Edit tour

Windows Analysis Report
0RzXzro3zx.exe

Overview

General Information

Sample Name:	0RzXzro3zx.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original Sample Name:	FE3EBBDABA19C44BD448E3484D6E603A3830077B93AD355161C1A7F0218253FD
Analysis ID:	824190
MD5:	300072e208756288b4d1fc51197635f0
SHA1:	30adcb5652c229cc3fcba71ffb07af4a241f84b3
SHA256:	fe3ebbdaba19c44bd448e3484d6e603a3830077b93ad355161c1a7f0218253fd
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Multi AV Scanner detection for dropped file

Machine Learning detection for sample

Uses regedit.exe to modify the Windows registry

Machine Learning detection for dropped file

Found potential ransomware demand text

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Antivirus or Machine Learning detection for unpacked file

Contains functionality to query locales information (e.g. system language)

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Detected potential crypto function

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to dynamically determine API calls

Contains functionality to read the clipboard data

Found dropped PE file which has not been started or loaded

Entry point lies outside standard sections

Creates a DirectInput object (often for capturing keystrokes)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample file is different than original file name gathered from version info

Drops PE files

Tries to load missing DLLs

Installs a global mouse hook

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64

0RzXzro3zx.exe (PID: 2008 cmdline: C:\Users\user\Desktop\0RzXzro3zx.exe MD5: 300072E208756288B4D1FC51197635F0)

ZeroX.exe (PID: 5996 cmdline: "C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe" MD5: 990CB25406490C0A25467C53CE847E6F)

cmd.exe (PID: 6024 cmdline: cmd.exe /c C:\Users\user\AppData\Local\Temp\bt1650.bat MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

DATOS.exe (PID: 6132 cmdline: DATOS.exe -y MD5: E920233CFC72E6D7E8AEC9D0B52C0A28)

regedit.exe (PID: 5112 cmdline: regedit /s REG.reg MD5: 617538C965AC4DDC72F9CF647C4343D5)

hl.exe (PID: 4512 cmdline: hl.exe -game cstrike MD5: 46A54ABFC758AD1FACD11B2926F40D3C)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 0RzXzro3zx.exe

ReversingLabs: Detection: 17%

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\AdminServer.dll

ReversingLabs: Detection: 30%

Machine Learning detection for sample

Source: 0RzXzro3zx.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\AdminServer.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Joe Sandbox ML: detected

Source: 0.3.0RzXzro3zx.exe.2acc4cd.0.unpack

Avira: Label: TR/Patched.Ren.Gen

Source: 0RzXzro3zx.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source:	Binary string: U:\hl1_cldll\GoldSrc\filesystem\FileSystem_Stdio\Release_STEAM\FileSystem_Steam.pdb source: DATOS.exe, 00000004.00000003.427407106.00000000045C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\dvander\amxmodx\csdm_amxx\Release\csdm_amxx.pdb source: DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\steam3_rel_client\bin\Release\vstdlib_s.pdbp source: hl.exe, 0000000F.00000002.533132070.000000000EC9B000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: u:\p4clients\main_integ\Projects\GazelleProto\Client\Engine\VC70_Release_Static\SteamEngine.pdb source: hl.exe, 0000000F.00000002.536372749.0000000020281000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: U:\main\GoldSrc\filesystem\FileSystem_Stdio\Release\FileSystem_Stdio.pdb source: DATOS.exe, 00000004.00000003.427407106.00000000045A4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\amxmodx\compiler\libpc300\Release32\libpc300.pdb source: DATOS.exe, 00000004.00000003.427407106.00000000042CD000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\steam3_rel_client\bin\Release\vstdlib_s.pdb source: hl.exe, 0000000F.00000002.533132070.000000000EC9B000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: r:\amxmodx\compiler\libpc300\Release32\libpc300.pdb8 source: DATOS.exe, 00000004.00000003.427407106.00000000042CD000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: u:\p4clients\main_integ\Projects\GazelleProto\Client\Engine\VC70_Release_Static\SteamEngine.pdb\ source: hl.exe, 0000000F.00000002.536372749.0000000020281000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: r:\dvander\amxmodx\csdm_amxx\Release\csdm_amxx.pdbth source: DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\amxmodx\compiler\libpc300\Release64\libpc300.pdb source: DATOS.exe, 00000004.00000003.427407106.00000000042CD000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: U:\valve_main\GoldSrc\GameUI\Release\GameUI.pdb source: DATOS.exe, 00000004.00000003.427407106.000000000475E000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: U:\hl1_cldll\GoldSrc\filesystem\FileSystem_Stdio\Release_STEAM\FileSystem_Steam.pdbMZKERNEL32.DLLLoadLibraryAGetProcAddressUpackByDwing@PEL source: DATOS.exe, 00000004.00000003.427407106.00000000045C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: U:\main\GoldSrc\filesystem\FileSystem_Stdio\Release\FileSystem_Stdio.pdbMZ source: DATOS.exe, 00000004.00000003.427407106.00000000045A4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\amxmodx\dlls\csx\source\WinCSX\Release\WinCSX.pdb source: DATOS.exe, 00000004.00000003.429601239.0000000001FF0000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.431162957.0000000000660000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\amxmodx_base\1.76d\amxmodx\msvc\jitrelease\amxmodx_mm.pdb source: DATOS.exe, 00000004.00000003.427407106.00000000042CD000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: U:\valve_main\GoldSrc\GameUI\Release\GameUI.pdbMZ source: DATOS.exe, 00000004.00000003.427407106.000000000475E000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\amxmodx\dlls\engine\Release\engine.pdb source: DATOS.exe, 00000004.00000003.427407106.0000000004540000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\amxmodx\dlls\fakemeta\Release\fakemeta.pdb source: DATOS.exe, 00000004.00000003.427407106.0000000004540000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00405250 GetModuleHandleA,6C9C5550,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,	1_2_00405250
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Code function: 4_2_00404771 __EH_prolog,FindFirstFileW,AreFileApisANSI,FindFirstFileA,	4_2_00404771
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Code function: 15_2_00CA15AE FindFirstFileA,GetLastError,	15_2_00CA15AE

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	File opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	File opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	File opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	File opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	File opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\csdm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	File opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\csdm\extraconfigs	Jump to behavior

Source: hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dayofdefeatmod.com/
Source: ZeroX.exe, ZeroX.exe, 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.abyssmedia.com
Source: DATOS.exe, 00000004.00000003.427407106.00000000042CD000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.0000000004540000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.amxmodx.org
Source: DATOS.exe, 00000004.00000003.427407106.00000000042CD000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.429601239.0000000001FF0000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.431162957.0000000000660000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.amxmodx.org/
Source: DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.amxmodx.org/AMX
Source: DATOS.exe, 00000004.00000003.427407106.0000000004540000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.amxmodx.orgAMX
Source: DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.bailopan.net/
Source: DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.bailopan.net/CSDM
Source: DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.bailopan.net/csdm/
Source: hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.counter-strike.net/
Source: hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.counter-strike.net/U
Source: hl.exe, 0000000F.00000002.524925651.0000000001D01000.00000004.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.counter-strike.net/cheat.html
Source: hl.exe, 0000000F.00000002.532657730.000000000E4B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cs-conditionzero.com/
Source: hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gearboxsoftware.com/
Source: hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gearboxsoftware.com/D
Source: DATOS.exe, 00000004.00000003.408551867.0000000004529000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.408551867.0000000004196000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.goldwave.com
Source: DATOS.exe, 00000004.00000003.408551867.0000000004196000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.goldwave.comICRD
Source: DATOS.exe, 00000004.00000003.408551867.0000000004196000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.goldwave.comRIFF
Source: DATOS.exe, 00000004.00000003.408551867.0000000004529000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.goldwave.comRIFFdOWAVEfmt
Source: DATOS.exe, 00000004.00000003.408551867.0000000004196000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.goldwave.comRIFFpdWAVEfmt
Source: DATOS.exe, 00000004.00000003.427407106.0000000004B4C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.metamod.org/
Source: hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.steampowered.com/
Source: hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.steampowered.com/I
Source: hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.steampowered.com/_
Source: hl.exe, 0000000F.00000003.481152891.00000000067DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.steampowered.com/autoupdate
Source: hl.exe, 0000000F.00000002.532082643.000000000AB98000.00000004.00000001.01000000.0000001D.sdmp	String found in binary or memory: http://www.steampowered.com/platform/friends/
Source: hl.exe, 0000000F.00000002.532082643.000000000AB98000.00000004.00000001.01000000.0000001D.sdmp	String found in binary or memory: http://www.steampowered.com/platform/friends/Friends/DialogSystemMessage.rescloseCloseButton#Tracker
Source: DATOS.exe, 00000004.00000003.427407106.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.000000000475E000.00000004.00001000.00020000.00000000.sdmp, hl.exe, 0000000F.00000002.529796530.00000000066CD000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: https://http://invalidCGameUI::StartProgressBar%s.dllCreateInterface

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe

Code function: 15_2_00C400E0 ?getClipboardTextCount@App@vgui@@UAEHXZ,OpenClipboard,GetClipboardData,GlobalSize,CloseClipboard,

15_2_00C400E0

Source: DATOS.exe, 00000004.00000002.436397478.000000000067A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe

Windows user hook set: 0 mouse low level C:\Windows\SYSTEM32\DINPUT.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe

Code function: 15_2_00C400E0 ?getClipboardTextCount@App@vgui@@UAEHXZ,OpenClipboard,GetClipboardData,GlobalSize,CloseClipboard,

15_2_00C400E0

Spam, unwanted Advertisements and Ransom Demands

Found potential ransomware demand text

Source: hl.exe, 0000000F.00000002.533132070.000000000EC9B000.00000002.00000001.01000000.00000021.sdmp	String found in binary or memory: ?Unlock@CThreadMutex@@QAEXXZ
Source: hl.exe, 0000000F.00000002.536838639.000000002113E000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: _AIL_unlock@0

System Summary

Uses regedit.exe to modify the Windows registry

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\regedit.exe regedit /s REG.reg

Source: 0RzXzro3zx.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_004183A0	1_2_004183A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_0040CF7A	1_2_0040CF7A
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Code function: 4_2_0040C8D0	4_2_0040C8D0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Code function: 4_2_004172C7	4_2_004172C7
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Code function: 4_2_00416766	4_2_00416766
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Code function: 4_2_00416BAB	4_2_00416BAB
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Code function: 4_2_00414E26	4_2_00414E26
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Code function: 4_2_00416ECF	4_2_00416ECF
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Code function: 15_2_00C473C4	15_2_00C473C4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Code function: 15_2_00C23B60	15_2_00C23B60
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Code function: 15_2_00C4C4A3	15_2_00C4C4A3
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Code function: 15_2_00C22660	15_2_00C22660
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Code function: 15_2_00CA63C9	15_2_00CA63C9
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Code function: 15_2_00CA8656	15_2_00CA8656

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Code function: String function: 00C3E350 appears 131 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: String function: 00404274 appears 69 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Code function: String function: 00417F20 appears 226 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Code function: String function: 00402E39 appears 49 times

Source: 0RzXzro3zx.exe, 00000000.00000003.266593339.00000000040B1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename" vs 0RzXzro3zx.exe
Source: 0RzXzro3zx.exe, 00000000.00000003.256732395.0000000002A92000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7z.sfx.exe, vs 0RzXzro3zx.exe

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: vgui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: dbg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: vgui2.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: dsound.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: mcicda.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: voice_miles.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: demoplayer.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: core.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: steamclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: vstdlib_s.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: tier0_s.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: tier0_s.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Section loaded: dhcpcsvc.dll	Jump to behavior

Source: AdminServer.dll.4.dr

Static PE information: Section: .rsrc ZLIB complexity 1.0002121685750052

Source: 0RzXzro3zx.exe

ReversingLabs: Detection: 17%

Source: C:\Users\user\Desktop\0RzXzro3zx.exe

File read: C:\Users\user\Desktop\0RzXzro3zx.exe

Jump to behavior

Source: 0RzXzro3zx.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\0RzXzro3zx.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\0RzXzro3zx.exe C:\Users\user\Desktop\0RzXzro3zx.exe
Source: C:\Users\user\Desktop\0RzXzro3zx.exe	Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe"
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c C:\Users\user\AppData\Local\Temp\bt1650.bat
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe DATOS.exe -y
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\regedit.exe regedit /s REG.reg
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe hl.exe -game cstrike
Source: C:\Users\user\Desktop\0RzXzro3zx.exe	Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c C:\Users\user\AppData\Local\Temp\bt1650.bat	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe DATOS.exe -y	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\regedit.exe regedit /s REG.reg	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe hl.exe -game cstrike	Jump to behavior

Source: C:\Users\user\Desktop\0RzXzro3zx.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\0RzXzro3zx.exe

File created: C:\Users\user\AppData\Local\Temp\RarSFX0

Jump to behavior

Source: classification engine

Classification label: mal72.rans.evad.winEXE@12/1028@0/0

Source: C:\Users\user\Desktop\0RzXzro3zx.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe

Code function: 1_2_004079D6 GetDiskFreeSpaceA,

1_2_004079D6

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Mutant created: \Sessions\1\BaseNamedObjects\ValveHalfLifeLauncherMutex
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Mutant created: \Sessions\1\BaseNamedObjects\ValvePlatformWaitMutex
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Mutant created: \Sessions\1\BaseNamedObjects\ValvePlatformUIMutex
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6004:120:WilError_01

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe

Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c C:\Users\user\AppData\Local\Temp\bt1650.bat

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe

File written: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\clcmds.ini

Jump to behavior

Source: C:\Users\user\Desktop\0RzXzro3zx.exe

Window found: window name: RichEdit

Jump to behavior

Source: C:\Users\user\Desktop\0RzXzro3zx.exe

File opened: C:\Windows\SysWOW64\riched32.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 0RzXzro3zx.exe

Static file information: File size 67826994 > 1048576

Source:	Binary string: U:\hl1_cldll\GoldSrc\filesystem\FileSystem_Stdio\Release_STEAM\FileSystem_Steam.pdb source: DATOS.exe, 00000004.00000003.427407106.00000000045C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\dvander\amxmodx\csdm_amxx\Release\csdm_amxx.pdb source: DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\steam3_rel_client\bin\Release\vstdlib_s.pdbp source: hl.exe, 0000000F.00000002.533132070.000000000EC9B000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: u:\p4clients\main_integ\Projects\GazelleProto\Client\Engine\VC70_Release_Static\SteamEngine.pdb source: hl.exe, 0000000F.00000002.536372749.0000000020281000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: U:\main\GoldSrc\filesystem\FileSystem_Stdio\Release\FileSystem_Stdio.pdb source: DATOS.exe, 00000004.00000003.427407106.00000000045A4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\amxmodx\compiler\libpc300\Release32\libpc300.pdb source: DATOS.exe, 00000004.00000003.427407106.00000000042CD000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\steam3_rel_client\bin\Release\vstdlib_s.pdb source: hl.exe, 0000000F.00000002.533132070.000000000EC9B000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: r:\amxmodx\compiler\libpc300\Release32\libpc300.pdb8 source: DATOS.exe, 00000004.00000003.427407106.00000000042CD000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: u:\p4clients\main_integ\Projects\GazelleProto\Client\Engine\VC70_Release_Static\SteamEngine.pdb\ source: hl.exe, 0000000F.00000002.536372749.0000000020281000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: r:\dvander\amxmodx\csdm_amxx\Release\csdm_amxx.pdbth source: DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\amxmodx\compiler\libpc300\Release64\libpc300.pdb source: DATOS.exe, 00000004.00000003.427407106.00000000042CD000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: U:\valve_main\GoldSrc\GameUI\Release\GameUI.pdb source: DATOS.exe, 00000004.00000003.427407106.000000000475E000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: U:\hl1_cldll\GoldSrc\filesystem\FileSystem_Stdio\Release_STEAM\FileSystem_Steam.pdbMZKERNEL32.DLLLoadLibraryAGetProcAddressUpackByDwing@PEL source: DATOS.exe, 00000004.00000003.427407106.00000000045C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: U:\main\GoldSrc\filesystem\FileSystem_Stdio\Release\FileSystem_Stdio.pdbMZ source: DATOS.exe, 00000004.00000003.427407106.00000000045A4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\amxmodx\dlls\csx\source\WinCSX\Release\WinCSX.pdb source: DATOS.exe, 00000004.00000003.429601239.0000000001FF0000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.431162957.0000000000660000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\amxmodx_base\1.76d\amxmodx\msvc\jitrelease\amxmodx_mm.pdb source: DATOS.exe, 00000004.00000003.427407106.00000000042CD000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: U:\valve_main\GoldSrc\GameUI\Release\GameUI.pdbMZ source: DATOS.exe, 00000004.00000003.427407106.000000000475E000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\amxmodx\dlls\engine\Release\engine.pdb source: DATOS.exe, 00000004.00000003.427407106.0000000004540000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: r:\amxmodx\dlls\fakemeta\Release\fakemeta.pdb source: DATOS.exe, 00000004.00000003.427407106.0000000004540000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00406010 push 0040603Ch; ret	1_2_00406034
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00403148 push eax; ret	1_2_00403184
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00411110 push ecx; mov dword ptr [esp], edx	1_2_00411115
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_004101C4 push 00410211h; ret	1_2_00410209
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00406270 push 0040629Ch; ret	1_2_00406294
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00410215 push 00410248h; ret	1_2_00410240
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_0041021C push 00410248h; ret	1_2_00410240
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00406238 push 00406264h; ret	1_2_0040625C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_0040C23B push 0040C688h; ret	1_2_0040C680
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_004062A8 push 004065ACh; ret	1_2_004065A4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_004162B4 push ecx; mov dword ptr [esp], edx	1_2_004162B6
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00411304 push ecx; mov dword ptr [esp], edx	1_2_00411309
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_004174E6 push 00417514h; ret	1_2_0041750C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_004174E8 push 00417514h; ret	1_2_0041750C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_0040C50C push 0040C688h; ret	1_2_0040C680
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00406580 push 004065ACh; ret	1_2_004065A4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00418678 push 004186A4h; ret	1_2_0041869C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00418604 push 00418637h; ret	1_2_0041862F
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_004186E8 push 00418714h; ret	1_2_0041870C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_0040C68A push 0040C6FBh; ret	1_2_0040C6F3
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_0040C68C push 0040C6FBh; ret	1_2_0040C6F3
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00412698 push ecx; mov dword ptr [esp], ecx	1_2_0041269D
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_004186B0 push 004186DCh; ret	1_2_004186D4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00418758 push 00418784h; ret	1_2_0041877C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00418720 push 0041874Ch; ret	1_2_00418744
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_004137D0 push ecx; mov dword ptr [esp], edx	1_2_004137D2
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00418790 push 004187BCh; ret	1_2_004187B4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_0040F826 push 0040F89Eh; ret	1_2_0040F896
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_0040F828 push 0040F89Eh; ret	1_2_0040F896
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_0040F8A0 push 0040F948h; ret	1_2_0040F940
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_0040F94A push 0040FA28h; ret	1_2_0040FA20

Source: AdminServer.dll.4.dr

Static PE information: section name: .Upack

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe

Code function: 15_2_00C4BF71 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

15_2_00C4BF71

Source: initial sample

Static PE information: section where entry point is pointing to: .rsrc

Source: initial sample

Static PE information: section name: .rsrc entropy: 7.9984085359935335

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Source: C:\Users\user\Desktop\0RzXzro3zx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\0RzXzro3zx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\0RzXzro3zx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\0RzXzro3zx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\0RzXzro3zx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\0RzXzro3zx.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regedit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe

Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\amxxpc32.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\gldrv\3dfxgl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\amxxpc64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\engine_amxx.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\csx_amxx.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\dlls\amxmodx_mm.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\AdminServer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\csdm_amxx.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\cstrike_amxx.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\a3dapi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\fakemeta_amxx.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe

Window / User API: threadDelayed 435

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe

API coverage: 2.1 %

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: 1_2_00405250 GetModuleHandleA,6C9C5550,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,	1_2_00405250
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	Code function: 4_2_00404771 __EH_prolog,FindFirstFileW,AreFileApisANSI,FindFirstFileA,	4_2_00404771
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Code function: 15_2_00CA15AE FindFirstFileA,GetLastError,	15_2_00CA15AE

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	API call chain: ExitProcess graph end node	graph_1-14022
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	API call chain: ExitProcess graph end node	graph_15-18746
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	API call chain: ExitProcess graph end node	graph_15-19206

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	File opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	File opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	File opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	File opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	File opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\csdm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	File opened: C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\csdm\extraconfigs	Jump to behavior

Source: DATOS.exe, 00000004.00000003.408551867.0000000003F80000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: }xskhgfsuy~
Source: DATOS.exe, 00000004.00000003.408551867.0000000003F80000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: uvmciehceehq\|

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe

Code function: 15_2_00C4BF71 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

15_2_00C4BF71

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Code function: 15_2_00C49AC8 SetUnhandledExceptionFilter,		15_2_00C49AC8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe	Code function: 15_2_00C49ADA SetUnhandledExceptionFilter,		15_2_00C49ADA

Source: C:\Users\user\Desktop\0RzXzro3zx.exe	Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c C:\Users\user\AppData\Local\Temp\bt1650.bat	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe DATOS.exe -y	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\regedit.exe regedit /s REG.reg	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe hl.exe -game cstrike	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,	1_2_00405428
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: GetLocaleInfoA,	1_2_0040A164
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: GetLocaleInfoA,	1_2_0040A118
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: GetLocaleInfoA,GetACP,	1_2_0040B5E0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	Code function: GetLocaleInfoA,	1_2_00405D34

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe

Code function: 1_2_00408BEC GetLocalTime,

1_2_00408BEC

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe

Code function: 15_2_00C43A23 GetLocalTime,GetSystemTime,GetTimeZoneInformation,

15_2_00C43A23

Source: C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe

Code function: 1_2_00418E94 MessageBoxA,GetVersionExA,CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,

1_2_00418E94

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Scripting	1 DLL Side-Loading	11 Process Injection	1 Modify Registry	2 Input Capture	2 System Time Discovery	Remote Services	2 Input Capture	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Process Injection	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	2 Clipboard Data	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Scripting	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	31 Obfuscated Files or Information	LSA Secrets	4 File and Directory Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	31 Software Packing	Cached Domain Credentials	24 System Information Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
0RzXzro3zx.exe	18%	ReversingLabs	Win32.Trojan.Generic
0RzXzro3zx.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\AdminServer.dll	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\Core.dll	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe	6%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\DemoPlayer.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\FileSystem_Stdio.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\FileSystem_Steam.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\a3dapi.dll	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\dlls\amxmodx_mm.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\csdm_amxx.dll	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\cstrike_amxx.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\csx_amxx.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\engine_amxx.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\fakemeta_amxx.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\amxxpc	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\amxxpc32.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\amxxpc64.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\compile.sh	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\dlsym	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\dlsym64	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\dbg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\gldrv\3dfxgl.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\AdminServer.dll	31%	ReversingLabs	Win32.Trojan.Generic

Unpacked PE Files

Source	Detection	Scanner	Label	Download
0.3.0RzXzro3zx.exe.2acc4cd.0.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
1.2.ZeroX.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1212821	Download File
1.0.ZeroX.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File

URLs

Source	Detection	Scanner	Label
http://www.metamod.org/	0%	Avira URL Cloud	safe
http://www.amxmodx.org/AMX	0%	Avira URL Cloud	safe
http://www.goldwave.comICRD	0%	Avira URL Cloud	safe
http://www.goldwave.comRIFFpdWAVEfmt	0%	Avira URL Cloud	safe
http://www.cs-conditionzero.com/	0%	Avira URL Cloud	safe
http://www.amxmodx.org	0%	Avira URL Cloud	safe
http://www.goldwave.comRIFFdOWAVEfmt	0%	Avira URL Cloud	safe
https://http://invalidCGameUI::StartProgressBar%s.dllCreateInterface	0%	Avira URL Cloud	safe
http://dayofdefeatmod.com/	0%	Avira URL Cloud	safe
http://www.amxmodx.orgAMX	0%	Avira URL Cloud	safe
http://www.amxmodx.org/	0%	Avira URL Cloud	safe
http://www.goldwave.comRIFF	0%	Avira URL Cloud	safe
http://www.abyssmedia.com	0%	Avira URL Cloud	safe

General Information

Joe Sandbox Version:	37.0.0 Beryl
Analysis ID:	824190
Start date and time:	2023-03-10 15:47:53 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	0RzXzro3zx.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original Sample Name:	FE3EBBDABA19C44BD448E3484D6E603A3830077B93AD355161C1A7F0218253FD
Detection:	MAL
Classification:	mal72.rans.evad.winEXE@12/1028@0/0
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 78% (good quality ratio 70.5%) Quality average: 80.4% Quality standard deviation: 31.6%
HCA Information:	Successful, ratio: 99% Number of executed functions: 108 Number of non-executed functions: 155

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
VT rate limit hit for: 0RzXzro3zx.exe

Joe Sandbox View / Context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\RarSFX0\Core.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	225280
Entropy (8bit):	6.3909962385560455
Encrypted:	false
SSDEEP:	3072:MkV43VUxdTBKO1qzyxGshNCf32FAGwnYc6i3uMxtkzqJYP+Fs7CBa99GfoFHv8a7:MLUxdTBKOyCBRGMx0s4dVw
MD5:	7E7684CFAA34DA55C038AC2C3225A8E6
SHA1:	D755172BB4D01734B836E91727D47CEDF6BC983A
SHA-256:	E773F3F3510958B659A3DDBF2C0F14CCEB7C2695A10A56A0E0F86A1C18D36499
SHA-512:	F54A6FD0D2DD5425357D68FC726A86DA89D3FC07798CB02E9C61179D17AF5A952CBDA052AD7B63F2689AFA3AF36ABF90803D124E9486C38F48A7B007525C8BE6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......UT...5...5...5..j)...5..~...5...)...5..~..j5..E....5..s*...5...5..L5..E....5.......5..Rich.5..................PE..L......@...........!.....`..........T........p..........................................................................K.......<....................................................................................p..<............................text...._.......`.................. ..`.rdata...&...p...0...p..............@..@.data....'..........................@....reloc..v&.......0...@..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe

Download File

Process:	C:\Users\user\Desktop\0RzXzro3zx.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	67588215
Entropy (8bit):	7.999961832167852
Encrypted:	true
SSDEEP:	1572864:GcSKN+YCKaRUsKQ5Pzf3j2t5VNFQyuwpBRijXzAlUj/JBE9MmK:GctNQWh+Pzf3Kt5V8qpBRkxBX
MD5:	E920233CFC72E6D7E8AEC9D0B52C0A28
SHA1:	6E02497F49206E9B366005EBB79523827EE4CEE1
SHA-256:	6FA871168A584CAAA774D04D7A2E3AC6A09F7DE5DD6E9FEC84033113AD66F895
SHA-512:	4A1071EB6BD33D9BF5C8884537D7187F9A5FB9A94B2A596BF1BD7DE2A8C0EE8498EAFE4048E317CA4B50D13E38DE6126EBE372A7758D1C1EB8355B9967445C48
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 6%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.n.............z...............z.......z.................].....#.......#..._..........Rich............PE..L.....fD............................6.............@..................................................................................`...............................................................................................................text............................... ..`.rdata...M.......N..................@..@.data....]..........................@....rsrc........`......................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\DemoPlayer.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	90112
Entropy (8bit):	5.517101408023906
Encrypted:	false
SSDEEP:	1536:2av+Dtur7ZgNwPRVUrT7DvzugDBUk2pMWos9ceZ:2a2xurd/UbSSWos9ceZ
MD5:	7EF5B581202CA32BD0A5BF7043CBE04F
SHA1:	035CCE2C746ED9B7B1B37998C39BB99F30AF3CAC
SHA-256:	860F2D369C46831584AA827FF10A49B563F72E596D13C2C11058C87B73D0BD7D
SHA-512:	2D5F088C1E23BD339C689E1127BCB3ECC1A247D822A2DABFC7F213DEB4032C6E69DCDB4F15AAE7B1277F27BF65ADE4C3E1F861478B7FC92B74557D94AC56CE94
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P}.................{.....{..}..v........Z..@?......<....Rich...................PE..L......?...........!.................]..................................................................................Q.......(....................................................................................................................text............................... ..`.rdata..A........ ..................@..@.data...H........@..................@....reloc........... ...@..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\FileSystem_Stdio.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	118873
Entropy (8bit):	6.082014360594021
Encrypted:	false
SSDEEP:	3072:29wJSJm/RbpKCYRmk1MikqU/UA/aoy1nK:CwJS0Rbpp8mkyIgR
MD5:	86A55B947A49117EA78C8D3B24B2BBED
SHA1:	60522A7A9AE8C05BE7790C5EFD75FAB4E8D63334
SHA-256:	E8E9C75A3B7A3D7D7B6B41E44F32C2841E8E40DD97B522707F9DC727EB86A13D
SHA-512:	92AABB1A4F5AEC1B945201E2DB18835EA775822E7B9F97D3E88EFC0EFFF9BFAD8DCBA217B25F8D9DCA7C271B3393FCFB84030AB84E945D8F7F415BCD506F0101
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M...M...M...6...I..."..N.......[..."....../..N...M..........H.......L...RichM...................PE..L....=.A...........!.....@..........2........P...................................................................... i..W...Xa..(...................................`Q...............................................P..`............................text...~:.......@.................. ..`.rdata..w....P... ...P..............@..@.data...<X...p...@...p..............@....reloc..$........ ..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\FileSystem_Steam.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	122980
Entropy (8bit):	6.1525573816561625
Encrypted:	false
SSDEEP:	3072:pmL6BOnpKYrB2tQKcwXgYvsCCKwICtYJJoVc:vOnpKOB2txcIPkChm2
MD5:	77B428F4FA33884E5AD85208FEB8A3C3
SHA1:	12862600D9DA93A3F3564145CD0FDB724E13F3EB
SHA-256:	3CC7D8F6DCF5F3C34C0544C3266F351441FD78C762C98872F5EB962A7B5549A8
SHA-512:	809A26D9711721B18CAD0691966D3E889076916EC03CD684DB6AEB127D4F61421780583AE4155FE9461300ED88126C76B57F4E24952C281E66E06AA9D00B8D00
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............u..u..u..i..u..j...u.Ui..u..j...u..j..u..u..u.,Q..u..V...u..V...u.)U..u.Rich.u.................PE..L....A...........!.....P..........3........`......................................................................P}..W....r..d....................................b...............................................`...............................text....H.......P.................. ..`.rdata.......`... ...`..............@..@.data...,\.......@..................@....reloc.."........ ..................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe

Download File

Process:	C:\Users\user\Desktop\0RzXzro3zx.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Category:	dropped
Size (bytes):	67702
Entropy (8bit):	7.624273460373664
Encrypted:	false
SSDEEP:	1536:BizipURMAjNK87HEi12LQs1mDXUEhVBTFxxnfc4a/xI4B9Fo:clRTfEifEmrVVBTFxlE4apZB9Fo
MD5:	990CB25406490C0A25467C53CE847E6F
SHA1:	F55625BFF53C9BD7C060215B56B8B6B0147446B0
SHA-256:	4DD422E997178A8E3251C847681E15859BBAED8804D163D399E46720CE69F83C
SHA-512:	2F14E24768BA9191BE8C989A4B4EDA46248585F23074C415E604962CA821414F49C7458EDA0F8FF13A4F29E67CCE2AA0EC63ED126C5A57D1D6DD9317FDD2307A
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................0....................@..............................................@..............................(........&..........................................................................................................UPX0....................................UPX1................................@....rsrc....0.......(..................@..............................................................................................................................................................................................................................................................................................................................................................................2.03.UPX!....

C:\Users\user\AppData\Local\Temp\RarSFX0\a3dapi.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	211456
Entropy (8bit):	6.414233247026857
Encrypted:	false
SSDEEP:	6144:5atuZySlWDRI0jcAwcwypEGmFPHrA/8/5mB:55yd3EcbpEGmFPVkB
MD5:	0B3F04A2757F5E43140AC81DB1AFDC42
SHA1:	57C666AEBB0FB59AC86DEAE9E6849E3268A05703
SHA-256:	F05B2EEB851B174EF2B39C4728687915648AE33780A65CDF7F0C7CE99E6A67AF
SHA-512:	1DF19CAC3B3CA5A45B50CEDDF3E7ECF60B8521C9B589D9C47219CE8D056D6D244516922627FD522818FD8383788924A6589BABA9F3984F749EBB992E4DE327B0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~S.F...F...F...F...G...@...F...Z...F..Rich.F..........................PE..L....8R6...........!....................................................................................................i.......x....p.......................... .......................................................X............................text.............................. ..`.rdata...:.......<..................@..@.data...........L..................@....rsrc........p......................@..@.reloc...'.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\BotCampaignProfile.db

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	12124
Entropy (8bit):	4.960370048324682
Encrypted:	false
SSDEEP:	192:ZoeHg+JMYE9L9bMS7PbR/s4jaBLHWcV0gH6T9g:Zowg+JMYgRbMS7b1s0qLHbbR
MD5:	0F3243BC82F9B1BB920889CE041BB34D
SHA1:	D119F9FE740BC62108D821B5AEDB3DD5DDAF56DC
SHA-256:	8C9D1421493AC6757364195B79E45E70E4FB2C44AFCB26C190E5EA1807AD1D58
SHA-512:	F14FD6EA841113DCB634E1209A5C22351DCCD53512F7072EAA62E29675D6DCE533B3687AE654149F480FE5E2CABB3756DADF5C249E8270C5368909D18538E31D
Malicious:	false
Preview:	//----------------------------------------------------------------------------..// BotCampaignProfile.db..// Author: Michael S. Booth, Turtle Rock Studios (www.turtlerockstudios.com)..//..// This database defines all of the bot "personalities" that are used..// in the CZ Campaign...//......//----------------------------------------------------------------------------..//..// All profiles begin with this data and overwrite their own..//..Default...Skill = 50...Aggression = 50...ReactionTime = 0.3...AttackDelay = 0...Teamwork = 75...WeaponPreference = none...Cost = 0...Difficulty = NORMAL...VoicePitch = 100...Skin = 0..End....//----------------------------------------------------------------------------..//..// These templates inherit from Default and override with their values..// The name of the template defines a type that is used by individual bot profiles..//....// weapon preference templates..Template Rifle...WeaponPreference = m4a1...WeaponPreference = ak47...WeaponPreference = fa

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\BotChatter.db

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	31794
Entropy (8bit):	4.9968353071676255
Encrypted:	false
SSDEEP:	768:vip+Z5inH1I2r3Xzj1rrCdf66gVG9RU7bKk7LcCbW/RGtGv8YW:vM+ZT2jP1rrCdrgVG9RU7bKk71bW/RG3
MD5:	AEE2696D4D88D010CD308CAE215AA319
SHA1:	C854024A9B147DAB97B03572931B0CD56448EF37
SHA-256:	D371BAFBB585DB3BDF25EED889095D66AF9159685437E3087448A050890DA302
SHA-512:	8B33C663458CD0F418614D1FA1C87C6879820D0A421B159DEB74D7B5363E15B051444E22E9877408C481A3C6D3623F2047C9DCE4DDAE7B68DDEDCACFCACAB7C3
Malicious:	false
Preview:	//----------------------------------------------------------------------------..// BotChatter.db..// Author: Michael S. Booth, Turtle Rock Studios (www.turtlerockstudios.com)..//..// This database defines "Places" (phrases that describe a location in the world)..// and "Chatter" (phrases used for everything else) the bots use to talk via their radio...// ..// Phrases (ie: either Place or Chatter) can contain any number of wav filenames that..// contain voice recordings saying something appropriate for that phrase's concept...// For instance, the Chatter entry for "Affirmative" contains several wav files saying..// things that mean "yes", such as "affirmative", "yes sir", "roger that", and so on...//..// Some phrases have a "Radio" line. This maps that phrase to a Standard Radio event and..// is used when the player has restricted the bots to only using Standard Radio messages...// In that case, that radio message will be played instead of the normal phrase...//..// The keyword "Importa

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\BotProfile.db

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	10588
Entropy (8bit):	5.032471627336045
Encrypted:	false
SSDEEP:	192:7jHeJM9YE9L9bP6hbkXmtznrFZ+xUNwE9h74b:7TeJM9YgRbP6h//k
MD5:	E5E0E5A1C81B9152E7193EDCDFD3302B
SHA1:	47DC3B09576FC9AD3F483B3E92F11DCDAAFAA42A
SHA-256:	B1EE270D717D7BEF6B2CD53E851CF1B558CD2ECDDE89A4E45267481183673FBA
SHA-512:	F164A45BCFAB0164D4D879DBD03AE1CB1CB3B2924D23C0B4129A647B95E82C8DB2073D17B5CC33E4CBAC1406D2648A069AA3776B23E7073C7F0AC5E10A7E33C0
Malicious:	false
Preview:	//----------------------------------------------------------------------------..// BotProfile.db..// Author: Michael S. Booth, Turtle Rock Studios (www.turtlerockstudios.com)..//..// This database defines bot "personalities". ..// Feel free to edit it and define your own bots...//......//----------------------------------------------------------------------------....//..// All profiles begin with this data and overwrite their own..//..Default...Skill = 50...Aggression = 50...ReactionTime = 0.3...AttackDelay = 0...Teamwork = 75...WeaponPreference = none...Cost = 0...Difficulty = NORMAL...VoicePitch = 100...Skin = 0..End....//----------------------------------------------------------------------------....//..// These templates inherit from Default and override with their values..// The name of the template defines a type that is used by individual bot profiles..//....// weapon preference templates..Template Rifle...WeaponPreference = m4a1...WeaponPreference = ak47...WeaponPreference = fa

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\clcmds.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	709
Entropy (8bit):	4.859527866382821
Encrypted:	false
SSDEEP:	12:8YRdb1N2WQKW2IQQZwzpGzjFJplz7EsxmtYmgmOF4L8yQuGaVobAJ1e2vrMmR/HI:8MZ1NzpGzJNdEFSFkP1e8MmRvI
MD5:	742BA9FB6B6DF4EDFE3CEB25C3FB06F9
SHA1:	47E2363904A09136040CFCADACA906A6D1658F24
SHA-256:	BE178D4DA5FC4A3063685B58F649C3998D8E5E9BB2CEB9CBAF413A54FE6F770F
SHA-512:	F251F331884C808FD4C0FA752D14B51E844414F360A9F47EEB7867A913A2C64CD67ADDF429C9C88D1F5F659DF44B2F49B61E47D4719B613BD3D9ECC9CFAD9A92
Malicious:	false
Preview:	; Menu configuration file..; Default File location: $moddir/addons/amxmodx/configs/clcmds.ini..; To use with Players Menu plugin....; NOTE: By default in all settings the access level is set to "u"...; However you can change that, to limit the access to some settings.....; Client Commands Menu: ; < description > < command > < flags > < access level >..; "a" - execute from server console..; "b" - execute from admin console..; "c" - execute on selected player..; "d" - back to menu when executed...."Kick player" .."amx_kick #%userid%".."b"."u".."Slay player" .."amx_slay #%userid%".."bd"."u".."Slap with 1 dmg." ."amx_slap #%userid% 1".."bd"."u".."Ban for 5 minutes" ."amx_ban #%userid% 5".."b"."u"..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\cmds.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	583
Entropy (8bit):	4.723126758251981
Encrypted:	false
SSDEEP:	12:8YRaLb1N2WauKWDlZwzpGzjF6z7EsxmtYmgmOF4PyQuGalk0Zp7fwS:8MK1mHzpGzydEFSFZlZuS
MD5:	4C9F53CBB3C7FFB87FA0DE7F7AE46316
SHA1:	8FBB0CA7EE80975193CB8A4C593580447C4904ED
SHA-256:	9511AB70D880E44C5A67F131060A0CC914F2F334386EC6DC7F9861C25B5FBDF0
SHA-512:	0A2EC3A32BD35751F22F5D4B804F1ED60F389CAD88B940B54BBD1B6B39DC3D5DA0004C796990418EB401E3926E43B4B21DA03BA6E3530C404ABB89138313C05A
Malicious:	false
Preview:	; Menu configuration file..; File location: $moddir/addons/amxmodx/configs/cmds.ini..; To use with Commands Menu plugin....; NOTE: By default in all settings the access level is set to "u"...; However you can change that, to limit the access to some settings.....; Commands Menu: ; < description > < command > < flags > < access level >..; "a" - execute from server console..; "b" - execute from admin console..; "c" - execute on all clients..; "d" - back to menu when executed...."Pause".."amx_pause".."ad"."u".." ".."-"...""."u".."Restart Round"."sv_restartround 1"."a"."u"..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\configs.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1082
Entropy (8bit):	4.898498544498652
Encrypted:	false
SSDEEP:	24:8MK1MzpGzXEFSFZzc4R150cr16pcjw14Izcr1dSpcjw1kZZcr1Cdcr1VL+TjcrS:83eF2ZzV10jp2MJpETawh
MD5:	6A2BAB982229F5CA90309C394AA1EF57
SHA1:	6B3940C615DF0FE11B35519D91DAF04E4CCE67CF
SHA-256:	6D89F383CCE5CCF139A05E83C93938587AFC02EE7459CB28BC097A8C7859ED72
SHA-512:	3A1D19C44368884FFDA6A9E042410220CB04857680B538C5B900AA245D5010470033FF2559D52447D501C8F9B3177AD95D1115A33263DD6D940C4185C6C74BD9
Malicious:	false
Preview:	; Menu configuration file..; File location: $moddir/addons/amxmodx/configs/configs.ini..; To use with Commands Menu plugin....; NOTE: By default in all settings the access level is set to "u"...; However you can change that, to limit the access to some settings.....; Commands Menu:..; < description > < command > < flags > < access level >..; "a" - execute from server console..; "b" - execute from admin console..; "c" - execute on all clients..; "d" - back to menu when executed....;"PUBLIC Settings"..."servercfgfile server.cfg;exec server.cfg"."a"."u"..;"Clanbase"...."exec clanbase.cfg;servercfgfile \'\'".."a"."u"..;"Clanbase Charges Only".."exec clanbase_co.cfg;servercfgfile \'\'"."a"."u"..;"Official CAL Match"..."exec cal.cfg;servercfgfile \'\'".."a"."u"..;"ProvingGrounds Server Config".."exec leagues/pg.cfg;servercfgfile \'\'"."a"."u"..;"OGL CS Server Config"..."exec ogl.cfg;servercfgfile \'\'".."a"."u"..;"OGL CS FF Server Config".."exec ogl_ff.cfg;servercfgfile \'\'".."a"."u".

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\conmotd.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	67
Entropy (8bit):	4.49804963783148
Encrypted:	false
SSDEEP:	3:wrzjRX4LzVcWLoYl8S4HLDK:azlXGzVb4rDK
MD5:	25F6AA3D8A860A7683ABA154A9DEC4B1
SHA1:	210AA5F36A062CAEAD2AEE3DAD5C005A095DD003
SHA-256:	8C76834BBB0DFB3D9F149A0DC8BD3232D9AAD76EC66971AE249FDE6B6D3C13EB
SHA-512:	6DA481456D7AAFB68F5F668F0DA897022B97F323F07B46AF515F992487D148ADD9810820E2595AF326D3BF9BCA22EC87C22048F695792158835201A09DC7892A
Malicious:	false
Preview:	For newest AMX Mod X and many plugins visit http://www.amxmodx.org/

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\core.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1237
Entropy (8bit):	4.835424741105572
Encrypted:	false
SSDEEP:	24:qWyzDc7m3M3AxrrfJD1omWj2B0odBqk5K8JC6Nwh5PMGan:XoDHM3yrrfdXB0odBZNwh5PMGa
MD5:	7B864E0A7FB4A9C54F20A5B3A1AA487D
SHA1:	FB9B605B58AFFB06EBB9473D96212DAD75D7D937
SHA-256:	B40BE241A9550016825E2CE5575CF3AA1930526852CD2FD45D5402199F8CD2A3
SHA-512:	C7F5978A56D1C84824492DD504A426CEF6BE08CC03F4F7846CC3637E046FAF18DECF9A87EFF3E566AA1CB18CD6B5005A88725F6746DD64D4A1273D82AB88D2E2
Malicious:	false
Preview:	; Configuration file for AMX Mod X..amxx_logdir.addons/amxmodx/logs..amxx_configsdir.addons/amxmodx/configs..amxx_datadir.addons/amxmodx/data..amxx_modules.addons/amxmodx/configs/modules.ini..amxx_plugins.addons/amxmodx/configs/plugins.ini..amxx_pluginsdir.addons/amxmodx/plugins..amxx_modulesdir.addons/amxmodx/modules..amxx_vault.addons/amxmodx/data/vault.ini..csstats_score.addons/amxmodx/data/csstats.amxx..csstats..addons/amxmodx/data/csstats.dat....; Logging mode..; 0 - no logging..; 1 - one logfile / day..; 2 - one logfile / map..; 3 - HL Logs..amxx_logging.1....; Binary logging level..; add these up to get what you want..; these only work with bin logging binaries..; 1 - default..; 2 - log internal string sets/gets..; 4 - log internal formats..; 8 - log all native params..; 16 - log internal function calls (only in debug mode)..; 32 - log line number accesses (only in debug mode)..bin_logging.49....; Maximum binary log size, in megs..max_binlog_size.20....; Plugin optimization

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\csdm\extraconfigs\readme.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	322
Entropy (8bit):	4.842624706060988
Encrypted:	false
SSDEEP:	6:FxmUX5KYv2NzI8WD58DP5fL3c7B+qRtzd6QWWidwKrGMKeY2wK8WD5wlic4rDnMr:F9deNzLWq1bcjcWAqeIWOEDn9C
MD5:	509AA1E87006D989B141FF0BCEF5FD2B
SHA1:	D1F1285BE871F96C54FBCAEC2A9169C7BBC52F27
SHA-256:	B9805FE5CB34FF84110C7A0951B4A499A4B99DDB197F27D639DCCC53CB54FAC5
SHA-512:	DE59BD374C00D7B5218F15BC6A3C4F9A7024318BEC3B4384CA58DB849EAFEB6F64E7A1FF8A77FC6868E080631D381190A61DCACF89852E8F78C01764DDE95FBB
Malicious:	false
Preview:	Put extra CSDM config file in here...You can then make per-map config files using AMX Mod X's map feature. ..For example, make a de_dust.cfg auto-execute file:....csdm_reload csdm\extraconfigs\itemmode.cfg....For more information on how to use per-map config files, see:..http://www.amxmodx.org/forums/viewtopic.php?t=7002

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\cvars.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	737
Entropy (8bit):	4.6336298663009945
Encrypted:	false
SSDEEP:	12:8YRaLb1N2WucKWD/3eryUbLphGXXeVOFaMiRH/IC2iLd2iCZVTVjw8R:8MK1ao0ZPhVOgMiRHwALNCZ9Vjw8R
MD5:	273A77622AA09AB94A27E4E4F3DFFA9F
SHA1:	3E285B87D074879B8951A0BC2BED4CB8D18DBE8D
SHA-256:	41F523CF9A489B4377C3F72DE442597F54962AAB409187C8D37A06ADD66AE8B3
SHA-512:	38DFA4B8EF38A27911CAF77D949A5181B6DCBAA4D65E2C7F270DA1133169169C892843E6B053B734C66AB12A75C2E85519AD883C77E8C1EF53D0495E405D1D8B
Malicious:	false
Preview:	; Menu configuration file..; File location: $moddir/addons/amxmodx/configs/cvars.ini..; To use with Commands Menu plugin....; Cvars Menu:..; < cvar > < values > ... < access level >...."mp_timelimit".."0" "30" "45".."u".."sv_password".."" "mypw" "clanwar"."u".."pausable".."0" "1"..."u".."sv_voiceenable"."0" "1"..."u".."mp_chattime".."0" "1" "3".."u".."mp_logmessages"."0" "1"..."u".."mp_friendlyfire"."0" "1"..."u".."mp_limitteams".."0" "1" "2".."u".."mp_autoteambalance"."0" "1" "2".."u".."mp_limitteams".."0" "1" "2".."u".."allow_spectators"."0" "1"..."u".."mp_freezetime".."0" "6"..."u".."mp_buytime".."1" "0.5".."u".."mp_startmoney".."800" "1800" "3600"."u".."mp_c4timer".."35" "45" "15".."u".."mp_forcechasecam"."0" "1" "2".."u"..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\maps.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	466
Entropy (8bit):	4.655480781057755
Encrypted:	false
SSDEEP:	12:4oBRaLb1N2WpKWZWVvSX13CLCC1SouAUD5K+uxbyUzd0L:DjK10V6F3TASo9GWxdW
MD5:	C921BF02947277DD97C35A04439D2C0E
SHA1:	1294A666E165148632FC1BC78724DE233A0E4527
SHA-256:	68AD730728E137B53BD385FC56ABE14766E406626D3EEC594859ED0B8AE651B5
SHA-512:	1E12E3A7CE0445A3E358E3D6BD527B3C7801798EC22E4B45F72DCB5F9507A1745F58F230DA0E63787465B621C2A062F4BD2F7B87A50DD2DBD7B5E1EBF76F3F2C
Malicious:	false
Preview:	; Maps configuration file..; File location: $moddir/addons/amxmodx/configs/maps.ini..; To use with Maps Menu plugin....; Add in your mod's maps here..; Delete this file to use mapcycle.txt....as_oilrig..cs_747..cs_assault..cs_backalley..cs_estate..cs_havana..cs_italy..cs_militia..cs_office..cs_siege..de_airstrip..de_aztec..de_cbble..de_chateau..de_dust..de_dust2..de_inferno..de_nuke..de_piranesi..de_prodigy..de_storm..de_survivor..de_torn..de_train..de_vertigo..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\modules.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2295
Entropy (8bit):	4.028374064423823
Encrypted:	false
SSDEEP:	48:cppPjwRSUbec5tjpeHhhPBm4qtPiNZ7ftYVQFv:WcbRpEvP4Btajj6V+v
MD5:	6F145CF3CF4434D933439D3D347CFF47
SHA1:	FDD3D94B95ABC9C3366E31004B0C4131BBDA7032
SHA-256:	D8258A60F195C496F89639FB1611447B32980262EAF2A679E54B0D633C7454D7
SHA-512:	0206A176F83F17CAB34E77EB09834A895526BD89A3D66BAF8552E474DC98CDFE27D139EEAD621BFB8A1D36C65C3AC78A0637A3B1F00C8B70DBD397A03CF9B6F7
Malicious:	false
Preview:	; AMX Mod X Modules..; You can specify both linux & win32 modules here..; To enable a module, remove the semi-colon from the line....; ------------------------------..; Fun - provides extra functions..; ------------------------------..fun_amxx_i386.so..fun_amxx.dll..fun_amxx_amd64.so....; ----------------------------------------------------..; Engine - provides engine functions core to Half-Life..; ----------------------------------------------------..;engine_amxx_i386.so..;engine_amxx.dll..;engine_amxx_amd64.so....; ----------------------------------------------------------..; Fakemeta - provides a massive interface into the HL engine..; ----------------------------------------------------------..;fakemeta_amxx_i386.so..;fakemeta_amxx.dll..;fakemeta_amxx_amd64.so....; -------------------------------------------..; Database Access - only enable one of these..; -------------------------------------------..; MySQL..;mysql_amxx_i386.so..;mysql_amxx.dll..;mysql_amxx_amd64.so..; PostgreSQL.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\plugins-csdm.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1103
Entropy (8bit):	4.691471715587045
Encrypted:	false
SSDEEP:	24:YxHEQyHi6rjzyAoiXisL7YVQmeG5OI2SQVB+V9/Uhpu2:EHpyC67y3iXisvYi7OOfSQVBY9qpb
MD5:	C5F74625449A3B09896B8170AC459D6E
SHA1:	00B41F4E7E07341FF0C0C33497BDF2FBFDE8CB82
SHA-256:	8BE05FE7DCE30F93984852F343DA17616C2AD5A9EF209E9CE536FCF994936C33
SHA-512:	AF11B3D02FD9F6E6C23F5DC5DEA8FD89D2C5079E4FF82C224FB010DABC55C5BE0B792876CA4EAD7E0BBB84532A49B82BB3E879A55D8B3D332EA1D0FDB8C2F37B
Malicious:	false
Preview:	;rename this file to disabled-csdm.ini to turn it off...;rename it back to plugins-csdm.ini to turn it on.....;put a semi-colon in front of a plugin to disable it...;add the word debug after a plugin to place it in debug mode..; for example: csdm_main.amxx debug..;remove a semi-colon to re-enable a plugin......;Main plugin, required for most cases..csdm_main.amxx....;Weapons and equipment menus..csdm_equip.amxx....;Enables preset spawning and the preset spawning editor..;Map config files are located in configs/csdm..csdm_spawn_preset.amxx..spawn_editor.amxx....;Miscellanious extra features, such as ammo refills..; and objective removals..csdm_misc.amxx....;Spawn protection..csdm_protection.amxx....;Adds free-for-all mode (must be enabled in csdm.cfg too)..csdm_ffa.amxx....;Round ticketing mode, like FireArms. First team to use all..; of their death points loses the ability to respawn...; (must be enabled in csdm.cfg too)..;csdm_tickets.amxx....;Item mode (from CSDM1)..;Must be enabled

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\plugins.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1539
Entropy (8bit):	4.740063663287537
Encrypted:	false
SSDEEP:	24:8Q0p2NtC0y6noill5Vzp93cdlaXmgHavg+J2JarSN3E/x3NIh1HiMy:UM//t7ZWgHy0E/x9Ig
MD5:	179DB4D6DE3C29F7B5923D8108F97E55
SHA1:	AA3305E45727DF77E1FDE492BE77CD3E9BD50BC4
SHA-256:	EF077B3354DFA5C96232FD0CEF53739E3B983D64A4311D89F3C69AE8F5F7D2D7
SHA-512:	B6A64666B02CA0FBF6FF459AC710854F831EA9FEFD217FA7B5185CA0FEBDBD74E14B5C2427646EEA440C830EFF1243C1DD433BA4D336894D3AC6223535744CDD
Malicious:	false
Preview:	; AMX Mod X plugins....; Admin Base - Always one has to be activated..admin.amxx..; admin base (required for any admin-related)..;admin_sql.amxx..; admin base - SQL version (comment admin.amxx)....; Basic..admincmd.amxx..; basic admin console commands..adminhelp.amxx..; help command for admin console commands..adminslots.amxx..; slot reservation..multilingual.amxx.; Multi-Lingual management....; Menus..menufront.amxx..; front-end for admin menus..cmdmenu.amxx..; command menu (speech, settings)..plmenu.amxx..; players menu (kick, ban, client cmds.)..;telemenu.amxx..; teleport menu (Fun Module required!)..mapsmenu.amxx..; maps menu (vote, changelevel)....; Chat / Messages..adminchat.amxx..; console chat commands..antiflood.amxx..; prevent clients from chat-flooding the server..scrollmsg.amxx..; displays a scrolling message..imessage.amxx..; displays information messages..adminvote.amxx..; vote commands....; Map related..nextmap.amxx..; displays next map in mapcycle..mapchooser.amxx..; al

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\speech.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1629
Entropy (8bit):	4.884298441503258
Encrypted:	false
SSDEEP:	24:8MK1BzzpGzydEFSFZ1h6+qB1pcO2hHfmn5y3vvtfk/v:83BOF2Z1hhqB1Z2df9XtfkH
MD5:	4DB2A12A817415DF9E812FDFFF37B88D
SHA1:	2D1CBCBE5CA13CEC2232DC656CE68167E9D547A1
SHA-256:	E2AB05A331BD02BD8DA42F9F3DC79DFF9721140721DB519B64B60A6FCFD0AA99
SHA-512:	C358DEAF23689C0DE127863B64E97B668E2C1F8CB6A8A9981A3C395006F41E80E77D33953BBCA55F07E5D66E5F2ACB395272F0AD6482D5D33C600B7FBB0A02AF
Malicious:	false
Preview:	; Menu configuration file..; File location: $moddir/addons/amxmodx/configs/speech.ini..; To use with Commands Menu plugin....; NOTE: By default in all settings the access level is set to "u"...; However you can change that, to limit the access to some settings.....; Commands Menu: ; < description > < command > < flags > < access level >..; "a" - execute from server console..; "b" - execute from admin console..; "c" - execute on all clients..; "d" - back to menu when executed ...."Hello!"..."spk \'vox/hello\'"..."cd"."u".."Don't think so".."spk \'barney/dontguess\'".."cd"."u".."Don't ask me"..."spk \'barney/dontaskme\'".."cd"."u".."Hey! Stop that!".."spk \'barney/donthurtem\'".."cd"."u".."Yup"...."spk \'barney/yup\'"..."cd"."u".."Nope"...."spk \'barney/nope\'"..."cd"."u".."Maybe"...."spk \'barney/maybe\'"..."cd"."u".."Seeya"...."spk \'barney/seeya\'"..."cd"."u".."Man that sounded bad".."spk \'barney/soundsbad\'".."cd"."u".."Hello and die"..."spk \'vox/hello and die\'".."cd"."u".."

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\sql.cfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	356
Entropy (8bit):	4.9888233874685195
Encrypted:	false
SSDEEP:	6:jFDQIRKvcbLBX9KTWff0FAz0kGIN602bUTjh+BQq07mcgNXKJsDABLzH:jFNR7b1N2W30FLk97+WdmNXKO8BvH
MD5:	EFE5E4316CD6D4C8AC59A33D68E0BA73
SHA1:	38266FACE6DFCE2CA3BB1EBB4A041F33DEF8C869
SHA-256:	41B825A65D70C571BE8BFAAF76CF012518E803158E21859C5243BC263C8C4E14
SHA-512:	579D21D8FFBCCDF17310BE69153BE1CF3B80E24BA320237D810B401F7B494E9FADEC647248BFE649FCC46AC2A85901DA9ACA9F5142D00339E74736D1FD5E9906
Malicious:	false
Preview:	// SQL configuration file..// File location: $moddir/addons/amxmodx/configs/sql.cfg....// NOTE Linux users may encounter problems if they specify "localhost" instead of "127.0.0.1"..// We recommend using your server IP address instead of its name....amx_sql_host."127.0.0.1"..amx_sql_user."root"..amx_sql_pass.""..amx_sql_db."amx"..amx_sql_table."admins"

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\stats.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	371
Entropy (8bit):	4.129659488129519
Encrypted:	false
SSDEEP:	6:p+MxBn2eL+MexRWAGs3HGZoz8kQ9zXtcFcxOL/CNq/kQ9K:pfB7zuWAbH2ou9INL/D9K
MD5:	AA489042C281424A401A13A855597115
SHA1:	8C553D36A716CB0A602AF8CB1A1C97AEB2D59192
SHA-256:	F09AC2796E3FD28F6538E247E1295E1C3E4B08E25DB27B1B95B54A499BC2000D
SHA-512:	5AC06EE5BC6AA726D0BC5D947A85C9223D2923209546FA0575AA0A2DD848DE871ED5FDF8B15E812994FC39C7F2B0EACF2C812972014382581811E7E3211CBA59
Malicious:	false
Preview:	;Generated by Stats Configuration Plugin. Do not modify!..;Variable Description..ShowAttackers ;Show Attackers..ShowVictims ;Show Victims..ShowStats ;HUD-stats default..SayRankStats ;Say /rankstats..SayRank ;Say /rank..SayTop15 ;Say /top15..ShowStats ;HUD-stats default..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\users.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1579
Entropy (8bit):	4.8782227837421175
Encrypted:	false
SSDEEP:	48:J+Pn/SnztRk2LjEE+3u/bqYHL9dGYy0lTdjTMTATO:JcnanB5H/+3u/bqy690BdvcQO
MD5:	CF16051DC9D19D1948C3307B3A4F9368
SHA1:	B551FBD1910E336C27CDBD7D94BA7FF63D498EB6
SHA-256:	105A657CD322924219DDC2DD0A9E49D426BFA616676D7E5955662E1B2C514C14
SHA-512:	8793A2F0C0A5FD4F246C4DD2BAEAE3F84BFC3A5F81AFBEFB4CDC59FD174D697A7750C10B289BF5410C603D172DF9DDB94BC0FD5D45D8AF93B3AF2739952EF13D
Malicious:	false
Preview:	; Users configuration file..; File location: $moddir/addons/amxmodx/configs/users.ini....; Line starting with ; is a comment....; Access flags:..; a - immunity (can't be kicked/baned/slayed/slaped and affected by other commmands)..; b - reservation (can join on reserved slots)..; c - amx_kick command..; d - amx_ban and amx_unban commands..; e - amx_slay and amx_slap commands..; f - amx_map command..; g - amx_cvar command (not all cvars will be available)..; h - amx_cfg command..; i - amx_chat and other chat commands..; j - amx_vote and other vote commands..; k - access to sv_password cvar (by amx_cvar command)..; l - access to amx_rcon command and rcon_password cvar (by amx_cvar command)..; m - custom level A (for additional plugins)..; n - custom level B..; o - custom level C..; p - custom level D..; q - custom level E..; r - custom level F..; s - custom level G..; t - custom level H..; u - menu access..; z - user (no admin)....; Account flags:..; a - disconnect player on invalid pass

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\GeoIP.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	937228
Entropy (8bit):	5.35365046512059
Encrypted:	false
SSDEEP:	24576:7X6BewE3vkUHKja7kdFOTgpShxq78slunHdY3R5GANH:IeH/kUHKuoGZI78sQnHdY3XJNH
MD5:	FB227E6A9666D329F32557C26AA9F360
SHA1:	A835F69A8FF180BAD8DE15D1519C2D76339756C4
SHA-256:	83E4687D206586F047435E6D32934E85BACA292E58A8201FB5819AB1B3AC3C0C
SHA-512:	66053A2752BF51D15630F7EC0FC6A4A3E0698A15C74CEB81941700F416716EA6A1755A41CBF2DC8481E9A70D3C175A6ECE2536880772589F9E0FC559997E4810
Malicious:	false
Preview:	...i.....:.......................................................................................................................v.....~...................................M...........,.. ..%..!..#.."..............$........&..)..'..(...........o..*..+..-........&..-..3.....1../..0...........M..2........8..4..7..5..6........5..x..8..9..............;..Y..<..J..=..D..>..A..?..@..w../.....m..B..C...........S..E..H..F..G..`...........I...........K..R..L..O..M..N.....c.....U..P..Q.....2........S..V..T..U..;...........W..X..,..4..<..D..Z..^.....[.....\.....].....Q.._..b..`.....a.....Y.....c..f..d..e.....a........g..h.....R..o.....j.....k.....l..{..m..t..n..q..o..p........v.....r..s.....o........u..x..v..w...........'..y..z..............\|.....}.....~.....3.................N........s....................G..f...........E....._.......................... .....E..............d....."....................0..w.............................................................................. ..!.."........#..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\csstats.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	2.992972325634426
Encrypted:	false
SSDEEP:	3:TlBAQAJNg/A6EqWB/n/AlllFvl/HdlKlYltTlutbfkxllui1ll/llhlTlts/EtMR:TkQAJNV//A/HKlI/uKZuullr2EtA
MD5:	228ACC2C98FCBB656C78D3C9421B962D
SHA1:	ABCD1CE7706E556D3BABDF3A722D3137AC94D042
SHA-256:	F9EFE44F4E1CAF2251B3F849BCF40F814E8A0D8F87C0610A845AF144A2101ABF
SHA-512:	31A31277783A2AE01AF048D15C8D7BB11C2D66C6DC3E0D3129F329AEBA6AE3C79CF36EDFEA964583B523AE4DDF18A91EC81ED2D3592BAEF83605551456241502
Malicious:	false
Preview:	....decayed.cell...VALVE_ID_LOOPBACK.....c3..%...Z...........&.......................4...>...9...s..."...'...5.........Tom...BOT.........r...=...R.......X.............................../.........................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\admin.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	7925
Entropy (8bit):	5.269694640064071
Encrypted:	false
SSDEEP:	192:BOF5FngsNjS8kZK/HbphSy5V4+34lhjX4LOg:8FvnxFkOHHKng
MD5:	56D0523294615AAA67925FB94CAD0B86
SHA1:	CA3E3825EF1CE9DD86E95667DE9DD523F59ACD58
SHA-256:	4688D31A96BDE84EE2DED9DF8197DC54617EA7907B9EABF1C53A3EE28864DBFB
SHA-512:	4B102B5D0AA6EF11B37FBFF72EC9C0C20233126755E7C2ABA92D100CE895529A7DCB4B23C2E5116191C10F71DDD5853421DDDA2E77B8F1D65800058A39BE37CF
Malicious:	false
Preview:	[en]..LOADED_ADMIN = Loaded 1 admin from file..LOADED_ADMINS = Loaded %d admins from file..SQL_CANT_CON = SQL error: can't connect: '%s'..SQL_CANT_LOAD_ADMINS = SQL error: can't load admins: '%s'..NO_ADMINS = No admins found...SQL_LOADED_ADMIN = Loaded 1 admin from database..SQL_LOADED_ADMINS = Loaded %d admins from database..INV_PAS = Invalid Password!..PAS_ACC = Password accepted..PRIV_SET = Privileges set..NO_ENTRY = You have no entry to the server.......[de]..LOADED_ADMIN = 1 Admin aus der Datei geladen..LOADED_ADMINS = %d Admins aus der Datei geladen..SQL_CANT_CON = SQL Error: Kann keine Verbindung herstellen: '%s'..SQL_CANT_LOAD_ADMINS = SQL Error: Kann keine Admins laden: '%s'..NO_ADMINS = Keine Admins gefunden...SQL_LOADED_ADMIN = 1 Admin aus der Datenbank geladen..SQL_LOADED_ADMINS = %d Admins aus der Datenbank geladen..INV_PAS = Passwort falsch!..PAS_ACC = Passwort akzeptiert..PRIV_SET = Rechte gesetzt..NO_ENTRY = Du hast keinen Zugang zu diesem Server.......[sr]..LOADED_ADMI

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\adminchat.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	3586
Entropy (8bit):	5.085329229409067
Encrypted:	false
SSDEEP:	96:rOSFzDtrOS7KOea7OWIrYOhqODyOOr10OsRO1TevOSn+lcOFq+ODxtOKx7b0XOkC:ySFzDAS71erWIrPhVDy5r17sM1Te2Sn5
MD5:	721DBEAD735489145E8AE2A8AC189416
SHA1:	4EE5A71FAD7C4A39F6E416D6DA979204C74C312C
SHA-256:	3FD875F9B4032C73516F465A0313C663D7DF152C785DA4419A80E9875FE2A23F
SHA-512:	63094C99A10C6A61F6C15F50316E3F68FC32DC1C53A98A3884189068EB6837A67573CC6B361EB566B857CAADDA7A925BC89E6ED2BF32EF7083C1E731651F9552
Malicious:	false
Preview:	[en]..COL_WHITE = white..COL_RED = red..COL_GREEN = green..COL_BLUE = blue..COL_YELLOW = yellow..COL_MAGENTA = magenta..COL_CYAN = cyan..COL_ORANGE = orange..COL_OCEAN = ocean..COL_MAROON = maroon..PRINT_ALL = (ALL) %s : %s....[de]..COL_WHITE = weiss..COL_RED = rot..COL_GREEN = gruen..COL_BLUE = blau..COL_YELLOW = gelb..COL_MAGENTA = magenta-rot..COL_CYAN = cyan-blau..COL_ORANGE = orange..COL_OCEAN = ozean-blau..COL_MAROON = braun..PRINT_ALL = (ALLES) %s : %s....[sr]..COL_WHITE = bela..COL_RED = crvena..COL_GREEN = zelena..COL_BLUE = plava..COL_YELLOW = zuta..COL_MAGENTA = ljubicasta..COL_CYAN = tirkizna..COL_ORANGE = narandzasta..COL_OCEAN = okean..COL_MAROON = modra..PRINT_ALL = (SVE) %s : %s....[tr]..COL_WHITE = beyaz..COL_RED = kirmizi..COL_GREEN = yesil..COL_BLUE = mavi..COL_YELLOW = sari..COL_MAGENTA = magenta..COL_CYAN = cian..COL_ORANGE = turuncu..COL_OCEAN = deniz..COL_MAROON = kahverengi..PRINT_ALL = (HEPSI) %s : %s....[fr]..COL_WHITE = blanc..COL_RED = rouge..COL_GREEN = v

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\admincmd.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	36679
Entropy (8bit):	5.3313790589950845
Encrypted:	false
SSDEEP:	768:CpR+F9C4ZhKctMMdIBbPSLe2rBnBjImEPzadrFsBguytM5fWeB78fClR/9L+1vkX:eRG3ZpdIAe29B7EOlcguytSWef/Y1vkX
MD5:	3269F55E551A9547965EB8E096F6A422
SHA1:	A96FC8F74B70E226F52DF51AB9351363F9618E06
SHA-256:	1BECC9FF48A67444D9E4989C1231D35329E1FAA1BEAB19BCDD689A78FC560C55
SHA-512:	099918B0A7A9CCB09A7FE1ABBF3E6D22D8602395DC5A8A91AAAB3EDBBB6DC3107BBAB5E48381E48F3490FF9B598F18ACDAEBA3C7DC3ADC784D411BB1EE7E9F26
Malicious:	false
Preview:	[en]..ADMIN_KICK_1 = ADMIN: kick %s..ADMIN_KICK_2 = ADMIN %s: kick %s..IP_REMOVED = Ip "%s" removed from ban list..AUTHID_REMOVED = Authid "%s" removed from ban list..ADMIN_UNBAN_1 = ADMIN: unban %s..ADMIN_UNBAN_2 = ADMIN %s: unban %s..ADMIN_ADDBAN_1 = ADMIN: ban %s..ADMIN_ADDBAN_2 = ADMIN %s: ban %s..BANNED = banned..FOR_MIN = for %s min..PERM = permanently..CLIENT_BANNED = Client "%s" banned..ADMIN_SLAY_1 = ADMIN: slay %s..ADMIN_SLAY_2 = ADMIN %s: slay %s..CLIENT_SLAYED = Client "%s" slayed..ADMIN_SLAP_1 = ADMIN: slap %s with %d damage..ADMIN_SLAP_2 = ADMIN %s: slap %s with %d damage..CLIENT_SLAPED = Client "%s" slaped with %d damage..MAP_NOT_FOUND = Map with that name not found or map is invalid..ADMIN_MAP_1 = ADMIN: changelevel %s..ADMIN_MAP_2 = ADMIN %s: changelevel %s..NO_MORE_CVARS = Can't add more cvars for rcon access!..UNKNOWN_CVAR = Unknown cvar: %s..CVAR_NO_ACC = You have no access to that cvar..CVAR_IS = Cvar "%s" is "%s"..PROTECTED = PROTECTED..SET_CVAR_TO = %s set cvar %

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\adminhelp.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	5714
Entropy (8bit):	5.3344573074746515
Encrypted:	false
SSDEEP:	96:DJbF5y3pMG7gYISsC7GjshPdeJB6kr73WhLA+RVh9HURmiSJq74JoFYJgZQmQDR4:WMTYIVGTkrL8h0RJ4mQDilXCQ
MD5:	667A957C604CAE3CA63AA8E99DA19701
SHA1:	8B443B003D1D111AD40B3D01EB4B337B73737644
SHA-256:	54008D6D34D1B0D475C56322F9B1CA1F95625B46A87C92676D0C5CDF8F83F59F
SHA-512:	D35190B18F70AC353934ADEBEAB3C9B7B9F3CD48887AA3939DB06BC57E78E5E48D22B7965FB2412C3906D978CAE13167238FD6D5CE6073DD8EE7C3F59B1415DE
Malicious:	false
Preview:	[en]..HELP_COMS = AMX Mod X Help: Commands..HELP_ENTRIES = Entries %d - %d of %d..HELP_USE_MORE = Use 'amx_help %d' for more..HELP_USE_BEGIN = Use 'amx_help 1' for begin..TYPE_HELP = Type 'amx_help' in the console to see available commands..TIME_INFO_1 = Time Left: %d:%02d min. Next Map: %s..TIME_INFO_2 = No Time Limit. Next Map: %s....[de]..HELP_COMS = AMX Mod X Help: Befehle..HELP_ENTRIES = Eintraege %d - %d von %d..HELP_USE_MORE = Nutze 'amx_help %d' fuer die naechste Seite..HELP_USE_BEGIN = Nutze 'amx_help 1' um zum Anfang zu gelangen..TYPE_HELP = Schreibe 'amx_help' in die Konsole um die verfuegbaren Befehle zu sehen...TIME_INFO_1 = Verbleibende Zeit: %d:%02d Minuten, naechste Map: %s..TIME_INFO_2 = Kein Zeitlimit. Naechste Map ist: %s....[sr]..HELP_COMS = AMX Mod X Pomoc: Komande..HELP_ENTRIES = Vrednosti %d - %d od %d..HELP_USE_MORE = Koristi 'amx_help %d' za jos komandi..HELP_USE_BEGIN = Koristi 'amx_help 1' za pocetak..TYPE_HELP = Ukucajte 'amx_help' u konzoli da bi ste videli

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\adminslots.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	933
Entropy (8bit):	4.9010141297128085
Encrypted:	false
SSDEEP:	12:OUlaqZx1Hq2jUdN0qncwKAHQSlArs3gTAJXvPiKj1qhPMqnJeY/yLWE5:O4aqM24dzcwKsQSb3gMJ/qKJqhL/yLx
MD5:	5C60E760A2A30B3FA4C30B6EF859BF2D
SHA1:	879B76A91E45077D05C35060A6C26F841E2498FA
SHA-256:	5E3746C20B8834EAD64C3C952135D9235256221C48514E2D7326E40975D4BFA0
SHA-512:	B66E7745DEA5A77C62DB6DCA6BB1CB4C976754CA8E9FBE0B997EDA98AA76AD39767E7055C93093B9992E16CAC455AF694E81A7FBFA6B49D30A780962E9845836
Malicious:	false
Preview:	[en]..DROPPED_RES = Dropped due to slot reservation....[de]..DROPPED_RES = Sorry, dieser Slot ist reserviert.....[sr]..DROPPED_RES = Server je pun, nemate pristup rezervisanim mestima....[tr]..DROPPED_RES = Reservasyon nedeniyle atildiniz....[fr]..DROPPED_RES = Desole, un admin vient de prendre sa place reservee, tu as ete ejecte du serveur.....[sv]..DROPPED_RES = Nerkopplad pga platsreservation....[da]..DROPPED_RES = Frakoblet pga. plads reservation....[pl]..DROPPED_RES = Wyrzucony z powodu rezerwacji slotow....[bp]..DROPPED_RES = Desconectado pois o slot esta reservado....[nl]..DROPPED_RES = Sorry, deze plaats is gereserveerd....[es]..DROPPED_RES = Desconectado por reserva de plazas....[cz]..DROPPED_RES = Vyhozen, slot je rezervovan....[fi]..DROPPED_RES = Pudotettiin palvelimelta slotvarauksen takia (adminslot)....[ls]..DROPPED_RES = j00 r n0t l33t 3uff, s0z....[bg]..DROPPED_RES = Izklu4en poneje mqstoto e rezervirano

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\adminvote.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	20149
Entropy (8bit):	5.382649698586507
Encrypted:	false
SSDEEP:	384:Z0RvLtUr08qhSxa22Pd52HO+2GoAVEq+lATG0VKzvhOxEiUpHQ/9dnR+P1DU:WtG8As2g32ONiTxKzZOxEJpHQ/9dnIPi
MD5:	9A7AD0500368FF973DFF041B831503AA
SHA1:	29EB923D71E8501E977B6820F5753A3E87309656
SHA-256:	2EC502324C9C1FA0C103D35E1DC4A16B64BB18C6BB64F539344E3576611861C2
SHA-512:	417101AB8B320AFA5C3306CEDB186953A1F96B96687755B52AA5697A78440299306E4AF78666E06FA4F42B892DA4535035AFB483EAC85F36068D1831BD26F6E4
Malicious:	false
Preview:	[en]..ADMIN_CANC_VOTE_1 = %s: cancel vote..ADMIN_CANC_VOTE_2 = %s %s: cancel vote..VOTING_CANC = Voting canceled..NO_VOTE_CANC = There is no voting to cancel or the vote session can't be canceled with that command..RES_REF = Result refused..RES_ACCEPTED = Result accepted..VOTING_FAILED = Voting failed..VOTING_RES_1 = %s (yes "%d") (no "%d") (needed "%d")..VOTING_RES_2 = %s (got "%d") (needed "%d")..VOTING_SUCCESS = Voting successful..VOTING_RES_3 = %s (got "%d") (needed "%d"). The result: %s..THE_RESULT = The result..WANT_CONTINUE = Do you want to continue?..VOTED_FOR = %s voted for..VOTED_AGAINST = %s voted against..VOTED_FOR_OPT = %s voted for option #%d..ALREADY_VOTING = There is already one voting.....VOTING_NOT_ALLOW = Voting not allowed at this time..GIVEN_NOT_VALID = Given %s not valid..MAP_IS = map is..MAPS_ARE = maps are..CHOOSE_MAP = Choose map..ADMIN_VOTE_MAP_1 = %s: vote map(s)..ADMIN_VOTE_MAP_2 = %s %s: vote map(s)..VOTING_STARTED = Voting has started.....VOTING_FORBIDDEN

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\antiflood.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	778
Entropy (8bit):	4.92704371955296
Encrypted:	false
SSDEEP:	6:B9AuOqRMQEg6uULmTyGZsKlXa2TLwU3KbFLRxmcGHnTK7XLcs2PaakdxO6g363vm:XZRTiuPO2a24UGRxwsgaaWvPzYKD2e4
MD5:	C7BF91178B19A7063EBFDCD8DE7059FA
SHA1:	25CC159A021561554D61735B450B5899069E7E79
SHA-256:	9FA48E96A7BCA4A61CBB69C8886B9EFC1380D4F74250C77D54F737420A3CE399
SHA-512:	0B1A74008E429D8248301B52F8FD5C8625553EBF4A55FB57BDE68493B0D864F692B3CFDC58E2D3A10BDE99A3DC2F41CEC43E2E7E146D41C9AF745A5C24936392
Malicious:	false
Preview:	[en]..STOP_FLOOD = Stop flooding the server!....[de]..STOP_FLOOD = Bitte nicht zu viele Eingaben auf einmal!....[sr]..STOP_FLOOD = Prestani da opterecujes server porukama!....[tr]..STOP_FLOOD = Serveri yazi ile doldurmayin!....[fr]..STOP_FLOOD = Arrete de flooder le serveur!....[sv]..STOP_FLOOD = Sluta flooda servern!....[da]..STOP_FLOOD = Stop med at oversvoemme serveren!....[pl]..STOP_FLOOD = Przestan zapychac serwer!....[nl]..STOP_FLOOD = Stop met de server vol te spammen!....[es]..STOP_FLOOD = Para de saturar el servidor!....[bp]..STOP_FLOOD = Parem com o flood no servidor!....[cz]..STOP_FLOOD = Prestan floodovat!....[fi]..STOP_FLOOD = Lopeta floodiminen!....[ls]..STOP_FLOOD = nu m0\|2 fl00d, \|<? DDoS !$ 4 cr\|m3....[bg]..STOP_FLOOD = Sprete da pretovarvate servara!

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\cmdmenu.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	1349
Entropy (8bit):	4.943342090835984
Encrypted:	false
SSDEEP:	24:eD0kMt+okCOqsBDKkHRZ1FT/hydvzT84vz10WWcDHll1136Ym:CfE565/bFjUzYIzFZfV1m
MD5:	EFAD361944B30336C953C409FA5DD210
SHA1:	0AFFF83123B588B23418FF7ED1679BF4540C38E8
SHA-256:	2C360A1E67E376B0850BCAB89A6A46553BE063E2D7BA10885B934978370F8769
SHA-512:	11082F9AEB0C55A9A70938AEE24AC2F277D89B33701473C4AF101DA0E89E987F064CD842365774499846F731FAF71A4065E6186DF7527A4CC1FE733923ABA771
Malicious:	false
Preview:	[en]..CMD_MENU = Commands Menu..CONF_MENU = Configs Menu..SPE_MENU = Speech Menu....[de]..CMD_MENU = Menu > Befehle..CONF_MENU = Menu > Konfiguration..SPE_MENU = Menu > Sprechen....[sr]..CMD_MENU = Komandne..CONF_MENU = Podesavanja..SPE_MENU = Govorne Komande....[tr]..CMD_MENU = Emir Menusu..CONF_MENU = Configler Menusu..SPE_MENU = Konusma Menusu....[fr]..CMD_MENU = Menu Commandes..CONF_MENU = Menu Configurations..SPE_MENU = Menu Voix/Paroles....[sv]..CMD_MENU = Kommandomeny..CONF_MENU = Konfigurationsmeny..SPE_MENU = Talmeny....[da]..CMD_MENU = Kommando Menu..CONF_MENU = Konfigurations Menu..SPE_MENU = Tale Menu....[pl]..CMD_MENU = Menu komend..CONF_MENU = Menu konfiguracji..SPE_MENU = Menu rozmowy....[nl]..CMD_MENU = Commandomenu..CONF_MENU = Configuratiemenu..SPE_MENU = Spraakmenu....[es]..CMD_MENU = Menu de Comandos..CONF_MENU = Menu de Configuracion..SPE_MENU = Menu de Voz....[bp]..CMD_MENU = Menu de Comandos..CONF_MENU = Menu de Configs..SPE_MENU = Menu de Vozes....[cz]..CMD_MENU

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\common.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	8469
Entropy (8bit):	5.256746991772161
Encrypted:	false
SSDEEP:	192:24ABlYa63FkD2zcv5UKcWfCvExT19EeIu:Psm1YRN9Wyku
MD5:	4D5B408BFF28F92CE7C39766E4CEF428
SHA1:	18C495EB61EBB346062A92B3C75C7C1F2E569384
SHA-256:	58FC81E2506ABF4573847E5870C9439F6D96CCA0127BF7B43769464306CFA7CE
SHA-512:	5CFEBB1DCDB6246CC0EFF04061E7A13D33017E5EC3BA2D0CB045327A726AA38E7372600DA1F50DBF33823CAEBCEDA06DB06F499585ED70537844366BE3351F4A
Malicious:	false
Preview:	[en]..BACK = Back..EXIT = Exit..MORE = More..NONE = None..ADMIN = ADMIN..PLAYER = PLAYER..ERROR = error..YES = Yes..NO = No..BAN = ban..KICK = kick..NO_ACC_COM = You have no access to that command..USAGE = Usage..MORE_CL_MATCHT = There is more than one client matching your argument..CL_NOT_FOUND = Client with that name or userid not found..CLIENT_IMM = Client "%s" has immunity..CANT_PERF_DEAD = That action can't be performed on dead client "%s"..CANT_PERF_BOT = That action can't be performed on bot "%s"..ON = On..OFF = Off....[de]..BACK = Zurueck..EXIT = Beenden..MORE = Mehr..NONE = Keine..ADMIN = ADMIN..PLAYER = Spieler..ERROR = Fehler..YES = Ja..NO = Nein..BAN = ban..KICK = kick..NO_ACC_COM = Du hast nicht genuegend Rechte, um diesen Befehl auszufuehren!..USAGE = Anwendung..MORE_CL_MATCHT = Es gibt mehrere Spieler, auf die deine Angaben zutreffen..CL_NOT_FOUND = Spieler mit diesem Namen oder dieser UserID nicht gefunden..CLIENT_IMM = Spieler "%s" hat Immnuitaet..CANT_PERF_DEAD = Dies

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\imessage.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	887
Entropy (8bit):	5.013177597770501
Encrypted:	false
SSDEEP:	24:uCOwOFpOiyXaO+NSO62OeO9UOA7OqSOXDzOT1CO4OmmlO7MOV:gh3D41YHl
MD5:	39A1396CC35C848B3AC0433DA423D6DB
SHA1:	B71AFDC0EE42C93C0D389FF240013A099A4A5193
SHA-256:	6906C6C6F2D5830CAC659483917A94B7289EFD7CDBD80E73CA2C66F61EDC488F
SHA-512:	8460B572ADB0DC3752B9620DB1D06FE26339D8FB596AFDA994457F503C2AA22B3EB7074DFEF85EF54800953B88384762AC0901F223BD43D2FBF3A4DC029F10C3
Malicious:	false
Preview:	[en]..INF_REACH = Information Messages limit reached!....[de]..INF_REACH = Nachrichtenlimit erreicht!....[sr]..INF_REACH = Dostignut limit Informacione Poruke!....[tr]..INF_REACH = Informasyon mesajlari sinirina ulasildi!....[fr]..INF_REACH = Limite de Messages d'Information atteinte!....[sv]..INF_REACH = Maximalt antal informationsmeddelanden!....[da]..INF_REACH = Informations beskeder graense naaet!....[pl]..INF_REACH = Osiagniety limit wiadomosci informacyjnych!....[nl]..INF_REACH = Informatieve Berichtenlimiet bereikt!....[es]..INF_REACH = Se ha alcanzado el limite maximo de Mensajes de Informacion!....[bp]..INF_REACH = Limite de mensagens de informacao obtido!....[cz]..INF_REACH = Limit informacnich zprav presazen!....[fi]..INF_REACH = Information Message -raja ylitetty!....[ls]..INF_REACH = l!m!tz r34ch3d....[bg]..INF_REACH = Informacionnoto saob6tenie dostigna limita!

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\languages.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.823865519004756
Encrypted:	false
SSDEEP:	24:rFCOsC1egCXkCx2C7C5DM0L3CzAFCr+CYC3gCJCx1CYcoCJgCQs:4OB1mX5BOV3LSDrP13dAeB/9
MD5:	BB88EE25C1378B6895A36FA2330678E5
SHA1:	EA4F732869B88F6A969EEE3C2B6FC6387A53A2EA
SHA-256:	FE6054BA5C674D5AF2C0304AABA7C6C859CC93F6F0A7764369504D8F51A56531
SHA-512:	E2619E36122F2DBBED9D6ECA622ACE4C76F44AA0691D166B4FE08B801EB2CE85EDFEC051E23083EAC2E61422173CDE7F1202D1FF7E4769C7B35A6C89E6DAECD2
Malicious:	false
Preview:	[en]..LANG_NAME = English..LANG_NAME_NATIVE = English....[de]..LANG_NAME = German..LANG_NAME_NATIVE = Deutsch....[sr]..LANG_NAME = Serbian..LANG_NAME_NATIVE = Srpski....[tr]..LANG_NAME = Turkish..LANG_NAME_NATIVE = Turkce....[fr]..LANG_NAME = French..LANG_NAME_NATIVE = Francais....[sv]..LANG_NAME = Swedish..LANG_NAME_NATIVE = Svenska....[da]..LANG_NAME = Danish..LANG_NAME_NATIVE = Dansk....[pl]..LANG_NAME = Polish..LANG_NAME_NATIVE = Polski....[nl]..LANG_NAME = Dutch..LANG_NAME_NATIVE = Nederlands....[es]..LANG_NAME = Spanish..LANG_NAME_NATIVE = Espanyol....[bp]..LANG_NAME = Brazil Portuguese..LANG_NAME_NATIVE = Portugues Brasil....[cz]..LANG_NAME = Czech..LANG_NAME_NATIVE = Cestina....[fi]..LANG_NAME = Finnish..LANG_NAME_NATIVE = Suomi....[ls]..LANG_NAME = l33t..LANG_NAME_NATIVE = l33t....[bg]..LANG_NAME = Bulgarian..LANG_NAME_NATIVE = Bulgarski

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\mapchooser.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	5099
Entropy (8bit):	5.19354156054785
Encrypted:	false
SSDEEP:	96:CcskqivhKzKavG6W5j8O1Tj9QOO3/Vk+2Ej:CVmEKitFtDV
MD5:	F5201920332AF8B0D03A368B03B9A51C
SHA1:	C118449D20D32769914B01769FB85024849C1744
SHA-256:	1680A4E7EC9E7AAA39252A39A1F5B9DB841387224DF0415419024F960822C5D9
SHA-512:	93EC7BA7FB33A4F4985908A89C6139BA687ACB13EF643C06F9E62C20753ABA8C2E56073A57397B0FD80356586EA8714150771A6C3BBABC33324862E54C35C7EC
Malicious:	false
Preview:	[en]..CHO_FIN_EXT = Choosing finished. Current map will be extended to next %.0f minutes..CHO_FIN_NEXT = Choosing finished. The nextmap will be %s..CHOSE_EXT = %s chose map extending..X_CHOSE_X = %s chose %s..CHOOSE_NEXTM = AMX Choose nextmap..EXTED_MAP = Extend map %s..TIME_CHOOSE = It's time to choose the nextmap.......[de]..CHO_FIN_EXT = Auswahl beendet. Laufende Map wird um %.0f Minuten verlaengert...CHO_FIN_NEXT = Auswahl beendet. Naechste Map ist %s..CHOSE_EXT = %s waehlten Map-Verlaengerung..X_CHOSE_X = %s waehlten %s..CHOOSE_NEXTM = AMXX waehlt naechste Map..EXTED_MAP = Verlangere Map %s..TIME_CHOOSE = Es ist an der Zeit, die naechste Map zu waehlen.......[sr]..CHO_FIN_EXT = Biranje zavrseno. Sadasnja mapa ce biti produzena za %.0f minuta..CHO_FIN_NEXT = Biranje zavrseno. Sledeca mapa ce biti %s..CHOSE_EXT = %s biraj mapu sa produzivanjem..X_CHOSE_X = %s izabrao %s..CHOOSE_NEXTM = AMX izaberi sledecu mapu..EXTED_MAP = Produzi mapu %s..TIME_CHOOSE = Vreme je da se izabere sledec

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\mapsmenu.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	12382
Entropy (8bit):	5.361069297805222
Encrypted:	false
SSDEEP:	192:1TVk1VBGe+XjkhNsNtXlTXu/md6QzqqIycbQCXe:VSVBGe9U/XuFPEKQd
MD5:	E922BF8C6090D7C51FB94E112DFF3E06
SHA1:	7B41B995B20BC03E2306CB4C133BAA989B174B4C
SHA-256:	0B5B6F369AF7D5817B19B68F315FF0BC3CB58490CF1E16FF0B378ADB405EEA72
SHA-512:	DBAF62AA3C963EAF0799EC4FA38F534DDCCAE474B92B6319954E1B8E6AE11AC21D6BAFCDCEF4029D07EF90206DD221C64D018E47884DCDB40CFD206DD4A23E3E
Malicious:	false
Preview:	[en]..RESULT_REF = Result refused..RESULT_ACC = Result accepted..VOTE_SUCCESS = Voting successful. Map will be changed to..VOTE_FAILED = Voting failed..THE_WINNER = The winner..WANT_CONT = Do you want to continue?..VOT_CANC = Voting has been canceled..X_VOTED_FOR = %s voted for option #%d..VOTEMAP_MENU = Votemap Menu..START_VOT = Start Voting..SEL_MAPS = Selected Maps..ALREADY_VOT = There is already one voting.....NO_MAPS_MENU = There are no maps in menu..VOT_NOW_ALLOW = Voting not allowed at this time..WHICH_MAP = Which map do you want?..CHANGE_MAP_TO = Change map to..CANC_VOTE = Cancel Vote..ADMIN_V_MAP_1 = ADMIN: vote map(s)..ADMIN_V_MAP_2 = ADMIN %s: vote map(s)..ADMIN_CHANGEL_1 = ADMIN: changelevel %s..ADMIN_CHANGEL_2 = ADMIN %s: changelevel %s..CHANGLE_MENU = Changelevel Menu....[de]..RESULT_REF = Ergebnis abgelehnt..RESULT_ACC = Ergebnis angenommen..VOTE_SUCCESS = Abstimmung beendet. Map wird gewechselt zu..VOTE_FAILED = Abstimmung gescheitert..THE_WINNER = Der Gewinner..WANT_CO

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\menufront.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	7414
Entropy (8bit):	5.320408282429439
Encrypted:	false
SSDEEP:	192:D9tJWV2L6HUVYRier8vehv/XtUkiWo78Co6frDi+Kz40gLP9UL:y3H4U1oSv7zF
MD5:	31A8BB2A345C4EEEF4CE0128D9377469
SHA1:	5BD2EA0C3DBAC40AC2D4DC9F7275A31CC6A4FF0F
SHA-256:	4E95CF0E3372C85EB63BA4D580C63896974A012320AE81D54EE015F1FE08B95D
SHA-512:	092EFC8B1D43B63B5A5DBBA547166492B105B7D879E3816E66B5B4A9326EDEEC7F4877A5F0766007AA4D0E504AB7966C6101B971D4F2645FB0E329C9B8840DC8
Malicious:	false
Preview:	[en]..KICK_PLAYER = Kick Player..BAN_PLAYER = Ban Player..SLAP_SLAY = Slap/Slay Player..TEAM_PLAYER = Team Player ^n..CHANGEL = Changelevel..VOTE_MAPS = Vote for maps ^n..SPECH_STUFF = Speech Stuff..CLIENT_COM = Client Commands..SERVER_COM = Server Commands..CVARS_SET = Cvars Settings..CONFIG = Configuration..LANG_SET = Language Settings..STATS_SET = Stats Settings ^n..PAUSE_PLUG = Pause Plugins..RES_WEAP = Restrict Weapons..TELE_PLAYER = Teleport Player....[de]..KICK_PLAYER = Kick Spieler..BAN_PLAYER = Ban Spieler..SLAP_SLAY = Schlage/Toete Spieler..TEAM_PLAYER = Team Spieler ^n..CHANGEL = Mapwechsel..VOTE_MAPS = Map Abstimmung ^n..SPECH_STUFF = Soundausgabe..CLIENT_COM = Client-Befehle..SERVER_COM = Server-Befehle..CVARS_SET = Server-Einstellungen..CONFIG = Konfiguration..LANG_SET = Spracheinstellung..STATS_SET = Statistik-Einstellungen ^n..PAUSE_PLUG = Plugins pausieren..RES_WEAP = Waffen verbieten..TELE_PLAYER = Teleport Spieler....[sr]..KICK_PLAYER = Kick Igraca..BAN_PLAYER = Ban

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\miscstats.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	28850
Entropy (8bit):	5.362479164062782
Encrypted:	false
SSDEEP:	768:HGxgeUM6Bq6RDR3KWTDfITXDBUcAclL3Jmi6fY85cu:m2M67DRVfQX5rL5m5pD
MD5:	6362D9FEADDB4F3FF9EE4F1F2F4A208A
SHA1:	7B393D3299438EDA84BEA17433A510FC9E64E636
SHA-256:	F332699D07E6B02FD38D4ADAE0129568DBB5D9737434F1859A2C914ADFC931AB
SHA-512:	C776403245524A58F072D9A215D68B452A5B43D1B24DADA349DDE1B6487C3A99E06A366C2AF905200DB2BB36B179BC41EAB06CF6D5109100BCB679FE0B0EE469
Malicious:	false
Preview:	[en]..WITH = with..KNIFE_MSG_1 = %s sliced and diced %s..KNIFE_MSG_2 = %s pulled out knife and gutted %s..KNIFE_MSG_3 = %s sneaks carefully behind and knifed %s..KNIFE_MSG_4 = %s knived %s..LAST_MSG_1 = Now all depend on you!..LAST_MSG_2 = I hope you still have a healthpack...LAST_MSG_3 = All your teammates were killed. Good luck!..LAST_MSG_4 = Now you are alone. Have fun!..HE_MSG_1 = %s sends a little gift to %s..HE_MSG_2 = %s throws a small present to %s..HE_MSG_3 = %s made a precision throw to %s..HE_MSG_4 = %s got a big explosion for %s..SHE_MSG_1 = %s detonated himself with a grenade..SHE_MSG_2 = %s trys the effect of an HE Grenade..SHE_MSG_3 = %s swallows grenades whole!..SHE_MSG_4 = %s explodes!..HS_MSG_1 = $kn killed $vn with a well^nplaced shot to the head!..HS_MSG_2 = $kn removed $vn's^nhead with the $wn..HS_MSG_3 = $kn turned $vn's head^ninto pudding with the $wn..HS_MSG_4 = $vn got pwned by $kn..HS_MSG_5 = $vn's head has been^nturned into red jello..HS_MSG_6 = $kn has super

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\multilingual.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	6071
Entropy (8bit):	5.2609331300038535
Encrypted:	false
SSDEEP:	96:0CBa+W9UsGON7N7FGq+iXaVcMZCNQgYpXOf5ENE32qWhG3Q65+EZ7AiX2:1a19Ux2SJqYCigYa+2rm
MD5:	EF8630D263BD826F20E18FBCE0BBFB7B
SHA1:	E95DBBBAA3B3A92B972810A8C319EBA1AA619A1E
SHA-256:	85AB1D26616411EBC5FE850CE763403E2D665A691F8280BAC3338C6696F2A7B1
SHA-512:	E1269979099D9A39764061B303AF24B2B6AE82F8EF006819975EF77DB353C3FCC1750920D755C9D25C2E9CE5546E148288427EEC37F0CFF3B31B360296FB3CE3
Malicious:	false
Preview:	[en]..LANG_NOT_EXISTS = The language does not exist..PERSO_LANG = Personal Language..LANG_MENU = Language Menu..SERVER_LANG = Server Language..SAVE_LANG = Save Language..SET_LANG_SERVER = The server language has been set to "%s"..SET_LANG_USER = Your language has been set to "%s"..TYPE_LANGMENU = Type 'amx_langmenu' in the console to display a menu where you can choose your language..LANG_MENU_DISABLED = Language menu disabled.....[de]..LANG_NOT_EXISTS = Diese Sprache exsistiert nicht...PERSO_LANG = Eigene Sprache..LANG_MENU = Sprach Menu..SERVER_LANG = Server Sprache..SAVE_LANG = Spracheinstellung speichern..SET_LANG_SERVER = Die Sprache des Servers wurde auf "%s" geaendert..SET_LANG_USER = Deine Sprache wurde auf "%s" geaendert..TYPE_LANGMENU = Schreibe 'amx_langmenu' in die Konsole zum Anzeigen des Sprachauswahlmenus....[sr]..LANG_NOT_EXISTS = Jezik ne postoji..PERSO_LANG = Licni Jezik..LANG_MENU = Meni Jezika..SERVER_LANG = Jezik Servera..SAVE_LANG = Sacuvaj Jezik..SET_LANG_SERVER

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\nextmap.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	1335
Entropy (8bit):	5.110742669162532
Encrypted:	false
SSDEEP:	12:tjrhPAg/QTQcf7f8UHnCwilMY3XvFsbHlT40OI3Org6AgwRW3FqW3BBMvgB4YfCX:5rfhI7k4a9sbZCFDgvgBszCo2OEm
MD5:	B866680332734E845FE67D2B3999570C
SHA1:	1C2B8A58F75D5AAE67B4F0D51FF3576290719525
SHA-256:	B9258CF874344778BBAB273650116F46D0FBACF178FAD842161D01E7B37199E2
SHA-512:	372F142A9A05E372E9CC71F00719F6A218DEBF9142208F53213EA1624B7E8A3F4E30D0F9B1790FCA65A2116E857EAFE896FF1643CCB81C209E6DB09DD30B0004
Malicious:	false
Preview:	[en]..NEXT_MAP = Next Map:..PLAYED_MAP = Played map..FRIEND_FIRE = Friendly fire....[de]..NEXT_MAP = Naechste Map:..PLAYED_MAP = Gespielte Maps..FRIEND_FIRE = Friendly fire....[sr]..NEXT_MAP = Sledeca Mapa:..PLAYED_MAP = Igrana mapa..FRIEND_FIRE = Friendly fire....[tr]..NEXT_MAP = Diger Map:..PLAYED_MAP = Oynanan map..FRIEND_FIRE = Dost atesi....[fr]..NEXT_MAP = Prochaine Carte:..PLAYED_MAP = Carte jouee..FRIEND_FIRE = Friendly fire....[sv]..NEXT_MAP = N'a'sta karta:..PLAYED_MAP = Spelade karta..FRIEND_FIRE = Egna laget skada.....[da]..NEXT_MAP = Naeste bane:..PLAYED_MAP = Spillet bane..FRIEND_FIRE = Venskablig ild....[pl]..NEXT_MAP = Nastepna Mapa:..PLAYED_MAP = Mapy grane..FRIEND_FIRE = Friendly fire....[nl]..NEXT_MAP = Volgende Map:..PLAYED_MAP = Gespeelde map..FRIEND_FIRE = Friendly fire....[es]..NEXT_MAP = Proximo Mapa:..PLAYED_MAP = Mapa actual..FRIEND_FIRE = Fuego amigo....[bp]..NEXT_MAP = Proximo Mapa:..PLAYED_MAP = Mapa Jogado..FRIEND_FIRE = Fogo Amigo....[cz]..NEXT_MAP = Dals

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\pausecfg.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [name]
Category:	dropped
Size (bytes):	24262
Entropy (8bit):	5.342322861488125
Encrypted:	false
SSDEEP:	384:19UYapcxAy87usBJc30UMGPw3eyITda2HNr/37NFt3CZifUYa3:SSuaw3ePd3ptwiM
MD5:	C287BDD4BFA08A83312784DEBCDBA00E
SHA1:	6501EC4C9FA5FCF5C0C85AEBCAD6AF12769E4866
SHA-256:	0C2673388929781B00C48FD45BEB600A345E769F160ED7F97BC440F03A735EB0
SHA-512:	1A8DC465026D9102D7CB49323DAC5D808540F7E50546DF6186753EA699323BE29B0E867D671870ECED257936DF7C875255CDD21905BB0FCBF968F1007AB7D6CF
Malicious:	false
Preview:	[en]..PAUSE_COULDNT_FIND = Couldn't find a plugin matching "%s"..PAUSE_PLUGIN_MATCH = Plugin matching "%s"..PAUSE_CONF_CLEARED = Configuration file cleared. Reload the map if needed..PAUSE_ALR_CLEARED = Configuration was already cleared!..PAUSE_CONF_SAVED = Configuration saved successfully..PAUSE_SAVE_FAILED = Configuration saving failed!!!..LOCKED = LOCKED..PAUSE_UNPAUSE = Pause/Unpause Plugins..CLEAR_STOPPED = Clear file with stopped..SAVE_STOPPED = Save stopped..PAUSED_PLUGIN = Paused %d plugin..PAUSED_PLUGINS = Paused %d plugins..UNPAUSED_PLUGIN = Unpaused %d plugin..UNPAUSED_PLUGINS = Unpaused %d plugins..CANT_MARK_MORE = Can't mark more plugins as unpauseable!..PAUSE_LOADED = Pause Plugins: Loaded plugins..STOPPED = stopped..VERSION = version..FILE = file..PAUSE_ENTRIES = Entries %d - %d of %d (%d running)..PAUSE_USE_MORE = Use 'amx_pausecfg list %d' for more..PAUSE_USE_BEGIN = Use 'amx_pausecfg list 1' for begin..PAUSE_USAGE = Usage: amx_pausecfg <command> [name]..PAUSE_COMMAND

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\plmenu.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	7472
Entropy (8bit):	5.235645164310779
Encrypted:	false
SSDEEP:	96:QMbqNTdSaWDun/qJIHHtFQSYJtVuI6+OHf05KYbIXteBlqLWIXY/VJRqECO43PfC:RbSd3qJIJat1OH2ZMgqNXoy/9NckSKFE
MD5:	DF6AE5D7E6CC94072412A6DA12FA6159
SHA1:	96644156B36ADA97172BF704F83933D45F90536D
SHA-256:	EDC0EE527EAE8203096FBBD38177122C3FF5DDF0C46C0D0FA2BBF5CD38C0C3BB
SHA-512:	159A8FAD9C2E6228FABAA6C639D74F409EE30257DA14F1ED449A226EFD95C9E5955E01BAA0D3949DC49F02EBA09312A1A37ADA433B355E8DDB182A3732F7C940
Malicious:	false
Preview:	[en]..ADMIN_BAN_1 = ADMIN: ban %s..ADMIN_BAN_2 = ADMIN %s: ban %s..BAN_MENU = Ban Menu..BAN_FOR_MIN = Ban for %d minutes..BAN_PERM = Ban permanently..SLAP_SLAY_MENU = Slap/Slay Menu..SLAP_WITH_DMG = Slap with %d damage..SLAY = Slay..KICK_MENU = Kick Menu..ADMIN_TRANSF_1 = ADMIN: transfer %s to %s..ADMIN_TRANSF_2 = ADMIN %s: transfer %s to %s..TEAM_MENU = Team Menu..TRANSF_TO = Transfer to %s..CL_CMD_MENU = Client Cmds Menu..NO_CMDS = No cmds available....[de]..ADMIN_BAN_1 = ADMIN: bannt %s..ADMIN_BAN_2 = ADMIN %s: bannt %s..BAN_MENU = Menu > bannen..BAN_FOR_MIN = Bann fuer %d Minuten..BAN_PERM = fuer immer bannen..SLAP_SLAY_MENU = Schlagen/Toeten-Menu..SLAP_WITH_DMG = Schlaegt mit %d Schaden..SLAY = toeten..KICK_MENU = Menu >kicken..ADMIN_TRANSF_1 = ADMIN: verschiebt %s zu den %s..ADMIN_TRANSF_2 = ADMIN %s: verschiebt %s zu den %s..TEAM_MENU = Menu > Team..TRANSF_TO = zu den %s geschoben..CL_CMD_MENU = Menu > Spielerbefehle..NO_CMDS = keine Befehle verfuegbar....[sr]..ADMIN_BAN_1 = ADM

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\restmenu.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [value]
Category:	dropped
Size (bytes):	23912
Entropy (8bit):	5.423222524582432
Encrypted:	false
SSDEEP:	192:VhVZifmkfQTOAQ+DnnA9X6nF1SICoqe9dxulbQKSB6GBtrJXk7TS36OB6+RJVVS0:V4O3RnpJV0vm9/dJQ4C0NvgIe7WIW3
MD5:	77F9DD2F2D6E8206668113FD4AC8B34B
SHA1:	17F8C672011BE8C52F337CFDEF5BF20626B60D71
SHA-256:	CFD372B61FB2AC10D4849A53F1CE54E1ECAEA0A053303851879EDE6E6E8FCB0B
SHA-512:	6414AC7D8C83076F3029CD15451AADEFBA74AA66106FF7CD30C657D76C8F9960B36C76A15BA4CE88B859CBF691B61283919EE7753783B6929D3EC54CBCE44FA1
Malicious:	false
Preview:	[en]..EQ_WE_RES = Equipment and weapons have been restricted..EQ_WE_UNRES = Equipment and weapons have been unrestricted..HAVE_BEEN = have been..HAS_BEEN = has been..RESTRICTED = restricted..UNRESTRICTED = unrestricted..NO_EQ_WE = Couldn't find such equipment or weapon..WEAP_RES = Weapons Restriction..VALUE = value..REST_ENTRIES_OF = Entries %i - %i of %i..REST_USE_MORE = Use 'amx_restrict list %i' for more..REST_USE_BEGIN = Use 'amx_restrict list 1' for begin..REST_CONF_SAVED = Configuration has been saved (file "%s")..REST_COULDNT_SAVE = Couldn't save configuration (file "%s")..REST_CONF_LOADED = Configuration has been loaded (file "%s")..REST_COULDNT_LOAD = Couldn't load configuration (file "%s")..COM_REST_USAGE = Usage: amx_restrict <command> [value]..COM_REST_COMMANDS = Commands:..COM_REST_ON = ^ton - set restriction on whole equipment..COM_REST_OFF = ^toff - remove restriction from whole equipment..COM_REST_ONV = ^ton <value> [...] - set specified restriction..COM_REST_OFFV = ^t

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\scrollmsg.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	2798
Entropy (8bit):	5.202278036094559
Encrypted:	false
SSDEEP:	48:bgjnM0KfzpTM/73htiQAJkME6iYYipJE7MxnpkO2KAIoF:AX2BM/LTjME6lYozp6v
MD5:	5EB4C943EAF9A18F7890D383FECA3990
SHA1:	410F08065E278485DB42A3DB36C3F969DB193D35
SHA-256:	9F030C5DD5D19FA67C81BCF5EDE452EB50F764BE220EE796CD2DDAB1D304DA54
SHA-512:	E74D2C024594D8A4B5AF344E9351671D50F5145795457AF763E86250EF1495B682EE86A895178DC269D859484CA36418F5D637C9CA0107A52EDD624588591EA8
Malicious:	false
Preview:	[en]..MIN_FREQ = Minimal frequency for this message is %d seconds..MSG_FREQ = Scrolling message displaying frequency: %d:%02d minutes..MSG_DISABLED = Scrolling message disabled....[de]..MIN_FREQ = Minimale Frequenz fuer diese Anzeige sind %d Sekunden..MSG_FREQ = Scrollnachricht Anzeigefrequenz: %d:%02d Minuten..MSG_DISABLED = Scrollnachrichten abgeschaltet....[sr]..MIN_FREQ = Minimalno vreme prikazivanja za ovu poruku je %d sekundi..MSG_FREQ = Vreme prikazivanja prolazece poruke: %d:%02d minut(a)..MSG_DISABLED = Prolazeca poruka iskljucna....[tr]..MIN_FREQ = Bu mesajin en az frekansi %d saniyedir..MSG_FREQ = Kaydirilan mesaj gosterme frekansi: %d:%02d dakika..MSG_DISABLED = Kaydirilan mesaj kullanimda degil....[fr]..MIN_FREQ = La frequence minimale pour ce message est de %d secondes..MSG_FREQ = La frequence d'affichage des messages deroulants est de: %d:%02d minutes..MSG_DISABLED = Les messages deroulants sont desactives....[sv]..MIN_FREQ = Minimefrekvens f'o'r detta meddelande e %d se

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\stats_dod.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	50937
Entropy (8bit):	5.392110827217482
Encrypted:	false
SSDEEP:	768:/W+HM0MmexYrX5IW+vM0eq2KvSeJdrM/vxW+vM05mTxNK+vM0c4MRXtiRi0MqfDk:daeqnu5SclYHp27X
MD5:	2A66B4BFB3FBC2880334A3AC6D71E50D
SHA1:	E133CEBBFF714C807EF191BF1164C1A462CAC1EE
SHA-256:	205D6598F754FEB31A0A1185595A0AB2063FA2F9FC80590CD53F3ECB98D3C68B
SHA-512:	72BEA5DE68349E79F4EEDAAD9E876020EE456314A784F8CD4C996EAB3DF102C10963E5D60E52130D6DA857B9146D06BA4A0FAE3ADD5C1E4E04F799B975A0DD0F
Malicious:	false
Preview:	[en]..WHOLEBODY = whole body..HEAD = head..CHEST = chest..STOMACH = stomach..LEFTARM = leftarm..RIGHTARM = rightarm..LEFTLEG = leftleg..RIGHTLEG = rightleg..MULTI_MSG = Multi-Kill! %s^nwith %d kills (%d hs)..ULTRA_MSG = Ultra-Kill!!! %s^nwith %d kills (%d hs)..SPREE_MSG = %s IS ON A KILLING SPREE!!!^nwith %d kills (%d hs)..RAMPAGE_MSG = RAMPAGE!!! %s^nwith %d kills (%d hs)..UNSTOPPABLE_MSG = %s IS UNSTOPPABLE!!!^nwith %d kills (%d hs)..MONSTER_MSG = %s IS A MONSTER!^nwith %d kills (%d hs)..GODLIKE_MSG = %s IS GODLIKE!!!!^nwith %d kills (%d hs)..MULTI_SMALL = %s: Multi-Kill!..ULTRA_SMALL = %s: Ultra-Kill!!!..SPREE_SMALL = %s IS ON A KILLING SPREE!!!..RAMPAGE_SMALL = %s: RAMPAGE!!!..UNSTOPPABLE_SMALL = %s IS UNSTOPPABLE!!!..MONSTER_SMALL = %s IS A MONSTER!..GODLIKE_SMALL = %s IS GODLIKE!!!..KNIFE_MSG1 = %s sliced and diced %s..KNIFE_MSG2 = %s pulled out knife and gutted %s..KNIFE_MSG3 = %s sneaks carefully behind and knifed %s..KNIFE_MSG4 = %s knived %s..HE_MSG1 = %s sends a little gift

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\statscfg.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	18588
Entropy (8bit):	5.266491114725236
Encrypted:	false
SSDEEP:	192:ZYmKAkWIMsm7LwyO8qR47TXFlKkPKQntCVIP8yxDYG4DT+QHkvYXj7hCb6U7H:PkWOmqKvNP1DmnPkvWwpb
MD5:	9C942095A23507A7EE9D9DDB98CF5FF6
SHA1:	B2B4B73A185B3EA60B4C4EFED85BBCFCBE11F370
SHA-256:	4A659A8CA74DD23D1D4728E185C2D5500DE3DB4DD259646E993EB3C7B5577A1E
SHA-512:	D40439D4C1BA9C64F7BA9ED5851A3A3ED3A2C4905C04A5A589C62FDA6DE1F1FFD4412E5AC06C365A1B285551912F4283AF27100A13893C8C9CFB9C9D02FA7D6C
Malicious:	false
Preview:	[en]..NO_OPTION = Couldn't find option(s) with such variable (name "%s")..STATS_CONF_SAVED = Stats configuration saved successfully..STATS_CONF_FAILED = Failed to save stats configuration!!!..STATS_CONF_LOADED = Stats configuration loaded successfully..STATS_CONF_FAIL_LOAD = Failed to load stats configuration!!!..STATS_CONF = Stats Configuration..STATS_ENTRIES_OF = Entries %i - %i of %i..STATS_USE_MORE = Use 'amx_statscfg list %i' for more..STATS_USE_BEGIN = Use 'amx_statscfg list 1' for begin..STATS_ENABLED = Stats enabled..STATS_DISABLED = Stats disabled..CANT_ADD_STATS = Can't add stats to the list, limit reached!..COM_STATS_USAGE = Usage: amx_statscfg <command> [parameters] .....COM_STATS_COM = Commands:..COM_STATS_ON = ^ton <variable> - enable specified option..COM_STATS_OFF = ^toff <variable> - disable specified option..COM_STATS_SAVE = ^tsave - save stats configuration..COM_STATS_LOAD = ^tload - load stats configuration..COM_STATS_LIST = ^tlist [id] - list stats status..COM_STA

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\statsx.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	21850
Entropy (8bit):	5.384706292544049
Encrypted:	false
SSDEEP:	384:d7+WI0HsBrSPiszr4Z5oLIh13V6VOf6vGMKUJkQAfHz02v/z+4L5eV/tJegselwG:h+WHHs9SPiWr4Zsw13gO2bKU3AfvvL+B
MD5:	A7FF3982DA771FCF094C7DC2FC3130AF
SHA1:	D96916D732F010DA9DE0B956FB7BB5980E7EF14C
SHA-256:	84B967F7693868FD9FFBE8B6C1C317FFB72669F0A6BE6969DFDE17DEEF09A847
SHA-512:	3EE09CF455E4F80B2B0C968800954C52DA342CCB24A2966DC4721BC1DA0376A90CCF178F80C087C6C687164738D2D50C7892F3749B0527ECBAAA22C08B786ACA
Malicious:	false
Preview:	[en]..WHOLEBODY = wholebody..HEAD = head..CHEST = chest..STOMACH = stomach..LEFTARM = leftarm..RIGHTARM = rightarm..LEFTLEG = leftleg..RIGHTLEG = rightleg..MODE_SET_TO = "amx_statsx_mode" set to "%s"..ATTACKERS = Attackers..ACC = acc...HIT_S = hit(s)..DMG = dmg..VICTIMS = Victims..MOST_DMG = Most damage done by..KILLED_YOU_DIST = %s killed you with %s^nfrom distance of %0.2f meters...DID_DMG_HITS = He did %d damage to you with %d hit(s)^nand still has %dhp and %dap...YOU_DID_DMG = You did %d damage to him with %d hit(s)...EFF = eff...BEST_SCORE = Best score..KILL_S = kill(s)..TOTAL = Total..SHOT_S = shot(s)..HITS_YOU_IN = %s hit you in..KILLED_BY_WITH = Killed by %s with %s @ %0.0fm..NO_HITS = no hits..YOU_NO_KILLER = You have no killer.....YOU_HIT = You hit %s %d time(s), %d damage..LAST_RES = Last result: %d hit(s), %d damage..KILLS = Kills..DEATHS = Deaths..HITS = Hits..SHOTS = Shots..YOUR = Your..PLAYERS = Players..RANK_IS = rank is %d of %d..DAMAGE = Damage..WEAPON = Weapon..YOUR_

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\telemenu.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	2783
Entropy (8bit):	5.185654406139461
Encrypted:	false
SSDEEP:	48:38d5nm86Xk1pzpOlJFhBf+dr/s8wqBvfwRw+C7+Dlcw5RmHpEK78:iz4PqJGw+G+8pe
MD5:	7CB376063782B3704E4F16916B6DD2CD
SHA1:	534AFB40884F21EAF869BC247544E504E03D703E
SHA-256:	DE62711F4F2DF1EAD5E6BA62E18A78FC3FC5A1369E70FD2C2DF859E8B40EACAA
SHA-512:	07A98888D839A759E5E0FEBE16D30E04C7E8EE687E9748F6EF9258A78B2D1F7AE6A727C2C0A402A6E1EE2A15C5E4DA18F70B3436A12C86247D3A4A4D0683FAD8
Malicious:	false
Preview:	[en]..ADMIN_TELEPORT_1 = ADMIN: teleport %s..ADMIN_TELEPORT_2 = ADMIN %s: teleport %s..TELE_MENU = Teleport Menu..CUR_LOC = Current Location..SAVE_LOC = Save Location....[de]..ADMIN_TELEPORT_1 = ADMIN: teleportiert %s..ADMIN_TELEPORT_2 = ADMIN %s: teleportiert %s..TELE_MENU = Menu > Teleport..CUR_LOC = Momentane Position..SAVE_LOC = Position speichern....[sr]..ADMIN_TELEPORT_1 = ADMIN: teleportuj %s..ADMIN_TELEPORT_2 = ADMIN %s: teleportuj %s..TELE_MENU = Teleport Meni..CUR_LOC = Sadasnja Lokacija..SAVE_LOC = Sacuvaj Lokaciju....[tr]..ADMIN_TELEPORT_1 = ADMIN: teleportladi %s..ADMIN_TELEPORT_2 = ADMIN %s: teleportladi %s..TELE_MENU = Teleport Menusu..CUR_LOC = Oldugu su anki yer..SAVE_LOC = Oldugu yeri saklayin....[fr]..ADMIN_TELEPORT_1 = ADMIN: teleporte %s..ADMIN_TELEPORT_2 = ADMIN %s: teleporte %s..TELE_MENU = Menu Teleportation..CUR_LOC = Emplacement Actuel..SAVE_LOC = Sauver l'emplacement....[sv]..ADMIN_TELEPORT_1 = ADMIN: teleportera %s..ADMIN_TELEPORT_2 = ADMIN %s: teleportera %

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\time.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	4288
Entropy (8bit):	4.6756951533914854
Encrypted:	false
SSDEEP:	48:nBfpEi2nM5CRsPaNBIEZOHfZOH/BgjMIx8/hrCw2JW35I/Aj6r:nkA184/4fb5+C6r
MD5:	57EBE478E1AF7056555D6D4B6CF96348
SHA1:	E07F7E906C6EFFE72FDFC7C7F8F9079807AE6892
SHA-256:	B214D13F708A0BD542D5F9951972348A80890881D53F892A0B9FFCE7F00622E2
SHA-512:	31740542C66F53751417430F383D9B379D089E33CB4B1938DD707E3AAE576AB30CCC796BCC4BE6A1B7D73E08CD5B42296DE5F4790FCC249AFC11D544270406F7
Malicious:	false
Preview:	[en]..TIME_ELEMENT_SECOND = second..TIME_ELEMENT_SECONDS = seconds..TIME_ELEMENT_MINUTE = minute..TIME_ELEMENT_MINUTES = minutes..TIME_ELEMENT_HOUR = hour..TIME_ELEMENT_HOURS = hours..TIME_ELEMENT_DAY = day..TIME_ELEMENT_DAYS = days..TIME_ELEMENT_WEEK = week..TIME_ELEMENT_WEEKS = weeks..TIME_ELEMENT_PERMANENTLY = permanently..TIME_ELEMENT_AND = and....[de]..TIME_ELEMENT_SECOND = Sekunde..TIME_ELEMENT_SECONDS = Sekunden..TIME_ELEMENT_MINUTE = Minute..TIME_ELEMENT_MINUTES = Minuten..TIME_ELEMENT_HOUR = Stunde..TIME_ELEMENT_HOURS = Stunden..TIME_ELEMENT_DAY = Tag..TIME_ELEMENT_DAYS = Tage..TIME_ELEMENT_WEEK = Woche..TIME_ELEMENT_WEEKS = Wochen..TIME_ELEMENT_PERMANENTLY = permanent..TIME_ELEMENT_AND = und....[sr]..TIME_ELEMENT_SECOND = sekunda..TIME_ELEMENT_SECONDS = sekundi..TIME_ELEMENT_MINUTE = minut..TIME_ELEMENT_MINUTES = minuta..TIME_ELEMENT_HOUR = sat..TIME_ELEMENT_HOURS = sati..TIME_ELEMENT_DAY = dan..TIME_ELEMENT_DAYS = dani..TIME_ELEMENT_WEEK = nedelja..TIME_ELEMENT_WEEKS = nedel

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\lang\timeleft.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Generic INItialization configuration [de]
Category:	dropped
Size (bytes):	2368
Entropy (8bit):	4.974121998389318
Encrypted:	false
SSDEEP:	24:NXbMOkxNXKOpbaOvI1aFq7iFA17aMeO7YdVUO81gV7GF1+7eSEArqA7K7AcO8hzk:NSpqiMuCeVUe7lGBaxHUs
MD5:	58450350162260F7EAF784EDC67867A3
SHA1:	84301DF0E1E7FC37472D5A82938B80E5F5B66872
SHA-256:	D6C5FB391F9E59057A38690484507F2D2273F68DEB73B7511067F5E3E33BD97C
SHA-512:	F5A3DB15607FED57F07F230CE5C8ED374ECC2FB36AA450BFEA7E78FE834D2040AB0144C75756B07576B1B8FB8C599209AFF95B9994550F3FB928CE69C57A8188
Malicious:	false
Preview:	[en]..THE_TIME = The time..TIME_LEFT = Time Left..NO_T_LIMIT = No Time Limit..MINUTE = minute..MINUTES = minutes..SECOND = second..SECONDS = seconds....[de]..THE_TIME = Es ist..TIME_LEFT = Zeit uebrig..NO_T_LIMIT = Kein Zeitlimit..MINUTE = Minute..MINUTES = Minuten..SECOND = Sekunde..SECONDS = Sekunden....[sr]..THE_TIME = Vreme..TIME_LEFT = Preostalo Vreme..NO_T_LIMIT = Nema Ogranicenja Vremena..MINUTE = minut..MINUTES = minute..SECOND = sekund..SECONDS = sekundi....[tr]..THE_TIME = Saat..TIME_LEFT = Kalan zaman..NO_T_LIMIT = Suresiz zaman..MINUTE = dakika..MINUTES = dakikalar..SECOND = saniye..SECONDS = saniyeler....[fr]..THE_TIME = Il est..TIME_LEFT = Temps Restant..NO_T_LIMIT = Aucun Temps Limite..MINUTE = minute..MINUTES = minutes..SECOND = seconde..SECONDS = secondes....[sv]..THE_TIME = Tid..TIME_LEFT = Tid kvar..NO_T_LIMIT = Ingen tidsbegr'a'nsning..MINUTE = minut..MINUTES = minuter..SECOND = sekund..SECONDS = sekunder....[da]..THE_TIME = Tiden..TIME_LEFT = Tid tilbage..NO_T_LIMI

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\data\vault.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	37
Entropy (8bit):	4.486348298002912
Encrypted:	false
SSDEEP:	3:a3MDcoyrhk5:avC
MD5:	541232A0606736392A61F93012320D67
SHA1:	48D5488E912CA4BF8AAE9E83E52522587F87B516
SHA-256:	A1ED775499C6011AF0F3C4B2F33204E470C5CF1B1ADBEF275D277291B3510FFF
SHA-512:	73630EA9F87DB763D2ADDCA9577F8E8C6FE12D8A8886F25C8DCFF5AD3121563283724FE58F9B3086EABD4B6AD7DAB095970D413355F588192CCB9AC77CA5A48C
Malicious:	false
Preview:	; Don't modify!..server_language.en..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\dlls\amxmodx_mm.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	409600
Entropy (8bit):	6.674134561666998
Encrypted:	false
SSDEEP:	12288:A5yqzmIn7lK3OdeG6x9tclbp71LX73AiutIlNIHaZ6CQ/GTmEx3z:U7NX73AiJU6kpeTFx3
MD5:	95C0D9A06B620D2E90ADDD5CB6ECA84B
SHA1:	CDD2461EAE2DBCAFB663801931ED43B06AF55CF0
SHA-256:	BE1BAEB1008D6D62A5AED034A55E372EB0E04D6353513F30EFDA49141804C87B
SHA-512:	22F92DA216EA9213B5D13330E4CFBA000AE9EDDD75E379CB042A8AD0D8E735D2D9D7D5E4FF5D50E3630975073DC24D5A690DBB49C83C5D7D7CD6C6DCA71E91E9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^n.g...4...4...4...4...4...4>..4...4...4...4...4...4...4...4K..4...4...4...4...4...4...4...4"..4...4...4...4...4...4...4Rich...4................PE..L...]..E...........!.....p...........\|.......................................p......................................`c..#....\..<.......(.................... ...F..P...................................................L............................text....`.......p.................. ..`.rdata..............................@..@.data........p...p...p..............@....rsrc...(...........................@..@.reloc..JJ... ...P..................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\documentation\readme.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	HTML document, ASCII text, with very long lines (626), with CRLF line terminators
Category:	dropped
Size (bytes):	21073
Entropy (8bit):	5.287644571681081
Encrypted:	false
SSDEEP:	384:B8S95FRR/qGFdloHeLAbWg7WSRCZxHuBZSZttZAka:BFyAdSHJbSxOBZwttNa
MD5:	25410F045AFB244C530AF64285EC1EFB
SHA1:	7D41A2E94DE94381B2F46AFDA874F4CD047F00C6
SHA-256:	45D025414471277365634189C453F0A183C40FAC9583D810B94C5F6697601468
SHA-512:	A895B556819A941536D5B00748D0428221F2CE5B77984E71D5A276926A9BABAE52B1D90BA1D12F8C6E733393DB0C5FB96FE3216ABAF171648199BDA6C993666F
Malicious:	false
Preview:	<HTML><HEAD><TITLE>CSDM - Counter-Strike Deathmatch, by BAILOPAN</TITLE>..<style type="text/css">.. ..div, p, ol, ul, td, th..{...color: black;...font-family: Verdana;...font-size: smaller;..}....div.head..{...font-size: medium;...font-weight: bold;..}....div.cr..{...color: #000066;...font-weight: bold;..}....p.head { font-weight: bold; }..p.indent { text-indent: 20px }..p.courier { font-family: "Courier New" }....div.indent { text-indent: 20px }..div.indent2 { text-indent: 40px }..div.indentc { text-indent: 40px; font-family: "Courier New" }....ol { list-style-type: upper-roman }..ul { list-style-type: disc }..ul.courier { font-family: "Courier New" }..dl { font-family: "Courier New"; font-size: smaller; text-indent: 40px }..li { margin-bottom : 4px; }....td.node..{...text-align: center;...height: 19px; width: 20%..}....td.nodeT..{...text-align: center;...height: 19px; width: 20%;...font-weight: bold..}....th..{...text-align: center;...height: 32px;...font-weight: 100..}....td { te

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\logs\L0507.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6255
Entropy (8bit):	5.423739903417587
Encrypted:	false
SSDEEP:	192:ORY+4w2ujuw4JU89dr4vt6XqN49g5Ct04yd/YH4N4QCUNsb4fBetMh4RmaJwt4dK:Q
MD5:	F7A7A78D3CFF0120EDBEBFFC6DD71884
SHA1:	8984A3C53D87116C59CFD5BEC6C51B3FDA3F1034
SHA-256:	F6CF2F33C00EF72A64449B6932F75C0850D34A399A0CB7B5CD18DA31F29B8B47
SHA-512:	3A4241D32E3EEA120EA3CB57567C2D4A1F95E9C85EC60A5C1BB637E8D3B1E0742CFEA96DEF656F0C749842B124C91740BB0BEE7A03C05DB6F035959F422A1342
Malicious:	false
Preview:	L 05/07/2007 - 16:10:16: -------- Mapchange to cs_italy --------..L 05/07/2007 - 16:10:20: [csdm_spawn_preset.amxx] Loaded 20 spawn points for map cs_italy...L 05/07/2007 - 16:10:20: [csdm_main.amxx] CSDM spawn mode set to preset..L 05/07/2007 - 16:10:20: [nextmap.amxx] WARNING: Couldn't find a valid map or the file doesn't exist (file "mapcycle.txt")..L 05/07/2007 - 16:10:20: [admin.amxx] Login: "Player<1><VALVE_ID_LOOPBACK><>" became an admin (account "loopback") (access "abcdefghijklmnopqrstu") (address "loopback")..L 05/07/2007 - 16:10:22: [admin.amxx] Login: "Player<1><VALVE_ID_LOOPBACK><>" became an admin (account "loopback") (access "abcdefghijklmnopqrstu") (address "loopback")..L 05/07/2007 - 16:13:13: -------- Mapchange to cs_italy --------..L 05/07/2007 - 16:13:16: [csdm_spawn_preset.amxx] Loaded 20 spawn points for map cs_italy...L 05/07/2007 - 16:13:16: [csdm_main.amxx] CSDM spawn mode set to preset..L 05/07/2007 - 16:13:16: [nextmap.amxx] WARNING: Couldn't find a valid map

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\logs\L0612.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1174
Entropy (8bit):	5.414789419066034
Encrypted:	false
SSDEEP:	24:HvUVNlke6uKllke6uK9vHx0Nlke6uKHplke6uKX:sP3TKl3TK30N3TKHp3TKX
MD5:	D13042C2344BAE1B36FF76320BBABC80
SHA1:	B48038EE64BE503C7971EEBE09BE141F552BC0A4
SHA-256:	29C64F98E8540376C1497A67DFE77D258A4C320232589DBF0873C84A140796B6
SHA-512:	AB251BC1B7EFBF6A0BF59034D2B252C1B1E2BCAE3840687B475DABD91747756606652C604220466450208382DE6D2E0FBCF188FC1A625E83457473348E96A509
Malicious:	false
Preview:	L 06/12/2006 - 22:52:53: -------- Mapchange to cs_bloodstrike --------..L 06/12/2006 - 22:53:06: [nextmap.amxx] WARNING: Couldn't find a valid map or the file doesn't exist (file "mapcycle.txt")..L 06/12/2006 - 22:53:09: [admin.amxx] Login: "decayed.cell<1><VALVE_ID_LOOPBACK><>" became an admin (account "loopback") (access "abcdefghijklmnopqrstu") (address "loopback")..L 06/12/2006 - 22:53:19: [admin.amxx] Login: "decayed.cell<1><VALVE_ID_LOOPBACK><>" became an admin (account "loopback") (access "abcdefghijklmnopqrstu") (address "loopback")..L 06/12/2006 - 23:25:38: -------- Mapchange to cs_bloodstrike --------..L 06/12/2006 - 23:25:38: [AMXX] Plugin file open error (plugin "psrank.amx")..L 06/12/2006 - 23:25:53: [nextmap.amxx] WARNING: Couldn't find a valid map or the file doesn't exist (file "mapcycle.txt")..L 06/12/2006 - 23:25:54: [admin.amxx] Login: "decayed.cell<1><VALVE_ID_LOOPBACK><>" became an admin (account "loopback") (access "abcdefghijklmnopqrstu") (address "loopback")..L

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\logs\L0615.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1252
Entropy (8bit):	5.429837175354678
Encrypted:	false
SSDEEP:	24:1mvXCWYYNlke6uK2Olke6uKqVvwQQZ76Bjlke6uKqxlke6uKX:YYYN3TK2O3TKb2p3TKI3TKX
MD5:	34F9749E62682AA8D4D6A5FA3A62A8EA
SHA1:	86A56E011BCFCD849834EE1EA632278DC63A0715
SHA-256:	F1B5982737FE5F98CCA9254DCD1CECFE9CAB701FBF21A1834444AC66B9DD2742
SHA-512:	08A1A5B504B7420DD11D94668183A023E5434536AE1B1A4DE60131ECEECB2A16FD59B2569B998F1C695C92B1BD14BB8EE5A6F5C919E7797945FB1FD0FFFF4666
Malicious:	false
Preview:	L 06/15/2006 - 22:18:44: -------- Mapchange to cs_bloodstrike --------..L 06/15/2006 - 22:18:44: [AMXX] Plugin file open error (plugin "psrank.amx")..L 06/15/2006 - 22:18:54: [nextmap.amxx] WARNING: Couldn't find a valid map or the file doesn't exist (file "mapcycle.txt")..L 06/15/2006 - 22:18:55: [admin.amxx] Login: "decayed.cell<1><VALVE_ID_LOOPBACK><>" became an admin (account "loopback") (access "abcdefghijklmnopqrstu") (address "loopback")..L 06/15/2006 - 22:19:05: [admin.amxx] Login: "decayed.cell<1><VALVE_ID_LOOPBACK><>" became an admin (account "loopback") (access "abcdefghijklmnopqrstu") (address "loopback")..L 06/15/2006 - 22:45:53: -------- Mapchange to cs_bloodstrike --------..L 06/15/2006 - 22:45:54: [AMXX] Plugin file open error (plugin "psrank.amx")..L 06/15/2006 - 22:46:09: [nextmap.amxx] WARNING: Couldn't find a valid map or the file doesn't exist (file "mapcycle.txt")..L 06/15/2006 - 22:46:10: [admin.amxx] Login: "decayed.cell<1><VALVE_ID_LOOPBACK><>" became an admin

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\logs\L0616.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1878
Entropy (8bit):	5.42987295167367
Encrypted:	false
SSDEEP:	24:CvccUtplke6uKJlke6uKNvUVOlke6uKGlke6uKCvvArlke6uKKlke6uKX:Su3TKJ3TK+O3TKG3TKrr3TKK3TKX
MD5:	A458CE66E8455C39EE5A31ABA3518563
SHA1:	F0C82687A5D636ED0D83BF7D41B656F9EB44CD7D
SHA-256:	40AE94E9DE56A15E2DE9B09DAAAAE969862C3536F310F2CDC9E81DEF56668932
SHA-512:	C100D019557DD4586B2AF9E97D388D6628E9D612A6B19CD3E94BEE5DE2DCBD78E7F090013605A470231A8DF17F0CCD4A84870E253CE6BDFA957C1A5BB3DBF86B
Malicious:	false
Preview:	L 06/16/2006 - 18:09:39: -------- Mapchange to cs_bloodstrike --------..L 06/16/2006 - 18:09:40: [AMXX] Plugin file open error (plugin "psrank.amx")..L 06/16/2006 - 18:09:51: [nextmap.amxx] WARNING: Couldn't find a valid map or the file doesn't exist (file "mapcycle.txt")..L 06/16/2006 - 18:09:53: [admin.amxx] Login: "decayed.cell<1><VALVE_ID_LOOPBACK><>" became an admin (account "loopback") (access "abcdefghijklmnopqrstu") (address "loopback")..L 06/16/2006 - 18:10:00: [admin.amxx] Login: "decayed.cell<1><VALVE_ID_LOOPBACK><>" became an admin (account "loopback") (access "abcdefghijklmnopqrstu") (address "loopback")..L 06/16/2006 - 18:59:22: -------- Mapchange to cs_bloodstrike --------..L 06/16/2006 - 18:59:23: [AMXX] Plugin file open error (plugin "psrank.amx")..L 06/16/2006 - 18:59:33: [nextmap.amxx] WARNING: Couldn't find a valid map or the file doesn't exist (file "mapcycle.txt")..L 06/16/2006 - 18:59:34: [admin.amxx] Login: "decayed.cell<1><VALVE_ID_LOOPBACK><>" became an admin

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\logs\L0617.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7237
Entropy (8bit):	5.436289270430886
Encrypted:	false
SSDEEP:	96:eVjWja0NnqQjpjahjXjJeQ2Gjnj1/jjjLIN3j0jojmijZjaIr+7RXjbjOgIs:eH0NnqtrDHHIJmRX7UY
MD5:	96D1850E45A7B0AE9A4AAA7646B7D79A
SHA1:	11D7CAC8C0A419735ADA5D29E96C7F50118FE0CF
SHA-256:	741F5D91E2BFC151FF77A07F033AC2067E753086FAA439A4C1E31DD680790E1B
SHA-512:	E2BE96A46F56A9B6C8C3094BAA0C38238481D87E59EA87C6718E3511FD40ADDB3EB50F70C9A344168E4B1C577EE3C01F78B147D09BAFF4D351BF85B6FBEB5924
Malicious:	false
Preview:	L 06/17/2006 - 00:51:45: -------- Mapchange to cs_bloodstrike --------..L 06/17/2006 - 00:51:45: [AMXX] Plugin file open error (plugin "psrank.amx")..L 06/17/2006 - 00:51:56: [nextmap.amxx] WARNING: Couldn't find a valid map or the file doesn't exist (file "mapcycle.txt")..L 06/17/2006 - 00:51:57: [admin.amxx] Login: "decayed.cell<1><VALVE_ID_LOOPBACK><>" became an admin (account "loopback") (access "abcdefghijklmnopqrstu") (address "loopback")..L 06/17/2006 - 00:52:06: [admin.amxx] Login: "decayed.cell<1><VALVE_ID_LOOPBACK><>" became an admin (account "loopback") (access "abcdefghijklmnopqrstu") (address "loopback")..L 06/17/2006 - 00:55:15: -------- Mapchange to de_dust --------..L 06/17/2006 - 00:55:15: [AMXX] Plugin file open error (plugin "psrank.amx")..L 06/17/2006 - 00:55:19: [nextmap.amxx] WARNING: Couldn't find a valid map or the file doesn't exist (file "mapcycle.txt")..L 06/17/2006 - 01:03:04: -------- Mapchange to cs_bloodstrike --------..L 06/17/2006 - 01:03:04: [AMXX] Plu

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\logs\L0902.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2019
Entropy (8bit):	5.254522225346578
Encrypted:	false
SSDEEP:	24:UnYOIIDobY7nrn/lwb+nGCqBaTNobeq+vlke6uKRlke6uKX:9Ax7nL6t2v3TKR3TKX
MD5:	C20D1167568C656B7A3258F69F9C5470
SHA1:	33BD146E75646743648E2D1AE5448E1567012211
SHA-256:	614EB0054F6C430DB776435EAE2DA7E35EBF411AF730CD7BE966693E1536B1B5
SHA-512:	5978AB85197AB80F25EAEAEA1F969C7258D0CAD4A7165B1EA3E247F3771BCF9DA94CC88967CBDB119EF7D8A49C1C67BF6FBF45E4D45E5DC88C7D48238AA4E9D3
Malicious:	false
Preview:	L 09/02/2006 - 19:35:20: -------- Mapchange to cs_italy --------..L 09/02/2006 - 19:35:20: [AMXX] Plugin file open error (plugin "psrank.amx")..L 09/02/2006 - 19:36:15: -------- Mapchange to de_dust --------..L 09/02/2006 - 19:36:15: [AMXX] Plugin file open error (plugin "psrank.amx")..L 09/02/2006 - 19:36:18: [nextmap.amxx] WARNING: Couldn't find a valid map or the file doesn't exist (file "mapcycle.txt")..L 09/02/2006 - 19:36:50: -------- Mapchange to cs_italy --------..L 09/02/2006 - 19:36:50: [AMXX] Plugin file open error (plugin "psrank.amx")..L 09/02/2006 - 19:37:16: -------- Mapchange to cs_italy --------..L 09/02/2006 - 19:37:16: [AMXX] Plugin file open error (plugin "psrank.amx")..L 09/02/2006 - 19:40:41: -------- Mapchange to cs_italy --------..L 09/02/2006 - 19:40:41: [AMXX] Plugin file open error (plugin "psrank.amx")..L 09/02/2006 - 19:55:30: -------- Mapchange to cs_italy --------..L 09/02/2006 - 19:55:30: [AMXX] Plugin file open error (plugin "psrank.amx")..L 09/02/2006

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\logs\error_050707.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1845
Entropy (8bit):	5.030508972806749
Encrypted:	false
SSDEEP:	48:9CINANaDIL3pI1SW/IPjUIO8CIAaHRItdIgIISI4fIvr:4IqADIL3pI1SW/IPjUIO8CIAaHRItdTd
MD5:	1AE58988737596F6AE88BC3708D1EC4E
SHA1:	C9B2FA4AF35B4DD64988E70EA275915284176F14
SHA-256:	26A66AFAABD3DCDF5C52D9F000D2CA80CC7EA19EA104D2E65BF1237C028C3329
SHA-512:	B753F6B8BF8E7B1699D870901BCC44B905DA1E303FCE17FDDEEF140CF10DAC4CAC9259A25ABE36EDD5609FCF35519F70A5DF0E366E26B5F0FD5BBE08E3DA5BA9
Malicious:	false
Preview:	L 05/07/2007 - 16:10:17: Start of error session...L 05/07/2007 - 16:10:17: Info (map "cs_italy") (logfile "error_050707.log")..L 05/07/2007 - 16:10:17: [AMXX] Plugin file open error (plugin "psrank.amx")..L 05/07/2007 - 16:13:13: Start of error session...L 05/07/2007 - 16:13:13: Info (map "cs_italy") (logfile "error_050707.log")..L 05/07/2007 - 16:13:13: [AMXX] Plugin file open error (plugin "psrank.amx")..L 05/07/2007 - 16:31:51: Start of error session...L 05/07/2007 - 16:31:51: Info (map "cs_italy") (logfile "error_050707.log")..L 05/07/2007 - 16:31:51: [AMXX] Plugin file open error (plugin "psrank.amx")..L 05/07/2007 - 16:34:43: Start of error session...L 05/07/2007 - 16:34:43: Info (map "cs_italy") (logfile "error_050707.log")..L 05/07/2007 - 16:34:43: [AMXX] Plugin file open error (plugin "psrank.amx")..L 05/07/2007 - 16:37:32: Start of error session...L 05/07/2007 - 16:37:32: Info (map "cs_italy") (logfile "error_050707.log")..L 05/07/2007 - 16:37:32: [AMXX] Plugin file open erro

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\csdm_amxx.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	110592
Entropy (8bit):	5.8306459237361
Encrypted:	false
SSDEEP:	3072:UFU8PKl5sT8kkCZ7saGmqA/3JmlIG5Vw:UFU8PKl5o8kTAmF/Rww
MD5:	F623080F49F885B61BFA45EB87476062
SHA1:	F7EED12714BB3A14DFD30224405A613F47D66CC5
SHA-256:	C465B469534A70DA438D4DDB0944726C2CABB37B412C9EF9B1C78CCF53A0BDB7
SHA-512:	E70F84326E7AB568701FE5FBD7B2069AB1DEF7D763CB991254677431DA29E14ADE09CD0EF94652948AECAA3963CF5E729344972D774B87A56D08B24A256AC865
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k*./K../K../K..<C..,K..\..9K..\..YK..C..,K../K..\|K..\..4K..\...K...@...K..\...K..Rich/K..........PE..L.....-E...........!................5r....... ......................................................................`P......DJ..(.......p.......................h... !..............................(F..@............ ...............................text............................... ..`.rdata..r2... ...@... ..............@..@.data....<...`... ...`..............@....rsrc...p...........................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\cstrike_amxx.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	6.051606547858429
Encrypted:	false
SSDEEP:	768:UQbs9S08/dx0wz9aLalRslFlxcXt3lMrGmg4B3ogCt1BTGrcav5aBMgySK7u4MJ0:riS/0v2lRsHlxg32BxI4Ag1Kg+lDq
MD5:	9D4FB1AB5708CD1721071FE9A68962BC
SHA1:	8E62B3FB5A908AB0CF2650533D2C8CDFB5D645D3
SHA-256:	1BE1BE463BD6EA35FF75AF33258FC2585A33C7661EE2E908BAAE052F00D26504
SHA-512:	98BBDF3F113F16DC2FC96DF5CA879BFFF92C0B0DBA9EF5ED91D84CBDDE0590F4E41B32CB172CDB8222556A5DBD832364B38285C5C64FC67BD9375382D7803E8A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1T._.._.._.o.P.._.o....._.b...._..^.._.o.?.._.o....._.o....._.Rich._.........PE..L...[..E...........!................?W.......................................`..................................................(............................@..........................................@............................................text............................... ..`.rdata...&.......0..................@..@.data....5..........................@....reloc.......@... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\csx_amxx.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	90112
Entropy (8bit):	5.966099308418769
Encrypted:	false
SSDEEP:	1536:JjoB0Il5RqNRguXeoR1Kd1QeA3UZA+lF:S5l5RHcNeeUC+lF
MD5:	E3CB69D41782BAB228B1EB038EAFB73C
SHA1:	36EE0F5E71B27D36D51AA117FDF2CEF59B3647B5
SHA-256:	AE3F2B4389622739D62E55E6FA22A0276B32F37A13B50CCC9BDEC306B76120BA
SHA-512:	092EE30C0A808FB348811C9A3BD83B9CB6B1DDDBBA2CD0F985DBCB62587154944920717B32B33C91EB12FCA2EA9621512EEC9EAAD73DA90631876E8CEC9EAB86
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._..1..1..1.c.>...1.c.n...1.n.l..1..0..1.c.Q...1.c.m..1.c.k..1.Rich.1.........................PE..L...W..E...........!................._..............................................................................@...........(.......................................................................@............................................text...4........................... ..`.rdata..Q'.......0..................@..@.data...8.... ... ... ..............@....reloc........... ...@..............@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\engine_amxx.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	102400
Entropy (8bit):	6.4090901479265865
Encrypted:	false
SSDEEP:	1536:y2V9Vh8w71Y41lbLHzp6sKWGv8tIvQYT62Yl2d0IjJYH405VJgbPlQOSje:osY411HFvKBv8svFdLjYVJgbPlQOSj
MD5:	6F532582BEA3B64336C4512F2F198396
SHA1:	D77668BFC1AFEF954A41D8F126C40ABE8386C990
SHA-256:	D09B558954D9BA417FF8E4EDB296CA139E5E1ADE1F81BB3F251A5E3738CE3CF1
SHA-512:	DE375887E2A965B17D742745815E3524AA6DE3D103E221D03DD1446913F10D6D49436E0982F5D7BB082D608F20DE428BE7FCCA9979A3CE77E623FEC11F706274
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................................................Rich............PE..L...$..E...........!..... ...................0.......................................................................X......xS..(....................................0..............................pR..@............0...............................text...-........ .................. ..`.rdata...*...0...0...0..............@..@.data....=...`.......`..............@....reloc........... ...p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\modules\fakemeta_amxx.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	229376
Entropy (8bit):	6.4482076687367975
Encrypted:	false
SSDEEP:	3072:9KzF5C+u/aqRGd9KIdEv1ji8ep7zNHdw4DfKW4e75Q754l0FMagweA8QT:9KzF5VMaqRiEIdsejPCqhD5Q75RXT
MD5:	A7D5FA93353B258BD382B204AC691950
SHA1:	36F26589C8921AF4F22BBE271050250E4E823DBB
SHA-256:	EBF499DC0CC91CFFE7C3F8F68B50B68923D492E8D6E3A45F196B281626CA22DE
SHA-512:	0DCFDAA3348F74D9D912F9205FC071B819C7B4074C933E5E3F4FAC156A43C7C35F2B364AA7E5366BE8BD3337A61E3DEF44BBC73B71E12031335F10450F9EE9F2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."Z.."Z.."Zw.-Z.."Zw.}Z.."Zz..Z.."Z..#Z.."Zw.BZ.."Zw.~Z.."Zw.xZ.."ZRich.."Z........................PE..L...0..E...........!................V<......................................................................................`...(............................P...g..................................x...@............................................text.............................. ..`.rdata...%.......0..................@..@.data....Y....... ..................@....reloc..Hj...P...p..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\plugins\admin.amxx

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	18674
Entropy (8bit):	7.938270216273676
Encrypted:	false
SSDEEP:	384:lWWPUujfkzJzv5tReD2USy4zxgZxlixcBXb6RI+kBq9Xuils+pdY:AWPU8kzJzhtRJciKlbh+UqBJs+pe
MD5:	88934E857F7184202B895CA39FB6DDF7
SHA1:	3F48BC0DB0484AD60D797C3E2C65361680DF2109
SHA-256:	49AB08D1828A5244EB48618C5683A64DBF1189F4F4B6B9BDFCFA21173F902ECF
SHA-512:	50D51EC01AA0D950FF8C7514D13C7576E7855726D605B34B16F21B78EBD070C730982B08529E85B23147DA84A8807D796B5E3CB866D5E11ADE1DFEB229B073DD
Malicious:	false
Preview:	XXMA.....!..........).....'...........!..x..].pT.u... @...,@6k......X...F`.......]..J.x...}..(..!.nqC'JJ[...M..d...-...i..6..3.u.LKS:!.<..-..s..}o.V2q.......s.9..s.o...u....Sj.R.[...y.~...HuJ.>.....+..R../.P..p......Wj=`...Z..eJu`..J...X.O .iJ.........u.o3~.........c.ZBx;."....w0.1f._b\|....+..`<..7.......0...(%..x+.<......b......q7c.1..I...2.`<..-..1...U@.W....@E....HF...F.].d{R.%...t[..L..XTr.4...Iv.t..Ofc.}..j.6...HTEc..X4l.I'.;..p[{.\|.'.j.B..+.:bV..H.......g..X4.....PN%..D,......".p$..f7.2.X...p......[.p..K.OF.bH...I...o{S.]/.j....z.g-("..w........./.]"'.!l.e..w.H2..9jOe..5.v......u...L.....@.}.B7p...".P[..?...1.G...%.K..x.Z....({{........d.t$..1...?..bT..."i[...+.}^8....".c.G;....D.#...a........bz...B.B2....+..7..U...Z../pU.....pY....n-.?.W........W...~!\.....G.4...T-.......n?...2....~.aZ5F>...J.v].h!.....>,..3@.$...5....o..P.q.&.t....E^.s%\....E.......~M.x.?d..K=...N...~?m.V..y-a^+y\|.1.a.k.>..R..!m.J.>...OH.V.z..~E.:...F.5C.0..?c< s.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\plugins\adminchat.amxx

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	13474
Entropy (8bit):	7.925771314898968
Encrypted:	false
SSDEEP:	384:p2rDp+7fY37tGHIr7Iruc4E+C+Fc62kEY:yD0r8GZF4E+CWc6uY
MD5:	5A2B392FECCF38C0DEFB0A317A553D41
SHA1:	56A2A5316BF8FF1FC4660D4E3B967288BBAD8880
SHA-256:	8449E595EF62433234F7B8893692604BF2B1E6CD9478F0D089730C0288E514DE
SHA-512:	7B695CE08B132AD3C2FB42B2C73F421E91A5B8C1053CE2A68952F6AC78B0800D3353D82160E98177F1DA3CC892F37679F957B5A8E69E5CCC9E92703E85033C7A
Malicious:	false
Preview:	XXMA....H...Um......)....1...q...h!..q...x..].p..U.N.,.."K....YI..v..IM.$.XI.FvT[I..".ug...N....Tmmp....n..)..@....x.`R.0.x.S.....0..dj:.Xix.......d9......w.....}......z...U.^.T..O(5Ni..J.O..RCt.....].W+.u`.R.Cxv.R. .7.M..R.&...E.Z....o..{....W0.e...>..O2~.1.x..g._d\|....'.......}..0.Vj.3.dle.8...?.x.1.8....0.3~.0.T...Z.7..1......#..3.=>.L...A...H.2.L's.?....&.{..b.Y......d_,...R.......T.wh8...D,..........C.t.w(.;B....\.7=2h..c.....b..a.t0....l...d.$.%3......B..QK b......`.p....L...C....6..H..3...T..768..`"...'.T.....O..7.x\e...H\.y.9......d...}.d".c+.........[.V.L.<.q(6...S.t.V...xn......RjT...L..\|..i..T..k..<.o.t..Y...G.:3..!.X.i....{.....}.....o/"..+.W...y...{.y./.R..t!...h~....i.S...0u..J.j..{.........s...s....i.?9..........7d.....dkvd....,k...V;.;..y.O..x{.T..>F2..R..G....,.{..Al?.=..,+...:..p...k%..7p.....z....e...c.n.^..Z.{..0..v..h..B~9]Y./....2 .c.S..._!....UF'...l..L....4.P.n.v8....K.ME..2tD_z...o1........s.E.c.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\plugins\admincmd.amxx

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	29882
Entropy (8bit):	7.940215501019736
Encrypted:	false
SSDEEP:	768:bBPFlPhTJShsJKVvq++kjlykRB8qO00z1rLVBKLH6d:bRDKVvFbykRKx73VcD6d
MD5:	F3C31959ACD6B47C9062A716F4188047
SHA1:	35F5E1DD60B4A23A1830D6B7CC63FF41E3112D84
SHA-256:	B1C19AB879258CE7D2D290F6674EEC6B21FDCBCB8E1E44761C22C0676E5C8E06
SHA-512:	B3E079264B74A744F96EA72940669FB8785C42F53C6125C164B00267F72C315338D11E25A2B4C3A5A4FA1047EB85BE042D9022E4279D62EB9E751634B77FB63A
Malicious:	false
Preview:	XXMA.....5..E ..p...).....>.......,...6..x..}.tU.u...X....X..~.e,...e[....D6.........c.I.X.J.[..f...bR2.)i..IY.2.LH..0..a..%...)].....IU,..}..:..w.{.I.'kt..{.>g.}..g.}....V.....U..:E..O..i.s..{pT(.....l......4`.<....._...X.H./.^yM./...W..@...^hT...M(.].>..C..6..7...?....9...J....PjZ.R.V...<..R...V.0.9J=...Wj%..YJ=.8.d.....p'.;..".}./.~..k..&.>.?.. ........%..._$l$l!L.~..7...."....~....!...E..^'..q:.\...+.....6..A.K.....? ."..~... .R.c..Ts.p.jn...DV......Z<Y....p...X.5..t...F.8m....x....{..,..X.C{...gKk....f...qk.v-.....ml.q.4..K..h...w5.[.U..1....h...{. uG{wG<....kO..h8...jiv........Hc'T...]......6.=..E..E8..5W.;.gK.;..Z2s..$b...]&..4.q..6j.......I.."....0g[Go....h<....n....r....E...v.:...vtt....t..K::w...N....x\.uc.@.......-L[G.QM...p\.E...-...QT._E.u..D..M.1...}..n#.(>.....ZJ.p.OH.$...S.%.'.7...#.A......w-..'.g......l.6...)(.z.1.}z...W...J[...t...oSz.....^.....Y.;.A.\|}...\....?....o...!..>..y..*..o...+.x../.D..Q..9.4K...;.o..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\plugins\adminhelp.amxx

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	4091
Entropy (8bit):	7.930892147466108
Encrypted:	false
SSDEEP:	96:S3/IXbmmUCArWVsBXSE4OozdyR/wlfm6yj7NKhUDGM3NjpsgKYv:S3/IXatCArwsBP4OoRyyI6ycS9l1v
MD5:	50259EC381B4C0341BB607B636AA628C
SHA1:	060BAE017DF23C2A53A72CF493723D9AD678C9E5
SHA-256:	CDDEC720AECEB2C10D827421FC601720ABF121BD89F0F2ED0344590BF7E6C0D1
SHA-512:	9A1612358DC4759B486926850E10F304CF4339BE34E48378808996F9C54CD33A4C6FF0A6D7A46E0BADB55C64AF5030AC33DC3B07CB60EA4F0E4B79F05CE535B2
Malicious:	false
Preview:	XXMA....m........P..)....e....).. .......x..XMl.U...)}..k..P..V.A.?....VZ.m..qx3}.0o.93.%...&..p...+....Hd..r.E.]....$.q......n...0+&99..s......&...b1/..3/.w-B\&..a!......S....".sB.Ax......&..F!...!z.a.z.{....c./..._........?./...\|...p..e.q....Q.\.M.J..;.XQ...GN8.T....H.:.O...M.].t}7..Sv...MIL..[.....3).&!e..i.m..b.9..[.i...3.l...HLzV9".e.VX..Q..q`..5b)...#fP3.<....k.5.R........i...,...9..8.....!..8/..A+.k.=......3..9............6m......d.....e..m....v..ul.-.\|.m.}lsN....5wk..O..F.o9..f......s..N]W.c.0.u...[..0o#.c......o..?Cp...g..r._C.v.I.m..[..\.V^...{/.Y.k.>.{.s.fQ[..p\|....&.c..d.AN..yn.e.g..g..?....5Q..7.%......s..A...kB....[7..9..E.Us....c.4.L.@....0.j.-S.j..t.){._i-...Z..2o^..a..E.S....f..c..5....?..J.?]^..^/.8_m.r..Z....C.o5..#z..B.....W%}...k7t2...k.]..cX......5...y.m6...Ln:0.}g_..t..yO.....As.d..R....:5......4w...y.P;.{..`wc.....u..h.....]....[.Z...v.X..4{U..kf.^.f.....Q.=F...Q....F.9..H..m".....^..v}..p.Hk.....9m..<w4.u.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\admin.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	18117
Entropy (8bit):	5.517436909780712
Encrypted:	false
SSDEEP:	384:3k52R/ZaRFyuFagCFjDhF1p/Xf2JMAX6WO0f:3gQMyHTAcI
MD5:	A96001B8ACB0F1D6377B2B3A984340A5
SHA1:	3F45149D3FB571CF2FFA72F9421AEBACF31B7663
SHA-256:	E3DB01206530B71059034391E93FCE721AA01ABF35225F293CB24DCDF13C3D51
SHA-512:	E0E19B3C53945270471109F87CD1F85BE5C0A7A9B43FD7146A76098641DD269CB41CAB41A057D997EB03764FB4EF45C1979D509C72B1A812B79B8914747EDDB1
Malicious:	false
Preview:	/* AMX Mod X script...* Admin Base Plugin.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation,..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the H

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\adminchat.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	10037
Entropy (8bit):	5.43370401668312
Encrypted:	false
SSDEEP:	192:U6T5tjjzv1hlyf7HvUo/goyLduDt345g57ILHzdFOhRxRCautn:DT5AiUB0+CTdwhRxhutn
MD5:	ADED325D17407D45F66169701BEF1BF8
SHA1:	7765C406A0762104E68042343E9DF6D6D8B640FD
SHA-256:	DF3E5B9A242D8E2A49529949A0D6047DECA1F21E16E89A9A73F900A59004B0DE
SHA-512:	C5AA0F375F9E8080C8E57B79D79A7ACEACE7C29936FA0D85672F0E97CB1BBEED965CD0AED04F10CBD1D3DC853DA0109327C02571F2DFA2A5E3EF87FF888A8760
Malicious:	false
Preview:	/* AMX Mod X..* Admin Chat Plugin.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation,..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Half-Life

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\admincmd.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	25423
Entropy (8bit):	5.479245735847788
Encrypted:	false
SSDEEP:	768:xIQv20k3FenJmV753qjMj3A2drOQ6xnCFn:xIQmt
MD5:	157911042DB3C01654D8AD30F24C4A0B
SHA1:	772F448DA90F987E1CB9BF7BA0836F51EE4355EC
SHA-256:	45C687D7C933302EEDA8AEF9D02336734CD56AF5A17832AFB98BF9AEB921E96C
SHA-512:	220850BA6C28C2216A44E4E4678A2D1013B71E7DA9CC97C32FED869180764E7CF4C9D6D005EF7BB9F1C6EB9B6172C53B7FCCBE0A777CD7F6373456CA4153FF61
Malicious:	false
Preview:	/* AMX Mod X..* Admin Commands Plugin.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation, ..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Half

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\adminhelp.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3557
Entropy (8bit):	5.322738547054367
Encrypted:	false
SSDEEP:	96:3yEoxWmnfLLwxWJTAkKnLHqvSihEK4Fi5n:3yIsngWJ0vLHR1PI
MD5:	C7B04CCE89BAE7B52AE83A2FEB1426F8
SHA1:	1B0FC273BAC094DA77D485EE052171CF53DDD26E
SHA-256:	6728E9D0884FDF7C47C021043D912E01033E5D7246CE6A3BA43A3658C0AB03AD
SHA-512:	E4760CCFFAB946281BC67587B3D6758CD60485307938C7481E2AEAFC52DC80C345AB78572A49E26B543E123F82DDB3C040556226A92931E0F599F5F9BBF9FE21
Malicious:	false
Preview:	/* AMX Mod X..* Admin Help Plugin.... by the AMX Mod X Development Team..* originally developed by tcquest78.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation, ..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Ha

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\adminslots.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3366
Entropy (8bit):	5.3054148022349485
Encrypted:	false
SSDEEP:	48:3XyaEFTGEoxPYVK59B3xqHpgvngnNWFuE0k2tmay3VDBjSHdCVZK/K:3u6EoxP5533xqHq4nNftsaADBlTK/K
MD5:	DA4A60BBDEF552D4586B92405533D70E
SHA1:	EB85D64A69922C56A8797329D7340FCC05ECD45E
SHA-256:	38E0ECC8358E88F297AC1748C7AF856B726E29279D93EA7E5C069B649853A9F9
SHA-512:	29F23B623A94A1A59DBC0998593ED866BC68D348584B8FE180A19E3C704CA0040ECD7F77F67E607A17353B6D6467E36B12D841013E6289881D9D0B60CD353E6B
Malicious:	false
Preview:	/* AMX Mod X..* Slots Reservation Plugin.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation,..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Ha

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\adminvote.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	15855
Entropy (8bit):	5.536645938048393
Encrypted:	false
SSDEEP:	384:KT5452DRgj/543iwFcKMlAfjUD4MAvw3xLf+Ts8n:KV452DI/5kUKMlijUD4MQw3xLf+Ts8n
MD5:	31D08EFEABFDD4718F41022DB2E6DC9E
SHA1:	25866CAF23212830D04A6A60044771FC48459CC8
SHA-256:	3E66E9766C7676A57FDF5815BC78D430BB4AFFE986219FEF965DC974191FA417
SHA-512:	FA7CC5A5A9323DEFC9ABBC3C1229EF85080C8A0A38E8693A21C92529B187B3EF510B61FEB2B86D8138DBE8AC07E435A475529F33113B23FAAC83AC7F23D62CD6
Malicious:	false
Preview:	/* AMX Mod X..* Admin Votes Plugin.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation,..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Half-Lif

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\amxmod_compat\amxmod_compat.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1365
Entropy (8bit):	5.40541699430204
Encrypted:	false
SSDEEP:	24:3YXOIMVK5jQEFz1IcFz1I5hHAp1Yt7YARFGCrwXa7jqRnUjYzCGpcyp2HCuEhthi:3ZVKVP1F1ggP2kwi2jqJUjSu1
MD5:	DE27912B2C7556BFCFE9A89B4BADCD80
SHA1:	80C13DE146B0C730C5B390B3AB22FBBD27238FAF
SHA-256:	64FF2218077E02A6BAB7E1A7AA9404E6F36EDE126429A021D96C8DA745BC9AAB
SHA-512:	F3FF26466E774745FD1151DDD3D612C0039F93956401AD7DC14910AE8D18E884D089172413FE097ECAF286276420E758666A19A9A38CDE542DE9E95C32CD0E29
Malicious:	false
Preview:	/*.. AMX Mod Compatibility engine.. * by the AMX Mod X Development Team.. */....#include <amxmodx>..#include <fun>...//we want fun running for extra compatibility..#include <engine>..//we want engine running for extra compatibility..#include <fakemeta>..#include <translator>..#define AMXMODX_NOAUTOLOAD..#include <cstrike>..#include <sqlx>....#define MOD_NORMAL.0..#define MOD_CSTRIKE.1....new g_ModType = MOD_NORMAL..new g_MaxPlayers....#include "core.sma"..#include "vexdum.sma"..#include "mysql.sma"....public plugin_init()..{...register_plugin("AMX Mod Compat Engine", "1.76.rc4", "AMXX Dev Team")......g_MaxPlayers = get_maxplayers()......VexdUM_Register()..}....public plugin_natives()..{...set_module_filter("Plugin_ModuleFilter")...set_native_filter("Plugin_NativeFilter")......new modname[32]...get_modname(modname, 31)...if (equali(modname, "cstrike") \|\| equali(modname, "czero"))...{....g_ModType = MOD_CSTRIKE...}......Core_Natives()...VexdUM_Natives()...MySQL_Natives()..}....public

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\amxmod_compat\core.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6009
Entropy (8bit):	4.992215030836368
Encrypted:	false
SSDEEP:	96:3ndMldt+TRZRqx/s8HG9iZx6VuKRTl+BKnx8HVNgdwJQNOaXHPAqIsugE22Y82M2:XdMldYTRZRqx/s8HG9iZx6VuKRTl+BKt
MD5:	3DDC7CEAB24E0C481FF34FBDCED277C8
SHA1:	593AFC66D40CBF81F282F453F16EB76C97639729
SHA-256:	8D9692DAC662DABBF9A30BD3EDD97EA4258051FC49A89C97A0C71D03986D2082
SHA-512:	8EE9DCD696092D3B55E9C18FB0217E60A173321CBBE8720EE504B65FC862083781D16DCE117AEA77D36EB942E68BA0B2CE2D9D7B28EA9F5F66F1244A3553782D
Malicious:	false
Preview:	/*.. AMX Mod Compatibility engine.. * by the AMX Mod X Development Team.. /....Core_Natives()..{.../ implicit compatibility */...register_native("VelocityByAim",.."__VelocityByAim")...register_native("load_translations",."__load_translations")...register_native("is_user_authorized",."__is_user_authorized")...register_native("get_user_money",.."__get_user_money")...register_native("set_user_money",.."__set_user_money")...register_native("angle_to_vector",.."__angle_to_vector")...register_native("fabs",....."__fabs")...register_native("asin",....."__asin")...register_native("sin",....."__sin")...register_native("sinh",....."__sinh")...register_native("acos",....."__acos")...register_native("cos",....."__cos")...register_native("cosh",....."__cosh")...register_native("atan",....."__atan")...register_native("atan2",...."__atan2")...register_native("tan",....."__tan")...register_native("tanh",....."__tanh")...register_native("fsqroot",...."__fsqroot")...register_native("fpower",...."_

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\amxxpc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.4.1, stripped
Category:	dropped
Size (bytes):	130136
Entropy (8bit):	6.507168803930725
Encrypted:	false
SSDEEP:	3072:IQXF7qcsAO0rFquZtSW+zWBiH7numo41li98PjzlRlR38TBf9yATFSLQUrUetD6b:IQXF7qcsAO0rHZItzWBqLRo4zcKlnR3m
MD5:	CE1DF93FD22A1F7DA17B56258638234A
SHA1:	8B0F6985B1ED5E7A822EE010BE3F1BE89724B5DA
SHA-256:	A5934FD2CB40DB2FC33BD63ECF3E79F4B06710E98A5BE84D212F40C6569CE924
SHA-512:	8750F4C9B795909756BBD6E023CC50919D3C8627D7E755CB5B2BCDDEC6F153B6A2B1CB455D798086A38C9E8BECF1656154316A95D35435BFC6973BD06066FCB3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	.ELF.................... ...4...........4. ...(.........4...4...4... ... ...............T...T...T............................................................`...`..p....O..............$...$l..$l......................h...h...h... ... ....................`...`..................P.td....>...>..\...\...........Q.td............................/lib/ld-linux.so.2..............GNU.................%...A...,...?...'...).......5...........>...8.......3... ...+...6...:...-......./...........@...........#...........$...<.......*...;...1...........9.......................................................................................................................................................................&...........................................!..........."...........%...(...0...2...4.......=...7...................~...@f..$...!........j......!...........C................................... ...........6............k.. ...!........j......!........f..$...!....................... k..,...!...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\amxxpc32.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	241664
Entropy (8bit):	6.551655833113289
Encrypted:	false
SSDEEP:	3072:RrS90/KSMDj8ZeYBmp7tscF3GjON4ZEOJ6EQbIQzqeXF4m+WwxTMyKyGvG12QOim:l43ZNyJ5SqeV4ZxfKyyQaAOuU
MD5:	8DA8F8F25C9102903130B33B154A0EFA
SHA1:	D110AF0BA24E867A81EFC1EAFC6F8328029F285E
SHA-256:	7642B93257F8A0CDB1AC7B1ECE3164F15F6F95929CF9D6C5227AD402EC265193
SHA-512:	72B41824893729C0001879F0282487CCFA94044E11B408D7178B3FEB6EB6BEC9F72597B9D78CA42607FB132916BA53A88CF91F6817627724207A27FA08F41A0D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................................................0.........w...........Rich............PE..L....$.E...........!.........P...................................................................................... ...].......<........%.......................(..@...............................@...@...............@............................text...o........................... ..`.rdata..}...........................@..@.data....Q... ...0... ..............@....rsrc....%.......0...P..............@..@.reloc..4/.......0..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\amxxpc64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	253952
Entropy (8bit):	6.507919685382177
Encrypted:	false
SSDEEP:	3072:SZ0+MQR8UpOJuElbHvOfGptH9eq+YNaWUaLG3U3tn8riG3MYukkMF5lpFHU6S+pv:aJNEJOS9eqjtLGppcYRpFH5QwAOxc
MD5:	3B51330A8EA8D8CF358FE0E6A1C882DB
SHA1:	87C39441F950EA0B73BB9D2F6862DB08F722CFAB
SHA-256:	60F70A101F6EA39D1A4A2F1F13C148A2CF61075E13D0D31A6DDCB183629ACEAC
SHA-512:	21F6BE36076A0DBF0CB134C311942028A633F725540D5EDEF025D91E7583AF9AC0C92898E3F2033F5BAE74348C59AD04EDD2314CC717474DA65B75F6D4A8B434
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........hgD..............`.....p.i.....p.........T.....}.T.............p.V.T...p.U.......W.....p.S.....Rich............................PE..L...1$.E...........!.........`......;................................................................................6..I.......<........%.......................*..@...............................0...@...............@............................text............................... ..`.rdata..Y...........................@..@.data....U...@...0...@..............@....rsrc....%.......0...p..............@..@.reloc..,1.......@..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\antiflood.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2323
Entropy (8bit):	5.256256405320095
Encrypted:	false
SSDEEP:	48:ZwXyaEFTGEoxPYpZ1UxqTQbcbENP9RKAtFZ:Zwu6EoxPOZ1Ux+QbcbENPB/Z
MD5:	8B75B1AB38293663C0AC707202D2FAF1
SHA1:	C74E0B824EC83F763985FB2EF00585CEA1679D91
SHA-256:	7C673C3F96F4CE1E4078411A0E9C42CDE6A3CF5326960887CB6300B14A2EBEB3
SHA-512:	8AAFDAFA06D9AFB28BDB9E69CF806887AC0B72EB15217EE759B481CF0A4B8D9E2F417556F7A8A6D6BE922B5A4B5416172CE12F5FE5576F2AA60248AD961C4250
Malicious:	false
Preview:	/* AMX Mod X..* Anti Flood Plugin.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation,..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Half-Life

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\cmdmenu.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	10044
Entropy (8bit):	5.484346689103448
Encrypted:	false
SSDEEP:	192:Y6T5t5eUmWmlfB/g4yPQogmBvs+313KH7WAPBtn121sarFzG+PEcBHnGthPEJ:XT57Cr6G+F3KbW2Dn2sarFzTPTBHn8h4
MD5:	71E101373DF0265E0A43050FF90A52AB
SHA1:	B3FFD98B2AB37B832AE58D4F86E7750751823CBE
SHA-256:	22BAC01FA6F9A3B5047B9A4EB2DC38ADED771AECA661F53272223A0B99D808E3
SHA-512:	134895D27596EFABEEA959A4C3DC2417F0C9DA2741208E05B44BC1838762B99706387DC503F348F34B9BBA425A1777B6682A25FFC437299ED8BBEC0753132082
Malicious:	false
Preview:	/* AMX Mod X..* Commands Menu Plugin.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation,..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Half-L

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\compile.sh

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Bourne-Again shell script, ASCII text executable, with CRLF line terminators
Category:	dropped
Size (bytes):	491
Entropy (8bit):	4.756723870574258
Encrypted:	false
SSDEEP:	12:1QeZqeUDgEVgFO0VeXZIxdAlTbDeF/1DfURARoI0m2h7AUAn:1QNNrVE42M5Q9DfUCt2GFn
MD5:	3E80FB791A39DB68913615633F887422
SHA1:	72008C1F388520A4EA62A4E16D4028936886B3E0
SHA-256:	27A33E24D55DF3E0C303731B7BCCE32927D54E836E45F8E2E3F7343E42AA0DE5
SHA-512:	05429378B16FC1606D7358B97E66BA125E437935A6198625317937D4C6E10C46E1FC057CD88478660FCF8F0FBA6DE9C7A5CC7CEA83756898D126BCD6D798D8CB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/bash....# AMX Mod X..#..# by the AMX Mod X Development Team..# originally developed by OLO..#..# This file is part of AMX Mod X.....# new code contributed by \malex\....test -e compiled \|\| mkdir compiled..rm -f temp.txt....for sourcefile in *.sma..do.. amxxfile="`echo $sourcefile \| sed -e 's/\.sma$/.amxx/'`".. echo -n "Compiling $sourcefile ...".. ./amxxpc $sourcefile -ocompiled/$amxxfile >> temp.txt.. echo "done"..done....less temp.txt..rm temp.txt..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\csdm_equip.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	18828
Entropy (8bit):	5.423707392610373
Encrypted:	false
SSDEEP:	384:75wFEeEJ1VUwIGeYyMq9+Q8NfloOpTccYVb+fevym04yz9:NwFEeEPVdIGey5NfqOpTccYVb+fMym0P
MD5:	896E2B3618200BD9F0773500997EFF81
SHA1:	FF975DE8AB5B486BB051FBD1581AD98E1C0E4EFB
SHA-256:	CD7AFE98A391385EC2AAFD031A27EDF33F1A9677CD715112246AB9CA433DFA48
SHA-512:	DF712C3EF2B61C0599A679DCB649F5C779664B77243EED2CCBA00853CB89074C51945596A20C824C9CC15A4732BDDAF4A7C487B14ADD48C68F9A5C6A3E6160DE
Malicious:	false
Preview:	/*.. csdm_equip.sma.. * Allows for Counter-Strike to be played as DeathMatch... .. CSDM Equipment Menu.. .. By Freecode and BAILOPAN.. * (C)2003-2006 David "BAILOPAN" Anderson.. .. Give credit where due... * Share the source - it sets you free.. * http://www.opensource.org/.. * http://www.gnu.org/.. */.. ..#include <amxmodx>..#include <amxmisc>..#include <cstrike>..#include <csdm>..#include <fakemeta>....//Tampering with the author and name lines can violate the copyright..new PLUGINNAME[] = "CSDM Equip"..new VERSION[] = CSDM_VERSION..new AUTHORS[] = "CSDM Team"....#define.EQUIP_PRI.(1<<0)..#define.EQUIP_SEC.(1<<1)..#define.EQUIP_ARMOR.(1<<2)..#define.EQUIP_GREN.(1<<3)..#define EQUIP_ITEMS.(1<<4)..#define.EQUIP_ALL.(EQUIP_PRI\|EQUIP_SEC\|EQUIP_ARMOR\|EQUIP_GREN\|EQUIP_ITEMS)....//Menus..new g_SecMenu[] = "CSDM: Secondary Weapons"..// Menu Name..new g_SecMenuID = -1.......// Menu ID..new g_cSecondary........// Menu Callback..new bool:g_mSecStatus = true.....// Menu Available

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\csdm_ffa.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3338
Entropy (8bit):	5.374608741838824
Encrypted:	false
SSDEEP:	96:3HBSD5uGZcqMj8Ismv0/jzUbIE5K9lrhWYv59yY:XYD5uUdmvGzUb15K9lr8Y
MD5:	628325EF1598CB48E62D902EE977C74E
SHA1:	AE1C03EF658CF436A33B7FF9DC897C7E73DA7583
SHA-256:	AE8F6020D4E923860D49088016CAE26F9A61504C6542375001437D5D74E4B785
SHA-512:	19C8DF277B1CB3F8E7570FCF9026F7BA5044458C5CB7F32D86A3504530E4B121378126F3D6F1CC7E054E084128C4708CD781BC7049CBF8904E2CAACB101D1E7E
Malicious:	false
Preview:	/*.. csdm_ffa.sma.. * Allows for Counter-Strike to be played as DeathMatch... .. CSDM FFA - Sets free-for-all mode on other plugins... .. (C)2003-2006 David "BAILOPAN" Anderson.. .. Give credit where due... * Share the source - it sets you free.. * http://www.opensource.org/.. * http://www.gnu.org/.. */.. ..#include <amxmodx>..#include <amxmisc>..#include <csdm>..#pragma library csdm_main....new PLUGIN[].= "CSDM Main"..new VERSION[].= CSDM_VERSION..new AUTHOR[].= "CSDM Team"..new ACCESS..= ADMIN_MAP....new bool:g_MainPlugin = true....public plugin_natives()..{...set_module_filter("module_filter")...set_native_filter("native_filter")..}....public module_filter(const module[])..{...if (equali(module, "csdm_main"))....return PLUGIN_HANDLED......return PLUGIN_CONTINUE..}....public native_filter(const name[], index, trap)..{...if (!trap)....return PLUGIN_HANDLED.......return PLUGIN_CONTINUE..}....public csdm_Init(const version[])..{...if (version[0] == 0)...{....set_fail_sta

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\csdm_itemmode.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	24783
Entropy (8bit):	5.543064745964267
Encrypted:	false
SSDEEP:	768:7GHvPM1vw7dHAhYAtdaYrzsoGvljR2uu0DjySeBnO4gklxe:KHXk7F8Ai
MD5:	4E78FC4E315ED34193E697AD9A5B1202
SHA1:	1278E10C17F008AB8FAFDC2E3845AE083103FCCD
SHA-256:	45C0326C35A60B1D1D43E423E042F76F1962E9BB31D14B9884FA1A7585D0DB89
SHA-512:	F1FB88D7985B8FF9234199C2BAC9C743C65373170EE9299C576B0911D94D7AC4AAFE60B400B4FF6D25AEAA165E3B3C40BD2F035DF6A1B2C595CD0EC6CE681994
Malicious:	false
Preview:	/*.. csdm_itemmode.sma.. * Allows for Counter-Strike to be played as DeathMatch... .. CSDM Item Mode - Spawns different types of items all over the map... .. (C)2003-2006 Borja "FALUCO" Ferrer.. * (C)2003-2006 David "BAILOPAN" Anderson.. .. Give credit where due... * Share the source - it sets you free.. * http://www.opensource.org/.. * http://www.gnu.org/.. */....#include <amxmodx>..#include <fakemeta>..#include <cstrike>..#include <csdm>....#define MAX_ITEMS.250..#define MAX_ENTS .1400..#define MAX_PACKS.50..#define ITEMTYPES_NUM.42..#define SLOTS..12....#define ITEM_LONGJUMP.31..#define ITEM_MEDKIT.32..#define ITEM_BATTERY.33..#define ITEM_PISTOLAMMO.34..#define ITEM_RIFLEAMMO.35..#define ITEM_SHOTAMMO.36..#define ITEM_SMGAMMO.37..#define ITEM_AWPAMMO.38..#define ITEM_PARAAMMO.39..#define ITEM_FULLAMMO.40..#define ITEM_ARMOR.41..#define ITEM_PACK.(MAX_ITEMS + 1)....#define CWRAP(%1,%2) (containi(%1,%2) != -1)....// Config variables..new bool:g_Enabled = false..new bo

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\csdm_main.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	9597
Entropy (8bit):	5.3616379141851125
Encrypted:	false
SSDEEP:	192:L/D5Jd2lNNfv/xWXXGrJzH6i/AOI+cIFChmr1IgQqLKvAgF3GdQ0bh7q+NmFAC8d:X5Jd2t/5cmImr1IgQqwMbRq9FAzd
MD5:	BDD2A19A10658AD4BB36B1EB8C17E870
SHA1:	56A51EF8ACF0CB860E9B4AC5151891AB36139F10
SHA-256:	50DD2BBAB8E0909AC3D5B58E50771054FEF4B481AB62F8E179D0E5E5C44FBBA8
SHA-512:	1411B848D9E198FB81B993D27C722AAD017C5B06D067F8D1A5C1C0E48D4471036F6B16A503EC383BD8D2C6DD669B83A5B3B659E67E063BB1CC8DCF5F0CA97E25
Malicious:	false
Preview:	/*.. csdm_main.sma.. * Allows for Counter-Strike to be played as DeathMatch... .. CSDM Main - Main plugin to communicate with module.. .. (C)2003-2006 David "BAILOPAN" Anderson.. .. Give credit where due... * Share the source - it sets you free.. * http://www.opensource.org/.. * http://www.gnu.org/.. */.. ..#include <amxmodx>..#include <amxmisc>..#include <cstrike>..#include <csdm>....new D_PLUGIN[].= "CSDM Main"..new D_ACCESS.= ADMIN_MAP....#define CSDM_OPTIONS_TOTAL..2....new bool:g_StripWeapons = true..new bool:g_RemoveBomb = true..new g_StayTime..new g_drop_fwd..new g_options[CSDM_OPTIONS_TOTAL]....//new g_MenuPages[33]..new g_MainMenu = -1....public plugin_natives()..{...register_native("csdm_main_menu", "native_main_menu")...register_native("csdm_set_mainoption", "__csdm_allow_option")...register_native("csdm_fwd_drop", "__csdm_fwd_drop")...register_library("csdm_main")..}....public native_main_menu(id, num)..{...return g_MainMenu..}....public __csdm_allow_option(

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\csdm_misc.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with very long lines (340), with CRLF line terminators
Category:	dropped
Size (bytes):	6117
Entropy (8bit):	5.514340071115074
Encrypted:	false
SSDEEP:	96:3g4D5M9nfBTFggcYBTvGyCTIUX5ZZUropoI2Vtuqz+nAeNnALooQqBpFPyKjH+jH:w4D5+fBTFgIiyCTIUX5ZZU6qoO+nzZqE
MD5:	0E38513BB0C3EFC52A9E28E981B4A419
SHA1:	6A35E0138E1B5AF150C1086487BFBB22C5C49136
SHA-256:	7C1774BC14968FB77309A3985EDF448455558FDCE57E3389A10CE91E47C979F5
SHA-512:	9ED973D1BC7DBB50BE876A4E06389B0E85120A116A1D8DA4CF1EBFD7F1BD99947115CD4A4AD228E61B9D52978F689AA71C0C6D1F098E3431DA80B006684CE96D
Malicious:	false
Preview:	/*.. csdm_misc.sma.. * Allows for Counter-Strike to be played as DeathMatch... .. CSDM Miscellanious Settings.. .. By Freecode and BAILOPAN.. * (C)2003-2006 David "BAILOPAN" Anderson.. .. Give credit where due... * Share the source - it sets you free.. * http://www.opensource.org/.. * http://www.gnu.org/.. */.. ..#include <amxmodx>..#include <amxmisc>..#include <cstrike>..#include <fakemeta>..#include <csdm>....#define MAPSTRIP_BOMB..(1<<0)..#define MAPSTRIP_VIP..(1<<1)..#define MAPSTRIP_HOSTAGE.(1<<2)..#define MAPSTRIP_BUY..(1<<3)....new bool:g_BlockBuy = true..new bool:g_AmmoRefill = true..new bool:g_RadioMsg = false....#define MAXMENUPOS 34....new g_Aliases[MAXMENUPOS][] = {"usp","glock","deagle","p228","elites","fn57","m3","xm1014","mp5","tmp","p90","mac10","ump45","ak47","galil","famas","sg552","m4a1","aug","scout","awp","g3sg1","sg550","m249","vest","vesthelm","flash","hegren","sgren","defuser","nvgs","shield","primammo","secammo"} ..new g_Aliases2[MAXMENUPOS][] =

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\csdm_protection.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3941
Entropy (8bit):	5.349642722643105
Encrypted:	false
SSDEEP:	96:ED5/mZYaitNTvGBkod/StbbIgFPy3LT0FLymkiMtyel:ED5qitNiBVgtb03LYFLgye
MD5:	C3C7C71E1107D6A2342D87434EF3089B
SHA1:	DAF73EFF4B6963E6F5628095AD5EA6C478929DD1
SHA-256:	0586AADC6DCB62472C80CFAA5BD34F687B5277CF776C538BAFE876594F89E694
SHA-512:	C11EA6071C8B96EC5CBF311F1190422E37F730F4C37A3D566F9EB08ADBF2E4C48F8AAB91A1B9CBACC951D5FCE77945A41DBD7C425F7C4030551A20B4D608FC20
Malicious:	false
Preview:	/.. csdm_protection.sma.. * CSDM plugin that lets you have spawn protection.. .. (C)2003-2006 David "BAILOPAN" Anderson.. .. Give credit where due... * Share the source - it sets you free.. * http://www.opensource.org/.. * http://www.gnu.org/.. */.. ..#include <amxmodx>..#include <amxmisc>..#include <fakemeta>..#include <engine_const>..#include <csdm>....new g_ProtColors[3][3] = {{0,0,0},{255,0,0},{0,0,255}}..new g_GlowAlpha[3]..new g_Protected[33]..new bool:g_Enabled = false..new Float:g_ProtTime = 2.0....//Tampering with the author and name lines can violate the copyright..new PLUGINNAME[] = "CSDM Protection"..new VERSION[] = CSDM_VERSION..new AUTHORS[] = "BAILOPAN"....public csdm_Init(const version[])..{...if (version[0] == 0)...{....set_fail_state("CSDM failed to load.")....return...}...}....public csdm_CfgInit()..{...csdm_reg_cfg("protection", "read_cfg")..}....stock set_rendering(index, fx=kRenderFxNone, r=255, g=255, b=255, render=kRenderNormal, amount=16)..{...set_

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\csdm_spawn_preset.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4560
Entropy (8bit):	5.41701506647788
Encrypted:	false
SSDEEP:	96:3vpPS52GYSoSLT5bEJThG/jw1TNO3Ci90URlYXLEfF01htZhzV:RPS5P2OjKiCi90URtYhP
MD5:	691840F892B58EF725FA86234C21AAD7
SHA1:	45CDB2EB98E06E04A96E0D84A63ABA041BA0845B
SHA-256:	017A7F4ED7BD6545360A6D7C47656637FF1EE259440CF37720F3C4D986EF6A3D
SHA-512:	5DC28EF773FB8AA35758C48C420E8761CCDDDBCF8DB639B36ADCE0197CCE9EFE5EE37E24FEB7AA42D98A4F389783EC93CC22CE9214EEF04139526109720B3C0D
Malicious:	false
Preview:	/*.. csdm_spawn_preset.sma.. * Allows for Counter-Strike to be played as DeathMatch..... * CSDM Spawn Method - Preset Spawning.. * by Freecode and BAILOPAN.. * (C)2003-2006 David "BAILOPAN" Anderson.. .. Give credit where due... * Share the source - it sets you free.. * http://www.opensource.org/.. * http://www.gnu.org/.. */.. ..#define.MAX_SPAWNS.60....#include <amxmodx>..#include <amxmisc>..#include <fakemeta>..#include <csdm>....//Tampering with the author and name lines will violate copyrights..new PLUGINNAME[] = "CSDM Mod"..new VERSION[] = CSDM_VERSION..new AUTHORS[] = "CSDM Team"......new Float:g_SpawnVecs[MAX_SPAWNS][3];..new Float:g_SpawnAngles[MAX_SPAWNS][3];..new Float:g_SpawnVAngles[MAX_SPAWNS][3];..new g_TotalSpawns = 0;....public csdm_Init(const version[])..{...if (version[0] == 0)...{....set_fail_state("CSDM failed to load.")....return...}......csdm_addstyle("preset", "spawn_Preset")..}....public csdm_CfgInit()..{...csdm_reg_cfg("settings", "read_cfg")..}....pub

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\csdm_tickets.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2626
Entropy (8bit):	5.4589442490436255
Encrypted:	false
SSDEEP:	48:3SHLnsLoeyVK5n1tBF88tN/u7OTv5YKO/0NxU+zNQRUU+EFeAAsA1BTDFp7pUoXB:3SHLsDD5F+YM6TvI/0rnNQ23dskBTDFp
MD5:	EF7DBF2B0DFB655CF5E6603A36A1ECD5
SHA1:	1C1FD179050FBF7EAE255C788028207640251FAE
SHA-256:	3E11C6BBADE5B7E06676A74AE0B96421CCC448B1E4A3CF7A1905586A4B0DCDC2
SHA-512:	1E2FAAC488B9B4E503BC53E33E8B7FFF87C8743947581F3B405F88E1AEAAA20D9ED955A841E4AF366BE28A437DBE323C7CB0FE90631246221E6BD405B2CFEEC6
Malicious:	false
Preview:	/*.. csdm_tickets.sma.. * CSDM plugin that lets you have round ticketing... * Every time a player dies their team loses a ticket. Once all their tickets are used up,.. * they cannot respawn... .. (C)2003-2006 David "BAILOPAN" Anderson.. .. Give credit where due... * Share the source - it sets you free.. * http://www.opensource.org/.. * http://www.gnu.org/.. */.. ..#include <amxmodx>..#include <amxmisc>..#include <csdm>....new bool:g_Enabled = false..new g_TeamTickets..new g_Respawns[3]....//Tampering with the author and name lines can violate the copyright..new PLUGINNAME[] = "CSDM Ticketing"..new VERSION[] = CSDM_VERSION..new AUTHORS[] = "BAILOPAN"....public csdm_Init(const version[])..{...if (version[0] == 0)...{....set_fail_state("CSDM failed to load.")....return...}..}....public csdm_CfgInit()..{...csdm_reg_cfg("ticketing", "read_cfg")..}....public plugin_init()..{...register_plugin(PLUGINNAME, VERSION, AUTHORS);......new menu = csdm_main_menu();...menu_additem(menu

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\csstats.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1911
Entropy (8bit):	4.995508125945607
Encrypted:	false
SSDEEP:	24:+eSFx8xsyqOkE6kPTbVpTGEo6E+UCAhce0U4zKFCCv1DvMLLOB1wOO:+1XyaEFTGEoxPdoLOO
MD5:	29498767EB0A9D8A6C369A2825FB6943
SHA1:	CDF1917B7901ACEB7F7A525D6EED282FBC568FB7
SHA-256:	A38D2B21F3E542F0A1998C59AADFA1D29959C59112C9AEB1A19CC79D7D4B2424
SHA-512:	4708995A9368EF723F2D6C4418F78996D6B8EC81E354983172CD77FF09E66D6BA8C4576BE209903D0A6CA9DC1BCD8BE1595F31732F0DE658AC4A97A2CB41A0E7
Malicious:	false
Preview:	/* AMX Mod X..* Rank Calculation.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation,..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Half-Life

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\dlsym

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.4.1, with debug_info, not stripped
Category:	dropped
Size (bytes):	8106
Entropy (8bit):	4.963568502216911
Encrypted:	false
SSDEEP:	96:fNCerLSg2UseH1hw8bPEX9V7c/vJt9hPcr9clyIXabJfar9VA2V0a:f3/S3UsqPo9V7KjTcDFqqa
MD5:	BD8E520A6EAC27912B2C34BBE11A24FC
SHA1:	839EA890030FC3953A958EA46400ED3CC5D32CDE
SHA-256:	716A2CD3317C7213B4390F5CAF2186A9DC64B3D1B7230D9EEB28A3BF405C04B9
SHA-512:	D6CB3AB6F5B1F77BD04D7086845F669AD28E11B7456DAB78240EDE7B689CFB82A17C2E2CEF1F50CC0A1A629288B1544C54A07CD48A940D331BFCAD56E561EE48
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	.ELF....................p...4...........4. ...(.".......4...4...4...................................................................................................$...(.............................................(...(...(... ... ...........Q.td............................/lib/ld-linux.so.2..............GNU.....................................................................................................W.......................k.......v...............P.......9...............?.......\...............a.......3.......g...D....................... ...0........... ...?.......l........libdl.so.2.dlerror.dlclose._Jv_RegisterClasses.__gmon_start__.dlopen.libc.so.6.printf.puts.exit.fopen._IO_stdin_used.__libc_start_main.GLIBC_2.1.GLIBC_2.0.....................................0....ii..............ii.................F............ii..............ii.........................................................................................U..........0....+.......5.....%.........%....h.........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\dlsym64

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.4.0, with debug_info, not stripped
Category:	dropped
Size (bytes):	10436
Entropy (8bit):	3.818303234551527
Encrypted:	false
SSDEEP:	192:GGHN3k8H73B/ciYzsAwOb5ekGEY0/ehkP:T3zHjYjbhZV
MD5:	22B7896166DF4C31BA75C06358F219FC
SHA1:	0781A7550DB5805AD694364C181CEBC45BB9914D
SHA-256:	4D31D9F99F06BA28F481EBA0EBBE58DA4592773434700E2DBCC8AA981ADEBDB4
SHA-512:	1C20C9EAA262FAE64B9D3982C80D630B2887528ABFEBA4EDF35299D0C2BFAAE8BF1F5DB3AE91EBFD74F4C79D2EAFDBCC2B2F2C70A1612A45187DB42F3AF8FE30
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	.ELF..............>.......@.....@.......@...........@.8...@.!...........@.......@.@.....@.@.....................................8.......8.@.....8.@...............................................@.......@...............................................P.......P.....8.......@.................................P.......P.....................................T.......T.@.....T.@..... ....... ...............P.td....4.......4.@.....4.@.....$.......$...............Q.td.......................................................e.(................................................../lib64/ld-linux-x86-64.so.2.............GNU.............................................................................................................b......................./...............6.......P.......................6...............".......W.......................>.......................\........................... ................... ... ....................libdl.so.2._Jv_RegisterClasses.__gmon_start__.dlopen.dlclose.dl

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\imessage.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3574
Entropy (8bit):	5.37627132770916
Encrypted:	false
SSDEEP:	48:kJXyaEFTGEoxPYVK5y7pIxAHTiaynFpZYEPrP8bzGs6UOZ7I:Qu6EoxP55iIxAHTFmFpQbwI
MD5:	B9A9F4F578E3343695EE240AF2A1AEDF
SHA1:	6F514ABEB7AF091AA91BCC1AE8AD3195F197E1F4
SHA-256:	B52E13D7E8995EA9050FABD3119B44C017B6AE34E8530EFF5E937480B04CEFBD
SHA-512:	6835F0908E59F5734E4DB6EB4CC95E0D677A274D03EF7643D1A325ED676B7528BC65CB7D007578136DB5687FC0108826C96D01EABDFD8B8F404E893185B497C0
Malicious:	false
Preview:	/* AMX Mod X..* Info. Messages Plugin.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation,..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Half-

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\Vexd_Utilities.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3135
Entropy (8bit):	5.038542867191191
Encrypted:	false
SSDEEP:	96:Gr9KgIPHLm8QLdPSQrcam6mwnerESVlfnymBPg7Ki7SYIUHm1U:GruCFA/EmBPg7Ki7/IUcU
MD5:	BD373816BC9566A1856FDB362010BE2B
SHA1:	CA2131708E5A84E3773026EEE1C1E7B3A16F09FC
SHA-256:	5DCDD7DF6277C01780801EF906A705CF82106EE7E4E1FFA2629FF3ED64C3115E
SHA-512:	8653ADDA8603D7A6EC8174F9A82FC9DE0C1A6F2511363D586184D168109DC05A9F32F413CB0AFDE9588685936E8934B8E0F47EDA1B9C9A3D50D993C6C9DF0DC3
Malicious:	false
Preview:	/* Vexd Utility backwards compatibility.... by the AMX Mod X Development Team.... This file is provided as is (no warranties)...*/....#if defined _Vexd_Utilities_included.. #endinput..#endif..#define _Vexd_Utilities_included....#include <engine>....stock Entvars_Get_Int(iIndex, iVariable)...return entity_get_int(iIndex, iVariable)....stock Entvars_Set_Int(iIndex, iVariable, iNewValue)...return entity_set_int(iIndex, iVariable, iNewValue)....stock Float:Entvars_Get_Float(iIndex, iVariable)...return entity_get_float(iIndex, iVariable)....stock Entvars_Set_Float(iIndex, iVariable, Float:fNewValue)...return entity_set_float(iIndex, iVariable, fNewValue)....stock Entvars_Get_Vector(iIndex, iVariable, Float:vRetVector[3])...return entity_get_vector(iIndex, iVariable, vRetVector)....stock Entvars_Set_Vector(iIndex, iVariable, Float:vNewVector[3])...return entity_set_vector(iIndex, iVariable, vNewVector)....stock Entvars_Get_Edict(iIndex, iVariable)...return entity_get_edict(iIndex, iVari

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxconst.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	9860
Entropy (8bit):	5.561124218249399
Encrypted:	false
SSDEEP:	192:d4bJvncUdD9uuyyw2BAT3c6ziW4dDZ5mhiMY2IKN:KflR9uuyysT3c6HEKs2IKN
MD5:	E6AF9C50BBF2496E5D8B1A84525CF8B3
SHA1:	DFD69C4C41F00B462477EDD9153A2F5665455BBF
SHA-256:	321A56374869B395333A8810F2BE44562C086E731F46FEF858D67C9075A6F93B
SHA-512:	7F69E49E55D2728D4DA166DC0C4720D2FFCDCACF6743C3CCF9D9377F418075E882E36296411FF697C1722B05AF71D351C5F00AB14C3D5177CAABCECD19B130CF
Malicious:	false
Preview:	/* AMX Mod X constants.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is provided as is (no warranties).../....#if defined _amxconst_included.. #endinput..#endif..#define _amxconst_included....#define AMXX_VERSION..1.764..#define AMXX_VERSION_NUM.176..stock const AMXX_VERSION_STR[]="1.76d";....#define M_PI 3.1415926535....#define ADMIN_ALL..0./ everyone /..#define ADMIN_IMMUNITY..(1<<0)./ flag "a" /..#define ADMIN_RESERVATION.(1<<1)./ flag "b" /..#define ADMIN_KICK..(1<<2)./ flag "c" /..#define ADMIN_BAN..(1<<3)./ flag "d" /..#define ADMIN_SLAY..(1<<4)./ flag "e" /..#define ADMIN_MAP..(1<<5)./ flag "f" /..#define ADMIN_CVAR..(1<<6)./ flag "g" /..#define ADMIN_CFG..(1<<7)./ flag "h" /..#define ADMIN_CHAT..(1<<8)./ flag "i" /..#define ADMIN_VOTE..(1<<9)./ flag "j" /..#define ADMIN_PASSWORD..(1<<10)./ flag "k" /..#define ADMIN_RCON..(1<<11)./ flag "l" /..#define ADMIN_LEVEL_A..(1<<12)./ flag "m" */..#define ADMIN_LEVEL_

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxmisc.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7488
Entropy (8bit):	5.454444167380403
Encrypted:	false
SSDEEP:	96:K91wlviTyD5NdacFOhKeLnUEh5k96gt8PgbsWd2dWAOKxbQoqa5l1QV:DlviTyVawBcsQPg8WlKxbQsluV
MD5:	3AFD5BE355B6C317112E7447261AF962
SHA1:	5AACE4FCACA61408EBED3364AF5B74B5EA3843BC
SHA-256:	AF788BF404DF88300A2A12191EB05D99DF2F00FBE8CC4423FA7F8F321E50CCE8
SHA-512:	B42F674823F660F0F4CBA9224B15755CD4136276A743D16A4D6A9A3EA276C93673B14134F6E368EAAFE902A57706CFA5988ED34772C19ACE77674467B69445D2
Malicious:	false
Preview:	/* AMX Mod X misc..... by the AMX Mod X Development Team..* originally developed by OLO.... This file is provided as is (no warranties)...*/....#if defined _amxmisc_included.. #endinput..#endif..#define _amxmisc_included....#if !defined _amxmodx_included...#if defined AMXMOD_BCOMPAT....#include <amxmod>...#else....#include <amxmodx>...#endif..#endif....#if defined AMXMOD_BCOMPAT..#if defined _translator_included..#define SIMPLE_T(%1)._T(%1)..#else..#define SIMPLE_T(%1).%1..#endif..#endif....stock is_user_admin(id)..{...return ( get_user_flags(id)>0 && !(get_user_flags(id)&ADMIN_USER) );..}....stock cmd_access(id,level,cid,num) ..{...new has_access = 0;...if ( id==(is_dedicated_server()?0:1) ) ...{....has_access = 1;...}...else if ( level==ADMIN_ADMIN )...{....if ( is_user_admin(id) )....{.....has_access = 1;....}...}...else if ( get_user_flags(id) & level )...{....has_access = 1;...}...else if (level == ADMIN_ALL) ...{....has_access = 1;...}.....if ( has_access==0 ) ...{..#if def

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxmod.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.975308452025659
Encrypted:	false
SSDEEP:	24:hISZgI4I2ZMVK5ApHtOMwsAQMcscBw8tEkELlFKgzqZlEXpJgwpY:/JLZVKGyMT7scBa2aWWY
MD5:	0B1640FA40C648CA440E52930E7430D0
SHA1:	ACA8A1F8D5C8107F635FB5C0D2CF86D318DF51D6
SHA-256:	A7FBB7CF59351619993FB800D34A71E6F8C7E0E466481F54B991FE318496B855
SHA-512:	7AD08EE93F5EBB994EA673C9CD34BF066E182DA5AD9E8F64B8EDAFD6B2BB47D9A46852E900EFEC0CE55B2C6EC9DB822AEAFDF86628568EA7CEC094008BB81845
Malicious:	false
Preview:	/* AMX Mod X Backwards Compatibility.... by the AMX Mod X Development Team.... This file is provided as is (no warranties)...*/....#if defined _amxmod_included.. #endinput..#endif..#define _amxmod_included....#include <amxmodx>..#include <cstrike>..#include <engine>..#include <fun>....stock user_spawn(index).. return spawn(index)....stock get_logfile( name[], len ).. return get_time("admin%m%d.log",name,len)....stock get_user_money(index).. return cs_get_user_money(index)....stock set_user_money(index,money,flash=1).. return cs_set_user_money(index,money,flash)....stock numtostr(num,string[],len).. return num_to_str(num,string,len)....stock strtonum(const string[]).. return str_to_num(string)....stock build_path( path[] , len , {Float,_}:... )..{.. new basedir[32].. get_localinfo("amxx_basedir",basedir,31).. format_args(path,len,2).. return replace(path,len,"$basedir",basedir)..}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxmod_compat\VexdUM.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2531
Entropy (8bit):	5.097449290258163
Encrypted:	false
SSDEEP:	48:szqLzCFGhuT8a/1bfeW+fOylVZiMEpiiEIuVk8XTA:2qLzC4hba/1beZiMEpiiEIuW2TA
MD5:	BCE3B6C343264EECF812BE0DE652D13E
SHA1:	0EDADB00D7CAEE04D3CBB7CC81938E71B1ADB219
SHA-256:	9ABE6025F580F9835B31F654D7BE7A6F9D0EA654A5E2A240F74263BF5C48FE09
SHA-512:	919C44FC6C348B5ADD577EAFE66A9E4B584DB3B5A7C7937CD6E61514A5C6A173059D62F37011C702FFC0B5ACDEAF71807E2062E0DDA19B0468111E46FCDCD57D
Malicious:	false
Preview:	/* VexdUM backwards compatibility.. .. by the AMX Mod X Development Team.. .. This file is provided as is (no warranties)... */......#if !defined _fakemeta_included...#include <fakemeta>..#endif....#if !defined _engine_included...#include <engine>..#endif....#if defined _vexd_bcompat_included.. #endinput..#endif..#define _vexd_bcompat_included....#include <VexdUM_const>....native radius_damage(inflictor, Float:dmg, Float:orig[3], Float:rad, bit = DMG_BULLET, wpnName[]="", hs = 0);..native take_damage(victim, attacker, Float:orig[3], Float:dmg, bit = DMG_BULLET, wpnName[]="", hs = 0);..native set_user_model(id, const Model[]="");..native entity_use(eUsed, eOther);..native get_num_ents();....native DispatchKeyValue(ent, szKey[], szValue[]);....// Trace a line from Start(X, Y, Z) to End(X, Y, Z), will return the point hit in vReturn[3]..// Will return an entindex if an entity is hit...native trace_line(ent, Float:vStart[3], Float:vEnd[3], Float:vReturn[3]);....native traceline_get_

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxmod_compat\VexdUM_const.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	712
Entropy (8bit):	4.834756238621866
Encrypted:	false
SSDEEP:	12:EWJJWlAGSsJJWlAdpQQ43RUNeo6engMcLpH0ERH3R7kb2gS43RP6HP8XDz3RTGo/:XJJmhJm2pLNKmgMcL+QGyrNu7
MD5:	285A86F568EAB3C9B21DA11762041AA8
SHA1:	A8607B980ADA888B9E3372A74DEEABEF652D0560
SHA-256:	82958A89F5659C60E2ADB3BCB28EC5FD2066881B095AC0E47E892621951D1EF2
SHA-512:	4F4ECAC29645A4A08872908CB5A6483F2B7A4CEF563BF09B1DD728FBB0B09183F44AAA6316B241FF504EA00786F2D2246ED49D9D4357C7F758E038EA538B7523
Malicious:	false
Preview:	#if defined _vexdum_const_included.. #endinput..#endif..#define _vexdum_const_included....// TraceLine Integer..enum {.. TR_INT_fAllSolid, // if true, plane is not valid.. TR_INT_fStartSolid, // if true, the initial point was in a solid area.. TR_INT_fInOpen,.. TR_INT_fInWater,.. TR_INT_iHitgroup, // 0 == generic, non zero is specific body part..};....// TraceLine Float..enum {.. TR_FL_flFraction, // time completed, 1.0 = didn't hit anything.. TR_FL_flPlaneDist,..};....// TraceLine Vector..enum {.. TR_VEC_vecEndPos, // final position.. TR_VEC_vecPlaneNormal, // surface normal at impact..};....// TraceLine Edict..enum {.. TR_ENT_pHit, // entity the surface is on..};..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxmod_compat\VexdUM_stock.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2737
Entropy (8bit):	5.242981245496083
Encrypted:	false
SSDEEP:	48:XVLN/vjg/RAIODwFCWlD9L5gWUQ6lm+fc3uMa2OR:FLN/vWHlD9L5go6l/fM2
MD5:	F6A017847B8BF5F5D106A63ABA9B7B2A
SHA1:	1D30A7CEC112F12BA1776333C29FA96A0DF1A9D2
SHA-256:	64D2A87F77F0FCC9660710CB3A0DC7BAE1E1AE187561443BCDD2156DC1A8BD3E
SHA-512:	20E998738A5B0E5B6C1CC6ACA3281EF353CB55BC15DD5552B1811E9B664C11E0AC2327D4CD62D24C31E346532DB698FD173FCF6025BC92F7FBB21CB702214994
Malicious:	false
Preview:	/* VexdUM stocks backwards compatibility.. .. by the AMX Mod X Development Team.. .. This file is provided as is (no warranties)... */....#if defined _vexd_bcompat_stocks_included.. #endinput..#endif..#define _vexd_bcompat_stocks_included....#if !defined _engine_included...#include <engine>..#endif....stock is_entity(ent)..{...return pev_valid(ent);..}....stock get_offset_int(ent, offset, linos = 5)..{...return get_pdata_int(ent, offset, linos);..}....stock set_offset_int(ent, offset, value, linos = 5)..{...return set_pdata_int(ent, offset, value, linos);..}....stock in_view_cone(ent, Float:Orig[3])..{...return is_in_viewcone(ent, Orig);..}....stock get_maxentities()..{...return global_get(glb_maxEntities);..}....stock can_see(ent1, ent2)..{...if (is_entity(ent1) && is_entity(ent2))...{....new flags = pev(ent1, pev_flags);....if (flags & EF_NODRAW \|\| flags & FL_NOTARGET)....{.....return 0;....}........new Float:lookerOrig[3];....new Float:targetOrig[3];....new Float:temp[3];....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxmod_compat\Vexd_Utilities.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	5.066907961903515
Encrypted:	false
SSDEEP:	96:GrQHKgIPHLm8QLdPSQrcam6mwnerESVlfnymBPg7Ki7SYIUHm1U:GrQwCFA/EmBPg7Ki7/IUcU
MD5:	8751081D464040D2E391E8A95D3886EC
SHA1:	2C113F86752F46D473C51EDA890BA12819288379
SHA-256:	4331012972FAC960231BDBF4621580913891546AE5BC7AC7473E6C4D82F9C0E2
SHA-512:	048ECD826CAB7BFBBD1BE7802FE79D67BC08E97B6FD7F5F3FB43F84F8206B149B1AB94B96CA9858FBC78733EEA669B6F7646E5F647369C62A9E61402C09D973F
Malicious:	false
Preview:	/* Vexd Utility backwards compatibility.... by the AMX Mod X Development Team.... This file is provided as is (no warranties)...*/....#if defined _Vexd_Utilities_included.. #endinput..#endif..#define _Vexd_Utilities_included....#include <engine>..#if defined AMXMOD_BCOMPAT..#if !defined _vexd_bcompat_included..#include <VexdUM>..#endif..#endif....stock Entvars_Get_Int(iIndex, iVariable)...return entity_get_int(iIndex, iVariable)....stock Entvars_Set_Int(iIndex, iVariable, iNewValue)...return entity_set_int(iIndex, iVariable, iNewValue)....stock Float:Entvars_Get_Float(iIndex, iVariable)...return entity_get_float(iIndex, iVariable)....stock Entvars_Set_Float(iIndex, iVariable, Float:fNewValue)...return entity_set_float(iIndex, iVariable, fNewValue)....stock Entvars_Get_Vector(iIndex, iVariable, Float:vRetVector[3])...return entity_get_vector(iIndex, iVariable, vRetVector)....stock Entvars_Set_Vector(iIndex, iVariable, Float:vNewVector[3])...return entity_set_vector(iIndex, iVariabl

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxmod_compat\amxmod.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6989
Entropy (8bit):	5.248894813289797
Encrypted:	false
SSDEEP:	192:ZLRKETAkscubX8vdvWejkSxC3XTFblOkn:iETFwX8vdvWejU5bl
MD5:	26F9EF19F87F4E852E0E67B890705B1F
SHA1:	65D7CC6C8E4C4F9465ED958116CB040C383C2523
SHA-256:	662FBF0BF14D79C7E3EB2F2AE6D49B97E38BE120373B64D7975AF1874ED6B769
SHA-512:	81E88029DDE8ACB5E52A2679BCE58492B462B47BCEBAF64FDDA2A19CB931C8FEA15D6320828229919F7824594DE478BA9D96CB5E6828E4F3A8F8F84563553F6C
Malicious:	false
Preview:	/* AMX Mod X Backwards Compatibility.. .. by the AMX Mod X Development Team.. .. This file is provided as is (no warranties)... /....#if defined _amxmod_included.. #endinput..#endif..#define _amxmod_included....#if !defined AMXMOD_BCOMPAT...#define AMXMOD_BCOMPAT..#endif....#include <amxmodx>..#include <cstrike>..#include <engine>..#include <fun>..#include <maths>....stock AMX_VERSION[] = ."1.76-BC"....#define ADMIN_PERMBAN ADMIN_BAN..//AMX Mod admin flag for permanent ban..#define ADMIN_UNBAN ADMIN_BAN..//AMX Mod admin flag for unbanning..#define ADMIN_SUPREME ADMIN_IMMUNITY.//AMX Mod admin flag for "super admin" (can kick, slap, ban, slay admins with Immunity)..../ Core will identify us as an "old plugin" this way. */..public __b_old_plugin = 1;....public __b_ident_vers()..{...return __b_old_plugin;..}....stock user_spawn(index).. return spawn(index);....stock get_logfile( name[], len ).. return get_time("admin%m%d.log",name,len);....stock get_user_mone

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxmod_compat\maths.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1368
Entropy (8bit):	4.79425138366738
Encrypted:	false
SSDEEP:	24:kGShO+2+2ulOAXRwgxOwOxT3wTxTRDwHx5RRwDxCRRwKxMxwjAxZwnxsXoGMwixh:ms+2+79DMvV3IV9GHbm8bpqxJrGs8dey
MD5:	809C88693A6E5DCDDDBA5B31CBF824F7
SHA1:	3148C02023E92B9F0743945953C19351004066B0
SHA-256:	BAC5CB7FF83957CB4ABABE2D78410062105E0FE714AB5B936EBC200043D5A0D8
SHA-512:	3ED93EA6DC2E12CC5F9852FFFA329E04D54C5E41BE0984BE7DB441A95B57A5D28A1C81C1CEF7F4AF291AE93C98D56BB917D35388FEBFAC94881F5BA990F83219
Malicious:	false
Preview:	/* AMX Mod math functions backwards compatibility.. .. by the AMX Mod X Development Team.. .. This file is provided as is (no warranties)... */....#if defined _maths_bcompat_included.. #endinput..#endif..#define _maths_bcompat_included....#if !defined _float_included...#include <float>..#endif....stock Float:fabs(Float:value)..{...return floatabs(value)..}....stock Float:asin(Float:value)..{...return floatasin(value, radian)..}....stock Float:sin(Float:value)..{...return floatsin(value, radian)..}....stock Float:sinh(Float:value)..{...return floatsinh(value, radian)..}....stock Float:acos(Float:value)..{...return floatacos(value, radian)..}....stock Float:cos(Float:value)..{...return floatcos(value, radian)..}....stock Float:cosh(Float:value)..{...return floatcosh(value, radian)..}....stock Float:atan(Float:value)..{...return floatatan(value, radian)..}....stock Float:atan2(Float:value1, Float:value2)..{...return floatatan2(value1, value2, radian)..}....stock Float:tan(Float:val

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxmod_compat\mysql.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	613
Entropy (8bit):	4.884193924153804
Encrypted:	false
SSDEEP:	12:mAWPlAGSsPlAdZA7CId9FAIClLIVIqSIEITLkLIshcLIDIBIpIlDRGIIU:EdF2ZkFcgd+h8Dv
MD5:	3A6EE75747031150DE01FF00F5A476B6
SHA1:	508DC581EBE431EB7848707566C4FF247DC39C38
SHA-256:	A3013B20C3B85AB3DE6735E326B6C71B6F13F0071CCFA7389BD0BE22B41E6C2D
SHA-512:	63179AEDD1BA26AD60B7DBEF285F1A76CBF53845B290EEF8BC00E2CEFD25D8E2A473B2044AF067157ADA58B7D2FF0304050DFC749B48DA96CB75298C37127840
Malicious:	false
Preview:	..#if defined _mysql_included.. #endinput..#endif..#define _mysql_included....#include <sqlx>....native mysql_connect(host[], user[], pass[], dbname[], error[], maxlength);..native mysql_query(sql, query[], {Float,_}:... );..native mysql_error(sql, dest[], maxlength);..native mysql_close(sql);..native mysql_nextrow(sql);..native mysql_getfield(sql, fieldnum, {Float,_}:... );..native mysql_getresult(sql, field[], {Float,_}:... );..native mysql_affected_rows(sql);..native mysql_num_fields(sql);..native mysql_num_rows(sql);..native mysql_field_name(sql, field, name[], length);..native mysql_insert_id(sql);..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxmod_compat\translator.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1843
Entropy (8bit):	5.277265155044369
Encrypted:	false
SSDEEP:	48:PsyFZVKd9gWjkj+jsWTbWG/9Vg6afVvr0pMD59hCuufe:UyFWdve03TKGvCFCbe
MD5:	98BBFDFF2D99027715BB20EDF9A3CCE3
SHA1:	E73A2275A80CB412C905ED3261235BA3ABF60AF4
SHA-256:	1516406FEFD3D181A6FC78A18D3306F4C37E051AC06B473BB8D8C18AC3745E0D
SHA-512:	5206B721AE342FBDD85763FE50A90E212D8E9C44044B59B7F924544EFC40C13C5941F19390B3C6FE9ADC16F7A4AA27530137992EA361CA307752B44A1F153D44
Malicious:	false
Preview:	/* AMX Mod X Backwards Compatibility.. .. by the AMX Mod X Development Team.. .. This file is provided as is (no warranties)... /....#if defined _amxmod_translator_included.. #endinput..#endif..#define _amxmod_translator_included....#define _translator_included....#include <amxmodx>..#include <amxmod>..#include <amxmisc>....//From AMX Mod. This is implemented in Core due to the nature of the ..// translation engine and what AMX Mod did.../ Translation backend, used by _T (since natives can't return arrays). */..native translate(const string[], destid=-1, forcelang=-1);....stock _T(const string[], destid=-1, forcelang=-1)..{...new TranslationResult[2] = {0, 0}...TranslationResult[0] = translate(string, destid, forcelang)...return TranslationResult..}....stock load_translations(const file[])..{...static dir[255], path[255];...get_datadir(dir, 254);......format(path, 254, "%s/amxmod-lang/%s.txt", dir, file);...new fp...if (!(fp=fopen(path, "r")))...{....abort(AMX_ERR_NATIVE, "Co

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxmod_compat\xtrafun.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2692
Entropy (8bit):	5.019393614804234
Encrypted:	false
SSDEEP:	48:sC0yNlNcJ0od9xuaOvYHfjFVaj1+auf1d/fT9yk5pYRuWBYk:sCrlNxYLFVaj1Kf1d/fTUk5pYIWBYk
MD5:	F6B4427B6927897FCFF602BDDA7F54C3
SHA1:	67DDA70626C7ED9FAFE9C0F218EBCC8714C61C3E
SHA-256:	FA9B5922926FE5E2E286D42CAA48B94384732C11640E2DB453E752AE48D44549
SHA-512:	B10B06B5F7CF5796E66346C6DDCDCCAEB4095A122EA42BBB3EDD6D082C6EB2D59DA07A5A7E5CFC61BA03B9B52AE7ECEBED4F66DFD5CCCF75F58CA8086C8E336C
Malicious:	false
Preview:	/* Xtrafun backwards compatibility.... by the AMX Mod X Development Team..* These natives were originally made by SpaceDude, EJ, and JustinHoMi..... This file is provided as is (no warranties).../....#if !defined _xtrafun_included...#define _xtrafun_included....#if !defined _engine_included...#include <engine.inc>..#endif..../ Gets the velocity of an entity /..stock get_entity_velocity(index, velocity[3]) {...new Float:vector[3]...entity_get_vector(index, EV_VEC_velocity, vector)...FVecIVec(vector, velocity)..}..../ Sets the velocity of an entity /..stock set_entity_velocity(index, velocity[3]) {...new Float:vector[3]...IVecFVec(velocity, vector)...entity_set_vector(index, EV_VEC_velocity, vector)..}..../ Gets the origin of an entity /..stock get_entity_origin(index, origin[3]) {...new Float:vector[3]...entity_get_vector(index, EV_VEC_origin, vector)...FVecIVec(vector, origin)..}..../ Sets the origin of an entity */..stock set_entity_origin(index, origin[3]) {...new Float:v

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\amxmodx.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	39906
Entropy (8bit):	4.942943668227316
Encrypted:	false
SSDEEP:	768:55wbSsyHkjyaxFLPYKOt963ehg30SXTqMf2dmEpOCasZa8ocabNAHSZ3g4riLyWI:55w1LPYKOt963ehg30SXTqMfGmkoia8S
MD5:	FB01675AC25BC9E280A6A1F0D8D9C4DC
SHA1:	0A6768751D533DF1BCF1237323F1D4AF77319D00
SHA-256:	8A8B17B23DD74B9DD1ADB6F1882A0904718889ACF70948AD4191D42E525A6EC9
SHA-512:	2707C0C94F7DBFE8D2B58BE424BB5538A4EE84321245401456AAFD3420240257A4B33DD96AFCB96F97425CC16D150C1497393D968B4A93775FD281DAAFEB71ED
Malicious:	false
Preview:	/* AMX Mod X functions.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is provided as is (no warranties).../....#if defined _amxmodx_included.. #endinput..#endif..#define _amxmodx_included....#include <core>..#include <float>..#include <amxconst>..#include <string>..#include <file>..#include <vault>..#include <lang>..#include <messages>..#include <vector>..#include <sorting>..../ Function is called just after server activation...* Good place for configuration loading, commands and cvars registration. /..forward plugin_init();..../ Called when the plugin is paused. /..forward plugin_pause();..../ Called when the plugin is unpaused. /..forward plugin_unpause();..../ Called when the mod tries to change the map. /..forward server_changelevel(map[]);..../ Function is called when all plugin_init from plugins..* were called, so all commmands and cvars should be already registered. /..forward plugin_cfg();..../ Function called before plugin

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\core.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	791
Entropy (8bit):	4.971264296381308
Encrypted:	false
SSDEEP:	12:UrQrKlSSXRWg5AGSsVC5AdIHj+MjDKkgLEHJBS12KyKLIVfZUqIXIF0APm2x2Qd1:ulSZqi2IZlpwBxOne2xiyJtUYURY
MD5:	3EA614DC31067188B544453D0D2EAD2C
SHA1:	C907BE952AA9B3CE7E9D31762EC25F01118F8879
SHA-256:	DF99FC6F19DC1E98068F8884802949A5B160D9527C9846FE7A3999D918557021
SHA-512:	07404351061F7532450AE7C3FCC73F90E5317817A0EB84A6B6CE3EF0F107EFEDBF33C195EA99E452D95AE1BDFC51B382220D8B0B2FAEFF62DA36D1CE7E2D5B03
Malicious:	false
Preview:	/* Core functions.... (c) Copyright 1998-2003, ITB CompuPhase.... This file is provided as is (no warranties)...*/....#if defined _core_included.. #endinput..#endif..#define _core_included....native heapspace();....native funcidx(const name[]);....native numargs();..native getarg(arg, index=0);..native setarg(arg, index=0, value);....native strlen(const string[]);....native tolower(c);..native toupper(c);..native swapchars(c);....native random(max);....native min(value1, value2);..native max(value1, value2);..native clamp(value, min=cellmin, max=cellmax);....native power(value, exponent);..native sqroot(value);....native time(&hour=0,&minute=0,&second=0);..native date(&year=0,&month=0,&day=0);....native tickcount(&granularity=0);....stock abs(x)..{...return x > 0 ? x : -x;..}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\csdm.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8311
Entropy (8bit):	5.416188350185218
Encrypted:	false
SSDEEP:	192:7QkYC2DdXANqdTQqwnsZoYeJB/bP445vRIwSWSrhO7EfqWjixSSiaLsYI5I1ekYe:7YC2asInAK1P9+Wk4ECWj/JagbI8jSAG
MD5:	FD9D2A481C38322E8E5393022C4984A3
SHA1:	CE7E3EB919272A04743F4A3F6B161AD29BA7285A
SHA-256:	FB39872BAB2068488DE6858B39207A0478585C888D5AEF1024C6CBF76B264712
SHA-512:	9B5146B206DEDA305DFDF4EC14B166AFA71FA0CE8081C735B4D245F0D9FDB193016197CCD1CD598070FC8E2E5FEF1DE763CD5FBA3F1F568B4523C9E2C3FE399A
Malicious:	false
Preview:	/*.. (C)2003-2006 David "BAILOPAN" Anderson.. * Counter-Strike Deathmatch (CSDM) 2.10 Module Includes.. /....#if defined _csdm_included.. #endinput..#endif..#define _csdm_included....#if AMXX_VERSION_NUM >= 175.. #pragma reqlib csdm.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma loadlib csdm.. #endif..#else.. #pragma library csdm..#endif....#define.CSDM_VERSION."2.1"....#define.CFG_READ..0..//Line is being read normally..#define.CFG_RELOAD..1..//Section is being parsed from the start..#define.CFG_DONE..2..//Section is done being parsed....#define DEFAULT_ARMOR..100....#define MAX_WEAPONS ..32 ..#define MAX_SECONDARY ..8..#define MAX_PRIMARY ..18....#define CSDM_FFA_ENABLE..3..#define CSDM_FFA_DISABLE.2..#define CSDM_ENABLE...1..#define CSDM_DISABLE..0....#define CSDM_DROP_CONTINUE.0.//continue normally..#define CSDM_DROP_REMOVE.1.//remove the dropped weapon..#define CSDM_DROP_IGNORE.2.//ignore entirely..../**********.. FORWARDS .. ***********/.. ..//Called when CSDM initialize

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\csstats.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2181
Entropy (8bit):	4.792896964053867
Encrypted:	false
SSDEEP:	48:mU9UgiFme4Z0FxSaXAQ1sj/K9/osj/y7SVH+mvM3xJ1BjmhZuf1:mU9URr4Z0HSaXkj/Uj/rt+YMhJ1BChot
MD5:	CB7207CE1488D350F314D3FFD487E460
SHA1:	7D4827E43F6FB434EEBEDE1C7F302EEABF54D58C
SHA-256:	9BD0CBC3C94A05836A648FC5120B07EAEEC6ABB347C64E12CAC832258EECE746
SHA-512:	0ECD3A4F135496B1326D1F782E17451734760E68BE6EDAB24D48AD96480FF1C4509154226BAF2ECEA8CFC0D221835B143F2A26C5DC63CCAE0AA9131B32C80CFB
Malicious:	false
Preview:	..#if defined _csstats_included.. #endinput..#endif..#define _csstats_included..../* Gets stats from given weapon index. If wpnindex is 0..* then the stats are from all weapons. If weapon has not been used function..* returns 0 in other case 1. Fields in stats are:..* 0 - kills..* 1 - deaths..* 2 - headshots..* 3 - teamkilling..* 4 - shots..* 5 - hits..* 6 - damage....* For body hits fields see amxconst.inc. /..native get_user_wstats(index,wpnindex,stats[8],bodyhits[8]);..../ Gets round stats from given weapon index./..native get_user_wrstats(index,wpnindex,stats[8],bodyhits[8]);..../ Gets overall stats which are stored in file on server..* and updated on every respawn or user disconnect...* Function returns the position in stats by diff. kills to deaths. /..native get_user_stats(index,stats[8],bodyhits[8]);..../ Gets round stats of player. /..native get_user_rstats(index,stats[8],bodyhits[8]);..../ Gets stats with which user have killed/hurt his victim. If victim is 0..* then

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\cstrike.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	10157
Entropy (8bit):	5.144968269627523
Encrypted:	false
SSDEEP:	192:ygwkMk4irz6OM+Pr1zb8JPtgM4fYnYLe6USmnuM4+eOjrLgmbDvxHHWAPUA1PsSq:+kMGfM+Rzb8JPtV4fqye6USyD4VOjf3Y
MD5:	305F7E4D70E4D3542B2C72B16A4B65D1
SHA1:	CA37891614E0825153321F6C0CF1D2C98F9BE8E8
SHA-256:	02491B5160360469247B1B9F23CB027446698272AA2CD9AA269E02DD4F70A8E0
SHA-512:	A73E87622BF96B268395D81CE35F95C153CE5678FB32115FDA67932120F0D29B8680D4AF51D1E7A8344916E99EC32FE8EC41522A2F260521927E79C4E1EA7530
Malicious:	false
Preview:	/* Counter-Strike functions.... by the AMX Mod X Development Team.... This file is provided as is (no warranties).../....#if defined _cstrike_included.. #endinput..#endif..#define _cstrike_included....#if AMXX_VERSION_NUM >= 175.. #pragma reqlib cstrike.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma loadlib cstrike.. #endif..#else.. #pragma library cstrike..#endif..../ Returns player deaths... /..native cs_get_user_deaths(index);..../ Sets player deaths... /..native cs_set_user_deaths(index, newdeaths);..../ Returns index of entity (does not have to be a player) which hostage is following. 0 is hostage doesn't follow anything... * Note: this native does not work on Condition Zero, which has a different hostage AI than CS... /..native cs_get_hostage_foll(index);..../ Set hostage to follow entity specified in followedindex. Does not have to be a player. If followedindex is 0 the hostage will stop following... * Note: this native does not work on Condition Zero, which has a dif

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\csx.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1920
Entropy (8bit):	4.981233697558872
Encrypted:	false
SSDEEP:	24:tDShJR2ZyzLYNdn8CJ35wNr3c1YRwXpGkFSQ+XNN8eJAkOQVkwc3HfPWU85mNioT:UfR7zg8+3lNSFDFJAkOlt3/eWiC3P
MD5:	836C0F34BD181EE156BE23E2806F7F4D
SHA1:	F6F9429845018E78C7E2CDD120F3D174319F65D0
SHA-256:	CC8FB29FF7AD7A010C824B02E8A56AD48AF9C509D1091DA17D5B3D17346FE6A2
SHA-512:	4E967D0090AFFE5C957B16E07B5F4325D4743FD2C41E5E036C4D96859378D4188C6ED8541301A981490896DD46389BC18938065EC3DE7786B3A05EF9198BEF3E
Malicious:	false
Preview:	/* CSX functions.. .. (c) 2004, SidLuke.. * This file is provided as is (no warranties)... /....#if defined _csx_included.. #endinput..#endif..#define _csx_included....#include <csstats>....#if AMXX_VERSION_NUM >= 175.. #pragma reqclass xstats.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma defclasslib xstats csx.. #endif..#else.. #pragma library csx..#endif..../.. * Forwards.. /..../ Function is called after player to player attacks ,..* if players were damaged by teammate TA is set to 1 /..forward client_damage(attacker,victim,damage,wpnindex,hitplace,TA);..../ Function is called after player death ,..* if player was killed by teammate TK is set to 1 /..forward client_death(killer,victim,wpnindex,hitplace,TK);....forward grenade_throw( index,greindex,wId );....forward bomb_planting(planter);..forward bomb_planted(planter);..forward bomb_explode(planter,defuser);..forward bomb_defusing(defuser);..forward bomb_defused(defuser);..../********** Shared Natives Start *********

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\dbi.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4153
Entropy (8bit):	5.070669679353587
Encrypted:	false
SSDEEP:	96:olyu1OlTv3KskpIfqXmpNVhHv7H2ebJwGeEa4R9/+fxQhQqka4X9:olyughfOIB3dPQQCaM
MD5:	E436D487569243667445429F7DE0316F
SHA1:	31B6FAE3B16DDA42EB989628D0315E4FEF1FAD41
SHA-256:	BC52979501E6A1D7F1288B42D9E9F58A744A93576C8233E0ADA2E60EFBF24117
SHA-512:	59F3F3B9B420D00134774367721C7563A7FF4E591ECAA06EBA693289834783E3244C20DA006C67279B9D0098995B56E0EA7A9A683A33E3C9AFA00E588E6A20DA
Malicious:	false
Preview:	/* SQL Database API.. * By the AMX Mod X Development Team.. * Notes - Read the comments! Make sure your plugins use .. * nice ANSI SQL and don't use database column names like "key".. * otherwise this API will be a nightmare.. * Never do error checking with the not operator! This is bad:.. * if (!dbi_query()).. * You should do:.. * ret = dbi_query().. * if (ret < 0).. * This is because DBI functions can and will return negative numbers.. * Negative numbers evaluate to "true" in AMX... /....#if defined _dbi_included.. #endinput..#endif..#define _dbi_included....// You can't include SQLX first!..// there's really no reason to anyway...#assert !defined _sqlx_included....#if AMXX_VERSION_NUM >= 175.. #pragma reqclass dbi..#else.. #pragma library dbi..#endif....enum Sql..{...SQL_FAILED=0,...SQL_OK..}....enum Result..{...RESULT_FAILED=-1,...RESULT_NONE,...RESULT_OK..}..../ This will return a number equal to or below 0 on failure... * If it does fail, the error will be mirrored in

