adresse cam.ra"._101905_="nom de l.identifiant"._101906_="mot de passe de l.identifiant"._101907

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\lang_it.ini Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	48991
Entropy (8bit):	5.159648809952082
Encrypted:	false
SSDEEP:	768:rbhEh3XC71lb0/dMUIurEQNeky0bPVFT7TKZbWM3OtDsQ:rb+S7s1M1uRN8YWd3ON5
MD5:	DE9336A170AB2BAC4EAC8B3D2D8D4F47
SHA1:	2F818209DAD2A93CC63842178D4A2C29BA1DDA94
SHA-256:	08C5ECE814FF9116A4568F20A29EEACEF98478B96B88880958E53A23E535ABFF
SHA-512:	8234887D5D757D629D3810A025FF89BFF13FFD6989EBDAD2475C7EEE31610C0DAACA3F60D62184B8CA56DF0BE9006CAD5E57478BC880B1154613D39ECA4C3453
Malicious:	false
Preview:	[it LANGUAGE FILE FOR Version 3.0]..[actuators]._190001_="Ultimo Stato"._190002_="Stato permanente dell.output"._190003_="Valore minimo non deve essere sotto-fase"._190004_="Non superare il massimo valore"._190005_="Incremento / Risoluzione"._190006_="Visualizzazione degli elementi Analogici"._190007_="Cursore"._190008_="Ingresso Valori"._190009_="Altezza della Coda"._190010_="Singolo"._190011_="Doppio"._190012_="Valore di dissolvenza (0 = OFF)"._190013_="Visualizza il valore come testo"._190014_="Configurare"._190015_="Gruppo"._190016_="Forza le stesse condizioni sugli attuatori"._190017_="Groups override Slider"._190018_="Analog actuator permanent state of output"..[ALL3075]._101000_="Demon ALL3075"._101011_="Indirizzo IP ALL3075"._101020_="Nome utente"._101021_="Password"..[Cameras]._101900_="Carica videocamera"._101901_="Caricamento abilitato / disabilitato"._101902_="Nome Videocamera"._101903_="Indirizzo IP Camera"._101904_="Indirizzo IP videocamera"._101905_="Nome utente"._10190

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\lang_ru.ini Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	74876
Entropy (8bit):	5.047674294784683
Encrypted:	false
SSDEEP:	768:Vm2WSlwv3kjYm/InfImCFJ73k8p2EPprlIZx6Ux1eznTK/o5Zzy7xd0cUR:Vm0/InfnCX3plpR+YUazm/o5ZzuUcUR
MD5:	4E6C76BA629F2CC19776AE1D9708E3E6
SHA1:	EBB89BC0B5DFFBA73169D591B1B26EB0A1C6C627
SHA-256:	872D6CEFCEC800B87AD78F5BBA85727408EF52B8AAFBE518345659328202D7DB
SHA-512:	19F0876E1BF21E89264711E2C2B3DD83DF36610F0125BD55F2F6AE470265643083EFAAACC8200AB5935D46677B1D1FB755CEFD3B332737A3173C0297AC9449A2
Malicious:	false
Preview:	[ru LANGUAGE FILE FOR Version 3.0]..[actuators]._190001_="......... ........."._190002_=".......... ......... .. ......"._190003_="........... ........ .. ...... .... ........."._190004_="............ ........ .. ...... .... ........."._190005_="...... .... / .........."._190006_="... ........... .......... ......."._190007_="......."._190008_="........ ...."._190009_="...... ......"._190010_="....."._190011_="......."._190012_="........ ........ (0 = ....)"._190013_="........ ....... ........ . .... ......"._190014_="......... ......"._190015_="......"._190016_=".............. ......... .... ........"._190017_="Groups override Slider"._190018_="Analog actuator

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\newStep.json Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1082
Entropy (8bit):	3.8794822748535807
Encrypted:	false
SSDEEP:	12:OQTjZ4zfgqq3rp5egixpY3vdnM7nsBBWYL:Ou+Mqq36gix+3vdnM7nQXL
MD5:	AC65011C75592334995B9132917B0EB9
SHA1:	88AC9B1A317F898F970AF84A2B6CFB8356CDDAC6
SHA-256:	7E09C782663917913000F02A3BDC37F62A8E681E26615D4885EEBF389CE97E17
SHA-512:	37209DB11007FC9CFD025F7B394A94DCC6474E393A4612051C6FF851574A9FAFD30CD4B91F33F0F0E27E1EF9FC1AA87A150AA5B6972A727285185940C53FC778
Malicious:	false
Preview:	{. "continuous": "0",. "flowControlId": "0",. "steps": [. {. "channel1": "0",. "channel10": "0",. "channel11": "0",. "channel12": "0",. "channel13": "0",. "channel14": "0",. "channel15": "0",. "channel2": "0",. "channel3": "0",. "channel4": "0",. "channel5": "0",. "channel6": "0",. "channel7": "0",. "channel8": "0",. "channel9": "0",. "fadeChannel1": "0",. "fadeChannel10": "0",. "fadeChannel11": "0",. "fadeChannel12": "0",. "fadeChannel13": "0",. "fadeChannel14": "0",. "fadeChannel15": "0",. "fadeChannel2": "0",. "fadeChannel3": "0",. "fadeChannel4": "0",. "fadeChannel5": "0",. "fadeChannel6": "0",. "fadeChannel7": "0",. "fadeChannel8": "0",. "fadeChannel9": "0",. "fadeTotal1": "0",. "fadeTotal2": "0",. "fadeTotal3": "0",. "stepDelay": "0",. "randMin": "0",. "randMax": "255",. "remote": [. ."l

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\config\tz_possix.json Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	28129
Entropy (8bit):	5.15180382551854
Encrypted:	false
SSDEEP:	192:Bu+S77m55IUbi4l1eqFKGrmyAswY5G2X5yh89xSFFQQxIHgozD6kMujgLc:BTvbi4l1lSdYI2X5yh8mxTYMHLc
MD5:	7BE04025E1B047E59644FA02255693FE
SHA1:	ACF557E711E003369D152A55A1D2050533E89FD2
SHA-256:	EDD66F97EA62108F487FE38083246E957BE64EA330D6868DF4160E41DF21C758
SHA-512:	B621FD7F792E8575EDCEB1AA1FEDCFF3055FF7A07435B2DCF2C04B0B74F8F1EC7AB6B43FCAC04E325DB0A686FD7E9EAE8E69554614BF7820C51167974324AC03
Malicious:	false
Preview:	{"Africa\/Abidjan":{"zone":"Africa\/Abidjan","possix":"GMT-00"},"Africa\/Accra":{"zone":"Africa\/Accra","possix":"GMT-00"},"Africa\/Addis_Ababa":{"zone":"Africa\/Addis_Ababa","possix":"EAT-03"},"Africa\/Algiers":{"zone":"Africa\/Algiers","possix":"CET-01"},"Africa\/Bamako":{"zone":"Africa\/Bamako","possix":"GMT-00"},"Africa\/Bangui":{"zone":"Africa\/Bangui","possix":"WAT-01"},"Africa\/Banjul":{"zone":"Africa\/Banjul","possix":"GMT-00"},"Africa\/Bissau":{"zone":"Africa\/Bissau","possix":"GMT-00"},"Africa\/Blantyre":{"zone":"Africa\/Blantyre","possix":"CAT-02"},"Africa\/Brazzaville":{"zone":"Africa\/Brazzaville","possix":"WAT-01"},"Africa\/Bujumbura":{"zone":"Africa\/Bujumbura","possix":"CAT-02"},"Africa\/Cairo":{"zone":"Africa\/Cairo","possix":"EET-02EEST,M4.5.5\/00:00,M9.5.5\/00:00"},"Africa\/Casablanca":{"zone":"Africa\/Casablanca","possix":"WET-00"},"Africa\/Ceuta":{"zone":"Africa\/Ceuta","possix":"CET-01CEST,M3.5.0\/02:00,M10.5.0\/03:00"},"Africa\/Conakry":{"zone":"Africa\/Conakry",

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\allnet.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	20705
Entropy (8bit):	5.0640273323418175
Encrypted:	false
SSDEEP:	192:B1cawpo9T4Z4N59LNwFgFBUB4WEYViuuHQBFghqfOElI0q0SdB7h6rWMhEvB5KMo:jagFmisl/wXw3qBtSJfJ
MD5:	227D5AF838DE4FF1EF3FBA2510D30A61
SHA1:	128D8CFE0266FA70A3407CE50AEC9BE6F9C8CBC0
SHA-256:	4998AC5DF032C6C6D4AE57089E9B994067701926F19CB30419A8D07269C2D33C
SHA-512:	A03BFAFD6DC12395408FEAB205C3E3ECF632A5D71DAE7C69A52D9A1F17D1B99EBCEA2599EE23B4255153D12F19A34EC6077E84768F357044A4DB92D4F6552EB8
Malicious:	false
Preview:	@font-face {..font-family: 'LCDMono2Ultra';..src: url('/css/lcd-webfont.eot');..src: url('/css/lcd-webfont.eot?#iefix') format('embedded-opentype'),....url('/css/lcd-webfont.woff') format('woff'),....url('/css/lcd-webfont.ttf') format('truetype'),....url('/css/lcd-webfont.svg#LCDMono2Ultra') format('svg');...font-weight: normal;..font-style: normal;.}.@media screen and (-ms-high-contrast: active), (-ms-high-contrast: none) {. fieldset select::-ms-expand {. display: none;. }. fieldset select:focus::-ms-value {. background: transparent;. color: #222;. }.}.#ajaxBusy {..display:"none",. margin:"0px",. paddingLeft:"0px",. paddingRight:"0px",. paddingTop:"0px",. paddingBottom:"0px",. position:"absolute",. right:"3px",. top:"3px",. width:"auto".}..body {..font-family: Arial, Helvetica, sans-serif;..background-color: #0d3e66;..margin: 0px auto;..padding: 0 0 20px 0;..color: #fff;. -moz-user-select : none;. -khtml-user-select : none;. -webkit

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\allnet_sensor.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	5975
Entropy (8bit):	5.071234193543536
Encrypted:	false
SSDEEP:	96:2jrjPQfAVLMOQq+te3pMgUyiPcT36O6mr+37Ebq7Eo:2fL4ANMOQmMNX8d6oG
MD5:	5A90CFEB00F815F97D7B8B1DA1818790
SHA1:	BCF0E1FF97BCBFAA58A85E9EC59060FAE8F808B8
SHA-256:	782D193A4A943537E7C0FA0EFC0BAE8D3C97D45506917AF4B5A27F690B8CB4FF
SHA-512:	72F74543194AA9D62709EC3EDAFC3EE7408F6FC632FE61E80DA3D85BA6CA77FF0FC5F520BF69C1120755CFADB86BC6257E323FB960101DDAA2C163E6991D80FA
Malicious:	false
Preview:	.sensor_box {. -moz-user-select : none;. -khtml-user-select : none;. -webkit-user-select : none;. -webkit-touch-callout: none;. -o-user-select : none;. -ms-user-select : none;. user-select : none;..position: relative;..width: 340px;..height: 153px;..margin: auto;..padding: 8px;..margin: 6px;..float:right;..overflow: hidden;.}..sensor_box_hw {. -moz-user-select : none;. -khtml-user-select : none;. -webkit-user-select : none;. -webkit-touch-callout: none;. -o-user-select : none;. -ms-user-select : none;. user-select : none;..position: relative;..width: 152px;..height: 153px;..margin: auto;..padding: 8px;..margin: 6px;..float:right;..overflow: hidden;.}...switch_box {...width: 155px;..}...normal {...border: 1px solid #1a171b;. ..background: #1E7EAC;...border-radius: 6px;. ..background: linear-gradient(to bottom, #1E7EAC, #333333);..}...sensor_box:hover {...border: 1px solid #aaa;..}...sensor_box_hw:hover {..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\allnet_table.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1673
Entropy (8bit):	5.202940139697212
Encrypted:	false
SSDEEP:	24:UlDtj39gsLUOxsAG7gsjmg5XKM5iaRHax5PNkuzbrR1vM5qpnu8Sr5qpDkBr5qp6:sDtrGCHE8jjXb/Tc5qpnBSr5qpi5qp6
MD5:	E73706194014A51487EA51AAF876720E
SHA1:	0A32C8D427680BB9C1526D0F61727C8CF7A4ABD1
SHA-256:	95DD93B248389155A2AB815A0FD4BE593D28C32F93606C657E7614298BE285A4
SHA-512:	9299AE99CCB7511A7D7A4B100564E7C97A2E851CB254B34063CF0FB1C8606AB48AE1034B4EBE96B989F3F0F38E2ABF6B7E56CFDEA54DF2268C53D3FD9675273A
Malicious:	false
Preview:	table, th, td {. border: 1px solid #33331a;. border-collapse: collapse;. font-family: monospace;. font-size: 12px;.}.table tbody tr:nth-child(2n+1) {..background-color: #555555;.}.table tbody tr:nth-child(2n) {..background-color: #1E1E1E;.}.table tbody tr:hover td{./.background:-o-linear-gradient(bottom, #345D7F 5%, #005fbf 100%);..background: -o-linear-gradient(top,#005fbf,#345D7F);..background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #345D7F), color-stop(1, #005fbf) );..background:-moz-linear-gradient( center top, #345D7F 5%, #005fbf 100% );..filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=\"#345D7F\", endColorstr=\"#005fbf\");./..background: linear-gradient( to bottom, #345D7F 5%, #005fbf 100%);..color: #fff;..background-color:#345D7F;.}./.table tr {..height: 42px;..min-height: 42px;.}. /.th, td {. padding: 8px;. white-space: nowrap;.}..ui-widget {. font-size: 0.8em;.}..switch {./* .margin-top: 5px; */..text-align: ce

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\font\jquery-ui.eot Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	Embedded OpenType (EOT), jquery-ui family
Category:	dropped
Size (bytes):	62508
Entropy (8bit):	6.201812461075356
Encrypted:	false
SSDEEP:	1536:08PtiOM64gbOtSRiQ9/rZtwbvM8GLyK3HgWjsoLHkL64lpt3GDAnZwXIV7fED46k:08PtiOM64gbOtSRiQ9/rZtwbvM8GLyK8
MD5:	87A85D29A346CA50D7201223C8EB9B0D
SHA1:	4DCCC74678355378793DC7A2151516EF26F58E1C
SHA-256:	C7525344B278F97C88C2AEC47F91005F234A9EFA348FA9FC5B5309F764D7AFAA
SHA-512:	023EE70061BC610FDBCD78AE232F0D3ACEEFC85F0AE2466598105EB9DDA77FAF53CED38857792DBB3FE9A638BFDCF1510F41772239B3FF295EC887903FCFF6E1
Malicious:	false
Preview:	,.................................LP..........................6.....................j.q.u.e.r.y.-.u.i.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .2...0.....j.q.u.e.r.y.-.u.i................0OS/2...........`cmap.U.........Tgasp.......p....glyf...#...x....head...w......6hhea...K......$hmtx..f@.......(loca..wT........maxp.].n...... nameLx6u........post.......`... ...........................3...................................@...F......................... .................................8............. .F......... ................................................79..................79..................79...........%.h.....4&'.&"........?....;.265...65.%................J......I..................?..................%.%.....>.5.4&#!".....3!......27....7.......}...[.........4....>.............Z.......4...>..............h.%....%267.64'...+."...!".....3!...3.I..................?...........................J..............%.............#!"&/.&67!.&4?.62...46........}...[.........4....>........\|....Z...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\font\jquery-ui.svg Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	247341
Entropy (8bit):	4.214378651916735
Encrypted:	false
SSDEEP:	1536:Unr1gWUZVmI/iLQfTfIftXyyQKwqEQj0Yjh+jNmsxI5tuCrTx3p+++4Hu0CZ5oh5:JcoibCg0YjsdCrl7PFXzJ9K+R4A
MD5:	4A07B76635163CAE36F700F3B4BD5A8A
SHA1:	D8A1D2D8C3E5C9F339B0F84300BF8C800B544234
SHA-256:	24D424067D800CE051B73E6C50677BD05AB0737156C4991F32EC69CD390BDF2B
SHA-512:	32B5AD4DF2CE78BB069A3B05352009D3B9700E5D40A4E6582BFBED61FB48251963C6E28537DBA355230277F82625E49FD33ACF8898A749336C8C1889BD0EB4C4
Malicious:	false
Preview:	<?xml version="1.0" standalone="no"?>.<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >.<svg xmlns="http://www.w3.org/2000/svg">.<metadata>Generated by IcoMoon</metadata>.<defs>.<font id="jquery-ui" horiz-adv-x="1024">.<font-face units-per-em="1024" ascent="1024" descent="0" />.<missing-glyph horiz-adv-x="1024" />.<glyph unicode=" " horiz-adv-x="512" d="" />.<glyph unicode="" glyph-name="arrow-1-n" d="M804.535 585.152c0 4.864-1.938 9.508-5.339 12.945l-274.286 274.269c-7.131 7.131-18.725 7.131-25.856 0l-274.286-274.269c-3.438-3.437-5.339-8.082-5.339-12.945v-127.992c0-16.273 19.712-24.428 31.232-12.945l188.197 188.185v-449.544c0-20.259 16.311-36.569 36.571-36.569h73.143c20.261 0 36.571 16.31 36.571 36.569v449.544l188.197-188.185c11.52-11.519 31.195-3.364 31.232 12.945z" />.<glyph unicode="" glyph-name="arrow-1-ne" d="M799.415 385.621c3.437 3.438 5.339 8.082 5.339 12.946v387.913c0 10.094-8.191 18.286-18.285 18.286h-387

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\font\jquery-ui.ttf Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, jquery-ui
Category:	dropped
Size (bytes):	62336
Entropy (8bit):	6.204119558485967
Encrypted:	false
SSDEEP:	1536:I8PtiOM64gbOtSRiQ9/rZtwbvM8GLyK3HgWjsoLHkL64lpt3GDAnZwXIV7fED46k:I8PtiOM64gbOtSRiQ9/rZtwbvM8GLyK8
MD5:	965C53D17724E6B937ADB2C02988810C
SHA1:	FB33C4164EDC1F485D9D260FD53A8FE04030D647
SHA-256:	46B9E2C661504C6E7833634E1228B068707E3A368E941FC5C23AAFCF2F8D2FFE
SHA-512:	BE1FE5ED3981B9C501C69287B784A21F8C11EC43395F2B74ED47F5A9AF567B20A71E40E34689C9A0BEEFA99A5C88B5D2A51101C99FC425171F485F5C366DA0C6
Malicious:	false
Preview:	...........0OS/2...........`cmap.U.........Tgasp.......p....glyf...#...x....head...w......6hhea...K......$hmtx..f@.......(loca..wT........maxp.].n...... nameLx6u........post.......`... ...........................3...................................@...F......................... .................................8............. .F......... ................................................79..................79..................79...........%.h.....4&'.&"........?....;.265...65.%................J......I..................?..................%.%.....>.5.4&#!".....3!......27....7.......}...[.........4....>.............Z.......4...>..............h.%....%267.64'...+."...!".....3!...3.I..................?...........................J..............%.............#!"&/.&67!.&4?.62...46........}...[.........4....>........\|....Z....=...4.................%.n..........27.>.=.4&...4&+."...'&...................J...............................?...........................3!26?.6&'!.64/.&"...4&...........Z.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\font\jquery-ui.woff Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	Web Open Font Format, TrueType, length 62412, version 2.0
Category:	dropped
Size (bytes):	62412
Entropy (8bit):	6.2027867139254145
Encrypted:	false
SSDEEP:	1536:78PtiOM64gbOtSRiQ9/rZtwbvM8GLyK3HgWjsoLHkL64lpt3GDAnZwXIV7fED46k:78PtiOM64gbOtSRiQ9/rZtwbvM8GLyK8
MD5:	2061F86D6D90845D858E5765F73FDEE8
SHA1:	51496F03E356559D0BE26613E6C6906EF40D11B0
SHA-256:	CABEEED496FCD3ACD271114BA608EBFE5CE2518903D1BD080BDDB72225D71777
SHA-512:	5C4D7BB42F0E72B6500B09138930122EF11D80C84942CE4497B1AC73C18AE8BCC0265FC2AF1F175131E104D278E2F6AF1429C329DD8F12217D5D41BCFCA37416
Malicious:	false
Preview:	wOFF.......................................OS/2.......`...`....cmap...h...T...T.U..gasp................glyf...............#head.......6...6...whhea.......$...$...Khmtx...,...(...(..f@loca...T..........wTmaxp....... ... .].nname............Lx6upost...... ... ...............................3...................................@...F......................... .................................8............. .F......... ................................................79..................79..................79...........%.h.....4&'.&"........?....;.265...65.%................J......I..................?..................%.%.....>.5.4&#!".....3!......27....7.......}...[.........4....>.............Z.......4...>..............h.%....%267.64'...+."...!".....3!...3.I..................?...........................J..............%.............#!"&/.&67!.&4?.62...46........}...[.........4....>........\|....Z....=...4.................%.n..........27.>.=.4&...4&+."...'&...................J..................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\___ui-bg_inset-soft_0_900000_1x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	79
Entropy (8bit):	4.82652474306017
Encrypted:	false
SSDEEP:	3:yionv//thPlEbtqNlzsvqhWfl/S/bp:6v/lhPGuCvJNq/bp
MD5:	F0DCB088359D0948C3102B624C234BAA
SHA1:	15CB8E53EFEE66E41A8BD7C8973A4C5EB16202DC
SHA-256:	D3FD0C416206DCEFC821E65913306B89056A5F4F3A16B776DBED9B842A57BDF6
SHA-512:	F93FC93B17373A22182E99FA1323C222AFF66F26F77D5AE73ABB419C92D26E028CABF352214BB77989A749487CB8A0D995499F8274AD70A9595F13FA49AE8FE1
Malicious:	false
Preview:	.PNG........IHDR.......d.....G,Z`....IDAT..c.......a..)...=.V..l.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ajax-loader.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 35 x 35, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	366
Entropy (8bit):	6.728478863035821
Encrypted:	false
SSDEEP:	6:6v/lhP000PwV2he2GXl/fT4T1w9JiMhAedcxwfJ3zRmOvDzBZTp:6v/7s00PwVGe2GXFcw9J/KeKq3lmOvDZ
MD5:	D66E82DB53D9D7E63B00FB02A271DEDD
SHA1:	3AC259BB67C641498E3F7F04DD10A5CD14BB4812
SHA-256:	E312FA3A249F1293569331C7139D5BE758BB5F70B4BEE81329DF132163A9837F
SHA-512:	CDA7A0BD280992260B21695EB11D6334F37EEEABBFC6A5CB455A570529E42F79D9B454DE5487BDB9E49A59ABB9B7A815375BE9CBEB36D06B82BB56813C49C9F2
Malicious:	false
Preview:	.PNG........IHDR...#...#.....).Ck...0PLTE.................................................Hb....tRNS.."3DUfw.......F*......IDATx...[n. .@Q...$..mm..hM.....HFH.?..h.....x}V.....9...T#n..I...3.b.2.D2.._.tk....8y.Z.%..lj....G#...........{U..)D.u]5.j.b..q/6....m1i.......!3.l....H))..F.X>..%.o.\|3..dC.x.g.o......d.8.$ .H...:!'!t.b..$&......}........IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\animated-overlay.gif Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	GIF image data, version 89a, 40 x 40
Category:	dropped
Size (bytes):	1738
Entropy (8bit):	7.502920326603858
Encrypted:	false
SSDEEP:	24:sGz2pFNTXqQcDpLTEejbYLIGAvYdq52UdgOjWTiTkb9NFw/y0tcsE:7ShTXqQK+ePYLIGQhgbykpvydtnE
MD5:	2B912F7C0653008CA28EBACDA49025E7
SHA1:	16FD304B0511EB4792545FF12A53C9C19F98FDF7
SHA-256:	C7BCC76FB23C0430B36EC448EB79F8BC34129DAE95DA10F3C14ED0EACDF2F1B9
SHA-512:	AB9701F82DADB01092AD78BDA4028E6E695F5CA2C7D2E27CB1D46E8E648BBD73E2A148C52927E9A4EB80ECCDB563FC3FD34CDF55B60ADE6153CBA29122859FB9
Malicious:	false
Preview:	GIF89a(.(..........!..NETSCAPE2.0.....!.......,....(.(.......z....KN...Y#......7.)z.......v[3....x..Pw..Ea..F.Of...V.Ye.\|\|/..X\...Wr..o.$..m^..K0>.'.$u..f...6G....'Xg.5..5.....)9.):ZiYJ....y.Y..!.......,....(.(........}...Q6...a....._y.#.i.j.K.-\|..K3^.....Pw..&KO..=7IfTz.LMYh.....cdX\1..ie..a.. ..}...wl.....5..Cg..GB.....)..'..hY9..IHy....YjZG.h'j85...P..!.......,....(.(........m...Q6.,.@o.-`.u$.>.I...z/...6.9~[....^O.......t6.Ac.:......v.N?cUX\|.f.&6x......_~..G........(b.....8.X..%.x7IX..I9x......(I:.Y.XYv..P..!.......,....(.(.....o....;.MZ..Y.\|......([.....9.9......1`P.2...!.H.>oQ..W.^..d..s..c2...Si.y.....x.[..s.^...VGW.wg...........x.Y.8I.I...yIZj.....)X.f).:.R..!.......,....(.(...........CqMZ..Ym.5W(..F~..'..-:.\|......1p?..X...1d.F.SL.q...n..e^.A..<.V!......V..\..d=...v'....wh8...8hW......H..........I.y.F.Yi.Y:)y.z.*.IzT..!.......,....(.(...........;.MZ.E9m.m.'.exf..V+z.Mk.u.O.....i.3\..2...bQwt.. ...b..e.+M~.Hq.;....0..nC.[y....c

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\clear.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 13 x 13, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	509
Entropy (8bit):	6.881750882407032
Encrypted:	false
SSDEEP:	12:6v/7dttlAUZAU9wvWT2LgKU5HUvJHumCh61Q4Zc6BEgQm3yvzS+Lbuy2EMXbYR:MfwG6SUBFQf6BEJAyzjIEMg
MD5:	F470863024F982806A178D720710F024
SHA1:	9CF9C382899E5B17BE2A395CA87A13DFB077F9C4
SHA-256:	3E7CA776783956C0521083DDD59B772E3C18A5E6501C302637528EDBA421378A
SHA-512:	0BE1ADC43285E460ED638AF25132295D418C0C6291E371D8D4C0D3A921227728F4A8130DD7479F02869726D91CAF25BBD0D2391B09713C7EB6B941C6650B3EAE
Malicious:	false
Preview:	.PNG........IHDR...............,.....bKGD.........pHYs...H...H.F.k>....vpAg................IDAT..5.jSa.......g................PG..WP....h%Rp.B...h 4......Y..}.`.W.....B@......<..-!..T.T...M.9..>h.Z..i.M.h.R...\...W<o..^.."8T..\|.<.X...No...T...Q.R\.>\.r..-.....B.mc....S...Ru2\|..o\...Ka..b.w.'...}1...f.?..<#5{.Z..%.I<..Rd...?..V.e...=>.O..R^....%tEXtdate:create.2011-02-14T11:12:15+02:00..j....%tEXtdate:modify.2011-02-14T11:12:15+02:00.V.:....tEXtSoftware.Adobe ImageReadyq.e<....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\format.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	382
Entropy (8bit):	7.016273219448744
Encrypted:	false
SSDEEP:	6:6v/lhPfCysQzQAX4nDi3Um9s0AUsezBtCByNvbTEiNzT6+2Yd7wNyzwgWWTLC4p:6v/7iyjzzmmmH1eVxNvEIe+2iwNydX
MD5:	B56301652EC44592CC28E0D540EDA33D
SHA1:	12E095E250A7D171B97DFD00F292BCE7685A19EC
SHA-256:	1AD7F7095EADF618A4F701284E1FEC99F0E6D60E1995782694CBCDBC9B377A86
SHA-512:	8C07BF2109E5E27546D9E824C49A713266BEC2353D322E7E20E221367306F4FAE7786E35939206CF20626F962A6FB518BDFA7A9A316D1856726E5B6EC609E754
Malicious:	false
Preview:	.PNG........IHDR.............r..\|....sBIT....\|.d.....pHYs...'...'.*..O....tEXtSoftware.Adobe Fireworks CS5q..6....IDAT(...MJ.A...o.hV...b..(.n<..]..... g...,\. H@\..."].........zU.Uh.&...._....RRf..Np.b).:v1.C.y/?.a....s..1N.~.....i..J...a...A.4.<<..u].2...En...\UU.mQ.G.Dh..Z^UUW..Q.;...;.B.g....i.9..........G...9.+.SJ.&H.........)......x......j.>o....KqR..HN....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\icons-18-black.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 776 x 18, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1948
Entropy (8bit):	7.665021152090171
Encrypted:	false
SSDEEP:	24:LExJgxFrLuzNN+2SZ2MFncEZ/aKL8sekCrBwqcS3qlN5IzDptJ8/r0S6Ay4z5Tqi:LEsqzNNTSczUtmkN1TbIzdtNP4z5OcX
MD5:	57A06CE419793FA7C1738AC87E8C983E
SHA1:	2798571DA477394DE44A758498D28E8918C8EA0C
SHA-256:	F62097121F144FAF1409D594AEC79EC1E687E9047A0404A1B6010D2F5D4A74A2
SHA-512:	7AA92CD04BD1959DF35976C7D3A2F337C416016A883F7CC4D6753A03ED39DB1FF1E10D44C3B99E852279238EE69BDAE484BDA7B94614A0F152AA33A1764054BB
Malicious:	false
Preview:	.PNG........IHDR..............~.E...#PLTE..............{{{SSSIIIBBB:::333)))!!!................................iii[[[SSSIIIBBB:::333)))!!!............333)))!!!............BBB!!!............:::.........333.........333))).....................sss...............{{{III...........III........fff.........................................v...]tRNS.................""""""""""""""""""""3333333DDDDDDUUUUffffwwwww..............................By}.....IDATx..kw.F..7.(.@.......6...Z....j!U/j.^6...._.Y.!.4.F99.......=#i5..Hak.\..... .1..Y..j..(...S..@j.....>.Z..s..E....E.C....<]Q.......l...Z)...L.z.\Z....g1#Q......hBAk...F....:F.H.9...AA.Y[..<......LG......a..^4Y.F.."....#..5...5JP1..ELE...QDV.~26 ./.$3:.v...9._..}..{.Y.[..%..p\|....\BE.p#..j."cQ'......@,Ix%..j.......{.@B.n..R.i....C.x...Z........NG i.0...<...SF....N.?..m...`0>8<>><.....r....6B..s....2...D.(..5.. .f.R.daD...sb..Y......e.r...IP.0.F"MY.W\|.{H5.....$.9..@.fJ.l..~.....t..~...]..2.`.......`.P.........U;.........Nfb.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\icons-18-white.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 776 x 18, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1958
Entropy (8bit):	7.680312777727461
Encrypted:	false
SSDEEP:	48:LEw86Wk/jYuRW1ksVq6RkQczOJDBbL3SJI3jnjg+iski:YXHdwWyB6RW2DtSJ+nUy
MD5:	1C58818BBEE0D727686B0995AECBDE84
SHA1:	B4219047DFB89EE1D218BED6E14BE9C3540961E1
SHA-256:	873B075FA889C6E3DF892624C44B30F06EF59373A487BDB406004433A4FE13BF
SHA-512:	D2B99306D7A5537E84C19A08E5F1CBCD99A230D69AC2C63DD6ACE902AB134BD8FA1FD91F13C0A922BC12BD9C6F35626D1A427367C3CC28B6CE291746DB99DF73
Malicious:	false
Preview:	.PNG........IHDR..............~.E...,PLTE..............{{{SSSIIIBBB:::333)))!!!...................................iii[[[SSSIIIBBB:::333)))!!!...............333)))!!!............BBB!!!............:::.........333.........333))).....................sss..................{{{III..............III........fff.........................................atRNS................."""""""""""""""""""""3333333DDDDDDUUUUffffwwwww.................................8+@.....IDATx..kw.D..w.....@....,q,.....JUh...X.K;....fm.9........#....V.3#;b....9X.....N.b.....e.[...b....?H..%Tb.......E.".v...=]Q.;...(.....R....$$w,..A..............C^#..i...h...0........1... s..G..\|..\|,Ju..`U...#...f...T0(..$}.N.\...#.Q....... b._.It.lR.[.3v..._?......"...`g...v.S......X-....1.....K1^.l..Ay...>...B"D...+...<6..7S.".C..Or....]^.:...L..K.......qpf#...........h0.n.k.h......S<XC.x'..).\|.... .'..&....Z...``.....%>#.]G...W..L.e...?........[M.X.>@4m.4....-......-........."B...{...1...A.."......c^....e{.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\icons-36-black.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1548 x 36, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3748
Entropy (8bit):	7.838643250674238
Encrypted:	false
SSDEEP:	96:NXdfCnsDmsE3Q/Ul8lMTnWdhVzKlWverxs35AG0TYP0:NxD03QcKGTWdhUMe9wH0TB
MD5:	180341C036436C4A49936B2B3E79B7BB
SHA1:	13521031384B5EA8ADF1569BB1A3812222C91B04
SHA-256:	2DFF74780BF7FE70683CA57131C1AF2B505E71EDD62731E1ECCF80F4D9FFE2A6
SHA-512:	3B616F6A76CE7BF47F2B58668EB23D9E03FD1C2E6AB6638CB8356E64443D6BF1E379518B87F14BECB1D67F74BBA8CA8480D6D23C1D89EE4F687E3414B4E369BC
Malicious:	false
Preview:	.PNG........IHDR.......$.....b......zPLTE....................yyykkkRRRBBB:::333)))!!!.........................................yyykkkfff[[[RRRKKKBBB:::333)))!!!.................:::333)))!!!..................!!!........................[[[))).........tttKKK))).........yyyfff[[[BBB:::)))!!!...............tttkkkRRR333...............kkkKKK.................................................................................$dy...{tRNS..................."""""""""""""""""""""""""3333333333DDDDDDDUUUUfffffwwwwww...............................................M%....^IDATx.........P^Z..:.KI.. F.8b.s....Z.6.U...64...."J....{....l...%.}?.4U?...k=_.#;E.....x<........i.U$.....x<..E..`.16y....<...l.X..b...=.Y...x<..ga.4.sL....u.ga.o.x.x....y<..r..-.4*..[.,.(!..a..J. ..,t....V1.\|.d`\pt4.....#.]..K.XL..+9.u.....wK.y..G.$D....@...p.B'..A.R:g.(B....#8......_...../..B.o....1....E4.uH.....2...uB.AY.... .p.&...uAU....Z...,.76..4(.:(..t.SU).....0r@.....)....?......1..._..."8G..~...R... .X

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\icons-36-white.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1548 x 36, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3746
Entropy (8bit):	7.840798991390145
Encrypted:	false
SSDEEP:	48:IMXgIDb+GkvaLSO5hOSRJZqrEBtEyDASFDM46+eM8XvHBHVyRzWm7rZtWcGze0J6:x+jO5XrZYmMi0sz1DWcJAotuNw
MD5:	8AD3678F02E860C055BE0953D8E4BFFE
SHA1:	FEA40D8D1AE1B5F6819EEBE695DAC3F243C6209E
SHA-256:	8A05B47385106D84572EB1F7980EB72768E24AC06991DC9004904199C4D3FBE3
SHA-512:	1E2795BB98E21792A94DD4C6FEC8671A2624078932AC6D5A76CA16B7A7FB45C7D959EA627401A3F8FDD78379702D7C24548DB3ACD7746B70A615313C9B2EBD0C
Malicious:	false
Preview:	.PNG........IHDR.......$.....b.......PLTE...............!!!)))333:::BBBRRRkkkyyy..............................!!!)))333:::BBBKKKRRR[[[fffkkkyyy.......................................!!!)))333:::..................!!!..............................)))[[[.........)))KKKttt.........!!!))):::BBB[[[fffyyy......333RRRkkkttt...............KKKkkk........................................................................................j.....~tRNS..................."""""""""""""""""""""""""3333333333DDDDDDDUUUUffffffwwwwww.................................................[....SIDATx..{.....(.^`.m.4....u.I..%Cw.....nc.......c0o.).E..^....w.~.\|.}.>M.'.}~r..X?9.....@ .....g.?.3K.i'..3'^........$.9.;.%.........<3...X.N..,2@s..@ 0s..l.......,...n..6.\|..........d..amaqX..D.Q ...d..9.......<E.o............nd`..h....a....#F....pY'.%s>.8.2..@r.Y...2.Z... I......&1z$8w.a........O.......b.11.i.h#.P./.Zf.s.VB.Q]..N ..7&\...u..9v.tS#.u............A]...<G`R.y....2.`.,.i.I.....7....X.,_..".{..Y

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\loading.gif Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	GIF image data, version 89a, 16 x 16
Category:	dropped
Size (bytes):	1849
Entropy (8bit):	6.988667821824317
Encrypted:	false
SSDEEP:	48:xjY/8UK7DKxP9UVpyDV+EgfWgf3C7WnW6N+jH8plLP:xjY/8U8+Ph8vu7yh
MD5:	7B9776076D5FCEEF4993B55C9383DEDD
SHA1:	DCABDD743FD3E9D7BD5647ABEB86E66A3E6F9597
SHA-256:	F6ECFF617EC2BA7F559E6F535CAD9B70A3F91120737535DAB4D4548A6C83576C
SHA-512:	9A2ACBEFEF61EB799DE9D12B48F8A477195B6E10CFACE9298938B0FF392B2631F9E109707D9327A8651B4F2438FDD7F8638D71DF77217FF6C59C3626B22AA6A3
Malicious:	false
Preview:	GIF89a......................FFFzzz...XXX$$$...............666hhh.............................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,..........w ...!..DB..A..H........a...D....@ ^..A.X..P.@."U...Q#...B.\;....1.....o.:2$.v.@..$\|,3......._#.....d..5..3.".s5..e!.!.......,..........v ..i@e9.DA..A........./..`ph$..Ca%@ ....pH......x.F...uS.....x#..........Y.f...L._"...p.3B.W......]\|L..\6.{\|z.8.7[7!.!.......,..........x ....e9..D.E".......2r,...qP........j..`.8......@..8b.H., ..0.-...mFW...9.LP.E3+...(..B"...f.{.BW_/....@_$..~Kr.7Ar7!.!.......,..........v ...4e9..!.H."......Q./@...-....4.....p.4..R+..-....p...`.P(.6.....U/. ...,..)..(+/]"lO./.Ak.....K...]A~66.6!.!.......,..........l ..i.e9.."..............-.80H.....=N;.....T.E........q.....e...UoK2_WZ..V..1jgW.e@tuH//w`?..f~#...6..#!.!.......,..........~ ...,e9..".....*..;.pR.%...#0...`. ..'.c.(....J@@........./1.i.4...`.V.....B.V...u}."c...aNi/..]..)).-...Lel....mi}....me[+!.!......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\new.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	368
Entropy (8bit):	6.985798235857235
Encrypted:	false
SSDEEP:	6:6v/lhPfCysQzQAX4nDi3UmmcA0BQHdUxS+qZohzvJwMtUVlh/YbvwX9EJ7/bp:6v/7iyjzzmm1AeSdghNweUVTYLwtEJz1
MD5:	29E21CDBDF17DC34CA71805868616D72
SHA1:	A0BCECC4738874F509867B92AA0D81153B77D9F1
SHA-256:	004F91F5534BC5D5C5567F533F55C79A6C864EFD8CDCCF4957E06888F131EC1C
SHA-512:	3681CE8E2E0F9D5BA7A52DB45E7C7508E20081713C373C5ADCAB0BEDD93B967166B6E9C20C11FE24DB70CCD9572F232DA41ED4FBB4CDC9AAE3F483C9C5489912
Malicious:	false
Preview:	.PNG........IHDR.............r..\|....sBIT....\|.d.....pHYs...'...'...O....tEXtSoftware.Adobe Fireworks CS5q..6....IDAT(.}.J.Q.....M. ...A....l..o`....D"b..'c.{...=.03.3?'....a..\|b.;.CDH}...1c.Xc.ED.O^...Z.........p...H(0K).V8..iR].ZIH).s.'.W......J.UI.+L..1..'...m.S...t..4.p.P.Q....e....x...Tx.....o.cD...q......G.zl...x...x.Y..{?..Xa........IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_flat_0_aaaaaa_40x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 40 x 100, 2-bit grayscale, non-interlaced
Category:	dropped
Size (bytes):	212
Entropy (8bit):	5.399495587484485
Encrypted:	false
SSDEEP:	6:6v/lhPnHvll2VztlN4EYyzgN+nv3XV0g2EMDv3XVq/up:6v/7vHWVztlyENzS+nv3FZ2EMDv3Fq/c
MD5:	36AC49745F856332E2D7CF32D25308DF
SHA1:	58B08E41A7AE3D27218CC11B606E01D4C33BE349
SHA-256:	EFDC95A0FB75C6452F16423DA4D3C44556D92211E98F8AA7331F56A2C620A421
SHA-512:	370268E492081DA754E48C692B49D0C079AF9705156176F712336E0677868BDD440074FE15372FDCF24A455E1C6D7B8B073D0C76993ADFD04B58DB26777E056D
Malicious:	false
Preview:	.PNG........IHDR...(...d.......5.....bKGD..3.r.....pHYs...H...H.F.k>....IDAT8.cX.....Q.(s.I....I./ZW.....%tEXtdate:create.2015-10-25T07:35:03+00:00.o....%tEXtdate:modify.2015-10-25T07:35:03+00:00.......IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_flat_75_1a171b_40x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 40 x 100, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	206
Entropy (8bit):	5.376148205303877
Encrypted:	false
SSDEEP:	6:6v/lhPYSzmtmy6+52VztlNxGOGzzgN+H5EMCp:6v/75zmtmUutl2OOzS+ZEMI
MD5:	42716B5BE145068BD37CB0AC90B823B4
SHA1:	BA553EF756050328DDB9F00C66ACCD6B75CC6D18
SHA-256:	D191CD327FCD5F451412A2E7719E515AB2E4FCA30A5A2C8D4FC8082375B34FAA
SHA-512:	EE88E5DEE4DCD19377084A2BC2D6DD092FAB820FD103BF741B9DFFAA6154AE5EA7561674130BDB063910040FCB698AFF4B50CC9178CC7B8155D7F957EE76BC99
Malicious:	false
Preview:	.PNG........IHDR...(...d.......9....PLTE...9-V.....pHYs...H...H.F.k>....IDAT(.c`........X..u6.w...%tEXtdate:create.2015-10-29T08:38:24+00:00;.....%tEXtdate:modify.2015-10-29T08:38:24+00:00J.c.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_flat_75_808080_40x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 40 x 100, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	209
Entropy (8bit):	5.6735361203465615
Encrypted:	false
SSDEEP:	3:yionv//thPlVbtaxPGJGeI62F+xl9gp4DEtdOH8taTWbbLNNNNNNNNNNNNNNNNNl:6v/lhPKPGoeIKlWpgEVEWtoup
MD5:	F293F4664DDE15AD45249BCE2914BA71
SHA1:	1D3AE2FB12D31F4D4E3BA9AB08A762ABE469B3F8
SHA-256:	10545DAA631775E1FAE83D0817B1E390026779E606B5617C96E9E38977D27B61
SHA-512:	B59301F13D68BC9D9F1881765B32F9C1306B8C7E9BB43AC618877E27567204220C4DC849F8D12BECDC0980A578BA1D60B1BB4036E9605D09F4B5381C419061DF
Malicious:	false
Preview:	.PNG........IHDR...(...d......cB.....IDATh...1..0......e.1 .w@<...8A....~......7.r..@n_m.I...A./......3!!!!!!..>.............O....O3..i.V.V.V.V.V.V.V.V.V.V.V.V.V.V.V.V.V.V.V.V.V.V.V.VvrI..`.j2....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_flat_75_e6e6e6_40x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 40 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.9105914027499775
Encrypted:	false
SSDEEP:	3:yionv//thPlVbtr/Nkxa90BLI6HwrEgwrEgwrEgwrEgwrEgwrEgwrEgwrEgwrEgd:6v/lhPrR4LI6Q4CCCCCCCCCCCGCbp
MD5:	69CCC5A992FC67107508933CA49CD1F8
SHA1:	5D992E6EFFDB38CEB2BCF88E1CDACB831BC736F9
SHA-256:	A8D2B8EA4E0F7C450CBD8B46CDAD32BF48A29C4D7DF3D4F364DDEC603F231085
SHA-512:	13857C3D783A8324CE672E904FF439A52B15DA58C9F412D4E320B0E7CEA0483BEC455E40AF545F6ECFE6A5D7866D9F86CC3A026C6C819C01AE0D2C7E6728E8F4
Malicious:	false
Preview:	.PNG........IHDR...(...d......drz...{IDATh...1.. ..1...Q$t......3..;_...T.UAUP.T.UAUP.T.UAUP.T.UAUP.T.UAUP.T.UAUP.T.UAUP.T.UAUP.T.UAUP.T.UAUP.T.UAUP.T.UAUP.T..8.yz..2....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_glass_55_cc7b10_1x400.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1 x 400, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	186
Entropy (8bit):	6.488058755866644
Encrypted:	false
SSDEEP:	3:yionv//thPlE89fiQV00llS6EdEoagL2ytKCL5I6bIv/u0Bhq8mQxhpSV1q4Q88c:6v/lhPh9qQeOSmXQ2y0m9bIv/1mQhpS5
MD5:	7791DC63D7598255104D392982B08B79
SHA1:	D2F0DB41E39366D12DF469398B8C11FCE4DC590A
SHA-256:	1E631AE7EE44628FBFC8B4872D9FE1436D038B8D3E037C9394EADFE324AB897F
SHA-512:	FBC651AF730BEF28E153C92CACDA53F67805B2A6AB64AAD1AB0F9E77C5A3C45A0CAC23489F3AFD8417CCA6D55DCAC01C15B1758C3949EFC56CC989ACD58D7374
Malicious:	false
Preview:	.PNG........IHDR.............._:M....IDAT8...;..@.........bB..,....P...JCE...K..dm.vf2...G.>..w..g....x].L.....$..^y.........C..V+....2..HQ...\.lR"...x...B.??..............IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_glass_65_ffffff_1x400.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1 x 400, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	105
Entropy (8bit):	5.559579348443173
Encrypted:	false
SSDEEP:	3:yionv//thPlE8SWlVsXIuCZC6fUzXbBR0Zbp:6v/lhPhSWlwTiCXXlwp
MD5:	E5A8F32E28FD5C27BF0FED33C8A8B9B5
SHA1:	7E5C99E9F0113BA6B63C2BB408B8347191316CDA
SHA-256:	F0E6CD91B837D5C5644D026E5FFECCD907953317CD5C0F689901733AFDA260B2
SHA-512:	0D728DDE9B4198A7D2D757C858C23233B958D2143203E8F56040899AA9AD0F4A6FBD0BBA268CF25D7E1C4FAA3FC7CCF52F35050008A00F354D9F02529FDA6D4A
Malicious:	false
Preview:	.PNG........IHDR.............oX.....0IDAT8...!.. .......+.......J.HR).[lk.=O_..(.<`....H.".....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_glass_75_dadada_1x400.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1 x 400, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	111
Entropy (8bit):	5.582838746834388
Encrypted:	false
SSDEEP:	3:yionv//thPlE8SWlTAkx/XaaDO7GmtmnwVk3w5F1kllbp:6v/lhPhSWlkk1RDO73mwVk3E1k/bp
MD5:	C12C6510DAD3EBFA64C8A30E959A2469
SHA1:	11E9ED5A7DB83CF86034068E4F6DE4C2F273F0C1
SHA-256:	C108F5CBF2DD9EC07A26530695DDD95E1664597CE6C056AE44C162CC2E28CEC4
SHA-512:	EA7B2E96AF7AEC6139FDAC149A7A10E02150F3982D384B1ADE7B305AC28989EB83A54B7346FDA299FD1F6623F16AEC0C7311C0C18A26B45C85186A95DA8A5C5C
Malicious:	false
Preview:	.PNG........IHDR.............oX.....6IDAT8.cx....&....Qb..%.-...7(.....`bbBf!.....(1J......c.........IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_hexagon_0_282a23_12x10.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 12 x 10, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	202
Entropy (8bit):	5.324947125053485
Encrypted:	false
SSDEEP:	6:6v/lhPHYUlZQNuKztlN6yWy20g2zgN+F9LgEM59np:6v/770umtl89Qg2zS+F9EEM59p
MD5:	6D0AB3E201FF560708CE3BC2FB6688E0
SHA1:	82E0EC6FA6F47C86104D38692CA740A65161D137
SHA-256:	EF7C2888BCC03745516A0AA885B4169378DEFF97F8E661319AF91BD0EF3FD610
SHA-512:	586C1FDC69212935480B3FDC095AAE69C88DCE776FDB909DC3EDC3CE7E0471FA91C60D4418F8D2C995E42901ED23A46DCDEEFC0B5C2B68C2113D1136F39E29AC
Malicious:	false
Preview:	.PNG........IHDR...............-.....PLTE(*#\(......pHYs...H...H.F.k>....IDAT..c`.......n.G2...%tEXtdate:create.2015-10-29T08:38:25+00:00.......%tEXtdate:modify.2015-10-29T08:38:25+00:00.h.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_highlight-hard_55_cc7b10_1x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1 x 100, 16-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	327
Entropy (8bit):	6.509661679889794
Encrypted:	false
SSDEEP:	6:6v/lhPeozp5mtlN3EWdXivNP5j99jK6vg+eqXV+js2zgN+H5EMCp:6v/7Wo1Qtl1iR99u6vg+7SzS+ZEMI
MD5:	3F6CDE1A248A5FB3E4B4730471745B95
SHA1:	8C4F1B932E0A135856685CC8E9B8EA41EA604FF0
SHA-256:	41BF0368765A486AB24B87467170CA13F3631E465E60D7541A9C28A1628427FB
SHA-512:	EA3E8AE535E98C18AA80D9F0CB072A7FA28C2B8DBFFC28FD606B3FAFEE6417847704E0E6C4E60D1A90845E8EB7FADA8342A2C9932C81EB57783811CD6819F17F
Malicious:	false
Preview:	.PNG........IHDR.......d........t....bKGD.......X......pHYs...H...H.F.k>....IDAT(...!..@....3 q%YUG.8..:.A.%P...\..M. ...@........?.&.)DDD.\|..#..... \|.*..Jp....X...Z...6.3X....[.A...8.......\|e..a..oo../2]Fu.......%tEXtdate:create.2015-10-29T08:38:24+00:00;.....%tEXtdate:modify.2015-10-29T08:38:24+00:00J.c.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_highlight-hard_65_cc7b10_1x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1 x 100, 16-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	331
Entropy (8bit):	6.331517155755018
Encrypted:	false
SSDEEP:	6:6v/lhPeozp5mtlNzmuaD/4tIjBs3aJwAs0dhaRg2zgN+H5EMCp:6v/7Wo1QtlM94Oj23aJwAsQwg2zS+ZEj
MD5:	2B16F7E51C9C809B52BE2AAC82D22F8F
SHA1:	7C39EDD28133935329FF05FDE0371636E22CA421
SHA-256:	2698204ABFC988514D3D9444300A9B79F8A7573AB637653D643F342E43BA59F8
SHA-512:	F153CB3B20D13E049DA0E8ADCB87ABD676CCD8AA3115366A694614652D8BBC1FFE2DE2B65C14C5597FB2C94651BD8ABAF6E74762D959B678241344C0D062EF91
Malicious:	false
Preview:	.PNG........IHDR.......d........t....bKGD.......X......pHYs...H...H.F.k>....IDAT(.cxpd.f.b&......Q..u..*.d....~..e...._.L.'....../....+........9?x....v.Q..O......./....s~.0........M...z.....o.........ho.)....A..e.....%tEXtdate:create.2015-10-29T08:38:24+00:00;.....%tEXtdate:modify.2015-10-29T08:38:24+00:00J.c.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_highlight-hard_65_e90701_1x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1 x 100, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	167
Entropy (8bit):	6.2878097698439435
Encrypted:	false
SSDEEP:	3:yionv//thPlEbtwgTllRdxy1rRoGJnFoWuz/rqvWu4WwRp7p7TZcptWXDQv2HB1p:6v/lhPGwvFoGpdOrqv14jpXip/ijp
MD5:	F8E5C087C8A6D796CF0A357DDB3E6317
SHA1:	5B81B4E9CFEE05CD109D2B784FD87FC4EC9C8747
SHA-256:	73A8412036FC36D034FF817B44533CF80C2547B01AF35AAF7D089CAD13E1B064
SHA-512:	CE3EDC4BBAAB62811108A5A9384E0DD63E49B81A9BC01F84B52C0D27BBE21DBFAD6AB560278D8C71553658C38DA60874692254C7162918E06477DD28D68EB754
Malicious:	false
Preview:	.PNG........IHDR.......d.....0+j....nIDAT.......@...m.....L.c..Eb.A8IH.=+:....T..K.....b)..O..I..ox]sO...m.FKUB.]\L.N./..0...,..]@....y.....X..t.5..I.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_highlight-hard_75_0062a9_1x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1 x 100, 16-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	323
Entropy (8bit):	6.352635841419132
Encrypted:	false
SSDEEP:	6:6v/lhPeozp5mtlN0Lnn/xniVDstMYnBntKmMnozgN+H5EMCp:6v/7Wo1Qtl4/pw0ntdMozS+ZEMI
MD5:	B120DEC9A3E09D534513D2A99C92F88D
SHA1:	496853AD38285F1ED1B4724AB58265B39420B37B
SHA-256:	080F3C498FFDABBC69448F6CB2AC66335131C96052538A088091306A5920B6C2
SHA-512:	F4F5CB4F025D05F8D01676801B0202037C910E74BFE2487F5CD70200A72B4E5296DCCE6AF7DE185ECA95AF0BAB0846FDDC0A03D585E6009E42071A2750EC0105
Malicious:	false
Preview:	.PNG........IHDR.......d........t....bKGD.......X......pHYs...H...H.F.k>....IDAT(.c(6^..........a..A.......w.?..UL.,._..........2}........f.~.....B}-.....Y...5L..~.B......_S.......1...s..v.......38\|;D(...G.T..)...%tEXtdate:create.2015-10-29T08:38:24+00:00;.....%tEXtdate:modify.2015-10-29T08:38:24+00:00J.c.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_highlight-hard_75_808080_1x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1 x 100, 16-bit grayscale, non-interlaced
Category:	dropped
Size (bytes):	251
Entropy (8bit):	5.870336205229165
Encrypted:	false
SSDEEP:	6:6v/lhPeNkFtlNA2/1w+4OAoYbxa/9dJmKzgN+H5EMCp:6v/7WNEtll4OAzI1vzS+ZEMI
MD5:	BC60BD25D4BA8AA8EBF20472CA3D8C75
SHA1:	8ACDC37B42C3C3D8AF0E7C0AF3DBE2CDA4368EE1
SHA-256:	11A09D9544C81EF810AA66F805C25BA09246BA3ADE9F70C4D934C36D504B56CD
SHA-512:	BF4576D60C75757275340E4B4B5B19162E02A20E8CF07015E1EB292C3E6DCD12077DEAB9A344A870E0F578EADB8AA864C69BBA99E3EC3CE96E48A8DA898C796F
Malicious:	false
Preview:	.PNG........IHDR.......d.....2.......bKGD....1.....pHYs...H...H.F.k>...=IDAT..c...a Q..v.......`X...,.aa...........z..:..Z.............\|a6..S...%tEXtdate:create.2015-10-29T08:38:24+00:00;.....%tEXtdate:modify.2015-10-29T08:38:24+00:00J.c.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_highlight-hard_75_dadada_1x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1 x 100, 16-bit grayscale, non-interlaced
Category:	dropped
Size (bytes):	252
Entropy (8bit):	5.918037871739497
Encrypted:	false
SSDEEP:	6:6v/lhPeNkFtlNYskPDiDjQhwck6HzgN+H5EMCp:6v/7WNEtlq/DyQSck6HzS+ZEMI
MD5:	732E8405A70361B84CC0DFF0EAD15745
SHA1:	D725D5EEDF4DA6134BAA618A0AF211A3823EE188
SHA-256:	25E6E02510C377571771E5323DF2F9CA830BA9E6533D713D4BBF52F58871DE53
SHA-512:	DAA4271D083F23B13C7084631394B3A6FF55DB759C6552318C67CD6F6734B174D0248379570FA8012017B5B0681CD1406E4666BE853D2E596FA60EBDFF38CFF0
Malicious:	false
Preview:	.PNG........IHDR.......d.....2.......bKGD....1.....pHYs...H...H.F.k>...>IDAT..cx=.a Q)...//1.......c.'...>0<.`.....D....w..n{1.5...yf.........%tEXtdate:create.2015-10-29T08:38:24+00:00;.....%tEXtdate:modify.2015-10-29T08:38:24+00:00J.c.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_highlight-soft_75_0062a9_1x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1 x 100, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	187
Entropy (8bit):	6.49094644908619
Encrypted:	false
SSDEEP:	3:yionv//thPlEbtwgTll9Aww+sFgt29jUsQWB4hnT9v2yAJZEO+RspR91wfII71os:6v/lhPGwLF3gtMUW49vNalhpRvwfII7l
MD5:	44AB91D099D645E405FCAC0495646238
SHA1:	601EC4B4A1BA12F3520B3F73032BA6D156247C42
SHA-256:	0FBFC755FF1E3D1BCC963545CC097B470DA081A281C5E7657786BE45FCB0830B
SHA-512:	47082A93AB7EED714DAC191CB8EE8EC59DDE939220EC55A1822162B28EB7CCEA727A0B74082AA4BA786E3821EDE6813FCB91E100B27F15C2ED0D22A80AA34172
Malicious:	false
Preview:	.PNG........IHDR.......d.....0+j.....IDAT....1..0..G.d^.o....$d.E.......)..Ls{..j.).x......?.(M.-..\A..:8....].-......yC...kC..!-*.e.+...0f..3.-U..R..-...3.cF...3x.l}T.=60.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-bg_inset-soft_0_900000_1x100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 1 x 100, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	203
Entropy (8bit):	5.23024963217544
Encrypted:	false
SSDEEP:	3:yionv//thPlEbkSeC71/JutllDGO7Z04RyRlglX+psQ8tDRyRmMyQfspLp:6v/lhP6T79YtlNGO7OzgN+H5EMCp
MD5:	97813D092E7269B1AF78549729CF1DDA
SHA1:	A2E7374A372AD9075288E7F8BD30DB2CFD7EE240
SHA-256:	5CAEAB2D819FD97031A3FAB4A5A9AA759C9C4D1C30AB78FD15C6652AB51E9D4F
SHA-512:	F1B96B9C0FEA0B9F33D7A26D370FDE8F7749D5767286BB46E0E32EC682B100A844D546121CBFED0A7F8B4FD0C1D240CB655FA0537E9367A18E7BDD2E6F82595E
Malicious:	false
Preview:	.PNG........IHDR.......d.....}..#....PLTE...Zi.*....pHYs...H...H.F.k>....IDAT..c`........\|ci}...%tEXtdate:create.2015-10-29T08:38:24+00:00;.....%tEXtdate:modify.2015-10-29T08:38:24+00:00J.c.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-icons_000000_256x240.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 256 x 240, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	5331
Entropy (8bit):	7.902200742298092
Encrypted:	false
SSDEEP:	96:K3FmYTu0VcY0ImbxAuqTKVuqdsFwHnib+GE/DIQw8+GLcx00MAffKDI:KLDchfbuoUKGwHiM8QwiH0MAHAI
MD5:	61A5E5E5B718CE6D108DB233A5C5D4AD
SHA1:	BB9EC096DAE24EB9BBB9F1D06921A86D67F476D6
SHA-256:	9DDDDAAA8D7884E84C882677EA87CF3D17CB1F0CFC2766FA53B798000C2B078D
SHA-512:	D563D346C1BF4928DE53E1AA6B4D69F6DFA016547C08C2D2E0082616C17C3F2F9F510E08A9D5CC32779D7B04AAACF808298D22C70C374099310B0938C3B0BF20
Malicious:	false
Preview:	.PNG........IHDR.............E.r@....bKGD....#2....pHYs...H...H.F.k>....IDATx..O.$.}...X3+....B/..d..8(.{.{s+a."..+p.>..f..L....D....C6(#ap0.aq.I.IF.....0.. ._v/..../..P.^...yU.=....4.......{...^....0...0...D.}1..3..B..7......\|...qa...+^.........Y7N...F........Z....C.xx.Z...@.=&.z.z..$z..UB;.1(.5.!ky<...p.Gk.1=H......+.s....~.....A..@..U.9.......U.v.:.W......0..0..0..0"......w.{E+........r...B.......@i.WVI..@W.=.-ti>Q.aT...V.i_.. ..}W.1E.m=@.t1Z..q....j...8%....>..`(.n..:.=@<.E....bN .v.0../...0..0..0..0.. .......X&...}.:...I.~S......Og..a..j..;....S....>[8.0.C...>....A...~.t....Z.......S..\L...5.YMaL..1.x.......d.f.?...p..C.f}.)p...)..@.M..ip.\...<..S9..@...F$...v.....~.......G...T.q.nc....F).n.sl(=....<_.N.Y......0..0..0..0....j.F...hkj...v.w.S..Y...@..x............a(..6.".9....&..~..V.m..S.....DJ.b.6n..!.+...x\|.7.0:N.....{.r.8%r..W"..r.....T..\u._.z.4......c.....+.^.1.'..NasP.&. ..C..[.R..r...) >...)`.......<>l.........m.....q!.. ..e..T..>..v.k..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-icons_1a171b_256x240.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 256 x 240, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4549
Entropy (8bit):	7.790503700515999
Encrypted:	false
SSDEEP:	96:YezHbJHvBKzqOmbEiFaEn4L0347j+MZdJdaDgEz3iXB:YebVPOjmYBL0o7j+AdJQgEzm
MD5:	375C075B2953626F5EFCF27868A03343
SHA1:	7AA67FD4F9D1C9A3D2EEF05D741032244C2F1254
SHA-256:	30869997BE08650028A3F7A037BD9A4C1026927C5EFD196EE9F290609269F4F3
SHA-512:	4D42B7A70304367406A1E84E3609BE9AC455CE9317496FE47D7084D61DDC31821515712BB56E5DE5D17B0E053997144270031A32F337FCDCDE5FADCFD1FD5F88
Malicious:	false
Preview:	.PNG........IHDR..............IJ.....PLTE...............................................................................................................................................................................................................................................................................!G....YtRNS...3..P.../"Uq@f`..2..!<.BHK .Z#'1S,.4...j...8E....\|.........)...Q$.......b.J..m.Gc?o..h.@^.....bKGD....H....pHYs...H...H.F.k>...dIDATx..].c....H..].K....d..%....lm....w].....\|.p..X..m.-....}<.w.(....1.$...;..F.@..%..?......B,..L.h{.t...#....T@./?.j...9..m..N. #...+`....`..I....._.-s..U0..M...[...s..4`x.....#....D<....~...K....4.]`..PDDDDDD.q......Ek@....A...~......!Y...X...`.hv3\LX...Ot.J.2.b..l.QI<.... ...6..-X.l..6..H..\|=j..`E.iq....Cv:..q............C?.?.....x.,..rt..}\|;.kP.4....d.Y....f....K..~[.>.X:+.i.......QV.9.\.....e...'...A.tO.S.:7..2.....YsxM....B....&....z.>n.C...@..r@...*.a.....%...MFDDDDDD.T.....H,...E....RU..n....<..V-.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-icons_222222_256x240.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 256 x 240, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	6922
Entropy (8bit):	7.9415645512504005
Encrypted:	false
SSDEEP:	96:EtbmwCm38cHXpuWxCxISffIuZ/vTwcZMCCn7/totek2HAqcRln2cM3+gpF:AqdmzXpMbxMCK76tdqAZje+8F
MD5:	3A3C5468F484F07AC4A320D9E22ACB8C
SHA1:	10AF36AA842EA948AE4A7C11851B91049FA364D7
SHA-256:	DDA8EBDF235FB1C902438CB913D5153D2FE9E8A6AA8BAFC57DA4B1FF28E37ABC
SHA-512:	D7857DDD0335784CE41EE20682357A17225F8F08A33386378BAE79925965B70039EEC0E62226F1B97336F98B71DA3C10A02AE7CCB005BEFE439E601AF75266CA
Malicious:	false
Preview:	.PNG........IHDR.............E.r@....bKGD."..b.....pHYs...H...H.F.k>...'IDATx..{he.}.?g.....{..1.)......]K&qq.U.4k.biK.R(H...B..P(I.vJ._....IV.@.nB.5i.N...i.G.jq.&.~A#Q.....rX'.....9.:..{.3.E{.=.y.o~3g~..Mp..&.....1Xx.h8<...#dl..Mx..1.&..$..5..~...V.....c.$.......,..........i...N:.Z....Y...>.."..B...H!...........-..C.u.8t..}....8.!.B...*.OF...[.a...l...B&......1h.>..M]hN...4MAb....!(..h.E.1.5j.cO.<6.e7..,e...S(..f..o.16+3.y.JR.\|.{.^3.^.....{.88..........~'.....px.h8<.4.........g............2..n..6e.......{......Q.......p...P.A..i...f.S.....(..D..'.L.6=......T:s...f.q...l....c.I......=.i...M.>...LN{.U..&.......&...{u...o...........4.~#.....px.h8<.4.........g.......p...^i....../.0.....TW..c.......Q.... .@)..y...u}`L...Uc...%T..................A..R..@.?..P.-`....BKl..b.....Z}.............uJ....%U.].K2..e..ts.Y...@,e.e.....r..jc.s...M..n..0.A...mP..y..D.K(5.,...lN.&b.D.m..rwYDV....t..e$.......L......[..C..0O...P...&..0.....+..;...g...3@........px.h8<.4

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-icons_454545_256x240.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 256 x 240, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	6992
Entropy (8bit):	7.928039285881957
Encrypted:	false
SSDEEP:	96:LZYGBeZMj+hjoHCZi6hO7IEyv46uByg78SmVNN2AxGiaiBK+aOvAdCO6cIi29TvQ:LRj+h1tkIz46uhhwNNlGiaiBKmA4Uw2x
MD5:	3B001AE33BD74FFF64BC609CE6A55628
SHA1:	A72F00D45BC236C2656A23493736C8E66C7B431E
SHA-256:	D7936D7EF4737AF71CDEAF8ECE6132C71C2396E8EBB701D4097006D32224557A
SHA-512:	23E2A193D034DF76B68A95A2F1BC9613435E94CF62893F8431BDE843C89CEFB96931EAAD6C567F8117F19AA74281F51ECCB4A5D6354F3290D1FA266479B6918C
Malicious:	false
Preview:	.PNG........IHDR.............E.r@....bKGD.E.;.-....pHYs...H...H.F.k>...mIDATx..{leG}.?g.K..$.....U.!.>T....J..i6A".V..R%;.."...*UP).../......z..RJ..F....QP...z..BQ.H.VU.........5s..9..^.3...{~....7s.7...<.......`...... c...A.b/..@..[.V.D...0..3AX9..0.N...._..B.......&...>~..>..c.;ab..D..E......Q.z..'k...M.ay......6..!.:u.:..:@R....B.yDD....'.L..-.f.]S..q.!..f...S....Q.&..S..7MC..r==3d.J...{...f.Z...S0.Ms..:0K.g........&H.U.=.mc.4.i?U..G..U4.hc..Qb....].!..hL...W.../........@........px.h8.~.\|.A...Qf?....1f......=u.....Q.GJH...p....P.I.w.m.....>2.....".W.P&{..n....T:s...f.q...H@.....c.I.......~.S.s+.^\|B.n.29..d..H.......]..v.-.-m.e.h.>..........q&....g..9x.#c..n..~!.....px.h8..4.^.../.......o..#..Z@..S....^..4. K.ZKP..d.9...C@.F[.......,..a+......]8..v..K..q.H.l.w9...84.K.B...\|..&...#..[.\C.....`..R..!.....:.F.z..C...6..)A....T1wU.I..!4..ig.3w.............E:..q7.......n..0uA...mP..y..T.K(5....lN.b.T....rw.DV.]..t..e4...7....L......[..C..0....P...&..0

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-icons_888888_256x240.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 256 x 240, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4369
Entropy (8bit):	7.779418168492789
Encrypted:	false
SSDEEP:	96:NEVZPtp81WREhVJ7lOGspuNUb7Chjer4ld/IRPwoUsSkh2k+MXR9g:4ltpsWREhj7lOGspuc7Chj3d/IRPfUsq
MD5:	9C46D7CAB43E22A14BAD26D2D4806D80
SHA1:	488AF2C51ACD097E9136D4DD1F0850168E8DE760
SHA-256:	A42B23E21050A0F0F90C1F7A443B8087A409771611EAE402861959A793BE38E8
SHA-512:	8A767D708E6C900AB311F42165B9D1F8CA0EC9C46945387C629E7D0C5CD38B33DC7232067E80F58968DEE27DF7A01FF6AB22A192093E300BFFE0152670CF224C
Malicious:	false
Preview:	.PNG........IHDR..............IJ.....PLTE...............................................................................................................................................................................................................................................O...NtRNS...2..P...."Tp@f`.... <.BHJ.Z&0R,.4...j...8D...\|.......(..$......b...l.F>n~.hh.H.....IDATx..].b....H..-{i.ZK:g.lk.n..-..tI....q...q? E.$..dK>.$.>..;.........P.Z.....s..V..h!...Sy..0...E.0}H.)-.....t.k..o..Kp....\.R.. ......E.7......)..V;~.Pe...Bx....,=$z...D........... ...J..............9.{ ..........Hp.q.W@.."2'...........B..[.$.. @T..i.H./..b.9.6.!..X.Hq`DE..*R.......H.V!.%.......;........"........i...]..dddddddd.......4y....5. .....Rb...@(.8....Cd......,.@T.@i....b..rq0a.l.X!..........p..e.,...=4b.W .{..5....hu~.(...Q..^@...3..=...".b..5.XC..@J.....C.....T...7...6.......q_....5...@,r....D.).T..\|.O...@..ON-................[n@..R....X..Im...(....F .@.?..=0....puL..;g.$..@6

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-icons_9c9e9a_256x240.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 256 x 240, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4549
Entropy (8bit):	7.799689935134045
Encrypted:	false
SSDEEP:	96:TezHbJHvBKzqOmbEiFaEn4L0347j+MZdJdaDgEz3iXB:TebVPOjmYBL0o7j+AdJQgEzm
MD5:	E6F80BC559DCFE13C2B0B85129230865
SHA1:	A07B6148848E996561D3AD76CB9A4AB5BDCE836E
SHA-256:	4E167C81F0990676F63013E05B8119333B438C87806AA716FD786F4381ADA954
SHA-512:	CFA92622FFE3D705B743818ECB9CB10F1CB2D6D4208F32DDB55DDAEC430384F60F195253329C2A3A7EE7D337CD982D028ACD185663961FD6A3381AA0B4519FCD
Malicious:	false
Preview:	.PNG........IHDR..............IJ.....PLTE..............................................................................................................................................................................................................................................................................T......YtRNS...3..P.../"Uq@f`..2..!<.BHK .Z#'1S,.4...j...8E....\|.........)...Q$.......b.J..m.Gc?o..h.@^.....bKGD....H....pHYs...H...H.F.k>...dIDATx..].c....H..].K....d..%....lm....w].....\|.p..X..m.-....}<.w.(....1.$...;..F.@..%..?......B,..L.h{.t...#....T@./?.j...9..m..N. #...+`....`..I....._.-s..U0..M...[...s..4`x.....#....D<....~...K....4.]`..PDDDDDD.q......Ek@....A...~......!Y...X...`.hv3\LX...Ot.J.2.b..l.QI<.... ...6..-X.l..6..H..\|=j..`E.iq....Cv:..q............C?.?.....x.,..rt..}\|;.kP.4....d.Y....f....K..~[.>.X:+.i.......QV.9.\.....e...'...A.tO.S.:7..2.....YsxM....B....&....z.>n.C...@..r@...*.a.....%...MFDDDDDD.T.....H,...E....RU..n....<..V-.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-icons_ababab_256x240.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 256 x 240, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	6987
Entropy (8bit):	7.932321333154975
Encrypted:	false
SSDEEP:	96:BCxoXj/gWDN7sJz+ZLuokgqKXgSdg32R6W6CCjAbD3gecTN6gQH/UY7wuT3hDnrm:BCKjLu+msQSdDUW6eBomfJDnr6MmHV
MD5:	ABF448A08323B91AA098D94469B347D8
SHA1:	FBAC7ACE20851CF7C9499AD9911742E2A58F6320
SHA-256:	128741490C2F38A38EB3A3AB82EB05F241C6F98E35BD3DB1BE7C4C84C40412DD
SHA-512:	510BC29058E47CBD68DE3506DC32DFBCE99AC6D5E44A56B03203DF3A95C49CE645EA8E0000188312340847465C17EE023BC8968527DD1AB39A718724F6CB878F
Malicious:	false
Preview:	.PNG........IHDR.............E.r@....bKGD...YR....pHYs...H...H.F.k>...hIDATx..{leG}.?g.K.Iz.-.-..C4}.....j.\..l.D..R%;..E.."U...Y.HRP.n...H ..x7.....Z.v....6...J{....m...9g^.{}.}...{.o...f..f~.\|..&c...1Xx.h8....#dl..Nx..1.:..$........V.......$....................i...N.X....7b.0...t.(..P..5RH.&..<.....`....r.:...t. .b..t...<".t.J.^...wX..)...i...t.....(w.....!HL....2..W......F..w.).....f...l.3;........M.......g......b........~\.Q...Y.7Iy.u.!z-.;.u.gG..6.^.../........@........p........6..~....6c.q?.9.;{........!).....fnB=..5.]....z.S.....P...Ao.HB..mz.-..~.S......i'....~..w..NZ@...?].....[....Zw...iG ..@...].tM.7.mYf.kcW-[D.?..."sp..!f..o.1.+..1.1x.....U......px.h8..4.^.../........@.....p-......[/z_.a.%..%.n....@..! .....?@X.R.U.?b}`L...Uc...%T..{................R..@.?....G.l-`..Y.BKl.ub.....Z}.n.{#.=P...o.E. Lc.J.....{.........X...N.C..c..".....s...M.rI.j....K..6(...f.%..fV.v.6.aS.n*..l..L"....v.T.2..Mu....Z._e....-..!LU.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-icons_e2e208_256x240.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 256 x 240, 8-bit colormap, interlaced
Category:	dropped
Size (bytes):	5355
Entropy (8bit):	7.87181901936823
Encrypted:	false
SSDEEP:	96:LiBasUart5s3Ao//WPybnBLWqAlbM7+R2TnDDaj2KKmbnjF:0aurtin/WPGZWqmdR+3KKmbjF
MD5:	C33DCCAF46ECDDEE22192C61BF29B3DA
SHA1:	BA8E6189E840B873FB1D6C059649CC4D131B2E76
SHA-256:	43293499DF730851BBFEF3C8472B14A15EE44CD2DD826CD08CF58E5BDFA40CC3
SHA-512:	3C76C1D821D614B89BB8333260AC4681D961F4B01B9787006CD547BB2E53FFDB33DD55C90EC1667A078DBA56FAF3AC099D2903B31181655BF581FD445F1F92E7
Malicious:	false
Preview:	.PNG........IHDR..............Nzo....PLTE....................................................................................................................................................................................................................................................NtRNS...2..P...."Tp@f`.... <.BHJ.Z&0R,.4...j...8D...\|.......(..$......b...l.F>n~.hh.H...._IDATx..].c....JZ......gv.,.&{?:-[3.......3.q......J.O....p........t.B......}6.x9..s.Sm.C..X...........R<..Q..F. ?S.....Hf.+&.y..t.SE-G....8.>.A..m.d..... ~Z#...s...6.'..fN.....(.....0%..#r(DX.XK..Q.L.^J.....K.......zT..A.....~.yd-T.Lie..S.S(K......< ..b......E%N....S~.._..c.$..QUb=+C.5....>.W-..Z.8B.H......+$~......+e.....99...J.*.VD...o.....q.@.....i.......o...v.R~S...H.6w._v..c.U.5.y.@~..R....#..J9.."...!..J..:.d.$....3@nVew..%.w.>#....v......S..v..........#,e...]T.q./...\|.c.......b..fpp..bH1.F...S .s......L..(?".....#Y.....P.)...C6C\.$.V-.A..$.....b......3.R4..m...`G\.....~..c:C...U.a

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\images\ui-icons_ffffff_256x240.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 256 x 240, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	6299
Entropy (8bit):	7.910906954615385
Encrypted:	false
SSDEEP:	96:VBEtDvVfqOGSF1xCeeJ/QH7B5jbe7+Fc4l2bD8iT8JGpy13AeUYzHRNENQ//C:VB4VqCW/QH7ze7+DsjT8UpuAeUlNi6
MD5:	41612B0F4A034424F8321C9F824A94DA
SHA1:	164B3CA6BF1A3FBBF174F79438F442DDD8366D47
SHA-256:	4D11955729F56E6FB54A32487E43AA3FD6EBBE3676C84B9C6E25B935E0C706B0
SHA-512:	A3C20B4B2EFBFEE121B22AE1A2E3C865872BD8151E4B1802EFB284AFFB2915772D12194AB94FD0BAD0334ADF0AD28C3B77E07F0EEC8E92E64FF55915F3D600DE
Malicious:	false
Preview:	.PNG........IHDR.............E.r@....bKGD.........pHYs...H...H.F.k>....IDATx..]].%.u.z..fV^....;l..Y..03......&.)...]P......'...M@+..a.. k....`..J!&~H2.. F......?..!.0._&`......>u....?U_3s..Su..\|U.]..:!D.....@.t...8".t.@.M;..H..=.......&...O.m.k3..F.B...8F...;@....c.Oy.=k.W... 3.AN.I.........v.P.-.ast..$Hp.....As.2....1.E,....GE.'i..he..]iS..jv.q.P..r....../.Y..e-..t.R5w.gf.I.;&..Im.J.m.qk...w...4....Bs...WM....&_..../..1n..;z._$....8.H`........#. pD...H.....8.\|.3....h2..oF........)...e>.....}.H.l>...L.B..V-.}u....o\|./.l..\|....."..o..].}..H..Sw.A...s!.....8....0...3.@j.~y.......4.h......>.@"...)J....._9]..L;......q (pD...H.....8"..G$@.....'.....Mq...Xi.....}".0...3..]A.S(.~. @.....@-$M.6.W.3.'..79...+.O..qOh.\.O<.`..xT.O.Hp.../.d.g.4........"Gl..........f.+).C.O.'.u...c'.TM.K.h^.<. .uW.......hz.H.........q...\|........v.AM..1...\|B.2..t3X...b..hW.r..s...n...Z.Lwp.O..~...8. p......8"..G$@........#. p.C..R...~...O..xD..s...M......\|.{oW..C;]......l.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\jquery-ui-1.11.4.custom.min.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	30132
Entropy (8bit):	5.23757366050381
Encrypted:	false
SSDEEP:	384:iHxJvLzBIRJ1eURN+4j/YL/72fZBhVLqR:OvLzBI9Xj/RBhs
MD5:	935B3523612C560766DB837140117772
SHA1:	33182FA8ACABD9630A7AF85B5F85358817ACB00A
SHA-256:	5BEA20BCCAEB09758E6E6F5DEF9BDD3DC78DDC808A78D7ACF49601B13410C7BC
SHA-512:	09813E860AAA7466DEA1311D90571D3EB29A713F4F89008BFDE43FC582AC05EC474DF2146FFBF078A086A9C2DC2C2BB3F8805C6A468FC105AA0AD5AC58FFF30F
Malicious:	false
Preview:	/! jQuery UI - v1.11.4 - 2015-10-29. http://jqueryui.com.* Includes: core.css, draggable.css, resizable.css, selectable.css, sortable.css, accordion.css, autocomplete.css, button.css, datepicker.css, dialog.css, menu.css, progressbar.css, selectmenu.css, slider.css, spinner.css, tabs.css, tooltip.css, theme.css.* To view and modify this theme, visit http://jqueryui.com/themeroller/?ffDefault=Arial%2C%20Helvetica%2C%20sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=6px&bgColorHeader=0062a9&bgTextureHeader=highlight_hard&bgImgOpacityHeader=75&borderColorHeader=0062a9&fcHeader=ffffff&iconColorHeader=1a171b&bgColorContent=1a171b&bgTextureContent=flat&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=808080&bgTextureDefault=highlight_hard&bgImgOpacityDefault=75&borderColorDefault=858585&fcDefault=212121&iconColorDefault=000000&bgColorHover=dadada&bgTextureHover=highlight_hard&bgImgOpacityHover=75&borderColorHover=999999&fcHov

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\jquery-ui-slider-pips.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	8460
Entropy (8bit):	4.420762129467933
Encrypted:	false
SSDEEP:	192:VMR532Ud86FIJxfmgTEC+3njflJP7nzlVPMyVt4zENP/D3mJnjflXMFU/n+lGJOA:OF9njdJ7n5Snjd/
MD5:	511AF33885D009DEA991AC9809636915
SHA1:	9AF3AB127C62979EE169E673110D78E6E86108D6
SHA-256:	406FE9EA2A230C47201C58C151E281D7FFE25491CE4876CAAAE079DC30DBC4E2
SHA-512:	A2A7F17B11C4BDED1329D99F41634CD9542B221A57DB35F989CF30E88D816256773C7761B0072369F4FA7101C31297B21CAABC84AC89DA7ACF1134A468573103
Malicious:	false
Preview:	.ui-slider-horizontal.ui-slider-pips {. margin-bottom: 1.4em;. }. .ui-slider-pips .ui-slider-label,. .ui-slider-pips .ui-slider-pip-hide {. display: none;. }. .ui-slider-pips .ui-slider-pip-label .ui-slider-label {. display: block;. }. .ui-slider-pips .ui-slider-pip {. width: 2em;. height: 1em;. line-height: 1em;. position: absolute;. font-size: 0.8em;. color: #999;. overflow: visible;. text-align: center;. top: 20px;. left: 20px;. margin-left: -1em;. cursor: pointer;.. -webkit-touch-callout: none;. -webkit-user-select: none;. -khtml-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. }. .ui-slider-pips .ui-slider-line {. background: #999;. width: 1px;. height: 3px;. position: absolute;. left: 50%;. }. .ui-slider-pips .ui-slider-label

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\jquery-ui.icon-font.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	27669
Entropy (8bit):	4.860350255000893
Encrypted:	false
SSDEEP:	384:ea/Ouw8cj73JjGShRtXc0zqHPGu0EgcXFL2orh+:eZt8cj73JjGShRtXtzIGhEgcXFL2orh+
MD5:	FF3CF0998A204E7414B2C6E2EF47885C
SHA1:	FECE48C1C805E95EF28F78FFF223A524C53944B3
SHA-256:	0FD36D8ABDC47CC90C4C65FB5CB4218765E099D9E7717219521F531ED9E97F59
SHA-512:	45C9A1ADDB4E0B8DB05C0DF7D7F9AC5E2D333F3FF0F442F8829AB82C555FA0DB135675BC322FB71E28D39DC26BE6218CD39A15B086976123623479DE78F08B74
Malicious:	false
Preview:	/*. ----------------------------------------------------------------------. * Icon Font for jQuery UI. * ----------------------------------------------------------------------. . ICON FONT Version: 2.0. * Glyphs: 326. * Copyright: (c) 2015-2016 Michael Keck.. * License: CC BY-SA 3.0. * https://creativecommons.org/licenses/by-sa/3.0/. * Generated: with IcoMoon-App (Chromium). . STYLESHEET Version: 2.1. * Modified: 2016-04-28. * jQuery UI: 1.11.2, 1.11.3 & 1.11.4. * Copyright: (c) 2015-2016 Michael Keck.. * License: GPL license. * http://www.gnu.org/licenses/gpl.html. /../ load icon font */.@font-face {. font-family: 'jquery-ui';. src: url('font/jquery-ui.eot?juif-21ed27');. src: url('font/jquery-ui.eot?juif-21ed27#ie') format('embedded-opentype'),. url('font/jquery-ui.woff?juif-21ed27') format('woff'),. url

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\jquery.gridster.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	3498
Entropy (8bit):	5.434821193929671
Encrypted:	false
SSDEEP:	96:qgHENAsxNINtzq3LLIjZR06ftZiHaVga4a:8b8Rq3IFR1ft0cqa
MD5:	C90A04A5E7D31EF4C9E95F187C6C359A
SHA1:	2EF3A97814F563C78D3939C8854D7F5DE07E1EC7
SHA-256:	E73F46B671CE82735430C53D367D37EF65E8E9E21A24CFCDAD8EBE647FA29CAD
SHA-512:	BA75B0A963819D71C4F97C76BF58DA14436A3787F06ED03BF1F829C0CA0387CA24AAC7F04688AF06B905D9F5B3CCB5551A7DE4DC39CB7FA79EDBEE8FFB135669
Malicious:	false
Preview:	.gridster {. position:relative;.}...gridster > * {. margin: 0 auto;. -webkit-transition: height .4s, width .4s;. -moz-transition: height .4s, width .4s;. -o-transition: height .4s, width .4s;. -ms-transition: height .4s, width .4s;. transition: height .4s, width .4s;.}...gridster .gs-w {. z-index: 2;. position: absolute;.}...ready .gs-w:not(.preview-holder) {. -webkit-transition: opacity .3s, left .3s, top .3s;. -moz-transition: opacity .3s, left .3s, top .3s;. -o-transition: opacity .3s, left .3s, top .3s;. transition: opacity .3s, left .3s, top .3s;.}...ready .gs-w:not(.preview-holder),..ready .resize-preview-holder {. -webkit-transition: opacity .3s, left .3s, top .3s, width .3s, height .3s;. -moz-transition: opacity .3s, left .3s, top .3s, width .3s, height .3s;. -o-transition: opacity .3s, left .3s, top .3s, width .3s, height .3s;. transition: opacity .3s, left .3s, top .3s, width .3s, height .3s;.}...gridster .preview-holder {.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\jquery.minicolors.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4518
Entropy (8bit):	4.926819303460004
Encrypted:	false
SSDEEP:	48:rgrD/YfazlrQvMhLrZwVvvLNreklrQsYTiy5Ylre+vHwC2Dmllrb9GmarQ2OdllY:rgHXhLwR5nYTiyyLJPgbekIbSl+at
MD5:	4B952CBB21F2459971441D99BFF1AC5B
SHA1:	58D24168C058D7AF51739388BB3816CEB067979B
SHA-256:	F327501F6F3FA07C787739E3A9F0055B3506ED1C09D2CA79C01BF5C7576F9A72
SHA-512:	527C63D65D41C08A1B88F9DFAF7F60DD528DAB26899E31B67352F8FCBFBF314D5A950BCB64130C667B86B696D135A124E4495D92E06974C3A5B8B271500F971E
Malicious:	false
Preview:	.minicolors {..position: relative;.}...minicolors-swatch {..position: absolute;..vertical-align: middle;..background: url(/img/jquery.minicolors.png) -80px 0;..border: solid 1px #ccc;..cursor: text;..padding: 0;..margin: 0;..display: inline-block;.}...minicolors-swatch-color {..position: absolute;..top: 0;..left: 0;..right: 0;..bottom: 0;.}...minicolors input[type=hidden] + .minicolors-swatch {..width: 28px;..position: static;..cursor: pointer;.}../* Panel /..minicolors-panel {..position: absolute;..width: 173px;..height: 152px;..background: white;..border: solid 0px #CCC;..box-shadow: 0 0 20px rgba(0, 0, 0, .2);..z-index: 99999;..-moz-box-sizing: content-box;..-webkit-box-sizing: content-box;..box-sizing: content-box;..display: none;.}...minicolors-panel.minicolors-visible {..display: block;.}../ Panel positioning */..minicolors-position-top .minicolors-panel {..top: -154px;.}...minicolors-position-right .minicolors-panel {..right: 0;.}...minicolors-position-bottom .minicolors-panel

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\jquery.simplecolorpicker.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2149
Entropy (8bit):	4.870758864230266
Encrypted:	false
SSDEEP:	48:361HQlCXdi9mfkFdSfkMqHmF0VFwF+KIsI/IRK7Qb7f0I7WPD0:q5QlQiLGFgFwF+NQ3MIp
MD5:	8424A15DEAB1D120EB73191B639E2043
SHA1:	30E5C58E2E03E104413496EEFDE8783EC253D539
SHA-256:	0C856701D6714CAC0D9306D891C54DB08F01A905DAD331DE4F2875B4C0B9822A
SHA-512:	FD3C4286707D231FD24974BF80A9BBB57315B8CF62A5D27EBB0BFC5D987E3CFE9FF7EA7774E825C1DBC296FAB2167AF0FED6C2995DC25CF595DC25F275B906CA
Malicious:	false
Preview:	/* SV: 2.53. * DT: 20130218. . Very simple jQuery Color Picker CSS.. . Copyright (C) 2012 Tanguy Krotoff. . Licensed under the MIT license.. . Inspired by Bootstrap Twitter.. * See https://github.com/twitter/bootstrap/blob/master/less/dropdowns.less. * See http://twitter.github.com/bootstrap/assets/css/bootstrap.css. /...simplecolorpicker.picker:before {. position: absolute;. top: -7px;. left: 9px;. display: inline-block;. border-right: 7px solid transparent;. border-bottom: 7px solid #ccc;. border-left: 7px solid transparent;. border-bottom-color: rgba(0, 0, 0, 0.2);. content: '';.}...simplecolorpicker.picker:after {. position: absolute;. top: -6px;. left: 10px;. display: inline-block;. border-right: 6px solid transparent;. border-bottom: 6px solid #ffffff;. border-left: 6px solid transparent;. content: '';.}...simplecolorpicker.picker {. position: absolute;. top: 100%;. left: 0;. z-index: 1051; / Above Bootstrap modal (z-index of 1050) */. display:

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\jquery.ui.selectmenu.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2341
Entropy (8bit):	4.7733550032410275
Encrypted:	false
SSDEEP:	48:DtWSN/EoSPSjT9GDiununj7WsYnrj7nI6Eny7X2P6nFQnWnxeww0WaJ8d3zW7Ien:ZWiEVE9GDPu/WsYbI6ETCeW0ww0WaJ3
MD5:	81C58409AC41255F386D65E0C6D0021A
SHA1:	0CF4AC647044A5B9620C33CEFD0C349163728921
SHA-256:	D2E01B8CA2DF363D17B1354CD1752149D23F69337249A81A91B71694E7725E47
SHA-512:	6234A999804926623DFEB08DC73448C2F2F581AD55A09D2F074B8A005C4F7633FBFBBE3C16F339A5067AE32A6A10A3EA17706746C8884BDB508AC601C43AA3D8
Malicious:	false
Preview:	/* Selectmenu.----------------------------------/..ui-selectmenu { display: block; display: inline-block; position: relative; height: 2.2em; vertical-align: middle; text-decoration: none; overflow: hidden; zoom: 1; }..ui-selectmenu-icon { position:absolute; right:6px; margin-top:-8px; top: 50%; }..ui-selectmenu-menu { padding:0; margin:0; position:absolute; top: 0; display: none; z-index: 1005;} / z-index: 1005 to make selectmenu work with dialog */..ui-selectmenu-menu ul { padding:0; margin:0; list-style:none; position: relative; overflow: auto; overflow-y: auto ; overflow-x: hidden; -webkit-overflow-scrolling: touch;} ..ui-selectmenu-open { display: block; }.ul.ui-selectmenu-menu-popup { margin-top: -1px; }..ui-selectmenu-menu li { padding:0; margin:0; display: block; border-top: 1px dotted transparent; border-bottom: 1px dotted transparent; border-right-width: 0 !important; border-left-width: 0 !important; }..ui-selectmenu-menu li a,.ui-selectmenu-status { line-height: 1.4em; dis

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\lcd-webfont.eot Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	Embedded OpenType (EOT), LCDMono2 family
Category:	dropped
Size (bytes):	10716
Entropy (8bit):	7.945853835812747
Encrypted:	false
SSDEEP:	192:Bdc1Wcce7wwDKwiiq3fVG+YF7IBstE+FKw4bdVoyUjr2Ufl5bVTpUIOsmw9BHUx4:ThccxVw8kvF74s++FKw8dVoyUembd19l
MD5:	E84DEC10E864F0DAF3957902BB7BC4BD
SHA1:	DC9337AC01961BFBA630FBD172B56B11D6E6E7A5
SHA-256:	6F9E0BFFF9ED37C0BBCF49F4B426B0B407EC29E48C103948FE8E2F5EC637205C
SHA-512:	8A50DCF13AC534CAFB9EC610C8BA2C42918F9C8DA66D7885D0EF394B0AD8BDF62D6CFC17C75B7A0803EB25EB8E38809470182A954783E10D82634EB79B6A7E62
Malicious:	false
Preview:	.)...(............................LP..........................%....................L.C.D.M.o.n.o.2.......U.l.t.r.a.....H.A.l.t.s.y.s. .F.o.n.t.o.g.r.a.p.h.e.r. .4...0...4. .1.9.9.9./.1.0./.3.0.....L.C.D.M.o.n.o.2. .U.l.t.r.a.....BSGP............................D.......ZB.....@C....j.M.....XB.Z(....Qv.7...W5........@..2...C>...Q.F~[...E.I.+}SI.m.e3...4a...,Y$.f..7....Q6.Z.<.XE....F...G..............0~hy..,.....&G.cv.`..=R?.....P].2...(#R.v.C.Yw..}..O...........x.4..S.@.../Pa.`...A.Eg:..b..U.F.....6n..m.K..\...E.Er...#)W..<.`..DO1.d..5.p>w.?..Ig.>.n....M....%.\|R2.......=gc.I..ua2.A..?W.........;..$Q..Z..aU..+H..D.V.C.T.%.H&.Y..n....bo.@..I.9Y.HfA.....b..E.G(......:..[...R:...H....6:....H.,x......j..r.H,EA.U..A...r...2.....,..........9..E.1.yk..tS..`......#_....)i%...8...tQ.v..%.a./....\....(g..3..@.LzP.../.z..5.c...c.;UK.q.S`.7p..nSd.......;\|\)..tsv..>....R-....-.H-....O,...vE.mn ..@...W.."Q.jx..Ff....A.C..8Y..,.GA...@ZO..'@6.87e..26.M..T..9..VAR.0Z

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\lcd-webfont.svg Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	26682
Entropy (8bit):	4.290986900440381
Encrypted:	false
SSDEEP:	384:Tn0cOiEJUjlXbgJmjtUDlcC7M7JjUDdvut:TnplMUp1jtUpuUDhut
MD5:	3763D1B68BEF3E994C3FD6F874465D72
SHA1:	8E242FEF7092D247C3426CE1D76A0CE52E6C3557
SHA-256:	24F22AA27766195B778623EF6A4BF9355D1136CD652049FBAD305CA50681A455
SHA-512:	134872C391F0231241A89193E76AA5E1B5F04F9A6ED134A3E21DB9022DCEF7D784DF7D8AF9DF425A71FB2F35839C95D2D9DC7803D0DA54145512F2EA5A687981
Malicious:	false
Preview:	<?xml version="1.0" standalone="no"?>.<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >.<svg xmlns="http://www.w3.org/2000/svg">.<metadata>.This is a custom SVG webfont generated by Font Squirrel..Copyright : Copyright 1999 by Samuel Reynolds All rights reserved.</metadata>.<defs>.<font id="LCDMono2Ultra" horiz-adv-x="1177" >.<font-face units-per-em="2048" ascent="1638" descent="-410" />.<missing-glyph horiz-adv-x="500" />.<glyph unicode=" " />.<glyph unicode="!" d="M377 117l127 112l96 -112l-127 -113zM414 406l37 268l133 114l98 -114l-37 -268l-133 -117zM492 965l77 553l133 116l99 -116l-78 -553l-131 -115z" />.<glyph unicode=""" d="M279 1229l28 196l133 117l101 -117l-27 -196l-135 -117zM637 1229l27 196l135 117l100 -117l-29 -196l-133 -117z" />.<glyph unicode="$" d="M27 262l4 19l131 116l100 -116l-2 -19l-133 -117zM129 965l57 411l133 117l99 -117l-58 -411l-133 -115zM156 117l131 114h75l125 -143l164 143h76l100 -114l-133 -117h-440zM252 819l131

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\lcd-webfont.ttf Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	TrueType Font data, 16 tables, 1st "FFTM", 8 names, Microsoft, language 0x409, Copyright \251 1999 by Samuel Reynolds. All rights reserved.LCDMono2UltrawebfontLCDMono2 UltraAl
Category:	dropped
Size (bytes):	41812
Entropy (8bit):	6.214431242121593
Encrypted:	false
SSDEEP:	768:lM+ly+eiv5j5cUAiEgmr/RjmmQgmr/RjmmEE5cgS3KUvghF/:PPvNqht5k5Z9B
MD5:	80F131A61147BDCF8C4EDB66FEA8F655
SHA1:	ECC00446F539884B638579FC14B795B860F1ED99
SHA-256:	EA1D890F81EA841CB329EA69F36A7E099447504B2D071B6BC1055B2D2002EDE2
SHA-512:	46A46011A5E6A39EE35D9351492D44D39737B20501F17A28F5FC4C357757B0DF0D7AB9A48384D12902EAB553E57E7E4CD8C783977FAD265BF392241D4E8ACF18
Malicious:	false
Preview:	............FFTM\J.u........GDEF.......(... OS/2..]....H...`cmap.V.........cvt ...........4fpgm../........egasp.......(....glyf.i.`...0....head..9........6hhea...........$hmtx..6W........loca~.V.........maxp........... name(.D4........post..s........FprepUN........T.................%.J.....%.K.....................m.......................3...%...3.....f..............................Alts... ...f.f...............f.f... .....................................,. .....".$.,.?.]._.z.\|.........S . . . & :!"......... .$.'...A._.a.\|.........R . . . & 9!".................................M.I.G.?.-.F i.i...................................................................................................................... !"#$%&'()+,-./0123456789:;.<.=>?@ABCDEFGHIJKLMNOPQRSTUV.W.............................................h................Y]............eX...^_`acd.b......fgjk.....................................b.b...).+.........^...............9.Z.......\......,...K.PX.JvY..#?...+X=YK.PX}Y .....

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\css\lcd-webfont.woff Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	Web Open Font Format, TrueType, length 11760, version 1.0
Category:	dropped
Size (bytes):	11760
Entropy (8bit):	7.94789176185318
Encrypted:	false
SSDEEP:	192:y3u0HrjcnWCZJ78Q7QmMEpitrG96FDwed9r2JTLz7W6dglQEgjo+Nn0yt9FKcWdQ:ylHAWCZpP7Mj1G96FD312dv7WSKPgrpR
MD5:	411EA8B492B1FBE3C258F35332EB9EF1
SHA1:	20C223442EB5DF4C5D142D1D2112A0AF8A39112C
SHA-256:	0058F001E85F65301545645CA748CB74FCC1A66ED8D874E1B09B9EE668E60218
SHA-512:	90672A692C7E0CEB5DA8EC266D30D14F2D0078307A1199F2DAFD693D4D366FBB2514EF31CDE899B7DAEA45A4DCF56C8F13A944912EE636EB268331E708668D97
Malicious:	false
Preview:	wOFF......-........T........................FFTM...l........\J.uGDEF........... ....OS/2.......K...`..].cmap.......).....V.cvt ... ...4...4....fpgm...T.......e../.gasp................glyf......$......i.`head..),.../...6..9.hhea..)\.......$....hmtx..)\|..........6Wloca..<........~.V.maxp..+........ ....name..+<........(.D4post..,H.......F..s.prep..-4.......TUN.x.c```d....6...T.{Aio.Z....x.c`d``..b...`b`..\ f...........x.c`a.e......:....Q.B3/`Hc.b...N...1.......o....i..l......Arlil@....F....v.x.c```f.`..F.....1..,............d.3.2.3T1.0,`X..a.c................,...u).U.3.18.U'BUob.... .T-.Tm.V..............{............_........<..?...{.M!.5..B..#..\.#..`BW..:.+.P.;.'.7../..............................................5......................@`PpHh.C8I..@...E.F.........$.PZzV6!S..K*......b.b...).+.........^...............9.Z.......\....x.]Q.N[A........ 9.......6H ....vc9B.\.b\..P Q..k.h(S.M...$>.O...5..4;;.s.3K..wi..s.H.n.f.~'..E.....FF..#-63z.}...f4.N.@y.[.CF.N....2?..>..<.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\database.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	27792
Entropy (8bit):	5.266260165721231
Encrypted:	false
SSDEEP:	768:6DjJUV4peE6ghh+cSWOItrdLwCZoo8Mud4Z7n:qjJUV4pebgH+cSWO8rdLwCZoo8Mud4ZL
MD5:	41E1D6728E6516AAA79B73CB828947CA
SHA1:	9F7AFEA7A20F765CC130A6F39D7414CF8E4492D2
SHA-256:	3ED40116036A94A18106917BC2DDB05CFA3FF434ECDFF7CD8FEC5C6351CBE2ED
SHA-512:	29286605621FF037BF384509F98BB46B4C2692C2218D16448971B23EBBE2C1B803FC410ACE400A7C2EF7D66380A4637929603C4EF4D59DBD59D28B09D14D7ADA
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.// include_once "include/crypt.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$usb=false;.$mount_usb="/mnt/usbmemory";.if(file_exists($mount_usb)) {..$usb=true;.}.$stm= "SELECT mapping.id_logical FROM external INNER JOIN mapping ON external.id = mapping.id_physical ";.$stm.="WHERE device_type IN (20,21) AND mapping.physical_port='0'";.$result_valid_sensors=db_all_read($stm);.$showEnergyTab=count($result_valid_sensors);.$energy_valid_sensors=array();.foreach($result_valid_sensors AS $validsensor) {..$energy_valid_sensors[]=$validsensor['id_logical'];.}.$syslog=db_read("/sys/logging/syslog_enabled");.$stm = "SELECT sensors_logical.id, sensors_logical.activ, sensors_logical.custom_port_name, sensors_logical.custom_port_description, sensors_logical.unit, ";.$stm .= "external.enabled, external.device_type ";.$stm .= "FROM mapping ";.$stm .=

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\datadownload.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	8081
Entropy (8bit):	5.414463648214598
Encrypted:	false
SSDEEP:	192:B0da1EacHFUcXpAN5/R/cbSmAN5pcQRCAN50qSHEz:CdGEacHFUcXpAN5/R/cbSmAN5pcQRCAN
MD5:	3414281C5C14D855C3430782DD076CDD
SHA1:	3B45174FC7ECE3F68D1137E4E1394794E88AAF28
SHA-256:	7E93F4423865920982428BAAC3CE99E945CC943398ECC4A1A73036372233A892
SHA-512:	70FC515909F149D172462482C63F07C0F72CA4B799AF6707DABF053545427FCF60213B2923CE61E58456CAF6AAE0DF0C309CC53940EE15DE6C34089240051C6F
Malicious:	false
Preview:	<?php.if(isset($_POST['cleanup']) && $_POST['cleanup']) {..unlink("/tmp/datafilelist.json");..die();.}.include "/www/include/sqldb.php";.include "/www/include/crypt.php";.$page = basename(__FILE__, '.php');.if(session_status()=== PHP_SESSION_NONE) { // PHP_SESSION_ACTIVE..session_start();.}.if($_COOKIE["ALLSESSID"]!=session_id()) {..die("no permission");.}.if(isset($_GET['action']) && $_GET['action']) {..extract($_GET);..$files=json_decode(file_get_contents("/tmp/datafilelist.json"), true);..$data=explode("_", $param);..if($data[0]=="l") {...$file=trim($files[$data[1]][$data[2]]);...header('Content-Description: File Transfer');...header('Content-Type: application/octet-stream');...header('Content-Disposition: attachment; filename="'.basename($file).'"');...header('Expires: 0');...header('Cache-Control: must-revalidate');...header('Pragma: public');...header('Content-Length: ' . filesize($file));...header("Cache-Control: private");...header("Pragma: public");...@readfile($file);..}..if(

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\datetime.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	14848
Entropy (8bit):	5.369656710659867
Encrypted:	false
SSDEEP:	192:YF1KMHzSAmGDnhJTpFn2KP/g75eYGG/47w/cib3cb36Q6MBmiYJei3VtQBFSQ+q4:YF7J/gwM/cigbKhVtQBYQty9Viwrb
MD5:	FCB4174D4EE6F84C29A0BE49C3FA4A34
SHA1:	296B6A1AC058AF775BAA7695C9DA5E55651AACB6
SHA-256:	2177C838DA042F43EC153E2C49B44017BE96182DC3476F67A4C1DCB27B9B689D
SHA-512:	B58F73CC29C500C3F20BA2BD59E0EF801A46D98D74C330E2BC36DEAF9F4E59149585E0CCEEC9B6D63519EF9607448AE8D93E923A78E874F3E143352D73725441
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.$platform=db_read("/sys/platform");.$date=null;.$time=null;.include "/www/include/security.php";.function tz_posix() {..$tzList=json_decode(file_get_contents("/www/config/tz_possix.json"), true);..$zones_array = array();..$timestamp = time();..usort($tzList, "cmp");..foreach($tzList as $key => $entry) {...$zones_array[$key]['zone_array']=explode('/',$entry['zone']);...date_default_timezone_set($entry['zone']);...$zones_array[$key]['zone'] = $entry['zone'];...$zones_array[$key]['diff_from_GMT'] = 'UTC/GMT ' . date('P', $timestamp);..}..return $zones_array;.}.function cmp($a, $b){. return strcmp($a["zone"], $b["zone"]);.}.if($_POST['gw']!=1) {..$timeserver_enabled=db_read('/sys/network/ntpd/enabled');..$timezone = db_read('/sys/network/ntpd/timezone');..$regions=array("Africa","America","Antarctica","Arctic","Asia","Atlantic","Austr

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\chip\data.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text, with very long lines
Category:	dropped
Size (bytes):	2049
Entropy (8bit):	5.02557280041027
Encrypted:	false
SSDEEP:	48:c2iZU3sayYu5Ived+s0s9dlG1kO0obW165AV7o8mdDBJBbK/wsp+RujuNd+LQh:c2iZUs2Y+sTi
MD5:	8DF9F06B8D238CAB509A0F247E7F9EB0
SHA1:	E21111A8A629BDEC9CBD5471355594B27D840D75
SHA-256:	ABA5711A64918EE7BD71497906E0B672BEB1B6D8C231A7F41725E6A76E0E82AC
SHA-512:	2CD80E0D6D00E31BDD420B6604490D20926302F912993B059BF54143067D62DB6039B7631DC575F79E4F2490E51E63C423C079676B37BB70D133BC190B0F5E9A
Malicious:	false
Preview:	<?php. include "/www/include/sqldb.php";.. $page = $_GET['page']; // get the requested page. $limit = $_GET['rows']; // get how many rows we want to have into the grid. $sidx = $_GET['sidx']; // get index row - i.e. user click to sort. $sord = $_GET['sord']; // get the direction. if(!$sidx) $sidx =1;. // connect to the database. $db= new PDO('sqlite:/etc/allnetenv/config.s3db', '', '');. . $stm="SELECT count() FROM chipid";. $count=$db->query($stm)->fetchColumn();. #echo $count;. if( $count >0 ) {. $total_pages = ceil($count/$limit);. } else {. $total_pages = 0;. }. . if ($page > $total_pages) $page=$total_pages;. $start = $limit$page - $limit; // do not put $limit($page - 1). #$SQL = "SELECT a.id, a.invdate, b.name, a.amount,a.tax,a.total,a.note FROM invheader a, clients b WHERE a.client_id=b.client_id ORDER BY $sidx $sord LIMIT $start , $limit";. $stm="SELECT FROM chipid ORDER BY $sidx $sord";. $result=$db->query($stm)->fet

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\chip\dataupd.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	997
Entropy (8bit):	5.132692832291634
Encrypted:	false
SSDEEP:	24:AUvF/9fy6TEf/lX+QS/BTBDAMAJ1DvG+DyDAaDAntu/J:A2FtTTEf/J+TL8VvGUOPIU
MD5:	D278D66D2DC5B5E256263B81A1771FC6
SHA1:	E72F9E21B453E8C6BB73E80447F8B13ED573AD2C
SHA-256:	200998E9120B7333B1BD3155FCFE71F0EC344450878FD4556BEEAD12E856646F
SHA-512:	1163537A1DD05BCDC8E540E3615AB7880C8DABB4B3D1F58D5FEFE5F38401647E9FA81DCB42398C5E2D72C9540438EDD034CD5C10B5F3CB299940ECF4A0082C8E
Malicious:	false
Yara Hits:	Rule: webshell_php_generic_tiny, Description: php webshell having some kind of input and some kind of payload. restricted to small files or would give lots of false positives, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\chip\dataupd.php, Author: Arnim Rupp
Preview:	<?php.include "/www/include/sqldb.php";. $db= new PDO('sqlite:/etc/allnetenv/config.s3db', '', '');. $stm ="UPDATE chipid SET device_partno='".$_POST['device_partno']."', unit='".$_POST['unit']."', minimum='".$_POST['minimum']."', maximum='".$_POST['maximum']."', ";. $stm.="channels_in='".$_POST['channels_in']."', channels_out='".$_POST['channels_out']."', ";. $stm.="comment1='".$_POST['comment1']."', comment2='".$_POST['comment2']."', ";. $stm.="chip_function='".$_POST['chip_function']."',.primary_chip_number='".$_POST['primary_chip_number']."', ";. $stm.="primary_chip_address='".$_POST['primary_chip_address']."', address_min='".$_POST['address_min']."', address_max='".$_POST['address_max']."', ";. $stm.="helper_chip_number='".$_POST['helper_chip_number']."',.helper_chip_address='".$_POST['helper_chip_address']."', ";. $stm.="lang_desc='".$_POST['lang_desc']."', lang_func='".$_POST['lang_func']."' ";. $stm.="WHERE chipid='".$_POST['id']."'";. $db->exec($stm);.?>

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\chip\index.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	4126
Entropy (8bit):	4.939699403574158
Encrypted:	false
SSDEEP:	96:otFOmVKMB4xxNkIucm+iiouy4yk168VG2+H:otFOv6SGn
MD5:	A961F6547D9C57358B7711D180127843
SHA1:	1884B2BD34D1F000887815C16E92A6A3C83DB0C8
SHA-256:	C286A47DD1BA9B950A0965F11D1FF101C861513112E89588F1A1073003FF7C43
SHA-512:	E6DBFF6D3430B674D72410D8D5CFA6EAF27993945D80B70B2ED691037A7640EE57F5BDAF40A622E4BD2D922879CDB9DB40C00C283F7739B734D6C023FC041307
Malicious:	false
Yara Hits:	Rule: webshell_phpshell3, Description: Web Shell - file phpshell3.php, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\chip\index.php, Author: Florian Roth
Preview:	<!DOCTYPE HTML>.<html xmlns=http://www.w3.org/1999/xhtml>. <head>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />...<link type="text/css" rel="stylesheet" media="screen" href="/css/jquery-ui-1.11.4.custom.min.css">.. <link rel="stylesheet" type="text/css" href="ui.jqgrid.css" />....<script type="text/javascript" src="/script/jquery-2.1.4.min.js"></script>...<script type="text/javascript" src="/script/jquery-ui-1.11.4.custom.min.js"></script>.. <script type="text/javascript" src="jquery.jqGrid.min.js"></script>. <style type="text/css">. </style>. <script type="text/javascript">. $(function() {. var lastsel;. $("#table").jqGrid({. url:'data.php?q=2',. datatype: "json",. colNames:['chipid','ld','description','desc_new','lf','function','func_new','device_partno','unit','minimum','maximum','ch_in','ch_out','comment1','comment2','chip_func','pri_no','pri_adr','ad_min'

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\chip\jquery.jqGrid.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	269177
Entropy (8bit):	5.405424873380498
Encrypted:	false
SSDEEP:	3072:GBCZF3Rcsp7A9RMqCwPl7yvkCt1//YuvGUSUPiPKGuZJ0g1+o+Z+0wQm7xdH4eGG:aGF3KTdyvk/Dy06v0HRZAcQt
MD5:	254EA4D9A50BD2DE16700D7C835497F8
SHA1:	34AFA51D7AD3802F74975779C2137DB7278ED1F0
SHA-256:	FF6679709C8C8BA48AB33A248FCEAB71E6160DB017162090002AFB9A92E7D9B8
SHA-512:	29FE36F2522512E3A5BEC16DFECB7BBB724F7394DBA0833F5563601005DF9DF215011740CB2F4687F4768EBA4C11880DF1F807650C5E5A396FE3F85A7579459F
Malicious:	false
Preview:	/* .* jqGrid 4.5.4 - jQuery Grid .* Copyright (c) 2008, Tony Tomov, tony@trirand.com .* Dual licensed under the MIT and GPL licenses .* http://www.opensource.org/licenses/mit-license.php .* http://www.gnu.org/licenses/gpl-2.0.html .* Date:2013-10-06 .* Modules: grid.base.js; jquery.fmatter.js; grid.custom.js; grid.common.js; grid.formedit.js; grid.filter.js; grid.inlinedit.js; grid.celledit.js; jqModal.js; jqDnR.js; grid.subgrid.js; grid.grouping.js; grid.treegrid.js; grid.import.js; JsonXml.js; grid.tbltogrid.js; grid.jqueryui.js; .*/.(function(b){b.jgrid=b.jgrid\|\|{};b.extend(b.jgrid,{version:"4.5.3",htmlDecode:function(b){return b&&(" "===b\|\|" "===b\|\|1===b.length&&160===b.charCodeAt(0))?"":!b?b:(""+b).replace(/>/g,">").replace(/</g,"<").replace(/"/g,'"').replace(/&/g,"&")},htmlEncode:function(b){return!b?b:(""+b).replace(/&/g,"&").replace(/\"/g,""").replace(/</g,"<").replace(/>/g,">")},format:function(d){var g=b.makeArray(arguments).slice(1);n

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\chip\ui.jqgrid.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	12804
Entropy (8bit):	4.959592369891409
Encrypted:	false
SSDEEP:	192:dqfpxQ96v2RWSi5qK9sFIHHLmwCwMd3qho7AjBAGoOAGmAGOnm:kP66v5tomAd3j7I7N7m7Z
MD5:	78A08D4E968DF2FC090AB95A36807232
SHA1:	900E1061496EDDFC4911B3897E6DD71F2BFE84F1
SHA-256:	D0613F09A319C9199532A87666D70DC220EED240DE3197252902DEA171D2FE24
SHA-512:	2DAB3210BEE57E5D8F15D132A018A023994913F2A914C8D106BBD34C0D2ACA87DA2BE15FEA646ACBA3AFF51C4BDF0E7B3494064A69F2BCF57112C2C3967257F0
Malicious:	false
Preview:	/Grid/...ui-jqgrid {position: relative;}...ui-jqgrid .ui-jqgrid-view {position: relative;left:0; top: 0; padding: 0; font-size:11px;}../* caption/...ui-jqgrid .ui-jqgrid-titlebar {padding: .3em .2em .2em .3em; position: relative; border-left: 0 none;border-right: 0 none; border-top: 0 none;}...ui-jqgrid .ui-jqgrid-title { float: left; margin: .1em 0 .2em; }...ui-jqgrid .ui-jqgrid-titlebar-close { position: absolute;top: 50%; width: 19px; margin: -10px 0 0 0; padding: 1px; height:18px; cursor:pointer;}...ui-jqgrid .ui-jqgrid-titlebar-close span { display: block; margin: 1px; }...ui-jqgrid .ui-jqgrid-titlebar-close:hover { padding: 0; }../ header*/...ui-jqgrid .ui-jqgrid-hdiv {position: relative; margin: 0;padding: 0; overflow-x: hidden; border-left: 0 none !important; border-top : 0 none !important; border-right : 0 none !important;}...ui-jqgrid .ui-jqgrid-hbox {float: left; padding-right: 20px;}...ui-jqgrid .ui-jqgrid-htable {table-layout:fixed;margin:0;}...ui-jqgrid .ui-jqgrid-hta

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\config\ajax.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	804
Entropy (8bit):	5.498543320329134
Encrypted:	false
SSDEEP:	24:WJ/D6l9go/aH4AzI1mgo/JjYmgo/IIw6kdFgo/OzSjt:kbeda7U+FY+IIHW82t
MD5:	655957DFFAFF0218B8C152463F540792
SHA1:	1CB02CF2D3D6E78D077B985BB91BE6969D7AF016
SHA-256:	BC41D23420455F1F9CA402BE74C03225541E765F4F5EBF913368D1932A76E138
SHA-512:	6FA575FA0A9121929B65C5C29E6FBB7C97FD5F7635E2E7F6DDF6B83F85AD7EBD2EDA714D3CB082827EF2241EAD90E02710704D816021EBA9DAFB551FD2C513B6
Malicious:	false
Yara Hits:	Rule: webshell_php_generic_tiny, Description: php webshell having some kind of input and some kind of payload. restricted to small files or would give lots of false positives, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\config\ajax.php, Author: Arnim Rupp
Preview:	<?php.$db= new PDO('sqlite:/etc/allnetenv/config.s3db', '', '');.switch ($_POST['what']) {..case "getvalue":...$id=$_POST['id'];...$query="SELECT * FROM config WHERE id = '".$id."'";...$result=$db->query($query)->fetch(PDO::FETCH_ASSOC);...echo json_encode($result);..break;..case "savevalue":...$id=$_POST['id'];...$tag=$_POST['t'];...$val=$_POST['v'];...$result=$db->query("UPDATE config SET tag='".$tag."', value='".$val."' WHERE id = '".$id."'");..break;..case "newvalue":...$tag=$_POST['t'];...$val=$_POST['v'];...$result=$db->query("INSERT INTO config (tag, value) VALUES ('".$tag."','".$val."')");...echo "INSERT INTO ".$tab." (tag, value) VALUES ('".$tag."','".$val."')";..break;..case "deletevalue":...$id=$_POST['id'];...$result=$db->query("DELETE FROM config WHERE id='".$id."'");..break;.}.?>

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\config\index.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	6353
Entropy (8bit):	5.263740437635772
Encrypted:	false
SSDEEP:	96:uox30lpNPVnivSrilS11A6jR6vfwdZm7hK2/nxYi/i8gFn2ZbhRU:uoxECbzCRbqhK2/nxYi/iN2RY
MD5:	602193F4829F7505D95A73D991F52528
SHA1:	6362C932D6219D877255D9281FCF1A77FFD79BBC
SHA-256:	03F2249F65BB8F6D8A0A7C3D1737B4F4B45EFCA38CF21752A42F9B7459DDC017
SHA-512:	BC584BD61623D21C2680E736228A42A951B3A9BB3421C8D3F6433BFB7276D34D951EA5EB15F93A63BFB8E4017255E6E4841451F20698753FB74C07C21FEE4DFF
Malicious:	false
Preview:	<!DOCTYPE HTML>.<html xmlns=http://www.w3.org/1999/xhtml>..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />...<meta http-equiv="x-ua-compatible" content="IE=edge">...<link type="text/css" rel="stylesheet" media="screen" href="/css/jquery-ui-1.11.4.custom.min.css">...<link type="text/css" rel="stylesheet" media="screen" href="style.css">...<script type="text/javascript" src="/script/jquery-2.1.4.min.js"></script>...<script type="text/javascript" src="/script/jquery-ui-1.11.4.custom.min.js"></script>...<script type="text/javascript">....$(function() {.....$('tr').mouseover(function() {......window['color'] = $(this).css("background-color");......$(this).css({backgroundColor: '#a2cbdc' }).....}).mouseout(function() {......$(this).css({backgroundColor: window['color'] }).....});.....$('tr').dblclick(function() {......var id = this.id.substring(2);......$.post("ajax.php", { "what": "getvalue", "id": id }, function(result) {.// ......v=r.split(';');.......dialo

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\config\style.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1399
Entropy (8bit):	5.248602001639035
Encrypted:	false
SSDEEP:	24:UhWShXbaSMsc5OppBsc5Ony4sc5Onrgsc5OnqzOn3LVoh7stw02y1rJj31ispgSO:UhWGaSMlGjlilSglCLV3PrqjcF6
MD5:	C91FDD25CDBB79F18BE59079E8792416
SHA1:	867703B276613DBEAD6C9D035E463CD1C1D7601F
SHA-256:	FB02BB1D26126A199CDFCFA7FAB6A956C24B2B3B07A34445DA5F49840F9B6816
SHA-512:	C59461771ABA02C8B1552C60094C5EC35DD16BD10CA0F32A92D63A30897ACDE84F4028AF7D612FA15F111FC8DC69430EF5F9CF111D7EA8580C983A3416A56A1A
Malicious:	false
Preview:	body {. background-color: # ffffff;. color: #000000;. margin: 0;. padding: 0;. .font-family: sans-serif;..font-size: 1em;.}..main {..position:absolute;..height:100%;..width: 100%;..background: #a7cfdf; /* Old browsers /..background: -moz-linear-gradient(-45deg, #a7cfdf 0%, #23538a 100%); / FF3.6+ /..background: -webkit-gradient(linear, left top, right bottom, color-stop(0%,#a7cfdf), color-stop(100%,#23538a)); / Chrome,Safari4+ /..background: -webkit-linear-gradient(-45deg, #a7cfdf 0%,#23538a 100%); / Chrome10+,Safari5.1+ /..background: -o-linear-gradient(-45deg, #a7cfdf 0%,#23538a 100%); / Opera 11.10+ /..background: -ms-linear-gradient(-45deg, #a7cfdf 0%,#23538a 100%); / IE10+ /..background: linear-gradient(135deg, #a7cfdf 0%,#23538a 100%); / W3C /..filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#a7cfdf', endColorstr='#23538a',GradientType=1 ); / IE6-9 fallback on horizontal gradient */.}.pre {..margin: 0px;..font-family: monospace;.}.ta

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\daemon\ajax.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	4.781286664873397
Encrypted:	false
SSDEEP:	12:NcaQNYyARa1PNjdXJQNaNARIIQNFmyNARqpQN3AR8:HQSyARalNjdJQyARIIQjNARqpQNAR8
MD5:	380EE0D97F0AC76886A750848F800690
SHA1:	419DD3B84042625DD77DA847E864E6BC1E0C0B26
SHA-256:	0A58862D909849550E20FAFB74F28D1A50102D852A0CE7FCFCB3B847935E2176
SHA-512:	D3D1883989AD5BE1BAB2DC0B586CC78B11277546732AAB3E5CA1A3CF159D61632B4B3477DB2BE837996EF39C93BA0480203AFA0FACDF41E6DB1FA01A5ABD3EF9
Malicious:	false
Preview:	<?php..switch ($_POST['what']) {...case "view":....passthru("/usr/sbin/allnet/demon_readstatus -T");...break;...case "top":....passthru("/usr/bin/top -n 1");...break;...case "sensor":....passthru("/usr/sbin/allnet/sensor_readstatus -T");...break;...case "reloader":....passthru("/usr/sbin/allnet/reloadcounter_readstatus -T");...break;...case "matrix":....passthru("/usr/sbin/allnet/matrix_readstatus -T");...break;..}.?>.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\daemon\config.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1041
Entropy (8bit):	5.854869806516827
Encrypted:	false
SSDEEP:	24:UiMq8ReXFz5BEFqtnf9ahOkarTs3T4RJ67mFhIJ5scSsLFAKD4F4:UiM5RkFz5qy/TvsL1SKtD4F4
MD5:	A1516A594F4D80D4FE4D7AAB80FEA7D0
SHA1:	5512BFB5B47DFB7AA7460E9B48CAFAFB514B44BC
SHA-256:	F3C5D8BEE18FCDB790146D8F2C1DBF75C36BAE117FD5DB53C7F90467DC1F0CE8
SHA-512:	313F77980CC4F0093CF7669C8EE6E6CE40FDDF6938044A6D21BAAC1C9F7070AFCB6BB59324C3FFCCDAEF36CC6EF2BA8475560E6FCCA91A9ABAFDEF4A23529CDC
Malicious:	false
Preview:	body {. margin:0;. padding:0;. font-family: arial;. color: #ffffff;. background: #1E7EAC;.}..pre { font-size: 14px; }...result {. position:absolute;. height:100%;. width: 100%;. margin: 5px;. background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIHZpZXdCb3g9IjAgMCAxIDEiIHByZXNlcnZlQXNwZWN0UmF0aW89Im5vbmUiPgo8bGluZWFyR3JhZGllbnQgaWQ9Imc3MzMiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIiB4MT0iMCUiIHkxPSIwJSIgeDI9IjAlIiB5Mj0iMTAwJSI+CjxzdG9wIHN0b3AtY29sb3I9IiMxRTdFQUMiIG9mZnNldD0iMCIvPjxzdG9wIHN0b3AtY29sb3I9IiM2NjY2NjYiIG9mZnNldD0iMSIvPgo8L2xpbmVhckdyYWRpZW50Pgo8cmVjdCB4PSIwIiB5PSIwIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIiBmaWxsPSJ1cmwoI2c3MzMpIiAvPgo8L3N2Zz4=);. background: -o-linear-gradient(top, #1E7EAC, #666666);. background: -moz-linear-gradient(18% 90% 90deg,#666666, #1E7EAC);. background: -webkit-gradient(linear, 0% 0%, 0% 100%, from(#1E7EAC), to(#666666));. z-index: 0;.}..button {. float:right;. mar

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\daemon\daemon.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	1022
Entropy (8bit):	5.275243692313523
Encrypted:	false
SSDEEP:	24:TsZAs+C4NR7QuNVlNRh+GNVlpu8bQXEvTPdD/2n2Il4QiJ:wZICXAxTVD/ovfiJ
MD5:	648BFA2736A703CE0261588B9E9CA834
SHA1:	EBB2068539BE5D47FBC4AFFA0388EE76D2668402
SHA-256:	7D8099135E9B303E8F7431106BFE551D898B9FF94CAD00A15F63B1744A03C683
SHA-512:	FB527EBB743186219577351302ABC1AF76B78B9D65B3A60EBA965045B5946D810A509EA7C88BB87246A5285B43286F2DB158AEC9C5CBD9ADB24054FBE63D6529
Malicious:	false
Preview:	<!DOCTYPE HTML>.<html xmlns=http://www.w3.org/1999/xhtml>..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />...<link type="text/css" rel="stylesheet" media="screen" href="/css/jquery-ui-1.11.4.custom.min.css">...<link rel="stylesheet" type="text/css" href="style.css" />...<script type="text/javascript" src="/script/jquery-2.1.4.min.js"></script>...<script type="text/javascript" src="/script/jquery-ui-1.11.4.custom.min.js"></script>...<script type="text/javascript">....$(function() {.....$("button").button();.....if(typeof activView != "undefined") { clearInterval(activView) };.....activView = setInterval("viewDaemon()",2000);.....})....function viewDaemon() {.....$.post("ajax.php", {"what":"view"},......function(e) {.......$("#result").html('<pre>'+e+'</pre>');......}.....);....}....viewDaemon();...</script>..</head>..<body>...<div id="result" class="result"></div>...<div class="button">....<button onclick="window.location.href='/db/';">BACK</button>...</di

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\daemon\matrix.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	5.275112162188189
Encrypted:	false
SSDEEP:	24:TsZAs+C4NR7QuNVlNRh+GNVlpu8bQXEvTPdDQ+2n2Il4QiJ:wZICXAxTVDHovfiJ
MD5:	3283B069A92200D3FF48C7CB2B64778A
SHA1:	F252650CBFD67D449A611202EC5D340726FFAD5C
SHA-256:	41538488E37D264C909572A21A9C7283D7131A32ED12C8B3DE5B35A1BDC6DD32
SHA-512:	CFD10731EF9670AB5134180BA5E02F2E77EB3728BDB568BD14FBDCA335941E0666DD5B61EBE05D876437A1B083962D16DFD89AB2B85A6F669B7FA6778F3906A2
Malicious:	false
Preview:	<!DOCTYPE HTML>.<html xmlns=http://www.w3.org/1999/xhtml>..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />...<link type="text/css" rel="stylesheet" media="screen" href="/css/jquery-ui-1.11.4.custom.min.css">...<link rel="stylesheet" type="text/css" href="style.css" />...<script type="text/javascript" src="/script/jquery-2.1.4.min.js"></script>...<script type="text/javascript" src="/script/jquery-ui-1.11.4.custom.min.js"></script>...<script type="text/javascript">....$(function() {.....$("button").button();.....if(typeof activView != "undefined") { clearInterval(activView) };.....activView = setInterval("viewDaemon()",2000);.....})....function viewDaemon() {.....$.post("ajax.php", {"what":"matrix"},......function(e) {.......$("#result").html('<pre>'+e+'</pre>');......}.....);....}....viewDaemon();...</script>..</head>..<body>...<div id="result" class="result"></div>...<div class="button">....<button onclick="window.location.href='/db/';">BACK</button>...</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\daemon\reloader.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	5.27360786909009
Encrypted:	false
SSDEEP:	24:TsZAs+C4NR7QuNVlNRh+GNVlpu8bQXEvTPdDCL2n2Il4QiJ:wZICXAxTVDCLovfiJ
MD5:	339DA32D601B6904126C0F8F4377C4F2
SHA1:	F7214DF13D26E432B3486B7F8D9102D3801BB320
SHA-256:	1047DF92629DB382CB2FDF360F1559FF26A26F78D1128BB96FCFAC0CFC1A0694
SHA-512:	A7E0E00F5E9AD820718EBE762C6C133DC9A859BF93AAA8896DF64A2ECC129B1042ECDADD5DF7663324541A28714426A3EB13CC4B7575289A402D120476B3A6E5
Malicious:	false
Preview:	<!DOCTYPE HTML>.<html xmlns=http://www.w3.org/1999/xhtml>..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />...<link type="text/css" rel="stylesheet" media="screen" href="/css/jquery-ui-1.11.4.custom.min.css">...<link rel="stylesheet" type="text/css" href="style.css" />...<script type="text/javascript" src="/script/jquery-2.1.4.min.js"></script>...<script type="text/javascript" src="/script/jquery-ui-1.11.4.custom.min.js"></script>...<script type="text/javascript">....$(function() {.....$("button").button();.....if(typeof activView != "undefined") { clearInterval(activView) };.....activView = setInterval("viewDaemon()",2000);.....})....function viewDaemon() {.....$.post("ajax.php", {"what":"reloader"},......function(e) {.......$("#result").html('<pre>'+e+'</pre>');......}.....);....}....viewDaemon();...</script>..</head>..<body>...<div id="result" class="result"></div>...<div class="button">....<button onclick="window.location.href='/db/';">BACK</button>...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\daemon\sensor.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	5.272325802961505
Encrypted:	false
SSDEEP:	24:TsZAs+C4NR7QuNVlNRh+GNVlpu8bQXEvTPdDDu2n2Il4QiJ:wZICXAxTVDDuovfiJ
MD5:	5DAB5D6D27C7575640651F32058BCCBA
SHA1:	BF6EC1DBE6912F39F512455D7D3076C1B46CC932
SHA-256:	0693FE1F43F7165362CD3AC991638F21C39175007D9ADAD0F38E53C86477E798
SHA-512:	97E3CB0DA10918EF81DDCB699E472F87C5AA0CD917DC05EBAB2D82B22232B9AB9683826D4CB3AC535A7729CA71603B71BD72A276038EAC3397534667E37E1CA0
Malicious:	false
Preview:	<!DOCTYPE HTML>.<html xmlns=http://www.w3.org/1999/xhtml>..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />...<link type="text/css" rel="stylesheet" media="screen" href="/css/jquery-ui-1.11.4.custom.min.css">...<link rel="stylesheet" type="text/css" href="style.css" />...<script type="text/javascript" src="/script/jquery-2.1.4.min.js"></script>...<script type="text/javascript" src="/script/jquery-ui-1.11.4.custom.min.js"></script>...<script type="text/javascript">....$(function() {.....$("button").button();.....if(typeof activView != "undefined") { clearInterval(activView) };.....activView = setInterval("viewDaemon()",2000);.....})....function viewDaemon() {.....$.post("ajax.php", {"what":"sensor"},......function(e) {.......$("#result").html('<pre>'+e+'</pre>');......}.....);....}....viewDaemon();...</script>..</head>..<body>...<div id="result" class="result"></div>...<div class="button">....<button onclick="window.location.href='/db/';">BACK</button>...</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\daemon\style.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.323856189774723
Encrypted:	false
SSDEEP:	3:UhlyuZjvY:Uh35A
MD5:	2408A09D3B920AD0F54CB595A96FE69E
SHA1:	71CA205DAB4F7459F672070561CAB3832117D8B3
SHA-256:	E756ABCB30D1D8807191627390F1969394095D215C0344F13997188931206216
SHA-512:	B36C5D65FED783B0ABC6B3125DA15F5C111D22EA28E8A12AC11069BD5B05A819CDC0C22B0F1D866AAABE752F308476123BEE382147BE43625B70C8924CADE233
Malicious:	false
Preview:	body {..font-size: 1em;.}

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\daemon\top.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	1010
Entropy (8bit):	5.268309336433095
Encrypted:	false
SSDEEP:	24:TsZAs+C4NR7QuNVlNRh+GNVlpu8bQ5EaN427Il4QiJ:wZICXAOEa+3fiJ
MD5:	FA5647F8B6CF984A4D97C3C936637B31
SHA1:	53B25F6A34D40D0FAF66380AF9D8D102D88B359F
SHA-256:	C97F60D1B8420DF4740B96644BFC2277EB41827EA85689F272C8E0953DC3CC2C
SHA-512:	83EF61FA0FA812C6893D79B486CBD1DB26806CF5E8D6C1B9E4EEDFE104364C8F5640AC6E279CC17C1B4DA9A4D2AFE53159F79953E11F65F393C7EB33BF4E5D9D
Malicious:	false
Preview:	<!DOCTYPE HTML>.<html xmlns=http://www.w3.org/1999/xhtml>..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />...<link type="text/css" rel="stylesheet" media="screen" href="/css/jquery-ui-1.11.4.custom.min.css">...<link rel="stylesheet" type="text/css" href="style.css" />...<script type="text/javascript" src="/script/jquery-2.1.4.min.js"></script>...<script type="text/javascript" src="/script/jquery-ui-1.11.4.custom.min.js"></script>...<script type="text/javascript">....$(function() {.....$("button").button();.....if(typeof activView != "undefined") { clearInterval(activTop) };.....activTop = setInterval("viewTop()",2000);.....})....function viewTop() {.....$.post("ajax.php", {"what":"top"},......function(e) {.......$("#result").html('<pre>'+e+'</pre>');......}.....);....}....viewTop();...</script>..</head>..<body>...<div id="result" class="result"></div>...<div class="button">....<button onclick="window.location.href='/db/';">BACK</button>...</div>..</body>.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\dbadmin\blackgrey.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5845
Entropy (8bit):	5.233951499572265
Encrypted:	false
SSDEEP:	96:NI6gJimCihkCacP4lSlhkl4x3hQ4OnOmAGs3qxg/xfAGsadPVmiYVcKgzwZMe:NIhImZOVlSlal4x3O4QOmm3zxfmadPV+
MD5:	A4870633765C3616707BB86D20042787
SHA1:	495F246CF6B66D012B355E729C94D153D0026C25
SHA-256:	6427E52C5A84099E4029B9EAC0DAA782EE8D43913CF886913BDBEF7C682E3786
SHA-512:	D212242DEE6FDD61C753EA131EAC6CA09DD3F3E7588BE395EDD4921181B4D8F2E13F2713F81FE634D7362A4DEE681759F2A09CD436D305431CD4739920612CBB
Malicious:	false
Preview:	/..phpLiteAdmin simpleGray Theme..Created by Ayman Teryaki on 28.Okt.2012....posted here: http://code.google.com/p/phpliteadmin/issues/detail?id=130../..../* overall styles for entire page /..body{ margin: 0px; padding: 0px; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #2B2B2B; background: #ccc url(bg.gif); }../ general styles for hyperlink /..a{ color: #2B2B2B; text-decoration: none; cursor :pointer; }..a:hover{ color: #FF9900; }../ horizontal rule /..hr { height: 1px; border: 0; color: #3C3C3C; background-color: #ccc; width: 100%; }../ logo text containing name of project /..h1 {...margin: 0px; padding: 5px; font-size: 24px;...background: url(logo.png) no-repeat 7px 9px ;...text-align: center; margin-bottom: 5px;color:#3C3C3C; }../ version text within the logo /..h1 #version { color:#666; font-size: 16px; }../ logo text within logo /..h1 #logo { padding-left:9px; }../ general header for various views */..h2 { margin:0px; padding:0px; font-size:14px

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\dbadmin\blue.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4604
Entropy (8bit):	5.059554720101845
Encrypted:	false
SSDEEP:	96:QASQF0/beGXHehXH9OeTdXb3EeTaX9eL4KQDeCXiRADeSnyQJDeSC7QIHF:NSQFuLXH8XH9OOdXb0OaX944KQDHXiaS
MD5:	5159C7588502092E74FDAEF26D94A2CC
SHA1:	DD90E6E3EAE9906C0F8126567FF5E426351C91EA
SHA-256:	850AA4E7D0C962889483A83CAEFAF25F3F70FE93229A3951B356DBC894EC59F5
SHA-512:	C4230360654AD7846357A73B35AE22AA9DA796805E58D7D183CAF3BB357A66DF07AF521D9EE9D79A2C0042C095F49B504C9560B558D1B8A556830B6FC3D26F5A
Malicious:	false
Preview:	/.phpLiteAdmin ALLNET Theme.Created by Dane Iracleous on 2012-08-20./../* overall styles for entire page /.body.{..margin: 0px;..padding: 0px;..font-family: Arial, Helvetica, sans-serif;..font-size: 14px;..color: #000000;..background-color: #e0ebf6;.}./ general styles for hyperlink /.a.{..color: #03F;..text-decoration: none;..cursor :pointer;.}.a:hover.{..color: #06F;.}./ horizontal rule /.hr.{..height: 1px;..border: 0;..color: #bbb;..background-color: #bbb;..width: 100%;.}./ logo text containing name of project /.h1.{..margin: 0px;..padding: 5px;..font-size: 24px;..background-color: #99CCFF;..text-align: center;..margin-bottom: 10px;..color: #000;..border-top-left-radius:5px;..border-top-right-radius:5px;..-moz-border-radius-topleft:5px;..-moz-border-radius-topright:5px;.}./ version text within the logo /.h1 #version.{..color: #000000;..font-size: 16px;.}./ logo text within logo /.h1 #logo.{..color:#000;.}./ general header for various views */.h2.{..margin:0px;..padding:

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\dbadmin\dbadmin.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	210987
Entropy (8bit):	5.447914699811085
Encrypted:	false
SSDEEP:	3072:PtPcCWllA6kWbAKA8nvtCVP+nqqw7na3FuLsFwtqbJAcoj:PRcCWXAcjNvCWnqqSna3FCsFOlj
MD5:	954123ADABA3EBF55E1DC79869362445
SHA1:	05A15D488A7FF093E72C6EA95EFD7E6BAE95A543
SHA-256:	0FA35FA4A62041BE6C2A7E9C06BCAC1C9FB5E07C0301A7BB644BE0AA2C37AE54
SHA-512:	55805D29F3D98F8A552EB1C64C5A6C4793D8551C420FFAA4044BE2AFCB30D87A77DEE6837FD6B7D934264883ED50F357955407AD674ED1588EBB1D809026C2D7
Malicious:	false
Preview:	<?php....//..// Project: phpLiteAdmin (http://phpliteadmin.googlecode.com)..// Version: 1.9.4.1..// Summary: PHP-based admin tool to manage SQLite2 and SQLite3 databases on the web..// Last updated: 2013-03-18..// Developers:..// Dane Iracleous (daneiracleous@gmail.com)..// Ian Aldrighetti (ian.aldrighetti@gmail.com)..// George Flanagin & Digital Gaslight, Inc (george@digitalgaslight.com)..// Christopher Kramer (crazy4chrissi@gmail.com, http://en.christosoft.de)..// Ayman Teryaki (http://havalite.com)..// Dreadnaut (dreadnaut@gmail.com, http://dreadnaut.altervista.org)..//..//..// Copyright (C) 2013 phpLiteAdmin..//..// This program is free software: you can redistribute it and/or modify..// it under the terms of the GNU General Public License as published by..// the Free Software Foundation, either version 3 of the License, or..// (at your option) any later version...//..// This program is distributed in the hope that it will be useful,..// but WIT

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\dbadmin\default.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4859
Entropy (8bit):	5.055722566258983
Encrypted:	false
SSDEEP:	96:NKb35TaX0czg9YqC9j1hauVc9xirVc9xgdOKV90:Nm5g0czg9Y99j1hauVc9crVc9OEKV90
MD5:	0C2974B753B6EC292177A5F1166E8F04
SHA1:	EC9C33085A5B29F176C67C25C382A3A89A906435
SHA-256:	5E2199299FAEC56B8825D2AE53C56A902093DAA86E1D9B22A6713A10BB1ABE50
SHA-512:	90B19F0FACA43F389F85B942A14D8B11168B627FC0ECB0A613C5AB05098E037A701C1021C5CAD27BAFD0D406416CD40AB14FF04C6D3DF712A578ECB045E45DB2
Malicious:	false
Preview:	/..phpLiteAdmin Default Theme..Created by Dane Iracleous on 6/1/11../..../* overall styles for entire page /..body..{...margin: 0px;...padding: 0px;...font-family: Arial, Helvetica, sans-serif;...font-size: 14px;...color: #000000;...background-color: #e0ebf6;..}../ general styles for hyperlink /..a..{...color: #03F;...text-decoration: none;...cursor :pointer;..}..a:hover..{...color: #06F;..}../ horizontal rule /..hr..{...height: 1px;...border: 0;...color: #bbb;...background-color: #bbb;...width: 100%;...}../ logo text containing name of project /..h1..{...margin: 0px;...padding: 5px;...font-size: 24px;...background-color: #f3cece;...text-align: center;...margin-bottom: 10px;...color: #000;...border-top-left-radius:5px;...border-top-right-radius:5px;...-moz-border-radius-topleft:5px;...-moz-border-radius-topright:5px;..}../ version text within the logo /..h1 #version..{...color: #000000;...font-size: 16px;..}../ logo text within logo /..h1 #logo..{...color:#000;..}../ gene

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\dbadmin\grey.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5640
Entropy (8bit):	5.1036544850263414
Encrypted:	false
SSDEEP:	96:dlibIdCvRGmcs9YqC901unXnuVcWxirVcWxBV4VCUVOc:/dywmcs9Y9901uXnuVcWcrVcWneVCUVh
MD5:	FD421B2058186A05E8C68C84B5DF7718
SHA1:	1EC7C7D55B70E0B88479AF064C6BF31EF876D99A
SHA-256:	4BCC508D09ECBEEEB2D906ECEA110F45E8E4D25CC59A1D94EDD453733CC35100
SHA-512:	797CFCD3AB0BE578B6F86C5D49046465B07F799F646998CD2D87BCFA397733F6EE942BD186C9728D34726508B8487EAC07F849DBAADBCD2EC47018B552F14D3D
Malicious:	false
Preview:	/..This theme has been posted by Ugur3D here:..http://code.google.com/p/phpliteadmin/issues/detail?id=118../..../* overall styles for entire page /..body..{...margin: 0px;...padding: 0px;...font-family: Arial, Helvetica, sans-serif;...font-size: 14px;...color: #000000;...background-color: #E0E2E4;..}../ general styles for hyperlink /..a..{...color: #3A6B85;...text-decoration: none;...cursor :pointer;..}..hr..{...height: 1px;...border: 0;...color: #bbb;...background-color: #bbb;...width: 100%;...}..a:hover..{...color: #06F;..}../ logo text containing name of project /..h1..{...margin: 0px;...padding: 5px;...font-size: 24px;...background-color: #FFFFFF;...text-align: center;...color: #3A6B85;...border-top-left-radius:5px;...border-top-right-radius:5px;...-moz-border-radius-topleft:5px;...-moz-border-radius-topright:5px;..}../ the div container for the links */..#headerlinks..{...text-align:center;...margin-bottom:10px;...padding:5px;...border-color:#A9AAB0;...border-width:1px;...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\dbadmin\lang_de.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	16912
Entropy (8bit):	4.985471731210938
Encrypted:	false
SSDEEP:	384:0+sAvMoACKm91ESroESGKJLy8ZH8f0vxDc1EiXF5RznGFy6TdC8IbddN8S:0ap91ESroESGKJLyG7cEyF5RzGFyqdxg
MD5:	F4BEBF131DA6FB43D898B39734191F8A
SHA1:	BCCFAC3A1E5366FF228F4ED66B8671B7CBBC06A3
SHA-256:	BF31BCE970541FA3D7CB7D4C6D78B56BEC8A91C64D7B161C4F07BE2472AF2DD6
SHA-512:	70B5D3470BFC31529E15E5EDF894EFDA663EB896B081704678351134016650FD11B7ED1161A68DCE5845ECF7FEAC1F06F1EEAE5FBAAF5957908508BB4DAAB7D2
Malicious:	false
Preview:	<?php..// German language file by Christopher Kramer (crazy4chrissi)..// Read our wiki on how to translate: http://code.google.com/p/phpliteadmin/wiki/Localization..$lang = array(..."direction" => "LTR",..."date_format" => '\a\m d.m.Y \u\m H:i:s (T)',..."ver" => "Version",..."for" => "f.r",..."to" => "in",..."go" => "Los",..."yes" => "Ja",..."sql" => "SQL",..."csv" => "CSV",..."csv_tbl" => "Zur CSV-Datei geh.rende Tabelle",..."srch" => "Suchen",..."srch_again" => "Erneut suchen",..."login" => "Einloggen",..."logout" => "Ausloggen",..."view" => "Ansicht",..."confirm" => "Best.tigen",..."cancel" => "Abbrechen",..."save_as" => "Speichern",..."options" => "Optionen",..."no_opt" => "Keine Optionen",..."help" => "Hilfe",..."installed" => "installiert",..."not_installed" => "nicht installiert",..."done" => "abgeschlossen",..."insert" => "Einf.gen",..."export" => "Exportieren",..."import" => "Importieren",..."rename" => "Umbenennen",..."empty" => "Leeren",..."drop" => "L.schen",..."tbl" =

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\dbadmin\lang_en.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15295
Entropy (8bit):	4.900059012186015
Encrypted:	false
SSDEEP:	384:ze6te22SRZAeeVRBcOrpQbvx7OTJ1ldr5cYDn7jGvwT+K3:y7pQVOTJPNrHGvwT+K3
MD5:	64CAF5F61079857FB5CDDDFA2F03E3A6
SHA1:	00A95EEEE715986FECB52ACDE1090509DE31DA35
SHA-256:	D1D136A8C6C810BC48DE6D96B3F559DEE349FF74ECD2812389962333CA3FCECF
SHA-512:	2EBA42727A37F0E2542B1C980FABE7E66FBB46BBDA491FCF5C5746FBDE8295018610A932BA7777F2F80C359054FC88700D292F41533D46543050268F6F2DD50D
Malicious:	false
Preview:	<?php..// English language-texts...// This file is only meant as a basis for you to do your own translation!..// Read our wiki on how to translate: http://code.google.com/p/phpliteadmin/wiki/Localization..$lang = array(..."direction" => "LTR",..."date_format" => 'g:ia \o\n F j, Y (T)', // see http://php.net/manual/en/function.date.php for what the letters stand for..."ver" => "version",..."for" => "for",..."to" => "to",..."go" => "Go",..."yes" => "Yes",..."sql" => "SQL",..."csv" => "CSV",..."csv_tbl" => "Table that CSV pertains to",..."srch" => "Search",..."srch_again" => "Do Another Search",..."login" => "Log In",..."logout" => "Logout",..."view" => "View",..."confirm" => "Confirm",..."cancel" => "Cancel",..."save_as" => "Save As",..."options" => "Options",..."no_opt" => "No options",..."help" => "Help",..."installed" => "installed",..."not_installed" => "not installed",..."done" => "done",..."insert" => "Insert",..."export" => "Export",..."import" => "Import",..."rename" => "Rename"

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\dbadmin\modern.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	6434
Entropy (8bit):	5.586802155637693
Encrypted:	false
SSDEEP:	96:NVbe6Tsd8p/yR1EFtX/+zGqIVcIWrVXqOKV9pRwpZURwOr:NE6k8pg1EFtXGzGLVchrVbKV9pR+URjr
MD5:	E9916BB2F92B17EAF706819335B447C7
SHA1:	197132825387749057EC2F28CCB5D8FF66DBB239
SHA-256:	22FE920E6F3F88A92BEB45500A705339F7E92297A825CF6A4635CA4637423B13
SHA-512:	073C330C2608DBF1C67BC969457029F9F6372B3A75AC794F3F439F8F0673CE0230C4783C5CA85C5A90381BB0B9C49F49C36855F1BBDB13B8B13A309680BFB672
Malicious:	false
Preview:	/..phpLiteAdmin Modern Theme..Created by Petar Koretic on 01/04/2013../....html,body ..{.. font: 81.25% arial, helvetica, sans-serif;..}../* overall styles for entire page /..body..{...margin: 0px;...padding: 0px;...font-size: 1em;...color: #000;...background:#F5F5FA;..}../ general styles for hyperlink /..a..{...color: #15c;...text-decoration: none;...cursor :pointer;.. text-shadow: 0 1px 1px #FFF;..}..a:hover..{...color: #00A;..}../ horizontal rule /..hr..{.. height:1px;...border: 0;...color: #d2d2d2;...background: #d2d2d2;...width: 100%;...}../ logo text containing name of project /..h1..{...margin: 0px;...padding: 5px;...font-size: 1.85em;...text-align: center;...margin-bottom: 10px;..}../ version text within the logo /..h1 #version..{...font-size: 0.65em;.. color:#FFF;.. text-shadow: 0 1px 1px #194B7E;..}../ logo text within logo /..h1 #logo..{...color:#FFF;.. text-shadow: 0 1px 1px #194B7E;..}../ general header for various views */..h2..{...margin:0px;...padd

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\dbadmin\retro.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4826
Entropy (8bit):	5.049771080933582
Encrypted:	false
SSDEEP:	96:NjbZ0BTbXNOzpsqv2uXmVcQxIrVcQxPOKV90:Nh0BXNOzpsQ2uXmVcQ2rVcQ0KV90
MD5:	37920858F122B47AFA9E6D54905FD99C
SHA1:	5875BBDAAD3C4E2D43699BEE3DAC551ADFBB39F2
SHA-256:	42CBC3341A6A1ACE8D7765549C7FBFF62792B5B00B170B2FC26097E1BF83E018
SHA-512:	D3154784FC4013ACC62AA3A5806BBCFDD5F587C26E76EDBE906ED1C7DFCD943D574D3F0F794CAE59FB81EF552382CD1CB1E6EBE43861DD23B1D8DCFB8016A06C
Malicious:	false
Preview:	/..phpLiteAdmin Retro Theme..Created by Dane Iracleous on 6/1/11../..../* overall styles for entire page /..body..{...margin: 0px;...padding: 0px;...font-family:"Courier New", Courier, monospace;...font-size: 14px;...color:#CCC;...background-color: #000;..}../ general styles for hyperlink /..a..{...color:#0F0;...text-decoration: none;...cursor :pointer;..}..a:hover..{.....}../ horizontal rule /..hr..{...height: 1px;...border: 0;...color:#000;...background-color:#000;...width: 100%;...}../ logo text containing name of project /..h1..{...margin: 0px;...padding: 5px;...font-size: 24px;...background-color:#111;...text-align: center;...margin-bottom: 10px;...color:#999;...border-top-left-radius:5px;...border-top-right-radius:5px;...-moz-border-radius-topleft:5px;...-moz-border-radius-topright:5px;..}../ version text within the logo /..h1 #version..{...color:#0F0;...font-size: 16px;..}../ logo text within logo /..h1 #logo..{...color:#0F0;..}../ general header for various views

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\index.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	1592
Entropy (8bit):	5.257643590198394
Encrypted:	false
SSDEEP:	24:TsZAs+C4NR7QuNVlNRh+GNV1pOuIQMk65GSM7:wZICXBHM65GSM7
MD5:	4B80687345732EAEDB42DF277B1A7C57
SHA1:	8EB92974B162321492101A3C551D72FABF461673
SHA-256:	363D7201683EC0AF7EB0BCEE49E241FBDCFC57CE8F331E02E0EF860917BEC52D
SHA-512:	6B4B4A0AB649BD1ADA5564C69B710722165E33DA6A03723AA22FF6E8E7EED75CDCDD0B162E92A059B56CD1F682DB0E8D9822D5F2D07809EAFF2159F40EBEE674
Malicious:	false
Preview:	<!DOCTYPE HTML>.<html xmlns=http://www.w3.org/1999/xhtml>..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />...<link type="text/css" rel="stylesheet" media="screen" href="/css/jquery-ui-1.11.4.custom.min.css">...<link rel="stylesheet" type="text/css" href="style.css" />...<script type="text/javascript" src="/script/jquery-2.1.4.min.js"></script>...<script type="text/javascript" src="/script/jquery-ui-1.11.4.custom.min.js"></script>....<script type="text/javascript">....$(function() {.....$("button").button();....})...</script>..</head>..<body>...<div class="main">....<div class="line"><button onclick="window.location.href=window.location+'dbadmin/dbadmin.php';">DB ADMIN</button></div>....<div class="line"><button onclick="window.location.href=window.location+'config/';">CONFIG</button></div>.<hr>....<div class="line"><button onclick="window.location.href=window.location+'daemon/daemon.php';">DAEMON VIEW</button></div>....<div class="line"><button onclick="w

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\info.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	20
Entropy (8bit):	3.621928094887362
Encrypted:	false
SSDEEP:	3:7VM3Wfvab:BMmfvab
MD5:	89C4995E8BA034164B168197D704C30A
SHA1:	A424E1BE16A63681F9B4B5D554D32901E67D83E5
SHA-256:	EEA34887390A587F68E9C15EE34489638504D41E088E1436CAF6881B42CF2369
SHA-512:	4F1B04CD26254FD7A90F2D5C7D1B401060A383375AB339A669A8A0546390D985333517883D72D8C1F40231F5F4DBF0D391CD28C7F679DB65B748556268D0BF35
Malicious:	false
Preview:	<?php..phpinfo();.?>

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\shell\config.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2395
Entropy (8bit):	4.787105534846599
Encrypted:	false
SSDEEP:	48:9AaoxI4Wll260JvRWSzhWZpTs7UkExEvvJKTh:1Ucs60bWSzI1s7nExKwTh
MD5:	42811278DC5C56074EA3D01D7F93132B
SHA1:	09AACFB8FEA053D79D1A3C36C716C688A261672F
SHA-256:	334AFCE3706C402188AF4F4B8E3DC153B3A650C36EFA60B34F72A57EA7CE4A9B
SHA-512:	6625E6D56B374486AD04638B139E52A8CAA3C0C0A74200939E7E4A219062AD77626980B257B91DA3FCD308D31AFD7A754F7ECD3DA20BCCEE5E7C1C170498041C
Malicious:	false
Preview:	; <?php die('Forbidden'); ?> -- conf --.; Do not remove the above line, it is all that prevents this file from.; being downloaded..;.; config.php file for PHP Shell.; Copyright (C) 2005-2012 the Phpshell-team.; Licensed under the GNU GPL. See the file COPYING for details...; This ini-file has three parts:.;.; * [users] where you add usernames and passwords to give users access.; to PHP Shell..;.; * [aliases] where you can configure shell aliases..;.; * [settings] where general settings are placed....[users]..; The default configuration has no users defined, you have to add your.; own (choose good passwords!). Add uses as simple.;.; username = "password".;.; lines. Please quote your password using double-quotes as shown..; The semi-colon ':' is a reserved character, so do not use that in.; your passwords..;.; For improved security it is strongly suggested that you the.; pwhash.php script to generate a hashed password and store that.; instead of the normal clear text passwo

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\shell\index.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	22643
Entropy (8bit):	4.947902475388963
Encrypted:	false
SSDEEP:	384:FGzs3za9/yFo5VeNTGEK+rKpCS98eJAqmcwct2aYmBLuOhmgBrganfuzUadO/yt8:wzdeCVepKRpB8WmcwC2aZLuOhmgBrgat
MD5:	E07898D7DB2305822A3C255BDC418622
SHA1:	65E142DF54D00C07E4EB08458E34D43D16BBB11C
SHA-256:	7438666ED540B78978CDD579F715EF35AC9A373D6C31CF36B000F8EBC995B830
SHA-512:	246BD9B64AB7E624FA3F771B4DB6BA474C54B3CD67831B9FFCC5EFD9E89867905DF4410EDAF05D79E1F3D782B6C193B7789E4532667E487C36ED40892F460357
Malicious:	false
Preview:	<?php // -- coding: utf-8 --..define('PHPSHELL_VERSION', '2.4');./.. ************************************************************. PHP Shell . *************************************************************.. PHP Shell is an interactive PHP script that will execute any command. entered. See the files README, INSTALL, and SECURITY or. http://phpshell.sourceforge.net/ for further information... Copyright (C) 2000-2012 the Phpshell-team.. This program is free software; you can redistribute it and/or. modify it under the terms of the GNU General Public License. as published by the Free Software Foundation; either version 2. of the License, or (at your option) any later version... This program is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the. GNU General Public License for more details... You

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\shell\style.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1940
Entropy (8bit):	5.238093131615642
Encrypted:	false
SSDEEP:	48:Jf0QSMlGjlilSglCLV3eFyj3lZ9Zls/F/l+porfT:JsIGhOS8CLVSGb9Zl88CfT
MD5:	2507DA7E81269D882D306646E05309B1
SHA1:	32E2D4F19A45F5E5DBCCFCD7D8CA1846D3B36820
SHA-256:	CD46E961985F18720A24FEB0C12A40999B644E4A6AB77796C9909E09FAF96A4E
SHA-512:	E8C4D97AE3F9A194FCA283DE2CAEE87C696EED530913632571F5A0F5E215AAB400EB9EC48BC610016490EB601DFD578FF59B165C7DA31A9717CA3129DA86A618
Malicious:	false
Preview:	/* style.css file for PHP Shell. * Copyright (C) 2003-2012 the Phpshell-team. * Licensed under the GNU GPL. See the file COPYING for details.. . /..body {. font-family: sans-serif;. color: #ffffff;. margin: 0px;.}..main {..position:absolute;..height:100%;..width: 100%;..background: #a7cfdf; /* Old browsers /..background: -moz-linear-gradient(-45deg, #a7cfdf 0%, #23538a 100%); / FF3.6+ /..background: -webkit-gradient(linear, left top, right bottom, color-stop(0%,#a7cfdf), color-stop(100%,#23538a)); / Chrome,Safari4+ /..background: -webkit-linear-gradient(-45deg, #a7cfdf 0%,#23538a 100%); / Chrome10+,Safari5.1+ /..background: -o-linear-gradient(-45deg, #a7cfdf 0%,#23538a 100%); / Opera 11.10+ /..background: -ms-linear-gradient(-45deg, #a7cfdf 0%,#23538a 100%); / IE10+ /..background: linear-gradient(135deg, #a7cfdf 0%,#23538a 100%); / W3C /..filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#a7cfdf', endColorstr='#23538a',GradientType=1 ); / IE6-9 fall

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\db\style.css Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1326
Entropy (8bit):	5.263238662097394
Encrypted:	false
SSDEEP:	24:Uw4CSm5sc5OppBsc5Ony4sc5Onrgsc5OnqzOn3LVoh7sKOAq5OBsCPz5gsCPz5wk:Uw4CSylGjlilSglCLV3n5m5z5g5z5w5G
MD5:	D98CF69C7B04A256059E5EF4B6538BBD
SHA1:	A051BE613D43182FA7708D2599520F85FE79ABAE
SHA-256:	86122873FB57D5331ADE99C96C40AA174D55DBADBD143C2733447E983BE7149E
SHA-512:	2A85605D3C9E0DC39B073A02F935CDFAC0E5F7E361B411B3CFDB3D466B4248494379D6CFFC6D046C88FF21FE6BA90ABF9ECA06C8C64C2AA6F388DCA51C9C05A5
Malicious:	false
Preview:	body {..margin:0;..padding:0;..font-family: arial;..color: #ffffff;..background: #1E7EAC;.}..main {..position:absolute;..height:100%;..width: 100%;..text-align: center;..background: #a7cfdf; /* Old browsers /..background: -moz-linear-gradient(-45deg, #a7cfdf 0%, #23538a 100%); / FF3.6+ /..background: -webkit-gradient(linear, left top, right bottom, color-stop(0%,#a7cfdf), color-stop(100%,#23538a)); / Chrome,Safari4+ /..background: -webkit-linear-gradient(-45deg, #a7cfdf 0%,#23538a 100%); / Chrome10+,Safari5.1+ /..background: -o-linear-gradient(-45deg, #a7cfdf 0%,#23538a 100%); / Opera 11.10+ /..background: -ms-linear-gradient(-45deg, #a7cfdf 0%,#23538a 100%); / IE10+ /..background: linear-gradient(135deg, #a7cfdf 0%,#23538a 100%); / W3C /..filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#a7cfdf', endColorstr='#23538a',GradientType=1 ); / IE6-9 fallback on horizontal gradient */.}..line {..margin-top: 15px;.}.button { width: 250px;}.hr {. border: 0;.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\deviceconfig.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	44516
Entropy (8bit):	5.3611854344727545
Encrypted:	false
SSDEEP:	768:m++7yWmqCYQZQh+sXFC386ECEMFpkvZ0t78HwZsY/EwragCvsMO8nC:P+mW6YQZQh+sXFC387CE+8Z0t78HwZsu
MD5:	5637541287349FD127C270DF4332988C
SHA1:	6F5FCDC3C26FF960D0BA4DBC1A63F6FE71C96B5E
SHA-256:	C927E451AC8098264BF8A86FCDFCEBC7E129368128DC33686FE49050D9575F85
SHA-512:	1BA089B265C1279EB433F77D34D90254EB8A5649046868850C2EAA8A7A3D6F1842E8F8554FF100E3D11445EE8CDD8BF85E9723B5D89AA9A9F83B93CF30A766F5
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..include "/www/include/option.php";..include "include/crypt.php";..$DoNotShowInConfig=array("ALL3690", "ALL3691", "ALL3696");..$page = $_POST['site'];..$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );..include "/www/include/security.php";..$expert=db_read('/control/frontend/expert');..$localnetwork=db_read('/control/device/localnetwork');..$start_page=db_read('/control/frontend/startpage');..$start_panel=db_read('/control/frontend/startpanel');..$devicetype=file_get_contents("/etc/default/device");..$sitenames=db_read("/control/frontend/sitenames");..$tabcount="[2]";..if($devicetype=="ALL3692" \|\| $devicetype=="ALL3696" \|\| $devicetype=="ALL3691") {...$d1type=db_read("/demons/d0bus/port1/typ");...$d2type=db_read("/demons/d0bus/port2/typ");...$d3type=db_read("/demons/d0bus/port3/typ");...$d4type=db_read("/demons/d0bus/port4/typ");...$tabcount="[4]";..}..if($devicetype=="ALL3653") {...$mobileFrontend=db_read

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\deviceservices.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	16594
Entropy (8bit):	5.224509177093161
Encrypted:	false
SSDEEP:	384:kCnxthXLBB0Y84fdfH2zXN0gtb7sO9UqD5znHt//5oD6z7ypVOAo8P9n:kCnxthXLBB0Y84fdP27N7tn7F7y9n
MD5:	0D85E8F7E4B8C7C1FF443A05FC5FBC28
SHA1:	647D8A8D03356021A6E8C1FFB51757B4847AAB9D
SHA-256:	2C23F7609B796A11F0598DAE54C66D87D6C0B8D494D967E235500689640EC5D5
SHA-512:	1896A7EF0D52DDCE99DF6F486B041F89431703E3D30486221BD6B5FC9406F2D4528EB256C6D03A95AF2F8C5A7E3490B164B1E34ABF1AE7CCFCB2FE03385234CD
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/option.php";.$page = basename(__FILE__, '.php');.include "/www/include/security.php";.$device=file_get_contents("/etc/default/device");.if($_POST['gw']!=1) {..$syslog_activ=db_read("/sys/logging/syslog_enabled");..$syslog_override=db_read("/sys/logging/syslog_logleveloverride");..$syslog_server=db_read("/sys/logging/syslog_server");..$logfile_size=db_read("/demons/max_logfile_size");..$shm_level=db_read("/demons/sensor_shm_demon/log_level");..$alert_level=db_read("/demons/matrix/log_level");..$all3075_level=db_read("/demons/all3075/log_level");..$mail_level=db_read("/sys/network/mail/log_level");..$timer_level=db_read("/demons/timer_demon/log_level");..$update_level=db_read("/demons/update/log_level");..$history_level=db_read("/demons/history/log_level");..$i2c_level=db_read("/demons/i2c/log_level");..$download_level=db_read("/demons/download/log_level");..$camera_level=db_read("/demons/camera_upload/log_level");..$devicetyp

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\documentation.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	2507
Entropy (8bit):	5.466238136102736
Encrypted:	false
SSDEEP:	48:f2GDva9++2oWzupp+qVVYFPdrWZyfvgLF4GFPi4bqk6RcG3pv:f2GzNoWCpp+qVmRd6Fh4qK4bC9
MD5:	8948F56ACB943BEAC2E2BC9544DA1967
SHA1:	3E8708E67C0F7DBEFBF74D5E10F819B8C0891B5D
SHA-256:	4FAB92EA683363536B30A5BF9A95FE9035B39FB08E9137D633FCADBD205961A1
SHA-512:	9D34E0D3919215ECA6D051069CD939A71672AAB8891C3FBAB85A4145DA04949FBD236DDE6085C0F94B39030A9A5FCFD8C3C528912599E254513343EF2F0F6BD3
Malicious:	false
Preview:	<?php./* SV: 2.51. * DT: 20121026 . */. include "/www/include/sqldb.php";..include "/www/include/option.php";. $device_type=db_read("/control/devicetype");..$data=array("format"=>"pdf", "type"=>$device_type,"lang"=>$loc);..$result=array();..$curl = curl_init();..curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);..curl_setopt($curl, CURLOPT_URL, "http://docs.allnetnetworks.com/check.php");..curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, "15");..curl_setopt($curl, CURLOPT_TIMEOUT, "15");..curl_setopt($curl, CURLOPT_POST, true);..curl_setopt($curl, CURLOPT_POSTFIELDS, $data);..$result=curl_exec($curl);..$docs = json_decode($result, true);..$message=null;..if($docs['doc']=="fail") {...if($docs['files']>0) {....$i=1;....$option="<option value=\"0\">"._000904_."</option>";....$type=$device_type."_";....$replace=array(".pdf",$type);....$message=_000901_;....foreach($docs['alternatives'] as $doc) {.....$lng=realnames(str_replace($replace,null,$doc));.....$option.="<option value=\"".$doc."\">"

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\evaluation.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	21286
Entropy (8bit):	5.408324094152575
Encrypted:	false
SSDEEP:	384:wrWhv8QBz6BAvIGKUiOgqvc5tZIEhfjEfvc5y0BLEXisHC1n+u/B6xp:wrWhM+vIGKPOXvc5tZIEhfjEfvc5y0BM
MD5:	4950F17A64C0B554B778B9891AD79A43
SHA1:	81DBABD2D4E9BFADF39023449995710C198B8576
SHA-256:	FE131A20AE0F986DB9AD5D535F54B32F51C968B033026B030EDB9497AAFEA74B
SHA-512:	734FCD8A3BF4D66AEEA665F486F657AEFCDEEDED0B3154680B4BA66496AD1D30812D364DFF1274F4AC5A885F8D09D61ADAB0C8C341FBECCE36B7B069B90E62E3
Malicious:	false
Preview:	<?php./* INTERVAL standard measurement eval */.include "/www/include/sqldb.php";.$page = "evaluation";.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$usb=false;.$mount_usb="/mnt/usbmemory";.if(file_exists($mount_usb)) {..$usb=true;.}.// check for energy sensors.$stm="SELECT id, device_type FROM external WHERE device_type IN (20,21)";.$showEnergyTab=count(db_all_read($stm));.$showSiteSelector="none";.//$rec_activ=db_read("/control/database/activated"); // not needed - is default.$prec_activ=db_read("/control/database/activated_point");.$erec_activ=0;.if($showEnergyTab>0) {..$erec_activ=db_read("/control/database/activated_energy");.}.if($prec_activ=="1" \|\| $erec_activ== "1") {..$showSiteSelector="inline-block";.}.$datapath=db_read("/control/database/path");..$elements=db_read("/control/database/sensors");.$count_elements=count(json_decode($elements));.$dbinterval=db_read("/control/database/interval");.$mon

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\evaluation_energy.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	22199
Entropy (8bit):	5.415657489541899
Encrypted:	false
SSDEEP:	384:oElhq8bZz6DA2tOyUiWzfnxvcntZIu8Efvc5y0BYBJissp1ns26uAB6tp:oElh+82tOyvWzfxvcntZIu8Efvc5y0BP
MD5:	D17332B0BD32615E80579431719F5D22
SHA1:	9A3B37BB011B9907C8081F0778F130F3690B3478
SHA-256:	4C9BBD23206135095E3DBA00FD448AE0DAE0024B055785861A492EC2B0AAE2A2
SHA-512:	1DDC1C828D0EAEF943B1129CFEB1A288791F6633FA6E6E7FDA7D1E1A47C117AA74D36BB766AF559D44A055D16D9CA0583521D38A106ED0BB7803C0AA773D1CC3
Malicious:	false
Preview:	<?php./* ENERGY measurement eval */.include "/www/include/sqldb.php";.$page = "evaluation";.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$usb=false;.$mount_usb="/mnt/usbmemory";.if(file_exists($mount_usb)) {..$usb=true;.}.// check for energy sensors.$stm="SELECT id, device_type FROM external WHERE device_type IN (20,21)";.$showEnergyTab=count(db_all_read($stm));.$showSiteSelector="none";.//$rec_activ=db_read("/control/database/activated"); // not needed - is default.$prec_activ=db_read("/control/database/activated_point");.$erec_activ=0;.if($showEnergyTab>0) {..$erec_activ=db_read("/control/database/activated_energy");.}.if($prec_activ=="1" \|\| $erec_activ== "1") {..$showSiteSelector="inline-block";.}.$datapath=db_read("/control/database/path");.$datapath.="el/";.$elements=db_read("/control/database/sensors_energy");.$count_elements=count(json_decode($elements));.$dbinterval=db_read("/control/database/int

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\evaluation_point.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	21314
Entropy (8bit):	5.408181543051391
Encrypted:	false
SSDEEP:	384:wyjhk8Ezz6BAvIGlUiOgqvc5tZIEhfjEfvc5y0BLEXisHC1n+u/B6tp:wyjhH+vIGlPOXvc5tZIEhfjEfvc5y0BO
MD5:	D47B3C529D097538B6BF909A80E3BBB9
SHA1:	D5B7E4F4F4115CEAC01CF1C17B5B45AB8FC85936
SHA-256:	14CDEC152BD7EC30DE79046B8F503B94A28F9A2A9276D49C21138D4CD9781693
SHA-512:	6A13CB6710478C37030C973600221177376345D8EC129C171D0BA88C9EC791836D557EF3EEAA3DB44E0252398BFAC213C42DD9F1639D95365FA918915B3F4DFA
Malicious:	false
Preview:	<?php./* INTERVAL standard measurement eval */.include "/www/include/sqldb.php";.$page = "evaluation";.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$usb=false;.$mount_usb="/mnt/usbmemory";.if(file_exists($mount_usb)) {..$usb=true;.}.// check for energy sensors.$stm="SELECT id, device_type FROM external WHERE device_type IN (20,21)";.$showEnergyTab=count(db_all_read($stm));.$showSiteSelector="none";.//$rec_activ=db_read("/control/database/activated"); // not needed - is default.$prec_activ=db_read("/control/database/activated_point");.$erec_activ=0;.if($showEnergyTab>0) {..$erec_activ=db_read("/control/database/activated_energy");.}.if($prec_activ=="1" \|\| $erec_activ== "1") {..$showSiteSelector="inline-block";.}.$datapath=db_read("/control/database/path");.$datapath.="pm/";.$elements=db_read("/control/database/sensors_point");.$count_elements=count(json_decode($elements));.$dbinterval=db_read("/control/da

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ext_allnet.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text, with very long lines
Category:	dropped
Size (bytes):	20349
Entropy (8bit):	5.410417980954373
Encrypted:	false
SSDEEP:	384:9v27ZOXkOmnYIFkcgWd5OQ+N+2Y4jqN8KE2VaL1nu:9v2TnRgWd5nYuDl
MD5:	EDC8571DB8EC1BC21F761F4A308A7080
SHA1:	F5396383BFED3192118D85058D63F86A1BB7D89B
SHA-256:	5A8746AF702CFDEA836B99B861BE9EC20B74264936A6E3F5D4C3A18185977720
SHA-512:	AE6C39260C630713E1E99FA7D40926120830E491817A159A35BAC70F7BA9FC828A88E63E8A5FDFECD5BC321DD60A394DA9A3E58731B202B9674E2D43BA11E2E4
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/option.php";.include "include/crypt.php";.$page = basename(__FILE__, '.php');.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$device=file_get_contents('/etc/default/device');.if($_POST['gw']!=1) {..$checkaddresses=$_POST['addresses'];..if(isset($_POST['new']) && $_POST['new']=="1") {...$remote_id=0;...$new_record="1";...$initContent=null;...$editContent="display:none;";...$auth=false;...$external=array('ext_id'=>null, 'remote_device_type'=>null, 'compare_externaltype'=>null, 'device_name'=>null, 'device_type'=>null);...$address=null;...$port=null;...$elements=array();..} else {...$remote_id=$_POST['id'];...$new_record="0";...$initContent="display:none;";...$editContent=null;.//..$stm = "SELECT external.id AS 'ext_id', external.device_address, external.device_type, external.device_name, external.device_password FROM external WHERE id = '".$remote

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ext_allnets.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	3527
Entropy (8bit):	5.319972327915963
Encrypted:	false
SSDEEP:	96:l2GzpPH/HY8MHAIMGO0jCvOK5Nr0EK5vzNT:p4XhMGO0jCvOKn0EKr
MD5:	C673B60AA0F4F09B6B678FD741BDF891
SHA1:	08A66057F9948477EFBCF6EEFB7783AA60FA5C1F
SHA-256:	A54DE84E9534D37A72F3FB1B1E175A0C5C9086822358544ACFAEF4062EBD1B4D
SHA-512:	6A6E91BD9A28489554638DF2B1163B519886B894913725412C556FC2001BC7035FC8C78815CC04B5AD6F781ACB516494CFAAE5CD29EEF36180A55ED0B25A567B
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..include "/www/include/option.php";..$page = basename(__FILE__, '.php');..$stm = "SELECT external.id, external.enabled, external.device_type, external.device_name, external.device_address, external.remote_device_type FROM external ";..$stm .= "WHERE external.device_type IN (15,16,35,36) ";..$stm .= "ORDER BY external.enabled DESC, external.device_name";..$remotes=db_read_sql($stm);..$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );..include "/www/include/security.php";..if($_POST['gw']!=1) {...$stop=0;...$checkaddresses=array();...$addressToID=array();.?>...<div class="message" style="display:none;"><h1><?php echo db_read("/control/devicetype"); ?></h1><h2><?php echo _000014_; ?><br /></h2></div>...<form method="post">....<fieldset>.....<div class="subline"> <?php echo _menu035_ ?> </div>.....<div style="margin-top: 5px;width:715px;">.<?php.....foreach($remotes as $remote) {......$remote_id=$re

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ext_monitor.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text, with very long lines
Category:	dropped
Size (bytes):	14912
Entropy (8bit):	5.398790814478541
Encrypted:	false
SSDEEP:	384:yKj4SSSX0JfyOASbZhNZD1GLmBXq158Bjk1tbTq:yKjsbzNZD1GLmBXq15u41tb2
MD5:	500D3F27D9DDB94DE2CA8258C65C9E8C
SHA1:	EECB1F7935BE4E9652B9814E6715D230EC3EB508
SHA-256:	C61E156FA66A0F0F5F4810ABC175EF6618BF68B875AA32EDC5DC42114CDC38E9
SHA-512:	8495F69D9AEADB9FB684E6E5846B531F3C8EF365BF69AB4B4C9E87046E660842729EB0B1DFCAD3B9EEF6F73E6EF26E730AF9AFABDDBFA2FD7FB5A09CD31EAFFD
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/option.php";.include "include/crypt.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.if($_POST['gw']!=1) {..$monitor_id=$_POST['id'];..if(isset($_POST['new']) && $_POST['new']=="1") {...$activ="1";...$new_record="1";...$monitor_id="0";...$actor="0";...$actor_action="0";...$deadtime=5;...$resettime=5;...$boottime=15;...$monitor=array('id'=>null, 'custom_port_name'=>null, 'custom_port_description'=>null, 'device_address'=>null);...$rules=array(null,null);..} else {...$new_record="0";...$stm = "SELECT sensors_logical.id, sensors_logical.activ, sensors_logical.custom_port_name, sensors_logical.custom_port_description, sensors_logical.unit, ";...$stm .= "external.id as 'ex_id', external.device_type, external.i2c_chip_id, external.i2c_primary_chip_number, external.i2c_helper_chip_number, external.device_address, ";...$stm

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ext_monitors.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	3087
Entropy (8bit):	5.32727938480685
Encrypted:	false
SSDEEP:	96:l2Gzff+3sCS+DsYdyALKerO1K5gr0K5WNT:H+tdPKerO1Ki0KQ
MD5:	5E7AFE5B99BAE13211C5ACB8144D8CA5
SHA1:	E2E3CDCAE8621FC6ECF2FD5E49A4652CB1DBC015
SHA-256:	1B4CD28D9C4799E50471076572D4EEEC93383A616E6712B3DB6366B0382B2162
SHA-512:	4343A3365DF872C7D103F95D41641252165429C89381858E749ECEDF57E1D1FF0B9EE530DE2F54D396554C0816C55206E2764503D84F3390BE5D0E482253CA8F
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..include "/www/include/option.php";.// .$stm = "SELECT external.id, external.enabled, external.device_type, external.device_name, external.device_address FROM external ";.// .$stm .= "WHERE external.device_type = '17' ";..$stm = "SELECT sensors_logical.activ, external.id, external.enabled, external.device_type, external.device_name, external.device_address ";..$stm .= "FROM mapping ";..$stm .= "INNER JOIN sensors_logical ON mapping.id_logical= sensors_logical.id ";..$stm .= "INNER JOIN external ON mapping.id_physical= external.id ";..$stm .= "WHERE external.device_type = '17' ";...$stm .= "ORDER BY sensors_logical.activ DESC, external.device_name ";..//echo $stm;..$monitors=db_read_sql($stm);..$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$_POST['site']."'",0 );..include "/www/include/security.php";...if($_POST['gw']!=1) {...$stop=0;...$checkaddresses=array();...$addressToID=array();.?>...<div class="message" styl

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ext_virtual.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	45430
Entropy (8bit):	5.434416262543064
Encrypted:	false
SSDEEP:	768:yCx8VjZnvAoe3oFN62vrNlGdGb8aC83Gd85Gfjw/bGuo7YK/IH6BX7Dm2erBXYpZ:h8VjZnvAoe3oFN6UNlGdGb8aC83Gd85o
MD5:	DB9F1620ACB6C5F7874A2A62DD2092AB
SHA1:	BDA4BB0A0DF9733AC1BD2ED3B1F75E6E18F48FD8
SHA-256:	CD3EE37E78A6928694B3F5C3979F5C80917E56AB68DDE639FCEAF0D1184093F1
SHA-512:	31BD50D7F9E86510976C6627BEB04FD53582BA45A4DE96615D3E6B9403807A073055C8F0FBC8014BA3BD6E75E7504A35D543282DB3B7982A1A5853F591059367
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/option.php";.include "include/crypt.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";./* Neu Gruppen zuordnung, Gruppierung erfolg derzeit in 4 Gruppen */.$virtualSensorsFix=array("4000", "4001", "4002", "4003", "4004", "4005", "4008", "4022", "4023", "4024");.$virtualSensorsFunction=array("4010", "4018", "4019", "4025", "4031", "4032", "4037");.$virtualSensorsOperation=array("4011", "4012", "4013", "4014", "4015", "4016", "4017"); //, "4026", "4027".$virtualSensorsDetermination=array("4026", "4027", "4039");.$virtualSensorsEnergy=array("4028", "4029", "4030");.$virtualsensorsExtreme=array("4033", "4034", "4035", "4036");.$virtualSensorsFixShowConfig="display:none;";.$virtualSensorsFunctionShowConfig="display:none;";.$virtualExtremeFunctionShowConfig="display:none;";.$virtualSensorsOperationShowConfig="display:none;";.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\ext_virtuals.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text, with very long lines
Category:	dropped
Size (bytes):	3998
Entropy (8bit):	5.512938640659543
Encrypted:	false
SSDEEP:	96:Y2GzcyAKijrOSv9DHDQZHAKs/O1K5wy0K5CNT:PzjiHPuO1K90KU
MD5:	BDFEAFA13D7C74EB681F9605D2DF7BE0
SHA1:	4527F48EB9DF3B9703E995D6EC3DBADCF5E7FA64
SHA-256:	0ACBC49468C9FEC833F94DB8A3367F6975D7CE47ECE344CC5C54FC70C5229F3B
SHA-512:	E105C6F8E3AC59B3B971C6E2330593CC9017FD70967C34881226E9C6D909419372D1E25C993D519E4B8510FAD4EB08B166746D61E271E20BCEDCE15C4C9FA01E
Malicious:	false
Preview:	<?php./. 4011-4014 Berechenen. 4000-4005 Spezial. /..include "/www/include/sqldb.php";..include "/www/include/option.php";..$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$_POST['site']."'",0 );..include "/www/include/security.php";..$stm = "SELECT sensors_logical.id, sensors_logical.activ, sensors_logical.custom_port_name, sensors_logical.custom_port_description, sensors_logical.type, ";..$stm .= "external.device_type, external.i2c_chip_id ";..$stm .= "FROM mapping ";..$stm .= "INNER JOIN sensors_logical ";..$stm .= "ON mapping.id_logical= sensors_logical.id ";..$stm .= "INNER JOIN external ";..$stm .= "ON mapping.id_physical= external.id ";..$stm .= "WHERE sensors_logical.id > '100' AND external.i2c_chip_id BETWEEN '3999' AND '4099' ";..$stm .= "ORDER BY activ DESC, custom_port_name ";.// .echo $stm;..$virtuals=db_read_sql($stm);..$virtualsensors = array("4000"=>_101750_, "4001"=>_101751_, "4002"=>_101752_, "4003"=>_101753_, "4004"=>_101754_, "4005"=>_

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\favicon.ico Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	5430
Entropy (8bit):	2.5804861421976493
Encrypted:	false
SSDEEP:	96:KfDV9l5Jgc9aaSnGj816isIdfHbRAlRdxLM6my:6VrUHwQk7
MD5:	A1AFD5AD6D8F0AB77D9E7ACAE736C222
SHA1:	809693215F8C6C5811FC77E74F090438C31A3F97
SHA-256:	01F3D82084F2EE32DD3EC88788432C427B36BA58ABD2BEE346AD67210F35D2B8
SHA-512:	835B3030852D29857BF1B26FD1361B636BFE917F89013FA80F1723F24067AD6B5B13F4F0A179629791B5C4DF652629A72634289BB94BC3BE3EAD109306A52E6A
Malicious:	false
Preview:	...... .... .....&......... .h.......(... ...@..... ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................c...c.,.c.J.c.;.c.6.c.S.c.W.c.6.c.@.c.`.c.9.c...........................................................................c.,.c.>.c.:.c...c.D.....c...c.J.....c...c.O.c...c...c.g.c............................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\flowcontrol.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, Non-ISO extended-ASCII text, with very long lines
Category:	dropped
Size (bytes):	51272
Entropy (8bit):	5.487692584575459
Encrypted:	false
SSDEEP:	768:+EPhjvFh7OzVWaUdAuTeiDubasGGy+UujX4lZStxdh:hPpvT7SVru2lGL+LjQMdh
MD5:	5AC9843C4928FD716D1BA0BCCCD66054
SHA1:	4413D16BBCF2BA8DDBFA95E277B203BE4B59B3E5
SHA-256:	7BB09938C844CB9FCD36BE984DFCA8D23A966FD8C13065060A4E9033BB6A516E
SHA-512:	046A44D58DC6F5B50D76F31D6580224D69388E093112611EF596BCDFAC0261D0C0164593795CCDD15115239BD78C7472CB8F89F669415B834AEB3DDEF3AD239E
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/option.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$runId=0;.$flowRun=exec("ps -o comm \| grep flow", $output, $return); // return = 0 run something 1 = nothing runs.if($return==0) {..$runId=str_replace(array("flow", ".sh"), array("",""), $output[0]);.}.$isrunning=false;.$showSettings=null;.if($runId=="0") {..$showSettings="<input type=\"button\" class=\"showChannel\" style=\"font-family:jquery-ui;font-size: 14px;\" value=\"\" data-info=\""._400116_."\"/>";.}.$expert=db_read('/control/frontend/expert');.$stm="SELECT id, custom_port_name FROM sensors_logical WHERE id < 16;";.$elementNames=db_all_read($stm);.$stm="SELECT device_address, device_name FROM external WHERE device_type IN ('35','36');";.$networkDevices=db_all_read($stm);.$showFadingTotal="display:block";.$showFadingChannel="display:none";.$showSc

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\flowcontrols.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	14793
Entropy (8bit):	5.339055058808896
Encrypted:	false
SSDEEP:	192:YEObH+uFhSXzYmfBopQqmJtLsnkkOFkGTI35dtC3fTfhz:YEsvFhS8oejO4dz5dtC3jF
MD5:	954E459EB694B1B750DEC83CB8E22271
SHA1:	C09448E302E81DF88E19AE8141D13397DE917C11
SHA-256:	2E362A339F2E931C8A4A5BFD608F339FEF5AA668F2E4C856729885F68D534BEB
SHA-512:	CD2F37BDCAEA220653A2DA546B12382698C28EC4B100A58013629FBCD24BEE7315AD8D699A640E423BCCB685A4DC2668DA090A6222117E5CDC7312D86247170F
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$runId=0;.$flowRun=exec("ps -o comm \| grep flow", $output, $return); // return = 0 run something 1 = nothing runs.if($return==0) {..$runId=str_replace(array("flow", ".sh"), array("",""), $output[0]);.}.$flowControls = db_all_read("SELECT id, active, name, description, bootDefault FROM flowcontrol ORDER BY active DESC, name");.if($_POST['gw']!=1) {..$stop=0;.?>.<style>..ui-tooltip {. background: #E7EACC;. color: #000;. border: none;. padding: 0;. opacity: 1;.}..ui-tooltip-content {. position: relative;. padding: 5px;.}..ui-tooltip-content::after {. content: '';. position: absolute;. border-style: solid;. display: block;. width: 0;.}..right .ui-tooltip-content::after {. top: 18px;. left: -10px;. border-color: transparent #E7EACC;. border-width: 10px 1

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\flowwrite.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text, with very long lines
Category:	dropped
Size (bytes):	4314
Entropy (8bit):	5.510854795696904
Encrypted:	false
SSDEEP:	96:4H0hJ4+1SzutCb/k9KGoWSXxIRYv8J2Doc8581Xs83xIyw8RXs83xf8GY:1v4+ftCb0ci8V48pi
MD5:	4529E5A6F7548AD55E9B2648F03F59A0
SHA1:	7F2828706D4E361DD85B42942E4FF751D5A7A547
SHA-256:	2BC32F2023A30D1A392C65454F2D0B04A4439EF349B5BA6BEBDEADA6C74A52BE
SHA-512:	92CDAA1425DDA2055FAF50B26A38CE5731ACE336B837CF3945B18495D0CB3A9B7870E54DEE29453CEDA7AA73820A222C2D117067FFEDEC0F331832423ACAAD8B
Malicious:	false
Preview:	<?php.//ps \| grep flow4.sh \| grep -v grep \| awk '{print $1}' \| xargs kill -INT.//channel_set <DB_ID des Kanals> <Soll-Helligkeit 0...255> <Fading-Wert>.// 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15.//channel_total 255,0 255,0 255,0 255,0 255,0 255,0 255,0 255,0 255,0 255,0 255,0 255,0 255,0 255,0 255,0.// PARAM=`echo "{\"requesttype\":\"$CHECK\",\"mac\":\"$MAC\",\"uuid\":\"$UUID\",\"devicetype\":\"$DEVICETYPE\",\"revision\":\"$REVISION\",\"version\":\"$VERSION\",\"patch\":\"$PATCH\",\"date\":\"$DATE\",\"devicedate\":\"$DEVICEDATE\",\"reloadlast\":\"$RELOADLAST\",\"format\":\"$FORMAT\"}" \| openssl base64 -e`.// curl --tlsv1.2 --ssl-reqd --silent --fail --data "param=$PARAM" $URL --output /tmp/update.result --connect-timeout 15 >/dev/null 2>&1..// --------------- GENERATE SCRIPT ------------------.$fileScript="/opt/flowcontrol/flow".$flowControlId.".sh";.if(isset($rewrite) && $rewrite==true) {..$fileScript="/tmp/flowcontrol/flow".$

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\httpd.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text, with very long lines
Category:	dropped
Size (bytes):	34506
Entropy (8bit):	5.409390942865788
Encrypted:	false
SSDEEP:	384:8l7Ca3VcmN/Y/2pawtSOc9SOe+39cE8AK/gqciWu52NurRO5GrmqkxGZskaAn942:E7Ca3VfWNNudOEmqkxGZ3aAn94Q3diC
MD5:	98AAC8824D3FF539ABDBFE2A0A4018FB
SHA1:	5EABCE89AB71AC6F690BD97CCCA4363EF0A78924
SHA-256:	5D16C9331BAC10E22912B9E1FEA44EFB3302D9648013B7A6733A0B1E119B2CB8
SHA-512:	2D78D135341EF148B26FB1792DD421C280C8F2E840952FE613B5E11D6DDF1E91FAA3B12073624DB3E338719FBDD25339E1B5B6CFE3B2902C314EE665E643D36B
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$page = basename(__FILE__, '.php');.include "/www/include/security.php";.include "/www/include/crypt.php";.$expert= db_read("/control/frontend/expert");.$showPort="display:none";.if($expert=="1") {..$showPort=null;.}.$reload=5;.$userTypes=array(0=>_000277_,1=>_000278_,9=>'Build in');.$userRights=array(0=>'-',1=>_000279_,3=>_000280_,5=>_000281_,7=>_000282_,15=>_000283_,1023=>_000284_);.if(!isset($_POST['gw']) \|\| $_POST['gw']==0) {..$enckey = base64_encode(md5(db_read("/control/local/encryption_key")));..$stm="SELECT id, name, CASE WHEN LENGTH(password) > 0 THEN '1' ELSE '0' END AS password, rights, userType, description FROM users ORDER BY userType DESC, name;";..$allUsers=db_all_read($stm);..$usersCount=count($allUsers);..$httpSSL = db_read("/sys/network/httpserver/ssl");..$httpPort = db_read("/sys/network/httpserver/port");..$ftpServer = db_read('/sys/network/ftp/enabled');..$ftpPort = db_read('/sys/network/ftp/port');..$sshServer = db_read('/sy

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ALL3418.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 249 x 118, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3470
Entropy (8bit):	7.86186027236813
Encrypted:	false
SSDEEP:	96:rTIwNI/uHh6XjPk53pVBtJzUkaIwgayuegVD6Wen:rTvNkuHMXjP0zTJzxaIwCSi
MD5:	90DC80BE27BC35F45B106D38E193EA3E
SHA1:	E6C4D218B9710F395828257B4067C59CD178B836
SHA-256:	B5D44C95993FD7660B74D421C3FD1B374C221AD807CD4DE6178F1E63F700C91C
SHA-512:	3D8D9D6BE8C8AF2CCB8DE81FBF1592B9E2EB2FEBC3C7DEE22AA7E2623D4C96687A62430E64913169465FA493F1ABEE18EB0542801F2F2178AE479086EE92C019
Malicious:	false
Preview:	.PNG........IHDR.......v.......5....UIDATx...Oh.u...o.XM.&4Zl..i...1I..k..-....NZt.bE.l.X...I.N. x.z..A.A..EFW.vtx...R..Y....(..d..,O.o.P.]....t.2i...rtt..p8.."!.{...k.}.`..ko..o.G..+.#..........9....p0.\|(..8".{S...........{......1.......^K.S.%...c.....B.PDD.........l6.Q__.........g~`...B!.i..w;s......8..< DT..^...1#D.r"..._{w.... '.i===.R....\|Zww....[...4.u.....9.OK$...J...D.8.s.y9Q.J..oZh.x.<.....a!.. ..B..K.X.Y.9"Dt.K.R.[h...r=...4.......m.K....%......2......^"...y../......(4........".%r.g.@.K...o.B.^!".".M_tB....Z......D.r"..... 'j.../-....{...936v..Du...`...S...'....../..+.....:..AN.r.....D '"........."..%.uvf.%.]fxxH.y.d.G..;.........^K0.\|<..^?z4Q..d'ON...)3>>vW .........N.^.n.~....f.i.....xt.X.r.E...b.....4KK....WWW.1..:..r.l.....;.{.....z......L.\..._.@............w]..sO...5..........n..z@.........9k......=...... g .9...A.r.r...... g .9c .9.9.A.@.r.3...... .9.9.A.@.r.3.....@...S.......\...qTa=vv.. ......Loo.<..`vvvL#...m...*.3gN...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ALL3419.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 294 x 175, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	8328
Entropy (8bit):	7.937535878640467
Encrypted:	false
SSDEEP:	96:KOgxCv2m60J+OjnD3fyQNU1HiPgBkQId8Vz+x9U7P3fMhEwWg/YZlqFG4Kj7iqQe:Kv+2m60wEnrfBNuBO8fPvMC3Ff
MD5:	99B726345D5C17010A558B63594F1EE1
SHA1:	DA85F2D52BE50F11231D0DF351B60F6BFBFE6910
SHA-256:	F08DD778947EF57909CBBBEC01FF755E918FC621E75E6354F5FE2B8DB321EE2F
SHA-512:	6387E7B148846CD4859DC60EC60FF204BFC3441ADF4832D71BB0EBF10663639994CEB04B01B91C0C2C943B1CC35B06D481B1F9DD3D7A781569E4964BEE192432
Malicious:	false
Preview:	.PNG........IHDR...&.........P.s~....sRGB....... BIDATx........3{.,." r..T.H$.4j4.D#.1O........_....51...y?.D.HbLx./y..M>.(...^Q....e..v...5]===..3];.3...t....V......bd..w.}..w...............D"...;:..[;.w\|r.W..b.C.X.......s......_....b.X........igWW....-.].k.Zw.o{...---..P.A.....m.{..`.....(7U..x....2.1.M.........F.U.XSS}.G......;w>..........J....zlMm.aUU.G..u.....n.(....S"...%.xYy.......'.v.....]]2......+.s.)..Wv.C.?.IT.<....(2.z.'.j..1S..#..[..A \.L).X.,.1...z.._.$......1.TV...Q..ZuMu?..x......S..(.7";...hz...>..(..O>9...'....H`..M.. P4..(..7..... ......d... ...#......L.#......S0m.) .Z.F...6A.F6...P0.(9.F.S[[.\|.kh.D...k+T..J....4r.H^..7..L.-.FGEA ...(...V^_i...c...;X...@ w.F.S{{.l.dd..TU._.UFJ.....0....N..]^^..S.{....y.0.<:::x...OR....&FLy4:..@...QLMMM1.A.l....a......@...(.5b2.I.W...)w.....@ @..n....r\|.Aow....D....&`D1..+V^^f..O~.).i... ...#7xrr.7(1d.8(.....X....#...^...1..3R.04.... .:.-P..GL\|......b...."`d.TL.6.c~<.uL..G(...J..b.JhR6FL.v....p

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ALL3500.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 700 x 156, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	27197
Entropy (8bit):	7.968145778379042
Encrypted:	false
SSDEEP:	768:e3FHjoTbW4odlraF0J0uq6YzkKWVi6A5b0MCqN2M7:atIbPo/rsU9Yw0CqNL7
MD5:	0640E5FB7A52F965351BABEA82761CE6
SHA1:	E51E36E21EBBE659DDC71CC8B8A5D73EBB2854E0
SHA-256:	ADF7625F8FD0F116D206E6D70FF8DBCBF68ED18FB3F022CA0D65F431746071BA
SHA-512:	11EE354613CFCD16B7CAF20C0E3F0FC8B74E1CA60384B8DB2313033C843A0C18441942902882B8F3F5899812FAF9394FACCAF15BAF51F6FE12A26ADD4C3CB1C3
Malicious:	false
Preview:	.PNG........IHDR...............x\..j.IDATx..]Y.V....%K.%.......K.)..7...a.M....S.+..V.d...af.G.Ba.).d.Fv...2.....Q...I...:..S...?...................B.P(...B.P(...B.h^ .;+++........[...i..1..a....Q9,+r/.k2.c~.....k.].p.D.e...'..p:..B..9.N..6..y...>./..f.4.y]......X.C..<.X.Ir.&.]./..........A../D{F.kB...KK.9_O.N.w......$.Nd.K...........;..W.....y..@...e.,E...'..u......>..m....2.....&<.(O~S<..I.....)K.6.y&;..%o.1l.}......4..A.&de.E7.P. .C\.....c.,>..,......7......y.a.1.K......J...AD.......l..7..R].6.i:...>.R~.e.E.Pg....}.;.%...4e..xL.O.<.oN.1M.....k.0......'_.aY...r....?.T~....N....Y......T...p=$.!.Wy/..)[.i.o.H...?.!....xV\|.c..O.z...}K.s\|.9.V0...x.;v..~.R.0....g:..t...N...W.J.R.lq\|..].{..[g...O~.R.l.7.6.[e_A..1\|8].~....B.P(Z.\.B.}...m...Q...L)Z6~.}.L.={.../.B.P(.....;w.6w....]..S....^.z....U.UWWS...\.._..=.....G.......o.qlB..{......}_...S.\|..2..0mO99......q..93M....O.....4..A{....{Iq....rz..p..>...q...s/.MP.......<d0.e...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ALL3505.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 382 x 302, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	20367
Entropy (8bit):	7.961148620165605
Encrypted:	false
SSDEEP:	384:tLliAe3zXdc83D4eV5qGbTEFQf9L3c2N2MIPDWKi01YEydC:lveq83EeVoGbTEFKp3c2wjf
MD5:	122B57F052359F816E3EEE55DBA9BC29
SHA1:	AE46204D7FAA45738C27853125CFEA4BFA75C3FE
SHA-256:	D283E15AFF77BF2009CBD8060958F20695A8F00263FA0C7C86885C3C27E71BD4
SHA-512:	532D337DC19285202A10E9D054DBED5C3BC5C26174BB7F33C4D30121E828486BFF34CF0E02DF84F957D96D5E78F203F6DD53EE241048AD5F0AC05C47F0F05319
Malicious:	false
Preview:	.PNG........IHDR...~..........Ty...OVIDATx..]mP.....p:.....p"../.Tc..G...Z .$U0).M5McB....jg..35!....Qf..1.S....P.........?....]....,p.3...e.\|..yx.9....7.x.7.x.7.x.7.x.q..=z....3..;....a5..`0F.......A..O.z.G.=....I.~..1.`0..QA...<..90.8....3...iX..PVV~..^[7..a....1...&.~.If..YZ.^n.....X..eYS.O.w......yy.....<..8b......g~z....H....../.W.2.c.;w.uu.e.....y.........'.7.Gk7~;./ .Y.f..>.T....0..w.9&....?...b...b..p....?....`.g....E.........q@]^ye5.?.?k......(.....q..KZ.....v..-i...C........+B.ySGz......l.......76m...@........Z.?....iIk...z.C...9w.?I........K.]N.@...r.,....;..Q..?k.5........Z.t..XV........~#.{.C].......>B...~.({.^..R....y.I.n..>R......w......'V.\)'O.l.......l....7^.mm....6.ga.h....'..^.#=....ok..U.'...O.>-S.N.......9.......^...._...X.l............l.RE...?:........S..2er8......%t.3g.........E...;.2.~......c........vzzzduu......7.TZ9.Y.:D....S.[..rH'...F6~..k`<.?..8....5!....IN.29\|..t.L..!}..[.vU.....(.hT.$..v.-.MK..e....yD

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ALL3692.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 555 x 210, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12416
Entropy (8bit):	7.951007150844054
Encrypted:	false
SSDEEP:	192:ouNWhN+RFe20FExZfgXCGxJyIB91z6ZIMk0mPv+o5o9n79S39Wix9hIOOYwG9rFd:pNSYRFeqTfgymJBbz4DVBoM4l7ZwGlv
MD5:	5D24E68EB8E7EF6EF9C6B2A015A2BEDB
SHA1:	9566496643F9BF10B02138BCE2C3D65B411D7C92
SHA-256:	25B6F1BA9E527F1D9830D72058AFEB4BD44A93909F874AB22716E3E79AF8DD89
SHA-512:	E3D4BB156FF22A453A6CF812174B75C4E4F358234C4BDBCD4F8E2874D2BE961C6CEDAF4343B465590E2E4FF7961C8338AC1699C4FF30E20796D972F90530C46B
Malicious:	false
Preview:	.PNG........IHDR...+...............0GIDATx...?kSQ....$M.$4...X.&.I...".(.$..7pp...[.......Y\..U.A.E.6...t(Tj/..<...Y...4.9U...[.V..$I.6..[?...r.\|~vvv>^w:..L.T.....j.a..f......ml.?O..xM-.0.....=p.^._n4.....^.{d#..\%........\(.Z..i4..{.t:..~..$M..q.\|..K....._...sp...y..\|8.}{b.`.,//?N...8..1{....Q.....B.39..X.....W.bO.....b.."V..XA.. V.+b....X.@......b.."V..XA.. V.X.+....X..+b....XA......b..."V.N.. V...Z...>`.C....TY]]y.........7...'.p....w..S.X,&...s...Z-...3.\z8...K...>..L....g....qi.=..K.$.x...}t7n6....T...O3.3....L#......,....tn..\|...S.T...7.X.@. V..+b....XA....."V.+...."V......Yi#..0\|.*M..f.4!\|......aL&x..\x...{....)...z...n...H............9p..@. V...X.+.....bE.. V.+.....vb....X.+.bE. V..+.....XA.. V..b....X.+.bE. V..+.....XA.. V..b....X.+.bE. V..+.X.+......bE.........`).:.h..lv.3V:..8h.....X..^\G.j..4.....2...dr..1V...xx..{(..{D....R...b1...R.?.N/.v...z.....t..4..G.[2...............F98.ns.^.7..X.@...X...9......(.2h......`........c...d.%w..1.b....F.o..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ALL3697.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 540 x 330, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	34182
Entropy (8bit):	7.954999227739963
Encrypted:	false
SSDEEP:	768:ZQJ/5f2kxd+xl+mtIi4Dlku2AqStRLd4SXyqOW:w/LH+xFtIxuDAqSTJrnz
MD5:	15A9A202B26BF044AF41FE799EE9C1D7
SHA1:	AA8AC709CB6DD49E4F1A8967DC43D20BAE1CD21C
SHA-256:	843A091621BE659CEA9544A29A19921AD94E9C0B2DC5DC41AAFD3409881B3BB0
SHA-512:	F84DA4E35EB181CCEF648372A1B72AF6CF44464D14B232729AAF4F5293AA068AFF5A9361102B677E746E9D653FB84AB1923A9F64E3FBDF5AE3FE0A72F648C5B0
Malicious:	false
Preview:	.PNG........IHDR.......J.....V.......bKGD..............pHYs.................tIME.....1/:.j... .IDATx..Y.].y.........*..I.$!.\..DS.%..D/=n...G.XvOx..e.c...6o...nGtwDG.=...... ..%R.@..R(.~...sr..R.V.v.$...Q..g..'._~..B..A..kf\|\|......<.\|...\|........yg...A.q.9...@............ ..u..m...........2p.8........`.."...c.8.J\|..2p<.5..?..9......".. .7t ..t.g.PD<...?..z........^M.....<........!.. .w...n`.k...R?nH=..A..[..R".C..A....-.).C..A..... .. ....A..A..!.. ....A..A.Dp.. .. ....A..A.. .. ....A..A.Dp.. .. .C..A..A.. .. ."8.A..A..!.. .. .C..A..... ..p.../..V. ... ..p..9sN.>...~...-.C..A...J.Y..9.s...Z"8.A....`.x.8L`u...........A..;......9.k.8.,.S:"8.A....`#...Q.....x.....h....A.........&...g.H.......I.. .. \.......}..}-... ..pg.-....y. .C..A.nL.%.Dp.. .. .C..A..... .. ."8.A..A..!.. ....A..A..... .. ....A..A..!.. ....A..A.Dp.. .. ....A..A.. .. ."8.A..A.Dp.. .. .C..A..A.. .. ."8.A..A..!.. .. .C..A..... .. ...,..A..A.. .. ."8.A..A.Dp.. .. .C..A..... .. ."8.A..A..!.. ..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ALL4076.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 440 x 267, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	42347
Entropy (8bit):	7.984015441778095
Encrypted:	false
SSDEEP:	768:s2BdD8+Piu20bQlrxCrmz+A66bunqPhLSfhRarGAk4B0VMeOEaj96Tj:vdDTPt20E0s+AfZ+fhorG5PVLbajMX
MD5:	7D6534E1BDF1653BE1F8BD84CBFAE7D1
SHA1:	E70647856877AB1D48D80268901B03178BA63D1D
SHA-256:	3B1C3E3CC3E6CB89C9A1FBDC02D2F050383F8D05E10B2480A4A1A503B45C0037
SHA-512:	7CAC00C86B3FE1E534A0BF8D6CB936913B64B5698858769373512992D3F1AC103F9ED3F547756F4C4D9B33AEFAF1858900061F320733DF1B03BB363819B91D05
Malicious:	false
Preview:	.PNG........IHDR................h...2IDATx...1J.A....KA.lv.U"$h:...].\ ...Hr..... !q...".U.H.Z.V6.C..,."8...~..6_..U....ju.ub..V..^.=....</-..C....!.....o.Ym.^......~:.^..`w....mp........l....J(......+8o{s..1..'.$....7..../........y.3./.b..yk.Z..dr7..o.4.....B...!D....(...t..^.n.t:.......r.<..@.!....gt...e..g.{...J.=..P...!2.Xp".\,5...,..y.c6....F.q..o..0....i.@...`......bx<\|..P`.?...?.P..#p..8...T..X..ML..........kW...<..........[...4}.k.w}>[....gpy.2c.....).qV........c5.ve....-....9.E..B.<UY0.......lQ.Q.OY.N.i..8.8p.7...X.M....E....7......Y]]J._2.........[Ns.7x....[.OLeo....;.e........D.......;.......dR...~[..^...~.@....y{..:.e......&....vd(...........Y.-D.".5.....8.b.....0......4.I[;..0&.....A......%...OP.K.b.F.^@.5.r.2.f4Q..x...((./Po\|.E.......>..e?w.L2...3.yw..o....y.s.s..w233.dee. NX.t.!&f....9`!..A..`.....-.8 ^.M..R.$.7S.$.U.V...3D.tq...G.."....>v.I..^...x/"<.a.E.....~.......}....'..S.3g...,.=...Wr..i...c.A....&.........

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ALL4176.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 440 x 267, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	53644
Entropy (8bit):	7.985107488456604
Encrypted:	false
SSDEEP:	1536:V02G+iCCDWLyKccc2n5sSpMxfIRuh0iOaocoU:3G+EDWLRccc2n55MpIRa0uoU
MD5:	331BF69017EEFA34EB776CC25477FCEE
SHA1:	8793CF2AE1A12847F6A3EEAF82DE563FE76FB788
SHA-256:	AB7D5D39163E40511C8266585B072B2A0BEED9743EE60019637A4843C3955ADF
SHA-512:	15482658E531D74BB392E1D1234205AB01E4AD230773D99141AAC715E8D1C16F769A42A3FAAFE5ACF2D2C1C6BBEB2EC0B198495A611D5AA2DC6C578DE6289539
Malicious:	false
Preview:	.PNG........IHDR................h....sRGB.......@.IDATx...\|T...oBB ...).].....{y.,...b.T.E...4{A..+...".....#.;.s.p3;ww..%....%.{...sgN?g</.....".D..0.a .@.....0...o.FM.M....$.5.....E..0Pz......#.T<.ddddW...{^.......W.Z.....^.b....+.F.'.0..0.1......4.@%..J...hY...kfg...W....j..j.g./_..5k.......G.0P.0.1.2.:...w.._.^.....s...W.T.qNN.]k.9j..>X.\|....x^..r.:.....g>...\|]_.-..a .@\.D...z.......L..n..p....5k......_.9...u...a...U.^.jW..<W.].v..-X.j.\.f...X....>.".....%........]W...5.\9...a.L.....y.U.....7$uGtQ..........cG.(..._....M.%.O..<[fegn_..G.E.H7.D....h.<[.......R..............ER..R4.r..bLR1...T....a.<c bp...Ec/s..TicJ4.....D.a .@..D...r.S.....5k.....).\|.>#.D.pc bpn.DG#.....MK:..X...22R..3.E....'.".W>.[4.2....z*'.C.T)#5.4.....a..0.1.RBl.l....@... ..Dp.vZ` bpi....(+......#.N..[V^z4.2..h...W....b Ei.^.dRN'H4..a bp..u.S......)a<E(.V...=b..7."...Kt4.@q1...N:.Z..F.E..(...\Ey..s......S../..%...iQ'..J....+%.F.VT.d...2%.T..=wz` .m=..i.....0.....n...p....

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ALL4500.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 510 x 264, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	34263
Entropy (8bit):	7.971547341939936
Encrypted:	false
SSDEEP:	768:u/9Cvt9nVUK2N5HuHMisKM3h05UeVEMXmd4aoe67b8Ab0yr:o9CvtTUK2NF+sKMiNzaoeQ800yr
MD5:	C4A264798A9DDE03D1C6C656FAD6FB6B
SHA1:	6F78191E0E222AE05FE99FD9317F9DB251E444C5
SHA-256:	1F0B976B370A7F49A5A26EDF020119C72C0B9D6B7C742020D1418160E2E3F452
SHA-512:	0720EB64AC879E7E8BFD5179345E58478AC0C8051018C40A0C398A048095BB36E86E455458D125152FC95BFAA8BB14E18FF7A40A488BBB14720974E78B8F9D74
Malicious:	false
Preview:	.PNG........IHDR................!....IDATx..{T.U...y6S..Z...tE..\|...QS...\|.).ZJ........2S+....e.#u.T.I.%......"........{......rG.`..........p....>. .. .. .. .. XVfff..0o%++.......j.m..{.F....-A........''......[..0.E....D.....c..Y.f...>K..)+V...3?....A?..E.-..^...X. ...s..=.t...z.....{MW...s..B.z.d..K..!........s........1c...e... ...Pvvhxx.....wP..6l..t...._..f...~S>.Q.... TCPY'.]..~...Um.#Y..C.:t.......s.u...}...'..n.. .-.../..BT.6.s..........}Yp..5...R8}.4\|..7..xe.`...-A.FL.:5....~.h,..'.())......^...u......{7.7el.....S.....[. .w.......>....X..[..XEE.(L....!77.......`.vh.7c._.~..?.... T.p8.q...?S...k..q...2z..p[@........B\\.}8.V.z....G.9s.~K...Nx.........}}kCt..8..<h.:.S.NQgg...;w..%..D..p...@..sq.....{9H..i....qu-.\|L?O. 1.T....L.s.8?.?.........I.Z.......v..0..j...h.'.>...l..~....PH..qS;...&.R...?.x...?K. ...?.......v.xl..t..8.....0x..}....4..@aa!....N..;y%Z2..Hte.B...s...].....?..........]..R.?.>....{h.+..5....N.*q

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ALL4504.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 450 x 218, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	31950
Entropy (8bit):	7.975743392814951
Encrypted:	false
SSDEEP:	768:o0NfR8T+y/u33VM4DUP+JrvwB92q5EBma8qvcX+EnD09adyBZ:ffRE0lxDUgok+WY+EnDaaOZ
MD5:	181D45F3FBEA1114AA40C88A076D9FDF
SHA1:	15BD26C9A1F4E71184B8BA5561A21587F3E275F8
SHA-256:	1D3E032083A3C409FC78D441ED4313743008EE76B432EDCCC7EDAA49DE4A3630
SHA-512:	832E52A181EE4912381881455BEFBC1D1D60F7479ED06E02B04449AD78045DEEE9D2DD623DA50461CE13705F86ADB45F877CA4C49B4687ED2662329F0C51078A
Malicious:	false
Preview:	.PNG........IHDR.............5.B...\|.IDATx...PT..._.M.V.J%..l\|""...T..........UD..Ut...j01....".x+^.e6A.DEQ....t.D<.<..........1.1..e..U}5........Z".. .. .........r..~\B.L..W.$%%.a..T".7..[.....5r..=..$ddd.I.A...h.Y..u_.&.........h..x}.....a.)'O.\|G".7.c.'..}..)..r..^....../..A."11.s.7<E?.."..M.h.......LIIq........S......1A,((..........t.,.....%. .....w....JE.qKo....Y.......Brss.........L......../>...."..Q.l.y...k....A.Wf.../Xrr2...QFp.;{.>q..$. ........ k.a.PQQ.....2.6....../.D]....^.^{0....P.W.\.Vp.......}..d._...?..U. ..d.m.x?R.>...>.<y....bw..*.o..}.2<v...0o.N.%..K...d...#.Y..'........V.G...T.^.z......?...p:.<x.;??.L........)...7E.a$W.^e.=c`.D.U.._.A7..'.Q"....L...P....@iI...ry..VZX.......G.?U..9u..{.A.NEttt...J..2.1...<..6.W.7.....#..........a.&_.~..D..M.n.........X.z.1??....3...U9...'.H..y.x.g..>W.......:...u..~.........j....}.$K.Q....D.....;w2...SME5.1....Y..XR....U5........s.??..=....c..?.b0..."\.v...e....-._\|\|:..~

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ALL5000.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 610 x 184, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	26778
Entropy (8bit):	7.9793124077907995
Encrypted:	false
SSDEEP:	768:XGs6Mg9EOFnW5tajt970IPYQZVzQlx3QAUJILVH7I1+1Q:XBlCjYIPfJQrpVH7IQQ
MD5:	0FD400A9A301BD879F6EFDBB562692CD
SHA1:	ECE070AD6C8B22905E8F9CD23A7408A5EE2B37B8
SHA-256:	508CD2C8AE0EFDF6CF4BC22B4FEC49AB0119FBBBF69E89792D7D3C15FC8FCE5C
SHA-512:	4D14E4475C171A54E5F8372F2508E821A23DDFCBBCB68BC79A6416FE46B6AA91932CCE56165C72CDB3C85A8E8627AE2820D49CCCBC3EB001662051CAD926CF95
Malicious:	false
Preview:	.PNG........IHDR...b.........@l....haIDATx..].u..gV.A.B....M.K..j..fS. Y.4..10=. ...0...LBPR..l...l0it...`..`-...E..D...{.......\...h...?....._.....1.g....\.....g....Y.{...7.v.m._j...=7......U.{.G.cn..6${W.n.bc......m.>....]q..V..?..Q....>.....5..)./..........ko..m.......:.s............3.0/..Z;.>.........lO.>Hc...)\|....I..,.>E...h{...Y.}..d..2........;........+.X..={...o~v.k\......m...K..>5#b..(.C..)..v.6\k.....c...F.b..@..3....#@.\..5D..-0:. ....\|wd..1@.L.md6...~q.....d.4....>.L.^)....~.bN.sf..`o{.....sX.&..gXp.9g...`^lMHP..23F...#^.>G....<..........9;;.....~..?.[.~..:.. .XBt.}......S.,.."cR.5..Jc4A.."....S..+.Q..#VfP......<;....:...m.Zf....2.{.\..\.n...r.f.F....w..2.......P3[..3W.t...6.No.........>......k....w}.P..'....K.A........M#....( . M.i......k"ns..U!n. ..$..Q!J.p.....,5....!.`>{..`-p....H.R..\E....s.s(..8..8....^}.$.....4.......}..U.{..@...uc`....k..O..c.]d...<..5kV.1lz........,......U...9)....5.50.+.`.Q{..Val.... .4>.O.....}.*!`....

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\allnet_logo.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 170 x 75, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5302
Entropy (8bit):	7.851904886202366
Encrypted:	false
SSDEEP:	96:q6kn3S2AsFuQeJyo8edWAtXjDJDoHgktfIM8hfyGzNtr/c4yZ0zf:5kngyWXtvstfIM8hfyGbrE4d7
MD5:	AD4E67D4CC281201CC90D82CBB0964F7
SHA1:	B89DA983548BF43A05616746F47AA9D53697ACCA
SHA-256:	973FCE1B8466E346BE7F0E27CE73EB09CCB661BB6B8FC0B86C6AA96A75D1C3FF
SHA-512:	96EA60743CFF3A060CD05ED1A8B42B538FBF8DBCE033C39E7B727639E80C75B58E3E52D0C3D28094317DD4AB665B29821EDE5439C4F0CA111636821228E48370
Malicious:	false
Preview:	.PNG........IHDR.......K......n......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmpMM:DocumentID="xmp.did:1043A7A222EE11E08FF1A9FC37BACAC1" xmpMM:InstanceID="xmp.iid:1043A7A122EE11E08FF1A9FC37BACAC1" xmp:CreatorTool="Adobe Illustrator CS3"> <xmpMM:DerivedFrom stRef:instanceID="uuid:F4F79ABB4169DD11B663BE98286B9AC7" stRef:documentID="uuid:F3F79ABB4169DD11B663BE98286B9AC7"/> <dc:title> <rdf:Alt> <rdf:li xml:lang="x-default">ALLNET_black</rdf:li> </rdf:Alt> </dc:title> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end=

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\allnet_logoB.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 170 x 75, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13232
Entropy (8bit):	7.962135712764832
Encrypted:	false
SSDEEP:	192:NSDS0tKg9E05TacdBMlJ9yKECm11e17vG2dGWISJ8PVA2WVk+sYeTMi5cD60EiOE:MJXE05X7d57+RJiAnk+shRclONoS4
MD5:	F6AB3D63D818E384E47CC227F7727307
SHA1:	03029F0A350771B90A47469FCC9629F193430222
SHA-256:	BCAC1ED039FA604E789738C44E5600DC5FA04588B92CC76A0D42C3CB4F51B0DB
SHA-512:	32B4F8E51A23442291D868AC89A8665EE724527C819DFE70CAB671D1D1121758F4F18048106C8AD793945F455338BFD6DE137AAF12EF71E294A577D9602DB221
Malicious:	false
Preview:	.PNG........IHDR.......K......n......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\allnet_logoC.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 170 x 75, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13361
Entropy (8bit):	7.962941464143502
Encrypted:	false
SSDEEP:	384:MJXE051AlDcf0zFAXEuz5ee6T4mOJh43rmNz6D0:4351Alo0zFAf1Z/4iUo
MD5:	7A64BD6446D41BEE47BDDB13009AC63A
SHA1:	5BCF5D9EEB918B7D78A23A082C417FD444642FB3
SHA-256:	30DE5E1BEF206156F2DE21ED3B88810F63B0C4E6DDCAFD6F39AB71E558ECC4EB
SHA-512:	648F1FC48F9090CE90657924F07B455F64658050D14A71D77E0A9D80C0152FE290AF3DFF9833E1DA5983C22B8A972E697938F954379408E042742EC0C4A8902C
Malicious:	false
Preview:	.PNG........IHDR.......K......n......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\back.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3061
Entropy (8bit):	7.873207113423318
Encrypted:	false
SSDEEP:	48:V/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODHLqvTw:VSDZ/I09Da01l+gmkyTt6Hk8nTubw
MD5:	0A8B44F30BDC8A92AAF0AC84EEBF7D72
SHA1:	92CA8726E23223C452373207B04D5CBA22E0D83E
SHA-256:	6B08842C2376C175C8276552F23E6064BC8B7F5BDE7E8A4138A6A3E2F0D0E71C
SHA-512:	89A44F2286174E9F86A72CD3DAC912858BDD6426FE657944F01921D3C94CF8522B76FE47EC0F791968B53DD83CBD3E07E53732A21A963800224DAE013C1606AA
Malicious:	false
Preview:	.PNG........IHDR.....................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\canvas_types\linear_h_bar.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 140 x 51, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	11059
Entropy (8bit):	7.981443100462435
Encrypted:	false
SSDEEP:	192:SD8D1tvHEpopXVhK6h3cqixivhNkCdpNpaCde67zd53ix9j/rHTyImtU6r1B:C8RSC1VKszpl48zM9HHTyHD/
MD5:	A4F2177C1F208769C663F489CBB4F371
SHA1:	3276690D5AA7284FCB1E6669BB06F2DC300D5F61
SHA-256:	C3D50560F155B9699D0FFE889C06481A869BC1FA65633832E68FD1E4054BBF80
SHA-512:	D0E0C69F6D1DEDFEC6B5085A57A2C6808E14CCF2CB340F5CF15F91BC15E4154868B29A12C104C7B269A201903B50D8021C4F7EB6B81EA4730CA3AD7E8B9DC19B
Malicious:	false
Preview:	.PNG........IHDR.......3.....E\......iCCPICC Profile..H....PS...{..-...{o....J.ATB.B(!......+..TDPY.E..W..Z.Q,,..,.,.X...w.Gx...y.N..7g..s.w.9..kYBa,.@. S...I_..K......8`..Y...GHH..[.x.@3.......W..p3..@!.'p2.i..A.N.P..........p..4.R .3..3.0.Gfs"..n..Of.D<.H.H....!:.?...p....4.].I,.........p.......7...&...\/....g.SYk...........3R......Y6...>.I\f.<.3=......#.Y...1.).\|A.`.~.W.<.$ED.3...3..0I~FV..B..yNf...3K4..,sS...j...)H]".%Q.+..f,...../a.....}..~E....!.M.8Lr.\A.D....-..\ .....@........gr.3g..J....yI.t.d...t..mnJ.....335......H...[......s!.....U..2.bF..P...g.EYs1.......2.E..C`.Tg...;... .D.....A.H."........`/(...0..'.)...K...z.]....Q.....`.. .D...2...A&.5.\!.(...b.x... 1..m........._...%.:..=...1....F.d........=.@8.^...Up.\.o...j.8.._.o.w.!..<..(.J...2C1P^.`T,*.%B.G..JQ..T...u.5.z.....h:....GG...U...m.rt-......F...c(.5......,..0.1..RL...s.s.3....b...X..?6...]..=.m.c..#......3....q,\&....w.w....}..xk./>./...K.........)..A..D.&p.k.;.G.m.[.Q.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\canvas_types\linear_h_std.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 140 x 51, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	9886
Entropy (8bit):	7.9738391950272245
Encrypted:	false
SSDEEP:	192:SD8D1tvHEpopXVhKvijOUCyrD22kSJa3rxfNIgnAEFMhSPY9iS1va:C8RSC1V8u+yaVfNIgnTuIana
MD5:	DFDDE170F9DABCB47776AAC591542A32
SHA1:	DD0D6A77143E719C12A46203A79EBCF608A276A9
SHA-256:	A23A6DC49BBA56721505B71A88624A220DF1592839006170738618CDB67B069B
SHA-512:	8DE8886EB2739A614A249CB4B12C5A0ACD8C1DA6371C72B938501B55CD6E0D7177A159FE9E59FAEEEFD0548BCCABFA5FCFD76BB0893CDC542A0E7C99DDFBD565
Malicious:	false
Preview:	.PNG........IHDR.......3.....E\......iCCPICC Profile..H....PS...{..-...{o....J.ATB.B(!......+..TDPY.E..W..Z.Q,,..,.,.X...w.Gx...y.N..7g..s.w.9..kYBa,.@. S...I_..K......8`..Y...GHH..[.x.@3.......W..p3..@!.'p2.i..A.N.P..........p..4.R .3..3.0.Gfs"..n..Of.D<.H.H....!:.?...p....4.].I,.........p.......7...&...\/....g.SYk...........3R......Y6...>.I\f.<.3=......#.Y...1.).\|A.`.~.W.<.$ED.3...3..0I~FV..B..yNf...3K4..,sS...j...)H]".%Q.+..f,...../a.....}..~E....!.M.8Lr.\A.D....-..\ .....@........gr.3g..J....yI.t.d...t..mnJ.....335......H...[......s!.....U..2.bF..P...g.EYs1.......2.E..C`.Tg...;... .D.....A.H."........`/(...0..'.)...K...z.]....Q.....`.. .D...2...A&.5.\!.(...b.x... 1..m........._...%.:..=...1....F.d........=.@8.^...Up.\.o...j.8.._.o.w.!..<..(.J...2C1P^.`T,*.%B.G..JQ..T...u.5.z.....h:....GG...U...m.rt-......F...c(.5......,..0.1..RL...s.s.3....b...X..?6...]..=.m.c..#......3....q,\&....w.w....}..xk./>./...K.........)..A..D.&p.k.;.G.m.[.Q.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\canvas_types\linear_h_the.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 141, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	11513
Entropy (8bit):	7.974201880014193
Encrypted:	false
SSDEEP:	192:tD8D1tvHEpopXVhKCvWxTbw/lKFrr5ikZ9HGZnU2bzlQm8HyoP7cHDnlj/M4c1Ho:98RSC1V31lKFP5HZ5ylf8Hv7cqvGWu
MD5:	0CF2564AE2796AF7449928A2EDBD0915
SHA1:	B9ADBB0C7222097E00740A0E2250AC9D85594C5B
SHA-256:	A5AD9A6193BDCFD4000147D0C2AE0F90768A9186294D108B63D61233D82D810F
SHA-512:	729EF6935F88383784DA065A9D2C010367BF5D5CFC78419F7E663D70CC5FC7986EA7E4505FFD996D7C6685907BAAC6B0A8FA1BD76ECAB9D40E99CA7F9B74FAC9
Malicious:	false
Preview:	.PNG........IHDR...2...........).....iCCPICC Profile..H....PS...{..-...{o....J.ATB.B(!......+..TDPY.E..W..Z.Q,,..,.,.X...w.Gx...y.N..7g..s.w.9..kYBa,.@. S...I_..K......8`..Y...GHH..[.x.@3.......W..p3..@!.'p2.i..A.N.P..........p..4.R .3..3.0.Gfs"..n..Of.D<.H.H....!:.?...p....4.].I,.........p.......7...&...\/....g.SYk...........3R......Y6...>.I\f.<.3=......#.Y...1.).\|A.`.~.W.<.$ED.3...3..0I~FV..B..yNf...3K4..,sS...j...)H]".%Q.+..f,...../a.....}..~E....!.M.8Lr.\A.D....-..\ .....@........gr.3g..J....yI.t.d...t..mnJ.....335......H...[......s!.....U..2.bF..P...g.EYs1.......2.E..C`.Tg...;... .D.....A.H."........`/(...0..'.)...K...z.]....Q.....`.. .D...2...A&.5.\!.(...b.x... 1..m........._...%.:..=...1....F.d........=.@8.^...Up.\.o...j.8.._.o.w.!..<..(.J...2C1P^.`T,*.%B.G..JQ..T...u.5.z.....h:....GG...U...m.rt-......F...c(.5......,..0.1..RL...s.s.3....b...X..?6...]..=.m.c..#......3....q,\&....w.w....}..xk./>./...K.........)..A..D.&p.k.;.G.m.[.Q.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\canvas_types\linear_h_thm.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 140 x 51, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10307
Entropy (8bit):	7.973927006410214
Encrypted:	false
SSDEEP:	192:SD8D1tvHEpopXVhKKgEphMAjWnkdS7BPQtIjxz9KiaX9t8rJ8Q4jmd:C8RSC1VPX6WOBVjSzS8QX
MD5:	D9D084B9701DCD072DFD55496EF9533F
SHA1:	EF9F4F9E4588FFE14EA31E9B17C6DFC3981AFD79
SHA-256:	1F4066A80B8DCDF189A432D525AC4B5DB38F231994B0CDC76A413B445DEF60CF
SHA-512:	A9AEA3F6B85702D697E9939F0C415D42C24EC0C7E8F30DD6950144CC0192B6913DE13C4797AF2BAA07B2FE7E7A36A3FBEAD47E122A4C21E035274CF5F84E5494
Malicious:	false
Preview:	.PNG........IHDR.......3.....E\......iCCPICC Profile..H....PS...{..-...{o....J.ATB.B(!......+..TDPY.E..W..Z.Q,,..,.,.X...w.Gx...y.N..7g..s.w.9..kYBa,.@. S...I_..K......8`..Y...GHH..[.x.@3.......W..p3..@!.'p2.i..A.N.P..........p..4.R .3..3.0.Gfs"..n..Of.D<.H.H....!:.?...p....4.].I,.........p.......7...&...\/....g.SYk...........3R......Y6...>.I\f.<.3=......#.Y...1.).\|A.`.~.W.<.$ED.3...3..0I~FV..B..yNf...3K4..,sS...j...)H]".%Q.+..f,...../a.....}..~E....!.M.8Lr.\A.D....-..\ .....@........gr.3g..J....yI.t.d...t..mnJ.....335......H...[......s!.....U..2.bF..P...g.EYs1.......2.E..C`.Tg...;... .D.....A.H."........`/(...0..'.)...K...z.]....Q.....`.. .D...2...A&.5.\!.(...b.x... 1..m........._...%.:..=...1....F.d........=.@8.^...Up.\.o...j.8.._.o.w.!..<..(.J...2C1P^.`T,*.%B.G..JQ..T...u.5.z.....h:....GG...U...m.rt-......F...c(.5......,..0.1..RL...s.s.3....b...X..?6...]..=.m.c..#......3....q,\&....w.w....}..xk./>./...K.........)..A..D.&p.k.;.G.m.[.Q.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\canvas_types\linear_v_bar.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 49 x 141, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12186
Entropy (8bit):	7.978171887991084
Encrypted:	false
SSDEEP:	192:kD8D1tvHEpopXVhKwlVce3iSSYw6DcGZDJ/34DAM4p27vsNLWUz89Rg5B9StWc1W:Q8RSC1Vhj3IYlcSM4A7KLpz87gj9dGpY
MD5:	7C089A79B4FB56467B9233287391087B
SHA1:	9058DE4D295BC4045048AF73F55A28B4323EC4B7
SHA-256:	7517E8CF346895DD0367B24151482A8348DE54522F3C9A31FDA5D41C392C67D8
SHA-512:	1CC6934D63B6AC2BB19FA4EA11D0FE838E03D35A16DD86F402906AE1667E5534C496793CFB8C4AA8851E164BBAEE105EA9C065EB15F7C9FAC743626BE340772E
Malicious:	false
Preview:	.PNG........IHDR...1.................iCCPICC Profile..H....PS...{..-...{o....J.ATB.B(!......+..TDPY.E..W..Z.Q,,..,.,.X...w.Gx...y.N..7g..s.w.9..kYBa,.@. S...I_..K......8`..Y...GHH..[.x.@3.......W..p3..@!.'p2.i..A.N.P..........p..4.R .3..3.0.Gfs"..n..Of.D<.H.H....!:.?...p....4.].I,.........p.......7...&...\/....g.SYk...........3R......Y6...>.I\f.<.3=......#.Y...1.).\|A.`.~.W.<.$ED.3...3..0I~FV..B..yNf...3K4..,sS...j...)H]".%Q.+..f,...../a.....}..~E....!.M.8Lr.\A.D....-..\ .....@........gr.3g..J....yI.t.d...t..mnJ.....335......H...[......s!.....U..2.bF..P...g.EYs1.......2.E..C`.Tg...;... .D.....A.H."........`/(...0..'.)...K...z.]....Q.....`.. .D...2...A&.5.\!.(...b.x... 1..m........._...%.:..=...1....F.d........=.@8.^...Up.\.o...j.8.._.o.w.!..<..(.J...2C1P^.`T,*.%B.G..JQ..T...u.5.z.....h:....GG...U...m.rt-......F...c(.5......,..0.1..RL...s.s.3....b...X..?6...]..=.m.c..#......3....q,\&....w.w....}..xk./>./...K.........)..A..D.&p.k.;.G.m.[.Q.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\canvas_types\linear_v_std.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 141, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	11068
Entropy (8bit):	7.9769475370694884
Encrypted:	false
SSDEEP:	192:tD8D1tvHEpopXVhK3m7vmHifs4+qZ/duqrVxA816Xu1j0gkOD2OUxsAOB:98RSC1Vam7vmHi04j9A4E816Xu1wG2ba
MD5:	5126B96BDE984EB228A634C925CE3955
SHA1:	CCC1ACB0505160B0DB3D290D2F8D625D53F56A2F
SHA-256:	C02926F7B1E8357BD13016052E01491E7790FD578C22E184722EF9AD5D8C1D3C
SHA-512:	F166023F9E141819050902526FA2FB054F54D6FA3BDFB35CAAD36236D8B26354A3DFF3D39386B4F00F80D56D218DFFDF9D17F9D0AAEA96D0DC5CA4447797C487
Malicious:	false
Preview:	.PNG........IHDR...2...........).....iCCPICC Profile..H....PS...{..-...{o....J.ATB.B(!......+..TDPY.E..W..Z.Q,,..,.,.X...w.Gx...y.N..7g..s.w.9..kYBa,.@. S...I_..K......8`..Y...GHH..[.x.@3.......W..p3..@!.'p2.i..A.N.P..........p..4.R .3..3.0.Gfs"..n..Of.D<.H.H....!:.?...p....4.].I,.........p.......7...&...\/....g.SYk...........3R......Y6...>.I\f.<.3=......#.Y...1.).\|A.`.~.W.<.$ED.3...3..0I~FV..B..yNf...3K4..,sS...j...)H]".%Q.+..f,...../a.....}..~E....!.M.8Lr.\A.D....-..\ .....@........gr.3g..J....yI.t.d...t..mnJ.....335......H...[......s!.....U..2.bF..P...g.EYs1.......2.E..C`.Tg...;... .D.....A.H."........`/(...0..'.)...K...z.]....Q.....`.. .D...2...A&.5.\!.(...b.x... 1..m........._...%.:..=...1....F.d........=.@8.^...Up.\.o...j.8.._.o.w.!..<..(.J...2C1P^.`T,*.%B.G..JQ..T...u.5.z.....h:....GG...U...m.rt-......F...c(.5......,..0.1..RL...s.s.3....b...X..?6...]..=.m.c..#......3....q,\&....w.w....}..xk./>./...K.........)..A..D.&p.k.;.G.m.[.Q.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\canvas_types\linear_v_the.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 140 x 51, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10307
Entropy (8bit):	7.973927006410214
Encrypted:	false
SSDEEP:	192:SD8D1tvHEpopXVhKKgEphMAjWnkdS7BPQtIjxz9KiaX9t8rJ8Q4jmd:C8RSC1VPX6WOBVjSzS8QX
MD5:	D9D084B9701DCD072DFD55496EF9533F
SHA1:	EF9F4F9E4588FFE14EA31E9B17C6DFC3981AFD79
SHA-256:	1F4066A80B8DCDF189A432D525AC4B5DB38F231994B0CDC76A413B445DEF60CF
SHA-512:	A9AEA3F6B85702D697E9939F0C415D42C24EC0C7E8F30DD6950144CC0192B6913DE13C4797AF2BAA07B2FE7E7A36A3FBEAD47E122A4C21E035274CF5F84E5494
Malicious:	false
Preview:	.PNG........IHDR.......3.....E\......iCCPICC Profile..H....PS...{..-...{o....J.ATB.B(!......+..TDPY.E..W..Z.Q,,..,.,.X...w.Gx...y.N..7g..s.w.9..kYBa,.@. S...I_..K......8`..Y...GHH..[.x.@3.......W..p3..@!.'p2.i..A.N.P..........p..4.R .3..3.0.Gfs"..n..Of.D<.H.H....!:.?...p....4.].I,.........p.......7...&...\/....g.SYk...........3R......Y6...>.I\f.<.3=......#.Y...1.).\|A.`.~.W.<.$ED.3...3..0I~FV..B..yNf...3K4..,sS...j...)H]".%Q.+..f,...../a.....}..~E....!.M.8Lr.\A.D....-..\ .....@........gr.3g..J....yI.t.d...t..mnJ.....335......H...[......s!.....U..2.bF..P...g.EYs1.......2.E..C`.Tg...;... .D.....A.H."........`/(...0..'.)...K...z.]....Q.....`.. .D...2...A&.5.\!.(...b.x... 1..m........._...%.:..=...1....F.d........=.@8.^...Up.\.o...j.8.._.o.w.!..<..(.J...2C1P^.`T,*.%B.G..JQ..T...u.5.z.....h:....GG...U...m.rt-......F...c(.5......,..0.1..RL...s.s.3....b...X..?6...]..=.m.c..#......3....q,\&....w.w....}..xk./>./...K.........)..A..D.&p.k.;.G.m.[.Q.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\canvas_types\linear_v_thm.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 141, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	11513
Entropy (8bit):	7.974201880014193
Encrypted:	false
SSDEEP:	192:tD8D1tvHEpopXVhKCvWxTbw/lKFrr5ikZ9HGZnU2bzlQm8HyoP7cHDnlj/M4c1Ho:98RSC1V31lKFP5HZ5ylf8Hv7cqvGWu
MD5:	0CF2564AE2796AF7449928A2EDBD0915
SHA1:	B9ADBB0C7222097E00740A0E2250AC9D85594C5B
SHA-256:	A5AD9A6193BDCFD4000147D0C2AE0F90768A9186294D108B63D61233D82D810F
SHA-512:	729EF6935F88383784DA065A9D2C010367BF5D5CFC78419F7E663D70CC5FC7986EA7E4505FFD996D7C6685907BAAC6B0A8FA1BD76ECAB9D40E99CA7F9B74FAC9
Malicious:	false
Preview:	.PNG........IHDR...2...........).....iCCPICC Profile..H....PS...{..-...{o....J.ATB.B(!......+..TDPY.E..W..Z.Q,,..,.,.X...w.Gx...y.N..7g..s.w.9..kYBa,.@. S...I_..K......8`..Y...GHH..[.x.@3.......W..p3..@!.'p2.i..A.N.P..........p..4.R .3..3.0.Gfs"..n..Of.D<.H.H....!:.?...p....4.].I,.........p.......7...&...\/....g.SYk...........3R......Y6...>.I\f.<.3=......#.Y...1.).\|A.`.~.W.<.$ED.3...3..0I~FV..B..yNf...3K4..,sS...j...)H]".%Q.+..f,...../a.....}..~E....!.M.8Lr.\A.D....-..\ .....@........gr.3g..J....yI.t.d...t..mnJ.....335......H...[......s!.....U..2.bF..P...g.EYs1.......2.E..C`.Tg...;... .D.....A.H."........`/(...0..'.)...K...z.]....Q.....`.. .D...2...A&.5.\!.(...b.x... 1..m........._...%.:..=...1....F.d........=.@8.^...Up.\.o...j.8.._.o.w.!..<..(.J...2C1P^.`T,*.%B.G..JQ..T...u.5.z.....h:....GG...U...m.rt-......F...c(.5......,..0.1..RL...s.s.3....b...X..?6...]..=.m.c..#......3....q,\&....w.w....}..xk./>./...K.........)..A..D.&p.k.;.G.m.[.Q.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\canvas_types\radial_bar.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	14069
Entropy (8bit):	7.976962397871439
Encrypted:	false
SSDEEP:	384:AoD6sREOc3CKKuP25bQNRA7GH8hWWtpHS:AoD6uE9zP2FQNR8hRrS
MD5:	E3DE6C624BB6971BE303BA029688D8E4
SHA1:	6973CA054BDB6EEA1136F78F7C4D25251C8566D4
SHA-256:	954074D2503DF565DB4430F9F7FDCF212017F18396DE5796283739831D4557AC
SHA-512:	CE769B41FEA3AC295A100048D457766E84FC6AFF2BE48819116AE38A6B9BE1F323CFFDBB0A282CB2C314B46BCC62501D2082E71A66E90F6733D715FF237A82E3
Malicious:	false
Preview:	.PNG........IHDR...Z...Z.....8.A... .IDATx..wXT..?.{.\...$.)V@..BQ...( ..bAE%....M...QEA. .........a...b.b....S.FLLv.>..{].u?.Y.3..ZSX.@..([.n}.H$........d29.td.,).R...G%..S&..'.H..UU...f@.R.)..>.P....<**.<....L&..H.C....D".l........."....D.C&.CN....KM}....RP.l:.........[....?.Qo/..x...>.........hoo.Z..g0..ccc.d29.D".!.......o).w.~.H$:....E...K...2...W.L\a0.Ag".JG......\...f4vv....A....B.?6.........\.2##..L&...D..w..G...."..!.L^z..IzRf...2.8.as... ......4..\....)..(...A?y._..........\|>.idd$.L&/%.....\|..B$.?...^u"Bp...k,..<\.........U&[.........T$..J.YC#.::.....+p....R.\|y..yApp......H\|.H$z.EEI.....8.(..P.. ..7..eW"..A...L...YL6..b.UU..7hA........W..}...b"..I$......Q!...d29%-'.y1..R..%B...B-h..y.A.9l...@_ahAg2X(...T. .o@]{.:..y..)._.n.....O!.........D.?..k..H..L&.OI..Og.B"A.X.2...Z....k.\|.].3i..WrA...9.^;....r>.&.WV....B..&...r.._U.Q.wvv..w..={..`.X..........6.L.I$.?....)AAA_.H....>.D..T..Tj...."...<.+.G...\|&..Lz..U.q..\|vQ..[.\PY.Ae...b....E.......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\canvas_types\radial_std.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12325
Entropy (8bit):	7.976222504470602
Encrypted:	false
SSDEEP:	384:TSx13WySbSHUhC9JoEFc92T0ld6h08szwJQuq4:o13IhC92E9sd6m8szwJQH4
MD5:	BF7DCC6EE8679E1B5EFA41C3860B7E2C
SHA1:	06CAA46D541D96349433A2633B6D193893E932D9
SHA-256:	CEBF081D8FF3684805CF466B2850B2B6D9A6E6BEDC0F048829037602A0F7C95E
SHA-512:	5A2DDE3613B7E7C0EA578BFAF8545CA4BA716F48458BE1F9E32F5B973B7CCC143BAAC495659D20FA7343F5BCD9F0457E7E6CA632194BE1E93FDA0E9DFE581F87
Malicious:	false
Preview:	.PNG........IHDR...Z...Z.....8.A... .IDATx..}gt[..3...G.Y.^V2y....ef..e.%...e.X...V.%[..bu.X......N.`.;.F.J.^..Eu..%J$...... (.-..k}...g.}...q@..qq....;..`0~.d2_$.". .^JF.....?..zC$..V.ts..m..........3.r...f.m.NwC .....:...X..L&.E.....;v\|...7z1..GX,.r. .I)i....k.....\|...j..N..]...a`\|.............9....B.}..u.......T.....&. .,.k9..x..._..g.w....l6;53/...l.=N...J5jUj.(...h5.!.;`.....D...&.]..=?.Sd.k.=77...q8..{555=.A.1..'.....oZ...b0..'....$ei]..........:4ht.SiP....P.Ig@......W.@X.[..+.R6....<&&&`4.ogdd(..x..`\|....K_....&..>9=.T..<.....}'.u...Z.UkC...O..Y..b..:....~.c.>B.^..`ff.n..^aa...d..oy.0..o3..?.ff.xm.9.N.v...N..:...MZ=.4:...Si...Wk!4[..xa....}...?@./...+...2..?1..o...=..`0~A.D...iV.i..l..l..d..m0.....Q.......u..f....z..3:......-.....8...o.j........oZ.%/...=. v.UT.oS. ...a.Ab.RB.].<>...#.S. ...0..u...N....v.;.V.^j6.f.Qa...N.....}.....W.\..;w.\|...&m.ojj.....A.......i]#..'N...bU...sr..r..2.....j...~.q....M..T...j.N..m.......I/.I/.. ..n....F.`.S'

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\canvas_types\radial_v_std.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10942
Entropy (8bit):	7.972139011084272
Encrypted:	false
SSDEEP:	192:O2AZsVlXhxu9ZDs20vge3pKTSnyVzodWfxuH7PMVVItss2G+SufP+4VGL0j91+f:O29dxljz4o2AH7kXItmyQPBVGL0vi
MD5:	18D6D355F79140E7D3EBA1198CFFA4C2
SHA1:	74BACBB60422DC43210E2F1046F297CF84F3A295
SHA-256:	EDF0FE4BFABCFFDFE5A76B2ECBA3CAEEDD0EDBA172ACB55EE1D5B0033A7EAF15
SHA-512:	ADC0B48D578A84F527247D2F1075E9458D141D5ED25183A8F33F2D4848BB754B3FA464CC4D265633F8129B083EAD0963F0ECEAB27A654737E3E0CD62BD8285FD
Malicious:	false
Preview:	.PNG........IHDR...Z...Z.....8.A... .IDATx..}w\|\...m.e...d....M.HB 8!..m.I(.x..`C..1.7....z.-Y..>..{.M.W..M...13w.F.L..w........}.3g^Y..^.....y......d>E..^.$+.....e.u--....5.F3m.Zg\....u...N.s.d2].h4..\...'.$IV.X.}L&.). ..y.>..>. ..X,.2.$....%%..jkg.9\.....0.....G.......)\.y.....].......1<<...;.P(.ggg.I.d.X.e.A..Y...\[.n.2A.K.lvJ......[em<T..V(Q%W.RG.........Wo.zF.0v.LX..".............UUU.I.dA.K.n....Z..."..k$I....(/...V%..A.A.Z.z..5....A.e.4jt.Ym.z}p...z..B.g..............t9I./....Z..\|..q...\...f,mj.nRi..Y.G.F..Z.:.:...T...Si 0[..xa..A..(Fo#.....SSSp.\.N.8ad2...G.+.A\|. ..R22....i.F.6......z.%t.Z.z...J5j.*..k.j.L.......B.>.....a..z..yyy.. .#...~.....1I..e..7xz..&3.&3xFS@h..-....j..BW+.B.(Th3..t.a..F...FO..#t....<Z..]....r..f......Z.y/. .B.....r..V+D.+.f.%t.....v\|D..52.xZ.dF........^.0.e..Vl2h.&.Af.............3.......}..........p..S$In!..+....W\\.},......Zm....l.........s......J..Jy.Z%0.5\.A..1.7.Z..Z.L:..t;...0h.#z..e..~..wrr.7n.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\check48.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	3146
Entropy (8bit):	7.87217875061893
Encrypted:	false
SSDEEP:	48:f/6eAZiItGsXxFTfckJ+0HlqgW0L8kcZ+s+N7xd/M9DgWuN47WbsGJCHk6:fSeE3tGsH3hFysjsM/ODgX47638Hk6
MD5:	788FF7685C0398819E9567A46DA539B5
SHA1:	D97BEE8CB67AC475C848E9DCF758A95162F747A1
SHA-256:	E988F6B689F6A4CCFCF7843640EB3854D520C346CC2B69ACBB03002D0D8174DC
SHA-512:	502609467BC773109850D995B3BC8C1297B132D113E2DF9373B81C60734D2D9DEDDF6240AB6F7993CE3E329B6D6BE08AD83BE5E0ECEAA4D84209D82FF0A26144
Malicious:	false
Preview:	.PNG........IHDR...0...0..... .......pHYs.................gAMA....o3..... cHRM..l...ro..........n....A..1t...l..-.....IDATx.b...?.6....6......`.\..B\|...^^e`...?C...O.?d...e...;C[..F....../10000<y.av.uF........3....!w...d.......b$.UkOv.?sk7.........:..12..+...Z.................)..$..........add.8......Va..`..........;..f```.....v.....````hZ.._YN.....%BCb.v......Y0....\.....j..A<.'.a.Y.i...o..0L.8.,...>... 3.....?........Q.C4022.300.000.100.1000200<f``x........;L.......S1K.`.}..@@W],.. 6K. ..%..........E$.:Fq.... b.d..h.[411....K...z.q...w3I..........B@....U._/........l....o..~@.4wc^..pk.u..(.W..2.t.....@j...b.............2.t...m.......+...grC....S......a..\|.".).\.~.!.)..uk...A..p;..,....a....J....{Xa.........G9....7..&J.....LH.^H\|TL<..x.0.......E0...#.....V.r.p.p...[.....MO.......j..NLdh...H..E..8E.K}.U.f............I..h..'.w.o....~}.....7o_>>...V...D.U.{..?.u.>I...V5e.e(h.......p...Ss...c.....^.S."Vf6.{..3<}.J.....?.Oue=..?.`u.._.n].uvy.-.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\color.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	892
Entropy (8bit):	7.7040345843086895
Encrypted:	false
SSDEEP:	24:u+S/84VEGIAozn2ruhv+lJ5R58ERMa8FMD+M:uD/8IlxoyCvsJ5Ru6MJM7
MD5:	E83E9461DE67B11DF1C5DBAFB3CE3B75
SHA1:	4EFEA6C27E5C057954FEDE742E7FF8FD5BC0F4CF
SHA-256:	1B4E7F9926445CDDA25E2B1260DE815260C966C234605BECDE67A66433A77EEF
SHA-512:	F6DC6AE6C1181BC481C56846548A2D238090676A1C2B5BA856906DFBEA607896313D8D9A6E62EFFE81BBBD74CEC095523C0431E7C120403EAF85047AF31160E0
Malicious:	false
Preview:	.PNG........IHDR................a....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDAT8.U.Mh.e...o.....o.v..+./4...`...P...E.^..O.). x."...D.z(X...E..i)H 5..g..&.......<.H..{{........UG.x..DtyZX3S.....F4.{T...z_...~.!..Xy..>8..-=..g6..9.!....:....}...gV..{.L...@..1..;._...0\|....q.$....6..C.-......+.e...IQx...gcs.G.m."J.....#...\G.-D.E.....+.,.(.#..".W...p...!G..6!...!6.....2z....i..o..../e42.<gd.V..>iB..$..B.."...4..`..z.0rx.^..5i..l>6...b...E...`.....t.~..w.]..W...mr<i$...6..0.........(.P._.\.....T#Ah..]......:..^....V.A...=\|.d............M.....S........n..6.K:.e.A. .;.....J.~].3..A....$.k..).oA.I.........5........gu.hJv...a@..GA.#H7.Pk.#.....@.+M]2..w.O....h" .....P..&..+G...M+...E:..{..u.@...+..?..g.../Fh.....A8.^..U.uu....G).O.9....o.7_>.wf..3.4H....&\.._..3...f...u!\|Dp@T....4...PS#.....P.<.uyI..<....9U.v.z.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\colorpicker.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 192 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	4739
Entropy (8bit):	7.86815294006297
Encrypted:	false
SSDEEP:	96:mQUgDrdDr6EeGBbcGIpB3ojefBqPlta2Sa4hxZx1NRjR:AgDrkB0Ipt8PlgaEd
MD5:	500A0EC9D51DDF89596EDBD785ED7180
SHA1:	B2275D7C8893765EFC91A3AEFA532DCD19AC479C
SHA-256:	D21BC1A8143FD41E13AB4486DB6850E7AC0499A1F9D5BBEB8FC15F5AE9544BD5
SHA-512:	05AF65B635648459F4230826853653D7BC60A326CED6FCFAA6A3491C813BEB9EAA521646A5B4C86BF65880F83C738741E9D1C1D9CE6D075431980469CECA4DEC
Malicious:	false
Preview:	.PNG........IHDR................<....tEXtSoftware.Adobe ImageReadyq.e<...%IDATx.....(....7...hIn._...j..q.Z].....!..........T.s?x..........}..'.#.s!.J.L.O..%.'e........<B.}.(P..{...9. ...1.?k6._..W..P.@Q...R{..J!.F4\|...hT.g......,d.`}...`...o^r'... ..z_...Qu.t........Ua<nO..4.@k@....J.j..[X...2q.6....A..........^.....AI...C...}\|a@?.p........9I..E{&.l.B.\|V;pg..n..J.`...=."5...s.(.....%.V].>...>.....p......J..TB.m..MO...._W'.TH+...._..hT...;......7..U._&yf.....@zw......E....1.......^..\|.......9./.K...b.jg..N.Xq.:$.r..R.5@\..;.(.>q.O.P.....r.ssR9..hH..........oN%.....)NrC...........x.........~..k;wL....c..7.y..h@...k... ....k..A..M.OFNs4AH...C.`<.{._...?.V..@.q...G.L....\|.L...H...`..-.45.gm..+ r..r.j.SJ..n.....`7 .........TjQ.Q.,.....,..p&..w..<.....Y...a@.=...A...k.....#.....1..x<..7.w.X.(!.....(cc.....X...?.6_]vz.].Q..... .f@{.....EU....... .?rM ./..8..Hx..K.........j...v.O...o./g...H... ..P...f.J.......;s.)D...%....kx?.p.z....@..E...O..t

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\config.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3054
Entropy (8bit):	7.876607862667055
Encrypted:	false
SSDEEP:	48:V/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODZlqBK:VSDZ/I09Da01l+gmkyTt6Hk8nToK
MD5:	B9D922E9B8A8255558EFD9BA12BAD8C4
SHA1:	994A7948CF002A61AC1F2136E45BD50E06A1E378
SHA-256:	B23A204E4F52A8E1DA7EF57D4803E6E622D6D0E5BA89EB7C45B63599654FF1EA
SHA-512:	B8BF8EDC017BBF7B175D0B71C7FEA3BD1EF9E4727BFEA13D17BDA7CF42433042FBD2B20EAC8826B1D2C003013517AA6456AF5F2D47FF6F84C9D1DEEA813FBD05
Malicious:	false
Preview:	.PNG........IHDR.....................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\graybar.jpg Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	"File written by Adobe Photoshop\250 5.0", baseline, precision 8, 192x8, frames 3
Category:	dropped
Size (bytes):	5225
Entropy (8bit):	6.9654769788872075
Encrypted:	false
SSDEEP:	96:iGtK7DitN26MT0D5MdtbZPAVwzVxaCYZ5KSIq9kF:N18YNMtKwnAK0U
MD5:	FAF6E0DE46C09968F5DB9E3F27FDF5D8
SHA1:	56C04071D7F8940A6A95353453CED1F9DA7BE397
SHA-256:	053A50404DFB73E4161BDD78C252ACB6373ECD9CF9B8A759C23A6EA338D24E35
SHA-512:	598BC1361C6179BB548FF788329639A347B789B5BBD18BEA017A8BF5028BB8E4F7BC738F62DCFA129B47D09F2A003DF06DEEFC524FBB52C5E64B2407E36E369F
Malicious:	false
Preview:	......JFIF.....H.H....."Photoshop 3.0.8BIM.........G.......G......8BIM...........x8BIM................8BIM..........8BIM'.................8BIM.......H./ff...lff........./ff...............2.....Z...........5.....-..........8BIM.......p................................................................................................................8BIM...............@...@....8BIM............8BIM...............p.......P.......v..........JFIF.....H.H.....&File written by Adobe Photoshop. 5.0....Adobe.d...................................................................................................................................................p.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\history.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	599
Entropy (8bit):	7.388121691756906
Encrypted:	false
SSDEEP:	12:6v/7KMmlKgDGvIHb1V/DJZ7xhyImnSNWeC6MiSc+:hMWDAE1FDJdCIlwD8+
MD5:	1324ABD1EF1DABFE0884F1254EFDC0A6
SHA1:	82B94D94AB4EC163570CE80ED5174E7A7D6BF338
SHA-256:	A690995881F22C256ECE140E122ED1481D20E0DFC2B86C50FC2FA498E96154AE
SHA-512:	40BC651BDEEA957BC4CD41D9499C8092C6C4A9EF9139AEE539AA6982AE2CDD82EAFDBF41E267FEE9C63BE7D54CDB71556F5CD2BEBC985CA45CC97023531B4836
Malicious:	false
Preview:	.PNG........IHDR.....................sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDAT8....k.Q..?.1..BbH.$E.NN.@.(.6!.....m...B..gT.j....."...)DH.x...fu..=._.;3...y.}3.5Km.K.^Kj../e.&...<....[.......W....:r.9..n.7..f(b....#..#-.E..\|L=U.EQ$u!rf....X.P}G}../F.D..Vw....^.....h.E..=.......:..\M.e.k.n..3..].W.....~*e.{....]o.......4.o.....?W...0.-s.x..~.k.k.1..Rz.....u..7b..@.x........8.....U.....>...#.........\V..5`.8.....w...F$..V.L.A/....t.........b.T..}R...F..j.t...&.=u5..`.\.p.^T45..p.E`.p._..C........m@.u........=.5.....A..f\|......IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\jquery.minicolors.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 870 x 150, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	77459
Entropy (8bit):	7.973004093485078
Encrypted:	false
SSDEEP:	1536:rhKbgosRyyXD7mW9CqLVsu/dmEvsQUF9CGzGlEtVpay5Pm:lKSPD7mW9CYt/0NQFg5e
MD5:	D36C75E3D8880EBFECE375FD7CD46787
SHA1:	28F350293AB0DDB3A9B0678CBC7780ACA13AB88C
SHA-256:	2CC1B274BAE0DB0BDCA8C4782C9F96A40C232588D04096F94AD70E29F8AA2C4D
SHA-512:	263BB847F48013F3A1B322774C13DABB6AE9D6DEC4AB3D91068B5A5AABE8040AF56835417544E31865136387BA6DEAB3AE8A52E536649F02776534BA779A6A8B
Malicious:	false
Preview:	.PNG........IHDR...f............z...ZIDATx...k.m....>.w....!#.Dp~@.y`...BA......D....D.3.eY1.v.".#'1.#....A.SU..@...L..Q.....".....<..{...c.G.m.1......>u.>..Zk......m..[....oVa..sw...............t.......u....~......}.k:.._.v..N..../,.............?..Y....q2.....S.};..a3.8.N.]mW.F._.g.yt{}..i.n..8..'....u...~_..G...>.Zk.o.?...U=...\|..?........>.........H......K\|..W.\|.^./.../....C.........C..?.}...g.....7..8..m..._..%......;.... ...#.e..J.t.............7..v.c...?.........._.._dw.......U._...t}.....ex....4..qJp.'..G.....tk;.m.}.G.u..7..\|.@..5...}..o....~Bv.'....g.c..._..(..6\|...}....E._.G..........o{...;..T.....G....Jo..N.......v.......g}...6=........\|.....B>E_..}.6...M..gg..~.....o....../`.=y{......?.w.....s.......+....Z..8.../..{..S..K..W.....%]'....6....l..q..\..W..~.z.uZ...p<........>....8n...\|..O.._h.}K..O.'...-.-.f..z...f.V..........y..\...V.k.Q@........<..%....n...w........{.....3./m...I...}Yo..__.8...e...q.x...^.z./_.../..........

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ledActivity.gif Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	GIF image data, version 89a, 19 x 18
Category:	dropped
Size (bytes):	1248
Entropy (8bit):	6.845507225799685
Encrypted:	false
SSDEEP:	24:Z+3kq7uhCveZ2JxKTmQr3m+O0QU1IBdP/JonfeLwunGoi9:Z+TY2TKSQr3nQVBt/mnfeEunM9
MD5:	9F59C1B008D233A7123D16B091BDDBA5
SHA1:	F41ACE2634AD8A58EA6D016A8A368F01001BBD16
SHA-256:	D7DDAEAEEABED3757B1CA1477BCE4C6801C3BB78C0C37A01A8F9B0AA9556D076
SHA-512:	3CDB9D19CC2646C27198CDC88CD9AE6B3288AE0455BB0BA308C8EB53E01BB52D67255B91F39E06805DE33B7878400E0D7921B4E0B19A1FC9A33C11590E558F79
Malicious:	false
Preview:	GIF89a........W+.V-.U2.U&.S#.S,.R+.P%.H!.....{..r..V.nV.kU.gk.ib._d.^c.cL.`a.a\.\_.^^.\^.`[.\A.b\.Y[.ZV.VS.SR.UW}\S.SM.KL~PN~OP\|MQ\|OQ\|RL}NL\|LK\|LJ\|JM{LJ{JI\|GJzIGzG5}VGyGDxGExGGwGFwGEvE3{PDvDCvHCv?@w?Cu>BtHAuABuBDu>AtAAtEBtA@u@@t@At?@t?Ct>?t?@s??s?@s>@t=1vM>s<;s;?r??r>0vJ>r>>r=>s>;s>>s=@q<=q=:r:<r<=r:;q;9q9=q9:r9<p:;q:<q:=q:<q;:q>;o99p<:p::p99p97o78o8$rE#sI3o;5n55m51m70m=3l6/l8(n?/l7.k6,l7.l7,l8,j6/j3-j5/k/-j4.j1/i5(i8'g3"h7!h8.i=(g2#g4.h<%e.&e..e0.e2 d+.d5.d1"b-"b,.b0.c/.b1.b6.b-.b1.a0.a1.`1.b7._,.`4.`/._-._/.^..^.^0.^/.]-._5.^-.^4.]5.[(.\2.[/.[2.Z+.[..Z&.Y1.Z2.X..X2.V..V1.J".U,5.5......1-.J..1d.j..6...........................................................................................................................................................................!..NETSCAPE2.0.....!...2...,........@.......kE...0....N.D..1.....>...B.b...,b.P!..G.d0X@.Q/.......@.V.`i...#p.dA..O&U.X.......At. .......+.,NQ".......I..=.$../EN......6\.x..G...D...(..".L...%G.P.v.%....0.. ..E

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ledStatus.gif Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	GIF image data, version 89a, 19 x 18
Category:	dropped
Size (bytes):	344
Entropy (8bit):	4.9180274718132315
Encrypted:	false
SSDEEP:	6:Utl05YP0hK1FF/081ihKtO00IZa7Cpz5/cMnghxH/Vc:Ml/M813/0luOOa7CpzrngHfm
MD5:	1EA93994B3744C85DB7FAC8BB9D419F6
SHA1:	346E8F7F9AC58DECEC5C686A4F43D8DD69305E9E
SHA-256:	7311CA789A3BA8EF43F511CD27BFE3691B4D30C4FC41315C001212C524485060
SHA-512:	58933E8383DD97C63EB0710812BEC1AB8116F2B3CEF4BBD13779506901239FEA367D0D7A57427CBEF638243C22471FFF97F037163F0B1346C7031CCEAC709F39
Malicious:	false
Preview:	GIF89a.......5.5..6......1-.J..1...d.j.....................!..XMP DataXMP.?xp. . .?xpacket end="w"?>.!.......,........@.`0.)P)..J.D(...pR....v.q.tmn.....;.n.A...Bm.q.y../.sq....#,.....!....2.*.._p.G...u...'..P>/./..;

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\ledStatus.gifx Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	GIF image data, version 87a, 19 x 18
Category:	dropped
Size (bytes):	3353
Entropy (8bit):	7.037267404675196
Encrypted:	false
SSDEEP:	48:KwwFQlsXlG/lulIIl4wlwxR6MknNsvIlWqR5QkyTJwBZPHXZ9uObVvyKzpgWj0kg:KRwz6M00IRMdteZPDVvz18
MD5:	8F880864067EE4366D4985614AB554E9
SHA1:	7A947511C65D683311FFAD7CF7D99943FFFCBAE8
SHA-256:	B202E340C773A174A3BD6CDB921D0B766FCBEC7EEC1AEA4A5CEFB17033C23AA7
SHA-512:	5E9E9300C25109CF9BB297A00DD64C58E2DA91777D2FAED200624DCA74078115484067B9B01EB2EF229B02E5AF233856CCFC0ABAC4A516ADF33762E5FEB5F38D
Malicious:	false
Preview:	GIF87a..........d.j.......5.5-.J..1..1..6..................!.......!..ICCRGBG1012....HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....vie.w.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q.........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB.............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Re

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\loader20.gif Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	GIF image data, version 89a, 20 x 20
Category:	dropped
Size (bytes):	1390
Entropy (8bit):	6.932083408535688
Encrypted:	false
SSDEEP:	24:AFIvU25g6Nol3+sa9EGzUMwv8y2Y+XmrHoMq4+cxWET5f:JfW6mOsa9GOXm0MYcWUf
MD5:	ACD12DDF397ADE8E5F1FC63DD9E93075
SHA1:	A4F57783453FBA6F5A9F50F7D8F4B753EDCE8ECC
SHA-256:	268E1844C89B0AFDC408F093541CCC448DE6208B5C1726A02CF1363B0CE67295
SHA-512:	0E299E2949410FD629E8FC0DBBEB29C85D1383336F926A239DBB9836BCCCB3265D07168D95E334A2CB51FD8AA807E0E4B8FED40B689F651F11E12F6D579D7D00
Malicious:	false
Preview:	GIF89a...........,.$.$......4....,.$.4...............!..NETSCAPE2.0.....!.......,..........rp.)A"..R.7.H H.gTEFy_..F8+..~.......)P.8.l30.t...(:h....ITn%..U...qg..@....."....^b......}.H+.......qr8{....y..!.......,.............,.$.$.$....4....,.4...................kP.).@..I..Q.......1.....g...+......."P.6..i....HQ.L.X,!`l.....9..Y.b.m...... .r..\.J.r...V#D.;..e..oo..!.......,.............,.,.$...4.......4.$.4................lp.)S(..}./.&..Rx.B.....q...).T.jQ....5:.r#.!aH:...0$)2N.'C.=.7. *.....f.........j.&.F....jt N..-./r#].h.5I..!.......,..........sp.I.....W..0..Q..&i.(d%(..p..W.+..%.....S.p.....-.q............DN../Z.0`-...@.EC...H...z.t./.<..er ...B./.f......!.......,.............,.$.$...4.......4.,.$.4.............s..I.....Y).4..Q.`.K...V....a.S..3.R..(.....H"`...&......I.... ............DQ\..?A.=1lU.E..p-3.6[ ...5..E\|;......!.......,.............,.$.$...4.......4.,.$.4.............s..I..,.L...\|..,.M.pT.X`.`%......@. ..N....