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\dodconst.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1852
Entropy (8bit):	5.197157725954305
Encrypted:	false
SSDEEP:	24:ofDShPH23bsW3h3igOzEu7B3B9gcOjP1bukrkibb2n/XyVifarbcZAfPzHr0dJ8R:o+1H1W3hG4u7B0NFevH6cZCAmbVp
MD5:	9438D06D6388FEB89A1D49B32A44EAA4
SHA1:	1BAAFA37002C8E43ED2B15466B8B3F8176DAB624
SHA-256:	7FFBB50DF4897C814D99FDBC383DE3AF9E834E67D82592ED3938A15519B744BA
SHA-512:	2D6BBE5D669574380487BB13ED33C3B2648B08D5AD1F5E0F3F048A4E3665F5D41E424032379BCACDD903A9B6C5C47ABD14FFCC282B9129C96BFEF30D44C99321
Malicious:	false
Preview:	/* DoDX functions.. .. (c) 2004, SidLuke.. * This file is provided as is (no warranties)... /....#if defined _dodconst_included.. #endinput..#endif..#define _dodconst_included..../ DoD teams /..#define ALLIES...1..#define AXIS ...2....#define FT_NEW...1<<0..#define FT_OLD...1<<1....#define STAMINA_SET..0..#define STAMINA_RESET..1....#define FUSE_SET..0..#define FUSE_RESET..1....#define DODMAX_WEAPONS..46 // 5 slots for custom weapons....enum { ...PS_NOPRONE =0,...PS_PRONE,...PS_PRONEDEPLOY,...PS_DEPLOY,..}..../ info types for dod_get_map_info native /..enum {...MI_ALLIES_TEAM = 0,...MI_ALLIES_PARAS,...MI_AXIS_PARAS,..}..../ DoD weapons */..enum {...DODW_AMERKNIFE = 1,...DODW_GERKNIFE,...DODW_COLT,...DODW_LUGER,...DODW_GARAND,...DODW_SCOPED_KAR,...DODW_THOMPSON,...DODW_STG44,...DODW_SPRINGFIELD,...DODW_KAR,...DODW_BAR,...DODW_MP40,...DODW_HANDGRENADE,...DODW_STICKGRENADE,...DODW_STICKGRENADE_EX,...DODW_HANDGRENADE_EX,...DODW_MG42,...DODW_30_CAL,...DODW_SPADE,...DODW_M1_CARBINE

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\dodfun.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3775
Entropy (8bit):	5.155763436427536
Encrypted:	false
SSDEEP:	96:qh5cuIL8g5YJarfqgqxq8OOOzSapC8uWImv:qh7ErZfqgqxq8NA5U8ufmv
MD5:	3EE8C58D40E3171F7B2609E54FC83AC8
SHA1:	E4A481161C06BFB5C006A916AC626A3217075C10
SHA-256:	DF6CD053B9F8715461024165CF8E0924A0403D011601828AA2F9FD0620E9D701
SHA-512:	E592329A2ADB9DD3BACE88819CFA160BD5F649F00F298913D7EDCC4EE7778CA8117535C8420693647DD7B023EDBEEC27CB50E2CCC0B0F881C5673C91B238BEFE
Malicious:	false
Preview:	/* DoDFun functions.. .. (c) 2004-2005, SidLuke.. * This file is provided as is (no warranties)... /....#if defined _dodfun_included.. #endinput..#endif..#define _dodfun_included....#include <dodconst>....#if AMXX_VERSION_NUM >= 175.. #pragma reqlib dodfun.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma loadlib dodfun.. #endif..#else.. #pragma library dodfun..#endif..../ Function is called after grenade throw /..forward grenade_throw(index,greindex,wId);..../ Example: for full stamina use dod_player_stamina(1,STAMINA_SET,100,100) /../ value is from 0 - 100 /..native dod_set_stamina(index,set=STAMINA_SET,minvalue=0,maxvalue=100);..../ Sets fuse for grenades. Valid number is from 0.1-20.0 /../ types : new or preprimed /..native dod_set_fuse(index,set=FUSE_SET,Float:newFuse=5.0, Type=FT_NEW);..../ Sets player class /..native dod_set_user_class(index,classId);..../ Sets player team and random class. Don't work for spectators. */..native dod_set_user_team(index,teamId,refresh

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\dodstats.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2304
Entropy (8bit):	4.805685691110104
Encrypted:	false
SSDEEP:	48:1+6UMUgiTmbnot5Z0FxShXfoWXjQ1sj/t9/osj/V7SVH+mvM3xyGBa:1HUMUnuot5Z0HShXQWX7j/7j/ot+YMh2
MD5:	091EA44B5DCF69AC5D75F314B097E7D9
SHA1:	5FBECCE8DDA2804FC7F81D2AAD06A28D1373AA49
SHA-256:	6C95CB19260C14669AF8B36C3237CA4CBC8BDF1B16368DBA1F5315E745F0D5F9
SHA-512:	E97052742E4C97D531069D4606217A8167606C31410C365B1BFD435095BF5744CBCC26D8C5C8BA962FA9D593CCA393DF3226F7A5A76544583B713916A99765B1
Malicious:	false
Preview:	/* DoDX Stats functions.. .. (c) 2004, SidLuke.. * This file is provided as is (no warranties)... /....#if defined _dodstats_included.. #endinput..#endif..#define _dodstats_included..../ Gets stats from given weapon index. If wpnindex is 0..* then the stats are from all weapons. If weapon has not been used function..* returns 0 in other case 1. Fields in stats are:..* 0 - kills..* 1 - deaths..* 2 - headshots..* 3 - teamkilling..* 4 - shots..* 5 - hits..* 6 - damage..* 7 - score..* For body hits fields see amxconst.inc. /..native get_user_wstats(index,wpnindex,stats[9],bodyhits[8]);..../ Gets round stats from given weapon index./..native get_user_wrstats(index,wpnindex,stats[9],bodyhits[8]);..../ Gets life (from spawn to spawn) stats from given weapon index./..native get_user_wlstats(index,wpnindex,stats[9],bodyhits[8]);..../ Gets overall stats which are stored in file on server..* and updated on every respawn or user disconnect...* Function returns the position in stats by

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\dodx.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3408
Entropy (8bit):	4.9516170876897165
Encrypted:	false
SSDEEP:	96:oLw5q/7H/22MDbLD5Xa0DFpkOmGsvJEoe7Lf:oLwO7f22EDVjkOKBeX
MD5:	F465768089432B513A3AACF110199B91
SHA1:	F3616D00E07609CABF6CC1DFC3675BB887D8E517
SHA-256:	17DE13E64CCA19BB09ACD830C162B3032B1F29EF0DA88B0BB75A44A973A03953
SHA-512:	326A41D042B37EA6FEEA4712BEB4017F9348723CDB6600EE960644DD475F504269506376D32B7177A05D15B28CB0E4101F562D57EB2DCAA644B1B9B2B5ACFA56
Malicious:	false
Preview:	/* DoDX functions.. .. (c) 2004, SidLuke.. * This file is provided as is (no warranties)... /....#if defined _dodx_included.. #endinput..#endif..#define _dodx_included....#include <dodconst>..#include <dodstats>....#if AMXX_VERSION_NUM >= 175.. #pragma reqclass xstats.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma defclasslib xstats dodx.. #endif..#else.. #pragma library dodx..#endif..../********** Shared Natives Start *****************************/..../ Forward types /..enum {.. XMF_DAMAGE = 0,.. XMF_DEATH,.. XMF_SCORE,..}..../ Use this function to register forwards /..native register_statsfwd(ftype);..../ Function is called after player to player attacks ,..* if players were damaged by teammate TA is set to 1 /..forward client_damage(attacker, victim, damage, wpnindex, hitplace, TA);..../ Function is called after player death ,..* if player was killed by teammate TK is set to 1 /..forward client_death(killer, victim, wpnindex, hitplace, TK);..../ Function is call

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\engine.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	9193
Entropy (8bit):	5.080775125642295
Encrypted:	false
SSDEEP:	192:g/jMAtcWohOaCfwoZzTRTcHcH84B9i2Fev7Y3+gOGLbgqlck3Bzaq7oLEM:0aCfwoZzTRTcHccgJFev7Y3JLlck3Zav
MD5:	0A040E57D177A979B5C865AB183F764D
SHA1:	E9782A6C6D35B95BFF0CCEEC56061A82A0671E35
SHA-256:	705981E2557B4EDE8801B6D4A8D5D7C7CF0BB7CB398C84170130B4E59FAFB3AE
SHA-512:	B7FDA07AC883ED82C0F1778F2CAF0C46C766A5CE5C53DE63FA24DA65CFF5DC876AFFB951351188366C9C08D97877D9FBC1CBC8B61C3F0424B79B34C8B4D7A4D2
Malicious:	false
Preview:	/* Engine functions.... by the AMX Mod X Development Team..* thanks to Vexd and mahnsawce.... This file is provided as is (no warranties).../....#if defined _engine_included.. #endinput..#endif..#define _engine_included....#include <engine_const>....#if AMXX_VERSION_NUM >= 175.. #pragma reqlib engine.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma loadlib engine.. #endif..#else.. #pragma library engine..#endif....native traceresult(type,{Float,Sql,Result,_}:...);..../ Registers a client impulse to a function. Function is passed the ID of the user. /..native register_impulse(impulse, const function[]);..../ Registers a touch action to a function by classnames. Use * to specify any classname. /..native register_touch(const Touched[], const Toucher[], const function[]);..../ Registers a think action to a function by classname. /..native register_think(const Classname[], const function[]);..../ NOTE: In old engine versions, this was not the case. Values are now WINDOWS values

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\engine_const.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4888
Entropy (8bit):	5.182279615085626
Encrypted:	false
SSDEEP:	96:ebhMX61POFm0+gwz1+3HiIpxYsjSnefuwh4LWD:ebnq+ghdv5ieRh4LWD
MD5:	5E5C5A3C2870E91E425F93427D736536
SHA1:	8E1EF5ABDDD0DC57DBBC4E5B8954A03DFFDD9700
SHA-256:	E3FCEE02E585290DF127CF15CDC01B43E73E9F17B691AD2A2F9E14141B0CD603
SHA-512:	5070D160247FF43C2840B6F83398D69A975F45EC0BDF9C66D412972132B4909CCDE198D0CB99B9A1B01851452FE5DD2B18F660A91C43394E396703D3E331D944
Malicious:	false
Preview:	/* Engine constants.... by the AMX Mod X Development Team.... This file is provided as is (no warranties).../....#if defined _engine_const_included.. #endinput..#endif..#define _engine_const_included....#include <hlsdk_const>....#define SPEAK_NORMAL.0..#define SPEAK_MUTED..1..#define SPEAK_ALL..2..#define SPEAK_LISTENALL.4....#define CAMERA_NONE..0..#define CAMERA_3RDPERSON.1..#define CAMERA_UPLEFT.2..#define CAMERA_TOPDOWN.3..../ Int */..enum {...EV_INT_gamestate = 0,...EV_INT_oldbuttons,...EV_INT_groupinfo,...EV_INT_iuser1,...EV_INT_iuser2,...EV_INT_iuser3,...EV_INT_iuser4,...EV_INT_weaponanim,...EV_INT_pushmsec,...EV_INT_bInDuck,...EV_INT_flTimeStepSound,...EV_INT_flSwimTime,...EV_INT_flDuckTime,...EV_INT_iStepLeft,...EV_INT_movetype,...EV_INT_solid,...EV_INT_skin,...EV_INT_body,...EV_INT_effects,...EV_INT_light_level,...EV_INT_sequence,...EV_INT_gaitsequence,...EV_INT_modelindex,...EV_INT_playerclass,...EV_INT_waterlevel,...EV_INT_watertype,...EV_INT_spawnflags,...EV_INT_fla

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\engine_stocks.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6253
Entropy (8bit):	5.269747417042903
Encrypted:	false
SSDEEP:	192:zrXvHucqHf0/5fvl2iquwnShFIk1Zl3noOGL+GLDrA0f:ed/wLnM0C
MD5:	012E6B2A4D160EE6E0E19FC5068A6919
SHA1:	DD55BDA1051D081E20C216BE337664F902A13535
SHA-256:	52374A88658792DA8996536E25FA4B7F28E7E211864700F22F80A8C02DF91E6B
SHA-512:	9B98F1A65A231A38973659E5FB41E5FBDF0F9165D83F9ED775432D003B793EF959C5DCB67C376B40F1312A473E006BBE215C2163390FDD564A3099F9497DE82A
Malicious:	false
Preview:	/* Engine stocks.... by the AMX Mod X Development Team..* thanks to AssKicR, Freecode and T(+)rget.... This file is provided as is (no warranties).../....#if defined _engine_stocks_included.. #endinput..#endif..#define _engine_stocks_included....#if !defined _amxmodx_included.. #include <amxmodx>..#endif....#if !defined _engine_included.. #include <engine>..#endif....stock fakedamage(idvictim,const szClassname[],Float:takedmgdamage,damagetype)..{...new entity = create_entity("trigger_hurt");...if (entity)...{....DispatchKeyValue(entity,"classname","trigger_hurt");....new szDamage[16];....// Takedamages only do half damage per attack (damage is damage per second, and it's triggered in 0.5 second intervals).....// Compensate for that.....format(szDamage,15,"%f",takedmgdamage 2);....DispatchKeyValue(entity,"dmg",szDamage);....format(szDamage,15,"%i",damagetype);....DispatchKeyValue(entity,"damagetype",szDamage);....DispatchKeyValue(entity,"origin","8192 8192 8192");....Dispatch

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\esf.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2196
Entropy (8bit):	4.939956855335293
Encrypted:	false
SSDEEP:	48:r/AVSraOZyrCzFh9r3FrCUdYrCOZv5qrxytrxbORXmOrCv5HrxQ+rCN5rxf8rxLY:zAVSraQzb9jIKK5mo4cTa5YEztJ0XO
MD5:	C63F6E36EE22E0587235F1FB35328740
SHA1:	BE143D67EF01A11915AB43A96E8740AADB11DC46
SHA-256:	2325EA8273A71EAA2F3BAE24EDAE74BF7153945BF9BA2553E89E5E85965E428A
SHA-512:	D9CE7002E8979F381721C659B78E0F6596720159EDDE24162D642DB75F3B3BBE9B803B35DA4D77A4F953ABC9F8863D60AA2E546757B24DCF28AA2C7AB87506FA
Malicious:	false
Preview:	/*********************************************....[ Corona-Bytes.NET ] EvolutionX Core Plugin.....(c) Corona - Bytes .NET coders :: coders@corona-bytes.net.......> 2005 Corona Bytes :: http://www.corona-bytes.net....*********************************************/....#if defined __EVOLUTION_CORE__.. #endinput..#endif..#define __EVOLUTION_CORE__....#pragma library EvolutionXCore....native setClientPL ....( Client, PowerLevel );..native getClientPL ....( Client );..native setClientACPL ...( Client, ActualPowerLevel );..native getClientACPL ...( Client );..native setClientADPL ...( Client, AfterDeathPowerLevel );..native getClientADPL ...( Client );..native setClientSPL ...( Client, PowerLevel );..native setClientPLtoADPL ..( Client );....native setClientKI ....( Client, Ki );..native getClientKI ....( Client );....native setClientHP ....( Client, Health );..native getClientHP ....( Client );..native setClientMHP. ...( Client, MaximumHealth );..native getClientMHP ...( Client );....nat

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\esf_const.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1209
Entropy (8bit):	5.308220952475954
Encrypted:	false
SSDEEP:	24:31Zn+i7e885SZE3c2G7eFVMmsZFG64cPv3YSRrndrqx/xx9:3pi2m3crewc64c3YSXrmd
MD5:	6009CE21AAD31B4CFA3246D1012EEB07
SHA1:	1122513FFD0FCED505101506E4627FC9355F7B85
SHA-256:	5E9F3B1064869E833D2F05B02FCB204EB1DF7123E9F90FF64DA8EC1B2BF111E3
SHA-512:	BF1AA82C00DD9F8E2C0F068D6CE9607DE90A641646CDE8C8359CED8357C0BE925A49F4F642C3EA857ACE55D6AEA2549185EF4CA5B96631FCAAD0656A214ED98D
Malicious:	false
Preview:	/*.. (C)2004-2005 AMX Mod X Development Team.. * based on the stocks and information provided by LynX.. * organized and released by BAILOPAN.. * This file is provided as is (no warranties)... */.. ..#if defined _esfconst_included.. #endinput..#endif..#define _esfconst_included....enum ..{...Character_Buu = 1,.....Character_Goku = 2,...Character_Gohan = 3,.//my favorite :)...Character_Krillin = 4,...Character_Frieza = 5,...Character_Piccolo = 6,...Character_Trunks = 7,...Character_Vegeta = 8,...Character_Cell = 9,..};....enum..{...Explosion_Blue = 0,...Explosion_Green,...Explosion_Orange,...Explosion_Purple,...Explosion_Yellow,...Explosion_Red,...Explosion_White,...Explosions_Total,..};....enum..{...Attack_Kamehameha=1,...Attack_SpiritBomb,...Attack_GalletGun,...Attack_FinalFlash,...Attack_Renzoku,...Attack_Kametorpedo,...Attack_GenericBeam,...Attack_Throw,..};....enum..{...Direction_Left=1,...Direction_Right,...Direction_Up,...Direction_Down,...Direction_Forward,...Direction_Ba

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\fakemeta.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6447
Entropy (8bit):	4.972024882579063
Encrypted:	false
SSDEEP:	192:KMLOOi/5HCYZ0UzFFgKgYaC7jIJ/jZ52VUVzur+KiAO:1OOi/5HCUj7jIJ/bbVSqKit
MD5:	60647AF1DA91D1433984224C7BAE8BB3
SHA1:	16045517B3021B85B9E054BBD394AE6EA24C20F8
SHA-256:	EB3AC3F4A9702BA6C8756B0D63434587AE4B033DA52B13B24BACE2A2C46A240D
SHA-512:	7F348784A6463C55BCC407DE3203C9E9845839339B17FC01D28E485A07F24F500D49203E69AA493915149328E56C42FC750171CC97C2AC908CAACF56A23A3EFB
Malicious:	false
Preview:	/* FakeMeta functions.... by the AMX Mod X Development Team.... This file is provided as is (no warranties).../....#if defined _fakemeta_included...#endinput..#endif..#define _fakemeta_included....#include <fakemeta_const> ....#if AMXX_VERSION_NUM >= 175.. #pragma reqlib fakemeta.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma loadlib fakemeta.. #endif..#else.. #pragma library fakemeta..#endif..../ Returns entvar data from an entity Use the pev_* enum to specify which form of data you want returned... .. If retrieving strings, you may optionally get a pointer into the global string table. Depending on.. * your situation, there are two ways to do this... * 1: This simply gets the pointer... * new ptr = pev(entid, pev_classname).. * 2: The pointer will be stored in ptr AND the actual string is retrieved... * new ptr, classname[32].. * pev(entid, pev_classname, ptr, classname, 31).. /..native pev(_index,_value,{Float,Sql,Result,_}:...);..../ Sets entvar data for an enti

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\fakemeta_const.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	23372
Entropy (8bit):	5.155918854172469
Encrypted:	false
SSDEEP:	384:TdanHGuveSv2j2zHnRkQNDvwPRx9r8ri6eaHj8:5qHGuveSaSHnRkQNDwZx9r8rXrj8
MD5:	EFEDD1BE95B37392A60FBBD56EF2435D
SHA1:	47B25F5DA83996CD1C6FC19BF20ED87A70AD461F
SHA-256:	5666DA901187241BDA31BAAB0C3AE842E9A4DC4DD90CFFA385ECF06A9AFEB875
SHA-512:	A6171FCA6E212CE611125AB67BAC994FE32FB967683FA03D7D3902956EFD3E2D762015165EE6122B03D2F4CB2FBE5CF8848C88F989DB58696E1808127C95CAD2
Malicious:	false
Preview:	/* FakeMeta constants.... by the AMX Mod X Development Team.... This file is provided as is (no warranties).../....#if defined _fakemeta_const_included.. #endinput..#endif..#define _fakemeta_const_included....// For forward_return..#define.FMV_STRING..1..#define FMV_FLOAT..2..#define FMV_CELL..3....#include <hlsdk_const>..../ The actual return value of the function, use these instead of PLUGIN_HANDLED etc when.. * returning from registered forwards... */..#define FMRES_IGNORED.1.// Calls target function, returns normal value..#define FMRES_HANDLED.2.// Tells metamod you did something, still calls target function and returns normal value..#define FMRES_OVERRIDE.3.// Supposed to still call the target function but return your value instead.........// however this does not work properly with metamod; use supercede instead...#define FMRES_SUPERCEDE.4.// Block the target call, and use your return value (if applicable)....// Use this with GetInfoKeyBuffer if you want the server's local

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\fakemeta_stocks.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	13835
Entropy (8bit):	5.311139997485901
Encrypted:	false
SSDEEP:	192:Zj18CUSEFfz5sxaiZahyKUI3bJsvZzsW4MJ/o0P7qTAYxeQAmTx898KC1o4kif:cSEhz5scmazUI3bJvMJx2deTC
MD5:	8E209715589D987E400DEF098B0DCEB5
SHA1:	7B3CCAC2B222208C2BB30260A95B357E591FEF0D
SHA-256:	1CE5E675B5FB8631A7814F4B7BA447592F0E345711677C40E3C2DF4FC3080BB6
SHA-512:	6553961BEF327A5C75B205875A24E261A2F5BD7A24FD79D5B310BA513C96BE1C2FD95295874EA5332EF07B073D44B608C20B19F849E9EE3C6CAF1C3D85B7E3A8
Malicious:	false
Preview:	/* FakeMeta stocks.... by the AMX Mod X Development Team.... This file is provided as is (no warranties)...*/....#if !defined _fakemeta_included...#include <fakemeta>..#endif....#if defined _fakemeta_stocks_included.. #endinput..#endif..#define _fakemeta_stocks_included....// EngFuncs..stock EF_PrecacheModel(const string[])...return engfunc(EngFunc_PrecacheModel, string);....stock EF_PrecacheSound(const string[])...return engfunc(EngFunc_PrecacheSound, string);..stock EF_SetModel(const ID, const STRING[])...return engfunc(EngFunc_SetModel, ID, STRING);..stock EF_ModelIndex(const STRING[])...return engfunc(EngFunc_ModelIndex, STRING);..stock EF_ModelFrames(modelIndex)...return engfunc(EngFunc_ModelFrames, modelIndex);....stock EF_SetSize(const STRING[])...return engfunc(EngFunc_SetSize, STRING);..stock EF_ChangeLevel(const S1[], const S2[])...return engfunc(EngFunc_ChangeLevel, S1, S2);..stock EF_VecToYaw(const Float:VECTOR[3], &Float:returnValue)...return engfunc(EngFunc_VecToYaw,

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\file.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3665
Entropy (8bit):	4.893085968669661
Encrypted:	false
SSDEEP:	48:xQE13CaeUZ5KPjuUzMEKKNKvNwIZ+VVYtfiE1wBd5bZtNf/fBdAcrx+L2VCcbHgM:6I3qkiRzM8k8VEfiE1wtj+cASwcA6L
MD5:	C19B347A93A3F6A358DAE354255B81E9
SHA1:	F403D1B117DEBC2EADD3608611A523B600336C2D
SHA-256:	C100E6DA51C7164A2EC18C2EA1C20BACFC4E6B29B8766BB41D5A4775402C1D63
SHA-512:	2D365BA1670BF9335CDE25FE2911B59F2E855FB058633E680CA9C59D9B25E19F7381FB8EDEC72AB28D20758B08BF6D0511AFCDD8D755C1CB94FD0CA5327C8059
Malicious:	false
Preview:	/* Files functions.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is provided as is (no warranties).../....#if defined _file_included.. #endinput..#endif..#define _file_included..../ Reads content from directory...* Returns index of next element or 0 when end of dir. is reached. /..native read_dir(const dirname[],pos,output[],len,&outlen);..../ Reads line from file. Returns index of next line or 0 when end of file is reached. /..native read_file(const file[],line,text[],len,&txtlen);..../ Writes text to file. Function returns 0 on failure...* When line is set to -1, the text is added at the end of file. /..native write_file(const file[],const text[],line = -1);..../ Deletes file. Function returns 1 on success, 0 on failure. /..native delete_file(const file[]);..../ Checks for file. If file exists function returns 1, in other case 0. /..native file_exists(const file[]);..../ renames a file. returns 0 on failure, 1 on success... * if

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\float.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5819
Entropy (8bit):	4.879066329726697
Encrypted:	false
SSDEEP:	96:WD73ydDTACMoICUmo1soK67FasKx0Rml84pFufZh51JpwOtfg3/8UE2kr:WD+dDTACnICU1xRksKORml84pFufZhDt
MD5:	6950566DB3A7537E4034CE0E6DF044E1
SHA1:	161A38F30E18217F40C22412230B2FA9A7CB41D9
SHA-256:	6E3F28F6E11A299801476AAECEEAFC82019A163EA183323A1688EBF1CBE8D2C3
SHA-512:	784C3F6546D384EEABF5E641151E922A5DD0E09E0FFFDC9028941E6AD5542A698AC03790D4F0B8CE5F63D55B9593A3D9112559A7C574D2BCBDB0F77B793E27BC
Malicious:	false
Preview:	/* Float arithmetic.... (c) Copyright 1999, Artran, Inc...* Written by Greg Garner (gmg@artran.com)..* Modified in March 2001 to include user defined..* operators for the floating point functions..... This file is provided as is (no warranties).../....#if defined _float_included.. #endinput..#endif..#define _float_included..../ Different methods of rounding /..enum floatround_method {...floatround_round = 0,...floatround_floor,...floatround_ceil,...floatround_tozero..}....enum anglemode {...radian = 0,...degrees,...grades..}..../ Convert an integer into a floating point value /..native Float:float(value);..../ Convert a string into a floating point value /..native Float:floatstr(const string[]);..../ Multiple two floats together /..native Float:floatmul(Float:oper1, Float:oper2);..../ Divide the dividend float by the divisor float /..native Float:floatdiv(Float:dividend, Float:divisor);..../ Add two floats together */..native Float:floatadd(Float:dividend, Float:div

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\fun.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	4.912073638463064
Encrypted:	false
SSDEEP:	48:JpYylqN2WnDT9ztutCwZRopkWRjrjezVVcUiOif7f9MtYM99HCpakHHpRhuK+:JOylu20T9zGzRopnbeXcUF4ytpjHCpaT
MD5:	43C090CE90ED0A3637D6DBA964A25CA0
SHA1:	9A8A7B14524C1D71B9B4806A5A257A397BF29C53
SHA-256:	A226A43A7079781C9475D190481733252D13EF54773E151183BAA29D5C852B09
SHA-512:	5BA83C271459FC9FFDDCB75725623156BB0E67ADDBD02D1D0703677AF44088C3A793000CC4FE8560781BE0C94733ADBBDAE4ACDF7D37CDB640C0A97E980B2167
Malicious:	false
Preview:	/* Fun functions.... by the AMX Mod X Development Team.... This file is provided as is (no warranties).../....#if defined _fun_included.. #endinput..#endif..#define _fun_included....#if AMXX_VERSION_NUM >= 175.. #pragma reqlib fun.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma loadlib fun.. #endif..#else.. #pragma library fun..#endif..../ Returns 1 if receiver hears sender via voice communication. /..native get_client_listen(receiver, sender);..../ Sets who can listen who. Function returns 0..* if for some reasons this setting can't be done. /..native set_client_listen(receiver, sender, listen);..../ Sets player godmode. If you want to disable godmode set only first parameter. /..native set_user_godmode(index, godmode = 0);..../ Returns 1 if godmode is set. /..native get_user_godmode(index);..../ Sets player armor. /..native set_user_armor(index, armor);..../ Sets player health. /..native set_user_health(index, health);..../ Move player to origin. */..native set_user_o

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\geoip.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	753
Entropy (8bit):	5.091097659531911
Encrypted:	false
SSDEEP:	12:UcAVRPFFoXYiruheAGSsYeAd/e2bMs4FGE1MsoNdnSbL3TRFE3INvLExGKyivLTN:XAHPFFoIDheQe22AiZuNdn8tFwAvLotd
MD5:	56390EFC1A6A4FE885223190D42C65B5
SHA1:	39916A59C4135FEE44A3E28559FA88B37FF70867
SHA-256:	4AD0B3BC472BD4C4232F1A0B54DDD24CBD3FADC20B50E85CFAA8EC01522F389A
SHA-512:	849A2847BDBBD71073B517157D3AFEC26438325492C5A8A9592722A8C013E5F03489535E6613467AE2A8A8F73D7EC034FDB055645BD59D072382C9065B4E11DA
Malicious:	false
Preview:	/* GeoIP module functions for AMX Mod X.. by David "BAILOPAN" Anderson.. (C)Copyrighted under the GNU General Public License, Version 2.. */....#if defined geoip_included.. #endinput..#endif..#define _geoip_included....#if AMXX_VERSION_NUM >= 175.. #pragma reqlib geoip.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma loadlib geoip.. #endif..#else.. #pragma library geoip..#endif....//IP address can contain ports, the ports will be stripped out....//get a two character country code (eg US, CA etc)..native geoip_code2(const ip[], ccode[3]);....//get a three character country code (eg USA, cAN etc)..native geoip_code3(const ip[], result[4]);....//get a full country name. max name is 45 chars..native geoip_country(const ip[], result[], len=45);..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\hlsdk_const.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	23276
Entropy (8bit):	4.757225770878158
Encrypted:	false
SSDEEP:	384:pOBa0BfihR0Y85LOW36ZpL6mhr+O0vae183:pOBRfF5qW3Y56mhkieu3
MD5:	5E612BDACC05F047B8351632702BBE3F
SHA1:	B4F8083F83C5181D0E5716DF8C2D8FCDB85E9241
SHA-256:	CC8B90618303D733F7A7110D20D735AC6FDF443333D7264D4A7CE9532A737FDC
SHA-512:	804AE28C5D0939996F97132DDE7A8C974596B7A07B6C074EBF0B450467E95809DD237CD2798B9A5F526817F7D9E13F273689F1C1F981084A4763984FC1043208
Malicious:	false
Preview:	/* Half-Life Software Development Kit constants.... by the AMX Mod X Development Team.... This file is provided as is (no warranties)...../....#if defined _hlsdk_const_included...#endinput..#endif..#define _hlsdk_const_included....// pev(entity, pev_button) or pev(entity, pev_oldbuttons) values..#define IN_ATTACK (1<<0)..#define IN_JUMP (1<<1)..#define IN_DUCK (1<<2)..#define IN_FORWARD (1<<3)..#define IN_BACK (1<<4)..#define IN_USE (1<<5)..#define IN_CANCEL (1<<6)..#define IN_LEFT (1<<7)..#define IN_RIGHT (1<<8)..#define IN_MOVELEFT (1<<9)..#define IN_MOVERIGHT (1<<10)..#define IN_ATTACK2 (1<<11)..#define IN_RUN (1<<12)..#define IN_RELOAD (1<<13)..#define IN_ALT1

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\lang.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1162
Entropy (8bit):	4.867120985698362
Encrypted:	false
SSDEEP:	24:eDISZ1d251/eoUd+hGdF3o5f9n73jk/3NHsAVBdQqVIqTJQbsPZEb2N9W5:+Pd8/3xQLo5hw/9HNQqaqTJ9Z/9W5
MD5:	1BF4D9EFADF1AC603E1DA69E9537AA50
SHA1:	3BB374FE558EBCD45C8F4BB083D283AE7A5B9252
SHA-256:	1A7A965B565EB4C1DE0BFE8218DB26D6B37108D0F76A495C9F89787E7E2CCA47
SHA-512:	019DBAAF0D3F2F560C21A78D3E55E9D1CFDFD3A53FFBC9A142DF7022588AA4A6F2357D21228A06606BEFE4D75B7A79897841CED69A6C7A2FAE87E5FADBC84338
Malicious:	false
Preview:	/* Language functions.... by the AMX Mod X Development Team.... This file is provided as is (no warranties).../....#if defined _lang_included.. #endinput..#endif..#define _lang_included....//return the number of languages loaded..native get_langsnum();....//sets name to the two-letter name of a language returned by get_langsnum..//index starts at 0..native get_lang(id, name[3]);....//registers a dictionary file, making sure the words are in the dictionary..// the file should be in "addons/amxx/data/lang/", but only the name needs to be..// given. (e.g. register_dictionary("file.txt") will be addons/amxx/data/file.txt)...native register_dictionary(const filename[]);....//returns 1 if the language is loaded, 0 otherwise...native lang_exists(const name[]);....enum TransKey..{...TransKey_Bad = -1,..};..../.. Adds or finds a translation key... /..native TransKey:CreateLangKey(const key[]);..../.. Finds a translation key id without adding on failure... * Returns -1 on not fou

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\message_const.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	25292
Entropy (8bit):	4.9374937650760335
Encrypted:	false
SSDEEP:	192:qMjXPMRdp35UYTZNFyz/LjDVHfPNOyZQfKlU8o/CjFjzC4wgVzlNT/sEEZeCI3:q7CYTZ0kVGkEB3
MD5:	6A3427DBF272E181E7EAFB7E2B8FC0DE
SHA1:	DBECA20F9BF6C37B37CAC02DB607AA941AE17428
SHA-256:	83B48AAA965CF88985C77FD9F27BDABBE73A0F7C9AED2C806EDBF7DB0079BAFC
SHA-512:	31FA5263C466959A63AF5E60F5FC3950277E65EB98B59ECBA5F30ED98522B973C44EDF1CAE61362763E3930CCC265A21891E7ABC64D4A90DA5DB7F81C5BD697A
Malicious:	false
Preview:	/* Message constants.... by the AMX Mod X Development Team.... This file is provided as is (no warranties)...../.. ..#if defined _message_const_included...#endinput..#endif..#define _message_const_included..../* Destination types for message_begin() */..#define.MSG_BROADCAST 0 // Unreliable to all..#define.MSG_ONE 1 // Reliable to one (msg_entity)..#define.MSG_ALL 2 // Reliable to all..#define.MSG_INIT 3 // Write to the init string..#define MSG_PVS 4 // Ents in PVS of org..#define MSG_PAS 5 // Ents in PAS of org..#define MSG_PVS_R 6 // Reliable to PVS..#define MSG_PAS_R 7 // Reliable to PAS..#define MSG_ONE_UNRELIABLE 8 // Send to one client, but don't put in reliable stream, put in unreliable datagram (could be dropped)..#define.MSG_SPEC 9

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\message_stocks.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1248
Entropy (8bit):	5.183491144980291
Encrypted:	false
SSDEEP:	24:aRoIS5Eaj29d1u7kP+I0q2LPByWtCu7I7/pqASXle:ai5vjhk2fVLPwWhE61e
MD5:	911F22EE517CF646E243130D48DA0418
SHA1:	D4951F18DCD7DF24B368019BB1336CC6BBCB8ABC
SHA-256:	726B0D87FCCA54788B999AEF36878F62982306275C5C2165285A2350360B5417
SHA-512:	351031AAE1B26055F7B1B84849EE05E165A579CA14E90B99AEFCF82DB01DB0D43A88A758049D6C40E95ACC75AE438EEAAD52D92EC1BE54A139B91A3B21B57A56
Malicious:	false
Preview:	/* Message Stocks.... by the AMX Mod X Development Team.... This file is provided as is (no warranties)...../.. ..#if defined _message_stocks_included...#endinput..#endif..#define _message_stocks_included..../* Creates a death message. /..stock dod_make_deathmsg(killer, victim, weaponNUM)..{...message_begin(MSG_ALL, get_user_msgid("DeathMsg"), {0,0,0}, 0);...write_byte(killer);...write_byte(victim);...write_byte(weaponNUM);...message_end();.....return 1;..}..../ Kills a user without a message. /..stock user_silentkill(index)..{...static msgid = 0;...new msgblock;...if (!msgid)...{....msgid = get_user_msgid("DeathMsg");...}...msgblock = get_msg_block(msgid);...set_msg_block(msgid, BLOCK_ONCE);....user_kill(index, 1);...set_msg_block(msgid, msgblock);.....return 1;..}..../ Creates a death message. */..stock make_deathmsg(killer, victim, headshot, const weapon[])..{...message_begin(MSG_ALL, get_user_msgid("DeathMsg"), {0,0,0}, 0);...write_byte(killer);...write_byte(victim);.....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\messages.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3367
Entropy (8bit):	4.783883109416478
Encrypted:	false
SSDEEP:	96:HiPMxeA1WJAGkDRlvpH/eb1fLGMsIkTaoj:HiPqeAfDnpeJfLsIkTaoj
MD5:	807436195D7C6D34E37EFE06617BA570
SHA1:	A3D3B5FC36337C92BAE2B47563FA01F599B02EE8
SHA-256:	62137F233EDC5D0D9F276D57D162E56AE6A99B55D0AB7CCF175AE2C19C7CF144
SHA-512:	6C80019E65B2B946CB41DF357C9FA6571B95ADD505C847188080D50D6C8765808CA6BAD8496F078763B09E1FD206DDA1E4D73E2375B2053319DC86DD478599EF
Malicious:	false
Preview:	/* Messaging functions (now part of Core).. .. by the AMX Mod X Development Team.. .. This file is provided as is (no warranties)... /....#if defined _coremsg_included.. #endinput..#endif..#define _coremsg_included....#include <message_const>..../ These functinos are used to generate client messages... * You may generate menu, smoke, shockwaves, thunderlights,.. * intermission and many many others messages... * See HL SDK for more examples. /..native message_begin(dest, msg_type, const origin[3] = {0,0,0}, player = 0);..native message_end();..native write_byte(x);..native write_char(x);..native write_short(x);..native write_long(x);..native write_entity(x);..native write_angle(x);..native write_coord(x);..native write_string(const x[]);..../ These are the same as above, except that the messages sent.. * are also sent to all other plugins and Metamod plugins... * This means that if you send one of these messages, other plugins will.. * be notified, which was previously impo

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\ns.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6874
Entropy (8bit):	4.895745417447447
Encrypted:	false
SSDEEP:	192:9yvws91lZLs1zpZqY3wr6+rZ5nPTyyZyFK5D:4vwGLs1zpZqY3V+rZ5nPTyUVD
MD5:	04C2D84D3E199662762BC4C76C6560E9
SHA1:	65AFEA21FDD3816F1912D6ECFBB35563749C81F5
SHA-256:	625B0A9E97CAD62A26307518749227C8099A66018C4FEC765CA1F1E192846287
SHA-512:	A0970D235C89E9A21390057380C3C6435332CB393D81B03046203C5E167A41D7A2445463B3ED9A9F4F0800C6D7CE4DE7398C16C81B5888F0CD1B344D0808CB2A
Malicious:	false
Preview:	/* NS module functions.. * -.. * (c) 2004, Steve Dudenhoeffer.. * This file is provided as is (no warranties)... /....#if defined NS_INC...#endinput..#endif..#define NS_INC.....#if AMXX_VERSION_NUM >= 175.. #pragma reqlib ns.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma loadlib ns.. #endif..#else.. #pragma library ns..#endif......#include <ns_const>....../ Called whenever the client's class is changed. The classes given match get_class() output /..forward client_changeclass(id,newclass,oldclass);..../ Called whenever the client build's a structure. If type is 1, it's a marine structure, if type is 2, it's alien. /..forward client_built(idPlayer,idStructure,type,impulse);..../ Returns if the map's combat or not. /..native ns_is_combat();..../ Sends a popup to a player. Set target to 0 to send to everybody. Message length is 180 characters. The last parameter, if set to 1, will only display when the player has cl_autohelp set to 1. */..native ns_popup(target,const szMsg[180],a

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\ns2amx.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5882
Entropy (8bit):	5.093050946943292
Encrypted:	false
SSDEEP:	96:Fu0ySocWcxXQUElb+3SYH+TcSm/UVlLWh2nKBjthRI1LGGV8brqM6BBBVjbodG:Fu0ySPXXwlq3SYH+wSm/UVlqh2nKBjtk
MD5:	B0A24EE67BF96532613FAFBA93614928
SHA1:	1AD11A0344B8EE2CC6866B599773EC4C4C4561CC
SHA-256:	784AF17AE8133F063B395BA4F5985BCC8E41356FC5E8942F5645EE6F5A3DDC65
SHA-512:	19ED109BBD21D3FC279AA1D0FF6A250EB53A5B007AB6CD52CBC663040686CA1B57104BE45D5FB6BAE2133290782CEEE23F5D702E218471F253E661CD5A400BE4
Malicious:	false
Preview:	/* NS2AMX Utility backwards compatibility.... by the AMX Mod X Development Team.... This file is provided as is (no warranties).../....#if defined _ns2amx_included.. #endinput..#endif..#define _ns2amx_included....#include <engine> // various engine calls..#include <fakemeta> // pev/engfunc/dllfunc/various calls which rely on engfunc/dllfunc..#include <ns> // ns specifics....stock is_entity(id)...return is_valid_ent(id);..../ The end of the native is buffered incase the plugin is including an NS_VERSION (no longer supported), ignore it */..stock get_build(classname[], value, number=0,{Float,Sql,Result,_}:...)...return ns_get_build(classname, value, number);....stock get_private_i(index, offset, linuxdiff=5)...return get_pdata_int(index, offset, linuxdiff);....stock set_private_i(index, offset, value, linuxdiff=5)..{...return set_pdata_int(index, offset, value, linuxdiff);..}....stock Float:get_private_f(index, offset, linuxdiff=5)..{...return get_pdata_float(index,

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\ns_const.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3437
Entropy (8bit):	5.500322525054905
Encrypted:	false
SSDEEP:	48:BPxOaHPyo1hJ+dAgi/MqrB2K/b2rWcFquSrSV6:BwKPFPPrP/b2rVFquQSs
MD5:	F08D16E718224768634474B70C29E32D
SHA1:	514CE6DAC6E7B5B506D68CFC391F65F6B8A070AB
SHA-256:	5A5AE5A304C9329417B3B564645367C35B0E62249C1F130B06AB10E618BF0DA0
SHA-512:	F32916098163F8FCC598DA01C9F6FB011A2D393D1D3C1B0642DF8947BE905E9AAA06B03C95C939AA56C475CA1ABB3BD0A89F82AFE698C16D962ECE880F3AECF7
Malicious:	false
Preview:	/* NS module constants.. * -.. * (c) 2004, Steve Dudenhoeffer.. * This file is provided as is (no warranties)... */......#if defined NS_CONST_INC...#endinput..#endif..#define NS_CONST_INC....// entity pev->iuser4 fields..enum {...MASK_NONE = 0,...MASK_SIGHTED = 1,...MASK_DETECTED = 2,...MASK_BUILDABLE = 4,...MASK_BASEBUILD0 = 8,..// Base build slot #0...MASK_WEAPONS1 = 8,..// Marine weapons 1...MASK_CARAPACE = 8,..// Alien carapace...MASK_WEAPONS2 = 16,..// Marines weapons 2...MASK_REGENERATION = 16,..// Alien regeneration...MASK_BASEBUILD1 = 16,..// Base build slot #1...MASK_WEAPONS3 = 32,..// Marine weapons 3...MASK_REDEMPTION = 32,..// Alien redemption...MASK_BASEBUILD2 = 32,..// Base build slot #2...MASK_ARMOR1 = 64,..// Marine armor 1...MASK_CELERITY = 64,..// Alien celerity...MASK_BASEBUILD3 = 64,..// Base build slot #3...MASK_ARMOR2 = 128,..// Marine armor 2...MASK_ADRENALINE = 128,..// Alien adrenaline...MASK_BASEBUILD4 = 128,..// Base build slot #4...MASK_ARMOR3 = 256,..// Mar

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\nvault.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1657
Entropy (8bit):	4.91699634784208
Encrypted:	false
SSDEEP:	24:6ISZfH22D6NdnoZbAGTRnbNFER+RpPpk8RpP3ksskovEtru/iCHxLc/yt3q:yxHlDW1GdnbHRpD31Btru/tHxc/yta
MD5:	40A3F35F7F90B9163E1C89A0B022464C
SHA1:	EAC5151E28565D9E9F095C23907F17DFCAC051B1
SHA-256:	5FBF429A326598B6D173553B168179BF3F22B919EF7ECB66A4A15B825E117C26
SHA-512:	83DC3CE0B3EF639EB3FCBE15FF1B3EABE539631A0585CCDAF28E41907004F89366FC4F600B469C694C111F888547CB4ACBAE67EA979AE3F425E260CF0FD694D1
Malicious:	false
Preview:	/* nVault functions.... by the AMX Mod X Development Team.... This file is provided as is (no warranties).../....#if defined _nvault_included.. #endinput..#endif..#define _nvault_included....#if AMXX_VERSION_NUM >= 175.. #pragma reqlib nvault.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma loadlib nvault.. #endif..#else.. #pragma library nvault..#endif..../ All timestamps are in UNIX epoch form. /..../ Opens a vault by name (such as "myvault").. * Returns a vault id, INVALID_HANDLE otherwise (-1).. /..native nvault_open(const name[]);..../ Gets a vault value by returning an int.. * setting a byref float or setting a string + maxlength.. /..native nvault_get(vault, const key[], ...);..../ Looks up a vault value for full information.. * Returns 0 if the entry is not found.. /..native nvault_lookup(vault, const key[], value[], maxlen, &timestamp);..../ Sets a vault value (with current timestamp) /..native nvault_set(vault, const key[], const value[]);..../ Sets a permanent v

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\regex.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1266
Entropy (8bit):	5.100857754322526
Encrypted:	false
SSDEEP:	24:nXeoSVyPAow22R2GyNdnljnFrW2JLI3kXoJCDULWUOw4f/TiNN4mq:OoSVyrwlR2G+ljnFrPpckJDUL94fONNK
MD5:	60A5E7E9A827D8A4326A177E8C9E993F
SHA1:	36EB334FDCDF59A2EE94350EE456371409DB4BCB
SHA-256:	FCDDC6258B8AC720CF9DED79E1A5F41E150B5C5B12F381D39BF941620F71476D
SHA-512:	793C079B27DA9AF96B49A0117E74FDBD97DF207FFFA3DBB6526903E58B2F80553C878CA750EB6CF196C4491F6ABAF08C57AE34F01D9210A1B44AAADCA6C6EAA2
Malicious:	false
Preview:	/* Regular Expression API.. * (C)2004 by David "BAILOPAN" Anderson.. * Licensed under the GNU General Public License... * No warranties of any kind... /....#if defined _regex_included.. #endinput..#endif..#define _regex_included....#if AMXX_VERSION_NUM >= 175.. #pragma reqlib regex.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma loadlib regex.. #endif..#else.. #pragma library regex..#endif....enum Regex..{...REGEX_MATCH_FAIL = -2,...REGEX_PATTERN_FAIL,...REGEX_NO_MATCH,...REGEX_OK..};..../ Return values:.. -2 = Matching error (error code stored in ret).. -1 = Error in pattern (error message and offset # in error[] and ret).. 0 = No match.. >1 = Id for getting more info (you must call regex_free() later on).. (also note that ret will contain the number of substrings found) .. /.. ..native Regex:regex_match(const string[], const pattern[], &ret, error[], maxLen);..../ Returns a matched substring from a regex handle.. * substring ids start at 0 and end at ret-1, where re

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\sockets.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	1641
Entropy (8bit):	5.089954139537993
Encrypted:	false
SSDEEP:	48:zk4QHXcHRlZ+zDRVE4qUgR49U/UJVXlVB6pd:zwMHRl0zo4qUgR8NJVXTYf
MD5:	79BE5B3CC105D1F5BA6FDC31896409E6
SHA1:	34AA7A81790B63308A1D19B7E8EBB7711AD27B27
SHA-256:	A32F8DCD1D93C4CD20722B6C6F819FEA36E1961502B188A1611F71EE1092B1B0
SHA-512:	E39DE5B14CED0ABBF3F08E6C5B84641809B2312209E2990CF2F9D24C9CB6841A8D5BD026276DC91478990B20F40214A054D40947CAED20A7AC49E0FB92E0EADA
Malicious:	false
Preview:	/.. .. * AMX Mod X Module.. * Basic Socket Functions.. * .. * Codebase from Ivan, -g-s-ivan@web.de (AMX 0.9.3).. * Modification by Olaf Reusch, kenterfie@hlsw.de (AMXX 0.16, AMX 0.96).. * .. /....#if defined _socket_included...#endinput..#endif..#define _socket_included....#if AMXX_VERSION_NUM >= 175.. #pragma reqlib sockets.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma loadlib sockets.. #endif..#else.. #pragma library socket..#endif....// Use SOCKET_TCP for TCP Socket connections....#define SOCKET_TCP 1....// Use SOCKET_UDP for UDP Socket connections....#define SOCKET_UDP 2..../ Opens a new connection to hostname:port via protocol (either SOCKET_TCP or SOCKET_UDP),.. * returns a socket (positive) or negative or zero on error... * States of error:.. * 0 - no error.. * 1 - error while creating socket.. * 2 - couldn't resolve hostname.. * 3 - couldn't connect to given hostname:port ../....native socket_open(const _hostname[], _port, _protocol = SOCKET_TCP, &_error);..../ Closes a So

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\sorting.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2580
Entropy (8bit):	4.840261727137722
Encrypted:	false
SSDEEP:	48:cNuEabRmGeE1gf1O1T9fgiJGA4nbdAuglLvibG4wRPathGAiNAlglv:FEabRsE1z5hgiJGAGdVkWG4wRPathGAQ
MD5:	9800CAE5F33C15382239DD20D7C88A79
SHA1:	414DEF5642715B9F2A889C2E0F5A3217D75F8ACB
SHA-256:	304F94A7D9F4461EBDAD0E514C102F3C5D5906A3DF8FE40ED7A804393D4C2E0D
SHA-512:	755C3686394C6A93A8DC1D6D993DC82DA48EA7933685F8A2893BD626ADB9C1DEA88237219808748DB27C0380DFF947419FEBF8B6379243FD7515D1D30C775511
Malicious:	false
Preview:	/* Sorting functions... .. by the AMX Mod X Development Team.. .. This file is provided as is (no warranties)... .. All sort functions are based off the qsort() function from the .. * C standard library, which uses the Quick Sort algorithm... * For more info, see: http://linux.wku.edu/~lamonml/algor/sort/sort.html.. /....#if defined _sorting_included.. #endinput..#endif..#define _sorting_included....enum SortMethod..{...Sort_Ascending = 0,...Sort_Descending = 1,..};..../.. Basic sorting functions below... /....native SortIntegers(array[], array_size, SortMethod:order = Sort_Ascending);....native SortFloats(Float:array[], array_size, SortMethod:order = Sort_Ascending);....native SortStrings(array[][], num_strings, SortMethod:order = Sort_Ascending);..../.. Custom sorting functions below... /..../* .. * Sorts a custom 1D array. You must pass in a comparison function... * The sorting algorithm then uses your comparison function to sort the data... * The function is

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\sqlx.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	9232
Entropy (8bit):	5.140330815056464
Encrypted:	false
SSDEEP:	192:mNvv4iTB6L9PgQagzlSvkCgrlVz02tWuQuibukT+YT+ElB8:g9QBxskVHtWumu4j8
MD5:	8E7C6A3F6A70E4875B43C53D983EAA4B
SHA1:	0F4B954B5A9C9B286F91202FC6B24867392AEC65
SHA-256:	EA35674D0A4AF2650764FD292E08A39DC59E3BC9B7E653659313EDFA52FD1899
SHA-512:	64F9F5EE595603D0CAF21D2E34E1CF8F3C3ED2F29F751F2E0080EBE2753B54BEC6ABE12E49B2B2B74A741DC849456ECE0E1CA960E2E690FF76549AB4043F1C89
Malicious:	false
Preview:	/*.. SQLX - Newer version of SQL stuff.. /....#if defined _sqlx_included.. #endinput..#endif..#define _sqlx_included....//eh....#define SQL_NumRows SQL_NumResults....#if AMXX_VERSION_NUM >= 175.. #pragma reqclass sqlx.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma defclasslib sqlx mysql.. #endif //!defined AMXMODX_NOAUTOLOAD..#endif //AMXX_VERSION_NUM....enum Handle..{.. Empty_Handle..};..../.. Creates a connection information tuple... * This tuple must be passed into connection routines... * Freeing the tuple is not necessary, but is a good idea if you .. * create many of them. You can cache these handles globally... * !!NOTE!! I have seen most people think that this connects to the DB... * Nowhere does it say this, and in fact it does not. It only caches.. * the connection information, the host/user/pass/etc... .. The optional timeout parameter specifies how long connections should wait before.. * giving up. If 0, the default (which is undefined) is used... .. /

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\string.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8438
Entropy (8bit):	4.982082948841177
Encrypted:	false
SSDEEP:	192:lQa28lpFjMISbsZkNUXYiBKqXYc7Yy0+NvppjbN:j28JpPaUIiBKqXYaYyJNR9bN
MD5:	AD2C27B6C9715FC274B64A4DB530C6FC
SHA1:	020AADA2F731D8FA15ED84A57B619794CF782B3C
SHA-256:	E104F32A8BA88F5FA42B3322E1A69C4DBFF2D759E0E4AF745EA110B0E0B3E4B1
SHA-512:	60C0C9CFC041018BE99E8F073E7496B98398C22239A34261CC2DAE3BC3130DE834CA9BDB66422922327F86017F662CA9BFC628873CA05DDB3F5F60E6C9466827
Malicious:	false
Preview:	/* Strings manipulation.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is provided as is (no warranties).../....#if defined _string_included.. #endinput..#endif..#define _string_included..../ Checks if source contains string. On success function..* returns position in source, on failure returns -1. /..native contain(const source[],const string[]);..../ Checks if source contains string with case ignoring. On success function..* returns position in source, on failure returns -1. /..native containi(const source[],const string[]);..../ Replaces given string to another in given text. /..native replace(text[], len, const what[], const with[]);..../ Adds one string to another. Last parameter different from 0, specifies..* how many chars we want to add. Function returns number of all merged chars. /..native add(dest[],len,const src[],max=0);..../ Fills string with given format and parameters... * Function returns number of copied chars... * E

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\tfcconst.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1433
Entropy (8bit):	5.1623478780959875
Encrypted:	false
SSDEEP:	24:yDShlRT2imqgPxZu1Tgj57tYwTku86CLacZLhKtEpO7ssqZt:DlThmqgjW+57N9cKtE87shZt
MD5:	A6DCC2EABC0AE522FDFF573E6C80F0A7
SHA1:	73BCD1673DF8A5E7E0D3F27FC3EC31203E95915B
SHA-256:	95F0FFB7F0CFA15E0256EC0549ACF5248364E01041919373BA5E56A33A53FE95
SHA-512:	FB87BCB80CAA33A3969836DD4FB87207B0A5E9CAF5AE2C666DE2A9C31C43E56F44B9A856656C43E170282874BA6E04BB4679951D9F61D15D0FAB4A1FEB77002F
Malicious:	false
Preview:	/* TFCX const.. .. (c) 2004, SidLuke.. * This file is provided as is (no warranties)... */....#if defined _tfcconst_included.. #endinput..#endif..#define _tfcconst_included......#define TFCMAX_WEAPONS.37....enum {...TFC_AMMO_SHELLS = 0, ...TFC_AMMO_BULLETS, ...TFC_AMMO_CELLS, ...TFC_AMMO_ROCKETS, ...TFC_AMMO_NADE1, ...TFC_AMMO_NADE2, ..};....enum {...TFC_WPN_NONE = 0,...TFC_WPN_TIMER,//TFC_WPN_UNK1,...TFC_WPN_SENTRYGUN,//TFC_WPN_UNK2,...TFC_WPN_MEDIKIT,...TFC_WPN_SPANNER,...TFC_WPN_AXE,...TFC_WPN_SNIPERRIFLE,...TFC_WPN_AUTORIFLE,...TFC_WPN_SHOTGUN,...TFC_WPN_SUPERSHOTGUN,...TFC_WPN_NG,...TFC_WPN_SUPERNG,...TFC_WPN_GL,...TFC_WPN_FLAMETHROWER,...TFC_WPN_RPG,...TFC_WPN_IC,...TFC_WPN_FLAMES,//TFC_WPN_UNK16,...TFC_WPN_AC,...TFC_WPN_UNK18,...TFC_WPN_UNK19,...TFC_WPN_TRANQ,...TFC_WPN_RAILGUN,...TFC_WPN_PL,...TFC_WPN_KNIFE,...TFC_WPN_CALTROP, // 24...TFC_WPN_CONCUSSIONGRENADE,...TFC_WPN_NORMALGRENADE,...TFC_WPN_NAILGRENADE,...TFC_WPN_MIRVGRENADE,...TFC_WPN_NAPALMGRENADE,...TFC_WPN_GASGRENA

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\tfcstats.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2046
Entropy (8bit):	4.781327522009067
Encrypted:	false
SSDEEP:	48:t+KUgUgiUme4Z0FxSaXAQ1sj/K9/osj/y7SVH+mvM3xJGBa:tjUgUor4Z0HSaXkj/Uj/rt+YMhJGBa
MD5:	F007CFF06CD233692783952C42E38D0F
SHA1:	502EE8979F6E751FDDDC63A758A0EF4A7398F57F
SHA-256:	715B8575DFE6755C90E00BAAEE08882B25F942B72CFDED844C0F812B502A689D
SHA-512:	9D22EC9B4826E4F1E8383C4ECB550208C8C2C1AC6DCB1B39F63DA9B9E03577553A275645BA6912A83044B094D027E640A52BB33AB393CD7C826F43674032F573
Malicious:	false
Preview:	/* TFCX Stats functions.. .. (c) 2004, SidLuke.. * This file is provided as is (no warranties)... /....#if defined _tfcstats_included.. #endinput..#endif..#define _tfcstats_included..../ Gets stats from given weapon index. If wpnindex is 0..* then the stats are from all weapons. If weapon has not been used function..* returns 0 in other case 1. Fields in stats are:..* 0 - kills..* 1 - deaths..* 2 - headshots..* 3 - teamkilling..* 4 - shots..* 5 - hits..* 6 - damage..* For body hits fields see amxconst.inc. /..native get_user_wstats(index,wpnindex,stats[8],bodyhits[8]);..../ Gets round stats from given weapon index./..native get_user_wrstats(index,wpnindex,stats[8],bodyhits[8]);..../ Gets overall stats which are stored in file on server..* and updated on every respawn or user disconnect...* Function returns the position in stats by diff. kills to deaths. /..native get_user_stats(index,stats[8],bodyhits[8]);..../ Gets round stats of player. */..native get_user_rstats(index,st

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\tfcx.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3853
Entropy (8bit):	5.093291041068524
Encrypted:	false
SSDEEP:	96:sEAfSH/qwDFSkOrGYvJ9PrHmlcPNfzOBfvJrKcvN:sEuSfqTkOX9PrMr9
MD5:	D1DAC822C576E917C0E11BC7FE5298AB
SHA1:	92D5745A772D894F8B2E7718713E8EF5B0125F35
SHA-256:	7FE44429FDC892B38FB7AEE383EE2C93DAA8DCEF7EC2DDF9FDF5DD31334EBD1C
SHA-512:	E908F7E34FEEC64CD135DA7CB97BB855F1E2519E351F350D61F91575BEECE6EF2663DA8AF74A202ED20CDAD100575CD5029F8D4347573DE87016B11F24B535C2
Malicious:	false
Preview:	/* tfcX functions.. .. (c) 2004, SidLuke.. * This file is provided as is (no warranties)... /....#if defined _tfcx_included.. #endinput..#endif..#define _tfcx_included....#include <tfcconst>..#include <tfcstats>....#if AMXX_VERSION_NUM >= 175.. #pragma reqclass xstats.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma defclasslib xstats tfcx.. #endif..#else.. #pragma library tfcx..#endif..../********** Shared Natives Start *****************************/..../ Forward types /..enum {.. XMF_DAMAGE = 0,.. XMF_DEATH,..}..../ Use this function to register forwards /..native register_statsfwd( ftype );..../ Function is called after player to player attacks ,..* if players were damaged by teammate TA is set to 1 /..forward client_damage(attacker,victim,damage,wpnindex,hitplace,TA);..../ Function is called after player death ,..* if player was killed by teammate TK is set to 1 /..forward client_death(killer,victim,wpnindex,hitplace,TK);..../ Custom Weapon Support /../ function

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\time.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3783
Entropy (8bit):	5.0159940501452915
Encrypted:	false
SSDEEP:	96:A0j/xoeTa//5G65g55iP5yp5IhR5oIjYGpgiUsUuUVTU6UVWG8:A0doeK5G65g55iP5yp5IT5oazpjUsPUb
MD5:	A76DE7F6BFA0BF02748FC61D56946D94
SHA1:	3F92E2B07B8731F210A4A48666693121D0A8DA74
SHA-256:	144F5E293D1D712AB39E5C2970492CA6CC2CB2BB9F34EBF736C3BC843BFCDA48
SHA-512:	1C0127194D81868AABDA2B674113012A49C9993BB15C39E1694A8FA24885108701E0EC555ADE2095E41B5C16E796A19953158B35653D36D9AB0AAA21BBAC8AEB
Malicious:	false
Preview:	/* Time specific functions.... by the AMX Mod X Development Team.... This file is provided as is (no warranties).../....#if defined _time_included.. #endinput..#endif..#define _time_included..../ Time unit types for get_time_length() /..enum ..{.. timeunit_seconds = 0,.. timeunit_minutes,.. timeunit_hours,.. timeunit_days,.. timeunit_weeks,..}....// seconds are in each time unit..#define SECONDS_IN_MINUTE 60..#define SECONDS_IN_HOUR 3600..#define SECONDS_IN_DAY 86400..#define SECONDS_IN_WEEK 604800..../ Stock by Brad */..stock get_time_length(id, unitCnt, type, output[], outputLen)..{..// IMPORTANT: .You must add register_dictionary("time.txt") in plugin_init()....// id: The player whose language the length should be translated to (or 0 for server language)...// unitCnt: The number of time units you want translated into verbose text...// type: The type of unit (i.e. seconds, minutes, hours, days, weeks) that you are passing in...// out

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\tsconst.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2544
Entropy (8bit):	5.442125916753264
Encrypted:	false
SSDEEP:	48:yeBH6JzigszK/JPghZ+fkAeQ2mvKQQPcyWm1cro53joUJzUTG:y2H6dsu/A2SQQEroFoUJzUK
MD5:	5043BEE2DBA858873B29A06C43C5FC3B
SHA1:	533ACB360BEC9838C9BCF0039F9F657ADF5DF9A5
SHA-256:	C6CC332D394D26EE2D2280A8D936F9AE95D3AF1477A0430DD342590C0A52E6E5
SHA-512:	962ADEBE55E9265E7036ECB4AB0FF141C898C28862968E73BF1888C7AA38C66D006681A0CCD0F94EE7EF4045A73C9321F6861560C023F0EFB60FD1B43E5108C3
Malicious:	false
Preview:	/* TSFUN constants.. .. (c) 2005, Suzuka.. * This file is provided as is (no warranties)... */....#if defined _tsconst_included.. #endinput..#endif..#define _tsconst_included....#define TSMAX_WEAPONS 44.// 37 + throwing knife + brekable + 5 custom weapon slots....#define TSPWUP_NONE...0..#define TSPWUP_RANDOM...0..#define TSPWUP_SLOWMO ...1..#define TSPWUP_INFAMMO.. .2..#define TSPWUP_KUNGFU.. .4..#define TSPWUP_SLOWPAUSE ..8..#define TSPWUP_DFIRERATE..16..#define TSPWUP_GRENADE...32..#define TSPWUP_HEALTH...64..#define TSPWUP_ARMOR...128..#define TSPWUP_SUPERJUMP..256....#define TSITEM_KUNGFU...1<<0..#define TSITEM_SUPERJUMP..1<<1....#define TSKF_STUNTKILL...1<<0..#define TSKF_SLIDINGKILL..1<<1..#define TSKF_DOUBLEKILL...1<<2..#define TSKF_ISSPEC...1<<3..#define TSKF_KILLEDSPEC...1<<4....#define TSA_SILENCER...1..#define TSA_LASERSIGHT...2..#define TSA_FLASHLIGHT...4..#define TSA_SCOPE....8....#define TSMSG_NORMAL...6..#define TSMSG_WAITING...11..#define TSMSG_DEAD...1..#define TS

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\tsfun.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5000
Entropy (8bit):	5.2190373262977205
Encrypted:	false
SSDEEP:	96:iJNT4gWnOfEORmCeGLRSzSpSaHS5S/S0Sx8NloO09PnL7n1QLwBJFyuVpEVgOGum:iJNUgWX4mCeG04VMI/SmoT9PnL7n1+wT
MD5:	F336FE558EA0478EB2F08D8DAA01D12E
SHA1:	6B12B8F750D2CAFB9B89CEE8461B48F38EFA45E1
SHA-256:	F247F0E3235B1CCC2F047732283CE71FE73456DC0F42D34FA3C59DE00FEDF56B
SHA-512:	365C3A0DF65A0953F0407AB37DD3B02C75806B498879B6DE605092B0DDFC38DB06BF0C33D57B2192CD6AEF8A15C47679D2F6B2F3DFEBE9A41009CB572AEC26AA
Malicious:	false
Preview:	/* TSFUN.. .. (c) 2005-2006, AMX Mod X Dev Team.. * This file is provided as is (no warranties)... /....#if defined _tsxfun_included.. #endinput..#endif..#define _tsxfun_included....#include <tsx>..#include <tsconst>..../********** Shared Natives Start *****************************/..../ Forward types /..enum {.. XMF_DAMAGE = 0,.. XMF_DEATH,..}....#if AMXX_VERSION_NUM >= 175.. #pragma reqlib tsfun.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma loadlib tsfun.. #endif..#else.. #pragma library tsfun..#endif..../********** Shared Natives End *****************************/..../ Function is called just before a kung foo attack is done,.. * damage and time length may be altered with natives... * Return PLUGIN_HANDLED to stop attack... * UNAVAILABLE IN 1.70.. /..forward Melee_Attack(id,Float:time,Float:damage,UNAVAILABLE);......// Returns when someone stunts, after they do it...//UNAVAILABLE IN 1.70..forward client_stunt(id,stunttype,UNAVAILABLE);..../ Function is called

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\tsstats.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2178
Entropy (8bit):	4.788042995706029
Encrypted:	false
SSDEEP:	48:t+OUMUgiUme6otyZ0FxSaXAQ1sj/K9/osj/y7SVH+mvM3xJGBv:t5UMUorptyZ0HSaXkj/Uj/rt+YMhJGBv
MD5:	1EDED5966C1EB691D86A7EA0A94AC5D7
SHA1:	7D85DB23572E5505C066AEB6B93905346ABAF999
SHA-256:	131CE1BA14BEFDCD9EBC16D2900078B2BDFA7BCBAFDA71E25C1C520EA113B723
SHA-512:	88207378C9EA27639791719AF5E92AF7CAE8252009363A14A5E163947AA908FFE6441376C2F33EF8BD5BFF983FA82ECE0E662A94FACDB67E9E9A8C4E77DFA3AC
Malicious:	false
Preview:	/* TSXMod Stats functions.. .. (c) 2004, SidLuke.. * This file is provided as is (no warranties)... /....#if defined _tsstats_included.. #endinput..#endif..#define _tsstats_included..../ Gets stats from given weapon index. If wpnindex is 0..* then the stats are from all weapons. If weapon has not been used function..* returns 0 in other case 1. Fields in stats are:..* 0 - kills..* 1 - deaths..* 2 - headshots..* 3 - teamkilling..* 4 - shots..* 5 - hits..* 6 - damage..* For body hits fields see amxconst.inc. /..native get_user_wstats(index,wpnindex,stats[8],bodyhits[8]);..../ Gets round stats from given weapon index./..native get_user_wrstats(index,wpnindex,stats[8],bodyhits[8]);..../ Gets life (from spawn to spawn) stats from given weapon index./..native get_user_wlstats(index,wpnindex,stats[8],bodyhits[8]);..../ Gets overall stats which are stored in file on server..* and updated on every respawn or user disconnect...* Function returns the position in stats by diff. kills t

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\tsx.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2418
Entropy (8bit):	5.097656293888293
Encrypted:	false
SSDEEP:	48:5awOz5yd3I/s3lGDFJAkOlt3/eWiCjvJbowGo+EIw:owOdWI/qwDFSkOrGYvJcwG3EL
MD5:	D9D8343437F9EC411BFB70EDE6BF968B
SHA1:	EBB1C37120C037D93C6E6416008094DE532DA55F
SHA-256:	9D9952F49BF93D5A44BA27C282B1DBC950D8D5F9A8A44B91520496769D308A8D
SHA-512:	8FEE2820C56020D1E29AC408A62E9D133F87B5C68A1E2E7B946E0B13575791AC9270D0D895CCC0776302556AE77F250E7F9D50620D1AB0A5803BB6C3E594256A
Malicious:	false
Preview:	/* TSXMod functions.. .. (c) 2004, SidLuke.. * This file is provided as is (no warranties)... /....#if defined _tsx_included.. #endinput..#endif..#define _tsx_included....#include <tsstats>....#if AMXX_VERSION_NUM >= 175.. #pragma reqclass xstats.. #if !defined AMXMODX_NOAUTOLOAD.. #pragma defclasslib xstats tsx.. #endif..#else.. #pragma library tsx..#endif..../********** Shared Natives Start *****************************/..../ Forward types /..enum {.. XMF_DAMAGE = 0,.. XMF_DEATH,..}..../ Use this function to register forwards .. * DEPRECATED.. /..native register_statsfwd( ftype );..../ Function is called after player to player attacks ,..* if players were damaged by teammate TA is set to 1 /..forward client_damage(attacker,victim,damage,wpnindex,hitplace,TA);..../ Function is called after player death ,..* if player was killed by teammate TK is set to 1 /..forward client_death(killer,victim,wpnindex,hitplace,TK);..../ Custom Weapon Support /../ function will

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\vault.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	644
Entropy (8bit):	4.817007755035122
Encrypted:	false
SSDEEP:	12:UpIZqFbEFSSXRWzAGSszAdfAAihzoRkISKC8R5REbQZXjsa9I3eQ/:USFSZzb2oA8UiAxRZZe3es
MD5:	8481A259F66322A931FAA4D57413D708
SHA1:	646097A907B451D5085551355EE83A8FF2DF6323
SHA-256:	DD4E3D1A0F99E3D010994873D447024D84883A2CB071D0F97FE0C1A968736461
SHA-512:	D6E628000C4B02644E45E6EE16C8C4D52A7428BF6A830D4F224B8BD796F4C3965F60FC21DF935623B9E2A9E36FD541A4B3B4D8123BDDAC16B0000765A6C59561
Malicious:	false
Preview:	/* Vault functions.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is provided as is (no warranties).../....#if defined _vault_included.. #endinput..#endif..#define _vault_included..../ Reads a data from given key...* If len is set to zero then get_vaultdata..* returns value as an number. /..native get_vaultdata(const key[], data[] = "", len = 0);..../ Sets a data under given key. /..native set_vaultdata(const key[], const data[] = "" );..../ Removes a key from vault./..native remove_vaultdata(const key[]);..../ Checks if a key exists in the vault.*/..native vaultdata_exists(const key[]);

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\vector.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1694
Entropy (8bit):	5.083965182010055
Encrypted:	false
SSDEEP:	24:a538GShV92ccivcHmcwx9qSnKaLKrZjU8z36rYJipTPJ4lx49yxmyGhgtFPB4+L4:Gu79kHbY9Q5U8OrYi7SIGm7654+71e
MD5:	3308A867C6CF1E3E2B87DE67052690CC
SHA1:	34335E00E1830DAF31291F703903C5EBA21DE696
SHA-256:	462E1C2D31FDF7A567DDF32375BF0A49998E25F2DDFC64560D2ABB1ACC27B4CF
SHA-512:	CA22C4D2E80F1EE65B244A1A87D85C59713A6C6079D56E896631604C81AEF83F027650361EF7A4A35F293D53E175002DC8C2B0C9FDCCEEE6120DE748D7B6FE66
Malicious:	false
Preview:	/* Vector functions (now part of Core).. .. by the AMX Mod X Development Team.. .. This file is provided as is (no warranties)... /....#if defined _corevector_included.. #endinput..#endif..#define _corevector_included..../ Used for angle_vector() /..#define ANGLEVECTOR_FORWARD 1..#define ANGLEVECTOR_RIGHT 2..#define ANGLEVECTOR_UP 3..../ Returns distance between two vectors. /..native get_distance(const origin1[3], const origin2[3]);..../ Gets distance between two origins (float). /..native Float:get_distance_f(const Float:Origin1[3], const Float:Origin2[3]);..../ Gives you a velocity in the direction a player is looking, iVelocity is the multiplier. /..native velocity_by_aim(iIndex, iVelocity, Float:vRetValue[3]);..../ Changes a vector into an angle vector. /..native vector_to_angle(const Float:fVector[3], Float:vReturn[3]);..../ Changes an angle vector into a vector. /..native angle_vector(const Float:vector[3], FRU, Float:ret[3]);..../ Gets

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\xs.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	32723
Entropy (8bit):	5.5117601838009715
Encrypted:	false
SSDEEP:	768:0QPMp4e00YccMhgrnt+BB2JkTJ5qFUlwivOcR6j+wYv:0Fpz00YccMhAngB2JkTJ5qvivOcB
MD5:	15BADDBBB4AFD923D4455DFC5AC4C5B1
SHA1:	C8E8FF7B69B71C465705C88C76EB4794AD30785E
SHA-256:	2793D3EE0BD75F9BD9A7572A789584319302CACCD110111107869088594BE7C4
SHA-512:	B54C099B3A83AD8D5A062215AB322A9BF6252897BFAFE735073340FC78F721DE3CB1A47C8209FE12D7844F869135444D267F7926AD1CF2C6B0CDCB82A3F65A16
Malicious:	false
Preview:	/* XS Library..* for AMX and AMXX.... Copyright (C) 2004 Pavol "PM" Marko.... This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation,..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Half-Life Game Engine ("HL..* Engine") and Modified Game Libraries ("MODs") de

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\include\xtrafun.inc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2647
Entropy (8bit):	5.017040045593021
Encrypted:	false
SSDEEP:	48:sC0yNlNcJ0od9xuaOvYHfjFVaj1+auf1d/I9yk5pYRuWBmk:sCrlNxYLFVaj1Kf1d/IUk5pYIWBmk
MD5:	6FB5B82DCF74CC4CBE43830A5E391383
SHA1:	19BD15B24947DF0FB5E618D1CFFEC2C9075621D7
SHA-256:	CE137003E01AEDD87D16A473D724184BFE781C999F590332A2CA3F2CEB2CA20D
SHA-512:	28FE100502B9D67AFDC0BE9BDCBBB9D44846E59A34F289C0239B380F6662543BFA46A5ED6F0E3B7F1E1E2AB111295F3F01C2FF6DD2BE3BFF7B5A5D7C1ACA053B
Malicious:	false
Preview:	/* Xtrafun backwards compatibility.... by the AMX Mod X Development Team..* These natives were originally made by SpaceDude, EJ, and JustinHoMi..... This file is provided as is (no warranties).../....#if !defined _xtrafun_included...#define _xtrafun_included....#if !defined _engine_included...#include <engine.inc>..#endif..../ Gets the velocity of an entity /..stock get_entity_velocity(index, velocity[3]) {...new Float:vector[3]...entity_get_vector(index, EV_VEC_velocity, vector)...FVecIVec(vector, velocity)..}..../ Sets the velocity of an entity /..stock set_entity_velocity(index, velocity[3]) {...new Float:vector[3]...IVecFVec(velocity, vector)...entity_set_vector(index, EV_VEC_velocity, vector)..}..../ Gets the origin of an entity /..stock get_entity_origin(index, origin[3]) {...new Float:vector[3]...entity_get_vector(index, EV_VEC_origin, vector)...FVecIVec(vector, origin)..}..../ Sets the origin of an entity */..stock set_entity_origin(index, origin[3]) {...new Float:v

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\mapchooser.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6884
Entropy (8bit):	5.449356605375592
Encrypted:	false
SSDEEP:	96:Mu6EoxP55xjMccxVHGgFNWbS6MoDzGIgzgp9DzZ80sIzCNNrRSU4VL9:h6T56csVmgFNWbS65CwZzduoJ
MD5:	1F1A9C3BF3CF6CE46B55E888AA135FA5
SHA1:	0B3B9C8708A49F6C801603C816F50E0177620D3D
SHA-256:	EB109105FA287744892724131A12272C5B9E90BEA7A109309BA472B516BCE502
SHA-512:	70514E3B467D5BF8BDC6125C018B98422CD39C1E474FCE1C5A82D9028BC690E8A45754425B109ABA64CEEE6129A2D3D95C580B54C0943B001C188033A89E00C7
Malicious:	false
Preview:	/* AMX Mod X..* Nextmap Chooser Plugin.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation,..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Half

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\mapsmenu.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	13644
Entropy (8bit):	5.509811966827336
Encrypted:	false
SSDEEP:	384:2T5tqXr/lir9qnuAxYFeOFQ5sQ00ox6IdM:2Vtq7dc9yFxpOFQ5stv9M
MD5:	33ADB3E567717AB1EB9F808DA827A73C
SHA1:	BFB2B66DC9E1B1115DC0BA666BDD227ED7EAF2B6
SHA-256:	3BBB4418DAEEE4D7FA142690D8F4DCDF40CB0E58B9EDB7DA45217741721D8166
SHA-512:	9DE327CFF5934579CFE47ED800068DA013A1C8DECEE73DE41329E2378E8F990C995F9CB8A860CD8D2F6478033C7CE17A02DC1208A8FCE1AD3B97356D9CFA9295
Malicious:	false
Preview:	/* AMX Mod X..* Maps Menu Plugin.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation,..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Half-Life

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\menufront.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	12417
Entropy (8bit):	5.488345141443184
Encrypted:	false
SSDEEP:	192:rW6T50uVTeZqwLNw4iSCj9HeEpjWW+SNNU6oFnKkJtla+I35JhMIhTV0Egbg/ItN:rZT5gZqwJw4iSafN21Y5HMixO
MD5:	FCC5B7AF60DD239D347BA4100430962E
SHA1:	F45C0BDF36AD0AAA5C969C281F965C6DEC17B700
SHA-256:	8C9524188F72917EFBC6D5C34A4A5163111D55AEC7C02451443D6239D80B9EBA
SHA-512:	429069D537F05F283DC54906FE05BC342002DC4E1B50EB1EA83834791C2148A7AF2785FD8046A39E336659D65B0E50652081B0B71F2DF588D5EB0D32304CB730
Malicious:	false
Preview:	/* AMX Mod X..* Menus Front-End Plugin.... by the AMX Mod X Development Team..* originally developed by OLO.... This file is part of AMX Mod X.......* This program is free software; you can redistribute it and/or modify it..* under the terms of the GNU General Public License as published by the..* Free Software Foundation; either version 2 of the License, or (at..* your option) any later version..... This program is distributed in the hope that it will be useful, but..* WITHOUT ANY WARRANTY; without even the implied warranty of..* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU..* General Public License for more details..... You should have received a copy of the GNU General Public License..* along with this program; if not, write to the Free Software Foundation,..* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.... In addition, as a special exception, the author gives permission to..* link the code of this program with the Half

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\testsuite\callfunc_test.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1538
Entropy (8bit):	5.288199190752265
Encrypted:	false
SSDEEP:	24:RMO9AX8AbeiZfjGJ2FtNb9e6wPPeG2tNcgGeqsM1BPCN9n:yO9AXhjGJ2nFc9PPb2tGteg1Wn
MD5:	D6E451188334E1CBA1F71FBCC2E19B1F
SHA1:	9BDCE7A9C03090337291ADCF6B728C46C4217D44
SHA-256:	4D7298A50483FDE38BE420253B3397A312F69C9EE6E9EBFDA46104A696065CB2
SHA-512:	2FCB77AD1E014667598C0DEA9D3CC81077B976A38351A96916BF2B7401B425B095E1B7E863ED1A60C3B1DD4F5AF7B72E7377D1C77679005C131F1A00865458FB
Malicious:	false
Preview:	#include <amxmodx>....public plugin_init()..{...register_plugin("callfunc test", "1.0", "BAILOPAN")......register_srvcmd("test_callfunc", "Command_Callfunc")..}....public OnCallfuncReceived(num, str[], &val, array[], array2[], size, hello2[1])..{...server_print("num = %d (expected: %d)", num, 5)...server_print("str[] = ^"%s^" (expected: %s)", str, "Gaben").....server_print("val = %d (expected %d, setting to %d)", val, 62, 15)...val = 15...server_print("printing %d elements of array[] (expected: %d)", size, 6)...for (new i=0; i<size; i++)...{....server_print("array[%d] = %d (expected: %d)", i, array[i], i)...}...for (new i=0; i<size; i++)...{....server_print("array2[%d] = %d (expected: %d)", i, array[i], i)...}...array[0] = 5...array2[1] = 6...hello2[0] = 25..}....public Command_Callfunc()..{...new a = 62...new hello[] = {0,1,2,3,4,5}...new hello2[] = {9}...new pm = 6...new err......if ((err=callfunc_begin("OnCallfuncReceived")) < 1)...{....server_print("Failed to call callfunc_begin()!

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\testsuite\fakemeta_tests.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	404
Entropy (8bit):	5.205494866166328
Encrypted:	false
SSDEEP:	12:RA/VML5A6F3xTLhodbPwiyqfB1ALgifjVitj1ALgS3ig:RMVK5bBhodbPwBqjZirwTZDg
MD5:	0ED7AC4B7ACDA38E6B591434E6838C62
SHA1:	BE6B5D9D6DE29BD5E4DECC7F2F05A66EBD7AE400
SHA-256:	B5A36D7CF9BD5955E34C06C80BA1C6D89D5C744E0C305072773BCB2F31D4E94D
SHA-512:	E89EC63DA451FE4B2E9BAC3B5BE7F61F6797863232D869C58925365F3C819060A1E99A434447B1C33D7B52A6F7B4136F9056603E4B095D89015C0595FDD72DE9
Malicious:	false
Preview:	#include <amxmodx>..#include <fakemeta>....public plugin_init()..{...register_plugin("Fakemeta Tests", "1.0", "BAILOPAN")...register_forward(FM_ServerDeactivate, "Hook_ServerDeactivate")..}....public Hook_ServerDeactivate()..{...server_print("[FAKEMETA TEST] ServerDeactivate() at %f", get_gametime())..}....public plugin_end()..{...server_print("[FAKEMETA TEST] plugin_end() at %f", get_gametime())..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\testsuite\fmttest.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1660
Entropy (8bit):	5.1209702835604896
Encrypted:	false
SSDEEP:	48:yOTXWClndWrcmci6ciociPcfbctzDc4cfc4cjc7cs:3TXW3cmcHcZcGczcpc4cfc4cjc7cs
MD5:	7C531B84DD2DBC32DE6AB8B13A68BD25
SHA1:	0D4704F7C826DD121CAD27F7A4032F1F765E7125
SHA-256:	2771ED0B714DD0DC65BC38C3A84CAB00F833F9DC96CF560CC8652644B394A848
SHA-512:	DA1D6D6AE345C175C8B14C2080E7D760B87DB0E0BB2D279F268894F4AB8CC1FAB51782C66C19F43FD65C1EDB2586FA7F6F7C9570BF395CE356F6088858E0454F
Malicious:	false
Preview:	#include <amxmodx>....public plugin_init()..{...register_plugin("Format Test", "1.0", "BAILOPAN")......register_srvcmd("test_format", "Command_TestFormat")...register_srvcmd("test_replace", "Command_TestReplace")..}....public gabprint(const fmt[], ...)..{...static buffer[2048]...vformat(buffer, 2047, fmt, 2)......server_print("%s", buffer)..}....public Command_TestFormat()..{...server_print("Printing -1 with d: %d", -1)...server_print("Printing -1 with u: %u", -1)...server_print("Printing (1<<31) with d: %d", (1<<31))...server_print("Printing (1<<31) with u: %u", (1<<31))...server_print("Printing 1 with d: %d", 1)...server_print("Printing 1 with u: %u", 1)..}....public Command_TestReplace()..{...new message[192] = "^"@test^""......replace_all(message, 191, "^"", "")...server_print("Got: %s (expected: %s)", message, "@test")......copy(message, 191, "test")...replace_all(message, 191, "t", "tt")...server_print("Got: %s (expected: %s)", message, "ttestt")......replace_all(message, 191, "t

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\testsuite\fwdtest1.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1106
Entropy (8bit):	4.989808265783663
Encrypted:	false
SSDEEP:	12:RA/pDigxIvLL0S/gGBDcgGBcEmHWXEANA5xxclx0GOuLANEPEXvo2AtoZi:RMcgmvnDgLgt5LuQ8R3
MD5:	6C6B2FC356F00AC6784A82DD261907C9
SHA1:	8DC21FA74517F5087D07CE2BAF9DD50E0D2DB0FB
SHA-256:	7D446347ED342D4FA84D78DA7AA078940636E4F6890D232145641FBD75E2A12A
SHA-512:	499F8828E8E52ADAC954C0F7F24053C2ADE13D58579F887465A40D6EE7BA1EE4B42BFB0B604017B3CE9853D0B82DFE9E50CA269891621E2552A2A17808BAC7FC
Malicious:	false
Preview:	#include <amxmodx>....new g_forward..new g_id....public plugin_init()..{...g_id = register_plugin("Foward Test (Master)", "1.0", "Belsebub")..}....public plugin_natives()..{...register_native("test_createforward", "test_createforward_handler")...register_native("test_executeforward", "test_executeforward_handler")..}....//test_createforward(function[])..public test_createforward_handler(pluginid, numparams)..{...server_print("(test_createforward_handler: %d,%d)", pluginid, numparams)......new function[32]...get_string(1, function, 31)......if (g_forward > 0)...{....DestroyForward(g_forward)...}.....g_forward = CreateOneForward(pluginid, function)...if (g_forward < 0)...{....server_print("Failed to create forward!")...}..}....//test_executeforward()..public test_executeforward_handler(pluginid, numparams)..{...new retval......server_print("(test_executeforward_handler: %d,%d)", pluginid, numparams).....if (!ExecuteForward(g_forward, retval))...{....server_print("failed to execute forwar

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\testsuite\fwdtest2.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	473
Entropy (8bit):	4.987078500313297
Encrypted:	false
SSDEEP:	12:RA/lpHgRSigxkXBUpLX3z0H4jMQ3v2AHNrQqUUz2J:RMPGgSXBUFX3pMQ3vzNrfVzK
MD5:	E27FF9228B38068106FB0C73F9FFEB4B
SHA1:	EBF6CC0FDAB3FBC60224E0EF672D877EBC0D8131
SHA-256:	4D5455A7A0EBB2C0820EC885ADC47A1E30252E4763A6B75FECA0A73EB42ED276
SHA-512:	3E9261D00689D30C21F3655FCF6723D58BFB46C258275E2F1D713E344A66B862FF9CE1BC055E2A1C035C4BDA0E03B10954E0AF72CAA3F345B7F86899ED446B19
Malicious:	false
Preview:	#include <amxmodx>....new g_id....native test_createforward(function[])..native test_executeforward()....public plugin_init()..{...g_id = register_plugin("Forward Test (Client)", "1.0", "Belsebub")......register_srvcmd("fwd_test1", "Test_Forward1")..}....public Test_Forward1()..{...server_print("Executing forward ^"gaben^" (I'm %d)", g_id)...test_createforward("gaben")...test_executeforward()...}....public gaben()..{...server_print("gaben executed (I'm %d)", g_id)..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\testsuite\logtest.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	818
Entropy (8bit):	5.317288521942645
Encrypted:	false
SSDEEP:	24:RMnxRhxmf594v4I4fVMAXN9EJs2PqPGFuznLVa9n:yxRhxmf5mv4BVDpPGFujLan
MD5:	F650E5C2E9FD1D6D139B78732D941707
SHA1:	4AB139E66DB3E7D27ACC5F1D99A2F80AAE1DE33F
SHA-256:	84565B14C395902C2C816C5F2C3C5D8B849EFE6EE3B6413B0F9636226882A362
SHA-512:	ED4F20F831A5DA1530EBB6DD36EBA32B4E8DCF9BDAA54A3BCE51FDB9517B66E4C63C16F0769475213397747E958657ED2624D2E8DC7D02BC7CE7A0ED930029F3
Malicious:	false
Preview:	#include <amxmodx>....new g_BlockLog....public plugin_init()..{...register_plugin("Log Tester", "1.0", "BAILOPAN")...register_srvcmd("log_addlogevent", "Command_AddLogEvent")...register_srvcmd("log_setblock", "Command_LogSetBlock")..}....public event_round_start()..{....}....public Command_LogSetBlock()..{...if (read_argc() < 2)...{....server_print("Specify 1 or 0.")....return PLUGIN_HANDLED...}......new temp[12]...read_argv(1, temp, 11)......g_BlockLog = str_to_num(temp) ? true : false......return PLUGIN_HANDLED..}....public plugin_log()..{...server_print("Got log event! Blocking: %d", g_BlockLog)......return g_BlockLog ? PLUGIN_HANDLED : PLUGIN_CONTINUE..}....public Command_AddLogEvent(id)..{...register_logevent("event_round_start", 2, "0=World triggered", "1=Round_Start")......return PLUGIN_HANDLED..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\scripting\testsuite\menutest.sma

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3524
Entropy (8bit):	5.04017076702875
Encrypted:	false
SSDEEP:	96:3sWpJp62phpVUchEUB/EeHD3yVY7VFFKBt6QCTFFWw6Qn:3xP8234clB/J3iYZjKBt6QMjWw6Qn
MD5:	6A747D02FAEC4DA2C49F09046C6C9A8F
SHA1:	32BC35455C82CAC8F30B781E3BBFAD4773A21BD6
SHA-256:	7BC679AEDF4719F1F6FCD69A7D472CF65F284A17601A136B7274A451E80657FF
SHA-512:	F4B6959D491DDD9DFC6F629C90FFE4435D88B92D7B48AE2CF2F2430A2B21E1A492ED91A54C886566FD011E36E89913578AF258CC37825D6074A371095C258D6D
Malicious:	false
Preview:	#include <amxmodx>....public plugin_init()..{...register_plugin("Menu Tests", "1.0", "BAILOPAN").....register_clcmd("menu_test1", "Test_Menu1")...register_clcmd("menu_test2", "Test_Menu2")...register_clcmd("menu_test3", "Test_Menu3")...register_clcmd("menu_test4", "Test_Menu4")..}....public Test_Menu1(id, level, cid)..{...new menu = menu_create("Character Upgrade:", "Test_Menu1_Handler")...menu_additem(menu, "Gabezilla 1", "1", 0)...menu_additem(menu, "Gabezilla 2", "2", 0)...menu_additem(menu, "Gabezilla 3", "3", 0)...menu_additem(menu, "Gabezilla 4", "4", 0)...menu_additem(menu, "Gabezilla 5", "5", 0)...menu_additem(menu, "Gabezilla 6", "6", 0)...menu_addblank(menu, 7)...menu_setprop(menu, MPROP_EXIT, MEXIT_ALL)...menu_display(id, menu, 0)...return PLUGIN_HANDLED..}....public Test_Menu2(id, level, cid)..{...new menu = menu_create("Character Upgrade:", "Test_Menu1_Handler")...menu_additem(menu, "Gabezilla 1", "1", 0)...menu_additem(menu, "Gabezilla 2", "2", 0)...menu_additem(menu, "Ga

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\cstrike\hlg_checks_lvl1.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	2612
Entropy (8bit):	7.847908582977263
Encrypted:	false
SSDEEP:	48:b7T91h+Q3mqgC9wZolmAziz2x+vOZziPqsYzUfeKnZZDwWnLvOvw:vTDAxCCulmX28vksYaeqvDrnLvCw
MD5:	C027819F8EA1DEA3683793C2C141589A
SHA1:	373BBAC67153035AFE8F9806683DE1ED38D36C5E
SHA-256:	9862BE628BB309E90DCC5A16996BDA2B3A25E9941EAB268234932E333523BD89
SHA-512:	F6BC3891882509D1E763990A51660C3AD910ABE2EB2FA85BF059D4FF8927529489F8D0F747A6D4A3824D354F6A1B8C535D09EFBE9681E38BC3F920AB1F0DCE2B
Malicious:	false
Preview:	!UA-cfg.................,A.UqT.\..U.e.....p.e.....p.e.....p.e.....p.e.....p.e.....pl.Z.=f.G..8c..0Vn.4.0S.\....o.u$...[=......,.3..C7..u.......%...l.\|:..$$...<..........n.K.[@4.e......[=.../0ZH...e.....p.e.....p.e.....p.e.....p.e.....p.e.....pPG..1.h...K_~~..Q...2.T....=M......=.V..DB...oD.........A.A...p(s.LH...m+.43I.....3~/.4...K.z..+sR1..........@.Z.s{KL.....`.... H.....'wp..Yo.3i.4.....U........i.....-...j...i.T=.J3...K2.]...O......:.../.+.^...h!....Sf$.&?..\|x..?\|\V}F...}t./ivdF.../.../.jj.5TQcwU..t4....Q!.HO.a......D.9r_.\|Y1..2j.,nIK..}7....P..p..3..f..bmgk........s...Js.7.K.....f..F.uo..`.]e....X..P.>.0.....y..-M.+;...5....D.9r_.\|Y.=..../_o...:..]..tl......3~/.4...K.z..+sR1..........@.Z.s{K0y%Q..u....y.j....iB.V....6...G.75.m.J....&\... R....j..<.?.....%...G..E.....;...Q...0i..8q:......bT.m......-....,/0....S.".3...R..>.....f..>..l.U..........A.A...p(.....Rum#.{r.S{...<...h!....Sf$.&?..\|x..?\|\V}F...}t./ivdF..HG.......=E\

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\cstrike\hlg_checks_lvl2.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	6108
Entropy (8bit):	7.868873606106804
Encrypted:	false
SSDEEP:	96:pkBJ//F5cNvl8dt935PXmD0RAi8A+DWed3w2UBrUB77xR+07yDdgKvsI44IpapSp:pk7//MNt8dh8cAPA+D3pw2U9U1xh7yMx
MD5:	05AC41B4D18995C4F1F65E80441C15F4
SHA1:	4D960638F8B9A9FDA000941947D095BD239544BC
SHA-256:	3BA6306F9413D6ECD6397D5440B8C5003409F14083F02D8A3FF382E63D9E4182
SHA-512:	168C3C80F45CAF3B158036EA1633D6F696522B163EE4D2D1CE637D0EF50892CD42B873BF47384A35B9E4C436EB6FEC1F41C3434A5AE506EE3BCABA6F42769C19
Malicious:	false
Preview:	!UA-cfg.................,A.<.L7V...u....f.u....f.u....f.u....f.u....f.u....f..?....#...Z..a&.k.0.w.o..S...\|...=L..b...1..TM.../...w... .8K<.L7V...u....f.u....f.u....f.u....f.u....f.u....f...aUks_.F.F... .1..;.T1T.......[....X~...t&.@.....l3..O>q.R...{}A.w..fE.............-.z....YL\|..'...hi..&..sz).g.X..z&.N ".^0~..;...Ds.Q..I.z.}y.....z.E.f......!...!,:..b7.m.h.....J.nrf...=.{.IZ&)..~y.....o.I.9..kB.H ..VY<.r.Q..)...:t...3..c.NN..h2Tp.%qN.;..>..S >........\:....R...jOplK........"V..v..L.8.t.lON..h2Tp..M.&...O..)......>`..-.\|.....K)...:t...3..c.NN..h2Tp...a....q....~]....N..t....<c.\w..`..I..- ..QN.A.2./8...VJ.Kh.........\|.d&..OB...@.#C....#.... uDL.7.....3\|.....i. .I.......h."9...E.o'.r..8c.&.o(..Ow..........QN.A.2..-..u..ws..<..b...TK....Bc.Qp.... uDL.7.....3\|.....i....H..a.L.....ES.c.\.V>.c'..:...9...I..D......L.8.t.lON..h2Tp...U.Nr.C+...dt.S.c.\.V>.;.F.......:y.....wS..:.......a.QN.A.2...P.:m.6.V.5..5gug.u.Z.....dR.6..3..o9L.8.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\cstrike\hlg_checks_lvl3.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	2012
Entropy (8bit):	7.757142247531245
Encrypted:	false
SSDEEP:	48:FPa+ivTe3icvFm2Drr35pCCOFPJ6IEUtypvuz:FIq3rFDH35po5J6IXtyBS
MD5:	E5884791635D50274D3A395D151ED387
SHA1:	F1A5F09B24B35A83BF594B3F539E892FF0414CF8
SHA-256:	BC86C16D37E4AC2FFCE43E08F0EAC77DB38A020968DB03DF1BC1896837C10112
SHA-512:	07C48CBC128A6EC468D9495E5E89D09C8484C803EBD3E098D71EF058919508F7CC6DF512C0AF22B86750375475EF9CDB8CFF5810606256CEC54A4692C6873DE6
Malicious:	false
Preview:	!UA-cfg.................,A....E.KS.~8.(.+$4~8.(.+$4~8.(.+$4~8.(.+$4~8.(.+$4~8.(.+$4...S../..i.eU .l... .....G..O~.7......=.dq...GVa4....Z.Hd.......E.KS.~8.(.+$4~8.(.+$4~8.(.+$4~8.(.+$4~8.(.+$4~8.(.+$4=.".D..ry.ZE.b1I...P.H.4.E.....Zi..L".Z..N.0tZ..%.....1._.:..R.......HY......fm...H;..HPT..NjW....r......;.4..07....+3-.A\|.@..Sb........T.k.ot..1..6tZ..%.....1._..q..S.0..n.^.l.....8b......v..a .!...t..N.).gT^.K}....{z...G...%....BL..1.....+.l.Ny*+.W,.X8.G.(.w6.n..l5..6N..l.=.%.".....h._...a..e.Z...a .!...t..N.).gT^.K}...Va.4..-..52..[...8......k.j....tK.An.B..U.. r.ry.ZE.b1...0.L@..%."...o....Ia..e.Z...a .!...t..N.).gT^.K}.....q.)....i.@.........[]....hOc.u..Ea.c............s.%.".....s.p.q.a..e.Z...a .!...t..N.).gT^.K}...9....2;.'.. .....-(.'%%!.I(o....4ztb..NjW......./.kT......R..2.p.%."........_0a..e.Z...a .!...t..N.).gT^.K}....)m..h.M..}.Sh....-(.'..t..u>s(..@yR..Z...2......v.VKD`)..H..tZ..%.....1._..{..T.{.%."....zqy.'.....%.QH..L.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\cstrike\hlg_swgzones_bugs.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	7508
Entropy (8bit):	7.791611752451931
Encrypted:	false
SSDEEP:	192:ennWbTD1z78v9QI67iUJUR8VMmIhlAF58G:eWD1z782I6ebc7yAF5
MD5:	BD854DBEC7BCF9C5819616B9C32F6FFE
SHA1:	D76819EC5C5ED391F98B877656A6B9261151594E
SHA-256:	CD5971F99DDAD47F8C3CF7BC440FA431D1ED4BDD60893AFCD4E0FC7A5C92E83D
SHA-512:	6E5F5C4E73EC6FCF27A0D5C553A34D2C52313D873B6AEA74AA6FCE5113C3563B5944FA673C0071F6A9C2EAEECF5053148A5379F3B476DC52D5A9E18995A89ED3
Malicious:	false
Preview:	!UA-cfg.....5...8.......,A...bC....e..?.K.b..=.._i&..Y!{.c.....:..$....e....E....0..ox.\xv.VQ(..m.r..B.<.0..ox.\.....7W..i. .....d~...e...o.9..,92h.eA.?p..x....K.N4.!&...AR.;..^.g....mC...sO..?m%{.Q.6.....~.)....7..).c;.bc-.g.V-$...p.....-x....g%..i..85...0..ox.\.A...9+.m..C..0z:...........3$.E}..OR~...Q...+.=...d~...e...........E8gc3.[D.Q.,.sO..?m%{.Q.6....c...]< o1...TL^...c...~.X...[..$.Cm"..a.K.N4.!&.=@.........L..t.].=..@.;.X.0..ox.\xv.VQ(.....Tm..........m8E{.mhc.S7.........C..A.....<.:^.w~sO..?m%{.Q.6....\..P..4..(.]6QsO..?m%{.Q.6...\|....X&A.].....6sO..?m%{.Q.6....u..M:"..rQ.~5.........^.....7T.eHRmvN...E.]N....c...~g.V-$...kt"G..az&9$q....c;.bc-.g.V-$.....%.v.../..G..c;.bc-.g.V-$...dV..{E......k. a../9..4..#B..)$..JF..w..A...7@P.....v..0..ox.\X..u.............u......f..]....0..ox.\9.@.{....d~...e....p!..S.H.tZ.d~...e..W...<.7...I...........^.....7.a...m.-.(..A...;.)..4.1g.V-$.....Q.e..*(..o[..I...,\|..#B..)$..N(.......9.W.L9.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\czero\hlg_checks_lvl1.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	2612
Entropy (8bit):	7.847908582977263
Encrypted:	false
SSDEEP:	48:b7T91h+Q3mqgC9wZolmAziz2x+vOZziPqsYzUfeKnZZDwWnLvOvw:vTDAxCCulmX28vksYaeqvDrnLvCw
MD5:	C027819F8EA1DEA3683793C2C141589A
SHA1:	373BBAC67153035AFE8F9806683DE1ED38D36C5E
SHA-256:	9862BE628BB309E90DCC5A16996BDA2B3A25E9941EAB268234932E333523BD89
SHA-512:	F6BC3891882509D1E763990A51660C3AD910ABE2EB2FA85BF059D4FF8927529489F8D0F747A6D4A3824D354F6A1B8C535D09EFBE9681E38BC3F920AB1F0DCE2B
Malicious:	false
Preview:	!UA-cfg.................,A.UqT.\..U.e.....p.e.....p.e.....p.e.....p.e.....p.e.....pl.Z.=f.G..8c..0Vn.4.0S.\....o.u$...[=......,.3..C7..u.......%...l.\|:..$$...<..........n.K.[@4.e......[=.../0ZH...e.....p.e.....p.e.....p.e.....p.e.....p.e.....pPG..1.h...K_~~..Q...2.T....=M......=.V..DB...oD.........A.A...p(s.LH...m+.43I.....3~/.4...K.z..+sR1..........@.Z.s{KL.....`.... H.....'wp..Yo.3i.4.....U........i.....-...j...i.T=.J3...K2.]...O......:.../.+.^...h!....Sf$.&?..\|x..?\|\V}F...}t./ivdF.../.../.jj.5TQcwU..t4....Q!.HO.a......D.9r_.\|Y1..2j.,nIK..}7....P..p..3..f..bmgk........s...Js.7.K.....f..F.uo..`.]e....X..P.>.0.....y..-M.+;...5....D.9r_.\|Y.=..../_o...:..]..tl......3~/.4...K.z..+sR1..........@.Z.s{K0y%Q..u....y.j....iB.V....6...G.75.m.J....&\... R....j..<.?.....%...G..E.....;...Q...0i..8q:......bT.m......-....,/0....S.".3...R..>.....f..>..l.U..........A.A...p(.....Rum#.{r.S{...<...h!....Sf$.&?..\|x..?\|\V}F...}t./ivdF..HG.......=E\

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\czero\hlg_checks_lvl2.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	6108
Entropy (8bit):	7.868873606106804
Encrypted:	false
SSDEEP:	96:pkBJ//F5cNvl8dt935PXmD0RAi8A+DWed3w2UBrUB77xR+07yDdgKvsI44IpapSp:pk7//MNt8dh8cAPA+D3pw2U9U1xh7yMx
MD5:	05AC41B4D18995C4F1F65E80441C15F4
SHA1:	4D960638F8B9A9FDA000941947D095BD239544BC
SHA-256:	3BA6306F9413D6ECD6397D5440B8C5003409F14083F02D8A3FF382E63D9E4182
SHA-512:	168C3C80F45CAF3B158036EA1633D6F696522B163EE4D2D1CE637D0EF50892CD42B873BF47384A35B9E4C436EB6FEC1F41C3434A5AE506EE3BCABA6F42769C19
Malicious:	false
Preview:	!UA-cfg.................,A.<.L7V...u....f.u....f.u....f.u....f.u....f.u....f..?....#...Z..a&.k.0.w.o..S...\|...=L..b...1..TM.../...w... .8K<.L7V...u....f.u....f.u....f.u....f.u....f.u....f...aUks_.F.F... .1..;.T1T.......[....X~...t&.@.....l3..O>q.R...{}A.w..fE.............-.z....YL\|..'...hi..&..sz).g.X..z&.N ".^0~..;...Ds.Q..I.z.}y.....z.E.f......!...!,:..b7.m.h.....J.nrf...=.{.IZ&)..~y.....o.I.9..kB.H ..VY<.r.Q..)...:t...3..c.NN..h2Tp.%qN.;..>..S >........\:....R...jOplK........"V..v..L.8.t.lON..h2Tp..M.&...O..)......>`..-.\|.....K)...:t...3..c.NN..h2Tp...a....q....~]....N..t....<c.\w..`..I..- ..QN.A.2./8...VJ.Kh.........\|.d&..OB...@.#C....#.... uDL.7.....3\|.....i. .I.......h."9...E.o'.r..8c.&.o(..Ow..........QN.A.2..-..u..ws..<..b...TK....Bc.Qp.... uDL.7.....3\|.....i....H..a.L.....ES.c.\.V>.c'..:...9...I..D......L.8.t.lON..h2Tp...U.Nr.C+...dt.S.c.\.V>.;.F.......:y.....wS..:.......a.QN.A.2...P.:m.6.V.5..5gug.u.Z.....dR.6..3..o9L.8.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\czero\hlg_checks_lvl3.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	2012
Entropy (8bit):	7.757142247531245
Encrypted:	false
SSDEEP:	48:FPa+ivTe3icvFm2Drr35pCCOFPJ6IEUtypvuz:FIq3rFDH35po5J6IXtyBS
MD5:	E5884791635D50274D3A395D151ED387
SHA1:	F1A5F09B24B35A83BF594B3F539E892FF0414CF8
SHA-256:	BC86C16D37E4AC2FFCE43E08F0EAC77DB38A020968DB03DF1BC1896837C10112
SHA-512:	07C48CBC128A6EC468D9495E5E89D09C8484C803EBD3E098D71EF058919508F7CC6DF512C0AF22B86750375475EF9CDB8CFF5810606256CEC54A4692C6873DE6
Malicious:	false
Preview:	!UA-cfg.................,A....E.KS.~8.(.+$4~8.(.+$4~8.(.+$4~8.(.+$4~8.(.+$4~8.(.+$4...S../..i.eU .l... .....G..O~.7......=.dq...GVa4....Z.Hd.......E.KS.~8.(.+$4~8.(.+$4~8.(.+$4~8.(.+$4~8.(.+$4~8.(.+$4=.".D..ry.ZE.b1I...P.H.4.E.....Zi..L".Z..N.0tZ..%.....1._.:..R.......HY......fm...H;..HPT..NjW....r......;.4..07....+3-.A\|.@..Sb........T.k.ot..1..6tZ..%.....1._..q..S.0..n.^.l.....8b......v..a .!...t..N.).gT^.K}....{z...G...%....BL..1.....+.l.Ny*+.W,.X8.G.(.w6.n..l5..6N..l.=.%.".....h._...a..e.Z...a .!...t..N.).gT^.K}...Va.4..-..52..[...8......k.j....tK.An.B..U.. r.ry.ZE.b1...0.L@..%."...o....Ia..e.Z...a .!...t..N.).gT^.K}.....q.)....i.@.........[]....hOc.u..Ea.c............s.%.".....s.p.q.a..e.Z...a .!...t..N.).gT^.K}...9....2;.'.. .....-(.'%%!.I(o....4ztb..NjW......./.kT......R..2.p.%."........_0a..e.Z...a .!...t..N.).gT^.K}....)m..h.M..}.Sh....-(.'..t..u>s(..@yR..Z...2......v.VKD`)..H..tZ..%.....1._..{..T.{.%."....zqy.'.....%.QH..L.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\dod\hlg_checks.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	1636
Entropy (8bit):	7.600779969120265
Encrypted:	false
SSDEEP:	24:y111111sWyB1111119o4Ffc81phkRBVfw3s2l8hEkRqYxsxsOZ9gOXzRA1111115:gecKPgdw3DH9WWsO4OXzsum2zAFN3Zh
MD5:	26D2D595B42C99E3C4CC025ECD23F5C2
SHA1:	7B122DB76A57B1FDE73983276D808E31A9B6C28E
SHA-256:	E325E7A613E4741CBC344867CA912EF732F39C202542361289F3B37267EF7440
SHA-512:	B9923BFE853466B69D70BE94D857DCD001291BD962805A9CCAFB29469D6CD5325CC06F9B187A8249E17416EA9CC63F816C29B6051F02B572DF3F22B9A85233BB
Malicious:	false
Preview:	!UA-cfg.....F...H.......,A. ...-M....5.e6....5.e6....5.e6....5.e6....5.e6....5.e6....5.e6..Q.k..M._..-.lDB.`K.......p.{.)......X{[.V...G6. ...-M....5.e6....5.e6....5.e6....5.e6....5.e6....5.e6....5.e6...0.+2K...C...G."....l...?.<@XR....m.U.$.....;y..q.3Y.S...@. ...{O1...M;....%?..%O....:..e.dq......!..E.w..h...B..3..U~M..z].Y...j..@.yB....(...@0k......NK.m...h.}.j...........{..]......q.g-..\.]..y.ab-.....'\..~.....m.C...G."....l....Z.#.....[...j.2&...g........)h...V...M.......1..\|5:3p.#[.....C...G."....l...p>..U....t:...4.2&...g...`...E.u".@...8.Z.c...:.......p.#[.....C...G."..9.B\|P........<.)<)...%..+-......`jx.w../T...`>.LG@..+....p.~...iH......D.<H..;.@.wu...).q.!O1...M;.H.c.@,+.m..Bf'c.Q..!q/Hun\|C..8.Oi.R/+.........)..W..Tm..2........../.I.nXGJp..:M.j..#.L.`k.)-R}..Y...2..S....'a..x%!....L.6_...wg..OF8<?...nFH.=....D.o".....-.....a...b.4.~.....m.C...G."L...]....c....>..;.{....S........'y.j...d.W>.LG@..KR$%.n.....#X..sIay.....0..Z.^[.+.~......NK.m.%ZI

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\firearms\hlg_checks.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.864799102747831
Encrypted:	false
SSDEEP:	6:/qfkekoIxUXc8VQjsjlD/M9RX5dex98MeSpZUM/pR24hcGC:SMekoIxUXljZw9yxuSpZUM/p/G3
MD5:	94D3C24A5859E5BB5A02825FA7CA1EAE
SHA1:	0BC7A5C39CB8B9E3FF9BE6F4FBBC7E34B7147C3E
SHA-256:	41099F4238FB51FF4033DD173C8C941DA2F45A8633F021959CD6270DB7E681E7
SHA-512:	C1695CA961C89057E8239120484E7320A22724C2DA6FE2DBFB866D0E6C806D0D082EDA49B6E6C358E233DB1B93EFF4688FCC468F8F2FDC70B04A5D1FF3703FB4
Malicious:	false
Preview:	!UA-cfg.................,A.H.^.4C..\...,...\...,...\...,...\...,...\...,...\...,...\...,....G...C.....-.. ..c.F...\...,...\...,...\...,...\...,...\...,...\...,...\...,...\...,.....]....z\...,...\...,...\...,...\...,...\...,...\...,...\...,........><.&..t&.[..az..m\...,...\...,...\...,...\...,...\...,...\...,...\...,...\...,...$.%.8..[\|#............3.A]WI..c..8.\.)..B.D[r..9.....%.i.....D,,.&gu. .z..cr.......~.+..].T..k...........k..R&.[......w..yE.7D..&..#.Q...x..H.LS. K..M.S. K..M....@.a..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\hl\hlg_checks_lvl1.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	14180
Entropy (8bit):	7.921029812999144
Encrypted:	false
SSDEEP:	384:Zs2FPK+agAk2RgWBsUf0k9Gjigi6pnOLGhvlwJbFvDENucjJcP:Zs2NT25c2WpchvaUP
MD5:	C40BB33B09A7301498FDB0DE5C1FB23A
SHA1:	D6FBE70138FCD2F9896387AC3A2EFEDE68AE7B11
SHA-256:	A986E504D99096F41882C482D0EEAF47B842D6092563B095B3CC949D0FABC6AC
SHA-512:	FACB6402D8B09136F93AA62F187FA6E3D65DBBB19AC98DA1C6774C6894761140860F878B8BF89FA335FB0EB10A777DF9E0FA2D262E08DE125FB7072DC8544189
Malicious:	false
Preview:	!UA-cfg.....F7..H7......,A....ZD.....01..v..01..v..01..v..01..v..01..v..01..v r..KY. ..:....FpE..+....x-..A.!..BNM@i`..TW$../j....cTP.O..01..v..01..v..01..v..01..v..01..v..01..v....J.......}h..JZ.'.....2.Y..kM:.G.....{.!..9...i./...RW.....n...G..30..G..30..G..30..G..30..G..30..G..30..G..30..G..30..G..30.Q....(.\......\......\......T.....A"..{/..w..7...{.\......\......\......S.?._..I..Cb.!...-.b.U+..l._..23.9..1.HG.RCh.D..p.m`./........1.....N..J...N..M.M..V.EG?X...g.B:k..1.\|;.fz.w...\Q~........dh....N.p..."..Pr..\.&.o..'.]J.Ka..Q.....]..\......\......\......\......\......\......\......\.........@;].2>.+=n.{..G..30..G..30..G..30..G..30..G..30..G..30..G..30..G..30..G..30.i..9\........Vd...q...E..6.v...t?-5...#...pC.Q.M.]#...01..v..01..v..01..v..01..v..01..v..01..v..01..v..01..v..01..v ....4..._..%..2M.Az.A\.oJZp4O>n"%..1ZG...).P....=6...$Iwb....*...[..x..h.z.`2zb.......{..0A....;(..Z$..O..`G.r<.:v.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\hl\hlg_checks_lvl2.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	5092
Entropy (8bit):	7.8469453773386215
Encrypted:	false
SSDEEP:	96:/GnuteoMe5eXg000QbJhnvixLESaEEdXX1CrCRrqm6uSejWQPN9DeVpy5gi:/ou3x5eXgH/viLESaEEJX4rCRrqm6uSc
MD5:	334791554A73E28A8E4B6BD137F82843
SHA1:	47D7C6964522BA3D493F9046941ECE77ADAA4688
SHA-256:	D2A06AD3AC2AE1D9E159F1DB3026EBBF9872A6552638CC82EBC394A3F6725CA3
SHA-512:	F1AF3491446114028047FCAE4F2C873622D94375E849172A37B28A7C7BB18D84DE646644CD81E32C9FE1A7CD685A650E3FC2A54E7F1E6827C34458ADE3171AD0
Malicious:	false
Preview:	!UA-cfg.................,A..H..W...sU.jp\|..sU.jp\|..sU.jp\|..sU.jp\|..sU.jp\|..sU.jp\|....v..z!....b)h..W.7D...g...V!&.{..C9.....a/2.7.?.EyO.z..a..Gd...=>..q.sU.jp\|..sU.jp\|..sU.jp\|..sU.jp\|..sU.jp\|..sU.jp\|..A.n9..&.iq.&K..`.g..."z.t6...h. U..sfTc.w.a\.#.V.........#....^._.....:/..W...~g..a.1Ug'.........NP.2.x.>...1.F.`..g.M[.`.R.2. ......\..v.>i5...=>.(.\.=..+..P....!nF...J...t./.+.R.Spi...Dj-....H..Q..N....$.[...u.r.:.Z.13........3...;..Z..Um<....q.!...ex.....G3.......FS.`.yG.n.......<6...r...W.zc.mDe..........D......:..N}.....L.l..`.yG.n.jKx..&C.Xd,<.\|.u.(.............z.]J.....^...#..........oe.i.].B.......].....I.Y..u..C...2f.G...S.#.-...0.....\Cp>..2A".`.` `,....=6%;.t..(..z.{..Ds.7`..^......D......+..P........%....$.:e..g...>.... ..LNgtG..!D..#.-...0.....\Cp>..2A".`.O;..ibB%~...+..=.9.Sv.... ..LNgtG..!D..YZLQj...:.Z.13.`.p...q.!...`.....V....I.@=0....D......:..N}.....L.l....{/Z2..`..bJ....G.....;.H../.0......0.....L(R...G.....0.`.>D...../`.*>

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\hl\hlg_checks_lvl3.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	2484
Entropy (8bit):	7.771874031315414
Encrypted:	false
SSDEEP:	48:fOYnY7IL8W8LsRmjGp8pLvbmYbTpd1r6xTOz7saBSVYF:2YncIL8ds2E8pLSwPz7saBAYF
MD5:	D96CB13BCE317CE519AC6ABEC3696762
SHA1:	10070D3FD192AA32649FC4B08C9E49245419E1BB
SHA-256:	3BEC4924A774243B01876DCA1C777E504DB6BF5FED344FDCD28AB19DA800ABE5
SHA-512:	BAFF8D1A87DE9903CAA763BBC03F6EEC31660B2D38335F5B5E8CD268264998AFA70B3536102646B2894E737F0AD190223DD7C8AE5E620F6483CD284C16C2EF95
Malicious:	false
Preview:	!UA-cfg.................,A........y.\|..1..y.\|..1..y.\|..1..y.\|..1..y.\|..1..y.\|..1...pBr.w.01..wR.~...pQ..2..O.zW..p.l..HW.>Eb...P...B...i_S`.,..".~D....y.\|..1..y.\|..1..y.\|..1..y.\|..1..y.\|..1..y.\|..1...eT..h.....^...]2td..~l.....K@H4...Ls...\.I.L.A.....I.....n.[x\....d...........2...v.vc.D.x..."/..i.#/A..Z9..D.POmd.....T+\|.....m.F.....P..bz.}fp....}..3.x.U.D...<..g...O.g..O..?S?_...q...V .,......XFc.U.w.#.?...U.m.igS.V.wiA;.n..7..y..A..;\|..lu.v.S..u.....^...0.3.:2..T.M.'....7.....0.t...WD.T...s3..m.F...H.......\|[J8...}..3.x.Uc.{N.L?.5..#...I.%.=.\|..:h........V .,.z..YV....1..ABh....AeH.....d\|..+.G...n.......O..-..tm...n.....9}..3.x.U.6......%.X....3.POmd.....T+\|...P>.j.%..[s..:F...b.]P...K.gu.=V..6._...........H.. /W...x..6...m.F...m>..rj...!...R..R...<..T.4x*.".K",i.W....<...I.%.=.\|..:h........V .,..Q...d:.j.M..$.6....b..A...U16B(.....f#.POmd...a..>.....V .,.....(._.....I..f4U.Pw...M%/ww..jO...7Sd.=....a...)X..k..m.F...Q:.S......I..f....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\tfc\hlg_checks.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	708
Entropy (8bit):	6.570859564257487
Encrypted:	false
SSDEEP:	12:4fkj/vdxPPtPtPtPtPtP9KecRRPtPtPtPtPtPtPjarHEPtPtPtPtPtPtPniPtPtL:4ulPtPtPtPtPtP9URRPtPtPtPtPtPtP2
MD5:	B29ACE7C88C7189E56D14355FDEC3876
SHA1:	15F30CACB433C4A85229F40CCDB29248A0B65563
SHA-256:	06C91B77BCD4601934980C088A54A31DA01578815B38DB8CEA47087A67AF7605
SHA-512:	10D929D985C8DC7F21987EA29181FE5A90D997D6D7E85CC5ED3F3B669A6833B5B35E3C390204400ACC03C946FF0853453DA169BB6F0BE6F669AC156FBCADDCB3
Malicious:	false
Preview:	!UA-cfg.................,A.-.y....?...N.#!(...N.#!(...N.#!(...N.#!(...N.#!(...N.#!(...N.#!(.c.....m./~#.0.Z..........N.#!(...N.#!(...N.#!(...N.#!(...N.#!(...N.#!(...N.#!(...N.#!(Uc?........~..h..V.......e...x..W..<hX..?........{)..f..t#......N.#!(...N.#!(...N.#!(...N.#!(...N.#!(...N.#!(...N.#!(...N.#!(3...oHr.b.z...DP....X..q...N.#!(...N.#!(...N.#!(...N.#!(...N.#!(...N.#!(...N.#!(.e.]..(...".A..O...k...]b.>......,..':....SH.T.....[\...-.eB.6...T.............oG 6vOb.>......,..':....SH.T.....[\..S..+r9(..C../h..%....... Q..KTH..8.t...vf$<..+.........7.'...i.I.......JOq......... Q..KTH..8.t...vf$<..+......TK.qV..Ea....0....k.!.yVRRk.!.yVRRk.!.yVRRk.!.yVRRk.!.yVRRk.!.yVRR~..@X.y

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\config\tfc\hlg_sparky.zcfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	140
Entropy (8bit):	6.348681498979658
Encrypted:	false
SSDEEP:	3:/tD/lgKMk6ZD8KWcRKURqnQ9TTYgVyLISnheNbW6nEG1qvn:/0KMkQlRqLPLANbWIfgv
MD5:	02E2FF9644131B61B46A686C704421E7
SHA1:	68A56BCD858BA404D6CA2533E8E3F52B95B00D8C
SHA-256:	6B1830333D8530254FA7517D390CFB4B13A3E6E4AB3E8A08335E34BF989AE6DB
SHA-512:	8B6C12496BB75BB9F5269BBCDD9457135887D2A0EAAA26D207389E85F8C25B0FAB75585944EC4F0BB136389846F664ABCC5EF772AE51819EA6D0BEC93787225F
Malicious:	false
Preview:	!UA-cfg.....n...p.......,A.X.9.f..!G.~\1..g.`.:Y.....Q\..d.\|sU ]..7FV..o..:R2..h4.....pW.....YXX...F.L.d..V}.@?5s.f].....#.....GF.&....J

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\hlguard\logs\empty.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	172
Entropy (8bit):	4.144014377486853
Encrypted:	false
SSDEEP:	3:hDM7FVXBFKFiSwFr5DFKR4FbIRFhuQZKWRgOBLiNMWFDM8ljABA/QbCRRF8TX5Vy:hDqVjeiSwFrdE4IX1RgOBLiNMWFDHlj7
MD5:	9B3C9F1DE83D0EFBFF54C9D9CD25336D
SHA1:	0ECDF96532C61BD117E1609BFBEE0D7F7E594DB9
SHA-256:	D65249E4C099306E6BF6F93659C6A682B020F9C33DFAAE214BF15F30B435BC11
SHA-512:	ED8C98EE12A27534297FEC495A49E45C004841D1E29AEB8CF6630749A45CCA77FFF21C8513714658870A8C0E5DA0546465B1C28975FD9A371C18A98052C4ADDF
Malicious:	false
Preview:	This file should be placed in a folder called logs...If not then hlguard is not correctly installed...This file can safely be deleted once hlguard is succesfully installed.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\metamod\plugins.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	217
Entropy (8bit):	4.663515086013239
Encrypted:	false
SSDEEP:	6:zQRb5WyEJ+BJKF27LTMNK6f+BJKF7SDQEGERK/YWiR6Xn:zwohwJKUoNK6WJKsEPYon
MD5:	C11C62185D07C966443680E05A97DF71
SHA1:	268DDEE459B6D56B24FEE4FEB1ED1D9BD293E554
SHA-256:	6D2D9994E1CC95145F7B73CE7007A8808D923F5DD286F72806026E6DCE89C2E4
SHA-512:	DC103E4D51288C28043FB791F7CA00866A864A8E603561D33A55567BBEF0AC62644E7AB39F01BCBCA42B1C1BD68C599FFFAB9A481689EA6406004C1A5F654AAF
Malicious:	false
Preview:	;; Metamod plugins.ini..; AMX Mod X 1.71..win32 addons\amxmodx\dlls\amxmodx_mm.dll..; Enable this instead for binary logging..; win32 addons\amxmodx\dlls\amxmodx_mm_bl.dll..win32 addons/hlguard/dlls/hlguard_mm.dll

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\autobuy.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2108
Entropy (8bit):	5.10225434026846
Encrypted:	false
SSDEEP:	48:SbraR7506xX0hoc8xVkL5GcHN6QMRJN/tXE67eCI+RB6UR2DRVk:uq06xEx8x05G7Q81E67hZbADrk
MD5:	C299D179793D5E0C0A6FF42634221B50
SHA1:	6B3BEB12B1F5705AF8736434F5FAD39663727A67
SHA-256:	BC167758D54B394BF5EF66413223469E670C5DDEA9389D4C464CA8E8431A89CC
SHA-512:	612E37D4F3F6DF2A2247E12BC0EB5EE0ADCEE1DDA8227B9BD2D649D6236B37E5BEFB26158B449D7F0569C73590616DD94FD8E02B39054DC51C90062430C106F9
Malicious:	false
Preview:	// This list of "buy aliases" is used by the AutoBuy system...// The system begins with the first alias in the list, and attempts to purchase it...// If a primary weapon is successfully purchased, all later primary weapon aliases are skipped...// Similarly, secondary weapon buy alias are skipped once a seconary weapon has been purchased...// You can customize this file to reflect your weapon and equipment preferences and priorities...//..// The console command for autobuy is "autobuy"..//..// The available buy aliases and their names as shown on the buy menu are:..// (Many weapons have more than one buy alias)..//..// galil.- IDF Defender..// defender.- IDF Defender..// ak47..- CV-47..// cv47..- CV-47..// scout.- Schmidt Scout..// sg552.- Krieg 552..// krieg552.- Krieg 552..// awp..- Magnum Sniper Rifle..// magnum.- Magnum Sniper Rifle..// g3sg1.- D3/AU1..// d3au1.- D3/AU1..// famas.- Clarion 5.56..// clarion.- Clarion 5.56..// m4a1..- Maverick M4A1 Carbine..// aug..- Bullpup..// bullp

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\buffer.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:BRn:7n
MD5:	7A4463A978AE7B6E7B46254898B1AA3E
SHA1:	31DB10F5797899F513D9E62D0E2E978171126893
SHA-256:	5981693C8DF83EEA16DA42A0F748FACB299546688544A0C2887ED5FFBF086E86
SHA-512:	E1F1D3B764D3D24F62B0E3CCEB75D6211836A94ADEE7AAB3FD752406F1F0F6F83C4EA1EA54491AA8E6D28262487072C902BADFE696352995F4E1BB35E6599631
Malicious:	false
Preview:	........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\cl_dlls\client.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	950275
Entropy (8bit):	7.999805327836854
Encrypted:	true
SSDEEP:	24576:Fk+er0IkTtl/ftqbl3TLLE/uyVgVMr6cK2S+tAiOT19Th:Fk+erNwA3AuhVFWrOTHTh
MD5:	FE8AC3D4DA4573AD90BAA09870FA4DA6
SHA1:	5EAAD2F1C890B365D8C9F86E6455D6BF8E18E5CB
SHA-256:	C8A58E7C65F1B0D0939EDE0F544ACD34F105514B466C38E00E979731D6D6BF43
SHA-512:	052E541B59A71C7B2BFE546FDD33DE374D2EA9785E08225B3ED0D7A78DAF047F23F9BF98FC493D30CC53FEAE7B3948C7F3F7C79CF083494D176323C937B0330B
Malicious:	false
Preview:	............................................................@...xV4..-.[..b..._....xb..qG...0.~.-D....C...G..L..QxT.......v.....l..q...^.8..Y..\..;..@6..qMd.y(.(..Y....F-4.....eLBwF.${s...:.hbg..H....a.{.....{....c....x...Ib..2k...fTq.7.`7...+.....{.)..ix.&}_.b..n...9.i.g...z\u...f.\|...U4...j..C...%.$.Rq15.bCc..<.36......7....g...O....u.d6.n.....D.D...".......j.{F...aJy..........t..eF%...M[......&.h.E]..n.T#..i)o..u............g-5.3V.0.....6..v.%\|k...N`.D.>..\|P.p.R.8)..\..q.4.%D..]gC....J.......f..v.Df......O2.g. .n.....+..8.....!.K.v.H..UE.7.....`w\..e.#.._q.K.)....7..9..^.P...W..\t.H.y.m....]&...C....e.&.`...6H.l.>..st.:....n.........4J.b....>P.t....8/..W..6.i.Ok......JyA%..f.,...{.......9...V...lu..f..n...A.(I./..4f.~.D.n....g...p....t..1..T..Y..U..gC....J...52..Q.8Y.?.5v..P..#-B.%..1.....hJ.b..-...b....X..W..i..d.>....v...M'..W.i..9o...i.(..{....n......Q.T?.....B....gN.=.m.)0.....o..4...4.rY..U..{.9..U..i.#..O..o..Q..T.n:..X...L-..L&..\|...../.6

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\elites.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7467
Entropy (8bit):	4.454511153726985
Encrypted:	false
SSDEEP:	96:fWASD+WAXWAtWABWAHugWAEigWADWAXWAJWyWJWtWBWBWWWDWXWdf7dJfavfn:fR7ZFrugkfTFT2aW210IIXyvP
MD5:	A57B42ACB4FECBBF5822B3491FDAE993
SHA1:	E19A14490BA39D815C337BDC4866A7915F787F57
SHA-256:	175A299E4AB0A9426EE11B7766E426EF723C0E8DAD8B47F9504676FDABAA11DD
SHA-512:	BF09D7D551F03047D8D27D4966E5D092D4FDC5102680B4A77D8D44E4E2B018C696FA670E6232C60397B2E237985B6B99E70C380395B7C5D405105EDD1FC592AD
Malicious:	false
Preview:	"classes/elites.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."126"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."150"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\equipment.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	674
Entropy (8bit):	4.4247858894079535
Encrypted:	false
SSDEEP:	12:c+L5TzkJNkoLHy56eRX3t0s1G5qYkkgmyYy56d9+m9a:ca5TCkoLS5fRNV6qBTf5M9Ra
MD5:	CE757975AFD521341E52EC02DAFFBEA6
SHA1:	21A3DF632F4452CD89B2121EBC8D0696F915E432
SHA-256:	5CD0AA31D44E746D14DC64B7DAA8B055AEAE76B393EE0D4A3D21C500285C3DF4
SHA-512:	F1C82D9525551B6711CC04A4EE799D41C90F533D289124CA8E023950CF3D7097DABDDD525C4CEE4432234CEF10A0DF1783D82B6DF66CA00930F1C0FE005A3567
Malicious:	false
Preview:	"classes/equipment.res"..{..."equipmentlabel"...{...."ControlName".."Label"...."fieldName".."Equipmentlabel"...."xpos".."0"...."ypos".."22"...."wide".."250"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."labelText".."#CStrike_EquipmentLabel"...."textAlignment".."center"...."dulltext".."1"...."brighttext".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."128"...."tall".."256"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."textAlignment".."center"...."image"..."gfx/vgui/equipment"...."scaleImage"."1"...}....}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\famas.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6911
Entropy (8bit):	4.422000095124775
Encrypted:	false
SSDEEP:	96:iWA+DTWA/WA6WA/WATuaWAEi3WA+WAiWAUW/W9WuWLWDWNWKWmWV9S7dBquv9Sn:i0rGbnuarKGY0EfC6ML/i9gjv9w
MD5:	72E8F60E5FB77C66E0258B29A97137D6
SHA1:	BE92B72E6A2FDB4830B120A121D6DE1761EE8AA4
SHA-256:	FD32F0441F622CBE4113ABFE270390F357ADC19C34019E9988E9097327D93B44
SHA-512:	BC63141D88023C3F5616B1D0D67E98CB99D35D660726F94506733790DBDD5A8E836FA0FB05B5D64A84C7022FE5C3119CF7815BE0857EC0E093D0ECE292F79E38
Malicious:	false
Preview:	"classes/famas.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."86"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."102"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."118"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\fiveseven.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7498
Entropy (8bit):	4.464911682067402
Encrypted:	false
SSDEEP:	96:N1tWASD+WAXWAtWABWAHugWAEigWADWAXWAJW/WyWuWCWqWpW4WsWEf7dBf1vfn:/tR7ZFrugkfTFEDzLLMRhXP9vP
MD5:	26DE2EA113527E258E63D27F99BE8E80
SHA1:	E792EAFCE5D12D5C3D6F6412683B4856FBCD4415
SHA-256:	B1469E126E913151DD9C7C45B19506DAB5C9EE31B095433C2E4FA408FCBB7EB9
SHA-512:	1A62B1432A1D85449074C697036EAD3FFFB9A6B4325C5C3E2A2020C59356A389CA17C2FFFA6312B0C73030ACABB4C39D7309388FCE915FA0A695D104FCBB98E7
Malicious:	false
Preview:	"classes/fiveseven.res"..{..."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."126"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."150"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\flashbang.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2346
Entropy (8bit):	4.454044695421462
Encrypted:	false
SSDEEP:	24:qxggyLS88taQePielLS4ZtaPgOhLSBta/E0Lmta2qtgoa7dqqS/coa32WMkgoan:RWEW3hWb0LAf7dNfZMvfn
MD5:	31B20B45E727A29675A0EE7AB86240FF
SHA1:	E565F65043FFE35B3B35B65A37DC174308256A3D
SHA-256:	EEE202922482550EBF5B77E1CA895D6E870F4F916612D7923DA1E051B9404FC3
SHA-512:	B310134ECAB57F521290750825F9D423334FD8952EA1D6207B813E399028FC6A10C53944F115AA93BD1070604A55A5003E1826129A7B4ABFDA35BAE2293AC12A
Malicious:	false
Preview:	"classes/flashbang.res"..{......."pricelabel"...{...."ControlName".."Label"...."fieldName".."infolabel"....."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_PriceLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."descriptionlabel"...{...."ControlName".."Label"...."fieldName".."descriptionlabel"...."xpos".."0"...."ypos".."156"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_DescriptionLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."price"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."140"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText"..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\g3sg1.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6911
Entropy (8bit):	4.437886126876155
Encrypted:	false
SSDEEP:	96:ZWA+DTWA/WA6WA/WATuaWAEi3WA+WAiWAUWoWAWrWOWeWIWqyWTWm9S7dBqzv9Sn:Z0rGbnuarKGYrxyfPReyx9gOv9w
MD5:	49B4F9BD73F6D7F6E2C4B70DA19BC54B
SHA1:	EFA3910430FED64F669CD28E67F1AB122153EE2F
SHA-256:	B36AF4BF81383212C76E90032D2B134594AAEF66A8F149E2531C4240A2B6CE56
SHA-512:	02547E7A79BA063B2A84E167407BA3A5446C240A246329BE40A2892E4487DF5459887A377553687AFF19C77417DBA4C508BB4EFE1CE129BB37D61F41786DFC0A
Malicious:	false
Preview:	"classes/g3sg1.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."86"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."102"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."118"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\galil.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6911
Entropy (8bit):	4.415678899233405
Encrypted:	false
SSDEEP:	192:n0rGbnuarKGYvdvDvsvlvKuvTvQvcvj9ggv9w:n0rGbHrKGYvdvDvsvlvKuvTvQvcvj9g3
MD5:	24DBD3B52EF8F4D0D7575B5B954077DF
SHA1:	45A26163E2209F0A0DBF90774F3AA67D8F21DFB6
SHA-256:	24696F6F5F0F517409B1ED1D2D328C26B04AFF8B93DA2ACAFDB477B44972193F
SHA-512:	215028F1AEDA621C4A1D8E19A83F7263C69FC672D6BE05C0024ECD6A50D3B26C693FFA6BB7C55F66D597100A1B34AFBAAD4926466B1D912D47A85CB326C90326
Malicious:	false
Preview:	"classes/galil.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."86"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."102"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."118"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\gign.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1559
Entropy (8bit):	4.369259729417484
Encrypted:	false
SSDEEP:	24:PlCqtgK7dHqhK3UgkgKVApgDNgiJVggr3g9Sgtab:PlOK7dyKkgvKCtiJQ9SP
MD5:	52C7CC352A237BBFCE94D5AAFBBAA107
SHA1:	06A34BF7FF6ED501DCEFCDCF22EB0D5C2D1CC113
SHA-256:	4C753E5572FCC129F149CF7D838DAD00D414990E7692588DAE3544DB3CE7331F
SHA-512:	B9F0E3AE8765340F2C0A5BDDD2459A342E8D4AC7F55F55688AA56C8DE89E68C768FD27E8A3B59BEDFE8BBB0939975D7A4F3FC6B72932DCAF71D3CF132D5B27FA
Malicious:	false
Preview:	"classes/gign.res"..{..."imageBG"...{...."ControlName".."ImagePanel"...."fieldName".."imageBG"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."center"...."fillColor".."WindowBG"...."zpos".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."256"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."west"...."image"..."gfx/vgui/gign"...."scaleImage"."1"...."zpos".."1"...}..."imageBorder"...{...."ControlName".."Divider"...."fieldName".."imageBorder"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition"."0"...."zpos".."2"...}..."className"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."0"...."ypos".."204"...."wide".."30

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\glock18.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7458
Entropy (8bit):	4.46704669605783
Encrypted:	false
SSDEEP:	96:f1tWASD+WAXWAtWABWAHugWAEigWADWAXWAJWUWTWDW7WbW8WhWRWnf7dBffvfn:NtR7ZFrugkfTFvieSa5o80PHvP
MD5:	A4A7753DF3C81A4694FE3433C28C7671
SHA1:	2E45A1D447AAEF67F1E4968EE0A5A288F4B50122
SHA-256:	22C7CA20B7C9B126CDFEB6C6427DA6B1A79AC3FF0DDEDA63E22DFF48C8D61D04
SHA-512:	B3BF45C20883CDE03C380A9296BDCC4D7753BD21091585DC26A3EA43B81A462FCC5118B3C3D6C6836399963727B4946813381E93EB7276C91699A1B189EA914B
Malicious:	false
Preview:	"classes/glock18.res"..{..."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."126"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."150"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\gsg9.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1559
Entropy (8bit):	4.382946321924059
Encrypted:	false
SSDEEP:	24:SCqtgK7dHqhK3vgkgKVApgDNgiFuVggr3g9SF1ntab:SOK7dyK/gvKCtiFeQ9SF14
MD5:	6A87C64FD769BD1993114287018454D0
SHA1:	FB511E8F836135E083AC6617F8A99AC2B6E4479B
SHA-256:	AC29D35D26B0434AD9EBBFEB8EAAFC7D983A25200ECB5D11061B76A4E4B8D33A
SHA-512:	CD3FFDBABDF46738C70E573A3F8922F8006703C4C00321321E7D4FAF2AAF75629F50C06E661F61C985B6A83D53736A113F7152DED4FD077BB5F21B7E44C2A95B
Malicious:	false
Preview:	"classes/gsg9.res"..{..."imageBG"...{...."ControlName".."ImagePanel"...."fieldName".."imageBG"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."center"...."fillColor".."WindowBG"...."zpos".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."256"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."west"...."image"..."gfx/vgui/Gsg9"...."scaleImage"."1"...."zpos".."1"...}..."imageBorder"...{...."ControlName".."Divider"...."fieldName".."imageBorder"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition"."0"...."zpos".."2"...}..."className"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."0"...."ypos".."204"...."wide".."30

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\guerilla.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1575
Entropy (8bit):	4.378168417553471
Encrypted:	false
SSDEEP:	24:JCqtgK7dHqhK3RWgkgKVApgDNgiFDvVggr3g9SFatab:JOK7dyKhWgvKCtiFDPQ9SFB
MD5:	A05CAF3EF3363338758EB9E2670CA3DB
SHA1:	18AC63B78F8757E7538C50C54B6A2899A8EEAA1C
SHA-256:	75BEDE19920B0041E85C0F75B554AE73F71A8A38B8CD4EB87F2DE361C0E38AE0
SHA-512:	0C6F896DDFE5DE27D522159DA62CCF696EDF641942518E3C777E5593A54F0FFE3914ABFBA7E3CB06DD97D79B696E874749D3FEFC3C9B10175220AA8CBBC5ED88
Malicious:	false
Preview:	"classes/guerilla.res"..{..."imageBG"...{...."ControlName".."ImagePanel"...."fieldName".."imageBG"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."center"...."fillColor".."WindowBG"...."zpos".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."256"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."west"...."image"..."gfx/vgui/Guerilla"...."scaleImage"."1"...."zpos".."1"...}..."imageBorder"...{...."ControlName".."Divider"...."fieldName".."imageBorder"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition"."0"...."zpos".."2"...}..."className"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."0"...."ypos".."204"...."wi

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\hegrenade.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2346
Entropy (8bit):	4.4530103588780126
Encrypted:	false
SSDEEP:	24:QiggyLS88taQePielLS4ZtaPgOhLSCPta/E0LCE9ta2qtgoa7dqqS/coa3iPMkgP:QxWEW3hWCl0LCEDf7dNfSPMvfn
MD5:	30A481878ED82744365194BA7C5E7713
SHA1:	439FF2B1BD756CFB101C088B2F3D8107355A37A3
SHA-256:	E27F9E3CF2DFE55D51265582BAC9325F238D4B94CF65BCC4A787DAEF72EED0EA
SHA-512:	3372DD803027A5A26547FDDDC8FEBB508311E66971F413021FD5BF8165AFBDC5D374D02CC398F4F5624C5F0686F305C826371BF2CDBCBE4A55FDD0CA53B877CF
Malicious:	false
Preview:	"classes/hegrenade.res"..{......."pricelabel"...{...."ControlName".."Label"...."fieldName".."infolabel"....."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_PriceLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."descriptionlabel"...{...."ControlName".."Label"...."fieldName".."descriptionlabel"...."xpos".."0"...."ypos".."156"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_DescriptionLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."price"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."140"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText"..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\kevlar.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2334
Entropy (8bit):	4.442837827711645
Encrypted:	false
SSDEEP:	24:yC1ggyLS88taQePielLS4ZtaPgOhLSData/EJqlta2qtgoa7dqqS/coa3cTMkgoI:vGWEW3hWDWJqbf7dNf8Mvfn
MD5:	673EDC7985C6DA3182A0CCABB05F230B
SHA1:	3E1B66ADA5596EBC99CA0C0B3A66E8D4D5E6CB6C
SHA-256:	803E6CA2699573FB9231A0545C0AA8060B55AE422B362D50AC77355ED5D1A2E8
SHA-512:	E216BB6E870D28B1600CAA57F5A597882CF951187E99A3483FFF30AFFD74C80A14F9849CFD5074B222515FB8142040D7DBFD88AE7B85CE75C9B8D741511BFF98
Malicious:	false
Preview:	"classes/kevlar.res"..{......."pricelabel"...{...."ControlName".."Label"...."fieldName".."infolabel"....."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_PriceLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."descriptionlabel"...{...."ControlName".."Label"...."fieldName".."descriptionlabel"...."xpos".."0"...."ypos".."156"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_DescriptionLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."price"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."140"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#C

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\kevlar_helmet.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2360
Entropy (8bit):	4.456712516701231
Encrypted:	false
SSDEEP:	24:yPggyLS88taQePielLS4ZtaPgOhLSw6ta/EJq6ta2qtgoa7dzqS/coa3czMkgoan:RWEW3hWw2Jqcf7dafyMvfn
MD5:	9A3F5EE846FD93A26CE7BAB74620A990
SHA1:	20609722D579DBBA7ADF0AEE5F899342A86726BE
SHA-256:	DEBED11887715E4697C1C276F558AEB5758B67B44B2B44A490984C44F9B4B1D0
SHA-512:	89F0303C7AF46EB83FF8E979FFDDCC630108475930142B553ADA739CA3BF7448CD42DE5D316608F77016769D2269A845E1D52B7E2F635D832BF0801172179D2C
Malicious:	false
Preview:	"classes/kevlar_helmet.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."infolabel"....."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_PriceLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."descriptionlabel"...{...."ControlName".."Label"...."fieldName".."descriptionlabel"...."xpos".."0"...."ypos".."156"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_DescriptionLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."price"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."140"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText"

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\leet.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1559
Entropy (8bit):	4.361441841557218
Encrypted:	false
SSDEEP:	24:0BCqtgK7dHqhK3jgkgKVApgDNgi0Vggr3g9S1Btab:COK7dyKTgvKCtiEQ9S1a
MD5:	64709B25E54729974870157308469E81
SHA1:	A5BB8BF6182986CE4A4065FCF212231400E56CBD
SHA-256:	D24522FBDC7D0C4D45B5E8469811A62D5F7B8148EB83B3668E2604A74CD1321A
SHA-512:	44C6377A00DF3907CE98A61A3E27A5E38F9BEF6DFCF0F6EE787C1E2A622BF18E72319D3C87E772C73D4551F9BD32EBA6DDB8F1C949F4B0CD07A211BE34697DC8
Malicious:	false
Preview:	"classes/leet.res"..{..."imageBG"...{...."ControlName".."ImagePanel"...."fieldName".."imageBG"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."center"...."fillColor".."WindowBG"...."zpos".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."256"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."west"...."image"..."gfx/vgui/leet"...."scaleImage"."1"...."zpos".."1"...}..."imageBorder"...{...."ControlName".."Divider"...."fieldName".."imageBorder"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition"."0"...."zpos".."2"...}..."className"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."0"...."ypos".."204"...."wide".."30

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\m249.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7445
Entropy (8bit):	4.472056691631085
Encrypted:	false
SSDEEP:	96:/WASD+WAXWAtWABWAHugWAEigWADWAXWAJWqWRW1WpWZWeWLW/WVf7dBfCvfn:/R7ZFrugkfTFr+i+ud8wAP6vP
MD5:	3846A870F2C9F1F4C4D91FFE749E2F8B
SHA1:	38530CDE1006338686DCA98ABDB27BD64A6C31DB
SHA-256:	B8B3B6B1824CC3C7B7E8261FA6484F173B083E9669DE1483C6669EA0191BC825
SHA-512:	4808E64754FA318B3B3AC1FEC4402D5B7417FE6392B1D2885061BF11E84DB1C9809177FF0407F9911C6F83C9B4703B67BAB896FC9367945DC0B9BC606D64419B
Malicious:	false
Preview:	"classes/m249.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."126"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."150"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\m3.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6854
Entropy (8bit):	4.420977606674019
Encrypted:	false
SSDEEP:	96:yWA+DTWA/WA6WA/WAHWAEcWA+WAiWAUWfWNjWOWrWvWhWqWGW19S7dBquv9Sn:y0rGbLdKGYSKj1scUhF49gZv9w
MD5:	A24685B3306835EB459210813DB03180
SHA1:	B3042C3F4CCD5C74E4095AFC75B35A3B87E3B822
SHA-256:	6522637ECB6DC14F27EB2A0CEC1DA115CBE0C3D8F1A60E35C2B0D9626BC52BA2
SHA-512:	7BE424E222FF94DBE0D93530916219926026E2B7807733EEAD7565082EBB4FE94378487EC2D3EC5C98A6A1CC290B2A30331DB4DC094184790652B0861F314337
Malicious:	false
Preview:	"classes/m3.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."86"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."102"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."118"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0".

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\m4a1.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6876
Entropy (8bit):	4.425946103354391
Encrypted:	false
SSDEEP:	96:NWA+DTWA/WA6WA/WAHWAEcWA+WAiWAUWwW4WzW2WOWyWSyW7We9S7dBqaYv9Sn:N0rGbLdKGYxv4xdD8g39gzYv9w
MD5:	62B9F9FFFEFC59BE04C8B9CE93916912
SHA1:	0564A1FC09D8C5057770A877AE8818F26E954D2D
SHA-256:	7B8AE460CE8C1233D8F241639172A07A16A58E9C573802A619A46D81A0C7BE98
SHA-512:	75B4321988D5D79A9BD56B4EDE0EC3BE793C1BDDE4E4578A9D1816BE884DB53405EA8B56E9F0AF92E8212B5AF5F00B791BE626CDBEC023614E98469B9B140982
Malicious:	false
Preview:	"classes/m4a1.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."86"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."102"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."118"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\mac10.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7456
Entropy (8bit):	4.466759753328923
Encrypted:	false
SSDEEP:	96:pWASD+WAXWAtWABWAHugWAEigWADWAXWAJWoWnWvWfWXW4WNW9Wbf7dBfAvfn:pR7ZFrugkfTFzW62WVUooP4vP
MD5:	45F1A1747E71C7840F06F42659ADA09E
SHA1:	BD49387DEDBA240EFC52601418DAFA09ABAA93D6
SHA-256:	34B8766B218017D22F5F10E91743FACD1C5D375643492B063E0F15C7DCC1C646
SHA-512:	42E0C4F91B1FC2E663A21ABD2A06D8DB6E5CB1C3161771CEBDE5D455DD140EF3985643CFBE96A1283B65E112F96126C2C7CB260C448B1DA6545CC261CD841011
Malicious:	false
Preview:	"classes/mac10.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."126"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."150"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\machineguns.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	684
Entropy (8bit):	4.431245368227184
Encrypted:	false
SSDEEP:	12:vql+R8+zkJNkoLHy56eRX3/0s1G5qYkkgmyYy56d9ba:SIRdCkoLS5fRfV6qBTf5M9ba
MD5:	E922AEE5D05E864F22F5F0F90928CE55
SHA1:	7AFCAD132357120E8DFC4CA78D541AEC52E766F6
SHA-256:	BBD0AACCEA9A2E97D7F61040D20F8E99FC20DB8B55D5BE46CCBA78991056D581
SHA-512:	6E28281BB6BC4CEABF3A5D6FD1A155E1050ECB8A7A3AC0065CCF31F9381F63A393CBF4A594699FB6F8F7B60A0F3CEB472BD6D06A423B5EDBFB29773C3A5C70A0
Malicious:	false
Preview:	"classes/machineguns.res"..{..."machinegunslabel"...{...."ControlName".."Label"...."fieldName".."machinegunslabel"...."xpos".."0"...."ypos".."22"...."wide".."250"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."labelText".."#CStrike_MachinegunsLabel"...."textAlignment".."center"...."dulltext".."1"...."brighttext".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."128"...."tall".."256"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."textAlignment".."center"...."image"..."gfx/vgui/machineguns"...."scaleImage"."1"...}....}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\militia.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1602
Entropy (8bit):	4.33194484220575
Encrypted:	false
SSDEEP:	24:dDCqagsFdYqksZA8pgsFApgGgC7vVgg0g8CtGYb:dDNsFdasy8SsycC7T8C
MD5:	F115BBC5E04F12DB2538F5AAB26FBE7C
SHA1:	332420D9BF89ED605FF0DC1028ECB0D328116382
SHA-256:	F08A32D75C1EE4565B14A83270A6A0F1F7E4E52B871EC9F8A554DABE0FC163AB
SHA-512:	50927CC1349711A7161F52F9FB74CB39A5DD7FE2531C395285D10736B4679B0B0C7E5CD0BE8057F65C3E8D0D960E5CB481EE8C896A5B47F5DA6F210656014A77
Malicious:	false
Preview:	"classes/militia.res"..{..."imageBG"...{...."ControlName".."ImagePanel"...."fieldName".."imageBG"...."xpos"..."0"...."ypos"..."0"...."wide"..."300"...."tall"..."196"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."center"...."fillColor".."WindowBG"...."zpos"..."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos"..."0"...."ypos"..."0"...."wide"..."256"...."tall"..."196"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."west"...."image"..."gfx/vgui/militia"...."scaleImage".."1"...."zpos"..."1"...}..."imageBorder"...{...."ControlName".."Divider"...."fieldName".."imageBorder"...."xpos"..."0"...."ypos"..."0"...."wide"..."300"...."tall"..."196"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."zpos"..."2"...}..."className"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos"..."0"...."

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\mp5.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7432
Entropy (8bit):	4.4671402652748755
Encrypted:	false
SSDEEP:	96:nWASD+WAXWAtWABWAHugWAEHWADWAXWAJW6WhWFWZWpW6WbWvWlf7dBfyvfn:nR7ZFrugKfTF944o4BaqqPqvP
MD5:	637E2993AA95C8C2BF99A9ADEEEA2F8B
SHA1:	731EF927F99DA00A5CD4A029246AC39A7BCE0203
SHA-256:	80BA291DAC6E93FBF64B4B575F196FF1D2ADA48B6256BB2901732862278F37E4
SHA-512:	985C32B96449C641E612D799A9FF34FEB83C72A2B7D71DED5750DF93AF702EA0E465AA73E0D6341D61C5300F11FEAFDA8943C679C74AA0910BD7907ED967F3A3
Malicious:	false
Preview:	"classes/mp5.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."126"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."150"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."t

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\nightvision.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2356
Entropy (8bit):	4.450206813456853
Encrypted:	false
SSDEEP:	24:E1ggyLS88taQePielLS4ZtaPgOhLSDta/EJqMta2qtgoa7dzqS/coa3t5Mkgoan:EGWEW3hWBJqaf7daf95Mvfn
MD5:	982028112B25DD62769F3BAF6CA4D22F
SHA1:	FACFDBF66AB78C399E5107FF9909F8BA67463285
SHA-256:	1B53EB40A6BF54C303C3168087B4600983BE918D7508F82224BDB6F0623AF94F
SHA-512:	FB24068FA46E3151A3D9C704DE44AD9FF9890BD96E3C1C9AEB605FB91AF4775E95F75F93B13AD0FCB5971DF6AC26E2ADE21F0A514D9A51EB0DA07493FCF77914
Malicious:	false
Preview:	"classes/nightvision.res"..{......."pricelabel"...{...."ControlName".."Label"...."fieldName".."infolabel"....."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_PriceLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."descriptionlabel"...{...."ControlName".."Label"...."fieldName".."descriptionlabel"...."xpos".."0"...."ypos".."156"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_DescriptionLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."price"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."140"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText"

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\not_available.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.372669455702902
Encrypted:	false
SSDEEP:	24:qYggG3gZLYKsqtgoa7dzqpoa3kPvkgoan:qbQZkRf7dGfUPvvfn
MD5:	E914D392180E48653432FECF16CD2CE5
SHA1:	661590ED24BDC5EA5C13412F8B7E8FA4A70B1E6C
SHA-256:	C108124A1D187E59050713D104D7877BD43776769F3AABF5F0C8998EDE5487B6
SHA-512:	89085B0B0685F193FEBA358CB9CD1FFC10203019C401ECD75E3A7E0505D7811E5A99087A2C00B34627D7E0C010C25D0AD551E153BF6BE6F90FCCDEC333DFD65D
Malicious:	false
Preview:	"classes/not_available.res"..{....."infolabel"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."0"...."ypos".."140"...."wide".."300"...."tall".."36"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_Not_Available"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}....."imageBG"...{...."ControlName".."ImagePanel"...."fieldName".."imageBG"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."128"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."center"...."fillColor".."WindowBG"...}....."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."8"...."wide".."256"...."tall".."128"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."west"...."image"..."gfx/vgui/not_available"...."scaleImage"."1"...}....."imageBorder"...{...."ControlName".."Divider"...."fie

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\p228.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7443
Entropy (8bit):	4.468601920408981
Encrypted:	false
SSDEEP:	96:w1tWASD+WAXWAtWABWAHugWAEigWADWAXWAJW6WhW7xWZWpWOWbWvWlf7dBfyvfn:GtR7ZFrugkfTFfScxiKJYMkP6vP
MD5:	347235E379C786093B92BD932750AAB9
SHA1:	5561C96247F2A05DC1BEB6E7C049055CDE370F7F
SHA-256:	45A701DFA22956D37DF9A771C7AFD1ED483B502E8BC3796FB29AE8C4ECEC16B7
SHA-512:	2B6998E643DEC2AD23C289FC8B62032793CC3AA673DACA3F0C86E20298FCE0BADA6FCFEADF863C14E949B26FE2B1ACEB458653BCAE3B82508000888C4A6F141B
Malicious:	false
Preview:	"classes/p228.res"..{..."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."126"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."150"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."te

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\p90.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7434
Entropy (8bit):	4.464046307839038
Encrypted:	false
SSDEEP:	96:0WASD+WAXWAtWABWAHugWAEigWADWAXWAJWvWiWeWSWaW5WoW8W0f7dBfFvfn:0R7ZFrugkfTFQ/nXfwl1jPdvP
MD5:	384CFD91F62B5A53D7952542C9197B6C
SHA1:	485A7FA0F044438D4CDC6F0445C132421F14D1DD
SHA-256:	8490358F5BFC24078FECF9FFF4260E1D70DFBF3BF5760EB12D1FE87E19A31D3B
SHA-512:	847D53E829BF88DEDDF835C182E0B2AD9756225D1E09E846C290C4B4AF8E2E7D992C8ACBF51A17A1D0BB5B4A778D5AB600F4783FC3DF56BD1629CFE154442D02
Malicious:	false
Preview:	"classes/p90.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."126"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."150"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."t

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\pistols.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	661
Entropy (8bit):	4.3670164711617225
Encrypted:	false
SSDEEP:	12:oYq1NPmEPm//skPLHy56eRX3LeLs1G5qYkkgmyYy56d9Jba:Q1NeEe//nLS5fRB6qBTf5M9Jba
MD5:	8CA1DE948B66748D8698C08DB8A40357
SHA1:	50BD2779E34E050B592AB2FA018AA28078A044F9
SHA-256:	9175F1119838240CD949C9B7CA93EA024872E11ECF0F8E0C5E7C1503D29721B3
SHA-512:	354644E9B93DFC17D2911BED3ED179FC5C11AD1830D531B95EEA576CAA410599D7E2B9C765B7C522F56E38F18FEA9FC38B9AE906B1938530B71A2B9FB71299F9
Malicious:	false
Preview:	"classes/pistols.res"..{..."pistolslabel"...{...."ControlName".."Label"...."fieldName".."pistolslabel"...."xpos".."4"...."ypos".."0"...."wide".."400"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."labelText".."#CStrike_PistolsLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."128"...."tall".."256"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."textAlignment".."center"...."image"..."gfx/vgui/pistols"...."scaleImage"."1"...}....}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\primaryammo.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	684
Entropy (8bit):	4.418600891848411
Encrypted:	false
SSDEEP:	12:oUq14FzkJNkoLHy56eRX3Xx0s1G5qYkkgmyYy56d95a:Nq14FCkoLS5fR3xV6qBTf5M95a
MD5:	D6CF9301A33341E6E11BDD91FFB132AF
SHA1:	F0579B81EB30D5F112A3D5CBE6E3F37811A8E41F
SHA-256:	80AD3EE30130118EBD4A9AEA0D658EC6D501B9C7A5DACBF8BBD08B998A695393
SHA-512:	CE79EB5D769B1432B087E9EEA4174CD3066A2BDF44FBA696A408F1A5B4599CD22C4F6D2BDE15DEA899C9488483B60275EC1F08DB5D8CD531D0C30228F7A00520
Malicious:	false
Preview:	"classes/primaryammo.res"..{..."primaryammolabel"...{...."ControlName".."Label"...."fieldName".."primaryammolabel"...."xpos".."0"...."ypos".."22"...."wide".."250"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."labelText".."#CStrike_PrimaryammoLabel"...."textAlignment".."center"...."dulltext".."1"...."brighttext".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."128"...."tall".."256"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."textAlignment".."center"...."image"..."gfx/vgui/primaryammo"...."scaleImage"."1"...}....}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\rifles.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	4.368139106721253
Encrypted:	false
SSDEEP:	12:bkIpIzkJNkoLHy56eRX3Ef0s1G5qYkkgmyYy56d95Via:bHGCkoLS5fRAV6qBTf5M9Lia
MD5:	B02E0845B63CF73E2905AA955B5B051C
SHA1:	AA0F3E2C02E36BA5FF48C3DFFC5E62839DF15FB5
SHA-256:	E5EC6CECE5B706C43CB8CA7FCD680FFEC7A456CE18A96F6929A47892F5AA6CBA
SHA-512:	345F5E347B4B9C8637565AE7E9B90B8005721A96FE566197EFE3FA5675C1766EB1F73982BCB3DCF1BCDEEEDEABE6127B660D3AFCFC2D686D6BF6F8542014BA54
Malicious:	false
Preview:	"classes/rifles.res"..{..."rifleslabel"...{...."ControlName".."Label"...."fieldName".."rifleslabel"...."xpos".."0"...."ypos".."22"...."wide".."250"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."labelText".."#CStrike_RiflesLabel"...."textAlignment".."center"...."dulltext".."1"...."brighttext".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."128"...."tall".."256"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."textAlignment".."center"...."image"..."gfx/vgui/rifles"...."scaleImage"."1"...}....}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\sas.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1555
Entropy (8bit):	4.367674715032292
Encrypted:	false
SSDEEP:	24:ZCqtgK7dHqhK3ggkgKVApgDNgibhVggr3g9Sstab:ZOK7dyKQgvKCtibBQ9Sr
MD5:	1BEB010DB02C5DEF8F6497695317DDDE
SHA1:	34273AF678F615311259D4AF7F944570AE3C6896
SHA-256:	8A1E7A9C8C757CF01838BFAFFC34E5D03CFB72DFA2B0DCD55DB42EE1EF6032A7
SHA-512:	2DA1E25845548AC12D6EFB12DD09C883C0134A8EB199B10B4B5EDB0AC66A51B44D372C4AC44B88849583BCB1FEF28AF8D8F4FC0B7724BA31C01757238A637157
Malicious:	false
Preview:	"classes/sas.res"..{..."imageBG"...{...."ControlName".."ImagePanel"...."fieldName".."imageBG"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."center"...."fillColor".."WindowBG"...."zpos".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."256"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."west"...."image"..."gfx/vgui/sas"...."scaleImage"."1"...."zpos".."1"...}..."imageBorder"...{...."ControlName".."Divider"...."fieldName".."imageBorder"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition"."0"...."zpos".."2"...}..."className"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."0"...."ypos".."204"...."wide".."300"

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\scout.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6887
Entropy (8bit):	4.421697898708042
Encrypted:	false
SSDEEP:	96:4WA+DTWA/WA6WA/WAHWAEcWA+WAiWAUWxWrzW4WxWdWDW8WgW39S7dBqwv9Sn:40rGbLdKGYiyFcsEx1I9gxv9w
MD5:	CF7BAA687506D18C56C6B83F87749E0B
SHA1:	20A5B9629F5B7B2EDF69946BC2E09BBB91EA121E
SHA-256:	E511287E9BB07929AA75F47052539FA2DBFFF7DC0796C7E0AEE356FDAF0D29A8
SHA-512:	DCB222D36715C6E522249BF53C1CB21358EAB86932F4080BEC0975FC10C30DD5030C63CEAD01443E46189185F14E9946C346318BD5DC91D5CC7CC9142B26B961
Malicious:	false
Preview:	"classes/scout.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."86"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."102"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."118"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\secammo.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	664
Entropy (8bit):	4.377299947671774
Encrypted:	false
SSDEEP:	12:eq4ePezkJNkoLHy56eRX32h0s1G5qYkkgmyYy56d90ba:eqdGCkoLS5fRaV6qBTf5M96a
MD5:	AAE3EC07CF6545344CF3C364E659572F
SHA1:	BF3E89C35A8724419CED935F80457ADECF724129
SHA-256:	CADB15728DAE24AF8E511964C9BEE02A14851D66414C34FFE9C6F6E06F8DE76A
SHA-512:	9B410D0FF3578CA82C405D49F0991B333EB80D0D1CC18460397C619A1C72C3FDA798C0D36052D31071DE95F5616B549124D83F16B4CB12662A6B4A0752ECD324
Malicious:	false
Preview:	"classes/secammo.res"..{..."secammolabel"...{...."ControlName".."Label"...."fieldName".."secammolabel"...."xpos".."0"...."ypos".."22"...."wide".."250"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."labelText".."#CStrike_SecammoLabel"...."textAlignment".."center"...."dulltext".."1"...."brighttext".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."128"...."tall".."256"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."textAlignment".."center"...."image"..."gfx/vgui/secammo"...."scaleImage"."1"...}....}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\sg550.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6887
Entropy (8bit):	4.433247737993231
Encrypted:	false
SSDEEP:	96:uWA+DTWA/WA6WA/WAHWAEcWA+WAiWAUW7WBWCWPWbWtWuWDGWD19S7dBq6v9Sn:u0rGbLdKGY88nKKOTH69gDv9w
MD5:	CA1F00086E0B7D1111026A5A035EE7D6
SHA1:	8AC0BB393183BFEEB0695DF0A993BC9B2F6C1F09
SHA-256:	371E69FB779E8985CCE043DB06D27B3E7FCA830F31CC457623E49BA0AE886CB7
SHA-512:	E75A4FB95FF4782C07E783D46F08FA3EC1576411BF18B9034249076D6A5E00FCE19E74D91C81E1DC732EBB3A35D0AE1D173606E45C144258710F097FECC4C8DB
Malicious:	false
Preview:	"classes/sg550.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."86"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."102"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."118"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\sg552.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6887
Entropy (8bit):	4.435516003966369
Encrypted:	false
SSDEEP:	96:UWA+DTWA/WA6WA/WAHWAEcWA+WAiWAUWNWzWcW1W5WPWAWsWT9S7dBqMv9Sn:U0rGbLdKGYumJg4gVB09gdv9w
MD5:	0F687FE9F96F0BF5E00E974C09EECA9E
SHA1:	15ECB7430D080F4060AA980ECA9DF90D9C228AD0
SHA-256:	6C48E98473871CCD1C4E2614CC1BFF31E371765A7DD93DC0CB390A24ADF1DBDF
SHA-512:	B904D1AF3A371E421FEE2782E241919E2862CC504ABF1A95F1EB9FF97E9F415C12CD76378928D9AC13A3E9E8A8AAE3D645D63707BA84101D7B35FFD5212AE455
Malicious:	false
Preview:	"classes/sg552.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."86"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."102"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."118"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\shield.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2336
Entropy (8bit):	4.438374855163435
Encrypted:	false
SSDEEP:	24:yCggyLS88taQePielLS4ZtaPgOhLSyta/EJqpta2qtgoa7dzqS/coa34vMkgoan:aWEW3hWeJqnf7dafgMvfn
MD5:	9E4243F8BE5C3968B109F46626D78431
SHA1:	C44329E6117BDD3A4BA945750657DFF318B39AAF
SHA-256:	EF8FFBA16A0A564EEC8C7E36DF0E4B7274FE53223A08DFF950C51D46BA0663FA
SHA-512:	1E1B1431C176288CCA00063AD5196842D6114B97E501E53121F0D7BA2D08C4BB7006303777F27A80BD3E94D713EAC102D98ED035AF1422C08696A4ED3587CA4E
Malicious:	false
Preview:	"classes/shield.res"..{......."pricelabel"...{...."ControlName".."Label"...."fieldName".."infolabel"....."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_PriceLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."descriptionlabel"...{...."ControlName".."Label"...."fieldName".."descriptionlabel"...."xpos".."0"...."ypos".."156"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_DescriptionLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."price"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."140"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#C

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\shotguns.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	664
Entropy (8bit):	4.399315204645778
Encrypted:	false
SSDEEP:	12:o28q1NPmEPm//skPLHy56eRX329MLs1G5qYkkgmyYy56d9rOa:X1NeEe//nLS5fRy6qBTf5M9qa
MD5:	1C5BA6FAC0BF57E24BFC795C9DF44E88
SHA1:	EB0BB8D7D4B01AFA0F78560BBF0A42E579524A8B
SHA-256:	274A523C6E123F8CCCBCCA81F10FF2B306A5D9D525F08B380420488371A3ACFF
SHA-512:	E23D244A60EE1E07FA8796F8DB1BE8BB09A386AD77A509D713E074DFC73C53BC093920F53B8F100C8F7907C725EE83D9513E175957ED2DC5B58C27C46AA57DB7
Malicious:	false
Preview:	"classes/shotguns.res"..{..."pistolslabel"...{...."ControlName".."Label"...."fieldName".."pistolslabel"...."xpos".."4"...."ypos".."0"...."wide".."400"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."labelText".."#CStrike_ShotgunsLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."128"...."tall".."256"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."textAlignment".."center"...."image"..."gfx/vgui/shotguns"...."scaleImage"."1"...}....}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\smokegrenade.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2360
Entropy (8bit):	4.45253262602147
Encrypted:	false
SSDEEP:	24:CiggyLS88taQePielLS4ZtaPgOhLSOta/E0LP9ta2qtgoa7dzqS/coa3EPMkgoan:CxWEW3hWC0LPDf7daf0PMvfn
MD5:	847748C7E6AFBB2CD80E707C91B4D07E
SHA1:	6C5BD3E8FA0F12B3D20E97425E31F0D3D00795CD
SHA-256:	B3DEB30A0B9171F4769F2F84F1A5D2A7543C7A35B915B84F1FBE386F0D1234A8
SHA-512:	FC0AE20B7627FFBC9D53DE7932C71DF57AD58890FDE296DB3F6BC0EAF0038DF9CB17A13EBC28DAE7C62D13AA87656C665E7ACDACA581693B5E910E85B3247424
Malicious:	false
Preview:	"classes/smokegrenade.res"..{......."pricelabel"...{...."ControlName".."Label"...."fieldName".."infolabel"....."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_PriceLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."descriptionlabel"...{...."ControlName".."Label"...."fieldName".."descriptionlabel"...."xpos".."0"...."ypos".."156"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_DescriptionLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."price"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."140"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\spetsnaz.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1606
Entropy (8bit):	4.344841508335172
Encrypted:	false
SSDEEP:	24:kCqagsFdYqksZ18pgsFApgGgCoVgg0g8xZtGYb:kNsFdasz8SsycCE8xP
MD5:	87C5A2BF38CE348DCF5F4758A1BA1DBF
SHA1:	6862622C0F73E857209FE8BF078A3BCC9F0E6667
SHA-256:	B6F4F2B542C2ADDA4287C80C929E71297125FA7AE8F1A05F3BC1F8D75006ED81
SHA-512:	D8E06004F9C91DA42BEF2EAA04A456799A80BD73162C9E5E78662EC4449454FA755467CBC675F0FBBBF3C5BDB45970D0E39A8FDD4F5C59E7472CBCC5D7BC5A42
Malicious:	false
Preview:	"classes/spetsnaz.res"..{..."imageBG"...{...."ControlName".."ImagePanel"...."fieldName".."imageBG"...."xpos"..."0"...."ypos"..."0"...."wide"..."300"...."tall"..."196"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."center"...."fillColor".."WindowBG"...."zpos"..."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos"..."0"...."ypos"..."0"...."wide"..."256"...."tall"..."196"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."west"...."image"..."gfx/vgui/spetsnaz"...."scaleImage".."1"...."zpos"..."1"...}..."imageBorder"...{...."ControlName".."Divider"...."fieldName".."imageBorder"...."xpos"..."0"...."ypos"..."0"...."wide"..."300"...."tall"..."196"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."zpos"..."2"...}..."className"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos"..."0"...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\submachineguns.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	699
Entropy (8bit):	4.4527286334681975
Encrypted:	false
SSDEEP:	12:HRq4pzkJNkoLHy56eRX32+0s1G5qYkkgmyYy56d9ha:Hw4pCkoLS5fRPV6qBTf5M9ha
MD5:	D604EE5E5525E7A696588ACBCCB8159D
SHA1:	162E7FEEC8FEFD5100DB7A6C256E4CC1C1F00FDF
SHA-256:	F4093ECFA4E586A16DEBAB632198F87455640D38C6E3FF045DABBA5FBCDB19CE
SHA-512:	25E7624A316C8ADDAEBD890810C0F4894B51F88AB5214D42178A647520A7E4B473F1A22FAD43ADA8FB98B9BF9DED53EEFC7BA6A95E48BC5E062C6A5BF675F9CC
Malicious:	false
Preview:	"classes/submachineguns.res"..{..."submachinegunslabel"...{...."ControlName".."Label"...."fieldName".."submachinegunslabel"...."xpos".."0"...."ypos".."22"...."wide".."250"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."labelText".."#CStrike_SubmachinegunsLabel"...."textAlignment".."center"...."dulltext".."1"...."brighttext".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."128"...."tall".."256"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."textAlignment".."center"...."image"..."gfx/vgui/submachineguns"...."scaleImage"."1"...}....}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\terror.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1567
Entropy (8bit):	4.3729799364301885
Encrypted:	false
SSDEEP:	24:shCqtgK7dHqhK3zgkgKVApgDNgiMXVggr3g9SM+tab:shOK7dyKDgvKCtiMXQ9SMl
MD5:	B1C40B71D95CB678945A2298E2756B77
SHA1:	4528EF51732BE988BCBDA19082867EACBC5B8C1D
SHA-256:	CB945A56F9DE75E9343204F7FB5E86B377DD358632EEFDB356020BF28F376409
SHA-512:	C82EAF4598483A22796BBB4D8A5627C6287437DA39BE4467D5A2BF23B882FEEDD9EC02D52912397BED314065153E12A21B1EEB935AFB17E172B1EEF8936B24BE
Malicious:	false
Preview:	"classes/terror.res"..{..."imageBG"...{...."ControlName".."ImagePanel"...."fieldName".."imageBG"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."center"...."fillColor".."WindowBG"...."zpos".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."256"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."west"...."image"..."gfx/vgui/terror"...."scaleImage"."1"...."zpos".."1"...}..."imageBorder"...{...."ControlName".."Divider"...."fieldName".."imageBorder"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition"."0"...."zpos".."2"...}..."className"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."0"...."ypos".."204"...."wide".

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\tmp.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7434
Entropy (8bit):	4.46637978483237
Encrypted:	false
SSDEEP:	96:1WASD+WAXWAtWABWAHugWAEHWADWAXWAJWPWCW+WyW6WvWIWcWUf7dBf9jvfn:1R7ZFrugKfTFYXfvHM9NLPFjvP
MD5:	01D3AA159DBC9207C7480B2D17DB5561
SHA1:	16B3D8938A4864F45378D6BC9272CBF587340172
SHA-256:	1577A79849DBDBE58AFF8339A50E0EC9EAF8E825E4BF88F5D61EEF0794726A04
SHA-512:	5730DFC1C6A52DD464F60B48ACC4FB7ED7A249261AA174C742B0DC8D6A81CAFD9DEFCD879A720031868B47482E85669FBCC116B9FF817F0C30DD1DAD7AEA741A
Malicious:	false
Preview:	"classes/tmp.res"..{......."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."126"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."150"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\ump45.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7456
Entropy (8bit):	4.479343449717432
Encrypted:	false
SSDEEP:	96:gWASD+WAXWAtWABWAHugWAEigWADWAXWAJWTW2WaWWW2W1W0WIWIf7dBfZLvfn:gR7ZFrugkfTFcL7TDU5pPPhvP
MD5:	5B41407FBD4C4DFF7F83B60C683CF988
SHA1:	DDC9CB3F5541C99325EB81288BE39634CA4725CD
SHA-256:	CE286C7691EC091F0C73787E5CD578BEC582FC832BD3F9C6DADC1FB61F903279
SHA-512:	0FA463F1FDE21FDF9BCF7B350AEB172E1A6471113FE2895E409074D9B330FF2DD72C9DBA8DECADAFFDE0D2984EA64B39E89B15F1CF087141C0AE65AFFB0F65D0
Malicious:	false
Preview:	"classes/ump45.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."126"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."150"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\urban.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1563
Entropy (8bit):	4.38020235114508
Encrypted:	false
SSDEEP:	24:wCqtgK7dHqhK3VgkgKVApgDNgiqVggr3g9Sptab:wOK7dyKFgvKCtiaQ9Sy
MD5:	34E7572E10C05DE6E3D7AA9D1407F024
SHA1:	73C7F79115FF1A855ADE59A7F0D4325E019B1D9E
SHA-256:	06F6DD0E6D25D0C3632F62D47BFD7FC92B08BDB6A2812B2745D926CEC356C910
SHA-512:	F20859E75BBF544751A151EC87F019C2DADDEA271B7CE40242C642B58EF2B009EE157BE57FCDDA15B8C337EA748221E460B776E81EECC667FD34A8773861338B
Malicious:	false
Preview:	"classes/urban.res"..{..."imageBG"...{...."ControlName".."ImagePanel"...."fieldName".."imageBG"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."center"...."fillColor".."WindowBG"...."zpos".."0"...}..."classimage"...{...."ControlName".."ImagePanel"...."fieldName".."classimage"...."xpos".."0"...."ypos".."0"...."wide".."256"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."textAlignment".."west"...."image"..."gfx/vgui/urban"...."scaleImage"."1"...."zpos".."1"...}..."imageBorder"...{...."ControlName".."Divider"...."fieldName".."imageBorder"...."xpos".."0"...."ypos".."0"...."wide".."300"...."tall".."196"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition"."0"...."zpos".."2"...}..."className"...{...."ControlName".."Label"...."fieldName".."infolabel"...."xpos".."0"...."ypos".."204"...."wide".."

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\usp45.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7452
Entropy (8bit):	4.472073197120002
Encrypted:	false
SSDEEP:	96:cq1tWASD+WAXWAtWABWAHugWAEHWADWAXWAJWhWMWafWavWEWVWGWmWOf7dBfzLX:cEtR7ZFrugKfTFmtp1NWPDRPXvP
MD5:	9812F60EAF6D94CE7DC717AFCD1290A9
SHA1:	AA6284D1A2DAA7BBE96024E6E37411133775A5B5
SHA-256:	120862129AAF60D1764992CCF11E9EF68A60AF2C8811B7E32690A27C06BA66F0
SHA-512:	969727B3CB183EBA1F22A4F26BBDA8777F0DC80D71CAA3196E4037F1385F6A01222230953AC46B34FA3386921557ABDD28A13E6A06B10854247785710052C488
Malicious:	false
Preview:	"classes/usp45.res"..{..."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."126"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."138"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."font".."DefaultVerySmall"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."150"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."t

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\classes\xm1014.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6898
Entropy (8bit):	4.433757042366859
Encrypted:	false
SSDEEP:	96:dWA+DTWA/WA6WA/WAHWAEcWA+WAiWAUWgWoW95WGW+WCWA+WLWO9S7dBqbv9Sn:d0rGbLdKGYxv4xdD8g39gcv9w
MD5:	CC49F039FE2EBC6A9C4E2588E876FEEC
SHA1:	B35BB9B6B1F1AF91F8F28F2A582463A0B174EA62
SHA-256:	485674332F05AACA74495792DDBF9EC91CEC68B3F062706EF41D603D68AFBC4A
SHA-512:	5A6DB18B7A6EB51DC3ED49812126A0A00BD0D72A428CCBB980ED079E40233E28359CBD613A6BBF451693519CCC2C1BA95A4114642950F887ECC7E7D52612D03C
Malicious:	false
Preview:	"classes/xm1014.res"..{....."pricelabel"...{...."ControlName".."Label"...."fieldName".."pricelabel"...."xpos".."0"...."ypos".."86"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_PriceLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}....."originlabel"...{...."ControlName".."Label"...."fieldName".."originlabel"...."xpos".."0"...."ypos".."102"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_OriginLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."calibrelabel"...{...."ControlName".."Label"...."fieldName".."calibrelabel"...."xpos".."0"...."ypos".."118"...."wide".."150"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#CStrike_CalibreLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext"..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\commandmenu.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5322
Entropy (8bit):	4.964423754341277
Encrypted:	false
SSDEEP:	96:SKRuDwtiqkeyg10brFSkWwExoWwiqvMn+2ea:SlNIB1Wr0a+fNWMn+ha
MD5:	CFFE4B6CD800093B822CC411F74FAC14
SHA1:	4B0EDD7FAF2E4C56C0C574A8F8EEC229D44CCED6
SHA-256:	F33732B92562129F58F432118208F94862EA3310C8E8B553F1AE36C3336F3311
SHA-512:	556EC3587C595687ED5CECDA9753B541DAEA443C7222E440A04FED531EAA707B98EAEE42108967CC9EC6A25A9A2D2BB221D5437D89EF4A20D002D94D31AC424E
Malicious:	false
Preview:	// ############################################################################################..// [EEV]ZepheR's command menu. v1.8 Useful settings in a simple menu. 15:04 16/09/2005..// ############################################################################################.."*" "Zeph's Command Menu v1.8" "say ZCM v1.8 - www.thezproject.org".."1" "Game Settings"..{...."1" "Weapon Hands"....{....."1" "Use Right Models" "cl_righthand 1"....."2" "Use Left Models" "cl_righthand 0"....}...."2" "Auto Help"....{....."1" "On" "setinfo _ah 1"....."2" "Off" "setinfo _ah 0"....}...."3" "Buy Menu Type"....{....."1" "VGUI" "setinfo _vgui_menus 1"....."2" "Classic Text" "setinfo _vgui_menus 0"....}...."4" "Auto Weapon Switch"....{....."1" "On" "setinfo _cl_autowepswitch 1"....."2" "Off" "setinfo _cl_autowepswitch 0"....}...."5" "Weather Effects"....{....."1" "On" "cl_weather 1"....."2" "Off" "cl_weather 0"....}...."6" "Center playername ID"....{....."1" "On" "hud_centerid 1"....."2" "Off"

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\cstrike.ico

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	MS Windows icon resource - 4 icons, 16x16, 16x16
Category:	dropped
Size (bytes):	7782
Entropy (8bit):	4.995502218744664
Encrypted:	false
SSDEEP:	48:aitS4DkQvOHO05Se1Z+aRb3xGWTGq0GdGRuy6OM5GwGc8GwXfGwS3wu1XD3cGNYh:a816j+aRTZlth33VKoNTL3w
MD5:	4335BD4014D837B4C94896CE8833BE2A
SHA1:	F16B5951EED02E3C3516389031374E95268D9CE7
SHA-256:	13A9046A55D6059BBF1DF982569CA56A6E6D48F70917103FB71256B41E473168
SHA-512:	38F1B35E0689E753C673464905DD3C9F23766CFBE6E76E1FC1A47633CFE614992E964C18FE30332B658C6E4D741E9DA995B16E246CE0E1D7EB1E63D49ABB121F
Malicious:	false
Preview:	..............h...F...........h....... .............. ..............(....... ...........@...GFleming................ooo.........? .......o`.....................@0/.P?0.............p`_.....p_P.?/..............`PO...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\custom.hpk

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	HPack archive data
Category:	dropped
Size (bytes):	12896
Entropy (8bit):	3.487984858972167
Encrypted:	false
SSDEEP:	96:/KGp54CNdZc7ASaKn/ED1KFcJ3cEzBDKcoJVpbTdhm+4QRk71GsC3MS/9e:/KGpjHS1/aMFCcEsL7pPzRRbs6c
MD5:	679C6A9D3FDA20897946601286B4FF54
SHA1:	C472811EB349D210A17FD4F47E141D267CF933B3
SHA-256:	B4294099B05C6C50826DCC11B077E0D286573AFBBE7B79599677D7622819120D
SHA-512:	667433CBE4C56F65B073EED03BB8F04CA52138E21A1424152BE940D2A9E245FD28FB9A488E5DF3EC24CC2C8695D892DFEC4E02BF816BFEA0EBD395076B4B228C
Malicious:	false
Preview:	HPAK....<1..WAD3....x...LOGO............@...@...(...(...(...(.............................................................................................................................................................................................................................!7HUVWVVJ<$..................................................[..............t............................................E....................Q.......................................%........................1...................................>..........~.................H....................................................................................................\|..........................!..........................(.......j_}...........................8........................,.......]Y.............................R......................&....................................Z...<..........................................................L...!.......................5..k.......................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\delta.lst

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	12101
Entropy (8bit):	5.100213767867699
Encrypted:	false
SSDEEP:	96:Twtzb0MOuBEudmhcXTTELdmTg2UhLS+8ed59n0iJb1Y:uqMdmzby
MD5:	BA4C1AFC46C58072199DA91373D6BC07
SHA1:	6216D9FDE30B7C01EFCE41D07A1C6D4FAF1EBB55
SHA-256:	22313453A4784015C4A73F7F6B21E8D15082A4D0497FD12EADA5E104FB650532
SHA-512:	C98B86C44EBBDDA605C5D8768B5D83DD73AE057E9EDFE1143E361306B27C038E9CEE501200C301CFA0977A9579FD0A06D2A4797B20A43C5B9B20D50FBF6713ED
Malicious:	false
Preview:	// structure name..// none == no conditional encode routine..// gamedll routine_name : before transmitting data, invoke the named function from the game .dll to reset fields as needed..// clientdll routine_name : same as above, except the routine is called via the client.dll....clientdata_t none ..{...DEFINE_DELTA( flTimeStepSound, DT_INTEGER, 10, 1.0 ),...DEFINE_DELTA( origin[0], DT_SIGNED \| DT_FLOAT, 21, 128.0 ),...DEFINE_DELTA( origin[1], DT_SIGNED \| DT_FLOAT, 21, 128.0 ),...DEFINE_DELTA( velocity[0], DT_SIGNED \| DT_FLOAT, 16, 8.0 ),...DEFINE_DELTA( velocity[1], DT_SIGNED \| DT_FLOAT, 16, 8.0 ),.....DEFINE_DELTA( m_flNextAttack, DT_FLOAT \| DT_SIGNED, 22, 1000.0 ),.....DEFINE_DELTA( origin[2], DT_SIGNED \| DT_FLOAT, 21, 128.0 ),...DEFINE_DELTA( velocity[2], DT_SIGNED \| DT_FLOAT, 16, 8.0 ),.....DEFINE_DELTA( ammo_nails, DT_SIGNED \| DT_INTEGER, 10, 1.0 ),...DEFINE_DELTA( ammo_shells, DT_SIGNED \| DT_INTEGER, 10, 1.0 ),...DEFINE_DELTA( ammo_cells, DT_SIGNED \| DT_INTEGER,

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\ak47.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\aug.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\awp.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\createexplo.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.9219280948873623
Encrypted:	false
SSDEEP:	3:RF+xn:jK
MD5:	1AE3522476A78C282E292B1D943959DE
SHA1:	503BFDBDA6CAEC6FED3681753D205870747B8218
SHA-256:	BD7FDA97C08D5443E96EC5FA5B92007B39A3BA1F7D70FD33F17E0B56745790A0
SHA-512:	97A493F7EB2A19E1ACD35EFE8A45A03ADD243C6752271FCACCCE2B93F0880EB4F2697FE45809B75569FEBDA29D96B386E9C4DDD37E2CB0DC0F334268691A6DF9
Malicious:	false
Preview:	// Hi :+)~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\createsmoke.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\deagle.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\decal_reset.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\elite_left.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\elite_right.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\famas.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\fiveseven.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\g3sg1.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\galil.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\glock18.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\knife.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\m249.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\m3.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\m4a1.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\mac10.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\mp5n.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\p228.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\p90.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\scout.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\sg550.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\sg552.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\tmp.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\ump45.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\usp.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.0957952550009344
Encrypted:	false
SSDEEP:	3:RF+s:jx
MD5:	E41AA21F57500B1B71802B76FCAAECD1
SHA1:	554EAEBF267F8AACEB4E9B18E28DFA5131168A09
SHA-256:	2092E6C9862B42FE817A552F0ECF05A58A2609B2424402404A796C325BDF2098
SHA-512:	4C2B2E183BB68C16B383532AA03D5DBAEBEBDE35B843FF442B84F6C9DBA655868E7E7BA76B5B92D003DB1AC73EBDD2AED5933595B35D073C702B1E841D94269D
Malicious:	false
Preview:	// Hi :+)..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\vehicle.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\events\xm1014.sc

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:RF+V:j8
MD5:	D14F11B47B92D829B6EC4912CA7349E8
SHA1:	86B8DD77A055A3D1D154022492ED7D7E4CA371A5
SHA-256:	89A0F0C5F04EA6DA99B4A48FB642B968D32350AA3E6697DA24D2736B7BB195D0
SHA-512:	F19F860C86297921B972338DD0EE73241B3B822D1B9D977CEE39E45891F1D57BF144CD676EB2E7E35985969613DFF0896473DD8E89AD07C66E79AC94510FB5D7
Malicious:	false
Preview:	// Hi :+)

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\game.ico

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	MS Windows icon resource - 4 icons, 16x16, 16x16
Category:	dropped
Size (bytes):	7782
Entropy (8bit):	4.995502218744664
Encrypted:	false
SSDEEP:	48:aitS4DkQvOHO05Se1Z+aRb3xGWTGq0GdGRuy6OM5GwGc8GwXfGwS3wu1XD3cGNYh:a816j+aRTZlth33VKoNTL3w
MD5:	4335BD4014D837B4C94896CE8833BE2A
SHA1:	F16B5951EED02E3C3516389031374E95268D9CE7
SHA-256:	13A9046A55D6059BBF1DF982569CA56A6E6D48F70917103FB71256B41E473168
SHA-512:	38F1B35E0689E753C673464905DD3C9F23766CFBE6E76E1FC1A47633CFE614992E964C18FE30332B658C6E4D741E9DA995B16E246CE0E1D7EB1E63D49ABB121F
Malicious:	false
Preview:	..............h...F...........h....... .............. ..............(....... ...........@...GFleming................ooo.........? .......o`.....................@0/.P?0.............p`_.....p_P.?/..............`PO...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\Thumbs.db

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	41472
Entropy (8bit):	7.376941123012372
Encrypted:	false
SSDEEP:	768:9kd17PFOv7p8+SZSh7ln2DxdUKnqyL+W1hTCL6Eu5Lm:9o7P8vVHSZSZd2D/UExL+W1Iu5L
MD5:	9149A6D19AA1A5DB75A1964C6507AE1A
SHA1:	1D69DBFC0E4EF3A1E5F4763312C7596FF5313F08
SHA-256:	DA5237AEF5707BF1B4E331E2B522859A64EE520A6DE7644786DBA313A82EE660
SHA-512:	3BC4149410C5BC4C82891341092F3CC51CCD95505EE8B3C363CED4C063EF187EB1BA3B02B40B0DC89379C50B66CAA9117B9A2118E9B136C0957D2AD11545FE45
Malicious:	false
Preview:	......................>...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................*...#........................................................... ...!..."...$...5...%...&...'...(...)...+...@...,...-......./...0...1...2...3...4...6...H...7...8...9...:...;...<...=...>...?...A.......B...C...D...E...F...G...I.......J...K...L...M...N...O...............................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\morningdewbk.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	7.607149779173652
Encrypted:	false
SSDEEP:	3072:M1nC7M+EmFBQQqLvBNgzSJPKya1SAjkQPAbzx5rLxALGAoo4RYZOC:MZ6/F2gzePKyagA5PAbfLxLAfZ/
MD5:	E06F613833D6CCAEB7F260F39559B149
SHA1:	AFD0E16A82F52CBA6CF16A3015A1A731167220F8
SHA-256:	E7BD0314E591015261156F58EF6707475997CD6538FE9402B1ACEB1F3C2BF105
SHA-512:	CB8935A70E65D1712B736748401408FD78E28510A91CB298C7529DE7110747402341D8ED9F54C63166964E720EB4C65B887F39394D6BD46EFA2B6C2B66CB5F38
Malicious:	false
Preview:	................................................................"!.#$.$%.$&.%).'+.'+.&.%+.$.$).$).$(.$(.%).%).%+.'-.&+.%.$).$'.%'.$(.$(.%'.%%.%#.$".$!.".. ........................................................................ . #.... ." .#!.%#.$#.$$.%$.$$.%#.&#.&".&!.%!.$ .#..#..!.................................................................... ..#..% .% .&!.&".#"."#."$.#%.#%."%.#&.&,.(-.).'&.'&.'&.'(.+..+- ,.!.1"/2$24#21"0-!-.)'.&&.%&. ".#%.$%.$&.&(.(.)+.+,!.."0/#00#/1$00$1/$1-$0,#/#.)#,(!)' '& %% &'!'(!()!() '(!(( && %%.#$.$%.$%.##.##."".##.$$.&%.($.)$ )$ # +$ $!)&"&"##$"#")$"($"'$"($"(%"&$,('/-(/-(.,(-,)--)--).-(.,',+&(#$###"! .!!."#!"$""&$"&#!&"!'"!(#!(#!("!("!("!)"""#+$$,&&.)'/((/''.&'-&(-%',%'+$')$&($&'$&'$%%"$$!$%"$&#$&$%($%)$%$%+$%+$&,$&,$&,%&,$.!.. ............................................"!.#".#$.#&.$(.%).&).&.%.$).$).$(.$(.$(.$(.%).%.%).&).%(.$&.$%.#'.%(.%'.&&.&%.%$.&$.$!."..!.......................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\morningdewdn.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	6.269861951832222
Encrypted:	false
SSDEEP:	6144:kIPd/ZIoaI+3IFW7PuXaoVPspCkcVCoUIT2:kOkFVIFW7PEdIwkJc2
MD5:	04AE31A3F490E0C4F231228B446FDA15
SHA1:	4A7638C36B4375CF3B53C3B5B48352EE1DED452A
SHA-256:	B9DA8639C7134A7C24069848B716D0D9C32F10FCCF6B8B6C9F7392DCC32D8611
SHA-512:	C68892AB28084A36198F732E133621D3D4E9B4E4E5077A7565CE2DFE3BA050037629DB358869E596860F4E0DDDBFA24D412CE3654D46E97E565DAC8AC00CC503
Malicious:	false
Preview:	................................................................................................................................................................................................. ..!..##.').)).)).(.(,.)-.(-.(,.(+.'.&.(-./8.3?.6C.7D.4?./8..7.-5.-5.,5.)2.'0..8.,8.,8..8.6? 8B.5>.3;.4=.7C.4>.-5.+0.)..',.$(.!%..$.. ..!.......................... ..!.."..!.. ..".!$.!$."$.#%.$&.#&. $..".. .....................................!.."!. ". $.!&.%.%+.%,.#."'..". ".................... ..!."#."!. .. .. .."..!.. ................................................................................................................................................................................ .. .."..$ .$ .% .$".$#.$#.#".""."!.#!.$!.$!.# .!.. .. .....!.. .. .. .. ..!.."..).+-..............................................................................................................................................................................!.."..# .&&.(.)..+.,...)-.(,.(*.&).

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\morningdewft.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	7.609662313151607
Encrypted:	false
SSDEEP:	6144:lO344+4yic+4eYHnNDwhgWelGIm97awQxUkVX6d:k34k9HOUkVm
MD5:	C6E316B84125B442F02B9F7F83E02DF1
SHA1:	2B9E183F411C25EAD342C14A39B8986BE876E4B7
SHA-256:	8BDE41C251FFCEC54C40017785B5EF9351A3A911A42311B0C9E9321552939711
SHA-512:	4B3AB7F4D06DC35191C7A382E17F4784004E5DB059E59411D3AE6A5173A477194BF6B552F3643CF38A994131BA9E9BD39E365089928530C28BBFB0AD8D32ABDD
Malicious:	false
Preview:	..................:=::<9:;9:<;;;<;;=<:<<;==;=?=>?=>A>?B?BCAEDBFEBDGCEHCEIDFJEGLFGMGIOJLPJLRLOSORUQUVRUWQRYPQZQR[RQ]RQ^TR`USaVTcXVdYVeZWg\Xh]Zj_[k_[la\mb]nc^oc^oc]oa[ob\pc\pd\pd]pd\pd\pd\oc[ncZmb[laZkaYjaYh`Wf^Ve\Td[ScZRb[SaZS_XQ]VP\TN[RMYPLYPLXOLWNJWNJVMIUKGUKHULJULJSKHSKHSLIQMJOLINKIMLJMOQIKKEHEBEA@DC<BC8?>6><5>=2;=.89)11'00)4:7@&26#./!-+!-)".+#/,"/,!-)"-)"-("+&#,&#-&#.'#-'"-&"-&"-&"-'".'"-&"-%!+$ # # )".)".(".&".$ ." . ........... .. . #.!$................... .."..$..%..&..&..&..&..'..(!.(#.'&.('.((.((.)).)).)'.'!.$.."..!.. ........ ....."). ."..#..& .)" $",'"-)#/#0,#0,"0,"/-!..!./!0. 0..0-./-./.../.,0.0.)/.,2..4./5..4.,3.1.(/.(-.'+.%).$(.#'."%. #..!..". %..%........................................!!.$".'%.+.,-.-/..1.-1.+..).'&.%"."..............!..'#.((.(+./.,09<9:=::<9:<:;<<;;=<<><<>=;=>;=?<=@=>A?BBADCADD@BFACGBDHCEIDEKEGLGHNHJOJLQLORNRTQVVRVWPRXPQZQQ[RQ\SQ^TS_US`VTbXUcXUeYVfZWh\Yi]Zk_[l`\ma]nb^od_pd^pc]pb\pc\pc]pd]qd]qd]pd\pd\oc[nc[mb[laZkaYjaYh`Xf^Vd\Tc[ScZRbZR`YS^WR]

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\morningdewlf.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	7.638657054401498
Encrypted:	false
SSDEEP:	3072:zQjiGkHzkk2+6cLRTBrKbhAFgJU0Nn2equfny/HyIbPSRGNcVOm6ILAA0t5gQpnp:kji57n1HmSbneqEyPyywycVOmqA0t5gq
MD5:	8475F77244029B6A3ECEB98D0A941800
SHA1:	4011B8B7CF3BCC554D3C05876C2FAA618F242F73
SHA-256:	85DE4F094F910BFEADD8C964C26125E510EC42AD377D564C101FBA0BAF6A90EA
SHA-512:	925C879435349DE4E73AD2F896377C877BCB42BA61DF7024069D0FF6D9635D69FCBA5FC3D3AD4AE9E2FDA0F33097F8F0235DCA5649407D65BD03EFDD7B506D30
Malicious:	false
Preview:	...................+/.,/....+).$ . .. ........ ........ .....!.."!." .# .!!.!!."!.##.$$.$$.%".%!.%!.$ .!.. ................................................................................................................................................... .. ............................ .." .!..!..!.." .!". ................. ..!.!#. #."'.#+.$,.'-.&+."'..#. !. .............................................!. $.#&.$%.%%.#$. ". #..#.. .. ..!..!.............................!.."..$."'.$).(-.0.,2.08.8C 8C.4=.4<.4<.7A.6@./9.,8..9..7.+3.2.)1.(0.)2.+3.,4.0:.5B.5C.4@./8.(..&.'+.(+.(,.(-.(,.'.&).'(.''.&&. ......................................................................................................................................................................................-2.-1.-/....-,.('.".. ....................... .. ..! .! . !. !.!"."".#$.$%.&$.&#.&".$!.!.............................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\morningdewrt.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	7.639829198740249
Encrypted:	false
SSDEEP:	3072:r1gzfztwlO6ziujIZRdqLM1CfuSXtrPX3CDyKcJozM1vZRnepTOKKmk:rCeiuUZLFmdrPiyYgLITRBk
MD5:	2182B6B2BC8F6BFA8740B00BA5E1DC35
SHA1:	F6CD47D863892774356A8E7A2ACE75B9590E74AC
SHA-256:	51F8EE5A6D5312508C947EB7F88D2A5B039D1F8BB8F76AF0022182506101A312
SHA-512:	FD0703E7CA72A4CBC655C78EE9631072F64807C2B3A64171B129AAB73DFD38675C1FB12FFC25E0B6135846E1AE5F741BD96BA4C4E3B6D3410A6A0B6C8B7A606E
Malicious:	false
Preview:	..................&-%'-%'-%'-%(.%(.&(.&)/'0(1)+1),2,1)+/'-%+%))$))#('"&$ &$ %$.%% &'!&'"&'"&&"&%"&&$'))'+'))''&&&$&'$''$'(%'(&()&(')+'-(+/,0+-2-/4//4003/13012/12.11,1/1.)1.(0,'0,(1-)1-2.2.+2.2.3.)30404152+64-87.:;2=?6@B;EDAHFDIEBJFAKFALE@LD>ME>NF>OE=PE=QE<P@7Q?5R?5R?6SA8TA8UA7UA7UB8UC:UD=TD=TC;TC;SB9SA8SA9TB:TB:UC;VD<WE=WF>WF?VF>UD=TB;S@8RB<QB=QB=PA;OA<NA<M?<K>:J>:I?;H?;H?<F=;E;8C:6B:5B:5A95A95A95@85@96A=<A?@@;7A<7B?9CA;EC<GE?HGBJHCLIFOLJQMMRLLRJHQGDTKHUMJWNKVLHXMIYOJ[QL]SN^UO`WPbXRcYRf[Tg\Ti]Vk]Vl^Wn`WoaXpbXpbYqbYqcZrcZrd[sd[sd[sd[sd\sd\sd\sd\se]te]te]sd]rd]rc]qb\qb\qb]pb]pb\pb\pb\oa[o`[o`[oa[oa[oa[oa\pb\pc]qd^qd_re_re`se`se`sf`sfarfarfaqeapdaodamb`k`_i_]g^]dZYbYX`VV_UU]TS\SR[RRZPQXPQWQSVORTNPRLNQJLOIKMHJKGJIFJHEIFCGCADBAEAAFACHABE??A>=>=>><>=<>=;><:=::<9:<9&,$&-$'-%'-%'-%(.%(.&)/')0(0)+1)+1),1)+0'+.&,%))#(&"((#'&"'&"&%!%$ %% &&!&'!%&!%%!%%!%$"%&%&))'&&%&&$&($'($')%')&('),(-)+/,0+-2./4004003.03/12.11.10,1/+1.0-)0-(0+'0,(1-1.+1-2.+2.3/+31+42+42+53,65-87/;<4?

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\morningdewup.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	6.8842163716321325
Encrypted:	false
SSDEEP:	3072:Z3eyTzSMX27IqTQjBaHq2tnB5qr5rZ+AczbW33pDfJFHk606RCZh4Rx0+FUi3r7:SIqTmeq2FPMOPbWpLbHk60ZhOxX2i3r7
MD5:	4233696E40B977124B7FB91C87B40720
SHA1:	D99EE2EBF3FABEA57F29D91ED125E87DCEB5B8C0
SHA-256:	B8A9B64B63EAD99373DB210DCCA79B3FD63CEE4B49C4D43FF8BED886359CC0C3
SHA-512:	2B0F078B581E03EB264C4B88335C604D2469AE95352EACFF3B1480B7D2217355E22561379597D84AAF94CA5091D5991A541BD0FD044E376BC18BCA68533D418C
Malicious:	false
Preview:	..................IOlMTqOWuNVvOYyU_.`j.kt.t\|.x..}..................................................................................................................................................................................................................................................................................................................................................................................................................\|..\|........................................................................................................................................................................................................IPlMTqNWvNXxQ[{V`.al.mw.r{.y..}.............................}........~..........................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\officebk.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	6.848844782982406
Encrypted:	false
SSDEEP:	1536:Z4enzAvxpVCMBnKVUcgFs2YIpr5rmT3NNW2vVmOVtLbjBDz8c9ViTbOBy2BibkiJ:dzAxSMPbYIph8REOVtLbjBDziCSJ
MD5:	158890E34F2D83E614517B6C218D26DC
SHA1:	37797D6641E2D2EF302E4FC9BB7CCE04E794438C
SHA-256:	9AF173BFC52776D7B0CEAFD939830EC3291859A67191BDC379A25C3741751D9F
SHA-512:	37CC5F57BE9C2F668B0D46B7245CD762892B78A3ECFA961B14CBB9D79CD949999E6C6BFB52495607638CF28B21962C2FD07CCC467E4E50D01096ACD13E15D922
Malicious:	false
Preview:	.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\officedn.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	5.155084434728862
Encrypted:	false
SSDEEP:	768:HfM6JC7mH715YR7W6ZIt2zgyuYTWfe1oF45JA6XNsXkIcXAsXXJxdbGw5CJM78EY:bqxD4aymCZNUiVft
MD5:	D3095A6701F98544A56DE9C8438FEA4C
SHA1:	34AC016A39BD8AAA60CB80872B36C1E01618E7B6
SHA-256:	AC14B1E79754CE9A7E7BFF7E4ECA543EF6493A59EF06C8095C94B01DD90357D3
SHA-512:	380F5C5E5BDC0E6A897D575AAE0AF6695B56B3EEABC3063F83DF6EA8DCCB34C7C97DD6240AB7E7357ACFED3DAAFFCD3004FA3A16B57FF78A45CE0E7971A4F2AC
Malicious:	false
Preview:	............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\officeft.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	7.023621983419389
Encrypted:	false
SSDEEP:	3072:8KNwdJZmzKQuCXYl0z9aJGEgfuwu2asSSycH:8CWQjXYbgfuVnsSSycH
MD5:	4BD490B91CFAABAD052FA01441EB7C2C
SHA1:	10FE7C3245FA4F301E17392F9E9C74CD987FF6CF
SHA-256:	7724FFB9771F068BB2A849FB1A3CA640F025BDEB26356B935B6B2A0B5CCCB8D8
SHA-512:	0D76EE0A3941603EE4310907BC68C356AE61FB7704DA4398B2EBCF1826DA3709BA1E35770490A20F635E4DDD9D886872CC013D4E88BDE2C3CF215AAED0BBBE06
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\officelf.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	6.987515896285143
Encrypted:	false
SSDEEP:	3072:jDsa/7hJcHAxz3grpn6OKcMxIByWYeueAEpfdk1U/xr:nsGcHAxzlqrfW1U/d
MD5:	C10AB52D57501E4B6EF83B57241691CE
SHA1:	B1DE1F25E1987E0A141EA13B542582CE40C021A6
SHA-256:	C50568692007C1264639DC1A129EFC2A8527A27AF9A6FCCE90250735B2694757
SHA-512:	5F948C51581A74E7F7FC70BC3B5060BB7C17AD08CE0C36D2A31E802C05E725C733DA1B2F9A51CEF7C21D7A4E44168FB6DC21FD52CA393CE6FB7E8D9B7068F0CA
Malicious:	false
Preview:	..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\officert.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	6.4547930866659184
Encrypted:	false
SSDEEP:	3072:NsvIdFlRVx1GKvDUz8gI5oc2R+N0k8ERqow:TTPM38LH2R+N0k8ERq7
MD5:	153F744FE4573B04760716DF66172347
SHA1:	35AD4D72D0FBC02AF93442E5E7943265CC4C86B0
SHA-256:	EC65B70A19C523CF42A5F204C0625C62AA0F8A812467CA21DF028C7A18DB821C
SHA-512:	A3CD8B03A11C93C23974F9109C391FC38EEC8E60F127E6D6CAFA19E7B2F4595EA1021C35C8D9903159D26E9BEFE6E669E63187E3835582D22D1FBCFA93EDFE26
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\officeup.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	5.701754140787417
Encrypted:	false
SSDEEP:	3072:c+9z9vfHOBalELsvZkiJwdrwpcnEXyXdzIKwrt:PfuBaoEMUxUpK
MD5:	5E26B7B4A3121C7375B600699CACB15B
SHA1:	7486859BFF35FA7A354C8BF71C574E4BF52E6F12
SHA-256:	667293D38AAE61CDB5ADDFD7EEB54E61AFC6CD08F639D3C308CF93CDA4BD77B1
SHA-512:	81D4B989214E95D103BF4B655ABAA5D0FEC01763255E891C1FEE44B1D12149A6D71931E6818FD524D17DE28183FAFF2B1BE5099975ECAA9F6E96ABC4EC58C89B
Malicious:	false
Preview:	....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\snowbk.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 256 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	262188
Entropy (8bit):	6.016644942430302
Encrypted:	false
SSDEEP:	6144:zX4l5DDcaSTcJam+GjJAtRwvrfxptcvibEykFc+gAj+cG:LpaSoJ3+zu
MD5:	E3B761DCD5ABCBD4ADDD4E5E4CB587D3
SHA1:	B4C9C9BD2017C284008E31D8A83A448A63705236
SHA-256:	ED2CCB7F7D5BD7E2DEE1BD6ACA58D117C12473B94FD226F3C1E0C0E90A143127
SHA-512:	40D8F67465DEA99AF4F64E8EA4E44DA4D2C10966B5868943F6446463E76D0014C2377A5B84122916F9C9AB15E774C2DD05B04B955AAD04661D33BF75D80A4C0D
Malicious:	false
Preview:	................ .wD$.vB$.j7..k8..p<..Z'..W$..U"..U"..d/..k8..zF&.n;..i6..{G%.wC#.wC$.yD$.yE&.vC$.yD".zF%.\|I).}I).}I'.}I$.{G&.}H$.}I$.}I$.zF&.zE'.\|G&.\|H'.s>..t> .\|G%.zE$.{F$.}H#.}H$.\|G$.{F$.}H$.}I$.}I$.}I$.}I$.}I$.}I$.}H%.\|G%.zF&.\|H%.zE#.wC%.yD'.vA$.wB%.wB#.t?!.L...A...S ..M...$..\(..Y%..H...Y%..$..\)..^,..vC&.m9..d0.._..c/..a-..o<..n:..t? .}I%.\|G&.zE(.{F(.}I%.\|H&.{F(.\|G(.\|H'.}I&.{G(.{F).\|G).yE'.s?!.u@#.u@#.{G'.{G&.{G&.yE'.zF%.yE&.{G'.}H$.zF(.zF(.yE'.yE%.xC$.o:..u@!.\|G&.}I%.~J$.~J%.~J%.~J%.~J&.~K(.~J&.}J&.{I+.}J..}K..}K..}K..}K..}K..\|K..{J-.}K..}K..\|J..{J-.\|K..\|K..}K,.~K&.~K&.~K&.~K'.}J&.}K(.{I.yG.yG.tB%.q?#.vE(.p>".h5.._...S#..b...j8..xG).vD&.e3..Z(..o= .vD'.a/..b0..{I..M..g5..P ..X'..i8..q?#.K...Q#..P!..S#..m<!.l; .W&..Z)..X'..o>".{J..tC'.c2.._/..d3..]-.._0..i8..o?$.d4..c2..vF).~L-..O+..O-.}M/.}L/.~M0.}L/.~M0.~M0.~M0.}L/..O...O,..O/.}M0.vF.yH,.}M0..O1..P...P/..P1..P1..P0..P1..Q3..Q3..Q1..Q0..Q2..Q3.~P2.}M1.}M1.wH,.e5..d4..^0..b2..m>#.o?$.o?%.\|M1..P4..Q5.~P4.yK...P4.}M2..Q5..S

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\snowdn.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 256 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	262188
Entropy (8bit):	5.825398721845633
Encrypted:	false
SSDEEP:	3072:UtN7xu2ZNHmgAkrUol5E1926Bl0A9S85paCZcqKL:UtN7xuWHFAkrbY192olB9S85paCZcqW
MD5:	7FB2406388B3670069A5A8BF17477B73
SHA1:	1101D9433E7A8816AAB1D8698EC43678349E994C
SHA-256:	4788139489DA1640EF18C317A57B8D69A28BAE6B372D233A85C5018D46B3E958
SHA-512:	9F6E8212CD16F88A86E17B4B39E8857232D09FD7802207D6A8178BD6DAE5389F2DC7ADB9301F8F3D82E3905726AD4F6191AEC05EC815C5DA60F1A251BD15B40F
Malicious:	false
Preview:	................ .}H(.vC$.p;..j6..r=..s>..q=..\|G&.vB".`...$..a,..c...X#..Q...^)..o;..i6..T!..$..^..g4..k8..[(..o;..yE%.yE%.zF&.vC$.vB#.{F&.t@!.xC#.vC$.zF$.}H$.~H$.~H$.~H%.~H%.\|G$.{F#.~H%.~I&.}H&.}H%.\|G'.{G(.zF(.}I).~I'.~I%.~I%.~I%.}I%.\|G%.\|G%.~H%.~I%.zE#.vB".{F$.~I%.~I&.yE&.vC%.yE(.xE'.zF).vC&.s@#.tA$.uB%.s@#.o<..k8..h4..a/..W#..Q...P...Q...R...c/..uA%.r?#.j8..j8..uA$.i7..X$..V"..N...L...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...L...K...K...L...L...L...L...L...L...L...L...M...M...M...M...M...L...M...L...L...L...L...L...L...L...L...L...L...L...L...L...L...L...L...L...K...I...a...}I(.~I(.~J).~J+.~J,.}J,.}J,.}J,.}J,.}J,.}J,.}J,.}J+.}J+.~J(.~J&.~J&..J%.~J&..J%..J%.~J(.}I+.}I+.~J).~J.}J,.~J,.}I,.\|J,.}J,.{H+.vC&.k9..uB%.}I,.~J+.~J).}J,.\|I+.~J,.\|H+.xE(.{G.{H+.\|I,.{G+.vD'.vE(.{H+.\|I,.}J,.}K-.}J,.\|I,.zG.\|I,.\|J,.\|I,.\|I,.~K-.~K-.~K-.~K-.~K,..K+..K(..K(..K(..K'..K'..K(..L(..L.~L,.~L...L-..L,..K+..K.~K+.~K,..L..L)..L..L+..L,.zG).zG).yF(.zG).yF

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\snowft.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 256 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	262188
Entropy (8bit):	5.685127062252439
Encrypted:	false
SSDEEP:	6144:SEKH5wNnpuaQF1XYg9rshrpfDsBXe8LMP9Ab:SEKH52npuaQF1Ig9rshrpfDsBXbLMP9K
MD5:	BA4384538926C7F7C4F979C104142E8E
SHA1:	2C1379D3C5AB0490E650B489A91CA889B8D76414
SHA-256:	7BB8519A6BEACC32EDE2DDBCB18A100D5BB43A37041DF6F67862212E7A99C655
SHA-512:	003D9019CE1649D3E9C0863B45C1232CD2DB3894B3303E5B5020A54346D2873B41639C10C7D5F37A9F7DDB3E77DD3335AD01190EFD635E6FB27E7237B93C1EE6
Malicious:	false
Preview:	................ ..iU..t`..wc..wc..wd..xd..xf..xf..wd..wc..xd..yf..yf..xf..xd..wd..wc..wc..vb..ua..t`..t`..r]..q\..s_..t_..s^..mX..lW..r^..gQ..[E..iU..jV..gQ..o[..ua..s_..r]..q]..m[..[F.uO9..[F..bM..bM..fS..r^..xf..ua..q^..vc..xd..xf..wd..vc..t`..p\..xd..yf..wd..s_..mY..q]..p\..s^..ua..t`..t`..ua..ua..ua..t`..ta..r^..oY..q\..s_..s_..s_..t`..r^..q]..q]..t_..ua..t`..o[..q]..ua..ua..ua..ta..t`..u`..u`..t`..va..va..ua..ua..t`..ua..vb..wc..ua..r^..t`..ua..vb..wc..wc..wc..vb..ua..s^..q\..p[..lV..kV..kV..oY..oY..oY..p\..r^..r^..]G.tM7..p\..xf..xd..xf..xf..yg..\|i..{i..{i..{i..{i..yg..xd..xd..xf..\|j..}j..~k..}j..}j..~j..~k..}j..}j..}j..~k..~k..~k..~k...l...n...n...n...q...n...m...m...n...k..{i...k...n...q...q...q...l...l...m...k...k...k...l...m...m...m...q...k..ub..yf...j..wb..w`..u_..jT..jQ..eJ.._C..]@..T6..U5..S2..Q0..P1..P0..Q/..P/..P/..P/..P/..P-..P-..P-..P-..P,..P-..P-..P,..O-..O-..O,..O+..O+..O+..N+..N..N..N..N..N..N..N*..N,..N-..N...N0..N1..N/..N/..N/..N,..N/..N1..N1.\|L0.\|L1.\|L0.\|M

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\snowlf.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 256 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	262188
Entropy (8bit):	6.011860927030211
Encrypted:	false
SSDEEP:	3072:fM5uNrzcbdkkKr1T56rWJewiZ5EFyXxQRfn+N5kBDotp0kPubMKxnnBbu:fM5uNnGdkb5/ow6ODotpRPubMKxnZu
MD5:	A1F15E24709610696908DDDC60B52389
SHA1:	2D5EB0AF6AF6905B177954D8C83A74BF6152C5C7
SHA-256:	BC17E23DD1F490782030DA54113815A3AB043CB5A37263754F40FDDF4D336A3C
SHA-512:	3392686A1BF367121D62B2B8A71F4B955C74C8B58E60BE9E25DF2052C66A2346E4B7FC4E37B904FD3E0E8FFAF1242D80C2817B0C1C74E4E4C661D978C4C8C22F
Malicious:	false
Preview:	................ .~L..}J-.\|I,.}J,.}H(.yE$.r?!.uC&.zG(.p=!.q>".\|I+.}I+.~J,.zG).tB%.zG).~J,..L,..L+..L,..L+..L)..L(..L)..L,..L-..L,..L)..L(..K'..K'..K'..K(..K(..K)..K,.~K..~K-.~K-.~K-.}K-.}K-.yE).wD'.{G.{G.\|H,.}I,.}J,.}J,.\|H+.}I,.}J,.}I+.}I,.}J,.}J,.}I,.yE(.\|H+.}J,.}I,.\|H+.}I+.~J,.yE(.e2..e1..r@#.yE(.{G.}I,.}J,.}J,.~J+.~J).~J(.}I+.}J+.~J)..J'..J%..J&..J'.~J&.~J&.~J(.~J,.}J,.}J,.}J,.}J,.}J,.}J,.}J,.~J+.~J.~J).}I).}I(.t@!.R...L...M...M...M...M...M...M...M...M...M...M...M...M...M...M...N...N...N...N...N...N...N...N...N...N...N...N...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...L...M...M...M...M...L...M...M...M...M...M...M...M...M...M...M...M...M...M...N...Q...T .._..`,..\'..o;..r?".d0..Y%..Z&..Y%..\(..\(..h4..l8..n:..s?".{F).{G.\|G.{G).wC&.r?".r?".r>!.uB$.{F).}I.}I(.~I$.~I$.}H#.~H#.}H$.}G%.}H%.}H%.}H%.~H%.~I$.~I$.}G%.vB#.wC%.{E'.\|F%.yC".yC".yC".t@..{E#.wC".t?..s?..}G$.}G#.}H$.~I%.\|F#.wB".{F%.yD$.vB#.zE$.}G%.vB#.uA".r=..g3..j6..h4..e0..f2..`+..X#..Z&..X$..Q...N...P...W$

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\snowrt.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 256 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	262188
Entropy (8bit):	5.857870558364159
Encrypted:	false
SSDEEP:	3072:E1e1Z51R0yACrC33bI0a27KmkU8m+YNVNNndkdVCyE+7yMGTo97TaYuQTp2TCTU2:F0ywkU8m+YNVNNnOjLE+TE+
MD5:	23FFCC5D46EBD180E1AB4DAE36E0EFE0
SHA1:	4612BEC6D17B747D3AEDB1818A2C1BF3778F5B29
SHA-256:	62A6190EE6356829960B84838845FEC7445C4166DA4F5275720B099A88B3E5C2
SHA-512:	59CE4724AD969C993A2795FA58053F0A7D8D85FCAAA03639EAC214210EEBFD0BF6CC3E73C2A39CD144C54AD4FB476371B396081DAE5BA235D3C0117370711FD2
Malicious:	false
Preview:	................ ..V5..W6..V7..V6..W5..W7..V8..V8..W6..W8..W8..W8..W6..W7..W8..X8..X5..W4..W4..X4..X5..W5..T5.~O2..Q4..T7..U8..V9..V8..X9..X8..X8..X9..X:..W9..V:..V9..W:..X<..Y<..X<..X<..X<..W:..X<..X<..X<..W:..V:..U9..U9..T7..S6.\|N3..V:..X<..X<..W<..W<..X=..W:..V9..U8..U9..U8..U9..U9..W9..W:..X<..X=..W<..V:..W:..W:..W:..V:..X<..X<..X<..X<..X<..X<..X:..Y9..Y8..Y7..Y8..Y8..Z7..Y7..Z7..Z9..Z=..Z=..Z:..Z9..Z8..[:..[=..Z?..[?..[>..[>..Z?..Z@..[@..[@..[@..[@..[@..[@..Z?..Z?..Y>..W=..X=.yM3.nC+.}Q6..X<..Y>..X>..V:.{N5.{O5..V<..]C..\A..X>.}Q6..T8.zN4.yM3..Z?..[@..\A..^C..]C..Y?..[A..[A..]B..\C..]A..]B..^D..^D..^D.._D.._D.._D.._C.._D.._D.._D.._D.._D.._D.._D..`E..aG..eJ..jP..lT..qX..t]..wa..xa..yb..zd..~h...i...i..}g..}g..zc..{f..~g..~h..~h..~h..}f..{f..{f..}g..{f..yb..xa..wa..v`..u_..v`..xa..v`..t^..v`..wa..wa..xa..xb..wa..wa..v`..xa..va..v`..v`..xa..xa..wa..wa..v`..wa..v`..v`..v`..v`..va..wa..w`..t^..u_..v`..v`..v`..v`..t^..q[..oX..s]..t^..u_..u_..v_..v_..v_..v`..v`..u^..s]..t^..u_..u_..u^..u

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\snowup.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 256 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	262188
Entropy (8bit):	5.697701688727435
Encrypted:	false
SSDEEP:	3072:hkc6l6tz8EkEFVmc5lhybqUoWpg3wHiQdJsYo8MN:hF85usCl8ho4CQjK
MD5:	1AC2D962C4A49D7DF0707CE1FDB5DAD9
SHA1:	97DBCC9906CA69225EA00D76259938F33DEB4B02
SHA-256:	2B3707D73E7656DF46DFE0DCFED8F88FF9BE17C17EA97791E753CB4AE7554972
SHA-512:	2E1C7BBCEDC9799F6FC5EA2E6D600409FFB827D0F6C91EB0FD8796DD330DA5248F92FF8925ADED25273194FE9D30B68AB2006F65E3459EDD435FD5F584A232BA
Malicious:	false
Preview:	................ ...............................................................................................................................................................................................................................................................................................................................................................................................................................................................~...~...}...}...}...\|...\|...\|...{...{...{...z...z...z...x...x...x...w...w...w...v...v...v...u...u...u...u...t...t...t...r...r...r...r...q...q...q...q...q...p...p...p..~n..~n..~n..~n..~n..~m..~m..~m..~m..}l..}l..}l..}l..}l..}l..}k..\|k..\|k..\|k..\|k..\|k..\|j..{j..{j..{j..{j..{j..{j..{j..{j..zj..zj..zj..zj..zj..zj..zi..zi..yi..yi..yi..yi..yi..yi..yi..yi..yg..yg..yg..yg..yg..yg..yg..xg..xg..xg..xg..xg..xg..xg..xg..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..xf..x

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\trainyardbk.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	7.167912041375382
Encrypted:	false
SSDEEP:	3072:jeFQCXSsBpWrULkse/UjVZGwOjn7S1oiu33EJ:jeFQwBp8ULksHVZ9Oay3G
MD5:	8DB4624B4BC2B0580C237B67AD7FE9E1
SHA1:	4391774A69CF39025AE0ED459DE0335AA0F90A87
SHA-256:	DE14299018FE95CE773EE8E0B3B6654952E919519E4CE110C445C0BA5CF28F73
SHA-512:	999956C121C56417191DF9034BA135074DB8A8043947EAF2E21EF21FFB123623AB3E32C6DD877D1D7F80FA7CE32FA99CB9057D5EE1D12F51A41B279BCDA8385C
Malicious:	false
Preview:	...................T..S..S..S..S..R..S..R..S..S..S..R..S..R..R..R..R..R..R..R..R..Q..R..Q..R..Q..R..Q..R..Q..Q..Q..Q..P..Q..Q..Q..P..Q..P..Q..P..Q..P..Q..P..P..P..P..O..P..P..P..O..P..O..P..O..P..O..P..O..O..O..O..N..O..O..O..N..O..N..O..N..O..N..O..N..N..N..N..N..N..N..N..M..N..M..N..N..N..M..N..M..M..M..N..M..M..M..N..M..M..M..M..M..M..M..N..M..M..M..M..M..M..M..M..M..M..M..M..M..M..M..M..M..L..M..M..L..M..M..M..L..M..L..M..M..M..M..M..M..L..M..M..L..M..M..M..M..M..M..M..M..M..M..N..M..M..M..N..M..M..M..N..M..M..M..N..N..N..M..N..N..M..N..N..M..N..N..N..N..N..N..N..N..O..N..O..N..N..N..O..N..O..O..O..N..O..O..O..O..O..O..P..O..O..O..P..O..P..P..P..O..P..P..P..P..P..P..Q..P..P..P..Q..P..Q..Q..Q..P..Q..Q..Q..Q..Q..Q..R..Q..Q..Q..R..Q..R..R..R..R..R..R..R..R..S..R..S..R..R..R.S..S.S..S..S..S..S..R..S..S..R..S..R..S..R..S..R..R..R..R..R..R..R..Q..R..Q..Q..Q..Q..R..Q..R..Q..Q..Q..Q..Q..Q..Q..P..Q..P..P..P..P..P..P..Q..P..P..P..P..P..P..P..O..P..O..O..O..O..O..O..P..O..O..O..O..O..O..O.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\trainyarddn.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	6.530837244200231
Encrypted:	false
SSDEEP:	3072:xx3N458z6dbQLjGBabwcE73picuSkBM7K26xZ:xKBabwcE7Q26xZ
MD5:	053013FB944D3FCCB2DCF9E2FB586087
SHA1:	CBE5DC5813B0818EC25022ABBEC33B7EDFA2C3A2
SHA-256:	E7E14C3A177B0F61D1AEE67E8C3D62E4BE827582EFF9B857C79EB4DB1EF56DE3
SHA-512:	79F972CA4FACA69047C23451765B875061B1735E264550828825BAA2260CD43815C20F6FCF74FDB72C03E5B5B41E3E8484338095315DF0F71C199B0B75BDF283
Malicious:	false
Preview:	....................N..O..N..O..O..O..O..O..O..O..O..O..O..O..O..O..O..O..O..O..O..O..O..P..O..O..O..O..O..O..O..O..O..P..O..O..P..O..O..P..P..O..O..P..O..P..P..P..O..P..O..P..P..P..P..P..P..P..P.P..P.P.P.P..P.Q.P.P.Q.P.P.Q.Q.P.P.Q.Q.Q.Q.Q.P.Q.Q.Q.Q.Q.Q.R.Q.Q.Q.R.Q.R.R.R.Q.R.Q.R.R.R.R.S.R.R.R.R.R.S.S.S.R.S.R.S.S.S.S.T.S.S.S.S.S.T.T.T.S.T.T.T.T.T.T.U.T.T.T.U.U.U.U.U.U.U.U.U.V.U.U.V.V.U.V.V.V.V.V.V.V.W.V.W.W.W.W.X.W.W.W.X.W.X.X.X.X.X.X.X.Y.X.X.Y.Y.Y.Y.Y.Y.Z.Z.Z.Y.Z.Z.Z.[.Z.Z.[.[.[.[.[.[.\.\.\.[.\.\.\.].\.\.].].].].^.^.^.^.^.^._.^._._._._.`.`._.`.`.`.a.a.a.`.a.a.a.b.b.b.c.b.b.b.c.c.c.c.d..O..O..O..N..O..O..O..N..O..O..O..O..N..O..O..O..O..O..O..O..O..O..O..O..O..P..O..O..O..O..O..P..O..O..O..O..P..O..P..O..O..P..O..P..O..O..O..P..P..O..P..O..P..P..P..O..P.P..P.P..P..P..P.Q.P.P.P.P.Q.P.Q.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\trainyardft.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	6.72338992684192
Encrypted:	false
SSDEEP:	6144:dR/cEKzdlqlKj4hOuUgv2tui9N3eneQ1m9XvyvcHs6Z:dR/cEPlKj4hOu2218XE6Z
MD5:	6413DC4DE180BEF9137F4A74AF1B383E
SHA1:	E15BB88C540367D7FD1AFEA4B753537CD76719A1
SHA-256:	A747C6A219F1E01066EB98C726BE784C6EF3697313869C513378401E64F66AF9
SHA-512:	484E9451C5AC99F4400C6B946A0C65DAAA1B416F9675808CAFDCD23CF3B2016E6239D9DE2321285C52E7819F123C68A6A4CCADB5C09C95DC090B534729FA8822
Malicious:	false
Preview:	...................p.o.o.p.p.o.p.p.p.p.p.p.q.p.p.p.q.p.q.q.q.q.q.q.q.q.r.q.r.r.q.r.r.r.r.r.s.r.s.r.s.s.s.s.t.s.s.s.t.s.t.t.t.t.t.t.u.u.u.u.u.u.u.u.v.u.u.v.v.u.v.v.v.v.w.v.w.v.v.w.w.w.w.w.x.w.x.w.x.x.x.x.x.x.x.x.y.x.x.y.y.x.y.y.y.y.y.y.z.y.y.y.z.y.y.z.z.y.z.z.z.z.z.z.z.z.z.z.z.z.z.z.z.z.z.z.z.z.{.z.{.z.z.z.{.z.z.z.z.z.z.z.z.z.z.z.z.z.y.z.z.y.z.z.z.y.z.y.z.y.z.y.z.y.x.y.y.x.y.y.y.x.x.x.x.x.x.x.x.x.w.w.x.w.w.w.x.w.w.w.w.w.w.w.w.v.v.v.w.v.v.v.v.u.v.u.v.v.v.u.v.u.u.u.u.t.u.u.u.t.t.t.t.t.t.t.t.t.s.s.t.s.s.s.t.s.s.s.s.s.s.s.s.s.r.r.p.o.p.p.p.p.p.p.q.p.p.q.p.q.q.q.q.q.q.q.q.q.r.q.r.r.r.r.r.r.r.s.s.r.s.r.s.s.s.s.t.s.s.t.s.t.t.t.t.t.u.t.t.t.u.t.u.u.u.u.u.v.v.v.v.v.v.v.v.v.w.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\trainyardlf.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	7.210953674384315
Encrypted:	false
SSDEEP:	3072:1zTCLVCFCbLHk4xUHWrhBWgnggg6NsiYyNIeOOeMkaGi/v1:1zTCLV4KcWrhC+IPOeMkiV
MD5:	5D5F0D4EC1E393614F0F8EE548B984FB
SHA1:	E03AD3D03E2D6D5F7D74A7EDC4B8885777AC3199
SHA-256:	091400DBF14CB1D933A1C9238B17F227C9468F4CD6002107595025FBE43CDED2
SHA-512:	25D6290C9482FF0970AD0B40D0CBD7B0989507F56DF21D12B017C85BFEF0DF7EB77E57F6DE65E3957F846552619E3F0E1A4B74E29CE487FC90F4060F8AFA1ADC
Malicious:	false
Preview:	...................s.r.r.r.r.q.q.q.q.p.p.p.p.o.n.n.o.n.n.n.m.m.m.l.l.l.l.k.k.k.j.j.j.i.i.i.i.h.h.h.h.g.h.g.g.f.f.f.f.e.e.e.e.d.d.d.d.d.d.c.c.b.b.b.b.a.a.a.a.a.a.`.`.`.`._.`._._._._.^.^.^.^.].^.].^.].].].].\.\.\.\.[.\.\.\.[.[.[.[.[.[.Z.[.Z.Z.Z.Z.Y.Y.Z.Z.Y.Y.Y.Y.Y.Y.X.Y.X.X.X.X.W.X.X.X.W.W.W.W.W.W.W.W.W.V.V.W.V.V.V.V.V.V.V.V.V.V.V.V.U.U.U.V.U.U.U.U.U.U.U.U.U.U.U.U.U.T.T.U.T.T.T.U.T.T.T.T.T.T.T.T.T.S.T.T.S.T.T.T.S.T.S.T.T.T.S.T.S.S.S.T.S.S.S.T.S.S.S.S.S.T.S.T.S.S.S.S.S.S.S.S.S.S.S.S.S.S.S.T.S..S.S.S..S.S.S.S..S.S..S.S..S.S..S.T..S..S..S.s.s.s.r.r.r.r.q.q.q.p.p.o.p.o.o.o.n.n.n.m.m.m.l.m.l.k.l.k.k.k.k.j.j.j.i.i.i.i.h.h.h.g.g.f.g.f.g.f.e.f.e.e.e.e.d.d.d.c.c.c.c.c.c.b.b.b.a.a.a.a.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\trainyardrt.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	7.234827047035447
Encrypted:	false
SSDEEP:	3072:9jAPgRxL4T8kk7fplEaGMskmgk0m8wkkkGvk1Gj6SydsarZLlMH8l7eOlj4XIL2O:tPL4qBGj6SydsMLYOeO+3A
MD5:	702A8FCA4D6E6FCBD6FD9767416C8E41
SHA1:	4735824E5C708A12864E706ADF56901ABD49CCAE
SHA-256:	D14A450CB414880CDA6A6A10DB74C3E61390496D35708CA419DF1523492B439A
SHA-512:	71E03C5CEF5D83BA476CF23589D62D8FFB53ADC144F8F893B51DE2A24B9848CF2FE0F913D60CE46FA7BB161AA89B72A2AFCAB5C42E72E28F034147527613A4D1
Malicious:	false
Preview:	....................S..R..R..S..S..R..S..R..S..S..S..R..S..R..R..R..S..R..R..S..S..R..S..R..S..S..S..R.S..R..R..R.S..R..R.S.S..R.S.R.S.S.S.R.S.S.R.S.S.R.S.S.S.S.S.S.S.S.S.S.T.S.S.S.T.S.S.S.T.S.S.S.T.T.T.S.T.T.S.T.T.S.T.T.T.T.T.T.T.T.U.T.U.T.T.T.U.T.U.U.U.U.U.U.U.U.V.U.V.U.U.U.V.U.V.V.V.V.V.V.W.W.W.V.W.W.V.W.W.W.W.X.X.W.X.X.X.X.X.X.Y.X.X.X.Y.X.Y.Y.Z.Y.Z.Y.Z.Z.Z.Z.[.Z.Z.Z.[.[.[.[.\.[.\.\.\.\.].\.].].\.].^.].^.^.^.^.^.^._._._._.`._._.`.a.`.a.a.a.a.a.a.b.b.c.b.c.c.c.c.d.c.d.d.e.d.e.e.f.f.f.f.g.f.f.g.h.g.h.h.i.h.i.i.j.j.j.j.k.k.j.k.l.k.l.l.m.l.m.m.n.n.n.n.o.o.o.o..S..R..S..R..S..S..S..R..S..S..R..S..R..S..S..S..S..R..S..R..S..R..S..R..S..S..R..S..R.S..S.S.S..R.S..R.S.S.S.R.S.S.R.S.R.S.S.S.S.S.S.S.S.S.S.S.S.S.S.S.S.S.S.T.S.S.T.S.S.S.T.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\env\trainyardup.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 256 x 256 x 24
Category:	dropped
Size (bytes):	196652
Entropy (8bit):	7.365578071298529
Encrypted:	false
SSDEEP:	3072:DNuNnSO5CiCPJ6ibWJAncS6tDb0Or4LHXSevIpI7HjrF:DNASO5CiCh6vSnl2b0O+3SegQDrF
MD5:	CE928E8EBB03D6F48D6D6E614AF6D4E2
SHA1:	EBF9B9CAF8907958E2E5ED969E0D72E5FCB62BAC
SHA-256:	57CBBCFE8545304097991E4CAB44B0502C3EBBB45AB0DF0EC28CABA24906515A
SHA-512:	B5DF5323283DED5E0DAF5ED211C9E7D342842960C268BD8DA4E147A0D07E6953CDBF0BFE84722FA317070605C4C9BC615CE06DF245CCF74A3275942A0A0B3816
Malicious:	false
Preview:	...................kQ.jQ.jQ.jQ.lT.qZ.s[.oW.u_.yd.\|h..o..l.{g.xc.u_.oW.iQ.oW.ua.u`.t_.xd.~k..s..t..r..q..s..q.~k.{g.\|i..o..n..m.\|i.\|i..m..n.{h.mW.hP.fN.fN.fN.fN.fM.eM.eM.iR.mX.lV.jT.kV.p[.r^.r^.p[.jU.fO.dN.dM.dM.dM.dM.dM.eN.jT.nZ.nY.kU.hQ.dM.dL.dM.dL.cL.cL.cL.cL.cL.dM.eO.dN.fQ.q].zh..p..w..t.}k.wd.s_.kV.dM.cL.eO.hR.iT.iU.dN.cL.cM.fP.gQ.fP.hR.hR.fP.cL.cM.cM.cM.cM.cM.cM.cM.cM.cM.cL.fQ.xg.r_.kW.o\.q^.ub.xe.{k.}l.\|j.\|k.\|k.}l.\|k.zi..p..s..v..\|....................}............................................................{..v..v............................................................................................................................................................................................jQ.jQ.jQ.jQ.mT.qY.r\.qY.r\.ua.xc.yd.{g.}i.zf.t^.kS.gN.iP.oY.qZ.oX.t_.\|h..n..u..q..m..l..o..s..q..n..r..s..r..n.}j..m..p.}j.nW.fO.fN.fN.fO.gO.fN.eM.fO.lV.mW.oZ.q].r^.t`.ua.s^.p[.hQ.dM.dM.dM.dM.dM.dM.dM.dL.dM.fO.gP.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\palette.lmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	768
Entropy (8bit):	5.498193754851222
Encrypted:	false
SSDEEP:	6:ea2NCKmlaiuly62lKS+liqGHQ+U/ZOU6jbtzokuI0zoWP:75KSaiqy6CKSaiqGHrUZVJYWP
MD5:	5FB93560C8AE637BA463D084B0EC505E
SHA1:	1B2A6A5BB0A579B0F3DF9CB6C6152A9C65CB9E62
SHA-256:	036B7EA3C8C03BE214BB7D22B8D63AC27F63D547E42CA677FEF344DDC780961E
SHA-512:	0883834F1150791B4E060E080E7A07EEB60310B88E0334DB094C64AF5F5B147EBD51CB1E3BAA514EA53D286DF9876DF86D7D463C7E2675C14A5050D0BE4003A9
Malicious:	false
Preview:	.........///???KKK[[[kkk{{{..............................'../#.7+.?/.K7.S;.[C.cK.kS.sW.{_#.g#.o#........'''3//?77K??WGGgOOs[[.cc.kk.ss.{{......................##.++.//.77.??.GG.KK.SS.[[.cc.kk.............'../..7..?..G..O..W.._..g..o..w...........##./+.7/.C7.K;.WC._G.kK.wS..W..[.._..c..g##../..;..K#.W+.c/.s7#.;+.C3.O3.c/.w/.+.'............+#.7+.G3.S7#c?+oG3.S?._G.kS.{_..k.{..........s..g{.[owSckKW_?KW7CK/7C'/7.#+..#.........s..k.._..Ww.Ok.K_sCSk;K_3?S+7G#+;.#/..#....................{.{o.o_{cSkWG_K;S?3C3'7+.'........o.{g{o_sgWk_OcWG[O?SG7K?/C7+;/#3'.+..#...............................s.{c.kS.[G.K7.;+.+....................##.++.//.//.//.//o//_++O##?../......+..;..K.._..o.........'..3..K..c+..;.O._.w...{;..7..7..W.........g.......................[S

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\shell\kb_act.lst

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2556
Entropy (8bit):	4.894088170484464
Encrypted:	false
SSDEEP:	48:er5h1npbPq7aDMCJTH7j/zX8wfxGctROeSrr5BYKz04Pm08BMGi/GmjDtQoEMA8a:er5h13JLPImtRvSrr5BYKz04PmNyG0da
MD5:	E303585ED99D60B0E989AEA2926F7046
SHA1:	A46748AF19363165331C970B6C3507C486CA9A97
SHA-256:	DBE5839C16DD01FF257C6296F996B5225E267A3880D27913B3A1E901A576F641
SHA-512:	936FB79EDA9E1CAC2469E4AD42CE75F2E8332D387D07A0BAB0DE25C73218E5AD9F1248EDF5FB30BB08AEBB5B818166B0A12ACD80881434CB72EF2B200F3CFCAA
Malicious:	false
Preview:	"blank"..."==========================".."blank"..."#Valve_Movement_Title".."blank"..."==========================".."+forward".."#Valve_Move_Forward".."+back"..."#Valve_Move_Back".."+left"..."#Valve_Turn_Left".."+right".."#Valve_Turn_Right".."+moveleft".."#Valve_Move_Left".."+moveright"."#Valve_Move_Right".."+speed" "#Valve_Walk".."+jump"..."#Valve_Jump".."+duck"..."#Valve_Duck".."+moveup".."#Valve_Swim_Up".."+movedown".."#Valve_Swim_Down".."+lookup".."#Valve_Look_Up".."+lookdown".."#Valve_Look_Down".."centerview"."#Cstrike_Reset_View".."+strafe".."#Valve_Strafe_Modifier".."+mlook".."#Cstrike_Mouse_Look".."+klook".."#Cstrike_Keyboard_Look".."blank"..."==========================".."blank"..."#Valve_Communication_Title".."blank"..."==========================".."+voicerecord"."#Valve_Use_Voice_Communication".."radio1".."#Cstrike_Standard_Radio".."radio2".."#Cstrike_Group_Radio".."radio3".."#Cstrike_Report_Radio".."+commandmenu"."#Valve_Activate_In_Game_GUI".."messagemode"."#Valve_Ch

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\shell\kb_def.lst

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	4.599536485043134
Encrypted:	false
SSDEEP:	24:YaxbVbXJGkgFRcYGxQNXVqQK6NP/gnohRdjPgoRVnmvsjfyOeCeXy:VpTYOuDrndjPgxsmLPXy
MD5:	0A3E1F894EB63D3B14F3B26857348465
SHA1:	41341137B2CEDA51DD5A69AA4EAE8872208C1ED1
SHA-256:	D3F0D5E53698DE7CE8D51A89B0094EF2167ACF0214E3473980082B481E8E99E3
SHA-512:	B76B3C773D287F5FA3B2CFCFB9BDD70E2A7E8A5961E9EB282734A723796DE23381AB3C931005D872BC58D0C4B0AD2B2A50E6C35A57B79377A87416A016B548ED
Malicious:	false
Preview:	"h"...."+commandmenu".."k"...."+voicerecord".."b"...."buy"..","...."buyammo1".."."...."buyammo2".."o"...."buyequip".."F1"..."autobuy".."F2"..."rebuy".."m"...."chooseteam".."z"...."radio1".."x"...."radio2".."c"...."radio3".."g"...."drop".."n"...."nightvision".."w"...."+forward".."UPARROW".."+forward".."s"...."+back".."DOWNARROW".."+back".."LEFTARROW".."+left".."RIGHTARROW"."+right".."a"...."+moveleft".."d"...."+moveright".."SPACE"..."+jump".."CTRL"..."+duck".."j"..."cheer".."TAB"..."+showscores".."l"...."showbriefing".."e"...."+use".."'"...."+moveup".."/"...."+movedown".."PGUP"..."+lookup".."PGDN"..."+lookdown".."END"..."centerview".."ALT"..."+strafe".."INS"..."+klook"..";"...."+mlook".."r"...."+reload".."SHIFT"..."+speed".."MOUSE1".."+attack".."ENTER"..."+attack".."MOUSE2".."+attack2".."\\"..."+attack2".."f"...."impulse 100".."t"...."impulse 201".."1"...."slot1".."2"...."slot2".."3"...."slot3".."4"...."slot4".."5"...."slot5".."6"...."slot6".."7"...."slot7".."8"...."slot8".."9"...."slot

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\kevlar.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	3.0302839737134035
Encrypted:	false
SSDEEP:	768:Cb0btaFam90wNbLIwHPv78P8gBiOptiZm8mc:Gat/LwFLDGMZm8D
MD5:	3A0EE184782F3BAB5F604DD55F5B011F
SHA1:	AF87160BF8B136DA3243B89F4C8197614D6824B1
SHA-256:	60FE19C7F1E2929356C9D26987E2EBD9878456C0797DB579E3E56D4501C0B05C
SHA-512:	E183FE6279E05AA539A43CE63CB06988EA6CC647671BBEFB37E4D3D7C7A5F3E438079F18A55148D450A22EBB880E80A619779AC45208D0C5E1EF6A42B2C17FDF
Malicious:	false
Preview:	................ .\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\kevlar_helmet.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	3.8759760302007775
Encrypted:	false
SSDEEP:	768:Cb0btaDH/MS5SoP+9miwIfhvO8v3C5o2NvOpDA4cZUnFb57yo8mR:Gato/7SE+9kqY59NpO557z82
MD5:	31D80CDC3818EEAFD3CA28D5FCD336EE
SHA1:	4EF5B5F7EA3B5FF74978A247386111210E5E3F6C
SHA-256:	9965F2A662F293CDF978DF9346B611C38CEBB22E7612206516141D85B459B711
SHA-512:	37EB6AE89C5DFC4C2F1A2E5B8638544546CA8EB94742AFC6B35F0A000605F6BCEEF860AE0A257DDBB2E9687CF12893B9979D279E7534E00970F4A9FAF8B2264A
Malicious:	false
Preview:	................ .\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\\.\\

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\leet.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 196 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	200748
Entropy (8bit):	2.134995426057274
Encrypted:	false
SSDEEP:	768:3U7PU3/lGVoj+REEK3yvZ9yph4kdlD8rAg7NrGOzdXq3rWciVNCFJE:qP2/4yESQnq1RmB7pPzdXq3rWrVeE
MD5:	7EBCFFCEB5275F542E60181918A7EF7E
SHA1:	D7C2DC98F60EF6D799DA0B986B7F815C9EC60293
SHA-256:	80D70B89707CCBEDAF32D3EFE0C9E4C696D03385CFD1AC8488CE053E87ACABFF
SHA-512:	A4DF565180A674636FBD92517CF2756D08E8245574E02A0DAE6C956B080028E19FA04F1C26A84658491A77F493120BD741AE8089DC76B1EFD7B91F23E087CDFF
Malicious:	false
Preview:	................ ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................'7...+jv.+jp..LX../:..%...!+...+...)...+..",..$,..$-..$...%0..(2..%2..#...",.. +..$...*8..2F..?W..0F..0J..9P..0?...................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\m249.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	3.731946088091431
Encrypted:	false
SSDEEP:	1536:sOobegnuAwPyYyyOe6jRnQ5LI+Tim0UznZwe:Q5wceuQ5v085
MD5:	8D281C8B89967D9809364A32113BA452
SHA1:	F1A710AE5FF66E12841BED781C49CB941799FFD0
SHA-256:	C70FFC3975E30A5B358F90B1C16ACFDAE520F52C2535B1493623E37B71AA5007
SHA-512:	4C6F296FE7DDB72B888BDFE403FEBD450F69D04AD95FD54AA1860B32692D6DFF78F390C2E359E97A7824DE62459C6D7B9542B5078CAB452408E27EBE94C7442E
Malicious:	false
Preview:	................ ..d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\m3.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 64 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	65580
Entropy (8bit):	4.515211520614296
Encrypted:	false
SSDEEP:	768:BD8eYy382uefNx+dGaB3jSI+2e33vzzAxFvZG:BYQ38V6oGahSI+d33vzwFRG
MD5:	B0AD43ECD20D4C17113094DCE40298AC
SHA1:	9FC87BAA60D9EDCC94AEABA4A47ACBED4CA8D62E
SHA-256:	D5AF3DA7BD547A73EBEAF4CBF821D6A8B3B3BE68B820242C8C0D26B88664158C
SHA-512:	FB6D36C678B85A24701B8BDFF5A87353BB2914DFBCA74E20D963580016922EA20FEB3CD6A11C9E0473EA4454E36F7DEFEA9CCB7935230CDAB2C6BDEFC261CE87
Malicious:	false
Preview:	..............@. .QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.SSS.STT.SSS.RRS.RRR.PPP.PPP.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.PPP.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.PPP.PPP.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQR.PQQ.RSS.VVV.NMM.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.PPP.PPP.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.PPP.PPP.QQQ.PPP.QQQ.PPP.PPP.QQQ.PPP.PPP.QQQ.QQQ.QQQ.PPP.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.PPP.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.PPP.PPP.PPP.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.PPP.PPP.QQQ.PPP.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQ

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\m4a1.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 64 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	65580
Entropy (8bit):	3.8284512849278873
Encrypted:	false
SSDEEP:	384:47s0DurDsgJSHjLcCvNmzIYxYeKaSTqtQIoKVv36qy:47sXrDDIDQ4xSVv36qy
MD5:	B3BAC9E56E493A329D57769FD86256F1
SHA1:	A6D9B7D43926060D113D518331C77058E16BFDCE
SHA-256:	A694110938679255B1DCACF21B575336DD31990916CADB508BDDBAED63015AB2
SHA-512:	4E7F74A4CB3C38199635A54CA8A3B40FAEB772B7052E8EAC6B3B35B76E37F6D11F935B59EE2102044B7418983FD81E63C42EA1D3032ED179FEF65BFE14B6D392
Malicious:	false
Preview:	..............@. .PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.QQQ.PPP.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.PPP.QQQ.PPP.QQQ.PPP.PPP.QQQ.PPP.QQQ.PPP.PPP.PPP.PPP.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.PPP.PPP.QQQ.QQQ.PPP.QQQ.PPP.QQQ.QQQ.PPP.PPP.PPP.PPP.PPP.QQQ.QQQ.PPP.PPP.QQQ.RQQ.RSS.RQQ.QPP.QPP.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.PPP.QQQ.PPP.QQQ.QQQ.PPP.PPP.QQQ.QQQ.PPP.PPP.PPP.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.PPP.PPP.PPP.QQQ.PPP.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.PPP.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.PP

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\mac10.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	2.9013695690402352
Encrypted:	false
SSDEEP:	768:7393hQFca2RIbuWC/bcxl9gCCSLSJO5nxg98lHxXQBjEJko1:7Nxsca2RIJnl6KVStEF1
MD5:	C4F1AE1DD060093EB51DF94471CB945F
SHA1:	35C6146BBDAF7C52295B7DCE726720F5E1CB1826
SHA-256:	8E258D096417EA7897D4A0702EE57E2C7D0C1D0613AAB7FADB809A892AF04A66
SHA-512:	F4A4CE100F1047DC10A42F695FC8B797CE99DC674D2370E0F5928AD504E4415567756FE77B7539B070220878E7EB57F38D003FB676DBB561BF540D7D15C2254C
Malicious:	false
Preview:	................ .QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQ

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\mp5.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	3.6293529271279064
Encrypted:	false
SSDEEP:	768:sc+UUoxRaN5YKLaMNA6cfrDsN+X+sY1BDpMV:5UARaN3LaaA6cfMN+XAsV
MD5:	8F81A5C99134E03BE3BBBACA938174D6
SHA1:	23B12B6EC08950370967446E4B7C33F18DE9FABF
SHA-256:	1C4EB081E6DEE76AEDF965D6E092F6D1B6ED16DA2A6628D192BAEF9D8978EB2F
SHA-512:	0D3C9E63061D5EC2F15ADD9D938A11CE9F4E88CE24934F7951854703B06EAD537E400919629D81C2F4EA38E37818C1FB76CEFF8F191483D19F672FB2F9163928
Malicious:	false
Preview:	................ .QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQ

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\nightvision.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	4.337053321246217
Encrypted:	false
SSDEEP:	768:HUnRP0GgMGXbar3jHURABAMYgWqxWhxvcd3/qZcP7ti/arJFmwRmA5/phI:0nRs9aPIABQgWaeBgyZ8tQadgO//I
MD5:	8993BC10B5E47CC66C9307EE2A7CE245
SHA1:	C9A34D7F7164C787280D03A18769D43B8131E51C
SHA-256:	0653A4D48F3CC69B7D1D3399B26CD32496AD26A10293D89AAA885414ABEDB1AA
SHA-512:	CA357863F3C54E3A4B7E6A576FDBE0ECB6511B35A632051CBDF32DC318C6736D7D6E3766367B82E0454E5418030BDE59089DAF3E5CF552696E7CA6AEAFD1306E
Malicious:	false
Preview:	................ .QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.RRR.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQ

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\not_available.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA - RLE 256 x 128 x 32 - 8-bit alpha - author " " - comment " " - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	2971
Entropy (8bit):	1.9983203090724255
Encrypted:	false
SSDEEP:	48:Jyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyd:B
MD5:	291085DDA76259058ABE39BC139C2A70
SHA1:	6A5EADB8301ABB29E51667D91A6E34C5B4BC3E09
SHA-256:	FEA48F8E5BE7644D150C6AE0852BD0EB3FDB8CE024EBDDFD1EAEEF2927BA3735
SHA-512:	E40AAFFF923DBDC884CE1354AE28340F47482D191CD61EEA3484CB443E641EA4A89A59EC5FD04661E0256D66FE0D09FA51BE4626DDB1647D68F9F03956D33DA8
Malicious:	false
Preview:	................ ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQQ.QQQ..QQQ..QQQ..QQ

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\p228.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	3.1094780467804837
Encrypted:	false
SSDEEP:	768:PsoDySzRI6WMNb45DgLQLZC02ThrKaiCei9wNzA:UohLP4FmQI0WhrnejNA
MD5:	8AA5F3774C87E501403A7EE33C8BF5AC
SHA1:	4B7EE9C96C0447348BD3742964AC8083AD70AB46
SHA-256:	A7D026358F15A6757675B2744A69EC195DAC359CF3860FC7820E7AC9994E3E9D
SHA-512:	DAE5BB75C1E72DC934C7785C20087237356CFFA154D8A95F97A6960ECD0457FB1D0D2296035978900C35CB5FCC89AC62B570880A0078AAE0E853B9DD89850E10
Malicious:	false
Preview:	................ .PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PP

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\p90.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	4.282479599264394
Encrypted:	false
SSDEEP:	1536:Em65yVO1XfVQxgauMDTRrUR5J2Cwj1CTetPKzZ2Zz3a0:E7WO1sBFQR5J2CoJPKzZ21R
MD5:	1F10813901E2BD255A5AE21026DE8B48
SHA1:	03A1F78E07952F1876DD431BA4406B534435B920
SHA-256:	348584B23C63388045342DC0B79BDD37A8CFF904A84215C386492E33273AB725
SHA-512:	B3FA7D1C675C4AE53EBC506D39234E166392BF6A0F6FA651B4C1A19240915F2423C9B150CCBE429159CEBC0FA92135A9940CBFC8C79FA9FA3B353580F93342BE
Malicious:	false
Preview:	................ .PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PP

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\round_corner_ne.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 64 x 64 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	16428
Entropy (8bit):	0.8373968088581945
Encrypted:	false
SSDEEP:	12:SpOxutQSl4j3vy169tqhwCtPhQdvdws2XrrcYBTdMNtLPfSUcHTtj52CpK:Sp8SPldlh/D4TecYBTGS52
MD5:	A04C4CACE0B2D94FD57875B521F7A473
SHA1:	DD08518A79D87E3F1581F33A44E5815D3E5D125A
SHA-256:	A8E1A53A89F3D4A4E92EE7B74DE6470250D434732BDE81BB6BFE6E6C7ADAE208
SHA-512:	79B29DBE1EA623A5BB3B872AB574ACE993A4D4114C5507AA6E0B0B5D7A1175BBCA3AE669A2D6AE8394E27B2ED55E1525C09CD8A27385735DC1267202F37BE6A4
Malicious:	false
Preview:	............@.@. .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\round_corner_nw.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 64 x 64 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	16428
Entropy (8bit):	0.8373968088581945
Encrypted:	false
SSDEEP:	12:mhQCDAWx2Y6fwGt7LwTw+fV10BUcte7tPINIzlNvdDx/wIo6S3qdpK:CtxcLS10iLtANsBxM62
MD5:	B0BCC99F81D4242DD3666DE4112C21D2
SHA1:	DB1B075946FBEC29C2AF0D65F4E27662597936C2
SHA-256:	BC0265EF43A7BBA66C05201E9BAC17EDB5C9BE2102EB7D87684274175BA99501
SHA-512:	62354875EA64E70E0A3825B8A9B2258C417F77A34ADBA78FDE22D5FA0A33256E7CB1E24B11454D6F20C41CF9DF46EB06517CB70530799A4CDB93995F98BEAF1F
Malicious:	false
Preview:	............@.@. .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\round_corner_se.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 64 x 64 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	16428
Entropy (8bit):	0.8373968088581945
Encrypted:	false
SSDEEP:	12:A09FKSEtDt9CQt7G/e/bZo1f8Yh64msPhs8bQrUNpigxoWRKQczXpK:GXtm03zZpYh6hKPFRf
MD5:	930D64812331DCE6D2C86E8BAECA2825
SHA1:	FEA51A3A14F94294D5EAB4789A2A6A691B52BA5C
SHA-256:	000F42B1CEDC1AA49D498BC9C44CFFD47DBC21C0CD5C51292CD324A86A27B78A
SHA-512:	FA1E7484F2C0AF72A8FF31685014905F9FE2DDEB8650AAACBF9AD676E147B2A6F182DD77788003B725FDD8EA57AF689881168706694156A8CC8016DADDC94528
Malicious:	false
Preview:	............@.@. ....................................n...R...1...............................................................................................................................................................................................................................................................................Z...(...........................................................................................................................................................................................................................................................................M...........................................................................................................................................................................................................................................................................N..............................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\round_corner_small_ne.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 10 x 10 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	444
Entropy (8bit):	2.324799079849188
Encrypted:	false
SSDEEP:	3:HlNtl3Rt/TQS5l/XmWWPnFR5ynt/lVMwUV/dEhPiT1tQ+i2CNRalgR1NkZlXXcas:x1f2Rf5m/cEP8BCN84SiapK
MD5:	EC674FCF4C41DEDA499592280D20B499
SHA1:	C93354A105790BEFDA817E7BC4CF10B84B12CC7E
SHA-256:	E3FE2E666773D504DFBD74D30C0FB471D6F040E9572B41997A2B30F25EB462B3
SHA-512:	8865D6E3A87FD40E7151EDB6329CF7BBA2A2B29C8ADC230957AE36DC4743E5C5392E0A2582DB94BD5ACD224AA92A4142D48EDB69BA3DA511EAC82574D778994A
Malicious:	false
Preview:	................ .........................................................................555%.......................................q.........................................x............................III6.........................................{...........................................................III6.......................555&...p...........{.............................x................................TRUEVISION-XFILE..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\round_corner_small_nw.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 10 x 10 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	444
Entropy (8bit):	2.324799079849188
Encrypted:	false
SSDEEP:	3:Hlya5l/3R4qZ//l3g3/tsQ9s2/tKMC+SmljmmsRtcaRXJaliSrYRBLaD//5capOl:Y0h4qB2/fLonw4+KJal8QXCapK
MD5:	8620ED721C520B736D0C6F903A950083
SHA1:	92784B43BB05E06A00C4F31CF64BF6BAB5A640B9
SHA-256:	C87479A8E9C5FF3F53E4879EEBF3B4E21135E3A595812F52A7B853C20AE07F48
SHA-512:	7293D0E5348CD7B135B23ADC84668A0DF8104946094356D2DED3051BC1A7C818763309EF1F8115AECF81BF210C460E2AFDB98D08906B72CFE066D341401B3832
Malicious:	false
Preview:	................ .............................................555&.....................................p...................................x............................................III6...................................{..........................................................................................III6...................................{.........q555%...............................x....................TRUEVISION-XFILE..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\round_corner_small_se.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 10 x 10 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	444
Entropy (8bit):	2.324799079849188
Encrypted:	false
SSDEEP:	3:Hlya8ajNkG//l9QHBHNaRlO3uXBT1aV/NMJ7R5ym/X8nfD+jQl//3Rt/5capOl:YLgETaRw2sC5jErDh1CapK
MD5:	07D7BEFAF7BE617A5A083779B15B6783
SHA1:	20DAE81D8290E0023D2C3EE13BEF8B42804A9634
SHA-256:	8E2BF3D11E74B8D837914FBC2270A71B5367E79713CA8766CEEFE51825D7FAD3
SHA-512:	CC146286B691F412471D91F41F0F5BAA68CF0516BC0E41ED1DA642256474206FF618EAC8BD24F932F0D32494EC411124AB93281DABFC266800367CAD7AE904FA
Malicious:	false
Preview:	................ ..............x............................555%...q...........{................................III6...........................................................................................{................................III6.............................................x...................................p....................................555&....................................................TRUEVISION-XFILE..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\round_corner_small_sw.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 10 x 10 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	444
Entropy (8bit):	2.324799079849188
Encrypted:	false
SSDEEP:	3:HlNtlSh/uBLaD//GaRXuxmatQSmlKMU5/tHg3/tCGlXJR7//lnRt/JcapOl:s/gQXGKuxr3Tm/QGhrlR1SapK
MD5:	2A1B38566CAEF2EA29D92583B85478A1
SHA1:	B786215C12B849E8C89A52EC9E866A33995FEF96
SHA-256:	CF1A347AC1747DDC2AA6D72C57DEDCDFB62FB0AD74E3F257C47BD03917745760
SHA-512:	60B2D0E31E9D72374D80EF928C094D030803AA6B278EC57203AD7152ACE80BC6DBB0AA692DD5AF9F529AECC33600C4B0A3C5E09672A702E69D3E13088B7794C5
Malicious:	false
Preview:	................ ............................x...............................{.........p555&.......................III6..............................................................{........................................III6...............................x.........................................q....................................555%................................................................................TRUEVISION-XFILE..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\round_corner_sw.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 64 x 64 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	16428
Entropy (8bit):	0.8373968088581945
Encrypted:	false
SSDEEP:	12:vabtXyo//RAhVHXjFCtUsmjMBj1K+gowl8VNwC62m/dsSIos/9OuSlpYDWpYpK:Sp/ZKV0tUHB+g/lB/2AsNz/8FlpaMf
MD5:	4FB5BD9729130AB2CFC069302BF501EE
SHA1:	9D2141ABF69619ED693F1F6C42F7EF46C692878C
SHA-256:	4F10FCB23FECC9B9ED0F46581AA0869AC757617ED513A593B7E0A98B4D7B145E
SHA-512:	EA5F4E158B8E41D7405EC0F3F07D38FC9558032CE4928D34E3880E7028024A922635F1C047C47EB6537E5B0942DC5B4C9607B23B2FF415D62DF0707A401A3C58
Malicious:	false
Preview:	............@.@. ......................................................................................................................................................................................................................../...P...n...................................................................................................................................................................................................................................)...Z...............................................................................................................................................................................................................................................N...................................................................................................................................................................................................................................................C..........................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\sas.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 196 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	200748
Entropy (8bit):	2.456700175187286
Encrypted:	false
SSDEEP:	1536:0DhTHwNGZIq/6SN0Yej8saQT2OEC3t+d+HyJ:PNIR/KY/saU2YYb
MD5:	4DF36FD94642B8662751D668A5461A40
SHA1:	6FB5FB21F412B45F216D6A98C234443D26C3BD3D
SHA-256:	421B766CC4F79EBA7F2030013AD2A15D1A9F26047F0CC6439A0709BCE3EE6632
SHA-512:	89AD9CCD43BE8031552D159C3EC9970134ECAC63526E75BFD920BC9A4ABAA8D64781327AF1E31B9FED5811F529BEB49AA3DF182030510F8800954447DE989937
Malicious:	false
Preview:	................ .............................................................................................................................................................................................................................................................................................................................................G=4.=82.............................""'.##&.124.<B@.8@<..//.(**./24............................................................................................................................................................................................................F%...- ..,"..'!..#!..%... .................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\scout.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 64 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	65580
Entropy (8bit):	4.209784096706194
Encrypted:	false
SSDEEP:	768:RSY2Mo7fcLeaxqwx3/IBrt4YKyZbaQLk4O:RR2Mo7fcLBxqwwtt4ZeaQLW
MD5:	F08F83AE78FF66F7B9CE10D9F81103AB
SHA1:	3CC39675DD248F65B4399FC3B4610889D1D097C5
SHA-256:	B4BC1D136ED6CB08381EEC0C4FC678614E054AE9682AEF96C534307C8174D3DD
SHA-512:	060FB17A36639E6B44CC890E3AE0F14BF0B79263FCF2F882903B5BABE3A813A4E4FE2FEAE71D16F9B3783F31305225931DC5812F9D756FA52202287DA51A38A8
Malicious:	false
Preview:	..............@. .PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PP

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\sg550.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 64 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	65580
Entropy (8bit):	4.403668448822444
Encrypted:	false
SSDEEP:	768:5nPqq9VwL6yS0jegjdZK+XFjF1u+RnbXmxOSnZ6rebg4E1rlM3nWi:5nSq9VwL6eFjO+XF57mQfeulM3nJ
MD5:	F7F6E831B07D71965F885AB7F420E442
SHA1:	7DC72240A2920DF1C6C19291141B60A679795B59
SHA-256:	4E25E59ED6B24BB0A29C74BE218BA1290335DA45F3F87E3441CBE7A335B23F50
SHA-512:	5FDF249148F5295C2E51FEC108C460449CB5322229F2B224312A12D1C6BDECA644CD562BF37E908B62AE4ADA111B664D248BFB9DFD3FBAC4F34B246204C275CE
Malicious:	false
Preview:	..............@. .YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YYY.YY

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\sg552.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 64 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	65580
Entropy (8bit):	3.9143415056268847
Encrypted:	false
SSDEEP:	384:6PLsSJ/C96H7vvLF2iXSsMlPa2+Yof5aA35IL2oB4LLXZvfxYSqmagCEJf9:vS5CQOQzf8A0zB4LLJHk2Ff9
MD5:	B6DE3F6EB1542D403F7960EFE703AD3C
SHA1:	DEC328F59FD74391B8475C51550554505029EE75
SHA-256:	0C9927BD22C7A781EA9AD64880F0095F9FC871C0099E6FBB618F4615D6126F2E
SHA-512:	CF14FAF2989CA38C9FB80A54234E19837477E3A594BA4183AEE18EF0ABDB517709BA672C607785B1D5F71BA6D4CB8D02CF2C2D2370B56B1C904797F996112D5E
Malicious:	false
Preview:	..............@. .QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.PPP.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.IIJ MNN.SSS.VUU.TTS.RRR.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.PPP.QQQ.QQQ.PPP.QQQ.QQQ.PPP.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQ

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\shield.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	5.407787588626586
Encrypted:	false
SSDEEP:	3072:QG6AopkniBPgwyutWwhMggeIp+ofakoAlh/RU:QGck1WWwhjq5fBD/S
MD5:	B152830278D80BDDC5F84DACE3EB93BD
SHA1:	2CD57898BB5B4AC4AACD18380D81E958E3BB5FB2
SHA-256:	D638CBB67420B2F9DDEE408ACCED0A1D0EE47A342D45B6EEBEEA08985695EF39
SHA-512:	20111D732EB3F9FAD4977D42FFEFECD44186AB7807F5CC75F60B1DCD960FE85FE9F61B3B2BE589BEAB3EF9B5DE5914C7B17EC4A0D5CA4313E866030BC4F776A7
Malicious:	false
Preview:	................ .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\smokegrenade.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	2.9127013484048043
Encrypted:	false
SSDEEP:	768:PhpIMAGsvAVj3jmjkr6i95HxU9U3T1hWLLm78MLo:brAGsvAB3K06i95HxjphWPU8
MD5:	8C3FF438E747A73255DDB8C3CCBEBBC2
SHA1:	E81DDB67229FEEFECE8CC5FF4D1B12C4B75CC103
SHA-256:	4A2460747B60D4B5843BF22A459F6C17F16A9664305B4B4BDA182041A0FDEBFA
SHA-512:	869270E4C6ADBE4E914C07BC459A7858C50988EDE0E75A02CE51A18080F9BA4BC4C483C4EE646E22FED948DAFE388E7B908F58B09528B93EB1A87EF57A278B62
Malicious:	false
Preview:	................ .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\t_random.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 196 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	200748
Entropy (8bit):	0.8865321295009008
Encrypted:	false
SSDEEP:	96:VJ+ZV4yIuVVNtSbI8ca68kAp4rzxQsdvkzjDn7HETuK:7Q4CDVZApGzxQsdWjDnjETuK
MD5:	6D095D0ACC62CBE14383DD3F177258BA
SHA1:	311B3C6EFAAD616280975BBDF43BCB44D235F5AF
SHA-256:	6C8611739D1B3D3101FDB4C4FCB1BA0AFC40873EA20D8406DC220521479BE0A2
SHA-512:	475426D4ABB0AA51C9BB00DEF88BF2BEBCC822E49F30AA4D5ACBD7D6E05C6EB4C17B1648A8CBB5F115A7C93A4A0D4B1D5DDA54AAAA28BBF5F2365E2936631AE3
Malicious:	false
Preview:	................ ...................................................................................................................................................................................................................................................................................................................................................A...................................................................................................................................................................=...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\terror.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 196 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	200748
Entropy (8bit):	2.6956602129723533
Encrypted:	false
SSDEEP:	768:c39Dlz5hB4TzVCZVVRm8njvo3MyNXm1EGS8mnoFFWJZw9N15q2XVbotNVqAsKoz:c/BsoZvR3A3vNXm1jSfjnwz1EK/A8z
MD5:	4F7EABE114BFF64390813848878AE49B
SHA1:	BA768209D68E2E78A323D77D7A48A2ACC04AC0B3
SHA-256:	3F4C5FCC31103F23FC92765B8640294D4A91BFBDDEB2EDE00C9C5AAD32FA2B83
SHA-512:	2F4A6CBCC3823B8F02F66E9E7CCDD8A9CF132DAFF244576C860BBCFD3D2E10EA812C7EB0B7D7F73C2A42FAF2B1A1BE7864FF5682FCA7C46A9CF2029D2D78411B
Malicious:	false
Preview:	................ .....................................................................................................................................................................................................................................................................................................................'" .&"......0*&.............'#..&#..554.v}......,.0.chi.....lqr.hmn.nrq.}\|w..................................e]J..v_.......l...i.aVD......& .[SC.0,".zpV...i..yb...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\tmp.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	3.362794666385694
Encrypted:	false
SSDEEP:	768:x5Yt5u4PJ0l0ByvhR/jEEd1Cf5dDyHSlaCDgKohi/iiniiniiiii8UZq:x5Y3u4hvyvhD8zyWgKmZq
MD5:	BD465E9E6C28C9B72451F2E22E3755F6
SHA1:	18BEA1A02040B3EEB47CEA18555E8E1B69BD8F2C
SHA-256:	DE2B2F7BFBEECA68C0E7197EB38B3864B19F4C110ADE2872350904E018DB7298
SHA-512:	2330FFAD9F6937C398F887E9370262B11FFFF52B2EF09BE885107544258BFC77EE6B22B4B2ADC3EC72035E4860BA244648145BBBB8EA1D571ADF5B85D7FDDF2B
Malicious:	false
Preview:	................ .PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PPP.PP

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\ump45.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	3.8388671565634
Encrypted:	false
SSDEEP:	1536:VsTd0gg/WxJeqJNT9wP1VOvxBvEKaXkrg/iUJ/H3H:VsTd0gggF39wP10vjMD3H
MD5:	8B8DE08F4F4E3FD32324B0AD6F13F1E5
SHA1:	B171CA6AC2C28C66AF8FBF90FA1DA4BBAD3253D9
SHA-256:	EC287B51919687BBA35EE4EDD1B7196B4963F97BFF8806C45A513B513CE54506
SHA-512:	8C31BADCDEA8EAC3B80AE91072B3DECC06D79192DA57CE40D7AAB8A337D84B4D61BE528051C8781831B7E5EC4A76B7F28CB7E494F3EC0F42C3EF6610BD4D78AE
Malicious:	false
Preview:	................ .SSS.TTT.SSS.TTT.SSS.SSS.TTT.TTT.TTT.TTT.TTT.SSS.SSS.TTT.SSS.SSS.TTT.SSS.TTT.TTT.SSS.SSS.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TTT.SSS.TTT.TTT.TTT.TTT.SSS.SSS.TTT.TTT.TTT.TTT.SSS.TTT.TTT.TTT.SSS.TTT.TTT.TTT.TTT.SSS.SSS.TTT.TTT.TTT.TTT.TTT.SSS.TTT.TTT.TTT.SSS.SSS.TTT.TTT.SSS.TTT.TTT.TTT.TTT.TTT.TTT.SSS.TTT.TTT.TTT.TTT.TTT.TTT.TTT.SSS.SSS.TTT.TTT.TTT.TTT.SSS.TTT.SSS.TTT.TTT.SSS.TTT.TTT.SSS.SSS.TTT.SSS.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TTT.SSS.SSS.TTT.TTT.SSS.SSS.TTT.TTT.TTT.TTT.SSS.TTT.TTT.TTT.TTT.SSS.SSS.TTT.TTT.TTT.SSS.SSS.TTT.TTT.TTT.SSS.SSS.TTT.TTT.TTT.TTT.TTT.TTT.SSS.TTT.SSS.TTT.SSS.SSS.TTT.SSS.TTT.SSS.SSS.TTT.TTT.TTT.TTT.SSS.SSS.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TTT.SSS.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TTT.SSS.TTT.TTT.TTT.SSS.TTT.TTT.SSS.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TTT.SSS.TTT.SSS.SSS.TTT.TTT.TTT.TTT.TTT.TTT.SSS.SSS.TTT.TTT.TTT.SSS.SSS.TTT.TTT.TTT.TTT.TTT.TTT.TTT.SSS.TTT.TTT.TTT.TTT.TTT.SSS.TTT.TTT.SSS.TTT.TTT.SSS.TTT.TTT.TTT.SSS.SSS.TTT.TTT.TTT.TTT.TTT.TTT.TTT.TT

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\urban.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 196 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	200748
Entropy (8bit):	2.3729827249010844
Encrypted:	false
SSDEEP:	1536:RdQ11QDzvZFXivgfz5lCodiYWRrT4B0auogHZ8LR8+u:7hZl2gfFlLWtT4EHZ8LR4
MD5:	8551A19A6E80B7E7EE14FDC78560D47E
SHA1:	7D539BAB56828A8534D8F0C233E663D68D15ACDD
SHA-256:	1E1ABAD514A923F2528B17D1DB73169EFDBA27A2471822C2C985A9DA1EFAEB5C
SHA-512:	7BF3E37C04C97D86709AB4E5FAD0010E2357D6D16574FA4CDA57BC6F36F45F2E99E9AE92143191A9A251A59E52A979857C9FBE6BA647173893EF2B490DDD6AC8
Malicious:	false
Preview:	................ ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................$........! ..()%.681..3..,-+.RTQ.8:9.....#%%.........................." .CZG.LeN.;O>.0=2.'5).(4,.'3,..&"...................... ...#$..!........................................... ...$$..&$....f......................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\usp45.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 128 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	3.512023437266394
Encrypted:	false
SSDEEP:	768:s4hW9iYudv8jyqZH+W9N5EZ8ovtp34b+jJ4wGKHE:thWnjyE+M2Z8oVCbehGCE
MD5:	13B3A5CF4AF8F97CD8A8328EF9952B7F
SHA1:	253105B008A8CE333A64F5A66E4B2DA0E3A3CB52
SHA-256:	9D8E087DD823E63F7009907FF1761E620DC5EE64DB6A527E2D0EC830D4152437
SHA-512:	77F76CB9BB4EDADECCE9BFCD05031E1DEF1F4B967B58D8078BB9E6C3B03E3DB9917BD2A77314553FB8EE233981683E9B0BAD5AF30C094344350AD2A1DD034667
Malicious:	false
Preview:	................ .QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQ

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\vip.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 128 x 256 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	131116
Entropy (8bit):	1.9520674797313056
Encrypted:	false
SSDEEP:	768:yQi/6RoWDsZnkuV/IG6/6Lysn3S66dZ6666zwjWr6I6fU6663LYmWbrMce3tvida:bhrbM3tviMUzeaEB
MD5:	B699B49F3F87DE25BDC1A65A1308C0EF
SHA1:	DF1BE6ADD9D330CC4D27E4DC0E07F9C2C00D31EA
SHA-256:	4D2030CE6F26748B6E1B5D44408B78C472CD293DAFC58E20C188EC13AC3C6D31
SHA-512:	E23FB33A636B6BFA04F9901B635C58E33B5B4DEBDEDD6192007ADA40EFAD3AE98ACAFEAFC1CF203BF1DE6E0999CC8618A6E51EB7EECA90FC1F8C6D315A07AF16
Malicious:	false
Preview:	................ .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\gfx\vgui\xm1014.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 64 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	65580
Entropy (8bit):	4.281640192900207
Encrypted:	false
SSDEEP:	1536:V2PVOQiyWHUEI838i7aT2LDrSNt3gL2LPEsMMLre:V2YQiDHUEI8Xh0tT+
MD5:	9F857DAA9CB89FE05E0836E561F97548
SHA1:	DDBD88534E58E1BD2BE189569847796E8443C788
SHA-256:	C658F7016F6D3F32C47A0D6AE7BD3BEF289BEE6BF78B2B171ABAB11A75E99E00
SHA-512:	25CF209E977EABB18F6A1F2C7E9B9C62CA99544F3A36152F9223B3541EC4B58A3B0DE42FF38F2157CBC06339C9408FB2FD6C80F059880DE25EF477239B09CB99
Malicious:	false
Preview:	..............@. .QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQQ.QQ

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\halflife-cs.fgd

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	37819
Entropy (8bit):	5.168561781029217
Encrypted:	false
SSDEEP:	768:6nyLnbp/p8QLugAajOjw3HD8UYB+333ORCa+GC7m11CzS9nEogR:lbb8wughD823jy2R
MD5:	7C9664C51C92B0A4E2770691058DFE2A
SHA1:	8C2AB83F62F9717AB1DD2D17C40D639533D34B1A
SHA-256:	97E3B93F2BAA0299280C8657928DADF30B21CF4A5590E14EB2CD68E32136DFED
SHA-512:	FCA8C1EF69CC227E3FD3782A3828C63839A5D8E3506298D41C01983F1CC67BCC4D61234E2E041CCF5C0A892A2121A56F42D21AFA90F5E561B24F534FFAE9BD3F
Malicious:	false
Preview:	//..// Counter-Strike game definition file (.fgd) ..// Version 0.6.6 (Beta 6.6)..// For Worldcraft 3.3 and above, and Half-Life 1.0.0.9 and above..// Last update: July 13th 2000..//..// by Justin DeJong aka "N0TH1NG"..// modified from code by Chris Bokitch aka "autolycus"..//....//..// Worldspawn..//....@SolidClass = worldspawn : "World entity"..[...message(string) : "Map Description / Title"...skyname(string) : "environment map (cl_skyname)"...light(integer) : "Default light level"...WaveHeight(string) : "Default Wave Height"...MaxRange(string) : "Max viewable distance" : "4096"..]....//..// BaseClasses..//....@BaseClass = Angles..[...angles(string) : "Pitch Yaw Roll (Y Z X)" : "0 0 0"..]....@BaseClass = Targetname ..[ ...targetname(target_source) : "Name"..]..@BaseClass = Target ..[ ...target(target_destination) : "Target" ..]....@BaseClass base(Target) = Targetx ..[...delay(string) : "Delay before trigger" : "0"...killtarget(target_destination) : "KillTarget"..]....@BaseClass = Rend

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\liblist.gam

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	413
Entropy (8bit):	4.774726109870056
Encrypted:	false
SSDEEP:	6:dslA1I49EF5YBryX3Nz+LgkQHCVLBnJqQtqplNqHK55yU9gkCmmEGroEtS:ya/9i5YB+nNz+/dF0UAlNnz9RTKK
MD5:	491E8A74ECDA75D5F9A35D60BC1BABED
SHA1:	DE9C668B8C1DFA469482D473967FFBF687F31C62
SHA-256:	F9FD3ABDC830EF7AEE00A1D276E86D08866EA2D5D04713EEDFEA172554AE88A9
SHA-512:	1BE1C07C78B254483481637F146A5199CFD5E07C2A79BBFCF99AB6C6D6809B749E6B2BF93C4DBA04DE3B6E975F3F4924CEF1677D6E864B1FEDD7958653748F81
Malicious:	false
Preview:	game "Counter-Strike"..url_info "www.counter-strike.net"..url_dl ""..version "1.6"..size "184000000"..svonly "0"..secure "1"..type "multiplayer_only"..cldll "1" ..hlversion "1111"..nomodels "1"..nohimodel "1"..mpentity "info_player_start"..//gamedll "dlls\mp.dll"..//gamedll_linux "dlls/cs_i386.so"..trainmap "tr_1"..gamedll "addons\metamod\dlls\metamod.dll"..gamedll_linux "addons/metamod/dlls/metamod_i386.so"..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\mapcycle.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	102
Entropy (8bit):	4.286389253558706
Encrypted:	false
SSDEEP:	3:bAUyMTZ/6iC00k9EA+ScyT6gZZ6ydPRG2n:bAUZTZ/6if9ndZZzdpl
MD5:	BBAEF8CA4E08C983A13E02F0A317D96A
SHA1:	DA83403608FCA780CD641CA743471928A849B13F
SHA-256:	4CC02E5E15B3985E8943700BFEB1010A1D0516ACFA7582E97199DE394A8DC9F2
SHA-512:	F82E0797D5736EF62EC1455ECCDFFEA3DB82B1507F1F5FCC1B2F5FB2C3D2A35A7097E9B54DEFA6AEDADBFB9AF079F3E9EAFEF4E16ABFCCFD6613AC4D7F7A7AA1
Malicious:	false
Preview:	de_airstrip..cs_havana..as_oilrig..cs_siege..cs_747..de_prodigy..cs_backalley..de_storm..de_chateau...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\maps\cs_assault.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	387
Entropy (8bit):	4.5430974592128965
Encrypted:	false
SSDEEP:	6:7lBrmUWoxRHg039TlZRcrACapDXMqnKhRSON4AMkl58LFrb2oAECNigb:R/DLA0tTlvcUnpDL4WAMkMiXb
MD5:	E7E0691F4F470270F1F177D0A43E5C31
SHA1:	5492462D56562450CD0A731B62A5D5A836D4E474
SHA-256:	22224818226C36B030DD422E4940D0E4AF6C30ED75CB5C62367C417865AC05FB
SHA-512:	D84CEAE6CCC9BD9D66299B737C8BEE3613EF87867AE280B5C3BC4C69996D4151B77B0BAB9739A94E73F9DA6515E670D79A8B3B45B8F64860F138DB268C99B7D3
Malicious:	false
Preview:	Assault - Hostage Rescue..by CryptR (lmuur@dlc.fi)....Counter-Terrorists: Rescue the hostages. ..Take out the Terrorists without jeopardizing ..the hostages. The Terrorists may be watching..you with their cameras.....Terrorists: Prevent Counter-Terrorist..force from rescuing the hostages. Use..whatever force needed.....Other Notes: There are 4 hostages in ..the mission. Rescue them!..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\maps\cs_italy.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	377
Entropy (8bit):	4.8017842480430755
Encrypted:	false
SSDEEP:	6:wEDBqUtmZIQyK/3UNaQyAxfgqsX7rgxCihtrdHqgYXMqP/Rqs/FXPRSjJ1aeRq6:wEDrkNH/3UNLNOnXgxhHqzLzoJ1/
MD5:	B6EE25EF5847434B285D2CE6278FB914
SHA1:	D286027554D61A4471501BDF5B9D58DE1CB73FC2
SHA-256:	081E893888FC3D63DE5317D2EA49D3A3A9B785F6AB5010477E49EF39462BF171
SHA-512:	C189E753DD2CE76BBE9491A631DEC6BE5856152DDC8BBA4033E056D5EFEE23C77CCAEFA8FBCD51AABF52469211DBCDE8815B55676BB24F1E24804894300343B9
Malicious:	false
Preview:	Italy - Hostage Rescue..Mapping by:..glenC AKA [HOTSHEEP]Bastard (glenc@hotsheep.com)..Textures/Graphics by:..DigiChaos (digichaos@hotsheep.com)....Counter-Terrorists: Navigate your way..around the Italian city and get those..Hostages from the foreign Terrorists.....Terrorists: Prevent the Counter-Terrorists..from rescuing the Hostages or eliminate..the Counter-Terrorists...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\maps\cs_militia.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	347
Entropy (8bit):	4.568303313233945
Encrypted:	false
SSDEEP:	6:vuP6Bry5S0M2pvAxsRWkVP+TJ9RAXMqnKhRSjXFrb2oAECNJw0a4Yyn:GikL16Vi4CLsfS4Yy
MD5:	7752D7EA45163EDEA0C3168E0B0EED86
SHA1:	18F915EE2FEB4AF74F51669C7DA0A749153A9B9A
SHA-256:	A05F4D7B3E21BC83122882DC37BF6A5B795DC0729A5D21FA176D937FAC67D3AB
SHA-512:	ABC879A9D8232DFD22CE5FA53B6F8D312F0284E5577771FC7C4F9FC56EC3470B26850A4F8FE572AECDF441A01625702D32AD7BD15BB6D54F5BCB3A3AF449C249
Malicious:	false
Preview:	Militia - Hostage Rescue..by Andrew Aumann (andrewja@home.com)....Counter-Terrorists: Enter Cliffe's ..Compound to rescue the hostages. Take ..out the Terrorists without jeopardizing ..the hostages.....Terrorists: Prevent Counter-Terrorist..force from rescuing the hostages.....Other Notes: There are 4 hostages in ..the mission and one floater...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\maps\cs_office.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	385
Entropy (8bit):	4.609578298884187
Encrypted:	false
SSDEEP:	6:7DP1BhHcGfwdAiFCdfAyNYrRxsRWwX2uLv393jAXMqnKhRSdFrb2oAECNQ:vP17LikJCNVspvt0Lue
MD5:	F5DA6AD48981A677905F05F97E56E848
SHA1:	860B6D7D2152838489DE11185421F48FB4E73E3B
SHA-256:	2803B092116DB9979D1B20660FEDEF24DBB8BA773FEAF1C4188B128CA1740EFB
SHA-512:	0DD6D4C6A4426422E2EE14B0BD26ED0308807746D8159AF5A8414DA436AA2CEC6EB6A6D6F8B7B408ED74AEBB94A98A5FDE28146DC2B2DC1979C0E9AD3A552025
Malicious:	false
Preview:	The Office Complex - Hostage Rescue....by Hobbit (Hobbit@nodream.net)...textures by Sphinx and George_Pooshoes.....Counter-Terrorists: Enter the office ..building and rescue the hostages. ..Take out the Terrorists without ..jeopardizing the hostages.....Terrorists: Prevent Counter-Terrorist..force from rescuing the hostages. ....Other Notes: There are 4 hostages in ..this mission...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\maps\de_aztec.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.615247870369336
Encrypted:	false
SSDEEP:	6:WQJcFdVAm7rKVqnxblcrguNIAXM+Xn5ZlMFrb2oA7WC:ib7WV4dI7d3j1R
MD5:	3E038011C6D687ECB3152B4341BB07C6
SHA1:	800D7619263AED7647622D10688415DA87A1A26E
SHA-256:	6FEC9A17A0A48D3C44381BC9BF1F449C74D6835D399C8A2728B98395C9AF231B
SHA-512:	6CE5786270486E6A77319A8974ECF3E54647BE6C748E46ADEE0F49E914B3495BEDFD9BED8EB4034077DCCDA4D71E60D59478CABBD408A9183981212841D826E6
Malicious:	false
Preview:	Aztec - Defusion..by Chris Auty (Barney) (narby@counter-strike.net)..Texture builds by Macman ....Counter-Terrorists: Prevent the Terrorists..bombing the archeological site.....Terrorists: Destroy the valuable Aztec ruins.....Other Notes: There are 2 bomb sites in this ..mission.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\maps\de_cbble.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	454
Entropy (8bit):	4.766883889661485
Encrypted:	false
SSDEEP:	12:ZBuJjRaodxRCWpR2Jj2LAPm+P3XnRSezoRz:mdRPDRrpEjPJ3XnRSeYz
MD5:	E35A12010A3FB144F07F94D3891C406F
SHA1:	A2227C07BC38EF80DF9FF9A99D4BC1B2457A165C
SHA-256:	E91E1523959A1DCD263D5A7601676C788EE54A6E59E272BC7D67BFD699D74E11
SHA-512:	7B15A280608DDDE8E009C2F98D6230451A07D9B86D4C39970F3B9A9ABB7AC5F2D9EA68D09485F066D47A56263F0BA1B7653F5E28A144AFA4DD59575604B7AFFE
Malicious:	false
Preview:	Cobble - Bomb/Defuse..by DaveJ (http://www.johnsto.co.uk/)..textures by MacMan (MacManInfi@aol.com)....Counter-Terrorists: Prevent Terrorists..from bombing Lord William's country ..farmhouse. He has been the target of ..assassination in light of recent government..proposals.....Terrorists: The Terrorist carrying the..C4 must place the bomb at one of the two..bomb sites around the map, thereby ..killing Lord William and severely ..damaging his home...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\maps\de_dust.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	415
Entropy (8bit):	4.681147144424998
Encrypted:	false
SSDEEP:	6:gEIun4yRbuCqpK4kjavAxbz/FHjFFGy0AwEuioXvrXMMSoKEXNK2/QWgWhFrb2ot:g7uJjxaodxSFXvrPmuHDT1GDTa
MD5:	C5D3C698F533635ED68FDAB66D802972
SHA1:	E5E0F8EAFB5725FEF57134D30764DA4D39E19553
SHA-256:	51E1A2D73A22C020D1833DF43A12D02B317D6ACDBB984DAB8452D69A409FC2B2
SHA-512:	9F2358FEC2F35FACF73E87CA27F34FCC767A1403DA2DAE5CEB77AF81340AB3937683C452E859CD60B1D80D3CF57C2F5B7E8432FBAE3E744EEF8469A65475CBB9
Malicious:	false
Preview:	Dust - Bomb/Defuse..by DaveJ (http://www.johnsto.co.uk/)..textures by Macman (MacManInfi@aol.com)....Counter-Terrorists: Prevent Terrorists..from bombing chemical weapon crates...Team members must defuse any bombs ..that threaten targeted areas.....Terrorists: The Terrorist carrying the..C4 must destroy one of the chemical ..weapon stashes. ....Other Notes: There are 2 chemical ..weapon stashes in the mission...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\maps\de_dust2.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	452
Entropy (8bit):	4.763219363215187
Encrypted:	false
SSDEEP:	6:D3+gQun4yRbuCMw4kjavAxbz/FHjFFGy0AwEuioXvrXMMSoKEXNK2/QWgWhFrb2g:xQuJjRaodxSFXvrPmuHDT1GDTa
MD5:	4380A803CF55713ADF5C7AB81E9FA6C6
SHA1:	6C2755A957644EEA12A78AA41329412A590B4087
SHA-256:	EB376307E8999294B0A9118156D3E874D415D046E6CFFABFF590D7126EFF9491
SHA-512:	6DBF6115450E7C8EB76C81CC49035ABDE59F1744DF13D2D9ED16809D735DF2A939EF8437ADB866736BE069774FAF84B73622C797B3370F682E642F7CD0A6C204
Malicious:	false
Preview:	Dust II - Bomb/Defuse..* GameHelper.com exclusive *..by DaveJ (http://www.johnsto.co.uk/)..textures by MacMan (MacManInfi@aol.com)....Counter-Terrorists: Prevent Terrorists..from bombing chemical weapon crates...Team members must defuse any bombs ..that threaten targeted areas.....Terrorists: The Terrorist carrying the..C4 must destroy one of the chemical ..weapon stashes. ....Other Notes: There are 2 chemical ..weapon stashes in the mission...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\maps\de_inferno.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	386
Entropy (8bit):	4.586728585487611
Encrypted:	false
SSDEEP:	6:qAcFdVAm7rKgENDzDXMLwp/APG00ZIJAxbtM/FB5AE0paAXM+XrUf0paXFrb2oAc:8b7WLDXnb0ebdQBj05dg0pA
MD5:	FE7B54F5C4418D4371499BC4A8C9B575
SHA1:	D105E5E7F4F9A67618D285945223B8E7AA34824B
SHA-256:	41E575CDE6A3DBCD8F9932D4482A065AC2A6C93680ABCF92B070C618DA4A4D44
SHA-512:	F4E20F5330D17E885D60C0C104546BC0A580D9475B893AE486D7DA25671E35D4417B8DD65D9A9D41358F897AE1A3027797BABB7211A25E256E3E0E43F673814D
Malicious:	false
Preview:	Inferno - Defusion..by Chris Auty (Barney) (narby@counter-strike.net)..Texture builds by Valve software....Terrorist are attempting to blow up two critical..gas pipeline through part of a small village.....Counter-Terrorists: Prevent the terrorists..from destroying the pipelines.....Terrorists: Destroy the two gas pipelines.....Other Notes: There are 2 bomb sites in this ..mission...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\maps\de_train.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	332
Entropy (8bit):	4.456826872843975
Encrypted:	false
SSDEEP:	6:Tbb5xbz/FHchPGNKnA26g+YXMMSoKEXNKFFrb2oAV734o:Vdx6PGNoZPmub7H
MD5:	241A70A7BFA4F6CFE37D296210112159
SHA1:	A670733BD462A2C5ABEEEC9393E65CA60D414864
SHA-256:	C009B37EC010F7F7FE961B75633F5CED21A63CC02EDD52C435F7DCB354DE0E3D
SHA-512:	F77626272C24E127DEA0FF76C77D3EFD526BCD49CC2D30B28F8BAC5626DA1E63A80966A0592989CB01C97E624B9C31BDDDB2C6E0CCC088A1CB85EE6F9BA82A1F
Malicious:	false
Preview:	Trainyard - Bomb/Defuse....Counter-Terrorists: Prevent Terrorists..from bombing the nuclear payloads on two..trains. Team members must defuse any ..bombs that threaten the payloads.....Terrorists: The Terrorist carrying the..C4 must destroy one of the payloads. ....Other Notes: There are 2 payloads on the..trains in the mission...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\maps\fy_iceworld.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	48
Entropy (8bit):	4.329448698502607
Encrypted:	false
SSDEEP:	3:58E3KDXs3KDRdOv7v:AXXRkv7v
MD5:	A8E9634E710241D49FF8D18DF750C461
SHA1:	7D62AEABB324982C3CD186F466A7007C75FFF2CD
SHA-256:	89BFBAF58C7FB966F3B89E1B5A336D5DC996DA188E5803EACA9BAB18EFA45F00
SHA-512:	64B7CAABD6328648A651551A3B9816DD74A106186BAE242255508EAD9182DE1C412CDDD607684BBA66255571872ADD77F23F2A1E48E42EF54758E70E13A7BA32
Malicious:	false
Preview:	maps/fy_iceworld.res..maps/fy_iceworld.txt......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\maps\fy_iceworld.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	194
Entropy (8bit):	4.080398170647072
Encrypted:	false
SSDEEP:	3:Eioh3pASEMHK52GTMovHiKkax3kSdtIemuu1PVpS7/jEIa:8pHHI2GTMovHiDax1T7muu1VpS7AL
MD5:	1D3B7E1B7B2573A78B26BEE95476F9D0
SHA1:	45693463DBCE0E6B320E8C76935ECF8BEC9CF3FA
SHA-256:	B085AB981908DAD967978584D91DFDCC2A00A211AFEE5BEDCF497CD1CF01A634
SHA-512:	3B3EE51272D4FDC4461E1756393CC9D4F94606D86CEDE289B344BE922779A0090512A2D885E3D57E03862A46E6118085B414438B9E12AA98662200E143E08683
Malicious:	false
Preview:	FY_ICEWORLD ..By RD (realdespair@hotmail.com)..HTTP://WWW.PITRD.COM........!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!..PICK UP A GUN AND KILL THE OTHER TEAM..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\models\player\arctic\arctic.mdl

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	1793644
Entropy (8bit):	7.051432865711114
Encrypted:	false
SSDEEP:	24576:6cqF79Ny8k5XkdtQQtNemk6i3K8k5ZIyMwiqZexwmqfZ27L3yyAAh3jJHq6XN:6X36GukbklIIyMwV4xRm27L3ych3jwgN
MD5:	F1AA2FC18DCF1FA3F6B8FA73AE75E346
SHA1:	BD23CD6C2E073F8E590BDE7385B1C8E54CE5038D
SHA-256:	DA652A066BA05ED8813E2338EDD27250E476FF334B1AC7C56BE77C17D3A8D3B2
SHA-512:	2E741B02829D6D759ED1DA9AFF8D2EF839A692E86AB3DA6C0F48863F62CB663E2DB29CE3DE54DA4E609ED3FA8EAE622874F810429063ED305BABA3BB9BBDCD77
Malicious:	false
Preview:	IDST....arctic.mdl......................................................l^..................................................................#...........D...........o......................8...........0.......d.......D.......................d...Bip01............................................................vo>]......B..............;...;...;^..8..R8G..8Bip01 Pelvis.........................................................SI6.\|...............;...;...;4.I8n.J7..I8Bip01 Spine........................................................?C86?.7...7...7..s.A:...;...;...;.[i8...7...7Bip01 Spine1......................................................@~.V................8...;...;...;..#8m.I7^..7Bip01 Spine2......................................................@E.V.............Y.M8...;...;...;.}.7N.7..7Bip01 Spine3......................................................@E.V....................;...;...;@j.8...7._.7Bip01 Neck........................................................@..g.............

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\motd.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	78
Entropy (8bit):	4.322306062633426
Encrypted:	false
SSDEEP:	3:bYxKXAjZicvtWTxB0AF0Ezd07n:UxKXAViIt4B5Hzd07
MD5:	482DCAE94972B76BAD1105BC69C5AAD8
SHA1:	DFC9F3AF4F06D011F6F37A133817B332428CA48F
SHA-256:	5AD16961A947F469CB0525C37F78DE3CFCFA9BD6F4030A7CB558C6F68DBA30E6
SHA-512:	26A8224E5C0AA3A249420AAF141F11D78B0024224814030B4E57509379B75F3410B173C64C44605C0DF6EC0DAB26C4BE79E07273D2139E47CFE7C7AA2ED742FF
Malicious:	false
Preview:	You are playing Portable Counter-Strike: Decayed Lite by decayed.cell by ZeroX

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\overviews\cs_assault.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	174
Entropy (8bit):	5.178814005909572
Encrypted:	false
SSDEEP:	3:RFIAXlxkNS3F0Nhgas/DbPovDsNISovDTsVoAykACGo0s5ig9UMATWa/IyiwVyVn:j1DkEFIhgasPoo+SyDTsVoAyJC/0s8kD
MD5:	215E0FB2CEA2CF2710E24A87BBC5458B
SHA1:	BFE7B0B538CE090D570965127510EC2373E877EB
SHA-256:	8EDCF091C01DCEBB18AF5A9042440A3F3EB12BDA92D09414BDEEA413D0FDBF38
SHA-512:	D654D29CE7D14AF2B64EEA98DC77F3AEB925A9A04804D5B365DBBA228C016C73451FEE8B3293EBE62A493DC82BEFDF48E67807A7799C4FFBB1A75A1B6DF05666
Malicious:	false
Preview:	// overview description file for cs_assault.bsp....global ..{...ZOOM.2.13...ORIGIN.-531 .1390.0...ROTATED.0..}....layer ..{...IMAGE."overviews/cs_assault.bmp"...HEIGHT.0..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\overviews\cs_italy.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	175
Entropy (8bit):	5.218694933745058
Encrypted:	false
SSDEEP:	3:RFIAXlxkNS3FYLhgas/DcoE0rqRETsVoAykACGo0s5ig9UMATWi2yiwIXzen:j1DkEFYLhgasQP0mETsVoAyJC/0s8kVS
MD5:	3F593A4BAA504C90D47F794EA4945CAB
SHA1:	08426B8D90F91BDC64E337921E989132361E6EB4
SHA-256:	7489F1DD8CAF66E54DF5931D5AB4EAFE2FF5AB77BADA5DD5E752618DCB116D01
SHA-512:	4D0B66C584B8B411160C537F3C44BA630475AE7A9F7DA67CEA2C4E6E92EB3CFF2BE80E10B73D0B21A55494640B8980BBE1912BFF1C7571E23740BE299E8DFF76
Malicious:	false
Preview:	// overview description file for cs_italy.bsp....global ..{...ZOOM.1.76...ORIGIN.-212 .243.-240...ROTATED.0..}....layer ..{...IMAGE."overviews/cs_italy.bmp"...HEIGHT.-240..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\overviews\cs_militia.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.245111494921912
Encrypted:	false
SSDEEP:	3:RFIAXlxkNS3FKMDHWCahgas/DU3sWUQaNawxTsVoAykACGo0s5ig9UMATW8MDHIE:j1DkEFKMD+hgasKsWLa0wxTsVoAyJC/3
MD5:	396D068A90EFB94AAD5CF8829CE413B3
SHA1:	5094E710761192C5B4E48DFEA75D1E9CD46AA236
SHA-256:	41C3BAAF47824575FC626FA61CEC9683D472F99D9D4E1D2049875598C506E8C7
SHA-512:	931F6E61393537654816AF583B9DF12827903F8C9A44F47E0DFA79AB6BCCC83136F07E6BA1AD671F88B183BA12CAF7C06B705D025C3D406FC8BF61ECB8135D0F
Malicious:	false
Preview:	// overview description file for cs_militia.bsp....global ..{...ZOOM.1.72...ORIGIN.615 .-476.-380...ROTATED.0..}....layer ..{...IMAGE."overviews/cs_militia.bmp"...HEIGHT.-380..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\overviews\cs_office.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	474
Entropy (8bit):	5.017968956928902
Encrypted:	false
SSDEEP:	6:j1DkEFc6hhgaskdhPsZC/0s8kVdMkpIyKaFUsP1TuVFqKydJ50IbsQy2yvWpXIU3:j1J6nIB0C5pkaF1RuVoVJ504ss0sXIU3
MD5:	4CBAD775CF3F295F15B88E3BD7771CE3
SHA1:	41E6D080419CA35AA57FF0EBD2B5D3DDD42D94A5
SHA-256:	D658E1201B625D49345EB46F004555045B892A44C2156741F788C00D4FF9223B
SHA-512:	D7F4023799690363781A2BDA5BC2CA5694D5853BB3B3E0DF486F5E3537DEA174462AA3E111B2E59D50D6D33D9D608036117DDD6A79B3C1B0A0C12378DDDCEBA1
Malicious:	false
Preview:	// overview description file for cs_office.bsp....global ..{...ZOOM.1.56...ORIGIN.280 .-351.-435...ROTATED.1..}....layer ..{...IMAGE."overviews/cs_office.bmp"...HEIGHT.-435..}....decals..{...CUSTOM.-1343 .-1690 .-242 .0...CUSTOM.1 .-1152 .-148 .0...CUSTOM.1087 .864 .-80 .0...CUSTOM.1251 .-416 .-87.0...CUSTOM.1312 .-64 .-87 .0...CUSTOM.352 .-1077 .-152 .0...CUSTOM.-1696 .-405 .-165 .0...CUSTOM.403 .192 .-79 .0....CUSTOM.-754 .-1232 .-162 .0...CUSTOM.1312 .-511 .-82 .0..}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\overviews\de_aztec.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	175
Entropy (8bit):	5.245650088763097
Encrypted:	false
SSDEEP:	3:RFIAXlxkNS3FImxVrhgas/D3MQR9OesUoaACGo0s5ig9UMAUAGvtoyiwIQR9Ay:j1DkEFhHhgastR9sZC/0s8kVjAGVTIQF
MD5:	EB93ADE508543CD22BC07FCC6C16A1FD
SHA1:	618ECB58F6A94F82230BC2DE7DF7DEAF10EF15F8
SHA-256:	D872AE8F28884F36AA67A9AA91E39C7882080166B516B1C65082FD409101511D
SHA-512:	42ADDAA467106A467E82C305F1F4A7B8017E7327E59C732ACC196B83860AF2107B7E9BDA16BABD8AB496DF3FFDD5157C66D15470C1B6DBBC2046CCCDAED5F241
Malicious:	false
Preview:	// overview description file for de_aztec.bsp....global ..{...ZOOM.1.38...ORIGIN.-384.-172.-545...ROTATED.1..}....layer ..{...IMAGE."overviews/de_aztec.bmp"...HEIGHT.-545..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\overviews\de_cbble.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	175
Entropy (8bit):	5.188507231620239
Encrypted:	false
SSDEEP:	3:RFIAXlxkNS3FZvyhgas/D3tN/XsIPOesVoAykACGo0s5ig9UMAUA7iwIX/9:j1DkEFAhgaspNXMesVoAyJC/0s8kVjAe
MD5:	F0F5B7F846C8E95CECE749FD4584758A
SHA1:	297DF36984A513FD3E602431F6EDE388CA5EBC53
SHA-256:	87881F8E82350CA3A074B3AC9234A12CCAAE1FC18360C3BA1C54C131CEFB925F
SHA-512:	BFF28014BD5BB81F6C3F8CF7B48F5607DB0C9F3C235956199A84DA56E9F2FD57FAE06D9E6350191ACC983A33617DBE4CC087530D267F45519F821812A207205D
Malicious:	false
Preview:	// overview description file for de_cbble.bsp....global ..{...ZOOM.1.23...ORIGIN.-959 .312.-256...ROTATED.0..}....layer ..{...IMAGE."overviews/de_cbble.bmp"...HEIGHT.-256..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\overviews\de_dust.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	173
Entropy (8bit):	5.176544486681197
Encrypted:	false
SSDEEP:	3:RFIAXlxkNS3F9HSoahgas/DKtR4spciDTsVoAykACGo0s5ig9UMAUA4HjyiwIUcO:j1DkEFlbahgasWtuspHDTsVoAyJC/0s+
MD5:	09797A9FB73C052E83EB7EA9E3DC8F1E
SHA1:	55932FE4FE82CC46998D5EEF348FFE7A60CFBAF7
SHA-256:	8CE5F96C45BF198F4628E96371174DF61549CBA113D9F5CC0A32840922D87814
SHA-512:	2D702CDB25947F277640A939F8BE944DDBB03FDBCECD20F2A6F236741F1BB0CEA2BBBAEFE469EFDF2CD0023D302A1D891411C29A14BA19F4849D086FACE8E3E7
Malicious:	false
Preview:	// overview description file for de_dust.bsp....global ..{...ZOOM.1.20...ORIGIN.101 .1071.-192...ROTATED.0..}....layer ..{...IMAGE."overviews/de_dust.bmp"...HEIGHT.-192..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\overviews\de_dust2.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	176
Entropy (8bit):	5.2320648417080005
Encrypted:	false
SSDEEP:	3:RFIAXlxkNS3FhzWsyhgas/DGoNHWFsQptyDTsVoAykACGo0s5ig9UMAUAkzItHia:j1DkEFFehgasPanyDTsVoAyJC/0s8kVE
MD5:	53F642DA55A65BDA415E178879D59DD5
SHA1:	17449FE36109E8F5B7AB0174A1EE58B8906AFF59
SHA-256:	1146D251F8F5EF98ED2B21B8029FEADA78AA32B61F3F40B30A0187535C80EDCC
SHA-512:	245503914CA982A066EAD30BAEAEADBFCBCA696E4254182D3CB89A8504AA383CB1D8791CE4E91F9061CCC376149C726A715E84E6B66D4AA1146B8835ACB62527
Malicious:	false
Preview:	// overview description file for de_dust2.bsp....global ..{...ZOOM.1.50...ORIGIN.-223 .1097.-192...ROTATED.0..}....layer ..{...IMAGE."overviews/de_dust2.bmp"...HEIGHT.-192..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\overviews\de_inferno.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	177
Entropy (8bit):	5.174994225277581
Encrypted:	false
SSDEEP:	3:RFIAXlxkNS3FkDAXLSehgas/D6tc0MItsUoaACGo0s5ig9UMAUA3AXLSjyiwITKv:j1DkEFKAbSehgasOttMItsZC/0s8kVjd
MD5:	1FA18B0285D554E26C1028015F781D21
SHA1:	B2DB439BD5B0E6334751CF7A8EA02D135C711DB3
SHA-256:	DA4CBE0C8B72FF492A197333B00144C24F7B514657ADAEC5F3D737D45E5C20CF
SHA-512:	44A5037EE17FA0714A84675132B715AB12EB45BD67AF9FB74AB711D1ECEA02D533080B11B7CD2BB0D950F6C58A5F4E1ACA834D8974372E1D3CB46A364D42943A
Malicious:	false
Preview:	// overview description file for de_inferno.bsp....global ..{...ZOOM.1.49...ORIGIN.490 .1280.-64...ROTATED.1..}....layer ..{...IMAGE."overviews/de_inferno.bmp"...HEIGHT.-64..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\overviews\de_train.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	173
Entropy (8bit):	5.186761408269001
Encrypted:	false
SSDEEP:	3:RFIAXlxkNS3Fx7vyhgas/DwuVsU7ros6TsUoaACGo0s5ig9UMAUAauiwIWTCvFvn:j1DkEFx7ahgasFXQTsZC/0s8kVjAaSIv
MD5:	063030CE7A30432A17C50007C269B5DE
SHA1:	5AFD4D10DC82EEA81FF7EC671282BE57A87A2113
SHA-256:	8175BBF2734BDD57A420B3446107662E7CD96B77E489F7B0112C4FDA68C66685
SHA-512:	3ED96E35EB1C0F3D98403EC91703F4DC42F0702E813E23743B760EACF0150AA16A22893D7CB4AEB13EC9BFF05796433F1EE996476B7584BC4D1F7512CEB8E4C5
Malicious:	false
Preview:	// overview description file for de_train.bsp....global ..{...ZOOM.1.56...ORIGIN.32 .156.-360...ROTATED.1..}....layer ..{...IMAGE."overviews/de_train.bmp"...HEIGHT.-360..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\rebuy.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1550
Entropy (8bit):	4.747591192746322
Encrypted:	false
SSDEEP:	48:QK8MEuSnft677ESDI5ytyVK+l3RXDRbCIM29KW:QBMaV67gX3hDN759KW
MD5:	59884A76B2229C7677AB89AB77655F5C
SHA1:	8CDE804F6BE99F76C8471E3A9F1BAE72509CA675
SHA-256:	288D3B2BF47936A76E22B65E3EA14F3079B1EA2D7CA0ED9E124BBC874E5B1F27
SHA-512:	A1288801C3859C5E7C42A707BEE53E85C950B28962FB9FACFAEB18E2A55AE052C259D229997942246D9FB75608728FDAE71A66FDDEAE959B626CB9FF9358FEF5
Malicious:	false
Preview:	// This file contains a list of the different classes of equipment "Rebuy" will buy for you...// The rebuy system takes a snapshot of all the equipment you have when you buy something...// That includes issuing a buy alias command, buying something from the buy menu,..// or after using Autobuy (see autobuy.txt for details)...//..// When the rebuy command is issued, it attempts to buy all the equipment that you..// had when the last snapshot of your equipment was taken. The equipment will be..// purchased in order as specified in this file. You can modify the list in this file to suit..// your play style in case you become short on money and can't afford all..// the equipment you had in the previous round...//..// The tactical shield is considered a "PrimaryWeapon", but the pistol used with it..// will be bought as a "SecondaryWeapon"..//..// The console command for using rebuy is "rebuy"..//..// The categories used by rebuy and what those categories include are:..//..// PrimaryWeapon.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\resource\GameMenu.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	776
Entropy (8bit):	4.679878600665951
Encrypted:	false
SSDEEP:	12:oHF1xGkMyHUyHgKGQ0+hBfgcoFluOTFxD4CR2Ff2fK:aFDGmpAK4+XfgZ2OTbDDAuK
MD5:	96AEA70447DEF0DBE016F3515C5A37AF
SHA1:	8064CCC84B334BC4CF0D59626C56DE69A073AF08
SHA-256:	5B6C9699B9780836B851808443DDEF4B243CCB28671411C70DF562DB81DD7597
SHA-512:	8259B3E7776C64C8ED8CC256E72326CB41E3648A78B142B42AF9F2B1A562EE683F5BF448ECB7CA2E0D5E8A6A47C5499CEE78EF45D424FCABE87557696BF595CD
Malicious:	false
Preview:	"GameMenu"..{..."1"...{...."label" "#GameUI_GameMenu_ResumeGame"...."command" "ResumeGame"...."OnlyInGame" "1"...}..."2"...{...."label" "#GameUI_GameMenu_Disconnect"...."command" "Disconnect"...."OnlyInGame" "1"...."notsingle" "1"...}..."4"...{...."label" "#GameUI_GameMenu_PlayerList"...."command" "OpenPlayerListDialog"...."OnlyInGame" "1"...."notsingle" "1"...}..."8"...{...."label" ""...."command" ""...."OnlyInGame" "1"...}..."9"...{...."label" "#GameUI_GameMenu_NewGame"...."command" "OpenCreateMultiplayerGameDialog"...}..."10"...{...."label" "#GameUI_GameMenu_FindServers"...."command" "OpenServerBrowser"...}..."11"...{...."label" "#GameUI_GameMenu_Options"...."command" "OpenOptionsDialog"...}..."12"...{...."label" "#GameUI_GameMenu_Quit"...."command" "Quit"...}..}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\resource\OptionsSubMultiplayer.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	10036
Entropy (8bit):	4.444419900830988
Encrypted:	false
SSDEEP:	192:lKTW0wmNhhWn/mfzmxbuG/hjdSn/5DNZGDzGfGuGGGv9EidKES1EPI:UTW0wmN7Wn/mfzmxbuG/hjdSn/5DNZGQ
MD5:	A39C8C2F99DD9631B8EBFE0303CF51D6
SHA1:	F639C134EDA8A57CA61F756D14A455606B41939F
SHA-256:	8D0B07686E02F4EE177231CDBD61AE9BBDE31E8F83F92125398B57709CC4E08E
SHA-512:	2DD6E6CC592FFACAF92D6860A3CBA3F7B89E5E5D21896370411CAC5EC3E4D6902094C14FD1B83196B638A5AE7225F57F164564D223CCD6FAE1F1FC79F4E49B36
Malicious:	false
Preview:	"Resource/OptionsSubMultiplayer.res"..{..."Cancel"...{...."ControlName".."Button"...."fieldName".."Cancel"...."xpos".."378"...."ypos".."322"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."3"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_Cancel"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."wrap".."0"...."Command".."Close"...."Default".."0"...}..."ok"...{...."ControlName".."Button"...."fieldName".."OK"...."xpos".."308"...."ypos".."322"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."3"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_OK"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."wrap".."0"...."Command".."Ok"...."Default".."0"...}..."Apply"...{...."ControlName".."Button"...."fieldName".."Apply"...."xpos".."448"...."ypos".."322"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."3"...."visible".."1"....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\resource\UI\MOTD.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1290
Entropy (8bit):	4.419726412462983
Encrypted:	false
SSDEEP:	12:Im1FWHuGovnkP1IyzP+6DEzkGo0TIUIvcJkbYmyXHzJKFY0sekkJNR5uyzPHp6Lw:R3WH68j2QEXT+kcYTjEyVeFR5zf3BIY
MD5:	6AE8AF240F3340C9CA31866A8D827329
SHA1:	430E1F9AD405B45B418B80016639E14D5049AFA2
SHA-256:	AE995B068CDE415DF6B34B5629E07CA8764F24D659DD32F15F5756773A08773E
SHA-512:	E072597FA180356014F7B11206D93FB7201977F5AA713C52CD34C1C4838409FB31592A23EE5E0E48608FE3D0821D852286D51F4EF8B99AB52F629EE2C6BBB620
Malicious:	false
Preview:	"Resource/UI/MOTD.res"..{..."ClientMOTD"...{...."ControlName".."Frame"...."fieldName".."ClientMOTD"...."xpos".."76"...."ypos".."0"...."wide".."552"...."tall".."448"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."setTitleBarVisible"."0"...}..."Message"...{...."ControlName".."HTML"...."fieldName".."Message"...."xpos".."0"...."ypos".."116"...."wide".."480"...."tall".."240"...."autoResize".."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."ok"...{...."ControlName".."Button"...."fieldName".."ok"...."xpos".."0"...."ypos".."364"...."wide".."128"...."tall".."20"...."autoResize".."0"...."pinCorner".."2"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#Cstrike_OK"...."textAlignment".."center"...."dulltext".."0"...."brighttext".."0"...."Command".."okay"...."Default".."1"...}..."serverName"...{...."ControlName".."Label"...."fieldName".."serverName"...."xpos".."0"...."ypos".."22

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\resource\UI\MainBuyMenu.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5779
Entropy (8bit):	4.506169485807897
Encrypted:	false
SSDEEP:	48:TJcQ1C3R57u3JWI+R9950SA26UTPeGVUHDY8kM0+xWHdHP/wUwckoe:TJcZ5kW39tt7LC88kP+SdvZ3koe
MD5:	19B1EB57553862D66A5599A8FAADB128
SHA1:	5099D8D93B81C76141B3B85988D2393ED1F6E96F
SHA-256:	7308E490D43C4865B77EADBA19DE6B5F2E802F16C88193CE2F1708424A007D40
SHA-512:	33D76C6D69D89EB5533096E294BFB5C17C795D7AEF47CA68A40D325CEF00FB97E213C7EF2B9C91B4458884B18311708114BB9121D84EE17C0049BCC740BF3D25
Malicious:	false
Preview:	"Resource/UI/MainBuyMenu.res"..{..."ItemInfo"...{...."ControlName".."Panel"...."fieldName".."ItemInfo"...."xpos".."1680"...."ypos".."1160"...."wide".."400"...."tall".."380"...."autoResize".."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."Title"...{...."ControlName".."Label"...."fieldName".."Title"...."xpos".."76"...."ypos".."22"...."wide".."500"...."tall".."48"...."autoResize".."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#Cstrike_Buy_Menu"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."font".."Title"...."wrap".."0"...}..."selectCategory"...{...."ControlName".."Label"...."fieldName".."selectCategory"...."xpos".."84"...."ypos".."87"...."wide".."160"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Cstrike_Select_Category"...."textAlignment".."west"...."dulltext".."0"...."brighttext"."1"...}..."pistols"...{....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\resource\UI\ScoreBoard.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.408529417924638
Encrypted:	false
SSDEEP:	12:IEFJW2Qgc0Tuz/64moLHylYsGLsdHm5kk80TuzPeSNv08D:nFJpcgq/eoLS+stp9gqd9RD
MD5:	7BB1C70114FB2074C0E39239E1CA1EC7
SHA1:	6E38A88232305CE20B67BF39A6F81B9240E4005A
SHA-256:	6930C9C35E1CB16835A23DF85C9D4F76B0A745EBFA10D1DD0B186E77FEF82D63
SHA-512:	39E9FBB107BF690160E2BC2142CDC9D369963EE8CE6EDB2B0FB197060A8E01A5CB33ACD32B7794A67846F84142F7B7F7342E901DB31A24F3506C212A6DF63ECF
Malicious:	false
Preview:	"Resource/UI/ScoreBoard.res"..{..."ClientScoreBoard"...{...."ControlName".."CClientScoreBoardDialog"...."fieldName".."ClientScoreBoard"...."xpos".."63"...."ypos".."42"...."wide".."444"...."tall".."360"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."ServerName"...{...."ControlName".."Label"...."fieldName".."ServerName"...."xpos".."3"...."ypos".."2"...."wide".."250"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText"..""...."textAlignment".."north-west"...."dulltext".."0"...."brighttext"."1"...}..."PlayerList"...{...."ControlName".."SectionedListPanel"...."fieldName".."PlayerList"...."xpos".."0"...."ypos".."0"...."wide".."444"...."tall".."360"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."autoresize"."3"...."linespacing"."13"...}..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\resource\UI\Spectator.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3946
Entropy (8bit):	4.409702850512175
Encrypted:	false
SSDEEP:	96:9FEaSIKfh0IK5ONcHVH4d0zhd/Ojd0ZOd/7st920kSErfdnfsd/E:3Gzfh0z5Kc94OhQj6OFpdfZsa
MD5:	F7C59465F786C9B9C413B5F7E285901F
SHA1:	D910285F6E5252762348D51C8D7100D7DCBC5D1B
SHA-256:	44D158624FD5D330ADC437045B2FA2F618212407F2FED7A7F025C0EAF88F7C55
SHA-512:	3F84D32875A8CA130F05426331ED518AF9C39BFA3C4A5C5E9A8CAA3F791F8513C67D6BB9F8D2864DA18BECE35D1B70B6607F9C6121215BBB5A9EE0FFA08418CB
Malicious:	false
Preview:	"Resource/UI/SpectatorGUI.res"..{..."SpectatorGUI"...{...."ControlName"."Frame"...."fieldName".."SpectatorGUI"...."tall"..."480"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition"."0"...}..."TopBar"...{...."ControlName"."Panel"...."fieldName".."TopBar"...."xpos"..."0"...."ypos"..."0"...."tall"..."52"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."0"...."tabPosition"."0"...}..."BottomBar"...{...."ControlName"."Frame"...."fieldName".."BottomBar"...."xpos"..."0"...."ypos"..."429"...."tall"..."52"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."0"...."tabPosition"."0"...}..."bottombarblank"...{...."ControlName"."Panel"...."fieldName".."bottombarblank"...."xpos"..."0"...."ypos"..."429"...."tall"..."52"..// this needs to match the size of BottomBar...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition"."0"...}..."playerlabel"...{...."ControlName"."Label"...."fiel

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\resource\UI\Teammenu.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3690
Entropy (8bit):	4.383587612820969
Encrypted:	false
SSDEEP:	48:BFWkjk68jykD//5xKHeR5zErGeW56jjF1jkT8wNjzzjRAjnXXajde:BFRg575qY5cWsnnYXb+rXaJe
MD5:	51118861D18645D13A55F7C0266313CF
SHA1:	B9EF0CCCFEB388A80870C167A8C11F20A22623D8
SHA-256:	D5334BC2776C34ED0ABB88D0E2348AB9DDA7533BDE3A85B93A293C9B5168F2EE
SHA-512:	81AF18D474003F373FA4888E12CAC6B3D511BFA9B643CB39948B5A49904FBA697A88A424C9FE28AB7501EB6FE162147B4202E67B598326396532A9E2B029C567
Malicious:	false
Preview:	"Resource/UI/TeamMenu.res"..{..."TeamMenu"...{...."ControlName".."Frame"...."fieldName".."TeamMenu"...."xpos".."76"...."ypos".."0"...."wide".."552"...."tall".."448"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."SysMenu"...{...."ControlName".."Menu"...."fieldName".."SysMenu"...."xpos".."0"...."ypos".."0"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."0"...."tabPosition".."0"...}..."MapInfo"...{...."ControlName".."HTML"...."fieldName".."MapInfo"...."xpos".."168"...."ypos".."116"...."wide".."316"...."tall".."286"...."autoResize".."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."joinTeam"...{...."ControlName".."Label"...."fieldName".."joinTeam"...."xpos".."0"...."ypos".."22"...."wide".."500"...."tall".."48"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#Cstrike_Joi

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\resource\cstrike_english.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (351), with CRLF line terminators
Category:	dropped
Size (bytes):	183892
Entropy (8bit):	3.6489222244966606
Encrypted:	false
SSDEEP:	3072:bJsT/apiO5HqWldknhr2r69ql8Shbewmdpy4t/7tQ6NwVAv7yZPA7ahY4M:bP1M
MD5:	1CEC3B9A96BCF070DB307FB637AA330E
SHA1:	135E81F14EFE78F6091E1EA5E630C9069EA19100
SHA-256:	28FD86CF5D9EE4A0D84254E71342B5FE599BCA004F4BA7B94A5568F3A261804E
SHA-512:	4A4E54D4A4599ECA3475963EE68999C728E409BC6520C2A0184018789565E8E91ED18A797FFC220F5761C7C9A4C3AB4C6BFB9E47D9A4684409334EE50C24A43B
Malicious:	false
Preview:	..".l.a.n.g.". .....{. .....".L.a.n.g.u.a.g.e.". .".E.n.g.l.i.s.h.". .....".T.o.k.e.n.s.". .....{. .....".C.s.t.r.i.k.e._.R.e.s.e.t._.V.i.e.w.".......".R.e.s.e.t. .v.i.e.w.".....".C.s.t.r.i.k.e._.M.o.u.s.e._.L.o.o.k.".......".M.o.u.s.e. .l.o.o.k.".....".C.s.t.r.i.k.e._.K.e.y.b.o.a.r.d._.L.o.o.k.".......".K.e.y.b.o.a.r.d. .l.o.o.k.".....".C.s.t.r.i.k.e._.S.t.a.n.d.a.r.d._.R.a.d.i.o.".....".S.t.a.n.d.a.r.d. .r.a.d.i.o. .m.e.s.s.a.g.e.s.".....".C.s.t.r.i.k.e._.G.r.o.u.p._.R.a.d.i.o.".......".G.r.o.u.p. .r.a.d.i.o. .m.e.s.s.a.g.e.s.".....".C.s.t.r.i.k.e._.R.e.p.o.r.t._.R.a.d.i.o.".......".R.e.p.o.r.t. .r.a.d.i.o. .m.e.s.s.a.g.e.s.".....".C.s.t.r.i.k.e._.N.i.g.h.t.v.i.s.i.o.n.".......".T.u.r.n. .n.i.g.h.t.v.i.s.i.o.n. .o.n./.o.f.f.".....".C.s.t.r.i.k.e._.M.e.n.u._.T.i.t.l.e.".......".M.E.N.U.".....".C.s.t.r.i.k.e._.B.u.y._.P.r.i.m.a.r.y._.A.m.m.o.".....".B.u.y. .p.r.i.m.a.r.y. .a.m.m.o. .(.o.p.t.i.o.n.a.l.).".....".C.s.t.r.i.k.e._.B.u.y._.S.e.c.o.n.d.a.r.y._.A.m.m.o.".....".B.u.y. .s.e.c.o.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\resource\logo_game.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 512 x 32 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	65580
Entropy (8bit):	0.8496316349474144
Encrypted:	false
SSDEEP:	48:MEHBA+lvT5skLmqF0vEzoUkOTVfWBMATZx7cWxValjBu:MEzlvT5skLmHylWBvZl/g5Bu
MD5:	C5520AEBE1186F755A98205022DC63AD
SHA1:	4BE7907F82C4BDB4535835E4CBBC0FFDC258427A
SHA-256:	1C963ADF5B435B992DF0409E25EDE2AAECFE5494AF854991DF1F42A67B76FDE7
SHA-512:	8CFF838F6E3609BCB7A0B053C70347523DD6F714D8411A7F9B9FF07C3DDE44968A2E21A0498AD8E58D896AAA50E0CCD77AA63B359E2640544DA8A2353706AF61
Malicious:	false
Preview:	.............. . .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\resource\menu_hl_no_icon.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 76 x 18 x 24
Category:	dropped
Size (bytes):	4148
Entropy (8bit):	3.06848465731317
Encrypted:	false
SSDEEP:	24:9ja////GNjZIN3514XP+cPtJ6elPRIWnbvklvY+6N1lU:Aolu3sPtJ6KIw9+6vm
MD5:	6C016F3DCCDB6B62383C87B321F22EBE
SHA1:	6966D17A050A726F864DA33DE39379D2A982A7DA
SHA-256:	248ADCC833A6694BE3C9BDF28F8425EB90BE0B60CFFC8E833FB51FFBC0EEC65B
SHA-512:	84637F39CB046B782662C53060F2FD6AE32C344A59C97506C559E5442494204422C12A29724FA5CEC2291A74668446FBF17149C01284C87D77D2D7D7B860E4C3
Malicious:	false
Preview:	............L.....DXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXL...........PbWDXLDXLDXLDXLDXLD

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sbgui\stopdemo.cfg

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	170
Entropy (8bit):	4.581567646713227
Encrypted:	false
SSDEEP:	3:4IiQGeUA63MwLG3vyABirN9rNQEIHBKwDQbGKIWGXFjYPV+XLQeUrNRBe2ROVSy7:4IyeUAHwLuNirN9rNX6BpQbGTWAFjYMl
MD5:	2994BF66B8B1634E44E13541B1DC384D
SHA1:	A6165CE96CF9A29675A13840520CCAFABC6738A0
SHA-256:	39D342A0168DDB679CC2BAB406201A8FAF7B010D9DBEABF2A259C13ED94DAB7F
SHA-512:	2E1CDF09145FFF3C81D61508742BD0F377ADC34FFD9547E20E2DAAAFF91792D201C4833A039EDC3CF66104E1429178C09A0B500AADF13B133907707A7709B17C
Malicious:	false
Preview:	exec sbgui/include_waits.cfg....echo ..echo ..echo * Steambans.com official demo-script..echo * Version 1.2..echo *..echo SB: Demo Stopping soon; wa80; stop..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\settings.scr

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2772
Entropy (8bit):	5.207528430893452
Encrypted:	false
SSDEEP:	48:lf7a06fVX8uCz2f/wdcQQ8/AbQUAf4FLg:d7a0sbmgRQigfQg
MD5:	0CE67102C9E57758A9FF8DD4ACB50AB7
SHA1:	C2567B96602360AD800B33F89DBE26A93EF9ABE3
SHA-256:	254FE5DA4D533BAD8F3BDA98995FDFACA2C40076D93D65E1E8D1E4F41AEF9373
SHA-512:	1D1402765B403FE4189303546614636C04ACE3F75650B1557EFB21E6E57CC0880A0DFEF82995CC6769FE40690D35DE89990B80D35B42B00B69B6D52A88F4C1D5
Malicious:	false
Preview:	// NOTE: THIS FILE IS AUTOMATICALLY REGENERATED, ..//DO NOT EDIT THIS HEADER, YOUR COMMENTS WILL BE LOST IF YOU DO..// Multiplayer options script..//..// Format:..// Version [float]..// Options description followed by ..// Options defaults..//..// Option description syntax:..//..// "cvar" { "Prompt" { type [ type info ] } { default } }..//..// type = ..// BOOL (a yes/no toggle)..// STRING..// NUMBER..// LIST..//..// type info:..// BOOL no type info..// NUMBER min max range, use -1 -1 for no limits..// STRING no type info..// LIST delimited list of options value pairs..//..//..// default depends on type..// BOOL is "0" or "1"..// NUMBER is "value"..// STRING is "value"..// LIST is "index", where index "0" is the first element of the list......// Half-Life Server Configuration Layout Script (stores last settings chosen, too)..// File generated: Wed Jun 04 12:25:14 AM..//..//..// Cvar.-.Setting....VERSION 1.0....DESCRIPTION SERVER_OPTI

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\ambience\Opera.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 8000 Hz
Category:	dropped
Size (bytes):	581948
Entropy (8bit):	5.847143774532252
Encrypted:	false
SSDEEP:	12288:YbYKrucBfeJjsy7nWpSxrl89LcQvfBBga0aYchx8ESZOXyijOzBP/skyR+:YEaGdA+m9IQvwabY6bi+gEK
MD5:	3B708C373F8A91D226780CF8E6A50878
SHA1:	DF5D3262539D7D4ADDC023D15AA4858E5D0D695A
SHA-256:	24828B34AC3A1587DEF3559F5938107F7F2C59EC9A4BF320113E6B1675A0E272
SHA-512:	AD7041FDFF6C165F1173A0D81599225C5ED02490B3E9565FD7B211CE75E484C3A0C1F17831328F3976AE359B9A348115A99E1F436CFF4D0AAAE6D28C029F8FC3
Malicious:	false
Preview:	RIFF4...WAVEfmt ........@...@.......data....~{\|{{zzz\|}}\|{{z{z{\|{{\|{\|}}~}~\|\|{zzyz{{\|}\|{zzzz{\|~.~}\|{z{\|{\|\|{{}\|~.~}}{zzyyz\|\|}}\|{zyyz\|~~.~\|{z{{z\|\|{}}~..~}{zyyzz{\|}~}\|{yyxz\|}..}{zzzy{zy}}~...}zyxxyy\|\|}.~}{xxwy{~...}{zxx\|x{~\|.....{xvxwy}}..~.{xxwz}....\|zxvzww\|z~....\|xuuuv{\|}.~~}xxwx{}...~\|xwzwy.{......zvtstzz}.~~\|wxvwz}..~~zvzuu\|y~.....}xwuuxyy~}~.{{yx{\|~...zy\|ty~y......}zxxx{\|..}~{y\|z}...}~ztztq\|w}....{xutvw{\|\|.{zztvvw}.....tyskzv{.....zvssuz......uvww......v~so\|t{.....\|vporw}~..~~tvut{....yxwitxu.....\|yvtquxz....zvxu\|....{xymrzu.....\|ytrtw}...~~{uyx\|....\|zxjswu.....}xroot{}..~~vsut{....x{qkwuy.....}xqopu\|~..}\|tsuu\|....{\|lmuq~.....zvrqrx\|....zsstx....\|}qnws{......zurrv\|....}vsru}...}\|qjrov......{tppry~...~vtsv}.....snsow......ytqprw}...}vsps{.....pprnz.....~ztsqty~...}xurw~....}pups.......zusqtx}...{wtsx~....sstnx~....~{ttsuy{.~.{wwvx.....wsvou}}.....ywuuy~....zywv\|....\|tzru.~....~xuvuw{.~.}vtsuz....\|ovsr.......{vssvz....xuusx~....sxvr{}~....~wutty~...zwwvy..~..szzv..~....~ywvwz~...zxvvz...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\ambience\dog6.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	46278
Entropy (8bit):	6.773154983173224
Encrypted:	false
SSDEEP:	768:RGOSb2NPxuNRHe+6x2dRt5BIF5bdde2pYdjMr6Onr4w+grDfyhI3pXT:dSsPx94d1B0JdNYd7O0Y5j
MD5:	3B93833837D711AEF50D2563666AAAF8
SHA1:	8FB742B782B4ACCE6BAFCDFE0A0FD6B6EE3F8966
SHA-256:	9892B4F304ACB6B52AAC58E37DFA5BEF6B8DD41A4CC1D7FF9FCCBE5113FF70DC
SHA-512:	1BB509E06536858DEAF0BA0E5C9BA663734790947AA1E43D0643E10C96844ADB6630476773CE9AC40EE941F0A44C7FAD7B90DC1B4F2FC8C4347D5846E6CFDA0B
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data7...........................................................................................................................................................................................~..........................................~..........................~..............~...........................~...........~~...~.........................................~.......................................................~................~...........~~...........~...............................~...............................~..............~~......................................................................~~...............~.....~........................~....~~...~.............................~~....~...~.....~................~~...~...~.~.....~}....~~...~...~....~....~..........~......~..................~.....................~......~.....~...~.......................~.............~...........~~..}}~...}...\|}...}...}.......~}............~...~~......}...~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\ambience\dog7.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	16382
Entropy (8bit):	7.0146477118177275
Encrypted:	false
SSDEEP:	384:kMhiYb/sSdrUVP6ODCm+mBAvnm0W2KiKKXsPUJwYcI:kME2NdoyOmmivmh2KVzPUqYV
MD5:	82BDBAD16B575BC8EA1525A7ED6FF7F4
SHA1:	5C41EEDE9E126C61B905E972B32500A30FD1F3C9
SHA-256:	9B07B95DB9E6EDFFEB730659C8C79B4C85E2B3B7B0715A06EBFF9B932BF3FBD4
SHA-512:	32E408275FD287E8951CE9D2066F16E06834DAF656023DA7638D2592C45CCCE83E6BAFE7F71B2C82C133E53A27B8BEB22C834393F4BC0CF5433F82130B2F3DDA
Malicious:	false
Preview:	RIFF.?..WAVEfmt .........+...+......datao?.................................................................................................................................................................................................~............~..............~}}~.~~............}~..~~~..................~~~}~...........~.~}}.....................~~~~..............~}}~}}}~............~~}}}}}~}}}...~~.................~...........~}\|\|z{\|\|\|........~~..~}}~.~.....................}\|\|\|\|\|}...............~}}................}{xvvxzzz.........~~\|{yx{}.........~\|zz\|......~~........\|z}.~\|}.........}zywxz}..........~~...}{{~\|zz}............\|yvuwz~................~\|{\|~~..........\|zz{zyy{}...........~{xxy{{z\|..........}\|{zz{}~~}.........}{{{\|\|~..............{sqtxzxx}.........~\|{z{{zy{~........\|{{yvsvz.......~.......}{z\|~........wqnrqsw.........}{vwx~...\|{{....~ytsx........{{{zwvx{}~..............\|pjnsux{..........\|vtuy{.........sjflqx..........\|wrtxz{{\|~..........vniklpty\|.........{uuvwz........{nfej

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\ambience\doorbell.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22000 Hz
Category:	dropped
Size (bytes):	52916
Entropy (8bit):	3.7257761349841942
Encrypted:	false
SSDEEP:	768:LaJHpOVhlSSYvB61IcH4XSg1QHeRdfGGaWpnUheni2bWaRX278Ot/bhEYH73GaK5:mJpOvlSrs5H45CeRJhUhm9Nm1gaKPPJ
MD5:	5115490AE1030EEC85F66E513A4A7AC5
SHA1:	85DDC9925973E3B3A41A6ED1F02E528206069E2B
SHA-256:	841C75CB1DBB0797252DA3B829B94DE0DEF8C426A84A08BC195E0D7D11F692CA
SHA-512:	4BF08CAC22D90688C93ACD34AAC487368C2282F8BAE74986594AB98078307F86FBA1A1B679E2B2DA8B95461E4DDF9860D2A6E5B44053A1B57FB671E2ACCC6F10
Malicious:	false
Preview:	RIFF....WAVEfmt .........U...U......data=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................}~~.....~~~~..........~......~}~.......~}\|\|\|\|~................~}}~~}{zxwwz}..........~~................}{{\|}~~.~}}~...........}\|\|{{\|\|\|\|\|}}~.....~\|{\|}..................}{zzz{\|}\|\|~..........~}}}~~~~~}}}~~.....~\|zzzz\|~................}\|\|\|\|\|\|}}}~~........~}\|~...............}\|zyxxy{\|}~.~~..........~~......~~.........~\|{z{}...............~{yyyyzz{\|}~~..........~}~................}{{zzz{\|~.............}zzzz\|~~}}}}}~........~~~................~zywvxz\|}~.............~~}\|}~....}\|}......}\|zy{\|

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\ambience\fallscream.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	31406
Entropy (8bit):	6.251655558237931
Encrypted:	false
SSDEEP:	24:ErjyEqsB4VTXdapY5gAZz9ALbYQck5JiR/CFZ5QLpJevgJdXFdMX0NxNt7V:Ep4hNaEgAzSzckWZC1WCg/VdMX0XJ
MD5:	E9703FC66AC509D6D06D69A6EA5B178A
SHA1:	E2C8101FC68B96F23AF05A7C6469497D3E96B7D0
SHA-256:	DF484DDA1467F26B78DA9494558AC67154E9A328B2F74ABF73890E14FCF425A8
SHA-512:	61296BF65B4F098453F4F8E368316CE722C02AE4901DC1833AE4732EF2C4D9922C76D794A4A255FF591403D5EFCAE33EBF887EFEBA9D13A82E75AA9E847FDBEA
Malicious:	false
Preview:	RIFF.z..WAVEfmt .........+...+......data.z..........\|zxzz...\|\|.\|zz\|\|zxzvvvvvvvz\|\|\|z\|\|...............\|\|zxxxzxz.......\|\|zz\|......\|...\|\|\|xxrpnlnnnntxzzz\|\|.\|\|\|.\|x\|......................\|\|.\|......................zzz\|\|..\|xxzxvvxxxvtxzvvvvtttttttttxzxvvxxvvttrtvvvxvx\|..................zvvvtxxx..............vnjfhjr...z\|.........t`LN\XHDHRlv.........\|J("...>h...........P.$....&Tl.........x8......Hh..........D......Bh..........>......Jf.........V.....":Z..........n2....(>j.........d2....2>tnp.......^ ...6:dx\.......j:...8@hx^.......j:...<Drzd.......`,...4@jv`.......Z,...2B\xlz.....\|\"...>Rp........tN...0N`pt......z\....DThjp......l>...DXl\|h......tL...0\jvnd......rH....h\|..l......xT...:f..........xL...4`..........zD...2Xx........t8...:`\|........j,.. Ll.........f0..@f..........:...Jj.........V$..2Tj\|x......f2..6Vl........t<..6Rp.........L..2Rl.........D.."Np\|.\|......N ..Hd..x......T...:h\|........T ..(Pr.\|x.....h,.. R.........d(.."P.........^".."Nz........` ..(R....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\ambience\rain.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	2401436
Entropy (8bit):	7.206407467109491
Encrypted:	false
SSDEEP:	49152:Sw1ZEXqTsmeGx0v5CieWoqW/gHt2148LLB6K0Q1AJVlI2vk11Wt:N1WXqomBx0vEiD/WIHt2+edrdkI2vk1K
MD5:	102056A4FD2D2B1FE0203EC679697E55
SHA1:	B3EA5C882C76260E010F86C6AC20E75597B35918
SHA-256:	D7331BC0182EE4DBBCBA2E194FE61B97C9C328A2535EA0EFD4A877CD443BD59D
SHA-512:	443E1391D2BC5D601E06B788B2CB37E5D2ACEAF1F1398EF9D07A6A67D1AD330559EA95354DE69B59996934B142DB3C8C45C0D3AE29DECA60EC304E220D0BD70F
Malicious:	false
Preview:	RIFF..$.WAVEfmt ........"V..D.......data..$...............^.....C.......S.].......O.....y...F...b.....w.:.......s.$.s.......?.....X..... ...J.......L...W.L.L.S.......W.....(...P...\.\.a...................D.5.@.......+...T.G.........~.j.#.h.'...i...............P...?.?...N.................W.w...B...z.....\.Z...j.c...;...m...>...........*...>.........S...........D.5...p...:...........~.....}.E.7.5...c.........x.5.1.........-.s.............r.l.w.........4.....2...L...............z...x.................7...]...Z...........x...-.7.G.............}.<.....K...................T.....D.........(."... .\.\...X.Z...-.T.....2...x...L.L...w.C...........L...W.........8...<.....r....................J...8.=.G...K.....U.G.....=.....U.....y...8...o.p.{.u.y.....8.....;.2.k.0.v.u.............W.......v.......w.......x.x.......J...f...........c.......<...........N....._.....t.p...............D.;...q."...........F.H.....,...g.....B.........F.U.........../...J...]...................8.{.....6..... ...........C.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\ambience\ratchant.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	44442
Entropy (8bit):	5.746258688519593
Encrypted:	false
SSDEEP:	768:WhDFcRxdg8KRp+iKfZhdh/fHZKPbKpMyHwi3j7+weUHIlTQ7NK1qaHT9BEkAAYlk:+iRx+8KbKfZhj3HZCbKpMez7+hUHIlh5
MD5:	4652D6F87B97EFA74F508D8775EE8351
SHA1:	22473FF9AE05F95843A9300DC7F83257AE9B1F6A
SHA-256:	D518001032D61287AB5D378C082EA0A59840F1D7F3BFD49B36416887D7137AF7
SHA-512:	1596B9651B4F5A4CFC761F0117DAB6FDAB2A4E80D1511C714D9B318CAFC7C86489EBD2212DBBA4BB39D800FF7471D48DD21FCCAB4FEB266C83D6605B249CF049
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......datan...~~~~..............~}\|\|\|\|\|}}..............~}}\|}}}}~~.........................~~}\|\|\|\|\|}}}~................~}}\|}}}~~............~~~~..............}{yxwvwxy{~..................~~..~~~~}\|{{{\|}..............~~\|{zxwvuttvwy\|................~}\|{{\|\|}~....~~~}}~}}\|\|\|{{{{\|\|\|\|\|\|\|\|\|{zywvuvx{~......................~\|{{zyzz{\|}~~......~}\|{yxxxyz{{{{zywwvxz}.......................~~~~........~~~~~..}{yvspnnprsuwxxxxy{}....................................}zwutsrpponnopqsstssrqqqsuwz~.............................\|zzyyzzyxuromkjklmnopprtuwy{{{{{{}............................{wsrrruvwvvuutuvwwvutrrstvx{\|}}~..............................{wutuwz}~~}{zxxxxxxxwvusrpoooprux\|................................}}}~.......\|xurpooopqponmmmorv{................................}{{{{\|}}}}{ywtqomkjjihfeeegkov{...............................{xxxxy{}}}}\|{ywusqolkkjklnqsvy\|...............................\|yxxz\|}~.......~~}zxurponnprsvxz\|~.............................}{{\|..........~{xu

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\ambience\rd_shipshorn.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	50724
Entropy (8bit):	6.54827992911215
Encrypted:	false
SSDEEP:	1536:syNjYpSAYupPybcI/5W2PTEaPt/UY2AoTw1Ve/:syNjYEAYupPCH55Ia1/bLLg
MD5:	6C3C57F2A213BF7635D313C43B33354A
SHA1:	663397AD0C7536F07DB1A362968A9766660B7B2E
SHA-256:	4E1EF0608C833F0BA281AF0BD314E915CBB4313285231436317D8B059F1667AE
SHA-512:	56B5131BC51143C47C033DCB45D059F7E2AB0F95139352D55C810DBC854251170889FCB52359E56E599E2828772E7101DF98EB664EBDD0F7DDAF3E9EBB120D52
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data.............................~..~.~~.................................................~..~~~~~~~~~~~...........................................~~~~.~~~~~~~~~~...............................................~~~~........................................................................~~~~~~~~~~.............................................~~~~....~~}}\|}}~~~~~~........................................~}}\|\|\|}}}~~}}\|\|\|}}~............................................~}}}}}}~~..~~}\|\|\|}~...............................................~~~~~~~~~~}}\|\|\|\|}}~...........................................~~}}}}}}}}~~}\|\|{{{{}}~~.........................................~}\|{{\|}}~~~}}\|{\|\|}~............................................~~}}\|}}~...~~}\|{\|\|}~....~~}~~.............................................~~}\|{zzyz{}~~~~}\|\|\|}~..................................~}\|{{{{\|}}}{zxwvvwy{}~~}}}}}...................................~\|zzyyyz{\|\|\|zzyxxyz{}.................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\ambience\rd_waves.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	205142
Entropy (8bit):	5.264001404540043
Encrypted:	false
SSDEEP:	6144:ERYNgKGKW4AEsODbcxjSo73jpgvi1M9VUwMfSlo:KRIWhFhSWUiufa
MD5:	39C65244BD50A64C2A077725F83EE11F
SHA1:	801AA1B0C373202D97610EE80AAAC0A5E51C5EBD
SHA-256:	F1C4F97ED031A562B24E640F1D1BCBDD67AFA71748F99711042932B00FEFC43D
SHA-512:	FD6F58449BF17763069BD2994A7751DFC9CE7F5CD940C07649B841A330158A0C52F3F91B0B13CE1111D670284DF98BE656EEA03AE45B23E9C9ECEEA8BCC2B4DD
Malicious:	false
Preview:	RIFFN!..WAVEfmt .........+...+......dataQ .........................~~~.............~~.......~~..............................................................................~~.........................................................................~...................~~........................................................}\|~.......}\|}.......~~~~...........~}}~~~~................................................................................}}{\|}...~.......................................................}}~......................~~}~~~~......~}}}}}}~....................~~~~~............~~.............~~..~}...~~...................~........................~~...................~~~~~\|\|}}}}}......~{\|~..~....~~.......................}{}~}~.............................~..................~}.......~~~\|}\|~.....~~~........~}}.......~~...~~.~}}....~}}}~~~~~~........~~...................~}}}}}..........~~\|}~~.......}\|~......}}~~~~.................~~.............~}~.........~}~~~..........~~~~~...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\ambience\wolfhowl01.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	40200
Entropy (8bit):	6.215832441355162
Encrypted:	false
SSDEEP:	768:FUw/cfMl2tSjn8s2DPSQ87aHz6j6w3Fctu9TnlN0xszt9qvZsagA7oQVc7chE:FUw/cfMl2twr2DKL2Huj6wy4tn4mzyvq
MD5:	96F01333A011CB825F779B91591A9552
SHA1:	73B1841D4DB130F55ED92D49BB46AA6F44CA845C
SHA-256:	F54E36862A15F60F5994F10356318292137BB41984B4D5AC06BBD25B1B5DB4A5
SHA-512:	FF063BA32ACEA4E78EEB4DEF470C1D8C55226896170819D8DA48975BFCF83269B14D6C152BE4548ECC8DED370B89981DCE8BE6A65C5E4770B7300A96AEB6F334
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+........data.......~~~~\|\|~~~~..........~~~\|~\|\|\|\|~~......~~\|\|\|\|~~~~~~~\|~~......~~~~~~~~~~~~~.......~~~\|\|\|\|~.............~~~~~~~~~.........~~~~~~~~~~~~~.......~~~~~~~~...~~~~~~~~~~~~\|\|\|~~~~~~.........~~..~~.~.........~~~~...~~~~~~~.....~~\|\|\|\|~.....~~~~.....~~~~\|\|~~~~.~~~~.....~~\|\|\|\|\|\|~~~.....~~~~\|~~....~~~.......~\|\|z\|\|~~~..........~~.~~~~~~~~~.........~\|~~~~.~~~~\|~~...~~~~~~~..~~~~~......~..~~~~~.~~~~~~..........~~~~~~~~~~~~...~~\|\|\|\|~~~~~~~~~~~~~~~~~\|\|\|\|~~~~~~....~.~~.~~~~~~~~....~~~~~~~~\|~~~~~...........~~\|\|\|~~~.................~~~~~.........~~~~~~............~~~~\|~~~~~..~~~~~.~~..~\|~~~~.............~~~\|~~..................~..........~~~~~~~~.........~\|\|\|\|\|~.............~~~\|\|~~~.......~~~~~\|\|\|\|\|\|\|\|\|\|\|\|\|~\|\|\|~~~~\|\|\|~~~~~~~~~~~...~~~~~...~~\|\|\|\|\|\|~\|~~~~~...........................~~\|\|z\|\|zzzxxxvvvxxvvvvxz\|~~~~~~~~.............~~\|\|z\|~~.............~\|~~\|\|.............~~~~~\|\|zzzxvxzz\|..........................\|zz\|\|\|\|~~~~~\|zxvttttvxxx\|\|\|\|\|\|z\|\|\|\|~~~.........~\|\|zzz\|~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\ambience\wolfhowl02.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	61308
Entropy (8bit):	6.978339702973284
Encrypted:	false
SSDEEP:	1536:PW2EhuCBUab91/vXXqWEMXDB5Oa8k/k5Co5N71yEKXYj0b7kiaPej:REhM4VXXGMzBYMRo5NxQ
MD5:	F3306DBE55B718611FD5E362CB339D8D
SHA1:	4F14C1A71C57EC645DA59BFEB47E43A197F7322C
SHA-256:	DD8DD10A0BEFFA6CF2BB62596B1D9F04ABF5A4EE94E51E64F9978CF6238C8466
SHA-512:	03824DF3EC94F46E36A26FAFD34B351D053C204780582DB46CB0E80B5BDEF1F24401D5ADBA8039E12F3267DB10C3C20514C3D88E3973010EC89B1256037CE4CE
Malicious:	false
Preview:	RIFFt...WAVEfmt .........+...+........data...............~~~................................~~~~~............................~~~~~~~...........................~~}}}}~~.........................~~~}}}}}~~........................~~~}}}}}}~........................~}}\|\|\|\|}}~.......................~}}\|\|\|\|\|}}~.......................~}\|\|\|{{\|}~.......................~\|\|{{{z{\|}~......................~}\|{{{{{\|}~.....................~}{zyyyzz{}~~.....................~\|{zyyyz{}~.....................~}{zyyyyz\|}~....................~}\|zyyxxyz\|~......................\|zxxwwxy{}~~....................}{xwwwwxz\|}~....................~{ywwwwwxz\|}~~...................\|ywwvvwxy{}}~...................\|zxvvvvvx{}~~~..................~zxvvuuvwz\|}}~..................}zvtttttvx{\|\|\|~..................{wuuuuuwz\|}}}~..................{wututuvy\|}\|}~..................{xuuuuuvy\|\|\|\|}..................\|xutuuuvy\|}}\|}..................\|xuttttuxz\|\|{{~.................\|xvtuuuwy\|~}}}..................{vtssttuxz\|\|\|}...........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\events\enemy_died.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15804
Entropy (8bit):	7.434668081668684
Encrypted:	false
SSDEEP:	384:jd4qnPo2ZuCMextZEPLiri2gbTqVvzXoYzYOSlhuF7dUVB7yAh:x4yQQxx8TqVvXYFlh0UVxbh
MD5:	C28AB43AAF68A646D807676CB4774EC7
SHA1:	AFD0BAC99766E2AC4E801246FB709671530006A1
SHA-256:	491E8A9F061B9E65ABB6D9F877296DFF6245E8955255BF6867E95848C5C1F2DD
SHA-512:	166092FECE0A0D6DDB656175FCE9D81FFFE537EBF1D6ECFB34B9EB277F3C265132D2C639339405E6C50E3A70B21C9024B2DE8666D8AB1095053A91F5019C842F
Malicious:	false
Preview:	RIFF.=..WAVEfmt ........"V..D.......data.=.....8.?.+.. .y..s.1..F=.P.L.)......K....-u?H6..'....z.}.`..)X/C.m.$..c.....8..5.3."...........=eW._.CZ...~.`...`....4e;h(..L...(.l.N..!.?.C.3..2..c.R....i;9G.1m.......w....926.......t.{.[..,.DiFB1.....[.7..`(V;j8....F........)V=A3p.'.]........(.w.q.}........3.EJDp(....J.3.6.h..5XR}L.(..9.;.B.'.l....6.9a$.......@..q%36I1$.....z..=.}/.I.M.4......1..... .4......h.......;3M)..b.`........6wEX4..;.N.d.%.k..-.C.:.#....U...S..".I.P.@`...\|.........%(':.(..I.G.i..G...N5./.......v..,$UJ.S.G..{....0....9/.;.....4....,.G.. ....H.p.......5.K.A.$.......O....2.I.D.._......6..&.H.KH..........._..,.F.H&........1.}..#......".......,jH.B.+....e.v......#@'..K.5.....g..$.?.B.0..... ..z....,.........l...S-]X_^(Gh.R..!......+.FjL............Y-v9.#f.4...Q.;...\|..1"?n5....w...N..-.1.$..e./.......V.A$N(o..........7YWUX.2.........Q..6.Q.P.)..Y.\|......vM.Y.;#./.r...:.9..`.....~..".h...\|.."+%#...F...........-.r.k...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\events\friend_died.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	18246
Entropy (8bit):	6.991111330348144
Encrypted:	false
SSDEEP:	192:3spKCJpKCJpKCJpKCJ4pKCJpKCJpKCJpKCJpKCJpKCJpKz1FLlA9zYoHN4lhuFTU:3r111G111111zLYzYOSlhuF7dUVB7yk
MD5:	10A9E89964996AF4062D79914BF17A33
SHA1:	57F4BCEBA11C78C4F99C52193779F6FAB85F396B
SHA-256:	2A67CB892390E5B582AE230B4F6FE945F32C5CD9212ED52F2E19B7593574FABC
SHA-512:	F016911C73D70D0E652172FBC5F563A8BFA7AB29CE6EC5B8AA4B71F8A188194F130C62F6EB444E6274FB660907D73827101094C2A030C33398E026656C597D1F
Malicious:	false
Preview:	RIFF>G..WAVEfmt ........"V..D.......data.G.......G.......p..r+.....1...<....\..`.)....\|.gTQ...........-......8xZA......w.y....6..E.../...~..w.6......t{.........G.zR.@...h..y:F....z.T.>...(..x..v.....BP..$B......._.g^.....@.oh...(.Y...F.....Ti.8....$.SNZ....j..4...BV...x(..XQ..\|.p.....P.......\rf&.......i.?.L...........p.'.s.2.......D.....(....c......[...$....T:...Er......z......B.-.[......\|)...]......E.B...p.t\|.r......R..g. h....6....R...\.Ri...$p.....$j.$...<..Z..83<.F..\.E8...4.t&LKN.B..h..xX....T.`\|......F..m...c........B9.....S.a. ..p.....`......j..T.....?..8]&......G...<8...8.........`..<.....\X.#V.t..u....v..^..m.............+.F.DF...Y...f.PS.N......4<.}.6.. .nW...".&.X.$5(........t.d.... .....Z)....29..x%......`Hq......Xk...z..V.....nn..........:...@..%NA....z.Ry.../<...k...[.......`..T........u.P...........>..t.H`.h..T....@.I......H..c..................&^....:.F....p.`P......\|0,.....0..7..X.......,=r..............J..v:............G.......p..r+

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\alldead.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11314
Entropy (8bit):	7.958591055670388
Encrypted:	false
SSDEEP:	192:k6aDDFblrFQIY5cD3g2b7Ii7x/HYx0fL1H2ltrScWdE2oRdw767eg9:k/DDfre5c7gs8I/4xS1QS5E3W70
MD5:	6135DBFB8DA482BD688A9A48E755FEC7
SHA1:	099BB0BBF00919C3D751860B77859F21CE1D7FDF
SHA-256:	7684A78D63C5683D95237D12F3C712403E6F24650EF303D87E8D08B26137AD0A
SHA-512:	B65AD2C12AF7C64D1C5431699D639E0565E8AD196F3AB359EBFA4B3649F3F29AA05E2BAF14246DA09518DB0587C976DB6DAC625DC0E7CC734CB17183656C3AD0
Malicious:	false
Preview:	BZh91AY&SY.Y..........~......................tT.`8..=.....r@..)....Ze..cm.=..PS]..F].....gvu...d..v.w9....G=[..3....:... .n...tro{p.l...N...ti...u.;b....Z......D.0.....Q..SG.h........4.......OI..FM...F.......@jxD..!.."S.%=.z..G........P.....6.@.............zBz&.2a....Ra0.0F.0..a.1..3CH.14.1.S.....&&M4.a40C..R.z&F.LG..a2...Q.!.4.L..h....4......@..A.C...M...I ..2...S.=O....b..bh.....4b.....L.. ....h.........HD..OSi.&...4(............d.@.............@...3.y..z...I<S.F..j5.............4Y..I.>.F.}5....C..@6ETe._K..VW..B.5r..H..H.R.....4...].M--.".5...Y.6cJ.2F.....]...-Yf.........D/.Rz.-z.z.V-}..'..V...3... .XJ.......A{.V.!.(..@!.8.. .".,B,....'..j.FG.X..>..M.4....b.$.iDTI..IB....T......Z*x...X..aE...QD.$8..p....~..74..kD...15_.g.C....a!.n...L....y..0/..B.c...l..+.o.&V..._.........o'.\|..}x..s$...Hm. .A.......0. 6....q..a.^..=..... +,.AX.0-P .,".,5./4...b&...L....bA..i.(cVTQ....;.E...hzN.\|.../ .Bp..+.rG.{....WQ..........n.`.,X..z..&t.....{h.]]<..l....0l.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\goodnews.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	16522
Entropy (8bit):	7.972989126118141
Encrypted:	false
SSDEEP:	384:IKdxsu7P7LGutz7i84B8MvdfQfd9T96VMFoDY06:XmujGutz78rvdIfdx96V7006
MD5:	D4520B42BD7C61C4BBB312488F08D489
SHA1:	D3A6B0724E5AB92242E6B784B04BB8B9959C22FF
SHA-256:	D89D5FC9D30D7F6EDEA3E69EF6799D82744882CBCFBC127757FC4731A4B8D87A
SHA-512:	F4180E326C67C4270E15FB2D2250B0263D24942708624407D8BF679859E926D6A8B3925C7BEB06003A7DC74C463A02C38FAF29536AA655B56197E0A3CED4DCF6
Malicious:	false
Preview:	BZh91AY&SY...................................r..`G...v.....@uC............6`l.....q.:s..2...a.`........L.t....=..t.....7..gL..Vt`.h..c......,...H.a.$$(HP.L.h.............0...452i..h.jzOQ...=OQ..4=@.@i.................... .LL&..&....S.. ......i.......d4.4i..@......)..fS..S!.....4.@.M.........@.d.F............D(..P.h....mM=.....@..................~.h..............4.....2..F.......j~...@ ..b....O.=L...ML.zC......05....4.i........aD.R..... .k............'.#8H.O.&!.Pr.4Td.\4Z6.Ev.4..xO....p....'R....YO..i...{.&.?t....H...... F....b1..uX...`...! ...y...`@.B..-..M1!v.V.9]ED...b.b....>.q......d.Y&.......t\..@?...www..w.w.q..{.:..{{N~..oi....F....@$.Q-.2.B....I`..` ...T...B.}F............p........Oq....a+....Xq5.p]p._p.]......_..SMX.. ...8........7....w.^..L>.!s.......XD..~.g=hA ........V..>.......D.....ec...F2...@f..y.k2.X...l...;..O....w.v.i..h...2V...)W;...#..+p..<..P..j.T.".%I.gi.fC57g].a....z..XkT..v.s5t..5.........i.us..R...U..[1.....X........*..z...U

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\outtahere.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	37830
Entropy (8bit):	5.7091167499356406
Encrypted:	false
SSDEEP:	768:9TIr1cGWQBSmH7IOyEKuLn23gWlKckojWAuzbtPVNh:9TIpcG7SQbZ23gW8c5WAuPxh
MD5:	BEAB46CFBFEA6086F3032122E3363070
SHA1:	B9F8DCE77E404B2FB099A78C598C9463E7E0C67C
SHA-256:	5BD7FBE464EC8E6AD7DB2680D7E3F4337EC26B29429C0BB6D752651B586A8006
SHA-512:	CBB4E0B416206EEEB23DE60340D16F8A6F149E799E0EC461A89BC030D33F452A89E50A3AF1703568C15ED76DF9D913118BDF32ABF665EB733D81AB1F34F1D75B
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~~}}}}}}}}}}~~~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~........~~~~~~~~~~~................................................~~~~~~~~~~~~...~~~~}}}}}}}}}}}}}}}}}}}~}}}}}}}}}}}}}}}}~~~~~~~~~~~~~~~~~~~~~.......................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\outtahere.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13429
Entropy (8bit):	7.964526493817217
Encrypted:	false
SSDEEP:	384:bHdyRfcDHyAinHnZit80Krx/dyoByU0Y2QuAetN04Tc:bYcTyC80KrBdyoBfytGac
MD5:	C56D09C58EEE6B6209CB3D8088C93FD4
SHA1:	39D15ECE93554D7987774AA124CC521CD1D9AE26
SHA-256:	7D602C9A8EAAB8F5A40DB54CC58D82150A52DD6E2FE99CD23A825A4AB0F6BDA0
SHA-512:	BFD5C1731AE6B0F73C47EE86E76CB6FE9543DB2F4C601A6CDF97DC61665341F76B3B0B24FA77BCB973D7DCF7AF7E5FF7A7C19C4EE36B75540AF3E96BCD6BEF05
Malicious:	false
Preview:	BZh91AY&SYm.................................t..@`C....r........}Uj.U.Yn......L..VF....j..=.{....sl..]..m&ZZ..q9.....v`f.w.{.+....{..........c.ON....7pw&]......{y.t.]...=.z..-.].e.3n..w.W5..+m5.......DA.......bM.I...'...@...'.x......d.!...OJ~.z...`....FL......S..O.....4..S.'.h..@.h...4h4.h2............6.!24.4i.&............4G...h4054<P.#..M.10A.A.21..O.$SB.=14......SO(z@........d............).$IG..hz.....5G...Q.............h..........(....&...a...o.@..&..`............F.L...A...0...V).dz.`..R.d...lFvzxh.S..ABe..b.2Q.AG7.......S.f9...eXS..+..t0...x.I..fFa.'....\.2..@q...].J...B..].XE...".=J-0..........2...x`a..X$Ni$\ALI...l:.BS..,%u.tXE.........+..g.Q..n~.......W.t.C~..F..:....v.........n".m....A..(~@H. %0.".@5.qojJ.:.q.W..X..6.E.bq,(..+.\Q.X...K(......Ua.$,...A..b..Fe.-..6*.M.8...q..3......;...:..pC.v.7q...=.v.. ...@.sG."j..A..~.\\.~.W.P...E.u.'...DWn$~y.....#..D..=.H.v....}....C.K....<!..!$....`...QG.....e.[.(r......8 x.<Q.....y7e....'(nCq..FF.%..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\over1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	36198
Entropy (8bit):	5.608316474847225
Encrypted:	false
SSDEEP:	768:ew+g73l4aNFSXrq3D++X6t8pGk5EMycSHG8tOT9ZOVDS7D+Ece56m:ew573HNFQu3SuU8pGky4SHfKIREDV/j
MD5:	F97C02035713358B3D8BD22367F3A5AD
SHA1:	5FAF20351D20B5A970BD84ADC73C8C9E29610740
SHA-256:	1DF361F00FAB0FF8D655B726C6DF1A89443D52B7816FFFDD38FF7CC3000A3DCA
SHA-512:	DE81A11D4863A24C645E81631971EFCA32BC61882EFB04AA53B5C40E42612624E92EAB4062A992F957DFAE675F97C3C768FE90B3EB3C1B5455716C38CFE6368A
Malicious:	false
Preview:	RIFF^...WAVEfmt ........"V.."V......data:.......................................~~~~~~~~~~~~~~~~~~~~~..............................~~~~~~~~~.........................................................................................................................................~..~.....~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.......................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~..........................................~~~~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~~~~~.~~~...........................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.............................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\over1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	14247
Entropy (8bit):	7.976524713647947
Encrypted:	false
SSDEEP:	384:a79FVF0/fsfYvjg53iivliS4/IGrdJ/mq7M:emUMKL4H/mKM
MD5:	CF0512D6AEE2954BBD56FD63B24A1DFE
SHA1:	B1F7A2F4F736DD072FA58CEE22173359257B6F93
SHA-256:	8BFEDE909D462CD7A02512FDFD0E31EDA01957DCD0BD3875D6688E6B13B7699E
SHA-512:	04E56C8794DF41284B3A130EFC01B42A899B6564D6B24936713EF8D18C918E06CDF3DA513AE2648AE3D85ACE43770A47CB051B72A1A8FF3AC04DF9E9F2EE7D16
Malicious:	false
Preview:	BZh91AY&SY....................................`@{.fv.........]V...(V.Kml.,v.]5...6.d.n......m.9m..k...[..l:2...E....f...i...rgY.7]G#u..43..w..c.nc........,;..a..Zm.k[f.Z..V.UPZ.V...4iT.jz......#.D....4.M.z)..SM."~..z......#.#..6A.D.H.&.`.O@.? .D@...4.y.d.@.'.L..5....###h...a.4.@i.. 2..`.hh.). ......d..4...@...................!0..4I.M2.I.3MF.....................i.....T.#=2..".j..Q.....................D.e=...P?J..............................@0&...0...b.&24....&nH$S.BR\.)..np'....:....T'g[Z.'....I.....!Mx..x.....>...T..B>....R..+.D..T CX..B....`...>.....E.. ..AX6.N.R.@B0j..p...)E...K...m.d.E..xP..%\|O....F..r......V .r.... ,T.".@b.......JL(.%.$y...A.b.(..Q. .P..^.BEP......s...p......4..%...Z..:S.[...$.D0.&J..pR@2PB..H.D. .j....MK..(P.n._.%5.~.......E......................2...x./.'[...... ....H ..&e..ATT..)0........ X.. $.A,...R;.dA"D...../. ..\|.L.Gf.l^...a`.e`..`.m5....:.+@.....F.`x2x.......[l.6.[..mF.....i..C}..4...L...0..3q.....&..&..R.]X./R.V3..q

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\over2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	46474
Entropy (8bit):	5.494788200820681
Encrypted:	false
SSDEEP:	768:0zFPJYiFljNvE+oCNnFy+e/nbYrkBPwLdmdBYTNClvn9dqi68qtcH6ryNcWtX1V:iKiFlj+HCNFyb/nsrksdmdBaNClvn9dt
MD5:	25780EB9995653FD2ED46F53BACDD002
SHA1:	5ED108CB1E4E2551FAB16F3280212782C16D16E0
SHA-256:	4C5EC8159F636ABA355EFF3F20B6109BAEC62697FC17E31CE91701F8455AAFDA
SHA-512:	90B4E6C05463BD875346E8ECD99918723FC7FFE21B1A80814FD38363309B57CE9960B377F739AF61F7B812DD293DC8421F3D063563ADD7D67E8C8A88A6136F8F
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data]...................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~..................................................~~~~.........~~~..............................................................................~~~~~~~~~~~..........................................................................................~~~~~~~~~~~~~~~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~~~~~~~~~~~~~~~~~~~.~~.~..................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\over2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	15538
Entropy (8bit):	7.9680149312123545
Encrypted:	false
SSDEEP:	384:tuL0/2/7s+ws7VPrUnavrY0cPPqTiZiIen:t6T/xj7VPACrY0cPMIen
MD5:	69DFA89EE356BFB32110C6CFEDBBD221
SHA1:	7B5D61A3B0BE28D4646CF841D91384E63B1B0E6F
SHA-256:	AABAD0878BC42EBD8FCA2B13AFEAD583C31FDA8997BA79034143078C359C7346
SHA-512:	3283A9451DB85B728B9D83463F6FEDDE3B8A2E930D8C04DD956108DBA4F4F8E12475AC53ADAADEBE3214378887BDB92C236C46154E568F27FB9BD6D9D0FB82A3
Malicious:	false
Preview:	BZh91AY&SYej....~............................`Q..<.S.<B....%T....IZ.a.Yl........w...r.om;.t..'y{.z^....Uk....^...v...'......]S^.o./k..........,....)..S..g.9G.7N..g^...'.].wu...:..^..;......W........Lu.hz.oW.......;,.iWw4.J)b.v...Z.4....O" ..D..jl.............SF....4yF.....S.z.556...A.#$...=M4.@.a....ji.S.5.H.Ph?J.@4=@.....L.............T.(.......z..h....4.4....4..........).Jhz.=O(=Lj.F.@d.F..........i........S.I.&I...F..~.zA.2.@............4....Jz$..Q.~.P.S......P.....................)`....!^K.r.......Z.%XWV..b.x...X..f....jn..u....~...9.........c....t.....@....j.......$QU..*....U..Q_...bbY.\TQ..n..k..C'.L....t2O.;8..X..G.)9........1.".s.....b.L..e(B...&.H..kf..J..g..V.'..s3=.8..>.[...9l.A...y..K&.i!BB.Z.l".F$..A..u.....r#..7..z8t.w.Oo....../...7.5...b.U.Oh..8....o.s,..+.{s. .(...}.......6..PF....S..s........1...h.#..7M"Cw........DP)@....e...f{..\.QG.fT\_d.7.T.{......>."..Pq.YR...R}o.>Z._...?......8.P....9.........@.3.$...z..^...S~.h..=~o.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\over3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	35818
Entropy (8bit):	5.577117113340675
Encrypted:	false
SSDEEP:	768:q9Q8+6VjbsDUR6LvarMp9F8cuism0Bzox02QT/xcXXI/Ww:6QM6g6LCrq9bzuUx7QbxcHcV
MD5:	99D1836E96B75AEDEDC0A8FC9AC7615F
SHA1:	94F5C0827443AD525C6F8450C2D93603AF00A3D2
SHA-256:	9CC6FE69C2BAAB5CD59FDD87E265D37278945B4BBA6A1C8511C8A463AB17EEF2
SHA-512:	5F4DDF871A54B11746CA97B8146A10F941EEB83103BE3B84707670EE2E0BBFD063EC6466BAA6846A3E744725E5AF08FC5CBC14D03C5956EA31A2260E3A2E09AB
Malicious:	false
Preview:	RIFF...WAVEfmt ........"V.."V......data.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~........................................................~~~~.....................................................................~~~~~~~~~~~~~.~~~~~~~~~~~~~~~~~~~~~~~~...................~~~~~~~......~~~~~}}}}}}}}}}}}}}}}}}}~~~.........~~~~..................................................................~~~~~~~~~~~......~~~~~~}}}}}}}}~~~~~~~~~~}}}}}}}}}}}}}}}}}}~~}}~~~~~~}}}}}}}}}\|\|\|\|}}}}\|\|}}}}~~~~~~~~~~~................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\over3.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	12929
Entropy (8bit):	7.965621666604124
Encrypted:	false
SSDEEP:	192:vHzLKS8BWlkUMjfzE7tPSMQWd3c1/jOSwata5AQ6GgbADRsbGgfpasFJADpztPgT:vHXWWfAm5bOKw+AQzEAdFCprVf4Kac
MD5:	3A7592B4AA9E2BF7EB36115BB4F62A57
SHA1:	CDC0FD3C697529824C43EFD720AAEC2869A5BB1F
SHA-256:	1DFE981287B61A1E6185CAC9C5897489A7AB4E39B5E983E4E92C2E5903DA70E6
SHA-512:	3C26FCAD9C0F94868E38DB3561FF231DD0C6ADCD40F95D0D270800C910BAAC47A8FB23D7154B128D18DB5700FAC370F9BCB878B56D26EFFE4586256CE9A39A90
Malicious:	false
Preview:	BZh91AY&SY..."..W.........-.................\|..`@{./......x..}.e..mnW{.r/n....ow{..w.......=....)..n7Nz.<............{.=nM7....;.3..U...{.s...gx.n+......6y]...=z.y7m.w..dj...rh{.-.....].{..o^..=q4.5<.&.&.A4i...L~.O.........Q......mC 4..S.<..M.jh....4z..........'....M.R~.oF.h.4.........h...........?DI...........................y$....Oh.5&.Q..M.h..................4.H.SL.4MS.....b.Sm5F.....h........ ........"M$4.O.6T.zz........#.#&.ba.!..5....`&..........&.'.h`.....>Yi`.2n~......$T."....N....jK.;...;....P...1.......4Q~..E..=h....E.S..".O`V"4.........R......5.-4...{7f.Uj.f...(...h..V.R.(..mKK(.o*P]."..DE.rxM..1.k..A.E>.=.k=.......:...?..?....C3..::Zc......sY......JPB"...H.@s8.@^?..<`R..$E^(..x.^1.....{.4.'`1Agc.i..v......U....J..(=...DP....S.(.L..<b......................;1n.'...<p..OpPe..O..(<.?..8/>..O:...@.;.^}wE......=....[w...../............9.=r.......JtX.S}..Y...:......$.3......z.WG......-.Ar..h..Hs......9......!..X.0...qbI.!...P.....}...l..]

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\over4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	30110
Entropy (8bit):	4.825296119163935
Encrypted:	false
SSDEEP:	384:5NVpathLb5xCRA5jcBWvERljEpbSuPSG0o3zoLht0hlgB9i4x7Y+Qdqt864ZiUPw:OoqDvgYTtCt0/gN6dqtijPtOL
MD5:	9D7A0FC22A4A47995C46E32E257375EC
SHA1:	C94ED7C90FC4527F7753B3EB9A9B8E88F17C7914
SHA-256:	DED5F1ACEFE3A6967CE1E56E1B50FD191C5110CC4E95E40C1B546C400AE50803
SHA-512:	8F0963D583BF0B4BEE08731A7A675D3389871ECBB497A863780D8069CCF9377E55AF1130E059A7862F98E3C1B823A17D50848E770311B0C9E775C9D2B6679BCD
Malicious:	false
Preview:	RIFF.u..WAVEfmt ........"V.."V......dataqu..................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\over4.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8894
Entropy (8bit):	7.942139149594728
Encrypted:	false
SSDEEP:	192:BkO+3TloOmy/pZ/Tt/PM05iJofQviY9a6oh0pF+WH6Xjyz5fIToI:CO4loOm2p3/U0sO7YIhuF+FjyzeT7
MD5:	CA30B2A41FCCD5A176E37B93EDD508DA
SHA1:	D2675C657F2AB55EB7A6A9326926D04618402C95
SHA-256:	AE718011336416E292AC982B243C2518F027100C3DCEBA182AE1737CD085118E
SHA-512:	8C32E9EDAC39F52D88CC1912AB6DB6D3CD90425D13B77931B670516CC93672043420990763BB2A2A501A51F8E580AF238015F83E02639AA618F7F55912A7FF0F
Malicious:	false
Preview:	BZh91AY&SY......#..............................`+....t..O.....+N.:.6...4......h.@6.h.Y..`..wA......::...CF...........O$!.4A2.S%='.=M....i.z..z...=CCM..i?D..=M.h.Q.5<..=.R...2......4....!..e?T.S..Q.MC.1..h...................5O.....~..........@.....h........yM@...@...........F.............=....hMF...SM..4..........#.4...........%"j...j.Bj4z...4...4..................8......Xq...3.;?D....3f.@....$. ....YZ.=m......$...UH...L.C....S.....R..B.(....._Z.B........].`..ZhB.H@P..,E ."...6...~.T.0.@Q_._..-.....'X!S../...$....CYB)...+6 . %.xAE_......M".....d.B......1...~:..\|t.......\|.@._......@......B......X @.......;."......\|j.H@1..d.D.$2..`...2`D.../.t..b.DP....Z>....s............hE.{.Hm{..... O.=.#.1.y=......O.q.NN#........@\_..<......`.."...V............ft.Hy.Ve$..I W....g<....<..n;q.,......8.(U....$k...hqqqn.#(....%S!.%.....N............+@...R.HHI...JE....C!0..Ns9k}....n.O+....vO.'w...%.cr.....~......+f.~/]6...p....5..A3.w).......y..1.4......c..._...g..E

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\over5.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	29694
Entropy (8bit):	5.555775846746144
Encrypted:	false
SSDEEP:	384:YUS4XNTa8llQSXiCteme2YFmWkprP+QAqOFLoSnRcGHUacjEMSU24VsywDpvNnuW:V2CiCtTYYWmrP+Q7I0ecDsbDpNuMYG+y
MD5:	485AB69E20019EAB358935A08BBBA146
SHA1:	078AC073E0CE8BAFC3EDBAAD6520131725B6BA31
SHA-256:	98D32DD8A457521DBE526B6DAB16BFE5D32F9D0D34ACA0C329A8C645396F5023
SHA-512:	34C4B5C28C2FAC7C6F022E99A87EEAC393893493D4184454E9A9D39B43566E40F1784D6325323C06C045799F35BD1BCD8BCDC9F086AE83BC16762948E1EDF1CA
Malicious:	false
Preview:	RIFF.s..WAVEfmt ........"V.."V......data.s...........................................................................................~~~~~~~~~~~~~~~~~~~~~~.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.........................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\over5.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11812
Entropy (8bit):	7.96003977805924
Encrypted:	false
SSDEEP:	192:H/1MaBqYjtTl5VuQt5WwPx5KtMJlpheMTxVHpvRLiYGNyNpB070yobB:f1MSqYxLkUWwP7gMyKVZRGjNyrB0ho9
MD5:	9F9C3D454A2ADA6186525CEF66EB7676
SHA1:	E9953BAF3994B1081BC36EC2A3DB6C81026F1308
SHA-256:	223AB308CFEC53CCAA9499A6424357483E486511E6BF4E017991071C4128ED8F
SHA-512:	460B5BB01A6C852D296319D383E8B4A60016F0BB398D756D37F48B726BCE81B3BB5601765245463BAB17319784EDCF7656CE3DB132108D532C75B026A3F05A34
Malicious:	false
Preview:	BZh91AY&SYa..B..............................` ...`7.\|.i... b...I..)J)%..H(($.....L....[.d.m...ww...^....-. ..m....Z0P..6j.3C6...a64(..R...f....P..D... ...M=&......2.M..44.@..@.....L....h4h...S..B....d.a1F&.4..........h.F................S&....P.dz..h.h....G....Q......3)......0i...."... .$.5..d........... ..h.....i.D.................d...........T..........4.....i.A.....4......... @6.1i....3..>(.U...X.AR....^.[..(..@(".G...HM.....Em.....$!....EE..n.9...4. ...nKX/.. ..G..7.. ...C...0......f....w.`d..'.........S.......p.@1......6".9E....$Z......@..i.p.(...'T$..I.i;..d."i.,".!..%..f.AH$3..a...(......<..#..k..)....gd.X]....y..H.~.../E.J.2/D.......@B+.P.....A.a. .t............x...9.....H...@d....VQ\|.a......m..h.k.0&...........a.c.P..Y.A.Y...l...g#..a....xw..l5l.....o...K...8`\."<q.....Nfg.l`D.C..W.)..Y.k...8..x.h.....m.......iv;.!A....P...0Z...cS@......K.......o^.uG.8...k.H.\|... .d.W.;........G.!$.B.W....}.@./.............+.\..C..Y..p.H.H.........~..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hctwin\relief.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10771
Entropy (8bit):	7.960366405141842
Encrypted:	false
SSDEEP:	192:rwhuM/xcw/FyCPPwpxCX0DBIbhPn+yeigVlsJz9B/4wcj/+zjZDzDz64cQ:cbJcw/FemQE2aJphncjkVDzn/
MD5:	AF3D06D197B1EB566B39095283A6FF72
SHA1:	AD37F096DAF343B51876B9590AA3B45ACBDB82F6
SHA-256:	BF971B3A18C08056E5F50C8911B3FF48F82458943E4A3B1206A84595FEEF9370
SHA-512:	06717C0BA6C6C049FFB5F7D8146FDA136A854CB444693349C6D6F82EF67066B7DC84D34C7A32BD620BE15636B6E4CD65554124A2B494B98A764E338B2940687B
Malicious:	false
Preview:	BZh91AY&SY..6..N........c.....................`2..).w...b...R...Gl(HPPH.`m`-`........X.f.....1.......0.l...@4........E....ml4.OD......C...M2eO.L..A..'....@h.M...4...=@........@......(f.j4...MM4. .........&.......... ..M... ..A....M....L.&.41.2.@.. bd....@...$ ....L.4..S"........`.@..#.0F.....F.4..OR)@.4..@.....4.......................H.!.i.&.&&.CM..L....&Lj.je0.Fh........4..\.-:u.....N>...Q.B.....XZ.J..('..CX..7.=.@.H.Y."....8....X..s......b.B...L ....y...B.@.... ...vt.0..gBx. ....L...!L......B...s.t.H.B..b.Q....}..Vl..S,.=.....,..a7.....x.U.Sh%(MQ% N. A.@..&..E...A....4` 8BC...D.....,...OPs....Js.~^.?s^.y...kf..Z.`... ...Lt.."....")...C.B7....7n....h.F.Q..3fe.....a ...$..A.+.1.3.2.u..V.,.!e.K.XH[...!......=3.0.`.L.. ....{..Y\].H]%r.%]N".H..p....Mj..Mp.Z.,.i.f..x..v.h]&..FH..e..kMe.u&...go...4......wc..r,.H....M..;..!.s.xY........N...L.k.{a.$>...R.j...2M.\u...`08+...b,X.^.....o..k.;n..\|f..Oe.9}..@..:2k..b&..}...qo.......h..b0.a..\...W..^.o.)+.m.z.v

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hdie\hdeath1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8907
Entropy (8bit):	7.939853465835756
Encrypted:	false
SSDEEP:	192:l+pqU7fDcyPMQmH+MZWAFVLhVeVtUpBSe3FX:oVfDdPqeMZWAd4fUpBnh
MD5:	9B1E90A5CD84A1EC7ED6CE7BE78A80A2
SHA1:	41AE8E929151A16C2B81D13C7297BC64EF9DA8D3
SHA-256:	07950B6617BDB384C9A9365A001CFF40CE9FD01FC647B001E054074E0B164E7F
SHA-512:	1F535FA19280964508E92231EC66AC6210634DFB52892603B55EBA7E12A4BE5593CFAB14D3D9D3BFB114185C1DE145D8DE1076981B174D22ECD96ABB1D95DCA4
Malicious:	false
Preview:	BZh91AY&SY....................................... .`,...>....=*..^.v..6....-..l.Dw`.1..ga.X....cP.....H.i....hV...h..E..J.....<5O..`.h@. .....4...i.M.S..i.z........F.....hh....4.D....OF...4.L.....@..@.h.........@.........S...Q..P.............h...............$.D..)..&.F...M....d........h..............h....@..@...........h.4....d......A.. E2$.M.L...0L....A6.Fj`&...h`...&.&& .0&...F..).:....\.k..m9.:.:..n.7.T.I.Z.b.0...#..EQD.Q..+.~.....E...+ ..Tjr.b...&....D.>.....&..i.!..u..v~...>m..F.5.$Fi.b...Fh..,..E.cd.....bE....E..Y....v........vu..X..E....j..UUE.21.:..s;..A.9.q.H,..G8 ..b..4.$.6,.hz..r`....A..G....`.Bl..a..$Y........H...J...2M9...,.D.Jc..D.J.........TQ..}..a.?].OL.....`x.4$C.......p hp..............(.....Z.^.KV..1.g...h.........M....O..v.....N05.G.......E._.%..g...V.-.....Z'?....O..O.XV.7_..n.\|.l._..g.}<....o?..Z.MR..N.f..Q.n...s....~...A.....==..9..k...u.S...}e.sx....Yc.1.\[n..\|e._3=......~...ug.y.P...;x...>..h.i.....v.........To...p..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hdie\hdeath2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9879
Entropy (8bit):	7.9636840127450155
Encrypted:	false
SSDEEP:	192:YlVu31wPTu5UrGrsXr5OMV4SidY75YJyWW8dzPmhH5B4kFvK:G8OPTgrsIm9idYXWTPg70
MD5:	D19A92E3EE4FB0A7514AF854EC454C66
SHA1:	C902EC443BFF8F0CCE232452840DA13F32926A29
SHA-256:	D634E29A4D9B3E40AA7A3E02CBAF44DA9ECA4710230C441AEEC7AC1DC887DBDF
SHA-512:	F75001882192CC5C651AEC2E36F7A47048D29CBADEE35E1D7063F5DEAA97667CD7FBC4B8FC82787AE1AAC50D1E4CE594824D3A602D19177CCFF40B0A2D68755A
Malicious:	false
Preview:	BZh91AY&SY\x.-..#............................S...`+.}T...T..U...[iI(...P.B.Zi.4..IZ.0.......0-0_XZj..SZ.(...b..)mm%)h5....("...SDa.bh..#I...S....4.............i..d..4.@...?I.@..G..#Q.=A................=@......4h..M.zQ...L.F...4...h..T...b....@.0###.d.0...2.0F ....!...114J.G..mS@.......P2...........JzH.@....I....=MOF......................h1B..G.i.........4...FF..@.....6.@d.@..h....Yq98..$.c.5....mv...#p...J...pI...$..w.....(R...8.f.a..\|....J...h.w.R.c...,.T.aP.!..v..J....JR......H...(.......GAFjH.\p $....9pMN..~O_.v9.7...Z.9".....9..U.U...%..J-.(..`-b.H..)..;Z..0.B....I.P...VSB..$"q... IE....3:.....N.O...P7N...C.^.tz....g..%U}/..h.b:.k..DfFN.....](.b..t...(.W..!.{N..Cn.-........c...........%.............>.m...Mv..k^.o.}8g^.Dm~c..j.9Ge6w.8U....U..]X.^.F1..cr.......3.U....^+...Y.-..WE.}..2....q.w.?.U.,..UQ/#K2.M..L.'...V....p.../E]..B..x6UeE..5...qa.#..Ey.U.U.YVu.{.\|...v.r+s}...\6..u.J..^..."..WaJ..v/N..\9\|~.o.m;.t..-...(rZ...t,j.j....z>...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hdie\hdeath3.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	15713
Entropy (8bit):	7.972794277283146
Encrypted:	false
SSDEEP:	384:kUEFK9mD08201N9IcKbgsMBtqXmvxChyNmsJvSY:kNTY8rN9IlQ42vxChsPqY
MD5:	C42C68D7511C32111DF4F98DE3B43520
SHA1:	76BF817DDDDC7362BF52BA00B1948A6CF7A27468
SHA-256:	2F8C973C0A4715C4728EEA5F5A7BE478CFB0B0728A53EBF53EF7EB965992D3DC
SHA-512:	5BEBB9193EC1137E32525EDE8E762CCBDA4D56BE040F232CDCDD596D65000A52A5F07E3A82099C6DBDF291876DAB83EEABDDF04038CF700C7231E148A2EDD844
Malicious:	false
Preview:	BZh91AY&SYK..A................................{.K>........#..R..,m....c.....n.t.).a....C.=n...w.=.h{..X.^.s.s.....ss.....(B..QE..L;.u......w..Z=..=j>...j.y..u.2.TN.........E...RU.........".`d..4.j4..e&....4...#OSe..M@.......H.F....z.@..!.j.S..D..L.O.o30.D(.............z............L"......Ljg. 4....2=.4.2...............ODDD$...i..3IM#j..h.............=@..........I.....Q.&.4.. ..44h.....hcQ.14.a...42.4.M2..M44..4.D.eOS....d..M.F@dd.....4bi.4....G.....14.10F.i...h.....!.....y..<...t.?%R~VR=.`....,....IXE$.(Z.RE 5...}.....B...DdQ@P..B),...X...(,...Clb....P.;.7....../.=Wnx...w..gzu.E.......w:..@....c..d )u.PU..^...N....v:yv6.. ..h.c......XC4h@..L..8A..H..DX^4 ..(......!..%.A(....#..@).$..I..P....qR...x...%...;<..h.=.k.C h..m...3.....r.5T.Dy......W..T.M..)9OYW....'...\|z.......F..))x<r-.w.....~..rS....x;T7xc=.\|......$.3%.+V.....z.Ov..,v.P.n...~.....+.9k.b..t...vm/..../....9..v.{...\|..M..t..J.Ko~V..i...).4.}.I.......;.w~_3.......<.V..>g..\}...P

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hflash\cantsee.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13215
Entropy (8bit):	7.972874463424758
Encrypted:	false
SSDEEP:	192:ePUOKv4EO7yyndb2+Aektbgdu5K36SVSnUZuWDgLokT+yCiM3fkX3xJ2EZoCXouF:ejK8zndm+dR6SVuiZMNRAcXBiC8vFw
MD5:	E09AB94E1786DDAF296FF1CEF4EA4C8C
SHA1:	691F7C0C83244F65EE52CFBB1B95A732837B0B8D
SHA-256:	5E7CFF6BF3ACF1673C4526C3512EB0FF0BA46EB24C75F20E9DE418A09CEE360C
SHA-512:	8879AA68F500BA6FB00F1D8B1F2B3E75FCC99D7DE882C063404B6B945AC99000618ACFDF89E6682A838A6C6E3CAA44E81F86C75D49743C02DAD7E3BCF8951A04
Malicious:	false
Preview:	BZh91AY&SY.Yx.........!P..7....................@...`2.\|[...@.l.[0.K.N#/.........;....^=/w..{\.;...s..3...<.^z...{.x>..}.<.^]Jn\p......=....w=...l.d.m.P(..P.EO.@........LM...#M.D.j2h.4=A.#@...=OQ.M....P.....F..... ..I...aO).6..44.S@z.............T..A4B&Q..i...)=.2......b...#.......`F...M4.M2144d"......"M...4..(..................T.)..4&...........i6.&.C&F.....a...F.d.....A.....B.S I.di.2xOJm.Q........4................ ..uz..e.;.vB...!.QX.HJd!D.V$.L....].,.B...D.`!\.)f3_T\Y1.d.....g.y[..w.=Wo..~..p..V...v..#..}..........kd.....k..#..F.^).....N$..).d.......J...%......!$.q....M&:R.Z..L.e6.M.._"....av....X.D.P&p...K.........Kth!./......i.jgO...P.2.......}.....Q.M0..qS.m.rk..S ..2....c,..x_..)...gE6.8..-....y~F<..mF.....&z.n.wm.".H..d..d..lU..~.m...^;.E.,.!..`.?U/..4q .Bu%..g...{p.s...2Y..........p..c-.o.........Z..a.#...i..#..kR/..S.vH ......%.r.k.V.3..&8......V.p.........;.o.......W}..nl..A8Rys./............m..c.._<...&Hq(:.f..93..:I....@..n=...L~.,

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hflash\myeyes.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	14565
Entropy (8bit):	7.974598342049263
Encrypted:	false
SSDEEP:	192:zWrOGS9Gm/NdvIFCt9a5PiBsfRA5j7p9AHhVPl+xo/0o5USHK0Lxku5paYcl6w0n:tGmNECtKTG5hghz+xoX2OlJkRBL0
MD5:	8EACED5F8C8BA84C355DAFF090E8A691
SHA1:	A89EFB44D7DD648CAB51C55B83B44AB9D36063E1
SHA-256:	98E393BE817845565FE16FF84BE7D2B51A85FC94002E6A34D646ACCCB0CD9DEA
SHA-512:	176440B2D5FCE50BD1F8DA933FA9635B23155FFAC810CC6005E4F4FC4757D6B5EE832BD8113E6016EDBF2C76608DF1B0FEDA8339F2DB43782E4D4EA9A7E63705
Malicious:	false
Preview:	BZh91AY&SYU............u...........................`?;.....R.)(......f..kF..F.;...,..u.,a...c....@.:0....=w........z.p..n.vt\..Xf..A..w].Z....h.....Q@.....S.D....M22..@)..f..S..S....G...@......@..@yFF......S....I.i...B$&........................I.....d.6. ......fI.....LG..4f...&..#..di.di.`&# .4..&..5O.!!S.b...h.P..........................2..4..4d...C@..b.4h..dh4d.F.4...............M.i..?..T.S.............Q...3.4z.............0....J....%....r..\.S..q..P:..@.J.UW.:...... m:..&RB..T!e(..T7.Z>._H_......W.....Ub...T)T.x.....IilI#"Il.Mx...eWN..L....4....R..hT...P/..R....x.L.!D...M7H*.9.V..PUF.QU.9.Q5.........7....:........G.......O......'..~<I........p....b{.QJ. ..i...xq...-.`....":.u.p....[.#.P?.....MT...BE.....h.q..<.h..x..<..t,q.O,9)(.....X..,Y..W.,Xe....L...G.!B.$qd.z,.H.!........G.<...H..\|.X....p...(...fL.Xe...1.\...9....xB`..1.,JB...7.au1.w.J."..l..@.,..IT.q..h.Mq.c..Nc....G...2.\|q....sd......3dZ.\.... ..t!.f..YD..q.2.....Q.d..<.....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hgrenade\grenade1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10693
Entropy (8bit):	7.964592091597164
Encrypted:	false
SSDEEP:	192:Edn/UseuYxzsGrFwagtuKoSRMgjPHDLvjZxl0DHyG2igXBc8/:Q/Us+xzvpwaqHhRrPHDLvjXl0DMXB7
MD5:	54090F2AF5BF358A7A3228F6A49DC2B6
SHA1:	3970790E405427229A281B1F85AB4C0C73D64940
SHA-256:	4A87DC5F666D0C1FC772737B3B768E9AF07CC7A69A9CE3C94EE1AC1E220EAA15
SHA-512:	DBBA77087C3A67F55838457A2DE5A19838366F5A88037ED346A4BC464C957A1D85F3DB9A5DD39D3924FB1B03243D4CC2013A735EBFE9FB0B46C9EDD2EEDA100C
Malicious:	false
Preview:	BZh91AY&SY..X..........r(........................`+?.,..(.b..L-5....P.Md.&....&.............X.T..p..`..np..;.n.s..iNYR......\|EO.....2`...M4!.=..h.........(.4.2....i......4.....I...F...h.h.......h..hz.............E=...D..6...AM5&....@....................$L.CF.=..M=F.=)......................44. b4....CF.@4.@d.....@h..4...2....L..@..."..AMS.4....<S.F%.2....1.....Li.............Lx>.\|).A.....~.....\...9....4'....$.....c+.$`...D...6..+....%.h.,.._f.`..... I....~._i_...U.............R..c..P. .. ...E....<V.^.../73..1..$.F..D$.E...nt...x.......'...D...u....8....jLr4"!.Bl]..W7)....~....>..F.......8........._U....V..".?...o+ ..U[.....XR...>.9..........G..v.l..Z......N..5..mlh.....U.D..<...]..S..m.y.3PV.8...D4.9.T...L..2-9..,.....WB.~o?....^Z.S...B.!.5-Y.L....7V....s......]z:..Zt.xRv......K..B.d.Su...0..u.CUE..U;6)Z5.,....A/C0ixqi.h..:...W~...$E.Sba......[...5..`j.(@..T.&.-z.lV.sS.....3...mfU.6.Q[Vl..s.\.....E..H..J.N.=\|.).5..5k*x.jr.p.i.^.O.....J..$..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hgrenade\grenade2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11850
Entropy (8bit):	7.967846211495173
Encrypted:	false
SSDEEP:	192:I9Oog6IUfSuCPyoQjr4DPxIvFPfLfQXH2+w/AtAh5oWMOrcg7nRlCESR3KD:ug6TauCaoQjr4TxUPfDQXW+sJCWHP7n3
MD5:	9596117C4370ED6D6FB4170AFD82CC79
SHA1:	0854C1D73E0A51AA58B3B6F0E63DCE2401EAB4AE
SHA-256:	318DDE5A5B9C82351F7EB142B4E0BF9E36E46449EA48FC8294416E1DA83F9800
SHA-512:	5F1E09BAC305A5F938AA0DF616D8FB25F1F8C61B6A1067AB3EB268C49E09CB8E4A5D51CFBF4AA0181FF8CC3546FB16A49B2468B3ABF725FA52D8D899021A13AB
Malicious:	false
Preview:	BZh91AY&SY..g...p......T..s..................?...`0o...U....=+.........v.sck:.v...n....V.p'vp..\.....h...w..np.M.p.v.Y...'u...S..\..Y.wvm./v.j.....T..i...bcF.2`.2i.i.......z.4.......hh4.....z...)..O.2..hi.."&.M.h.h.F...~..h.....4........2....T.@!.I.....O....MLC@................5<B..."2z.&....'....h....................@......&C@...h..h.......i.F.&F@h.!.......M4.2.4.6..jzjhOP.hm@..h.h............V.A.......g....z........H..@........p. %r....@.......CE..B@......e{_j.! ..:*%i...-}">....K.5.....E.~............}.E... ..5.+..4. ME.C.PS.....H...{.R..u.W>.J@H9.$..6 ...C~~<.......7.{..k..F]...{.7D.......@...(H!..P&...J$........Og...%G......xuzkz~.+.U...."...~.ql39.)Z....;..h.=_Y...)......#.CU.d.7....B......^?Q;w..f.....v......f..=..l.XU1 .\|."..).8.tdST.e..a...]..........T....xr.w.$mT..z..O.{..x}e.c.`....t.).X[...3...Xq..8a..nG{.......);...........9...Kqss ...b.r.....'..d..>.<...:D..&...m..xq.....S.....^d..........+BC..m.[..#..m..!.N.K6.9..W.~E>:.V..>...{..Vn

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hgrenade\run.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11451
Entropy (8bit):	7.963121941771212
Encrypted:	false
SSDEEP:	192:6Fu1BM6ujxf7trQp205Hpr6bggal1KA48Tjquwau80x+K08EUm9o2M:6z6Yztsp2G+bgpdTI86+K08EUAs
MD5:	7355687900353C8BCED6BF85D22BED77
SHA1:	B5A5885F7666E8152AFB80B650B05A20EEF6CD1C
SHA-256:	CEE7410A31148A7C2FEDFB0E7667267937A0DDA77B998A821CEFC4B15174F5F1
SHA-512:	135D4D556EF82FF7F51B9E038AB72E127A81A8FEFCA14B89E696A931B6E45994131FAF9F88E5FF50CDF3343426FC821539B5FD5755B81FB69913381822E70C12
Malicious:	false
Preview:	BZh91AY&SY[.f...M......~.......................s.`.{.=o....]...z[we)%.$QB..i...d.,M......e.A.5;...X........l.lf&..M..)z.uv.P. (...8.xA..T.).flcF.d.....L..=......h..h.......h.P..P4......... .`a.M...mL....y$.@h....G.=M..h..4...........h.2..x.I&S.....).z.S~...&.4.Fj.5...@.F#..h......h0...d..h.4.j..DIMM.L..O...J.2...2.@.....@h....................@.hh.i.2....F...2...i..h...d....i.."4..h..3a.4.<Dh........f..4d.M...............peZ...vz>.4.32........ANe....&...R....V.!Q_P]5..@A..xO...Z.h..C...=bXK..tM}b.=.......=..]z.:.`..{cVP.:.v....T.....Z.D......?....K...e...Ub'H .:A...b..t%..;.e..s.h B+...'..6....xnu8W.7...p.m.r..N....o.2.H.-`8..mb..R..0}...8Dm.U-)......M...c....\|...`bb.y,b.G..W..//#."..3..K{[3\|....^..c.%kjy...."..,._......g..=...Fe.A.:=.L.D.z~...Yh.......e...P.FL~.).....\.V nB_....Z.^- ^.K..L..........^.D....q.g dW(dH..lUj.r.^9..X/......m...%.>.c^W.;U.`k.h..."...1b.....c.IC...~.......IRg.#......MI...&..._'...A...<...Zr...[.7._.m...-C.5.....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hgrenade\watchout.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	6005
Entropy (8bit):	7.943574411066037
Encrypted:	false
SSDEEP:	96:NjXjg4xB/f2PllAwbfjmc5YVNw9ODiat1/yYehpySg8qx4MA3YO+bAyY97qvflNY:Jg09f2PllbnmZnVtYJY+1w/Y97Sf/Xg/
MD5:	C55978F1BE7566304F49786E6F697D0F
SHA1:	367DE3D02D83E9D79CD204D973C48E4D168EAF6A
SHA-256:	F0C3D9C054286C64D2400934755EB0C5A324A35B76086E39BF1CB067F5243A78
SHA-512:	3324E9ADDD652D80B50DBAA6F237FBDFB697FFDA7229FAC67B5C36192442CB27B399F6E615B77EDBA57971B66C369850CAE131109017319EDD6B547D8B3BE518
Malicious:	false
Preview:	BZh91AY&SY..}z.........P...#?................... `._....;.{l..m.{.hv....p..7;..$.....z{.....p....zhB.l.04..@AS....5=..2h...4......2.......f.B~ "...MM4%?Jd.CC.O...i.F.(.............."DO%1.e6.)..x.F..H....................$..6....I.h.. h.......4.........M2...hd.....!..2.0.&L..F.....M4h.4.1.. i...5..{..).S@.........h...........^.j..~S..q\|......u...U..I_..(..I.} .(.].L@...@..+.G..@&..}_......5......P..@#...........EQ[.J.'LA...P+QS...R..M4.....,:..a.".^.K.K.{>.....7[...7.{..o...1H..Z..N.l.J.:..X.!...miQ...U.G^......4.M..Sc\......vX-."...b......n.....<.[..x~.-...2.%5./...5..n.......=.b.v.k^..%..C.^..mi..z..kZ.`]..0..5.~.......qFL..;u..k...8.1<.].6N...qB..:...p.i...z..e.........EC...ok......v..C...k.\|Y..v...,.k(.#.h.z..c)...vp...{NGY.rl\|...r...4.Rm#]u..;...^....Y..Vn.-p@n..!...qJ.....,0..XA.b.K..B......{."N...\|...R..+.\.(.L.d....d....]j.x.z.j.X@D..\|.Ss~..~R..J}.&w...1.....G8].........tE..4.....V....4.&.0.9...s...&.G<pM...........PH..k(.?....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hpain\hpain1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7413
Entropy (8bit):	7.960175332737759
Encrypted:	false
SSDEEP:	192:rrDYTDcNvI86u+OuFLzYswr4NLYGWaNEVY:rrDtn6uFaMmNLB1EVY
MD5:	C8AED38BACEA09F09BF2B36E2BD61211
SHA1:	CF4766B8E77E25251F05816311608FDED2C0D2CE
SHA-256:	0451A1A3D958E3D90FE8701CB8A616B221584265A667810823866DEABA97338C
SHA-512:	7FB5225D7F30E7133BD3A57C2B313D9FCB33051BCEA8271C1AB24DC7FA798952929C63E7597482577482EBD95553F80D476E0BC30EBB8DEDEFCE1E267CC67633
Malicious:	false
Preview:	BZh91AY&SY.R\|........}..06.#"....................`.?...'.UFm.-.(.F.5.3d!..t.1.:.DV..J...."N..V....Z........@.....A4.m..D..h.z...Q.F...4z..L.P.S....M..5S=H.=CM...h.i................CCL..CL..20M2h.L.`...F&...4....L.a2.S...$.S&.....Q....=!..F!..0...L.FF..M..C....0. ...&.2`#.0.44b.FL.h..2.!.4..F..&L...!...=.=L..I.T..Q.@f...=C....S..A..M......4.w..5H.=...^...+./.Q@...o.d.....4..6....<_...]._..:#..7..h.B..#P..M....8<.2.e..)J2.(2..(.EM..`...f....Y.")J.R.A.PV.......i...&..Sf.].X$@6.B<C%..8i..>.{....P....}5{..P)...{..../._.+.C.....:..~.......\|._.`~..XC......&.J.....%..J1q.uX+pA."......=._n.y.Xf,Y-.W................\|.b.E..@..}....y.f.M..L..l..............mg.i.6...7#..':..h.....mO....D-......z..,H...2>"..1..3=..R}..k..../..U...D3.k.%.\|.]U5......~.W.....\|..w...){...T.&..7{..'.w.3.1*......P.!...........^j.g...e...8j;.-K............JM._.y..M.K.p.^\.\|....&.> :...!0.......bG).{......7..p.u.u7.}.`"..\|....%.h.....1..xA_z..0....5.&.r8.FK....7..~.....,.6../.\|.....1...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hpain\hpain2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9000
Entropy (8bit):	7.955602694149209
Encrypted:	false
SSDEEP:	192:DbzHSNNUvIHUOsQbPX+1D2CWJDrnNkBEiN8/mckMfo:fWNUtE7XCqH3ho
MD5:	6503C9F8158060A8DB9A533E072622F7
SHA1:	4BA5B808E386BFF786C05B7D96C6C927F12AE440
SHA-256:	F5AEF7E46123E949D0F2EB4C300D2406CDA35329A3948611EA33FF589443BB3C
SHA-512:	1565D15EC45860548D50685FB782119ACF9553E0E55A37D8E44CC8669D41F1248CC8FD48898F89311B521E7A9193BFC3E85189187D4B8845C0D744450BCE2F09
Malicious:	false
Preview:	BZh91AY&SYg[5...I.....Ap.........................`"....]i)k/D..v.m-.M.Z.E....g.{8Za.;.....w.8Z2z....u.....kWX....).......4.a.....&~F.6..F@=C......h... .4h.....EO....4..A...5.i4...i..i...4...4.......d...#.BMD.Oj{.M"d.<).=M.....................?..BBj......D.OMF.M....................SF ...@.#&.........@d.....A. ....@...=.".M.L.d..M.`@.....S# .@............xMZ.w......E.:QJ...jR.P....-.&..,%...K.........q.y..o8.z[.@l...................Ib.3....J.%T..Q..z.4.H.)[V(..u...... .....}........>.?..a}...u.=..........;..."{.H.#.8.....(0.......iLp52...BJ.CcT0...G.,"u..M..P..e...Sd..M.f..[...9..1..J......Q.R...O..(Tm!e.......'z$.9'.\...N.,G..g..+.,....{(....{'w..u"HY..<...D....6.N..7^..i;..&z..R..z..z.1yG.\.G$...&G.....o.....\|.^..+..d.IFx(0l....{..9i..S....RhST...F,B<+5...{...u......C.f.}D....{.tG..."...........B.Gm....'b..R.]...u..N....By...W.0@..(.;5.=...{....$.K.......UUk$).Q7bi.lYE...m.l..Me].....W.Z....."6....ox.._K....eU.S..Ua..\|;.._.xkSn.L8k.8a...H.(l4.P

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hpain\hpain3.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11912
Entropy (8bit):	7.974373886438164
Encrypted:	false
SSDEEP:	192:jPAMtlFjsOqanbe1300RtGu1m1BcaATz4T8WArcAG/WXzhzOUKdl2znk8dVEZKcV:jP1tTjca4300Rcf6TEZA5XzhzwSznk8o
MD5:	6DDF8B3A3DA57AC89706F6E77B72001A
SHA1:	DB406709FEE50F84D15933CD3CA1C62129821165
SHA-256:	5190659580702EBF8FB6C6DD4B6E6BF557854D74CCC3AD418875F122D5BC97FB
SHA-512:	804FE94B5C764F18A250444D6FBAFC62F41116FAD9849742CF8D872266FC64D4D0670CFF8EF9B6871D570F29E42CBA990281158A83ECA8B81E89C13F5C756D6A
Malicious:	false
Preview:	BZh91AY&SY.B.?...................................Q.`*........M..%j.hQM.](..(..........Z.d.m..k....;.....f..(.....5.Xi@.T.B.$...........m......LML&F.M"mI.O....5................C..P.@.".......$L..2b&.OT..OP...yO..1......=@.....@...@4...hh......DSB......H@MOT.....d4...........h........4....dj4.{Ri0.`.65L.i..............##.2b0.....110.F.....`..........hh............................A.F.B.H.i..2.).j<...=@.........##@.P..#@..........=.{.j.a.........5.}/.D..L.H...4....<".....N.!.4/...1.S?>......[...=f..@.....5.B........L...\\|X.Y#..H&.D.....B.r.....H).3.-I:. V..r.P5.!..A.K.&6M.42.J...4.U4...cg.&A-......~....W......]_'.w..>.....OO+...R{....vG.T.+..F.P...T...=.....y~O".C..v...IjO...0G...."3.....s...1bru...~x.yWB.X<...$,.&.-bv.&.....6_z...PIL......n.........F..P..fj..{.f8a..P......K.z.u.8...I..@6.z.}.8.0.5@h1...k~.......D...1Um..8Q.7v[.s..W.T%.S.{..c.3..5..gn..`I.._.c....5..Mr..........t..e.\|o....J...{^....7.H/....5^<...../..#O..&..+.T....$.\[....Co.....7.....o...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hpain\hpain4.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	5446
Entropy (8bit):	7.930935585528736
Encrypted:	false
SSDEEP:	96:td61skYnjduzrtsOJUUOXwd5XtBBSLPiFkDU2tZVlpe6+tPXa2W+JWxc/Mhld2GN:tdFZjdcvUU4wnXtYqF+tZVr0RW+wcc2c
MD5:	EA5954C5984C20581165CA7797C59F3F
SHA1:	C487A4DA3FD05194D305EACF1F518BE0782E3484
SHA-256:	26353B6B93BF7D83D1F03C8CAABAA07BEB46301EC4FD9A1563A242E10690FB36
SHA-512:	67603BB183EC7A4303731E4D705B21389E76B42F101B5F5683CD074F6CAEE55D761CE4C4F643108EB77DF498AD8C0C796F1C1C433900B575AEC4167054486C88
Malicious:	false
Preview:	BZh91AY&SY.t9........b...6#.?.............L.@.....`.}.8.^...:....n...BB@t8...P..v..i.Z..t.W.S..M... .&.&G.jzO)..h..........44.2....h.M.............44.0A..........S.."Hjy.T.I...@.............."...L...24h..!.2.4..4.4.......#L.. ....B......&.`.......A.bh`.F......@...!.L.....0)....!..6......h42..4...@............"k.b....B......... "....$..'...A'.'.D.....p.....Ib1.?..dV...8..H#@1.H$..pA..D.....6.4....../..b....."....B.N0...F.xr.`F...........@V........K."..H..0b_.Xk....d....G.N.w...w.o7!.w......~..K...yo..X....3...y.xk..~.>.........z.-X.}..`5...Ej3...5^...<F;)..:5.k(..a...C!a..N..N.`qD;.2~c. .+7.2k.j..,.Cp<[.hN<j....]nZ.9Z6X.....v... ..FW.....j.v.2....r.B..F..{..n.f..P.kE....N.#.Q...@..`... .A.4..u.. ..U[.B.2....hf..B.4.T...n%I.TB.a...7.L.kS5A.Q.X....W..&..h..n.<.....<..E;{qWI^X.(.+...V..-.!.xc.../(....6.]..<60M*..Gc....H.....s..F9.b..X.U...L...:^.....~.E.t.N.&lr.$..v1.h......s.:..xT.x...>......v/\|.\#O{{v..7.a..MQ..}....."&T.R`.BO...F...J..lj...+=....;eX..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hpain\hpain5.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7125
Entropy (8bit):	7.9398168437610925
Encrypted:	false
SSDEEP:	192:1q3mqMtOQO1xsaur4hlYIlWsqvqW09znyUr0W:1qzuQxqMhbZqvqt9zy00W
MD5:	0FE3E9080A266310243796AFC30512AD
SHA1:	4304F01BA4F71315A4070BC2C77DF18FFADB007C
SHA-256:	6D736304A3D32755CA7FABC137EC95F5361BFDE77233AEB8C58DEC919FD236DE
SHA-512:	1637822CB99063EB73E563D2111F3F36523319520EB4BC4B3813A48F0C18854549F76B54EAA1D409771A8EBCFB8594DA748BAB92D75B1EDA51B8EDCC92EAE5D5
Malicious:	false
Preview:	BZh91AY&SY'..L..<.....aP..A..........................E.^.f...v..M4....v.]`..B.......pZ.z...JU...hr....O.....L..D.i0. ..@..G............FCCCF..F..4.ES. @.........I.....4h4...P...i..........T. hR=S..i...z.d..1..4......i.4..@.....0A.?..$i.......2z............................ .....hi..&&.@....4.. .4..4.d...4.Bh.E=..3D...?SQ..`&&...L'.16D4......`.`.C...7@.U.&.....E..?.Q..../R+!@..k......@!..R.Nl.B..H..KB"......X..o.DF..o..BA..uI.)+..K.....P..!]......H(..J.EH.."RbN H....p..h...@"..........{.i.....t.....U..q..$.n..t......".i..MH...Ft..i...9...@wZ..sUj...I...]..l9..W5.$....S.`.ir.'......D..dU..%.FwUpH.=".0.A".......j...g.q.v~.Pd..}.O..%Os.i.......$Vb.\|@z..)..]...k{.h...U...3^..9&.dzC.J..]...........H.;vM.%.J....7.]{..k..&>.A.]!<..{..a.6#r.u.fP...........f./.1l$.....h...Ddk..7.J.:#..F...{..4....UH...d...K..Lw?.p.h.T]...C..r......j,2!Xo..c...R.....fO..5..].o......].]..]We.......\|..]p..>..'.\...mjg......b1..#>m..C...S...L...X.pYSyK..c.\.s.mV.n..'.da.)..$./u...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hpain\hpain6.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	6986
Entropy (8bit):	7.937381381119836
Encrypted:	false
SSDEEP:	192:NEPkmYEDdyeE40JLcEUU1jGy0v2Ru7NJY7X4+:Ne9jP0JQEnjGhOu7U
MD5:	F0745DE6999CF8A5084F0262E9909AA3
SHA1:	29B114245C183D66976034C92CE95DC2A2376A2D
SHA-256:	F2C44979A40F9586E99D7583FE06F6D68DAC444EEFE70A407E233C19E4C2926E
SHA-512:	903B0C219F40078F888D5E5BB0FBAD5EC5C570E6518A23165CF7681A5538C29886F5DAFB4A6954B19094A8884FEFD602A8D00D0ACFE47F049358588AE0BA124A
Malicious:	false
Preview:	BZh91AY&SY.B...........q.........................`.?......V.f.Wkm.;.F. [....6....Y.d.m...P... ."....&.dl...# h.F...h..FS..@....h..M...d....FF..F.4......4....&.4.L..L.&M4....=@4h.M..................MM..T...~1.5....=M.3P.4.4......h.....................h...M.....4....@..L.......h.......h......4....0.@...4..4........0.i..I.@....M.$...jh.......i.L...................MR....;...U>......^.........B.......$....;......\#t.P.i.. .m...B......R....K9.D"1B. .F...31..... .e.B.t...11...S.$.`..M.B.\..MB.+.U..M......B..."..B..... ..`).{;....F...>.M..tlS..#..o.U...xR..{.krYi..er.+....q.g...V...u]C........8.1Fw;..[.3.KU.]}.q.L.#..3QEVgK....d.......~").............2b...M....8!..a.i..!v}C..N.~:\.,.CJ._..._.c..Z.+J.c..p....x&.9/.\|b.n..,zhF.p`.t.b..8rQ..]}....>\w:..w.V......2c...{.G..-.E..x ...<.B.f.D`].u..hf'...........b..q..}.V...0m.d...v\|..W)a.w..k..fD{.b.....V1....".(....z..X..A..yd..P.s.FmN..n....,.NK......\.M..]..,2.<j.fQ-.k.g.....i.*.e.#.\|'.C.I&.....N.9/i.].r...1L..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\awwcrap1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7389
Entropy (8bit):	7.951076091121032
Encrypted:	false
SSDEEP:	192:PDY+yvMjxbeppH89q1FQiG+R5ZBkEtJfiS:PGvMdbWc9qFhZBd5iS
MD5:	35924566AA915548C9D41988C474A070
SHA1:	B9F628648D4E20B90FB74978F57A664F5E709AE5
SHA-256:	F96465493AD37BDB64F2A70685C97FF1ACCC4A9D620880345A31540F87588F73
SHA-512:	CD774056612C8A3EBEFF5B96EB0A1BFF5066914158281D80516E4920D36588D879AB0C812BB333C3BE2BEF66C42D360194721D75564168FA04E32C5D92C7DCBE
Malicious:	false
Preview:	BZh91AY&SY..B...^......P..!'.....................` ~...HJ.J._Z.k+6ms..;=..#;.kkg...wY..].2..L.k.U..nz......z..wc.[e[UP....?.Bh.. ..@$.bL&.j....G.. ...F.#..41.@.=G..4?T.S.....S.$'.hf......2........... .M...d..A....A...FLL..0....12d...#......Oi..".).M...F......@..............4.H...Q.(i.i.SOS.h....4z...@.........S.$.i SM.h..Pb.....4..h........w#...j.u..s..?I^...v....Y....{n".iAi.K.}J.U..hQJ.7..-SHt.)CKIY.h...4..E.m!..Ai..p.(..b...}...>...WR..s........?B.2.4.Kh..J.B..EU.J..#.+.{N.}.ou..Z.._).F......=\|..<.\y..-....hTNWJW-.u7..x..7Xn.6.m.Vi6Ib)..0..4..]....LA.G%@@.........o'W..u.1...Cm~N.xM.2.\|...U.>....o2.......>%...Z......G.?......qz@o.....]..T.H.[...0..T..q:...5.QU......&..t.i.....00.J..f...].[..^....C.....'..o..DN._.z.]...y{}.s>[.I..(..L...H.KT<..8=......{V.._...Px.......z.K.].l.4i...N\|w.~.Y.Z..[.M.^Zs..F...e.-...^z..;C..k.R.F.Z.f..\|.9vM...K....N..D...N6m.....3....M..[..5>..L.A....=.g.M...wV...u...&.....j..E...WC:qs.n...,q.J..U...*.`ED..":\.Q9f.?..}f

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\awwcrap2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8754
Entropy (8bit):	7.958095335840975
Encrypted:	false
SSDEEP:	192:aeZ7KLkfF/sKYvWmM5BfGN73Mk0YCyIyho100+5Dapz:bdMkfhUATfGyk0oIrJ
MD5:	C2248434406A1ED44F150274621377D1
SHA1:	5F54B59FF8C9EC64AE947DDC048FAF2A145B2ACD
SHA-256:	B25076A06BE5A13D2B7152C2261CBFA5EEB8735ACADF00A6AEDC581A24ED2821
SHA-512:	6714566D4794CDAB7400884A7CE429B261BE48A372D935A7EB7CA48E62FB091B49EFCB77E3E4EFA57E019FE2C754112B3424C93C89E2DC401D40484ADD2776CC
Malicious:	false
Preview:	BZh91AY&SYpV....g....@.Q........................@`%}.........n...SlP... 2.4..........@.....(P..[.V.v....U.....BM=.L.2....4.f.....d.o$.. ......4.......h.LM.(.).D$.......!.OT.Jzd.M44hhh`..3M hh...........A.L..A......2.......h.F....M44.....0M..CC&@j....6...oh0.&=(.2.Q.A......................d.&..h.@.hh..!...&&.......M..h.....@h....z"""$dQ.a...i......@..................2.`...'9.q..<x...sy.\.h&'e..72.3.........0.1...ZP.t..Z.h.....o@........@....?.D).Bz53..pC.e.t.M...~.k.J..\..nOq.j.7.......f\|t.N..>.XL...?....o..^...tTJ..r..._.tc....Q..ba.G.... ..01..U.8.4......-..!...Y..;\|.....?._..O..5v.;'..;.`.....vH{b,T.S.........,..'o.lw..O.....J.nM.I..u4...+......q.K7...I7F..#.w.tR.Gy....W.....]....{DqD.Qa...W.......-.o......xYx......p....e{.>s.8f..u.;.ZV............d...i.c..w=....\..r...q.hK...X.....:].Y%........0..o...B.*.~.5d........8...<~.m.;.W7..e{ze..m..=-7=.n.Kch&I.A.sNW.J..R=.{...WD.WksN.B.;.._.u.....r.......#.x.....=....j.u..&iP..'..(.)....q0.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\awww2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8512
Entropy (8bit):	7.949064976804247
Encrypted:	false
SSDEEP:	192:ob+L4Pt3/2cc1UDBLpxSTXHKoZNdHAjiC0kjBcKGTxxLa:ou4Z2cc1UhjSLHKoZNHC0ciTv+
MD5:	3327651815E988B9BE957844D3C1EA79
SHA1:	EE96B3FAAD1E7967D0F62DBF20CB08A2F0735DA0
SHA-256:	25ADD648603ACC512B5D3A29FC7B035236C96F836DA457A5467295F6A83D3C7B
SHA-512:	90C55BE5BF968AF113845943857D160EF3BA58713B27B8E6D96780006405F253BC91BCD3A6B28BA3D8A3C09B95FBF330AC4B9C15E07AA00E6FC3BEBED48DFC51
Malicious:	false
Preview:	BZh91AY&SY.K.......................................`._...=.R..... S......]..[...2......l[..juJ.T..6d(.....S...... ..jx.).Pm#.. 4h.h....@..............UO...`.4.4...=M....M4...........M......4.......h..UO......xU?.O$..&..=F.....d.4.2...2............4d.......a..&.I...0h.&...&I..=@...@.........zC...................d..4.....`...............4...=."hB.T.h.2.&.4..!..z.@......C@..P4.@.......@..s.........)..>_.J.\|.+...3._......K... /...E...W@...k...~.y~^...r.r.R....%.@P...P...W.so..lj...........\6L:.4K]P..!#1..j.........l...AcB......`.b...%D.X\...mbSbi1kl;]...=y...rbz.....s..m....:WgPP.6..s5E..5K..,.E..nG.&.-..r%<..3...A.:.A.o.....!...w....{4.....~..\|)r.1.%..5..#...y...pz....R.Pe.n;R.N..i.........g-.....t..i[.N.V.p.+}..x.\..z.VX.)h.t,......T."qY..X/..\.2&..4U.IsI.6.!.@.\7..z.1Q..S#%...3...h.aU...D..7l.../?!..zD.....x.....K...C..>&...,.x..A.[F.y.W,..-.Y$.6.....F.Z,-....).8D....Q....C.....AU.h..K...=..<~?...:R...x.u...\.Q.c9f?(.e.zlT..[...$..&.S..-.9....q

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\awww4.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9030
Entropy (8bit):	7.95462130194855
Encrypted:	false
SSDEEP:	192:j0WXOsZRrdXBFYEPW2GxFKFuxbavIU025vAr2XS/E11nm:j5XOorFBFYjjtvU15vH/1m
MD5:	E31B62C02293AE8BD8246C4B2F7EA66C
SHA1:	36491A43D1C966127A1B8CCF9389F7221352A423
SHA-256:	F1C2BC8176A8F96B217BC9EF6323B976F63E1D9DD5939825B409544B4FCA5226
SHA-512:	8A81426DA2165A47251E973C75368DC97654BDAA89A1D7120EB0C9349AECB7E46B3884D39B915F3787128D619406FD7FF5D534043E6025E21205DCEA3D503794
Malicious:	false
Preview:	BZh91AY&SY......<..................................`....t.@...WE.T.N....Y.m.m.;..2Z........f...j.....P..U....UO.A...i......&.x...M..4.eOd....S.F#OQ...?T....x..........4.....T. ."T.Oa.........bmL'....Q.4...........J2~.b......h.....@2......US.A04...zh..m"m5M...$.OS4..h..h.C!..4............h.4.O...LD...32.H.....OML.OH...4d..........M.............4...4.@..........@.......C@h...@5?H."e=$.`.z..FI..... .......h..@...............9..&........\|..^G..O(s....JJ...s.@!i...P).]...Q.( ..K.GC.....E.A.iKM$H.......E.M:gM5........r.:. .....Y..}.Xa.(....CT..9.od..W.....)%%)..Qr.9(.QI@i.bt....4..D4....xV3p.QI\;...7........E.~.....h.s...?9.q"..T7?...b.....2.q3p.E.".(P\......F1..31...H2.F6.Y....&..>'..\.$#.e...V7..,..*+=.$......e:...8U.9..?U.B.T...D ..k35n>..!.t.fX....-...J]A..=j77.E...w7....$5.k].%j..@.S.....f.&...+.../\|"..G$.H.{p...[^o.2D....?$S....z.#.B...\|....,...0#.h.\|.[.X0c.L...P:.A..<Y/>c..4.O...i.=.f.e .....a.)5.mv..i$..4q..=o..k.......YI.R.++...fX.@.z...:\|..X.(6.^Jt.F.\|9

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\deargod1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	21956
Entropy (8bit):	5.281444813114006
Encrypted:	false
SSDEEP:	384:U03OF/q3lGV7fsHk+viFhG5Stim6hguD6PipH5e3rXWi+Xle3smTeRd+rtQESvNf:NST0x5WEDFebXWF43s4eDqtQEumSYax
MD5:	103D1012B443370B470E7BF0F187C4EA
SHA1:	4982395827B476A37DE3F9816D07100D003CB227
SHA-256:	C89DC2AB10EBAD8FE2A634F56643A7D4990A86C7151B7C1BFCB52F97FB7EFBAB
SHA-512:	9BB4ED12BADED98AA4BDE7F10C6C67221BD24F427B9D571F1F562A57A29F355BF2394CCD2B1F2AC9F8D7F8975C28D8920F72E5C236EC0C5C5A458645CA0047C9
Malicious:	false
Preview:	RIFF.U..WAVEfmt ........"V.."V......data.U..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~..................................................................................................~~~~~~~~~~}}}}}}}}}}}\|\|\|{{zzzzz\|}..................~}}}}}~~............................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\deargod1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9712
Entropy (8bit):	7.966152490800526
Encrypted:	false
SSDEEP:	192:/Rzof9D73pS9ALxKbPzA+AzMxEEOoftOdSHAOnQwvFyDDA+v5:KD73QoxI1AzMPO6fgi+h
MD5:	7BBC1629F4C5B67EE2302CC7E3D3BC43
SHA1:	84A665334F52C71FA443C3B0D2BF4694B69B1774
SHA-256:	7AC2C4BDF7F4BDF2D04837C567D9F1C7157F40CECDD102EA19B5C48717776202
SHA-512:	FE3C11ED3B7F988C21E88DC2BDE21E222DB6BFD5DD167AFE0076EF7D3556BA3FD70B1B5191AF8630FD0CDA6A073A7FAA5FD634A01A580D3D379F0DD3D0EAD0B9
Malicious:	false
Preview:	BZh91AY&SY::.H..c.......7%....................S@...`)?......JH.J....n..wbGi..;...h..p...{.n...X.......l.v..6.Ei..:..{4.I@.@K.).....4.D.M..4.M'...i.....OB2..h.h....A........U?....M#@.."b.MOSM.F.........2..h.....@......."...!.S.M.O.12j.@.h=..h.4`.`.#.0...CC...i.#.....144b.O..=%=4.P....M?T.......h4...................h1...@.h.1.......1..hh.....@.4..h.42...=.&...(.6.L&.i...=#@4.....=..............`.E...@~/..E.u..}5...5t.mV .@._oIY@.. BmS..U..i.........PU.B)..)j...! B....,..)..@........O..}..~....{^..n...H.#... I.P....W..P . ........@. ......PR..yW..~.w...~..xxi.P ....E. ....).Q......u...S....U:...B.#p)...-q..........)..W@#.^<ieW.FD...A@.7..bfJ...JY.l.5h....gWZ..kZ.....m'.].n&:@..'.7...b.....h.;&s..y....U<.~..>x.'...z.=R..y.z..QQ..nI^.Sv.yS..J.e..e.)..8:.Y...H=.L2..E..[.u..'...>...t..K..Aq....]g.q/...'..)m.)G0d...U(..+..q..@.., ....RG.....@...R..9b...U..{fn8....d>...`./......B..................v..U..O^>.pl.....1.j5..V#b.w......M`4;6.%..q.\..w...@K...3..*..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\deargod2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	20594
Entropy (8bit):	5.248863911424831
Encrypted:	false
SSDEEP:	384:6eOhSqvtU+A86FBzigNrgk0ZY8KHlQW4qqLBJWy9y0Aa0Bs1/ry:6Rvy+f6nrgk0olX/qLLWy9y/dU2
MD5:	491CA80A91EAAC3C9F856473D804ECB1
SHA1:	7AEAF58D52E3CD05B0E8A18F308C4533D9520BB0
SHA-256:	369D1E77B6589F1478FBCD9C81F169F091648426EC61A23D9616C08306195546
SHA-512:	BFD2EEBEA6F68C024417B9E61C77B2D627CCF19E16711D87302AFD53575A81D2263A2BC6B7E0C508B6EFFF93F209796C3D6506C7A1194D0FCB2242E38F4D7C3A
Malicious:	false
Preview:	RIFFjP..WAVEfmt ........"V.."V......dataEP..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\deargod2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9401
Entropy (8bit):	7.959050933146588
Encrypted:	false
SSDEEP:	192:ZYF24KCejy7jTfqEmOOLxgo4j93xzZyXfO2K+85l5tPRL6SX:uVYOXTSx9FSJxzQXFz8pLT
MD5:	2C621F0827056546308EA24EE2FDC5DF
SHA1:	7FFA1A47AA5582D58CAD1BAEFB939ED6235AEA18
SHA-256:	E0E3025FFB97EB4F1A462B5EBF4A32ACEC4365F79DB79FF5B5C56B03CCE0512B
SHA-512:	DAE46A8EB8FA3D567C2DBE710D457959DC900524863DF7008C8F202EA80D8EB20633D64AC88707289EDF01B687D0AEDA83DE7D2F5AD14F398BA2919CF0FF51D7
Malicious:	false
Preview:	BZh91AY&SY..M.............'...................j....`&..........m.)N......;.M14.L..FQ..\...N..W.{.....h.Av.$QJ.R..Uk.PU@ .......c.Bb.jd...6I..e=OF....G...dd....4..........O...... .4L..Bd.....4.i..4..z..4............T..")=..i.z......G.....................5O.!..Jz.L0DHM..Q.4.................. .2h.#F..4.d1.4h4...F.i..@.4.....42d.h...`4.H..Bi...6....z&.!..A.d...44..4......@.......Q.........y....Q.}...^.....WB.@.!0.R......HB..".P$..."WM......KA@.}.`M.~...\|...G.\..t]B..UYAAT........! ...Z..mtqb.\|..W...*\..d.!.I....7..Ap."...)i.@.4.B...U...-eD.&.. O.....@......p.M..bi'..Bi...P$!.E6..S..[ .L.".I4 ....8R.O..8....7.}....;_.....v_.......0.......+...D.....!..-._}.X..n}.x....3.K.........P..S'..D..8.........@E..L.(rj6....d..L....y....S1.QSZ.Ku...U.E...~%A$..zfp...$.CH.z.Xq....p..8M.,k,..>2ME.XD..O...n..3.B....hR...J....@%.....7...s....7.(.AQ.x.^.......V.T...fy.X/0c.n.. .}......!0R.^....c.A...gz....\wG.t..).....:\.[dy.b..:.f.Q.gsU..e.e]J;'...K.ol=..VGq..Q.u....."...e

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\deargod3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	20546
Entropy (8bit):	5.631646711007409
Encrypted:	false
SSDEEP:	384:ahfCymCeQy9xcX0eeam84lR0f15oz66WdOz+uExC9aRJjyxGWH5rS4Esz:ahftl0cEZXv0f1Kefkz+/C9aRJjy5H5n
MD5:	58BD37D22F7133C0FE604F04810CA992
SHA1:	32BE12778FA482AEA1933E350D50C43584517A87
SHA-256:	7BDFE418DB5F0CD5358FFC4FDB53656C0D2360144B4BC9510627FA569582D3D2
SHA-512:	B4B3C24301ECEC85DD7E974A9FC2DB215C5C3F5E7433973D5708D5443B3528A5EBCB3D776478C0AE61797597005EEAF2B1331290ED6BD2664763480B2CEA401F
Malicious:	false
Preview:	RIFF:P..WAVEfmt ........"V.."V......data.P.....................................................................................................................................................................................................................................................................................~................................................~...~..}..}.....~.}.........}........................}}..........~......................................~..}....~.....~..~}.}........~~..~...~...~...........}...................~.......................}.~..}.~..}}.~~~}~.}{.}.}\|}.}}\|}..~}~....}...................................................~~...~}~}}\|}}}}}}\|{{\|\|}}}}\|\|}}}}}~}}~.........................................~....}}}~zz{}~\|\|}{zzzxz{\|}\|}}{\|\|}}\|\|~...............................................~z{zz{{z{}}{zyzxwx\|}~~}{{{{{}.........................................~...~}~}ywxxyzz{{{ywttxz}~}\|{zzz{\|~.....................................~}\|\|}\|{zxwwwwvvwxyxvrqtwz\|{{zz{{{{

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\deargod3.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10178
Entropy (8bit):	7.96633524884743
Encrypted:	false
SSDEEP:	192:6P4Zcr2WPwjIx9TMU5VOe6PdvhASu/3vYyDNcThmwLLdJqZVOFHwAr2eqc:jKqzjixzVOe6Pdvy3vYACjEZVoQATqc
MD5:	398820285FA927BF5CFEB0154E0ED8EB
SHA1:	B04BDE93BB6B253A7542F6D1B6DD907BC4AC1F58
SHA-256:	60F976D472506FD0581FC6B79ECAEF19216492864695BC56CDF25BB52B6500F1
SHA-512:	ABBE6C953FC133576F93459F41446840E4703009773F4DB518287201F857E3D473C8928570C9C1C2786461ADCFBF53D15685E9D88E1201DEFBF4C393A008A19B
Malicious:	false
Preview:	BZh91AY&SY..!..........P.F.......................`...x..z....R..R.m....GZe..&.CL....`.#F..&..Qd.U......(P..)%)UWj....J.EO.hD!.L`..LF.....=.=OT.'.c...Pi. .4.z.F..z.......P.........4...S.).&..d.@d......h......@.....O..........i........F@4............~ ..E4m1.d$%<jcJz............4.........LM.h2i...........H..=C@.....L@4.4...4......$ .F.!.4..6.5.@......h.CFM4h. ............X..Yh..!........J0... R.Q...B...Z..@..k.q. ...@...-.I..>...Iz.J.^...N.g..O\....W.......;.wwu....I......@R.B.....l..wwcE>.....&.zJ...... \....\.b.{q...AZR..kp(.L.T.B...(...LD.TFJJ(....J.17NIDT...H......@b..C.f..1>`...eZ..U........CB....H.3N..@...>.P19..Pw.E..qv.2X.X.#....$b..G.R......h....JY..T.=..z...tG.m.=/se>.!...J].z.....c....5U./...4.......<.WB..f..8`.@.......F..N..[4....6.1.Z.{....VEd...=..C..gu`f..r...r.\...m..8.,...tw].r.I.c.C.z...tH..C.I%. e.s]..~....$.......4.C<9..9#...Cm.i.2.F.._..U...Va....i..&..T...q.r..]......i..@.JF..Q...(.:=./.K..sK<.y=...B.H.*-....I.8 ......I6./.]...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\getdown1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	18248
Entropy (8bit):	5.427514255462996
Encrypted:	false
SSDEEP:	384:CzOx1cS62y/hwWPi9oqQD3wiR0CGv/6tBiYMIbY759JCZIAA7lmR:6/hPfqgR/GvE4YMoe59whAM
MD5:	09F1300840E605E3AE89ECC44A550CD0
SHA1:	3FA927AE47C1F5827108BC358C04EF0B476A1080
SHA-256:	7AF3A184171DDFF0E2344D6D08C1A99C22CCA484AA983A81A64F9D3A8566FC30
SHA-512:	5DD5B79FF17A15542AF48B236E331F7BFD6AC8AE2DC4C401C627D60F8D60AEF36DBF5D6C6644DA4C76FABF22F634E7ABDE121FA9F7E1DF6B006F7E9F44E6CE88
Malicious:	false
Preview:	RIFF@G..WAVEfmt ........"V.."V......data.G...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~.............................................................................................~~~~~~~~~~~~~~~~~~~~~~~~................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\getdown1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8516
Entropy (8bit):	7.953275483901571
Encrypted:	false
SSDEEP:	192:JVXwgmDrZA3ShgLfblzb2o9rmAXymVa3W3gpXpjBUWR0qZ6zs:cgm5AChkDlzbNXQRpfUl9A
MD5:	150F034BDA3BC83A8AE955B67AD525C3
SHA1:	2B21BD29DB63574848F6D84AEEF65C3F99640F8D
SHA-256:	B1E529AD36CCAD9B772C7FB1CEFC5BF65F2A29A563A96EAFD0A381C29BF88A00
SHA-512:	93FC99A4EF0C0995FDCD4558326C95623C6EF023D12F6477BCDEB94C3DAF13466D7910D9E1CFB7C3131BF8C745A3B0965B012471BEBF57E6CBEC16635B8C92A6
Malicious:	false
Preview:	BZh91AY&SY.K..........p$g}....................`!..=..rz.E.kZ..V.UJ]....]...k.......v..=..l.b.e..J...R......~.A.... L@.54eO.$.S.z..y .... ......=M4.i..4...".........Bdi.S.zF.4.= h..4. ........hh...4.x..!4.Sf..D.h.....h........@........).......6.I.....&'.L.....dd.#.b2`&.2........2.d...42.......h..h.d2...&@......CCF.......i.@h.i..B.P.?A.~..yO#H...@....i...h...@..........zi.@r......_I.....#.R.uP.(?....x..!..}X. @...t.LV..HH.$.=.{Z.4.[..G.....>.\....(....<j..P..wV..\.M%....4./.F...yq.R..E+..V....P.....V.\|...ZB....oH...;."...E......xZ....&.m.+.Bj.$.LU...2.E. ....=...$#.....#bS.I.N...IR.....(.nb..J...G%.O...c......23.2r....}Y.ew...H1....z.=...BH..X^....d.Q.Q..}....A%T...t....X5.9...?..7rU..x.{.....v*...AT6.2E.#O.K..^.......eD...p..<.&Yo#...............'9.}.F..xT..,\.......=.!{..H.U.d.7.K3... .0f}.G.uq.l.w....h..E$;0.yGw..<..f/....M).XR.......t6..U.8..)h....7.Y...h...Q.(."....3...t..a...:.46.Z.P...).c]L~Y..5.......U...I...\|.6O/]1.T.r..1MZ#h....E@:..O.J_$.c

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\getdown2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	22082
Entropy (8bit):	5.294459072669051
Encrypted:	false
SSDEEP:	384:ilktCL1QLkuFNXhn1rS2YbNpIITgLw/h+qG/7hz/mzZ3Rqus+4mIJcG7kJW5nxbk:ilkcLDuFLn1CNpIITR/hBG/luZAu4zJ0
MD5:	6390556E7097748A48F7DE479E5DC8E7
SHA1:	41E479434E7066F87B6B2E521E9EC4949268F26F
SHA-256:	9F2AF0116633DBF6F732CAF84EC77DFA34D73493ADF094D77FDEC12F75B126ED
SHA-512:	DB9EC35C868E66D6F9F70C86E0269FAB5BB66FB50DF6CA4FA7C20EB5F5981A2F855FE594C8637E57273EC2DD894AB2C073666ECA374F876DC1C97D588B0CC28C
Malicious:	false
Preview:	RIFF:V..WAVEfmt ........"V.."V......data.V..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\getdown2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9968
Entropy (8bit):	7.957165242103367
Encrypted:	false
SSDEEP:	192:G3ziZtoKsrSm1uPQ3X8XnOhGKB5zyZD5w5f9yPhghN1WRtOA3pMSYEySUqpVDoy:2iZGKnfy8XOhG5ofcMNstFZMlZqLR
MD5:	A0D9121C548DB4AA0B7232A3144FA97F
SHA1:	735102E436F9EDFFD5E40C846E37FF1006BDBD6D
SHA-256:	15812564C912186BF3F79E0CC299FAC847FBE1FCA8E9696AEBFA85B3BBA93830
SHA-512:	CCB6C020D1E77F8A8B23DB2419CDFF8096C96567A528C5FC24A469D1FEC2301EA5A2BB3F66B24232CBD831FE73B3D8CA73D01DB82BE72E2C46312E15F803A0E9
Malicious:	false
Preview:	BZh91AY&SY.1.T...................................`)........'...k....[26.F..k.X..n....M`T.&X)H...p......-15.ZdQvd.&.......R..A...A.......... ...z...6..i...4h.....Pz....= h4...........i<D'.h..4..22....A..@.....4....4"....eI.P.Sj.... oJ..i..P...h...2.............".J4..0.....di......................i.4...'..2....FM..14.#.i...@.4.....@d.@44..z$!....j.0..hOH...4.d..G..4.h...f..................A.....u...>........Z...J.....BVR.!$....i..G...$ . @.(.6$ .!....I1P._X$.s0.......(.]{.u.......uW..w<n..3.]}h.S.u..H..3u...HE".+}k(E...N...........7..0.AT....PvR..Z.....$......`$P'. ....V.V.A.t.B.4..o.......MS\4.@...G.C..i^)hN&.hUc.t.R.[......U..+.>O.}....\|..,..7...........)...^...!U76$.......<P-.c..,A...0.h._..%..h....}.q.3.W.L..........i.C.3.O...UH..G&...a...N.Rt{....t.c"...5....#..A...(M#.Sdz..Qe=MC....:.i.M..m.=..x.g...[.......cx..w...T...P.2PS....7fR7S.I.<......v6w..=z..li...4.P.......4s.1Mt..9. ..2a.6..6*.w%4..=....+.V.9.V.c..k..MP{f......D.2.aq.]...MM9<....(.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\getdown3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	17790
Entropy (8bit):	5.772493274658846
Encrypted:	false
SSDEEP:	384:3tOwOEYrc4ZxP4JWbY4Hz7t/g1aGVPUANiULdBDscwu0T4WKk9NKL95YnFV1gjX:dOwGg4ZxP4JW8gftAaePUQiULdBwTcYW
MD5:	DCB4E6BAA467F1D22A947204BBA43688
SHA1:	2214AD328FBFB3C61AE46B152D74CC182B47E98F
SHA-256:	8FB6A1D1388821BA4C30E4A022B96351BA4429AB6D1D93DAAF741B1B3C4AD1A9
SHA-512:	96042369B9B2C4E4489FF05C3BB47E932A317204EA8F23C9F6B20E019CFEDE8586F774B9A02DD8DA1057C0845256522CB20D966007DA0C96F208AEED10C9FCB2
Malicious:	false
Preview:	RIFFvE..WAVEfmt ........"V.."V......dataRE..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\getdown3.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9141
Entropy (8bit):	7.951780380066447
Encrypted:	false
SSDEEP:	192:22dNLGnAO4qmiHgvxasH2MVxYGimcQndjmZeStX/4Hhttpf:22mx4RiA5as9Ylm/1mZecXQBPV
MD5:	5EEA68869FF63C8EAB6798D16A1C9633
SHA1:	75838DF58635F78FA99982B6AADA408A5E3D33D4
SHA-256:	C4736AD870707A5C892A86EDEE8BB2BBCF42E359DDC43F20E8B834FF6B432742
SHA-512:	40DA8D4A69AF570AF881DFAC63C23DA9B6CABF8385B55D7DB080A6D18D812A0693DD1421F3CA6FEF3291789E344F17203A61064BA84EF1A10648E9EE7B23F934
Malicious:	false
Preview:	BZh91AY&SY..Q...)....r.P.........................`%......kZ...m:.u..v..I..v.!v.........3`.....4...v..pl.w[.m.-.Km......YB))U.)..jh..&0..4&@ .F%<....F.......4......O..h...Bi.J..f.SO&.#.d.I..A.L..........4d"....~i=...S.M...4................E?..F..l..&!LPh=O(..................h....L.4.....&...`.h.#@h...L.M4..&.#.&.=....M4.S'.@#P.D....i.A.d.z...........^.5h._?.}...W.T..E....../....TR.T/..BE..._..f....[c...".}...T.O......Z..Q}....}..{/Aw.......xV..(@..]. K.....w..M.w.A+.wy....>k.t.R....R.-..X]-G.~...1.T@....'......:u&......at)t.B.\|I.XX.d...k..O9u(..R+"!.xGp.D.j..............g.\|.t{......{/,....E.../..M..G....QK.....].....C7n.i.on9.k.e..vW@+.~5..kl....gPC9..iL..:... ?2.!....Z...`&r(.r.....WA.KFzy...U......1..(.F.._,1....T..!H.?m6K..m>....@,YB..M..Y..w.#.u..!{...1..Db/...5.K.@M...R..(g...l.0%..HYQ....zV....%.s].......E.u15ROH.~Q., ...o>........LYZk..0......39.61 .D..C....V..G.y..v:...G<.G.?,.Vix.H...F.. y DoR........m..~.z.~..k... ...%@....HK'"......B.x.\.Q.0k.%.h..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\lookout1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8454
Entropy (8bit):	7.945642740186327
Encrypted:	false
SSDEEP:	192:HoydOofM9j1lRNjNnKIOtNh4dSPbfpbXoLkCDCP+gjO9GzGs:HoydOJFZfUbxbXoL3D2mGj
MD5:	98E0E1263CA7E8FD38A116E7DFDF94B2
SHA1:	0B22C9F32873388BDB1AF84F5D7D9F4C26523298
SHA-256:	82B031D4604F609D67C2CD37AFCE0DBF2187087DBF67441C7F622A9DDD01139C
SHA-512:	95295CE2927148718B37747B09A54AF553500BA2041C98BD63710F58EC6D2E4B8B0522AF7984657CD284A2D9A8495C9E65C23E0CF1C8008D4F828B81758AF90A
Malicious:	false
Preview:	BZh91AY&SY.i....%................................`#_>UO.x(.....Un.+[9;.m...:....r......]..#....c..{...wV....A.]..v..:{..i.mT.....@B).. &......B4M..F.6..mS.OMSM=....A.....C.44....4..P....z@..........2LF.z2S...'......S@<...G..@...............!.E=56h..0.hh...........h.i.............D..2Szi..T.HI.m.=@hh........h............)..IS.ToT....P..b..2..4..h.....zC@4.....d.....i.&...).B.z2'.4y ...z..4h.....................6..IQq....r\...&4<....f.sM&"."%......<.s...Ua....i..A...(.$..$.k..kT)Y#%.J.(.)N{AiF..x0...IU:P..2T.{.h....O..rL...IE&K....4..F.5M4...."(.+.NJY....c +.AX...i..y..;s.N.o2.....{.5)T.QJ....b..8j..l..t.\|.,..Q\Z1...AX.....Z.P.....5.N.p......pQ..X..n.\|...x.. .......}MtH.-I.E.ig8.h..X..e.Bim.J.k..oX.i..."`M[...p.f#XjF......]..s...w...5....-.?K..........6...s..O..w...`..N...h....I..t.e..:.zr...B...\|.9...3.{.S.'....\.0.5.d.}.P..>Ye..p9T+.4.m....jTY..Bd....hdFeZ..5,`.F.U..-.'.3...6..R...........%W)CT,.....w.N.'Qj...J.R\.m.N.E..rq.....3...J{./.F......j'

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\lookout2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8523
Entropy (8bit):	7.966349910599482
Encrypted:	false
SSDEEP:	192:jIHXxFtwZVPSjFKspnhpLdYZ6YRq9lBqk+Nvrsr:83LkFShKYn3RGQl+NTS
MD5:	44BC0E6E1723CF3A968CC9D1A0BDFD36
SHA1:	59B4B660CFDBE5D2FAD5CD6447FBBC5FEB64E929
SHA-256:	B6306911C8274AA8F8BBDA7FD6B554B6E0EDD44322AE5E2F87381AFEC546A843
SHA-512:	65275EAAA5E6425D6BEEFE11A75570B60452E84284EF61609A7D87B6A330F5CBD53954D51B1BDC2E05BAB01F7AD5226182595F077B37E76B0786B52908A0D5D1
Malicious:	false
Preview:	BZh91AY&SY...............hw....................@.` ?..P.CM....)^.6.wws;s........3`.)wn........c.ws.r^.^..j..]+)J..._.O .54.L..!..FF...G.z...S@..L...zF....i...."...i..0..12h.4.&S..A.#..i.4h...........i..?.."4...d.4..J6S#..........4.................F.=S.OO.5.h6.........#@2.............2...1....2.h.@.4.....4.F..... 14......$...i'.7....L.SO.#......h.....#.4..........q=E.MR.t.G......>.....p..?V.{.t..P.......kK.e.....]..\...}....y...K.uu[..auuX...9.....U....O{....\|../.....k.._k.6^.k=l..]...,..H.(.....".....>N.....`......_..~..........}I'.Y..2.wld.6z..4...vM'.}p.^..C..#............5..$.......<G.Q.XD_.Gg.l.V]q_.R.H .....r.e.Q_...t....Q-.VW.v..Y...@0..p)............<O.O......'.x..z<....,.......<..yh..y.\|f)&..=..N...Ga.."R..'4.X...%..hM9._f..!...t...{...y.. q..\...i.i.=....w..,...{P!.e...B..LS..GA.+.6...i...RC..e1'..t...j.\...m.......$..e..P..N..^.Z.R..k.jp[.\|9..0.'a.H.@,..V.A%.....I. .Yh...\|.yT..j.....4.P..B...@..fr.:Q.z......+...INp.W.XU......y.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\lookshooting1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11148
Entropy (8bit):	7.972857767999171
Encrypted:	false
SSDEEP:	192:FYfuWckcq3HarX11X3gPN/vK7Mk0NjOoqX6Dw7xom3fTR34+p5u1Rn4H:FA1l3HarPMN/vjNep7xV3dYRA
MD5:	F09A8916FF86F0C097CF49D8971B5CD9
SHA1:	62546A3F956B1135A2069249F55829CFB87DBBAA
SHA-256:	A21D5EA9756E56F0F5A52CA53B328F07F679EF338BB023FB46DEA77309999486
SHA-512:	FF848267235B128D908CF4D7A643E7F07504A07D9D8FD0DDD6D8AE3095D6E592F1651EC0387314B895DC511876B390AEFEDB3BDDB5134699321827143447E37B
Malicious:	false
Preview:	BZh91AY&SY......x.....\|..Q.3....................0.....:.S.Z.mm.oMr..vu....].:..P.;p...r.#..@{.r%..u..."....^.....I"wa.B...-.uV.R..gw....h..m.U...\|EO.......d.&).P.=OS...=L...z...4...hh..h4..hi.F..~.BDL.....&.~CT.T.# ..@... ...............z.......L!..hzM...<.OS..&....=FL.2.......4h...D"...F.4.LH4i.................... .=@4z@...M4......d.0 ..h.....4hh44h.@........BA=M)....#=FC@....h..~...d.............A...3..D......,P...Z...&.0...b....~P. . ...Y..[e..m.HB..BB.A.Yt.....j.R...._...W..}.y.>..W.?^p....k.g..<.&....^z!T..E.....@...j......];u..i.j....v.{<....U.T..+..P.$...(...-.....In...../.m..Q...n.S.:]....oOmj..}..%.C.....z.R.......H.....[.hB..(4..PX!...C.B...$..]?.l.Z..-.?O....(=>.w...'qz..2....]....I...d.?s.#.....{.(.9...#..V...V...C\p.......W+vA..j.l.....#......rC.`...U{`TS...{..0\|A`........C9..C...K...cr.k.JS{..%.t..b.1.B..r-UD...S..Y}...Z....O4..`m. ....e..{..(.h..u&.PD...K..NX.G.q#..-r.......K+.M=..z4_B..F`3k....".T....ha.{...........T...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\lookshooting2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11769
Entropy (8bit):	7.961365840273996
Encrypted:	false
SSDEEP:	192:E6A7w7t/IkMKR9xV7T7tcycx5Z0OEOpV5LVew3OLdWZc1412nPRbYkx:E6A7UtIkHblWRxHNl573OLdWb2n9
MD5:	ECFEF12A3E496EB9F5040CF2ED0A5DDE
SHA1:	46930FEEB008A9ECCD1BCDEA50A85FFD69486674
SHA-256:	75D9A32B3D97673C7E424E70445EE7782F8CFF53D390A9A782EF5F9DCF5640A2
SHA-512:	D94BAD58829E8651D18600C3202B84CA62C1107CE6F35C72E1E3BB3C249950ECC80673109957D0BF42EBD893B7571A9325EA6F2E99557874AB50EC49DB53173B
Malicious:	false
Preview:	BZh91AY&SY<............v...??....................`7w......T.k7wv....].2..9...u...v.D.wn.@..w\r.....G.((..j.{.r@..P..Q.@.wnA@&.....'v.M....;v.m.....V.T...E<!.h`...Si2b.&&).z..z.=@.6.mS.6.jzz....=C...4..........DD.1.55.4FCG.2hi..@44z.M..............#M..........=@..........h...........$...xi.).......2................A...d.6. .=F&@.SM..@...............@..Ph..."......O`..4.SSF.........@....@4..........<Rt.. .......;...t}+"..x"{...D.1...P.... E.@..s...`.`..)......4....$...ZJ(..?`4.A.........Y.I...hH....1+.o.h.".qc...."...}.I.>.k.=7...F.~.h....)./I..R...^..C...P.P....O...E....*..i...=.k..z<&y..T...S.t...^lB@.....3..'..;.~...5.S...b.E......U.X..].^..}.........A)..I.G...........0.....Zk.5.:.t.;kY.....K...I."...h..3.vM1.P."..s.?.......U..u..u....C../..3,..i........J~.s...z7..'..1....=.......e..;...^q..\|.g^l.b.s.+b=.......~J...B.....<S..P.&@.i../..9.h=R.8....r.D.;.F...s=...2.L..q.(.k.......!J..J.W5.1Q,.......Js...6a"%.sG<.L..![.B.\|d...P4..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\lookshooting3.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10428
Entropy (8bit):	7.966116677596436
Encrypted:	false
SSDEEP:	192:dxEAKwIvwDnLh6zXuAKqhVIAgPxG1Za3xl6HHefu1ujZWzf+P5ahsGY2hrWsOixo:EAvhoIqhVoxG1ZaHSHz1ukSaFr7xTT4
MD5:	6210DE47D0D86A641CFB1B78B0C53D45
SHA1:	B473E122122704A0706C5B0A63504AB46805A85E
SHA-256:	BA5760F6EE84143F0F2B1AC5409DBE3D7DE939D3F472DCC5FF064F4C96D850B6
SHA-512:	0C5C377C3C202049501BE2E27BEEBE27DD4811371204A427EE3D522291D0CBE6CFEE41181F28781B8FC6A23D6C226FCD4A967874E5E80D6021A609CBC22881DA
Malicious:	false
Preview:	BZh91AY&SY.....5..........#"...............2."..`1..O..U./m...].g].u.L.Gv..s.IC.....@..Z.C.A.....VfJ.9k.I.D:.()...d.wer.[.pG@.......i...U..\|E<..`...L&LD.i53J4...P.......M24=5....mOSA....@.<.g.my@....4....=.......@..... hd.M12.....4..i..b...1.4.A.1.&.0.0.2i.F.O.D.SS5O.".).4mM...@.4h...........F..2ha42.....@.1.a=COQ.'..h....M.14....ODDB...#&...OT.OS....OP.....A.S.4........C...&..s.v....9.......'c...w..+..O\|..#..t..T .....4..+.[t...:.^.B...1..y.....zZ.E.!.6.......W./B.?W.@.....\|.0.O.....R4EHR.H.A....H_...FP....I....+.S....(yE.s...?....+.x...B+.@(..h...O..^^~........]..Gk.l}l....G...` ,.......:K~\b..L..ARSLg..m..$ .&..R=n.Wm.......;.:>....z............4a.u..q.D.Z`..rWT"...v..!.....\..HP.".%Uc.....N.(N..S....ys...i\|..!....H..4}.*_<..'.1;K.m....O6.....c...Z.G..3.t.dG<OH+\VI'....^.t.d. ....5...<...%UK>..@.+P.%.:.C..3..&.\h.M...t....,.J..! ..6K/..,..h.....q39.o..X.....P1mo...F..y...tN+:@....QFPPd.q...v..}.3.Ye..........7...a2[I...).Y@..a.(........z~....z

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\ohgod1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15342
Entropy (8bit):	5.819787349258298
Encrypted:	false
SSDEEP:	192:TKFxzUQLFzsy54UtmqNMVC+Mb860U8TGrRAWX5opOA4ELUH7oaPRyhWm2FGxjKRV:Tiy6eCD+XpFGrRAWoEA4EIHMa5ijKRqE
MD5:	5190F471F4DE4C0F3DDFDC0F0F6AB765
SHA1:	9BF2314C92909864F6748974C7CCF7686A64E13F
SHA-256:	A2F7D53A16EE9A047CF8BE74C838EBBBD4CEADB9DDE8519CF57F38C364445E8A
SHA-512:	C89828E48582542C7F4A5B7F3390D78F1CDD72886E5976DA94BE04CA0B940CF1B8B564B532BF35F5A12653CB65924C9B15D3D78D5DB7011FFE576DD7B2FD9632
Malicious:	false
Preview:	RIFF.;..WAVEfmt ........"V.."V......data.;........................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...................................~~~~~......................~~~~}}}\|\|\|{{zzzzzzzzzzzzzzzzz{\|\|}~...........................}\|zzzyyyz\|................~~~~~~~}\|\|{zzyxxxxyz{}~.......~~\|{zyyyyyyzzz{\|\|}~...........................\|ywuqolkmrw\|..............~~~...~\|zyxwtqomllnqsuy\|..........~\|\|\|}\|\|\|}.................\|vssrqpooqvz~.....................~zxwusqnlkjkloruy\|~..........}\|\|zzyxxxz}...............\|tlgdb`acjqz...............~~.......}zwpjd_\[]`cgnv............}wrnjilpx.............qd[WVX\agq~...........zvtqpquy........~tkb\WVVVX^fs............vme`^afoy............q^SQQQQSTat............ungccflu........xl`URRQRST]p............rbVSSTZhx...........qXPQPQQQRVj............qbWSSSWct........xgXRRQQRSWg.........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\ohgod1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7587
Entropy (8bit):	7.9535570942196365
Encrypted:	false
SSDEEP:	96:TUpDAMn+ePqppJwPwohEXZGuT2T2MVjFG9Kc5Xll/NN0DxRtnXCeMgi/3TO+P:78+Y6wYogdTtMjk51RNyRtXCeM/d
MD5:	102582BC6D778DB31B39012CB7568663
SHA1:	CC62F6B88AA2F1781C8BF167FF65C0D2555E2279
SHA-256:	1D5FB24FCA428E9901B015DEA9FAA932B7E899C0B457881CF37807AE098EA931
SHA-512:	8CD74DDF572872FF4A10B7A350C62B2290A5CBDEF7036E7F138CB6CC7CD732029ABFD716976011F83E9B62819EFD801DC9A33CF1AFEB7C18DA3D802045DE31D6
Malicious:	false
Preview:	BZh91AY&SYm.4...........`.....................`.{.G..ot.....V3..{...v.y.c{..k`...v...(.....z=.......[.W.0...j...S..B.............S.M....z.....Sjz.).......@..xB.0..@ .MM...d.42..h4...@444h..z...O.4..%=C.l.?.....ODh..=@z@h.@.........B)..D.H.SOS.).O!..O(...H........h......OJhh.... .'....L...1.........A.......h.i.H.`&S...x..=F........M..F.........X.PE....wc...<.....8....pLpMH....~<(......I.......'..&.(h@.....A...._.E..az....J.d1..X..p!.F..... ..@...E$.- .............d..y_..:.:l.9.b....AX...Y....8..:zWG%r...8....NU.........Fq..L...O2...J..].-D.[.MZ.V.a...F.J.x'VW...3....h.1w.3.......:.....S......f....b.?W.k......f[.....=.V.8,.H.J...!j.....,...b......d..z3..]t=.....$.B.E...L.H...o?L.X.d.^.sQl.%.F...<...9.....o...q}.>f....{....X&...><dX%.m\I.E.-.2..a"m.Z.-..1}.3...3x.T.X....%..c..\|.].G.k..`]l.K.._'..lW..}e.\|Z....Kd.s..0.Q.i.Q..d....;).*.....;.;......h.t..D.{R.&.5....fL..B.F.P..A6...r.;S..\aD.{.F.K...Gt.....Cz..`..CH..Dfn.:j.H,...`.#.D.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\ohgod2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15814
Entropy (8bit):	5.693363053625077
Encrypted:	false
SSDEEP:	192:k302zyFex303t/XDjfj1iGOpk4d3/YbwiZe1acPG24ST5LxRJ+0Z0yj9sz:k/y3biGR8t+ORJLayj9sz
MD5:	E9CFED0330AE66984A8589024ADF10E9
SHA1:	C3D218FA704FDBF49D45F30BD413B5165FA95E64
SHA-256:	318FC0C58E9E268510A87C35D5856B5F6FD016CEC3CEE968EE2B1A41F67CF027
SHA-512:	6531BA964AC77EF8BBB955006607A854DBDB421856D0392527EA8BB1E5408E82E60C024410AE1E4E27FDE56B1BC18578D6C3F3D06A3566C6BDFFC7842A407CCC
Malicious:	false
Preview:	RIFF.=..WAVEfmt ........"V.."V......data.=..................................................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~...~~~~~~~~~~~~~~.................................................~~~~~~~~~~~~~~~~~~}\|\|\|{zzzzzzyyyyxxxwwwwwxyz{\|~...............................\|zyyyz\|}......................~}{yxwuuuvwxyz\|\|\|\|{zyyyyyyyyyyyyxwwuuttuuwy{}.........................\|upmklmortwy}...................~{wtqnlllmnprtvwwwxyz\|}~~.....~}{ywuttttuwxz\|~...................}skfcaabcfksy~....................{tniedcbbcehknqtw{~..............}zwtrooosw~...............yoiecccdhkptwz}....................yrkgc_\ZYZ\_chknsx}.............ztokikou..............wi^XW[`fmsz.........~zxz~...........~tkcZTSSSSUV\ckw............\|slf

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\ohgod2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7655
Entropy (8bit):	7.958095449753633
Encrypted:	false
SSDEEP:	192:2pwY8BomNKwevqG9r1WBSJVej17W9L9CWAp3XROEHknB:2pfiomcwe7uBSJYBWqzpxXQB
MD5:	2B9F032468F8232D666F6C84DEC0AD21
SHA1:	4956CD229CF1E54F743BC272C231D1598EC5C3C7
SHA-256:	A3D76509ACD0705E1359E442C6F686C72503042E5FABB83030DE86F3A169C73D
SHA-512:	8359ED06341BEDE4AA50FA48CBDFD10E9D214E5239A0D452D7D0A02B546403A17085A7A53BCF2915010D340222D65E607550CCA5A501E2F811E01D3364AA97B9
Malicious:	false
Preview:	BZh91AY&SY............T...{...............@...`.{...g......^....JV.n...m...X-c.(...6a"..v.m.]..54.b.l.....S..)....2l.......4..G.Sh....G......1........"..@C. ...Bb....z.$..CF.h...@..z...h...52.hT....z..Q...H.OS.......`...P....4.....~...Sd..~2.OA...mCM.............@. d...d...`L!..i.F..`....214`F..&.d.d....zB!....m....H=G.... h...h.h....i.C@...JV.8.(.Q.E.k,.J..}.........."...,..2J..@ @\|.y.\|..!."....@.$."..T...~..S.bb\|qQ...{...9.....^...jx%..hO.xRb..$......]p...#.%..._..!..I.....f.0`.B.... 0...a..@..K..o.:......-...[-. ..<.v.o".f2$O.......k...R.p..I..R..;<..HX!4.cD&...@../.p..B...D.........I.tb....Eu.......q.:.,.a).T......B...5d.........U=.N'........W.!.I.$..e..&I.Z...Aj..9k.3..dd......RF..X.UM!9:O.U8..@"I...u...F...7'.P..dS.......:.C.u.K.Bq.B^.i-.F.\]$.f:2.....pj.B.'e..AV.({U...^G..p....-..\^5...a.Ws3..R..GJ....9.=....".....dS!.8.Ma..(.}+.#k(Sz.UD....\|....y..m...8...\|...e.G.x.V.._..<..!......v{...)...U,@...........$h.?.F'i.^a...=...6e.....q.....m.&.s.I..+...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\ohno1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	20848
Entropy (8bit):	5.469191655666724
Encrypted:	false
SSDEEP:	384:yE1teJJVJ4l7CzQLFIty9H+9sG6s21hwYMV5f5QEStM/m7E/:Xtex4Cz0FIty9Zp0X5KJtMeO
MD5:	E2FA7CACAF31041189144A04DDA045CF
SHA1:	28AC364AB2A0A77B13A1028F6DE16DBCEA1FFB5B
SHA-256:	C973F84C58D98E46D9D9B72D043B47B0B452FCEB133899DBB61F640D4FEEBAE6
SHA-512:	6366641D7D10B34ED11969A22D8052257B22A83E549E786C7590BD3D12EFA95CEA1F987251BBF7B8E3FE25FD5C2B6880B023318C0405A66FD354196A5F399439
Malicious:	false
Preview:	RIFFhQ..WAVEfmt ........"V.."V......dataCQ..............................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.....~~~......................~~~~~~~~~~~~~~~~~~~~}}}}}}}}}}}}}}}\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|}}}}}~~~~~~........................................~~~}}\|\|\|\|\|\|\|}}}}\|\|\|{zzzyyyyyyyxwwwvwwwxxyyyyzzz{\|\|}~~............................................................~}\|\|{{\|\|\|\|{zzyyxyyz\|\|~~......~}}}~~.....~~}}\|\|\|}~................................~\|\|\|\|\|\|}~.....................~\|{zzyzzzz{\|\|}}~..................~~~~~~}}}~~..................................~}}~.........................~}\|{z{\|}~....~~~~~............~\|\|\|\|}~....~~}}~~...........................~zxwxz{\|}.....................~\|yvtttuwyzz{\|\|\|\|\|}~.........~\|ywwvwwxyzz\|\|\|\|\|\|\|{\|\|~.............