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\loader32.gif Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	2080
Entropy (8bit):	7.235513902569056
Encrypted:	false
SSDEEP:	48:3Klklq/hMGNEzSB9rXA7QPpNtnfQImrUJmp+k:3KlvZNE+B9s0P1fxc+k
MD5:	E8A61D2B984AA124462770715F9CD5A1
SHA1:	B6CB1D97D50E6C45118813F67848EE27ECE89DB5
SHA-256:	F38EE19A408963D2BD1468986BFF04523AE08BC5C66B120135646F2FADCAA04F
SHA-512:	D21E4E4DFEDC8BF590DBDF69E2C1C7E0B3E45975E45B540C44C7CC066F4CE66A0C9896788BDFCC7FAA0FE3C57A8ADD3D4941702DBC35658CC229C10073611902
Malicious:	false
Preview:	GIF89a . ........,.$.$......4....,.$.4...............!..NETSCAPE2.0.....!.......,.... . ....p.I+.5.-AP..qd..`Xj.0.... .N.B......(l......M.4.1#..T.....TS.M....%9`8....%.l.a.oZ.9C@ .7..x'!{..rM.+...#.Q...Q.d3.c pnQ.n...?N..30PW:.q.BP@..........\|\.$H...?.(.......\t.....ck.=~.....!.......,.... . ....p.I.I....JJ.$^.....fu ..h...A..*.,P..[.b....B,...k..%78.V..^...'..\.SIV..j..M.w..i.L.y..<............y..?EP....o....<.?uO.<.8E..............%.3<..74.U..sD.M<]......./...Y.%.......%)..G...f..%..!.......,.... . ......,.$.$......4....$.4....................P.I'.&.P..@....}h7.l2..d..aXEq.8.%I.h(.....6.(."..3L$%..4Yh....Ur.....3.@!yY.a.s..u..q....1.;. .3h....QM.K.N.qDW+..P5#i..~u.....e6S........y...m(.%.0.4...4...3. ?..o.....l.....?.(.~.3....u.$/.O$s.......y..!.......,.... . ......,.$.$.........4.,.$....................P.I..8..1](...R...".....%....X.J...4..~........ 1.m..C..y&...j...]..u.Xs.?2\.~!w...3.+..{.}@.p.d"$Pd=e.%.g#.1...m..9.7.5.#?...4Q..P..z.C....1.....,.41L

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\loader48.gif Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	GIF image data, version 89a, 48 x 48
Category:	dropped
Size (bytes):	3294
Entropy (8bit):	7.568040218938906
Encrypted:	false
SSDEEP:	48:hZ36pZBslg56tuiCqTDc5GpazcVqxT/AjtrFElsqeBfu/iqvGRZ3uZFdT0EQqZid:hgpZGlgUYGDJYAV4Etr2xexuQGwxJD
MD5:	D38FB8BF9BE0363F07518634C74177FE
SHA1:	A4FAFA2C401FFB293FE0A5219734B9ED3303D722
SHA-256:	F8F24B439F1229AE6316C55CBFF7A27551959534C4D473B7671DE634823303C2
SHA-512:	4DEF6B3062A6AE521F8079B4E807F9694D38517E873095BFE7D13647C49ACC66940E83A109289B433939A2314F388A1C3B8F1409481AA171AF77E888C4BE0169
Malicious:	false
Preview:	GIF89a0.0........,.,.$...4.......4.$.4...............!..NETSCAPE2.0.....!.......,....0.0....p.I..8.=A.B.pd)....a....j1..m%l?'..@..... .ZP..%......... .3..T.).k3(...0.p..fK.& _!.x,kc>=g1.Q>z.. u.dJp.\|=4../d`..m5..X&2Q..2.U.&wU...Px.N.!........NA........z.........K~....!:mVJ...4.7....<.g}...>..e..._.......q2$.T...y..I..9.x`......qh..WD._ C..I..I.... .M......Hr..4.9...@...>M..E..........@......0g.._.Z.bH.4......E.bG......p....!.......,....0.0......,.$.$...4.......4.,.$.4................I.e..p...0.KQ......,p..l}.e.'6x...Mr ..ao.H.....H......q.!R.n..eH...3.x.j.t`.w..A<.3.]p..\|...O:G...VU~.\s%.8Hs....U....n....Vb......c.{.V..c...N..6......r...g%.+.c.Y.D..........-.y...\&.!..]......[s&C.%..Eb.LT.Y.$rS.].n.....p..`..uXf"....2^....a...Z.0..O%7.(.....nt.x.#..^.@......0../.>$.-.p......V...e%,b8y..'..(H:....4......Z.b...2..!.......,....0.0......,.$.$......4....,.$.4.................p.I.-" T..`...b...l[!gy"n...Y.....+.b...P.$..U....u.DP..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\loader_bar10.gif Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	GIF image data, version 89a, 50 x 10
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	7.4293830726195464
Encrypted:	false
SSDEEP:	24:fHGj0ZI6vOCM7giDSCXu10DqtEL3iS/Naw+8Ib2QmEDSXLd+PxD5Ar5rg:fmjYI6M3OiuzjS/wZnaQmEDTNMq
MD5:	7AE27DA72B4CDD833D827C9A4C8490AD
SHA1:	F0FDEF37CDF76DCB1EC7E11F6A838497AFBC8FEA
SHA-256:	236F40D053AE7CC03BE734750161866E35787728CD0A53505A4B2BD62B158B5C
SHA-512:	80A7631867A623987917473D08C28DC8527DF91D220D1D63DC8D7AE4E89C6FACFB086B4FEF8A5679E4A2DAA314CB3E4B098142226CEDECF51B09E3148F42C196
Malicious:	false
Preview:	GIF89a2................f..f..3.f....!..NETSCAPE2.0.....!.......,....2.....YX.\|.0.I!...... D~.....a..`.....3..l1..zF...\.....-.I....Z.H....._z...1..\|._....!.......,....2.....s...P0.C..8.@..$.ZiV...DX.+D..E.6...d..^D8......1.)......d1.....0h....g.....UR.e+._.ML+..3.....#V'............!.......,....2......x.....B.e8. ..G@...Xh...`....0L.E.R.n0...d.......4{...0H.B%.8k2..$.`.R..,.HK..a..z....-.....eQu.Xx>{:o:.:@..... "%$8)c,.,..........!.......,....2......x...!.....=.;P. ....h..X[h.`..w.4-.D>....`Q..2...S.N..h.V...`;0 .....~.0.U..r..d..F....U..v.JtN<yTl\|/Y~p.2>t>x>.Cm>H.. #$<)A.X0...........!.......,....2......x.....I'(8k......d.....j...b.tG."...<..U.bd...`c.r...2h.DkF.T2#..S.V......e....).J..vq]...^tfve@yjY~1p<6<.<y<\|F.. "%&?,+D0o..........!.......,....2......x.....@+.1+.;W. ....h......o...Bm.&..,.`80.....2.rM..P...A.q!$n......V..;...J2....>....s.`r>cQgzj-51.45c5x?,.... #$=*)..........!.......,....2.....jx...0.I.... ...!..H..a................@B.e..e.......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\marker.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	652
Entropy (8bit):	7.472085780124291
Encrypted:	false
SSDEEP:	12:6v/7aChPfrNq9XGKlKflRphmQGOb9PMY03V3P5lqbDRoUd7DqdpsBsBr8z:79wNlRbr56FhPvqbDRoUdHKp/B2
MD5:	4F932DDBEE5D5E9EBD89A2EC63EDA2D1
SHA1:	4D07C48638E0F42D476B3D5A9FB18334BD8E9FEB
SHA-256:	557F8185B01F5E5DD2CCAAC950F07754507ED0EDF125A9E922159491998D8FBC
SHA-512:	46DEFC4958C6F6FF49FBF657D2E9F7A79A93E4027EACB6ACD425AF063BAA389D8E3A89B841A93B7E75C7A10630346E9781C5A6D274F218821A9DCD8C4C67B02F
Malicious:	false
Preview:	.PNG........IHDR.............;mG....+tEXtCreation Time.vr 14 jul 2006 13:31:23 +0100..Cg....tIME..... %.......pHYs..."..."........gAMA......a.....IDATx...KQ...d.`.H..!.t!..E-t.-..6.. .......p.B.y....Q.A"-....$6..9.{..C:...s....{...c...$...,X..@.W.\...HU.,.?..T..^A.l.q.`3..>.R.E..^.3Y.Y(.b>...{..`k.V.....Q.X.`0..._.L.C..z.v...t...&....=..(A+...r..N..`.V0...d2I.N..=..^d.{.j......J..>e.X.r......")nb.T"....)...7c.....ccb..Q..j.......e.Z.g."..f.....F1.p8.kE/R.j8.fN....^......D..WzOdp..*.R)B..HO..X.x<..J.. .\|l.O..h4(..kf...............~g...Q.......6e.Y.F...z)..P&.!q...'nyh..p....h4...k..F....>Q.b.......#......O^........IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\mask.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2020
Entropy (8bit):	7.8670865377585475
Encrypted:	false
SSDEEP:	48:nHuMgAcPn1sFmhNJY5QSv6L2ZKHyyuXkVtHxPgiWsIz:HuMgAc/ZfY5vsycRK
MD5:	C6DC921C0D6F2197793D9174B4267CA0
SHA1:	3B4348E9D847D306F2128A93ABEE50031C27E0F1
SHA-256:	8DB9EDA1F0597CFBB5BDEC79507E3BAC3DF46FD899FDC5BBE8EA92E4120439F2
SHA-512:	B7E1652B3964E12473A147A7583F7BDA72CC8CF9D8F8C544FD6A1F6FD28AF3BDDC0C5C8200A4E59C37A8850C32897ECDAED80C5001A32AF584E231BFE416352C
Malicious:	false
Preview:	.PNG........IHDR...e...e.....T\|-.....tIME.....3.7.......IDATx..].R.:.l.............d8.TQ..7.[7;...}^.c...)qR....j/4......_.Dw.+.\F.]..h.z..t..G;...J.:.\.F...>vp...c.n.d...`..sV...s..D...$h'.=..]..a.......s'...B.fO.Wd....L..e..d..s(...L....G.WH.B.......VFa...].W6Ev..&xM....,....8.O...1};Bc...........Jv.Y...._..#.e.T.W...d..>Q...<...Z.L......q..)........'....5Y\|....=...i.WOY.X......I...0G..QW...5..D.8F...c..(X%KI.F..u..].....x....Z&...[Qp&...NxC.y.....I%&.J.H#....Yt...'@.zU%z........I....V.%...9... ..:.'.._..2.........%C.',."#../.a..gYVh..d.,.:..Y...D.}.A.8.H....#..z.r...1...k...w....%%.~T.. .).<.f....!....V@...b...x.,..A}.R}&8:.SI..R<....dID..Y.......@2..rf<#...TM.(.......S.M.UR.B/..w...]DJ@ .M..../.\|...fS.F.D1wT...c.kI.N.r..k.!....N..#.?.pT/B.p4....I..Z..q)O1....b......_(\|...!\|.....>C.cU...J.a...q.\|..#.~..!..{.h..i.~..g.xL.d...t#.....+.{\|... ..~.#:....).-QUU.8..V.V...&.A..#..;U=.P.z241.:...9....N...\........A.....B.#Q.1......q.'.'.y!'Q.0_.5.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\moveOff.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	651
Entropy (8bit):	7.5551261985157225
Encrypted:	false
SSDEEP:	12:6v/7if5sp3qB8ZpzkhDYBDqb13ckbbh/3n04SjbbRzKLAynAgdA7:Bsp3lbIiBDg9ckvh/304SjuAmA7
MD5:	C835B937904E6525E9E62490255FCEE7
SHA1:	16B78950C5EE906EAC7F7A712845A16BD8CDA932
SHA-256:	E54BD4E3AB3F3BB6DB78BE4DFF48CC64A5A181FEA05302C80B55879CE56796A7
SHA-512:	669F430EBCBD3ED96257F4C81509D1A078DE60BE73120106E7A7CE58C4EBDB9C4E709E84A122FC18ECD30BA205850285D2670E34C0F3F23C6A085A68EDAE9783
Malicious:	false
Preview:	.PNG........IHDR.....................sRGB........EIDAT8...OHUA...".h.((.x&.>..F(.L\.nZ.}.;....7.D "...h..-...$.. .h.H..H].N.........B.>.3g~.s.ap.EQT.t7.e[.B...6.saY..B.!H.)...\..x..2>8b... ....a.Na..T.7r.0.....#^.]U.7......~M.....z.(..>T{.6 ....;xb.yo.......X.s.p...;...e.k..0....C.b\|/,.m...K.f....Z.C...6~.X6n.5..'.^.7....4.%...W.......n....X.........d.. H.o%......V..q../.UE.k.g0.?.....)..Mg..O..^ ..o.1.S.......K&.M.nS.._.....`..b..g!......[#.......a^..3SL.=..n.l...b......b....).z..j.....m..(6v\..G..Z.gfu......... .j.E.H.\|...WO........po..I>.jf=(~.$.t.'0..<..rm...<_x..4....=....V..&>...Zg..K:.p.........Q..0.%....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\moveOn.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	676
Entropy (8bit):	7.503094266226093
Encrypted:	false
SSDEEP:	12:6v/7KMmVR96upXknOr8Dm0N4WOHt2s7kCYnXVv5u0E581Jy2GX0XEO:hM6RomXhH0W28tCB5u78RGX0B
MD5:	B27A9B350111DABDCCFE8223175CD1E3
SHA1:	4AFF4112D8A509E61677159CFA2EAE8F6987D2DA
SHA-256:	C7A38E159A00948046E28D8E2B6CDD6C154ABFAFD5D9EE4CF560B2A4FE32B26E
SHA-512:	6C4362BB48EF2F8B9C5FC5D0D8C701BCA29C44B02DBACCE2DD31A655987182F77F3909977AABD6F30CC8BE59D3FD44148D30B3E5DF69FC78E23BC4073232F0B0
Malicious:	false
Preview:	.PNG........IHDR.....................sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDAT8...=HVa......j.l(.C..-..%0........!h......ZB......M.".L....$t......5.....z...?.<.9.IX...@}....I....$.@{..@+..\|..&`50..H.d\|..(..:......`u...*..I...1uNm-.......cj).xX..V...Q..o.ju../7n.r.....Sj.z[....=.0..d.3.........q.U!.QGS.:u^..........3'.i.jK`......T?...5.(...-lz.Au..@m....[...O.........k`-p.x.w......w@....a.sW...A`.p.8.t...@7p......e.J.4.1.U...;p..I.......z.A.+...R.....t.Q......2...R.C.p..x..,......R]..Z..z$.sR...v..mB...c.&.}Q...89'..C..^M..=^.].`5....W.:..R...j}.VZ.E...........c.....`[.4.?/........._e.Q...x.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\portscan.gif Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	GIF image data, version 89a, 45 x 45
Category:	dropped
Size (bytes):	7684
Entropy (8bit):	7.44943409365584
Encrypted:	false
SSDEEP:	96:mgGki3LJfJvfCWoKMy2dew8+UqHP0FXrrIhRoJxwycP5/fj/H4pCywNVBeyS:I/FJhKewz3vYbriaKL/mCVNVBDS
MD5:	0CE50C723F29386C5EEB5D760C33E9EB
SHA1:	8064101CC25302B9BCA62CC5302F30963DEBEB46
SHA-256:	246B4FC395D6026009743668C3BC4A92470CE5067B3780CDD6099332DB1DE5B7
SHA-512:	A0BC283AD405E281CA637A9046BAC2F54D39223BEB961320C6C7DE54422337D98FEAEAE65E5964372C33EC44EE1B362ACE34EA1F4A9C817468AEF72A288AB008
Malicious:	false
Preview:	GIF89a-.-.............\.<.......t......L.4..l...........L...,.......l.D.........$.......d.D.......\|......T.<..t........................................................................!..NETSCAPE2.0.....!......,....-.-....@.pH,.H........h1D.l.X.@..$.,.z.t...b!n....s...cx...d.no{]).X.xxz.Q..u..%'.$)g$..g.&b..% !C$......F$....].v...E..%..B$.X..R....F.w......c.h.......!.....\$[P....x."^...C.v.p....O).X.P<9.o...V.J...P@e.......bDR...N .sd6.Hc.....L>..,.....P{B.#.r.J.......P<......QJ........n..!....L.....L.I......h.. ..C[k..B................k...C...6\|.q........%C...0......'t>.." .J..&.3...........u...~2".../k.8-.w..PHp.c!2.GY..y.3B.!.....M....]F!+Z,.l.gW. .H..v... .z...d.6...@..7..g........j.F. .....!....C.0...\|lr.......`..aNJ..]r&.r...@ A.-.(.....U...8P./..A.#.p....a..\.W.'].a.#R..ec..I..V:.F.6n.RgdH.DX......&.........f.....%...E..!.....+.,....-.-........\....<..t......L........4..l......L......,....l....D..\|........T.$....d....D..\|.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\power.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	65113
Entropy (8bit):	7.159896169983854
Encrypted:	false
SSDEEP:	1536:opXg5zM6ym+8xPgvl/DpxLReDIXmgjnN/D:opw5Y2+8VgvJDHNes2eN/D
MD5:	46B89F9965188AB010A853BE9481243B
SHA1:	3D489C45E66A62BA9F11AEF95855EB5B347D6260
SHA-256:	3CCB97F615E5B27A15A7A1CF90E7A757DBBCFD167CFE4FE3153208F9B789E6C7
SHA-512:	79DE4F2A8E0E2481AEBB273B86AB7B6521CC1AEE52476669D50550668DDD06CFDAF54272FD078CF782F39B0C03DF9BC7A4703356E91145CF38C8444921C79713
Malicious:	false
Preview:	.PNG........IHDR...Z...Z.....8.A.....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....prVWx..[[R....~.0...D!@...6.`)^......f...`/...df..A...,;....tw...j....._.7...........?=....D..'......#.......#.....z\|xx.O.\|<<...H.<.c........so....~.......&..1~%.?{.Fv..;....=...x.$..{...n...C4...p.h..)9....+d.f.......c_8Z./s.I.......z.....&.....jz..P5.3X..5..f....oJ.....+X.D......#....K....6p..E.MI.#.'.L.Tp..Z.V.X.ov:S;"..?H...X.xq....z....../.z.c..wz.:.fH.0N..qa....7J.v..#..lo..!@/&.O..y.`...S...h...X.....8l.>./`..V..%x...C.t..l.<.7j.}.h......!...t!.....82+.Q.&.7........S<&........ttu...j.k.<...W...K.....E.)f....%.:.p..d7&U..f.Xp/LKV..oS...z.......E! .4?.\d...g.XW3...^.>..N7.L...D/....&8^.DZf%.k.;D.\|0..m.^3.......S...{..YSC...x......$.>...N...G....ME..M..F..{:c.v.......X..'.[.g..w...Z.(?...[..6}..$..4.....B.3...s...{(.&/..9R.r...<.d^....0..O...I.I.+...`.%.o...Vw.......&.S..I...;.}..D\|..@:)..T.&.8T.^!6...}...0K`d..\|

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\random.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 475 x 474, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	51100
Entropy (8bit):	7.982747673813763
Encrypted:	false
SSDEEP:	768:Z35gq30U33XeB/DIJANhxys2SisrS64rOJdVHtCwJzWkizgs8w2QBSnK1:70U33OBr4sb72SiR64WVNCsFVsec
MD5:	5E061610F789D7F66D214B44D5F823B5
SHA1:	26EEA3B93D85A2737D0164D2304A2560911487DF
SHA-256:	222DE9184737291A64718FCD70CC21C5407657380989E22BDE180E9BC40E8779
SHA-512:	4814FC3F0D9EF49B7D43F65ACD27571836F2BBA90E6681350CDE2D46E56D75CD60C60230A240D24918803F62417F4243C04FB7573C21F718E7E503B24C34B7D2
Malicious:	false
Preview:	.PNG........IHDR.............H&.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\runButton.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13728
Entropy (8bit):	7.962446984526479
Encrypted:	false
SSDEEP:	384:UYYYpdnQ79n97F0ay6m4ycRX/n4zlchr8ydfqozRFAoA/q7wE6w:U9YpBQ79JF0ay61Rv4zlchrDdvR/D7+w
MD5:	9D111E6950B1D9F0BF90ACCB8C2189E3
SHA1:	736B4A20CA49C33EF5468976EBDDCF9F270AAE84
SHA-256:	6CCBDEF7E6FA5CEEA14418E2603EB6E79A56A6C37767F10D51A00C9C43BD5B7E
SHA-512:	DE9FEFA466DFCFD6A915A54A9F9354C868745B1FE8D8A12784CA80648F4834E0CA6612A40D3899F4DDC2F6D06AB6B864F0DCB4B2B47C3B2904045A0B96970210
Malicious:	false
Preview:	.PNG........IHDR...Z...Z.....8.A.....gAMA......a....:iCCPPhotoshop ICC profile..H...wTT....wz..0.)C.. .7..Da..`(..34.!...ED..A."..."."...`... ..`.QQy3.Vt.....g}k...=g.}.......tX..4.....J....c........`.23.B=.H>.n.L..."..7w.+.7....t..I...........d..P....}F....1.(1.E..........";....c.X\|..v.[.=".%....qQ...-.[".L..qE.V...af.."....+I."&..B.D....).+........Rn...\|nb........2...T.@`..d.0.l.[zZ......?KF\[....f...F..f_..n.M.{.H..?....}..._z=..YQmv\|.....c3.....4.. ).[..W....%I .31...6.rX.......7.......(..........S.\|zf.....y..q._..0....sx..p.qy..v..\.7.G...S..a..8."Q.>.j.1......>.....s@....7.\|8.......,...e.%...9.-$............H.P.@...#`.l.=p......0..V..H.i...A>...@...v.jP..@.h.'@.8.....:..n..`....`......a!2D.. UH.2..!...y@.P....A....B..&..*...:....:.]..B..=h...~....L...2............p"......p.\.......u.6<.?.g........!....D......C..J..iA..^.&2.L#.P...EG...Q..(.j5j...U.:.jG..n.FQ3.Oh2Z.m..C..#..lt....nC_B.F...`0..F.c...Da.1k0....V.y. f.3..b...X.l ...`..{...C.q.[..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\separator.gif Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	GIF image data, version 89a, 5 x 5
Category:	dropped
Size (bytes):	53
Entropy (8bit):	3.527860193148967
Encrypted:	false
SSDEEP:	3:CYtUwlHrnlHGen:ntt1J
MD5:	055FCD766160797033FD3D450461753C
SHA1:	230D2B0FE0CED0F78F2A70F8C3F9E331FF13A2BF
SHA-256:	8A1C1838D285BDA03F86926748670C0D158D0D71869F951B1A0D48A39ED8CDD8
SHA-512:	1B887293B44FB05B2A0C8887C35C28AA2CA03033443BA6EBD347F5DF68EF27CD95C71AD9E03764CE73934445341F35BA023C41263211780AB3265DB381595A28
Malicious:	false
Preview:	GIF89a........f..........!.......,...............-..;

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\separator.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 5 x 5, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.754555304092987
Encrypted:	false
SSDEEP:	6:6v/lhP+wzlxWDVMorpnDi3Uml9sMkBV9JsHy7rp:6v/7nJWe8hmns1XiHyR
MD5:	035F014285FB08DE7E54FC7E3218AF18
SHA1:	82038F7D261ACE7EFFAB3893EB5D5604E5779040
SHA-256:	3FADC5608527076754B79E1A3239D010053F5D8BA37FFE97E828076A0318C119
SHA-512:	8894B8788B94B49B33813783CB882281F136AF8EEB2B5C33A5FAA4E1595EC4F476F93E4546E1AD3903AF77397DA3C07620F1216F7C2DA0DDF94751F130B1E19A
Malicious:	false
Preview:	.PNG........IHDR.....................sBIT.....O.....PLTE&.....8.%,....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....tEXtCreation Time.11.05.2011~~......IDAT..c...........j...r.:....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\site1.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	716
Entropy (8bit):	7.484826394922987
Encrypted:	false
SSDEEP:	12:6v/7KMmOPptxs6n4oBDMo4EIA8xNOYdI5VOle6rs9FD14y7Zmoko2TZlI/Xp+JvS:hMvh86nrDl4hPv56UeN99yy7MoOVxQ/
MD5:	16915215852ABC0A7DCD50490ECC3624
SHA1:	850D2CCC4FE6B624CB21F26C65EB6838FEE3DD75
SHA-256:	A91EC61153C6B85A4DEEC5D0092FDFFA4156214488BAFB85811B89299E9B6431
SHA-512:	8435E240EFC384B36DCAE8958EF18F5C9BF8D3661375DE1D4B3D82760DE401673A832F008DFDE47FFC15F8F97DC4FD38CC9ED7537FC605F7D1F4DBC71E10FB09
Malicious:	false
Preview:	.PNG........IHDR.....................sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6...FIDAT8....o.a..?.. !......PB......,..!.a.`lP.......AD......P.Q......c..6?u.D.$..y.y...9....#j...X..W.`DL..9.m....@.x...@.x....'.%DY.........&X_...@Y.m.B-...{.{........).Y......5..4MG.m........'.5p'"..8T..C4._.....i`.0....._......./....ne7.^..A.d%...=.....M.......:...g........v..t..j.......4...P.~..Q.l9L.w`{......0.>....4g........?..`.x.P.....]0K"b....7.4.<.}.......l\|-#./.22R.p......\|:..\|.6.S'"b4.{%0.Z....~.T.T......V.;r.>.ED..#..<;M..%.+3....r.;...T....S.g.S].NV.K...Q.d.:........!.1.^.y.=.....9...4..[..o.....Ji-rx....j...+...r.C*..+...6......N...R.......D.........IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\site2.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	676
Entropy (8bit):	7.503094266226093
Encrypted:	false
SSDEEP:	12:6v/7KMmVR96upXknOr8Dm0N4WOHt2s7kCYnXVv5u0E581Jy2GX0XEO:hM6RomXhH0W28tCB5u78RGX0B
MD5:	B27A9B350111DABDCCFE8223175CD1E3
SHA1:	4AFF4112D8A509E61677159CFA2EAE8F6987D2DA
SHA-256:	C7A38E159A00948046E28D8E2B6CDD6C154ABFAFD5D9EE4CF560B2A4FE32B26E
SHA-512:	6C4362BB48EF2F8B9C5FC5D0D8C701BCA29C44B02DBACCE2DD31A655987182F77F3909977AABD6F30CC8BE59D3FD44148D30B3E5DF69FC78E23BC4073232F0B0
Malicious:	false
Preview:	.PNG........IHDR.....................sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDAT8...=HVa......j.l(.C..-..%0........!h......ZB......M.".L....$t......5.....z...?.<.9.IX...@}....I....$.@{..@+..\|..&`50..H.d\|..(..:......`u...*..I...1uNm-.......cj).xX..V...Q..o.ju../7n.r.....Sj.z[....=.0..d.3.........q.U!.QGS.:u^..........3'.i.jK`......T?...5.(...-lz.Au..@m....[...O.........k`-p.x.w......w@....a.sW...A`.p.8.t...@7p......e.J.4.1.U...;p..I.......z.A.+...R.....t.Q......2...R.C.p..x..,......R]..Z..z$.sR...v..mB...c.&.}Q...89'..C..^M..=^.].`5....W.:..R...j}.VZ.E...........c.....`[.4.?/........._e.Q...x.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\site3.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	659
Entropy (8bit):	7.438716989768127
Encrypted:	false
SSDEEP:	12:6v/7KMmA98wNmz/s5GQMV8br4AZe7HiQ2Kz3kuWOFid6K8mt7:hMp98wNmz/s5ESbrjCCQPkuWhMHi7
MD5:	63D263AD7158A310F452F1E0179AEC36
SHA1:	76B5DC2101F86D24F79AB64DAAC6DD0FDFAC3F53
SHA-256:	2502DDFCE8B0312A9D89FB11AA5C7EAE48CB5B1CDDD9C384361EBEC83459C7A0
SHA-512:	3984ADFC91EB63EFEF640B3CB9CF676F6AF46152101A463D74960C56963090987303829E587FAF09DDEDEF9EDB868E33109767F3CD9C2271CB667C70847D04BA
Malicious:	false
Preview:	.PNG........IHDR.....................sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDAT8...=kTQ...YWP.+...D.Apu.YD.X...6.`..?...).DR(I4...]V.....Wa.?Q..4iR..>.{.l.......=3..{.gn....`.......X..%@..s..`...\;.*......:.".P'.euLm..k$.:.eY!).:.~S{:Vn........W.b.=.N...[..3....r.!.P...&...A..%=..........g9..z#...u...A.N.I..PU..:p>.....nI...j...~...vW..`Q}.....q.XJ,...4y91\|....@....+...y1....p?0.....u..-Jh.'#.{.XnS.C`3..oV.9`(.H,G.Q.....,.uk.D.B..V`..Gy..F..u#0.l..l..D....4.C.....8.....ORr.hF..G#bH...E. ...u....;..]...Rn....u..p.8..$.....G.....bE.U?.5.3}6.?.tQ....S.....zU.+8j_.-....>`.d..../.7a.jxI.C.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\tableASC.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	268
Entropy (8bit):	6.779106774146592
Encrypted:	false
SSDEEP:	6:6v/lhPIcR8RCdEcSm9U6jZGCBnQcATVn3JbAMo1ljp:6v/7DR8eXSVIZGC1AT/0H7
MD5:	6744856EB4EBFC67E498FE22B841138D
SHA1:	D16186D9C98EDB0E8E10C118C77CDF563CB43F86
SHA-256:	713C13AF7D92E91B61457C4FE2A4AA1533B05A118EB3581A2039697345EA78A4
SHA-512:	9CC0C1EFB04993B8634F97DA71D4846984B5F4E56DC1BCD2CB8F32DDD22B182F4D91C88405FAA705322479E3B77EAA8306E48DEA5F2ECD449846751E2D326765
Malicious:	false
Preview:	.PNG........IHDR.............Vu\.....sRGB.........IDAT(...... .....<.]{...k..A.....B.`e.6......d~...q...X......MD...s7...@........B.R.......{.....,\.kV.d"M.,..&..O.J.9.3Zk...~.4.q....x..@.y.g..i....:........1..>x...u]rk...0....A]..s....M23..1.`.b......IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\tableDESC.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	271
Entropy (8bit):	6.8901587913492195
Encrypted:	false
SSDEEP:	6:6v/lhPIcR8RFshA5KVCxUJZmrnU6Jga7gOAJg/RUpmPOZRtDdipIablVp:6v/7DR8WhKxUJZGlL7Ou/EmPOZR9cpIa
MD5:	77B3089E986D8BF38C2954CF1873DF2C
SHA1:	2EFB4E914B2E154021CB33ADAA1E2B0DFF1840E0
SHA-256:	8F28DCBF82CAF060E4FAD807F7808D201470B2906F20D1117F564972FE9D77FA
SHA-512:	437DFCFAEB0DF1FFCB7FFC59D204D779EC3FE14D2DD4E40C61E0636CCB2DA379A5685BD41E9AF3823A605DDA260B5529E459CCE628330229BB906AF2379783D5
Malicious:	false
Preview:	.PNG........IHDR.............Vu\.....sRGB.........IDAT(..P... .D..#._B......f......<...y..5.....*....=....1.P...Ml..Ez.@>.....eYJ.u].$&...{..EUUE.....1.$.Fg....k...k..I.<g.U...[Ask-..X......#.Z.<o.,..S.-c..H...4M.S..w].q9.X.q..$.c.}....j.0....5.h........IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\tableUnsort.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	259
Entropy (8bit):	6.861208650792751
Encrypted:	false
SSDEEP:	6:6v/lhPIcR8RxshAWs4OezxurWs86U1wG1JnzFKybWTzfT1p:6v/7DR8qh8/ezcKd1wG1Sybeb/
MD5:	DA3EC6EA1EAC9726D66623A2A0997DD7
SHA1:	328CD834ABD2D1E991C338E364F7F1E20D208A64
SHA-256:	5D9F15E160516838B4D01EBC43D258D38CB4167DBCB414A0BC7EEEC590A53499
SHA-512:	CC33F1C01457A109506A4C6471B0C4FB1D3BB3C96B1FED122C79F13F99F330E8B436946BC6E9D505513E3E1043A74F276506CF00B1EB9EEB471AEBBD6DE466F5
Malicious:	false
Preview:	.PNG........IHDR.............Vu\.....sRGB.........IDAT(..QA..0........B.R.D<(x.C.......h .2...d+..B.......~S.~.I\IHw#vX...RD....5..Z.H\|:%..a........o......N.=...W..N,{9..v..E4@.w...#.t../.. .1.....Y.)..^.......x.z.>q......}.....]x..5.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\trash_icon.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 32 x 49, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4831
Entropy (8bit):	7.9170260064651625
Encrypted:	false
SSDEEP:	96:USDZ/I09Da01l+gmkyTt6Hk8nTRKjt5b/LSmQTLy8MzMWdvFMD:USDS0tKg9E05TRKjt5b/0Hy8MAWd6D
MD5:	F92F161D6C05B50F926745F8EDE48EA8
SHA1:	14DC9EBE966E93ADA27F31F19355562EEC24E44D
SHA-256:	84934C6BCCC3AC8093215435772188249EF3ED817B20273733C222AD2053080F
SHA-512:	3D32D37A953CFD387711C231605DB92DEBC1BE926343443C69E2398A8A0E1D05F36C9773AEC832F5FE7E56C652A682A83126148E9C027A800CA9ACDFDEBC2B93
Malicious:	false
Preview:	.PNG........IHDR... ...1............pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\umts\0.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 21 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.602712680796194
Encrypted:	false
SSDEEP:	768:7jqlk9HW3ZihfI/65bZ//K/u8/D2AicNxBdR3uzXF7ET8:vqu9PfG0N3k/DpxLReAA
MD5:	E0300B17B6E0B76E9C7B9E01808BC361
SHA1:	C328F1E01495BEB8911A7C6303B976DE58BD6EB4
SHA-256:	0F5045057DD21C169BC2A9A037E7F9CA6A4FE3BB97CB78FEEFE4B356039E3AFD
SHA-512:	CE61567330246145AC334CFD480F42BEDBB5953164F34D03646FD6743B1BB6D941DF02506B1FC92D2C2A37745218F9BF07DCE7E94999B960F482720A3421BEEB
Malicious:	false
Preview:	.PNG........IHDR...............4%....sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.17.01.13..g\|....tEXtSoftware.Adobe Fireworks CS5q..6...VprVWx..Y.U.0..........\|.....2...]...N......]....=............r...................S...x../.....u\.....&...$...(.#..{......._....i.......^../...7....7..c.....S...eU.?........7....UI......~..k......o......_..........'.E.__.ae......3....~C./..>...._..>.j..73..~..bd.._p.^....k..9.../t.)2....oZ.%.7..I...O.{.{.L._Y..O._.W.?z.O.\|....Y.}..._........?.V....-...........uY;..Y..,..S...C....7./......L..._.....LI.../.....?..~...g...o.__...........w..._....UZ......_.....\...A.pS..Js....'].y......y\25...^, ../.<.B..DyQ.L.4#P.X..;...B4c.Y..ws.53.g..............xq...__..........T.'>.....HmkBF........................................................................).3...A.mkTSx..]Iw.8.fWw.8q......y.*i....5..X.Z.SN69.X..m..~ko.g...{.P$...d%a.b..@...w..T.Y.z...N.......{._...!$V.\.......;.g/X..~...lo..N...r.i....S.\..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\umts\100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 21 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	45417
Entropy (8bit):	6.6584528102076685
Encrypted:	false
SSDEEP:	768:KyY6ZH5u2CB00I53QmpouMePf0sL8/D2AicNxBdR3uzXF7BZX:RY4u2CB00IPfLg/DpxLReVl
MD5:	B8C41764AF1B6BC74FB276A23F4462E9
SHA1:	2E435F82FCAC5664385E811B6979A9908D46EAB0
SHA-256:	092173D7FB22BE86680AFFE51BF8314C76DF7A921E117706B0EAA25BB9458267
SHA-512:	A46BEA0A0121802047BDF1C0A276B5C2A71231566A2B770F318056E3DD81D21CDCE8BBAA8F4A3D366C048B21E3799E8430827F2E80B279679CB6F26854F98698
Malicious:	false
Preview:	.PNG........IHDR...............4%....sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.17.01.13..g\|....tEXtSoftware.Adobe Fireworks CS5q..6...uprVWx..ZklTE.>...."...?.(.by.B%.@D..A.."..Pl.`..GE.....J........."(-X.....!......!.H4p=..w........=...9.y.9.n.]...u]oii.....?....\|....f...H<.t...5...8...!.W.2z.........s.y..`M.w..1x..-.s..k...F.....l...[K.z....;.9....e&..W).(.....>;.9..I....y."o...\|.[..K(..).s.....1.rh;....F.6[VV...I...9.y..[P.....(k3./G.~B.9.b.....\.0...O...d./..n..e...:.+o..H......6.......W..h..c.h..pW}8./#vd_8...}..4......u.............V..{[8..l.6....\|p.q..y\.m]............1.4..<....o:.e.........}.h$.ot...K^....]d..&l....;..OD3d..E...8....\....{.3.8(\|....GR...^.g^..o.oe.o]...I?}.z\|.Jg.P.@.po..A..q..~k..}uM....!...D.?F...^by....Y..d/.7....G.O...\|..R. ..8.....8\0d.........*......._...p..%q=..^.o....Y...s.1...S.;u....\|.....I.......Wu.3.Y.[....~..c.hvK........zwF.T.l2D....O..d.".Z.AN."8rQ.?B.C.....Q......L.#..5.7.&..{S....

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\umts\25.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 21 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	44310
Entropy (8bit):	6.614692930952447
Encrypted:	false
SSDEEP:	768:6BNJFbbG3HK2gI9xxl//R2M7QaZ3qv45tQJ8/D2AicNxBdR3uzXF72b:6rsKG9DlH8cyvyOe/DpxLReqb
MD5:	9ED82893F7FC7560518BED99579539D4
SHA1:	E72B264A5B51EACC03035BB72FA534867DE995A7
SHA-256:	BAE238D4C6113D99527DED9DE0EBA9ED241B280E9DE77E620299C65A4BB6BCC8
SHA-512:	FCA4B043E15E40DB3BF9A8FB2423480DB2BAA77F2AB47773761C21EA049EA9C18A9A4F7F518A2A3CB545CFDDC37750855263D151F597E1B8EAF107487532B224
Malicious:	false
Preview:	.PNG........IHDR...............4%....sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.17.01.13..g\|....tEXtSoftware.Adobe Fireworks CS5q..6....prVWx..[.n.A..=R@."H.".D.D. .H.@BB..:....E.$....:.Fn...H....}.u.n.Mn7......im.}3.vn....+sl..],....(......C.P(...B...........o..;.g.g...?..".o....Hv.N%..L.u.y.+-..!.~HoY~9.\|.h...'.w.'.W./.......S......e......?J@v.l.........C.'..48.....?V.p.?P.e.?F.1...^.........i.~~QV.....w^....{x....O..[..C.~..w.F..@...('......{..~A....8...g....h...nDT?.2...... ..........?0.-..>....t..2........?.....J........&..rpX.....'.S..?.......&B....._.dX.....X.....?....O..P....C...H...61...O......xG..(F...1.......o]e......3{.+.......w}~......WA.R..0.h..o......i...+........K..R.../....O............#.e./.......c....@?D...X..v...`..4..}..&......[..$...,bq. ..$..+.....C.nb`...)......F....G6W(.`f....^...B..3...S(.....7.j.A...\|5.....9.=.E4~..........e..e.....HmkBF........................................................................).3...A.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\umts\50.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 21 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	44546
Entropy (8bit):	6.622725933854958
Encrypted:	false
SSDEEP:	768:BfX2a5a6iakOHlSiz5H0KLs8/D2AicNxBdR3uzXF7p3:BfX2BT0V/DpxLRe93
MD5:	ACDAD4617EF1B87696BC058AA81FCF03
SHA1:	C3F2B3A551BD8F99EBAAFA06F6C25A00E1B677D1
SHA-256:	B3362CF362686A744EFD6F4140BAAA46200ED20FBF57EBF9B08DFC433A65D5DF
SHA-512:	1AD17CE595917827916CCD7A519A9C8197124851A27A092444181FE0B9E8A6469FA1723892BF8B99648C9D01F25A2DB906B941D5CB1848B7F9B3F1C56509CC4F
Malicious:	false
Preview:	.PNG........IHDR...............4%....sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.17.01.13..g\|....tEXtSoftware.Adobe Fireworks CS5q..6....prVWx..Z=..A..].@kBa.0...._.v6v\|H..........,....?..X@ch.L4.abog.,....3;..;&..{..{....x..\|.E.....~.^.B\.&.,H..?.:.k..G..J.R6.U".........2@,/..m6...o....6....~..W..V.U...?.:..1..........f.O...?.v.[/.m...^.>.....v.~.z=w8..?.B..l+z.?...o.~......$E..._....O._.......(..Bn.....x.S1....O./F...P.....X,..\|..z.....?q..../.?.o1.S./.-......./U.e........=&{..m..R.TG....?....W..Pl..d........T...........Fa....O....+..........D1...WD.s._l..._V.<.'..?._....._..l..........dL@...Z.....#4..o4..~..b..l.-.._h...s.G.3.........)....).o6.......1e ......x^t._....q.y.....[0e....s...Y......\..._..D.3./....$..+.$.b.....p..k../^.\.#.Jl5..._..............x.:~......_...j.-...........g.Bs..?..?e..?.....NLe.'..x.I.?...Q......0.'..#Z.,qe.......G...}..>....y.Q..1.s....l.O..).WF.?....s.......)..L.+....b.+?..,.].W.e.......?..:. .h.......Y

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\umts\75.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 21 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	44178
Entropy (8bit):	6.609016526067013
Encrypted:	false
SSDEEP:	768:PtlzyPJjxWO+62NxK76htQL8/D2AicNxBdR3uzXF7dr:PtABjLwCg/DpxLReZr
MD5:	2BA3252E56CCB12733879C69613DC2F9
SHA1:	1891F17D9C38029331CF91A196A23BC2546F28B5
SHA-256:	9CF51B22ABA0E6C320E7AFBB762CE455995B587E99D01FE156ED87460E3DB11D
SHA-512:	3C9736D60116F49F2FE94181C8FD4562E23395542F8C2E6FC18021DA4C288168455A8BEB18E87A93864A4AC4B6734763098D831F9C83BD9292A95BEB4C0A7F4B
Malicious:	false
Preview:	.PNG........IHDR...............4%....sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.17.01.13..g\|....tEXtSoftware.Adobe Fireworks CS5q..6....prVWx..X.Q.1...F.....j../....4.'.Lj...._\|9.......r..x..JZIp...r{..\....p88..`0.....`0T..?]...>o>t..LQ?...>._..\|.U....B..n?.D.W........E.....'.~.^/.`.o'.../.....m....t.V..Y]..U.."_..I.......i..U!.x.a.`......an....F....d0.y..;..u...4..O.?.M....jqi.?......P.G_&.?..........^.9....r\...?z......H..a.X.3UNC................T..]....P...^U}v3Y......./J>.r../m'/.]NN.Do...K..^.cq.K..(..]..z.sU.IV..3....\..<_.._.....?.l............[.\T.4....m.i.?....#...)...s.o.r....,...MY.._....S.RI.....,..............F.%..i.....@...?9....q..L.7.\..7tY...Un..a....h...d..g.~....P....~...c....H...6.7..n.y<.}...`0...........xv/....[...a...../7m8a....HmkBF........................................................................).3...A.mkTSx..]Iw.8.fWw.8q......y.*i....5..X.Z.SN69.X..m..~ko.g...{.P$...d%aTe..@...w..T.Y.z...N.......{.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\wait.gif Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	GIF image data, version 89a, 28 x 28
Category:	dropped
Size (bytes):	4782
Entropy (8bit):	7.390716816113415
Encrypted:	false
SSDEEP:	96:9fsZoPpSBXTE8J+pHALGY+ibLPAQK8cVaZGnj0d3rYKlh:iZoPANTE8JbLGbwPAQKPsbYe
MD5:	3AC96FF472D06DA5B73A788BD2A9CA3B
SHA1:	5AB47CB5879F55BB825C4EB03EB1DDC30C815E1A
SHA-256:	1298A5DBC21BF9E37CEB2750B5AF1E58C1BBA1736795EC2C217C334C2B83AA95
SHA-512:	C7F2F9A0B3F9C929794730C44699569791B486EC8FBA6E1AB1F1FB4C58557A1A2CA04C25B37D4ED2D1AD71EAAA3C38C42A27053268DDF2710689DE1CD7920915
Malicious:	false
Preview:	GIF89a................ FFF\|\|\|...^^^vvv......222444.....................:::......fff......(((\\\......666......JJJxxx...nnn000............bbbrrrDDD......XXX...>>>zzz...ppp<<<```tttHHHjjj.........lllRRRVVV......TTTBBB"""...ZZZ,,,......~~~...............LLL....888$$$...@@@**&&&......hhhddd......PPPNNN........................................................................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,......................)...J...%/.KQ..U....09..LMT.U.U....0?.GMN8.U<<...:@D.NN6.<H.....1;A-DORS...........&......H...<)3.....'..E......2....5.BY".).4z.a...... ..B..$.........H.!....f\..#=..$...@...)xd;.bF..v.. ".....x(.....#Z..w...X}.Z0.....(.)B.....4,.@.....R..@`D...G..8....D5n. .....Hj.@....C`...l..i.0...4....5..(...l1.d..W...S\7.@U.mB...!.......,.....................EE...bR..GC..a...>5...._.Xcc..*N....]..5dd1._Nf...^.].,AA.ELN].D...a..XJ2.eN...../.J>.."&.....I<.H.=Y.._...U.HH<.6Z...<..ktD..G..!z.@..I."...B..)-.Hr....z...x.....g

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\01d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5557
Entropy (8bit):	7.953687827433983
Encrypted:	false
SSDEEP:	96:tmCCCCLxbORXTy6Xjzj6RJcwp8E7hkFJ/4A64Jz7iyZJygPa4y+dCEJ1OdZa2cd5:te0XTxLwpbkzZ6iqMJ3I+jrOds2cd5
MD5:	A2895E836E963D3E011D82F88F6E4DF2
SHA1:	89619E4C5DD8F0F9752547DE9F1589599E960FE1
SHA-256:	DFAB889E5FA895D0EB0267A42B95C572217BEF6CFD38E1AE739137B79298276F
SHA-512:	C1661CF24DF81B83918302C8B78E4F8D01001D34383683C84D10F432A71FAA3918A4D14FDC8D4BACD199D00EA3F0350334F1E8F4EA981DC8D250D7ABF3E26F40
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T...\|IDATx..y\|T......d!a.!.$.K.D.Y.q..X.R..m..B...m...ZE.ZW.uWDAQTPAYE.,...KH....L2...>..w...%.LJ...3.3..{.s..y.s...#.0..#.0..#.0..#.0..#.0..#.0...?.R........r....t...X/K..{..t.<?x.w.y.v..yQ".O......ZG..Z..E"Xs.O).........3.[G.........V..."2....D......j+NI.I...=..;(....(/.....O%...k.NIBv.u.k/.+..:P.m.?......,.8.......E......(?..n.]..=.S...-.J.gS#M#u.8g./....r....."./.J..iKvH...U..".l...)/.j&^..e....!.....zI.}.%....M.....H.p...g..p.l.w...?n~.$.4...xb.0.V^D...M~.h.d..#...x.2%Id....?...+.....q......2.U....k.Y..[.w.I.<R'......1v..#(..L[. ....52.......U..\|......n4V.....%..yV:-.!{..>>..C7...4<.6}.......h.gK.p...! J.].O6..j.$....1..u@.........9...p..K.....^...G.h..1i..(.O...J.a......Gj.......zI.uFf.#w...-...=gP...\|......Wm.p..g}\|.:...."...T....g>IAA..V..v.O.w.u..^L.+7.y..7......F.. .89.... ..QwA.2*......(..c.7.QY`.S...e....&.}...x0..".)!k.......3....:..._........T3....Fk..B.e{..=....r.J....@....O.D..U'T. .......T

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\01n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4764
Entropy (8bit):	7.91452063078394
Encrypted:	false
SSDEEP:	96:EcVoNtmG88W3gaEY1zaHNGrULOZzcpRbM3ZpJXcOPXLER/:EA4tNWQa1zOEUChcpW3x1w/
MD5:	9DE83DFC31F27A0B3D30D4AEA6480770
SHA1:	59EF788F7F3A759196E332CB2EF2C748B5094F40
SHA-256:	EB0215F3551D4BB7A644FEC041DE04AF32D4D94D63D134A6045273D7B63D54D6
SHA-512:	46420E271A1CB4B86377B50BD85DEA202908D4678124E18F43FDDD87FC4ED489EAFFC8E08D2169BACB971767D32EA541EE2ABA54AC0B8240598650BB404CEF40
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T...cIDATx..{tU...}...^...ER.bx.....3J;..Nu.4..v...uj+.Z.jc.]Smm.u....V.Oe..E.D. ...$....&....{...@.@.7.k..Zg.......... .=....#..E.d.F..m..l.1_.,...b.M.xS{..S.....-........7.2a.I&..Yz...e....fX.......}!.....Z......E.nrl.z"r.iWG.oz.......\|^w4.].x..:._...!;4.H@J.J)h..f...*... ...4a.&<.....V....Ue....-.o....W7y..Yg.......0n....6.T.. \|&d[..AJ.... ....C.!..0L0k....](.@+?w#.eY9q\|._).1[3.\]].91.Y.m...F.+.Oz%.j?....x..2.....2g.g\7yK(dOw].JI....E$Z.;Z.;4..i...\....7.l...L.Z. 2`Z&,....a..Z^s..G..i...w..t5.m....\.M.\.]C....l<..o}x..H...(\.5..tu.,6..>j..'...R)....J.)......=..,..........K&.@).....wAy).a!.. ....W...?p4....q.......C..k........`G..Y..,.v.8;".g..........l..".q.Wa.^.u=..0.....D.l>H...V..t;.d+.l7.....k..r.BX .U..U\.P.t.....Hw6.A0M.....]..]s............~V....L..K0....T.G.k.PT<..9W=.o?.. ].~W.'Z.h.-.d=....R..Y.aE..h.$M^....[..i..&.... .@4...L.5.. .0#(.\.I.......~6.a..Dl.....Y7\.@.G.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\02d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3825
Entropy (8bit):	7.919613659447748
Encrypted:	false
SSDEEP:	96:vH9H04W6zKBgkOFT/PhbhEy2YjTimhOXb6l8N2lArt:hDIhOlVhr9iqOL6+C8
MD5:	89872ADA7B4DA7BFE395CCE61A2C9207
SHA1:	5AB38E367AB7476F4CA41D78A758A5B5A9EBE9AD
SHA-256:	4377BA19B1C465A00362D96923998162C0D598C0E2B5D92FBA9EDA1843667B86
SHA-512:	4452B95ABD28D4290D185C626D406305D9C3040A8ACC2EA4A0D95644B6BC75403AA35AA4D4F3BC9125F49D6960340BB821DBE7CFB1B92A3F4A1D88930274CB73
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....IDATx..{tU..?.}.=..&$<l.S.(..R...j.Z.T\|...:...jG....VkM.o]...Gt...U.juT.'..J.F.((F..ILB.{.c..{.....^..Z.....o........s........................................."....R...-1.....]>^......\|.y.......Bu...Y..K{..\|.`...yl]s..P....r..}i.Z.7.u(.>.C....j....~~...W6.uAT.LUOU.+T..U}\U.T.kUu..NT.=.K7.<.V.....Ie.m[t)5...v...W.N...{.....#...ST+...ZU.U=SU...6.=;T.5U.@U......5...t..f}.........#n...jT.ti.v...E..[P}......]Z.m.......g=....L.;.'6..=..H....U..n.N.G.....#..1W...W...kP`.P(.j.......1j.+"#..g....^.5..B.Dp.CT...C...9WK....aT?{...w....q0Akfl..O..ew..*...n.PATu.p=P.S.....TD.{U......o.M.O....0(.&.....7U....A..6."p.H).O....X5.4.^...A@...8..f-.'Cg/..ub@...[.KsX..`.......Uo.C.^....X ........D..a...4....!.....ES..\.r.......B:."..q\|...^....5.m...~.....D.>U..).<!d....LF.."..8L...?./\|.^....._.Q...`.2(...[.......{....N.........8..~0....1...A.]..\........e...8^....~.JO..+... ...~.f...o.w..`.i.....C.;.l6..0..0...,..3.~..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\02n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3898
Entropy (8bit):	7.86673909839097
Encrypted:	false
SSDEEP:	96:JbaEIwO3Sl1BezyyJN3QwoEPdj2ydT0eVvYJCmm:hxI9S7ByNjQpOdj1dTz9mm
MD5:	CBD6BCD4665FB2658D04250C8F130644
SHA1:	C462887CF86F92617CFADE6752C560ED4CF8E659
SHA-256:	1EC8332F5C65F4A88CEAB2230A962318EAD0202C6D550EDDEC9226730D7EE7CA
SHA-512:	2AB4651EAB1C190BD516C887F930919939DC38B01B5489757BDBC9676EA1BC00906C98165DF78BA9E422B1E53B58433A94CC0E44D1DA365A9D4117194E2EB96E
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....IDATx...p..y.....d.,...l.q@..!....PJ..&!...?.Ba..L;.0-..5..-.0.d.i...'.....I!.P..w..Pl....-Kg.Nw......w.O...Nw.....Y.....~...}v_.....................................B......"..`..X..m..."..M.D..3.$".n.:....#s..:.....u.../../.....m'C. ..B.R..3....~W..1[..i..z..>.2..v.y-..../.\WGQ.....E.D....a.!.C..-..../.!.~..>.p....O.....dh.n.h..ZkY............m..]........&..c....K9@..T.&.Dh./.]._..........k..am...q.r.D&...i...C..........q.s.4....H..b3(n..=W...>.,..........T.r..v...8..h....Q.^.v.0@:..mK~..7..V.!,.?..Qa....q.......,..v...... ....G....K\..nZ\|..?U..S9........\......63....;..........}.V.CQT..pZ..... .\A8..G..8.....". ..a.!..@..(..m.BK...<.>z.J1.rL.S..s.O...L..AD$..k.n.0...Wc.\|..=D........b\|....N.4..q=2..W.......>x....D.t.....a@...+@.6..}.Z.....%...{../_M.DD...(.....>..ND.9.F#..?..{.VXh......h..<.A...#.3..,.T.....IAl.R........x.....U.a4Y......-.....V.......j3z...Xp...~.+..S...?.`t..v..@. ..@..tv...G7..>E..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\03d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3801
Entropy (8bit):	7.867881283991744
Encrypted:	false
SSDEEP:	96:3NhH8Pb5iGb55pyPOfFb8m28WPXIBxwSFQjVVeOefnoJ:DctiGbTMyb8X8MX5lC5noJ
MD5:	275A1A4B0DF3A9196F700AD5896401D5
SHA1:	86DE6BA9FE6EADEAC68B563A5AA93AE33E9F39CD
SHA-256:	CFC58A86351B6F64D4DB85495DC00FF288FE7BEB338501A48D3CE843B2F17BD6
SHA-512:	A6C138AE9DB7FDDF5E1553FD508A4AA4E62BF333CBB1E22A098E5574F75A2ED0057E9DCA63700279CB99819808E6CDA0D6B0DB63E17DC25E80070C1D46B64372
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....IDATx..{.TU~..s.}...l{..eA...B.@P...J..q..l...%.V..B-cY.JJ...%.V..T.]..k.(.F.`)......K@0.,23..L..8...G?2.............9.{..w~.>g.""""""""""""""""""""""""""""""""""".ph...7.L.?.....M.....9...+.8.......w.m..E+..~h...K7{.w{...k...0....a.....,..I2.\|..G..t.M.p......^...%....<.RJ..i455..,x......9s....0.....y..'.HD<.._t.<..C....^..`&.a...X.l....rH)......'..{...>....X._._.7mmm.T..Q.r..._....V..3....f..\{...O>..........8...H....+AD.k.z{{ADOl....z.I.....l._.0.@.@7...N.Q...d..'O.L)...K/..............?. ...B.03..Zk455a..8z.(..:....m.v...1Y.1.5....7.\...B.nf>....~LD..6.l6.W.\............SO=...nX..X,V.\..\.RJ.....'.x......O:1..!.<.......o..S....LDcV........<o..+.v.Zttt`....r.^U.H)...........w....+.R...L.<#.x'.H..i.......3......b...7.;...FKp...FWW....L&.9s.`.Mhoo..+.F*..e...V)5... "...R..]v.L&.S!....h8..]..bbb.....d.o...q..+..t:..g....hoo...J.s::;;/......>\..y..u].....?\|..g/=....'..e.".3.....U.,[......BY.4.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\03n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3801
Entropy (8bit):	7.867881283991744
Encrypted:	false
SSDEEP:	96:3NhH8Pb5iGb55pyPOfFb8m28WPXIBxwSFQjVVeOefnoJ:DctiGbTMyb8X8MX5lC5noJ
MD5:	275A1A4B0DF3A9196F700AD5896401D5
SHA1:	86DE6BA9FE6EADEAC68B563A5AA93AE33E9F39CD
SHA-256:	CFC58A86351B6F64D4DB85495DC00FF288FE7BEB338501A48D3CE843B2F17BD6
SHA-512:	A6C138AE9DB7FDDF5E1553FD508A4AA4E62BF333CBB1E22A098E5574F75A2ED0057E9DCA63700279CB99819808E6CDA0D6B0DB63E17DC25E80070C1D46B64372
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....IDATx..{.TU~..s.}...l{..eA...B.@P...J..q..l...%.V..B-cY.JJ...%.V..T.]..k.(.F.`)......K@0.,23..L..8...G?2.............9.{..w~.>g.""""""""""""""""""""""""""""""""""".ph...7.L.?.....M.....9...+.8.......w.m..E+..~h...K7{.w{...k...0....a.....,..I2.\|..G..t.M.p......^...%....<.RJ..i455..,x......9s....0.....y..'.HD<.._t.<..C....^..`&.a...X.l....rH)......'..{...>....X._._.7mmm.T..Q.r..._....V..3....f..\{...O>..........8...H....+AD.k.z{{ADOl....z.I.....l._.0.@.@7...N.Q...d..'O.L)...K/..............?. ...B.03..Zk455a..8z.(..:....m.v...1Y.1.5....7.\...B.nf>....~LD..6.l6.W.\............SO=...nX..X,V.\..\.RJ.....'.x......O:1..!.<.......o..S....LDcV........<o..+.v.Zttt`....r.^U.H)...........w....+.R...L.<#.x'.H..i.......3......b...7.;...FKp...FWW....L&.9s.`.Mhoo..+.F*..e...V)5... "...R..]v.L&.S!....h8..]..bbb.....d.o...q..+..t:..g....hoo...J.s::;;/......>\..y..u].....?\|..g/=....'..e.".3.....U.,[......BY.4.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\04d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4121
Entropy (8bit):	7.865445783928567
Encrypted:	false
SSDEEP:	96:3r7soykbSkD08BYNhZAqSMmGjUdQ6V6M/Am6d:3Xs6Ry7Cqi/i6IqK
MD5:	7E3B8FD706A63B94728056EB77D3D13F
SHA1:	509B865668F490DB1A60B255B3821958C93206BF
SHA-256:	E16E1612C449F337FD244E5CE965DB790BC36031A8A28439736FFD59268A2BF1
SHA-512:	9ECABD9AA66E214DF08555B690BDC639D47DD1BD094117F4718C0A21DB7D4C52A0D466D4DCE7B985F16FF8E42AD5CADA9252985E9020AB62196A399EDF318BDB
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDATx...o....k_..].vl...N.cb3..!\.t.(.f.. %.f.<0.3..$.../..../...(...H...DGh...$Jp....q..}q....w7....-I%.O.,u.w...k..613".....XH$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBB.Z....V....k.....4..C.5....b....b.xizz...KJ.acL..>0..oK..n.....8p@OOOw...?..j.d2.........aYV........p.P..r..]...t...~.i.v.q......hiiy0.L>.........]....N.I)E....B<ID....R?tuu.y.....:t.....=.!.w..Bl..................)%. ......}..b..."..9.Ba4.......l..G.}..p....B.Y..g.=/.....'..f...km.....u.gm..s[[[..........F.~.:.^....i.........b.m[y.w..b..Kk=.....G.....]).M.W_}.....H)Z.d....$@-Bp...L..h!{..9?.'\|....4.o.?.o..SO=..R....x<.T[[[..;.}.v03.;...q....T*.q......Z..#K.......#.RcMMM...B..>,...../..........Y...V"..#......Af....,......y..2.<.3.....Y3..m...w..f!.......m...~..m.?....b8u.....[LOO#..AJ.!D....J)H)...A..c..Z...;....W^y%S(.R.li.=.'..<.]..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\04n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4121
Entropy (8bit):	7.865445783928567
Encrypted:	false
SSDEEP:	96:3r7soykbSkD08BYNhZAqSMmGjUdQ6V6M/Am6d:3Xs6Ry7Cqi/i6IqK
MD5:	7E3B8FD706A63B94728056EB77D3D13F
SHA1:	509B865668F490DB1A60B255B3821958C93206BF
SHA-256:	E16E1612C449F337FD244E5CE965DB790BC36031A8A28439736FFD59268A2BF1
SHA-512:	9ECABD9AA66E214DF08555B690BDC639D47DD1BD094117F4718C0A21DB7D4C52A0D466D4DCE7B985F16FF8E42AD5CADA9252985E9020AB62196A399EDF318BDB
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDATx...o....k_..].vl...N.cb3..!\.t.(.f.. %.f.<0.3..$.../..../...(...H...DGh...$Jp....q..}q....w7....-I%.O.,u.w...k..613".....XH$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBBF$$dDBB.Z....V....k.....4..C.5....b....b.xizz...KJ.acL..>0..oK..n.....8p@OOOw...?..j.d2.........aYV........p.P..r..]...t...~.i.v.q......hiiy0.L>.........]....N.I)E....B<ID....R?tuu.y.....:t.....=.!.w..Bl..................)%. ......}..b..."..9.Ba4.......l..G.}..p....B.Y..g.=/.....'..f...km.....u.gm..s[[[..........F.~.:.^....i.........b.m[y.w..b..Kk=.....G.....]).M.W_}.....H)Z.d....$@-Bp...L..h!{..9?.'\|....4.o.?.o..SO=..R....x<.T[[[..;.}.v03.;...q....T*.q......Z..#K.......#.RcMMM...B..>,...../..........Y...V"..#......Af....,......y..2.<.3.....Y3..m...w..f!.......m...~..m.?....b8u.....[LOO#..AJ.!D....J)H)...A..c..Z...;....W^y%S(.R.li.=.'..<.]..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\05d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3096
Entropy (8bit):	7.135780610913864
Encrypted:	false
SSDEEP:	48:I/6vcvAHvyh/MU9sEvaE7ZkI8bwpm9p2DCilSn3+vnCOe+Vo6kKpEnL1RN:ISpah/MUqqZkI8bweYCilSnurAkgL1RN
MD5:	44B7A253B7D5AEA97E0F3F162A2423C2
SHA1:	370837F64E7FD4EAF06636ED974BF1EFF4FA5A87
SHA-256:	7815B47EA99A78F7F624FCB00697B9AF08297995AD572F02211BD4B9E503C0F6
SHA-512:	5F4B8A4A0FF60FBDCDCDCE214EE7FDE61A98A6B046A60A162BF747C398DAC6C8DFF1AC9B054CD2188166D07CFB2E68BF5C8693AD3F42EA33387B1882B952D420
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....pHYs................NiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-26T15:07:09</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>100</exif:PixelXDimension>. <exif:ColorSpace>65535<

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\05n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3096
Entropy (8bit):	7.135780610913864
Encrypted:	false
SSDEEP:	48:I/6vcvAHvyh/MU9sEvaE7ZkI8bwpm9p2DCilSn3+vnCOe+Vo6kKpEnL1RN:ISpah/MUqqZkI8bweYCilSnurAkgL1RN
MD5:	44B7A253B7D5AEA97E0F3F162A2423C2
SHA1:	370837F64E7FD4EAF06636ED974BF1EFF4FA5A87
SHA-256:	7815B47EA99A78F7F624FCB00697B9AF08297995AD572F02211BD4B9E503C0F6
SHA-512:	5F4B8A4A0FF60FBDCDCDCE214EE7FDE61A98A6B046A60A162BF747C398DAC6C8DFF1AC9B054CD2188166D07CFB2E68BF5C8693AD3F42EA33387B1882B952D420
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....pHYs................NiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-26T15:07:09</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>100</exif:PixelXDimension>. <exif:ColorSpace>65535<

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\09d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6272
Entropy (8bit):	7.952221516269904
Encrypted:	false
SSDEEP:	192:vTdwC4wT/wcNmEZ7lfw+VmqaN1etjAn3n:vTdwC48/wcR7x4qiedc3n
MD5:	1152B8F2272D33504E426F03A7854051
SHA1:	8CEF6405665326BCB3579D5EA3504FB519F59199
SHA-256:	5B4E9D8CA26DA06CCFDD00226A65AD5DECCD3DA0ED621A2113A52B0CEC2DF234
SHA-512:	B23E7EEC6753EFAC77AD9F60D42D4C706C23EBEB461DBE3C7D503C8B579337AC19543B5CF1D63AAF7292AFE3F6295BFDE8DFC0925A2B1E8620564DFA1D092B05
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T...GIDATx..{\|U..s...^..B.....A.)>.W......j....c..S.R.Zk..T?m.........H..........UT,.^...L.IH.........+......g.6{.5.X.7..c....G.y.G.y.G.y.G.y.G.y.G.y.G.y.G.y..B.j...........+--..J...S[[...4?8....^p...1..hBn.....^....0.G..A....4M.RA".XcY.SeeeO...?h:.2..Z........i.....p..y.....9..c.2r.H....}_...aA.\|......'nX.b..C).?.....6m.l..0\|.p.9..N8.....:...O[[..6l`..l...4....L.............h..y.{.L.<.TE:....f......y..mSQQ..1c.u+./'.....+.z.g.............,@.O...&.T...w..K..y.q......L....../...m.PJ..F)...E.J).?.p,.....umqq.i.g.........HD...e.8...l..QD..O+...i...w_.........)...........d..L.$.L......N....ZZZf...x...RJz*...5DD.........<..D).f..g.yeKK...5UUUTTT.h.".{.9l.> .3.4M.8..&...'.........Q..O&...;v.3f.?...Ww...."r20.8...4..)........_9.s.....3X.~=..{/.7..B)Eyy...}.`.T.. .+..:..Zk..s.>.+..(.+...%...!.<..-"]..s..Ix.w..TVV...K/...N...Ap...}.l.r..y.......y...d......f/\.0'!D.."".._.%9,.{.......Z..Z3\|.pZZZX.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\09n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6332
Entropy (8bit):	7.953324168049867
Encrypted:	false
SSDEEP:	96:cloLqui3QuBgbu2smtxj8+QUhyHCegy1SI8iXiYRJYFUNJymXYUZiBHTwCV3F7:clmquiLgbHhcHd1fld9ymXtMBHX7
MD5:	6CAA2C241ADE87CDBC0014B8B3C8D081
SHA1:	44EF5BCEC30459F6ABD85CF31405F611E14CBFA8
SHA-256:	17F13A4EA77050968794AD3D0FFD6BCE1D0A42EF139FC7CACC1B62E8AAF80B9A
SHA-512:	8FF0C3CAB6FB3105A6318B651332680B8E0F2B02FADDF5B4379F57918AC77BEF125D03D9323DC135C48D01C38322551897DDDC031F1CD1D43CF51384A534CD25
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....IDATx..y.]U..k...5....!$.E.........x-.KZ..'8 .....j....Qh.D.D$...E$Q... ..0..d.J...=.^.SU..TU.O.~?.S...s..g...{.=....T.P.B...T.P.B...T.P.B...T.P.B......3.BU...."v..9..g^.V.1X.<..<..R__....._...QU....6I....,p]..1..v.8c.Ib..p@.P..d.{...=^.<....U.\|~.'.......=.."Q...".#.. .6..#....y..0......)3.v....7/H....q.r0'...A.8>.F2.Mx.Z....7...jL....>.B'A...l..0..1w.'s.._)u~.......~..^.{Ns.P..9...PU?.......I.j..G..@...z^...2$ErU9.$...~n....R../"..V......F..x.X#"..M..U.Y....D.L..8..nZH..~..q6...l...8.....I.b1...&S._=.L......3.;_..<.PD./.8...M.4.g......3.....o7.n.~...,........}.......4.{..S......&.7?N.{-q8.$ .A.]$..Hc..WM.fj.hB.........z......WAt<.+.. .:....!....+./..<.....J..s........Q...(j..^.-.o.".....$...@.U.j..f..53.....TU....D.a...8.m..+.z.p.0g/.....W....A./.r\q.........,..d... .g...u.....3..X...a2..P.u....3...?..........@.DI^.\|^D.........>......io.8u...(a.Kl\|.j...........".f......._..e.L4U.D...U. .# S.d?...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\10d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7371
Entropy (8bit):	7.950812551054805
Encrypted:	false
SSDEEP:	192:37Jzaqa5XXMh1uaQPx4pbhdUHJD88N8/v7AjwzQlGW:3Ta5s/ua3pbm9NsvswzEn
MD5:	141CB25E0AC9A3620B0209D60A0855FF
SHA1:	85D4704F81C6D9451062928E408A881D03AEF1D8
SHA-256:	C2AFAF2B737AB4291B4A191FA1356449D34A989F78BC6735FF67A11CE4CD129A
SHA-512:	5C552E7EFE0F7E4D542CBC938045B5AB13C7B51444812484E9EDDC521A2C9F9DE54512668DB86DD4D6C4DA718C58701959598AB4DB5A39D116A8D43CC3224E7D
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6...EIDATx..y.%.}.?...~....9..=I..7iq...o...+.-...$r.8..X.$$Q.H1.[..0.. 6$'..l..B.<..x.}q.{.y3...GU..7.KrE....`.@....>.....W.#.9V.r.>....Z....d.i.......U +L.@V.V..0..YaZ....d.i.......U +L.@V.V..0..YaZ....d..,v......@e_..1.B....k..M.zW.....R...5........~H...mIU.m.a.!.mdL.E`.@..U @k....&..?MP.9lT........!..K..re.T&>Jm.n......G....9.......Z+...\.sn ...j..y?.6....7KP..Q..f......7..z?..tY.bq..h...\.s.WD<.\..........v,..P(TN...x...^.M.....6..8.w.c`...~n.H......7..w.E}....K#.G........._...9.?w.?.q...a..:.D.9..S...R..}.R.Vu..k..Dd....g]...9.4..H......)c..~........Wn.(..;..."..l!<9..?..x..S.k~...<....5.j.$....._...k.....7..../....y....+...1#...z......W....G.W....R.1.j..z..d..8g5.".[...9.....t....>;>>..0......."-P...^....M9..'O...?....:*.w]d.7.Z;"./.tq..,8..kT(.n.....n.><.....w..K..t.Rf#...2=y...!:.,....ddd....../..6..........+.(%.@...N.-..5..9

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\10n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7439
Entropy (8bit):	7.940863981126883
Encrypted:	false
SSDEEP:	192:3RVT4h1SNQkBuazX4N68C5ekKTj+W5BRvZQ+nHmSb8:334h4QkBuhNxC5vujxR2oG
MD5:	49E23319606E48704F3F0355913BB14B
SHA1:	0691F18CB593F01A09D7154653C597F8C8BF5158
SHA-256:	113C8AAC85C0D9E2C79A78315300CC5512C24C8B4B064080FFB5D83FA95D70AD
SHA-512:	D33C29865A5627FB8AACAEFC5FF6D98A34B365C27918A8FB8005AABCBA7610636A744AB84ACAD2697522F02C43A05719BD0B33A968A85A2A10E04FB55BBC1EA9
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDATx..i.\.u..........}a7..(..bm.,&vl'.%.......3p&.f23..d.v.#.L.A6.C..1..q. .o.-[.H.DQ.(...&{....Z.r....&E..M.S...x..Uu...s.}...h.u.......j.i1.....@ZLm -.6..S.H........bj.i1.....@ZLm -.6..S.H........bj.i1.....@ZLm -&../..N..'&.......z..#r.wj.~...AvT... .(.-.+K..4'.M:..Rj....+...g..yh.?.i.b.............."'....N.r...8......[.J..Q..........%...k..2..N...k.y}........Ty.1.v....`<.e"...q....@..M.#c..&.W.....3......l.D..w&..o....r..?........].....3..r..=\:.n.L..8...X.Z..XX.h.h...Z......K..6a.U..x.'...7.o......6.E..8R.....DT..O>.OO}...fo.2..DrP.3i.L.d...'.!$Yk...1.ZE0..j....D.XX.............5..GI.Ofy..c...3a?.@........w[k;\W.9..:...d...1....B.q./)......V.9..?.\..c..G..{.........p.i0)`.BP]....~.ZG......X..1.c`....Q<.&.aU......4..d...?..3.1.l....[Q.4OA(...acq...!cM.16...k..H..".....c.y..D.Ry!.N.7[_..<...^a....'.).uvQ.#G.s...j."J+.....z.Fk.cb..x0.. .......

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\11d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7542
Entropy (8bit):	7.931742531070458
Encrypted:	false
SSDEEP:	192:3rhjuKWN3eqedTWARrTP5OnAWleWJFL66zT3P5YsS0mkeo83:3djuKWN3eb3RroAWllP3PS0mt
MD5:	7F0C3D48997210950197A366CE05C297
SHA1:	1C405E0C5D5774091B872DB57FE81459BF490820
SHA-256:	874D3B3B181D61946E04AD8BEE4ADCBCA3C17C6E40C55D181352BDEF791F347B
SHA-512:	1BFA8D99C0B7A3F23C5A41BAD9786963CAAEB68B96841FD9F7B57D450060180C9293D0A17E7C88C613FB648767EF19CF7FC4545DCB0FB8AAFDE7A37186E0267C
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDATx..\|{p\W...;....V..zZ.%..N.$NB.<HB.j..,.P......-j.[..U[.0;;.d.b.ek2..Z&.lv.$.L....Ll../..-?dI.d....}.....-.e.d....\V.=.......8.mbf,a.@.l..p1..YdX"d.a..E.%B....YdX"d.a..E.%B....YdX"d.a..E.%B....YdX"d.a..E.%B....YdX"d.A...n...g.}VH).....\.m....7..u...c<.u...{.....~..s_..oHq.l5.4k..1B~.....^zi]..k.d2.WUU.455.L&.u.h............;....OLL.a.S/.......!O?.t..[..cA..J...R.pcc....).........yxx.0Y.6f..... ......-......[...>........<ok{{..hnnnoooO%.ID"....B.. ...PJ!.H$B.P"..?...['&&.A...`.....'...1&..~...""-.(.] ".Z.\|..'....-.X..h4.HCC..u....6......188...!.....!....#......B.....\|..y...G.w.s..!ddd.Y). .\^,.....6.....E.q...B.1ct....`GGGa..;.............i.M.h........>\|.ccc........)%l.&... P..6.!&..h..>...{...?.......P8.6O<.....j......Q..Z..w.!...f"J...B......1.R..B.K)w......>.w..U..c.v;..N.;6n..k.!.5........# ".!@D .)R..PJU..3o..`.X.......;v.".

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\11n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7542
Entropy (8bit):	7.931742531070458
Encrypted:	false
SSDEEP:	192:3rhjuKWN3eqedTWARrTP5OnAWleWJFL66zT3P5YsS0mkeo83:3djuKWN3eb3RroAWllP3PS0mt
MD5:	7F0C3D48997210950197A366CE05C297
SHA1:	1C405E0C5D5774091B872DB57FE81459BF490820
SHA-256:	874D3B3B181D61946E04AD8BEE4ADCBCA3C17C6E40C55D181352BDEF791F347B
SHA-512:	1BFA8D99C0B7A3F23C5A41BAD9786963CAAEB68B96841FD9F7B57D450060180C9293D0A17E7C88C613FB648767EF19CF7FC4545DCB0FB8AAFDE7A37186E0267C
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDATx..\|{p\W...;....V..zZ.%..N.$NB.<HB.j..,.P......-j.[..U[.0;;.d.b.ek2..Z&.lv.$.L....Ll../..-?dI.d....}.....-.e.d....\V.=.......8.mbf,a.@.l..p1..YdX"d.a..E.%B....YdX"d.a..E.%B....YdX"d.a..E.%B....YdX"d.a..E.%B....YdX"d.A...n...g.}VH).....\.m....7..u...c<.u...{.....~..s_..oHq.l5.4k..1B~.....^zi]..k.d2.WUU.455.L&.u.h............;....OLL.a.S/.......!O?.t..[..cA..J...R.pcc....).........yxx.0Y.6f..... ......-......[...>........<ok{{..hnnnoooO%.ID"....B.. ...PJ!.H$B.P"..?...['&&.A...`.....'...1&..~...""-.(.] ".Z.\|..'....-.X..h4.HCC..u....6......188...!.....!....#......B.....\|..y...G.w.s..!ddd.Y). .\^,.....6.....E.q...B.1ct....`GGGa..;.............i.M.h........>\|.ccc........)%l.&... P..6.!&..h..>...{...?.......P8.6O<.....j......Q..Z..w.!...f"J...B......1.R..B.K)w......>.w..U..c.v;..N.;6n..k.!.5........# ".!@D .)R..PJU..3o..`.X.......;v.".

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\13d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7297
Entropy (8bit):	7.947798533116465
Encrypted:	false
SSDEEP:	96:tPPP4KKeuMptXBjOZYxmWQEtdzAdCx+QfMwRzpR6pJFeJt3jNT+nMAqO9CdThQTW:GXeuSXBsYg2w8+Qbsp8zdw96oYpf3h
MD5:	A9134BF5D315DDEEC06295A538F0DC7E
SHA1:	1E2F488458510FC75E502018A298F9D06AC28E85
SHA-256:	0C589839113DAA8E3F5380F1695A842E4B7A3236F21655275B6F1E3A0BE79346
SHA-512:	A5806DD8465386863B22B69848B474B70702717F318A35E11DE46CDC2F4BAFC4A4FA7930C3D7D63871C5A44B90876C8A50548A773B19C8A4A8780E661D3BE31B
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T...HIDATx..y\|.E...U.=3..59.AB ......9.....EQXduE<W<.].WW..YT\....uA@^QD..$r.3.JHB..9...... .$$......t.]....z.......$H. A....$H. A....$H. A....$H. A....T..N..b.......#"".9....1....'.47....2e.z....?.......4..Z.."..i...Y....l6.nY.?LJJzg..E.3..YA..\(.[..Q..5M3.,DFF"!!.n...s...!//.^...s(...p8f..._..t.&.y.W....{...@ ...T\~......Ngm8UU.i...>.5k. ##..s3$$...../......!">}....eM5...G.....(.....q.F......0.....qqq......~.zh.F..c.+.....N.y.....:Wo).....<....e.y.c{.i.u].O.4L.8.#G....K.,...+PVV..98.`... .......p.\.....$::z../........s...]..v.c.t.`;M.\"...]..0.Dc.{<.....'5M.!C0r.Hh.....`....l...\'I......EEE5b....g..}....W.....o....."J....I..x.j..c..<S.{......k....3. ::.o..6V.\....H.c`.....\|Yff.\^^>A.>...".(KQ..QQQ_=..{......R.N....0.@..0c....).v.@S.LY....!C....Fzz:...Yn^C..........r..B.....6y.*.c....<..x...5..Dt/./pvb.UM.c.>&....,_..n.f/]..{..c0...e5k3M.....a.5M.a.0M..iB.uh..M..L.\|.....?.....).. D4......4{........={FK..V.e$$

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\13n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7297
Entropy (8bit):	7.947798533116465
Encrypted:	false
SSDEEP:	96:tPPP4KKeuMptXBjOZYxmWQEtdzAdCx+QfMwRzpR6pJFeJt3jNT+nMAqO9CdThQTW:GXeuSXBsYg2w8+Qbsp8zdw96oYpf3h
MD5:	A9134BF5D315DDEEC06295A538F0DC7E
SHA1:	1E2F488458510FC75E502018A298F9D06AC28E85
SHA-256:	0C589839113DAA8E3F5380F1695A842E4B7A3236F21655275B6F1E3A0BE79346
SHA-512:	A5806DD8465386863B22B69848B474B70702717F318A35E11DE46CDC2F4BAFC4A4FA7930C3D7D63871C5A44B90876C8A50548A773B19C8A4A8780E661D3BE31B
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T...HIDATx..y\|.E...U.=3..59.AB ......9.....EQXduE<W<.].WW..YT\....uA@^QD..$r.3.JHB..9...... .$$......t.]....z.......$H. A....$H. A....$H. A....$H. A....T..N..b.......#"".9....1....'.47....2e.z....?.......4..Z.."..i...Y....l6.nY.?LJJzg..E.3..YA..\(.[..Q..5M3.,DFF"!!.n...s...!//.^...s(...p8f..._..t.&.y.W....{...@ ...T\~......Ngm8UU.i...>.5k. ##..s3$$...../......!">}....eM5...G.....(.....q.F......0.....qqq......~.zh.F..c.+.....N.y.....:Wo).....<....e.y.c{.i.u].O.4L.8.#G....K.,...+PVV..98.`... .......p.\.....$::z../........s...]..v.c.t.`;M.\"...]..0.Dc.{<.....'5M.!C0r.Hh.....`....l...\'I......EEE5b....g..}....W.....o....."J....I..x.j..c..<S.{......k....3. ::.o..6V.\....H.c`.....\|Yff.\^^>A.>...".(KQ..QQQ_=..{......R.N....0.@..0c....).v.@S.LY....!C....Fzz:...Yn^C..........r..B.....6y.*.c....<..x...5..Dt/./pvb.UM.c.>&....,_..n.f/]..{..c0...e5k3M.....a.5M.a.0M..iB.uh..M..L.\|.....?.....).. D4......4{........={FK..V.e$$

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\50d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5465
Entropy (8bit):	7.884206622428714
Encrypted:	false
SSDEEP:	96:7X8tVbAHUyX+ItZsUvLlz/+BRoI/MgpuCEj6U57rV7Uq6cwZAt3sgldFiTQmw4l1:7XT0M+ItZs8J/+BRoI055j6UpV2JRgXa
MD5:	92B1EDE3782CC9194672FD07E8299BA7
SHA1:	86B28B39D1D5049244B13800489FA07C312E4517
SHA-256:	0EC88085F6037D84D0C0CC60F21FDBB9A9F3FF36A4603CAC782767DED167792D
SHA-512:	89C52AFE9C3C8FB445742CB323D064A97FD21999F46071B42087BE91AD163E9C8853A773BE7A8DEE485B0B17430B9E747E2D0190A87547AED8AD867EFB7B46A4
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T... IDATx..{l\....s.}..yx....;.. .B..q..I.....l.......@`K+-...("e..J........n.........I.<...y.9.{.....q...xl..~....s.....w..{..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...S]..;}...J)k..&..~....<{..J.....q.v!.;Uv...../T...:D..F..2.T.y....a\|Q\\.5k..W_}ub....BD...u...@..W.@..z....C.1.Z...".c..........;.."........s.Uuww/#..x.R......J) "`..c..R..1.X..z?c.C.4w....=..s..U.\4!......>[.......J..DT..........Fd..&.9..e....@...~.y.R..s..Ak.-..D.kR....J........c.h=...!..!...v.w.}.S%P.l.9\|...E.Tj.Rj.R.r.y..@k.Zk..1o../86....$.t9...q.eY.9..eee....{#.H..3.J..T.Tk.Bk].97.`\...z....m...nO..{9.1.....m...{n...\|.8.9.BD......Z....9..`....C.n$.EP.!.s ".R..O)..9.i.C.s....w....Fs....'[Y....;.....O?..c~).r.d..7....:....n..Z.8......i....9....XR.R..)e.R.zx37........&..1....a....q.SJ...u...u..Z....F.D.\6rB..M.../.0.19 r=.1vS,...Y.CZk....B.O....\|......>~.w......N.:uy,..z.._....}P......a\|d..@ .F4...?.i.X..i.....2..]....k...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\50n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6143
Entropy (8bit):	7.826590494105305
Encrypted:	false
SSDEEP:	96:3MqZfwVBKheF9SN+AUiYR5yn1oLVAsNNst1voLm4MLgZLZZtrxuCNbDWFj59eHgU:3MQfWA09SM7Rc1oLVA0dLHZLZZ++Da9o
MD5:	F6461535DA539DB33106BFF30C038273
SHA1:	792F5A52FD73EA79784B6355EB7514401566425E
SHA-256:	B583531349E95B0F5471F34860EAD44CF28EEC4E2B6BFA70AC87618868930A8D
SHA-512:	496F08151F830BBE1F8B94C7E0D3FA9556CF1943680891316739BAA054B0CD81EBAF3CD14812E61B7068ED23466C622E520788D0DC2348482B2EE2FEFDFFA6BC
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6...yIDATx..\|.\W..o......n.W.$....I..3.2.AW.>.......!.x.).@.0...$..A...A<.p/...p..C.$.....v....>....{.y..v.N.N3...I.r..>{...k.~{...b.......q3...............................................................................A....u.[....J...Sb...M.Q....2.if.L..h.$sI..'.....<_........-..x.....Q#M....w?...q......r......YU-3...U..G.......4.....V......:.vD.AD]fn.jWU[.R.;??.;s.L~.....vo4..{....~Pk6.s.YU..0.....Z.0....FDec.,3O.cf.......~CU."..`..Ft.5f.0.tJ....O>.y...6....M.?_...]..W.,D;.E...G...y..3o..&.TDzy.o.jGU.DdWUw..h.@.....!.-U.0......o\|..;#A.....B..Xr.=........XD....).."Da..... .<...TU%~? ......2.....\.d..Z{.V.])..}..:.N......y........h.........R"..;....H...p.:.z..$.]......\|.X,.~...g..i.\|....o~........U.{.,..$.)U..E{.i....S....K.M?.k....h]Uw..M"...!"......G.hJU......(D..4..t.8"J....?.a....8A.y.......s.....?.#o...!y.?...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\crtd100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5623
Entropy (8bit):	7.944802568203671
Encrypted:	false
SSDEEP:	96:VjWtBmPJXDpzwpa3X8EasCBtKQ/FAHLoqDxBmbWnBUzZzKXfbMIHKPP+rLjs:VStwhdUX7BwQuJBUz8XfIjPULg
MD5:	E679BE9A4EC62A44775969DD56168389
SHA1:	94E9D4745AD9DCB99E688B77C538404E9760CFD9
SHA-256:	1D266587AC67CD6DCCA80F732557D99723179C2030E4C2F5ABFCE9C3C2E089AC
SHA-512:	772C63DF6ED7018839EEAF96D74E798064F2AA6957183357593ED019304280B9818E1E8B07BC238A231443F0239CD1CC91984C6A7D8F707C5A820F60A9ACF91D
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....IDATx..y......Vuu...0 .,....&j.,J.K..b..H.T.I.$.,...\....$j.(..L.I.....E..#[2.Lf.f....Z...1=#.w..h.?.....S..so.sO.[.9r..#G..9r..#G..9r..#G..9r..#G..9rd..o...y.....be..._.../.<...^....M.<..SO=5..u.O.A...a.w.L&.j.Gk......4M..oY...m?5r.._.;w.~V..`.o...I.{.......M.<.....#G..q.p...#??...x<>..v..u.W...M.V..p.....!...4V.Xq...u..#F...'..#.8....-.<.C".....\|.rTTT.0.7??...o....X.O.AH.e.]v..+..$N9..L.6..m....k.....;v..<..a..2...Cmm-V.Z...~..]p.=.<...O.BR...`....,..P.`=.-"...._~.9..<.8..>.l.y...%K.`....s'.RPJ.....".a...mTVVB)U[ZZz.y.6...=...7!y0...L.p(....%......FDV.+..[o-....!.L..c..g......c.a.e..B......F..Z]]..PJADJkkk..pi.2..h....'.i.!Y......`p.Y=....,"k.K\|.W~+..?n..n.....<...,..E.`.vF:..D.n....m.....nll<.0.1Zk....Ph.!C....t[F.....6Cr....L.8.(.;E..%.5k.B.qfL.<.s...{.y..5Wn.7.....}.{..J.".5H..'".a...#../"...k..>I..&.Zxo........0I.........;).Lb...-^.... .......y.jjj..[.8.\..yp]..d..8(.L.s.E.=4...P/..B.....4..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\f100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5465
Entropy (8bit):	7.884206622428714
Encrypted:	false
SSDEEP:	96:7X8tVbAHUyX+ItZsUvLlz/+BRoI/MgpuCEj6U57rV7Uq6cwZAt3sgldFiTQmw4l1:7XT0M+ItZs8J/+BRoI055j6UpV2JRgXa
MD5:	92B1EDE3782CC9194672FD07E8299BA7
SHA1:	86B28B39D1D5049244B13800489FA07C312E4517
SHA-256:	0EC88085F6037D84D0C0CC60F21FDBB9A9F3FF36A4603CAC782767DED167792D
SHA-512:	89C52AFE9C3C8FB445742CB323D064A97FD21999F46071B42087BE91AD163E9C8853A773BE7A8DEE485B0B17430B9E747E2D0190A87547AED8AD867EFB7B46A4
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T... IDATx..{l\....s.}..yx....;.. .B..q..I.....l.......@`K+-...("e..J........n.........I.<...y.9.{.....q...xl..~....s.....w..{..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...S]..;}...J)k..&..~....<{..J.....q.v!.;Uv...../T...:D..F..2.T.y....a\|Q\\.5k..W_}ub....BD...u...@..W.@..z....C.1.Z...".c..........;.."........s.Uuww/#..x.R......J) "`..c..R..1.X..z?c.C.4w....=..s..U.\4!......>[.......J..DT..........Fd..&.9..e....@...~.y.R..s..Ak.-..D.kR....J........c.h=...!..!...v.w.}.S%P.l.9\|...E.Tj.Rj.R.r.y..@k.Zk..1o../86....$.t9...q.eY.9..eee....{#.H..3.J..T.Tk.Bk].97.`\...z....m...nO..{9.1.....m...{n...\|.8.9.BD......Z....9..`....C.n$.EP.!.s ".R..O)..9.i.C.s....w....Fs....'[Y....;.....O?..c~).r.d..7....:....n..Z.8......i....9....XR.R..)e.R.zx37........&..1....a....q.SJ...u...u..Z....F.D.\6rB..M.../.0.19 r=.1vS,...Y.CZk....B.O....\|......>~.w......N.:uy,..z.._....}P......a\|d..@ .F4...?.i.X..i.....2..]....k...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\r100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4405
Entropy (8bit):	7.927849895075624
Encrypted:	false
SSDEEP:	96:X6/utiTjhtaGQrxIZWBzFZbXLCjUPXMweNQxfTHM:X6/utiTNtaLr2MPFCAPXCNMLHM
MD5:	745092E010CEADA1BEB3A9F04ACEAEF4
SHA1:	D73F9C19F787A2087AE5BD6564339B47F5A5B76B
SHA-256:	88EF2B346AFA16FB27CADC0A8C27DBF67879F6C6671204258A70B025E521A40B
SHA-512:	6E69D0365ABAB2652BCAF4633B84F257A094DC2AD6C5CA48BAA932C7D025A321AB388B69C46F3C25A21D15722184881C2D7DA71BD94F047891CAF3B60B6AFC28
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....IDATx..]y...y.}.=...J.....V.f9Dp,.....$.p.y.!X!.8.p8$<'./..N.....9....H\....a..@..I......t.Z.V{..Q_....E...=........~..U..,PA..TPA..TPA..TPA..TPA..TPA..TPAY.._...k..w;F."......=..v....u..n.Ha\........51i_..^m.....o..!..8.+..m\|\.....[............S..,.r.m...[B:..8q.....8V76.....>...w...;..3V...c....rf\|R.oZ.....n.p0.5..%....W8..I...z.{....f.7.q.o8...\|.{...n.~..i.....E+n.d..q.qGH+...~....y..;..k/-_....3gck.01....^..y....4.}..3..>o.j.".......9v7>K..Y....?....8......B>e.y..%?...q...-.w...C.>~....5p.0..a^`\...Z[6...A...m..u.uO...j..8.(.y.3..O-..;...{o...."H...-;..9i.K....Qo......s.......a....\|2.j..'....P.q.Q...x.ON^.@.c..GY....L<c..w...... .&J.P.....8P.5.x...X..eG...j...lM..o.Q..[...........dE.....PP.y...5g..w{.....N...._.O......z.{.T..p.>)..9&.bP,Oi.).}6.5....-.7...2.._..L..?..cg[;.......N! '.)S....Do.u..5=...<c..3......['..g....Zu..@ \%`.....8u...).....p..?..W.9.N.....e.2....k.]...g1..F(..D.-.....

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\scrd100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6342
Entropy (8bit):	7.954401263503127
Encrypted:	false
SSDEEP:	96:CdpS9kdcAxFywxkwXdQmzAt/JeWfx6nGIfnwMGVLiia+7GRp3m+Lk9zBkKCNQ0At:sev+QmzA5JN81fnwLVFanzk9zydNi/Qu
MD5:	BF213493E6184CEADD5ED6ED7AF39B10
SHA1:	51B4128F730AE88CFF141C3D14F123FF1A6AE8BE
SHA-256:	8867F3B3C33B1D72CBFE18C6BC4EF84B3A7CA55EA2527F7A03BC2D212C677283
SHA-512:	24C6CB9CEEE6BBB586DA4AFD71F59D4739889F519D09BC75DDB732BF1CE032D5EF8DE6F1DA0F993E9C1B8FFF8643875D67DC3246F6B1709C61752AB4F6D035EA
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....IDATx..y.....OUuu.....!.....1..\P..5hL.h.1......7z.:.^.+..%.\w...W.\paq..d.ed.f....s..n`.Af......\|..t....<.9.i.!..r.!..r.!..r.!..r.!..r.!..r.!..r.!..r.!.....JK.=.i..7...}..H}..YW.r.7...n.7..Vj......BV..r..~.m._....W.c}U.@.....o=..l..................`....h.7..N.....z..^....j..^...jy..Gt..I..=WYS.F..DR./<`.C...3vQ...}..aZ..1.l..uP........g'Y..........J=U.T6.3q...;.?9..w....5..#...4M.#?`.G...A.^.C._\|w..c.. .....s...'.?.6L..S./...7F.P,[...C....{...........Ed~g.8.R._>..o...G#......B...:CO.)....JI...>./.........)./...!..F.......2S.3.}.@V/..u.a......\|8..W........%..~...J........A1-..".N...+y..?....z..s!T.bH....<.L.*...B...>.[..g...H..$.....N..J...{{.v.5BT.b./@8KE.....x..Y...?r.45~...".3.. <.....Yh......B(.y.@..A.....Z?.w...o..%.............,.......jB....d.,}c.z/.SQ....7.%$...Luf..,T.Gu..kP]..\|T_Guf..%.P..U...........or.f.e.=..0U....PU.U.S~......G.ToG....O..:m.....E5.N..d,F.sTW....P}a......?.uP.c.Tk..yo._

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\sn100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	9276
Entropy (8bit):	7.963096288276217
Encrypted:	false
SSDEEP:	192:47Sbi4UxjU9g/G8fwUF+e6LplISC4HNz/aB1fFk5yW8RkIcmqD:3NR9r4wUFf6vDHNz/AdMyWQvqD
MD5:	95BCBDBAC91B10C0B03642501C8476C2
SHA1:	7CABBAF8EEBE26DBAC8A229DE9D024CDA1ED70E5
SHA-256:	BE66550ED1E833252C568CC53F0767C159AFF096ED367357E5BF54D6079A4640
SHA-512:	B8F58C3F5D7539BAC454D64C6708B6A315991FE4E40F1D05B0FA9773598BD483AB1719CEE8A85CF6F6A671B19CF9CA67360C18DFD5C46148A4E0393D3CF95730
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T.. .IDATx..w\|....?gf.d7..nz..J.5..M....@...(.....\.$...UT..+..".0 ..@(&....M.:;3..M......_..f6;sf.y>..s.....:..:..:..:..:..:..:.?..Jg..@.....e+.N..fue\|..{=c.+...o .j.MM..{.......olu..]..Z}.r....3[..3.y...W6..e....W."D2wo....d.....-G`r.1.!....t...\..w.Y-kR..+...$.....Z.B51..B{T%.Se\..UEP.QDL.d.=lrm..j.WE].....+....[.<U..?..}.1....".J.:.R7`X..8M.C....-M`..VA=.7....%D1.l..].2.% ..s_sw..].[n..u....7........T..+.."..4.U.o.p...g-.. .gC..EM].ty.z........I.....q....DP...y.._E%PN@).e.....J..@.0..7.i..T..jH.w:;q...+\...w.3.k..j.....A....R.~..t...$...=.h..\|%......w..y.R.y....H.;.o.-......^..n,v_.2]..P.wL....WN.I...;.$.N...9.#..g..2...p.........N/s..8I....ng_).%.+[..."...-mRJ../.SA.uc'V\|..T.PB..d..........0p...K.Q....UC4.'..b......ri./.G.f.j;m..]....D`[..\5..X..2u.Yn.)..5...../...6.oS.R.+$...9q..w..UR..R....._n..4..@.q\).w.r..~1n...D.?..V~...K.....A.........1jVebp.?....M8..D.V..O..Ig...@E..X).2m.ne.....O.=NSh.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\t100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3108
Entropy (8bit):	7.9006244315588345
Encrypted:	false
SSDEEP:	48:CM/8XQhiDIjfNcdGICPRUfzOVy5/XPi+aic8X7Q3ySvUO4ErUoJ9/qK2kJCcFPGf:CIf8K6sIf6Eshq7QHru+Wf
MD5:	316B9110D16ABEB5AA6AFAD233A775B6
SHA1:	8F865DA78C9B067335B12AA1409F57B4F6E65A61
SHA-256:	5B105E9706B7E78EAAEFB518AEC418FAD509EFEB93730A322043984C34E87184
SHA-512:	F65529CF6822E2F9A78D4803C9AE82C4D57ADE98E11C5887A84BBF61BF5A7ADCD34D34450EC1AD96C0F4BD6483E3DA37A5AEA120166B44F3C3F48C49125BE1B3
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....IDATx..{t........I.lXB..P..%.^..j......x.x).T=x.E...Z.x..zZ......T..]h.V4...=".MT",$........I...$+..../...}..w.o&.d...........................}.x.@Oa...<i\.......E.K.?T.i?.YF....m..\p./X. ."...bV...c..WP...#8}R-..M?j'..:.k}....."F......\~....Vp\.X?.8zm^.(.]^w.\|...$\|i...:@....".\..H.km..k.<q..<.! ......8.ki...=3..T....G.q...{..0.....-.!.1c. ..GO.ZV.B~9...M..P.\x. M.u.&....?D;.s3..y...`..ZV...k.y.....'O.}...5.4\|..Y=..N.L.~p..z..E....&..c3.F2\...c..U=....4.....R..w.T^.)hn..r.1....a.?[..6..ZO..Mk/`...e.YSk....^k)x.$Ky.e.Q....c.\|..i^k......0...f.. ..:.k.}..4x.U..2.gFY)y.'.....>.g.....e.!..\.C...g..7.f..^v.:.F...k.}.)\|..G..V..p@./..0.5.).....r.l.....?..2.>.....S.u......K}3..7.1.c.w...s....>.u.}.Yd..]..../?f.G...]...4....../eO4o....<...&.N.;...4.~........1.;.....xum......D.<..\{....e.E..=.....+..CV...@.......a^...=..N<.K.>....H.c.f....aG..Q..f.i.p]...a..%.Z...._<l..j..D..U... Y..>....B.?....k...4

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\w100.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6622
Entropy (8bit):	7.9517996258371335
Encrypted:	false
SSDEEP:	192:76Ssb8yebdp9+RdqbQNlMTsdgxNASurTlk8:gb8d5H+R8MNlMQdcASGTG8
MD5:	B976E34D25409A82C6DB9CBA8BD89A64
SHA1:	BFF838DE373FB3C4B9FC9652E00CEC8388048809
SHA-256:	A464F2557A07E8C69F5BCF1550912EDC25F59D39AB266BCB796D9B0A9B767E4C
SHA-512:	508AC831976972B6DD3382AC1126E0273161086D57B9A5756655C4CCD5CB4D96A7590A54F48DC57A8B26EC1035161400FA0A595D08FFB8A50B22DCDB524BCCF6
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....IDATx..y\|.E.....g..L.r'...B...."...7.ANQ9=..........Q...w5... .+...T.A...!.....{.....dBB.1.".\|?.N.TWW..<]UOu.....>\|......>\|......>\|......>\|.......9\|..p1...)..z..t7.:^...........v......R..u..\|..O...5.h@.H.9.D!..v0.v......g.....@.....b.._..ML.M,CH......j.#'.....2.Z..q.'A..H.9k....y.......~.?.[..........O-...!+./@.a.Q.~..rSzd.}GlbV)Q7.M..Sn\5...&.7.".{....X{Ubb.......9.../.`......O.HD..e...F.....mG.d-.Fo...id.....t9S^.V......^..fK...,d(~f[Bj...y....?.x..{.....%..B...\|.P.n....CP.....x.L)......So0.H...u""2...M........c..y?......s...K..B.I3./..._......kn...1f.....x.]f..........b....kWyl~>...P>.....\|'.M......a...`....8.Va.Fsx..v..,O.w/_........~.y.!.I.....n..r........E.g..r.G_x...v...{.{..NW..#.m.....6@..3.n}#.....v..^.....F..<..].....t1d.,.9dRo!+..l_.!.fO......y~....,.$.b;..?r.DR]...W..P...@.D]...).]{Mx..h.$.9.....7..$.}.....s@r6H......^.....G.x..6...z..9v...&...pM.'..{.......b.....m;@.g)....M....w.)A

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\big\w50.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	11203
Entropy (8bit):	7.948271042161801
Encrypted:	false
SSDEEP:	192:3To7k2goPaOpegzTOrBtE81yEPWjahCLsFBUvkhEZSAyAfjsolFIRmULGcSg:3To7ngo33G9tz1dUahCop2ZQ2jsuU1Ll
MD5:	DAF3017340DA85D83CF484C7254E678C
SHA1:	476F66D0B86A70FCFF3FB9B52481C4175215FC86
SHA-256:	26A7CB43CAC494AA5E50562D1D802839A5A231189269530645F1622A60F99D35
SHA-512:	D2A408ECED45C5515172D27598158481618EBBA6D1E5668543FEAD3AFD655384D74C20D1811CD493DD93FE640639012F2A1CD47AFC5A9A2A19C89E786BCB93B5
Malicious:	false
Preview:	.PNG........IHDR...d...d.....p.T....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6.. .IDATx..}y.U..9Uw{{..W..n.iv.e.DD.[.51Qcb....I~..Y4..Lfb...m....].". ;..../....kU..x.M.Hb"N....py.w.V.=.:uN.Z@!..G...+p...8!%.....Rb8NH..8!%.....Rb8NH..8!%.....Rb8NH..8!%.....]....i.{.j\.....+........2.....I..M......z..l...D>..G..._...p.}.u.?......>..J..t....2e.;o..M..$7...h0X......I..x<35..g,...P....um._...:.........{....?..f.0-#l.2j:...D6.R...x$GH.SwZlS....B..YX.}..........G].WwY7}..q..\|\|.J.%..8.]...tB......\F.$9.r...].B.(..".!Sy...8'......k.Z.\|.X...\.%..VnL.W.}.v...'..[..K.}.g.m.2../$...2)..66N....O/...8..{.5..U.....2...S...Y.7.~..tO..@.\=.?.9X.V.........vD.>..-Y.I.....5{.{.T.l.Y..$.m[6R.jh..;........c..6.L...*m;.....MF>...n........\|..D4.V....U..o.6[O..1t.D/..sD.3.O2z.I..R.z....r.......s.:...f...m.s.&.Z..XF........_....l.....FJ...#.O.-.D.2......'...i+..........O.w....e.....;v`_.U].z....Qz....2.%.!..y..7.9a.5gwvv.H&S.9p..u

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\01d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2859
Entropy (8bit):	7.085101027598315
Encrypted:	false
SSDEEP:	48:p/6lcvlHvyh/MU9sEvee7ZkI8bwVyv0DxBrQcIEVACJ5Ec5xZkyXF:pSOah/MUqOZkI8bwEsFvIQ5EoxjXF
MD5:	9A956D6298AF578C0CBBCB1D785CCF56
SHA1:	3A5DECF36EA0D1C420B3E3F5ED680A6B23CDB914
SHA-256:	0CEEFCA755CFE064CA5B7DDC6EC797FD02A770812CB77BBBD0CE52146786F006
SHA-512:	14617534312D00CB47101A6230B085DF6FD9AF5AEF2C39481D6A74343A86637BB1E22AA3C2D2A56E715670AEA36AD365BC8303A122F671FB97550581B6C1393A
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:85</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\01n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2817
Entropy (8bit):	7.047941212943225
Encrypted:	false
SSDEEP:	48:p/6lcvJHvyh/MU9sEvee7ZkI8bw1uEJbWKDuiB03jH/t1sXF2fgeQh6oVBpl:pSKah/MUqOZkI8bw8EX1By/t1cNb3
MD5:	58F2DD6B0149F4BB4C5B9C98DAEC5467
SHA1:	E70797ED029DCB9227489539D9246D5A3A2CB422
SHA-256:	BC830946915105DD5605A3EF2E85F390EA37E8F4C074945A5E4D1A01E7C9762A
SHA-512:	21D73803A6B6AB87B9A63EBAD6A54FDE1A168FC97B99839E772EEA409A2A4C64D3DD1BB68A3401953E34CF2522E83131AE8CBD72960CF8213DFF7EE72D7625AA
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:45</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\02d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2969
Entropy (8bit):	7.103422245369652
Encrypted:	false
SSDEEP:	48:p/6lcvOHvyh/MU9sEvee7ZkI8bwwvS6UMaw9qK8b1IJp/tSmuYe6Frq8k43Jg:pSJah/MUqOZkI8bwwNNau78WJpUSjrqn
MD5:	5EA2D730D3BE24C937CE7461F0F530CA
SHA1:	A49DD1183321254C1EDCF7E29BA320AF88BD8BD1
SHA-256:	FE0D82957F5B7E309392129024E32E4F710BDADE019CFDCDEEE19A377BEB0B46
SHA-512:	166801C0A33D4FC57E2767F7D03C3FBD6388BA5C7603825FB5DE04AB2D0EA3E913004BA1C6B3F02C50B19267F67ACA591CB564CBF21E38F273074461DB5E4EEF
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:77</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\02n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2922
Entropy (8bit):	7.092789735694951
Encrypted:	false
SSDEEP:	48:p/6lcvjHvyh/MU9sEvee7ZkI8bwnjvTBumpF2S5/hB0f5mi:pSAah/MUqOZkI8bwnj73pFrJc5mi
MD5:	E874E4560A701E646DE8C77647F40641
SHA1:	C87C8D1C6FE9E961B0BEC67FC9ECECBE9346A76A
SHA-256:	41EA980FC5F129BB030618CA36CFDC750FA079BDD7A8FC55A83E2AE221660115
SHA-512:	69B7741755B3727B7B8936B0502B5DB15A9C504749EBF2E51C638C5239CD562046D96D4894E31F290F4E462187B5A3AA2EBC25673AE8A2807DF76A420C0E8BBB
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:14</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\03d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2565
Entropy (8bit):	6.88008372841342
Encrypted:	false
SSDEEP:	48:p/6lcvrHvyh/MU9sEvee7ZkI8bw637n6HT9CqOC1ZZEC1Nmx51eiGuHtMs:pS8ah/MUqOZkI8bwg6HJH1zmx5IiB1
MD5:	BEEB7BBDE37CD163AA8077B8ADFEBDC6
SHA1:	75993533DC8B6A5AB905B766F5849AF45691C307
SHA-256:	C0ADC613F9CAD2EAEE357CAB8C9F69271A5AF62AB8D39341190EAF3351EB4774
SHA-512:	F1E891DE1E88DBE204ACB0AF76E94A64FA02B8D10CE9EDE41A2321BEC985F7A1D391C144ABCC5AD848930752B1C736D01A806F0B9FDEB57BDE25991A1339AA86
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:69</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\03n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2565
Entropy (8bit):	6.88008372841342
Encrypted:	false
SSDEEP:	48:p/6lcvrHvyh/MU9sEvee7ZkI8bw637n6HT9CqOC1ZZEC1Nmx51eiGuHtMs:pS8ah/MUqOZkI8bwg6HJH1zmx5IiB1
MD5:	BEEB7BBDE37CD163AA8077B8ADFEBDC6
SHA1:	75993533DC8B6A5AB905B766F5849AF45691C307
SHA-256:	C0ADC613F9CAD2EAEE357CAB8C9F69271A5AF62AB8D39341190EAF3351EB4774
SHA-512:	F1E891DE1E88DBE204ACB0AF76E94A64FA02B8D10CE9EDE41A2321BEC985F7A1D391C144ABCC5AD848930752B1C736D01A806F0B9FDEB57BDE25991A1339AA86
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:69</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\04d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2773
Entropy (8bit):	7.0041292327682
Encrypted:	false
SSDEEP:	48:p/6lcvSHvyh/MU9sEvee7ZkI8bwIET8ZfX27yk/nT7cMlfqozhGmobTHg:pSRah/MUqOZkI8bwHPyDMbGmwg
MD5:	346F20BB618E7F86DCB32EAC361AE541
SHA1:	95D193D618F4A2ED45610DF889D652339445FA1E
SHA-256:	154CD42C57AA253ECE6E86D291C77B06C1D09EC824459E977DCEB5A411B2DDB5
SHA-512:	76D2DC04386B623C5E45D3E0E0305C21B20224E6E060B1FD59619DFE9BB5C6C78F07E3693A20113D72C8E719D644C17ADBE9430146047BAEF931BC2A9DBC572A
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:95</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\04n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2773
Entropy (8bit):	7.0041292327682
Encrypted:	false
SSDEEP:	48:p/6lcvSHvyh/MU9sEvee7ZkI8bwIET8ZfX27yk/nT7cMlfqozhGmobTHg:pSRah/MUqOZkI8bwHPyDMbGmwg
MD5:	346F20BB618E7F86DCB32EAC361AE541
SHA1:	95D193D618F4A2ED45610DF889D652339445FA1E
SHA-256:	154CD42C57AA253ECE6E86D291C77B06C1D09EC824459E977DCEB5A411B2DDB5
SHA-512:	76D2DC04386B623C5E45D3E0E0305C21B20224E6E060B1FD59619DFE9BB5C6C78F07E3693A20113D72C8E719D644C17ADBE9430146047BAEF931BC2A9DBC572A
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:95</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\05d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	862
Entropy (8bit):	7.546249091140386
Encrypted:	false
SSDEEP:	12:6v/7CMmWbKlUsGoYWZAT1t7Aw1E9L85WU1EicmsaEdpGFKuT/ihk9tbDiLqlmWjS:9M7bKsWmWVU1ExRGIuTahk9Y1WjAL
MD5:	8AD06EEB048D5819C553EE3C0629C152
SHA1:	DAA8A18F49BD7452EC059E4980FEF49A9624D636
SHA-256:	C6C2F6CCE0D9C80C24F755EAD6279FB3DEC548A0C2DB030B0CF5C73413CB2D08
SHA-512:	F0493363ECAC5718690BDD5E5C064B00B5FC936995BDBAE1C2DB18AFE617A7A9AE4FF4B85E3EB4DC3CC5E9C82A8978AF42C57D437F0CABD33D21ABD697CE6E2D
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDATh..Kh.A...LI.#F#...l..JD..=I/-...../..M.z......<JO.......b.`..dg>.&.G.L^.R..C.<.......^@.v.V....H$lD"a#....H.D....p.$"5..<..:...b.^.x&"K..,..[.Z...>.s$3..O..$.5+R3c3"$S$?W..L...P..A. ..A.......ix.k.....cH...R..$...j..F3l....}...:f.L.....6V..H/.LF..t3.w-k.q.y...S.x.`DD~mnp.X..E.<Gk%..4.[..v.....544...d.ND..h.4X..s......)...1f....(...3. "...(.e.q....-...r.]]]K"rDk. .`.mA..X.y@YEL..j...J.w....9....)c.Lgg'H"..;.[.B..T... .#.....MW....'.....A..}.............s0o;.et:4....Z..5....1....w.Z_..Tjw..f.OI....X,..<(..o.J.%~Wkw....#.7..8r.\KC. "....T.V..iF.`uu...y.}..VJA).#..1.$....pll...P.....d......y..B.p......b.........}.9k....2.'..........[.'..f2........cZ.d.M....H.D.F$.6"......H$lD"a./....S.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\05n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	862
Entropy (8bit):	7.546249091140386
Encrypted:	false
SSDEEP:	12:6v/7CMmWbKlUsGoYWZAT1t7Aw1E9L85WU1EicmsaEdpGFKuT/ihk9tbDiLqlmWjS:9M7bKsWmWVU1ExRGIuTahk9Y1WjAL
MD5:	8AD06EEB048D5819C553EE3C0629C152
SHA1:	DAA8A18F49BD7452EC059E4980FEF49A9624D636
SHA-256:	C6C2F6CCE0D9C80C24F755EAD6279FB3DEC548A0C2DB030B0CF5C73413CB2D08
SHA-512:	F0493363ECAC5718690BDD5E5C064B00B5FC936995BDBAE1C2DB18AFE617A7A9AE4FF4B85E3EB4DC3CC5E9C82A8978AF42C57D437F0CABD33D21ABD697CE6E2D
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDATh..Kh.A...LI.#F#...l..JD..=I/-...../..M.z......<JO.......b.`..dg>.&.G.L^.R..C.<.......^@.v.V....H$lD"a#....H.D....p.$"5..<..:...b.^.x&"K..,..[.Z...>.s$3..O..$.5+R3c3"$S$?W..L...P..A. ..A.......ix.k.....cH...R..$...j..F3l....}...:f.L.....6V..H/.LF..t3.w-k.q.y...S.x.`DD~mnp.X..E.<Gk%..4.[..v.....544...d.ND..h.4X..s......)...1f....(...3. "...(.e.q....-...r.]]]K"rDk. .`.mA..X.y@YEL..j...J.w....9....)c.Lgg'H"..;.[.B..T... .#.....MW....'.....A..}.............s0o;.et:4....Z..5....1....w.Z_..Tjw..f.OI....X,..<(..o.J.%~Wkw....#.7..8r.\KC. "....T.V..iF.`uu...y.}..VJA).#..1.$....pll...P.....d......y..B.p......b.........}.9k....2.'..........[.'..f2........cZ.d.M....H.D.F$.6"......H$lD"a./....S.....IEND.B`.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\09d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3818
Entropy (8bit):	7.427203951372729
Encrypted:	false
SSDEEP:	48:p/6lcvbHvyh/MU9sEvee7ZkI8bwoYAOHNgfb1xM/wirkrrBgAA/+LnQI87xgGh3:pSwah/MUqOZkI8bwpAzpxN5E+LnQPgG1
MD5:	BAF9FFD6EF305583EE35BDB88519084B
SHA1:	1D3BE481BE5B63ED314FEF38DBBBBC219C4483F8
SHA-256:	F836D73E828341553C53BBEFDC11F693AA24FBECDEAF6718D37E195A1FC000FB
SHA-512:	909A3296FAA04344B50365AD896EE786B6F0C644DC333806CFD60837B5E21DED136F451C31D6BE499A306F2C17FBF35A1CBFB4DD8C4BBA3BA87A085B1A99F144
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:50</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\09n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3818
Entropy (8bit):	7.427203951372729
Encrypted:	false
SSDEEP:	48:p/6lcvbHvyh/MU9sEvee7ZkI8bwoYAOHNgfb1xM/wirkrrBgAA/+LnQI87xgGh3:pSwah/MUqOZkI8bwpAzpxN5E+LnQPgG1
MD5:	BAF9FFD6EF305583EE35BDB88519084B
SHA1:	1D3BE481BE5B63ED314FEF38DBBBBC219C4483F8
SHA-256:	F836D73E828341553C53BBEFDC11F693AA24FBECDEAF6718D37E195A1FC000FB
SHA-512:	909A3296FAA04344B50365AD896EE786B6F0C644DC333806CFD60837B5E21DED136F451C31D6BE499A306F2C17FBF35A1CBFB4DD8C4BBA3BA87A085B1A99F144
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:50</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\10d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3793
Entropy (8bit):	7.405935548462515
Encrypted:	false
SSDEEP:	96:pSFah/MUqOZkI8bwdc6xYDVhiFCT2kUCDunL:pSVmkdn6xYDVhiFS9UL
MD5:	64F9F6298CCC595F0917FEE814BD530D
SHA1:	C33EAEA71ECED3CE1A72FB71C7D5E73B8A13E7E5
SHA-256:	0FD3C47F0BF8466D1DC90B332DE271753816152076A5221DB64C08B7A4258492
SHA-512:	CD4788B52FB8ECFC2257705D3246ADF27429E34043DC839004D0046DD44E51442F643690B0ACA3FBEB6145984EE43F09BFB5ABEC3B0F9B8A6977F72BF326B017
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:42</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\10n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3801
Entropy (8bit):	7.400256183192093
Encrypted:	false
SSDEEP:	96:pSpah/MUqOZkI8bwTeEX20ncfwYTrjbkSS7YK6faV9tG:pSJmkdkbNcoYTnbkt7DjtG
MD5:	AC3408559668C03C32736EFB237EB011
SHA1:	3A6D055460CC3C5591476CA769E165143042CE74
SHA-256:	F458AE291987EE983142CB0E09C1251F5E63EF358A195B2A40A5A42A4952F5CA
SHA-512:	A613A3965EBE74ABEE4720991A8D7D955808566D1D86D17A84E629D9E25A40693583FDFEE18CCB2266FF03963FF2274AA4F2AEEB7873E04632E3B093206DDD34
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:51</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\11d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3777
Entropy (8bit):	7.403636707901037
Encrypted:	false
SSDEEP:	96:pSEah/MUqOZkI8bw+MeStzd4fp9w6ua++/awbtHfu:pSumkdrzfp9w6f+5H
MD5:	2D877D85CBCF21F31C38FE7DBCFF7AE2
SHA1:	DCFC90995ED779BCEFD6640B3B01F405B0C86B2D
SHA-256:	A5AFE29FF7A3ED60883645A8F887E51F4A181EC63AF9CB24C388809D3DE646A9
SHA-512:	8D6469C6A6E0B0EB978C3BEB3D6459C942A3B290BE34124FB9183548B8D44EF83B7A75902BA87A09F184764D1B7440A6EBB8F88A1C4758B85B76A31C17D8CA5F
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:07</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\11n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3777
Entropy (8bit):	7.403636707901037
Encrypted:	false
SSDEEP:	96:pSEah/MUqOZkI8bw+MeStzd4fp9w6ua++/awbtHfu:pSumkdrzfp9w6f+5H
MD5:	2D877D85CBCF21F31C38FE7DBCFF7AE2
SHA1:	DCFC90995ED779BCEFD6640B3B01F405B0C86B2D
SHA-256:	A5AFE29FF7A3ED60883645A8F887E51F4A181EC63AF9CB24C388809D3DE646A9
SHA-512:	8D6469C6A6E0B0EB978C3BEB3D6459C942A3B290BE34124FB9183548B8D44EF83B7A75902BA87A09F184764D1B7440A6EBB8F88A1C4758B85B76A31C17D8CA5F
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:07</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\13d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3901
Entropy (8bit):	7.430503620797292
Encrypted:	false
SSDEEP:	96:pSFah/MUqOZkI8bw1us2H/DsCKIGmpsjEvFQlpMIWlx8Ka:pSVmkd3x/BhQMnX8Ka
MD5:	CDE524AACBDF18A79E79FCBCDA0597FC
SHA1:	7B9A6AD44136E0CD6202D8A351637508158D2E0A
SHA-256:	0A83713175D1BD61B4B323A9214B3965E8017EC433164820AED38A7E705E77B0
SHA-512:	734AE6D56B27464738DF33E08D44768AA78D585BA64966C78D2E509D66B666DAE4880D6E8746597EA2DEDA8DB4239B7D05660374FE629B7CD59B45DC5B4C0DFE
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:42</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\13n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3901
Entropy (8bit):	7.430503620797292
Encrypted:	false
SSDEEP:	96:pSFah/MUqOZkI8bw1us2H/DsCKIGmpsjEvFQlpMIWlx8Ka:pSVmkd3x/BhQMnX8Ka
MD5:	CDE524AACBDF18A79E79FCBCDA0597FC
SHA1:	7B9A6AD44136E0CD6202D8A351637508158D2E0A
SHA-256:	0A83713175D1BD61B4B323A9214B3965E8017EC433164820AED38A7E705E77B0
SHA-512:	734AE6D56B27464738DF33E08D44768AA78D585BA64966C78D2E509D66B666DAE4880D6E8746597EA2DEDA8DB4239B7D05660374FE629B7CD59B45DC5B4C0DFE
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:42</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\50d.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3328
Entropy (8bit):	7.241189138449445
Encrypted:	false
SSDEEP:	96:pSUah/MUqOZkI8bw+cyzLvLpB9NreZAbS:pS+mkdVzDlB9Nrxm
MD5:	513B4B3FF96D5BF5054EF61C4A9F8ED2
SHA1:	EA10AEB260EA6FD7F9F4283D799A231D78C76137
SHA-256:	B8A0BD3E142AC7D32E3757FB9020A91F2F82D7DE19851BCBF276855DF6607C06
SHA-512:	668DA5D188F531DD5A059B9D60343287AA6CE0A9927E0CF27DFB4D36EB09E8880ECE580597C8B7B57EE7DA66529B7D12B635E8BC91F9403F394CCA6714E3CAF3
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-10-16T23:10:97</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.1.2</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\50n.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3328
Entropy (8bit):	7.241189138449445
Encrypted:	false
SSDEEP:	96:pSUah/MUqOZkI8bw+cyzLvLpB9NreZAbS:pS+mkdVzDlB9Nrxm
MD5:	513B4B3FF96D5BF5054EF61C4A9F8ED2
SHA1:	EA10AEB260EA6FD7F9F4283D799A231D78C76137
SHA-256:	B8A0BD3E142AC7D32E3757FB9020A91F2F82D7DE19851BCBF276855DF6607C06
SHA-512:	668DA5D188F531DD5A059B9D60343287AA6CE0A9927E0CF27DFB4D36EB09E8880ECE580597C8B7B57EE7DA66529B7D12B635E8BC91F9403F394CCA6714E3CAF3
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-10-16T23:10:97</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.1.2</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\r.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3949
Entropy (8bit):	7.463880601837461
Encrypted:	false
SSDEEP:	96:pSVah/MUqOZkI8bwD6xsmQlku65jk7IOppT86e9Y:pSlmkdossmQW6pFr
MD5:	3A9DBD64E5586C0DC584A17D3CD50F62
SHA1:	2B6FBFA0370E0E83203487957D4A69AEDE0D6D01
SHA-256:	D47E396B283804F71AC6B24238766F13CCD7BF458ED4643197BA1060F3863A13
SHA-512:	A44DFA3067B987A570C0CB7098CE638980165F7367076BA6576C36A536E493351A93A59827B757E2F8B40E526491F655FCF60EED3631733EF0809608063CF228
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-26T15:07:72</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\sn50.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7326
Entropy (8bit):	7.790037623150993
Encrypted:	false
SSDEEP:	192:pS+mkd4mhy1r88hJ3rlfGKBAZdXRDB9f8qqCdwHS3O:Q+Nd4c688hJgnvXRDLf8qqywy3O
MD5:	828FFA7679DC0F586DBC0BE16CCFE983
SHA1:	AAB890D7E5C44AF3003BD2AEB9BC043C3363CC5B
SHA-256:	11B0EF50213AEE21A01105A5D913155FD4CD2A93A89AAE6A4B84FF14994E2702
SHA-512:	95DC06D3ED67D380BDEF42041B7D0C0B9BB4D6F11DDAAE0FDA383B5539B36E4AFD539DE3EE4AF860C5771CAF927F52C58127139D6CF2E34976BC2A64A6C3B085
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-26T15:07:42</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\t50.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3130
Entropy (8bit):	7.200722969228922
Encrypted:	false
SSDEEP:	96:pSeRah/MUqOZkI8bw3IJvVASz8NytMjFakY:pSeBmkdVeNtat
MD5:	F603423D9E3A3C4CF880C9A5A459B5AA
SHA1:	069FDFA7704FEA9160E7BBA61704F636AA087C01
SHA-256:	809C1F75E725CA18B543CBA6A80C2C81CC207B5B3B2B0D138341B8F6DC0DA6F1
SHA-512:	BDAEF4E4C496F8D556F1AC136CA46201968425932ABDF71574CB7CD9906440F2C91D4885F87DE3078DAD10F3915EC2E8FC772FC9281A39B466306AF9382348D4
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-26T15:07:19</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\small\w50.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4598
Entropy (8bit):	7.567436029560776
Encrypted:	false
SSDEEP:	96:pSaSah/MUqOZkI8bwdo1izJp0Xgg/6EYuk6VmJmDzgm87cPbFoTx4z:pSRmkdC0izJpKX/DYuVlzccPbFoTU
MD5:	CE8994BBC2ED36C92DCCD8D57F2CE30D
SHA1:	DDAF0B3FF767F0B499B27E29722EB45BEBAF1CBA
SHA-256:	BBFA9247F024F7E132DC55F4998DB555FD3498A74AF347B3EBBC983F5C3B51E4
SHA-512:	712AF42DD2320DE3FE46310B7E7DC2BA8A44B54224AB14D90834FCAEBA56A4EE2B0909344E9196DD9F3B71209680C38C60236E4B79F0978B432CDFF924322AF2
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-26T15:07:69</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\sunrise.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 27 x 35, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1549
Entropy (8bit):	7.826655944915768
Encrypted:	false
SSDEEP:	48:ZMWGNKdQ9mNPZZ4witZspz0LoPRcerj88nwHFa:+WGNKdQ9yPwwLzk4Tr+a
MD5:	19A5D4E13F539FF162FC71E262B83FD7
SHA1:	DAF81E384FF7E6DEB8E670741C85C182592BAF85
SHA-256:	54BADD6167311FCE5449F298955D85E3B9C93D9BBA31CA072E3BB7B3439990CE
SHA-512:	8D495ABF6EF3821B36A0A6FCFF443E888481578F38865D7E8D1DB55511670CE68AD34F3365E403F3360AF26B4CF9CB9EA005C2F60B4CDE1E41FB0D18AEA57DC3
Malicious:	false
Preview:	.PNG........IHDR.......#.....e.q.....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDATH...mpT........dI.BHB..$J0."b..E.......-C.Z..Z,..kGgtF.;(.mm..0.....T(..........$..!D...f..=..........xf..{.s..y.3...Z.q...5......G..........F.+...d....be.....W.#.........Sk.>...w#..._..._....%.W..bK...).....;9...Bl.r...>...._.~%,..p..7'\|Z.U9.N.9zs8m...U'e...4...G. ........3...'^..l.;I.O.%..o..on.]..\.\..8..\...9Ut6.b8..le..0j.0:?)B....`@.Q.j>..K&...lt.I...Z...]......Fw9.D(y....o9.....b.......Q8.O.t.o.~.V.~.....A..Sj..c..H...c.,.....'C..-......%.F...V.....\...4..7\Es.t/.0.....!...m...+...DN.3r.O...Geb.g...i.p......../...x{.I.3.X.6...e.r. .+Uf.F...........G...7.....'4PU.....J.....-+..j9.b.....Uq.r.;...."...:.....H.....@.p.....\_....q.l8.g...Xs.WeF..A40.K..CL....@.g\%..AT.....-.u.....^X..4.P....3g04o']..d.@.......9..u.].A0&.b......../]....J;.T.yy..23.U"..9F....+E,....8c...B..{.B..$...........-.uv.;FS..<8.:....[........v.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\img\weather\sunset.png Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PNG image data, 27 x 35, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1546
Entropy (8bit):	7.842264375462007
Encrypted:	false
SSDEEP:	24:6GMrDJvZWG2Dk2ZfpjcRipnKt6Pa/r9FC/fEA+LpVds9cVOdr862/NrUVV9:ZMPhZWG2DDZfpeii6ZEAdcAdr8J/NcP
MD5:	AFFFDC0CC317D607A8B8FA3913C99F00
SHA1:	645649D4A3B5F26482CE4EC5011736A48BA1ECF8
SHA-256:	8888AAE854999DBE44B0C58C0892CAFAE2C7BD9AE8D75D4A60DCF3C88FC722B8
SHA-512:	8B433180E250F0758E1BBF12C58EFD195EBE706D012C1151DB6583ED03B37C7ABB5447AF3D44716868920EFB9033FB19DF1FE8ACF1883ABCFBA9DCA7C0302541
Malicious:	false
Preview:	.PNG........IHDR.......#.....e.q.....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDATH..kP.......l.;.....B....aNL.....R..VS..)-kNM.3.s.s..b.....'&..%i...w....G..'.....\|..`h..9.\|f.Y..Z.....}g-%"\........~lJp....<.P.A.xY43.....x{...[...G`.bP6....^.t.Q.'r.0c.`A.F.&u...j.......S.+...6<..s.A....../.[?M...{..'.../.....dl...6..8.i..q..qN[qLj..O./5....4.....9...].W...[......S..?........6.`.%b/......<4;.n....u.&..}.... ...\....$U.2U.3.+.D%.Q.........t..k...........-%`...H..L....k.....z.....e.\.+...`.....]-...f..G...3..........hu...4.}.q.{.....]t.Bo.T.)1.s(..fjP....@..W...`F._.A..ic.n..p..D......\|..vB.).d7..B+.....C.([........A.~.2.v.H..z.f.x...gy.d..........17......(}...RQ~.2....Z.....B.RX....>.......1..e........,......vJ...Ow.fM..SA.PL.-.t..,8...3......<u?.....!...4,.....P.._x.;...4.hG.1>.&#R.8s<HR.xc....g..*RV.-..W.<..G.<.PQ..m.M>..h.@Y.....#...#:&W.M8DJ..........v..1.3...Q.Y...=...:.`.../.hM...'.N.!00...1..W#..'l.m...#

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\ALL3418scan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	5255
Entropy (8bit):	5.286429015412478
Encrypted:	false
SSDEEP:	96:8jxb8pZqn5mDkadjuKlmz0Yj5OD3g4aqXR:q8TuXjKlmz0GEbF
MD5:	DDB1C5A31B7AAC4E090F127C87284ED7
SHA1:	E4D955AF1FC7DBCB47702977B8EE376F41C4E4DA
SHA-256:	7F81D73A0F10B1C111BF197D9B8C26C7E43E30172B31C1F5A4633FFAF36C2509
SHA-512:	D47D7C55411C8860FE8B2B8275E3CEA0C69906B8FB60BA8232592AEBA644F45B01D79A471B247261EF0195876685CC04787181AB811B0E32B3CBD9F4036AC38F
Malicious:	false
Preview:	<div id="waittext"><img src="/img/loader48.gif" ></div>.<div id="wrap_scan" style="display:none;">..<fieldset style="width: 900px;">...<div class="subline"> <?php echo _110000_; ?> </div>...<div class="mt">....<span><label class="config"><?php echo _110001_; ?></label></span>....<br /><br />....<div>.....<div style="width: 250px;position:relative;margin:0px auto;">......<img id="device" src="/img/ALL3418.png" alt="" style="z-index: 10" />......<div class="portTop">.......<div id="66-0-0" class="port tt" data-tooltip="<?php echo _002012_; ?> 0" data-ignorelist=""></div>......</div>......<div class="portNumberTop">.......<div id="pn66-0-0" class="portNumber" >Sensor</div>......</div>.....</div>....</div>...</div>...<div id="multiplexer"></div>...<div style="clear:both;"></div>...<div class="mt15">....<div style="float:left; width: 450px;float:left;">.....<input type="button" id="all" value="<?php echo _000811_; ?>" />.....<input type="button" id="reset" value="<?php echo _00081

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\ALL3419scan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	5569
Entropy (8bit):	5.287614939619407
Encrypted:	false
SSDEEP:	96:8jxQOxFHZqn5REktOjuKlmz0Yj5OD3g4aqXR:675u93Klmz0GEbF
MD5:	81F6F3DAD97C1E145F34815F98FDB1BF
SHA1:	D7E160BBD4AAA01D4580FB1F24465EAEF2559B81
SHA-256:	1C99D4234C3B1ABB81E14B24EFB5550D2DBB03E0B196DCD09467939C15B3DF6D
SHA-512:	5F2F8CE6C63DDA200FF05B2F4B9A7DDDAB3101F02E130F77E6F2799BB16D70482BFDD92F6BE37C30CC3834DFA779A2CBF471A60B19F516D9015A17AB5E19D3F8
Malicious:	false
Preview:	<div id="waittext"><img src="/img/loader48.gif" ></div>.<div id="wrap_scan" style="display:none;">..<fieldset style="width: 900px;">...<div class="subline"> <?php echo _110000_; ?> </div>...<div class="mt">....<span><label class="config"><?php echo _110001_; ?></label></span>....<br /><br />....<div>.....<div style="width: 250px;position:relative;margin:0px auto;">......<img id="device" src="/img/ALL3419.png" alt="" style="z-index: 10" />......<div class="portTop">.......<div id="30-0-3" class="port tt" data-tooltip="<?php echo _002012_; ?> 3" data-ignorelist=""></div>.......<div id="30-0-2" class="port tt" data-tooltip="<?php echo _002012_; ?> 2" data-ignorelist=""></div>.......<div id="30-0-1" class="port tt" data-tooltip="<?php echo _002012_; ?> 1" data-ignorelist=""></div>......</div>......<div class="portNumberTop">.......<div id="pn30-0-3" class="portNumber" >3</div>.......<div id="pn30-0-2" class="portNumber" >2</div>.......<div id="pn30-0-1" class="portNumber" >1</div

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\ALL3500scan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	5761
Entropy (8bit):	5.292401266729148
Encrypted:	false
SSDEEP:	96:8jzQcFZqn5sDkabjAKlmz0Yj5ZD3g4aqXR:lcPuRpKlmz0G7bF
MD5:	4862BE9D1FB552DEF6F5FBC47656E8E2
SHA1:	B79EEB8E5638E3153D8D8D608AFEDF1D5595F5A5
SHA-256:	9567002E16D7AE6792E1829AA28724107A8444ACB23146F63DF636D932FFB7DB
SHA-512:	0B22FEF81FE20991006EF47A02F657F87488588D4543BA346F0C885A47AC94FC8C465854E56A68A1C09010C4A63A9682C6916D4ACE080859F84FDEBA36C86135
Malicious:	false
Preview:	<div id="waittext"><img src="/img/loader48.gif" ></div>.<div id="wrap_scan" style="display:none;">..<fieldset style="width: 900px;">...<div class="subline"> <?php echo _110000_; ?> </div>...<div class="mt">....<span><label class="config"><?php echo _110001_; ?></label></span>....<br /><br />....<div>.....<div style="width: 700px;position:relative;margin:0px auto;">......<img id="device" src="/img/ALL3500.png" alt="" style="z-index: 10" />......<div class="portTop">.......<div id="67-0-3" class="port tt" data-tooltip="<?php echo _002012_; ?> 3" data-ignorelist=""></div>.......<div id="67-0-2" class="port tt" data-tooltip="<?php echo _002012_; ?> 2" data-ignorelist=""></div>.......<div id="67-0-1" class="port tt" data-tooltip="<?php echo _002012_; ?> 1" data-ignorelist=""></div>.......<div id="67-0-0" class="port tt" data-tooltip="<?php echo _002012_; ?> 0" data-ignorelist=""></div>.......</div>......<div class="portNumberTop">.......<div id="pn67-0-3" class="portNumber" >3</di

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\ALL3505scan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	7134
Entropy (8bit):	5.294028662483779
Encrypted:	false
SSDEEP:	96:8j3ov8tXyDuPhfZqnAuCDkax7TuKlmz0Yj5OD3g4aqXR:Lv8tXKEC1Klmz0GEbF
MD5:	F563B21DDE41E49792F8488C48FE36B8
SHA1:	D428AD254CC38E0A714AD8912BAA12FAD94D1FCD
SHA-256:	15344B8C9079EDA8D5A11FE186C3A3107B8511E7ADAE12AC7936B0EBB6DFBADD
SHA-512:	A814AB3614332342EAFB75110843054C9F82BF1CF69B3C88157D660C6457DD915278282ECEF7A739093BDB36F9BEB338D7B5EA486F226C28F7680E5CD388B5FB
Malicious:	false
Preview:	<div id="waittext"><img src="/img/loader48.gif" ></div>.<div id="wrap_scan" style="display:none;">..<fieldset style="width: 900px;">...<div class="subline"> <?php echo _110000_; ?> </div>...<div class="mt">....<span><label class="config"><?php echo _110001_; ?></label></span>....<br /><br />....<div>.....<div style="width: 380px;position:relative;margin:0px auto;">......<img id="device" src="/img/ALL3505.png" alt="" style="z-index: 10" />......<div class="portTopLeft">.......<div id="67-0-2" class="port tt" data-tooltip="<?php echo _002012_; ?> 2" data-ignorelist=""></div>.......<div id="67-0-3" class="port tt" data-tooltip="<?php echo _002012_; ?> 3" data-ignorelist=""></div>.......<div id="67-0-4" class="port tt" data-tooltip="<?php echo _002012_; ?> 4" data-ignorelist=""></div>......</div>......<div class="portTopRight">.......<div id="67-0-5" class="port tt" data-tooltip="<?php echo _002012_; ?> 5" data-ignorelist=""></div>.......<div id="67-0-6" class="port tt" data-tool

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\ALL3692scan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	5824
Entropy (8bit):	5.296573182200116
Encrypted:	false
SSDEEP:	96:8j7gAuohiZqnAg3DkayjuKlmz0Yj5OD3g4aqXR:bAMHqKlmz0GEbF
MD5:	7210D69BB3B892494A9B5F0648C13254
SHA1:	F2E40336F150731DA8309BEB0F3FD0DCFAF3D613
SHA-256:	1D1DBF6FE0731C243A755761D959C169246F453AF51BA86CABD40C2EEC5E21A9
SHA-512:	E05D27C69208A7AD9F8C246A4C17F344A69328C268258F6B520EEDB210AD0F8A9AC7A2CF83DA948B43BDA4D498C7C867CA74ADE22C9A584A267A46B4E8380405
Malicious:	false
Preview:	<div id="waittext"><img src="/img/loader48.gif" ></div>.<div id="wrap_scan" style="display:none;">..<fieldset style="width: 900px;">...<div class="subline"> <?php echo _110000_; ?> </div>...<div class="mt">....<span><label class="config"><?php echo _110001_; ?></label></span>....<br /><br />....<div>.....<div style="width: 555px;position:relative;margin:0px auto;">......<img id="device" src="/img/ALL3692.png" alt="" style="z-index: 10" />......<div class="portTop">.......<div id="69-0-1" class="port tt" data-tooltip="<?php echo _002012_; ?> 2" data-ignorelist=""></div>.......<div id="69-0-0" class="port tt" data-tooltip="<?php echo _002012_; ?> 1" data-ignorelist=""></div>......</div>......<div class="portNumberTop">.......<div id="pn69-0-1" class="portNumber" >2</div>.......<div id="pn69-0-0" class="portNumber" >1</div>......</div>......<div class="st"><img src="/img/ledStatus.gif" alt="" style="z-index: 10;width:8px;" /></div>......<div class="bst"><img src="/img/ledActivit

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\ALL3697scan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	5251
Entropy (8bit):	5.285347690604949
Encrypted:	false
SSDEEP:	96:8jxbtHZqn5/EktSjuKlmz0Yj5OD3g4aqXR:Ot5ujvKlmz0GEbF
MD5:	711BFFF397D0853FB6B5FE6482A0F10D
SHA1:	C5B5E2924B429E9F25FE8526C373B2C8A2EBAD41
SHA-256:	BBDA5DB04581A31EB3C252B5C497688359CE482AC864DB1860D3B9DE4E143B62
SHA-512:	6CF99E7240A357C7B5DEA91B478B534CAB92D4D665973D4D49C010CDFE0BACF6811FE752CB1E71BBFF023BB112D32E162443CBD2C25FAEE19A5C7EC998B2BA42
Malicious:	false
Preview:	<div id="waittext"><img src="/img/loader48.gif" ></div>.<div id="wrap_scan" style="display:none;">..<fieldset style="width: 900px;">...<div class="subline"> <?php echo _110000_; ?> </div>...<div class="mt">....<span><label class="config"><?php echo _110001_; ?></label></span>....<br /><br />....<div>.....<div style="width: 500px;position:relative;margin:0px auto;">......<img id="device" src="/img/ALL3697.png" alt="" style="z-index: 10" />......<div class="portTop">.......<div id="82-0-0" class="port tt" data-tooltip="<?php echo _002012_; ?> 1" data-ignorelist=""></div>......</div>......<div class="portNumberTop">.......<div id="pn82-0-0" class="portNumber" >1</div>......</div>......</div>....</div>...</div>...<div id="multiplexer"></div>...<div style="clear:both;"></div>...<div class="mt15">....<div style="float:left; width: 450px;float:left;">.....<input type="button" id="all" value="<?php echo _000811_; ?>" />.....<input type="button" id="reset" value="<?php echo _000812_;

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\ALL4076scan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	5313
Entropy (8bit):	5.289039804945764
Encrypted:	false
SSDEEP:	96:8j7TJvPZqn5gDkadjAKlmz0Yj5SD3g4aqXR:oJvxud9Klmz0G4bF
MD5:	584A5E56C605D6BBED96B4D7CB602768
SHA1:	A0F5AF4E4B9411563B9DB28D0B7E65CE27DADAA8
SHA-256:	984C8FE0D3B02F7522D8EA56142E98E5E1D9BE406479F82F654B8018F1EAE8CF
SHA-512:	E6EEA0B192B10C65B0C324910FFBF789CDE9D1EB6AE5F47E89DD66D19EE37494AF5CD7BDD6031D906C83FC7A20DFC40A8371FBC2A2F8E37E33B16CD169B4FD0D
Malicious:	false
Preview:	<div id="waittext"><img src="/img/loader48.gif" ></div>.<div id="wrap_scan" style="display:none;">..<fieldset style="width: 900px;">...<div class="subline"> <?php echo _110000_; ?> </div>...<div class="mt">....<span><label class="config"><?php echo _110001_; ?></label></span>....<br /><br />....<div>.....<div style="width: 555px;position:relative;margin:0px auto;">......<img id="device" src="/img/ALL4076.png" alt="" style="z-index: 10" />......<div class="portTop">.......<div id="65-0-0" class="port tt" data-tooltip="<?php echo _002012_; ?> 0" data-ignorelist=""></div>......</div>......<div class="portNumberTop">.......<div id="pn65-0-0" class="portNumber" >Sensor</div>......</div>.....</div>....</div>...</div>...<div id="multiplexer"></div>...<div style="clear:both;"></div>...<div class="mt15">....<div style="float:left; width: 450px;float:left;">.....<input type="button" id="all" value="<?php echo _000811_; ?>" />.....<input type="button" id="reset" value="<?php echo _00081

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\ALL4176scan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	5308
Entropy (8bit):	5.28780459963018
Encrypted:	false
SSDEEP:	96:8j7nGPZqn5A+kagjAKlmz0Yj5SD3g4aqXR:sGxuiOKlmz0G4bF
MD5:	35338C88D04CD6970F7CF6F4DF322B70
SHA1:	A899A9A1015E912231E64B6D442E5107726A012F
SHA-256:	486B7FDC757DFA4646329781F3A475D1DB5735EE9D288D05B80D487D7E479BA8
SHA-512:	A8444EAAAECFC43DA7E49B9B20EE3389651F3D6C2ABF0CBE753697901484B6957A7BE61319BA2925388112E261BB434F779817F083DC04CBEB0ED55BE1E4DAD1
Malicious:	false
Preview:	<div id="waittext"><img src="/img/loader48.gif" ></div>.<div id="wrap_scan" style="display:none;">..<fieldset style="width: 900px;">...<div class="subline"> <?php echo _110000_; ?> </div>...<div class="mt">....<span><label class="config"><?php echo _110001_; ?></label></span>....<br /><br />....<div>.....<div style="width: 555px;position:relative;margin:0px auto;">......<img id="device" src="/img/ALL4176.png" alt="" style="z-index: 10" />......<div class="portTop">.......<div id="80-0-0" class="port tt" data-tooltip="<?php echo _002012_; ?> 0" data-ignorelist=""></div>......</div>......<div class="portNumberTop">.......<div id="pn80-0-0" class="portNumber" ></div>......</div>.....</div>....</div>...</div>...<div id="multiplexer"></div>...<div style="clear:both;"></div>...<div class="mt15">....<div style="float:left; width: 450px;float:left;">.....<input type="button" id="all" value="<?php echo _000811_; ?>" />.....<input type="button" id="reset" value="<?php echo _000812_; ?>

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\ALL4500scan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	6476
Entropy (8bit):	5.2786938683166875
Encrypted:	false
SSDEEP:	96:8jzjElyzFZqn5FDkaglqAKlmz0Yj5ZD3g4aqXR:GElGPuSPKlmz0G7bF
MD5:	171F0452D9D29EDE196B2C60E0AB9FB2
SHA1:	4CC520D7826B77F04D3C34E5DB5F1253303AE723
SHA-256:	EC78578BC3E2F47EB270EDAB733D7C2AA1AB9280AB137C321E1A99C9AB8244DE
SHA-512:	4A062153FB8B0CF69DA79D31B9062BD89DCD8E3304D5A96C9B2E0D61074027929AD4B47D00C4BA6B45472A32E11D9D3047B912B3A9CD7B75BBA09EFE8C49C688
Malicious:	false
Preview:	<div id="waittext"><img src="/img/loader48.gif" ></div>.<div id="wrap_scan" style="display:none;">..<fieldset style="width: 900px;">...<div class="subline"> <?php echo _110000_; ?> </div>...<div class="mt">....<span><label class="config"><?php echo _110001_; ?></label></span>....<br /><br />....<div>.....<div style="width: 700px;position:relative;margin:0px auto;">......<img id="device" src="/img/ALL4500.png" alt="" style="z-index: 10" />......<div class="portTop">.......<div id="1-0-1" class="port tt" data-tooltip="<?php echo _002012_; ?> 1" data-ignorelist=""></div>.......<div id="1-0-3" class="port tt" data-tooltip="<?php echo _002012_; ?> 3" data-ignorelist=""></div>.......<div id="1-0-5" class="port tt" data-tooltip="<?php echo _002012_; ?> 5" data-ignorelist=""></div>.......<div id="1-0-7" class="port tt" data-tooltip="<?php echo _002012_; ?> 7" data-ignorelist=""></div>.......</div>......<div class="portNumberTop">.......<div id="pn1-0-1" class="portNumber" >1</div>...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\ALL5000scan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	8291
Entropy (8bit):	5.250393909110036
Encrypted:	false
SSDEEP:	96:8jZREtyzRO5yDpZqn5JDkaGq+v+uKlmz0Yj5OD3g4aqXR:sEtGRO5YTuuDBfKlmz0GEbF
MD5:	A0B9F5589164B38A1002CCF7833945D0
SHA1:	7FCD4AE7E4E7848C629A024EDA6C22297F419CB0
SHA-256:	1ECFE36B73158A4BCC9C85757CC6CF2B64926C276BAE196705BF5753771FFB28
SHA-512:	E26BAC4476CDCDA51E01CFFFB906F12172D0E2B89DEF02BF5EFD19C4DEC4B57F4B4F3B1AD799369F28CE1EDBB936311C22E2F536C3C1178E931A80FA135A5DF3
Malicious:	false
Preview:	<div id="waittext"><img src="/img/loader48.gif" ></div>.<div id="wrap_scan" style="display:none;">..<fieldset style="width: 900px;">...<div class="subline"> <?php echo _110000_; ?> </div>...<div class="mt">....<span><label class="config"><?php echo _110001_; ?></label></span>....<br /><br />....<div>.....<div style="width: 610px;position:relative;margin:0px auto;">......<img id="device" src="/img/ALL5000.png" alt="" style="z-index: 10" />......<div class="portTop">.......<div id="1-0-1" class="port tt" data-tooltip="<?php echo _002012_; ?> 1" data-ignorelist=""></div>.......<div id="1-0-3" class="port tt" data-tooltip="<?php echo _002012_; ?> 3" data-ignorelist=""></div>.......<div id="1-0-5" class="port tt" data-tooltip="<?php echo _002012_; ?> 5" data-ignorelist=""></div>.......<div id="1-0-7" class="port tt" data-tooltip="<?php echo _002012_; ?> 7" data-ignorelist=""></div>......</div>......<div class="portNumberTop">.......<div id="pn1-0-1" class="portNumber" >1</div>....

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\crypt.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	3162
Entropy (8bit):	5.210427740358297
Encrypted:	false
SSDEEP:	96:Eq2c8HMNG7D+adaxpEIfFQndoMeGk5CrE:EO8HQakZQnd7vk5CrE
MD5:	2CFD37AB9A3B58B1580A5B02D159CEA4
SHA1:	422736B1518F19DEFA9CE9D060970865D6514E91
SHA-256:	9EDEFD55A36E22B5B4A9ADC0B93A03DD55DFF0EB55FE1D053E4199FB8CFDD751
SHA-512:	182CA991155EFA0251E804736DC920BA0F09BF3776EA3DA5F79EE35080EAC6303EB231737444D9CE0014AFFB3EE5C3CA71B18FA86892260A3A222E08FF0A99A4
Malicious:	false
Preview:	<?php.ini_set("display_errors", 1);.// class Crypt {.class CRYPT_MSR {..public static function encrypt($s,$key="c7aa5f497d0627d44faade3e990fb243") {...$r=null;...for($i=0;$i<=strlen($s);$i++) {....$r.=substr(str_shuffle(md5($key)),($i % strlen(md5($key))),1).$s[$i];...}...for($i=1;$i<=strlen($r);$i++) {....$s[$i-1]=chr(ord($r[$i-1])+ord(substr(md5($key),($i % strlen(md5($key)))-1,1)));...}...return urlencode(base64_encode($s));..}...public static function decrypt($s,$key="c7aa5f497d0627d44faade3e990fb243") {...$r=null;...$s=base64_decode(urldecode($s));...for($i=1;$i<=strlen($s);$i++) {....$s[$i-1]=chr(ord($s[$i-1])-ord(substr(md5($key),($i % strlen(md5($key)))-1,1)));...}...for($i=1;$i<=strlen($s)-2;$i=$i+2) {....$r.=$s[$i];...}...return $r;..}.}..// namespace WhiteHat101\Crypt;.//https://github.com/whitehat101/apr1-md5.class APR1_MD5 {. const BASE64_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';. const APRMD5_ALPHABET = './0123456789ABCDEFGHIJKLM

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\error_codes.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	5636
Entropy (8bit):	4.984627923678559
Encrypted:	false
SSDEEP:	96:MZxxo4q8Kg26M1TauYX5CVWp7wvLqBW24vGZgife1zdbydbpY:Mpo4u4qW6Lq1Zn+zdbydbpY
MD5:	3263C244B7DC38A6CCAA5FFC2B8367AE
SHA1:	F66EF5C5ADBAC97691C15910DB0F950DEECEE7F7
SHA-256:	4A990BF7550CE7B67FDC0B07E1B64018E71F07924FF6A853D806E68475780ECB
SHA-512:	8E220AD1AFE9F7D559909D5A4FEB43C8D8B718E42E447C30A08B88BFAF95D75768CB91B2C8B6D6F30A52F3127FE165BC4CFBFA830DC685F6669A0A90D781B438
Malicious:	false
Preview:	<?php.$curlerr[1]="Unsupported protocol. This build of curl has no support for this protocol.";.$curlerr[2]="Failed to initialize.";.$curlerr[3]="URL malformed. The syntax was not correct.";.$curlerr[4]="A feature or option that was needed to perform the desired request was not enabled or was explicitly disabled at build-time. To make curl able to do this, you probably need another build of libcurl!";.$curlerr[5]="Couldn't resolve proxy. The given proxy host could not be resolved.";.$curlerr[6]="Couldn't resolve host. The given remote host was not resolved.";.$curlerr[7]="Failed to connect to host.";.$curlerr[8]="FTP weird server reply. The server sent data curl couldn't parse.";.$curlerr[9]="FTP access denied. The server denied login or denied access to the particular resource or directory you wanted to reach. Most often you tried to change to a directory that doesn't exist on the server.";.$curlerr[11]="FTP weird PASS reply. Curl couldn't parse the reply sent to the PASS request.";.$

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\login.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.839997842310852
Encrypted:	false
SSDEEP:	24:6a7EpBo5ns35UJNBo5V6554B9Nz7aOEx9n909C1h/7aZ9n909C1Uin:Ko5nu5UJTo5V655M9JWb9WCr/49WCmi
MD5:	395F37FD5C750BC76F681A7271FE334D
SHA1:	6DDE4B0380823782B330A39644ADB5FEDD9E879C
SHA-256:	2B0396F40368B04F6C9E705EB029037D4BE3E16D003185FD79DB5CF491380004
SHA-512:	15B7D2BCB231F60E16F1D9FD265F204B92827B40EB6D7C9595849ED623CA44350B28E6A7956ACC3456F868A687C6AE1D08FDF3A3C50FAA8591850A39C40EA3B5
Malicious:	false
Preview:	<?php./* SV: 2.51. * DT: 20121026 . */.include "sqldb.php";..$browser_ip = $_SERVER["REMOTE_ADDR"];.$httpuser0_username = db_read("/sys/network/httpserver/user0_username");.$httpuser0_password = db_read("/sys/network/httpserver/user0_password");.$httpuser1_username = db_read("/sys/network/httpserver/user1_username");.$httpuser1_password = db_read("/sys/network/httpserver/user1_password");.if(isset($_POST['user'])) {. $username = $_POST['user'];. $password = $_POST['pass'];. if($username == $httpuser0_username) {. if($password == $httpuser0_password) {. $userlevel = 0;. db_write("/sys/network/httpserver/servercookies/ip" . $browser_ip . "/day",date("d"));. db_write("/sys/network/httpserver/servercookies/ip" . $browser_ip . "/month",date("m"));. db_write("/sys/network/httpserver/servercookies/ip" . $browser_ip . "/userlevel",$userlevel);. echo "true";. exit;. }. }. if($username == $httpuser1_username) {. if($passwor

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\option.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	29823
Entropy (8bit):	5.361587786791869
Encrypted:	false
SSDEEP:	768:pSTVKCxcPjYvjB+7leyj+xJeyj1brEefj+EefjCEefj6jOn6OvgQ8yG0:QVKsejYvjBcleyj+xJeyj1brEefj+EeI
MD5:	81B914803ED320E9E95A537DF23449B5
SHA1:	B693E507AC72C1F88E6BE4FBF706B8929956C001
SHA-256:	7CD21883DA912E7F4C49923D192715C831DF3B8E6C747A7A92A17C537808AD50
SHA-512:	D71D9D840778B8D2C78FDC1306579FE4D411E5291AF0D72E9150641556EB803FE4CFE1B03449535727F49970C3572635DB21124EEC9F3E1D679617EC956ED055
Malicious:	false
Preview:	<?php.function get_device_type_value($id, $fields) {..$stm = "SELECT id, type, watermark, label, check_type, length, output, input, security, encrypt, physical_direction, logical_type, chip_id FROM device_type WHERE id='".$id."' AND show_in_select='1' ORDER BY type ";..$result=db_all_read_single($stm);..return($result[$fields]);.}.function get_device_type_allvalue($id) {..$stm = "SELECT id, type, watermark, label, check_type, length, output, input, security, encrypt, physical_direction, logical_type, chip_id FROM device_type WHERE id='".$id."' AND show_as_actor='1' ORDER BY type ";..$result=db_all_read_single($stm);..return($result);.}.function create_counter_type($no, $type, $field) {..$data=file_get_contents("/www/config/d0bus_counter.json");..$counter=json_decode($data, true);..$selected="selected=\"selected\"";..$search=array("%1","%2","%3");..$replace=array(constant("_008051_"),constant("_008052_"),constant("_008053_"));..$counter_options="<option ".($type=="0" ? $selected : null)

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\security.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	5.487236133592157
Encrypted:	false
SSDEEP:	48:GDC89SiDGOO/3Yb73xkWLbxBrUbLa+vSDRa+vNTp3H:UP887YHARH7X
MD5:	E0ADEB7D6B1DF55039F63CE7291DF6BE
SHA1:	7613E3FE0A7B25B28396A741839DB688F4066F75
SHA-256:	3FA653320634B090ACA184CAB5A36E3813915787D3F7B0BAF2A9DE0FC710B129
SHA-512:	9405B43FAFAA2286029A4969A38F1B13750C70EA322C63238493D62171E0AD11DE92F17ABC02D785A7C4C60C9199A7549D39D42EF5F68B569BF3D79DCC1AFC9F
Malicious:	false
Preview:	<?php.// echo date("i:s");.$page = basename($_SERVER["SCRIPT_FILENAME"], ".php");.if($page!="index") {..session_start();..if(isset($_SESSION['__PHP_SESSION__']) ){...$alter= time()-$_SESSION['__PHP_SESSION__']['CREATED'];...if($alter>1440) { //60....session_regenerate_id(true);....$_SESSION['__PHP_SESSION__']['CREATED']=time();...}..} else {...echo "<script>alert('No Session\\nClick >OK< to reload the page');location.reload();</script>";...exit();..}..$headers = apache_request_headers();..if (isset($headers['X-Request-Token'])) {...if ($headers['X-Request-Token'] !== $_SESSION['X-Request-Token']) {....session_unset();....session_destroy();....echo "<script>alert('Wrong token\\nClick >OK< to reload the page');location.reload();</script>";....die();...}..} else {...session_unset();...session_destroy();...echo "<script>alert('No token\\nClick >OK< to reload the page');location.reload();</script>";...die();..}.} else {..$page="sensorpanel";.}.$userRight=null;.$accessHelper=json_decode(file

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\sqldb.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	4936
Entropy (8bit):	5.492033042504274
Encrypted:	false
SSDEEP:	96:2H3O1nLYbTcyrvlcqslYpjmZplsDEscqBsYjsW6MGupDVDrbKHmXbyeS0f:76Qy76lYpjmmlcqaY4tupDxrbKGbtS4
MD5:	4428F67F2504B5572736A8F19B9A3AE2
SHA1:	B36B4CB7ECD9F8E75B8F49F89CC9818BD0688525
SHA-256:	4A325721715677F2A68DF206F83930B6F56C50D08667588975381CB8BFE7F97A
SHA-512:	89BEBDB8FDC1BFD3AEA2A697D29DA3483BF198BF0648F418A2976E56F29652874919599728BD3B42932768E3E6926BDE9FC8A128DFE7F1AC88E454C706F79194
Malicious:	false
Preview:	<?php.$db = new PDO('sqlite:/etc/allnetenv/config.s3db', '', '');.function db_read($tagname) {..global $db;..$stm=$db->prepare("SELECT tag, value FROM config WHERE tag = '" . $tagname . "'");..$stm->execute();..$result=$stm->fetchColumn(1);..return($result);.}.function db_write($tagname, $daten) {..global $db;..$stm=$db->prepare("UPDATE config SET value = :daten WHERE tag = :tagname");..if (!$stm->execute([':daten'=>$daten, ':tagname'=>$tagname])) {...$stm=$db->prepare("INSERT INTO config (tag, value) VALUES (:tagname , :daten)");...$stm->execute([':tagname'=>$tagname, ':daten'=>$daten]);..}.}.function db_delete($tagname) {..global $db;..$result = $db->exec("delete from config WHERE tag = '" . $tagname . "'");.}.function db_read_sql($sql) {..global $db;..$result = $db->query($sql);..return($result);.}.function db_read_sql_solo($sql, $col) { // Abfrage 1 spalte aus einer Zeile..global $db;..$result = $db->query($sql)->fetchColumn($col);..return($result);.}.function db_exec($kommando, $d

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\stopwords.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	7732
Entropy (8bit):	4.3531982605531425
Encrypted:	false
SSDEEP:	192:8yujXiawowTgWlt3d89h7AFNzINPChXQVv:v6i+acNPCh2v
MD5:	D8AFE6F7EFE65110D8916A34C9177FAE
SHA1:	D11DE529449C8BE87D24B6B48FB081D844AEDEAC
SHA-256:	03DF5ACCC5B75AC34F7CB63FFA94BFA9C4F4D95333038BF4EDB5B7413B79AC81
SHA-512:	AC08D7A2079F47B87D87CC5B71A9C62E06126A3AF2F23A3ED01D27606E2DB6773315FB3D3978DEE38547B117898DC9DB57B8F34B3022DEEAAA40AA4A72AC8C6B
Malicious:	false
Preview:	<?php.$stop=array("/\bash\b/i",."/\balias\b/i",."/\bbg\b/i",."/\bcd\b/i",."/\bcommand\b/i",."/\beval\b/i",."/\bexec\b/i",."/\bexit\b/i",."/\bexport\b/i",."/\bfg\b/i",."/\bgetopts\b/i",."/\bhash\b/i",."/\bhelp\b/i",."/\bhistory\b/i",."/\bjobs\b/i",."/\bkill\b/i",."/\blet\b/i",."/\blocal\b/i",."/\bprintf\b/i",."/\bpwd\b/i",."/\bread\b/i",."/\breadonly\b/i",."/\bset\b/i",."/\bshift\b/i",."/\bsource\b/i",."/\btest\b/i",."/\btimes\b/i",."/\btrap\b/i",."/\btype\b/i",."/\bulimit\b/i",."/\bumask\b/i",."/\bunalias\b/i",."/\bunset\b/i",."/\bwait\b/i",."/\breboot\b/i",."/\bhalt\b/i",."/\bcd\b/i",."/\bchdir\b/i",."/\bbusybox\b/i",."/\bcatv\b/i",."/\bchattr\b/i",."/\bchgrp\b/i",."/\bchmod\b/i",."/\bchown\b/i",."/\bcp\b/i",."/\bcpio\b/i",."/\bdate\b/i",."/\bdd\b/i",."/\bdf\b/i",."/\bdmesg\b/i",."/\bdnsdomainname\b/i",."/\bdumpkmap\b/i",."/\begrep\b/i",."/\bfdflush\b/i",."/\bfgrep\b/i",."/\bgetopt\b/i",."/\bgrep\b/i",."/\bgunzip\b/i",."/\bgzip\b/i",."/\bhostname\b/i",."/\bkill\b/i",."/\blinux32\b/i",

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\include\xhrSession.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	1605
Entropy (8bit):	5.402236135532832
Encrypted:	false
SSDEEP:	48:DfUOFO2hHDV7vgd9hQTt2eN/3FCW1TnPX0Q3BvU5Xw:rxM2rIf54PNp
MD5:	C972FB78B8D5BFFA2D16FE23BB1FCE99
SHA1:	C6AF5295596267626435CC9C7D9AAF75548EAEB3
SHA-256:	39D3D334067FBC9EBCC72B7D6F987D8ADA040488E6BD52CFEC98AFF6983126AC
SHA-512:	663D60DC63F19AFFF0AC56E6B9F95DD76EEAFF91C1F056517B28D9A205A6310E61DCDF0BC0EF0655755F676E97CB3320FA64223CA043476D4378E317BE95FD10
Malicious:	false
Preview:	<?php.if (!function_exists('rightCheck')) {..function rightCheck($userRight, $required) {...$rights = array();...for($i = 9; $i >= 0; $i--) {....$val = pow(2, $i);....if($userRight >= $val) {.....$rights[] = $val;.....$userRight -= $val;....}...}...if(in_array($required, $rights)) {....return true;...}...else {....return false;...}..}.}.if(session_status()=== PHP_SESSION_NONE) { // PHP_SESSION_ACTIVE..session_start();.}.if(isset($_SESSION['__PHP_SESSION__']['CREATED']) ){..$alter= time()-$_SESSION['__PHP_SESSION__']['CREATED'];..if($alter>1440) { //60...session_regenerate_id(true);...$_SESSION['__PHP_SESSION__']['CREATED']=time();..}.} else {..$_SESSION['__PHP_SESSION__']=array();..session_unset();..session_destroy();..die();.}.$headers = apache_request_headers();.if (isset($headers['X-Request-Token'])) {..if ($headers['X-Request-Token'] !== $_SESSION['X-Request-Token']) {...session_unset();...session_destroy();...echo json_encode(array("error"=>777886, "errorMessage"=>"Wrong Session")

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\index.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text, with very long lines
Category:	dropped
Size (bytes):	15539
Entropy (8bit):	5.536756962924362
Encrypted:	false
SSDEEP:	384:egMOcxR4wYJ/KRFeX3IX/YXfXpXdC+dbq7R:eg5wYJ/zpC
MD5:	E7E1EE9EB9ECD310B9CCCAF3688C0861
SHA1:	2882ECC7DE04B691CD0592E23EFE4E78517DB3E0
SHA-256:	44B948171AE695C1D66F47B64EE06DAF5AAB531B6490F010E0528BE96F90F605
SHA-512:	AB362BF27CEDB2089ED5945303F224B9B1B0EFE41D1A277EB5AD17BE82D739E215FA911798E822B41EA80695450FC8EA83AA3DE35AC9F7A196F05AFA5A4D6A9F
Malicious:	false
Preview:	<?php.$page = basename(__FILE__, '.php');.if(session_status()=== PHP_SESSION_NONE) { // PHP_SESSION_ACTIVE..session_start();..if (empty($_SESSION['X-Request-Token'])) {...$_SESSION['X-Request-Token'] = md5(md5(uniqid(mt_rand(), true)));...$_SESSION['__PHP_SESSION__']['CREATED']=time();..}.}.include "/www/include/sqldb.php";.include "/www/include/security.php";.$firmware = explode(";", file_get_contents('/etc/default/version'));.$version=number_format($firmware[0]/100,2,'.','').".".$firmware[1];.$main=db_read_sql_solo("SELECT entry,value,activ FROM frontend WHERE entry='menu_config_main' AND value='main' AND activ='1'",2);.$device=db_read_sql_solo("SELECT entry,value,activ FROM frontend WHERE entry='menu_config_main' AND value='device' AND activ='1'",2);.$config=db_read_sql_solo("SELECT entry,value,activ FROM frontend WHERE entry='menu_config_main' AND value='config' AND activ='1'",2);.$menudisplay=db_read_sql("SELECT entry,value,text,sort,activ,security FROM frontend WHERE entry='menu_

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\language.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	4023
Entropy (8bit):	5.265418912657569
Encrypted:	false
SSDEEP:	96:A2BzymA9bPrRuQTFqzEPCf/8NznZHuMC5hvsVV6:+TuQYEe/+ZOW0
MD5:	FE8B017F61F9C1B95DE5D0D033FFEBCF
SHA1:	A9837A3C55906596AF326F5E9874189BF1215B4A
SHA-256:	563CA4459C071EABA799F8253996682405F6409635419FF3E1F36DDE4B58E914
SHA-512:	F9EAB91FFD34AE54E5EBB144DF89A68D22A3FD8E91A0099BF642E4711924CC03940F86E2815548CDC248791CF1ACFD175FDFD2888B5DFB28432A81EFF6AC1279
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/option.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.if($_POST['gw']!=1) {..$init=false;. .$language=db_read("/device/language");. .$style_init=null;. .if($language=="INIT") {...$language="en";...$init=true;...$style_init="style=\"clear:both;width: 200px;margin:0 auto\"";..}..$dir=opendir("config");. .$languages=array_fill(0,9, 'false');. .$i=0;. .$messageTextToJS=null;. .while($file=readdir($dir)) {. if(substr($file,0,5) == "lang_") {....$languages[$i]=substr($file,5,2);....if($init) {.....$messageTextToJS.="messageText['".$languages[$i]."']='".constant($languages[$i]."_000151_")."';";....}.. $i++;. }. .}..closedir($dir);. .function RandomLang($min, $max, $quantity) {...$numbers = range($min, $max);...shuffle($numbers);.. return array_slice($numbers, 0, $quantity);..}..$la

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\login.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	5217
Entropy (8bit):	5.524432208926805
Encrypted:	false
SSDEEP:	96:v2bcXjkp4wGWOP7vuDsPG6UggKxLNyZcOwSr8yZcOwSpyZcO7C:pjkmWm2+G6UggWx47A47p4xC
MD5:	9E66CE9405D47235845CA4814D617DA0
SHA1:	657F0A440BC281EA1A18A36C593EDDDFBF279750
SHA-256:	FBDB4B5B43423F0A0FC22204E3EBB537A46A8DE0156094CAE69F2FB457F8F05C
SHA-512:	C248AC49BAAF6B10307E67DB4E2C7F33A4E8CEC908757AAF4E2E32E7299A73BD0069EDBAF93D2DC3186AD6DEFD4034076D6A7E03CCE46C925898D221585A3256
Malicious:	false
Preview:	<?php..if(!isset($page)) {...include_once "/www/include/sqldb.php";...$page="index";..}..include_once "/www/include/crypt.php";..$enckey = base64_encode(md5(db_read("/control/local/encryption_key")));..if(!isset($_POST['gw']) \|\| $_POST['gw']!=1) {...if(session_status()=== PHP_SESSION_NONE) { // PHP_SESSION_ACTIVE....session_start();....session_regenerate_id(true);....if (empty($_SESSION['X-Request-Token'])) {.....$_SESSION['X-Request-Token'] = md5(md5(uniqid(mt_rand(), true)));.....$_SESSION['__PHP_SESSION__']['CREATED']=time();....}...}.?>.<div class="msgerror" style="display:none;"></div>.<form method="post">..<input type="hidden" id="enckey" value="<?= $enckey; ?>" />..<fieldset>...<div class="subline"> <?php echo _000049_ ?> </div>...<div>....<span><input class="itext mt5" id="user" type="text" value="" /></span>....<br />....<span><label class="config"><?php echo _000042_; ?></label></span>...</div>...<div>....<span><input class="itext mt" id="pass" type="password" value

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\logout.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	104
Entropy (8bit):	4.722672020938668
Encrypted:	false
SSDEEP:	3:7+XDN+k1t8RsQ62FBYWWXTYWW4Bv6n:Cp+Vf62FBYRjYR4BCn
MD5:	D66328A44CD9A8BCA12862B92E4D516F
SHA1:	CB1C207858A894EBCAF3EB9FD52435DE0DF5F75E
SHA-256:	321A910DC33BAE74BCB13EC38EB34AA6B70EFF9D8A4EA6F0B36E6E4F00F9BF85
SHA-512:	ACB1DC3499DC478C69630866262E6FFDC35BF2F806E43A06E5C2493551B290E5A7907BFEBA460567369D8307424FA9F6A9CF2603237B4469C8527C8C5C269474
Malicious:	false
Preview:	<?php..session_start();..$_SESSION['__PHP_SESSION__']=array();..session_unset();..session_destroy();.?>.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\net_dhcp.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	5497
Entropy (8bit):	5.2943483107498635
Encrypted:	false
SSDEEP:	96:A2pAiBQyrcGiscGtCnjygPPRQv3SS7nUo2OJDJmY5eAB348Gy1kDnTvPgq:9BQG1AjZxQfSiUp+/qmkHPgq
MD5:	980866B1267A8EEEFF9B0BE31910E623
SHA1:	404B4674E76439889CC69FAF510FCCE58DE0A411
SHA-256:	6CF824079D7D08BBE660B8C14ED5062B0DDE61D63A793368A14FED1EB61F2D8B
SHA-512:	6B21AE17C89C7B895806B1840BB8DDA7F2A6DE7C60846DEA83A9559181F30AEA9BEECEEF1135F168C9DDAF4218CC263FF213F5E566DA4E0D54EE9F7CFE91449D
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$page = $_POST['site'];.$page_level = db_read_sql_solo("SELECT security FROM frontend WHERE value='" . $page . "'", 0);.include "/www/include/security.php";.if ($_POST['gw'] != 1) {..$display = "none";..$dhcp = db_read('/sys/network/udhcpd/enable');..if ($dhcp == 1) {...$display = "block";..}..?>..<div class="message_wait" style="display:none;"><h1><?php echo _000190_; ?></h1><h2><?php echo _000044_; ?></h2></div>..<form id="dhcpconfig" name="dhcpconfig" method="post">...<input type="hidden" id="gw" name="gw" value="1" />...<input type="hidden" id="site" name="site" value="<?php echo $page; ?>" />...<fieldset>....<div class="subline"> <?php echo _000311_ ?> </div>....<div style="margin-top:15px;">.....<span class="radio">......<input type="radio" id="f_dhcp_of" onclick="dh(0);" name="f_dhcp" <?php if ($dhcp != "1") {.echo "checked=\"checked\"";.} ?> value="0" /><label class="ui_oo" for="f_dhcp_of"><?php echo _000017_; ?></label>......<i

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\net_lan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	13764
Entropy (8bit):	5.514153365566418
Encrypted:	false
SSDEEP:	192:YTw0l3ceoEPNi8B/48GveWWi+6ityHrtfenTs:YMy3cebFi8R4heJortfenTs
MD5:	6C60D9CDC62DB7E3E15C1176716E3267
SHA1:	00BE91D7F2FED767B4292E738065F5263C074846
SHA-256:	B1E538621BFAA1179EA09871F2D02780F65F9785BDA335CEB5CE01EE1843DDF0
SHA-512:	F9F7F17EE76B7155EFD798784BC3C6B5715726D3B856DA154AE36F48552DFCF49447FCDBBEA8E45605EB23CBDF13EB07AB37B58D2F64E57B67181AE45C1486BA
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$lighttpd=is_dir("/etc/lighttpd");.if(isset($_POST['gw']) && $_POST['gw']!=1) {..$ipRestore=explode(";", exec("ifconfig br0 \| awk '/inet addr/{printf substr($2,6)\";\"substr($3,7)\";\"substr($4,6)\";\"}';ip route \| awk '/default/ {printf $3}'", $result, $errorno ));..$display="none";..$displayDHCP="none";..$hostname=db_read('/sys/network/hostname');..$ipLocaldomain=db_read('/sys/network/localdomain');..$ipmode=db_read('/sys/network/lan/ipmode');..$ipAddress=db_read('/sys/network/lan/ipaddress');..$ipNetmask=db_read('/sys/network/lan/netmask');..$ipGateway=db_read('/sys/network/lan/gateway');..$ipDNS1=db_read('/sys/network/lan/dns1');..$ipDNS2=db_read('/sys/network/lan/dns2');..if($ipmode=="static") {...$display="block";..} else {...$displayDHCP="block";..}.?>.<div class="message_wait" style="displ

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\net_smtp.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	10708
Entropy (8bit):	5.29229260554941
Encrypted:	false
SSDEEP:	96:A2ymAfP9NqmAyvZaaALiNQcJXJitATNSMz92z5SYo1Yt8Re0iYe0posowoZUuD5k:YXKONitAa5p0ix0Wz2da/Vz29
MD5:	B1191AA356386F1DD6A53335BE56A106
SHA1:	15A316B6E5663C71B46452F86A99BEAA4D12BF16
SHA-256:	36FF7045A06FD83F8272E45FB21D90B37EF059A0987CC9ED6FE3C46BA3983354
SHA-512:	D23BADBD14425D2B0478E660DBC6A6B88996FD83A1C864D2F108ED62E19B481C96BE2EF0216320134A2DE59B91F0DAD7020CE4AC1C138A3DD0130F86F4FD7B66
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.if($_POST['gw']!=1) {. .$pass=base64_encode(db_read('/sys/network/mail/pass'));. .$smtp_ssl=db_read('/sys/network/mail/smtpssl');. .$pass_set_text=_000043_;. .$delete_password="display:none;";. .if(strlen($pass)!=0) {. ..$pass_set_text=_990051_;. ..$delete_password="display:inline:block";. .}.?>.<div class="message_wait" style="display:none;"><h1><?php echo _000151_; ?></h1><h2><?php echo _000044_; ?><br /></h2></div>.<div class="message" style="display:none;"><h1><?php echo db_read("/control/devicetype"); ?></h1><h2><?php echo _000606_; ?></h2></div>.<div id="wait" style="display:none;text-align:center;"><?php echo _000610_; ?><br><br><p><img src="/img/loader32.gif" /></p></div>.<div id="success" style="display:none;text-align:center;"><?php echo _000611_; ?></div>.<div id="error"

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\net_umts.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	5068
Entropy (8bit):	5.3779179943038935
Encrypted:	false
SSDEEP:	96:D2ymAaI4bq202icJKywTLr6Myf5j58rXnI0BMwPtxxl525gq09+SK5KVT:vN4bliCiHuB6nI0Jj0yqu/T
MD5:	625570053A3A2D8886D1AC236B2B05FD
SHA1:	3242B42446D140F12C75D806E9D6D5056442CC8D
SHA-256:	3C254008AAAF29B8E8A8527D6C03B6D2FA5D13D05839996CD66A64E05C7D8703
SHA-512:	A322622101CCCCB968888549F5EB29191D117B115A23054667FD4AA0F6E2DC36AA984CE5A47F8DA6C632DFE4E685628AD72871448BD2878858868694AC3C6331
Malicious:	false
Preview:	<?php./* SV: 2.51. * DT: 20121026. /.include "/www/include/sqldb.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.if($_POST['gw']!=1) {..$umts_activ=db_read("/sys/network/umts/lan");../.. .("/sys/network/umts/pppd_device");...("/sys/network/umts/sms_device");...("/sys/network/umts/simstatus");...("/sys/network/umts/signal");...("/sys/network/umts/network");...("/sys/network/umts/registered");...("/sys/network/umts/lan");.. */.?>..<div id="testsms" style="display:none;">...<fieldset style="width:355px;">....<span><input class="itextuser" style="width:340px;" id="phonenr" name="phonenr" type="text" value="" /></span>....<br />....<span><label class="config"><?php echo _200172_; ?></label></span>....<span><input class="itextuser" style="width:340px;" id="text" name="text" type="text" value="" /></span>....<br />....<span><label class="config"><?php echo _200173_; ?></label></spa

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\net_wlan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	20267
Entropy (8bit):	5.369147369230485
Encrypted:	false
SSDEEP:	384:YMgtqZh7iDCKUq/Cj/Jq/mUjjMcX9ofH0FBIKVYVNttxwg:YVk7mCKUzloq49VYfttxd
MD5:	479D9347942AAF4131094047262F45BD
SHA1:	E4C6FF189A9962176FF2CD8AEDD25E59B7CCF942
SHA-256:	37F6ABC3ED977F45746737336B8F9B504FC52616978A2A45F74C31B4F4EEB3EF
SHA-512:	B4CFB46D5198CCA2018E31295E7B81EC8B380181CE509147CBDD9386D3D8B1A4FCC14EF3320473B54E3435008A7D2DF01CBBCBC1D07ABE0EC2421D3AE3BF6C88
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$platform=db_read("/sys/platform");.$hw=db_read("/sys/hardware");.$lighttpd=is_dir("/etc/lighttpd");.if($_POST['gw']!=1) {..$display="block";..$display_scan_button="inline";..$scantext=_000218_;..$display_accesspoint="display:none;";..$display_client="display:inline;";..$mode = db_read("/sys/network/wlan/mode");..$wlanInterface=db_read("/sys/network/wlan/interface");..$wlanIP=exec("ifconfig ".$wlanInterface." \| grep 'inet addr' \| cut -d ':' -f 2 \| cut -d ' ' -f 1");..$client_authmode = db_read("/sys/network/wlan/sta/authmode");..$client_enckey = base64_encode(db_read("/sys/network/wlan/sta/enckey"));...$accesspoint_channel = db_read("/sys/network/wlan/ap/channel") + 0;..$accesspoint_authmode = db_read("/sys/network/wlan/ap/authmode");..$accesspoint_enckey = base64_encode(db_read("/sys/network/wlan

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\portscan.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	15158
Entropy (8bit):	5.355010527341905
Encrypted:	false
SSDEEP:	384:JMMkRfovy7PfgmI8YUvn0D34IOpFzrjIN3F4z8Ahj:JyRX7fjDIzOpFzrS4z8Ahj
MD5:	631D691CC50333D8BDD8CBE970D88922
SHA1:	A32EA1336117858D001C5B835BEB2946A700DA7A
SHA-256:	F8DDB39B7F79DB9F1C76906047C4808767F7EE8436FBA3883BC2E3189F1995A3
SHA-512:	210A3FC31825EED66E41AAABBF61E2D9EE745A684CACAEC766E636ABF45F790939AF68A1D3358E0832C3D1EEE69B1A7DC5216B35A3FE30F0FD6F0174CF06AC01
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..$page = $_POST['site'];..$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );..include "/www/include/security.php";..$device=db_read("/control/devicetype");..$deviceList=json_decode(file_get_contents("/www/config/device.json"),true);..$deviceConfig=$deviceList[$device];..include "/www/include/".$device."scan.php";.?>.<script>.var portscan = new Worker('/script/allnet_portscan.js');.var token=$('meta[name="X-Request-Token"]').attr('content');.var PortInfo=[];.var Multiplex=[];.var ScanIndex=0;.var simulate = false;.getState= function(reload) {...if(reload) {....$.ajax({.....url: 'ajax/portscan.php',.....type: "POST",.....data: { "scan": "setReload" },.....dataType: "json",.....async: false....})...}...$.ajax({....url: 'ajax/portscan.php',....type: "POST",....data: { "scan": "readPortConfig" },....dataType: "json",....async: false,....success: function(obj) {.....config=obj.config;.....groups=obj.group;.....$

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\allnet_graph.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	4225
Entropy (8bit):	5.29970103298531
Encrypted:	false
SSDEEP:	96:3QsrjOiJjHwy0Hw57lplNhTwQQQ1Q6j3xSiYw43h0DAx1cLt4Ohg:3QsrCijQy0QplTNmQQIQ6DSwaGAHUtRC
MD5:	9687D24285C8BF42C90FA0BB9A2A0E2E
SHA1:	83FA1957F5DF79A8A1004396BB262E80E185C699
SHA-256:	87DD2E12FB004ABF9F39F3B03DFEEDFC4F3FD6AF804D1EEEF33A31174F43F83C
SHA-512:	C03B2557D68E06D6C95BB602D93F941810DB9F92C0366B9935708F6501453C16AB13D10203BDD51AAC54205CEC0F4D2AB0FDDE66F17C944B803DFED73AF4E6D6
Malicious:	false
Preview:	$.extend({. getUrlVars: function(){. var vars = [], hash;. var hashes = window.location.href.slice(window.location.href.indexOf('?') + 1).split('&');. for(var i = 0; i < hashes.length; i++). {. hash = hashes[i].split('=');. vars.push(hash[0]);. vars[hash[0]] = hash[1];. }. return vars;. },. getUrlVar: function(name){. return $.getUrlVars()[name];. }.});..var noDataDialog = function() {...$( "#nodata" ).dialog({....modal: true,.... buttons: {.....Ok: function() {......$( this ).dialog( "destroy" );.....}....}...});..}.var strToTimeStamp = function(entry, state, offset) {..if(entry[0]!="ID" && entry[0]!="DATE" && entry[0]!="") {.//..console.log(entry[0]+' - '+entry[1]).//..var localOffset = (-1) * (new Date().getTimezoneOffset())*60000;...var newentry = new Array();...var dateString = entry[0]+' '+entry[1]+':00';...var reggie = /(\d{4})-(\d{2})-(\d{2}) (\d{2}):(\d{2}):(\d{2})/;...var dateArray = reggie.exec(dateString);...var newdate = new Date( (d

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\allnet_instruments.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	19730
Entropy (8bit):	5.097716284540415
Encrypted:	false
SSDEEP:	384:PUuArpCvzCKUzQtAnXijKYaXUJaxlW8+A8+goFfnKnq0wovntqX/uvDK6tdewXDd:K6CKUzQtAnXijK/XUJa3W8+A8+goFfnI
MD5:	44EF868532ADB2FA2EE065DE2BB8418E
SHA1:	0812747042302BB1E3D481A6CFB4B968ED6117FF
SHA-256:	B3470B0C4FC93BF502AE6642B8D7935A9381ECC888AD9F25A67E4408A3770040
SHA-512:	01D5E73D5DE768AEA9169DCCC1FE51A4166CC07DC03199E04D5643AC9B109408A3CAC27F25D7CD9C101D657CBFB23C13DE2134CB6476384CD27240D299F69B47
Malicious:	false
Preview:	..function thermo1(element,key,name,unit,min,max,display_start,display_stop,lcd,threshold,section,area) {....var SectionColors=0;....if(section=='1') {.....SectionColors=1;.....var sections = Array(steelseries.Section(display_start, parseFloat(min), 'rgba(20, 70, 255, 0.3)'),.......... steelseries.Section(parseFloat(min), parseFloat(max), 'rgba(0, 200, 0, 0.3)'),.......... steelseries.Section(parseFloat(max), display_stop, 'rgba(255, 0, 0, 0.3)'));....}....if(area==1) {.....var areas = Array(steelseries.Section(parseFloat(max), display_stop, 'rgba(200, 0, 0, 0.3)'));....}....if(parseInt(display_start)<0) {.....var zw=Math.abs(parseInt(display_start)).....max=parseInt(max)+zw;....}....cvs_tmp = new steelseries.Radial(element, {.....gaugeType..: steelseries.GaugeType.TYPE4,.....frameDesign..: steelseries.FrameDesign.CHROME,.....backgroundColor.: steelseries.BackgroundColor.BEIGE,.....valueColor..: steelseries.ColorDef.black,.....pointerType..: steelseries.PointerType.TYPE9,.....pointe

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\allnet_menu.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	5625
Entropy (8bit):	5.289719552073596
Encrypted:	false
SSDEEP:	96:6qbC5rvkcxqRW5mWDTcnlSI5Q9fnCFOGN9POqVLnhgPg55zRMU/bKk7mUgRmNEhz:6qbC5rcFRWUkOHaVC0GN9POqV9EiRV/K
MD5:	32104B3883CEC5A28AA19DE6B71530EF
SHA1:	89C4C141651975320F84893811CFD6E6DB646EF3
SHA-256:	EC078FBAAE776008E2F6002B24C11E8C05025B7A68854E170AE7044EDA3B5CB9
SHA-512:	A58EFE0F9580718BF45853B19EB3279DC717B0C4CA0295DB984FD4BB500FDEC2AA0B12579C8EF761C5203A44B3169D9BDA0D8140AFA23F908C686B7302DB97C9
Malicious:	false
Preview:	$(document).ready(function() {..$('#page').css('display', 'block');...$('#menu > li').bind('mouseover', menu_open);..$('#menu > li').bind('mouseout', menu_timer);.// ABORT RUNNING AJAX START..$.xhrPool = [];..$.xhrPool.abortAll = function(not) {. .$(this).each(function(idx, jqXHR) {. .jqXHR.abort();. .$('#mini_dash').empty();. .});. .$.xhrPool.length = 0..};..$.ajaxSetup({. .beforeSend: function(jqXHR) {. .$.xhrPool.push(jqXHR);. .},. .complete: function(jqXHR) {. .var index = $.xhrPool.indexOf(jqXHR);. .if (index > -1) {. .$.xhrPool.splice(index, 1);. .}. .}..});.// ABORT RUNNING AJAX END..$(document).ajaxStart(function(){...$('#ajaxBusy').attr('src', '/img/allnet_logoB.png')..}).ajaxStop(function(){...$('#ajaxBusy').attr('src', '/img/allnet_logo.png')..});..enable_menu();..$('#ajaxBusy').on('click', function(){. ..window.onbeforeunload=function() { };...$('#content').html('<div id="waittext"><img src="/img/l

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\allnet_portscan.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2256
Entropy (8bit):	5.128717754497675
Encrypted:	false
SSDEEP:	48:j3dNMOyK9QDBmvF0kJS3EdWT9nYW9DMcfk0th04XnWtQGnWu:j3MvKqDcHoT4c/Q4i
MD5:	AF5E774CC0A0D22606CEE667AD90E03C
SHA1:	FCE59CFE34F4A674D17D94E4B2BB4FA04BB2C672
SHA-256:	8F62552DC1CEEC87EE8CD538F1365F821069076705DA844FA18C29D01A301293
SHA-512:	90B70D1E56FE4ED8F61F211AEB52307000F125455F7FD9DFBDFAA287DFA09CE9E27AC6A3D1F897121B0DFCCCC20B925CAE06FC733D807A305A848879491C13AB
Malicious:	false
Preview:	function get(scan, bus, group, port, multiplexer, ignore, simulate, token) {. try {. .var params = "scan="+scan+"&bus="+bus+"&group="+group+"&port="+port+"&multiplexer="+multiplexer+"&ignore="+ignore+"&simulate="+simulate;. var xhr = new XMLHttpRequest();. xhr.open('POST', '/ajax/portscan.php', false);. xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");..xhr.setRequestHeader("Content-length", params.length);..xhr.setRequestHeader("Connection", "close");..xhr.setRequestHeader("X-Request-Token", token);. xhr.send(params);. return JSON.parse(xhr.responseText);. } catch (e) {. return ''; // alle Fehler in leeren. }.}..self.addEventListener('message', function(e) {..var data = e.data;..var simulate=data.simulate;..var token=data.token;..var getSelected=data.getSelected;..var index=data.index;..var multiplexer=false;..var ignore_existing=false;..ignore=data.ignore;..scan=getSelected[index].split('-');..if(scan.length>3) {...multiplexer=scan[3];..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\allnet_remote.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	15970
Entropy (8bit):	5.2971868874562995
Encrypted:	false
SSDEEP:	192:HUoYrs12vZrybGcZe7LKFCLKFjJJ8ZCQoIJZCQup7dA38+:HUoY41XGTLhLkJJ8ZCQoyZCQup7qB
MD5:	5CBE6F34C481388498F356F91D93E8BE
SHA1:	D5B4261EF382FE495F363486C1932E0D3ECB09D7
SHA-256:	41E15057BB8D5A572D6581EFFAA00B55AC5E3A7C3007E0DA1015CB4A3691D3B7
SHA-512:	7352FF63A93F57D4FD53CE745F5C6D6E69C6D53C865CB68AFD2B5E1A8E1E4064A7A2F9EB0C06DF96FC28B9CD3476A04C0A5F828F3AE450B405B22E647AC052CB
Malicious:	false
Preview:	checkremotedevice= function(auth) {..urlchange=false;..address=$('#assist_adress').val();..port=$('#assist_port').val()..new_record=$('#new_record').val();..old_devicename=$('#remote_name').val();..flowControlOnly=0;..if(port!="80" && port!="") {...address=address+":"+port;..}..if(new_record==0) {...calltype="edit";...address=$('#edit_adress').val();...port=$('#edit_port').val();...if(port!="80" && port!="") {....address=address+":"+port;...}...if(compare_url!=address \|\| compare_port!=port) {....urlchange=true;...}..} else {...calltype="init";.//..compare_externaltype=15;. ..compare_externaltype=$('#compareDeviceType').val();...if($.inArray(address, control)!=-1) {....$('#list').click();....hilight=address;....$( "#dialogexits" ).dialog({.....modal: true,.....buttons: {......Ok: function() {.......$( this ).dialog( "close" );.......setTimeout("$('#'+element).removeClass('hilight');",5000);......}.....}....})....return false;...};..}..$.ajax({...type: "POST",...dataType: "json",...data:

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\allnet_tools.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	11872
Entropy (8bit):	5.49678001659977
Encrypted:	false
SSDEEP:	192:JpL9ITtlomldFgL5ClCKwQL44DdcrooHzZ02CA3029kzeZhyl9kIJH6+4dUfYm:UGL5ClCKws44DdSogZ01tzexAH6+sc
MD5:	735D79674D68D88F5C104D5F8CEE8A21
SHA1:	96C1D5D1B13068D867CA29366B399CB0A6855F93
SHA-256:	013F4C2111949F36AA892BFBFAC5D55E53CDB2C8409F9F1934870447305AC328
SHA-512:	D6DCDE6C42D0F887D9C05C797BD93DE79AB59A466D24AA054B6B8E972489DCEFE55DB332E8A9361A8DB320E3DE37CD0BBF90CF242437B6D5EDD81AD723F8FBDF
Malicious:	false
Preview:	//(function(a){(jQuery.browser=jQuery.browser\|\|{}).mobile=/(android\|bb\d+\|meego).+mobile\|avantgo\|bada\/\|blackberry\|blazer\|compal\|elaine\|fennec\|hiptop\|iemobile\|ip(hone\|od\|ad)\|iris\|kindle\|lge \|maemo\|midp\|mmp\|netfront\|opera m(ob\|in)i\|palm( os)?\|phone\|p(ixi\|re)\/\|plucker\|pocket\|psp\|series(4\|6)0\|symbian\|treo\|up\.(browser\|link)\|vodafone\|wap\|windows (ce\|phone)\|xda\|xiino/i.test(a)\|\|/1207\|6310\|6590\|3gso\|4thp\|50[1-6]i\|770s\|802s\|a wa\|abac\|ac(er\|oo\|s\-)\|ai(ko\|rn)\|al(av\|ca\|co)\|amoi\|an(ex\|ny\|yw)\|aptu\|ar(ch\|go)\|as(te\|us)\|attw\|au(di\|\-m\|r \|s )\|avan\|be(ck\|ll\|nq)\|bi(lb\|rd)\|bl(ac\|az)\|br(e\|v)w\|bumb\|bw\-(n\|u)\|c55\/\|capi\|ccwa\|cdm\-\|cell\|chtm\|cldc\|cmd\-\|co(mp\|nd)\|craw\|da(it\|ll\|ng)\|dbte\|dc\-s\|devi\|dica\|dmob\|do(c\|p)o\|ds(12\|\-d)\|el(49\|ai)\|em(l2\|ul)\|er(ic\|k0)\|esl8\|ez([4-7]0\|os\|wa\|ze)\|fetc\|fly(\-\|_)\|g1 u\|g560\|gene\|gf\-5\|g\-mo\|go(\.w\|od)\|gr(ad\|un)\|haie\|hcit\|hd\-(m\|p\|t)\|hei\-\|hi(pt\|ta)\|hp( i\|ip)\|hs\-c\|ht(c(\-\| \|_\|a\|g\|p\|s\|t)\|tp)\|hu(aw\|tc)\|i\-(20\|go\|ma)\|i230\|iac( \|\-\|\/)\|ibro\|idea\|ig01\|ikom\|im1k\|inno\|ipaq\|iris\|ja(t\|v

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\crypt.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	8070
Entropy (8bit):	5.5761924746210365
Encrypted:	false
SSDEEP:	192:vnvszY6tiWRbJZ2KsLjBDdSmGNNcjhW7qspjPJNBbYpycaK1s7:vUvt/bJZSS/mF6qYcpJ0
MD5:	2597F5494FCA97463477A4DAE51209C8
SHA1:	289EFC629C935C33C61545228A66EC132F916746
SHA-256:	493A850BC2429E5B351BE455357BD883A37C8758526A293D6606FEC2701B184E
SHA-512:	48E5305B8307C27119AFD550D038DF23F092566FFD742F726C05BF91E38F93BD327FC818F1FD07EDD70B3DC48FCD1A350FAA76758898D28FAC5DEF8F0AEF9E63
Malicious:	false
Preview:	/* md5.js 1.0b 27/06/96. * Javascript implementation of the RSA Data Security, Inc. MD5. * Message-Digest Algorithm.. * Copyright (c) 1996 Henri Torgemane. All Rights Reserved.. * Permission to use, copy, modify, and distribute this software. * and its documentation for any purposes and without. * fee is hereby granted provided that this copyright notice. * appears in all copies.. * Of course, this soft is provided "as is" without express or implied. * warranty of any kind.. * Modified with german comments and some information about collisions.. * (Ralf Mieke, ralf@miekenet.de, http://mieke.home.pages.de). */.function encrypt(f,d){var e="";var a="";for(var b=0;b<=f.length;b++){shuffle=str_shuffle(d);start=b%(d.length);e+=shuffle.substr(start,1)+f.substr([b],1)}for(var b=1;b<=e.length;b++){a+=chr(ord(e.substr(b-1,1))+ord(d.substr((b%d.length-1),1)))}return(encodeURI(Base64Encode(a)))}function decrypt(f,d){f=Base64Decode(decodeURI(f));var e="";var a="";for(var b=1;b<=f.length;b++){a+=chr

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery-2.1.4.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	84345
Entropy (8bit):	5.366447824180109
Encrypted:	false
SSDEEP:	1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrJ:++414Jiz6fh6lTqya98HrJ
MD5:	F9C7AFD05729F10F55B689F36BB20172
SHA1:	43DC554608DF885A59DDEECE1598C6ACE434D747
SHA-256:	F16AB224BB962910558715C82F58C10C3ED20F153DDFAA199029F141B5B0255C
SHA-512:	3DCAE1FF6E98C64E3586BE3EB14DD486C51F7D4E9FA1B8F9A628BE4FBB6A9AB562F31F9B50E16D2E0C72B942BDBE84EEE8E0EF87FA730DB1428B199A59D88232
Malicious:	false
Preview:	/! jQuery v2.1.4 \| (c) 2005, 2015 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,functi

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery-ui-1.11.4.custom.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	240427
Entropy (8bit):	5.145957205231498
Encrypted:	false
SSDEEP:	3072:WjVq69DYt9ySDvamCTxpGQECNuE70U97b/cb+FVZIJ:wV70yRm7QEQus0qA
MD5:	AEBD5A17CCD08CAE2C626EDCC0069B7A
SHA1:	D93C223643C49B0F8B9AD46712935373B2F2594B
SHA-256:	23EC4153DB1241E9B5B239E4CA6B94DDA3FBEEDA286697408DA13F562C596D14
SHA-512:	2BDA27A29728105309910523D6E0E12B49867989A506DFE27153C511F8BF2881985AF35796C5B01C782A085CD455DB8C6BBB6245709D70F4C95015DC077640F2
Malicious:	false
Preview:	/! jQuery UI - v1.11.4 - 2015-10-25. http://jqueryui.com.* Includes: core.js, widget.js, mouse.js, position.js, draggable.js, droppable.js, resizable.js, selectable.js, sortable.js, accordion.js, autocomplete.js, button.js, datepicker.js, dialog.js, menu.js, progressbar.js, selectmenu.js, slider.js, spinner.js, tabs.js, tooltip.js, effect.js, effect-blind.js, effect-bounce.js, effect-clip.js, effect-drop.js, effect-explode.js, effect-fade.js, effect-fold.js, effect-highlight.js, effect-puff.js, effect-pulsate.js, effect-scale.js, effect-shake.js, effect-size.js, effect-slide.js, effect-transfer.js.* Copyright 2015 jQuery Foundation and other contributors; Licensed MIT */..(function(e){"function"==typeof define&&define.amd?define(["jquery"],e):e(jQuery)})(function(e){function t(t,s){var n,a,r,o=t.nodeName.toLowerCase();return"area"===o?(n=t.parentNode,a=n.name,t.href&&a&&"map"===n.nodeName.toLowerCase()?(r=e("img[usemap='#"+a+"']")[0],!!r&&i(r)):!1):(/^(input\|select\|textarea\|button\|ob

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery-ui-slider-pips.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	4984
Entropy (8bit):	5.106676695965667
Encrypted:	false
SSDEEP:	96:su5OSrmAFf16eYke7SjAJwdtc75LAG1lAOVJrXKYWPKjO:t5OSrbFfYtUj/+xlAATKYWPKjO
MD5:	487A6D47621017066E3E4C9529C4BA53
SHA1:	E8B6D23156244A48E4F4839D7CEC95962F885045
SHA-256:	9B9AA4996711DC58E70CF9F416C74D30009DC5CCD56BA83A94D1B5039BCF82BF
SHA-512:	65B7F71B94AF3830A38A52912657FE596413AA6EFC627B194D39FACBA1C99BFB4228B26D98A13ACB211B5BDF02DC9F7F9FCB70E5D65D683C84FDFB18ECD00179
Malicious:	false
Preview:	/! jQuery-ui-Slider-Pips - v1.6.2 - 2014-09-13. Copyright (c) 2014 Simon Goellner <simey.me@gmail.com>; Licensed MIT /.!function(a){"use strict";var b={pips:function(b){function c(b){var c=a(b).data("value"),d=e.element;if(!0===e.options.range){var f,g=d.slider("values");f=g[0]===g[1]?c<g[0]?[c,g[1]]:[g[0],c]:Math.abs(g[0]-c)===Math.abs(g[1]-c)?[c,c]:Math.abs(g[0]-c)<Math.abs(g[1]-c)?[c,g[1]]:[g[0],c],d.slider("values",f),i.range(f)}else d.slider("value",c),i.single(c)}function d(a){var b,c,d=a,f="ui-slider-pip",i="";"first"===a?d=0:"last"===a&&(d=g);var j=e.options.min+e.options.stepd,k=j.toString().replace(".","-");return b=h.labels?h.labels[d]:j,"undefined"==typeof b&&(b=""),"first"===a?(c="0%",f+=" ui-slider-pip-first",f+="label"===h.first?" ui-slider-pip-label":"",f+=!1===h.first?" ui-slider-pip-hide":""):"last"===a?(c="100%",f+=" ui-slider-pip-last",f+="label"===h.last?" ui-slider-pip-label":"",f+=!1===h.last?" ui-slider-pip-hide":""):(c=(100/g*a).toFixed(4)+"%",f+="label"===

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.blockUI.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	10021
Entropy (8bit):	5.517225015742168
Encrypted:	false
SSDEEP:	192:x9Gi2o6C0gT7TMelv855LBF23RytqtDz6hxFtNVxAqhDYioSh8rxNrVcew:x9GQ0gf4ele1F2hESP6hxJAqhD0SMnVI
MD5:	7D067D8FA175C65AF21472D4979A108F
SHA1:	F8100EB7ACEC7AC0E846255119A5D4942FEB3252
SHA-256:	76630689158EC08BBD85ED061C7AFCE77C1F47BEB66357667E841D186E534045
SHA-512:	C433D7D6A8CA2802D724586DB9D3E74ED24DBEE9F0D3DF34435BC40AB675B37B9609DA34469F83C46EC8D43AAD3EB9C32BDDF9FC9E2D0876F547AA23C86543E6
Malicious:	false
Preview:	/!. jQuery blockUI plugin. * Version 2.66.0-2013.10.09. * Requires jQuery v1.7 or later. . Examples at: http://malsup.com/jquery/block/. * Copyright (c) 2007-2013 M. Alsup. * Dual licensed under the MIT and GPL licenses:. * http://www.opensource.org/licenses/mit-license.php. * http://www.gnu.org/licenses/gpl.html. . Thanks to Amir-Hossein Sobhi for some excellent contributions!. */.(function(){function a(j){j.fn._fadeIn=j.fn.fadeIn;var d=j.noop\|\|function(){};var n=/MSIE/.test(navigator.userAgent);var f=/MSIE 6.0/.test(navigator.userAgent)&&!/MSIE 8.0/.test(navigator.userAgent);var k=document.documentMode\|\|0;var g=j.isFunction(document.createElement("div").style.setExpression);j.blockUI=function(r){e(window,r)};j.unblockUI=function(r){i(window,r)};j.growlUI=function(x,u,v,s){var t=j('<div class="growlUI"></div>');if(x){t.append("<h1>"+x+"</h1>")}if(u){t.append("<h2>"+u+"</h2>")}if(v===undefined){v=3000}var r=function(y){y=y\|\|{};j.blockUI({message:t,fadeIn:typeof y.fadeIn!=="und

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.csv.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	8715
Entropy (8bit):	5.315460729543891
Encrypted:	false
SSDEEP:	96:tcg6imkpGchm8GJm9KMV0mw36XcrT7FPb6bTd0Or7DaI6b6YjrP8QmU9S3xlgY+n:VU8GJIS64xb6OI6b6iiBlXZf/4
MD5:	01306B93859C7E279483FB184A5CE326
SHA1:	222BCE1049F3638950454B92BC7249A92E2C7B32
SHA-256:	3FE719440CDBBA1900703CC6ACF22B13849245FBCC5119024EBC987928353A99
SHA-512:	C799FAE49A96B954B13C2C11B59E0FFB41954B3A591A35131F4B3CC29351D2E7445779F89A6725502312A121254F95918A22D6CA41110224219AE8EA3D0EAF49
Malicious:	false
Preview:	/*. jQuery-csv (jQuery Plugin). * version: 0.70 (2012-11-04). . This document is licensed as free software under the terms of the. * MIT License: http://www.opensource.org/licenses/mit-license.php. . Acknowledgements:. * The original design and influence to implement this library as a jquery. * plugin is influenced by jquery-json (http://code.google.com/p/jquery-json/).. * If you're looking to use native JSON.Stringify but want additional backwards. * compatibility for browsers that don't support it, I highly recommend you. * check it out.. . A special thanks goes out to rwk@acm.org for providing a lot of valuable. * feedback to the project including the core for the new FSM. * (Finite State Machine) parsers. If you're looking for a stable TSV parser. * be sure to take a look at jquery-tsv (http://code.google.com/p/jquery-tsv/)... * For legal purposes I'll include the "NO WARRANTY EXPRESSED OR IMPLIED.. * USE AT YOUR OWN RISK.". Which, in 'layman's terms' means, by using th

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.download.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1177
Entropy (8bit):	5.070458064031216
Encrypted:	false
SSDEEP:	24:zFXyyaXIPJOAnPYi47hmYpXGBF0qWtsjeG/sW:pCyacOs/+h/kBX9d
MD5:	BC35C87F742A2CEFEBF48D019265FFB6
SHA1:	DA6E9A4EA8F583DC9CEF943A6A0224C230C8C933
SHA-256:	4E850FAB0CB88A1635EF04A38AAB6413AE95DC91805F0DDB20A42E2D02015394
SHA-512:	342A23638E57B59594A97F0F3570D54113DD6381A30B0F465E68F4E46D8344761EE80511115041499B1A269A04CBDBAA4B2526738B798D6E3E63DB24D1CD1CEE
Malicious:	false
Preview:	/. --------------------------------------------------------------------. * jQuery-Plugin - $.download - allows for simple get/post requests for files. * by Scott Jehl, scott@filamentgroup.com. * http://www.filamentgroup.com. * reference article: http://www.filamentgroup.com/lab/jquery_plugin_for_requesting_ajax_like_file_downloads/. * Copyright (c) 2008 Filament Group, Inc. * Dual licensed under the MIT (filamentgroup.com/examples/mit-license.txt) and GPL (filamentgroup.com/examples/gpl-license.txt) licenses.. * --------------------------------------------------------------------. */. .jQuery.download = function(url, data, method){..//url and data options required..if( url && data ){ ...//data can be string of parameters or array/object...data = typeof data == 'string' ? data : jQuery.param(data);...//split params into form inputs...var inputs = '';...jQuery.each(data.split('&'), function(){ ....var pair = this.split('=');....inputs+='<input type="hidden" name="'+ pair[0] +'" value=

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.fileinput.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2135
Entropy (8bit):	4.99278228170979
Encrypted:	false
SSDEEP:	48:P5LyYWWCJuKbd1J1MYSgpSgiSgXeojU5OLyguined3L5H/:P57WWCoEd1J1RScSNSoeok/f
MD5:	1C408BDD69F6EF8ACD5CA37E7419DA34
SHA1:	7D07D875B2F7603D71C8930734C06AC17A97D04A
SHA-256:	B556C0F9FB47CF33BC221AB4C8A0680F5464C84814DF4E2019F9EDFEC2AE5C5A
SHA-512:	0F24E0F4F92F77072F6720BC9A1C5872FB166F72FAC3B39FBEBF4855A428B06643241D82DF6B69069AD9D1885AF02F709267D96AEAF6892E333E0F27F1702929
Malicious:	false
Preview:	(function(d){var h="fileinput-wrapper ui-widget",g="fileinput-input ui-state-default ui-widget-content ui-corner-left",c="fileinput-button ui-state-default ui-widget-header ui-corner-right",i="fileinput-button-text",j="fileinput-file",e="ui-state-hover",a="ui-state-active",b=e+" "+a,f="C:\\fakepath\\";d.widget("shimmy.fileinput",{options:{buttonText:"Browse",inputText:""},_create:function(){var k=this,l=k.options;k.fileFile=k.element,k.fileWrapper=d("<div></div>").addClass(h).hover(function(){k.fileButton.addClass(e)},function(){k.fileButton.removeClass(b)}).bind("mousemove.fileinput",function(n){var m=(n.pageX-d(this).offset().left)-(k.fileFile.width()/1.2);var o=(n.pageY-d(this).offset().top)-(k.fileFile.height()/2);k.fileFile.css("top",o).css("left",m)}).bind("mousedown.fileinput",function(m){k.fileButton.addClass(a)}).bind("mouseup.fileinput",function(m){k.fileButton.removeClass(a)}),k.fileFile.addClass(j).wrap(k.fileWrapper),k.fileInput=d("<span></span>").addClass(g).text(k._getTe

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.fileupload.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3222
Entropy (8bit):	5.266189274063074
Encrypted:	false
SSDEEP:	48:KRMOF7ym1/QNIFEgTSBfQ2BvP40YdP4P7GtaTkH0u8AUpCljgqvmnHthXk:KCl2oBfN4N46HrjlUJrU
MD5:	892CE5D6A50334470CBA4E545AB59FEE
SHA1:	DBFB0E66BC0F7849C1EB6A4746C1AC24A270419D
SHA-256:	BA5B3B81639747A012D4FCCAC9B38D0CE379BF88349B97FE01B23C24381FF878
SHA-512:	BEEBBDE3D738E4D86F62D834ECE118ABA81637244987B443525B25ADFB2D8CD6B0CB7F1ADD62A5F76694449F1B5D91386DA6F40C9AFF8A3D6120019D2110516E
Malicious:	false
Preview:	jQuery.extend({createUploadIframe:function(d,b){var a="jUploadFrame"+d;var c='<iframe id="'+a+'" name="'+a+'" style="position:absolute; top:-9999px; left:-9999px"';if(window.ActiveXObject){if(typeof b=="boolean"){c+=' src="javascript:false"'}else{if(typeof b=="string"){c+=' src="'+b+'"'}}}c+=" />";jQuery(c).appendTo(document.body);return jQuery("#"+a).get(0)},createUploadForm:function(a,j,d){var h="jUploadForm"+a;var c="jUploadFile"+a;var b=jQuery('<form action="" method="POST" name="'+h+'" id="'+h+'" enctype="multipart/form-data"></form>');if(d){for(var e in d){jQuery('<input type="hidden" name="'+e+'" value="'+d[e]+'" />').appendTo(b)}}var f=jQuery("#"+j);var g=jQuery(f).clone();jQuery(f).attr("id",c);jQuery(f).css("-moz-opacity","0");jQuery(f).css("filter","alpha(opacity=0)");jQuery(f).css("opacity","0");jQuery(f).before(g);jQuery(f).appendTo(b);jQuery(b).css("position","absolute");jQuery(b).css("top","-1200px");jQuery(b).css("left","-1200px");jQuery(b).appendTo("body");return b},a

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.flot.canvas.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3812
Entropy (8bit):	5.022268797089126
Encrypted:	false
SSDEEP:	96:aa4wxOd5UPORzMDUtylI88AB7ODtSA5pzP4b34Dr8WSY2:Z70WPjgylYK7qS0NP4Mr8j
MD5:	57B3493D78C51B434A40BC5AE00618B4
SHA1:	9C34EADCEE96DAB37BA0F5EC4CFE18710EE93432
SHA-256:	6FFA4FD5BF2AD2BF638E3E5D9AFD54814ED5803A826F5B38D9186C30A7D4E517
SHA-512:	E40258C6B79CC9DFEC340BE69A63BEEF41825392AE6722561F96685416385CC0AE760C99486E1316A3AE6FF69B936CD4388230A7A14C8D6D18C7E14DB27DE249
Malicious:	false
Preview:	(function($){var options={canvas:true};var render,getTextInfo,addText;var hasOwnProperty=Object.prototype.hasOwnProperty;function init(plot,classes){var Canvas=classes.Canvas;if(render==null){getTextInfo=Canvas.prototype.getTextInfo,addText=Canvas.prototype.addText,render=Canvas.prototype.render}Canvas.prototype.render=function(){if(!plot.getOptions().canvas){return render.call(this)}var context=this.context,cache=this._textCache;context.save();context.textBaseline="middle";for(var layerKey in cache){if(hasOwnProperty.call(cache,layerKey)){var layerCache=cache[layerKey];for(var styleKey in layerCache){if(hasOwnProperty.call(layerCache,styleKey)){var styleCache=layerCache[styleKey],updateStyles=true;for(var key in styleCache){if(hasOwnProperty.call(styleCache,key)){var info=styleCache[key],positions=info.positions,lines=info.lines;if(updateStyles){context.fillStyle=info.font.color;context.font=info.font.definition;updateStyles=false}for(var i=0,position;position=positions[i];i++){if(pos

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.flot.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	52300
Entropy (8bit):	5.260849581332422
Encrypted:	false
SSDEEP:	768:9GKfOx6qLeBQLd4OEe5+8uXgO0hpAh+FYFsWMFlgo:wN6qLqQV5JpAh3+
MD5:	97D394B9F8895A49C17BDAB929B02866
SHA1:	A028033C7E459D2F3CD01D79264AA4A978B672B1
SHA-256:	6656EE53F2A9411770B6B7FAE1F50BF9400BA67F286DDBB578DF1C2B34F4694D
SHA-512:	09782F8F993A4B186C90E083D7AC141BA355F656950FD416B9FF1B52885DA11AC64B5B9080F70B85CFA05B0333F70B9D01A57866275BD78FF14202E0DFF62187
Malicious:	false
Preview:	(function($){$.color={};$.color.make=function(r,g,b,a){var o={};o.r=r\|\|0;o.g=g\|\|0;o.b=b\|\|0;o.a=a!=null?a:1;o.add=function(c,d){for(var i=0;i<c.length;++i)o[c.charAt(i)]+=d;return o.normalize()};o.scale=function(c,f){for(var i=0;i<c.length;++i)o[c.charAt(i)]*=f;return o.normalize()};o.toString=function(){if(o.a>=1){return"rgb("+[o.r,o.g,o.b].join(",")+")"}else{return"rgba("+[o.r,o.g,o.b,o.a].join(",")+")"}};o.normalize=function(){function clamp(min,value,max){return value<min?min:value>max?max:value}o.r=clamp(0,parseInt(o.r),255);o.g=clamp(0,parseInt(o.g),255);o.b=clamp(0,parseInt(o.b),255);o.a=clamp(0,o.a,1);return o};o.clone=function(){return $.color.make(o.r,o.b,o.g,o.a)};return o.normalize()};$.color.extract=function(elem,css){var c;do{c=elem.css(css).toLowerCase();if(c!=""&&c!="transparent")break;elem=elem.parent()}while(elem.length&&!$.nodeName(elem.get(0),"body"));if(c=="rgba(0, 0, 0, 0)")c="transparent";return $.color.parse(c)};$.color.parse=function(str){var res,m=$.color.make;

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.flot.navigate.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6407
Entropy (8bit):	5.2410146651124645
Encrypted:	false
SSDEEP:	96:gtUI2mq3HstOu3NIp4GxU0KRNtKz0bWb5mDRKBwBM8yh1/y9diSPTYR:gtUI203NSxU0KLa5mDUBwBNyh1a9bW
MD5:	C932EF7E9863B830D4F82DF6DBEE7317
SHA1:	FB2C8BFA06C33323C2656B480FEFCE8D23AA7D87
SHA-256:	75DB6278E339069BFBEF89F06AF5D946B0B9BC08BAA6A660659D554018053E0C
SHA-512:	3E00C6C7869636945F7485139BF7522E0729F7C79C7536253070FF9BEA4E87A5C23A749F9F3D2DE9A89CAD403E8E63B9CC872D7816468957F7EF5F76F3154CC6
Malicious:	false
Preview:	(function(a){function e(h){var k,j=this,l=h.data\|\|{};if(l.elem)j=h.dragTarget=l.elem,h.dragProxy=d.proxy\|\|j,h.cursorOffsetX=l.pageX-l.left,h.cursorOffsetY=l.pageY-l.top,h.offsetX=h.pageX-h.cursorOffsetX,h.offsetY=h.pageY-h.cursorOffsetY;else if(d.dragging\|\|l.which>0&&h.which!=l.which\|\|a(h.target).is(l.not))return;switch(h.type){case"mousedown":return a.extend(l,a(j).offset(),{elem:j,target:h.target,pageX:h.pageX,pageY:h.pageY}),b.add(document,"mousemove mouseup",e,l),i(j,!1),d.dragging=null,!1;case!d.dragging&&"mousemove":if(g(h.pageX-l.pageX)+g(h.pageY-l.pageY)<l.distance)break;h.target=l.target,k=f(h,"dragstart",j),k!==!1&&(d.dragging=j,d.proxy=h.dragProxy=a(k\|\|j)[0]);case"mousemove":if(d.dragging){if(k=f(h,"drag",j),c.drop&&(c.drop.allowed=k!==!1,c.drop.handler(h)),k!==!1)break;h.type="mouseup"}case"mouseup":b.remove(document,"mousemove mouseup",e),d.dragging&&(c.drop&&c.drop.handler(h),f(h,"dragend",j)),i(j,!0),d.dragging=d.proxy=l.elem=!1}return!0}function f(b,c,d){b.type=c;var e=

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.flot.time.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6715
Entropy (8bit):	5.354488173174204
Encrypted:	false
SSDEEP:	96:tCCUxPR5QxS5Mi6B68cB5UUpcd+EWoxnhRTShS/Mrll2YZrjKBosk3fujvJukr4K:oCe3YS5DURWoxGlDdjKBHuEr4I1jYS
MD5:	91AF05D9B46D60281DC7518F9E633AED
SHA1:	E6234F222C0B30EF4B1774E1D08DAA5A51789167
SHA-256:	0B781989122C553804C0E69C5AFA291C9DF3BA60FB77A4146AE40A80825EF7AE
SHA-512:	EC6F93650F219BBF6B4C44C5FB14FA517CFB37350173059F43E15C22E0B576F97A6380BCEE99CAF316840B4E8A2578E91B75E06516E256FD17F18F9B2CDE31FA
Malicious:	false
Preview:	(function($){var options={xaxis:{timezone:null,timeformat:null,twelveHourClock:false,monthNames:null}};function floorInBase(n,base){return base*Math.floor(n/base)}function formatDate(d,fmt,monthNames,dayNames){if(typeof d.strftime=="function"){return d.strftime(fmt)}var leftPad=function(n,pad){n=""+n;pad=""+(pad==null?"0":pad);return n.length==1?pad+n:n};var r=[];var escape=false;var hours=d.getHours();var isAM=hours<12;if(monthNames==null){monthNames=["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"]}if(dayNames==null){dayNames=["Sun","Mon","Tue","Wed","Thu","Fri","Sat"]}var hours12;if(hours>12){hours12=hours-12}else if(hours==0){hours12=12}else{hours12=hours}for(var i=0;i<fmt.length;++i){var c=fmt.charAt(i);if(escape){switch(c){case"a":c=""+dayNames[d.getDay()];break;case"b":c=""+monthNames[d.getMonth()];break;case"d":c=leftPad(d.getDate());break;case"e":c=leftPad(d.getDate()," ");break;case"h":case"H":c=leftPad(hours);break;case"I":c=leftPad(hours12);break;cas

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.gridster.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	44235
Entropy (8bit):	5.026839519447957
Encrypted:	false
SSDEEP:	768:dB8c5Z61ch0igey1ylEZ4gti6Hi8hwRydeK/v7wkG0NxU8YlqdB:n8cNgezavbxUjc
MD5:	ED5BD452814B692CBC85BC9EB08CCABF
SHA1:	09B68E33ED13AA4798B1FE2BD2401A1A78AAC4EA
SHA-256:	FB4B2D2BED9D45A6A22AA2B0E3357FD560A39471B29D63A0F700F9BED3A22913
SHA-512:	014BD689BE89D1E07B6F47ADAEC7801746EEBF5566AA80130BE4F93EA94C0E5E7138F4D76367B6189D6A74E9CB6BDF931ED9956FDAF2FECDC09D4A536CDCF610
Malicious:	false
Preview:	/! gridster.js - v0.5.6 - 2014-09-25 - http://gridster.net/ - Copyright (c) 2014 ducksboard; Licensed MIT */ (function(t,i){"function"==typeof define&&define.amd?define("gridster-coords",["jquery"],i):t.GridsterCoords=i(t.$\|\|t.jQuery)})(this,function(t){function i(i){return i[0]&&t.isPlainObject(i[0])?this.data=i[0]:this.el=i,this.isCoords=!0,this.coords={},this.init(),this}var e=i.prototype;return e.init=function(){this.set(),this.original_coords=this.get()},e.set=function(t,i){var e=this.el;if(e&&!t&&(this.data=e.offset(),this.data.width=e.width(),this.data.height=e.height()),e&&t&&!i){var s=e.offset();this.data.top=s.top,this.data.left=s.left}var r=this.data;return r.left===void 0&&(r.left=r.x1),r.top===void 0&&(r.top=r.y1),this.coords.x1=r.left,this.coords.y1=r.top,this.coords.x2=r.left+r.width,this.coords.y2=r.top+r.height,this.coords.cx=r.left+r.width/2,this.coords.cy=r.top+r.height/2,this.coords.width=r.width,this.coords.height=r.height,this.coords.el=e\|\|!1,this},e.update=fun

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.minicolors.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	15446
Entropy (8bit):	5.290733071369315
Encrypted:	false
SSDEEP:	384:EbSTw81EYct9bJX07mkRLqQWkW3hVV6Fi/BLa9ArQ53sylj6k6JsDHyAuC:Hw8SE7mkRLYkWRVV6FiNml5cyBqs5f
MD5:	C80241B36480CA7C41DDA5709AFE7C14
SHA1:	BFAE3A3C170CC8E89C753BE244EF4F5F1BF92A72
SHA-256:	5C0150F5D67A872F29FC646153C87FF2932F3357ADCA68892D95B50A21D5DDB4
SHA-512:	824D70534CAC6DCE772661AF04759935A92E22420AFC0FBDCF01BD6C8AEA5117C87F11FBCD11A770834DF2AD220E719564E98EC9E76CA85A3581F26EAD7EAE81
Malicious:	false
Preview:	/. jQuery MiniColors: A tiny color picker built on jQuery. . Copyright: Cory LaViska for A Beautiful Site, LLC: http://www.abeautifulsite.net/. . Contribute: https://github.com/claviska/jquery-minicolors. . @license: http://opensource.org/licenses/MIT. . /.!function(i){"function"==typeof define&&define.amd?define(["jquery"],i):"object"==typeof exports?module.exports=i(require("jquery")):i(jQuery)}(function($){"use strict";function i(i,t){var o=$('<div class="minicolors" />'),s=$.minicolors.defaults,a,n,r,c,l;if(!i.data("minicolors-initialized")){if(t=$.extend(!0,{},s,t),o.addClass("minicolors-theme-"+t.theme).toggleClass("minicolors-with-opacity",t.opacity).toggleClass("minicolors-no-data-uris",t.dataUris!==!0),void 0!==t.position&&$.each(t.position.split(" "),function(){o.addClass("minicolors-position-"+this)}),a="rgb"===t.format?t.opacity?"25":"20":t.keywords?"11":"7",i.addClass("minicolors-input").data("minicolors-initialized",!1).data("minicolors-settings",t).prop("si

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.qrcode.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	20678
Entropy (8bit):	5.483647625356361
Encrypted:	false
SSDEEP:	384:LEa9sPbnElMTMLg+vA1+YURvWWQLplp1AAdTRv7e+QGLXrDR79yHHHsgl4YZC0Yn:1i7q6L2AqRvWWQjpJQGLXrDR7QPPYOC
MD5:	B2171DB308BB5BEF136D024C54BDB7F4
SHA1:	7196CA2B485738C90BB80F36665986FDE4B21577
SHA-256:	C235793D7B017812DD45E46E507FBDAD699FE007437E37CE9E1F9CB3DE310ECA
SHA-512:	D3358A0F800AAD6B3C49E050DB103F9122E24076AB06F1BE15F14C901B27A05A606A89CBD981068E341972641E4CD86494EF952319949408BD31CE1CCC3FF425
Malicious:	false
Preview:	/! jQuery.qrcode 0.7.0 - //larsjung.de/qrcode - MIT License /.!function(r){"use strict";var t=function(r,t,e,n){var o=y(e,t);o.addData(r),o.make(),n=n\|\|0;var i=o.getModuleCount(),a=o.getModuleCount()+2n,u=function(r,t){return r-=n,t-=n,0>r\|\|r>=i\|\|0>t\|\|t>=i?!1:o.isDark(r,t)},f=function(r,t,e,n){var o=this.isDark,i=1/a;this.isDark=function(a,u){var f=ui,l=ai,c=f+i,g=l+i;return o(a,u)&&(r>c\|\|f>e\|\|t>g\|\|l>n)}};this.text=r,this.level=t,this.version=e,this.moduleCount=a,this.isDark=u,this.addBlank=f},e=function(){var r=document.createElement("canvas");return!(!r.getContext\|\|!r.getContext("2d"))}(),n="[object Opera]"!==Object.prototype.toString.call(window.opera),o=function(r,e,n,o,i){n=Math.max(1,n\|\|1),o=Math.min(40,o\|\|40);for(var a=n;o>=a;a+=1)try{return new t(r,e,a,i)}catch(u){}},i=function(t,e,n){var o=n.size,i="bold "+n.mSizeo+"px "+n.fontname,a=r("<canvas/>")[0].getContext("2d");a.font=i;var u=a.measureText(n.label).width,f=n.mSize,l=u/o,c=(1-l)n.mPosX,g=(1-f)n.mPosY,s=c+l,h=g+f,

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.short_cuts.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	8353
Entropy (8bit):	4.583524076380221
Encrypted:	false
SSDEEP:	192:HZfp7v2CLuWM5KPLxuoe7lyNjGxhyCm9+UecryclhV9XO:5M5Kg0NjGyC/GyOpO
MD5:	D5F55B23A0700B488180505F2A95CC9F
SHA1:	E48ABEBF0419400EBA41CDB3B35A8213AF23750C
SHA-256:	73482F374263F23E00BE3D6CEB834614E1058535AC763BCD73DC14ACDD45B614
SHA-512:	BD9E72E5008638E695BEE8573425EC4A130AF243B16C8D1A41B6A70A9C9ED40BD655C0D73F89D5E273C2C4CB4B3B7520A071903C4775A6AFB61D90A362B51AF1
Malicious:	false
Preview:	/*. JavaScript Shortcuts Library (jQuery plugin) v0.7. * http://www.stepanreznikov.com/js-shortcuts/. * Copyright (c) 2010 Stepan Reznikov (stepan.reznikov@gmail.com). * Date: 2010-08-08. /../global jQuery /..(function($) {.. /* Special keys */. var special = {. 'backspace': 8,. 'tab': 9,. 'enter': 13,. 'pause': 19,. 'capslock': 20,. 'esc': 27,. 'space': 32,. 'pageup': 33,. 'pagedown': 34,. 'end': 35,. 'home': 36,. 'left': 37,. 'up': 38,. 'right': 39,. 'down': 40,. 'insert': 45,. 'delete': 46,. 'f1': 112,. 'f2': 113,. 'f3': 114,. 'f4': 115,. 'f5': 116,. 'f6': 117,. 'f7': 118,. 'f8': 119,. 'f9': 120,. 'f10': 121,. 'f11': 122,. 'f12': 123,. '?': 191, // Question mark. 'minus': $.browser.opera ? [109, 45] : $.browser.mozilla ? 109 : [189, 109],. 'plus': $.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.simplecolorpicker.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3026
Entropy (8bit):	5.0936409526788875
Encrypted:	false
SSDEEP:	48:n0yyVddDzocVcRoCEJsh3O7sW6rSIgQaiSNn8vX6FsOFLuU5eTSKb4hd3Adl7sz:SddnoOu39W6fTabNBX3zKb4hmQ
MD5:	A637BD93DCE1DA96C7A71F8BF88CB678
SHA1:	A83E6EB54F0F61F1CD63B22CC91DC8B70A715123
SHA-256:	EE76064CD29E0F70AC28413BD5DE88D8389184360CB5BE5AC3C664A57C5C1144
SHA-512:	EEE63C089199AA1539D9C0ED0F605E3E57C3812EC0E5A37402B464AAE8E0AA79AC9335D76F513F7663EFB0AA8930FB96B21C500FA2E04D51779B89B01378709F
Malicious:	false
Preview:	(function(b){var a=function(c,d){this.init("simplecolorpicker",c,d)};a.prototype={constructor:a,init:function(h,c,f){var e=this;e.type=h;e.$select=b(c);var g=e.$select.val();e.options=b.extend({},b.fn.simplecolorpicker.defaults,f);e.$select.hide();var j="    ";e.$colorList=null;if(e.options.picker){var i=e.$select.find("option:selected").text();e.$icon=b('<span class="simplecolorpicker icon" title="'+i+'" style="background-color: '+g+';" role="button" tabindex="0">'+j+"</span>").insertAfter(e.$select);e.$icon.on("click."+e.type,b.proxy(e.showPicker,e));e.$picker=b('<span class="simplecolorpicker picker"></span>').appendTo(document.body);e.$colorList=e.$picker;b(document).on("mousedown."+e.type,b.proxy(e.hidePicker,e));e.$picker.on("mousedown."+e.type,b.proxy(e.mousedown,e))}else{e.$inline=b('<span class="simplecolorpicker inline"></span>').insertAfter(e.$select);e.$colorList=e.$inline}var d="";b("option",e.$select).each(function(){var m=b(this);var k=m.val();var n=m

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.tablesorter.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	41853
Entropy (8bit):	5.3673396117660195
Encrypted:	false
SSDEEP:	768:rInkqQQTy4his2l99ED2NC4dyliZgo63obu2ebuqdBUL1DxMqEZvn:r2pQ0y4csk0DMyl+gy62ebVAkqe
MD5:	A80CE9C65B26DA86EC81B0BF2C794E9E
SHA1:	C3FD7A97DAD76BDA653110C14F4338C60BB0205D
SHA-256:	55839E38BB144710405BA6521BA89B2B8E270BDF53A78D4862F63BDCAD52F023
SHA-512:	908176F2A4F3BD71663D54D0203956C1EABB8CC20050BF382B4AC5EB44360D722F365E272E788BB9AF8CE99D20374A77763B84F082D98956DE0257C0CEEEFA35
Malicious:	false
Preview:	!function(a){"function"==typeof define&&define.amd?define(["jquery"],a):"object"==typeof module&&"object"==typeof module.exports?module.exports=a(require("jquery")):a(jQuery)}(function(a){return function(a){"use strict";var b=a.tablesorter={version:"2.25.8",parsers:[],widgets:[],defaults:{theme:"default",widthFixed:!1,showProcessing:!1,headerTemplate:"{content}",onRenderTemplate:null,onRenderHeader:null,cancelSelection:!0,tabIndex:!0,dateFormat:"mmddyyyy",sortMultiSortKey:"shiftKey",sortResetKey:"ctrlKey",usNumberFormat:!0,delayInit:!1,serverSideSorting:!1,resort:!0,headers:{},ignoreCase:!0,sortForce:null,sortList:[],sortAppend:null,sortStable:!1,sortInitialOrder:"asc",sortLocaleCompare:!1,sortReset:!1,sortRestart:!1,emptyTo:"bottom",stringTo:"max",duplicateSpan:!0,textExtraction:"basic",textAttribute:"data-text",textSorter:null,numberSorter:null,widgets:[],widgetOptions:{zebra:["even","odd"]},initWidgets:!0,widgetClass:"widget-{name}",initialized:null,tableClass:"",cssAsc:"",cssDesc:"

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.timepicker.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	Pascal source, ASCII text, with very long lines
Category:	dropped
Size (bytes):	47398
Entropy (8bit):	5.160558508645078
Encrypted:	false
SSDEEP:	768:YUTXtFfBB5wSKEyVp4MiFM+7FM4J7FMn7RidMVSaawl6IkJXd0lHMZn28qchbZoB:fXtLPwSKEyVF7MdMVSaawdlHqZoaKlT
MD5:	5313380DECF8EB18B626DB3B88899267
SHA1:	71B546835CC055A97268E06F0C9D8A0FBCD9D818
SHA-256:	B5670FFCFA53975004CBE29210ABB2650DEE8A8B904B25D24E2E78FA2F6863BC
SHA-512:	C737D51868B60D961761EC863B8E90E2B502F3EEC2D4908067B3478F7D421995BB57B3CB0FA7A2FDC3DC5A427361E914067FA62E267A71C3513210F1CF412046
Malicious:	false
Preview:	/! jQuery Timepicker Addon - v1.4 - 2013-08-11. http://trentrichardson.com/examples/timepicker.* Copyright (c) 2013 Trent Richardson; Licensed MIT */..(function($){$.ui.timepicker=$.ui.timepicker\|\|{};if($.ui.timepicker.version){return;}.$.extend($.ui,{timepicker:{version:"1.4"}});var Timepicker=function(){this.regional=[];this.regional['']={currentText:'Now',closeText:'Done',amNames:['AM','A'],pmNames:['PM','P'],timeFormat:'HH:mm',timeSuffix:'',timeOnlyTitle:'Choose Time',timeText:'Time',hourText:'Hour',minuteText:'Minute',secondText:'Second',millisecText:'Millisecond',microsecText:'Microsecond',timezoneText:'Time Zone',isRTL:false};this._defaults={showButtonPanel:true,timeOnly:false,showHour:null,showMinute:null,showSecond:null,showMillisec:null,showMicrosec:null,showTimezone:null,showTime:true,stepHour:1,stepMinute:1,stepSecond:1,stepMillisec:1,stepMicrosec:1,hour:0,minute:0,second:0,millisec:0,microsec:0,timezone:null,hourMin:0,minuteMin:0,secondMin:0,millisecMin:0,microsecMin:0,h

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.touch-punch.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1190
Entropy (8bit):	5.164233971493758
Encrypted:	false
SSDEEP:	24:++oTAgbJ4aJYJx5j3JgdtcjAlP5aZpEX7n:+QaEQiAlB
MD5:	0E390E86B02E36B6240EF27C01B63A4B
SHA1:	0D216C812C71059D1526D4C558277E51E4495D8A
SHA-256:	8074D47B5FC9E9BDCB9656D4F775B9CE839EFD9060C3640ED434BFA1F88BA94D
SHA-512:	E1CC2DFA1C59BD1355FEEC82841BE3077007CF01D8C546DDDDA112039B150A296ED5FC3D80300638E433F3254402B15833F932610C79BEA92FA614DE03B3961A
Malicious:	false
Preview:	/. jQuery UI Touch Punch 0.2.2. . Copyright 2011, Dave Furfero. * Dual licensed under the MIT or GPL Version 2 licenses.. . Depends:. * jquery.ui.widget.js. * jquery.ui.mouse.js. */.(function(b){b.support.touch="ontouchend" in document;if(!b.support.touch){return;}var c=b.ui.mouse.prototype,e=c._mouseInit,a;function d(g,h){if(g.originalEvent.touches.length>1){return;}g.preventDefault();var i=g.originalEvent.changedTouches[0],f=document.createEvent("MouseEvents");f.initMouseEvent(h,true,true,window,1,i.screenX,i.screenY,i.clientX,i.clientY,false,false,false,false,0,null);g.target.dispatchEvent(f);}c._touchStart=function(g){var f=this;if(a\|\|!f._mouseCapture(g.originalEvent.changedTouches[0])){return;}a=true;f._touchMoved=false;d(g,"mouseover");d(g,"mousemove");d(g,"mousedown");};c._touchMove=function(f){if(!a){return;}this._touchMoved=true;d(f,"mousemove");};c._touchEnd=function(f){if(!a){return;}d(f,"mouseup");d(f,"mouseout");if(!this._touchMoved){d(f,"click");}a=false;};c._m

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.ui.selectmenu1.4.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	15079
Entropy (8bit):	5.089030394823887
Encrypted:	false
SSDEEP:	384:P+fKFA3w1tMC8pL+39DRAeDKY8Bt0OZiaL:PiCxGL
MD5:	40FE2AD360952EC51F39C3E651BE267F
SHA1:	A0F398D5B21C64A3DF37616224B525749E480377
SHA-256:	312A7B5C244E584867E09F3B8FC4B09746EAD1031B4EE8FB306CD748733868E9
SHA-512:	3AFD6959D0E5BD518F8EA97DD773931A886BF707617FE5EB99AD9A2130739E49FE2C2A9D6AE1C24CC5F2695B06ED2D69A889204A43A264C1DABBCD2AD56B232A
Malicious:	false
Preview:	(function(a){a.widget("ui.selectmenu",{options:{appendTo:"body",typeAhead:1000,style:"dropdown",positionOptions:null,width:null,menuWidth:null,handleWidth:26,maxHeight:null,icons:null,format:null,escapeHtml:false,bgImage:function(){}},_create:function(){var b=this,e=this.options;var d=this.element.uniqueId().attr("id");this.ids=[d,d+"-button",d+"-menu"];this._safemouseup=true;this.isOpen=false;this.newelement=a("<a />",{"class":"ui-selectmenu ui-widget ui-state-default ui-corner-all",id:this.ids[1],role:"button",href:"#nogo",tabindex:this.element.attr("disabled")?1:0,"aria-haspopup":true,"aria-owns":this.ids[2]});this.newelementWrap=a("<span />").append(this.newelement).insertAfter(this.element);var c=this.element.attr("tabindex");if(c){this.newelement.attr("tabindex",c)}this.newelement.data("selectelement",this.element);this.selectmenuIcon=a('<span class="ui-selectmenu-icon ui-icon"></span>').prependTo(this.newelement);this.newelement.prepend('<span class="ui-selectmenu-status" />');t

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\jquery.validate.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	21493
Entropy (8bit):	5.319940041285823
Encrypted:	false
SSDEEP:	384:QtpoNbQ6HqZalHddiN7A38hR/Fyq19HU7TEny+xxgXzN1tCwV/vvkpR9rYN1pHOF:FbQ6vlHddi63ijHHIEny+xY3kpRSNbHI
MD5:	3D354A1DEB344D62E1F70A825272B4AF
SHA1:	A1277E4950A489335246FD59B066A7B169CF78E2
SHA-256:	CDE0578486717BB6F75C3A33376116B77677619475C38B5904258E5B118E8436
SHA-512:	6B3E0F92E0644B3498D62C7DAEB7E610FAB3CC6DAAD7CCAFC0158429C464B7860DC23893F0FACC1EB62CBCC76ACF2E6B1C9600B19B1D2FD77903173DFE1F155F
Malicious:	false
Preview:	/! jQuery Validation Plugin - v1.10.0 - 9/7/2012. https://github.com/jzaefferer/jquery-validation.* Copyright (c) 2012 J.rn Zaefferer; Licensed MIT, GPL */.(function(a){a.extend(a.fn,{validate:function(b){if(!this.length){b&&b.debug&&window.console&&console.warn("nothing selected, can't validate, returning nothing");return}var c=a.data(this[0],"validator");return c?c:(this.attr("novalidate","novalidate"),c=new a.validator(b,this[0]),a.data(this[0],"validator",c),c.settings.onsubmit&&(this.validateDelegate(":submit","click",function(b){c.settings.submitHandler&&(c.submitButton=b.target),a(b.target).hasClass("cancel")&&(c.cancelSubmit=!0)}),this.submit(function(b){function d(){var d;return c.settings.submitHandler?(c.submitButton&&(d=a("<input type='hidden'/>").attr("name",c.submitButton.name).val(c.submitButton.value).appendTo(c.currentForm)),c.settings.submitHandler.call(c,c.currentForm,b),c.submitButton&&d.remove(),!1):!0}return c.settings.debug&&b.preventDefault(),c.cancelSubmit?(

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\localization\grid.locale-de.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	4381
Entropy (8bit):	5.094142800605991
Encrypted:	false
SSDEEP:	96:EzC6H/4FCmEWY0pa0RE14tc1XI7qiJdozHGr0UliHCfI8LyRhxX+bBW1j:ElfibESpa0RE1KqiJs40UlieERhxX+bK
MD5:	122DB189CDE8D2F08AA6EBE8BBADDD47
SHA1:	FDA844BA976D5B2B97D379E361C0F08D4DCFF9BF
SHA-256:	0D0194AD2194C557F8A375B92D90874CB15689721C61860A98F6D01BFF1E8444
SHA-512:	BEF1874848437325FAED68FCCA4A220D11CF2DBAD9166925D6D89AE435BE2020AAD820F663770131BCAEE56408AFC52DA845E0EB8C3633E63F23BCB119B2A4B7
Malicious:	false
Preview:	;(function($){./*. jqGrid German Translation. * Version 1.0.0 (developed for jQuery Grid 3.3.1). * Olaf Kl.ppel opensource@blue-hit.de. * http://blue-hit.de/ . . Updated for jqGrid 3.8. * Andreas Flack. * http://www.contentcontrol-berlin.de. . Dual licensed under the MIT and GPL licenses:. * http://www.opensource.org/licenses/mit-license.php. * http://www.gnu.org/licenses/gpl.html.**/.$.jgrid = $.jgrid \|\| {};.$.extend($.jgrid,{..defaults : {...recordtext: "Zeige {0} - {1} von {2}",.. emptyrecords: "Keine Datens.tze vorhanden",...loadtext: "L.dt...",...pgtext : "Seite {0} von {1}"..},..search : {...caption: "Suche...",...Find: "Suchen",...Reset: "Zur.cksetzen",.. odata : ['gleich', 'ungleich', 'kleiner', 'kleiner gleich','gr..er','gr..er gleich', 'beginnt mit','beginnt nicht mit','ist in','ist nicht in','endet mit','endet nicht mit','enth.lt','enth.lt nicht'],.. groupOps: [.{ op: "AND", text: "alle" },.{ op: "OR", text: "mindestens eine" }.],...matchText: "

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\localization\grid.locale-en.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	3832
Entropy (8bit):	5.09196728946188
Encrypted:	false
SSDEEP:	96:GebBZXyKSlXW02k4oF2ESm7rj8bRRfTAvphoXqUZL5o:Ge9pS00x4orl7eRMvphoXqUZto
MD5:	1C177DC82DF6B0A3DE5ED85EBB2B619B
SHA1:	10B3DB5EB85AB1C453F19E99894F975FFA3FEC44
SHA-256:	4D4B2A600F70D32512ECB5874257E0562A4323FFC3D1F227B3A65F9CF78C7BF6
SHA-512:	562BA8E95695FB540E27FD6A6D11522F766BF2B7084AB0998758BABAFCA925051FA17B74C5562914CE968D476274947201B02D6C08B97260E0EF616C79A30FAE
Malicious:	false
Preview:	;(function($){./*. jqGrid English Translation. * Tony Tomov tony@trirand.com. * http://trirand.com/blog/ . * Dual licensed under the MIT and GPL licenses:. * http://www.opensource.org/licenses/mit-license.php. * http://www.gnu.org/licenses/gpl.html.**/.$.jgrid = $.jgrid \|\| {};.$.extend($.jgrid,{..defaults : {...recordtext: "View {0} - {1} of {2}",...emptyrecords: "No records to view",...loadtext: "Loading...",...pgtext : "Page {0} of {1}"..},..search : {...caption: "Search...",...Find: "Find",...Reset: "Reset",...odata : ['equal', 'not equal', 'less', 'less or equal','greater','greater or equal', 'begins with','does not begin with','is in','is not in','ends with','does not end with','contains','does not contain'],...groupOps: [.{ op: "AND", text: "all" },.{ op: "OR", text: "any" }.],...matchText: " match",...rulesText: " rules"..},..edit : {...addCaption: "Add Record",...editCaption: "Edit Record",...bSubmit: "Submit",...bCancel: "Cancel",...bClose: "Close",...saveData: "Data has b

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\localization\messages_de.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	1102
Entropy (8bit):	4.8555180639675015
Encrypted:	false
SSDEEP:	24:npUufvIspWupkF8pkFY7l5epVp29L+qVsZE8Vaiiw:p/wscu/l7XkK7+v9
MD5:	31FD61E7A6BB3D33DFC2B362CB5F7F27
SHA1:	35DF86121F157EE1B6CB38A0760F32793979E734
SHA-256:	C71C5CFEEB03C5073EE614193597AC6446EEB4EC073490FAAC13391AD4758CF6
SHA-512:	D7207E6673938E505CB88E4D20711AB2451118969D4D2612C49ACFF788245752BF24B6E4EC9697591D59C29E86F24DED3DA9021C90D27E82B61DDC9A664CAB14
Malicious:	false
Preview:	/. Translated default messages for the jQuery validation plugin.. * Locale: DE (German, Deutsch). */.jQuery.extend(jQuery.validator.messages, {..required: "Dieses Feld ist ein Pflichtfeld.",..maxlength: jQuery.validator.format("Geben Sie bitte maximal {0} Zeichen ein."),..minlength: jQuery.validator.format("Geben Sie bitte mindestens {0} Zeichen ein."),..rangelength: jQuery.validator.format("Geben Sie bitte mindestens {0} und maximal {1} Zeichen ein."),..email: "Geben Sie bitte eine g.ltige E-Mail Adresse ein.",..url: "Geben Sie bitte eine g.ltige URL ein.",..date: "Bitte geben Sie ein g.ltiges Datum ein.",..number: "Geben Sie bitte eine Nummer ein.",..digits: "Geben Sie bitte nur Ziffern ein.",..equalTo: "Bitte denselben Wert wiederholen.",..range: jQuery.validator.format("Geben Sie bitte einen Wert zwischen {0} und {1} ein."),..max: jQuery.validator.format("Geben Sie bitte einen Wert kleiner oder gleich {0} ein."),..min: jQuery.validator.format("Geben Sie bitte einen Wert gr..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\localization\messages_es.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	1282
Entropy (8bit):	4.7800134699568
Encrypted:	false
SSDEEP:	24:npYfpV4zLYOpYAEIAz03OCcrpBp8ipB8FtpoffShFqc:paW3KrvSi4FtGC6c
MD5:	06A88280B99EEC31A05F5BF3EE84E2FC
SHA1:	AB1F408E9683EA98FB033B40A8CC1D4C0B8C65A1
SHA-256:	AACF1172BC273D5FE4A3B506C3A8BAD0031A082D865D25777B2F0C738C32724D
SHA-512:	B15AC0037EC88A33C41EEBA79535A60AE793454DA4296474146B8853BD973AF56E9153134FBD896A79111F8312096F792283630C2F1F57FD23FACA5E8C15D180
Malicious:	false
Preview:	/. Translated default messages for the jQuery validation plugin.. * Locale: ES (Spanish; Espa.ol). */.jQuery.extend(jQuery.validator.messages, {. required: "Este campo es obligatorio.",. remote: "Por favor, rellena este campo.",. email: "Por favor, escribe una direcci.n de correo v.lida",. url: "Por favor, escribe una URL v.lida.",. date: "Por favor, escribe una fecha v.lida.",. dateISO: "Por favor, escribe una fecha (ISO) v.lida.",. number: "Por favor, escribe un n.mero entero v.lido.",. digits: "Por favor, escribe s.lo d.gitos.",. creditcard: "Por favor, escribe un n.mero de tarjeta v.lido.",. equalTo: "Por favor, escribe el mismo valor de nuevo.",. accept: "Por favor, escribe un valor con una extensi.n aceptada.",. maxlength: jQuery.validator.format("Por favor, no escribas m.s de {0} caracteres."),. minlength: jQuery.validator.format("Por favor, no escribas menos de {0} caracteres."),. rangelength: jQuery.validator.format("Por favor, escribe un valor e

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\localization\messages_fr.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	2700
Entropy (8bit):	4.88163890396029
Encrypted:	false
SSDEEP:	48:p+NyIYr1tUGtiaOresl+U1uQ4f3nJnWnQDhahOFcheLElvdtBdJfti4tiQtiG3+u:cNDYr1tUGtijreSd/4f3nJnWnIhahOFa
MD5:	F00613DABAB31B4A507F87232DCAC3B0
SHA1:	796248DA4F2C9AE355A2DD652BB3214BE8233868
SHA-256:	4FF1F99FE54AE76AD4FF551569F9648577293B130BCEB0A4CC56200188F66768
SHA-512:	56CA3E2167B772F8902E103AF5FCB7BFE1294E0CD1EA5D4F74AC483EA0A88E8BB6C32B7C9EF200D0F5F8CA727EF9FDE24BB4397DD83D0316E33B96A88B866993
Malicious:	false
Preview:	/. Translated default messages for the jQuery validation plugin.. * Locale: FR (French; fran.ais). */.jQuery.extend(jQuery.validator.messages, {..required: "Ce champ est obligatoire.",..remote: "Veuillez corriger ce champ.",..email: "Veuillez fournir une adresse .lectronique valide.",..url: "Veuillez fournir une adresse URL valide.",..date: "Veuillez fournir une date valide.",..dateISO: "Veuillez fournir une date valide (ISO).",..number: "Veuillez fournir un num.ro valide.",..digits: "Veuillez fournir seulement des chiffres.",..creditcard: "Veuillez fournir un num.ro de carte de cr.dit valide.",..equalTo: "Veuillez fournir encore la m.me valeur.",..accept: "Veuillez fournir une valeur avec une extension valide.",..maxlength: $.validator.format("Veuillez fournir au plus {0} caract.res."),..minlength: $.validator.format("Veuillez fournir au moins {0} caract.res."),..rangelength: $.validator.format("Veuillez fournir une valeur qui contient entre {0} et {1} caract.res."),..rang

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\localization\messages_it.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1226
Entropy (8bit):	4.59068047752864
Encrypted:	false
SSDEEP:	24:np2YLjmWmbLekf5sM8phH1pBv6ntpBno96nffBn3hBny5SBnyLo:p5OTbKkfQbVktNpuFLo
MD5:	71EA5C408A00FAA3D1F566033B691358
SHA1:	93AFCDF6510AC215B369410CD55D8BA3D4A7CE2C
SHA-256:	D6E2FD07077A8462CC96D98CC659F9B90AFBB07B38A3183EDD6C74D94ACE8C32
SHA-512:	6D72D9D52BD4D35B8E91D5EEE499A1C268AC206DDECAE81EDECA41D62E1A39E758483E36EF8F8ACE4E4548C551013FD0FC75AE2464E53403E5509BCC034BA9A6
Malicious:	false
Preview:	/. Translated default messages for the jQuery validation plugin.. * Locale: IT (Italian; Italiano). */.jQuery.extend(jQuery.validator.messages, {. required: "Campo obbligatorio.",. remote: "Controlla questo campo.",. email: "Inserisci un indirizzo email valido.",. url: "Inserisci un indirizzo web valido.",. date: "Inserisci una data valida.",. dateISO: "Inserisci una data valida (ISO).",. number: "Inserisci un numero valido.",. digits: "Inserisci solo numeri.",. creditcard: "Inserisci un numero di carta di credito valido.",. equalTo: "Il valore non corrisponde.",. accept: "Inserisci un valore con un'estensione valida.",. maxlength: jQuery.validator.format("Non inserire più di {0} caratteri."),. minlength: jQuery.validator.format("Inserisci almeno {0} caratteri."),. rangelength: jQuery.validator.format("Inserisci un valore compreso tra {0} e {1} caratteri."),. range: jQuery.validator

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\localization\messages_ru.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	1885
Entropy (8bit):	4.953837435385816
Encrypted:	false
SSDEEP:	48:paGRkluM32crEv05k68XlnvIt4zsvL8kOkEkP9s+:sGRk8NXOGsVs+
MD5:	9ADF1999B5D15A500788FAE6657A07D5
SHA1:	B54159FAE271AE4065FF729B3153FA4B7422A893
SHA-256:	91342DC02E9DE9F1A51EEE4392D54F921637306175293B1CDB9F9D3EDFC41625
SHA-512:	9300F8147F0961179D4EEACD289B219008AE50BA4CDBBF38AEA04682C24387E363C98AF344D146F6D1C379FF1D4F90BA0DBE104452F786E1F903DAAFCEC340F9
Malicious:	false
Preview:	/. Translated default messages for the jQuery validation plugin.. * Locale: RU (Russian; ....... ....). */.(function ($) {..$.extend($.validator.messages, {...required: "... .... .......... ..........",...remote: ".........., ....... .......... .........",...email: ".........., ....... .......... ..... ........... ......",...url: ".........., ....... .......... URL.",...date: ".........., ....... .......... .....",...dateISO: ".........., ....... .......... .... . ....... ISO.",...number: ".........., ....... ......",...digits: ".........., ....... ...... ......",...creditcard: ".........., ....... .......... ..... ......... ......",...equalTo: ".........., ....

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\localization\messages_tr.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	1347
Entropy (8bit):	5.016470852695244
Encrypted:	false
SSDEEP:	24:npCquuaZ49sSrxU6xVJ1xFO/xFOixTlr0CmxOgR8ljux3pVOpKptuVqFpxR/6R/i:pnay9sSrO6F1W/Wih4QY8EpiENFX
MD5:	A122160828104D6AF830F91650AD0F38
SHA1:	20519164DD2E3962508D101587F26B617E28560B
SHA-256:	0C7B74F5846CEE2EE1DBB9FE588F9010996336636770C41BB04F913A5F916879
SHA-512:	66538B5E8145EF507C2409488E3F943DE3A8400A8698F8231825F9592E9D543B21FF7FFBF4ED6BFFDCD70332CB1BC3E7A30C9CA86EFE7BA483FFE1B99545CA17
Malicious:	false
Preview:	/. Translated default messages for the jQuery validation plugin.. * Locale: TR (Turkish; T.rk.e). */.jQuery.extend(jQuery.validator.messages, {..required: "Bu alan.n doldurulmas. zorunludur.",..remote: "L.tfen bu alan. d.zeltin.",..email: "L.tfen ge.erli bir e-posta adresi giriniz.",..url: "L.tfen ge.erli bir web adresi (URL) giriniz.",..date: "L.tfen ge.erli bir tarih giriniz.",..dateISO: "L.tfen ge.erli bir tarih giriniz(ISO format.nda)",..number: "L.tfen ge.erli bir say. giriniz.",..digits: "L.tfen sadece say.sal karakterler giriniz.",..creditcard: "L.tfen ge.erli bir kredi kart. giriniz.",..equalTo: "L.tfen ayn. de.eri tekrar giriniz.",..accept: "L.tfen ge.erli uzant.ya sahip bir de.er giriniz.",..maxlength: jQuery.validator.format("L.tfen en fazla {0} karakter uzunlu.unda bir de.er giriniz."),..minlength: jQuery.validator.format("L.tfen en az {0} karakter uzunlu.unda bir de.er giriniz."),..rangelength: jQuery.validator.format("L.tfen en az

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\localization\methods_de.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	375
Entropy (8bit):	5.075663315619855
Encrypted:	false
SSDEEP:	6:UEOwm0hqACdX9nIJqsbfRrJ0T77HMVAJdYcsrnKXgcGGJ0T77HMVAJdlaIOheU+i:UEOwm0kXJaJd0HbMVsmc2KXOe0HbMVsm
MD5:	4DE42C479C298A3D1809591CAC96E88A
SHA1:	0CAC8F990F5438B9102D8212EC3125DA4C7AA85C
SHA-256:	BECB60A5F1DF3E342AC7402ABF5C4A0EBE708C493B8AEFE9FEABBB10E94E220F
SHA-512:	6E8756BFDD92B328127D356F4CC0F7FD6689CF1ADE10D256E7C6322FD17AC6973C415B2D9BD4FDCBBD2204053F3FF5BBDDB797845B1C0D288A7FAE7675C39A0D
Malicious:	false
Preview:	/. Localized default methods for the jQuery validation plugin.. * Locale: DE. */.jQuery.extend(jQuery.validator.methods, {..date: function(value, element) {...return this.optional(element) \|\| /^\d\d?\.\d\d?\.\d\d\d?\d?$/.test(value);..},..number: function(value, element) {...return this.optional(element) \|\| /^-?(?:\d+\|\d{1,3}(?:\.\d{3})+)(?:,\d+)?$/.test(value); ..}.});

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\md5.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3779
Entropy (8bit):	5.13307108978888
Encrypted:	false
SSDEEP:	96:gMdJ/q6R03dkXOmlZ1tJ0agVTeTFTX+L+TuCkTKNQ:R63mCJKJj4+uK6
MD5:	EA27C6F75517DC30BCC46B6795E82B66
SHA1:	43A66F1E3C05E6A1BCA9D5B58075A0E9F73199BF
SHA-256:	85B4623488D422EA846008553528B417E43157A97F6E3297ECADCFE185972F94
SHA-512:	3CD03DF08D407CD5D1F55596C632557FFFB9D2E8A569DC062DB2A4A26034D21CB84A4BFD2128228A2CC402444F1B14DB46F52C766464000C808546E0CB749319
Malicious:	false
Preview:	!function(a){"use strict";function b(a,b){var c=(65535&a)+(65535&b),d=(a>>16)+(b>>16)+(c>>16);return d<<16\|65535&c}function c(a,b){return a<<b\|a>>>32-b}function d(a,d,e,f,g,h){return b(c(b(b(d,a),b(f,h)),g),e)}function e(a,b,c,e,f,g,h){return d(b&c\|~b&e,a,b,f,g,h)}function f(a,b,c,e,f,g,h){return d(b&e\|c&~e,a,b,f,g,h)}function g(a,b,c,e,f,g,h){return d(b^c^e,a,b,f,g,h)}function h(a,b,c,e,f,g,h){return d(c^(b\|~e),a,b,f,g,h)}function i(a,c){a[c>>5]\|=128<<c%32,a[(c+64>>>9<<4)+14]=c;var d,i,j,k,l,m=1732584193,n=-271733879,o=-1732584194,p=271733878;for(d=0;d<a.length;d+=16)i=m,j=n,k=o,l=p,m=e(m,n,o,p,a[d],7,-680876936),p=e(p,m,n,o,a[d+1],12,-389564586),o=e(o,p,m,n,a[d+2],17,606105819),n=e(n,o,p,m,a[d+3],22,-1044525330),m=e(m,n,o,p,a[d+4],7,-176418897),p=e(p,m,n,o,a[d+5],12,1200080426),o=e(o,p,m,n,a[d+6],17,-1473231341),n=e(n,o,p,m,a[d+7],22,-45705983),m=e(m,n,o,p,a[d+8],7,1770035416),p=e(p,m,n,o,a[d+9],12,-1958414417),o=e(o,p,m,n,a[d+10],17,-42063),n=e(n,o,p,m,a[d+11],22,-1990404162),m=e(m,

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\steelseries.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	228423
Entropy (8bit):	5.474143624836433
Encrypted:	false
SSDEEP:	3072:z2DJaN2yjZYDAa19biMmF5C5m2H7773v7kxJA2H:qJa0y1d651kb
MD5:	84EB671422ECF9497F2FEB8E09086D41
SHA1:	83E5484FAB0AA1C37A68C56708D196A7E3AABFC3
SHA-256:	1DDC4EA8E8F4A4FACC27A820B2E9C028CCDB450EC82E551D1EE451E42809A59D
SHA-512:	AA7723BA79B844407E66254AB0346F811ADBF78EED706AF7E48016AD7FBDB88D59916B9B1F1788B4CF3A8F380269A350DCF361B1C28A96121555C70E430FEDBD
Malicious:	false
Preview:	/!. Name : steelseries.js. * Authors : Gerrit Grunwald, Mark Crossley. * Last modified : 29.01.2014. * Revision : 0.14.7. . Copyright (c) 2011, Gerrit Grunwald, Mark Crossley. * All rights reserved.. . Redistribution and use in source and binary forms, with or without modification, are permitted. * provided that the following conditions are met:. . # Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.. * # Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following. * disclaimer in the documentation and/or other materials provided with the distribution.. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,. * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT. * S

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\textblock.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	10555
Entropy (8bit):	5.073806668773951
Encrypted:	false
SSDEEP:	192:brv8ACtWBbH6f8nyFhxgjiMsTKcEX/OVpoHU:/v8AjBbH6f8nyFhxFi/8poHU
MD5:	F516C1700CA5A04072A1451B42AE7F22
SHA1:	0C730544AA53D5C40DD1E34D341CE3FE5296B70D
SHA-256:	B19E3269DFDE05157D26DCB0A1DA9C97CD25945B8EDBAF46D68B2445F3F44513
SHA-512:	EBECDE0E8F0B933D715F7A944A33102850B2862F9CC65B774479F2F9693887C9738BBB6A56EA9D92D7BCC23CA45F0EBC267DE36C2282A5D074C563B3B9BDC5A1
Malicious:	false
Preview:	var saveFilename='default';.function init() {.//console.log('init')..$('.item').editable();...$( ".clear" ).off().on('click', function() {...remove_id=$(this).parent().get(0).id;...$("#"+remove_id).remove();...save_positions(saveFilename);..})..$( ".format" ).off('click').on('click', function() {...var elementid=$(this).parent().get(0).id;...$('#b').prop('checked', false);...$('#i').prop('checked', false);...$('#r').prop('checked', false);...$('#n').prop('checked', true);...$('#nk').prop('checked', false);...var sensor_format=false;...if(.$('#'+elementid).attr('sensorid') ) {....$('#sensor_format').show();....if($('#'+elementid).attr('nk')=='true') {.....$('#nk').prop('checked', true);....};....sensor_format=true;...}...if($('#'+elementid).attr('b')=='true') {....$('#b').prop('checked', true);...};...if($('#'+elementid).attr('i')=='true') {....$('#i').prop('checked', true);...}...if($('#'+elementid).attr('r')=='true') {....$('#r').prop('checked', true);...}...if($('#'+elementid).attr('

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\tween.min.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	7070
Entropy (8bit):	5.414228488757986
Encrypted:	false
SSDEEP:	96:v6EYrYJ4rYJNhhN3B53hpYTexi9uTKeryfb9bdNVZ0oLkNTdMY:v6EYrs4rsDhN3r3Lafk8Zx0oyV
MD5:	3BD25597CEDD636A4BC75DA3D0A5EB3E
SHA1:	3075805BDA0686053B0CE3140AE589F7E9DD4ACA
SHA-256:	312E30D5DEA49E0D857FD64E15A2FB67ABB77BB2B6B3207B0A2E766F091D20D1
SHA-512:	E78E00140E1E7595F31BC93D83C02FE0182875D0A5DD203E4353A3611F0662CF65C19603E7E08BAA98031B3A1E0AB5D697A77AB3934F6361C87A74E10A70A3AB
Malicious:	false
Preview:	/*********************************************************************.TERMS OF USE - EASING EQUATIONS.Open source under the BSD License..Copyright (c) 2001 Robert Penner.JavaScript version copyright (C) 2006 by Philippe Maegerman.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are.met:.. Redistributions of source code must retain the above copyright.notice, this list of conditions and the following disclaimer.. * Redistributions in binary form must reproduce the above.copyright notice, this list of conditions and the following disclaimer.in the documentation and/or other materials provided with the.distribution.. * Neither the name of the author nor the names of contributors may.be used to endorse or promote products derived from this software.without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS."AS IS" AND ANY

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\script\weather.js Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	6193
Entropy (8bit):	5.329183735606195
Encrypted:	false
SSDEEP:	192:UVJEhQ2t102AFI5lTlmj1hBIazS0BHvWvDR+bb+pR+b8:U/IXAFI+puEvWvDR+H+pR+4
MD5:	A3B5FC331539E6FF49BB3672F848261F
SHA1:	3E85E54F69A6A5FA084842B373491C8A7202641E
SHA-256:	6021ECC17B12D10B2E22DE80CCB96BBE1C49E1FEBBB27DC58EFFD0A1512C8550
SHA-512:	186A88B48362281F345208FDB2F0145343FC14FAA2F359BF5A0379F1DDE4928F676C5F3ABC201B1E487E3E731D3F1E5158184A74BCFF0696B9DD39023D93C59F
Malicious:	false
Preview:	function forecast3h(url, daycount) {..var request=$.ajax({...url: url,...type: "GET",...dataType: "jsonp",...timeout: weatherTimeout,...success: function( data ) {..//console.log(data);....var list = data.list;....var count=1;....var first=true;....for(i=0;i<data.cnt;i++) {.....if(count<=daycount) {......var tmp=data.list[i].dt_txt;......var day=tmp.substr(8,2);......if(first==true) {.......first=false;.......old_day=day;......}......var hour=tmp.substr(11,2);......if(hour=='09' \|\| hour=='12' \|\| hour=='15' \|\| hour=='18') {.......console.log(i + ' - '+day+'.'+hour);.......get_weather3h(data.list[i].weather[0], data.list[i].main);.....//..var direction = degToDirection(data.list[i].wind);.....//..var cloud = data.list[i].clouds.all);......}......if(old_day!=day) {.......count++;.......old_day=day;......}.....}....}...},...error: function( error, StatusText) {....errorMessage(StatusText);...}..}).}..function forecast7d(url,lang_strings) {..var RType="jsonp";..if (location.protocol === 'ht

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\sensoroffline.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	4620
Entropy (8bit):	5.373792717311335
Encrypted:	false
SSDEEP:	96:l20zqTUAGjF83yAc2JkLn3oXI575tcbdMWj+Y3cHAZg:8MjFUFc2Jun4XI1cJYHAZg
MD5:	7CF0E5F5B9DBDC4AA9DD7F594C5AA4AD
SHA1:	F9E616A301F21AEB3BF3B3B90B3C3F374AEEB28D
SHA-256:	4C9DA38724F7FB8F8C30D27BFF378461054BF35999F9CC652FA95862045AF50D
SHA-512:	68F94782D3D9AAD345A383DD3180B8D0DD6FFB428C144EE8B7ADA6F01007D97DC6DEFE1682553D320EBAD105861B4D1FC164452A530F7CC61C9E77F352D8AC8A
Malicious:	false
Preview:	<?php..include "/www/include/sqldb.php";..if(!isset($_POST['gw']) \|\| $_POST['gw'] != "1") {...include "/www/include/option.php";...$page = $_POST['site'];...$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );...include "/www/include/security.php";...$stm = "SELECT sensors_logical.id, sensors_logical.activ, sensors_logical.custom_port_name, sensors_logical.custom_port_description, sensors_logical.fe_view, sensors_logical.fe_digital, ";...$stm .= "external.enabled, external.device_type ";...$stm .= "FROM mapping ";...$stm .= "INNER JOIN sensors_logical ";...$stm .= "ON mapping.id_logical= sensors_logical.id ";...$stm .= "INNER JOIN external ";...$stm .= "ON mapping.id_physical= external.id ";...$stm .= "WHERE sensors_logical.type NOT IN('0', '99') ";...$stm .= "ORDER BY sensors_logical.fe_position, sensors_logical.fe_column ";...$sensors=db_all_read($stm);...$count=0;.?>...<div class="message" style="display:none;"><h1><?php echo db_read("/control/

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\sensorpanel.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	46722
Entropy (8bit):	5.408906890328089
Encrypted:	false
SSDEEP:	768:+e2Yiefj2FQnHCnynnnkfnsnrSThn+Fw7dUV14oFY8bDDQ/QUTE/NUdF5phQwU1l:J2Yiefj2WUuwz8brZQA
MD5:	FE1617C631F21C639B300EC3E50A2E57
SHA1:	1DDD6AB9AE6900ABA88A7239CA07D4E066BC528E
SHA-256:	3BBA5AE8CE1DD53AC1F3AF771AA1442E8DCF6B61CBDC6F5CDDC8FBEAEA033537
SHA-512:	D429110B9D1D8A5E449145AF6C322E674DCB73E987E4C9F2310513AC3511FFC7998ACE4BFD18C98806A117698D7E5056B3EFC1327C2545E8DA3AA1A4699EE87D
Malicious:	false
Preview:	.Experiment Dynamische Gr..e f.r Canvas Gauges 20170523.console.log(element+","+id+","+name+","+unit+","+min+","+max+","+display_start+","+display_stop+","+lcd+","+threshold+","+section+","+area).$('#sensor_canvas_value_1').css({'width': 275, 'height':275}).enspricht dann $('#sensor_canvas_value_'+key).css({'width': newWidth, 'height': newWidth}).bzw. je nach element typ.$('#sensor_canvas_value_'+key).css({'width': newWidth/3, 'height': newWidth}) typ 4.$('#sensor_canvas_value_'+key).css({'width': newWidth, 'height': newWidth/3}) typ 5..<style>..gaugeSmall {. width: 111px;. height: 111px;.}..gaugeStandard {. width: 100px;. height: 275px;.}..gaugeLarge {. width: 450px;. height: 450px;.}.</style>. -->.<?php..include "/www/include/sqldb.php";..include "/www/include/option.php";..$device=trim(file_get_contents("/etc/default/device"));..$page = basename(__FILE__, '.php');..$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );..$switch=false;

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\simple.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	14326
Entropy (8bit):	5.501120215341717
Encrypted:	false
SSDEEP:	384:9k1zyD0ewjKnUX90WBOl6isoA1IeAUKJvRtdbPh7:9k1zyD0ewjvP3ppAUKhjdd7
MD5:	7E81378CB4A2E6FA04EB89EFD58B15F3
SHA1:	DC682594155E5E820960559B2082C68437E2609A
SHA-256:	916EDEC735B9FBA2E8D8EC11DB93B38B5C0DC2B58AAE9B2196892D36E57316DB
SHA-512:	555928A72E05C12CA628C2F8CC5D81778F122F9B52B7AF871436E4C44E9B79D51D7F06D59541AEBD8910EDC0809B3E92F8B3CE16AFED5E30590F0EF801FF9E66
Malicious:	false
Preview:	<style>.table, th, td {. border: 1px solid #33331a;. border-collapse: collapse;. font-family: monospace;. font-size: 12px;.}.table tbody tr:nth-child(2n+1) {..background-color: #555555;.}.table tbody tr:nth-child(2n) {..background-color: #1E1E1E;.}.table tbody tr:hover td{./.background:-o-linear-gradient(bottom, #345D7F 5%, #005fbf 100%);..background: -o-linear-gradient(top,#005fbf,#345D7F);..background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #345D7F), color-stop(1, #005fbf) );..background:-moz-linear-gradient( center top, #345D7F 5%, #005fbf 100% );..filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=\"#345D7F\", endColorstr=\"#005fbf\");./..background: linear-gradient( to bottom, #345D7F 5%, #005fbf 100%);..color: #fff;..background-color:#345D7F;.}.table tr {..height: 42px;..min-height: 42px;.}.th, td {. padding: 8px;. white-space: nowrap;.}..ui-widget {. font-size: 0.8em;.}..switch {./* .margin-top: 5px; */..text-align: c

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\status.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	11823
Entropy (8bit):	5.378794579019307
Encrypted:	false
SSDEEP:	192:xGQaCIGZ0LmiTgRQQyn69HjpPKQPgtUqQD:xiRGOKOgRCCHtUC
MD5:	E7976C8355BBE682366817E48BE4AE53
SHA1:	04B61B359B0E36620A8CB174C4D3996D5361CCD0
SHA-256:	5BE0DF4687E15371C8D48B22E609C648F67D42519B11A9A27C01BF87C2C1B0CA
SHA-512:	F8219ECE97456E639452ED8E5BEA30028F34A28FE19B9FEAA054D695B77B643245B928C8845FAA6666F14C6227FBFB0044852D6F8DEA30446625D60E4F4BE501
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$_POST['site']."'",0 );.// $page_level=db_read_sql_solo("SELECT security FROM frontend WHERE entry='menu_config_basic' AND value='".str_replace(".php","",basename(__FILE__))."'",0);.include "/www/include/security.php";.$sensor=db_read("/control/local/sensortype");.$platform=db_read("/sys/platform");.$boottime=db_read("/device/boottime");.$devicetimeout=db_read("/device/timeout");.$interface="eth0";.if(db_read("/sys/network/interface")!="") {. $interface=db_read("/sys/network/interface");.}.// $mac=exec("/sbin/ifconfig \| grep '".$interface."' \| tr -s ' ' \| cut -d ' ' -f5");./* Automatic for MAC Adresses */.exec("/sbin/ifconfig \| cut -d ' ' -f1 \| grep -v '^$'", $interfaces);.$remove=array("lo","br0");.$interfaces=array_diff($interfaces,$remove);.$firmware = explode(";", file_get_contents('/etc/default/version'));.$version=$firmware[0];.$patch=$firmware[1];.//$target = "/t

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\timer.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text, with very long lines
Category:	dropped
Size (bytes):	19993
Entropy (8bit):	5.380040476252617
Encrypted:	false
SSDEEP:	384:+3bnIpHeY0//C/MA3Mo/W2/cme7ytVDNh:+LIhe7ytV5h
MD5:	E623885F096A8852C555CF3295C5BB03
SHA1:	71C817D0B6FA83D409874422EB5042ADC98F33E0
SHA-256:	1BDDC839919D7532443DED5F7BCAFAD9E934AF6380A07E05A9E80AE7BD7833EA
SHA-512:	203D67E9CE9A1A314047CDA9FE94BDF4AAC0B5E6DC90E2A41748665C21B58F3278EBDCC46C9A4166652A07E4CB0AD5B0F7401956AE24531F0EAD8BAEA7231B81
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.include "/www/include/option.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$device=file_get_contents("/etc/default/device");.$showFlowControl="display:nonw;";.$actionSetWidth="50%";.$dataSunDefaultJson=db_read("sunTimer.data");.if($device=="ALL3653") {..$showFlowControl=null;..$actionSetWidth="33%";..$stm="SELECT id, name FROM flowcontrol WHERE active='true' ORDER BY name;";..$flowControls=db_all_read($stm);.}.if($_POST['gw']!=1) {..$showActorAction="display: none;";..$showActorActionSpinner="display: none;";..if(!isset($_POST['new'])) {...$new=false;...$timer_no=$_POST['id'];...$stm="SELECT id, name, description, start, action, mo, tu, we, th, fr, sa, su, actor, active, actor_type, actor_analogValue, matrixID, matrixAction, flowControlID, timerType, sunInfo FROM timer WHERE id = '".$timer_no."'";...$timer=db_all_read_single($stm);...$a

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\timers.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	3109
Entropy (8bit):	5.314015459391978
Encrypted:	false
SSDEEP:	48:FbOmrLyEbEs2ymA1HVCylnBVncD4QgjM81WlGGQlGI+:F/Ly8D2ymA1bljn1woWAGQAI+
MD5:	03BD271582080FDDAC34E3474D27DBBF
SHA1:	68FAEBC58E10659174CAA52E3B929B7F0A803ACC
SHA-256:	4128A10125035F8DF53B1A12CCC3C65F3347FE12B730B72AA5AD2552087ECC6B
SHA-512:	C4441F5085AD550CDF18AE6E2C1CEA3B2EE08962E1B4A4FC952D318C9C493142A1A98FA0D14BD74215B551C8097C03B6D011FB6DFF74E1DFE5BE01169E8D1F06
Malicious:	false
Preview:	<?php.function getSunInfo($sunTimerData) {..$sunTypes=array(1=>"sunrise",2=>"sunset",3=>"transit",4=>"civil_twilight_begin",5=>"civil_twilight_end",6=>"nautical_twilight_begin",7=>"nautical_twilight_end",8=>"astronomical_twilight_begin",9=>"astronomical_twilight_end");..$sunType=$sunTypes[$sunTimerData['sunType']];..$sunInfo = date_sun_info(strtotime(date("Y-m-d")), $sunTimerData['geoData']['city_lat'], $sunTimerData['geoData']['city_lng']);..return date("H:i:s", $sunInfo[$sunType]);.}.include "/www/include/sqldb.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$timers = db_all_read("SELECT id, name, description, start, active, action, timerType, sunInfo FROM timer ORDER BY active DESC, name");.if($_POST['gw']!=1) {..$stop=0;.?>.<div class="message" style="display:none;"><h1><?php echo db_read("/control/devicetype"); ?></h1><h2><?php echo _000014_; ?><br /></h2></div>.<form meth

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\update.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	15711
Entropy (8bit):	5.381740163539405
Encrypted:	false
SSDEEP:	384:YBabyriy6zud8puMXYybERwHe1sMJKcTETTgf+f2AoI7JCKIT7+F:YBabyrZ6zudgTXYeHe1sMJKrsAoI7JC8
MD5:	4EAF1FA4F35484EAD0F3DC24EE58776B
SHA1:	8068F1B3CE98C6EBDD4357B45979B32C17862278
SHA-256:	3AA2A294B50AACB0856AE2B30A35B947BB73A5A0F00CE122D555CE0F9E7E5085
SHA-512:	3AC1F2017DCC382940C1064FDF3D0AF695D5478D8EDF40A367B098A03857810A4AA32C5006DE834F2BCEE8025C6218C4C74EE1E939D115A48EBA2B2FE8619D8D
Malicious:	false
Preview:	<?php.include "/www/include/sqldb.php";.$page = $_POST['site'];.$page_level=db_read_sql_solo( "SELECT security FROM frontend WHERE value='".$page."'",0 );.include "/www/include/security.php";.$expert=db_read("/control/frontend/expert");.$update_time=db_read("/demons/update/time");.$auto_button_text=_999062_;.$update_time_field="display:none;";.if($update_time!="false") {..$update_time_field="display:block;";..$auto_button_text=_999061_;.}.if($_POST['gw']!=1) {..$interface="eth0";..$automatic="display:none;";..if(db_read("/sys/network/interface")!="") {...$interface=db_read("/sys/network/interface");..}..$mac=exec("/sbin/ifconfig \| grep '".$interface."' \| tr -s ' ' \| cut -d ' ' -f5");. $uuid=file_get_contents("/etc/default/uuid");..$upd_demon_enabled=db_read("/demons/update/enabled");..$firmware = explode(";", file_get_contents('/etc/default/version'));..$version=$firmware[0];..$patch=$firmware[1];..if($upd_demon_enabled=="1") { $automatic="display:block;"; }.?>.<div class="messagebu

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\xml\.htaccess_off Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	93
Entropy (8bit):	4.450848764555439
Encrypted:	false
SSDEEP:	3:ZRNa+n/HNGHMA4zKZr1JPAlbGGWvx9s:vNUKYr1x2bC9s
MD5:	EFF37D2299980F3BDA5F826ECFDD1E62
SHA1:	FEF0F892020AAF8101B62EF7A591F4CC66C2C440
SHA-256:	1A7EE2D1276F820F3FAC0FA2409F3F0E052421B8F94F87E02A295916D6331638
SHA-512:	02C1974FD82B6BE691CA925F9A7D5EBD33B58324754D6C74AD23832130BEF5BC7BB242FF6B04D5C8AA5ED56A525FE5D412A556C118D096B00FAE06943931D4ED
Malicious:	false
Preview:	AuthType Basic.AuthName "Remote Access".AuthUserFile /etc/remote_access.Require valid-user...

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\xml\access.json Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	3.5238561897747234
Encrypted:	false
SSDEEP:	3:YXdfQKY:Yts
MD5:	D3B57A4DAC9969EB19AF502E57793F5F
SHA1:	9C0FD5BF91578F07E5834A6D026C66153D5388B0
SHA-256:	7B040254E7D4394A837B8E76973ABD6D15AB7D074733AF01D965F40BB0702655
SHA-512:	CC51C4AE079B7F6ECD086A4F7BC89965090BE560C93BBAA2DE04985FCCD48E1F20825EF6FC329B59427FAFE5429FD3A0D16A64E2E21F0DA114BAAEFE98E3A6C2
Malicious:	false
Preview:	{"read":"0","switch":"0"}

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\xml\flowcontrol.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, UTF-8 Unicode text
Category:	dropped
Size (bytes):	3601
Entropy (8bit):	5.3562974436052455
Encrypted:	false
SSDEEP:	48:kuq4w37U3fqIHl9vxvGDOdGv1xOisSHM0OSf8speXVLGWC0jNLowDqQVqQ:YyPNvUqGv1xDFHM0Oc8ueFSWC0jeQ
MD5:	DF7FC7D333F1F93ACF1AE3F599F23795
SHA1:	DE2EED84901233101FCEAA09A586422D9B2471DA
SHA-256:	439B07AD0CA898125ECBED3DF44B34F423AB616F447E08F2C55B7ED5671B0C1C
SHA-512:	F9E9533D0FA5FBD302D896E62F64807163CB520A61B7779A4DFD80DBB15F355E4FADA634666DB3B9DC21B385ED108B8131A55D4D7AF901B6E62BEE19113400C1
Malicious:	false
Preview:	<?php.$callback = false;.$accessHelper=json_decode(file_get_contents("/etc/allnetenv/accessHelper.json"), true);.if (isset($_GET["callback"]) && !empty($_GET["callback"]) && !is_numeric($_GET["callback"]) ) {..$callback = $_GET["callback"];.}.if(! $accessHelper['remoteControl']['enabled']) {..$message=json_encode(array("error"=>"777994", "text"=>"Remote control functionality not activated!"));..if($callback!=false) {...header('Content-Type: application/javascript; charset=utf8');...$error=$callback."(".$message.")";..} else {...header('Content-Type: application/json; charset=utf8');...$error=$message;..}..die($error);.}.if( count($accessHelper['remoteControl']['users']) > 0) {..if(!isset($accessHelper['remoteControl']['users'][$_SERVER['PHP_AUTH_USER']]) \|\| $accessHelper['remoteControl']['users'][$_SERVER['PHP_AUTH_USER']] !=5) {...$message=json_encode(array("error"=>"777887", "text"=>"User permission error!"));...if($callback!=false) {....header('Content-Type: application/javascript;

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\xml\index.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text, with very long lines
Category:	dropped
Size (bytes):	11894
Entropy (8bit):	5.417214719267947
Encrypted:	false
SSDEEP:	192:6ni+KcC2kKLjsJIPIy2XZJIPrAKBF/NO88K3asK3ZoUDZkfk0YZQ0wPdYFf/sY:6MNKw6Iys6rdNuK3pK3ZHB0Y60wPdMx
MD5:	26AFD2ABE75EAD08D9581E6BD5B3F0D3
SHA1:	3BC6F6E334CA7B9005C4BC45300ACB2B0116670F
SHA-256:	037CAE6620C7AA946D7FE6786840C5403FE0E638726A230B85D9FA86E0D52C03
SHA-512:	9E5B854A04D12B5CC4B45243A1736B711CF6943AA9286CF0985B9FD5BBE376CFBC637A412BE727225077BFF9204ABD41E337CBB0D9369BE7C97EE563599D2AE7
Malicious:	false
Preview:	<?php..$accessHelper=json_decode(file_get_contents("/etc/allnetenv/accessHelper.json"), true);..#echo (all_shm_get_version());..extract($_GET,EXTR_PREFIX_SAME, "g");..if(!isset($mode)) {...$url="http://";...if(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"]=="on") {....$url="https://";...}...$url.=$_SERVER["SERVER_ADDR"];...echo "<!DOCTYPE html>";...echo "<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" /><title>XML</title><head><body>";...echo "<pre style=\"font-size: 16px; font-weight: bold;\">XML Help<br /><br /></pre>";...echo "<pre>".$url."/xml?mode=&type=&id=&action=*<br /><br />";...echo "Parameter<br />=========<br /><br />";...echo " without: This help screen<br/><br/>";...echo " mode: possible values actor, sensor, info<br />";...echo " type: list/switch<br />";...echo " id: actor/sensor ID (optional)<br />";...echo "***action: 0/1 (optional)<br /></body><html>";...die();..} else {...if(! $accessHelper['remoteContro

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\xml\json.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text, with very long lines
Category:	dropped
Size (bytes):	13512
Entropy (8bit):	5.3767702366596595
Encrypted:	false
SSDEEP:	384:7xTt45e0jOXdo+3YKHpYpNo+3kKHpS7TZENKXKKV+u:7xTt45e0jOtosYKHpYpNoskKHpIENKX1
MD5:	214ACEAC0D27C40728A2D6CA0E195062
SHA1:	AEEB4D41E595451995E9A85564A2C038C2E219D4
SHA-256:	9AF8C53FD2D7E72F0AA25BE7B57DA788FA599C2BDD2213F86E647A0A8266E44B
SHA-512:	E10F5711E5BCADA64BA3DDB7C05B05585B9635ED7394CC8CFC9408668816BD98817DA27C835C0A15FE2E98DA24A45AECDA7AABB30244BA45D605482A8A075D58
Malicious:	false
Preview:	<?php.$db = new PDO('sqlite:/etc/allnetenv/config.s3db', '', '');.$callback = false;.$accessHelper=json_decode(file_get_contents("/etc/allnetenv/accessHelper.json"), true);.if (isset($_GET["callback"]) && !empty($_GET["callback"]) && !is_numeric($_GET["callback"]) ) {..$callback = $_GET["callback"];.}.if(! $accessHelper['remoteControl']['enabled']) {..$message=json_encode(array("error"=>"777994", "text"=>"Remote control functionality not activated!"));..if($callback!=false) {...header('Content-Type: application/javascript; charset=utf8');...$error=$callback."(".$message.")";..} else {...header('Content-Type: application/json; charset=utf8');...$error=$message;..}..die($error);.}.if( count($accessHelper['remoteControl']['users']) > 0) {..if(!isset($accessHelper['remoteControl']['users'][$_SERVER['PHP_AUTH_USER']]) \|\| ($accessHelper['remoteControl']['users'][$_SERVER['PHP_AUTH_USER']]!=1 && $accessHelper['remoteControl']['users'][$_SERVER['PHP_AUTH_USER']]!=5)) {...$message=json_encode(a

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\www\xml\jsonswitch.php Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	PHP script, ASCII text
Category:	dropped
Size (bytes):	4661
Entropy (8bit):	5.374397234205527
Encrypted:	false
SSDEEP:	96:YdZ1+R+M4QzFwWux1dhbrzddSx1s676hk/SvFvuvBPhRAs9T:Ydnywdx1dhbrzddSs676hISJupPYs9T
MD5:	6DBEF1AB893AA4CF1039F7135253A127
SHA1:	7D2BFC3989E78679990B1422061F0850A7E639AE
SHA-256:	9C9DF5ECEB0717193CD1E71026106F78D0D032AB4EEE19DF9B8C8439FD300F1F
SHA-512:	116D37422C262CD12F5E4C25FCA3CF8C75099A504D23BF900946DC50ABF7865DEAB86891B7DA468719B024AA5E26D8EB8D566061512C89FA90075ADFA855F97F
Malicious:	false
Preview:	<?php.$callback = false;.$accessHelper=json_decode(file_get_contents("/etc/allnetenv/accessHelper.json"), true);.if (isset($_GET["callback"]) && !empty($_GET["callback"]) && !is_numeric($_GET["callback"]) ) {..$callback = $_GET["callback"];.}.if(! $accessHelper['remoteControl']['enabled']) {..$message=json_encode(array("error"=>"777994", "text"=>"Remote control functionality not activated!"));..if($callback!=false) {...header('Content-Type: application/javascript; charset=utf8');...$error=$callback."(".$message.")";..} else {...header('Content-Type: application/json; charset=utf8');...$error=$message;..}..die($error);.}.if( count($accessHelper['remoteControl']['users']) > 0) {..if( !isset($accessHelper['remoteControl']['users']) \|\| $accessHelper['remoteControl']['users'][$_SERVER['PHP_AUTH_USER']]!=5 ) {...$message=json_encode(array("error"=>"777887", "text"=>"User permission error!"));...if($callback!=false) {....header('Content-Type: application/javascript; charset=utf8');....$error=

C:\Users\user\AppData\Local\Temp\IXP000.TMP\patchfiles\wwwuser\.usermenu.json Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	208
Entropy (8bit):	4.111981516607453
Encrypted:	false
SSDEEP:	3:KoN+XHzVAgpvEdJOAdRpG2JHg4HUHvNkvs3jXHzVAgpvEdJOAdRpG2JHg4HUHvNb:KoN+jqKaZAPEs3jjqKaZAPp
MD5:	E4A3B0DD67B1D2341FF6C49D21D7FC6E
SHA1:	F0A29407EF4A1B6FA33B399AC62EECCA48B7EE17
SHA-256:	A0827694B037F71BAF0FDC81AD31B363E99D012B6FDC2B549856F9A1742D80AE
SHA-512:	78699C68525B2F6C1E59665CA888A6E2D70CA672DCA96D84EF631BE719418AC2ED95A02356AC7421C8A0F33C0BDC5EC2480F2148148DDCBD1AB71A687610EB63
Malicious:	false
Preview:	{.."1":{..."entry":null,..."value":"filename",..."text":"MenuText",..."activ":"1",..."security":"1"...},.."2":{..."entry":null,..."value":"filename",..."text":"MenuText",..."activ":"1",..."security":"1"...}.}

C:\Users\user\AppData\Local\Temp\IXP000.TMP\plink.exe Download File
Process:	C:\Users\user\Desktop\$RDPLVFM.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	311296
Entropy (8bit):	6.647175830447887
Encrypted:	false
SSDEEP:	6144:bU+kZmuBc5tF/LdiZ/xCJkQbvy5XVkmZyTJS1xvnLgmbEB968l0WoABqzMoRXZWs:bUBZmewtxLE/kJkcvxEtzyB968lEFZ
MD5:	E28D03ECEC9D55339D661838AA453DE9
SHA1:	45574CB5330333A583ABA10E045901E4D1A92F12
SHA-256:	FE465E89B87DFB17441053149133E0413DAFEA81EA36FA3CAACA3A72445BC475
SHA-512:	67A80771977D4F8DBF67A836D14642065E7E5A5427B94176791FA4D4C61B3DAB369C476C6D3B7CF9FCF13A71A5F1BA987F30045CC8365505F122E61CB72CCD76
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F}A.(.A.(.A.(.R.A.C.(.D.H.C.(.D.'.[.(.R.u.C.(..u.D.(.A.).;.(.D.w..(...v.@.(.D.r.@.(.RichA.(.........PE..L......R.................`...p...............p....@..........................................................................r..P...................................................................@r..H............p...............................text....Y.......`.................. ..`.rdata.......p.......p..............@..@.data....4....... ..................@....rsrc............ ..................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\pscp.exe Download File
Process:	C:\Users\user\Desktop\$RDPLVFM.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	323584
Entropy (8bit):	6.667580061412724
Encrypted:	false
SSDEEP:	6144:ysIj7VLvhsKVlpKxLJm437yoy45JMp/uKSGafAq4eW+AfqTMy2mZz:sj7sKrpKxtmky4pKS7fAq4gjZ
MD5:	FA426E8CD39C44B50029F13C0BD645A1
SHA1:	D20AEB2CBD14060299E3ABF170A92366E25D6FA4
SHA-256:	DA7C50CBC296291199CF6A5FC02D2133607EAF5AA4AC1977562EFC429E7442AA
SHA-512:	4BA3E4331646C2118B6963C0E7F39F46699C4A61B738B3B015BEDB3DCDABA0729D45E8286D7791ED4AA96FE50E4AC4F4346C02AE4B753615DBE894BEC97B2CC5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4.Gmpu)>pu)>pu)>c}@>ru)>uyI>ru)>uy&>ku)>c}t>ru)>.}t>uu)>pu(>.u)>uyv>.u)>.~w>qu)>uys>qu)>Richpu)>........................PE..L......R.....................p....................@.........................................................................h...P.......................................................................H............................................text............................... ..`.rdata..............................@..@.data...D7....... ..................@....rsrc............ ..................@..@........................................................................................................................................................................................................................................................................................................................................................