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\ohno1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7363
Entropy (8bit):	7.944993329049696
Encrypted:	false
SSDEEP:	192:ds2Wj+YWSyIPHi4NSi+e3J5mZJ01HTxSiFVtgyd:dsqY9H3Nh+e3DiJ01HTHDNd
MD5:	35594E0E81AE0987EDC123DECA7BFEAB
SHA1:	4DC70EAC4C4AAD6C824CC76510C43FBBFDC55ABB
SHA-256:	3EAF7C6047B9EC9872AFA11E5E1B1D5BE6DB805F264CB564F1864295C0DC0BF3
SHA-512:	13C00472AC601A4B4A9818CD784295F144C76D2C043C3DC2234E0C94962F7F1C92A1820A4E468E2B785CE7A0B110431A646091E5DF10742F5C34AFDE39205C65
Malicious:	false
Preview:	BZh91AY&SY.N-I.........U...{...............@.`%_=X.....L..Z..Am..).5.m..Q.Z...Iv..m.=..Ww.=........-....d.M-...j....5<..b`...M.h$.CM.i...4...........".=Cj..P2i.h4.(.....O ..~...zH................4....Q.4...C@4...............OD.D.O.?...jiS.=M3.G..4....h4..........L..4.L..d..0.4i..C....F....0.h.CCA...2%P....C..y'...&.4....0..SF................E.n...~,x"..7..edx...w......M..... B..Z..Akw...0.'.....=I/.3.?.h!p.83...S.1.....2k.I..o...g.....e...h...'..O.........~.s.#......y.... .P...O...g.R.....u.u:.....;.4..I#U.$.. ..Mt.u..c.{~..?.W.2.M...2&.....'..#...\|.9.7......Y.H..lpT8#><r.L7e<.N.a9.a4.q...UD.@PAT...u.Q<.y..y.v.f.vl...Id..$.<f..JR.0t..A<O..W....`.\.)..L..1..BE..0(%.....+.....?5Ki(7G.n...5C.*h.d....hh.e^.....b....F1..k.]..g.G.'HT...C..J%..g.W...w...i.....'...wMn.5./....<..'/..._.^.z.u.q.%....1..S..l..r.2w..[..[7W...m.q.nT.YWIb...Z.....v.n.m.......Xa]...T>..'.q.f....M1.n`Zdl...vc..h.......dn.:......`.1...+....i.V....g.R..Q.)..E.U:T..TH.."0h....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\ohno2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	22334
Entropy (8bit):	5.894524288160584
Encrypted:	false
SSDEEP:	384:8/NoYuytvTcSmL5QlH9eZ3f3aoBRJRv5RAwTMCMvpclCxAfj4Y:8/No4KL5QlH83zBxr4hE
MD5:	4240AEED03EED04D0A25DD1B8DDA4B62
SHA1:	B46DBE4BAE5FBF91457B226683BC3D2A802DC844
SHA-256:	B46FB4908B310170DDEF3BF0B6C0A04343D8CA152E847AE1DAFAA625E4B8A67C
SHA-512:	A3195FEA804AE86AF0A72BFE6AC2A2A785D3AED1F2E43E6CB4B7CE09CB0AF54AF9BDC75B70CE59CB5BC728A4AF88B205A2D014FCAD6CA2BAD87C588C2C5B8961
Malicious:	false
Preview:	RIFF6W..WAVEfmt ........"V.."V......data.W.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~~~....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hreactions\ohno2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9286
Entropy (8bit):	7.961445416148927
Encrypted:	false
SSDEEP:	192:l8ZMvb3ElhjAGnWW2tciURJ0Kab7eEOJonjQ/X:l8OvbUlpAOW3tcigo7eEOZ/X
MD5:	DDCA33AA24E9A03534D5851B8D0BC71C
SHA1:	0B67711A4EE69E505AE43DF7E605A4ABE232F44C
SHA-256:	FA9999DEB93A064CDB221BD99BA000F22D99E1337564C6413DA09F47BA22BD2B
SHA-512:	DA6211AE688BE23BBB28E61B0D58C9FC7CCD4ECE4A1E55D1128D4D3256A309511BD9922B19716B13973B5367FDE8189C126D21D145170018BAC2B446C2C608A5
Malicious:	false
Preview:	BZh91AY&SY..0K..i.....NtBG.................@.@.`)..z..:.%...%=o.vJ.Z.9..t.-+.s.j......e..}.xy..{.}......wg\....&..w].\.Z.T(....U.6X(....S.....Sx........G.A.#....F.S......6.......j...&.4..#.5O.....i.z..........CM...h.i..(....4.=A.....#...m&.i.....j....`.....h.C@......H.i....... .i............@....="$...j`..z.f..5=.50.........`........&...$!H2..)..a.h4..................p.A....T..J..m\|....8..-R\|.2A.6..B...l...{..!b...}.b.~.0S..x..-J<"V..i.DF./.-7....ff-..L....2[..wx.(0./......B.L_./..+xhw ..K.A.=6...-..x{..lx.....qh.......Ju.KgY;\....:._O.........oW/{.9^q....M..^.....X_...h..M.....W...s..=\|..#.....:...A.8&...j=o...`;..p.......9&....;\|...v...m.r..N..#@.@..u&\|...B..........Y.d.h.I.,.^Qc.f?....c2....y.iQ.Jr...4......z...p...#%]....D.K......d6.v.q...........`B:L.5....nO.-.i.]...,.......I.[.....^.K....RN..P..6...n..\wX.y...%..%(.8...E.K..S.....Cn.+......w..`...#.).......*.hB.%6r.....l.^.[)1..0.j.M}.{.)..M)pu..L,t..%{.....1..p#u."/7..8.....`\...\...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hrescued\finally.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	35734
Entropy (8bit):	5.383491413881101
Encrypted:	false
SSDEEP:	768:x5UQ6a7A3IrRoXbFyyV4D/Z5ya4WuH7l7Ku0uF5OOTh9ki5qpjmDm0E:b7WIr2XzeDvDelAuL5HeD0E
MD5:	F309A4D77D2D273131F669A58F84AED3
SHA1:	76AA9FBD77BAC26E9D67F531DD651E9702BD1129
SHA-256:	F1F792F035B494BAB703AB91DABDB314A6AA00A70E20799FB2EBC1920995632B
SHA-512:	02D0A5B306951DA1A751332EFF67CD4A821BA06DBD79CE7E8739E1C50155E4D82296E1DD65F99B69B4991C35107A7CFD6D0E5A03DCE0458A1FBDF93FE50C1A89
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......dataj.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~}}}}}}}}}}\|\|\|\|\|{{{{{{{\|}}}}~~~~}}}}}}}}}~...........................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hrescued\finally.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	15397
Entropy (8bit):	7.975161365828106
Encrypted:	false
SSDEEP:	384:b9soRRZc0bcAR3z4w00NBX6YGDp0R1leBmWvhRM0XA:bfggckrGDUD0mWvbMb
MD5:	F7A90A3D357C8D6138834601F6122E5F
SHA1:	DD01C6C35733444F5EDF4DE09CF1C244927F2C4D
SHA-256:	8AA069FE580726BFF0A65FB3D3FB53950159A14238395848200057A26C6EEFA7
SHA-512:	2014B8AF28C9669BEF4129709CDD205DD03F0207F9F54BD3407B5B5623F560E9CED2D2E7F38DD68EE6B0926CC73FDBE0D7E186C46E574374C904377C87653671
Malicious:	false
Preview:	BZh91AY&SY.6tC..U................................`@...pr.......(........kZL..wn...-0..zO{=..k.)=rrBGe...k..0.;.p.z..iA...@...ES.d...n..Il.j.{y...zzw..G{..`..c..wY..l....wkm..N.T....0.T.!....B1..M.....oT.M.<.....4..A<.j~..(. m#M4.h.zCM2h..........E<.&@@M.b0.1..O.$........L..<...OS.....Q...4...........b.<....51..EO(.Q.....z.......4a....4.hh..h........5O..."...i=.jz..G.4..z.h...................@....4..@.....4.....@...@..`@.M...4..4.4.D. ....LM3P...b2.Dh..@..h.....h..&.............'.F@<^.........z/G.=.........Xy.p@..'..R..!.<M."........1E.2E.#.B.".....bp6.. @..@..(..ha#....%...........H..c.~..G.}......\|.;...........XP.%@....^5Z@!!.((.HH@....H(.b@.....^.d...)$.>..........3....4.j. @.BE4.h...)....w/.......t>..BLH.V..(.:......l.........A.Z...N..RuK.}..-n...n!5G..`..)..4....+j.N.....,........+X...kkC..XYJ.4.TQ.i...E..Em..w.J.c5..DX...........%.H$.A..y.. 1....N.C>.=.Da0^u..._p!.....9C.......~\pI.....k....._\.....T.j..'.....w\|...w..\Kl~`Y!...c.7g..W..02,..%_l.>.`.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hrescued\finallysafe.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	48768
Entropy (8bit):	5.3343233398041825
Encrypted:	false
SSDEEP:	768:I1Ww7W6VvCLsGRqH91UsMCq18Rf1b9c7XiUvWZuNb1iYKZpFyyXD2e0RdktOKP80:2IzRqd1UsMCzgakN9AaiD2NdkvEh6
MD5:	244DBA82D85BB7F3639E5E772BC6CB34
SHA1:	9ED73CCFA97867C93E07559DBD83B49B535DE1FF
SHA-256:	D0A338D70D9A438CC41C1F68A2C4A91215246573024FAD6693C97DC38FC0C45D
SHA-512:	07F10D954FA7CD796C7D0DE28CAA6E8D6A9724678BDCB4683D772C07DD892337EAACEFCE4128D5AEFE73D4ABFB4E8FE5AC1293CE12DF38D409C832F17886176B
Malicious:	false
Preview:	RIFFx...WAVEfmt ........"V.."V......dataT...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hrescued\finallysafe.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	21142
Entropy (8bit):	7.98012060028083
Encrypted:	false
SSDEEP:	384:zv8jVUVWHX9vJQMz8i2VMJHHm7fYeQ+Wrq6XSNzTXDcMkCplkkFWuK2BhvjydQbC:DIVUVWFj2VM1efDQdXSNzzVPplkdMzLs
MD5:	1CB8A05EB2EDB2D39A220050C536B015
SHA1:	FD05A30C54E47EC7F7B79513CAA664F6FF992F17
SHA-256:	C764EBC9F2342025B872DD707980978E32BE78C4A9683E153DA9D65670DEFC5E
SHA-512:	BC28384D99C9FC96539D13E24C0BC07837B3F4A8B3BA0C5A9D1EAEE999E4C622B149C0EE1DAA38DFE939BAF3E05E46DFEA064974FD96A94E7947159FA3320114
Malicious:	false
Preview:	BZh91AY&SY.....................................S..`T....].uD...T....UR.U)R.-..K.....l.=...;:..y..{^....q..u.j..L.m..gS.9.Z...:.`.(..([l8l..U..)HLq..i.[-S.4..'wv...'...Lu^.vza.M..-.oy.O=..{.s...v..a#ow.{:...wo[..R......@................ j`.J~M#....P..yL.3(zM....(..z@.h=5.F......=CF..... .B.h...O.......OSP=C...CO.....<.....h....@4...0M..0 4....1...".D)..2.6ML.M1.4.@z@...................hh......M..&...G.1.zF....M..........4b............4.4.h.... ......2..L@4............h..... ..y.)OzT.AS.J..1S...jyL..?.LzPi......&..dz.?T.#.(..P...4... ...@p>.}.j.{.6~...w.\|nO...Y....a...O.}.?f.....R.$+~.T.B._...D.."d5H....!..... I...@..".H!..@...B......@...>G.L. .....>....%9]T}..l.w.A..~...>w...../..L.......(X..3....m.@.......P...@ !v.(..(........@$!!A. @".!....!......@..H.......]..=.}.._/.....et.........JH....B.m*.T@@.......t. @.k.tt.w{...W...:....NQ..PA..\..($..@...B..(..g..c..h..!....p.T A.4..@.]..g?W..996...b[HP.6." I.....O]u.W..f... Ih...5...tl^.....[Rp......ing&.%w~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hrescued\thankyou.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13482
Entropy (8bit):	7.966507058407492
Encrypted:	false
SSDEEP:	192:MrHuvzqFC0uoHBZVuwyvYGwdI3ANMTuY0QWJ3ii4VROO+JuQgJ+zliPPbxFPeoeU:uWqFeJnh42aMBogRO9liXbDG0eM
MD5:	BFE90D4B50F9D6D4A7488B8F7ADBD75D
SHA1:	4BC10BECF0C834A59D12EFB8C1E04BCAF39B5AFA
SHA-256:	52318E9C330A8EF13A4F78B236BC82B683085B33B1E650C52114A5534D14812B
SHA-512:	7DB8E5D069A2B170AC1E306219502CADC5F3A62ECE327A8BB6F90B91444B024E68B00C1F013BF376CDDC76273DAB18BE9A93BEAC354F9BCB8067E1900262E3FF
Malicious:	false
Preview:	BZh91AY&SY"......................................`=>.(2}.x(:..k...V...t.(.lhv.n.f.6.3.6.@Gj..u...m.......@.4:.L..P..5..........-1E..:9h...:7`m.!!l...%...k......S......4...4&..i....i.... ..3P..d..@b......i.4.2...@.S...D.=...=OSM.dd............S 44.=@.........FA......4...i.F.CM.4..4..#C@..@b....4.d.F.S..4D....4...z...............4.@........M.M4.@..`.........#i6.P5...L...........0.......`..j..~.........@.........P...h?T. .....M.....( ..............;.,#.i..>!...".(a. ^....m...d...O.Z....KX..7.o.D".T...#......\O.......!.....@....?.i.....>.i..0eR...[....Lb.C_.......t.o.6.O..V%r.BY..rF.P....8..\..\...cd.b......T..........O...}..}.%..}.+@.J\|.i...X..`.. B.>X.......!....\|...:..T..T/..H.....\|._t.\|.........~......_.\|~/.'.F.........Ht......V..>...\|>9....g.Gg.9....+...0.@1..C..@....81.@...p.......9A0...8......pLA8_'.W$.]z.]f.LN..\F.'`..;.^..\|?..r.Z^.....4.......(x...aPJ%..7..:M....~..A...........&.7<.t..p0\.c... @.M....%._kX..u...7.G...9.3.....:.tD.1..~...&......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hrescued\wemadeit1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	51694
Entropy (8bit):	5.234318828077998
Encrypted:	false
SSDEEP:	1536:MAtfQiQg5ytauHrY9El9AC2UADwA3k5GX:JfQ45yt/rY9w9z2UADwTGX
MD5:	CC6F2DBAA04D755442CFBAFD8CB54074
SHA1:	247C0B9D26AA5EA5899CD7446B8EEF5E12EBBB8A
SHA-256:	758AA984664571F2894EDD99F8FF0C53ED50D99E45FD6AA7008DDE0F33A3BE25
SHA-512:	3566217D4A46C1BD51A9F55144DEEBFDB7C5FC186463AE6C2D2189384C107FFCAC673CEB2F753738F73953108E7A076AA3BDC8D2EAD4CCB4C115B3F9D85BE1BA
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data..............................................................................................................................................................................................................................................................................................................................................................................................................................................................~.............~~~........~~~~~~~................................................~........~~~~~..................................................................~~~~~~~~....................~~...........~~~~~~.....~~~~..............~~~~~~~..~~}~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}\|\|\|\|\|}}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~~~~~}}}~~~~~~.~~~}}}}}}}}\|\|\|\|\|\|\|\|\|}}}\|\|\|}\|\|\|\|\|\|\|\|\|\|\|}}}}}}}}}~}~~~~~~}}~~~~~~~~~~~~~~~~}}~~}~}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~~..............................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hrescued\wemadeit1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	18708
Entropy (8bit):	7.975766863658572
Encrypted:	false
SSDEEP:	384:t4qUaszc8CRyJ0n3YUIpt5QJl7MaPqC0AiYif2qdNpM/rZNWjd15Z:t4qxgc8CkK3YzYlQaPsbvGrOJLZ
MD5:	11AE02CAECFD72120E24B6D71B37383B
SHA1:	81CC3F9BFB307F7458ED13C227FF8B1327731B0D
SHA-256:	87882DB8CCC503E362DA075C9D07A03EE27CA675133DCEBA3030CA821F5BBE57
SHA-512:	E4500E70E40BDFE8395F4F84577BE9BFF841DF51AF14216A04BCEC1DF53CCF2F12EA7BAA09687071A9E94E08394BBB6CE8C75B5F4FAB17F2A216D49317998784
Malicious:	false
Preview:	BZh91AY&SYZ.{...n..............................!.`U......A....J.V...Uv...W[f...a..wqwpm.-..(..R]...R........l...#LU T...ZF....`.6%.....wnP.2...:..IJwL..EgwID.]gAF.s8..nK..s.....'vr......;.........vv.5...4.@...)....!...i.Q.h.i...cA.LOI.5. h.5.....bj1.&.i.....6..5<S.F#...0.S.....#'.0.Q.....cP.16.........C@6...@.4.........~.......mG.......................h5<"".# ..H.=.I.6.F...`...@.F.4...1...A.h........~T.........h......... ............4.DD .T..y.@)..(..j#...... ..@4h.F.........A.&@.F..M4c........Z..."F"0.6:>FJPB$H.....LD.BZRp`............e;..._......$..@...D..)......".F7H.Y.H.h@"..B....e.....h...B@....(..$$$R(......!..s.u....RB...){.b(...X!.!..t.J.. ..W.j..i....R'..`......4.E......._l...........v....q..H..4b...[....BY..F........+..O.....>..N. ...@ D%}4QT....... ..P.}B>.LB.!......P..(N../.J...H..E....`.!.._V.j..&)......KD.....D!.g.\|...'V.].X.":..uc..1...O.(..Q{...P..H.D..$!P(.E#.1..P{..........,T"..(.u...bX.5b!...~.m.z....QG.....A .^..$...../tT.HH.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hrescued\wemadeit2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	43486
Entropy (8bit):	4.790445984336408
Encrypted:	false
SSDEEP:	768:VyAo9E7tpAkWfWEKz7hYWj8EKSlKefFjc14NsJlem0XUx/txVviQEqwZKR:V3T7tpzW+EUh76RedjY4ole5Ex/zVPwq
MD5:	594522F368AB3F12321EF7F3D972A0E9
SHA1:	7A80BA2CBD1391F530351C73B800401AB94136CD
SHA-256:	72960E8138FE45B40F36F074DDEC796CC8906A1B0F6225BE39AE5C9AA1E002C2
SHA-512:	07E89255CD45F0AAD0437C3D538E5EF6FC4CA7FB67494E7A8D0DE1CAD8CA17A05FED671F0C02F1A0DAD1F212B04AB187E0AC20E205B4CF48321AE94DF1A531CE
Malicious:	false
Preview:	RIFF...WAVEfmt ........"V.."V......data.....~~~~~}~}}~}}}~}~~~~~~~~............................................~.~.........................~.~~.....~~}}}}}}}}}}}}}}}~~~~~}}~~....~..~~~.........~.~~~~..~.......~~~........................................................................................................................................................................................................................................................................................................................................................................................................................~.~........................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hrescued\wemadeit2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	14654
Entropy (8bit):	7.971620114896149
Encrypted:	false
SSDEEP:	384:/qF6VRY8M53a/DlINshV/wGs4ziEm5HwNlNex6RYi:/FRY8fIOrfif1wNauYi
MD5:	C206D63E43BB35DFD0C012F0C43891F4
SHA1:	D173887B88C21AC71DF35E316E5D4B291F5C357B
SHA-256:	309592C11572023CA639702B440164A9975C8A62A673D78170707F8066CF7A5B
SHA-512:	51948D499752B6FD914EE1D9278F244119F7BA1EFC8EC3BCED3EF46DB835D09A30CB396A74028FDC957AFF0880CB70E731ED99371FB01758B73B583C76307EFB
Malicious:	false
Preview:	BZh91AY&SY.!U...H.............................^@.`B>...t=Nk....S..[(.....g;..79.9..s.n.n......Y....;..h..)^.p)Y..T...Z...m:..T.....;..v.......r..Wv\...#t.).u..Z..g;.v..m.\..v.@...O.L...&.. .M2.MM.F..M.&"i..6.M4...M..&M....=F.........Hi..? "!...aOE3Sjm)..6....C.4<.L....4.4h...................i.h44.4.....C#.......4.@4.@.2....5<""..?M'.. ....4f.'..=&.......44h..............*i..MM4....M42.L.CG......FF# cCBa.j@.LA.......L...0..2h5?DD...2&...&..)...O ...a.4..f..M=@h4...d..M...1.4d.....$.....ofH.6n ..))M........P....#..x..T.#...:0...L..B.#..C.-.C`........B..!..m...Dl..... .....G...J...J....@`0..."..,.i.4....li.3.U.bi..~..../..Z..)<..tEb....]+....j.+`..P....!.I.........!!..V..0.`B. .... ..0.......Z......$....I<v.q.0..<uc.../......_..#.>o........E.I?X....Mz.`..H..t:H.................BH3\7^\|._.J.Z.(.......D.....#.......0.K.C.k..S....>?/.....0/....0.ix..#..!../....x.....\...0..B0..&1..9....`.c....0...Z.-^.V..F.J.--ic..ld...2...%>y.........x.<.o.v.....H...j.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hrescued\wemadeit3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	41294
Entropy (8bit):	5.425449127990069
Encrypted:	false
SSDEEP:	768:5M9cJ88/2sdf4QIF6WovpiVpy+rxbIbfnt4LlyGUXSPaVh9lKBl3RpjAuAJs:5k8/2+AQCpWpirZMfkyGUXFlg3PjAjJs
MD5:	B3E68B3B51E15C3DD3FDC2E1E8427ACA
SHA1:	F7298459DC2E2635F3035770C0A3F989ADD9CA8C
SHA-256:	9F3E96C7FCD977224B455A67BA702674EFA2889610639A62DB3F58709621C44B
SHA-512:	5B3ED2DDE8775AB90EB6A05E6CC454B518582A5BF44CF0E4A46E9B907B31CAAB2A9D47AA1DF5929C1ED7FADB147CD75498AEF14F6C2FF140B9EF1472A2CF4974
Malicious:	false
Preview:	RIFFF...WAVEfmt ........"V.."V......data!...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hrescued\wemadeit3.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	16627
Entropy (8bit):	7.967263456000729
Encrypted:	false
SSDEEP:	384:BZHscx2BtW7zGQuM9ae4ia3kiwtK3Mhfs5FdQxOHt1t1oC8x25HgbprnYT:0y7aQuM9ae4iaUntK3es5Fdf1taC42Z1
MD5:	0F52EA3D1A01D05C945DE90B78BDD343
SHA1:	BD2E6D65999E52758C2DA1EC9D30FBDB9830AE5E
SHA-256:	552BE49E18EE694276C92DA22F9A9824B27E6291E13EA474A92F2C8923583654
SHA-512:	1FA252DD8804451172C75C2A1FBE690FBC1E162C21BF40F2DDB53070343066434412BD437E9FC8584AA915044BF8B2545834AB3F5264C37185548119EC593697
Malicious:	false
Preview:	BZh91AY&SY.Z8..@............................... `M^....w.<..ySCU..[m..;e(..[6...V.L..n8.ds..;.uN...N...s.H.20..QK.U(...S.@P)@....9.......j....7X.AV.u...pI.r...M..wpww:.a....MhP.h.kZ]..U........BM..`..@50.&.#FI..2mCF!.M4i.G.4.4.6...h.h.4..M..@...E? A.H..m0S&.T.i..h20......L....F.....2..........h.A.@.... ...h.@h.h.........@.......j.O..I4Q.....4i=!.!..4......................E=M!.&....&.......2i..0..`.`FF2..I...`F.....a...4.44.... .F..S4...Cjh.M..........M................X..3.d.C..(..:JLe%BT...F..#.....%_.........&.b.p.....X.#.9...!.....Qe.$.E .....60...w.ah. T....!...(ABBZf.$..@...!~.ME.....m..HB..N...i........v...b...D.....8~.o......j.eUg.......+{......Ske.t..'."q.$8..G...'.K.H*/./....E..THRB..R......\|`.....!...'.....>/...$.k.[.O..\..J.A .Q... /....xDD.."...T. AH...+..J....~.....W........x....W....^;.ER...M..z'..W.....=......I4..]h..@R....y.r\.B.B...O...kJ.-.:P.Z.\|.w,K{9.z:k..+.Llt....:A!qZV..X....6.A.hI..,$V.H.I..b....../#.yK.6.J...:.....z..D:.y..k..\|t

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hretreat\illgoback1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13262
Entropy (8bit):	7.965170801505021
Encrypted:	false
SSDEEP:	384:3QDnSJtFuoPJq/ChRaAJO1tBP3JRoLFNaSz5:gatFuoPJq/MO1tBBRqlN
MD5:	E3560ECB9E577A4A35C84B7195699204
SHA1:	9B44433ABF7D9153E71500A7D4DC54F2957356B9
SHA-256:	A0BDBBC7AF18C0A8C0373C5E3FDD21D42249F5EA079C8691EB18197DA29DDF6C
SHA-512:	CE5DFB0E5DB6C350CC0D93F4DF7C9FF26EB9F18B6CE6FD5F1B5647EEC14AC4E00DCDF2ED259CEF2434167EEF7086FB8F3254D7980CE2EB220525A14ED2015715
Malicious:	false
Preview:	BZh91AY&SY...................................t`E......:.}j.[O.t.......^v...n..7.^..'..w..........m...N{..M.qE{..m.].q.T.6....w.......C....z.....<.G{t...w:OZ^.Jv.......S.v.C{...9{`.....^..:.l.5.]k..m..n.........$.....&I...*mLM.S 4.A.....f@.d...=F....<..4.........L"H..{I..).Ph..i.A..........M.=@...h.........AL.SF.F.6.T..L'...#A.@.#.&!.....C&.4..2.........&.S..DBe...Oz.....4...144.........@...........I$S"..'..)6.......@.......h............I"$h....b...H.h..@.......M............. .b,A..-V...w.p.4....FB..(:d.qP.o.R......9E.......@._..nn._.....U."Zh..`p..p...._...#."..9..(.(..c........H.......9........5...}........EQ...#'.J.U..8I5...`4k....!.lz(J.c..C.vA).H..I...P......G.h.H<........=d....7...\|....=ao.Y....;b......O...Q.qW.\U...@S..5U.\|..O.8z..C....C..#D.....oq'%%..2......,.S.........sP...sTEM..&\|...l...Q.V....B....Ld@\Q.X.0.!...Aj...x).I..."e.c.P=....._.p.}.....x.. .%...H.9...a..:\4.l....!o.6o.}..u..]..%.."AY.U.....;.m..R6.}zs~.g.T.6..S>.......... MH

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hretreat\illgoback2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10778
Entropy (8bit):	7.95414324616375
Encrypted:	false
SSDEEP:	192:EWVs4F7Q/KsQX0jEl6O5otmeVujY33bJRiFkBHgguV5gKbxoT7U/f7iqmW67tv7f:EW3ixQXaEF53eYO3bieNBIxWU/mqmX7Z
MD5:	8274BD62664D0D4D11970C6833635E45
SHA1:	B7398E235119AF2029E9A8C3F142CB2E90CAFAD6
SHA-256:	0AAF97544FAD07E629FC7C3D617A553C1B15920BB677B761684A3B30EBE464E5
SHA-512:	6AC605CC05377C5BD1C0BB26AE02B07671DD41C7A0B6C2F42186CFE9FD82C6788C248329CC4CC768920027EBA23809404EB4866766FDC4128F177517C387661A
Malicious:	false
Preview:	BZh91AY&SY.-?O..............................A`3.\|../<.>2..E)@..5...].9>.4=...Z...l..A.Y..OJ.....{j......A.-.ex..y..-..M...z...y].:.+L...)AJ..=5..jz....2hM.L&.E=M.h....424...............O".!...Ji.(..........4..P...<(...h....42.7.=...6..............M..C.a.4....h.4.S.DD...3I.I..M&M.A.......h...............Q&......'.T.Hh..@.@...hh.....CC.........L..4iS.=@.....Cj4.4.......M0 ..=M.2.h.2.....s.V2D...N>.....O.5.P.Lj^..up...-uA.1.%......!/{X......r. B.BB]..Y.(...X).B)r.L....k..H."X4..!..R...P...".H>......v5.....e.,.C.eO.W....%`EE.T.......T..K.}...=.v..K......7..&.....7.......)..$...BAAH(...Kz.......`...q................:...?.........w.JH....e..A@.)r...B.^.5A.(..4......<...."2L.@....2 ...r......<..[eU..J..).+$.E.=..l.l..TP.E$ .\|..k....uQ...L.H.....U...G.>v..F..<.]..)...t....<.....;.j.W[......o..0...Ef21S&BH...6"5,...v.'(...e.F.Sr..b..4.!qD.c$..TJ....Z.....K."....aq..H..f.C!.....m%.t3.p...V...q.....}+8.%)`......yJj7.rR.D.R.t5....sC....7..A.9....! H....s1E@eEZ0

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hretreat\okokgoing.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	35886
Entropy (8bit):	5.325827695620227
Encrypted:	false
SSDEEP:	768:suWIdeYhnq3AVTHCSx0K37GLbEjji5Nvdocv:stYRpVTH5x071NH
MD5:	FA3CA994A6E9F5C7582D6A72940F1005
SHA1:	04D89F98E072B520D9639337358E83AA0649A693
SHA-256:	85736202976093B9800A8B7FB8EF88432AA1B85F9B8964C45A4A22E0D66BF3BF
SHA-512:	3C7371A298F4F5DD2E91830ECC9B2157F24896B08E0B84C0C70979D049FFA63E67D4FD476280329B1EBAC3235608BFC07FDA47657A065D22DE7F6C9E6F600420
Malicious:	false
Preview:	RIFF&...WAVEfmt ........"V.."V......data..........................................................................................................................................................................................................................................................................................................................~~~~~~..................~~}}~~...........................~~~~~~...............~}}}~.......................................................................................}}}}}~........................~}\|\|{\|\|}~...........~}}}~..~~~~~..~~~~~~.................~...........~~}}~~.................................................~}}}}}}}~~.................~}}\|{{{\|}}..............~}}}\|\|\|\|}}}~.....................................................................~}}\|\|{{{{{\|\|}}}\|\|}}}~~............~~}}}}}}}}}~~..............................................................~}}}}}}~~......~~}}\|\|{zzzzzyxwwvvuttsrstuvwwxyzzzzyxwvutsrrtuwxyz\|}.....~}}}}}}}}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hretreat\okokgoing.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13253
Entropy (8bit):	7.958686786546302
Encrypted:	false
SSDEEP:	384:mtiU3VS3YVcOUPlrtAst51EkpGjjNUHaCEoDfmfK+w:htPlr2Y1uj2H/EoDIKt
MD5:	D6A4C54BDB94C0EA71A1CF51F38DFD7A
SHA1:	4CF297DEA07AAD3B7CE0C65C4159CC7E987AA559
SHA-256:	DEA9752712F0B16D8C94B52F5E7F192B25998C921645A5AF04F593FA276146B2
SHA-512:	0E0C9F0433FF43E127BF71C56D881F2B4D3206FF12202F23FF39325D258256DA08D0D40CC995E36A41489D63637E465329A1B7EED6910D2DDB92C5D3604456D5
Malicious:	false
Preview:	BZh91AY&SY..............g.....................@.`>....}.....S-.Km2h.F.i.kSFk......gG....vt..........;...]).9.{.m..W..2.6..d..:W..6.+..)....D-Hn....6..s)...m.....[4.....U......P...A..4.&.h.S..z..=A....m&.....h.16.#.4b....@.......S......L..0.4..........h..P.4................zM"ji.L.F.`.4`.mS.L.#..'...OM4......i0.@OQ..0.hh.......S.DB.!.zh&..I.....h.h.......h2.............zBD...Q..=.....G...4.A.......2............OR$......{I..SOO.=F.......4.LOSOP............`,..@F..c..q2fce.P...T...w.......a^..+N..V4.;..d.#f...%PF:p...4..Q.BJ.hXXDJg..<........B.V.....C......W)....U.QZ$..Z.,.L...+.uV.P.X.M.z.(...(,9`.C.X%!....J.\.V..-....!..6.z.os..[...l..9.....-..[TE[j+..Q.HX........0.,....1hV.kJ..m.JZ.m.V...../..w........r...........!z.....,-.,0.t.../.<.....p...........v!.q.....XTA.GV..,..!]\....Zd....f...%.R......".0.t.u0iX.c...I.T..%.P.R:.......D.g..1.......a...!..W......... xP[...'..4.b..D.QjaD..D..q4....8.lN.A..Q&..]L..j.Xz.'..+M..j...:........20...{({...3.co..w.d`g.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hretreat\okokgoing2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	23164
Entropy (8bit):	5.514602686650343
Encrypted:	false
SSDEEP:	384:oYPb78c5ESJ4060akICtiKCuZx1hX4gb+AXRV9ePfyELVvT4in3PuL3ZRTnTQsZG:oGPHajmipuvXkAhV9eHOinEssZKuE
MD5:	A9B1E75F347C5C051E0BFF5BA354EA93
SHA1:	4032488959839F9369EC5CB72E8B9A08EC9CB953
SHA-256:	F5734F74DB90382E85F325F9CD4B2AD3DD21F65FA3E651E617EC515BBC414B99
SHA-512:	94F69C2583955B2C8ACC06DF4FEBD2915DC44F593EFA5E9907B432E6A6BC5E2F06499D8CF53FCDC201E9BEFA55CAB3CF232193C8CD9E839711C8FD54DF1F4D87
Malicious:	false
Preview:	RIFFtZ..WAVEfmt ........"V.."V......dataPZ................................................................................................................................................................................................~~...............~~~~~......................................................................................................~~}}}~~~......................................................................................................~}}}}}}}}}}}~............~~~}}}}~~...........................................................................~}\|{{{{\|\|}}~~~~~~}}}{zzzzzzz{{{\|}}}}}}}}\|\|\|\|\|\|\|\|\|{{{\|\|}}}}}}~........~~}}}}}}}~........................................~\|zzzz\|}}..............~}}}~~~~.......~}}\|{zzzz{}~..........}zywutrqqqstuwxyz\|}}}~~...~}}\|\|\|\|{{zzz{\|}~....................~}}}~...............................~}\|\|\|\|\|}}}}~..................~~}}}}}\|\|{{{{\|\|}}}}}}}}}}}}}\|{{zzzzzyyxwwwwwwwvvwwxzz{}}~~..................................~}\|{{{\|\|~...............

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hretreat\okokgoing2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9722
Entropy (8bit):	7.957532705048211
Encrypted:	false
SSDEEP:	192:NLVs+R1WP4MvlKpMerDE2mDpvv7Ddx1UmX8Ge2OS31ApCQ4rRRdwe8kz:A+IHlKpL2HvdImHeUBQW1hz
MD5:	A408C7B1A8A3837CCCF08E496956E4A4
SHA1:	CC024756D39C5107719B50E6760D5BED89A7570F
SHA-256:	C7D3FE9F4B85B12C004A898D04EF5CF36420731E1A44DC37BCB60FFDF58CB97D
SHA-512:	AADFDB90BD5AC329DCBE0600A98A2F4B2BB2A26B713B903450B95070792CAC341939B4EA292ED2F1D8D956D5E91573E0A8DE8D3CA4BA3C794B9AA9C9C41BEB90
Malicious:	false
Preview:	BZh91AY&SY.~...E......v.;.....................`,.\|)..{8..P.T.J..).6.d-.a...@.`.A...=.(>....^.........4..AB.IU...4P...@5<..h0.......i.... .44a...4...CF...4..h4............. M...jOSF.j.P.4...h..4..@h..............E..T.................2...............FO&...&j............ ..h.........=(.y&..j..#.......4..4.....0......0FF..d4.h......4....SO)....&Py5.......4.1................s..........PP.R2.....Jfu.MEMI"Xc....!&........K<g.H@...P..".. .M.....i.......(...... . .@..T. H..0E...(.H..%....%...,.k.O..o8..i.+.A..........$....($.P.!... /.8M55..@... ..b.p.$.x...\\.].........~..e.\|ay&.``I.@9..K`A$.I....0$.xr[....w.#.p..p.....An`............sc..N.I.&..L.T.v.J.k<..~.o........q.... ..%.H...t.J .t.....oS...Ez7r......,....$.U....M.R../+1..4J.QM3I4..n..\!.S..~.P....Q.u..c\..........k....\|pn..3.S........;.A.k=....t....8..n.\0.Y...w....q....w...l..a.ti.C.u>.M...v.....r..z....J...v\6B.m..x.p.f........j.lF.S..N.o.e..*UN.[..-._..F..\|.`..Vl..4>/..s....vk..........>..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hretreat\sorry1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13433
Entropy (8bit):	7.972468161612429
Encrypted:	false
SSDEEP:	384:JLK0uF2mIQWr5KOl6mxiZ6mTRZjntTKsPQy:JLK0fmnWCm8ZnTU6T
MD5:	D65E462561F2E2F095207A21F84A0F8F
SHA1:	673534279800CC6E5A05EE095A3A1493787ED111
SHA-256:	5A66D0E67AD8CBF33227318951FEA862D239F48C2BE402F11A66260781B9D0E5
SHA-512:	AE87D6B0D616654EE6AA5A1165D1363D1556E73FDEC8077029E4BB95FC4FA596434804C0750A2534B6FEB8FB7D1A1907218DD65533D93FF294A129A96C70DD04
Malicious:	false
Preview:	BZh91AY&SY./........[.......................v.....`9...w.0=HC...m...d[....e.Zd;7..unn..0..C..U;.....v:.9.{b..8..w1.I......(.n.I....tW;.G6.;.Wv..i....aF..,...)m..Q..J>......M0.....h&F.F..OTzd..z.hz&..FLe=@...44...4.......@Bh.z&$.........d.CM.4.4=A..@.4=.4.F....h2....<OD.$zj6Q...hi.....1..2..!...h.).....4.CM=FCL.C..4..FA.......h..T...eS..M..T.F.............@.......S.i..4.4.........4....h.@........2...@.h..j...I.A.G..=2..h...b2=F.6.....@......4.2`..p....(.(.iYYy.&@f@fDh...N%;@......H.J...>..wK..aO..<....`...~>.f.0..?z/.1....%F....X.......%.h@...1.5HB......R...!... .qp;.....6....,. ....!........0.a......z~.....T.....Wn1H....N...P...Z..\|.......z.F\|..<...N^k...?.x\|...P.S. ^,Ro.!...;..#...xt\|.mW`......o...`X.j..&.....F...W.:F.l.o.......q'...N.{..ddl.Nu.^..w...".T..TI.......BY.P'.b...L-.t......zW)n..qP.E.;..........e.,.......)..tO...\|...{..I.X.....2...Mn..z.8........n.....d>......k...4......!...p.=..0.....v...n.[...F.*L.gv.._.".....]].7Dm..U.\|...f...0q.=...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hretreat\sorry2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	15033
Entropy (8bit):	7.972474014861724
Encrypted:	false
SSDEEP:	192:3ufA0BB7eXeJKXjSIYTZe2OWR2GQ/yVGAY8qcpJO1V5BXhfzMemIV47oBuqcAjgF:30tBJdzOq3jvNquABtzMeautTg9fVF
MD5:	34CFFCF7F1623743C70C1444B0281FE5
SHA1:	C86886E99F93E76DDDC319ACC6CCD57DA5C2B0A9
SHA-256:	4E1BF6F71B9F652FEDE30A48790F6EB29036B1EDC2F6B3EBD0EA93D0B021640A
SHA-512:	CD45DCDF46E33030AE237E9D6E550460FD111CC517DEE7A3C96BC43C2F637668B0F8947978180D24A9CDAE4D370EFB446CD1C7682C35AAF1B536CEB0B2FC0EF4
Malicious:	false
Preview:	BZh91AY&SY.{.$............a....................@.`E^.)M.w.y^.....L.-....a..Rn.........c.Q\q.i.....59....l.Ch....!).XpD.F....6.......,...1..-..j..iU.a.qn.....t....cm..m.m.].GT.....#@......Be1.i..z@.4.@.....4.A.i....@4.....S.......!5.L...M..d. .........d.h.44......d.b..h......4..d..@.44..bi........h....2.S."!.i0M.S.S..~...JmM.d..Q..z.....OP.@d..........OIMS..h..h.L.(4.....M4..!.i...1...='...... ..2..2...z.ODD..b..1.h..B'..F..@.FM...@h..h.............bL.~.4.....$.n.3..M...QQ.5.W..T8..................K.@..."..v.H+..s..\-....-Uh....!.T....,H.....B...)".aim7T.(....U...K.4.d._.lv../.7.....P.M.._4..a.~.+%rU.0..`Xul.X.H..z-..m...>...V./V.......Vz.b..V..mJ^......X..../V.....IQ..J).XF].],-.X3.p..gd...%..#......zU.J.=.....Y......^..T..I.Z....../...xxy<.w..*........@D............+..A%..&J&..#.....n.].h..4).~}......s..;s..6x...`.g%.w.>V.....s.4.-%C.b.....6.......C........T."....C.;.`z....x\|2......~.........D.L.k..%..~...G......+......../....c2..@2...3.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hretreat\sorry3.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	14671
Entropy (8bit):	7.960134057592823
Encrypted:	false
SSDEEP:	192:8vh5siX+E3UWxIhHD8zBMME+Uh/wLA3lUbcu5UJZ+MZ3gs6nJIecvllMsRgQh9Q4:yKfD8FJe/w74pVwzJ4ALmQsm8YO5V9
MD5:	CBA03357776CBB66917B9AD0020D689A
SHA1:	2EF8EAB8AD30F87432F76763A0981CA13B8D1ABE
SHA-256:	C53817174FFFCB032FF27B7D2244FD9735A955D298E26ED383F32B869EB5BF95
SHA-512:	2623D9FEFBFEA3B1DFA4C7F335F8C6E6091121B9BA0842F22B678C9C0196EB742890270630C2EEA841942A3D4CED3CB8E8CE3BBB2570B881B4493793501E62CC
Malicious:	false
Preview:	BZh91AY&SY...r..U..............................`F..[.P....G.j.....(WZ.jk{992.f..L.r5.s...s..k.B..h.....<...NZ.6Z..^..m.........;.{N.9.....s5.......n...wi..=.Z.g.,.uWgC.og...A..y5Y..k!&.+Mk].R......T...i.d.dLF@.....`...M1..4.z..d........2.H... .6...dh4.....D...........<...=&..4....4..............S.i...i....#j4........m@.j4.M.h4i..P........j~..D& ...).z.....h........@...........=.!4P...y.....S...C...........4..........JzD.@Hj.zi..=Oz....C .........#....@........S..0.A&....C'.DPk(....I.KB.Fu.1=i.uY.v..5..`....0.K..ZA.A,}.D...ZQ..K....)iV.DE.UecB........J..#H..eF......(..(...B.$E}......:..i....\..f-.....i.w[.......o. ......t.a..g.G.`......G.s..............C......k N.);.....X...E.<....Z)R..,..4&4JU.iEP.b!....m.H...waZ.P.1.U;.0.A..{....m..g.....Go.......Y`......`X....B..)H.(../-.*R...%(-.M".j..K.-.W.e.<D.."{:...0.}c.N~.C...1e..v[....O.".B"'..F.A.E..9B..T.^.+.>....O................^...B.l:.{.G{..OS.\|.....y$......@.SH#..._R.>?g5./YJ.B. L...p.0+.e.A I2...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyct\areyousave.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10961
Entropy (8bit):	7.9737693064208965
Encrypted:	false
SSDEEP:	192:hx2yc/L9iohkWFn2eMSyAb1lRhnDTwRDlcT7R9OJVBXBmK:hx0/JionASyYDcReTXOJVZoK
MD5:	191B75B1E6A89DBB1034DBB7B96339F4
SHA1:	71E2915AF98C08BEF0FCBE47A5A7882BB7D8BC39
SHA-256:	BA477736AD47157531ABA0D7AC64C64D69B14D8045E9E7CC86693A0B1E2E9780
SHA-512:	7EDDE65DE16E382FD116414E6E9713F0031C5E98DE220E405C24E16F44D89A78DB3A63A0C2177C2D73522EA0F5075726FD5666A259D9E7669085FECC85D97D3C
Malicious:	false
Preview:	BZh91AY&SY..8..........P.^.g$..=.......@.`4^..M...%..\.s]...m.....n.:......"(.X.... .Y..(...#Z7MA......3.`.P.St2..P..K:.G.....\Z.n...."....@.ja.....<.!.............!&.D.i5..D......4....@.....h.4.......@.........Sjd.3.1.D.Fj.... =A.4b).1...#&.....44.h.....i.A.#D.S3I.zLC....2.3M..Lh.4.#...,&..."(....V.......Hs.]..7..t.%-.!$.......n.R.2J..t..U.BB.....E. B.....V!.!F.....A&....m....@".V~M.....3?.....q...7..o.....5......?D.C..V E$..B.... ..II1 .M6.T.......%.{.^.Z..(..(J........oO-.c.4..\..EpX<mmd.B7..IfN.LZ...M.U./.R.]..(.vt.F.eD.E.1.T..M.....AB,...E.....D+.sU-~?A....sXOe'..c...]....k.[.t....i...g`..\|0.......B....t<x.....K.?./.?.........K...o....?.e.._zr-8.v/#.OOO...zW...?TP........i.J,.*..j.F....Yh......H..zG.g..'i....e.j6+.. ..T_.{4.k........k..m(...F..4-Q.......h.1.;m1M..=..C.}y.~]vVo[.?.\|..........5\.(/.m.....(A.W......b:-S..^..E._ulZ.. ...i......yr.!..^.;.YG..&.................[m.+...`.....S.K..s..0.)...[...=...E...I.qM ,6....}/......\|...%I.f

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyct\finallyhere.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	40728
Entropy (8bit):	3.9669288906407103
Encrypted:	false
SSDEEP:	768:+DbFN8CSP0dtxMLpXHUz1H6LGjEyepnjL+AapTi0zQLUzwC7TkWwOCoevxHZtWJs:+DbFNblKa1assva0MsCvkVroevx5tEi
MD5:	CDBA3B54CCE48E78AE2A3DA2EE3DB8DB
SHA1:	5E78240B21E12D883BD7E96EFD60FF3AB567891F
SHA-256:	3300A1E2B75D937201D5CB04794A8D1E71C02FF13AE0B4D236ABB6FFFC6773D9
SHA-512:	4912A56409804F2DCFCE79CEFE35D1B3EED79C90D90CFA48A03EA39EE90237DD0669C0B46A3B668AE9548C3D619DBEA6DD5C89E38673BB72681A2C981167B0F5
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyct\getmeoutta1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	37424
Entropy (8bit):	4.17874090039877
Encrypted:	false
SSDEEP:	768:SJBzD6VEcEvdy/vNjiri2lVqrV6mGZvpYQfBkTXGxDxTWhMMIu4prqn97W3rFpLS:SJFu6x4/vGi2XvKG6XgxTg9mpFvLS
MD5:	E46FB4B3C41994D4C6FBE79221EE3886
SHA1:	2C71D1DDB8683EDE8E8FFB10599D45B90F3BE9A0
SHA-256:	D885F91A7F96FAE117F8290B9A7599EF90597AF954804FC705BE8444242B8CEE
SHA-512:	0BDB2AB4BEEA3D264FDCE8F9461D9178EA293CE53EA82FC24F769BB447E9138ACC08ECFCC062F2E6AED50AFD132B644C3A59FFAE0C5B09169602F2C234F74F05
Malicious:	false
Preview:	RIFF(...WAVEfmt ........"V.."V......data.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.~....................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyct\getmeoutta1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11271
Entropy (8bit):	7.950114895314452
Encrypted:	false
SSDEEP:	192:Q6/0NXV7qWZs+/XxVDnqFiwwadxJI33YKJSn6TNo4BAA9WaiocUaPPQo0:f/0lVOWZZXxVDnqHDI33TJqa5beQo0
MD5:	26554EABEC1F36905873E95060391B54
SHA1:	C3C20A7781DFC4CF65A62A07AB7922356C3729D4
SHA-256:	897C48B6EA11BBCEB578C605D9A6F87B3B04892ADF179FDE231EC99B4620A7C0
SHA-512:	A30337E44E485D853AE5EC11D1459A6EB97D84C5CB9F50BFEE946A2A45F613AD989CAE72A981DEE464746D6D7E49C350FDB83B9BE47234C4FE0851996C0224E5
Malicious:	false
Preview:	BZh91AY&SYA.).............##.............`<.{..R...(Q{.9B.v..s...i.......6..t.a..q.Z.{...k.Q....9....u... ...-:u.n.9z;...M=h..6S.......;.....v.k.j..N..s].mtt[2..kG..o,......@M&..$2&).E...Se.h......i..L.F....H.B.6...................0................M.D....). ...............=...bh4..O).4........CC@.2..LI.U?T.e..(.h........4=@..@.....?1.$...O_..?i...o.8..2..{..Y.i..1cB.y.(cm'M.~..z.6...(.#.7.ZH.S...B..("..%`... . (E......UN...e!.4.4.B....QT..(.".....YKB..%......>.tP! ..A@....W.Ea[.@..........lH?.7... I..&.E.R...`..B..}/.X............Q.. ....9....O ....O T..x......y..U..^m...Y..&....L.../6..!..P...T......G.Z.@.i...T!PR#qV%..H.P....\|Qy..k.]....!<..".....~..y{....W......(../u......0.@... .P!..!.^.4.."..E"J.....,...{..H.. JM.e....o...u..9....x.$..... @ (...C.@R@.(...H...^6/..... ....;.z........AA..$.) ....H+m{........... .l....!'.PP$..)A@.r.w.w.z.GS.T.....!.Eu..kin..(.Kb(..c..`+j.hJ.Xb._.K.\#`..+..(.{...Y.A[.j&.m....$5.#...$`~s.0W.i...`IR....r./..S.e.\|A7..2.$.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyct\getmeoutta2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	32760
Entropy (8bit):	4.009836212861341
Encrypted:	false
SSDEEP:	768:ATjr8jWTh0o44fEB/h6szvN44LjKEzVW/ylBm7ZfH/L/s8ECg1JAL:ATjvu4EB/hf446EJW/ylBah/Lgy
MD5:	DBA90196080A199339ED40B825EBE90D
SHA1:	31C68C97DBCC7E19F0105FA7349CD407D88EEB31
SHA-256:	E62BCA69A08D772214B2D3307BBB50E0E24AAA653B612134CDF29116CFFCE0D3
SHA-512:	825BD01DC1A26553D80D8B21D444FFD983521820A4D699155946DB357434EE86FAA7AAE5B9B1E78478A1296238AD2C94220D7408AD8FA4C6DE058AAB41171FA5
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data.....~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~~~~~~~~~~~~............................................~~~~~~~~~~......................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~...........~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~....................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~....................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyct\getmeoutta2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9971
Entropy (8bit):	7.969133430470495
Encrypted:	false
SSDEEP:	192:XAQKsWdgrlgXsZnYIMTTcU9WZwAJGJJtwibveViezWyP3vaY:Q9sMgBgcZnYJT3iJALezJP3f
MD5:	233B94E58FF68111C03D93DCA5F12E97
SHA1:	E89CB8D56891F1786E965BBA7B5572F0BB18F371
SHA-256:	B9D6EFA17B906E1228521830A1E9D57A39118F8C54D0B90A938B6BD5F6D77934
SHA-512:	946E6AF50F61973D11AA32484518B90A8C8D75A8FFDFC618AB8A3EFBD269A6D6AFA059E8C00B99196AB209DAC56103F3AA1D08BF4C6E134F89AFA0149F1E07A8
Malicious:	false
Preview:	BZh91AY&SY.(....:........P.7!..?...........@.`6.w.d+....UP..4h.d..9gY..5.F.....S..b$..r..]i..0.[.....T..a3.g#...v.Q....J.v..wr..wwi..\..9.M..a.C...%[i/.2...&..4.#.)...Q..OP..A........z..h5?BDD.M.M.&...M1...4....F.h.O(...F..22....4..........h%=.D"Si.......H...............................F.......(.2...#@b4..@.h.i..h4zD..&.@u:w.'++....xVb..$.Q.&......}.$ ....Y"..!....&....H2.E...H.%.....p.& ...%.\..H.,3\Q..W5...1DF$E......2...d...g.H..QAU..u.....~.... ... .....w.qFL&B....8...s.{.(...5.R%J"&..=..L.9f......GKK.s.Y.v....[....&9...@...@..D@..Z#..}....c...d2.."..."."...8XK.W.."............G"....].U..e...2n}..y?.?'.0>.%..{....]0...RA.$.@5L...#c..........E.P@@..RBA..P...t..4..M.R.........z...).AE.B.(... .....@..".+....$......kV.Ym...6E....T.....(....I.B.f[.[........'.)..A......#...u..444@,...p.....,/pJar...;.........Kk.#.h....a..........!.p9:....]......".e...X..{..jh=C..B..JY...7Ur8.!j:.+..a......*5..{.r......}S...X..t..E[.9&....L.#TW..s....Lw

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyct\imahostage.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	12070
Entropy (8bit):	7.965470478478627
Encrypted:	false
SSDEEP:	192:5oUzosBzRIJV13N5XdAA34kn6idR8HbZ63EmrKAkXwB6Av6iPafVD7GaoQQvJgcp:aGosBRIJ3N1fVn6iU0JKtwBRb4ZKaCJb
MD5:	A4524786EE0D7502CC587247395166F8
SHA1:	2E52288820666E38C4871F83C07C4F8E7B316D1F
SHA-256:	A3977E2A2C2A28CE343ED57A0B69CC53C37892D3C4740BB0096AF30BAD48A60D
SHA-512:	42F960D47B4660046A7EDBC1E50A57D14FD89ABF957D3E2F453454F0F6A1B52583B8A7DB378C69370589F3A72302E927C2A810B11B43695B8B9B4C65159C038D
Malicious:	false
Preview:	BZh91AY&SY...K..t......~..zw.1.?.........`=.."j....^.{e.v.af.Y....Z.^...8+..J...kN.f.5....Wi.{.<......3.zi.q..q5Ylk.W6...h..z,.....OG..L..wwZ..y2....-M...P-X....g..N.B\|5<... L....4..h.z..P.44h4.....44...?#B"M...G.....4..........q.0........`.`..............!FL.OSjh...4h..........." .z)...S.&Lj=&.a...hf....h=.....F ....i...M.L.......@....h.....z+.MZ....k..C....;n]X... ..py.Q..^kQ..$.t."}.0.c.S.kF.hdi...i.M0..l..b.#.....E.@JTD{.j.)1%P.l"(#O..j...R.)AV...Db.h.B. ..L.......I!P..Yhe.R.X..gya.;..j.....*.....]..\|...V.....+.......$..Z.......K\|C.8.......(..H.mT....\|.AO.I.s.$.p~......N:t]:K...jR.;.Di@..Ev..(..dd."G.:..........G<ly.q(!..s.U.;-hE\..6..F...N..1..[....g#U[.. .o...Q."...ns...T...k6.o+.....BP.!..SX..j."{..hZ+.e..hm....(".=....2.i`.....j..{..w=y..i.]...........s...t...'l.....i.<...g.97.........I...x.36..5....)...;....+....88..br....J%LB.fr.........9.bq..........e9B.......).Mnki..y.}.=.....^....O1V..ees79.c....\..:^.}t..}:...f....A.T..j.....C.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyct\rescueme1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8570
Entropy (8bit):	7.964507085356479
Encrypted:	false
SSDEEP:	192:a5F4K8govcIx8VsUHj370ZYp9EE1Kh8MO9t/2/CoLEa0fN/xfgHbhtgt:aknQIx8mU0Z4uE1KhAV23QTfNpfwfgt
MD5:	FB8E756535A3ADFE62DAD42040A6E5D2
SHA1:	8AA84B5B4A5D15AD7632D705FFC020B31C34CC15
SHA-256:	9100FD6A3AA764EB2E2514C7A9D405A0DFDA36BB5C722B6145DAE744BA498069
SHA-512:	85088B221104DD56C7E526E1ADDA712D7FB81D589875384F212E0CFE02BE77C66D7395AE63786F226CB7A1F534A640DFE11B20FB8CBB0FB42E5CCA8BE7B72162
Malicious:	false
Preview:	BZh91AY&SYP'.R.........S.x...g.......@.....@.`).\|(.}....U......`L...N`..L.-[W.....Q..w..k(.....C..{...4.,.R..[........fm.s..%.QP.)..@M..D.bz...................5<.hB..I..OS.l...P...........x..#.SA..h.CM..h..4....h.....ODDA....zi.6.OSe..T...j............)..O.J.h.44...hi.........CM..M"Pz............4.d....7..(h'y^.....(JSpn..V...U.To8.....9a...[.#]E..J..Y.$.j....hZR.$..V.A..:..V.UJ..k..j.$._......$..q.K..B......q.. r..a...D...C..F.-..oL.-.RT...E...){%DA...%JP.U.ij...%I(.${..u..%`~.>.....d..).X.B.B.....\|... ) Z...D....<^Ex...<.(.J:...)u............%^.kX......\\.;.<.....4/_K.."....^,I.g.`]b...Z.......Ib....*HMH..B..hl........J.$Z...F.L..........o.p..>).f...e.D..F...rb.I.:.x.C..........=.44w.t......F0....#..?....$y...#..._.g.@.-B..)3.Koo....n...."'.Y7....c....8.>...n.i.P.A5AQ0@......)...v$.c.a.<.jp..w..9i..x.....].E....\|.0....U...3....b.'..fB>..s......4:..u......!..5.")z..Y.NM......3E..... F.....X...:.kCS.4....G...u..i..]....~.`.m..........8:$

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyct\rescueme2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11979
Entropy (8bit):	7.969532778991306
Encrypted:	false
SSDEEP:	192:Hbmn8zlcyqZJPu2T0Npd1XzZ/Am4WiOrVfN3Yul2bSGHvyOoK3y8dEhuY/wuHeQ:Hbm8zyFZJWNpdtZ/x4WiArYul2bSGbyh
MD5:	A9BD148451C952A7E237CE67FE0887C1
SHA1:	E19197213C4F87C0A60A52614F8EC0457C72D003
SHA-256:	9F8F45CD2A8DAD7286E187B18253E1C0804FE7FF9C892CAE070A3D807F44D563
SHA-512:	5CFC2A126FDABBD674366863F2AE58899AAC0F00E8EE60BA3162597793CC45D576E45C36E54288D11283E0325DED27BA85E27A205D3D5CE61F6F53053F1B2849
Malicious:	false
Preview:	BZh91AY&SY.K....<............../.......@`;.\|.J7.........35li..9....2iK3]jq.R...m..,..EC.:u....f.<.v.6.i..sAeW.....$.u..8.]........])2Z..]FdC....:;.........E+...T5=.....@@h..Sm.).......=LM4..d....!...=)..z..MG..b.4.h..........4.....@.4......5?BDH@&..S.=.z.M.A.........z@4.H.&.'...(hji..L...4........4..=.M.j..?M.!...@.....di...Q.^..H=O......]..Y9).....QB.^Pu.{Qe............tc...........).A.=.d@.. @.!.M......b5.C. )..A.!....1..U:(..%.4.......T....{..... ...H.hB"V..........L.t w..b.wj....w.O.K.%-.........4..N..Ol..`a.a9)...4..@.Z$....QA@............S.....N....e...<.[:'9..-...c...e......Nn.).I..q..b..N.u...H.W]u.......~<nw.WyW\.\..:....V.&.z.`Q.xK`.]Z.=.UU.B.B.(..L.J...T.x..n....0@B.hCB..!....WO....H..8L-.k....<.A.C.,.........?...r'...F.i.T....jl...^[...""7..Cg.]P....3......3.r."....SIIr#L..q.....?.\.SO5...'......x3...N..rY.w..<j.'.B....!J......z}.-....u._..I.BNS.b.*.@.yAM/....S.....lr...Z..J.c.NLb+...J.'.e._w..}\|...2..!..w.irOH.G.L..............G..~..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyct\theyregonna.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10242
Entropy (8bit):	7.949653793990446
Encrypted:	false
SSDEEP:	192:aOe8LtnAzlzYRFBqm/E9E54VGR2+44/VU9Hd9YDCqYteT9YMxunbD0hwJTPa:jWzlMRSmX6VG4+4/7ODC5oTLxus+JTa
MD5:	17495101A6F1959B3EEBF1C7B4FCA1D9
SHA1:	BE8D595444DBC2745D417E6A59B7172477E69602
SHA-256:	85D752CC7FCE0C2266E65B792FF4BA7BA0520B0082B8D21BE2F6A00AC7E961EE
SHA-512:	4FB1229B39F78BB1E53D822DA2F915FC07895987CAFF462F1EEF47D084DEC981FFE24C9CC94ADC87BF2D36178F48A1BB216C16596A12C1D8E39F3684EB793253
Malicious:	false
Preview:	BZh91AY&SY..s..D..........................`5;....vm....s`}.].ooG.....N@.......^.u&..y..wf..^...8{......M...n.{.:N...x..X=OZW0.;..[z..w.A.w.R..z.......d....)z..{h6.....&..hA.Fjh..?T.2jz.H...4.@h..@4...h2 .....I.B$z..h4......@.........@.S.I.....................=.h..6....G.O.e.P.4...4h4h...........=. B..&.S..y@hz.....j....h4h...h...HR..T........................o....'.0........`%[H..syA..N.`@7....!.b...J.T$QBC....@P..m...(._.....i..e..@.m.M.....U.y.(.".".....B..E............E..$........]...T%BB..R..J..6.".).L@.'v.M0....`..:.l..R...%..=.T.I\|(.....d..\8.A...o.....O.b..E.... @.B.}....q.....![qYH..".! .......!.P...H......H./.-&.....8,.#c...T..s..p........X..........J....PP$O.T..R. ...hT..............K.....W..ok.wX:.. .K..&.@$..I.R..A.$CP]H.$...`vk....V.GO_X....B.......0T..T.:^..b.z.P..~...)...tP.!...C.....k...>@+..S....:cQAZ......@..._bs.bP.. .u..Z....C8 .u..!.....8..t..R..o.....9S.R.........Ei.5...'.n...H*..A....D....+t.L.....L.`~..Y.....0,MF.7....M6.".

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\donthurtme1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	41554
Entropy (8bit):	5.085243894316888
Encrypted:	false
SSDEEP:	768:jgc7s7yM76t3NJ/qLhhelxhRfLm4l61ABq7gQmL7aPCL6gk/bTmNDF:1MOtNJOhAnRTm4QiqMQmLh7uGNDF
MD5:	DD5E18E2AE0662B502DB3776A70A6327
SHA1:	2FB8EF970F2A7574BE14AFC634165C2B77DD17F0
SHA-256:	BAA3ED9F39F091A3B277E970B0A4D06C5F8D24913D8DF13309A6986F760E248C
SHA-512:	0209B8AE58A812217A78DF69E523DE18F4AA276E47517DE2B8098A986EE010D11CCA5ACF1A5CEA041C4301AE5F2CBEB1EE31A550A52007CE287716FFF104383F
Malicious:	false
Preview:	RIFFJ...WAVEfmt ........"V.."V......data&.....................................................................................................................................................................................~.........~~~~~~~~~~}}}~~~~...............................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...................................................................................................................................................................~~~~~~~~~~~~~}}}}}}}}}}}}}}}}~~~~~~~~~~~~~~~~~...........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\donthurtme1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13231
Entropy (8bit):	7.959673900629917
Encrypted:	false
SSDEEP:	384:lbGWe+ILJEs3AUzqO5WYshAEUO/h5/WntoWdo:1dILJP3LWAWMEl/PWtndo
MD5:	D70C82F48E136F703F1E603F5D948B79
SHA1:	E647101174618BAC33536ADBC5A88D8BAD291354
SHA-256:	5A6D1AD4E6A7E336371AB5B4B480AE2E382BB040FD7A4877B7D824460E32EBDF
SHA-512:	8A110D63CA5DDE40EB34B588C529BB84B54D992ACFFB944137E4BA214E7A15A779206EE4E9E99A8FD41CC12673A83EE954E990A621CC1B67FAC744B582B60AD5
Malicious:	false
Preview:	BZh91AY&SY...................................`F.<..QWlb...ZK.T[l..kB..w9.u...u.K`.MQ.iJ.m.6h3..Hr.QF....T........a).e....fu..5...f..0.cL..;...-.$;.uH.:.GG\....CF....6...j.R.....D@.M.M..CRz.LJi.z...i...F50..S..i..S..3F...4....4h..ODDB&.!...I.'....h..@.d.................IM$..G......P..........................I"!&i.OFSD..F.=..4........h...........h..FC@...4.i.h...21.2.....4.44.C&@..d.d..H..............h.............N...L..n.zy..c...[.......l...g(.]..J$r3l....iL.9.`...U..".....9...".b....}.h ..8+.1.j..!BS ......@.$..b..z.@.j..b..`..........&8.&..@.@.."........@.L(D....A(....)....D9..B.........qf.....J.'.jU.R....T....\|..G..W..<.8...,>...;}..;}..m......;...r.S.\|..Ch?[.8...A..(....[~a....A.I..Q.U...r....Q.Q.TD....(...}n.\|..p....>mUW...8...>g9.\O.v..%.0-..v..;=..}..=.n...z\|..<.....w............/...#......AD~]qQTU!..C.....n...T.J4.>.q.G.77~`......7...~.....`....."8.....{...........'{.0A.n.]..[~.6....Hh........)y.s..k'..y.?....}.....\|>X.S.<...AU.a."..<....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\donthurtme2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	37248
Entropy (8bit):	5.123298199750097
Encrypted:	false
SSDEEP:	768:96sqv1XDL+h9ghMh58WqUZ0hL0wyJUhTVZT/7UTp3Pc+cCTb2Ea:9cXmQhMh6WqUuLVU2VRAF3Pn7Tja
MD5:	786FA6BF1BDBA92B4EE8ADBBE0D01E63
SHA1:	955F833B9B23ED2DA3336E9288608FF303C57792
SHA-256:	7C68F1D7513915CA106D3B142B944DA8AAB5D9FC35F736A177FA706C88EB522A
SHA-512:	D5B0B077AD6BD79FF1DEBA31A4872BEEB99CC0741FAEB990A907E11CF88AAD3A1598083348E5F51FE7E4D31023DD76C8D2394EA73149161C1CF157A5E5E48F1E
Malicious:	false
Preview:	RIFFx...WAVEfmt ........"V.."V......dataS...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\donthurtme2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	12334
Entropy (8bit):	7.959848916009985
Encrypted:	false
SSDEEP:	384:nbhwfbDs6wz7a9uF/O3svJdDwCyS0BEPlAGD0g:nbhwfPs6wyQMcvICydB4AGD0g
MD5:	0810E299BE4514D2325F5307A6709897
SHA1:	CFA05C90864F5F7F4A1C11C6011A145CD6CEDC6A
SHA-256:	6C6B104335C8279F376BBB65428FB7F12805A6A4F026C072E918AE122C367DB0
SHA-512:	65617A927D6676B9AFD9561326CEB59B99192868E774DD407A70518D1CF93195A9F132B444366F92CFCE209D99BFB9865FC4C5899DBDDE28BE9D003F39C50B78
Malicious:	false
Preview:	BZh91AY&SY.My>............................ `=..(_;.i........}z.....on......n...;].w..Z......v.....^......:...m..tC.2{y..;../.w...{{....yw.s{..=....^...s5[oy..gow.=]..=N.;.:{....).......w.N]y...z{..Z......S...&A0..jz...j.&...jz.....A....14..Q...M=M.=.Th=@...@....ML.M.b.....A.A......1..@.......M.T&...a4d..c.0....0.4a.i2x...4hi........ 4.H. OM..5=O.A....4.......4........=..i.MM3@.=DC.!.6........h........OH..eO.i...jF.4...............4......U.D$.".M....o.\|..).E...A..c....S...t.......I.N...)....,.N.w..-..54..U....$...J.+%.;.6.-(+J...4.!f.....D.DT.~p.....+D..J..B..a%.Ec.8.+G..?L.._.T...?T.....51.]..-..A:.$.F.PX.#I^...@...UF.....>.b%..=.c..z.Bx'.,<...^.x[J.!/.....`.#W.B.--.(."".[.T.D@U2.\|..i.AV.)...i.I.....C...BYA...6..6A0.M..a..?..V.\.`. . .4Q..;...IKL'uQB~.u2.!.@....+;..MJ..P@.....wW.....P..C.=....9...@...t...@+....o....H.E,.U.A.]..Ku...0=C..S.m.:..=^_8?........r.......JY.J...-.Wj....g.......=....Z..t.t$I..b.......z\|~.....G1.......Z.H..)...%.KHu.e

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\dontkill.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	25510
Entropy (8bit):	5.984710299895277
Encrypted:	false
SSDEEP:	768:CKwKq8dGVWv98DDW+rucYgw+zhupWzf0i1abqT:CKlUVq92WyucDwUwdGabqT
MD5:	AC11F54B0066B66EB486BBC7546D14E6
SHA1:	2355ECB2AA46F3164F901731F3FCF05039FA8DAA
SHA-256:	86D0E43B1166A818733FDE869E1677285EF221D0953B50DD182B667E2200759E
SHA-512:	5CE4FBEA2159689D3A25334EEB38208F6D8A135D0CE5DE1C3BA18B7B7413A79755393E86749BBA86A1E13D48AE580E67E9D63A718A1AA0E7685AA13823751051
Malicious:	false
Preview:	RIFF.c..WAVEfmt ........"V.."V......datazc.....................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~...........................................................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|}}}}}}}~~~~~~.......................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\dontkill.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	12441
Entropy (8bit):	7.979213404356767
Encrypted:	false
SSDEEP:	384:xzrrP0IkhxVg3aA/DqAg+QL5OGAJWF1nTGwu8fJ9:5rrPG+aoIlL5XAJm1ru4
MD5:	80970A33C489BB312371F471507BADFB
SHA1:	77A41953389B427AD404C18329E23A1B2467F9C7
SHA-256:	4AA861E3997D6748C84037C1FAB8CBF8072B7B60BE8B446FF95FAC7FD91E0D57
SHA-512:	1CACD45EFF53BF63AF4FBCF579EE13C33EEC5573933E341817D307D6C2C2592445466462EF49285CDE4A9606993AB223989327286C2D524CDFC536FFF4004F13
Malicious:	false
Preview:	BZh91AY&SY..>...`..........................`6...{..{..v..k6....m.....&v..m.,.;.....pN.t.\uUs..Cg\..].u..N..g.,.EM.r..w.s.....&-.h...T.fY..M....f..6.u.kt.v:.....A.@...@...4.?S.M.fP.4hz.P..z.G.1......M@...{@@.&.$.!...D."=@4.........mM.d......E1.@......4...A....b.....M..........M1#S.=4...~E?...P..4..44............CM...@.F....4.d.....M..h..b.i.......bd..."!..4j` .OT.j.&MOP......4m'...CCF....@%%P[.@@.......P.2.7...`..X.,X@X`Z../6Ap._...!..r...$`.&...7..#.._...F.!...... ........Kc.....,.B..... .0.....`...l[.JB.P......h...#QjQ.......?...F?.......{..../y.{...=..0../rP0?x....Oxb`.....{W.}.pq..}o......<.......E3.@F$.H.....@t..".b}Zk.OPo}.}.[m.i.FV..Z..&...j.J...Z..2..r......C...fFY./.:..h(....^...M6.N..6......x.%....w2o..6....k.R...v..'.q. ..lW...2s....b0`.z...F.....i. zTbq.e...+:7.\|_vs.e.J..._...{..~..?._..;J..Kk.\|.. .....Q.>..a...M.....L_...+C%.o.....i.R.-\|f../..lV.....V8...A.+.x+...g...u.{#-.4.s.....AB.Z.W..........*g...t...-.....>8.F2...B....+.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\endpeace.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	37110
Entropy (8bit):	5.778859175838009
Encrypted:	false
SSDEEP:	768:+ZiL7o6Pkh7IBF1tJK66lEKubOZBwyEnqMkPkbxHnibAfyt4qlPT:+ZiL7EkR+2LryEnqMDbhni4yt/
MD5:	0A0B90593C9FFCBFA8493F4DDF01AFDB
SHA1:	70C0F13C71397FCCEC5362E784F17EE7E2196F1E
SHA-256:	8843291443A009DC0D229435C9F8E7D1F1FE862F87ECBE11DD909026041C5F00
SHA-512:	F543CC90A378833F84378AC4633938D0A589F92FC03815D456772EAAFD54D516FB93107E50C3A615BC975A9A85A82539395498A3114BCF48316A0684A6167BE4
Malicious:	false
Preview:	RIFF...WAVEfmt ........"V.."V......data...}{\|{{{{{{{{{{{{{\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|}}}}}}}}}}}}}\|\|}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~~~.........................................................~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~................................................................~~~~~~~~~~~~~~~~~~.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\endpeace.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	17754
Entropy (8bit):	7.978772870631198
Encrypted:	false
SSDEEP:	384:/j9Ljazu0NiwpEnp0KYu17EJoOzecfjSufJWL8eFQ9Gz:xLjaS0Niwp6p0KPC5PWglGz
MD5:	01DA0FBDA42EF62762E6D37B782E9DD8
SHA1:	EBF6C45DEEF9C37A69F834CC87B5E5BB89875AEE
SHA-256:	B99252D9E63C728716721164B14E1BBC59C4ECEDEEF3F8E8F2CC6878332D87C1
SHA-512:	91E73080874DC1FA618C0D78BC1C33703F10D3A1A8A83406612E67E25901D22AD2F5166F135D6544405B86F5F3B6111C2FFEC5B39382FD4991681B16AF342600
Malicious:	false
Preview:	BZh91AY&SY....4........................... ..`L...gT.....+..z.;....m..6.e.....{..y..k9..;q....s.^....Y..{..&....T.........w....K[<..^..n../...{..s.....#......RVq8.-.r...r.K....k..M..-.nY..8{.;.[........=....mm..^...GZ...y....@..&4.4.&...z..22..H................ .. .. .5=#..O.).COH.C&......d.h...x..F.....j..!.OI.LT..SG..2244.@.....d.......i...F....O.."dz.....Q.j.Ty..=.....0A.02i. a.F.....4`....F..R.........h....4.M.......P.............b...#'...M4..i.......h...@..........PP..)....u.5hP.. ."1FR.."@.... .G./.......$[..,R....u.Q.0."L1.F...Z...0.~... I......`@.......!...c.pqA.........~.?.......... ..%!......(.D4.L..M45.v..&...A.s!..N`..1..e./Zg..=s..:......6(....>.a.....)............Y.;."=..G....:.;;:....:zx.'........../d.`/f../d0!.=....{)^..b."Y...fB...fq......5.....!H.....!xP..G.c.......s......:._`....Q...S....N.v ..i.....]......2....:gL.FV!.V...H.r.e.Km....O.......&...Z..............sZ/MT.M...l........8.!.VVde..x....Z;.h.......K...._...lt...o..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\nevernegotiate.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10000
Entropy (8bit):	7.963246219418739
Encrypted:	false
SSDEEP:	192:Rt4fNhCRYmkPO0XJ7s1ATm4bQKhhvvkzW/6HHo0tS2FpLM52xY6tKxeJk:iNhCRYmkJbi4bfk6/So0hVMcxY6tpJk
MD5:	AB00912F8B61F2E743EF875F865DF9F7
SHA1:	4634F6D4D50657C7728E2592D4B03F6D9E82B6F1
SHA-256:	6FD4CB9BB19433EBF80325AFBC768AD78ADCD80D3FD0F024805846C528C3FF31
SHA-512:	8EF760DF19F02B43D7112AF3087AA3B45234DD328282569F44CA258652F3419B2463DB0382C4267ED2341F7C0DD4AA030D1047BB8036E875C3F4B9A06BFD3A62
Malicious:	false
Preview:	BZh91AY&SY}..{...........J.................`5.;.X......j..m..J........t.n...c.....W0.NN..v].q.g].X..,e.....\0..j.MUj..njV..hn]..q..6.k...4.d.v.j.:).)\..V.p.2 @ .bjaM.d.=S....h...h....A....).I.(.J.F..Pj~...@.b.z.'..)...@..........h....<...1?SSCL...................).B...J?mOQ.......j...........L!..M.!.....&.4h..0...#.F.a.bh.A.M0..).D....!.&.oU.4...b2d..d.L.0..H..........C.....IQ].m......m%]....;\|CtN.......)pLU....\.Z\|..N.$H.(H.\|.L. .@.6......@...3/91qDU..Q....f".@((...P..@D..>...\EE.W....t.JH.(.1Y. Q>{....@E.\U..MDPUqq..../.U.]..`...P..X../..>..ty.a.UNRR..Re..1.y.....n;.m......x.k`.....-..* .TA.a...PlY"..*..UaaU...D#...A....X`a.\..".,][B0%...R.DE.T.`pY(L...b.h.$.nvF.=..~Z\......q\|H.^.^QK.3...T.b.".+K..XQ...0..E'..........{{..;{...}.gg.....n.GWS..A...,>._..Eg..(.........K...~...^.....r.<....\.......G.. ..I..%./.P....s..;....~.f..?8.o.......I.o...-....W...Y.....c.y.z8x.m.,q8..[.-.-.w.~...<..d..2...h&f..!E..b....u....\H..{).).p.4A..Z...aiI..].J.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\nottellanything.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	32398
Entropy (8bit):	5.212964398901702
Encrypted:	false
SSDEEP:	768:p++AzIjL36JLYO31Nlbxg5jomdtQbGdatBk6w1bxC:p++AI6JEIbuhomdtiiati6cC
MD5:	7E92228DB11CC3CEA0612098C8FCB49E
SHA1:	AEF14847242A5BCA9D5CD01AB38591EAD3707829
SHA-256:	29845AEDBD95283E3C8EA7F02564AF753D8A665700697ADE5F0E2F38EE7722C1
SHA-512:	DFA86A642A74D56498FDE5E06D1856D6F8C7DCD54361C983958C4320062ECE06A10DBDBECA5DCA4777A01953171CFACB9737B16541EC811015E8DFE25E77650D
Malicious:	false
Preview:	RIFF.~..WAVEfmt ........"V.."V......datab~..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~}}}}}}~~~}}}}}}~~~~~~~~~~~~~~......~.............................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\nottellanything.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10666
Entropy (8bit):	7.95530987656455
Encrypted:	false
SSDEEP:	192:n2OjIILmuVAdRyZyMuvRvBEk7NcP3+GP5WX7EfLA1OtvAJspW4n:n2BEhMvtbEkc+GP5WXOA1OKJspbn
MD5:	CD45DA39406A78938B79D9B7F82AB24F
SHA1:	1BB93F30F35694AFD67CC247ECB3B9D3FB21A65D
SHA-256:	8BA0DB7790DE84C5A54FE28046750384E49623A2E7638CF999A1E5B9F6B854D2
SHA-512:	3BCCF696AEB376FC482E87B3130A4BA9EF8163EFD80E18E6B0F46051F3B64E9A0D2119C5D3905B3CD1176DF798FA3A9ED8AB1EF4595F161D61219B567F154A57
Malicious:	false
Preview:	BZh91AY&SY.ul$..P...........................p`5{..C....UUuJ..k...sM..;.4....@(2.=.[;...3..v.]......q;....v.-.k{....c"..{..vk...[. ....=...7....z..6.En.wZ........"&.......2.e12mL.zF.44i..<..i....z...CSA.F...@h.4.5<"""1.Sj..0.?T......@4..............S.Cjh.d..........=M.i..i.........2.O.$B.G...=Tz&.=....@..................I$.%<'.$.M=@.............4........3H..Q.j..=5?T..!..~.(..@.....h2...44.M4....f.....!.....".......T......`9B...0.H-.B.. ..q..+a..#.bg.}h..v!..c....q.S...".4DD.r..1.@.^TN...0.!...;...p..TpQ....9........E.\Ts.}..I...D...U.j8.g.k.V.j........(}..a}.}.._u#.t..nWi.~.."./..D]..'.~M....[_-..a.Mziz+...)h........!...V.-......5h.@!.....@.kV.0H.ib...kv..AB.+..5z..h....V...G......n.WXk...^.s..7...[mm.1m..6.+..1.....8.=."....).7.H{.._~...."2.y....D.O....M........h.N....8&...nqPTo.7._f.)On......7?S.........FY..lKd.$......B..bL.,."..._.j..7...... ......0...]..i4.I.....8$@.X.$...e..E4......HcK.E:{.O83...v..A..+...l95.4N..[.......G.h....g5yY.......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\surrender.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	16828
Entropy (8bit):	7.971262987731201
Encrypted:	false
SSDEEP:	384:Ljd7h3bS2DkurNDU7Q/PztsBjBnDHD0za3rs8BHq434y1zdk:LpFLS2DkurNnztsBjFTD33ru434kG
MD5:	44795E8F46D173BFE889E2DBD974E207
SHA1:	11A6DB61F75D3DFB4F38F5AC0B663A0A12DA1446
SHA-256:	447A96EED1D4321B1D2EBD3C48AF96BEBDD3936ACD5C7DB0B6BE137587D6AC8E
SHA-512:	41A7008E466EFB5FFB79BD8DDDF6430DF46EE8A254E62A953AF96E76D4CB519EAD18EC02682C571A5E3BB4E12340E468E91615E0FD3F23891A51428E698A2CBD
Malicious:	false
Preview:	BZh91AY&SYM=....o.............................`M.\|.}...y....e4d...J..JQE.(P.PH9.........e...-J)P.....F.t..&..`i9...f.26.E.:..AU.Q...5..Q...PS3(...,L... .....@.Hm....(..J.UT.._.OB....dhFA.&j.T.).<..4d..3P~..6.A.C .@..FG...hi.A..........@.&.1..z..S...jh....h....h.............B(.22...@...........C.....mG....P............B...!O.. ..4......hh.........OT%.........P.........CC@..........h...4........h.LM2........i.......@...4@,.. ..6hJ..((..AW]Z..+...].....Y..ul..b...PPL.t...e.@..HA..<...T.....P..&....@....{L.HT. ..Z(......@..2.H!...:D ...!8u..........t..7c..&_"O.;z).P .. .d'..U.....I...3.A(....X\|...XK....p.w+oB6..\...R..2..z.A.tT...?...... .@...T... .K...C...F..a...`IB....a......}..z...zv.)....^..)MJ.6..R....)X..B.}qW.. K...:9..=..;.....z{}...2.<r.a.(1..H...p..)$......b{....&..z.W...!.'..K........>.t.........B..../i..RR....`..N..\..tej 5..>..7X. ..Sw..CZ+.<vo?...-=..n.Z.5p..A.[.;.\....bv.._.r..:JM.R.b.R.\...g..z@.T.0.N...1.l..!5.poS...sUD@..APDL.6.n.N"s.(.KY.&O,}.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\whatdoyou.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	26966
Entropy (8bit):	6.059486597369524
Encrypted:	false
SSDEEP:	768:yxExDrtuGTTgXb3YJgSuyYSLmX6/zQQKRKx8a0eSTDbC8icpHjW:vxDrtuGTTgXb3cPCKUHI0dv1pHS
MD5:	9245D741D3229842364646400C868748
SHA1:	77970E74569BC834B4459AC2AE2A5094BE34FC19
SHA-256:	2FAAE4D871A14C3CB3D93A886FB80E46E8A05F1AD8713BDDDAF9AA36FDCF16CC
SHA-512:	B723103B1C5A7AA84098B354F0D26AC534F6476C3CD4A1DA3709FFAEE7A1E88D5935E6545B293CA401EFD805E8CFDA10260FAB6BFA5B56F937BC4C8C03076D7E
Malicious:	false
Preview:	RIFFNi..WAVEfmt ........"V.."V......data)i..~}~}}}}}}}}}~~~~~~~~~~~~~}~~~~~~~~~~~~~..~~........~~~...........~~...........................................................~~~....................................................................................................................................~........~~}}}}}~~....~}}}}}}}}}}}}}}}}}}}}}}}~~....~~}}}}}}}~.....~~~~~~~...~~~~~..~................~~......................~...............................................................................................................................................................................................................................................................~}}~.........~~}}~......~}}}\|\|\|\|}}~~~~}}}\|{zz{{\|}}}}}}\|{{{\|}}}~~}\|zzzzyzz\|}}}}}}\|{zzzzz{{}}..~}\|{{zzzz{\|}}}}}}}}}}}\|}}}}\|\|\|\|\|\|\|\|{zzzz{{\|\|\|}\|\|\|{{{{\|\|\|\|\|{{z{{{{{{\|{{{{zzzzzzzzzyyzzzyyyzzzz{{{{{{{zzzzyyz{{\|\|\|\|\|\|{zyyz{\|{\|\|}}\|{zzzzyxxyz{{\|\|\|\|{zzzzz{\|\|\|\|{\|\|{\|\|\|\|\|\|\|\|\|\|\|\|\|\|}~~}}\|}~~~~.......~~............~~..............

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\whatdoyou.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11491
Entropy (8bit):	7.946357031051727
Encrypted:	false
SSDEEP:	192:s2fTOS3w7jwE0jHGeOAmjg2uZP+9DDgp0LGQHjquyZVSBZe+YF242ikXB+EifTYY:svS3w7mHG9j6g9HhAJZVSBZ9DMEifTYY
MD5:	057A88CE06B9E5A1FDA417BB7FB6FA8F
SHA1:	D7AE6BE2C381DEC6B92E82C8EBA528CB9650AC75
SHA-256:	422F3B24A6510F2C870595E6405D4052FDE16EB740AEEDF19040BE5CB90FE570
SHA-512:	1370B8798BFBECE9C67B4F923B70873CB7FEC96ECED88B52CBD60369522D041D2AB8DF6EC83642E88356E0D740CF88827CB98E558C9E6A61060B5B3D223D2516
Malicious:	false
Preview:	BZh91AY&SY......G....J.P6?...................`:..`..:...W.V.ie6...kF...@......MU.+..;....[.=j.`....Z2..@R..QR.M....Z...{....{w....`..cwwl...e....V.mh.....L..............m42Cj6....fS&.FF.....jx$.&...2F...h..................z%4......A...4..h..@......h.....A.~.SRS!.<MF..bb..M0.......0......&..z"".i3...F..h4..................JdIP2A.L .F....U..h...#A..`.h.2......d..F..` ..nUJ.O3;?D.X.S..kk...DV-Z,.y".x..fk...k..P.....V....l......hk..@......J[.m....P$..^j.!.P..C..i...jHI(......H....$..uhA@...-.z..b'...^...N..f)Ez.y...p.\]..............a.t..A#. (.H..G.}.E.+.AzM.{.0Uh..r.W..w,.Uq9....K%.k....D.y(.G.H..$....7...5J....@.1@...@.Q0...h).n..I"..X.Ib."....f\|.\|../.[.C.=.....u.z..A.......bI..7>..d9.=.:.Om..I.......b7.rH+c....O.~.>...1.......\....[.(...7.q._....;.q.......<.Q..57.../;.......P.^...H.}.R>....~..]...>.....Z.~.\|..\|....8Xj.p....w.sG.G.*..{./..i..;..R......T3..Y.......PA<+....V...X\|K.6."...(.`i'<...i..8...=....t..O.z.[..U5.AT.x......K.}...Tx..Y.G.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\whyareyou.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	39718
Entropy (8bit):	5.821074890022536
Encrypted:	false
SSDEEP:	768:A9bt8q8GwwMzhJoirSPzBo1c16Lpq2ec6TiuOCjNQAzSn:A9btf2ldJJrUo1c8p3ejOwQAzSn
MD5:	AFEAAC89EBED6E940CD5DA25F336C1A6
SHA1:	71751FF816DBE9E4648C00658391A48505AEB14C
SHA-256:	4AF1B2C32C46D7219224DCE5BC3682EFEAECC349DEE2D44CBBC5C085D22322A2
SHA-512:	C34B87D95036F2D8957DB01FE69C073C3E5E9B7DD4995E918A2AD9CA398C45C2895E437E9850B1C7FAD318A0839DF43E30844BDE7FA670CCFB1A07B64D7194F6
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data.....~~~~~~~~~.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}\|}}}}}}}}}}}~~~~~~~~~~~~~~~~~~~~~~..........................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseenbyt\whyareyou.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	14634
Entropy (8bit):	7.965704085561872
Encrypted:	false
SSDEEP:	384:rj8OuxAKXNrrC0QkRLTuL3pIKYbY1gtuUzRgDXMI9gquvAQS:DuqoNa2sIK9QBmDV9gquvAQS
MD5:	354E2CF4849D4AFC43ED839FF8641C6D
SHA1:	227F1300558062BC3F72E789B273880F034C8415
SHA-256:	857F17A7ADCD56933D0A5B9B848940DC8258083B91887C1BCBBB6208C83BB0CE
SHA-512:	F2BAF83601C1950E4F81D78C87AD83BC6A0643CF3AEE0280B27D05A75C30AB22E7E94E87D540873D4123CB35AEAB684398AAE7A0861D29DF3FDEEAAD1058CE1C
Malicious:	false
Preview:	BZh91AY&SY...2.............................`.. `F{..txc..G....G.....F.......{..A{:..OZ..\u......Wz..M....Gt!{...k.....O{.....n...;w3L........N...a.n.Hzhh.....A@...T...........Z.jz......M&......R..S.P.G..F....4.@4........='..mOd.F..........jl.5'.3.2bi...4...4.....h.......jh.SB0F.&...i.Lm2Bi.M...i..4..h.1..F....jd.=4M...L.z"D.M.2..Tx....................P..@.=@..j......5=M..=G...OM#C..M6..........z..4h.......D".%'.~..=....<ToI..............d.......F..x..j.. E=?..%D.....\J....@"/....3X...ZW...>$..\|Wi..u.P.T...I......1W..H.T..c....AT..%.5.....@..A'.K...Bi.....B..Up...J\|.S.n.WJU...u/K.FM4&1...,s....@..)4..@..l....Y...b......$..'..l...X2.E........`.....@...`:0.:.R..f ..QQ;@A.C..A@$.1.P.D1.P*.......a...n.i8.......y...........".....oS.......A.....G8..A.=.v..>...{..w}.o........u.....Y".j..ZZ.L...<.a..8.../w........\].Z.B...Q.r.A..A!...^..k.\|...BBRB.$.H)K.....d.'?8.n..........H.$0 &...`P8`...t......J^F..Q`L.B./%.>......R...K.IY\.~...1q\|...........JH.......>...RFh

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseezone\almostouttahere.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10770
Entropy (8bit):	7.97021749383338
Encrypted:	false
SSDEEP:	192:kEX9FqO7zqcgpOaOX049gkBW+qzi7YGkCxICWsvVV9Lpr4s4ejUbv:k4fqKdX06WMieICWsvV3G6uv
MD5:	0D5DF7D158DA69765E6223F03E007247
SHA1:	18C04D3509357A23060F84DDBB571562938479BA
SHA-256:	FE9AEA4260835B71AEBCD7B4D50097B1E123896FC676B9A1711DA17A71E990C1
SHA-512:	2F7FFA3D98E8CEA347BE5027FCF9D347F4803F158578121CDD7D53DE4B5324C900AA66971956D12B39F3268AE5ED1F18AFDBB8D2B4ED955BB8D9234817823C22
Malicious:	false
Preview:	BZh91AY&SY_L.b...............Q.............`5.\|...>7.....m..Yg[.mn..L.Vt.i..`......3..z..v..8.W.^....4.5.j..{.S5..a......5......M[4.a\.nY]..9...k..vi.l.m..=.OB.....4L.I.6.JzmG..)...P....z....zS.~..H....$....M4(oHL...G.=FM.M..@4.F.hd4...0...2a....`.a..`L........LM0 j~I......a.....P.............OH.....~..O.S.{A..)...........@..h.......x.h...........CL.......{}.. .=]N....A...j;..t.$....;.....j..Q.nE.\|....i..AiV......4...[...L(...$.EPDF.i.O.......-...h.T....QVJ". .T..(....:.U...,....d.b\|..` ....k....i.....No..x....F>8."O.>(EF.V...b....4.+J....X..i.....M..<C.t.ip6...2R..`<.= g.l....~......y..D.-V.E)...<..>\|AQT..E..../......,E...+.`$.&..2,........W".!.(W...jY.R.&.d ..H.gjU..M..V...V.El..D...Z..E.\TP.....E..Ar.v.MM.N....u..Z.N..V]J5...+1&q...y...y#m..-..WjA.Pg...A.......Y.%d.....GF.I..a...X...+)2.%.w.........*...%72E.&...d`.I....l.w.O...p.}...aax..%z.?..5.....U.#.k...7...W.d.7..U..... ..fO.;.x...9..&k_.O..D....>.u......U..>.......T..B...#.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseezone\almostthere.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9416
Entropy (8bit):	7.9618209905213195
Encrypted:	false
SSDEEP:	192:VnYSXNgNEbNAulwojpNJEw+wJLzIw1wsrSLtGpznXxUxaIzHtak:tXNg2bSuWoBVJLzoQZOxamHtak
MD5:	011291ECDC5C7842476679619282D081
SHA1:	2B967A32ACF86E6AED9F0F24B2F20078EA31E50C
SHA-256:	B90CC99E640B9CDF9AD84F1A7D094A53AAF53B343D605170270EDA07C44609DE
SHA-512:	0C735BCEEF31B36C4814662DD0711B934F60D2F3E4743918FC6CBAC3AE33EF0EF3F6491152F8A3196F751FED3101A8F617288FE78E9195F1AD031E7ECA1BF594
Malicious:	false
Preview:	BZh91AY&SY...G.............................`3.w..a@..U.v..n..n..{^.y.s...V....O`..^a.k.=..z=]...w...{......U....w.]..k..g.....z.-..^.S...d.s.Z...`/n.....k...vY.R.........P.'..~..FOS@..SF&...A..za@.4.$."F..4...h...C.....F..!.......Q"..jz...SC@.@..@.....@....OD.&..bzTf.z.@.@4.@........A..`.&......`.........OI...d.B.4..h..@......4......7.".;>w...S.}.....>./.>....)...y.&,. Ij>_.[L.h....Y6.....8...qW...+......#Q.QUik..hC,.p.".8+..).)!.U........@.44..""....R. +E....r(..J"."..#J....3...DT.J.e...4."~...L.w...H......"`...?.....#...~O.\|.....z..oTw..;\|..q.;{...Q'.4..............EQ...pqDQq..+3.U.D.. ."f8...!.. .....qI..0Ap...`I).v.p.=...!...$......_....+..S...yU..y..3Q..DG.T.\|.*"(.......K...2`. (..QQAE............=....y{<.\|'...j...q.#S..E.\|...".8+.p.DG..EEp..^^F...I.^....E...H...t.....M(..i./.+..=<.<.KO ,yaDPTB.... q...^\..O....j..o< ..C....0.E...}..U..6.@eo...m.6.a..9.\X.>!...Z [.jv..f...bo..<qRfp....fT.....gV..`%6.2.l.a.JA..X..H..Y.GI5......-.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseezone\keepgoing.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11479
Entropy (8bit):	7.967729454935919
Encrypted:	false
SSDEEP:	192:ZEKZIigCEu8CVJ6r1OKbTQ9y4pqmKjjxs0EXaYddodkHiqWYBbxTChAMNPmMBW:SKZRE6VJqZ+BKxEXaAdobGlCWMNPdE
MD5:	DC63B258DF72DA87694DF7A0666BDB19
SHA1:	63DDD6B59DB0E8ED7E409BFF21851C15BD7207D7
SHA-256:	6D55503925F251A1DAFCBAFD3DB074D7C331C469CEF0A517AEE8BCA56ACF54B3
SHA-512:	C0CF812EFE65F0888E1A389B423B7A6B83B9D6980F64BC080D6A7F94A03CA0386E728D9076FD43255674EDF2A7C1972158A9E2A472653F990F62F9A8C9827600
Malicious:	false
Preview:	BZh91AY&SYF............ ..# ..............`;;.H.R.W......[.Et.....s.p].N&.N.9o;:m.`9g!......u..{=.].:d..t.ME.ZG@n.m...Z.GZ)z{....a.kn..QW gm....j.c...s.u/q.{Gf..m.....o_.O@.Hd.F..1G.SS#.z.24....Hi.....D"..4.4.i...@...@............6P.j......di............hJzz..Q....P.oT........d4h.OH...B..%..Jh?%...........)........7.g...h.&&.. 20L.M1..4.Xo..@....S...5[..p.$...$..b.].wY......&6~."..Q...L...j..b.qcT...\.F..U.AUTV... ....E.U.i.iE)\.K.E].v..4.4....SK!.DRH.4..r.{.(.[..._.T...\|......]jH...Y.....0.x x)a)4..;..9.gz..<.hP.D....$.db.8.G.#...%..r...a,c.#..o.4....>B.#T.+..AQ~R....E.J..&@.......J.+i.[a...W.~X.\..A.F..I{F...u.\....J.. Ak=E}h.>.QMP....pF.IyJ4...z.....M....X.D.....jH&(.e.wB...b.a.A..,......".Oc...U.....o_.........g1..:...n.A. ...........K.Q.I..n..r....;..j./..I$... <...........H .I.2dBK(A.s..oD7w.i.j..7..z6...\..h.a-.......i.5.....f..GV....vz.....Q^j9..[.q.l......)..L.5.q2.T...8..?.U..B.y)i.C._F.&.I+......c.s......t)..,.....&...w.....Bbl\|~.r..8.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseezone\notfar.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	34402
Entropy (8bit):	3.4598533866586014
Encrypted:	false
SSDEEP:	768:wfCfo9G3WigKvz1qUbGfXDzo8/cR5xxapc4tDcqFJl8xa1YaDcnuJ91f:YxKvhqDQR5xxocafFJlLY5u1
MD5:	323F5BA13726EE4D3939A1F5F0F69C94
SHA1:	FB347942788AF5B1D8E4CB53B2D64B4D76F9A298
SHA-256:	B11F01937BC40441E3ED8012F0403CCB5023527FB8E08536A8B0A65143644AB1
SHA-512:	44E6FF82AE843814567D6E3356E4973C81E6555F0B0DC78A4A91F5CBAE063C12295A798A6D974582587B9908DFD4D5B1D6EBBE3027B681A8783846B7CCD67FB6
Malicious:	false
Preview:	RIFFZ...WAVEfmt ........"V.."V......data5...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hseezone\notfar.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9425
Entropy (8bit):	7.960119973054226
Encrypted:	false
SSDEEP:	192:StrLu7lXoSfXiU3FarxLNEgtTu1f0OLtUt0b1TEHR7tglXtkslgR6HQ8o2:Sc7lX/XH3lauKytUt0buRhcXmCgaQf2
MD5:	4BE5846A027B354E1F74960D43DA52F4
SHA1:	34F4E6115334F74C5C65AABC65714306DF7DD858
SHA-256:	12945403795889E8C1A61F0F24EA65D090EC8073471BB0974AD80CA3269C5623
SHA-512:	6CBFE3EB05A5DA0836465D8B8DDBE2629471FCA15813E9C1090DA798924D9E2E575A58DA4404E0866C817F6CCDD63C7157751714B95AC06C6416CFA84A0DBE3B
Malicious:	false
Preview:	BZh91AY&SY~.H...+......_.>.............. ........`2n.....=..m.Y..{..I...{w.z..q..<m..u;8......{...c.I..^..v..o0..5ol.tv...{...f].....m..+..k.{....c..6.....7v....S....y..{...@&.4..<j..6..C.LF..zC5.z.....hO.2.i<....O..B'..Q............4..............&......L.0..`..5?$....<..M"i.@.4.4............$.T..S.M...S.6.#!..&..2.2.@0 ..14..h.OE.5...H..... h.z.@i...da. .M....S.. ..Me..t}.1...>a..{M...... ...Z.8.3h@X.X.4....o.....LP\1.....hLE.G1.#w3...L.U....U...Q5.....(..L...T.k...N, 8. (V..d....(....E.@.HLS..v.+.....q.Zp$.......U.E....\|fF-.H.z......F.....@...\.<Y?'J...r...J .."...@..........#....7.1.TDDW.1....QqoI.. ..d`...I..Rs...'...8.p.V...(.F.A...P.qs1T...q1.{.8".)....OF"..H$....i.9-.N.]Q..H .....D\1..n{.Pq....\....{w...g..0E....s.<h#..r..<:.t:q81LZ..d..oA.#..\|W...FmE2.G....f..H.... ......Zd.J.,......~<(.yaDq..$.@...8&....A#.$...../....b..[.a9......~.??..=.g.~H.>.,%.:.../..T........S....5...s.%.10....A.z...F.%W....R.\|.t.=...A......4..*aD!(.;.5.<..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hsmoke\cough1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13339
Entropy (8bit):	7.970711009244858
Encrypted:	false
SSDEEP:	192:cOGsLqxEJBBgWNgJDAwG8xQmrUtGFYaYhekfmduSdM0JpBek6FkCTxKoV3i1SXyD:/G6DHBMDhG8xZrKG+e+EexhVDHhk6+t
MD5:	D41C86FBCA68CA1C8A335F22E3F1A3ED
SHA1:	69CFC44659E76BE4012F85CC6487976511FB663F
SHA-256:	7D61F7509B0F657C70D2EEB10DBC7A369CDF6DB872C714CD194E302E7A1FA864
SHA-512:	9A674AE530FE23A0CC6DE4882897E47A388997E519754961980CA8ADD58A546B15EFFB17FE26421BDC0707929EBBC47D5AF4A234076D108492B9A0C34C4362DA
Malicious:	false
Preview:	BZh91AY&SYO.L7..C..............................`=......p...U.YI.....c]-.Yd5..1Ah.P.....wtU......m.....P%N.a.@.`..[......t...B..sw`..2IM.;...V[.D..m..m..R....O............L...53Q.CF..i.jh...h14.Q.14. .F@4=C!.....44.."...P#L..3I.l..S4 2.G...........................F...F...4...4.h...2....@.h.bh2.4.............).ySi.OI..@.P.4..z.................ES.@............................i.M.&x).bb54..#CBz...4.... ...`..&.....d..M4...&...0.`@.Q....R.3A6W8P...t...BD....b....~....0..Z......6...X... @...!!.P......&&...$.....B.M.h......!.@...B. ..x............/kL.....H)_..k[.@......4..e[m6...ck.!..cJ_.j.`!(.".d..^3.9.&.G.....w._w../[mz..=.$..I`.'.......b....A@....{....H..".BH./b........@.PPL....@.G.....^.....@. =.#....x.y...y...........u. .....CX..$......(.. .........B.V.5.=.s...P..t..w...Gu........@....... Mw(...]...e...t...s]WJ]T.AGS.X...G\.AT AA.".!!...S].].........P...P.!.Wa........Z....w...#...HAN.....T.PQR.@k.n..@q....E!.R..\|.7\.W.N.......]@@..]:....y.r.@..CI>9G..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hsmoke\cough2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	16441
Entropy (8bit):	7.970020926633344
Encrypted:	false
SSDEEP:	384:9vCCAVtDiLQ2uMoF6n90bh6cU35yQ8Su4syRBpTL2s4lZMxQ6eV+VsiRp:FCCzUNME6mtQIHSnfTLjYuxOcVXX
MD5:	1C01853448EED0ED06B336549801E516
SHA1:	30EA8B1C09D7A905F1F2A9B781F92B9C1D3A9179
SHA-256:	F94D584265026710E9C89222194334B9B1B18B853DAA32A282695E8E23310B58
SHA-512:	C9C8F61C48FEADE8156CAAB28053B419A27A31D04E6F467423F803DCEADB29829CDDEFBF1209E48A76A0AB973808B74DBF1122DA5E72F3BE52B659239EA9C877
Malicious:	false
Preview:	BZh91AY&SY(........................................`K~........UU+..lVZ.Xd..r...;.)Sr..E.TH..w!!A.....p.!.t@......4...Q.0.w..gMA.m.4...k.BU...........(Rwc..........u...rk-j..km..J....)..#@....L...53U=0..x..ML..M1M.Q.L.#jOj.d..)..h.z.. .z....F...P.~@B.C@F.....Q..S.M.....I.f...4......h...........C@4..d.h... ...... .4.44...d..@..4..4...B!....S....H43Ph..=@..@h.....................=@..............................z"$#H.4.~.z.1..e...M2h=&........i6..S.=M..........2..>. ...`"...ti.".C(D.a.$H.....C. .&....Z......h...`......@...R>."Q}..E ..I.!.i...+E...E.$..$ (B..P.,.P...S..E.......QE. H. .[HE...V0...B.&!..."...H@.!...... .- B.......#.%....0... @P.u..T.4..C.M6./...\|.../................^"..@...A.........BcR.J..pE.AB....I.....10..'H...)...@...... L.". ..@.Si....P...`.b.IC..S....z?...o.xw.Q..S...K.(.R..xD$$.(.H....^...(@. @.R.P.B..A+......A@...Gz.A.e.j.7.]Wg^...S.@!....SK.(B. H.`..t.!.P.H@.@EP.R).N.PR.hA....G4.....4..$!T.............@.R..K.....\.\|. \.AH*..MW4...!.. .@...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hsmoke\cough3.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13613
Entropy (8bit):	7.976039363248444
Encrypted:	false
SSDEEP:	384:XFawqkK2NQ5ha5/GTgyCwuG6qbRtbCfI1THtvIgvyt:XF1L1NwhmkuGPbegh9Ig6t
MD5:	F7B9B152CF7858199F0E550A97907949
SHA1:	67005DDDF53FE975458B087EF4B06C15B01BF0E9
SHA-256:	C46E5BD607570A3AD7143817399F982E5F5838F551AC2534AE8A73F6AF6702F3
SHA-512:	E2AF95EDE585964F2D404AB02EEC0835329AEE2BC0B874E20651F69D501FDFA8E388FD0A007421988D4FBB1A1B6E4A11F79AA71C7062F4BE0C183894202ACEF2
Malicious:	false
Preview:	BZh91AY&SY...E..D................................`=..>......U....f.M2.FXYj.YJL.AS,...@......X.(5..@:.5.2.i..4`.Z..l..@(#F...5..d0...-SP.j.m.M.4.%P@(w.S....ML.F)..z@.=@i..1.M2.....44h..h.F...C!.d....~. .A.M..J~&....4.........................d.2dh..........i........@.........4...SB..M4..0..0.4...0.1.FF#..zC...2hh..2`F.A....FCL...T.M@...m..4..4....@......&..............h.@.0....).4...A..F........@.!.Dz............(...".a..f@..8T..@.....B....*.._....)..B...q..P.~.X.(..E...e%..R@.(.B..Q.C.....(.B..... @..m!.b?.YT..).!.@...A....L. .T.....E.F....bh..(.?}g......?g..ej....0.<y4.A..YY...,"..P... q.b.....r...@\|..hH).............. .....(...B(@....$..Lh./.........V.gM5....,S...W...z......]$.PN%.....U.W^....."."(".....]/X..DE.b./....~>)E..CK.P......E.. ........ix..O.......qv..;...(......S]...]. ]......H.I.PE .Ru..9PB..4.C...t.$....)..AHC.......8`'.O....u.@....8..)k.n.4.PS....BC..........>t..H... M....b.....K.;..U..-..V.......b.;....(3N.;W....Q.tQ...k4..R...cS1..,..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hsmoke\cough4.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10167
Entropy (8bit):	7.964870349318215
Encrypted:	false
SSDEEP:	192:Wea0nx4TwZ5Ekc5u5nxZ0V34rIf7q2nHA/v0sm5pnq57H0YNAL5/313J26b5vGeP:WeahwMkc8+mrjCnq57HpGxP2svfP
MD5:	1BD3885E40646A73C3ED4312F7057832
SHA1:	C5B5A7D49E3FBAD5E01C86366E139C7DACE53C6F
SHA-256:	31CEFDCA87077DD90B4F8873B8C624C14334E768BFBE4E02AC9D11B19891F2D6
SHA-512:	C2D7DCA02E3B179275E6B37F5919A78F3B66E50F98A39AA83D85BFD4067DC09D680D912BF988754D3C4F475B3BBB516A05F4AC082E7ACF3357372FE017BB72FB
Malicious:	false
Preview:	BZh91AY&SYp..1...............................p.....`-=...0...6.f..`.i,....,........V........3C..Z#X(.i..X.kP,..&..i%P...x...#@..24.OF...F.4...j2.......O(.j=&.=G.='.H..4...P=OP...@h......B..d.Se.....4.z.2.................@.!...@.F.......h...@...........F..4..2...I.........h........14..........d....hd..4....&.4b.......@..#A. b4....4.......A.h.4"d.`..m5..dh.4..@....4..FM6.........!81`>\|`...)U...T.U.2.F.@......! D.."....<`N.....B..& ..!..+..i2...E.]....3.....n2.. ...AH@...X...E...).E..i........_v$....`....}....V,.....o...........5.^...='..^..B=-9.!..E...$... E!:.. AA@..P.E ...!.."...m...i...O<......z......^.......`.).$..."x.."..B..(;..B(.P. ..5.~<.tL.U.K.@E>...$.... @.] ..:..^A...o^\|.......@!J.".....q!......s~..\.2..B.... ....ED.P..P.>.7..g.R.5... t.!#.v.h6.....MP...3.I:Y..Dj<..k"..-Z..ZYU.B...z.:.!......JJt.R .....u..&.. BLHuN.....i...*..ddVdN...m..."...8...............p./......\|...U._.=.c..........y.I...xc.n.b....b.......]...O....../......c]../.H..........K

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hsmoke\cough5.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	12362
Entropy (8bit):	7.967840734903405
Encrypted:	false
SSDEEP:	384:AalvKkpi754eKXVjEFhtB1XyoCqvk89Rb8UBzo5:AaMkezOMrB1JCqvB4wo5
MD5:	09A4DCAB747D921113A57E8921083114
SHA1:	4BEC69BD611BB87D7139B6FAE7BDFC103BBB79B3
SHA-256:	838C0D960B52675EE1E8300926F3DD4F3800B9221A7716868424B6D90DD3F3F4
SHA-512:	6D8C266392B2DD5D487E0B768A59774E8A81C7F6EB1949DCB88B23B71B0311A26EB8D77648394321538AB9486C664DEAAFF12034D232C5345842C961515F6AEC
Malicious:	false
Preview:	BZh91AY&SY..E...n............................y.....`9.........)[b.]..I5.5......n.........$.].p..r].Ju..LA....h&.....n..R.%J..SH6.j..:[m.7a.d.a@..m..(..EO....F....mOD.......0.<...Hz...I..O)...Sjz.....4.yC h....PmM......MOP...............@........... ..4h..4i...@...@.....!...4....&. .@...........6....)..d4.....4h.L..................E4.........@........................D.&..<.=G.i..7.C@h... ....z.........@..........4.p$..X.2s..#.N.@......P. .q. .&.D...V..}.%....E."....(. @..AA@..E H...Q.......U.0b...@... @.".....`..[t....PW.MF......KH(.@".2....m.,...~.._.....Q.?d~..>..~...^.TO.E.....`PU(.....14 (.A@...J....QBB(..R....0.......B... ..J.P~.O...}.=......W.h@. ^.`R. )...w.&...........E...MR...t...\.N.}-!.@. ..K..(......@@....G._..p.9B..j....1..@...U.W$b').......R..`.P.V....kV..m..J......Emi.O`7[k+dSU......g:.X.z.!..(u.+.......b.".......W(.S.".........J.*.M6..._GiZB.m.v.K..@...4.M..:H..".)1.&P.v1M....A.W.....I..D>..LMD..S..S..V.f./....\|..`/.9.Zh..}.............a

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hsmoke\cough6.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7121
Entropy (8bit):	7.947105272622121
Encrypted:	false
SSDEEP:	192:n1KJXSgzgrGT7gkygQ6grWPrf2nYQGqBKoeKIexQ1ZBeh:AJXSgIGT7gkygQ6grWPbpQGJ2IdnBeh
MD5:	C74FE7A464FB9790BC1791A88727C8D1
SHA1:	73C945925859756CCF65445F79B195762DB0EE86
SHA-256:	D6C735259EF9058F31F9EF1B3E06E2ABDC7B20AF6F49D12E47ED05526482B519
SHA-512:	DEF48F275BDB25A6909BB52145763691C471CD700C9B1EE417BA80DCDC50E23D8FAE6607004DFB7236599FCCE14CF39F09E5B988297830B9C4FC00AB932AE6B2
Malicious:	false
Preview:	BZh91AY&SY."....[......^.W.o.................6.@...`...=....@...!2.j-5:.BN..4..XQ;h.3[...H.....H......(...L.L..Bi.LA6.mM=M......2i.h..z..!.z..@..4...i...6.....4&HL...h...4...P..@d...F.&....2h.....:m@...i.i...M.....M..4.4`&..2.2.F.....h.h.....?.4 ...<S!..H.14................................2.0...2. ......@....4.....2dh...=!..('...O%?Tm...LA.1.hd4.....4..=M..@..@...@..9..y..@m.K.=..g?f}.e).V.4..g..a...P+U..[.@....... P!.H. .....D..?r..+...d...7...C.p.t\.9#.K !tT ..L........CJ.....Q.O.....nJ..8.8...>.#.\|6..l.kF....{&.%.Z..".{S... ..J..3Mo.....%..!.wv...;mL\S.5.{p......X....4\.2.V.......'A .D6..4..........}..Z...9..l.$./D...E.2d.f...8....H.._...D..F...!..gqH.weJ..(Y..i.M..w..f..}\k.z{.5...R......z.....^n.;...6..m&...>.o.........v.<u....]......h.J.n.I.M....Zd:.6x..N^*d...F.( 4..K.k^...c...V.4loH.XC(.........{M..u.>....+..4.sF..n.f.@!;.)_...VR..FZ^./.]...j[\|..$tYF&....e.}...I../rN.......Gj...e....V....pf.o..h...P..a;.d..#.);..o..4...{...^7r..O...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\htwin\doomed.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	38554
Entropy (8bit):	5.577729233290839
Encrypted:	false
SSDEEP:	768:cz1EE33d/9IBYscHBlMc563Xx7N6lCT1hIcBiDtsKMKxFm:c33J+OTHBlT6Hx70YIcEDtsdKxE
MD5:	71277D0C58FA0A3394BBB579F7E515DA
SHA1:	0A86AF5F1F228F115E7C53996B5A19B46368EBFC
SHA-256:	7D9E0685A45E2406B8204F3468178708E835895620A5BF57D2F7D7FCE47E7A60
SHA-512:	685B580F4282A082EB61CAD956ACBE44FF2931B3F09AD9CFE39C5CC94367592A352CCCAC407D28BB2351F7A503F2A79AF7DA28FDBAF4AB7F236E104ECCC1424A
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......datan....}~}}}}}}}}}}}}}~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~~~~~~~~..~~~~~~~~~~~~....................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.....................................................................................................~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|}}}}}}}}\|}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~~~~~~~~~~~..~~.....~~~~~~~~~~~~~~~}}}}}}}}}}}}}}}}}\|\|\|\|\|\|\|}}}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~~~~~~~~~~~~~...........................................................................................................~.~~~.~~~~~~~~~~~~}}}}~~~~~~~~~~~}}}}}}}}}}~~~~~~~~~~~~~~..........................~~~~~~~~~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\htwin\doomed.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10723
Entropy (8bit):	7.955174965429465
Encrypted:	false
SSDEEP:	192:Qp8feeZTDaG5uVE1inRQJrbHP8bqn1QyL5m1FHUA9G1xil24oGmmJh6:Lp0WKRQP171m1FHxl24HJY
MD5:	8D029DA87E3E9FC857C4326FC965A168
SHA1:	3A3B80C80316B577A24B8445ED8B1F8E23126E92
SHA-256:	78101E10FCE88E75062955E416C4D458C805168211B95A5DE519794B2C2A49F9
SHA-512:	E279F2D872ED9200150E0E37781C698BE95430CFFA2E3970399054971984550BB5F36A12C0C2CE5DEDCBBEDC2E276EBA42247D1EC60AC9AE76E7E3BCE7826182
Malicious:	false
Preview:	BZh91AY&SYD..................................`8...........9v.......f5N..Z.d..]7ZQ'..J...[w{.yc...{.xF..kx/q..a....x..\f{......Y'..ve........@R....@...j.m.V2......@...&..LLL%<d.jh........h.....4i..yOS...M..i.$.2..@.i.h........@....@...@......D..MO$FM.SF..4..........4......4..).D.&.&....mF@.g.............2...F......=P..h24...L...h..i....24...2.!.C@4..4.@.h...J..h2....dhl.M.Pz@......................%..V.~g.9.E.OI....WU...u..,.Gc.vi.Cn.,.mr=..;...w0"5=.dE{.....n.QF!+...E.Q...=..D.TUQ.w...,...A...C..p.UXH..L...>..~...[...;.....tQEB..{..b.!%...7yTyv<.......p...%.... .g0../..WsO.o.Q.E..Z\.%...'....O.........+'.K......T...(.Oxi.TQ..@E.!.Q.qc.y.1TTp~.4......(8.}.AG.~i.BA>xp.../..PC..(x....g.>o....G...#.}.{..cs....r8...n..e...Q.(+....%b.....A.Q1.(.bV,.)%).."+%........Vqr.91.xN.'..f.............f....3....EHL)A....Fc.G6....H.....`aa.uXo:....R~.....0...../.K..d/.QQ..b..P......+..g.....W%.u]')......!\..<.....yA....'....99B.}..q.8.p....I. ..K..P....G..S

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\htwin\godno.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13223
Entropy (8bit):	7.947980387798233
Encrypted:	false
SSDEEP:	384:YLFyKX7NMJXm+lKBMpu55Ddqn3SOz49z7DFo758xIA:wFys7NQXmepu5hQn9zgMGv
MD5:	89A66C193FE65C2C33FB9ECDD555DB15
SHA1:	3E7F02949F3D1255AA235EEA68F67084050532B6
SHA-256:	FD0BBEDFF797E036E7DE80A3575363F911908A418766CB2CE27059EB378C6B78
SHA-512:	44BCD5DA48705FD8238F3FCCF7ADF1C7ABF4EE064584EB756AD6739F2AC9173A9C32267B49E781692E505ED93225F56C7F343728B9F4BE0EFE26A6A6F8A1887A
Malicious:	false
Preview:	BZh91AY&SY:.j)..d............................}...`F.=P(.z...4{i[e)Km.)...wv.vkw&.].kv.v.v9:.u..]......{...u...y...G.F+...u;j.qa.zt.x..I....1..{....].........Fd..-......m..:6......M...u..im..@..S...4.....1...<&..!.2...@.=.O@..M4.CG...@h4...h...M.ODI..z.o.<&.'.~M)..M.......................4.R....SS....P.'....6).4.`.h.......F.. ..2h.4.&.4.hhi. .F %=.H....L. j..MOP4.4....4.h.....a...h.....`.h.........2....FM..d........i.4...C!.@.......L...BT.......=H..~.............h....M4..........x.NH......9..s<..s..s..:..3..e.GJf.5...u..e.`b}P.U:.B.`....(...N"(.1...K28+...."...C.v0QQ`Wcd, ....I.q..sr.+.....g...".h..D...;X...#...E.;s.`.....ES9..(...wT.B..(.Ft....S..)..J.......}0.;..#..T.....-....Rf...\|.hp..I.4.....1p....t..\QVw....%5%u..0Ut ."..p..S..... ..u.V.Dbe..+u...Y].ETWp......R.DK....a.7B..-...]$&.Je.`R.....D.birY-..mv....;,,...0l&.D[8..A.....#].X.-.EdL....iH&Z.m.hN..[d.-...IWY.^.W..e.l..z..+.]ed..&.\.J......G.n..$....h....G.K....0.nw...~...w....gn..v7....w..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\htwin\nowwhat.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	42496
Entropy (8bit):	5.922179102417951
Encrypted:	false
SSDEEP:	768:qz6uyM0oYcZ3Sp/vKM1q4eoTmwcBuCMhjsbiejTJ7y9krNoo0Msn4FdCFjl6hiRv:quuyM0ISp5GUcBASHNoo0Msn4jskgv
MD5:	0ADCE9B04976564A1977E8B873AECA7A
SHA1:	50F34A125F37D01F17F19E3396D804599B10F4AC
SHA-256:	957496CF703F704AF6ECF38C51DCAA9093EEFE78F0EDB023FADE73A9092AB6F2
SHA-512:	4952408A4D540F952A8F5E1E73FEC42560BCF8BFD29FC1043722711FCF83D57B2CADCCA21E2A8EA5A405EA16DA35AD087A981979A5BC56890DBC57A99FAFF28D
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data...........................................................................................................................................................................................................................................~~~~~~~}}}}}}}}}}}}\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|}}}}}}}}}}}}}}}}}~~~~~~........................................................................................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~......................................~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}\|}}}}}}}}}}}}}}}}}}~~~~~~~~~~~~}}~}~~~~~~~~~}}}}}}}}}}}~~~}~~~~~~~~~~~~~..............................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\htwin\nowwhat.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13235
Entropy (8bit):	7.952970482422754
Encrypted:	false
SSDEEP:	192:2G9uvMaI7S8vgV6EApzo0Woyc3xEzBdqdklzwG60+EZNeNS7xvXrwr/Os:2Zi7lvgV6E+kpe3id5zwB0+EONS7ef
MD5:	7EEB248B42405FEA70D5BC251A796ABB
SHA1:	6CA73F346F0481344B990F00BAB8A13AD96A8CC6
SHA-256:	FEDF3BCBFC4FD768BBC1D8FF91F687CDBB04D012A87B7C111D876E21DD220834
SHA-512:	16B05AE439D6ABFF6B0EE12FD6780ECD864A09A93C99858874122DDACD30F64946A7E3014B5901EC6D1301CB4728B0695340AF97CFEF4BB4BCBE9E0E1B1B055C
Malicious:	false
Preview:	BZh91AY&SY.Z....................................@`H........@.........t..wkj:v.d.H......:t.w7..u..l..-n..Gl......eh..n....6.......5.s.ig\...hs...s9.v5.-4PP..skM.kEk.R.5@[.v.h..+w6....kl..F..h.LH .@..10D.z.............CF#&FM....P....@..&.ODI...<4.4..e..h..........@....@.....4.(I.....7............h............J$...).!P.=M?T.b...2h....F.....@....P..4......4......F..C@.CC...d4h..0A.d.......0F....T)Td...7....jbx...{TS..g.&4.S...M.4..I...S4...0..@.....F&..\|W.7......E...:...M..K.....:.>....0..X..gV[.:.S.Ru.z.^.,.N.5.LJ..t..RY.......=..PP.K(..^.,1`.....,...X.wcv.(....b.E.1Uc....".U.TV.7.....dE......L...Q..EQLV."#....T;...Z..EQC{.-.E.wU.....IaU.E...x!.........A.o.AO..R..D.'../.x...@y...'...............6.no......w4.=9.......T...4....Q....X..D......r.F".1F^."......,.h....4/Z..U.....SJ..X".-*.".R.U/.R^T)K.K..o/)...CF.wkv.R..R.[.x....^.......fP.....i....9..e..j..P\..`..&.UR`X..hL....X.....C..".9.a.E.....0\.$X[....L.p.\.[..i[f..sT..lp.6..a.p~.7.s?.Ga....u.:.{..9\

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\htwin\ohman.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	38114
Entropy (8bit):	6.049615762093741
Encrypted:	false
SSDEEP:	768:J3DNkwUFVMv8e20fCtbm7o6AYvcnvG/taVXEJ3Hha57n63IMJf:JzfU5x0atbC3v4mmXEJRa5+dN
MD5:	6661ACAF55E8388161A3E361049E88BD
SHA1:	9BB4FDE0799F5DF45E198E4BBDA7C932E4E30B5A
SHA-256:	672372A8B2A4BE920353583D750C69942D5852460BFAB848C1343C3311A2D126
SHA-512:	9115F81D3864B5FF627F1889C9052607759085576B2C5315B1CDA3091909EC1080BFD9A362342E382B1099535DB6DFBDB9AE415758090880BAFE787FC7D0ECDC
Malicious:	false
Preview:	RIFF...WAVEfmt ........"V.."V......data.......................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~...................................................................................................................................................................................................................................................................................................................................~}}}}}}\|}}}}}}}\|\|\|\|\|\|}}}}}}}~~}}}}\|{zzzyzzzzz{\|}}}~~}}}}}}}\|\|\|{{\|\|\|\|{zzzzzzzzzzzzzz{{\|\|\|\|\|\|\|\|\|\|{zzyxxxxxyzzz\|}}~..................~~~~~........................................................~}}}}}}}}}}~......................~~}}}}}}}~~...........~~~~~}}~~~~~~~~~}}}}}}}}~...............................................................................................~~~}}}}}}}}}}}}}}}}}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\htwin\ohman.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13708
Entropy (8bit):	7.969908063227523
Encrypted:	false
SSDEEP:	384:MyYbnJ1c/HE5chtBH8keHIYZi9QDwyCQIQ:MyWn7cfE5cbBc5HIUUytIQ
MD5:	73853FB0AAFF974F8DBC5568DE413402
SHA1:	6E75EF2F224124303300937254B57BBBD6EDB8D5
SHA-256:	DFD628E92ADB8369FEBF3254B775B8A7780D79EA48CE3EE2F6864E12D61B3F97
SHA-512:	1B3E13981D8A7482D0B275B6052AA67BCB6F139A10FB4822A49EDC239DB20608B0ECC03B20D3CF14CA23AE484422533E2C93214CC431CCE35E1B3DD7E3A6AD95
Malicious:	false
Preview:	BZh91AY&SY;V...........w.......................`.`F..@......T.m.J+6([-..h..5..j.F.Z.k..te...v.t.Z+.....m[...n.q..Z=.u..{g..h..9=..&6..S.-.3..g]u.l-...rm.v..6,.M......U.].....+a.h.wpS.i.f.l[h.)UUP.>..D@...b..&.d.z..S..S.=@...@7.6.Ti.&.6..I...T<..jjy&.F..C&...P...jh4.$."L1.JmL.T.OH....F.da...@.. .&&M.L....2`..d.4.4.4.L!.@.yH.'.....O.d.d..........2.A....4h4. 1..&#F..4..%=.I.....6.).ziG......@............................4.2h...h..2..d44...4....d.h..... %=P......zS.U1...'.I.........h.4.C ..........WxCHH....>#.3\nj\q...z..B...r3..yh..zq.'3W5...>u.3....(..GE...?..C.D..E.A..t.B...GN.R..PQ.P...g.\..E.~...E.\I&.~...\T'+..EJ...m..TA`.B&.("".y..D.DPYv4AS.....vlv.1tZ ....."z=.U .-!H.3...j(..s..;.}.}...:o...c......s7cQq...lli.n.[it.E.WE..j..a..\.;...V.!;......R..R.0....HL...E$.U.....a.b.N.A"...%..I2...u..d....n].ew=1...2.d..d.NY,2..l..Q..(.,....B.e..."..B...,#dD.XX...2,.Q'.,...vR'c<B.l,....7..vc......._+%,......]ra.......k.].RA\5.r.c,.s..B..n........N^N<...9.$

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\htwin\ohno.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	41010
Entropy (8bit):	5.669926087409168
Encrypted:	false
SSDEEP:	768:98gy0i2zAZ7bLNvy1OP0SOykQQnhe2eluj:9pyn/90wbDkQQnh0uj
MD5:	AB858062D564E1A07A432264E1FC2C2B
SHA1:	284BE38C6E53233C31057F513EA2D7D09A56D136
SHA-256:	3258DC4B274D9D44822905B3E7D519F0262202670ABFEF2C296FF257C93C58E2
SHA-512:	E60161F1254453D4D3E17EBCEC890D619EA77A163C6A6E4D712A92448552A4B1B8D8E831D23407031892C0C6CDEBC0DC7677BEE91B771FDE3E5115C57624BBB1
Malicious:	false
Preview:	RIFF*...WAVEfmt ........"V.."V......data....}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~~~~~~~~~~~~~}}}}}}}}}}}~~~~~~~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~...................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~...............................................................................~~~~~~~~~~~~~...............................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...........................................................................................................................................................................................................................................~~~~~~~~~~~~.................................................................................~~~~~~}}}}}}}}}}}}}}~~~~~...............................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\htwin\ohno.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	12139
Entropy (8bit):	7.954106463946848
Encrypted:	false
SSDEEP:	192:UJUkCB9U98qh3qbuvtLxZqXLhFHL/nETGufHmaRKDCJevfxo:URg3qh34uvtKHHTRuvmaojne
MD5:	E08196202D791BCF66DC9981664CA5A5
SHA1:	A9F2148DDF7BEDDAD8C9C4A1A5B840DF3FDE3E5E
SHA-256:	E5FFC56E704C59F4C7E7B297A89DDD96D393893B6D0FE7BC57F22F90B96926A2
SHA-512:	E60469FDAAE2268A8EC07139DEFC5E78574345853A8E9A5CA97C91D69256D27B2789B80E90E3D2770075F6EDBDDC16A1D884B874DBC5493368FD9BCD33E5D09F
Malicious:	false
Preview:	BZh91AY&SY.>d...T............................l.`>?x..Pj....=e.]U[k..m]..W6m....[..V.l..n;..s=<....v.;...9..=...q...x..mp.7=n....=.....{g.\..u...4.m.oM...f3/wN.w.M....E....vI.kv.Z...S..... .hM2i.Jbi.d..4.@.4...h.i..z56..bh...# .44.F.. i..4)5=.5<..........d.....................E.I.x.~jd..OI...=O.2h........4...........)..6F..#Rz.(...P....T.......h...............2d.&@...h.@..........h..... 4.4b....4...).R......f&.J{R~Ty..4. .@.....@.....i....2......o+Je.HK....R..n{..z..-...Q...~.O.....!...3...O...Q.}.QTO..R..~..m.E?Xj./.u..."..5.OT2.~..".....~..LE.A...?c.)...b..C.+....i28.2..D.U.O..(...........4......U_..."......Z.es...4........ZI.y..\|.<.-...=..t.eA..g.z....q.[].....1V+.v.....v..h...I...$""\|y."..4....eQG.U..51.Q..(.(..S..q..Xk.."".uPT....U.&....].)2x.$;P*.lF.D......zwn.....a.........^.K.Yv{.+..iW.}.....L.Q..qq.C.E.\T.D.....\S=...nh.d...Z.!%d..E.."...........?p..K........_`>.=.D.f..".=..{.....=..8..c..0.!.'.._aQ=....^'..z.../g../...{......L..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hunuse\comeback.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8856
Entropy (8bit):	7.948565829248993
Encrypted:	false
SSDEEP:	192:YzQVDkpxvDe26Z+l1/DRpi+COXxdqco3uuF/ViXWvo7WiRQO:qQVDm02QeZRpi+Ce86y/ViXdvRQO
MD5:	4B5FE2EB845E8BEAC0910E788CE916F2
SHA1:	6E47D9D467FD9311FBDA7B29D2F8865F5F2C2570
SHA-256:	7C5CD31AFE92E082B98412A98C33AEAA1DA4AE42421F88DA8ED655E36473F355
SHA-512:	A6E5A1A93A49268678FB1AB77530443A4D2E5A3440AE2ED78178DCF794F129D4850821367D42D1B5211C4C26636050219836E1F5AC0BAA0727B30158350BD227
Malicious:	false
Preview:	BZh91AY&SY>x.I..I...............o............`/.>J.+k4..y...-f.vB.....U.h .k..Ji.....r."...z....w..[]:.:^.u.(.......w:.Q..9.4n.....&.....7jA..!4..&.&..OQ..&M......#@d........CH.4=A..."&...1......b.d................i............F..F....'..J4.&@...................HQ2.i..L....F....................MFS.......4h.L.z@......d....4...}....^.@..z.z.yV.k.....M)..+.,Z...B.-.......JU..\^.X...6...(G.DD.Q.D.LT..g_....B..Q...."-R.B.R..bg.4...D.iBRR-G#..`..)..;....W...Q.JZ..B%.iZUEE.?.....(L.;..H.....F.....;\|'...[...K..8?..\.p..o.&C.ZV.ZEE..y&....i..D.AE.Q..ME.i...!f"...5.hF..#.<.Q.n...q-.6m.)k.-.`.A.l.3E"..%>....QQ.V...E.b.......M.AAE.......Di.......Fc9f......DPU.........3.)...z.....x>.........Wt.Z(...v....w..Mz.N.]J...P...!i.Fx......+.U....`7.v.w....' Ug6.)........E`.5.......C...YI....uI.)AV..0.$#..-;V.....",.U.:...l.0r....$F.5.%-.$....@..}....E...%.i..7..D$. @....B..A.<.:.v..'....:7&U..ww.....mz.>sA..f....M..\|#.EJv.{~&..&.W..].J.P......Z.R<V.,..n'.0is........[...+a..Q.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hunuse\dontleaveme.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	25456
Entropy (8bit):	4.481558748417133
Encrypted:	false
SSDEEP:	384:RWFcMGQIkTKj1v7aDNgBjun1bnVMvxXwDs80FSkI5Mb1OkT/QJ+J7d7DxxR:4FlvmVwU0bnOvxgS86b1Ok79d5
MD5:	6553ACAF4B3685FB6F575E74F4AD2DD8
SHA1:	8F8CD4A593D25A621209111D34E1A564B042B029
SHA-256:	17FEF7904FACD3D1541E0056A1668E25DE71BBE6EB70825B191F82C2FFB7F474
SHA-512:	A336A5B2087E5C870DC90E402DDAC046A5FD9B4F1C2C3CC9B01F0794EA43310835F22CCC36AB4C62A1015CD01353834EC5A479EA8FF8561CB48510E034A2135F
Malicious:	false
Preview:	RIFFhc..WAVEfmt ........"V.."V......dataDc...................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~}~~~~~~~}}~~~~~~~}~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}}}}}}}}}}}}}~~~~~~~~~~~~~~~~~~~.............................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~......................................................................................................................~~~~~~~~~~~~~~~~~.................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}~}}}}}}}}}}}~~}}~}}~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~~~~~~~~~~~..........................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hunuse\dontleaveme.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7141
Entropy (8bit):	7.948443632705612
Encrypted:	false
SSDEEP:	96:VsftDkLCOG/uO5vYNRqA8WM2Ncd1L8e9zRQXcV75SwN2sG11rfDsNdkT9UhWcevh:wtqS2O5vTA02NcX1Bgs2x11QmpYwHh
MD5:	3ADC13D18C5AB4FB16CA131CBF0187EF
SHA1:	D00923BEB5E4793F6126EA32AA268D7D705B7881
SHA-256:	6FE712D7B45635ADE552A3147DE3AF90E5444B4F7AEB8D1ECE9050EBDF69E61C
SHA-512:	5D3FB900A8E4EC2F48A0F6562A5639D93B54EAEFED5863C90543B15BBAA37028CACAB9724928380D3050F54CC4AAE4B65A38E9BB4F76C76A891392C4D179FCF6
Malicious:	false
Preview:	BZh91AY&SYG.....e.......m.~7.../........'.B..o.....UB.+WV..l.f..k...].u..\...u..U.wxw...:.6..3..N...kov.u:.v....m5.]....vt....V.Z..4.A1M..$~JM.6...h. .4....j=M1.4h=Q...0I&.....4..h4.CC@......A..h.......................B!...Sji.yG........=C@........4.(DDD.'...4hh............OD.$.M......S{U.........h.F.h..h......8$.......u.l.._s....".UJ'V..q.o..1PT.......Y...AQrUS.1.~R........E\....I...}(.,b..+.FW.'.....P..s..."..\|..RFB..RC7S.q...x............v ..~1&%..H....I.r.%!.A...?.._.{.......z....=...}.zz&..q..E....A1f.......Tqr.b.+.k...Y.B.+.zi.....Y..9g...M.>..>......E../..$....F..Vv..S.h.).......i.R....:`.y...a..O..m.kd.]t....n.-$..Qr.B-Am...H..j.!.%...,....W.lv....c.M....a.QZ....i.kVXW...kJR.........X...<.p.r.w...u..Z)7=..0..=...<...9. 8qhb.9..~bm....b.=.t..@.#..!........`.(eFd......7/...t...?H~.*.h......_......`..).t-......>..c..j....>..1..D.....Bv....c.8..K.4...H..:...f.ML..mpL....j...PB.0A.:.c. .l.+.jd.u].l.^[J..;2g....ss.;x.JQ?.aF.HH..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hunuse\illstayhere.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	6579
Entropy (8bit):	7.944606598800435
Encrypted:	false
SSDEEP:	192:oQrdCumU2Sx+H/twdjvvqsAnWCvhRP1SRh:tZCufEHXWCvhR4b
MD5:	ECD30C359C473611B0AF0D5DA6A2DAFF
SHA1:	24D320B8779E43B73D775043C655CC1E26B67DA0
SHA-256:	57F6B572404424DA3929FCF72D0B2D0EAF8639B84BF3EA5FB715975B00F98EA2
SHA-512:	FF422B1E8F537FEF80936BBCE34090AE4D7AA314F65B058C2DE62040F4C84D07F8339ADF639368DC34C6E3836329CC7CC992F8583CB224681AAE95F3903F1C9D
Malicious:	false
Preview:	BZh91AY&SY..t.............A#...g.......... ..`#.x....u...j.cc1c,-Y.0..B..@....S,.m.ek....j..K.7w.lb.Y....]..... ..j.CSj...OP.6S.@.hhz...h..h4.D.!.4.M...M!..@.........(SQ.z..............%=.I&.SF.Q4h...4.....Q...p...4444......hh.....S.jHi.A.......@.A.F.h4z...F.[..P@..g3.N.....(...a..4s...PU.."..2+...x... .#.....E..E.q.E.pU.].D....".&8"y.......3~....1E.0S.dTQ.ED\\F.W.$..T....G.As.3.A.z....#.....a11F.5..>n\|......>o_C..........Y....z.".".& .U."(....H....j...bb.........*..Tq.G.+..HP__...............E.pW.=.UPQTD.~....8..D.....1ppqW....A.....{..N....e......w+.w(.(......qA{.P..c\|...3.....G.....PU\...a..O...]v...R..(Q...J.....B..R.(.h....lU+@.5.5.o....F..t..6.ZbM-.cY....Y....J\....[.ci?:....C......6..'.....I$.A$.(.%.uh.T.....k.....)...G/.......q.O.HR.=...-....>/.9>.4.\vFA...G.....}......n$yg(l9-.n...`.L......M..0.:i..[.M.....9.ze}.....a.1+).RR.og%..hI...\|..nbv..Hh.9Y.x.5..Q.".;..r3..I{....}.W..\|W_.<...P.ED.H...A$BwBT'.p.s.8Cm........`...@XT......d.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hunuse\notleaveme.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	28514
Entropy (8bit):	4.4661241849299005
Encrypted:	false
SSDEEP:	768:VttxupQf/Ld/hGiOa/0sborRbWCTZQSiDit7+mHkpvoNn/qfu1mN1wxTFEi+:ztZLzTb0rdWCCg+mEpin+CTKv
MD5:	89DB332F1B153FC4F1E3F23AE54F0507
SHA1:	527621EAA905CC04D26124011B4607D0C42C82E8
SHA-256:	9ACD7418E7C839AB2D6116187FF75628025C883D4822950B78332AB858D790F0
SHA-512:	225D74BAF59EC2D47859DF5849B28965850D1FA4B29CEB98DE382ECF100B91B042A1CB93FA2FBC307C7A64996765107E0DF065222BE0CE08AB551D11BAC565E2
Malicious:	false
Preview:	RIFFZo..WAVEfmt ........"V.."V......data5o......................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~~~}}}~~~~~~}}}}}~~~~~~}}}~~~......~~....................................................................................~~}}}}}\|{{zzzzyxwwwwwwwwvuuuuuvwwwwwxyzz{\|\|\|}}....................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hunuse\notleaveme.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7982
Entropy (8bit):	7.9540610524144
Encrypted:	false
SSDEEP:	192:AOM5/a/g9OtoUieNeRfd3RsPlfe97vb0DrlSkYTXntHHsRP:OZaNtoFekFPsPle5bgkZXntHM9
MD5:	ACE6D340D5F37EEEC9CF06BF0CE4F5F9
SHA1:	8CE6B906A2DC9973A33238E2CE79D649FFBCBDC7
SHA-256:	33409AAAAB808344F2DB0919E590BEE77638429B549363AED35ECCFC3A176488
SHA-512:	456719EDE6F5E847B7AB4FCDD6F7684CC599906ED7994EA54AC3CD94AB45CD5EA48BEC3695A731367390A033501253F91E011FC06FC94CD8FE9528C14B504474
Malicious:	false
Preview:	BZh91AY&SY.&..........}.B..$..........`/.<.M......2m...X[[Ema.e.e..F.)J.FZv..W...sv......1kYSnuS7Q.....S..G.......Gf6..\..8..GJ.T....u.2xi..DaF...Oe=6.=A.......4.=OL4.%.i.P.J.hy!...4... .4...h..y$...h...................H.Q.S...M54.J...a..b..0.#L&.`......hhhi.......... ....5)&.?j...z..&....... h.. ..;g.=../.;N.O.u=......uT..l.&...E.....VM?...>6....Aqsh(........D\\S.q.QDFj..."..b."..-.....4.(-..4..#..p...%#J ..."..+...."....J.IH.R.O./.X.\r$\qQ.T81Qo.QQTAAAT.iIK...?eU...4^..F/...z.>...)g...}1+.....O...p........a.08D...T.~...QS...$p...."M\p.pU..DV'.h8.8........LI ......._....W1.......qE.\~..@9C.....c.Y..$>.z......:@#......:z.B.\|.9.y...E..PZ.N.E..V.........*.4.4.F.E.Q.D....h....Q^acMm..m..3....?.....58.G..50.5..W\.ik[F.DTiu.+B...M".R.kZ...3..N........i.t.*.1J...&4PQGC.(.itCD.7..!.V...i..g...V`I..9....R.62.{6pxZr..g.m...YY.....6x<.B......J..(m...&......3Q....7.q.N.aq.!..9aP..C.>.[....qt0..^X../..X.k?.M.y.<.O,...".<..A.}...H.!.g....O.a6G.9..Z.?....g.t...=

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hunuse\yeahillstay.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	37066
Entropy (8bit):	3.8547799105880447
Encrypted:	false
SSDEEP:	768:PC+06Nve/JdLJr5oCZuZ4HUulScnB0lI7+WUh/ktsQcWnyfRhZ:PC+06Rk5oCZum0ul3UIKhctsQraz
MD5:	2F1DB1F19D69342198DD7499C503BC11
SHA1:	ECB9CA6D3A528E3E17D8B29CD921002B78D3138C
SHA-256:	23AFDE53EEECBA0C7424234B626144D9FFB275405CC2BEEE6C03B53870A7516A
SHA-512:	F1D7396C04DB250035DF859CFA86A22C8A25ED169295D82075E49E41DF2C939FE72CE1DDEBE30A3FB666AA9F427D94F09FEAB210606D36D59AC7D1548E4E952E
Malicious:	false
Preview:	RIFF...WAVEfmt ........"V.."V......data.....................................................................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~....................................................................................................................................................................~~~.~~~~~~~~....~..............................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hunuse\yeahillstay.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10556
Entropy (8bit):	7.964202518142401
Encrypted:	false
SSDEEP:	192:NwS9RdVJvEAKiIsqVmDR73ihGdArgNdH1grZEdmdrZCpjTBEFR2d:NwSZvO8ShGdAr41QEArZWjT+X2d
MD5:	ED1CC45B00782B8C945F599F8C50EAE4
SHA1:	0E9A007FB51AAED6FEAD261B4D8797CB812224D9
SHA-256:	546F3AB1F93A2BD40D9D345AFA5B775DE696A889FA35C877EAAB2FFF76DC1534
SHA-512:	FE7B99BD0466EEE8FC3B648CE76EC8EF8FFDD3EEDFF221BB4CFDBECED568FE435FE034B91E919C6964B51D74F0B37FA6E5B8E3C9CE9C47FE4E7D643CEC3EE59B
Malicious:	false
Preview:	BZh91AY&SYYa.............~s../......Y..@.....`7{.m..s.km{..m.w......qv..n...^[.c.......ul^k.{lg...DM{h...x.z...i...#....J..i...q.\=s.._s.3e.;......l.-...V..^6..{...{.3;g.N..k........6[..Z.\|5<......A..i....S@.)..h.2..=&............).h444..........4.....OD.z..<).e?).zCM.4....i..=.5..G.i...i.h....$DD..~..M@.z#A....Ph.......@..S.$Rh.5.....A................HBM=&.J~....L........4.M0@......5...L.L...l..y.3Z.8....6]!...4.Us.\|.:....q.Qq[ ..ERa..LQEU.A.._.}&.....U.2...EV.DAZkY?...2.....U..u.....x.QL..`...w...".=$\...Q..;.X.V..j...j....xpi..gM.sWX.2Yf.R...;+..h...aV...iQ<...48.....q..A.\pqZ.....Ui...r.D...hYX.#.............s....=.G....Gl.Q...."..+Mv.F..DhU{.......;..x..z.^.\|.<0.Z.x'Z.......C.-Q).x."..-xas...t./Ki:U..7.:.CP..........'..Qk.`(.K....l..1p.HL%...8....w.....o....R.p........Xy$...L...Tr..8q..Y.9ZV...Lr.1 .#}.NHD6.H.1,/WM...XH.....yW1Bf..I.D/'@e.pg.~.g.]......[....w...=>..Fj...!:L.q.F&6&N.M.v....C...10._WJ..4%-,.J.Y...A.A.M...rB.$..~..\|.O.3........G.:..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\huse\getouttahere.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9750
Entropy (8bit):	7.968788150361308
Encrypted:	false
SSDEEP:	192:qeTnKPQjMH82gaQyM6RrIP16unLMD8GZzpGEo8llasI9825:qemQjMH8yDJrIP1nCV08lav
MD5:	949E68E37977DC1708EE20785E0D0FD1
SHA1:	DF1DE657B6F72C498212C30B68A23F1637FD0146
SHA-256:	C38F03874BAEC337D7C2F36411D52AC536D8299B82B7B283357E5C8A6117FEB8
SHA-512:	D2C79A817B4764F5F52BB396326EC22F76A8A96213ECF14381ABAFE43E1277705B89918892E0E03A67DF832A11CDD2E043362F77C3E5FD667FF81E08FAAB8063
Malicious:	false
Preview:	BZh91AY&SY...`..V.........bg.................`3.......ww..w{K...K...........b........D...W\.{.:.^.:/-{3v=.c.!..{.6.u.;......}.q...#.z.&.jSzt..N.F..../N....y.....ws.v.p.......I.S.=OSM=@.z....@.=@=M.G.M..h4.O.H...L.&....$.4...@h..h.......1.hM..........h..hd....@..5?$..I.bmMSzPa0.a..F db...i....F ..=.......PjzOQ.h..4....4........Q$i..zd.............dd...........G <.. ".OG..[D.C@.& .(.!.@J...I..1Dw..m.W..qM..8}K....Q]..p"....2c.....V..D.3...H@....(.+...t.U1.Pd........'"....]R....8.........1A.P.....R.8..q...4:\"...;.Ck.c..M.....Q?.~.......$..U..4......I..#.Cby.2 .8..y......A.W.Q...Gp ..i..1U.1ES.U.1UpTp.9...R.+.F...O$#...^>/..y..x...z....O..6..d'...r+.......b...-..U.P.E.....b..<3F...x_.....;.........qs..L.qAs..V.~+.]^.t;.}..t:,:a3.b.9.....Nf.T2...[.a\+......+4....^T...!l...=....j...Fj?O...R...v\.<.Q...t..ps..8.f.`..ps..2........(...x.s!...A....A....F.&H.0A.....:.v.+i>e.5N.sf...........3..g.....US{.t3.I.z}..........O...\|j.......o.m $tm.e}t8^....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\huse\illfollow.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7558
Entropy (8bit):	7.9509292762354224
Encrypted:	false
SSDEEP:	192:DG4mmfkJWdxraNdQ0qHsDh6SYJDfzNrV0tIYlFbC:D7mmfTU3QYkDjIFbC
MD5:	27677E5C71FD423C893B398B2CD17DB1
SHA1:	C6ECC07028C14D6C9BC2A18C32B995FB4D55BE96
SHA-256:	8BD8D62C8C03772104C6CBDDB3B2486C09478A81DDEB3191DF80FD44708E3E6E
SHA-512:	12DF233179D9979DD6F66E93C3DFD918C0ABEF3B80A4190E4AD13AB9BAA8E0C4C355E80F0374C30510C7178D7A1D13FB3A51A632519C013203F12F26220FAFC7
Malicious:	false
Preview:	BZh91AY&SY.e..............@#$..7...........`(......5_[.n....un..ko^....s.{.:...6.O[Y...{.x....z....u..<.mg..v...wM...1..%...X=....7....y^...{..b.jy.&...)...."i..@....4{J..&.......O).M................E4i..F.14.LL...#LF&.OMM4.....FA..$....zO.....4.44..4.........)..=O..i......4..........jLT....C@......M....nvF.@.$..G.........E..$.M2...$b%.......z...u....1.....Pq..~.....s......I..8."#....,.o..Uq>..>.lE$&&"kP...k"...(mA._.3...+j...8...9..Z.N.a.g...n\|.[..z..]d......f.bh.=d\.Q..."...1..]8..EU.Y...k"....2D.......O..c......1.....\q.3.#..3J.*(......."....<>...5_.......OlW..M/.._@EQUa./.....w...5.g\|.w+...E.V../.{.=.\_.,....`.U.)....9.-/j..$..!.g.....a.u4..w..p..{......Yu....MW.&+.......AF..h..AU...u.b...g..N..........3W..vGa....+....].-...k.4.....k..3#+.F0.......3t.=.'.W5..LE.x.:..v.jP.......2Z.M...d.d...\.#(...9.2.V.A...$..Q2hp...'GO:l.=...f..%.j..Y1GY.<.@.%..^...l.b..<.u..KF...Uvp... ..O=...j...SJL.Bm...a(..}.D...=x.w.<...c..;<.........+iF.DfB...>

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\huse\letsdoit.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8887
Entropy (8bit):	7.959763882372922
Encrypted:	false
SSDEEP:	192:0A/R3gxaa2bTraBduT8u6O3AOu7UQLpImf38BJIJ695xing6par0:0qgxaa2jaBduTH3AOu7UGISMXji1ar0
MD5:	3B6672BAB8945E552357128EE5F172C3
SHA1:	FCB75775368F1D27DBB64A6B983251DE81CEEFD0
SHA-256:	234D89EF8643724A50EBB3B01569650F5DEACDABEC4C4DEC6C6F2A67A86094C9
SHA-512:	701534CEC587F84331D15563EEEC044A1C257C229D887D30B357C2CB7FDCB4298B6DC23DFC22CE4F93D0771A1B6F87904A2211E6711BAADC4BFD2FF422B29A02
Malicious:	false
Preview:	BZh91AY&SYJz0..............;b..?...........`...H%"...u_m'....;..W`g5........;.{..z...........yzuz........j.{..n....w..i.iH..yS.....e.\.;Xn..lJ.b......i.@..mQ......444424...yM..6P.....DDA0.S..yOFS..M=@.........~.SFM4..h.......13S&2.42......$(..5.P=M.z.4.............""..A....=OSOP.....4......)......?T..=F.....A...........g..2Q......DQ..e....Y.X..(@......._r<..(....K..a[V.DTi.\|P....9.R\.n..<..qE.D\I-#.-....b.".4..-..MR..."....5T.(...J(.....ETQ.E...."4...[.Uj.v?-_.._)......Ea.ES.m+J...J.H."-4......KH..ADpn........>h....#.s...~I....._.j......X..4..ED.VH".=.Q.A..._b...A.pUA-AU.DD....OL.....<....1ZK<......^J.<Q._...::.N....Zy.DA..("=.T..2...=y..\|...).....y.N..w.....n....j.(...{{...!.4q9....)....{..FV....+]u.c.H"0k...4.....V.=.. ..-... ....t.m.hSspM.F......fp".6I.R..p..Vg.#?....o.....z..............\|...g..[\...U..^.kj....VB......k.t0.7.T./7........z..6..r...D...d.$B........k....M...,D(..2,..P......].s.S......&.f\..1...Q.....~}z...o..=

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\huse\letsgo.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7913
Entropy (8bit):	7.960943735993892
Encrypted:	false
SSDEEP:	192:kEDV4OfuA+5V8A/Cr6OHv5P63WPttg4eOVX6GZtyn40lx5F8Za:LDVnv+/8A/Crl5cKkF/GZgnrGk
MD5:	5A9D707B01CBAE0C7C1112D0577800EE
SHA1:	5ACCD4E1BDAC1A9D937BE4F6CCB71E9569E545B9
SHA-256:	478D693DE6B7683F71D84F2823848FF7E3D06F8916D7B80535CD28DEDF7AB525
SHA-512:	14035891E982AE611A789FAA814FF77DDCC37BAE12CD23B001864D0D42D2C21DEEAC3A3F684BA543E63A712D36DFFF45B5B60B75341CB03CCE7C599626786FBA
Malicious:	false
Preview:	BZh91AY&SY..o...........>.c2................`'_..k.3.\|.{m....W...:..=...:q......z....[.pw..7...s..t.:;....oz.y....=.y..x/wzy.g.....s....m].[wYtz.o.......@....5'..e<...@.......H==H...O..I..b..M...O.F............ a.@.@.4i.."jOP....2oT.h.d..#&!.L.h.@.i.....5?$...E=M=M.d.....C#@...dd...4..h....D.`A.I.OHi...............M.%="$.....=.jy....G..=F..4.....4d4....#...C.z..._....?s.?tO.....I..?I........J...M?W...d.iE)Xhi..E...hF.\|.!.r.@..&lZ...D.DD.....EiE.o....q.%9...E.ZU":...b..?.O..B..@.X......b{.}g...L.i.b.....P<-.<.Z..)Q....ZH.U.D...]*.4..(O..ZR......UZS0E...^..C.F...x"5~.._......i...n.c..oj.{.v.i.."...i.TDAh.".+;...2...x..<.......L...n`wm.7nb....E.<.....0i.y.F.zTP>...<";.W^.:4>n...:X...+M...B..."">L..Q.V..(\|.K....w.Et.t\.>...S. .:....O.:..\|.\|...:1t]...C].....tH.\|.>..u..... .....U...r.L3.a.A..`J...b....j(M@.P..AAR...Bt.&.....J..\|\.Z....0...9..J...07..N.....j./..6&..$./.y4.H.1,0.....x..4FR...b.5.3.....}...>.Vwz.z.........DtJ.._.3.q.w..gGB..N~...V

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\huse\letshurry.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7510
Entropy (8bit):	7.9563076810143265
Encrypted:	false
SSDEEP:	192:9YrJ2TJaw5efqBxJyFgu0r/zmb/6MlzaOQpf:WETJv5XJyFj0XmTtQpf
MD5:	1353F87AE5CFF98562E1CD2FE05F1251
SHA1:	96C9CD5429B786F96D6F76415F4FF7E2DDEF5706
SHA-256:	FE96D75045A9444E87C29CD0A2470A2C3F58782D3BE60DA980CD1A355206E4F2
SHA-512:	B59D4CD65BE9A363C95F7A89D27ED8573844A659CA83C89E3916BE46C75B50C6D4C49E85ED691963221587CF1215FE5E379397F63DAF0416E04DE7D0686B84FE
Malicious:	false
Preview:	BZh91AY&SY.................# ..%?.....I.. .`&.......=.....L.,..Fn..1%:.9i.:.N.;j....w.<.....{oF.9.+..G.;jU...-h..wVu..Xn..kO.......i.14........b........FJF.2hC .........M22..........4.....#..z"!..d..<P...'.cH.2......i..O..D..................).D...P..h.@.......G........IQ\>=. y............7.,.X"..U...C.........;ElPPT.D..TPB.4..Q$.t..,,".+...m.o..j...Q@W.Rp.m.%E.T.&d.=.X...T..nh..?......_4.<..K..U.-TH.Ur...3...!..."".Z....2.27T.m...h..-.Aa.....2b.+.CbJ+P......B.[..lPHh.....V.....4..{.7.n.t.....(.......!nP....e2.Z.DJ.o....oK.....OG.g7.5n.Z..F..hCi.Q~.v.6...5...].W_.l.w...jw.._..M.F...n+..nN.n...mB.....9F./{....8..tC\|.Jsk.d.6Z'\k.]....a.<Y;..v.1(...o...v].....YvY.F,T)..C".k. ".[?....~~-....]..a..J.a..D...E...i..)..i....."k<....1}..<._.&,.............*Y!^9.B..B.;x.o.G.Y.....7..w[.mV..k....NXu1.....b.....Av...V5.".g...jF...B.W0..D.......N./.A..m,......F^...^..z....v.G<J.=.._%..mdv...c.9c....yv..A.....;.....!.^.&...x..7......&......E...'q...+5...1

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\huse\letsmove.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7890
Entropy (8bit):	7.954686622901394
Encrypted:	false
SSDEEP:	192:DFfn01ayTBtXE9VI2XNo7a+/fS1g1/2ttV:DFfn01ayTTE9RG7NAPV
MD5:	29996042790C18306624E7E9408C3EAF
SHA1:	D95B96A77E8D3084A98486AE34D92D62DB2AD530
SHA-256:	34BED05BF98280BAFB33ACF2BB634B6F63D7CB9E3C1DD8DD5A4FD1E2278631A5
SHA-512:	385D0ED14444CF6BCBE65D287BA58530E69DA7B2D0767F5BEACA4681D1B66CA0C280B891BB7CA8C518114AE842DD6F7DB878C6EC6668B82B22736A6A42CE6865
Malicious:	false
Preview:	BZh91AY&SY..,...?...........6...........D....`(.{.B.7...}...Ye..w.wn.w{.{.{.Q...<......}(y.k....n.\|Vs.._]'..).Rx..{.]..]f.7....s.....om...s...;u...O"..&A4..I4.I..MG.i....a.G........h..4.......jd.Q...4..4oQ.4..........S..'.O).@........4............I.OSM.2(..@4hh.h.@....h.P.....OE..=."&).yCFF...@.................~..=O.6..2..z..C.h..@0..A......4....C.{~..~....?...A..t..PQE..y...........5.......#.D...386ER1q1E...qE.DE.q.E.1W1..##?zk..ApR9..E..G..GI2H+IB.".+R..#B..J.....W... .{....?.l.M.e....^....yyz.>v&._=..!v...e.#..... ..S..G.H."....* 2....... ..)I<.Y..1qEs.mqPs...Ba..{...a.).p....TS/eqU....E.qqA..EW.As.).\;.......\|;u....k.e4(..:.4)H.H..H...n....N.......n..U;. .#I.....f....;Q..........U.w.i.w.'y.t.:/6......K...{i..elT..x...w..4b..]+..Ej..4.+...n....`.M..X...4.\$..j.BnkP...r.N..G4.e.WO.i(.&.2.(4.$c..UBw.........U...q..B.....p..uq.R..jg.AX...u......s@F.l...z^.s.../...x.jj......m;.....'....k.wn..T.5.+u...i..f..ua.\|*.7J..\n.8..x.a..}........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\huse\okletsgo.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	19354
Entropy (8bit):	3.8922456009452087
Encrypted:	false
SSDEEP:	384:L/GTsc/9+LSFgSZiPzCDiQFGBH43eb7bxTrZN5pC7tPnebilncLhDBbMM1KX3jPd:L/gR/9ouDiQyHCebHxTrZTpC7tPneelR
MD5:	397E4E6F19121D7D5EA85A26F9431AF8
SHA1:	B9103D3C0FA9B06044C243AD025B0A0B2A71E603
SHA-256:	57180233B123DE106637175782C370A2D495BAB82C5C544111052509826DE6B1
SHA-512:	E26BE400A036982DEE56D6C9E15ED9B85971AF7A04B68FBE7897C2123F94926ED70D23403B37FF2A1DD4BC480310544E15DFD987502D2D64F1CE0C0495427142
Malicious:	false
Preview:	RIFF.K..WAVEfmt ........"V.."V......datanK...............................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.~...........................................................................................................................................................................................................................................................................................................................................~~}}}~~............................~~~~~..................................................................................................................................................................................................................................................................................................................~~~~~...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\huse\okletsgo.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	6353
Entropy (8bit):	7.940435766438163
Encrypted:	false
SSDEEP:	192:Snxi4/UXxTCYaiHaCQ0laTb/HiJnddXVW9Zf63o2:B4qFdWCHaXHiFVM56p
MD5:	A7107FDF6F426ADBB25432E6C3952FBE
SHA1:	A5E7563680F9FFB2F41D81E2EACC4D7EA887C589
SHA-256:	05A5626A4D1C72A5C673B43E7FC133B251A586E9D625AAFB41D0B3F0242E2CEB
SHA-512:	86EAD248261A0EC1ECE2B7123AB2086AC8F1B689BEAD49AB7F17C59399A2F7F45000A8EAA65918C1A5FE4E7275144CCEA31C438BC7221E6A65AF3860B8EC62DC
Malicious:	false
Preview:	BZh91AY&SY..GB..........@3(..-o.......` .\|4........)...vt...ps.....U.^..=PV...P.....^.w....tN.rn.m.[t.u[.6.gZkZ..@....hF.!2H....h......i.P4...AB..O.2................U...6...@.....P.m@....""dh.Q6.A...M......%="@.4.bM0.......dh...i.$.jj{.4......FF..@..........]m}e..x..-...........~F..Ui._jeb.....b.{Em......I..n..7...".B.>.b.#r.....#3...-,.(.6...v ......&.p...=ZK.q...uRr.2 ...Km..W.J..4.]y.QV...O-.f.p.P.E.#<.h`e.FK....p..~?N....D...m"H....*4.....]'...E.E.....O_f.U{.w..].w..[...-..........$%9T...<....2 ....R..c..8...v.::....EN..Ugd:0...`.....;m...0..'.G...pp(b..w.e.W..8...q.t..].F.....N....q..6?..."W. N.M....:.f]p.4JR.H#S...t...8....6".v.fo?U..+y..>\|=i....p.....-..}M.6.i.;....mmm..0..V2A.....43;...5..g..f24.....C..!Lj....o.z...\|zp...s..._..c.&G..v.1.....l..CL.a....6M...f...N..h..../r....a..l(l...S.......j.{W.n.x.........xkm.,0..;I....R..+i..4..k...S../zOc..@.MYNYO@..d..F..Z.K....f.G.d...y..HD...$.."..hM3OH.ds~.M.h.p.e.....V...8.1xd...$..N..L..6..lG..-.^

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\huse\youlead.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	28862
Entropy (8bit):	4.162872959185587
Encrypted:	false
SSDEEP:	768:I8YZyUogaKG4b8fGKbBDHZeVc4Oyan8l80wcV37HCNXuM+8/I:I8YQtKYblZeV/OyQ8l80wNNXu4Q
MD5:	29A8B96B6DD390512C8FAD212566068D
SHA1:	6341F3877ED0437FD86D0A155C52A9D2996C9A17
SHA-256:	7307AFEFE4A9D38844DDDFDE6F6E62494FF376921FFAA8D03F3AD558367ABCB9
SHA-512:	BC6563E72569F4C2479E27EC4C9A8A9C9A37DA37F2B5C143AA2E887D10F3B765953B36F246826A88F6FEDBA33DF200A098F6647924544814ECFFAC137FF36AAE
Malicious:	false
Preview:	RIFF.p..WAVEfmt ........"V.."V......data.p............................................................................................................~~~~~~~~~~~~~~~~~~~~~~}}~~~}}}}}}}}~}~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.................~.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~....................................................................................................................................................................................................................................................................................................................................................................~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.....................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\huse\youlead.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9175
Entropy (8bit):	7.954749632119036
Encrypted:	false
SSDEEP:	192:7FgMcjUQ1uj8PY/4xoC4q7mpXpT8BrOQ3RZmtr/p1GOr9MLr0NVsxeMN:5gMRQ1ZEg74qCz8ROQ3szp1HG0cxeO
MD5:	5DF9964513D0A260FEAA3D9B3A7B91CC
SHA1:	5CF9DFE8B22681B6A53EAF49ECB880FB789A984A
SHA-256:	1310A8C6DEDFCEAB4D14A202CF52444E8598B48B4116D54CDEE1EC78829BEDDF
SHA-512:	D9D175A2B3A51CD494A6F1723462E43A8A1F24572CD82D9DD2B545AE292CA05C9B6C1EF0B45E875DB7ABA808F13CDE9E298384007A4808599F07FC31D5C11C76
Malicious:	false
Preview:	BZh91AY&SY.............w...s..............`1.........l....R..N.WV.`.f.../{.hw..s.........]...z.t.=.._W..'......M...p...;....^....n.........l....n.A....6....jx. BM....OSOM..).O).G.......7.i......Pjx$H.4J~.S .@..............I=4#..&F&L!.. ..&.......1.....J..ORf.0#.@d.#.2220A.....`#..z.DD.eS.O.e......4.......JzD....$m..........4.i..44...h.;o.>....Ny_......(.)......s..4.3<..4m..^'.H..]f*.y...V..i...Di......Dj.iA_.u(..~o....E....%zt...M...h..4...I...\R.K5T..._.@.M.hA.)...3..O.3.........a..C...j>.P}.}D...TA....Y.DD.B.B.i.5...N..)H..j..........=gY...=e.]...u.7j"....5...q..o...N.W.9.y.>m..E.4Xrh..<.a..t.\.]'Nb.N.@7.s..p.g6.+.$!.0.p5..,F.%!..n.9.....;.......Z.e.........A4.Ej5....N...,....I6.YPDF..}..&...6b.+.AN....E..w......!}...y.....)..?...........y...)#\|.."..........T%.9.'8.+.S..B..J..u...-....Vt."...:.3..K!.p...^Hw4.hR...0".Ei.1..j.?..v...m....yn-..m..)#...s.w..oD7._b.".U..XI.f:.{....R..[.......2DE.8`7.OUcZ..7.{.....^c`../.`.$.....G...Gl[.>>.Z....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwarn\becareful1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	18438
Entropy (8bit):	7.981152435764964
Encrypted:	false
SSDEEP:	384:OLyRLCf8S+tREOux6xWEWw0zSBBH8+bB9ykyW35dGtBOZ8f:wyRLCOstElk+bHyGoOZ8f
MD5:	FCDAA7F936748DA3B0383E0844C34370
SHA1:	0C048A8B9A9373F2E70ACD832B928EFA6C7CC84A
SHA-256:	48BE16ED8F1167C6C063DCFC60BA28A94637BB66B9A3A17B7A52F26E7FC63F92
SHA-512:	FA3D5E776257F2DE7F417CFD9CB9C889921DCFBFB9C9FAA51D76D9A608D9231257663B659BE73879543BBB1A1FD626F3993865D89E9E66083C428A7FC10BE31E
Malicious:	false
Preview:	BZh91AY&SY..b............"..1../........ @.`_....><.M.M....wn[.....{.g{.P<..^.n..w..s....TN.V.Q....`./..CVkk..].J...\|Z...3...;i:...M..z.s.A...J..-..R...Y.w..m.(h./p.......l>.....$....1.{....;sn.f....!.z.r.......{...!.g........>.../..>.O.....{..o.=...v........3..=.n.h.O......2.J..FQ.....@.ze....S.."."cD....i...P..4..(.......4."..M.ji.y.5.S...C@1..4......$B@MFT.'....A...........OH.I.0U?M%<...L...h4.4......M$...).'...F@.....h.i..4.hh..c.Oh...o_..}...^.?%......b...z........X..1AF([b..wz...H.E.faF$....."...Q`##P..Qul.U......;P...V..B.UU4...b.dX......0EQ...'jJ+..d.q.h..h.....B.?R[V.E.....(..DH..4TU...[..-.Ee.X.dQ.dh..u.h.r.[.J.5....]......"...[...../.3...w.:Y.\|s.t......K[....3.@...W-Q.Z.m.l.+!U.`.)..`.....D...)#i,2.a.....$^.VD.b...(...K4.b..kP...\l]t.S..zWH...:....]...;{...P..,QN.a.PT.1..J=.... , .H.....4,..((.(.......iGI.]..n2wx.r..9.hNd1....!....=HbUb.$R,..I:.3.9s9..;y....9.ggf...L........;0.r..<^<g...l....e..J...~=u.U.iA.U....+.{.q.9T.UW(..\|..O.<..5A.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwarn\becareful2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	19225
Entropy (8bit):	7.976880001181511
Encrypted:	false
SSDEEP:	384:hJlBjdabARcV0mWaYCf8AqmuLGr94FDpVJZVKKFPMrbw9B:9BBnR3aZf8ANt9qPJnRFPMXi
MD5:	14FD0E72413B18FA1E3C45F5603FB26C
SHA1:	78642A4D98E0D5ECA6087CC50FE5DDE6AA864D96
SHA-256:	2E290183CF1E744543641264A113FDFDF3B5BCD0631E56DF632441AD2CFCDAA1
SHA-512:	FD0963E2F57F6586062ECBA59F9030C8AF14EC6C0F2E893C077A50B96C87523C0FEA48D5A36AC8B59D5AFBB2BCA37EA005E040AE99D55BCD567D39E84CE3E7FB
Malicious:	false
Preview:	BZh91AY&SYxP...;........._..............@..b.>..(E.m.>.7[m....^.-.n9.....^.uo...g]..=.FY{q...[&("..I.....9H..Y.u...n..a..5B.f.P;a.....R#.d.-...T..;..yu.[.WQM.!....b...f...k.cC....). f....N.^..Wf.c&...^.e..R...i.p.s;.sf....qu.i..g...o{.c=...y..."`.....hdLh..l...z..h.'....a..5<A.B.MF.MM4.. 4.....@.....`.................S.H.....j..Lzh..P`&M.D.......L...)...4...5?Sjj..Td...4hh.@...i.A.@..%=$T....2MOy54bi.. ...#C@.....4.}..!.].K...(}oO....OP=O.X..h.....\..z.r4-Z..C".....M %?..d...A.i#R.R?.!.7..PT..."R$.EQTc5w4.9...%..RR(.((...Q..,iF..fd.}HF.V.j.ZQ.....R.S.PE...UUhPT.F..:.E..Q..........hd.T..U"P.B...h].R........-.,r.KJ.....'..&."-...KF.k.U..E..iCL...(.._.>....L......O..O..._.}.....6..g?.\|j..G...my.X.T........4)....e..V.....2."..9e-.."4-.'.....hQQJ..hZ#PU2.)i.....B.....j..=.....M..o.hTnDAV.~^K...h...i}.[.w.u.....O.O..........S.....0.B....R+~..M#H.D......P.(..B.R..4...MU.....T..c...(...-z.R..........4../..gevx..........w..\8..k<X..J./..R...iJYt(...8".g..q....o

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwarn\lookout1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9734
Entropy (8bit):	7.953546663764691
Encrypted:	false
SSDEEP:	192:cCr51pnEExrz2fpeur83tqZ84OkyIyGlxjLZWNGQv5Hs4lj:cCrztxGfpA9qe4CIyGx5gGQv5Hs4lj
MD5:	1BF2E4DF4034B41B3E9E78282EF28D2F
SHA1:	184783EAEF58467D4252D02A9410156FD6DA861C
SHA-256:	AB26A6A8901037FC405B8BD2AD54F9BFD6EA0CFA5221AAAF6098535F44E0E51D
SHA-512:	FEBCF6D12E4755545F025FE86E1D100DEE40057DFB14D9286C2D611EAB8E844B964175F889A1E9103CECAA788934CB49FF1FCB97CAC2575675E58300AC9F547C
Malicious:	false
Preview:	BZh91AY&SY..n)....................................`"..n..P.......).V..[...m.kZn........m.v[2im..k.5+.@^.....C..4...#@..&..&.6&.........D.=M....A.F..4......4..........S....F.....M4..4&..S4..S...~T.=A..h.C@.........@................LM..@d.4.&M2.M5...6..bzM...=OD..'.4.............C..Q..O....4h..b.M=5?.....M.Dh.F.4.@...4...............@.4...........4......................."!.OR..OI.?d.z.OT.L.z..C@......4.......4=A..........#./VMZ.o.=.;....?..-\|q.........."...).#.E.....I...O5V! .S....).....>jO../........x..........}zTP..^..!!.....$..L;........k..4 T..$U..R.)....w..g..l.....).V.(BJ.P...ZR."..).e5G\|)<.E.....@0. ..$Z....'.'OG...%..m......D.K?_.'z_G.c..I.8....7..6..m^!.Y+<.>2P..Y.@.w....\|x.jJ.0Hq.n7}..%.:.<H.....ZUm.:V.i.....T....{\.;.f&../......%...:...z..>...C.. C$~w..J/..WT.....&.g.`..AG.....gJ..H.F.]H.....o.>.g.....V....z.mo..6...d..U.8Rc.>B$mr..-A.MT........8....Vn.X...g...V.!.....@a.z.].].,k?-7cC`.&.ndW.....Y.A6.LE.HF ...}k.h....f.k..z..l.g=.....s.GR..;

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwarn\lookout2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8110
Entropy (8bit):	7.956327047575606
Encrypted:	false
SSDEEP:	192:/vKwv3oOu5JRZmJDiVkX7PRJPYKjvQpBpF:/vf3oOKJyJeVk7PHPFTUBpF
MD5:	5ACB95E4BEA6B99D40DFB8CB3E15B9C6
SHA1:	8644EE348983A846E271DF1DB7B162117AD05D53
SHA-256:	6A514A20543E3AC2A7D378B41E482ADDBDFF42F352C99D234F11DF202EFE1FC7
SHA-512:	9292611081B23B063369CCA5FB61FD85D83BB1269F92D9F655680E26482B20524D498FC317F44FD0E0CCB992BFAF9B2988FE39DCE744B9F02FF92BE48369659D
Malicious:	false
Preview:	BZh91AY&SYlED...{................................`....z..a@(......{..m..7c........v......)W.T.-.J.S.....L.4hL...`..Lh.4j..~....=..A#...I.....44.@.M............M=.....@BeO..E6.4.e<...3iG.=M.Q.C#@....@h.....4....ET..4i. .@o).L)..I.d..x.........FL....A=OP...22b.@44....0.....4..<.f.Oh.=Sjg.?S$..h.P6.@4..............h.....@.....h......A.........F...&...4d....zD...b.6.5O.L....j.SOBzM.....@.!.M..h.4...jhh.. .....p..y.. .........z._.0.......B..UP..@..K...{.(.uD.@..../..o.........K.......B........ ..~..<.u..n.......e @.t....,....'.Nw...o..XZ ..u2.$.....XMH.....(.%/Q+......D..B...}..>@.'..7.{......{.y.m...#......(.t.....v...w.1..cL...=.;.%..v/nu.].T....?)...i...k...W8I.s..kz......_#...qF8N.....L.......LX....@z...F..9:..>..EF.Yz.1$..c}o.<?....<: ..qNJ..5....X".L4I/...zHP\|0..`......-.x..i...<.)..._!..$.&J/...L1Y.....J....$..Vi.(..}a...I......k...]....Y.b..",b.X.G.K....x.Y.T...1.a.I.XC.z.%C..Q<[.#ieX...i..M^.^...hN..X P.......+3.].h`.....!6A

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwarn\overthere1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	20794
Entropy (8bit):	5.370618355583772
Encrypted:	false
SSDEEP:	384:ylrh/o05HNlGn4Dueb1uDLRqFUu2/4T3tvE7im8rR2n/dhqPGUJrCb0IruE2:Irh/ntU4Du6c3+t3tvZ2n18v
MD5:	F4621135A121D096747FABA22F4CD811
SHA1:	3CB78731DDBA58DD0D89469D4CE3483C05E75087
SHA-256:	4FB46754F6CD19ACC11B69AA855F77D96B1137CA3DCA3B827086D5BDD7C2E360
SHA-512:	4CF7460B11B9A652A310263F11361430D1E43380110B2335FE4D68FF5C67202CC8845E3CF323112869D158B7EFB98CB5139990E114F583933186D0C3EF2C0F56
Malicious:	false
Preview:	RIFF2Q..WAVEfmt ........"V.."V......data.Q........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~.............................................~...........................~~~........................~}}}~.............~~~}~~~~~~}~~~.............~}}}}~............................................................................................~}~~.....................~}}}}\|\|{{{\|}}}}}}\|{{zz{zzz{}}~}}}}}}}~.................................................}zz{}\|zwwxyywvvwwxvtrrrqplkiklllklmnoonnprsrrruyz{{zz{}}}~................................\|}~~..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwarn\overthere1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	9463
Entropy (8bit):	7.964747124044881
Encrypted:	false
SSDEEP:	192:UEyU+awY/26PKmdtWJd13vEKM0ryWEoDofY/n:mUQYFP9k1/L7r4+
MD5:	AD38F0ECB997526541B3E80CED8EC289
SHA1:	3C68C1497A4F026D54B1BC43CD8B16766C6A2BC2
SHA-256:	2FE9DBD2EC4EC646B92010581AD4D00DD0B2F4CBFC8E1E27600CC9487FB11681
SHA-512:	2403C9FD0DCEF07BBFAB2F65E9ED962DF490F72F91B08659C220A9C45A8D1DCC68B5A192BC618D8E903252E7CD82B88F67708D801B37F3617D5E78320A15F1DB
Malicious:	false
Preview:	BZh91AY&SY.e.2..7................................`"..8.q.....gZe..S......{.wn-a......f.z.e.m....<l..p....q..o{..w.{.v..Z.....!T..T. .2`L.2d.....d.542!...zM.h..h4.z........F@....44.".. ....h.4..S..y4(.....24..h...P.A.....d......d....E<#@"...L..j~.~.....?R7..4.S&.......i........=G.z&.....M.442.....z.......2fM2.D......z.......h...4..............M...............................B#@..OO$S..).&.....SCOMM2.2.24...d.dm'..@.............MR.wzz...G.\|...~..7...s..5.=z.Q.H..DP.B..G./...$.G.E..}\..cQ.D{'eR.?..#.f..i..e.}...r...{Qw.."\|..9PO(...P.R.!.B...h.!5Ir...N....k..w....R...A.P@(ioB.[.8u'....D.(KR...-KWS.[s..k.....V)\......2..+..W.;..U.=.J.E"/)L.......(j.?d$.J..\|%.!....9K.=..`z..q3.....\W..oE..VPS.\..9.v..y.o[_].:E.......$.../t.#G.....S(w7........].N.R.K,%ow...9r..)....[]-..,..;....o.........o...\.N.........!.?O...........6A..>~8......k..~.h....{M...TB..j...;ho*..4.\.5.!...[.B.G...st..]..H...k_.......l"n.te...z.V..QjIt..'....A.3...L-.B/...&....>..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwarn\overthere2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	19914
Entropy (8bit):	6.693700796548672
Encrypted:	false
SSDEEP:	384:8mjlGr0YfLdxXve43xwn2rGd7zgR/TY85kaTuaVHeAFCn0y4Ufe:8NrfLbBBKgR/T9kquaV+ln0r
MD5:	F6762522645C1A2DA263374052B7750A
SHA1:	7752BB2CFF45AA3D1CDAEB63483D88C8B72F360E
SHA-256:	BF491B9017BC87DB471E0CECA13B0C6A7AD502FC003112767545DB45DF9E7F67
SHA-512:	98965EE8B7708E5A21019955D41ECE583C8C2F2E1260AF134EC36EC8A1562D9F880276EA81FA81A49E1F590EE57CBE53701BDCB75488A5051597C3881251DA30
Malicious:	false
Preview:	RIFF.M..WAVEfmt ........"V.."V......data.M....................................................................................................................................................................................................................................................................~~~~~~~~...........................................................................~}\|zzzyyyzzz{{{zzywwutqqpppqqrtuwxzz\|}}}~~~...................................~uqjd``cflt{.............{xutrqpnljhffffffffilnqttuuvvvutqpnmmnpruy{~............................ulcYTPPU]kw.............xspnnlljifdca`^\[Z]`ejotwyzzyxvrnjfccdfjnqvz~..........................q[M=335<G\q.............xnjgfffghgec^ZUROOPSYaksz.....ztkc^YXX[ahpw.........................tXD0.-.07Nj............uib`^^`dfec`^ZRKGDDGNXbkt{....}ule_YUUZ`gnw.......................]E2000029Rn............tia]ZZ]]][ZYSJB<856:DNZiv.......{qe\UTUY_it...................jS;0/../1<Uo.............}vplifa[XTL>40000013;Mbv.........reZTPQW`n......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwarn\overthere2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11773
Entropy (8bit):	7.9723493278923705
Encrypted:	false
SSDEEP:	192:VhqvARCJwjLISDCHF3EIpfKR4YY8PIr0aT4yHG/o0F8EsHLQtKeyerUs02AwRXXi:GCjEXK+8gr7Eqk38EaQtOer+4HNvpxQ
MD5:	545D0A779D3DB5B6DD2EC8B41B1C1904
SHA1:	DF3599B513FE651D2DC45279E0831B499746AAD3
SHA-256:	E6F0D05AB7052CBB83A23DB2BB71C4BBD5B46F899495494E2C3C8003CF169583
SHA-512:	E0B4EA5A622DE253E6420309C8323710CD3C16526AA613D528ADA67CC47D4DA6E8E07676FC6663A9CE28AC7CC6FA698080F2ED7867FEB21CA6FF953121320B69
Malicious:	false
Preview:	BZh91AY&SY.3....................................`+?>..>K.P...8TA..j.Wm.....N..wwwu.k-.^.ak..z..$..Gv.X.f.[;r...)J.{jUz... hm.d...v.........FF`..F&.e10.......D.yM4.=.....@....@i.h.!.4.....U?..@.....&..0.LF.M.<.M..h..C.....z....@..44l..".....@..~.)...jz$..2.F..4......?Th.44.4............EO.....h.M3..$.)...Ph.......C@....................@..........2..h........h..5?DDD..i..yO....Di.4........@h.@............h.:.y^.5H:{}=...?3...}........c.>.^.!.@ ..+........V$a...e%-=QB..=.J..x.y..m B.....!..........@.. ...H_l...p......A. 8R........6I....:D....aTH0...o....Q.<....X..6.6&`M.CO.i.x.`..:.......#...+........y)1......G./.@......=eV..kdE.U.^..2.b'...(...o..**........e.U\|.UD.OK....:w;`2...2ny..@..........,....zE:..........+....'...[:..X....`$..a.........J.....;.3..yqm....l.X$`J....&..........1!.k.>...t.\|!....-.....'sT>./...B.gy7J,j4.......w...z#....C.J\6Q~_oZ.P..jV.I......./..m.....F1.]......7Y...A.X.HF.B .9".......z.r..W_.P.L....AR.D.C+.p.(.@..A...._O..z

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwarn\stillaround1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	10758
Entropy (8bit):	7.9606719479652615
Encrypted:	false
SSDEEP:	192:4cs868hx7dOGTm4eHq/ugVK+ZOOgRQF6ON11redaE5byv+wvRXQuRzvLKUD:4BCKnHGuAkOgKF4aE5WWwvJ71zj
MD5:	31BEED79176D4B164A3BDE1C6B6AE645
SHA1:	1DC37BF35F2E550DE4527D5C7E6EE9730A338378
SHA-256:	ABBFA36817C30F0D73AC4677777CDBB9612B7F4AAE1FA91E9828F26DFAFFBA59
SHA-512:	80281E35B1151AC37670ED7A4192F2C4D14F20F825ED68790B178A07BFC778930AC9C8D887BAA413614A8F81F3EB7DCA9695AC3F11002F4F3E35DDA40A8FD7B6
Malicious:	false
Preview:	BZh91AY&SY.).............M.+`..%...........`>.=@&...0.........;J..7j.......G..M.+Y.Y'+rt........b4.....n....n=..[Z+....z..f..]S{.FU$.u...R.....Zk[....N!....6.7M.sw..........j.84...A=.C.E4..I...@....1...$.&..."".&..OS......@.2`....f..@.."..?&.T.T@.....F.......A).!....z...............h......h.@.....d.I..$.jP.zi..M2...!...C.......F......\|=#..YG.O..u:.(.....T~.L,.}T'U..c.0..F#.sQTUQQE.EA.y.@....."...T.P.\.GdEUI..S#.e.p......I.QqW#..q\TE.AT.....UT.I..(.).DV}...6...>gnb"...8..jAE.UL\....AE.\\3.PP..#....D...QE.".+dD\.. .Q...5.b..R.t8..z.b..&w.(v&....>....;G.jw...w7.....\|#.P:.A]GU....P...$................Qs1...FI.A.AE1..EXpUE"....Ul..1H....PE. .U..P.p.s..+3.#...".G".c.....%EUR.Ei..r.%3...u..~....}>......^^~d8s.j.9?#4Q.D.,...TEPq.!....3#...$.pG.W..qs..TU..PEs...S......S"..34T....@v^>..2..?.........F. ...`.CTs..dq.q...L\.S0U.pC....~..86..7s....?[..wt.EolYL.p..Y.QT(.u.P....+m.M6.x\|.6.6.Z......I.M4..\|.6..5...5.Z...]..oT........X.K5.J..zl.j..../..s.Q,-..n.c.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwarn\stillaround2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	13694
Entropy (8bit):	7.971133242894675
Encrypted:	false
SSDEEP:	384:NlXCcJDm7uMOSiMv/fhz+ZsxH5ziLimGhrud0NgKd:NlXCcJiR5ffhgUEDG1l+Kd
MD5:	727DC1012DAC06D0BFA3219BE9429071
SHA1:	76215F60594A18307E058B4CE3B509CE58299C94
SHA-256:	75556A6A3F89F57B9DEAAAC4826E8D29A0D447E07FF1994575EA18907D578593
SHA-512:	6155A0D663EC152E8A79FC650437E1A0B2C770AA0778BEB9482B379F247F2732DDF42AB389EF558A50C4862DB660762280098CC47EC0867D66CBAF61B946541A
Malicious:	false
Preview:	BZh91AY&SY.Q....x.....W}-dhw!..w.........`H....Qu....4...}.[..y.;......{.:.....x9..z.p.y.z..vZ........kv...=7l...u9;3.'.4z.A..5l...:e1..m...j........k..p4ov.f.j...{........s./m{.][7./m.y..n=...^.;.....J\|5=.....L..M..$..M6P......#d..5<" ..<. ~.....C.`#.HL#.......5O.I.....F..&!...4b....&.a...O."A.$T...@..2S#.d.....4...4..%=.DQ.Q?UOzF...R~...z.P.@.........%="""...j.FD.d..P..@..h.FC .4;C.@T..2.R.0..H.kV'.H"....%2.R....J.Q.F.j....((...p._."..ZP.k....,p& ..YZ.[,...Q...LP..W#.UqU.U.1....?.....,`..."..\TE..,.....`89.b.....#.)."&(.(...2..I.8..`.S$........."""...E.u."F#.&""@.)J.c.i.Q....A...4..g..F.N...._.?o...?.}5.>Oy..w.............~.....+~.Sb.((....DR5DZi.$...eS.p.8.....a...8...............2+.........Q.ZDTh....Y .D+.0..R....R}.....Zwwvy...9."u=.:.1I.iV.+..vi..iQiO;5#......T[0...DT.J....2.Qk.`.O3.....a.....:}.s...... .....@z.DiiOS...Z.@P.A,..#T.T-..^.B.3.I]....}G.../....C.v.C...v..... (P..;%)J.(...F..e.!......y....m...A....H..nI.. ...m../\|./......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwavect\helpme1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	11127
Entropy (8bit):	7.96973384173441
Encrypted:	false
SSDEEP:	192:BFoOx3Vc5rCehhSkDmT3Qqa1Qte64KXGbmRZ0bUItCjrPRFib6xwBhb4vIKQxl32:5ACORmrQRut7henbEjrPRFE6Gb4vqP32
MD5:	B3BF024E9D802C17633466951894DB9C
SHA1:	4556819BF9B6E66A404E481BF6193E48A374EE1B
SHA-256:	9F4C6435E21E2E92E506D053A8110863889FBBB2187DDFE073C06C344DF2A4B7
SHA-512:	DDFEAF8754E781B5F4E7E374D6E27C26E8497C1889CB4037DB4A51782CFD74229CAC727C944E7ABED84FF65BE88FBC19AEA3607128ADFDAD1E76E18CC4DA3122
Malicious:	false
Preview:	BZh91AY&SY..B......................................`'^.....h.(+.HU..Z.R.i.h.[...{.=.......=. 8.../....wu[....m.....:..l)@...U$.zES.4.....20....4..S........zzS.D.(=M.=F.C......@h.24.@....z.....T...FF..d&.d. ...z.I.....z@..OP44...j......4..F.z.z..M.E<......b5COS.zj7.6..P.hd....i.A..Q.4.....@.....C@...........BmI.'..iS...T.B#.@44..h................ ...T.D...#....2`........L.............`.0.L4.B.#I...L...&....M'.M.F.4........................L.`.....B. ......... ...`F.`..!....Ca.......)..+..1 D.B..2. .)u.@bd....NPz?....S.M...../,z?K......5...A C.... .."c.Z.#....u..M..G7.\.2.9.w...4)B.\....Z....#h.@L4...4Z..%.....U.......yn....VU"...J.Bk..mJ.2.]....f9%8T&....w.^.O....g.i....g8....'A...q-..].CQ....=......Jx..S...L`Ee....+..TB..j.d..MS.......oPS.Dw..`#A....)H.....>d....4u......K..QL 5....R,Yk1...,).....[J=.n....a...`..T..&.u....c.G...!L....e.}..........I.!8.(1.r..........@..],L...._K.....N.[..s$..a...(.Q..ob..':....`I.~'..Z.G.aqn...7.E.r.i.U....R.R:.@.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwavect\helpme2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8490
Entropy (8bit):	7.9497202563634115
Encrypted:	false
SSDEEP:	192:ErzK6zHFpJ16bCvdJr4OR2QVlvKSTweuL5YUY4Aq9Gr4o:iWarJ1Fvb8O4QfvPE1LjX9W
MD5:	6BC8A58BB249AE1A07D78A1611019C0C
SHA1:	F11AAC39592D109BAC9B283B41FAAD17A00E20E2
SHA-256:	469E9EBCCA71F8C678AEDFDC43EE7961EE8752DF9047450C1F1661B7F9CF2AFA
SHA-512:	27FD376DC2EE6C145AE9936EC78F34FCB0CF7804D8EF51ED29B75AF523500F1CEF20F2E1A637DA54C532C0BCE655365041CF67E8D22AA812489F02BCA978967A
Malicious:	false
Preview:	BZh91AY&SY......V..................................`......z6........[.)44.f....@.......6....z........"..DM0..`....i6F..F..I.5=..i1..A.4... h.h.h....4.......?..4...b.&4i.m...L.RoLS).L.F.zM41...h......A....A.............`.#&#@'...@.F..G..4oT..6Q...z..h..h..............dh...O....z)..O.....SS....<..=A..=4..I..4.i.S...Q..@......=C.12.F.. .d.hh@................4..4..............%=$D..T..O&.. I..h<...P..4.....44hh...z.@..b..........s..b..$.'.......@z6p.....`.I.JZ...y..H....i.>R..JY....1..>g.~..p.;....o-.,.....4.Ts.F...(...p<.i.7X....p.w.x.....4...%.8.>.7m.lZ.q..h-#\x..w.M.V..f..E...m..L....h...5.t.......RJ...'s..j.....o7.8......J..-...<vly.l...i..<.G....+.....1...{w.ob3\.`"....).H.R.k!;...........B..........q.......O.u...,.C .{..c...../.R.,8.By.D"..\'.51.[....$"(=.....K.;8.@.u. .[/e..rO...T.-..$c\|. .?..g.]..2o....../1{.YPA....l.$j...X.....wW<.6...,..Q{.....r'....:.......%.;.$).....nG...w.....Y.....g..[..5....M.M.....#.y.......DXP......r..$...\X....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwavect\hey1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	8398
Entropy (8bit):	7.953401144152615
Encrypted:	false
SSDEEP:	192:9VKVKlh3XQ0y4E1YGyPG5FIsZuoOAfwo5O7x5dvVhZ4B3:KunQ0NyDyGrIsFOAfwo5O75vVhi3
MD5:	6B97AA30745B52C1D2E7CE469B615634
SHA1:	2F3BBAD038C06F6342FD28B173FC607838C77D56
SHA-256:	795A49E54C64AE0B73CA76D70675AACFF14B77D22DCDFD0D1CC5C4746B40AF08
SHA-512:	B4312DC15694A304CCA743626C535361A0E895A161788C92F86D4AA754F61F3A2705F3811371315BD4AE63452C07A2749F070C172D70DD7D05F7369F5E50B12A
Malicious:	false
Preview:	BZh91AY&SYE.S.....................................`.......h.@.Z..v.)kU{.n..6..c.:..;ev..)..o..F...p+A.:.:....11...4.h4........f.....z.....4..#&@h.......@....US..@..M.@....?..S.44.Q...S.4...46.......4....h..z.h.....EO....Bd4.......d&.I.OH.5.Sh..'..L.4.F..&......b...@......EO.D.4..D.z.zh...D..2z.z........@..............h....@4....@h.@...4...@4................="...z....O.d)......OMM.zj42...4.41..mL.2=#M..@.............../C.eY.t.}...7........1............/\...+EA_R#...../..H.{....[.V..@...r..RR@$@...P...n........F...lKX......6.Y-3.F.P...g*g:..,...........!..-...FmY.ULY;!...k.......r....R.B..&T.t)..w..W...M...Y..^{..>'s.{......`y..A..=.9.i1..wx.p.m.t.gAa.'.P.W..G......J.K..U..(......$;U.0..hT..H...ne.:.............YR/6N.t......1H.%f.j...~.V.....gVAA....7..6...s..0..(..v.%R.Je+.H$W@.O.....Ik.....8(g@.9.FE..@u'.n...h.+r.=..F..<.....B.... r>.O.V..(8e.......5Y..u...F(.......(^.g8B`..zv.-eTp1...j....>1..0..../[..[D..r.s.,.O...-.n.`..1...^?.....~.J%......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwavect\hey2.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	7896
Entropy (8bit):	7.946743674621587
Encrypted:	false
SSDEEP:	96:4A32abeifZabnLOMrTJAB8yVcwhCvVGnM4snl7ZJEu/tnIHC8bqUE36z1BnXvPiC:4sfQWGAB8bTMnM48BuHHOUm4/Ve3e8cf
MD5:	AB174CCE7820D5AE54679ED5BF2D9CDE
SHA1:	E04CC04A09AFB9129133387AB75A451273C26EDB
SHA-256:	3F4973D7980177ADB208B2F827F8BC484A2CD844E409D9E92A89E549F50DCB93
SHA-512:	B26F350FF5EA20629067FD783B9D96DD40EB6D34D35105F6A2640E18D267B7F9A60028A63F3251902127C4E20E8DB834C0C799ECBE7321D6BD13220085C64745
Malicious:	false
Preview:	BZh91AY&SY06....m..............................`._.t..:.G..)..v..U..m...[.......m..[....7`t...@..S.......C@..Bi..S.4.Q.....SO.=.M..4.4.24.4.A.......ET.h...h..".......O$.zP.........h..h.h.4..M....@..U?.&......y..5...y@.i=L.h.........@....A.......SM..S...4.... .M4....)..=I.mM=@i.....h.......P........ .4........i....a.....h..i..4......a.......S...=4.....M.............FFj4444i........j..:...v..;.}'..^...........>.L.`.LA...H .F.:...$ ..@^.L.Y....:..A^...#....#\"..k.0......c\.w!.Z.[.oq...9-1.h.I0H..P..B.cI.S....0....."..@.7`H.h...."F.\...=v....m.`...A.:ITe...9B.t.%.<.....Q.)ZL,{A....@#.0.....K.Y:Gs{. ......ua..8...G.Umn.._..C.w%@qdY9.B.)...n.U..=X...np.p..yQW...y.x#.....NN.........."...An..:.........v.Qc=$/L.2...3..2..o..d9..6..Y....-U...v..O+..f.LQ.....,...h.X'w.\|.m.di.).Zd=\|M.=.T(.*...Z.vc..}/.....&r-Y...A..9.....^.^.......P...Do!.K.j....l.....:)C..2.&.=z)8E.`..8.."..0.A$...I....k2...p&..$._............]4u."..EX..-.o...F.].%.y.....(..e...Bj.b.I..0?y.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwavect\overhere1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	25610
Entropy (8bit):	5.586287496373837
Encrypted:	false
SSDEEP:	384:ZqXgLnfGbtqYETUOV1X2TIA1CfVcApRhymyupX0GPD2lD1mdm9QKLm:ZUgStqfTBV1X8UfVTpRhymyajuD1mdP
MD5:	5AEB09D39C621BAE774A2F3B9635AEF9
SHA1:	A0F1509027CA5287CABC81F2FA74F9EC4B1E59B6
SHA-256:	B0321E2FBD91DF2A238D303F0C0098D23E62F7F55F99715597C267E311143DBD
SHA-512:	A9A2B42B0357EFB70E1128CA27B7AEDA3883BD0258DC9045A929FD6687949AFC831FCA0C0732BA02AB03DD8E0084C8E8BE1750E236177339DAE4556F7D795B60
Malicious:	false
Preview:	RIFF.d..WAVEfmt ........"V.."V......data.c..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwavect\overhere1.wav.ztmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	bzip2 compressed data, block size = 900k
Category:	dropped
Size (bytes):	12431
Entropy (8bit):	7.961730266627248
Encrypted:	false
SSDEEP:	192:RXgWzubuQplmO8c7Pyh9FFf5ujqr03p3FokhVEEX1ClwoPbTRvEhQiuXuyLHJssW:RQNmVc7K7FuWIZ3WAVywgOhQigzHJH8
MD5:	90C10220BC3DAC2803D2A2B3FBA3DCC3
SHA1:	C6FA499668043D1B3B56B46AF2CC40D188984171
SHA-256:	6ABDF543FB14934D2F06260E71235A3CC9705A4AAA64BCE597C70209882F1748
SHA-512:	556EBA5DE23F4DD863BEAE3E1879A2AD8B1B49E32CA0FCFC31031E1BA5AB36BBAC38C817AA44FECA7A0725611E6D324A66A0AD525856D7E535C93ADA5361A80D
Malicious:	false
Preview:	BZh91AY&SY]..-.................................h.`..>...=.RQ..R..G.Z.J..L.{......wql6.........K.............m.......1^g...[....iu-Ui.`P...........d4..`..&"=&...m..T........F ...z...............@ .`...`.....&..4.4a.....M4....4...=@.2..@h..."..M.!......i..j~........................~..&.5M.(..i...B....d...h................."l.S..5'..o.=@h{R=M...z...4.@.h...4..@..........4.....D D.j.).F.M0.....di...P=F..Pi.M.4.L....4................z.....?7..._A..},.../b.{. ..T.M4.... .H.$....B..:.E..<!.t...4Z='.......Wn.q-.Sn.#.A.$.]L.bB.U....u0...\..s.;.o.9w.\......P...JW.)....`.U.KEK ....\AJ.....4..T&.j..p.!..R..n.....AB(...I\.E.....^.}..~.zmb....m.g.\|N.6.%.'...>..O'-...c.....Dz....:? 7H....A.)..K.....Z .X.Q.?} ....~...bC...j5.@U......s....h..;W....F..`...}....}..y..w.{<...z.....S.Z..:...'l.q..hq.H..`..]...t.,....k.....Y%#>z.E...i..4.<.........s.,........f.~..5rO[dk..?.v.rt.#.n..._(...`(..e...NLP.S.f..U.ZNkl.^1S.<..'#Lr.....\jL.VU].e.D.={I`n.y.JV....Xz.?....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\hostage\hwavect\overhere2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	27670
Entropy (8bit):	4.927183183405097
Encrypted:	false
SSDEEP:	384:bzN6UdDm/O5JF+ylC2iviVRWFHTL1c1Vqk1RmBxedeXUmJQ8Izh:3N62y/oldVRevmw3eAUf
MD5:	D01D1C468B533379D71E84064A948671
SHA1:	DB3993BA965C18313FF7940F9113849A011C69E3
SHA-256:	281307754421B1FC036702F0382DE992D0AD78F5E876186DCDAEA26890A4A78F
SHA-512:	53E7C2D3D231A5746EDE2C7CC12A4DD023A64FC233F965B6DD6DA983B18AD166528D1ACC3C94A546FDA0DAE0353F7D09483233ACFD987FA30D44134742998483
Malicious:	false
Preview:	RIFF.l..WAVEfmt ........"V.."V......data.k...........................................................................................................................................................................................................................~~....................~}}......~~......~~~......~}....................~}}}}~........................}}}~........~...........~........}}....~}}}}~~}}}~~......}~.........~\|yz}........}{}......}}\|{zz}.......~\|z}........}\|{{}....}wvwz~.................}xspqsx~................}wttwz~.}{zyy\|...........~xuwz}...\|yvvy.............}}{zwwvuuwz}................ytqsuwyyz................}ytrtw{}}~~...........}z\|..~zwvuwwx}............}zz}..zurqsx}.............~}.~~...}xttz..................}zzxx}..............\|z}....zwutv}..............\|{zwvvuww{{~..............{uuvw\|.....zz}..........{yz}.......~}~..........\|zzzz}.................~zyyttwx\|....\|wwy}.....}wtvwz....~{\|~~...................}{zz\|.........}}y{........{zzzzz\|~.....\|{z..........~}}{

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\items\equip_nvg.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	11070
Entropy (8bit):	0.052920136488938854
Encrypted:	false
SSDEEP:	3:GOX1DxE2Kttl3:GO9Ktn
MD5:	4B734D9385E8488462429EC4CE5E5317
SHA1:	F2BEEF1D46BA5761284A55C0E5EFBCCC89ED9DB2
SHA-256:	EE25642D00D071694C0EF8A89E75EB524EC90A79DF8908DF76911435571B6884
SHA-512:	8D661CF3DB8ADCB185C75764703D7D6F4B32A2FF7ECCA1D6914B7E72789231A715CE5F41B07923FD1B7F239D8C5D50BFA5FAFE9B531D4C8D469D8BFD652BA7AE
Malicious:	false
Preview:	RIFF6+..WAVEfmt ........"V.."V......data.+..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\items\nvg_off.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	5848
Entropy (8bit):	1.623017586884303
Encrypted:	false
SSDEEP:	48:CAHkxsnL7e4Czu8EK3JW6sOLfI3gsQFT50NO:nHkUbCC89JrfI3I2NO
MD5:	A1B6B2F9F371EF57E4AFF2D6149D818F
SHA1:	7F620FBB80D4DAD9C7DCF1C32A053CAC031E6A58
SHA-256:	D0C23D677BBF16BF3B9A988D4D189F328C2B5F087600FC7928D515BE0A843D57
SHA-512:	BF28FB7C1E68D6F4BCE8F6E033FFF13D929E0F2E7E34D19F97B5B113613FF0712DC81C69271DF9B1E07E240DD77A350E7F64ACBB2D6FFCC4EFB4943384976DF4
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data@...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\items\nvg_on.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	38836
Entropy (8bit):	3.0554842391252146
Encrypted:	false
SSDEEP:	768:Rl33/u4+bdcTad4drPS5//y57G0eeqVXLrkoKs/2ZbjFgpRGFDOqwOg5Y5ljvGQm:D3Pq6TaWdrPS/y57G0eeqVXLrkoKs/2e
MD5:	E4D5F429791EF3C846CD097043A04A18
SHA1:	26E23D4D616E8C42D3C262CD9C004C958C38D244
SHA-256:	9B437E9F2251C53E840584DB826E2BBF0C1CCA7C6F248F0CBF32DA54F3A2E143
SHA-512:	6F890C5DB8CD10903CB6AE21322CDCD4EA9FA594234E3CFBDFDD50E153EFAA0BCD5B857FDB95B014D5C2FD264F2029CC82C5641C2A447EAA0EAC4CCFFB15370A
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data.............~...................~...~....y..}f..p.tb...?....B....;A...ln.F...gR............Rp.ss....jz..{\|......paxwy.y{v.......{x\|.xmh....z\|..}...\|z....wx}w..ol......}}...}.\|u\|..y............~..~{u}\|~.{q.......w.....{~\|r{t\|z.........yuz.}........{\|.y..{..x.{m..o{jq.........vte`........y...qt........uz\|s{............~rrsq{\|.........{y{ts..........}x..t\|......\|w.ypv..........zzy............}\|...{.........~~zw........\|{yy........}.......}.}.~\|}}.....{~.........wy~~........\|}....\|~.....}....~...........\|z}............z..~.........}...........}}.~.v....ov.xl~.......pl.zw..z.....h...{qst.~.......\|..~wl..j...nu...j.{z.ht.e...@..3..E.`..#...iX...AZ^...PV....d...@F.....f......r.l.....Z...Z2.........Ef",f.......]$,.a........jW.m\.c......=?3;.........p...:.k....t.de...be....u...Yt.mfxx`........t.wx..Wg....y..f...x............\|tm\|p{......u..kl.au........vu\|.y.....~w..v....{t..z[..ox..p......ci...q....v.gq........{{{p{\|......lz..z..z...xy..}\|.lY..q.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\materials.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11851
Entropy (8bit):	5.35089499013644
Encrypted:	false
SSDEEP:	192:Os5I+4xhITMvWXXItazhf12diijUST2TM2vhx0oxESrcm4a6:Os2DQ6WvzhfA8eYXgm0
MD5:	27F04F561AB6171E88E0139AE5EACFF4
SHA1:	4DA2694F713A474313AA2031C2547133D806677E
SHA-256:	AF841038031F2C9CA133BDDADA406E03D7C7DAAEB6DD13692ED9D6D621C27F11
SHA-512:	E444EC9F332C262FFE28E38752800666325C2F31580E61F6D2E42D0798EED663158A67C70267C861600EE9F2973628BD34D4001BB27F39D3FD9A72D721CA737C
Malicious:	false
Preview:	//-----------------------------------------------------------..// Counter-Strike..//-----------------------------------------------------------..// In this file you can modify the sound the textures give..// when the player walks on them..//..// Location: X:\halflife\valve\sound\materials.txt..//..// NOTE: only the first 12 characters of the texture name are used..// NOTE: a maximum of 512 textures may be tagged in this file..//..// 'M' metal..// 'V' ventillation..// 'D' dirt..// 'S' slosh liquid ..// 'T' tile..// 'G' grate (Concrete is the default)..// 'W' wood..// 'P' computer..// 'Y' glass..// 'N' snow..// 'X' grass....N snow..N A_Snow..N znow1....// AS_OILRIG....G TSBgVent..M TSCaution..M TSCprFlr..M TSCrteSd..M TSCrteTp..G TSFlrGrt..M TSHull2..M TSHull4..M TSHull7..M TSHull8..M TSHull9..M TSIBeam..G TSNoSkd..M TSOily..M TSPlainRed..D TSRfGrvl..G TSShutters..G TSVent....//-----------------------------------------------------------..// plane.wad..//------------

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\misc\plane_drone.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	229430
Entropy (8bit):	7.234740249698475
Encrypted:	false
SSDEEP:	3072:jn+WUDlJp4z/26HDSCp/S5X4wH7d65gfYAs1v8G9f3z5JRXb6:j+W2W/26HDSC0IgQ1193FJ4
MD5:	FD6B4351E1B242858600687DCA86176B
SHA1:	BCD8F4386321737609D5F5AA8B7DE37BFFC3852F
SHA-256:	71F02D0FE74333C224EC01857F9DAA2CF564CCAFFCF64CA64782C32EF4B39132
SHA-512:	A1B5013280288DC42D42F61597EF2DB7F1F297BE428873BBF3D07B848BBE4D2DF8414CFFF0FA136CED853C9B0DE65E0C6BEF9D12D153455E25756F385D64F1B2
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data ..........................................................................................................................\|wwy{{{}\|\|\|~\|}zxx{.}.............................\|y{xvxvusqrtxtpponpmjeg_`_XXVSQQPMLKKKONORQPRRQPNJIKJIJIGFC@?AB@@D@?>=>??@BC@A>ACAA?A@CBEGDJOMOONQVXTX[Z^_aghlqqquwwvvwyyzyxyyxvvwronppnolmliijikkjjgkgddbfijjmkigggegjmnllnkoprsu\|zy.}.~.....................................................................................................................}~...\|~{\|xvwuwvvywurnnonookqopnklonotvxyxz{}...~~.......................................................................................................................................{y{\|ywyy{wwxuuxxxuqnolknlomihlhjigeda^^^]]\XSPMKHKPMMOMKJIIGEIKKIDD@C@@FJGGDDDDEHJIGJLHFGIJHDCEEGEHLDCE@;?@CECBB@EBCGFHKMKGKKNOKNNRMOQNRMLNNLRUWYZ]^__]`ehookljklkmpqtutw{........................................................................................................................}zvrmkjgg

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\death6.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	27823
Entropy (8bit):	3.2001693106732128
Encrypted:	false
SSDEEP:	768:j9MPtViDSU9aT52GT5JstHsGiujiZ4t6CmRMrfT:j98ViD3oUGT5JstHzLiZE6CF
MD5:	48F816254E38FFE1CE5AE05CFE556E9F
SHA1:	A20CFB6EF7DE0428C3A3AEEC3E3C698E5A71CB13
SHA-256:	94FEF13EC3E1BE62FC152CD5E3569349F512D541ABC9B14CF74E57000076282A
SHA-512:	884A82270E893D85B79A1FCD1E3313F3A3D7866067DA3B48B41CF71D1AEDCF425055BD067C497DA2F2915A24E6B5739FC06F3F7980FEE67B329E14EF37F04148
Malicious:	false
Preview:	RIFF.l..WAVEfmt ........"V.."V......data'l..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\die1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	21244
Entropy (8bit):	5.1384450030649935
Encrypted:	false
SSDEEP:	384:bztYUDrxVjFVCiUZhwg7BpJnX7STdC2qiMrrOaC00dyo/W:bzt9DH7tE9nrSTLRMrrTC00zu
MD5:	EBD95C6E35639A4B63F78BFBF3A16BCA
SHA1:	80F5C7C425C8E818D67DECEF8571357545F1A90D
SHA-256:	529F36CFE49FBBA140D3CF0C098C9699EBBBF3362872CB92090BE2A7A665FCBF
SHA-512:	2923B38DB103B9A7C09EC258027C6E17E81711B827BC88D2B4D986D6D33BA6821448CA1C72361E1F05FD33C35084BD9F5E6A4F425315912E0C5BB3A99DF68B09
Malicious:	false
Preview:	RIFF.R..WAVEfmt ........"V.."V......datarR.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~......................................................................~~~~~.....................................................................~~~~..................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\die2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	43776
Entropy (8bit):	4.330652990919143
Encrypted:	false
SSDEEP:	768:2xm14/858KJK9dRkjMFXBpoT9YK/ZJIqxg7aIm1oluCopo0GRsHtsIeNFnpAKTys:Qm14UKKJORkjMFRpoT9YK/Zdxg7aIm12
MD5:	E19D1F5EE4678922640EC509F1537EBF
SHA1:	BB55A7B759CD650248775691327F27C2B36070A4
SHA-256:	144929D82BBAA7A6BAB07E2D9B8D713E16C0FCAE64273ED7CD921C6FD6301AF9
SHA-512:	79C45C6D4DC572C0644E78DCA4E6DD17840E9FBE7C854ADDC531A512F177267EB853C29650428FD553397670A40979C29AF8AD52FF23C88F0719A9DFAD886995
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................}\|\|}~......~....................~~..............................................................................................................~~~..............................~.............................~.....~.........~{zz\|~..................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\die3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	21646
Entropy (8bit):	4.697887673550864
Encrypted:	false
SSDEEP:	384:TadMY6LJqq+umyfqrZgKesgKIxdHP1drdhsVy:Tain0q+HFdgKeskHddrdhsVy
MD5:	8541678F0C94104CA6E6D93207E9ADDE
SHA1:	7169B7FC34BCFEEF2ED54BD3FFC94575D0DEA6C7
SHA-256:	E60F173D9985C57024CCF5B4264E9017487C569C7DCA3DA9512B5F4CA191A1D9
SHA-512:	4E1A5806DEA41CE0613233CEE762F0108529BB558FBEF92A666914FD05685776BE08907611B970FE63BEDCEF7EC4E718C880FC0C372DDA98A13B1BC2DD570F9E
Malicious:	false
Preview:	RIFF.T..WAVEfmt ........"V.."V......databT..........................................................................................................................................................................................................................................................................................................................................................................}tnqot..............\|..\|.....{{zt\|.{~}xxxx\|....~{z\|~...............~}~.......\|zutz...............~{\|......ysqrvz}}\|yxz~......\|z\|.............~zuttv{~...~\|{\|~...............{yz{~..~}\|{{\|~.~~\|{{}................~}}....~\|zyz{\|~.......................~}\|}}}\|{\|{\|~........................~\|vrrqw~............~\|........~\|xwzzxvtstvz\|~~}\|zxwxz~............~\|\|}...................zkiuzxsigimv~...\|yxsqv~............\|uqposxz}~zsnlqvxwutv\|............~w.}..}zstrtnsztttojmv~...............}~....~xspopqtutux\|~.................~~.}zyvsqqqtvy\|~~~..............~..\|xngjkq\|{w{\|........}yzxvxwvwx~..............