\Device\ConDrv Download File
Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
File Type:	ASCII text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	1007
Entropy (8bit):	4.1861014601210425
Encrypted:	false
SSDEEP:	24:ppj9wXKCTYd20UaEKuEtl2t+C/4TjAI4dt:3qVsULKuEb6wTfmt
MD5:	7966023C067A458F0A80E2CA7B584773
SHA1:	FBA48BC9E26F706C91EC29EAB02C6C8532684120
SHA-256:	1F92174E10C3DEE7A9D285672F3DD3EA64C301A12B1284FBAAAC98BB772CA487
SHA-512:	9BE334017C09F7E6D8C569FF3DE9B04CB4B210F2B0BB8E236A0ABAC71D2110454E4F265A6A4FBDCE4F609DE7FB0F9B68D2E153E48D7144072ACA9DE14FF294FD
Malicious:	false
Preview:	..7-Zip (a) 17.01 beta (x86) : Copyright (c) 1999-2017 Igor Pavlov : 2017-08-28....Scanning the drive for archives:.. 0M Scan. .1 file, 7888797 bytes (7704 KiB)....Extracting archive: patchfiles.zip..--..Path = patchfiles.zip..Type = zip..Physical Size = 7888797.... 0%. . 2% 98 - patchfiles\etc\ssl\misc\c_name. . 20% 106 - patchfiles\usr\bin\php-cgi. . 39% 108 - patchfiles\usr\lib\libcrypto.so. . 53% 111. . 64% 148. . 75% 207. . 82% 293 - patchfiles\www\css\images\ui-bg_glass_55_cc7b10_1x400.png. . 87% 377. . 92% 447 - patchfiles\www\img\umts\75.png. . 94% 538 - patchfiles\www\script\allnet_menu.js. .Everything is Ok....Folders: 41..Files: 553..Size: 20969625..Compressed: 78

Static File Info

General
File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.995587254677891
TrID:	Win64 Executable GUI (202006/5) 77.37% InstallShield setup (43055/19) 16.49% Win64 Executable (generic) (12005/4) 4.60% Generic Win/DOS Executable (2004/3) 0.77% DOS Executable Generic (2002/1) 0.77%
File name:	$RDPLVFM.exe
File size:	7715840
MD5:	9cbcd1d8dae34cd6cc49460103e521c4
SHA1:	b07e7b15752e1e25dd1e9fd480cacd5f3a79c5de
SHA256:	a9497a467b5846d60f2c12a3fd03c4fce70e38a7237a916d93ee440048b9c59b
SHA512:	027ae3369b39511ea05c183d1e352a82faeb5d6fd1bea5e0279b18b74398c2f7459b065e98d70efea1aa08818f1e6bec1fee668ea2de1f779f66acd8eebb98d5
SSDEEP:	196608:XbQIxzZhXClfy4OD+c4xy8WjNTjLtMRg4EFTWZ1izOA0JlpJrLQw5:LQIxSlfmD+txyhNTHD4k61OwrLQ
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.k.............0.......0.......0.......0...............0.......0.......0.......Rich............PE..d................."......t.

File Icon


Icon Hash:	f8e0e4e8ecccc870

Static PE Info

General
Entrypoint:	0x1400079d0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Time Stamp:	0xE68AAE13 [Fri Jul 25 18:16:51 2092 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	10
OS Version Minor:	0
File Version Major:	10
File Version Minor:	0
Subsystem Version Major:	10
Subsystem Version Minor:	0
Import Hash:	f26f5bea701561745dea20a33c88cd5f

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F6A988B0A9Ch
dec eax
add esp, 28h
jmp 00007F6A988B0387h
int3
int3
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], edi
inc ecx
push esi
dec eax
sub esp, 000000B0h
and dword ptr [esp+20h], 00000000h
dec eax
lea ecx, dword ptr [esp+40h]
call dword ptr [000019E1h]
nop
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ebx, dword ptr [eax+08h]
xor edi, edi
xor eax, eax
dec eax
cmpxchg dword ptr [00005156h], ebx
je 00007F6A988B039Bh
dec eax
cmp eax, ebx
jne 00007F6A988B0389h
mov edi, 00000001h
jmp 00007F6A988B038Fh
mov ecx, 000003E8h
call dword ptr [000019A5h]
jmp 00007F6A988B035Ch
mov eax, dword ptr [0000513Dh]
cmp eax, 01h
jne 00007F6A988B038Ch
lea ecx, dword ptr [eax+1Eh]
call 00007F6A988B093Fh
jmp 00007F6A988B03EFh
mov eax, dword ptr [00005128h]
test eax, eax
jne 00007F6A988B03DBh
mov dword ptr [0000511Ah], 00000001h
dec esp
lea esi, dword ptr [00001C0Bh]
dec eax
lea ebx, dword ptr [00001BECh]
dec eax
mov dword ptr [esp+30h], ebx
mov dword ptr [esp+24h], eax
dec ecx
cmp ebx, esi
jnc 00007F6A988B03A7h
test eax, eax
jne 00007F6A988B03A7h
dec eax
cmp dword ptr [ebx], 00000000h
je 00007F6A988B0392h
dec eax
mov eax, dword ptr [ebx]
dec eax
mov ecx, dword ptr [00001B9Ah]
call ecx

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa248	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xf000	0x75130c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0xe000	0x438	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x761000	0x28	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x9a00	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x9010	0xf4	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9108	0x520	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x7380	0x7400	False	0.588025323276	zlib compressed data	6.24222952027	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x9000	0x22d8	0x2400	False	0.415364583333	data	4.73080854057	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xc000	0x1e80	0x400	False	0.3212890625	data	3.18897698451	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.pdata	0xe000	0x438	0x600	False	0.402994791667	data	3.29504233607	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xf000	0x752000	0x751400	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x761000	0x28	0x200	False	0.10546875	data	0.564179270361	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
AVI	0xfa10	0x2e1a	RIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bpp	English	United States
RT_ICON	0x1282c	0x668	data	English	United States
RT_ICON	0x12e94	0x2e8	dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2291109880, next used block 28872	English	United States
RT_ICON	0x1317c	0x1e8	data	English	United States
RT_ICON	0x13364	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x1348c	0xea8	data	English	United States
RT_ICON	0x14334	0x8a8	dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 15066613, next used block 15000828	English	United States
RT_ICON	0x14bdc	0x6c8	data	English	United States
RT_ICON	0x152a4	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x1580c	0xd9d2	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States
RT_ICON	0x231e0	0x25a8	data	English	United States
RT_ICON	0x25788	0x10a8	data	English	United States
RT_ICON	0x26830	0x988	data	English	United States
RT_ICON	0x271b8	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_DIALOG	0x27620	0x352	data	German	Germany
RT_DIALOG	0x27974	0x1ee	data	German	Germany
RT_DIALOG	0x27b64	0x17e	data	German	Germany
RT_DIALOG	0x27ce4	0x1e0	data	German	Germany
RT_DIALOG	0x27ec4	0x150	data	German	Germany
RT_DIALOG	0x28014	0x136	data	German	Germany
RT_STRING	0x2814c	0xd0	data	German	Germany
RT_STRING	0x2821c	0x6d2	data	German	Germany
RT_STRING	0x288f0	0x774	data	German	Germany
RT_STRING	0x29064	0x676	data	German	Germany
RT_STRING	0x296dc	0x4c0	data	German	Germany
RT_STRING	0x29b9c	0x426	data	German	Germany
RT_RCDATA	0x29fc4	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x29fcc	0x7351f6	Microsoft Cabinet archive data, 7557622 bytes, 9 files	German	Germany
RT_RCDATA	0x75f1c4	0x4	data	German	Germany
RT_RCDATA	0x75f1c8	0x24	data	German	Germany
RT_RCDATA	0x75f1ec	0x7	ASCII text, with no line terminators	German	Germany
RT_RCDATA	0x75f1f4	0x7	ASCII text, with no line terminators	German	Germany
RT_RCDATA	0x75f1fc	0x4	data	German	Germany
RT_RCDATA	0x75f200	0xa	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x75f20c	0x4	data	German	Germany
RT_RCDATA	0x75f210	0x1e	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x75f230	0x4	data	German	Germany
RT_RCDATA	0x75f234	0x13	ASCII text, with no line terminators	German	Germany
RT_RCDATA	0x75f248	0x7	ASCII text, with no line terminators	German	Germany
RT_RCDATA	0x75f250	0x7	ASCII text, with no line terminators	English	United States
RT_GROUP_ICON	0x75f258	0xbc	data	English	United States
RT_VERSION	0x75f314	0x410	data	German	Germany
RT_VERSION	0x75f724	0x400	data	English	United States
RT_MANIFEST	0x75fb24	0x7e6	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
ADVAPI32.dll	GetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
KERNEL32.dll	_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, LoadLibraryExA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, WaitForSingleObject, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, lstrcmpA, LocalAlloc, FindClose, FindNextFileA, GetCurrentProcess, FindFirstFileA, GetModuleFileNameA, GetShortPathNameA, Sleep, GetStartupInfoW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, GetTickCount, EnumResourceLanguagesA, GetDiskFreeSpaceA, MulDiv, ExpandEnvironmentStringsA
GDI32.dll	GetDeviceCaps
USER32.dll	ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetSystemMetrics, GetDlgItemTextA, CallWindowProcA, SetWindowTextA, MessageBoxA, SendDlgItemMessageA, SendMessageA, GetDlgItem, PeekMessageA, GetWindowLongPtrA, SetWindowLongPtrA, SetForegroundWindow, ReleaseDC, EnableWindow, CharNextA, LoadStringA, CharPrevA, EndDialog, MessageBeep, ExitWindowsEx, SetDlgItemTextA, CharUpperA, GetDesktopWindow, DialogBoxIndirectParamA
msvcrt.dll	?terminate@@YAXXZ, _commode, _fmode, _acmdln, __C_specific_handler, _initterm, __setusermatherr, _ismbblead, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, _XcptFilter, memcpy_s, _vsnprintf, memcpy, memset
COMCTL32.dll
Cabinet.dll
VERSION.dll	GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

Version Infos

Description	Data
LegalCopyright	Microsoft Corporation. Alle Rechte vorbehalten.
InternalName	Wextract
FileVersion	11.00.15063.0 (WinBuild.160101.0800)
CompanyName	Microsoft Corporation
ProductName	Internet Explorer
ProductVersion	11.00.15063.0
FileDescription	Win32 Cabinet Self-Extractor
OriginalFilename	WEXTRACT.EXE .MUI
Translation	0x0407 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
German	Germany

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: $RDPLVFM.exe PID: 7136 Parent PID: 6020

General

Start time:	23:29:54
Start date:	19/04/2021
Path:	C:\Users\user\Desktop\$RDPLVFM.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Desktop\$RDPLVFM.exe'
Imagebase:	0x7ff63c4b0000
File size:	7715840 bytes
MD5 hash:	9CBCD1D8DAE34CD6CC49460103E521C4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: 7za.exe PID: 6420 Parent PID: 7136

General

Start time:	23:29:55
Start date:	19/04/2021
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\7za.exe x -y patchfiles.zip
Imagebase:	0x400000
File size:	690688 bytes
MD5 hash:	0184E6EBE133EF41A8CC6EF98A263712
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, Metadefender, Browse Detection: 0%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: conhost.exe PID: 2804 Parent PID: 6420

General

Start time:	23:29:56
Start date:	19/04/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: alp.exe PID: 6752 Parent PID: 7136

General

Start time:	23:30:00
Start date:	19/04/2021
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\alp.exe
Imagebase:	0xef0000
File size:	985600 bytes
MD5 hash:	BF506999F29EAAB4910A08ED740C12FB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 8%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: rundll32.exe PID: 5940 Parent PID: 3424

General

Start time:	23:30:08
Start date:	19/04/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\system32\rundll32.exe' C:\Windows\system32\advpack.dll,DelNodeRunDLL32 'C:\Users\user\AppData\Local\Temp\IXP000.TMP\'
Imagebase:	0x7ff7e4720000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: $RDPLVFM.exe PID: 7136 Parent PID: 6020 $RDPLVFM.exeCOMMON

Executed Functions

Non-executed Functions

Function 00007FF63C4B80F0, Relevance: 9.0, APIs: 6, Instructions: 47timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF63C4B8120
GetCurrentProcessId.KERNEL32 ref: 00007FF63C4B812E
GetCurrentThreadId.KERNEL32 ref: 00007FF63C4B813A
GetTickCount.KERNEL32 ref: 00007FF63C4B8146
GetTickCount.KERNEL32 ref: 00007FF63C4B8156
QueryPerformanceCounter.KERNEL32 ref: 00007FF63C4B8171

Memory Dump Source

Source File: 00000000.00000002.1162167710.00007FF63C4B1000.00000020.00020000.sdmp, Offset: 00007FF63C4B0000, based on PE: true

Associated: 00000000.00000002.1162158596.00007FF63C4B0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1162179884.00007FF63C4B9000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1162189778.00007FF63C4BC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1162202823.00007FF63C4BE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63c4b0000_$RDPLVFM.jbxd

Similarity

API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 4104442557-0
Opcode ID: 4c25bf72bb1172fd2a2a47413b206cc6fae5158eabadf57bed358b0d2b3618fc
Instruction ID: 16d6440a41f93cf0e471a62193ac5983cab1ab9990fb8fa62b87afc8bfa34e49
Opcode Fuzzy Hash: 4c25bf72bb1172fd2a2a47413b206cc6fae5158eabadf57bed358b0d2b3618fc
Instruction Fuzzy Hash: 5B111722A08F418AEB008F70E8452A833F4FB1975CF410A31FAAD83B95DF7CD1A49340

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 7za.exe PID: 6420 Parent PID: 7136 7za.exeCOMMON

Execution Graph

Execution Coverage:	7.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	90

Executed Functions

Function 00408598, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 55
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(00000020,?,00000002,00000000,?,?,00000000), ref: 004085AE
OpenProcessToken.ADVAPI32(00000000), ref: 004085B5
LookupPrivilegeValueW.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 004085C7
AdjustTokenPrivileges.KERNELBASE(?,00000000,?), ref: 004085ED
GetLastError.KERNEL32 ref: 004085F7
FindCloseChangeNotification.KERNELBASE(?), ref: 0040860D

Strings

SeRestorePrivilege, xrefs: 004085C3

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ProcessToken$AdjustChangeCloseCurrentErrorFindLastLookupNotificationOpenPrivilegePrivilegesValue
String ID: SeRestorePrivilege
API String ID: 2838110999-1684392131
Opcode ID: b1b393b0f78fd461ce75dd3e625c990b31a036282c3419b60d49f73f353d6989
Instruction ID: dd324fc4e31d6eb314e8bb6ad0a910eaf62ef1c41033a7b31a5b0319a1c291eb
Opcode Fuzzy Hash: b1b393b0f78fd461ce75dd3e625c990b31a036282c3419b60d49f73f353d6989
Instruction Fuzzy Hash: 4F01D231A45218AFCB115BF1DC89AEF7F7CEF12300F140076E981E2190DA368609CBE8

Uniqueness

Uniqueness Score: -1.00%

Function 0041A004, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 0041A009
GetCurrentProcess.KERNEL32(?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A01B
OpenProcessToken.ADVAPI32(00000000,00000028,?,?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A032
LookupPrivilegeValueW.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 0041A054
AdjustTokenPrivileges.KERNELBASE(?,00000000,00000001,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A069
GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A073

Strings

SeSecurityPrivilege, xrefs: 0041A047

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorH_prologLastLookupOpenPrivilegePrivilegesValue
String ID: SeSecurityPrivilege
API String ID: 3475889169-2333288578
Opcode ID: cd18d1fb9b7752540c9bcfc61c3a824754b2929615f5ff8b233ecf2d6bbf0201
Instruction ID: d71cd068830a652235a55a1e4994bcb8d837e105a0efd94db1fd90e63fb4f6fa
Opcode Fuzzy Hash: cd18d1fb9b7752540c9bcfc61c3a824754b2929615f5ff8b233ecf2d6bbf0201
Instruction Fuzzy Hash: 601152B1941219AFDB119FA5CC859FEBBBCFF08344F10453AE411E2190D7744945CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041B079, Relevance: 12.1, APIs: 1, Strings: 5, Instructions: 1604COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041B07E

Part of subcall function 00403BE8: __EH_prolog.LIBCMT ref: 00403BED

Part of subcall function 00403BCF: wcscmp.MSVCRT ref: 00403BDA

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Part of subcall function 004096B4: __EH_prolog.LIBCMT ref: 004096B9

Part of subcall function 0041AD66: __EH_prolog.LIBCMT ref: 0041AD6B

Strings

Incorrect path, xrefs: 0041C07A
, xrefs: 0041C44A
Internal error for symbolic link file, xrefs: 0041C12B
\??\, xrefs: 0041B383
Dangerous link path was ignored, xrefs: 0041C00C

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$freewcscmp
String ID: $Dangerous link path was ignored$Incorrect path$Internal error for symbolic link file$\??\
API String ID: 197229272-287195178
Opcode ID: 5ebfef4e641953eeb09781d6e4548a06d4e28bff383032baf3a3dcacb2278653
Instruction ID: 338ddef776105af6c5c912892b8dc1cc06a120a107751740e88c6c40d30895b3
Opcode Fuzzy Hash: 5ebfef4e641953eeb09781d6e4548a06d4e28bff383032baf3a3dcacb2278653
Instruction Fuzzy Hash: F7D2BF31944249EFDF21EFA4C890AEEBBB1EF04304F14446FE446672A1DB38AD85DB59

Uniqueness

Uniqueness Score: -1.00%

Function 004559DF, Relevance: 7.4, APIs: 4, Instructions: 1406COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004559E4

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 73f974d437a6b9160170517841206b320758b8356e1612719acf8cb06c5de769
Instruction ID: cb34c16b5e4530bbc28dbe8b3bab53d0ca6d97a6317b042d8f2ee4ee7114c635
Opcode Fuzzy Hash: 73f974d437a6b9160170517841206b320758b8356e1612719acf8cb06c5de769
Instruction Fuzzy Hash: 00C2B070900248DFDF11DFA8C558BAEBBB4AF05305F19809AEC45AB392C778DE49CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0045B5AB, Relevance: 5.5, APIs: 3, Instructions: 981COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0045B5B0
memset.MSVCRT ref: 0045B6A8

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prologmemset
String ID:
API String ID: 3882205722-0
Opcode ID: 6711bd4e6d2cc7cb9a3075d4f5f6b7784c0052b6779db25a5bf342de5ef2c7dc
Instruction ID: a90d3a698982d76bb0f75a51d0d25fafaefbf497d37cb5d278e32076fc007e24
Opcode Fuzzy Hash: 6711bd4e6d2cc7cb9a3075d4f5f6b7784c0052b6779db25a5bf342de5ef2c7dc
Instruction Fuzzy Hash: 7F927E30900748CFCB25DFA9C480BAEBBF1FF44305F14459EE84697292D778A989CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00405FB7, Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00405FBC

Part of subcall function 00405F97: FindClose.KERNELBASE(00000000,?,00405FCF), ref: 00405FA2

FindFirstFileW.KERNELBASE(?,?,00000001,00000000), ref: 00405FF4
FindFirstFileW.KERNELBASE(?,?,00000000,00000001,00000000), ref: 0040602D

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: Find$FileFirst$CloseH_prolog
String ID:
API String ID: 3371352514-0
Opcode ID: ec421278ec7c367e6da9a8a8723f6daaab934d1be88d21849299b09ab2858e59
Instruction ID: 43fc2f5b33cd767c5e2236275dbcac84e231ff0047f5125826242746462bf632
Opcode Fuzzy Hash: ec421278ec7c367e6da9a8a8723f6daaab934d1be88d21849299b09ab2858e59
Instruction Fuzzy Hash: 5C11BE718002099BCB20EF64C8819EEB778EF40324F10467EE862772D1DB799E96DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00468500, Relevance: .8, Instructions: 764COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a2beda2381a89bdea735be40dc62be0363ddcadcc1fcff7a62633a96fde73fd
Instruction ID: 5f598396b474e64214ad12966786512489e03f3c3c1b0ac50ab872eae5fb9625
Opcode Fuzzy Hash: 9a2beda2381a89bdea735be40dc62be0363ddcadcc1fcff7a62633a96fde73fd
Instruction Fuzzy Hash: F8529F71204B458BD728CF29C59066AB7E2FF95308F148A2ED4DAC7741EB78F845CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00407D3F, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 8e442598d3306f98e37740fd8a6ac3c77933e9722488c918c16fed973b2e623a
Instruction ID: c2316f3727c6f6795063a4ea830683349bc076a37071c62504f3873170b3a66e
Opcode Fuzzy Hash: 8e442598d3306f98e37740fd8a6ac3c77933e9722488c918c16fed973b2e623a
Instruction Fuzzy Hash: 55D05E25D0C71415DF30553A50847BB87858FE2B38F04947FA455733C1C6BCAC87956B

Uniqueness

Uniqueness Score: -1.00%

Function 00438C35, Relevance: 56.7, APIs: 15, Strings: 17, Instructions: 691
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00438C35(intOrPtr* __ebx, void* __edi) {
				struct _IO_FILE** _t389;
				void* _t391;
				signed int _t392;
				intOrPtr* _t400;
				intOrPtr _t404;
				signed int _t409;
				signed int _t413;
				signed int _t422;
				signed int _t426;
				signed int _t434;
				signed int _t445;
				void* _t461;
				void* _t466;
				signed int _t467;
				void* _t469;
				struct _IO_FILE** _t474;
				void* _t478;
				void* _t492;
				void* _t500;
				signed int _t527;
				signed int _t540;
				signed int _t566;
				signed int _t575;
				struct _IO_FILE** _t577;
				signed int _t578;
				signed int _t589;
				signed int _t601;
				void* _t607;
				intOrPtr* _t614;
				signed int _t768;
				signed int _t781;
				void* _t799;
				void* _t808;
				struct _IO_FILE** _t811;
				signed int _t812;
				signed int _t815;
				struct _IO_FILE** _t817;
				signed int _t818;
				signed int _t819;
				void* _t820;

				_t808 = __edi;
				_t614 = __ebx;
				if( *((intOrPtr*)(_t820 - 0x338)) == 6) {
					 *((intOrPtr*)(_t820 - 0x44)) = 0;
					 *((intOrPtr*)(_t820 - 0x40)) = 0;
					 *((intOrPtr*)(_t820 - 0x3c)) = 0;
					 *((intOrPtr*)(_t820 - 0x50)) = 0;
					 *((intOrPtr*)(_t820 - 0x4c)) = 0;
					 *((intOrPtr*)(_t820 - 0x48)) = 0;
					__eflags =  *((char*)(_t820 - 0x355));
					_t614 = fputs;
					 *(_t820 - 4) = 0xb;
					if(__eflags == 0) {
						_push(0xc8);
						 *((intOrPtr*)(_t820 - 0x580)) = 0x499d98;
						E0043805A(_t820 - 0x570, __eflags);
						 *((intOrPtr*)(_t820 - 0x580)) = 0x499d90;
						_t389 =  *0x4aa8d0;
						asm("sbb ecx, ecx");
						 *(_t820 - 4) = 0xc;
						 *(_t820 - 0x57c) =  ~( *(_t820 - 0x353)) & _t389;
						 *(_t820 - 0x578) =  *0x4aa8d4;
						 *(_t820 - 0x4cc) =  *(_t820 - 0x18);
						__eflags = _t389;
						 *((intOrPtr*)(_t820 - 0x4c4)) =  *(_t820 - 0x14) - 1;
						if(_t389 != 0) {
							__eflags =  *(_t820 - 0x353);
							if( *(_t820 - 0x353) != 0) {
								fputs("Scanning the drive for archives:",  *_t389); // executed
								E00401EDC(_t389);
							}
						}
						 *((intOrPtr*)(_t820 - 0xc4)) = 0;
						 *((intOrPtr*)(_t820 - 0xc0)) = 0;
						 *((intOrPtr*)(_t820 - 0xbc)) = 0;
						 *((intOrPtr*)(_t820 - 0xb8)) = 0;
						 *((intOrPtr*)(_t820 - 0xb4)) = 0;
						 *((intOrPtr*)(_t820 - 0xb0)) = 0;
						 *((intOrPtr*)(_t820 - 0xac)) = 0;
						 *((intOrPtr*)(_t820 - 0xa8)) = 0;
						 *((intOrPtr*)(_t820 - 0xa4)) = 0;
						 *((intOrPtr*)(_t820 - 0xa0)) = 0;
						 *((intOrPtr*)(_t820 - 0x9c)) = 0;
						 *((intOrPtr*)(_t820 - 0x98)) = 0;
						E004344A4(_t820 - 0x580);
						_t391 = E00402BBE(_t820 - 0x6c);
						_push(_t820 - 0x580);
						_push(_t820 - 0xc4);
						_push(_t820 - 0x50);
						_push(_t820 - 0x44);
						_push(_t391);
						 *(_t820 - 4) = 0xd;
						_t392 = E00418134(_t614, _t820 - 0x304, 0, 0, __eflags); // executed
						 *(_t820 - 0x20) = _t392;
						 *(_t820 - 4) = 0xc;
						E00401CEB(_t392,  *((intOrPtr*)(_t820 - 0x6c)));
						__eflags =  *(_t820 - 0x4cc);
						if( *(_t820 - 0x4cc) != 0) {
							E0043B336(_t820 - 0x570, 0, 1); // executed
						}
						__eflags =  *(_t820 - 0x20);
						if( *(_t820 - 0x20) == 0) {
							__eflags =  *(_t820 - 0x353);
							if( *(_t820 - 0x353) != 0) {
								_push(_t820 - 0xc4); // executed
								E0043483B(_t820 - 0x580); // executed
							}
						}
						 *(_t820 - 4) = 0xb;
						L0043B29D(_t820 - 0x570);
						__eflags =  *(_t820 - 0x20);
						if( *(_t820 - 0x20) != 0) {
							L105:
							 *(_t820 - 4) = 0xa;
							E00419BF1(_t614, _t820 - 0x50);
							 *(_t820 - 4) = 7;
							E00419BF1(_t614, _t820 - 0x44);
							L106:
							if( *((char*)(_t820 - 0x317)) != 0 &&  *0x4aa8d0 != 0) {
								L0043A625();
							}
							E00401CEB(L0043A60A( *(_t820 - 0x20)),  *((intOrPtr*)(_t820 - 0x94)));
							 *(_t820 - 4) = 5;
							L0043F734(_t820 - 0x88);
							_t400 =  *((intOrPtr*)(_t820 - 0x38));
							 *(_t820 - 4) = 3;
							_t837 = _t400;
							if(_t400 != 0) {
								 *((intOrPtr*)( *_t400 + 8))(_t400);
							}
							 *(_t820 - 4) = 2;
							E004011BB(_t820 - 0x388);
							 *(_t820 - 4) =  *(_t820 - 4) & 0x00000000;
							E0043A9FE(_t614, _t820 - 0x35c, _t837); // executed
							 *(_t820 - 4) =  *(_t820 - 4) | 0xffffffff;
							E00419BF1(_t614, _t820 - 0x5c);
							_t404 =  *((intOrPtr*)(_t820 - 0x34));
							 *[fs:0x0] =  *((intOrPtr*)(_t820 - 0xc));
							return _t404;
						} else {
							L38:
							__eflags =  *(_t820 - 0xd);
							if( *(_t820 - 0xd) == 0) {
								_push(_t820 - 0x30);
								_push(_t820 - 0x28);
								_push(_t820 - 0x2e0);
								_push(_t820 - 0x324);
								_push(_t820 - 0x328);
								 *(_t820 - 0x28) = 0;
								_push( *((intOrPtr*)(_t820 - 0x318)));
								 *(_t820 - 0x24) = 0;
								 *(_t820 - 0x30) = 0;
								 *(_t820 - 0x2c) = 0;
								_push( *(_t820 - 0x353));
								_t409 =  *((intOrPtr*)( *((intOrPtr*)(_t820 - 0x350)))) + 0xc;
								__eflags = _t409;
								_push(_t409);
								_push( *((intOrPtr*)(_t820 - 0x2ae)));
								_push( *((intOrPtr*)(_t820 - 0x2b6)));
								_push(_t820 - 0x50);
								_push(_t820 - 0x44);
								_push( *((intOrPtr*)(_t820 - 0x355)));
								_push(_t820 - 0x94);
								_t413 = L004373F5( *((intOrPtr*)(_t820 - 0x38)), _t820 - 0x88, _t409);
								__eflags =  *(_t820 - 0x353);
								 *(_t820 - 0x20) = _t413;
								if( *(_t820 - 0x353) == 0) {
									L100:
									__eflags =  *(_t820 - 0x24);
									if( *(_t820 - 0x24) > 0) {
										L102:
										__eflags =  *(_t820 - 0x353);
										if( *(_t820 - 0x353) != 0) {
											E00401EDC(0x4aa610);
											 *_t614("Errors: ",  *0x4aa610);
											E00401EDC(E0040205A(0x4aa610,  *(_t820 - 0x28),  *(_t820 - 0x24)));
										}
										 *((intOrPtr*)(_t820 - 0x34)) = 2;
										goto L105;
									}
									__eflags =  *(_t820 - 0x28);
									if( *(_t820 - 0x28) <= 0) {
										goto L105;
									}
									goto L102;
								} else {
									__eflags =  *(_t820 - 0x2c);
									if( *(_t820 - 0x2c) > 0) {
										L99:
										E00401EDC(0x4aa610);
										 *_t614("Warnings: ",  *0x4aa610);
										E00401EDC(E0040205A(0x4aa610,  *(_t820 - 0x30),  *(_t820 - 0x2c)));
										goto L100;
									}
									__eflags =  *(_t820 - 0x30);
									if( *(_t820 - 0x30) <= 0) {
										goto L100;
									}
									goto L99;
								}
							}
							_push(0x178);
							_t422 = E00401CC4();
							 *(_t820 - 0x2c) = _t422;
							__eflags = _t422;
							 *(_t820 - 4) = 0xe;
							if(__eflags == 0) {
								_t815 = 0;
								__eflags = 0;
							} else {
								_t815 = E00439D65(_t422, __eflags);
							}
							__eflags = _t815;
							 *(_t820 - 4) = 0xb;
							 *(_t820 - 0x2c) = _t815;
							if(_t815 != 0) {
								 *((intOrPtr*)( *_t815 + 4))(_t815);
							}
							_t173 = _t815 + 0xe4; // 0xe4
							 *((char*)(_t815 + 0xe1)) =  *((intOrPtr*)(_t820 - 0x328));
							 *(_t820 - 4) = 0xf;
							L00402D61(_t173, _t820 - 0x324);
							_t426 = E00439EE4(_t815,  *0x4aa8d0,  *0x4aa8d4,  *(_t820 - 0x18));
							__eflags =  *((intOrPtr*)(_t820 - 0x40)) - 1;
							__eflags =  *(_t820 - 0x18);
							 *((char*)(_t815 + 0xe0)) = _t426 & 0xffffff00 |  *((intOrPtr*)(_t820 - 0x40)) - 0x00000001 > 0x00000000;
							 *((intOrPtr*)(_t815 + 0x170)) =  *((intOrPtr*)(_t820 - 0x154));
							 *(_t815 + 0x16c) =  *(_t820 - 0x1c);
							if(__eflags != 0) {
								_t540 =  *(_t820 - 0x14) - 1;
								__eflags = _t540;
								 *(_t815 + 0xc4) = _t540;
							}
							E00439985(_t820 - 0xc8, __eflags);
							 *(_t820 - 4) = 0x10;
							L0043AB17(_t820 - 0xc8, _t820 - 0x2d4);
							__eflags =  *((intOrPtr*)(_t820 - 0x338)) - 3;
							 *((char*)(_t820 - 0xa4)) =  *((intOrPtr*)(_t820 - 0x355));
							_t434 =  *((intOrPtr*)(_t820 - 0x352));
							 *(_t820 - 0xa2) = _t434;
							 *(_t820 - 0xa3) = _t434;
							 *((char*)(_t820 - 0xa1)) = _t434 & 0xffffff00 |  *((intOrPtr*)(_t820 - 0x338)) == 0x00000003;
							_push(_t820 - 0x2e0);
							E00419C77(_t820 - 0xa0);
							E00402BBE(_t820 - 0x6c);
							 *((intOrPtr*)(_t820 - 0x144)) = 0;
							 *((intOrPtr*)(_t820 - 0x140)) = 0;
							 *((intOrPtr*)(_t820 - 0x13c)) = 0;
							 *(_t820 - 0x148) = 0x4972e4;
							__eflags =  *(_t820 - 0x310);
							 *(_t820 - 4) = 0x12;
							 *(_t820 - 0x1c) = 0;
							if( *(_t820 - 0x310) != 0) {
								_t212 = _t820 - 0x148; // 0x4972e4
								_t213 = _t820 - 0x148; // 0x4972e4
								 *(_t820 - 0x1c) = _t212;
								_push(_t820 - 0x314);
								L0043A60A(E00426037(_t213));
								 *((intOrPtr*)(_t820 - 0x110)) = 0;
								 *((intOrPtr*)(_t820 - 0x10c)) = 0;
								 *((intOrPtr*)(_t820 - 0x118)) = 0;
								 *((intOrPtr*)(_t820 - 0x114)) = 0;
								 *((intOrPtr*)(_t820 - 0x120)) = 0;
								 *((intOrPtr*)(_t820 - 0x11c)) = 0;
								 *((intOrPtr*)(_t820 - 0x128)) = 0;
								 *((intOrPtr*)(_t820 - 0x124)) = 0;
								 *((intOrPtr*)(_t820 - 0x130)) = 0;
								 *((intOrPtr*)(_t820 - 0x12c)) = 0;
								 *((intOrPtr*)(_t820 - 0x138)) = 0;
								 *((intOrPtr*)(_t820 - 0x134)) = 0;
							}
							_push(_t820 - 0x100);
							_push(_t820 - 0x6c);
							_push( *(_t820 - 0x1c));
							_t232 = _t815 + 0x10; // 0x10
							_push(_t815);
							asm("sbb edx, edx");
							_push( ~_t815 & _t232);
							_push(_t820 - 0xc8);
							_push( *((intOrPtr*)( *((intOrPtr*)(_t820 - 0x350)))) + 0xc);
							_push(_t820 - 0x50);
							_push(_t820 - 0x44);
							_push(_t820 - 0x94); // executed
							_t445 = E00424B24( *((intOrPtr*)(_t820 - 0x38)), _t820 - 0x88); // executed
							__eflags =  *(_t815 + 0xbc);
							 *(_t820 - 0x20) = _t445;
							if( *(_t815 + 0xbc) != 0) {
								_t241 = _t815 + 0x18; // 0x18
								E0043B336(_t241, 0, 1);
							}
							__eflags =  *(_t820 - 0x68);
							if( *(_t820 - 0x68) != 0) {
								_t527 =  *0x4aa8d4; // 0x4aa608
								__eflags = _t527;
								if(_t527 != 0) {
									 *(_t820 - 0x14) = _t527;
									E00401EDC(_t527);
									fputs("ERROR:",  *( *(_t820 - 0x14)));
									E00401EDC( *(_t820 - 0x14));
									_push( *((intOrPtr*)(_t820 - 0x6c)));
									E00401EDC(E00401EEF( *(_t820 - 0x14)));
								}
								__eflags =  *(_t820 - 0x20);
								if( *(_t820 - 0x20) == 0) {
									 *(_t820 - 0x20) = 0x80004005;
								}
							}
							_t811 =  *0x4aa8d0; // 0x4aa610
							 *(_t820 - 0xd) =  *(_t820 - 0xd) & 0x00000000;
							__eflags = _t811;
							if(_t811 == 0) {
								L59:
								__eflags =  *(_t815 + 0x130) |  *(_t815 + 0x134);
								if(( *(_t815 + 0x130) |  *(_t815 + 0x134)) != 0) {
									__eflags = _t811;
									 *(_t820 - 0xd) = 1;
									if(_t811 != 0) {
										fputs("Can\'t open as archive: ",  *_t811);
										E00401EDC(E0040205A(_t811,  *(_t815 + 0x130),  *(_t815 + 0x134)));
									}
								}
								__eflags =  *(_t815 + 0x138) |  *(_t815 + 0x13c);
								if(( *(_t815 + 0x138) |  *(_t815 + 0x13c)) == 0) {
									L65:
									__eflags = _t811;
									if(_t811 != 0) {
										_t269 = _t815 + 0x140; // 0x140
										_t500 = _t269;
										__eflags =  *(_t815 + 0x140) |  *(_t500 + 4);
										if(( *(_t815 + 0x140) |  *(_t500 + 4)) != 0) {
											fputs("Archives with Warnings: ",  *_t811);
											_t271 = _t815 + 0x140; // 0x140
											E00401EDC(E0040205A(_t811,  *_t271,  *((intOrPtr*)(_t271 + 4))));
										}
										__eflags =  *(_t815 + 0x150) |  *(_t815 + 0x154);
										if(( *(_t815 + 0x150) |  *(_t815 + 0x154)) != 0) {
											E00401EDC(_t811);
											__eflags =  *(_t815 + 0x150) |  *(_t815 + 0x154);
											if(( *(_t815 + 0x150) |  *(_t815 + 0x154)) != 0) {
												fputs("Warnings: ",  *_t811);
												E00401EDC(E0040205A(_t811,  *(_t815 + 0x150),  *(_t815 + 0x154)));
											}
										}
									}
									goto L71;
								} else {
									__eflags = _t811;
									 *(_t820 - 0xd) = 1;
									if(_t811 == 0) {
										L71:
										__eflags =  *(_t815 + 0x148) |  *(_t815 + 0x14c);
										if(( *(_t815 + 0x148) |  *(_t815 + 0x14c)) == 0) {
											L75:
											__eflags =  *(_t820 - 0xd);
											if( *(_t820 - 0xd) == 0) {
												L77:
												__eflags = _t811;
												if(_t811 == 0) {
													L93:
													 *(_t820 - 4) = 0x11;
													E00401CEB(L00426C9A(_t614, _t820 - 0x144),  *((intOrPtr*)(_t820 - 0x6c)));
													 *(_t820 - 4) = 0x13;
													E00401CEB(L0043AC84(_t820 - 0xa0),  *((intOrPtr*)(_t820 - 0xbc)));
													__eflags = _t815;
													 *(_t820 - 4) = 0xb;
													if(_t815 != 0) {
														 *((intOrPtr*)( *_t815 + 8))(_t815);
													}
													goto L105;
												}
												__eflags =  *(_t815 + 0x138) |  *(_t815 + 0x13c);
												if(( *(_t815 + 0x138) |  *(_t815 + 0x13c)) != 0) {
													L91:
													E00401EDC(_t811);
													_t322 = _t815 + 0x158; // 0x158
													_t461 = _t322;
													__eflags =  *(_t815 + 0x158) |  *(_t461 + 4);
													if(( *(_t815 + 0x158) |  *(_t461 + 4)) != 0) {
														fputs("Sub items Errors: ",  *_t811);
														_t324 = _t815 + 0x158; // 0x158
														E00401EDC(E0040205A(_t811,  *_t324,  *((intOrPtr*)(_t324 + 4))));
													}
													goto L93;
												}
												_t291 = _t815 + 0x158; // 0x158
												_t466 = _t291;
												__eflags =  *(_t815 + 0x158) |  *(_t466 + 4);
												if(( *(_t815 + 0x158) |  *(_t466 + 4)) != 0) {
													goto L91;
												}
												__eflags =  *(_t820 - 0x20);
												if( *(_t820 - 0x20) != 0) {
													goto L93;
												}
												_t467 =  *(_t820 - 0xe0);
												__eflags = _t467 |  *(_t820 - 0xdc);
												if((_t467 |  *(_t820 - 0xdc)) != 0) {
													fputs("Folders: ",  *_t811); // executed
													_t492 = E0040205A(_t811,  *(_t820 - 0xe0),  *(_t820 - 0xdc)); // executed
													E00401EDC(_t492);
													_t467 =  *(_t820 - 0xe0);
												}
												__eflags =  *((intOrPtr*)(_t820 - 0xd8)) - 1;
												if( *((intOrPtr*)(_t820 - 0xd8)) != 1) {
													L87:
													fputs("Files: ",  *_t811); // executed
													_t469 = E0040205A(_t811,  *((intOrPtr*)(_t820 - 0xd8)),  *(_t820 - 0xd4)); // executed
													E00401EDC(_t469);
													__eflags =  *(_t820 - 0xd0) |  *(_t820 - 0xcc);
													if(( *(_t820 - 0xd0) |  *(_t820 - 0xcc)) != 0) {
														fputs("Alternate Streams: ",  *_t811);
														E00401EDC(E0040205A(_t811,  *(_t820 - 0xd0),  *(_t820 - 0xcc)));
														fputs("Alternate Streams Size: ",  *_t811);
														E00401EDC(E0040205A(_t811,  *((intOrPtr*)(_t820 - 0xf0)),  *((intOrPtr*)(_t820 - 0xec))));
													}
													goto L89;
												} else {
													__eflags =  *(_t820 - 0xd4);
													if( *(_t820 - 0xd4) != 0) {
														goto L87;
													}
													__eflags = _t467 |  *(_t820 - 0xdc);
													if((_t467 |  *(_t820 - 0xdc)) != 0) {
														goto L87;
													}
													__eflags =  *(_t820 - 0xd0) |  *(_t820 - 0xcc);
													if(( *(_t820 - 0xd0) |  *(_t820 - 0xcc)) == 0) {
														L89:
														fputs("Size:       ",  *_t811); // executed
														_t474 = E0040205A(_t811,  *((intOrPtr*)(_t820 - 0xf8)),  *((intOrPtr*)(_t820 - 0xf4))); // executed
														 *(_t820 - 0x24) = _t474;
														E00401EDC(_t474);
														fputs("Compressed: ",  *( *(_t820 - 0x24))); // executed
														_t478 = E0040205A( *(_t820 - 0x24),  *((intOrPtr*)(_t820 - 0xe8)),  *((intOrPtr*)(_t820 - 0xe4))); // executed
														E00401EDC(_t478);
														__eflags =  *(_t820 - 0x1c);
														if( *(_t820 - 0x1c) != 0) {
															E00401EDC(_t811);
															_t320 = _t820 - 0x148; // 0x4972e4
															E00436013(_t811, _t320);
														}
														goto L93;
													}
													goto L87;
												}
											}
											L76:
											 *((intOrPtr*)(_t820 - 0x34)) = 2;
											goto L77;
										}
										__eflags = _t811;
										 *(_t820 - 0xd) = 1;
										if(_t811 == 0) {
											goto L76;
										}
										E00401EDC(_t811);
										__eflags =  *(_t815 + 0x148) |  *(_t815 + 0x14c);
										if(( *(_t815 + 0x148) |  *(_t815 + 0x14c)) == 0) {
											goto L76;
										}
										fputs("Open Errors: ",  *_t811);
										E00401EDC(E0040205A(_t811,  *(_t815 + 0x148),  *(_t815 + 0x14c)));
										goto L75;
									}
									fputs("Archives with Errors: ",  *_t811);
									E00401EDC(E0040205A(_t811,  *(_t815 + 0x138),  *(_t815 + 0x13c)));
									goto L65;
								}
							} else {
								E00401EDC(_t811);
								__eflags =  *(_t815 + 0x11c);
								if( *(_t815 + 0x11c) > 0) {
									L58:
									fputs("Archives: ",  *_t811);
									_t254 = _t815 + 0x118; // 0x118
									E00401EDC(E0040205A(_t811,  *_t254,  *((intOrPtr*)(_t254 + 4))));
									fputs("OK archives: ",  *_t811);
									E00401EDC(E0040205A(_t811,  *((intOrPtr*)(_t815 + 0x128)),  *((intOrPtr*)(_t815 + 0x12c))));
									goto L59;
								}
								__eflags =  *((intOrPtr*)(_t815 + 0x118)) - 1;
								if( *((intOrPtr*)(_t815 + 0x118)) <= 1) {
									goto L59;
								}
								goto L58;
							}
						}
					}
					_push(_t820 - 0x2ec);
					E0040150C(_t820 - 0x44);
					_push(_t820 - 0x2ec);
					E0040150C(_t820 - 0x50);
					goto L38;
				}
				if(L00417BF1(_t820 - 0x338) == 0) {
					__eflags =  *((intOrPtr*)(_t820 - 0x338)) - 9;
					if(__eflags != 0) {
						_t799 = 7;
						E0043A1FC(_t799);
					} else {
						E0043A15B(_t820 - 0x4c0, __eflags);
						__eflags =  *(_t820 - 0x18) - __ebx;
						 *(_t820 - 4) = 0x18;
						if( *(_t820 - 0x18) != __ebx) {
							_t575 =  *(_t820 - 0x14) - 1;
							__eflags = _t575;
							 *(_t820 - 0x40c) = _t575;
						}
						_t812 =  *0x4aa8d4; // 0x4aa608
						_t817 =  *0x4aa8d0; // 0x4aa610
						L00427438(_t820 - 0x3dc);
						 *(_t820 - 0x414) =  *(_t820 - 0x18);
						 *((intOrPtr*)(_t820 - 0x3cc)) = _t614;
						 *(_t820 - 0x408) = _t817;
						 *(_t820 - 0x404) = _t812;
						 *((char*)(_t820 - 0x38f)) =  *(_t820 - 0x353);
						L00402541(_t820 - 0x6c);
						_push(_t820 - 0x4c0);
						_push(_t820 - 0x6c);
						 *(_t820 - 4) = 0x19;
						 *(_t820 - 0x20) = L00426607(_t820 - 0x350, _t820 - 0x18c, __eflags);
						E004399FA(_t820 - 0xb0, __eflags);
						 *(_t820 - 4) = 0x1a;
						L0040261F(_t820 - 0xac, _t820 - 0x6c);
						_t566 =  *0x4aa8d0; // 0x4aa610
						_t768 = _t566;
						__eflags = _t768 - _t614;
						if(_t768 == _t614) {
							_t768 =  *0x4aa8d4; // 0x4aa608
						}
						_push( *(_t820 - 0x353));
						_push(_t768);
						_push(_t566);
						_push(_t820 - 0xb0);
						asm("sbb edx, edx");
						 *((intOrPtr*)(_t820 - 0x34)) = E0043A341( *(_t820 - 0x20),  ~(_t820 - 0x4c0) & _t820 - 0x000004b8);
						 *(_t820 - 4) = 0x1b;
						E00401CEB(E00401CEB(E00419BF1(_t614, _t820 - 0xa0),  *((intOrPtr*)(_t820 - 0xac))),  *((intOrPtr*)(_t820 - 0x6c)));
						 *(_t820 - 4) = 7;
						E0043A1C9(_t614, _t820 - 0x4c0);
					}
					goto L106;
				} else {
					if( *((char*)(_t820 - 0x200)) != 0) {
						_t826 =  *((intOrPtr*)(_t820 - 0x1f8)) - __ebx;
						if( *((intOrPtr*)(_t820 - 0x1f8)) == __ebx) {
							L00402E5F(_t820 - 0x1fc, "7zCon.sfx");
						}
					}
					L00437FF3(_t820 - 0x5a0, _t826);
					_t577 =  *0x4aa8d0; // 0x4aa610
					_t818 =  *(_t820 - 0x18);
					 *(_t820 - 0x4e8) = _t577;
					_t578 =  *0x4aa8d4; // 0x4aa608
					 *(_t820 - 4) = 0x14;
					 *(_t820 - 0x4e4) = _t578;
					 *(_t820 - 0x4f4) = _t818;
					if( *((char*)(_t820 - 0x328)) == 0) {
						L8:
						_t15 = _t820 - 0xd;
						 *_t15 =  *(_t820 - 0xd) & 0x00000000;
						__eflags =  *_t15;
						L9:
						 *((char*)(_t820 - 0x4cf)) =  *(_t820 - 0xd);
						L00402D61(_t820 - 0x4cc, _t820 - 0x324);
						E00439FC4(_t820 - 0x4b8, _t828);
						 *((intOrPtr*)(_t820 - 0x3f0)) =  *((intOrPtr*)(_t820 - 0x154));
						 *(_t820 - 4) = 0x15;
						 *(_t820 - 0x3f4) =  *(_t820 - 0x1c);
						if(_t818 != _t614) {
							 *(_t820 - 0x404) =  *(_t820 - 0x14) - 1;
						}
						 *((char*)(_t820 - 0x3a0)) =  *(_t820 - 0xd);
						if( *((char*)(_t820 - 0x328)) == 0) {
							L14:
							_t34 = _t820 - 0x390;
							 *_t34 =  *(_t820 - 0x390) & 0x00000000;
							__eflags =  *_t34;
							L15:
							L00402D61(_t820 - 0x39c, _t820 - 0x324);
							_t819 =  *0x4aa8d4; // 0x4aa608
							 *((char*)(_t820 - 0x3f8)) =  *((intOrPtr*)(_t820 - 0x1e0));
							_t589 =  *0x4aa8d0; // 0x4aa610
							 *(_t820 - 0x2c) = _t589;
							L00427438(_t820 - 0x3d4);
							 *(_t820 - 0x400) =  *(_t820 - 0x2c);
							 *((intOrPtr*)(_t820 - 0x3c4)) = _t614;
							 *(_t820 - 0x3fc) = _t819;
							 *(_t820 - 0x40c) =  *(_t820 - 0x18);
							E004399FA(_t820 - 0x7c, _t832);
							_push(1);
							_push(_t820 - 0x4b8);
							_push(_t820 - 0x5a0);
							_push(_t820 - 0x7c);
							_push(_t820 - 0x2a4);
							_push(_t820 - 0x350);
							_push(_t820 - 0x334);
							 *(_t820 - 4) = 0x16;
							 *(_t820 - 0x20) = L0042F18F(_t808, _t820 - 0x88);
							if( *(_t820 - 0x40c) != _t614) {
								E0043B336(_t820 - 0x4b0, _t808, 1);
							}
							_t601 =  *0x4aa8d0; // 0x4aa610
							_t781 = _t601;
							if(_t781 == _t614) {
								_t781 =  *0x4aa8d4; // 0x4aa608
							}
							_push(1);
							_push(_t781);
							_push(_t601);
							_push(_t820 - 0x7c);
							asm("sbb edx, edx");
							 *((intOrPtr*)(_t820 - 0x34)) = E0043A341( *(_t820 - 0x20),  ~(_t820 - 0x4b8) & _t820 - 0x000004b0);
							 *(_t820 - 4) = 0x17;
							E00401CEB(E00419BF1(_t614, _t820 - 0x6c),  *((intOrPtr*)(_t820 - 0x78)));
							 *(_t820 - 4) = 0x14;
							_t607 = L0043AB5D(_t614, _t820 - 0x4b8);
							 *(_t820 - 4) = 7;
							E00401CEB(_t607,  *(_t820 - 0x4cc));
							L0043B29D(_t820 - 0x598);
							goto L106;
						}
						_t832 =  *((intOrPtr*)(_t820 - 0x320)) - _t614;
						if( *((intOrPtr*)(_t820 - 0x320)) != _t614) {
							goto L14;
						} else {
							 *(_t820 - 0x390) = 1;
							goto L15;
						}
					}
					_t828 =  *((intOrPtr*)(_t820 - 0x320)) - _t614;
					if( *((intOrPtr*)(_t820 - 0x320)) == _t614) {
						goto L8;
					} else {
						 *(_t820 - 0xd) = 1;
						goto L9;
					}
				}
			}

0x00438c35
0x00438c35
0x00438c3c
0x00438f9b
0x00438f9e
0x00438fa1
0x00438fa4
0x00438fa7
0x00438faa
0x00438fad
0x00438fb4
0x00438fba
0x00438fbe
0x00438fe3
0x00438fee
0x00438ff8
0x00438ffd
0x0043900d
0x00439014
0x00439016
0x0043901c
0x00439028
0x00439031
0x0043903b
0x0043903d
0x00439043
0x00439045
0x0043904c
0x00439057
0x0043905d
0x0043905d
0x0043904c
0x00439068
0x0043906e
0x00439074
0x0043907a
0x00439080
0x00439086
0x0043908c
0x00439092
0x00439098
0x0043909e
0x004390a4
0x004390aa
0x004390b0
0x004390b8
0x004390c5
0x004390cc
0x004390d0
0x004390d4
0x004390d5
0x004390dc
0x004390e0
0x004390e5
0x004390e8
0x004390ef
0x004390f4
0x004390fb
0x00439105
0x00439105
0x0043910a
0x0043910d
0x0043910f
0x00439116
0x00439124
0x00439125
0x00439125
0x00439116
0x00439130
0x00439134
0x00439139
0x0043913c
0x00439860
0x00439863
0x00439867
0x0043986f
0x00439873
0x00439878
0x0043987f
0x0043988a
0x0043988a
0x0043989d
0x004398a3
0x004398ad
0x004398b2
0x004398b5
0x004398b9
0x004398bb
0x004398c0
0x004398c0
0x004398c9
0x004398cd
0x004398d2
0x004398dc
0x004398e1
0x004398e8
0x004398ed
0x004398f6
0x004398fe
0x00439142
0x00439142
0x00439142
0x00439146
0x00439770
0x00439774
0x0043977b
0x00439782
0x00439789
0x0043978a
0x0043978d
0x00439793
0x00439796
0x00439799
0x0043979e
0x004397a4
0x004397a4
0x004397aa
0x004397ae
0x004397ba
0x004397c0
0x004397c4
0x004397cb
0x004397d1
0x004397d2
0x004397d7
0x004397de
0x004397e6
0x0043981c
0x0043981c
0x0043981f
0x00439826
0x00439826
0x0043982d
0x00439831
0x00439841
0x00439854
0x00439854
0x00439859
0x00000000
0x00439859
0x00439821
0x00439824
0x00000000
0x00000000
0x00000000
0x004397e8
0x004397e8
0x004397eb
0x004397f2
0x004397f4
0x00439804
0x00439817
0x00000000
0x00439817
0x004397ed
0x004397f0
0x00000000
0x00000000
0x00000000
0x004397f0
0x004397e6
0x0043914c
0x00439151
0x00439157
0x0043915a
0x0043915c
0x00439160
0x0043916d
0x0043916d
0x00439162
0x00439169
0x00439169
0x0043916f
0x00439171
0x00439175
0x00439178
0x0043917d
0x0043917d
0x00439186
0x0043918c
0x00439199
0x0043919d
0x004391b3
0x004391b8
0x004391bf
0x004391c2
0x004391ce
0x004391d7
0x004391dd
0x004391e2
0x004391e2
0x004391e3
0x004391e3
0x004391ef
0x00439201
0x00439205
0x00439210
0x00439217
0x0043921d
0x00439223
0x00439229
0x00439232
0x0043923e
0x00439245
0x0043924d
0x00439252
0x00439258
0x0043925e
0x00439264
0x0043926e
0x00439274
0x00439278
0x0043927b
0x0043927d
0x00439283
0x00439289
0x00439292
0x0043929a
0x0043929f
0x004392a5
0x004392ab
0x004392b1
0x004392b7
0x004392bd
0x004392c3
0x004392c9
0x004392cf
0x004392d5
0x004392db
0x004392e1
0x004392e1
0x004392f3
0x004392f9
0x004392fa
0x00439301
0x00439304
0x00439305
0x00439312
0x00439313
0x00439314
0x0043931b
0x00439325
0x0043932c
0x0043932d
0x00439332
0x00439338
0x0043933b
0x0043933f
0x00439342
0x00439342
0x00439347
0x0043934a
0x0043934c
0x00439351
0x00439353
0x00439357
0x0043935a
0x00439369
0x00439370
0x00439378
0x00439382
0x00439382
0x00439387
0x0043938a
0x0043938c
0x0043938c
0x0043938a
0x00439393
0x00439399
0x0043939d
0x0043939f
0x00439403
0x00439409
0x0043940f
0x00439411
0x00439413
0x00439417
0x00439420
0x00439439
0x00439439
0x00439417
0x00439444
0x0043944a
0x0043947d
0x0043947d
0x0043947f
0x00439487
0x00439487
0x0043948d
0x00439490
0x00439499
0x0043949c
0x004394b1
0x004394b1
0x004394bc
0x004394c2
0x004394c6
0x004394d1
0x004394d7
0x004394e0
0x004394f9
0x004394f9
0x004394d7
0x004394c2
0x00000000
0x0043944c
0x0043944c
0x0043944e
0x00439452
0x004394fe
0x00439504
0x0043950a
0x0043954e
0x0043954e
0x00439552
0x0043955b
0x0043955b
0x0043955d
0x0043971d
0x00439723
0x0043972f
0x0043973b
0x0043974a
0x0043974f
0x00439752
0x00439756
0x0043975f
0x0043975f
0x00000000
0x00439756
0x00439569
0x0043956f
0x004396e1
0x004396e3
0x004396ee
0x004396ee
0x004396f4
0x004396f7
0x00439700
0x00439703
0x00439718
0x00439718
0x00000000
0x004396f7
0x0043957b
0x0043957b
0x00439581
0x00439584
0x00000000
0x00000000
0x0043958a
0x0043958e
0x00000000
0x00000000
0x00439594
0x0043959c
0x004395a2
0x004395ab
0x004395bd
0x004395c4
0x004395c9
0x004395c9
0x004395cf
0x004395d6
0x004395f7
0x004395fe
0x00439610
0x00439617
0x00439622
0x00439628
0x00439631
0x0043964a
0x00439656
0x0043966f
0x0043966f
0x00000000
0x004395d8
0x004395d8
0x004395df
0x00000000
0x00000000
0x004395e1
0x004395e7
0x00000000
0x00000000
0x004395ef
0x004395f5
0x00439674
0x0043967b
0x0043968d
0x00439694
0x00439697
0x004396a6
0x004396b9
0x004396c0
0x004396c5
0x004396c9
0x004396cd
0x004396d2
0x004396da
0x004396da
0x00000000
0x004396c9
0x00000000
0x004395f5
0x004395d6
0x00439554
0x00439554
0x00000000
0x00439554
0x0043950c
0x0043950e
0x00439512
0x00000000
0x00000000
0x00439516
0x00439521
0x00439527
0x00000000
0x00000000
0x00439530
0x00439549
0x00000000
0x00439549
0x0043945f
0x00439478
0x00000000
0x00439478
0x004393a1
0x004393a3
0x004393a8
0x004393af
0x004393ba
0x004393c1
0x004393c4
0x004393d9
0x004393e5
0x004393fe
0x00000000
0x004393fe
0x004393b1
0x004393b8
0x00000000
0x00000000
0x00000000
0x004393b8
0x0043939f
0x0043913c
0x00438fc9
0x00438fca
0x00438fd8
0x00438fd9
0x00000000
0x00438fd9
0x00438c4f
0x00438e5f
0x00438e66
0x00438f8e
0x00438f8f
0x00438e6c
0x00438e72
0x00438e77
0x00438e7a
0x00438e7e
0x00438e83
0x00438e83
0x00438e84
0x00438e84
0x00438e8a
0x00438e90
0x00438e9c
0x00438ea7
0x00438eb3
0x00438eb9
0x00438ebf
0x00438ec5
0x00438ecb
0x00438edc
0x00438ee0
0x00438ee7
0x00438ef6
0x00438ef9
0x00438f08
0x00438f0c
0x00438f11
0x00438f16
0x00438f18
0x00438f1a
0x00438f1c
0x00438f1c
0x00438f22
0x00438f30
0x00438f34
0x00438f3b
0x00438f42
0x00438f4b
0x00438f54
0x00438f6b
0x00438f71
0x00438f7c
0x00438f7c
0x00000000
0x00438c55
0x00438c5c
0x00438c5e
0x00438c64
0x00438c71
0x00438c71
0x00438c64
0x00438c7c
0x00438c81
0x00438c86
0x00438c90
0x00438c96
0x00438c9b
0x00438c9f
0x00438ca5
0x00438cab
0x00438cbb
0x00438cbb
0x00438cbb
0x00438cbb
0x00438cbf
0x00438cc8
0x00438cd5
0x00438ce0
0x00438ced
0x00438cf6
0x00438cfa
0x00438d00
0x00438d06
0x00438d06
0x00438d16
0x00438d1c
0x00438d2f
0x00438d2f
0x00438d2f
0x00438d2f
0x00438d36
0x00438d43
0x00438d4e
0x00438d54
0x00438d5a
0x00438d65
0x00438d68
0x00438d73
0x00438d7c
0x00438d82
0x00438d88
0x00438d8e
0x00438d99
0x00438d9b
0x00438da2
0x00438da6
0x00438dad
0x00438db4
0x00438dbb
0x00438dc4
0x00438dd3
0x00438dd6
0x00438de0
0x00438de0
0x00438de5
0x00438dea
0x00438dee
0x00438df0
0x00438df0
0x00438df6
0x00438df8
0x00438dfc
0x00438e08
0x00438e0f
0x00438e18
0x00438e1e
0x00438e2a
0x00438e30
0x00438e3a
0x00438e3f
0x00438e49
0x00438e55
0x00000000
0x00438e55
0x00438d1e
0x00438d24
0x00000000
0x00438d26
0x00438d26
0x00000000
0x00438d26
0x00438d24
0x00438cad
0x00438cb3
0x00000000
0x00438cb5
0x00438cb5
0x00000000
0x00438cb5
0x00438cb3

Strings

Alternate Streams: , xrefs: 0043962C
Can't open as archive: , xrefs: 0043941B
Open Errors: , xrefs: 0043952B
Alternate Streams Size: , xrefs: 00439651
Size: , xrefs: 00439676
Files: , xrefs: 004395F9
rI, xrefs: 0043927D
Archives with Warnings: , xrefs: 00439494
OK archives: , xrefs: 004393E0
7zCon.sfx, xrefs: 00438C66
Archives: , xrefs: 004393BC
ERROR:, xrefs: 00439364
Sub items Errors: , xrefs: 004396FB
Folders: , xrefs: 004395A6
Compressed: , xrefs: 004396A1
Archives with Errors: , xrefs: 0043945A
Warnings: , xrefs: 004394DB

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$ExceptionThrow
String ID: 7zCon.sfx$Alternate Streams Size: $Alternate Streams: $Archives with Errors: $Archives with Warnings: $Archives: $Can't open as archive: $Compressed: $ERROR:$Files: $Folders: $OK archives: $Open Errors: $Size: $Sub items Errors: $Warnings: $rI
API String ID: 3665150552-467185354
Opcode ID: be527f1a525df075ca787c00c926670a80c02837ed2376d2291791b2317aecd6
Instruction ID: 98a38bd220f7c55e76e5ebce67de4ab1933277e04fffe4c9c0e922b059ffd238
Opcode Fuzzy Hash: be527f1a525df075ca787c00c926670a80c02837ed2376d2291791b2317aecd6
Instruction Fuzzy Hash: 1B627B309042589FDF25EBA5C885BEEFBB5AF48304F1440AFE04963291DB786E85CF19

Uniqueness

Uniqueness Score: -1.00%

Function 00439045, Relevance: 56.5, APIs: 15, Strings: 17, Instructions: 507
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 81%

			E00439045(struct _IO_FILE** __eax, intOrPtr* __ebx, signed int __edi) {
				void* _t258;
				intOrPtr _t259;
				intOrPtr* _t267;
				intOrPtr _t271;
				signed int _t276;
				intOrPtr _t280;
				signed int _t289;
				signed int _t301;
				intOrPtr _t312;
				void* _t328;
				signed int _t334;
				void* _t336;
				struct _IO_FILE** _t341;
				void* _t345;
				void* _t359;
				struct _IO_FILE** _t394;
				intOrPtr _t407;
				intOrPtr* _t416;
				signed int _t561;
				struct _IO_FILE** _t563;
				signed int _t566;
				struct _IO_FILE** _t567;
				void* _t568;
				intOrPtr _t581;

				_t561 = __edi;
				_t416 = __ebx;
				_t571 =  *((char*)(_t568 - 0x353));
				if( *((char*)(_t568 - 0x353)) != 0) {
					_t567 = __eax;
					fputs("Scanning the drive for archives:",  *__eax); // executed
					E00401EDC(_t567);
				}
				 *(_t568 - 0xc4) = _t561;
				 *(_t568 - 0xc0) = _t561;
				 *(_t568 - 0xbc) = _t561;
				 *(_t568 - 0xb8) = _t561;
				 *(_t568 - 0xb4) = _t561;
				 *(_t568 - 0xb0) = _t561;
				 *(_t568 - 0xac) = _t561;
				 *(_t568 - 0xa8) = _t561;
				 *(_t568 - 0xa4) = _t561;
				 *(_t568 - 0xa0) = _t561;
				 *(_t568 - 0x9c) = _t561;
				 *(_t568 - 0x98) = _t561;
				E004344A4(_t568 - 0x580);
				_t258 = E00402BBE(_t568 - 0x6c);
				_push(_t568 - 0x580);
				_push(_t568 - 0xc4);
				_push(_t568 - 0x50);
				_push(_t568 - 0x44);
				_push(_t258);
				 *(_t568 - 4) = 0xd;
				_t259 = E00418134(_t416, _t568 - 0x304, 0, _t561, _t571); // executed
				 *((intOrPtr*)(_t568 - 0x20)) = _t259;
				 *(_t568 - 4) = 0xc;
				E00401CEB(_t259,  *((intOrPtr*)(_t568 - 0x6c)));
				if( *((intOrPtr*)(_t568 - 0x4cc)) != _t561) {
					E0043B336(_t568 - 0x570, _t561, 1); // executed
				}
				if( *((intOrPtr*)(_t568 - 0x20)) == _t561 &&  *((char*)(_t568 - 0x353)) != 0) {
					_push(_t568 - 0xc4); // executed
					E0043483B(_t568 - 0x580); // executed
				}
				 *(_t568 - 4) = 0xb;
				L0043B29D(_t568 - 0x570);
				if( *((intOrPtr*)(_t568 - 0x20)) != _t561) {
					L75:
					 *(_t568 - 4) = 0xa;
					E00419BF1(_t416, _t568 - 0x50);
					 *(_t568 - 4) = 7;
					E00419BF1(_t416, _t568 - 0x44);
					if( *((char*)(_t568 - 0x317)) != 0 &&  *0x4aa8d0 != 0) {
						L0043A625();
					}
					E00401CEB(L0043A60A( *((intOrPtr*)(_t568 - 0x20))),  *((intOrPtr*)(_t568 - 0x94)));
					 *(_t568 - 4) = 5;
					L0043F734(_t568 - 0x88);
					_t267 =  *((intOrPtr*)(_t568 - 0x38));
					 *(_t568 - 4) = 3;
					_t617 = _t267;
					if(_t267 != 0) {
						 *((intOrPtr*)( *_t267 + 8))(_t267);
					}
					 *(_t568 - 4) = 2;
					E004011BB(_t568 - 0x388);
					 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
					E0043A9FE(_t416, _t568 - 0x35c, _t617); // executed
					 *(_t568 - 4) =  *(_t568 - 4) | 0xffffffff;
					E00419BF1(_t416, _t568 - 0x5c);
					_t271 =  *((intOrPtr*)(_t568 - 0x34));
					 *[fs:0x0] =  *((intOrPtr*)(_t568 - 0xc));
					return _t271;
				}
				if( *(_t568 - 0xd) == 0) {
					_push(_t568 - 0x30);
					_push(_t568 - 0x28);
					_push(_t568 - 0x2e0);
					_push(_t568 - 0x324);
					_push(_t568 - 0x328);
					 *(_t568 - 0x28) = _t561;
					_push( *((intOrPtr*)(_t568 - 0x318)));
					 *(_t568 - 0x24) = _t561;
					 *(_t568 - 0x30) = _t561;
					 *(_t568 - 0x2c) = _t561;
					_push( *((intOrPtr*)(_t568 - 0x353)));
					_t276 =  *((intOrPtr*)( *((intOrPtr*)(_t568 - 0x350)))) + 0xc;
					__eflags = _t276;
					_push(_t276);
					_push( *((intOrPtr*)(_t568 - 0x2ae)));
					_push( *((intOrPtr*)(_t568 - 0x2b6)));
					_push(_t568 - 0x50);
					_push(_t568 - 0x44);
					_push( *((intOrPtr*)(_t568 - 0x355)));
					_push(_t568 - 0x94);
					_t280 = L004373F5( *((intOrPtr*)(_t568 - 0x38)), _t568 - 0x88, _t276);
					__eflags =  *((char*)(_t568 - 0x353));
					 *((intOrPtr*)(_t568 - 0x20)) = _t280;
					if( *((char*)(_t568 - 0x353)) == 0) {
						L70:
						__eflags =  *(_t568 - 0x24) - _t561;
						if( *(_t568 - 0x24) > _t561) {
							L72:
							__eflags =  *((char*)(_t568 - 0x353));
							if( *((char*)(_t568 - 0x353)) != 0) {
								E00401EDC(0x4aa610);
								 *_t416("Errors: ",  *0x4aa610);
								E00401EDC(E0040205A(0x4aa610,  *(_t568 - 0x28),  *(_t568 - 0x24)));
							}
							 *((intOrPtr*)(_t568 - 0x34)) = 2;
							goto L75;
						}
						__eflags =  *(_t568 - 0x28) - _t561;
						if( *(_t568 - 0x28) <= _t561) {
							goto L75;
						}
						goto L72;
					} else {
						__eflags =  *(_t568 - 0x2c) - _t561;
						if( *(_t568 - 0x2c) > _t561) {
							L69:
							E00401EDC(0x4aa610);
							 *_t416("Warnings: ",  *0x4aa610);
							E00401EDC(E0040205A(0x4aa610,  *(_t568 - 0x30),  *(_t568 - 0x2c)));
							goto L70;
						}
						__eflags =  *(_t568 - 0x30) - _t561;
						if( *(_t568 - 0x30) <= _t561) {
							goto L70;
						}
						goto L69;
					}
				} else {
					_push(0x178);
					_t289 = E00401CC4();
					 *(_t568 - 0x2c) = _t289;
					_t577 = _t289 - _t561;
					 *(_t568 - 4) = 0xe;
					if(_t289 == _t561) {
						_t566 = 0;
						__eflags = 0;
					} else {
						_t566 = E00439D65(_t289, _t577);
					}
					 *(_t568 - 4) = 0xb;
					 *(_t568 - 0x2c) = _t566;
					if(_t566 != _t561) {
						 *((intOrPtr*)( *_t566 + 4))(_t566);
					}
					_t41 = _t566 + 0xe4; // 0xe4
					 *((char*)(_t566 + 0xe1)) =  *((intOrPtr*)(_t568 - 0x328));
					 *(_t568 - 4) = 0xf;
					L00402D61(_t41, _t568 - 0x324);
					 *((char*)(_t566 + 0xe0)) = E00439EE4(_t566,  *0x4aa8d0,  *0x4aa8d4,  *((intOrPtr*)(_t568 - 0x18))) & 0xffffff00 |  *((intOrPtr*)(_t568 - 0x40)) - 0x00000001 > 0x00000000;
					 *((intOrPtr*)(_t566 + 0x170)) =  *((intOrPtr*)(_t568 - 0x154));
					 *(_t566 + 0x16c) =  *(_t568 - 0x1c);
					if( *((intOrPtr*)(_t568 - 0x18)) != _t561) {
						_t407 =  *(_t568 - 0x14) - 1;
						_t581 = _t407;
						 *((intOrPtr*)(_t566 + 0xc4)) = _t407;
					}
					E00439985(_t568 - 0xc8, _t581);
					 *(_t568 - 4) = 0x10;
					L0043AB17(_t568 - 0xc8, _t568 - 0x2d4);
					 *(_t568 - 0xa4) =  *((intOrPtr*)(_t568 - 0x355));
					_t301 =  *((intOrPtr*)(_t568 - 0x352));
					 *(_t568 - 0xa2) = _t301;
					 *(_t568 - 0xa3) = _t301;
					 *((char*)(_t568 - 0xa1)) = _t301 & 0xffffff00 |  *((intOrPtr*)(_t568 - 0x338)) == 0x00000003;
					_push(_t568 - 0x2e0);
					E00419C77(_t568 - 0xa0);
					E00402BBE(_t568 - 0x6c);
					 *(_t568 - 0x144) = _t561;
					 *(_t568 - 0x140) = _t561;
					 *(_t568 - 0x13c) = _t561;
					 *(_t568 - 0x148) = 0x4972e4;
					 *(_t568 - 4) = 0x12;
					 *(_t568 - 0x1c) = _t561;
					if( *((intOrPtr*)(_t568 - 0x310)) != _t561) {
						_t80 = _t568 - 0x148; // 0x4972e4
						_t81 = _t568 - 0x148; // 0x4972e4
						 *(_t568 - 0x1c) = _t80;
						_push(_t568 - 0x314);
						L0043A60A(E00426037(_t81));
						 *(_t568 - 0x110) = _t561;
						 *(_t568 - 0x10c) = _t561;
						 *(_t568 - 0x118) = _t561;
						 *(_t568 - 0x114) = _t561;
						 *(_t568 - 0x120) = _t561;
						 *(_t568 - 0x11c) = _t561;
						 *(_t568 - 0x128) = _t561;
						 *(_t568 - 0x124) = _t561;
						 *(_t568 - 0x130) = _t561;
						 *(_t568 - 0x12c) = _t561;
						 *(_t568 - 0x138) = _t561;
						 *(_t568 - 0x134) = _t561;
					}
					_push(_t568 - 0x100);
					_push(_t568 - 0x6c);
					_push( *(_t568 - 0x1c));
					_t100 = _t566 + 0x10; // 0x10
					_push(_t566);
					asm("sbb edx, edx");
					_push( ~_t566 & _t100);
					_push(_t568 - 0xc8);
					_push( *((intOrPtr*)( *((intOrPtr*)(_t568 - 0x350)))) + 0xc);
					_push(_t568 - 0x50);
					_push(_t568 - 0x44);
					_push(_t568 - 0x94); // executed
					_t312 = E00424B24( *((intOrPtr*)(_t568 - 0x38)), _t568 - 0x88); // executed
					 *((intOrPtr*)(_t568 - 0x20)) = _t312;
					if( *((intOrPtr*)(_t566 + 0xbc)) != _t561) {
						_t109 = _t566 + 0x18; // 0x18
						E0043B336(_t109, _t561, 1);
					}
					if( *((intOrPtr*)(_t568 - 0x68)) != _t561) {
						_t394 =  *0x4aa8d4; // 0x4aa608
						if(_t394 != _t561) {
							 *(_t568 - 0x14) = _t394;
							E00401EDC(_t394);
							fputs("ERROR:",  *( *(_t568 - 0x14)));
							E00401EDC( *(_t568 - 0x14));
							_push( *((intOrPtr*)(_t568 - 0x6c)));
							E00401EDC(E00401EEF( *(_t568 - 0x14)));
						}
						if( *((intOrPtr*)(_t568 - 0x20)) == _t561) {
							 *((intOrPtr*)(_t568 - 0x20)) = 0x80004005;
						}
					}
					_t563 =  *0x4aa8d0; // 0x4aa610
					 *(_t568 - 0xd) =  *(_t568 - 0xd) & 0x00000000;
					if(_t563 != 0) {
						E00401EDC(_t563);
						if( *((intOrPtr*)(_t566 + 0x11c)) > 0 ||  *((intOrPtr*)(_t566 + 0x118)) > 1) {
							fputs("Archives: ",  *_t563);
							_t122 = _t566 + 0x118; // 0x118
							E00401EDC(E0040205A(_t563,  *_t122,  *((intOrPtr*)(_t122 + 4))));
							fputs("OK archives: ",  *_t563);
							E00401EDC(E0040205A(_t563,  *((intOrPtr*)(_t566 + 0x128)),  *((intOrPtr*)(_t566 + 0x12c))));
						}
					}
					if(( *(_t566 + 0x130) |  *(_t566 + 0x134)) != 0) {
						 *(_t568 - 0xd) = 1;
						if(_t563 != 0) {
							fputs("Can\'t open as archive: ",  *_t563);
							E00401EDC(E0040205A(_t563,  *(_t566 + 0x130),  *(_t566 + 0x134)));
						}
					}
					if(( *(_t566 + 0x138) |  *(_t566 + 0x13c)) == 0) {
						L35:
						if(_t563 != 0) {
							_t137 = _t566 + 0x140; // 0x140
							if(( *(_t566 + 0x140) |  *(_t137 + 4)) != 0) {
								fputs("Archives with Warnings: ",  *_t563);
								_t139 = _t566 + 0x140; // 0x140
								E00401EDC(E0040205A(_t563,  *_t139,  *((intOrPtr*)(_t139 + 4))));
							}
							if(( *(_t566 + 0x150) |  *(_t566 + 0x154)) != 0) {
								E00401EDC(_t563);
								if(( *(_t566 + 0x150) |  *(_t566 + 0x154)) != 0) {
									fputs("Warnings: ",  *_t563);
									E00401EDC(E0040205A(_t563,  *(_t566 + 0x150),  *(_t566 + 0x154)));
								}
							}
						}
						goto L41;
					} else {
						 *(_t568 - 0xd) = 1;
						if(_t563 == 0) {
							L41:
							if(( *(_t566 + 0x148) |  *(_t566 + 0x14c)) == 0) {
								L45:
								if( *(_t568 - 0xd) == 0) {
									L47:
									if(_t563 == 0) {
										L63:
										 *(_t568 - 4) = 0x11;
										E00401CEB(L00426C9A(_t416, _t568 - 0x144),  *((intOrPtr*)(_t568 - 0x6c)));
										 *(_t568 - 4) = 0x13;
										E00401CEB(L0043AC84(_t568 - 0xa0),  *(_t568 - 0xbc));
										 *(_t568 - 4) = 0xb;
										if(_t566 != 0) {
											 *((intOrPtr*)( *_t566 + 8))(_t566);
										}
										goto L75;
									}
									if(( *(_t566 + 0x138) |  *(_t566 + 0x13c)) != 0) {
										L61:
										E00401EDC(_t563);
										_t190 = _t566 + 0x158; // 0x158
										_t328 = _t190;
										__eflags =  *(_t566 + 0x158) |  *(_t328 + 4);
										if(( *(_t566 + 0x158) |  *(_t328 + 4)) != 0) {
											fputs("Sub items Errors: ",  *_t563);
											_t192 = _t566 + 0x158; // 0x158
											E00401EDC(E0040205A(_t563,  *_t192,  *((intOrPtr*)(_t192 + 4))));
										}
										goto L63;
									}
									_t159 = _t566 + 0x158; // 0x158
									if(( *(_t566 + 0x158) |  *(_t159 + 4)) != 0) {
										goto L61;
									}
									if( *((intOrPtr*)(_t568 - 0x20)) == 0) {
										_t334 =  *(_t568 - 0xe0);
										if((_t334 |  *(_t568 - 0xdc)) != 0) {
											fputs("Folders: ",  *_t563); // executed
											_t359 = E0040205A(_t563,  *(_t568 - 0xe0),  *(_t568 - 0xdc)); // executed
											E00401EDC(_t359);
											_t334 =  *(_t568 - 0xe0);
										}
										if( *((intOrPtr*)(_t568 - 0xd8)) != 1 ||  *((intOrPtr*)(_t568 - 0xd4)) != 0 || (_t334 |  *(_t568 - 0xdc)) != 0 || ( *(_t568 - 0xd0) |  *(_t568 - 0xcc)) != 0) {
											fputs("Files: ",  *_t563); // executed
											_t336 = E0040205A(_t563,  *((intOrPtr*)(_t568 - 0xd8)),  *((intOrPtr*)(_t568 - 0xd4))); // executed
											E00401EDC(_t336);
											if(( *(_t568 - 0xd0) |  *(_t568 - 0xcc)) != 0) {
												fputs("Alternate Streams: ",  *_t563);
												E00401EDC(E0040205A(_t563,  *(_t568 - 0xd0),  *(_t568 - 0xcc)));
												fputs("Alternate Streams Size: ",  *_t563);
												E00401EDC(E0040205A(_t563,  *((intOrPtr*)(_t568 - 0xf0)),  *((intOrPtr*)(_t568 - 0xec))));
											}
										}
										fputs("Size:       ",  *_t563); // executed
										_t341 = E0040205A(_t563,  *((intOrPtr*)(_t568 - 0xf8)),  *((intOrPtr*)(_t568 - 0xf4))); // executed
										 *(_t568 - 0x24) = _t341;
										E00401EDC(_t341);
										fputs("Compressed: ",  *( *(_t568 - 0x24))); // executed
										_t345 = E0040205A( *(_t568 - 0x24),  *((intOrPtr*)(_t568 - 0xe8)),  *((intOrPtr*)(_t568 - 0xe4))); // executed
										E00401EDC(_t345);
										if( *(_t568 - 0x1c) != 0) {
											E00401EDC(_t563);
											_t188 = _t568 - 0x148; // 0x4972e4
											E00436013(_t563, _t188);
										}
									}
									goto L63;
								}
								L46:
								 *((intOrPtr*)(_t568 - 0x34)) = 2;
								goto L47;
							}
							 *(_t568 - 0xd) = 1;
							if(_t563 == 0) {
								goto L46;
							}
							E00401EDC(_t563);
							if(( *(_t566 + 0x148) |  *(_t566 + 0x14c)) == 0) {
								goto L46;
							}
							fputs("Open Errors: ",  *_t563);
							E00401EDC(E0040205A(_t563,  *(_t566 + 0x148),  *(_t566 + 0x14c)));
							goto L45;
						}
						fputs("Archives with Errors: ",  *_t563);
						E00401EDC(E0040205A(_t563,  *(_t566 + 0x138),  *(_t566 + 0x13c)));
						goto L35;
					}
				}
			}

0x00439045
0x00439045
0x00439045
0x0043904c
0x0043904e
0x00439057
0x0043905d
0x0043905d
0x00439068
0x0043906e
0x00439074
0x0043907a
0x00439080
0x00439086
0x0043908c
0x00439092
0x00439098
0x0043909e
0x004390a4
0x004390aa
0x004390b0
0x004390b8
0x004390c5
0x004390cc
0x004390d0
0x004390d4
0x004390d5
0x004390dc
0x004390e0
0x004390e5
0x004390e8
0x004390ef
0x004390fb
0x00439105
0x00439105
0x0043910d
0x00439124
0x00439125
0x00439125
0x00439130
0x00439134
0x0043913c
0x00439860
0x00439863
0x00439867
0x0043986f
0x00439873
0x0043987f
0x0043988a
0x0043988a
0x0043989d
0x004398a3
0x004398ad
0x004398b2
0x004398b5
0x004398b9
0x004398bb
0x004398c0
0x004398c0
0x004398c9
0x004398cd
0x004398d2
0x004398dc
0x004398e1
0x004398e8
0x004398ed
0x004398f6
0x004398fe
0x004398fe
0x00439146
0x00439770
0x00439774
0x0043977b
0x00439782
0x00439789
0x0043978a
0x0043978d
0x00439793
0x00439796
0x00439799
0x0043979e
0x004397a4
0x004397a4
0x004397aa
0x004397ae
0x004397ba
0x004397c0
0x004397c4
0x004397cb
0x004397d1
0x004397d2
0x004397d7
0x004397de
0x004397e6
0x0043981c
0x0043981c
0x0043981f
0x00439826
0x00439826
0x0043982d
0x00439831
0x00439841
0x00439854
0x00439854
0x00439859
0x00000000
0x00439859
0x00439821
0x00439824
0x00000000
0x00000000
0x00000000
0x004397e8
0x004397e8
0x004397eb
0x004397f2
0x004397f4
0x00439804
0x00439817
0x00000000
0x00439817
0x004397ed
0x004397f0
0x00000000
0x00000000
0x00000000
0x004397f0
0x0043914c
0x0043914c
0x00439151
0x00439157
0x0043915a
0x0043915c
0x00439160
0x0043916d
0x0043916d
0x00439162
0x00439169
0x00439169
0x00439171
0x00439175
0x00439178
0x0043917d
0x0043917d
0x00439186
0x0043918c
0x00439199
0x0043919d
0x004391c2
0x004391ce
0x004391d7
0x004391dd
0x004391e2
0x004391e2
0x004391e3
0x004391e3
0x004391ef
0x00439201
0x00439205
0x00439217
0x0043921d
0x00439223
0x00439229
0x00439232
0x0043923e
0x00439245
0x0043924d
0x00439252
0x00439258
0x0043925e
0x00439264
0x00439274
0x00439278
0x0043927b
0x0043927d
0x00439283
0x00439289
0x00439292
0x0043929a
0x0043929f
0x004392a5
0x004392ab
0x004392b1
0x004392b7
0x004392bd
0x004392c3
0x004392c9
0x004392cf
0x004392d5
0x004392db
0x004392e1
0x004392e1
0x004392f3
0x004392f9
0x004392fa
0x00439301
0x00439304
0x00439305
0x00439312
0x00439313
0x00439314
0x0043931b
0x00439325
0x0043932c
0x0043932d
0x00439338
0x0043933b
0x0043933f
0x00439342
0x00439342
0x0043934a
0x0043934c
0x00439353
0x00439357
0x0043935a
0x00439369
0x00439370
0x00439378
0x00439382
0x00439382
0x0043938a
0x0043938c
0x0043938c
0x0043938a
0x00439393
0x00439399
0x0043939f
0x004393a3
0x004393af
0x004393c1
0x004393c4
0x004393d9
0x004393e5
0x004393fe
0x004393fe
0x004393af
0x0043940f
0x00439413
0x00439417
0x00439420
0x00439439
0x00439439
0x00439417
0x0043944a
0x0043947d
0x0043947f
0x00439487
0x00439490
0x00439499
0x0043949c
0x004394b1
0x004394b1
0x004394c2
0x004394c6
0x004394d7
0x004394e0
0x004394f9
0x004394f9
0x004394d7
0x004394c2
0x00000000
0x0043944c
0x0043944e
0x00439452
0x004394fe
0x0043950a
0x0043954e
0x00439552
0x0043955b
0x0043955d
0x0043971d
0x00439723
0x0043972f
0x0043973b
0x0043974a
0x00439752
0x00439756
0x0043975f
0x0043975f
0x00000000
0x00439756
0x0043956f
0x004396e1
0x004396e3
0x004396ee
0x004396ee
0x004396f4
0x004396f7
0x00439700
0x00439703
0x00439718
0x00439718
0x00000000
0x004396f7
0x0043957b
0x00439584
0x00000000
0x00000000
0x0043958e
0x00439594
0x004395a2
0x004395ab
0x004395bd
0x004395c4
0x004395c9
0x004395c9
0x004395d6
0x004395fe
0x00439610
0x00439617
0x00439628
0x00439631
0x0043964a
0x00439656
0x0043966f
0x0043966f
0x00439628
0x0043967b
0x0043968d
0x00439694
0x00439697
0x004396a6
0x004396b9
0x004396c0
0x004396c9
0x004396cd
0x004396d2
0x004396da
0x004396da
0x004396c9
0x00000000
0x0043958e
0x00439554
0x00439554
0x00000000
0x00439554
0x0043950e
0x00439512
0x00000000
0x00000000
0x00439516
0x00439527
0x00000000
0x00000000
0x00439530
0x00439549
0x00000000
0x00439549
0x0043945f
0x00439478
0x00000000
0x00439478
0x0043944a

APIs

fputs.MSVCRT(Scanning the drive for archives:), ref: 00439057

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

Strings

Alternate Streams: , xrefs: 0043962C
Can't open as archive: , xrefs: 0043941B
Open Errors: , xrefs: 0043952B
Alternate Streams Size: , xrefs: 00439651
Size: , xrefs: 00439676
Files: , xrefs: 004395F9
rI, xrefs: 0043927D
Archives with Warnings: , xrefs: 00439494
Scanning the drive for archives:, xrefs: 00439052
d!, xrefs: 00439134
OK archives: , xrefs: 004393E0
Archives: , xrefs: 004393BC
ERROR:, xrefs: 00439364
Folders: , xrefs: 004395A6
Compressed: , xrefs: 004396A1
Archives with Errors: , xrefs: 0043945A
Warnings: , xrefs: 004394DB

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputcfputs
String ID: Alternate Streams Size: $Alternate Streams: $Archives with Errors: $Archives with Warnings: $Archives: $Can't open as archive: $Compressed: $ERROR:$Files: $Folders: $OK archives: $Open Errors: $Scanning the drive for archives:$Size: $Warnings: $d!$rI
API String ID: 269475090-3957249142
Opcode ID: 4f40d1b83e38a9176d8dca4efbe21671ea0b5bb909c1536bfd9db5d87d56ec47
Instruction ID: c50c402b1f252961f89215a24744218e42169aead287b5156164bc41b86ec9cb
Opcode Fuzzy Hash: 4f40d1b83e38a9176d8dca4efbe21671ea0b5bb909c1536bfd9db5d87d56ec47
Instruction Fuzzy Hash: 1F2269319042589FDF25EBA5C845BEEFBB1AF48304F14409FE449632A1DBB86E84CF19

Uniqueness

Uniqueness Score: -1.00%

Function 00438600, Relevance: 40.8, APIs: 15, Strings: 8, Instructions: 511
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E00438600(char* __ebx, signed int __edi, signed int __esi) {
				signed int _t576;
				void* _t579;
				struct _IO_FILE** _t586;
				void* _t588;
				char* _t589;
				intOrPtr* _t597;
				char* _t601;
				signed char _t606;
				char* _t610;
				signed char _t619;
				signed int _t623;
				signed int _t631;
				char* _t642;
				void* _t658;
				void* _t663;
				signed int _t664;
				void* _t666;
				struct _IO_FILE** _t671;
				void* _t675;
				void* _t689;
				void* _t697;
				signed char _t724;
				signed char _t737;
				signed char _t750;
				struct _IO_FILE** _t763;
				signed char _t772;
				signed int _t774;
				struct _IO_FILE** _t775;
				signed int _t786;
				char* _t797;
				struct _IO_FILE** _t798;
				void* _t804;
				signed char _t809;
				signed int _t811;
				char* _t812;
				struct _IO_FILE** _t813;
				int _t818;
				signed int _t837;
				signed int _t843;
				void* _t871;
				struct _IO_FILE** _t875;
				signed char _t879;
				unsigned int _t880;
				unsigned int _t881;
				signed char _t882;
				signed int _t886;
				signed int _t904;
				signed char _t906;
				struct _IO_FILE** _t913;
				void* _t916;
				struct _IO_FILE** _t918;
				struct _IO_FILE** _t920;
				void* _t922;
				int _t928;
				void* _t934;
				struct _IO_FILE* _t935;
				struct _IO_FILE** _t1095;
				struct _IO_FILE** _t1108;
				signed char _t1180;
				signed int _t1189;
				void* _t1201;
				signed int _t1214;
				intOrPtr* _t1215;
				struct _IO_FILE** _t1218;
				struct _IO_FILE** _t1219;
				signed int _t1221;
				signed int _t1222;
				signed char _t1225;
				signed int _t1227;
				signed int _t1228;
				struct _IO_FILE** _t1229;
				void* _t1230;
				void* _t1232;
				void* _t1254;
				void* _t1277;
				void* _t1281;
				void* _t1283;

				_t1221 = __esi;
				_t1214 = __edi;
				_t932 = __ebx;
				L004765F0();
				 *0x4aa8cc = E00408598(L"SeLockMemoryPrivilege", 1);
				if( *(_t1230 - 0x353) != 0) {
					_t1189 =  *0x4aa8d0; // 0x4aa610
					E0043A24E(_t1189, 0);
				}
				E004183EF(_t932, _t1230 - 0x388, _t1214, _t1221, _t1230 - 0x35c);
				 *(_t1230 - 0x1c) = _t1214;
				if( *((intOrPtr*)(_t1230 - 0x154)) == _t932 ||  *((intOrPtr*)(_t1230 - 0x158)) !=  *((intOrPtr*)(_t1230 - 0x160))) {
					 *(_t1230 - 0x1c) = _t1221;
				}
				 *(_t1230 - 0x14) = 0x50;
				if( *(_t1230 - 0x18) != _t932) {
					_t928 = GetConsoleScreenBufferInfo(GetStdHandle(0xfffffff5), _t1230 - 0x78); // executed
					if(_t928 != 0) {
						 *(_t1230 - 0x14) =  *(_t1230 - 0x78);
					}
				}
				_push(0x18);
				_t576 = E00401CC4();
				 *(_t1230 - 0x2c) = _t576;
				 *(_t1230 - 4) = 4;
				if(_t576 == _t932) {
					_t1215 = 0;
					__eflags = 0;
				} else {
					_t1215 = E00439917(_t576);
				}
				_t1242 = _t1215 - _t932;
				 *((intOrPtr*)(_t1230 - 0x38)) = _t1215;
				 *(_t1230 - 4) = 3;
				 *((intOrPtr*)(_t1230 - 0x14c)) = _t1215;
				if(_t1215 != _t932) {
					 *((intOrPtr*)( *_t1215 + 4))(_t1215);
				}
				 *((char*)(_t1215 + 0x14)) =  *((intOrPtr*)(_t1230 - 0x35a));
				 *(_t1230 - 4) = 5;
				 *((char*)(_t1215 + 0x15)) =  *((intOrPtr*)(_t1230 - 0x359));
				_t579 = E00426FD7(_t1215, _t1242); // executed
				L0043A60A(_t579);
				 *(_t1230 - 0xd) = L00417BCD(_t1230 - 0x338);
				if( *((intOrPtr*)(_t1215 + 0xc)) != _t932) {
					L19:
					 *(_t1230 - 0x88) = _t932;
					 *(_t1230 - 0x84) = _t932;
					 *(_t1230 - 0x80) = _t932;
					_t1191 = _t1230 - 0x178;
					_push(_t1230 - 0x88);
					 *(_t1230 - 4) = 6;
					if(E0042D585(_t1215, _t1191, _t1246) == 0) {
						_t918 =  *0x498e3c; // 0x498e40
						_push(0x49d6e8);
						 *(_t1230 - 0x24) = _t918;
						_push(_t1230 - 0x24);
						L0048CCA2();
					}
					 *(_t1230 - 0x94) = _t932;
					 *(_t1230 - 0x90) = _t932;
					 *(_t1230 - 0x8c) = _t932;
					_t1222 = 0;
					 *(_t1230 - 4) = 7;
					if( *((intOrPtr*)(_t1230 - 0x168)) <= _t932) {
						L25:
						 *(_t1230 - 0x34) = _t932;
						 *(_t1230 - 0x20) = _t932;
						if( *((intOrPtr*)(_t1230 - 0x338)) != 8) {
							__eflags =  *((intOrPtr*)(_t1230 - 0x338)) - 7;
							if( *((intOrPtr*)(_t1230 - 0x338)) != 7) {
								__eflags =  *(_t1230 - 0xd);
								if( *(_t1230 - 0xd) != 0) {
									L106:
									 *(_t1230 - 0x44) = 0;
									 *((intOrPtr*)(_t1230 - 0x40)) = 0;
									 *((intOrPtr*)(_t1230 - 0x3c)) = 0;
									 *(_t1230 - 0x50) = 0;
									 *(_t1230 - 0x4c) = 0;
									 *(_t1230 - 0x48) = 0;
									__eflags =  *((char*)(_t1230 - 0x355));
									_t932 = fputs;
									 *(_t1230 - 4) = 0xb;
									if(__eflags == 0) {
										_push(0xc8);
										 *((intOrPtr*)(_t1230 - 0x580)) = 0x499d98;
										E0043805A(_t1230 - 0x570, __eflags);
										 *((intOrPtr*)(_t1230 - 0x580)) = 0x499d90;
										_t586 =  *0x4aa8d0;
										asm("sbb ecx, ecx");
										 *(_t1230 - 4) = 0xc;
										 *(_t1230 - 0x57c) =  ~( *(_t1230 - 0x353)) & _t586;
										 *(_t1230 - 0x578) =  *0x4aa8d4;
										 *(_t1230 - 0x4cc) =  *(_t1230 - 0x18);
										__eflags = _t586;
										 *((intOrPtr*)(_t1230 - 0x4c4)) =  *(_t1230 - 0x14) - 1;
										if(_t586 != 0) {
											__eflags =  *(_t1230 - 0x353);
											if( *(_t1230 - 0x353) != 0) {
												fputs("Scanning the drive for archives:",  *_t586); // executed
												E00401EDC(_t586);
											}
										}
										 *((intOrPtr*)(_t1230 - 0xc4)) = 0;
										 *((intOrPtr*)(_t1230 - 0xc0)) = 0;
										 *((intOrPtr*)(_t1230 - 0xbc)) = 0;
										 *((intOrPtr*)(_t1230 - 0xb8)) = 0;
										 *((intOrPtr*)(_t1230 - 0xb4)) = 0;
										 *((intOrPtr*)(_t1230 - 0xb0)) = 0;
										 *((intOrPtr*)(_t1230 - 0xac)) = 0;
										 *((intOrPtr*)(_t1230 - 0xa8)) = 0;
										 *((intOrPtr*)(_t1230 - 0xa4)) = 0;
										 *((intOrPtr*)(_t1230 - 0xa0)) = 0;
										 *((intOrPtr*)(_t1230 - 0x9c)) = 0;
										 *((intOrPtr*)(_t1230 - 0x98)) = 0;
										E004344A4(_t1230 - 0x580);
										_t588 = E00402BBE(_t1230 - 0x6c);
										_push(_t1230 - 0x580);
										_push(_t1230 - 0xc4);
										_push(_t1230 - 0x50);
										_push(_t1230 - 0x44);
										_push(_t588);
										 *(_t1230 - 4) = 0xd;
										_t589 = E00418134(_t932, _t1230 - 0x304, 0, 0, __eflags); // executed
										 *(_t1230 - 0x20) = _t589;
										 *(_t1230 - 4) = 0xc;
										E00401CEB(_t589,  *((intOrPtr*)(_t1230 - 0x6c)));
										__eflags =  *(_t1230 - 0x4cc);
										if( *(_t1230 - 0x4cc) != 0) {
											E0043B336(_t1230 - 0x570, 0, 1); // executed
										}
										__eflags =  *(_t1230 - 0x20);
										if( *(_t1230 - 0x20) == 0) {
											__eflags =  *(_t1230 - 0x353);
											if( *(_t1230 - 0x353) != 0) {
												_push(_t1230 - 0xc4); // executed
												E0043483B(_t1230 - 0x580); // executed
											}
										}
										 *(_t1230 - 4) = 0xb;
										L0043B29D(_t1230 - 0x570);
										__eflags =  *(_t1230 - 0x20);
										if( *(_t1230 - 0x20) != 0) {
											L184:
											 *(_t1230 - 4) = 0xa;
											E00419BF1(_t932, _t1230 - 0x50);
											 *(_t1230 - 4) = 7;
											E00419BF1(_t932, _t1230 - 0x44);
											goto L185;
										} else {
											L117:
											__eflags =  *(_t1230 - 0xd);
											if( *(_t1230 - 0xd) == 0) {
												_push(_t1230 - 0x30);
												_push(_t1230 - 0x28);
												_push(_t1230 - 0x2e0);
												_push(_t1230 - 0x324);
												_push(_t1230 - 0x328);
												 *(_t1230 - 0x28) = 0;
												_push( *((intOrPtr*)(_t1230 - 0x318)));
												 *(_t1230 - 0x24) = 0;
												 *(_t1230 - 0x30) = 0;
												 *(_t1230 - 0x2c) = 0;
												_push( *(_t1230 - 0x353));
												_t606 =  *((intOrPtr*)( *((intOrPtr*)(_t1230 - 0x350)))) + 0xc;
												__eflags = _t606;
												_push(_t606);
												_push( *((intOrPtr*)(_t1230 - 0x2ae)));
												_push( *((intOrPtr*)(_t1230 - 0x2b6)));
												_push(_t1230 - 0x50);
												_push(_t1230 - 0x44);
												_push( *((intOrPtr*)(_t1230 - 0x355)));
												_push(_t1230 - 0x94);
												_t610 = L004373F5( *((intOrPtr*)(_t1230 - 0x38)), _t1230 - 0x88, _t606);
												__eflags =  *(_t1230 - 0x353);
												 *(_t1230 - 0x20) = _t610;
												if( *(_t1230 - 0x353) == 0) {
													L179:
													__eflags =  *(_t1230 - 0x24);
													if( *(_t1230 - 0x24) > 0) {
														L181:
														__eflags =  *(_t1230 - 0x353);
														if( *(_t1230 - 0x353) != 0) {
															E00401EDC(0x4aa610);
															 *_t932("Errors: ",  *0x4aa610);
															E00401EDC(E0040205A(0x4aa610,  *(_t1230 - 0x28),  *(_t1230 - 0x24)));
														}
														 *(_t1230 - 0x34) = 2;
														goto L184;
													}
													__eflags =  *(_t1230 - 0x28);
													if( *(_t1230 - 0x28) <= 0) {
														goto L184;
													}
													goto L181;
												} else {
													__eflags =  *(_t1230 - 0x2c);
													if( *(_t1230 - 0x2c) > 0) {
														L178:
														E00401EDC(0x4aa610);
														 *_t932("Warnings: ",  *0x4aa610);
														E00401EDC(E0040205A(0x4aa610,  *(_t1230 - 0x30),  *(_t1230 - 0x2c)));
														goto L179;
													}
													__eflags =  *(_t1230 - 0x30);
													if( *(_t1230 - 0x30) <= 0) {
														goto L179;
													}
													goto L178;
												}
											}
											_push(0x178);
											_t619 = E00401CC4();
											 *(_t1230 - 0x2c) = _t619;
											__eflags = _t619;
											 *(_t1230 - 4) = 0xe;
											if(__eflags == 0) {
												_t1225 = 0;
												__eflags = 0;
											} else {
												_t1225 = E00439D65(_t619, __eflags);
											}
											__eflags = _t1225;
											 *(_t1230 - 4) = 0xb;
											 *(_t1230 - 0x2c) = _t1225;
											if(_t1225 != 0) {
												 *((intOrPtr*)( *_t1225 + 4))(_t1225);
											}
											_t357 = _t1225 + 0xe4; // 0xe4
											 *((char*)(_t1225 + 0xe1)) =  *((intOrPtr*)(_t1230 - 0x328));
											 *(_t1230 - 4) = 0xf;
											L00402D61(_t357, _t1230 - 0x324);
											_t623 = E00439EE4(_t1225,  *0x4aa8d0,  *0x4aa8d4,  *(_t1230 - 0x18));
											__eflags =  *((intOrPtr*)(_t1230 - 0x40)) - 1;
											__eflags =  *(_t1230 - 0x18);
											 *((char*)(_t1225 + 0xe0)) = _t623 & 0xffffff00 |  *((intOrPtr*)(_t1230 - 0x40)) - 0x00000001 > 0x00000000;
											 *((intOrPtr*)(_t1225 + 0x170)) =  *((intOrPtr*)(_t1230 - 0x154));
											 *(_t1225 + 0x16c) =  *(_t1230 - 0x1c);
											if(__eflags != 0) {
												_t737 =  *(_t1230 - 0x14) - 1;
												__eflags = _t737;
												 *(_t1225 + 0xc4) = _t737;
											}
											E00439985(_t1230 - 0xc8, __eflags);
											 *(_t1230 - 4) = 0x10;
											L0043AB17(_t1230 - 0xc8, _t1230 - 0x2d4);
											__eflags =  *((intOrPtr*)(_t1230 - 0x338)) - 3;
											 *((char*)(_t1230 - 0xa4)) =  *((intOrPtr*)(_t1230 - 0x355));
											_t631 =  *((intOrPtr*)(_t1230 - 0x352));
											 *(_t1230 - 0xa2) = _t631;
											 *(_t1230 - 0xa3) = _t631;
											 *((char*)(_t1230 - 0xa1)) = _t631 & 0xffffff00 |  *((intOrPtr*)(_t1230 - 0x338)) == 0x00000003;
											_push(_t1230 - 0x2e0);
											E00419C77(_t1230 - 0xa0);
											E00402BBE(_t1230 - 0x6c);
											 *((intOrPtr*)(_t1230 - 0x144)) = 0;
											 *((intOrPtr*)(_t1230 - 0x140)) = 0;
											 *((intOrPtr*)(_t1230 - 0x13c)) = 0;
											 *(_t1230 - 0x148) = 0x4972e4;
											__eflags =  *(_t1230 - 0x310);
											 *(_t1230 - 4) = 0x12;
											 *(_t1230 - 0x1c) = 0;
											if( *(_t1230 - 0x310) != 0) {
												_t396 = _t1230 - 0x148; // 0x4972e4
												_t397 = _t1230 - 0x148; // 0x4972e4
												 *(_t1230 - 0x1c) = _t396;
												_push(_t1230 - 0x314);
												L0043A60A(E00426037(_t397));
												 *((intOrPtr*)(_t1230 - 0x110)) = 0;
												 *((intOrPtr*)(_t1230 - 0x10c)) = 0;
												 *((intOrPtr*)(_t1230 - 0x118)) = 0;
												 *((intOrPtr*)(_t1230 - 0x114)) = 0;
												 *((intOrPtr*)(_t1230 - 0x120)) = 0;
												 *((intOrPtr*)(_t1230 - 0x11c)) = 0;
												 *((intOrPtr*)(_t1230 - 0x128)) = 0;
												 *((intOrPtr*)(_t1230 - 0x124)) = 0;
												 *((intOrPtr*)(_t1230 - 0x130)) = 0;
												 *((intOrPtr*)(_t1230 - 0x12c)) = 0;
												 *((intOrPtr*)(_t1230 - 0x138)) = 0;
												 *((intOrPtr*)(_t1230 - 0x134)) = 0;
											}
											_push(_t1230 - 0x100);
											_push(_t1230 - 0x6c);
											_push( *(_t1230 - 0x1c));
											_t416 = _t1225 + 0x10; // 0x10
											_push(_t1225);
											asm("sbb edx, edx");
											_push( ~_t1225 & _t416);
											_push(_t1230 - 0xc8);
											_push( *((intOrPtr*)( *((intOrPtr*)(_t1230 - 0x350)))) + 0xc);
											_push(_t1230 - 0x50);
											_push(_t1230 - 0x44);
											_push(_t1230 - 0x94); // executed
											_t642 = E00424B24( *((intOrPtr*)(_t1230 - 0x38)), _t1230 - 0x88); // executed
											__eflags =  *(_t1225 + 0xbc);
											 *(_t1230 - 0x20) = _t642;
											if( *(_t1225 + 0xbc) != 0) {
												_t425 = _t1225 + 0x18; // 0x18
												E0043B336(_t425, 0, 1);
											}
											__eflags =  *(_t1230 - 0x68);
											if( *(_t1230 - 0x68) != 0) {
												_t724 =  *0x4aa8d4; // 0x4aa608
												__eflags = _t724;
												if(_t724 != 0) {
													 *(_t1230 - 0x14) = _t724;
													E00401EDC(_t724);
													fputs("ERROR:",  *( *(_t1230 - 0x14)));
													E00401EDC( *(_t1230 - 0x14));
													_push( *((intOrPtr*)(_t1230 - 0x6c)));
													E00401EDC(E00401EEF( *(_t1230 - 0x14)));
												}
												__eflags =  *(_t1230 - 0x20);
												if( *(_t1230 - 0x20) == 0) {
													 *(_t1230 - 0x20) = 0x80004005;
												}
											}
											_t1218 =  *0x4aa8d0; // 0x4aa610
											 *(_t1230 - 0xd) =  *(_t1230 - 0xd) & 0x00000000;
											__eflags = _t1218;
											if(_t1218 == 0) {
												L138:
												__eflags =  *(_t1225 + 0x130) |  *(_t1225 + 0x134);
												if(( *(_t1225 + 0x130) |  *(_t1225 + 0x134)) != 0) {
													__eflags = _t1218;
													 *(_t1230 - 0xd) = 1;
													if(_t1218 != 0) {
														fputs("Can\'t open as archive: ",  *_t1218);
														E00401EDC(E0040205A(_t1218,  *(_t1225 + 0x130),  *(_t1225 + 0x134)));
													}
												}
												__eflags =  *(_t1225 + 0x138) |  *(_t1225 + 0x13c);
												if(( *(_t1225 + 0x138) |  *(_t1225 + 0x13c)) == 0) {
													L144:
													__eflags = _t1218;
													if(_t1218 != 0) {
														_t453 = _t1225 + 0x140; // 0x140
														_t697 = _t453;
														__eflags =  *(_t1225 + 0x140) |  *(_t697 + 4);
														if(( *(_t1225 + 0x140) |  *(_t697 + 4)) != 0) {
															fputs("Archives with Warnings: ",  *_t1218);
															_t455 = _t1225 + 0x140; // 0x140
															E00401EDC(E0040205A(_t1218,  *_t455,  *((intOrPtr*)(_t455 + 4))));
														}
														__eflags =  *(_t1225 + 0x150) |  *(_t1225 + 0x154);
														if(( *(_t1225 + 0x150) |  *(_t1225 + 0x154)) != 0) {
															E00401EDC(_t1218);
															__eflags =  *(_t1225 + 0x150) |  *(_t1225 + 0x154);
															if(( *(_t1225 + 0x150) |  *(_t1225 + 0x154)) != 0) {
																fputs("Warnings: ",  *_t1218);
																E00401EDC(E0040205A(_t1218,  *(_t1225 + 0x150),  *(_t1225 + 0x154)));
															}
														}
													}
													goto L150;
												} else {
													__eflags = _t1218;
													 *(_t1230 - 0xd) = 1;
													if(_t1218 == 0) {
														L150:
														__eflags =  *(_t1225 + 0x148) |  *(_t1225 + 0x14c);
														if(( *(_t1225 + 0x148) |  *(_t1225 + 0x14c)) == 0) {
															L154:
															__eflags =  *(_t1230 - 0xd);
															if( *(_t1230 - 0xd) == 0) {
																L156:
																__eflags = _t1218;
																if(_t1218 == 0) {
																	L172:
																	 *(_t1230 - 4) = 0x11;
																	E00401CEB(L00426C9A(_t932, _t1230 - 0x144),  *((intOrPtr*)(_t1230 - 0x6c)));
																	 *(_t1230 - 4) = 0x13;
																	E00401CEB(L0043AC84(_t1230 - 0xa0),  *((intOrPtr*)(_t1230 - 0xbc)));
																	__eflags = _t1225;
																	 *(_t1230 - 4) = 0xb;
																	if(_t1225 != 0) {
																		 *((intOrPtr*)( *_t1225 + 8))(_t1225);
																	}
																	goto L184;
																}
																__eflags =  *(_t1225 + 0x138) |  *(_t1225 + 0x13c);
																if(( *(_t1225 + 0x138) |  *(_t1225 + 0x13c)) != 0) {
																	L170:
																	E00401EDC(_t1218);
																	_t506 = _t1225 + 0x158; // 0x158
																	_t658 = _t506;
																	__eflags =  *(_t1225 + 0x158) |  *(_t658 + 4);
																	if(( *(_t1225 + 0x158) |  *(_t658 + 4)) != 0) {
																		fputs("Sub items Errors: ",  *_t1218);
																		_t508 = _t1225 + 0x158; // 0x158
																		E00401EDC(E0040205A(_t1218,  *_t508,  *((intOrPtr*)(_t508 + 4))));
																	}
																	goto L172;
																}
																_t475 = _t1225 + 0x158; // 0x158
																_t663 = _t475;
																__eflags =  *(_t1225 + 0x158) |  *(_t663 + 4);
																if(( *(_t1225 + 0x158) |  *(_t663 + 4)) != 0) {
																	goto L170;
																}
																__eflags =  *(_t1230 - 0x20);
																if( *(_t1230 - 0x20) != 0) {
																	goto L172;
																}
																_t664 =  *(_t1230 - 0xe0);
																__eflags = _t664 |  *(_t1230 - 0xdc);
																if((_t664 |  *(_t1230 - 0xdc)) != 0) {
																	fputs("Folders: ",  *_t1218); // executed
																	_t689 = E0040205A(_t1218,  *(_t1230 - 0xe0),  *(_t1230 - 0xdc)); // executed
																	E00401EDC(_t689);
																	_t664 =  *(_t1230 - 0xe0);
																}
																__eflags =  *((intOrPtr*)(_t1230 - 0xd8)) - 1;
																if( *((intOrPtr*)(_t1230 - 0xd8)) != 1) {
																	L166:
																	fputs("Files: ",  *_t1218); // executed
																	_t666 = E0040205A(_t1218,  *((intOrPtr*)(_t1230 - 0xd8)),  *(_t1230 - 0xd4)); // executed
																	E00401EDC(_t666);
																	__eflags =  *(_t1230 - 0xd0) |  *(_t1230 - 0xcc);
																	if(( *(_t1230 - 0xd0) |  *(_t1230 - 0xcc)) != 0) {
																		fputs("Alternate Streams: ",  *_t1218);
																		E00401EDC(E0040205A(_t1218,  *(_t1230 - 0xd0),  *(_t1230 - 0xcc)));
																		fputs("Alternate Streams Size: ",  *_t1218);
																		E00401EDC(E0040205A(_t1218,  *((intOrPtr*)(_t1230 - 0xf0)),  *((intOrPtr*)(_t1230 - 0xec))));
																	}
																	goto L168;
																} else {
																	__eflags =  *(_t1230 - 0xd4);
																	if( *(_t1230 - 0xd4) != 0) {
																		goto L166;
																	}
																	__eflags = _t664 |  *(_t1230 - 0xdc);
																	if((_t664 |  *(_t1230 - 0xdc)) != 0) {
																		goto L166;
																	}
																	__eflags =  *(_t1230 - 0xd0) |  *(_t1230 - 0xcc);
																	if(( *(_t1230 - 0xd0) |  *(_t1230 - 0xcc)) == 0) {
																		L168:
																		fputs("Size:       ",  *_t1218); // executed
																		_t671 = E0040205A(_t1218,  *((intOrPtr*)(_t1230 - 0xf8)),  *((intOrPtr*)(_t1230 - 0xf4))); // executed
																		 *(_t1230 - 0x24) = _t671;
																		E00401EDC(_t671);
																		fputs("Compressed: ",  *( *(_t1230 - 0x24))); // executed
																		_t675 = E0040205A( *(_t1230 - 0x24),  *((intOrPtr*)(_t1230 - 0xe8)),  *((intOrPtr*)(_t1230 - 0xe4))); // executed
																		E00401EDC(_t675);
																		__eflags =  *(_t1230 - 0x1c);
																		if( *(_t1230 - 0x1c) != 0) {
																			E00401EDC(_t1218);
																			_t504 = _t1230 - 0x148; // 0x4972e4
																			E00436013(_t1218, _t504);
																		}
																		goto L172;
																	}
																	goto L166;
																}
															}
															L155:
															 *(_t1230 - 0x34) = 2;
															goto L156;
														}
														__eflags = _t1218;
														 *(_t1230 - 0xd) = 1;
														if(_t1218 == 0) {
															goto L155;
														}
														E00401EDC(_t1218);
														__eflags =  *(_t1225 + 0x148) |  *(_t1225 + 0x14c);
														if(( *(_t1225 + 0x148) |  *(_t1225 + 0x14c)) == 0) {
															goto L155;
														}
														fputs("Open Errors: ",  *_t1218);
														E00401EDC(E0040205A(_t1218,  *(_t1225 + 0x148),  *(_t1225 + 0x14c)));
														goto L154;
													}
													fputs("Archives with Errors: ",  *_t1218);
													E00401EDC(E0040205A(_t1218,  *(_t1225 + 0x138),  *(_t1225 + 0x13c)));
													goto L144;
												}
											} else {
												E00401EDC(_t1218);
												__eflags =  *(_t1225 + 0x11c);
												if( *(_t1225 + 0x11c) > 0) {
													L137:
													fputs("Archives: ",  *_t1218);
													_t438 = _t1225 + 0x118; // 0x118
													E00401EDC(E0040205A(_t1218,  *_t438,  *((intOrPtr*)(_t438 + 4))));
													fputs("OK archives: ",  *_t1218);
													E00401EDC(E0040205A(_t1218,  *((intOrPtr*)(_t1225 + 0x128)),  *((intOrPtr*)(_t1225 + 0x12c))));
													goto L138;
												}
												__eflags =  *((intOrPtr*)(_t1225 + 0x118)) - 1;
												if( *((intOrPtr*)(_t1225 + 0x118)) <= 1) {
													goto L138;
												}
												goto L137;
											}
										}
									}
									_push(_t1230 - 0x2ec);
									E0040150C(_t1230 - 0x44);
									_push(_t1230 - 0x2ec);
									E0040150C(_t1230 - 0x50);
									goto L117;
								}
								__eflags =  *((intOrPtr*)(_t1230 - 0x338)) - 6;
								if( *((intOrPtr*)(_t1230 - 0x338)) == 6) {
									goto L106;
								}
								_t750 = L00417BF1(_t1230 - 0x338);
								__eflags = _t750;
								if(_t750 == 0) {
									__eflags =  *((intOrPtr*)(_t1230 - 0x338)) - 9;
									if(__eflags != 0) {
										_t1201 = 7;
										E0043A1FC(_t1201);
									} else {
										E0043A15B(_t1230 - 0x4c0, __eflags);
										__eflags =  *(_t1230 - 0x18) - _t932;
										 *(_t1230 - 4) = 0x18;
										if( *(_t1230 - 0x18) != _t932) {
											_t772 =  *(_t1230 - 0x14) - 1;
											__eflags = _t772;
											 *(_t1230 - 0x40c) = _t772;
										}
										_t1219 =  *0x4aa8d4; // 0x4aa608
										_t1227 =  *0x4aa8d0; // 0x4aa610
										L00427438(_t1230 - 0x3dc);
										 *(_t1230 - 0x414) =  *(_t1230 - 0x18);
										 *(_t1230 - 0x3cc) = _t932;
										 *(_t1230 - 0x408) = _t1227;
										 *(_t1230 - 0x404) = _t1219;
										 *((char*)(_t1230 - 0x38f)) =  *(_t1230 - 0x353);
										L00402541(_t1230 - 0x6c);
										_push(_t1230 - 0x4c0);
										_push(_t1230 - 0x6c);
										 *(_t1230 - 4) = 0x19;
										 *(_t1230 - 0x20) = L00426607(_t1230 - 0x350, _t1230 - 0x18c, __eflags);
										E004399FA(_t1230 - 0xb0, __eflags);
										 *(_t1230 - 4) = 0x1a;
										L0040261F(_t1230 - 0xac, _t1230 - 0x6c);
										_t763 =  *0x4aa8d0; // 0x4aa610
										_t1095 = _t763;
										__eflags = _t1095 - _t932;
										if(_t1095 == _t932) {
											_t1095 =  *0x4aa8d4; // 0x4aa608
										}
										_push( *(_t1230 - 0x353));
										_push(_t1095);
										_push(_t763);
										_push(_t1230 - 0xb0);
										asm("sbb edx, edx");
										 *(_t1230 - 0x34) = E0043A341( *(_t1230 - 0x20),  ~(_t1230 - 0x4c0) & _t1230 - 0x000004b8);
										 *(_t1230 - 4) = 0x1b;
										E00401CEB(E00401CEB(E00419BF1(_t932, _t1230 - 0xa0),  *((intOrPtr*)(_t1230 - 0xac))),  *((intOrPtr*)(_t1230 - 0x6c)));
										 *(_t1230 - 4) = 7;
										E0043A1C9(_t932, _t1230 - 0x4c0);
									}
									goto L185;
								}
								__eflags =  *((char*)(_t1230 - 0x200));
								if(__eflags != 0) {
									__eflags =  *((intOrPtr*)(_t1230 - 0x1f8)) - _t932;
									if(__eflags == 0) {
										L00402E5F(_t1230 - 0x1fc, "7zCon.sfx");
									}
								}
								L00437FF3(_t1230 - 0x5a0, __eflags);
								_t774 =  *0x4aa8d0; // 0x4aa610
								_t1228 =  *(_t1230 - 0x18);
								__eflags =  *((char*)(_t1230 - 0x328));
								 *(_t1230 - 0x4e8) = _t774;
								_t775 =  *0x4aa8d4; // 0x4aa608
								 *(_t1230 - 4) = 0x14;
								 *(_t1230 - 0x4e4) = _t775;
								 *(_t1230 - 0x4f4) = _t1228;
								if( *((char*)(_t1230 - 0x328)) == 0) {
									L87:
									_t199 = _t1230 - 0xd;
									 *_t199 =  *(_t1230 - 0xd) & 0x00000000;
									__eflags =  *_t199;
									goto L88;
								} else {
									__eflags =  *((intOrPtr*)(_t1230 - 0x320)) - _t932;
									if( *((intOrPtr*)(_t1230 - 0x320)) == _t932) {
										goto L87;
									}
									 *(_t1230 - 0xd) = 1;
									L88:
									 *((char*)(_t1230 - 0x4cf)) =  *(_t1230 - 0xd);
									L00402D61(_t1230 - 0x4cc, _t1230 - 0x324);
									E00439FC4(_t1230 - 0x4b8, __eflags);
									__eflags = _t1228 - _t932;
									 *((intOrPtr*)(_t1230 - 0x3f0)) =  *((intOrPtr*)(_t1230 - 0x154));
									 *(_t1230 - 4) = 0x15;
									 *(_t1230 - 0x3f4) =  *(_t1230 - 0x1c);
									if(_t1228 != _t932) {
										_t809 =  *(_t1230 - 0x14) - 1;
										__eflags = _t809;
										 *(_t1230 - 0x404) = _t809;
									}
									__eflags =  *((char*)(_t1230 - 0x328));
									 *((char*)(_t1230 - 0x3a0)) =  *(_t1230 - 0xd);
									if( *((char*)(_t1230 - 0x328)) == 0) {
										L93:
										_t218 = _t1230 - 0x390;
										 *_t218 =  *(_t1230 - 0x390) & 0x00000000;
										__eflags =  *_t218;
										goto L94;
									} else {
										__eflags =  *((intOrPtr*)(_t1230 - 0x320)) - _t932;
										if( *((intOrPtr*)(_t1230 - 0x320)) != _t932) {
											goto L93;
										}
										 *(_t1230 - 0x390) = 1;
										L94:
										L00402D61(_t1230 - 0x39c, _t1230 - 0x324);
										_t1229 =  *0x4aa8d4; // 0x4aa608
										 *((char*)(_t1230 - 0x3f8)) =  *((intOrPtr*)(_t1230 - 0x1e0));
										_t786 =  *0x4aa8d0; // 0x4aa610
										 *(_t1230 - 0x2c) = _t786;
										L00427438(_t1230 - 0x3d4);
										 *(_t1230 - 0x400) =  *(_t1230 - 0x2c);
										 *(_t1230 - 0x3c4) = _t932;
										 *(_t1230 - 0x3fc) = _t1229;
										 *(_t1230 - 0x40c) =  *(_t1230 - 0x18);
										E004399FA(_t1230 - 0x7c, __eflags);
										_push(1);
										_push(_t1230 - 0x4b8);
										_push(_t1230 - 0x5a0);
										_push(_t1230 - 0x7c);
										_push(_t1230 - 0x2a4);
										_push(_t1230 - 0x350);
										_push(_t1230 - 0x334);
										 *(_t1230 - 4) = 0x16;
										_t797 = L0042F18F(_t1215, _t1230 - 0x88);
										__eflags =  *(_t1230 - 0x40c) - _t932;
										 *(_t1230 - 0x20) = _t797;
										if( *(_t1230 - 0x40c) != _t932) {
											E0043B336(_t1230 - 0x4b0, _t1215, 1);
										}
										_t798 =  *0x4aa8d0; // 0x4aa610
										_t1108 = _t798;
										__eflags = _t1108 - _t932;
										if(_t1108 == _t932) {
											_t1108 =  *0x4aa8d4; // 0x4aa608
										}
										_push(1);
										_push(_t1108);
										_push(_t798);
										_push(_t1230 - 0x7c);
										asm("sbb edx, edx");
										 *(_t1230 - 0x34) = E0043A341( *(_t1230 - 0x20),  ~(_t1230 - 0x4b8) & _t1230 - 0x000004b0);
										 *(_t1230 - 4) = 0x17;
										E00401CEB(E00419BF1(_t932, _t1230 - 0x6c),  *(_t1230 - 0x78));
										 *(_t1230 - 4) = 0x14;
										_t804 = L0043AB5D(_t932, _t1230 - 0x4b8);
										 *(_t1230 - 4) = 7;
										E00401CEB(_t804,  *(_t1230 - 0x4cc));
										L0043B29D(_t1230 - 0x598);
										goto L185;
									}
								}
							}
							_t811 =  *0x4aa8d0; // 0x4aa610
							__eflags = _t811 - _t932;
							if(_t811 == _t932) {
								_t811 = 0x4aa610;
							}
							_t812 = E004343F8(_t1230 - 0x2e0,  *((intOrPtr*)(_t1230 - 0x150)),  *_t811);
							__eflags = _t812 - 1;
							 *(_t1230 - 0x20) = _t812;
							if(_t812 == 1) {
								_t813 =  *0x4aa8d4; // 0x4aa608
								__eflags = _t813 - _t932;
								if(_t813 != _t932) {
									fputs("\nDecoding ERROR\n",  *_t813);
								}
								 *(_t1230 - 0x34) = 2;
								 *(_t1230 - 0x20) = _t932;
							}
							goto L185;
						} else {
							_t1222 =  *0x4aa8d0; // 0x4aa610
							if(_t1222 == _t932) {
								_t1222 = 0x4aa610;
							}
							E00401EDC(_t1222);
							fputs("Formats:",  *_t1222);
							E00401EDC(_t1222);
							_t818 = strlen("KSNFMGOPBELH");
							_t1254 =  *((intOrPtr*)(_t1215 + 0xc)) - _t932;
							_t1215 = fputc;
							 *(_t1230 - 0x60) = _t818;
							 *(_t1230 - 0x18) = _t932;
							if(_t1254 <= 0) {
								L61:
								E00401EDC(_t1222);
								fputs("Codecs:",  *_t1222);
								E00401EDC(_t1222);
								_t1277 =  *0x4aa768 - _t932; // 0x13
								 *(_t1230 - 0x18) = _t932;
								if(_t1277 <= 0) {
									L67:
									E00401EDC(_t1222);
									fputs("Hashers:",  *_t1222);
									E00401EDC(_t1222);
									 *(_t1230 - 0x18) =  *(_t1230 - 0x18) & 0x00000000;
									if( *0x4aa76c <= 0) {
										L185:
										if( *((char*)(_t1230 - 0x317)) != 0 &&  *0x4aa8d0 != 0) {
											L0043A625();
										}
										E00401CEB(L0043A60A( *(_t1230 - 0x20)),  *(_t1230 - 0x94));
										 *(_t1230 - 4) = 5;
										L0043F734(_t1230 - 0x88);
										_t597 =  *((intOrPtr*)(_t1230 - 0x38));
										 *(_t1230 - 4) = 3;
										_t1286 = _t597;
										if(_t597 != 0) {
											 *((intOrPtr*)( *_t597 + 8))(_t597);
										}
										 *(_t1230 - 4) = 2;
										E004011BB(_t1230 - 0x388);
										 *(_t1230 - 4) =  *(_t1230 - 4) & 0x00000000;
										E0043A9FE(_t932, _t1230 - 0x35c, _t1286); // executed
										 *(_t1230 - 4) =  *(_t1230 - 4) | 0xffffffff;
										E00419BF1(_t932, _t1230 - 0x5c);
										_t601 =  *(_t1230 - 0x34);
										 *[fs:0x0] =  *((intOrPtr*)(_t1230 - 0xc));
										return _t601;
									}
									 *(_t1230 - 0x14) = 0x4aa628;
									do {
										_t934 =  *( *(_t1230 - 0x14));
										E0043A2E6(_t1222, _t1191 | 0xffffffff);
										_t1191 =  *(_t934 + 0x14);
										E0043A27F(_t1222,  *(_t934 + 0x14), 4);
										 *_t1215(0x20,  *_t1222);
										L0043A9D6(_t1222,  *((intOrPtr*)(_t934 + 8)),  *((intOrPtr*)(_t934 + 0xc)));
										 *_t1215(0x20,  *_t1222);
										_t932 =  *(_t934 + 0x10);
										fputs( *(_t934 + 0x10),  *_t1222);
										_t1232 = _t1232 + 0x10;
										E00401EDC(_t1222);
										 *(_t1230 - 0x18) =  *(_t1230 - 0x18) + 1;
										 *(_t1230 - 0x14) =  *(_t1230 - 0x14) + 4;
										_t1283 =  *(_t1230 - 0x18) -  *0x4aa76c; // 0x4
									} while (_t1283 < 0);
									goto L185;
								}
								 *(_t1230 - 0x14) = 0x4aa668;
								do {
									_t1191 = _t1191 | 0xffffffff;
									_t935 =  *( *(_t1230 - 0x14));
									E0043A2E6(_t1222, _t1191);
									_t836 =  *((intOrPtr*)(_t935 + 0x14));
									if( *((intOrPtr*)(_t935 + 0x14)) != 1) {
										_t837 = E00402031(_t1222, _t836);
									} else {
										_t837 =  *_t1215(0x20,  *_t1222);
									}
									_t843 =  *_t1215(((_t837 & 0xffffff00 |  *((intOrPtr*)(_t935 + 4)) == 0x00000000) - 0x00000001 & 0x00000025) + 0x00000020 & 0x000000ff,  *_t1222);
									 *_t1215(((_t843 & 0xffffff00 |  *_t935 == 0x00000000) - 0x00000001 & 0x00000024) + 0x00000020 & 0x000000ff,  *_t1222);
									 *_t1215(0x20,  *_t1222);
									L0043A9D6(_t1222,  *((intOrPtr*)(_t935 + 8)),  *((intOrPtr*)(_t935 + 0xc)));
									 *_t1215(0x20,  *_t1222);
									_t932 =  *(_t935 + 0x10);
									fputs( *(_t935 + 0x10),  *_t1222);
									_t1232 = _t1232 + 0x28;
									E00401EDC(_t1222);
									 *(_t1230 - 0x18) =  *(_t1230 - 0x18) + 1;
									 *(_t1230 - 0x14) =  *(_t1230 - 0x14) + 4;
									_t1281 =  *(_t1230 - 0x18) -  *0x4aa768; // 0x13
								} while (_t1281 < 0);
								goto L67;
							}
							L29:
							_t932 =  *( *((intOrPtr*)( *((intOrPtr*)(_t1230 - 0x38)) + 8)) +  *(_t1230 - 0x18) * 4);
							fputc(((fputs(0x49814c,  *_t1222) & 0xffffff00 | _t932[0x28] == 0x00000000) - 0x00000001 & 0x00000023) + 0x00000020 & 0x000000ff,  *_t1222);
							 *(_t1230 - 0x14) =  *(_t1230 - 0x14) & 0x00000000;
							_t1232 = _t1232 + 0x10;
							if( *(_t1230 - 0x60) <= 0) {
								L35:
								 *_t1215(0x20,  *_t1222);
								E0043A313(_t1222,  &(_t932[0xc]), 8);
								 *_t1215(0x20,  *_t1222);
								E00402BBE(_t1230 - 0x44);
								 *(_t1230 - 0x1c) =  *(_t1230 - 0x1c) & 0x00000000;
								 *(_t1230 - 4) = 9;
								if(_t932[0x1c] <= 0) {
									L41:
									_t1191 = _t1230 - 0x44;
									E0043A313(_t1222, _t1191, 0xd);
									 *_t1215(0x20,  *_t1222);
									if(_t932[0x2c] != 0) {
										fputs("offset=",  *_t1222);
										 *_t1215(0x20,  *((intOrPtr*)(E00402031(_t1222, _t932[0x2c]))));
									}
									 *(_t1230 - 0x14) =  *(_t1230 - 0x14) & 0x00000000;
									if(_t932[0x34] <= 0) {
										L59:
										_t871 = E00401EDC(_t1222);
										 *(_t1230 - 4) = 7;
										E00401CEB(_t871,  *(_t1230 - 0x44));
										 *(_t1230 - 0x18) =  *(_t1230 - 0x18) + 1;
										if( *(_t1230 - 0x18) <  *((intOrPtr*)( *((intOrPtr*)(_t1230 - 0x38)) + 0xc))) {
											goto L29;
										}
										_t932 = 0;
										goto L61;
									} else {
										do {
											if( *(_t1230 - 0x14) != 0) {
												fputs("  ||  ",  *_t1222);
											}
											 *(_t1230 - 0x1c) =  *(_t1230 - 0x1c) & 0x00000000;
											_t875 =  *(_t932[0x30] +  *(_t1230 - 0x14) * 4);
											 *(_t1230 - 0x24) = _t875;
											if(_t875[1] > 0) {
												do {
													if( *(_t1230 - 0x1c) != 0) {
														 *_t1215(0x20,  *_t1222);
														_t875 =  *(_t1230 - 0x24);
													}
													_t879 =  *((intOrPtr*)( *_t875 +  *(_t1230 - 0x1c)));
													if(_t879 <= 0x20 || _t879 >= 0x80) {
														_t880 = _t879 & 0x000000ff;
														 *(_t1230 - 0x2c) = _t880;
														_t881 = _t880 >> 4;
														if(_t881 >= 0xa) {
															_t882 = _t881 + 0x37;
															__eflags = _t882;
														} else {
															_t882 = _t881 + 0x30;
														}
														 *_t1215(_t882 & 0x000000ff,  *_t1222);
														_t886 =  *(_t1230 - 0x2c) & 0x0000000f;
														if(_t886 >= 0xa) {
															_t879 = _t886 + 0x37;
															__eflags = _t879;
														} else {
															_t879 = _t886 + 0x30;
														}
													}
													 *_t1215(_t879 & 0x000000ff,  *_t1222);
													 *(_t1230 - 0x1c) =  *(_t1230 - 0x1c) + 1;
													_t875 =  *(_t1230 - 0x24);
												} while ( *(_t1230 - 0x1c) < _t875[1]);
											}
											 *(_t1230 - 0x14) =  *(_t1230 - 0x14) + 1;
										} while ( *(_t1230 - 0x14) < _t932[0x34]);
										goto L59;
									}
								} else {
									goto L36;
								}
								do {
									L36:
									_t1260 =  *(_t1230 - 0x1c);
									if( *(_t1230 - 0x1c) != 0) {
										L00402ECB();
									}
									 *(_t1230 - 0x14) =  *(_t932[0x18] +  *(_t1230 - 0x1c) * 4);
									L00402F46(_t1230 - 0x44, _t1260,  *(_t932[0x18] +  *(_t1230 - 0x1c) * 4));
									if( *((intOrPtr*)( *(_t1230 - 0x14) + 0x10)) != 0) {
										L00402F82(_t1230 - 0x44, " (");
										L00402F46(_t1230 - 0x44,  *(_t1230 - 0x14) + 0xc,  *(_t1230 - 0x14) + 0xc);
										E00401089(_t1230 - 0x44, 0x29);
									}
									 *(_t1230 - 0x1c) =  *(_t1230 - 0x1c) + 1;
								} while ( *(_t1230 - 0x1c) < _t932[0x1c]);
								goto L41;
							}
							L30:
							_t1180 =  *(_t1230 - 0x14);
							_t904 = 1;
							if(( *_t932 & _t904 << _t1180) == 0) {
								L33:
								_t906 = 0x20;
								goto L34;
							} else {
								_t80 =  &(("KSNFMGOPBELH")[_t1180]); // 0x464e534b
								_t906 =  *_t80;
								L34:
								 *_t1215(_t906 & 0x000000ff,  *_t1222);
								 *(_t1230 - 0x14) =  *(_t1230 - 0x14) + 1;
								if( *(_t1230 - 0x14) <  *(_t1230 - 0x60)) {
									goto L30;
								}
								goto L35;
							}
						}
					} else {
						goto L22;
					}
					while(1) {
						L22:
						 *(_t1230 - 0x50) = _t932;
						 *(_t1230 - 0x4c) = _t932;
						 *(_t1230 - 0x48) = _t932;
						_push(_t1230 - 0x50);
						 *(_t1230 - 4) = 8;
						_push( *((intOrPtr*)( *((intOrPtr*)(_t1230 - 0x16c)) + _t1222 * 4)));
						if(L004272C3(_t1215) == 0 ||  *(_t1230 - 0x4c) != 1) {
							_t913 =  *0x498e3c; // 0x498e40
							_push(0x49d6e8);
							 *(_t1230 - 0x24) = _t913;
							_push(_t1230 - 0x24);
							L0048CCA2();
							goto L33;
						}
						_t916 = L0043AC48(_t1230 - 0x94,  *( *(_t1230 - 0x50)));
						 *(_t1230 - 4) = 7;
						E00401CEB(_t916,  *(_t1230 - 0x50));
						_t1222 = _t1222 + 1;
						if(_t1222 <  *((intOrPtr*)(_t1230 - 0x168))) {
							continue;
						}
						goto L25;
					}
					goto L33;
				}
				if( *(_t1230 - 0xd) != 0 ||  *((intOrPtr*)(_t1230 - 0x338)) == 6) {
					L18:
					_t920 =  *0x498e38; // 0x498e5c
					_push(0x49d6e8);
					 *(_t1230 - 0x24) = _t920;
					_push(_t1230 - 0x24);
					L0048CCA2();
					goto L19;
				} else {
					_t922 = L00417BF1(_t1230 - 0x338);
					_t1246 = _t922;
					if(_t922 == 0) {
						goto L19;
					}
					goto L18;
				}
			}