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_die1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15824
Entropy (8bit):	6.410480383563489
Encrypted:	false
SSDEEP:	384:0XHGt3oC42WxSRx3UNLhhTfim1xyrXzNdukKuZhw41A1mhKnfIh6:0lb2WxC9MLhhTqmzyjzNMkVS4Wm8Ih6
MD5:	4874536897655DEE0A42067E3AC61377
SHA1:	38826997EF0C36A5EDD9D243F0B002A042C58585
SHA-256:	C756A1922B52F028F325A7A6FC35059CC572B26602C57D4326B4F29937C78C6C
SHA-512:	A6746FA5EBA4A4B42F535D46CD24FCFBCDCE0FE82F516634CEE97C03F688A0854A42582C0B0AEF89FA20D4A78F92AC1967B1F24B146EB4E705D6651C95797579
Malicious:	false
Preview:	RIFF.=..WAVEfmt ........"V.."V......data.=........\|.\|~.~......~~.}\|~..x\SY^^`izxmmx........~}...............zkjqqos\|..........\|x~..{......qz\|~\|.........\|ieo{..mo.....bVS]v~tky}.....~\|..\|p~xcrxhe}wq...iP8?@H`il\|....t\|..{mz..z..m.......}..{xv\|.........\|.................................w....`@L`ZT`RNKHi..................{x........vRQJCWT<9;UV;59Z`LBJ5-ZEmoJoZJfr{tg`3.<TYF;/<.-02,-,,,-,1,4G8,.,12.,7?,,1HhZDS1.,1Fn\`q.....xz..z..........x.d............\|............................................l.........bw..................................x.\|L..t..Qf{.}Fy....az.s7HtcinYW/8eB,3I9HE,VwZ_c?:BM?:LSTJ<d^.gLb.g,5B;Jl.T2\s[Lx?L`N..q.{..z.........v................^..................................................b\|..s..sxz`=~qOZ^kqbS62W^C9=9A=>OC>35C9C@0/TI-.7LR57/,.GF5OccD.D;9UK.,.,3L7,/,-,---,.,8Z=1D3.0863,<UI:9MWOG.773GFM\YAGejkoRebObjedbd`bQ=Udl`Vo}eqoXUMXmaP\jfTd.nhr`gtndmt..foun....~t....xz....................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_dirt1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	3894
Entropy (8bit):	3.8144090273276703
Encrypted:	false
SSDEEP:	96:svzsyXpUn6DwC4rbKz99/4aMFFXVd5SgpIASb:+zBSq4rez9F4aM3XVd5S/rb
MD5:	698AC37BDC53EDEB066842E145250B9A
SHA1:	1CF5CD3F610822713191CB19F959E53CAE9AD3A0
SHA-256:	FCB33D313C4A30A1EEE6B0428881C06D1924AA8D753FD38079D1962268250FAE
SHA-512:	CF5D2FD22EEE1BBD334131E8C7F35EA0685A428D51639A76A64BF702E1AE0D2522C0A8B957FD2D5273E5DFFFE431DFAD2DFAA2ACA2EEA38800545E269885A64E
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data..................................................\|vbklS]t..........\.P.......zocUWVMZ\\ehYS`ca\SP`p.......uv..............~...qliokz.^Zovmkt...tgmx~........\|o.s.......zi...x....c}..x..xst...]\[f..q`x..xt..fYo...}t...W\da}.vpx....v}....rv........}qmqsz\|{.......\|}xz...yv....~........{tt}...\|}...~}\|~\|\|..................~..}uxz~..xut\|}....}~...\|{\|zwwz\|{}~~.......}\|{~}z......~..~~...~.....~.~.......z{.}xy\|~~........\|\|...........\|~~.~....}zz\|.\|............}wyz\|~z}~\|\|{z~}~.............}~~..}~\|\|~...~xy\|~~z{\|}.......~..~{~...........~...........\|{zz{{\|~\|\|\|~~~~..............\|}~~\|{}....~~...~...~\|...~~~~..\|.~...........~}}~........~}\|z...\|{}.\|..v.z~.............................~........~..yvz{}z}...........~...{...}}}~.........~..~}.~~...~....\|y\|z~~\|\|\|...~}}..........}..{\|{~}\|...........~........~.}}........~....z{\|vsz.....~{~..}y\|~\|z....ts\|....r~~....}tk~....z{\|vqvxxz~...~}z\|...smqqvyz\|\|..................\|z.\|......~{t~...\|zsst~.....{..{qssx...~tw..xxu}.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_dirt2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	3368
Entropy (8bit):	4.309758439844093
Encrypted:	false
SSDEEP:	48:9AUSBzBN1zKUKANbgOzlj94GZcSVA5oemGdisIw5yugxbtmRvRaC:iUSd1zeAVRz1eTdilugxbtmhJ
MD5:	3E35E52B17A111EEFBF634E3DEC6E3A0
SHA1:	FE1345B6992EDD7395A60591E24843EF9104D378
SHA-256:	7EDA8B0E72AA8C950F0F2249B1A6969E1534FDA57E334C469B963BF59565F155
SHA-512:	378325D4065BF8D91A877279517D0BCE3FB1463B35C3755E818FC5E63042223080C46449339D9C4DE4590A1A061C4F37E540CBBC1BDE11CEF301F975B378D327
Malicious:	false
Preview:	RIFF ...WAVEfmt .........+...+......data....................................~~}\|}wtokfbdbdno{.................o``hSHBDMNCMBOU\dkakq...t.........~...~......................~.v~...tvqvsslkmqge]y.xvtv.....y}uz.........y...............wxitqbftexp.or^piztq.~...................}.vkYP;.2;@SZU..\|...x......\|xvq..................}yodbbit.lXhtzsgp\|..nz...~................~v......\|gWXn{z...~~..zw..~xtvmx........}lWZUXYtsvsy...........z~..~kf}..o`gq{oio...mky..\|}.zv}....................~xxx....z\|..........w..zxx}}........}}}z~..zw~~{~..zz......xvwz..\|\|~\|{ssuz..~~.......\|~..{\|yz}\|{svx\|~}{~.~~............zxy\|}\|}x...\|xwyz}..................z\|.~...~y~.....xy}...yx\|z~...\|xz.z......~....~.y{\|xy..}t{...}}y...\|vssxz....zw............v..~~.\|.....tt~~~{v~~.....z\|..~~.~....{x..x\|x.......}..x\|~{..\|yt\|zxzv{~.......}..~}.~...\|..Pi...ln\|...~n.x\}...t......~..rr...tu~....~\|}~\|....~~}..~\|~...~\|\|..{~~..~}..{\|.~..~\|....~}{y}....\|zz~...~}.........zxw{...\|y}.}.~...~~.............zz\|~.\|\|~.~.}z~~z~...........}...zx....~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_dirt3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	4234
Entropy (8bit):	3.7197200095809424
Encrypted:	false
SSDEEP:	96:LOl1gKNgC5VqMhjELNZWW+sCH8WMgnpHdMB:CQLKVqBScWMgn5dMB
MD5:	6D751DA04B5F37B4B7F4F69CC71CEE1A
SHA1:	8139A258F37C121BDB8068DAE2BBA0DCC268352E
SHA-256:	DC936D6D7001FDF6F75B98621A029DF1BB0EAE7DD38833CC6BCB1F9C609760C5
SHA-512:	3E5593DFCF45885AB3C7BC5CCC7510237BF83EAA4F59CC210C0849B1AF398F7F8923CEDB692DCD2A1A4F0DEA2731E4D3FC1346C7FDA3B7279A2444B1DB5690B8
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data.............................................\|~.}s}..vx....\|..}.~q...~gx...z\|..vl...oox\|zwz{{{{.......~..~......~tz...y...zv\|.\|tqx.~xt...vx...}z...........\|{..\|\|xpmttorpotwvuvx...................................~...\|xx..xw\|.}..}\|..~z}....{.}.\|sst~.......xV^z........vx~.~{x}.....q.xdf\|.vvfUgan.lfv.........z........~m``Y=0@>>7;Lbjstzv...............\|...tu..~~...}r..}..x~.zs.\|.xsot}.....~{.~..egzzyrv.................xzzx}..{vzv..tzqqw..x..}\|tz.zkcemvzxv{}................\|{xvsvxwz{\|..z{fuz.zvox....z~..........tirz{qntw..~\|\|............{....{...z\|.~zvz\|\|.......wsywuwvtusx\|{~...........~\|\|{\|~\|{z\|................wsx~..vx...~yzywxxwx~..z..........~~.{z~~..}~....\|...~\|............}.{y..zy{\|}}..~...~z{....~~...{y......s^x~.hr{y..{~..........{z~..}xxxy\|~\|{....................~~\|{\|...~}}~\|\|\|yzz~}~...............\|z{}..~~~}\|...~\|\|.........~.\|...~~~~~~}~...~~~..}}\|}}..........}........~\|~...........~~~~...~\|z}~}~.~.~...~yv.....~{...zx..\|.~}~..}y{.\|}....}\|~...~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_dirt4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	5060
Entropy (8bit):	3.8177315285703695
Encrypted:	false
SSDEEP:	96:I6cspfb5dD8pO/St0E5kW7VtNUW1d1Wze/XPqox/HuHxJnjDX9PhowxOJ+9:XvDQpJ60lVtNUW1mzevPqAHAfX9+wxO2
MD5:	AEF4F2108078E59738065B9187666545
SHA1:	B4482C32AF05D07D105E96370601DCC2A4743A18
SHA-256:	767404EC2F441C730E6081C6A482440D3A5D8518EE4A84F491DB0D66905B27B6
SHA-512:	27EFEE7A6AE15F5F0054EA9B25F7290D995BFABFC7FFB18837A161DE438F9AA1CB7746E6D584D4097E0B9658E090F5C99E8EBB81E9BCBAD6EC1503B22F6D7DF7
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......dataE.................................................................................~~~.....~~....~.....}~}..\|.....~~~z...x\|}{.~.zxytv........r^_t..\|.....................}xwqbXZ`SA0.>GG>HV^m}.xnt...................~\|....y...............~.\|xtkkhjmqtxyz................~.........~v....\|.vuz~.~zsmooqqqoorwxttuxvmjkoonouz........................}z\|y{z.....}\|~...................\|zz\|zzwyxxwvwz\|~...................~.~}~\|..z{.~....................}}\|yyyxxxwxzzzz\|~........~.......~\|\|\|\|{\|~~.....................~~~~~~}}\|~~\|\|\|\|\|\|\|}...........~~}~~......~~~~~.~.~.~...\|..............~~~}~\|~~~.x\|}.......~xtrqolkmsw{\|~...........................~~}\|\|z.w.xt{vzy\|~~~.~~..~\|\|zzxzzz}z\|yz\|...~~~...........}~.....~..~~\|...............~~~\|}~~..........~~..............~.......\|yz\|..~}zz\|}..~~\|~~.~}\|\|}~.....~~.~~.....~...~\|}..........................~~~~~~~~}}}}}~~~~~~.........\|~\|}}.~~}..................~}~~.....~~~.~................z.}{z\|.....}{}{}....~............\|\|\|{{\|\|..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_duct1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	9500
Entropy (8bit):	5.8740889184802425
Encrypted:	false
SSDEEP:	192:P5KBOM9pY37QZBgTd50vAw20pAvaIMDnZFZMH4:P5cp6ggTiW1LWZFZMY
MD5:	3CD8C33C548A63AFD9F942F84FCC4A79
SHA1:	0DB0E20E30C181B1F1C55561DEC9CA81D1F42D87
SHA-256:	B83FDAEEB2A3AE304BC34D4259CE90B623293446BC611EAFF326E399743B43D4
SHA-512:	31BA79B4B04E1D90C6B13D02D3046CC2B374382CB07FBB8D1AB0121191C9817DDE1C9DAD8915DA894AA599D102B9A7B03C7BB466A6070866C0868662E2C87064
Malicious:	false
Preview:	RIFF.%..WAVEfmt .........+...+......data.$..zzzzzzzzzzz{\|\|\|}~~...............................................~~~~..........~~~~}\|\|\|\|\|{{{zzzyxxwvvuttttttttuvwxyz\|\|~~...................~\|zywvtssrrrrrssstuvxxyz{\|}~..................................~\|zywvtsqomkihggfefgiloqstvwxyz{\|\|{zz{\|~.......................................}{xwvuttuuvwxyz{{{\|\|{\|\|\|\|\|~~}\|zvspnmnoqsux\|.................................~\|zz{~...........~\|zyyzz{\|\|\|\|{zxxvtssqpoommoqsvxyxxxxxxyz\|~....................................~}}~~...~~\|{zyvtronnoqstvvvusrqooqsstuvvutsrqppqtwz}...................................................................~}\|\|\|}................................................\|zwutttsstuvutqmjhhikmmmlkihhhhijkmpstuvvtsqpppqsvwy\|~...............................................................................~}\|\|\|~..........}zxvssrrqqomkkkmnooqqqqqqpnligdb_\ZYYY[^acfhiiijklnpqstvy\|.....................................................~\|{z{\|~...~\|zxvuvwz\|}~~\|{yvtssstuwxz\|}~.................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_duct2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	9532
Entropy (8bit):	5.7824119584509495
Encrypted:	false
SSDEEP:	192:rGNsAAnxJ5n7lMivunTEGiM2qtM5t5okQ/:rGknxfnhvunIGB2qtM5t5okQ/
MD5:	8E7F76EE914ACD06C9EABDFC6DF59417
SHA1:	65E726AFE838C8F281B816A5B3C0A0CAA776E12E
SHA-256:	A41D652C5857D18D2DF63622260C7FC1615857E3F89C53F293F6BF364A8A9303
SHA-512:	C6681F5475E989B503FACAFDE87A2B277722EF7B5486636B7F57F2A462456C68F7432677E9574E2D9920617F2DF27F9ECA3B7EB75CCFCA4ACA719FEB7114A531
Malicious:	false
Preview:	RIFF4%..WAVEfmt .........+...+......data.$.........................................................................................................................................~~~~}\|\|\|\|\|{{{zzzzyyxxxxwwvvvvvvuuuttttttttttttuuuvvvvvvvwwxxxxxyzzz{{\|\|\|\|\|\|\|}}}~~~~~~~~~~~~~~~~~~~~~~~~~~~}}}\|\|\|\|\|\|\|\|\|\|{{{{zzzzzzzyzzzzzzzzzz{{\|\|\|\|}}~~~~~.................................................................................................................................~~~~~~~~}}}}~~~~~~~~~~~~~~~~~~}}}}}}}\|\|\|\|\|\|\|\|\|\|\|\|{{{{zzzzzzz{{{{{{\|\|\|\|\|\|\|\|\|}}}}}~~~~~~~~...........................................................~~~~~}}}\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|}}}}~~~~.......................................................................~~~~~~~~~~~............................................................................~~~~}}\|\|\|\|\|\|\|{{{{{zzzzzzzzzzyyyyyyyyyyyyyyzzzzzzzzzzzz{{{{{\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|{{\|{{{{{{{{{{{{{{{{{\|\|\|\|\|\|\|\|\|{{\|\|\|\|\|\|\|\|\|\|\|}}}}~~~~~............................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_duct3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	10184
Entropy (8bit):	5.954747439428416
Encrypted:	false
SSDEEP:	192:WBa1A00Y2bJ5jYY+OxPbDfVSjn3Ex30KBMXYvtwK:WI1Ql5M5TT0hJgYvtwK
MD5:	4F055B3CD6C973620891089DEB6E7CB6
SHA1:	E53F93981172978DBF2A31B3895CDABFCE324F32
SHA-256:	CC6315D5C1A30ED910029FB32D1B85C2CC3F497C3F03E7669109FD9C13B55C73
SHA-512:	1A17C21C95DF75EDE27CAA33A60E4D00B03FD80508C47B0151A718F798C2FBBAC8114B94BB0809BB6F81367930A4085B1600C0A1CFC966D5C6C79A54B9762256
Malicious:	false
Preview:	RIFF.'..WAVEfmt .........+...+......dataI'.............................~~~~}\|\|\|{zzyxxxxxyyxxxwvvutttttttttttttttuuvvwxyz{\|}.............................................~~}\|{zzyxxwvvutssrqqqpppoooooooooooopqrstvwxz{\|}~~....................................................~~}\|\|{{zzzzzzzyyyxxxxyyzzzz{{\|\|}~~..................................................................~~~~~~~~~~}}}\|\|\|{zzyxxxxxxxxxxyyyzzzzzyyxxxxxxxxxxwwwwxxxxxxxxxxxxxxyyzzzzz{{{\|\|\|\|\|}~~~.............................~~~~}}\|\|\|{zzyxxxwwvvvvvvvvvvwwxxyzz\|}~...............................................................~~}\|\|\|{zzzzzzzzzyyyyyyzzz{\|\|}~~.........................................................~~}\|\|{{zzzyyxxxxwwvvvvvvvvuvuvvvvvvvvuuuvvvvwwxxxyyzzz{{{\|\|\|}~~~~......................~~~~}}}}}~~~~~~~~~~~~~~................................~~~~~~~~~~~}}}}\|\|\|\|}}}~~~~~~~~...........................................~~}{yxvvvuvvwxz{\|\|\|~............................................\|xwvvvvvvvxz~.............}{zvsqstvz......zqha

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_duct4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	9160
Entropy (8bit):	5.689873468689689
Encrypted:	false
SSDEEP:	192:7omzjKiXq8o8ZZ0y5iRU43VUrYW3TU0xLm7qAqeHLt8n:7omzjKiXro8ZZlALUrYWjnx4xhHLt8n
MD5:	99381074D1431B3CBC253AD374BF663A
SHA1:	6E5589AF276E94B2681E98403C9892DB1F6922E9
SHA-256:	277B6B0B9F8F2B423BB335640C7DD0BF0FB840FB45C24426DB147FA578B15417
SHA-512:	3F29A420038E67FA4C9C85E969E9ACC0BA0622691E034B47291626426DD3315EA6AF1817C72E9790A01D40E1BBC3DAE802844A309214CDEAAFE54DD6A715A59A
Malicious:	false
Preview:	RIFF.#..WAVEfmt .........+...+......dataJ#.......................~~~~}}\|\|\|{zzzzyyyyyyyzzzzzzz{{\|\|\|\|\|}}~~........................................................~~~}}\|\|\|{{zzzzzzzzzzzzzzzzzz{{\|{{{{{{{{{{{{{{{{\|\|\|\|\|\|}}~~~~~.........................................~~~~~}}}}}}\|\|\|\|\|}}~~~~..~~~~~~~.....................................................................................~~~~~~~}}\|\|\|\|\|\|\|\|}}}~}}}}}}}}}\|\|\|}}}}~~~~.....~~~~~~~~~.....................~~~~}}}\|\|\|\|\|{{{{{{\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|}}}}\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|}}~~..............................................................................................................................................~~~~}}\|\|\|{{zzzzzzyyyxxxxxxwwvvvvwwxxxxxxxxxxxyxyyyyyyyyyyzzzzz{{\|\|\|\|\|\|\|}~~.............................................................~~~~}\|\|\|\|{{{zzzzzzzzzzzzzz{{\|\|\|}}~~~~......................................................~~}}\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|{{{{{{{{{{{{{{{\|\|\|}~~...................................................~~~~~}}}\|\|\|{zzzzzzyzzz

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_fallpain1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	11080
Entropy (8bit):	3.890230459651727
Encrypted:	false
SSDEEP:	192:MLEByTwe+VThoNOvtF0j8jAkBCNybp0oo4bHpQwa5uwgQmsBJn:oeyTVkTho8FINybp0oo4rpQwEEQm8n
MD5:	FC719F66B7A951B740DC62D81E0CB97D
SHA1:	54FA46E8D2F876D26C2D5F9C1C53D788EF1C4237
SHA-256:	7D7813EBB70A7A839358F8D3011C1AF258B4039CE5751390B4BF1DB7F200C664
SHA-512:	020DA97C7F5EB76507DDC869FEB5D127CB3B06410AAB08A21607BC807C1269328CCBDAF14A176D2505BA03F23C68FBB7B9E81B5B1C9B18A0E5B2BFBF9787C8E5
Malicious:	false
Preview:	RIFF@+..WAVEfmt .........+...+......data.*........~~~}z{\|yvspx..~wi..q\|.v....q~q..yo.....\|..Z.oo....s\H.b,.00,4277:BISi...vw................~.~ojD?nl,AM@C,Le{....ijW5dUO^^]bidoxz...................v.\|.....................}.}..........slQQKABFJLj{voe^n]W``]fpt}sksmq..xrz.....tmdgwujwgjnacm`QPXOSULJJLYRUYZZ[`fimv.........................................umkfcdb^cb[bbbhhlmpvxwuqqrqlmabi`^a]\]Zca`j`Y^Zd`Yfb\hmopszvtrkmsotx.~.......................................................................................\|x..\|..~.\|}.vwxnsxoquxwy{x{uruqopjolmhngfeffcggjigkkfgeegifjggmkootxtqvtvqmtsmqvtxvt\|yz.....~............................................................~~\|..}y}}x\|{xzxttsospwxuz\|{\|.}~\|z~{z{{~~}.....................................\|.}{wzxtvttvossqoqustuusspstpsswxtvvuwxw{zv{y\|\|\|\|z{\|z.zz\|\|\|..}.........~........~...............................................~.}}z\|z\|z\|\|\|~\|\|\|yx\|xwxxxxwvvwxwxxxxvvxxzxz\|{\|.....~}}~...........~~.\|}.}~}\|~{z{}\|yyzxyyzx\|{\|}.~..~~..~..~.....................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_fallpain2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	11080
Entropy (8bit):	3.722533937786047
Encrypted:	false
SSDEEP:	96:btqbpaasllLYNGZxpMMs86dZ0Pfh8giE7lRazKCdcJDRrvyFtIpu2wDJLRDRkrGv:Ttllcwjvs8orE7lR1JdNGv70Fs6lmn
MD5:	9EA979662F5532D805B799E5CF3EBD54
SHA1:	15303BDE63D0C9F202F416B5BFF2AD6016DC0530
SHA-256:	03B9D2DCB4039173272BBFD3F4C3C2B41D5246DDB346C684F8E21358DEDFC822
SHA-512:	2974B8211338739D6E9DC9619101293BF09BC01C8B5F0EA67D86B565BB7285E7B0F4F961B81F44A1F58139B76D4BE61CBB7B2C61D5FD6135E96F899620972174
Malicious:	false
Preview:	RIFF@+..WAVEfmt .........+...+......data.*...........~\|\|}{yvtz...zo..u~.y....u.u..{s......~..d.ts.....vfW.iACDDAGFIILQW^o...xz..................~.~tpSOsqAQZPSAYl\|....opbHk`\fffioksz\|...................x.~.....................~.~..........vq\\YQRUWYp\|xtlgsfahhfltx~vqvru..zv\|.....xrkmzxpzmpsijrh\\b\^`YWWYb^`bdddhlorx..........................................xrqmjkigjidjjjnnqrtxzzxutvtqrijohfifffdjihphbfdkhbmienrstv\|xwvqrvtxz.........................................................................................}z..}..~.~~.yzzsvzttxzz{\|z\|xvxtttptqrnsnmlmljnmpomqqmmllmolpmmrqstxzwuyxyurwvruyxzyx~{\|.....~............................................................~~~..~{~~z}\|z\|zxxvtvtzzx\|~\|~.~.~\|.\|\|\|\|..~.....................................~.~\|z\|zwxxwytvvutuxvxxxvvtvxtvvzzxxxxzzz\|\|y\|{}}}}\|\|}\|.\|\|}}~..~.........~..........................................................~~\|}\|}\|~}}~~}~{z}zzzzzzzyyzzzzzzzxyzz\|z\|}\|}.....~~~~...........~~.~~.~~~~.\|\|\|~}{{\|z{{\|z}\|~~........~..~.....................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_fallpain3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	7308
Entropy (8bit):	4.348270073771522
Encrypted:	false
SSDEEP:	96:4IPrWvfTVvoT+HjsdOjQ1b08qgrpa+IbZ3JhGnoQ6l1:4TbVNk90aVINvdbl1
MD5:	18690F87206D03E7435E527CD46BC259
SHA1:	92002B8A9B48BAEF32F5BF4A4D6FCE68DDF93B41
SHA-256:	8A7438E218419929E69F59EBDC217EDB60C81C2437F7EF3C8136499CCF08F377
SHA-512:	3B52337A47F49B8E28872B19610D588D48644E105A7BB537D3B38F9C036D6DF828F9012A7935CF204C7CD44D168E983136E382050D3E6F7F911E19D7CFCADD42
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data..................................................................................................................~~.ydfmqmr...........qkx........~ijv...x.wutihks.........vmkix\|\|z..............~yttutrolottqoquxvvxxswuqrtvx{.......~.~{{zvqsxyz\|z{\|......................tf.............~{{ovzy............ttfO\[Zb\|xmgl\OM^PSowu\|.s..x................~sihodf.kkmkmqqq.\|vwqib[`fiet.......w{.\|x\|........{\|x\|zorw~.........\|sifhikliv\|k.\|r....~oz.sjilsmmr.~....................\|wqzztkqv\|.................................\|rfmgebW^`^hdbdfbditx~..............~\|{y{{\|...x{{votttt~.....................................~.~{yxtsqlld`fox\|z.............xohb^[W]]ZW`^YWbbchhffgilmkmqtw\|~~..................................................................................~.{wvuqmkiegjosmorrrsv.............zst.vstwtwzxwtsswxxx.......................}\|\|~zz\|.~......~.~..zurqqolmuvutmmomjiffimqtu\|...........................................\|~..semwth`cmojddddgkmoiggfb\SSZbda`gsttx..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_grate1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	9188
Entropy (8bit):	5.791515588567699
Encrypted:	false
SSDEEP:	192:sv+n6Yii1S26VTySI21IDOMzDEv8mpKciXRjTydLzjfRmIJBwzoKB7XQi0ZVs:piisiSI21I5EvTpKckydLHRpXwzX8iyC
MD5:	BE2FA740806FD5B1F8C77CCEBE5A7B10
SHA1:	D78AB0AE7AEF495965469B190BEAA02E321EA710
SHA-256:	1CDF3FED37F77C938C6666313EAC0FEFF70CA10C50E28D5C38C0F01C548333FF
SHA-512:	915CE8D41679857EF108ECEFB8FFE1C8EAB83ACC13986E2A1406B6F3FD326EFC55121CC4CC990CF26D721835D31E13541D20B2FE32AE01271A1BE77F6FFEDFCA
Malicious:	false
Preview:	RIFF.#..WAVEfmt .........+...+......dataf#..xxxxyzzzzzzzz{\|~~.........~}\|zyxxxxxxxxxyzz{{\|\|\|\|\|\|{{{{\|\|}~~..............................................~\|\|{zz{\|}~~~~...........................~}}}}~.........................~\|{{zyz{zzzz\|~........~..}\|.zxvpqqpnklghgbbgcfhcbeb`dgefkknovy........................................~\|\|\|tvuxzwwttqmmkkkmsqz...................................}\|........~\|{vsnmnkgjkmovxw\|~uy\|ssstxuvz.......................................xtmkga_\YXYRUSOQMEHB=FBAGIJQRQZhlfgihkggmmjmjqsx.......................}qjfd__]\_`bdbfdhdd`b`XRSMRQQOQSRMOZ\Y[`c`^`\[]adeghimmqz................................xphdfaddcihiompqlmjmnommpvx..................................................}~z.\|...~~~.......z}......\|}........................................................\|vsrqkigior}..~~zvrronmmntwyz..............................zxvrpmjjlqxz\|yvqkb\SLIC;710,.01567:99;??DKNSX_fkomquxzxupmgeeddmqquv~......\|vyyz\|\|.......~.....................}y\|.}~.....}zvqpijhggfnqswy.........~\|y{\|{......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_grate2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	9618
Entropy (8bit):	5.625534575967336
Encrypted:	false
SSDEEP:	192:fyhHiLY+5Udo9ftgbuUhCrECvuZZGQik3EW9j7yyTB0rL:fy615Udo9ftcuGmyQQik3tjWyTB0rL
MD5:	276B31D3A69D3F7EC1D8D61AFB35CAFC
SHA1:	4D8E80D7C6C18F7C31B93D3EA5ACE526065C862B
SHA-256:	D49DADE9765FD7BBA37C607D60EA7573503DDF627BBBADEE8EC7D44C972C0128
SHA-512:	51881561857FA38F5B66C3BCB4DC46F672F16569197CBE79890C9CDE2ADFC1954B3BF55E7ABDA9712C08DB2D83D65D708E1A57E2F0DD8287A2837A9329B31708
Malicious:	false
Preview:	RIFF.%..WAVEfmt .........+...+......data.%..\|zz\|{z{}}}.................}\|\|zyywusqomigggfggdbb_\\ZZZ\`bfjmrxz~.........................................................yroic_\ZXWYY[^begkosvz~.....................................~.........\|xvpieb[XURSSSSSSQOPLJIGEEEFHKQTW^bbffdfffhiikjkkkjjiijjlloqqsssuutvwxyzywvwutwwy{\|~..........................zsmhddddgnqw~.....................................................................................................................\|zzzzz{{{\|{yyxwxxvyz{~...............................................................~{yvsolijlmoqsvyzzxyxwyxwxxwussrqqqpqqolkjhijijnoqssuwy{..................\|xrkhc\XQLHFB@?;99755777:=>AFFHLOOQUUTUWWWXYYZ\_befgjmnrtv{..........................~{yvtsokiiiikmpstvwxzxvxwuwxx\|~.......~\|}\|yzyxzz~.........................~\|xtqpnmpqsw\|~...........................~~............................\|zywurpnkjkkiggda_^\[]_``deefffgjmqrux{}~...............................................}zywsqomigdbbbdgkouz~.......}\|zvsqnmnqstvz{zzz\|

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_grate3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	9342
Entropy (8bit):	5.6565820315745805
Encrypted:	false
SSDEEP:	192:KOHZkbFM6DFulW1GV6hmniGX3+Zy7Exc6K2vpT/z46TTWV9LaZF63:KWZkbFM4uV+miGH+ZvC2vx/lK3LaZF63
MD5:	BE89047DA30F54EE38ED79BBECA97D6D
SHA1:	B30DF5E6DB156F4679D3219BA2263D0A27E67AA1
SHA-256:	9177F653F4DB8B73D283D9656A33C55A5ADD708172742481990F8BDAD992579C
SHA-512:	B7398A5EBA2E4FF5D17C88BF3D5F67CF978F95EB72EFA9CDA5230ED720B634AB8E98567844DA4FCDF0AAEDA1E32757810610E208AA28E5271DAF5D56FB2FD46A
Malicious:	false
Preview:	RIFFv$..WAVEfmt .........+...+......data.#.............................................................~~~......~~.~}~~\|~~~\|\|~\|{\|~.\|~.\|zxz}...}}~~}...............}{\|zxvsmiigfgkoonnpqqrpmlkf```[WYZ[^dgmrvvy~........................................................................................................}somigfiosvuvxxz{xvrnkf`[YUUUY]bgiiikosux\|\|zywwxxtqsonorqnkiihfaZXQJEEEB?<;==?@CBDEFHHFC@;63.-,/6=@DGKMMQUYWQKFILOUZ`diotx\|..............~}\|{~......................}}............~{xtojfgnvz....................................................\|z.......\|\|..........................................................................~yvvvvwy~....................................xtpqtuvxz}~.....\|tg`YOKJHF@951027<@BDDCA:655233569>BGLOSVWTSUYYZ^`dijiijoqsttttttv\|.~zvqqtx{}...~}{\|~...~zxxz~..}ysqqv~.............}xtpljnw...........}\|}{\|~...................\|zyzyxwttutsqrqrpkhfddedcffgfdcdgilrvx.............................\|}...........................~~}\|.......~.}xtsqststtplnstvxxwspqty{\|}......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_grate4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	10314
Entropy (8bit):	5.758028455471096
Encrypted:	false
SSDEEP:	192:nBYv2seU2lZyLcqw9o1eOOCC5jB69yfuAczSlBFHfaFj3lCYL:BYv2VOI9o18h2pzSlBNfqj3lFL
MD5:	C6C7DFBAA030738C7CD47F7274C7CA9A
SHA1:	B022799F79B31EBC5B1BA404ED1D1A35BEE9CDCC
SHA-256:	A32D5A993C4089FF5EF8DC0569FBE7A288E2A845E8BEE41EB9B8E50E4337D5B1
SHA-512:	417509D910DEF7AC90896F25E7B37D9429A76C6B26DE78586C2AE832BFA29257416E0AECBDECD86395B642E3D44F374081F1956BC2568A4B95B93753B1CFF749
Malicious:	false
Preview:	RIFFB(..WAVEfmt .........+...+......data.'...............................\|yusqpnnmjihfdc`adddfghijikmnoqrrttvxy\|~................................................\|zzxyxxz~.............................................................}yusqqnligd`][WUSQPPRQQSSUXZ^_a``a`^]\]`_^^]\^`bfggghhjmlifedcbb``aa`_^\]^`bbcbbbbeffgghkmnoomnpnlkmooonmmlkkmmmrtvxxvvz\|}.}\|.............................~~......................................................................................................................................................................................................~~.~\|xtsonijgefdfggkpqqpqqspqrqqqnmkklifff`a^ZYWVURPQQOPQMMKKJJHFHJLNMKJLORQSUUWXTSUUW[YY\`eimklmrsstuvy}..........................~..............~{~.}~..}zxw\|\|yxvtuusssvvvvz}z{zy\|.......~..\|...~~~..\|\|~.................................................................................z{xqqqlmnkmppmqmoqoomsx..............................\|\|\|xqstttxvvvtxxztz{twwqssiovqqvsomsrsvvv\|..............................xzsqvjk

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_jump1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	6198
Entropy (8bit):	3.8243633234580976
Encrypted:	false
SSDEEP:	96:LaShe3CDVoLqZALuVd/s1r+C4FjZ1RM+lRcuSX/suqlc:pU3CRoLqZACNu4FjrRCua/sG
MD5:	02C885C5CE4370693B387F5937EBA00C
SHA1:	A14F6658C9E62030A8B8953EC33DD05E166F016F
SHA-256:	BFC849A26357A6A46060C61FDE15FCFDFCBE8027CC8A9B0AD96F48945808FCEA
SHA-512:	9AF54F07C2F8AD5B0A4C1E50E856C51E0D8E809B3AE28B90B10E04ECE3870EED3D0493F5780B0EFEB99CBE2E8625846963F12ED130282C6E0C62364C7E32EFB5
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data....yyyyyyyz{\|~~..................}\|z{{{{\|\|}}.........................}\|{yxwwwxyz{\|}~.................................................~}\|{\|\|}~................~}\|{zzzz{\|\|}~~~}}\|\|{zzyxxvvvwxxz{~~........~}\|\|}~~~~..............................~\|\|zzzz{\|~.........................................................~\|zxwutssssttvwxyz\|}~..............~~~~........~~~}\|\|{zyxxxyz{\|~~............~~~~..................~~}}}}~~...........................~}\|\|\|\|\|{zzzzzzz{{\|}~...........................~~\|\|\|\|\|\|\|{zzzzzzyzzzzzzzz{}}~.............~~~~~~..........~~~~......................~~\|\|zz{{{\|}}~~..~~...........~~~~~~~~}}\|\|{{{{zzzyzzz{\|\|~............................................~~~}\|{{zzzz{\|}~........................~}\|\|\|\|\|\|\|\|\|\|\|\|\|\|}~~~.~~~~~..............~~}}}}~~~..............~}\|{{\|\|\|\|\|}~~.........~~~~~.......................~~~~~~~~~~~..~~~~~~~~~~........~}\|{zyyyxyzzz{\|}~....................~~}\|{{zzzzzyyyxxxxxxxxyz{\|}~........................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_jump2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	5268
Entropy (8bit):	3.769633061720933
Encrypted:	false
SSDEEP:	48:gzhvqK9hLlCYIe8YMxWq5WB4EY7Af8u4EXpZyEr2NO8jNLdSOoIzhjA3j8fIOC:c9qK9bIe6xUYr/EXyfNLdCgPg
MD5:	3DDAAC4C4F7A2F081CC4629385F98756
SHA1:	BFB056CA3EB3128D25DA29CE3ECCC11FF04F6755
SHA-256:	45244E8FA68DDC383449EE9F60C03DAD52DCC9A41E135E1D9B4E65512AFC39A9
SHA-512:	0BB30F17897AF8199DF823E12EA0395BA3C5D211CDCB39ED3DC3A98F2B7DA7F749BE5A81CBA8907218E32BBF8A973AF63B2D44197D92D7037A9C52E96C600233
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data.........................................}{zz{~..............\|mddkmlit..........~qjilnps\|.......vfZ^filw.....rkjqx\|........zvrlfdfmu............ulc`bjqtsoou~.............vmgefkqvz{\|}zz}...............\|vtroosx{............~}.....zwz}~{wspkorvz~.........~~~.........wsqrqru\|..........\|tkihntzzz......}vtstvx~....~{vsnlmksx~.......xvurpqpu\|....................................~zxvux}.........xrnlnnnqv~......}z{\|~.......\|\|xuspkkotwz.........~{\|~~~........{xtswz}\|~~\|~.....}{zxwvuuz..zuqqstuutx..................................wsqqomostvxzz\|zxwwxz\|\|~~\|zvsrrsttplknqv................\|zwttuwxz\|\|}\|\|~..\|wttvtsrtvvvvuvz~....................................~\|zxwusomjjihgec`_`abfjosx}...................................~\|~~~.~.......~}\|z{\|~...~~.......\|vv{\|yx....\|^Qlsqx.............}qgba]XUU]gqx......yxwut\|............~wibf`\ac`[cms}.......................~z{\|xqjdfgmwz...............\|zyrqsuv\|\|zxxvuvwz}..\|y{~.............{xxuvvx}....\|xzzz......................\|{xrp

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_ladder1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	4098
Entropy (8bit):	6.026301366312368
Encrypted:	false
SSDEEP:	96:dlR7aPFZ4Cch/aXXPj0bjtIuR3PceRMtDcWYWaCZag:D1o3ehir4OuR3kUUIhCZag
MD5:	8A3DFF5524E0168B70D2CA4E54E99A7C
SHA1:	A0A6097E7E7F30111DC0B3CAA2AF218A362B5EF5
SHA-256:	4F048D9C98BCB561DDF825C3FF4B2FBC74DF561AC1360C5F4DE4A20669DA86A2
SHA-512:	DB6527D4FBC0CA68EB755C2BC327E0BDD9890F0D85DFC965F34041CB7AA01049368CBFF8C997AFD2696AE9C0797954A0D840D837868957EAB0CACA26E610B405
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data............................................~~.....~}\|\|}\|}\|~.~}..~~......~}~..\|z\|..........~{xvxwvw{...~~\|z\|\|yyz}\|y\|..................}\|wxzwstniotsvyvzzz~.}....~....................z{~zv{ytsv\|.{~..~...uuz\|yxqsst...............z~zxz~...}......xzz.}vw.}srqnri`egfs.{~....................qx\|vu.ifknftwx..............fagtviWgibfpoofhowz............................v}...~......\|tqmc[UOHKZZ]ktv.................sxxtqyzxqrqvpgY^WRS[Zdidd^_z.x\|..z.........................v~vkuxnqpu.\|o{mWfk`da\lvnw.......\|z\|t\|.....................~x.xnrmhh`\ga`bZj...................vfq`UWH:AECDObu.............ukg\Mfieg.v{....z..~mdJ@=7D>,BM;>Yf\|{r~...........................ihS;>B=FTLOWY_XSW^[d]WVWXUHDY^cbaz............................~qdfkWDWQ@=A=?9Fkz\|...............\|kruh\UQVTJPPM\ggo\|........................yvh]_d]^TZhljx{........~qosngXYXOR\Y`kmq~~.....zx~{y.xz.................{qbbe`fmu...........vni\`ZQUZX]]\mvw........z\|vkikfszx.\|s{.yyxx.............................z

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_ladder2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	4054
Entropy (8bit):	5.626703158579295
Encrypted:	false
SSDEEP:	96:j+9OLmQOTqC5mJ6RM0elfmE7Rf23q2CWO2kCWava:j+9AmQOTqC4J6C0elzRfwfNk0a
MD5:	D71E3B8271689E2B06009240E5C3E5F1
SHA1:	1459082C152BA86597E4B15496725F736113DAEA
SHA-256:	4954AE11600736DE1B9CBAD92535D121422A2E0F96DBCC9712EAA3B002C98805
SHA-512:	B05BBD2246FB3AA6E3FBB7A8448BD298F51C9A9159F94EF18AAC7DD0E86276B55D79FE2E300DA66432C02EF72D91E6917FC32516824BE025C50AD5542D1DF7F6
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......dataW...................................................~~.~}....~\|.......~\|zzzyyxy{~................~~\|zxxzyxxyyxxxx\|............................}\|\|{z{\|\|{zz{zxvvwxz\|}~..................~...................~zyywvvuvx{\|\|\|\|...............................zyvxvtuxyxxxxvwz~~.~~............~~~...................}vokgbb`\Z]acdeipt{...............................\|{\|xtsstuuvyxy{yvsqqrrvxzy{.....................ytwuomlkossspmoqx......................~........\|~.}~\|~....\|vqsrmkhfac`febb``eimuvv}.....................................}z\|\|ztpkfbilieb`\YWYWRNMOOPSX[ds~.....................yqmkiiiiiopnmmpsspqncVTWZ]\Z\_gmqvx}....................zxpspebdfkigd`^^inou\|}..~...................sf_XSWXUWU^dcfjfm{...........................\|um`[^`\^^ZUW[_\Zbkomortmovz\|\|\|...........................xokqsu\|}..zx\|}.................tiihaZOLJA;;50:DN\fjsvy............................sfWPG8/.0=LOQRY_acmttogeffiqvqu\|.~~...........................x..\|~~z~wt\|~\|.~\|vqsoip}...zpjbhtttq

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_ladder3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	5006
Entropy (8bit):	5.123087568981356
Encrypted:	false
SSDEEP:	96:ezhCl9OU5k7d5Qn5bZ0QMf6BhcSjhmUEBqrLtRGrB+V:e69fa7dS0ZEcSjQ90rLtRGV+V
MD5:	F75AF39AE2F69EEA13EF470291A15866
SHA1:	F0700CC368E8172CC468466F1FF63BAD30A7537C
SHA-256:	F2B23D5CE9F942D9CB2B9623E9FDC1191B34490C757508911423B33FAC9925A7
SHA-512:	F1487E53FF0B14EF39135AADBB4DC02C228213ECDFC9ACA3A37BAB177F3C684049AA2D06145EDB84CE2F828436B735DA9F578B1B24CEE743DD90AEA190B9F328
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data....~.....................................................~~~~~~~~~~~~~~............................................~~~~~~~~~~~~~~~~~~.........................................~~~~~~~~~~~}}~~~~............................................~~~~~~~~~}~~~~~~~........................................~~~~~~~~~~~~}}~~~~~~~~~..........................................~~~~~.~~~~~~~~~~}~~~~~~~~~.~~...~....................................~~~~}\|~~~}}~~~~~~}~.~~~~~~~...~............................~..}~.~~~~~~~~~\|\|~.~~~.~~..~........~...~........~..~~...............~...~~~.~~~..~..~......~..~......~..}........~..~....~..~~~...~.~\|}..}~~...........~..~........~..~~....~~.~~..~}..~....~\|~.\|\|.}z}\|}..~..{............~.......}...~~~..}..~....~}.~\|~.~}.......~\|.......}~...~~.~~}~}~~........~.....~........~.~~..~.~}.~}...~.~~.....\|\|~}~.}}~~~..~}~......~..............}....}~.~}.~\|.~}..~.~}..~..~~.......~....................}\|~.~~~\|}}}~~\|\|}\|}~..............~~.......~~....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_ladder4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	4910
Entropy (8bit):	5.611951952529759
Encrypted:	false
SSDEEP:	96:509DguBBHeoDUrSEC5oHlLeIgW/qp4Lh6rtlOUz2q+0gMQdc:nEBHeoCSElLhRqce/R+Cuc
MD5:	855C9421672EB30992443E0AF0D13D62
SHA1:	F0ADFC08719D4D5099D75CCCDB5F1B0C705B8FD1
SHA-256:	60CE92B08B346CF3BA7D8A8099BCBCA85066D738297603EF945FBE7E999D498B
SHA-512:	FD0625A177E6397509ABBA54C124332A5A919F665AEE2112E197B800A9C9137A74997CF790E70A7E06DC3ACE1FD9245C36DCCF309917D0849468688A87798C09
Malicious:	false
Preview:	RIFF&...WAVEfmt .........+...+......data....{z{\|z{\|{\|}}~~~~}\|\|\|zz{\|}}\|\|~...........................~}\|zzzxzz{\|}~....~\|}}}}}}~~~......................~}\|zyxvwyyy{\|\|~~................~}}~~~~}}...................~\|ywxxxxxwwxyz}~~............~}}}\|}}\|\|\|}.....................~{\|\|{\|~~.....~~..~~\|zzxwxwwyz{\|\|~~.........................~~~~~..}..~}....................~\|\|{zyxxxy{{{zzz{z\|}{\|}}}~~~.................................~\|zzyzzzzzxx\|\|\|~.~~~~~.}~.~z{\|}~....~...~....................~...............~~~..}\|~\|y\|{{~\|z~\|xz}zzzz\|~{}..~.....................}~.\|\|..\|~...~~..}..~~~~.}}.~.....z}.{\|~{x{z{~~\|................}~~\|}~~}\|z\|~............~..}}\|y{}}..~..................\|}.}\|{yxzzyz\|z\|~~.......................~}\|~~..}{}\|~.......~}\|\|zy\|}\|zzxzz{{\|{\|\|~....................................~\|..x}...z}~}{wy\|~}........z}.w\|.srwz..v..............}px}vvyqnxsu.ykqtmx~t.................~~.~..ys\|{vzuimtz..xqu..............z....y\|.\|..zssoxxdhlWUimj.vq..\|.....{............z~......}....{.}vu..{fhkk\_^K;HUUOHOa

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_metal1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	6546
Entropy (8bit):	5.569294561479601
Encrypted:	false
SSDEEP:	96:Wk6fhGO4lAESmYGvFcLLf8KMyubQTa96xrwc7j6EQhXvlFdvfGF8h4:q/ESmYGGLLfjIQOewcqEsvhfGe4
MD5:	4DF63804DC15F4851BBCA1138691D462
SHA1:	E5B9CF4D65B187A12D06DDFD7F4A2A94172307A3
SHA-256:	7D4458E1CE4BB12FB016C5E47B5A38B7F0365E0F9BEC0864AD2333EB4F510918
SHA-512:	0F399EC8D22CE3E421B4BBF3A56106318067BB47B69A6C7D6C9FB703766F07A4B3A85B6C92C6124514A14A6E212677DCE51ADB068733766917250FDD8D4248F5
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data....~~~~~~~~~~~~..........~~~~~~~......~v\|yvgXUR`v..............~....xuqnz............xtogafkotx~....~zyxmimtqkmsttsxz}............~.....ssvkh~.xw~..w{}xxwy~\|wz~~\|zsmkoquvu........xoqxwvw.........~...woikt~..}xvvy.~\|.\|.~vwwrowzttnjp\|.........nt\|.....x........xr{{wy~.~ndnt.zt..{stkd_hw{tvvs........xfkjXNSH4,08Jbu....\|qnbZgifaWX`tx..........................................~.tkuqrq`x.............................rifooiiqqpn^e``[ZVUYJBJJ\YRWkgdoky.wsydsw..........slf\puqz...........o^^[U_jt.........r_H?F?GYo........}}zqikx............xr..igrjgv.......odZI@EBFD?Sgokowqqqnlkeo~zxz.........................vx..........zmaSILUWPaln\|.......shelvroszz..........xqovvnooirv\|......xfZbh\\eW`~.........ukkg\s............z.......zqog`]ekp......zxz..unimoort..yq{~~~vv.{n`Y\QKJIQZafkmu.}kdUB7:Lb`k.............................tmdWUYZbgkm~zrxx\|..\|oiigipz.....zsoghd\ivx.......~..yvztkoikouxwt{...~....\|iZSMIMS\gdirqf[Z`dfbm{.~{~..\|rih]SY^dku~.~\|ymd`bcbdikhimqrqx..\|..vl

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_metal2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	6216
Entropy (8bit):	5.8668929861446415
Encrypted:	false
SSDEEP:	192:xcXkUFpe2aajm5aVRhm/+eq9n2elz5DcLi58:xc005aajIaVPeq9n2eDcLi58
MD5:	CD486B2DC93AD1BD3EB3C7A35EE7E219
SHA1:	2E1ADFDEA4D140B52278876B0B7E296D4678F035
SHA-256:	B2A5E41DAFA1B1326D3B10B884D0CDB4C4BADFC1F5382F673738E37904B6372E
SHA-512:	CE53EF96F57C87538AD01A3285BBD7D69A9F9E52D45A3ED8267FB79919BF5115040D760C21B61B42135B009541C36F4F9AA9B8BF51414582B044F72123FF1890
Malicious:	false
Preview:	RIFF@...WAVEfmt .........+...+......data..........~~~~~~~~~~~}}}}}}}}}}\|\|\|\|\|\|\|\|\|{{{{{{zzzzzzz{{{{\|\|\|\|\|\|\|\|\|}}}~~~~~~}x{.zvsv{..~..}~.utz\|vmnofdm\|..........................}ummmga_diigkquxzyrjhlpokge]WSUY\YZ`hle_^]^bc\SQOLLQZbedfjorw\|}}....}................................................~~...........~zsdUMORYfv.......................znikquzyvqjc\WQMLIE?=AIT^a_biiggmssomnmmignx.......wmigikgdiw............................................{tokihf^UPSZ^`gqusssvvtuvutsqt{........~qjkqttpmmotxz.....{voe]]emomkjikqxyyz~......................{qnqqmf`ZYY\`aeox....................xtmf^YWSQSZhv............................\|zxvtstuz......\|zvmdacc\Y]iv~........\|yxspqqmhimsx~....}vl^QD;;;;=@DJORU`kqv\|.}wsppnlotyyxvnc]`iqux\|zsmnsuux..............................}xtuz.............................ymd^^`cehmtxz.......xohgmqstx\|\|\|~}zxy{zsmhffhlnrwz{z\|.........................{tomgbacdfkpsvwwvvy~........~zyxvv{.............~zz~..........xriaWOJFDHOW\`cfeegge`\[`fntz................................~zzz\|~...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_metal3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	6808
Entropy (8bit):	5.463189903853256
Encrypted:	false
SSDEEP:	192:09NGOOIwfIgutzD7J0j+mWNfpqtXZCxYAI:09+ZuxJ0j+HfIFExYAI
MD5:	F96E2402659A34745BB003A3D0E88807
SHA1:	DD2C59EF2536C79C8DB1DB4E079F59593131BD0F
SHA-256:	1ED0C8E87A42B77BCCF767524AAF884DAADB3A6B47DA87D1AA114BD419E04937
SHA-512:	959B82D3B07CF9423690647C3C5FAED5E3A49D60A3DBBC9510620E09D4E291B986E262AB7A0EF3198CC563D8BB53BB7B4E4C66248725FC95B262416B5A80D74B
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data....\|\|\|\|\|\|\|\|\|{\|\|\|\|\|{{{{{\|{{{{{{{{\|\|\|{{{{{{{{{{{{\|\|\|\|\|\|\|}\|}}}~~~~~............................................................................................~.~~~~~~~~~~~~~~~~}}\|\|\|\|\|\|{{{{{{{zzzzzzzzzzzzzzzzzzzzzyyyyyyyyyyxtqqpommosuvvvtrpojedfgfgfcelsy................................}\|}~.................}{yyz\|\|zxwvromiikkighhggiorrqpqqqu{~...............................~xqlkkklot{.......\|xvttstv\|..........{vtrposx\|................................................................................}zyxvrqtwvttrmg`\XWWUSSUWWXZ]\ZYYUOIFDBFMSUWZ^bb`aa_[YVUUWYXUSUY^cfkoomlnoopsvz~.....................................................~~.............................~~~~~~.............................~zvtstvy\|\|zwuvwy{}.......................................................xtrrrsw\|....~\|zxuqmkmnmjigffgjorstvx{}~......~\|{{{\|~.....\|zz\|.....}xutttvy{\|{zwtsqqpnkjhfddefghggfdb`^^^]\\_dhmptvxwutstttrstvxz\|~...........................................\|zzzxvvwy{\|~.....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_metal4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	6190
Entropy (8bit):	5.402774625754508
Encrypted:	false
SSDEEP:	96:r3TZD+orGN7LCZDXNDcIvaVQ/4/veuRG5zXXbKvAg8l/3/Bm2SDmBNt:7YoryWp9DcPQ6M5zXLKvQ35vSDENt
MD5:	4476F274CC2C9216FCEDBD3BE7683EAC
SHA1:	902A91355B11E2B7AECA5A7EA8E06AFA846EBCB3
SHA-256:	AD9916F30ED83C0DC832733AB961AFEFF54119F0863A7C182AA2B6CEEDD05EED
SHA-512:	1E1DC1D3BEAFC2285A4C87E2DE9B07C2EF0A951AE34B9973257C894D19272072754CC95CF43CB8B9C3EDF807FA8179320E0E2C4DE57A2A1878E8C2F3690CCEDC
Malicious:	false
Preview:	RIFF&...WAVEfmt .........+...+......data....~~~..........~...~~~...~~~.~~~~~~~~}yvvtqonpsronjifcd_XWZ^\]_\\cmtz..............................~zurqommoqrsqmlkjmomnqsonmmookihgfa_]\^`cdcefgffikigdfikkqy...................................~..}\|.............................zqkjjggmsvx~.........................................\|tmjhhjkkfcfhiknpomkhd]XSMLOTZ^`bb^YUSPQRQORYbhlottpkjkklopstx............~yvy.....................~}~.......\|yyxvttvy\|~............\|xuvz....~xtttvwx{.....~}........~\|ytrqojgjpuy......\|z\|~.......~{yzwronlkknppqrsttvyzz\|......................xsolmopppnihgghijlmpv................................~{xvy\|\|~.........zqg_ZYXZ`jtz}.....~yqljkjihijkjmrtroonkjihhhikmnmmostvy\|}}\|wsqrstuusqnieefeefgikmkigfhjkmoqqrtx~...................................................................}ytpopqqqsuxxuqmkhd`^\[\^adfinqsttvz}...........\|zz\|......................................~\|\|{zyxvuvwvvvvtqmmnnnrw{}........}yustx~.........}uojgfffirz......zvtqmifdfjpw...........................zsmiihgi

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_pain2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	7650
Entropy (8bit):	5.293635729390976
Encrypted:	false
SSDEEP:	96:hMjtyo+mwOxILG2D7MAZPr6D4tpbKz6QddKTLTNj+C8WSjjnZzNj2AfhY:+aOxILFzM45K+QddMLTbiZJj2AfhY
MD5:	C7F10685FF1747BDC02343681469D3C0
SHA1:	2CD369C18BC47D6A1F710C19C7C3BDB44A373F31
SHA-256:	47355ECC7540834DB51B7E5184A08CE7AEEE6D2D2092D485E1F0742D678ACE8B
SHA-512:	7DD78BFBE97909D045450AA0CDBC62CB5C5D8A2B763533A8C47910A3E7A7208337F21A4EED7FB6CCFADE701245BF44A18A17249C06D08BBA86EEC196CCB7469B
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data........~}}}~........~yxxxxwwwwvvvvvvvvvy.............~\|}zxz\|}~.....~}}~..................xwwwwwwwxxxxxxyy~.................}\|~}wx~\|wwyxvz}zz{~}~.............zzvwvwvwvwwwwwwwvvvx..............................zz\|~................}x}}yyyyxyyyyxz\|yxxxzy.................xsx.....}.\|wtttttutttw\|..............\|z{vtttsrrrtttvvvvvvvvvux\|...................yvvvvvvwwz~}{xzxy\|................\|yutvwvxwxxxz....~xvwz................z\|f...NOIotII..MXI.[oU.hII`.Iw.ZoPd]S`VWxko.}...~dhr...fYIMIMIzYIIY[Q.......kQ.iJ.......................T.zIUIOINISI\|tJi.}..z...[QLPIz.RIM`.....Uw.....z~IKb_IOIVI^IVJ\|.............bOf~......}Oo.mUIb..oLI..I..UwIUYP...`ZYIZRIJIa.^......................iz..IMIMILILIbn.k...................mILJIdyIOI^Ia.r..z{MIJIKIMI`_J\IMo.......ta}..dq.................~tL..xIVr..U^l.og\|............................}W`w[IMp.IZqq............\u..z.SKIMIq..vdLSJIIYsckIUcOIPIv.VOg\|UMTWSTIJQd\|eIsMJIP^...`ILILITu.........mU...xIU...............................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_pain4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	7020
Entropy (8bit):	4.729322703937504
Encrypted:	false
SSDEEP:	192:3MSIt7UsK6XstIRq9m+P/7CkrJpZwWQ8lC:j27UstIfSkrJpI
MD5:	C0FB3625CC1585CD433C32D7735093C0
SHA1:	00BFC4A048B1040BB6BDA52EC43E67D99097297A
SHA-256:	7D47F61514A0AE116B6FA8CD93563C52885624D0B7D71011E78F2177ACB203EA
SHA-512:	DA38A127FA81BD64080DDD8D3178778CAA7D64E136EF83C03BFEFEBCD3278474EC5DDDC3BA384394F392B0074593E808165D5373A4D0A365F9443382938DCDA0
Malicious:	false
Preview:	RIFFd...WAVEfmt ........"V.."V......data@.........~.~................~....~.........~............~...................................................~~~~~~.......................~~~~~~~}}~~}~~~~~~~~~.........~~~~~}}}.}\|.}\|{}.\|\|.................~\|~.............................\|}~~~\|{{\|~.~\|z{\|...................}~.~\|~~~~}\|\|~.~~~~~~.............~}\|\|\|}\|\|\|\|\|\|\|\|\|\|{\|\|\|~...........................~}{zz\|\|~..............~}\|.\|}....~tQ;AOQf{u..........ys......~rYJ@N^bQDMQWu~..~~os{m\PQUO^v...........xt...............{.............xwxx.........................}v.....xbvbOVSVUx.~veHSuy...df}~qlTLOpiz......cWicLECFR^kq...........^~nSZlW\|paU`xs.`LEIYL:PO8@St~.....gb\aq..dU\Z^]]ZURgU@e\|txfsSb...imQo....\|VZUWS~.............roq....................xms...SHgaj.......ox{..mz}...~.............................................xxf\ZUWWXVUWYWQQQLOMJJOJOLJNLNUW[^[\^bfefiknqmpkinvpovqllis\|}{xvvx\|..zx~...............~....\|\|~.~\|\|..................{mny...................................................~~~........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_pain5.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	7020
Entropy (8bit):	4.729322703937504
Encrypted:	false
SSDEEP:	192:3MSIt7UsK6XstIRq9m+P/7CkrJpZwWQ8lC:j27UstIfSkrJpI
MD5:	C0FB3625CC1585CD433C32D7735093C0
SHA1:	00BFC4A048B1040BB6BDA52EC43E67D99097297A
SHA-256:	7D47F61514A0AE116B6FA8CD93563C52885624D0B7D71011E78F2177ACB203EA
SHA-512:	DA38A127FA81BD64080DDD8D3178778CAA7D64E136EF83C03BFEFEBCD3278474EC5DDDC3BA384394F392B0074593E808165D5373A4D0A365F9443382938DCDA0
Malicious:	false
Preview:	RIFFd...WAVEfmt ........"V.."V......data@.........~.~................~....~.........~............~...................................................~~~~~~.......................~~~~~~~}}~~}~~~~~~~~~.........~~~~~}}}.}\|.}\|{}.\|\|.................~\|~.............................\|}~~~\|{{\|~.~\|z{\|...................}~.~\|~~~~}\|\|~.~~~~~~.............~}\|\|\|}\|\|\|\|\|\|\|\|\|\|{\|\|\|~...........................~}{zz\|\|~..............~}\|.\|}....~tQ;AOQf{u..........ys......~rYJ@N^bQDMQWu~..~~os{m\PQUO^v...........xt...............{.............xwxx.........................}v.....xbvbOVSVUx.~veHSuy...df}~qlTLOpiz......cWicLECFR^kq...........^~nSZlW\|paU`xs.`LEIYL:PO8@St~.....gb\aq..dU\Z^]]ZURgU@e\|txfsSb...imQo....\|VZUWS~.............roq....................xms...SHgaj.......ox{..mz}...~.............................................xxf\ZUWWXVUWYWQQQLOMJJOJOLJNLNUW[^[\^bfefiknqmpkinvpovqllis\|}{xvvx\|..zx~...............~....\|\|~.~\|\|..................{mny...................................................~~~........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_pain6.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	7650
Entropy (8bit):	5.293635729390976
Encrypted:	false
SSDEEP:	96:hMjtyo+mwOxILG2D7MAZPr6D4tpbKz6QddKTLTNj+C8WSjjnZzNj2AfhY:+aOxILFzM45K+QddMLTbiZJj2AfhY
MD5:	C7F10685FF1747BDC02343681469D3C0
SHA1:	2CD369C18BC47D6A1F710C19C7C3BDB44A373F31
SHA-256:	47355ECC7540834DB51B7E5184A08CE7AEEE6D2D2092D485E1F0742D678ACE8B
SHA-512:	7DD78BFBE97909D045450AA0CDBC62CB5C5D8A2B763533A8C47910A3E7A7208337F21A4EED7FB6CCFADE701245BF44A18A17249C06D08BBA86EEC196CCB7469B
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data........~}}}~........~yxxxxwwwwvvvvvvvvvy.............~\|}zxz\|}~.....~}}~..................xwwwwwwwxxxxxxyy~.................}\|~}wx~\|wwyxvz}zz{~}~.............zzvwvwvwvwwwwwwwvvvx..............................zz\|~................}x}}yyyyxyyyyxz\|yxxxzy.................xsx.....}.\|wtttttutttw\|..............\|z{vtttsrrrtttvvvvvvvvvux\|...................yvvvvvvwwz~}{xzxy\|................\|yutvwvxwxxxz....~xvwz................z\|f...NOIotII..MXI.[oU.hII`.Iw.ZoPd]S`VWxko.}...~dhr...fYIMIMIzYIIY[Q.......kQ.iJ.......................T.zIUIOINISI\|tJi.}..z...[QLPIz.RIM`.....Uw.....z~IKb_IOIVI^IVJ\|.............bOf~......}Oo.mUIb..oLI..I..UwIUYP...`ZYIZRIJIa.^......................iz..IMIMILILIbn.k...................mILJIdyIOI^Ia.r..z{MIJIKIMI`_J\IMo.......ta}..dq.................~tL..xIVr..U^l.og\|............................}W`w[IMp.IZqq............\u..z.SKIMIq..vdLSJIIYsckIUcOIPIv.VOg\|UMTWSTIJQd\|eIsMJIP^...`ILILITu.........mU...xIU...............................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_pain7.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	6520
Entropy (8bit):	4.503924742518474
Encrypted:	false
SSDEEP:	192:VIrHbKwJz5ppoFy9+d3hZ8i69cvnxBhMy:VIrHpJjp0d3hyi6a/nhN
MD5:	E5368C8411D0664461AE61C8D75EC269
SHA1:	E23025A19B0ED3075B9297565E2DB42A20E1CEA2
SHA-256:	DBE1F165E3E986DFBE97551C98A761C133040C26F020F54CCEBCBEF99E4516B1
SHA-512:	9FD4FC40566985FB21834303585ECF6FD1D56D1CA476AF4F01F3CE68A6678C02690AC9FF3E87143EF2C4F62FD2051E3418F4A8AA33A14283FAC4EA0B6233657E
Malicious:	false
Preview:	RIFFp...WAVEfmt ........"V.."V......dataK.........................................................................~~.~~~..............~.....~.~~...............................................................................................~~~~}~~~~~}~}}}}}}}~~~.........}}}}}}}}\|\|\|\|\|\|\|\|\|\|~..............~~~}~~~......~~~...................}\|}\|\|\|}}\|}}}}}}}~.................~~~~}}~~\|\|}}\|~~~~~.~..............~~\|}\|\|\|\|\|\|\|}}\|\|\|\|\|\|}..............................~~~.................~}~~}}}}}}}}}}}~}}}}}}.................}{}.....~.~}\|\|\|\|\|\|\|\|\|\|~..............~~~\|\|\|\|{zz{\|\|\|\|\|\|\|\|\|\|\|\|\|}~...................}\|\|\|\|\|\|\|\|~.~~}~}}~................~}\|\|\|\|\|}}}}}~.....}\|\|~................~}}\|\|\|\|\|\|\|\|\|zyz{z\|\|..................}~}}\|\|\|{zzzzz{{}\|.~...................}yzyz{}}}~~.................................\|}\|wxrvsvz\|...................~\|}z}}~.\|~~~...................rOIJQ}~vzoPJIKIQSn...iu......^\|.......slo`W\Zdg\|mt.yz....\|}.................x_\UIJQao..............\|p`]^aZekWXWSUQOIPPIJNTOLINIOOQOUWQhmssoopgjgqsx\|\|..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_shell1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	4904
Entropy (8bit):	4.331157415200021
Encrypted:	false
SSDEEP:	48:yQnOUSINo4ftH95mhJlCZO3HS9sxJFDMWbn+vN0S6C:yQOknftHCTl3y9sxrMWbn+1RL
MD5:	A45A7C8BBEC28AF767F3F74A713B81D9
SHA1:	B154DF6AD9C8140B31BD80820FA75D7FD6EBCE9E
SHA-256:	ABFCD98F0FF44BE35D2BA4DDFE9D84862A643239ECE961E0DE2176D7FCC499AA
SHA-512:	EC2D0403B53316369BD2394020B6D27672404EB31F59ED51C76992B28D3CDA2A8B1C70F908F17B7CF35230D8F19D9AF24800863B9343780BC8BBC305F769132D
Malicious:	false
Preview:	RIFF ...WAVEfmt ........"V.."V......data....~.~~.~.~~.~..~.~~.~}~....xnr...jvj.}ee.mg.o..oy}t....i..i.t\|.s..o....q..~..{.r..w.\|x.q{.v.}{.w..x..}.t..v.}\|.q..s.}{.v..v.\|x.v..q.}v.s\|.q..s.t\|.q..q.x{.q..n.{x.o..m.{s.o..l.~o.s}.j..o.tw.m..o.vs.n..e.{q.o\|.i..m.qy.g..i.tt.h..e.xr.j..e..m.l}.d..h.nx.d..d.sr.d..d.xq.h..^..e.j{.c..e.nq.b..`.sn.g.._.wh.g..].}g.j\|._..c.nw._..^.tq._..].yj.`..[..e.g}._..`.mw.[..`.qo.]..].vl.c..Z.~e.e}.Z..`.lv.[..^.oq.`..[.vm.b..].}g.d}.[..c.jx.].._.or.^..].sn.`..].{h.d..[..d.i{.]..`.ns._.._.so.`.._.xj.d..]..g.h\|.]..b.mv._..`.rq.`..^.wm.b..].}g.g~.]..c.ly._..`.qr._..`.tn.c..].{j.e..]..e.i{.]..b.ot._.._.sq.c..^.yj.d..^.~g.h}.^..c.mx._..b.rr.`.._.wm.e.._.}h.i~._..e.nw.`..`.rq.d.._.xm.d..`.}h.h}._..e.mx.`..c.sr.b..`.xm.e..`.}i.i~._..e.nx.`..c.ss.c..`.wo.e..`.}j.i}.`..h.my.b..d.rt.c..c.xo.e..b.{l.j~.b..h.m{.b..e.qt.e..d.wq.h..e.\|m.j..c..j.o{.d..h.qv.e..e.{o.j..e.~m.n}.e..j.qy.g..i.st.i..i.xq.j..g.}n.m}.e..m.o{.e..i.tv.h..h.xr.j..g.}o.o~.g..m.q{.j..j.tv.i..j.xs.l..h.}q.m.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_shot1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	6520
Entropy (8bit):	4.503924742518474
Encrypted:	false
SSDEEP:	192:VIrHbKwJz5ppoFy9+d3hZ8i69cvnxBhMy:VIrHpJjp0d3hyi6a/nhN
MD5:	E5368C8411D0664461AE61C8D75EC269
SHA1:	E23025A19B0ED3075B9297565E2DB42A20E1CEA2
SHA-256:	DBE1F165E3E986DFBE97551C98A761C133040C26F020F54CCEBCBEF99E4516B1
SHA-512:	9FD4FC40566985FB21834303585ECF6FD1D56D1CA476AF4F01F3CE68A6678C02690AC9FF3E87143EF2C4F62FD2051E3418F4A8AA33A14283FAC4EA0B6233657E
Malicious:	false
Preview:	RIFFp...WAVEfmt ........"V.."V......dataK.........................................................................~~.~~~..............~.....~.~~...............................................................................................~~~~}~~~~~}~}}}}}}}~~~.........}}}}}}}}\|\|\|\|\|\|\|\|\|\|~..............~~~}~~~......~~~...................}\|}\|\|\|}}\|}}}}}}}~.................~~~~}}~~\|\|}}\|~~~~~.~..............~~\|}\|\|\|\|\|\|\|}}\|\|\|\|\|\|}..............................~~~.................~}~~}}}}}}}}}}}~}}}}}}.................}{}.....~.~}\|\|\|\|\|\|\|\|\|\|~..............~~~\|\|\|\|{zz{\|\|\|\|\|\|\|\|\|\|\|\|\|}~...................}\|\|\|\|\|\|\|\|~.~~}~}}~................~}\|\|\|\|\|}}}}}~.....}\|\|~................~}}\|\|\|\|\|\|\|\|\|zyz{z\|\|..................}~}}\|\|\|{zzzzz{{}\|.~...................}yzyz{}}}~~.................................\|}\|wxrvsvz\|...................~\|}z}}~.\|~~~...................rOIJQ}~vzoPJIKIQSn...iu......^\|.......slo`W\Zdg\|mt.yz....\|}.................x_\UIJQao..............\|p`]^aZekWXWSUQOIPPIJNTOLINIOOQOUWQhmssoopgjgqsx\|\|..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_slosh1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	9892
Entropy (8bit):	3.271786320147837
Encrypted:	false
SSDEEP:	96:bhQ3sEJ4gOrLytkf3heQ+vIvnceg2jGh69igddfiFL0ut3YGoC:bh/EJ4jBGIvno2jGiqFbt3YGp
MD5:	477FE3EB43EA7639A6BEB1AB6637205C
SHA1:	03EDA60EEE7C69529CD833EFED1EB03E0FC169A4
SHA-256:	8F8E4D4402E70680C620090D4E2B91D739CE1836328EF789BB31D5A1515C0D1C
SHA-512:	01C7E7A5014FA67653EFCACE1D8BCB325964C44D74740E44D442F0571B47121F7D92FEBC226398B77F60026AA8B3588CB066355461CF69A8D648EA5002E436E3
Malicious:	false
Preview:	RIFF.&..WAVEfmt .........+...+......data&&.........................~}~}\|{\|}}{\|}{{\|\|\|{\|}}\|}}}\|}~~~.~.....rr..zs...y......._Mh......wt\|.......znlu......zutsw..}xumy...~z\|\|skp{......~limr........................{ss\|..~{}..}~~\|y{..}wutrv{......\|\|.............\|z{~......\|xxz~.~~.{y~..}zwrqqty.....~\|}..................~...}yx\|yz.......\|xwyy\|}~~\|yyzywww{~}{zz{\|...............~..~uw.....~....vrwv..\|.xz......{y\|~\|yz~.~...z}~}{y~............~........~.yrx..lox..nj...~.uv.......sw..~~w...xy..cU....d..k..qdi]D18d.~........ss...x.yp..k.....p..qaYZouQBLp.....................iu.\|}uho{{.~hYQ[]YZYc...w....t{....o..........u............}~}\|rs..ouw\fcc__a^jopfmuy........................~{zspoxwv{..........x\|{umilnifffbmusu.........................~.}wzvv}{y\|xzyy}.{}}yuswroqjkooooprrtxsw\|.}...................................\|xuutojmmedca^\][Z\^``flnprsw..................................\|zyxtqjinqpnpsokmprqruuruy{z~............................~\|{xtqrpnnlllmnkmlllptuvv{~..................................~..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_slosh2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	9440
Entropy (8bit):	3.2182041753266457
Encrypted:	false
SSDEEP:	192:Q68hHvyaCDh80dTZbY2SWkBYPwW9M8SVvOtjQN9u6o8b8QFKbXF:Q64KD8YTZbY2SNBYPwW9M8SVvOtENxoL
MD5:	FC19F34CBF8B19CACAAB27147361CB80
SHA1:	56F60C852167E847B5AE62B5CBBF5630E71632FF
SHA-256:	853BAEEA685193EA46908AA748E014AFE097AD23B47C603152EEEF822C3A4908
SHA-512:	DBB7078BD2C5A65108B34606B4648BFBAF38D2440868B449EF1362F258AD26F93B31517BB575E337B45F464EAA17D1B8C19F5B6F033D3C5D188260272AA5F8EE
Malicious:	false
Preview:	RIFF.$..WAVEfmt .........+...+......datab$..zzzz\|\|\|\|}}~................................~}}}}\|\|\|\|\|}}}}}}}\|}\|\|}~~~~......~}.............~.~}z}~}\|}~.}.~yy}}.......~z}\|........}.....\|\|}~.....~zz}}}...\|\|}xuvy\|~....}zz}}\|\|..~....................~}.~}...~}~\|\|yzxz\|}~~~~}~............~\|\|\|\|\|\|yyy}.}zyz\|\|zyz}~.z\|~..~~..........................}...y\|zytmu.yTQ..vW`...uIys.}...v\|...of^m...........vpsqmmefa\p...\|st.....f]s..b^...Z...z..]T..i6o..\|qut..^Zuqd\Wo..}~...\|gk....a=Jk......z...vt.....zoFk......z\l..sm~...uox.u~}i.....Zs.d.ydpplqps.fy.]uvmtvlqxu..........xy\|~.................x.}kkiuyxvpo....~.\|idltxyspm}ypv~\|\|.....x}.}z..}.....}z\|}ysy...........}.......zvvxvy~.....z~....~vxztssil..~...zy~...y....tqvyz....}........xoox............y~~\|.....y...~upv~z\|vxyvtlegosttv..yyyxy\|\|\|}..............................~vopqqsmfde`\`fgfiegeba`bkpuzxvxv\|....................................}vuyzsssvvpmllqldppqqstxz}\|\|xzy\|\|zz}..~.......................}..........z....\|\|.......}x~}xxxuzy~.~zxz..zu\|..\|\|.ytsy}x\|..}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_slosh3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	8990
Entropy (8bit):	3.7345174779354258
Encrypted:	false
SSDEEP:	192:x2g0/elEaOYInTd91tktcRoQgdW38vnIhtCJLeE812zBEWFbdnC:x2g0dYInxvtktcRoQgdW3Jb8eE812lEp
MD5:	01D1CECAEC3A6EE6D0A62BDD4D0691DF
SHA1:	39D5CF6FD5229B6A59D4CC57E2A2CB0EC798D786
SHA-256:	85BCA96463E6E1BE8C61B6BA8FB95256B079B0E2E7EDF0DE77BE85416EE79EB3
SHA-512:	1DD6ED5662E4830874FF58373FA7F461E043E61CCE4CC474D901FF0324AD19591F30838895B46AAC7CA72CE3A5FA65DD971608B97B1CE850BB06481F934D0104
Malicious:	false
Preview:	RIFF.#..WAVEfmt .........+...+......data."...}{}.........~...........~~.}.}..{}z}....{}}.~{{xzzvvvz{zzz{......~............~~......~...............~..~~~~~~...~~~...}zz{zz}}z{~~zzz}}{{{}{{zzzz{}{}...........~...~}}~..~~}.~~~..................~.~~~~}}{{}~}}}{xx{}~}{~{{{{}~}}{}~}xxzz{}}~}{.~{~...}...~{..}z..~~......~....}.~...{z..}z..{{..}z..vu..xr}.xuzzrrz}uu}.ztz..{...~..{......~......................~}.~{zx{zuz{vtv{vrz}xz..zx..~vz..{~..}...{................}...~...}}..z{}zxzxxx{}zz{{zx{}z}..~~~......~....................z}{zv{{}z{{}{{z}}{{{~{}}~.....~}.}~~..~.............~....}~.~}~~~{}~}{}~~{}{}}{~}~...}}{~..t...~~.~~zvzx{.}}...............~.~{}~x}}~}x}.~~..~...x..o.o...r~q...t.m.xiru[r...t..aHv.S3~......mq`aPi.....lx............mm.g.-;`o.....uxqmu......iu..~.....r..Oljbzfz.....vxqq..t.ftdf.odz.~tq~{....xdqru....{....~m...lg..tgx.i....i.l.\a.....v^Wa}.zizzQfP{.j...........vl.}gz....t..W..}..jt~vz\aqb.{a.~..z^d.tqxjr....u}....}q.~....}.......}.{vz.....}v...v..dq`Yg^Yqmr{}iroj~{.....t.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_slosh4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	7688
Entropy (8bit):	3.2496632191850305
Encrypted:	false
SSDEEP:	192:xzYXb3JWADn+3/nZk08cA1iN76VBkXkbf26:GXbZWZPZk/x1iN6KkC6
MD5:	C90A4AC3A376ACF89E4E00B4472A27E0
SHA1:	1DE1EABA9779423201D65644D3DACAC1C0090F76
SHA-256:	F7072AAA82208F2B16144D6BDE7A26652F0569C151848C86AE556AB012B28DE0
SHA-512:	E2D0A6CDF3F9909F345ECBB116B6CB9D874E1C8E391F428174149602D04D6205500628718EC7B4ED9E5F5FBCB988FE833A69564721E0E25728CB8B6A5A643CA0
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data....~~...~~.~~.~~~~~..~..~..~.~~~}}{~}}}}~..~~.~........~~.}~~...........~}{{z{~}}}}~~}}~....~~~}~.~.~~.}}~{}~~..}~~}~~...........~~~}}}~}~........~.}~}{{{~~{{..u..z}..~.}....}..~~.}zs.zx......~...~.}~.}z.z..~z}kx.{z}zs....{...}}rv~.}....}xx..z....zz...~zv.....}...~kh{z{{.....~z~xmx}}..~{}{.}zux...{..u}..{z...........{}.{....}~..}{~}u.s...o{.}.o.h..u}xgk~.u{...zv..pj.._..~r...v.u..v...pz..z.{dhj}....u....v..]QUQY..uI....gM.u]`..bZW\jo}...........DvU-Af]Zo]g.{.x{rx...ss..UZr`g..{}........{~...fv.....rs}..pkZSgx{kIOu.}bYZm..................r{zuz~.~}z{x..uu.zmvxbfmxkv..{...............pu}msv}..xm~gbjjfv.xm~{jx.rp..x...~.........~~~....~.~.}jf~.z~..v..{u..{...v..~x..r}.....v{}us{{sprokjhd_hghdkkhku{................................~vvofphmpjfdhomjhpjdbbgmpssmrsoz}~............................~......zxxx}xoposssrsvxusv}z}.~}...}{uv...............~~.................zrsusohbbgfhoouxvuvuxvvru~.................................~.}zvphgsmmssrvxu{.su.vv.{u~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_snow1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	9132
Entropy (8bit):	3.6354920726595994
Encrypted:	false
SSDEEP:	192:wefoJ1lU6e8h5/axidSujPnzZrVq9dUgxS4:doJ1zXyxigujfzbq9dUgxS4
MD5:	390D890DE6233878616FA5453815BC9F
SHA1:	EB72F6E8B593E26DD5E36367BF2AC1F2F9A5AAB8
SHA-256:	8C4F8B24972048A7DD270D60FE8176560CCA8691926BD8F83121637B44C7E64A
SHA-512:	E1FD2DF54D6CA9368B46B03CBDA8143322582936ABD4A59B18AAE7E55BA93ED3A41D5082E9AAE18920AD99E5A7741E75E1567F7E7ABFB619990B9FCFD838BA9C
Malicious:	false
Preview:	RIFF.#..WAVEfmt ........"V.."V......data.#.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~...................~~.........~~~....................................~~~..................................................................................................................~.............................................~......................~~~...........~...............................~~~.....................................................................................~~....~................................~.................................~~......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_snow2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	7148
Entropy (8bit):	3.2739143241348967
Encrypted:	false
SSDEEP:	96:1QVUZgn+jrdtnZWehYytjUmtyAhcPXFTql6rWhTMgXhwG6zYfE/agCx:1QWgniDZW8t9yAh21Tqw6ViGcLgx
MD5:	CE7A62C2956343DC3AF3EDB2727EA6B9
SHA1:	D784607ED6959E89CE5D0C5AAA0A7C4037C8F5C5
SHA-256:	DAEA226034D9C72FF4E933ED755E7AFE53B35DD88E8A251DE1283D22C30242B8
SHA-512:	9E75865A0337FA3BB0D37D0AB3A6B72B27A27ACF5B095E0C7F712F1B1BF3D56E82E0ED854578930D21D052D7531953FD8A9BE0BB63860AFBB040779A5817D58A
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data...................................................................................................................................................................................................................................................................~~~.~...................................................................................................................................................................~~~....................~.................................................................~~~~...~...............................................~...........................................................................................................................................................................................~...............................................~.~.~..~..........................................~..................................................................~~..................~~.~.~~~~~~~~~~~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_snow3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	6124
Entropy (8bit):	4.077828396157786
Encrypted:	false
SSDEEP:	96:v9C6sVwyhI2Tjc7vhq3yCQXBoth909sTIMPFtL7/DuVq0ikfS2qYt:VCXVNiDwZQxoP/PFtnDz6fAw
MD5:	BC02149961C226986DD3989DC6AF96E6
SHA1:	19EE6467D0E5BFF549DFEA8E823C5F7090BFFBA0
SHA-256:	4689B557DA2C8E8CCF60EEE0B324B0C4D81F7621BA2956DAAF1F2070E5F7B305
SHA-512:	EC72FCB7371D7D6F5970BE59CF2CA541CD0B7D48947A669E42F251447DEC06647494704171BD12E233B466C6D0A71E825BCE7A7F632EBD4083A5C201E1B00AF1
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data...................................................................................~.~~.~.........................................................................................~..~.~.~....~..........~.~............................................................................................................................................................................................................................................................................................................................................................................................~..........................................................................................~}}}}~..............~.~..............~~............................................~................~~}}}~~~}}~....................................................~~~~}}\|{{{{\|\|\|{{{{\|}}}~~~~}~~.......................................................~~}\|{yyyyz{}..............~}\|\|\|{}~...~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_snow4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	9132
Entropy (8bit):	3.7331112101925914
Encrypted:	false
SSDEEP:	192:0l9BsFB+3aalDd/BCkIDXjuqNBHguQbjOaS:iBsvQau/BCzDXjuqNBAuQbjOaS
MD5:	BB1C1815A54F0E61559135AEF3F250E6
SHA1:	202EFEAE5BD7022A0542D0D083F2177926BAE388
SHA-256:	2616398D9B2897E4D07325ABE6A663A0FED68FE476EBE61893EA965EF1BE4D12
SHA-512:	C4620B39EBACFF4D81C5EC3750560319534009711633D047B45299F6FAF6E4410F8BBCB16D5E108FE4934F7B9C6F6FCCD76CC8196508B8B1AF2864C6C3E2EB08
Malicious:	false
Preview:	RIFF.#..WAVEfmt ........"V.."V......data.#.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~...................~~.........~~~....................................~~~..................................................................................................................~.............................................~......................~~~...........~...............................~~~.....................................................................................~~....~................................~.................................~~......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_snow5.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	6892
Entropy (8bit):	3.5806065678561394
Encrypted:	false
SSDEEP:	96:IX6Wsmimbe240HeHOPOaHVfNo3BwR6SEinJgxiggT:IX6heeaHPOaWOR6SFJgeT
MD5:	4C07A1A822BFA0DCFB460B0716EE1DDC
SHA1:	8D5F2873CE76BAC82D8827D2527298DFAFCAD5E9
SHA-256:	BF40495639DFA442510E01E823CD88ACAFD4A0B1354537BDA0573E229A7732B3
SHA-512:	01E550A7F108696D7763BBAC6A935344046F61550AB511FC39C0A39171C350ADED70955F1329E169AC953F4FFE235768C62FE8212572BA7C55FF96C53A2A8BF1
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data..........................................................~.~....................................................................................................................................................................................................................................................~...~...........................................................................................~~~~..~~~}}}~~~...~~.........................................~~~~~}}\|\|\|\|{{{{{zyyyyzzyxyzzzz{\|\|\|\|}}~~~.............................................................~}}}\|\|\|{\|{\|{{{{{{{\|\|\|\|\|\|}}~~.........................................~...~~}}\|}}\|\|\|\|}}~~.....~~~~~~~........................................}\|{{{{zzz{\|{{{{\|\|\|~~~~~~~~~~}}~~...~~~~~.......~.~..~..~~~~..........................................................................................~~~~~~~~~~~~~...~~~~............................~}}}~}}}}\|}}\|}}}}~~~~...~..~~~~~}}\|\|}~~~~~~.................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_snow6.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	6124
Entropy (8bit):	4.084645698507934
Encrypted:	false
SSDEEP:	96:vafO5Aaf6br45QfkiXwKvPHe3dmmJ1pO2HKs3UY76EA81+2Q7DJQ5YRuGw:yWqafQBfk0fn+NmmPOKK5/nt6YRzw
MD5:	8F4522962418FA0D0F872CCFC99474EF
SHA1:	07FAC74F1AFBF9911D8C864EE4D3E00BAA747EC4
SHA-256:	DE26C53C0DB901662992F6765B5B12C281475CAA60F1E4A2DAF15F70B735EEA7
SHA-512:	03425597D51A741CE446EB56D72923AE5B89AAD4CCA5889BB1992F7F2FA4CC53077121C870B09DB1DD2EC1BE72D9417D9E3FAE4FC778EEE32DFF3189A5ABA983
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data..............................................................................~...~~.~~.~.~......................................................................................~~~.~~~~~~~~~~~.........~.~.~.~......................................................................~..........................................................................................................................................................................................................................................~..................................~.~~...............................~~~~.~........................................................~...........................~.}}\|\|}~.............~~~~~...........~~~~............................................~................~}\|\|}~~}\|}~...................................................~~~}~}\|\|{{{{\|{{{{{{{\|\|}~~}}}}~..~.~~...~.~...........................................~}\|\|{yyxyz{\|..............~\|\|\|{{\|~...}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_step1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	3064
Entropy (8bit):	3.4464348358329056
Encrypted:	false
SSDEEP:	48:LJAhIjFyopr15En3Ank867KA3okEpNfRKiWMP4AsRxmcjtSMlwU/OojAhfnYjC:9AhIjF35nv1w4XLCBSD6Efnl
MD5:	2FC47F2943CC47FA0575463DB689FD60
SHA1:	75055082ED412514E7F161762EC2AC436CF225A0
SHA-256:	287FCB5E7514076308895F741C1F6C9EEA49A301E6026E24B806C5516798028F
SHA-512:	870C34713D1093608344958A8CA01B0569B695655E2E79065682CD375573A2811AAA18146450451003C23E333661AF6FE257DE121E91D99A4C50D08CA86AFA7B
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......datay..................................~.......................~.~~\|ytk_Z[NMYdy...............pimoslbbfUgbJL?I@9?GAHZq........................fougiP.~`qp..b..z.zv.xsy.po..\|q...\|z.~ey}wq.............ru.z....{.......o~vjmp\|tsqtz.t.~..........\|}}tvzuttornntvspqstvxvz~zz{~~..\|yy\|...~~~......................................\|{.....{\|......\|\|~.\|zz~..~~..~~..~~\|zz\|y\|}{{z~.zz{~........~}\|~.}z\|.~\|..~{xwztx{\|\|~\|\|...~.\|vz~.~.z..\|.}.}..........~..}}}.\|xp.pz.v..z\|.}.{..............~.~~..\|\|~~xx\|z.}.........~\|~...\|....~.}............}....~~...........~}\|}}\|\|{zzz{\|\|\|\|}}\|\|\|}~...........................................................................................................~~~~~~~................................................~.......................................................................................................................~.........................~~~~~~~~~~~................................~............................................~.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_step2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2556
Entropy (8bit):	3.9666829080087602
Encrypted:	false
SSDEEP:	48:7kbaI5yUaPxZ9OqNroYavCgAPXCo6bLlLV9W6b/d40aOpC:gb+xZhoDZMCDlJNk
MD5:	33EDD31F1F842467561022B5B85956FC
SHA1:	6EA8993BC7BC405368D403BF8BFEE3F82F040083
SHA-256:	54FF1723D360277F38EA8AFDBEEB91B3C0FD5136C23FF0BA603BA280D3A9B89A
SHA-512:	DB532D9019CB5D94FF7068E9C96ADCB065115874DA69ECD92A61045AE32AE0216FE022317D0C1E5C81F8AC0D13C941492CC1FDC995FF39A667F065E32EBE44E3
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data~..........................~~\|vlgf\PT^lv}................\|si_`Y^WUUXMHELJEKQUScegqs.......................~.\|tvxhhbzq]r}xqgu.rk..x..~i....w..wq..q...u.......\|z..f..~x..ro.~~..ngv\|}..z..x.z.....v.yrmLVkH^fUq.vn...............}zvxqotspkgddbjnjsvx~.~}yuuxwz\|\|.\|..................~\|zxyvz~}}~~.........~.......~........\|\|..{\|}w}yw\|\|xzxzyzxz\|~~~.....~...~\|\|{xvxzx{yvxxzvvwwzxzyxzyz{zx..~....\|...{.....}~..\|\|{~.~\|..~}~}~}~~.~..~...........................~\|\|{{{z{{{{\|\|\|~~}~~~..................~..~...................}}~~~\|}}}}}~~~....~.....~~.....................~............................~~....~..~................................}...................................................~...............~.............................................................................................................................................~~}~~...................................................................................~...............................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_step3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2344
Entropy (8bit):	4.178097877451389
Encrypted:	false
SSDEEP:	48:tkCeX80rTjYBms6yyjWLchmfqei3W1Cnn8YXNiREy+p3du1KMAexC:tkPX8ocms6yyKoQfCJ8eNi6y+VbMAn
MD5:	528EC699C125A24CD1FBEB28413B53BE
SHA1:	2F00DF0EC54DD8849C2800251AE644FF5CF9CD7E
SHA-256:	FDFB38B853F854939DA2AD4D9F73C8F0198EF77E465B965546A8C015171CC818
SHA-512:	D072816BDE4A6E1DCD6A8A81F97B399C9D1EDED921ADEC8CD91E24E54897FDA9BA1C6EADC917625F75379B1ECB42310A271274A164C52D173740C01F3641D9AF
Malicious:	false
Preview:	RIFF ...WAVEfmt .........+...+......data.........~.......................~vdabNbr.....................{ttttsttsx\|.us.qjrpjrziU.tbx.qw.....~...........\|..~....~......................................~}.........................................~~~}\|}}\|\|\|\|{\|~\|\|}~~~.~..........~..~~.}..~.~.~.~..~~~~.~~~~~~}~}~}}}~~............~~~~~~\|\|{\|\|\|\|\|}~}}~~~~~~}~~.~\|~\|\|}\|\|\|{\|\|\|\|\|}\|}}\|\|\|}\|\|\|\|}}}}}\|~}}~}}~}\|~}}}\|{{z{zzypaY[OBQW\j..................~utkf\ULD?<30099BFO[]bru...................\|..sxs}tw~x}z....~.....\|.{..{..r..tvt.r\|\|r.p~~x.w.....~........z..{~..u~z.vstwqtrx.}~.{~.\|}{\|zxzz}z\|\|zyzzzz\|~{\|\|}~wxxyzvy{zzvwyywvvxx\|~..~...................~.~\|}.~~~~~.~~~~~..~...~...~..........xzy}\|zx~.~\|{}\|..\|\|..~{}....\|~{{..\|xx.}\|.z\|x.~z}x~\|~..\|}~.\|~..xz{\|~.\|v\|\|{{{}\|zxz\|\|\|}\|~~~.}.......~.....~~...~~}}...~}............................~~.~~.\|\|~~~~~~~~~..~~~~............................~.......~....~~~~~~}~~~~...............................~.~.~~.......................................~.................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_step4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2948
Entropy (8bit):	3.760205573905395
Encrypted:	false
SSDEEP:	48:7nT4dH8IsLN9QdJajWH75vHWSxKk72gktUhEWeeFK/WbE9rKsUjVQBZYuC:DUdNsxWZsdgktwecyWbiq
MD5:	8164ABB7C9554A026AE2A4C580B0FDD0
SHA1:	6F1845054721F835854653340160AB6C2B4DCF58
SHA-256:	233580D4DADAF111DF1CEAA2F1E93D2F7E487B34CE4A90F86F29F0241E3A36DC
SHA-512:	5010BCD8E51223A8361870964CE12EAEE670405BC68CDD2A23B8CD486039A345D04756588826D1E603953F6410E89EEED94F6ED5519D91DA796C3C746A0E2290
Malicious:	false
Preview:	RIFF\|...WAVEfmt .........+...+......data............~........~.~.~...........................u^X[fkjw..mr}.................\|sqjgfdiidmomvxqspqqkqokrvvzzx\|\|z...................................~}~~~~..............~}{zxxyyzzzxzzz{\|~~~~}~~..........~.~~~}}}}~}\|}~~~~~~~\|~~}~~}~\|}~~..........~................................~......................~..~~~}}~~~~~~.~~~~.....~..~.....~.~...~~~~~~~~~~.................~~~\|~~}}}\|}\|}}}}}}}~}}~~~~~~~~...............~~~.~\|~\|}\|\|\|\|\|\|}}\|\|\|\|\|\|}}\|}~}~~~~.............~~~~.......................~~~~~~~~~~~.....................~~~~..~...~~~~~~~~~~~.............~~~~~~~~~~~~~~........................................................................................................................................~~.....................................~..................~}xg]e]\_gsx\|....................wqfcYWSDJEFHFNRGNX\hgktnz............................{y~xqqkqqlmwztz.u..u...\|{.tu..q.}~.q..w......z.....p..^.~.n...o..s...swvm.f.t.~..~..xv}.zu{\|~\|...~z..........~..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_swim1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	6794
Entropy (8bit):	5.703791730492418
Encrypted:	false
SSDEEP:	96:ZSZCH2g4k7QF93NB/6O2KbBYWasqT3aVEEyW93pxuD8FqoZi/iVtOxS3e6yO+UEi:ZS8Gk709dgOfbyWc3g5yUCeZ2i/cYa0z
MD5:	3D5A5547E42EDCAE0D4C29C413F2A305
SHA1:	F950EEB8FB98CE8712B1CBE3652E4AA4B7D667A0
SHA-256:	98F57971CABC11A1A6A70A79D332A619FFF0C7D75D00B21D5FF6CB07B1193E2F
SHA-512:	471DDBCEE1FA28E81B89550ABD4A9D645C4D02A8F1B32E1A2800B1594ACC6BA29303D5BB14D8C536EC695315A5E1765D809B0628F18761ED4E914D8254E7A148
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data........................................................\|xvvxz\|............~\|zxvsrqqppqrtx\|.............~~~~~.............~zxxxxxvtqrqqstuy}.............~\|\|zzzyz{{\|}.........~\|{zzyxxxxyxyz{\|zz{{}}~.....................~}zzyxyz\|~~......~}yywwvwxwzz~.~....~~~}~~...........~\|\|{{{~.............~zxxxxy\|..................~}\|\|zzzxyz\|................~}{zz{{\|\|\|{{\|}~~~}\|\|{zxxxwyz{}}~~..............~\|\|\|\|\|\|}~.....................~}\|{zxxyz\|\|}~~..............................................}\|zxxzz{z\|\|{zz{zzxxvtsrqrtvz}............}\|zz{z{{z{\|}\|\|~~\|~~~~\|\|~.......}}zzzxzy\|{}}.................~zwvqmkkkou{........~vmbXQNOPTZ`dipy............~.......~~...........hQ?0//0;HT]fo\|...........................xri]O@60//9J^s.........~~.......................{wvwz\|.........~\|\|z\|z\|~.........~\|\|{xrnkiknrvz~.......\|yutsssuwxz{{zxutx\|........~sx.vgo.zkl............~uqqdUS`d]^m\|..........zqvsjbhw\|y~..zokkkip~...............sou\|uv..............~wty}.~..........\|~xtsoqllkqrsuxy.~..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_swim2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	15992
Entropy (8bit):	5.194938174656013
Encrypted:	false
SSDEEP:	384:e+EjGNZsPaE7cIhLH2eRxz6OTNeZs655JX15jMLWUGeSS312G+M7eh1Rc4t0:eBjAZsP915WeyOBf65N5AL8eSSlV+Myc
MD5:	5D574E3B67561AC3E8DA447E11E7D63E
SHA1:	81D246EB07BDF38CDD616E81DA2AAFBDCE667440
SHA-256:	7D3325782CF7186D3C749D484D0AD7BAF370216B9D69AA8FC0B5B2BF1C98FFFF
SHA-512:	67DD06C3A1AEF72C8C540EFC8C840447139187FAC9B3FC3935F7A91915673BD6F85CDF6F0615BD5E9868260C8CBEB5B2418A26F13BD46B7E5F354305F607F3AB
Malicious:	false
Preview:	RIFFp>..WAVEfmt .........+...+......data.=...................~...................~................................~..~~...............~~~~................~~~.~~...............................~~~~~~.~................................................~~~~~..............................~~~~~~~................~~~~.......~~~~~~~~~~~....................~~......................~~~}}}}}}}}~~.......................~~~}}\|\|\|}}}~~~~~~~~~...................................~\|{zzyyyyyzz\|}~............................~~~}~~~~~~.....~........................~.~.~..~~~~~~}\|}\|\|{\|\|}}~~......................~~~~~}\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|}~.....................~~...........}\|{yxwvwwxxz{\|~..........................~}\|\|{{z{{{z\|\|}~~}\|}\|\|\|}}~..................................~}\|zyyxxxxwxxwwxxyyyz{\|}~.......................~~~~~}}~~...........~\|zyxwwxx{}~...............~~~}}}~............}\|zxxvvuuvvxyzzzzyyyz{\|\|~................................~~}\|{zzzzz\|{{{{zzzzz\|\|~................~~\|\|\|}~}}~~~~}}\|zxwx}...{vty~.........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_swim3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	8758
Entropy (8bit):	5.996974743386426
Encrypted:	false
SSDEEP:	192:gKRvhd2EuElaF9QN7g5KhvYVjjHy3ogN5rsA5vo0R9jFavl:gq5d+EQ9QZFhvAPyYgNBvZRdFavl
MD5:	476BACFFE69EE27D14D595736069D785
SHA1:	DE231E50099790E9F7C58A9625D42BFB980F6410
SHA-256:	0C227DAD2E53D92711E74801A30792112744A0B72F56ECD2DE3C08F75F468403
SHA-512:	6DCD82E2BB8793CC5C5A714CBA11F3D3CC0A9FE6C49D042CF0773296F3134D9ABF37EABB6A2125CB557FC6536A80C0B5FD6ACD34B5F7BC8B833C7A487267E0B6
Malicious:	false
Preview:	RIFF."..WAVEfmt .........+...+......data.!...........................................................................................................................~.......}}~......~~~~~~......~\|\|\|}......~}~~........}\|~......~}~~......~~}~~~.....~~~~.~~~~~.......~}~~}~}\|\|zyxvvwy{\|~~~...........................~}\|}~~~~}{zywvutttuwy\|.......zsmklpv~................}zyxxxwtrooorv\|......~zvtssrrtw\|...............}wrnkikmrx~........}wqmighjmpsvx\|..............}{ywvtuvy\|............ysmgfeedfhms\|.........~xsqooqty\|...............yqieb\]Zcknz..........z\|.z.......z..{............{\|zy.......~.~sxuttvnzx~\|.....}...\|.z~z~................}..~\|~\|\|}yuzy..yvz.......~.~zroirz.....................zx{}zvz\|~\|..xx~.}..{snrtv{yogkqx~...~...............yyxy.......\|~.~\|~.\|vwvoosxwtz.............{wvvqmmsz~.................}{{~}\|\|\|wuwyy\|.........~{xxvvz}.................}{yvvvvtstvz~....~zyyvqmifeefhimsutuwz~.............................~ytrqooollptx\|~~....}{\|..........................zslgdbeimsuw{}~.~~........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_swim4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	10044
Entropy (8bit):	5.687680198092143
Encrypted:	false
SSDEEP:	192:j9sB9Oi1lT+3PnsuUEd01pASwBRsIeR1gexLJcwrJ7G:j92Oi1u1wqD8IenPDcg7G
MD5:	8E58D64F48D395849CB9993471AE91CB
SHA1:	42A9A53785437B76924B848C6369DFB534E44C95
SHA-256:	4FB6BC44A0940A320AA881F9B9311348EE7258D28611ECE3F15CF51815CA2E3A
SHA-512:	3F8FACCE33D93FCB99ED6E0B8559BC8113B08BFBB13AE1D0787416FF03B7DEB321FC12C3F5515A3D1FA5509ED3D1D05D24847391F008EE5BA47199BDAD5DFAC3
Malicious:	false
Preview:	RIFF4'..WAVEfmt .........+...+......data.&...........................................................~~~~..~~~...~~~...~~................~........~~....~~~....~~.....~~.........~~~.....~}\|}\|\|.......~.....}\|....~zxz~...\|yxz~.......~\|\|\|\|~.........{xxz\|........~~..~\|zxy~.....}zyyxwz........................\|\|~~~}\|\|~....~...........~\|zwvuw{....\|zwvvy\|}~......................\|zyz{\|~~}~..................~~~}\|\|~..~\|zz\|~.~\|{\|~...........~\|\|}.....~\|\|\|\|\|\|}~......~\|zwvx\|..............~\|zy{....\|xxxyyzz{.....~{zz{\|}~}}}.........}\|{\|~....~~}~~.}zz\|...~}}~}{xwxyzz{\|\|\|}}\|{zz}...{yz......zz}....zwvx\|....................~\|\|zvsqqrtx}....~\|................~~....~xsonptwxvspmkklmmkifghkpv\|...........................}{\|}~~{uogdbdgmoommosvwtqoqtw{..........................\|\|...\|qdZSNMLMNPSY_gq\|.......................xxx\|.z.xwqoqmolongfiirovvx...z...ts..xjds{\|os{..z....\|........~..}uoqromkdoz.~}....pbjvmbn...s........................~{yma]ZYSKJNQQU]fkr...............~yyxmcafgd]\gkilpusmfjjfgiow{~..............

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_tile1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2636
Entropy (8bit):	4.429368773408526
Encrypted:	false
SSDEEP:	48:lc/H+cTJhniESe8PlyMzSTdQNpDJIPm511rEIA2C:uPBnjS5c0eKNpam51tlo
MD5:	2CEFA948BCAA6CA2A9BEE098B563F7F5
SHA1:	736075CDFA06AB074348E97C9D170B0AA0F1F4FA
SHA-256:	759EA170CE2D62F1FBE30C234E9F2B95F3992F03E870ECF20407103B0A2D2CD2
SHA-512:	541AB51CFAB3FB98B7E35377DFB8F1B868580663E47E4C4F392B1A508994AD8743F4A5AF5E82B4916B535F88DA6CE99625C256BE22A00992EF9A86DACA03ED65
Malicious:	false
Preview:	RIFFD...WAVEfmt .........+...+......data............~..s..wFV...........z_]XF@GUYbm\|..................}\|zy}~vokc^]VQPRWZZajpt\|.........................{vnjg_ZXUWXWZ^afgjppoqx\|{\|.......................\|zzx\|\|.......~z{}~yvxzz{\|~.........~ywupprropssstvvxxyzwuuxyvtwz\|~................................\|ytomfcdb`bbbfiiloruwxxyzxxzyxxyzwwyy{~....................................zwtqljkihiiiiillkjikmkkmptuw\|.............................}zvtspnoooqqstuwxxx{\|{}~\|\|{z\|\|}~~........................~}\|zzyzzyywuvusttstwxy\|}............................~\|zywtrommkiiiilmnoprtwx{~.................~\|zzz{\|~................~\|zwtssqnmmoooqqqrtuvxx\|~}......................}{zyvutsttttuwxx{\|}~.........................~~~.~~...~}\|\|{zxxxxxxz\|\|~................~\|\|{zyyz{\|}~.................................~~\|zzyyxxxxvuuuuvvwyzz\|}~.........................~~~}}\|\|}~.~~~~}\|\|\|\|\|\|~}~~............~~..................~~\|\|\|\|\|\|{zzzzyzzz{\|}~......................~}\|\|\|\|{\|\|\|{\|}~\|\|~}\|\|\|{zzzzzz\|\|}~...............................~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_tile2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2626
Entropy (8bit):	4.1601463498546245
Encrypted:	false
SSDEEP:	48:o9z/FID+1xl6dZ//8VCXOo+Qb1lE+H7CJrKKaw07BC:o9z/FIDml6H/8xo7lQgU
MD5:	21D48BC1B43639993D119B5CD85E691F
SHA1:	1F46DEBF3093CB716C3068DCE4EDD20527B6F46E
SHA-256:	7E6C3EBBADF820C49398767F4059000D3028F035E07E3115B839FB3745B66F01
SHA-512:	8E6E300B0D62EBB91C75446F76074B6216A536A4C883C86403723DA6FA46BEDFDBE918779192727AD016606BA8181AEBFFA8772B0F24A2EDE2B1BB8132A6A9E0
Malicious:	false
Preview:	RIFF:...WAVEfmt .........+...+......data...............................}.tv..W@..rs........xp\QZ`YSZbmz...............\|{{zyw~qqqu~xmqvrkqrompnedddipvz..........................\|\|zzvxurqkejfdbadcdgccgffknpv\|................................\|xz}{xy\|~....~{~yqonkebca`beggkqsty}......................................}\|zzxttsrqmmmlkkkmommqrqtzz\|~.....\|z\|xw\|\|}...............\|yxxxy~...............\|tstqqqrssuxzz~.~~.{}vvxuqtvuusuyyz.................................~}\|zz{zvxzxy{{zz{zzzxzyvwzyxzz{~\|~~.................................{xwwwttttsvvuxz\|}}}~~}\|~~\|...................~}zywtussttvxz\|}~............~~~}}.....................~}\|xvvvtsssttssssvvtwwzzz~................................}\|yyyzxwxxyzxz{zz}zy{\|{wx{zxx\|\|z\|.\|..................................}}\|{zxvxvtssssssstvwz}}.....................................~\|\|\|yxxxvvxxxyxzz{z{\|\|\|~.~............................~~\|}\|\|\|~}~...................~\|\|{\|\|{\|\|}}\|}.~~~~.~~~~}~~..~....................~~~~.~~..~...................~~~~}\|}\|}}\|~~.~..........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_tile3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2990
Entropy (8bit):	4.193879032015665
Encrypted:	false
SSDEEP:	48:QwqDeRDrlrpsG58f9BpGasu4NFK0Mp/sGOMYhnrWq10o58aUCMAh7qC:ljqBuu4b+sJr
MD5:	179BAD6B48FA182CAB9F0D4FA85694F1
SHA1:	5BF2E7E50BB9724A7D1217E9B895229C74052DD6
SHA-256:	E963052AC1E8B2D24740E1C11D48588ACF2B48FDE1AF72494024DE538DD401D2
SHA-512:	B4C22F4B44A31C2117CBA1ED02EB0F2623229BFA578334D4A68EF6689F82BB4D2F7825F8FF40B58DD2B9F9DD6730F1E27B737C859795171F2CA31C61DAE00F62
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data/......................................~..m..d,Z...........qLILFDDJWdo.............\|\|urqlpy......zreYZODHLSY\drz{........................\|soied[XWRSY\^bjpqovxuxx\|{x......................}ytorssv~~\|....~\|...ssxwvyz\|..........\|tpqonmnuyutwy\|}\|~{ustvsqrtx}~~..............................~wsokgb`a`bfeioqsvz~~.{z\|{yxzxtwzuuxuuz\|~..................................\|vrnliijgiljknommmlmqnmnqsvz~...........................~~wtrmkkklnprtxz{~.}~........~~~}~...................}z\|zzzxxxvttuxwvvtwxtsvttyzz}...........................~~.zxzvqonjkigffghknprvxz}~..................{yvvwvxz\|...............\|zxusrqqompqqsstttvwxzz\|~......................~\|xvusrqorssssvxx{}.~.........................}\|~~~}~.\|~}zzxyywvvuxy{}\|~..............~}\|\|\|zzxz{\|~....................................~{zzzyxxwvtttttuwz{}~.........................~~}~~}}\|\|\|}~~}\|{\|{z\|{{\|~................................}~\|{\|{z{\|z\|zz\|zyzzzz{\|}~.....................~}{\|\|\|\|{\|\|z\|\|\|~}\|~~\|}}\|{zzzz{\|}~......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_tile4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2840
Entropy (8bit):	4.176928219783945
Encrypted:	false
SSDEEP:	48:rApHdgipyqMLSEIwZw2KxyR+CagRrJPnfojhb8YC+PEHB5zmC:837MLSEG2KEMjgXPwNb8Yc
MD5:	327F077698BA10EF8EC2FC82B742F6A5
SHA1:	E40097539CEA936BF499C79EEC7D714E4BDE4A10
SHA-256:	6620397E2EE3A8C096A68B41F58906FB1CDD4A0DD12FEFA7047CC6382B2E582F
SHA-512:	D7C4FEBC0925BD7795357EF6CC1CC3AC8059F29E6C6CD0CE470BA26623A6477894C69A19759695AFEBE370C1155D2CC161145647899D8B084BFC36DF80B4069B
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data.............................~.xt..YOr..o.........iUNRYUTZ[k.................~~\|zz\|.xloxwnglsplqmkljhfffdlsx..........................\|{zxvuvpnmge`a^[^\^`^ba`feitt~..............................}wzyvyzz{z}}\|\|}\|\|zyvmnogefbaedghjrvwz........................................~\|{zvutsqmlnnjijijkjkmmqvwyz}......~~{~}~..............~zwutvu{..............{{vsssqrtssvx{\|\|\|~.}{zxsvvtrststtxzz...................................}zxyzwvvxvvyxwwwwwvxxvvwxwxxxzz~}~................................\|xvttropqnqqqttxz{{z{\|yz\|z\|....................\|z{wvtstttwxz{~~.........~.~~~~}......................~\|yxwvutststuttuuwvxxxzz\|.}..............................~~\|zxxxvxxxzxx{\|z\|zx{zzxvzzxy{{{{}~~...................................~\|\|zxxxvsqqqqqqrtuwz\|......................................~}\|zwwxvvvwxwxyzzzz{{{}~~~..........................~}\|\|}\|\|\|}~~.................~.}\|\|zzzzz{z{zz\|}\|\|}~~}\|~~~~~.....................~~~}~.~~.......................}~}~\|{\|\|\|\|\|}}~~~~~..~.....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_tile5.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	3554
Entropy (8bit):	4.3281800686091625
Encrypted:	false
SSDEEP:	48:SPWcsO9Cl2aavdZvYjoSCY9NuanjI+2WAWiJ3bADx1m9W0dP9BSn:+W/l2Zd8vHnGWAWy3bsKxzSn
MD5:	997A822EC50F07964180B5D8C03452DD
SHA1:	8BB03C9A33EA9175007BDD6E997F4AF21AD474C9
SHA-256:	0073D81840934BF3762A63D252770207F36B4361B58756E37E724B233320E0EB
SHA-512:	E81FB63228D12BF5BD6A6EDB36F6DAC758ECA7464C84819B1243E4EF15111E3C41756901BFB9F15CF8AE2A0DB3D9D0F515D2BBD04032D8722AD7ACA301BF22E8
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data]..................................~~~~~~~~...~...\|~....q,:i.Q>o}..................\|f^ZLF?==@JTZWQ\m\|............~.\|zyvxtvsmv}......................~..{yvvojqpmotwv{.\|......~{xrpnogkopllvvq.................zvopjaemgszzz........{zzoomx..........~\|~{tw\|suuvuxvz\|~...z~{~z\|.....................}wuqhdiqtv\|{~~.............}zustvtyyz{...............}x{\|\|yxzvrrsspnoqqsvuvx\|\|.............~}{\|.......}wxywwwx\|\|}..........................~xxvtsu{z}z{..\|xzww{~.................~}}~~\|\|yz\|~~{\|..................~}yuwxvttsosvvyz{\|................~..~}~.........{zyvwtvxxy\|}}~\|~..........~}\|\|{\|{\|~~..................~yxuvuuttx\|}................~..}~.......~~\|z{{xvvuxwv{\|z~~~..{..x..w~.w..y..}...\|.~v..o..q..t~.\|}..x..z..v..r..vx.xv.\|q.~q..oz.oz.vz.xz.\|{..y..y..q..r..r~.v..y~.~z..q..r..o..t..p..s\|.ux.vp.wl.\|k..k..q..q..r..qy.vx.uv.xv.zw.~\|..{....................w\|~vzxsxxsuxqvxsz{v\|~w\|.x}.z~.~...~.}........................................~}z{zzwvxwwzzz}\|{.\|{.}\|..}.....\|

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_wade1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	26620
Entropy (8bit):	3.0628164671569333
Encrypted:	false
SSDEEP:	768:gQm+/1OwKVLM0hqaw8Jx4UKY3cnHo+mJlhmzQFhR2lQXijJucAdVPlziZVWEFf:cXL7I8J2UKYcnH7mJzmMFhYlQW8cmV8J
MD5:	8800AD466B7C882D65BB6B77C3EFF221
SHA1:	96027A4B243CF930E58C674AC444E986CDBF7012
SHA-256:	1481E1D501245CF3AE26D7E4B2993C7C683EBF48867DAAFADFDBD693BC09C199
SHA-512:	A802924D1F72586D3809359F666A76D1D8DF6D61DD06C8ED26AA2DB497C3233342FFE5ABE101D2D3E7A34B139BC07D80F87CB80540633FA839652B089E25052E
Malicious:	false
Preview:	RIFF.g..WAVEfmt ........"V.."V......data~g...........................................................................~...........................................................................~~~..~~.....~~...........~~~~.~~~~~......................................~.......................~~}~~.~....~.......~~~.................~~~~~..~.~~~~~}~~~...~~~.......~}~~.....~~~}}}\|}....................................~.~~~~}~~~..~~~.~~.~~.~....~}~~~~\|\|}~....~~~\|{}\|}~~...........................~......................~.~..........~.~~}\|}~~~~~~~~~~.~}~~~~~.........~~~~~~.........................................~....~.........~.~~~\|~~\|}}}\|\|\|\|{{{\|\|}}\|\|\|\|\|}~....~~~~~}~~...........................................................~~\|}~~~.~\|\|\|z{zzz{\|\|\|\|{zzyyzz\|{\|{{\|{z\|\|\|}\|~~.~.........................................................~~\|\|\|{\|\|}~~~~~~~\|\|\|{{z\|\|}}~~}\|}\|\|\|{\|{\|}~...~~~}~}}~~~.................................~............~~~..~~~......~~~}~}~~~~~}}}~~~\|\|}~~..~...................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_wade2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	19910
Entropy (8bit):	3.0882306629350333
Encrypted:	false
SSDEEP:	384:ms43jMZWXG4tnE0BfoG/j9DJlx6ZuD41ZxlA29opslWQ8iKUptQ2an6Tad3bAqt:ms43gZWXG4tnE0BfoG/j9DJlx6ZuD6xc
MD5:	0B51C17A8E912AB6DEBC29962B834AF7
SHA1:	F758D80C8CB7A6C2D8350131482ADED9A273B83B
SHA-256:	24EC971EA6F30028E47C95303A4621DFA95B92773C47AC6EE867AF48BD899493
SHA-512:	DEEF6D24B1F60C11707F45FDF9260565A6DB6C0091961B67D75E866A254CE11D65EE698EC0FC355F85BE673E65B93CC3565C9938AB154F09E9AF5653BCDC2DA5
Malicious:	false
Preview:	RIFF.M..WAVEfmt ........"V.."V......dataGM..~~~~~~~~~~~~~.......~~~~..........................................~......~~~~~~......~~~~~~~~~.~.~~..~~~..................~~.~.~................~~.~}~~~~~~\|~~...............~.......~~~~....~..~..............................~~~~......~~~~....~~~~~~~~~~~~~~~....................................~..~~}\|\|\|~......~\|z\|~~..............~~~..~}~~.......~~.~~~~...............~~}}~}}~~\|}}~}}\|\|\|\|\|\|}~.............................~~}\|\|~~~~..~~...............~...~~~.....~~~~~~~~.......~~}~~..........~~....~~.........~\|\|\|~.........~.................~~}~~.~~~~~~~~....~~~..~~~~....~~.....~........................~~~~~~..............................~~...........~~...~~~}}~~~~~~........................~.~........~~~~~~~~~~~.......~~~~~~..........................~~~~}\|\|}~................~}\|\|}~~....~~........................~~~~...~~~~}\|\|}~~~~~~~~.........................~~~~~}~~~~~~~...~~~}}}}~..................~~.......~~~}\|{\|\|\|{z{}~~~~~....~~...............~}~...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_wade3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	26100
Entropy (8bit):	3.7350546198185848
Encrypted:	false
SSDEEP:	768:Owl0CBJvSb+Le6Ps3M59ufSi/26wGxsODTFDTI/1+elbbZ9U9OAt7:Oc0CBwqLe4s3gsSa26Pxs2TFD8+QbbZM
MD5:	D26047EF924FCDD9BBDBAE34DF7B754E
SHA1:	68608108969B68F3EB3F73A01BFDA9F95EFC17E8
SHA-256:	00C4F1097322E6AC181146E489FBFB2ECA683CFB96F8D5FAEFCD0C694F5A8265
SHA-512:	1F66B42550BD51259CC9D4E3DB23E9A2C4B783A8A4DEF9FEBD7FD385926686929CDB174C9BDF9EACBD70B8F63A05BBCC1077376F51DBF79B55546364FC5F1443
Malicious:	false
Preview:	RIFF.e..WAVEfmt ........"V.."V......datave..........................................................................................................................................................................~..~.........z.\|.~}.}~.}.....~..\|.~..z..zv.z...\|.}.}.~.~.z.z..\|.{\|.{......\|~......~~..}}...~.~~.........\|.~.~...~}.}..............}~.....~......}.}..}.~........~.......~...~..}....}.....~.~}.~~~.}.......~...~...~..}..~.}...~..}.........~.}~.....~.........~.......}....}....~...............}....~....~.~.~~..}................~.....}..~......}~~~....~..~..................~....~....~.......~..~....~............~....~..}..}.~........~.......~.~~.}...................~}.~..~...................~............~~...........~.}..~.........~..........~~~.........~.............~~~..............}~.......~~.~...~...~.........~~~.........}~~~.~......}~~~.............~..........~~.~.....~~..................~~........~..~~~....~~.~~~....~.~........~..............~.~~.~~.....~.......................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\player\pl_wade4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	25814
Entropy (8bit):	3.625599683598223
Encrypted:	false
SSDEEP:	768:4qYIgh9UdAkO5cyMD+Kyv2U00u3fItCOVwHOfTTj5XfBjHxmyhU87bBX:4q+rUbocyMD+KyvHfeItCOV6OHj5XVgi
MD5:	4BE11DACFB6D87B9AE88FEC255A6A8E8
SHA1:	BB2414EBD2DBDD88C0EFCCB32CB47668F4498E4A
SHA-256:	9FA82584BD99B6DE0550ED35BE1D1C3620EF63995CC04841931A9F4C36F1B71D
SHA-512:	A728D3BBDD220DBCB05B95243B06F57497B9586962C5D637AFAE320D94602FA85AF2D82D93F0EF136004C2DE8A64CBE882B45F0474FF2D464C4AF1102AD7555E
Malicious:	false
Preview:	RIFF.d..WAVEfmt ........"V.."V......dataWd.................................................................................................~~.................~}..~~~....~.........z..\|.}.~~.}~}.}}.~.~...}~...}}.}.}..v~..\|zx.\|}.....\|.}...\|..z.z..z~..{...\|..\|\|{..x.........\|\|..~.......~}}...~.~.~.....~.~....~.......}.\|...............~..............\|.......}~.~.................}..~...}~.~......~....~.}~.~..~.}.~.~.........~..~..~.}...~}..~~....}.~...~.~}........~~}}~}}}{\|~.~.}}}..~....~.~\|.~..~....}~......}.~.~~.~..~}~~}}}~.......................~\|~}~..~.~....~...}~~\|.............~..........~..~...~~........}...~}~~..}........................~~.~.~..........................~}~.............~\|}~~~........}.~}....................~}...~}~~~}~..........\|\|\|}~~...~......~~.............~....}~.~.}~}{{\|}~~.~}}~~~~~~~......~~}~.~............}~.}~...~}.......~\|}......\|}}}}~~~~~~~}.~...............~........~}...}~.......\|}}\|}{}}~}~}~......}.............~...........~\|\|}}..~~......~~...........}~........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\ct_spawn.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	19438
Entropy (8bit):	6.53124677114468
Encrypted:	false
SSDEEP:	384:ElhBok4MvL8D62tnrLYym4GSFKRFsSgRgIXA5R/eJ3GArVpoyLB:ElhuFe6rLYyHHFKRKSgUYZpB
MD5:	CA96472D9978D13ABF5F4412A3E2FF45
SHA1:	9DFF6AADB507B38AD83AE106FF4615C6069C6F85
SHA-256:	F10224B5BEB8A8B8B4D321D981B84DF35750B1EAE5BABE9104E5CE9653BEB27D
SHA-512:	806EFC1CB0DC99F28EBFB249C3C71D5F189C5631402F7B819D4A55815A78C59095306F4568D498C36FCE8D153AC46EFA102B173CB2C18558DA78FADF357E14A8
Malicious:	false
Preview:	RIFF.K..WAVEfmt ........"V.."V......data.K..\|.}.}.}.}.~.~.~.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.~.~.~.~}~.~.~.~.}.}.}.}...}.}.}.}.~.~.~.~~~~~.~.~.~.}.}.\|.....\|.}.}.~.~.~..~.~.~..~.~.}.}.\|.......\|.}.}.}.~.~..~.~..~.~.}.}.}.\|.......\|.}.}.~.~..~.~.~....~.}.}.\|.........\|.}.~.~..~.....~..~.~.}.\|.........\|.}.~.~..........~..~.}.\|...........\|.}.~..~............~.}.\|...........\|.}.~.............~.}.\|.............}.}.~~............~.}.............\|.}.~~...........~~.}......~........}.~~...........~~.}...............}}~~...........~~............t.t............~~.~.~.~~~~}}}}..............xx.yyyy.y...x.....\|\|\|..\|{\|\|\|\|.}}}~~~~.....~~.}}}uvu.......v......x..w.v.v.................w.......~~}}.................~~..........~~~}.............tu.............~~~~.........~~...............}}~...........~~}................~~~.....~~}..........\|\|}}}.~....~~~}}}\|..........}~~.........~~}..............}}~~~....~~.v..........\|}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\cut_it_out.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	17450
Entropy (8bit):	6.919043702483032
Encrypted:	false
SSDEEP:	192:JL60Zz0OyizNjg+ev630T0lGBakkzOMxZpzkOxfSCXlWmKgSUmIalbV+Eg3OkoBZ:JL6JmzT0TwGIkuFTghgSrdlboR3+RX
MD5:	81F436F24DC5CBCDB521802EC46F2AC4
SHA1:	1BD1C7E6B1DB874BD81FF8750BA1D589E701A41F
SHA-256:	9B6F1278A929641CCD84C3617E6FA49AF4CCDB7C5C46FB6277AF3DCF91607587
SHA-512:	A96BC01B9AA9014F6601E87E827A140FA74893D1ACEDB5169BFB1766E8A0E94DBDFA86B7E8C0D07A37232095DE22C19752345352D23F892A9B916383600F7273
Malicious:	false
Preview:	RIFF"D..WAVEfmt ........"V.."V......data.C.............~~..........~~~}.................\|\|\|\|....\|........\|\|..\|.\|\|\|..\|.\|.......}}.~~~~~~~~~~~..................}}~............~~.......~~~.......~~............~~}}.................}~~~...........~~~.................}~~.............~}........~........~~...........~~~}}...........\|}}.~~~............~~}..................}~~............~~}........~.........~~............~~}..................}}~~...........~~........~~~.......}~............~}}.................~~~...........~~~~.................}~......{{{....~.......}}.......V.(Z...}8&#8....\|-.t\...67}NN....... 8.......d...I.....$.Y..........Z.n"/;.....[QdEd...Wb...q\|H....t9_...."!%G....KX2D.Y.~..p<I.....! &.....XWso....>.kH.W:<<..a....s-..{y......s\|.Z.b2.>...N'"%e...........M`..psNK..97G..x_.Tr......uh.+.'.....y8.[..]...f1}.uH[y...zHzv.}~.Xk)?Rv...G.GQ....3...w..ni...{<5,D[R....vb....87+..\|...Z*:iz.Hx..".&....<.l`m(..n..!A+....T.ciW...i.(M..u.n..c...........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\deck.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	12122
Entropy (8bit):	5.409620725790703
Encrypted:	false
SSDEEP:	192:2o1qhmaMnDhKUBScrx+zBBrwQrjECPYM1tfv:2oCYnzk8gzj3/EYH3
MD5:	5CD7A01E148CE79AAB7ABF489DD0A661
SHA1:	1AE1F333F73E45D5432BF9E9CD549A9750A61E7A
SHA-256:	D7FE6831326FFD3B0831CC35BEAB9BF327CE932688D28D62126B911C58CFAE78
SHA-512:	67DA1C506C21355F0DD956B7C9DB654419FC949E6B736B0FAC2ADA63D55CC342B6159926D284C4A96E5ABD89D5B4682534C0C3BDB3D08097244D49CF1CC34EB3
Malicious:	false
Preview:	RIFFR/..WAVEfmt ........"V.."V......data-/..}~~...........~~}.................}~~............~}..................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~.............~~..................}~............~~}.................}~~............~~}..................}~~............~~.......~~~~.......~~............~~}\|.................}}~~~~................\|..zz~~~.....fK..l..Ew.Nn.@a.\|r..}s..lt......\|.[k...ff....y.z}z..vyZbx........G.wC..Hw.qI..y.pP..v.f....d7.{e...\p...}z.{...wdt.\|j.}a...p.UK.......elzy}..}}yct....jzs\.....povnm\|...\|ev.....yaqy.....w}vfu....}v}w~....w~.....\|t{{{...}wpyy.....{z......zkrxq..~..\|np..........{y.}mkyx\|.....}~....z..~w..w_u\|{zx~...........a8)0^....dFLe............dC1=k...{VJXp.....}......eKETx....sZSaq...........}fXY`.....\|\[ix~....~xqx....sd]v....~gTUj......vdi....e[px....kUXk~.....{tuo}tqgWXj...~{.....m....m....i?8=]....q]q

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\defusing.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14444
Entropy (8bit):	6.991254693956649
Encrypted:	false
SSDEEP:	384:d3KAM/QYoQOzq514hX1UeoH7ouE3agWXTiS:FI0QOmz4J1i7ol3abTJ
MD5:	464F7C6D17C4128D1349FC8BF22A1733
SHA1:	BDCDBECA9FE0285F7DF0D200FC9E5EB842C061A3
SHA-256:	2A771E26B6C08E24C04ABED512A2BE4DCBF39DC69675744CD837B14FA02C8D7B
SHA-512:	A556EAC5B3776A39C22EB792F496D47D1FCDDF891097D422A8B3720B4A05432388A06F229AFED524162A523B398E1C6B1E151BD6A4A560AB8D06148922BADB89
Malicious:	false
Preview:	RIFFd8..WAVEfmt ........"V.."V......data?8.......}~~.............~~........~.~...........}~~~~~}}{..~............\|."..JY.....j..b`..Tg..`^\|bj......i9...^,+....g+(Y\|.y..G.}....E.."..jtO2g...ms.V.X(S....=9xf...@0..z.;.C7.\?.\|..)2...N..bA..^Sh.Vk{..zp.W{./-.y..C'..2a.e~RD.._6N...oX.k2..Dl.~L..q8..3\|.F..j..dK\|...DT.p-..ONk..~j..b..dD../..5T......I7..R..];..s[r...k..D....jEU....m\|dOc...o.ml....c.{d.._w.rJJt..t...TSi...}?\|...ee..@Q....[[..\.....y`.wv..eed\|d....P@oo...p.qqq.....ZZZ.p....G:p....gQQg}....XFo......iSS.....SCZp....n8EW....WXXx...zNTk.....yLQg....{d>U....KL`y....cPl.....raah......eV]\|...vn_~.....qay......hpp......dd{....ttm}.....zr{s....rjq.~....sk~y....\|vw.....m}}u....yon{s}\|{.t.....n%..j...R##T..[84p...?-2U.......W8FQ...i?a...R39_...fJEf}........}}}.~~gg~...xL>Bx....^em...zks....ufX....s.....k\b......s..}}`xq~....xr.\|.~v......[hw...}xp....~zu.....n.p..hwfu....l~x.~.....e)..b....Z%%O...b2)h...5"#L.....s{eefw....Sy....L06w...V?Hd...tld....}^wpp......\|KPU...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\defusing_bomb.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	18120
Entropy (8bit):	6.65715566227515
Encrypted:	false
SSDEEP:	384:8tc4CvRWVeqxahqlrheBj8KRdGpnCq11KRaKy3HX:8qxIVxaoZyJGpnx140fX
MD5:	3AAE2A7AB332D13D25A13992004A4112
SHA1:	9DAB9171B3BB1DF9A3296A7C8F6A453C72FB8251
SHA-256:	66706D89454DC3CCDFA6529F086FEB194D76374F093E3325B359A061BF5109EA
SHA-512:	BD3B6EC0867C91FD4C92507B1B049F11011456BB9F397E6CEAA42A454A88FEDC5C37382BD48A6357C26A9F6A32B5D80E179D94E84E9D9474ED47F36835AF1E88
Malicious:	false
Preview:	RIFF.F..WAVEfmt ........"V.."V......data.F..~~~~~}}\|\|.................~~~~~~~........~~~.............~...{\|\|}~............~...~}\|\|{{\|\|}~...............~\|zxwvzyy}~v}.......SOZ...G&"P...n *s..\|S{..V@8r...M=O...N8`...:S....N4S...VD...gn.H~.yw.....nCQy...{u.`..y...u.zGwm......ajk....`a......s.....~~....ffn....g~....}v..\|..vvv.....jj....{zy....t..}..ww\|}...}xyz...~~~.....wv{..\|\|v{...~.{v......}....kz.~...zyy}}....{...........qqy....xx.....~~}........yyyy....}wxy.....~~~}.....{~wvytxx....z\|~......\|}\|\|rpv\|yvkhm{.......j...8\|...v_o.~.ecbh~.......\|D.,@r.....gox.yirjr{........iMBKn.....yqqw}xxyz{........xpZZh......wuzx..~....~{wrt\|...uoy.....zio}......}..yuyz...~mp{.....zrzy.....}~uqspr....{ww......{..z...vknjmgrto........D...6.....ix..u]aWjn........Q0'%I}.....}~~vgf__u........\|N=<Kw.....\|yyzv}suo..........k\OM]......z.~......rVGVg.....rdcp~........w.....uga\p......rmg~}...........\|rmllhz.........{...xwuzw{ojmq\|x.......P..#={.........pfUYmy\|zx......V63=].........}d]cczqy........^OCNky....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\defusing_bomb_now.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	24514
Entropy (8bit):	6.895024008464282
Encrypted:	false
SSDEEP:	384:dYXWQJPhWlCe1W62vS7RJR/L43phU5AhC93TYqiVMmaqAWja4cznt5ZoqjGC:daWQJiCoESVbk3pGp8Vb4/fnHe0
MD5:	6D6A6497D8C532AFEDBC2BD91CB807D0
SHA1:	BC81BE1A2C05FF39CFBFED5523EAB576E96DA539
SHA-256:	AF90E81BA5ADC8B92B4ABAE2FEF463FE5F5A861063E19E1474A914A25753FF3B
SHA-512:	08AC1F0F2BE364DE3C9139875FBC067497191D71450734D71EA92EDCFFF11067A4ECC34DDB4C7A9A9A4B1BDA2AB2C0A509FFD71EDB24ABAFD426510B35091BD7
Malicious:	false
Preview:	RIFF._..WAVEfmt ........"V.."V......data._...}~~...........~~}.................}~~............~}..................~~............~~}................}}~~~...........ww...}.}.J8n..gh.....HCZ...p...ofvvf}..vnn...gg...xxy.yy..yay......~~.~nn}}....vvv...no~.~...yyyyyy..y.....h~...}m\|...\|.}}o....zz..{{.kz....o.....y~4S...{..gG.zzs....scz..~}\|lTy...jbTd.......VLm.....srqh.....jyy~...tmnohy....{.{sr....poo.....vff}.......xhp.....ya....yiyp....}\|.{{.ss....tu....yrst....u..sr.......~yy~...{u}x.....\|l\|......}\|tsz....~z..\|}w..y....z...x~.}....ttt...........wwx~~w~~...}...}~w..~o~~.~~.~......vvn...vw.......x...~~~~.v.\|\|\|\|.\|\|.......o_QL.....rb[....biq.....}}uul{....\|u^n....z{{....{srqx......zyry....{\|}~....{k{......~}u{{.....~.....}~.ijr.....kssr....w..\|...zzs.......fop.....\|t\|\|..{.zy......~yxqx.....}~x.....}u}.\|...pgul..........tV=L....uHX...{byx....syrjqar.....fX_p....{s....zriq.~.....{{ls{....\|\|}....piy.....rryy..x....\|.....dl{.....wopx....{....zyyx~.\|.....xqix}....}.y..}vv.......ywutr\|....zuvw

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\den.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	13050
Entropy (8bit):	5.756981156886227
Encrypted:	false
SSDEEP:	192:/FgjKbLIDkxdGz0jNdWMvmBcqdFhvfjOrIoZnAn8gdKMG0E1xLxgwIsOd:/UKgD0jNdV0/7SrIoZA1dKMGNHLxXvOd
MD5:	1CCAF5F9A9E9F1CE3697B0497D7F0187
SHA1:	B7839EBA681C1001C8119EA6F3C2D2F45682DC6F
SHA-256:	D8B65D05B74EDF1CF76CEE2F0E8FA9BFDA0DB8EBBD241812E278A6391F0CC60D
SHA-512:	6A25241FDB982F91A1AE5C73196041B46A2612B5165FE054C7F8F6BA186D9CDB6AE02C6C6DA088ED6178C3BD7163000EC3B48A5F67015715E9A8A7790F48CFA5
Malicious:	false
Preview:	RIFF.2..WAVEfmt ........"V.."V......data.2............~~............~~}}.................}}~~............~~........~~~......}~.............~}}.......~.........~............~~~}}..................\|}}~~..................~~}}}}~~....~.............~}\|{...~~~..............~~ww~~~~~~~~..........}.........k$;..qz..uu....jqxfd..\|vo.......pz......W\bJv.....uxr....rd.}Ho....M....R..}z.ub.~}.LxxV..z.`.\|....bPh.R.zx...rxp{.P.}x.d.vo.izz..k.z.....RY~g.....w..._W.v..u\|.u...~Yyz....}}}}l\|b....s.x{...uv`}.....tn.pi............\|{on.....{u~q{......v~....}{yx...{{...zu}.....}}}}\|..x~...~}}...rz{\|....{\|\|\|.........{sz.zst\|}.....{......~\|{.}xppvw...............}siwurwn\|........b0%-]....E:C\......}}....xM7:b....VDKZv}...........qbUn....nSHM^t......szy..{{vv.....j\NN`x.......z{.}.qk\|.....vWU[g......xxst{}.~.......gZXdp......ysnsx.\|........mhaalp....yttu.......;...>....E48Q....\|sy.....])..A....a@ARx..........zqR:;P.....aLQ]r.......{sxpgWPX}.....zUP^l......wfeltsllm\|......kJEIb......hW^gvwwz.......s]X]s.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\do_not_mess_with_me.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	41942
Entropy (8bit):	5.443874041700388
Encrypted:	false
SSDEEP:	768:Qxf9fOJgOwRLlwRXlMsx8JmhfV04uAnllqluiWSj36+ZCEdl1f5lQF1AC:Qxf9WJg9LlClMsx8JwfnnllqluiL2Ilg
MD5:	CCB227445F3AF6E18694569C66DD7322
SHA1:	E96D2E312A8F3D442535F0848CE8BB565C86E37C
SHA-256:	3B0128830A1AF30C8F602AE18F8EBB3E76A9543CC1951BA0F0375242002DABF6
SHA-512:	8C3D7E6CC52D7165B4D6769544048EE19711E9B4BD63B361B26708C18916EC46B8A3C5F933CEE60B9D2860F119FAFF1770C711280A0355CAB8D0C5B54D2A3F6B
Malicious:	false
Preview:	RIFF...WAVEfmt ........"V.."V......data....}}}}}}}........}\|\|\|\|\|\|.........~~~~~~~~}}..................}}~~.............~}...................}~..............~~}..................}~~.............~~..................}~~............~~}.................}~~............~~}..................}~~............~~........~~........}~............~~}}.................}~~............~~..................}}~............~~}.....~~~~...\|}.....tFK...rCY....8)}...X?i...d0.}..,."...K(C...{?R..OFp....^<<D...Mhw...[y~...Md]J...82....S;L~..\|mlt...^Wg...IDb...iS`Xw...vu}..._gp..y.jTa....wo}mm.{..{mev..ohp...j@i...._Qg......vn~.........~oE}...]>N....nXp.y.j.r..y.hwv\|\|....brz.....R8..}m^..{D;..dzry..[Mt....kmf.w...~\|kN`....Yh...\|qbk..hZc...Q?F...x~....br...zlu.........[[q....~...ggg.....y...qyp...me.....uf~..rs{....}l.zyw}...wov..{vxy....s\|.....`Yv\|.....y\|{ozz....teo....vfw~~..{ap.....p.....E1/?....mMDHf.........\|llss..kl{.....hHNbr........xpX_v.........}vnvw.......wwowoow......~wppYhp......po_gfv...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\dont_worry_hell_get_it.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	23752
Entropy (8bit):	6.619303159563567
Encrypted:	false
SSDEEP:	384:yilChfZm44HJ2/J5wBQkPgBfD21y5icojTNGHGD1yuxxgiK/FKz5uv5oS3khX/R:yYCJT4HJKJ5GiD3ojTAH81T3zI6S0BR
MD5:	ED53E07DD219FACB1091C1F64FBB192C
SHA1:	26C6D0F358CB7F444C22A3052667B4F008053075
SHA-256:	693001F2B8A9617E6A57BBD284A2BF92AA872BF169C043ADFFDDF7E78DBBCC14
SHA-512:	444FA389198971BD8235361E238862FDF9305FDD927CB985BE8E81796BF16C6A9BB35B37EEF235F4993B211939BC6E384AD0167173A5E35F9E9426DDDBF6A3AF
Malicious:	false
Preview:	RIFF.\..WAVEfmt ........"V.."V......data.\..}~~~~~~~}..................}}~.............~~}.....................{.......................}~~.............~~}...................}~~............~~...................}~............~~}..................}~~............~~}.................}~~............~~........~~~........~~............~~}.................}~~............~~}..................}~~............~}........~.........~~.........w......\|....{\|\|....~~..............~~~}}}...............\|\|}}~~...............~~~~}.}}}}..~~~~....~~......\|\|{{{{..................v}}}}}}~~~....yZa...qZa....www~...~px.....y.....~}}....{z{....\|}}..........~~v}\|\|{........}}~..........}}}....vvv~~..................yF5M....rUu....vn..._;1$C....k\.....>.PES2...cBu....y[J....Z.Jz.2?..T.....X.f{.-1e..DS@z...&..g.q?...55..H..9.n)..du9...l..V..=<...._fW.\|V.....N>t...k..dDV...IV.~...g..utb.....\|o^ytz...zeYz.....zc...m{..{.io....ugxr{....\|}v...uukbqx...u\|...\|.....~ggw~....mmu}.~~.yrs.....ts..~u...\|.~zvg}..vpz.~....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\double_doors.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14726
Entropy (8bit):	6.770096824734868
Encrypted:	false
SSDEEP:	384:ZReiR/ysOOLYqWtcjvlKFC4mgz31rlxLb3aoQmLNHuQ0tEl:DwqWtcrlq31hxLbKoQmhDTl
MD5:	D7DCA26649087C7880F5E75A2BA3C1D7
SHA1:	717FE76A8D916A817724611764AE7B1596A6DF50
SHA-256:	7901AD0323D51E90FAF324ACD989B9B62C720DE560F8682943C6673F70F8CF7C
SHA-512:	4170644877D939C33DC18BADD649BB730B7B6B1DA02DAB1EDDD21069D645906E253C0FCB19E0A5D094AEA5CAF3FE459176A348275F89F19F71A7D8CBC912A822
Malicious:	false
Preview:	RIFF~9..WAVEfmt ........"V.."V......dataY9............\|\|}}~............~.....~}}}\|}}~~..........zyyxx...}\|\|..{{{.{.\|..w.....~~~}~}~}~}~~.~.............~~}~~.z\|}...\|~......v...\|.....yy.K.m...g%...j01...{!.3....X..u..v3)@..xe.t<;?\|..jNK...Q.u..r...lo{.]Cf...g0J....C"v....iG..RDJo...H@[....FCt...rrs...tfq...oNZw....tNb....nn....ueu...l]lu....^_o...zt\|...}m]l...pP]{....`g...\|rsl\|....}....ibhx...[w.k..mb..X..by..\|..rf......ju......ztorom}~qtz.....z.yrv\|\|plpwalrh}..............(...W=O.....:...-h......rgf...@+.0D.....zXc..qI<%$Ge......^=Nh`.Y=<M~.....M>KSlzq.........oN/=Hbw.........odbW[[k.......uhejmqYW^o..........{tmeY]sw......{~~......}.yy~..tolc`YUWw{........m.&3&)..NEKS......A;0.HF5+4l........h #(+E...eTb.....#....Mlt.........j'...0w...}n.....WEGP[mme{........}rNB=Io....~~....\|kULFQ.....~y}......yW[ix......qfaw....wgjkpx....}.....{vrssrle\SNJT.........)"<@6>LGOYSS.......6;.QA...../........[PDFSD70,(1z..........L ...+Px.........{cA#..J..........l:,'%CN_gv.........WNP

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\downstairs.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	16762
Entropy (8bit):	6.047029682905614
Encrypted:	false
SSDEEP:	384:OPM9m/NomdKd8nwQsFZ6Gy5OSFLkNn1HdIxJ9pvlX:OPw5dxQsFZRy5vLk5Jda7pvlX
MD5:	2E00C54B2B63B8EACD7DE13E89BF55B3
SHA1:	9F49C539F13767BC7BAABC1A4AEBD348CDECAF6E
SHA-256:	3996565181C28C848C865BF3DB7E397E494AA087B0ED3F4D6F0A347ED3FE90FF
SHA-512:	1C51010948B7A447CEA8DA91F13DE99CDBC96C4A51445DAEFB3B7459BAEE00B34FBC9056CE44C8D6E006923716F3D63876124C15C2E8AFEEC8A3A07DE85B3D21
Malicious:	false
Preview:	RIFFrA..WAVEfmt ........"V.."V......dataNA.............~~~...........~~}..................}~~............~~..................}~............~~}..................~~............~~}}.................yyzz.....zNC...tM~...p?/)Z...g`..\>>d...yp...T<Ew...xx....xC5J....m....gf]BLx...w....mEGNs..vw...mPcqhw........kN]v~..z......}PV\ry.......kcdlt\|\|v.....qyyqyyyx......}}\|\|ueu......}~~~.xqy.......z.yxxw...........zt{\|.~....\|\|}uut.........~~}}x}~........vww...~.....{y}{zy}.}~..........}~vutsyvs..}zw.......q"...r...vo...nG14X......s@(&5i....y....tJ8;Lf\|......bMGUvwxyz......yRFEOd..........ysdeeu......~eUSYqw.........uMB;U........wu\RYXou.......oVKap.........\|mYW]js........xlisvqqx.....m`cfu......y....".....~..n;,)9t.......P'!(Jy\|x{.....L2-19S.......yaYZ\^JM^.......eNEHFXl........ufVPQay........{kUOIIMi........y.yiH?Gp.......w`QEKZt.........wVQ`ey.......\|oaQaip~.......~khd`_gdfhy..................m......oL<43H..........A...4Tx......f@98:GZ{......hZ\WE>=R\|.....tPD<;I\.......\|\|vnbTWTn...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\dropped_him.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	13464
Entropy (8bit):	5.336997419499278
Encrypted:	false
SSDEEP:	384:SKbilY2aN0N3jT2ilsB3M/bi8fI9Zy/ZsiiQ20e1/:WW2aNM/oB8/bikcZy/Zsij+/
MD5:	4BF34AEBF337BDBE1B747A6093D0D618
SHA1:	8095FE42D8173D8865212B80E9FFB176356C7980
SHA-256:	AE18C2F0397FF85D2A33FCF90C07AB721D0EEB4F5A0CAABCC6257381AA24DCCD
SHA-512:	24DEE2D0570B7278C0EC136C17910E54C807F634856A0C516AA03E41834F163F4219762FD8AB215C63359A7A9384037CE04E57CD14390800E0C6F662AB75CE8B
Malicious:	false
Preview:	RIFF.4..WAVEfmt ........"V.."V......datak4..}}~~............~~........~~~......}~.............~}\|..................~~.........~~~~~.}............z...z......~..........~}....~..}}}~~..\|}............~}\|zyw\|{{{{\|...........rj[PNXt.......\|lc\\eu......}nhp.........~\|zrqwo.......vpqk.....v~u^..bh.n.....~LS..l\|.~...z..ks.k\z..q......NTscz..s{...}..qi..s{ss......ho..\|l.zc.....\|\|.g>GZ.......iSGYw.....lN{..uvfo.....zb{....ri.SGh......v..vEXoKX.....p..L>o.o...o.....f..^Pffn......~..x```Zp.....~__..}\|um]u......gGLiai.......pxo_f}.um......^n.gY.yZi.....yxxXKn.....\|......~wxxhy.qq.......oggnnv........yyyZaii......vm..t...mm\|}}.......zjbrrz.........m]emv.........yqyqyyxxx......\|..tddmuu}........{kcckkr.......\|.zkcck........zrkdu}...........z.}x\|\|xx~........vnwoo.........{ryqqqxx........{\|ltt\|{..........rrjkk{..........zrrjiqpx~............xph``hx.........phZaiqy........wo^ffn}...........zzzzzzyy.w~...............zrbcrrz........tl\eev~........~nmdsz.....}........~.....yz....}spechmw........M .."4[...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\dumpster.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	11090
Entropy (8bit):	6.192395537017181
Encrypted:	false
SSDEEP:	192:aqArhfQK6CwM/+e1IF8jSMSLiiSMdOVyyVIONIYbEyFbazM0GmkDweDOI:nAJ3wqE8j7SLizasIYQ4ljm2wQOI
MD5:	4E426D5E2E6E2F4206100FA3CF08BB7A
SHA1:	B90B2298F846C7815AB7540C3B36C1EA65FFBE30
SHA-256:	00FF52E67FC80527E0BAA723F4A9F22A0D04375C70945D34B183E123B55A888A
SHA-512:	266B421B55F42858A1BD397C1AA1533984841CC8BBF293BC2D2D70E648CD98F8C0E8DAD774E91CC3048ECE7398697F0FDEDB9D6AFB86E29D972777E527541E4C
Malicious:	false
Preview:	RIFFJ+..WAVEfmt ........"V.."V......data%+..~~~~.....~~~.................}}~.............~}........~.........~~............~~}..................}~~~............~~.................}~~............~}}.................~~~......~~...}}.\|.....\|\|\|.....\|.....\|..\|\|....}}~~~...~~~~.~..}.}\|\|\|\|..}.....~~~....~~~}}}.............\|}.~~~~........~~~.}}}\|...\|........}}}}~~~.~~~~.~..}.........{{{{...{......}...~.~~~}}}}\|.......................ww~x................~~~~~~y~.......~~........}.{z.~~xy~~.............($... .........o./..EG..m%'...0+?...5#..pJ ..0...6@...D'+..uE.R.\|G...v_..b$D..t_=.a..`_PT..\|..w..u.-`...oMjl....COgX..w.{jKw...\|xykm}....mM_~.....jY_....yjyrZs....ghy......qaSp....~wg......wgo........n^o...yzk\|.....tcjx...y...znz.....qtv....mm\|{....lxuwy....w.yw.....plg~....}i]gry..xv\|.......B..!:...SQ....M...\..........s.waOBFY.....tky.}rSB>]\|.......vvumd\VV^ox......zjjy..{ZVb{.....~xveie....q[]w...cHGk...p]Tc\|.........pz\|\|{qgir\|....ngpx....xz......tinkhc]rrz\|........t..../...N?c....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\elevator.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	11348
Entropy (8bit):	6.568843774291373
Encrypted:	false
SSDEEP:	192:lcOZdpq8lQA8Fcx3pwkW0ddxmmQvK69ixn8/BOUK6wivnZqiIAlvJFCmJAv1tZuS:lm8+UZtdSK69ix85rKtNiIAlv0tju8iK
MD5:	F22935952BE3068978C8E6AAD7602F1B
SHA1:	2C604D4A2AB041A981E66C9C0957CD0410A12AC1
SHA-256:	711EC226CE70CF4B97F978C393706C9E9462B43B0B12870AB2E3632C289F1150
SHA-512:	B572762EC2B6B8B9320DB6DDAB8958C429A297D73BD5D2237D083552EE171A9B352DFAEADD19AC6C46D22BD73AA47E07840B18264914E2A86F5FC57B3E260786
Malicious:	false
Preview:	RIFFL,..WAVEfmt ........"V.."V......data',..rtuv...{zw}.~..z{y...\|\|~x{}}..{.z.x..\|...xv.xt...~.....zz{.~z}}.....~.\|}~.~}{.~...}.}y\|yw}\|\|...\|xy}...}y}x..}\|{y}..x{\|{z....wvvw...v{..}{y.\|x.}~~}z..{\|}.{wwy......\|.~\|{}.........taSQ_..............\5.,f......\|...rquoRId......{k_]]g..........j.ZMEETJ...............n...Y....<,/C9--F.....sIQPB75Jq........7 $,9Ps........m?$..0j.......sRDNS]X[a......uN<65D]x........mbgVIFGYi.......o`_T_p.........yc`[KZc.......znf^WOILK]r............#&.W..c3D.....J;t.6...p....^L...q,00C..KBs....2)=z.6#$A........b...%N\TS.........].(*9U.........eGRW]lv.........t`MF<AE[s.........vZMKDRSTf.............\|~..vpnh`ZUOJT\.........w.%'.R.Y6=<.....dl..P........^.....Q(/TpC364....]y...E! "AeUBE.........J...5\|........ZRSVND95H.........e8.1:IMYh........o]KGCTv..........bbXL_gs........oYLA94>Lc.......... .:68A=EOAQ.......+...Nv]<Q......o.sNGMMHLZZb......u.z[ ..#Z.........QLNJJJLLPe.........YR\_]^B?m........ysnpmnljf`l~........{sgSLFbqq............xma

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\elevator2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	11660
Entropy (8bit):	6.631343399346845
Encrypted:	false
SSDEEP:	192:43ZcXHqg1iomxuqJm2IW65v3oNgeBEFoJ8p5+fA5LRdNbax1bLD:QZcX0ppm2IW65v3oNgeBML5LV2LbLD
MD5:	1D1210CD1EA3795E639EFDD374C9DF8D
SHA1:	7448CEA805059012DE59ABE8663470AEB2B3EB96
SHA-256:	0BB87FDF0FB3161AF7A5117EF3C0ED51D65AB4B86F61652C5EC47676286AE8BE
SHA-512:	51AC77567D1E66F014148710A6D2A7FF8530BED03187F541A4A1C4D515407FA39F384AD135759947862FB96B16A9A79AF7A3ED2C7F90BFFF8F9D8000612F8120
Malicious:	false
Preview:	RIFF.-..WAVEfmt ........"V.."V......data`-.....}.~~~............~~.................\|.~~............~.}.....~~~.......}............~~}\|...............~~~........~~~~~~.....ww..w.wgw.w......ww..ww.....wgw.....\|uuu.........uvv......vvv......}}}}~~~~~.~~~~.......t.............~~~......~~............f..x..yz...z..yy..w..vv.....u........v..........u\|\|\|}}}~..~......~}}}\|\|\|\|\|\|\|\|}}..........~~~}}}\|\|\|\|\|\|..............~~~}}\|\|\|.........~~.........~~}}}\|\|\|....}~~...........~~~}.}.}~~~............~~..\|..{{{\|\|}}~..............nmlN\......no.pq......aR`_~.....n^Q_p.......raap.....zkkkz.......sdtt.....~\|{yx.....ysuwy{.......~......~swvvwxz}.}...........\|xtoknkml~..........^738Tx}........gD;KU_ly........_IC@CL_........zl_SR`r......q`\SLHEBDu.........Z........Rt.....+)#~.5.:.....5)I..:045.....WN...U....b..........=-19GSZb......nNEGOG700W........~W-%*Rl.zo.....u\^b.}eWIp....rlx\|d]P=[r..........oia_`aVYju.............~.{..~z~xspme]TOXu.............!.C..sUk.....P@A].B............v.%+/b..eOi.....>4

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\enemy_down.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	23860
Entropy (8bit):	5.998722962077627
Encrypted:	false
SSDEEP:	384:gXKW2CK5edC6dfY2Ny9vZjw2qocyf2Yipt7jHEMnvhLqTpdfpobqIYlrlGG2VgZP:vCKh6i2rkz25p1jHJqT7po0lrlGiZP
MD5:	084241A00B28553AD2CF07D61AAA4B70
SHA1:	2DDBC926A562745685549F396C805A8B05BA86ED
SHA-256:	93189D2A96F55D49BE7CD49E7817A839AEF1E5FB343393A436657332863B6A1C
SHA-512:	318A4771C03868DB54F5B5AFA046925933EB606524BE96F078D03257DEE8B677D23F75DC278C8223F6B3B975374A92A6D026F6CD6AF91D51E058DC91FB29D787
Malicious:	false
Preview:	RIFF,]..WAVEfmt ........"V.."V......data.]..~~..........~~}.................}~~............~~}.................}}~~............~~........~~.......}~............~~}}.................~~~...........~~~..................\|}~~............~.....~~~~~~~.....~............~}\|{...~~~~...............zyyxw~}\|\|...........mJ4<g.....w`RRpx........ww~}}vee{.....{m^^w.......}ee^t......\|..~~..~.....gSTk......\|t{........~yy~...}whqr.....\|tss.......u.{....vnog.......r......xh`Xg......ooww~.......unn}...xpqy.....rzy.........yrrr~......z....\|\|.zyx~...........ugas.....rqy.......~\|~}\|\|}..\|s\|x.....{s{z.....{xuxvyxx............xqjpw....nju{x.z.......3..#j....?+H..mBE....s/,P..X,1]...?'&<...kZ}...K01d...YLq....K9@f....~x..zkVVm.....hW\r...}}}....}a]g....x......q\Xl.......}ytjg]y......x~.vzlvq{}....{\|w{uz{......}pogqtoyz.}....~......e...$....*'W...a,@...C..g..?%)n...(" @...HGt...?%.m...?7Z...;'5s...gZr..oTUi...zKHRu...rrs....l64F{....{z...t_Ze.....tjmt.ukZa}.....pnenx........wgdjny.........lhgir...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\enemy_down2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	27372
Entropy (8bit):	5.92013556539326
Encrypted:	false
SSDEEP:	384:QaHLdZAh+dQPIpUCMtEz8/x4VgDbUtpdx3WG4DqXSJuo+aDVzGoalVIFl:QiRZAhAKCMWz854wmdZKmW7qIFl
MD5:	6CD4E44C1438FAC0879AD2640994815E
SHA1:	EC7BB0E57A47036CA0F6AEFE8F570F18648F220B
SHA-256:	733DE9B54B10D0A85BE4F90BE6D43533199DA386C155D6D2EE7EE919C68EE661
SHA-512:	1CC9A6AA854A255EA97216BAEE7B5A849BBFE495638D4FA7DBB3F25CD61041194CC2FA70730A9267551B685FF045102581467C162955BA88ABD442428F954C17
Malicious:	false
Preview:	RIFF.j..WAVEfmt ........"V.."V......data.j..~~~~~~~~~}...............}~~...........~~.................}~............~~}.................}~~............~~}.................}~............~~}..................~~~...........~~~...........{{\|\|\|\|.}..~~..........~..}}}\|\|\|.\|\|\|\|.....}}~~~~~~~~~~.}}...{{{{{...{{...}.w..x.yzzzz....y...~.}..{.zzy..~.....}~.............}\|..~}}\|\|....~.........~~~~}\|{yx}\|z~}.........mE:Dk....wg_m\|..~\|......\|\|}yce^.......`S_v.........yyq}yy........slde}.....xov\|...zzz......~~..xy.....~vvum.....\|\|}....yzz.......~}\|tzy~}.....{\|}~......t\|\|...iwv\|{.........mWRa......vnu\|...xw}........zddu}.....zjrrz..........~~owo~~~......tts.....ztlm}....tu~~.........}.~..\|\|}zprt~.....}.g`..io.im..xz.ww~.v.........z\|..zyvjn...}.vty......R .!B....\|?5Az...gVb.....qvw}gK=P....xF<Ba....yx}....yrZbj........uOIPn.....\|mnw...yxo......\|zrpon}.....yE2H\.....\|sq~...{vv}......xpaV\j.....}kait.....}{...yohihp........{pggl}...rlfgu{~........%...]...0+Q...b%!A...N/H...C$q....?%&2...YB_...nJJWv

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\engaging_enemies.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	24824
Entropy (8bit):	6.381875379102182
Encrypted:	false
SSDEEP:	384:sLoV/Hu5bDC2DHT3oEReOVtAYpLdkgNzjD2kGX9T1j5hGNB:sLgO5iMHTPEoDhHpGRRSNB
MD5:	AA3551F38A5088077A0F05643A22C6E1
SHA1:	B6712C588916C0698668D94E97727D1BD4916D8A
SHA-256:	C463372572B3C979CDA39E50522B6E9E4C8E9705395A929EFB05B7964E73A2A5
SHA-512:	D92A87B1202C2BBF9A3AC19D7BEDB9D8C8730C3D4B599ECCA7B2F1DF370D58BC7D07D4364C20C9CE174D6B069B7DE22F4F1FDB6B352345770593B6B9A86D187D
Malicious:	false
Preview:	RIFF.`..WAVEfmt ........"V.."V......data.`..~~~......~~~..................}~~.............~~}..................}~~............~~}..................}~~............~~}..................}~.............~~}.................}~~.............~}..................}~............~~}..................}~~.............~~}}..........\|..}w.h......l.{...yq.o...{..~.r~z..{...x..r.{{..k..r...g}.u....{{.....uv.....x.....xx.....~}}\|.........{{{{...}}~~.........}}\|\|......~.......\|.}~~~..........}}\|\|.................}}~~...........~}....~}.......~......}~....x.}\|zx....}.......I/:K.....unZuus.......yru.xpR\z.....xd^Z......vk`V.v..y.t....L%./{...TOoulN`...._W{...T?Eh.....xZTIMm.....sihguz...\|y.....eXTi.......n]N`}......xxtu{\|y{~.....{tleer.....yosqs}....okBR\|.....qk{{....~rnrz....rnjl~......twz....sbfbu....ys......!..+....b:9R.yxv...j?Cu...C+8....XIJTao....nIGZx.....uw....wTP[......}dRCUw....v\fpz...........sbS]i......vrr...l>=^.....]TZ_......wcPSo....spm.....njv.....ueXZ\_....znl{....s...4....:((?.......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\entrance.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	10980
Entropy (8bit):	6.367202140679572
Encrypted:	false
SSDEEP:	192:sdxKR8QbNpEsaFm8AJAkl4GTTRrXDoMcoJAmqf5QA1YUHLWEBgMGJhtJhJ0tKI2E:6xKR8xs8m8u8uu6JAm+PDL9BNut6oI11
MD5:	2337AA6767C4BE974D5642072AFD19A5
SHA1:	3FFCC07AFAC8FBE302F82FA9B201828AB9C3AD56
SHA-256:	6FE95D56DCDA7BF56B70B9F0F011615A790B9BA9980E0DCF47AB27186AAE2AB8
SHA-512:	1D85FC89B58749C5132009A64F765902D9D5FEA0B36CD9D9BDBE9AB097F531E3D6CC9266E5BF2FCA8DB6BAEEBE6FE96C31CA978D415EA659706DF3E90BE9EF3F
Malicious:	false
Preview:	RIFF...WAVEfmt ........"V.."V......data...ww.................~...{\|}}~................~}}\|\|\|}}~................~}}\|{{.................}}}}}}}}}~~~...............~~}}}}}~z{\|~.............}..~}\|{{{\|\|}~.............{zx~}\|{{zz.................{{\|\|}wxy{\|}~............}{yxxxywy\|.............{....z\|x\|....}R62T.....\|dcYcZ`p.....nrqjken.......\MGLR]dga{..............t...$+&v..20....m(3..C..6....;&%4....x....iCKv..gEBv....S=;FZ....tcbigfedy........wM0:j.....nid`gfl..........]/.\......eTWe...........l\UW_g......qb\s.......yo`UWTp............#. ..../1-M../#@...,!g..j.!.....""+.._4W...F6S..\|3)1....D12Jl........ajsuf`MTl.....N:1Ct..........vC=38p....x\NMaz......vlosvhLGIs.....ydhfs~......gTOSS[QOW}..............._...,8/...~+(W.........L.......7)(>..>)9...3(Q..}$.#....(":...xa....]Ka.}Y?:M....h@9>d.........c.(/Tp........gXP\t.......oKGKH^dl........z.}.....zcZWMX]st}............'......'1.T...)#...._.y..w...=....#,...T,C....=E..#.."....e,3...>:c.......Z/$&8....xQVz.....v

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\entryway.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	17130
Entropy (8bit):	6.254371381061493
Encrypted:	false
SSDEEP:	384:9PZJT5mqvDla6LBL/ccsNmeClKPZpsk44CqtVS0qHtrcuZJC9:9RJlJaEpcJNmHlKxV4OVTqNrcsQ
MD5:	3A3360DA96DB3AD91862AE420B1A48EA
SHA1:	A90B29044D7A84BCC185ACE74DA8B60CB4F18125
SHA-256:	243FE9A7DACC8F4213CE93F476D5B426F057A879AAF5FEE073F486D24BAA5CA3
SHA-512:	852EACDAAC9979A4E9EBFDDB536B1D2B47E924B1CEA460BF8E8218FFFF541077A752DDB0CC3477E95BE07A4D3AE3900EDDF9EAC67981416134EE06BC77FB08E3
Malicious:	false
Preview:	RIFF.B..WAVEfmt ........"V.."V......data.B.....}~~~............~~.................}~~............~~}.................~~............~~}..................}~~~............~~.................}~~............~~}.......~~.........~........zzyy.......}..{{.........}}~~...........~}....~~........z{\|~..z{..........~}..y}\|.{{..............}~~.vvu}{z.~..........lG4Ch....mSPWf~.......tanz..{yw}....wuim.......{\|lkhty}....xqonx.....nA=Og........kaex....}zx...}npkn}......{tmu}}.....\|rhou..........}}z{.~......ysuwx........~..{~..~uukqt.....{qotw......ztmvv...v{yxy..............zxj`dcj............w.........D;Cb..fa....;&9{..zF6b...._TW_g.......qYLISn....zmdr{.www.....toy\|obe`x......ujfc}.......hL7@b......jbmw.........zskleY\i......vmeu......yicWRTUo.....y}......3...6....?::T..lI\...9..r..9.)....xEEc..ng....yM<AMq.....udqu.~uk~....nbl..saXa.....~.{wjm.....hYL`q.....\|z.\|xy.........~.xj_]jt.....~r\|\|......zqdf^an{w.......... ." ....D==M..Y;D....]..].........88R..dHU....<,.Sz.~......vh[^p}....zv...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\family_room.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	19898
Entropy (8bit):	5.992543963835851
Encrypted:	false
SSDEEP:	384:8DttYUID7wrRo1HzmgaQkIXL3g6HK2AkR/lsl1p2m:8DtSnwr7ZlI7x1Aalsl9
MD5:	A6A2D5BAC7E615DF2347605417E28BA5
SHA1:	5B8C211E71DE3C5958F302A435302E4D4F5D3230
SHA-256:	3B2CF3FEAF9F650609C802CC4C768CA9BF8465CD9445B6ECCE7388128CC723EF
SHA-512:	26B6C89E17C0839B08E751C83834089A6969281E3A9F9A69A603F9CFB0C76DB5FADEF37E42CAEDF84363725370859A500996872BC38929F8546291A3A342881C
Malicious:	false
Preview:	RIFF.M..WAVEfmt ........"V.."V......data.M...}}}}....}}\|\|................}}~~~...........~~~}}}..............\|\|\|}}............~~~}}}..........}}~~~~......~~}}\|\|............\|}~~............~~}...........\|}}~~..............~~}}...........\|}}}~~~~......x.x...~~~~}..........{{\|...}}}~~.......xx.~..............{\|\|}}............~~}}\|.........{{\|.......zzzzz.............zz.{{..........~....xx.......}}}}\|............\|}}}~~~............\|\|{{{{z.............zzzzzz..........~~~~~.z....~........zzy..~............{\|u}v~~...........~~}}\|............}}~~...........~~~}}......{{.........~~~~~...~}}}\|\|...............}}..}}}}}}}}\|...........}}~www~~.....}........}}}~~~~.........~...........{{{\|....~~...........~~}}\|\|\|.........\|\|\|}}~~~..........~~}v}..\|..........~~.x..x...~~............{\|\|}}~.....zz......~}..{....zz{......~x........~...}\|\|\|..{{{\|.......~~~w.~}...}.}}}}....}}}}~.~...}}}}}}...}}...~~~.~~.~..}}.\|.{....z.....\|.}~.x...y.....~}\|\|{.......{{\|\|.....yqz...........\|t.....~..........~..xy.y......v...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\far_side.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	22556
Entropy (8bit):	6.146268316699364
Encrypted:	false
SSDEEP:	384:vlJXks2+/lJlf/BuzDwvxxKTv1WJ9YIFdjR5+tAurXupXM7Rk37:vlV/lJtBuyxwtx+djHI+pgE7
MD5:	9A829443FA57904AEB2DBE436A977942
SHA1:	A9C5D465D16B6888C5C79A5F788EA3D69B4E5485
SHA-256:	63426371CBF6B45DD72480B2FBB794C1ADE78E4F6BEF6871B762D3743E30B2F6
SHA-512:	CCF711CADEBC4CD576D915D2C256619DD9830CBA9BB9B0A5F696D9FDC11C46EAFC1E159BB94C9FC8A213102B4A74FF44B717762818B14D03AEFFDE163825985E
Malicious:	false
Preview:	RIFF.X..WAVEfmt ........"V.."V......data.W..}}~~~~~.~.}.}.............\|.}.~~............}.\|.............\|.}.............~.}.\|...............}.}.~...........~.~.}.............\|.}.~............~~.}...............}.~~...........~~.}...............\|.}.~............~~.}...............}.~~...........~~.}...............}.~...........~~~.}.......}}}~~~.........~~..\|.\|........{.......\|.\|.\|.\|.\|.......\|.}.~.~~.....~~.~.}.............\|.}~~............~~.}......~..........~~.............~~w.~~.~~.....x...........~~..~~~~~...............~~.}.....................}.}.~.~}}.}.}.\|..................\|\|\|\|}.......}~~~.~.~~~~~~~~...................~~...~~~~~~~}}}.............uuu..................uuuu...............xxxxxxw~.......}}}}}}}}}}.}}}}...}}}}}}}..~~~~~.~~~~~~}}...............}}~~...........~}......~~~.....\|}~~.....yy.........~~~~~~~.........yyyyy..........~~~~~........xx....xxx..}}.\|..{{{....{{{.\|\|..\|}}}}...}~~~~~~~.........~.~~~~~~~~.....................~~~~~~.~~~~~........~~w.....u................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\fence.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	13598
Entropy (8bit):	6.072929674779185
Encrypted:	false
SSDEEP:	192:SV+rJ8NiIAhZtO6ic4bvgg04q4G6gwTKwLIR/mbjY1lm2uHDk4XykG/dW9lAlv:SV1g6XtbvWx7EIlXUZHDksG/dW9lAlv
MD5:	BD43ED2D566331E0C76947EC44E86573
SHA1:	C33EFA7B819C1BAD540C6D5E21540EB2642E644D
SHA-256:	7B65EE1AC69E42809B5B29BD45E41DED7E5E068911313CCFA9BCC38013F5AA88
SHA-512:	B90D1E64854A39E2BD72E5AAB58FCFDA22F8CD1650210F943401C2B29201A23251E008C750EC3AE3E8881B887F74AEAAD092B7C25F3760FF039F910311D35E49
Malicious:	false
Preview:	RIFF.5..WAVEfmt ........"V.."V......data.4..~~........~~~}................}}}~~~..............}}\|\|\|\|{..............~~~~........~~~}...........}}}}~~~.....~..........~~~~~~~~........~...........~~}}}.............}}~~~~...~~~...........~~~~.....\|}~.......zzz........{.~~.....~..\|\|}~............~~}\|............~~....z.....x.~}\|...........\|}~~....z.....y.~~..........{\|\|}.~.........~~}.......~~yyz...........~~~w~}}}\|..........{...\|....\|\|\|.\|\|\|...\|.......~~~~~ww~~~.........{.{\|\|\|.....~w~....~~~~}....\|..{.....\|}}}...~~...~}}}}}...\|\|.........}vv}}}..........}}}}}..}\|.\|...................\|...}~~w~~~.......}.\|\|..{{{\|....}}....~~w~~.~~~..}.}..}.}}}}}..}.}....}}}}}}}}}..}.....~~~~.~~~x..~~~...}}.\|\|.{........\|\|}}~~~.x.....zz...........~w~~~.~...~...x......~~~.~...}..\|\|\|..}.}}}}.~..~~~.~~~.~~.w~}.}.......\|..\|\|\|\|......\|.}}...}}...\|.\|\|.\|..t......\|....}..}}}}}}}}}}........\|.\|\|...}..v}}}....}.......}v.~~.w~.x...........~~~.}.}\|.\|\|....\|...\|.....\|}}v.}..}..}..}..}}...}.}v.~...~~~~~..x.~~~~....}}.v.v..\|.\|...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\foyer.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15572
Entropy (8bit):	6.076317787003488
Encrypted:	false
SSDEEP:	384:PvNUSNfdtQCZTbWKAUaPtQBlIlQdCevDZ5+MLHcrA:nNUSNF7JbHAUGtZlgxN4aSA
MD5:	1785254F8C4616EA5A2937913111692B
SHA1:	259448FB926E876CA3268182ECB7E61D7383182D
SHA-256:	427EEB20B4E5264FDA1676FFCAD0ED774612362D381F14357E3927F87D299D58
SHA-512:	C820EC62BBD1F3006AD6F5D9C39914641AC74DBE82BD59FE2528A15FE8D64B2DC79241A3D4C0544FD9B8E0625D88020E26B1CD17A75E6B98909D05CB99849511
Malicious:	false
Preview:	RIFF.<..WAVEfmt ........"V.."V......data.<..xxxx~~.................\|...\|\|.}}\|}...........}}}}v}...}}.......{.{{.......}~.~~.~.~~~~}}......{{.......}}}}}}~}....}.}...}..}}}~~~~~~~}............{{..\|\|\|\|.......}}......}.}v}}}..}......}}..\|..\|.\|..v}.....~~~w~....~~.~~..~}}}}}}}...............{{{{....}..~.......x...~~~..~~~~....~.x...~~.~....\|\|{....{.{.....~.......xp...~..}.....}}.}~~w~~.......~~~..}v}}}......}~..~~~~~~~~~}.....\|....\|..\|.\|\|\|}....\|\|...........}vv}}......~w..}...\|\|..\|\|\|\|.......~~~~~~~~~~~.~....}}vv}.....}v}....v}...}.~.ww.w.~w.....~w..}}v}.....}}}}..}..}}}~........nv}v.......u\|......{.{{t{.....\|.\|}......woww~..........}vv}}.....}....w~.xxx~.......}v\|u\|...}}.....~..w~~w......\|.{{{..{t\|.....~~.xx....x~.~}...\|...\|.....vw~p..........~.v}..{.{z.z.....\|.}}}w~~....x~.~.....\|{{{..{...\|}..~....yy........v.\|\|...{{{....u}}......px....~.~v}\|\|......{.....}wwo.....x..xw~...}}.\|......v~~~..xx.....~..v}}}..\|..u......}.w~px..........o.wo.~~.n.....}.vv.}.\|\|.........{{.\|u.v}....~w.w..}}v\|.....\|.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\front.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14780
Entropy (8bit):	5.33419930062926
Encrypted:	false
SSDEEP:	384:guMbzfzdICip4kZjO6rMKa/kXCPm9Bfpll:gvzJ8qkZiGMKAmTpll
MD5:	FE736610BF5619E45D1F576168592124
SHA1:	E5F6C77C055810BA107E65B85F06707B7A54E5F2
SHA-256:	3009135094EFDF18190BEFE95D8F8845330A6039CC0296A4FC595D34EBD6499D
SHA-512:	26DD6FAABE17AE9DA9DB8E173522946265081964BE814239C8BFEE6CF0F13E69A6179205C609977F121E0CC1952260538335AAA2B78ECE83004FFF9322227BB7
Malicious:	false
Preview:	RIFF.9..WAVEfmt ........"V.."V......data.9..................}.~~.............~~.................}~~............~}.......~~~~........~~...........~~}}....................{.................{......{.......\|..\|......}}\|\|\|...............\|.\|..\|...\|...{................\|..\|.\|.\|..{.............}~~..........~~................{...............\|\|.}..~~.......~~}...............}}~.............~~}.\|................{..{...............}~~........~~................{........................\|.}.~................................~~~~~}..}..\|\|.................{..\|..\|..}..}}.}}..}}..}..}...}}~~~~.............~~}}}..\|........}~~...........~~}.................}.~~.............~~.}....................{\|.........\|..\|.\|\|\|..\|........~~~~~.~~~~~~~.}........{....{.\|.\|.W.v..w.~.w...w.w.~~.~.~~w..~..x.............~.~}}.....{.{.........~~~.........~~.................\|.~~............~~}...................~~..........~~~}..........\|\|}}}~~~~.......~~~~}}}\|..........}~~~...........~~.................}.~~............~~}.....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\front_door.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	21766
Entropy (8bit):	5.909082752825344
Encrypted:	false
SSDEEP:	384:GxeG8XIpDpfHHAcrxPrUWu4ce9YC4dfa7WI2WjY2B3Uj+p396ml7sln:oe0phgKZuPe9YB55lWDBEji96ml7sln
MD5:	86A9B4F4AFAB6B59F6C71FC547D427FB
SHA1:	A00535F806A961434214F346DBE14376390DAAB7
SHA-256:	F15F11021E469506495AF550A9BF534A3CAE75776AAB299B38E121032CFC9F20
SHA-512:	B055A66835C2BF969CC14A5E883B234F98FF39DC8F7595B2050212BE4E9564D784325206B6625E1D13BB8A5839A7027777EA57071CD829ACA7B1C3DB610F1556
Malicious:	false
Preview:	RIFF.T..WAVEfmt ........"V.."V......data.T......zzzzzz..........~~r~.s.........zzzzz.....wvu.............~.xyyyy.....~~.}.....{{{..\|.}}}~~~~~....~.......}}nn}}}..........\|\|}}}}wwx.x...........~.}\|\|\|{{{....}}~..............po~..}\|\|...............uu..tt.................vvv.\|\|\|\|\|\|.............q..pp~...\|\|{.........vvwpp.............\|m{.{{............yrzyq..........\|\|n....wo.......~w..}.\|......\|}v..~~..xx.......vvvv..\|\|\|}}}......~wwww~}.....v....}......~w.w.wwww.........}}}}}v}}v\|...{..........vv~~x..........~..\|.{..z..zz..\|.......y.y....~~.}\|\|........}..~..p.qy.x..x....}\|\|\|.\|\|.\|..}}}..~~~~~~...w.~...~....p....p.~..}......\|}vw.x.yy.....z....~.\|.{.z~~y~~....}.......q....o......~y.y~..........{s{s.........}.\|{...{.{\|\|.}}~~~....x.......p.xx.~~~~..}...\|..\|...vw......j.z.....~}.....~~~~y.k{\|v~..........zyxw}v.....zk........t..nv.nu.t....~....ks.s..{\|.n~.x...z..rz.qy.x..n..........u.uu..nw.p........r..rzy...ww.v}.}..........\|\|\|t\|{z..x~..{..z....\|v.py..{\|.\|\|........y~}q}}x~...w.....}..u.{r.pwu.s~.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\front_door2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	18346
Entropy (8bit):	5.747319888807114
Encrypted:	false
SSDEEP:	384:4hKJOLgzetjUGvcLtf85PF1HyJ4CkG7rrfZ6lqT+5T:47czEjURYH/CrrfZ66q
MD5:	4CF89526C27945F19AC4DDEC3F2D8FB4
SHA1:	D3B7B8E9CC97FE710FD7838A1F1D70D2998A9C45
SHA-256:	A55FC6A434E1085FFB1160A4D8FFE6EEDA7B144051ABAADD59F71AD292AE0374
SHA-512:	47790FC526847E9FE1B6A2739FC558C195E78E0C88B932D86AE51698849AB36E07CC37767400E1B8C200A593F439588ED5AD047EAF414D6A2A93AF50AA8BD33A
Malicious:	false
Preview:	RIFF.G..WAVEfmt ........"V.."V......data}G...............}}~~..............~~}}.............}}~........~~.}..............}}~.............~}..................}~~.............~~}..................}~~.............~~}...................~~.............~~}...................}~~.............~}.......~~~........~~...........~~}}...........}}~~~....~~~}................}}~..............~~}..........................{{..........{.........}}}~~~.............~~~}}}............}}}}~~~~~~~..........{{{{\|\|.........~~~~~~}}}}\|...........\|\|}}}}}...........{{......}}~~~..........}}..\|\|{{{...........~~w~~}}.............\|}}~~~~.......}}\|\|{...........}}}.....~~}}}\|\|...{............xx....~~}.............}}~~..x.......~.}....\|{\|\|\|\|.....~.....~~~w~}}}~~w~..........zqqqxx.~.............zz{s{{..........~~...~~....}..y.rz{......~.\|.....~..zz....}.~..x.~.........{..{{\|\|}}~.......z.....~w}}......\|\|\|...~.y.......zzy....~......\|..\|\|\|.\|.............}vv}~w.}..........nv.v..vv..........~~w~v...............{.u......~..~~.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\front_hall.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	19030
Entropy (8bit):	5.704244426613221
Encrypted:	false
SSDEEP:	384:qQ5YisFeJ4QCPsj0sTBi2vxVnbQGnbaT57Yod:qQODwRjJhvxVnbH6lYod
MD5:	8990A0A3FEFBCD667231BDAA5D0A387A
SHA1:	39CA16813940A5FF8F04CC545B7E1B4780531439
SHA-256:	7A0819E2B517215AB3B89BC00A6C05472C7D51C301D7221A07DE7D08A5B67438
SHA-512:	E584C817E88EB1A3ECEE041FBA55E175B7640065D7530F998F1E39849BC3832902D77ADF7DD64DCB6C142E6E013FA9392C09567091A15FAEFECEDD79B68995B6
Malicious:	false
Preview:	RIFFNJ..WAVEfmt ........"V.."V......data)J......}~~.............~}..................}~............~~}.................}~~............~~}..................}~~...........~~}.................}~.............~~}..................}~~............~~..................}~............~~}.................~~......~.}}.................~~..........~~}}............}}~~~..........~~.........\|\|\|\|\|}}}........~~~~}}}}}}........}}}}~~~......}}}}}}\|......}}}}~~......~}}}}\|\|\|............~~..........~~~}}.........}}~~~~~~~}....................~~~......~~~}...........}}}~~..........~..........\|\|\|\|}}}}......~~~}...}}\|\|...}}}..}~~....~}}....\|\|\|\|\|\|.......~~~~~~~~.....}\|\|....\|\|}...}}~..~~~~....}}}....\|\|\|\|}......}}}}.....}}}}}}}}}.......}\|\|..\|....\|\|}}...~~~~~~......\|\|\|{.....{.......~~~....~~~}.........{{..\|}}..~........~}}\|..............}~~........~~}}}\|\|..........}.}~~..~~~~~~}....\|\|\|.....\|......}}}}}}}}..........\|.\|.}}}}}.....}}}}}..~....~w~~~~.}....\|\|\|......}}}...~~~~...~~~v}}.........}}}}~w..........~}}}u....\|..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\front_room.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	20538
Entropy (8bit):	5.909399057570229
Encrypted:	false
SSDEEP:	384:eli+MNRGxo4FBdcGv6s65lFi7fuKHbSiLvCvtKhCPYfzrb2iUNCM:eli+Qko4TjSbzYmCv+4Rrb2iU/
MD5:	15B85545BCA8D8E477D7B7A57F6F561E
SHA1:	D6A181D75F92A958D8587A9387B515DB53DCE493
SHA-256:	9BCD832CD4F18D82DC468059C6791B0F25F197DB6EE0219E75E5D210EF787151
SHA-512:	1467E147D6DCFF1785721B8A44DC9539DAFCBC6E7B26AD6ABB871C01B99CC023C449B031B79AF13840F40BBA9C330A44A9276FE52828BE5686D27DBFA2ABDBBC
Malicious:	false
Preview:	RIFF2P..WAVEfmt ........"V.."V......data.P..}}}}}}}.................}}~~............~~.................}~~............~}.................~~...........~~}}................}~~~~~~~}}..........}}~~~.........~................}}~...........~~......~~~~......~~...........~}}...............~~.....~~~..\|.....{......}~~.........~~.................}.~~...............~~.}.}.\|...................}.~~............~~}...................~~............~~}.................}}~.............~}.......~~~........~~...........~~}}..........}}~.~~....~~~....................}~~.................~~~}}..............{...\|.}}~~........~~~}}\|.............}~~~...........~~..................}~~............~~}..................}~~............~~}........{.......}}~~~~~~...........~~~~~~.........~.~~~~~~~}}...........\|..}~~.............~~}}..\|........}~~............~~}............}}~~............~}.................}~.............~~}.................}~~...........~~}..................}~~............~~...........z...{.......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\front_yard.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	23210
Entropy (8bit):	5.888412709522928
Encrypted:	false
SSDEEP:	384:N9f1JjVZIig/w4PyZw1rg7162HjRPBg7l2uvD4Tw1n8dKv4RVP8Fs66ceptNMkmB:bjVZKwnw1OoMjJQQuvD4E1Tv4Yice7kB
MD5:	B4E805B07AE59A09A239D2700F645FDA
SHA1:	D942563DC19DE5FE81D75F7275DD9FA1EA053800
SHA-256:	FF73747AA71BD8CDBA72CB86BCE4DB1351FEBD417D61A43270BE7A51F88D1B78
SHA-512:	3FD0029990342CF32DA02C3D616D6AC8D26BE6787AF6AB0AF6EB1D5ED9EF024622CDF00EB55B58AE27C76FB21C3007C13BB8F01612E13472203B9A66E28EAC27
Malicious:	false
Preview:	RIFF.Z..WAVEfmt ........"V.."V......data}Z..~~...........~}.................~~...........~~}}...........}}~~~~~~~~~..................}}~...............~}}.....................}~~~..............~~}..................}~~.............~}.......~~........~~...........~~}}...........}~~.......~~..................~~...........~~}}.........\|}..}}~~~~}}............\|}}}}~~~~~~........}}\|\|\|\|\|\|...............zz.............}..~~~~~}}}.............}}~~...........~}.............\|}}~~~.....~~~}}\|...............}~~~.........~}}}}\|\|........~~~~~.......~~~.......}}}}}}}}}.........}}.}}}.~~~~~~~.....}}}.....}}.}}}.}}.}.~~~~.......}}}}}}}}}}.................{{{{\|.........~~~~~~~~w~....}....~~w~~~~~........}}}\|\|\|\|\|......}.~........zz....xx~.}.\|\|...........\|}}~~~....xx..~...........z..{{\|......yy.....y...~}.........z{{\|\|}..............}.utt{{..............xxpxq.x.......~.~~}.....u{.t{{.............zzzrr........{..~~~~...\|.......\|mut\|..........~~~yyz{\|\|.........{zryxw.....z........~.xqqzzr......~....}.vnvv...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\garage.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	16920
Entropy (8bit):	5.995636753398477
Encrypted:	false
SSDEEP:	384:WGqieUtOCqp58qrd6/upy9M12ha59CNovhrH642A/Zll:BeUtO9D8S6/y4M12Qg+LF/Zll
MD5:	79B2C0A364EC78035850D0A533F9E1D1
SHA1:	229027178BFDEA309D88D14927DEF2DB6D44CF3C
SHA-256:	8DA6D8E8295BF6A8D45DDEB78F10ADB1750B618D8E5B875237384446215C1A98
SHA-512:	C592D405084668D66E41A4CAC93928DDA09C0BDA1E00EE6EF41605060FC164D01134AE624194385B0C58E9701B902E9B0C691364BA41F31AF7976CC3AADE8394
Malicious:	false
Preview:	RIFF.B..WAVEfmt ........"V.."V......data.A..\|}~...............~}}\|\|\|}}~................~}\|{zz.~~...............}}\|\|\|{{\|\|}}~..............~}\|{zz{{xy.}.............}z}zxvuxyy{}...........zyvspt~svww........~~}..{v.....p~r.{wcoxu............xrlZ``mej...........}y{wikefhSbst...........~oggggxp`xw.............{\|}xijkmmvv..............vvpprsuvx............~\|{zyxxxxxy..\|...........p.ov.................p.~~}\|.............~...rr.....~..........~.{\|}~...z{{{{...........\|\|\|\|\|\|\|}}}~~~..........}.}}}}}}}}\|\|\|.............~....z{{{{{{z............}}~~z{\|}~~.y................zzzzzz.{.................xy.yyyy...............\|\|\|}}w.xy..............~~}}}x~z...}~............~}\|{...~~~................{.zz.............}..}...{...~~~~~~~...............~}.....~~~~~~~~............zyyyyxww}................xxyzrs...............{{{{{{{\|\|}~~...............\|{zzzyyy~.................yyxxxw~~}}}...........}v}ww~..qqyy............\|{{zzzszzz{{\|}.............xxwwvvvu\|\|\|............\|..}~~pqqrs.\|\|.............~zyzuwxzuxz}wy

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\gate.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	8414
Entropy (8bit):	6.079721811928996
Encrypted:	false
SSDEEP:	192:v/E6W3QDj/AUvsLB8l+/WVUpPqCFGvaZLhd7hzMu3gc:HEfADzAUvsLu+IUjFPZ/7tX
MD5:	6D02AF27C634F13DA65C5AF7D3939995
SHA1:	B40FA8DD4EB47CD7AC79D33ED9A49C02B74E7FB3
SHA-256:	E1B70179771AE251D9D8AD292B103DC5E70BDF441A4E259774C0C91662B8725F
SHA-512:	7113151239BC8284F6F5EEE5B99DA728B9131ABF08179C38BA8850C78999244E2FC56C694B211EEDB5C4FAA614A151DAB29FC527539BB6411BECFF4370FFDBB3
Malicious:	false
Preview:	RIFF. ..WAVEfmt ........"V.."V......data. .....}}..}\|..\|{...{{...\|........\|\|...{..z...{......y...s{.r.yy...\|..~~~~~~~.................~~}}}}\|}.................{{\|\|}}~~................~\|\|{{{\|\|}~..~.............}{zxwzzyzz.\|..............oWPNSX......$....q;5-N..........NN....8..9...5,'(a....eLE\....O!.....X>?>.....S...@ Y.D.s..[1&f.....z .t...K#DK[....^ALU.....f/?....h_P.{y...aQY..~.Qn...nd.gz...xx\|}V{.z.hi.^....xof.{q..\|cMr.}y~..}_x.....cIbi....IO?].....UU....v.msky...rq.Wf....Lk....}wpy.....~]bx}...on}.tu{...\|w....oxx..xw..dIM....SL}.......~N\....yzO]e.....xwwv......sahny{..{wl}.....q2*7....6"#G...sv.}rOIct.....qt..qXKR....L2;V.....lgtz\|{}.....{mhi\SWo.....yfl...9! Y...`1+6{......zjSWo...qVE^r..k[o.....ubv.....y..\|UHCOj....hm.....k.........#)/%J.....n;+."Q.....{\|pE4.H.....q2&)7e.....N406H......wkK;Bh....._PKL_p.....w]QLYw.......=...Z....O5;FZ\|.....yQF;Im}.....}nA6Zw.....^NJLUcy....c]J?k................,$''g.....ygE6=Z.....~..}nB4C....~C3;Iz.....N?;Dg.....qYebio

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\gatehouse.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15220
Entropy (8bit):	6.992117639757919
Encrypted:	false
SSDEEP:	384:fKCs/pSuxDFjRKWB+1VmT/iKpSSrUpFgea1MSmA4jO:fKCUQMj4WBg2qKpSGckgPO
MD5:	8893DC0FE1A030DEAE181C0B6BF48499
SHA1:	EE7C7B7727FD506379055AAEFEE31A9DC922A260
SHA-256:	CD12296587534D5569924BFB443E5A2BA55441ADDEA0069BB622E2A0E22CA2DF
SHA-512:	9A63069F0EE1C0E591B88DE0ADD0B2D7D776AACB795958D23779839BF2FA95E9E1F16C8DC781940C3B413CD038CFB7F512444843B73AF49BAFB68E838735C707
Malicious:	false
Preview:	RIFFl;..WAVEfmt ........"V.."V......dataH;..}~~~~~.~~~~~..................}}~~............~}......~~~~.......~.............~~}}.................}}~~............~~.................\|}~.............~}....~~~~~~...................~~}}}\|.................\|\|}}}~~.................~}}}}}}~..\|~............~\|z~\|{z}}}z...........\|.\|rpv.wdhsy........#........#.!.....A...t...(../....A"$)....gJ:GFi...k2Ph.lu..b<7<....z..u.&...D9iP,>...[oZm.....ILDndE......d(;K..a4U...mUa_....vO^O....ew...}R.......Sx....<8q...m@K`....m^^mu......xX^}....uID^....xR.q.....zNjjz.y...xFQ^v....dteu.....xy.js....{{bb......{tz...s...l\|..ww...yy..z...bTT.....pg_v.....sz...{u....sl.....hTo....we[q.........X=39b....sMAHa......nrytn_gt......rmh]fv......\ZQbw.......uib[mu.......jWOU`~......{p\|yw}wp~....xpTVa{.....ocdl{......qeieqst.......{okp.....~pdcX`d~.....ep.....l........x%7.7....[E_..g;.E....kk...8..9....D13Ee.......rOHOq...\|y~....b74X......hZYX^j.....oPJNu......yc=:Mo......qkovwly......nUVW^l......\|lem~......bZONQW

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\nice_shot_sir.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	19774
Entropy (8bit):	6.919576872069144
Encrypted:	false
SSDEEP:	384:ktJL6IOS4RX27V2VaUGvHKqeHWWKSfxbINyBwZ0zbCnoe9gAeJ2BNGvx:knlxEQUGfHe2wfSNy+JnbFMHvx
MD5:	E20F61E32DC274E674243DA39919CB03
SHA1:	31FAC402C2C08C629E5CBBD26F5DB8A1BFE4ABE5
SHA-256:	B2638160CCC4ED78CEEE67C123D1A8070391E3EF4025685A9AA068214051BEA1
SHA-512:	94D01F8C591893412F531CFBFB25C31120C34BCB9A17A210293D49D8446042222BF93FEACEFA72FDDB83B15793E19804F91494AA24D07D7566DD6A64594D88A8
Malicious:	false
Preview:	RIFF6M..WAVEfmt ........"V.."V......data.M........}~~............~~.................}~.............~}}.................~~~..........~~~..........z......z........~~.........~~~}...............\|\|}}..}}......{..........{\|....}..}}}.....{................\|.\|\|\|.................}~~..........~~...............}~~...........}...............}~~...........~~}......~~~........~...........~~}}.................}}~~~~.....~~~........}\|\|\|.\|\|\|\|............}~~~~}}}}}................}}~~~.........~~...........{{\|\|\|\|}...........~~~}}}\|...........\|}}....~..x....~~~.........{{{.......\|}}}.......}}}.}\|\|\|\|.........~~~~~~~~~~~~.....}}}}...}}}...}}}\|...........\|}}}}~..~....~~~...\|......{{...\|..~~...........~}}\|.........{......zzz{.......~}\|.....~~~.....}}~.........~~.....z..........}~~........~.......~~~~~~~..............~~}}}\|..........}}~.....yy..................{\|.......z......~~.....~y~~~.....~~......{{z.yx~.........~z.{\|....zs\|\|.....zy.~}.....}xy~....~.yy.......yx~.....~yx}~......xy.........~}.....}\|\|\|}....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\nice_work_team.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	23520
Entropy (8bit):	5.807612603863394
Encrypted:	false
SSDEEP:	384:hXNmMELvtCQK2AG4FoOoZZQuai85o14F8MvEgaju0lCREMnAupMfVgyelGsEBLi0:hXNm62AjFobQBb64Flv/g/CHW8lGsxMD
MD5:	E6FB168A704734E7351EDB3C2A25C8F7
SHA1:	DA184457FCD5FFCEC42950A6F8C50AE477814A38
SHA-256:	625E6DFB53915E4FD9079BBED4DBA7E42F579D64D5C6B77CD5DC524A87DFE487
SHA-512:	3FD6F54F8B076E837B393CE97EF8BFD0195D73879814698444A5A81FF401FFE9946F8E683D4282281A7B5602BCA2464786B712748264096747F7F7BF2EFA0FA4
Malicious:	false
Preview:	RIFF.[..WAVEfmt ........"V.."V......data.[..{{{...........}~~~......~~.........~~~~........~~..........~~}.\|\|\|..........}}}~~~~~..}.}..............\|\|\|}.}~.....~~~~~}}....\|\|........{\|...}}...~...xx.~~~~....}\|\|\|.......}}}}~~~~~}}..............\|\|}}}}}}}..............\|\|\|}}~~~~.....~~~}.........{\|\|\|}}~~~...........~~}}}}}~....}~........z..~v\|{z.........\|}~yz.......szy......yyy.......~.yz.....zzyx~.............v~..........~~}\|............}~~....y....w~}}...........}}}~~~.....................~~~}}}}......}}...~.....~w~}}............}wxyy......zqx~....z~yx}}.....~.......\|{{zy......yxx......\|\|}~......zyy.....\|..........}}~~.......w~~}..........}}}~~~~........~~~~....}.\|......{{{.......}}........~~~v..............xyqz......ryp~....}xqwx}....~yzs\|.....\|{zx~\|.......\|......rtu......wv\|{.....xwvv.....~.{}~.....{{{{{...y..~~}........~..~~~...\|}~..{\|}..w.v......v....~}}}}yz............{{..xw}zx..}~\|.........~qknq\|........ou{...}y_kh.......\|xx\|...soUbj..........}xwtqeddjw..........vxyyxwmq~....~{\|.wv.u

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\nnno_sir.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	21648
Entropy (8bit):	5.918233482864088
Encrypted:	false
SSDEEP:	384:+yEbR/zKwt5L0qVFgJaFctgfxut87+DOZwLGSCoNQ3gXjePVgU5UJVA3qebk/8:7gR/j5L0MqaFcIMtJLaoNQwXjePVgU5T
MD5:	5F3E934292862D747AC1C668365F6F06
SHA1:	A1C0652EE637D2F3214592FA04E39B9DF528E6F3
SHA-256:	476E7462786ED036F5EA9B05DAC629550B3E044B4E6D109741D4DCAC2DF6AC72
SHA-512:	E347C12176208EC0F45BF354063D330AD9F4BE4B6A739A4D9D2422A790CB2171C1F36EEC046EAE5BA926ED80F41EDA0EBCAE17FCDC7C1DF725C35B7B96F5ED94
Malicious:	false
Preview:	RIFF.T..WAVEfmt ........"V.."V......datacT..\|\|\|\|\|\|..........~~~~~~~}}}...............}}~~................................~~}}\|\|..........}~~...........~}}............}}~~......yx..........~..........xx.......~..................}~~.............~~}.........~~~~..........~~.......~~~}}...........}}~~..........~}................}~~.........~~~.........}}}}}}}}}..............\|}}~~.........~........~~~.....}}~............~}.....~~~~........~.......~~}............}}~............~~}\|..........v.~~.......~~}...............}~...........~}................~~.........~~}}...............}~~~~~~~~.v.........}}~~~........~~................}}~............~}................}~~.............v.u........\|.}~~.........~~~}}.................~~~~~~~~~~}...........}}}~~...........~~}............\|}~~............~}......~~~.......~~...........~}}.................~~...........~~~}..............t..t.............}}}}}}}.}}}}.........~~~~~~~~~~~~~~.........}}}}}~~.........~~~...............{.\|.~~.............~}.\|....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\no.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15184
Entropy (8bit):	5.764479672154659
Encrypted:	false
SSDEEP:	384:wjHwHkTcXkyo95VRuV/aTyQtu0ddoGtPE:1k956VCWQt5dw
MD5:	C6B428F5DC09C43359E7FEB394AB3F29
SHA1:	C0443C107133C6685241C9257556C9501251C41D
SHA-256:	0EC646F46195CC1FD51B2D78CF8D895B4F6566799394630C5F10A9F73C3C2D2D
SHA-512:	66802287C86B0EE19B2065925B26815B63F1CF45F1F4F53E032E7330D325BC921EAFA10769BFAEFE887EB59C7B6F6293849DADE59B2D64E34DF6CF465E20AAFB
Malicious:	false
Preview:	RIFFH;..WAVEfmt ........"V.."V......data#;..\|\|{................~~~......w..........~~.........w........~~.................}~...........~~.}}\|........vv}~~.....xx.~~~}............\|\|}}~w..x......~~wvv...........}}~~......xx..............\|\|}}~..yyy.......~}}\|{{{zz.........qzz....zyy.~.....tttt......yz{{{..{zrqp......{z{t......qqr......rqp................qrrr.........{{z............xyyy.....~~............wwxx.......~~................~~.....xxxx............\|}}}~~~xxxx..........}\|\|\|\|\|\|\|\|\|\|.............xxx......}}}}\|\|\|\|.......w...y....qyx.~.....uut......}wwxxy..zrrr.......}uuu......nn........pp.................m.....~.....~~~..........vwww~~~........v}}\|\|......wwx........~~}........zztt...~..yy..............zzzzzz{{u............zyxwwvu.........{...wx...z...rzy.......tt{{....{\|\|}}~~...xxxx......}}}}.....nnn...............~~}}\|\|\|............}~~.........~........uuv}}}.....x........vv}\|\|\|\|.........~~~~w.....}}vv...}}ww.............\|\|{{zzs............{{{{....~}\|{zyxx.x..~......st}}.....rqx...~}}p

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\no2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	9490
Entropy (8bit):	5.599940839180544
Encrypted:	false
SSDEEP:	192:eSd32pHHX/aTvovoTmyGrqcIjaVC5rosweUhW:wnX/aTvowayGEuC5roTeUU
MD5:	5BA8682350D83A78F045E2B55F4B943C
SHA1:	72E71963A16803A87B77CA22D0C85F6B93FDA9FD
SHA-256:	D66DB9DA2A59899292E2899AB87CA00DCDBA05C74361A741DC67FAB23DCA0A16
SHA-512:	4673C6D6F5D845237763F32D26646709189B981F12ECEA8752F6A7447816AF1327D88BADFCEF69515ABCDD0893AE23F113FC37E3141560125A7BE283AFE7D7BB
Malicious:	false
Preview:	RIFF.%..WAVEfmt ........"V.."V......data.$..~~~~..~~~~}................}}~............~~........~~........~~............~~}..................}~~...........~~}..................}~~............~}..................}~............~~}..................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~............~~}..................}~~............~}...................~~.............~~~}...............................~~~~...........~~..~~~...........~~~..................}~~............~~}.................\|\|\|.............~~~~...........~~...........~~~~..........\|\|\|\|\|}}}........~~~~~~}}}}........}}}}...}}}}}.....}}}...}}}}}}..........}}}}}}}..}}}......~~..~~~~~~}}......\|.\|}}.....xx......~~}}}\|.......{......}~ww~~.....}}}........\|}}}}~~~~~......~}}}}}....}}}}}}}...............\|\|}}~~~.......~..}\|\|........{..}~............~}\|...~........\|vw.......{s......\|tlzz......\|\|}~....yyyy......\|\|\|......\|uv}.....xxxx........\|\|.....}}}}~~...~~~}}}....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\no_sir.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14594
Entropy (8bit):	6.9897461990086
Encrypted:	false
SSDEEP:	384:Dcv12mkOQQ/wiGA8wIeu/9rqp02NgNLLNc:gvomMyG47u/G0pC
MD5:	485FA63C027DFD2B2B4C599BF57A563C
SHA1:	7937E0AD66BE1E965B01C06C23725A548417F45A
SHA-256:	874FA666B0D7E481BE26A6ECC2B51134B7636841444733F6C03F53038D250602
SHA-512:	6EEE8C626009344051904D6D30CD67342C6E2B041CF773632747E7657C9BC758F7A6D6ABC7980EBA1C9E8238C07729797B426363A6E17057217D5B7CC293BE80
Malicious:	false
Preview:	RIFF.8..WAVEfmt ........"V.."V......data.8.........}~~~...........~~.........~~.......}~............~~}.................~...........~~}}}...........w~~~..~~~~}................}}}~~~~~~~~..........\|\|\|\|\|.\|\|.}.......~~~~}}}}}}........}}}}~~~}.......\|{.......\|\|\|....~~~~~~.....}}}\|\|\|......\|}}....~~~~...}}}\|\|\|\|..........~~~~~..~~~~.....\|{........\|\|....~~~.~~~~~}}...........}}}}~~~~~..~~....}\|\|\|\|..........}}~~~~~~~~~.........}}}}}}}}}}........}}}}}}.....~~~~~~~}}............\|\|\|}}}}....~~}}.............{{\|\|}...~~.....~~..vvv....\|\|\|\|}......~~~~....\|\|\|{{{.........~~..........~~}}..........\|\|\|}}..~.......~~~}}...............}}~~.......x..~~.............\|\|}......y......~...\|.......{tu}......{ks......wnm\|.....~.zs{\|.....yyy......~vv\|\|.....{\|\|v......zzrr......~~}......\|\|\|}.....~~~~~~~~~}}........\|\|u}}....~~~~.....}}v}}}}.....}.}}...}}}}~~~...~~~}}}....}}.}..}~~ww~.......xxw~~.........}wg``a......sUUj.....^JDNl.....{V<<Qx....j[Tr...._@06N.....~jbr....uP99L.....lOO\{...wfe{......hYRbkmvxz.......rba`

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\no_thanks.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14816
Entropy (8bit):	6.200005886588461
Encrypted:	false
SSDEEP:	384:vkgRjVNUUVax0RGs5MCHhBHXkE+l2s379Bh+6KdgSv:vLRzNQxkGs1BHXSz3Jy4k
MD5:	4D6ACA98C2ADFFE7B1B943B27DB0A494
SHA1:	00C3384C779EF769A3F3F45782B33F7DF030BD14
SHA-256:	373C9A14A5460016593573B4BD2762C1AA0ED07B6BF5972AF7A089BF228CDFE5
SHA-512:	D726733496B898FF2BEDC8ECF631BF3FB9412B2D019357641A2165CE6D0E71897FAAAE3BDD5BEE8E0048BA4E39F0CFE99E7E93ED06249728FEF9CBF21CA820ED
Malicious:	false
Preview:	RIFF.9..WAVEfmt ........"V.."V......data.9..\|\|\|...................}~~............~~.................}~~............~~}..................~~............~~}.................}~~............~~}..................}~............~~}.................}~~............~~}..................}~~...........~~}.................}~~............~~}..................}~~...........~~}..................}~~............~~}.................~~...........~~}}..............}}}~.~~~~.~.....{.............\|..}...}}}}}........{..........}~~~.................~~}}..................\|\|\|....}}.\|................\|}~~..............~~}\|.............\|...~~~.~~~~.}.\|..{..........}~~~.......~~..................}~~............~~}................}~~~....~~~}.............\|}}~.............~}......~~~~........~...........~~}}...............}}~~~~.....~~~............{{z{............~~~....~~~~~}......\|\|\|....}}}....}}}}}\|....{...........}}}}~~~...}}}....\|\|\|......~~~~~~~~~~}.......\|\|......}}~~~.~~~~~}...........\|\|}.}~~~~....~~..}}}\|.......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\noo.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	26184
Entropy (8bit):	5.948814747407486
Encrypted:	false
SSDEEP:	384:74T6M0hkT0xnc8jZTFpbU+RdwsBLnLXVgv5nQXZY5+NmjRlxx9lda:7450GgtcY1GKXXVMMUtjRlxx9lda
MD5:	A33C90B41B84FA321D896C4E383AEFCE
SHA1:	A6C92389093ED2464CB2B0C4DB6C8781F6507622
SHA-256:	C29F69678E7D9E683A32BE820C22C1C89D88499D4614953EADC2F123946D83CE
SHA-512:	51578925DE8394981ABF439B2A71B31F4EA96D54058BAA8BE94BB6BB9127FC0AA3D7B21C9F0350B37EF4C7E7736371C4D8BBA1F101981371A5782ABA3C8E93D2
Malicious:	false
Preview:	RIFF@f..WAVEfmt ........"V.."V......data.f.....~........}~~..............~~}................}~~...........~~...............\|.~~...........~}.......~~.........~~.......~~}.................}~~............~~}.................}~~.............~~.................}~............~}}................~........~~}}............}~~.........~~}................}~~~~..~~~..}.........\|}}~~..........~........~~~......}~.............~}}..................~~...............~~~...........~~~~~.........~~...........~~}}.......{......~~~.....~~~................}}~............~}..................~~.............~~}.................}}~.............~}.......~~~.......~~...........~~}\|...........}~~......~~........~~~........~...y......~}...............}~~........~~.....}.}}}~~..............~}.......~~~...........}}.~~}..}}}}}.......~~~~...............~~~~~...~~~............~~..........~~~~........~~..............~}}\|.................}}~~~~~~~}}..........}}}~~~~.......~~...........\|\|\|\|\|}}}~~........~~~}}\|\|\|\|.........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\nothing.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	7942
Entropy (8bit):	6.1978898997245295
Encrypted:	false
SSDEEP:	192:o1eaaM7H+edeEfix6navR60yg+cm20VAHryJtSErq82n:oULM7Di2aJT+cWSHryJYErcn
MD5:	E565A4F6D484BBA5078346F567A7AE65
SHA1:	D07548646588E6B2A53D9B92DA30DBCAF0A710FA
SHA-256:	F2B7F9CB2275B546C722805D6D5845FED4156B4F3506F13DC9BF51AC2D85EDBC
SHA-512:	871D0B614A2B6EC8135320F240A6171126A98F8067F5C7E0B0101ED1ABBEEEE73086D29DDBD904958CD9C78B87A491FDA5578E2BBB001A6292BD9BE6FE63663E
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data....}}}}}}}}}............}}}}}}~~~~~............\|\|\|\|\|\|}.}..~.....~~~}}}}}......\|.}}~~...............~~.~~~~~..~............~~.}}}\|..........}~~~..........~~....................}}~~~~~.....}}\|\|\|...........}}}~~~~....~~~}}}\|............}~~~.......~~...............\|\|}}~~.........~~}}\|\|{..............xxy......~~}}.....{{{{.....}~w~~....~~wv}............}}}}}~~~...~~~~~~....~~~~~...~~~~~}}}}}.........}}}}}}}}......\|{............}}}~~~~~~}..........\|}}}}}}}.....~}}}...\|\|....\|}...}~~~~~...~~}}}.........\|v}~~.....yqy......vmu{......uuv~.....yryy.......u\|{....{{\|}}.....yzzz.....~}v.......{{\|\|\|....~...~...}}}\|.......\|..}}~~~..........}}}\|\|\|.....\|}}...~~~...~~~~}...\|\|.....\|\|\|....}~~...........~~~~}}}}\|........}vv~~.....yqy......wvv\|.....\|unv~....zsss.......}\|.{...~yyz{\|.....z{{{......~v.......{{\|}~~...........}\|...~~~~.{.\|~x..............~}\|{{{.\|}~.}~.......~.....}{ywvzyy~~...............v\|rpfdkx............tXNJTh.....{y.....zksldV^g...........iYXf\|........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\nothing_happening_over_here.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	25750
Entropy (8bit):	6.609038012384074
Encrypted:	false
SSDEEP:	768:tCYmOOqLntPbV5wT5iiVnxyO5q4XjZ4rOyu7xZ3nKCD2lOH:tCeLntPbVOiiVxdqXcBD2lOH
MD5:	F7343F935623EB5E8008421CBCFBE670
SHA1:	6716AB395AEF4C67EE7A1D8DF251B4C2EDDF6B74
SHA-256:	57F4CADA0037B2F4EDCCBA66EBDCAA20BDF4B48647D29B92683CC90010BBE980
SHA-512:	F05C7766F86C0A9649D30CAA1A8F478548F2C6DD5ABFDAE3AD078585648D76A2021D317C4EA919EB1CB02EED91B88F9E732CC9133141F212386A615D23D1F287
Malicious:	false
Preview:	RIFF.d..WAVEfmt ........"V.."V......datajd...}~~............~~.................}~~............~~}.......~~........~~..........~~}}................}~~~........~~~.........u\|.\|\|}}}}............\|\|\|\|\|}}}.........}}}}}}}}..}.......}}}}}}\|................{{...................{.........\|}}}}}...}}}.......}}}}}}}.}}}}...........}}}}}}}}}~~~~..........~.~~~}}}}\|\|..............}}}}}}}}}.......}}}.....}}}}}}....\|\|\|......}}~~...~~~}}}....\|\|\|.......}}~~.....xxxx~...~~~ww~......xxy.....xxxx......}\|\|\|.......\|\|\|.....}}}}}......}}}....~~~~~~~~.~~}}.........vv}}...~~~ww~......}}.........\|\|\|\|\|}}.....~~...}}}...\|\|\|....\|\|\|\|..............~~~}....\|\|.......}w~.......yxxw~...\|.{{{......\|}}~~.......~w.......{{......}}~............~~...\|.....{{\|.......~~~~~~~~~~.......\|.\|\|\|\|\|\|.......}~~~~~.~.~~~~~.....\|\|\|....\|\|..}....~~~~~~~~}}......\|.\|\|\|}}.....}..v...}}v}}}}..............}}u\|{.......{\|..............~~}\|{z......~....~..........yx~n\|............ijkst........w}......vvwxx......r...}{......\|\|}y.}.z\|~.......wncZfs..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\nothing_here.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14402
Entropy (8bit):	6.278133118844326
Encrypted:	false
SSDEEP:	384:g1lElJpD4KvPal4z9xl9s1R1JfeAvRbBmPx+arf:g1lMpvDDoHpbUPYc
MD5:	9977DBFDF1DDAB776499D81EDA7CBF8E
SHA1:	0CB331E604333360850EDC20182AE494D7B032FB
SHA-256:	F1537BD8CC8CDD65AD62A5A2E72AA47349ACE5FDB7B508F0EA20420BB5A2F332
SHA-512:	AD862DB10F8DFBB7DD1E52D101A79A3E9368DB8D0A9AE0C87AA7D407D608326E568C6105472481D7C766F5B164E358BA86EF168E3EE80F8E7E1D07258512C243
Malicious:	false
Preview:	RIFF:8..WAVEfmt ........"V.."V......data.8.............}~~............~}.................}~~...........~~}.................}~.............~~}.................}~~~...........~..~.~~~~~~~~...................~~~}}}}............\|\|..}}}}}~~~....}.............................{.........\|\|\|.}}.}.}~~.......}}}}}~~.~~~~...~~...........~~~....\|}~~..............}.{.z.~~~~...........xy..x..~~}}....\|\|\|...............\|\|\|\|}}~................zy...{{\|\|}...............}.yw\|~\|z......\|}vy..........}\|s.wtqnkpz{........zRC=Ie..........yndh]r.........{t_Zehk........~\|kpvkyv{.......wstopy...........phponut...........~}w\|\|.......vxrt~............~{.\|y}sxw....txw\|{..........~yt.yyxs.\|ywv~x{...........kbYTNMU_p.........%..../.........`=()8I\|.......t:,+1AZ}.......eQMPMPMTh......rXIJF^j}........wkQ]DFY........jm`UNN^`.........\|raQXYho}........reqhgtz........~fc`[nru........~wsiclvs~.....\|~~xzuy........yoie][ZU\vz...............6.........kH9-#...P.........Y7**8k.........sN;7<@F\..........hXA<?Zw........sjll

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\nothing_moving_over_here.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	25468
Entropy (8bit):	6.556620178144553
Encrypted:	false
SSDEEP:	384:TVAsZCiTJMperdZ8zI1QNrZgHiN6lyEDM8TnyUR24:FRTJOerdPih+plyEia
MD5:	A6530666521317D7CF5D70473D9F68F8
SHA1:	0EB23E1BADB881B1254BC74C720C1289CF339A92
SHA-256:	680684272AD15B436546A7B00BA1352A1BE0331A45770529E1193EEEA9E9F7CE
SHA-512:	F65C43966203B132E8A8B9EF12467879EC8AB25616AF1DF39BB1EA663FC15BFFC1318FADB9726DA79EC2B9EE6991A6EBB676C1D74A65ABC05FAC2FF672F7A1EF
Malicious:	false
Preview:	RIFFtc..WAVEfmt ........"V.."V......dataPc........}~~............~~}.................}~~...........~~}.................}~~.............~}..................}~............~~}.................}~~...........~~}..................}~~............~~........~~.......}~............~}}..................~~~~~~~~~.v......v.....~~~~~~}}}}.............}}~~..........~~.................}~~.......~~}...........\|\|}}}}~~~............~~~~~~~.......~~......~....\|\|\|{{.......}..~~~....w~~~}}.....\|\|\|......~~~~...~}}}\|\|\|.........}~~...........~~}..................xxy........~}}.............}}~~..........~~.................}}~~........x.......\|\|\|{{{...........~~~}}}}}}........}~~~........~~............}wx.....{.{{.......~}}..\|...~..~...}~....w~}......~}\|\|{\|\|}~.........vvvv.....xw....z................}}}}~~~.........y...........~~{{\|}z\|~...............urwusz......~......y...~.}\|zpusxuzwz.........qTPL[l..........~uljaX^l..........}xjklmn~..........xoofelry~......\|wrwrsmvx..........woovu{q~......~....s\|wz...zv{ws~x

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\office.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15342
Entropy (8bit):	6.627712516324037
Encrypted:	false
SSDEEP:	384:i3r2tZmoGMqkDcWt3VZKJ29pKMYnlmHs1pGCD6h:bHKkD9KJ4EM0mM1pDm
MD5:	D342559F0F91274C450935F40A3EEBE8
SHA1:	06286547739AC061427FDAACCB2569BD1A3EF355
SHA-256:	24694412249589B7A72B52627B660A6DA0D565DC1F68B24D4F1ABD15DC545554
SHA-512:	4F2F7158D828434BFD250ECADA9CECF2B54E419AD2974427FD3394D348BBF8641EFAA17F39C0281475086C594B0BAC7813B7812BC03F5CADA70D4797212EE811
Malicious:	false
Preview:	RIFF.;..WAVEfmt ........"V.."V......data.;...........~~~yz{\|vxz\|}..............~\|zxwwxy{y\|.~............}z}zwywuxxyz\|~............}{ywutrrqrz{\|.............\|xurkjjjlosx}............qba`h_chjw\|............zupmeda]\adwu............xo\SRUZ_bhquz...........}u_YJLEFQ\h\|............tcWJD>BOVv............nkloljf`[VXXhy.............u_Y\\``cfksz..............vdaUWQ[c]j\|............qppb\WMVYbrz.............ub`Z\YY\`lv~.............qe]YUZYfiep............{h[PCQRpuxwvy.......caoxxyuhZK41................m\dmsurlbVNg...........sZh..~ZNT\iu..st..........fKCRbzj]LO`..........{^Y`bUNR_qxy........w....hYLOanyqlpy..........znozoed```beku..............wdP;+;z...}~.......aG]imqomqiN,q......ysx......mX_kttqi^NB]............Zd..rY\efehtrif\|..........cEIW\]XY[^r...........\|knsmP@FVfs\|............~pbVYez~dII]t..............rcRLMRZhv..............kS;/A}..vilu......MgwzxwqtoU,T....v\|pkr.......div..zoaP?G............^a...c`ghcey~g^t..........nQMTadba`am...........r^k\|.oOO_p~.............rhb_fr..pQK`y........z

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\oh.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	8352
Entropy (8bit):	5.550266982183863
Encrypted:	false
SSDEEP:	192:A9e1NYIfhLDXzdnmuwgFWW9pXK8lL4ioxB/BFS5bk:A9eAQXzdnmunFWs4i4BMbk
MD5:	DEDA5DB31BD38E03C46E4CD1F7838055
SHA1:	50A96763000EB540661CD0770AADF63981B15174
SHA-256:	8FF180D6B60D4997E2E3EAD68C4037BCE7E6E2258A5D19AA7475E02D0C53F7C0
SHA-512:	E6F938DE20D7DFD2B207E53D6362A018EF31E0E8BB6485CDFB091872DCB78ADABFEA9875C1B07EE286314F97F3DCE3D2C6C807702A2C59C6C79A71ECBC893438
Malicious:	false
Preview:	RIFF. ..WAVEfmt ........"V.."V......datas ..}}}~~.........~~~~.....}}}~~~~~.................~~}}\|.............}~~............~~...................}~~............~~........~~~........~~............~~}...................}~~~...................................................~~~~}}...............\|}}}~~................~~}}\|.............}.~.........~~}...............}~~..........~}..............}}~~........~~.}..{........}}~~...........~~.................}~.............~~.}...................}~~~.....................~.~~.~.~~~.~~.}.}}\|..............}}}~~................~~}}}..\|\|.........}~~..........~~~.................}}~..............~~}}}........}}~~.............~~}.................~~...........~~}}...........\|..}}~~~~~~~~~..........\|\|}}}}}~~~~........}}}\|\|\|.....{{............}}}}}}\|\|..............}}}}}}}}.......~~~~~~~~~~~...........~~~~~........}}...~}}}\|.................}~~~~~.}}.......~~.~.....\|}}~~~.....}}.\|...{{{......~.........~~}...........\|}}}~~~...........zz....}~x............~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\oh_boy.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	9762
Entropy (8bit):	5.907016313763579
Encrypted:	false
SSDEEP:	192:nf9ePZ4nPX8BEGruAwHQOYpYAZaMQ0q41krGuOD6PPTZbalsQeIehxl2pp:nf9ePZCtGGdNnr0qISvnYl3ehxlEp
MD5:	7468B9197EB2F307C5B1275078DC5A89
SHA1:	8D68928EF74F7E399F91A432B40532E39ED7EE2C
SHA-256:	AFA3CA6C03A864E4307402380FA04C453718BE1E6DCB19E35EC859F56275C4BE
SHA-512:	05696D9768C04EEF0EFFE514BD2F7EE902B9457D7A2B936FBD6D14BD9B65C755773E4B0ED3240A12EBA875AA14FA37B593AA8C565785E127117EF3FAC6D1AFB6
Malicious:	false
Preview:	RIFF.&..WAVEfmt ........"V.."V......data.%..}~~~~~~~~~~~~..........{....{{\|\|\|..........}}}}}\|\|.\|.........}.~~..........~~}.................\|.\|\|.....................}~~.........~....\|.....~~~..........~~............~~~..................z..........~~~}}}}.................~~...........~~}}.............}}~~~......~~...............z.{.................\|}}}~~~.................~~}}\|...............}}~~~~~~~~..........\|.\|\|\|\|\|}.........~~~~~~~~~~~~~~.........}}}\|\|\|\|\|................}}}}}}}\|\|...........~~~~~~~}}}..............}}~~~.............}\|\|...\|\|\|\|..........}}}}.}..}}}~~~~~.....}.....{{{{{.......~.~~..~~~..............{\|}}.............~}\|\|{.......{............~.}}}\|\|\|{...........}...}}}}v}}}}}}.........~~...}}}u\|\|\|\|.\|...........~~}}}\|\|\|{.{.\|.............~~}\|{..~~.....}....\|.}~.}\|.....}\|~}\|\|\|}~.....}xz\|..~}trx.............}..}.twy{}}............{zvvw}zwy\|~y.............~}vvnnoox.............}xxykmorlwy{}...........}yvtnhijqosx.............xzmgadgdjejz.............q]VWXgrtorw............\|gdfhi

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\oh_boy2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	25020
Entropy (8bit):	6.139006198960325
Encrypted:	false
SSDEEP:	384:fBGc4TFIo2hA2coav98gGId+4FOeILabZD2nydNFuZfiDEHKMMJ4Zm/jr59CJtRo:MnpIRhUvigRdhFOHO5of4iZmbl+tm
MD5:	209C2D0DB98EFBC746D61ECEFF4367B5
SHA1:	947DFFC7E26B5D5D3B68E38AA130E92CF4461F64
SHA-256:	9483E655C8B4E7AFAEC28C6426E07CA64C53FA5E197BE1C5312F53DD36CA2477
SHA-512:	0CF45EA4614CB248DB3F65F172C097268F019150780C33E11207F0D356609FF40D86AFC1FFF6A6AF952D77E9F3EB64ED3E7309C1568749CFC09A9EC48AD153BC
Malicious:	false
Preview:	RIFF.a..WAVEfmt ........"V.."V......data.a...}~~~.....~~~~}}}.........}~~~.........~~~..........uu......ww......vv............}~~~...........~~.....................}~~................~~~}}..................u.u.................}}~~.............~~..................}~..............~~}..................}~~.............~~}...................}~~.............~~}..................}~~.............~}........~~.........~~............~~}.................}}~~.............~}.................}~............~~}.................~~..........~~}}.............\|\|}}}}}.......~~~~~~~....~~.......\|\|\|{{{................p..~~~............\|}}}~~~......~~~..........{\|\|\|}}}......xx....~~..........{{{\|....~~.....yxx.............zz{{{................~~v\|\|\|{{............z..ss{zzz...~.........\|}}~wxxxyyy...........\|...t{{{{.\|\|}}...........}}\|\|{{{{{...{............xxxx................{\|\|}~~...........x.vv..{{........}...y...rrzzz...............z{{\|}}~..............\|\|{{{{...\|\|\|}}~~.........~~~}}}}}}}}}}............\|\|\|\|\|\|

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\oh_man.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	25158
Entropy (8bit):	6.465671167118806
Encrypted:	false
SSDEEP:	384:JYk9M5fHLjVxJnu1Lwqs65eA8411678eewManTh6wAN8sKikkuj7brHp4QKO/G1D:19M5HVbQeEh16HnTkBNa7/p4wcMtkx
MD5:	3E695D98AE0BDF32CAF5BACB9704906C
SHA1:	D8CD9D5538598FA6C39ADACB22A032C154F29D2E
SHA-256:	BD970C9DAF83665209838B14008F2E78A37113B8158521A868EA8A5F2CA81FC8
SHA-512:	270D50DF9E4C4F806192C3F6CCC7D88CECFEE2F285F507DE6A65C885F7B96FCACA934A67F64B13860040C9D663DC83DFBD8FFAC52A46F3576C1CCC11FA1738AA
Malicious:	false
Preview:	RIFF>b..WAVEfmt ........"V.."V......data.b..yzzzz...............~........}~~..........~.wv..............u......u.........................}~~............~~}...................~~............~~}}.................}}}~~~..........~.~~~}}}}\|\|\|\|\|.\|....}.}~~~~~~~w.v.............}}}~~...........~~.........~~~.......}~~.............~}}...................~~~..........~~....~.}~~~~~~...............~~~}}}..........}}}~~~~~~~~.....}..\|.{.............}~~...........~~}.................}~~..............~~}}}}}}.......~~~~~~~~~~~~}.......~~~~~~~~.~}.}}v........}~~~.........~~................}~............~}}............x.y.zz.{{.z..x.......~~~~~.......~~.......~~w....\|........\|\|...v}~~~..~~......xxxx.w......}....}}}}~~....xx....~~.}.\|..l..{{.{..v.~.x..y.r..y..x......{.{{.\|\|....~~~.~....~}}}}.}\|.}}.}}..~....~~~~~}}}}}...}....~~~~.~~~}......{....{{\|\|...~........~~}v.............~~.yy..r.....~~.....z.z..{...........xx....}\|\|............~...xx...~~...........}}~w~~w..~~.......\|\|..u\|\|\|.........~~}}}v.\|.\|.\|..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\oh_my_god.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	27248
Entropy (8bit):	6.095956998218792
Encrypted:	false
SSDEEP:	768:eTnN1vp10fKVuLXWXuqgniDfzy4M99H2qWy:eTNhp1zVuLXW+cHK99H2qWy
MD5:	D23AC23F9B0562E527407972006DC442
SHA1:	19E580FF7CF99D3997595A7369CDBADB409D5923
SHA-256:	DEC88E8CD6F6536357C0D0822DAD91EC3AA07E31C4F5EB1097A0A794E1F1E6B8
SHA-512:	1B649897DD6CD98624D55B3C521489DEC3E0C05A59A4D8C867FDE81558100C7C7F26A6D886471178F54867ED334263DF13433FA937CD3FA576532609969826C6
Malicious:	false
Preview:	RIFFhj..WAVEfmt ........"V.."V......dataCj..}}}}}}.................}}~............~~.................}~.............~}}.................}~~.............~~.................}~............~~}................~~..........~~}}...........}ww~~......\|\|............}~~...........~}............{{.....\|\|.................}}~.............~~}\|................~~~~~~~~~....\|.............\|..}.}~~~~}}............\|\|\|}.}}~.~~.....~~~..}}\|\|\|\|...........}~~~~~~~.....\|..{.................\|.{..{............}~~.........~~}...............}~~..........~~........~~.......}~............~~}...............}~~............~~}...................{...............~...........~~..........~~}}..........\|.}}~~~~......~~~}}}\|....\|......~~~~......~~~...........z.........}}~~~~~~...........zz...z...........~~....~~~~~~}}}..........n..n..}}.v..u........\|....~~~~......~~~~...............{..{........{....\|.......}}}~~~~~~~~..........\|\|}}}.}.~~~~~~.~...........{{{{........~~~~~~~..}......~~~~.........~~.....~~}..............}}~.....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\oh_no.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15780
Entropy (8bit):	6.4719150604031705
Encrypted:	false
SSDEEP:	192:rmo4FRFFJtbizZyKMmGilBtWKGENuFRCoHzHT7sDuIaQ2KOv4o2:CXFHDtbM73lptNYrDvsDR23v4v
MD5:	BD05F83A27811B1BA75D2E822472268F
SHA1:	0AD244BE3DD0FEA89E3CD1E3A7A686CA46DCFB94
SHA-256:	3BD7ADCED226E11097036BFBA3F73E323965212F87F65054A3B78627038DC0EB
SHA-512:	21D9FF4F8D984B45FA629E24EE9931DCCB2F5AB511D63E1BDCC76689AA733E576C9144E145FB3A63849952EB30501113C1D18BCB3AF15E1BB7E77E64F1E12DD3
Malicious:	false
Preview:	RIFF.=..WAVEfmt ........"V.."V......dataw=.........}~~.............~~}.................}~~...........~~}.................}~~............~~}..................}~............~~}.................}~~.............~}..................}~.............~~}..................}~~.............~~..................}~~............~}.......~~.........~~.......~~...\|\|..........}.~~......~~~..................}~~............~~}..................}~~.............~}.......~~~.........~.........~~}..............}~~............~~}}...........}}~~........~~..........~~~~~.........~~.............~~}}.................}~~.........~~~............\|\|\|\|\|}....~~~.....~~~~~~~~}}}}.......}}~~.~~~~~~~...~~~}.}}}}........}~~~w~~~~~~..........{\|\|\|\|.}............~~~...\|........\|}.~~~...........}...{{.{{.\|..}}..~....~~~}}\|\|...................~~~~~}}}\|\|\|............~ww..xxxx...........\|uuu\|\|...}.....~~~~~~~~}}}.........\|\|}}}~ww~..........}}}}\|\|\|\|\|\|\|....~......~~~~}}\|\|\|...........wxxx..........}\|...{z{{{{...............~vv\|......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\oh_no_sad.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	22436
Entropy (8bit):	6.368794826265679
Encrypted:	false
SSDEEP:	384:3qlXVlBMm/WSsgBYpOGZxCw+7r+aDKUDLzrpWJPfC5cY8XIsFFjaI/Yl+iS:3WllBASsPpfZxp+7aTgLzUOnYdkl+iS
MD5:	1E6A9F11D9258426C0CDDE5AD7F9EB53
SHA1:	E295A32DFE7BE47EF209AA707AF711B7C91F14CF
SHA-256:	23F76A63470A667FCA7E5F3DF4A19C8382CB87E602981C3853F31AC98FA8AAB6
SHA-512:	A91D9D504CEFDEB496279A043913222FF2CFC1FB3A257E240EE3CE20A364F111937367ACFCB16C8B3CCA1C4B2737E0060B715DF3D63806A554B54EDAF04CCD5A
Malicious:	false
Preview:	RIFF.W..WAVEfmt ........"V.."V......dataxW........\|..\|.....\|\|\|...}}}}}.........}}\|\|\|\|\|\|.........~~~..x........~~......{{{{...........~~~.xx..~~~.........}}}}}}}v}.............\|\|\|\|\|\|\|.........}}~~~..............~~}}}\|...........}~~~~~~~~~~~..............\|\|..~~.............~~........~~~~~..........~~~~~~~~}..................}~......y....~}.............~...{\|\|}}}.......}...~~~xxy......~....{{{{..z..~............{\|}...x............ww}..\|{............~..xyyy..............zzzz{{....~.........yy..~}}\|...............~~~~~~~}}}......}}}~~~........~~}}}\|\|\|{.......~.......x.~~}\|\|{..............z.{{{{.z..........~~..{{\|.~~........~~}\|{zz~~~.............zrzy..~~}.........\|.~.yyzz{{{{........u..t..\|u.}}~........~~.}}.\|\|.....}}...~.xx~~............z{......w..x.......~}....{.{{..\|\|..~~~.......x~....}}}}}..}}.~~~~...............~~~~}}..........\|}}}}~~.............~}\|..........{\|}}w............~~..{z~~}x}.~...........\|\|\|tssz.............yzst\|~xyz{\|............{rxww{{..............wxww~}\|z.~......~......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\oh_yea.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	20244
Entropy (8bit):	6.690119318875069
Encrypted:	false
SSDEEP:	384:j+xfkaGUW/DJcKaQb81Ftfmx9RsTB92AHAhXBrFST3Ecevo5FfwHd0gSLlMwF:NRUW/FraO8nFmx/6UAHAxCUcev8FfwHU
MD5:	C6C019DC666D87B1656CAE3F0D0F276F
SHA1:	E711742A4F79557168A7A484C60DBDBC13C1E958
SHA-256:	FC21FF6A312D095AFB63671D3B5C15796ECE31B55C9A359EE1DBE4AFF4411288
SHA-512:	1A2716EBBAC9ED8EBC24136B974F7293ECB97D2ABA0097FC58D84AD6630EDFAF13D26B6EDDF2194D5E3C784895D6375F98DE94D501F42B3566211700DABC7F5F
Malicious:	false
Preview:	RIFF.O..WAVEfmt ........"V.."V......data.N......~~.......}~~............~~........~~~.......~~......{{......~....~}}.....}~....~....\|}}~~}}.....~...~.........~...~...}~~.....~}..........~~~~~...~.....}~........~\|..}.~\|~}\|.......\|~.}..}..z\|\|}.\|........}.}{.......y.....\|..{\|}~~.......~.}.\|{.......}...~......~~w~~}{y................\|}{\|y{vx{}........~}trpmsx{}~.........zuumqv......~...xux{v...........tnsppx}z..........ztrwuz{{.....}}yvt\|..........yrkeb^\_l................D..oc.....xWPViS5&1p..........f;0?Xt.........bLDAM]osnx......ziqcM@>Su.........xiebdlr........}jU[_ktsz...........~vndci{.....}wtqt\|........{z{\|}\|yri[NGQ~.........K.../P.}Z`f.....fRM3 ...w...........6.!-1;g.......rTKLSC*.&..........sM2.6ALZo......mOADs...X>d......v^u.ojsz..........dL;,!O.............$SVYOKUTQNJ.......................48aphZNIB:_........%..A...........LSm~.saI12......\|yz.~^.......cKO[j{.}p^K<G.........+Hhwo_LIQ_q......;W^P$&(:n........'1AWt..qhbdgx....[@NJ1.'............#(?V{.........ypz.v}.kRIW

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\oh_yea2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	18024
Entropy (8bit):	6.914877410994005
Encrypted:	false
SSDEEP:	384:xCQvYwNGDVKgmV/LPKMcnc2GSvHIplI+uT2hyI0q0:xjYlDVKgmtZcPo3IAhydP
MD5:	C36FCE2947CF37CE125447604E43F8BA
SHA1:	3CC8AF1E129EBD0B9EF951D694F4728C948D98D0
SHA-256:	8081A314C508082F98BB4AE29B9DD48A2E15E408ACEFFF10B8400979ADDCB6FF
SHA-512:	600DF9A27EADCE87B2C846A2A2FF461C7AB63B56AAB3295E4F220EE32B8C91B6EB5CFDE33F51B646B235CAEFF67A553089DB31E7416967C58C5F08A94C02A6E8
Malicious:	false
Preview:	RIFF`F..WAVEfmt ........"V.."V......data;F..w~..............~......}}\|\|\|\|............}}~~.....yy.....~}\|\|.........{\|\|.............~~v..............u}~~x............\|\|{{{.zz.........yyyy.......~~....\|\|\|\|\|\|.....~~....~~~wv................v}~~~~~....}}....\|\|\|\|......}~~.~~~~~~........{........v}~~..........~~~}}.}\|\|\|...............~~~}}.............}~~.........~~................}~~...........~~}.............\|}.~~~~....~....}\|..........{{{\|.\|}..............xw~~}..........{\|\|}}............zzyxx~............tuvww.........zy...vuu.{.........~..yzzz{{.......~}}u\|\|{{{............}}}}}\|\|..}..w.....xx..~.}}.{..r..qx.~..{\|....s..mu.\|t..i~.\|t..x....~..t.~p..z.........x~}\|\|...s.............}}~wx.yz..........~}..~..~}}}}~.}..~.....}...}l.wt.u}~{h}.........sgtpl..xx.u........\|sqlprtx\|..........xvsplojew{~........~.oli_\egv}..........usf]fgyl...........wnljwlq}.........~\|qtnprs}~........{zxwnmlsy~~.........}vopqzz{{\|\|.........~}\|tsrx}.........~yz{tu~.w.~........~.{zz}tzz...........z{tuu\|\|.............xx

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\ok.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	11110
Entropy (8bit):	6.245636260906854
Encrypted:	false
SSDEEP:	192:v2lGfUkbCuN87AGGsWI3qV+YeCS3GJwQpnudyj0z1Wn1G1dxRwpEY:v2lGf7bC9UsWIAeCS3QwQRudy061mxR6
MD5:	A32BDEFFAE1D5D069D15A0B9725CA00C
SHA1:	A391C76466438A91231FFB924A47DEE38BBD4EEA
SHA-256:	A5DC582DA7D9C112A0FE0F04850B36B559B25A87FCCA3A3361644666BB6A1A6B
SHA-512:	B640CAE2893604DAAC9B1BC92A8E2CF042F93568D4C78E4AD3E2D635AE196F8219D10375EAB488D4B63199A851BFDCE51C7AAB60813AAAF7C9492761F8BD3855
Malicious:	false
Preview:	RIFF^+..WAVEfmt ........"V.."V......data9+..............\|\|\|..\|\|\|\|..........}~~~~~~~~}........{......{.....\|\|..\|....................}~~..........~~~........\|.\|\|.\|..~~~~..............~~~}}}...........\|\|...}.~~~~~~.~~...........~~~~.........~~~.............~.}}}\|\|\|............}}~~~~~........~......\|\|{{.......}~~...............~~}}}.\|.........}~~............~~}}................}~~.xy..............{.y~}}}}.~...........\|\|\|\|sz..~..........~z.\|v~x..{........zyxw}\|..............~xyzz{.........~}}\|{..~~}~..........z{{t\|\|...........~}\|\|\|\|\|}...........}}.\|{...vu{z~}...........zslmm}~}..........zsrrksz..........{{{{rryy............{t{u\|\|}.........y.zrzyy...........~.zz{uvw...........zx~\|z~\|.~zz..........\|mvwvu\|.........}\|{uvuwvz~\|.........yupsvxwsr~\|.............}xzskhdemopx.........yW76APVa`c..........iE47C[hu.........tbciig^ak..........saRUWr{...........ne]]U[[[q..........\|gVUTdmtvw...........yxmjfr........~.smchnky...........unhYTWSeh............qllf]YYW^fv...........b>65AO_flr.........n]>(&=W

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\ok2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	11086
Entropy (8bit):	5.489498733654279
Encrypted:	false
SSDEEP:	192:Cgl0wVAMPpdNc01vCZ96A6eicISspJCUPbKIoSIR2V6CPZDsxf:Cgl0wVAMxzc01v69F6Hs6dbKI1IR2V6/
MD5:	947B478F333373029C53C43F0EF1617C
SHA1:	0C38C9C8B0AD4F8B067B75F01E9663B17465B399
SHA-256:	597C448235DD549595B7F203DD9C4CC12EE51D0624FA9776122DFDE30642F2D5
SHA-512:	64F28E878E6E5336E346BDE4491EEBA1E3A05D53FF2ED535CBC31F92E664A077FBFA3D1F7FC39A5B21C93F55462B445AF407E29BE7D274DD9E7B0D44FB979BF1
Malicious:	false
Preview:	RIFFF+..WAVEfmt ........"V.."V......data"+..........\|.}.~~............~.}...............}.~~...........~~.}...............}.~~............~.}.\|...............}.~~...........~~.}...............}.~~.............~~.}...............}.~~...........~~.}...............}.~~.............~}.................}.~~...........~~.}...............}.~~............~~}.................}~~............~~.}.................~~............~~}.................}}~~...........~~........~~~........~~...........~~}}.................~~.........~~~.}.....~~~~~.....~~~~..................}}~~................~.~~~~~.~...............~~~~.}.}.\|.........\|.\|.\|.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.\|.\|.............\|.}}~~...................~y~~~...........~.........~~~~}}..........\|...\|\|\|\|\|.\|\|...........}}}}}}}}}}........~~~~~}}}}.............\|\|.}~~.............~}......~~~........~..........~~}}}}..........~~~~~~~~}}}..............}}~~~~~}}...............}}~~...........~~.................}~~............~~..............z..........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\ok_cmdr_lets_go.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	34676
Entropy (8bit):	6.640045723993969
Encrypted:	false
SSDEEP:	768:yJy0hEkCGB0eQbUTlstFZKThqlnlU/EjgBr0aPcP40Iq2zulPfe3:yJy0akCGHfTlIFZhnlUfr0aEPYq2zul8
MD5:	6CF0C99D4752E2A4AE0B3608ED19C1B7
SHA1:	9AC4CC66ED08B3DCB06F74C90A42330E61101420
SHA-256:	682FEA7417A337518BF7001ABE97701AC713AB58F4D5E267100489C8CCA37FDF
SHA-512:	76AB78C3B2E6C047141DA329751A3C1EB26F36C65DAC7287E8410C9580417AD0365F7F04592900363A436FE2D11070AB58EE0CF63BF7573FBAEDD6C9FAF549D4
Malicious:	false
Preview:	RIFFl...WAVEfmt ........"V.."V......dataH....\|\|\|\|\|\|.........~~~..........~~~..............\|\|}}~~.......~~~}}}\|...........}.~~~.....~...}}\|\|..............}}}}}}}}}.............}}}~~~~.....~~..........\|\|}}}}~~~........~......{zzz..........~~~......~~}}}....{{.................}}}}..~~~~~~~}.}............\|}}~...z{{{{..........~}}\|\|\|\|}}~.\|}~...........yx~}\|{z~}}..}............{{{{.zy..~}..............\|}....z{{{\|\|{............{.{.}y{}.z\|~wy............}{utxtywywz~..........~.wsfi]`eip~.......q_kx.vdOHIUw...........sea]RJJPbv...........zeRMQ^\[cclw..........{le]\bZYR^c............{ne\[bbksu\|...........wnlhkux~\|}x.......yxz}uts...........\|llkddcgnoy...........xmb]VVRHPOfq..........G4<LgU=0,.B..........]>3.3/13Be...........P9-6ANJCEMa.........}jQH@H@><Hg...........eL><<@IP]x..........sU3,+4CV\io.........uaZG;/,6G_o...........saSMKIIGHJKXw..........n$.%8QQ;465@...........U......!5j...........C-(-:B=4).E}..........fH<8,(:W..........U9.-1>LW\m...........[E?ACR]Z_cm........}reS3+&1

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\ok_sir_lets_go.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	27038
Entropy (8bit):	6.877113106711054
Encrypted:	false
SSDEEP:	768:e9I2ESnFMWOmSfpnEFWn20pZV29nnbUt7qvNbe0:e9BV34REFWnBpvQUt7qvte0
MD5:	1B644A4BE41D6393162E2E6B7E645499
SHA1:	FC7A7FC5123EEE889E36BD77B2FE9491A6F95E8C
SHA-256:	6C4303A842EDF1EE1B21BA9365699E437FFA86AE378EE2B8E330745141125C33
SHA-512:	FAAD97901D0361A24379E9FC98DB9FA0CA3F026395497F34BF4AE4FD083D9959AC20EE42E5CB63FD87F0F2DB4E6192593B2B2FD8161D034824CB02039EE0E94E
Malicious:	false
Preview:	RIFF.i..WAVEfmt ........"V.."V......dataqi...}~~............~~}.................}~~............~~}..................}~~............~~}.................}~~............~~}..................}~~...........~~}..................}~~............~~}.................}~~............~~}..................}~~...........~~}..................}~~...........~~}...............\|.....x..........~~}.................}~~...........~~........{{{{.......~~~~............~~~.}}}\|............}~~x..............~~........{{{..{.........~~~~w~~~~~.....}}\|\|....\|\|...........yzzz.{{...........zy~}x}~~....~.....\|}}}\|....~...~}\|\|....}~........~..x.xw~}\|..~..........\|.~..}~..\|}...x....~....}..}.....}znopy..............wvusz.......{z~~.~.\|}~.........qrrz....~........{y.~~.....~..}.\|..\|v.wv.........}yvtzz.}.\|z.......}....~.....z\|}wyuzyy.}..............xokfmffnv..........Z*.$8h..~r{......naU95<Uz......s\|...fOEJ`~........kZFJOdszryy.....~ZLSbjstu}........~vaUY^j..........wlgZT_co{........votqupsmw\|z.....uuwkopz..........\|m`X

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\old_mines.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	19754
Entropy (8bit):	5.735854503254097
Encrypted:	false
SSDEEP:	384:2oOerCs+BzthuxPvCVgf1ALBMuXf99wQB2TZf:3vCVWALoQwtf
MD5:	B1091766E71EB62E9B7FFB9AB6AB062D
SHA1:	B9271178DABDD2599115C9E9FCBAB2DD5FB58B15
SHA-256:	AF2D41F91B59749593EE19DAE5D5D231A977A38A997EA321C00C53C5B92E3BAB
SHA-512:	E7BC9DE7C0E040B81ED010104205542BF3EBBF23B9CF8E73BAAD8527C5FC6D3CDCD48CA36557DD989762256263A78A2ABEFD7473930BCF1D6079FA29E2603FDF
Malicious:	false
Preview:	RIFF"M..WAVEfmt ........"V.."V......data.L..~~~~~~~~~~..................}~~............~~}..............}}~.............~~}..................~~............~~}..................}~~............~}..................}~.............~}}.................}~~...........~~}.................}~~.............~}.................~~..........~~}.....zz......\|}~~......zz.....xw...............{{{{\|........~~........yzyy..........~~~~~....}..z\|.~............\|z.wu.....~..........\|\|...uyu....}z.}......{pv...{.zuv}\|....~.}{}..y..x.~z.~.{...y}...~........wy}syy....z.......}..~uz.{w.~~{...w~~....~.~....w.~}\|{y.~\|\|.....~.....}....x\|zw}{.wv.~..~........}w.~uqtnxy......wngy....hHHd....fZZr....n\Zy....rdom\|....yt}x....{.....or.....mefy....vjf.....zuns....zpmjv....ruy.......~..{ouz...xrtv}....wp.....\|{sn.{....yqp.......{.......}{.xv..z.xtxy.......}....\|ntroz\|..}.....ygx....oQMb....g^av....raXs....x_`k.....\|nwx....\|....\|.zw~..yujr.....thh.....pllp....zdevx....wwy...~\|xv....{}.ww~}.x......yv~.....qr{~...}sw\|.....{z.v

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\on_my_way.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14202
Entropy (8bit):	7.376915936892648
Encrypted:	false
SSDEEP:	384:hdjdEUGGxq1mVToA13bkSQBrmM3LToc4Mcdh9lrL3gu3Mpl7O58Jm:vjdEUGGeahb6BqMfocCjrvXMplyl
MD5:	F6435A788DA1B7CA836EC477652098AA
SHA1:	DB9F778CC6627CFB109991CBD5590D78D87461E4
SHA-256:	39D400274F6216EEED4B4E2AA55CD63CE71CD3524DB970B89BC760EB759A9DB1
SHA-512:	A7589FAEC40E8B9587AF598A7F808464F3889747E80EF1F4353F35BDC646AE4B594D9F0DB7782F26594F9B47A760758B388F492CD0A8945A62B2BEDFD2442BB0
Malicious:	false
Preview:	RIFFr7..WAVEfmt ........"V.."V......dataN7..v~.........~....~}}}}}}~...}.............~}\|{zy~~....................x~~~~~~~~.............~~~}~~~z{\|}.............~..~}\|{{{{\|}~...............~}\|{zyyy~..................yxxxyz{\|~..............\|zwywwvwy{~......{vx...~{ikn....vsw~...........{vxyzy.\|y}....{x....{uvx.}...~z.~...zz{..zyx.~....}......~}\|\|...{zy}{.{x{~...........~y{w{yxxy\|x\|z...........z.}.}xsvyuvsuz...........~\|...rvjfir{\|\|{.............xvwieeimquq}............{wslgdc^cdiw.............~si_XLE@Xbw.............gTRSV[`]N?@\............WFLWWRFBI`............sv..vT@==P`txt\|............jUQW[db_Z\g............~jdhnlbXW\gq...............yph_fmzxnkht...............~~zuligha`Z]gz........._^...W<N[[^..gL@;............-..7[a[bklt..}h.....K?v...".. U...dbu......{...r6.. AWNH?L..........V*..-8/% &D..........aB999'...3`...........tj_R3...$Kl}...........pf\TK?3'#3b............BBSSRlmHE?)3...........17V..hoztfj.tP?o...........M$4@R\|\|bZVKc..........P3@XoaMPYj..........pB/Jq~^7&/I........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\on_my_way2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	13830
Entropy (8bit):	6.647912678781697
Encrypted:	false
SSDEEP:	384:Hc2fVlThqIeDYvB/Wb1zvnI9qo/W1jS9YD:Hc2fbhqLoB/WFaqoO5S9I
MD5:	71A85A04ACD511B1E2E9C26237992F3C
SHA1:	57B1AA40A2D3294C0AE4A059970E20C2FD5EC318
SHA-256:	047B51E66CF7DB52D4C572F4B3D75418F9E63BC495AE26E1B23A5BAFDECF92B7
SHA-512:	E74B6EA0DCBDC21F81FEEDCC022CBBFB5C9C312DD1CC5F1A1E61400E46773B421097D1EDAAB647F2E914132A25FEE18FBBB1C61252A0B9CF25EFA86D013623CD
Malicious:	false
Preview:	RIFF.5..WAVEfmt ........"V.."V......data.5............{{..\|.}}.~..~.~~....\|\|\|\|.\|}.}~...............~~}\|\|......\|}}.~........~~}.....~~~~.......~...........~}}\|.................~~~~~~...........~...........~~....{\|}~............~....~~}}}}y.z...............~}\|{zz.~~..............~~}}\|\|\|\|\|\|\|}}~..........xw.u...~~r~....}............~}{z}\|{{{{{............}}\|{yx...~~}}}~~.............~\|..}}\|\|w\|}..}...............\|zxvuxxy{}\|............}zwswrursusy............x{tngflqv{w{...........\|stqthknitw............}y{vvuqtpv\|\|}.............\|w{wxx~\|.~z.~...}~...\|xy...........}tmmfhomr~........vy...dXX\cv.ydPO.....y.....R<?`sn]QVh..........SKcs.rP0)Q{....~.....ws{{maRLR\mqmq\|...........rdXS`ebh`fl............wnmjgbbeq\|..........}sxz\|{wrpqq~........\|.yxyw{jss\|\|..........ug[Z_^_iz............._V]bdktjVE>g..........Z##Apu[QV`}.........V=Ss..I..0t...{k.....jgx.v\JCBTmoict...........uL7?Ufi\W]n...........whida_YV]lx...............{rbW\ny...}}\|~.......~vry......vni^bmjx...........npyoaaipomv}nWL\......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\one_guy.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14646
Entropy (8bit):	5.831896921963189
Encrypted:	false
SSDEEP:	384:6S55XPCxCRnsfvhCW1+kpT6mvgCmUUq+Ev:PnXPQYsN11TLZ+i
MD5:	1953E5B1060344EB9EBC3B947E82923C
SHA1:	782DB6A18BCE5CB4F6D7CBB866B8CCF21A61A119
SHA-256:	68FDE8C98C4DC2C93A7AC8C513BE4C5A58824B491B6419AAAC4F517D8A29CA1C
SHA-512:	39FCA5F3895FB8F87E742C6A09E2035EF491FB0D04068305D3E21DA0780395F8C91DE4CEA922B7B26FE7B2887D221D6213D41101805E9A15691059522D10BBF8
Malicious:	false
Preview:	RIFF.9..WAVEfmt ........"V.."V......data.9..~~~.........~~..................}~~............~}..................}~............~~}.................}~~............~~}.................}~~...........~~}................}}}~~~.........ww~~}}...}}.......}}}}~~~~..........~~~~~}}............\|\|}}..............~}......~~~~......~.......{{z...~~.....~.~....{\|}~............~..\|{..z........}}~.............~~}}}.........\|\|}}...~~~.......~..~}}.....\|\|\|\|...}}}~........~~~...\|\|\|..........}~~~.......~..}..{z.........~...{{\|....{.......~}}\|\|}........{.}~~.~~}\|.....~}\|......}~.\|~x..\|.~~~..\|{..~...~}w.....}~.{......{..\|\|{....~}\|...~~.}~.~....\|}~xy............~}.....~~.~~~~....}.....yz.z.....x.~~}................{{\|\|.}.~.............~}...~.\|{.....}..........{{{zyx~\|y............\|.}\|.{~.\|~.x.........~.\|y~.\|..~..zy\|y....w..........\|~{\|..w}}~..........{\|~...~}{z.}......~\|.{.{{\|}.........z{}~~~.}\|z.~...~.\|.~....\|~y\|\|{.....\|..z...........{.{x....}..~.......}..~{wyz{.......v\|\|.....rtt.....{}}.~.z.........t{\|...~wv