0x00438600
0x00438600
0x00438600
0x00438600
0x00438611
0x0043861d
0x0043861f
0x00438627
0x00438627
0x00438639
0x00438644
0x00438647
0x00438657
0x00438657
0x0043865d
0x00438664
0x00438673
0x0043867b
0x00438681
0x00438681
0x0043867b
0x00438684
0x00438686
0x0043868c
0x00438691
0x00438695
0x004386a2
0x004386a2
0x00438697
0x0043869e
0x0043869e
0x004386a4
0x004386a6
0x004386a9
0x004386ad
0x004386b3
0x004386b8
0x004386b8
0x004386c3
0x004386cc
0x004386d0
0x004386d3
0x004386da
0x004386ea
0x004386f2
0x00438728
0x00438728
0x0043872e
0x00438734
0x0043873d
0x00438743
0x00438746
0x00438751
0x00438753
0x00438758
0x0043875d
0x00438763
0x00438764
0x00438764
0x00438769
0x0043876f
0x00438775
0x0043877b
0x00438783
0x00438787
0x004387e3
0x004387ea
0x004387ed
0x004387f0
0x00438bce
0x00438bd5
0x00438c2b
0x00438c2f
0x00438f99
0x00438f9b
0x00438f9e
0x00438fa1
0x00438fa4
0x00438fa7
0x00438faa
0x00438fad
0x00438fb4
0x00438fba
0x00438fbe
0x00438fe3
0x00438fee
0x00438ff8
0x00438ffd
0x0043900d
0x00439014
0x00439016
0x0043901c
0x00439028
0x00439031
0x0043903b
0x0043903d
0x00439043
0x00439045
0x0043904c
0x00439057
0x0043905d
0x0043905d
0x0043904c
0x00439068
0x0043906e
0x00439074
0x0043907a
0x00439080
0x00439086
0x0043908c
0x00439092
0x00439098
0x0043909e
0x004390a4
0x004390aa
0x004390b0
0x004390b8
0x004390c5
0x004390cc
0x004390d0
0x004390d4
0x004390d5
0x004390dc
0x004390e0
0x004390e5
0x004390e8
0x004390ef
0x004390f4
0x004390fb
0x00439105
0x00439105
0x0043910a
0x0043910d
0x0043910f
0x00439116
0x00439124
0x00439125
0x00439125
0x00439116
0x00439130
0x00439134
0x00439139
0x0043913c
0x00439860
0x00439863
0x00439867
0x0043986f
0x00439873
0x00000000
0x00439142
0x00439142
0x00439142
0x00439146
0x00439770
0x00439774
0x0043977b
0x00439782
0x00439789
0x0043978a
0x0043978d
0x00439793
0x00439796
0x00439799
0x0043979e
0x004397a4
0x004397a4
0x004397aa
0x004397ae
0x004397ba
0x004397c0
0x004397c4
0x004397cb
0x004397d1
0x004397d2
0x004397d7
0x004397de
0x004397e6
0x0043981c
0x0043981c
0x0043981f
0x00439826
0x00439826
0x0043982d
0x00439831
0x00439841
0x00439854
0x00439854
0x00439859
0x00000000
0x00439859
0x00439821
0x00439824
0x00000000
0x00000000
0x00000000
0x004397e8
0x004397e8
0x004397eb
0x004397f2
0x004397f4
0x00439804
0x00439817
0x00000000
0x00439817
0x004397ed
0x004397f0
0x00000000
0x00000000
0x00000000
0x004397f0
0x004397e6
0x0043914c
0x00439151
0x00439157
0x0043915a
0x0043915c
0x00439160
0x0043916d
0x0043916d
0x00439162
0x00439169
0x00439169
0x0043916f
0x00439171
0x00439175
0x00439178
0x0043917d
0x0043917d
0x00439186
0x0043918c
0x00439199
0x0043919d
0x004391b3
0x004391b8
0x004391bf
0x004391c2
0x004391ce
0x004391d7
0x004391dd
0x004391e2
0x004391e2
0x004391e3
0x004391e3
0x004391ef
0x00439201
0x00439205
0x00439210
0x00439217
0x0043921d
0x00439223
0x00439229
0x00439232
0x0043923e
0x00439245
0x0043924d
0x00439252
0x00439258
0x0043925e
0x00439264
0x0043926e
0x00439274
0x00439278
0x0043927b
0x0043927d
0x00439283
0x00439289
0x00439292
0x0043929a
0x0043929f
0x004392a5
0x004392ab
0x004392b1
0x004392b7
0x004392bd
0x004392c3
0x004392c9
0x004392cf
0x004392d5
0x004392db
0x004392e1
0x004392e1
0x004392f3
0x004392f9
0x004392fa
0x00439301
0x00439304
0x00439305
0x00439312
0x00439313
0x00439314
0x0043931b
0x00439325
0x0043932c
0x0043932d
0x00439332
0x00439338
0x0043933b
0x0043933f
0x00439342
0x00439342
0x00439347
0x0043934a
0x0043934c
0x00439351
0x00439353
0x00439357
0x0043935a
0x00439369
0x00439370
0x00439378
0x00439382
0x00439382
0x00439387
0x0043938a
0x0043938c
0x0043938c
0x0043938a
0x00439393
0x00439399
0x0043939d
0x0043939f
0x00439403
0x00439409
0x0043940f
0x00439411
0x00439413
0x00439417
0x00439420
0x00439439
0x00439439
0x00439417
0x00439444
0x0043944a
0x0043947d
0x0043947d
0x0043947f
0x00439487
0x00439487
0x0043948d
0x00439490
0x00439499
0x0043949c
0x004394b1
0x004394b1
0x004394bc
0x004394c2
0x004394c6
0x004394d1
0x004394d7
0x004394e0
0x004394f9
0x004394f9
0x004394d7
0x004394c2
0x00000000
0x0043944c
0x0043944c
0x0043944e
0x00439452
0x004394fe
0x00439504
0x0043950a
0x0043954e
0x0043954e
0x00439552
0x0043955b
0x0043955b
0x0043955d
0x0043971d
0x00439723
0x0043972f
0x0043973b
0x0043974a
0x0043974f
0x00439752
0x00439756
0x0043975f
0x0043975f
0x00000000
0x00439756
0x00439569
0x0043956f
0x004396e1
0x004396e3
0x004396ee
0x004396ee
0x004396f4
0x004396f7
0x00439700
0x00439703
0x00439718
0x00439718
0x00000000
0x004396f7
0x0043957b
0x0043957b
0x00439581
0x00439584
0x00000000
0x00000000
0x0043958a
0x0043958e
0x00000000
0x00000000
0x00439594
0x0043959c
0x004395a2
0x004395ab
0x004395bd
0x004395c4
0x004395c9
0x004395c9
0x004395cf
0x004395d6
0x004395f7
0x004395fe
0x00439610
0x00439617
0x00439622
0x00439628
0x00439631
0x0043964a
0x00439656
0x0043966f
0x0043966f
0x00000000
0x004395d8
0x004395d8
0x004395df
0x00000000
0x00000000
0x004395e1
0x004395e7
0x00000000
0x00000000
0x004395ef
0x004395f5
0x00439674
0x0043967b
0x0043968d
0x00439694
0x00439697
0x004396a6
0x004396b9
0x004396c0
0x004396c5
0x004396c9
0x004396cd
0x004396d2
0x004396da
0x004396da
0x00000000
0x004396c9
0x00000000
0x004395f5
0x004395d6
0x00439554
0x00439554
0x00000000
0x00439554
0x0043950c
0x0043950e
0x00439512
0x00000000
0x00000000
0x00439516
0x00439521
0x00439527
0x00000000
0x00000000
0x00439530
0x00439549
0x00000000
0x00439549
0x0043945f
0x00439478
0x00000000
0x00439478
0x004393a1
0x004393a3
0x004393a8
0x004393af
0x004393ba
0x004393c1
0x004393c4
0x004393d9
0x004393e5
0x004393fe
0x00000000
0x004393fe
0x004393b1
0x004393b8
0x00000000
0x00000000
0x00000000
0x004393b8
0x0043939f
0x0043913c
0x00438fc9
0x00438fca
0x00438fd8
0x00438fd9
0x00000000
0x00438fd9
0x00438c35
0x00438c3c
0x00000000
0x00000000
0x00438c48
0x00438c4d
0x00438c4f
0x00438e5f
0x00438e66
0x00438f8e
0x00438f8f
0x00438e6c
0x00438e72
0x00438e77
0x00438e7a
0x00438e7e
0x00438e83
0x00438e83
0x00438e84
0x00438e84
0x00438e8a
0x00438e90
0x00438e9c
0x00438ea7
0x00438eb3
0x00438eb9
0x00438ebf
0x00438ec5
0x00438ecb
0x00438edc
0x00438ee0
0x00438ee7
0x00438ef6
0x00438ef9
0x00438f08
0x00438f0c
0x00438f11
0x00438f16
0x00438f18
0x00438f1a
0x00438f1c
0x00438f1c
0x00438f22
0x00438f30
0x00438f34
0x00438f3b
0x00438f42
0x00438f4b
0x00438f54
0x00438f6b
0x00438f71
0x00438f7c
0x00438f7c
0x00000000
0x00438e66
0x00438c55
0x00438c5c
0x00438c5e
0x00438c64
0x00438c71
0x00438c71
0x00438c64
0x00438c7c
0x00438c81
0x00438c86
0x00438c89
0x00438c90
0x00438c96
0x00438c9b
0x00438c9f
0x00438ca5
0x00438cab
0x00438cbb
0x00438cbb
0x00438cbb
0x00438cbb
0x00000000
0x00438cad
0x00438cad
0x00438cb3
0x00000000
0x00000000
0x00438cb5
0x00438cbf
0x00438cc8
0x00438cd5
0x00438ce0
0x00438ceb
0x00438ced
0x00438cf6
0x00438cfa
0x00438d00
0x00438d05
0x00438d05
0x00438d06
0x00438d06
0x00438d0f
0x00438d16
0x00438d1c
0x00438d2f
0x00438d2f
0x00438d2f
0x00438d2f
0x00000000
0x00438d1e
0x00438d1e
0x00438d24
0x00000000
0x00000000
0x00438d26
0x00438d36
0x00438d43
0x00438d4e
0x00438d54
0x00438d5a
0x00438d65
0x00438d68
0x00438d73
0x00438d7c
0x00438d82
0x00438d88
0x00438d8e
0x00438d99
0x00438d9b
0x00438da2
0x00438da6
0x00438dad
0x00438db4
0x00438dbb
0x00438dc4
0x00438dc8
0x00438dcd
0x00438dd3
0x00438dd6
0x00438de0
0x00438de0
0x00438de5
0x00438dea
0x00438dec
0x00438dee
0x00438df0
0x00438df0
0x00438df6
0x00438df8
0x00438dfc
0x00438e08
0x00438e0f
0x00438e18
0x00438e1e
0x00438e2a
0x00438e30
0x00438e3a
0x00438e3f
0x00438e49
0x00438e55
0x00000000
0x00438e55
0x00438d1c
0x00438cab
0x00438bd7
0x00438bdc
0x00438bde
0x00438be0
0x00438be0
0x00438bf3
0x00438bf8
0x00438bfb
0x00438bfe
0x00438c04
0x00438c09
0x00438c0b
0x00438c14
0x00438c1b
0x00438c1c
0x00438c23
0x00438c23
0x00000000
0x004387f6
0x004387f6
0x004387fe
0x00438800
0x00438800
0x00438807
0x00438813
0x0043881d
0x00438827
0x00438830
0x00438832
0x00438838
0x0043883b
0x0043883e
0x00438a67
0x00438a69
0x00438a75
0x00438a7f
0x00438a84
0x00438a8a
0x00438a8d
0x00438b36
0x00438b38
0x00438b44
0x00438b4e
0x00438b53
0x00438b5e
0x00439878
0x0043987f
0x0043988a
0x0043988a
0x0043989d
0x004398a3
0x004398ad
0x004398b2
0x004398b5
0x004398b9
0x004398bb
0x004398c0
0x004398c0
0x004398c9
0x004398cd
0x004398d2
0x004398dc
0x004398e1
0x004398e8
0x004398ed
0x004398f6
0x004398fe
0x004398fe
0x00438b64
0x00438b6b
0x00438b73
0x00438b75
0x00438b7a
0x00438b81
0x00438b8a
0x00438b96
0x00438b9f
0x00438ba3
0x00438ba7
0x00438bad
0x00438bb2
0x00438bb7
0x00438bba
0x00438bc1
0x00438bc1
0x00000000
0x00438bc9
0x00438a93
0x00438a9a
0x00438a9d
0x00438aa2
0x00438aa4
0x00438aa9
0x00438aaf
0x00438abe
0x00438ab1
0x00438ab5
0x00438ab8
0x00438ad7
0x00438aec
0x00438af2
0x00438aff
0x00438b08
0x00438b0c
0x00438b10
0x00438b16
0x00438b1b
0x00438b20
0x00438b23
0x00438b2a
0x00438b2a
0x00000000
0x00438a9a
0x00438844
0x00438854
0x00438871
0x00438873
0x00438877
0x0043887e
0x004388c1
0x004388c5
0x004388d0
0x004388d9
0x004388e0
0x004388e5
0x004388ed
0x004388f1
0x00438950
0x00438952
0x00438957
0x00438960
0x00438968
0x00438971
0x00438987
0x0043898a
0x0043898b
0x00438993
0x00438a3f
0x00438a41
0x00438a46
0x00438a4d
0x00438a52
0x00438a5f
0x00000000
0x00000000
0x00438a65
0x00000000
0x00438999
0x00438999
0x0043899d
0x004389a6
0x004389ad
0x004389b4
0x004389b8
0x004389bb
0x004389c2
0x004389c4
0x004389c8
0x004389ce
0x004389d0
0x004389d4
0x004389da
0x004389df
0x004389e5
0x004389e8
0x004389eb
0x004389f1
0x004389f8
0x004389f8
0x004389f3
0x004389f3
0x004389f3
0x00438a01
0x00438a07
0x00438a0e
0x00438a15
0x00438a15
0x00438a10
0x00438a10
0x00438a10
0x00438a0e
0x00438a1e
0x00438a20
0x00438a23
0x00438a2b
0x004389c4
0x00438a30
0x00438a36
0x00000000
0x00438999
0x00000000
0x00000000
0x00000000
0x004388f3
0x004388f3
0x004388f3
0x004388f7
0x004388fc
0x004388fc
0x0043890e
0x00438911
0x0043891d
0x00438927
0x00438936
0x00438940
0x00438940
0x00438945
0x0043894b
0x00000000
0x004388f3
0x00438880
0x00438880
0x00438885
0x0043888a
0x004388aa
0x004388aa
0x00000000
0x0043888c
0x0043888c
0x0043888c
0x004388ac
0x004388b2
0x004388b4
0x004388bf
0x00000000
0x00000000
0x00000000
0x004388bf
0x0043888a
0x00000000
0x00000000
0x00000000
0x00438789
0x00438789
0x00438789
0x0043878c
0x0043878f
0x0043879b
0x004387a1
0x004387a5
0x004387ad
0x00438894
0x00438899
0x0043889e
0x004388a4
0x004388a5
0x004388a5
0x004388a5
0x004387c8
0x004387cd
0x004387d4
0x004387d9
0x004387e1
0x00000000
0x00000000
0x00000000
0x004387e1
0x00000000
0x00438789
0x004386f8
0x00438712
0x00438712
0x00438717
0x0043871c
0x00438722
0x00438723
0x00000000
0x00438703
0x00438709
0x0043870e
0x00438710
0x00000000
0x00000000
0x00000000
0x00438710

APIs

Part of subcall function 004765F0: GetModuleHandleW.KERNEL32(kernel32.dll,GetLargePageMinimum,00438605), ref: 004765FA
Part of subcall function 004765F0: GetProcAddress.KERNEL32(00000000), ref: 00476601

Part of subcall function 00408598: GetCurrentProcess.KERNEL32(00000020,?,00000002,00000000,?,?,00000000), ref: 004085AE
Part of subcall function 00408598: OpenProcessToken.ADVAPI32(00000000), ref: 004085B5
Part of subcall function 00408598: LookupPrivilegeValueW.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 004085C7
Part of subcall function 00408598: AdjustTokenPrivileges.KERNELBASE(?,00000000,?), ref: 004085ED
Part of subcall function 00408598: GetLastError.KERNEL32 ref: 004085F7
Part of subcall function 00408598: FindCloseChangeNotification.KERNELBASE(?), ref: 0040860D

GetStdHandle.KERNEL32(000000F5,?,?), ref: 0043866C
GetConsoleScreenBufferInfo.KERNELBASE(00000000), ref: 00438673
_CxxThrowException.MSVCRT(?,0049D6E8), ref: 00438723
_CxxThrowException.MSVCRT(?,0049D6E8), ref: 00438764

Part of subcall function 0043A24E: fputs.MSVCRT ref: 0043A267
Part of subcall function 0043A24E: fputs.MSVCRT ref: 0043A277

Strings

P, xrefs: 0043865D
KSNFMGOPBELH, xrefs: 00438822
SeLockMemoryPrivilege, xrefs: 00438607
offset=, xrefs: 0043896C
Hashers:, xrefs: 00438B3F
Formats:, xrefs: 0043880E
Codecs:, xrefs: 00438A70
|| , xrefs: 004389A1

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionHandleProcessThrowTokenfputs$AddressAdjustBufferChangeCloseConsoleCurrentErrorFindInfoLastLookupModuleNotificationOpenPrivilegePrivilegesProcScreenValue
String ID: || $Codecs:$Formats:$Hashers:$KSNFMGOPBELH$P$SeLockMemoryPrivilege$offset=
API String ID: 4276129585-3707778523
Opcode ID: 40ebd91119750d7db18c430adee2d01fc94264f5a734cc1e3e57368fe8751bfc
Instruction ID: 6bfd514be1e3da82b4bc8392da89b9f0b96ebc0a124a33ff614055c7d965f8e2
Opcode Fuzzy Hash: 40ebd91119750d7db18c430adee2d01fc94264f5a734cc1e3e57368fe8751bfc
Instruction Fuzzy Hash: E5128E71D002089FCF15EFA5D985BADBBB1BF48304F2440AFE445A7292CB399A85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00436E2E, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 237
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 62%

			E00436E2E(struct _IO_FILE** __ecx, intOrPtr __edx) {
				short _t102;
				signed int _t107;
				signed int _t108;
				char* _t110;
				signed int _t114;
				signed int _t115;
				intOrPtr _t127;
				intOrPtr _t129;
				intOrPtr _t135;
				char* _t139;
				void* _t141;
				struct _IO_FILE** _t146;
				signed int _t158;
				void* _t198;
				void* _t199;
				void* _t203;
				signed int _t204;
				void* _t205;
				intOrPtr* _t206;
				void* _t207;
				intOrPtr* _t210;
				intOrPtr* _t211;
				short _t212;
				void* _t213;

				E0048C9C0(E00491124, _t213);
				 *(_t213 - 0x14) =  *(_t213 - 0x14) & 0x00000000;
				 *((intOrPtr*)(_t213 - 0x20)) = __edx;
				_t146 = __ecx;
				if( *((intOrPtr*)( *((intOrPtr*)(_t213 + 8)) + 4)) <= 0) {
					L29:
					_t102 = 0;
					L30:
					 *[fs:0x0] =  *((intOrPtr*)(_t213 - 0xc));
					return _t102;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t210 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t213 + 8)))) +  *(_t213 - 0x14) * 4));
					_t203 = _t210 + 0x10;
					fputs("--\n",  *_t146); // executed
					E00437167(_t146, "Path", _t213,  *((intOrPtr*)(_t210 + 0x70)));
					_t107 =  *(_t203 + 0xc);
					if(_t107 >= 0) {
						if(_t107 !=  *(_t210 + 0x94)) {
							__eflags = _t107;
							if(_t107 >= 0) {
								_t139 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t213 - 0x20)) + 8)) + _t107 * 4)) + 0xc));
							} else {
								_t139 = "#";
							}
							L00402C01(_t213 - 0x40, _t139);
							 *(_t213 - 4) =  *(_t213 - 4) & 0x00000000;
							_t141 = L004372C3(_t146, _t213 - 0x40, 1);
							_t23 = _t213 - 4;
							 *_t23 =  *(_t213 - 4) | 0xffffffff;
							__eflags =  *_t23;
							E00401CEB(_t141,  *((intOrPtr*)(_t213 - 0x40)));
						} else {
							fputs("Warning: The archive is open with offset",  *_t146);
							E00401EDC(_t146);
						}
					}
					_t108 =  *(_t210 + 0x94);
					if(_t108 >= 0) {
						_t110 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t213 - 0x20)) + 8)) + _t108 * 4)) + 0xc));
					} else {
						_t110 = "#";
					}
					E00437167(_t146, "Type", _t213, _t110);
					L0043731F(_t146, _t203);
					_t158 =  *(_t210 + 0xd4);
					_t114 =  *((intOrPtr*)(_t210 + 0xd0)) +  *((intOrPtr*)(_t210 + 0xa8));
					asm("adc ecx, [esi+0xac]");
					if((_t114 | _t158) != 0) {
						_push(_t158);
						_push(_t114);
						_t199 = 0x24;
						L00437145(_t146, _t199);
					}
					_t211 =  *_t210;
					_push(0);
					_push(0x2c);
					_t102 = E00437262(_t146, _t211); // executed
					if(_t102 != 0) {
						goto L30;
					}
					_t115 =  *(_t203 + 0x10);
					_t204 =  *(_t203 + 0x14);
					if((_t115 | _t204) != 0) {
						_push(_t204);
						_push(_t115);
						_t198 = 0x57;
						L004370E1(_t146, _t198);
					}
					_t102 =  *((intOrPtr*)( *_t211 + 0x2c))(_t211, _t213 - 0x24);
					_t205 = 0;
					if(_t102 != 0) {
						goto L30;
					} else {
						if( *((intOrPtr*)(_t213 - 0x24)) <= 0) {
							L21:
							_t206 =  *((intOrPtr*)(_t213 + 8));
							if( *(_t213 - 0x14) ==  *((intOrPtr*)(_t206 + 4)) - 1) {
								L28:
								 *(_t213 - 0x14) =  *(_t213 - 0x14) + 1;
								if( *(_t213 - 0x14) <  *((intOrPtr*)(_t206 + 4))) {
									continue;
								}
								goto L29;
							}
							fputs("----\n",  *_t146);
							_push(_t213 - 0x2c);
							_push(_t211);
							if( *((intOrPtr*)( *_t211 + 0x24))() != 0) {
								goto L28;
							}
							_t207 = 0;
							 *(_t213 - 0x18) =  *( *((intOrPtr*)( *_t206 + 4 +  *(_t213 - 0x14) * 4)) + 0x98);
							if( *((intOrPtr*)(_t213 - 0x2c)) <= 0) {
								L27:
								_t206 =  *((intOrPtr*)(_t213 + 8));
								goto L28;
							} else {
								goto L24;
							}
							while(1) {
								L24:
								 *(_t213 - 0x1c) =  *(_t213 - 0x1c) & 0x00000000;
								 *(_t213 - 4) = 2;
								_t127 =  *((intOrPtr*)( *_t211 + 0x28))(_t211, _t207, _t213 - 0x1c, _t213 - 0x28, _t213 - 0x10);
								if(_t127 != 0) {
									break;
								}
								 *((short*)(_t213 - 0x50)) = 0;
								 *((short*)(_t213 - 0x4e)) = 0;
								 *((intOrPtr*)(_t213 - 0x48)) = 0;
								 *(_t213 - 4) = 3;
								_t129 =  *((intOrPtr*)( *_t211 + 0x18))(_t211,  *(_t213 - 0x18),  *((intOrPtr*)(_t213 - 0x28)), _t213 - 0x50);
								_t234 = _t129;
								 *((intOrPtr*)(_t213 - 0x34)) = _t129;
								if(_t129 != 0) {
									E004088AF(_t213 - 0x50);
									_t212 =  *((intOrPtr*)(_t213 - 0x34));
									L34:
									_push( *(_t213 - 0x1c));
									L35:
									__imp__#6();
									_t102 = _t212;
									goto L30;
								}
								L00437199(_t146,  *((intOrPtr*)(_t213 - 0x28)), _t234);
								E004088AF(_t213 - 0x50);
								 *(_t213 - 4) =  *(_t213 - 4) | 0xffffffff;
								__imp__#6( *(_t213 - 0x1c),  *(_t213 - 0x1c), _t213 - 0x50);
								_t207 = _t207 + 1;
								if(_t207 <  *((intOrPtr*)(_t213 - 0x2c))) {
									continue;
								}
								goto L27;
							}
							_t212 = _t127;
							goto L34;
						} else {
							goto L18;
						}
						while(1) {
							L18:
							 *(_t213 - 0x18) =  *(_t213 - 0x18) & 0x00000000;
							 *(_t213 - 4) = 1;
							_t135 =  *((intOrPtr*)( *_t211 + 0x30))(_t211, _t205, _t213 - 0x18, _t213 - 0x30, _t213 - 0xe);
							if(_t135 != 0) {
								break;
							}
							_push( *(_t213 - 0x18));
							_push( *((intOrPtr*)(_t213 - 0x30)));
							_t135 = E00437262(_t146, _t211);
							if(_t135 != 0) {
								break;
							}
							 *(_t213 - 4) =  *(_t213 - 4) | 0xffffffff;
							__imp__#6( *(_t213 - 0x18));
							_t205 = _t205 + 1;
							if(_t205 <  *((intOrPtr*)(_t213 - 0x24))) {
								continue;
							}
							goto L21;
						}
						_push( *(_t213 - 0x18));
						_t212 = _t135;
						goto L35;
					}
				}
				goto L30;
			}

0x00436e33
0x00436e3e
0x00436e49
0x00436e4c
0x00436e4e
0x004370ab
0x004370ab
0x004370ad
0x004370b3
0x004370bb
0x00000000
0x00000000
0x00000000
0x00436e54
0x00436e54
0x00436e63
0x00436e66
0x00436e69
0x00436e7b
0x00436e80
0x00436e85
0x00436e8d
0x00436ea7
0x00436ea9
0x00436ebb
0x00436eab
0x00436eab
0x00436eab
0x00436ec2
0x00436ec7
0x00436ed2
0x00436ed7
0x00436ed7
0x00436ed7
0x00436ede
0x00436e8f
0x00436e96
0x00436ea0
0x00436ea0
0x00436e8d
0x00436ee4
0x00436eec
0x00436efe
0x00436eee
0x00436eee
0x00436eee
0x00436f09
0x00436f12
0x00436f1d
0x00436f23
0x00436f29
0x00436f33
0x00436f35
0x00436f36
0x00436f3b
0x00436f3c
0x00436f3c
0x00436f41
0x00436f43
0x00436f45
0x00436f4b
0x00436f52
0x00000000
0x00000000
0x00436f58
0x00436f5b
0x00436f62
0x00436f64
0x00436f65
0x00436f6a
0x00436f6b
0x00436f6b
0x00436f77
0x00436f7a
0x00436f7e
0x00000000
0x00436f84
0x00436f87
0x00436fd9
0x00436fd9
0x00436fe3
0x0043709c
0x0043709c
0x004370a5
0x00000000
0x00000000
0x00000000
0x004370a5
0x00436ff0
0x00436ffd
0x00436ffe
0x00437004
0x00000000
0x00000000
0x0043700f
0x0043701e
0x00437021
0x00437099
0x00437099
0x00000000
0x00000000
0x00000000
0x00000000
0x00437023
0x00437023
0x00437023
0x00437037
0x0043703e
0x00437045
0x00000000
0x00000000
0x00437047
0x0043704b
0x0043704f
0x00437058
0x00437063
0x00437066
0x00437068
0x0043706b
0x004370cc
0x004370d1
0x004370d4
0x004370d4
0x004370d7
0x004370d7
0x004370dd
0x00000000
0x004370dd
0x00437079
0x00437081
0x00437086
0x0043708d
0x00437093
0x00437097
0x00000000
0x00000000
0x00000000
0x00437097
0x004370c5
0x00000000
0x00000000
0x00000000
0x00000000
0x00436f89
0x00436f89
0x00436f89
0x00436f9d
0x00436fa4
0x00436fa9
0x00000000
0x00000000
0x00436faf
0x00436fb6
0x00436fb9
0x00436fc0
0x00000000
0x00000000
0x00436fc9
0x00436fcd
0x00436fd3
0x00436fd7
0x00000000
0x00000000
0x00000000
0x00436fd7
0x004370be
0x004370c1
0x00000000
0x004370c1
0x00436f7e
0x00000000

APIs

__EH_prolog.LIBCMT ref: 00436E33
fputs.MSVCRT ref: 00436E69

Part of subcall function 00437167: fputs.MSVCRT ref: 00437174
Part of subcall function 00437167: fputs.MSVCRT ref: 0043717D

fputs.MSVCRT ref: 00436E96

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

SysFreeString.OLEAUT32(00000000), ref: 00436FCD
fputs.MSVCRT ref: 00436FF0
SysFreeString.OLEAUT32(00000000), ref: 0043708D
SysFreeString.OLEAUT32(00000000), ref: 004370D7

Strings

Path, xrefs: 00436E70
Type, xrefs: 00436F02
Warning: The archive is open with offset, xrefs: 00436E91
----, xrefs: 00436FEB
--, xrefs: 00436E5E

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$FreeString$H_prologfputc
String ID: --$----$Path$Type$Warning: The archive is open with offset
API String ID: 2864581833-3797937567
Opcode ID: 7bd07660a0a5daca60fb9c6c4b37e3071a340b433bf114cc7f2ddee2efab283e
Instruction ID: 7816af233bc244e0d6866c3cd2b943b340acb5e8e39ca8387eaa8a07c538f2d9
Opcode Fuzzy Hash: 7bd07660a0a5daca60fb9c6c4b37e3071a340b433bf114cc7f2ddee2efab283e
Instruction Fuzzy Hash: 7D91A271A04205EFDF24DFA4C985AAEB7B5FF48314F20502EE456A7391CB34AD05CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004353E3, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 250
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 004353E8
fputs.MSVCRT ref: 004354E3

Part of subcall function 0043B336: fputs.MSVCRT ref: 0043B39F

fputs.MSVCRT ref: 004355C6
fputs.MSVCRT ref: 004356DE
fputs.MSVCRT ref: 00435725

Part of subcall function 00401ECD: fflush.MSVCRT ref: 00401ECF

Part of subcall function 0040518E: __EH_prolog.LIBCMT ref: 00405193

Part of subcall function 00401EEF: __EH_prolog.LIBCMT ref: 00401EF4
Part of subcall function 00401EEF: fputs.MSVCRT ref: 00401F67

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Strings

ERRORS:, xrefs: 004354A4, 004354DE
WARNINGS:, xrefs: 00435587, 004355C1
Can't allocate required memory, xrefs: 00435720

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$H_prolog$fflushfree
String ID: Can't allocate required memory$ERRORS:$WARNINGS:
API String ID: 1750297421-1898165966
Opcode ID: ce2324287b30688d12f3180ad291eebe12f7047f8d37fe507303af18fcd7ee08
Instruction ID: f1d61b6cbd49da2edc22f3200375f80bd0ffacb2d520f35b3a384aba1561c1fc
Opcode Fuzzy Hash: ce2324287b30688d12f3180ad291eebe12f7047f8d37fe507303af18fcd7ee08
Instruction Fuzzy Hash: EAA16034601B01DFEB25EF65C891BAEB7E2BF48304F14552FD85A572A1CB39AC44CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004357DB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 004357E0
EnterCriticalSection.KERNEL32(004AA8B0), ref: 004357F6
fputs.MSVCRT ref: 00435880
LeaveCriticalSection.KERNEL32(004AA8B0), ref: 004359B6

Part of subcall function 0043B336: fputs.MSVCRT ref: 0043B39F

fputs.MSVCRT ref: 004358C6

Part of subcall function 0040205A: fputs.MSVCRT ref: 00402077

fputs.MSVCRT ref: 0043594B
fputs.MSVCRT ref: 00435968

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

Strings

Sub items Errors: , xrefs: 004358C1

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$CriticalSection$EnterH_prologLeavefputc
String ID: Sub items Errors:
API String ID: 2670240366-2637271492
Opcode ID: de1dc7fef8ad3798c8258e5b506900a4fe7109fd07133c93b2629510b6693836
Instruction ID: 11bf272510c01e2d6ceb2a9efba6d38acd2f06edbed5be733bdb20e6a2c38993
Opcode Fuzzy Hash: de1dc7fef8ad3798c8258e5b506900a4fe7109fd07133c93b2629510b6693836
Instruction Fuzzy Hash: C0518C31500A00CFEB29AF65C880AAEB7F1FF58324F24583FE55A57261DB396845CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004063EA, Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 350
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 004063EF
SetLastError.KERNEL32(00000002,?,00000000,00000000,:$DATA,00000001,00000000,?,?,00000001), ref: 004065EE

Part of subcall function 004084D7: GetModuleHandleW.KERNEL32(kernel32.dll,GetDiskFreeSpaceExW,73B71190,000000FF,00000000,?,?,?,?,?,?,?,?,?,00406E71,00000001), ref: 004084F3
Part of subcall function 004084D7: GetProcAddress.KERNEL32(00000000), ref: 004084FA
Part of subcall function 004084D7: GetDiskFreeSpaceW.KERNEL32(00000001,00406E71,?,?,?,?,?,?,?,?,?,?,?,?,00406E71,00000001), ref: 0040854A

Strings

:$DATA, xrefs: 00406507, 00406519
:, xrefs: 00406451
\, xrefs: 00406457

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: AddressDiskErrorFreeH_prologHandleLastModuleProcSpace
String ID: :$:$DATA$\
API String ID: 3991446108-1004618218
Opcode ID: 49a3561e8a0c92d993baaec13889c34b39f0f5f43a717814d76ce8d138b0cb2d
Instruction ID: 61a986d211b0a69d730ac346fc5e07879574b6db73e29f96dfdd4ed3430c3733
Opcode Fuzzy Hash: 49a3561e8a0c92d993baaec13889c34b39f0f5f43a717814d76ce8d138b0cb2d
Instruction Fuzzy Hash: D0D1DE309002099ADF10EFA4C995AEEB7B1AF14318F10453FE847772E1DB7DAA65CB19

Uniqueness

Uniqueness Score: -1.00%

Function 0048CDCE, Relevance: 10.6, APIs: 7, Instructions: 57
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__set_app_type.MSVCRT ref: 0048CDFA
__p__fmode.MSVCRT ref: 0048CE0F
__p__commode.MSVCRT ref: 0048CE1D
_initterm.MSVCRT ref: 0048CE60
__getmainargs.MSVCRT ref: 0048CE83
_initterm.MSVCRT ref: 0048CE93
__p___initenv.MSVCRT ref: 0048CE98

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: _initterm$__getmainargs__p___initenv__p__commode__p__fmode__set_app_type
String ID:
API String ID: 4012487245-0
Opcode ID: c7f7087621d707deab8b8ed4acedaa66ab255c3cce3da939867b09f605f12b2a
Instruction ID: cfdffda7ec4ee6b80958b9ca34113c1eac6db7adfd0847d5713d4829060e5a78
Opcode Fuzzy Hash: c7f7087621d707deab8b8ed4acedaa66ab255c3cce3da939867b09f605f12b2a
Instruction Fuzzy Hash: F0213E71905608EFCB15AFA4DC86F9E7F78FB0A724F20426AF511A22A0C7785840CB6D

Uniqueness

Uniqueness Score: -1.00%

Function 0048CE45, Relevance: 10.5, APIs: 7, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__setusermatherr.MSVCRT ref: 0048CE4A

Part of subcall function 0048CEFC: _controlfp.MSVCRT ref: 0048CF06

_initterm.MSVCRT ref: 0048CE60
__getmainargs.MSVCRT ref: 0048CE83
_initterm.MSVCRT ref: 0048CE93
__p___initenv.MSVCRT ref: 0048CE98
exit.KERNELBASE ref: 0048CEB8
_XcptFilter.MSVCRT ref: 0048CECA

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: _initterm$FilterXcpt__getmainargs__p___initenv__setusermatherr_controlfpexit
String ID:
API String ID: 279829931-0
Opcode ID: ad7e552194906c55bb1385c02a7223998e9256d55a335c36b7715b76400359bf
Instruction ID: 5291b207fa6ddb542ae4424adb4d22778152b30999bbc6ba7e49d10f4c95a20b
Opcode Fuzzy Hash: ad7e552194906c55bb1385c02a7223998e9256d55a335c36b7715b76400359bf
Instruction Fuzzy Hash: BF01ED72D04608EFDB05AFA4DC46DEE7B79FB59304B20446BF901B2261DB399410CB39

Uniqueness

Uniqueness Score: -1.00%

Function 00424B24, Relevance: 9.4, APIs: 4, Strings: 1, Instructions: 654
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00424B29
_CxxThrowException.MSVCRT(?,0049CE70), ref: 00424CA7
_CxxThrowException.MSVCRT(?,0049CE70), ref: 00425329
_CxxThrowException.MSVCRT(4rI,0049CE70), ref: 00424CBC

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Part of subcall function 00425556: __EH_prolog.LIBCMT ref: 0042555B

Strings

4rI, xrefs: 00424CAC, 00424CB4

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionThrow$H_prolog$free
String ID: 4rI
API String ID: 1223536468-3458889246
Opcode ID: bd1dd0e9bf958ef39c9b0e5fda8027d72aa33239a2eec7d2ed8502087660af7e
Instruction ID: 774e082f8fdaea0c07894dfd878cb7a1143b9455aa7d26676963ec7bbf7dd014
Opcode Fuzzy Hash: bd1dd0e9bf958ef39c9b0e5fda8027d72aa33239a2eec7d2ed8502087660af7e
Instruction Fuzzy Hash: 5A624870E04268DFCB25DFA8D984ADDBBF1BF58304F54409AE849A7252C7789E81CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00434BD9, Relevance: 9.1, APIs: 6, Instructions: 137
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00434BDE
EnterCriticalSection.KERNEL32(004AA8B0), ref: 00434BF0
fputs.MSVCRT ref: 00434C90
fputs.MSVCRT ref: 00434CD9
fputs.MSVCRT ref: 00434CF3
LeaveCriticalSection.KERNEL32(004AA8B0,?), ref: 00434D7A

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$CriticalSection$EnterH_prologLeave
String ID:
API String ID: 1850570545-0
Opcode ID: 48312e269448301b22debc8fcf54e0a8eea3f376085ba8683583c70d482ec6f8
Instruction ID: f5db1c84e826f1ebb79f99b7ca3c9c06687e66c418b3f828239fbf840b03fb1e
Opcode Fuzzy Hash: 48312e269448301b22debc8fcf54e0a8eea3f376085ba8683583c70d482ec6f8
Instruction Fuzzy Hash: 7951BB316007059FDB25EF64C984BEAB7A1FF89304F10943FE81A972A1CB78B944CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00418134, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 208
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00418139

Part of subcall function 0042359E: __EH_prolog.LIBCMT ref: 004235A3

Part of subcall function 00423845: __EH_prolog.LIBCMT ref: 0042384A

_CxxThrowException.MSVCRT(?,0049F5D8), ref: 00418233

Part of subcall function 0041836F: __EH_prolog.LIBCMT ref: 00418374

Strings

Duplicate archive path:, xrefs: 00418357

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$ExceptionThrow
String ID: Duplicate archive path:
API String ID: 2366012087-4000988232
Opcode ID: 3b0f7f2b9018fdcc776492b38d7c79fd5d3881a25acd342e093285934a651672
Instruction ID: 0d78ed409f8ec20e0a2c6ef4c997e400c3b118e5692b2c7afae3dcb6a5a0f0d9
Opcode Fuzzy Hash: 3b0f7f2b9018fdcc776492b38d7c79fd5d3881a25acd342e093285934a651672
Instruction Fuzzy Hash: 61815A31D00158DFCB15EFA5D991ADDBBB4BF19314F2040AEE416B72A1CB38AE45CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0040528E, Relevance: 7.6, APIs: 5, Instructions: 72
filetimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00405293
CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 004052D2
CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,00000000), ref: 00405312
SetFileTime.KERNELBASE(000000FF,?,?,?), ref: 00405334
CloseHandle.KERNEL32(000000FF), ref: 00405342

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: File$Create$CloseH_prologHandleTime
String ID:
API String ID: 213185242-0
Opcode ID: 280ef18589c88e8af2011dccb59ce7a7c961be79a79944944fa5dd3db93ca6b5
Instruction ID: 1477d4dfc1a581aba0ebc67517b53e98048d72bd1ad098717ec1c9e6668d9d32
Opcode Fuzzy Hash: 280ef18589c88e8af2011dccb59ce7a7c961be79a79944944fa5dd3db93ca6b5
Instruction Fuzzy Hash: D4216D31D4060AABDF21AFA4DC46BEFBB75EF04324F10452AE520762E1C3B85A45DF94

Uniqueness

Uniqueness Score: -1.00%

Function 0041A3EC, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 102COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041A3F1

Part of subcall function 0041A56B: __EH_prolog.LIBCMT ref: 0041A570

Part of subcall function 00401CC4: malloc.MSVCRT ref: 00401CCA
Part of subcall function 00401CC4: _CxxThrowException.MSVCRT(?,0049CC28), ref: 00401CE4

Strings

iI, xrefs: 0041A51A
0iI, xrefs: 0041A513
@iI, xrefs: 0041A50C

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$ExceptionThrowmalloc
String ID: iI$0iI$@iI
API String ID: 3744649731-4184511994
Opcode ID: e4cabe8342168969b2c66a470f1e5f057ff3584596d777736e58e91ba3ed14d8
Instruction ID: fe8307dceaa2e51cde6a865c9a884327cacdcf2b6192c97f7184f05ed98de6e7
Opcode Fuzzy Hash: e4cabe8342168969b2c66a470f1e5f057ff3584596d777736e58e91ba3ed14d8
Instruction Fuzzy Hash: AB51D3B0805744CED721DF6AC1846CAFFF0BF19304F9588AEC49A97762D7B4A648CB25

Uniqueness

Uniqueness Score: -1.00%

Function 00437167, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 00437174
fputs.MSVCRT ref: 0043717D

Part of subcall function 00401EEF: __EH_prolog.LIBCMT ref: 00401EF4
Part of subcall function 00401EEF: fputs.MSVCRT ref: 00401F67

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

Strings

WARNING, xrefs: 00437173
= , xrefs: 00437178

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$H_prologfputc
String ID: = $WARNING
API String ID: 3294964263-1841062942
Opcode ID: 1476353963ae8042b6cc07447a033060e9395e366a89067dfebfb147ed9e4393
Instruction ID: 29df410f0bacc21e1bd528b74ef2b2b291dbb190fe0c957dfe22410c28643353
Opcode Fuzzy Hash: 1476353963ae8042b6cc07447a033060e9395e366a89067dfebfb147ed9e4393
Instruction Fuzzy Hash: 67D05E326001106BCB113BAADC06C6FBAAAEFD4720726483FF88453171D9764C50DBE4

Uniqueness

Uniqueness Score: -1.00%

Function 00405649, Relevance: 6.1, APIs: 4, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040564E
CreateDirectoryW.KERNELBASE(?,00000000,?,00000000,00000001), ref: 00405670
GetLastError.KERNEL32(?,00000000,?,00000000,00000001), ref: 0040567A
CreateDirectoryW.KERNEL32(?,00000000,00000000,?,00000000,00000001), ref: 004056B1

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CreateDirectory$ErrorH_prologLast
String ID:
API String ID: 1817354178-0
Opcode ID: e0055429d317201a3731a4bcda276760447423f1a47ab16cef4cf861a45fe602
Instruction ID: 82c79998644e37505175ba6b4c755a122c960f4fd1c1e9aba3a6db1b4dd325ae
Opcode Fuzzy Hash: e0055429d317201a3731a4bcda276760447423f1a47ab16cef4cf861a45fe602
Instruction Fuzzy Hash: 8301F932D0460497CB116F618886BBF7B79DF40354F60087BE905B32E1DB7E9C029AAD

Uniqueness

Uniqueness Score: -1.00%

Function 0042565D, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 359COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00425662
GetLastError.KERNEL32(?,0049530C,?,0000000D,00000000,00000000,?), ref: 004259B0

Strings

Can not create output directory: , xrefs: 004259C4

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ErrorH_prologLast
String ID: Can not create output directory:
API String ID: 1057991267-3123869724
Opcode ID: a6e0e68a974abdde772b25d888cbeec6266acb340269a4a85a831d3ad2f7934c
Instruction ID: c34292b876281b82d66e4e8e486c360cc146ebf06a6152df9161be441e8c3897
Opcode Fuzzy Hash: a6e0e68a974abdde772b25d888cbeec6266acb340269a4a85a831d3ad2f7934c
Instruction Fuzzy Hash: DBE1FF30E01159EFDF20EFA4D890AEEBBB4BF08304F5440AEE445A7291DB389E45CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0043B465, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 190COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0043B47A
fputs.MSVCRT ref: 0043B660

Strings

. , xrefs: 0043B5F3

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CountTickfputs
String ID: .
API String ID: 290905099-4150638102
Opcode ID: 286385e66ba1f723a97ba3fc0ab168f2f4c41d2dac707460611d51dbfb9ec0e0
Instruction ID: a1e418ff20f2890356456143fad01ee5aa11f7f884203a171e5a1fdf7223f57c
Opcode Fuzzy Hash: 286385e66ba1f723a97ba3fc0ab168f2f4c41d2dac707460611d51dbfb9ec0e0
Instruction Fuzzy Hash: 38714C30200B009BCB21EF25C595BABB3F5EF58304F54592EE58397A92DB78F944CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00406ACF, Relevance: 4.6, APIs: 3, Instructions: 64fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00406AD4

Part of subcall function 00406B81: FindCloseChangeNotification.KERNELBASE(00000000,?,00406AE4,000000FF,00000009,?,?,00000001), ref: 00406B8C

CreateFileW.KERNELBASE(?,?,00000009,00000000,000000FF,00000009,00000000,00000001,00000009,000000FF,00000009,?,?,00000001), ref: 00406B1A
CreateFileW.KERNEL32(00000001,?,00000001,00000000,000000FF,00000009,00000000,00000000,00000001,00000009,000000FF), ref: 00406B5B

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CreateFile$ChangeCloseFindH_prologNotification
String ID:
API String ID: 3273702577-0
Opcode ID: 2dd565284f07ae1b3bba8fe0beab26d131c8baa175fd451aba768bb3f9dbdbe1
Instruction ID: e5d490a41d2ab67eedfd133ba9847b9d34ea1663d3167fe3fa22563a2c2bc989
Opcode Fuzzy Hash: 2dd565284f07ae1b3bba8fe0beab26d131c8baa175fd451aba768bb3f9dbdbe1
Instruction Fuzzy Hash: 6C11817280021AEFCF11AFA4C8408AEBB7AFF04354B10893AF961661E1C779A961DB54

Uniqueness

Uniqueness Score: -1.00%

Function 0040535B, Relevance: 4.6, APIs: 3, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00405360
SetFileAttributesW.KERNELBASE(?,?), ref: 00405386
SetFileAttributesW.KERNEL32(?,?,00000000), ref: 004053BB

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: AttributesFile$H_prolog
String ID:
API String ID: 3790360811-0
Opcode ID: 9eb800e6b83f2eca0747852d9daf58a48626cbf23c7ec4919e4cd037d798a4ac
Instruction ID: 5d6f74c65479616bc0c2d906d7ce6396b02edc4896967aee6dbb1149df0e3771
Opcode Fuzzy Hash: 9eb800e6b83f2eca0747852d9daf58a48626cbf23c7ec4919e4cd037d798a4ac
Instruction Fuzzy Hash: 2101F572D0461597CF15ABA1A9816BFB775EF40390F24443BEC11B32E1CBBD8D029B58

Uniqueness

Uniqueness Score: -1.00%

Function 00434923, Relevance: 4.5, APIs: 3, Instructions: 33COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00434928
EnterCriticalSection.KERNEL32(004AA8B0), ref: 00434939
LeaveCriticalSection.KERNEL32(004AA8B0), ref: 00434971

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CriticalSection$EnterH_prologLeave
String ID:
API String ID: 367238759-0
Opcode ID: c1b9e6fb809c6b544bafae4435d736716ef0bd39c27960b26a922ce3644ae5ef
Instruction ID: 623d0536458004edea1bd63723d0ba0236f9ff18d24feb563caaf83fcbd9e8ee
Opcode Fuzzy Hash: c1b9e6fb809c6b544bafae4435d736716ef0bd39c27960b26a922ce3644ae5ef
Instruction Fuzzy Hash: F8F08775A001009FD709EF26C404B9A77A4EF99315F0080BFE9029B361C778AA05CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 004348C3, Relevance: 4.5, APIs: 3, Instructions: 30COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004348C8
EnterCriticalSection.KERNEL32(004AA8B0), ref: 004348D9
LeaveCriticalSection.KERNEL32(004AA8B0), ref: 0043490B

Part of subcall function 0043B465: GetTickCount.KERNEL32 ref: 0043B47A

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CriticalSection$CountEnterH_prologLeaveTick
String ID:
API String ID: 2547919631-0
Opcode ID: 220f93243d97266d187f11cd917fc8dc20e12f14b267ea877314302de592a96f
Instruction ID: 38367fbca98f5c2470cc21c723d7ea1161511d78170d69068084e57e61b51bd2
Opcode Fuzzy Hash: 220f93243d97266d187f11cd917fc8dc20e12f14b267ea877314302de592a96f
Instruction Fuzzy Hash: 7EF044B6A002149FC709AF18C808F9E7BB4EF98305F0080BFE81697351C7B89904CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00402358, Relevance: 3.8, APIs: 3, Instructions: 66COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00402383

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

_CxxThrowException.MSVCRT(?,0049CCC0), ref: 004023AE
_CxxThrowException.MSVCRT(00000000,0049CCC0), ref: 004023D5

Part of subcall function 00401CC4: malloc.MSVCRT ref: 00401CCA
Part of subcall function 00401CC4: _CxxThrowException.MSVCRT(?,0049CC28), ref: 00401CE4

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionThrow$freemallocmemcpy
String ID:
API String ID: 411175166-0
Opcode ID: 2ea3ec2a205eaad67d8ddcf1f1dda3d06c31711bc8fbafcd2f759fb1140a5cac
Instruction ID: 826825271a58ebf419a0cca69afbba405f8b723a75ebd179be51b9cfeb74c749
Opcode Fuzzy Hash: 2ea3ec2a205eaad67d8ddcf1f1dda3d06c31711bc8fbafcd2f759fb1140a5cac
Instruction Fuzzy Hash: C9119476104205ABDB10EF56D9C1E8ABBEDEB84354B60883FF548D7251C679E84487BC

Uniqueness

Uniqueness Score: -1.00%

Function 00438BD7, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 00438C14

Strings

Decoding ERROR, xrefs: 00438C0F

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs
String ID: Decoding ERROR
API String ID: 1795875747-2585761706
Opcode ID: d7b2fea5642648f8239dfefbca40dc635d41979a728fe5b7dbeb196b86aabc7d
Instruction ID: 971f1890f5a5084a1cd3976e2925cbf3f31bd6a727c9a897f13b9778b3291a9e
Opcode Fuzzy Hash: d7b2fea5642648f8239dfefbca40dc635d41979a728fe5b7dbeb196b86aabc7d
Instruction Fuzzy Hash: 7F215E30904248DFCF19EB94D8857DCBBB0BB59308F1451AEE005A72A1CB785E85CB19

Uniqueness

Uniqueness Score: -1.00%

Function 0043B336, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 0043B39F

Part of subcall function 004023B3: _CxxThrowException.MSVCRT(00000000,0049CCC0), ref: 004023D5

Strings

, xrefs: 0043B36E

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionThrowfputs
String ID:
API String ID: 1334390793-399585960
Opcode ID: 59e867df996ac9f90176cc6baab81dea4db46207279040e0daed955ec7380c3e
Instruction ID: 57d7d8ef138d56da1e7a219d99ce2e5eac85c804e3160883f670b51c8e4d4af0
Opcode Fuzzy Hash: 59e867df996ac9f90176cc6baab81dea4db46207279040e0daed955ec7380c3e
Instruction Fuzzy Hash: 2F11BF716047509FDB15CF59C881B6AFBE6FF59304F14446EE6868B290C7B9B804CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0043511E, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 0043518C

Strings

Open, xrefs: 004351AE

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs
String ID: Open
API String ID: 1795875747-71445658
Opcode ID: b915600d332be2f16507fa22034fefa5afd862f442abe555627f56234faf81cd
Instruction ID: 7648d6852cc5694af0dd94e07168426067013f69df026d3ef284609a2df81f5f
Opcode Fuzzy Hash: b915600d332be2f16507fa22034fefa5afd862f442abe555627f56234faf81cd
Instruction Fuzzy Hash: 6811E1316007049FCB25EF79C885ADBBBE5BF58310F14843FE45A83252EB39A800CB48

Uniqueness

Uniqueness Score: -1.00%

Function 0041C82D, Relevance: 3.2, APIs: 2, Instructions: 215COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041C832

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 7e01ff29d52efc6d37ee9a452644eba8610ae8e83591e5d1bbf440a7e5e7613d
Instruction ID: 0e4ca4d6c494feabacc7da9743725c17af1edff1d470cf99c002a705efefe42c
Opcode Fuzzy Hash: 7e01ff29d52efc6d37ee9a452644eba8610ae8e83591e5d1bbf440a7e5e7613d
Instruction Fuzzy Hash: 92916BB0544B859FE736CB34C884BE7BBE1AF45304F08886ED4AA47292D778B9C4CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00426FD7, Relevance: 3.1, APIs: 2, Instructions: 111COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00426FDC
memcpy.MSVCRT ref: 004270ED

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prologmemcpy
String ID:
API String ID: 2991061955-0
Opcode ID: 6abea20f27dc47a1cb99af03fd8202ac7a0720a5dc1982878901388d3a58acf1
Instruction ID: 19a8fbfe16188b2cfda89ff4d6a3376f749990ef806073dfbf32fd02e223174a
Opcode Fuzzy Hash: 6abea20f27dc47a1cb99af03fd8202ac7a0720a5dc1982878901388d3a58acf1
Instruction Fuzzy Hash: 8741A270904219CBCB20EFA5D941AEEB7F4FF05308F10046EE456B3291DB78AE09CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0042C6D9, Relevance: 3.1, APIs: 2, Instructions: 106COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042C6DE
GetLastError.KERNEL32(?,?,00000000), ref: 0042C77D

Part of subcall function 00401CC4: malloc.MSVCRT ref: 00401CCA
Part of subcall function 00401CC4: _CxxThrowException.MSVCRT(?,0049CC28), ref: 00401CE4

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ErrorExceptionH_prologLastThrowmalloc
String ID:
API String ID: 3967182680-0
Opcode ID: bf5d295e63f11e6c8631015101f38123a0c962519b52ed7942933f40de6779bf
Instruction ID: 0560e2d04ada70739c749acaefca6d83ee8c94a3da233f6c289c6abec35f0eb2
Opcode Fuzzy Hash: bf5d295e63f11e6c8631015101f38123a0c962519b52ed7942933f40de6779bf
Instruction Fuzzy Hash: 6F419C71A00256DFCB10DFA8D9C4AAEBBA4BF84314F24446EE406E7382CB789D05CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00406C08, Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(000000FF,?,00000000,?,000000FF,?,000000FF,?,00406C98,?,?,00000000,?,00406CD3,?,?), ref: 00406C46
GetLastError.KERNEL32(?,00406C98,?,?,00000000,?,00406CD3,?,?,?,?,00000000), ref: 00406C53

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: b6e8224cb06d5915a355eff46e34978785bf2c0c23b61623c7de367485b4b387
Instruction ID: fd6c6af089cfa48357aaa11becdc34dc5c24487fb7321aaaac375bb04d807d0a
Opcode Fuzzy Hash: b6e8224cb06d5915a355eff46e34978785bf2c0c23b61623c7de367485b4b387
Instruction Fuzzy Hash: 6611E170A04208AFDB00DF28D88089B7BE5EF05314B25C47AF8559B392D636CD22EBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0042D215, Relevance: 3.0, APIs: 2, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042D21A

Part of subcall function 004063EA: __EH_prolog.LIBCMT ref: 004063EF

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

_CxxThrowException.MSVCRT(?,0049CCC0), ref: 0042D279

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$ExceptionThrowfree
String ID:
API String ID: 1371406966-0
Opcode ID: d6f2ff9526c309e85c5d8563c58c4d6c09326befa5d9f9411d2e67cc702f829b
Instruction ID: f786ff7352bcc69232fdc02f68630e04cacf88df909b0f182a11ee352076990d
Opcode Fuzzy Hash: d6f2ff9526c309e85c5d8563c58c4d6c09326befa5d9f9411d2e67cc702f829b
Instruction Fuzzy Hash: 730125719002049ACB20EF21D481ADEBBF0FF44314F10451EE886632A0CB789509CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00401EEF, Relevance: 3.0, APIs: 2, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00401EF4
fputs.MSVCRT ref: 00401F67

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prologfputs
String ID:
API String ID: 1798449854-0
Opcode ID: e3d61d4f7fcaeba7cbf61b51417c50ee029ace18b9af65063cf912ff1f57f2f0
Instruction ID: a1408410059e1f7786c2ac42ef6fc5e493bb5dbfa5a32920a4de69920351b09a
Opcode Fuzzy Hash: e3d61d4f7fcaeba7cbf61b51417c50ee029ace18b9af65063cf912ff1f57f2f0
Instruction Fuzzy Hash: D1117032C040099ADF05FB94DA86AEDFB75AF54314F10407AE901721E1D7BA1F55DBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0043483B, Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00434840
fputs.MSVCRT ref: 00434870

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prologfputcfputsfree
String ID:
API String ID: 195749403-0
Opcode ID: 1362848e525d9832d41b401ca00382940b5a372477f96f2478dd5dc800e62c59
Instruction ID: b696724186fcb4e98232ef688b5904de40c3bf51b0d6b94658a726e48b9e3118
Opcode Fuzzy Hash: 1362848e525d9832d41b401ca00382940b5a372477f96f2478dd5dc800e62c59
Instruction Fuzzy Hash: 94F034328045149BCB19BB94E9067EEBBB4EF08718F10842FE506625E1CB78A995CB8C

Uniqueness

Uniqueness Score: -1.00%

Function 0043A24E, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 0043A267
fputs.MSVCRT ref: 0043A277

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs
String ID:
API String ID: 1795875747-0
Opcode ID: a8051a206f9dfac6b324cf6a3fa1f1fca4ea8a8e139a1a616c13df5c35906f40
Instruction ID: 191db4a2a88e74373dc1e50919ef7664220f0a85d81585edef00fd4fd1e5f5b0
Opcode Fuzzy Hash: a8051a206f9dfac6b324cf6a3fa1f1fca4ea8a8e139a1a616c13df5c35906f40
Instruction Fuzzy Hash: E0D0C23B2421205E8F152B18FC5185237A5EB9E231339003FE580933704A631C245BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00408D2D, Relevance: 3.0, APIs: 2, Instructions: 7COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,00408D4E), ref: 00408D32
GetProcessAffinityMask.KERNEL32(00000000), ref: 00408D39

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: Process$AffinityCurrentMask
String ID:
API String ID: 1231390398-0
Opcode ID: 066a5e6d4d560997ea9d3a48b8f1494566c8d25688b308d787dba24dd77df8da
Instruction ID: 1d8f65cff19b40d728c34d756133b940c36cab4396ec1ec51310471d2bca0dbc
Opcode Fuzzy Hash: 066a5e6d4d560997ea9d3a48b8f1494566c8d25688b308d787dba24dd77df8da
Instruction Fuzzy Hash: B9B012B1400500BFCE019BB0DD4DC163B6CEE143013204476B109C1020C636C045CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00409969, Relevance: 2.7, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00409B46
GetLastError.KERNEL32(?,00000000,?), ref: 00409BAD

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ErrorLastmemcpy
String ID:
API String ID: 2523627151-0
Opcode ID: 7c7190c3de52e23b3d6807256fa937098674807884197a27d23864692a6fd6a8
Instruction ID: cfae29a3f2f55b2c2e352cf7834f684704ea8c0c8de61ea9bc2d87822a7fa56c
Opcode Fuzzy Hash: 7c7190c3de52e23b3d6807256fa937098674807884197a27d23864692a6fd6a8
Instruction Fuzzy Hash: 8F8128716007059BDB24CE25C980AABB7F6BB44324B144A3ED886A7B86D738FC458B58

Uniqueness

Uniqueness Score: -1.00%

Function 004597E7, Relevance: 2.5, APIs: 2, Instructions: 27COMMON

Download Yara Rule

APIs

Part of subcall function 00458E58: memcpy.MSVCRT ref: 00458E8B

_CxxThrowException.MSVCRT(?,004A3758), ref: 0045980B
_CxxThrowException.MSVCRT(?,004A6C60), ref: 00459824

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionThrow$memcpy
String ID:
API String ID: 2368683791-0
Opcode ID: 318f545c22d40e51fd9cdaa86e5232e914f69071b5d71a03dcfa1fb4bcc1db48
Instruction ID: ff4411d45d710f8c400af5deffac0f098d94f483440c8b0c3608a6fa7c47ecae
Opcode Fuzzy Hash: 318f545c22d40e51fd9cdaa86e5232e914f69071b5d71a03dcfa1fb4bcc1db48
Instruction Fuzzy Hash: 2EE0307650115CBA8F00AF96C885CDF3B6C9E15751B04C417BD5C9B102DA38EA488BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00401CC4, Relevance: 2.5, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00401CCA
_CxxThrowException.MSVCRT(?,0049CC28), ref: 00401CE4

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionThrowmalloc
String ID:
API String ID: 2436765578-0
Opcode ID: 8783feab4d25ced8a8b3356d34fd9f7eee484bc0e148b0d4192ab56daa031138
Instruction ID: a15e5a55971a4a949fb8e4ab56fcf85082543b14f1c59e19750c278393ec13d4
Opcode Fuzzy Hash: 8783feab4d25ced8a8b3356d34fd9f7eee484bc0e148b0d4192ab56daa031138
Instruction Fuzzy Hash: 45D0A93200824CBACF017FE2A84A98E3F6CA9116A4B00A437F81C9E122DA35C3808728

Uniqueness

Uniqueness Score: -1.00%

Function 0042391C, Relevance: 2.1, APIs: 1, Instructions: 610COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00423921

Part of subcall function 004063EA: __EH_prolog.LIBCMT ref: 004063EF

Part of subcall function 0042438B: __EH_prolog.LIBCMT ref: 00424390

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$free
String ID:
API String ID: 2654054672-0
Opcode ID: d6c88a56cfed1b1209b26521d9128031ce2f753c4256cce10e16cdda30bc541e
Instruction ID: 68ad93d483c95907b86b92ec85bae0863db2d4c3197d7666faec5f508c89be20
Opcode Fuzzy Hash: d6c88a56cfed1b1209b26521d9128031ce2f753c4256cce10e16cdda30bc541e
Instruction Fuzzy Hash: 8B428A31A001599FCF21EFA1D581AEEBBB1BF04304F5040AFE94577292DB39AE49CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00456DC1, Relevance: 2.0, APIs: 1, Instructions: 450COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00456DC6

Part of subcall function 0045741F: __EH_prolog.LIBCMT ref: 00457424

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: c5ccc7472ccc4813607cf709acd906a5a49fe39d1734e86ccb86c0613f024adb
Instruction ID: 9a04b4d49296e7ceefaa2a8b9d4006ddd4ec11d4e1c80c884686829091304668
Opcode Fuzzy Hash: c5ccc7472ccc4813607cf709acd906a5a49fe39d1734e86ccb86c0613f024adb
Instruction Fuzzy Hash: C912CD70D04259DFDB21DFA4D884BEEBBB4AF18305F1440AAEC45A7342CB789E49CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0045C351, Relevance: 1.8, APIs: 1, Instructions: 284COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0045C356

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: d23c9e3ffd7cef4692f95c5349c970f31ddd83936f7cb930f8f1991a19469237
Instruction ID: 3c417516d3f1205a0ac34c176823035f9799e19317ab9b1d82432857c19cdc89
Opcode Fuzzy Hash: d23c9e3ffd7cef4692f95c5349c970f31ddd83936f7cb930f8f1991a19469237
Instruction Fuzzy Hash: 7BC16D70600B459FDB30DF29C4D0AABBBE1BB45305F14891EE89A87742DB38B949CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0042865B, Relevance: 1.7, APIs: 1, Instructions: 243COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00428660

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: d2d96f0ed6cc1fee7890911d184e5aab04633d8b4aeccef1e87fc550b119600a
Instruction ID: 39b88ef95142896028196a97c5221b1dca582c8c1ad22f72930243650932321b
Opcode Fuzzy Hash: d2d96f0ed6cc1fee7890911d184e5aab04633d8b4aeccef1e87fc550b119600a
Instruction Fuzzy Hash: 2FA1C375A02255DFCF20EFA5D4808AEBBF1BF58300BA4446FE546A7351DB38AC41CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0045B23D, Relevance: 1.7, APIs: 1, Instructions: 232COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0045B242

Part of subcall function 0045ACF9: __EH_prolog.LIBCMT ref: 0045ACFE

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: fbee37eb0a0a6bfe1059bb871d59083f42c479be3a9011428825274af3b33a9b
Instruction ID: a44f8a122af06e332bca0c1bfb483626bf8714bb43e410aac7f7705ccd6d1934
Opcode Fuzzy Hash: fbee37eb0a0a6bfe1059bb871d59083f42c479be3a9011428825274af3b33a9b
Instruction Fuzzy Hash: 9C916271A006469FCF30CFA5C884AAFB7B5FB46315F10452FE8A697282C7386849CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0045A73F, Relevance: 1.7, APIs: 1, Instructions: 164COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0045A744

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 82a3191218a71c05dc71272de81592144d6f6a5b523e5f0fc27ccd7f1d8dae52
Instruction ID: 8b4bcdb362000993857c6b8d152ca6d847e63d2aea1cc6c182a1af8c1986c910
Opcode Fuzzy Hash: 82a3191218a71c05dc71272de81592144d6f6a5b523e5f0fc27ccd7f1d8dae52
Instruction Fuzzy Hash: 3461D17090020A9FDB20DF24C584BAEB7F1BF54306F148A5EE85197242D738ED6ECB5A

Uniqueness

Uniqueness Score: -1.00%

Function 004599AE, Relevance: 1.6, APIs: 1, Instructions: 128COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004599B3

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 9442ee567999a686b67bfa427c38ef8ecd6ee2242d635c22705ffc8a8dd78981
Instruction ID: 379b3a3b78092eedd0a21633fea9c71c46861247349a337b5aa0feb7cb36abb5
Opcode Fuzzy Hash: 9442ee567999a686b67bfa427c38ef8ecd6ee2242d635c22705ffc8a8dd78981
Instruction Fuzzy Hash: 5841D031A00244DFCF15DF69C4442AD7BE6AF8631AF14806EEC595B293C7798D88CB75

Uniqueness

Uniqueness Score: -1.00%

Function 0041CCAC, Relevance: 1.6, APIs: 1, Instructions: 126COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041CCB1

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 024cb526c9c959e487b9b778dde770436383cf67d1478325bdb0c81167a7c61e
Instruction ID: 22a68e254aca6084d712370ce4bbaf158831245823954855cb13454a4fcf5508
Opcode Fuzzy Hash: 024cb526c9c959e487b9b778dde770436383cf67d1478325bdb0c81167a7c61e
Instruction Fuzzy Hash: A9416075E41204AFDB24DBA9D9C0EEEBBF9EF44304F10046BE405A3291DB349D84CB19

Uniqueness

Uniqueness Score: -1.00%

Function 00459CA4, Relevance: 1.6, APIs: 1, Instructions: 122COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00459CA9

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: a5040fbca6876e8fd5e8f5201537da81aa6ba4e7fa0e11576d5b6a7e6776569e
Instruction ID: c5bf2b115e934c21942195c94321ec3a16b60e27e7451b1961b28e6261d39290
Opcode Fuzzy Hash: a5040fbca6876e8fd5e8f5201537da81aa6ba4e7fa0e11576d5b6a7e6776569e
Instruction Fuzzy Hash: ED518B70900645DFCB21DF69C4916AEBBB0BF15306F1448AFD84A97742D738AD4CCB99

Uniqueness

Uniqueness Score: -1.00%

Function 0041A6AD, Relevance: 1.6, APIs: 1, Instructions: 119COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041A6B2

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prologfree
String ID:
API String ID: 1978129608-0
Opcode ID: d7953c0892fa67ade786ec124faa1e1e5f7b9e50c3c0bb686c06fcd10974a9d6
Instruction ID: a38fae67d8d2cc16e6213e0e7b74aea86b868434d15e4cb392312fc6a6dd0feb
Opcode Fuzzy Hash: d7953c0892fa67ade786ec124faa1e1e5f7b9e50c3c0bb686c06fcd10974a9d6
Instruction Fuzzy Hash: 43419A34505344DFEB11EBA4C558BDABBF4AF09304F14489EE88697392CB78EE45CB25

Uniqueness

Uniqueness Score: -1.00%

Function 00439A18, Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00439A1D

Part of subcall function 004399A8: __EH_prolog.LIBCMT ref: 004399AD

Part of subcall function 00439B5B: __EH_prolog.LIBCMT ref: 00439B60

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 84cc8ebc99ff196b2eebfac26c19de7a88fc3167ad6b26b413df97b4dc30e8e5
Instruction ID: b66952a37babb8fd39ad568bdbb9a856407a69096687b81f1c9d67746d0aba45
Opcode Fuzzy Hash: 84cc8ebc99ff196b2eebfac26c19de7a88fc3167ad6b26b413df97b4dc30e8e5
Instruction Fuzzy Hash: 71412971445784CEC312DF6AC194ADAFFE0BF25304F45C8AEC09A97762D774A608CB26

Uniqueness

Uniqueness Score: -1.00%

Function 00423845, Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042384A

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: df61ebdbd680bb9c1d3e0809a896fd215cffb8897b6f5793ed01daa12b8d8efa
Instruction ID: da528fca979f165a6e42b64ae45d31ca327c9fabeec1946c012d56ff93b5d18e
Opcode Fuzzy Hash: df61ebdbd680bb9c1d3e0809a896fd215cffb8897b6f5793ed01daa12b8d8efa
Instruction Fuzzy Hash: B0316BB0E00129EFCB14EF96E8808AEBBB5FF84365B50855EF4166B241C7389E41CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004575D1, Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004575D6

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 4fd1f493f485c52821e171d67189c34951601d296907ec2164b2f7e2761eabc6
Instruction ID: 45eea278c68448d737978cfa21c8af880206cef769fd0c38e41fe2e8af5f3780
Opcode Fuzzy Hash: 4fd1f493f485c52821e171d67189c34951601d296907ec2164b2f7e2761eabc6
Instruction Fuzzy Hash: 37219AB1A046019FD720DF5DD48095AFBF4EF94350F20892FE865A7391CBB4AD00CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00403BE8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00403BED

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: b04c1c22c607fec74016cf3b9b6b58c3dfa3ca9f4b02ac4babf87751ba7b4020
Instruction ID: d08e7c33eb59c0bf4bc9c88fb9d34c5dd1faa644d1bf89b126b4fcafc4b32e06
Opcode Fuzzy Hash: b04c1c22c607fec74016cf3b9b6b58c3dfa3ca9f4b02ac4babf87751ba7b4020
Instruction Fuzzy Hash: C5119D72D000159ACB15AFA9D8948EEB779EF84300B40417BE026B7295DA389A05CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00427614, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00427619

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 639d24105d0d97cd0f866c200cd9a7dd7d2601e5b6bb4823b046de6a8f180f9a
Instruction ID: 4172d189d976ee5560182bf5f912db21246f3b2c888f5e466d8ab92121630462
Opcode Fuzzy Hash: 639d24105d0d97cd0f866c200cd9a7dd7d2601e5b6bb4823b046de6a8f180f9a
Instruction Fuzzy Hash: 5E11DDB1B047119FC724DF6CD49076ABBF2EB89354B20842FE099D7381EA789D01C748

Uniqueness

Uniqueness Score: -1.00%

Function 0043A9FE, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043AA03

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Part of subcall function 00439CCA: __EH_prolog.LIBCMT ref: 00439CCF

Part of subcall function 0043AC84: __EH_prolog.LIBCMT ref: 0043AC89
Part of subcall function 0043AC84: ctype.LIBCPMT ref: 0043ACAD

Part of subcall function 0043ABB1: __EH_prolog.LIBCMT ref: 0043ABB6
Part of subcall function 0043ABB1: ctype.LIBCPMT ref: 0043ABDA

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$ctype$free
String ID:
API String ID: 4226447579-0
Opcode ID: ebb40ac599697515d7f05b53d2241becf6c523b9c203fc20f56d6bff5a5a6434
Instruction ID: 63592f7b3e53071141ce3e4aff4c226c07568097b9f25e8988a074c97818a527
Opcode Fuzzy Hash: ebb40ac599697515d7f05b53d2241becf6c523b9c203fc20f56d6bff5a5a6434
Instruction Fuzzy Hash: 4521DE30804640DADB15EBA5E6527EDFBF4BF14318F10489FF096232A2CB786F04C61A

Uniqueness

Uniqueness Score: -1.00%

Function 00428F9D, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00428F9D

Part of subcall function 0042902D: __EH_prolog.LIBCMT ref: 00429032

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 58aef6041ee96b5d87c51974d87816ca0cdef845de34710ab23170aa15683228
Instruction ID: 1be8c821cb5717b4ee06971806dbfa95b6479fbf11e46963d1e57b95548bf45e
Opcode Fuzzy Hash: 58aef6041ee96b5d87c51974d87816ca0cdef845de34710ab23170aa15683228
Instruction Fuzzy Hash: 8F114975700219AFDB14CF69D894BAAB3A9FF89314F54845EE911DB390CB3AEC01CB14

Uniqueness

Uniqueness Score: -1.00%

Function 0042359E, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004235A3

Part of subcall function 0041A004: __EH_prolog.LIBCMT ref: 0041A009
Part of subcall function 0041A004: GetCurrentProcess.KERNEL32(?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A01B
Part of subcall function 0041A004: OpenProcessToken.ADVAPI32(00000000,00000028,?,?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A032
Part of subcall function 0041A004: LookupPrivilegeValueW.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 0041A054
Part of subcall function 0041A004: AdjustTokenPrivileges.KERNELBASE(?,00000000,00000001,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A069
Part of subcall function 0041A004: GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A073

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prologProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
String ID:
API String ID: 1532160333-0
Opcode ID: 6bf2588c1673a421cd0ca9aebaa05939b7a0b07dc50cdbb5d4c599ac95260ed6
Instruction ID: 59fe61851bbbd3fcf5d2955f13a19f6a7c48df1eb778ff376259a640735a21e8
Opcode Fuzzy Hash: 6bf2588c1673a421cd0ca9aebaa05939b7a0b07dc50cdbb5d4c599ac95260ed6
Instruction Fuzzy Hash: 5D2146B1901B90CFC321CF6B81C168AFBF4BB19604B908A6FC19A83B12C375A548CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0041C794, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041C799

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 7bf1061296633b1689dab605e17baadb1b05acccce1c8dc16dbd940e4bd2758e
Instruction ID: c58a8109b7560a3bf73b1e7fc3ea94f6fb5b4c5eda8bcbc60afefcfbe32c72c1
Opcode Fuzzy Hash: 7bf1061296633b1689dab605e17baadb1b05acccce1c8dc16dbd940e4bd2758e
Instruction Fuzzy Hash: F111C275644244EFCB05DF68C8C0EEA7BA5FF49304F1981FAE4198F222C3BA9984CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0041AA85, Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041AA8A

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 2c8cca6afb950ec88d098dc9ef44a9a29902a8e47e07cb9414250159b9cbbf86
Instruction ID: 767012cd3ea96039b1ed0352216b16fd2351d8fa108ae677098a6b48d69f9de5
Opcode Fuzzy Hash: 2c8cca6afb950ec88d098dc9ef44a9a29902a8e47e07cb9414250159b9cbbf86
Instruction Fuzzy Hash: F7114675905244EFCB25DFA4C5409EABBF5FF08300F10496FE54A97210D335AEA0CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0045741F, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00457424

Part of subcall function 004577E4: __EH_prolog.LIBCMT ref: 004577E9
Part of subcall function 004577E4: ctype.LIBCPMT ref: 0045780D

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$ctype
String ID:
API String ID: 1039218491-0
Opcode ID: 9f318fc8b3ee2c77ce786a5eb00d4dad7b43e101a587031d61a7c793714ebeb9
Instruction ID: b4a432c179f73e863331bd83e9e1c5309c8a1c0d9cfd23eb240a099153df50cf
Opcode Fuzzy Hash: 9f318fc8b3ee2c77ce786a5eb00d4dad7b43e101a587031d61a7c793714ebeb9
Instruction Fuzzy Hash: D7114874A04344DFDB20CFA4D548B5ABBF8AF4A315F1445A9AC86D7382CB78EE05CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00417D8A, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00417D8F

Part of subcall function 004063EA: __EH_prolog.LIBCMT ref: 004063EF

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 8722fcadda67fd38b07798e5adbc8170b0e3278fb16e93e575e993180ab565a9
Instruction ID: 148dce68922e3036a0f653fa7409e14185086d439313e2c683416fac5ba03a43
Opcode Fuzzy Hash: 8722fcadda67fd38b07798e5adbc8170b0e3278fb16e93e575e993180ab565a9
Instruction Fuzzy Hash: 890180729041048BCF15BBA5D5566EEBBB5AF50318F0040AFE802732D2DBB89E49C6A8

Uniqueness

Uniqueness Score: -1.00%

Function 004274E0, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004274E5

Part of subcall function 0042755B: __EH_prolog.LIBCMT ref: 00427560

Part of subcall function 00427614: __EH_prolog.LIBCMT ref: 00427619

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: fafa669685efb9e7be1693316343efe47a0dc1c2991288df246b13fc9913e518
Instruction ID: 6dcc92e9cef70fde78ac8ad85d40b33cbf156e93cc32d351e4dcac43c011a81f
Opcode Fuzzy Hash: fafa669685efb9e7be1693316343efe47a0dc1c2991288df246b13fc9913e518
Instruction Fuzzy Hash: 561139B6500A419FC310DF69C044A8AFBF4BF18314B008A6EE49AC3B01D774F554CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004574A1, Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004574A6

Part of subcall function 00457521: __EH_prolog.LIBCMT ref: 00457526

Part of subcall function 00424AA5: memcpy.MSVCRT ref: 00424AC8

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$memcpy
String ID:
API String ID: 3687439025-0
Opcode ID: e1a2c376b8f7ade5155c8bf46bd28bb2e7cf037622a5560589060841d6752f21
Instruction ID: 695e13cfe0e4d413644d2e028840cd3a33214539ef7e99bfcdeca92a8bb6aa46
Opcode Fuzzy Hash: e1a2c376b8f7ade5155c8bf46bd28bb2e7cf037622a5560589060841d6752f21
Instruction Fuzzy Hash: D0015B79600B65AFC325DFA9C44069AFBB4FF19304B00046EE98283B01E775F514CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00455720, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00455725

Part of subcall function 0045C351: __EH_prolog.LIBCMT ref: 0045C356

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: a2a7ea3755ac557f6486cef9358da88324d4599d74c93210b411609ca99a6503
Instruction ID: b5ec8526cae1602e507185becd0acf08667fb98229a1d7c41fc89d18e9196eae
Opcode Fuzzy Hash: a2a7ea3755ac557f6486cef9358da88324d4599d74c93210b411609ca99a6503
Instruction Fuzzy Hash: DCF0FC32600615EFCF119F89D8417AE77B5EF48309F00446FFC1167252CB79AE048798

Uniqueness

Uniqueness Score: -1.00%

Function 0045C976, Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0045C97B

Part of subcall function 00401CC4: malloc.MSVCRT ref: 00401CCA
Part of subcall function 00401CC4: _CxxThrowException.MSVCRT(?,0049CC28), ref: 00401CE4

Part of subcall function 004574A1: __EH_prolog.LIBCMT ref: 004574A6

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$ExceptionThrowmalloc
String ID:
API String ID: 3744649731-0
Opcode ID: 6e3e9e9a56a0048b3fb31847d08ed63c49179ce0df1d5f9f871c0e1990fdd46d
Instruction ID: e7ca557942e979da967b4e639eb4d6775a37b90553ee8e6ec4cc14a58d0ec090
Opcode Fuzzy Hash: 6e3e9e9a56a0048b3fb31847d08ed63c49179ce0df1d5f9f871c0e1990fdd46d
Instruction Fuzzy Hash: 70F0FC72A44650ABC705DB78844179DF7F4BF45715F10422FE552A3392C7B89D008794

Uniqueness

Uniqueness Score: -1.00%

Function 00437262, Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00437267

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 29c5c8e545d76598bd15f88344bb5334d7d8ec22fed26c735034822128ad6636
Instruction ID: 8ebeb4f9d3fe3d1ce81bba46829cf1a57d3d9a1b33f0a39a9c5391f684e5658a
Opcode Fuzzy Hash: 29c5c8e545d76598bd15f88344bb5334d7d8ec22fed26c735034822128ad6636
Instruction Fuzzy Hash: F3F04FB2E1001AABCB10EF99D4409AFBB75FF89754F14816BF415E7251CB388A05DB98

Uniqueness

Uniqueness Score: -1.00%

Function 0043ABF7, Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043ABFC

Part of subcall function 004271C9: __EH_prolog.LIBCMT ref: 004271CE

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$free
String ID:
API String ID: 2654054672-0
Opcode ID: 56967a1d472b1061e5507a1decf806718b1b370642cf5c417062307e0272626d
Instruction ID: 187f3f8c24b36eb43f2205bc0e82e170e0b435c502792815b4b2beb29371b12d
Opcode Fuzzy Hash: 56967a1d472b1061e5507a1decf806718b1b370642cf5c417062307e0272626d
Instruction Fuzzy Hash: 32F0E272A406219FDB15AB89D581B6EF3E8EF54724F00116FA00167352CBB8DC108698

Uniqueness

Uniqueness Score: -1.00%

Function 00457708, Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0045770D

Part of subcall function 0045736E: __EH_prolog.LIBCMT ref: 00457373

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$free
String ID:
API String ID: 2654054672-0
Opcode ID: d870f31c333ea10684fc35809e0fdf1563bfbd4bdde928a65f51d7643cf8ff25
Instruction ID: bcad4ee2177fd46994aec937cdb0d529b5a4c4c3fd945f4e3e4d58535f486c35
Opcode Fuzzy Hash: d870f31c333ea10684fc35809e0fdf1563bfbd4bdde928a65f51d7643cf8ff25
Instruction Fuzzy Hash: 5BF082729046119BDB25AF49F5C1B6EF3A9FF54725F10007FE801A7352CBB8ED048698

Uniqueness

Uniqueness Score: -1.00%

Function 0045466A, Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0045466F

Part of subcall function 004546E9: __EH_prolog.LIBCMT ref: 004546EE

Part of subcall function 00412484: __EH_prolog.LIBCMT ref: 00412489

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 661c408d459c333c18bb72d9ebce9ac9376089bcd9a724af4a2b3258029e18e3
Instruction ID: d0c523e70cd4ed1a040097b6dfd5267e0ff130cd11483cf46f3d014e265fd161
Opcode Fuzzy Hash: 661c408d459c333c18bb72d9ebce9ac9376089bcd9a724af4a2b3258029e18e3
Instruction Fuzzy Hash: 100108B0911B408FCB25DFA9914528EBFE4EB05708F1089AFD49697701D7B8A6488B99

Uniqueness

Uniqueness Score: -1.00%

Function 0041AA1A, Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041AA1F

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 3e16b98f0730c2bb820ccd0239014b8e89b643f94f37be31b5d533302b258861
Instruction ID: 0d127c528bbfbc27b8578c150b8ef13b2cd429df902b96367c72facd4ff678ed
Opcode Fuzzy Hash: 3e16b98f0730c2bb820ccd0239014b8e89b643f94f37be31b5d533302b258861
Instruction Fuzzy Hash: 31F04FB19042009FD704CF59C488FEB77E8EF45350F0485AAF00997261D378AD50CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004548E4, Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004548E9

Part of subcall function 004141BE: __EH_prolog.LIBCMT ref: 004141C3

Part of subcall function 00454942: __EH_prolog.LIBCMT ref: 00454947

Part of subcall function 00457708: __EH_prolog.LIBCMT ref: 0045770D

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: dce44889827298ab9d7ce0ce58cdda0110fe9e9494486ac5889427ccad10aa71
Instruction ID: 4e99f40970d3849a5baba77f3ffa2ecf6dcbd6ffd31f3430ae736c74ad50193c
Opcode Fuzzy Hash: dce44889827298ab9d7ce0ce58cdda0110fe9e9494486ac5889427ccad10aa71
Instruction Fuzzy Hash: B7F0C271820244EAD705DBA4C0057DDFBF4BF55308F00459ED44163682DBB83B08CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00427469, Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042746E

Part of subcall function 00401CC4: malloc.MSVCRT ref: 00401CCA
Part of subcall function 00401CC4: _CxxThrowException.MSVCRT(?,0049CC28), ref: 00401CE4

Part of subcall function 004274E0: __EH_prolog.LIBCMT ref: 004274E5

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$ExceptionThrowmalloc
String ID:
API String ID: 3744649731-0
Opcode ID: 23420e929a1a5af7cd1eb592142194d413dcd02e300bd80c4b2e84612b40ec6f
Instruction ID: 827aeb6ed38268beab8d4e3413ca5443a9d7de1f6c1058a8868d8234a8dbb05c
Opcode Fuzzy Hash: 23420e929a1a5af7cd1eb592142194d413dcd02e300bd80c4b2e84612b40ec6f
Instruction Fuzzy Hash: 12E09B71A14121ABCB08FB78981169D76A5AB04354F10857FE016E72D1DB784E00C758

Uniqueness

Uniqueness Score: -1.00%

Function 0042902D, Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00429032

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 2d3df2e03c9248c1fdaf28911b4b7561c5f95f58f0b6e5f8c45dd0cb094a5ebf
Instruction ID: 1f9c5e2859e8f66e707105db5d51d6327476192999bd80b7cc45dd87dd012eae
Opcode Fuzzy Hash: 2d3df2e03c9248c1fdaf28911b4b7561c5f95f58f0b6e5f8c45dd0cb094a5ebf
Instruction Fuzzy Hash: 37E0ED76600118AFC744EF99D485F9EBBA8FF49354F10845EF40AD7241C779A901CA68

Uniqueness

Uniqueness Score: -1.00%

Function 004070CA, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 004070ED

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 37c8aa7ebea5706a21e67c92cb4cc5de26eae540a1b3ea2d0ac7949ac61e66a9
Instruction ID: 5f0d49fab4b5a97aa6a489e68d87efef5fc6038e1d95d1bb80af47fa3d4e4736
Opcode Fuzzy Hash: 37c8aa7ebea5706a21e67c92cb4cc5de26eae540a1b3ea2d0ac7949ac61e66a9
Instruction Fuzzy Hash: 7DE0E575600208FBCB01CF95CC41B8E7BB9BB09354F20C169F9199A2A0D339EA54DF58

Uniqueness

Uniqueness Score: -1.00%

Function 004271C9, Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004271CE

Part of subcall function 004273F2: __EH_prolog.LIBCMT ref: 004273F7
Part of subcall function 004273F2: ctype.LIBCPMT ref: 0042741B

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$ctypefree
String ID:
API String ID: 519033232-0
Opcode ID: 78dcd47b2379129c01e5808901cfefd5455748a6bf6241824fd8c30a6c189853
Instruction ID: 41c3db8142b1c62480369cad8b1d71e6d29f490cb9bdb026b885b564177b838e
Opcode Fuzzy Hash: 78dcd47b2379129c01e5808901cfefd5455748a6bf6241824fd8c30a6c189853
Instruction Fuzzy Hash: 19E04FB28186209BD714EF55E5527DDB7B8FF04308F0089AFE40262691CFB8AE04CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0045736E, Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00457373

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Part of subcall function 004573AC: __EH_prolog.LIBCMT ref: 004573B1

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$free
String ID:
API String ID: 2654054672-0
Opcode ID: d1fbd1cd966677c256f419b1ab4454aba79cb24f3a7a9c8a927c31124b4406e5
Instruction ID: d4eec01819fb342dd5d4f6aa1c91757cec945227b852dc98a775303161d1de8e
Opcode Fuzzy Hash: d1fbd1cd966677c256f419b1ab4454aba79cb24f3a7a9c8a927c31124b4406e5
Instruction Fuzzy Hash: D0E0DF72810610ABCB19AF59D80239DBBB4FB44339F00026FE022626D1CBB85A04864C

Uniqueness

Uniqueness Score: -1.00%

Function 0040205A, Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 00402077

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs
String ID:
API String ID: 1795875747-0
Opcode ID: 8bdaf234024b1c0a21b9eaf8a304b8f42950a7fb795cd70fcac8b6c20a43d94a
Instruction ID: 51e3ddb447c15c2a109584242581e9797e193cf521e5b21242819464d3c5fcd0
Opcode Fuzzy Hash: 8bdaf234024b1c0a21b9eaf8a304b8f42950a7fb795cd70fcac8b6c20a43d94a
Instruction Fuzzy Hash: 11D01233504118ABCF156B94DC06CDD77BCFB18314714442BF541B21A0EA75E5148794

Uniqueness

Uniqueness Score: -1.00%

Function 00406FBE, Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(000000FF,?,?,00000000,00000000,000000FF,?,00406D00,00000000,00004000,00000000,000000FF,?,?,?), ref: 00406FD4

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: dbb2d301a63012f20a761d2a941b016696becdbde7656f0ff5969e67fa50dbcb
Instruction ID: 9201ff978a396df075b7dd7869010ac9e68e94fc2f4c1ddbd4116d1818c63b8f
Opcode Fuzzy Hash: dbb2d301a63012f20a761d2a941b016696becdbde7656f0ff5969e67fa50dbcb
Instruction Fuzzy Hash: 42E0EC75201209FBCB01CF90CC01F8E7BB9BB49754F208069E915961A0C375AA14EB54

Uniqueness

Uniqueness Score: -1.00%

Function 0041A0A2, Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,0041A02B,?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A0B0

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 8ec1a4100e8cd494927b62384f5df8e50a978147b1c09fe9d1ed5db62d240c6f
Instruction ID: fd0c35ea8dd4b67c61ef1915973700277b0063b65a53659d060e68b40c89d269
Opcode Fuzzy Hash: 8ec1a4100e8cd494927b62384f5df8e50a978147b1c09fe9d1ed5db62d240c6f
Instruction Fuzzy Hash: C9D0123162621287DB706E2DB8047D637DD6F68321B1544AFF884CB384E769CCD25798

Uniqueness

Uniqueness Score: -1.00%

Function 0046117A, Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0046117F

Part of subcall function 00401CC4: malloc.MSVCRT ref: 00401CCA
Part of subcall function 00401CC4: _CxxThrowException.MSVCRT(?,0049CC28), ref: 00401CE4

Part of subcall function 0045466A: __EH_prolog.LIBCMT ref: 0045466F

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$ExceptionThrowmalloc
String ID:
API String ID: 3744649731-0
Opcode ID: 407792ea8cca4b18691fd7b142efeb66af13cd9e42f55e8d6fa4ac50a3c5ac11
Instruction ID: eb05434342d1a1d657470879dfb45696b363e7e510b9092b496abf28f567c1f4
Opcode Fuzzy Hash: 407792ea8cca4b18691fd7b142efeb66af13cd9e42f55e8d6fa4ac50a3c5ac11
Instruction Fuzzy Hash: E8D05EB1A141019FDF0CEFB494227AD76E0EB49708F10857FE402E77C1EB788940C629

Uniqueness

Uniqueness Score: -1.00%

Function 00406B81, Relevance: 1.5, APIs: 1, Instructions: 16COMMONLIBRARYCODE

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,?,00406AE4,000000FF,00000009,?,?,00000001), ref: 00406B8C

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 81d108220f6cff3968a0dfc6b9c9e2b5e5186c3cc047afab7d4b2a783b631099
Instruction ID: 559328f7d73fbe36e8956960c98af4531ccea7d719e5fbdb696f14c488d3abdd
Opcode Fuzzy Hash: 81d108220f6cff3968a0dfc6b9c9e2b5e5186c3cc047afab7d4b2a783b631099
Instruction Fuzzy Hash: 39D0127111463246DA641E3D78459C633E86E12334332077BF4B5E32E1D374AC9346A8

Uniqueness

Uniqueness Score: -1.00%

Function 00405F97, Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(00000000,?,00405FCF), ref: 00405FA2

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: fbc379e1e8146ea8a8aa692942bd8f9d877363f5554707d8c4726b50787c59ac
Instruction ID: 37ccf3f2ba23f84e2a9a8bb5a5f1ff69caeb05e53717e462b83d6ae5a5affc5d
Opcode Fuzzy Hash: fbc379e1e8146ea8a8aa692942bd8f9d877363f5554707d8c4726b50787c59ac
Instruction Fuzzy Hash: C1D0123150592286DA641E3CB8495D373D89A163303711B6BF4B0D72E4D7788C834A54

Uniqueness

Uniqueness Score: -1.00%

Function 00439959, Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043995E

Part of subcall function 0043ABF7: __EH_prolog.LIBCMT ref: 0043ABFC

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: f08e0820b9adbb4c7ba90be9014a5b72c05ac8c4d11cf0407924ba52ddcaa8a4
Instruction ID: 1933e56be835ffcb578a1817d47154573c62e9cce65c22ad53abc53c67233e88
Opcode Fuzzy Hash: f08e0820b9adbb4c7ba90be9014a5b72c05ac8c4d11cf0407924ba52ddcaa8a4
Instruction Fuzzy Hash: B5D0C9F6D405449BCB09AF98E81175CBAB1EB8830EF0089AEE012A6741C77C5940CA29

Uniqueness

Uniqueness Score: -1.00%

Function 00401EDC, Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

fputc.MSVCRT ref: 00401EE3

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputc
String ID:
API String ID: 1992160199-0
Opcode ID: da5970862ec9ad3dbee08846737d54aea76a937bebad6d337613d5396d8d5bb3
Instruction ID: ccb73cc9c3d888b36750ebb274676797b96078edb0050a500f786889603aac1d
Opcode Fuzzy Hash: da5970862ec9ad3dbee08846737d54aea76a937bebad6d337613d5396d8d5bb3
Instruction Fuzzy Hash: 92B0923270C2209BE6191A98FC0AA8067A4DB09722B2100ABF544C61D09AD21C414B99

Uniqueness

Uniqueness Score: -1.00%

Function 0040709D, Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON

Download Yara Rule

APIs

SetFileTime.KERNELBASE(?,?,?,?), ref: 004070AB

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: FileTime
String ID:
API String ID: 1425588814-0
Opcode ID: a4bb79ea367c2e6c2fd0d5fabe928400532b30b899adc986772ce101cae992b3
Instruction ID: f1c8f6366e9e07e4e6468dfd68ddd384c3c8a35569bce28d40666928b29a520f
Opcode Fuzzy Hash: a4bb79ea367c2e6c2fd0d5fabe928400532b30b899adc986772ce101cae992b3
Instruction Fuzzy Hash: E4C04C36158115FF8F020F70CC05D1ABBA2BBA5311F50D929B155C5070C7328024EB02

Uniqueness

Uniqueness Score: -1.00%

Function 00407149, Relevance: 1.5, APIs: 1, Instructions: 6fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNELBASE(?,0040718E,?,?,?), ref: 0040714B

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: File
String ID:
API String ID: 749574446-0
Opcode ID: f443e286b9c93abf9f9a73d9d2ec2e4026a9ec36a6ab195b6272a5e4c0ecf968
Instruction ID: 8f85f8588d590e58c236405d9940557a324498d520ed9860cd4f561e1e06d03c
Opcode Fuzzy Hash: f443e286b9c93abf9f9a73d9d2ec2e4026a9ec36a6ab195b6272a5e4c0ecf968
Instruction Fuzzy Hash: 6EA001702A651A8A8E121B34DD099243AA1AA62B0772016B5A106CA4F4DA224418AA45

Uniqueness

Uniqueness Score: -1.00%

Function 00434490, Relevance: 1.5, APIs: 1, Instructions: 5COMMONLIBRARYCODE

Download Yara Rule

APIs

SetConsoleCtrlHandler.KERNELBASE(Function_00034454,00000000,0043447C), ref: 0043449D

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ConsoleCtrlHandler
String ID:
API String ID: 1513847179-0
Opcode ID: b4863b5e128638218b86d95b8f809220d6664ce04168b005c3d06ddb9e291eac
Instruction ID: 15cfdd205eedef7c5412d8c7a33d1c7b47202e05124ca3e05096c76e7724b771
Opcode Fuzzy Hash: b4863b5e128638218b86d95b8f809220d6664ce04168b005c3d06ddb9e291eac
Instruction Fuzzy Hash: 31B0123018260046CE015F145C06700391067A2700F3001B690101E090C7B41008CB0C

Uniqueness

Uniqueness Score: -1.00%

Function 00458E58, Relevance: 1.4, APIs: 1, Instructions: 122COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00458E8B

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 43f8642cded8752c1c4ec3eee5937cc01b29c75d3ddf157886d48ef426ca0471
Instruction ID: 3858b64d21a7a719b3da7bdcd8cd6f3895756774b64e3a9f8917aebb6a29a9f3
Opcode Fuzzy Hash: 43f8642cded8752c1c4ec3eee5937cc01b29c75d3ddf157886d48ef426ca0471
Instruction Fuzzy Hash: DD414871A007459FCB24CF65C49096BB7B5FF48315728892EE89A97602CB38AD49CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0045C6EE, Relevance: 1.3, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

_CxxThrowException.MSVCRT(00000000,00000000), ref: 0045C6FE

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionThrow
String ID:
API String ID: 432778473-0
Opcode ID: 27da0ee3709ed65a6edca5bf2be77147647744edda51d085942d51bfefad6c34
Instruction ID: ad3aa529798c182f8615bb24ebcdea79c84b6372a1c5d1657bbf01a848f31960
Opcode Fuzzy Hash: 27da0ee3709ed65a6edca5bf2be77147647744edda51d085942d51bfefad6c34
Instruction Fuzzy Hash: 9D21F7B1600246AFD710DFAAC8C495ABBE9FF48315B54846EE84AD7612C734FC58CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0040C879, Relevance: 1.3, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 0040C8A6

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 49ed799e9ef4d960275625d33c47291d77eeb0e05a2e00bd4695c14706870b23
Instruction ID: 218001b3b5118a35f70f278a0b984cf97daf4a037d69717c6f974666551c2c1f
Opcode Fuzzy Hash: 49ed799e9ef4d960275625d33c47291d77eeb0e05a2e00bd4695c14706870b23
Instruction Fuzzy Hash: C021D072A00B00DFC720DF99C89485BF7F9FF887257248A2EE49A93A40E374BD458B54

Uniqueness

Uniqueness Score: -1.00%

Function 0040290E, Relevance: 1.3, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

_CxxThrowException.MSVCRT(?,0049CCC0), ref: 00402973

Part of subcall function 00401CC4: malloc.MSVCRT ref: 00401CCA
Part of subcall function 00401CC4: _CxxThrowException.MSVCRT(?,0049CC28), ref: 00401CE4

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionThrow$malloc
String ID:
API String ID: 4218900083-0
Opcode ID: 4beec060173afe579eaa9889e23d8442025fdb2605be48ebffb934b7ca998d04
Instruction ID: a31d7caeea549fea2837de064281918bbf748b7d590c714089151b2a33ed821e
Opcode Fuzzy Hash: 4beec060173afe579eaa9889e23d8442025fdb2605be48ebffb934b7ca998d04
Instruction Fuzzy Hash: 7901D676240204AFC714EF59C18495ABBE8EF89769B10843FE589D7390C274E841CBAC

Uniqueness

Uniqueness Score: -1.00%

Function 004023B3, Relevance: 1.3, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

_CxxThrowException.MSVCRT(00000000,0049CCC0), ref: 004023D5

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionThrow
String ID:
API String ID: 432778473-0
Opcode ID: fe8c193185dea3e44c51eb8dd45e9b037839cb31898173f6a5ca7c010edf41bd
Instruction ID: 61b4caf597ff3bd4c4d3fd4c83ea3d400b49bb91a44a37c4ffe80c7dd5e3133d
Opcode Fuzzy Hash: fe8c193185dea3e44c51eb8dd45e9b037839cb31898173f6a5ca7c010edf41bd
Instruction Fuzzy Hash: 6FF065771483056BD710DF96E8C1F86BBDCEB88354F20843FF54897181C6799485876C

Uniqueness

Uniqueness Score: -1.00%

Function 00424AA5, Relevance: 1.3, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

Part of subcall function 00401CC4: malloc.MSVCRT ref: 00401CCA
Part of subcall function 00401CC4: _CxxThrowException.MSVCRT(?,0049CC28), ref: 00401CE4

memcpy.MSVCRT ref: 00424AC8

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionThrowmallocmemcpy
String ID:
API String ID: 1351585450-0
Opcode ID: 585e308bf868a00b5bcce8d221049774386f86999c2b136a2ad2e92d96c08ab0
Instruction ID: ae76cfd0e7c0cbaa28e4ca0002c8abdcdf5f44480872a387c64e6a8ca3c0e77a
Opcode Fuzzy Hash: 585e308bf868a00b5bcce8d221049774386f86999c2b136a2ad2e92d96c08ab0
Instruction Fuzzy Hash: 95E04F73600610ABD3109E49D881B67F7FCEFD5B22F15882FE588D7211D3B5981087A5

Uniqueness

Uniqueness Score: -1.00%

Function 004765B0, Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00004000,00001000,00000004,00406CE8,000000FF,?,?,?,?,00000000), ref: 004765C1

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 3eb9a4909bb7ce4ed86827311c098c61574d6d3e194dc9aa60cd4f618a9fb9ab
Instruction ID: 07696b786e9e1e45df383a8f805b135b29a2d52ab93f10dd13cecf77302de0f2
Opcode Fuzzy Hash: 3eb9a4909bb7ce4ed86827311c098c61574d6d3e194dc9aa60cd4f618a9fb9ab
Instruction Fuzzy Hash: 2BB012F0791640B5FE6A03245C0BFEF11156760B87F108079B309D82CCE7E05400622C

Uniqueness

Uniqueness Score: -1.00%

Function 004765D0, Relevance: 1.3, APIs: 1, Instructions: 7COMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualFree.KERNELBASE(?,00000000,00008000,00406DB5,00000000,00004000,00000000,000000FF,?,?,?,?,00000000), ref: 004765DC

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: cd561fa4c4773630ca428a50aa84e86339a40c36092b9579875dc87c63db0a74
Instruction ID: 9e8e316d26bbb48dc8f8bd810860b14e91502968383a6053a24327af6f717656
Opcode Fuzzy Hash: cd561fa4c4773630ca428a50aa84e86339a40c36092b9579875dc87c63db0a74
Instruction Fuzzy Hash: D6B01230252A0032ED3903301C15B1A30102700701E70802D3102680C44564D400460C

Uniqueness

Uniqueness Score: -1.00%

Function 00401CEB, Relevance: 1.3, APIs: 1, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

APIs

free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: c2779ed42725052acff50167859539405a015822e1c6dcd5d910f0daeddc4562
Instruction ID: 159686319408290f29aacd7c8ee4ace7004d703aa62f4349174661fd61654669
Opcode Fuzzy Hash: c2779ed42725052acff50167859539405a015822e1c6dcd5d910f0daeddc4562
Instruction Fuzzy Hash: 7FA00271405540EBCA061B10ED0A5897B61EB94623B30447BF447404708B314860BB05

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0045E376, Relevance: 27.9, APIs: 14, Strings: 1, Instructions: 1604
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E0045E376(intOrPtr __ecx, intOrPtr __edx) {
				void* __ebx;
				void* __edi;
				intOrPtr _t860;
				signed int _t868;
				signed int _t869;
				signed int _t871;
				signed int _t883;
				signed int _t884;
				signed int _t897;
				signed int _t908;
				signed int _t915;
				signed int _t941;
				signed int _t945;
				void* _t951;
				intOrPtr* _t956;
				signed int _t957;
				signed int _t958;
				signed int _t967;
				signed int _t971;
				signed int _t975;
				signed int _t984;
				signed int _t988;
				intOrPtr* _t994;
				signed int _t995;
				signed int _t996;
				signed int _t1005;
				signed int _t1009;
				intOrPtr* _t1013;
				signed int _t1014;
				signed int _t1023;
				signed int _t1031;
				signed int _t1040;
				intOrPtr* _t1054;
				signed int _t1056;
				signed int _t1065;
				signed int _t1069;
				signed int _t1074;
				signed int _t1077;
				intOrPtr _t1080;
				long _t1081;
				void* _t1091;
				signed int _t1093;
				intOrPtr _t1108;
				signed int _t1117;
				char _t1131;
				signed int _t1156;
				signed int _t1163;
				signed int _t1167;
				signed int _t1170;
				intOrPtr _t1171;
				signed int _t1172;
				signed int _t1179;
				signed int _t1183;
				signed int _t1187;
				signed int _t1189;
				void* _t1195;
				signed int _t1203;
				signed int _t1207;
				signed int _t1218;
				signed int _t1219;
				signed int _t1221;
				signed int _t1224;
				signed int _t1225;
				void* _t1227;
				signed int _t1228;
				void* _t1229;
				signed int _t1232;
				intOrPtr* _t1247;
				signed int _t1253;
				void* _t1255;
				void* _t1260;
				intOrPtr _t1267;
				void* _t1306;
				signed int _t1315;
				intOrPtr _t1451;
				signed int _t1522;
				signed int _t1526;
				signed int _t1551;
				intOrPtr* _t1563;
				signed int _t1571;
				signed int _t1572;
				signed int _t1573;
				signed int _t1574;
				void* _t1575;
				intOrPtr* _t1576;
				signed int _t1577;
				intOrPtr _t1578;
				signed int _t1581;
				signed int* _t1582;
				signed int _t1583;
				signed int _t1584;
				intOrPtr _t1585;
				intOrPtr _t1586;
				intOrPtr _t1590;
				intOrPtr _t1591;
				void* _t1592;
				signed int _t1594;
				void* _t1595;
				intOrPtr* _t1596;
				intOrPtr _t1597;
				signed int _t1598;
				signed int _t1599;
				signed int _t1600;
				signed int _t1601;
				void* _t1602;
				signed int _t1603;
				signed int _t1604;
				signed int* _t1606;
				intOrPtr _t1607;
				struct _CRITICAL_SECTION* _t1609;
				intOrPtr _t1610;
				intOrPtr _t1612;
				intOrPtr _t1613;
				intOrPtr _t1614;
				intOrPtr _t1618;
				void* _t1620;
				void* _t1622;
				void* _t1623;
				void* _t1639;
				signed int _t1640;

				E0048C9C0(0x493b08, _t1620);
				_t1623 = _t1622 - 0x4d0;
				 *((intOrPtr*)(_t1620 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t1620 - 0x40)) = __ecx;
				 *(_t1620 - 0x20) = 0;
				_t1596 =  *((intOrPtr*)(_t1620 + 0x1c));
				 *(_t1620 - 4) = 0;
				 *((intOrPtr*)( *_t1596))(_t1596, 0x499b30, _t1620 - 0x20, _t1575, _t1595, _t1260);
				_t1576 =  *((intOrPtr*)(_t1620 + 0xc));
				 *(_t1620 - 0xe) = 0;
				 *(_t1620 - 0x1c) = 0;
				 *((intOrPtr*)(_t1620 - 0x18)) = 0;
				 *(_t1620 - 0x30) = 0;
				 *(_t1620 - 0x2c) = 0;
				 *((intOrPtr*)(_t1620 - 0x48)) = 0;
				 *(_t1620 - 0x44) = 0;
				 *(_t1620 - 0x3c) = 0;
				if( *((intOrPtr*)(_t1576 + 4)) <= 0) {
					L9:
					_t860 =  *((intOrPtr*)(_t1620 + 0x18));
					if(_t860 != 0) {
						 *(_t1620 - 0x1c) =  *(_t1620 - 0x1c) +  *((intOrPtr*)(_t860 + 4));
						asm("adc [ebp-0x18], ebx");
					}
					 *(_t1620 - 0x1c) =  *(_t1620 - 0x1c) + 1;
					asm("adc [ebp-0x18], ebx");
					_t1630 =  *(_t1620 - 0xe);
					if( *(_t1620 - 0xe) == 0) {
						 *((intOrPtr*)( *_t1596 + 0xc))(_t1596,  *(_t1620 - 0x1c),  *((intOrPtr*)(_t1620 - 0x18)));
					}
					_t1597 =  *((intOrPtr*)(_t1620 + 0x10));
					 *(_t1620 - 0xd4) =  *(_t1620 - 0x1c);
					_push(_t1597);
					 *((intOrPtr*)(_t1620 - 0xd0)) =  *((intOrPtr*)(_t1620 - 0x18));
					L00453758(_t1620 - 0x194, _t1630);
					_t1631 =  *((intOrPtr*)(_t1620 - 0x17c));
					 *(_t1620 - 4) = 2;
					if( *((intOrPtr*)(_t1620 - 0x17c)) == 0) {
						L004434A6(_t1620 - 0x180);
					}
					L00453720(_t1620 - 0x33c, _t1631, _t1620 - 0x194);
					 *(_t1620 - 0x1c) = 0;
					 *((intOrPtr*)(_t1620 - 0x18)) = 0;
					 *(_t1620 - 4) = 3;
					 *(_t1620 - 0xd) =  *((intOrPtr*)( *((intOrPtr*)(_t1597 + 0x4c))));
					 *(_t1620 - 0x24) = 0;
					if( *((intOrPtr*)(_t1620 - 0x17c)) != 0) {
						 *(_t1620 - 0x24) =  *( *(_t1620 - 0x180));
					}
					_t1598 = 0;
					if( *((intOrPtr*)(_t1620 - 0x17c)) <= 0) {
						L19:
						_t1577 =  *(_t1620 - 0x24);
						if(_t1577 != 0 &&  *(_t1620 - 0xd) == 0xe && L0040BECC(_t1577, 0xe) < 0) {
							L0040BCB6(_t1577, 0xe, 1);
						}
						_t1267 =  *((intOrPtr*)(_t1620 + 0x10));
						_t1599 = 0x40;
						_t868 =  *(_t1267 + 8);
						 *(_t1620 - 0x14) = _t868;
						if(_t868 <= _t1599) {
							_t1551 = 1;
							__eflags =  *(_t1620 - 0x14) - _t1551;
							if( *(_t1620 - 0x14) >= _t1551) {
								goto L29;
							}
							 *(_t1620 - 0x14) = _t1551;
							goto L28;
						} else {
							 *(_t1620 - 0x14) = _t1599;
							_t1551 = 1;
							L28:
							_t1639 =  *(_t1620 - 0x14) - _t1551;
							L29:
							 *(_t1620 - 0xe) = _t1639 > 0;
							_t1640 =  *(_t1620 - 0x2c);
							if(_t1640 <= 0 && (_t1640 < 0 ||  *(_t1620 - 0x30) <= _t1551)) {
								 *(_t1620 - 0xe) = 0;
							}
							if( *(_t1620 - 0xe) != 0) {
								_t869 =  *(_t1620 - 0xd);
								__eflags = _t869;
								if(_t869 == 0) {
									__eflags =  *(_t1267 + 0x58);
									if( *(_t1267 + 0x58) == 0) {
										 *(_t1620 - 0x14) = _t1551;
									}
								}
								__eflags = _t1577;
								if(_t1577 == 0) {
									L72:
									__eflags = 0 -  *(_t1620 - 0x2c);
									if(__eflags < 0) {
										L76:
										__eflags =  *(_t1620 - 0x14) - 1;
										if( *(_t1620 - 0x14) <= 1) {
											 *(_t1620 - 0xe) = 0;
										}
										__eflags =  *(_t1620 - 0xe);
										if( *(_t1620 - 0xe) != 0) {
											L004434EE(_t1620 - 0x88);
											_push(0x10);
											 *(_t1620 - 4) = 4;
											_t871 = E00401CC4();
											__eflags = _t871;
											if(_t871 == 0) {
												 *(_t1620 - 0x3c) = 0;
												_t1600 = 0;
											} else {
												 *((intOrPtr*)(_t871 + 4)) = 0;
												_t1600 = _t871;
												 *((intOrPtr*)(_t871 + 0xc)) = 0;
												 *_t871 = 0x49b5cc;
												 *(_t1620 - 0x3c) = _t1600;
											}
											__eflags = _t1600;
											 *(_t1620 - 0x28) = _t1600;
											if(_t1600 != 0) {
												 *((intOrPtr*)( *_t1600 + 4))(_t1600);
											}
											_push(1);
											_push( *((intOrPtr*)(_t1620 + 0x1c)));
											 *(_t1620 - 4) = 5;
											E0045DAA7(_t1600);
											E00460BF4(_t1620 - 0x11c);
											_push( *((intOrPtr*)(_t1600 + 0xc)));
											 *(_t1620 - 4) = 6;
											_push( *(_t1620 - 0x14));
											E0040CBCC(0, _t1620 - 0x11c);
											L0045F9C3(_t1620 - 0xcc, 0x10000);
											E004880C0(_t1620 - 0xc0);
											 *((intOrPtr*)(_t1620 - 0xa8)) = 0;
											 *(_t1620 - 4) = 7;
											 *((intOrPtr*)(_t1620 - 0x98)) = _t1620 - 0xcc;
											L004434EE(_t1620 - 0x94);
											 *(_t1620 - 4) = 8;
											L004434EE(_t1620 - 0x70);
											 *(_t1620 - 0x54) = 0;
											 *(_t1620 - 0x50) = 0;
											 *((intOrPtr*)(_t1620 - 0x4c)) = 0;
											 *(_t1620 - 0x60) = 0;
											 *((intOrPtr*)(_t1620 - 0x5c)) = 0;
											 *((intOrPtr*)(_t1620 - 0x58)) = 0;
											 *(_t1620 - 4) = 0xb;
											_t1601 = L0040B8DC(_t1620 - 0xcc,  *(_t1620 - 0x14) << 9, 0);
											__eflags = _t1601;
											if(_t1601 == 0) {
												_t1578 =  *((intOrPtr*)(_t1620 + 0xc));
												_t1602 = 0;
												__eflags =  *(_t1578 + 4);
												if( *(_t1578 + 4) <= 0) {
													L93:
													_t1603 =  *(_t1620 - 0x14);
													__eflags = _t1603;
													if(__eflags <= 0) {
														L95:
														_t1604 = 0;
														__eflags =  *(_t1620 - 0x14);
														if( *(_t1620 - 0x14) <= 0) {
															L107:
															_t883 =  *(_t1578 + 4);
															 *(_t1620 - 0x9c) =  *(_t1620 - 0x9c) | 0xffffffff;
															__eflags = _t883;
															 *(_t1620 - 0x64) = 0;
															 *(_t1620 - 0x24) = 0;
															if(_t883 <= 0) {
																L184:
																_push(0);
																_push(0);
																_push(0);
																_t884 = E0040CC89(_t1620 - 0x11c);
																__eflags = _t884;
																if(_t884 == 0) {
																	_t884 = E0045D64F( *((intOrPtr*)(_t1620 - 0x40)), _t1620 - 0x88,  *((intOrPtr*)(_t1620 + 0x18)));
																	_t1601 = 0;
																	__eflags = 0;
																} else {
																	_t1601 = _t884;
																}
																L234:
																E00401CEB(E00401CEB(_t884,  *(_t1620 - 0x60)),  *(_t1620 - 0x54));
																 *(_t1620 - 4) = 8;
																L0045FFAA(0, _t1620 - 0x70);
																 *(_t1620 - 4) = 7;
																E0046004C(0, _t1620 - 0x98);
																 *(_t1620 - 4) = 6;
																L0045F9D6(_t1620 - 0xcc, __eflags);
																 *(_t1620 - 4) = 5;
																E00460C19(_t1620 - 0x11c);
																 *(_t1620 - 4) = 4;
																L00416C88(_t1620 - 0x28);
																 *(_t1620 - 4) = 3;
																E00460E4D(0, _t1620 - 0x88);
																 *(_t1620 - 4) = 2;
																L00453864(0, _t1620 - 0x33c);
																 *(_t1620 - 4) = 0;
																L004538D4(0, _t1620 - 0x194);
																_t851 = _t1620 - 4;
																 *_t851 =  *(_t1620 - 4) | 0xffffffff;
																__eflags =  *_t851;
																L00416C88(_t1620 - 0x20);
																goto L235;
															} else {
																goto L108;
															}
															do {
																L108:
																__eflags =  *((intOrPtr*)(_t1620 - 0x5c)) -  *(_t1620 - 0x14);
																if( *((intOrPtr*)(_t1620 - 0x5c)) >=  *(_t1620 - 0x14)) {
																	L141:
																	_t1581 =  *(_t1620 - 0x24) << 2;
																	__eflags =  *( *(_t1581 +  *((intOrPtr*)(_t1620 - 0x94))) + 0x20);
																	if(__eflags == 0) {
																		_t1606 =  *(_t1581 +  *((intOrPtr*)( *((intOrPtr*)(_t1620 + 0xc)))));
																		L0045FC66(_t1620 - 0x3d4, __eflags);
																		 *(_t1620 - 4) = 0x14;
																		L0045FC53(_t1620 - 0x29c, __eflags);
																		__eflags = _t1606[0];
																		 *(_t1620 - 4) = 0x15;
																		if(_t1606[0] == 0) {
																			L145:
																			E00460B11(_t1620 - 0x3d4,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1620 + 8)))) + _t1606[2] * 4)));
																			_push(_t1620 - 0x3d4);
																			_t908 = E0045A2C0( *((intOrPtr*)(_t1620 - 0x7c)));
																			__eflags = _t908;
																			if(_t908 != 0) {
																				_t1601 = 0x80004001;
																				L231:
																				 *(_t1620 - 4) = 0x14;
																				E0045736E(_t1620 - 0x29c);
																				 *(_t1620 - 4) = 0xb;
																				_t884 = E0045736E(_t1620 - 0x3d4);
																				goto L234;
																			}
																			E00460B32(_t1620 - 0x29c, _t1620 - 0x3d4);
																			__eflags =  *_t1606;
																			if( *_t1606 == 0) {
																				_push(_t1620 - 0x1c);
																				_push( *(_t1620 - 0x20));
																				_push( *(_t1620 - 0x28));
																				_push(_t1620 - 0x29c);
																				_push(_t1606);
																				_push(_t1620 - 0x3d4);
																				_t915 = E004600E5( *((intOrPtr*)(_t1620 - 0x40)),  *((intOrPtr*)(_t1620 - 0x7c)));
																				__eflags = _t915;
																				if(_t915 != 0) {
																					L230:
																					_t1601 = _t915;
																					goto L231;
																				}
																				L180:
																				_push(_t1620 - 0x29c);
																				E00460E03(_t1620 - 0x88);
																				 *(_t1620 - 0x1c) =  *(_t1620 - 0x1c) + 0x1e;
																				asm("adc [ebp-0x18], ebx");
																				E0045D999( *((intOrPtr*)( *(_t1620 - 0x3c) + 8)),  *(_t1620 - 0x1c),  *((intOrPtr*)(_t1620 - 0x18)));
																				_t612 = _t1620 - 0x24;
																				 *_t612 =  *(_t1620 - 0x24) + 1;
																				__eflags =  *_t612;
																				L181:
																				 *(_t1620 - 4) = 0x14;
																				E0045736E(_t1620 - 0x29c);
																				 *(_t1620 - 4) = 0xb;
																				_t1306 = _t1620 - 0x3d4;
																				L182:
																				E0045736E(_t1306);
																				goto L183;
																			}
																			L147:
																			__eflags = _t1606[0];
																			if(_t1606[0] == 0) {
																				_t1584 =  *(_t1581 +  *((intOrPtr*)(_t1620 - 0x94)));
																				_t1077 =  *(_t1620 - 0x24);
																				 *(_t1620 - 0x2c) = _t1584;
																				__eflags =  *(_t1584 + 0x23);
																				if( *(_t1584 + 0x23) == 0) {
																					__eflags =  *(_t1620 - 0x9c) - _t1077;
																					if( *(_t1620 - 0x9c) >= _t1077) {
																						L164:
																						_t1585 =  *((intOrPtr*)( *((intOrPtr*)(_t1620 - 0x70)) +  *( *(_t1620 - 0x60)) * 4));
																						_t1080 =  *((intOrPtr*)(_t1585 + 0x18));
																						__eflags =  *(_t1080 + 0x15);
																						if( *(_t1080 + 0x15) == 0) {
																							 *(_t1620 - 0xa0) = 0;
																							 *(_t1620 - 4) = 0x17;
																							E0045D826( *((intOrPtr*)(_t1620 - 0x40)), _t1620 - 0xa0);
																							L0045FA50( *((intOrPtr*)(_t1585 + 0x18)),  *(_t1620 - 0xa0));
																							 *((char*)( *((intOrPtr*)(_t1585 + 0x18)) + 0x15)) = 1;
																							L00487F70( *((intOrPtr*)(_t1585 + 0x18)) + 0x1c);
																							 *(_t1620 - 4) = 0x15;
																							L00416C88(_t1620 - 0xa0);
																						}
																						_t1081 = WaitForMultipleObjects( *(_t1620 - 0x50),  *(_t1620 - 0x54), 0, 0xffffffff);
																						__eflags = _t1081 - 0xffffffff;
																						 *(_t1620 - 0x38) = _t1081;
																						if(_t1081 == 0xffffffff) {
																							_t915 = GetLastError();
																							__eflags = _t915;
																							if(_t915 == 0) {
																								_t915 = 0x80004005;
																							}
																							goto L230;
																						} else {
																							__eflags = _t1081 -  *(_t1620 - 0x50);
																							if(_t1081 >=  *(_t1620 - 0x50)) {
																								L232:
																								_t1601 = 0x80004005;
																								goto L231;
																							}
																							_t1586 =  *((intOrPtr*)( *((intOrPtr*)(_t1620 - 0x70)) + ( *(_t1620 - 0x60))[ *(_t1620 - 0x38)] * 4));
																							L0042315E(_t1586 + 0x20);
																							_t915 =  *(_t1586 + 0xc8);
																							 *((char*)(_t1586 + 0xf2)) = 1;
																							__eflags = _t915;
																							if(_t915 != 0) {
																								goto L230;
																							}
																							E00404D20(_t1620 - 0x60,  *(_t1620 - 0x38));
																							E00404D20(_t1620 - 0x54,  *(_t1620 - 0x38));
																							__eflags =  *(_t1620 - 0x38);
																							if(__eflags != 0) {
																								 *(_t1620 - 0x2c) =  *( *((intOrPtr*)(_t1620 - 0x94)) +  *(_t1586 + 0xf4) * 4);
																								E0040C97D( *(_t1586 + 0x18), __eflags,  *( *((intOrPtr*)(_t1620 - 0x94)) +  *(_t1586 + 0xf4) * 4));
																								_t1315 = 8;
																								_t1091 = memcpy( *(_t1620 - 0x2c) + 0x28, _t1586 + 0xd0, _t1315 << 2);
																								_t1623 = _t1623 + 0xc;
																								 *((char*)(_t1091 + 0x23)) = 1;
																								goto L181;
																							}
																							__eflags =  *(_t1586 + 0xf4) -  *(_t1620 - 0x24);
																							if( *(_t1586 + 0xf4) !=  *(_t1620 - 0x24)) {
																								goto L232;
																							}
																							_t1093 =  *(_t1620 - 0x2c);
																							__eflags =  *((intOrPtr*)(_t1093 + 0x22)) -  *((intOrPtr*)(_t1586 + 0xe7));
																							if( *((intOrPtr*)(_t1093 + 0x22)) !=  *((intOrPtr*)(_t1586 + 0xe7))) {
																								goto L232;
																							}
																							_t915 = E0040C99A( *(_t1586 + 0x18));
																							__eflags = _t915;
																							if(_t915 != 0) {
																								goto L230;
																							}
																							 *(_t1620 - 0x2c) =  *(_t1586 + 0x18);
																							L0042315E( *(_t1586 + 0x18) + 0x4c);
																							L0042315E( *(_t1620 - 0x2c) + 0x48);
																							_t1612 =  *((intOrPtr*)(_t1620 + 0x10));
																							_push(_t1620 - 0x29c);
																							_push( *((intOrPtr*)(_t1586 + 0xe7)));
																							L0045FC76(_t1612, _t1606);
																							__eflags =  *(_t1612 + 0x58);
																							if( *(_t1612 + 0x58) == 0) {
																								L176:
																								__eflags = 0;
																								L177:
																								L0045FE7F(0, _t1586 + 0xd0, 0,  *((intOrPtr*)( *((intOrPtr*)(_t1620 + 0x10)) + 0x49)), _t1620 - 0x29c);
																								E0045D31C( *((intOrPtr*)(_t1620 - 0x40)), _t1620 - 0x29c);
																								goto L180;
																							}
																							_t1108 = _t1612;
																							__eflags =  *(_t1108 + 0x48);
																							if( *(_t1108 + 0x48) == 0) {
																								goto L176;
																							}
																							_push(1);
																							_pop(0);
																							goto L177;
																						}
																					}
																					 *(_t1620 - 0x9c) = _t1077;
																					_t1117 = L00453995(_t1620 - 0x33c,  *((intOrPtr*)(_t1584 + 0x21)),  *((intOrPtr*)(_t1620 + 0x14)), _t1606[6], _t1606[7], _t1620 - 0x35c);
																					__eflags = _t1117;
																					 *(_t1620 - 0x74) = _t1117;
																					if(_t1117 != 0) {
																						 *(_t1620 - 4) = 0x14;
																						E0045736E(_t1620 - 0x29c);
																						 *(_t1620 - 4) = 0xb;
																						E00401CEB(E00401CEB(E0045736E(_t1620 - 0x3d4),  *(_t1620 - 0x60)),  *(_t1620 - 0x54));
																						 *(_t1620 - 4) = 8;
																						L0045FFAA(0, _t1620 - 0x70);
																						 *(_t1620 - 4) = 7;
																						E0046004C(0, _t1620 - 0x98);
																						 *(_t1620 - 4) = 6;
																						L0045F9D6(_t1620 - 0xcc, __eflags);
																						 *(_t1620 - 4) = 5;
																						E00460C19(_t1620 - 0x11c);
																						 *(_t1620 - 4) = 4;
																						L00416C88(_t1620 - 0x28);
																						 *(_t1620 - 4) = 3;
																						E00460E4D(0, _t1620 - 0x88);
																						 *(_t1620 - 4) = 2;
																						L00453864(0, _t1620 - 0x33c);
																						 *(_t1620 - 4) = 0;
																						L004538D4(0, _t1620 - 0x194);
																						 *(_t1620 - 4) =  *(_t1620 - 4) | 0xffffffff;
																						L00416C88(_t1620 - 0x20);
																						_t897 =  *(_t1620 - 0x74);
																						goto L236;
																					}
																					_t1131 =  *((intOrPtr*)(_t1620 - 0x345));
																					 *((char*)(_t1584 + 0x22)) = _t1131;
																					_t1590 =  *((intOrPtr*)(_t1620 + 0x10));
																					_push(_t1620 - 0x29c);
																					_push(_t1131);
																					L0045FC76(_t1590, _t1606);
																					__eflags =  *(_t1590 + 0x58);
																					if( *(_t1590 + 0x58) == 0) {
																						L162:
																						__eflags = 0;
																						L163:
																						L0045FE7F(0, _t1620 - 0x35c, 0,  *((intOrPtr*)(_t1590 + 0x49)), _t1620 - 0x29c);
																						E0045D12B( *((intOrPtr*)(_t1620 - 0x40)), _t1620 - 0x29c, 0);
																						goto L164;
																					}
																					__eflags =  *(_t1590 + 0x48);
																					if( *(_t1590 + 0x48) == 0) {
																						goto L162;
																					}
																					_push(1);
																					_pop(0);
																					goto L163;
																				}
																				__eflags =  *(_t1620 - 0x9c) - _t1077;
																				if( *(_t1620 - 0x9c) < _t1077) {
																					 *(_t1620 - 0x9c) = _t1077;
																				}
																				_t1613 =  *((intOrPtr*)(_t1620 + 0x10));
																				_push(_t1620 - 0x29c);
																				_push( *((intOrPtr*)(_t1584 + 0x3f)));
																				L0045FC76(_t1613, _t1606);
																				__eflags =  *(_t1613 + 0x58);
																				if( *(_t1613 + 0x58) == 0) {
																					L155:
																					__eflags = 0;
																					goto L156;
																				} else {
																					__eflags =  *(_t1613 + 0x48);
																					if( *(_t1613 + 0x48) == 0) {
																						goto L155;
																					}
																					_push(1);
																					_pop(0);
																					L156:
																					L0045FE7F(0, _t1584 + 0x28, 0,  *((intOrPtr*)(_t1613 + 0x49)), _t1620 - 0x29c);
																					_t1614 =  *((intOrPtr*)(_t1620 - 0x40));
																					E0045D12B(_t1614, _t1620 - 0x29c, 0);
																					 *(_t1620 - 0x44) = 0;
																					 *(_t1620 - 4) = 0x16;
																					E0045D8BD(_t1614, _t1620 - 0x44);
																					L0040B9DE(_t1584,  *((intOrPtr*)(_t1620 - 0xc8)),  *(_t1620 - 0x44));
																					 *((intOrPtr*)(_t1614 + 0x38)) =  *((intOrPtr*)(_t1614 + 0x38)) +  *((intOrPtr*)(_t1620 - 0x28c));
																					asm("adc [esi+0x3c], ecx");
																					L0040B9BC(_t1584, __eflags, _t1620 - 0xcc);
																					 *(_t1620 - 4) = 0x15;
																					L00416C88(_t1620 - 0x44);
																					goto L180;
																				}
																			}
																			E004602E8( *((intOrPtr*)(_t1620 - 0x40)),  *((intOrPtr*)(_t1620 + 0x10)), _t1606, _t1620 - 0x29c);
																			goto L180;
																		}
																		__eflags =  *_t1606;
																		if( *_t1606 != 0) {
																			goto L147;
																		}
																		goto L145;
																	}
																	 *(_t1620 - 0x24) =  *(_t1620 - 0x24) + 1;
																	goto L183;
																}
																__eflags =  *(_t1620 - 0x64) - _t883;
																if( *(_t1620 - 0x64) >= _t883) {
																	goto L141;
																}
																 *(_t1620 - 0x64) =  *(_t1620 - 0x64) + 1;
																_t1582 =  *( *((intOrPtr*)( *((intOrPtr*)(_t1620 + 0xc)))) + ( *(_t1620 - 0x64) << 2));
																__eflags =  *_t1582;
																if(__eflags == 0) {
																	goto L183;
																}
																E00459E2A(_t1620 - 0x20c, __eflags);
																 *((char*)(_t1620 - 0x198)) = 0;
																 *(_t1620 - 4) = 0xf;
																E00459E2A(_t1620 - 0x464, __eflags);
																 *((char*)(_t1620 - 0x3dc)) = 0;
																__eflags = _t1582[0];
																 *(_t1620 - 4) = 0x10;
																if(_t1582[0] == 0) {
																	_t1607 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1620 + 8)))) + _t1582[2] * 4));
																	E00460B32(_t1620 - 0x20c, _t1607);
																	 *((intOrPtr*)(_t1620 - 0x19c)) =  *((intOrPtr*)(_t1607 + 0x70));
																	 *((char*)(_t1620 - 0x198)) =  *((intOrPtr*)(_t1607 + 0x74));
																	_push(_t1620 - 0x20c);
																	__eflags = E0045A2C0( *((intOrPtr*)(_t1620 - 0x7c)));
																	if(__eflags != 0) {
																		L186:
																		 *(_t1620 - 4) = 0xf;
																		E0045736E(_t1620 - 0x464);
																		 *(_t1620 - 4) = 0xb;
																		E00401CEB(E00401CEB(E0045736E(_t1620 - 0x20c),  *(_t1620 - 0x60)),  *(_t1620 - 0x54));
																		 *(_t1620 - 4) = 8;
																		L0045FFAA(0, _t1620 - 0x70);
																		 *(_t1620 - 4) = 7;
																		E0046004C(0, _t1620 - 0x98);
																		 *(_t1620 - 4) = 6;
																		L0045F9D6(_t1620 - 0xcc, __eflags);
																		 *(_t1620 - 4) = 5;
																		E00460C19(_t1620 - 0x11c);
																		_t941 =  *(_t1620 - 0x28);
																		 *(_t1620 - 4) = 4;
																		__eflags = _t941;
																		if(_t941 != 0) {
																			 *((intOrPtr*)( *_t941 + 8))(_t941);
																		}
																		 *(_t1620 - 4) = 3;
																		E00460E4D(0, _t1620 - 0x88);
																		 *(_t1620 - 4) = 2;
																		L00453864(0, _t1620 - 0x33c);
																		 *(_t1620 - 4) = 0;
																		L004538D4(0, _t1620 - 0x194);
																		L189:
																		_t945 =  *(_t1620 - 0x20);
																		 *(_t1620 - 4) =  *(_t1620 - 4) | 0xffffffff;
																		__eflags = _t945;
																		if(_t945 != 0) {
																			 *((intOrPtr*)( *_t945 + 8))(_t945);
																		}
																		_t897 = 0x80004001;
																		goto L236;
																	}
																	E00460B32(_t1620 - 0x464, _t1620 - 0x20c);
																	 *(_t1620 - 0xd) = _t1582[0];
																	_t951 = E0045CC3F(_t1620 - 0x464, __eflags);
																	__eflags = _t951 -  *(_t1620 - 0xd);
																	if(_t951 !=  *(_t1620 - 0xd)) {
																		goto L186;
																	}
																	__eflags =  *(_t1620 - 0xd);
																	if( *(_t1620 - 0xd) != 0) {
																		L140:
																		 *(_t1620 - 4) = 0xf;
																		E0045736E(_t1620 - 0x464);
																		 *(_t1620 - 4) = 0xb;
																		_t1306 = _t1620 - 0x20c;
																		goto L182;
																	}
																	L127:
																	 *(_t1620 - 0x34) = 0;
																	 *(_t1620 - 0x2c) =  *( *((intOrPtr*)(_t1620 - 0x94)) +  *(_t1620 - 0x64) * 4 - 4);
																	_t1609 =  *((intOrPtr*)( *(_t1620 - 0x3c) + 8)) + 0x3c;
																	 *(_t1620 - 0x38) = _t1609;
																	EnterCriticalSection(_t1609);
																	_t956 =  *((intOrPtr*)(_t1620 + 0x1c));
																	 *(_t1620 - 4) = 0x12;
																	_t957 =  *((intOrPtr*)( *_t956 + 0x1c))(_t956, _t1582[3], _t1620 - 0x34);
																	__eflags = _t957 - 1;
																	 *(_t1620 - 0x74) = _t957;
																	if(_t957 != 1) {
																		__eflags =  *(_t1620 - 0x74);
																		if( *(_t1620 - 0x74) != 0) {
																			LeaveCriticalSection(_t1609);
																			_t958 =  *(_t1620 - 0x34);
																			 *(_t1620 - 4) = 0x10;
																			__eflags = _t958;
																			if(_t958 != 0) {
																				 *((intOrPtr*)( *_t958 + 8))(_t958);
																			}
																			 *(_t1620 - 4) = 0xf;
																			E0045736E(_t1620 - 0x464);
																			 *(_t1620 - 4) = 0xb;
																			E00401CEB(E00401CEB(E0045736E(_t1620 - 0x20c),  *(_t1620 - 0x60)),  *(_t1620 - 0x54));
																			 *(_t1620 - 4) = 8;
																			L0045FFAA(0, _t1620 - 0x70);
																			 *(_t1620 - 4) = 7;
																			E0046004C(0, _t1620 - 0x98);
																			 *(_t1620 - 4) = 6;
																			L0045F9D6(_t1620 - 0xcc, __eflags);
																			 *(_t1620 - 4) = 5;
																			E00460C19(_t1620 - 0x11c);
																			_t967 =  *(_t1620 - 0x28);
																			 *(_t1620 - 4) = 4;
																			__eflags = _t967;
																			if(_t967 != 0) {
																				 *((intOrPtr*)( *_t967 + 8))(_t967);
																			}
																			 *(_t1620 - 4) = 3;
																			E00460E4D(0, _t1620 - 0x88);
																			 *(_t1620 - 4) = 2;
																			L00453864(0, _t1620 - 0x33c);
																			 *(_t1620 - 4) = 0;
																			L004538D4(0, _t1620 - 0x194);
																			_t971 =  *(_t1620 - 0x20);
																			 *(_t1620 - 4) =  *(_t1620 - 4) | 0xffffffff;
																			__eflags = _t971;
																			if(_t971 != 0) {
																				 *((intOrPtr*)( *_t971 + 8))(_t971);
																			}
																			_t897 =  *(_t1620 - 0x74);
																			goto L236;
																		}
																		_t1561 =  *(_t1620 - 0x34);
																		__eflags =  *(_t1620 - 0x34);
																		if( *(_t1620 - 0x34) == 0) {
																			LeaveCriticalSection(_t1609);
																			_t975 =  *(_t1620 - 0x34);
																			 *(_t1620 - 4) = 0x10;
																			__eflags = _t975;
																			if(_t975 != 0) {
																				 *((intOrPtr*)( *_t975 + 8))(_t975);
																			}
																			 *(_t1620 - 4) = 0xf;
																			E0045736E(_t1620 - 0x464);
																			 *(_t1620 - 4) = 0xb;
																			E00401CEB(E00401CEB(E0045736E(_t1620 - 0x20c),  *(_t1620 - 0x60)),  *(_t1620 - 0x54));
																			 *(_t1620 - 4) = 8;
																			L0045FFAA(0, _t1620 - 0x70);
																			 *(_t1620 - 4) = 7;
																			E0046004C(0, _t1620 - 0x98);
																			 *(_t1620 - 4) = 6;
																			L0045F9D6(_t1620 - 0xcc, __eflags);
																			 *(_t1620 - 4) = 5;
																			E00460C19(_t1620 - 0x11c);
																			_t984 =  *(_t1620 - 0x28);
																			 *(_t1620 - 4) = 4;
																			__eflags = _t984;
																			if(_t984 != 0) {
																				 *((intOrPtr*)( *_t984 + 8))(_t984);
																			}
																			 *(_t1620 - 4) = 3;
																			E00460E4D(0, _t1620 - 0x88);
																			 *(_t1620 - 4) = 2;
																			L00453864(0, _t1620 - 0x33c);
																			 *(_t1620 - 4) = 0;
																			L004538D4(0, _t1620 - 0x194);
																			_t988 =  *(_t1620 - 0x20);
																			 *(_t1620 - 4) =  *(_t1620 - 4) | 0xffffffff;
																			__eflags = _t988;
																			if(_t988 != 0) {
																				 *((intOrPtr*)( *_t988 + 8))(_t988);
																			}
																			_t897 = 0x80070057;
																			goto L236;
																		}
																		E0046030F(_t1582, _t1561, _t1582);
																		_t994 =  *((intOrPtr*)(_t1620 + 0x1c));
																		_t995 =  *((intOrPtr*)( *_t994 + 0x20))(_t994, 0,  *((intOrPtr*)(_t1620 + 0x1c)), _t1620 - 0xd4);
																		__eflags = _t995;
																		 *(_t1620 - 0x74) = _t995;
																		if(_t995 != 0) {
																			LeaveCriticalSection(_t1609);
																			_t996 =  *(_t1620 - 0x34);
																			 *(_t1620 - 4) = 0x10;
																			__eflags = _t996;
																			if(_t996 != 0) {
																				 *((intOrPtr*)( *_t996 + 8))(_t996);
																			}
																			 *(_t1620 - 4) = 0xf;
																			E0045736E(_t1620 - 0x464);
																			 *(_t1620 - 4) = 0xb;
																			E00401CEB(E00401CEB(E0045736E(_t1620 - 0x20c),  *(_t1620 - 0x60)),  *(_t1620 - 0x54));
																			 *(_t1620 - 4) = 8;
																			L0045FFAA(0, _t1620 - 0x70);
																			 *(_t1620 - 4) = 7;
																			E0046004C(0, _t1620 - 0x98);
																			 *(_t1620 - 4) = 6;
																			L0045F9D6(_t1620 - 0xcc, __eflags);
																			 *(_t1620 - 4) = 5;
																			E00460C19(_t1620 - 0x11c);
																			_t1005 =  *(_t1620 - 0x28);
																			 *(_t1620 - 4) = 4;
																			__eflags = _t1005;
																			if(_t1005 != 0) {
																				 *((intOrPtr*)( *_t1005 + 8))(_t1005);
																			}
																			 *(_t1620 - 4) = 3;
																			E00460E4D(0, _t1620 - 0x88);
																			 *(_t1620 - 4) = 2;
																			L00453864(0, _t1620 - 0x33c);
																			 *(_t1620 - 4) = 0;
																			L004538D4(0, _t1620 - 0x194);
																			_t1009 =  *(_t1620 - 0x20);
																			 *(_t1620 - 4) =  *(_t1620 - 4) | 0xffffffff;
																			__eflags = _t1009;
																			if(_t1009 != 0) {
																				 *((intOrPtr*)( *_t1009 + 8))(_t1009);
																			}
																			_t897 =  *(_t1620 - 0x74);
																			goto L236;
																		}
																		 *(_t1620 - 4) = 0x11;
																		LeaveCriticalSection(_t1609);
																		__eflags =  *(_t1620 - 0x14);
																		_t1013 =  *((intOrPtr*)(_t1620 - 0x70));
																		 *(_t1620 - 0x38) = 0;
																		if( *(_t1620 - 0x14) <= 0) {
																			L138:
																			__eflags =  *(_t1620 - 0x38) -  *(_t1620 - 0x14);
																			if( *(_t1620 - 0x38) ==  *(_t1620 - 0x14)) {
																				_t1014 =  *(_t1620 - 0x34);
																				 *(_t1620 - 4) = 0x10;
																				__eflags = _t1014;
																				if(_t1014 != 0) {
																					 *((intOrPtr*)( *_t1014 + 8))(_t1014);
																				}
																				 *(_t1620 - 4) = 0xf;
																				E0045736E(_t1620 - 0x464);
																				 *(_t1620 - 4) = 0xb;
																				E00401CEB(E00401CEB(E0045736E(_t1620 - 0x20c),  *(_t1620 - 0x60)),  *(_t1620 - 0x54));
																				 *(_t1620 - 4) = 8;
																				L0045FFAA(0, _t1620 - 0x70);
																				 *(_t1620 - 4) = 7;
																				E0046004C(0, _t1620 - 0x98);
																				 *(_t1620 - 4) = 6;
																				L0045F9D6(_t1620 - 0xcc, __eflags);
																				 *(_t1620 - 4) = 5;
																				E00460C19(_t1620 - 0x11c);
																				_t1023 =  *(_t1620 - 0x28);
																				 *(_t1620 - 4) = 4;
																				__eflags = _t1023;
																				if(_t1023 != 0) {
																					 *((intOrPtr*)( *_t1023 + 8))(_t1023);
																				}
																				 *(_t1620 - 4) = 3;
																				E00460E4D(0, _t1620 - 0x88);
																				 *(_t1620 - 4) = 2;
																				L00453864(0, _t1620 - 0x33c);
																				 *(_t1620 - 4) = 0;
																				L004538D4(0, _t1620 - 0x194);
																				 *(_t1620 - 4) =  *(_t1620 - 4) | 0xffffffff;
																				L00416C88(_t1620 - 0x20);
																				_t897 = 0x80004005;
																				goto L236;
																			}
																			_t1610 =  *((intOrPtr*)(_t1013 +  *(_t1620 - 0x38) * 4));
																			 *((char*)(_t1610 + 0xf2)) = 0;
																			L0044B954(_t1610 + 0x20,  *(_t1620 - 0x34));
																			 *(_t1620 - 0x74) = 0;
																			_t1031 =  *(_t1620 - 0x34);
																			 *(_t1620 - 4) = 0x13;
																			 *((intOrPtr*)( *_t1031))(_t1031, 0x499c40, _t1620 - 0x74);
																			__eflags =  *(_t1620 - 0x74);
																			 *(_t1620 - 4) = 0x11;
																			 *(_t1620 - 0xd) =  *(_t1620 - 0x74) == 0;
																			L00416C88(_t1620 - 0x74);
																			 *((char*)( *(_t1620 - 0x2c) + 0x21)) =  *(_t1620 - 0xd);
																			L0042315E(_t1620 - 0x34);
																			E0040C959( *((intOrPtr*)(_t1610 + 0x18)));
																			E0040CC52( *((intOrPtr*)( *((intOrPtr*)(_t1610 + 0x10)) + 8)),  *((intOrPtr*)( *((intOrPtr*)(_t1610 + 0x10)) + 0xc)));
																			_t1040 =  *(_t1620 - 0x64) - 1;
																			__eflags = _t1040;
																			 *(_t1610 + 0xf4) = _t1040;
																			 *((char*)(_t1610 + 0xf0)) =  *(_t1620 - 0xd);
																			 *((char*)(_t1610 + 0xf1)) =  *((intOrPtr*)(_t1620 + 0x14));
																			 *(_t1610 + 0xf8) = _t1582[5];
																			 *(_t1610 + 0x100) = _t1582[6];
																			 *(_t1610 + 0x104) = _t1582[7];
																			L00487F70(_t1610 + 4);
																			E00401553(_t1620 - 0x54,  *((intOrPtr*)(_t1610 + 8)));
																			E00401553(_t1620 - 0x60,  *(_t1620 - 0x38));
																			 *(_t1620 - 4) = 0x10;
																			L00416C88(_t1620 - 0x34);
																			goto L140;
																		}
																		_t1563 = _t1013;
																		while(1) {
																			_t1451 =  *_t1563;
																			__eflags =  *(_t1451 + 0xf2);
																			if( *(_t1451 + 0xf2) != 0) {
																				goto L138;
																			}
																			 *(_t1620 - 0x38) =  *(_t1620 - 0x38) + 1;
																			_t1563 = _t1563 + 4;
																			__eflags =  *(_t1620 - 0x38) -  *(_t1620 - 0x14);
																			if( *(_t1620 - 0x38) <  *(_t1620 - 0x14)) {
																				continue;
																			}
																			goto L138;
																		}
																		goto L138;
																	}
																	asm("adc ecx, ebx");
																	 *(_t1620 - 0x1c) =  *(_t1620 - 0x1c) + _t1582[6] + 0x1e;
																	asm("adc [ebp-0x18], ecx");
																	E0045D999( *((intOrPtr*)( *(_t1620 - 0x3c) + 8)),  *(_t1620 - 0x1c),  *((intOrPtr*)(_t1620 - 0x18)));
																	_t1054 =  *((intOrPtr*)(_t1620 + 0x1c));
																	_t1583 =  *((intOrPtr*)( *_t1054 + 0x20))(_t1054, 0);
																	__eflags = _t1583;
																	if(_t1583 != 0) {
																		LeaveCriticalSection(_t1609);
																		_t1056 =  *(_t1620 - 0x34);
																		 *(_t1620 - 4) = 0x10;
																		__eflags = _t1056;
																		if(_t1056 != 0) {
																			 *((intOrPtr*)( *_t1056 + 8))(_t1056);
																		}
																		 *(_t1620 - 4) = 0xf;
																		E0045736E(_t1620 - 0x464);
																		 *(_t1620 - 4) = 0xb;
																		_t1058 = E0045736E(_t1620 - 0x20c);
																		L195:
																		E00401CEB(E00401CEB(_t1058,  *(_t1620 - 0x60)),  *(_t1620 - 0x54));
																		 *(_t1620 - 4) = 8;
																		L0045FFAA(0, _t1620 - 0x70);
																		 *(_t1620 - 4) = 7;
																		E0046004C(0, _t1620 - 0x98);
																		 *(_t1620 - 4) = 6;
																		L0045F9D6(_t1620 - 0xcc, __eflags);
																		 *(_t1620 - 4) = 5;
																		E00460C19(_t1620 - 0x11c);
																		_t1065 =  *(_t1620 - 0x28);
																		 *(_t1620 - 4) = 4;
																		__eflags = _t1065;
																		if(_t1065 != 0) {
																			 *((intOrPtr*)( *_t1065 + 8))(_t1065);
																		}
																		 *(_t1620 - 4) = 3;
																		E00460E4D(0, _t1620 - 0x88);
																		 *(_t1620 - 4) = 2;
																		L00453864(0, _t1620 - 0x33c);
																		 *(_t1620 - 4) = 0;
																		L004538D4(0, _t1620 - 0x194);
																		_t1069 =  *(_t1620 - 0x20);
																		 *(_t1620 - 4) =  *(_t1620 - 4) | 0xffffffff;
																		__eflags = _t1069;
																		if(_t1069 != 0) {
																			 *((intOrPtr*)( *_t1069 + 8))(_t1069);
																		}
																		_t897 = _t1583;
																		goto L236;
																	}
																	 *((char*)( *(_t1620 - 0x2c) + 0x20)) = 1;
																	LeaveCriticalSection(_t1609);
																	_t1074 =  *(_t1620 - 0x34);
																	 *(_t1620 - 4) = 0x10;
																	__eflags = _t1074;
																	if(_t1074 != 0) {
																		 *((intOrPtr*)( *_t1074 + 8))(_t1074);
																	}
																	goto L140;
																}
																__eflags = _t1582[0];
																if(_t1582[0] == 0) {
																	goto L127;
																}
																goto L140;
																L183:
																_t883 =  *( *((intOrPtr*)(_t1620 + 0xc)) + 4);
																__eflags =  *(_t1620 - 0x24) - _t883;
															} while ( *(_t1620 - 0x24) < _t883);
															goto L184;
														} else {
															goto L96;
														}
														while(1) {
															L96:
															_t1591 =  *((intOrPtr*)( *((intOrPtr*)(_t1620 - 0x70)) + _t1604 * 4));
															_t1156 = L0045FF73(_t1591);
															__eflags = _t1156;
															 *(_t1620 - 0x2c) = _t1156;
															if(_t1156 != 0) {
																break;
															}
															_push(0x50);
															_t1170 = E00401CC4();
															 *(_t1620 - 0x2c) = _t1170;
															__eflags = _t1170;
															 *(_t1620 - 4) = 0xe;
															if(_t1170 == 0) {
																_t1171 = 0;
																__eflags = 0;
															} else {
																_t1171 = L0045FA6F(_t1170, _t1620 - 0xcc);
															}
															 *(_t1620 - 4) = 0xb;
															 *((intOrPtr*)(_t1591 + 0x18)) = _t1171;
															_t1172 = L0045FA27(_t1171);
															__eflags = _t1172;
															 *(_t1620 - 0x2c) = _t1172;
															if(_t1172 != 0) {
																E00401CEB(E00401CEB(_t1172,  *(_t1620 - 0x60)),  *(_t1620 - 0x54));
																 *(_t1620 - 4) = 8;
																L0045FFAA(0, _t1620 - 0x70);
																 *(_t1620 - 4) = 7;
																E0046004C(0, _t1620 - 0x98);
																 *(_t1620 - 4) = 6;
																L0045F9D6(_t1620 - 0xcc, __eflags);
																 *(_t1620 - 4) = 5;
																E00460C19(_t1620 - 0x11c);
																_t1179 =  *(_t1620 - 0x28);
																 *(_t1620 - 4) = 4;
																__eflags = _t1179;
																if(_t1179 != 0) {
																	 *((intOrPtr*)( *_t1179 + 8))(_t1179);
																}
																 *(_t1620 - 4) = 3;
																E00460E4D(0, _t1620 - 0x88);
																 *(_t1620 - 4) = 2;
																L00453864(0, _t1620 - 0x33c);
																 *(_t1620 - 4) = 0;
																L004538D4(0, _t1620 - 0x194);
																_t1183 =  *(_t1620 - 0x20);
																 *(_t1620 - 4) =  *(_t1620 - 4) | 0xffffffff;
																__eflags = _t1183;
																if(_t1183 != 0) {
																	 *((intOrPtr*)( *_t1183 + 8))(_t1183);
																}
																_t897 =  *(_t1620 - 0x2c);
																goto L236;
															} else {
																L0044B954(_t1591 + 0x1c,  *((intOrPtr*)(_t1591 + 0x18)));
																 *((char*)(_t1591 + 0xf2)) = 1;
																_push(0x10);
																_t1187 = E00401CC4();
																__eflags = _t1187;
																if(_t1187 == 0) {
																	_t1187 = 0;
																	__eflags = 0;
																} else {
																	 *((intOrPtr*)(_t1187 + 4)) = 0;
																	 *_t1187 = 0x49b5bc;
																}
																 *(_t1591 + 0x10) = _t1187;
																L0044B954(_t1591 + 0x14, _t1187);
																_t1189 =  *(_t1591 + 0x10);
																 *((intOrPtr*)(_t1189 + 8)) = _t1620 - 0x11c;
																 *(_t1189 + 0xc) = _t1604;
																 *(_t1591 + 0x100) =  *(_t1591 + 0x100) | 0xffffffff;
																 *(_t1591 + 0x104) =  *(_t1591 + 0x104) | 0xffffffff;
																 *((char*)(_t1591 + 0xf0)) = 0;
																 *((char*)(_t1591 + 0xf1)) = 0;
																 *((intOrPtr*)(_t1591 + 0xf8)) = 0;
																_t1583 = L00487F30(_t1591, 0x45ff9c, _t1591);
																__eflags = _t1583;
																if(_t1583 != 0) {
																	goto L195;
																} else {
																	_t1604 = _t1604 + 1;
																	__eflags = _t1604 -  *(_t1620 - 0x14);
																	if(_t1604 <  *(_t1620 - 0x14)) {
																		continue;
																	}
																	_t1578 =  *((intOrPtr*)(_t1620 + 0xc));
																	goto L107;
																}
															}
														}
														E00401CEB(E00401CEB(_t1156,  *(_t1620 - 0x60)),  *(_t1620 - 0x54));
														 *(_t1620 - 4) = 8;
														L0045FFAA(0, _t1620 - 0x70);
														 *(_t1620 - 4) = 7;
														E0046004C(0, _t1620 - 0x98);
														 *(_t1620 - 4) = 6;
														L0045F9D6(_t1620 - 0xcc, __eflags);
														 *(_t1620 - 4) = 5;
														E00460C19(_t1620 - 0x11c);
														_t1163 =  *(_t1620 - 0x28);
														 *(_t1620 - 4) = 4;
														__eflags = _t1163;
														if(_t1163 != 0) {
															 *((intOrPtr*)( *_t1163 + 8))(_t1163);
														}
														 *(_t1620 - 4) = 3;
														E00460E4D(0, _t1620 - 0x88);
														 *(_t1620 - 4) = 2;
														L00453864(0, _t1620 - 0x33c);
														 *(_t1620 - 4) = 0;
														L004538D4(0, _t1620 - 0x194);
														_t1167 =  *(_t1620 - 0x20);
														 *(_t1620 - 4) =  *(_t1620 - 4) | 0xffffffff;
														__eflags = _t1167;
														if(_t1167 != 0) {
															 *((intOrPtr*)( *_t1167 + 8))(_t1167);
														}
														_t897 =  *(_t1620 - 0x2c);
														goto L236;
													} else {
														goto L94;
													}
													do {
														L94:
														_push(_t1620 - 0x194);
														_push(L0045FF01(_t1620 - 0x4dc, __eflags));
														 *(_t1620 - 4) = 0xd;
														E00460D21(_t1620 - 0x70);
														 *(_t1620 - 4) = 0xb;
														E00460C46(0, _t1620 - 0x4dc, __eflags);
														_t1603 = _t1603 - 1;
														__eflags = _t1603;
													} while (__eflags != 0);
													goto L95;
												} else {
													goto L92;
												}
												do {
													L92:
													_push(E00460029(_t1620 - 0x1dc));
													 *(_t1620 - 4) = 0xc;
													_t1195 = E00460DBC(_t1620 - 0x94);
													 *(_t1620 - 4) = 0xb;
													E00401CEB(_t1195,  *((intOrPtr*)(_t1620 - 0x1dc)));
													_t1602 = _t1602 + 1;
													__eflags = _t1602 -  *(_t1578 + 4);
												} while (_t1602 <  *(_t1578 + 4));
												goto L93;
											} else {
												E00401CEB(E00401CEB(_t882,  *(_t1620 - 0x60)),  *(_t1620 - 0x54));
												 *(_t1620 - 4) = 8;
												L0045FFAA(0, _t1620 - 0x70);
												 *(_t1620 - 4) = 7;
												E0046004C(0, _t1620 - 0x98);
												 *(_t1620 - 4) = 6;
												L0045F9D6(_t1620 - 0xcc, __eflags);
												 *(_t1620 - 4) = 5;
												E00460C19(_t1620 - 0x11c);
												_t1203 =  *(_t1620 - 0x28);
												 *(_t1620 - 4) = 4;
												__eflags = _t1203;
												if(_t1203 != 0) {
													 *((intOrPtr*)( *_t1203 + 8))(_t1203);
												}
												 *(_t1620 - 4) = 3;
												E00460E4D(0, _t1620 - 0x88);
												goto L80;
											}
										} else {
											goto L79;
										}
									}
									if(__eflags > 0) {
										L75:
										 *(_t1620 - 0x14) =  *(_t1620 - 0x30);
										goto L76;
									}
									__eflags =  *(_t1620 - 0x14) -  *(_t1620 - 0x30);
									if( *(_t1620 - 0x14) <=  *(_t1620 - 0x30)) {
										goto L76;
									}
									goto L75;
								} else {
									__eflags = _t869 - 0xc;
									if(__eflags != 0) {
										__eflags = _t869 - 0x5f;
										if(__eflags != 0) {
											__eflags = _t869 - 0xe;
											if(__eflags != 0) {
												goto L72;
											}
											_t1522 = E00421F1C(_t1577, __eflags);
											_t1218 =  *(_t1620 - 0x14);
											__eflags = _t1218 % _t1522;
											_t1219 = _t1218 / _t1522;
											L71:
											 *(_t1620 - 0x14) = _t1219;
											goto L72;
										}
										 *(_t1620 - 0xa0) = 1;
										_t1599 = E00421EF8(_t1577, __eflags);
										__eflags = _t1599;
										if(__eflags < 0) {
											L55:
											_t1221 = E00421F49(_t1577, __eflags);
											__eflags = _t1221;
											if(_t1221 != 0) {
												 *(_t1620 - 0xa0) = 2;
											}
											__eflags = _t1599;
											if(_t1599 >= 0) {
												L68:
												_t1219 =  *(_t1620 - 0x14) / _t1599;
												goto L71;
											} else {
												_t1592 = E0048CB70( *((intOrPtr*)(_t1620 - 0x48)),  *(_t1620 - 0x44),  *(_t1620 - 0x30),  *(_t1620 - 0x2c));
												 *(_t1620 - 0x74) = _t1551;
												_t1224 = L0045FB35(_t1551, __eflags);
												_t1615 = _t1224;
												 *(_t1620 - 0x44) = _t1551;
												_t1571 = _t1224 &  *(_t1620 - 0x44);
												_t1526 = 0;
												_t1225 = 1;
												__eflags = _t1571 - 0xffffffff;
												if(_t1571 != 0xffffffff) {
													_t1227 = E0048CB70(_t1592,  *(_t1620 - 0x74), _t1615,  *(_t1620 - 0x44));
													_t1526 = _t1571;
													_t1225 = _t1227 + 1;
													asm("adc ecx, ebx");
												}
												__eflags = _t1526;
												_t1572 = 0x100;
												if(__eflags > 0) {
													L64:
													_t1573 = _t1572 *  *(_t1620 - 0xa0);
													__eflags = _t1573;
													_t1599 = _t1573;
													L65:
													__eflags = _t1599 -  *(_t1620 - 0x14);
													if(_t1599 >  *(_t1620 - 0x14)) {
														_t1599 =  *(_t1620 - 0x14);
													}
													L0040BC98( *(_t1620 - 0x24), 0xd, _t1599);
													goto L68;
												} else {
													if(__eflags < 0) {
														L63:
														_t1572 = _t1225;
														goto L64;
													}
													__eflags = _t1225 - 0x100;
													if(_t1225 >= 0x100) {
														goto L64;
													}
													goto L63;
												}
											}
										}
										__eflags = _t1599 - 1;
										if(__eflags > 0) {
											goto L55;
										}
										L54:
										_t1599 = 1;
										goto L68;
									}
									_t1228 = E00421EF8(_t1577, __eflags);
									__eflags = _t1228;
									if(_t1228 < 0) {
										_t1229 = E0048CB70( *((intOrPtr*)(_t1620 - 0x48)),  *(_t1620 - 0x44),  *(_t1620 - 0x30),  *(_t1620 - 0x2c));
										_t1232 = E0048CB70(_t1229, _t1551, E00441EE5( *(_t1620 - 0x24), __eflags), 0) + 1;
										__eflags = _t1232;
										asm("adc edx, ebx");
										 *(_t1620 - 0xa0) = _t1551;
										_t1599 = 0x40;
										if(_t1232 == 0) {
											__eflags = _t1232 - _t1599;
											if(_t1232 < _t1599) {
												_t1599 = _t1232;
											}
										}
										goto L65;
									}
									__eflags = _t1228 - 1;
									if(_t1228 < 1) {
										goto L54;
									}
									__eflags = _t1228 - _t1599;
									if(_t1228 <= _t1599) {
										_t1599 = _t1228;
									}
									goto L68;
								}
							} else {
								_t1594 = 0;
								if( *((intOrPtr*)(_t1620 - 0x17c)) <= 0) {
									L79:
									_push( *(_t1620 - 0x20));
									_push(_t1620 - 0xd4);
									_push( *((intOrPtr*)(_t1620 + 0x1c)));
									_push( *((intOrPtr*)(_t1620 + 0x18)));
									_push( *((intOrPtr*)(_t1620 + 0x14)));
									_push(_t1620 - 0x194);
									_push( *((intOrPtr*)(_t1620 + 0xc)));
									_push( *((intOrPtr*)(_t1620 + 8)));
									_t1601 = E00460435( *((intOrPtr*)(_t1620 - 0x40)),  *((intOrPtr*)(_t1620 - 0x7c)));
									L80:
									 *(_t1620 - 4) = 2;
									L00453864(0, _t1620 - 0x33c);
									 *(_t1620 - 4) = 0;
									L004538D4(0, _t1620 - 0x194);
									_t1207 =  *(_t1620 - 0x20);
									 *(_t1620 - 4) =  *(_t1620 - 4) | 0xffffffff;
									if(_t1207 != 0) {
										 *((intOrPtr*)( *_t1207 + 8))(_t1207);
									}
									L235:
									_t897 = _t1601;
									L236:
									 *[fs:0x0] =  *((intOrPtr*)(_t1620 - 0xc));
									return _t897;
								} else {
									goto L35;
								}
								do {
									L35:
									_t1617 = ( *(_t1620 - 0x180))[_t1594];
									if(L0040BECC(( *(_t1620 - 0x180))[_t1594], 0xd) < 0) {
										L0040BC98(_t1617, 0xd,  *(_t1620 - 0x14));
									}
									_t1594 = _t1594 + 1;
								} while (_t1594 <  *((intOrPtr*)(_t1620 - 0x17c)));
								goto L79;
							}
						}
					} else {
						do {
							L00416DB2(_t1620 - 0x194, ( *(_t1620 - 0x180))[_t1598]);
							_t1598 = _t1598 + 1;
						} while (_t1598 <  *((intOrPtr*)(_t1620 - 0x17c)));
						goto L19;
					}
				} else {
					goto L1;
				}
				do {
					L1:
					_t1247 =  *((intOrPtr*)( *_t1576 +  *(_t1620 - 0x3c) * 4));
					if( *_t1247 == 0) {
						_t1618 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1620 + 8)))) +  *(_t1247 + 8) * 4));
						_push(_t1618);
						E004574A1(_t1620 - 0x20c, __eflags);
						 *((intOrPtr*)(_t1620 - 0x19c)) =  *((intOrPtr*)(_t1618 + 0x70));
						 *((char*)(_t1620 - 0x198)) =  *((intOrPtr*)(_t1618 + 0x74));
						_push(_t1620 - 0x20c);
						 *(_t1620 - 4) = 1;
						_t1253 = E0045A2C0( *((intOrPtr*)(_t1620 - 0x7c)));
						__eflags = _t1253;
						if(_t1253 != 0) {
							 *(_t1620 - 4) = 0;
							E0045736E(_t1620 - 0x20c);
							goto L189;
						} else {
							_t1255 = L0045FC2A(_t1620 - 0x20c);
							asm("adc edx, esi");
							_t49 = _t1620 - 0x1c;
							 *_t49 =  *(_t1620 - 0x1c) + _t1255 +  *((intOrPtr*)(_t1620 - 0x19c));
							__eflags =  *_t49;
							 *(_t1620 - 4) = 0;
							asm("adc [ebp-0x18], edx");
							E0045736E(_t1620 - 0x20c);
							_t1596 =  *((intOrPtr*)(_t1620 + 0x1c));
							goto L8;
						}
					} else {
						_t1574 =  *(_t1247 + 0x1c);
						 *(_t1620 - 0xa0) = _t1574;
						if(( *(_t1247 + 0x18) & _t1574) != 0xffffffff) {
							 *(_t1620 - 0x1c) =  *(_t1620 - 0x1c) +  *(_t1247 + 0x18);
							asm("adc [ebp-0x18], ecx");
						} else {
							 *(_t1620 - 0xe) = 1;
						}
						 *((intOrPtr*)(_t1620 - 0x48)) =  *((intOrPtr*)(_t1620 - 0x48)) +  *(_t1247 + 0x18);
						asm("adc [ebp-0x44], eax");
						 *(_t1620 - 0x30) =  *(_t1620 - 0x30) + 1;
						asm("adc [ebp-0x2c], ebx");
					}
					L8:
					 *(_t1620 - 0x1c) =  *(_t1620 - 0x1c) + 0x4c;
					asm("adc [ebp-0x18], ebx");
					 *(_t1620 - 0x3c) =  *(_t1620 - 0x3c) + 1;
				} while ( *(_t1620 - 0x3c) <  *((intOrPtr*)(_t1576 + 4)));
				goto L9;
			}

0x0045e37b
0x0045e380
0x0045e38b
0x0045e38e
0x0045e391
0x0045e394
0x0045e3a3
0x0045e3a6
0x0045e3a8
0x0045e3ab
0x0045e3ae
0x0045e3b1
0x0045e3b7
0x0045e3bc
0x0045e3bf
0x0045e3c2
0x0045e3c5
0x0045e3c8
0x0045e49f
0x0045e49f
0x0045e4a4
0x0045e4a9
0x0045e4ac
0x0045e4ac
0x0045e4af
0x0045e4b3
0x0045e4b6
0x0045e4b9
0x0045e4c4
0x0045e4c4
0x0045e4ca
0x0045e4cd
0x0045e4d6
0x0045e4dd
0x0045e4e3
0x0045e4e8
0x0045e4ee
0x0045e4f2
0x0045e4fa
0x0045e4fa
0x0045e50c
0x0045e51a
0x0045e51d
0x0045e522
0x0045e526
0x0045e529
0x0045e52c
0x0045e536
0x0045e536
0x0045e539
0x0045e541
0x0045e560
0x0045e560
0x0045e565
0x0045e580
0x0045e580
0x0045e585
0x0045e58a
0x0045e58b
0x0045e590
0x0045e593
0x0045e5b2
0x0045e5b3
0x0045e5b6
0x00000000
0x00000000
0x0045e5b8
0x00000000
0x0045e595
0x0045e597
0x0045e59a
0x0045e5bb
0x0045e5bb
0x0045e5be
0x0045e5be
0x0045e5c2
0x0045e5c5
0x0045e5ce
0x0045e5ce
0x0045e5d4
0x0045e614
0x0045e617
0x0045e619
0x0045e61b
0x0045e61e
0x0045e620
0x0045e620
0x0045e61e
0x0045e623
0x0045e625
0x0045e76f
0x0045e76f
0x0045e772
0x0045e784
0x0045e784
0x0045e788
0x0045e78a
0x0045e78a
0x0045e78d
0x0045e790
0x0045e7fc
0x0045e801
0x0045e803
0x0045e807
0x0045e80c
0x0045e80f
0x0045e824
0x0045e827
0x0045e811
0x0045e811
0x0045e814
0x0045e816
0x0045e819
0x0045e81f
0x0045e81f
0x0045e829
0x0045e82b
0x0045e82e
0x0045e833
0x0045e833
0x0045e836
0x0045e83a
0x0045e83d
0x0045e841
0x0045e84c
0x0045e851
0x0045e85a
0x0045e85e
0x0045e861
0x0045e871
0x0045e87c
0x0045e881
0x0045e893
0x0045e897
0x0045e89d
0x0045e8a5
0x0045e8a9
0x0045e8ae
0x0045e8b1
0x0045e8b4
0x0045e8b7
0x0045e8ba
0x0045e8bd
0x0045e8ce
0x0045e8d7
0x0045e8d9
0x0045e8db
0x0045e94d
0x0045e950
0x0045e952
0x0045e955
0x0045e988
0x0045e988
0x0045e98b
0x0045e98d
0x0045e9c0
0x0045e9c0
0x0045e9c2
0x0045e9c5
0x0045eaab
0x0045eaab
0x0045eaae
0x0045eab5
0x0045eab7
0x0045eaba
0x0045eabd
0x0045f30e
0x0045f30e
0x0045f30f
0x0045f310
0x0045f317
0x0045f31c
0x0045f31e
0x0045f91a
0x0045f91f
0x0045f91f
0x0045f324
0x0045f324
0x0045f324
0x0045f921
0x0045f92c
0x0045f932
0x0045f93a
0x0045f945
0x0045f949
0x0045f954
0x0045f958
0x0045f963
0x0045f967
0x0045f96f
0x0045f973
0x0045f97e
0x0045f982
0x0045f98d
0x0045f991
0x0045f99c
0x0045f99f
0x0045f9a4
0x0045f9a4
0x0045f9a4
0x0045f9ab
0x00000000
0x00000000
0x00000000
0x00000000
0x0045eac3
0x0045eac3
0x0045eac6
0x0045eac9
0x0045eee7
0x0045eef2
0x0045eef8
0x0045eefb
0x0045ef10
0x0045ef13
0x0045ef1e
0x0045ef22
0x0045ef27
0x0045ef2a
0x0045ef2e
0x0045ef34
0x0045ef45
0x0045ef53
0x0045ef54
0x0045ef59
0x0045ef5b
0x0045f816
0x0045f8e6
0x0045f8ec
0x0045f8f0
0x0045f8fb
0x0045f8ff
0x00000000
0x0045f8ff
0x0045ef6e
0x0045ef73
0x0045ef75
0x0045f28e
0x0045f292
0x0045f29b
0x0045f29e
0x0045f2a5
0x0045f2a6
0x0045f2a7
0x0045f2ac
0x0045f2ae
0x0045f8e4
0x0045f8e4
0x00000000
0x0045f8e4
0x0045f2b4
0x0045f2c0
0x0045f2c1
0x0045f2c6
0x0045f2cd
0x0045f2d9
0x0045f2de
0x0045f2de
0x0045f2de
0x0045f2e1
0x0045f2e7
0x0045f2eb
0x0045f2f0
0x0045f2f4
0x0045f2fa
0x0045f2fa
0x00000000
0x0045f2fa
0x0045ef7b
0x0045ef7b
0x0045ef7e
0x0045ef9e
0x0045efa1
0x0045efa4
0x0045efa7
0x0045efaa
0x0045f05e
0x0045f064
0x0045f0ee
0x0045f0f6
0x0045f0f9
0x0045f0fc
0x0045f0ff
0x0045f101
0x0045f111
0x0045f115
0x0045f123
0x0045f12e
0x0045f132
0x0045f13d
0x0045f141
0x0045f141
0x0045f14f
0x0045f155
0x0045f158
0x0045f15b
0x0045f8d5
0x0045f8db
0x0045f8dd
0x0045f8df
0x0045f8df
0x00000000
0x0045f161
0x0045f161
0x0045f164
0x0045f906
0x0045f906
0x00000000
0x0045f906
0x0045f176
0x0045f17c
0x0045f181
0x0045f187
0x0045f18e
0x0045f190
0x00000000
0x00000000
0x0045f19c
0x0045f1a7
0x0045f1ac
0x0045f1af
0x0045f269
0x0045f26c
0x0045f27f
0x0045f280
0x0045f280
0x0045f282
0x00000000
0x0045f282
0x0045f1b8
0x0045f1be
0x00000000
0x00000000
0x0045f1c4
0x0045f1ca
0x0045f1d0
0x00000000
0x00000000
0x0045f1d9
0x0045f1de
0x0045f1e0
0x00000000
0x00000000
0x0045f1e9
0x0045f1ef
0x0045f1fa
0x0045f207
0x0045f20a
0x0045f213
0x0045f214
0x0045f219
0x0045f21c
0x0045f22a
0x0045f22a
0x0045f22c
0x0045f240
0x0045f24f
0x00000000
0x0045f24f
0x0045f21e
0x0045f220
0x0045f223
0x00000000
0x00000000
0x0045f225
0x0045f227
0x00000000
0x0045f227
0x0045f15b
0x0045f06a
0x0045f08a
0x0045f08f
0x0045f091
0x0045f094
0x0045f826
0x0045f82a
0x0045f835
0x0045f849
0x0045f84f
0x0045f857
0x0045f862
0x0045f866
0x0045f871
0x0045f875
0x0045f880
0x0045f884
0x0045f88c
0x0045f890
0x0045f89b
0x0045f89f
0x0045f8aa
0x0045f8ae
0x0045f8b9
0x0045f8bc
0x0045f8c1
0x0045f8c8
0x0045f8cd
0x00000000
0x0045f8cd
0x0045f09a
0x0045f0a6
0x0045f0a9
0x0045f0ac
0x0045f0ad
0x0045f0b2
0x0045f0b7
0x0045f0ba
0x0045f0c6
0x0045f0c6
0x0045f0c8
0x0045f0d9
0x0045f0e9
0x00000000
0x0045f0e9
0x0045f0bc
0x0045f0bf
0x00000000
0x00000000
0x0045f0c1
0x0045f0c3
0x00000000
0x0045f0c3
0x0045efb0
0x0045efb6
0x0045efb8
0x0045efb8
0x0045efc6
0x0045efc9
0x0045efcf
0x0045efd0
0x0045efd5
0x0045efd8
0x0045efe4
0x0045efe4
0x00000000
0x0045efda
0x0045efda
0x0045efdd
0x00000000
0x00000000
0x0045efdf
0x0045efe1
0x0045efe6
0x0045eff4
0x0045eff9
0x0045f006
0x0045f00b
0x0045f014
0x0045f018
0x0045f028
0x0045f039
0x0045f043
0x0045f048
0x0045f050
0x0045f054
0x00000000
0x0045f054
0x0045efd8
0x0045ef8e
0x00000000
0x0045ef8e
0x0045ef30
0x0045ef32
0x00000000
0x00000000
0x00000000
0x0045ef32
0x0045eefd
0x00000000
0x0045eefd
0x0045eacf
0x0045ead2
0x00000000
0x00000000
0x0045eae3
0x0045eae6
0x0045eae9
0x0045eaeb
0x00000000
0x00000000
0x0045eaf7
0x0045eafc
0x0045eb08
0x0045eb0c
0x0045eb11
0x0045eb17
0x0045eb1a
0x0045eb1e
0x0045ec7c
0x0045ec86
0x0045ec91
0x0045ec9a
0x0045eca6
0x0045ecac
0x0045ecae
0x0045f32b
0x0045f331
0x0045f335
0x0045f340
0x0045f354
0x0045f35a
0x0045f362
0x0045f36d
0x0045f371
0x0045f37c
0x0045f380
0x0045f38b
0x0045f38f
0x0045f394
0x0045f397
0x0045f39b
0x0045f39d
0x0045f3a2
0x0045f3a2
0x0045f3ab
0x0045f3af
0x0045f3ba
0x0045f3be
0x0045f3c9
0x0045f3cc
0x0045f3d1
0x0045f3d1
0x0045f3d4
0x0045f3d8
0x0045f3da
0x0045f3df
0x0045f3df
0x0045f3e2
0x00000000
0x0045f3e2
0x0045ecc1
0x0045eccf
0x0045ecd2
0x0045ecd7
0x0045ecda
0x00000000
0x00000000
0x0045ece0
0x0045ece3
0x0045eec9
0x0045eecf
0x0045eed3
0x0045eed8
0x0045eedc
0x00000000
0x0045eedc
0x0045ece9
0x0045ece9
0x0045ecf9
0x0045ed02
0x0045ed06
0x0045ed09
0x0045ed0f
0x0045ed16
0x0045ed20
0x0045ed23
0x0045ed26
0x0045ed29
0x0045ed89
0x0045ed8c
0x0045f4c3
0x0045f4c9
0x0045f4cc
0x0045f4d0
0x0045f4d2
0x0045f4d7
0x0045f4d7
0x0045f4e0
0x0045f4e4
0x0045f4ef
0x0045f503
0x0045f509
0x0045f511
0x0045f51c
0x0045f520
0x0045f52b
0x0045f52f
0x0045f53a
0x0045f53e
0x0045f543
0x0045f546
0x0045f54a
0x0045f54c
0x0045f551
0x0045f551
0x0045f55a
0x0045f55e
0x0045f569
0x0045f56d
0x0045f578
0x0045f57b
0x0045f580
0x0045f583
0x0045f587
0x0045f589
0x0045f58e
0x0045f58e
0x0045f591
0x00000000
0x0045f591
0x0045ed92
0x0045ed95
0x0045ed97
0x0045f59a
0x0045f5a0
0x0045f5a3
0x0045f5a7
0x0045f5a9
0x0045f5ae
0x0045f5ae
0x0045f5b7
0x0045f5bb
0x0045f5c6
0x0045f5da
0x0045f5e0
0x0045f5e8
0x0045f5f3
0x0045f5f7
0x0045f602
0x0045f606
0x0045f611
0x0045f615
0x0045f61a
0x0045f61d
0x0045f621
0x0045f623
0x0045f628
0x0045f628
0x0045f631
0x0045f635
0x0045f640
0x0045f644
0x0045f64f
0x0045f652
0x0045f657
0x0045f65a
0x0045f65e
0x0045f660
0x0045f665
0x0045f665
0x0045f668
0x00000000
0x0045f668
0x0045eda9
0x0045edae
0x0045edb5
0x0045edb8
0x0045edba
0x0045edbd
0x0045f673
0x0045f679
0x0045f67c
0x0045f680
0x0045f682
0x0045f687
0x0045f687
0x0045f690
0x0045f694
0x0045f69f
0x0045f6b3
0x0045f6b9
0x0045f6c1
0x0045f6cc
0x0045f6d0
0x0045f6db
0x0045f6df
0x0045f6ea
0x0045f6ee
0x0045f6f3
0x0045f6f6
0x0045f6fa
0x0045f6fc
0x0045f701
0x0045f701
0x0045f70a
0x0045f70e
0x0045f719
0x0045f71d
0x0045f728
0x0045f72b
0x0045f730
0x0045f733
0x0045f737
0x0045f739
0x0045f73e
0x0045f73e
0x0045f741
0x00000000
0x0045f741
0x0045edc4
0x0045edc8
0x0045edce
0x0045edd1
0x0045edd4
0x0045edd7
0x0045edf3
0x0045edf6
0x0045edf9
0x0045f749
0x0045f74c
0x0045f750
0x0045f752
0x0045f757
0x0045f757
0x0045f760
0x0045f764
0x0045f76f
0x0045f783
0x0045f789
0x0045f791
0x0045f79c
0x0045f7a0
0x0045f7ab
0x0045f7af
0x0045f7ba
0x0045f7be
0x0045f7c3
0x0045f7c6
0x0045f7ca
0x0045f7cc
0x0045f7d1
0x0045f7d1
0x0045f7da
0x0045f7de
0x0045f7e9
0x0045f7ed
0x0045f7f8
0x0045f7fb
0x0045f800
0x0045f807
0x0045f80c
0x00000000
0x0045f80c
0x0045ee02
0x0045ee05
0x0045ee11
0x0045ee16
0x0045ee19
0x0045ee28
0x0045ee2c
0x0045ee2e
0x0045ee34
0x0045ee38
0x0045ee3c
0x0045ee47
0x0045ee4d
0x0045ee55
0x0045ee63
0x0045ee6e
0x0045ee6e
0x0045ee6f
0x0045ee78
0x0045ee81
0x0045ee8a
0x0045ee93
0x0045ee9c
0x0045eea2
0x0045eead
0x0045eeb8
0x0045eec0
0x0045eec4
0x00000000
0x0045eec4
0x0045edd9
0x0045eddb
0x0045eddb
0x0045eddd
0x0045ede3
0x00000000
0x00000000
0x0045ede5
0x0045edeb
0x0045edee
0x0045edf1
0x00000000
0x00000000
0x00000000
0x0045edf1
0x00000000
0x0045eddb
0x0045ed34
0x0045ed36
0x0045ed3c
0x0045ed48
0x0045ed4d
0x0045ed57
0x0045ed59
0x0045ed5b
0x0045f3ed
0x0045f3f3
0x0045f3f6
0x0045f3fa
0x0045f3fc
0x0045f401
0x0045f401
0x0045f40a
0x0045f40e
0x0045f419
0x0045f41d
0x0045f422
0x0045f42d
0x0045f433
0x0045f43b
0x0045f446
0x0045f44a
0x0045f455
0x0045f459
0x0045f464
0x0045f468
0x0045f46d
0x0045f470
0x0045f474
0x0045f476
0x0045f47b
0x0045f47b
0x0045f484
0x0045f488
0x0045f493
0x0045f497
0x0045f4a2
0x0045f4a5
0x0045f4aa
0x0045f4ad
0x0045f4b1
0x0045f4b3
0x0045f4b8
0x0045f4b8
0x0045f4bb
0x00000000
0x0045f4bb
0x0045ed65
0x0045ed69
0x0045ed6f
0x0045ed72
0x0045ed76
0x0045ed78
0x0045ed81
0x0045ed81
0x00000000
0x0045ed78
0x0045eb24
0x0045eb27
0x00000000
0x00000000
0x00000000
0x0045f2ff
0x0045f302
0x0045f305
0x0045f305
0x00000000
0x00000000
0x00000000
0x00000000
0x0045e9cb
0x0045e9cb
0x0045e9ce
0x0045e9d3
0x0045e9d8
0x0045e9da
0x0045e9dd
0x00000000
0x00000000
0x0045e9e3
0x0045e9e5
0x0045e9eb
0x0045e9ee
0x0045e9f0
0x0045e9f4
0x0045ea06
0x0045ea06
0x0045e9f6
0x0045e9ff
0x0045e9ff
0x0045ea0a
0x0045ea0e
0x0045ea11
0x0045ea16
0x0045ea18
0x0045ea1b
0x0045ebde
0x0045ebe4
0x0045ebec
0x0045ebf7
0x0045ebfb
0x0045ec06
0x0045ec0a
0x0045ec15
0x0045ec19
0x0045ec1e
0x0045ec21
0x0045ec25
0x0045ec27
0x0045ec2c
0x0045ec2c
0x0045ec35
0x0045ec39
0x0045ec44
0x0045ec48
0x0045ec53
0x0045ec56
0x0045ec5b
0x0045ec5e
0x0045ec62
0x0045ec64
0x0045ec69
0x0045ec69
0x0045ec6c
0x00000000
0x0045ea21
0x0045ea27
0x0045ea2c
0x0045ea33
0x0045ea35
0x0045ea3a
0x0045ea3d
0x0045ea4a
0x0045ea4a
0x0045ea3f
0x0045ea3f
0x0045ea42
0x0045ea42
0x0045ea50
0x0045ea53
0x0045ea58
0x0045ea67
0x0045ea6a
0x0045ea6d
0x0045ea74
0x0045ea7d
0x0045ea83
0x0045ea89
0x0045ea94
0x0045ea96
0x0045ea98
0x00000000
0x0045ea9e
0x0045ea9e
0x0045ea9f
0x0045eaa2
0x00000000
0x00000000
0x0045eaa8
0x00000000
0x0045eaa8
0x0045ea98
0x0045ea1b
0x0045eb3d
0x0045eb43
0x0045eb4b
0x0045eb56
0x0045eb5a
0x0045eb65
0x0045eb69
0x0045eb74
0x0045eb78
0x0045eb7d
0x0045eb80
0x0045eb84
0x0045eb86
0x0045eb8b
0x0045eb8b
0x0045eb94
0x0045eb98
0x0045eba3
0x0045eba7
0x0045ebb2
0x0045ebb5
0x0045ebba
0x0045ebbd
0x0045ebc1
0x0045ebc3
0x0045ebc8
0x0045ebc8
0x0045ebcb
0x00000000
0x00000000
0x00000000
0x00000000
0x0045e98f
0x0045e98f
0x0045e99b
0x0045e9a1
0x0045e9a5
0x0045e9a9
0x0045e9b4
0x0045e9b8
0x0045e9bd
0x0045e9bd
0x0045e9bd
0x00000000
0x00000000
0x00000000
0x00000000
0x0045e957
0x0045e957
0x0045e962
0x0045e969
0x0045e96d
0x0045e972
0x0045e97c
0x0045e981
0x0045e983
0x0045e983
0x00000000
0x0045e8dd
0x0045e8e8
0x0045e8ee
0x0045e8f6
0x0045e901
0x0045e905
0x0045e910
0x0045e914
0x0045e91f
0x0045e923
0x0045e928
0x0045e92b
0x0045e92f
0x0045e931
0x0045e936
0x0045e936
0x0045e93f
0x0045e943
0x00000000
0x0045e943
0x00000000
0x00000000
0x00000000
0x0045e790
0x0045e774
0x0045e77e
0x0045e781
0x00000000
0x0045e781
0x0045e779
0x0045e77c
0x00000000
0x00000000
0x00000000
0x0045e62b
0x0045e62b
0x0045e62d
0x0045e697
0x0045e699
0x0045e758
0x0045e75a
0x00000000
0x00000000
0x0045e763
0x0045e765
0x0045e76a
0x0045e76a
0x0045e76c
0x0045e76c
0x00000000
0x0045e76c
0x0045e6a1
0x0045e6b0
0x0045e6b2
0x0045e6b4
0x0045e6c3
0x0045e6c5
0x0045e6ca
0x0045e6cc
0x0045e6ce
0x0045e6ce
0x0045e6d8
0x0045e6da
0x0045e74f
0x0045e754
0x00000000
0x0045e6dc
0x0045e6f0
0x0045e6f2
0x0045e6f5
0x0045e6fa
0x0045e6fc
0x0045e703
0x0045e706
0x0045e708
0x0045e709
0x0045e70c
0x0045e716
0x0045e71b
0x0045e71d
0x0045e720
0x0045e720
0x0045e722
0x0045e724
0x0045e729
0x0045e733
0x0045e733
0x0045e733
0x0045e73a
0x0045e73c
0x0045e73c
0x0045e73f
0x0045e741
0x0045e741
0x0045e74a
0x00000000
0x0045e72b
0x0045e72b
0x0045e731
0x0045e731
0x00000000
0x0045e731
0x0045e72d
0x0045e72f
0x00000000
0x00000000
0x00000000
0x0045e72f
0x0045e729
0x0045e6da
0x0045e6b6
0x0045e6b9
0x00000000
0x00000000
0x0045e6bb
0x0045e6bd
0x00000000
0x0045e6bd
0x0045e631
0x0045e636
0x0045e638
0x0045e65a
0x0045e674
0x0045e674
0x0045e677
0x0045e67b
0x0045e681
0x0045e682
0x0045e688
0x0045e68a
0x0045e690
0x0045e690
0x0045e68a
0x00000000
0x0045e682
0x0045e63a
0x0045e63d
0x00000000
0x00000000
0x0045e63f
0x0045e641
0x0045e647
0x0045e647
0x00000000
0x0045e641
0x0045e5d6
0x0045e5d6
0x0045e5de
0x0045e792
0x0045e792
0x0045e7a1
0x0045e7a8
0x0045e7ab
0x0045e7ae
0x0045e7b1
0x0045e7b2
0x0045e7b5
0x0045e7bd
0x0045e7bf
0x0045e7c5
0x0045e7c9
0x0045e7d4
0x0045e7d7
0x0045e7dc
0x0045e7df
0x0045e7e5
0x0045e7ee
0x0045e7ee
0x0045f9b0
0x0045f9b0
0x0045f9b2
0x0045f9b8
0x0045f9c0
0x00000000
0x00000000
0x00000000
0x0045e5e4
0x0045e5e4
0x0045e5ec
0x0045e5f8
0x0045e601
0x0045e601
0x0045e606
0x0045e607
0x00000000
0x0045e60f
0x0045e5d4
0x0045e543
0x0045e543
0x0045e552
0x0045e557
0x0045e558
0x00000000
0x0045e543
0x00000000
0x00000000
0x00000000
0x0045e3ce
0x0045e3ce
0x0045e3d3
0x0045e3d8
0x0045e41f
0x0045e428
0x0045e429
0x0045e431
0x0045e43a
0x0045e449
0x0045e44a
0x0045e44e
0x0045e453
0x0045e455
0x0045e5a3
0x0045e5a6
0x00000000
0x0045e45b
0x0045e461
0x0045e476
0x0045e478
0x0045e478
0x0045e478
0x0045e47b
0x0045e47e
0x0045e481
0x0045e486
0x00000000
0x0045e486
0x0045e3da
0x0045e3dd
0x0045e3e2
0x0045e3eb
0x0045e3f6
0x0045e3ff
0x0045e3ed
0x0045e3ed
0x0045e3ed
0x0045e408
0x0045e40b
0x0045e40e
0x0045e412
0x0045e412
0x0045e489
0x0045e489
0x0045e48d
0x0045e490
0x0045e496
0x00000000

APIs

__EH_prolog.LIBCMT ref: 0045E37B
__aulldiv.LIBCMT ref: 0045E65A
__aulldiv.LIBCMT ref: 0045E66F
__aulldiv.LIBCMT ref: 0045E6E8
EnterCriticalSection.KERNEL32(?,?,?,00000000,00010000,00000001,00000001,?,?), ref: 0045ED09
LeaveCriticalSection.KERNEL32(?), ref: 0045ED69
WaitForMultipleObjects.KERNEL32(?,?,?,000000FF,?,?,?,00010000,00000001,00000001,?,?), ref: 0045F14F

Part of subcall function 004600E5: __EH_prolog.LIBCMT ref: 004600EA

LeaveCriticalSection.KERNEL32(?), ref: 0045EDC8

Part of subcall function 0045D999: EnterCriticalSection.KERNEL32(?,?,00000000,0045F2DE,0000001E,?,?,?,00000000,?,?,?,00000001,?,?,?), ref: 0045D9A1
Part of subcall function 0045D999: LeaveCriticalSection.KERNEL32(?), ref: 0045D9C4

LeaveCriticalSection.KERNEL32(?), ref: 0045F3ED
LeaveCriticalSection.KERNEL32(?), ref: 0045F4C3
LeaveCriticalSection.KERNEL32(?), ref: 0045F59A
LeaveCriticalSection.KERNEL32(?), ref: 0045F673
GetLastError.KERNEL32 ref: 0045F8D5
__aulldiv.LIBCMT ref: 0045E716

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Part of subcall function 0045FFAA: __EH_prolog.LIBCMT ref: 0045FFAF

Part of subcall function 0046004C: __EH_prolog.LIBCMT ref: 00460051

Part of subcall function 0045F9D6: __EH_prolog.LIBCMT ref: 0045F9DB
Part of subcall function 0045F9D6: DeleteCriticalSection.KERNEL32(?,00000000,?,0045F95D,00010000,00000001,00000001,?,?), ref: 0045F9FF

Part of subcall function 00460C19: DeleteCriticalSection.KERNEL32(?,00000000,0045F96C,00010000,00000001,00000001,?,?), ref: 00460C20

Part of subcall function 0045A2C0: __EH_prolog.LIBCMT ref: 0045A2C5

Strings

L, xrefs: 0045E489

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CriticalSection$Leave$H_prolog$__aulldiv$DeleteEnter$ErrorLastMultipleObjectsWaitfree
String ID: L
API String ID: 1958558281-2909332022
Opcode ID: 3f06f36e995a370f4dc33fc7714c619c105e0e015ef191a8b5a4e1547f7be25b
Instruction ID: 7ed773fc9df0e414340f6a4a47a091ff4bcb97a4eddaa1247fb14ee80b1065e7
Opcode Fuzzy Hash: 3f06f36e995a370f4dc33fc7714c619c105e0e015ef191a8b5a4e1547f7be25b
Instruction Fuzzy Hash: 57F29E30900259DFCF25EBA5C990ADDBBB0BF15305F2480AEE84967292DB385F4DCB56

Uniqueness

Uniqueness Score: -1.00%

Function 0044E32B, Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 511COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0044E330
memcmp.MSVCRT ref: 0044E3D4
memcpy.MSVCRT ref: 0044E479

Strings

, xrefs: 0044E55C
MSCF, xrefs: 0044E3CE, 0044E518

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prologmemcmpmemcpy
String ID: $MSCF
API String ID: 3420883286-3242247483
Opcode ID: 2962b7fc75fb76f93573777008f9f6cb067f8c66ab50ef25437ecec97afb2cac
Instruction ID: 33dea24741d1536caee4f92aeefd0ac2d5bf12b22c25c58d62a7611352753a16
Opcode Fuzzy Hash: 2962b7fc75fb76f93573777008f9f6cb067f8c66ab50ef25437ecec97afb2cac
Instruction Fuzzy Hash: F1223A70A002199FDB14DFA6C485BAEBBF0BF08304F14856EE8599B392D778E945CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0043CAE1, Relevance: 9.7, APIs: 4, Strings: 1, Instructions: 988COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043CAE6

Part of subcall function 00443F96: _CxxThrowException.MSVCRT(?,0049CCC0), ref: 00443FDF

Strings

, xrefs: 0043CB32

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionH_prologThrow
String ID:
API String ID: 461045715-3916222277
Opcode ID: 15ae7b785195b7bec286a40dd2face244120356c1abef16f7fa88a7dd7901cab
Instruction ID: 2cbdf5d9bc1ba581b021e9b1f27e8f81689b39675ffbd60fbd2fd7a222aa85e1
Opcode Fuzzy Hash: 15ae7b785195b7bec286a40dd2face244120356c1abef16f7fa88a7dd7901cab
Instruction Fuzzy Hash: 7F928A71900249DFDF14DFA8D984BAEBBB1AF48304F24409EE815AB391DB38ED45CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004084D7, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetDiskFreeSpaceExW,73B71190,000000FF,00000000,?,?,?,?,?,?,?,?,?,00406E71,00000001), ref: 004084F3
GetProcAddress.KERNEL32(00000000), ref: 004084FA
GetDiskFreeSpaceW.KERNEL32(00000001,00406E71,?,?,?,?,?,?,?,?,?,?,?,?,00406E71,00000001), ref: 0040854A

Strings

GetDiskFreeSpaceExW, xrefs: 004084E4
kernel32.dll, xrefs: 004084EE

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: AddressDiskFreeHandleModuleProcSpace
String ID: GetDiskFreeSpaceExW$kernel32.dll
API String ID: 1197914913-1127948838
Opcode ID: 477ed7999bbf94861ae3f6ecbd6608c917c30b055261e5ac74499a80cc037049
Instruction ID: 55fadd7cf94fabe6b5392bb16b0302a2899d9155b17c398a26d99bfaa99f5ad1
Opcode Fuzzy Hash: 477ed7999bbf94861ae3f6ecbd6608c917c30b055261e5ac74499a80cc037049
Instruction Fuzzy Hash: 292117B1900209BFDB11DF98CD81AEEBBF8FF58300F14846AE955A7250E734A945CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004089A6, Relevance: 4.7, APIs: 3, Instructions: 183timeCOMMON

Download Yara Rule

APIs

FileTimeToLocalFileTime.KERNEL32(?,00436C5F,00000000,?,?,00436BA4,00000000,00436C5F,004AA610,00000000,00000000), ref: 004089B7
FileTimeToSystemTime.KERNEL32(00436C5F,?,?,?,00436BA4,00000000,00436C5F,004AA610,00000000,00000000), ref: 004089C9
__aullrem.LIBCMT ref: 00408B27

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: Time$File$LocalSystem__aullrem
String ID:
API String ID: 2417234408-0
Opcode ID: 2dfdbdf11da150485ade1872c70bcd220e2a8fee6d8568641bd0e8ae21954067
Instruction ID: a99ef033bfe0811f69fe079fb554cf353f7e529a133ec6783e9808ed85857ebf
Opcode Fuzzy Hash: 2dfdbdf11da150485ade1872c70bcd220e2a8fee6d8568641bd0e8ae21954067
Instruction Fuzzy Hash: 3851D8B2E04355DBD710CF5A94C02EEFBF6EF79210F24846EE88493282D27A5D5AC720

Uniqueness

Uniqueness Score: -1.00%

Function 0044D018, Relevance: 4.6, APIs: 1, Strings: 1, Instructions: 1054COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0044D01D

Part of subcall function 00401CC4: malloc.MSVCRT ref: 00401CCA
Part of subcall function 00401CC4: _CxxThrowException.MSVCRT(?,0049CC28), ref: 00401CE4

Strings

W, xrefs: 0044D6BC

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionH_prologThrowmalloc
String ID: W
API String ID: 3978722251-655174618
Opcode ID: 2b5e1370a797d13dd1fe200aee7df367284b5b3bf899394db4ffca509b9cc51a
Instruction ID: 8cb6bc7ed13aa0a1805b5001c126fe82aae6796e1d07dad5342ee04a804952c3
Opcode Fuzzy Hash: 2b5e1370a797d13dd1fe200aee7df367284b5b3bf899394db4ffca509b9cc51a
Instruction Fuzzy Hash: 97A26B70E00259DFEB15CFA8C584BAEBBB4BF49314F28409AE845AB352C778ED41CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00445081, Relevance: 3.5, APIs: 2, Instructions: 484COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00445086

Part of subcall function 004437F9: _CxxThrowException.MSVCRT(?,004A4BC8), ref: 0044380C

Part of subcall function 00443865: memcpy.MSVCRT ref: 0044388B

_CxxThrowException.MSVCRT(?,004A4C08), ref: 004454F1

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionThrow$H_prologmemcpy
String ID:
API String ID: 3273695820-0
Opcode ID: a4c5c2a5b070772be3aebf6436d2f28bc81af448adb7bed7b8f989bca7604f3f
Instruction ID: 349b51ed9286516324bf436291830e45a0e8b44f8a0973cc0284464d132d4bb6
Opcode Fuzzy Hash: a4c5c2a5b070772be3aebf6436d2f28bc81af448adb7bed7b8f989bca7604f3f
Instruction Fuzzy Hash: CB228070900649EFEF14DFA5C581BEEBBB1BF05304F14806EE409AB252D778AA85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0047DE90, Relevance: 2.8, APIs: 2, Instructions: 305COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 0047DF5A

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 5a172025a2a34e720e80f6dd60f1d353d3b91451671ec61b039a52deb6cd60c5
Instruction ID: e39a237bdd491c184865384222c6e073926e7bdd2a1892f0bd533beee4c4f3b2
Opcode Fuzzy Hash: 5a172025a2a34e720e80f6dd60f1d353d3b91451671ec61b039a52deb6cd60c5
Instruction Fuzzy Hash: BCC160709187458FC724CF2AC58026BB7F1BF89304F508A6FE58A87751E3B8E945CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00465FE0, Relevance: 1.9, Strings: 1, Instructions: 663COMMON

Download Yara Rule

Strings

YA1, xrefs: 00465FE6

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID: YA1
API String ID: 0-613462611
Opcode ID: 72d609ae754b53d6e16d783110476ebb1530867ec451a6cb9accc74ac89a581d
Instruction ID: f1f38d2449a9ac9414aab63fa150cf14235e3557c722297b5d1c1034f0881fbe
Opcode Fuzzy Hash: 72d609ae754b53d6e16d783110476ebb1530867ec451a6cb9accc74ac89a581d
Instruction Fuzzy Hash: 4F4208716083818FC715CF28D59069FBBE2AFDA304F15496EE8C69B342E635D846CB87

Uniqueness

Uniqueness Score: -1.00%

Function 004019BD, Relevance: 1.8, APIs: 1, Instructions: 250COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004019C2

Part of subcall function 00406B81: FindCloseChangeNotification.KERNELBASE(00000000,?,00406AE4,000000FF,00000009,?,?,00000001), ref: 00406B8C

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ChangeCloseFindH_prologNotificationfree
String ID:
API String ID: 2779627247-0
Opcode ID: 8126dd646668583e9cd65fc78dae3c8202fb546b39aa54a19b9e9465b819eb99
Instruction ID: 0a263c67237bb8d567923cb365f399666c66823e08282a5b65aaf66b955a16db
Opcode Fuzzy Hash: 8126dd646668583e9cd65fc78dae3c8202fb546b39aa54a19b9e9465b819eb99
Instruction Fuzzy Hash: 5391C231D041199ADF15EBE8C591AEEB7B4AF15308F10413BE852772E1DB3CAE46CB68

Uniqueness

Uniqueness Score: -1.00%

Function 004721A0, Relevance: 1.7, Strings: 1, Instructions: 442COMMON

Download Yara Rule

Strings

, xrefs: 0047224C

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: cd8fc9ee6339bd92e26b924accd77f7b6a93d9454c30ffae72d062eabc5658e3
Instruction ID: b49a2e9552bfc0cb0f6a66c8b2e356f341b07e2c5c0f75d366088cd0faeda88c
Opcode Fuzzy Hash: cd8fc9ee6339bd92e26b924accd77f7b6a93d9454c30ffae72d062eabc5658e3
Instruction Fuzzy Hash: FA0293316083518BD724CF28C69079FBBE1BF99704F14892EE8C997351C7B8D945CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 00408D40, Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

Part of subcall function 00408D2D: GetCurrentProcess.KERNEL32(?,?,00408D4E), ref: 00408D32
Part of subcall function 00408D2D: GetProcessAffinityMask.KERNEL32(00000000), ref: 00408D39

GetSystemInfo.KERNEL32(?), ref: 00408D64

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: Process$AffinityCurrentInfoMaskSystem
String ID:
API String ID: 3251479945-0
Opcode ID: 6bee31b87b5541ceaf4e698e059586790249b920322fd3c3b7b9b524d2501961
Instruction ID: 843a4fcbb2c1764695aaff01e9a483ec4d23d4419857439f950bf1500c729cb7
Opcode Fuzzy Hash: 6bee31b87b5541ceaf4e698e059586790249b920322fd3c3b7b9b524d2501961
Instruction Fuzzy Hash: 71D05B74A0010D5BCF14EBB5D6869DE77B85E6430CF04017ED542F21D1DF74D9458794

Uniqueness

Uniqueness Score: -1.00%

Function 0046C350, Relevance: .6, Instructions: 570COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea1acb95b0c181cf985d6fdaa36e2d2a1517ee707675e152d44aebf879c59811
Instruction ID: 9a378c87b7391ece38c1a085019db2c34b50e852c3b66b9735cf06b8aa3872cb
Opcode Fuzzy Hash: ea1acb95b0c181cf985d6fdaa36e2d2a1517ee707675e152d44aebf879c59811
Instruction Fuzzy Hash: 1D22AE712043468FC728DF28C5D067ABBE2BF89340F54892EE5D687741E739E845CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00481290, Relevance: .6, Instructions: 556COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbb95bac9ae265a6ce758cdb5bb258a97b991a1b0fa5b1131229cb49ec98b77a
Instruction ID: fcce83ac5721f768b5cc4af75c9cd8ab904c794306e397cd3f4becd3be6fb6c4
Opcode Fuzzy Hash: bbb95bac9ae265a6ce758cdb5bb258a97b991a1b0fa5b1131229cb49ec98b77a
Instruction Fuzzy Hash: 70325C716002498FDB68DF29C9807DE37E6FF95304F10892AED4D8B355DB34AA8ACB45

Uniqueness

Uniqueness Score: -1.00%

Function 0047D4D0, Relevance: .5, Instructions: 481COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
Instruction ID: 9b552224c92d1b52213fe6467c9dbd054f749859cbedd4463a5a887569b6d046
Opcode Fuzzy Hash: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
Instruction Fuzzy Hash: 52022772E142114BC718CE28C5802B9BBF2FFC5344F158A3FE49E97684D638E848CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00486460, Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 670f6822d4c541ec28527503a5683c3de0658b45603552136f1662c23a7083fb
Instruction ID: d5562f1d050146f15312fdc9800edba32b10eb6a3a926de79faedac988ef067d
Opcode Fuzzy Hash: 670f6822d4c541ec28527503a5683c3de0658b45603552136f1662c23a7083fb
Instruction Fuzzy Hash: 84C1F0716087518FC368DF2DD49012AFBE2AF89304F298A6FE1D68B791C339E545CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00471D10, Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 688dc3d7a85807652613f26b0aa50f803764dac33cd85435022e2c5267d7de20
Instruction ID: e4702f9356a8e416d22bd2d3d82cd4f439e7b252bb822b58bf52e02c6c8639e6
Opcode Fuzzy Hash: 688dc3d7a85807652613f26b0aa50f803764dac33cd85435022e2c5267d7de20
Instruction Fuzzy Hash: 30A1D3316083418FD714CF2DC5806ABBBE1ABD9354F448A2EF4DA87361D735E946CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00469EC0, Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba2e7d18cb0a4b2aa6cc68605bf5a0f9e2530bc2fc172473e2667a9cd49d418a
Instruction ID: d47ccf53b5c8313dd64654655bcb6e6472546f8181af193f48500009b3ff3720
Opcode Fuzzy Hash: ba2e7d18cb0a4b2aa6cc68605bf5a0f9e2530bc2fc172473e2667a9cd49d418a
Instruction Fuzzy Hash: B2B1BD343087018BC718DF28C8906FBB7E2EF99314F54486EE89AC7341E779A955CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0047CD68, Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ef3a85183e3002fe42a0a148796e2a0343b3df6179ef6736291ebe652a2f59b
Instruction ID: 27fbc3219237f0081cc8af3dbba2c624413dcf0bc77b065555d03d15dd7cd461
Opcode Fuzzy Hash: 1ef3a85183e3002fe42a0a148796e2a0343b3df6179ef6736291ebe652a2f59b
Instruction Fuzzy Hash: BF81D973E0832547D7288A198980269B7E3BBD5380F17963FE4AD8B3C4D6748946C789

Uniqueness

Uniqueness Score: -1.00%

Function 00471A00, Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b96a3bfa2f071fda60c0812de3eea8bd7f1a293af8749856eb5c89b36b6714e8
Instruction ID: 2e00d5892e60b9f184a1efee0ba191c6f50ee342bb732a944eba86cc4c56c89c
Opcode Fuzzy Hash: b96a3bfa2f071fda60c0812de3eea8bd7f1a293af8749856eb5c89b36b6714e8
Instruction Fuzzy Hash: CE81C135A047018FC320DF29C180296F7E1FF99704F28C9AEC9999B721E776E946CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00404E85, Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dbd2e70fd8b496b8bc66b04f733a85823f4f1dbf96882d08c0b0cd5cc85f8ed
Instruction ID: 6d27802e9cd9f9eafa88637c7e274a6bb02ec14e9b9d24b67ee9e90653767d16
Opcode Fuzzy Hash: 6dbd2e70fd8b496b8bc66b04f733a85823f4f1dbf96882d08c0b0cd5cc85f8ed
Instruction Fuzzy Hash: DA518073E204214AE78CCE24DC217AA7692E788310F4BC2B99D8BAB6D5CD789851C7D4

Uniqueness

Uniqueness Score: -1.00%

Function 004785A0, Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b14259b363909f47c08b5e9c2d2292d0a1b7bd35c401dd425e102265623d2aa
Instruction ID: c30556c3926e4661b80bbd9c3976999ad62e1bb8b7822fd01a1d57e3c39ba5b6
Opcode Fuzzy Hash: 7b14259b363909f47c08b5e9c2d2292d0a1b7bd35c401dd425e102265623d2aa
Instruction Fuzzy Hash: 48515D75700B449BC724DF28C98466BB7E2BB88304F148A2ED58BC7B45DB79F845CB48

Uniqueness

Uniqueness Score: -1.00%

Function 004750A0, Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96a04a5173b4bd9d5d6841b077a7ddd58207c3d8f8e3d5e01ac2778752810a44
Instruction ID: 93567f719353d61df6b6ecb77b5b9f60bf4210eb590ed77b834985658eae2c4a
Opcode Fuzzy Hash: 96a04a5173b4bd9d5d6841b077a7ddd58207c3d8f8e3d5e01ac2778752810a44
Instruction Fuzzy Hash: 0741B371F109200AB34CCE269CC41662FC7C7CA386745C63EC595CA6E9DBBDC017C6A8

Uniqueness

Uniqueness Score: -1.00%

Function 004221D5, Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72c1d2a683874879174d131ccb4dddd1e2f70cb764b1e7878fe2ff4eea78678e
Instruction ID: 7a80b2c8fcd61af85828823e026896cf54081e0eb4aca01c99fedfb05ef14d94
Opcode Fuzzy Hash: 72c1d2a683874879174d131ccb4dddd1e2f70cb764b1e7878fe2ff4eea78678e
Instruction Fuzzy Hash: 363134233A040023CB0CCC3BCE027AFA1431BE422234ECF3A9C04CEF14D86CC8128008

Uniqueness

Uniqueness Score: -1.00%

Function 004015C8, Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 279fe9dd3ee55ca78b110aba9c823f3c998becf4313f8198fc89f726f5db1501
Instruction ID: 9c9c086d806cc255bc3ceb50429604d1176066315ab9fc284784c9833bce0c16
Opcode Fuzzy Hash: 279fe9dd3ee55ca78b110aba9c823f3c998becf4313f8198fc89f726f5db1501
Instruction Fuzzy Hash: F831503BAA09164BD70CCB68EC37BB92681E745305B88567EA94BCB3D1DB6D8800C74C

Uniqueness

Uniqueness Score: -1.00%

Function 0048D0D3, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e781e73348b070714efe4b9f1f387dbcbf5b044bf6c7f23a7a0004d2e0ca769a
Instruction ID: 833407bd0920120019556ae716048a39612b15bb0489df223f32132df82db669
Opcode Fuzzy Hash: e781e73348b070714efe4b9f1f387dbcbf5b044bf6c7f23a7a0004d2e0ca769a
Instruction Fuzzy Hash: E641C350C14B9652EB135F7CC842262B320BFAB204F00DB6AFDD179962FB32A544A655

Uniqueness

Uniqueness Score: -1.00%

Function 0048D421, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86d22ac803694251da3d5663bdc7c2053185f9a951a5658cb00391f05c9a66c7
Instruction ID: f0e07c96a7a1816cf4b7d975a0f320dc8aec0669452410dc6064623630d500ad
Opcode Fuzzy Hash: 86d22ac803694251da3d5663bdc7c2053185f9a951a5658cb00391f05c9a66c7
Instruction Fuzzy Hash: 02210532A021148BC701EF6ED88469B73E2EFC9365F67C93EDD8147285C635E90A8754

Uniqueness

Uniqueness Score: -1.00%

Function 0048D261, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
Instruction ID: 34889daf14d3a6c14a17ffb79a467875c911567a1d712a623464b4ca247c4d4d
Opcode Fuzzy Hash: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
Instruction Fuzzy Hash: 3221C532D0162587CB52DE6EF4845ABF391FBC536AF134B27ED8467290C628E8549BA0

Uniqueness

Uniqueness Score: -1.00%

Function 0048D33B, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
Instruction ID: d8922adb68d3983c78d403212ddac1bdede437e70217fcd3cf8142b68c384091
Opcode Fuzzy Hash: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
Instruction Fuzzy Hash: 4821257291042587C706EE2DE488A7BB3E1FFC4319F638A36DC828B1C0C628E805C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00478490, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6218bc90c9121070e7ea681b917aae75b2d4c0b4172c8a51d81b5e8232a49ff0
Instruction ID: b73803322570c3b1e186b56f860278cc2749336d912a505420bdc5abb35565fa
Opcode Fuzzy Hash: 6218bc90c9121070e7ea681b917aae75b2d4c0b4172c8a51d81b5e8232a49ff0
Instruction Fuzzy Hash: 5311427B3A0D0A47EB4C853CDC337A921C09745309B98A23DE25BCE3C1EBAEC446C649

Uniqueness

Uniqueness Score: -1.00%

Function 00475D80, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6700336f7b0bb0ff849bd550897cb9c8707ec0ba77a5ba505107a31791c3259
Instruction ID: ae19153941228c2ee8e3069703254880184749379195a647cd2d198081a887e2
Opcode Fuzzy Hash: e6700336f7b0bb0ff849bd550897cb9c8707ec0ba77a5ba505107a31791c3259
Instruction Fuzzy Hash: 4621AE366182428FC308DF18D88096BBBE6EBC9200F55857EE9848B301C635E906CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00475C80, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 498fc5ebbfeecfbcf2296925c243de6f1340bd1be4daeeabf25f5269120d48c6
Instruction ID: 2f7b534e05645812fea42df0ffd1383d89268abffa2248321c1c616e77a5b46f
Opcode Fuzzy Hash: 498fc5ebbfeecfbcf2296925c243de6f1340bd1be4daeeabf25f5269120d48c6
Instruction Fuzzy Hash: 251190722183464BC308CE1CDC805B7BBE5FBC9300F64897EE985C7341C625D9078794

Uniqueness

Uniqueness Score: -1.00%

Function 00488250, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3af33e5acb2622ca5ce706fc067ee6119db395a5f06535a4df2674a4d4b2c8d1
Instruction ID: ac0f6698675de2762856c6b10d2b15a6ddcc2fd5f99ac3c3bc9c63422d22352d
Opcode Fuzzy Hash: 3af33e5acb2622ca5ce706fc067ee6119db395a5f06535a4df2674a4d4b2c8d1
Instruction Fuzzy Hash: DC01D26519668989D781DA79D490759FE80F756302F9CC3E4D088CBB42DA89C54AC361

Uniqueness

Uniqueness Score: -1.00%

Function 0044427F, Relevance: 28.5, APIs: 13, Strings: 3, Instructions: 452
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E0044427F(void* __ecx, void* __edx, void* __eflags) {
				intOrPtr _t255;
				signed int _t271;
				void* _t272;
				signed int _t278;
				intOrPtr _t282;
				signed int _t285;
				signed int _t304;
				signed int _t305;
				intOrPtr _t306;
				void* _t314;
				char* _t315;
				void* _t317;
				char* _t318;
				void* _t319;
				char* _t320;
				signed int _t322;
				signed int _t333;
				intOrPtr _t337;
				signed int _t342;
				signed int _t344;
				signed int _t349;
				void* _t354;
				int _t357;
				signed int _t358;
				intOrPtr* _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t373;
				intOrPtr _t391;
				signed int _t393;
				intOrPtr _t399;
				signed int _t401;
				signed int _t407;
				intOrPtr* _t415;
				intOrPtr _t417;
				intOrPtr* _t418;
				char _t420;
				void* _t425;
				signed int _t431;
				intOrPtr* _t436;
				void* _t441;
				void* _t443;

				E0048C9C0(E004923C8, _t443);
				_t441 = __ecx;
				E004440DD(__ecx, __edx, _t443, __eflags, 0xb, 0);
				_t255 = L004439D0( *((intOrPtr*)(_t441 + 0x38)), __edx, __eflags);
				 *(_t443 - 0x4c) =  *(_t443 - 0x4c) & 0x00000000;
				 *(_t443 - 0x4b) =  *(_t443 - 0x4b) & 0x00000000;
				 *((intOrPtr*)(_t443 - 0x18)) = _t255;
				 *((intOrPtr*)(_t443 - 0x1c)) = 0;
				 *(_t443 - 4) = 0;
				L004437A6(_t443 - 0x50, __eflags, _t441,  *(_t443 + 8));
				_t436 =  *((intOrPtr*)(_t443 + 0xc));
				_t354 =  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38)) + 8)) +  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38))));
				 *((intOrPtr*)(_t436 + 4)) =  *((intOrPtr*)(_t443 - 0x18));
				 *(_t443 - 0x34) = _t354;
				L0044B6D8(_t436 + 0x30,  *((intOrPtr*)(_t443 - 0x18)) + 1);
				E00445C69(_t436 + 0x34,  *((intOrPtr*)(_t443 - 0x18)));
				L0044B6D8(_t436 + 0x38,  *((intOrPtr*)(_t443 - 0x18)) + 1);
				L0044B6D8(_t436 + 0x2c,  *((intOrPtr*)(_t443 - 0x18)) + 1);
				_t373 = 0;
				 *((intOrPtr*)(_t443 - 0x68)) = 0;
				 *((intOrPtr*)(_t443 - 0x64)) = 0;
				 *((intOrPtr*)(_t443 - 0x60)) = 0;
				 *(_t443 - 0x5c) = 0;
				 *((intOrPtr*)(_t443 - 0x58)) = 0;
				 *((intOrPtr*)(_t443 - 0x54)) = 0;
				_t450 =  *((intOrPtr*)(_t443 - 0x18));
				 *(_t443 - 4) = 2;
				 *((intOrPtr*)(_t443 - 0x30)) = 0;
				 *((intOrPtr*)(_t443 - 0x28)) =  *((intOrPtr*)(_t441 + 0x38));
				 *(_t443 - 0x2c) = 0;
				if( *((intOrPtr*)(_t443 - 0x18)) <= 0) {
					L63:
					_t357 =  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38)) + 8)) -  *(_t443 - 0x34) +  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38))));
					_t271 =  *(_t443 - 0x2c) << 2;
					 *((intOrPtr*)(_t271 +  *((intOrPtr*)(_t436 + 0x2c)))) =  *((intOrPtr*)(_t443 - 0x1c));
					 *((intOrPtr*)(_t271 +  *((intOrPtr*)(_t436 + 0x30)))) =  *((intOrPtr*)(_t443 - 0x30));
					_t431 =  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38)) + 8)) -  *(_t443 - 0x34) +  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38))));
					 *(_t271 +  *((intOrPtr*)(_t436 + 0x38))) = _t431;
					_t272 = L0040773D(_t436 + 0x3c, _t357);
					_t476 = _t357;
					if(_t357 != 0) {
						_t272 = memcpy( *(_t436 + 0x3c),  *(_t443 - 0x34), _t357);
					}
					E00401CEB(E00401CEB(_t272,  *(_t443 - 0x5c)),  *((intOrPtr*)(_t443 - 0x68)));
					 *(_t443 - 4) =  *(_t443 - 4) | 0xffffffff;
					L00443716(_t443 - 0x50);
					_t358 = 0;
					E004440DD(_t441, _t431, _t443, _t476, 0xc, 0);
					E00445C3C(_t436 + 0x28,  *((intOrPtr*)(_t443 - 0x1c)));
					if( *((intOrPtr*)(_t443 - 0x1c)) > 0) {
						do {
							_t282 = L004438D9( *((intOrPtr*)(_t441 + 0x38)));
							_t391 =  *((intOrPtr*)(_t436 + 0x28));
							 *((intOrPtr*)(_t391 + _t358 * 8)) = _t282;
							_t358 = _t358 + 1;
							 *(_t391 + _t358 * 8 - 4) = _t431;
						} while (_t358 <  *((intOrPtr*)(_t443 - 0x1c)));
					}
					goto L67;
				} else {
					while(1) {
						 *(_t443 - 0x3c) = _t373;
						 *(_t443 - 0x14) = _t373;
						_t431 =  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38)) + 8)) - _t354 +  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38))));
						 *( *((intOrPtr*)(_t436 + 0x38)) +  *(_t443 - 0x2c) * 4) = _t431;
						_t285 = L004439D0( *((intOrPtr*)(_t443 - 0x28)), _t431, _t450);
						 *(_t443 - 0x10) = _t285;
						if(_t285 == 0 || _t285 > 0x40) {
							break;
						}
						 *(_t443 - 0x38) =  *(_t443 - 0x38) & 0x00000000;
						if(_t285 <= 0) {
							_t361 =  *((intOrPtr*)(_t443 - 0x28));
							L37:
							_t393 = 1;
							if(_t285 != _t393 ||  *(_t443 - 0x14) != _t393) {
								_t431 =  *(_t443 - 0x14);
								__eflags = _t431 - _t285 - 1;
								if(_t431 < _t285 - 1) {
									L76:
									_push(0x4a4c08);
									_push(_t443 + 0xf);
									L0048CCA2();
									L77:
									_push(0x4a4c08);
									_push(_t443 + 0xf);
									L0048CCA2();
									L78:
									_push(0x4a4c08);
									_push(_t443 + 0xf);
									L0048CCA2();
									L79:
									_push(0x4a4c08);
									_push(_t443 + 0xf);
									L0048CCA2();
									L80:
									_push(0x4a4c08);
									_push(_t443 + 0xf);
									L0048CCA2();
									break;
								}
								E00414BDD(_t443 - 0x68, _t431);
								_t431 =  *(_t443 - 0x10);
								E00414BDD(_t443 - 0x5c, _t431);
								 *(_t443 + 8) =  *(_t443 + 8) & 0x00000000;
								__eflags =  *(_t443 - 0x10) - 1;
								if(__eflags <= 0) {
									L48:
									_t304 =  *(_t443 - 0x14) -  *(_t443 - 0x10) - 1;
									__eflags = _t304 - 1;
									 *(_t443 - 0x24) = _t304;
									if(_t304 == 1) {
										L53:
										_t305 = 0;
										__eflags = 0 -  *(_t443 - 0x10);
										if(__eflags >= 0) {
											L59:
											if(__eflags == 0) {
												goto L80;
											}
											goto L60;
										} else {
											goto L54;
										}
										while(1) {
											L54:
											_t401 =  *(_t443 - 0x5c);
											__eflags =  *((char*)(_t305 + _t401));
											if( *((char*)(_t305 + _t401)) == 0) {
												break;
											}
											_t305 = _t305 + 1;
											__eflags = _t305 -  *(_t443 - 0x10);
											if(_t305 <  *(_t443 - 0x10)) {
												continue;
											}
											L58:
											__eflags = _t305 -  *(_t443 - 0x10);
											goto L59;
										}
										 *(_t443 - 0x3c) = _t305;
										goto L58;
									}
									 *(_t443 + 8) =  *(_t443 + 8) & 0x00000000;
									__eflags = _t304;
									if(__eflags <= 0) {
										goto L53;
									} else {
										goto L50;
									}
									while(1) {
										L50:
										_t314 = L004439D0(_t361, _t431, __eflags);
										__eflags = _t314 -  *(_t443 - 0x14);
										if(_t314 >=  *(_t443 - 0x14)) {
											goto L79;
										}
										_t315 = _t314 +  *((intOrPtr*)(_t443 - 0x68));
										__eflags =  *_t315;
										if( *_t315 != 0) {
											goto L79;
										}
										 *(_t443 + 8) =  *(_t443 + 8) + 1;
										 *_t315 = 1;
										__eflags =  *(_t443 + 8) -  *(_t443 - 0x24);
										if(__eflags < 0) {
											continue;
										}
										goto L53;
									}
									goto L79;
								} else {
									goto L43;
								}
								while(1) {
									L43:
									_t317 = L004439D0( *((intOrPtr*)(_t441 + 0x38)), _t431, __eflags);
									__eflags = _t317 -  *(_t443 - 0x14);
									if(_t317 >=  *(_t443 - 0x14)) {
										goto L78;
									}
									_t318 = _t317 +  *((intOrPtr*)(_t443 - 0x68));
									__eflags =  *_t318;
									if(__eflags != 0) {
										goto L78;
									}
									 *_t318 = 1;
									_t319 = L004439D0( *((intOrPtr*)(_t441 + 0x38)), _t431, __eflags);
									_t407 =  *(_t443 - 0x10);
									__eflags = _t319 - _t407;
									if(_t319 >= _t407) {
										goto L77;
									}
									_t431 =  *(_t443 - 0x5c);
									_t320 = _t319 + _t431;
									__eflags =  *_t320;
									if( *_t320 != 0) {
										goto L77;
									}
									 *(_t443 + 8) =  *(_t443 + 8) + 1;
									 *_t320 = 1;
									__eflags =  *(_t443 + 8) - _t407 - 1;
									if(__eflags < 0) {
										continue;
									}
									goto L48;
								}
								goto L78;
							} else {
								 *(_t443 - 0x3c) =  *(_t443 - 0x3c) & 0x00000000;
								 *(_t443 - 0x24) = _t393;
								L60:
								_t362 =  *(_t443 - 0x2c);
								_t306 =  *((intOrPtr*)(_t443 - 0x1c));
								 *((intOrPtr*)( *((intOrPtr*)(_t436 + 0x2c)) + _t362 * 4)) = _t306;
								_t399 =  *((intOrPtr*)(_t443 - 0x30));
								 *((intOrPtr*)(_t443 - 0x1c)) = _t306 +  *(_t443 - 0x10);
								 *((intOrPtr*)( *((intOrPtr*)(_t436 + 0x30)) + _t362 * 4)) = _t399;
								if( *(_t443 - 0x24) >  *_t436 - _t399) {
									L004437F9(_t399);
								}
								 *((intOrPtr*)(_t443 - 0x30)) =  *((intOrPtr*)(_t443 - 0x30)) +  *(_t443 - 0x24);
								 *((char*)( *((intOrPtr*)(_t436 + 0x34)) + _t362)) =  *(_t443 - 0x3c);
								_t363 = _t362 + 1;
								 *(_t443 - 0x2c) = _t363;
								if(_t363 <  *((intOrPtr*)(_t443 - 0x18))) {
									_t354 =  *(_t443 - 0x34);
									_t373 = 0;
									__eflags = 0;
									continue;
								} else {
									goto L63;
								}
							}
						} else {
							goto L6;
						}
						while(1) {
							L6:
							_t361 =  *((intOrPtr*)(_t443 - 0x28));
							_t408 = _t361;
							_t322 = L00443847(_t361);
							 *(_t443 + 0xb) = _t322;
							if((_t322 & 0x000000c0) != 0) {
								break;
							}
							_t333 = _t322 & 0x0000000f;
							 *(_t443 - 0x20) = _t333;
							if(_t333 > 8) {
								L72:
								_push(0x4a4c08);
								_push(_t443 + 0xf);
								L0048CCA2();
								goto L73;
							} else {
								if( *(_t443 - 0x20) >  *((intOrPtr*)(_t361 + 4)) -  *((intOrPtr*)(_t361 + 8))) {
									L004437F9(_t408);
								}
								_t337 =  *_t361 +  *((intOrPtr*)(_t361 + 8));
								 *((intOrPtr*)(_t443 - 0x40)) = _t337;
								 *(_t443 - 0x48) = 0;
								 *(_t443 - 0x44) = 0;
								 *(_t443 - 0x24) = 0;
								if( *(_t443 - 0x20) <= 0) {
									L15:
									 *((intOrPtr*)(_t361 + 8)) =  *((intOrPtr*)(_t361 + 8)) +  *(_t443 - 0x20);
									if( *((intOrPtr*)(_t436 + 0x50)) < 0x80) {
										L00426CEB(_t436 + 0x4c,  *(_t443 - 0x48),  *(_t443 - 0x44));
									}
									_t460 =  *(_t443 + 0xb) & 0x00000010;
									 *(_t443 - 0x24) = 1;
									if(( *(_t443 + 0xb) & 0x00000010) == 0) {
										L20:
										 *(_t443 - 0x14) =  *(_t443 - 0x14) +  *(_t443 - 0x24);
										if( *(_t443 - 0x14) > 0x40) {
											goto L75;
										}
										_t464 =  *(_t443 + 0xb) & 0x00000020;
										if(( *(_t443 + 0xb) & 0x00000020) != 0) {
											_t342 = L004439D0(_t361, _t431, _t464);
											 *(_t443 + 8) = _t342;
											_t414 =  *((intOrPtr*)(_t361 + 4)) -  *((intOrPtr*)(_t361 + 8));
											if(_t342 >  *((intOrPtr*)(_t361 + 4)) -  *((intOrPtr*)(_t361 + 8))) {
												L004437F9(_t414);
												_t342 =  *(_t443 + 8);
											}
											if( *(_t443 - 0x48) != 0x21 ||  *(_t443 - 0x44) != 0) {
												__eflags =  *(_t443 - 0x48) - 0x30101;
												if( *(_t443 - 0x48) == 0x30101) {
													__eflags =  *(_t443 - 0x44);
													if( *(_t443 - 0x44) == 0) {
														__eflags = _t342 - 5;
														if(_t342 == 5) {
															_t415 =  *((intOrPtr*)(_t441 + 0x38));
															_t431 =  *(_t415 + 8);
															_t417 =  *((intOrPtr*)(_t431 +  *_t415 + 1));
															__eflags =  *((intOrPtr*)(_t436 + 0x48)) - _t417;
															if( *((intOrPtr*)(_t436 + 0x48)) < _t417) {
																 *((intOrPtr*)(_t436 + 0x48)) = _t417;
															}
														}
													}
												}
											} else {
												if(_t342 == 1) {
													_t418 =  *((intOrPtr*)(_t441 + 0x38));
													_t431 =  *(_t418 + 8);
													_t420 =  *((intOrPtr*)(_t431 +  *_t418));
													if( *((intOrPtr*)(_t436 + 0x44)) < _t420) {
														 *((char*)(_t436 + 0x44)) = _t420;
													}
												}
											}
											 *((intOrPtr*)(_t361 + 8)) =  *((intOrPtr*)(_t361 + 8)) + _t342;
										}
										 *(_t443 - 0x38) =  *(_t443 - 0x38) + 1;
										if( *(_t443 - 0x38) <  *(_t443 - 0x10)) {
											continue;
										} else {
											_t285 =  *(_t443 - 0x10);
											goto L37;
										}
									} else {
										_t344 = L004439D0(_t361, _t431, _t460);
										_t461 = _t344 - 0x40;
										 *(_t443 - 0x24) = _t344;
										if(_t344 > 0x40) {
											L73:
											_push(0x4a4c08);
											_push(_t443 + 0xf);
											L0048CCA2();
											L74:
											_push(0x4a4c08);
											_push(_t443 + 0xf);
											L0048CCA2();
											L75:
											_push(0x4a4c08);
											_push(_t443 + 0xf);
											L0048CCA2();
											goto L76;
										}
										if(L004439D0(_t361, _t431, _t461) != 1) {
											goto L74;
										}
										goto L20;
									}
								} else {
									while(1) {
										asm("cdq");
										_t364 = _t431;
										_t431 =  *(_t443 - 0x44);
										_t425 = 8;
										_t349 = E0048CD40( *(_t443 - 0x48), _t425, _t431);
										 *(_t443 - 0x24) =  *(_t443 - 0x24) + 1;
										 *(_t443 - 0x48) =  *( *(_t443 - 0x24) + _t337) & 0x000000ff | _t349;
										 *(_t443 - 0x44) = _t364 | _t431;
										if( *(_t443 - 0x24) >=  *(_t443 - 0x20)) {
											break;
										}
										_t337 =  *((intOrPtr*)(_t443 - 0x40));
									}
									_t436 =  *((intOrPtr*)(_t443 + 0xc));
									_t361 =  *((intOrPtr*)(_t443 - 0x28));
									goto L15;
								}
							}
						}
						_push(0x4a4c08);
						_push(_t443 + 0xf);
						L0048CCA2();
						goto L72;
					}
					_push(0x4a4c08);
					_push(_t443 + 0xf);
					L0048CCA2();
					L82:
					L004438C6( *((intOrPtr*)(_t441 + 0x38)), _t431);
					while(1) {
						L67:
						_t278 = L004438D9( *((intOrPtr*)(_t441 + 0x38)));
						if((_t278 | _t431) == 0) {
							break;
						}
						if(_t278 != 0xa || _t431 != 0) {
							goto L82;
						} else {
							E0044415D(_t441, _t431,  *((intOrPtr*)(_t443 - 0x18)), _t436 + 0xc);
							continue;
						}
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t443 - 0xc));
					return _t278;
				}
			}

0x00444284
0x00444292
0x00444296
0x0044429e
0x004442a3
0x004442a7
0x004442ab
0x004442ae
0x004442b7
0x004442bb
0x004442c3
0x004442cc
0x004442d1
0x004442d6
0x004442d9
0x004442e4
0x004442f1
0x004442fe
0x00444303
0x00444305
0x00444308
0x0044430b
0x0044430e
0x00444311
0x00444314
0x0044431a
0x0044431d
0x00444321
0x00444324
0x00444327
0x0044432a
0x0044462e
0x0044463d
0x00444642
0x00444646
0x0044464f
0x0044465b
0x00444660
0x00444666
0x0044466b
0x0044466d
0x00444676
0x0044467b
0x00444689
0x0044468e
0x00444697
0x0044469c
0x004446a3
0x004446ae
0x004446b6
0x004446b8
0x004446bb
0x004446c0
0x004446c3
0x004446c6
0x004446ca
0x004446ca
0x004446b8
0x00000000
0x00444330
0x00444337
0x0044433a
0x0044433d
0x0044434b
0x00444350
0x00444353
0x0044435a
0x0044435d
0x00000000
0x00000000
0x0044436c
0x00444372
0x004444ff
0x004444e7
0x004444e9
0x004444ec
0x00444504
0x00444508
0x0044450a
0x00444767
0x0044476a
0x00444775
0x00444776
0x0044477b
0x0044477e
0x00444789
0x0044478a
0x0044478f
0x00444792
0x0044479d
0x0044479e
0x004447a3
0x004447a6
0x004447b1
0x004447b2
0x004447b7
0x004447ba
0x004447c5
0x004447c6
0x00000000
0x004447c6
0x00444513
0x00444518
0x0044451e
0x00444526
0x0044452b
0x0044452d
0x00444580
0x00444587
0x00444589
0x0044458c
0x0044458f
0x004445c5
0x004445c5
0x004445c7
0x004445ca
0x004445e3
0x004445e3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004445cc
0x004445cc
0x004445cc
0x004445cf
0x004445d3
0x00000000
0x00000000
0x004445d5
0x004445d6
0x004445d9
0x00000000
0x00000000
0x004445e0
0x004445e0
0x00000000
0x004445e0
0x004445dd
0x00000000
0x004445dd
0x00444591
0x00444595
0x00444597
0x00000000
0x00000000
0x00000000
0x00000000
0x00444599
0x00444599
0x0044459b
0x004445a0
0x004445a3
0x00000000
0x00000000
0x004445ac
0x004445ae
0x004445b1
0x00000000
0x00000000
0x004445b7
0x004445ba
0x004445c0
0x004445c3
0x00000000
0x00000000
0x00000000
0x004445c3
0x00000000
0x00000000
0x00000000
0x00000000
0x0044452f
0x0044452f
0x00444532
0x00444537
0x0044453a
0x00000000
0x00000000
0x00444543
0x00444545
0x00444548
0x00000000
0x00000000
0x0044454e
0x00444554
0x00444559
0x0044455c
0x0044455e
0x00000000
0x00000000
0x00444564
0x00444567
0x00444569
0x0044456c
0x00000000
0x00000000
0x00444572
0x00444575
0x0044457b
0x0044457e
0x00000000
0x00000000
0x00000000
0x0044457e
0x00000000
0x004444f3
0x004444f3
0x004444f7
0x004445e9
0x004445ec
0x004445ef
0x004445f2
0x004445f8
0x004445fb
0x00444601
0x0044460b
0x0044460d
0x0044460d
0x00444618
0x0044461e
0x00444621
0x00444625
0x00444628
0x00444332
0x00444335
0x00444335
0x00000000
0x00000000
0x00000000
0x00000000
0x00444628
0x00000000
0x00000000
0x00000000
0x00444378
0x00444378
0x00444378
0x0044437b
0x0044437d
0x00444384
0x00444387
0x00000000
0x00000000
0x0044438d
0x00444393
0x00444396
0x00444717
0x0044471a
0x00444725
0x00444726
0x00000000
0x0044439c
0x004443a5
0x004443a7
0x004443a7
0x004443b1
0x004443b8
0x004443bb
0x004443be
0x004443c1
0x004443c4
0x00444400
0x00444408
0x00444412
0x0044441d
0x0044441d
0x00444422
0x00444426
0x0044442d
0x00444452
0x00444455
0x0044445c
0x00000000
0x00000000
0x00444462
0x00444466
0x0044446a
0x00444472
0x00444475
0x0044447a
0x0044447c
0x00444481
0x00444481
0x00444488
0x004444aa
0x004444b1
0x004444b3
0x004444b7
0x004444b9
0x004444bc
0x004444be
0x004444c1
0x004444c6
0x004444ca
0x004444cd
0x004444cf
0x004444cf
0x004444cd
0x004444bc
0x004444b7
0x00444490
0x00444493
0x00444495
0x00444498
0x0044449d
0x004444a3
0x004444a5
0x004444a5
0x004444a3
0x00444493
0x004444d2
0x004444d2
0x004444d5
0x004444de
0x00000000
0x004444e4
0x004444e4
0x00000000
0x004444e4
0x0044442f
0x00444431
0x00444436
0x00444439
0x0044443c
0x0044472b
0x0044472e
0x00444739
0x0044473a
0x0044473f
0x00444742
0x0044474d
0x0044474e
0x00444753
0x00444756
0x00444761
0x00444762
0x00000000
0x00444762
0x0044444c
0x00000000
0x00000000
0x00000000
0x0044444c
0x004443c6
0x004443cb
0x004443d4
0x004443da
0x004443dc
0x004443df
0x004443e0
0x004443e9
0x004443ec
0x004443f2
0x004443f8
0x00000000
0x00000000
0x004443c8
0x004443c8
0x004443fa
0x004443fd
0x00000000
0x004443fd
0x004443c4
0x00444396
0x00444706
0x00444711
0x00444712
0x00000000
0x00444712
0x004447ce
0x004447d9
0x004447da
0x004447df
0x004447e2
0x004446d0
0x004446d0
0x004446d3
0x004446dc
0x00000000
0x00000000
0x004446e5
0x00000000
0x004446f3
0x004446fc
0x00000000
0x004446fc
0x004446e5
0x004447f2
0x004447fa
0x004447fa

APIs

__EH_prolog.LIBCMT ref: 00444284

Part of subcall function 004439D0: _CxxThrowException.MSVCRT(?,004A4C08), ref: 004439F3

memcpy.MSVCRT ref: 00444676
_CxxThrowException.MSVCRT(?,004A4C08), ref: 00444712
_CxxThrowException.MSVCRT(?,004A4C08), ref: 00444726
_CxxThrowException.MSVCRT(?,004A4C08), ref: 0044473A
_CxxThrowException.MSVCRT(?,004A4C08), ref: 0044474E
_CxxThrowException.MSVCRT(?,004A4C08), ref: 00444762
_CxxThrowException.MSVCRT(?,004A4C08), ref: 00444776
_CxxThrowException.MSVCRT(?,004A4C08), ref: 0044478A
_CxxThrowException.MSVCRT(?,004A4C08), ref: 0044479E
_CxxThrowException.MSVCRT(?,004A4C08), ref: 004447B2
_CxxThrowException.MSVCRT(?,004A4C08), ref: 004447C6
_CxxThrowException.MSVCRT(?,004A4C08), ref: 004447DA

Part of subcall function 004437F9: _CxxThrowException.MSVCRT(?,004A4BC8), ref: 0044380C

Strings

@, xrefs: 00444458
, xrefs: 00444462
!, xrefs: 00444484

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionThrow$H_prologmemcpy
String ID: $!$@
API String ID: 3273695820-2517134481
Opcode ID: 2817d26b2998dc72d5a8b556bcd3429b42fe1ac043d1ed564fdcab4701542504
Instruction ID: 4378a44a826d7929f52bbb885d2073529e2b1a6e4dfa97473897cd731f40b222
Opcode Fuzzy Hash: 2817d26b2998dc72d5a8b556bcd3429b42fe1ac043d1ed564fdcab4701542504
Instruction Fuzzy Hash: 17129F74A01249EFEF04DFA5C5C1AEDBBB1BF85304F10845EE449AB752CB38A951CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0043A341, Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 179
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E0043A341(intOrPtr __ecx, intOrPtr __edx) {
				intOrPtr _t50;
				void* _t51;
				void* _t54;
				void* _t55;
				signed char* _t83;
				intOrPtr _t86;
				struct _IO_FILE** _t87;
				signed char _t91;
				intOrPtr _t133;
				signed int _t140;
				struct _IO_FILE** _t142;
				void* _t144;

				_t133 = __edx;
				E0048C9C0(E004916B0, _t144);
				 *((intOrPtr*)(_t144 - 0x18)) = __ecx;
				_t91 = 0;
				_t142 =  *(_t144 + 0x10);
				 *((intOrPtr*)(_t144 - 0x10)) = __edx;
				 *((intOrPtr*)(_t144 - 0x14)) = 0;
				if( *((intOrPtr*)(__edx + 0xf8)) == 0) {
					L4:
					_t83 =  *(_t144 + 8);
					if( *((intOrPtr*)(_t144 - 0x18)) != _t91 ||  *_t83 != _t91 || _t83[8] != _t91 || _t83[0x14] != _t91) {
						__eflags = _t142 - _t91;
						if(_t142 == _t91) {
							L31:
							_t50 = 2;
							goto L32;
						}
						_t51 = E00402BBE(_t144 - 0x24);
						_t140 = 0;
						__eflags = _t83[8];
						 *(_t144 - 4) = 0;
						if(_t83[8] != 0) {
							L00402F82(_t144 - 0x24, _t83[4]);
							_t51 = L00402ED3(_t144 - 0x24);
						}
						__eflags = _t83[0x14];
						if(__eflags <= 0) {
							L26:
							_t85 =  *_t83;
							__eflags =  *_t83;
							if(__eflags != 0) {
								_t54 = E0040518E(_t144 - 0x30, _t85, __eflags);
								 *(_t144 - 4) = 1;
								_t55 = L00402F46(_t144 - 0x24, __eflags, _t54);
								_t39 = _t144 - 4;
								 *_t39 =  *(_t144 - 4) & 0x00000000;
								__eflags =  *_t39;
								E00401CEB(_t55,  *((intOrPtr*)(_t144 - 0x30)));
								_t51 = L00402ED3(_t144 - 0x24);
							}
							__eflags =  *(_t144 - 0x20);
							if( *(_t144 - 0x20) != 0) {
								_push( *((intOrPtr*)(_t144 - 0x24)));
								_push(L"\nError:\n");
								_t51 = E00401EEF(E00401EEF(_t142));
							}
							E00401CEB(_t51,  *((intOrPtr*)(_t144 - 0x24)));
							goto L31;
						} else {
							do {
								L00402F46(_t144 - 0x24, __eflags,  *((intOrPtr*)(_t83[0x10] + _t140 * 4)));
								_t51 = L00402ED3(_t144 - 0x24);
								_t140 = _t140 + 1;
								__eflags = _t140 - _t83[0x14];
							} while (__eflags < 0);
							goto L26;
						}
					} else {
						_t86 =  *((intOrPtr*)(_t133 + 0xe0));
						if(_t86 != _t91) {
							__eflags = _t142 - _t91;
							if(_t142 != _t91) {
								E00401EDC(_t142);
								fputs("WARNINGS for files:",  *_t142);
								E00401EDC(_t142);
								E00401EDC(_t142);
								L0043A573( *((intOrPtr*)(_t144 - 0x10)) + 0xdc, _t142);
								fputs("WARNING: Cannot open ",  *_t142);
								fputs(" file",  *(E00402031(_t142, _t86)));
								__eflags = _t86 - 1;
								if(_t86 > 1) {
									fputc(0x73,  *_t142);
								}
								E00401EDC(_t142);
							}
							 *((intOrPtr*)(_t144 - 0x14)) = 1;
						} else {
							if( *((char*)(_t144 + 0x14)) != 0 &&  *((intOrPtr*)(_t133 + 0xf8)) == _t91) {
								_t87 =  *(_t144 + 0xc);
								if(_t87 != _t91) {
									if(_t142 != _t91) {
										E00401ECD(_t142);
									}
									fputs( *0x498e30,  *_t87);
									E00401EDC(_t87);
								}
							}
						}
						_t50 =  *((intOrPtr*)(_t144 - 0x14));
						L32:
						 *[fs:0x0] =  *((intOrPtr*)(_t144 - 0xc));
						return _t50;
					}
				}
				if(_t142 != 0) {
					E00401EDC(_t142);
					fputs("Scan WARNINGS for files and folders:",  *_t142);
					E00401EDC(_t142);
					E00401EDC(_t142);
					L0043A573( *((intOrPtr*)(_t144 - 0x10)) + 0xf4, _t142);
					fputs("Scan WARNINGS: ",  *_t142);
					E00402031(_t142,  *((intOrPtr*)( *((intOrPtr*)(_t144 - 0x10)) + 0xf8)));
					E00401EDC(_t142);
					_t133 =  *((intOrPtr*)(_t144 - 0x10));
					_t91 = 0;
				}
				 *((intOrPtr*)(_t144 - 0x14)) = 1;
				goto L4;
			}

0x0043a341
0x0043a346
0x0043a354
0x0043a358
0x0043a35b
0x0043a367
0x0043a36a
0x0043a36d
0x0043a3cf
0x0043a3d2
0x0043a3d5
0x0043a4b9
0x0043a4bb
0x0043a55f
0x0043a561
0x00000000
0x0043a561
0x0043a4c4
0x0043a4c9
0x0043a4cb
0x0043a4ce
0x0043a4d1
0x0043a4d9
0x0043a4e1
0x0043a4e1
0x0043a4e6
0x0043a4ea
0x0043a508
0x0043a508
0x0043a50a
0x0043a50c
0x0043a513
0x0043a51c
0x0043a520
0x0043a525
0x0043a525
0x0043a525
0x0043a52c
0x0043a535
0x0043a535
0x0043a53a
0x0043a53e
0x0043a540
0x0043a545
0x0043a551
0x0043a551
0x0043a559
0x00000000
0x0043a4ec
0x0043a4ec
0x0043a4f5
0x0043a4fd
0x0043a502
0x0043a503
0x0043a503
0x00000000
0x0043a4ec
0x0043a3f5
0x0043a3f5
0x0043a3fd
0x0043a440
0x0043a442
0x0043a446
0x0043a452
0x0043a458
0x0043a45f
0x0043a46f
0x0043a47b
0x0043a48e
0x0043a491
0x0043a495
0x0043a49b
0x0043a4a2
0x0043a4a5
0x0043a4a5
0x0043a4aa
0x0043a3ff
0x0043a403
0x0043a415
0x0043a41a
0x0043a422
0x0043a426
0x0043a426
0x0043a433
0x0043a439
0x0043a439
0x0043a41a
0x0043a403
0x0043a4b1
0x0043a562
0x0043a568
0x0043a570
0x0043a570
0x0043a3d5
0x0043a371
0x0043a375
0x0043a381
0x0043a387
0x0043a38e
0x0043a39e
0x0043a3b0
0x0043a3b7
0x0043a3be
0x0043a3c3
0x0043a3c6
0x0043a3c6
0x0043a3c8
0x00000000

APIs

__EH_prolog.LIBCMT ref: 0043A346
fputs.MSVCRT ref: 0043A3B0

Part of subcall function 00402031: fputs.MSVCRT ref: 0040204B

fputs.MSVCRT ref: 0043A381

Part of subcall function 0043A573: __EH_prolog.LIBCMT ref: 0043A578
Part of subcall function 0043A573: fputs.MSVCRT ref: 0043A5AB
Part of subcall function 0043A573: fputs.MSVCRT ref: 0043A5EF

fputs.MSVCRT ref: 0043A433
fputs.MSVCRT ref: 0043A452
fputs.MSVCRT ref: 0043A47B
fputs.MSVCRT ref: 0043A48E
fputc.MSVCRT ref: 0043A49B

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

Strings

Scan WARNINGS: , xrefs: 0043A3AB
Error:, xrefs: 0043A545
WARNINGS for files:, xrefs: 0043A44D
file, xrefs: 0043A489
WARNING: Cannot open , xrefs: 0043A476
Scan WARNINGS for files and folders:, xrefs: 0043A37C

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$H_prologfputc
String ID: Error:$ file$Scan WARNINGS for files and folders:$Scan WARNINGS: $WARNING: Cannot open $WARNINGS for files:
API String ID: 3294964263-2840245699
Opcode ID: 369cc2292fed4a3f09f923c88610d3465c87011c83f746ceaebf63edd70b47a1
Instruction ID: 8376b6e5e71166cd628edba4f1aaa595f55ecca5bd874fbd90a4062b93454f49
Opcode Fuzzy Hash: 369cc2292fed4a3f09f923c88610d3465c87011c83f746ceaebf63edd70b47a1
Instruction Fuzzy Hash: DF51E031A002059FCF19EF55D886AAEB7B1AF58304F20007FE441662D2DBB95E55CBAE

Uniqueness

Uniqueness Score: -1.00%

Function 00419229, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 166
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00419229(intOrPtr __ecx, void* __edx, void* __eflags) {
				signed int _t86;
				void* _t87;
				void* _t89;
				signed int _t98;
				long _t104;
				long _t109;
				signed int _t111;
				signed int _t139;
				intOrPtr* _t140;
				signed int _t143;
				char* _t144;
				void* _t146;
				void* _t147;

				E0048C9C0(0x48ed60, _t147);
				 *((intOrPtr*)(_t147 - 0x18)) = __ecx;
				L00402C91(_t147 - 0x28, __eflags, __edx);
				_t109 = 0;
				 *(_t147 - 4) = 0;
				_t143 = E004020A6( *(_t147 - 0x28), 0x3a);
				if(_t143 >= 0) {
					_t78 = E004020A6( *(_t147 - 0x28) + 2 + _t143 * 2, 0x3a);
					__eflags = _t78;
					if(_t78 < 0) {
						goto L1;
					}
					_t10 = _t143 + 1; // 0x1
					_t139 = _t78 + _t10;
					__eflags = _t139;
					if(_t139 < 0) {
						goto L1;
					}
					L00402C01(_t147 - 0x40,  *(_t147 - 0x28) + 2 + _t139 * 2);
					__eflags = _t139 -  *(_t147 - 0x24);
					if(_t139 <  *(_t147 - 0x24)) {
						 *(_t147 - 0x24) = _t139;
						( *(_t147 - 0x28))[_t139] = 0;
					}
					_t86 = E004180F9( *(_t147 - 0x28) + 2 + _t143 * 2, _t147 - 0x14);
					__eflags = _t86;
					if(_t86 == 0) {
						L29:
						_t144 = "Unsupported Map data size";
						goto L30;
					} else {
						__eflags =  *(_t147 - 0x14) - 2;
						if( *(_t147 - 0x14) < 2) {
							goto L29;
						}
						__eflags =  *(_t147 - 0x14) - 0x80000000;
						if( *(_t147 - 0x14) > 0x80000000) {
							goto L29;
						}
						__eflags =  *(_t147 - 0x14) & 0x00000001;
						if(( *(_t147 - 0x14) & 0x00000001) != 0) {
							goto L29;
						}
						__eflags = _t143 -  *(_t147 - 0x24);
						if(_t143 <  *(_t147 - 0x24)) {
							 *(_t147 - 0x24) = _t143;
							( *(_t147 - 0x28))[_t143] = _t109;
						}
						 *(_t147 - 0x10) = _t109;
						_t87 = OpenFileMappingW(4, _t109,  *(_t147 - 0x28));
						__eflags = _t87 - _t109;
						 *(_t147 - 0x10) = _t87;
						if(_t87 != _t109) {
							L15:
							_t146 = MapViewOfFile( *(_t147 - 0x10), 4, _t109, _t109,  *(_t147 - 0x14));
							__eflags = _t146 - _t109;
							if(_t146 != _t109) {
								 *(_t147 - 0x1c) = _t146;
								 *(_t147 - 4) = 3;
								_t89 = E00402BBE(_t147 - 0x34);
								__eflags =  *_t146 - _t109;
								 *(_t147 - 4) = 4;
								if( *_t146 == _t109) {
									_t91 =  *(_t147 - 0x14) >> 1;
									__eflags = _t91 - 1;
									if(_t91 <= 1) {
										L26:
										__eflags =  *(_t147 - 0x30) - _t109;
										_push( *(_t147 - 0x34));
										if( *(_t147 - 0x30) == _t109) {
											E00401CEB(_t91);
											UnmapViewOfFile(_t146);
											 *(_t147 - 4) = 1;
											E00419444(_t147 - 0x10);
											_t144 = 0;
										} else {
											E00401CEB(_t91);
											UnmapViewOfFile(_t146);
											 *(_t147 - 4) = 1;
											E00419444(_t147 - 0x10);
											_t144 = "Map data error";
										}
										goto L30;
									}
									_t53 = _t146 + 2; // 0x2
									_t140 = _t53;
									_t54 = _t91 - 1; // 0x0
									_t111 = _t54;
									do {
										_t98 =  *_t140;
										__eflags = _t98;
										if(_t98 != 0) {
											_t91 = E00401089(_t147 - 0x34, _t98);
										} else {
											E00418D4E( *((intOrPtr*)(_t147 - 0x18)), _t147 - 0x34,  *((intOrPtr*)(_t147 + 8)),  *((intOrPtr*)(_t147 + 0xc)),  *((intOrPtr*)(_t147 + 0x10)));
											_t91 =  *(_t147 - 0x34);
											 *(_t147 - 0x30) =  *(_t147 - 0x30) & 0x00000000;
											 *( *(_t147 - 0x34)) =  *( *(_t147 - 0x34)) & 0x00000000;
										}
										_t140 = _t140 + 2;
										_t111 = _t111 - 1;
										__eflags = _t111;
									} while (_t111 != 0);
									_t109 = 0;
									__eflags = 0;
									goto L26;
								}
								E00401CEB(_t89,  *(_t147 - 0x34));
								UnmapViewOfFile(_t146);
								 *(_t147 - 4) = 1;
								E00419444(_t147 - 0x10);
								_t144 = "Unsupported Map data";
								goto L30;
							}
							 *(_t147 - 4) = 1;
							E00419444(_t147 - 0x10);
							_t144 = "MapViewOfFile error";
							goto L30;
						} else {
							_t104 = GetLastError();
							__eflags = _t104 - _t109;
							if(_t104 == _t109) {
								goto L15;
							}
							 *(_t147 - 4) = 1;
							E00419444(_t147 - 0x10);
							_t144 = "Can not open mapping";
							L30:
							_t70 = _t147 - 4;
							 *_t70 =  *(_t147 - 4) & 0x00000000;
							__eflags =  *_t70;
							_t78 = E0041946C();
							L31:
							E00401CEB(_t78,  *(_t147 - 0x28));
							 *[fs:0x0] =  *((intOrPtr*)(_t147 - 0xc));
							return _t144;
						}
					}
				}
				L1:
				_t144 =  *0x496254; // 0x4962dc
				goto L31;
			}

0x0041922e
0x00419238
0x00419240
0x00419248
0x0041924e
0x00419256
0x0041925a
0x00419272
0x00419277
0x00419279
0x00000000
0x00000000
0x0041927b
0x0041927b
0x0041927f
0x00419281
0x00000000
0x00000000
0x0041928e
0x00419293
0x00419296
0x0041929b
0x0041929e
0x0041929e
0x004192ac
0x004192b1
0x004192b3
0x00419417
0x00419417
0x00000000
0x004192b9
0x004192b9
0x004192bd
0x00000000
0x00000000
0x004192c3
0x004192ca
0x00000000
0x00000000
0x004192d0
0x004192d4
0x00000000
0x00000000
0x004192da
0x004192dd
0x004192e2
0x004192e5
0x004192e5
0x004192e9
0x004192f2
0x004192f8
0x004192fa
0x004192fd
0x0041931f
0x0041932f
0x00419331
0x00419333
0x0041934b
0x00419351
0x00419355
0x0041935a
0x0041935d
0x00419361
0x0041938c
0x0041938e
0x00419391
0x004193d2
0x004193d2
0x004193d5
0x004193d8
0x004193fa
0x00419401
0x0041940a
0x0041940e
0x00419413
0x004193da
0x004193da
0x004193e1
0x004193ea
0x004193ee
0x004193f3
0x004193f3
0x00000000
0x004193d8
0x00419393
0x00419393
0x00419396
0x00419396
0x00419399
0x00419399
0x0041939c
0x0041939f
0x004193c6
0x004193a1
0x004193b0
0x004193b5
0x004193b8
0x004193bc
0x004193bc
0x004193cc
0x004193cd
0x004193cd
0x004193cd
0x004193d0
0x004193d0
0x00000000
0x004193d0
0x00419366
0x0041936d
0x00419376
0x0041937a
0x0041937f
0x00000000
0x0041937f
0x00419338
0x0041933c
0x00419341
0x00000000
0x004192ff
0x004192ff
0x00419305
0x00419307
0x00000000
0x00000000
0x0041930c
0x00419310
0x00419315
0x0041941c
0x0041941c
0x0041941c
0x0041941c
0x00419423
0x00419428
0x0041942b
0x00419439
0x00419441
0x00419441
0x004192fd
0x004192b3
0x0041925c
0x0041925c
0x00000000

APIs

__EH_prolog.LIBCMT ref: 0041922E
OpenFileMappingW.KERNEL32(00000004,00000000,?,?,?,00000000,?), ref: 004192F2
GetLastError.KERNEL32(?,00000000,?), ref: 004192FF

Strings

Map data error, xrefs: 004193F3
Can not open mapping, xrefs: 00419315
MapViewOfFile error, xrefs: 00419341
Unsupported Map data, xrefs: 0041937F
Unsupported Map data size, xrefs: 00419417

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ErrorFileH_prologLastMappingOpen
String ID: Can not open mapping$Map data error$MapViewOfFile error$Unsupported Map data$Unsupported Map data size
API String ID: 2221086200-220075109
Opcode ID: 0bebb2124a90c3c4c22c060d19e5016aea3e62f1adc0e12efbe316e30e883fc7
Instruction ID: b74d4ad8961a9db455cc8ebb61a4099edf6d24feee8d1e35a44e766036ce76ed
Opcode Fuzzy Hash: 0bebb2124a90c3c4c22c060d19e5016aea3e62f1adc0e12efbe316e30e883fc7
Instruction Fuzzy Hash: 0B518E3180421ADBCF01EBD4C995AEDBBB4BF18318F14447BE81177291D7785E86CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00434B02, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00434B02(struct _IO_FILE** __ecx, void* __edx) {
				void* _t18;
				void* _t30;
				struct _IO_FILE** _t46;
				void* _t51;
				void* _t53;
				void* _t55;

				E0048C9C0(E00490FA4, _t51);
				_t46 = __ecx;
				_t30 = __edx;
				fputs( *0x498148,  *__ecx);
				fputs("Path:     ",  *_t46);
				_t55 = _t53 - 0x4c + 0x10;
				_push(_t30);
				_t18 = E00401EDC(E00401EEF(_t46));
				_t31 =  *((intOrPtr*)(_t51 + 0xc));
				if( *((intOrPtr*)(_t51 + 0xc)) != 0) {
					L00402541(_t51 - 0x18);
					 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
					E00434627(_t51 - 0x18,  *_t31,  *((intOrPtr*)(_t31 + 4)));
					fputs( *0x498148,  *_t46);
					fputs("Size:     ",  *_t46);
					fputs( *(_t51 - 0x18),  *_t46);
					_t55 = _t55 + 0x18;
					_t18 = E00401CEB(E00401EDC(_t46),  *(_t51 - 0x18));
				}
				_t36 =  *((intOrPtr*)(_t51 + 8));
				if( *((intOrPtr*)(_t51 + 8)) != 0) {
					_t18 = E004089A6(_t36, _t51 - 0x58, 0);
					if(_t18 != 0) {
						fputs( *0x498148,  *_t46);
						fputs("Modified: ",  *_t46);
						fputs(_t51 - 0x58,  *_t46);
						_t18 = E00401EDC(_t46);
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t51 - 0xc));
				return _t18;
			}

0x00434b07
0x00434b18
0x00434b1a
0x00434b24
0x00434b2d
0x00434b2f
0x00434b34
0x00434b3c
0x00434b41
0x00434b46
0x00434b4b
0x00434b53
0x00434b5c
0x00434b69
0x00434b72
0x00434b79
0x00434b7b
0x00434b88
0x00434b8d
0x00434b8e
0x00434b93
0x00434b9a
0x00434ba1
0x00434bab
0x00434bb4
0x00434bbc
0x00434bc3
0x00434bc3
0x00434ba1
0x00434bce
0x00434bd6

APIs

__EH_prolog.LIBCMT ref: 00434B07
fputs.MSVCRT ref: 00434B24
fputs.MSVCRT ref: 00434B2D

Part of subcall function 00401EEF: __EH_prolog.LIBCMT ref: 00401EF4
Part of subcall function 00401EEF: fputs.MSVCRT ref: 00401F67

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

fputs.MSVCRT ref: 00434B69
fputs.MSVCRT ref: 00434B72
fputs.MSVCRT ref: 00434B79

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

fputs.MSVCRT ref: 00434BAB
fputs.MSVCRT ref: 00434BB4
fputs.MSVCRT ref: 00434BBC

Strings

Size: , xrefs: 00434B6D
Path: , xrefs: 00434B28
Modified: , xrefs: 00434BAF

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$H_prolog$fputcfree
String ID: Modified: $Path: $Size:
API String ID: 2632947726-3207571042
Opcode ID: 7df51fafa9b801793b4baafa27ddbdc4f49c532326528b24563117b01650e63a
Instruction ID: 1f27e13b674f5add9f72eba68eb907b5bb3ee639dd677c731e5c701dc17640d8
Opcode Fuzzy Hash: 7df51fafa9b801793b4baafa27ddbdc4f49c532326528b24563117b01650e63a
Instruction Fuzzy Hash: 6D214F31A00115ABCF05BBA6CC82AAEBF36EF95354F14003FF804661A1EF395961DF99

Uniqueness

Uniqueness Score: -1.00%

Function 0040A1D8, Relevance: 20.3, APIs: 16, Instructions: 267
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E0040A1D8(void* __eax, signed int _a4, intOrPtr _a8, signed int* _a12) {
				signed int _t56;
				intOrPtr* _t59;
				void* _t60;
				intOrPtr* _t61;
				intOrPtr* _t62;
				signed int _t63;
				intOrPtr* _t66;
				intOrPtr* _t67;
				intOrPtr* _t68;
				signed int* _t69;
				void* _t72;
				signed int _t73;
				void* _t75;
				void* _t76;
				void* _t77;
				signed int _t78;
				void* _t79;
				void* _t80;
				void* _t87;
				intOrPtr _t89;
				signed int _t90;

				_t69 = _a12;
				_t89 = _a8;
				 *_t69 =  *_t69 & 0x00000000;
				_t87 = 0x10;
				_push(_t87);
				_push(0x49c9d4);
				_push(_t89);
				L0048CB62();
				if(__eax == 0) {
					L1:
					_t90 = _a4;
					 *_t69 = _t90;
					L45:
					 *((intOrPtr*)(_t90 + 0x3c)) =  *((intOrPtr*)(_t90 + 0x3c)) + 1;
					return 0;
				}
				_push(_t87);
				_push(0x499ac0);
				_push(_t89);
				L0048CB62();
				if(__eax == 0) {
					goto L1;
				}
				_push(_t87);
				_push(0x4999f0);
				_push(_t89);
				L0048CB62();
				if(__eax == 0) {
					_t90 = _a4;
					_t63 = _t90;
					_t78 = _t90 + 4;
					L5:
					asm("sbb eax, eax");
					 *_t69 =  ~_t63 & _t78;
					goto L45;
				}
				_push(_t87);
				_push(0x4999d0);
				_push(_t89);
				L0048CB62();
				if(__eax == 0) {
					_t90 = _a4;
					_t63 = _t90;
					_t78 = _t90 + 8;
					goto L5;
				}
				_push(_t87);
				_push(0x499a10);
				_push(_t89);
				L0048CB62();
				if(__eax == 0) {
					_t90 = _a4;
					_t63 = _t90;
					_t78 = _t90 + 0xc;
					goto L5;
				}
				_push(_t87);
				_push(0x499c60);
				_push(_t89);
				L0048CB62();
				if(__eax == 0) {
					_t90 = _a4;
					_t63 = _t90;
					_t78 = _t90 + 0x10;
					goto L5;
				}
				_push(_t87);
				_push(0x499a00);
				_push(_t89);
				L0048CB62();
				if(__eax == 0) {
					_t90 = _a4;
					_t63 = _t90;
					_t78 = _t90 + 0x14;
					goto L5;
				}
				_push(_t87);
				_push(0x499c50);
				_push(_t89);
				L0048CB62();
				if(__eax == 0) {
					_t90 = _a4;
					_t63 = _t90;
					_t78 = _t90 + 0x18;
					goto L5;
				}
				_push(_t87);
				_push(0x499c10);
				_push(_t89);
				L0048CB62();
				if(__eax == 0) {
					_t90 = _a4;
					_t63 = _t90;
					_t78 = _t90 + 0x1c;
					goto L5;
				}
				_push(_t87);
				_push(0x4999e0);
				_push(_t89);
				L0048CB62();
				if(__eax == 0) {
					_t90 = _a4;
					_t63 = _t90;
					_t78 = _t90 + 0x20;
					goto L5;
				}
				_push(_t87);
				_push(0x499980);
				_push(_t89);
				L0048CB62();
				if(__eax != 0) {
					_push(_t87);
					_push(0x4999a0);
					_push(_t89);
					L0048CB62();
					if(__eax != 0) {
						_push(_t87);
						_push(0x499a90);
						_push(_t89);
						L0048CB62();
						if(__eax != 0) {
							_push(_t87);
							_push(0x499a70);
							_push(_t89);
							L0048CB62();
							if(__eax != 0) {
								_push(_t87);
								_push(0x499990);
								_push(_t89);
								L0048CB62();
								if(__eax != 0) {
									_push(_t87);
									_push(0x499a80);
									_push(_t89);
									L0048CB62();
									if(__eax != 0) {
										return 0x80004002;
									}
									_t90 = _a4;
									_t72 = _t90 + 0x90;
									if( *((intOrPtr*)(_t90 + 0x90)) != __eax) {
										L43:
										_t56 = _t90;
										_t73 = _t90 + 0x38;
										goto L44;
									}
									_t59 =  *((intOrPtr*)(_t90 + 0x94));
									_t60 =  *((intOrPtr*)( *_t59))(_t59, 0x499a80, _t72);
									if(_t60 == 0) {
										goto L43;
									}
								} else {
									_t90 = _a4;
									_t75 = _t90 + 0x8c;
									if( *((intOrPtr*)(_t90 + 0x8c)) != __eax) {
										L39:
										_t56 = _t90;
										_t73 = _t90 + 0x34;
										goto L44;
									}
									_t61 =  *((intOrPtr*)(_t90 + 0x94));
									_t60 =  *((intOrPtr*)( *_t61))(_t61, 0x499990, _t75);
									if(_t60 == 0) {
										goto L39;
									}
								}
							} else {
								_t90 = _a4;
								_t76 = _t90 + 0x88;
								if( *((intOrPtr*)(_t90 + 0x88)) != __eax) {
									L35:
									_t56 = _t90;
									_t73 = _t90 + 0x30;
									L44:
									asm("sbb eax, eax");
									 *_a12 =  ~_t56 & _t73;
									goto L45;
								}
								_t62 =  *((intOrPtr*)(_t90 + 0x94));
								_t60 =  *((intOrPtr*)( *_t62))(_t62, 0x499a70, _t76);
								if(_t60 == 0) {
									goto L35;
								}
							}
						} else {
							_t90 = _a4;
							_t77 = _t90 + 0x84;
							if( *((intOrPtr*)(_t90 + 0x84)) != __eax) {
								L31:
								_t63 = _t90;
								_t78 = _t90 + 0x2c;
								goto L5;
							}
							_t66 =  *((intOrPtr*)(_t90 + 0x94));
							_t60 =  *((intOrPtr*)( *_t66))(_t66, 0x499a90, _t77);
							if(_t60 == 0) {
								goto L31;
							}
						}
					} else {
						_t90 = _a4;
						_t79 = _t90 + 0x80;
						if( *((intOrPtr*)(_t90 + 0x80)) != __eax) {
							L27:
							_t63 = _t90;
							_t78 = _t90 + 0x28;
							goto L5;
						}
						_t67 =  *((intOrPtr*)(_t90 + 0x94));
						_t60 =  *((intOrPtr*)( *_t67))(_t67, 0x4999a0, _t79);
						if(_t60 == 0) {
							goto L27;
						}
					}
				} else {
					_t90 = _a4;
					_t80 = _t90 + 0x7c;
					if( *((intOrPtr*)(_t90 + 0x7c)) != __eax) {
						L23:
						_t63 = _t90;
						_t78 = _t90 + 0x24;
						goto L5;
					}
					_t68 =  *((intOrPtr*)(_t90 + 0x94));
					_t60 =  *((intOrPtr*)( *_t68))(_t68, 0x499980, _t80);
					if(_t60 == 0) {
						goto L23;
					}
				}
				return _t60;
			}

0x0040a1dc
0x0040a1e0
0x0040a1e4
0x0040a1e9
0x0040a1ea
0x0040a1eb
0x0040a1f0
0x0040a1f1
0x0040a1fb
0x0040a1fd
0x0040a1fd
0x0040a200
0x0040a4ac
0x0040a4ac
0x00000000
0x0040a4af
0x0040a207
0x0040a208
0x0040a20d
0x0040a20e
0x0040a218
0x00000000
0x00000000
0x0040a21a
0x0040a21b
0x0040a220
0x0040a221
0x0040a22b
0x0040a22d
0x0040a230
0x0040a232
0x0040a235
0x0040a237
0x0040a23b
0x00000000
0x0040a23b
0x0040a242
0x0040a243
0x0040a248
0x0040a249
0x0040a253
0x0040a255
0x0040a258
0x0040a25a
0x00000000
0x0040a25a
0x0040a25f
0x0040a260
0x0040a265
0x0040a266
0x0040a270
0x0040a272
0x0040a275
0x0040a277
0x00000000
0x0040a277
0x0040a27c
0x0040a27d
0x0040a282
0x0040a283
0x0040a28d
0x0040a28f
0x0040a292
0x0040a294
0x00000000
0x0040a294
0x0040a299
0x0040a29a
0x0040a29f
0x0040a2a0
0x0040a2aa
0x0040a2ac
0x0040a2af
0x0040a2b1
0x00000000
0x0040a2b1
0x0040a2b9
0x0040a2ba
0x0040a2bf
0x0040a2c0
0x0040a2ca
0x0040a2cc
0x0040a2cf
0x0040a2d1
0x00000000
0x0040a2d1
0x0040a2d9
0x0040a2da
0x0040a2df
0x0040a2e0
0x0040a2ea
0x0040a2ec
0x0040a2ef
0x0040a2f1
0x00000000
0x0040a2f1
0x0040a2f9
0x0040a2fa
0x0040a2ff
0x0040a300
0x0040a30a
0x0040a30c
0x0040a30f
0x0040a311
0x00000000
0x0040a311
0x0040a319
0x0040a31a
0x0040a31f
0x0040a320
0x0040a32a
0x0040a35a
0x0040a35b
0x0040a360
0x0040a361
0x0040a36b
0x0040a3a1
0x0040a3a2
0x0040a3a7
0x0040a3a8
0x0040a3b2
0x0040a3ed
0x0040a3ee
0x0040a3ef
0x0040a3f0
0x0040a3fa
0x0040a42e
0x0040a42f
0x0040a430
0x0040a431
0x0040a43b
0x0040a466
0x0040a46c
0x0040a46d
0x0040a46e
0x0040a478
0x00000000
0x0040a4b3
0x0040a47a
0x0040a483
0x0040a489
0x0040a49c
0x0040a49c
0x0040a49e
0x00000000
0x0040a49e
0x0040a48b
0x0040a496
0x0040a49a
0x00000000
0x00000000
0x0040a43d
0x0040a43d
0x0040a446
0x0040a44c
0x0040a45f
0x0040a45f
0x0040a461
0x00000000
0x0040a461
0x0040a44e
0x0040a459
0x0040a45d
0x00000000
0x00000000
0x0040a45d
0x0040a3fc
0x0040a3fc
0x0040a405
0x0040a40b
0x0040a422
0x0040a422
0x0040a424
0x0040a4a1
0x0040a4a3
0x0040a4aa
0x00000000
0x0040a4aa
0x0040a40d
0x0040a418
0x0040a41c
0x00000000
0x00000000
0x0040a41c
0x0040a3b4
0x0040a3b4
0x0040a3bd
0x0040a3c3
0x0040a3de
0x0040a3de
0x0040a3e0
0x00000000
0x0040a3e0
0x0040a3c5
0x0040a3d4
0x0040a3d8
0x00000000
0x00000000
0x0040a3d8
0x0040a36d
0x0040a36d
0x0040a376
0x0040a37c
0x0040a397
0x0040a397
0x0040a399
0x00000000
0x0040a399
0x0040a37e
0x0040a38d
0x0040a391
0x00000000
0x00000000
0x0040a391
0x0040a32c
0x0040a32c
0x0040a332
0x0040a335
0x0040a350
0x0040a350
0x0040a352
0x00000000
0x0040a352
0x0040a337
0x0040a346
0x0040a34a
0x00000000
0x00000000
0x0040a34a
0x0040a4bc

APIs

memcmp.MSVCRT ref: 0040A1F1
memcmp.MSVCRT ref: 0040A20E
memcmp.MSVCRT ref: 0040A221

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 9a7b9ac74bb92d14df564214dd007243ef163f3cba79895a80c1f9b25ab5801a
Instruction ID: 057e12d44663a4b02feb88be22e9a0f2f0fdee253a4c3ef141e4bd20b0564109
Opcode Fuzzy Hash: 9a7b9ac74bb92d14df564214dd007243ef163f3cba79895a80c1f9b25ab5801a
Instruction Fuzzy Hash: 21815E71600711ABDB209E25DC45FAB77A8AB61704B00447EFC4AA7381E738BE15C7AE

Uniqueness

Uniqueness Score: -1.00%

Function 00441108, Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 364
COMMON

Download Yara Rule

C-Code - Quality: 99%

			E00441108(void* __ecx, void* __eflags) {
				intOrPtr _t177;
				signed int _t180;
				void* _t181;
				signed int _t182;
				signed int _t183;
				void* _t186;
				signed int _t193;
				signed int* _t196;
				signed int _t197;
				char* _t200;
				char* _t201;
				signed int* _t202;
				signed int _t204;
				void* _t208;
				char _t209;
				char _t211;
				signed char _t212;
				void* _t213;
				signed int _t217;
				signed int _t229;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				intOrPtr _t239;
				void* _t249;
				char* _t251;
				intOrPtr* _t253;
				signed int _t254;
				char* _t257;
				void* _t264;
				void* _t269;
				signed int _t272;
				signed int _t276;
				signed int _t285;
				signed int _t287;
				void* _t289;
				void* _t290;
				void* _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int _t297;
				void* _t304;
				signed char* _t305;
				signed int _t306;
				void* _t307;
				signed int _t309;
				signed int _t310;
				signed int _t312;
				signed int _t313;
				void* _t314;