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\one_guy_left.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	21856
Entropy (8bit):	6.394112137484981
Encrypted:	false
SSDEEP:	384:I7xj6pk8u6C7Mf0h0hXZIpwbyHwrx8GPSwstUxyYxnfdfTRQJq:sj6pkYvXvyQrx8k8t+yYlT
MD5:	2B6A781F54E0F2456F3991F09F158A74
SHA1:	764448B9F1908F84DB73D1A53A79D650A2BE8692
SHA-256:	A62075508A28EE34A3F6347FB6F7B76654E84CDB7519D98E0B609ADE4675AD8D
SHA-512:	3BC6E7A52D3DAFF6989C9310DE933DC04C6A76B400679A65A06E5455CD3F7E8DB6D7F4EE519F4DBE7A352822B4706A5A309F2BD3B05972B4389DEFF18A55EE6B
Malicious:	false
Preview:	RIFFXU..WAVEfmt ........"V.."V......data3U...........}~~............~~..................}~~............~~}.................}~~...........~~}..................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~............~~}..................}~~...........~~}..................}~~...........~~}..................}~~...........~~}..................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~............~~}..................}~~............~}..................}~~...........~~}..................~~...........~~~}...........\|\|\|}}}}~.......~~}}}}\|\|...............\|}}}}~....~~~~~~}}.................}}~~................~~}}}\|.........~~~~~.....~~~~.......\|\|.\|\|\|..}..}}}.....~~}}.}}}.\|....\|.....}~~~...............~~}................}~~............~}.......~~.........~~.....~~~.........~.........~~........~~~}}\|.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\ouch.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	10954
Entropy (8bit):	6.685852076482104
Encrypted:	false
SSDEEP:	192:/6UsVphn971c0NHFnJGMRpNPFqU4ohJMUnec5ImOEnPd:/6UqpTxc0FNxL/hJMUe8gEPd
MD5:	4866E40BB513C54864B017CA11E5A575
SHA1:	1945BB9671BC61D75EF7DA4EDDE301B53CF29C45
SHA-256:	6F51F772D784013E20575CA2C16191CB3B30720CC8B4C5161F400439D4C11340
SHA-512:	7B54EBB7825520EEE9899252620700BE7DEB2C426DFBEE39312AEC60991F06499B8C7A0ADD8B6A3DF3B0E80822285BE693639D85D880D64A2C50C12F4CB1D9E1
Malicious:	false
Preview:	RIFF...WAVEfmt ........"V.."V......data.................}~~~~~}.\|{..~}..}...~..........}.z{}wxy.............~{..\|.{\|\|xz}.\|.~..............}\|z\|wzw}\|}~.............}\|tqqrqqpww~..........>==HCS~x.........{YK7;4._\.......1Q[g_gI09.E............+>......clvo[QA34..........:&6Lcs.........~kXGLo....vpr....a1C`y.....ukq.....}flecgijomr....1u......p1^5....~...1..%@......`_pseM2..Q..........[Mfv..tcdk}..lTXm{..........3.Llz~{fA!{......~......ev~....kYOJ=h..~x^kp.........$Kx...wV:&...........727Ha..yvuwvpdi...........J.....m.........#VNLFF?A..f............@$....:$6fxyyzd8P................m......YS[b^O>4C}......F.%/R..........lfgb^VS7.....~......s.!.&.....G=q\|tpic?............"5=@3>.....9CMJGGE..........(...K......"mgh__XU@.............:?Y......,Oumjb^Hc...........9FKPXQ....sPeaZXE.........W...X....gxrrgjV]....{x\|x.{....-_J7....>Y{\|pj]S............AG\dox}.{~..tkgAN...................{}~\|wwhn%...........V;=DbV5....:jnh]UI5............9Yhouz}.}}j;-......}~x..v.."......j.y\|

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\outside.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14778
Entropy (8bit):	5.8424021229504834
Encrypted:	false
SSDEEP:	192:frdTR1TLPHUbLxu0GNG0rU9bCzcjOgD1ZmQIlynCVE8bbICg7glm8v:Tv1TLMtQGa0CzcnBJCVE8K7glm8v
MD5:	C30EBE708644DCCDD775FDF5022E134E
SHA1:	51285D074F67B06B6B2D5535BA189984830C7A0A
SHA-256:	112519B83B9ABB35F98EE55BC41F56A91C8D92EB1F6AF22A02F1CBFC2FDD9D58
SHA-512:	41DB89CDDE41E5E391BD4005F5B5DD4EDC7A40D28ABC59810FA2CE01A7A415A79AC5CEBD4CDC3CB5FB0C9C7D56D67322062CBFE8AAFDF0E3FB081F23B3538A8E
Malicious:	false
Preview:	RIFF.9..WAVEfmt ........"V.."V......data.9.......~..{.{~............\|}wzv{yyz\|.}.............y\|wqqqqqurs}...........T-/=Rk}..........{\|oYK^x......e_inooffu.........i]QKMQZhmmt.............'/#b..>7<....\......ZY..... . D..cENM[....bg...8..'.....r....P5<HXknr{....sUMXxpfSUf........u]\Yaes{........{v\EHYl..........eMZgf__gy.......ruopbtv.........yt^_fmr............ykhjcdVYl..............JG,...a:<:....W..#...br.....,.$5..[I[ZJ...._s..`...m..........7:GOZfmov....`IFl..bJSt.......zq[XZ_js{..........XAIb.............^OS\ht.......}oftx\|..~u\|\|......bXXap...........~\|hXM<=Mp.............%KO6<...;<7.......D...v...... '@..ISd\N....U`..W...d..........6=IOS[blt.....[V_wfgQNk.......iLQW]`fkoqv........nQNU]`u.......{mifjksy}........p^TUWhqrpq{........jjou}....xpd[U]t............\|.#??...._JMI........9..aX.......,o.QIXTF}...vdy.o8..8...........<8@FIPZiy..........[EA8Ow......oYSVYYY[]]d........t5...Ht.........j^^```\\f......uopjna^dv......vccdghgc]VOPa...........*...$"...gCFR....o&

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\overpass.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	18788
Entropy (8bit):	6.133372157335729
Encrypted:	false
SSDEEP:	384:up6AbwY4fL7PmhWNAm9hROS/t64PgaSbpIMJ1XERArJ:up6Ew3fqWNAmUS/UiQJ1URArJ
MD5:	46807740D1AC0D99DEE1C74ECC65C16F
SHA1:	A3B602949F8394543E91BC23075540D2768358B1
SHA-256:	78E11689D6C505A7210B08AF25994C58E7B29048D696C189AC26ED110B080E55
SHA-512:	EA867246EF38AD2AF1329DCDB514EDE7E6B47123E51AE77048995CFF21353330949D3727DD26B20F105CEF6765B8ECC179696729C9986056ECEE5374A8C0D809
Malicious:	false
Preview:	RIFF\I..WAVEfmt ........"V.."V......data8I...............}~~~............~~..........~........}~............~~}..................~~............~~~}.................}}~~............~~.......~~~~.......~~............~}}..................~~~...........~~~}...............{\|.\|}}~..........~~}.......~~........~~...........~~}}..................}~~~...........~~..................\|}~.............~}.....~~~~~.......~............~~}}\|..................}~~...z{{\|\|...........}..~~~~~{\|}..~...........~}...}.~}\|.~~~~~.........\|~..yz{{\|\|\|{...........vzxw~......\|tzy....uquy......}z.....vxonp{.....}z{.....zlglv....\|zwv.......prz\|.....ypfj\|.....yyz{.....~tpqx......rop......xyu{....yvquz......{wr}.......x......~v\|z.....y{o......\|~}.....~y.xy}...}yxw.......~{\|...~xuypty.......y~.....\|vopsz.....{rv.......\|phlrx...}uqoku....rMXl......uidh.....zrnov......w^ft.....zlbo......ysrv}...pt..\|s{.....~smw.{w...~vuv\|....w..\|tt~.....{ujhnx.....xvx~......wmkr}.....xnjq......tstx\|..zwuzqx\|........}ypztw{\|......x_W...p^

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\ow.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15078
Entropy (8bit):	5.8498429361554605
Encrypted:	false
SSDEEP:	192:jIrmRpUQuNkSGHPQm70QrsO1BCgYVfC9UH0clVK7J47M1SqSI:0rqxuNkSGHPTRrsO14rV6MVSJ44YqSI
MD5:	96E06AD6BB8F1A445E9A63F97A304B80
SHA1:	87AF875C943E0E65003ED0CEE25259A1B783AEBE
SHA-256:	90FCCA78B74F19A8485385A01876CC00A19B8E7B9118FB410E1884BCDB9DA2F8
SHA-512:	A2C14F90ECA65FFDA07BD9B0F2B4E41C166202F5824F41D322B38D03A3613BF4F370B9D9E51B4935D86987B9A234B3B2FBEDF976E1834BBEE00B8D62F6E3B538
Malicious:	false
Preview:	RIFF.:..WAVEfmt ........"V.."V......data.:..zzzzzzzzz..z...............zz~..}z{~.{}..............~{ywzyzz{}..........}.}\|{yw}..}{.}\|..................z{{\|uvvw................~}\|vvxwzx\|.~..............~zyuywvvvx{~............{zxvsqvsyw\|.~..........~..~xzxvspusqv\|.............{xvmmhmmi\|p........^.mg.^.I.@2...D.\s.l......0PZ~oWPnp.Lh.......T..........sT[_`_[ULC>X......s5..ev......\|nhbRB735F........L@??=<:65/M..........;`bhpT=@FD>C......i..........2CV_inusj]C[......^..4s.......}qB?DQ[`WLU......>"....%$5..........'[\ZUSG.....x..........).....5\tywohZO=6.......]...J......IEIU^epsp^NX.....<...X...........ntxyxvm3:......zz.m........JZ.....{eG%U.....}....:..v....L_Zprrppa6i^.........t0.......:ejoruusj7X........0. s...4Ur.....v_C8......{...8(9I[V..........~Q>C...mc^\[e~......e}......pJ3...~rhb[k.v.....(boy.....rU4>...xtqru.....C\qv~....uq%....\|qkhilq\|......nx.....{p*.....unjgjk..g...3ky.....{we/d....zyy}...zf;Lt........V8....xmgfgks......Ekt\|..~{si.....~yuxy..4.}...Fv~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\ow_its_me.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	21814
Entropy (8bit):	6.762388788640668
Encrypted:	false
SSDEEP:	384:UmDPNFyxZ0r7kydHEJUlgZYbFRZtYyxCBr/abettE0FPurDH2ulkbr8z6KG:UUixZ0rIy+JsKY5RQZ/Ft5FPurDWulfI
MD5:	2BC8461BF0281D4ED6FBA55E0FE18DBB
SHA1:	1457635DF1A5F8EF7CCCF3EB65E035044822B4FF
SHA-256:	4A3CC182034370484B0C9ED0B4FB669F45EBB87DD79C3AD8786F8EA76765369D
SHA-512:	781A12B656592B469F2E53491775731C5596AADD5C2AE88A492FEBED4DF20F81F54C318ED656F8E6B464B89D43623705D512C6C2318453354E490A2A31053FEE
Malicious:	false
Preview:	RIFF.U..WAVEfmt ........"V.."V......data.U..yz{{{............~~~..}y{}..}............}.~{zxw{...}...............~}\|zy.}...~}..............}~.yz{\|}~~...~.........}\|..yyz{}{~...~...........~.~.\|y{yw}}}~..~.........\|\|\|\|{zxwu\|..~..............}~{}{vyt.{~.{}.~..........{w.q.vwyt.w}............}.{\|~~}wuwsx.~..............}wyzsmlrw}{..............z{upmmquqtw{~..........xqxaxa}st}uzy......\i.e.....\|.Sv3;0&lr..........3@\jcYPLHICv............S.......nB@A@>>@>;>\|........?......H...........;8FRhhous..\|.YpD=n........\|.....G^bkos_F5b..........\....j......@I[dig^TG=Q.............;........<7BRVPT<.8..........zstsx~.......Wor}{.sI8.....\|......4.3......=Ah....qN/7....{...~G)65V.......H;Un\|}}}t]6'......~y...yr3~.....%houw{w{X)H......\|y......u....1a}...{g;$....\|wy....o ..{.....e7auvsqmjK.^..........>...&.....>y{ysqih:...........{....2.....FIg~~ycE%#.....wrly...r9j~...y6Ft{...yW0a.....wpio..f#}....CO~....yw].....~{yy}}..]. *L....Y....}rV#.....~scbiv...FHbs{......o:(.....wtngggmqz....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\owned.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	18970
Entropy (8bit):	5.825914222855498
Encrypted:	false
SSDEEP:	384:39NRJFtQwNElC7W3B68QUsB1zvRrymtQONSE7lcMHGGJ9H:3rROwNElCiRdQUsdrwT8eMjR
MD5:	367FD0509B4C2A82372FE14D395F796A
SHA1:	8B8E797B0AB409148A3E0F937059A5D25DE2FAF6
SHA-256:	EF510F8BB54AEC16E38DE3286642748C3333EBA59FFFEDEE9482B0D32DF1D9AC
SHA-512:	A05665FA02F4880368DC3D52D978EE4346B88F494E8421C73CAE1703156AD6193AEFAE6A0FABEEB0C391C2C7800D2717E7A0786C6BA4E1B375E1B02DF20D8E06
Malicious:	false
Preview:	RIFF.J..WAVEfmt ........"V.."V......data.I..........~~...{{\|}}}}}}........~.\|{~}}~~{\|~..~............}{.~\|~.~}\|.....}.\|~.....~........~}{z.~\|.~..~.............z}x{vy{}~~...........}.}zyxzuyww{...............\|xrojou{{~...........srtuvwypurpw.......~~....m\bin~........\|\|xlqeex~.......{...{\]elr}}ydYQo............\7;BT`os}...........}_A=KR_\QEJg...........lK;9>@GMP[av...........eOB4)"%/Nr...........sjYHF/!.3Eq~..........pgb^ZRH:, #O............6HQOAB<=A4 W..........#)158:;;89R..........K>=B4(+0-,g..........1 +?MDCLRQSk............g?(...0Nat..........hjaI ...(Wx..........i_ZSJ?4$...^............;JLN=4+/;3..............`9@@AA<95(.5x...........jD2362)8..nHa..........\T_e`UWbcPKm............{\U\cnw{zyyrbNNw......y......FATz..zy\|wngcdgM[......Qx...Y29?N.PBL?+...........D...8YH,-+-...........qiN4%#(,/?k..`s......z...9.. #1JPD5:Z...........v6($"#&&')3[.............b7%#'*.37=T............o....#(-147=;....................-(.`............4.......%)/E............?..........,

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\pain10.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	23750
Entropy (8bit):	7.171258285431215
Encrypted:	false
SSDEEP:	384:XgXPug8agZWSh1VlXd9Z/s16TBgABFFefW+pojryTylCeAQx3mDL9f7ZT+guLyco:Lg8aotplXd9ZkENgWFyWSuyTylCxQx3S
MD5:	11BD91EE48520626EBECAD4B9DC0D726
SHA1:	9A37014EA76260E1CB20FA0D31889E69EEF4423B
SHA-256:	150D89752DE1606156AEAE9E2591D3525591BA7297B363718087953BAB9E36F1
SHA-512:	954F6BDCD711FD0917BE5EF3819E7E478F86DC53EA691E485F86A5179E12BB84AC53F4CFB03D12FB817FDEF5B72320F470B14D179E4C742DC8B8A5D45AB6C94A
Malicious:	false
Preview:	RIFF.\..WAVEfmt ........"V.."V......data.\..}}}~~..............{z...~}}\|{.................}~...zz{\|\|}}}............~}\|\|\|\|y{}z\|..}..............vsp}{yyy{}..............~{vrtoqssru{..........wfXP[YunlZVi{......jm.o.qJH+Ber............uQ;I]o.q.p~........rVf`....d`ko......lgvfyvk.dn.........qu\|d.]ihhhsv..~..........rVkSjmhlP\|Z..........thta.LL?COV...........{\|w>N.:gk~.\....t...j.vkyp_{Ongv.}.s..v.`..p.hx.Y..x.y.zj.k..k.b.y..\|....\|.{..vwxbze~............{.hwesr.w{zu..........yslufwh.yy..........z}ondwjyu..........{~xd.a.ut.w...v.}..x.i\|d~q\|.z.r.}...}xxj\|d.~.......x~.....tvw..\|.~lujp}l...........}kpbep]xfrvz............ZiIgIJKTJ`{.........oyWL;60Baj...........eWZSSK6.&&G...........3.!)(/.3.D.......Q"W....3]bg.y....`NfH.\.;C1j.....g.t...mD1'KT...jzo.....dXFDch.....pu.....dKPM.u....\|.s....yKGEt<.\|..s.......\@GHbTXSPOMb........{..u.?6M_...c.Ba\c.o.t.y......`.D.c...u/jf.......\.V.RSIGA:N1d0y^........7g'.27=B>=dU............Ng.=%.8.-6............\U@8-(7$.._...........[;4577

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\pain2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	17822
Entropy (8bit):	6.733135339118415
Encrypted:	false
SSDEEP:	384:uEONUEqJxH5mYn+S1Trkb1jr9mFJlvLaKlXn17lE:uEONURxsE1Tr29mFJljaKll7lE
MD5:	1C550C2A0529067BA0720BAC067C1BAA
SHA1:	41F494475705F98AD23C7A3E6C2499D36FFFEC0F
SHA-256:	8623EB9AFF8EBED9035F9D889D53B0DA0DDE2190021C31B9D7C5DDD5E081F27E
SHA-512:	79A537F30F58A8866041178F9B40BB44DEA619C2A7D3BCD635D5754A54757A471C79D25C64EDDFB5AE946300514818150B4ACAE41E456C1482C682B5F4E4290C
Malicious:	false
Preview:	RIFF.E..WAVEfmt ........"V.."V......datarE..}}}~}}.................}}~............~~}.....~~~~........~...........~~~~}}.................\|\|}}~~...........~......~~~}~~~....}~............~~}\|...~~~~~................z{zzz.....~................tuwx.{.}.............}\|zy\|{{.\|~{}..............~}{.~}{.}}\|.............}~...yzz{{\|\|\|}........~\|...~xw...z{}~}...~..~y..\|\|.........{wtxonuuvx.........xoadeeigux..........h^VW`di........fXVTUROOZz.........oM5".&5He.........fQA6,-GRt.mq........HRc`edb]WIum.....t-=.d....x#;G...pWOKE>N.x...r@....h".=S~.....tR>e...r95V....o\?CDE\[Y\M}.......:;IGAHRNMHEEy......U<b..<...=g.......q===?LB624d........e&..... &_.........9/26<7<6)&G..........q]....+:u.......ui\N@:Pm..........m]:86>Ra}.......ncUKA60-<l.........3EA@DWw..kBQ...........A..~.......T6A^plMNCRT.........HPdY[`h/&3l....}pmhkcGkV8t..........u7.+S...........ndVF4&7............qB(/?N`v..........z]G?;Zy............n\P`q........\|mc]h~z.....vtx.....xf_aky........vcWE;~......\|y.....H'?`y..zqt

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\pain4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	12958
Entropy (8bit):	7.568810221034641
Encrypted:	false
SSDEEP:	384:Q2j3URx1EMkrOiPKVidtmn54iCTXxlOV2NIpNjWC1jAmd:QfRDENryAdk6hlOkw8C1jAmd
MD5:	E15669F572B9E56304BC1000730CBE78
SHA1:	22F9EEF8A63501BFE1B9A67843CB932BCD9F3C03
SHA-256:	2331E0D58C849921EC5E49FB05CA541491BA0F140F4CDF611D64AEDD9F5E6114
SHA-512:	79BAAF663659C942E1CF2561BC7022CEBAD22CF92A2E00FE1182D4BD00452FF38A3F301B6805ED20704CF922E38EB2011A060617066C66AD14FF730D07616668
Malicious:	false
Preview:	RIFF.2..WAVEfmt ........"V.."V......datar2..~~~~~~~~}}...............}~~..........~~}...............}}~~~~.~~ww...........}}}}~~~...................{zz..................~~~~~~~~~~~~~~}............\|\|\|\|\|\|\|}........~~~~~.................~~~~~~~~}.}......~~~~~~~~~~}}..............\|}}}~~~~.~~~~............zz{.{\|\|......~~~~~}}}\|...........yrjs{{...............tmuv.xqz...........}\|zyxwonnv\|.......~wx.zzyxwu{.~.~\|~....\|}..zuxz\|~p..............{y}\|\|}~.~t....~x..zrqxw}...}{.........ycl.......\|\|..{...xgfv..\|........\|uvvvnnww~..........{scrz...~nut.s~......~slu}xqbct.........zqoft...wv.......~y{\|fwpby..........x.zy\|s\mn\|........dd\|..qo.....qom\|..{...}...s.....kcbx..jp......\|....t..q[d]e}...........]]mWEF`..........usrxhogC?ar{..........\|caejfTIFCO..........cLT`oYLNKT....z........o`O;Fkq........}.n_WIbv..........yywhbX\m........o^Z~...lgVMMqhg.x.........[l{b:=RQQc.......vKQ\|\|..gdJP`dx~r..........jPSU]\|tSIQx.........bD>wyIRl..u.......p`ebR<JSu.........p..}c>4F[bqx...........n.a?('S.......n....Ur

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\pain5.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	24542
Entropy (8bit):	6.635678966933003
Encrypted:	false
SSDEEP:	384:3J1oB05UIn30zc2885L1keIpLvvUAbJ9dNVRuhfuf50KyK/jvMF3e0Zw5OY9b+n:3DUI30zY8V1rIpLvvLHNVRvxjySjkQ0d
MD5:	F03B000FD81BD1378FECADF5A645E579
SHA1:	602566DCD90DFE287EEA2A4EF50117A78E800FB5
SHA-256:	96C01EBEAED01E280F2C2235AB8B701FD5E336844FEFAAA08DA3D5362F67D5B1
SHA-512:	07B5044FF8CD71EA63562A6BB901A6B319F2AE342B9DB01AD6A7B98AFD4817E7752B48811219C7E7E72327EBABB71FA988CE94BF93995445508E8C4DF53DD6B3
Malicious:	false
Preview:	RIFF._..WAVEfmt ........"V.."V......data._..\|\|\|\|\|{{zy.............{\|}~~.......~~}\|....~~........z{{\|\|\|......}..y..........z\|}~.........~}}\|..zy...z{\|..~.....zzzyy.............v..~.......~~}\|\|.....z.{..}.xyy.z{{z..........~~~~...\|}~............~~}..........t........x.x.w..v.v........x.yyz..z.z...xx.ww...........wxx.......~~~~~.}}}}~.~~...............~~}}.\|\|...........}}}~~~~~................~~~~~~~.~~................~~}..................~~...........~~~}..................}}~~............~.......~~~~~~.....~~............~}}\|{...............~~~~~~~~~~~~~.~~~~~~..........~~}}~.yz{\|}............~\|.}{y\|zzyz{......~......zyotx\|.z~......}....\|.{y..xtvv}{..~....~....~..}y.~\|.zy~{~.zy............xwxzusx~...........}.}...}yzwutt\|}.............zx~\|zxv..~~}~~............~}\|{z.~~~~.{\|}.............}{~}{zyy}}~.}.............~\|{zx~.{zzy...~..........\|}}~.qztuwxz..\|.........}vwusrysqx\|.............ymm~}uqnny}..........z{..vpmxz...~{\|q......{~..~....xnwy....{u~....\|yhxy\|...\|.}.....~.uqpmtytqvs..........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\pain8.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	30768
Entropy (8bit):	5.781254308252957
Encrypted:	false
SSDEEP:	768:5pnA5Z17nKQ71N/y/rRn+E0SrmV18Xwg28:PAfFKQ71xsD0VV18Xww
MD5:	5460356FD6E9452953F446F114DB0241
SHA1:	A03752EEDF3C6687102AC79C62ED298526B28D1C
SHA-256:	6CFD153C32389FB2A49177D0F4134DA0EB33C718F6C9C5071D25CA1CFC2802B1
SHA-512:	18A1FA6881F88083887AF9E1B0CD77C797FE984D625F4EE9D98FFA7CBA9EE16A94806816096882242D803F1E66A24891263514D815A36C6684949F1669695458
Malicious:	false
Preview:	RIFF(x..WAVEfmt ........"V.."V......data.x..\|.\|\|.........\|}}}}}.......}}..\|\|\|\|\|\|..........~~~~~~~~}}}...............}~~~~...~~~~~.............\|\|.}}}}}}.................\|\|}}}~~~~~..........\|\|\|\|\|\|\|\|}}..........~~}v}}\|\|...\|.}......~~~~~~~~~}}}...........\|\|\|\|}.........{.{....{........}~~~~~~.~}.}.....}}}}}}~~~.....~~~}}}.......\|\|\|\|\|..........}}}}\|\|\|\|\|...........}~~~~~w~~}..........}}}}}..~~~~~....}}}....}}}}}...~...~~~~}}}}...............}}}~~~~.~..}}...\|.....\|\|\|\|...}}~..~~~....~~~}}}}}}}....}}....~~w~~~.~w~~..~~~.........\|{{{{z................yyy....xx~.....{zz..........~xy...zzzz....~.......~yzzztuv}~..y..........~~}vmu\|............~...xxp............w~~..}\|.....zz....\|vwx....}.}.......}.zrxw{.....~.....uvx...jqx.........z~}yyz{wys\|~.............xonut{z...z........~wowwppp.y......{rz...p~...yaw....xrk...r\|m.w.......x}zr\|..ytmu.yt........b..\|...jo}{.zvr}..~..z}..z..o\|..gjy.{q~tm~xq.........{ts..ggoogsvx..........xq.x`]`aipba..........}~.nidSN].rq.y........{mg...p`lhoutx.......}....{N-..d

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\pain9.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	44632
Entropy (8bit):	6.583010150049667
Encrypted:	false
SSDEEP:	768:Klmh/s235A2m5VeaUud6xjTaEfuzocosAFf2q2sQ4dKfKKn8XKjLe:Klmh/s2pA75Vea7dqWEfuzocRAFT2sQm
MD5:	7A34B2300729A34946F74D12A361EFED
SHA1:	BA0183E9CAD950E9E4C115491B55675A00FC0DF3
SHA-256:	12944FDFFB3DEE82BEEABBB4AAC8FFBCA8CEB47CAC8AC67EB51F21001FB2AC5F
SHA-512:	BFA53245C42CEE2E6120356A07E1DAE86DAF6CA22AEA38E0CDF0A57A4D6DFD404EDEDD3D0673C541462B44CE9F39C2AFEA4AB11A932CD16593DFBF73E61A0AE7
Malicious:	false
Preview:	RIFFP...WAVEfmt ........"V.."V......data,...}~~...........~~}.................}~~............~~.}.................}~............~~}.................}~~............~}..................}~~............~~}.................}~~............~~}.................}~~............~}..................}~~............~~}.................}~~............~}..................}~~............~~}.................}~~...........~~}..................}~~............~~}.................}~~...........~~}..................}~~...........~~}..................}~~...........~~}..................}~~...........~~}..................}~~............~}..................}~............~~}..................}~~............~~..................}~~............~~}.................~~..........~~~...........u.v.v........~~~}}}}}.\|\|\|\|...}.}~~~~~~......~~~~.}.}}}}\|\|...}}}}~~.~..............................................~~~~...................~~}}................}~~...........~.~~.~~..........~~~................}}~............~}......~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\patio.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14358
Entropy (8bit):	6.446344447655189
Encrypted:	false
SSDEEP:	384:+Zr83kFH9jIHXRD3nNmhSNRapGSAmC/spdcTnhJfUjB+2l:yrlFHdQvTNRapGtmPynhJfUoy
MD5:	FF053506D5E917F2D692F9320B4DA47D
SHA1:	DB19CDFC8D73D2188527BA39AE8F8E82FB476091
SHA-256:	21609FC54AC255FA766F335E3600D027417D75A177AE1A6042556A5672A37949
SHA-512:	D9EAA62E094AD954AD3BAE629050EE335FBB08FD1B383DA2F3511732CF18A102F2E48187E2D55AE8D332CFCF403C1C95A3DB86477994ED86A6301746F27765A0
Malicious:	false
Preview:	RIFF.8..WAVEfmt ........"V.."V......data.7..\|{..................}~~............~}..................~~............~~}.................}~~.............~~........~~........}~............~~}.................~~..........~~}}..........\|}}~.~............~.}.........~~~~~.........~~............~~}}..................}}~~............~.........~~......}}~.............~}....~~~~~...................~~}}}\|................\|}}}}}}~~~......jr.........ued\t.........skdtu\|\|\|.........jjjrs........}}vvvu}..y.~......}}yy...}~...z{{zz.......\|utttt\|...........xxoow~........zrks{z..........zksz{{\|}.......tlls..........~sz.....rs\|\|........zyqp\|....{uxy\|..x.......odav..z........tad`idl.......\|h\hqsymnt}.....y_RMWn.....}iUPr..yqxrtsw.....}xef}....{`\QMXx......ywuwz.......{r...SDF\z......}iJJPg....qbs\|}.zdfa.........{YOLWx.....voZ]q........~.}lbSOOJY}......ndgr{........]F<2+<\|...........zg]b`ms....\TSMMi......yP@F_X[n{.\|......fbm........zaFB?T.........`Y^v..........^CYcer.......\crqp}.....}kRPShx{..........y[bp.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\planting.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	9540
Entropy (8bit):	6.272487989956907
Encrypted:	false
SSDEEP:	192:s41hI/eRwMbj2US4F4avHwLXWHfrX+8ew23LCkNiJyi:s41hIGRn7fwLXWznKLCA2B
MD5:	744A0667D23F3AE9F65CC9067725B02C
SHA1:	EDF0F92F6A8B74E1A46F475C70672B338CBA4B6A
SHA-256:	7DC4004865A66E826385AF532FA5F23443A009BC92398CC88B5343AFBF4B1526
SHA-512:	BFBCB585227CB8360AC80E9934790635E1E9D02D40B94877A0EE917AA398C33F21BFA913FF906690236289CF7050304ADFBF119A2387C371DC72A0EB42921C9A
Malicious:	false
Preview:	RIFF<%..WAVEfmt ........"V.."V......data.%..}}}}}}}}..................}}}~~...........~........~~~~.....}~~............~}...~~~}}~~................~}\|{zyy.}}.......q.k]}....ul\j......~yyyy~....~xqr{.......yx~}....~~yzs{......yyz.....xpo}.....\|uu}.........jr.....wwv}....v..~.....qZqy..........\|uu\|....xpy....zz....~}}...zzs....\|uvwx.....z......~}..\|mllt...\|}}........xxxxow.wwww...........}v\|\|u{{{...t\|.}.......z...ziy..}\|.z~y....}~..u}.....tmv.....ts..on......}.}}...{}~...\|m...vv.}\|..~}{~...yxx\|}..\|r....\|v...z...w}..~\|...yx{.\|.~{}....\|~.......w}{zx}..~}........\|...xx......~.~w~..~.....zy....}{.~\|{~.}zz{...~..~xz.\|.\|\|z.~.........~~xz\|z}{~.u.............uzx\|uz}yyz...............yzz{tuuvw............\|zw\|ttt\|~.~.~}....{.....~.z\|\|zs.yuy...{.~.}.........z~..}}}{xttnzwv~...........}.ttldfghi{{...........~...macdlkjpv{..............th]__^bfbl}.............wjWSTY[`ehmu............}wlPLCFGQ_lz............kYKH;:=EQbu............q_J7'.#Et...........r^dmrpni`P@78Ut............yhYY^a^YQIEJc.........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\planting_at_a.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	19672
Entropy (8bit):	6.314477105245864
Encrypted:	false
SSDEEP:	384:gBBQCRL9Oo7XkXDMUNZVgMMFfgdZCMW+42eLDc/5RB4toZxWZjVddjlP7b:gBBQCZYo7M9JpGfgdsMN42SwPB4tmwHx
MD5:	44900346BF788A2AEC65F5DBA0F2786D
SHA1:	551CDAF1BCA44808C06F85C4C1A21DAF944BAA01
SHA-256:	FE5ED3FB4B1EBAD41B4FB09F46A355C49D4A3142477EC731DE3E3AF8BD46594D
SHA-512:	04C84689960D05DA936010A9512ECFFEAF9211D3E7DA430669E5412A67028370BCA55B4F4006FE7FAF284F33BEDC6134F974E3A905B2FF43263EDEB02810CCEE
Malicious:	false
Preview:	RIFF.L..WAVEfmt ........"V.."V......data.L..\|\|\|\|..................~..........~~}\|\|{............GS...s{{..........{{.zks{{.\|............zyqxxw................}ww~...~~~w~~.....}v}....}}}\|..........\|\|\|\|}}...~~~~.~...}}}\|..\|\|\|\|\|\|....~......yyx...}}\|u\|...........yqzzz....xov...........}....zz{{{....wvu......rjk....zkl~......utrx....{zy}y}~.......}.....yxom....}vtx....\|upy....vhbk......\|z~.....\|\|xx}z\|~...z\|......v}\|.....rqpw\|....ztu}....{s{{.....wov.....\|uv}...~~....}nn}...}wop.....tlt....q`gu...}phv....zu}....~wx...~utz....}wv{....~{\|....}vnw~...zyw}....\|w.....lnw....}uu}....xwv.....zz{...}~.x......~~....{t{...}vw..........x~v\|.....}}}...{u}......\|t....xov....yy~....\|mv~...yy......~}}\|\|........\|uv}....wox.....yiq.....yyy..~.}.......zz...}w.....ttt....yxv\|....\|pw....{vw....}u}....yw}...\|v{z...}z\|....}vow...}\|{......yx}....{m~....{\|....zy....\|t.....z{.....w~....ww~~}.........}}}}..}}}}....{.......\|}}.~.....y.......{{.....z{...}~........~.}\|{{..........wx...zzz.....~}.......z{....~xx........~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\planting_at_b.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	21216
Entropy (8bit):	5.471793610417891
Encrypted:	false
SSDEEP:	384:bckgFaCl+ar58NMFd4bzk7kVCO1djv92aNGWKYnlUqtUj0Y:bckstXd8+FLO198tP8lXI0Y
MD5:	FBBC5CB0689593E5119BFFE73927719F
SHA1:	B27976505EE14B7D7561838B491337A5C950C112
SHA-256:	EFD2518EEF3A1570320F44950B4120051E03A251B04EFEA45A5958CA0BCE8533
SHA-512:	22D7A00E0344F8AF5D7D6CE1A15C990B9C4990C564B45E604E3CA0BE58B88669537BC39146B267FDF88EE1CF28A6478FA823FC9FB97A636FB6B9A479B0A5F28A
Malicious:	false
Preview:	RIFF.R..WAVEfmt ........"V.."V......data.R......}~~~~...........~..........~~~.....\|}~.............~}...~~}}}}~~..............{zyx~}{zy}\|........W....Yab\]{.....\|r.u.....}tmf_`y......xijd{.....rh^kq......xyv.....mhc]l}......da}....\|ccrxy.....yceo......~mci~....{vggv\|....}wxy...{{ssrz...x~ww......hpx....med{....st\|......}vv....u...~]cq{...\|mmo\|.....nZ\kl...{bae......z}...s]Wh~...zd^.....xx....yxflz.xpvnuz~.....{u}..{]_`......fe....\bY{...x\t....vxz...rdds....ek....wWe}}..vXF\.....fh....xYXu..zZ_v...{kk....yii}..x.y[{....lRTj...}ls...zoz...nds.rslow.....~z...k..mqlw......t..klv.~....tyor..p[]dm.........sjfsuquq_....q....ts..rUju...{w...ppgn{~k.....z~.....}\|rhlx}pt\|\|y.sr....pmv..nb`.~...~~}{.n..qu\|....m....\|.xw.q_z}.s............eKo}\|..m.....}.......}e{...ucaw..~.wp...}.s..\|no....rz...rbr...jzb...hp...\|l.z..yz.z{lu.......{\|\|....rq...ne...dl....]m...}..~~~..wgwQg.~...h...x..~wn..{..z...ck..}..q.....}....l[q..f\|..yqq...r...\|.~x...s...sk{z.ryxx.~......s.r...ss.tu....skt..~~.....zx..cy.vu..\|}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\planting_at_c.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	23570
Entropy (8bit):	5.638124811983735
Encrypted:	false
SSDEEP:	384:ucCx78Y169r7t15PCV4ERmGfY0BW5oaK8Bk/6prSyz:9CB8s69rT5qI0EoXCZ
MD5:	1661EEE1900407A870639CAEC4BF2B0A
SHA1:	CC67E39A8B6F974B502A450508A1CC3A79D52023
SHA-256:	73C4A8CD3AB839686DEF400FA17EB8B6ED0D68DC1C85CA39DADF7ECAB847A7F4
SHA-512:	03BED06FF91DE06CDC88C3AD3D055D27C17517327C0AAB1EE617090C25657513198CD2BDC47BD232B1FB7DE9F7CAF3FF1369A2823EBA6540207840EED4C46621
Malicious:	false
Preview:	RIFF.\..WAVEfmt ........"V.."V......data.[..}~~..............~~}}\|\|\|.............\|\|.\|\|\|..}}.xx.y.z{...........yxx...\|}}..}~..............}.~\|zy\|\|\|\|}..............ywu{yvtywz}\|.........rlCIp.....vmk......}xpiiar.......jks......yxww}}....{{{u......voww~...........~~}}}\|\|\|\|..\|u}}......zzjr.....vudd......\|v~.....uf~.....ig\|{~..~..zu.}....u.y{...me][......~\|v....vdH3T....yITnv...kh.....hu.{qyyjr..\|.mh.....Zao...tjZu....~\b.~rvsx...~.....~...sQOa...j}~~....y..us...v@@\....[ZP....j.~...vuulr.{zqlw{......lky...xfdz..wpha.s.....q....w_\|.{.zs....p...wZqq....{.v.\|..y.Ww..}`cw....r....\|.vz.ps~.vjwo~........Lo...s.j~so...~tiqy..~p...yr..x\|...mlrxv..{o{...i_w.xpwt.~u`r...y....h.n\|s...u..y~....qjrz....~..b...mvv~.......}l.}w..m]m~..c.....py.s{cr..ub..s.....te...zuxz.mw..xp....xn\|s~.\|\|w}....oy....m}.tO..wf]{.......u..a[kld.....x..tz...}x.r{..hZz..uu...c...n..z....s{.~x...t}..\|\j..wm{..~..z..}`...}f`Y..t...u.}.ztt}.vwr.~i....z.cz.o........wc..y..to.\|w...\|\|\|k..u.....~.wcw..vq..obl..xp...w..r.wv.tkyr....\|

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\planting_the_bomb.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	18482
Entropy (8bit):	6.293130877169761
Encrypted:	false
SSDEEP:	384:Yw1KkXcDUGeFtvuE99OPk7U4XuE3UeVJeqyJd+p:YeKaNT8k7U2uEE5JdO
MD5:	732242BB3044BE0717CBB863A7245DE6
SHA1:	3B9489010B8128DF59529C251CCD0B9B98DE216D
SHA-256:	7A6990C20C93F571FDEF2933EB059C89C1811B513C2A537667572457B041A89B
SHA-512:	5F7ED046B2297C837D300E9CC5A7460A1C71CA32218E5D4DAE17C4F9FDE05E2F4BC8346CA9BDA60E4001C61653A2406348BEB2B403DDC729643EA4FF47DE389E
Malicious:	false
Preview:	RIFF*H..WAVEfmt ........"V.."V......data.H..~~}}\|\|.....~~~...............zy..~~}\|{{............ibs\|\|\|\|t\|..........{tzz....{.\|}~w~.......xx......}}\|\|\|\|...\|\|}}........xx......xpx......}}........\|\|\|\|\|}}...~~~~....~~~w~....\|....{{.....\|\|...~.x...........}....~yy~~....\|}......\|\|tt.....~\|{zy.....wq~...~xz..}}~...\|sr.....yqw{...wxjs.....lm}...~u\|.....\|tsy..}}}~..\|....{...~nv}.....gf{....iaq~...v_Yy....}uem.....hou.....kcs{....pij.....scbz....vvuu.....nnw....qiq....yqp.......xpx....xpp....~wow....~.xx....{kk{....qhw.....zz.z....~xyq...\|tlt...ypo...~}}...}}~....vow....pp~...{kk....yry...\|}...xy.....xw....{{{.....zz........\|u....\|uu....\|vv}.....xx.....wow....}vv}...~~~.......~~~}}...\|u\|......}v}...xp....xx~....}\|\|....{...{\|.......~ww~............~~~~..}\|..........{{...}v}....~~~~...}v..\|\|....\|u\|...}}}.........y....xp....}........z.....}}~.x...zz......~~......~.~~~z.{\|\|.............~~}\|\|...............}}....x..yy..zzy....~~..{.....}}..~z{.}~...\|}}~..}\|......~xw...z{\|}~....z{...~~~..{..~}...~~~~~~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\please_defuse_the_bomb_sir.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	31816
Entropy (8bit):	6.523608567518192
Encrypted:	false
SSDEEP:	768:LeLOEUCU5ZlUBKVjXCa8KG143uTgqTOjvcOoLJM8w:LVCU5ZlUBKVjmrgqzOoLJxw
MD5:	460D5B4732AB9DB82840D97742478205
SHA1:	5BEE27755A72813FE480964315948542103A34B5
SHA-256:	3B0811F69FCA058951FFFA8DD075F5E172F808A91AD4316CA48AF1B241683405
SHA-512:	45A7B859EEC2927823D9CA66F74EE41835D7BCE7C9DECC36B073D2E802863CE5B64FC56E19A3EA4DB2E33FB1ABF5CDFDA35C9E9C000AD72EBCEE075E29A60176
Malicious:	false
Preview:	RIFF@\|..WAVEfmt ........"V.."V......data.\|..}~~..........~~..................}~~............~~}.................}~~...........~~}..................}~~............~~}.................}~~...........~~}..................}~~............~~}.................}~~............~~..................}~.............~~}.................}~~...........~~}..................}~~............~~}.................~~............~~}..................}~~............~~........~~~.......}~...........~}\|.....~~..z...}..y...{{{s......\|...~~.~~.{.\|}w.....ss{.....~~}.\|..{..{{{.\|..}}...~~....~~~w~~~~~~}.}}......{{{....\|}~~xx....z.........{zz....{unw.......{{.....n]dlz....unw.....em.....p_u...whg....tPLb....ccr.....xuz}....xmf{}..xk^o....ziw....N8J{..yNOg....hr.....g_edc..w.................bbqp..nmt.....{.....slmu...l\q`v...}\|....~z.....v`p....fWs....~..{g{....e}...WXo...Y`~....~m....q}.}}jbcl.}w.......t....\|scb.x....~ix....xjs.uwq...~...po~es..vl....~.z..xsu...\|m....~u...om...hhv\|..r{...rc....^u\|...p}...dlz...fg........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\porch.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	10860
Entropy (8bit):	6.3327887472379505
Encrypted:	false
SSDEEP:	192:H2g8dMCaLSDCeWluQZYQdlakmzeNcVWNt+Du3AOwbsnEphE:KNaLSWePwzyaUWNt+C8phE
MD5:	0E4B5396ED4C6EA2F98CEB7AFB0F8EED
SHA1:	B648DB481C7CB64033601C69120FE81A102C5D3F
SHA-256:	61994F715CF6F24F5CD4A1F70F2B387B7DE4024A9CC29FE7788DA560C5D88D6C
SHA-512:	A4C8C6A29624D68690A753D1E1DB5338D3D7673C714FED0E3A5FFC09B89E5D4BB51AAA47C5AA63D6548C2E8AB0F2D4C579948C1FF441226A9055D6141CC766B1
Malicious:	false
Preview:	RIFFd..WAVEfmt ........"V.."V......data@..\|.\|.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.~.~.~.~~.~.~..~.~.}.}.\|.\|.......\|.\|.}.}.~.~.~~.~.~..~.~.~.}.}.\|...............\|.}.~~.............~~.}..........................t..............vv.~.~~~.~~~..~~~}~}~...~~~~.~.............................~.~.~~}}}.\|\|{..{{..{..{.\|.\|\|\|}\|}}}.....v.....vvv............t..................}~~~...........~~}..................}~.............~}..................}~~............~~}...................~~............~~}\|........{.......yr{{..t....y...vu......zzt......yy....szz....~}....zz..zz.............rzzzzzzyy.............\|\|\|vvw.~............}}\|u\|\|\|\|...vvv......~w.....\|{{{{{\|..}~..........w}...~}}}.~~{\|~...vx....{..~.y}z\|}{.s..~y.......vy\|vww...fy.........sdv..w}v\|r....uu{...tv~}.}.\|y...sp\|..~}...zvw~...{nx..yxs.\|...u....}{...vxssy.}y}......~...oq.vtw..do..~...~........\|nx\|wl\|..\|ydf......~f.....srrqx~..nn..{.......zz{...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\projector_room.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	19118
Entropy (8bit):	5.366014189771207
Encrypted:	false
SSDEEP:	384:KKPHaHYEShunHJB3n8NQdyANlba2uRJPtp+z05rueOVi:KZYESEnp+tANlboPtp+KueT
MD5:	58F7DDA599A4EA6A10476A4C3B7B9BB4
SHA1:	E187FCBBD7DCA2D8715A6B23B420677DC1FAC4A7
SHA-256:	1706B17699030D003E2FD42D309DE91F4C6ABBF7FDABC2D0995E019DCF4C029A
SHA-512:	678E15876F3DBB59EF6AF45B31C2A147173727523908C32B44618B00CC9D5274DBAC14AA308808A90C83D3177908B4BDB77CDD50A5C49FBD4AC0DABB40137E00
Malicious:	false
Preview:	RIFF.J..WAVEfmt ........"V.."V......data.J...........\|.}.~.~...........~.}.\|.\|...........\|.}.~.............~.}.\|...........\|.}.~.............~.}.\|.............\|.}.~...........~.}.\|...............}.~~...........~~.}...............}.~~...........~~.}...............}.~~...........~~.\|...............~~...........~~}............YL..z..z....ya`..~...mu......w~~...q..........wv...\|\|\|.....}}...w~...~w~~~~..~~...~~~.~o~.~~.........\|\|..\|u\|.\|..........}}}}}\|..\|\|.........}.}~~~~~~~...}...\|\|....\|.\|}..}~~~......xx.~~~~}.......\|\|\|\|\|\|}........}}}}\|\|.................}~~~x.........~~~...\|\|..t..tt..\|}...~..xy..yypx.w.......t...{{{..\|}}}.~...xy.........}v\|\|\|tt..........~ox..x........~..v}..\|.....\|v}}.~w~.~.....~}.}..\|\|{{{{....}~.....zrzz{{zzz......~.}}}}}vv......w...ww..w~~~~..~w..~..~wow~}........\|..uu}}}}..~...~~.~w~~......\|\|\|\|\|\|\|\|...}}...~.....yyy......~~}}}\|\|\|\|\|\|......}}}www.........~~~}}\|............\|v}~............~~}\|{z.y........vwxxq...........~}\|{z.~~~~~~.............yy.~~}\|{tzzz.........h`ZT[cs.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\ramp.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	10316
Entropy (8bit):	5.6218060949422926
Encrypted:	false
SSDEEP:	192:tv+FH/Yqc9BYvXgewtKpqyW9FRoII9EmkBxO6O:p+FfYq7vXgeuKA9jo5umkBxOx
MD5:	2FF14F616B995F1BCD8FF91F8D8A0EC5
SHA1:	045EB5574762F33555C791A5EFE7ECA4D117AED4
SHA-256:	DFD9953BDEF1668D523ABF37CC80AC039340B7D5600D20EACA2608AE9AE7E890
SHA-512:	289FC8484CE5C2A972C9BF7C3F204633D425307E948443B9F15CEF821986DD29F80C79FADEB75D5102197E7687B49AA70DDE3E7B79003E39254710C256C6CB61
Malicious:	false
Preview:	RIFFD(..WAVEfmt ........"V.."V......data (................}~~............~~}.................}~~............~~.................}~~............~~}.................~~..........~~}}..............\|\|\|}\|\|.............}}~~.........~~...............}}~...........~~......~~~~......~~...........~}}\|............}}}~~}}}..............\|\|\|}}}.....................\|}}~~.........~...}\|\|\|\|\|\|}}}.............~~~}}}\|..................}}}~~~~~~~~~~.............\|\|\|\|\|}}}}}...............~~~~.z{{\|\|..........zyy..~~}}..................}~~~~~~~~~..~~}}........\|\|\|......}~~...y..yyy.............\|\|uvvow..............\|\|\|\|}vwwxyyz.............~}xxxysuvxz{.............}zxwzuuvwy{~.............~zvyurtu{zz{}..............yvjnaehlifpz..........ydYMIB@EPfz..........wnQGFCKS[j{..............\|pib[\WXabs\|...........tcMGCCIPgx...........{lc[[[[den~.............~}tkaa```pq~...........wofd\ahn\|...........}~pyyzzz.z.y...~~~.........\|\|ut{{z.........z\|uwpqzz.........~\|ztssntvy\|...............}xzuvrrpuuuw............}utkhd_gjlgv\|..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\ramp2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	11630
Entropy (8bit):	5.855894332174682
Encrypted:	false
SSDEEP:	192:t49YXsa5Am+43hb9lFeAv0HYJ4sedcsU/+78AlLtqg3lFzPQjsvtfPh:XXs4gofAA8Ha4Vcs982xLFfvtf5
MD5:	26014A2E3882D263E02FEA389C053A12
SHA1:	3E06AED50D543302625A40C2EB564F413B0A392C
SHA-256:	CEEEC3B50989FC635F3C6BF83D891F3B9874DF42AE4C47A1BC9983565D1024C1
SHA-512:	FC5B34E27E74D26D8336EB4D3D0D1107D49FFC1AA7B1E1EE2154EF1D8A2F94D4A3FE1EFB138CDE6A67C81DC33CBB3D2C01217E1C8A114BE44E1782194F896DBC
Malicious:	false
Preview:	RIFFf-..WAVEfmt ........"V.."V......dataB-..~~~~~~~~}}..................}}~~...........~~.........~........}~.............~}........~.........~~...........~~~}..................}}~~...........~~........~~~~......}~............~~}......~~~.........~............~~}}..................}}~~~.....................~~~..z{{\|...........~~}}\|\|\|................~~~~~~..........~~......\|......~~.....\|}~............~\|...}}\|\|\|\|}~.........}~}}.\|...}\|..~}\|..............{{......w~}}..........\|.{.........\|}~xy{\|}~.............~\|{zz{\|~\|.}....}...........{{xusrrz\|.{...........~.xkn`cfadmv..........tj[YZZ^aju.............~}~pmd[Z]^di}...........wmofY^b_dhtw.............zogWXR\^atx{............~ved\UVW_`r{...........~tdc\UOR\Ylx\|............{pc^ZXVW`hms............ylecZX_fdbmr..............}xqii^VXV[\dn...........XE:6578?Hc...........}odPGA@CFHRXt..........dG91.1:>He\|...........kdVPGDAGNTi............dbJBA@EL[s\|...........f[VNJIOS[n{..........}kYTJGGLYfs...........yjZJJCEPTbz...........}kca\XTONLP_m}.....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\rear.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	10708
Entropy (8bit):	6.753624502552989
Encrypted:	false
SSDEEP:	192:vORVIB8SDz+NbNB5wsw1MkNOzHYuerfTz+1xGKTrHDfZ:JB8SnOb9wKkNOzHoTSxGKTzt
MD5:	595E47B6BBA55F0E999513036D0FCB48
SHA1:	D28A1A482404696AFFD7C140C82939594BD40872
SHA-256:	0E2E3DA474E44F75C6F1B06B2CE84803A43552CDE6ED0BEB20BAE937AFDB19EE
SHA-512:	C16FF6C57AACB8B60CCA5F1B5916B6F5B7D3AF2EFD2D31944847CF063E5A346840282281BF3F8DF7828A35CD29890743DF5F3C77067D0CE416492B4EFB10DE8A
Malicious:	false
Preview:	RIFF.)..WAVEfmt ........"V.."V......data.)...}~............~~}.................}~~............~~}..................}~~............~~........~~.......}~............~}}.................~~............~~}.................}}~~...........~~.............{\|\|}}~~~.......~~~~~}}}}}}}}}...............\|\|\|\|\|}}}~~~.......}}\|\|\|{{{.......~~...........~..........z{{\|}...........~.....{z{{{\|\|}}~.........~}..{zzr~.zz{...............}\|{zzyyyyz{\|............{yp}\|zrxww.............x.xpov\|z.~..................\|}uutts.y...........{{{\|\|\|}}}}}}}}}}.............yyxxw}\|{zz...~~....~...\|}}~~vuts......~........\|}~..z{{{s...................}~~~~~~}}v....{...}~...........~}\|zyx\|....................v\|rxmzxvy\|\|.........}xzstmflsz............}~.}z\|~y{tvnwo.v..........~~..tmnop.q..................}opqqr{{\|\|{............uvvwxz{}.rtu...............yxwvvvwyzxz}x............yv.wurutrrs.y\|.............wmzoc_k`eqxv..........wjf[W]X\g\|..............~.znqknhbcdkj...........\|wib[\^hij\|\|.............~~sle_`bdfox...........{ylkjjkl

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\rescue_zone2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	17040
Entropy (8bit):	6.447824584097266
Encrypted:	false
SSDEEP:	384:Fz3BwdOHuIuhjxcOXMmFze9pPS+VE0SKbD1+M/O95kDav:9LHuZ8mJe9pPHVZLJy
MD5:	56C961E456DDC0E5BB9E7C4CBFF214F8
SHA1:	EDCC56DF52250545125EFD91C51AF298C5D9204C
SHA-256:	070E7CC6201F1E34CF527C6E1C59FB1432BDB67A4637AC4BA1B15A1CD47E4C44
SHA-512:	F4571543EDC280CB1A6C64218D097FFC63A141F454A9C155FB76399962F2100AABA87981C8349216263FAE31A189D75742D755BC1B96B8CCF639E1B883F05FC2
Malicious:	false
Preview:	RIFF.B..WAVEfmt ........"V.."V......datadB..x.x.......~~...............\|}}~~.................~~~~~~~.......................~~~~~~~~...........{{{..{{.............~~~~~~}}}}}}..............\|\|\|\|\|\|\|..............}}~~~............~~...............{.{.{.\|.............{{{.{................}~~~~~..........~~...........~~~.....\|}~.............~}\|....~~~~................~~}\|...........}~............~}\|...............~........~~}}\|...............~~~~~~~~~}}}}.......}.....w~~~~~}}}}....\|.......~~~~~~~~~~~~~~~...~~~.....~}}..\|\|{{.....{{.................~}\|\|{z..~......~......\|\|\|{zyxwv................s{t\|tt{...............\|\|~..yz{{{{.z..............\|uv~..yy.................\|}~.yz{\|\|\|}\|...........~~yyzz{\|}~................~.yzz{\|\|}w...............~~~~~.{\|vw.............\|.....\|\|}~sl}~...............~\|{zyyyz{xy............}{.wutrpouuz............wpovmt{y..................z{{zryx~}}...........~xyyzzzzz...~............\|}~...zzzz.zy.~..........{\|\|\|}}~~~~~....~~~~}.~~.~...~~.}}\|\|{{..........~..{\|}u.~......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\we_gotta_find_that_bomb.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	25950
Entropy (8bit):	6.924918449153897
Encrypted:	false
SSDEEP:	384:ZlwdOAvIEHkMOpZzuC+FTKpbovWwDLxtIlOMLlC8FDZPsSl9QMgbseJc:ZlAOcIhzpluZFO+WKx6hHMMl
MD5:	4FCF8A96EE10780308482F15215995F3
SHA1:	FD29E40A1FBFD3F5C260C9D07DA9F6D1A206065D
SHA-256:	6F5F954B50BE2FD27DAF97FE44EE273F2C9E0248CCC201AA7012A00F4DA03C70
SHA-512:	CD725660B3811CFAAD85A958F5C4B8B1FB1AA78393FCA4DAF736EC62242F83223AAADF84204519693930ADD24289A22FDAB1D715F6A2A773BA542CAF79B9D5C7
Malicious:	false
Preview:	RIFFVe..WAVEfmt ........"V.."V......data1e........\|\|......\|\|\|......\|\|..}.}..~..~~~~~~~~~..~~~~~~...............~~~}}}.\|............}.}v}}}.....\|.............\|\|\|}}...~~~~.....}}}}.....}}}.~~~.................~.~~~~~~~.................~~}}\|..{{.........~.........~~~}}\|..............}}~~~~~~}}}}.........~~~~}}}}}................}~~...........~~}.................}~~~~~~~~~~..................\|}}}~~~.......~~~}}\|.\|............\|..~~~~.....~~}}}.....{\|...\|}}}.......~~}}}}\|\|\|\|..........~~~~~~~~}}}............}}~~~~~~...}.....{{{..\|\|..~~.........~~}v\|\|{...........~........~w}}.\|{.........}..........~wv}}\|\|.........~~~~~~~~}}}\|\|\|{................xxww}}.\|..............yzzz.....~~}.........~~..........~w}\|.z~~............z{.\|.{{zyy.~............~...z{{\|\|{{zz............\|\|\|}}}wwwxx...............xxpppw~..............}~xyyrz.........}...~~~.~~........z{.\|\|\|{.................{\|}~~xxy...........}.}\|.\|\|uu\|\|\|............~~...yqrzz............~~ryrslu}~...........zypwnmtsy}..........z{sltmmtts...........~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\we_need_you_to_defuse_that_bomb_sir.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	44478
Entropy (8bit):	6.346690458290511
Encrypted:	false
SSDEEP:	768:PiN75XOhsmoJ29SSseORbFt/TaeZIVN13Wse2eUv8VjehYX2g4pIbjIst:PSpsjoJ+S1R6eZWWp2eUWNkyrt
MD5:	2ADC10BF4DABB9E91EB6A38FC62830AD
SHA1:	F1587E3CC57DD2B244C823A19434CA0B9F9CAC11
SHA-256:	09EAF64EC2B51BC78D508F8BF6FC7D91BE5598BC6064002EDC429A6910EBA27C
SHA-512:	B6B91A9F6DF755B5DF8A0676C982168BD3A8DA1841909E49F80C0B9251FDEE89D12B388147B8012FC77FEF949F27CFBD32080529228A394FE73AFE4928AC3E4F
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data............\|..\|\|\|...............}}~~............~}.................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~............~~}..................}~~...........~~}..................}~~............~~}.................}~~............~~}..................}~~.............~~}.................}~~.............~~}.................}~~.............~~}.................}~~.............~~}.................}~~.............~~}.................}~~............~~...................~~............~~}.................}~~............~~...................~~............~~}.................}~~...........~~}...................}~~............~}.................}~~............~~}..................~~~...........~~~.................z...........}}}}}.\|.................}~~............~}...................~~~...........~~~...................}~~..............~~}\|...............~~~....~~~}..................}~~~.....~~.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\we_owned_them.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	26146
Entropy (8bit):	5.613858329639868
Encrypted:	false
SSDEEP:	384:29rba2SYzQXAA6lEWuEz8Z7nSz9eLzj7SAhT86j+74Hb1zOLscmPib1:szQXIlbwSMj73It3
MD5:	AEA0F9D452784FC5E4290137A3060347
SHA1:	8BDD711F29B84A2800F26D1FCC525DB96FDEFF29
SHA-256:	5277BD865C591BFA388E0ED29A01FEFA17AF54444BE5C13C21AC55B7EB9D9D87
SHA-512:	AC5E0C4F405532CFCDDECE5BE4E066B4EA7BACB63112DC02FB4C890A2D677D900323BA3BC325DB377FD00F29CD7F6F00C9DDEDEEEF64CD036D62E17348F16150
Malicious:	false
Preview:	RIFF.f..WAVEfmt ........"V.."V......data.e..~~~~...~~~}.................}}~~......................~~~~~...................}}~.............~}......~~~........~~..........w.vu............x.x.y..xxx................}}~~............~~..................}~~..............~~}.....................}~~~..............~~}.................}}~~.......~~...........{{{{\|.........~~~~~.}}\|\|\|................}}}}}}}}\|\|...........~~~~~~~}}}}............}~~..........~~}.................}~~~~~~~~~.}..\|...........}}}}~~~~~~~.............\|\|\|\|\|\|\|..}.}.......~~~~~~~~~~~~~}}................\|\|}}}}}}}...........}}}}}}}}}}}..................}}}~~~~~~~...............\|\|}~~............~......~~~~~......~~........~~.......~~~......}~.............~~}}\|\|..........~~...........~~~~~}.......~~~~~~~~~.}}}.......}}~~.~....xx.......}\|\|{...........}~~............~}........~~..........q.....{{.z...~.....~....}}~.....x.z.\|\|}......~...~..\|{{{\|......z{\|~vw...~....~}..}\|\|{{..}~......{.}~.~~}\|{z..~}.......~......}~~..yy.......~.......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\well_cover_you_while_you_defuse.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	47488
Entropy (8bit):	6.076109072982451
Encrypted:	false
SSDEEP:	768:OSUB8yi8Xdt2lPrH6b82xoSTooxSq2Uwn4+SCyVwEP+FUtP4qzynXjylIb9KAGnH:OSYZtt0THg5W0S/V4+SCyfNanXjylIs7
MD5:	D5FA14056B52BE0953A08CEBD36CA01A
SHA1:	A8D8BF476615C89A6B011651A73E151E2A640D11
SHA-256:	7091E901BDD3E9753CFCAE52F21D495110653B942FA7E4082647B2B363F01DCA
SHA-512:	F5DE03E26DE045B3CBB17FBDABA4561C970AE00E0DB651FDF3D2125990E3B2D56B354147E42C58F97DEEB736B606A2009CAC8636641782B06CCDB1340E0AEE77
Malicious:	false
Preview:	RIFFx...WAVEfmt ........"V.."V......dataS...}~~~~.~..~.~.}.\|...........\|.}.~.............~.}.\|.............\|.}.~...........~.}.\|...............\|.}.~...........~.}.\|.............\|.}.~............~~.}...............}.~~...........~~.}.................}.~~...........~~.}...............}.~~............~~}.................}~~............~~.}...............}.~~............~~}.................}~............~~}.................}~~............~~.}.................}~............~~}.................}~~...........~~}.................}~...........~~.................}~...........~~}................~~...........~~}..............\|}}..}}}.................{....\|..\|..\|................}~~............~~}...........\|\|.}.}.~~~~...}..\|\|................}~~............~.}}\|\|..............w~~..x.~..........~~~~~~.......~......z.....~~}............\|.}.~...........~~..\|.........\|}}...........~~}.............\|}~~............~~......~~~~~........~............~~}}\|............}~~~~~~~~}}...............\|}}}}~~~~......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\well_cover_you_you_defuse.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	42044
Entropy (8bit):	6.0567901637707235
Encrypted:	false
SSDEEP:	384:W5iqttMyO1Hs3DGAztqFQ5h3+mh7R681qqRYk+0RXbbjDWc+pIAHmdGRQJO2Yxwc:SBzKmdtHOmPb1NRdbU385JvYyd126g
MD5:	25A2801162745C728303CB33B78DFE46
SHA1:	63582F17DFA67FB0AA6995F9A50A9A9AD5B99FDA
SHA-256:	78072F213B699B2813C76A647AD1FE5EDA4CE28755316067B2B826DA9D1C769E
SHA-512:	AD2A0A8A4D178DEC58DB207ADA3BE07FE8BF8A73126DB119BF2BAFC30FE9FA3105F668AD3E5090630F4C2F3113A490F2B21F3D1D9A2F959A3C4A46B4D11437EE
Malicious:	false
Preview:	RIFF4...WAVEfmt ........"V.."V......data....~~~....~~~}................}}~............~~.................}~............~~}.................}~~............~~}.................}~~............~~}.................}~~...........~~}..................}~~............~~}.................}~~.............~}..................}~~............~~}..................}~~............~..}}}......\|\|...\|..\|}}...}....~~~}}}}}...............}}~~...........~........~~~.......}~~..............~~~}}}}........}}}}}}....}}}}}}}}........}}}}\|\|\|..........}}~~~~....~~~~}}................}~............~~}..................}~~~......~~~}...........{{..\|.}}.....x.....~..}.....{{{{{......}...........~~~~}}}......\|....\|\|\|}...}}~~~~..~~.~~~.~}}.......\|\|\|..}}}...~~.......~~}}.}....v}~~~~......~..}\|{........\|}....z{{......~.{..\|.~}}~..~....~x..}}.\|{..\|.\|......\|\|}....\|quy....}usy....\|wxx{....wyqy....zw{~.....\|.{..{.z}z.}.}~............vpou{......~~.....z.\|~.}\|{xt.....\|\|\|\|.......~~.~{yxw..{wz~..........{z.twz\|}wz\|....vwy.....kj

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\well_done.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	12436
Entropy (8bit):	6.618588378427021
Encrypted:	false
SSDEEP:	192:pfLrPAN4JMBxPrOQT0ihGIlKaHyIvkQAt5zNcWpKq7HYbQ:pfnJ6PYihpK0yIvk3BcWpKCHYc
MD5:	3225CCB66E873DD939BE59E4E9B1FF0C
SHA1:	6EE95A6ADC1A2C003AEA9E5C53BC41FE791DD897
SHA-256:	69099AF4C22D8B9C62FAD795CC347F5B1000003A8B44743CFCE9513257EC88FE
SHA-512:	D22266E4A673D0089A38988A044DAA43064D42A6C29A34556DC1BE12C65A46CCCABC54BA1EF6325156BD859D905A259A8864E213B4C88A954D7B43E6BBFCC257
Malicious:	false
Preview:	RIFF.0..WAVEfmt ........"V.."V......datag0..~~~~~.~~~}}\|..............}~~~...............~~~.......\|\|\|\|\|.....~~~~~~~..........~~~.~~.....}~.............~}\|.....~~.........~...........~~}}\|\|.............}}~~~...x..........}........zz.....~~.....{{z............yy~y..{.}............~}}}\|\|\|\|\|.}}.}.~..........~~.z{\|}.y{}~..............}{y.yy{y{y............\|x\|wy~yu.~....zs\|.....~z}..w\|.\|w...~xzv{.....{y{.....wzt\|{.}.\|...~z}........x\|\|.}..~xxxx~\|.............~.}~.u}~xxxx................tt\|s{ypwuz~..............ztvxxqpwuzw\|............wzrnsosvqs\|}...........}.yrrjlosvtx\|x............\|qmj_edjku~............zjhfinrosp\|z.~.........{nqsuvwhgmkq~...........\|}{}zuo[]mwx.............}\|{vunngopyz\|}............xwmcagljwux.............sfac^kqouz............srifbgejnkv............wrkicc]gchtz............vb\PKMO\blw........r~..t\J@=BJcv.............yfN@9<GVo...........\|rc[M<9@M]oy..........g`f]UNLKI\jx...........vhc_[WTVWcq............wvolieaejp}.............{ywqtpvu}.{wvx.......{.......{{yvqspnmwquzy.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\weve_got_the_situation.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	33812
Entropy (8bit):	6.544273852483093
Encrypted:	false
SSDEEP:	768:EebvOm5C9cHBzlGfprUezrvkYtuzr5M897888Ug/5kslTJXFaVYf:EerOmRzgfprUez7i5M8x88w/5kslTJXD
MD5:	88786F560AC456C73247E391CC8703D5
SHA1:	79F3F9FDC0676784FCEBCBF78D40ECA8438E8AD4
SHA-256:	F0A8327B0A417F2DB7304C8F7FA419ECA8BDE1FC362195F9B3528586825849B9
SHA-512:	D251A9394DACCFD4CA4ADB02199EB735BE802099202A388184658EB581EBE86D0C2F275692018FA06675CB06497376B6FBF91F17BDDF8AD1F8F653721B366222
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data...........\|....}}}}................{......}}..}.\|..........z........~~.......~~}}}...........}}~~~......~.....\|..{..........}~~..........................~~~.................}~~...........~~}}.............}~~~~~.~~~.}............}}~~...........~~.......~~~.......}~.............~}}.................}~~............~~}.................}~~............~~}.................}~............~~}..................}~~............~~..................}~............~~}..................}~~............~~}.................}}~.............~}........~~........~~............~}}..................}~~~~~.....~~.......}}}}}}}}}......}~...~~~}}}}..}.\|........\|\|\|..}}...~~~.~~~..}}....\|\|\|......\|\|}}}}......~~~~~~~~~~~~~}.............\|\|\|}}}}~~~........~~}v}}\|\|\|.\|..........}}w}}}}}..}}........}}}}}}~}~.......}}.}}}}}}~~~.......}}}}...\|\|.\|.\|..}.~..~..........}\|\|{{.{{..{.............yyxxww}}.............qb[\k..........xoovv\|\|{{{.........yqyrrrz........vvu\|\|\|\|u\|\|...........yqqqy..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\weve_lost_the_commander.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	24386
Entropy (8bit):	6.714573501947249
Encrypted:	false
SSDEEP:	384:Co0bgvqydV2YzDc/Uekfgb+79OEhHVIFcYvykEgz+2sDhznKMPU63v6yJITtrBxq:Co/nDRfK+79Rh1IF/vH0bhWMspyJIhgt
MD5:	CF0805251E8FD547461B5713A5568FB8
SHA1:	176660D0011A9F87A51EEBCB256B9C399D253C04
SHA-256:	EF743D946136BDA4B56785D96108F152F3811432CC788329E8BF83F6F83D8FF5
SHA-512:	A27BB9DE89E23EF738EAD631E886D92D7FF2BF1458576D4FA11248DFE322EB106D1608FDEABD56B4DC66A4F2D8FCAD68927A2E766D9595DA809CD476892E73F1
Malicious:	false
Preview:	RIFF:_..WAVEfmt ........"V.."V......data._...}~~~...........~~.................}~~............~~.\|.................~~...........~~~}.................}}~~............~.......~~~~......}~............~}}......~.........~..........~~}}\|...............}}}~~~~~~~~~~..........~~~~~~}}}}................\|}}}}}}}......}.\|..{..............}}~~...........~~......~~~~~......~...........~~}\|.......{\|....~~.....~.}.......{{{{\|....~.....~~~.}\|\|.{{...\|\|.............~~}...~~}}}~~z.............yx~}\|zzyx}........~....\|t\|\|\|tszy..............\|}wwxxyy.zz............\|{{{zzzsz.............{{{{.{zz..~}{...........}....uvv..~..........{zzz{\|}z\|~..........\|zqwusqwvzzy........smnwxpp`fu{...........phjkmvpiktu}..........utlcjjjrss{...........{scjjrqpxw}...........{ungpqrr{t\|..........\|tkjjqx}}~...........wwnmlsz...........~.\|}xzs}~.........v{rpouty}.......[OLXo..xo~...........wRLMUf...........}szpwmcbap{........wqjdenv............yqh`hpwx.......}ngoppwwvt..........{p`abdu...........vtrqwujq{z......\|ytvprt~......wus

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\what_are_you_doing.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	35994
Entropy (8bit):	6.356203951380775
Encrypted:	false
SSDEEP:	768:BD+ljZg+5kFXyXz0bfhDHuvQnH0NCKwM/6KldPiC6xii:BDiP5QyjIfhDrH0Npiid6/xii
MD5:	542E289FF042712704B9DB8E704437AD
SHA1:	4F84DE4126651F77A6AC2FF34069EDECBDB13173
SHA-256:	19E512AC4938BD376C35B71C67E7DCC75B5F3176F71C89CF8D8DCADB17CB3145
SHA-512:	BFB68206F990E14805AD0F7B914A39069932A811F307BFDAFFED03983EE50CC323C4749B407ECA106370795A67ED76ADEA2C4552E9F55371AEA4BBD14FC6AFEA
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......datan...~~~~~~~~}..................}~~............~~}.................}~~............~~}..................}~~.............~~}.....................\|\|....\|\|..........\|\|....}}}..}.}}\|.................{\|\|.....\|............{{{..\|..........}}}.}}.~~~~............~}}}}..\|..\|}}}.....~~........~~}}.....{.............\|.\|.}}.}.~.~~.~~~.~.~.}}.}.}.}}}.}~.~.~~.~.~.~~~~~~.~~~....................~~~}}...........\|}}}~~..............~~}}\|............}}~~.............~~}...........\|\|}}~~.............~~.}\|.\|{{..........~~........~~~~}}..........}}}}}}~~}}}......}..}.}~~~~~~~~..~..}.}}}.....}}.v..w~.o~.~.~.~~.}}}.\|....\|....}.}}}}}.}.}}.........\|\|}}}}~~...........~~~}}}}}\|.........~~~~~~...~~...}}}\|...........\|\|}}}............~....\|\|\|.............}}~~~.......~~~}......\|{{...........}}}}~}~}}............{{{{...........~~~..........~~}.................}}~.............~}.......~~........~~.....z.......~}..................~.....y.......~~}.................}}~.............~}.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\what_happened.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	24386
Entropy (8bit):	5.516395317252081
Encrypted:	false
SSDEEP:	384:gsrBlP+6w5ZA2XIA7v2Wmb0pq+fZX5lfOBMM4842fg8u1RlK3b:gsFl29TA24A7OWmb0pq+R8MM7fg80ur
MD5:	8F3636A9738711CAF1984A9BA934F464
SHA1:	A59020014D8EBF123DCC1A046EEB3032FE29C0B6
SHA-256:	C6DA0448B2FE1F25C88D795CA9C20454870922F13F6C95F9EC7F06ADA9FA57EA
SHA-512:	657CA66E4774940562FA8550A00A89228D1D8604245F4A46294141862A5860A5E1772557EF1C7EBDAA1B81DC91A654FD167C2ADF645C03549531A88B4E0A876F
Malicious:	false
Preview:	RIFF:_..WAVEfmt ........"V.."V......data._...............}~~.............~~}}...........}}.~~......~~..................}~~............~~}......................}}~~~...............~~}..................~~...........~~}}...........}}~~~~~~~~................}}~~...........~.......~~~~......~~...........~~}................~~..........~~}}..........}}~~~~~~~~~..................}}~~...............~~}}\|................\|\|}..}}}.}..~~~~....~~~~~.............~~.........~~~~~......}~.............~~}}\|.............}~.~~~~.~~~~.}}}....~~~............~~~}}}..............}}}}}}}}}}......}....}}}}}}}}}...............}}~~............~~}..........\|\|}}~~.............~~}}}\|\|..............}}~~~~........~........\|\|\|\|\|\|\|\|..........~~~~}}}}\|\|............~~~~~~~~~~}}............}}~~...........~~}.............}}~~~~~~~~................\|}}~..................{{{{{{...........~~~~}}}\|\|...................}}}}~~~~~~~~.......}}}\|\|\|\|.........~~............~~}............}}~~..........~~..........{{\|\|..............~~~}}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\what_have_you_done.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	25004
Entropy (8bit):	6.001115795625841
Encrypted:	false
SSDEEP:	768:cIIzcUIXT+LgjoaWEI9m8xEROndWw32gnOaJ3:cImZIXggcmandWw32gOaJ3
MD5:	D929F8FBE997D35BCF3E310D8EB782A1
SHA1:	4310D8E2C10987E2CA57D92EE2BC34C6B951168C
SHA-256:	281BFE2E888C85DE2AD76A67420FA385F07D7A784E694418C6C4AD04DE5406CE
SHA-512:	60E2BDF7C11259C46159451ADA6B9D2867C55FF5D5025D38CBC705AD0A4A0132DEC8ABFD93EC4F46F6AC2E9020576181684EBFECD8A3DB869A9B35A5CB709AE2
Malicious:	false
Preview:	RIFF.a..WAVEfmt ........"V.."V......data.a.........~~~~~~~~~}}.........}.}}~~~.......~.........~~~~~~......~~............~}}\|.............x..zz{{{zz...............{\|\|}~...............~}\|\|{..............xx....~~}}}\|.\|.{{{..........wx....~~~~~~........}.}}}}}}}}\|.............}}~~~.......~~................}}~............~}................}~~...........~~}..................}~............~~}..................~~..........~~~}...........\|\|}.}~.~~~~~~~.....\|...{..z.{....\|....}~~~.............~~}}.............{.\|...\|.}}}......................}~~...............~}}..................\|....~~x....x..~........{..{.\|\|...~............~~..\|..{.......}}~............~~}.................}~~..........}}}\|\|\|..........}~~~~~~~~~~....~}.}}}}}........\|.\|\|....}}}~~...~~~~~~~....\|\|...\|..\|\|..}~..........~....\|\|\|{...........}~~~~~~~......\|\|\|\|...\|...}...~~~~.~~}}}......{.....}}}~........~~~~}....\|\|...}.....w~~~~~~~~~........\|..\|\|}..}}.~~~~~~.....}}\|...\|...\|\|...}}}.~.~....~~~}}}\|................}~~............~}.....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\where_are_the_hostages.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	22812
Entropy (8bit):	6.588090934974775
Encrypted:	false
SSDEEP:	384:MwI0fGpOP0s/ULVQ0JRmgkFrqA4+qZE9Dm5VAu3TtsLOg4BTTn5uekbX2LO/:MwR1PbCTJEgkFDCYgRsz41Tn5uekbX2c
MD5:	BB9F95C3FD684D250D60DF4B55EB3684
SHA1:	621DC1F8355C295A2BEB6C309F5FC13E1606204A
SHA-256:	437EBCD45AB0B049875481D56A0A47BAFFC08630AC8D52B8FF48D8252B4F01ED
SHA-512:	8E81088169E74F9A72C1D5E1C3C6C83B4F54857BE80450C388A1ADC2FBC3FD2A7688873BFF21112248B7599AD01D214501FE29D31A443D5EE2BCDD81175CC74A
Malicious:	false
Preview:	RIFF.Y..WAVEfmt ........"V.."V......data.X...\|}.}.}}.}}.......{........{.\|\|.......\|.\|........{.{.....\|\|}....}}.}....\|\|\|..............\|.}..~.~..........~.~}..\|..\|........}}}}}~~~...}......{.z...............~~~......~~~........{.{{\|\|..........x.....~~~~}..........}}}~~~...............}...{......z{........~.......~~~}}}..........}}~~~~~~~~................\|}}~..............~~}}\|..............~~........~~}..\|..........}}~~...........~~.........~~.......}~~.............~~}\|............}~~............~~}..................}~~.............~~..........~~~~........~~...........}}\|\|..................~....x...~~~...................~~..y..{{..z....~.....~}}}}}~...}~..........{zy....~}\|.....\|}........}}~~~}\|{.......~....}.~...}.....{{{{..z....~}.\|...........\|}}~~~........~~}}.....\|.....\|.}}v~~.~.~...............\|}wx...................{{{\|~..~..}..z..\|........\|}wy.~~~yz}...........z..\|yuy\|xyy}....yt~......up{}...}{.\|...~}......y{v......txs}..}..~z~.....}....}.\|\|{.}z}y{u}}............yyzvy}}}{...{~.~..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\where_are_they.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	18074
Entropy (8bit):	6.700598236181603
Encrypted:	false
SSDEEP:	384:oEPM0WV0y0XEQKcn/5CLgw4aoJaKpECzleKEGZaruTzyFOe0BZKl0Plb:oEPXWCXU0f5aCa2ZSI+0B4l0Plb
MD5:	18AB7166DC9BB15A3526DAF248E71A3B
SHA1:	78C5E04CB6A4CC76497D0CA59D2BB6F74DA19FAD
SHA-256:	1E2DB69D7EB129AB552E8B8E8BA1DCF53A95C18A8F9E7A871315F51EAFF3D16A
SHA-512:	871E74A4E06A2C2A857237E221BDC408F222A816ADF5E7D708D103D2CD40F4EE02038A3B37871D1F0D9063CFE5755CA5559B4D3EF992211B081E16F99E93CF98
Malicious:	false
Preview:	RIFF.F..WAVEfmt ........"V.."V......datamF..}}}\|\|..................}~~............~~..................}~............~~}..................}~~...........~~}..................}~~............~}..................}~~............~~}.................}~~............~}..................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~............~~}..................}~~............~}..................~~............~~}.........{{.......~~~....~~~~~......\|......\|\|\|...}}..~~..........~~~}}................}}~~...........~...\|...z..........~......zzz........\|......z........~~.......z......~...\|...........{\|....~...........~}}.......~........~~.y..z....z...........~~~~~....\|.~..........zzy..~.......~~~~.....}~~....zz......~...\|...z..z.......}~.~.........x...~~~}}..............\|\|}}~~..y..........}..{{zz....z.............zzz...~..\|\|\|......}}.~.~.......~.~~.~..~~~~~~.~~....\|...~~}}}~~...}......}.~.}u\|..~....\|{{~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\where_are_you_hiding.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	47330
Entropy (8bit):	5.92850471983657
Encrypted:	false
SSDEEP:	768:XFnotZ4WgriW5zmVzw72jPsNzb1Zsoi5fJQwvzbQjdpgBAUhYO9budVT:XF2Z4WoiImVzwAylZF4RvzMGAUhj9buL
MD5:	3B287F6E3F9BFF527F8A4FAEBFDF401D
SHA1:	4D5975845CB123A1AF2FE6C3C7DDF4DC3A914F1F
SHA-256:	CD8F52806AFDDE9EAB812249522F281A066FD62158FDDB974A0DA239B0049260
SHA-512:	0C5EB0D7D0702EE2A318C2A3F8B005567C7C8F635724DB2164054EE6926E373972F793E5A09D76D658A14A0C81C35B07A639AEDCFD388F8C8F173E4204CE36E8
Malicious:	false
Preview:	RIFF...WAVEfmt ........"V.."V......data.......}~~............~~.}.................}~~...........~~}.................}.~~............~~}.................}~~.............~}}.................}~~.............~~..................}~~............~~}..................~~..........~~..~~~~.~............~~~}.................}~~..........~~~..............\|\|}}}~~~~........~}}}}}}}}}}}}.........~~}}}\|\|\|\|.............~~.......~~~}}................}~~~~~~~~~~}..........}}~~~~........~......\|\|\|\|.....}.~~..........~~~}.........}}}~~~~.....~~............{{\|\|\|\|}}........~~~~~~~~~.}}}}}}........}}}}}....}}}}}}}..............\|\|\|\|\|\|}.}........~~}}}}}\|\|............}}~~~~~~~~}..........}}}}~~~~~...........}\|\|\|{{........~~.............~}.\|...............}.}.}.~}.}.}.\|.{............}~~.........~~~}...........\|}}}~~~...........}}}\|......{\|\|\|}..........~~~~}..................}}.~....~~~~}}................}~~~~....~~.......\|\|\|\|\|\|.\|.......~~~~~~~~~~~}}}..........}}}}}}}}}}.............}}}}}}}~~~~~.........}}}}}}}}\|

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\where_could_they_be.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	17120
Entropy (8bit):	5.723315127985716
Encrypted:	false
SSDEEP:	384:Bbp7AhjTmontSVb0+hD4Bvv8xIQSmhjZXjxGhrEhjVHF:9p7AhjT5ntqN4Bvyt5x1jVl
MD5:	76302096017C66B52D18138E72FEAA1F
SHA1:	FEAA550EA463EEA95AC059582A16E8DB413553AC
SHA-256:	768CF910F38F0318705E0E830E5D155C404B48FB2452041DD53AF37FDB3A9990
SHA-512:	23048D3BE478089E7A4A4CEBC8AA598D5357CD805FB2D05DEC95D3CB81531DACC8E1CF40056D9A536FAFF8A9B0F8F10AD837132289B8A0D4BF0AC705F99A5CB0
Malicious:	false
Preview:	RIFF.B..WAVEfmt ........"V.."V......data.B..}~~............~~.................}~~............~~.}.................~~............~~}.................}~~............~~.}.................}~............~~}.................}~~...........~~}.................}.~~...........~~.}...............}.~~............~~}.................}~............~~}.................}~~............~}.................}~~............~~.}...............}.~~...........~~.}...............}~~............~~...............\|.~~...........~~.\|.............}.~...........~~}...............~~...........~~}..............\|\|\|\|.\|..............}}~~............~.......~~~~.......~~...........~~}}...........}}~............~~}....................}.}}}}....................~~~.........~~}...........\|\|}}}}~~.....~~~}}.....\|\|\|\|\|......}}}}}.......}}}}~~~~.~.~~~~~.......{......{{\|.}}............~~}\|\|{....................y...~~}u\|...........~~..yyyyy...............\|\|}}}v~~ww~.........}.}}}}v}w~w~~~.............\|\|uvvww.............~}\|\|{zzzy~..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\where_is_it.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	10862
Entropy (8bit):	6.492092227639505
Encrypted:	false
SSDEEP:	192:YV9691XGTCuuno+ZqjYgykF4+0DeU9ynyF457GZpiHqQGlEp:k9eXGTx+ZqjXPXqs7GZpiKQGlEp
MD5:	01F393E257BB5607D2D968A6A0E99FC1
SHA1:	72235DF801C386F53083C8FF73ED27AC5159E18B
SHA-256:	D597DE25E034406E90BC8CCAEDB1B2A9BE19C08FF95958A17AC27028192C0658
SHA-512:	F41C2140BE2BAA9BC6CDC537E8A832E5DA1716EA1D22E405E9956546C0C339AE76264D53CC8CCC05996E41092A7B587B2E4DA5154164CB310B81939C89950D51
Malicious:	false
Preview:	RIFFf..WAVEfmt ........"V.."V......dataA..\|.}}.}}}}..~.~~.~~.~~...............~~~....................}~~............~~}..................~~.............~~}}}}.........}}}}~~~~..............~~}}}\|\|\|...........}~~...........~~}.................}~~...........~~}..............\|\|\|\|}}}.......~~~~~~~~}}}.................}}~~...........~~}............\|}}~~............~~}.........z.......~~...........~~}.....{.........~~xxyy.........~~}.}\|.....{\|..\|..}..}}...~~~~~~~~.~~~..~~..}}..{{........\|..}~..y..........}....~~~~~~.....~...{..\|\|.....~}\|..~~}}.}.....}~.......tss.......\|.{.......{{.....~...yy............\|......{{\|\|.}}..~~...~~~}..........\|uvv}...............~~~~..{\|}~.yz............z~\|{{~~z{.}..}..........wu\|..}.~...zy}~........t~.......v}{z....~.........~{\|}...\|.~wx.x..~.........}..\|\|yz\|~{~.\|~.....\|...}..{.~{.~}}~.v}\|.....}...........}yz~}\|\|vx{z...........zw{.z}xxt\|z.................wtyux{...~..vu}.......~{.z}.xx.}z~yu.......v}~....~.yvs.\|.z{.ty~.........z.}}~yuzy\|xww~}............~uu.z.~x

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\wheres_the_bomb.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15698
Entropy (8bit):	6.457517852670458
Encrypted:	false
SSDEEP:	384:bPc77KdlnZ0MbEC0a/HMaaWMfUqTCNp3Oznh4avi8E:bE6dlnyMbECBMaalUnnE48U
MD5:	2B1296DC89042A8CF3F5FF3B7764516C
SHA1:	B0FD8122C6EDA49A63ADF7BA85B439407A6E4F6A
SHA-256:	552DDF97C64BF60B60E7A976E86E4D0C6569A9C686CF07CCF4780219D3B4083D
SHA-512:	281BA397ED8F11104C673B7727EBBED25E4C37D0FBEB64B035F4CF88E3E934151C1DDA36B6B73555D604FC36B7E456C6E308A9854875F78DBF373082F0619AC9
Malicious:	false
Preview:	RIFFJ=..WAVEfmt ........"V.."V......data&=..............\|.}.~.~~..............~.}.}.\|...............\|.}.~~............~.}.\|...............}.~~............~~}.................}.~~...........~~.}.................}~~...........~~}.................}.~~............~~}.................}~~............~~........~.~........~~............~~}.................}~~.............~~}.................}~~............~}........~..........~~...............~~~}.....................}}~~...........}\|\|\|{.........}~~.........~~}}................~............~~}}..................}}~~~.............~..............{\|}~~............~}\|.......{{.\|..~..........~~}}}\|\|\|\|...............\|\|\|\|\|\|}}}~..................y~}}}~~.{..~.......z...~...~~}}}}}~................~}\|..z.z.{.\|..~........~}..{.y~xx~~..............{y.}\|z~\|{{z~~..............zqyxv}{.~.....\|..\|......~qt~..\|vnw.~..........}{.....wvuy~{...\|~..........yxz~.z.z{wty........}~}......{uy{x}\|\|}x{.}..........w}z.{x\|ywuy}~............~\|..uxwvwxux\|..........\|...\|y}v.{

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\wheres_the_bomb2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14318
Entropy (8bit):	6.495954904311683
Encrypted:	false
SSDEEP:	384:CSVWgXWtqj0figlevbxbSOsBkwwjdfRE0Ferb:C0WgalevbcOYkdqh
MD5:	220D701464C3D6AEDF3CC3528552986F
SHA1:	898B8FBAA047ABCC653F0893A2E9EE45A88F4BBB
SHA-256:	7F7E58608A13E65FD7719EBA0F29F3941D6554C421B6236CDBC143D385F0FED3
SHA-512:	B5A7239E0E354C5652AC3CD313266983D7AAC691FEB66FB792E8F7B04C00C531DA6CB8F780AEA377E9849AF5B781A0855E92E3CDF9396E24D8B07E2D5664E9AD
Malicious:	false
Preview:	RIFF.7..WAVEfmt ........"V.."V......data.7..}}}}}}}.................}}~~............~}.................}~~............~~}..................}~~...........~~}..................}~~............~}..................~~............~~}..................}~~............~~..................}~~...........~~}..................~~............~~~}.................}}~~............~~........~~.......}~.............~}}.................~~............~~~}.................\|}}~.............~.....~~~~~~~......~...........~~}\|..{.............~~~~~...............~~.~...........{\|\|}~.................~~}}}}}~...}~............~}.zy}}.\|.}.~...............x~~v}}}.}........}....{{.....{{\|}~................~}\|{zzzz{.}......~.......}{ywuzx.~....}z.........yzzrzyx.}{...........~.....~.{uwxyy.y..~...........}yzvxzu~y{}~w.............}yyzvxzuxzu................wwtuxvsws.\|............{}xuzqrlppv}..............{yuphhkqpy}.............ytmqntxr{zs}............yyx~}{{olqntv...........\|...\|sxsunlvx{}..~...........z~vrmxstvvvv}..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\wheres_the_bomb3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	16268
Entropy (8bit):	6.686005257826953
Encrypted:	false
SSDEEP:	384:KhUPsHzScCdgj81g4MkNPn+LCruScx5e0KWZyibK7:Kh0IzSrdgruPncIKSFWnO
MD5:	62668FE2874EA667CB08340ABBFDEC4F
SHA1:	0C101E00E9DD62868ED87A0584E9C31F2132E097
SHA-256:	101F7D57ECFE4C08B69404EB1757DA6DEAB20708CFB53BA26A0A9FA7B67047CD
SHA-512:	FC25E44AD6CF99E804046895A1A03799AE9ED6AF2981296BB448E1C21708C4D9C3CC866A56E863F3F85899B360CBED3F16DC9546725792BA9C7273508B96106B
Malicious:	false
Preview:	RIFF.?..WAVEfmt ........"V.."V......data`?..}}}\|\|.................}}~~............~~..................}~............~~}..................}~~............~~}.................}~~............~~}..................}~............~~}..................}~~............~~}.................}~~............~~}..................}~~...........~~}..................}~~............~}..................}~~............~~}.................}~~............~~}.................}~~............~~}..................~~.............~~}..................}~~~.......~~............zz......~~..........~~}}..................~~..........~~~}..............{{\|......~~~.~~~~~~~~.~.....\|...{{..\|\|...}}.~~........~~~~}}\|............{...}}~........y...~...\|......~.~~z.\|\|.~.....\|\|......~}...~..}}}}~~.........{.{..z..~...zz~~.....~......~...yy.yy.....~~~}......\|{{.....\|.\|.}}.~.................{{z..........}}~.........~~~~~}}}}}.....}........z..z.{.\|~....\|.}~~}........{z\|\|{{{\|~.........~..x.}{.}z}.{..~.{{u}.....zw{~.\|}~.}{y~z~........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\whew_that_was_close.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	35686
Entropy (8bit):	6.3460167054772425
Encrypted:	false
SSDEEP:	768:+zPGCvXvuSIqAHVrNUjtiENTwwTL09UAe9to9ICsUeUu1lV:+Dhv/uSIBHVrNUjtiENTXTo9K9tHCsU6
MD5:	2B504DA6DABC3F74B2E837163A9E2474
SHA1:	55749F60495B8E5836F4FE8AA4E38C8D9F36D298
SHA-256:	C59A6DF5629A23AD732E566B6E04692545C076B7554738276DA8347073F1AFFB
SHA-512:	01F7F24BAB1D302A65E73815ECED534E424C6F7FCFE76BFBEBA6B1F08B216F3243C9907CBEE0C165E2327EE33FC989568C5EC96B06C9A6D7DCF4F8CF447D196D
Malicious:	false
Preview:	RIFF^...WAVEfmt ........"V.."V......data:......}.~~...........~~.}...............}.~~...........~~.................}~~...........~~}................~~............~}}...........{..\|..\|..\|..{.........{......~~~.......~~.................}~~............~~}.................}~............~~}..................}~~...........~~}.................}~~............~~}.................}~~............~~}.................}~~............~}..................~~............~~}}.........\|}}}~~~~......~.}}...{.................~~~............~~}}................}}}~~~~~.~....\|......~~~~...........~~~~~~~~~}.........}}}}~~~~~..........}}\|\|\|\|.\|\|\|.............~~~}}}\|.............}}~~~~~..}.\|.................}~~~...~~~~~.........}}}~~..........~........~~~......}~............~~}..............}~~......~~.........\|\|\|}}~~..............~~}}\|\|{............~~~~~~~~}}}\|............}~.~~...~~~~~}}.............}}}~~~~~~~}................\|}}~~~..................\|\|\|\|\|\|\|\|\|............}}}}}}}}}}}}..............\|\|\|\|\|\|\|\|\|\|.....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\who_wants_some_more.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	22626
Entropy (8bit):	6.683721307064705
Encrypted:	false
SSDEEP:	384:qQ56vdzFaydUwFs/7Vjr98ZM/uWdfcUnpDboSYEe7atfAyjJh2KP1xl1oRl8:H6vdzIyd+7BkM/uIcBFXQPJj7l1oRl8
MD5:	28151B3200B342FEE8C8BCD022672AA1
SHA1:	E31E7A1C22EE73D16C0EA579944C52CA10617D20
SHA-256:	ECDF2AAD120D3FA5F73A3EF71C8A4B3DB9DC5DED0CB8EBEE3DCA650F7226C687
SHA-512:	237840FCDC241C3199AE9430D074B35AAE008B9769AD8144ADB28E55B395CE21C3E263D8F7796DD667F252B506E95327826DC272F50D39032ABBF5FF73ADE3E7
Malicious:	false
Preview:	RIFFZX..WAVEfmt ........"V.."V......data6X..~~~~~~~~~}.................}}~............~}.................~~...........~~}................}~~...........~~}.................}~~...........~~}.................}~~...........~~}.................}~~............~}.................}~~............~~}..................~~~~...~~~...\|\|............}}}~~.~~~~~.........{.z...............}}}.~}}}}}........}}}}~~~...........~~~}}...............}~~............~~..................}~............~~}.................}~~............~}.................}~~.............~}}.................}~~...........~~}.................}~~............~~........~~.......}~............~~}}.................}~~~.................................................~~~}}...............}}~~~.......................~~}}.}.\|\|...\|.......~~~~~~~~~}..............}}~~...........~}................~~~....~~~...........\|}}~.............~}......~~~..........~~..~~~~~}}}.........}~~~~~~~~~}..........\|\|}}}}~......~~}}}\|\|..............}}}~~~~~~~.....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\whoa.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	12996
Entropy (8bit):	5.267364518412014
Encrypted:	false
SSDEEP:	192:GZdO/TGZ9eBMrqaoXVGDush8PXuVoOfn2nc15Ka1iBLd+RWX9:vr8esolaFh8ofn2nc1Aa1iBLd+sN
MD5:	6536DB7A908C69482DC83334C66F3052
SHA1:	5C5A7E43B9A36932063D2562D4255CCC48EAA5C0
SHA-256:	49B8EBC06183B62701E2157F538370F0FC7CDDC79908C8EB2FF0558A7BC2891A
SHA-512:	4AAC85AB614BA278C2446125FB242279A5D20E5C2AEC521BCDC0930B9707D303430842FBE8A718C4C1478E452CD427D964F046478213C61D99BC87AE6DD0B152
Malicious:	false
Preview:	RIFF.2..WAVEfmt ........"V.."V......data.2............}~~............~~}.................}~~............~}..................}~............~~}................}~~~..........~~.}.}}.\|...{......{..\|.....~...y....z.....~~.......~}}~~..\|.....{\|..~~~}\|.......~}\|{.....}.......}v.x....~}......~}\|.~~~~.............yzzz.y..........}\|...z.\|}{}{.....}....zy.~......}..z..~...}z......\|.{}~~....}...\|}.z~\|z..~.~\|........y{\|{.\|vw.......y}.....vtut}...y.wz{.....\|...~..wz~\|\|w{......}~~~.....}xx....ytt}.....~z..~.....}..z{.....z{\|{}~...\|.{{.....~.{y~{.{~.y.~\|.......{}.\|.~}uvy\|.}............~t~qyqqxu.....xpz....yfad{...xlkt......v{....}}zxwxzuy}....{tw~....wttu....}wkp.....~r.}...}.....y.z.}..ywwrv.....wz.....xwy~..{y}r.}}}.{{\|...........{w{\|~zykk_f}......uo}....iBE[w..}vsq\|...........~~.z..tnS_p....}{{.....xfp~...~q`\br...{}...........kacjx{}pb^cr.....{u.....~]UTnxz{rlglt...........\|wnrk]_d...{xcev...afv.....p_QUt...}qnnt}.......xx.....ydP>Fw....yw\|......ncs...ztonqlbXgx.....z......yi\[r..n`KIhx..........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\whoo.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	13922
Entropy (8bit):	6.180083371175861
Encrypted:	false
SSDEEP:	384:OqF29JJ8UU8zaSGj33dfLnfI0rMMlXoc9Zm03GL:OqF2x8UU8zaSc3RnfhjXdZSL
MD5:	027B83A3FDB35B3867E268201F2A0AF9
SHA1:	448E04D7E2FDBFAEE25AFAD38C19F228FFC14FE1
SHA-256:	66EE39A17EEAA6296F9FE9D39CCF514571672391BC7A151C1F09D3BA9603619C
SHA-512:	B1C16E21D6F0082812B5100593209FFBF58DA4AE4424D64C3045416058D5B6EDD76D4139160EA168B7BC07EFD35A44B1B54774309F284078B19831531B5EBF0D
Malicious:	false
Preview:	RIFFZ6..WAVEfmt ........"V.."V......data66..}}~~..........~.}}}.\|\|.........}~~...........~~.................}~~............~~}.................}~~...........~~}...................}~~...........~~}..................}~~............~~}.................}~~.............~~}.................}~~............~~...................}~~...........~~}.................}~~............~~}.................}~~.............~}.................}~~...........~}................}~~.........}}\|\|.{........}~............~~}}..........}}}~......~~~}}...............}~~.........~~......\|.\|\|\|\|\|.......~~~~~~~~}}.......\|.\|\|\|.......\|\|\|...}...~~.....~..}..\|\|{..{...........y..yy......}........z{...}~~.............~~}\|................}~~~~~~~~}...........................}}}~~~...~~~.....\|\|\|\|\|\|\|.....~.......x~~~}}..\|{.{..........~wxxxx....~........\|.\|\|\|\|\|....~~~~~~....}..\|\|.\|......}~~.........~~................\|}~~.............}}\|......{{\|\|}}............~w}\|\|{.z.z..........yzrss{.............zz....\|\|}}~.......~~~}}\|......\|\|}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\whoo2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15096
Entropy (8bit):	6.824937048333792
Encrypted:	false
SSDEEP:	384:kOLWcLsOr8wbIhCZc7JMMbRX42Z/K7UpWlk:HLlFr8wl22yh/2UYlk
MD5:	33FB9E4DE5CDD3D01EF35C3B08912D0F
SHA1:	7DDF9184BEDA80AF602B14A93FA36769DF1E7740
SHA-256:	4A5885CE50C7E9E6CEF57238F2D0EDBD2ADA1FF753A86A34C7C26EDFDDE0F5EB
SHA-512:	B5C6974BDBA819B257876C725304C71389BB486FCE5525AE8888195875B90DB50442375D166AA60E688B97BB3B344101333EE521E10A457B2EE4D691B5A00AD3
Malicious:	false
Preview:	RIFF.:..WAVEfmt ........"V.."V......data.:......\|\|}}~~.............{zzzz....................~~}\|.{{.......~~..........}\|\|{{{{................~~........{{{\|}}~.........~}\|...~~}}}~~.....~..........}.{{{zzz{..................{{zzzz{{\|}...........~...zyyx}}~~..}~...........}\|.y}\|\|{{\|}~..~....~.......}.y}{z}}yz{\|~...........}\|..}{yx{~zzz{\|........}.......vuzyqwww\|}.............{.ypwwnmm\|u\|\|}...........}}uumeefnox..............{jihhhpijtu~.............nsqomskk\egq..............sh]ROMRaiiv\|.............peSELWdpxww.............yolbQMNJMQfu............z_ZYWKG>BBVq.............mbTIGIDDIMTe}...........kSI=?;>?CHSc............[@501144;DU~...........R5.)(,025@Ph............tH+"!"$(-8Mf..........._:!#$258DV...........sL,..... 2Pw..........~@#....8:DQo.........zgD1$.....`...........M$.....1g~..........J?:<;=840-7o.........~~Y/($ .*F.............E2'(:GM_`RX_........t^Q^L@88:Br.w}..........vK1%/19Kf....n}......t\d]PG@9MgULN^\|........\|G$...'Cq....sm.......ME9/9<RwSJJPi........]+$.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\whos_the_man.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	19882
Entropy (8bit):	6.355081454918065
Encrypted:	false
SSDEEP:	384:DcCOGSsQOngELQwU88j/CrOzMucKmnPSicstlFj1lwG:ICOPegELQwW/zM0mn8stl11lwG
MD5:	6C24C279990381D1E57BCE6D51D1A569
SHA1:	737721C5F7931C888E33C891613E5CE1ACE1123A
SHA-256:	A2B31FA2DD10A7E68C740EC636ECD5DA91FF7F970687F8163406CC86ED63ADDF
SHA-512:	A907E0EF067DFA83A1ECF557F4AB21BC1688B19117BB1794BDDCF4A35862DDAD75218EABAD5A04806C9B4FE1809F2BE0857CD5008C63727E8C7E37F888841234
Malicious:	false
Preview:	RIFF.M..WAVEfmt ........"V.."V......data~M..y}}}}.~..........z..zyy.w}.............~.yz.{{\|{{.........~~~}~~~...\|}}~~...........~~~~~~zz..}~...........~~}\|\|{{{{..............zzzyy..~~}}.................yxxxx~~~............~.xxxxxxx.............}}}}\|\|\|\|{{{\|\|\|.............zyqxxwv}..............z{{{{{zz...................yzzzy..............{u}~~...z............~}}}}~...}~............~.\|{z~}}}}}~............\|{szyx~}...............}~~..xx.......~~............{{t{\|\|uv}~.............~~vvuu{{.....................wwww}}}..}.........\|.\|\|\|\|}vwwx................~~}\|wwwx~..}~............~..}vzyxxyz{}.............}zwty{ywvyz..........~..w~\|y~zwzv\|y~}..............zzyw\|yuz}~.\|.............y{\|}}tsy......~.........\|.....yyy.~w}\|................~\|{zxw{z~~~..~..........zyx~{yv.}{z\|\|\|..............~\|zxwuzx}..............~\|..\|y.ywvuz{y{............w{vxyxvxtr.xz.z...........}ztnfudcs{......z......zrpxrpstuu}u.............~\|.vrzrptwr\|...............}yuonknox.xyy............ysnmkkqcjnj~......~.\|...\|i_[fjupy\|\|

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\window.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	11300
Entropy (8bit):	5.8861699416015
Encrypted:	false
SSDEEP:	192:sxCdscGlm+sNLMSG4aBpF1wBLBnT0J+AnifEq3Qm:sixGw+sJMTlz0XIJ+AnifEq3Qm
MD5:	DFFAF0B4B7A7DF6F1865797E953DCF83
SHA1:	D57D4B818F5C3853D26FCD8DC4E748CFDEBCC843
SHA-256:	037F5338146BE6DD9E77DD4BC87DC7F9840FF6D6246582A60F0480AC47DDE5E2
SHA-512:	AE5E56C4F8CA23669DADB6DAD3C72387B9113F7543E19CAC3ECF230489021213132DFC6C6FBAD919A31E7171F6E3BEAF50E61ED3070C2A65F5083274A3672399
Malicious:	false
Preview:	RIFF.,..WAVEfmt ........"V.."V......data.+......}}~~...............~}}....................~~~~~~~~~}...\|.............\|}}}}}}}}............\|\|\|\|\|\|\|........~........~~~}}................}~~...........~~.................}~~............~}..................}~............~~}.................}~~...........~~}..................}~~............~~.................}~~.............~}}...............~~...........~~}}..............\|\|...\|\|\|...........\|..}}}}}~~.......\|\|\|\|\|\|.......~~.........~~}}...........}}}~~~.......~.........ut...........}}}~~~.....~~~~~~~~}}.............}}}~~...........~~........~.......}~~..........~~}}............}}}.~~....~~~~.}.}....\|\|\|.......}}}}..}}}}}v......~.......~~~}......{{..{..}}.............~}.\|...z........}~~.......zz....~......~~~~~.....}~..yz........~~.....~~}}.~........yz...{..{z...~....z~~........\|}~~.yy............}}\|\|\|..............}..x.yy..{...{......\|.~}...~{{\|}~........z.{zz..}z.\|..}.......{.\|.}.}.z\|~...~......\|}z..{..\|~.\|..~{..~.z.{{y.......\|xzx}..}x...~...~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\windows.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	17290
Entropy (8bit):	6.408507175824263
Encrypted:	false
SSDEEP:	384:mTfnknuGoF9bALtP0DdYppBXNfyH2Ry147eB+gAb6ya0p8Dj:mbfKp0pYVs06G83
MD5:	5B45C747210D30F1C3D141A2A4C4E46E
SHA1:	626F64B37A790B4B9A37C4F886F3429F55629D1B
SHA-256:	A89D37C85E3738A78D39F50E7877BC8A28F5F64B0976AC51D3AAB6434143FD11
SHA-512:	21F46CD574DEC9F86FF427882E36903F110FCDEA230099E1104C9CAB673EAB07BA5DE80B71180E005E9194DDDF2C946FA23B990DBFECED7A1511DD8F20FDDC89
Malicious:	false
Preview:	RIFF.C..WAVEfmt ........"V.."V......data]C..~~~....~~~}..................}~~............~}..................}~~............~~}.................}~~............~~}..................}~~..............~~...................}~............~~.\|\|{{{...........pyyzz................z{{{uu...........xxxxx..........}}\|\|\|\|u........}}}~~~~...............{{{zz.s...........yy..rz......v}.u{.....z{{{....~.xq.zz.....zzyq.........yxxx~~....~......\|}\|........sy}\|.v{{..y......\|~vw..~~us..w..~xw.........uvpqrst.....}\|....w...zzy.....~~..\|\|~w.....\|u..}}t...~}\|.~..{~z~..\|y..w..t.w..y....}{....y.{ny......}z\|~yz\|}...........}{yxv.......u{\|..\|..{.v..yy..x.}{.~\|...}{{v...~....tvy\|~........}y..~v.\|{sp...}.....~..~~~\|z..~z.\|w.{q.~..{x..}...yu...ywtqu......\|rq.....lp..~..y......vkw.....xrtp.....~}\|.\|.{}xyzzr....~z...xtv{....v.s\|{.~.~r}.yyy....~.~x}y.yw....rx~v}.\|.y..zy}....y.wo~p.yp.~.....\|....~{z.}v.p.pty..x..}..\|.....~z\|xu\|tnxn.z......mnx....xogtz~\|.\|}.}..st\|~......xrm....~rw\|}....~x.zz....z}.....pw....ywx{\|.}....xz

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\wine_cellar.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	20004
Entropy (8bit):	6.005289877291104
Encrypted:	false
SSDEEP:	384:sxoDYacxeap1JV8UlQr1m0i4HrPuvbysSrr33EYm:sWDVKlV887lErPMbG/3Et
MD5:	90E032652880EC9DB969BC522DA5276F
SHA1:	B80A9711604467AD499022E2CFB8012C5F2A4A81
SHA-256:	82C67CC97784138F1C406295A42C76939BAEF1F25A8F3CDAB84AE218C0D18A35
SHA-512:	D29DB72C41C2D19FF7BD5107F456B91CFE9A999C6F1C06D9C62B840D95E0E9D479F42EB1FE1AD6CF24C8DDF05F26E3364CE9A14FC927148F7CBE0B3084793B84
Malicious:	false
Preview:	RIFF.N..WAVEfmt ........"V.."V......data.M...................}~~............~~}.................}~~............~~}..................}~~............~~}...................}~~.............~...\|\|\|\|..........w~........~~~}...............\|\|}}~..........~w..........z{......~~...........~}}...............~~......yyy...~}\|......{......w.xy...........}\|.....\|\|\|.}}}~~~~...~~......\|\|{{{{{\|........~~~~~~~~~......wwwwx...........}}}}}}}}}~~........~~~............u.v..............~}....~~}}~yz.............{zyx}...~}}............{\|..\|\|{{zy.~}.............qqz.s{{{..........{....{u.}~~.........~~.....{{.....\|\|}}w..~....~~~..}}}....\|\|\|\|}}}}.......}}.}~~~...x.......~~...{...~~~~.....~..{..}}}\|......{.....{...}~.\|.....~.....~\|..~..~..~~~~~..~.......x.yyx.~}...}{~x{...~{wx~....ztm~.~..}\|.z.....~}.}x}~~...~.y......{z.....{.zyy~............zzzz...x.....z..}}.~~z........\|.u~..}\|{y.....\|.~.}}~..}...z\|~..\|}v~}\|......}...}\|{{\|}.\|.....}.t...........~\|ws~{...z...\|...~..}.{\|tyux.....ztor.....g`l....}kcm~...~tir....~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\yea_baby.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	18236
Entropy (8bit):	7.217772373716455
Encrypted:	false
SSDEEP:	384:fHig/yjJuKPC165Q0RsHW/PGPJOrSrbQ+gio2S1B/iDIm:KvjJuKP265VLPkKk8+r0Z+
MD5:	2EC35229995E591DBBDCD71360D733BC
SHA1:	40710DA1D3A0DBE09320E51C097C31E1A61764B5
SHA-256:	8CCB1773C2D8235729091D76B984F16BEDC9577CF88614D076B5D7262D446D33
SHA-512:	2D0E6AC7A7628AAC608743B317BD7BBDEC9C05212F0B972F5B269C599ADCE720D5C4AE679EC57DE29FC2B1060C62771FB2CA4850633AEF32DECDDF66EA1C08E5
Malicious:	false
Preview:	RIFF4G..WAVEfmt ........"V.."V......data.G..\|\|..}}w~....~~~.....\|\|....{{\|\|........~~.x.......~~~~~~~~....~~~~~.~~~~.~...}}}}}....}}}...}}.}.}}..}}}....}~~~~~~...~.~~}...\|\|\|\|...\|\|}}...~~~.~..~~~}}...\|\|.\|..\|\|...}~~~.~~.~.~~.~.}}.}}.}}.}~.w..~.~..~}.\|..\|\|\|..\|...~w~....x....}v....{{.{.....}v.....x...~.....\|\|{u..\|\|u....~w....w~...}wvww..........xw....z~~}.x~~z..v..{.v~w....}t....xhf...xmz..\|~........v.s..[vj~.ncBe.......L?C.%X()..:.+(.... $1e..C$...hHrDs...,5...KP...s..TN..V7}.}...n;...k6...t..vQw..zI{.....pP\|...jR7...."....j=+F..1Hi..{..Ypp...jFU..UB}..op..~_...YE...EY...R.sk....T[...}^..l...yZ.....ts.~..kc{.\|.o`.j.\|W...M^...D..../..i.?....M.}w..k.}W.m.\|Oby...(._.....}.o?..P.[\.G....`.}.sqRf.{[zM..m,n.:%i..0..f.H..Ty.L...D..9w.hhY..AP...\2l...d]..w.....N..U.I..Y.fn..2..c.z..U3...61T..{UPs..bT.a..}..tcz..ir~L....w.qDk..~mR....[iFu...`_WV....9.@..d.7.qj.C..m..oO...^<M.....'$:...k46..Z*&....(. 8....._....VM6:......\1-L...~L...j..,n....DLncqS_....OJDr]I{..............(.j..>53

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\yea_ok.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	16218
Entropy (8bit):	5.687661170637282
Encrypted:	false
SSDEEP:	384:LsJFHmlopinBhTiendtR6UJEx1Mn7d7W26UbcFQAOXTAL0p:LsPHnuLTnMmKQBz6lDOXTAQp
MD5:	43135A3D47CEDDA6CF97653A0EA77E81
SHA1:	932934BDDC9511926EE11B40029957BA4C1C5B62
SHA-256:	20DD77E5AC0B7D64D3DA9C2D7C170C85D42810819FEB3639CBE87FAD4319B539
SHA-512:	A8905342146352BF590312E84B6BC0BFD9F238C77C9F7B05B5B77E930A7DF7E162E298E648A63AEF16FA1AF8D7B0B5413A979EEE94650C4534E2370A98AD937A
Malicious:	false
Preview:	RIFFR?..WAVEfmt ........"V.."V......data.?............~~.........~...\|................~~.........~~}}...............\|.\|\|.\|................\|..\|.}}}}.~~....~.~~~~~.............~~..................}.~~............~~}.................}.~.~..........~~.~.~.}.}.}.}.}.}.}.}.}.}.}.}.}.}.~.~.~...........~.~.}...............}.~~.............~}.................}.~~............~~}.................}~~............~~...............{..\|.\|...........{.{.{....\|....}~.~.~~.~~~~~.~~}.~.~.~~....................~.~..........................................~~~}}..........{..{..{....\|..\|......}}~~~~.......................................~~}}............\|.\|\|.}.}}.~.~~....~..~~~~.}}}.}..\|....}..}}~~.~~~~.~~.}..\|.............{....}...}.}}}}}}.....\|.}..}.~~........~~....\|..{..{....{..\|....}}.}.}}.}.}}}.}....}}}}}...}}}......\|\|\|..}.}~.~~.~..~~w.~}}.........{..\|\|\|....~~..........~~~~..}.....\|.\|.\|\|..}.}}~~..~.~~.~.}}}}.....{.{.\|\|\|\|.}..~.~~~~......w~~..}.}.}}\|......\|....}vvw~.....jss.....ypw....zz~........~xys{...}}t

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\yesss.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	23366
Entropy (8bit):	6.847383852262604
Encrypted:	false
SSDEEP:	384:lEPJNQ9F+8T/qlxrMTBaiPg3xbYaQKin0nV3WAlu69Uae5wi1Knxvx0vgUZ/EXFt:lmwrnlPWrV3xzeqigx+vxZ/M3Ctf6
MD5:	D06C3EBFD07B30BBAE70DA4A7FC77A28
SHA1:	80AC61AA70780F41EED0C282C6913345CB2C3E12
SHA-256:	0CB6A51AA2405D330183D627613B38227F2EE4D114A4FAEC2DD4901CCB66C1A1
SHA-512:	09970CF900F1020C1F6E7EB978A93CCE79717E97C0EEE0A7716406F99700220F7E719DC85CCD17C2FF1AA0C0C6013FCA966B4388AD41E5F56B1286D47D99FC91
Malicious:	false
Preview:	RIFF>[..WAVEfmt ........"V.."V......data.[..~~~~..~~~~.................}~~..........~~...............}.~...........~~}.....................{..............{....}}..}.}}.}}}...}.}}.}~.~~~.~...~~~.~~.}..\|..\|\|.............{..........{.....\|....\|\|.......{\|...}}}...~.....~~~}}..............}~~...........~~}...............}~~.......~.~.}..\|......}}}}~~~~~..~.}......{{....\|..}.}.~~~..~~.......\|.\|{{\|\|\|.......~.....~~~}}..................~~~.........~~}}......\|......}}}~~~~~~~.~......}}\|\|\|.....}.}.}}}}}....}....}}}}~~.~~...................~~~}}}}........}}}}...~~~~~...}}}}}}.......}}}}...}}}}}...}}}}}......~~~~~~~~~.}}....}}...}}}.}}..}}}.}..}}}.}...}}..}.}}.}....v}}}...\|...........\|u\|\|..}}}....~w~....}v}....\|\|....}}}....~~~~~.~~~~~}.......\|\|\|}}....}}}...~~~~~~...}}}.....\|\|\|\|.......}}}}}....}}}..}}}.}..}}.}}.}.}..}..}.}}}}.~~.~}....}.}v}}...~~w~..~~w~....v}}...\|\|\|....\|}v....~~~~.........~~~~~~...}}.}..}}}...~~~~..~~~~~~~~.....}}}....\|\|\|\|.....\|\|\|......}}}..}}.}}.}}.}....}.}..}.}}}}.}}..}....}}v}}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\yesss2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	23442
Entropy (8bit):	6.844910281761335
Encrypted:	false
SSDEEP:	384:3KH0f/YK0BlRBQ3pOLPL/Ngpq6jnj4NvT01rPZ96fdK/8N9f7GA22YPnEh:3un/ypMbSbM709GE0NJvth
MD5:	97680C79E63C5E2F31096F8C158468F0
SHA1:	43343DB8C5EF772CC74EA31AD57295FC84853460
SHA-256:	450CE9F0A7376EAC1AE905461CBE9B3C7A89B172357697FD5DAEEA8499B0B973
SHA-512:	3ACA5DD0C1A4CF78F4B1C9FC4B93E95F7A82E3723BD754F2A806888795E803738CF2B81D7D888B41B43585B13DDF5EEA4EF9C9AFC3BFBFAFF47F28A0DB26549E
Malicious:	false
Preview:	RIFF.[..WAVEfmt ........"V.."V......datae[..v}}}}}~~........}}}}}}}.}}}...~~~~...~~~~...~~~}}}}}}...........\|\|....\|\|{......................{{{...........\|......\|\|...\|\|\|\|............{{{......\|\|\|........\|...}}~~~...........~~.}}.......{{....\|\|....................\|\|.}~~~...............~~................~~~}............z.......}~~~.....xx.....~~~..}}}}....}.}}}~..~~.......~~~w~...}}\|.......}}}.~~~~..~~~~....}}}}}....~~...........~~}..............{{......}}}}....\|.......\|\|}..~~~..............~~~~~...~................~~~~~.~~~~~...~w~.....\|\|..............}}~~~~.~~~.....v}}\|.......}}}}}~....}}..\|\|.............}}~~...............~~~~~~..~~............~~~}}}........\|....}}~~~~~~~......\|\|...\|\|\|\|}......~~~~~~..}}}\|............\|}}}.~~~...~~~}..}}.....\|..\|\|}..}}}..~.~~...}}}}}}}}...}}}.......\|\|\|...{{............\|\|}}....}}}}}}}.}....}}}.....}}}}.}}}}}}....~~...}}}}}}..}}}}.......~~~~~~~~..~~~~~~~}......}}}}.....}}}}}}}...........\|\|\|\|}...}}}...}}..}}...}}}...}}}..}}}.....}}..}}\|\|......\|\|.....}}}}...}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\yikes.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	13674
Entropy (8bit):	6.481024339160275
Encrypted:	false
SSDEEP:	384:62z5PtGi1jVD/9DdAG2s/R4e3Uax7YdlI:Nz11jfdARMd3VxWlI
MD5:	8DEE3FBC8AFA6DB6B6E14D967B04A1BC
SHA1:	41A182FA7C9841DBCCA3D2A00F6F6415275A0E47
SHA-256:	C41A625EAF061816B10F4539E139D093EEE6E7AC6EE5C4636E331A0ED68B0486
SHA-512:	7358D09134C3086E76F32D5548E5F5430F90DD181E19B612FC34327E58F7E24D0F2458344FB9BD0FAC753BC2281C019531BE891AEEE3FFD37366B9E3E0CCF7BF
Malicious:	false
Preview:	RIFFb5..WAVEfmt ........"V.."V......data>5..}}}}}}}}................{.{.........................{...................}~~............~~.................}~~...........~~}.................}~............~~}.................}~~...........~~}....................{.\|.......\|..\|}.}..~.~~~~~~~~~~.........}}}}~~~...............~.~.}}}}.}..}..\|.....\|......{.{...}..~.........~.......~~~~~~.......~.........~~..\|..{........~~...........~~}\|...........}.~.~...~~~~}................}~~~~~~~~}............\|}}~~............~~}}..........\|}}}}~...~..}}}}}.........\|}}}}}}....~}}......}\|}}}}}}......~~..~~~}}}}}....}.}~~~..}}.}..}}\|...\|\|\|....}~~~~......~~~~}.}}...\|...}...}~~~.~~~~..~}}}.....\|....\|}}}...~~~~.~~}}.......\|\|.\|\|}...}}..}~~~}.......\|\|\|\|\|..\|...}..}}.}..~~~.~~..}}}..\|\|....\|...\|\|....}}}}..}.}}}..}}}}.......}v...}}~~~..~~~~~~...}}}..}\|\|\|......\|\|...}}.}..}}}}}.}....}}..}}}}..}}....~~~~..~~~}.}}}..}..}...v.nv.w.~~~~.~..w~~...}}.....\|}}.}..}}~~.~..~.~.~}}}}.}..}.....}}}~~~~~...~~~...}.}}..\|\|\|\|.....}....~ow~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\bot\you_heard_the_man_lets_go.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	24798
Entropy (8bit):	7.024227135448946
Encrypted:	false
SSDEEP:	384:caN28645/GxmD3IuaNyd/cv1DXzHPYeFKndXgavUIfF5BdCd6ULjpD2:cS2ng+YDT+7000NvUMF5Bghs
MD5:	4FB22DB7DD74059CC8F9F371350277FB
SHA1:	A973DB2B22D84AEC427DAB44D2D88BD37FF5BEA6
SHA-256:	55C5CF817FD790051A28CF50CBD3DB0BC930A8F74F42B70CCDF0D70AB5DBBD16
SHA-512:	14F77E24DCFFA25C76DABCDF3F17C87DDF9BAA81EC45C23C5117DDDD3B7ED82EB05B26556F2391836771FE9F3F69D47B0ED5F0E9596C3BFCF15FF769FCA75ED4
Malicious:	false
Preview:	RIFF.`..WAVEfmt ........"V.."V......data.`..~~~..........~~..................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~............~~}.................}~~............~}..................~~............~~}.................}}~~~..............~~~}}}\|.............}~~~..........~~........{.{\|\|\|.....~.~.....~~~.....\|\|.\|\|\|.....}}...~~~~~~~~..}}..\|\|.......\|..}}}~.~~~.~~...}}}}....\|\|.....}ogp.....iaq....qhh.....g_g~...~wxx......ww.....}v}}}.......~~..xxx....~~..}\|\|\|\|......\|}...~~.....~~}}}\|........{.{\|......~..xx.xx.....~.}}......gQK_...p>6R...Q5=w...@.8u...WP^....wgg~.....xxxpxw~.....nfn}....vnv....x``i.....qiq....xww......}mW^}....ohpy....zzz.....phgw......{lt{{.......x....zrsz....xpovv.........D+,A....b&"0...B%'m...-.$Y...sk{..oYSb.....eVd....`KP.....Z44L.....fo....dV^}....{rq...mdc~....w6/@r....pir...}mm\|.....u{zxwh_g.....sVK`z.....w..~ulcip.....\|.{......:&#3....c""$i...61b..q7/K....t]....pC4?i....?,3Y....mt....jFAZ.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\ct_coverme.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	20226
Entropy (8bit):	5.292855913399175
Encrypted:	false
SSDEEP:	384:l4A0wq3myBlrbJroFd0VSN3iaFD4WUYrdqTjUHIxY9:l2wM1BRbJrCdzN3iUDjUYrdyxY9
MD5:	7AE421061F91FDB5241ABFC07249BC32
SHA1:	A6EEC2D8FEC47314E449A31EAB6E059ADB52FAD2
SHA-256:	9D572D091BA74645865A43548911BBD24468A32E6B21D27E0E21CE596FF98DA0
SHA-512:	0CDE4C01EBC7FF106BF5FB0B0218EAA811F2B02BFBDE8107873EAB5D418904B14413E469D08361757856C5BE088C037DBCD597D54F0818A761D0BC19954A1176
Malicious:	false
Preview:	RIFF.N..WAVEfmt ........"V.."V......data.N................................................................~.......................................~~....~~.........................................~~........~~~~..............~~.............~~~~.............................~~~~~~}}}}~~~~~~..............................~~~~~~~~~......~~~~~~~~~~~~......~~~~............~~~~~~~~~~~..........................~~~~.....~{xsnkkkmquz}..................}xsmkhghikkh`WVVVVVWcmx............................}{zxvusrrsssuuvxz{\|}~............................~............ztqmkikkkhaZVVVVYcmx..............................~\|{zxxxxxxxxz{{\|}}~~~~...................}tlc[VVVVVVYamz....................................~tnkgdccdfiknprsuxz\|~.....~}}~.................~}\|\|\|}\|{{zzzzz{{\|}}}}~~~~~~~~~~~}{{\|...........~........zsnkhfedefiknpqqqqmg]VVVVVV`o\|..................}unkhghkmoqrqpmkd\VVVVVVYgt.....................~~~~......~{xvy...........ztqnmmoqqrrstuxz\|..........~}}...........~..........qaVVVVVVVV[ems{..........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\ct_enemys.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	27462
Entropy (8bit):	4.879917092660748
Encrypted:	false
SSDEEP:	768:WSgbQnBXNhfYUPBnWeMudVUBggxOHpryDOkWq0BsTTsQ:nNhwUFW+dV6iHpryajeV
MD5:	8FC2D18AAC414337238ED73B60569264
SHA1:	2DB7BE30847B2637E1BFAA7430F3CE5024314CB1
SHA-256:	E67956FD3B4EB16EB0E890D6EDC78A92A86C1BFA6B3A036AF1031E6FE18FC363
SHA-512:	60E515F0EF2E0C972F85337CF966D53A9FE588B6184CC1A7A75BA58F020CB83E5C9D7EE0595581E99D188EF09EADA67CDB4D5FF2FD05FE6C6AFD948D708590AE
Malicious:	false
Preview:	RIFF>k..WAVEfmt ........"V.."V......data.k.........................................................................................................................................................................................................................................................~~................................~.~.......................................~.............................................~.................................................................................................~~.................................................................................................~~.............~~~~~............................~~~~~~~~~~~~~~~~...............................~~~~~~~~......~~~~~~~~~~~~~......~~~............~~~~~~~~~~~..........................~~~~.....~}\|xusqrsvx{~...................\|xtsqooqrsqmgbbbbbbkrx~...........................~}\|{zxxwvvwxxxz{\|\|}~~............................~~...........}xvtsqqssqmhbbbbdkrx~.............................~~}\|\|zz

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\ct_fireinhole.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	31674
Entropy (8bit):	5.358819824738899
Encrypted:	false
SSDEEP:	768:1SCONamIfSWnwSnuV/puKba/PodCyEvQK7Z9/VtTfRwPswjCLej4wTYJpwfwHL:00mIGSKp1SP4EvQ8BtTfujuSHTk
MD5:	AEF740191B398FE267388877756F325F
SHA1:	FD0F9625808595333E66C6F475D58D054E69E7B8
SHA-256:	A2672154C93403E0BC16F64EB4E30173CE7D3ACE841BB1821DA29B68A02BDFA4
SHA-512:	920A491D4E885B09BEA6EF99544F7954720217BA8F0165954BF56BFF2BC64BD0F74C5F7128FA587FA87FEA43ECCFFF9B2659BAD73841C185EB3797A9CE8E2DDE
Malicious:	false
Preview:	RIFF.{..WAVEfmt ........"V.."V......data;{.....~...............................~~.......~......~...............~................~.............................................................~~...............~.....~.....~~.......~~..............................~...........~..............~~...............................~..~~~..........~~~.......~~~.......~~...~~......................~................................~....~..............~~~~............~~~.........~..............................~.............~...................~~.................~~..............~~.............~~........~..~~~..~................~~...~......~~..............~~~~..............................~~~~~~}}}}~~~~~................................~~~~~~~~.......~~~~~~~~~~~~.......~~~............~~~~~~~~~~~~..........................~~~~.....~\|zupmklmpsx\|...................}wsoliiikllic[VVVVVValu}............................}\|zxvussssstuvwyz{\|}~~............................~............{urolkkllke^VVVVW`ks\|...........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\ct_imhit.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	13830
Entropy (8bit):	5.630031736822163
Encrypted:	false
SSDEEP:	384:CakfuLPU32ulmdslS2pR0kN66wWGYLhak1L:sSalm0nCJ+1L
MD5:	431FA62E66185071C97A176362B7A503
SHA1:	08E1887925AE139CDB7A21ED3AD3CF915124E147
SHA-256:	4D1A9A24475CF7CA9A3D41C52AD3A3D4CB7CCF5669765444AA3CC2E79DBF4050
SHA-512:	6058EADA45E15F5B7BB6713153189E65A8155660AE584ACB6928E5D11A95A074948A5612B368302F73101E4070E340A4CA9C5BB5D60E719897E8D9C68F2E4E85
Malicious:	false
Preview:	RIFF.5..WAVEfmt ........"V.."V......data.5..................................................................~..~....~~....~....................................~~..............~~~~.............................~~~~~~~}~}~~~~~~................................~~~~~~~~......~~~~~~~~~~~~~......~~~.............~~~~~~~~~~~...........................~~~~.....~\|xtpmmmosvz}...................{vsolkkkmmmibYVVVVV\fpx............................~}{zxvutsstuuvwxz{\|\|}~.............................~............ztromlmmmkd]VVVV\eow~..............................~\|{zzxxxxxxzz{\|\|}}~~~~....................zskb]YVVVVY^gr}.....................................zsokhgffgjlmqrsuwx{}~.....~~}~~................~~}\|\|}\|\|{{zzz{{{\|\|}}}~~~~~~~~~~~~}\|{\|...........~........~xsoljhgggjlmqrsssroi`VVVVVVdp\|...................zsmkjkloprsssqokf^VVVVVV^kv......................~~~~......~zxx{...........zuspooqsssstuvxz\|~.........~~}~...........~.........~qcVVVVVVVV^gmtz.............tkfeglsz.....................~xtrpoqrstutssssu

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\ct_inpos.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	23256
Entropy (8bit):	4.724115129950613
Encrypted:	false
SSDEEP:	384:VhylIP0ycdfrm7pvOnlcn4z9e8IA3iY9N0ISswuuEDlm7lyVk/zoQ6it6/bj2fGu:VhylIP0ycru1Onlcn45eBiiY0ISRuHon
MD5:	7BA8C05A5A94F47703C15BC81ABC0761
SHA1:	229106465F0BC6F3EA77F96A7C2862E0EA2FF2B5
SHA-256:	4A932B80E009EB9D1F34319006C78E6EB84632DDFF78A0C7DD9987DB9EBCCEF0
SHA-512:	77DD48AC9A7A047E79370308CC84D6C1B31A23C88C6F39FD1B41F217EF443B9C08B8EA66EEAAC140212D993F2F1A85A695464776D734EA18B07BF973B6B56754
Malicious:	false
Preview:	RIFF.Z..WAVEfmt ........"V.."V......dataPZ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~~...............................................................................................................................~}{xuttuwz\|~..................~{xutssstutqlfa``agmtz............................~}\|{zzxxxzzzz{\|}~~~.........................................{xwutttutplgdceiou{..............................~~}\|\|\|\|\|\|\|\|}~~~~~......................~ztokhgfffhlrz....................................\|xusqpppqstvxxzz\|}~.......~~..................~~~~~~~}}}}}}~~~~~~...........~~}~.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\ct_point.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	29222
Entropy (8bit):	4.862532151236311
Encrypted:	false
SSDEEP:	384:fTwusGmhPSfte+IIFJ8wXMsTrLV0agHyVt/wl2lhyZLvyfJ1pSIiB:pDk+IIFJ8wXnrLV0agSVdXhDfJ1pSI4
MD5:	00149B5616FF7BFB595DA0DAC3BA82A7
SHA1:	F870D7947AF9F7DABCD5F7BF027774867DC3C1AE
SHA-256:	C119F0244B8139002118944388CCFECF9ABC1865BAB8BAB8A189A7CC0F44A0B2
SHA-512:	76DC15F735E1CC1E2485E10EB9F793B1474E7E9444AE5D5C0FB546F8A229EEC6C245F73DEF9E6469BC48196D180ACB83EAC24964B4F72784F65F4A215EFD9476
Malicious:	false
Preview:	RIFF.r..WAVEfmt ........"V.."V......data.q......................................................................................................................................................................................................................~...............~..........................~...................................................................................................................................................~~~~...............................................................................................................................~\|zusqqqtwz}..................~zuspnnoqqqmf^YVVY`hqx............................~\|{zxwvvvwwxxz{\|}~~.........................................zvtqppqqpkf`[Z\cksz..............................~}\|{zzzzzz{\|}}~~~......................~wqid`^^^^`fmw....................................zuqnmkkkmoqstuwxz\|~.......~~..................~~}~~}}\|\|\|\|\|\|}}~~~~...........~}\|}...................~zuqommklmoqstuuuusmf^VVVYbmx................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\ct_reportingin.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	24434
Entropy (8bit):	4.763365953124604
Encrypted:	false
SSDEEP:	384:aOhPYJCKTKklS5RT/6ELM7W4Yu1BXK8WoRR0Qo6eU5r6p3ew+qYTc:acYUKTKklS5F6RZ1BXKVoRSQFJ6AwBYI
MD5:	DF8C38402160663C926E1A001E51A938
SHA1:	7493AEEDCAA6E7C4AF717F9E868B8B4365B2616E
SHA-256:	333058DD0247FECC4AA5A164BE21043622B545482CBC0E5826AB36FFBF39B6B8
SHA-512:	29A72581CE31616A66E00B71B38FB3EE40490730796ABD2CC39368A59D88B7A4BDA55156C7CE6C202C12B36BFC474A48B6732BFB6C17EE87341702E000132D19
Malicious:	false
Preview:	RIFFj_..WAVEfmt ........"V.."V......data.^..~~~~~}~~~~~~~~~~~~~~~~~~~~~~~~.....~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~..~~~~~~~~~~~~~~~~~~~~~...~~~~~~~~~~~........~~~~~~~...~~~~~~.....~~..~~~......~~~~~~~~~~~~~}}}}}}~~~~~~~~~.~~~~~~~..~~~~~~~~~~~......~~~~~~~~......~~~~~.............~........~~~}}~~....~~~~~~~~~~~~.......~~~~~~........~~...........................~.~....................~~...........~~~~~.......~~..............~~~~.............................~~~~~~~}}}}~~~~~...............................~~~~~~~~~......~~~~~~~~~~~~~......~~~.............~~~~~~~~~~~...........................~~~~.....}{xsolkkmruz}...................zuqmkhijklkg`VVVVVVZfpx............................~}{zwvtssssttuvxzz\|}}~.............................~...........~xspmkkklkhbZVVVVZdmw...............................}\|{zxxxxxxxxz{\|\|}}~~~~....................xpg`ZVVVVVW]gr~.....................................xqmigeddfhkmoqstvx{}~.....~}}~.................~}}\|\|}\|\|{zzzzz{\|\|\|}}}~~~~~~~~~~~~}\|{\|.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\elim.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	55548
Entropy (8bit):	5.331434765518087
Encrypted:	false
SSDEEP:	1536:NIDnQFIy3Z/RcY/LopGE499nCo0il23RcwUt:NPIiR7uQf8qv
MD5:	FE60C69DD4A60946F057E40944F81C87
SHA1:	2D2EED8ABA92F07C71B223C64EEA24C65A742708
SHA-256:	BF1E449DA781E84644478108C8C170617B861699C4698C5AC657243782C5292E
SHA-512:	6E8A93A7A72F3592F318F6F9C54C3BECA7ABCE83FD1A1F491F036B1DA6AF9E540C5FB7CA243F24CD98082C5B36A8967F81D8944DE0C542FD55C221C8B7D86AFF
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......datat...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\enemydown.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	27082
Entropy (8bit):	5.115313491916666
Encrypted:	false
SSDEEP:	768:Dhyo8GQunLnQeg+tTxlS/4NYVCl6hQr0GbWrCGhyp:DMoaunDI+hxlSg6VClLr0GbWrCGMp
MD5:	DAA720D04F69B79EB803B4BCC1264704
SHA1:	38A93D4F50253770E3ACEAAE1DFB1AE840571B85
SHA-256:	B67764832723AD8FCFA5EBBE15141F550E66F814D3E1E9194CE46605B4F0C9EA
SHA-512:	97A5AD0F7A0C199EE4D56CC15C6549135333BCDE7F438B2E4D514DCE936E3136802342AE7B40080905124362C83118964C9578960CA4054EF745E348AC7F0B4D
Malicious:	false
Preview:	RIFF.i..WAVEfmt ........"V.."V......dataKi.................................................................................................................................................................................................................................~~~~...............................................................................................................................~}{xuttuwz\|~..................~{xutssstutqlfa``agmtz............................~}\|{zzxxxzzzz{\|}~~~.........................................{xwutttutplgdceiou{..............................~~}\|\|\|\|\|\|\|\|}~~~~~......................~ztokhgfffhlrz....................................\|xusqpppqstvxxzz\|}~.......~~..................~~~~~~~}}}}}}~~~~~~...........~~}~...................~{xusrqpqqstvxxxxxurlf```aiqz..................~zvtsssuvxxxxwusoid```ahox...............................~\|{\|...........\|zxvvvxxxxxzz{\|}...........~~.....................{ria`````fkquz~............ztpoqtx~....................~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\fallback.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	31914
Entropy (8bit):	4.889468110064517
Encrypted:	false
SSDEEP:	768:ghyEcFL1NbKsRxVna1qGPhW7xwbTi8yT1COO/1hF9dpN/bztKPptNhyEX:gMEcd1NbKsz5fGPGwbTi8k19O/Lt/bw5
MD5:	0CEBD162013E24C982BFAD1550F89B4B
SHA1:	3CD1509717548FB3D67D7B0BF3FF4C508DE62EBF
SHA-256:	0007234376EA98D7D5D10EA67158677AE42F5557E3D3E397E3DB8BD6836396B0
SHA-512:	6296828B72464DE647D93BB2D43B1B9F6D30C42F7C49A9ABAAA90A2AFF167C0C98BC2E7B1E4EFA1BD735E5E95A4FF4715E344DCC331D8DBD2B6D2762AB395C68
Malicious:	false
Preview:	RIFF.\|..WAVEfmt ........"V.."V......data"\|...~~}.~....}}}~.......~~~~~~~~~.........~~~~~~~~~~...........~~~~~~~~~~...~~~~~~.......~~~~~~~~~~..........~~~~~~~~~~............~~~~~~~~~~...~~~......~~~~~~~~.........~~~~~~~~~~...........~~~~~~~~~~~............................................................................................~~~~...............................................................................................................................~}{xuttuwz\|~..................~{xutssstutqlfa``agmtz............................~}\|{zzxxxzzzz{\|}~~~.........................................{xwutttutplgdceiou{..............................~~}\|\|\|\|\|\|\|\|}~~~~~......................~ztokhgfffhlrz....................................\|xusqpppqstvxxzz\|}~.......~~..................~~~~~~~}}}}}}~~~~~~...........~~}~...................~{xusrqpqqstvxxxxxurlf```aiqz..................~zvtsssuvxxxxwusoid```ahox...............................~\|{\|...........\|zxvvvxxxxxzz{\|}...........~~.........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\fireassis.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	56132
Entropy (8bit):	5.425696087965023
Encrypted:	false
SSDEEP:	1536:ImLyzgBFOO5P1SxqXkZ649LYSnaLixExqxDA:lDiO5Nq645YZnxqC
MD5:	65BEF8B0B2E02C83118342D66ECF8DA8
SHA1:	463856F9EBF58CA1EAD663B962A8C746329AF88E
SHA-256:	2D51C3C7D3B3CF43D55CBBCD7EC2443226A567411E29A41E62E5E909E22FDFFB
SHA-512:	F4EA2067BCD8353D0AB2C2500D1AB365D78B51407799ABCB82665858BD523B9272979E4994041F9A5EF176BDCEC75C3E0AFEC6E8CF54C972426B212C0D64A9C8
Malicious:	false
Preview:	RIFF<...WAVEfmt ........"V.."V......data.................................................................................................................................~~~......................~...........................................................................................~~...~~~......~~~~~~~...............~~~~~~~~~~~....\|~.~....~..~~~~..~~.~~\|~....~.~.~~..~~~~~.........~~~~~~~~~~~.............~~~~~~~~~.............~~~~~~~~~~..............~~~~~~~..............................................................................................................................................................................................................................................................................~~...~..~~~....~~~~~......~~~~~~~.........~~~~~~~~~~...........~~~~~~~~~~.............~~~~~~~~~~............~~~~~~~~~~..............~~~~~~................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\flankthem.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	17252
Entropy (8bit):	4.119610868844178
Encrypted:	false
SSDEEP:	384:6TtCEcEgZQHBJtGC1GxVhtOzzfQckKZ+XlCtc4Ohp2cxekkEURZTtCEEY:6Tt/cEgZQHBJtGC1uVhtOzzfQckKZ+X8
MD5:	9371FA89934B0531311619F45267A461
SHA1:	703FF3B74DE630B516D47CC05E2E5A194C600642
SHA-256:	CA25CF92DEC34BD2A0E57596512F85E21CD26ECA6453298A44816125B7C250CC
SHA-512:	7B82FFEB0E0B99B2B1B09E797675A08258B612F7BC1332978C3EBEAC1C0E1D99E137733BA26A07908BEA81B302425786F7701AD38DE74BEAF2F80247312D6466
Malicious:	false
Preview:	RIFF\C..WAVEfmt ........"V.."V......data.B..~~~~...................................................................~~~~~~~...............................~~~~~.............~~~~............................~~~~~~\|\|\|\|~~~~~..............................~~~~~~~~......~~~~~~~~~~~~......~~~............~~~~~~~~~~~.........................~~~~.....\|zuokhhimrv{..................\|upkgeefhihbYMCAACO\it~..........................~\|zxutrqqqrrstvxyz\|\|~...........................~...........~vqmiggiig`XOHFJS_kv.............................~\|zyxvvvvvvxyz{\|\|\|~~~...................\|rh^VQMMLMQXdr....................................voieb```cfilnprtvz\|~.....~\|\|~................~\|\|{\|\|{zzyyyyzz{\|\|\|\|~~~~~~~~~~~\|{z{..........~~.......\|uoifdb`bcfilnooookdXLAAACRcs..................\|tlheefilnppomjf^SIAAACP_o~....................~~~~......\|xuv~..........xrolllnopqqrtuxz~.........~\|\|...........~.........udSCAAAAAKWbjrz............sg`^bhqz....................\|tpmllnoqrrpooprtvz\|....\|vqlkiiijmrv~.................\|\|\|\|~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\followme.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	24752
Entropy (8bit):	5.039028000987141
Encrypted:	false
SSDEEP:	768:bhycHBdKTLz+7uIhqFgJQrFfTFWKftKOmC/HY/4YEYhY2hye:bM6BdKTDSqrF7FWqKO1/YQui2Me
MD5:	00C7B01421E04E58A12F30FF6B2E3303
SHA1:	3DAE387B5F9ACA332744767C53D36519BD1BEBB2
SHA-256:	520BF6F2008B77611DF13D808E7FBC80DA5DF2794CFB1306BF95F05648E6B496
SHA-512:	AC10926F80227BDBDFE4979E15A7DC0126FD08D1EBC3AFDAA4DFBB35AC10F1F7FB95B8CF72CCB77B67AD1D617FA8802D952288573C67607E655371BB66790CC5
Malicious:	false
Preview:	RIFF.`..WAVEfmt ........"V.."V......data1`.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~}{xuttuwz\|~..................~{xutssstutqlfa``agmtz............................~}\|{zzxxxzzzz{\|}~~~.........................................{xwutttutplgdceiou{..............................~~}\|\|\|\|\|\|\|\|}~~~~~......................~ztok

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\position.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	30832
Entropy (8bit):	4.944548354901392
Encrypted:	false
SSDEEP:	768:Xhy5xAj6vvJElziyZiJRGDM8a+yEtUXFs2Oex2hyR08:XM5xAj63qlziyZiDN8a+yE+XF/OesMRd
MD5:	7F6109F72D3325B10829FF1EB0F244AA
SHA1:	E56CFC41C7E62A18151CB226290A68D8C31ECF16
SHA-256:	99038919FA8A7D89677DDD89BEB3558AD6FEC54F50A35917C7EC6B7F856CF2F7
SHA-512:	5B0257B797D6E5098E54174A6C85D58415AD09ED42797CB3C4D048173C273D5E0890D55F4F260529393C804E490C52E5F22775B5DE6E56EEE6773AAC7A4527BD
Malicious:	false
Preview:	RIFFhx..WAVEfmt ........"V.."V......data.w..\|....~}~~........~~~~.....~~~.....}}~..................~~........~~~~~...~~........~~~..}..............~~~...~................~~~~}..................................~~.......~..~}~.........~~~~~................~~~.....................~~~..........~~~~........................~...~~.....~~.........~~~~...........~}~~.......~}~~.......~..~}~.......~~~...........~~........~~~~.............~..~}~......................~~~..........................................................................~....~~~~......~~.......................................................................................................~}{xuttuwz\|~..................~{xutssstutqlfa``agmtz............................~}\|{zzxxxzzzz{\|}~~~.........................................{xwutttutplgdceiou{..............................~~}\|\|\|\|\|\|\|\|}~~~~~......................~ztokhgfffhlrz....................................\|xusqpppqstvxxzz\|}~.......~~..................~~~~~~~}}}}}}~~~~~~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\radio\regroup.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	34190
Entropy (8bit):	4.975686077915398
Encrypted:	false
SSDEEP:	384:/LKdh02OA5f0gezfLmJ0j2CPVedIVyXml8ctD9HfIlWDTwfp1Lt4qWNLiq:/LKdhBBM7zXVAdIEXc7t1QywzJ4qWNLz
MD5:	7AFC08354314B7861D1773AD3A37A74F
SHA1:	F1623C7D18ED95AC4AE803032ED5E0DD70584D46
SHA-256:	F1F2FFF32A7394D0E97D260C7894EA8F2DFA5E270E73F1C0ECF45A64E54D9A2E
SHA-512:	23FC8601E62F7D110B98BF910825A3F1463D07513B2CC9D7CA85A3EE2C1AC15F54EF8813FC5E738ADA4FC59ACC9DF6693ADA76C77D543D5714636782FA34733E
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data.....................................................................................................................................................................................................................................................................................................................................~~..~}}.....~......~~~~~~~..........~~~~~.......~~~~~~.........~~~~~...~..~~~..~~~~......}\|~..~~~.....~..~}~~.....~..~}~............~~~~~~~~~...........~~~~~~~~~~............~~~~~~~~~~~............~~~~~~.....~~.............................~~..............~~~~.............................~~~~~~~}~}~~~~~~................................~~~~~~~~......~~~~~~~~~~~~~......~~~.............~~~~~~~~~~~...........................~~~~.....~\|xtqmmmosvz}...................{vsomkklmmmjcZVVVVV^gqz............................~}\|zxwvtsstuuvxxz{\|}}~.............................~............ytsommmmmke^WVVV^fox~..............................~}\|zz

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\sentences.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Non-ISO extended-ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	21860
Entropy (8bit):	5.410003273345301
Encrypted:	false
SSDEEP:	384:V1+nvLcwaNtFQFC+Iz3QSgP81zTHEXYUSCTl78stXeTOWUY:V1+nvLcwaNtFoC+IzgSgP81zTHEoUsJ
MD5:	2E1F0D6ECEAE61D0285CA51932277491
SHA1:	E4543E52BCD806DFB3ED83ADC769E1C578022768
SHA-256:	EA850D30FC680F87C0CD09684E910ED75C174C28FDF1944725A924C43C4BC8F0
SHA-512:	06295DBDDD1B939C228E34664F59ABCDDA249F96DC24F38801871DC12568F44E05FB76D55642A86ED806CABAC83BBBACBE10910E1F841BFE75A6F353DC9C0F32
Malicious:	false
Preview:	// HALF-LIFE SPEECH SYSTEM SENTENCES. DO NOT MODIFY THIS FILE! Max of 1023 sentences.....// HUMAN GRUNTS..HG_GREN0 hgrunt/clik(p120) grenade! clik..HG_GREN1 hgrunt/(t30) clik take!(e75) cover!(s5) clik..HG_GREN2 hgrunt/clik clik oh! shit! clik..HG_GREN3 hgrunt/(p110 t40) clik(p120) get!(e78) down!(t30) clik ..HG_GREN4 hgrunt/clik(p110) (t40) of!(e75) god! clik(p110)..HG_GREN5 hgrunt/clik no! clik..HG_GREN6 hgrunt/clik move! clik(p120)....// Player Alert..HG_ALERT0 hgrunt/(t30) squad!, we!(e80) got!(e80) freeman!(t20 p105), clik(p110)..HG_ALERT1 hgrunt/clik(p110) target! clik..HG_ALERT2 hgrunt/clik movement! clik..HG_ALERT3 hgrunt/(t40) shit!(t20), (t50) we! got! hostiles!(p120 t0) clik..HG_ALERT4 hgrunt/(t20) clik(p110) squad!, get!(e80) freeman!, clik(p110) clik..HG_ALERT5 hgrunt/(t20) clik squad!, neutralize!(e90) freeman! clik..HG_ALERT6 hgrunt/(t30) clik clik move!(e75) in! clik(p120)....// Monster Alert..HG_MONST0 hgrunt/clik(p110) (t50) bogies!(t0), my! sector!(t0) clik..HG_MONST

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\de_clipin.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14574
Entropy (8bit):	4.69009713845976
Encrypted:	false
SSDEEP:	192:z8gpkswFlWdSVZlsY+la2rhcicf+svmlCh74Up3jYZT3k6PGmoP7C:z8UkswFF+lJTcfdmkp3cU6PlW7C
MD5:	C6F0A530894AEFA0DBC50783B0A2F64F
SHA1:	D657AD148CC583DADCFA6C3204BE30F65444FCED
SHA-256:	A84CF03771036AB0F25AD27E058AB7BCAEDD71475FE7FDCA218A715D725A7E13
SHA-512:	CA5D1129377E400BE033BA8ED35447384E01ABECE99310FEDCF7FFBCD05AB1264E9B306C2FC751E02ED316913CF00C58C2FD3BFA145C2A8C5A9FD27D30D6C4F1
Malicious:	false
Preview:	RIFF.8..WAVEfmt ........"V.."V......data.8............................................................~rx..`c..w...p..l...mk...n.x}.......t...~\|.y\|ur~}\|...~p\|..\|t..~rz..xqp...xms..ltw.........th\|.tr...ot{u..x~...tx...u.\|{uvxx......\|qv..z.....wz\|y.~..\|....\|..\|..xv..\|\|...~...~~}}}}.~}\|}.......{}..\|~...\|}..x~...}.~}.\|...\|~..\|y..\|\|...{...{~......\|.....~\|....~.....~...~\|.....}\|}.........}....}~......~......~.}\|....}....x.\|......~..z....~....}........~..........~........~}.~..........~....}..}..}.}\|..}.....~.}....\|\|.\|}{...}..}~}}}v..z....}..v\|\|{.\|......\|\|..\|\|..\|\|}..{~...~.......\|\|..~..}~...~}.~z...\|x..}\|...\|..z..y}.....~}}..\|z.....~}....}..{\|.~y.......~..~}\|.......{\|..~......~~~}.~....~.......{}..~\|......~}..~~.......}.................~.........~.......................................................................................................................................................................................................................~..................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\de_clipout.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	7864
Entropy (8bit):	3.6736672234338226
Encrypted:	false
SSDEEP:	192:4Q7PZ8rO9bRzIOS3Q5HEKtSCdjnWWhCcJwBkwu:4Q7PZ8rOdRzIO/BftSkThCSwBkwu
MD5:	66502E359C1EC3279564B1E7726BB93C
SHA1:	C1D491797C031407BFC12EE9BDE2327C9F3E0483
SHA-256:	BA5CF5DEEEDDB0EAF97226D673CCF89E96EF6995FAB19E14653FB50A94121958
SHA-512:	FE5C364F15007133797E31D01F7EE5095C66B50261AC180DB3797B62FE8034DEE919D313CA974CBC5F3EF385351B4D8888A63112884FA1E466919D12FC3063F7
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data .............................................}}....u....v..\|......v....\|xx....z..\|...\|.}....\|....{~..}..}.......\|..~....~....{\|..~..}..\|....\|x}.................{{......~.......\|}}....}......~}...........~\|........~~....~~.......}..~............~...........~..............~..............~~~........~..~..........~~...............}...........................\|..........................~....................~~...............~.......................~...}}.....\|....\|y.....................}...................................~................................................................................................................................................................................................}....}~....\|....}}....}....\|~....~....}}........\|....~....}}~...{\|....\|z...~~...~z{....\|.....\|}........~}...\|...z....~....~.....{}....}~...........}}........~}.............~\|..........}.....~.........~.\|...~~~t...{........~{........w\|....{x...y}.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\de_deploy.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	11070
Entropy (8bit):	0.052920136488938854
Encrypted:	false
SSDEEP:	3:GOX1DxE2Kttl3:GO9Ktn
MD5:	4B734D9385E8488462429EC4CE5E5317
SHA1:	F2BEEF1D46BA5761284A55C0E5EFBCCC89ED9DB2
SHA-256:	EE25642D00D071694C0EF8A89E75EB524EC90A79DF8908DF76911435571B6884
SHA-512:	8D661CF3DB8ADCB185C75764703D7D6F4B32A2FF7ECCA1D6914B7E72789231A715CE5F41B07923FD1B7F239D8C5D50BFA5FAFE9B531D4C8D469D8BFD652BA7AE
Malicious:	false
Preview:	RIFF6+..WAVEfmt ........"V.."V......data.+..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\deagle-1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	25386
Entropy (8bit):	6.408877474323427
Encrypted:	false
SSDEEP:	768:XT5U/n03j20m+ny4rFdJcMYNrl2PU8bdf:X1O036L+nXFdJpYNr389
MD5:	AA852CB487EEF44CDBF08894D88125DC
SHA1:	5815213475B1ED1ADB76B019D4707BF15AED0384
SHA-256:	F31A564179401B2DB013851B39DB424106A82E808F8912C99756FA83D1CDB647
SHA-512:	ACE4998555C1EFBE22F95825EACEAABEEC55517114938256A619648953EE04FFF2124322DF0B39026F09A0C3C4A391B27805BB7AE6DDA5F2587709BD534D262F
Malicious:	false
Preview:	RIFF"c..WAVEfmt ........"V.."V......data.b..tgY...K$0HtwqaP&1.....D..(....Ap.( .x.A.../t>7#..0))++,.....h......................q\|..L.....lyopt..Pz............o\|............L............x.0..!C. $.$....7.7.. ..L{.!...:.c....Q..u....#.H..R.....#"$).5/..../$...<..;K..........$... !"#$F........lO....................v.....................................h.z....U..I...Lp....l#.d\...$..........Pd....c(4..JO2-!............"....H7NM.kG_X\\........................................ "#$%'(),,./4804568Otp...........D\u[f......l..................................................................................................................................................*`\|....HW.2J....0L@D?A>>?<<<<<6<O184342434423...............................D.J.H8+............................................... "#$&()+A?S80y"RL3k.^.8.M....s..THLLMNOPP.DXSUUV.:axn........................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\deagle-2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	31734
Entropy (8bit):	5.802713288349956
Encrypted:	false
SSDEEP:	768:T5U/n03j20m+ny4rFdJcMYNrl2PU8bdiFJYClP:1O036L+nXFdJpYNr384
MD5:	95CAA42E0C4E4138BBFF1957BD5C7FB0
SHA1:	FB98C27C6E1111BA1A0DB4A40E999E21C076C5D2
SHA-256:	1352F1183670C3550240BD98E09867160FDF1A1F42281A3831DC9F9B309C3ABF
SHA-512:	56C689051ACD40029EDEB1623E41727BB820AAA9BB874D74C5990C3DCD4DD62D7A65F76F3E2AD9A33ADA86016FA26F2B7BED1BEC3F416D04344A664543825187
Malicious:	false
Preview:	RIFF.{..WAVEfmt ........"V.."V......data.{..tgY...K$0HtwqaP&1.....D..(....Ap.( .x.A.../t>7#..0))++,.....h......................q\|..L.....lyopt..Pz............o\|............L............x.0..!C. $.$....7.7.. ..L{.!...:.c....Q..u....#.H..R.....#"$).5/..../$...<..;K..........$... !"#$F........lO....................v.....................................h.z....U..I...Lp....l#.d\...$..........Pd....c(4..JO2-!............"....H7NM.kG_X\\........................................ "#$%'(),,./4804568Otp...........D\u[f......l..................................................................................................................................................*`\|....HW.2J....0L@D?A>>?<<<<<6<O184342434423...............................D.J.H8+............................................... "#$&()+A?S80y"RL3k.^.8.M....s..THLLMNOPP.DXSUUV.:axn........................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\dryfire_pistol.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	2620
Entropy (8bit):	4.84039573257067
Encrypted:	false
SSDEEP:	48:VcSbyR8YcFq1c7iqGx2CiXniWTY8v4poTls4bilygwfUfMK7Ce/HWqoE1DIJsb3f:T2VcFT7BGwCiXiWMqm4b8BwfUfTH2M0Y
MD5:	F2D673DFE014EB63143875FE0A529A8E
SHA1:	61917F212067DAAB5FBF5EE0455EA54A75BF322F
SHA-256:	343E14613D639EC3BA2A20218825FCFADD36051CBC5079EEF126D9A5E885B84D
SHA-512:	67EFB8D92B00E12844D657DBD130A51CB6D46463104DB00B1B6DBBC73463AE9FB84D08B96BA679C88E07B100E063732E4D0F345E36FB66AA1372FA1970C5E3F2
Malicious:	false
Preview:	RIFF4...WAVEfmt ........"V.."V......data.........................{..b.m..g.d.v....w...g.R......j.[.e..Z..usxy.h._.].zj.Vh\..p.cR^o~bz.[.\.^Lquyhe.;.g.o...].z.`q;...U~P}...{V.k...e.h.`.w~.dv.j.i..B.`.pe...x~...\|.twd..e..y..._..r.a..r.^....\wv~....v.gwJ..rzf.h\|.~.l.qe.m.s..L.ymu..ic.h.p..M.vy~..dv.~xz.~z.v^i.px..\|c..pq~.ty.h_.{~o..i.vxl..`z...w.vux..ntr.{\|.}.}..w.to{z.s..}p}}{}..q.t.i.v..}\|z{.xz..z..w.{.~z.z.u..v.}..z..~.{....~.\|.}.v\|.\|....\|su...\|....~.y\|y.....}...n..{.n.r..}...}~..\|...}..{.v.w...}r.~.l..\|x..q.y.y.p.{....y.o.U.x..~.l...}.v.w.{..w.v.j.x....z.v.z...w...~......{.}z..\|v...{.~~w....~.x..~.{.~z..}...x......y..px..s...r..\|...z.u.w.s..o...tx.y{..~.z.y.r.\|u{.\|v...p{..tv..y}.\|{r..r.}.uz}\|z...qy.{.v...~~{u.\|~..}zw~z..wy..wz.{\|..~z.{x~..x..}.z.\|.y.\|...\|..\|z\|.....}{..y~.~...}....}.\|...~..~........}.}....\|.~....}.........\|.......~~.................~.......}.............\|r..\|~......js....p..\|....y...mt...zv..{.MK....sq.q..]....fi..cC...{\s.....r..m}...sy.f.....Z....r...mu..t{s.~....v

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\dryfire_rifle.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	3062
Entropy (8bit):	4.5998770995965
Encrypted:	false
SSDEEP:	48:wOZqzpxaBbipM3AKqEd9acgBlWrWcZYqSzBP/STNxcSAgle5OjajzHrmgNNuQX/0:tZquii3/dqXqSNPKxxAgle5OmnSgLuwc
MD5:	BDA9754D7B2F7435B6F756710547A38F
SHA1:	6D8CB85395A8367DDE2EA67F88D57B727DC84E00
SHA-256:	C80E1AE22325A45302F107899E9FEB99B23D2EE867F071745DF916A636B60ED6
SHA-512:	83D9A6A0124CF9112354311295BC3F7F7C7EB5C78CF048020302892F2835A8181F2D7A418509E0E500FF7BFB585DE9A3C37A25F6A3B9B7CB6E00EF16D65CBCE1
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data......~......}}...c}..c..m\|.{bx.^...pw...w~.k]..w#n....Dj....\<..cV....~...P..kak..z.tf\|...flh...inw.\|..i\|....{..zv..}.y..rx...y..~.}z..xz....{.\|~...~y.{..uz...u...}{.w\|...s{...xo...s..wz...vx....{.r~..ysr...rv....~\|xy..\|wv...z...{v..}zz.\|....xz...u....z..}..z..y.~..\|.y......}u..~~..x....}~...y..~...z...{}..~.~......y....t..}...{..~..}...u..}.v...y...}.~...~....}..\|....vt.}s...z\|...\|....{...p{.st.\|..o\|~.p..y.mKY....qPO..X..9..^9.Z*\l.-.k`.M1ny..........\.<_F.KC\|..6I.i(..mL..pP..@XbC.`F..l[..hk.Z.......=...GT..]}......UUU.......D...Cj..^K..ZV..I.z..k....YU..XSEljn....c\..cm.v...\|k.HC\..oNL..V.QKE..$b.......p.d$cZEv.`7h....K^.Y...Qs.;4{Y..nh@uq..\|FV...y\@_.U..;=z.lY...`.Gs.L..].ZzOn....D..{IJu..}/...s..HFx.,.u].T.p..EH...x..f...d..iH.xL..\UT..e..oCz..z..\<...R5....d~ek....s_...kp{.S..n.er.....ftx...b.xtr..jh....mn..vz.}k{...Pz.......fg...qz.qe..zd...ns...~x....\|}.cs..}sq...u.......py..{v..}vz.}q}..xo{..t\|.~\|\|.u`..z.wS..r....Le....}~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\elite_clipout.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	12100
Entropy (8bit):	4.2750891564130695
Encrypted:	false
SSDEEP:	192:LiS4ZuguQYDHPorTGewsNNEyC/IMP9lRpjS9bEnDeEGEiMtONTt2x75L3ZxW:Li1ZuguzDPsLrgIMXRkbREYKONTt2x74
MD5:	DC32190661C812045328A8F6FA602F42
SHA1:	EEB058A2FDA042B67573AC80E2723AC2B11238D1
SHA-256:	D81317B406CD0DBCC8FD0E018A7C86E3D27ACAB78D86525D99AAF3E656D042B3
SHA-512:	9F99F221A5F4ACA45BA10180C5D5A6B9818E15C4717215B272EE0DD641702DCBD57BD02D8A7EB182671F1C6294D15381B79EC693D9FC542F02B1A044CACAE2BC
Malicious:	false
Preview:	RIFF</..WAVEfmt ........"V.."V......data./...........~....~.................................................~~y\|...yw}...{...}{{\|..}y..yw....y{~}.....~~..~~{.\|w...r{}xv\|..xx..xyx.{wx....~{uyy..y..y.x..qmw......fy.x......t\|..~.~.\|\|....{{.}{.........}}.........~~........~........................}~................~.............~................................~..~......~~........~..................................................................................~..................~...~...}.............~..................................~............~...~...~......~..........~............................~......~...........................~................................~.............~................................................................................~..............~...............................................................................................................~................~....~.~.......~.......................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\elite_deploy.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	12374
Entropy (8bit):	4.509395456497225
Encrypted:	false
SSDEEP:	192:/SYE/aNx4r0JlnD9IR4YOuj7m5CifSQc7Vx+oIVY0SELLxcarXs6TG82+:8CvaQp9y3sz1c7VxNE/xnrXs0
MD5:	4DB64BF8B8C737E46FC0DC16EF39EA3D
SHA1:	A2C7CF0D1D55C5E06AE958876C5E2799DA9BF442
SHA-256:	56C196ED72E51A58549C2E5A37900FB600B0FC428F38D455B8B5D02C8358E50D
SHA-512:	8CED61D12400CCE7BFAF0C0CAB1D0BC5C6AB4D6EFB0476EE01BF587B892DF0359E9C347434CFC193A272D7B7E350C731559756F538389D6291D1C1251215B6BC
Malicious:	false
Preview:	RIFFN0..WAVEfmt ........"V.."V......data*0..~~\|{\|\|z{~{{\|}{z\|\|}z}\|{}\|}\|\|\|\|}\|}}~.\|}~{}..}~..}~..~....................................................................~....................~~.~....}}.\|{..~~..}y..z~.~y}}}{..}{~{{{..z\|.}z\|~{{.~z\|.~{~.z{.~z{.~}}.\|{...\|...~..~}..\|....~~..z.......\|~......~........~..........~...~\|...z...}..~..}~..}~.~~}}~..~~{.{..{\|}~\|}.~zy\|.yy~~xwzxyy.{vx{st~~su\|wrsz\|p{zrmzxwps.^_..Dp.kjy.hcr.q[..k_.~np.{f{.uo.}s{..y.z\|...s..~{..............................}........~...................................................................}...z..y...~~~}{..{y\|{wt..\|{{yvz}yrq.vxyyxvru{pvvws{uuxvyoox}swypry\|sy}vp{{tyyyuvyty\|zvyvu{~xw}vxyzy~zwxvzyy{~wy}yzz}{{\|zz{}\|~{\|\|\|~y~~z~.\|}{..w..u\|.~~..w...}...................\|..~~.......{..{..~.........~.............................\|.~.~....{....................}..~..~......y.............}.....~........~......\|.....}...~...........{~.\|z..\|{.}x..\|z..w..{}..{{.\|y..y}.\|x~\|y.}v~.z.zx{.vh.lr..f..vp.u~.ys.s.yny.J.i^h..G.snu.yr.T...l..V.y

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\elite_fire.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	28676
Entropy (8bit):	6.183693319884561
Encrypted:	false
SSDEEP:	768:QmJRksLSipOJs7DZgRoOh36FJwLhdtzGqKjApXhg4kKvYr:QmQqL0oOhU2/zgS6zF
MD5:	2C53C5906091106B8F4F27EFF864BA3A
SHA1:	2C11D6DCC98FB0F4C9AA5E719520D29C06CAC1FD
SHA-256:	001CEFCE7BE6958691B4C6C91F6F1E0F8B4FCE57FF94D7AAF3147B1A26B9AC96
SHA-512:	4B403B2685FB2E32D877E65AFE102BDBD70435AD9B322DD5CD65A16F922177E0268B57A9ACECDB30DAEFAA637C5CA9CE7E0D9008B42621EFA9D9247702C20809
Malicious:	false
Preview:	RIFF.o..WAVEfmt ........"V.."V......data.o..st.JA.bBVk.2}.c..<!........................4................ 0..52.....$/!....I.IJAE!........\|....h...k...............................................................g.....t\.8g.........................................................................................(BNlz{\|........Z.......................................................................................................................................qdc\R$R0;0..&...............................................................................................................................$..L...!.n.-.]....!....q...........-`.....................................................................................................3..lD...........E.g.N.q..........B3...E.K.G....$.............z........~......8........N.....x.G.>........................n/............U[QSRS[W\|!..Q......L.s.w.}H...........'....../.t]gZod.t.............$LFNVVY9[..........................k....._........*...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\elite_leftclipin.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14692
Entropy (8bit):	3.410200821651971
Encrypted:	false
SSDEEP:	192:6HhMzfRfWk6FAFPeBaDfa1VXnQomfNVDCyorb/WiiJjrG:6H+zfR+kMeeBofa3XnQX1JvorjWdrG
MD5:	2876BBBA2ADAE9CF3456EA95A2C0B546
SHA1:	737A3EFF26B380E189ADA33A028F63D75B8F0E8A
SHA-256:	2EBBEA31183105B5D305027E960BB89DC2E2582B81BA712B01B1851501B6092D
SHA-512:	5423D77697905521A1718B2209A7E29FC34C94F481BF093F2EA45C3C43EB9DFCE38FC8C87802C221A1813C582B626FD84446540178CBA918D8E021D1B4B5DCFB
Malicious:	false
Preview:	RIFF\9..WAVEfmt ........"V.."V......data79................................................{....ut.xt....\|\|.x\|...xplz....xtwx}z~.}\|vp..svy.wl}\|rpuvz..{rtpjpy}\|..\|xmmps\|x\|.....~vx..vou..v\|...........................................}.z{xz.......\|y.....}yy~\|\|..yprzzy~\|}xrqu......\|....}\|tvyxyx..z\|........{.\|}.}}..y}...\|............\|z.........}~~.\|zx{yp{............\|\|w{zx~..{.........\|y~..}..{x...~.........{yy.{}.\|}......~x}xrw..y~..y\|}vwy\|vu\|z...........z\|xxtx..}..xv\|.........u\|.{wx.\|...\|\|.........\|}..{.~zx\|..{{..}..{y..x...z..~.xty...tp..t}..}y\|..xq...tk}..sp....z~.\|sy..{ss..pq....xo..x~..yxx{..u..x......{..tx~..zxy.......}v...\|\|\|..}y\|.\|uz........{xv..\|{{..~..........\|xtmlszyz.\|{.......\|\|yx\|..wn\|...xy\|.......\|..x{....\|pt}..\|.\|t}.{.......xx..\|~..\|w\|x\|........yvx\|.....\|{z}xx.~y}.~...........~x..}..\|y{{x}........}y~..y}.}~\|......~..}zywurx\|~......~\|...\|}\|x~}}{z.{x......~...{z.zx..\|}}}xy}.........{yyvy\|{z\|............~zx\|\|x}....................y{..~...\|..............vuxtsv\|}}..............\|...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\elite_reloadstart.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	21890
Entropy (8bit):	4.362169950687369
Encrypted:	false
SSDEEP:	384:pDlKgIU3f6cQagoOFaVdonNzPI+Sv5880L5b6sVEfu/HrgIMXRkbREYKONz33sfX:pDl1IU3fMaXOFadonNzPfSvtq5b68Emu
MD5:	E6ABA75A8380D65BD16AE19C4ACA298A
SHA1:	B3CA065BFF14E1F623417EC4FB5EA844470CF523
SHA-256:	F9E8C7E079477F6E75AA848D251816C8FBD75C54124A50161C48A019989D7D11
SHA-512:	7722258FF4E514333C7F8849FE650F3138C67D1DED017B52659C163078DAC15CD00279E7D930A7A959600D15254F3916E5065D108B072DB78AD23AD38197AE66
Malicious:	false
Preview:	RIFFzU..WAVEfmt ........"V.."V......dataUU..~~{{}\|zz.z\|{}{{\|}\|{{}\|{~}{\|\|}\|}{.}~}~}{}..~...}~..~....................................................................}.....................~.~.~..}~.}z...}..{y..z}..x\|~~z..\|\|\|\|{{..\|{.~y}.{{.~z{.~{}.zy..z{.}}~.}\|....~~.~...\|..\|~...~~..z.......z~......~~........~.........}...}~...z...}..~..}~..~}..}}}...}~}~{..\|}\|}}}..xy}.xz~.wv{w{y~\|vw{tt.}rv{xquz{o}yqnzxxos._\..Dr.kjy.hcr.rY..ja.}op.yf{.vn..q\|..z.{\|...t..~{..............................\|........~...................................................................\|...{..x...\|..\|z..{y\|\|vt..\|y\|xv{~yqq.wvzyxwruzowvwt{tuwxxoow~ryxpry~qz\|uq{{uwyzuwxux\|{uyuv{}xx\|wyx{y\|{wxvyzyz.wz{zz{\|{z}zy\|~\|{\|~\|{}{\|~{~.~{\|..x..v\|.~}..x...}...................\|..}~.......{..}..}.........~.............................z.~.z....{..................~.~..~..~......y.....}..~..........{...............~.....~....~.}...}......~.~~..\|..}~.~...\|..~.}..~~\|~}.~}}~}{~~z.}z}.z}.{.}t.qx.xx.~w~.v..vz.x\|.\|x.w.yx.x.y.r.}~~..u.\|.{.}}.v

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\elite_rightclipin.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	11402
Entropy (8bit):	3.9388995799589073
Encrypted:	false
SSDEEP:	192:+HhMzfRfWk6FAFPeBaDf1VXnQomfNVDCyorb/WiiJjrG:+H+zfR+kMeeBof3XnQX1JvorjWdrG
MD5:	8DFB805D4A34236763093616A9A668F4
SHA1:	B4B6E47E2EE0FB3C1DE532D6742E549988FF9884
SHA-256:	0F00AF7DC8B97318C8799923DA1DA06AB03E4C28099C0598AFFE4FA367653CEE
SHA-512:	D777BF9C8255CA4B521D3C7CC23599D36497A2F8CD789307943DE6655BD3474FACDA149016DC56A7FC302262973FDDD84D477BB63D06599A978A05CFDED6440E
Malicious:	false
Preview:	RIFF.,..WAVEfmt ........"V.."V......data],................................................{....ut.xt....\|\|.x\|...xplz....xtwx}z~.}\|vp..svy.wl}\|rpuvz..{rtpjpy}\|..\|xmmps\|x\|.....~vx..vou..v\|...........................................}.z{xz.......\|y.....}yy~\|\|..yprzzy~\|}xrqu......\|....}\|tvyxyx..z\|........{.\|}.}}..y}...\|............\|z.........}~~.\|zx{yp{............\|\|w{zx~..{.........\|y~..}..{x...~.........{yy.{}.\|}......~x}xrw..y~..y\|}vwy\|vu\|z...........z\|xxtx..}..xv\|.........u\|.{wx.\|...\|\|.........\|}..{.~zx\|..{{..}..{y..x...z..~.xty...tp..t}..}y\|..xq...tk}..sp....z~.\|sy..{ss..pq....xo..x~..yxx{..u..x......{..tx~..zxy.......}v...\|\|\|..}y\|.\|uz........{xv..\|{{..~..........\|xtmlszyz.\|{.......\|\|yx\|..wn\|...xy\|.......\|..x{....\|pt}..\|.\|t}.{.......xx..\|~..\|w\|x\|........yvx\|.....\|{z}xx.~y}.~...........~x..}..\|y{{x}........}y~..y}.}~\|......~..}zywurx\|~......~\|...\|}\|x~}}{z.{x......~...{z.zx..\|}}}xy}.........{yyvy\|{z\|............~zx\|\|x}....................y{..~...\|..............vuxtsv\|}}..............\|...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\elite_sliderelease.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	7496
Entropy (8bit):	4.610205369860485
Encrypted:	false
SSDEEP:	96:tNWeZNBzvjggBDF0MTh9ZoRIxIapN+VcB3WxTtTUXD0Q91xrupvAtz3eAB/9j2NO:/WeZzzvjDHh9qRISwNjG0Aq73VB
MD5:	4B1EE90DD9232853E953BC1B6DA043E4
SHA1:	10AF2CE0A6B8DA124943DA5A196922EDBF5F4936
SHA-256:	D03E68CA394F1CFEFF6535DE17D4D3A01BD82546BD57430009299EB6F58E8B4C
SHA-512:	83DB58CD35DD16E3336CD71D361FCF6B3FF1331EA7B9198EAA0E78007DFBAE7A5F84D85F901B65BBA8044622BC044127478354E4D286C8CA27F4838124AA4BFB
Malicious:	false
Preview:	RIFF@...WAVEfmt ........"V.."V......data......y\|..y}}.{.\|x~{\|..s}.yy.~y.~uy..\|t{.\|\|.z\|y..{\|\|}}x~}.~xw.\|~~y..\|{y}~~~~~z}}y{.}x.~{~~}v}~~~~\|z~~}}.\|\|\|~~~zz.\|\|~~\|}z.s...g\|...[~..R...M.v..}7..w{x..E.qt..n.dys{.{yq..B..B.Qp.hg.t..^..]YU...S.....k.bn...z.row..}.f.{{.yg..~..v~..\|f...~y~\|.}.....y\|.{z...\|.j.m<..g..p[.?~....xjq._o.~..[\..x..?...~{..x\..e.\|b...p..^}.H..\|.mu.m...qY..p..au..h..hu..a..{.nf...xup..rv...yv..s~.y\|{{...~{v}so..\|.xy{t\|.}}...}.~y\|{y...}~.z.ss.~~.}}.}~}}tw..\|...u\|~x.....\|.zx..}~..~\|..~zz~~}..\|y~~~~y.}....{\|}z.~..{\|..y}...}...~x...~\|{.....y~.~..{....z{.{z..}...\|~.~~.}..w..z\|..}..~\|...\|\|..{\|..~\|~.~..z\|..~.\|~..~}..~.z}.\|~..~..}}.{.w.v..x.y~.x.v..t~\|~.zz~~~~}v}~~~\|~~\|y.{..u.\|.e.xy}z.n..x{z~.vy\|~zy}.uf..W.@..*g..}.e..A.v.Du.~.P.o..K.u..hj...vy.{\|{.ms.kS..Y..a~.u\|.x..d..}~z}s.qv.s}..q..t.w}.}w..w..}t..w.\|{\|~}.}s...u~..w.~..s....x..z..}w.~z~..}~~..~\|.\|.}x.z.~~~.\|\|.}.{{.~~~..}..~..z...z~.~.\|z.z.\|~.w..~~..~.~\|.}z.\|..z.}.}}~~~{}..{}.}}}.}{{}.}.}..y.~{...x.{}.t}..ty.x.ty.~.{}.\|.{~}z

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\elite_twirl.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	12374
Entropy (8bit):	3.909632334679344
Encrypted:	false
SSDEEP:	384:wDlKgIU3f6cQagoOFaVdonNzPI+Sv58PAjqk+:wDl1IU3fMaXOFadonNzPfSvk6qk+
MD5:	947EEFD1C1FB284B16E68D6E3FAB09FC
SHA1:	B18A52C28084E3A6FDB4A255EFC38AC4353675FD
SHA-256:	C168512E335ACE65048F6E75D332C5DB8710EB5FDD8AB0B48D70B72CCFB39081
SHA-512:	BBCEAE2ADE6E0130B0FD2F43EAD5FC53C2A724300E0A39051E73B19C0AA3924A504984DE69B04DD8E712EF262177C22A0BD4A7A4A87088D6D9E98CDD7ABC9A1E
Malicious:	false
Preview:	RIFFN0..WAVEfmt ........"V.."V......data*0..~~{{}\|zz.z\|{}{{\|}\|{{}\|{~}{\|\|}\|}{.}~}~}{}..~...}~..~....................................................................}.....................~.~.~..}~.}z...}..{y..z}..x\|~~z..\|\|\|\|{{..\|{.~y}.{{.~z{.~{}.zy..z{.}}~.}\|....~~.~...\|..\|~...~~..z.......z~......~~........~.........}...}~...z...}..~..}~..~}..}}}...}~}~{..\|}\|}}}..xy}.xz~.wv{w{y~\|vw{tt.}rv{xquz{o}yqnzxxos._\..Dr.kjy.hcr.rY..ja.}op.yf{.vn..q\|..z.{\|...t..~{..............................\|........~...................................................................\|...{..x...\|..\|z..{y\|\|vt..\|y\|xv{~yqq.wvzyxwruzowvwt{tuwxxoow~ryxpry~qz\|uq{{uwyzuwxux\|{uyuv{}xx\|wyx{y\|{wxvyzyz.wz{zz{\|{z}zy\|~\|{\|~\|{}{\|~{~.~{\|..x..v\|.~}..x...}...................\|..}~.......{..}..}.........~.............................z.~.z....{..................~.~..~..~......y.....}..~..........{...............~.....~....~.}...}......~.~~..\|..}~.~...\|..~.}..~~\|~}.~}}~}{~~z.}z}.z}.{.}t.qx.xx.~w~.v..vz.x\|.\|x.w.yx.x.y.r.}~~..u.\|.{.}}.v

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\explode3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	28822
Entropy (8bit):	7.5451499811888905
Encrypted:	false
SSDEEP:	768:YJEBYP5s6xy9pQe+E7a2AvOdYog4TM2tCOL:Yy2ioy9OJEEvPogMJtj
MD5:	2DE2030AB2D4C43480E7A12AA3187859
SHA1:	E28D85F0564092AFD846C937415530D7E18AFCE4
SHA-256:	E5C88796FFA1BD7157AC29AACCFF54D767FE67BCADA52D0F5F488A03DD17D9A6
SHA-512:	EA69D517ACB79AFBDAB33C29A6AD95AF77EDC44A0A3F702F4F369E834A36DD20D18AB410E0689FA82BA06DF591E29BC337E1501369A46726EE61A4E67851B4DB
Malicious:	false
Preview:	RIFF.p..WAVEfmt ........"V.."V......data.p......,...5.&!................wEC..'%++7FSVaZreavt.y.........\|8]Of_W^XUSM\^..."f........8...z'..PC.u.....lC2A-...>BBBABBBBBA0........1'2.."....................\-!.................P.5#.....(..........................%................xa9....(y...............3'...7.....dR........."..& ...........v.............................Zj....@f..I..R2@..................$........{......I+=[......................................i^q..tezN...&...................g65#....zl..\|.......f..YfXV>OEA.).OSn...........z........s2{...........+............%$3........................\~...............ukbY........AXY.................................q...zt[PX~.lQgP......................id,&...bqm\}..i.......jU.WLPD0=2:..~F?[rk..z......gut.....r.z'V.........h.0...............q.....................................................z\|oc:fRK3..6..................69?B@9-.7BBB..BBB>B<-.,.%(BBBBBB<BBBAB(...... ...)"..................SZ..MUs...!8:;8.966/62".@a6......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\explode4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	28700
Entropy (8bit):	7.38618076324999
Encrypted:	false
SSDEEP:	768:4yK0DtZilUYGJvItBsyaIvxHlvVHUnrgAF:4yKAtZil/KIt2Uvxr0X
MD5:	78E1E2DB2BB2913A40117B47AA69EDEC
SHA1:	BB4D27E1BCC74A00871B76C5F90AB6714CB043E0
SHA-256:	F6E09E5BFE44A6EA0D0C276E8B632F7911DCBECE62329851A722A53A48BE42C4
SHA-512:	2A141588E45E80FE0B5EF3E37E93430BE10C486D85E4AB6B60FC6EC39B765300B4CF396E32445DCBB1BB160601B453A01B0A3573A27916D65901478638F04FAC
Malicious:	false
Preview:	RIFF.p..WAVEfmt ........"V.."V......data.o..9=??>=;997861% 5..&....8-.B5..:.$=?/..(D].......................................................................................................w.e....rhWut.E<$........ #8575>BABBBBBBBBB=BBBBBB?4=B...........,08:=BBB<4.....!#.[v.............................................thW^C+.. ."...............D .../Ra{i............................................................................!......zXK.mY.7........."5884:B@BBBBBBBBB<BB=BBB@:,B...........%.28:;BB?9&......./nn.............................................lVST,$...........7-...2%7."9B>B?ABBA......_W.t...............................................wO)I4;8."=B....d.1.eV=G.%Hh...y........................................................................VS1.'Q...........Y%.2...B2..84@j.~.8...Wa"65............(.%.;?BBBB;3:.........>...........................P.q......:....@68&:(.3B8>0BB<BBABB+B=BBB=:975@89....3!."...........#R#.."aL#..WI&D.J.T>.zr....*......G..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\explode5.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	28906
Entropy (8bit):	7.08299335167226
Encrypted:	false
SSDEEP:	384:j2ClpmaHA0YtoWIFYrraOYiR7nHfCh/t+kVjll8TfsR0stHsUi8qn7CKgVtTTrYo:5lpdA0goWysraHiRrw+Dfo0aZMCFb26
MD5:	BF90FA63BC3B1D3DACBEA621557D146D
SHA1:	87829231AEB68C7DD98F4E59AD40501C706CA6A0
SHA-256:	A39A4098AEDD116A1688196A3338F03EA83F781DF726BCE184A03845A54F808D
SHA-512:	41875F241D97216AF1F6EA23993B5E5606B146CBCC9480BF2173863942FF30077CDAEDA80C7CC240E4B933091D58E76E7FDF801F988264499E04C15BAED556A9
Malicious:	false
Preview:	RIFF.p..WAVEfmt ........"V.."V......datakp................~z\|...zvuwy{~.........tf\WZ_cfijicYNHEDDHNV`hlprrpkgkqtuvz}ym_YZcpz\|vonrsrrrsu}...udSIHMT\dmrqqttoikt.............................yz...ywxyz~...............tlhb[TOLGEEB<7=JZfoutmffjprrsvy\|.....}zy{..........................zrjfjswvogaabbcbbbcglswqhddfku..................................................xsoooopqqqpmhcabdhigedddbbeinqsx....................~umjovxvnfabbbbbabdgmtvofcdfmx..................................................{tomnorutrojbZVVXXTPORSROKHIPW\ajv...........................{{{yslhkprnhe`WOLJHINSUVWYZZ[^^\YZ^`bfkpssty............................\|xurommorqprz.......xv{.........\|wqos~...............\|{x.\|.}wsrtoop}....}wxy.y{...\|z.............~~~.~~.vsnnidgjmknfebginruux..............................................yzz}spmtknqtscopewnt..pl...sx..S.qe}`tr.,ol2.3.5\N..k.C..!.fWGWX_dt...tl^.............................{j...Q..TNq{x`mg.0.)K^'(Vj\ (@;.&h..*.....1%......ZO.........$0BQ[R/c.......................0..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\famas-1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	61820
Entropy (8bit):	6.509138815289031
Encrypted:	false
SSDEEP:	1536:PLBYcLOanLPzPjf31XyzEwhf1xON9/YC/6xS8UMZ:jB5LLPbJCLxO/u
MD5:	A50E22FF3E45BA3CD3D8BAB2CE45ED9F
SHA1:	5D2D5E84574731FCC26619AED70DF93443B80C1F
SHA-256:	02D5379CF520FBD574F9D6B69134F84A09255C6A1F3EC320C905D8E70942789B
SHA-512:	CDCF6A17AE944981B4F4681E2A49B078AD9DA90830206482643C978A6266C73EC7D77080B941C7DA129FDB555E3D5B39A9D04B7E5058793466C1C2FB99D8D463
Malicious:	false
Preview:	RIFFt...WAVEfmt ........"V..D.......data....N..7..+7)a#u#..7<...7.1L".#`.>".V./R.Y..C.?...._..1!..f.....-1e6.....7.H.".>l@kJ..s#X.~+C..(u..2"6Z-'R.A....M3....K.=_...."..;..L.).(G)#>.RPP.i.95&....(.s...M.&...a...b...=..4W.....!.}...O.P.?.$'...^.1=LGQ....U%.._k.......J..f.7zB3.._... ......]..n................O.v_{................2.............@.....;.R...............9.y.........G..9.......3.H+..I......h..9~.}.$..S80^Nd..W:. .&.FY(.4u.........n..L...r...:.....,.X........YK........5i.n..nF..g2.A......'.LT..Q1...8.(.o..%7`Ln....N0[.5..M5)`....q?.;b9...OL.9y._..Jm^(.............1.R..)t..HY....................................F*..j....................7.GN@5.p......(Z.C...F.,...Q.....7..........7....-Z.................z.!......W...........yF_...m.q.. ..S.c.J......)............HL...4.w.9.Z....,."...0{.B.0.7..4..........u...g...M[SH.....'%.,.....x..F.[3.O.i......].B.............~.~.~.........xwN+O...I.K.3$.......u.........M............q............f..............

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\famas-2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	61820
Entropy (8bit):	6.509138815289031
Encrypted:	false
SSDEEP:	1536:PLBYcLOanLPzPjf31XyzEwhf1xON9/YC/6xS8UMZ:jB5LLPbJCLxO/u
MD5:	A50E22FF3E45BA3CD3D8BAB2CE45ED9F
SHA1:	5D2D5E84574731FCC26619AED70DF93443B80C1F
SHA-256:	02D5379CF520FBD574F9D6B69134F84A09255C6A1F3EC320C905D8E70942789B
SHA-512:	CDCF6A17AE944981B4F4681E2A49B078AD9DA90830206482643C978A6266C73EC7D77080B941C7DA129FDB555E3D5B39A9D04B7E5058793466C1C2FB99D8D463
Malicious:	false
Preview:	RIFFt...WAVEfmt ........"V..D.......data....N..7..+7)a#u#..7<...7.1L".#`.>".V./R.Y..C.?...._..1!..f.....-1e6.....7.H.".>l@kJ..s#X.~+C..(u..2"6Z-'R.A....M3....K.=_...."..;..L.).(G)#>.RPP.i.95&....(.s...M.&...a...b...=..4W.....!.}...O.P.?.$'...^.1=LGQ....U%.._k.......J..f.7zB3.._... ......]..n................O.v_{................2.............@.....;.R...............9.y.........G..9.......3.H+..I......h..9~.}.$..S80^Nd..W:. .&.FY(.4u.........n..L...r...:.....,.X........YK........5i.n..nF..g2.A......'.LT..Q1...8.(.o..%7`Ln....N0[.5..M5)`....q?.;b9...OL.9y._..Jm^(.............1.R..)t..HY....................................F*..j....................7.GN@5.p......(Z.C...F.,...Q.....7..........7....-Z.................z.!......W...........yF_...m.q.. ..S.c.J......)............HL...4.w.9.Z....,."...0{.B.0.7..4..........u...g...M[SH.....'%.,.....x..F.[3.O.i......].B.............~.~.~.........xwN+O...I.K.3$.......u.........M............q............f..............

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\famas-burst.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	65596
Entropy (8bit):	6.802119564094169
Encrypted:	false
SSDEEP:	1536:MLB7LBnLBYcLOanLPzPjf31XyzEwhf1xON9/YC/6xS8U4:YB/BLB5LLPbJCLxO/K
MD5:	CCDACEB97BC714847A1607D86881B905
SHA1:	EC27765C9504E24C4229C84E869634B81711CC15
SHA-256:	C8021B192258893E80578F3B494B6875765CFE0739F444F857B11F6BA26FF37B
SHA-512:	1B66B1BD0F3D7AB66C2591E88AC28937645BC5BD2ADF3DC67D48EC703EC01FE9C960735ADC6C41FCD93FDDE7A442F6D117DC23454240FD02CC4511645DE60EBF
Malicious:	false
Preview:	RIFF4...WAVEfmt ........"V..D.......data....N..7..+7)a#u#..7<...7.1L".#`.>".V./R.Y..C.?...._..1!..f.....-1e6.....7.H.".>l@kJ..s#X.~+C..(u..2"6Z-'R.A....M3....K.=_...."..;..L.).(G)#>.RPP.i.95&....(.s...M.&...a...b...=..4W.....!.}...O.P.?.$'...^.1=LGQ....U%.._k.......J..f.7zB3.._... ......]..n................O.v_{................2.............@.....;.R...............9.y.........G..9.......3.H+..I......h..9~.}.$..S80^Nd..W:. .&.FY(.4u.........n..L...r...:.....,.X........YK........5i.n..nF..g2.A......'.LT..Q1...8.(.o..%7`Ln....N0[.5..M5)`....q?.;b9...OL.9y._..Jm^(.............1.R..)t..HY....................................F*..j....................7.GN@5.p......(Z.C...F.,...Q.....7..........7....-Z.................z.!......W...........yF_...m.q.. ..S.c.J......)............HL...4.w.9.Z....,."...0{.B.0.7..4..........u...g...M[SH.....'%.,.....x..F.[3.O.i......].B.............~.~.~.........xwN+O...I.K.3$.......u.........M............q............f..............

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\famas_boltpull.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	7382
Entropy (8bit):	4.892149758328833
Encrypted:	false
SSDEEP:	192:2nIzLZdg9EH/e9SdUn8TlG45siC9G6CNkbiH:2sLw9EHWSMq6GH
MD5:	9D534D7CCBDA6DC0E47BDB72E716F9B0
SHA1:	ABDB00407F4063E8FF0BF146A4FBD1E0DDFD58E2
SHA-256:	F0FA216389E4B1EF7C0A7F0B8DB4C6D246ABB5FDFBEFC4318E425C9C8399FDDB
SHA-512:	356F84BECA95A561C64CCC466DEA0C6814AACD5EEED94FB196F437F512BF2517439E3F1E89AEA766B00B47060DA2455A552DF302717D4669B2FEEC9FA7D8F87C
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......dataf..........}\|~.~..~.~..}~~.....................}~~~~~.................~................~.......}..~.}.~}...z..\|.ut.x..v..\|.\|.yp{u\|..\|..~.x..}\|\|....y\|.w{}.....~{v{.}wz..~....}z{\|\|\|........yy}z....\|}~...yx.......zz..~}.....}{xw}.\|...~.\|~..~~.~~..}\|{}\|{\|.....}\|..}\|..}yz......}~..xz{\|~}........\|..~..~.~}\|\|}}......}\|}\|\|...~~..}~..\|\|~.........}{.~\|}......~.~}...\|\|..~.~...}\|~{z~....~\|yx........{xx..}x~..\|..}...}v\|...\|~}.}~..z..\|z\|..yu\|.xzuy......~...\|\|.}tz.{\|..~~.......~z\|..z{{..zwx\|......zla]l}.....~ylcagt.......kga`m\|......uoljs.......xtleoz.......ytvwt\|.....{wz~vux\|.....\|\|xsw\|........xz.~......\|.}yxy\|.....\|\|}~..{z\|}.....\|zxu\|...{..tyv}.....y...}.}....}...yy\|~.........\|.\|y~.\|.......z.xx.pp\|..{....qe..i.u.}n....xsz.dt.\|pwm......Gg]k.x..{dtTSw`v.....i..{hFbEn......uF\@..j....t``.{....rnm]nv.a..u....X`hKg.......\n.x.{p.gj.t\|...htfx.s}....t.shidu......x.xlln.....{yql.....~....oX\UP_}`R.u............@~.....JW.q<.m..A(\|Z..=..Wp.Dx.l.ld...a..v.....u..L.uRoh.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\famas_boltslap.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	8204
Entropy (8bit):	6.021591490277341
Encrypted:	false
SSDEEP:	192:iKZPPCYtwcQjirp1Mf5yNxMb2mWCBMd/YuUYE9OMB0HUM:nPCaJ3MgNxMbdMLEHM
MD5:	EE863FF30F0EFBD0FB4C7E9083415D64
SHA1:	385BD969D869AD7011B9690FB013A75B7BBD7BA5
SHA-256:	9C6E01989D1B4F101A7F911E0F59F17C585906A335FDFA38BE6C489A85B9B1A7
SHA-512:	C0E9D236BF77C0E0D988473DCC52C9EC72C71D6585C78EA539FB4D5519278AB49E75649EDFED817317152EB6C0115B42555BF3D887A77B3594FB2388A07218FF
Malicious:	false
Preview:	RIFF. ..WAVEfmt ........"V.."V......data....}\|~\|....\|.zuw\|\|s..^v.p.xbi.~.wp[.]y._\|s..t.{^djn..d...d..X..uohl..tz.q.\.v`.a`f.Y.fa..6X.lmc..GJ6...pP...dcq...61lw..?..d\|zz.tV....M9....{.....J..5t.....iC..n`z....S.~M.....B.wX.z.u...9I...vGe....r{.hu..prt.S.c...dj8z...\|.Z..s?...Ww.\..6k...B5\.YGkWLR}.7XjYw.RP.g.cM;..IhyX;..xZ.zK..Rc....ue]..._R...i\|A@...hQb...f{s.u..D....\|?zj..v..]..Hs.X.s.iV.`...j.b..0.D,.jLYg.v~.e.=0BT.... X.Q.Bu@g.+.W,n....9a..QQm.]y.@.z.......l.q?..rci...gpr\|.p..~\|.shyfWUk......D*.oN..\..uU<r.j...iddOLn~.....S...~.ha.Lr.gq..iI..Zp....pv.Q@..0Y....T..a.qS[t.y.a^..ff..l..\|E...kM'.n6.....Wm4P..Ya..l.s3..}IWvV...ddZY.ybw.f..t_.wo.es{]..\|yqdVZ..d`w...W..Trd.n..Ii.tt.]Z_lzz.R\|.ry~xp.p].O\|.:rs..`.ma.l.q..T_.ir.^Yt.pN.i.N~nz.hd.Fuptz..h9...Q.R.M\|..B~.Co.v.A.YW..Ssfzn.}l.@..VSH...{.Y/<4.....DP9Yn.eZ...5vAQ.QMd.nk.5G...p.....w-:?\.It.w..GIE....d.`a.u..d~PmA..q...x.C...[...gf.>..f.ig....G@\|bj.uk....WE.u,UFi.cf......7.Ca8$FZ..M....Rh..Ex....kZ.td.s7tT93T..n.JOSl4.v.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\famas_clipin.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	10530
Entropy (8bit):	3.839694356860486
Encrypted:	false
SSDEEP:	192:f7DECwojgzTdDGiPJMY0ma6hGApPnqahy/TyKcimvAmOC:f7DzGD5PJ9a64ApPnqahy/OweAmOC
MD5:	D8868BFCB4E6831DEEB5137DB40AE84F
SHA1:	E2091A7B473D12AE8F446203A6445305618AC8E2
SHA-256:	FF821788730E6445B676E6FCF0D50CFB5695111D3F568C53F72C3639D5616955
SHA-512:	9D176286CB04BDEF664B12893F83BC4E8CB6DAA8C40473B5353AE79B2D25175D7D140B6084B2D2F0E69F3D4E225534F10D5DE39FEB7D43886EB8BB6770B8BD11
Malicious:	false
Preview:	RIFF.)..WAVEfmt ........"V.."V......data.(..............~}...........~.~....}.~...........~.~~}}\|~\|~}..}.~.~..\|x{}........{x\|\|\|ujlnu..........{wt.....yrwtt....ystz.~{tz.....ij..~...juhb....pXp\|{..g..\|....}...~.tQnz....sTK`\|.......p\|`Q....\|.\|S...}..jPr.\|.....aUXt......\cWj}..gz..w~.e`....s.hl..~..{nxzt....u{ris\|....o\|qspw.....cj.tp...nw.po~..l...cl.{....s.xiqr....{y..}..{v{..p\|...h.tl.kp..z.z..jy\|...p..vjg\|..kyv\|.}..r..l.p.~~y..v.\|{\|.x....b....~s.\|..l..t....{..\|uw......~sy....\|..x..}\|..fSl.....]{WOp\|...x..sHql\..f...}yyo^y.\|.\|....x~\|x\|.6N...D._q\|}....wwsHl..Zg....[`\|..e7A~.g^....\|l....xL]wxk..[qao......lPLbxtig....\o.....\|fo....x...z}...sP..ppw...\|....p...\|s.\lfztl........n\mq\|._i....ouqXr.....tt}.a\|.h..xWw..R....d.._]h`m..`i..Y^..m\~...`V...i_\|...x.nL..ux....y.yk}..rl..\|y..z.pu...qp....tsx.r\i..v...ue}z....F^...~d...lL\...~..hd...uex..q;\....aa...Y......vce.........s....swkS~s\|....h`.X}..j....ulv.}l.....xvty..Lxtny.~..jH`....bqwuztm}....ih.x...}\|.s..hv.he..~.xs.tp~...o\|..xtdt.{la..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\famas_clipout.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	3876
Entropy (8bit):	5.690794744228584
Encrypted:	false
SSDEEP:	96:sOr1kAl4Cgox1o6uvgsg5efpNj7CK/vpy2jHnI2EIXllQ8h:sOr1kAl4CgoxiO83FXpFRzlN
MD5:	349B78E5BD36F6F5A2C3BAB8A474ECAC
SHA1:	D0A49FA09FA43A46F35447073B2D177F4E26F74D
SHA-256:	676625EC6E1B323243D0D62988606C7B3B509FFB2E5B6C2CBC9A225ACE6F8F79
SHA-512:	A07DAE9F0AE0E379D51D080E815430884C52BB24D3D70D23E375A8296981A8CD8D6606A5C135D8BCFDDE11AEA2DE72175EFD93260600B04211F5EAC353AA0DB3
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data.....~....................~....}}}..~....~........~..................~.~...........~~~........~..~~..............}.~\|~......~...}}}}...............~}}..~~.~................{}....~}.........~\|\|.....~~.........}.............}}...~}~~~.}.}\|.~...................~~~..........~~...~~}~....~..~.........\|~..............~\|\|~\|~....}~..~}.~...............~...}}}~.\|\|{...~~.}............}..\|\|\|}...~\|.......}}...\|..............~z~}\|~.\|}{}~\|~.................}~.....}~...~\|\|.~.\|~{...~...........\|\|..\|}}.~.....\|\|\|..}z}.......~...........\|}~}z\|.\|{\|........}\|\|}~..........~~..}...}~...}w{..~...~....~}\|...~...........y{.~yx}.}~.~~\|}~~...............\|~........}\|yzy\|{{..\|z~..........~.~\|}.....{}.....~..{xyx\|.\|......~.}}\|.\|........\|}{zvw\|y{...}..\|{wtvz~............z\|..}...~ywvvzxyy.~.........}.}}..........\|\|~.wv..~...wz..\|..}.......~\|.\|.x........\|wvzxy.~.~........\|.\|~}y...\|zux..~}\|v{.......}...~..}}tptz~..........xuqolpru\|..........\|w.~wy}{..xr{..yyu.........~\|xvrtouxptxn

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\famas_forearm.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	10158
Entropy (8bit):	3.6258531602446897
Encrypted:	false
SSDEEP:	192:ioopiOeUcWaz+ZqWFsEk4cTsturX820oe4ArSSOM0uY/XKn:ioopDeUcb3WFsE/lurX8203ZzOM0uY6
MD5:	929FE892924CE546B9CE635FC03B2EF6
SHA1:	6564C812792AF93A31207EAF2ADACB3F31660330
SHA-256:	FE8BEACB5DDE14A0566033D7E00BC9E247132E8051E0F0A100210CC4B2B02D36
SHA-512:	E262E10EFFA8A1667968C365276DD36E3A1361D0199D30A11A84B467E806BBAC16F4A471FA028695D4E9F5ACF9AED99EA56E78C15343A7A4E94CA5ACFB5E27EA
Malicious:	false
Preview:	RIFF.'..WAVEfmt ........"V.."V......data.'...........................................................................}.~.~..............~.......~............~..............~..~............~........................................................................~......~...........................................}...yIu.dyz.}l..r.\|.wt..x..?.vwrs.[..b..q.i..\|t.`p\|..r..x..`.i.x.~.{.yx..v`u.\|ix.\|...u.{.{~x..yt...xw...\|x{..}{....~.....{w...y{...\|}...}}...\|....~....}....}\|}....{...\|\|..}~..}...~........\|}.....~.~..}....~..}..~}..~}......}...~.~....~~....~...~~~~.....}..~...~~.........~.~.......}.................~~.........~..................~.....................................~........~...................~.............................................................~....~.........~........................~.......................~....~.................................~...............}................~................................................................~..........~.................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\fiveseven-1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	12674
Entropy (8bit):	6.034794669857318
Encrypted:	false
SSDEEP:	192:pGMeJAMYezGAiJxMgi4bIk+K/QR0+Q4iyY5AAOCNtwmY+GPTdgewE:UMYAbezGvi47QRD7L+1OCNtwP+GPTdgU
MD5:	C86335EDB043A831026C29844E0658AD
SHA1:	020413D12745FE531DDA955CC20923BF63005A26
SHA-256:	8475D9A03B611A756A86F06D682B02A3416B5F62FCFCE672045FD1B8EEB7DC2F
SHA-512:	C79285131B2D8A48E162AB89DA8AA659B6579EC442339C9858A732D3E1C7572997751ECEE23545A02652F0BE0D844FDC9CDAF6B916B0D89695A5F0407D286CE8
Malicious:	false
Preview:	RIFFz1..WAVEfmt ........"V.."V......dataV1...^=5..........O;A............d..K(ZS..................Bbtq\|G...Yipqnr7.....3..........o................................................................HRW..n.}...9..........D~..\|.\...F8mi.H#N....Iit`.........../ldl\l?'....../YcqqpX...!Jan~DG.7...\"-.'B.i).......d.Z.w..O.<...=....^r:?.p.y.......=AK3)>{wr.._...........s..ei\|MbFB:N;..oT..dk.~.j\\|ov..[o............a\|..............v......kPhoLOCNLIW.......ea..............k....jC`~.yZ..........{...............^S^SiP.._vro.................rp..BV7UY>Vm.........................oah..SK.....^......Wmd^iA1R2&^ZPjX7/(7NwJ% $L>b...-.I{..........ozLs[xITh[u\PN<lE+....<O..T.a.j..~......LnsE"W.....,ikx~~l..............dP>G............AD9V.pe.skqe.....h.................c=9=+F;RCW.i.....{........xnr..d........bxd}k..{............ofbkNK9IcY...............~T%.......csl..}E.^{.zs.........s]S3..................4[UlqXK.Z)..............$..,@k....{....................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\fiveseven_clipin.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	21922
Entropy (8bit):	3.290119264677571
Encrypted:	false
SSDEEP:	192:czSf+vZi5CUQjqBevevM4v2iyA0OW6QO1VXnQomfNVDCyorb/WiiJjrG:y7VjqBMA4OW6t3XnQX1JvorjWdrG
MD5:	F3229A0B60708000670AC4DE583F1CCF
SHA1:	6844A7BC5D6E45E2CB5A3F9DF18973D592F6EC42
SHA-256:	00BBEB0B28ABE5B4DD217DAC62E3269DD3311A37DD2B8B3DE1075059D8BDBE0E
SHA-512:	4CE6BBA9E0265CCD77B6A4AAA8A699B91D0BE56663C8CBED5CAC163AECFC4DD63C177279289F1D23D6B862AA7CA07AFBFACC2F5C8B3F5FB481F9AF28B7239721
Malicious:	false
Preview:	RIFF.U..WAVEfmt ........"V.."V......datauU..\|\|\|{\|\|z\|z\|{z{{\|\|z{{\|z{z\|\|\|z{\|{y{{~{z\|\|\|\|z\|{{\|\|\|\|z\|{zz\|zz\|{\|}\|{\|\|\|z{\|\|{\|\|}}{\|}}}z\|}\|\|\|}\|\|\|\|}\|\|~\|\|y.}..xgo.tp..t..z\|.\|vz.}..h..us..\|...xt.wof..x.~lm.\|f_\|unwtwkouwjm.kp.yjw.ts..y...............................\|{~y\|\|~~~~{~\|x\|.z{.~z.~x\|\|{............................................................................................~..}}~~\|~}}~~}}\|}}}}.~}}}~}}}~~..}~~..~..........................~.~\|~\|\|}~}~~.}~\|\|}~}~~~~~~~...~~..~~~\|~........}~}....~~.~~~~}\|~~~\|~{z\|{\|}{\|\|\|\|}\|\|\|\|}\|~\|~~~~~~~~}\|}~zzyywwwvwxzyzz\|y{\|yyyyywxwvxywwwwwwwwwywywwxy{zy{yy{yyyxyzyy{\|{y{zz\|{{{{{{{{}\|\|\|\|\|}}\|~~~~~............................................................................................................................................{...vzkf..se..t..zs..cx....~{...w....{..................................~}~.\|}~........~~~..\|\|~.......~~.....................~~...~~}~}}{\|\|\|\|\|}}}\|z{\|{zz\|{{zzz\|\|z{\|\|\|\|\|}\|}~~~.~}}~~~~.~..~~~\|}~.......~}}..~............~~~.................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\fiveseven_clipout.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	8188
Entropy (8bit):	3.6988394961006463
Encrypted:	false
SSDEEP:	96:Te88ynrOmWsEnIZ4bQJyO7HjzqHm8KcW2vILlbFcx0jTAbmvllqVmc/2R3J:0yqmWsUIZ4ULDL8VILlbF00j8PVB/iZ
MD5:	3D352EFEF15D6F7019168991CFF7CF32
SHA1:	10030AA93A41D80B35D39E59DDA86E4C164F1A5F
SHA-256:	616E07C58C0D3D332C3C7FE65C1B7E6EF49D5C26D09D8132D1E7C36C3899EA46
SHA-512:	BC51565450631D2954C0736C7899AA7111AA1584B0CD20AD239A765662D5935AEC7FC7B33F3FCB2D43E5A69B1A9C9728A63A5A82134EE4DCE7740CFA22E9480F
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data......{\|o..^...]d.\|^`...}..`{.wnp.th......zez.p`p......pl{.xov~.....vt.{u..re....~\|{p\|.yp...z{{....{\|...\|\|.~.~\|\|....}\|~}...\|~~{.........~~.}}\|}........~~.....~}~......}......}\|.~........~..~~..~~.......~......~................................................................................................................................................................................................}..t}~..\|~.o..l.nz.q..\|.y.\|z.s..z.}{}y.....~~..}}.~\|.}....\|....}....~.................}~.....~....~}.......................................}.~..}....................................................................~..~...............{s{}...}v{z{..x.....t\|....up\|.x\|.....xtv..~tt....\|\|....zxzy\|~....~}\|~...{\|..........\|\|~\|~.....~......~}\|..}......~\|}\|{}......................~.....}}..........~~}....~\|...~...~.}}...}\|.....{~..}}......}y...\|\|{...}....\|....~...\|~........}....}\|~.}..}...}\|.....}\|..}...}.......~}}~....}~......}\|..~...}.......{~.\|}......\|}...\|x~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\fiveseven_slidepull.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	5316
Entropy (8bit):	5.571290187810182
Encrypted:	false
SSDEEP:	96:GYuikDfv/gmoKY+/mrD5lDWp5lO9VAz+TCZJ5hS4yozvx8wNYeF172dsHoAN+0IG:GYuikr3xX7ull6zbNTwot8QLF9YqnJIG
MD5:	B1B0655F2D4959F43FD11E9ED9F22BDB
SHA1:	EE6F2C5B218B1172C031A484A0ADA1E88620025E
SHA-256:	2113E38A06DAD60F31CCCF35E4E8E8E9958EA41A1FDF872616526DEDBF5C34FF
SHA-512:	F33E0C754146B50F9FCC650461AFBD35EEE2912E51B2E7B110D8812EDD733E4E2BE6A41B75F0661CC40548AD5C32942D62BA650B5DF616A34664B479937F2D70
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data.........~.................~......~.........~.}.........~.......................~.......~.~.~...~...\|...s\..Y..n..e..x..lp.zz.r.q.vs~z.y...ms...yu...w..y...s.}oz..~.{.{.{...~v..}}....{w..\|..{w~....szu....~~.y.v{.....`k.kok.k\|.mwy.\|.}px..z\|...v...[\r.J..RT..i.b.cqw./j......Wt..*..[Y..~.z.g.q.iQ..tn..R.~..op.._{..p..`...az.}.{.q..y.w.v...vz.}...\|}.~...}z.x...\|..z...\|...~}..~..}{..y..~..\|....v..w...y..y}..~.....{u...\|......\|.{....~...x....\|\|~.z.r..q.~zu..wx}~\|...\|..r..{...z}.\|{..~..wx..s..z~.~u..~..\|u......w..o..{.....v}..}..x}.w..u.t...z.ul...q{~}..z.}..x\|.\|q...~.v}..\|..\|x{.~}..~..u~..rz.sy..u..zu..vx.\|t..uu.{o..l..uq..u...\|..vz...p..h..a..t...r...yp{..x..vz..u..qx.\|...y..wu..z..r...u.z...k..]..e.}c..V..S..3.._w.q..Zf.w...w~...zrw....m..vq\|x{...y.zu..r~.....vm..t.....{x..\|y....\|}\|~..}z.....\|~~z...~..}z..~~.....z..\|...~..}\|..z.......~~.{.z...w~.~w..~..zy}~...~..Lx.~.~L..[..Z.ws.jP....\|h..o.xl....sw.x....~....wx{......y.}v~....q....zv.}\|..~.t\|..y....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\fiveseven_sliderelease.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	9688
Entropy (8bit):	3.507541137358554
Encrypted:	false
SSDEEP:	192:OYsJxvrQtF+GvMQmFslbwN6dWqISzoC1eblAAb:2vsnvMgb46dzI0oC1eb1
MD5:	5FA99E584BD200389765735FFF5CA578
SHA1:	7D5AA222BEAA8F0A7D88C80FB1AE21223D4C60AF
SHA-256:	B4976BBAB31E27BB9B62476179AE4B0C98B3B693397A77EABE360F8E680F654E
SHA-512:	E1E0B6A09AA157E42C45C464D8F136C35D5903227DA72DDF61AD9F92EA94305DF4F57BCB74EBBF3B295FF7FC7CBD485EB857F7139122DF000BBBC19658B8B176
Malicious:	false
Preview:	RIFF.%..WAVEfmt ........"V.."V......dataN%..y..}.xo.\|x..u.vv.xo....vzy.z..xr.}..tz.v..d..l..g...p...mo.tb..xmrt.....y...^....up}...ty{...mo...z.yl..lv..v....\|.\|z\|...\|.v}.\|~.zx\|...x.....\|x..x.x.\|}..t..~~\|\|.....}d.hk....V..ps.T.\|\|..b..`..ko.\|`.y..Pc]...T..^k.}.\|..z.`[....cSc\|.T..tNv.x...[p.xT...P..un..\.h..gzk..t..e^.wo..{gi}..w.[..fVtl..xo..l.k\.....{ca.....X..w.O..vxX....U.d.m..}`..t\|.`u..{}.lf..V..`\|..U...p..]`.\|..`..p\.nZ..^`..a..^\|.....x.l..to..\..v..[...p..d\|.h..ii..t.ut.{r..c}.tq..t..o..i..d}.oo..r..s\|....n\|.lp.}t..~zxs.}x..p..ou..p..{}.r..i..tw..b..wz..\|~z..~..yz..}y..}.}.z}...\|..w{..w....\|......u...v....v..}...t..~y..{....z..\|v..y\|..t..~.\|...y..x\|..v..\|z...{}.z\|..zw..}...\|\|.~}..{x}..x...{}...{..\|..}y..x...z\|~.\|x..\|z..v~.}x...z}..\|}..z..\|z...z..{\|..\|x..zx..x}..w..}y}..z..}x...z..\|{..\|\|...}..s\|..p.~..\|.{~}..zx..t..z\|..z.......}z..y}......\|...{\|..\|z..x..z\|..z~...\|..}z..~.~.}...}x..\|~.}x\|~....{....}\|\|..}..x.\|x\|......yx..{...{}\|.\|}..}~..\|~~.}..\|x...\|..{}..{\|......\|...{{..\|..}y..x\|..~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\flashbang-1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	31244
Entropy (8bit):	6.569747977028889
Encrypted:	false
SSDEEP:	768:E2FAbiGu/v5K4t2to7TXnA+HlUHJMzsMIVse/LxcCn+N9k:xbGWv5KTqtUHJMgFJ9zn+NW
MD5:	1D37BE7A407E04655C1F4BBA182DE6E4
SHA1:	38E4BC79F9EAE8233597CDF0320FCABF08960DED
SHA-256:	2896C9CEE195A7BBBE50B8193B53BA8FBD251E5A938389075F6D8AEE186A06B6
SHA-512:	3F2D125479FA89D8BE066A1828A80B6A5482CB25A108073E919DE1BF399015C78CED4C0CFE778B5AC30BB3727F5844F7E59A23DE1C04FAB0E764EB721CAE6756
Malicious:	false
Preview:	RIFF.z..WAVEfmt ........"V.."V......data.y...............................................}~...............................lbkorlovvtrtxwvtusopnlmnmkkllmmnqpspqppnqtptvwyxzz{}..................................................................................{upmlhgifb]ZUQMJIGHFEA90(',++-,)%#" !&))-1055;@ABIKF$......"+/7>61BIA;9<FKLC+.Y..rQ.......................................................................................................}vz{vtynYPN5.......8J....#................. %+1367;DO\^WPU_a]^mwwz...............................................................................................~}wxx{}...\|yvuxx{z}}zspjigkq}..........\|vx}.......\|zww\|.................................{..........w`kutdFRfdcbMU_P?DH6EJ?>QaPD<30("%#0:CC. *!..%04-/3-!....%()2CSG<6AMC;=<;CNZZZW]^NGRWguiz}aL;>C@?J]mv\|\|{.{uoomfepyy~....}yvtq{.....{joplx.......................zxvtx......\|~\|..x..}xfZOL[XVTZe[YZo{XLSM:9K\bgx.u[JOOPU_tyo.\|ma`hipx....................................\|qory{vw\|....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\flashbang-2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	31244
Entropy (8bit):	6.569747977028889
Encrypted:	false
SSDEEP:	768:E2FAbiGu/v5K4t2to7TXnA+HlUHJMzsMIVse/LxcCn+N9k:xbGWv5KTqtUHJMgFJ9zn+NW
MD5:	1D37BE7A407E04655C1F4BBA182DE6E4
SHA1:	38E4BC79F9EAE8233597CDF0320FCABF08960DED
SHA-256:	2896C9CEE195A7BBBE50B8193B53BA8FBD251E5A938389075F6D8AEE186A06B6
SHA-512:	3F2D125479FA89D8BE066A1828A80B6A5482CB25A108073E919DE1BF399015C78CED4C0CFE778B5AC30BB3727F5844F7E59A23DE1C04FAB0E764EB721CAE6756
Malicious:	false
Preview:	RIFF.z..WAVEfmt ........"V.."V......data.y...............................................}~...............................lbkorlovvtrtxwvtusopnlmnmkkllmmnqpspqppnqtptvwyxzz{}..................................................................................{upmlhgifb]ZUQMJIGHFEA90(',++-,)%#" !&))-1055;@ABIKF$......"+/7>61BIA;9<FKLC+.Y..rQ.......................................................................................................}vz{vtynYPN5.......8J....#................. %+1367;DO\^WPU_a]^mwwz...............................................................................................~}wxx{}...\|yvuxx{z}}zspjigkq}..........\|vx}.......\|zww\|.................................{..........w`kutdFRfdcbMU_P?DH6EJ?>QaPD<30("%#0:CC. *!..%04-/3-!....%()2CSG<6AMC;=<;CNZZZW]^NGRWguiz}aL;>C@?J]mv\|\|{.{uoomfepyy~....}yvtq{.....{joplx.......................zxvtx......\|~\|..x..}xfZOL[XVTZe[YZo{XLSM:9K\bgx.u[JOOPU_tyo.\|ma`hipx....................................\|qory{vw\|....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\g3sg1-1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	33130
Entropy (8bit):	5.211427540017282
Encrypted:	false
SSDEEP:	768:XvadmvVgxgb6igCWWNoL5u1c9yDvavBJY3HF2etbNmvmZQW3WvYNym:XpOm5WWuLec96vavDXmZQ+mY
MD5:	160CA71B5DEBC7E42DC985811329BECE
SHA1:	108ABA5B780EAAA441ACD15E62DE1B9B91EB88CF
SHA-256:	B383E6217464601A523FE3FFBD6BEA2F39DC81ADD9B494CCE928651BB6E9595D
SHA-512:	E0231E2DD50FD95F9A8A670DE3214F48C28FB562C67A87E5A039C30F97353F581365CDEC7699C4F24CC5AB174D79F3957F3B24996028E3E824C5E087F2B81427
Malicious:	false
Preview:	RIFFb...WAVEfmt ........"V.."V......data=...~..\|hn....aP...p+y..T304,@oI4=).4{.E@248::<9;9;8>F=9=G@<?@>@@Fp_2VjXl{w[X..\|.s{.q.................................................................................x...rqil^aOaR?$DXTB.'(.%.[...'.^.m.......(&8.=..........@;...:!6'1+2./0.4$.....M....=1-(.....04=6@4D-H.\|..:.....E.:.].]+......x........qu..i....g.....OM.....U..V#O0L2M,H.h..........................x.<$I\.R3R.f.r.<.&3....M......../............................................'/.$.S.......P.4..(.[.......',%)%(./,+.;......\E..Gtd..%...y...".5(2(+-6#/'/)/+/,0-..&6e:&01343535465768798:9;:<;=<>=>>??@?AAABBCCDEDEEGFGFHGIHIILINHRJYA]..................e.................................................;.n....................hT........:. .4'-(+((-(2:#7.e..]....2-8-3,3,3,4.5.4/617283:4;4=3BBA.\|..!..m.Z..34.y............................................................w..> ($'%%$%&&'&'&(()())),-.*/)1"BD!3-202235385=0<.d.t.l............................+...Pd"z.Y

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\g3sg1_clipin.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14102
Entropy (8bit):	3.2043574006217757
Encrypted:	false
SSDEEP:	192:647iZdCPPf7tjkPKYtUvLMVtmfXCaihLkyBAvPqOSN:R78MLtjkYGwPCa8Ll8PqOSN
MD5:	2AC5E52EC86CB31770DF7348EB60075F
SHA1:	C369C339F1A7559861BEFF1237A9BD73331454A5
SHA-256:	17FA44AF450550C7D4A530C93C727559F99BA328D49C7E86FE7C4872460F1AA0
SHA-512:	836F150484CEEFCCD04F218D6DF76FD0B3DEFD34F26499EA11F7D8755666FA6FCF6E920EF705BF4D0777F4B756B2912747B5506C08DBC02EAEBF7123598C8C41
Malicious:	false
Preview:	RIFF.7..WAVEfmt ........"V.."V......data~6..............................~.............}}....y....{.........y....}y\|....\|..}...\|......~....\|~..~..........\|.......~....\|\|........\|....\|{~.................\|}......~.......\|.~...........}}............}........~~....~........}..~............~..........................~................~........~..~..........~~...............~.............~.............}................................................~...............~.......................~...~}.....\|....\|z.....................~.........................................................................................................................................................................................................................~...............~~....}....}}....~....\|...........~........\|.........}.....\|~....~{...~.....\|{....~.....\|}........~}...\|...\|.........~.....\|.....}............}}.......................}\|..........}.....~...........}...}..v...\|........~}........z}....\|z...y\|.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\g3sg1_clipout.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	12536
Entropy (8bit):	4.582557426137135
Encrypted:	false
SSDEEP:	192:dUoiFgqEvpJISjeDT7KQk3sDUXUwdGJO5i/gplP/CYW4rqe5hfv4oxJ6All:ioJqExfa3ZQUwdG05i/gpd/Cf4rHhll
MD5:	66494EC485B910D91CF037BEBB8A899E
SHA1:	78F0C5EF25BE0E261D035D98EFBD44C17EF94F00
SHA-256:	523128273AFAA928C151F46FE3F9F8D36D01BDB1FBC4118A7D80B64DEA1AD1DB
SHA-512:	A25C0DAB97536FD467BEF303DE3E732224B7D4061331F1E6A3D053EBDF8E05C861535FD4DC8690C7F9A03BADE835244B3F4F0B9133EEAAF4CA08EA551172AF24
Malicious:	false
Preview:	RIFF.0..WAVEfmt ........"V.."V......data.0..~~..{~..y~...~..~\|....x\|..y..n..~x..\|sv...kl..xv..ysx..~.\|{.\|..~.........{...~xy..\|....{~...{..~~~..y\|...~.....{~.~y~..x{...\|..{{...~y.......y..x..~\|~~.y{...\|\|..\|.~..\|..~..\|....y..\|..~..\|y~.~{..\|~~~......~..~......{~.~..\|.~..~.\|.\|{.~..~\|..~~..\|..~..~..\|..\|~....\|..{~.\|.~~.~\|....~..\|..\|~.~.\|.~..\|..~.......~....\|...~.~\|..~..~~\|..~....~......~~.~~~.~..{.....\|.~...\|....~....\|....\|.~..~.\|\|~.....~.~...~~.~\|~..~~...~~~..~....~~...~.~~...~~.~.~~..\|..\|{....~..x...~{..~y...~..\|~.~.~~.~\|~.............vq....yq..f..c.x\..pk...q..v...t{..ql..ti...\|{..~y.~..{.~...tx...\|s..vs~.vq........y..x\|.~qt~sx........~...t..tsy.yt\|..q...\|......~.~x..qt~..sy...\|..~..vx..n\|.~n\|..{\|~..v....~.~\|.\|~~~y{..{...\|.~.....\|\|..{...~.~{.~\|\|..\|.~..~..~\|\|...{q...(p.n.9k.h..v.ql..`fv..\|T..\|;..\P..fAs..fy~..^...xssxl..nn..t{p..q.hl.~a~.d^....s[....Y..~K..xs..t\|\|K..nl..\^...ik..xv..p..\|tl...vq{...v.s..\|.{q..xp~.p..\|~{{\|....~f{..k..yv..t{.\|p.\|x{..y.x{x..s..x~..x...x..\|.y...ys..~y..v{..x.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\g3sg1_slide.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	11176
Entropy (8bit):	3.0009553342381925
Encrypted:	false
SSDEEP:	192:C4PEW5/+IFu41U2d0T4YvsjmOEzVBc/oIX/QqwV+rwDMB8Wa3Ms:C4sa+O1Ld0T4esjmtzrcDQl+rwDSna5
MD5:	95214D9483142AE4CF1E07EEC388A5C0
SHA1:	BB78CEAD198C1C47354BCB62BFE6A8DE79DB03B4
SHA-256:	D392BCE4D2DF7A5EA644669568FA3A140519D9DA7DAF2B438125204D4B4CB55A
SHA-512:	462A321DA4C0C80078C4085E58EC39540C58149E31F82C850C134367C6B8D01179365317D7F89FDD8D9102FA36A1A84741A7E40EB36B8D12AFA798A8905D2BDA
Malicious:	false
Preview:	RIFF.+..WAVEfmt ........"V.."V......data.+............................................\|~....s....u..\|......u....\|vt....z..z...\|.}....{....{~..\|..}.......\|..}.........z\|..~..{..{....\|w}.................z{......~.......\|~}....}......}~............{.........~.~..~........\|...............~.........................~...............~.}........~..}..........~~...............}...........................\|..........................}....................~................~.......................~...}}.....\|....\|w.....................}....................}.............~~..........................~...........~.......................................................~.........~....~........~............................................~..........~......~.....~....}....~~....\|....}~....\|....}~...~~....}\|.....~..{....~....}}~...zz....\|z...~....}xz....\|.....\|\|........~{...{...z...~.....}.....{\|....\|~........~..}\|........~}.............}\|..........\|.....~.........~.{...\|}.r...z........\|{........t{....yw...w}.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\galil-1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	71788
Entropy (8bit):	6.389337550141067
Encrypted:	false
SSDEEP:	1536:CjJBuIngGIcfd/TpTpfcTJjHnaLpO1fP0CfBDh4D9:C3pngGIc7TpcTJ7naLERY
MD5:	4025C701A464FA6761DE8BC3436AA769
SHA1:	A4E49D4907D16F4BF04292A4C3287EAB2634682E
SHA-256:	01C6DE7D4F5B90E7F993ED2AFFF212E887DF9BD7F0606F4AAA7A4673AE39665B
SHA-512:	3C3B8501D3C26FEEF2B093B1E30E974EED9965758185381A47E18239B28A3EB45A22C427DE850AE67520C79963E6A78EBFD4B5912AFA640FF9561E8C1B2CE45C
Malicious:	false
Preview:	RIFFd...WAVEfmt ........"V..D.......data............l.......-.-.4...(.U....\...u...a.r7>k...s.n6Q.....f;+.w.;[!tG+.G..Gb1....:.E..a..].#[........{........!..k&.~.s.C`i.m..Rg..m:..'"....'.................e!.....z...3...J...S......;}.........o.z.............^9A,\...\.s..*cGWki...Q...g.....q.......epN.i..2:.........P\|\|...i/2...h.{d../.o.i..................jH.........dv0..........<....Q.;.P.......z............+....%C...:.D....%.X...,2H...%.i.o9..Us..y.i.c.Q.../.%...7.........................s................r.l.9.......,..Gl.v(k-.G...G...~q.t....@tMl......(.t.&w.....................................+..k.....g...N............lew.Q`g.............m2N...................................;....An........\|.n..........y....K`.].H:.To.?c....N.....7.......6.?...g.........;....L...9...1...&...........\|..........................i....9.m..........!.........-............................].[...........p.....9..+..N.Ok:.O'..T.U.#:@GY(.f.q............!..B."...h....dl..X.G.......F.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\galil-2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	71788
Entropy (8bit):	6.389337550141067
Encrypted:	false
SSDEEP:	1536:CjJBuIngGIcfd/TpTpfcTJjHnaLpO1fP0CfBDh4D9:C3pngGIc7TpcTJ7naLERY
MD5:	4025C701A464FA6761DE8BC3436AA769
SHA1:	A4E49D4907D16F4BF04292A4C3287EAB2634682E
SHA-256:	01C6DE7D4F5B90E7F993ED2AFFF212E887DF9BD7F0606F4AAA7A4673AE39665B
SHA-512:	3C3B8501D3C26FEEF2B093B1E30E974EED9965758185381A47E18239B28A3EB45A22C427DE850AE67520C79963E6A78EBFD4B5912AFA640FF9561E8C1B2CE45C
Malicious:	false
Preview:	RIFFd...WAVEfmt ........"V..D.......data............l.......-.-.4...(.U....\...u...a.r7>k...s.n6Q.....f;+.w.;[!tG+.G..Gb1....:.E..a..].#[........{........!..k&.~.s.C`i.m..Rg..m:..'"....'.................e!.....z...3...J...S......;}.........o.z.............^9A,\...\.s..*cGWki...Q...g.....q.......epN.i..2:.........P\|\|...i/2...h.{d../.o.i..................jH.........dv0..........<....Q.;.P.......z............+....%C...:.D....%.X...,2H...%.i.o9..Us..y.i.c.Q.../.%...7.........................s................r.l.9.......,..Gl.v(k-.G...G...~q.t....@tMl......(.t.&w.....................................+..k.....g...N............lew.Q`g.............m2N...................................;....An........\|.n..........y....K`.].H:.To.?c....N.....7.......6.?...g.........;....L...9...1...&...........\|..........................i....9.m..........!.........-............................].[...........p.....9..+..N.Ok:.O'..T.U.#:@GY(.f.q............!..B."...h....dl..X.G.......F.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\galil_boltpull.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14584
Entropy (8bit):	7.058559794657571
Encrypted:	false
SSDEEP:	384:Sis+WA51lYox41Ke2pIt+QWXZrKiZAytCh3:l/HlYoWMCFWXZ+iWy4
MD5:	4D9C994639B3A6424AE45740B9C0697A
SHA1:	3E2FD13B62B90B911E6144231023396724774FF3
SHA-256:	5B71CC8C0D6A6834A1C4ABB165D33832F23852769A0BBF88B0912E35E2DAC240
SHA-512:	AA8F70AFEDCB8122DFB50FF5AA85A59A1F2FB6E157A57A7261DDE704110E9549823B5045BF8E6070AF765D6C66AB5B1EB93A149B8F2A2958A27C16875690B835
Malicious:	false
Preview:	RIFF.8..WAVEfmt ........"V..D.......data.8....<...G.........#...o.a.N.................a.0.S.........K...T.`.L.I.d.9...........@.................L...J...Q.............9.}...........u.6.P.F.`.4.......R.i...0.....<...Y.......m...........@...................=.........C....$.\|............Q.%.y.+.u.......V... .....\.........b.....~.v.#...............t...P...1...I. ...<.............a.P...v...z...t.....v...d.5.#...Z.\|...............I...........d.....W.......T.H.o...`...l...S.P...X...w.!.:...............7.....%...........%...h.^.....r.)...........\...E.s.?...A.....;.....7.C.../...S.....P.b.........}.....3."...r.................P.V.C.H.......`.:...^.^.a.D.d.1.........D.......:.......*...I.........\|.....l.....!.%.....~.........!.......C.........t.B.U.........~...].X.....n.C.....8.[...e...................R...a.......$.......P...........c.....k.7.2.....X.?...K...Q.......'.{.J.......(......._...f...q.......i.B...Q.G.^.{...7.....u.6.?.-...'...........0...".".J.K...N...i.!.......,.2...h...z.=...?.u.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\galil_clipin.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	3966
Entropy (8bit):	5.881223987577134
Encrypted:	false
SSDEEP:	96:3DsXksp8ocnNkmt4CJtxSYHN5IjlYGrzi5moT4:3DsXksqoHmtLJtwYHN5q5PI0
MD5:	334B3BAD3C365E1EB8AE865A13B101C7
SHA1:	FC39D9A5F3925FFEAEC0F407BBC38FE3C4ECA393
SHA-256:	2A51F93E85B1A2B90C584241F459D508C18549ACC17285040C06A648F3A32C25
SHA-512:	3533FDBBD9757660E5AA62825C4A7183EAB8A0E0722597C23A351080489A4E53737C017459342D51A73F4C50FE396768217E484350AD7754B8F33E1B7E06F6CC
Malicious:	false
Preview:	RIFFv...WAVEfmt ........"V.."V......dataR..................~.~.~.~...~..}.}.}}}.}..}..}.}..}..}..}.}..}.}..}..}.}..}..}.}..}.}}.}}.\|.}}.\|..\|..}.}.}...}}}.}..\|..\|..{..z.}}}.}{.\|}.{..x.\|\|.{.z..}v..s..\|.u..w.\|.}.x..xy...~.{.}\|.}x..v}.\|z\|.y~w.{\|..}......~....{~{{\|zy\|{z}}......\|\|..{.{..{\|\|}~{.}z.}\|..y.}\|.~.\|}..}.~~.\|..{..z}}{}\|}.y{.{z..w..\|..}.{.~.}~\|.}}...\|..w..{..\|..\|.}.\|..\|.}}.\|..{..}..}{x{z}............\|}zzz}z......~\|.zz.{y.{}{...}...x.}e..>..&.?.pc.T.}W..j~..ns.b..\.{W.rj.rl}.b..o..b..d..k..r..l..qx.k..x\|.u..r..x..s.{s.xv.t..t.\|{.x\|.t~.t.}w.~..u..w.~.\|~.x.\|z.}}.}\|}{{.v..z..s.z..x{.{.w}.y\|.}z}...y..{.}.....{}}..\|.}{}}{.w..l\|.`.}n....sE..o..r.xr.qw..jjr}..[..v..w.ws..iyx.....lo.oi..en}sl....jx{s.k...\|}..so..{.{.sf}..}...m..wxoxtp.{x.w.jl....{..}t{.}z.sx.s..{.wj.x....y.k..gl.V..r...js.v{.o..X...x{.qg..[q.gU.s..T..^..v.`..ux.T..a.n[.vI..ss_...G.bse.s.u..O.g3.e..lc.EY.ca.I..d..n5..H.......VIUb.0.v<...Z..P7..y..^.C...E.ngP..@{\|{b.v.h...s...mE.xE..Xrr..=f.eg..ay....j..qzp{.h\..s..z.{s.mq..j

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\galil_clipout.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	3418
Entropy (8bit):	4.416552581014859
Encrypted:	false
SSDEEP:	96:6VU3ppLR6wKa9yJbw/laOadjMfVb9zhmjlmLm:qIpLVQV+laXMdvm
MD5:	E230CA998A11BE84C9CC67982B455B78
SHA1:	0BA49B2448A848CED4F13641E875F6E4EC44A8BD
SHA-256:	1E2A9F6FB7EFBEC74F66777CCEBA65B1E08F413593F2782DF33D07B84499D8F1
SHA-512:	2CEFD104308A1FD0B9E656683A7E1C21CDA14766BC4830CCAFF4DAA942E2927C5558FF3F94C1988515549A5C46D13485B1BB1CF9E8993A79F6A6BED6C2C6D720
Malicious:	false
Preview:	RIFFR...WAVEfmt ........"V.."V......data.......................................~.....z~{..~.{...{{.\|......}~\|z\|.......{.....~.}{{{..\|....~.{\|\|\|~\|z.........{{x{{........y~}x{.z....~..{..wz.}y.....{z...~~\|}.....{.y\|~t\|}..w....z.wzz{..~....z.\|....z}y\|x{......\|x.......utv\|.......{xyw......\|{{xyx....{{\|\|z{}{....y....~{{z~\|z.....yz....{...{yx..........z..\|...}\|~z}~.......\|xx{......{\|\|\|z\|.....{.zz......}}w{~\|.....\|~\|\|{........z{y..y..\|{~tjss......uwzrenz....}}x.~.{{z..~~{z..~z.....}.}{...w{..~\|.x...\|}{..y.....\|..\|w{.{....~.~y..yx{.....\|y{vz}\|...~{.uuv\|......~w{~......yww.~.....zy}{y.....~.\|xz\|...~...z.zy....{..\|.{xz..vz....\|z~}....~.~\|.y..~..{}.~x\|.....{}.\|.z.}....z..z{~.~.....\|y{~{....\|{{}z......{}yx{.......xu{z}....~\|{{\|~......\|\|\|{.z\|..y..}{~..}..y~\|z.{....w{.~}~~x.}{~}....z~~.}..~.....x}~{..~..{}.}z~.\|..y..~w}.}x.}....z}\|~.....~xvxx\|z~...}}.\|.....}}}{yy.z}...~{..z\|~~z..~..}}.x{.\|}..\|~..{}\|..\|.~.\|z~.\|.....z{\|xw......{~.}y....{}.}}......}u}\|~~}.~.y~~y.......\|.}x.x~.}~\|}{..~....}\|~}~.\|y\|\|w{.\|

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\generic_reload.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	34464
Entropy (8bit):	3.26727887622198
Encrypted:	false
SSDEEP:	384:WoJqExfa3ZQUwdG05i/gpd/Cf4rHhx8ErHy9WRkklazhTfB2+Vdbf:0mS3ZQRGdKdH8ETNazhTfB2+Vdbf
MD5:	5F37912C655CC49F60DB0DF5254080B7
SHA1:	0F35ECEC7360293B08654F9F6987156E899B3D5D
SHA-256:	95A9AB12DDF7AF958F6021703610D55700D488757BCD9D0F6ED11971B69D5BFE
SHA-512:	B2B3A7BCF2AE718660251AE20679E858525D3444A91C4AA0DBE8E49FE6B0F363A8F6026239EA05BE8A878F6E39633DB9F9C997481083208568E47173A03C8239
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......datas...~~..{~..y~...~..~\|....x\|..y..n..~x..\|sv...kl..xv..ysx..~.\|{.\|..~.........{...~xy..\|....{~...{..~~~..y\|...~.....{~.~y~..x{...\|..{{...~y.......y..x..~\|~~.y{...\|\|..\|.~..\|..~..\|....y..\|..~..\|y~.~{..\|~~~......~..~......{~.~..\|.~..~.\|.\|{.~..~\|..~~..\|..~..~..\|..\|~....\|..{~.\|.~~.~\|....~..\|..\|~.~.\|.~..\|..~.......~....\|...~.~\|..~..~~\|..~....~......~~.~~~.~..{.....\|.~...\|....~....\|....\|.~..~.\|\|~.....~.~...~~.~\|~..~~...~~~..~....~~...~.~~...~~.~.~~..\|..\|{....~..x...~{..~y...~..\|~.~.~~.~\|~.............vq....yq..f..c.x\..pk...q..v...t{..ql..ti...\|{..~y.~..{.~...tx...\|s..vs~.vq........y..x\|.~qt~sx........~...t..tsy.yt\|..q...\|......~.~x..qt~..sy...\|..~..vx..n\|.~n\|..{\|~..v....~.~\|.\|~~~y{..{...\|.~.....\|\|..{...~.~{.~\|\|..\|.~..~..~\|\|...{q...(p.n.9k.h..v.ql..`fv..\|T..\|;..\P..fAs..fy~..^...xssxl..nn..t{p..q.hl.~a~.d^....s[....Y..~K..xs..t\|\|K..nl..\^...ik..xv..p..\|tl...vq{...v.s..\|.{q..xp~.p..\|~{{\|....~f{..k..yv..t{.\|p.\|x{..y.x{x..s..x~..x...x..\|.y...ys..~y..v{..x.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\generic_shot_reload.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	2.731921486387239
Encrypted:	false
SSDEEP:	384:aYintQVhN2XyYintQVhN2XkYintQVhN2XO:aYWtNCYWtN0YWtNe
MD5:	13617C786D85E43BE5E3866F1C88E1F2
SHA1:	E485718A17563AADC8315C1188D371C01C1AA2EF
SHA-256:	40307132CC81A80D4C0F1420CEDC854B5D58B2C0790D6A36CFBEEFE887297E98
SHA-512:	3B42DD712D163BB10D2C07A1EB289A52B8D60E6855464066FA5B1ECC9031180147C0DFCFEEB642AC75992A327E23DBFD838A0F8D947FA5591161E6E3F9699913
Malicious:	false
Preview:	RIFFPv..WAVEfmt ........"V.."V......data.u.............................................................~yx....y\|.z\|.~..x..}{...z}.......~...x{...w{...~\|..}~...{x}...}.......~\|...~~....~}........~}~........~.........~~~~~.......~~.......~~.........~~.......~~}........~~...................~~~................................................~...~~........~..................................................~..................~~..........~~.....~~..............................y.}~z.\|}.~.{..{}~}.\|..{...~.}.{.~~}~~.~}...~.....}\|~~y{\|~...........\|}y\|z{\|..........~.~.~.~....~...wux....vz...z{{vw.........}}{~...}.z\|.....z{......}}..}......{y\|}z~.yt~.......zyurpty........{yyz\|.....{z{{y{}......~yw\|~.}~~}{{........\|y{ywx}........\|{\|\|~~}.......~~}..\|{x\|.........}{zz\|\|~\|}~.....~}..\|{yz....\|.~}~~..~.}....}..y.zy~~..}.{.....{}x\|...}x\|\|..}~z..z....}..{.{~......}....~~.~..~~{..\|.......}.~..~....~...~}...~....j\|..c.w.\|.ri.g.G..w..d..~j}._.zl..sy..{m.y\|...k..v...}y\|...w.q..k.}w....wt..z}.~.~y.~z\|\|...~x..}~}

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\p228-1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	15408
Entropy (8bit):	5.576036811565298
Encrypted:	false
SSDEEP:	384:erqnu9YgUR8TIpTufDLXVgGaIJXAncZ/4Lz2v2xqEe19IcnPp:/n2nUR88pTuf1tpAncd4Lz2v2xqEeX/R
MD5:	BC50BE94BAFFD1AC986842023B27180D
SHA1:	DD6A59813E403457C969BF4FCD60E57AF85AB1DA
SHA-256:	8D20742CDCAB779B299D274FEAD3E31C9DD32434CDDD2D5CC55110F494281E65
SHA-512:	574D84C26CF92993A478D0EBFEA1ED390C744B7ACB3491D34B3B6833B3D2C7BE051F9C35823C17032E23F8B2E49A6B13F7B5429E1608D59531E64AA5DFCACDAD
Malicious:	false
Preview:	RIFF(<..WAVEfmt ........"V.."V......data.<......................6......E.5...U...B.q......Z........................Z]......N2>..................XE\U.........+k..UmXg....t...........Nm.i&i3..2d..+.i...m;......}.....}.....=.?... ............\|....?.=.....E.......k.u.......................................l.......q:......7..U..VNbB..>...l....,....1g:1q..F........................................p......5..>g..d....g..1..`.6..U..X.C..b..k.......s.....X........................?.......................................\|....g....b..........W..p...{9f..).............9.....`................................................b......................................................!!$%(),,/234788<@>@BDFGVJNNORbv................................................................................................................................................................t.........9.{.....X......K.p.ttppkah`..l.r5_4..E......W........%........c.....................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\p228_clipin.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14692
Entropy (8bit):	3.410200821651971
Encrypted:	false
SSDEEP:	192:6HhMzfRfWk6FAFPeBaDfa1VXnQomfNVDCyorb/WiiJjrG:6H+zfR+kMeeBofa3XnQX1JvorjWdrG
MD5:	2876BBBA2ADAE9CF3456EA95A2C0B546
SHA1:	737A3EFF26B380E189ADA33A028F63D75B8F0E8A
SHA-256:	2EBBEA31183105B5D305027E960BB89DC2E2582B81BA712B01B1851501B6092D
SHA-512:	5423D77697905521A1718B2209A7E29FC34C94F481BF093F2EA45C3C43EB9DFCE38FC8C87802C221A1813C582B626FD84446540178CBA918D8E021D1B4B5DCFB
Malicious:	false
Preview:	RIFF\9..WAVEfmt ........"V.."V......data79................................................{....ut.xt....\|\|.x\|...xplz....xtwx}z~.}\|vp..svy.wl}\|rpuvz..{rtpjpy}\|..\|xmmps\|x\|.....~vx..vou..v\|...........................................}.z{xz.......\|y.....}yy~\|\|..yprzzy~\|}xrqu......\|....}\|tvyxyx..z\|........{.\|}.}}..y}...\|............\|z.........}~~.\|zx{yp{............\|\|w{zx~..{.........\|y~..}..{x...~.........{yy.{}.\|}......~x}xrw..y~..y\|}vwy\|vu\|z...........z\|xxtx..}..xv\|.........u\|.{wx.\|...\|\|.........\|}..{.~zx\|..{{..}..{y..x...z..~.xty...tp..t}..}y\|..xq...tk}..sp....z~.\|sy..{ss..pq....xo..x~..yxx{..u..x......{..tx~..zxy.......}v...\|\|\|..}y\|.\|uz........{xv..\|{{..~..........\|xtmlszyz.\|{.......\|\|yx\|..wn\|...xy\|.......\|..x{....\|pt}..\|.\|t}.{.......xx..\|~..\|w\|x\|........yvx\|.....\|{z}xx.~y}.~...........~x..}..\|y{{x}........}y~..y}.}~\|......~..}zywurx\|~......~\|...\|}\|x~}}{z.{x......~...{z.zx..\|}}}xy}.........{yyvy\|{z\|............~zx\|\|x}....................y{..~...\|..............vuxtsv\|}}..............\|...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\p228_clipout.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	8188
Entropy (8bit):	3.6988394961006463
Encrypted:	false
SSDEEP:	96:Te88ynrOmWsEnIZ4bQJyO7HjzqHm8KcW2vILlbFcx0jTAbmvllqVmc/2R3J:0yqmWsUIZ4ULDL8VILlbF00j8PVB/iZ
MD5:	3D352EFEF15D6F7019168991CFF7CF32
SHA1:	10030AA93A41D80B35D39E59DDA86E4C164F1A5F
SHA-256:	616E07C58C0D3D332C3C7FE65C1B7E6EF49D5C26D09D8132D1E7C36C3899EA46
SHA-512:	BC51565450631D2954C0736C7899AA7111AA1584B0CD20AD239A765662D5935AEC7FC7B33F3FCB2D43E5A69B1A9C9728A63A5A82134EE4DCE7740CFA22E9480F
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data......{\|o..^...]d.\|^`...}..`{.wnp.th......zez.p`p......pl{.xov~.....vt.{u..re....~\|{p\|.yp...z{{....{\|...\|\|.~.~\|\|....}\|~}...\|~~{.........~~.}}\|}........~~.....~}~......}......}\|.~........~..~~..~~.......~......~................................................................................................................................................................................................}..t}~..\|~.o..l.nz.q..\|.y.\|z.s..z.}{}y.....~~..}}.~\|.}....\|....}....~.................}~.....~....~}.......................................}.~..}....................................................................~..~...............{s{}...}v{z{..x.....t\|....up\|.x\|.....xtv..~tt....\|\|....zxzy\|~....~}\|~...{\|..........\|\|~\|~.....~......~}\|..}......~\|}\|{}......................~.....}}..........~~}....~\|...~...~.}}...}\|.....{~..}}......}y...\|\|{...}....\|....~...\|~........}....}\|~.}..}...}\|.....}\|..}...}.......~}}~....}~......}\|..~...}.......{~.\|}......\|}...\|x~

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\p228_slidepull.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	9628
Entropy (8bit):	3.4944932981434103
Encrypted:	false
SSDEEP:	192:MdIEiBw0G9yfZ1dnlFFRTcGZj0RPhx73wYSz0jj:MdIEicQDBlZTGxrwY00jj
MD5:	C094DC239307D7A9DB64BBB0B562768E
SHA1:	E82FB70784D0FD76137FF1F5041FF82AE0A9CB89
SHA-256:	4E945A8599FDF6A112321C248F9FA44942DF1F567541EE05BCEF7F8D1F62A79A
SHA-512:	EE26E0EF3CF62D64FAF65EDD08956FD7A0BA43432F51B1005454EADF190BDEDF2358D8F97796D0BCEEC1838779A15FCE2C14FA2DF9CB1D68B119562ADF985162
Malicious:	false
Preview:	RIFF.%..WAVEfmt ........"V.."V......data.%.....~~.....................................\|\|}.}..~.....}x{...~.~...\|......~............~~~~................~}......~...}....................}...~........~..~......~............~...................}~...........~......~..............................}.........}......~~.........}}...............}..z..~...x..~...x}.~x......{...~.}..~~....~~\|.....}........~......~..............~...~\|..............~......~.........~........~~.....~.......~.............~}............~..~........................}.........~..........................~~.............................~........~..............................................................~~........~}.......}~..\|........~\|.....~.....~.~}\|........~..~~...........}...............~.................~.............................~.......~...................~.....~..............~..~.............~............~.............~~...............................................................}......\|.z{..p...n...\|.y.}.w.

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\p228_sliderelease.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	11094
Entropy (8bit):	3.397361029977832
Encrypted:	false
SSDEEP:	192:ZYYsJxvrQtF+GvMQmFslbwN6dWqISzoC1ebs:SvsnvMgb46dzI0oC1ebs
MD5:	7F3E4F381F843F6048D4E11CB741B231
SHA1:	6741649A8C8BE21D4DFC8E93BB3C5A541BDF974D
SHA-256:	8A01D37D768F0CFF49164E4C9A698B4DE7C354F6B0A207AC96CD0BC6C6847A00
SHA-512:	C7D776D6FD1431569586DE4AE989120284CE0A551B57F4962D78961E3BE7CE46E9FF6E5A6901372FC712C9A98617E7D9A9DF9111587DD956D783A09BF2CDE17F
Malicious:	false
Preview:	RIFFN+..WAVEfmt ........"V.."V......data.*........................}}x..o...pq.~oo......p}.{wx.zt......\|s\|.xpx......xv\|.{xz......zz.\|{..yr.....}}x~.\|w...\|}\|....}~...}}.~..}}....}~.~...}.~}...~......}.~~~}........}........~......~......~~..........~......~~..............~.........................~...........~.........~................................................................................................................................................~..x.~..}..w..v.w\|.x..~.\|.}}.x..\|.~}~\|.....~~..~...}.~....}....~....~.................}....................................................}.~..~.........................~.~.........~...........................~.....................}y\|....~{\|}}..\|.....z}....zx~.\|~.....\|z{..~zz....~}....\|\|}\|\|.....~~}....}}..........}}~.}.....~.......}}.........~}~}}................~.............}..........~.~.....}...~.....~....}~.....}...~}......~\|...}}}...~....~........}~.~......~....~}.~...~...~}.....}~..}....~......~~~.....~~.......}......~......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\p90-1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14024
Entropy (8bit):	6.824613599579396
Encrypted:	false
SSDEEP:	384:jLJxmgvkhrGJFryMSYtQe1jkCWuZH/KGoLmgSrxu0v9uF:H7m6kh8TGeutoHiGoLmgSrxu0v9uF
MD5:	C65B31D43027C1B07EADB0DB1A6DEFA7
SHA1:	AD8A8C6D8C952A095D56148CF40749E3BB14DB05
SHA-256:	1D05BE3FCA629ABC58657C2070700F05BC2B49B18EEF8C17E35FFD3058C3EF4D
SHA-512:	BF23E6271D77D2E9340067EEC059E03193D831A858D819A97FBCE41781F699DECB3334DED8351919DB61BA765014FCBBBF2876CCB6C806C70A3A0DB20574A776
Malicious:	false
Preview:	RIFF.6..WAVEfmt ........"V.."V......data.6...6.3..xf...y.\|..E.y^BN/'.FqKE6......;dCrLa)..............................<.L....................2.............=bEk_}>.....H....r$..T@II_X.(;.%O.......=.......\|..^d....l5/6<C,.#........$.r.<.r...,.Cu....V..p...d.........U......;k^}p.n....P^f..N.=...V.<..:..........:...`........L...r..h...........B....J....`5.."..............T).9.$-A.;......)N0Z..K..t.............q.....V...-.m.n.r...G.".0\..[.S=.Pr U%..9.;.X^y`C6q...:.l.-uY........................................................g..e....................q>].(.yUG;.X*du^..;.SXH.....xyP...._E.'..............................................]..<)${...Sk............g.C.../HK#K..SvDD...b.......................................................................y....f.K.g.8..}...........osA..............................................................................5.JR.8kVx...'!.j..,.,....^...................................................e.....w.................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\p90_boltpull.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	8962
Entropy (8bit):	4.666740837624032
Encrypted:	false
SSDEEP:	192:UokEoSHVAylnlpHzhxgi9S4dNLI9G6CnKgH636easr1Y3GJmi:UoWkVjnlpHh9SU36A46eayQGJv
MD5:	3FC08660443E664B55B4B52C48D3671A
SHA1:	0F0EE81B8103EE2ECF89598CF88BC1E6474D2296
SHA-256:	FC6DAAC18A31D84EE275EEAEA7126C50B7644061677CADF9A06C6FB3584D9D3C
SHA-512:	0EB081E017244E15EACAEFD2A9A43A4377633E507E756722D53348F5318C659D0CE99474F660693E43B46BD7914C9D63F021A0517D957E995423C2718D877CC1
Malicious:	false
Preview:	RIFF."..WAVEfmt ........"V.."V......data."...........~..~.~..~...\|~...tt.x~.x..{.~.xp{x\|..\|....w..{\|}....{y\|x........\|ux~~z{......~\|{yy~.........\|{.\|..~~~.}....\|......~x{.......~}{\|\|z~.......\|~..~~......}}}\|\|\|......}...~..~\|~..\|~..~.....~~~}...........~....~~..~~.........~}....~.......~~..........}.~~~..............}}~..~........~\|............~\|~............~~.......~..~~.........~}~~~.~~...}~~~~.......}..\|..~.........~.......}..~..~......~.~}~.~~.....~}~~~}~....~.....{}..\|..}.\|~........~~\|}\|\|......~~~~.~...~~~......\|~.....\|\|\|..~......~...\|~.....~.}\|..~\|......~{y{....~\|\|~....~}\|w\|...x..x\|y......u\|\|.~..........yx{~~........\|..\|..}.......\|.wy.pr}..{....sd..j.x..p....xt{~bt.}lwp......Hd^l.u..\|htTWx]v.....n..{lKbBj.....\|jEgJ..i....zb`.t....shk`tw.d..w....V]eLo.......[n{w..p{ai.v....h\|jr.x.....x.tgedx......t.ztpl.....yysn.......\|..pY^WQ`\|\P.w...........~A......Zl.n_....kJoy_tf...m\|pbsy.u}...^^.A.....u..J..Uhpl..ss..n.}[[y.......XLSt..Y..Y..q...kLw..xV_.....fb...pi.][nmr..Wn..z..i.o`..t]....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\p90_clipin.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	9732
Entropy (8bit):	3.782093354034056
Encrypted:	false
SSDEEP:	192:miId+FO/nVNSUT4AjakDxqX6WZ4QfLywInRB:2/nVNrr2kDxq54QfLyPnb
MD5:	6B8ED9B58E315FB03DAE75FC0C656902
SHA1:	F2C7EFA213947607F5F7FC40A88881598385E556
SHA-256:	BA968428FDDD66FCA47FB47892C521F9C31AEBCA4271337274EE5EB423457E6D
SHA-512:	212CE2500629B685CE3A3AC01B6D80F741E7A11BF2B885FF2131217E95AE357A10B915C1F380E877332F7DBB98594AB385F35499C708BA02703088FD0ADD08F8
Malicious:	false
Preview:	RIFF.%..WAVEfmt ........"V.."V......data.%..................................................}\|...xqw..........zuv....\|w..fl~.x....~.yd..nk...wntyx..z~.wtvxriy.~rv...sx..s......do.p\q.t.....p..\o..\|rxzd...yt{..}..x{lx~...t......vv...n..\|\|\|zxy..wx...}}.\|....~.....xiz.\|....lg~.~p..xt..}lx..oo..~...q~..~}.}tz.yt...vx...}..x\|.~}...{~..t..y{...qy.\|r..}\|..}v}.........\|t\|..~.......vy...{..{vz..........}}}}.\|.}y....~......\|}..x\|..\|}..}}..\|}....~~~}}......~.~\|\|\|}.....~}\|}~}}.~...~~..~\|xx.....\|qv...v...uy.{t\|..\|o\|..zz.....xs..{\|..tp..~{..tpy.....wz..t~..{t..{~..}ow..}\|.~}..~t{..}y~}z~..{...}x\|~..}}....z\|..z}..\|...\|\|..{}...}..\|y\|.........\|\|...\|...}...\|\|..}.....\|\|...~~...~...}....~.......~~..~....~\|~.~}.......~~......~~..........~~.~~.....~~....}}..~}...}~....................~}}\|}............~\|}...ty..u...\|~{}}...tt..vuz{...tr....}xz...xw...~vx...xx...xxz\|...~\|...\|z.....}\|...z..~\|\|}~.....{}.}\|~....}\|..~~.......~\|}...~~~.......}}...}...~~...~.....~~..~~...}.......}}..~............~...~~.....~~..~...

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\p90_clipout.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	10396
Entropy (8bit):	3.1938523702055917
Encrypted:	false
SSDEEP:	96:r4KYRq7pDvgAWLTuKkPajsXlG9yZYiQ6idrAu7zAUOpImUT1kfm:rIeuA4TrklV+4YijiJAWktpImy
MD5:	1B11146869338A1DFC5566603BD3C4DF
SHA1:	5FE3BA149D3CA7236DDF8C62B5B1008EF0F8F5C3
SHA-256:	548B1762F7A0C79DA765B6AEF08E62AB1B66F9E0667FE15B96B688521E5C28C0
SHA-512:	D90E0CB7E6D71E22AA2FA681E4B947BDE4FEE43CDA9B659C768D4C77958F5E5F968EA542DFE43D2683E713614EA0A1D72C42B94FDA6332ECBE9A5641A04D0544
Malicious:	false
Preview:	RIFF.(..WAVEfmt ........"V.."V......data&(............................................................................................................................................................................................................................................................................................................................................................}.~}.....~.....\|~~...~......~\|z}.~.......~}}~.......}}}......~~~}~......}~.........~~........~~~}}......{{}\|}..........~\|yv}..zw\|..~}~...xsx{}......\|vxysy......z\|~~~....xou.}....zy\|\|~.\|....~.~uu}.....yqpq\|......ztsqy{....}\|\|ur......x..uy.....tx~wy......uw{tz......x{{w~........}\|}.....~..\|~.~....~..~..~....}~.~.......~}.........~\|}}}......}..\|~..~..}~.}{..~..~~..}......~...~.....~}............}..}...~..~...~..}...}..~...~..}.........~..~~..}..}......}...~..}......}.....~}..}......}...\|..}...~..}..~~..}..}~..~..}..~}..\|...}..}..~~..~..~...~..~..~...}..~...~..}.........~....................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\p90_cliprelease.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	8116
Entropy (8bit):	4.2305359443725346
Encrypted:	false
SSDEEP:	96:74CWjtLbsTYjnMNOsnUgbISB/pMIMK+wBkqAK/O7H8g4wNwUW10JMKi/m:7WxLJjhG9bISTf+wfAsOF4PUO0uKh
MD5:	C878D95AA0181943AADA724EC15036F4
SHA1:	73193057C5EC77FCA10B759CD68C74C0509637B2
SHA-256:	1BD6C91484D5E0FF265679610D2492A298390BF0F6A329120B5C04B8E45E5E80
SHA-512:	5B4618AEA71F2B93FD3211ECEE8865615E7E52C552E152B94E5E65CF83E49180275D4650A3665D00C8F2ECEFE5D2D4FDF75AE193B8785677486C65DBCA2FA8E6
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data>............\|\|kv.{b_t......xd{..rpt.xlw.......xgu..lao.......xnp{.zsqx~......yt~.yu...ni.....}\|{uv..zry...z{z}.....\|~...~\|\|...~}{\|.....}\|}}}...}\|\|\|{...........~~~~~\|\|\|..........~\|~......~~}.......~~.......}\|}.~~........\|.{z.....z.p~...`w..t.~.{f.....ri.ehlh....}^h{hau..bf..k.jct.h..jd.v..\|....p{.je......q....du...ph...nx...i{.{pu...x.xpzw.~\|......kbfq....z..~sp..ty.}pw...}~tv...{k..t\|.....zbt......r...tn\|....{x...pn..xu...}{\|~\|.....usz..~~..x~..~~.....\|y...{z~..~..\|...xz..\|..}{~x\|}\|.....~m..u\|.p~.}u....u.....\|pv}{u.i\c\ghq...d~a~...ff.u^z...u[{.zyppw...fx..i`t.c.......u..qd..kq.`o`...Y\|......dppu....t^n..hufp....ce..u...{]}.{._u..has.p..t...._..ed_\|.j...x`s....}...dt.qdp..yl..\|..{w...h...x..xx......thy..x.~mp}....yxu\|..w}..qp}....\|\|~vx\|.....{.~\|{}}\|w..xx...~.}ts...\|quz....ms......ok\|.wz......sjv}...\|kq......\|v...v\|ux..st\|....{{xx...\|z\|y....vy..y...~{x\|z\|...}z.}y..zy\|y...}y~zy....}}...xy~..\|\|....}...}\|z\|}~...\|z{~....xy\|\|~..zy}xz......x\|}\|z\|\|.....

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\pinpull.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	2809
Entropy (8bit):	3.869405546033145
Encrypted:	false
SSDEEP:	48:zmJ71o1wQC8+gqrM0oNMEZu4Q2whbjaEecAxFTS93bADfEL0NO:zmJq4tLdoSEZ1wVKW3bADHNO
MD5:	1EECEB7715B5484C31445EC1A8182EE3
SHA1:	2529F0EDCD2793A6BE3011C2FE08EAD938F04774
SHA-256:	39E4E79D8B52EF0EA1A3F04B81B944FCEAEBB0DE377DF41FAF4ECAC51B437FB5
SHA-512:	4FF59C3772AF3F76FD7F88935D7B0BB9C27D52D53549A4AE975AD3F72D6F235DA5AD8C016E37CAEF95BCD7D751A65CF1B8F51410FBB653EB21291445EE31685D
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......dataa..........................................................................................................................................................................~.....................................................................................................}.............~........}}.....~......................................~~............................\|.......~\|~......\|{....}z..~.~.....~x{....u.....}.............\|}....yx{...zuv....}.}r.\|}.....pn.....zpq.........\|~...~.........~.\|{..................................~......}~......~........~~~.........................~..........~.....................................................................................................................................}zw{......\|vz....~.\|w}.....zz................~.......\|{............~..............................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\xm1014-1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	21652
Entropy (8bit):	7.221311794825998
Encrypted:	false
SSDEEP:	384:1XlWqgUiE759vNwkosifVCUjRMoMFZcE+1gMQZde0FN8tF:1395V+vVCKiRZYOMQZdeAGP
MD5:	8D59336677ED3A9C884451CBD6D80F05
SHA1:	44FFC72148F6CA8057BF6C4BDAB73EB54FDA19C0
SHA-256:	7519FBF605BD3633DFBBE570A1B40EDC03AB867B180328C392D8D5C3D1801637
SHA-512:	A28C87A857B744164F126B50B4F7F45EDDA7E1251E8BC4718727BAF16C4456D04229E4FD8D738783243648F5D2548140129FF31B5A8F230E70895034DEA8CB8A
Malicious:	false
Preview:	RIFF.T..WAVEfmt ........"V.."V......datahT..tvpp~xpw..kjvl{i.tRkO.vSLA`l~........j./1SK1. ..<$........j(b.d..f- .c....zn..O..Q..}u........^..;...x...{T.`r}...;.....N..5..9.o......E.h..%?..E.....J+(E..o(......uk....6.uz..rL".......qq[.......W.reS.......ov..E7_....q`E2..w.YFm.....~H.P....]S.bE.........w........r.........B.....7>.\|.f.....1.P..{....>;v.}..\|.O..c.......,..Dx.Y./.c...<.5~\|wI....> ..'.:.e.......k...M\.....F.S.p.zP...W...E....._7...%..KB.....,.w}.i....l......Bj...............{..~.........m.......`........{....\|..........l..\|.......J..b..q^...Yy.1..).M..sJ..yP6..N98M..Ve.F.i...{@./.:.s-.y. .\.1...C. k....v.....G.E.2...G.S.....#.jVO...vi..D..$.......e..1j....<S..ng..N.........................................................................~7....b.....#-.e..ZF.L.%klIB....q]..CM.$dP%...k.._E.J_t`J..\|R.9.Q8.ZH....IR.\|..tDgF!fo..9Ra0.t#'M/?....\|>.O..'..h..h.h[..Vk..]Q..`...(..9Ascdo3+..6Tx.x.7p3(TQ2;w\|...~.G.8..,#.T.]..5m.0.sh...L..x...@..Y..p

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sound\weapons\zoom.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	8016
Entropy (8bit):	2.344548953167041
Encrypted:	false
SSDEEP:	96:8tHnFju8b38EA2gUFVfwvKa7PVFoZodGsAncwPr1plQOnLNO:0nhu8AXUFxwSYPXoZod7AcwPrdQig
MD5:	2D8DE5FF90A4FDFC607401BC5F288D69
SHA1:	BB75F2D3739C9089DED2CBD8CB30B9031D591253
SHA-256:	15BC0611F8E78FB5CFA360CF1B821973CF025EA2D32DB90171420804BE3FD9EF
SHA-512:	E41D6512CC77C0564B08B98A4E580DA9762CA785180DA2E289C1DFB02511F4F9AF0AEC40A6A4EFF1FDADAA185C1B06BD7CBD323B21B03E9BAA4A63F4B22DB31A
Malicious:	false
Preview:	RIFFH...WAVEfmt ........"V.."V......data............~..........~............~....~.....}........}~}{.......}z~~.\|....~.........}zz~....{{....}\|~x......}}\|.....{{}........\|}...v........}{~}{....~...{x......~.~{.\|~.~.{~......xv...}........~}..z\|...~..~.{..{....z........~..~.}~...{}...~~.}}.......~..z.~....u.....u....u....r..\|...n.........p..{......z}y.~..}.{..zs..r..o...q..........o.r....s......{.xw}......w.{.....}{.....xzz..z.....t....rt...ly.v....x.s.....ln....\|.}..xoz..w..}r....i........wx.yz.}u...}...{...p.....}}.{}z~.z{..}x...~~..zr..x......\|.}y}..}zx...{..\|v..}{{...~..}x..z..~z}.....~~...~.~...~}...}..~{.........}~~}\|........}}}~..........~~.............}}~.............}}........~}.~...........}~~............~...~.......~..~~~......}}~.}}.....~..~}}.....~....}}~..~}.~.....~.}~}..........}\|..~....}...~}.~.~..}...}...}}..~..~~......~...}}.....~..~~..~~..~..~}..........~~..~~................~.........~.....~....~.~......~..........~~....}........~...~.~...~............................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\spectatormenu.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1176
Entropy (8bit):	5.11199155297561
Encrypted:	false
SSDEEP:	24:o/vfPpNL/wqJMvS3DOhLzlyfrItuhR+HNIycMtae3U/ONrqv:QPpNLwqSIwUfrItuhR+tIycMu/Ocv
MD5:	12B2E18C30D3B182E02FB2E9707704DE
SHA1:	D06C295F663B94EB2FA752AFC264AC1310409F64
SHA-256:	DE094959DC03845D786FD195421DAD1D1734AA7C75DC409A50CDBB0E74183890
SHA-512:	1C0E45F975986272FE077A1823A585837DF98AA8780DDBB5D638E8498F57575CFB0B3FEF53017A0881B8303CAB1884ED9C6EB2E97AA8255238BAC94387984068
Malicious:	false
Preview:	// Command Menu definition..// ..// Basic Format:..//.."<Bound Key>" "<Button Text>" "<Command sent to server>"..//..// ..//..//..// Buttons can also open up submenus, as follows:..// {..// ."Some More Options",..//.{..//.......//.}..// }..//..//..// Buttons preceded with "CUSTOM" are handled in special ways. They can only be moved..// around or deleted...//..//..// Limitations:..//..Maximum of 50 menus...//..Maximum of 100 buttons per menu.....//--------------------------------------------------------..// Everything below here is editable...."6" "#Valve_Close" ."spec_menu 0"...."5" "#Valve_Help".."spec_help"...."4" "#Valve_Settings"..{....TOGGLE "true" "6" "#Valve_Chat_Messages"."hud_saytext".......TOGGLE "true" "5" "#Valve_Show_Status"."spec_drawstatus"......TOGGLE "true" "4" "#Valve_View_Cone"."spec_drawcone"......TOGGLE "true" "3" "#Valve_Player_Names"."spec_drawnames"..}....TOGGLE."false" "3" "#Valve_PIP" .."spec_mode -1 -1" ..TOGGLE."true" "2" "#Valve_Auto_Director"."spec_autodir

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\spectcammenu.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	755
Entropy (8bit):	4.948989434598849
Encrypted:	false
SSDEEP:	12:j9i/vVNZlRP+yPzMaRWvniJMfvS3nCAOm0RJzcj6yfrjpXAQhXclXszQ5XymYjjO:o/vfPpNL/wqJMvS3DOhLzlyfrNwUU8EL
MD5:	C437A07049DCD6DDFBBEF633C781F6D0
SHA1:	1D983A2093F65C5D1F3966A4D892A2A4E33A551E
SHA-256:	8F8995949E750C2E0A36EF314D3C82A1695C55293442E75254146B48EE11C223
SHA-512:	EFFE193533AE81AC9CDB3F3598A89C3A4FB429E6AD3F2D89B9C67B0F45DC790C15004B039EECDBA9F187DBEA6C79AE2F2EEA58CEFE97A4B10EAB860751E12A69
Malicious:	false
Preview:	// Command Menu definition..// ..// Basic Format:..//.."<Bound Key>" "<Button Text>" "<Command sent to server>"..//..// ..//..//..// Buttons can also open up submenus, as follows:..// {..// ."Some More Options",..//.{..//.......//.}..// }..//..//..// Buttons preceded with "CUSTOM" are handled in special ways. They can only be moved..// around or deleted...//..//..// Limitations:..//..Maximum of 50 menus...//..Maximum of 100 buttons per menu.....//--------------------------------------------------------..// Everything below here is editable...."6" "#Spec_Mode6"."spec_mode 6".."5" "#Spec_Mode5"."spec_mode 5".."4" "#Spec_Mode4"."spec_mode 4".."3" "#Spec_Mode3"."spec_mode 3".."2" "#Spec_Mode2"."spec_mode 2".."1" "#Spec_Mode1"."spec_mode 1"..........

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\hud.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7218
Entropy (8bit):	4.458948866065345
Encrypted:	false
SSDEEP:	48:Hc7gA7CYSgTT3d107BK4V+zkSYs6Sgn7ty8/CgU4TA7uNtXKyc5jD34rMDLM86cT:8718pJBsnB8/JNtaVdrsgL/VGDe43EFV
MD5:	950F3CD6EDC4E144FDD65442D789A5D1
SHA1:	1C86D70EE5A1E3F4AFFA3A5498B2E70542B564FA
SHA-256:	0C85C594323D9A19CBB53907FE0A6F6AAB3070583DC9E99CD64AE343A095141E
SHA-512:	BA23856B0DBFDA4EBFE731D709954834336FA294BD528F528321841EF9B00F9CA349E6409B08323BC7F24FBCB0625C1CF3DE48A25EA6065310C8DEE789DF2368
Malicious:	false
Preview:	215..selection...320 320hud1.160.220.80.20..bucket1....320 320hud2.108.16.12.12..bucket2....320 320hud2.108.28.12.12..bucket3....320 320hud2.108.40.12.12..bucket4....320 320hud2.108.52.12.12..bucket5....320 320hud2.108.64.12.12..bucket0....320 320hud2.108.76.12.12..dmg_bio....320 320hud4.0.0.32.32..dmg_poison...320 320hud4.0.0.32.32..dmg_chem...320 320hud4.32.0.32.32..dmg_cold...320 320hud4.64.0.32.32..dmg_drown...320 320hud4.96.0.32.32..dmg_heat...320 320hud4.128.0.32.32..dmg_gas....320 320hud4.160.0.32.32..dmg_rad....320 320hud4.192.0.32.32..dmg_shock...320 320hud4.224.0.32.32..number_0...320 320hud2.0.0.12.16..number_1...320 320hud2.12.0.12.16..number_2...320 320hud2.24.0.12.16..number_3...320 320hud2.36.0.12.16..number_4...320 320hud2.48.0.12.16..number_5...320 320hud2.60.0.12.16..number_6...320 320hud2.72.0.12.16..number_7...320 320hud2.84.0.12.16..number_8...320 320hud2.96.0.12.16..number_9...320 320hud2.108.0.12.16..divider....320 320hud2.120.0.1.20..cross....320 320hud2.0.72.16

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\observer.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	79
Entropy (8bit):	3.729096059363715
Encrypted:	false
SSDEEP:	3:iANk9WFdRLaXRVO9TwWLaXRy:i3WFdAXRskPXRy
MD5:	65DE9EED3E9C5C6396EE6509F36AD902
SHA1:	6AAA3C39E7D801C91148712C6D4FB17B1E92ED15
SHA-256:	FCD19FEAFFEEEEE4CBA69D31BB290F8D17792014181B8AAFAC7C0AB7FFCD4EFB
SHA-512:	6B893BD03B508B9B4324286920A332A4AFDF9DFF1F90365BDF1B8D1FBAC2F1B5850F4940F2154399405055BA856BCE52710DE1CC0BCF05C6FF7FBB5EB29B7445
Malicious:	false
Preview:	2..crosshair..320 crosshairs.24.0.24.24..crosshair..640 crosshairs.24.0.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\scope_arc.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 256 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	262188
Entropy (8bit):	0.333393577654139
Encrypted:	false
SSDEEP:	48:AqhoZY6F0HX/tnSkybcuY3KtOgd7MWZ0SZfOQ3gVX:Ajm6+vAkybPY3KYgd40uVX
MD5:	04D2735D422B3EF46BDCD1523B6483B3
SHA1:	34655854C2A99C816E5A6F2D64DA994EF149F496
SHA-256:	2A35485FC918C1578471BCCE31ECF68DF1304F22B84CB8881F55132C0C1F4C4F
SHA-512:	6BCC53319D7C84D00BDE684B66A3088BB55D7D5B9029387EC8F5A7DE12BF3E288D556225F1F00909CACBBD544A62A11FAFE5C99223054F4E8495F9F6E41C96CF
Malicious:	false
Preview:	................ ....................................'...0...9...D...P...\...j...x......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\scope_arc_ne.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 256 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	262188
Entropy (8bit):	0.333393577654139
Encrypted:	false
SSDEEP:	48:NtQ/V4LNzemZuj5BItqIxgMl0mZptA8s0SLZeqqf:NiO495BI4Ixzl0m3jcLgqm
MD5:	C7143C95A25E8D6FA24C5C8078C210A1
SHA1:	AEF1B82E8F9660F2E35635981D162A7910F98ADA
SHA-256:	B128FE00DBDC3D859B87FF40E9EE7DDDE8173E5B61470EECF1936385DA0694BE
SHA-512:	986004B1348B3AEC56A7A9D30B788174883C72158A2F7B74873D0577E94711ECF09259345AD665606400F2BFFBBE527FC83D0453A1B32E810BE97D10395426FF
Malicious:	false
Preview:	................ .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\scope_arc_nw.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 256 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	262188
Entropy (8bit):	0.333393577654139
Encrypted:	false
SSDEEP:	48:rN9jKf/M+AQhZ8Gek2U5mC0d2RmhuKdadRNeeu/:rXjSPhB55xg
MD5:	832928395F8D1E132ADF75C2D4602809
SHA1:	B17CA46B76104F265FEE59D5C617FF3C666A6F97
SHA-256:	1B7458B0909C205E4ED5F749F9755B8CFEE8E5EA1A1777259319141C0B2495C7
SHA-512:	71533335C74B1D5459A6BD61CC0DAE20B6F1B623900C7D3EA747F5B570276F37D4DC0549E697E788B80B2EC9894DC4B5B3ADCB756A76E82144B90474DA4F4BFD
Malicious:	false
Preview:	................ .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\scope_arc_sw.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 256 x 256 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	262188
Entropy (8bit):	0.333393577654139
Encrypted:	false
SSDEEP:	48:BhcwCOaGFpsIuhDMjh8Rg0oxVhTc9aUHFBPs5/:zFVki7mTPW/
MD5:	D7F7CA7DDA6CA582BB5CA096174AAF0B
SHA1:	F7DFD727C14426C95E47F55B2E07D8ECBF74FE42
SHA-256:	E348A80E75531E2B13606DBD259BF73891CA06BE655EE639707B2DFB28B0FD9D
SHA-512:	8D4CA29C3002621CE7EAE52C163BDD9E2BFDB039B491350280C34636E553E8091610B59045E9DC967BAEBD5AFABA552A60BB9D3A3746C29CA61740AE42012B80
Malicious:	false
Preview:	................ ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................x...j...\...P...D..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_ak47.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	359
Entropy (8bit):	4.302192097755061
Encrypted:	false
SSDEEP:	6:MoKnN41gN4UtDt1BsBsWFdAXRAh8BsB5RaLG6Dhf30nVII3a1BsBskPXRABpBsBy:MoKnNOgNBCs+Cg8gWZDhIiI3skJqpgy
MD5:	34FC342BEDF84102247CC1AE1AEC10DA
SHA1:	387184796F316ACB1DD2CB9CA88AD09E54F2D300
SHA-256:	D861847F1580BA0CD80F5E78F0BAB26AFCC76EEF14C77D00DB9153A383882059
SHA-512:	9DBBF8386856D86DD1123601B017F6150351F2948ADF5F8B5D11D584A162CBB6F2346ECCC233D328D67E984994E62A92BEC9393984E02CD8AE77D7CAFD878C81
Malicious:	false
Preview:	10..weapon...320 320hud1.160.80.80.20..weapon_s..320 320hud1.160.100.80.20..ammo...320 640hud7.72.72.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..weapon...640 640hud10.0.0.170.45..weapon_s..640 640hud11.0.0.170.45..ammo...640 640hud7.72.72.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_aug.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	207
Entropy (8bit):	4.225767888436434
Encrypted:	false
SSDEEP:	3:lhDssWoNUXE1KGVBh9sQYNUXE10wX13N+QpLX3tssTRVoysVl1myKh9sXozsGKmt:lnjRVFgjp5tRXvRa/Vlghfz7BII3aRXA
MD5:	3F6CFE78AF949C5AE789F05AFB306E48
SHA1:	BB4594B12CD9E93D9105A23558922A1B695F4C8E
SHA-256:	96804EE7A0DFA5A2D250246DB509DB4D59907CD2FC73C1CAC67E9CA2E14472BF
SHA-512:	3DAF0960C528FDEE2C680AA47893CCF0FCDEB344A96B8D6DA1E14B239FC95B15A95E3C24E2B63D15B88EE80354763FCE19277FB31CB2367055DC5E1CE57A2AC9
Malicious:	false
Preview:	6..weapon...320 320hud2.80.168.80.20..weapon_s..320 320hud2.80.188.80.20..ammo...320 640hud7.0.96.24.24..weapon...640 640hud14.0.45.170.45..weapon_s..640 640hud15.0.45.170.45..ammo...640 640hud7.0.96.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_awp.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	516
Entropy (8bit):	4.445836051234714
Encrypted:	false
SSDEEP:	12:IoeNhUgNcXO+Cg8gpR1QRjhS2I8XOkJqpgZiAlVSiAb:VeNmgNf9eowcJqpuVO
MD5:	9B6DAE448F4FB669165568CAB68A5730
SHA1:	873BF45BF5D5D06CA33DF93F09BAC51245BB5894
SHA-256:	295B4F91F830175D925782A1F4B3B0EF3BE1A2DA89D95A4C5518B1BFE1DA6DB8
SHA-512:	321E5B18524082B6684880FBAA42E99F351338C3CE28E771F925D8B3C29CC1BDA686076B713886DA98A1BBADA8FA88BC4DA27F64A96502D0D66099440481EC9F
Malicious:	false
Preview:	14..weapon...320 320hud1.80.120.80.20..weapon_s..320 320hud1.80.140.80.20..ammo...320 640hud7.24.96.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..zoom...320 ch_sniper.0.0.256.256..zoom_autoaim..320 ch_sniper.0.0.256.256..weapon...640 640hud2.0.135.170.45..weapon_s..640 640hud5.0.135.170.45..ammo...640 640hud7.24.96.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..zoom...640 sniper_scope.0.0.256.256..zoom_autoaim..640 sniper_scope.0.0.256.256..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_c4.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	203
Entropy (8bit):	4.165505995688544
Encrypted:	false
SSDEEP:	3:lhDssWoNUU2dAzh9sQYNUUssXl13N+QkLX3tssTRVoxsPKh9sXodmsPcII3NdVor:lnN2GjgNFDtwXvRaxDhfAVII3awXA
MD5:	C6F27268B4789B06E6317655BDA570B9
SHA1:	30313C2C508EA6B27F1244588D0FFC072B446F2B
SHA-256:	032B5E49F72492087DE38E2E26404E9A646406D17AE71AB5A3CBF6362BB41946
SHA-512:	24904B8C2ADFAA26DF457A96ABDDA98F1646D53291D5F7D594C3ED5C041F789FD28EA3362E5163DD54BE66DC6060AC11F2B7F433D53A189500E64D35FB8A5E93
Malicious:	false
Preview:	6..weapon...320 320hud1.0.200.80.20..weapon_s..320 320hud1.0.220.80.20..ammo...320 640hud7.96.96.24.24..weapon...640 640hud1.0.0.170.45..weapon_s..640 640hud4.0.0.170.45..ammo...640 640hud7.96.96.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_deagle.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	359
Entropy (8bit):	4.322738414552608
Encrypted:	false
SSDEEP:	6:MoKn5Fgg2V5t7BsWFdAXRAh8BsB5RaLGk/9hf30crII3a7BskPXRABpBsBy:MoKn5Fggy9s+Cg8gWh/9hMIUskJqpgy
MD5:	332E80E5CDFC32D780152CC04F502336
SHA1:	666E0795C690A470C97CEF87A6FC886924B62D71
SHA-256:	24BA48E4BCA8A5951A1F3E72495B0F90219EE2C533EBD0A9845B8D60CA74F36F
SHA-512:	A458CF10A3222457FC95A28415988E7A014C2D8A74FB28C1C7CB332F2D9942C70B3D9265522BDCCFB024FEE00F5FEAEDF46BAEE6808C1B1AF4FD77494A1C1494
Malicious:	false
Preview:	10..weapon...320 320hud2.0.128.80.20..weapon_s..320 320hud2.0.148.80.20..ammo...320 640hud7.24.72.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..weapon...640 640hud10.0.90 170.45..weapon_s..640 640hud11.0.90.170.45..ammo...640 640hud7.24.72.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_elite.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	360
Entropy (8bit):	4.327097973369347
Encrypted:	false
SSDEEP:	6:MoKnj23Fgj2p5tZBsWFdAXRAh8BsB5Ra/VwhfzjII3aZBskPXRABpBsBy:MoKnj23Fgj2pfs+Cg8gaVwhQImskJqpd
MD5:	330DA8325A5D7A027619D7B279BDEAB4
SHA1:	E3FB9D736E1EF13944D43FAB671F0151EFB365CE
SHA-256:	80FC6FB6376369B95F7CEE79319860EF186F67BA4E5E015A81114B8189B098E4
SHA-512:	0B06B2C11A84F7631D8B6B26B9F14FC7C95832020A6FC7D0EFE28521C36F79432E978A9C293E1DC7EAD60F199AF3AF77D42AFBF62B5286A689A9AC7D8E973C55
Malicious:	false
Preview:	10..weapon...320 320hud2.80.208.80.20..weapon_s..320 320hud2.80.228.80.20..ammo...320 640hud7.48.72.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..weapon...640 640hud14.0.90.170.45..weapon_s..640 640hud15.0.90.170.45..ammo...640 640hud7.48.72.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_famas.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	491
Entropy (8bit):	4.653262064139143
Encrypted:	false
SSDEEP:	12:MoBfeMRVVhR1hJ2dI3XO+Cg8gK4MRVVhg1hLdImXOkJqpg+:MNuV/1f259D4uVK1tNJqpp
MD5:	1F29FD25A61AFF542288BDA74AC876A1
SHA1:	719B03598731E4F4B33D66CA3659B234CD592563
SHA-256:	62FB53A53B9BDBB97672DB340279D140795F81F46CC660FBA83B5A9050BE6DB6
SHA-512:	4D85F5CCB17AE45BEC5B5D35D76E32DC88673CBCB5ABF3CB392E629998254231D005D7A4D6B8188D4CDBDB5C0D7343A444B4B5ECAA00CE1ED9349163E42998E4
Malicious:	false
Preview:	10....// 320x240..res filename x-pos y-pos x-size y-size....weapon...320 640hud17.0.90.170.45..weapon_s..320 640hud18.0.90.170.45..ammo...320 640hud7.0.96.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24....// 640x480+..res filename x-pos y-pos x-size y-size....weapon...640 640hud17.0.90.170.45..weapon_s..640 640hud18.0.90.170.45..ammo...640 640hud7.0.96.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24......

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_fiveseven.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	366
Entropy (8bit):	4.359687018801748
Encrypted:	false
SSDEEP:	6:MoKnynFggE2V5tqPXOWFdAXRAh8BsB5Ra/VzChfzuUII3aqPXOkPXRABpBsBy:MoKnKFggEyKPXO+Cg8gaVGhsI7PXOkJg
MD5:	8EE88B8F7A0767DDDC774E74FB257154
SHA1:	8879FFBB931AD3C3E178F76AC348E95FD293B4C0
SHA-256:	7924E27911632C71AC3A752E3D80A17A3B5643FC48680DE739A2229A22B2D1F1
SHA-512:	39592F9C54FAB795CC2159435D3DDDC63C50D8571FEC2E9FEA39DC9CB03B7380146F666600D3E4D1AB42B64D7D705E12B9D92ABE28A3B7C759C7DF6FBE450BB5
Malicious:	false
Preview:	10..weapon...320 320hud2.160.128.80.20..weapon_s..320 320hud2.160.148.80.20..ammo...320 640hud7.120.96.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..weapon...640 640hud14.0.135.170.45..weapon_s..640 640hud15.0.135.170.45..ammo...640 640hud7.120.96.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_flashbang.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	360
Entropy (8bit):	4.351328012147246
Encrypted:	false
SSDEEP:	6:MoKnN4YUgN4uEtKsXOWFdAXRAh8BsB5Ra79G9hfyHrII3aKsXOkPXRABpBsBy:MoKnNygNuXO+Cg8gEih6HcIOXOkJqpgy
MD5:	D436EB47C1864BF167D6F3F8A461D7D7
SHA1:	5DC20ACD0ACBFFF1E984F1714C31C981CAAE8E00
SHA-256:	A7BE8C590FC5CA2A0F84E51C85B1FCEC39ED8B079583929BBC2109C198291DAF
SHA-512:	C4A554C9E9DE6EFEB958F6753EEF68D90CD89051CEBB3E19367B040EEF076BE9236207428A91B4FC513DFF228646E27AD55837C11FA27ED949ECBDCB98645CBA
Malicious:	false
Preview:	10..weapon...320 320hud1.160.40.80.20..weapon_s..320 320hud1.160.60.80.20..ammo...320 640hud7.48.96.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..weapon...640 640hud3.0.90.170.45..weapon_s..640 640hud6.0 90.170.45..ammo...640 640hud7.48.96.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_g3sg1.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	518
Entropy (8bit):	4.435789537431615
Encrypted:	false
SSDEEP:	12:IoeNygNLXs+Cg8gpVQHhSKI3skJqpgZiAlVSiAb:VeNygN292QwPJqpuVO
MD5:	4A901A7B2F9E4668585FABDC06EB003B
SHA1:	D3C5C9487929DF92DE18048E6E698403C4D4BC46
SHA-256:	5EC627FB897522251F44BC4F4E1C6928B3106F6A6566EA88CFCF8340E46850E5
SHA-512:	DEEE837BB991832BD232411C596711AD78EECE8696D8BECAE4FEEC47593DDD84CA02F74A92A43D872AACDDE72E9628731F121E746BE563E4E02950718E82DC00
Malicious:	false
Preview:	14..weapon...320 320hud1.80.160.80.20..weapon_s..320 320hud1.80.180.80.20..ammo...320 640hud7.72.72.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..zoom...320 ch_sniper2.0.0.256.256..zoom_autoaim..320 ch_sniper2.0.0.256.256..weapon...640 640hud2.0.180.170.45..weapon_s..640 640hud5.0.180.170.45..ammo...640 640hud7.72.72.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..zoom...640 sniper_scope.0.0.256.256..zoom_autoaim..640 sniper_scope.0.0.256.256..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_galil.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	357
Entropy (8bit):	4.342592040360769
Encrypted:	false
SSDEEP:	6:MoKnNdgN9DtRXOWFdAXRAh8BsB5Rax0ubEfTGBII3aRXOkPXRABpBsBy:MoKnNdgNBXO+Cg8gCxELG+ImXOkJqpgy
MD5:	629D4DD3381C566E84AB32FE5C3746BA
SHA1:	116DB2D7DDD99E14EA0544DFC7991288529CB550
SHA-256:	464844E2F38C35CD12B2CBFBF247DBC19DCF64D89FA6D6B73B07DBD334A29CF8
SHA-512:	52903242AD0C9B7EECC1EDBE6F497519467854D6D14DA5C6AFCB1BF171EDA17ADFF97DD5EB40B03CA98E19F400FFA16D62067CC7DBB0DEB952ED7D49EE704CE4
Malicious:	false
Preview:	10..weapon...320 320hud1.0.0.80.20..weapon_s..320 320hud1.0.20.80.20..ammo...320 640hud7.0.96.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..weapon...640 640hud17.0.45.170 45..weapon_s..640 640hud18.0.45.170.45..ammo...640 640hud7.0.96.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_glock18.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	356
Entropy (8bit):	4.321556156773802
Encrypted:	false
SSDEEP:	6:MoKnfVFg/5tZBsWFdAXRAh8BsB5RaYhf1II3aZBskPXRABpBsBy:MoKn9Fg/fs+Cg8gThqImskJqpgy
MD5:	EAFF292222F399D918E7D0A4AA46A325
SHA1:	19F6A5D4A016F6DBF7BCB6877704AC40E0F2F5C0
SHA-256:	8B1569AA74A7152652B5D8E922AC912EDAB4B665625B7D412D5CFF50542931BA
SHA-512:	2874CFEB99CAB4201BD6303B8B425D8EB0D983377BF06A44A1A34AEE72945C982E51581B73D6C25BBC99C26AC75AF8879DEFB45B75C497452D1FA1C79CA2F8B9
Malicious:	false
Preview:	10..weapon...320 320hud2.0.168.80.20..weapon_s..320 320hud2.0.188.80.20..ammo...320 640hud7.48.72.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..weapon...640 640hud1.0.45.170.45..weapon_s..640 640hud4.0.45.170.45..ammo...640 640hud7.48.72.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_hegrenade.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	358
Entropy (8bit):	4.33192069370593
Encrypted:	false
SSDEEP:	6:MoKnNLjgN1DtSXOWFdAXRAh8BsB5Ra7yhfykII3aSXOkPXRABpBsBy:MoKnN/gNKXO+Cg8gZh6BIfXOkJqpgy
MD5:	9FAB711BE8D136F122B0FD1441CBC492
SHA1:	0A3125A0846CA5F0667E856BA1F4234602CC09EF
SHA-256:	9DC2F98FCE04BEED15AFEEA36B4FCA2BEB0FED7B1C1ACF0576F8EED4F5DA8297
SHA-512:	FFC9DF0A9DE839FF6C0E3021426078C6B40AA168E3506B21F9F945CE706E5DA672C3082008B18116BD740AC63BE1C228078EAE0760AC495811DBB0C3C8CDE646
Malicious:	false
Preview:	10..weapon...320 320hud1.80.200.80.20..weapon_s..320 320hud1.80.220.80.20..ammo...320 640hud7.72.96.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..weapon...640 640hud3.0.45.170.45..weapon_s..640 640hud6.0.45.170.45..ammo...640 640hud7.72.96.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_knife.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	355
Entropy (8bit):	4.3275690512258995
Encrypted:	false
SSDEEP:	6:MoKnNdgN9D5B2IKWFdAXRAh8BsB5RaLGwChf30zUII3aQBsBskPXRABpBsBy:MoKnNdgNjB2+Cg8gWchII5gskJqpgy
MD5:	C768A0A989F89283DB99BEF969B56F54
SHA1:	8D38A9930ECE3883DF784903C163ACBF814FC392
SHA-256:	8C0F3CB213B1FA1C9C0CA451D82CAB749C743E54CA8563E82DBC08BF3A091809
SHA-512:	F3688D958D5E527C0AC718AE9BE2158FF7129CE2D2313395797694BAF99CB6534FA6250AE987A79BE15008856A0D88FC61B4DE9BC4B24E0E894F5E8A7143D634
Malicious:	false
Preview:	10..weapon...320 320hud1.0.0.80.20..weapon_s..320 320hud1.0.20.80.20..ammo...320 320hud2.0.16.18.18..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..weapon...640 640hud10.0.135.170.45..weapon_s..640 640hud11.0.135.170.45..ammo...640 640hud7.0.72.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_m249.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.308542297595677
Encrypted:	false
SSDEEP:	6:MoKnN4/gN47DtRXOWFdAXRAh8BsB5Ra7nDhfynVII3aRXOkPXRABpBsBy:MoKnNGgN6XO+Cg8gCDh6niImXOkJqpgy
MD5:	357DF48D8472C99D73C35A5282E37B59
SHA1:	101E72F2C9CC6675FBAC5276BCED46588B9B4028
SHA-256:	D474D30525B6FE8D75A1FB511B491CC7212731CA8A768FF143C40C2E0A769900
SHA-512:	5A146267FF94C51EBF8B21FD0E8BA7DF77CCF75C51AF1ECAE1322FA7D672A9FA996E5089502AF410BBB83E6A208E2AA8F271E50A934FEF299E2F76C53045CC9E
Malicious:	false
Preview:	10..weapon...320 320hud1.160.0.80.20..weapon_s..320 320hud1.160.20.80.20..ammo...320 640hud7.0.96.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..weapon...640 640hud3.0.0.170.45..weapon_s..640 640hud6.0.0.170.45..ammo...640 640hud7.0.96.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_m3.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	356
Entropy (8bit):	4.307257112580038
Encrypted:	false
SSDEEP:	6:MoKnNR2jgN6tQBsBsWFdAXRAh8BsB5RaiIChfuUII3aQBsBskPXRABpBsBy:MoKnNRUgNJgs+Cg8gZXhII5gskJqpgy
MD5:	BBBE36628108BF4A9140EE44B1E26050
SHA1:	2917D74AD511C134818C821EE6C72B8DF12E5990
SHA-256:	313089EFD90EBC4199E54A429C07D36897A04AE5BA01F2FB5DE01DB78D809FE6
SHA-512:	1D87FFA1128DA6D3694CDB05328420D0B89E776D4E71C13633EBA4AD965E4F233D41932F17ED9385A3789FA69C6E958183BF85330A45EC698C81314F4427F618
Malicious:	false
Preview:	10..weapon...320 320hud1.0.120.80.20..weapon_s..320 320hud1.0.140.80.20..ammo...320 640hud7.0.72.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..weapon...640 640hud1.0.135.170.45..weapon_s..640 640hud4.0.135.170.45..ammo...640 640hud7.0.72.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\sprites\weapon_m4a1.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	354
Entropy (8bit):	4.329387474093671
Encrypted:	false
SSDEEP:	6:MoKnNWVUgN1tRXOWFdAXRAh8BsB5RaSghfqnII3aRXOkPXRABpBsBy:MoKnNWSgNlXO+Cg8gKhSIImXOkJqpgy
MD5:	B8723B85FD2D08A75132647BC22FFD2A
SHA1:	882A86A3AD7E685201479C2B1607CF3E5579C35E
SHA-256:	D641E9B7C2D05E73058153B79E58B0F1620A942E611349D28A59E57EEE035AC4
SHA-512:	DF0F275B9235E352107D833224BCC7E50EB213D60DEC4C266D6B53CE0711562591ACA4AF7CA9E6E76F8CD4CE2B2DB23BBF5199A30E56BC7C6B1F4296C1355E57
Malicious:	false
Preview:	10..weapon...320 320hud1.80.40.80.20..weapon_s..320 320hud1.80.60.80.20..ammo...320 640hud7.0.96.24.24..crosshair..320 crosshairs.24.0.24.24..autoaim...320 crosshairs.0.72.24.24..weapon...640 640hud2.0.45.170.45..weapon_s..640 640hud5.0.45.170.45..ammo...640 640hud7.0.96.24.24..crosshair..640 crosshairs.24.0.24.24..autoaim...640 crosshairs.0.72.24.24..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\steam.inf

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	43
Entropy (8bit):	4.454766207938904
Encrypted:	false
SSDEEP:	3:uUg3nL8WCxMvy:M3LjFvy
MD5:	7B96C38BBA7A5F2084DF6096EF1D381C
SHA1:	F3CA9EFC873D5C02C328AC632CB617738680AEE9
SHA-256:	0CB4299A57CBF77F55780A5DC4F29F646582947B07FD9590FAB18C079C492039
SHA-512:	A81D5F961D40F424E5B22537A0174706FB3F25A659E8BA39160AEE71DF6BEA274C4E962A14F1068B564556B6AAA564DA8378DE04E28986C659E6308A07F92CE7
Malicious:	false
Preview:	PatchVersion=1.1.2.5..ProductName=cstrike..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\titles.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	25390
Entropy (8bit):	5.241277097839672
Encrypted:	false
SSDEEP:	192:QUZZFZaZM353NPzPJhzAqJ8KqLHUPgRVql8DP634JwKzofSlP9ngAUp2b/BeKpxt:nt7A+a63mlP9yYcTen42xnYAp
MD5:	51F44818BDC59A6D5D565E30B68C266D
SHA1:	2B3AB8119A196D68370BBB718B4B7F126F3F6A7C
SHA-256:	49564357E0AB9BD1AD1D3D09D61ADC1CB781BB1F639155C1F38FB9B3695E2A4C
SHA-512:	8998838C09E73A8C716A67D9572FD2891E05D36723CE898178FFA7356560E4F7F9F135FFCD1A9ADE5233B22166F20FCC258ECD5F48B403AF270D073B7D6CBB13
Malicious:	false
Preview:	Team_Select..{..\ySelect a team\w....1. Terrorist Force..2. Counter-Terrorist Force....5. Auto-select..}....Team_Select_Spect..{..\ySelect a team\w....1. Terrorist Force..2. Counter-Terrorist Force....5. Auto-select..6. Spectator..}....IG_Team_Select..{..\ySelect a team\w....1. Terrorist Force..2. Counter-Terrorist Force....5. Auto-select....0. Exit..}....IG_Team_Select_Spect..{..\ySelect a team\w....1. Terrorist Force..2. Counter-Terrorist Force....5. Auto-select..6. Spectator....0. Exit..}....IG_VIP_Team_Select..{..\ySelect a team\w....1. Terrorist Force..2. Counter-Terrorist Force..3. VIP....5. Auto-select....0. Exit..}....IG_VIP_Team_Select_Spect..{..\ySelect a team\w....1. Terrorist Force..2. Counter-Terrorist Force..3. VIP....5. Auto-select..6. Spectator....0. Exit..}....Terrorist_Select..{..\ySelect your appearance\w....1. Phoenix Connexion..2. Elite Crew..3. Arctic Avengers..4. Guerilla Warfare....5. Auto-select..}....CT_Select..{..\ySelect your appearance\w....1. Seal Team 6..

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\user.scr

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2416
Entropy (8bit):	5.206583868218716
Encrypted:	false
SSDEEP:	48:laa06BXeuxzHlTgH0bieSiQQpbSkoLStzDmo5jGgD:Ma0mlxzH20bizmm2tGKj5D
MD5:	22D2F8E9EEB05A0FA9DDDF09CADD7F9C
SHA1:	11D2CD8F5FE998740D2F86C95D78A8DB8488506F
SHA-256:	A0738EBE43A651E5DE1F231F9765B4E486FD6DCB39F09C42429FEA38AEA4C887
SHA-512:	FB44C62184E866C5634308127E6EF910E25217896A3144403D77982AB58A84D832FCE36AB6403C658AD3028AEE79A60AA21064118ABEF6963FBD21DEDE7D68AE
Malicious:	false
Preview:	// NOTE: THIS FILE IS AUTOMATICALLY REGENERATED, ..//DO NOT EDIT THIS HEADER, YOUR COMMENTS WILL BE LOST IF YOU DO..// User options script..//..// Format:..// Version [float]..// Options description followed by ..// Options defaults..//..// Option description syntax:..//..// "cvar" { "Prompt" { type [ type info ] } { default } }..//..// type = ..// BOOL (a yes/no toggle)..// STRING..// NUMBER..// LIST..//..// type info:..// BOOL no type info..// NUMBER min max range, use -1 -1 for no limits..// STRING no type info..// LIST delimited list of options value pairs..//..//..// default depends on type..// BOOL is "0" or "1"..// NUMBER is "value"..// STRING is "value"..// LIST is "index", where index "0" is the first element of the list......// Half-Life User Info Configuration Layout Script (stores last settings chosen, too)..// File generated: Tue Feb 26 06:28:06 PM..//..//..// Cvar.-.Setting....VERSION 1.0....DESCRIPTION INFO_OPTIONS..{

C:\Users\user\AppData\Local\Temp\RarSFX0\dbg.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.1634937399954595
Encrypted:	false
SSDEEP:	768:sk36zZodZ3O7j8JV3T86/uVRauxWt8Scs8Og95plDJw+iB93pwhBxvXdmIoZ45:J6zZm3J9T8DMuxWtwN5+SVoZK
MD5:	99B5E21DFA5E26E9E1EBBBD7A44A6A66
SHA1:	87812A6F2AEAFEAC828BED5CB05B1A842C48803A
SHA-256:	8564B2F4C76AAC5EB645514BD8FB82A1F57009557C506C0FCEF3CE5B2EE078CF
SHA-512:	3B8BFBAC7CF32778E146CB51F9D215FA02F21E848C0669A9ABE181A4383E10D6C85E5B73D86791AC8736A0D246DFB2F79F9C04E2A0A1EABA029D34F0CA75B9B6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...y...y...y...y...y}..y..y...y...y...y...y...y...y...y...y...y...yRich...y................PE..L....n.@...........!.........................................................`.................................................(............................P.......................................................................................text.............................. ..`.rdata..............................@..@.data...........@..................@....reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\gldrv\3dfxgl.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	137728
Entropy (8bit):	6.057459619767088
Encrypted:	false
SSDEEP:	3072:8ryC3K77HiDKKKwKKKDq+KKK6juKKKLXLL7///7z3L/LeWvPgayTQMG8g2Trq6at:BX49q232YsOJAGVAp
MD5:	D3D7C67F2004431488D03B801804C601
SHA1:	744218780466B086A1BF2B6A415224E931FFA437
SHA-256:	2A007EDAD186399DD81CED73EEAAE75130E61CFD2A946FEA6AEDAF5136DC2411
SHA-512:	F66E7DF9CCE26BA6DBA5AC85DD878DCA546ACAF7FE3AF293CF2E6BACB73EC7736F845DE58973A705EE230FA113CD8EB0D31DB3AF1D61DCECE2246872435C2128
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....86...........!.....x.......................................................................................... ....!...p..P.......$............................................................................r...............................text...\|v.......x.................. ..`.rdata...(.......*...\|..............@..@.data...d........B..................@....idata.......p......................@....rsrc...$...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\gldrv\drvmap.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	52
Entropy (8bit):	4.2287219294299225
Encrypted:	false
SSDEEP:	3:qdzQKcGWBwLBHshBQF4yovn:qdzQt+HshBjvn
MD5:	CAF09FC53B15B1618267111A3001A47B
SHA1:	65BC05753E5767091F290AAAA06E625C718C6CFB
SHA-256:	2CC380314B295780AB9D70730C31EB867A688D5AAD253AF35702DEDB46F83909
SHA-512:	513EE54A947A0A00B9C18D7F0379CA4820811EC5AE7E792C8CFE8A674D97B348689BF5DD7CFC28F51A36EE31AD147E803CA011CDBADC8E6FA5DAEC3CFB48D2B0
Malicious:	false
Preview:	Default Default..gldrv/3dfxgl.dll 3Dfx Mini Driver..

C:\Users\user\AppData\Local\Temp\RarSFX0\language.inf

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	63
Entropy (8bit):	4.584444908232384
Encrypted:	false
SSDEEP:	3:Ne7c92aSCKskocokrFgjCcn:Ne7cHnzcoi2jCcn
MD5:	C754DC22669532620B48B3FE9D299D7C
SHA1:	30BA7E97152C8B271B592819ED427F892347E6CF
SHA-256:	C537B5AEAA536E0E71F9B1EE9B70300883D81E4B874DD36196581581B9E11207
SHA-512:	DE34BA5F60D0D5DF9D069461F5C201AB13273DACBB86141DB3EDDE934481998EA5FEB7E49C4983030F0D85414BA411912AD03228E672898617349D4C06DA482E
Malicious:	false
Preview:	[Ident]..Title=Half-Life..ShortTitle=HALFLIFE..DirName=HALFLIFE

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\AdminServer.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	141909
Entropy (8bit):	7.997316359275308
Encrypted:	true
SSDEEP:	3072:mC76OhDzatE+oo1YaBjmm5SK3IYi8jcQxJ:mf6zUoTe6mEfYRjcQH
MD5:	E2D3C683C0BBE793AD249D59406576A2
SHA1:	8E67F31098E1EADF238A48C6CD730ADE42CF2B06
SHA-256:	812FE5FABFC5BE41EA132C44AACBDE01D43AF5FC81605022D2FFC777AC99983B
SHA-512:	D1AA652D197C345F701AEAFCDF73AA35EBC2B5D6CA472A89A442980222FD4CEBBC576F3711A873BA55C20BFE984938A90F3966885B8E530D106A86F3A91AD475
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 31%
Preview:	MZKERNEL32.DLL..LoadLibraryA....GetProcAddress..UpackByDwing@...PE..L..................!...9.....p......G...................................................................................B...................................H........................................................................................Upack..............................`....rsrc....@......U(..................`.......X...............u............................................_..........\|............@..............................E...f>......+Dy....a..<...GW...).;Y.@.P./mBL....^.X....]5?.MrY7....m....].w....)....>.RR....(Trje...E...U..R....U-K...!\|...K....i..(..>pl...%.J........8T.u...`.....~c6....:.).TPR!.]'..z _@>.&2..!^.].F...F.v.~..}{.B....b...J...E.;.@.:).#....h;..3rr.'.............J.Oc}........J[....0....K.._.._....4.8.:..-0...0..G..9Li.gT...?..je.>.XF+...y...g..NE+j......^...Px....f..p.5J.4iHE..:..ld{......L....:..y..,.Hf...#K\|>.&.h...D..i.........x..../.b_.....M.W....Kr.L

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\DialogKickPlayer.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1883
Entropy (8bit):	4.375240748095048
Encrypted:	false
SSDEEP:	24:oWtpXN/pyYAn8YkLT//AMIyVPtE3bLTyVgxToLTR+hAx1AArQLTmye0jR:D7hpykD//YMIyeb/yh/+XcQ/msd
MD5:	618B91D0C8AFA1F2F40CA25E26F33C93
SHA1:	40E2711F58FB83AB4FBF72DBF66A31078C3E2AAC
SHA-256:	AE84A92B2F845E76A5482AF84F6C8C1EC599CD1E8521AB8780A2298D6167666F
SHA-512:	86AAD6B8C8B31D4D79C4133DB373513B60B3BC6FA03124713E60C15D257DD3445417001A20970918539BE26EDE02FA4426668701DFB42D27B6B63FE9D0996D62
Malicious:	false
Preview:	"Admin\DialogKickPlayer.res"..{..."DialogKickPlayer"...{...."ControlName".."Frame"...."fieldName".."DialogKickPlayer"...."xpos".."480"...."ypos".."391"...."wide".."320"...."tall".."150"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."SysMenu"...{...."ControlName".."Menu"...."fieldName".."SysMenu"...."xpos".."0"...."ypos".."0"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."InfoLabel"...{...."ControlName".."Label"...."fieldName".."InfoLabel"...."xpos".."20"...."ypos".."33"...."wide".."274"...."tall".."66"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."textAlignment".."center"...."dulltext".."0"...."brighttext".."0"...}..."PlayerLabel"...{...."ControlName".."Label"...."fieldName".."PlayerLabel"...."xpos".."72"...."ypos".."72"...."wide".."0"...."tall".."24"...."autoResize".."0"...."pinCor

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\DialogServerPassword.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	4.518754831902054
Encrypted:	false
SSDEEP:	24:KgsPtXkE8LsucphgLP/MLLpP/OLZxtDr1zTGocAx1AA7rH9J5bTS:KpPtXsiYmlu1r1z6xXqrH9J5TS
MD5:	D8129B3C95E58FBBFB725396F5E9EFAF
SHA1:	28E57DEFA75C5E9898E01C6CF9298510B1645997
SHA-256:	0688915456B57D838DDC62E6AAC97D71C41D7C596B64151DAF08DF946E828202
SHA-512:	28BC6C05CC8D96D8E11FB0C8763E4D9C3B996F931F21704D4F2F724A767045A93B7D2D5F26CA419EB435D44318E3816BD1CF07EDA74C90C89789B3A0413625AB
Malicious:	false
Preview:	"Resource/DialogServerPassword.r"..{..."InfoLabel"...{...."ControlName".."Label"...."fieldName".."InfoLabel"...."xpos".."8"...."ypos".."38"...."wide".."268"...."tall".."32"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#Dialog_Server_With_Password_Info"...."textAlignment".."center"...}..."GameLabel"...{...."ControlName".."Label"...."fieldName".."GameLabel"...."xpos".."72"...."ypos".."72"...."wide".."304"...."tall".."24"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."textAlignment".."west"...}..."PasswordEntry"...{...."ControlName".."TextEntry"...."fieldName".."PasswordEntry"...."xpos".."74"...."ypos".."102"...."wide".."300"...."tall".."24"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."textHidden".."1"...."editable".."1"...."maxchars".."-1"...}..."ServerNameLabel"...{...."ControlName".."Label"...."fieldName".."ServerNameLabel"...."xpos".."4"...."ypos".."72"...."wide".."64"...."tall".."24"...."visible".."1"...."enabled".."1"....

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\GamePanelInfo.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3375
Entropy (8bit):	4.402889706905192
Encrypted:	false
SSDEEP:	48:LXT9/L/msKD/q5/d/CQ5/P/cTrs/cTC/cThjl/cT/:LXTNL+HE1qe30k0m0dJ0T
MD5:	9B3E7E7E035CD7CD0FEDA3BD2DFE24B5
SHA1:	7840D40CDFE413B6E6E7D459BA6AF0E8FD865129
SHA-256:	6084C208476FA7C11AB840B29AD51F7CC60827A02409C028828FE48026052A06
SHA-512:	053374A560BB084430C852D0AF67B290FC1A4DFE9126A599AF305D4F4B8F6142601F5ABD61A76D17081B07E0CEB164E42447167BD59D3A69B33D77F21FFFDC64
Malicious:	false
Preview:	"Admin/GamePanelInfo.res"..{..."RulesList"...{...."ControlName".."ListPanel"...."fieldName".."RulesList"...."xpos".."20"...."ypos".."72"...."wide".."480"...."tall".."216"...."autoResize".."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...}..."EditButton"...{...."ControlName".."Button"...."fieldName".."EditButton"...."xpos".."20"...."ypos".."296"...."wide".."72"...."tall".."24"...."autoResize".."0"...."pinCorner".."2"...."visible".."1"...."enabled".."0"...."tabPosition".."2"...."labelText".."Edit..."...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Default".."1"...}..."GameLabel"...{...."ControlName".."Label"...."fieldName".."GameLabel"...."xpos".."0"...."ypos".."12"...."wide".."84"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#Dialog_Game_Info_Game_Label"...."textAlignment".."east"...."dulltext".."0"...."brighttext".."0"...}..."ServerIPLabel"...

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\GraphPanel.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5385
Entropy (8bit):	4.380742272063651
Encrypted:	false
SSDEEP:	96:/iX9jkd2cNy5jbbrED2JlEYlMED332G1GPGq:qX9jkd2cNy5jbbrED2jEYlMED3mG1GPn
MD5:	5025B29F9CF259D9A1B5BEDA6172DFE3
SHA1:	5A711CE77092EA851F2C7DAD92FCCAC3853248BC
SHA-256:	7E854361A18A64BCAE31BE8D2F2AAB656F3CDCE7B4A58E349935836E77D57AEE
SHA-512:	7EB501C0DA2611C501D51E7AD1A4DC254CD2EEC50B68538FD306A92F49F844BE562642015D25A7633F0AB58ABBE386793D3502E19F036CD6324C04FAFE2400D0
Malicious:	false
Preview:	"Admin/GraphPanel.res"..{..."Graphs"...{...."ControlName".."ImagePanel"...."fieldName".."Graphs"...."xpos".."40"...."ypos".."10"...."wide".."314"...."tall".."210"...."autoResize".."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."InCheck"...{...."ControlName".."CheckButton"...."fieldName".."InCheck"...."xpos".."436"...."ypos".."130"...."wide".."84"...."tall".."24"...."autoResize".."0"...."pinCorner".."1"...."visible".."1"...."enabled".."1"...."tabPosition".."5"...."labelText".."In"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Default".."0"...}..."OutCheck"...{...."ControlName".."CheckButton"...."fieldName".."OutCheck"...."xpos".."436"...."ypos".."152"...."wide".."84"...."tall".."24"...."autoResize".."0"...."pinCorner".."1"...."visible".."1"...."enabled".."1"...."tabPosition".."6"...."labelText".."Out"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Default".."0"...}..."FPSCheck"...{...."ControlName"

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\MOTDPanel.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	283
Entropy (8bit):	4.5072390800281745
Encrypted:	false
SSDEEP:	6:oIM1licoEULBcoVHdH8ovN8spovNhANSGkSyWIvVw3zwt:oblico1cotZ96USGkSyNvgo
MD5:	910A0ECD1BFE19D49CF6EA3E77682404
SHA1:	721063510EAA9E7CF25BABBE0C4EF9211495C98E
SHA-256:	B84FF704EC533B52CD84767180078FE1598A52735AA38D2487BF9853C0808045
SHA-512:	005E6A5322994F14D14CA973FC2FDA0756672539E7F2B54E179AB7C567B485126E1588C187C341440356054D1B8DBF850CFFEFCF3FC61DCB7B5A3994EEDC0154
Malicious:	false
Preview:	"Admin\MOTDPanel.res"..{..."ServerMOTDText"...{...."ControlName".."ListPanel"...."fieldName".."ServerMOTDText"...."xpos".."10"...."ypos".."10"...."wide".."540" ...."tall".."230"...."autoResize"."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition"."1"...}..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\MapCycleEditDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3314
Entropy (8bit):	4.395701671094188
Encrypted:	false
SSDEEP:	48:x3T/ykD//8gBgM7OI76mb7/cZF7/jPb/I5b/fXg/aCj/6:x3T3Z2ob/70ZF77Pb2bnXgyCji
MD5:	EEFC88EE5B0BD51723C8AB1163A56360
SHA1:	2FF1844999562C34F5B396D8D2644E1F92642E23
SHA-256:	D91BA482971A2CAAD538C22B8B60153281D8667997D6F9DD340EDCAA2A6435B0
SHA-512:	171F6F739F646D57BCF720EC4B0F0EE56496353AA47EA9C2078EFF31CE77188BF9A8EA56EBC3FD2EE5F0D98DCE81CEF621A42095625A5C3BE627AF15B1761F2E
Malicious:	false
Preview:	"Admin/MapCycleEditDialog.res"..{..."MapCycleEditDialog"...{...."ControlName".."CMapCycleEditDialog"...."fieldName".."MapCycleEditDialog"...."xpos".."400"...."ypos".."266"...."wide".."480"...."tall".."400"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."SysMenu"...{...."ControlName".."Menu"...."fieldName".."SysMenu"...."xpos".."0"...."ypos".."0"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."AvailableMapList"...{...."ControlName".."ListPanel"...."fieldName".."AvailableMapList"...."xpos".."36"...."ypos".."42"...."wide".."184"...."tall".."306"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...}..."MapCycleList"...{...."ControlName".."ListPanel"...."fieldName".."MapCycleList"...."xpos".."262"...."ypos".."42"...."wide".."184"...."tall".."276"...."autoResize".."0"...."pinCorner".."0"...."visibl

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\PasswordPanel.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3011
Entropy (8bit):	4.4119869159673035
Encrypted:	false
SSDEEP:	48:x0g/mEuGTyo/meEWGTX/8EKtGTlEHGT7/gh/U:xBOEuG2oFEWGzkEeGxEHGfi8
MD5:	F612CCD9B4769FA49D4BA82A0B2799DE
SHA1:	16A664C98C4C680B88E834CB5C1D0D86ADE92838
SHA-256:	71269463DA9E175AE45C92BB7243CED3734546B90088ADBBE6D60572D1341E71
SHA-512:	215C3A6F00D5777B38D638D4AF73EF011BCBAFB223F08481E7E5CD18969E75C25054B24BB60D1BF20FEA30AE25BA11FB488F4FBFA9A49865B6D2BD14D32B1149
Malicious:	false
Preview:	"Admin\PasswordPanel.res"..{..."oldrcontextentry"...{...."ControlName".."TextEntry"...."fieldName".."oldrcontextentry"...."xpos".."180"...."ypos".."34"...."wide".."150"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."textHidden".."0"...."editable".."1"...."maxchars".."-1"...}..."Label1"...{...."ControlName".."Label"...."fieldName".."Label1"...."xpos".."48"...."ypos".."38"...."wide".."110"...."tall".."16"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText".."#Password_Panel_Old"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...}..."newrcon1textentry"...{...."ControlName".."TextEntry"...."fieldName".."newrcon1textentry"...."xpos".."180"...."ypos".."66"...."wide".."150"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."textHidden".."0"...."editable".."1"...."maxchars".."-1"...}..."Label2"...{

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\PlayerPanel.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1938
Entropy (8bit):	4.335544738756617
Encrypted:	false
SSDEEP:	24:odVHgaTLv9MFbLTmsjYw2NlFbLTmuYtAnwkLT/JNpLT/5NGYVhLT/5FGYR:iVLTCFb/msCFb/ma//J///5f//5F3
MD5:	38FFFC7527F866DBFE46EFA87A8770F8
SHA1:	2D1227102B7D7462CC65E363C2612D879156D7F0
SHA-256:	88C3504B99A78F337FAAA26EDEDA6D7283EA36E160D571B84255612A8DBC9AB4
SHA-512:	D47B991A281DD1725585729A8C7526032EBEFF16F5EB66B69E6B562537108F5BF180E4AED20BB3499E7D8377AD14665620CE94230767DE5428E060DF403E92FA
Malicious:	false
Preview:	"Admin/PlayerPanel.res"..{..."Players list"...{...."ControlName".."ListPanel"...."fieldName".."Players list"...."xpos".."20"...."ypos".."12"...."wide".."480"...."tall".."276"...."autoResize".."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...}..."kick"...{...."ControlName".."Button"...."fieldName".."Kick"...."xpos".."20"...."ypos".."298"...."wide".."80"...."tall".."24"...."autoResize".."0"...."pinCorner".."2"...."visible".."1"...."enabled".."0"...."tabPosition".."2"...."labelText".."#Player_Panel_Kick"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Default".."1"...}..."ban"...{...."ControlName".."Button"...."fieldName".."Ban"...."xpos".."110"...."ypos".."298"...."wide".."80"...."tall".."24"...."autoResize".."0"...."pinCorner".."2"...."visible".."1"...."enabled".."0"...."tabPosition".."3"...."labelText".."#Player_Panel_Ban"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Default".."0"...}..."ServerContextMe

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\RawLogPanel.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1003
Entropy (8bit):	4.461348824684976
Encrypted:	false
SSDEEP:	12:ojlwfgPtjftxHkTLo0T+IvJwwu/wbHkHLHwATt44On57LHz0OTrLsYU:opwoDaTLhuYb8Lb44wLT7TEYU
MD5:	E28B7CABE9E263653316F7CCB0F0762B
SHA1:	B494E3D67900DA5F7FBCF49136DDB7B450DBD34E
SHA-256:	7A66553EAEE2F06E875482054D7066A192A3DB25111B08920DC1CB39EDD4F6BE
SHA-512:	5BF2A064D8852104F96967E18BCB4B4EA6E6E4DFFEC2990C076C6EEA0CE42230E4EAD2F6E3109EE0B37EF8573B6789B070424908E8EA029163B59C5C1C1F5E88
Malicious:	false
Preview:	"Admin\RawLogPanel.res"..{..."ServerChatText"...{...."ControlName".."RichText"...."fieldName".."ServerChatText"...."xpos".."20"...."ypos".."12"...."wide".."480"...."tall".."276"...."autoResize".."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."maxchars".."-1"...}..."RconMessage"...{...."ControlName".."TextEntry"...."fieldName".."RconMessage"...."xpos".."20"...."ypos".."296"...."wide".."406"...."tall".."24"...."autoResize".."1"...."pinCorner".."2"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."textHidden".."0"...."editable".."1"...."maxchars".."-1"...."NumericInputOnly".."0"...}..."SendRcon"...{...."ControlName".."Button"...."fieldName".."SendRcon"...."xpos".."436"...."ypos".."296"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."3"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."#RawLog_Panel_Send"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Default".."1"...}..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\RulesPanel.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	664
Entropy (8bit):	4.384066840980609
Encrypted:	false
SSDEEP:	12:oUnlWZ96USPSyNvgsLj9JbLHzJODlVm0sY9:oUleYLPh9PLjnbLTsZYVY9
MD5:	902C98B87D8D9343B485485EB63AE4EB
SHA1:	1ACA46FF669825D7FABCBCCD53D479F78A3B5F01
SHA-256:	5CD79B30811FDD1419D137BF7FF9519748C648E7D39455098796D6469DDF1576
SHA-512:	C7AC098B376BB0D3B8D89BE621776927EB76165B0279198927D84D45AF9A1FFE56A518C0DD6ED8A1BF99419EDB954484C968B2F082AFEB84F228E76D6E33645A
Malicious:	false
Preview:	"Admin\RulesPanel.res"..{..."Rules list"...{...."ControlName".."ListPanel"...."fieldName".."Rules list"...."xpos".."10"...."ypos".."10"...."wide".."540" ...."tall".."210"...."autoResize"."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition"."1"...}..."Change"...{...."ControlName".."Button"...."fieldName".."Change"...."xpos".."10"...."ypos".."225"...."wide".."80"...."tall".."24"...."autoResize".."0"...."pinCorner".."2"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."#Rules_Panel_List_Edit"...."textAlignment".."center"...."dulltext".."0"...."brighttext".."0"...."Default".."0"...."command".."edit".....}....}..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\ServerConfigPanel.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	636
Entropy (8bit):	4.377803836058847
Encrypted:	false
SSDEEP:	12:oKlkxHkTLo0T4IvzxRhspXbLHzJksKHLsYU:ommaTJbxRh6XbLTmsK4YU
MD5:	93C9FAA2BE8ABF70B7EBCFA0ACF064DE
SHA1:	F2CA7ECF388E5309735575C839C901DA8EF74863
SHA-256:	9572E2F15653FC699EF46DC2A4829A4A2010CFCB2B810719A6C162355A194502
SHA-512:	FCFC6546D806049EDB1C124AC2B901E61E0DB9FA34A8B8A3AB69D0FA0F143FD9B18857AD5E5D57570FFA3D5ED546D6C2C65FD8A8D44F77CE3C147153EA799BB1
Malicious:	false
Preview:	"Admin\ServerConfigPanel.res"..{..."RulesList"...{...."ControlName".."ListPanel"...."fieldName".."RulesList"...."xpos".."20"...."ypos".."12"...."wide".."480"...."tall".."270"...."autoResize".."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...}..."EditButton"...{...."ControlName".."Button"...."fieldName".."EditButton"...."xpos".."19"...."ypos".."293"...."wide".."72"...."tall".."24"...."autoResize".."0"...."pinCorner".."2"...."visible".."1"...."enabled".."0"...."tabPosition".."2"...."labelText".."Edit..."...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Default".."1"...}..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\ServerConfigPanel_cstrike.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4283
Entropy (8bit):	4.397143538745303
Encrypted:	false
SSDEEP:	48:Lqiv6jbi3jmzOibTOjdJEjKLjXNYciq0bjicicDjTSJtjlwjj:LqiCHi3MOivOYmDNYciq0bWciQKtpw3
MD5:	610CB293BEE56B6F887809752B1572EA
SHA1:	6605734956A1FA6A3A7AD48E542C149F99DA32E2
SHA-256:	5DD3F38341674037C2FEE25C02A9760710010A171D8591C89A8772C138807392
SHA-512:	E517BCF7296B33F213D888A919D21874FA2D23C512900EC3E55FF6E8EE208FD33B1DE508B81B90E8EF415183317E7F8760F895333123F3278144D3306F6F8942
Malicious:	false
Preview:	"Server\ServerConfigPanel.res"..{........"mp_c4timerlabel"...{...."ControlName".."Label"...."fieldName".."mp_c4timerlabel"...."xpos".."5"...."ypos".."30"...."wide".."100"...."tall".."20"...."autoResize"."0"...."pinCorner"."0"...."visible"."1"...."enabled"."1"...."tabPosition"."0"...."labelText"."C4 Timer"...}..."mp_c4timer"...{...."ControlName".."TextEntry"...."fieldName".."mp_c4timer"...."xpos".."110"...."ypos".."30"...."wide".."100"...."tall".."20"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."textHidden".."0"...."editable".."1"...."maxchars".."-1"...}......."mp_timelimitlabel"...{...."ControlName".."Label"...."fieldName".."mp_timelimitlabel"...."xpos".."5"...."ypos".."55"...."wide".."100"...."tall".."20"...."autoResize"."0"...."pinCorner"."0"...."visible"."1"...."enabled"."1"...."tabPosition"."0"...."labelText"."Timelimit"...}..."mp_timelimit"...{...."ControlName".."TextEntry"...."fieldName".."mp_timelimit"...."xpos".."110"...

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\ServerConfigPanel_dod.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5152
Entropy (8bit):	4.3738287931411
Encrypted:	false
SSDEEP:	96:Lvidqi3SOivOsi6C1WNYciq0bMciQVtkaZoiBK1C:zwqiSOqOsXC1jcSMcBVtkaZoyK1C
MD5:	AC09E5730465A77B9730510C513CB01F
SHA1:	E8B0C0176CD802DA941E7EB5921626DE4E39F57A
SHA-256:	9AB12B16EA7B9D2F264F55FE06FEF0AF2E89110F36A51449118916271D7FADA6
SHA-512:	C14BB55597C924F3F242E7C41D074964FB33B7FAA34330DF153A4C13F13B63C8BDD625A45047115DBF1D4F87CD30DFA514FF01C6C8935DA19106F1067F7E960E
Malicious:	false
Preview:	"Server\ServerConfigPanel.res"..{......"mp_roundliveslabel"...{...."ControlName".."Label"...."fieldName".."mp_roundliveslabel"...."xpos".."5"...."ypos".."30"...."wide".."100"...."tall".."20"...."autoResize"."0"...."pinCorner"."0"...."visible"."1"...."enabled"."1"...."tabPosition"."0"...."labelText"."Round Lives"...}..."mp_roundlives"...{...."ControlName".."TextEntry"...."fieldName".."mp_roundlives"...."xpos".."110"...."ypos".."30"...."wide".."100"...."tall".."20"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."textHidden".."0"...."editable".."1"...."maxchars".."-1"...}......."mp_timelimitlabel"...{...."ControlName".."Label"...."fieldName".."mp_timelimitlabel"...."xpos".."5"...."ypos".."55"...."wide".."100"...."tall".."20"...."autoResize"."0"...."pinCorner"."0"...."visible"."1"...."enabled"."1"...."tabPosition"."0"...."labelText"."Timelimit"...}..."mp_timelimit"...{...."ControlName".."TextEntry"...."fieldName".."mp_timelimit"...."xp

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\ServerConfigPanel_valve.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3904
Entropy (8bit):	4.419145849805333
Encrypted:	false
SSDEEP:	48:iixjDOi9OjmniYjoJEjTILjWNYcis0bjiciaDjTSJtjv:iixnOi9OmiY9w6NYcis0bWciKKtr
MD5:	5FCE5696EE35A818ED95F2CEB42E8184
SHA1:	770766BD01941B77B2059F66E361D5D4DB099F73
SHA-256:	F8CEDFBD8912C2A45D26FA1C2A305B4FB5502568ABBF2CA86E8316E63A7BE74E
SHA-512:	7686AF9CDBA99C74DB3BDCEAEF1D0ECFA0FB3C255BA3E0C4820B2626CC3126A3E98CFC1DB58F57C217948A8C801058E412B973ABC7CCD5FC233EB8542C1F9468
Malicious:	false
Preview:	"Server\ServerConfigPanel_Valve.res"..{....."mp_timelimitlabel"...{...."ControlName".."Label"...."fieldName".."mp_timelimitlabel"...."xpos".."5"...."ypos".."55"...."wide".."100"...."tall".."20"...."autoResize"."0"...."pinCorner"."0"...."visible"."1"...."enabled"."1"...."labelText"."#Config_Timelimit"...}..."mp_timelimit"...{...."ControlName".."TextEntry"...."fieldName".."mp_timelimit"...."xpos".."110"...."ypos".."55"...."wide".."100"...."tall".."20"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."textHidden".."0"...."editable".."1"...."maxchars".."-1"...}....."mp_fraglimitlabel"...{...."ControlName".."Label"...."fieldName".."mp_fraglimitlabel"...."xpos".."5"...."ypos".."80"...."wide".."100"...."tall".."20"...."autoResize"."0"...."pinCorner"."0"...."visible"."1"...."enabled"."1"...."labelText"."#Config_Fraglimit"...}..."mp_fraglimit"...{...."ControlName".."TextEntry"...."fieldName".."mp_fraglimit"...."xpos".."110"...."ypos".."80"...

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\VarEditDialog_ComboBox.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2291
Entropy (8bit):	4.410012668093503
Encrypted:	false
SSDEEP:	48:QwKykD//w/mEXV/lCOH///jUu9/uYE995zSY:QwGwRXVNCOH/jUu9RE995L
MD5:	B61042ACACC410B2B6FE4BC9B84D2E63
SHA1:	1992A81402FD5B0E36FDC6F21753B155D800F698
SHA-256:	F300C0545B83725C88E34FDC634123ED55530AFFAF9C303E7995ACE807B88A57
SHA-512:	3813717598A4638A0BCB09C184A6CE99BC361DE8739E5395859C35162DC1B78B53F129972E761D418DE1D2F356B3D387D0C28862DE8FB5A985C8F79B1E435DAB
Malicious:	false
Preview:	"Admin/VarEditDialog_ComboBox.res"..{..."VarEditDialog"...{...."ControlName".."Frame"...."fieldName".."VarEditDialog"...."xpos".."500"...."ypos".."376"...."wide".."280"...."tall".."180"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."SysMenu"...{...."ControlName".."Menu"...."fieldName".."SysMenu"...."xpos".."0"...."ypos".."0"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."OKButton"...{...."ControlName".."Button"...."fieldName".."OKButton"...."xpos".."116"...."ypos".."144"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."OK"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Command".."OK"...."Default".."1"...}..."CancelButton"...{...."ControlName".."Button"...."fieldName".."CancelButton"...."xpos".."200"...."ypos".."144"..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\VarEditDialog_String.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1730
Entropy (8bit):	4.4372543696305575
Encrypted:	false
SSDEEP:	24:oHwKkxx6LTm1MhAx1AAjELTAAlzAtAW+jtb9LTGEHPl95zjmR4b:mwKD/mEXV/lCOHh9/GE995zSY
MD5:	E45E80FE0D5D51C6A0FBB4C3957E033F
SHA1:	5B8D6ECBC8BF0EE8756637CF553E13E88576D4BD
SHA-256:	2E5D7C2CDD48CFF43727D5F68B9EBA78A207E58D77860DC634786E17E90594B7
SHA-512:	A85A5F21DD09A3AEAA3444C5B440FC3C1FB63819740A8D04FA5BCCD36CE2472DC63CE6C5C55722BACDF27ACC8463EF2D93E298FEF7C6E72C3B4B4505995214B9
Malicious:	false
Preview:	"Admin/VarEditDialog_String.res"..{..."VarEditDialog"...{...."ControlName".."Frame"...."fieldName".."VarEditDialog"...."xpos".."500"...."ypos".."376"...."wide".."280"...."tall".."180"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."OKButton"...{...."ControlName".."Button"...."fieldName".."OKButton"...."xpos".."116"...."ypos".."144"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."OK"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Command".."OK"...."Default".."1"...}..."CancelButton"...{...."ControlName".."Button"...."fieldName".."CancelButton"...."xpos".."200"...."ypos".."144"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."3"...."labelText".."Cancel"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Command"

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\admin_english.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	19372
Entropy (8bit):	3.522175895000412
Encrypted:	false
SSDEEP:	96:13HHzzW4GBybzhMmUg7A0IfMAB5dxoilms4MubJYlDvtMxce3T2ZU+O0fLbRcNUz:1nNaX1ubJ2wce3/cKNUxL/iJtWf
MD5:	743194AD874C8A345BFF88A4E41A37CF
SHA1:	8678154E4199D07444608C940ADB3953A814BDF8
SHA-256:	0CBF6707F4F0256AB6A37E5163E977FCE684F83F53C61F6EB556AF021F0DA68A
SHA-512:	30C1C7901F90FB04AC39EB919B3B4776B20F8A65B900462BAF265912E0B306DD262244F8AEDA04DC6DF29ACA7CD2E79F8F979A4910BF37301FE34F2D35E675FA
Malicious:	false
Preview:	..".l.a.n.g.". .....{. .....".L.a.n.g.u.a.g.e.". .".E.n.g.l.i.s.h.". .....".T.o.k.e.n.s.". .....{. .....".O.k.a.y._.B.u.t.t.o.n.".........".&.O.K.".....".C.a.n.c.e.l._.B.u.t.t.o.n.".........".&.C.a.n.c.e.l.".....".C.l.o.s.e._.B.u.t.t.o.n.".........".&.C.l.o.s.e.".........".A.d.d._.B.a.n._.T.i.t.l.e.".........".P.l.a.y.e.r. .B.a.n. .-. .M.y. .S.e.r.v.e.r.s.".....".A.d.d._.B.a.n._.T.i.m.e._.T.e.m.p.o.r.a.r.y.".....".T.e.m.p.o.r.a.r.y.:.".....".A.d.d._.B.a.n._.T.i.m.e._.P.e.r.m.a.n.e.n.t.".....".P.e.r.m.a.n.e.n.t.".....".A.d.d._.B.a.n._.P.e.r.i.o.d._.M.i.n.u.t.e.s.".....".m.i.n.u.t.e.(.s.).".....".A.d.d._.B.a.n._.P.e.r.i.o.d._.H.o.u.r.s.".......".h.o.u.r.(.s.).".....".A.d.d._.B.a.n._.P.e.r.i.o.d._.D.a.y.s.".......".d.a.y.(.s.).".....".A.d.d._.B.a.n._.E.r.r.o.r.".........".A.d.d. .B.a.n. .E.r.r.o.r.".....".A.d.d._.B.a.n._.T.i.m.e._.I.n.v.a.l.i.d.".......".T.h.e. .t.i.m.e. .y.o.u. .e.n.t.e.r.e.d. .i.s. .i.n.v.a.l.i.d... .\.n.I.t. .m.u.s.t. .b.e. .e.q.u.a.l. .t.o. .o.r. .g.r.e.a.t.e.r. .t.h.

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\game_ready.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	8378
Entropy (8bit):	6.321372371604288
Encrypted:	false
SSDEEP:	192:LHof4MX8grPx+KB4JLRJG7ZLKOsAtybVIu6HLsYfzlz5Oni8:kww84+LRQKJAtybK8YfRz5ai8
MD5:	25D68BC70C2B5463FE98D6FFEC5C2866
SHA1:	86E025F7D060AEC0D47FE062F6340DBB05519E79
SHA-256:	9F839221582B729C925B1BE1C6C09A4006D47566D6F9FF580337AF1539B3679B
SHA-512:	97369A9FE1F775591C189EDCF8AB71801C9CEC41C2C32708812FEE2457684367818E58230AF94E03389DC9409854E5F4D3D07861B93F227F4B7797A7A3972088
Malicious:	false
Preview:	RIFF. ..WAVEfmt ........"V.."V......data@ ..r\|...vt....ts~..zz~...tw\|yuv}....yq\|.}..\|..yrkn...~yw..yqqz..xlhp..{wv{..vel...zkk{..wpy.}ys`k....rq\|.}lal....pv.~pkp{...vgn}tq~..\|g^gw..nUdx...ZPp..kMa...NQ...o.z^Z..V].yy.d\w...sgo..wjm}..{ffx.\|u}zu{tqx}..zvrsvpjo~.zzoadz.}y\|z{.~j`u..xlegv.zmr..ztqpv\|}{srzwqqmmv.~vkn.{oz}xxxrgkttomvrq}vlr\|..ukmqvxoiqzyphel{.}qlr~.vnik~.vgbhuvlgjw..pipz\|ytigu~vfagoyxlmvxxvmhu..sbgrqukUc..yhjny..tinyzrhadu.xfejy.yquywpmjfq{ylhoihnjglx\|vvwtoowumkljc`epu{{qr}.qcnxwxrhenvneakw\|\|rhq..silmx.n]^jpjhc_m..wnruyzi_esxl`Z\hpmdal{..hcqz{rd[avyg[Zbozye`p~.}nehuwja\\cnn[Ygis~}{}{vkcbceikfge[[ber\|vpo{{okhix.qQJWX_gcbl..xolnu.}aRYhog[W\lwo^\h{..yibmsmb^bhjcVOUgsvx~.\|xoebcimh_di][[[dpxunsxvqjfgmojaXYdib^alrswpmy}vlgb^ms_SYimd_UWr..vnlqzxdWZjspjVL_kmkcfz..sdajtsl\YkodZVX^pyolv}xtui`hrn]`d\cjc^biej}}unheeoqdbdbjhWPWhv\|vijy.{naZ_vw]UX_ilf\[gw}tmmu{ym_Yaloe_YUenecjr\|.zrkjmnfb`\blj^W\cfjuxsv\|wqme^cjfccb[S`kgnxz{~\|j^eoqib]X\dbTUelv~rgkz.xokf`ehSKYalqfYYfw.{rrqooe[VWakmfYRV`kqqsy..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Admin\server_english.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	3110
Entropy (8bit):	3.451074369671522
Encrypted:	false
SSDEEP:	96:13/0ax/VAkiPSGd6VlH9aQviMkpJWnU27rKJTilTnbnUaVCQYK73rERR0Z:1scoahnbnzc+3w4
MD5:	9DBAEC0A0D0BD36B1A3BFF14CC4A9622
SHA1:	2D3550828B62125A056CF039AD4A45D9EE20A5F7
SHA-256:	0BA206272DF79B4664B4A7DFF67680DD1FBD89236E137B58EB7389979B5DA44A
SHA-512:	6E6EBBBD15B49F49355E02BAF94953C738497543C420F186D1971AE62E6628018C4720DD9B8D56BDC626254AAE67FB0B68438D31C76E25373F3C023C671CD8B5
Malicious:	false
Preview:	..".l.a.n.g.". .....{. .....".L.a.n.g.u.a.g.e.". .".E.n.g.l.i.s.h.". .....".T.o.k.e.n.s.". .....{. ....././. .t.h.e. .l.i.s.t. .o.f. .m.o.d.s. .a.n.d. .t.h.e.i.r. .s.e.r.v.e.r. .n.a.m.e.s.....".c.s.t.r.i.k.e.".......".C.o.u.n.t.e.r.-.S.t.r.i.k.e.".....".v.a.l.v.e.".........".H.a.l.f.-.L.i.f.e.".....".t.f.c.".........".T.e.a.m.F.o.r.t.r.e.s.s. .C.l.a.s.s.i.c.".....".d.m.c.".........".D.e.a.t.h.m.a.t.c.h. .C.l.a.s.s.i.c.".....".g.e.a.r.b.o.x.".......".O.p.p.o.s.i.n.g. .F.o.r.c.e.s.".....".r.i.c.o.c.h.e.t.".......".R.i.c.o.c.h.e.t.".....".3.w.a.v.e.".........".T.h.r.e.e.W.a.v.e. .C.T.F.".............".S.t.a.r.t._.S.e.r.v.e.r._.T.i.t.l.e.".....".S.t.a.r.t. .D.e.d.i.c.a.t.e.d. .S.e.r.v.e.r.".....".S.t.a.r.t._.S.e.r.v.e.r._.B.u.t.t.o.n.".....".S.t.a.r.t. .S.e.r.v.e.r.".....".S.t.a.r.t._.S.e.r.v.e.r._.C.a.n.c.e.l.".....".C.a.n.c.e.l.".....".S.t.a.r.t._.S.e.r.v.e.r._.S.e.c.u.r.e.".....".S.e.c.u.r.e. .(.V.a.l.v.e. .A.n.t.i.-.C.h.e.a.t.).".....".S.t.a.r.t._.S.e.r.v.e.r._.N.e.t.w.o.r.k._.L.a.b.e.

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\DialogRemoveUser.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2038
Entropy (8bit):	4.47629854679823
Encrypted:	false
SSDEEP:	24:ZBBW2oAyYAn8YkLT/TpMLTmkMA41AjLTd0jJRZLTlQo4C9ELIzAL0:ZBBW2oAykD//u/m6fj/qbZ/lQohEszv
MD5:	2090691944F3C38A2A502660FE8AD5C3
SHA1:	440BC00E87FB1BB2B9FC9990EB2DB9E9E811BB3C
SHA-256:	F187459FFED34D57443998BC6EA45737C036DAA4A46C0428EC75245CA7F00F4D
SHA-512:	3061E672941AA6FBAF7BAF10C838201CE52C0D9FAC261FFBCE61A7C9AF82C2656AE132A07A96B4B29B945707B8D689FABCB366CF4A217A4DB3EE9876D4AC4FEE
Malicious:	false
Preview:	"Friends/DialogRemoveUser.res"..{..."DialogRemoveUser"...{...."ControlName".."Frame"...."fieldName".."DialogRemoveUser"...."xpos".."221"...."ypos".."354"...."wide".."452"...."tall".."216"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."SysMenu"...{...."ControlName".."Menu"...."fieldName".."SysMenu"...."xpos".."0"...."ypos".."0"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."OK"...{...."ControlName".."Button"...."fieldName".."OK"...."xpos".."220"...."ypos".."180"...."wide".."116"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."#TrackerUI_RemoveUser"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Command".."OK"...."Default".."0"...}..."Cancel"...{...."ControlName".."Button"...."fieldName".."Cancel"...."xpos".."352"...."ypos".."180"....

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\DialogSendMessage.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1907
Entropy (8bit):	4.5869663031247985
Encrypted:	false
SSDEEP:	24:k3AmA5wSfLCIWAAGHmJgWySfLCIimGpSfqFnyaSSf9ln/Ml2oB/wSfWjpE:k3O5f9rlW1QKehjK2op
MD5:	D4D7BE79A635E8E50ABCA97DD728425F
SHA1:	91A5530E60E787C4B26A74C2F18ACA36D201EE1D
SHA-256:	668D9EA2392D04DABBA4395F9EA2D220F21840C3FB9ADE6D533FB2F87B3E6AED
SHA-512:	0A8C2F905A0E8909E6919C4B95F67B738446A7C39A262BB8418D51409D2A1D766A7B0EC43879F825B34A80BB706DA6C8D870C7286CA9A86219A594886B0FBF82
Malicious:	false
Preview:	"Resource\DialogSendMessage.res"..{..."CancelButton"...{...."command".."Cancel"...."textAlignment".."center"...."labelText".."#TrackerUI_Close"...."tabPosition".."3"...."enabled".."1"...."visible".."1"...."BgColor".."70 70 70 255"...."FgColor".."255 170 0 255"...."tall".."24"...."wide".."104"...."ypos".."192"...."xpos".."8"...."fieldName".."CancelButton"...."ControlName".."Button"...}..."SendButton"...{...."command".."SendMessage"...."textAlignment".."center"...."labelText".."#TrackerUI_Reply"...."tabPosition".."2"...."enabled".."1"...."visible".."1"...."BgColor".."70 70 70 255"...."FgColor".."255 170 0 255"...."tall".."24"...."wide".."104"...."ypos".."192"...."xpos".."252"...."fieldName".."SendButton"...."ControlName".."Button"...}..."NameLabel"...{...."textAlignment".."west"...."labelText".."test2"...."tabPosition".."0"...."enabled".."1"...."visible".."1"...."BgColor".."70 70 70 255"...."FgColor".."255 255 255 255"...."tall".."20"...."wide".."148"...."ypos".."32"...."xpos".."92"...."

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\DialogSystemMessage.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	975
Entropy (8bit):	4.436643243993124
Encrypted:	false
SSDEEP:	12:ZBBriAtPPbGBiVSPnj1SzuBtPrkgRMK8o3VHCn7gUzuBtIYQP3Qtz9NADMLvUzu3:ZBBOAZZSPj1OqgMVi8I1PgtzT1LvItpO
MD5:	EB4596D2F3422A55F4B61D6150EC27BB
SHA1:	69D8E1474741E701258129FC92E30E2CF2E00385
SHA-256:	69DFF83932B6E54EC452BE41157E0F5A6D8E3F34345DF2EA159B56BAA16D8144
SHA-512:	13C22DE5B1FDC0A3623F1D006052C3B022B92C2815DC8383DB87CE263E931547303305693D09529FA5D174456F2388B91FDD54C2CCFBAEB6A27E263CA4BB6584
Malicious:	false
Preview:	"Friends/DialogSystemMessage.res".{.."SystemMessage"..{..."ControlName".."CSystemMessage"..."fieldName".."SystemMessage"..."xpos".."595"..."ypos".."378"..."wide".."410"..."tall".."390"..."autoResize".."0"..."pinCorner".."0"..."visible".."1"..."enabled".."1"..."tabPosition".."0"..."settitlebarvisible".."1"..."title".."#TrackerUI_FriendsSystemMessageTitle"..}.."MessageHTML"..{..."ControlName".."HTML"..."fieldName".."MessageHTML"..."xpos".."17"..."ypos".."37"..."wide".."375"..."tall".."310"..."autoResize".."0"..."pinCorner".."0"..."visible".."1"..."enabled".."1"..."tabPosition".."0"..}.."CloseButton"..{..."ControlName".."Button"..."fieldName".."CloseButton"..."xpos".."318"..."ypos".."357"..."wide".."64"..."tall".."24"..."autoResize".."0"..."pinCorner".."0"..."visible".."1"..."enabled".."1"..."tabPosition".."0"..."labelText".."#TrackerUI_Close"..."textAlignment".."west"..."dulltext".."0"..."brighttext".."0"..."wrap".."0"..."Command".."close"..."Default".."0"..}.}..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\FriendsDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2097
Entropy (8bit):	4.464402410010666
Encrypted:	false
SSDEEP:	24:ZBU/K+gvN/91/UvB6m9ovoWIGzfGWQGDaFLzjvIzkxIwLzfUvuOzgSAp2LSHfUvm:ZBU/K+Q/9589pFfOYffnQgSAp22Hf9
MD5:	8D448C563F01411EA2BDB8CB35094ED3
SHA1:	00B4B97E29C5549A199A1A217F42766BE538B68E
SHA-256:	66892D9DA7B5DC77F7B7C3C4D9946BAFF06F32770C628D581DC3416FCE91F794
SHA-512:	F126A7BC7893144390D4A973BE5465B3C3FABE15335E3D07EF9E81E52808B515860A666BD37CB37CAB30A1612943E0258941DB84380656123DA557514D7632E2
Malicious:	false
Preview:	"Friends/FriendsDialog.res"..{..."FriendsDialog"...{...."ControlName".."CFriendsDialog"...."fieldName".."FriendsDialog"...."xpos".."0"...."ypos".."0"...."wide".."252"...."tall".."440"...."AutoResize".."1"...."PinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."paintbackground".."1"...."settitlebarvisible".."1"...."title".."#Friends_Title_Online"...}..."BuddyList"...{...."ControlName".."CFriendsListSubPanel"...."fieldName".."BuddyList"...."xpos".."6"...."ypos".."48"...."wide".."240"...."tall".."344"...."AutoResize".."3"...."PinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...."paintbackground".."1"...}..."DownLabel"...{...."ControlName".."Label"...."fieldName".."DownLabel"...."xpos".."10"...."ypos".."65"...."wide".."232"...."tall".."80"...."AutoResize".."1"...."PinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."paintbackground".."1"...."labelText".."#Friends_NoFriendsInList"...."textAlignment".."north-west"....

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\SettingsSubInterface.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1785
Entropy (8bit):	4.500212501452674
Encrypted:	false
SSDEEP:	48:ZBJxLc8u/uYE1dEAtE/IG/ASecx1ZT/m7t:nJuRE1d9E/IGPx1lqt
MD5:	F4405A2EE3E22F5C2A2066111C332A0A
SHA1:	7D5B7DDCDD815040602CACD23CCD5DB9A0BBEB7C
SHA-256:	FD0FF1555B662956AABE8BCCF9DA8CEC4B24DC5DD4F4EB043336B7E904FEF2BB
SHA-512:	57CC8DEB3DEBA37C98FF6AFF572031E9274D05E568C6C41AFCCA8917686F261D2D3C7E380396FF4111CA9205BCADB3FAAFDEC167E14BC79285DE68A470514D9A
Malicious:	false
Preview:	"Friends/SettingsSubInterface.res"..{..."FavoriteWindowCombo"...{...."ControlName".."ComboBox"...."fieldName".."FavoriteWindowCombo"...."xpos".."32"...."ypos".."104"...."wide".."180"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."textHidden".."0"...."editable".."0"...."maxchars".."-1"...."NumericInputOnly".."0"...}..."Label1"...{...."ControlName".."Label"...."fieldName".."Label1"...."xpos".."32"...."ypos".."24"...."wide".."340"...."tall".."56"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#TrackerUI_FavoriteWindowLabel"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."wrap"..."1"...}..."Label2"...{...."ControlName".."Label"...."fieldName".."Label2"...."xpos".."32"...."ypos".."80"...."wide".."180"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."label

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\SettingsSubInternet.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	776
Entropy (8bit):	4.428260019191353
Encrypted:	false
SSDEEP:	12:ZBJYD0KSZFaR8nvLHzPWGTIkEHVnQH0XLHzP5gJ7TlRUs4:ZBJA0NZQR8vLTu7kEHVQ0LTU9R14
MD5:	C56E5257274CCF226B42C18C78399B7C
SHA1:	79C2E3CA86A2A3DBE4D517A25BE73E7650CC05E4
SHA-256:	7564F095388ABF8D8F15C6FE272DAF87DC0BC385397EDF6DDD2221B63332D474
SHA-512:	3440D08C139EA189AB6149580F6B5A1D5B657C721097BA3AF746D631C006C8C46D256447D3303D9DBD36DCEC04CF20C6F2E126037B712275A9D7B36BF918F1A4
Malicious:	false
Preview:	"Friends/SettingsSubInternet.res"..{..."InternetSpeed"...{...."ControlName".."ComboBox"...."fieldName".."InternetSpeed"...."xpos".."32"...."ypos".."50"...."wide".."190"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."textHidden".."0"...."editable".."0"...."maxchars".."-1"...."NumericInputOnly".."0"...."unicode".."0"...}..."Label1"...{...."ControlName".."Label"...."fieldName".."Label1"...."xpos".."32"...."ypos".."20"...."wide".."340"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#TrackerUI_ConnectionSpeed"...."textAlignment".."west"...."associate".."InternetSpeed"...."dulltext".."0"...."brighttext".."0"...}..}...

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\SettingsSubLanguage.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	1144
Entropy (8bit):	4.4507923285832405
Encrypted:	false
SSDEEP:	24:ZBJEAmZ1m8vLTu7kEHV4LZ0MtLnEHfQ0LTZd6m14:ZBJEAcjv/u7kE14LzE/5/69
MD5:	24DDF2770C8ED739080F4907FE2D23E3
SHA1:	9393E183EB6BE1F2DBF0DDAA1AA1B0E0D9C4D641
SHA-256:	0991AE1FD34A3428D247292BCE65BEE54D07828AC82A9E81B5A64EB06A458999
SHA-512:	59BDBC31B28D4F6E9924FED1980A615F1AA806B62233A4BDD79D0D73A8C1966FBC184805438B71B9DE1AB63D1C5535F180A462649B3813C1FC94FAA7C9F56D7A
Malicious:	false
Preview:	"Friends/SettingsSubLanguage.res"..{..."LanguageCombo"...{...."ControlName".."ComboBox"...."fieldName".."LanguageCombo"...."xpos".."32"...."ypos".."50"...."wide".."190"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."textHidden".."0"...."editable".."0"...."maxchars".."-1"...."NumericInputOnly".."0"...."unicode".."0"...}..."Label1"...{...."ControlName".."Label"...."fieldName".."Label1"...."xpos".."32"...."ypos".."108"...."wide".."256"...."tall".."64"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#Steam_MustRestartToTakeEffect"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."wrap"..."1"...}..."Label2"...{...."ControlName".."Label"...."fieldName".."Label2"...."xpos".."32"...."ypos".."20"...."wide".."340"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\SettingsSubProfile.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2457
Entropy (8bit):	4.411825882827512
Encrypted:	false
SSDEEP:	48:ZBJOqf8/YpQ4lpR/EBpi/meE6ZpF/8E17/4aE/m3/caExP/c5:Ff24lpRMBpiFE6ZpFkE17QaE/wkaExPs
MD5:	A94D94B745574E5BD53F3914070B1BDA
SHA1:	30311FB5680F4DDF504D739F8D89FAEE618D6D0A
SHA-256:	9A881161BA988B0E46CAD948ABA0F2E000BA790608145E6639738E689986D8DE
SHA-512:	698886D65C01B9BB40DE0C694300F1D82EAC8114FDA07B8DE5C3588537A039330E3BC07FBECC8F48A971B93B691CCBD8019230758AA48EB48FBCB64E7E1FE7FA
Malicious:	false
Preview:	"Friends/SettingsSubProfile.res"..{..."NoStatusLabel"...{...."ControlName".."Label"...."fieldName".."NoStatusLabel"...."xpos".."24"...."ypos".."24"...."wide".."340"...."tall".."128"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...."labelText".."#TrackerUI_OptionsUnavailable"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...}..."UserNameEdit"...{...."ControlName".."TextEntry"...."fieldName".."UserNameEdit"...."xpos".."32"...."ypos".."44"...."wide".."180"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."textHidden".."0"...."editable".."1"...."maxchars".."-1"...}..."FirstNameEdit"...{...."ControlName".."TextEntry"...."fieldName".."FirstNameEdit"...."xpos".."32"...."ypos".."100"...."wide".."180"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."textHidden".."0"...."editable".

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\SettingsSubSkins.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	1130
Entropy (8bit):	4.4509130376066635
Encrypted:	false
SSDEEP:	24:ZBJgmovLTu7kEHV4LZ0MtLnEHfQ0LTZl/4:ZBJgvv/u7kE14LzE/5/Q
MD5:	950EAC9AF32EB1C61ED580F3CCB31C81
SHA1:	F875A0B735771B24494B6ED853FE3F1CED20D2F2
SHA-256:	7AD1145B06D2AC078BAC9002B0E02BDF417D598EFB87F9A3C0482CE67B501506
SHA-512:	3E2F01F566D65CA20ABBCBD765FC4318EDCAC18E096A4205DDC1A3657D418D583A668C46C219C9778F7E1B7503E6CF0203E84077E5BA60B314CAFB888D3B3F11
Malicious:	false
Preview:	"Friends/SettingsSubSkins.res"..{..."SkinCombo"...{...."ControlName".."ComboBox"...."fieldName".."SkinCombo"...."xpos".."32"...."ypos".."50"...."wide".."190"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."textHidden".."0"...."editable".."0"...."maxchars".."-1"...."NumericInputOnly".."0"...."unicode".."0"...}..."Label1"...{...."ControlName".."Label"...."fieldName".."Label1"...."xpos".."32"...."ypos".."108"...."wide".."256"...."tall".."64"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#Steam_MustRestartToTakeEffect"...."textAlignment".."north-west"...."dulltext".."1"...."brighttext".."0"...."wrap"..."1"...}..."Label2"...{...."ControlName".."Label"...."fieldName".."Label2"...."xpos".."32"...."ypos".."20"...."wide".."340"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\SettingsSubSounds.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1248
Entropy (8bit):	4.610582721303264
Encrypted:	false
SSDEEP:	24:ZBJ+N4LNfLTrRYU4LTLTmTEXYM4LZ2LTx4GYR:ZBJ+o/e/mQ//s
MD5:	BC88FC0768A667A3C7E5E321C56DA555
SHA1:	AEAA73E3702F449E9AF0240CA87A354FD0ABAA8D
SHA-256:	125979C59ADDAD84B021367B5DA899AEC785A85F508C41DF5A116BDC27FB4E6E
SHA-512:	00244A4836D5FFE52729E791831D7ECCC1E1FBEADBE6E959FED78AD34E9BCB9A62FEACE7A4485B5089C62691132CF94B2344710073886EB4E9581ECF17BA69D7
Malicious:	false
Preview:	"Friends/SettingsSubSounds.res"..{..."IngameSoundCheck"...{...."ControlName".."CheckButton"...."fieldName".."IngameSoundCheck"...."xpos".."26"...."ypos".."24"...."wide".."350"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."labelText".."#TrackerUI_PlaySoundWhenFriendJoins"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Default".."0"...}..."OnlineSoundCheck"...{...."ControlName".."CheckButton"...."fieldName".."OnlineSoundCheck"...."xpos".."26"...."ypos".."60"...."wide".."350"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."#TrackerUI_PlaySoundWhenFriendComesOnline"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Default".."0"...}..."MessageSoundCheck"...{...."ControlName".."CheckButton"...."fieldName".."MessageSoundCheck"...."xpos".."26"...."ypos".."98"...."wide".."350"...."tall".."24"...

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\SubPanelFindBuddy.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3202
Entropy (8bit):	4.4203987984112105
Encrypted:	false
SSDEEP:	96:hyK4lC9hB39QE6ZRb9gvev69qEH9kW9g2O9k2/9kvl9R:hjiC9hB39QE6ZRb9qw69qEH9kW9gD9kX
MD5:	2A56EE6BDCB95A0A72F39B56E4F236E2
SHA1:	5F36A7F5219896D29D738A57C8BF7E47DF6F5953
SHA-256:	322CA4878A419E480106B7B297C762020B8DB905EF945EAB1BBE4F97B6246085
SHA-512:	677D19CCA6AA16DDB8B38C6D30459A0CA9EC16749FD19171EAE03825E57C7BBD74A8E0A0EC9497EB13254C02E7F9863A5E2C2B43383EBC623C5EDC86C5BAAD7B
Malicious:	false
Preview:	"Friends/SubPanelFindBuddy.res"..{..."UserNameEdit"...{...."ControlName".."TextEntry"...."fieldName".."UserNameEdit"...."xpos".."30"...."ypos".."134"...."wide".."240"...."tall".."20"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."textHidden".."0"...."editable".."1"...."maxchars".."-1"...}..."FirstNameEdit"...{...."ControlName".."TextEntry"...."fieldName".."FirstNameEdit"...."xpos".."30"...."ypos".."184"...."wide".."240"...."tall".."20"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."3"...."textHidden".."0"...."editable".."1"...."maxchars".."-1"...}..."LastNameEdit"...{...."ControlName".."TextEntry"...."fieldName".."LastNameEdit"...."xpos".."30"...."ypos".."234"...."wide".."240"...."tall".."20"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."4"...."textHidden".."0"...."editable".."1"...."maxchars".."-1"...}..."EmailEdit"...{...."ControlN

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\SubPanelFindBuddyComplete.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	742
Entropy (8bit):	4.5822510297732535
Encrypted:	false
SSDEEP:	12:ZBZxjBCthsALzPuVs6dalXng5LqzP5gmmsGLsM:ZBZhGHGygRmptM
MD5:	64D572184F4E87EF7AB846630DD7A2E3
SHA1:	2632DC622857914D7595E72B9158679B20E0517A
SHA-256:	9A85E7B9C9C80098DD6716275C4011411C5F22CBFC3730C99894A991D8F11900
SHA-512:	8429C2F7F49D563B355477AEF48ED38AB29C33D1A4E3AFAFA31D4A6C1DD63C9FF01B76FF3D4B1533016EBE5405B086AB2FDF87E496588C79251989F498F4BF76
Malicious:	false
Preview:	"Friends/SubPanelFindBuddyComplete.res"..{..."SubPanelFindBuddyComplete"...{...."ControlName".."WizardSubPanel"...."fieldName".."SubPanelFindBuddyComplete"...."xpos".."5"...."ypos".."29"...."wide".."470"...."tall".."291"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."WizardWide".."0"...."WizardTall".."0"...}..."InfoText"...{...."ControlName".."Label"...."fieldName".."InfoText"...."xpos".."32"...."ypos".."32"...."wide".."380"...."tall".."87"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#TrackerUI_AuthRequestSent"...."textAlignment".."north-west"...."dulltext".."0"...."brighttext".."0"...."wrap".."1"...}..}...

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\SubPanelFindBuddyRequestAuth.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	601
Entropy (8bit):	4.579088938207592
Encrypted:	false
SSDEEP:	12:qSdYDBH0dsBrRchY7SA0DNH/mHdsXqalh:qdBK82ASfVqu
MD5:	B3180A492026ACFD2FE531BE5CC99297
SHA1:	BEFEE3121B47CFF0FD7A642F1BA56F7F01DE4383
SHA-256:	708B6068D2F2428E131289E125815DE862567B70FC019FF94B3A7DBCB79B2457
SHA-512:	17B8167A33F67FC8FB6D4EF45EFB96C170C460549E55F9063344C266A8F06E1BA9ABD09FADE18E55D833CF3CD750CBCD109FA8DCE824F4F98C37D96B25ABAADF
Malicious:	false
Preview:	"Resource\SubPanelFindBuddyReque"..{..."EditBox"...{...."tabPosition".."1"...."enabled".."1"...."visible".."1"...."BgColor".."100 100 100 255"...."FgColor".."255 170 0 255"...."tall".."84"...."wide".."364"...."ypos".."164"...."xpos".."44"...."fieldName".."EditBox"...."ControlName".."Panel"...}..."InfoText"...{...."textAlignment".."west"...."labelText"..""...."tabPosition".."0"...."enabled".."1"...."visible".."1"...."BgColor".."70 70 70 255"...."FgColor".."255 170 0 255"...."tall".."88"...."wide".."364"...."ypos".."48"...."xpos".."44"...."fieldName".."InfoText"...."ControlName".."Label"...}..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\SubPanelFindBuddyResults.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	986
Entropy (8bit):	4.501010422248645
Encrypted:	false
SSDEEP:	12:ZBZ85sALzPuVsaEIv7ynUuIsVyzPAdal4ynTMb1nzP5guHLsM:ZBZ8nHGrEI3JQ3bhQM
MD5:	499CA054E2739BDF353662E6E8DD58FF
SHA1:	3857E5F3464B255F559DE0D6215C11C54C33E05C
SHA-256:	118C32CBDFF060E39ECAB273547C75315DF0D890B4BD7AB81E0E78B3456BB43C
SHA-512:	02E311635AD040F812DC6A666F4704DDE5E5B33764C9F2DE0BD48640C8BA43447A1462ADAA6C741C0FD55144162FEE5DBFA97C6EC26FFE7510AF72B052EA8F5A
Malicious:	false
Preview:	"Friends/SubPanelFindBuddyResults.res"..{..."SubPanelFindBuddyResults"...{...."ControlName".."CSubPanelFindBuddyResults"...."fieldName".."SubPanelFindBuddyResults"...."xpos".."5"...."ypos".."29"...."wide".."470"...."tall".."291"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."WizardWide".."0"...."WizardTall".."0"...}..."Table"...{...."ControlName".."ListPanel"...."fieldName".."Table"...."xpos".."16"...."ypos".."68"...."wide".."440"...."tall".."208"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...}..."InfoText"...{...."ControlName".."Label"...."fieldName".."InfoText"...."xpos".."16"...."ypos".."12"...."wide".."412"...."tall".."44"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#TrackerUI_SelectFriendFromList"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."wrap".."1"...}..}...

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\SubPanelUserInfoDetails.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3409
Entropy (8bit):	4.428885673615469
Encrypted:	false
SSDEEP:	96:h0F9SxYeWnC4lSsocBSZodE6ZSioYEIfiKxb0S9:h09SxYeWnCiSsocBSZodE6ZSioYEIfia
MD5:	9A433E3218106666D276E6C6CCF4BE04
SHA1:	4ADE35E0C9EEDCFC1FBF93BD4B20155A45AA4BCA
SHA-256:	326A549AE58E9A452A03A040508A88861B524E2EAAE3940C5372CE5EFB8A3C7B
SHA-512:	7F49BFB5A938C276432D1EB81572F3A9EDDCC4CB8945650DC958EA97A3700214831F29C0040E769691D35F1809B1662CE876688D2183AD4972A34DEE10E9F566
Malicious:	false
Preview:	"Friends/SubPanelUserInfoDetails.res"..{..."DisplayNameEdit"...{...."ControlName".."TextEntry"...."fieldName".."DisplayNameEdit"...."xpos".."16"...."ypos".."36"...."wide".."360"...."tall".."20"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."textHidden".."0"...."editable".."1"...."maxchars".."-1"...."NumericInputOnly".."0"...."unicode".."0"...}..."DisplayNameText"...{...."ControlName".."Label"...."fieldName".."DisplayNameText"...."xpos".."16"...."ypos".."16"...."wide".."360"...."tall".."20"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#TrackerUI_NameToDisplay"...."textAlignment".."west"...."associate".."DisplayNameEdit"...."dulltext".."0"...."brighttext".."0"...."wrap".."0"...}..."UserNameEdit"...{...."ControlName".."TextEntry"...."fieldName".."UserNameEdit"...."xpos".."16"...."ypos".."88"...."wide".."360"...."tall".."20"...."autoResize".."0"...."pinCorner".."0"

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\SubPanelUserInfoStatus.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	2510
Entropy (8bit):	4.564757922987722
Encrypted:	false
SSDEEP:	48:ZBZQ0+41Z7XnC1TBpmfQEZ7q2CZ7Gb/pkOVZ71:hQ21tnutyQEI2CwvVj
MD5:	B02AC8C5E934BE1F7C2BB344D916B865
SHA1:	BBE5BB643B116745D150911DEC7FCDC8842FE71D
SHA-256:	49F860913883A7463E592F08F43A02F8A1669E3440197A10EC1F17E133921BAB
SHA-512:	3991A1DC928CB474147DC2BBF88D30C3D0D9C28E033F6DB6CE247BBB385E67B14406117A120D62A8C2813A6956BFF1BB9DCBE0F3B33CF7FB1C805E2AF3800511
Malicious:	false
Preview:	"Friends/SubPanelUserInfoStatus.res"..{..."NotifyCheck"...{...."ControlName".."CheckButton"...."fieldName".."NotifyCheck"...."xpos".."26"...."ypos".."32"...."wide".."340"...."tall".."40"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."labelText".."#TrackerUI_NotifyMeWhenUserComesOnline"...."textAlignment".."north-west"...."dulltext".."0"...."brighttext".."0"...."wrap".."1"...."Default".."0"...}..."SoundOnlineCheck"...{...."ControlName".."CheckButton"...."fieldName".."SoundOnlineCheck"...."xpos".."26"...."ypos".."72"...."wide".."340"...."tall".."39"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."#TrackerUI_PlaySoundWhenUserComesOnline"...."textAlignment".."north-west"...."dulltext".."0"...."brighttext".."0"...."wrap".."1"...."Default".."0"...}..."SoundIngameCheck"...{...."ControlName".."CheckButton"...."fieldName".."SoundIngameCheck"...."xpos".."26"...."ypos".."112

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\TrackerDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	4.280693631807706
Encrypted:	false
SSDEEP:	3:ZBNREZAXhMEJ1QAoovYovl:ZBNRWAKEl9l
MD5:	953C105F7C67600A8928E9882C0710ED
SHA1:	0EF54BCE863345AEC0EB59AFCA8A37F99A6E7940
SHA-256:	EEA939D00D9908EC514358278F7681960F7E94E25A9975998DB53921F76DB400
SHA-512:	8DE01469C29E9AAA79CF4C3B634A93F60FF8799529341013421AE9BB186CF95F953786416A09F7B8A0CA905411631048554D140B06A491E5B79690F191D945ED
Malicious:	false
Preview:	"Friends/TrackerDialog.res"..{....}...

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\friend_join.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	11386
Entropy (8bit):	7.212679584308873
Encrypted:	false
SSDEEP:	192:wkFbW01zwAj3MQhwDjizuOFzXCQYbSiqnU0o8mKKEEw/r5n4cizyDVQS2HVnXtd3:wkFiezwAAoZuOFzSQhn7hEylNDT21nXD
MD5:	357DCF3574DB45BEE28582B6D3353E3B
SHA1:	A1F95096CA64847B3CFEDE8C176291C3844EB567
SHA-256:	15EA943E10C4F4EA8AABDC688F267E79F05147F4398A1E19910B129DF9B3F35C
SHA-512:	92760A6C837B3C08B5803F89E6FC791C2A6DD928CDC630CB56C9135BF0F8166A7B2AD6C6338A75DCA664F9B13F9C30F8A812369844341F1D4E0C17F3E3DA9F90
Malicious:	false
Preview:	RIFFr,..WAVEfmt .........+.."V......data.,....L...........N.8.t.g.....q...?...!...f...#.....e.'.......................c.....g.....X...:.'.a..._.........S...-.....[.....E...^.r.......>.....D...........m...H...o.G.n.+.q.........L.p.o.n.....e.....s.X.F.w.w.D...C......=.i.....\..!`...(.!,$......S.9(....Q.+/....v..e#...................>.m.....6....!2....... D.....T...y.n.K......+..?.s...c.n............M.....&...=..#T$)!..p...!.......\|."."....V.C..7............#?%.%.$. ..g.R.......I......z..0...G.c...........*...?.y...>.../.....<. ...w.3.....A.......% . . ....)...M.[.}....d...........E.F.Q.... . ....Y.......r.....w.,.B.%.(.^......j.............s.......8.'...s.-.g....w....6.j.....X.~.S.....i.........s....D.3....6.@.e.#..._.........D.0...p...W...G.......4.g...0...i...n.P...M.......9............................J.....V...Q.....5...A.X...!.....G...............7.G....n.l..L.....&...}.....I.i...G.u.v.+.........V.b.....%.m.....\|....".#>#. `.N...........K.......X.n.D.[.

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\friend_online.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	13628
Entropy (8bit):	7.315694895851715
Encrypted:	false
SSDEEP:	384:313IIqBkhmF4r3OOvcgUO4KyVWZMwGWuOgG3WPJ:xIkhmF4aOvJU/Vz5Wui3WPJ
MD5:	0C63429C4DC88A4D65D285940D820024
SHA1:	3124D422E3332BF9D2A86DFD84F8A5A157E01375
SHA-256:	2D7A518479DF7D05AE3DC2CC3C2F4E67DEE2AADED3C712350A02BC20A62B9CF9
SHA-512:	7ED2810F86AB19684CE66E8658F79DA0C836F74200D1EF9EC1084F2F619780A8D5D83BC1521C2D73A82BCF742D7C3DE0A2EF7149E135D326FB00A01F9CAE7D55
Malicious:	false
Preview:	RIFF45..WAVEfmt .........+.."V......data.4.........................................s...A.......p.Q.....{..d.H.x.5.......=.x.........8...........q.?.......^.B.....r.........v....@.......b.9...........I.........z.6.".o...(....._.....j.......T.D.,.....T...O.Z...j...B.J...&...9.......y...............Q...#.i.t.K...$.=...s.+.q.Y...r...................(.9...H.p...U.T...O.........x.......W.W...F.......`...........}.......b.L.....:......y.B.......^.......a... .7...h.x.........).....6...3.4.....p.T.(.4.>.e.....7.......n.=.........l.+...h.............[...........%....._.e.a......._........."...3.q...........N...E...H...2.c...x.v.......{.....d.......I.................&...!.........A.Y.....o..._.....x.......7.........7............S.H.....?.\|.J.6.M.........._.c...w.......".......,...'...........9.........,...!...............\|...3.2...#..=...k.B.....}.V.......\.Z...........4...V.M.E.r...........w.'.'...B.;.....>..o.E.1.,.o.&.I........L........'."..... .G.y.[.w...+...p.....g.....p......V.

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\friendsrefreshlogindialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2884
Entropy (8bit):	4.438131483233866
Encrypted:	false
SSDEEP:	48:gCZe27l4lC8/cmhFCu/7yGb/mNI/tSxOi/jFYXkd/Ld:gCpR4lC80mhFCuj1bqIF21bFYXUh
MD5:	56BE416E3554BA9C382E472C55E572C2
SHA1:	171464618820DD2CE67FDF88ECA4CD558A48C13C
SHA-256:	49326A5644CD2063C91BF3C02D4E5D350C2EAF03F50315B332E11370D9A88189
SHA-512:	5BD0C985C7268484B0E979CBA73BE4FE84CC38CB2E0B31102518985AC046FEE6249318582B8EA5F280E06DB6753D3632C01747228BFE3C670D4FFA90C1D979AC
Malicious:	false
Preview:	"Steam/RefreshLoginDialog.res"..{..."RefreshLoginDialog"...{...."ControlName".."Frame"...."fieldName".."RefreshLoginDialog"...."xpos".."396"...."ypos".."338"...."wide".."388"...."tall".."244"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."ErrorInfoLabel"...{...."ControlName".."Label"...."fieldName".."ErrorInfoLabel"...."xpos".."31"...."ypos".."42"...."wide".."328"...."tall".."51"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText"..""...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."wrap"..."1"...}..."UserNameEdit"...{...."ControlName".."TextEntry"...."fieldName".."UserNameEdit"...."xpos".."121"...."ypos".."100"...."wide".."238"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."0"...."tabPosition".."1"...."textHidden".."0"...."editable".."1"...."maxchars".."-1"...."NumericInputOnly".."0"...}..."PasswordEdi

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\icon_away.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha - author " " - comment " " - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	1563
Entropy (8bit):	3.3856735700715967
Encrypted:	false
SSDEEP:	48:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKqQKKKKKKKKqoKKKKKqwKKKKqwKw:W
MD5:	79CDD12EBE70657BBCB8D4ABB7AE6848
SHA1:	0EB1626959C4FC9ACC467E18B6AC67EE88C7CF12
SHA-256:	064FA2293AECD49378201E850D9B5B8F7818D90B0E44B3D72035C06E0DFC7A73
SHA-512:	326670D90BD8703CCC19928CB07385B82ADA24DE3A1F1B1024591F12224938043DE693B20A8C7EA78A983BD64F8FAF7BC8CD97B1346AFD5C552F7ED3722D0456
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...(1-.(1-.(1-.(1-.P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.P...P...P...P...P...(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.P...(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.P...(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.P...(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.P...(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...(1-.(1-.(1-.(1-.P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\icon_blocked.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha - author " " - comment " " - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	1563
Entropy (8bit):	3.3841312588436714
Encrypted:	false
SSDEEP:	48:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKqQKKKKKKKKqoKKKKKqnKKKKqDKh:D
MD5:	0BDB1643FF59C5349B10A67944CE1FAE
SHA1:	CB6778EF77DB2C588E58DBE47E05EAF7C551A757
SHA-256:	41E3AC3DBA5B3058428D72C8F86F36AA0CAEC8566A5133E82B741AA42AB46665
SHA-512:	FF09B3DBD8EA4A3CFA602A70ED0880B5A6E2FDE854D69992D18DDDBD1ECF7276C0AF56536B630B968734DBF24D8A8841F8C3C005CF9ABAE7EEF7C26524B28BCC
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...(1-.(1-.(1-.(1-.P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...(1-.(1-.(1-.(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.7F>.P...(1-.P...(1-.(1-.(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.P...(1-.(1-.(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.P...(1-.(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.P...(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.(1-.P...(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.(1-.P...(1-.P...7F>.7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.(1-.(1-.P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...(1-.(1-.(1-.(1-.P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\icon_busy.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha - author " " - comment " " - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	1563
Entropy (8bit):	3.3918242037226127
Encrypted:	false
SSDEEP:	48:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKqQKKKKKKKKqoKKKKKqMKKKKqnKk:j
MD5:	CD1135AA0C6C726CECB602B0BA3E4A08
SHA1:	BFE5147E0873A8A111AF8ECF5068375EAD832142
SHA-256:	53BE0DEAD29ECF68853B3105D5021C072DEC11156ACC711A89C31F367190AC2E
SHA-512:	72155FEFF489EB0B9EBCAAF9ED47905CB3FBA87FC72491FFD6A67E1CDD0B3291FD8E9CBDED7373687608EFE03BFC7351C0FB2953338E636A565B146A7698502A
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...(1-.(1-.(1-.(1-.P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.P...P...(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.P...P...P...(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.(1-.P...(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.(1-.P...(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.(1-.P...(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.(1-.P...(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.P...P...P...(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.P...P...(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...(1-.(1-.(1-.(1-.P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\icon_connecting.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	2.177488052603168
Encrypted:	false
SSDEEP:	24:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKs:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKs
MD5:	CB39E3A0EFCBA5CF43ADB241E03F3C53
SHA1:	2EF3B884C136B66E0B6ACEE1A5A201506BF3DEB0
SHA-256:	B490E7F1176C6B61610F6DB010EFB9DBD200B54AE09026654A96BCFB12AA3470
SHA-512:	30B7DD4A3B927D16DF6CE7D76F0B2A5AA78EFB53B418EC80DD287A38EA8512981A0743202FB673B2097DBE033CAF10254A77C5B0497CB24340998BB31E770A72
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\icon_in-game.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	2.177488052603168
Encrypted:	false
SSDEEP:	24:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKs:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKs
MD5:	CB39E3A0EFCBA5CF43ADB241E03F3C53
SHA1:	2EF3B884C136B66E0B6ACEE1A5A201506BF3DEB0
SHA-256:	B490E7F1176C6B61610F6DB010EFB9DBD200B54AE09026654A96BCFB12AA3470
SHA-512:	30B7DD4A3B927D16DF6CE7D76F0B2A5AA78EFB53B418EC80DD287A38EA8512981A0743202FB673B2097DBE033CAF10254A77C5B0497CB24340998BB31E770A72
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\icon_message.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha - author " " - comment " " - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	1563
Entropy (8bit):	3.381659834250398
Encrypted:	false
SSDEEP:	48:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK1:z
MD5:	291477801E1BEA8B7E5A2504456DA9ED
SHA1:	5FD8AAA25C86528B556F87690ECBC7BB912FD445
SHA-256:	77127F1D8BD429E9AA3DB81A1938131CAD9310E857256826E67C4BC4605FBA81
SHA-512:	5101E608DF582EA0AE13C4A6EB6BA25A9F963FA48D4D35DE7C36F9017ACF38B15F81DA2E92FDCCC7ED59A1F6DA88F996E5F534EE53F651ECA23BBC8FB3B8D7E8
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...P...P...P...P...P...P...P...P...P...P...7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.(1-.P...P...(1-.(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.(1-.(1-.P...(1-.(1-.P...(1-.(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.(1-.P...(1-.(1-.(1-.(1-.P...(1-.(1-.P...7F>.7F>.7F>.7F>.P...(1-.P...(1-.(1-.(1-.(1-.(1-.(1-.P...(1-.P...7F>.7F>.7F>.7F>.P...P...(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.P...P...7F>.7F>.7F>.7F>.P...P...P...P...P...P...P...P...P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\icon_offline.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	2.177488052603168
Encrypted:	false
SSDEEP:	24:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKs:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKs
MD5:	CB39E3A0EFCBA5CF43ADB241E03F3C53
SHA1:	2EF3B884C136B66E0B6ACEE1A5A201506BF3DEB0
SHA-256:	B490E7F1176C6B61610F6DB010EFB9DBD200B54AE09026654A96BCFB12AA3470
SHA-512:	30B7DD4A3B927D16DF6CE7D76F0B2A5AA78EFB53B418EC80DD287A38EA8512981A0743202FB673B2097DBE033CAF10254A77C5B0497CB24340998BB31E770A72
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\icon_online.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	2.177488052603168
Encrypted:	false
SSDEEP:	24:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKs:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKs
MD5:	CB39E3A0EFCBA5CF43ADB241E03F3C53
SHA1:	2EF3B884C136B66E0B6ACEE1A5A201506BF3DEB0
SHA-256:	B490E7F1176C6B61610F6DB010EFB9DBD200B54AE09026654A96BCFB12AA3470
SHA-512:	30B7DD4A3B927D16DF6CE7D76F0B2A5AA78EFB53B418EC80DD287A38EA8512981A0743202FB673B2097DBE033CAF10254A77C5B0497CB24340998BB31E770A72
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\icon_snooze.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha - author " " - comment " " - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	1563
Entropy (8bit):	3.332597280042779
Encrypted:	false
SSDEEP:	48:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKTKKKKKKKK7KKKKKPKKKKnKKKgK6:u
MD5:	6A5EB6FC218C4D387D7294D00ABD504E
SHA1:	048F4C5A98C9438E463538B62FA8DD31AFD45BC9
SHA-256:	01B7ED5FD3BEBD5F040934F16CB4F0092C8FEF48AE4DF9D84A848F9CF555E2E2
SHA-512:	29D71B79E9A7B7B5514EB175678B6608073320D3BBB47798647A2FF2F0A9AD6D58795C23F7A065B43A304BD2C1AC3201A1A6742179D28B44531245734AF44AC4
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.(1-.(1-.(1-.(1-.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.7F>.7F>.7F>.7F>.7F>.7F>.7F>.(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.7F>.7F>.7F>.7F>.7F>.7F>.(1-.P...P...P...P...(1-.(1-.(1-.(1-.(1-.7F>.7F>.7F>.7F>.7F>.(1-.(1-.P...(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.7F>.7F>.7F>.7F>.(1-.(1-.(1-.P...(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.7F>.7F>.7F>.7F>.(1-.(1-.(1-.(1-.P...(1-.(1-.P...P...P...(1-.(1-.7F>.7F>.7F>.7F>.(1-.(1-.(1-.(1-.(1-.P...(1-.P...(1-.(1-.(1-.(1-.7F>.7F>.7F>.7F>.7F>.(1-.P...P...P...P...(1-.(1-.P...(1-.(1-.7F>.7F>.7F>.7F>.7F>.7F>.(1-.(1-.(1-.(1-.(1-.(1-.(1-.(1-.P...(1-.7F>.7F>.7F>.7F>.7F>.7F>.7F>.(1-.(1-.(1-.(1-.(1-.P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.(1-.(1-.(1-.(1-.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\joinfriendsbetadialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2983
Entropy (8bit):	4.529749297558819
Encrypted:	false
SSDEEP:	48:qMnD/0vfGrR+fqfF2EZS7GE4fZAGfOdcO5E:qMDsv4R+y0EkqE4hAG2aOa
MD5:	6D98E06FD13D2AB257E540199DADF33E
SHA1:	858C9D1B68A633037D0901EDB8CC611DA861768B
SHA-256:	0A14CA866BC9E007FBF918D46720F410D1783DB508C909AF2F467592C096C559
SHA-512:	0658CE34160053ECFE4D55F5F3316034AC99BA94CD9C2C4CE2D61C8750AEE76037511818CDEFFCDEBAB5CBA489FC3608418D6246E478FA539A3473D81032F343
Malicious:	false
Preview:	"friends/joinfriendsbetadialog.res"..{..."JoinFriendsBetaDialog"...{...."ControlName".."CJoinFriendBetaDialog"...."fieldName".."JoinFriendsBetaDialog"...."xpos".."613"...."ypos".."429"...."wide".."374"...."tall".."314"...."AutoResize".."0"...."PinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."paintbackground".."1"...."settitlebarvisible".."1"...."title".."#Friends_JoinFriendsBeta_Title"...}..."ActivateFriendBeta"...{...."ControlName".."Button"...."fieldName".."ActivateFriendBeta"...."xpos".."16"...."ypos".."270"...."wide".."214"...."tall".."24"...."AutoResize".."0"...."PinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."paintbackground".."1"...."labelText".."#Friends_ActivateFriendsBeta"...."textAlignment".."west"...."wrap".."0"...."Default".."0"...}..."PersonaNameEntry"...{...."ControlName".."TextEntry"...."fieldName".."PersonaNameEntry"...."xpos".."17"...."ypos".."221"...."wide".."243"...."tall".."24"...."AutoResize".."0"...."PinC

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\requestingfriendshipdialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2829
Entropy (8bit):	4.535128274403624
Encrypted:	false
SSDEEP:	48:yXHXU/nhfGeDhfFHlfl9ffs0mkEnnf5S/fZ:y3E5l1llff00fEnnhex
MD5:	13D7F2EAC55B945979338A1E2E6F7CA3
SHA1:	631C85D84C2F14CE2A2BCDA510E1055896565888
SHA-256:	186867A7764171AC9A4AC70CBE8BDFBEE137B0597E776E09DF026AE2AE0AF15A
SHA-512:	7B628BAF01012D7AB15484D327C8068DC2CE1DA41F3BC686A643B8B77C4A4C022BCCB6B81EAB9396D5A5F232F7097D0C85D404D6618C2302F0EDA8730735AF54
Malicious:	false
Preview:	"friends/requestingfriendshipdialog.res"..{..."RequestingFriendshipDialog"...{...."ControlName".."CRequestingFriendshipDialog"...."fieldName".."RequestingFriendshipDialog"...."xpos".."660"...."ypos".."483"...."wide".."550"...."tall".."224"...."AutoResize".."0"...."PinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."paintbackground".."1"...."settitlebarvisible".."1"...."title".."#Friends_UserRequestingFriendship_Title"...}..."OKButton"...{...."ControlName".."Button"...."fieldName".."OKButton"...."xpos".."360"...."ypos".."184"...."wide".."84"...."tall".."24"...."AutoResize".."0"...."PinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."paintbackground".."1"...."labelText".."#vgui_ok"...."textAlignment".."west"...."wrap".."0"...."Default".."1"...."selected".."0"...}..."Button1"...{...."ControlName".."Button"...."fieldName".."Button1"...."xpos".."450"...."ypos".."184"...."wide".."84"...."tall".."24"...."AutoResize".."0"...."PinCorner".."0".

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Friends\trackerui_english.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (330), with CRLF line terminators
Category:	dropped
Size (bytes):	30922
Entropy (8bit):	3.5094101873104293
Encrypted:	false
SSDEEP:	384:192C/TuhUqv8Y8eySLIiTRdEyJnpK8uoS:192C/TuhUqv8Y8bSB7LJnpK1oS
MD5:	012986D1364FCC3142ED20D777D8E2CC
SHA1:	068F754F3FEEC606D35184A1DD85CF4B27AB4022
SHA-256:	4DC70955B9CD50E1E360AA41AF5FCAD08393135C861855998E24560A17ED0298
SHA-512:	B4103E5768DCB6F7ECB3A12515C7DEE0CD87A25B7EB5B5FFF85B699648BFD91BAE11347BADEC38CE6E7B07459A55050923998F659DD35765DF6B027697B1F536
Malicious:	false
Preview:	..".l.a.n.g.". .....{. .....".L.a.n.g.u.a.g.e.". .".E.n.g.l.i.s.h.". .....".T.o.k.e.n.s.". .....{. .....".T.r.a.c.k.e.r.U.I._.W.i.s.h.e.s.T.o.A.d.d.T.o.C.o.n.t.a.c.t.L.i.s.t._.N.a.m.e._.R.e.a.s.o.n."...".%.s.1. .w.i.s.h.e.s. .t.o. .a.d.d. .y.o.u. .t.o. .h.i.s./.h.e.r. .c.o.n.t.a.c.t. .l.i.s.t...\.n.%.s.2.".....".T.r.a.c.k.e.r.U.I._.W.i.s.h.e.s.T.o.A.d.d.T.o.C.o.n.t.a.c.t.L.i.s.t._.N.a.m.e.".....".%.s.1. .w.i.s.h.e.s. .t.o. .a.d.d. .y.o.u. .t.o. .h.i.s./.h.e.r. .c.o.n.t.a.c.t. .l.i.s.t...".....".T.r.a.c.k.e.r.U.I._.R.e.m.o.v.e.W.a.r.n.i.n.g.L.a.b.e.l._.F.r.i.e.n.d.N.a.m.e.".....".Y.o.u. .a.r.e. .a.b.o.u.t. .t.o. .r.e.m.o.v.e. .%.s.1. .f.r.o.m. .y.o.u.r. .c.o.n.t.a.c.t. .l.i.s.t...".....".T.r.a.c.k.e.r.U.I._.W.e.l.c.o.m.e.T.o.T.r.a.c.k.e.r._.N.a.m.e.".......".L.o.g.i.n. .C.o.m.p.l.e.t.e.!. . .W.e.l.c.o.m.e. .t.o. .T.r.a.c.k.e.r.,. .%.s.1...".....".T.r.a.c.k.e.r.U.I._.A.t.t.e.m.p.t.i.n.g.T.o.L.o.g.i.n._.E.m.a.i.l.".......".A.t.t.e.m.p.t.i.n.g. .t.o. .l.o.g. .i.n.,. .%.s.1.".....".T.r.a.c.

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\DialogServerBrowser.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1098
Entropy (8bit):	4.397456719507589
Encrypted:	false
SSDEEP:	12:arcj9HkQHwwSzPWAnw4kkX7LHz/6ksiHzHs4kpyfUyNvg1xHU3egXHzPgGLsS:aC9fQPOAnwkLT/zfz91j4tS
MD5:	423F4673E863638F01B82C3890C2D112
SHA1:	E7DC1E6846837A76378BA477A1EAC8A8FD29BDDC
SHA-256:	606DB63FC433721132E5A5E4F3B5F77940AC432CB5BDF2AF3F562F6E8C1814C1
SHA-512:	7AEE74B70C8CDEE9654858C9C5B0A0C88261CE956AEC0F9B63A558D965FC0EE6D0C893126F44C1EF604D051582BB1E29C4C3CECE01307A0536019751BC1B28DA
Malicious:	false
Preview:	"Servers/DialogServerBrowser.res"..{..."CServerBrowserDialog"...{...."ControlName".."Frame"...."fieldName".."CServerBrowserDialog"...."xpos".."20"...."ypos".."20"...."wide".."564"...."tall".."394"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."ServerContextMenu"...{...."ControlName".."Menu"...."fieldName".."ServerContextMenu"...."xpos".."0"...."ypos".."0"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."GameTabs"...{...."ControlName".."PropertySheet"...."fieldName".."GameTabs"...."xpos".."0"...."ypos".."61"...."wide".."548"...."tall".."331"...."autoResize"."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...}..."StatusLabel"...{...."ControlName".."Label"...."fieldName".."StatusLabel"...."xpos".."11"...."ypos".."394"...."wide".."544"...."tall".."20"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\DialogServerPage.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7677
Entropy (8bit):	4.468629396356213
Encrypted:	false
SSDEEP:	96:42+oMpVKxTGjjowOgybB+14tr4LaHL9L9:D+oMzKxTGjjowOgybB+1Sr4LaHL9L9
MD5:	35C1D5218F960E64B0DE25F3274464FF
SHA1:	DC501A7FD457F2B6E189CDD24C020F39172C5588
SHA-256:	81AC3E81F660882846BB11EE6F6A4075648E8DFB23D50B6AF5A51475358C4117
SHA-512:	EE684718C518ABB8FF3B0C6A1C7CF8CD25509E907403A43FE23C140667898439080B8E5825EEAC363F508FFA40DA5452E6C2D7521D810EFE77042DFC071DB606
Malicious:	false
Preview:	"Servers/DialogServerPage.res"..{..."ConnectButton"...{...."ControlName".."Button"...."fieldName".."ConnectButton"...."xpos".."590"...."ypos".."420"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."2"...."visible".."1"...."enabled".."0"...."tabPosition".."1"...."labelText".."#ServerBrowser_Connect"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."wrap".."0"...."Command".."connect"...."Default".."1"...}..."RefreshButton"...{...."ControlName".."Button"...."fieldName".."RefreshButton"...."xpos".."502"...."ypos".."420"...."wide".."84"...."tall".."24"...."autoResize".."0"...."pinCorner".."2"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."#ServerBrowser_RefreshAll"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."wrap".."0"...."Command".."GetNewList"...."Default".."0"...}..."RefreshQuickButton"...{...."ControlName".."Button"...."fieldName".."RefreshQuickButton"...."xpos".."406"...."ypos".."420"...."w

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\DialogServerPassword.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	2712
Entropy (8bit):	4.457356655989966
Encrypted:	false
SSDEEP:	24:a/lbd5FXsLTxtJ74LTHMtZucpPErSLTaRxtSZLTm7YuKgLsoLTvpiQAx1AA8ZLTi:2ld5F8/G/HoH/aIZ/m/oo/v1XTZ/yn
MD5:	60CABF61DABA6293BCD4ADB7029690FC
SHA1:	7F46AE8CCE66329C54EB82758EDD2DC427C29DC7
SHA-256:	6C3C6DB9C36518621C0A935F467F168B32D809AAA540D6B40FE6ACC1864D9A1E
SHA-512:	BC516616D9D350D69A898FFB17F2D32A65E8639A7F198476E5B2B272CF7FF16583B741050BF4F7C8B43FB0129EA45A0DEE126A460B1C1B031F28E94222F39D2F
Malicious:	false
Preview:	"Servers/DialogServerPassword.res"..{..."DialogServerPassword"...{...."ControlName".."Frame"...."fieldName".."DialogServerPassword"...."xpos".."495"...."ypos".."409"...."wide".."290"...."tall".."176"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."settitlebarvisible".."1"...."title".."#ServerBrowser_ServerRequiresPasswordTitle"...}..."InfoLabel"...{...."ControlName".."Label"...."fieldName".."InfoLabel"...."xpos".."20"...."ypos".."68"...."wide".."252"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#ServerBrowser_PasswordRequired"...."textAlignment".."north-west"...."dulltext".."0"...."brighttext".."0"...."wrap".."0"...}..."GameLabel"...{...."ControlName".."Label"...."fieldName".."GameLabel"...."xpos".."20"...."ypos".."42"...."wide".."252"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\InternetGamesPage.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6517
Entropy (8bit):	4.5033449882419765
Encrypted:	false
SSDEEP:	48:30ELzo+f73fbYf7qfONrfO5s9lf2ueswNf9Q7kxf95l72f9Wrf9Q7nzmf9Q7X7fR:3TLBz3Mzqe+wleuQhxz0Oj0QSBmmOK
MD5:	C45425164D25DE0092E993F1C4EF421D
SHA1:	ED376B856EF5AFB1D72CDF67A1D3779C76BFB1E3
SHA-256:	852D0EDB6591279D77C78DD929039E2F9D17E1609A3D0FDB29FD3726E952F554
SHA-512:	83557F61C0AA89CA8F407D240B182D5B171128BCF15A1867D34456ABDEE0113953DF7FD34CA33C08CB4540F5BB23D80EEE162631A5E690AE2B7EF8BE66A27899
Malicious:	false
Preview:	"servers/InternetGamesPage.res"..{..."InternetGames"...{...."ControlName".."CInternetGames"...."fieldName".."InternetGames"...."xpos".."0"...."ypos".."28"...."wide".."624"...."tall".."278"...."AutoResize".."0"...."PinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."paintbackground".."1"...}..."ConnectButton"...{...."ControlName".."Button"...."fieldName".."ConnectButton"...."xpos".."555"...."ypos".."212"...."wide".."64"...."tall".."24"...."AutoResize".."0"...."PinCorner".."3"...."visible".."1"...."enabled".."0"...."tabPosition".."1"...."paintbackground".."1"...."labelText".."#ServerBrowser_Connect"...."textAlignment".."west"...."wrap".."0"...."Command".."connect"...."Default".."1"...}..."RefreshButton"...{...."ControlName".."Button"...."fieldName".."RefreshButton"...."xpos".."462"...."ypos".."212"...."wide".."84"...."tall".."24"...."AutoResize".."0"...."PinCorner".."3"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."paintbackground".."1"...."label

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\InternetGamesPage_Filters.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8339
Entropy (8bit):	4.499071670765812
Encrypted:	false
SSDEEP:	192:nLBz3Mzqe+wyeuD24+VKwi3SBp0yXp2LKvBLlLx:nLBTMuetye824WKwi3e0yXp2LKvBLlLx
MD5:	CAC66375E890C41AC1C45F3373C10492
SHA1:	923DA2B5E2DA4139778CD01847BDC792FA3039A3
SHA-256:	D068BA682578F208AABD92372EF765EEF920DF5AC4D494DED3C8A51B22FD9F98
SHA-512:	AAE334C5BCFE3477010AD92CBC86519A5C9DDC10684C440D582B44DF533B08F3FC735A1F6401795C1FB8B936D800B31333E67B0AF91B354A3BF923CFE5AFEE07
Malicious:	false
Preview:	"servers/InternetGamesPage_Filters.res"..{..."InternetGames"...{...."ControlName".."CInternetGames"...."fieldName".."InternetGames"...."xpos".."0"...."ypos".."28"...."wide".."624"...."tall".."278"...."AutoResize".."0"...."PinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."paintbackground".."1"...}..."ConnectButton"...{...."ControlName".."Button"...."fieldName".."ConnectButton"...."xpos".."555"...."ypos".."212"...."wide".."64"...."tall".."24"...."AutoResize".."0"...."PinCorner".."3"...."visible".."1"...."enabled".."0"...."tabPosition".."1"...."paintbackground".."1"...."labelText".."#ServerBrowser_Connect"...."textAlignment".."west"...."wrap".."0"...."Command".."connect"...."Default".."1"...}..."RefreshButton"...{...."ControlName".."Button"...."fieldName".."RefreshButton"...."xpos".."462"...."ypos".."212"...."wide".."84"...."tall".."24"...."AutoResize".."0"...."PinCorner".."3"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."paintbackground".."1"..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\VACBannedConnRefusedDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	1988
Entropy (8bit):	4.607497313663141
Encrypted:	false
SSDEEP:	24:SDjJDSDtDrT/z2SI0oLTfCLjHEHYzKQBtYFAiLTjozc5dYq7LM1P15:AjlARrTb2TF/e7E4zKQUAi/GcBL65
MD5:	EBA6A83B4AE5538E8E2956CA0648B5B8
SHA1:	89CEFFA74593AB088A7F1E0AB66D6F4630A318CF
SHA-256:	B43A04DB9614DDDBAF3147D1CBADD14D178B0D5E61A38DB00CE8B4029B5EA11E
SHA-512:	6236AEC1DF5AB304909E3885D69B90E208BD4E29FA360E47A7D3A621B83C65E2DFCAAE59A69441058D6DBAB2B1310CDA9471FF46E2C4E3E1B877FDE4E9FDD6A4
Malicious:	false
Preview:	"servers/VACBannedConnRefusedDialog.res"..{..."VACBannedConnRefusedDialog"...{...."ControlName".."CVACBannedConnRefusedDialog"...."fieldName".."VACBannedConnRefusedDialog"...."xpos".."560"...."ypos".."475"...."wide".."480"...."tall".."220"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."settitlebarvisible".."1"...."title".."#VAC_ConnectionRefusedTitle"...}..."Button1"...{...."ControlName".."Button"...."fieldName".."Button1"...."xpos".."374"...."ypos".."176"...."wide".."84"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."labelText".."#vgui_close"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."wrap".."0"...."Command".."Close"...."Default".."1"...}..."Label1"...{...."ControlName".."Label"...."fieldName".."Label1"...."xpos".."95"...."ypos".."41"...."wide".."352"...."tall".."116"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."e

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\game_ready.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	8378
Entropy (8bit):	6.321372371604288
Encrypted:	false
SSDEEP:	192:LHof4MX8grPx+KB4JLRJG7ZLKOsAtybVIu6HLsYfzlz5Oni8:kww84+LRQKJAtybK8YfRz5ai8
MD5:	25D68BC70C2B5463FE98D6FFEC5C2866
SHA1:	86E025F7D060AEC0D47FE062F6340DBB05519E79
SHA-256:	9F839221582B729C925B1BE1C6C09A4006D47566D6F9FF580337AF1539B3679B
SHA-512:	97369A9FE1F775591C189EDCF8AB71801C9CEC41C2C32708812FEE2457684367818E58230AF94E03389DC9409854E5F4D3D07861B93F227F4B7797A7A3972088
Malicious:	false
Preview:	RIFF. ..WAVEfmt ........"V.."V......data@ ..r\|...vt....ts~..zz~...tw\|yuv}....yq\|.}..\|..yrkn...~yw..yqqz..xlhp..{wv{..vel...zkk{..wpy.}ys`k....rq\|.}lal....pv.~pkp{...vgn}tq~..\|g^gw..nUdx...ZPp..kMa...NQ...o.z^Z..V].yy.d\w...sgo..wjm}..{ffx.\|u}zu{tqx}..zvrsvpjo~.zzoadz.}y\|z{.~j`u..xlegv.zmr..ztqpv\|}{srzwqqmmv.~vkn.{oz}xxxrgkttomvrq}vlr\|..ukmqvxoiqzyphel{.}qlr~.vnik~.vgbhuvlgjw..pipz\|ytigu~vfagoyxlmvxxvmhu..sbgrqukUc..yhjny..tinyzrhadu.xfejy.yquywpmjfq{ylhoihnjglx\|vvwtoowumkljc`epu{{qr}.qcnxwxrhenvneakw\|\|rhq..silmx.n]^jpjhc_m..wnruyzi_esxl`Z\hpmdal{..hcqz{rd[avyg[Zbozye`p~.}nehuwja\\cnn[Ygis~}{}{vkcbceikfge[[ber\|vpo{{okhix.qQJWX_gcbl..xolnu.}aRYhog[W\lwo^\h{..yibmsmb^bhjcVOUgsvx~.\|xoebcimh_di][[[dpxunsxvqjfgmojaXYdib^alrswpmy}vlgb^ms_SYimd_UWr..vnlqzxdWZjspjVL_kmkcfz..sdajtsl\YkodZVX^pyolv}xtui`hrn]`d\cjc^biej}}unheeoqdbdbjhWPWhv\|vijy.{naZ_vw]UX_ilf\[gw}tmmu{ym_Yaloe_YUenecjr\|.zrkjmnfb`\blj^W\cfjuxsv\|wqme^cjfccb[S`kgnxz{~\|j^eoqib]X\dbTUelv~rgkz.xokf`ehSKYalqfYYfw.{rrqooe[VWakmfYRV`kqqsy..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\icon_bots.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	3.269724428106899
Encrypted:	false
SSDEEP:	24:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKN:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKN
MD5:	7EE4E8F18BF4A942B934F2D84A986A61
SHA1:	7CBDAE03E6569A8CBB5E18E0F202431F3E9D2746
SHA-256:	39BF59940A17A7F36E50F06C6C2405198960F0B965A14FEF924163A429FEA33F
SHA-512:	249798D9BE8021F4CA86E018AA06118A6F18397FD9A4690B54FC60D724AEF5DE9B9D492E9868CF0CBB89601F1268A26AA03A670E70B1DD56FB07D266136A4F16
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.C}.vP...P...P...P...P...P...P...C}.v7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...P...P...P...P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...C}..7F>.7F>.7F>.P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...C}..7F>.P...7F>.D~..P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...C}..7F>.7F>.7F>.P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...C}..7F>.P...7F>.D~..P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...C}..7F>.7F>.7F>.P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...P...P...P...P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.C}.vP...P...P...P...P...P...P...C}.t7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\icon_bots_column.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	3.2817805988828437
Encrypted:	false
SSDEEP:	6:vc/MLvEEEM/pKMu0hK6HqKMu0hK6HqKNKKv86lWUEEMlsapK:vzfu09Kfu09KsKAQ7fpK
MD5:	D7104332285BB4DB2190F4DEE2B15A79
SHA1:	490700B92EF387F22A13870A660395AFF9B25B60
SHA-256:	FE42387E6A9BB51C7506B4EE2EBF4C91A37857889148935D0CAE02A89A908EFD
SHA-512:	DC287B9A5AA098C25724ECF323D1117E969240A43D04E5AA41AB7A735B410A9A038A5D523928F07A817E1A73F277B33A9BBE44FE2B1C16EB142DF549DA193C42
Malicious:	false
Preview:	................ .DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.v.\|v............................v.\|vDXL.DXL.DXL.DXL.DXL.DXL.DXL.....................................DXL.DXL.DXL.DXL.DXL.DXL.DXL.............DXL.DXL.DXL.............DXL.DXL.DXL.DXL.DXL.DXL.DXL.............DXL.....DXL.w.}.........DXL.DXL.DXL.DXL.DXL.DXL.DXL.............DXL.DXL.DXL.............DXL.DXL.DXL.DXL.DXL.DXL.DXL.............DXL.....DXL.w.}.........DXL.DXL.DXL.DXL.DXL.DXL.DXL.............DXL.DXL.DXL.............DXL.DXL.DXL.DXL.DXL.DXL.DXL.....................................DXL.DXL.DXL.DXL.DXL.DXL.DXL.v.\|v............................v.\|tDXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DX

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\icon_password.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	3.017576953209457
Encrypted:	false
SSDEEP:	24:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKS:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKS
MD5:	5E65A7414376691E0BB5350AEF782DF7
SHA1:	CBF77B307D1D4D7E02D4F69458BD8C0A4D8C905A
SHA-256:	833AD7399E71F43E6C2A24F770CA62DCC19742BF1497B8610A7FE23D99820B32
SHA-512:	053A63072739108523DFDAB4CB3945CA4D963CB1CEF7CC9AFE8BB3E1DA8627A29E4F34C56EB250F606004EE85B2AA772D7B594481D0CA4ED9686E9F77D202BAD
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...P...P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...D~..D~..D~..D~..D~..P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...P...P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...D~..D~..D~..D~..D~..P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...P...P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...7F>.7F>.7F>.P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...7F>.7F>.7F>.P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...D~..7F>.D~..P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.D~..P...P...P...D~..7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\icon_password_column.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	2.9983114015972436
Encrypted:	false
SSDEEP:	6:uVW7UUXRLWVW7aiPyqLWVmRLWRLWRLWRLWq9WvMYqL4vMY3l4apK:QMUUXRL4MaiPy+4o444MvP+4vP35pK
MD5:	FF273118BFB93B9FD3B99BF58DE3AA13
SHA1:	63E77B6002DAB7BFA476EF5D5BE008C7EE24C753
SHA-256:	A7EF271AFE207CDCA11DFA0B89644D403D8DE5EBC72123F69BFEDACD12420376
SHA-512:	6F6BF2A110763C3401EAA8B67E3FFF8028503C902EFDE0EA03FE2FFEBAFB2DAEF33744497DDBF151F31F5BAA0C7CE093F165CA26456BAC73711767D149816229
Malicious:	false
Preview:	................ .DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.............................DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.....l...l...l...l...l.......DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.............................DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.....l...l...l...l...l.......DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.............................DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.....DXL.DXL.DXL.....DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.....DXL.DXL.DXL.....DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.....l...DXL.l.......DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.l...............l...DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DX

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\icon_robotron.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	3.695862745775527
Encrypted:	false
SSDEEP:	24:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKrKQKKKKKhPKhKKKKhDKKKqrKKF+VPf:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKh
MD5:	029F89A918BD316F92CF6347ACC0BCFC
SHA1:	9CF7542BE220FBDCBDF363493FC6FA6C5CBD8AB0
SHA-256:	BBD044602CA2A4D73A71F77B738D91BFE9E93C09C6F89154EE343747334D62BB
SHA-512:	E851BD22D8448909002AB4B7F8607D6813D9553B5CDF6ACBCB70BD0C879A46543EC92F1350AA612D3DE7EAE8354D0B81912B98691BC711845F2D34B36BE38C78
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7G>.7F>.7F>.7F>.8G?.8G?.7F>.8G?.7F>.7F>.7F>.7F>.7F>.7F>.7F>.8G?.7F>.7F>.8G?.P...7F>.7F>.7F>.8G?.7F>.7F>.7F>.7F>.7F>.7F>.8G?.7F>.7F>.Hpk.P...P...P...Goj.7F>.7G>.7F>.7G>.7F>.7F>.7F>.7F>.7F>.8G?.Hoj.P...P...P...P...P...Goj.7F>.7F>.7G>.7F>.7F>.7F>.7F>.7G>.Hoj.P...P...J...DYM.J...P...P...Goj.7F>.8G?.7F>.7F>.7F>.7F>.7F>.P...P...P...F_U.DXL.E^T.P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...P...J...DXL.J...DYL.I...P...P...8G?.7F>.7F>.7F>.7F>.7F>.7F>.P...P...Fje.EYM.P...Gd].Gke.P...P...7F>.7G>.7F>.7F>.7F>.7F>.7F>.P...P...Hni.J...P...J...Hnh.P...P...7F>.7F>.7F>.7F>.7F>.7F>.8G?.P...P...P...P...P...P...P...P...P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.P...Hoj.7F>.Hpk.P...Hoj.8G?.Hoj.P...7F>.7F>.7F>.7F>.7F>.7F>.7F>.8G?.8G?.7F>.7F>.7F>.8G?.7G>.7F>.7F>.8G?.7G>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\icon_robotron_column.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	3.8524766444468743
Encrypted:	false
SSDEEP:	12:cuFwZnnxRu7tzE7WP2FzHG63n92t724ibUIT30nqlMaWpK:I9x47S7WOFG6E4HU+30nqW2
MD5:	759D51975F2E5C27E98B89644A94BD45
SHA1:	58393CA7637FDF808A4AC503E44CEB673EF694C2
SHA-256:	3312F2C5442901EF5729807F5B5E98636B0DDB57CAC1C1827CA49B5F629FAD10
SHA-512:	70A64567653C36D464A751779A02FEDBB158DF522A3A5A9AE5817BD07E7F1D3E9BDA2889EFBF97431D129B2515156442C751C4AA15C9EB4C5B408983785A6716
Malicious:	false
Preview:	................ .DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.....jzq.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.NaV.x.~.............x.~.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.............n}t.............DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.n}t.........n}t.DXL.n}t.........n}t.G[O.DXL.DXL.DXL.DXL.DXL.DXL.........n}t.DXL.....DXL.n}t.........H[O.DXL.DXL.DXL.DXL.DXL.DXL.........n}t.DXL.....DXL.n}t.........ObW.DXL.DXL.DXL.DXL.DXL.DXL.........DXL.n}t.....n}t.DXL.........M`T.DXL.DXL.DXL.DXL.DXL.K^S.....................................GZO.DXL.DXL.DXL.DXL.DXL.EYM.....................................EYM.DXL.DXL.DXL.DXL.DXL.DXL.....^oe.DXL.r.x.....r.x.ObV.cuj.....DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.EYM.GZO.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DX

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\icon_secure_deny.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	3.6190027557609312
Encrypted:	false
SSDEEP:	24:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK4KKKKKKKKv2YgKKKKKKhsRkgKKf:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKY
MD5:	A10EB40B15BA5772ACD70BA8C43C4189
SHA1:	F702C3B884405FD49158D7ACDC5EC57F75489BC4
SHA-256:	0642F1831C5E9EDFC03D115EBCACC22919376052890572AA30C1D4927C61A0A4
SHA-512:	841C02FB5FD980B291515B00F0ACEB29A265EC5717BB762A4E4007822CCEEF60D93AD03074135D6157E219462959D2BED7A101017B1ED35325B32F8465B638AE
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.)4f.)4f.0=R.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.3AH.........................,8\.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.............%0p.)4f.............,8\.7F>.7F>.7F>.7F>.7F>.7F>..#..............3AH.7F>.7F>.,8\.........7F>.7F>.7F>.7F>.7F>.7F>........."+z.........3AH.7F>.7F>."+z.....,8\.7F>.7F>.7F>.7F>.7F>......#..7F>."+z.........3AH.7F>.0=R......#..7F>.7F>.7F>.7F>.7F>......#..7F>.7F>."+z.........3AH.0=R......#..7F>.7F>.7F>.7F>.7F>.........7F>.7F>.7F>."+z..........'......,8\.7F>.7F>.7F>.7F>.7F>..#.......'..7F>.7F>.7F>."+z.............7F>.7F>.7F>.7F>.7F>.7F>.7F>.............%0p.)4f.............,8\.7F>.7F>.7F>.7F>.7F>.7F>.7F>.3AH.........................,8\.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.)4f.)4f.0=R.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\Servers\serverbrowser_english.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	18888
Entropy (8bit):	3.449116577656165
Encrypted:	false
SSDEEP:	384:1pu8Osn6R/+ef/+JJ5Z5ZOu+++en/nWvEDJ+XOCzD0yTLbLQupPrLDvWXBAchosY:1B6JT1hPgZcN/mI/Z
MD5:	DBF1C093A0B6E1A9C19A8034E8F768E3
SHA1:	F73EEF2152BC871FEE83C371E0361F62364B9744
SHA-256:	A41ABEAC9FFE75CF75ABFD279BF1F8E27B83ADD308665B727092D7C3DF33C84D
SHA-512:	BE27EB2A536D57A67BAA1FF8C7EFC70FDBFE699CDA59AFF8F0545A0C749BE162FB26BEB6AFC86CACA6483C7380649C3FD8C90C8D01DD35651FFFED9644203C3D
Malicious:	false
Preview:	..".l.a.n.g.". .....{. .....".L.a.n.g.u.a.g.e.". .".E.n.g.l.i.s.h.". .....".T.o.k.e.n.s.". .....{. .....".S.e.r.v.e.r.B.r.o.w.s.e.r._.F.i.l.t.e.r.".........".F.i.l.t.e.r.".....".S.e.r.v.e.r.B.r.o.w.s.e.r._.A.l.l.".........".<.A.l.l.>.".....".S.e.r.v.e.r.B.r.o.w.s.e.r._.W.o.r.l.d.".........".W.o.r.l.d.".....".S.e.r.v.e.r.B.r.o.w.s.e.r._.U.S._.E.a.s.t.".........".U.S. .-. .E.a.s.t.".....".S.e.r.v.e.r.B.r.o.w.s.e.r._.U.S._.W.e.s.t.".........".U.S. .-. .W.e.s.t.".....".S.e.r.v.e.r.B.r.o.w.s.e.r._.S.o.u.t.h.A.m.e.r.i.c.a.".......".S.o.u.t.h. .A.m.e.r.i.c.a.".....".S.e.r.v.e.r.B.r.o.w.s.e.r._.E.u.r.o.p.e.".........".E.u.r.o.p.e.".....".S.e.r.v.e.r.B.r.o.w.s.e.r._.A.s.i.a.".........".A.s.i.a.".....".S.e.r.v.e.r.B.r.o.w.s.e.r._.A.u.s.t.r.a.l.i.a.".......".A.u.s.t.r.a.l.i.a.".....".S.e.r.v.e.r.B.r.o.w.s.e.r._.M.i.d.d.l.e.E.a.s.t.".......".M.i.d.d.l.e. .E.a.s.t.".....".S.e.r.v.e.r.B.r.o.w.s.e.r._.A.f.r.i.c.a.".........".A.f.r.i.c.a.".....".S.e.r.v.e.r.B.r.o.w.s.e.r._.L.e.s.s.T.h.a.n.5.0.".......

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\reslists\external_preloads.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8370
Entropy (8bit):	4.735521960402993
Encrypted:	false
SSDEEP:	96:rErVcdSZkxSY8Jl/B2EYr22KFSRvnL2BansoBb4KcJ9JKJJKE6CYECqAwiHFk+Fq:rEr7iXbQlcH+ysyYcmhExrUS
MD5:	AA771593B77088B8BF83A60D617CE0B0
SHA1:	E8479F35AA975A3548C166785D6FD70ECB01F869
SHA-256:	92EB6EEA57912439482F5F2BDCE48F1CCFE43087EB67A573421ED55DF331CF24
SHA-512:	95D81A52E1EAAD5CE3006A06C2CD252E56EC43E5A47200157A36DEC9469A8C8B65936917754DC1FE74BCCAEA94ECE3CD74CF8B3E9C7D7943B257B2AFB3220D6C
Malicious:	false
Preview:	bin\dbg.dll..bin\FileSystem_Steam.dll..bin\vgui2.dll..bin\vlocalize.exe..Browser\back.tga..Browser\Browser.dll..Browser\browser.res..Browser\forward.tga..Browser\refresh.tga..Browser\stop.tga..Demo\AnimationDemo.vas..Demo\DefaultColors.res..Demo\EditablePanelDemo.res..Demo\SampleCheckButtons.res..Demo\SampleEditFields.res..Demo\SampleRadioButtons.res..Demo\SampleToolTips.res..Demo\WizardPanelDemo.res..Friends\DialogAbout.res..Friends\DialogAddFriendsFromGame.res..Friends\DialogAuthRequest.res..Friends\DialogChat.res..Friends\DialogFindBuddy.res..Friends\DialogHelpIngame.res..Friends\DialogRemoveUser.res..Friends\DialogSendMessage.res..Friends\friend_join.wav..Friends\friend_online.wav..Friends\icon_away.tga..Friends\icon_blocked.tga..Friends\icon_busy.tga..Friends\icon_connecting.tga..Friends\icon_in-game.tga..Friends\icon_message.tga..Friends\icon_offline.tga..Friends\icon_online.tga..Friends\icon_snooze.tga..Friends\message.wav..Friends\servers.vdf..Friends\SettingsSubInterface.res..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\EditTokenDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	3864
Entropy (8bit):	4.38702646238998
Encrypted:	false
SSDEEP:	48:Z7KInbIyRh7jy5bIdePSvDPByRVF4szy2COibc1MDbIWf89bIsrg8hm6oI1IV/m7:ZGetznmmeqvDJOy20aMDu9nhdVidbwd
MD5:	AE3F2CB018FBEAA3D022C73941A3B04D
SHA1:	2E807D84C371C443DC8062A374F7AF51D5740292
SHA-256:	4A74426B71493FCE42F8692642DB97AF3402F66A3B29CF1875D0698A0BC94DCE
SHA-512:	88CD1ED8A94398E5724B706D73A05718CF2D846C794772488D5F49850ADA6C2B004DC0F6BC15FDBA315922840EFFD0205898869F2C2AE7F384636816E37A3F10
Malicious:	false
Preview:	"Resource/EditTokenDialog.res".{.."ApplyButton"..{..."ControlName".."Button"..."fieldName".."ApplyButton"..."xpos".."167"..."ypos".."318"..."wide".."110"..."tall".."24"..."autoResize".."0"..."pinCorner".."3"..."visible".."1"..."enabled".."0"..."tabPosition".."2"..."labelText".."Apply change"..."textAlignment".."west"..."dulltext".."0"..."brighttext".."0"..."Default".."0"..}.."MarkUpToDateButton"..{..."ControlName".."Button"..."fieldName".."MarkUpToDateButton"..."xpos".."288"..."ypos".."318"..."wide".."130"..."tall".."24"..."autoResize".."0"..."pinCorner".."3"..."visible".."1"..."enabled".."1"..."tabPosition".."3"..."labelText".."Mark as up-to-date"..."textAlignment".."west"..."dulltext".."0"..."brighttext".."0"..."Default".."0"..}.."LocalizeEdit"..{..."ControlName".."TextEntry"..."fieldName".."LocalizeEdit"..."xpos".."106"..."ypos".."234"..."wide".."390"..."tall".."72"..."autoResize".."1"..."pinCorner".."0"..."visible".."1"..."enabled".."1"..."tabPosition".."1"..."textHidden".."0"..."e

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\LocalizationDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	4352
Entropy (8bit):	4.414913465197783
Encrypted:	false
SSDEEP:	96:Lb+7+pu9s+zbv9c3EW99NVcEnHeEcDERR:P+7+puGsr9c3EE9rcEHeEcDERR
MD5:	FFB08E36B1512D8BE1838309EE45D7B6
SHA1:	CB8F54B1DF9B5E6C4B4BC504F52B2B1E2B68BB7D
SHA-256:	B3A47A7830053D9C3CE6A6D030E487B43E5D34E744DC9861F85C424284BF9E7C
SHA-512:	A2C07BBE98E67BBC66EE2C9F09987BD8163B576AF14E3C9ECCA580246237EBE2E883104EBF8400A8933F6DB9DC49A5057F80836D81BF57303D409A9334902B15
Malicious:	false
Preview:	"Resource/LocalizationDialog.res"..{..."LocalizationDialog"...{...."ControlName".."CLocalizationDialog"...."fieldName".."LocalizationDialog"...."xpos".."201"...."ypos".."247"...."wide".."781"...."tall".."568"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."settitlebarvisible".."1"...}..."TokenList"...{...."ControlName".."ListPanel"...."fieldName".."TokenList"...."xpos".."14"...."ypos".."65"...."wide".."734"...."tall".."458"...."autoResize".."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...}..."FileMenu"...{...."ControlName".."Menu"...."fieldName".."FileMenu"...."xpos".."119"...."ypos".."285"...."zpos".."1"...."wide".."105"...."tall".."68"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."FileMenuButton"...{...."ControlName".."MenuButton"...."fieldName".."FileMenuButton"...."xpos".."14"...."ypos".."32"...."wide".."64"...."tall".."24"...."autoR

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\TrackerScheme.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	14534
Entropy (8bit):	4.670995749377827
Encrypted:	false
SSDEEP:	384:lr/iN3ipMJrEgvx2SFT4c5iQUtvmCZ+I/K7LhSyAt:1oW6o
MD5:	4E00542BA3E7C3E602B58B5FB707179A
SHA1:	51A6BE57406CB1CF9B30986581C204B1B520EE69
SHA-256:	7400197B4BA0E024037CD7502BAC9FB31C677053FB7D88056D80F367BB450E74
SHA-512:	E00062784CC226CA010AAD6FD5FE6C9F91C15311BA57210C001BE5085981732C574D6A7CD4F698DFF7B27E1606DABEA0228AF0ECE921136AC7CC6C1EBB522A03
Malicious:	false
Preview:	//..// TRACKER SCHEME RESOURCE FILE..//..// sections:..//..colors...- all the colors used by the scheme..//..basesettings.- contains settings for app to use to draw controls..//..fonts...- list of all the fonts used by app..//..borders...- description of all the borders..//..// notes:..// ..hit ctrl-alt-shift-R in the app to reload this file..//..Scheme..{...//////////////////////// COLORS ///////////////////////////...Colors...{....// base colors...."BaseText"..."216 222 211 255".// used in text windows, lists...."BrightBaseText"."255 255 255 255".// brightest text...."SelectedText".."255 255 255 255".// selected text...."DimBaseText".."160 170 149 255".// dim base text...."LabelDimText".."160 170 149 255".// used for info text...."ControlText".."216 222 211 255".// used in all text controls...."BrightControlText"."196 181 80 255".// use for selected controls...."DisabledText1".."117 128 111 255".// disabled text...."DisabledText2".."40 46 34 255"..// overlay color for disabled text (

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\VAC_shield.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 64 x 64 x 24
Category:	dropped
Size (bytes):	12332
Entropy (8bit):	3.955520861046317
Encrypted:	false
SSDEEP:	96:aY0Ob3IV1q8c/nUZDYW4GX2pbAO///6OSk//uoA:bUqGh2OVpoA
MD5:	0B3070531CD65CBFC783D87EE3172827
SHA1:	5A7C7A2DDC0A079B0A7B772CF10364BAB0D40463
SHA-256:	9DD39077DABF9E55D18EF8D400A154093F03FC11CFF197A630D2BE87483D3548
SHA-512:	2B53EA012F8ED49482E4D18D2A1B765035F9F59198D0CD1207414C47C6B7F819991888A495BBCEB3B96E0B66421116EFC16807E296E5F85364D1FE219510AAF5
Malicious:	false
Preview:	............@.@...DXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDWLDWLDWLDWLDWLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDWLDWLDWLDWLDWLDWKDWKDWLDWLDWLDWLDWLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLD

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\icon_blank.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	2.177488052603168
Encrypted:	false
SSDEEP:	24:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKs:RKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKs
MD5:	CB39E3A0EFCBA5CF43ADB241E03F3C53
SHA1:	2EF3B884C136B66E0B6ACEE1A5A201506BF3DEB0
SHA-256:	B490E7F1176C6B61610F6DB010EFB9DBD200B54AE09026654A96BCFB12AA3470
SHA-512:	30B7DD4A3B927D16DF6CE7D76F0B2A5AA78EFB53B418EC80DD287A38EA8512981A0743202FB673B2097DBE033CAF10254A77C5B0497CB24340998BB31E770A72
Malicious:	false
Preview:	................ .7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F>.7F

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\icon_file.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 17 x 17 x 24
Category:	dropped
Size (bytes):	911
Entropy (8bit):	3.2450144176891307
Encrypted:	false
SSDEEP:	6:3nPyEuBd0TTPdjQhQyPdjJyaNndjKEQNdjklndjJZPdjklndjfVZdjj5Hnhjjuql:3FpTTR2RoaNpIwpvRwpJVNKqoAypK
MD5:	C80278D86BDF821DB83CD0F1F726BBCC
SHA1:	D11FA3FBDABC512F3A60461148A6088033CF71D4
SHA-256:	D706410A985DC06AB68FE425243AF045223F8354CFAA3C26E6E8A81DEC95FF28
SHA-512:	3F86D9F5810173CF8351F275AE9535C0BBE8DD3BFDE88056E9DB9CDE28479C24DB82E94831E45AD3C41BDD9607F550C0538403AA9077AB952A5B2B7B1DE9AAD7
Malicious:	false
Preview:	..................7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>...........................7F>7F>7F>7F>7F>7F>7F>x................................7F>7F>7F>7F>7F>7F>x................................7F>7F>7F>7F>7F>7F>x................................7F>7F>7F>7F>7F>7F>x................................7F>7F>7F>7F>7F>7F>x................................7F>7F>7F>7F>7F>7F>x................................7F>7F>7F>7F>7F>7F>x................................7F>7F>7F>7F>7F>7F>x................................7F>7F>7F>7F>7F>7F>x....................x..x..x.....7F>7F>7F>7F>7F>7F>x................................7F>7F>7F>7F>7F>7F>x.............................7F>7F>7F>7F>7F>7F>7F>x..x..x..x..x..x..x........7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>........TRUEVISION-XFILE..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\icon_folder.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 17 x 17 x 24 - author " " - comment " " 28-1-2002 13:44:00 - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	3.1530961093968384
Encrypted:	false
SSDEEP:	6:3nAwrY8ZYsYuYOYwnYnYfnYeYgROffffffffJa8jnwrYWn4j+arZdAFkJlW/iQas:39UD5Z/YQpgUa8kD4j+askJ0qpK
MD5:	4846B0D4CBCF381352DE538F7AACD739
SHA1:	09F89F9778432775B961B923205459D1F088A529
SHA-256:	8D1ABE7439D0977EAADB2A79A0CEB474CF73A585E380E30B12B71B04D6F53C75
SHA-512:	6F76FBB3A983B059E4220178A8C7CC0E385B83CB732425D2F547187FD8B57D34AED4670240F975E2820FF2D1F59DE6A665981799A070F1243D1072ABA89B7413
Malicious:	false
Preview:	..................7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>..........................................7F>7F>...c..c..c..c..c..c..c..c..c..c..c..c..c.....7F>7F>.......................................c.....7F>7F>.......................................c.....7F>7F>.......................................c.....7F>7F>.......................................c.....7F>7F>.......................................c.....7F>7F>.......................................c.....7F>7F>.......................................c.....7F>7F>.......................................c.....7F>7F>...c..c..c..c..c..c..c....................7F>7F>7F>7F>........................7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>..................7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>.. .

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\icon_folder_selected.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 17 x 17 x 24
Category:	dropped
Size (bytes):	911
Entropy (8bit):	3.2305284444834466
Encrypted:	false
SSDEEP:	12:3OEoooMilkooMl6oXgopsX8pX0wa8+/Vd2pK:3joooWoobowopsMpEv8+/VdJ
MD5:	C0330DD72E9B45673EA7E66CAD4652D8
SHA1:	40E5D401A48846996B1E656602717A19082DB084
SHA-256:	96E8BD83914F36C3570AF984E9C1E5A88EBC44605239E2452C624DF9E63BB7F1
SHA-512:	7832D2E8C9AF37B77E5664F5BE0129CE252C40AF4A5A9DE87D0727FA2D49BF53ACE2A697545FACF3428FDB5B2D9EE15E2785C6249FB7D34494B30F61089D356C
Malicious:	false
Preview:	..................7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>..........................................7F>7F>.ss=..=..=..=..=..=..=..=..=..=..=..=..=.....7F>7F>.ssg..Ng.N..Ng.N..Ng.N..Ng.N..Ng.Ng.Ng.=.....7F>7F>.ssg..N..N..N..Ng.N..Ng.N..Ng.N..Ng.Ng.=.....7F>7F>.ssg..N..N..N..N..N..N..Ng.N..Ng.N..Ng.=.....7F>7F>.ssg..N..N..N..N..N..Ng.N..Ng.N..Ng.N..=.....7F>7F>.ssg..N..N..N..N..N..N..N..N..Ng.N..Ng.=.....7F>7F>.ssg..N..N..N..N..N..N..N..Ng.N..Ng.N..=.....7F>7F>.ssg..N..N..N..N..N..N..N..N..N..N..Ng.=.....7F>7F>.ssg..g..g..g..g..g..g..g..g..g..g..N..=.....7F>7F>.ss=..=..=..=..=..=..=...ss.ss.ss.ss.ss.ss7F>7F>7F>7F>.ss...g..g..N..N...ss...7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>.ss.ss.ss.ss.ss...7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>7F>........TRUEVISION-XFILE..

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\icon_folderup.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 17 x 17 x 24 - author " " - comment " " 28-1-2002 14:23:21 - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	3.0166926179619464
Encrypted:	false
SSDEEP:	3:HldlJLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLhLha:3nprH/5zrHvPPrzzrLhreEs/iQapK
MD5:	9BB9DCA499357B60810352FB898133D0
SHA1:	CC923B6499B5A96CFFA93B7A82760C5882E57C3D
SHA-256:	ED25658E7A543F359D0A6C68956BDD1C6B97366B6DC541AB0FE2064C138C5C4D
SHA-512:	53F49F837F7397F4BEEF78AC6B238AC16AF10176C1D90D5492259683A89283D2D4B612D09B405C79FC947D281BD21D81006F1312226958A95F67651BCD37AF2C
Malicious:	false
Preview:	..................DXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXL.............................................DXLDXL.............................................DXLDXL.............................................DXLDXL.............................................DXLDXL.............................................DXLDXL.............................................DXLDXL.............................................DXLDXL.............................................DXLDXL.............................................DXLDXL.............................................DXLDXL..........................................DXLDXLDXLDXL.....................DXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXL...............DXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXL.. .

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\icon_hlicon1.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 16 x 16 x 24 - author " " - comment " " - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	1307
Entropy (8bit):	4.052773112126388
Encrypted:	false
SSDEEP:	12:iI+lczJ2GVdYnY2EKvE1zGciW3YMHM4BEU4ICOZyiTF8lSoh+ccFlczxQIMfpK:iLlHGVrSvSEW3U7PdlSoh+3FluQw
MD5:	7ADA900B04C0E3FCE5C8FAE496637502
SHA1:	7E09B372151AA4B05D604D8CD6BE5850814E70BC
SHA-256:	DB6EDB7E6C775E916A3287E98A1520AE5E3C4AE69650AAF0F036218EE5047204
SHA-512:	B41EBECB1284B0B2C2F16327D9A570667A64FDD9BAA478509319607E5F178BCCC1D7D650BE7B45A7152BB4D976F126DECDFE92D04CCE4FEE918B3DCC3316E5CD
Malicious:	false
Preview:	..................DXLDXLDXLDXLDXL.................DXLDXLDXLDXLDXLDXLDXLDXL...........s.ys.y............DXLDXLDXLDXLDXL.........DXLDXLDXLDXLDXLDXL.......DXLDXLDXL......gwnDXLDXLDXLDXLDXLs.ygwnDXLgwn......DXLDXL...............PbWDXLDXL................DXL......DXLDXL.........DXLgwn.........gwnDXL............DXLDXL[mb......s.y.........DXLDXLDXL.........s.yDXLDXLDXL...............[mbDXLDXLDXLs.y......s.yDXLDXLDXLPbW............DXLDXLDXLDXLs.y........DXLDXLDXLDXL............DXLDXLDXLDXL............DXLDXLDXLDXL[mb......DXLDXLDXLDXLDXL......DXL......DXLDXL............DXLDXLDXLDXL......DXLDXL......gwnDXL.........[mbDXLDXLDXLgwn......DXLDXLDXL.........DXLDXLDXLDXLDXLDXL.......DXLDXLDXLDXLDXL...........s.ys.y............DXLDXLDXLDXLDXLDXLDXLDXL.................DXLDXLDXLDXLDXL.. .

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\icon_hlicon2.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 16 x 16 x 24 - author " " - comment " " - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	1307
Entropy (8bit):	4.084979530368787
Encrypted:	false
SSDEEP:	12:DfI8ZlPAUoDtShuIvj6NwiP+GyHZluIUlfpK:Dw83PAEu7WH3jUO
MD5:	1810657A6BA98A8EE7934998CC274167
SHA1:	D317E6F2C4491F779258F7CF261D62022F2117DE
SHA-256:	BDCD34D7B2D100DC8417C987F4409A3401E0463E43F3527F865FADC52E353FF1
SHA-512:	9A0AA9ECA283B6443385C474658D77430555D626B266D7EA0B41122ADD04696274170651EC6709ED37C36A99DB0B0479F51096A93471909B176ABD69D767139E
Malicious:	false
Preview:	..................DXLDXLDXLDXLDXLPcXeulu.{u.{m}s]ndH\PDXLDXLDXLDXLDXLDXLDXLPcXu.{}..iyoYj`Tf[eulu.{...argDXLDXLDXLDXLDXLYj`...eulDXLDXLDXLDXLDXLDXLTf[}..m}sDXLDXLDXLL_T...]ndDXLDXLDXLDXLDXLPcXYj`DXLH\Pz..eulDXLDXLu.{eulL_T......PcXDXLDXLm}s......eulPcX...L_TL_T...H\PDXLeul...z..DXLH\P......}..argDXLm}siyo]ndq.wDXLDXLH\P}.....arg]nd...m}sDXLDXLDXLYj`u.{euleulDXLDXLDXLYj`......z.....Yj`DXLDXLDXLL_T...euleulDXLDXLDXLDXLu.{......}..DXLDXLDXLDXLL_T...]ndq.wDXLDXLDXLDXLL_T......eulDXLDXLDXLDXLYj`u.{L_T...H\PDXLDXLDXLDXL}.....L_TDXLDXLDXLDXLm}siyoDXLu.{eulDXLDXLTf[......u.{DXLDXLDXLDXLPcX...L_TDXLL_T...]ndDXLPcXu.{u.{Yj`DXLDXLDXLH\Pz..eulDXLDXLDXLYj`...eulDXLDXLDXLDXLDXLDXLTf[}..m}sDXLDXLDXLDXLDXLPcXu.{}..iyoYj`Tf[eulu.{...argDXLDXLDXLDXLDXLDXLDXLDXLTf[eulu.{u.{m}s]ndH\PDXLDXLDXLDXL.. .

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\icon_password.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	1.6861246843944866
Encrypted:	false
SSDEEP:	6:bPTTTTTZvPTTTTTZvPTTTTTZvPTTTTTZvPTTTTTZvPTTTTTZ/NNNNNFPTZeapK:rFXFXFXFXFXFT1JpK
MD5:	DB9D7336485D7DF3549FD9D0D2944A31
SHA1:	5D6A0FFA89B15A7846089715F55E5853C1986C18
SHA-256:	37D7CDC015B47786ABD0D0B976E211545F4CBEF915A8025CCB8ABAC5B6E10FB6
SHA-512:	4F3113BCAF929EB529AB15A770F71C84C9C84DA4B4385D730D90A3DFA7B9AAE293DDA3DA1AFF93119DA221E36636F3CCEAD9210FE9119470A22B4592B2D75F95
Malicious:	false
Preview:	................ .FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.............................FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.............................FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.............................FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.............................FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.............................FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.............................FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.....FFF.FFF.FFF.....FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.....FFF.FFF.FFF.....FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.....FFF.FFF.FFF.....FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.............FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FFF.FF

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\icon_steam.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 16 x 16 x 24 - author " " - comment " " - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	1307
Entropy (8bit):	3.660340644473583
Encrypted:	false
SSDEEP:	12:neupR5h1c4XVY9LWW1r/JZp4UAp4NvnsfpK:neuz5weYbG4P
MD5:	F8ED351AAD09DAE0635CE2A320342089
SHA1:	315ADDC606F8B9B063C874EEB15635D6381C6EEF
SHA-256:	DC352DFBAA9AFA9F7D8A631ACF2E833948D229A1AB13CCEBEBB37FAC562A2B81
SHA-512:	9762A3BB6BC7FA57431B1E5087885EC2144D66EA9AA194E14BCA78DBEA2DBEA6CF4B5982EDEAEA30D7D09DA4EF1056589F965583E2BFECF76EBD66A7992BE419
Malicious:	false
Preview:	..................DXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXL...........Vh]DXLDXLDXLDXLDXLDXLDXLDXLDXLDXL......Vh]Vh]....DXLDXLDXLDXLDXLDXLDXLDXLDXL.............Vh]...DXLDXLDXLDXLDXLDXLDXLDXL..................Vh]...DXLDXLDXLDXLDXLDXLDXLDXL..................Vh]......Vh]DXLDXLDXLDXLDXLDXL...............Vh]...............DXLDXLDXLDXLDXL.......................................Vh]DXLDXL...DXLDXLDXLDXLVh]...........................DXLDXLDXLDXLDXLDXLDXL............J]RJ]RJ]R......DXLDXLDXLDXLDXLDXLDXLDXL......J]R.........Vh]......DXLDXLDXLDXLDXLDXLDXL......J]R.........J]R......DXLDXLDXLDXLDXLDXLDXLVh]...J]R.........Vh]...DXLDXLDXLDXLDXLDXLDXLDXLVh]......J]RJ]RJ]R......DXLDXLDXLDXLDXLDXLDXLDXLDXL..................J]RDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLVh]Vh]...Vh]DXLDXLDXL.. .

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\icon_steam_disabled.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGB 16 x 16 x 24 - author " " - comment " " - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	1307
Entropy (8bit):	3.857206678938334
Encrypted:	false
SSDEEP:	12:7qW/BrBIHOzB4jwAHtbFiJmNLodFO6XF/gF6fpK:BBXGsxJyLozXOn
MD5:	14F12B69347567F68C700C2D2C5A46FB
SHA1:	DDEB7BAA0D1C1BE1EAC3B1CA7787E462F54156AA
SHA-256:	C5DEA8D1644A716A75142BABD792457BC7B3EC7E9949C7E740B131421B3D67B1
SHA-512:	46776DCA4AE96E193BBFAAEDFA9631A1D0182A88001BA0E739E0FDFCDCA808F9959EC4367F0B0CD0FDF822C916DB6A505C6ED2355C2E91EC304BF9CEB2A38A46
Malicious:	false
Preview:	..................DXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLq.w......n~uM`UDXLDXLDXLDXLDXLDXLDXLDXLDXLDXLevl...M`UM`U...n~uDXLDXLDXLDXLDXLDXLDXLDXLDXLevl...evl......M`U...DXLDXLDXLDXLDXLDXLDXLDXL}.................M`U...DXLDXLDXLDXLDXLDXLDXLDXL..................M`U......M`UDXLDXLDXLDXLDXLDXL...............M`U............n~uDXLDXLDXLDXLDXL......n~un~u........................}..M`UDXLDXLbsiDXLDXLDXLDXLM`U........................evlDXLDXLDXLDXLDXLDXLDXLx.}.........G[OG[OG[Ok{r...DXLDXLDXLDXLDXLDXLDXLDXL......G[O}.....}..M`U...n~uDXLDXLDXLDXLDXLDXLDXLbsi...G[O.........G[O...n~uDXLDXLDXLDXLDXLDXLDXLM`U...G[O}.....}..M`U...DXLDXLDXLDXLDXLDXLDXLDXLM`U......G[OG[OG[O......DXLDXLDXLDXLDXLDXLDXLDXLDXLbsi...............G[ODXLDXLDXLDXLDXLDXLDXLDXLDXLDXLM`UM`UbsiM`UDXLDXLDXL.. .

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\icon_warning.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 59 x 59 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	13968
Entropy (8bit):	4.714066017140781
Encrypted:	false
SSDEEP:	96:2SpmE5j3n+379r4Y7ClD1oDf54N45A7x54VB4YdS54HDv4p3lg3oyvXB:j35p1ayTGB3jf
MD5:	E86121643DF18AE87C0CF9E7AC3975B2
SHA1:	16D504E5F2AA56099B1A07F0A912C8FB2496EBDE
SHA-256:	7627E9A1DA2CB3578729F2676942BFFE00D7292720E10D332E5157C745EE34A7
SHA-512:	B75F51B42D93142B699A8863FD10559E3A20E8B1141983AC23D9517C75D8A30AA80126F4E91F54996CF8466AB80C3BD4AF8AA037E3E56F3066879CFA8744DFFD
Malicious:	false
Preview:	............;.;. .DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DX

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\platform_english.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	718
Entropy (8bit):	3.3761888846342964
Encrypted:	false
SSDEEP:	12:Qrs3OEblWv/xMxxPYl7r7x0X41CkuPCkPNaTsZHieUTDQ7Takm22jyCsOrBar1:QY3OuWHxMxxP5o19uPPNa4YeUfQ/H2O5
MD5:	86C4B07C86AAB05C3BE7948BE53422E9
SHA1:	A1A3F1D97E9FAF39BC729DD076081F3FC6FE893B
SHA-256:	55FB8F090EDA25120AADBC81E0200667BAF0068776925781AC83A873C46461C1
SHA-512:	774352D17F5A032A054F0BCE4CAE7CD63CD00D4A7584171C015F2E63146A1E9F99237880A0209AADD5BC86399CDDFA651CC78304707C9BAAC87D92F349D63504
Malicious:	false
Preview:	..".l.a.n.g.".....{.....".L.a.n.g.u.a.g.e.". .".E.n.g.l.i.s.h.". .....".T.o.k.e.n.s.".....{.....".A.p.p._.S.p.e.c.i.a.l.O.f.f.e.r.s."...".S.p.e.c.i.a.l. .O.f.f.e.r.s.".....".A.p.p._.F.r.i.e.n.d.s."...".F.r.i.e.n.d.s.".....".A.p.p._.G.a.m.e.s.".....".P.l.a.y. .G.a.m.e.s.".....".A.p.p._.S.t.o.r.e.f.r.o.n.t."...".B.r.o.w.s.e. .G.a.m.e.s.".....".A.p.p._.S.e.r.v.e.r.s."...".S.e.r.v.e.r.s.".....".A.p.p._.B.r.o.w.s.e.r."...".W.e.b. .b.r.o.w.s.e.r.".....".A.d.m.i.n._.S.e.r.v.e.r.s.". ...".M.y. .S.e.r.v.e.r.s.".....".A.p.p._.A.c.c.o.u.n.t."...".A.c.c.o.u.n.t.".....".A.p.p._.S.e.t.t.i.n.g.s."...".S.e.t.t.i.n.g.s.".....".A.p.p._.M.o.n.i.t.o.r."...".M.o.n.i.t.o.r.".....".A.p.p._.N.e.w.s.".....".N.e.w.s.".....}.....}. . .

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\valve_logo.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 80 x 32 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	10284
Entropy (8bit):	3.442251169148942
Encrypted:	false
SSDEEP:	24:Cgm7b1ThHz6hZkwG9w7mzkZujCI957AAP3kB0lzkek:CR7hThOZkRkg77AA/kB01kek
MD5:	9604CB14A22A2FF2C21497EFEBE3AFF4
SHA1:	285F7EF618B3BC8DE82CA506BB56833B35822854
SHA-256:	028CF60DFFEAD25EE0B77A8447F3F9717F842CC7B3526EBD73D28F530392A8B9
SHA-512:	E7B4A6EEDB791E7DCB47D6AEE303A73B6645BC86AB83BDB31F0DF3319B9422E64B901ED4AAFF9BD314A24C1EE03E22E7C30DA818D7A5E4FD14AE19397D11E21D
Malicious:	false
Preview:	............P. . .DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DX

C:\Users\user\AppData\Local\Temp\RarSFX0\platform\resource\vgui_english.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	5696
Entropy (8bit):	3.5602766451626167
Encrypted:	false
SSDEEP:	96:V3RgpVptntn+kHMOFIUUZiDSNMfaE3jVpRf4jDBfatTTyaqT1cZ:VRgp6krIMaEzVDTy5T1e
MD5:	96B89806B8BC823458AC60E5752FB0A2
SHA1:	5E48DB75A715DB16D14C248ADF5ACEE869FD1149
SHA-256:	A3ED2D16ABFF0B4583BACF8924FD4DFE80D14AF8412D55741D0A035D663E567F
SHA-512:	2B4402B63229BF445A22C393659651A2B8F6E23D1EAF6A87672F3B28BA26615FB421C28D060A54FED04E00C7A3B21667D7A459B5F174FE711CF6F6C81E753436
Malicious:	false
Preview:	..".l.a.n.g.".....{.....".L.a.n.g.u.a.g.e.". .".E.n.g.l.i.s.h.". .....".T.o.k.e.n.s.".....{.....".T.e.x.t.E.n.t.r.y._.C.u.t.".......".C.u.t.".....".T.e.x.t.E.n.t.r.y._.C.o.p.y.".....".C.o.p.y.".....".T.e.x.t.E.n.t.r.y._.P.a.s.t.e.".....".P.a.s.t.e.".....".F.i.l.e.O.p.e.n.D.i.a.l.o.g._.O.p.e.n.".....".O.p.e.n.".....".F.i.l.e.O.p.e.n.D.i.a.l.o.g._.C.a.n.c.e.l.".....".C.a.n.c.e.l.".....".F.i.l.e.O.p.e.n.D.i.a.l.o.g._.L.o.o.k._.i.n."...".L.o.o.k. .i.n.:.".....".F.i.l.e.O.p.e.n.D.i.a.l.o.g._.F.i.l.e._.N.a.m.e."...".F.i.l.e. .n.a.m.e.:.".....".F.i.l.e.O.p.e.n.D.i.a.l.o.g._.F.i.l.e._.T.y.p.e."...".F.i.l.e. .t.y.p.e.:.".....".F.i.l.e.O.p.e.n.D.i.a.l.o.g._.I.c.o.n.".....". .".....".F.i.l.e.O.p.e.n.D.i.a.l.o.g._.N.a.m.e.".....".N.a.m.e.".....".F.i.l.e.O.p.e.n.D.i.a.l.o.g._.T.y.p.e.".....".T.y.p.e.".....".S.y.s.M.e.n.u._.M.i.n.i.m.i.z.e.".....". .M.i.n.i.m.i.z.e. .".....".S.y.s.M.e.n.u._.M.a.x.i.m.i.z.e.".....". .M.a.x.i.m.i.z.e. .".....".S.y.s.M.e.n.u._.C.l.o.s.e.".......". .C.l.o.s.e. .".....".

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\1024_textscheme.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1300
Entropy (8bit):	5.1174652502697935
Encrypted:	false
SSDEEP:	24:AsOHGrCdRz0W1ifuAiMwPrCd0W1ifuAiMpwrCVmtyrCSfF5orCoTss5rCd3rC3qx:AsY3VxCxy0IzsC5VOwma
MD5:	D2ABC9A3FD1EDB8717B0B30DB36C72D6
SHA1:	079D6E6D3DCA371E9F4BD5DB886CBAE68655B858
SHA-256:	43301D1D18E8DE8F1B36A02015EB39FC8FC362B79D7D5D6EE0FF2805CFADF6F8
SHA-512:	2554BCA3A7EB6F6A829341D6B4B31B1EDE0D886B7E7F09E33A011821D91DD72AC51C0FE00F16B958F03FAC4E955A44704BD62A0F5039BEBFBF2D60CB14E47DCA
Malicious:	false
Preview:	//1024x768 text scheme file....// DEFAULT BUTTON TEXT..SchemeName = "Primary Button Text"..FontName = "Arial"..FontSize = 23..FgColor = "255 170 0 255"..BgColor = "0 0 0 141"..FgColorArmed = "255 255 255 255"..BgColorArmed = "255 170 0 67"....// COMMAND MENU TEXT..SchemeName = "CommandMenu Text"..FontName = "Arial"..FontSize = 21..FgColor = "255 170 0 255"..BgColor = "0 0 0 141"..FgColorArmed = "255 255 255 255"..BgColorArmed = "255 170 0 67"....// SCOREBOARD TEXT..SchemeName = "Scoreboard Text"..FontName = "Arial"..FontSize = 18..FontWeight = 0....// SCOREBOARD TITLE TEXT (team names, team scores)..SchemeName = "Scoreboard Title Text"..FontName = "Arial"..FontSize = 24..FontWeight = 700....// SCOREBOARD SMALL TEXT (headers, player #)..SchemeName = "Scoreboard Small Text"..FontName = "Arial"..FontSize = 14..FontWeight = 0....// TITLE FONT in TFC selection menus..SchemeName = "Title Font"..FontName = "Arial"..FontSize = 34..FgColor = "255 170 0 255"....// CLASSDESC, MAPDESC, MOTD text w

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\1152_textscheme.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1312
Entropy (8bit):	5.110815790029906
Encrypted:	false
SSDEEP:	24:dHGrCdRLF0W1ifuAiMwPrCT0W1ifuAiMpwrCRmtyrCPfF5orCoVss5rCW3HDX+VL:R3RFxgxyovzshjXq5VOwqa
MD5:	AF3AD3BFA791C73F4530635FA23BE58B
SHA1:	BDF0AF32C412E2458471D025A570730C24968A45
SHA-256:	B07191050CB235FF03E57AD1E775FD802433E6E60613D07F6FE1104620BB3509
SHA-512:	82F879137F76E58C89A98ECE340B10B83ED19FE47D0AC91F86221E9EFC3E4C5933AE26494E7AD967F21EEA0F07C5A004AC9F6C16F13ED12FCED1DC0D675F7D84
Malicious:	false
Preview:	//1152x864 text scheme file....// DEFAULT BUTTON TEXT..SchemeName = "Primary Button Text"..FontName = "Arial"..FontSize = 25..FgColor = "255 170 0 255"..BgColor = "0 0 0 141"..FgColorArmed = "255 255 255 255"..BgColorArmed = "255 170 0 67"....// COMMAND MENU TEXT..SchemeName = "CommandMenu Text"..FontName = "Arial"..FontSize = 23..FgColor = "255 170 0 255"..BgColor = "0 0 0 141"..FgColorArmed = "255 255 255 255"..BgColorArmed = "255 170 0 67"....// SCOREBOARD TEXT..SchemeName = "Scoreboard Text"..FontName = "Arial"..FontSize = 21..FontWeight = 0....// SCOREBOARD TITLE TEXT (team names, team scores)..SchemeName = "Scoreboard Title Text"..FontName = "Arial"..FontSize = 32..FontWeight = 700....// SCOREBOARD SMALL TEXT (headers, player #)..SchemeName = "Scoreboard Small Text"..FontName = "Arial"..FontSize = 16..FontWeight = 0....// TITLE FONT in TFC selection menus..SchemeName = "Title Font"..FontName = "Arial Narrow Bold"..FontSize = 36..FgColor = "255 170 0 255"....// CLASSDESC, MAPDESC,

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\1280_textscheme.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1300
Entropy (8bit):	5.115246259026041
Encrypted:	false
SSDEEP:	24:QtHGrCdRv0W1ifuAiMwPrCrF0W1ifuAiMpwrCvmtyrCs2tfF5orCoVss5rC53rCY:C3RxKFxy6E2tzs8bVOwsa
MD5:	8C33A7C9A2A8C337EFEA6ADB3EDA02D0
SHA1:	6E6122F800762E40876C94FFD25A6713E2364C92
SHA-256:	9C11DE3D4673AB3CCC9E707A6AF2BC4B185794700B382BDE5E2AF5AF0DDCA7F5
SHA-512:	34096D78A99F0D71F3274EC1377662E311BE8B5EFCB890CFF8793F7E92DFE62368809FEE26C0852D193F188C91A31DE03C1FDBEE959AD922F942201F963C7771
Malicious:	false
Preview:	//1280x960 text scheme file....// DEFAULT BUTTON TEXT..SchemeName = "Primary Button Text"..FontName = "Arial"..FontSize = 27..FgColor = "255 170 0 255"..BgColor = "0 0 0 141"..FgColorArmed = "255 255 255 255"..BgColorArmed = "255 170 0 67"....// COMMAND MENU TEXT..SchemeName = "CommandMenu Text"..FontName = "Arial"..FontSize = 25..FgColor = "255 170 0 255"..BgColor = "0 0 0 141"..FgColorArmed = "255 255 255 255"..BgColorArmed = "255 170 0 67"....// SCOREBOARD TEXT..SchemeName = "Scoreboard Text"..FontName = "Arial"..FontSize = 23..FontWeight = 0....// SCOREBOARD TITLE TEXT (team names, team scores)..SchemeName = "Scoreboard Title Text"..FontName = "Arial"..FontSize = 36..FontWeight = 700....// SCOREBOARD SMALL TEXT (headers, player #)..SchemeName = "Scoreboard Small Text"..FontName = "Arial"..FontSize = 16..FontWeight = 0....// TITLE FONT in TFC selection menus..SchemeName = "Title Font"..FontName = "Arial"..FontSize = 41..FgColor = "255 170 0 255"....// CLASSDESC, MAPDESC, MOTD text w

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\1600_textscheme.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1301
Entropy (8bit):	5.104540698334
Encrypted:	false
SSDEEP:	24:wq8HGrCdRv0W1ifuAiMwPrCu0W1ifuAiMpwrCvmtyrCtkfF5orCokkss5rCv3rCY:Na3Rx5xy6FSzsSbVOwsa
MD5:	CAE0798DF0944119E9CE8D62F47101C4
SHA1:	31DB0577720299E138E3E097BF10226B40514914
SHA-256:	5494A96EBEEE45370E060D814A2FF604670F46506956075FF6ACD99806756523
SHA-512:	AF95DE8F7438FE770476EAB6DA316886F6B1E574EB325C2E39BF9FED312E4BA730A1C4EE36BEF2F91F2B3C165BF1EF0144989BEA91F0FEFD49A633D66562C9B8
Malicious:	false
Preview:	//1600x1200 text scheme file....// DEFAULT BUTTON TEXT..SchemeName = "Primary Button Text"..FontName = "Arial"..FontSize = 27..FgColor = "255 170 0 255"..BgColor = "0 0 0 141"..FgColorArmed = "255 255 255 255"..BgColorArmed = "255 170 0 67"....// COMMAND MENU TEXT..SchemeName = "CommandMenu Text"..FontName = "Arial"..FontSize = 24..FgColor = "255 170 0 255"..BgColor = "0 0 0 141"..FgColorArmed = "255 255 255 255"..BgColorArmed = "255 170 0 67"....// SCOREBOARD TEXT..SchemeName = "Scoreboard Text"..FontName = "Arial"..FontSize = 23..FontWeight = 0....// SCOREBOARD TITLE TEXT (team names, team scores)..SchemeName = "Scoreboard Title Text"..FontName = "Arial"..FontSize = 20..FontWeight = 700....// SCOREBOARD SMALL TEXT (headers, player #)..SchemeName = "Scoreboard Small Text"..FontName = "Arial"..FontSize = 12..FontWeight = 0....// TITLE FONT in TFC selection menus..SchemeName = "Title Font"..FontName = "Arial"..FontSize = 43..FgColor = "255 170 0 255"....// CLASSDESC, MAPDESC, MOTD text

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\640_textscheme.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2089
Entropy (8bit):	5.095113488589178
Encrypted:	false
SSDEEP:	24:QHjgtfxC3TrClyCtNBTbUmTXGnV/q+qGIsM9wqG6rCdRj0W1ifuAiMwPrCxwrCq+:ujgtfgCtnbJGNnMOfZxGufzs5NVOwaa
MD5:	86D8FFF58117A4A9542153F4AEFF4A92
SHA1:	70212EEF1CF41E064F65750E82F53473D0258878
SHA-256:	7700B92FC12E4E8883C6D488E804AD3E51EF3F9651E675982120B0F256CE8C4B
SHA-512:	B98AADD8CBCB638C5799F73ECEE284BDE49C864ED0CBEBD76CCF348BD1D2F999FDD731B2C28712EEEE8276AD7F7E34AFE60434C4BCE25D3F9DE989124CDB595C
Malicious:	false
Preview:	///////////////////// TEXT FILE DESCRIPTION /////////////////////..// 640x480 text scheme file..//..// Resolutions:..// .320..//.400..//.512..//.640..//.800..//.1024..//.1152..//.1280..//.1600..//....// SchemeName defines a new scheme..SchemeName = "Basic Text"....// FontName is the string name of the font the scheme uses..FontName = "Arial"....// FontSize defines the height of the font (the rest is derived from that)..FontSize = 17....// FontWeight thickens the font (700 is bold, 1400 very bold)..FontWeight = 0....// foreground colors (RGBA, A=0 being fully transparent, A=255 fully solid)..FgColor = "255 170 0 255"..FgColorArmed = "255 255 255 255"..FgColorMousedown = "255 255 255 255"....// background colors (note that these always default to "0 0 0 0")..BgColor = "0 0 0 0"..BgColorArmed = "0 0 0 0"..BgColorMousedown = "0 0 0 0"....///////////////////// TFC FONTS /////////////////////......// DEFAULT BUTTON TEXT..SchemeName = "Primary Button Text"..FontN

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\800_textscheme.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1300
Entropy (8bit):	5.091066237241095
Encrypted:	false
SSDEEP:	24:D4tHGrCdRHi0W1ifuAiMwPrCw0W1ifuAiMpwrCTwnmtyrCtkfF5orCokkss5rCSp:D4B3xix7xyHzFSzsTYbVOw2Oa
MD5:	2770E1067FD8AC9D7CEF78A51260BAE9
SHA1:	ED1623E1FB132108FDB8CF8ACEBDCCB117E5BAA6
SHA-256:	01F7AE3ED0A116732291B312CD0E3D32E22418664BCBD0B2F741DC55EF043E5E
SHA-512:	CD398B8ECE06E2D414A2350EEC04D06C00D0392460A63F4C84C526AC3703CDCD53FEE13B07E1A18E1D4B7888156936D19056B7125E1745E81D71808B97182CA0
Malicious:	false
Preview:	// 800x600 text scheme file....// DEFAULT BUTTON TEXT..SchemeName = "Primary Button Text"..FontName = "Arial"..FontSize = 20..FgColor = "255 170 0 255"..BgColor = "0 0 0 141"..FgColorArmed = "255 255 255 255"..BgColorArmed = "255 170 0 67"....// COMMAND MENU TEXT..SchemeName = "CommandMenu Text"..FontName = "Arial"..FontSize = 17..FgColor = "255 170 0 255"..BgColor = "0 0 0 141"..FgColorArmed = "255 255 255 255"..BgColorArmed = "255 170 0 67"....// SCOREBOARD TEXT..SchemeName = "Scoreboard Text"..FontName = "Arial"..FontSize = 15..FontWeight = 0....// SCOREBOARD TITLE TEXT (team names, team scores)..SchemeName = "Scoreboard Title Text"..FontName = "Arial"..FontSize = 20..FontWeight = 700....// SCOREBOARD SMALL TEXT (headers, player #)..SchemeName = "Scoreboard Small Text"..FontName = "Arial"..FontSize = 12..FontWeight = 0....// TITLE FONT in TFC selection menus..SchemeName = "Title Font"..FontName = "Arial"..FontSize = 26..FgColor = "255 170 0 255"....// CLASSDESC, MAPDESC, MOTD text w

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\gfx\palette.lmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	768
Entropy (8bit):	5.498193754851222
Encrypted:	false
SSDEEP:	6:ea2NCKmlaiuly62lKS+liqGHQ+U/ZOU6jbtzokuI0zoWP:75KSaiqy6CKSaiqGHrUZVJYWP
MD5:	5FB93560C8AE637BA463D084B0EC505E
SHA1:	1B2A6A5BB0A579B0F3DF9CB6C6152A9C65CB9E62
SHA-256:	036B7EA3C8C03BE214BB7D22B8D63AC27F63D547E42CA677FEF344DDC780961E
SHA-512:	0883834F1150791B4E060E080E7A07EEB60310B88E0334DB094C64AF5F5B147EBD51CB1E3BAA514EA53D286DF9876DF86D7D463C7E2675C14A5050D0BE4003A9
Malicious:	false
Preview:	.........///???KKK[[[kkk{{{..............................'../#.7+.?/.K7.S;.[C.cK.kS.sW.{_#.g#.o#........'''3//?77K??WGGgOOs[[.cc.kk.ss.{{......................##.++.//.77.??.GG.KK.SS.[[.cc.kk.............'../..7..?..G..O..W.._..g..o..w...........##./+.7/.C7.K;.WC._G.kK.wS..W..[.._..c..g##../..;..K#.W+.c/.s7#.;+.C3.O3.c/.w/.+.'............+#.7+.G3.S7#c?+oG3.S?._G.kS.{_..k.{..........s..g{.[owSckKW_?KW7CK/7C'/7.#+..#.........s..k.._..Ww.Ok.K_sCSk;K_3?S+7G#+;.#/..#....................{.{o.o_{cSkWG_K;S?3C3'7+.'........o.{g{o_sgWk_OcWG[O?SG7K?/C7+;/#3'.+..#...............................s.{c.kS.[G.K7.;+.+....................##.++.//.//.//.//o//_++O##?../......+..;..K.._..o.........'..3..K..c+..;.O._.w...{;..7..7..W.........g.......................[S

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\gfx\shell\kb_keys.lst

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	9506
Entropy (8bit):	4.826050067649689
Encrypted:	false
SSDEEP:	96:iyLykypyqynyQyVy2yiZykZyJyByKy1ywyTyWyWyTysyxyyyPy4yT5yryuYyQyNG:I5ulGEp8gSxrKNsvktB1ItUq
MD5:	E2695474C78E05B7695ABCE361674DE5
SHA1:	3A0ED95A1592A09A7AFB96814D74747708822E90
SHA-256:	0817B5A5C8CEC8894354207B8685DE93E2CCA8F9882632B048AAF2531A77288B
SHA-512:	90FD26B471AB19339089D0553665C08ACF7ADEADC6603CE6477A851104E2E52AC9C8B71DC515D4EF7DBDEAC6ACD2D6FF07B0464B4724A266F7543907A900A5CC
Malicious:	false
Preview:	0."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..1."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..2."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..3."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..4."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..5."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..6."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..7."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..8."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..9."TAB" "TAB" DEFAULTCOLOR..10."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..11."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..12."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..13."ENTER" "ENTER" DEFAULTCOLOR..14."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..15."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..16."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..17."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..18."<UNKNOWN KEYNUM>" "<UNKNOWN KEYNUM>" DEFAULTCOLOR..19."<UNKNOWN

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\gfx\vgui\mouse.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 16 x 16 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	0.9623589112480317
Encrypted:	false
SSDEEP:	6:njq2Wzq2HTq2zu2jq2zqjq2je3TW2Da2ze2ji2Tm2Dq2zu2nGyapK:rzdpK
MD5:	82430BFA895FB36AF2FA458D06DBC19A
SHA1:	B7DFDCE37445E4B6ECB8CF3A67B83D53A2F839D6
SHA-256:	5768AFA6D5852D71D2551319EE8A62200592E9AE5E2A62DC4D921DA2A23B7CD9
SHA-512:	4A03C9FFFEB1EFEDED012A160D236E6000A329264B619C6C343EBA5358B15CD5252308F6F201553190EA104A396EF23E784B3B4658159A7083B031AF584CB175
Malicious:	false
Preview:	................ .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\liblist.gam

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	287
Entropy (8bit):	4.763617035964038
Encrypted:	false
SSDEEP:	6:jKgnsugLLhMXRstiARRodMvWVUavdoVSdWBPDv59acp7HCVVmn:jwMXRsCVUkdImKDvP
MD5:	2B8EFFB8288C1029F787A1B5F2355E4F
SHA1:	ABDF49DD3DD372C2D8D7FBE974D115DC87BD07A6
SHA-256:	47AD235B0B05DBCEFB69B56AACA9DC7B0FFBA56F21B919D249C17ED05CA31827
SHA-512:	DB1AFDED2C470DA23C68D9CC65E85AE5AB1E3B10712CB09F64DA116A1BF16B4F90DEC872DCF9AD98C1FC181AD73552FA337FD2499878A17632F438275CF88C13
Malicious:	false
Preview:	// Valve Game Info file..// These are key/value pairs. Certain mods will use different settings...//..game "Half-Life"..startmap "c0a0"..trainmap "t0a0"..mpentity "info_player_deathmatch"..gamedll "dlls\hl.dll"..gamedll_linux "dlls/hl_i386.so"..secure "1"..type "singleplayer_only"....