				E0048C9C0(E004920C8, _t314);
				E00408859( *((intOrPtr*)(_t314 + 0xc)));
				_t272 =  *(_t314 + 8);
				if(_t272 != 0xffffffff) {
					_t177 =  *((intOrPtr*)(__ecx + 0xc8));
					 *(_t314 - 0x65) =  *(_t314 - 0x65) & 0x00000000;
					_t239 =  *((intOrPtr*)(_t177 + _t272 * 4));
					 *(_t314 - 0x1c) =  *(_t314 - 0x1c) & 0x00000000;
					_t287 = 0xff;
					 *(_t314 - 0x10) = 0xff;
					 *((intOrPtr*)(_t314 - 0x24)) =  *((intOrPtr*)(__ecx + 0xcc)) + _t239;
					 *((intOrPtr*)(_t314 - 0x20)) =  *((intOrPtr*)(_t177 + 4 + _t272 * 4)) - _t239;
					_t180 = L004439D0(_t314 - 0x24, _t272, __eflags);
					 *(_t314 + 0xb) =  *(_t314 + 0xb) & 0x00000000;
					 *(_t314 - 0x30) = _t180;
					__eflags = _t180;
					if(_t180 == 0) {
						L84:
						_t181 = E00408683( *((intOrPtr*)(_t314 + 0xc)), _t314 + _t287 - 0x164);
						goto L85;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						__eflags = _t287 - 0x20;
						if(_t287 < 0x20) {
							break;
						}
						_t182 = L00443847(_t314 - 0x24);
						 *(_t314 - 0x15) = _t182;
						_t183 = _t182 & 0x0000000f;
						__eflags = _t183;
						 *(_t314 - 0x34) = _t183;
						_t233 = 0;
						_t304 =  *(_t314 - 0x1c) +  *((intOrPtr*)(_t314 - 0x24));
						 *(_t314 - 0x2c) = _t233;
						 *(_t314 - 0x28) = _t233;
						 *(_t314 - 0x14) = _t233;
						if(_t183 <= 0) {
							L7:
							 *(_t314 - 0x1c) =  *(_t314 - 0x1c) +  *(_t314 - 0x34);
							__eflags =  *(_t314 - 0x15) & 0x00000010;
							if(__eflags != 0) {
								L004439D0(_t314 - 0x24, _t272, __eflags);
								L004439D0(_t314 - 0x24, _t272, __eflags);
							}
							_t186 = 0;
							_t305 = 0;
							__eflags =  *(_t314 - 0x15) & 0x00000020;
							if(__eflags != 0) {
								_t186 = L004439D0(_t314 - 0x24, _t272, __eflags);
								_t272 =  *(_t314 - 0x1c);
								_t56 = _t314 - 0x1c;
								 *_t56 =  *(_t314 - 0x1c);
								__eflags =  *_t56;
								_t305 = _t272 +  *((intOrPtr*)(_t314 - 0x24));
							}
							 *(_t314 - 0x54) =  *(_t314 - 0x54) & 0x00000000;
							__eflags =  *(_t314 - 0x28);
							if(__eflags > 0) {
								L70:
								L00402541(_t314 - 0x64);
								 *(_t314 - 4) =  *(_t314 - 4) & 0x00000000;
								E00408FFB(_t314 - 0x64, _t233,  *(_t314 - 0x28));
								__eflags =  *(_t314 + 0xb);
								if( *(_t314 + 0xb) != 0) {
									_t287 = _t287 - 1;
									__eflags = _t287;
									 *((char*)(_t314 + _t287 - 0x164)) = 0x20;
								}
								_t306 =  *(_t314 - 0x60);
								__eflags = _t306;
								if(_t306 != 0) {
									_t189 = _t306 + 5;
									__eflags = _t306 + 5 - _t287;
									if(_t306 + 5 > _t287) {
										E00401CEB(_t189,  *((intOrPtr*)(_t314 - 0x64)));
										break;
									}
									_t287 = _t287 - _t306;
									_t191 = 0;
									__eflags = _t306;
									 *(_t314 - 0x10) = _t287;
									if(_t306 <= 0) {
										goto L78;
									}
									_t249 = _t314 + _t287 - 0x164;
									do {
										_t272 =  *((intOrPtr*)(_t191 +  *((intOrPtr*)(_t314 - 0x64))));
										 *(_t249 + _t191) = _t272;
										_t191 = _t191 + 1;
										__eflags = _t191 - _t306;
									} while (_t191 < _t306);
									goto L78;
								} else {
									_t287 = _t287 - E00440C5B(_t314 + _t287 - 0x164, _t233,  *(_t314 - 0x28));
									 *(_t314 - 0x10) = _t287;
									L78:
									 *(_t314 - 4) =  *(_t314 - 4) | 0xffffffff;
									E00401CEB(_t191,  *((intOrPtr*)(_t314 - 0x64)));
									goto L68;
								}
							} else {
								if(__eflags < 0) {
									L14:
									__eflags = _t233 - 0x30101;
									if(_t233 != 0x30101) {
										__eflags = _t233 - 0x21;
										if(_t233 != 0x21) {
											__eflags = _t233 - 0x30401;
											if(_t233 != 0x30401) {
												__eflags = _t233 - 3;
												if(_t233 != 3) {
													__eflags = _t233 - 0x303011b;
													if(_t233 != 0x303011b) {
														__eflags = _t233 - 0x3030103;
														if(_t233 != 0x3030103) {
															__eflags = _t233 - 0x6f10701;
															if(_t233 != 0x6f10701) {
																goto L70;
															}
															__eflags = _t186 - 1;
															 *(_t314 - 0x14) = "7zAES";
															if(_t186 < 1) {
																L24:
																_t193 =  *(_t314 - 0x14);
																__eflags = _t193;
																if(_t193 == 0) {
																	goto L70;
																}
																_t272 =  *_t193;
																_t307 = 0;
																__eflags = _t272;
																if(_t272 == 0) {
																	L27:
																	_t234 = 0;
																	__eflags =  *(_t314 - 0x54);
																	if( *(_t314 - 0x54) == 0) {
																		L29:
																		__eflags = _t234;
																		_t292 = _t234 + _t307;
																		if(_t234 != 0) {
																			_t292 = _t292 + 1;
																			__eflags = _t292;
																		}
																		__eflags =  *(_t314 + 0xb);
																		if( *(_t314 + 0xb) != 0) {
																			_t292 = _t292 + 1;
																			__eflags = _t292;
																		}
																		_t92 = _t292 + 5; // 0x104
																		__eflags = _t92 -  *(_t314 - 0x10);
																		if(_t92 >=  *(_t314 - 0x10)) {
																			_t287 =  *(_t314 - 0x10);
																			break;
																		} else {
																			 *(_t314 - 0x10) =  *(_t314 - 0x10) - _t292;
																			_t251 =  *(_t314 - 0x14);
																			_t196 = _t314 +  *(_t314 - 0x10) - 0x164;
																			 *_t196 = _t272;
																			_t197 =  &(_t196[0]);
																			__eflags = _t197;
																			while(1) {
																				_t251 =  &(_t251[1]);
																				__eflags = _t272;
																				if(_t272 == 0) {
																					break;
																				}
																				_t272 =  *_t251;
																				 *_t197 = _t272;
																				_t197 = _t197 + 1;
																			}
																			__eflags = _t234;
																			if(_t234 == 0) {
																				L65:
																				__eflags =  *(_t314 + 0xb);
																				if( *(_t314 + 0xb) != 0) {
																					_t293 = _t292 +  *(_t314 - 0x10);
																					__eflags = _t293;
																					 *((char*)(_t314 + _t293 - 0x165)) = 0x20;
																				}
																				_t287 =  *(_t314 - 0x10);
																				L68:
																				_t133 = _t314 - 0x30;
																				 *_t133 =  *(_t314 - 0x30) - 1;
																				__eflags =  *_t133;
																				 *(_t314 + 0xb) = 1;
																				if( *_t133 != 0) {
																					continue;
																				}
																				goto L84;
																			}
																			_t200 = _t314 + _t307 +  *(_t314 - 0x10) - 0x164;
																			 *_t200 = 0x3a;
																			_t201 = _t200 + 1;
																			 *_t201 =  *(_t314 - 0x54);
																			_t202 = _t201 + 1;
																			__eflags =  *(_t314 - 0x54);
																			_t253 = _t314 - 0x53;
																			if( *(_t314 - 0x54) == 0) {
																				goto L65;
																			} else {
																				goto L64;
																			}
																			do {
																				L64:
																				_t272 =  *_t253;
																				 *_t202 = _t272;
																				_t202 =  &(_t202[0]);
																				_t253 = _t253 + 1;
																				__eflags = _t272;
																			} while (_t272 != 0);
																			goto L65;
																		}
																	} else {
																		goto L28;
																	}
																	do {
																		L28:
																		_t234 = _t234 + 1;
																		__eflags =  *((char*)(_t314 + _t234 - 0x54));
																	} while ( *((char*)(_t314 + _t234 - 0x54)) != 0);
																	goto L29;
																} else {
																	goto L26;
																}
																do {
																	L26:
																	_t307 = _t307 + 1;
																	__eflags =  *((char*)(_t307 + _t193));
																} while ( *((char*)(_t307 + _t193)) != 0);
																goto L27;
															}
															_t272 = _t314 - 0x54;
															_t204 =  *_t305 & 0x0000003f;
															__eflags = _t204;
															_t254 = _t204;
															L61:
															E004017CF(_t254, _t272);
															goto L24;
														}
														 *(_t314 - 0x14) = 0x496038;
														goto L24;
													}
													 *(_t314 - 0x14) = "BCJ2";
													goto L24;
												}
												__eflags = _t186 - 1;
												 *(_t314 - 0x14) = 0x49603c;
												if(_t186 != 1) {
													goto L24;
												}
												_t272 = _t314 - 0x54;
												_t254 = ( *_t305 & 0x000000ff) + 1;
												goto L61;
											}
											__eflags = _t186 - 5;
											 *(_t314 - 0x14) = "PPMD";
											if(_t186 != 5) {
												goto L24;
											}
											 *(_t314 - 0x54) = 0x6f;
											E004017CF( *_t305 & 0x000000ff, _t314 - 0x53);
											_t208 = 0;
											__eflags =  *(_t314 - 0x53);
											if( *(_t314 - 0x53) == 0) {
												L47:
												_t257 = _t314 + _t208 - 0x53;
												_t209 = ":mem"; // 0x3a
												__eflags = _t209;
												 *_t257 = _t209;
												if(_t209 == 0) {
													L50:
													_t272 = _t305[1];
													L42:
													E00440F15(_t257, _t272);
													goto L24;
												}
												_t285 = ":mem" - _t257;
												__eflags = _t285;
												do {
													_t211 =  *((intOrPtr*)(_t285 + _t257 + 1));
													_t257 = _t257 + 1;
													__eflags = _t211;
													 *_t257 = _t211;
												} while (_t211 != 0);
												goto L50;
											} else {
												goto L46;
											}
											do {
												L46:
												_t208 = _t208 + 1;
												__eflags =  *((char*)(_t314 + _t208 - 0x53));
											} while ( *((char*)(_t314 + _t208 - 0x53)) != 0);
											goto L47;
										}
										__eflags = _t186 - 1;
										 *(_t314 - 0x14) = 0x496010;
										if(_t186 != 1) {
											goto L24;
										}
										_t212 =  *_t305;
										__eflags = _t212 & 0x00000001;
										if((_t212 & 0x00000001) != 0) {
											_t276 = 3;
											_t272 = _t276 << ((_t212 & 0x000000ff) >> 1) + 0xb;
											__eflags = _t272;
											_t257 = _t314 - 0x54;
											goto L42;
										}
										_t272 = _t314 - 0x54;
										_t254 = ((_t212 & 0x000000ff) >> 1) + 0xc;
										goto L61;
									}
									__eflags = _t186 - 5;
									 *(_t314 - 0x14) = "LZMA";
									if(_t186 == 5) {
										_t272 = _t305[1];
										_t213 = E00440F15(_t314 - 0x54, _t272);
										_t309 =  *_t305 & 0x000000ff;
										__eflags = _t309 - 0x5d;
										_t264 = _t314 + _t213 - 0x54;
										if(_t309 != 0x5d) {
											_t294 = 9;
											_t310 = 9;
											_t235 = 5;
											_t295 = _t309 % _t294;
											_t217 = _t309 / _t310;
											_t236 = _t217 / _t235;
											_t312 = 5;
											_t272 = _t217 % _t312;
											__eflags = _t295 - 3;
											_t313 = _t272;
											if(_t295 != 3) {
												_t272 = 0x495854;
												_t264 = E00410863(_t264, 0x495854, _t295);
											}
											__eflags = _t313;
											if(_t313 != 0) {
												_t272 = 0x495850;
												_t264 = E00410863(_t264, 0x495850, _t313);
											}
											__eflags = _t236 - 2;
											if(_t236 != 2) {
												_t272 = 0x495858;
												E00410863(_t264, 0x495858, _t236);
											}
											_t233 =  *(_t314 - 0x2c);
											_t287 =  *(_t314 - 0x10);
										}
									}
									goto L24;
								}
								__eflags = _t233 - 0xffffffff;
								if(_t233 > 0xffffffff) {
									goto L70;
								}
								goto L14;
							}
						} else {
							goto L5;
						}
						goto L7;
						L5:
						_t269 = 8;
						asm("cdq");
						 *(_t314 - 0x58) = ( *(_t314 - 0x14))[_t304] & 0x000000ff;
						_t297 = _t272;
						_t272 =  *(_t314 - 0x28);
						_t229 = E0048CD40(_t233, _t269, _t272);
						 *(_t314 - 0x14) =  &(( *(_t314 - 0x14))[1]);
						_t233 =  *(_t314 - 0x58) | _t229;
						__eflags =  *(_t314 - 0x14) -  *(_t314 - 0x34);
						 *(_t314 - 0x28) = _t297 | _t272;
						if( *(_t314 - 0x14) <  *(_t314 - 0x34)) {
							goto L5;
						} else {
							_t287 =  *(_t314 - 0x10);
							 *(_t314 - 0x2c) = _t233;
							goto L7;
						}
					}
					__eflags =  *(_t314 - 0x30);
					if( *(_t314 - 0x30) != 0) {
						__eflags = _t287 - 4;
						if(_t287 >= 4) {
							_t289 = _t287 - 1;
							 *((char*)(_t314 + _t289 - 0x164)) = 0x20;
							_t290 = _t289 - 1;
							 *((char*)(_t314 + _t290 - 0x164)) = 0x2e;
							_t291 = _t290 - 1;
							 *((char*)(_t314 + _t291 - 0x164)) = 0x2e;
							_t287 = _t291 - 1;
							__eflags = _t287;
							 *((char*)(_t314 + _t287 - 0x164)) = 0x2e;
						}
					}
					goto L84;
				} else {
					_t181 = 0;
					L85:
					 *[fs:0x0] =  *((intOrPtr*)(_t314 - 0xc));
					return _t181;
				}
			}

0x0044110d
0x0044111e
0x00441123
0x00441129
0x00441132
0x00441138
0x00441143
0x0044114a
0x0044114f
0x0044115b
0x0044115e
0x00441161
0x00441164
0x00441169
0x0044116d
0x00441170
0x00441172
0x0044154f
0x00441559
0x00000000
0x00000000
0x00000000
0x00000000
0x00441178
0x00441178
0x00441178
0x0044117b
0x00000000
0x00000000
0x00441184
0x0044118c
0x0044118f
0x0044118f
0x00441194
0x0044119a
0x0044119b
0x0044119e
0x004411a1
0x004411a4
0x004411a7
0x004411e2
0x004411e5
0x004411e8
0x004411ec
0x004411f1
0x004411f9
0x004411f9
0x004411fe
0x00441200
0x00441202
0x00441206
0x0044120b
0x00441213
0x00441216
0x00441216
0x00441216
0x00441219
0x00441219
0x0044121c
0x00441220
0x00441224
0x00441494
0x00441497
0x0044149f
0x004414a7
0x004414ac
0x004414b0
0x004414b2
0x004414b2
0x004414b3
0x004414b3
0x004414bb
0x004414be
0x004414c0
0x004414d9
0x004414dc
0x004414de
0x00441515
0x00000000
0x0044151a
0x004414e0
0x004414e2
0x004414e4
0x004414e6
0x004414e9
0x00000000
0x00000000
0x004414eb
0x004414f2
0x004414f5
0x004414f8
0x004414fb
0x004414fc
0x004414fc
0x00000000
0x004414c2
0x004414d2
0x004414d4
0x00441500
0x00441503
0x00441507
0x00000000
0x0044150c
0x0044122a
0x0044122a
0x00441235
0x00441235
0x0044123b
0x0044132e
0x00441331
0x0044136f
0x00441375
0x004413cd
0x004413d0
0x004413eb
0x004413f1
0x004413ff
0x00441405
0x00441413
0x00441419
0x00000000
0x00000000
0x0044141b
0x0044141e
0x00441425
0x004412c7
0x004412c7
0x004412ca
0x004412cc
0x00000000
0x00000000
0x004412d2
0x004412d4
0x004412d6
0x004412d8
0x004412e1
0x004412e1
0x004412e3
0x004412e6
0x004412f0
0x004412f0
0x004412f2
0x004412f5
0x004412f7
0x004412f7
0x004412f7
0x004412f8
0x004412fc
0x004412fe
0x004412fe
0x004412fe
0x004412ff
0x00441302
0x00441305
0x0044151d
0x00000000
0x0044130b
0x0044130b
0x0044130e
0x00441314
0x0044131b
0x0044131d
0x0044131d
0x0044131e
0x0044131e
0x0044131f
0x00441321
0x00000000
0x00000000
0x00441327
0x00441329
0x0044132b
0x0044132b
0x0044143f
0x00441441
0x0044146c
0x0044146c
0x00441470
0x00441475
0x00441475
0x00441477
0x00441477
0x0044147f
0x00441482
0x00441482
0x00441482
0x00441482
0x00441485
0x00441489
0x00000000
0x00000000
0x00000000
0x0044148f
0x00441448
0x0044144f
0x00441455
0x00441456
0x00441458
0x00441459
0x0044145d
0x00441460
0x00000000
0x00000000
0x00000000
0x00000000
0x00441462
0x00441462
0x00441462
0x00441464
0x00441466
0x00441467
0x00441468
0x00441468
0x00000000
0x00441462
0x00000000
0x00000000
0x00000000
0x004412e8
0x004412e8
0x004412e8
0x004412e9
0x004412e9
0x00000000
0x00000000
0x00000000
0x00000000
0x004412da
0x004412da
0x004412da
0x004412db
0x004412db
0x00000000
0x004412da
0x0044142d
0x00441430
0x00441430
0x00441433
0x00441435
0x00441435
0x00000000
0x00441435
0x00441407
0x00000000
0x00441407
0x004413f3
0x00000000
0x004413f3
0x004413d2
0x004413d5
0x004413dc
0x00000000
0x00000000
0x004413e5
0x004413e8
0x00000000
0x004413e8
0x00441377
0x0044137a
0x00441381
0x00000000
0x00000000
0x0044138f
0x00441393
0x00441398
0x0044139a
0x0044139d
0x004413a7
0x004413a7
0x004413ab
0x004413b0
0x004413b2
0x004413b4
0x004413c8
0x004413c8
0x00441365
0x00441365
0x00000000
0x00441365
0x004413bb
0x004413bb
0x004413bd
0x004413bd
0x004413c1
0x004413c2
0x004413c4
0x004413c4
0x00000000
0x00000000
0x00000000
0x00000000
0x0044139f
0x0044139f
0x0044139f
0x004413a0
0x004413a0
0x00000000
0x0044139f
0x00441333
0x00441336
0x0044133d
0x00000000
0x00000000
0x0044133f
0x00441341
0x00441343
0x0044135f
0x00441360
0x00441360
0x00441362
0x00000000
0x00441362
0x0044134a
0x0044134d
0x00000000
0x0044134d
0x00441241
0x00441244
0x0044124b
0x0044124d
0x00441253
0x00441258
0x0044125b
0x0044125e
0x00441262
0x0044126a
0x00441271
0x00441274
0x00441277
0x0044127b
0x00441285
0x00441289
0x0044128a
0x0044128c
0x0044128f
0x00441291
0x00441294
0x0044129e
0x0044129e
0x004412a0
0x004412a2
0x004412a5
0x004412af
0x004412af
0x004412b1
0x004412b4
0x004412b7
0x004412bc
0x004412bc
0x004412c1
0x004412c4
0x004412c4
0x00441262
0x00000000
0x0044124b
0x0044122c
0x0044122f
0x00000000
0x00000000
0x00000000
0x0044122f
0x00000000
0x00000000
0x00000000
0x00000000
0x004411a9
0x004411ae
0x004411b3
0x004411b8
0x004411bb
0x004411bd
0x004411c0
0x004411cc
0x004411d2
0x004411d4
0x004411d7
0x004411da
0x00000000
0x004411dc
0x004411dc
0x004411df
0x00000000
0x004411df
0x004411da
0x00441520
0x00441524
0x00441526
0x00441529
0x0044152b
0x0044152c
0x00441534
0x00441535
0x0044153d
0x0044153e
0x00441546
0x00441546
0x00441547
0x00441547
0x00441529
0x00000000
0x0044112b
0x0044112b
0x00441560
0x00441564
0x0044156c
0x0044156c

APIs

__EH_prolog.LIBCMT ref: 0044110D

Part of subcall function 00408859: VariantClear.OLEAUT32(?), ref: 00408881

Strings

:mem, xrefs: 004413AB, 004413B6
., xrefs: 00441547
TXI, xrefs: 00441294
8`I, xrefs: 00441407
, xrefs: 00441477
, xrefs: 00441202
o, xrefs: 0044138F
XXI, xrefs: 004412B7
PXI, xrefs: 004412A5
LZMA2, xrefs: 00441336

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ClearH_prologVariant
String ID: $ $.$8`I$:mem$LZMA2$PXI$TXI$XXI$o
API String ID: 1166855276-3498843671
Opcode ID: 49520d093a15d082f9bd2e68207a3713efc7e6a07d1ec33c84114db3e208b3be
Instruction ID: 29f22b53274994e2e1568a23e94b80733e2307c0b21811aafe91998cbcdd1bb3
Opcode Fuzzy Hash: 49520d093a15d082f9bd2e68207a3713efc7e6a07d1ec33c84114db3e208b3be
Instruction Fuzzy Hash: 11D10631D042998BEF11CFA8C5807EEBBB1AF46304F24446BC451BB3A1D7795E85CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00454A70, Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 280COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00454A75

Strings

16-bit overflow for number of files in headers, xrefs: 00454D81
, xrefs: 00454DF5
Zip64, xrefs: 00454B26
Minor_Extra_ERROR, xrefs: 00454B3B
32-bit overflow in headers, xrefs: 00454D6C
Local, xrefs: 00454AFC
Missing volume : , xrefs: 00454C3D
Central, xrefs: 00454B11

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: $16-bit overflow for number of files in headers$32-bit overflow in headers$Central$Local$Minor_Extra_ERROR$Missing volume : $Zip64
API String ID: 3519838083-4234129897
Opcode ID: 6e7c27b5decbae74bea8463fe003919b0b95990bea4164349f1c41b97d7da77d
Instruction ID: eeb6c8f1e4d342bfce2e707d3df6d6cc7b954547ef78f93239ff57735d633bc1
Opcode Fuzzy Hash: 6e7c27b5decbae74bea8463fe003919b0b95990bea4164349f1c41b97d7da77d
Instruction Fuzzy Hash: BAB1E5319002899ECB15DF64C555EAE7B71BF80309F1980ABE8456F263DB38AD8DDB0D

Uniqueness

Uniqueness Score: -1.00%

Function 00458655, Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 224COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0045865A

Strings

aes, xrefs: 004586CC
Copy, xrefs: 00458953
ZipCrypto, xrefs: 00458745
rsfx, xrefs: 00458857
xXI, xrefs: 00458877
192, xrefs: 004586F8
128, xrefs: 004586DF
256, xrefs: 00458711

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: 128$192$256$Copy$ZipCrypto$aes$rsfx$xXI
API String ID: 3519838083-1375521537
Opcode ID: cda9d289607621948603bccb750b6110b883bb8835eb5a43f5cec1f4f82fa012
Instruction ID: e7ad02f87f813afa6fcda8f7168f45490771ae0b440e7bbc3b54990fd5ece3e7
Opcode Fuzzy Hash: cda9d289607621948603bccb750b6110b883bb8835eb5a43f5cec1f4f82fa012
Instruction Fuzzy Hash: 88815B70A042058BDF21EA65C5407BEB7A2AB84309F64446FDC967B383CF7C984AD75A

Uniqueness

Uniqueness Score: -1.00%

Function 00405CEB, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 98threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00405CF9
GetTickCount.KERNEL32 ref: 00405D04
GetCurrentProcessId.KERNEL32 ref: 00405D0F
GetTickCount.KERNEL32 ref: 00405D6E
SetLastError.KERNEL32(000000B7,?), ref: 00405DA1
GetLastError.KERNEL32(?), ref: 00405DC7

Part of subcall function 00405649: __EH_prolog.LIBCMT ref: 0040564E
Part of subcall function 00405649: CreateDirectoryW.KERNELBASE(?,00000000,?,00000000,00000001), ref: 00405670

Strings

d, xrefs: 00405DDC
.tmp, xrefs: 00405D85

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CountCurrentErrorLastTick$CreateDirectoryH_prologProcessThread
String ID: .tmp$d
API String ID: 43677640-2797371523
Opcode ID: 463ca98c3bd23976ad12f98890350a7ecbd3c6c114334b8607fd7b2a5166dbcb
Instruction ID: aa191212d036b59cd58df1ceca74f01fe2e0ff936a5d762a0c5077a41b5854b7
Opcode Fuzzy Hash: 463ca98c3bd23976ad12f98890350a7ecbd3c6c114334b8607fd7b2a5166dbcb
Instruction Fuzzy Hash: 9931E231A00A149BDB15ABA0D85E7AF7761EF61345F24843BE842BB2C1D77C8C41DF59

Uniqueness

Uniqueness Score: -1.00%

Function 00434989, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043498E
EnterCriticalSection.KERNEL32(004AA8B0), ref: 0043499F
fputs.MSVCRT ref: 004349E2
fputs.MSVCRT ref: 00434A07
LeaveCriticalSection.KERNEL32(004AA8B0), ref: 00434AA3

Strings

Would you like to replace the existing file:, xrefs: 004349DD
with the file from archive:, xrefs: 00434A02

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CriticalSectionfputs$EnterH_prologLeave
String ID: Would you like to replace the existing file:$with the file from archive:
API String ID: 3914623533-686978020
Opcode ID: 5b270e6fdca252d6a5ad3b7bee1b83b8b3c0cbd285e689cf2d09148cbb05eb0b
Instruction ID: 73a564bb8b13377fa4cb0db5477bafc25d3420b2a585baea99c71e813c59b5c7
Opcode Fuzzy Hash: 5b270e6fdca252d6a5ad3b7bee1b83b8b3c0cbd285e689cf2d09148cbb05eb0b
Instruction Fuzzy Hash: 3B3198762002049FDB11AFA1D841BEA77E1EF88314F21516BE90A973A0CB38BC51CF9D

Uniqueness

Uniqueness Score: -1.00%

Function 00408D6F, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 47libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 00408D93
GetProcAddress.KERNEL32(00000000), ref: 00408D9A
GlobalMemoryStatus.KERNEL32 ref: 00408DDA

Strings

, xrefs: 00408DD2
kernel32.dll, xrefs: 00408D7D
GlobalMemoryStatusEx, xrefs: 00408D78
@, xrefs: 00408D8C

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: AddressGlobalHandleMemoryModuleProcStatus
String ID: $@$GlobalMemoryStatusEx$kernel32.dll
API String ID: 2450578220-802862622
Opcode ID: 444c1b423367bbac3d36a73e4b46dc9749fe47961af8175294c5a4892e368e69
Instruction ID: 65e7ad26bcbd29169a1be1708a3c6078781ee83150d89fb6e74b79efb2c8e4fc
Opcode Fuzzy Hash: 444c1b423367bbac3d36a73e4b46dc9749fe47961af8175294c5a4892e368e69
Instruction Fuzzy Hash: 08110C7091060A9BDB14DF94DA49B9EBBF5BF24741F20452ED482B72C0DB78A844CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004060FE, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,FindFirstStreamW), ref: 00406124
GetProcAddress.KERNEL32(00000000), ref: 0040612D
GetModuleHandleA.KERNEL32(kernel32.dll,FindNextStreamW), ref: 0040613A
GetProcAddress.KERNEL32(00000000), ref: 0040613D

Strings

FindFirstStreamW, xrefs: 0040611C
kernel32.dll, xrefs: 00406117, 00406123, 00406134
FindNextStreamW, xrefs: 0040612F

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: FindFirstStreamW$FindNextStreamW$kernel32.dll
API String ID: 1646373207-4044117955
Opcode ID: 35d07afba30d2bb76b88af761064b4ca53065f2591ab96518c3dfc44383f8f99
Instruction ID: 9876e6e8180cfc35355bfb8969dde5cacd82d07732aeec6dddf1a5cd6c2bd349
Opcode Fuzzy Hash: 35d07afba30d2bb76b88af761064b4ca53065f2591ab96518c3dfc44383f8f99
Instruction Fuzzy Hash: BBE0D8B1E01228278A016FA96C05E1ABF8CD95A2553214037B101E7211C7F858118BAD

Uniqueness

Uniqueness Score: -1.00%

Function 0040125E, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 134COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00401263

Strings

Unknown switch:, xrefs: 004012E9
Multiple instances for switch:, xrefs: 00401314
Incorrect switch postfix:, xrefs: 00401372
Too long switch:, xrefs: 004013C2
Too short switch:, xrefs: 00401332

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: Incorrect switch postfix:$Multiple instances for switch:$Too long switch:$Too short switch:$Unknown switch:
API String ID: 3519838083-2104980125
Opcode ID: e1985a557b7a5e5a1fe0fa2515c74e34224443021daa8462734f5181cad65977
Instruction ID: 31a9c94a313b55ab672e51f885f6f1b75a25e1e6ae4f42f148aa6ef9ab3c64c5
Opcode Fuzzy Hash: e1985a557b7a5e5a1fe0fa2515c74e34224443021daa8462734f5181cad65977
Instruction Fuzzy Hash: 6F519E3090024ACBDF15CF54C580AAEBBB1BF11308F5441BFE855AB6E2D779AA41CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00434F3F, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00434F44
EnterCriticalSection.KERNEL32(004AA8B0), ref: 00434F58
fputs.MSVCRT ref: 00434FF6
fputs.MSVCRT ref: 00435018
LeaveCriticalSection.KERNEL32(004AA8B0), ref: 00435052

Strings

: , xrefs: 00435013

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CriticalSectionfputs$EnterH_prologLeave
String ID: :
API String ID: 3914623533-3653984579
Opcode ID: 612309d504f1e28d6e471d527d049a964ba40a49624c167e8305dc7b07d5ce2b
Instruction ID: f5f51c4006f13da26c6931d25ea44cb13eb3d75eb206c61ad1c429a5ffe50876
Opcode Fuzzy Hash: 612309d504f1e28d6e471d527d049a964ba40a49624c167e8305dc7b07d5ce2b
Instruction Fuzzy Hash: 44317A71900604DFDB15EF65D891A9EBBB1FF48318F10847FE8199B2A2C73AA905CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0043C8BF, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 0043C8DA

Part of subcall function 00401ECD: fflush.MSVCRT ref: 00401ECF

GetStdHandle.KERNEL32(000000F6), ref: 0043C8EC
GetConsoleMode.KERNEL32(00000000,00000000), ref: 0043C90E
SetConsoleMode.KERNEL32(00000000,00000000), ref: 0043C91F
SetConsoleMode.KERNEL32(00000000,00000000), ref: 0043C93F

Strings

Enter password (will not be echoed):, xrefs: 0043C8D5

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ConsoleMode$Handlefflushfputs
String ID: Enter password (will not be echoed):
API String ID: 108775803-3720017889
Opcode ID: b7567820631156e7c2e86ab8e78224e5d576663361d5ca5fa34eb14f3da10538
Instruction ID: 38a205c3afd7d636417336e0539a86d9e74d8eeb404cd1674e1fdcac6221e101
Opcode Fuzzy Hash: b7567820631156e7c2e86ab8e78224e5d576663361d5ca5fa34eb14f3da10538
Instruction Fuzzy Hash: 8C110A35900119ABCB019BA5DC41BAEBBB8AF45720F15417BE850732E0CB390902CF9C

Uniqueness

Uniqueness Score: -1.00%

Function 004123BE, Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004123C3

Part of subcall function 00412484: __EH_prolog.LIBCMT ref: 00412489

Strings

|`I, xrefs: 00412446
X`Il`I|`I, xrefs: 00412473
X`I, xrefs: 00412454
H`I, xrefs: 0041245B
l`I, xrefs: 0041244D

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: H`I$X`I$X`Il`I|`I$l`I$|`I
API String ID: 3519838083-2478843274
Opcode ID: 1ca06956e72b2900c7573772dacc31120cff15d379fba0b433457e4260ce0743
Instruction ID: b87114fddc627fd3a174f512c81a6d52bdd1787c3f722eb95c01aea4cd832b51
Opcode Fuzzy Hash: 1ca06956e72b2900c7573772dacc31120cff15d379fba0b433457e4260ce0743
Instruction Fuzzy Hash: D411E2B0900B44DADB21DF2AD58468AFBF4BF90308F10C92FD4AA97611C7F96548CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00405820, Relevance: 9.1, APIs: 6, Instructions: 102COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00405825
CreateDirectoryW.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405847
GetLastError.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405858
CreateDirectoryW.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00405893
GetLastError.KERNEL32 ref: 004058A1
GetLastError.KERNEL32(00000000,?,00000000), ref: 004058F9

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ErrorLast$CreateDirectory$H_prolog
String ID:
API String ID: 798237638-0
Opcode ID: 2158acd642305cf45691ebcf887b13712a9082db04fd1dc87e02ddb6fca3b2a1
Instruction ID: 3fcfc98350a37333007909b5135629d9e9e4646944df88223a84c82a1ba0a202
Opcode Fuzzy Hash: 2158acd642305cf45691ebcf887b13712a9082db04fd1dc87e02ddb6fca3b2a1
Instruction Fuzzy Hash: 6531AF32904604DADB10BBA1C886BEEB734EF11318F14447AE806732D2DB7D9956DF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041071B, Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 95stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00410789

Strings

BCJ , xrefs: 00410737, 00410747
XXI, xrefs: 004107EA
TXI, xrefs: 004107C7
LZMA:, xrefs: 0041075C, 0041076C
PXI, xrefs: 004107D8

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: strlen
String ID: BCJ $LZMA:$PXI$TXI$XXI
API String ID: 39653677-1725976653
Opcode ID: 7cdf58e1cb74fe997d918fb909b2b7c62955ff7a4226c282ac83bd7a0e7b457f
Instruction ID: 35be7bb1e679eb45bae13812c5ed416d8790fa352088925fe5e47147d162816c
Opcode Fuzzy Hash: 7cdf58e1cb74fe997d918fb909b2b7c62955ff7a4226c282ac83bd7a0e7b457f
Instruction Fuzzy Hash: DE217932B085614BCB16A66E88947EFABD69F95744F28C17BD44087381DAA4DCC2C7E8

Uniqueness

Uniqueness Score: -1.00%

Function 004061CD, Relevance: 9.1, APIs: 6, Instructions: 74COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004061D2

Part of subcall function 00405F97: FindClose.KERNELBASE(00000000,?,00405FCF), ref: 00405FA2

SetLastError.KERNEL32(00000078,00000000,?,?), ref: 004061FB
SetLastError.KERNEL32(00000000,00000000,?,?), ref: 00406207
FindFirstStreamW.KERNELBASE(?,00000000,?,00000000), ref: 00406228
GetLastError.KERNEL32(?,?), ref: 00406235
FindFirstStreamW.KERNELBASE(?,00000000,?,00000000), ref: 00406271

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ErrorFindLast$FirstStream$CloseH_prolog
String ID:
API String ID: 1050961465-0
Opcode ID: 7d4f95146c241d58c6f35f776ab67cc5788a7a0aaafea5af225a99cc600cde4c
Instruction ID: 3e3a6696c49eaab783bae7da0fcb782ed4d318a7496f3f1badb9ae7f7d3a0576
Opcode Fuzzy Hash: 7d4f95146c241d58c6f35f776ab67cc5788a7a0aaafea5af225a99cc600cde4c
Instruction Fuzzy Hash: 7821A430800104DFCB21BF60DD899BE7BB5FB95314F1042BEE896662D0C7394995DB58

Uniqueness

Uniqueness Score: -1.00%

Function 004194C8, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 153COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004194CD
_CxxThrowException.MSVCRT(?,0049F5D8), ref: 00419667
__EH_prolog.LIBCMT ref: 00419671

Strings

Incorrect volume size:, xrefs: 00419654
~I, xrefs: 004194EA

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$ExceptionThrow
String ID: ~I$Incorrect volume size:
API String ID: 2366012087-2161864266
Opcode ID: 7e12ded90c2b4979ee20eb7ad935156fd0021498f65f82e188ad320d073464d6
Instruction ID: 21203237e1814c91c91c460d98140df826fdfc703d687d3f1554c267ae0849c5
Opcode Fuzzy Hash: 7e12ded90c2b4979ee20eb7ad935156fd0021498f65f82e188ad320d073464d6
Instruction Fuzzy Hash: 8951BF31904244DFDB15EFA4C595BEDB7B1BF14308F0444AEE8456B292CBB8BE48CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00435DF2, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00435E6B
strlen.MSVCRT ref: 00435E79
strlen.MSVCRT ref: 00435EE9
fputs.MSVCRT ref: 00435F4F

Strings

, xrefs: 00435F03

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: strlen$fputs
String ID:
API String ID: 1552308726-399585960
Opcode ID: 7945f1b11ae8a9873767ef74faa639be7fab1f20e74328e591cdbeb26dbb0e4e
Instruction ID: 4684df8df31df85ec15799cbee055e9ad27bd1eea3208b495c3fabc4a65ce09b
Opcode Fuzzy Hash: 7945f1b11ae8a9873767ef74faa639be7fab1f20e74328e591cdbeb26dbb0e4e
Instruction Fuzzy Hash: 3441E2329006099BCF24EF64D595BED77B5AF08304F1048BFE416A7291DF78AE88CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0040554D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00405552
GetModuleHandleW.KERNEL32(kernel32.dll,CreateHardLinkW), ref: 0040556C
GetProcAddress.KERNEL32(00000000), ref: 00405573

Strings

kernel32.dll, xrefs: 00405567
CreateHardLinkW, xrefs: 0040555C

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: AddressH_prologHandleModuleProc
String ID: CreateHardLinkW$kernel32.dll
API String ID: 786088110-294928789
Opcode ID: d4c27168ae159129eb9de3b149d67a360b5ddf8b767a4e04f0e41050ad29744d
Instruction ID: 5f3e3c1e92d4cd6c6f48ee52dd5a93e4ea8e5e95f35b1d6043cba0a6a8a06b29
Opcode Fuzzy Hash: d4c27168ae159129eb9de3b149d67a360b5ddf8b767a4e04f0e41050ad29744d
Instruction Fuzzy Hash: 43219F72D10515ABDF25ABA4DD46BEFB7B5EF04700F20047BE401B22E0CA799D00DB69

Uniqueness

Uniqueness Score: -1.00%

Function 0043530E, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 68COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00435313

Strings

WARNING:, xrefs: 00435325
The archive is open with offset, xrefs: 00435358
Can not open the file, xrefs: 0043537C
The file is open, xrefs: 004353A1

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: Can not open the file$The archive is open with offset$The file is open$WARNING:
API String ID: 3519838083-3393983761
Opcode ID: 904e9470d3a629791041ca1cfa116939bc1ca6390571c5d4ae58ee5e4eeaf615
Instruction ID: 570acf7aec2ed7db0183640f82407aa8ffe43cf731d0b12bd738de5f4417b3e0
Opcode Fuzzy Hash: 904e9470d3a629791041ca1cfa116939bc1ca6390571c5d4ae58ee5e4eeaf615
Instruction Fuzzy Hash: 69214131E009059FCB04EB59D481AAEB3B4AF58354F50847FA916A76D1DB78AD06CB88

Uniqueness

Uniqueness Score: -1.00%

Function 004043C6, Relevance: 7.7, APIs: 5, Instructions: 226COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004043CB
_CxxThrowException.MSVCRT(00000002,0049CE70), ref: 004043F4
wcscmp.MSVCRT ref: 00404467
wcscmp.MSVCRT ref: 004044C3
wcscmp.MSVCRT ref: 004044D3

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: wcscmp$ExceptionH_prologThrow
String ID:
API String ID: 2750596395-0
Opcode ID: 2a600ed130d28904586931e2724f19237555347b5d5f4bf463b9beee03710acc
Instruction ID: b033c4d2b32bd966cdc7823bdd6d98d85f3aac98048c238b41c9a30c285001bc
Opcode Fuzzy Hash: 2a600ed130d28904586931e2724f19237555347b5d5f4bf463b9beee03710acc
Instruction Fuzzy Hash: A6919FB0900249DFCF14DFA4C585AEEBBB0AF55318F14407EE605B72D1DB785A85CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 004520DC, Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 208COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004520FA
memset.MSVCRT ref: 0045218D
memcpy.MSVCRT ref: 004521BF
memset.MSVCRT ref: 0045230A

Strings

@, xrefs: 00452258

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memset$memcpy
String ID: @
API String ID: 368790112-2766056989
Opcode ID: 2f37799268fdf23fbf49a77b12c56b62e16d363aeab706bbab53d37de9147f51
Instruction ID: 1899af3365fe8605685ae7f9dcfe6bec41a4526b581cc74c72158d4eab8f98e8
Opcode Fuzzy Hash: 2f37799268fdf23fbf49a77b12c56b62e16d363aeab706bbab53d37de9147f51
Instruction Fuzzy Hash: 5981D130900708ABDF21DF60CA81BDAB7B1BF12305F10449BED5667653D7B8AA4DCB98

Uniqueness

Uniqueness Score: -1.00%

Function 00411DE2, Relevance: 7.6, APIs: 6, Instructions: 83COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00411DFB
memcmp.MSVCRT ref: 00411E18
memcmp.MSVCRT ref: 00411E2B

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: f3cb029e7dfea73d07cc1951c7a0ee58549e6c9740df84a559380b02d5ecd86b
Instruction ID: a4ec576a962d3ae0c7c215dad6cd368ad8ff2c30160679f4541df9219cd03a56
Opcode Fuzzy Hash: f3cb029e7dfea73d07cc1951c7a0ee58549e6c9740df84a559380b02d5ecd86b
Instruction Fuzzy Hash: B221B371B00308ABEB109F55DC82FBB37A89B50795B10442BFD459A211F63CED4087AD

Uniqueness

Uniqueness Score: -1.00%

Function 00436077, Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043607C
fputs.MSVCRT ref: 0043609A
fputs.MSVCRT ref: 004360BF

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

fputs.MSVCRT ref: 004360D9
fputs.MSVCRT ref: 00436106

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$H_prologfputcfree
String ID:
API String ID: 3247574066-0
Opcode ID: a344faa088f7ee8504108729d3929e7de8cd817cb2b698e80eb838abd7f2fc06
Instruction ID: 08061f219748d78343d2915e5f20fee5011f130741df16fd417dc77b3226d5f0
Opcode Fuzzy Hash: a344faa088f7ee8504108729d3929e7de8cd817cb2b698e80eb838abd7f2fc06
Instruction Fuzzy Hash: 2C11B232900119EFCF05EF98DC82B9DBF75EF44314F10416BE514A71A1DB359A64CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00440CB8, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 178COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00440CBD

Strings

LZMA2:, xrefs: 00440D77
!, xrefs: 00440D6D
LZMA:, xrefs: 00440DD0

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: !$LZMA2:$LZMA:
API String ID: 3519838083-3332058968
Opcode ID: 5ecc1be01c37bfd8f22b4c48c77edc7dd716c46fd9c6244b05d1cc34312f26a1
Instruction ID: ad1c84b6fdff92281722a2f1f636375fb5a2eedf053e3d79d171995f1ab20bfd
Opcode Fuzzy Hash: 5ecc1be01c37bfd8f22b4c48c77edc7dd716c46fd9c6244b05d1cc34312f26a1
Instruction Fuzzy Hash: 196102718001089FEB14DFA4C595BEE7BB1EF04304F34486FE6466B2A1CA39AE65CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00451644, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 178stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00451649

Part of subcall function 0045186B: __EH_prolog.LIBCMT ref: 00451870

strcmp.MSVCRT ref: 0045174C
strcmp.MSVCRT ref: 00451760

Strings

PaxHeader/, xrefs: 004516E9

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prologstrcmp
String ID: PaxHeader/
API String ID: 1490138475-2839299396
Opcode ID: 6fa1dc51b3716a269a6f0c6f80afbdf50dfa516fda3a8e825efa73b8d66a3f81
Instruction ID: e60fa92c31ce80779e2fe7da8d5e4fa45aa416daac2519c113678b5db42bd46f
Opcode Fuzzy Hash: 6fa1dc51b3716a269a6f0c6f80afbdf50dfa516fda3a8e825efa73b8d66a3f81
Instruction Fuzzy Hash: BE51F330800248AEDF31EB68D444BAEBBB5AF49349F14405BEC41663A3D77C5D8AC75E

Uniqueness

Uniqueness Score: -1.00%

Function 00418D8E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00418D93
_CxxThrowException.MSVCRT(?,0049F5D8), ref: 00418E9F
_CxxThrowException.MSVCRT(00000000,0049F5D8), ref: 00418EBD

Part of subcall function 00418ED3: __EH_prolog.LIBCMT ref: 00418ED8
Part of subcall function 00418ED3: _CxxThrowException.MSVCRT(00000000,0049F5D8), ref: 00418F7C

Strings

There is no second file name for rename pair:, xrefs: 00418E8C

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionThrow$H_prolog
String ID: There is no second file name for rename pair:
API String ID: 206451386-3412818124
Opcode ID: f41adc57e0df8510de894d4221e77583af925ae53f059057d7e0db7b4ea28e54
Instruction ID: 40d257d569b5157c8472cc08bf34fe7e15841ac20a3abc41e3d3dfd69ae9bf87
Opcode Fuzzy Hash: f41adc57e0df8510de894d4221e77583af925ae53f059057d7e0db7b4ea28e54
Instruction Fuzzy Hash: FA413D31A0020AAFCF14EF55C981EEE7B72BF54324F10825EF9259B2D1CB789991CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00435C31, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00435C36
fputs.MSVCRT ref: 00435D40

Strings

Name, xrefs: 00435D2A
Size, xrefs: 00435CDD

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prologfputs
String ID: Name$Size
API String ID: 1798449854-481755742
Opcode ID: 720d6da99fc070a9a45d92b6c88f68eea0a2f0b4377c94cf76daa06fb62c310c
Instruction ID: ac7d10611ef6161cf70d63dd6a1096e08c9306d1bb0c679bdf75917ea6277f08
Opcode Fuzzy Hash: 720d6da99fc070a9a45d92b6c88f68eea0a2f0b4377c94cf76daa06fb62c310c
Instruction Fuzzy Hash: 1731B331A006049BCF05EF65C989BAD77B5BF88314F14847EE8596B2D2CB78A941CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0043C4B1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043C4B6
fputs.MSVCRT ref: 0043C522
fputs.MSVCRT ref: 0043C52B

Part of subcall function 0043B336: fputs.MSVCRT ref: 0043B39F

Strings

: , xrefs: 0043C526

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$H_prolog
String ID: :
API String ID: 2614055831-3653984579
Opcode ID: ef967eb8090e150e65a129d65ac061ac07f1fc8078ca3041bceeb1349ab0c4d9
Instruction ID: 68269c1eff42a5548d8571db90b03fa6e9ab195812d245bfa0556ddd3dd83029
Opcode Fuzzy Hash: ef967eb8090e150e65a129d65ac061ac07f1fc8078ca3041bceeb1349ab0c4d9
Instruction Fuzzy Hash: A9118E31600615EBDB15BFA2C892AAEFB62FF44B54F10402FE805632A1CB396D51CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 00418ED3, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00418ED8

Part of subcall function 00419E4B: __EH_prolog.LIBCMT ref: 00419E50

_CxxThrowException.MSVCRT(00000000,0049F5D8), ref: 00418F7C

Strings

Unsupported rename command:, xrefs: 00418F69
-r0, xrefs: 00418F56

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$ExceptionThrow
String ID: -r0$Unsupported rename command:
API String ID: 2366012087-1002762148
Opcode ID: cd266822e9c725ba37b1532a79d8b844cf3d4e3b001ffaad39fc7fd03fc3e089
Instruction ID: 4fc61cdc434161b86aed11e5169030c1159c01fdecf90645044745a6e0a2a2da
Opcode Fuzzy Hash: cd266822e9c725ba37b1532a79d8b844cf3d4e3b001ffaad39fc7fd03fc3e089
Instruction Fuzzy Hash: E11184315006055ACF10FF62C5969EEBB75AF65344F50046FF905721D2CB7C9A4A8BA8

Uniqueness

Uniqueness Score: -1.00%

Function 0043A1FC, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

_CxxThrowException.MSVCRT(?,004A36E8), ref: 0043A247

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

fputs.MSVCRT ref: 0043A226
fputs.MSVCRT ref: 0043A22B

Strings

ERROR: , xrefs: 0043A221

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$ExceptionThrowfputc
String ID: ERROR:
API String ID: 2339886702-977468659
Opcode ID: 60d652ad0d10f2b78faa5d49172777f9fd0871bd4f67ea47cf1d3b586f4be48a
Instruction ID: 9ead57e8753db32ae5f00cc7288d1e7fb7bffd718c709688be18c69b17bcd248
Opcode Fuzzy Hash: 60d652ad0d10f2b78faa5d49172777f9fd0871bd4f67ea47cf1d3b586f4be48a
Instruction Fuzzy Hash: B5F0A775A01218BBCB10BB9ECC41C5FB7AC9F59700724006FF900A7351CA7A5E009BD9

Uniqueness

Uniqueness Score: -1.00%

Function 00436122, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 00436153
fputs.MSVCRT ref: 0043615B

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

Strings

, xrefs: 00436139
:, xrefs: 00436132

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$fputc
String ID: $:
API String ID: 1185151155-4041779174
Opcode ID: d4f37cdd16de517bc160f6efe108427adaec76a7584230247d769ff4b6d56197
Instruction ID: 6a8277181ec016ca5985ad89ec1cb25220cd682d3c635f132e005d90273f842b
Opcode Fuzzy Hash: d4f37cdd16de517bc160f6efe108427adaec76a7584230247d769ff4b6d56197
Instruction Fuzzy Hash: 33F08236900258ABCF126B95CC05DDE7F79EF98314F04441EEC5533261C7355514CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00440770, Relevance: 6.3, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00440786
memcmp.MSVCRT ref: 004407A1
memcmp.MSVCRT ref: 004407B5

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: a37da75db2d867a9bf6ce45ddb7aa32f9f59dcd8a6ebaebcf8c8d7f4bf04690c
Instruction ID: 1f8ec00703fa1c9d5b839bd00d02e8a38c23d3b0b719a8ea865ab55cbb21a461
Opcode Fuzzy Hash: a37da75db2d867a9bf6ce45ddb7aa32f9f59dcd8a6ebaebcf8c8d7f4bf04690c
Instruction Fuzzy Hash: 9411D331740304ABEB146E15EC43FAA33A45B54B15F11482FFE459A282F2BCF96097AE

Uniqueness

Uniqueness Score: -1.00%

Function 00409822, Relevance: 6.3, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00409838
memcmp.MSVCRT ref: 00409853
memcmp.MSVCRT ref: 00409867

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 3a0a68027ff9760edb1ea406ccab790afe31e4018a7ffb76a2a87cbd2a6b11ef
Instruction ID: 620d910cd0b392dbbd44fb2b8570da6b401fe0ecbbb5b46892196eb808e00f63
Opcode Fuzzy Hash: 3a0a68027ff9760edb1ea406ccab790afe31e4018a7ffb76a2a87cbd2a6b11ef
Instruction Fuzzy Hash: 8A11B132B50200A7DB14AE15DC82F7A73A45B65B04F14883EFC45AA382F6BCED0193AD

Uniqueness

Uniqueness Score: -1.00%

Function 00426037, Relevance: 6.3, APIs: 4, Instructions: 307stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042603C

Part of subcall function 00404846: __EH_prolog.LIBCMT ref: 0040484B

strcmp.MSVCRT ref: 004260E6

Part of subcall function 0040150C: __EH_prolog.LIBCMT ref: 00401511

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Part of subcall function 004141BE: __EH_prolog.LIBCMT ref: 004141C3

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$freestrcmp
String ID:
API String ID: 4197192761-0
Opcode ID: 9af6efeb172077118817f70ac79ef6b112bcd4d50bc2f2ae67bb2cdcc9059cb0
Instruction ID: e6beb90ae919d9f51caebc2f86370ea5dd00db54c73d48da12e976c8b959abc7
Opcode Fuzzy Hash: 9af6efeb172077118817f70ac79ef6b112bcd4d50bc2f2ae67bb2cdcc9059cb0
Instruction Fuzzy Hash: F9C15B31904118EBCF05EFE5D9859EDBBB4BF14308F60406EE416772A2CB385E45CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0043C2A8, Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043C2AD
EnterCriticalSection.KERNEL32(004AA8D8,?,00000001,?,?,0043C600,?,0000006F,?,?,00000000), ref: 0043C2C1
fputs.MSVCRT ref: 0043C312
LeaveCriticalSection.KERNEL32(004AA8D8,?,00000001,?,?,0043C600,?,0000006F,?,?,00000000), ref: 0043C3CB

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CriticalSection$EnterH_prologLeavefputs
String ID:
API String ID: 2174113412-0
Opcode ID: b7ce9136642719eb568ee9686822707c5a064545b5e8126546349d7fe1293760
Instruction ID: 0b12b2f63f7e798f147fb31921f24d17a8ed9cd781a7f0175051ee9a09554aa0
Opcode Fuzzy Hash: b7ce9136642719eb568ee9686822707c5a064545b5e8126546349d7fe1293760
Instruction Fuzzy Hash: 8031C331600785DFCB21AF65C490BAEBBE1FF59304F04843FE95AA7291C7396904DB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00418F92, Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00418F97

Part of subcall function 00406861: __EH_prolog.LIBCMT ref: 00406866

_CxxThrowException.MSVCRT(?,0049F5D8), ref: 00418FDB
_CxxThrowException.MSVCRT(?,0049F5D8), ref: 00419009
_CxxThrowException.MSVCRT(?,0049F5D8), ref: 00419030

Part of subcall function 00417668: __EH_prolog.LIBCMT ref: 0041766D

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionH_prologThrow
String ID:
API String ID: 461045715-0
Opcode ID: d46523f576c95d6be433904af0d47d23e0acf04d27e02da3c2a8297760376179
Instruction ID: 1951abaddea8589e0abf90f3e09aa6659f2d20d11ab7e99bfdb8a8ec496700cc
Opcode Fuzzy Hash: d46523f576c95d6be433904af0d47d23e0acf04d27e02da3c2a8297760376179
Instruction Fuzzy Hash: 88318071900119ABCF15EF99C891DEEBB75BF18314F10442FF952B3252CB389995CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00475560, Relevance: 6.1, APIs: 4, Instructions: 61threadCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,004AB140,?,00000000), ref: 00475572

Part of subcall function 00487CC0: memcpy.MSVCRT ref: 00487CF4

GetCurrentThreadId.KERNEL32 ref: 0047558B

Part of subcall function 00487CC0: memcpy.MSVCRT ref: 00487D0D
Part of subcall function 00487CC0: memcpy.MSVCRT ref: 00487D5C

QueryPerformanceCounter.KERNEL32(?,00000004,?,00000000), ref: 004755B4
GetTickCount.KERNEL32 ref: 004755CD

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memcpy$Current$CountCounterPerformanceProcessQueryThreadTick
String ID:
API String ID: 3804907051-0
Opcode ID: 7b83b5f3924eac61464754b65888165bb15b8c5a805b0766898c3213d11fe82e
Instruction ID: 15da6881ff818249b0d3a5ca2ce0b8581da91e9fa10ccc8637b3b19058e72485
Opcode Fuzzy Hash: 7b83b5f3924eac61464754b65888165bb15b8c5a805b0766898c3213d11fe82e
Instruction Fuzzy Hash: 231181315083019BC700FB21D865A9EB7E1BFD4708F604E2EF59557291EA78DA09CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00434DB9, Relevance: 6.1, APIs: 4, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00434DBE
EnterCriticalSection.KERNEL32(004AA8B0), ref: 00434DD0
fputs.MSVCRT ref: 00434E20

Part of subcall function 00401EEF: __EH_prolog.LIBCMT ref: 00401EF4
Part of subcall function 00401EEF: fputs.MSVCRT ref: 00401F67

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

Part of subcall function 00401ECD: fflush.MSVCRT ref: 00401ECF

LeaveCriticalSection.KERNEL32(004AA8B0), ref: 00434E4C

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CriticalH_prologSectionfputs$EnterLeavefflushfputc
String ID:
API String ID: 84800229-0
Opcode ID: c0acd663f5e2805b01a5252d8a3d8abd23aa976baa2b0a2bb335e00a4ca4664c
Instruction ID: c6d545946ea380a85c7b3cd992817bc02ab3fbefed1cb98d5998dcf92dd816da
Opcode Fuzzy Hash: c0acd663f5e2805b01a5252d8a3d8abd23aa976baa2b0a2bb335e00a4ca4664c
Instruction Fuzzy Hash: 5F117071600604DFC716AF65DC8599EB7B5FF88314F10843FE81A97251DB396804CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0043C17B, Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043C180
fputs.MSVCRT ref: 0043C1AF
fputs.MSVCRT ref: 0043C1B8
fputs.MSVCRT ref: 0043C1BF

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$H_prologfputcfree
String ID:
API String ID: 3247574066-0
Opcode ID: d8c72bf6f0a0a5abcaa790fbab1d0966036db00353d484dfc608403b24ef2749
Instruction ID: 30c63e5586b7dfa161b4563f087d09b757ffc64edd6247991ddbf515fb2d6d00
Opcode Fuzzy Hash: d8c72bf6f0a0a5abcaa790fbab1d0966036db00353d484dfc608403b24ef2749
Instruction Fuzzy Hash: 6AF06D72D00019ABCB05BB99DC52AAEBF76EF94358F10403FE405631B1DB790961DAC8

Uniqueness

Uniqueness Score: -1.00%

Function 0044C27E, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 438COMMON

Download Yara Rule

APIs

wcscmp.MSVCRT ref: 0044C666
__EH_prolog.LIBCMT ref: 0044C283

Part of subcall function 0044C7D1: __EH_prolog.LIBCMT ref: 0044C7D6

Strings

Can't open volume: , xrefs: 0044C6F9

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$wcscmp
String ID: Can't open volume:
API String ID: 3232955128-72083580
Opcode ID: 527082ebed13f24cd9016123aa9ba9282d5114b3daf50e705d8703627960e48f
Instruction ID: a32cc0558f076ee9fc7dfe6732ff3f10dca076fab7b8986090510e20f57070ca
Opcode Fuzzy Hash: 527082ebed13f24cd9016123aa9ba9282d5114b3daf50e705d8703627960e48f
Instruction Fuzzy Hash: AF02E130901249DFEB51DFA9C5C4BEEBBB0AF54304F18809EE446A7291DB789E85CB19

Uniqueness

Uniqueness Score: -1.00%

Function 00428BBF, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00428BC4

Strings

Unknown warning, xrefs: 00428D52, 00428D57
Unknown error, xrefs: 00428CF4, 00428CF9

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: Unknown error$Unknown warning
API String ID: 3519838083-4291957651
Opcode ID: 47e7e7e058010d3bc5ac35d475b37a844d9ce0671a9852c88ae8843852a96a86
Instruction ID: 48b2459edc8339001c6bcbbb2c7f7a44bdb4c0e9b39a8a629301c916e2666e0e
Opcode Fuzzy Hash: 47e7e7e058010d3bc5ac35d475b37a844d9ce0671a9852c88ae8843852a96a86
Instruction Fuzzy Hash: 44916271A01319CBDB24DFA5C580AEEB7F1BF58304F50856EE45AE7290DB74AE08CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00441CD8, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00441CDD

Part of subcall function 0044340E: __EH_prolog.LIBCMT ref: 00443413

Strings

Copy, xrefs: 00441D49
LZMA2, xrefs: 00441D21, 00441D50, 00441D55

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: Copy$LZMA2
API String ID: 3519838083-1006940721
Opcode ID: 238ffc4e337ce61529b2238afdcb3842c1b309199796dec290541744a457e3d2
Instruction ID: 902ed153412e525f9d425bcc73fb01a746a9ccb82630e84e8a8e08da7bca0d9b
Opcode Fuzzy Hash: 238ffc4e337ce61529b2238afdcb3842c1b309199796dec290541744a457e3d2
Instruction Fuzzy Hash: B961D370E006008BEB29DF64C4947BEB7F1BB50314F24452FD962562B2CB7CE986C759

Uniqueness

Uniqueness Score: -1.00%

Function 00419731, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 147COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00419736
_CxxThrowException.MSVCRT(?,0049F5D8), ref: 00419908

Part of subcall function 00401CEB: free.MSVCRT(?,00427455,00000000,00000000,00000001,?,004010EB), ref: 00401CEF

Strings

incorrect update switch command, xrefs: 004198F5

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionH_prologThrowfree
String ID: incorrect update switch command
API String ID: 2564996034-2497410926
Opcode ID: c612a593cc7c3fb98d993c5fd51dad9ebc4bdeb29462761684ee3f2ae2a2c274
Instruction ID: c0b5891ef34202f1eb5c781bb7d847ee98aa9e0d82036eea2ae34a806a64d3bd
Opcode Fuzzy Hash: c612a593cc7c3fb98d993c5fd51dad9ebc4bdeb29462761684ee3f2ae2a2c274
Instruction Fuzzy Hash: 44515631C10119DBDF14EB95C991BEDBBB4BF05314F24419AE025772E1CB78AE85CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0041909C, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004190A1
_CxxThrowException.MSVCRT(00000000,0049F5D8), ref: 00419213

Part of subcall function 00419229: __EH_prolog.LIBCMT ref: 0041922E

Strings

fI, xrefs: 004191DC

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog$ExceptionThrow
String ID: fI
API String ID: 2366012087-3633750409
Opcode ID: 7a30ae36833b0150c8e314d2fe6a1551a6b561ff443aabb8ef3349084cacc312
Instruction ID: 5448f7cf4ebbdd29c3b6f6c569efe810d85ced2f23ce58adcbce7b4f5f58355e
Opcode Fuzzy Hash: 7a30ae36833b0150c8e314d2fe6a1551a6b561ff443aabb8ef3349084cacc312
Instruction Fuzzy Hash: E7515C31A0010AEBDF14EFA5C8959EEBBB1FF08314F10842AE515A7291D77899D1CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0042E2EA, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042E2EF

Part of subcall function 0041C54C: __EH_prolog.LIBCMT ref: 0041C551

Strings

: , xrefs: 0042E371
Junction: , xrefs: 0042E330

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: : $Junction:
API String ID: 3519838083-2017787292
Opcode ID: 725e8ff0cb3ecf67a68c1fb9793e23f52f0b1a01f99ca99352f7caca908bc82b
Instruction ID: d037824e1005b800faee75d708efeb8aeb40964f057cbd0e56c7434511202b99
Opcode Fuzzy Hash: 725e8ff0cb3ecf67a68c1fb9793e23f52f0b1a01f99ca99352f7caca908bc82b
Instruction Fuzzy Hash: A3410471E001299BCF10EF96D8819EDB7B4FF51348F40447FE842A7282CB7CAA09C659

Uniqueness

Uniqueness Score: -1.00%

Function 004046A2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON

Download Yara Rule

APIs

wcscmp.MSVCRT ref: 004046FC
wcscmp.MSVCRT ref: 00404711

Strings

UNC, xrefs: 00404735

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: wcscmp
String ID: UNC
API String ID: 3392835482-337201128
Opcode ID: d45f99aa52d857f3e3757cf8a7d37d9c2460af67cc3df643bdbce183761e6df6
Instruction ID: c1359bdb7ddb4f1e0ec171abd16e772f19aa6a0c1e41c740438cfc85512e3ea3
Opcode Fuzzy Hash: d45f99aa52d857f3e3757cf8a7d37d9c2460af67cc3df643bdbce183761e6df6
Instruction Fuzzy Hash: E9215CB93006009FC624DE28D890A26B3E1EFD6315725887BE755AF3E1C779EC41CB48

Uniqueness

Uniqueness Score: -1.00%

Function 004323F9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004323FE

Part of subcall function 0041A004: __EH_prolog.LIBCMT ref: 0041A009
Part of subcall function 0041A004: GetCurrentProcess.KERNEL32(?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A01B
Part of subcall function 0041A004: OpenProcessToken.ADVAPI32(00000000,00000028,?,?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A032
Part of subcall function 0041A004: LookupPrivilegeValueW.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 0041A054
Part of subcall function 0041A004: AdjustTokenPrivileges.KERNELBASE(?,00000000,00000001,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A069
Part of subcall function 0041A004: GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000,769489A0), ref: 0041A073

Strings

~I, xrefs: 0043250D
xiI, xrefs: 0043243D

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prologProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
String ID: xiI$~I
API String ID: 1532160333-3017242548
Opcode ID: 26a2bdaab7907b3248fc3772593cdc2b92fe03f8e8ca9a67e47431c053181cb1
Instruction ID: 5fd1db06828587aefea2927517ea3ddab4173be030014b8b8819a8e1386fa66f
Opcode Fuzzy Hash: 26a2bdaab7907b3248fc3772593cdc2b92fe03f8e8ca9a67e47431c053181cb1
Instruction Fuzzy Hash: 744153B1915B80CECB31CF6A8184686FFF0BB19314F908A6ED1EA57B51C7B4A508CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00435213, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00435218

Strings

x, xrefs: 00435289
0, xrefs: 00435285

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: 0$x
API String ID: 3519838083-1948001322
Opcode ID: ca19d1ac9dcdda4eb465d5b852a795cbdfd52b213e9c0aeb59f71cc25896309a
Instruction ID: 2b2f7c6aefb7e772e152428c7d6a0d372f520dcc1772a167a8d691d92de929c3
Opcode Fuzzy Hash: ca19d1ac9dcdda4eb465d5b852a795cbdfd52b213e9c0aeb59f71cc25896309a
Instruction Fuzzy Hash: 49216D72D011199BCF04EB98DA96AEEB7B5EF48308F54046FE40177281DBB95E04CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00419A90, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00419A95
_CxxThrowException.MSVCRT(?,0049F5D8), ref: 00419B32

Strings

Unsupported charset:, xrefs: 00419B1F

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ExceptionH_prologThrow
String ID: Unsupported charset:
API String ID: 461045715-616772432
Opcode ID: 59fc64bdb6530746e91200a5eb0d5d597efb6153896cc2e9cbf313d84174e2f8
Instruction ID: f4eb7888f00730b7e6c335332c49fb2e66c2a2d00a47dd9583af38ddbf502362
Opcode Fuzzy Hash: 59fc64bdb6530746e91200a5eb0d5d597efb6153896cc2e9cbf313d84174e2f8
Instruction Fuzzy Hash: 9021F372A001099BCF00EF98D991DEDB771EF45318F1580AEE9456B291CB39AD86CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00441C1A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00441C1F

Strings

BT2, xrefs: 00441C58
LZMA, xrefs: 00441C43

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: BT2$LZMA
API String ID: 3519838083-1343681682
Opcode ID: 5b809227f7d98af5c182287fcf0d0fc7801e1e046f914a984ffd10d140c5a0cd
Instruction ID: 7968f516f9aa6358a4a1a59cb0c2a2c845991ecb0ed106071d134fd7618d0b39
Opcode Fuzzy Hash: 5b809227f7d98af5c182287fcf0d0fc7801e1e046f914a984ffd10d140c5a0cd
Instruction Fuzzy Hash: 91116030A60214AAEB18EB61CD96FDCB760AF15B48F40447EF502771D2EFB86A44C758

Uniqueness

Uniqueness Score: -1.00%

Function 0042D088, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042D08D

Strings

tI, xrefs: 0042D0A3
@uI, xrefs: 0042D0AA

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: @uI$tI
API String ID: 3519838083-4156938640
Opcode ID: d27540cb98da134fe10e91442b14591bf72d6b35b1aa5f012e644224c8a7aee5
Instruction ID: 53c5dbefd581605b7dbb856f03ac9a5459365f9486e06be01afe232277d12a1c
Opcode Fuzzy Hash: d27540cb98da134fe10e91442b14591bf72d6b35b1aa5f012e644224c8a7aee5
Instruction Fuzzy Hash: 6F21C5B1900B409FC721DF6AC18455AFFF0FB04318B91896ED0AA97B51D7B8A508CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0041D61D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041D622

Strings

|jI, xrefs: 0041D63B
ljI, xrefs: 0041D642

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: H_prolog
String ID: ljI$|jI
API String ID: 3519838083-3479125167
Opcode ID: 4788132841ee0d0ff10d2a19168a312430d97077ef25df65d40560d8ac408bdd
Instruction ID: 143a1e69a7126037c323d275708b10d988bd2aeb62b67cd71ef7c1185357ebaa
Opcode Fuzzy Hash: 4788132841ee0d0ff10d2a19168a312430d97077ef25df65d40560d8ac408bdd
Instruction Fuzzy Hash: CF0169B0900714DFCB24DF59C404B9ABBF4AB05718F00CA6EE0A6AB791C7BCA944CB48

Uniqueness

Uniqueness Score: -1.00%

Function 0041946C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

OpenEventW.KERNEL32(00000002,00000000,00000001,Unsupported Map data size,00000001,?,00419428,?,?,00000000,?), ref: 0041947D
GetLastError.KERNEL32(?,00419428,?,?,00000000,?), ref: 0041948A

Strings

Unsupported Map data size, xrefs: 00419470

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: ErrorEventLastOpen
String ID: Unsupported Map data size
API String ID: 330508107-1172413320
Opcode ID: f838bc4ec8d7832c8dd15d3b41906ba653235d0df34f9f8664fb553bf96b095f
Instruction ID: 53c4314c51128f0197b371a7d0036d7ee800d6347150bc6bf0c6c266e0b33bbe
Opcode Fuzzy Hash: f838bc4ec8d7832c8dd15d3b41906ba653235d0df34f9f8664fb553bf96b095f
Instruction Fuzzy Hash: 8BE06530504204EBEB14EBA1DC1779D76A8AF10744F30006EE401A1191EB749E009B5C

Uniqueness

Uniqueness Score: -1.00%

Function 00438268, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

fputs.MSVCRT ref: 00438275
fputs.MSVCRT ref: 0043827E

Part of subcall function 0040205A: fputs.MSVCRT ref: 00402077

Part of subcall function 00401EDC: fputc.MSVCRT ref: 00401EE3

Strings

Archives, xrefs: 00438274

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: fputs$fputc
String ID: Archives
API String ID: 1185151155-454332015
Opcode ID: 5ecb91178b8ffb3464e1b583b0d73761d5fd2cda524660bdec006fffd7dd2df7
Instruction ID: 242423fc20f77365056d34b4f1770b57e76d3ebd3571532d23c007f067a548dd
Opcode Fuzzy Hash: 5ecb91178b8ffb3464e1b583b0d73761d5fd2cda524660bdec006fffd7dd2df7
Instruction Fuzzy Hash: D9D0C7326002106BCB117BAACC16C2FBAA6EFC4310B260C3FF490431B0CAB64821DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00479B90, Relevance: 5.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

Part of subcall function 00487F20: WaitForSingleObject.KERNEL32(?,000000FF,00416782,?,?,?), ref: 00487F23

Part of subcall function 00487F70: SetEvent.KERNEL32(00000000,0041949C,?,00419428,?,?,00000000,?), ref: 00487F73

EnterCriticalSection.KERNEL32(?), ref: 00479C05
EnterCriticalSection.KERNEL32(?), ref: 00479C0E
LeaveCriticalSection.KERNEL32(?), ref: 00479C2A
LeaveCriticalSection.KERNEL32(?), ref: 00479C33

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CriticalSection$EnterLeave$EventObjectSingleWait
String ID:
API String ID: 497781136-0
Opcode ID: 7d1b287b716f4f15f6f148fb70cb675b0a82c8b4a711823a5a58e80cebffac35
Instruction ID: afc1ec0b624752518918ffbe7612f1c6d68191d1ab5fccdd27648883096c3e90
Opcode Fuzzy Hash: 7d1b287b716f4f15f6f148fb70cb675b0a82c8b4a711823a5a58e80cebffac35
Instruction Fuzzy Hash: 3C415C71200B099FC719EF75C894ADAF3A5FF48304F108A2EE56E47641DB78BA15CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0042D143, Relevance: 5.1, APIs: 4, Instructions: 58COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 0042D159
memcmp.MSVCRT ref: 0042D16D
memcmp.MSVCRT ref: 0042D18B
memcmp.MSVCRT ref: 0042D1A9

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 0b493edd3f06dc9a7276b94a5ba57e94482072b32b184c15cc16e4f66f33e9fc
Instruction ID: df0800e2913de0d0722cf50860106bc1c9ee6ed733404948098a024cbe2423d6
Opcode Fuzzy Hash: 0b493edd3f06dc9a7276b94a5ba57e94482072b32b184c15cc16e4f66f33e9fc
Instruction Fuzzy Hash: BE11E131B40214A7EB049E15EC42FBA33A45B94B54F04482EFC46DA282E7BCF96083AD

Uniqueness

Uniqueness Score: -1.00%

Function 0042C3B4, Relevance: 5.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 0042C3CA
memcmp.MSVCRT ref: 0042C3E5
memcmp.MSVCRT ref: 0042C3F9

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: ab2044ebc0f1a3a4e0f1b35d7579e98ff42cee6cd8a31506d1b10d4a4efeb242
Instruction ID: df213be3987bbbf6557baee1b1e6deb1ba87c9439f9e2813e72550b9f5fd072b
Opcode Fuzzy Hash: ab2044ebc0f1a3a4e0f1b35d7579e98ff42cee6cd8a31506d1b10d4a4efeb242
Instruction Fuzzy Hash: FA012531780210A7DB10AE15EC83F7E73A49B54B00F50882EFD45DB281E6BCF80183AD

Uniqueness

Uniqueness Score: -1.00%

Function 004547DB, Relevance: 5.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 004547F1
memcmp.MSVCRT ref: 0045480C
memcmp.MSVCRT ref: 00454820

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 1c7214bd19708817ef464d6895ab90ac5f9bf982d8d9b6fd8d7c54c8d4d0ca21
Instruction ID: 08606b8c2c70cb5e11c828dfce598f9404ab0b36164278c01597d2ee03434b36
Opcode Fuzzy Hash: 1c7214bd19708817ef464d6895ab90ac5f9bf982d8d9b6fd8d7c54c8d4d0ca21
Instruction Fuzzy Hash: F0012531740200A7DB106E15DC42FAA33949BA4B1AF00483EFD45AE242E27CF884836D

Uniqueness

Uniqueness Score: -1.00%

Function 00439E0F, Relevance: 5.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00439E25
memcmp.MSVCRT ref: 00439E40
memcmp.MSVCRT ref: 00439E54

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: c551248b215d5203534bd4ce89ecf9e53741373b56625eaa402d6d91d6c6cd41
Instruction ID: 6841a288900004ee17502112b20d04114eb49cf56c139fff50e0771dfe0aeee2
Opcode Fuzzy Hash: c551248b215d5203534bd4ce89ecf9e53741373b56625eaa402d6d91d6c6cd41
Instruction Fuzzy Hash: 8801E532740205A7DB109F15CC83FBE33985B59B00F14483EFD45AA281E2BCEC4093AE

Uniqueness

Uniqueness Score: -1.00%

Function 00479B96, Relevance: 5.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00487F20: WaitForSingleObject.KERNEL32(?,000000FF,00416782,?,?,?), ref: 00487F23

Part of subcall function 00487F70: SetEvent.KERNEL32(00000000,0041949C,?,00419428,?,?,00000000,?), ref: 00487F73

EnterCriticalSection.KERNEL32(?), ref: 00479C05
EnterCriticalSection.KERNEL32(?), ref: 00479C0E
LeaveCriticalSection.KERNEL32(?), ref: 00479C2A
LeaveCriticalSection.KERNEL32(?), ref: 00479C33

Memory Dump Source

Source File: 00000002.00000002.646065835.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.646059696.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646275368.0000000000495000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.646303435.00000000004AA000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.646314699.00000000004B3000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_7za.jbxd

Similarity

API ID: CriticalSection$EnterLeave$EventObjectSingleWait
String ID:
API String ID: 497781136-0
Opcode ID: a850cad395669078450da38ce3265c3137eba55e36609e9800387e15fe7d78a1
Instruction ID: 48424a1029154fdf89849329ae1be67b2ddda1a5500593f72dec12fafb119b55
Opcode Fuzzy Hash: a850cad395669078450da38ce3265c3137eba55e36609e9800387e15fe7d78a1
Instruction Fuzzy Hash: 0E012931600A0A9FCB19EB71C859BD9F364BF54308F10451ADA2D43241DF38BA65CBD9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: alp.exe PID: 6752 Parent PID: 7136 alp.exeCOMMON

Executed Functions

Function 00EF406B, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00EF449E,?,?,00000000,00000001), ref: 00EF407B
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00EF449E,?,?,00000000,00000001), ref: 00EF4092
LoadResource.KERNEL32(?,00000000,?,?,00EF449E,?,?,00000000,00000001,?,?,?,?,?,?,00EF41FB), ref: 00F64F1A
SizeofResource.KERNEL32(?,00000000,?,?,00EF449E,?,?,00000000,00000001,?,?,?,?,?,?,00EF41FB), ref: 00F64F2F
LockResource.KERNEL32(00EF449E,?,?,00EF449E,?,?,00000000,00000001,?,?,?,?,?,?,00EF41FB,00000000), ref: 00F64F42

Strings

SCRIPT, xrefs: 00EF4088

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 64a3fa1661c8e2cf2b0b2803c6b9d1296601215cbbdca927acd5a250aa027eb9
Instruction ID: 4b2a851f2dc96f83f60d08cb4516608ebb3107b79386986470da7655b514b882
Opcode Fuzzy Hash: 64a3fa1661c8e2cf2b0b2803c6b9d1296601215cbbdca927acd5a250aa027eb9
Instruction Fuzzy Hash: A1115AB0200709AFE7219B25EC48F677BB9EFC5B51F10412CF606962A0DB71EC41EA22

Uniqueness

Uniqueness Score: -1.00%

Function 00EFE8D0, Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 816windowsleeptimeCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32 ref: 00EFE959
timeGetTime.WINMM ref: 00EFEBFA
PeekMessageW.USER32 ref: 00EFED2E
TranslateMessage.USER32(?), ref: 00EFED3F
DispatchMessageW.USER32 ref: 00EFED4A
LockWindowUpdate.USER32(00000000), ref: 00EFED79
DestroyWindow.USER32 ref: 00EFED85
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00EFED9F
Sleep.KERNEL32(0000000A), ref: 00F65270
TranslateMessage.USER32(?), ref: 00F659F7
DispatchMessageW.USER32 ref: 00F65A05
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F65A19

Strings

@GUI_WINHANDLE, xrefs: 00F65360
@GUI_CTRLID, xrefs: 00F65314
@GUI_CTRLHANDLE, xrefs: 00F653AC
@TRAY_ID, xrefs: 00F654C9

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
API String ID: 2641332412-570651680
Opcode ID: e35d7fef5d830fbf1057aaddf7991c7ada142fcebde0a89dd7a0143f70464145
Instruction ID: 13f71638b1bd878ff42caf19a65190889eda7af8fceee21cdddb62384a13b00d
Opcode Fuzzy Hash: e35d7fef5d830fbf1057aaddf7991c7ada142fcebde0a89dd7a0143f70464145
Instruction Fuzzy Hash: 5E620470504348CFDB20DF24C895BBA77E4BF44704F14596DFA4AAB2A2DB74E848EB52

Uniqueness

Uniqueness Score: -1.00%

Function 00F25C78, Relevance: 47.9, APIs: 26, Strings: 1, Instructions: 626fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

___createFile.LIBCMT ref: 00F25EC3
___createFile.LIBCMT ref: 00F25F04
GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00F25F2D
__dosmaperr.LIBCMT ref: 00F25F34
GetFileType.KERNELBASE(00000000,?,?,?,?,?,00000000,00000109), ref: 00F25F47
GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00F25F6A
__dosmaperr.LIBCMT ref: 00F25F73
CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00F25F7C
__set_osfhnd.LIBCMT ref: 00F25FAC
__lseeki64_nolock.LIBCMT ref: 00F26016
__close_nolock.LIBCMT ref: 00F2603C
__chsize_nolock.LIBCMT ref: 00F2606C
__lseeki64_nolock.LIBCMT ref: 00F2607E
__lseeki64_nolock.LIBCMT ref: 00F26176
__lseeki64_nolock.LIBCMT ref: 00F2618B
__close_nolock.LIBCMT ref: 00F261EB

Part of subcall function 00F1EA9C: FindCloseChangeNotification.KERNELBASE(00000000,00F9EEF4,00000000,?,00F26041,00F9EEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00F1EAEC
Part of subcall function 00F1EA9C: GetLastError.KERNEL32(?,00F26041,00F9EEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00F1EAF6
Part of subcall function 00F1EA9C: __free_osfhnd.LIBCMT ref: 00F1EB03
Part of subcall function 00F1EA9C: __dosmaperr.LIBCMT ref: 00F1EB25

Part of subcall function 00F17C0E: __getptd_noexit.LIBCMT ref: 00F17C0E

__lseeki64_nolock.LIBCMT ref: 00F2620D
CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00F26342
___createFile.LIBCMT ref: 00F26361
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00F2636E
__dosmaperr.LIBCMT ref: 00F26375
__free_osfhnd.LIBCMT ref: 00F26395
__invoke_watson.LIBCMT ref: 00F263C3
__wsopen_helper.LIBCMT ref: 00F263DD

Strings

@, xrefs: 00F25F98

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$Close___create$Handle__close_nolock__free_osfhnd$ChangeFindNotificationType__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
String ID: @
API String ID: 3388700018-2766056989
Opcode ID: 705bad0cd6d87b4ced6bf7077ef5113b31d5e5376e8612a7d6340c203138818b
Instruction ID: f684421c80835ceba4e119762eb0f0debb3e7bebc9a623aee74bf69ef1f5f63f
Opcode Fuzzy Hash: 705bad0cd6d87b4ced6bf7077ef5113b31d5e5376e8612a7d6340c203138818b
Instruction Fuzzy Hash: 00222471D046299BEF299F68EC95BED7B71EB04324F244228E811DB2D1C7398D90FB91

Uniqueness

Uniqueness Score: -1.00%

Function 00EF3742, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,?,?,?), ref: 00EF37B3
KillTimer.USER32(?,00000001), ref: 00EF37DD
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00EF3800
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00EF380B
CreatePopupMenu.USER32 ref: 00EF381F
PostQuitMessage.USER32(00000000), ref: 00EF382E

Strings

TaskbarCreated, xrefs: 00EF3806

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 5f2ca0ba4059d3b7150279ca37c3e319042319ff2770fb84250c702ee210198c
Instruction ID: 8d4d66c56e34a91616093470a6111e5ad1c1d668b9b23470fd27d3e9b65c58e7
Opcode Fuzzy Hash: 5f2ca0ba4059d3b7150279ca37c3e319042319ff2770fb84250c702ee210198c
Instruction Fuzzy Hash: 1C4118F560414DA7DB147B38DC9ABBB36A9FB40350F941216FB02F21E1CB649D40BB62

Uniqueness

Uniqueness Score: -1.00%

Function 00F3C396, Relevance: 9.2, APIs: 6, Instructions: 154COMMON

Download Yara Rule

APIs

Part of subcall function 00EF4517: _fseek.LIBCMT ref: 00EF452F

Part of subcall function 00F3C56D: _wcscmp.LIBCMT ref: 00F3C65D
Part of subcall function 00F3C56D: _wcscmp.LIBCMT ref: 00F3C670

_malloc.LIBCMT ref: 00F3C491
_malloc.LIBCMT ref: 00F3C49B
_free.LIBCMT ref: 00F3C4DD
_free.LIBCMT ref: 00F3C4E4
_free.LIBCMT ref: 00F3C54F

Part of subcall function 00F11C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,00F17A85), ref: 00F11CB1
Part of subcall function 00F11C9D: GetLastError.KERNEL32(00000000,?,00F17A85), ref: 00F11CC3

_free.LIBCMT ref: 00F3C557

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: _free$_malloc_wcscmp$ErrorFreeHeapLast_fseek
String ID:
API String ID: 2231465579-0
Opcode ID: 19004cdf57fb4f20188789d4cae010581211d0467d398316d1cc5e7f5a43730e
Instruction ID: c3226b8f966bac3e2922c8fbfd79d4f15caee9d295a17d140d57d0b4c9e29974
Opcode Fuzzy Hash: 19004cdf57fb4f20188789d4cae010581211d0467d398316d1cc5e7f5a43730e
Instruction Fuzzy Hash: 83513BB1904219AFDF149F64DC81BEEBBB9EF48310F1000AEB259B3281DB755A909F59

Uniqueness

Uniqueness Score: -1.00%

Function 00EF51AF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00EF522F
_wcscpy.LIBCMT ref: 00EF5283
Shell_NotifyIconW.SHELL32(00000001,?), ref: 00EF5293
LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00F63CB0

Strings

Line: , xrefs: 00F63CD9

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: IconLoadNotifyShell_String_memset_wcscpy
String ID: Line:
API String ID: 1053898822-1585850449
Opcode ID: f01dc88defef9477b19c3969d2045440434d7c38740a9475ea498b58a6640bb2
Instruction ID: cc9f66d1de3ccb9727a26e11b3968f023875754dc8550117f7d5696cf68c312f
Opcode Fuzzy Hash: f01dc88defef9477b19c3969d2045440434d7c38740a9475ea498b58a6640bb2
Instruction Fuzzy Hash: 6031B0724087486BD320EB60EC42FEB77E8AF54350F50561AF789A20A1DB70A6489B93

Uniqueness

Uniqueness Score: -1.00%

Function 00F134AE, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

__getstream.LIBCMT ref: 00F134FE

Part of subcall function 00F17C0E: __getptd_noexit.LIBCMT ref: 00F17C0E

@_EH4_CallFilterFunc@8.LIBCMT ref: 00F13539
__wopenfile.LIBCMT ref: 00F13549

Strings

<G, xrefs: 00F134CD, 00F134F0, 00F134FC

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
String ID: <G
API String ID: 1820251861-2138716496
Opcode ID: e7be60ba012a157d12e0069a43cd30ad0647bc3053ef4d124967d68c5ab731f0
Instruction ID: 3da6aa566c382e0361c3cd01aba4f786786f8e993f240214bad31c96f2365f06
Opcode Fuzzy Hash: e7be60ba012a157d12e0069a43cd30ad0647bc3053ef4d124967d68c5ab731f0
Instruction Fuzzy Hash: 9E11CA71E003069BDB11FF748C426EE76B5AF45760B198525E815D7181EB38CAC1B7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00F0EB83, Relevance: 6.1, APIs: 4, Instructions: 65timewindowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00F0EBB2

Part of subcall function 00EF51AF: _memset.LIBCMT ref: 00EF522F
Part of subcall function 00EF51AF: _wcscpy.LIBCMT ref: 00EF5283
Part of subcall function 00EF51AF: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00EF5293

KillTimer.USER32(?,00000001,?,?), ref: 00F0EC07
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00F0EC16
Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00F63C88

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
String ID:
API String ID: 1378193009-0
Opcode ID: eb39b56c82f452edbaa84d72f8d4aa194064d9f7099d7ea1cc72eaf9b1d54597
Instruction ID: 454a7bf94289a2b1f9e148598bb3e27ec22b1e447ad9619129c780259f02f4fa
Opcode Fuzzy Hash: eb39b56c82f452edbaa84d72f8d4aa194064d9f7099d7ea1cc72eaf9b1d54597
Instruction Fuzzy Hash: 6421D7719047949FF7329B28CC55BE7BBFC9F41318F04048DE68E66282C7752A84EB51

Uniqueness

Uniqueness Score: -1.00%

Function 00EF4FFC, Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00EF5022
Shell_NotifyIconW.SHELL32(00000000,?), ref: 00EF50CB

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: IconNotifyShell__memset
String ID:
API String ID: 928536360-0
Opcode ID: 60bfcf3d02bb210307293ec6bc96b1c9aa209902efbf895a4c9db7e7c01968f2
Instruction ID: 947ef4416e08c3c32686f41ef00e0b57615951ff0d2a57b6cfe8214795e7e08a
Opcode Fuzzy Hash: 60bfcf3d02bb210307293ec6bc96b1c9aa209902efbf895a4c9db7e7c01968f2
Instruction Fuzzy Hash: 9F318EB1504709DFD721EF24D8856ABBBE8FF59308F00092EF69A93241EB716944DB92

Uniqueness

Uniqueness Score: -1.00%

Function 00F0F4EA, Relevance: 4.5, APIs: 3, Instructions: 43COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00F0F502

Part of subcall function 00F1395C: __FF_MSGBANNER.LIBCMT ref: 00F13973
Part of subcall function 00F1395C: __NMSG_WRITE.LIBCMT ref: 00F1397A
Part of subcall function 00F1395C: RtlAllocateHeap.NTDLL(01040000,00000000,00000001,00000001,00000000,?,?,00F0F507,?,0000000E), ref: 00F1399F

std::exception::exception.LIBCMT ref: 00F0F51E
__CxxThrowException@8.LIBCMT ref: 00F0F533

Part of subcall function 00F16805: RaiseException.KERNEL32(?,?,0000000E,00FA6A30,?,?,?,00F0F538,0000000E,00FA6A30,?,00000001), ref: 00F16856

Part of subcall function 00F1673B: _free.LIBCMT ref: 00F167E8

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: AllocateExceptionException@8HeapRaiseThrow_free_mallocstd::exception::exception
String ID:
API String ID: 3712093317-0
Opcode ID: 351ff8b0b7b12397ccb5b1bc9b878837181cccf2c15f38d327f0b8a1b06c808e
Instruction ID: 76b50796e19838be47359f26dc1b5ffe9ebf7f5eea32a35adb93fce7c12fe908
Opcode Fuzzy Hash: 351ff8b0b7b12397ccb5b1bc9b878837181cccf2c15f38d327f0b8a1b06c808e
Instruction Fuzzy Hash: DBF0F43550021D67DB14FFA8DC129EE77A8AF00324F648036F908E24C2CBB4D688B6A6

Uniqueness

Uniqueness Score: -1.00%

Function 00F3B7E5, Relevance: 4.5, APIs: 3, Instructions: 32COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00F3B7EF

Part of subcall function 00F1395C: __FF_MSGBANNER.LIBCMT ref: 00F13973
Part of subcall function 00F1395C: __NMSG_WRITE.LIBCMT ref: 00F1397A
Part of subcall function 00F1395C: RtlAllocateHeap.NTDLL(01040000,00000000,00000001,00000001,00000000,?,?,00F0F507,?,0000000E), ref: 00F1399F

_malloc.LIBCMT ref: 00F3B803
_malloc.LIBCMT ref: 00F3B817

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: _malloc$AllocateHeap
String ID:
API String ID: 680241177-0
Opcode ID: 9212d165962afc71d5285b6883b39f9a9736c050fcb2fb9a3f227a6790c9c754
Instruction ID: 06f9c189c2c2c02fbaf6669b038d2973e7d6a906820ca2241dd88a71b3abb7db
Opcode Fuzzy Hash: 9212d165962afc71d5285b6883b39f9a9736c050fcb2fb9a3f227a6790c9c754
Instruction Fuzzy Hash: 2AF0A7B1B0575217C7106AA498607A6B6D99B84371F4C012EF64CC6101CBB889C1EB95

Uniqueness

Uniqueness Score: -1.00%

Function 00F3BB64, Relevance: 4.5, APIs: 3, Instructions: 22COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00F3BB72

Part of subcall function 00F11C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,00F17A85), ref: 00F11CB1
Part of subcall function 00F11C9D: GetLastError.KERNEL32(00000000,?,00F17A85), ref: 00F11CC3

_free.LIBCMT ref: 00F3BB83
_free.LIBCMT ref: 00F3BB95

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9be2b5beef45e3014043d3abdf219173afad32993680376f9e1db3d5b0d03a7e
Instruction ID: 4ce4899013e6439c985fce2ae3d2908696a62027f80bfb02ebfee5903a7443cd
Opcode Fuzzy Hash: 9be2b5beef45e3014043d3abdf219173afad32993680376f9e1db3d5b0d03a7e
Instruction Fuzzy Hash: 9BE0C2A1A0074182CA2065386E64EFB73CC1F44330B04080DB619E3142CF28E880A4E4

Uniqueness

Uniqueness Score: -1.00%

Function 00EF2322, Relevance: 3.9, APIs: 3, Instructions: 159COMMON

Download Yara Rule

APIs

Part of subcall function 00EF22A4: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,00EF24F1), ref: 00EF2303

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00EF25A1
CoInitialize.OLE32(00000000), ref: 00EF2618
CloseHandle.KERNEL32(00000000), ref: 00F6503A

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 3815369404-0
Opcode ID: 33b25074a002fa564d122addf7f25c895ea19055b4c6b1ecb8730a44c1ccb92a
Instruction ID: bc9b882082cf80a793480aca717b60350808b3a08a81e6457df62cc79b18d3c7
Opcode Fuzzy Hash: 33b25074a002fa564d122addf7f25c895ea19055b4c6b1ecb8730a44c1ccb92a
Instruction Fuzzy Hash: 5571BBB490128D8A8714EF6EADF04A5BBE8BB993407E8436ED209D73B2DB304404FF55

Uniqueness

Uniqueness Score: -1.00%

Function 00F0DC5F, Relevance: 3.1, APIs: 2, Instructions: 61windowCOMMON

Download Yara Rule

APIs

IsDialogMessageW.USER32(?,?), ref: 00F0DC99
GetClassLongW.USER32(?,000000E0), ref: 00F6DD21

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: ClassDialogLongMessage
String ID:
API String ID: 161858864-0
Opcode ID: a1f30937111da55ea8712888df46a344b634edf8d7ad37b8b6e7d9f7a0ae8a78
Instruction ID: 27e00da161f0a2f40676f301f0d7f816abde9eac3fb7134a361f30ec332a36d4
Opcode Fuzzy Hash: a1f30937111da55ea8712888df46a344b634edf8d7ad37b8b6e7d9f7a0ae8a78
Instruction Fuzzy Hash: 0511C671B01211EFEB24EFA9D884D66B7B8FF457647548028E802CB290D7B0DC41FB60

Uniqueness

Uniqueness Score: -1.00%

Function 00F1E9D2, Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

___lock_fhandle.LIBCMT ref: 00F1EA29
__close_nolock.LIBCMT ref: 00F1EA42

Part of subcall function 00F17BDA: __getptd_noexit.LIBCMT ref: 00F17BDA

Part of subcall function 00F17C0E: __getptd_noexit.LIBCMT ref: 00F17C0E

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: __getptd_noexit$___lock_fhandle__close_nolock
String ID:
API String ID: 1046115767-0
Opcode ID: 34a314ffb96f3ddcc9d46225d6e6b063251d668b95febde9ab84ea8c77cb2b21
Instruction ID: b2d3ec51c6c9f9d2cf8e8ce2d2cd788dcc5855b6c55868fd0e2bd11b8e3e1402
Opcode Fuzzy Hash: 34a314ffb96f3ddcc9d46225d6e6b063251d668b95febde9ab84ea8c77cb2b21
Instruction Fuzzy Hash: 661186729097148AD715BF64CC813D97A616F82331F164340E8259F1E2CBBD99C0FAA5

Uniqueness

Uniqueness Score: -1.00%

Function 00F135E4, Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 00F17C0E: __getptd_noexit.LIBCMT ref: 00F17C0E

__lock_file.LIBCMT ref: 00F13629

Part of subcall function 00F14E1C: __lock.LIBCMT ref: 00F14E3F

__fclose_nolock.LIBCMT ref: 00F13634

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: __fclose_nolock__getptd_noexit__lock__lock_file
String ID:
API String ID: 2800547568-0
Opcode ID: b15973884bc37691edd3725d46349efae270f8f537c16062a9955e47badf8164
Instruction ID: 555bf46b1b3af4809725cf433a55e52cabdd12353978ab6c4abdeef3d88fc515
Opcode Fuzzy Hash: b15973884bc37691edd3725d46349efae270f8f537c16062a9955e47badf8164
Instruction Fuzzy Hash: 7EF0BB72901304AAD7117B658C02BDE7AA05F81730F258108E424EB2C1C77C96C1BF55

Uniqueness

Uniqueness Score: -1.00%

Function 00EFDCAE, Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c867bdb3bbb1ad36189e82c1a86168b8dd7cbc862cfd439aaa50d6109d47bf73
Instruction ID: e16e38a122fd4df6e690cf7868417abad4e47a652d6626bf72f71f5d655d533a
Opcode Fuzzy Hash: c867bdb3bbb1ad36189e82c1a86168b8dd7cbc862cfd439aaa50d6109d47bf73
Instruction Fuzzy Hash: 0421E97530820C9BDB387F19CC55A35FB9ABF40725B285A2EE683A2551CA76EC40FA41

Uniqueness

Uniqueness Score: -1.00%

Function 00EF41A9, Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF4214: FreeLibrary.KERNEL32(00000000,?), ref: 00EF4247

LoadLibraryExW.KERNELBASE(00000001,00000000,00000002,?,?,?,?,00EF39FE,?,00000001), ref: 00EF41DB

Part of subcall function 00EF4291: FreeLibrary.KERNEL32(00000000), ref: 00EF42C4

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Library$Free$Load
String ID:
API String ID: 2391024519-0
Opcode ID: 7f6c5d13bcdaa73cf4bf64ccbee89b288dafc9adbb7535f05da2da9b37cee02a
Instruction ID: 4526dd7481b50fbfaa84babfbafcfe9b1f49aab94279beb5e69831f92e7b7393
Opcode Fuzzy Hash: 7f6c5d13bcdaa73cf4bf64ccbee89b288dafc9adbb7535f05da2da9b37cee02a
Instruction Fuzzy Hash: 3E11987160020AAADB10BB74DC16BAF77E59F40710F104439B656B61D1EB749A41AB50

Uniqueness

Uniqueness Score: -1.00%

Function 00EF39DB, Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 6835a613e9910970744cf47f90ff2063449a5087be5f2ce099398601ed1c7b70
Instruction ID: 405b08bbefaa84718edb84933819f4600f57d67e23230ab7cda2d7e90f4952bc
Opcode Fuzzy Hash: 6835a613e9910970744cf47f90ff2063449a5087be5f2ce099398601ed1c7b70
Instruction Fuzzy Hash: 0C01367150010DAEDF45EF64CC918FFBBB4AF10354F109065B665A71A5EA309A49DB60

Uniqueness

Uniqueness Score: -1.00%

Function 00EF4252, Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,?,?,00EF39FE,?,00000001), ref: 00EF4286

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 49bf3750a78d8470da6b583e224b90bf3f3845bfd86aff131f5448afe702614e
Instruction ID: 8259e2a2aa2870a264d05a3a239bb0202daa75fdb2b42fec0319e549f32b35f4
Opcode Fuzzy Hash: 49bf3750a78d8470da6b583e224b90bf3f3845bfd86aff131f5448afe702614e
Instruction Fuzzy Hash: 9FF039B1505706CFEB349F64D890867BBF5BF043293249A3EF2D6A2660C7729980EF50

Uniqueness

Uniqueness Score: -1.00%

Function 00EF40A7, Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE ref: 00EF40C6

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: LongNamePath
String ID:
API String ID: 82841172-0
Opcode ID: 30cd3597449486d2261e0297a912e79f5cf40cf18628d3e72531cb8b8791323b
Instruction ID: 06a080b131adb922ab88724df29f66a20e8cd581a4e07a5445abd8fec95572d3
Opcode Fuzzy Hash: 30cd3597449486d2261e0297a912e79f5cf40cf18628d3e72531cb8b8791323b
Instruction Fuzzy Hash: D6E0C2366002285BC711A658CC46FFA77ADDF886A0F4900B5FA0DE7244DAB4A9C19690

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00F36532, Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00F36554
Process32FirstW.KERNEL32(00000000,0000022C), ref: 00F36564
Process32NextW.KERNEL32(00000000,0000022C), ref: 00F36583
__wsplitpath.LIBCMT ref: 00F365A7
_wcscat.LIBCMT ref: 00F365BA
CloseHandle.KERNEL32(00000000,?,00000000), ref: 00F365F9

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
String ID:
API String ID: 1605983538-0
Opcode ID: e65c7def90caaca0b73a8658a83265360a46d70a1fe3882506431ed95f796343
Instruction ID: eeb06fe5a0fa856016d565fee4395fb3ab65cdad2e33de547d362df5ab5704c8
Opcode Fuzzy Hash: e65c7def90caaca0b73a8658a83265360a46d70a1fe3882506431ed95f796343
Instruction Fuzzy Hash: 56218371900218EBDB10ABA4CC88BDDB7BCAB04320F5440B5E505E7141DBB59FC5DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00F3CE7A, Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00F4BE6A,?,?,00000000,?), ref: 00F3CEA7
FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00F4BE6A,?,?,00000000,?), ref: 00F3CEB9

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 636d20d6940343d39847e039a0c106d81b284a5d5d34cef547695d587d2db665
Instruction ID: 1762cf89e20e06afd4edcdc773d8cbc5209da726bbec641d298bb2abdc76a7b2
Opcode Fuzzy Hash: 636d20d6940343d39847e039a0c106d81b284a5d5d34cef547695d587d2db665
Instruction Fuzzy Hash: 83F08C3150422DABDB20ABA4DC49FFA776DBF093A1F008165F919E6181D6709A84DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F181AC, Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,0000000E,00F16DB3,-0000031A,?,?,00000001), ref: 00F181B1
UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00F181BA

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: a165cb8e3f2c64aacd179f98389a3d401c7b9172649624deda86c1d3777377c1
Instruction ID: 6a5fbb52a75d8103ad2a7bc063aa9485a94dba45bf23948e7510153efeab4214
Opcode Fuzzy Hash: a165cb8e3f2c64aacd179f98389a3d401c7b9172649624deda86c1d3777377c1
Instruction Fuzzy Hash: E2B0923104460CABDB802BA1EC09B587FB8EF08662F804010F60D480618B7354A0AAA3

Uniqueness

Uniqueness Score: -1.00%

Function 00EF2EC0, Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 346COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00EF2F7A
IsWindow.USER32(?), ref: 00F622FD

Strings

REGEXPTITLE, xrefs: 00F620F8
INSTANCE, xrefs: 00F6223C
TITLE, xrefs: 00F62292
HANDLE, xrefs: 00F620E2
REGEXPCLASS, xrefs: 00F62149
CLASS, xrefs: 00F62128
ACTIVE, xrefs: 00F620CC
ALL, xrefs: 00F62264
LAST, xrefs: 00F620B6

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Window$Foreground
String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
API String ID: 62970417-1919597938
Opcode ID: 2630da403b089cf4623ff23336ffe1cf2f8735a0ca6a3bc3bb18aa85220d71b1
Instruction ID: 27676bf314b75ac496111bad6d312ec8bc80669fa0d0ca42ed1c401865565cb5
Opcode Fuzzy Hash: 2630da403b089cf4623ff23336ffe1cf2f8735a0ca6a3bc3bb18aa85220d71b1
Instruction Fuzzy Hash: CDD12B31608646DBDB44EF10C881AAABBF0BF54350F004E1DF556636A2DB30E99AFB91

Uniqueness

Uniqueness Score: -1.00%

Function 00F2D6F4, Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 104COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 00F2D753

Strings

[REGEXPTITLE:, xrefs: 00F2D77B
CLASSNAME=, xrefs: 00F2D790
[CLASS:, xrefs: 00F2D7A3
REGEXP=, xrefs: 00F2D768
[HANDLE:, xrefs: 00F2D75F
[LAST, xrefs: 00F2D800
[ALL, xrefs: 00F2D7F9
HANDLE=, xrefs: 00F2D74C
[ACTIVE, xrefs: 00F2D740
ACTIVE, xrefs: 00F2D72E
ALL, xrefs: 00F2D7E7
LAST, xrefs: 00F2D718

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: __wcsnicmp
String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
API String ID: 1038674560-1810252412
Opcode ID: dec5b97e1ea9fc16510247028177366886e29b19acef9c8c530c390918ae4bc7
Instruction ID: ecc7d559b1f8f536afeb28d0510e248b4f663af9aacf5bdefd5a9b4420298133
Opcode Fuzzy Hash: dec5b97e1ea9fc16510247028177366886e29b19acef9c8c530c390918ae4bc7
Instruction Fuzzy Hash: E431AD72A44209ABDB14FA54EE53FEDB3A4AF21760F300129F601B10D1EB65AB44B662

Uniqueness

Uniqueness Score: -1.00%

Function 00F3AAF8, Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 374timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00F3AB3D
VariantCopy.OLEAUT32(?,?), ref: 00F3AB46
VariantClear.OLEAUT32(?), ref: 00F3AB52
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00F3AC40
__swprintf.LIBCMT ref: 00F3AC70
VarR8FromDec.OLEAUT32(?,?), ref: 00F3AC9C
VariantInit.OLEAUT32(?), ref: 00F3AD4D
SysFreeString.OLEAUT32(00000016), ref: 00F3ADDF
VariantClear.OLEAUT32(?), ref: 00F3AE35
VariantClear.OLEAUT32(?), ref: 00F3AE44
VariantInit.OLEAUT32(00000000), ref: 00F3AE80

Strings

Default, xrefs: 00F3ACFD
%4d%02d%02d%02d%02d%02d, xrefs: 00F3AC6A

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 3730832054-3931177956
Opcode ID: a36c047986e9fb92de89969c7f38b2f8a7d0ee0e3b915fceb85b40871c7d98ac
Instruction ID: 3079e17da82818509385a553ecf0720eecabb5db473e34d253c1ce2b618fba78
Opcode Fuzzy Hash: a36c047986e9fb92de89969c7f38b2f8a7d0ee0e3b915fceb85b40871c7d98ac
Instruction Fuzzy Hash: 49D1E172A04209DBDB20DF66C885B7AF7B5FF44720F248055E485AB191DB74EC80FBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00F326BC, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000016,00000000,?,?,00F63973,00000016,0000138C,00000016,?,00000016,00F8DDB4,00000000,?), ref: 00F326F1
LoadStringW.USER32(00000000,?,00F63973,00000016), ref: 00F326FA
GetModuleHandleW.KERNEL32(00000000,00000016,?,00000FFF,?,?,00F63973,00000016,0000138C,00000016,?,00000016,00F8DDB4,00000000,?,00000016), ref: 00F3271C
LoadStringW.USER32(00000000,?,00F63973,00000016), ref: 00F3271F
__swprintf.LIBCMT ref: 00F3276F
__swprintf.LIBCMT ref: 00F32780
_wprintf.LIBCMT ref: 00F32829
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00F32840

Strings

Line %d (File "%s"):, xrefs: 00F32769
Line %d:, xrefs: 00F3277A
%s (%d) : ==> %s: %s %s, xrefs: 00F32824
^ ERROR, xrefs: 00F327D5
Error: , xrefs: 00F327F7

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: HandleLoadModuleString__swprintf$Message_wprintf
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 618562835-2268648507
Opcode ID: c1a5c6a0076e65728a2152a2ee80107c330ba8bb5f0fcf7e0b7c7294d83f1f9c
Instruction ID: 1d9d2d8ff89d8dc86f83efd676927d4fd632e383d11b412799472014310fc528
Opcode Fuzzy Hash: c1a5c6a0076e65728a2152a2ee80107c330ba8bb5f0fcf7e0b7c7294d83f1f9c
Instruction Fuzzy Hash: A6413F7290021CBACB14FBD0DE86EFEB7B8AF15350F600065B60576092EA746F49EB61

Uniqueness

Uniqueness Score: -1.00%

Function 00F3CC5C, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 155COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF), ref: 00F3CCA3
LoadStringW.USER32(?,?,00000FFF,?), ref: 00F3CCC5
__swprintf.LIBCMT ref: 00F3CD1E
__swprintf.LIBCMT ref: 00F3CD37
_wprintf.LIBCMT ref: 00F3CDED
_wprintf.LIBCMT ref: 00F3CE0B

Strings

Line %d (File "%s"):, xrefs: 00F3CD18, 00F3CD31
^ ERROR, xrefs: 00F3CD8F
"%s" (%d) : ==> %s:%s%s, xrefs: 00F3CDE8
Error: , xrefs: 00F3CDB5
"%s" (%d) : ==> %s:, xrefs: 00F3CE06

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: LoadString__swprintf_wprintf
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 2889450990-2391861430
Opcode ID: c7a598d34a939a3ccd68da9ddc06714ed508bcabec2543a54f2506f0685b3944
Instruction ID: aaa400b57887ee0e2ee6657afa99ca58a3531bcd7f3d7df837de9803c1dbac34
Opcode Fuzzy Hash: c7a598d34a939a3ccd68da9ddc06714ed508bcabec2543a54f2506f0685b3944
Instruction Fuzzy Hash: 0F51717290050DAACB15FBA0CD42EEEB7B8AF05354F200165F60572091EB316F55EFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F3CA48, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 151COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 00F3CA8F
LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00F3CAB0
__swprintf.LIBCMT ref: 00F3CB09
__swprintf.LIBCMT ref: 00F3CB22
_wprintf.LIBCMT ref: 00F3CBCD
_wprintf.LIBCMT ref: 00F3CBEB

Strings

Line %d (File "%s"):, xrefs: 00F3CB03, 00F3CB1C
"%s" (%d) : ==> %s:%s%s, xrefs: 00F3CBC8
Error: , xrefs: 00F3CB95
^ ERROR , xrefs: 00F3CB64
"%s" (%d) : ==> %s:, xrefs: 00F3CBE6

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: LoadString__swprintf_wprintf
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 2889450990-3420473620
Opcode ID: ad63b578f638042f9dfb840eb1f588a0d78c5578cd78fc81b54e7715c0b05911
Instruction ID: c13cdb33d8861de0b1decb9ba0480d18ef2b089de96575f12bbead8ef264d673
Opcode Fuzzy Hash: ad63b578f638042f9dfb840eb1f588a0d78c5578cd78fc81b54e7715c0b05911
Instruction Fuzzy Hash: F251817290050DAACB15FBE0CD42EEEB7B8AF14354F200155F60572092EB756F59EF61

Uniqueness

Uniqueness Score: -1.00%

Function 00F355BD, Relevance: 19.7, APIs: 13, Instructions: 213windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00F355D7
GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 00F35664
GetMenuItemCount.USER32 ref: 00F356ED
DeleteMenu.USER32(00FB1708,00000005,00000000,000000F5,?,?), ref: 00F3577D
DeleteMenu.USER32(00FB1708,00000004,00000000), ref: 00F35785
DeleteMenu.USER32(00FB1708,00000006,00000000), ref: 00F3578D
DeleteMenu.USER32(00FB1708,00000003,00000000), ref: 00F35795
GetMenuItemCount.USER32 ref: 00F3579D
SetMenuItemInfoW.USER32 ref: 00F357D3
GetCursorPos.USER32(?), ref: 00F357DD
SetForegroundWindow.USER32(00000000), ref: 00F357E6
TrackPopupMenuEx.USER32(00FB1708,00000000,?,00000000,00000000,00000000), ref: 00F357F9
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00F35805

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
String ID:
API String ID: 3993528054-0
Opcode ID: abc2b1fd89d3cea58a7728a27fc56aca0d75949a3c9d57816e2f8d7170acfadd
Instruction ID: 674870c4e88318f728ec736f470f7cc6b96a8cd922ebf9916ddf53b9be9e5707
Opcode Fuzzy Hash: abc2b1fd89d3cea58a7728a27fc56aca0d75949a3c9d57816e2f8d7170acfadd
Instruction Fuzzy Hash: 0A71F371A40A09BFEB209F55CC4AFAABF65FF80B74F640205F518AA1E0C7706C50EB91

Uniqueness

Uniqueness Score: -1.00%

Function 00F325B5, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00F636F4,00000010,?,Bad directive syntax error,00F8DC00,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 00F325D6
LoadStringW.USER32(00000000,?,00F636F4,00000010), ref: 00F325DD
_wprintf.LIBCMT ref: 00F32610
__swprintf.LIBCMT ref: 00F32632
MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00F326A1

Strings

Line %d (File "%s"):, xrefs: 00F32647
%s (%d) : ==> %s.: %s %s, xrefs: 00F3260B
Line %d:, xrefs: 00F3262C
., xrefs: 00F32687
Error: , xrefs: 00F3266F

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: HandleLoadMessageModuleString__swprintf_wprintf
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 1080873982-4153970271
Opcode ID: 21e1b81fedabcfe700baf619d94738a9385630d2d1473c6ca8a6f7372c356eca
Instruction ID: 5a69c7ffdfb90b014783eff88111c7fb6df096145aa520b62865ecc9827de6ac
Opcode Fuzzy Hash: 21e1b81fedabcfe700baf619d94738a9385630d2d1473c6ca8a6f7372c356eca
Instruction Fuzzy Hash: 44212E7290021EAFCF11AF90CC4AFFE77B9BF19304F044455F605760A2DA71A659EB51

Uniqueness

Uniqueness Score: -1.00%

Function 00EF936C, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON

Download Yara Rule

APIs

__swprintf.LIBCMT ref: 00EF93AB
__itow.LIBCMT ref: 00EF93DF

Part of subcall function 00F11557: _xtow@16.LIBCMT ref: 00F11578

Strings

True, xrefs: 00F64C8C
%.15g, xrefs: 00EF93A5
0x%p, xrefs: 00F64CAD
False, xrefs: 00F64C93

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: __itow__swprintf_xtow@16
String ID: %.15g$0x%p$False$True
API String ID: 1502193981-2263619337
Opcode ID: 562137667129c5f37772633f1e373eb853f3df9c3ff5b6630a97a024ce77edff
Instruction ID: b196d4413db5342a5949085094c29c63bb9459e84ebde8eee4e84a1cfef2e9d5
Opcode Fuzzy Hash: 562137667129c5f37772633f1e373eb853f3df9c3ff5b6630a97a024ce77edff
Instruction Fuzzy Hash: B141D6769012099BDB24EF74DD42FBA73E4EB44310F20446EE68AD72C2EA35E941EB11

Uniqueness

Uniqueness Score: -1.00%

Function 00F34DDD, Relevance: 16.7, APIs: 11, Instructions: 189windowsleepCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00F34DF8
GetMenuItemInfoW.USER32(00FB1708,000000FF,00000000,00000030), ref: 00F34E59
SetMenuItemInfoW.USER32 ref: 00F34E8F
Sleep.KERNEL32(000001F4), ref: 00F34EA1
GetMenuItemCount.USER32 ref: 00F34EE5
GetMenuItemID.USER32(?,00000000), ref: 00F34F01
GetMenuItemID.USER32(?,-00000001), ref: 00F34F2B
GetMenuItemID.USER32(?,?), ref: 00F34F70
CheckMenuRadioItem.USER32 ref: 00F34FB6
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F34FCA
SetMenuItemInfoW.USER32 ref: 00F34FEB

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep_memset
String ID:
API String ID: 4176008265-0
Opcode ID: 927e7fcfbfee53d881388ed86a2883256ec6b3b043a68188c0948b982bca7264
Instruction ID: 3e029b62a9adcdfd256255e16afaa214c28c5c4ab9b03161dc498c73a7fee0ff
Opcode Fuzzy Hash: 927e7fcfbfee53d881388ed86a2883256ec6b3b043a68188c0948b982bca7264
Instruction Fuzzy Hash: 2061BF71900249AFDB20CFA4DC88EAE7BB8FF41328F180159F811A3291D730BD44EB21

Uniqueness

Uniqueness Score: -1.00%

Function 00F294E1, Relevance: 16.6, APIs: 11, Instructions: 109memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 00F294FE
SafeArrayAllocData.OLEAUT32(?), ref: 00F29549
VariantInit.OLEAUT32(?), ref: 00F2955B
SafeArrayAccessData.OLEAUT32(?,?), ref: 00F2957B
VariantCopy.OLEAUT32(?,?), ref: 00F295BE
SafeArrayUnaccessData.OLEAUT32(?), ref: 00F295D2
VariantClear.OLEAUT32(?), ref: 00F295E7
SafeArrayDestroyData.OLEAUT32(?), ref: 00F295F4
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F295FD
VariantClear.OLEAUT32(?), ref: 00F2960F
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F2961A

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 53089d2ac2d0ed9b1b454c7df3fe6ecf7e12d42f5b553775dfe68146fe73aa22
Instruction ID: 3c8dbc0a08d4e014b3cf3708167ca20953ee780ddb928fe46a0d58401b99b631
Opcode Fuzzy Hash: 53089d2ac2d0ed9b1b454c7df3fe6ecf7e12d42f5b553775dfe68146fe73aa22
Instruction Fuzzy Hash: 71413D31E0021DAFCB01EFA4EC489DEBFB9FF08354F508065E505A7251DB75AA85EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00EF3093, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 210COMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00EF30DC
CoUninitialize.OLE32(?,00000000), ref: 00EF3181
UnregisterHotKey.USER32(?), ref: 00EF32A9
DestroyWindow.USER32(?), ref: 00F65079
FreeLibrary.KERNEL32(?), ref: 00F650F8
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00F65125

Strings

close all, xrefs: 00EF30D7

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: acefbd5c127f7407c7388049d9a445eb9cf32761666f49480639839a85c08c62
Instruction ID: d251edec61bcae8ab9d5596553da0a9b0c726a0bbbb94eb374b8723af8d57f1f
Opcode Fuzzy Hash: acefbd5c127f7407c7388049d9a445eb9cf32761666f49480639839a85c08c62
Instruction Fuzzy Hash: 8A91393460120A9FD715EF24C895A79F3E4FF04704F6492A9E60AB7262DF30AE5ADF50

Uniqueness

Uniqueness Score: -1.00%

Function 00F4C43F, Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 401COMMON

Download Yara Rule

Strings

NULL Pointer assignment, xrefs: 00F4C876, 00F4C887
Not an Object type, xrefs: 00F4C49E

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 47760b6f1ff123b9725b93921762bc811866434c067e3f6efa77a20e0da81e00
Instruction ID: 53b244feecd820c9cd7c1d2d02a4dc5f9d9213ae6a77bd21a8dc23b53dfef412
Opcode Fuzzy Hash: 47760b6f1ff123b9725b93921762bc811866434c067e3f6efa77a20e0da81e00
Instruction Fuzzy Hash: 8DE1C071E01219ABDF50DFA8DC81BAE7BB5EF48324F149029FD05AB281D774AD41EB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F35819, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00F358B8

Strings

question, xrefs: 00F35871
info, xrefs: 00F35859
warning, xrefs: 00F358A1
blank, xrefs: 00F3583A
stop, xrefs: 00F35889

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 2dfbf7a12fee54b3aa356ecc4d415ca243098e0b0ae84ca027d4aaee8d60a161
Instruction ID: 198792967d2df6c15c6a631051de051fba0a9ea8b5b8732088e040a3b9730c5a
Opcode Fuzzy Hash: 2dfbf7a12fee54b3aa356ecc4d415ca243098e0b0ae84ca027d4aaee8d60a161
Instruction Fuzzy Hash: 19110D72609746FAE7055B54DC83DAA73DCEF55B34F20003AF501E5381E7B4AA817265

Uniqueness

Uniqueness Score: -1.00%

Function 00F3A729, Relevance: 12.3, APIs: 8, Instructions: 317COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 00F3A806

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: ArraySafeVartype
String ID:
API String ID: 1725837607-0
Opcode ID: 4a4946c375a50f7e973c24840b26d3c1e0b8c8ee7f58ecac1dda13a6c79c72f9
Instruction ID: e3a0c145e5602f27a8d4f6292054e9980397aad2e74abeab084d43702498d65a
Opcode Fuzzy Hash: 4a4946c375a50f7e973c24840b26d3c1e0b8c8ee7f58ecac1dda13a6c79c72f9
Instruction Fuzzy Hash: 58C1A17690520ADFDB10CF95D881BAEB7F4FF08321F204069E685E7281D739A941EF91

Uniqueness

Uniqueness Score: -1.00%

Function 00F36B49, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00F36B63
LoadStringW.USER32(00000000), ref: 00F36B6A
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00F36B80
LoadStringW.USER32(00000000), ref: 00F36B87
_wprintf.LIBCMT ref: 00F36BAD
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00F36BCB

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00F36BA8

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wprintf
String ID: %s (%d) : ==> %s: %s %s
API String ID: 3648134473-3128320259
Opcode ID: 728654db2f12f5c4e1d977bcdd2f185d0fe2c503ad546830de40739dbe3d51ec
Instruction ID: 7efceb8f4f44578756d56ae7267bc8597d94ad8355cf630722336291416270e5
Opcode Fuzzy Hash: 728654db2f12f5c4e1d977bcdd2f185d0fe2c503ad546830de40739dbe3d51ec
Instruction Fuzzy Hash: 830112F690020C7FEB11AB949D89EE6777CEB08304F404491B749E6041EA749EC4AF71

Uniqueness

Uniqueness Score: -1.00%

Function 00F1A979, Relevance: 12.1, APIs: 8, Instructions: 118COMMONLIBRARYCODE

Download Yara Rule

APIs

__mtinitlocknum.LIBCMT ref: 00F1A991

Part of subcall function 00F17D7C: __FF_MSGBANNER.LIBCMT ref: 00F17D91
Part of subcall function 00F17D7C: __NMSG_WRITE.LIBCMT ref: 00F17D98
Part of subcall function 00F17D7C: __malloc_crt.LIBCMT ref: 00F17DB8

__lock.LIBCMT ref: 00F1A9A4
__lock.LIBCMT ref: 00F1A9F0
InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00FA6DE0,00000018,00F25E7B,?,00000000,00000109), ref: 00F1AA0C
EnterCriticalSection.KERNEL32(8000000C,00FA6DE0,00000018,00F25E7B,?,00000000,00000109), ref: 00F1AA29
LeaveCriticalSection.KERNEL32(8000000C), ref: 00F1AA39

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
String ID:
API String ID: 1422805418-0
Opcode ID: 5953a0194ed0aa2a6fc5728a74d607d12ebfff6836d8f7d39d779f9bbcf5d77e
Instruction ID: 5e44cd9aae24cbc2d454b36aa3e89a77172c8717adc7d8ce8671e8f1a83285ae
Opcode Fuzzy Hash: 5953a0194ed0aa2a6fc5728a74d607d12ebfff6836d8f7d39d779f9bbcf5d77e
Instruction Fuzzy Hash: B6412971D02605DBEB249F68DD847DDB7B06F01335F144318E529AB2D1DB7898C0EB82

Uniqueness

Uniqueness Score: -1.00%

Function 00F32472, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 00F32485
__wcsnicmp.LIBCMT ref: 00F324A6
__wcsnicmp.LIBCMT ref: 00F324C0

Strings

#notrayicon, xrefs: 00F3247D
#requireadmin, xrefs: 00F324A0
#OnAutoItStartRegister, xrefs: 00F324BA

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: __wcsnicmp
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 1038674560-2734436370
Opcode ID: c1abb2213803e8307a2eb76ce102f4ab27e9cd1b3b4e9613ba03b00608830217
Instruction ID: dfd5766ca0b53ea331937a25997d6571fc047b03badcd1469c4b84f27ae4960d
Opcode Fuzzy Hash: c1abb2213803e8307a2eb76ce102f4ab27e9cd1b3b4e9613ba03b00608830217
Instruction Fuzzy Hash: 28213A32604211A7C760EA24DC12FBB7398EF65330F644025F54597082E6659A82F3D5

Uniqueness

Uniqueness Score: -1.00%

Function 00F34AC2, Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00F34B10
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F34B5B
IsMenu.USER32 ref: 00F34B7B
CreatePopupMenu.USER32(00FB1708,00000040,745E33D0), ref: 00F34BAF
GetMenuItemCount.USER32 ref: 00F34C0D
InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00F34C3E

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup_memset
String ID:
API String ID: 3311875123-0
Opcode ID: 0b317cb9ca31b88a99b360dc1091c142996e03350d9aec1a3c00f5e1e8b7394f
Instruction ID: 25df0b50192d779b279749df948e9362c82ad7d83341c5cddc1100f84539f6b0
Opcode Fuzzy Hash: 0b317cb9ca31b88a99b360dc1091c142996e03350d9aec1a3c00f5e1e8b7394f
Instruction Fuzzy Hash: 4151E070A02209EFCF20CF68D888BADBBF4BF84378F144159E4259B291D774B984EB51

Uniqueness

Uniqueness Score: -1.00%

Function 00F39AD5, Relevance: 9.0, APIs: 6, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 1423608774-0
Opcode ID: cea4eacfa4f1b0aa9bbb6cbfd727b60d0b0a06eaae8f7d9fe9dea38853f0ae84
Instruction ID: 2199dff4d5090021637ba6b3110f8862118a936b8c5a0f1cca5462f03a0a07dd
Opcode Fuzzy Hash: cea4eacfa4f1b0aa9bbb6cbfd727b60d0b0a06eaae8f7d9fe9dea38853f0ae84
Instruction Fuzzy Hash: A001D132506215ABDB142F94EC48DEB7779FF88321B840129F507A20A1DBF89841FB61

Uniqueness

Uniqueness Score: -1.00%

Function 00EF27EC, Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00EF281D
MapVirtualKeyW.USER32(00000010,00000000), ref: 00EF2825
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00EF2830
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00EF283B
MapVirtualKeyW.USER32(00000011,00000000), ref: 00EF2843
MapVirtualKeyW.USER32(00000012,00000000), ref: 00EF284B

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 423b14665688845b6e17b6efc066fc632c2f896aaa86a3269d516f849dc06949
Instruction ID: 511da4dfbc268fc8061b101e8665a9a19645acc8c166242572eac0977e43ba5f
Opcode Fuzzy Hash: 423b14665688845b6e17b6efc066fc632c2f896aaa86a3269d516f849dc06949
Instruction Fuzzy Hash: 1A0144B0902B5ABDE3008F6A8C85A52FEA8FF19354F00411BA15C47A42C7B5A864CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00F39A20, Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,?), ref: 00F39A33
EnterCriticalSection.KERNEL32(?,?,?,?,00F65DEE,?,?,?,?,?,00EFED63), ref: 00F39A44
TerminateThread.KERNEL32(?,000001F6,?,?,?,00F65DEE,?,?,?,?,?,00EFED63), ref: 00F39A51
WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00F65DEE,?,?,?,?,?,00EFED63), ref: 00F39A5E

Part of subcall function 00F393D1: CloseHandle.KERNEL32(?,?,00F39A6B,?,?,?,00F65DEE,?,?,?,?,?,00EFED63), ref: 00F393DB

InterlockedExchange.KERNEL32(?,000001F6), ref: 00F39A71
LeaveCriticalSection.KERNEL32(?,?,?,?,00F65DEE,?,?,?,?,?,00EFED63), ref: 00F39A78

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 91de9ef045d71e5d4a9b3f84b5ff1d8c6a09fd3fd156728867eb45fd8b24adbb
Instruction ID: d0923f8250de5065098b744f822e5b98fbaac193ed1e1604639e2a3e53d64f8d
Opcode Fuzzy Hash: 91de9ef045d71e5d4a9b3f84b5ff1d8c6a09fd3fd156728867eb45fd8b24adbb
Instruction Fuzzy Hash: D5F0BE32545209ABD7111FA4EC88DAF3739FF84311F840021F107A10B1DBB89842FB62

Uniqueness

Uniqueness Score: -1.00%

Function 00EF1CDE, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON

Download Yara Rule

APIs

Part of subcall function 00F0F4EA: _malloc.LIBCMT ref: 00F0F502

Part of subcall function 00F0F4EA: std::exception::exception.LIBCMT ref: 00F0F51E
Part of subcall function 00F0F4EA: __CxxThrowException@8.LIBCMT ref: 00F0F533

__swprintf.LIBCMT ref: 00EF1EA6

Strings

\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00EF1D49

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Exception@8Throw__swprintf_mallocstd::exception::exception
String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
API String ID: 873793700-557222456
Opcode ID: df2a254ce3fdb3b8cd2b4777949d2dad6fdeee2b2dc310daec4dfc9abb6dd7da
Instruction ID: 7b29918d2daeb12c91c07a3ce236ed0c779fe8c1f039e4c7ee086489f385f3c7
Opcode Fuzzy Hash: df2a254ce3fdb3b8cd2b4777949d2dad6fdeee2b2dc310daec4dfc9abb6dd7da
Instruction Fuzzy Hash: 6C917A725042099FC724EF24CC95C7AB7E4BF95700F04595DFA86A72A1DB70EE04DB92

Uniqueness

Uniqueness Score: -1.00%

Function 00F35007, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00F35075
GetMenuItemInfoW.USER32 ref: 00F35091
DeleteMenu.USER32(00000004,00000007,00000000), ref: 00F350D7
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00FB1708,00000000), ref: 00F35120

Strings

0, xrefs: 00F3506D

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Menu$Delete$InfoItem_memset
String ID: 0
API String ID: 1173514356-4108050209
Opcode ID: 203ef856e7a5236d3e8fc02b3176f5076cee0f5f4a60658c901ebc24f6c8b531
Instruction ID: b5caaf8e095b27352844ed52acb7dc51e90ea2d6a49838beae79d513adabae5e
Opcode Fuzzy Hash: 203ef856e7a5236d3e8fc02b3176f5076cee0f5f4a60658c901ebc24f6c8b531
Instruction Fuzzy Hash: 4641F3712057019FD720EF24DC80B6AB7E4AFC5B34F044A6EF99597291D730E944DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00F22F96, Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00F22FA2

Part of subcall function 00F1395C: __FF_MSGBANNER.LIBCMT ref: 00F13973
Part of subcall function 00F1395C: __NMSG_WRITE.LIBCMT ref: 00F1397A
Part of subcall function 00F1395C: RtlAllocateHeap.NTDLL(01040000,00000000,00000001,00000001,00000000,?,?,00F0F507,?,0000000E), ref: 00F1399F

_free.LIBCMT ref: 00F22FB5

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: 9fc91220a35a7a519ad54d669fae0c940e81c6203e0e72ecc8e329b6f92f8627
Instruction ID: 1cb619fbad07ecdc8857fdbc27a5538b9faf9b1882f3500b2fe74b63b5e93579
Opcode Fuzzy Hash: 9fc91220a35a7a519ad54d669fae0c940e81c6203e0e72ecc8e329b6f92f8627
Instruction Fuzzy Hash: A511E332909326ABDB217B74BC446AA3BA8AF04374F204525F90D9A151DB3DC980BAE0

Uniqueness

Uniqueness Score: -1.00%

Function 00F37A58, Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00F37A74
QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00F37A82
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00F37A8A
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00F37A94
Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00F37AD0

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 8dc4f5e464688001af0baa87e03a9c0c7c9b3082444ccbec939c8cd3c7c66158
Instruction ID: a0238c9281d589118358179cc380e1fc4a327527bd114a40ce7e2feaa79eafbe
Opcode Fuzzy Hash: 8dc4f5e464688001af0baa87e03a9c0c7c9b3082444ccbec939c8cd3c7c66158
Instruction Fuzzy Hash: 7B012DB1D0861DEBDF10AFE4DC58ADDBB78FF08721F400455D502B2260DB749690E7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00EF1F21, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON

Download Yara Rule

Strings

#, xrefs: 00EF1F64
+, xrefs: 00EF1F5D

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID:
String ID: #$+
API String ID: 0-2552117581
Opcode ID: c950475e3d3a01817bd2860fbda3cfc600af5a892eae3bf9c32ac64e68d3fa75
Instruction ID: 2d3fa9b4ace008fd1ad517f89cfaaa08373a9b7b24aac523341400da69d130ae
Opcode Fuzzy Hash: c950475e3d3a01817bd2860fbda3cfc600af5a892eae3bf9c32ac64e68d3fa75
Instruction Fuzzy Hash: 9551247A90424A9FDF15DF68C441AFA3BB4EF15320F184059EAC1AB291D7389E42F760

Uniqueness

Uniqueness Score: -1.00%

Function 00F34606, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,00F8DC50,?,0000000F,0000000C,00000016,00F8DC50,?), ref: 00F34645

Part of subcall function 00EF936C: __swprintf.LIBCMT ref: 00EF93AB
Part of subcall function 00EF936C: __itow.LIBCMT ref: 00EF93DF

CharUpperBuffW.USER32(?,?,00000000,?), ref: 00F346C5

Strings

THIS, xrefs: 00F34703
REMOVE, xrefs: 00F34676

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: BuffCharUpper$__itow__swprintf
String ID: REMOVE$THIS
API String ID: 3797816924-776492005
Opcode ID: 9248ae49b7b796d7e8d058fcfe95c2fc1f3db3c0703274453caf26914102797e
Instruction ID: 248b1d86222a2bd7c927fc2eb807913d0fb674a6f31bca22910ee6b80ac8f0e1
Opcode Fuzzy Hash: 9248ae49b7b796d7e8d058fcfe95c2fc1f3db3c0703274453caf26914102797e
Instruction Fuzzy Hash: C9415C35A002199FCF00EFA4C881AADB7F5FF49324F148469E916AB292DB35BD45EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00EF42F6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00000000,00EF42EC,?,00EF42AA,?), ref: 00EF4304
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00EF4316

Strings

kernel32.dll, xrefs: 00EF42FF
Wow64RevertWow64FsRedirection, xrefs: 00EF4310

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 2574300362-1355242751
Opcode ID: 2a4d83b90e2c27ffe4f89800651484fb6f327705f9636ddd6339a5e933a31782
Instruction ID: cb7deff65c85c898e1257f7f59073d04ed69165013f3d7a6b2d239cbd72d9f71
Opcode Fuzzy Hash: 2a4d83b90e2c27ffe4f89800651484fb6f327705f9636ddd6339a5e933a31782
Instruction Fuzzy Hash: 6ED0A7F0900716DFE7204F64E80C61377E4AF05319F404419E945E21A0E7F0C8C0D712

Uniqueness

Uniqueness Score: -1.00%

Function 00EF434B, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00EF41BB,00EF4341,?,00EF422F,?,00EF41BB,?,?,?,?,00EF39FE,?,00000001), ref: 00EF4359
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00EF436B

Strings

kernel32.dll, xrefs: 00EF4354
Wow64DisableWow64FsRedirection, xrefs: 00EF4365

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 2574300362-3689287502
Opcode ID: 36e8e78120abee3b98bdf61ea8dc1a6a393d7e7131c61aeefd497be4dcbcb404
Instruction ID: 0f066f30e0a8ecd6d9538717efd29f46eefebccc2fd19d9c8f1d2b925dcb5e07
Opcode Fuzzy Hash: 36e8e78120abee3b98bdf61ea8dc1a6a393d7e7131c61aeefd497be4dcbcb404
Instruction Fuzzy Hash: 45D0A7B05047169FD7204F34E80861377E4AF1571DB814419E895E2190D7F0D8C0D712

Uniqueness

Uniqueness Score: -1.00%

Function 00F29B30, Relevance: 6.3, APIs: 4, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62841747981421eeceb1c4ffd524641e9f48d96789efc68f18ae3dac03471563
Instruction ID: dcb02b04de870306aa863241ed37297c8d54ab55d542bc3825ebe2a5986eaa8e
Opcode Fuzzy Hash: 62841747981421eeceb1c4ffd524641e9f48d96789efc68f18ae3dac03471563
Instruction Fuzzy Hash: C9C17E75E0422AEFCB14CF94D894AAEB7B5FF48710F104598E805EB291D770DE81EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00F291CC, Relevance: 6.2, APIs: 4, Instructions: 201memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00F291DD
SysAllocString.OLEAUT32(?), ref: 00F29286
VariantCopy.OLEAUT32 ref: 00F292B5
VariantClear.OLEAUT32(?), ref: 00F292DC

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Variant$AllocClearCopyInitString
String ID:
API String ID: 2808897238-0
Opcode ID: 8974f0ac5a34700e2884d5947fe620bd2c3a38e5e7ef3f8c3cc090d09b7459cd
Instruction ID: b3f5e8613f61d20b807bc3b6720778a4d532442878533b3b7db0d1b254890273
Opcode Fuzzy Hash: 8974f0ac5a34700e2884d5947fe620bd2c3a38e5e7ef3f8c3cc090d09b7459cd
Instruction Fuzzy Hash: 3F519535A08316DBDB24DF65E89572EB3E9EF44310F20981FE546DB2D1DBB49C80A705

Uniqueness

Uniqueness Score: -1.00%

Function 00F1365B, Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 00F136B7
_memcpy_s.LIBCMT ref: 00F13729
__filbuf.LIBCMT ref: 00F137AA
_memset.LIBCMT ref: 00F137EE

Part of subcall function 00F17C0E: __getptd_noexit.LIBCMT ref: 00F17C0E

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: _memset$__filbuf__getptd_noexit_memcpy_s
String ID:
API String ID: 3877424927-0
Opcode ID: 065ad613f1183b824f05baa70d3d15c8958660488bca00daffb81e2f860a9d07
Instruction ID: ddad50edbdbdfad245eae9374765425ec2c0aaac00313fd78ddf9dafc19c6afc
Opcode Fuzzy Hash: 065ad613f1183b824f05baa70d3d15c8958660488bca00daffb81e2f860a9d07
Instruction Fuzzy Hash: D15183B5E04305EBDB249F698885AEE7BA5AF40330F248729F825962D0D7759FD0BB40

Uniqueness

Uniqueness Score: -1.00%

Function 00F24004, Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00F24038
__isleadbyte_l.LIBCMT ref: 00F24066
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00F24094
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00F240CA

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 97318248224233df2e31d44d4fb4d5bc75494a4112ccd665d242d35bb7468917
Instruction ID: 877b85f2a618c782b1042d5b9dc99753b7075c87640e8352762a4be13af25d32
Opcode Fuzzy Hash: 97318248224233df2e31d44d4fb4d5bc75494a4112ccd665d242d35bb7468917
Instruction Fuzzy Hash: 7E31D231A00226EFDB21DF74DC44BAA7BB5FF40320F154028E6658B091E7B1E8D0EB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F17452, Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F17A0D: __getptd_noexit.LIBCMT ref: 00F17A0E

__lock.LIBCMT ref: 00F1748F
InterlockedDecrement.KERNEL32(?), ref: 00F174AC
_free.LIBCMT ref: 00F174BF
InterlockedIncrement.KERNEL32(01055860), ref: 00F174D7

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
String ID:
API String ID: 2704283638-0
Opcode ID: 52385b789ec08ce78f9adab7906ea9b3776fa7aad4190f1f5c33ad7c60f82a2a
Instruction ID: 8e0750511640d75bfe15f72bdf3b10835632bdbef0b918276b845b29d3ada138
Opcode Fuzzy Hash: 52385b789ec08ce78f9adab7906ea9b3776fa7aad4190f1f5c33ad7c60f82a2a
Instruction Fuzzy Hash: 03013936D09725EBDB62FFA5980579DBB70BF05720F244009E81CA7690CB2869C1FED2

Uniqueness

Uniqueness Score: -1.00%

Function 00F17A94, Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 00F17AD8

Part of subcall function 00F17CF4: __mtinitlocknum.LIBCMT ref: 00F17D06
Part of subcall function 00F17CF4: EnterCriticalSection.KERNEL32(00000000,?,00F17ADD,0000000D), ref: 00F17D1F

InterlockedIncrement.KERNEL32(?), ref: 00F17AE5
__lock.LIBCMT ref: 00F17AF9
___addlocaleref.LIBCMT ref: 00F17B17

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
String ID:
API String ID: 1687444384-0
Opcode ID: 2d09bc8df1a47ca9027ee14ac8bdc3954ff2aefc88d1f044b4e41ac15f184345
Instruction ID: 419d462518344bdffcdfb2ac03a9b561e2670c1f53691179d558b1c445be04d1
Opcode Fuzzy Hash: 2d09bc8df1a47ca9027ee14ac8bdc3954ff2aefc88d1f044b4e41ac15f184345
Instruction Fuzzy Hash: 4B016D71404B009FD720EF75D90578AF7F0AF54325F20890EA49AD72A1CB78A684EB51

Uniqueness

Uniqueness Score: -1.00%

Function 00F3C56D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00EF44ED: __fread_nolock.LIBCMT ref: 00EF450B

_wcscmp.LIBCMT ref: 00F3C65D
_wcscmp.LIBCMT ref: 00F3C670

Strings

FILE, xrefs: 00F3C5A5

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: _wcscmp$__fread_nolock
String ID: FILE
API String ID: 4029003684-3121273764
Opcode ID: 8c6b55187df2e449e7969717a09dc24d2500d4eb8c4a003e94007b4a65b230cf
Instruction ID: a3d557bacd8e7a23c88670b8ab56f7f69e9bfbbf61d43f02f587874fcb4ce037
Opcode Fuzzy Hash: 8c6b55187df2e449e7969717a09dc24d2500d4eb8c4a003e94007b4a65b230cf
Instruction Fuzzy Hash: 9B41D672A0020ABADF10ABA4DC42FEF77F9AF49724F001069F615F7181D7759A049BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F4658B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON

Download Yara Rule

APIs

__snwprintf.LIBCMT ref: 00F46608

Strings

AUTOITCALLVARIABLE%d, xrefs: 00F465FA
, $, xrefs: 00F46648

Memory Dump Source

Source File: 00000006.00000002.1160809303.0000000000EF1000.00000020.00020000.sdmp, Offset: 00EF0000, based on PE: true

Associated: 00000006.00000002.1160791611.0000000000EF0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160936204.0000000000F7D000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160964452.0000000000F9E000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.1160981690.0000000000FAA000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.1161007692.0000000000FB4000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_ef0000_alp.jbxd

Similarity

API ID: __snwprintf
String ID: , $$AUTOITCALLVARIABLE%d
API String ID: 2391506597-2584243854
Opcode ID: 669e7429d5f6d58c02a9aa46c3c6e10b4a9382ebf32368ffc491ce1520e39cdd
Instruction ID: f974bb41e5a958a9dc781a0f082da5c28f71b6bc88fdc0da512f44db5756422e
Opcode Fuzzy Hash: 669e7429d5f6d58c02a9aa46c3c6e10b4a9382ebf32368ffc491ce1520e39cdd
Instruction Fuzzy Hash: 39216F7160011CABCF14EF64CC82EAD7BB5AF46740F1144A9F605EB181DB70EA45EBA6

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report $RDPLVFM.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: $RDPLVFM.exe PID: 7136 Parent PID: 6020

General

Function 00408598, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 55
COMMON

Function 0041A004, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53
COMMON

Function 00438C35, Relevance: 56.7, APIs: 15, Strings: 17, Instructions: 691
COMMON

Function 00439045, Relevance: 56.5, APIs: 15, Strings: 17, Instructions: 507
COMMON

Function 00438600, Relevance: 40.8, APIs: 15, Strings: 8, Instructions: 511
COMMON

Function 00436E2E, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 237
COMMON

Function 004353E3, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 250
COMMON

Function 004357DB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 135
COMMON

Function 004063EA, Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 350
COMMON

Function 0048CDCE, Relevance: 10.6, APIs: 7, Instructions: 57
COMMON

Function 0048CE45, Relevance: 10.5, APIs: 7, Instructions: 43
COMMON

Function 00424B24, Relevance: 9.4, APIs: 4, Strings: 1, Instructions: 654
COMMON

Function 00434BD9, Relevance: 9.1, APIs: 6, Instructions: 137
COMMON

Function 00418134, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 208
COMMON

Function 0040528E, Relevance: 7.6, APIs: 5, Instructions: 72
filetimeCOMMON