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\models\abone_template1.mdl

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	5904
Entropy (8bit):	5.434020623708916
Encrypted:	false
SSDEEP:	96:F5ABXNsx97NxWj/P0l760J6qqzFlKfYp70Ua1dqy:KCWj/slXMqqhlKfYK91dq
MD5:	E4AFAB4934B0AAF1F72C9422491C9E82
SHA1:	8812DFEC489A329107A51A14C900F38894E34A48
SHA-256:	0E46E7A52BDBFFF62F9337A246AC2172469F88E195B7E344B5F4C8F3D8E4CD77
SHA-512:	D1F471D334FA2BE28BA1BED2048FF4A019E77734807A4DEA8D3D8C468290678114D52DC3DB3583DCB89B1212C48DFD6769170AB2A5242786472179A5A13A6812
Malicious:	false
Preview:	IDST....valve/models/ABONE_Template1.mdl................................................................................................................................................D.......................0...............................0...Dummy11.........................................................H..<2x.>B..@...............;...;...;m.I7m.I7m.I8Object09...........................................................>l..>.V................;...;...;m.I7m.I7m.I7.........`.33.......`@33.A...?.......... .........................idle...............................A.............................................................F...*D..d...-.A`.U@B..@...........................?............................default.................................................................................................studio..................................................................\|...ABONE_Template1.............................................................\|...#.......4...#...............

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\models\agibs.mdl

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	data
Category:	dropped
Size (bytes):	35860
Entropy (8bit):	6.90420152130945
Encrypted:	false
SSDEEP:	768:bVVlXk9sVVOA4Pv0dE+GVVbyBu/9yFO3vXKfS:bVVxk9sI30dwOBuFyFOf66
MD5:	7A87F6F0C0305736EDB73CEE9DCF54D9
SHA1:	72F82858650AF65B5F2D01261795397D7BD91F89
SHA-256:	AE7DCE6AF43AA8C9FE961405DB0D9DD4E2680494168E4650E4C18F41FF56488B
SHA-512:	B19060038B49295A3706B2B42421F7EAA85FA01322FCF896110B579ACF3A6A5F411B564B133902DB0307D5AB05FA7D0C1E8826FD480B60F1701F1A62AA6B19C1
Malicious:	false
Preview:	IDST....valve/models/agibs.mdl..........................................................................................................................d.......d...............P.......................................d...........................Sphere01..........................................................=..v.. ..@...>.0B....?...;...;...;m.I7m.I7m.I8........=...R.j.....z.AR.jA..@.............e...e6..e...e..idle1..............................A................P...e.......P....................................U....7...&Ai}4A.S.@...........................?............................default.................................................................................................parts.......................................................................aliengeneric1.......................................................................................l...........aliengeneric2...............................................................$...........,...........(...........alie

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\BackgroundLayout.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	714
Entropy (8bit):	4.62639175535151
Encrypted:	false
SSDEEP:	12:+3UqKuuU0mUfUaN341kX1go41KMN3NJS1ykjo:+kqKub0j86P2NrSC
MD5:	11136B7CFF2358EBF01FB0D8783FA793
SHA1:	05F5A267828975D2C43F90B73962B971B9672954
SHA-256:	F1D2461E3936AB6397A852F4EFB971AD807BEA0C6C99CA8377886CCD88ADA750
SHA-512:	B8DBB295B7D5A9B5F811D4C63F9DFD6DBA232269F5B04C259F817ED7C915BFD12D2DF0B71EFC2442B40DB677F3C16A8C12E8135DA7B76DC55A607949599CAEE4
Malicious:	false
Preview:	resolution.800.600....resource/background/800_1_a_loading.tga..scaled..0.0..resource/background/800_1_b_loading.tga..scaled..256.0..resource/background/800_1_c_loading.tga..scaled..512.0..resource/background/800_1_d_loading.tga..scaled..768.0....resource/background/800_2_a_loading.tga..scaled..0.256..resource/background/800_2_b_loading.tga..scaled..256.256..resource/background/800_2_c_loading.tga..scaled..512.256..resource/background/800_2_d_loading.tga..scaled..768.256....resource/background/800_3_a_loading.tga..scaled..0.512..resource/background/800_3_b_loading.tga..scaled..256.512..resource/background/800_3_c_loading.tga..scaled..512.512..resource/background/800_3_d_loading.tga..scaled..768.512........

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\BackgroundLoadingLayout.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	714
Entropy (8bit):	4.62639175535151
Encrypted:	false
SSDEEP:	12:+3UqKuuU0mUfUaN341kX1go41KMN3NJS1ykjo:+kqKub0j86P2NrSC
MD5:	11136B7CFF2358EBF01FB0D8783FA793
SHA1:	05F5A267828975D2C43F90B73962B971B9672954
SHA-256:	F1D2461E3936AB6397A852F4EFB971AD807BEA0C6C99CA8377886CCD88ADA750
SHA-512:	B8DBB295B7D5A9B5F811D4C63F9DFD6DBA232269F5B04C259F817ED7C915BFD12D2DF0B71EFC2442B40DB677F3C16A8C12E8135DA7B76DC55A607949599CAEE4
Malicious:	false
Preview:	resolution.800.600....resource/background/800_1_a_loading.tga..scaled..0.0..resource/background/800_1_b_loading.tga..scaled..256.0..resource/background/800_1_c_loading.tga..scaled..512.0..resource/background/800_1_d_loading.tga..scaled..768.0....resource/background/800_2_a_loading.tga..scaled..0.256..resource/background/800_2_b_loading.tga..scaled..256.256..resource/background/800_2_c_loading.tga..scaled..512.256..resource/background/800_2_d_loading.tga..scaled..768.256....resource/background/800_3_a_loading.tga..scaled..0.512..resource/background/800_3_b_loading.tga..scaled..256.512..resource/background/800_3_c_loading.tga..scaled..512.512..resource/background/800_3_d_loading.tga..scaled..768.512........

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\GameMenu.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1546
Entropy (8bit):	4.667829820315536
Encrypted:	false
SSDEEP:	24:aFDGmpAs3+KufgQzKi3K6flbD4ROWwN0LBf1i0lgEK:aFDG56+EUKi3KkbD4ROWw6LKEgn
MD5:	99CAF9A3262EE5E81B5889F9BE1DFFDF
SHA1:	2BD451CF2C3E2AD3C529C166EDAC80F74DBAEC6C
SHA-256:	15ED05BE109F1FB9ECEF3AD6936BBD4EC1434AEF172E3448B491DE298E4EB383
SHA-512:	8BA02D5C16C20D74585502EB0EA42C9C725045C2E14C7704451E9AD1C7D7EBF5A3FAEFABEE31D665BBDA232246284BF53EBE21A0A67F57B6F64EC7331FC25CA4
Malicious:	false
Preview:	"GameMenu"..{..."1"...{...."label" "#GameUI_GameMenu_ResumeGame"...."command" "ResumeGame"...."OnlyInGame" "1"...}..."2"...{...."label" "#GameUI_GameMenu_Disconnect"...."command" "Disconnect"...."OnlyInGame" "1"...."notsingle" "1"...}..."3"...{...."label" "#GameUI_GameMenu_PlayerList"...."command" "OpenPlayerListDialog"...."OnlyInGame" "1"...."notsingle" "1"...}..."4"...{...."label" ""...."command" ""...."OnlyInGame" "1"...}..."5"...{...."label" "#GameUI_GameMenu_NewGame"...."command" "OpenNewGameDialog"...."notmulti" "1"...}..."6"...{...."label" "#GameUI_GameMenu_LoadGame"...."command" "OpenLoadGameDialog"...."notmulti" "1"...}..."7"...{...."label" "#GameUI_GameMenu_SaveGame"...."command" "OpenSaveGameDialog"...."notmulti" "1"...."OnlyInGame" "1"...}..."8"...{...."label" ""...."command" ""...."notmulti" "1"...}..."9"...{...."label" "#GameUI_GameMenu_FindServers"...."command" "OpenServerBrowser"...."notsingle" "1"...}..."10"...{...."label" "#GameUI_GameMenu_CreateServer"...."command" "

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\LoadGameDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3085
Entropy (8bit):	4.369482425661429
Encrypted:	false
SSDEEP:	48:NCgQ4i1I2/7ufh/T2teSi2uTGLN2UN8//xM//4//2//a:NVTGI26fhKteSiFk2a8xM42a
MD5:	663B09EA75878C1C3F762E3DF0E5E557
SHA1:	EBF456183606A93338889B3CAD61C44D58A61D89
SHA-256:	A4E13C4F85A8EC52B42D9557885DFF956B0D2E6E2DED2022C67335D3D50D8ACD
SHA-512:	24DEE84448664C4CAAB58D98AF998E8089798F59E046F5567ADA79F9A7118C287901C8ACC67911F0B8C812DDF346BCF686F044DB8AC4B297BC197C34435CDBDC
Malicious:	false
Preview:	"Resource\LoadGameDialog.res"..{..."LoadGameDialog"...{...."ControlName".."Frame"...."fieldName".."LoadGameDialog"...."xpos".."152"...."ypos".."142"...."wide".."508"...."tall".."414"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."HelpText"...{...."ControlName".."Label"...."fieldName".."HelpText"...."xpos".."20"...."ypos".."30"...."wide".."470"...."tall".."50"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_LoadGameHelp"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."wrap"..."1"...}..."Load"...{...."ControlName".."Button"...."fieldName".."Load"...."xpos".."282"...."ypos".."378"...."wide".."102"...."tall".."24"...."autoResize".."0"...."pinCorner".."3"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."#GameUI_Load"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."command".."Load"...."de

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\LoadingDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3282
Entropy (8bit):	4.372158702497117
Encrypted:	false
SSDEEP:	48:KVYbykD//rN/YdGzg/HXuuL/FhczZZEE/9ELA0//v//tM//f:KaTJgdG8PXuuL9uzbEEVwA0vtMf
MD5:	0D4C90F34F238015C6EBA69126C87901
SHA1:	28EC788D7FF2EE62E23BDA46E0642A8BBACD890E
SHA-256:	605A8B9482D6A9797969611BBAEDE3A965D918BE4AA446B0D24E3D1DC9FF1759
SHA-512:	2194AB260D0E9957F15BFB4FDF49E2D6DD62CB3B94B754D0259717057F8CDAF89FE99A6F334327F2134583A545371A12AFA1CB4E6D6AE122EC497187C234774B
Malicious:	false
Preview:	"Resource/LoadingDialog.res"..{..."LoadingDialog"...{...."ControlName".."Frame"...."fieldName".."LoadingDialog"...."xpos".."322"...."ypos".."249"...."wide".."380"...."tall".."220"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."SysMenu"...{...."ControlName".."Menu"...."fieldName".."SysMenu"...."xpos".."0"...."ypos".."0"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."InfoLabel"...{...."ControlName".."Label"...."fieldName".."InfoLabel"...."xpos".."20"...."ypos".."34"...."wide".."340"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_ParseBaseline"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."progress"...{...."ControlName".."ProgressBar"...."fieldName".."Progress"...."xpos".."20"...."ypos".."64"...."wide".."260"...."tall".."2

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\LoadingDialogDualProgress.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3098
Entropy (8bit):	4.400256366175028
Encrypted:	false
SSDEEP:	48:dlR46Uzj/u/ON/BLXu4L/lYEqchZZE5/5Aj/eM/y:n2xXmiJLXu4LdYGhbE5BAjWMa
MD5:	352C397B803343B3B91AF7F23B3ECA70
SHA1:	F914189B455259060D71029894E64BD6DE916AA8
SHA-256:	939BAD3715140F28D2FB3A92F2D82FA2F20424C51EE07EEBE0352AD40B9EC1A6
SHA-512:	A84BB188325BB52FB28154A03A5CD808BF2955FC814CE33E970ABA98B9FD9DB7FA1961219307FD1827E7FCA83AF46AEAC5617860395DBEC83CEBD894A8F8D7D8
Malicious:	false
Preview:	"Resource/LoadingDialogDualProgress.res"..{..."LoadingDialog"...{...."ControlName".."Frame"...."fieldName".."LoadingDialog"...."xpos".."210"...."ypos".."162"...."wide".."380"...."tall".."276"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."settitlebarvisible".."1"...}..."progress"...{...."ControlName".."ProgressBar"...."fieldName".."Progress"...."xpos".."20"...."ypos".."58"...."wide".."260"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."Progress2"...{...."ControlName".."ProgressBar"...."fieldName".."Progress2"...."xpos".."20"...."ypos".."132"...."wide".."260"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."InfoLabel"...{...."ControlName".."Label"...."fieldName".."InfoLabel"...."xpos".."20"...."ypos".."34"...."wide".."340"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."vis

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\LoadingDialogDualProgressVAC.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4009
Entropy (8bit):	4.408430122008739
Encrypted:	false
SSDEEP:	48:dlR4xUzj/u/ON/BLXu4L/lYEqchZZE5/5Aj/eM/PjZ/Vnr+LPS:n22XmiJLXu4LdYGhbE5BAjWMXjRVSG
MD5:	07B15149053BD2C57DF44C7460524DCB
SHA1:	A5D9A3A1A450D2773F36B69E3EC47A79954CDE36
SHA-256:	4D25C49105774B826FD2A7F149F702369A4A0CF04D0577499DBDCDA86B10BB1F
SHA-512:	09310FF368DF951993AD616FA75149C59E2C7BF349A9FA0F7913F4E1B2CE1E0B835963EB4EB36ED9FACCE3DBB249D53CEC9023ADFEED96972D9EEA5230B19EB5
Malicious:	false
Preview:	"Resource/LoadingDialogDualProgress.res"..{..."LoadingDialog"...{...."ControlName".."Frame"...."fieldName".."LoadingDialog"...."xpos".."210"...."ypos".."162"...."wide".."380"...."tall".."356"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."settitlebarvisible".."1"...}..."progress"...{...."ControlName".."ProgressBar"...."fieldName".."Progress"...."xpos".."20"...."ypos".."58"...."wide".."260"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."Progress2"...{...."ControlName".."ProgressBar"...."fieldName".."Progress2"...."xpos".."20"...."ypos".."132"...."wide".."260"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."InfoLabel"...{...."ControlName".."Label"...."fieldName".."InfoLabel"...."xpos".."20"...."ypos".."34"...."wide".."340"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."vis

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\LoadingDialogError.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3078
Entropy (8bit):	4.365154102756458
Encrypted:	false
SSDEEP:	48:XwuZUzC//D//t11EXudL/3nE/dczZ/0Ek//SA0//xM//f:XwuueDt1uXudLvFzeEkSA0xMf
MD5:	3F14E883A1E4824E8EBFEEC9B4545B90
SHA1:	3271BC66AD1B3F04077D8C27E353296A7AF022DB
SHA-256:	32446B575D3D87EFD4E907E0DF0A89FB7132380BB6B750EAFFAA147E24AD6418
SHA-512:	E511752C466981F6370F561ACC53A7146EE5A6AF076030E9B161B0CC8B7E4AC2A3415EAEA2AFE52AD6D8C6285E060C047FC5EB19B9BFA2BDED4C89D4CF52D57C
Malicious:	false
Preview:	"Resource/LoadingDialogError.res"..{..."LoadingDialog"...{...."ControlName".."Frame"...."fieldName".."LoadingDialog"...."xpos".."210"...."ypos".."232"...."wide".."380"...."tall".."136"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."settitlebarvisible".."1"...}..."progress"...{...."ControlName".."ProgressBar"...."fieldName".."Progress"...."xpos".."20"...."ypos".."88"...."wide".."260"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."Progress2"...{...."ControlName".."ProgressBar"...."fieldName".."Progress2"...."xpos".."20"...."ypos".."114"...."wide".."260"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."InfoLabel"...{...."ControlName".."Label"...."fieldName".."InfoLabel"...."xpos".."20"...."ypos".."32"...."wide".."340"...."tall".."62"...."autoResize".."0"...."pinCorner".."0"...."visible"..

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\LoadingDialogErrorLoggedInElsewhere.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2652
Entropy (8bit):	4.411164939497467
Encrypted:	false
SSDEEP:	48:XbGqqKp0B/zN5z/NdVXVL/fJ9UE/+zC//QzKJ//QzKFj//5:XqqqhBZ5JdVXVL3kTeQOJQOFj5
MD5:	05222A57FC8EEAB114B12D4461E87AEF
SHA1:	A0F81B0B1E2EE9498307D5AC911CCE3291E288E1
SHA-256:	E5545CCFBF8EC1FF9DA92A2A374190F8B4240358C002B1999E25A941A3B3F6EC
SHA-512:	C18CFA6FB69374C1B6E655CF126399B2C3E99E6059620D8E8F8910318E714A9152655F02E33F33B5899645D6A6E9102304D048C4A27FC28EA089F110A48603AE
Malicious:	false
Preview:	"Resource/LoadingDialogErrorLoggedInElsewhere.res"..{..."LoadingDialog"...{...."ControlName".."CLoadingDialog"...."fieldName".."LoadingDialog"...."xpos".."600"...."ypos".."360"...."wide".."400"...."tall".."180"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."settitlebarvisible".."1"...."title".."#VAC_LoggedInElsewhere_Title"...}..."infolabel"...{...."ControlName".."Label"...."fieldName".."InfoLabel"...."xpos".."20"...."ypos".."34"...."wide".."340"...."tall".."48"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_ParseBaseline"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."wrap".."0"...}..."CancelButton"...{...."ControlName".."Button"...."fieldName".."CancelButton"...."xpos".."300"...."ypos".."142"...."wide".."72"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labe

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\LoadingDialogErrorNoSteamConnection.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3067
Entropy (8bit):	4.435293638267971
Encrypted:	false
SSDEEP:	48:XXFqK2hH/GzC//QzKJ//QzKzN5zYdVXVL/YDj//bNJNAl/KhQhLE/z:XVq3OeQOJQOB5cdVXVLcj5HAl/6
MD5:	BB3FF5EBE1B8D0739CD64142E6678AA6
SHA1:	E314526070A9E3ED79FDCBF1FAA3DA2FBAC28E40
SHA-256:	8691EFC0BAAEB37BB0D86E79D179856600C4140BA59CCC2AEF16EE507F831237
SHA-512:	79984D75450CC521F94979299D0CDC90161F3780285A13E115B71B7101EFF176411A487A781BD43F6761B5BBA643D92AC580AC408B670103AFB3C8B639A4A95C
Malicious:	false
Preview:	"Resource/LoadingDialogErrorNoSteamConnection.res"..{..."LoadingDialog"...{...."ControlName".."CLoadingDialog"...."fieldName".."LoadingDialog"...."xpos".."600"...."ypos".."360"...."wide".."400"...."tall".."180"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."settitlebarvisible".."1"...."title".."#VAC_ConnectionIssuesSupport_Title"...}..."progress"...{...."ControlName".."ProgressBar"...."fieldName".."Progress"...."xpos".."20"...."ypos".."88"...."wide".."260"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...."progress".."0.000000"...}..."Progress2"...{...."ControlName".."ProgressBar"...."fieldName".."Progress2"...."xpos".."0"...."ypos".."0"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...."progress".."0.000000"...}..."infolabel"...{...."ControlName".."Label"...."fieldName".."InfoLabe

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\LoadingDialogErrorVACBanned.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2812
Entropy (8bit):	4.387284365776875
Encrypted:	false
SSDEEP:	48:XSVPVHXV9L/FJ2UrQHLPxE/+zC//QzKJ//QzKFj//bNJ/A:XS9BXV9L9J2FVTeQOJQOFj5m
MD5:	8090FC77AB3412568770EEB09881196B
SHA1:	F38F0CC7D92454857EDD340278761E913D407C85
SHA-256:	7338DAB79B9068F6117BBA745FED42B1FE8BAB8C20D8B0E499FB2C86BF611619
SHA-512:	8C0E7FBBD82A8B2940289C5865C082CBF7E011DBD6716C4821379886698FD68FA480A090C69A7A61C3CC1C30B9BC68DAF3B86CE3E08E1E6C94146BFC36C1324B
Malicious:	false
Preview:	"Resource/LoadingDialogErrorVACBanned.res"..{..."LoadingDialog"...{...."ControlName".."Frame"...."fieldName".."LoadingDialog"...."xpos".."322"...."ypos".."249"...."wide".."400"...."tall".."190"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."CancelButton"...{...."ControlName".."Button"...."fieldName".."CancelButton"...."xpos".."300"...."ypos".."157"...."wide".."72"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_Cancel"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."command".."Cancel"...."Default".."0"...}..."VACInfoLabel"...{...."ControlName".."Label"...."fieldName".."VACInfoLabel"...."xpos".."80"...."ypos".."35"...."wide".."300"...."tall".."120"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."wrap"..."1"...."tabPosition".."0"...."labelText".."#VAC_ConnectionRefusedDetail"...."text

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\LoadingDialogNoBanner.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3050
Entropy (8bit):	4.37938576095093
Encrypted:	false
SSDEEP:	48:KVYPON/YdGzg/HXuuL/FhczZ/0Ek//fE/cA0//v//tM//f:KaygdG8PXuuL9uzeEkfnA0vtMf
MD5:	41FBD182BB5B5CEA2F55B5F1BBA6C09D
SHA1:	3105C5845A0093C16392502D945AA3B7A846A470
SHA-256:	727D34D5FDAE5F32F75A78BAAC5D05EEEFC6AA094B8CC2138F88874044E74E42
SHA-512:	69C54056A5408A67273E1A90677A838FD94060A170DE09DC61DA504A1EF10058603D997441E9271FC8086035DEB3E507A6533D125E35D98E911C7FBC32F76301
Malicious:	false
Preview:	"Resource/LoadingDialog.res"..{..."LoadingDialog"...{...."ControlName".."Frame"...."fieldName".."LoadingDialog"...."xpos".."322"...."ypos".."249"...."wide".."380"...."tall".."112"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."InfoLabel"...{...."ControlName".."Label"...."fieldName".."InfoLabel"...."xpos".."20"...."ypos".."34"...."wide".."340"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_ParseBaseline"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."progress"...{...."ControlName".."ProgressBar"...."fieldName".."Progress"...."xpos".."20"...."ypos".."64"...."wide".."260"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."CancelButton"...{...."ControlName".."Button"...."fieldName".."CancelButton"...."xpos".."288"...."ypos".."64"...."wide".."72

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\LoadingDialogNoBannerSingle.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3042
Entropy (8bit):	4.3721859198594135
Encrypted:	false
SSDEEP:	48:fVY4ON//qzua/HXuN1L/FhczZ/0Ek//fE/cA0//v//tM//f:faxqlPXuPL9uzeEkfnA0vtMf
MD5:	793571F7C05E37494C38C4EF98EC4A63
SHA1:	DB129F696EA4C1A40D2E60B4BEF7378746DC2FDA
SHA-256:	71C1A660C29CFF29C52866321710C00CE664FA37F952A8E999F5F52C92DFBDC4
SHA-512:	CCEA3310A28288B8BAC7067FB0F91D3EDEA4A697F0DCABB80CB86E3AACF1FADEB90C16D1DD881D5C1EF9638D2D3069EFAC0D7FF2B90CB80025938CF18E1222B1
Malicious:	false
Preview:	"Resource/LoadingDialogNoBannerSingle.res"..{..."LoadingDialog"...{...."ControlName".."Frame"...."fieldName".."LoadingDialog"...."xpos".."322"...."ypos".."249"...."wide".."380"...."tall".."74"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."InfoLabel"...{...."ControlName".."Label"...."fieldName".."InfoLabel"...."xpos".."20"...."ypos".."34"...."wide".."340"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...."labelText"..""...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."progress"...{...."ControlName".."ProgressBar"...."fieldName".."Progress"...."xpos".."20"...."ypos".."34"...."wide".."260"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."CancelButton"...{...."ControlName".."Button"...."fieldName".."CancelButton"...."xpos".."288"...."ypos".."34"...."wide".."72"...."ta

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\LoadingDialogVAC.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4189
Entropy (8bit):	4.3858536961473344
Encrypted:	false
SSDEEP:	48:KVYw7ykD//rN/YdGzg/HXuuL/FhczZZEE/9ELA0//v//tM//5zgZnnrwLPh:Ka4JgdG8PXuuL9uzbEEVwA0vtM5gBUd
MD5:	5C7FA93D0052DC4BF717A78DFB9F80BE
SHA1:	4A74852B07EB81F1E73B2208173B35DB0F5E7BB1
SHA-256:	9287AF6EA28791E62191B7C2551C3CB2DFEFC4972E79C6C410F2474A638C7B5A
SHA-512:	8CAD767202E27E63DB644D333D46F0DDCC1EED87D95A712F35A59D84EBCB1F08028AA71494E3FC5DB45EB36EDFA672D42F145791CF7DD1D3713A1B7C312EE881
Malicious:	false
Preview:	"Resource/LoadingDialog.res"..{..."LoadingDialog"...{...."ControlName".."Frame"...."fieldName".."LoadingDialog"...."xpos".."322"...."ypos".."249"...."wide".."380"...."tall".."285"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."SysMenu"...{...."ControlName".."Menu"...."fieldName".."SysMenu"...."xpos".."0"...."ypos".."0"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."InfoLabel"...{...."ControlName".."Label"...."fieldName".."InfoLabel"...."xpos".."20"...."ypos".."34"...."wide".."340"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_ParseBaseline"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."progress"...{...."ControlName".."ProgressBar"...."fieldName".."Progress"...."xpos".."20"...."ypos".."64"...."wide".."260"...."tall".."2

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\MultiplayerAdvancedDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1528
Entropy (8bit):	4.441571767963139
Encrypted:	false
SSDEEP:	24:48qatNLH41AqXbLTmvaJvXbLTP5gwTTCwW:48qMNLHfqL/mSBL/BgwTTJW
MD5:	A3DCBD5B6D05A4EC50E8518EF47FE443
SHA1:	3A393D1AC8B52EA7E044903C16CACCDD14D5D52B
SHA-256:	DD63DC19EB64F5F18957888DEDBB168EE268D426662805698521347F6B0C2C88
SHA-512:	061FAFE037A01CF974BBA9AA6FA059D8AE17E4D85E16A894F9E6309C173BFE3D99AE160C5F7399BA9BAA453762C0366668D7C195698BA08CC24861532D31AEF0
Malicious:	false
Preview:	"Resource\MultiplayerAdvancedDia"..{..."MultiplayerAdvancedDialog"...{...."ControlName".."Frame"...."fieldName".."MultiplayerAdvancedDialog"...."xpos".."60"...."ypos".."108"...."wide".."472"...."tall".."376"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."Cancel"...{...."ControlName".."Button"...."fieldName".."Cancel"...."xpos".."388"...."ypos".."338"...."wide".."72"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."#GameUI_Cancel"...."textAlignment".."west"...."dulltext".."0"...."command".."Close"...."default".."0"...}..."OK"...{...."ControlName".."Button"...."fieldName".."OK"...."xpos".."308"...."ypos".."338"...."wide".."72"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."labelText".."#GameUI_OK"...."textAlignment".."west"...."dulltext".."0"...."command".."Ok"...."default".."1

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\MultiplayerAdvancedPage.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	582
Entropy (8bit):	4.432880123555423
Encrypted:	false
SSDEEP:	6:43sq3JEfCIbVt3J7HPk8skkhHT8SzkQ3zwx41Eo3cJDEyWH8ovN8spovNYbgcHzW:43sq3Hqt35kk68SzPtE096lcHzP+
MD5:	ADA9D3CE344377565485E166F576D112
SHA1:	A79CC0B7FA95575405A91D79FE3A3FF2BE182A13
SHA-256:	57FA8E749F571B14896EB59565E6C5AAF07BA08E1A288541143CC1C1CDBA944D
SHA-512:	088F5D52CF8CE7B90464B4FA5185D88FA8122C05EFA8C822F251C56369F8E1F6ECCB000532DD0CB5A381946BFAD394CDFEE45D1C3E1CDD26CD691BEA53064169
Malicious:	false
Preview:	"Resource\MultiplayerAdvancedDia"..{..."MultiplayerAdvancedDialog"...{...."ControlName".."PropertyDialog"...."fieldName".."MultiplayerAdvancedDialog"...."xpos".."0"...."ypos".."0"...."wide".."500"...."tall".."310"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."PanelListPanel"...{...."ControlName".."CPanelListPanel"...."fieldName".."PanelListPanel"...."xpos".."10"...."ypos".."10"...."wide".."485"...."tall".."290"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\NewGameDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3021
Entropy (8bit):	4.406120894905338
Encrypted:	false
SSDEEP:	48:CciRBnZ7D5w/TG3tF/hy6/YU/ZnjL/mQfmKjL/knTGW:9iR91WoJzZLbfmKLOh
MD5:	28C7746827F083721FB07B97C42144B5
SHA1:	A4AFBA26CA11E0A9E3ED2E99472ECF92C17FE60F
SHA-256:	158C796730F476E658D7DC5E794850DF09CA251DD00F56C6839A9931EC6E1064
SHA-512:	84835FBE3D96E6DBBE02CD2C8F32EE804483B4E85BEFDA0DCE6C381D8F90420A76ED7EC03C9FA14084E7442F8475C6782FA114EC85268803C6931778C25B93E9
Malicious:	false
Preview:	"Resource\NewGameDialog.res"..{..."NewGameDialog"...{...."ControlName".."Frame"...."fieldName".."NewGameDialog"...."xpos".."390"...."ypos".."270"...."wide".."372"...."tall".."260"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."HelpText"...{...."ControlName".."Label"...."fieldName".."HelpText"...."xpos".."44"...."ypos".."48"...."wide".."292"...."tall".."40"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_NewGameHelpText"...."textAlignment".."west"...."dulltext".."1"...}..."Training"...{...."ControlName".."RadioButton"...."fieldName".."Training"...."xpos".."40"...."ypos".."94"...."wide".."220"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."labelText".."#GameUI_TrainingRoom"...."textAlignment".."west"...."dulltext".."0"...."default".."0"...."SubTabPosition".."1"...}..."Easy"...{...."Co

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\OptionsSubAdvanced.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	832
Entropy (8bit):	4.4640275312341435
Encrypted:	false
SSDEEP:	12:gSWVKGx7VKGFsgKSLHzPOilzLsx/C1fOEoxQgrzPflNLsR:duxBFTKSLTmlUQj2gnQR
MD5:	E3130D9B799323112969CB027D72B73C
SHA1:	86431B8BE771882825B2B95318090348B45476EB
SHA-256:	4669EA88D0726AA3A506C70FA87EC7ADA391176EF17EC4CFDD611464FF70B8AE
SHA-512:	8C21B47EBAF2E53B593FA4631A6B792A75B80674E8F02432EAD36FAEFAB28D9E1673B350F06E7C6CDB057B36E7F73A44BA0E07B9B9ACF4960BD631144597AF7E
Malicious:	false
Preview:	"Resource\OptionsSubAdvanced.res"..{..."ContentlockButton"...{...."ControlName".."Button"...."fieldName".."ContentlockButton"...."xpos".."40"...."ypos".."42"...."wide".."110"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."#GameUI_ContentLock"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."command".."ContentControl"...."Default".."0"...}..."ContentlockLabel"...{...."ControlName".."Label"...."fieldName".."ContentlockLabel"...."xpos".."162"...."ypos".."34"...."wide".."300"...."tall".."60"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_ContentLockLabel"...."textAlignment".."west"...."dulltext".."1"...."wrap".."1"...."brighttext".."0"...}..}..

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\OptionsSubAudio.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3804
Entropy (8bit):	4.476417059644701
Encrypted:	false
SSDEEP:	48:RlQl27vI7cOGKKGweGmKL9/lfF/2H7/crH7/vE+G/CKrRrG7fEI:Rl42DIrKAqL978EnElKT7/
MD5:	9502A28A9EB7BA5CC487F9FFA6D1D788
SHA1:	F8F0E583E0A4BF90E77A3E02EB46E876CFDB05DD
SHA-256:	3687A6DE06232079A77DAA358C3AC158A84C588EBC5DB617C81D8E7CA784536D
SHA-512:	444EFE5C61F06DDF089937F02EB5A75B92D2DCFD6BBB78322DF1DB469B15F0057A8E17DF1044E0E8A20B48BBFF689304350AFF4D8A76D2A9328D32417C7AC4D2
Malicious:	false
Preview:	"Resource\OptionsSubAudio.res"..{..."EAX"...{...."ControlName".."CheckButton"...."fieldName".."EAX"...."xpos".."251"...."ypos".."95"...."wide".."212"...."tall".."28"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."5"...."labelText".."#GameUI_EnableEAX"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Default".."0"...}..."A3D"...{...."ControlName".."CheckButton"...."fieldName".."A3D"...."xpos".."251"...."ypos".."125"...."wide".."214"...."tall".."28"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."6"...."labelText".."#GameUI_EnableA3D"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Default".."0"...}..."SFX Slider"...{...."ControlName".."CCvarSlider"...."fieldName".."SFX Slider"...."xpos".."40"...."ypos".."57"...."wide".."160"...."tall".."36"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."leftT

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\OptionsSubKeyboard.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1495
Entropy (8bit):	4.465490221578767
Encrypted:	false
SSDEEP:	24:0JKldIhLTm+jZM8I1TrOxqx4Ae6LT0cx3PT6LTqdU:0JZh/mCRI1Tyxl6/x6/1
MD5:	A79B06E5DE22A09C48EDAB8ED2A9A91E
SHA1:	FD7AC39FFA374F55A2155D51AEA0E0B913EC37AC
SHA-256:	2D8B55DE33B18E496D44C1FAFCEF51824070472A1D9D7E72692A0BA52C695890
SHA-512:	BC280BD319608FE491D9B147F874D2454584C58470760C25C87B728ED1DAD45AD882DC7AD0419E570F186453B0666337794CF7F250972E9D1E45EB52D452BEA3
Malicious:	false
Preview:	"Resource\OptionsSubKeyboard.res"..{..."Defaults"...{...."ControlName".."Button"...."fieldName".."Defaults"...."xpos".."12"...."ypos".."278"...."wide".."90"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."#GameUI_UseDefaults"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."command".."Defaults"...."default".."0"...}..."listpanel_keybindlist"...{...."ControlName".."ListPanel"...."fieldName".."listpanel_keybindlist"...."xpos".."12"...."ypos".."12"...."wide".."480"...."tall".."258"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...}..."ChangeKeyButton"...{...."ControlName".."Button"...."fieldName".."ChangeKeyButton"...."xpos".."310"...."ypos".."278"...."wide".."84"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."3"...."labelText".."#GameUI_SetNewKey"...."textAlignment".."

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\OptionsSubMouse.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5391
Entropy (8bit):	4.470096068696177
Encrypted:	false
SSDEEP:	48:uF/77oW/O77miu/3377kW/y77Cw/p77OE8U/k7/mj3Fg/5EtX/ZvXSZ7Y/F:uFzveAT7iJ5aErIVREJhviKt
MD5:	AE2BC785C966B4A61D1302C3238E29B4
SHA1:	E114AD5E07B0EF65158A686B7C6FFBCFF027C643
SHA-256:	4FDB0063378EAED5900978FE6156F2937CCC4D7153A7854DF4F2C5D528BFA741
SHA-512:	7EE08F0D10AEE5AFC3BA91CD3ABA3C9ACBB5426796CB7FB3B8D09344CA3C07E79B6B45069CF6011CFB55AEB5CE373EA587DB5931502776835355B8E8B5ED9299
Malicious:	false
Preview:	"Resource\OptionsSubMouse.res"..{..."ReverseMouse"...{...."ControlName".."CheckButton"...."fieldName".."ReverseMouse"...."xpos".."36"...."ypos".."32"...."wide".."140"...."tall".."28"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."1"...."labelText".."#GameUI_ReverseMouse"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Default".."0"...}..."Reverse Mouse label"...{...."ControlName".."Label"...."fieldName".."Reverse Mouse label"...."xpos".."184"...."ypos".."35"...."wide".."300"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_ReverseMouseLabel"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...}..."MouseLook"...{...."ControlName".."CheckButton"...."fieldName".."MouseLook"...."xpos".."36"...."ypos".."54"...."wide".."140"...."tall".."28"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\OptionsSubMultiplayer.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7431
Entropy (8bit):	4.439558591809215
Encrypted:	false
SSDEEP:	192:lKwnT1ihLncgojusV+YjoDGDzG4G5GZGmoEuOyEdd:UwnT1iJncgojusV+YjoDGDz5iKzoFOyQ
MD5:	59D1D6B98BB69E3C7FD72D1364E55416
SHA1:	DE29EA9D5B1C3042D03B9740E73A0245272D3B9C
SHA-256:	37F5F020AAE3FBAA0EE9B1A21FF007D089DE3C3C046ABF95AB63478086E6969C
SHA-512:	EDA2D4D4187CD4715EF65AD2BF6F2BE60F1ADBF7DA4D28C988C2CF3EA4BCBDECE87BCFA3D6C308688973F0D99F30155DA1C9FFAD6A698C857249102A3A98835E
Malicious:	false
Preview:	"Resource/OptionsSubMultiplayer.res"..{..."Cancel"...{...."ControlName".."Button"...."fieldName".."Cancel"...."xpos".."378"...."ypos".."322"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."3"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_Cancel"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."command".."Close"...."Default".."0"...}..."OK"...{...."ControlName".."Button"...."fieldName".."OK"...."xpos".."308"...."ypos".."322"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."3"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_OK"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."command".."Ok"...."Default".."0"...}..."Apply"...{...."ControlName".."Button"...."fieldName".."Apply"...."xpos".."448"...."ypos".."322"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."3"...."visible".."1"...."enabled".."1"...."tabPosition

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\OptionsSubVideo.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5189
Entropy (8bit):	4.429850707493631
Encrypted:	false
SSDEEP:	48:GeKiVKip9/m20p/cSU9/uOp/lu/V8Yf7/of7/ln5EB/o/jEX/o/jDEF1/DEP1/k+:GLpqO0/rExEd5E5obEPoLDEP7E9FEfkN
MD5:	69E0FF6CF15BC5374575CD3F55B565AA
SHA1:	53C5FA685B4D7B05095A868D351B620FC21CBE81
SHA-256:	455A1D0B5AE5BFB6CAAC1660CCCCCF22C6ABCF3D4A8BD3690D63E6543B44E55E
SHA-512:	60456EC56040DF853BD6766A3E33142EE0FCF64642533FA320D4E32E9238E5F406C8EACE9237CF74C649934A9B484A60F6501EBE3936908DBD63E6DF73997FC3
Malicious:	false
Preview:	"Resource\OptionsSubVideo.res"..{..."Brightness"...{...."ControlName".."CCvarSlider"...."fieldName".."Brightness"...."xpos".."40"...."ypos".."217"...."wide".."160"...."tall".."50"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."6"...."leftText".."#GameUI_DARK"...."rightText".."#GameUI_LIGHT"...}..."Gamma"...{...."ControlName".."CCvarSlider"...."fieldName".."Gamma"...."xpos".."248"...."ypos".."217"...."wide".."160"...."tall".."50"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."7"...."leftText".."#GameUI_LOW"...."rightText".."#GameUI_HIGH"...}..."Resolution"...{...."ControlName".."ComboBox"...."fieldName".."Resolution"...."xpos".."248"...."ypos".."52"...."wide".."160"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."textHidden".."0"...."editable".."0"...."maxchars".."-1"...}..."AspectRatio"...{...."ControlName".."ComboBox".

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\OptionsSubVoice.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4960
Entropy (8bit):	4.455856346467395
Encrypted:	false
SSDEEP:	96:bze5eQCRiJaohQt2aLlGzumGWGCG/+/Qf:/c/C6aohQtD5GSmGWGCG/+/M
MD5:	0F3F22ACD589D4508810B0BB763DF1D9
SHA1:	AE4471AF143A763F4F195DACA20323E1132C3E72
SHA-256:	C150F1896DACB5F37B5CF42157ECC7F2860E81B79611D7B27DE0EC56F26FFC0C
SHA-512:	796C9A4A6170733F436442CF2AA048CD19151E343BE768A8DD164E226E79A309960BA84DA899DEBB637F6D5A1ADC36136E45DCB2BD10CF000565BE65B211D985
Malicious:	false
Preview:	"Resource\OptionsSubVoice.res"..{..."MicMeter"...{...."ControlName".."ImagePanel"...."fieldName".."MicMeter"...."xpos"..."40"...."ypos"..."148"...."wide"..."158"...."tall"..."32"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."image"..."resource/mic_meter_dead"...."image2".."resource/mic_meter_live"...."barCount".."19"...."barSpacing".."8"...}..."MicMeter2"...{...."ControlName".."ImagePanel"...."fieldName".."MicMeter"...."xpos"..."40"...."ypos"..."148"...."wide"..."158"...."tall"..."32"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."image".."resource/mic_meter_live"...."barCount".."19"...."barSpacing".."8"...}..."VoiceReceive"...{...."ControlName".."CCvarSlider"...."fieldName".."VoiceReceive"...."xpos".."246"...."ypos".."94"...."wide".."160"...."tall".."42"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."3"...."leftText"..""...."

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\PlayerListDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1761
Entropy (8bit):	4.463750924770407
Encrypted:	false
SSDEEP:	24:fVH9q4mxIrcLTsi9/FSxZBSQLTEZKN7uKSOE/SLT1L0jR:fVdq4Rc/siy/ArBk/id
MD5:	35297D11CB01B2484F096B91760E265E
SHA1:	07189F1A7EF93E3B324282C7AB6B720514CA776F
SHA-256:	B2B9286B3C2CEED9F58172C44C5B089F56106E9EC70AD0B96BC3F92BCA974880
SHA-512:	414934FC37E0469F6BBC6E4645F703AFC2152245541CDB4E9CC1C23996E2744B8653320D924DBC92F034B250271F7DC5A87CCC6089C3205D396BBE37A1F67E23
Malicious:	false
Preview:	"Resource/PlayerListDialog.res"..{..."PlayerListDialog"...{...."ControlName".."CPlayerListDialog"...."fieldName".."PlayerListDialog"...."xpos".."168"...."ypos".."55"...."wide".."467"...."tall".."388"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."settitlebarvisible".."1"...}..."AddFriendButton"...{...."ControlName".."Button"...."fieldName".."AddFriendButton"...."xpos".."28"...."ypos".."326"...."wide".."136"...."tall".."24"...."autoResize".."0"...."pinCorner".."2"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."#GameUI_AddToFriendsList"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."Command".."AddFriend"...."Default".."0"...}..."MuteButton"...{...."ControlName".."Button"...."fieldName".."MuteButton"...."xpos".."173"...."ypos".."326"...."wide".."144"...."tall".."24"...."autoResize".."0"...."pinCorner".."2"...."visible".."1"...."enabled".."1"...."tabPosition".."3"...."labelText".."#G

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\SaveGameDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1917
Entropy (8bit):	4.418563470202563
Encrypted:	false
SSDEEP:	24:xWcQOQGgQCJbiGrLSO7M2LT7qXNl41AhLTaU2MIeSi7EnVuTGW:xWzlGgQ4iV2/7+fh/T2teSi2uTGW
MD5:	97EFAEDFE10102DC059742878AA19C1A
SHA1:	E6F71FB4A2F78144348177EC1ED447D48322D852
SHA-256:	2123838A78FA284B7E49A5B12CCD1B759ADB260E612A39729E21CB67FB131FEB
SHA-512:	60E0D3B7F0503D8272E65A9081D75845BF056D273E7FE8B33D80009B90E5998D081A1D473DE45FF972ED474314FCEF4E2747A3BB372F15DDD172F9CC96B42E12
Malicious:	false
Preview:	"Resource\SaveGameDialog.res"..{..."SaveGameDialog"...{...."ControlName".."Frame"...."fieldName".."SaveGameDialog"...."xpos".."152"...."ypos".."142"...."wide".."508"...."tall".."414"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."HelpText"...{...."ControlName".."Label"...."fieldName".."HelpText"...."xpos".."20"...."ypos".."30"...."wide".."470"...."tall".."50"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."labelText".."#GameUI_SaveGameHelp"...."textAlignment".."west"...."dulltext".."1"...."brighttext".."0"...."wrap"..."1"...}..."Save"...{...."ControlName".."Button"...."fieldName".."Save"...."xpos".."282"...."ypos".."378"...."wide".."102"...."tall".."24"...."autoResize".."0"...."pinCorner".."3"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."labelText".."#GameUI_Save"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."command".."Save"...."de

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\UI\MOTD.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.3923866020738105
Encrypted:	false
SSDEEP:	24:R3WHpsjyYAn8YkLT/6uBEbM+tRfkI9QysV+U:lWHGjykD//aM+399Q/n
MD5:	AB66A64FE3CB6385F14BA248AEEEF13B
SHA1:	C199E7A7B392B5C43ADD2C3D609A7B4F8E5C684F
SHA-256:	6D6EC6F91414DA760067CFC356756C71DB99782F206EBE8FA36B90E835A1B4BD
SHA-512:	9E86B960FA429D13241B2236FCC15878C930395FA47F2A30F4B1F0E9BD98D1740A144CB6A23BD9E7F4880D4C5979D8A4EE5386CB2C96025BF22A2B609240AE9B
Malicious:	false
Preview:	"Resource/UI/MOTD.res"..{..."ClientMOTD"...{...."ControlName".."Frame"...."fieldName".."ClientMOTD"...."xpos".."50"...."ypos".."10"...."wide".."552"...."tall".."448"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."SysMenu"...{...."ControlName".."Menu"...."fieldName".."SysMenu"...."xpos".."0"...."ypos".."0"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."Message"...{...."ControlName".."TextEntry"...."fieldName".."Message"...."xpos".."11"...."ypos".."34"...."wide".."532"...."tall".."365"...."autoResize".."3"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."textHidden".."0"...."editable".."0"...."maxchars".."-1"...."NumericInputOnly".."0"...}..."ok"...{...."ControlName".."Button"...."fieldName".."ok"...."xpos".."12"...."ypos".."408"...."wide".."70"...."tall".."30"...."autoResize".."0"...."pinCorner".."2"...."vi

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\UI\ScoreBoard.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1098
Entropy (8bit):	4.3695348261602485
Encrypted:	false
SSDEEP:	12:IEFJW2QgLxIz/68LQfAnmLQf4kkX7LHz/64LoLHylYHLsdHm5kQQmyUzP+:nFJpLxs/tYAn8YkLT/DoLS+4pNoW
MD5:	2101249DF0B1D7E86C985FD41FA5A035
SHA1:	CA69910A33F88EB331616999F8980C7F1BA11DB3
SHA-256:	4125FEF79809409B11CD97877AFA6F5C9015E501B5EBFD85BFF823103DADC357
SHA-512:	5092E67C304A91AB34EA3C3CC8F8C5AA0527AA9B1D79720A4BEF76550FFECB43BA72CEB25BA2B39A2FE134361A1745D010AF45CB2AAC01BE58FA26239D6D7B86
Malicious:	false
Preview:	"Resource/UI/ScoreBoard.res"..{..."ClientScoreBoard"...{...."ControlName".."CClientScoreBoardDialog"...."fieldName".."ClientScoreBoard"...."xpos".."63"...."ypos".."42"...."wide".."512"...."tall".."405"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."SysMenu"...{...."ControlName".."Menu"...."fieldName".."SysMenu"...."xpos".."0"...."ypos".."0"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."ServerName"...{...."ControlName".."Label"...."fieldName".."ServerName"...."xpos".."3"...."ypos".."3"...."wide".."250"...."tall".."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."labelText"..""...."textAlignment".."west"...."dulltext".."0"...."brighttext"."1"...}..."PlayerList"...{...."ControlName".."SectionedListPanel"...."fieldName".."PlayerList"...."xpos".."0"...."ypos".."30"...."wide".."512"...."tall".."375"...."autoR

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\UI\TextWindow.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1233
Entropy (8bit):	4.385421936870558
Encrypted:	false
SSDEEP:	24:6YgEaZYZ8YLB57uHdQgz2QlTWTgbsLQCV4SU:6rEaZPKB5azC65ssCSV
MD5:	19B5E9B4AD00CCD1547D99A2FDE9D6E9
SHA1:	FB2E2E193551292FA38D9DF109DCB62E88BA562D
SHA-256:	CEC75CCAA0DCC777903BFFAD409ABCD7CD7424A4EDD609574FD6B0AC74B5798A
SHA-512:	40623B23F29F95F3C3D9A8BC668FA0FAE25C92A22CD0DD8E57D99C75EB6167BEBBBA84A40F24BF9CBFF31F8D12325D4384E5B01D52DD96D9E6605229442B0189
Malicious:	false
Preview:	"Resource/UI/TextWindow.res"..{..."VGUITextWindow"...{...."ControlName"."Frame"...."fieldName".."VGUITextWindow"...."xpos"..."0"...."ypos"..."0"...."wide"..."640"...."tall"..."480"...."autoResize"."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition"."0"...}..."SysMenu"...{...."ControlName"."Menu"...."fieldName".."SysMenu"...."xpos"..."0"...."ypos"..."0"...."wide"..."64"...."tall"..."24"...."autoResize"."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition"."0"...}..."Message"...{...."ControlName".."TextEntry"...."fieldName"..."Message"...."xpos"...."170"...."ypos"...."90"...."wide"...."300"...."tall"...."300"...."autoResize".."3"...."pinCorner"..."0"...."visible"..."1"...."enabled"..."1"...."tabPosition".."0"...."textHidden".."0"...."editable"..."0"...."maxchars"..."-1"...."NumericInputOnly"."0"...}..."ok"...{...."ControlName"."Button"...."fieldName".."ok"...."xpos"..."170"...."ypos"..."410"...."wide"..."70"...."tall"..."30"...."autoResize"

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\ValveCDKeyEntryDialog.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3267
Entropy (8bit):	4.423806291529126
Encrypted:	false
SSDEEP:	48:TBU6HykD//S/cVXur/rtL/wwt/mMw/pl/Z+/FEM5ze:T+6/S0VXurzVosKL4tEM5y
MD5:	DA1CE4BB11866741E3C54616E5A9F074
SHA1:	6F77D338E786D7B11783BA84108338E2ECA6D9FF
SHA-256:	D17371C392AD0D55F2B956917DEF495B468D22DCB50851D0415914C54357959F
SHA-512:	849361ECF71E76F3CD50482F45EEEB0A50C17289FD29B76C033EB317EA1B9B4B0E1B18F1EAFDDEE21A6A61EA7E67F04B1BB6D63092017D294824F42DD57FEAA1
Malicious:	false
Preview:	"Resource/ValveCDKeyEntryDialog.res"..{..."CDKeyEntryDialog"...{...."ControlName".."CCDKeyEntryDialog"...."fieldName".."CDKeyEntryDialog"...."xpos".."300"...."ypos".."202"...."wide".."392"...."tall".."192"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...}..."SysMenu"...{...."ControlName".."Menu"...."fieldName".."SysMenu"...."xpos".."0"...."ypos".."0"...."wide".."64"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."0"...."enabled".."1"...."tabPosition".."0"...}..."OKButton"...{...."ControlName".."Button"...."fieldName".."OKButton"...."xpos".."196"...."ypos".."148"...."wide".."84"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."0"...."tabPosition".."6"...."labelText".."#GameUI_OK"...."textAlignment".."west"...."dulltext".."0"...."brighttext".."0"...."command".."OK"...."Default".."1"...}..."CancelButton"...{...."ControlName".."Button"...."fieldName".."CancelButton"...."xpo

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\gameui_english.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	23008
Entropy (8bit):	3.534924980015912
Encrypted:	false
SSDEEP:	192:1nuIRpqcBaXaNaoaAaBahg7pt3ExQ6alX2xM3o76oaEFvLmDJpbT1fBi4s7oCQ1L:1nuUpyKQV98hg7z3Exy6MqzmD1pi4/TL
MD5:	DD7E903C5A4C8307B56D4DF358AE345F
SHA1:	4591BC60E479589B27173D7E2B6B20417F337FE5
SHA-256:	FDCE09B1CE13BBA169815083AA9140C0D3706189E6A8A185AABEBAFCF885C7DA
SHA-512:	6F8BF774EDD5F0786B8EAC6174D600ED2DC8C56CA560CD50ACB39C6319C7AD0537D578A9F4FF7FFBB5E09426B90B715C7419EAEA8DAFA6E451D8D4B670EF7226
Malicious:	false
Preview:	..".l.a.n.g.". .....{. .....".L.a.n.g.u.a.g.e.". .".E.n.g.l.i.s.h.". .....".T.o.k.e.n.s.". .....{. .....".G.a.m.e.U.I._.R.e.v.e.r.s.e.M.o.u.s.e.". .....".R.e.v.e.r.s.e. .m.o.u.s.e.".....".G.a.m.e.U.I._.R.e.v.e.r.s.e.M.o.u.s.e.L.a.b.e.l."...".R.e.v.e.r.s.e. .m.o.u.s.e. .u.p.-.d.o.w.n. .a.x.i.s.".....".G.a.m.e.U.I._.M.o.u.s.e.L.o.o.k.". .....".M.o.u.s.e. .l.o.o.k.".....".G.a.m.e.U.I._.M.o.u.s.e.L.o.o.k.L.a.b.e.l.".....".U.s.e. .t.h.e. .m.o.u.s.e. .t.o. .l.o.o.k. .a.r.o.u.n.d.".....".G.a.m.e.U.I._.M.o.u.s.e.F.i.l.t.e.r.". .....".M.o.u.s.e. .f.i.l.t.e.r.".....".G.a.m.e.U.I._.M.o.u.s.e.F.i.l.t.e.r.L.a.b.e.l."...".S.m.o.o.t.h. .o.u.t. .m.o.u.s.e. .m.o.v.e.m.e.n.t.".....".G.a.m.e.U.I._.M.o.u.s.e.S.e.n.s.i.t.i.v.i.t.y."...".M.o.u.s.e. .s.e.n.s.i.t.i.v.i.t.y.".....".G.a.m.e.U.I._.J.o.y.s.t.i.c.k.". .....".J.o.y.s.t.i.c.k.".....".G.a.m.e.U.I._.J.o.y.s.t.i.c.k.L.a.b.e.l.".....".E.n.a.b.l.e. .t.h.e. .j.o.y.s.t.i.c.k.".....".G.a.m.e.U.I._.J.o.y.s.t.i.c.k.L.o.o.k.".....".J.o.y.s.t.i.c.k. .l.o.o.k.".

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\icon_vac.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 64 x 64 x 32 - 8-bit alpha - author " " - comment " " - job " " - Paint Shop Pro 12.80
Category:	dropped
Size (bytes):	16923
Entropy (8bit):	1.7383860188119575
Encrypted:	false
SSDEEP:	48:feH1yNHNCfvQW6Z1n4GP3RJD4Hw+87LtO:fO1SNCf36Hn4WJL+0O
MD5:	6B6188262B1412923046C0F18099784F
SHA1:	B179AB2F81CC94432A33B7B7F9EA729C7F1D3A4F
SHA-256:	8D2230289EAC31EEDB53C68CAF115C8F505901D38FA01ACE2B3761BE4C27351E
SHA-512:	9DC9240E47C362DA458E7047C2A4AC5DEE01E8BF116E56EE35D509AFA8508D29877639677BF40F10988256EBBD0D18B80815CE21A747A254A79ADC93037EA352
Malicious:	false
Preview:	............@.@. .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\mic_meter_dead.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 158 x 32 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	20268
Entropy (8bit):	3.8868409036234364
Encrypted:	false
SSDEEP:	384:8n53n53n53n53n53n53n53n53n53n53n53n5N:opppppppppppN
MD5:	A6598FD8C6A009A4A6BA4EFCFBEBD4C6
SHA1:	17727BBE557307C20873B1A9E72F2BC82C224D58
SHA-256:	95E7E68E71443E08088475A91ACFB0E9C065B4B7683C5B9E9177097B203052FC
SHA-512:	336B31A8A158B794B3E22F1A6929227B36394CDD44F70CCE0E0A0F869BE2DA90F44F648FF85F2FBA469C54E55902B30E24878FF039F9487AE7D98E3C9D9D2D28
Malicious:	false
Preview:	.............. . .DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DX

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\mic_meter_live.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 158 x 32 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	20268
Entropy (8bit):	4.080756492753782
Encrypted:	false
SSDEEP:	96:jbbbPZqPTypEzypEzypEzypEzypEzypEzypEzypEzypEzypEzPZqPTbbbq:HZ2G3333333330Z2C
MD5:	8705BA060C4BF2CF21728A71A910B45C
SHA1:	39365C55D7817A06D8551F16E0AABE84DFA1C9F4
SHA-256:	38E9B353145A885E23443275AEB5250E2533403DDCA7761426C683E343BA4EAE
SHA-512:	68BDF3DA2B1D6A7B724842630612F81550673C1B8526ECC3134698EAE387DC090CD41F21F1FD11F70208C7B22D8815DD82B5CDE4CA30A101FAB3F81A1F8A3C90
Malicious:	false
Preview:	.............. . .DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DXL.DX

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\refreshlogin.res

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3445
Entropy (8bit):	4.472831400932948
Encrypted:	false
SSDEEP:	48:qGILA8/cg7Y/myHo/eQEnZ7bEl/KE9/5/FXe/oH:qG4A809BoWQEn5ElyE9htXeU
MD5:	46FCE9EE6E11A8AAB95D8744EB97AD30
SHA1:	AC302413FD329682543BDCC6232F29EC7640006E
SHA-256:	EEC6E958FB21ABDEBB15FFEB8DA0F2C0175912E73C8DB56DEB7514888E63A73C
SHA-512:	A1E037C9603B36A4A9078086D46225DFA6E18F994759597780C1DF7BF1262F431716660F76484DFCA892BF8B957D607539BA5E0C22725C579A8B9F754273B98B
Malicious:	false
Preview:	"Resource/RefreshLogin.res"..{..."RefreshSteamLogin"...{...."ControlName".."CRefreshSteamLogin"...."fieldName".."RefreshSteamLogin"...."xpos".."460"...."ypos".."400"...."wide".."360"...."tall".."230"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."0"...."settitlebarvisible".."1"...."Title".."#GameUI_RefreshLogin"...}..."UserName"...{...."ControlName".."TextEntry"...."fieldName".."username"...."xpos".."113"...."ypos".."94"...."wide".."200"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."0"...."tabPosition".."1"...."textHidden".."0"...."editable".."0"...."maxchars".."-1"...."NumericInputOnly".."0"...."unicode".."0"...}..."password"...{...."ControlName".."TextEntry"...."fieldName".."password"...."xpos".."113"...."ypos".."126"...."wide".."200"...."tall".."24"...."autoResize".."0"...."pinCorner".."0"...."visible".."1"...."enabled".."1"...."tabPosition".."2"...."textHidden".."1"...."editable".."1"...."m

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\steam_menu.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 196 x 32 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	25132
Entropy (8bit):	1.8044872451087883
Encrypted:	false
SSDEEP:	48:GRBi7niST23qdFCa1/ZJmhE/UbeSsklOfXId81IP04xcr:GRBiTiSq3qKarJmO+iklOfXI8IP04Gr
MD5:	39355EA51FC0783FC75B7CEEE05497E1
SHA1:	918EBC10F94668A8FF149B4627C6920B0F388096
SHA-256:	71C7A53873699E102FDDC49102C76C8773F29E7F8CC97A317B7314FCC2BA7FD2
SHA-512:	4685521D5780E62EB94650FB31A3EE8B35428638DB1B7C62C5C2A5B4F6149C7F380727A12E3F99D057A6EEAED2CA2972564CC4BD4BB6639D4C629A357C154C76
Malicious:	false
Preview:	.............. . ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................9"""=... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\steam_menu_mouseover.tga

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Targa image data - RGBA 196 x 32 x 32 - 8-bit alpha
Category:	dropped
Size (bytes):	25132
Entropy (8bit):	1.7366182414227826
Encrypted:	false
SSDEEP:	48:U7lqqdb/ULnc/QGaltGf7CPEQW2Q7+rSMbd7VqOfXc/jGIx/gLbxF3y1:xbc3a2G7Wpod7UOfXcyIx/Gg
MD5:	5CA5471B6D01DF77F1D98403F00FC9BF
SHA1:	C05972D02D6E0A75D7A709AA71A220CDF1BBE484
SHA-256:	B25AD9C31FE119B44B159C7DC89A083B8457FB23E8E3864EA8F2EC31CB13E77C
SHA-512:	B687B528B46668E7A69068B2D895934019B79A41DB0919C9BED500096061A7A16967422D6A683012F84A6B67C65F74742D7DCFDF669366DDE4C2A42E9946FBC0
Malicious:	false
Preview:	.............. . .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................6669;;;=... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\resource\valve_english.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	12318
Entropy (8bit):	3.60457504337949
Encrypted:	false
SSDEEP:	192:1JE3/5peMBm0YRnIO0NF5qKXgAda9r8AbObi3ilX3XSXBXKX3XiHiY16oAYjw45Q:1a3/5AM6xBlhn845Q
MD5:	2F072AC18ADC2DDA29B3543E7172F5B8
SHA1:	AE9C86117A06C22E5BCA7C30961866AA3F721DF1
SHA-256:	B0A18A990B7877C9A92A69B3E77B86F0DF154BAF08F18B9285571108AAE87C97
SHA-512:	134C7FF475791B4E7518787F2AA544F86E3365250F83D2C4DEADD8579D001118B62B8206EF61B65DAF18331E506BA392A489A4781ED224C844C9E19B6AB46D99
Malicious:	false
Preview:	..".l.a.n.g.". .....{. .....".L.a.n.g.u.a.g.e.". .".E.n.g.l.i.s.h.". .....".T.o.k.e.n.s.". .....{. .....".V.a.l.v.e._.L.i.s.t.e.n._.M.a.p.N.a.m.e.".......".M.a.p.".....".V.a.l.v.e._.M.o.v.e.m.e.n.t._.T.i.t.l.e.".......".M.O.V.E.M.E.N.T.".....".V.a.l.v.e._.M.o.v.e._.F.o.r.w.a.r.d.".......".M.o.v.e. .f.o.r.w.a.r.d.".....".V.a.l.v.e._.M.o.v.e._.B.a.c.k.".......".M.o.v.e. .b.a.c.k.".....".V.a.l.v.e._.T.u.r.n._.L.e.f.t.".......".T.u.r.n. .l.e.f.t.".....".V.a.l.v.e._.T.u.r.n._.R.i.g.h.t.".......".T.u.r.n. .r.i.g.h.t.".....".V.a.l.v.e._.M.o.v.e._.L.e.f.t.".......".M.o.v.e. .l.e.f.t. .(.s.t.r.a.f.e.).".....".V.a.l.v.e._.M.o.v.e._.R.i.g.h.t.".......".M.o.v.e. .r.i.g.h.t. .(.s.t.r.a.f.e.).".....".V.a.l.v.e._.J.u.m.p.".........".J.u.m.p.".....".V.a.l.v.e._.D.u.c.k.".........".D.u.c.k.".....".V.a.l.v.e._.S.w.i.m._.U.p.".........".S.w.i.m. .u.p.".....".V.a.l.v.e._.S.w.i.m._.D.o.w.n.".......".S.w.i.m. .d.o.w.n.".....".V.a.l.v.e._.L.o.o.k._.U.p.".........".L.o.o.k. .u.p.".....".V.a.l.v.e._.L.o.o.k._.

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\ambience\drips.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	80712
Entropy (8bit):	3.553517027357157
Encrypted:	false
SSDEEP:	1536:LTuzQzrP9WHPQZ+0+kitEjceQtg91K+N0WFJ5/UpBHbGeQfOLaSjYLS0CMSaBVX:kX+J6Yj
MD5:	AA851F7C47EDF25A1C4D2141E0EC10A1
SHA1:	5871186A7DB94BB8ACD17C7AD0153EB26173842A
SHA-256:	96F7890D2FEA2F1F6443D0E75BB6084F39931E7C5399A6E75787DEC4EABA5033
SHA-512:	4B2F7C815C50E56D8F0BE9597261108EFEA7274F03C0056F9DD39D67A44BA650CA639344564E1DA46B559F88ABAA5983C50574D2F0A820910C66F7B1781FFB06
Malicious:	false
Preview:	RIFF@;..WAVEfmt .........+...+........data.:..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~}~.~.....x.i`]K\n\|.......U5...)O\|.......uT=%."'Fg........qUKC@K[`lv.........r^M?HN`}........tjfmu\|......\|qcRVYgy.......v_OGCK`l........ykZQKHRat.........tc^QVdl........{k]POXclw.........vojgligpmv.........wlecels}.............\|{uyuw}yxsqv\|........{uvvz}.....}x~........xmecdjt.........yqnjiikow~.........yra^cco}........xmggkov{......

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\ambience\flies.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	96774
Entropy (8bit):	2.7916977102019276
Encrypted:	false
SSDEEP:	1536:x/H95IKPA/6//Lq8XdPX7sbJAhc+srs/WLizY+QNYRHeFxBZ1hOTtaDW3bz6Lx4U:VSqH39e
MD5:	7FF7BF6E027EA0E398DBA68BA200D20D
SHA1:	2EB742B061EF1DDE55FE15F805C1BE29DC57DB2B
SHA-256:	3D1C77166C7F894850A3B0314907591123B67EF14741E3FB84F13B6CEF8F3CAC
SHA-512:	0A79047C84035511F4CB589F9DC06DA1F7A69D31AEB62AEABC4EE9FE93467AE72D7075B82E787E04B0351CB9796CE7EA9ADEAFA46D93076FF8790F5885794203
Malicious:	false
Preview:	RIFF.y..WAVEfmt .........+...+........data.y...~.................................................~~}}}.......................................~~~}}}}~......................~~.......~~......~~~~~}~......................~~.......~.......~~~~~}}}....................~~~.......~.......~~~~}\|\|}.....................~}~......~~.....~.~.~~}\|\|~...................~~}~.....~~......~...~~}\|}~...................~}}}......~..........~~~}}~....................~~}~.....~~~........~~~~~}~...................~~}}~~......~.........~}}~~~....................~.~~~~......~~........~~~~~~...............~.~~~~~~~~~.............~~~~...................~.~~~~~~~~~~............~.~.......................~~~.~~~~~....~~~..............................~~~~~~~~~~....~~~~......................~~...............~.~}~.~......................~...........~..~~~~~.~~.....................~.~~..........~..~}~~}~~.~~....................~~.............~~}~}}.~~~....................~~.............~~~~~}~.........................~~..

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\ambience\quail1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2960
Entropy (8bit):	6.706048116084662
Encrypted:	false
SSDEEP:	48:YPVtme1PjYC1p/KAQ19HPka9lCr5cwCEvKYAZItK/Wkj1Sec30C/TL8lDEvFLPC:YPfL1rYM1KAqjir5c/EvKYmIJec30blx
MD5:	DB8AB329165E9BF3D9BE3981D2900E28
SHA1:	E8701482FCCF09AAA10BAB8F8E0798B8ABA16BB2
SHA-256:	70BA2C82AE607D5413F2415B5895F283264513E19EFAAEE9F502322F68E9DBD9
SHA-512:	0BFCA1FDA4E898C1F10B09311DD736C656E612FBC11B8B6D7F2416B1B63239A0F5F57C45C166CB6309EA626B406E431DC4AFFCA73A08C22D44D6022AC208B698
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data.................}}...~\|~...}\|....{z...\|x\|...xr...yiu...aj..._^...`V...eQz..jNr..nEj..s?`..y:W..9P..;J..>I..EJ..HE..E?..D:..F8..J6..M7..R:..W=\|.Z6v.\0o.a*j..b)g..g-c..n4a..t:_..z:X..\|3T..}2Q..5M..7I..:E..@D..ID..K9..P2{.Y.q.e1g..o8c..v@a..zGb..~I^...DV...BM..EG..NG...ZL...cP}..hSz..lNt..oNn..vOh...Tc...\a...ec...le...tdw..{dp...gj...ke...qbx..ycr...gn...mh...rez..zfr...ko...sp...{tz...xy...\|{....~{{...zw}..~tw...ur...{qy...sv...vt...yw~..\|z...z}..\|v}..}qw...rt...vs...zrz...su...yu...}y~...~..}~...}\|...}y~...vy...xv...}w\|...{{.....}\|....zz...zw...~rx...tr...yr\|...vz...{{...\|...}\|...xz...tw...ws}..~ru...uq...zu\|...xz...zw...\|\|...\|~..\|z...{v\|..}tx...wx...zw~..~x{...\|}.......}~...zy...yv~..}wz...wu...\|tz...xw...~{{....\|z~...{\|...}z}...{z~..~xz...{z....\|{....\|}....\|\|...}y~...yz...}xz...yv~..~vy...zx...~z}...}{~...}y\|...xw...\|v{...yv}..~uz...xx...\|uz...tr...wp{...su...yrz...uw...xu...\|w{...{x\|...zw~...vx...zt}..\|ry...qw...rr..

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\ambience\wind2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	109614
Entropy (8bit):	5.394245415400979
Encrypted:	false
SSDEEP:	3072:v6vhOBwTZzMFFbrwWXdmV0g9Fyt1FbxRwC:m0BUqFXwWXdg0gry7/
MD5:	A93F88CF18F39F0DCD01CE2E8F63CB86
SHA1:	A1FEA028F1B514F900FFB45C83665F5B66E7E4B2
SHA-256:	76B48EE8367348193315927E5A33CF7C63C8AE0DA15420B5150CC0169F04AC96
SHA-512:	4CFF6C6C50D40DD2D6C811D587C6CBC6ACF9BACBDA805DF101C980748D97EFCF67620E31A59F02E8A2E697EC403ADCF013C8BA97B35F4954C6EE9C32B1757D48
Malicious:	false
Preview:	RIFF&...WAVEfmt .........+...+........data<.......~{wtttw{}....zttx~.{tomnrx}...........}vrssvy\|}}{{{~...........\|xsmghjouy{ytqqsx...~{\|.....zxy{~...}ywvvxwtnhbadhloqrporuwy}..~~...{ywwsmhhjosw{\|\|xxxxyy{.......\|xtpkghiotwyyz}....}ywwz{zy{.............{vrstrnkmqv{}..~\|xuuuwxyzzwsqpsz..}wrommnoqtv{....\|\|}}}zslilsy\|\|~..~~...............................\|xroorvusqqprsponpx....\|xustuvvvvxwuy~.........{wvwy}......{{~....}{{~..zwwx~...}xu\|.......{vrsuwurqt\|..~zvw{......yttx}...\|xvz........\|xtqolkkqy...tieeghimsy{~..\|xx\|.....{wqlikmorvxvtommsxxvronlmrvz}~~.....{vw}....}\|{}\|vplou{....}xyzz{{{{}\|\|{xurmlqw......wrqpnootvwxwsrqnlkjjjhhhlrvww{~~}vrqv{yutuvwz......\|{z\|~}zxuuy........\|ywssw}............\|{}...}{z\|~~}xpidaagpstsqu{~{ww\|....}wqnoruz............{tmms{.~zy\|~.}\|{zy{}....\|z\|...\|wtttpmmqwzzwsnloomgbcjsxyvqpqw{~.\|xvwxvqnnnstlggipx\|{\|}........~\|}......~\|.........~\|ywx...}zxxwurrsstx.......{yxvz\|\|ztwz\|.......yw{}}zvssvwwxxuttx}}smiilpsx}.}{xyzywxxtopruwy{\|{zyvtstspnnsx{\|}}~.\|yutuw}...~ysot\|.....

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\ambience\wren1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	12598
Entropy (8bit):	5.309280180388547
Encrypted:	false
SSDEEP:	192:KVYi33Au0hWAlyjwg691qxcVF7Jk8HvcmDVF7Jk8Hvcm7m4m8dma:KVYi33j4XCx4F7QmRF7QmCQma
MD5:	62E82E971A1E012E7E3E95D8E007ACED
SHA1:	CAEFBD5C10914172B507C9B64EA5B624386059B3
SHA-256:	EA3191B614BA63F92643581522C740DFB2ABB81602DE723B7D21C4A824EF4B63
SHA-512:	90D37D5097917DB413D059670DDDF24DC019BB469785B5EC93B2E105E5FCD5DE69B6F5CD5DF523857C258D965EB8AAEBBB8B6F253CD8A76B811B09A2EC9764C5
Malicious:	false
Preview:	RIFF.1..WAVEfmt .........+...+......data.0....................................................................................................................................................~..........~................................................................................................~....~..~.....................~..~....~..~.~..~.~..}..~.~..~.~..}..~.~..~.~..~....~....~....~....~....~..~.~..~.~..~.~..~.~..~.~..~.~..}.~..}.~..}....}..~.}..~.}..}.~..}.~..}....}..~.}..~.}..}.~..}.~..}..~.}..~.}..}.}..}.~..\|..~.\|..}.}..\|.}..\|..~.\|..}.}..\|.~..\|..~.\|..\|.}..\|.~~.{..}.\|..\|.}..\|..}.\|..\|.}..\|.~~.\|..}.}..\|.~..\|..}.\|..\|.}..\|.~~.\|..}.\|..\|.}..{.~~.{..\|.\|..{.}..z.~}.{..{.\|..z.~}.z..\|.{..{.}..z.~}.z..\|.{..{.\|..z.~~.z..}.{..}.{..\|.{..{.{..z.\|..y.~}.y..{.{..{.\|..{.\|..\|.\|..}.{..}.z..\|.z..\|.z..{.z..{.{..\|.\|..}.{..}.{..~.{.~..{.}..\|.\|..}.\|..~.\|.}..\|.\|..}.\|.~~.\|.}..}.\|.~..\|.}..\|.{..}.{.~~.{.}..{.\|..}.{.~..\|.}..~.\|.~..}.}....}.}....}.}..~.\|.~..\|.}..~.}.~..~.~.~....~.~....~.}....~.~....~.~......

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\common\npc_step1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	3064
Entropy (8bit):	2.861354706220911
Encrypted:	false
SSDEEP:	48:LC8AgQGAFa0wDjzk8hrK3H4ueGOElSxftC:Mgh0KjzvNmYuJ1
MD5:	A1C457C78E14EA6E2CB9971A3FFC1771
SHA1:	BC498D5363C7A931F7DBD0D377639ED5353E3EC0
SHA-256:	C4A2E74827CDAE345D21101A11827A5E33E93EB7C997E4D9647A8063FCEDE455
SHA-512:	42A90D867D5C72DADD55888796ECB48FDE86F857EC1444BD782908766A38714A053B9CC711B3327040349E0BA85A6431F77765628BB2FABBCD41F6B184B8C064
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......datay..............................................................~{wqgcdZZck{.................tortvqjjl_mjWYNVPJOUPUdu........................lsxno\..hut..i..\|.\|y.zv{.ts..~u...~\|..l{~zu.............vx.\|....}.......s.yprt~wwuw\|.x............}~~xy\|xxwtvsswywtuvxyzy\|.\|\|}....~{{}............................................~}.....}~......~}..~\|\|.............~\|\|}{}~}}\|..\|\|}..........~}..~\|}..~...}zz\|x{}}}.~~.....~y\|....\|..~.~.~.............~~~.}zt.t\|.y..\|}.~.}....................~~..{{~\|.~..........}....~......~............~..................~}~~}}}\|\|\|}}}}~~~}~~~...............................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\common\npc_step2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2556
Entropy (8bit):	3.396128999476401
Encrypted:	false
SSDEEP:	24:Egm2KURR8hOypdeei2wnfeGgrLvhhumTmlRqwjNxVn2z+IiTPmJKKq/0PxSz88hL:HbRqhHeeiVnA/wDJFnqbwOgwxSJaC2C
MD5:	4AFFB6028DF65065E2A155284E1208D6
SHA1:	85C82E7554BC0138FECCB08B9939EEA6FFD0E061
SHA-256:	CEBE3203A7B5F305096557125293E7C27469E8344A2A25A89258537C48DEFA6F
SHA-512:	F5E7FCCA1697BAED580C73029BA590E2EC3F82B1741213B77A58AD26E4EB4AF4B1BB9F8A6F452F58CAB3BB5E45048A44309CC2096A315C7B6E70CE1F2AE64CC6
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data~............................}yqmme\_gqy~...................}woghbga__bZUSYWSX]_^jlmuw.........................}xy{nnj\|ufv~{umx.vp..z...o....z..zu..u...x.......~\|..m...{..vt.....sny}~..\|..{.\|.....y.{vrY`pUfl`u.ys...............~\|y{uswvtpmkkjpspwy{...~{xxzz\|}}.~...................}\|z{y\|.~~............................~~..}}~z~{z}}z\|{\|{\|{\|}.............}~}{y{\|z}{yz{\|yyzz\|z\|{{\|{\|}\|{.......}...}.....~...~~}...~...~.~.~...................................~~}}}\|}}}}}}~..~............................................~~...~~~~~~...........................................................................................................~...................................................................................................................................................................................................................~.....................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\common\npc_step3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2344
Entropy (8bit):	3.753802813670383
Encrypted:	false
SSDEEP:	48:tMiLaAQVyoi0xmf+Bx1ke2AX2a1vp3NORCQQkC:tIyo5gf+B8OfvVNOw
MD5:	850551B8B9EC1D45AF40797B82D77642
SHA1:	651054540A5F54D974B7130DA6307EBCBFDF2A1E
SHA-256:	81F85CD032A3DFE1570C2A3854CEEE389FA1215F63B8C1A052A6906D0F3F37D0
SHA-512:	0E7AD323869F76CAF2F0B085A7A0C21C6912E83EE9F28999352F0D662E4556EF4379F9F7969D1E96D1EB04A72D36F4128B88225E05610E0035247BE73DEA8332
Malicious:	false
Preview:	RIFF ...WAVEfmt .........+...+......data..................................ykiiZjv.....................}xxwwwwwvz}.xv.upvtpv\|o`.wi{.uz.................}...............................................~............................................~}~~~}~~}}.}~~.....................~......................~.~.~~~....................~~}~}}~~~.~~......~....~.}~~~}}}}~~~~~~~~~}~~}~}~~~~~~~.~~.~~.~~.~~~}}}\|}\|\|{ticd[Q]aep....................xwqme_YROLFCCJJQT[dfivx...................~..vzv~wz.{~\|..........~.}..}..v..wyw.v}~v.t..{.z..............\|..}...x.\|.yvxzuxv{.~..}..~~}~\|{\|\|~\|}}\|{\|\|\|\|}.}}~~.z{z{\|y{}\|\|yz{{zyyz{~..........................}~.................................z\|{~}\|{...}}~~..~~...}~....~.}}..~{{.~}.\|~{..\|~{.~...~~..~...{\|}~..}y~~}}}~~\|{\|~~}~}....~....................~~....~..................................~~..............................................................~..................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\common\npc_step4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2948
Entropy (8bit):	3.2022004380310913
Encrypted:	false
SSDEEP:	48:fjhkZE0MHswXeZaQarfBCuED6apB5CyEvDxRU6Ga6C:rhyE/HMgprj+CyYFL
MD5:	C354B33FD4684B852812158435508DF6
SHA1:	146EE945FFE27A10733E4915C9C01F28C3BED21E
SHA-256:	BE1F82784323CDF26DF158B3D0C424B086AF8B62C664EE8D8D994266D5259801
SHA-512:	ED4534B1ABCBEE4ADC5C27967CC2FCAEC5306DD70B02DD8B29B638087239CE382C71D6C90E75CFF4E3FEF64CBDEB02F8667B13E5E93D9CF2F5ED7DFC8AE418DD
Malicious:	false
Preview:	RIFF\|...WAVEfmt .........+...+......data.....................................................xfbdlqpz..rv~.................}vupmmkookrsryzuvtuuqutpvyy\|\|{}}\|....................................~...................~}\|{{{{\|\|\|{\|\|\|}}....~.................~~~~.~~~.......~..~..~.~~..........................................................................~~.............................................................~..~~~~~~~~~~~~~.~~............................~.~~~~~~~~~~~~~~~}~~~~.~...............................................................................................................................................................................................................................................................................................................................~znflfegnvz~.....................zumjca^RWSTVTZ]UZbennqxs\|............................}{.zuuquuqrz\|w\|.x..x...}}.xx..u.~..u..z......\|.....t..f...s...t..v...wzyr.m.w.......zy~.\|x}~.}....\|.............

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\common\null.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	1.1660605679428953
Encrypted:	false
SSDEEP:	3:kh/Db3/+GlTayntwtOtYtgtutmtgtWt4twt+tgtAtXaw/tqug/LB+EJT7KD0EfXr:k5L+yTnOYGe4gewmOoe+pXlqugDBmD
MD5:	811989E09124F54CB27FE6154B0F1018
SHA1:	90C22FC3B248588E2D9759E6EF395303A86B7B60
SHA-256:	5271B9AA2961809F47FADECB693BE2EEBDE2DBED62FBC4F5F4889FCD8C4A65F8
SHA-512:	560D26FDBEC34AB687E40B8BE6144B0F586449BD3A0EAF286AB972AD60B1EB1FE002649DAACAD36039A298AD24AAE96E3531404AC2D0D7B0B47E194B8169E18B
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+........dataO.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\common\wpn_denyselect.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	3826
Entropy (8bit):	4.732459399833973
Encrypted:	false
SSDEEP:	48:Tizs9W5K3ewjbaBlAbM8Kg9xFHOdGYbipHPsPbeN7PbG3aAmPkWEPC:T+7K3ewmlAApIHOh2pHTNE+Ea
MD5:	E035F4109345A999FFC5B6BA8529235C
SHA1:	8C257A7B06A171DD1156C80CFD1754EB1B61961E
SHA-256:	D41F0B11E60E4DEBE1656573F2057BC1DC710AF689BFF70777672939B261DFB1
SHA-512:	DC029D1DBE712C338CEA33D9E0F6A7CB5CD684C8DD0AC3C0B96A9FF329042EB3A0F3D344D383FEEE9FDD9B47A3D8BE70E93816931158DC61737D5C5B515FA6AA
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......datat..............wYLIV_m....xW@X....vw....x\R[u.z[EU\|....`TYev......eG..npqsvxz\|~........................................................................}\|zzzzzzwvqnkgebaaa_^^^_^\[YVVVVXYY\^_adejmpsvy\|}.......................................................................\|ywvvwwwwwvspmjgdbba__^^^^^\[[YYYYYXXY[^adgjknqtwz}.........................................................................}\|\|\|\|\|zyvspkgdbaa_^^\\\\\[YXVVXYY[\^_abehknqtwz}.......................................................................}\|zyyyyywvtqnmjgda__^^\\\\\[\\\[[[[YYY[\_adhknqtwz\|.........................................................................}\|zzzzzwtqnjgda__^\[[Y[[[YXXXXXY[[\^_abehknsvwz\|}.......................................................................\|zyyyywwvtspkjgdba_^^\\\\\[[\[YY[[[YY[\_bdehknqvw\|}........................................................................}\|}}..\|ywvspjgb__^\[[[[Y[[[[[YXXY[\^abeghkmptwz..............................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\common\wpn_hudoff.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	5218
Entropy (8bit):	5.977640645880183
Encrypted:	false
SSDEEP:	96:WvSzQt3tnyyFzp3qOfU0a82oQ2toofIBeCun91VA:WvEQth5LMv2bgqA
MD5:	175E20E45BE96E7149D0CFC70F71AF39
SHA1:	0A1D180A8BB1C839DAF1B7CF54D52CD4D6D706F4
SHA-256:	00A16374D7851061578F284FC2CD69DFC26A31A9A684FFAE735483D9D51BF132
SHA-512:	7287608379187FA291312190FD673FB4F121414359A62A2CADB10BA20B7C6F9270F3DBBC50BC53CCC0DA24E6FE55CF83C9BEE158E6579E0441F1853599122292
Malicious:	false
Preview:	RIFFZ...WAVEfmt ........"V.."V......data........................................................................................................~...................~~....}~....~~~....~}~...~}~...~~~~~.~~~~~...~~.........................................}.....y}....xz}...zzz....\|y....~x~....y{~...}{z....}{.....}~...~{zz\|.~~{y\|...\|z{}}}{z\|~....................~~~~~............................~}}....}{....zv~....x~..{.....bu...xj~.zb...hI+...GED..mWA...k-....u.T...s.X.~g?....KB:...J]p..x.H...@h...m<d....VZ_....mMv.vN......kSu..._9h......g...mbWVUt.........xJ]qg^...y\|.......vW]cr.........}lXD[s.....gy.....hO[g..\|Js........winsvyz\|sk...sstrqv{ocksz...eHLP....qUdsmgms\|....qbSVYm...{b.........{llmgbdfx....z...}yv...............xmbr..~fOl..\|...z..{p......}ufWWWl..~iTWZgtmgv.{qh`x..p]Jv...jF`zqhc^p.......uHb}.............ooo\|................qlh.............ocX\alw.......}.....z~....\|~...jQV[_dkrg\ckz.....w`[Wm............jfckth\hu}......}}~voljihq{...........wy{pes....{{\|{z~.}wrnjgkoz......

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\common\wpn_hudon.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	14800
Entropy (8bit):	3.704469870748685
Encrypted:	false
SSDEEP:	96:HvSzQt3tnyyFzp3qOfU0a82oQ2toofIBeCun91Vhptc8JqBToS7Gptc8Jqptc8JN:HvEQth5LMv2bgqh4biSy474biSy4+
MD5:	EFFD0096B570A5559477F02C0F3962F3
SHA1:	CFFE26C7CA3630AF94682E49031C8D0A5CED2877
SHA-256:	4ECC9BD83A2AE5A393764B2C9DDBFAEDE190F84C74419EA2F5AA7B4993091E11
SHA-512:	8017B2BD555951410A4A8E77A8BF4B4FAB7206D0E68FD6C0CC2B65E0F3C65B2EEBB73E47623A45A05C5FF4A5CF23985A105F32F73238679CF05AD670CC43F380
Malicious:	false
Preview:	RIFF.9..WAVEfmt ........"V.."V......dataR9......................................................................................................~...................~~....}~....~~~....~}~...~}~...~~~~~.~~~~~...~~.........................................}.....y}....xz}...zzz....\|y....~x~....y{~...}{z....}{.....}~...~{zz\|.~~{y\|...\|z{}}}{z\|~....................~~~~~............................~}}....}{....zv~....x~..{.....bu...xj~.zb...hI+...GED..mWA...k-....u.T...s.X.~g?....KB:...J]p..x.H...@h...m<d....VZ_....mMv.vN......kSu..._9h......g...mbWVUt.........xJ]qg^...y\|.......vW]cr.........}lXD[s.....gy.....hO[g..\|Js........winsvyz\|sk...sstrqv{ocksz...eHLP....qUdsmgms\|....qbSVYm...{b.........{llmgbdfx....z...}yv...............xmbr..~fOl..\|...z..{p......}ufWWWl..~iTWZgtmgv.{qh`x..p]Jv...jF`zqhc^p.......uHb}.............ooo\|................qlh.............ocX\alw.......}.....z~....\|~...jQV[_dkrg\ckz.....w`[Wm............jfckth\hu}......}}~voljihq{...........wy{pes....{{\|{z~.}wrnjgkoz......

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\common\wpn_moveselect.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	5040
Entropy (8bit):	2.9616853831711105
Encrypted:	false
SSDEEP:	24:j5hJ1CUd9qvGZcqrXPex5H9CZjLk0HKAR5H9CZjV5H9CZjLk0HKAR5H9CZjBmKC:rTC09q2d/i9Ihl9Ir9Ihl9ILC
MD5:	25A632724B48E77AC30452BF5DF43B9B
SHA1:	403F28B063F333D134BC96778D25478DCDEAFA14
SHA-256:	1B733551F33468F18341CF9E3F3153EE4548B39D007C3E58559B5D91B6E3916E
SHA-512:	593358FB6D1623360F3772AA89CF230A8CF3F9F2CF0C5913FF02F85038321B447AE9992CC4237925E274778A8C7B9EE9EBEB1093C7B74EF91D2CA81558EAEBC1
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data2..............................................................{iT?MZbjotwyz{\|}~...........................................vj`V^f................M......(Ea..................R.....(4d...................................~~~~}}\|{{{{{zzzzzzzzzzzzzzzzzzzz{{{{{{{{{{odYNNN..............\|nA.....#+F`.................S$... -9e.....................................~~}}}}}}\|{{{{{{{{{{{..............O...... ,7l................._0%..!&+Rx.................[)... (0`...................................~~}}\|{{{zzzzzzzzyyyyyyyyzzzzzzzzzzzz{{{{{{{{\|}}}}}}}}}~~~~~~~~...........................................................................................................................................~}}}......~}{z{\|......}zxvy{......{vtrw{......xqpov}.....~ulkku~.....{peght......yk]_`p......yfSUWk......s_KRXp.....xaZSk...~et.\|v..ykryyyuq{...kTF8Z\|......}\|{}.............................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\common\wpn_select.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	2986
Entropy (8bit):	3.13570826166179
Encrypted:	false
SSDEEP:	24:Qoif4uvgMIBpS/4ux5jYGTyD41BYpgEWdhzmKC:vbMIq5cGGACdWdhZC
MD5:	860ABA38D1A25F79A59F50D78F904313
SHA1:	00381D9082285DFEE369748466E4614B23A363FA
SHA-256:	8133FA90C7CA9E710A4D515E102342788F7D981D84FA427ADC3E55C654D0C9BA
SHA-512:	BEE2759A4DAE355A58B8F27EFA5E39BAD7AD007F04B290AFF213E00BCB72B249FFF9D1BD3A5E3D83F8C9BC716C4B1A4F917E2D24973C55902616C3EC7AAE81A9
Malicious:	false
Preview:	RIFF....WAVEfmt ........"V.."V......data,...................AEJQX`ir{.....................uk`WNG@;632248=DLU^gr}....................wlbXNG@:64236:@GOYblv...................wmc[SMHECCEIOW`is~...........\|naVMIINZk~......yh[U[gv......xfVMLOXcoz......\|vqnllmpsvz}...........~xpjaYPHA<85469?GR`o~...........................\|yxyz{\|\|\|}}...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\debris\flesh1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	3058
Entropy (8bit):	5.2943488115286295
Encrypted:	false
SSDEEP:	48:AwWFYXtBc5wwBOE9OxfZo0VGp6FONLFT3BEf8xRCY7j1z4C:AXiXtBMfBxYxho0VGpJDA09
MD5:	E180687EEB73F42041F7E36D424F635E
SHA1:	5E64E07C513D7F01F4526BDB8A84158818320C0C
SHA-256:	463CE5C2CC82AFAE399355525DD8130088B0D2D5B8CD397122A5CB54A2A7180A
SHA-512:	00038F165347408D957319AD13694A61E1C75A3C1A03FCEEE131CD7B1530556AEDDB98F15B2AF49AA5F90A792FC8216FB5E39EEC291F6F6A98F7D18872E6042D
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......datas....................................................................................................~..~.....}~.~........~}}~.............~}~~{~......~{{\|~........}}~.........~......~...........~...}....\|~...............z.~}...\|....y..~..~z.....z\|}~~{...{}.}.......{~{\|.......~........x..t......~.~~z.}x.~}.............~.{\|.~.....}{zz}.yw.x....z~.....{vs}.}...}y..n...\|.~{}...~..}{.~..}.\|.~~.......~.\|p{.....vz....}{zx...z.vw\|....utj\|....\|{..pt....vuu}..ymbg.....pb.......bx.....~vy...xjy~..wos~..q{~.....z....hix.....xw}sg~.z.....~..w....\|.v..tz...pmv..xmu~...ss..~.{...x.y...{.d}....uj...pn...gou......t.}y.tn..v....p.t..{.{}.}xa.xt.~r..\|.gpn...s[y...s.~cw....rruy....rh~...zztzv...yvu..{...\Wb}...yzjg..m~}{..tb~.eg..x.._b.~Zu......~r..}..xU].....qjyx.....x..my\|.....\|...u.xs.z.t]....uskvz....~..\|.x...~.s.p.z.\|\|m}....xj.\|....p..o...s\|u{xu..k..{\|y.yox..t....\|ya.....sk...~y......v{..bn{\|...wq\r..{.....r.u..eX.....bW......xfh..M..wr...[U......qzmqw..}.hv..

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\debris\flesh2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	8338
Entropy (8bit):	3.9887649461503343
Encrypted:	false
SSDEEP:	192:kiyLW+VhQYX/JGxBZFLEcsvyOGyCJSV8nSldlPe:kiyi+3QYhGx27vyHy0Sm4Ve
MD5:	680DB31C3D17966248C7B316BA4D55D7
SHA1:	E985D0AD07E48C6814B803FEC04131CFE9F301A8
SHA-256:	ECE89D922458573054A85D3C140B266F0049EDCA13A98F54BB08C679E67003CA
SHA-512:	49EC6E8BF53DC50B7782B5D8B2B366CD06D95EB6F7BA09117623ADFA746858067B2D90A4F2791816350D8C616D131CB6F3E8C4EA6B6020604499E60217BD3370
Malicious:	false
Preview:	RIFF. ..WAVEfmt .........+...+......data. .....................................................................................................~~......~............................................................................................~.......~......}.....................................................~...............................ur...{v~....}sz....{ty......{........~...wt....mm....suuu....zoo....oz\|.......vtz}...~vtv....xwluz....tpy....z\|vx....stv\|~...}.wz.....s.uq{......w........oz..s..v..z.y..zw}..q\|..p....yz{vx..\|...o}.u..z.mo..w.y.{\|xx~..n..or..mz..zy.u..p.y..w..}.o..v.e.~sw..l..k.zs...s{.v..k...u...p..o{..i..ve.lq...yb..l..~p..gn..ik...v.xdu.qq.vt.....gy.z..Y.ur..q.l..e...s..g..X...v.\|...sk~...y..x....r.lyxjr.y{.z{axu...vn......u...\|...yo.g.ts.Yg{..m.Yjn..q}..a....r.sy.vamb.hk.c].sur~.q..a.......}....w..w.ng\|.tei.N..q.ih....jx.c...w.c.k....wpjh...td}.X..p.cz..hhq._..q{..Kr.W...nL.yd..xj.c..v}.mVw....pen}....\us\|y...Qw.O{...t..Y}.j.W.oo...sp..f..o...s..ujz.^f..q..{zr.

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\debris\flesh3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	3020
Entropy (8bit):	5.480522506469719
Encrypted:	false
SSDEEP:	48:P07MoNVToNjiIutod5pE61swJ5TDyIDcDlx3fWtAVhzCx4qNfVJWAWbSblqG+mao:kNVENBQc5pxswLT2IoDlxvOuhzCuqN/h
MD5:	9DAF5730465FFA6287DBCE3E1A1E0D36
SHA1:	4E740F5065C2F18BD8F8F80A3C686D90A5197C8E
SHA-256:	C5D4EAE539902B47778EFD387A24FD8D2129FF23CAD4A5F9C4CBFA7B6A1A332B
SHA-512:	0BD51639260D528D8D4DA3860BF6992F1466DCC350F1243EC58FC45BF1424C78248EEA5941B529457793B87762C193A8B81847FA87165A9E12795C0D45338F4F
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+........dataK........................~........~..........~~.~~.....}{..\|..xz}.}..~.....}.................eh}x.}.........~x{{.......w......x.vy....y..{................\|.xz..........xtyq\|\|.}rt~usvyy..u.~nvzs.y.w..\|}tv~wszrvm..`d{rzw.~nw{{x....x.p.z..wy...wz......sf{.iZ...z..sq..~p.~vt.vk..pm..v.~u..xr.c.....wxq.mrzsnts.v{v\|\|..zz{mpwwxtszt..r\|zq\|sl.u...}{pt}...\|y~twx..{.....}..wyt\|{y}...z....}.......\|...w.\|~\|zw.t\|.~.......~.....}{...........o}.}............\|........\|.w.........ws.{...w..trx....}zwp.z{y{\|jwx}}y~t.}v..u.xeq.\|.{\|{{.fex.r...\|z..v}vv{{x\|m~x.jqsox...3`.T.i....r....}.p.y.......o.o.y.r.o.z...................wt......x....x........wo.......u.t]eispnZdpm.........u~..}lppf`aYfd`hnhmpw...pvljsgzr{k~x..~q...z.zz..iC..dJ...>w.wC..gk.~d{.yV..ww..~x{v..s...z...........}y......}y...s.}.}{....\|}~.z...~z.{...}.}~z...p.g..w.n.l.\|.^...x.wz.zz..\|.w....y....\|_9>...[>.mr..f......yyyytfn.j.t[oQ\_whwmpieozmtpprxwx{.v..........\|z....\|..~zg~wt\|pkyu.s.x.~....{y...y.swu`xu

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\debris\flesh5.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	4160
Entropy (8bit):	4.651793678515627
Encrypted:	false
SSDEEP:	96:PPO2TG5qGGJQ4mTdqmUC9mpOSqYrR/G5kOniMt2Wj7ABs:PG2TG5nsmTdqHf8uBykOnb2Wj7ABs
MD5:	E3B7773FB38087F76B26A03A0606E9CB
SHA1:	C30F8F901D351B8EABA788C7DAA02A1FF38A9CA7
SHA-256:	3722C9DB5B9915D5B88058A6CE6BD1D485E1F27311516A6A07A9B38EF88DD33A
SHA-512:	0AF7F207B6BA3142072231418AF4E169856EAF9365770A21A8A1C55B5B3BD53B2FC94A8525FF68879E2DB3587BA1DEFE83E89B03A1B21EF28CDE2FF77E4F3269
Malicious:	false
Preview:	RIFF8...WAVEfmt .........+...+......data....{}}}~.~\|.........~..~....~\|..}.~~........~{...}....~}.......~~...............~}.....\|.{........~..~..z}}}.....\|~....~}..}~...~......}{...}.y.u.y....z.}.\|\|~....{pjy..s....vstk]Sj...n...\|\|..........s^IPf.......\|........~{yuokltwy{.......\|tpw.}\|...xtw~~........wus\|..}szyzyz........\|xwvpvv.........~~zywz\|}.....~~~~~~..y..umk..boz..zz....z.}\|zu...}...{~.........{yyy\|}.......y.t...\|.~\|{..\|\|~}....vrw...~\|}}~.\|~.~\|..~...........k..m.p.l..w.o.o.y.\|.}z.\|.yz.~..z}\|..{.....~{{...}q.t.~~.~}y..yz...zz.~{....q\|.~....x}xz....}}y}w.....}{...}z..}.{\|\|...~~...{z...\|oz..}x..ly..uu...y....~..z}...ru\|..z.......{......\|x}y............~\|z\|{w{.....z{~....\|ov...}.\|{............}rquvsoqw.........}pkiinsz.........\|wuonu.s........zpq.........{\|zvptxz{......~wrqqpu~........zxx{{.......zwx\|\|\|......zxyy}.......}z.......z\|yxv.x.~..oz~.vw.......~{tuz.....xmtcu.....~viox.....yvuu.......{rqu~......wz.\|.}......w...}..\|.\|~.....{{.......y.~...~}.~}..}~...~.......~z{..x}...{...}...

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\debris\flesh6.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	3004
Entropy (8bit):	5.546350331125351
Encrypted:	false
SSDEEP:	48:0HAqrRyYkhadr0/PQgw59I75obYfF3bWv58Z6C3+Gt4n8+6dklB2yXi6pF5C:KroYkhT/ogw59M0YfF3I8kC3m8fdklBy
MD5:	39D94F9E512FC28511D2AF358E48C45A
SHA1:	3028F24ABB80B2191A0A8C3B28345B0A4C061912
SHA-256:	3E3B806AE021B58937E4816EC93C844D1C864469E1A2A968E60BF44ABC459584
SHA-512:	462EE3E0D077990774812F023433EF6C4872D0E810E8FFD459E06A185C69424730B33C138A341C3F5FF1DF9B8C6337B0FD91D5DDA7A6686AB5FEA50848B261F4
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data=...~~...~~~....~....~~.....\|\|...sov...{ms...~tt{...zy.......\|z}....xx....zv\|...{x\|...}uy...}x}...\|w{...\|zz...{vx....\|\|....z{....{y}...{}....~~~..\|{{...~y\|....}....~~{\|.~}~~..........~...}}}}~}.......~....\|~~}.}.}~...........~....~}\|~..........}....}{{\|..........~\|}.....~......~....}~}}{...............~.}.~...........}........z....yy....y...y~...t...~xx...}w.~.....~yxy.....yuy....xpu\|...{ur..o.zw.z.v..w...{..wx{yz.....z}...\|z~}..zvy..{.\|zss........\|zvtv.\|z...~.....{}{..wzr.\|.....~z~..~.\|..~.}}u....~.~.~~ys\|..y}~.z{..vx.\|.k.v..d.6..<.n..f....~r..vw..o..}w..z\|...u...~y{..\|.yz...x..v\|...~..z~y..........wrvvxy}.~....\|\|...tbm...ur\|..\|ix...z{....\|...\|vtsmx...}~...\|iq..xmo}...\|......hYTVft.....lVC9Ba......fMDOg}.......wjkfkh}..suwz~......\|.nj`ct.....thrlmhgt........xhVbm{.....x.ikko........{ytsry{....wwz..........~...}.zwy{y}......zz..........yx}{...{...}y.......}.\|\|u.{.....{}\|.......}~~z....z\|vx....~.vq.y........xdLYo...w]e.....rku....~q.ytvh...vbw~.

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\debris\flesh7.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	1976
Entropy (8bit):	5.696363886369914
Encrypted:	false
SSDEEP:	48:VMMV/dig/kOc+QXIw2HAqrRyYkhadr0/PiC:VM+dig8+QsroYkhT/7
MD5:	D91028DC79B6F3ED20D6E4B6D7EA8A91
SHA1:	7E333B2E895423A6A2A2A5B0CE027E5CDC95982D
SHA-256:	72A729880468AD3E2201E3E5594AE4A1C7418A39228693A0762F7B1D6F315746
SHA-512:	FD94C196E53C68A0ADD2705A66DAA4C8EFB890E03E5E3A58CB0E3774D5DB85A8801B83D205B10BF280E2E1EECFA71E712B602088CDD274C8DE50FB9D8A56C1D4
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data:...~}...}{}..\|}}..~}....~....}....~......tnz....ztps....zqw...~{ywz}...sv.....~}yw~...rbo...{}z{zv...vru...{{.......ys.....xx.~..~..\|wy\|~..}~...}\|...~....xv...~{...{z..}..~.~}........}...}{~.~yy...y\|...yz...{}..}{~...~..~}}~..zx{.......~~..}.........\|....~zzzz\|..}zyxzxrmdk...........}]91+.... =k................hD+.....!'?^..............{rZ?...*3;AXq............\|i_YSJ:739CMV^hx...........nZPFGFBELS_jw~.............ygYMHFKMR^jw...............{odZVTTX^ep{..............\|wqjfb`bekow.............zupnmlkklnquz.............ytpllkmprtx\|..............\|wtpnnnosw\|..............\|zwvtrqqtx{~...........~\|yxxyyxwvx}~}............}{{{zyy{\|~................}\|\|{z{{}~..............~~.}~}}}\|}.}............~\|\|}~.~.~...................\|}...}............~}~....}~......~..~~.......~}\|}z\|\|~.........~~.........yz~\|\|}...........}{}.........}{}.........}\|y{\|~..........~~........}}}~\|.........~.~}.......~~}\|}}........}\|~}~~\|..~..~}...~.......~\|}.}\|........~~.~..~...~..

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\debris\wood1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	6328
Entropy (8bit):	5.056934522161293
Encrypted:	false
SSDEEP:	192:vS9PhQ2HkrkMs7mt1dY7w7cSLX98Srd1Rqk:a1q2EWS1O56ewSk
MD5:	2CB0C7BEDC54461951E2F74135250732
SHA1:	80353A89C04657BCD54889F50CE3B891F0099D2B
SHA-256:	FFB140531C32AD996C89E0850FA5F95B3FAD90719E5563809097200B313FDCE5
SHA-512:	26357FCE32EC20FD9EDD14A4D52538C6BAD4FDF812E3870873B5E0BBC13A45F6DB8645FE2EFF5DE0130927F56F8B2F5F320D5BD1FBDCAAA165299E2154A28A79
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data9.......nUKbvqsx}....xS??5F_gv...................v{.snsn}...xvx.......{l.nqx]Nlls.........nK:+.+7UXdqqbi.........{sP05<PFd.{....{s...}ns{.qnx{}ndv{.....vs..........{d........_.n.#._.....F..i...ZDP......sb?.......+..Zd.....K..2Z...g..X.....sgqs{l]..............A...........S..............P "PbFDSdUq..v......qx.}....ldZD_............xv.UUZ_.d....bdN.0...D..D.n...<. ".....U{.K.P..........U....x......#..:<Z.._{(..l.............i.........]7.&].........N7i...Z".-......N--.?........Z...d2%5N....7? ...5US<<..........dq....xslN+&2n.lXq.....U.dS....nvddi+(X.......sn{Zv.ZKi_..ZFn...s.sSdv...qn....gnqb52%X..nPUs..il.......d..s.q&..NxXN..{qiDZi.....X<(q........d.....sS..vbq..U(..q.dI...n:#P...._AKi......nqDK..0..qX].qN:q_dv.....Nx.....A7d%.........-x.{..n]sF"Fq.-AF_DF?72.<U...v....................igdlv.....nx.}{....v]A_v.U:<27UdUA{...]7s.....viZ{...............g....nld.lZPUD...q......K...{nNF.?d......sFvgqIPqI#v....lv_Z

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\debris\wood2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	6528
Entropy (8bit):	4.831127293918193
Encrypted:	false
SSDEEP:	96:AzBDrX/BnjIEe9Qpcs8eYoUPNe9Yw2qsIjRoi7MibXaypXYnq9gGbl:AlvJsL9QphwCfsWLfbmnq9
MD5:	629443E62CAF9E36F8148A3961F80460
SHA1:	1659D3A7632D1504B96FAEF474F5D3E544F51728
SHA-256:	F4FC69F1D6A8A0F805CA234AFCC3F8246BB161D9CE954C9D55479FB1E7A32A6D
SHA-512:	E657E39ED87138E1B349A4E4C825F2CB68825C3A0EDFDA58A84AA730A1294BE74261DB9347FE1B94987686A2C11A365C3EA43EEE381157D02444A50405805539
Malicious:	false
Preview:	RIFFx...WAVEfmt .........+...+......data....llnnnigdglssvvxx.}..............}}xsssqssqnqqqvxxxxxx}{xxv{.}}.}..............}.{..}}xvxvxx{{}}{{{xqv..........xqqnnidS:0-&2AKX_s}{......viZK<+(05Kbx...............................}qgZXSNPXds{.{{x}.{vlgXPPZbix...................is..}..}}......lx.vl}..................}gIUUK]K?_xs..........................................sx....vi_NZXNKI:00(-%..(-5:::7:0#......."-0&(-(77DKFNKIFIDAIINbbbbdiild]ZSPNN]ds{............................................................]b{.U........iZ_l]A]?li.biZnlbiqqn.x.s...xn...xgi{{..sX]l..........s.viidsxx.qgqx{.sv......xxqblqs....xv{{.vx.......................vnsxill{......................x..........{.............................{l]_UINXUUZgv{............vsx.{qldXUSKNKIPSPKNPKKUXXX]_dbZ_dqqvqx{nqslvqsssndgqssx..vx.nilq{..{.............slb_ggdbigd_b___]gqsx}................xnlbZ_]_bgqllgglgdZXZ_ggddn{{nXsgns]U]bgl]biidx_giqvxxx{..........................................i.x..ns.....}...n.{.x.xn.{qnv.qg..snS.{.iv{.

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\debris\wood3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	6116
Entropy (8bit):	5.683223319945225
Encrypted:	false
SSDEEP:	96:stYX0lgyn76DjnWUhGuwS8Ub4J8NcehHfzQGSb9toBYQylocMVP5BJzIqxnSe:stYXUB76DjnfGzmdzQdptouQ8REP5rzx
MD5:	F4315535D4BD4BA3AEE62ECCD53AB1EF
SHA1:	AD71101780E7ACAD1C81F330287B6FCCF5BBC6C6
SHA-256:	C2B6A0CE8A7BA03BCA6897B8BFE3E23507633F37A81E4A6DA22703E6EB55EBAB
SHA-512:	F212AF826F9559411DCD901091D982D2CFFE45501A60106D33014E361734167C4162EDDA2B4A9E78FBACE1B8117FB7C6F9276694ED90714D2A6C4E42AA78C7D3
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data_.....Zsx.....xXl....vS}.xqv...v..lv.{DS]Xqn..}......}d_.}NNNZ}.........xbUq......gl._q.SlK_v..{......dlxq.D.b.d]..s...}b....vl{U&..Ug}?{..bqq...D+Zs.(....g2..............v{{}N_U..U..."SxNx.......xvglx.ssl..dP".P...........}.{q...........PA.vF..(&DI_X2<7(#"7?2.%2:U}{nd{.......................K.K..-D.bZ.l.N5..#........0 #.......................nPPX?NI.<.........(-.......gF........#A....x..<P.dK2+X.................N................:...................0Z............NSb........PZ.......i..Sgl..I..d..{...S.F..<2.<#...............l..q...........l..D...... .....Kl....5F.#.......l.D....Kv.lSbI_.......NU2Pq2..A..(...]Z]UDX.g.5..{.n..{2.F..X...........I....KZ220:.#. ..-...U5{qi....0#I.........q2.UX(0U.SX...S.XKv%."X#A{......dU.........2v......lI.bU.+-..%Dv_]............{... n0...N?..Sd.i.X...U+.....:(&b............x..UiqA0b0.Iiv....gvdid}.bKq.gIUi.vd?AI...._l..n..ZI.......Z.{?2K_.x.}{.......b.x:+ADK+-F??X.v.........

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\doors\doormove2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	20332
Entropy (8bit):	5.021628837858978
Encrypted:	false
SSDEEP:	384:QuwmNT7cCwp9u30rweo5g+Unlq4YMayOpBrnP+Ywdrkn07XDuoHhcEQmX1erI63u:QuJNnR/30Q5Gnlq41ayOp9y51XioHOiJ
MD5:	5C43B8F1C6ACB62B06222B4893503F32
SHA1:	7F42829C4CFA899652EF438BE905C6954A990B8E
SHA-256:	45C9C6F7F783C1ED10592FE55CEB0A68238E39F7C0D6342EDC77AE1B7437F28A
SHA-512:	32E286DE1EBB609511C841C554BD1C3BCA41A2DEAEBBC01020816AB610BEAE9947137B0E99192F886EDA16019387085792FB318722947A3E1D978F3040956A19
Malicious:	false
Preview:	RIFFdO..WAVEfmt .........+...+......data.N...........................................................~~~~~......~.......~y}......x\|....\|~......}}}siqx~...{kx.......~tz.xoz..yyyvs.....iger........~zvxyyxuq\|....sy~vnu\|....xdlsx}..~^{.........r_is\|....\|pdr..~................~\|hUamnoaRX^o......{...z~....\|uokh.........vcPcwogpxtp~.sZhw......zrrr........}xrjjjpv...t...xxwqkx...........rUXZhw..{hqyvs}.........zcs.sdu......uuuvx..y`u..ztn..wXdqnl.......vxz~.....................ztbOg...ujt~wpkfu........dltz.......{dgknq...rz.n[UPQRl........q{........y\|.wndYco.......qU;BLWajntxoho{xv~........}~\|........}pomv.........shq{wpx}........................\|qqjoopjlsr{{.ufnqnis.qeejg`YL\rmnt\|}~..znx..xrtiaZV\e}.vbm.o[[[cpw....................{qpu{x~.....~.........~ysmxu^bUhzx....lyzy}.....ook}.j]h}.~.zywt..................y...ye^zv........u^vq..._pF..hj{.uryg}....q.o...cy..\|..q.y.fa.\|\|..o......y}...........W\|.y.]}{~...nb.ww.d..ii_[pc}.........cy.fR"Lhf.h..y..u.........\|r.....up..~\|w............jWO.....{.

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\doors\doormove6.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	18178
Entropy (8bit):	6.989222135808811
Encrypted:	false
SSDEEP:	384:6xu5AugNhY52ILUnbCWFgKsHVOOi/KEIWpnPDhM+iS3d07NLDJ:6g6ugrY5VWZFbsc3JIWxP15gD
MD5:	8C2A552898793DD4E5B86F5F44359921
SHA1:	FB6600FFC7AEFE5B5A536C779E505DB5B3B1C60E
SHA-256:	AA41023C4FA6EB1364D4E09DB8436D1F6CA75A7C1038AA77A05BDC0A9FD1F0A8
SHA-512:	BF2CE07FFAEB460B3FCFE5E0A620CD595BB1C3AAD51D3F75E8A078682BC28890AFACCA9B123981604997BA4FC3BC0F2FB1171AFE33A86036FA40B82B7BC94DD2
Malicious:	false
Preview:	RIFF.F..WAVEfmt .........+...+........data.F.................................................................................~...............................................................................................................................................~.....~~.....................~~}~}}~.~~................~}{zxwvvutttuvxyz{\|\|\|{\|\|\|}~~.~~~........................................~}{{zywutsrrqrssuvxz\|}...................................}zxwvuutuvwyzz{{{{{zyyyxwwwxz{{z{\|}.....................~~}~..........................~}\|{zzzyxwvvutuuuvwwyz\|\|\|}~~................~}\|{yxwwwxyyy{}~..........................~~}~~~}\|\|\|{zzzyz\|\|}...........~}}\|zywvuvuuvwyz\|.........................~}\|{zzxwvvvuuutuuutuvvwxxxwxyz\|}~~....~~.............................~..~~~........................................................~}{zxxvutuvvvvvuttrqonlkjjijkklnpprstuvvvvxyyy\|}~~......................................}{yxvusrqrqpppqrttvxz\|~.....................~}\|{\|\|{z{{\|{\|\|\|{\|}~~....................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\doors\doormove9.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	8422
Entropy (8bit):	5.3348069942747385
Encrypted:	false
SSDEEP:	192:Iwnui0LdjhNf6Ot7oyNup3WUCO4qOM7zO9tG8HZgH:z50xjLhtJVUd7zO9s9H
MD5:	5C5F9DDC98D3F58C5B76287812087184
SHA1:	A51C0EDB895B4FE91537192806A070F7AC582B23
SHA-256:	5ED7E4DBCEF8AE14EE749DE9EBA0E3FC9B918DA6F406BB7CE57A0CA2D67A1B50
SHA-512:	BFE0245D60E784355C5C65446C7D11B5DA39E045D06373EA42DC865FB864C5C93EA11456DB1112230964BCE100C27D8C7A31475FEF5C9EC500F1E8CC0DF92D37
Malicious:	false
Preview:	RIFF. ..WAVEfmt .........+...+......datag ..xy{}}....~\|}}.zvw{}{z........}ss\|...zz}..}}}\|yvw\|..............z{....{z..xsu}...y\|............}}....zz{{zyz}.....................\|\|\|\|}\|yy\|.}}~....}..........\|\|}..zx{.}zy\|...}}}}..\|..........~..}\|\|}}}}}......}}}.........\|{}..}\|\|}.........}}}.........\|z{}~......~~....}}.........}~..}zz}.................}~......~\|zz~.~......}}~.......}}}}.....{\|\|}~......}}}.............~.}}~}........}}~}~.....~.....~{zz}.............}z{......~zz}...}\|}.......}zzzxy.....}}...~.............}\|~}wt{....}}.~{{}..}}........}yxzzwz....ww...}z{...}.......~{{{xw{...~vw...\|z}..z{.........{vtw....ww}.~{z}..yz~.......}tw}......ztw~..}wy\|~}}....{w...ztz....wwz\|~..~{utuy}~}}.......\|y}...\|~...}yx{}}zwvz}........{z~.........}}...}zxy}.......{}.ytz....}zzzyz}..\|y{....yy...wt.......~wqv....}.......~}..}vy........yuz...\|\|}~\|....~{}..}y}....}....}}~.}xw{...zy...thq........ztx..}y{~....z\|..\|tv.......}zz}..zuw....}}...ts~.......zst}..}v}...tu...tq}........uptz.......vv~.vqu.....}}\|zy

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\doors\doorstop1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	9400
Entropy (8bit):	6.213434636474199
Encrypted:	false
SSDEEP:	192:C93QxY5zWdX308FeoX8dtaMDr2BTFUER9VELtNqZr:C9gxwgXCoMbaMUu08Lzq9
MD5:	590F39BE4620F151784FC12C6D555D91
SHA1:	4662948B4EF63B5C686EB82BEA0D2A702068A69B
SHA-256:	945B281315B627B4886AA414103C582B4A9E3377733ADE7070BA042324CCBE5F
SHA-512:	FFDEA3F1CD9F3605075BB7B8D497C3F5A08777F0D9937F7EC33B9DA9C0B809DE94FB47116B71D44D9C33BB8F2169368ED1D3D280A25930E1D605B7E4C1380BFD
Malicious:	false
Preview:	RIFF.$..WAVEfmt .........+...+........data7$..q.....qK7-)/Cu.Z</,,/5587.('').8I^PKX....xT90/7^n@776:...........................C/./17CO[.........u<041.09@EE2''&&11Bq.X<7Hu.......H4/..//4@U............................VHPi...\|B7<M...c707GXaU>0/29Ix......xIKIC@EIQkfQ>206Ex.[9/+((+3I.................[C62:@CZ.......XHJq.......ZG@@>;97::7;M\|...ZECKa....[PGB@EPVXif[UOUu.......\|[IMf...[E:66:EPZq.................XC<BEJVVMGHQck^PKPc......\|c^^ax....^IC@BCCCGU...xM>>@CEOVVfu..uUECO......nXUVa........fZTOMTn......[UVfiZOXq..\|Q<2126<Ha.....qIBEMOMOUn....un\|\|........\|...\|\|\|\|.....fPEB@GP^nnnkn\|.......n[OGGGIOOIIOOJE@@G[......nu..........TCEQu...........qq........P713:EIE@<>EMIC@@Jc.......\|\|....xZUVc...xTGP...............nUIEB<65;P....V@89>If.....[PJC<<CV.....[ICEVx..................U;23<M^kaTOMMOVq...xcaknf[VUVVUPIJ^......qVIMn......kk.....iQC723;Q\|...\|n\|....xU</*-<f.kB1,,.4578/(''(-5C[TKQx....Z@1/4M.E9777i............\|..............O2..07@KXu.........C122./7@CH7+('&&(/1:c.cB6Cf.....

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\doors\doorstop4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	5954
Entropy (8bit):	6.987643656358087
Encrypted:	false
SSDEEP:	96:OiZO3Q+t/dxxDy12Wr4/iV4KVfOx9Uqf+2uvx3IZvp0eohDWTTWtC9Kh:OiYzddxs2WrtVHyFf+tvxYZvueASTTWf
MD5:	13AE9BF7D1E876A554B82C0A445098FC
SHA1:	392F6BA3DE3464BFA299E6DB899BB73283CBA65F
SHA-256:	0FA34337D446EF78AB880486E0ACD05FA695FA361479EA67EB545B5D01B95936
SHA-512:	D09D426BEBF54882C61DA45732EF5A94C418B584EA30D0B8272C35748F91BF337EE6D84DAF3D5B4A406394D1D5C027FF687CF2735845374D37B89D1BFE43303D
Malicious:	false
Preview:	RIFF:...WAVEfmt .........+...+......data....................................................~{zz{}~{{xuvyy{}{wzzxy\|wyxur{ytrsrttuxzvvxzzxxz}{\|~~\|yxxyzzxxxwxz\|..}~}\|\|...~}}}\|{\|.\|}~.\|\|yxz{{~~\|y}}\|{\|{{{{zz{{zyyvsqoosuturpqtvxxy{~............{{~xyyxwwtuxwvx{\|{{\|}..\|}~.\|\|{yvvz{\|\|\|\|~................~{}{vqtvy{}}~}\|}........................}}}}~..~ywvxz~...}xy\|}}}zuroklqtwzzwsqt{.....xxx{zvrqkhjtyzyxz.........zuz...umnswy}....\|{....xqmqvqf`nwxsptvvvvvy}..~wstxvtw~.~\|}......\|...{wu.....}\|zw{\|zvtwvwz\|zuollmotywy~....~wliny...~xqjpx}~xhl}...uffz..vms\|......}yvz........\|xqjgov\|........}{~..........~\|rtyy.....ljq.......{~...xgbjw\|xtndcs..~tqu..\|jfs}h\^jm.kPGU.kGAmv..}=0.7A?;BHObea\WYhtlW...re.{..._I@=?d.............pi..ZLcrdI2+8OOQmrPR....[R........t-%.+'.L..VN...udOO}.~.....TGBCKJBHm.....\ocZM3&(Dm.K8AN=/=NR9/),G...[)7IWY.........O3/B.........RX....~w....pL?@X...............h>8Lk...v]PC,'/X.E5/--6MRI;@Uoubmp.............\|[Rat.................hXe...bA-.:GJ9/+0:C>0#..!...."" .!'+%##$)

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\items\flashlight1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	866
Entropy (8bit):	6.206067846266905
Encrypted:	false
SSDEEP:	24:6LeGQ+CL0L5Ki4kCL0L5Ki4srMN3aBmKC:6qGQ+oM4koM4srbC
MD5:	D78E78BF77F92CC9567DE2D785ADBEE8
SHA1:	FFCD0D3E6AEBA9AE8F3C4458D727EFCF909202A3
SHA-256:	53A98A4C021B38BB087D14E6B9C4DB3068B220A4E7FAA02134D20CF04A47785B
SHA-512:	1261E4FC72A354D398A4D1DE32E972A9B7EC26A49462154902EC4B89186C8F247E5B3E8447B7FB6CB606F6539464DFB5820C6BA3019A8AE3E7AF7F8199565081
Malicious:	false
Preview:	RIFFZ...WAVEfmt .........+...+......data.......u.}l.l..y.uu.U7..p.;.]......nN...."..P..{...n..WQ[lys.sN[.n[l..q..dq....w..__yw{...l{.h]UW....u.up......npdUl.u{......sqq}lq..y....pu{....uwquuh.wp......qq.~.................sicachov}.......\|zy{....zokr....so\|...ylipz......zrkhhkqx..........xohcabeks}..........{rjdaachow...........{smheegkqx...........\|uokhhjnsz...........ztokjjmqw}..........~xrnkklotz...........{upmklnrw}..........~xsollmpu{...........{uqnlmosx~..............................sicachov}.......\|zy{....zokr....so\|...ylipz......zrkhhkqx..........xohcabeks}..........{rjdaachow...........{smheegkqx...........\|uokhhjnsz...........ztokjjmqw}..........~xrnkklotz...........{upmklnrw}..........~xsollmpu{...........{uqnlmosx~.............unnw.....wnnv.....xpnu.....zqot....LISTJ...INFOISFT>...File created by GoldWave. GoldWave copyright (C) Chris Craig.

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\items\weapondrop1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	12694
Entropy (8bit):	4.118862947908895
Encrypted:	false
SSDEEP:	384:d2RBAPKOSeiCSUZAAtzStZCsWtqV6UFZDHtPQmZ:d2RB1OSePl5zStIsWtqV6UFZDNPQmZ
MD5:	33EE1578F082DB63F2F590CA210F419E
SHA1:	EC6A0659597EC9DFB4487AA8BE8A0DE48A2E309B
SHA-256:	CCDEF66099A7340395DA9637A6E5476F0C73ACD05B710770F1104A46BE2594A6
SHA-512:	A895B69F4B6A2B7E35AB410B789C5A7097D81E709B3A964D08960FDE777DEAC612095391478D8C79C371E67A2F7677E29D91EF73A641884CF21FE1ABCC97BC85
Malicious:	false
Preview:	RIFF.1..WAVEfmt ........"V.."V......data.1..................~........\|zz{xz.......vtty.......\|sw{\|{z\|........\|\|.....}sw...\|u\|............\|z{~..}}}\|xuwx\|.......~\|.....~}\|\|}..\|{\|..~~...\|\|~.........~}~~~.........~}~.............~\|z\|}...................~~~..~\|}....................~~....~\|~........................................................................................................~~.............................~~......................................................................................................~......................................{....ptolp\|......}pnrvx{....~~...~vvz.....}...}~{xx\|..........\|xy~......}zxyz{\|.......................~~........~}..........}\|\|}...........~~................................}.................................}\|}....\|\|.........~~~.~~.............~\|............~.............~......~\|....\|\|..............~....~~......\|~.........~....}...~~}}............~\|}..........~{{\|.....~..........~.........}\|\|....~.....~..........}\|..~}~............

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\player\geiger1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	566
Entropy (8bit):	5.099960923295284
Encrypted:	false
SSDEEP:	12:odsBfJ8j8ElQ0aVcGH/7eMAixsz2KkT8kIZJ892GiQPxi+opUGA81T6LdMC:odsc4ElFCFAix07kJ2bgxi+opDmKC
MD5:	BC1A1071EEC16DADF6539DEFCA3F4FB7
SHA1:	F6B84DC98135F94EE8EA070A95B96B471A6B191B
SHA-256:	30ADCC3D5745F9DED5DB88967719D2710F95F251B987FF9C875EA7056FB558BD
SHA-512:	6E185C57FA1AE30579894493553E65AF450749F46355BFC538303165FA7C2812207D6706360E9A41F03330ECEA1960D678938A78F3CD078FC2DB6211D47002A3
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data....~~~~~~.......~~}~~~.......~~}}~~.......~}}}}~.......~}}}}~.......~}\|}}~.......}}\|\|}~......~}\|\|\|}~......~}\|{{\|~......~\|{z{\|~......~\|zyz{~......~{yxy{~......~zwvwz}......}xustx}......\|uolns\|......yi[SUc{...\.(d_2X.._D\dSt.......lsrdx\|z.....}.ptwr~......}{ztxz{.......zzyx{}.......\|zzz{~......~}{z{\|~......~}\|{{\|~.......}\|\|\|}~......~}\|\|\|}~......~}}\|}}~......~~}}}}~......~~}}}~~......~~}}}~~......~~~}~~~......~~~~~~~.......~~................LISTJ...INFOISFT>...File created by GoldWave. GoldWave copyright (C) Chris Craig.

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\player\geiger2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	3250
Entropy (8bit):	2.120975956272053
Encrypted:	false
SSDEEP:	24:gt7raKnxBpNlJ4FiTbboozXPvG3VvmKGqSwmKC:gtzp3J45lvbGreC
MD5:	E75BEE21B108B9FE6BBBF0EDFAD9A5A2
SHA1:	AD3A93C8AB58BE7EEE78A8337648BBB964781AE0
SHA-256:	CC60B087F3B7C6F7C680377139CCAB3319A848E352E85968BBB3FF0C6BB3AA37
SHA-512:	3DCC2F8C84D68AFA051B36A75126B8AF25D3096CC802B1F12D39663064C9455F68AFBD11B1AEA6E1B29415B7132F7841E67289E3A5BEF7A142BA775DDF550299
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data3..................................................~~~~~~.......~~~~~~~......~~}}}~.......~~}}}~.......~}}}}~.......~}}\|}~.......~}\|\|\|}.......~}\|\|\|}.......~\|{{\|}.......}\|{z{}.......}{zzz}.......}zxxz\|.......\|ywvx\|.......{vssvz.......xrmlpx.......paWTZn....=.FlC1..{JLhX\.......xjxgl.w.....\|.vpxrx.......{{uvzy.......\|zzwz\|~......~zzzz}.......}\|z{{\|.......}\|{{\|}.......~\|\|\|\|}.......~}\|\|}~.......~}\|}}~.......~}}}}~.......~}}}}~.......~~}}~~.......~~~~~~.......~~~~~~.......~~~....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\player\geiger3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	3310
Entropy (8bit):	2.58043292772854
Encrypted:	false
SSDEEP:	24:0iFc4EpqH6Ypy9e5cKQ6ybEAO0wwotybEAO0wwoEmKC:U4YqDfjybEKotybEKoyC
MD5:	D39677D3B98716228BA284D200A04655
SHA1:	0C08616DB4F3AC112DCC5AB8A6B2FA6E4E171192
SHA-256:	824F7EEE17C0EB99C5879FA072D68342F718C92210044C425A4F783C8EC45BA4
SHA-512:	6A713F9DD85AE09F938EF95BB8DF552DE1422C1143910CF6B7C802593E7AC0D8E2796C9FE2A288935A598C4428FAB3C481B8F42C73E33DE6E7A2AE970A81B7E2
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......datap.........~~}~~~.......~~}}~~.......~}}}}~.......~}}}}~......~~}\|}}~......~}}\|\|}~......~}\|\|\|}~......~}\|{{\|~......~\|{z{\|~......~\|zyz\|~......~{yxy{~......~zwvwz~......}xustx~......\|tnlnt}......xhZSVd}...X.-e[2]..\D^bTx.......luqeyz{......~qvws~......}\|zuyzz.......\|{yx{\|~......~{{z{}~.......}\|\|\|\|}~.......}...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\player\geiger4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2068
Entropy (8bit):	4.416196112883232
Encrypted:	false
SSDEEP:	48:8g+kU6kptXy+BjsC4dMJ4N+zts0BY3Gxmlew6sCrdMJowC:P47C+BjZOIe2xmMqQ
MD5:	6BF2015C587C71D29691FC0BEB7FA6DD
SHA1:	7EC1056DC1D4ECC3DBE4D1332159F4D3CE48CABF
SHA-256:	76B4A0C291A5774E344877E7B2C013B7F6E3C76D7C17B0E8B596CFADF1ED50C3
SHA-512:	061FF559ECCAB08191A1095156D5B59539C0F61935BCCC8E7729337570F7D0699E9E7B453276774BB16A8329E6C8B7FD36274BFB8F85F3FC442BFCF6BF588A68
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data................................................................~~~~~~......~~~}~~~......~~~}}~~......~~}}}~~......~~}}}}~......~}}\|}}~......~}\|\|\|}~......~}\|\|\|}~......~\|{{{}~......~\|{z{\|~......~\|zyz\|~......}{yxy{~......}zwvwz~......\|wtsuy.......{snlov.......veYSWg....P.6gR/f..UGb^V........jvmg{y.......{pvuu.......\|{xuyy\|......~zzxx\|}......~\|zzz\|~......~\|{z{\|~......~\|{{\|}~......~}\|\|\|}~......~}{{\|}~......~}\|{\|}~......~}\|{\|}~......~}\|{\|}~......~}\|\|\|}.......~}\|{\|}~......~\|{{\|}.......~\|\|\|\|}.......~\|{{\|}.......}\|{z{}.......}{zzz\|.......}zxxz\|.......\|ywvx{.......{vssvz.......yrmlpx.......qaWSZl....@.DkE.y..JKhYZ.......zjxhk~w.....\|.wpxrw.......{\|vuzy.......}zzwy\|}......~{zzz\|.......~\|z{{\|.......}\|{{\|}~......~\|\|\|\|}.......~}\|\|}~.......~}}}}~.......~}}}}~.......~}}}}~.......~~}}~~.......~~~~~~.......~~~~~~.......~~~.............................................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\player\geiger5.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	2240
Entropy (8bit):	4.60508555318981
Encrypted:	false
SSDEEP:	48:6AM32p3J4N4BzCfMR2+Zp3J4LgPpXshhHGn10C:6p3U3zmfh+v3TFSmX
MD5:	F090B5732E2C00CF391F0F8328F7AFE4
SHA1:	A4E7E65013D5AE3B17FC84412EAF439E20F19C3B
SHA-256:	FBA7F36FC2E291E6474AA3B5F3F98CE3205B65FD5894511D39C703015B8C872D
SHA-512:	4AA41C48C362926BAB33A803C87676908EA08364A4C8EF3DDB9213E456C803FAC84E567B9E0FF2020FEE35F169881D4CAEB88B5220E853DCDEBED2499FAC9AA4
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......dataA...~~~~~~.......~~}}}~.......~~}}}~.......~}}}}~.......~}}\|}~.......~}\|\|}}.......~}\|\|\|}.......}\|{{\|}.......}\|{z{}.......}{zzz}.......\|zxxz\|.......\|ywvx\|.......{vssv{.......xqmlqy.......p`VT[o....;.IlB4..xIMhX].......wkxfm.w.....\|.vpxry.......{{uvzy.......\|zzwz\|~......~zzzz}.......}\|z{{}.......}\|{{\|}.......~\|\|\|\|}.......~}\|\|}~.......~}\|}}~.......~}}}}~.......~}}}}~.......~~}}~~.......~~~~~~.......~~~~~~.......~~~........................................................................................................................................................................................................................................................~~~~~~.......~~}~~~.......~~}}~~.......~}}}}~.......~}}}}~.......~}\|}}~......~}}\|\|}~......~}\|\|\|}~......~}\|{{\|~......~\|{z{\|~......~\|zyz{~......~{yxy{~......~zwvwz~......}xustx}......\|tolnt}......yh[SUc\|...[.,g_3Z..]D]cUx.......jsrey}\|.....}}puxt.......{zyuy{\|......~zzyy}......~}{z{\|}......~\|\|{\|}

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\player\geiger6.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	3872
Entropy (8bit):	4.923464851436087
Encrypted:	false
SSDEEP:	48:rvLyzvup3J4KGopdhP7gg+nWYtbXYJMm+M7ixe0uP2JUgYqoh3PM32p3J43C:3yzvc3THhz7mjmjWU0uP55+3U3Z
MD5:	4F98428629ABDC7B7F983FCD4D9A8987
SHA1:	A6F353801CB2F357B98A9CF5256C4EEF496A57F2
SHA-256:	B8527BA147E673660925542FC36112BBBC6A8467103D70E4F157F7EFB140111B
SHA-512:	20EA4074099A4C983493BF4DB652C6D66080DD1881C3F84DEB8D9FCDFF9A393609D2AFD978F279FB6996EA7932E9922AC538707FD803846469F0305374482FE4
Malicious:	false
Preview:	RIFF....WAVEfmt .........+...+......data..........................................................~~~~~~~......~~~~~~~......~~}}}~.......~~}}}~.......~}}}}~.......~}}\|}~.......~}\|\|\|}.......~}\|\|\|}.......~\|{{\|}.......}\|{z{}.......}{zzz\|.......}zxxz\|.......\|ywvx{.......{vssvz.......yrmlpx.......qaWTZm....@.DkD/{.~JKhYZ.......yjxgk.w.....\|.wpxrw.......{\|vvzy.......}zzwy\|~......~{zzz}.......}\|z{{\|.......}\|{{\|}~......~\|\|\|\|}.......~}\|\|}~.......~}\|}}~.......~}}}}~.......~}}}}~.......~~}}~~.......~~~~~~.......~~~~~~.......~~~.............................................................................................~~~~~~~......~~~}~~~......~~~~~~.......~~~~~.......~~~~~~.......~~~~~~.......~~~~~~.......~~}}}~.......~~}}}~.......~}}}}~~......~}}\|}}~......~}\|\|\|}~......~\|{{{}.......}{yxy{~......}yussw\|.......sh`]bq....?.4gR9{..N=SHFz.......b_F<T`....a.;eE)\...ZSjh]..}..}..l\|um.\|}....z~}t}{z.......y\|{z.......\|\|{z}}......~\|zzz\|.......\|zxwy\|.......zvttw\|......~wqnns{......{k]TUax...a.&ee5U..aCYd

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\player\pl_shell1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	4904
Entropy (8bit):	4.950660280267867
Encrypted:	false
SSDEEP:	96:1j1SG20ZHcHaRoYa4f3UxYYifni3qhfz9c+lgIhWKO1iZr9SnD95XobY+i:1j4G20Z8Hao9K0YYifia5hy
MD5:	B3F632B3F3D5732196C3E0981B3422E5
SHA1:	F4795E4202305F91FFEFC1313C01949185408E6D
SHA-256:	63B5A27A57A48C5181007983A113ECDE1E536FE3D5CE6D7F8E153BBF8726E4C7
SHA-512:	9C6F29F7289B906DD3EBA94CDB1B1B4B80D2ECF9F9EC5AB18A1D926E1E67A5354D506C9EF1C38458EC567D6E02454EE2EF7CD141BC5084A391E2A93F2113700E
Malicious:	false
Preview:	RIFF ...WAVEfmt ........"V.."V......data.......................~.....wkp...fug.~aa.ib.m..my}s....e..e.s\|.q..m....o.....z.p..v.\|w.o{.t.}{.v..x..~.s..u.~\|.o..r.}z.u..t.\|w.u..n.}t.r\|.n..r.s\|.n..n.xz.n..k.{x.m..j.zr.l..h..m.q~.f..l.sv.i..l.uq.k..a.zn.l\|.e..i.ny.b..e.ss.d..`.xp.g..a..j.h}._..d.kx._.._.qp._.._.xo.d..W..a.g{.^..`.kn.\..[.qk.b..Y.vc.b..V.~b.g\|.X..].kv.X..W.so.Y..U.yf.[..T..a.b}.Y..[.iv.T..Z.ol.U..U.uh.]..S..`.a~.R..[.hu.T..W.mn.Z..T.ui.\..V.}b._~.T..].fx.U..Y.mp.W..U.rk.Z..U.{d._..T.._.e{.U..[.kr.Y..Y.rm.[..Y.xg._..U..b.d\|.U..\.iu.X..Z.po.Z..W.vi.\..V.}b.b..V..].hy.X..Z.np.Y..Z.sk.]..V.zf.a..U..a.ez.V..\.ls.Y..Y.qn.]..W.yg._..W..b.c}.W..].jw.X..\.pp.[..Y.vj.`..X.~d.e..X..`.kv.Z..[.po._..Y.wj._..Z.~d.c}.Y..a.jw.Z..].qp.\..[.wj.a..Z.~e.e..Y..a.kw.[..^.rq.]..[.vl.a..Z.}g.e~.[..c.jy.\.._.ps.^..].wm.a..\.{h.f..\..d.jz.\..`.os.a.._.vn.c..`.\|i.g..^..g.lz._..c.ot.a..a.zm.g..`..i.k}.a..f.oy.b..e.rs.e..e.wo.f..b.}k.i~.`..i.mz.a..e.su.d..d.xp.g..b.~l.l..b..i.oz.f..g.su.e..f.wq.h..c.}n.j.

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\player\pl_shell2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	9884
Entropy (8bit):	3.996549581223904
Encrypted:	false
SSDEEP:	96:hQ1dYo+vp50G9OXahkNY3Lrv0q97mutGwcLL8ZPexnSn:u+RimpLLZAiGQZPln
MD5:	8FC4907765082F784F5612F815FC37EC
SHA1:	D8594625F7A7921A0063747B53DFA9245E68FCB1
SHA-256:	7AA2804C243180470D9E0BF1501619383096C953B574CC7B492FCB098EE3F059
SHA-512:	906D4E0D4156881E39E5621DDE9F0A6DEE853145912776A1A080CB4D1133DACC9DFDF959B5CF44C2607BAC00967C696BECEA3B159F3A7065324FA0D6E81DBF05
Malicious:	false
Preview:	RIFF.&..WAVEfmt ........"V.."V......data.&........................................................\|x~.....sxmaix...\|u\|f.hz.j.n_.f\|.{..x.l\|.k.~b.n~.w..d.al.y..f.rp.t..].tj.z..^.wd.}..j..a.}y.i\|.b..p.iw.^..r.vw.c..j.vp.f..i.~m.k..i..j.oz.l..g.ru.l..g.xq.o..f.{k.o}.j..k.t{.o..j.\|z.n..e..w.s~.h..u.z}.j..r.\|{.o..r..x.p..q.~r.t..p..t.u\|.r.\|i.}..\|..eypt....r~rn....pvrp....sywl....x\|.p..}.{\|.q..z.\|\|.s..y..}.u..y..y.v..w.}u.y~.{..y.\|~.{..t.\|y.\|..w..{.~..w..x..\|.x~.z..{.{\|.z..z.}{.\|..z..z..~.z~.y..}.}..z..{..}.z..{..{.\|\|.{..{.~z.{..y..y.~..z..y..\|.{..y..{.\|~.x..x.}{.z..x..z.{..x..x.\|{.x..w.~y.y..v..x.{}.w..v.}z.w..v..w.y}.v..u.}z.v..u..w.y~.u..u.\|{.w..t..x.y~.s..u.{z.t..t..w.v~.u..t.yz.u..t.}w.v..s..t.{\|.t..r.~y.w..q..v.yz.q..t.}x.s..s..u.w\|.r..s.zy.t..s.~w.v..r..u.z\|.r..t.\|z.u..s..x.w..s..v.z\|.u..v.\|z.w..v.~x.y..v..x.{~.w..w.}}.y..x.~\|.z..x..{.{..x..z.\|~.y..z.}}.y..z.~\|.z..z..\|.z..z..\|.{..z..{.}~.z..z.~~.x..{..~.}..w..}....v..{.~}.w~.\|..\|.w}.y..z.\|}.w..{.{z.}..w..{.}..w..y....y~.u..}.{\|.v..z.{{

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\player\pl_shell3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	8456
Entropy (8bit):	3.8303044510052198
Encrypted:	false
SSDEEP:	96:6oy1BhPf6kXuWF2kMaX5Jj1KAa/nFlBCO6QqmFqYTxm7BCAlbYQ6DpoG5OyxRhoI:Jkh36xk1yFmO67mMnpMposN
MD5:	0B77B687B967A125AAC8B0CB826CDB2E
SHA1:	6497FFFA868C2417FE700AD540038E12CD123C94
SHA-256:	125C7841F45F4C050C3DC7A2D9B492D8D60F6DB1457F81EE484DD0153C7D9C42
SHA-512:	F7EFE41262C89CB9120F2B0416123AE59D632B62860FF708F03F2AB674C4382EC0E715D50EBF75E30703134C97D86211025D4A1B153700820A4B55CE19BD4C10
Malicious:	false
Preview:	RIFF.!..WAVEfmt ........"V.."V......data. ...............................................................................................yl......u.l^iix....g.uc.m{.iwpZzx{.....z.n~.i..].}.....gmvs.....e..w.vv.[{.q..y.rh~w\|....hx.c..m.nn.t..t..l\|.o..t.xk.g..l..j.\|x..y.wu.u..l..b.zt.x..q}.t..u..l.~r.uz.f..m..u.\|x.zw.z..s..j..s.xu.r..\|..s~.s..y.zu.k..t..u.\|y....{y.u..r..o.yx.w..w..y..uyst.....\|\|at\|.....wnvy....\|es.\|....qpzs.....vz\|y..~.xv.s..z..w.{{....~}.x..{..u.z\|.z\|~v}.}..~..z..~.{\|.s~.z..\|.}\|.....}.w}.z..x.\|{....}~.\|..}..z..y..}.\|~.\|..}..{~.\|..}.~{.{~.\|..{.~\|..~.~{.\|\|.}..y..x..}.}}.}..}..{..y..y.\|\|.{..\|..{..{..z.~z.\|~.w..y..{.~\|.~\|.\|\|.{..v..v.}{.z~.\|..{..{..x..x.{{.x..x..y..{..z.}z.y\|.t..u..y.\|\|.{}.\|~.x~.v..t.\|w.y~.x..y..y..y..u.yz.u..r..x..{.~z.~z.z}.t..q..x.{z.z..\|..x~.u..u.\|s.v}.x..w..y..y..w.zy.s..r..u.}\|.\|\|.{}.y~.u..s.}v.w}.x..y..y..x..x.yz.t..u..y.~\|.}\|.\|\|.{..v..v.}\|.z~.{..\|..{..z.~{.z..x..z.~\|.}~.}~.\|~.y..y.}{.{~.{..\|..\|..\|.~}.{..z..z.}}.}..}~.}..{..z.}\|.{..{..{.}\|..}....{\|.v..

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\weapons\debris1.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	14100
Entropy (8bit):	5.613232368214154
Encrypted:	false
SSDEEP:	384:5s2hCJusFNtawmbU12ejEAbk46jISkBbBuyQ/v:5HCJXRGeC4mEBbBuyQ/v
MD5:	D0B4D3ECF7B246D798B58935ECB1636D
SHA1:	7FD093FA568239DE3BBEC143AB5C8E34E94BC1B8
SHA-256:	26EFB87A2438A0B607AA227EC9F5E80935325671FABE9922041D3658451F1B96
SHA-512:	00CD8F3CBA84F2176D324AF63695CAD352F50ED0A5191ED9A4756156A87C7A4AB521F1805016D0CEEDD1EABA4EB13199DEDDD0EC081F11BAE50BA131C14E7057
Malicious:	false
Preview:	RIFF.7..WAVEfmt .........+...+........data.6....q.........t~~{..~sn............ylnnrvviV^nz........{......~....{obk{wv}}{~}.~.....\|..}.jfjxit{.......}....jnmilr{.y.............smvypdidb_{.~.........rgbM=@F]ghu}ytempt.}.....vz.z.............\|...z.wplseq.........fgwgYSFPYirj]dabVr................s..^.U..A......jzs.NRpiNlpseVf.{lz......p....m..t.ybd^..px.y{}{n...w...kyo.wjx~..{..........u...rxy\|uswqq...........}rszog~.nmk..~z...v.zz....pky...o...z.{...w.n..O..~Y.u>~.~....{SXNupXj..XZ}.......xxv....jhp....ri..g.\|lx....q...t...y..alrtvRdr}..{.spn.tckz.q..\|..\|....w]z....vu..{.}{Um.Ds..mp..jr........iaXZlSIOacV_........{kcm{x...}lj..ij.q.............\|x..s...d\f.naw..lWt.}..{{rwqt~.yy..\|..r..zr.....vpl......gm.wj...{.toXlw}............sx....zj.......gNn..q..xt}leahgwy......np......uktmt{qx...v_..zu...}yey..}m...~i....v.w.~...}.....{ap.zy..sco..~qx.........uk..y~x.w{oh..a_si.\|.....xwz...uv....zl..o......~...lr.......gv{fi..e..uigj.}.........o{sez...ro{..pX..an....n}~..xz...mv~.l...{.....z.zk.

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\weapons\debris2.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	10134
Entropy (8bit):	4.728166784781291
Encrypted:	false
SSDEEP:	192:AVUm+jh2gREZOp/yD76uCqGIfiravys5yQ/4ktS33LEN9e:AV0sgR//y/6Hqoavysx7g33LEN9e
MD5:	06DD135BDDEC9471A531E7C8DE6D889A
SHA1:	6AAA8AAEB702A41E4D667DDA2578A042D6D2DAC8
SHA-256:	E6245600BDD87ADC9E12D3D705576E7D24641593E4E59C37B4074CAB20522B29
SHA-512:	CCEE1C189C28973A97E8F072BB01E7CA8ED8AA8BC0290E123FDAEBE3856A825FF371DF5D9D1C9CAFD5059F7AF0ED2C1B7AEAB29CC32FE9FC49B2638326D58499
Malicious:	false
Preview:	RIFF.'..WAVEfmt .........+...+........data.'...}..v..w\|..pv\|.v.q.v..Wa..iqE.g..Sg...s.b..R...l..W.g.e..<...g.c{..or.b...tV.z.O..}~R..smy.[.e..kk..~}\|.h..~y.._s...{.f..}x..m.z\|z.bz~.\|~.i.{.}\|w...o.y.k.{.\|.u}.{...z..y.u.vq~{.}.{..pp.}...l\|~m._.^.a..en..[.wp...T.]..\|.G.e.o.s..v.re.].e~.y{u...l.l.m.c.ucw.t.k.b...on.qt.n..~.e.f.\|wg..}df~...kh...u.f...j.ogb.uhz...y[..kz~.\....]...a...v...wy..g}.~x..e.w.t.zt...tv...{y.g.ovr...st{...qs...{p{....}sz..c.\|.\|w..t{..rx.d.`..yz}.r.Z..Q.l.._.].v.].zv.x.u...gf.N{...W.h..u.T.U..q.t.x...zg.v..j.m.c.c..t.s.m..}.q.]h.u..u.o.V..Y.b..b...~r.{.l..{._x.y.\|.z~hw.qw.r.B....krr..d.t~t..u..o.q\|...n.{s.X.t.u..fx.j.fzrmvz..k.p.t.{..Sx...ck.}..~{..r...y.\|...x...x.{p..k...pa.w...~Pt...jx.u....r.tx...]}o..m.p...v..{x.w...rn..xv.{....sw..zu..l\|..yw...oz..y.~y~..v~x..y}.ur..vw.}t.xv..yp.{.m....t...op.\|}{}..pp.y..xy..v...q.as.6_...ysp.lt{.\.C...Q.t...msj..an.e..^\|.z...}..p..S...TP....r.m}.zgp.]v....a..\|{yz..g..e..x..k..}..z.i.{}..i}.w..d...i.{.r}t.t.}}c..zt..{d...{.Y...b

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\weapons\debris3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	30056
Entropy (8bit):	4.919793390523669
Encrypted:	false
SSDEEP:	768:T7a2zsnpwIKcfJXJlmAfm6Sa1TBmkMrFiLA9bgMmKu:T7XwNNBXTXfm6fckMRisG3
MD5:	1D0ED99C3369C423C2DE35B3A811FA21
SHA1:	CA0836649ED81367F407D72A4D078FFAB83B39F8
SHA-256:	E140EF0F01719151EDBBC8AE0C9256CAA6B8D731DA18A3BFB8ACECDE5A10C11E
SHA-512:	3BE4DD03690B4F6B2728FB3E9994D16B9A34FEE2A126DFCDC00B089C042AAA9DBBE01803B942856434B966A472E7CB9E117C0E662994ED7CD8E2184A5D482889
Malicious:	false
Preview:	RIFF`u..WAVEfmt .........+...+........data.t..........~.......~.~.~.~...}~......................._??R9f.3J<.iBB[9x..Q.nD....B?.k..f~<=H99V7....ML/U.....VG2a........}........}.........n.8Xh.........lv..m..N.hqy.z>O9H8QGUHKKGGCHH8@IA8U'.Y4J>P9HUCK5r\|...u.YubVCQoxW}ux{..Dl.=~{ppq....................................xs.m..q.ur~j................................plzNtshotnhXeRvgYhjxmUQ\qM~<CGPfM:\VG?.MEfDZBPHN>C<P>w4_(K0RM7~tvnoYnR(5BeR@l.L?4HQ..ilCJsmCb....t...b......._..I......l..~l^..b..u....Y?GB8AON9V?h==M<F3C<D??GmHVby...............................................................s..s@wRr...8\=?FW0.533.[p'g55.C1L4\D?.PP9GQDEK:3JEGD5gF56\LfUmY.c..w....................................r.z...w..}h.jge.{ph.lrEMHb@-F-a@P?N.N/.DCQ.#U+a<K2G<T.D35B+E0v!ZGLAD5=.Y1F`WF-%E4.B:FI(6SD?2h@S2N.)O/-/A0di.Q{L.............................................................................................wvz.xqpIgT`8xWZ+FU^V2OLD3,K'A=G*:DP';;ADGU)U

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\weapons\explode3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	28822
Entropy (8bit):	7.5451499811888905
Encrypted:	false
SSDEEP:	768:YJEBYP5s6xy9pQe+E7a2AvOdYog4TM2tCOL:Yy2ioy9OJEEvPogMJtj
MD5:	2DE2030AB2D4C43480E7A12AA3187859
SHA1:	E28D85F0564092AFD846C937415530D7E18AFCE4
SHA-256:	E5C88796FFA1BD7157AC29AACCFF54D767FE67BCADA52D0F5F488A03DD17D9A6
SHA-512:	EA69D517ACB79AFBDAB33C29A6AD95AF77EDC44A0A3F702F4F369E834A36DD20D18AB410E0689FA82BA06DF591E29BC337E1501369A46726EE61A4E67851B4DB
Malicious:	false
Preview:	RIFF.p..WAVEfmt ........"V.."V......data.p......,...5.&!................wEC..'%++7FSVaZreavt.y.........\|8]Of_W^XUSM\^..."f........8...z'..PC.u.....lC2A-...>BBBABBBBBA0........1'2.."....................\-!.................P.5#.....(..........................%................xa9....(y...............3'...7.....dR........."..& ...........v.............................Zj....@f..I..R2@..................$........{......I+=[......................................i^q..tezN...&...................g65#....zl..\|.......f..YfXV>OEA.).OSn...........z........s2{...........+............%$3........................\~...............ukbY........AXY.................................q...zt[PX~.lQgP......................id,&...bqm\}..i.......jU.WLPD0=2:..~F?[rk..z......gut.....r.z'V.........h.0...............q.....................................................z\|oc:fRK3..6..................69?B@9-.7BBB..BBB>B<-.,.%(BBBBBB<BBBAB(...... ...)"..................SZ..MUs...!8:;8.966/62".@a6......

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\weapons\explode4.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	28700
Entropy (8bit):	7.38618076324999
Encrypted:	false
SSDEEP:	768:4yK0DtZilUYGJvItBsyaIvxHlvVHUnrgAF:4yKAtZil/KIt2Uvxr0X
MD5:	78E1E2DB2BB2913A40117B47AA69EDEC
SHA1:	BB4D27E1BCC74A00871B76C5F90AB6714CB043E0
SHA-256:	F6E09E5BFE44A6EA0D0C276E8B632F7911DCBECE62329851A722A53A48BE42C4
SHA-512:	2A141588E45E80FE0B5EF3E37E93430BE10C486D85E4AB6B60FC6EC39B765300B4CF396E32445DCBB1BB160601B453A01B0A3573A27916D65901478638F04FAC
Malicious:	false
Preview:	RIFF.p..WAVEfmt ........"V.."V......data.o..9=??>=;997861% 5..&....8-.B5..:.$=?/..(D].......................................................................................................w.e....rhWut.E<$........ #8575>BABBBBBBBBB=BBBBBB?4=B...........,08:=BBB<4.....!#.[v.............................................thW^C+.. ."...............D .../Ra{i............................................................................!......zXK.mY.7........."5884:B@BBBBBBBBB<BB=BBB@:,B...........%.28:;BB?9&......./nn.............................................lVST,$...........7-...2%7."9B>B?ABBA......_W.t...............................................wO)I4;8."=B....d.1.eV=G.%Hh...y........................................................................VS1.'Q...........Y%.2...B2..84@j.~.8...Wa"65............(.%.;?BBBB;3:.........>...........................P.q......:....@68&:(.3B8>0BB<BBABB+B=BBB=:975@89....3!."...........#R#.."aL#..WI&D.J.T>.zr....*......G..

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\weapons\explode5.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	28906
Entropy (8bit):	7.08299335167226
Encrypted:	false
SSDEEP:	384:j2ClpmaHA0YtoWIFYrraOYiR7nHfCh/t+kVjll8TfsR0stHsUi8qn7CKgVtTTrYo:5lpdA0goWysraHiRrw+Dfo0aZMCFb26
MD5:	BF90FA63BC3B1D3DACBEA621557D146D
SHA1:	87829231AEB68C7DD98F4E59AD40501C706CA6A0
SHA-256:	A39A4098AEDD116A1688196A3338F03EA83F781DF726BCE184A03845A54F808D
SHA-512:	41875F241D97216AF1F6EA23993B5E5606B146CBCC9480BF2173863942FF30077CDAEDA80C7CC240E4B933091D58E76E7FDF801F988264499E04C15BAED556A9
Malicious:	false
Preview:	RIFF.p..WAVEfmt ........"V.."V......datakp................~z\|...zvuwy{~.........tf\WZ_cfijicYNHEDDHNV`hlprrpkgkqtuvz}ym_YZcpz\|vonrsrrrsu}...udSIHMT\dmrqqttoikt.............................yz...ywxyz~...............tlhb[TOLGEEB<7=JZfoutmffjprrsvy\|.....}zy{..........................zrjfjswvogaabbcbbbcglswqhddfku..................................................xsoooopqqqpmhcabdhigedddbbeinqsx....................~umjovxvnfabbbbbabdgmtvofcdfmx..................................................{tomnorutrojbZVVXXTPORSROKHIPW\ajv...........................{{{yslhkprnhe`WOLJHINSUVWYZZ[^^\YZ^`bfkpssty............................\|xurommorqprz.......xv{.........\|wqos~...............\|{x.\|.}wsrtoop}....}wxy.y{...\|z.............~~~.~~.vsnnidgjmknfebginruux..............................................yzz}spmtknqtscopewnt..pl...sx..S.qe}`tr.,ol2.3.5\N..k.C..!.fWGWX_dt...tl^.............................{j...Q..TNq{x`mg.0.)K^'(Vj\ (@;.&h..*.....1%......ZO.........$0BQ[R/c.......................0..

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\sound\weapons\reload3.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	13504
Entropy (8bit):	2.589175072973784
Encrypted:	false
SSDEEP:	192:a0AkjfMS37M/xFO8l1dNh5hvJCXGLZ+osz1AeiDrsR:a0AKfMS374O0NhVxsFh
MD5:	6544BC11EECA41E881E43E411F25C242
SHA1:	FAF55726504E7A1F4E045B13CDF1C2E1E0EEFBA7
SHA-256:	E4EC314AF2DEE6FB0266C940A02253931B683AD0AD096DA29D0212B0E0BCB34D
SHA-512:	56F7E6F2FC6FF4C75FA784E0A4A42C5FC7D2C512144D79069838A3FAEC8F87D8C13CE6536BE44039BB65A3E0BF531072E713D13A4CE3D207318CE0CC86DE4CA9
Malicious:	false
Preview:	RIFF.4..WAVEfmt ........"V.."V......dataA4.........................................................v.\|...yu.}{e..~.p..{kw..tz..wr..}ytt.z..y}t..yru....~}..qfz....v\|...{{w...\|y}..z.z~...y\|.~...sx..}z..~..~t\|{..z}..~{\|~...}}{}..{{}..~z~\|..}~\|....~~...~\|{....{{....}....}\|~...}\|....~.~...}}....}~....~~..........~.....}..........}~....~...........~...........~~...~~...~~...........~.....~..........~~....~............~.....}.~..\|.u~..x}x.}w......{\|.y.yv~.}......~u~...y..}}..}}.....}.{.{~...z}..~...~~..\|\|....}..\|...~...~.~.....~....~~..~............}~..........~....}.............~..........~....~~................................................................................................................................................~...............................................................~.......................~...........~............~}............~}............~.....................................................................................................................

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\spectatormenu.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1006
Entropy (8bit):	5.0261736869022515
Encrypted:	false
SSDEEP:	24:o/vfPpNL/wqJMvS3DOhLzlyfrm/+SlHNnWcy4tOH/3Urqv:QPpNLwqSIwUfrm/NltWcy4wHLv
MD5:	1D9D6EF28668E0E5A66DBBFE743FBE93
SHA1:	08A1B24D927B2B52D85D0A5540AC4A6D194996D2
SHA-256:	062B2536F10D2C7D1C2DB9A72919EEC6F691DF44593A8986074C9B6AB1AC5EA7
SHA-512:	00579EF88206C447274E81BB8B6D4599A9C426641B2C4B2CEFE9639AF76123B0542D4A0C193A518DDB8E92905D20C93B57C546A3AD8DBE6D6DA46D132C543E30
Malicious:	false
Preview:	// Command Menu definition..// ..// Basic Format:..//.."<Bound Key>" "<Button Text>" "<Command sent to server>"..//..// ..//..//..// Buttons can also open up submenus, as follows:..// {..// ."Some More Options",..//.{..//.......//.}..// }..//..//..// Buttons preceded with "CUSTOM" are handled in special ways. They can only be moved..// around or deleted...//..//..// Limitations:..//..Maximum of 50 menus...//..Maximum of 100 buttons per menu.....//--------------------------------------------------------..// Everything below here is editable...."5" "Close" ."spec_menu 0"...."4" "Help"."spec_help"...."3" "Settings"..{....TOGGLE ."4" "Chat Messages"."hud_saytext"......TOGGLE."3" "Show Status"."spec_drawstatus"......TOGGLE."2" "View Cone".."spec_drawcone"......TOGGLE."1" "Player Names"."spec_drawnames"..}....TOGGLE."2" "Auto Director"."spec_autodirector".."1" "Show Scores"."togglescores"....// Here are the rest of the buttons and submenus..// You can change these safely if you want.........

C:\Users\user\AppData\Local\Temp\RarSFX0\valve\spectcammenu.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	770
Entropy (8bit):	4.928668922467856
Encrypted:	false
SSDEEP:	24:o/vfPpNL/wqJMvS3DOhLzlyfrsEAwYwk91S:QPpNLwqSIwUfrlAe
MD5:	F7035F2F148E475585AA86E98FCF1269
SHA1:	423A97E6DCC69C2964146A84ADAE22F39FD2FC91
SHA-256:	93A8D01E2878090E0ABEB6FBFAD302C195E0DCFCFBC3C98CE4C41069E25F390B
SHA-512:	930F0E38BA95B75D1484CBB4E04C9341F19216FA12F0254B69447322799D821A0C6E22B4B43A5B986244F84A09BA6AB4450BB96DB043CF8522938319FF901F1C
Malicious:	false
Preview:	// Command Menu definition..// ..// Basic Format:..//.."<Bound Key>" "<Button Text>" "<Command sent to server>"..//..// ..//..//..// Buttons can also open up submenus, as follows:..// {..// ."Some More Options",..//.{..//.......//.}..// }..//..//..// Buttons preceded with "CUSTOM" are handled in special ways. They can only be moved..// around or deleted...//..//..// Limitations:..//..Maximum of 50 menus...//..Maximum of 100 buttons per menu.....//--------------------------------------------------------..// Everything below here is editable...."6" "Chase Overview"."spec_mode 6".."5" "Free Overview"."spec_mode 5".."4" "First Person"."spec_mode 4".."3" "Free Look".."spec_mode 3".."2" "Free Chase Cam"."spec_mode 2".."1" "Locked Chase Cam"."spec_mode 1"............

C:\Users\user\AppData\Local\Temp\bt1650.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	56
Entropy (8bit):	4.487472725660551
Encrypted:	false
SSDEEP:	3:i+GhoPsC3TMAGICEcvy:i+GCs0TMYoy
MD5:	6AAC7EFFDEAE5CAFB16648B8A5332E70
SHA1:	6A8AC90559DF8DA678E3316F7FDA020DB5A87A38
SHA-256:	58DCA6CFAF8E5318DA66A8A1059FB3A45F3DC235E8414CE87D4EA0B7178C1121
SHA-512:	CE1E4CE4BBCEF90D902BE773A760E8F56C767C7ED33E59B13E437F600C906F6CACF6D316EADD2E16DF179314EE6C28CCB4B54C5648B7C7E68425795A687FA1AF
Malicious:	false
Preview:	DATOS.exe -y..regedit /s REG.reg..hl.exe -game cstrike..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
Entropy (8bit):	7.999640978841494
TrID:	Win32 Executable (generic) a (10002005/4) 94.92% WinRAR Self Extracting archive (518540/5) 4.92% Windows Screen Saver (13104/52) 0.12% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02%
File name:	0RzXzro3zx.exe
File size:	67826994
MD5:	300072e208756288b4d1fc51197635f0
SHA1:	30adcb5652c229cc3fcba71ffb07af4a241f84b3
SHA256:	fe3ebbdaba19c44bd448e3484d6e603a3830077b93ad355161c1a7f0218253fd
SHA512:	966aaf852b97c52e1adb3ea7c9edbe4f0c794711c21ddda14f64a2f004514de43e7436c3d816c398dceea03006f8d7650f025b328720e3e5c5fcef99374d29a6
SSDEEP:	1572864:IcSKN+YCKaRUsKQ5Pzf3j2t5VNFQyuwpBRijXzAlUj/JBE9Mmz:IctNQWh+Pzf3Kt5V8qpBRkxBk
TLSH:	36E7334236B150BAE9520A314E7CABD4E336DE0B95AA064B7F807D0C0576739924DEFF
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	e48686a686ca9998

Static PE Info

General

Entrypoint:	0x401000
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x45729E7C [Sun Dec 3 09:53:00 2006 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	87b324a67e18fb2e1d12308b06fa8d4f

Entrypoint Preview

Instruction
call 00007FAD08D519F4h
push eax
call 00007FAD08D61B30h
add byte ptr [eax], al
add byte ptr [eax], al
nop
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, dword ptr [ebp+10h]
mov ebx, dword ptr [ebp+0Ch]
mov esi, dword ptr [ebp+08h]
mov edx, ebx
push dword ptr [ebp+14h]
push 004140E5h
push 00000000h
push 00000000h
mov eax, esi
mov ecx, edi
call 00007FAD08D5356Fh
sub ebx, 00000110h
je 00007FAD08D4F167h
dec ebx
je 00007FAD08D4F176h
jmp 00007FAD08D4F1B9h
push dword ptr [ebp+14h]
push 00000066h
push esi
call 00007FAD08D61D87h
mov eax, 00000001h
jmp 00007FAD08D4F1A9h
and di, FFFFh
dec di
je 00007FAD08D4F169h
dec di
je 00007FAD08D4F185h
jmp 00007FAD08D4F192h
push 00000080h
push 004150E0h
push 00000065h
push esi
call 00007FAD08D61CCDh
push 00000001h
push esi
call 00007FAD08D61CA7h
mov eax, 00000001h
jmp 00007FAD08D4F177h
push 00000000h
push esi
call 00007FAD08D61C98h
mov eax, 00000001h
jmp 00007FAD08D4F168h
xor eax, eax
jmp 00007FAD08D4F164h
xor eax, eax
pop edi
pop esi
pop ebx
pop ebp
retn 0010h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, dword ptr [ebp+10h]
mov ebx, dword ptr [ebp+0Ch]
mov esi, dword ptr [ebp+08h]
mov edx, ebx
push dword ptr [ebp+14h]
push 004140F2h
push 00000000h
push 00000000h
mov eax, esi
mov ecx, edi
call 00007FAD08D534DCh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1b000	0xfb5	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1c000	0x16f7c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x13000	0x12e00	False	0.5787975993377483	data	6.457526306267234	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x14000	0x7000	0xa00	False	0.482421875	data	4.760780055635003	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x1b000	0x1000	0x1000	False	0.380859375	GeoSwath RDF	5.110466644464165	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1c000	0x16f7c	0x17000	False	0.3026706861413043	data	3.768330143877129	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_BITMAP	0x1c420	0x146d4	Device independent bitmap graphic, 92 x 303 x 24, image size 83628
RT_ICON	0x30af4	0xca8	Device independent bitmap graphic, 32 x 64 x 24, image size 3200
RT_DIALOG	0x3179c	0x282	data	Russian	Russia
RT_DIALOG	0x31a20	0x13a	data	Russian	Russia
RT_DIALOG	0x31b5c	0xe8	data	Russian	Russia
RT_DIALOG	0x31c44	0x12e	data	Russian	Russia
RT_DIALOG	0x31d74	0x338	data	Russian	Russia
RT_DIALOG	0x320ac	0x222	data	Russian	Russia
RT_STRING	0x322d0	0x22c	data	Russian	Russia
RT_STRING	0x324fc	0x3b2	data	Russian	Russia
RT_STRING	0x328b0	0x212	data	Russian	Russia
RT_STRING	0x32ac4	0x27e	data	Russian	Russia
RT_RCDATA	0x32d44	0x10	data
RT_GROUP_ICON	0x32d54	0x14	data
RT_MANIFEST	0x32d68	0x213	XML 1.0 document, ASCII text, with very long lines (529), with CRLF line terminators	Russian	Russia

Imports

DLL	Import
ADVAPI32.DLL	AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, SetFileSecurityA, SetFileSecurityW
KERNEL32.DLL	CloseHandle, CompareStringA, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetDateFormatA, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap, GetStdHandle, GetTempPathA, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree, HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, MultiByteToWideChar, ReadFile, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, Sleep, SystemTimeToFileTime, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpiA, lstrlenA
COMCTL32.DLL
COMDLG32.DLL	CommDlgExtendedError, GetOpenFileNameA
GDI32.DLL	DeleteObject
SHELL32.DLL	SHBrowseForFolderA, SHChangeNotify, SHFileOperationA, SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA
USER32.DLL	CharToOemA, CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA, DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect, GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect, GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA, OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA, SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA
OLE32.DLL	CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize

Possible Origin

Language of compilation system	Country where language is spoken	Map
Russian	Russia

Network Behavior

Report size exceeds maximum size, go to the download page of this report and download PCAP to see all network behavior.

Statistics

High Level Behavior Distribution

Click to dive into process behavior distribution

Disassembly

Reset < >

Analysis Process: ZeroX.exePID: 5996, Parent PID: 2008COMMON

Execution Graph

Execution Coverage:	5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	15.6%
Total number of Nodes:	662
Total number of Limit Nodes:	8

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 70%

			E00418E94(intOrPtr __ebx, void* __edx, void* __edi, void* __esi) {
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _t70;
				void* _t115;
				long* _t124;
				void* _t183;
				intOrPtr _t184;
				void* _t186;
				void* _t187;
				intOrPtr _t217;
				void* _t260;
				void* _t261;
				void* _t262;
				void* _t264;
				void* _t265;
				intOrPtr _t267;
				intOrPtr _t268;

				_t182 = __ebx;
				_t267 = _t268;
				_t187 = 9;
				do {
					_push(0);
					_push(0);
					_t187 = _t187 - 1;
				} while (_t187 != 0);
				_push(_t187);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				E00405F94(0x418dc4);
				_push(_t267);
				_push(0x4193d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t268;
				 *0x41e8f8 = E00416FE4(1);
				 *((char*)( *0x41e8f8 + 0x30)) = 1;
				 *((char*)( *0x41e8f8 + 0x31)) = 1;
				E004042C8( *0x41e8f8 + 0x32, "Quick Batch File Compiler");
				 *0x41e900 = E00403510(1);
				 *0x41e8fc = E00403510(1);
				 *0x41e904 = E00403510(1);
				 *0x41e910 = E00403510(1);
				 *0x41e90c = E00403510(1);
				E00418B1C( &_v24, __ebx, 0); // executed
				E004042C8(0x41e970, _v24);
				E00402DA8(0,  &_v28);
				_t70 = E00418C6C(_v28,  *0x41e900, __edi); // executed
				 *0x41e96c = _t70;
				_t270 =  *0x41e96c;
				if( *0x41e96c != 0) {
					E00417160( *0x41e8f8, __ebx,  *0x41e900, __edi, __esi, _t270);
					E00417078( *0x41e8f8,  *0x41e8fc, 0x419410);
					 *((intOrPtr*)( *((intOrPtr*)( *0x41e90c)) + 0x6c))();
					E004137B8( *0x41e8fc);
					E00417078( *0x41e8f8,  *0x41e8fc, 0x41941c);
					 *((intOrPtr*)( *((intOrPtr*)( *0x41e8fc)) + 0x14))();
					_t182 =  *((intOrPtr*)( *0x41e8fc));
					 *((intOrPtr*)( *((intOrPtr*)( *0x41e8fc)) + 0xc))();
					E00417078( *0x41e8f8,  *0x41e904, 0x41942c);
					 *((intOrPtr*)( *((intOrPtr*)( *0x41e910)) + 0x6c))();
					_t264 =  *((intOrPtr*)( *((intOrPtr*)( *0x41e910)) + 0x14))() - 1;
					if(_t264 >= 0) {
						_t265 = _t264 + 1;
						_t186 = 0;
						do {
							 *0x41e908 = E00403510(1);
							E00407454( &_v32);
							E00417078( *0x41e8f8,  *0x41e908, _v32);
							 *((intOrPtr*)( *((intOrPtr*)( *0x41e910)) + 0xc))();
							E00413734( *0x41e908, _t186, _v36,  *((intOrPtr*)( *0x41e910)));
							E00403540( *0x41e908);
							_t186 = _t186 + 1;
							_t265 = _t265 - 1;
						} while (_t265 != 0);
					}
				}
				E00403540( *0x41e904);
				E00403540( *0x41e900);
				E00403540( *0x41e8fc);
				E00403540( *0x41e8f8);
				if( *0x41e96c != 0) {
					E00402E0C();
					E00402F8C(9);
					E00407454( &_v40);
					E00402F8C(9);
					E00407454( &_v44);
					E00402F8C(9);
					E00407454( &_v48);
					E00402F8C(9);
					E00407454( &_v52);
					E004045F4();
					E00404580( &_v56,  *0x41e974,  *0x41e970);
					 *((intOrPtr*)( *((intOrPtr*)( *0x41e90c)) + 0x74))(".bat", _v52, _v48, _v44, _v40, 0x41943c);
					E00404580( &_v60,  *0x41e974,  *0x41e970);
					E004078D4(_v60, 2);
					E00403540( *0x41e90c);
					E00404274(0x41e968);
					if(E00402D40(_t182) > 0) {
						_t262 = E00402D40(_t182);
						if(_t262 > 0) {
							_t184 = 1;
							do {
								E00402DA8(_t184,  &_v64);
								if(E0040481C(0x419458, _v64) == 0) {
									_push( *0x41e968);
									_push(0x419458);
									E00402DA8(_t184,  &_v72);
									_push(_v72);
									E004045F4();
								} else {
									_push( *0x41e968);
									_push(0x419464);
									E00402DA8(_t184,  &_v68);
									_push(_v68);
									_push(0x419470);
									E004045F4();
								}
								_t184 = _t184 + 1;
								_t262 = _t262 - 1;
							} while (_t262 != 0);
						}
					}
					 *0x41e858 = 0xc;
					 *0x41e860 = 0xffffffff;
					 *0x41e85c = 0;
					E00402F6C(0x41e914, 0x44);
					 *0x41e914 = 0x44;
					 *0x41e940 = 1;
					 *0x41e944 = 0;
					if( *0x41e97c == 0x8000) {
						MessageBoxA(0, "This application created with Unregistered version of Quick Batch File Compiler. \r\nVisit http://www.abyssmedia.com for more info.", "Demo Version", 0x30);
					}
					0x41e864->dwOSVersionInfoSize = 0x94;
					GetVersionExA(0x41e864);
					if( *0x41e874 != 2) {
						_push("command.com /c ");
						_push( *0x41e970);
						_push( *0x41e974);
						_push( *0x41e968);
						E004045F4();
					} else {
						_push("cmd.exe /c ");
						_push( *0x41e970);
						_push( *0x41e974);
						_push( *0x41e968);
						E004045F4();
					}
					_push(0x41e958);
					_push(0x41e914);
					_push(0);
					_push(0);
					_push(0x20);
					_push(0xffffffff);
					_push(0x41e858);
					_push(0x41e858);
					_t115 = E00404734( *0x41e968);
					_push(_t115);
					_push(0); // executed
					L00406068(); // executed
					if(_t115 != 0) {
						WaitForSingleObject( *0x41e958, 0xffffffff);
						GetExitCodeProcess( *0x41e958, 0x41e978);
						CloseHandle( *0x41e958);
						CloseHandle( *0x41e95c);
					}
					E00404580( &_v76,  *0x41e974,  *0x41e970);
					E004078FC(_v76);
					_t260 =  *((intOrPtr*)( *((intOrPtr*)( *0x41e910)) + 0x14))() - 1;
					if(_t260 >= 0) {
						_t261 = _t260 + 1;
						_t183 = 0;
						do {
							 *((intOrPtr*)( *((intOrPtr*)( *0x41e910)) + 0xc))();
							E004078FC(_v80);
							_t183 = _t183 + 1;
							_t261 = _t261 - 1;
						} while (_t261 != 0);
					}
					E00403540( *0x41e910);
					_t124 =  *0x41b45c; // 0x41a000
					 *_t124 =  *0x41e978;
				}
				_pop(_t217);
				 *[fs:eax] = _t217;
				_push(0x4193db);
				return E00404298( &_v80, 0xf);
			}

0x00418e94
0x00418e95
0x00418e97
0x00418e9c
0x00418e9c
0x00418e9e
0x00418ea0
0x00418ea0
0x00418ea3
0x00418ea4
0x00418ea5
0x00418ea6
0x00418eac
0x00418eb3
0x00418eb4
0x00418eb9
0x00418ebc
0x00418ecd
0x00418ed7
0x00418ee0
0x00418ef1
0x00418f02
0x00418f13
0x00418f24
0x00418f35
0x00418f46
0x00418f4e
0x00418f5b
0x00418f65
0x00418f73
0x00418f78
0x00418f7d
0x00418f84
0x00418f95
0x00418faa
0x00418fbc
0x00418fc4
0x00418fd9
0x00418fe9
0x00418ffb
0x00418ffd
0x00419010
0x00419022
0x00419031
0x00419034
0x00419036
0x00419037
0x00419039
0x00419045
0x0041904f
0x00419062
0x00419073
0x0041907e
0x00419088
0x0041908d
0x0041908e
0x0041908e
0x00419039
0x00419034
0x00419096
0x004190a0
0x004190aa
0x004190b4
0x004190c0
0x004190c6
0x004190d5
0x004190dd
0x004190ea
0x004190f2
0x004190ff
0x00419107
0x00419114
0x0041911c
0x00419133
0x00419147
0x00419156
0x00419168
0x00419175
0x0041917f
0x00419189
0x00419195
0x004191a0
0x004191a4
0x004191a6
0x004191ab
0x004191b0
0x004191c4
0x004191f4
0x004191fa
0x00419204
0x00419209
0x00419216
0x004191c6
0x004191c6
0x004191cc
0x004191d6
0x004191db
0x004191de
0x004191ed
0x004191ed
0x0041921b
0x0041921c
0x0041921c
0x004191ab
0x004191a4
0x0041921f
0x00419229
0x00419235
0x00419246
0x0041924b
0x00419255
0x0041925f
0x00419272
0x00419282
0x00419282
0x00419287
0x00419296
0x004192a2
0x004192cc
0x004192d1
0x004192d7
0x004192dd
0x004192ed
0x004192a4
0x004192a4
0x004192a9
0x004192af
0x004192b5
0x004192c5
0x004192c5
0x004192f2
0x004192f7
0x004192fc
0x004192fe
0x00419300
0x00419302
0x00419304
0x00419309
0x00419313
0x00419318
0x00419319
0x0041931b
0x00419322
0x0041932c
0x0041933c
0x00419347
0x00419352
0x00419352
0x00419366
0x0041936e
0x0041937f
0x00419382
0x00419384
0x00419385
0x00419387
0x00419393
0x00419399
0x0041939e
0x0041939f
0x0041939f
0x00419387
0x004193a7
0x004193ac
0x004193b7
0x004193b7
0x004193bb
0x004193be
0x004193c1
0x004193d3

APIs

Part of subcall function 00402DA8: GetModuleFileNameA.KERNEL32(00000000,?,00000105,?,?,00418F6A,?,?,?,00000000,004193D4,?,?,?,?,00000008), ref: 00402DCB

MessageBoxA.USER32(00000000,This application created with Unregistered version of Quick Batch File Compiler. Visit http://www.abyssmedia.com for more info.,Demo Version,00000030), ref: 00419282
GetVersionExA.KERNEL32(0041E864,?,?,?,00000000,004193D4,?,?,?,?,00000008,00000000,00000000), ref: 00419296
WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,0041E858,0041E858,000000FF,00000020,00000000,00000000,0041E914,0041E958,command.com /c ,0041E864), ref: 0041932C
GetExitCodeProcess.KERNEL32(?,0041E978), ref: 0041933C
CloseHandle.KERNEL32(?,?,000000FF,00000000,00000000,0041E858,0041E858,000000FF,00000020,00000000,00000000,0041E914,0041E958,command.com /c ,0041E864), ref: 00419347
CloseHandle.KERNEL32(?,?,?,000000FF,00000000,00000000,0041E858,0041E858,000000FF,00000020,00000000,00000000,0041E914,0041E958,command.com /c ,0041E864), ref: 00419352

Strings

cmd.exe /c , xrefs: 004192A4
hA, xrefs: 004191E3
hA, xrefs: 00419184
Quick Batch File Compiler, xrefs: 00418EEC
|A, xrefs: 00418FEC
tA, xrefs: 00419129
hA, xrefs: 004192BB
FILES, xrefs: 00419006
hA, xrefs: 004192E3
DATA, xrefs: 00418FCF
Demo Version, xrefs: 00419276
hA, xrefs: 0041920C
BAT, xrefs: 00418FA0
.bat, xrefs: 00419124
tA, xrefs: 00418F2B, 00418F3C
pA, xrefs: 00418F56
This application created with Unregistered version of Quick Batch File Compiler. Visit http://www.abyssmedia.com for more info., xrefs: 0041927B
command.com /c , xrefs: 004192CC

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: CloseHandle$CodeExitFileMessageModuleNameObjectProcessSingleVersionWait
String ID: .bat$BAT$DATA$Demo Version$FILES$Quick Batch File Compiler$This application created with Unregistered version of Quick Batch File Compiler. Visit http://www.abyssmedia.com for more info.$cmd.exe /c $command.com /c $hA$hA$hA$hA$hA$pA$tA$tA$|A
API String ID: 2364074631-962437216
Opcode ID: fbf4337ab1ed1cba8933e4fa05815ff692d30cae397d2ab5ec6d59c663aea548
Instruction ID: bb1314f97585478da1b5673c84a64d09f3c06e68d0bef10e7cc0bf24be5042bc
Opcode Fuzzy Hash: fbf4337ab1ed1cba8933e4fa05815ff692d30cae397d2ab5ec6d59c663aea548
Instruction Fuzzy Hash: D7D17EB86112059BD744EB66DC85AC977A5EB48308F10C53BFD00AB3E2CB79AC85CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00405428 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 186
stringregistrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E00405428(intOrPtr __eax) {
				intOrPtr _v8;
				void* _v12;
				char _v15;
				char _v17;
				char _v18;
				char _v22;
				int _v28;
				char* _v32;
				char _v293;
				void** _t57;
				void** _t73;
				void** _t74;
				CHAR* _t81;
				CHAR* _t84;
				struct HINSTANCE__* _t91;
				struct HINSTANCE__* _t98;
				struct HINSTANCE__* _t107;
				intOrPtr _t112;
				void* _t121;
				void* _t123;
				intOrPtr _t124;

				_t121 = _t123;
				_t124 = _t123 + 0xfffffedc;
				_v8 = __eax;
				GetModuleFileNameA(0,  &_v293, 0x105);
				_v22 = 0;
				_t57 =  &_v12;
				_push(_t57);
				_push(0xf0019);
				_push(0);
				_push("Software\\Borland\\Locales");
				_push(0x80000001); // executed
				L00401260(); // executed
				if(_t57 == 0) {
					L3:
					_push(_t121);
					_push(0x40552c);
					_push( *[fs:eax]);
					 *[fs:eax] = _t124;
					_v28 = 5;
					E00405250( &_v293, 0x105);
					if(RegQueryValueExA(_v12,  &_v293, 0, 0,  &_v22,  &_v28) != 0 && RegQueryValueExA(_v12, 0x4056a8, 0, 0,  &_v22,  &_v28) != 0) {
						_v22 = 0;
					}
					_v18 = 0;
					_pop(_t112);
					 *[fs:eax] = _t112;
					_push(0x405533);
					return RegCloseKey(_v12);
				} else {
					_t73 =  &_v12;
					_push(_t73);
					_push(0xf0019);
					_push(0);
					_push("Software\\Borland\\Locales");
					_push(0x80000002); // executed
					L00401260(); // executed
					if(_t73 == 0) {
						goto L3;
					} else {
						_t74 =  &_v12;
						_push(_t74);
						_push(0xf0019);
						_push(0);
						_push("Software\\Borland\\Delphi\\Locales");
						_push(0x80000001); // executed
						L00401260(); // executed
						if(_t74 != 0) {
							_push(0x105);
							_push(_v8);
							_push( &_v293);
							L00401240();
							GetLocaleInfoA(GetThreadLocale(), 3,  &_v17, 5); // executed
							_t107 = 0;
							if(_v293 != 0 && (_v17 != 0 || _v22 != 0)) {
								_t81 =  &_v293;
								_push(_t81);
								L00401248();
								_v32 = _t81 +  &_v293;
								while( *_v32 != 0x2e &&  &_v293 != _v32) {
									_v32 = _v32 - 1;
								}
								_t84 =  &_v293;
								if(_t84 != _v32) {
									_v32 = _v32 + 1;
									if(_v22 != 0) {
										_push(0x105 - _v32 - _t84);
										_push( &_v22);
										_push(_v32);
										L00401240();
										_t107 = LoadLibraryExA( &_v293, 0, 2);
									}
									if(_t107 == 0 && _v17 != 0) {
										_push(0x105 - _v32 -  &_v293);
										_push( &_v17);
										_push(_v32);
										L00401240();
										_t91 = LoadLibraryExA( &_v293, 0, 2); // executed
										_t107 = _t91;
										if(_t107 == 0) {
											_v15 = 0;
											_push(0x105 - _v32 -  &_v293);
											_push( &_v17);
											_push(_v32);
											L00401240();
											_t98 = LoadLibraryExA( &_v293, 0, 2); // executed
											_t107 = _t98;
										}
									}
								}
							}
							return _t107;
						} else {
							goto L3;
						}
					}
				}
			}

0x00405429
0x0040542b
0x00405432
0x00405443
0x00405448
0x0040544c
0x0040544f
0x00405450
0x00405455
0x00405457
0x0040545c
0x00405461
0x00405468
0x004054aa
0x004054ac
0x004054ad
0x004054b2
0x004054b5
0x004054b8
0x004054ca
0x004054ed
0x0040550d
0x0040550d
0x00405511
0x00405517
0x0040551a
0x0040551d
0x0040552b
0x0040546a
0x0040546a
0x0040546d
0x0040546e
0x00405473
0x00405475
0x0040547a
0x0040547f
0x00405486
0x00000000
0x00405488
0x00405488
0x0040548b
0x0040548c
0x00405491
0x00405493
0x00405498
0x0040549d
0x004054a4
0x00405533
0x0040553b
0x00405542
0x00405543
0x00405556
0x0040555b
0x00405564
0x0040557a
0x00405580
0x00405581
0x0040558e
0x00405596
0x00405593
0x00405593
0x004055a9
0x004055b2
0x004055b8
0x004055bf
0x004055cd
0x004055d1
0x004055d5
0x004055d6
0x004055eb
0x004055eb
0x004055ef
0x00405609
0x0040560d
0x00405611
0x00405612
0x00405622
0x00405627
0x0040562b
0x0040562d
0x00405643
0x00405647
0x0040564b
0x0040564c
0x0040565c
0x00405661
0x00405661
0x0040562b
0x004055ef
0x004055b2
0x00405669
0x00000000
0x00000000
0x00000000
0x004054a4
0x00405486

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 00405443
RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,0040552C,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 004054E6
RegQueryValueExA.ADVAPI32(?,004056A8,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,0040552C,?,80000001), ref: 00405504
RegCloseKey.ADVAPI32(?,00405533,00000000,00000000,00000005,00000000,0040552C,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 00405526
lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 00405543
GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 00405550
GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 00405556
lstrlen.KERNEL32(00000000), ref: 00405581
lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000), ref: 004055D6
LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 004055E6
lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000), ref: 00405612
LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 00405622
lstrcpyn.KERNEL32(00000000,00000000,00000105,00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 0040564C
LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000105,00000000,00000000,00000002,00000000,00000000,00000105,00000000), ref: 0040565C

Strings

Software\Borland\Delphi\Locales, xrefs: 00405493
Software\Borland\Locales, xrefs: 00405457, 00405475

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: lstrcpyn$LibraryLoad$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
API String ID: 3826290263-2375825460
Opcode ID: 6d86416a34df6deced9a01dfaa9035e70bff942dec7ef0f58757f22ea93cbcb7
Instruction ID: 57dd73bf714a76aa47df59f85f4881bc9ff2bd16dc1169d7f7ad725c2982bb25
Opcode Fuzzy Hash: 6d86416a34df6deced9a01dfaa9035e70bff942dec7ef0f58757f22ea93cbcb7
Instruction Fuzzy Hash: 38613C71A046097EEB11DAE5CC46FEFB7BCDB48304F4044BAB604F62C1D6BC9A448B68

Uniqueness

Uniqueness Score: -1.00%

Function 00401B32 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 69%

			E00401B32() {
				intOrPtr* _v8;
				void* _t17;
				signed int _t19;
				intOrPtr _t28;
				void* _t29;
				intOrPtr _t34;

				_push(_t34);
				_push(E00401BFC);
				_push( *[fs:edx]);
				 *[fs:edx] = _t34;
				_push(0x41c5c4);
				L0040130C();
				if( *0x41c045 != 0) {
					_push(0x41c5c4);
					L00401314();
				}
				E004013B0(0x41c5e4);
				E004013B0(0x41c5f4);
				E004013B0(0x41c620);
				_t17 = LocalAlloc(0, 0xff8); // executed
				 *0x41c61c = _t17;
				if( *0x41c61c != 0) {
					_t19 = 3;
					do {
						_t29 =  *0x41c61c; // 0x46de58
						 *((intOrPtr*)(_t29 + _t19 * 4 - 0xc)) = 0;
						_t19 = _t19 + 1;
					} while (_t19 != 0x401);
					_v8 = 0x41c604;
					 *((intOrPtr*)(_v8 + 4)) = _v8;
					 *_v8 = _v8;
					 *0x41c610 = _v8;
					 *0x41c5bc = 1;
				}
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E00401C03);
				if( *0x41c045 != 0) {
					_push(0x41c5c4);
					L0040131C();
					return 0;
				}
				return 0;
			}

0x00401b3a
0x00401b3b
0x00401b40
0x00401b43
0x00401b46
0x00401b4b
0x00401b57
0x00401b59
0x00401b5e
0x00401b5e
0x00401b68
0x00401b72
0x00401b7c
0x00401b88
0x00401b8d
0x00401b99
0x00401b9b
0x00401ba0
0x00401ba0
0x00401ba8
0x00401bac
0x00401bad
0x00401bb4
0x00401bc1
0x00401bca
0x00401bcf
0x00401bd4
0x00401bd4
0x00401bdd
0x00401be0
0x00401be3
0x00401bef
0x00401bf1
0x00401bf6
0x00000000
0x00401bf6
0x00401bfb

APIs

RtlInitializeCriticalSection.NTDLL(0041C5C4), ref: 00401B4B
RtlEnterCriticalSection.NTDLL(0041C5C4), ref: 00401B5E
LocalAlloc.KERNEL32(00000000,00000FF8,00000000,s ), ref: 00401B88
RtlLeaveCriticalSection.NTDLL(0041C5C4), ref: 00401BF6

Strings

s , xrefs: 00401B3B

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: CriticalSection$AllocEnterInitializeLeaveLocal
String ID: s
API String ID: 730355536-3679297121
Opcode ID: fe13008af06aa998cbd613b266029821fe981e43df1c5035afcd8d6f943d67c5
Instruction ID: 01b3f89f563167d1ac5852b8390c8525ae15bceebaea02b78313d1d51928a80b
Opcode Fuzzy Hash: fe13008af06aa998cbd613b266029821fe981e43df1c5035afcd8d6f943d67c5
Instruction Fuzzy Hash: EE1151B0A84240AFE715EB99DD81B9ABBE5E784304F10807BF400A77E1D77C69419B5D

Uniqueness

Uniqueness Score: -1.00%

Function 00401B34 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 69%

			E00401B34() {
				intOrPtr* _v8;
				void* _t17;
				signed int _t19;
				intOrPtr _t28;
				void* _t29;
				intOrPtr _t34;

				_push(_t34);
				_push(E00401BFC);
				_push( *[fs:edx]);
				 *[fs:edx] = _t34;
				_push(0x41c5c4);
				L0040130C();
				if( *0x41c045 != 0) {
					_push(0x41c5c4);
					L00401314();
				}
				E004013B0(0x41c5e4);
				E004013B0(0x41c5f4);
				E004013B0(0x41c620);
				_t17 = LocalAlloc(0, 0xff8); // executed
				 *0x41c61c = _t17;
				if( *0x41c61c != 0) {
					_t19 = 3;
					do {
						_t29 =  *0x41c61c; // 0x46de58
						 *((intOrPtr*)(_t29 + _t19 * 4 - 0xc)) = 0;
						_t19 = _t19 + 1;
					} while (_t19 != 0x401);
					_v8 = 0x41c604;
					 *((intOrPtr*)(_v8 + 4)) = _v8;
					 *_v8 = _v8;
					 *0x41c610 = _v8;
					 *0x41c5bc = 1;
				}
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E00401C03);
				if( *0x41c045 != 0) {
					_push(0x41c5c4);
					L0040131C();
					return 0;
				}
				return 0;
			}

APIs

RtlInitializeCriticalSection.NTDLL(0041C5C4), ref: 00401B4B
RtlEnterCriticalSection.NTDLL(0041C5C4), ref: 00401B5E
LocalAlloc.KERNEL32(00000000,00000FF8,00000000,s ), ref: 00401B88
RtlLeaveCriticalSection.NTDLL(0041C5C4), ref: 00401BF6

Strings

s , xrefs: 00401B3B

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: CriticalSection$AllocEnterInitializeLeaveLocal
String ID: s
API String ID: 730355536-3679297121
Opcode ID: 920023346bf3a17d095ba64429c921ceffbc70bdd9fd56cc58eb87efb6c37339
Instruction ID: 12995ce98362c594afef21dbd6bfe5d41e76c976fe62ada485c364fafcbbd2c9
Opcode Fuzzy Hash: 920023346bf3a17d095ba64429c921ceffbc70bdd9fd56cc58eb87efb6c37339
Instruction Fuzzy Hash: 70115EB0A84240AFE715EB9ADD81B9ABBE5E788304F10807BE400A77E1D77C69419B5D

Uniqueness

Uniqueness Score: -1.00%

Function 00402390 Relevance: 3.1, APIs: 2, Instructions: 125
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00401B34: RtlInitializeCriticalSection.NTDLL(0041C5C4), ref: 00401B4B
Part of subcall function 00401B34: RtlEnterCriticalSection.NTDLL(0041C5C4), ref: 00401B5E
Part of subcall function 00401B34: LocalAlloc.KERNEL32(00000000,00000FF8,00000000,s ), ref: 00401B88
Part of subcall function 00401B34: RtlLeaveCriticalSection.NTDLL(0041C5C4), ref: 00401BF6

RtlEnterCriticalSection.NTDLL(0041C5C4), ref: 004023D9
RtlLeaveCriticalSection.NTDLL(0041C5C4), ref: 00402526

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocInitializeLocal
String ID:
API String ID: 2227675388-0
Opcode ID: 129a852109ca6d427655bcd3da8e257686fe12c42f7c54424097d65c811f089f
Instruction ID: a3c88fbb07d0d4bf23c6b90d0a5a8169e4a4c0d05aaaa81c5927fa09707ea88f
Opcode Fuzzy Hash: 129a852109ca6d427655bcd3da8e257686fe12c42f7c54424097d65c811f089f
Instruction Fuzzy Hash: 2E511DB0A40205AFDB10CF69DEC46AEBBB1FB88314B24817AD804A73D1D378A941CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004061F8 Relevance: 3.0, APIs: 2, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004061F8(int __eax, long __edx) {
				void* _t2;

				_t2 = GlobalAlloc(__eax, __edx); // executed
				GlobalFix(_t2);
				return _t2;
			}

0x004061fa
0x00406200
0x00406205

APIs

GlobalAlloc.KERNEL32 ref: 004061FA
GlobalFix.KERNEL32(00000000), ref: 00406200

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: Global$Alloc
String ID:
API String ID: 2558781224-0
Opcode ID: e54078e05ce42b0fb8b4d8e3cb01cb3f3a12dc3917bf3207e1a6dfecf7001db8
Instruction ID: e863909af0a9055c93473c3e4a905943cfc11096afe25585b29d9e7e7134edb6
Opcode Fuzzy Hash: e54078e05ce42b0fb8b4d8e3cb01cb3f3a12dc3917bf3207e1a6dfecf7001db8
Instruction Fuzzy Hash: 7D9002E484121024DC8037B60C0AC2B511C58E07197C2586E3443BB083883DC4200038

Uniqueness

Uniqueness Score: -1.00%

Function 00401594 Relevance: 2.5, APIs: 2, Instructions: 37
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00401594(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E004013B8(0x41c5e4, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}

0x00401597
0x004015a1
0x004015b0
0x004015a3
0x004015a3
0x004015a3
0x004015b6
0x004015c3
0x004015c8
0x004015ca
0x004015ce
0x004015d7
0x004015de
0x004015ea
0x004015f1
0x00000000
0x004015f1
0x004015de
0x004015f6

APIs

VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401927), ref: 004015C3
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401927), ref: 004015EA

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 1fd6d45ce3de47d82bf1fa74a158a43d3407bf4425abb36daacb090acecf413a
Instruction ID: ae1948f626d87fc2af789fdbf481eb575e92369be7b88310cac32d303a10b8f2
Opcode Fuzzy Hash: 1fd6d45ce3de47d82bf1fa74a158a43d3407bf4425abb36daacb090acecf413a
Instruction Fuzzy Hash: F0F02772F002206BEB20556E4CC5F435AC4AFC5790F14417BFA08FF3E8D6B98C0182A9

Uniqueness

Uniqueness Score: -1.00%

Function 0041899C Relevance: 1.5, APIs: 1, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0041899C(char* __eax, void* __ecx, void* __edx, void* __eflags) {
				char* _t14;
				void* _t16;
				void* _t18;
				void* _t25;
				char* _t26;
				void* _t27;

				_t27 = __edx;
				_t26 = __eax;
				_t25 = E0041883C(__eax, __ecx, 1);
				_t18 = E00404534(_t26);
				while(_t25 < _t18) {
					_t14 = CharPrevA(_t26,  &(_t26[_t18])); // executed
					_t16 =  *_t14 - 0x2f;
					if(_t16 == 0 || _t16 == 0x2d) {
						_t18 = _t18 - 1;
						continue;
					} else {
						break;
					}
				}
				if(_t18 != E00404534(_t26)) {
					return E00404794(_t26, _t18, 1, _t27);
				}
				return E004042C8(_t27, _t26);
			}

0x004189a0
0x004189a2
0x004189ad
0x004189b6
0x004189bb
0x004189c4
0x004189cb
0x004189cd
0x004189ba
0x00000000
0x00000000
0x00000000
0x00000000
0x004189cd
0x004189dc
0x00000000
0x004189f3
0x00000000

APIs

CharPrevA.USER32(?,00000000,?,?,?,?,00418A58,00000000,00418A7E,?,?,00000000), ref: 004189C4

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: 78ef1d0aedef75134569692acc3e18159be58563caa2aabaae5fd283b83cd4a2
Instruction ID: 494360bfe924281fedb0a17e8d8be703797846585bd25785a2c49b26baed6da0
Opcode Fuzzy Hash: 78ef1d0aedef75134569692acc3e18159be58563caa2aabaae5fd283b83cd4a2
Instruction Fuzzy Hash: 79F0BEB13119241B8611356F18818FF73C98BC674AB80023FF604DB342ED2DAD83429F

Uniqueness

Uniqueness Score: -1.00%

Function 00407894 Relevance: 1.5, APIs: 1, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00407894(void* __eax, long __edx, long _a4, long _a8) {
				long _v8;
				long _v12;
				long _t15;

				_v12 = _a4;
				_v8 = _a8;
				_t15 = SetFilePointer(__eax, _v12,  &_v8, __edx); // executed
				_v12 = _t15;
				return _v12;
			}

0x004078a3
0x004078a9
0x004078b6
0x004078bb
0x004078c9

APIs

SetFilePointer.KERNEL32(?,?,?), ref: 004078B6

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 4bf485594b2128882c518cb790bfd565324537bb7cc10737c817e96e2a16f8f4
Instruction ID: 7edc9f02d670a86e48a21fc6d94cf4b8e357a6399159caa5f96034e1e794ffe3
Opcode Fuzzy Hash: 4bf485594b2128882c518cb790bfd565324537bb7cc10737c817e96e2a16f8f4
Instruction Fuzzy Hash: EFE0ED7690420CBF9B40DE98D881CDEB7FCEB48220F208166F918E3341E631AF409B94

Uniqueness

Uniqueness Score: -1.00%

Function 00405194 Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00405194(void* __eax) {
				char _v272;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t19;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					_t3 = _t16 + 4; // 0x400000
					GetModuleFileNameA( *_t3,  &_v272, 0x105);
					_t14 = E00405428(_t19); // executed
					_t18 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t18;
					if(_t18 == 0) {
						_t5 = _t16 + 4; // 0x400000
						 *((intOrPtr*)(_t16 + 0x10)) =  *_t5;
					}
				}
				_t7 = _t16 + 0x10; // 0x400000
				return  *_t7;
			}

0x0040519c
0x004051a2
0x004051ae
0x004051b2
0x004051bb
0x004051c0
0x004051c2
0x004051c7
0x004051c9
0x004051cc
0x004051cc
0x004051c7
0x004051cf
0x004051da

APIs

GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 004051B2

Part of subcall function 00405428: GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 00405443
Part of subcall function 00405428: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,0040552C,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 004054E6
Part of subcall function 00405428: RegQueryValueExA.ADVAPI32(?,004056A8,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,0040552C,?,80000001), ref: 00405504
Part of subcall function 00405428: RegCloseKey.ADVAPI32(?,00405533,00000000,00000000,00000005,00000000,0040552C,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 00405526

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: FileModuleNameQueryValue$Close
String ID:
API String ID: 4149586692-0
Opcode ID: 5e42cb8e77ad3acd9503eec463cadf81c1cc4ac7ef4549ef4ecb77a6db15c0f6
Instruction ID: fd681024a9b1438da25c4b89a689442b9dbeb685d015c2ef5fd3330b3f52d65d
Opcode Fuzzy Hash: 5e42cb8e77ad3acd9503eec463cadf81c1cc4ac7ef4549ef4ecb77a6db15c0f6
Instruction Fuzzy Hash: 7CE06D71A007148BCB10DE5888C1B8737E8AB08755F400AA6EC58EF38AD375DD508BE4

Uniqueness

Uniqueness Score: -1.00%

Function 00407304 Relevance: 1.5, APIs: 1, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00407304(void* __eax, void* __edx) {
				int _t3;
				char* _t5;
				int _t7;
				int _t10;
				void* _t12;

				_t12 = __eax;
				_t3 = E00404534(__edx);
				_t5 = E00404734(__edx);
				_t7 = E00404534(_t12);
				_t10 = CompareStringA(0x400, 1, E00404734(_t12), _t7, _t5, _t3); // executed
				return _t10 - 2;
			}

0x00407308
0x0040730c
0x00407314
0x0040731c
0x00407331
0x0040733b

APIs

CompareStringA.KERNEL32(00000400,00000001,00000000,00000000,00000000,00000000,?,?,0040734B,?,?,004076B5), ref: 00407331

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: CompareString
String ID:
API String ID: 1825529933-0
Opcode ID: a0c64b9ef22262591096a01751e41f7bb89bfa290401d0cfd4c410c6fc5f8c63
Instruction ID: b7c7fe2a48020a2ac6c787342816512ef416216e5d1125bc156ed8ee0b4d75ae
Opcode Fuzzy Hash: a0c64b9ef22262591096a01751e41f7bb89bfa290401d0cfd4c410c6fc5f8c63
Instruction Fuzzy Hash: 01D092D13426203BD254B67E1C82F5A008C4B9A75EB01017AB709FB2C2CABC8E0102A9

Uniqueness

Uniqueness Score: -1.00%

Function 00407868 Relevance: 1.5, APIs: 1, Instructions: 23
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E00407868(void* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t4;

				_push(__ecx);
				_t4 = WriteFile(__eax, __edx, __ecx,  &_v16, 0); // executed
				if(_t4 == 0) {
					_v16 = 0xffffffff;
				}
				return _v16;
			}

0x0040786b
0x0040787c
0x00407883
0x00407885
0x00407885
0x00407893

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 0040787C

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 3248bf63a3b8ad4ab4ceb3ad27395b1e4d8d052084b1d121364e3646074a1abb
Instruction ID: 7c058d95f13eb2c4443398c252423b502912164c009de93f49344212e8ea9fe9
Opcode Fuzzy Hash: 3248bf63a3b8ad4ab4ceb3ad27395b1e4d8d052084b1d121364e3646074a1abb
Instruction Fuzzy Hash: 5FD05B723081107AD224A55B5C44DAB6BDCCBC9771F11463EB658C71C1D6348C05C2B5

Uniqueness

Uniqueness Score: -1.00%

Function 0040783C Relevance: 1.5, APIs: 1, Instructions: 23
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E0040783C(void* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t4;

				_push(__ecx);
				_t4 = ReadFile(__eax, __edx, __ecx,  &_v16, 0); // executed
				if(_t4 == 0) {
					_v16 = 0xffffffff;
				}
				return _v16;
			}

0x0040783f
0x00407850
0x00407857
0x00407859
0x00407859
0x00407867

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00407850

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 9c3475107fb88e5b2fa032e5a56ae23c9ad0c42c3cf7dd9a7fd297a6f3fe9822
Instruction ID: ed532f3f32a3b3ed572d42d6ce5ee4bde29c74e7d56769c1fd9c77d7944335d8
Opcode Fuzzy Hash: 9c3475107fb88e5b2fa032e5a56ae23c9ad0c42c3cf7dd9a7fd297a6f3fe9822
Instruction Fuzzy Hash: DED05B723081147AD320A55F9C84DA75BDCCBC9771F11463EF658C72C1D6308C05C275

Uniqueness

Uniqueness Score: -1.00%

Function 00401738 Relevance: 1.3, APIs: 1, Instructions: 71
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00401738(signed int __eax, intOrPtr* __ecx, void* __edx) {
				signed int _v20;
				void* _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _t20;
				void* _t35;
				intOrPtr* _t39;
				intOrPtr* _t48;
				void** _t49;
				signed int* _t50;
				void** _t51;

				_t51 =  &_v24;
				_t39 = __ecx;
				 *_t51 = __edx;
				_t49 =  &_v32;
				_t48 =  &_v36;
				_t50 =  &_v28;
				_v24 = __eax & 0xfffff000;
				_v20 =  *_t51 + __eax + 0x00000fff & 0xfffff000;
				 *__ecx = _v24;
				 *((intOrPtr*)(__ecx + 4)) = _v20 - _v24;
				_t20 =  *0x41c5e4; // 0x46c334
				 *_t48 = _t20;
				while(0x41c5e4 !=  *_t48) {
					_t10 =  *_t48 + 8; // 0x0
					 *_t49 =  *_t10;
					 *_t50 =  *((intOrPtr*)( *_t48 + 0xc)) +  *_t49;
					if( *_t49 < _v24) {
						 *_t49 = _v24;
					}
					if( *_t50 > _v20) {
						 *_t50 = _v20;
					}
					if( *_t49 <  *_t50) {
						_t35 = VirtualAlloc( *_t49,  *_t50 -  *_t49, 0x1000, 4); // executed
						if(_t35 == 0) {
							 *_t39 = 0;
							return 0;
						}
					}
					 *_t48 =  *((intOrPtr*)( *_t48));
				}
				return 0x41c5e4;
			}

0x0040173c
0x0040173f
0x00401741
0x00401744
0x00401748
0x0040174c
0x0040175a
0x0040176d
0x00401775
0x0040177f
0x00401782
0x00401787
0x004017e6
0x0040178d
0x00401790
0x00401799
0x004017a2
0x004017a8
0x004017a8
0x004017b1
0x004017b7
0x004017b7
0x004017bf
0x004017d1
0x004017d8
0x004017dc
0x00000000
0x004017dc
0x004017d8
0x004017e4
0x004017e4
0x004017f6

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 004017D1

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 311875870b8d7a776eb9036b9902ac74ff39e27b0965a4ca8ccabbaad61a4b4a
Instruction ID: 554cc96a52d41ec899ae4c9356f041100c8cfb79b84db5c4edf2af5ed7bae453
Opcode Fuzzy Hash: 311875870b8d7a776eb9036b9902ac74ff39e27b0965a4ca8ccabbaad61a4b4a
Instruction Fuzzy Hash: DE21DDB4604246DFC750CF6CC980A9ABBE1FF98350F20892AF998DB394D334E954CB56

Uniqueness

Uniqueness Score: -1.00%

Function 004017F8 Relevance: 1.3, APIs: 1, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004017F8(void* __eax, void** __ecx, intOrPtr __edx) {
				intOrPtr _t20;
				int _t35;
				signed int* _t38;
				intOrPtr* _t44;
				void** _t45;
				intOrPtr* _t49;

				 *_t49 = __edx;
				_t45 = _t49 + 8;
				_t44 = _t49 + 4;
				_t38 = _t49 + 0xc;
				 *(_t49 + 0x10) = __eax + 0x00000fff & 0xfffff000;
				 *(_t49 + 0x14) = __eax +  *_t49 & 0xfffff000;
				 *__ecx =  *(_t49 + 0x10);
				__ecx[1] =  *(_t49 + 0x14) -  *(_t49 + 0x10);
				_t20 =  *0x41c5e4; // 0x46c334
				 *_t44 = _t20;
				while(0x41c5e4 !=  *_t44) {
					_t10 =  *_t44 + 8; // 0x0
					 *_t45 =  *_t10;
					 *_t38 =  *((intOrPtr*)( *_t44 + 0xc)) +  *_t45;
					if( *_t45 <  *(_t49 + 0x10)) {
						 *_t45 =  *(_t49 + 0x10);
					}
					if( *_t38 >  *(_t49 + 0x14)) {
						 *_t38 =  *(_t49 + 0x14);
					}
					if( *_t45 <  *_t38) {
						_t35 = VirtualFree( *_t45,  *_t38 -  *_t45, 0x4000); // executed
						if(_t35 == 0) {
							 *0x41c5c0 = 2;
						}
					}
					 *_t44 =  *((intOrPtr*)( *_t44));
				}
				return 0x41c5e4;
			}

0x004017ff
0x00401802
0x00401806
0x0040180a
0x0040181e
0x0040182b
0x00401833
0x0040183d
0x00401840
0x00401845
0x004018a1
0x0040184b
0x0040184e
0x00401857
0x0040185f
0x00401865
0x00401865
0x0040186d
0x00401873
0x00401873
0x00401879
0x00401888
0x0040188f
0x00401891
0x00401891
0x0040188f
0x0040189f
0x0040189f
0x004018b1

APIs

VirtualFree.KERNEL32(?,?,00004000), ref: 00401888

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 8dde4bb3d6ad7d01e1ed668f8a2b8dc3adbb92a84e6953895514872c3529903b
Instruction ID: 7855af777f7064a06ad1097250f296e4cf9da682258703aab6699dac7f490570
Opcode Fuzzy Hash: 8dde4bb3d6ad7d01e1ed668f8a2b8dc3adbb92a84e6953895514872c3529903b
Instruction Fuzzy Hash: EF21E0B5604202DFC750DF28D880A5AB7E4FF99314F24896AE594EB364D334EA04CB56

Uniqueness

Uniqueness Score: -1.00%

Function 004078D4 Relevance: 1.3, APIs: 1, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E004078D4(void* __eax, void* __edx) {
				void* _t3;
				long _t6;

				_t6 = 0;
				_t3 = E00404734(__eax);
				_push(_t3); // executed
				L004061A0(); // executed
				if(_t3 == 0) {
					_t6 = GetLastError();
				}
				return _t6;
			}

0x004078db
0x004078e0
0x004078e5
0x004078e6
0x004078ed
0x004078f4
0x004078f4
0x004078fb

APIs

GetLastError.KERNEL32(00000000,00000002,?,?,?,0041917A,?,?,?,00000000,004193D4,?,?,?,?,00000008), ref: 004078EF

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 09d1d179c2bd9c833f541029298e23d61c61223c1dab38920bf839c44cd51b6e
Instruction ID: 63b534b16eb6b3fbf5541339bc54549fc229c6dca481b6ecbf6ebed30a3073f0
Opcode Fuzzy Hash: 09d1d179c2bd9c833f541029298e23d61c61223c1dab38920bf839c44cd51b6e
Instruction Fuzzy Hash: 3BD0C9627012201AA610B5BF1C8595B818C8DD56AE302413BB605E7252E9A88C1541A9

Uniqueness

Uniqueness Score: -1.00%

Function 004078CC Relevance: 1.3, APIs: 1, Instructions: 3
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004078CC(void* __eax) {
				int _t2;

				_t2 = CloseHandle(__eax); // executed
				return _t2;
			}

0x004078cd
0x004078d2

APIs

CloseHandle.KERNEL32 ref: 004078CD

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 471ee24ded4395db842a9d2d1a3b109704c37fab7f477143bdd052400514aefd
Instruction ID: 5f0ccf21e5fa3f08e0c1caf534d2578104d7698db68893e78dac66d3e218d24b
Opcode Fuzzy Hash: 471ee24ded4395db842a9d2d1a3b109704c37fab7f477143bdd052400514aefd
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00418C6C Relevance: .1, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E00418C6C(void* __eax, intOrPtr* __edx, void* __edi) {
				char _v5;
				void* _v12;
				intOrPtr _v16;
				char _v44;
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr* _t25;
				void* _t31;
				intOrPtr _t32;
				void* _t52;
				intOrPtr* _t53;
				intOrPtr* _t69;
				intOrPtr _t71;
				void* _t80;
				void* _t85;
				void* _t88;

				_t79 = __edi;
				_t53 = __edx;
				_v5 = 0;
				 *[fs:edx] = _t88 + 0xfffffff4;
				_t25 = E004134EC(__eax, 1, __edi, 0x20); // executed
				_v12 = _t25;
				 *((intOrPtr*)( *_v12 + 0x14))( *[fs:edx], 0x418d43, _t88, _t80, _t52, _t85);
				 *((intOrPtr*)( *_v12 + 0xc))();
				_t69 =  *_v12;
				_t31 =  *_t69();
				_push(_t69);
				_push(_t31);
				_t32 = _v16;
				asm("cdq");
				if(_t69 != _v44) {
					if(__eflags <= 0) {
						goto L5;
					} else {
						goto L4;
					}
				} else {
					if(_t32 <= _v44) {
						L5:
						__eflags = _v16;
						if(_v16 > 0) {
							 *((intOrPtr*)( *_v12 + 0x14))();
							 *((intOrPtr*)( *_t53 + 4))();
							asm("cdq");
							E00413334(_t53, _t53,  *_t53, _v12, _t79,  *_v12, _v16 - 4, _v16 - 4); // executed
							__eflags = 0;
							 *((intOrPtr*)( *_t53 + 0x14))();
						}
						__eflags = 0;
						_pop(_t71);
						 *[fs:eax] = _t71;
						_push(E00418D4A);
						return E00403540(_v12);
					} else {
						L4:
						E00403540(_v12);
						E00403D58();
						return _v5;
					}
				}
			}

0x00418c6c
0x00418c74
0x00418c76
0x00418c85
0x00418c93
0x00418c98
0x00418ca9
0x00418cb9
0x00418cbf
0x00418cc1
0x00418cc3
0x00418cc4
0x00418cc5
0x00418cc8
0x00418ccd
0x00418cda
0x00000000
0x00000000
0x00000000
0x00000000
0x00418ccf
0x00418cd4
0x00418ceb
0x00418ceb
0x00418cef
0x00418cff
0x00418d0c
0x00418d15
0x00418d1d
0x00418d24
0x00418d2a
0x00418d2a
0x00418d2d
0x00418d2f
0x00418d32
0x00418d35
0x00418d42
0x00418cd6
0x00418cdc
0x00418cdf
0x00418ce4
0x00418d62
0x00418d62
0x00418cd4

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96b2a92f60a067728a5b4a28db3ad4cc8ee698c38e884ecd31fcd26103fefc6e
Instruction ID: d65327ad159080ec9b3579404266c2acc7668379554dfef7b49a5c0d1e219d63
Opcode Fuzzy Hash: 96b2a92f60a067728a5b4a28db3ad4cc8ee698c38e884ecd31fcd26103fefc6e
Instruction Fuzzy Hash: 9531B130B04204AFDB00EF69D88199EBBF5EF89314F1081AAF415E73A0DA34AD45CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004131D0 Relevance: .1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E004131D0(intOrPtr* __eax, short __ecx, void* __edx, void* __edi) {
				intOrPtr* _v8;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr _v28;
				short _v30;
				char _v36;
				void* __ebx;
				void* __esi;
				intOrPtr* _t18;
				intOrPtr* _t34;
				void* _t38;
				void* _t40;
				void* _t41;
				void* _t42;
				void* _t44;

				_t40 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_v30 = __ecx;
				_t41 = __edx;
				_v8 = __eax;
				_t34 =  &_v36;
				_t18 = _v8;
				_v16 = _t18;
				_v20 =  *((intOrPtr*)( *_t18 + 0x18));
				 *_t34 = E00403484(_v8, __ecx);
				while( *_t34 != 0) {
					_t44 =  *_t34 -  *0x410a40; // 0x410a8c
					if(_t44 != 0) {
						 *_t34 = E004034CC( *_t34);
						continue;
					}
					break;
				}
				if( *_t34 == 0) {
					E00413184(_t34, _t35, _t40, _t41, _t42);
					_pop(_t35);
				}
				_v24 = _t34;
				_v28 =  *((intOrPtr*)( *_t34 + 0x18));
				if(_v20 == _v28) {
					E00413184(_t34, _t35, _t40, _t41, _t42);
				}
				asm("cdq");
				return  *((intOrPtr*)( *_v8 + 0x18))(_t41, _t38);
			}

0x004131d0
0x004131d0
0x004131d0
0x004131d8
0x004131dc
0x004131de
0x004131e1
0x004131e4
0x004131e7
0x004131ef
0x004131fa
0x00413207
0x0041320e
0x00413214
0x00413205
0x00000000
0x00413205
0x00000000
0x00413214
0x00413219
0x0041321c
0x00413221
0x00413221
0x00413222
0x0041322a
0x00413233
0x00413236
0x0041323b
0x0041323e
0x00413251

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0725c987337473c38a90c72b6260804d623176a0ff228105d67929614bff984
Instruction ID: 88f008e8c50a7b2bbfd9bc5cd8b2959c3c517038abdc273ae0aff5b576ee6d1f
Opcode Fuzzy Hash: f0725c987337473c38a90c72b6260804d623176a0ff228105d67929614bff984
Instruction Fuzzy Hash: 3811F571900219DFCB15EF99D881AEEB7F8EF09315B1001AAE409EB351D734AE80CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004131CE Relevance: .1, Instructions: 52
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E004131CE(intOrPtr* __eax, short __ecx, void* __edx) {
				intOrPtr* _v8;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr _v28;
				short _v30;
				char _v36;
				void* __ebx;
				void* __esi;
				intOrPtr* _t18;
				intOrPtr* _t35;
				void* _t40;
				void* _t42;
				void* _t44;
				void* _t47;
				void* _t49;
				void* _t53;

				_t40 = __edx;
				_t37 = __ecx;
				_t47 = _t49;
				_v30 = __ecx;
				_t44 = __edx;
				_v8 = __eax;
				_t35 =  &_v36;
				_t18 = _v8;
				_v16 = _t18;
				_v20 =  *((intOrPtr*)( *_t18 + 0x18));
				 *_t35 = E00403484(_v8, __ecx);
				while( *_t35 != 0) {
					_t53 =  *_t35 -  *0x410a40; // 0x410a8c
					if(_t53 != 0) {
						 *_t35 = E004034CC( *_t35);
						continue;
					}
					break;
				}
				if( *_t35 == 0) {
					E00413184(_t35, _t37, _t42, _t44, _t47);
					_pop(_t37);
				}
				_v24 = _t35;
				_v28 =  *((intOrPtr*)( *_t35 + 0x18));
				if(_v20 == _v28) {
					E00413184(_t35, _t37, _t42, _t44, _t47);
				}
				asm("cdq");
				return  *((intOrPtr*)( *_v8 + 0x18))(_t44, _t40);
			}

0x004131ce
0x004131ce
0x004131d1
0x004131d8
0x004131dc
0x004131de
0x004131e1
0x004131e4
0x004131e7
0x004131ef
0x004131fa
0x00413207
0x0041320e
0x00413214
0x00413205
0x00000000
0x00413205
0x00000000
0x00413214
0x00413219
0x0041321c
0x00413221
0x00413221
0x00413222
0x0041322a
0x00413233
0x00413236
0x0041323b
0x0041323e
0x00413251

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eed0d6c1574f56cd0ed8ac3cc49e659f110cb800acd021ee4230a64c931afedb
Instruction ID: 6530249caec68622f9efb4d22245772f7c43c384b03250a35abf28aea76a37b0
Opcode Fuzzy Hash: eed0d6c1574f56cd0ed8ac3cc49e659f110cb800acd021ee4230a64c931afedb
Instruction Fuzzy Hash: 2B11FA71A40219EFCB15EF99D881AEEB7F8EF09311F10019AE409E7351D734AE80CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00403F68 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeaf9d4212dc15545606bb7cfb987668016f9ccc7cc3f89a45e8a5e0003d0092
Instruction ID: 8a2355e146a5e082108037e0855c428ba2fb97938d8e4276e8eff52ec05fe8db
Opcode Fuzzy Hash: aeaf9d4212dc15545606bb7cfb987668016f9ccc7cc3f89a45e8a5e0003d0092
Instruction Fuzzy Hash: C601D172E086059FD7108E59D8C495AFBFCEB05321B6281BBE818E3790D735AE50CA98

Uniqueness

Uniqueness Score: -1.00%

Function 004077B8 Relevance: .0, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E004077B8(signed int __eax, signed int __edx) {
				signed int _t6;
				void* _t13;
				signed int _t20;

				_t6 = __eax | 0xffffffff;
				_t20 = __edx & 0x00000003;
				if(_t20 <= 2 && (__edx & 0x000000f0) <= 0x40) {
					_push(0);
					_push(0x80);
					_push(3);
					_push(0);
					_push( *((intOrPtr*)(0x41a148 + ((__edx & 0x000000f0) >> 4) * 4)));
					_push( *((intOrPtr*)(0x41a13c + _t20 * 4)));
					_t13 = E00404734(__eax);
					_push(_t13); // executed
					L00406060(); // executed
					return _t13;
				}
				return _t6;
			}

0x004077bf
0x004077c4
0x004077ca
0x004077d9
0x004077db
0x004077e0
0x004077e2
0x004077f5
0x004077fd
0x00407800
0x00407805
0x00407806
0x00000000
0x00407806
0x0040780e

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70d532c524d8e2a2e4b468a06e6841f7a74f205d6b0aab24efe6de327704b649
Instruction ID: 1225f87549e07cf4a09bb82e370b87df6d71bb7353a81ab93bb5223499eb32f2
Opcode Fuzzy Hash: 70d532c524d8e2a2e4b468a06e6841f7a74f205d6b0aab24efe6de327704b649
Instruction Fuzzy Hash: 33E022E3B8050022F270A9AD9CC2B8B5149C786779F198136F101FB2D0C17CDC0292B9

Uniqueness

Uniqueness Score: -1.00%

Function 004130CC Relevance: .0, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E004130CC(intOrPtr* __eax) {
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v40;
				intOrPtr* _t26;

				_t26 =  &_v16;
				_push(0);
				_push(0);
				_v20 =  *((intOrPtr*)( *__eax + 0x18))();
				_v16 = 1;
				_push(0);
				_push(0);
				 *_t26 =  *((intOrPtr*)( *__eax + 0x18))();
				_v32 = 2;
				_push(_v24);
				_push(_v28);
				 *((intOrPtr*)( *__eax + 0x18))();
				return  *_t26;
			}

0x004130cd
0x004130d2
0x004130d4
0x004130df
0x004130e3
0x004130e7
0x004130e9
0x004130f4
0x004130f7
0x004130fb
0x004130ff
0x00413109
0x00413117

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 275a990c5d34a96f4be68e8dc6cb5f652333226c5cb76d7cfe4e1aa510367cd8
Instruction ID: a1886c2c90817c49a48bdccf22618da22d7b6eb7779f8872a04b287f8ae6909f
Opcode Fuzzy Hash: 275a990c5d34a96f4be68e8dc6cb5f652333226c5cb76d7cfe4e1aa510367cd8
Instruction Fuzzy Hash: 82F0DA70704300AFD7049F19C885B2AB7E1FF88724F20856CF5998B3A1DA329C55DB42

Uniqueness

Uniqueness Score: -1.00%

Function 00412780 Relevance: .0, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00412780(intOrPtr* __eax, void* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				void* __ecx;
				intOrPtr _t7;
				void* _t14;
				intOrPtr _t22;
				intOrPtr* _t25;
				void* _t26;
				intOrPtr _t28;

				_t25 = __eax;
				_t7 = E004134EC(__edx, 1, __edi, 0xffff); // executed
				_v8 = _t7;
				 *[fs:eax] = _t28;
				 *((intOrPtr*)( *_t25 + 0x78))( *[fs:eax], 0x4127cb, _t28, __esi, _t14, _t26);
				_pop(_t22);
				 *[fs:eax] = _t22;
				_push(E004127D2);
				return E00403540(_v8);
			}

0x00412785
0x00412795
0x0041279a
0x004127a8
0x004127b2
0x004127b7
0x004127ba
0x004127bd
0x004127ca

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52512b2bf9eb5def8a6ee472c5a4d419f1f9d6671a083a2ac204765ad3998a23
Instruction ID: 3ca4a5da5581f653476caed59819b0454682d491ff18817823949c14df8d19dc
Opcode Fuzzy Hash: 52512b2bf9eb5def8a6ee472c5a4d419f1f9d6671a083a2ac204765ad3998a23
Instruction Fuzzy Hash: AFF0E530304204AFA715DF69CD1286977EDEB4DB1436144B6F400C7791E6B5AD50DA58

Uniqueness

Uniqueness Score: -1.00%

Function 004134EC Relevance: .0, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E004134EC(void* __ecx, void* __edx, void* __edi, intOrPtr _a4) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t2;
				void* _t6;
				void* _t9;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t16;

				_t13 = __edi;
				_t11 = __edx;
				_t10 = __ecx;
				if(__edx != 0) {
					_t16 = _t16 + 0xfffffff0;
					_t2 = E00403844(_t2, _t15);
				}
				_t9 = _t11;
				_t14 = _t2;
				E00413530(_t9, _t10, 0, _t13, _t14, 0, _a4); // executed
				_t6 = _t14;
				if(_t9 != 0) {
					E0040389C(_t6);
					_pop( *[fs:0x0]);
				}
				return _t14;
			}

0x004134ec
0x004134ec
0x004134ec
0x004134f3
0x004134f5
0x004134f8
0x004134f8
0x004134fd
0x004134ff
0x0041350c
0x00413511
0x00413515
0x00413517
0x0041351c
0x00413523
0x0041352b

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5141cac35c634039916e9ad8bde61f0f3b479714add067b47f312f0c1ece0080
Instruction ID: d82c9ae012dfd05becb71f1b109c48db45d87adf9d4506ea7f4d6eb9e78bac9b
Opcode Fuzzy Hash: 5141cac35c634039916e9ad8bde61f0f3b479714add067b47f312f0c1ece0080
Instruction Fuzzy Hash: A6E0266370061066C100BA9E2C02BE3BB8D8B01FB6F0C8133FD04CB385E92A4E4142FD

Uniqueness

Uniqueness Score: -1.00%

Function 00418A38 Relevance: .0, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 27%

			E00418A38(char* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t20;
				intOrPtr _t23;

				_push(0);
				_push(_t23);
				_push(0x418a7e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t23;
				E0041899C(__eax, __ecx,  &_v8, __eflags);
				_push(E00404734(_v8)); // executed
				L004060D0(); // executed
				_pop(_t20);
				 *[fs:eax] = _t20;
				_push(E00418A85);
				return E00404274( &_v8);
			}

0x00418a3b
0x00418a42
0x00418a43
0x00418a48
0x00418a4b
0x00418a53
0x00418a60
0x00418a61
0x00418a6a
0x00418a6d
0x00418a70
0x00418a7d

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: 434639c27f903fd069fbfabce9beb3cee9a3cfa0ad5ad636a79717ba7f01aa65
Instruction ID: 9285bfc1f2f5c6648960175cb40975ec638142242549ee8b0f36911b7429681f
Opcode Fuzzy Hash: 434639c27f903fd069fbfabce9beb3cee9a3cfa0ad5ad636a79717ba7f01aa65
Instruction Fuzzy Hash: B8E09271344308ABD701EBB2CC52A59B3ACEB89744BA2087AB600E7681DA795E109458

Uniqueness

Uniqueness Score: -1.00%

Function 004029E4 Relevance: .0, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E004029E4(void* __eax, void* __ecx, void* __edx) {
				intOrPtr _t5;
				intOrPtr* _t12;

				if(__eax <= 0) {
					 *_t12 = 0;
				} else {
					_t5 =  *0x41a040(); // executed
					 *_t12 = _t5;
					if( *_t12 == 0) {
						E00402AFC(1);
					}
				}
				return  *_t12;
			}

0x004029ea
0x00402a08
0x004029ec
0x004029ee
0x004029f4
0x004029fb
0x004029ff
0x004029ff
0x004029fb
0x00402a10

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e96376eeb238b0c14f4e95b40d27644eade49e21b0757f837d60a1e6ef69f7a0
Instruction ID: db1ff3eeee1cde94189ba95de1e660c8868b0d82b4d520e3834ceb40446bbfb1
Opcode Fuzzy Hash: e96376eeb238b0c14f4e95b40d27644eade49e21b0757f837d60a1e6ef69f7a0
Instruction Fuzzy Hash: 3BD017703086008FD360AF699AC826A76D4BB18314F004C3EE081D2282DABC88819F2A

Uniqueness

Uniqueness Score: -1.00%

Function 00413484 Relevance: .0, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00413484(void* __eax, signed int __edx, long _a4, long _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _t10;
				signed int _t15;

				_t15 = __edx & 0x0000007f;
				_t10 = E00407894( *((intOrPtr*)(__eax + 4)), _t15, _a4, _a8); // executed
				_v12 = _t10;
				_v8 = _t15;
				return _v12;
			}

0x00413490
0x00413496
0x0041349b
0x0041349e
0x004134aa

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: a9d5fdeeb5bcd9a643ea8bc058e9c9654252718f23c4390abc3fa4790e1ba87e
Instruction ID: dbb47ef794acaa85bd2886a828ed53a9f53edd8226e582057f63c708bf96ad80
Opcode Fuzzy Hash: a9d5fdeeb5bcd9a643ea8bc058e9c9654252718f23c4390abc3fa4790e1ba87e
Instruction Fuzzy Hash: 45D01232808208EFCF00DF84D84288DBBF5EB54320F24C196E4185B2A1EB31AA10EB49

Uniqueness

Uniqueness Score: -1.00%

Function 00407810 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ad10e6bc367079982ea41191c02f03009d1d52322dc624c72677c8d25893579
Instruction ID: b6a738acd3fa0830a0aef19a591f84f40cd14af44beabe9be8c610a1635a4acc
Opcode Fuzzy Hash: 3ad10e6bc367079982ea41191c02f03009d1d52322dc624c72677c8d25893579
Instruction Fuzzy Hash: B7C092A03C130032F53021B60DC7F1600481744F09F61843AB342FF1C3C9E9A814011C

Uniqueness

Uniqueness Score: -1.00%

Function 00403FD8 Relevance: .0, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403FD8(intOrPtr __eax, intOrPtr __edx) {
				void* _t6;
				intOrPtr _t7;

				_t7 = __edx;
				 *0x41c014 = 0x4011a8;
				 *0x41c018 = 0x4011b0;
				 *0x41c638 = __eax;
				 *0x41c63c = 0;
				 *0x41c640 = __edx;
				_t1 = _t7 + 4; // 0x400000
				 *0x41c02c =  *_t1;
				E00403EB0();
				 *0x41c034 = 0; // executed
				_t6 = E00403F68(); // executed
				return _t6;
			}

0x00403fd8
0x00403fd8
0x00403fe2
0x00403fec
0x00403ff3
0x00403ff8
0x00403ffe
0x00404001
0x00404006
0x0040400b
0x00404012
0x00404017

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17d5e7943681c21e6f3c5476f6c43ba0d9c48a82b67b38cde1d7fe83b04ca133
Instruction ID: 65944e0d878b50bf6fc4bcda7de26ef257d64142a43235f65b9afd1eeeec3d1c
Opcode Fuzzy Hash: 17d5e7943681c21e6f3c5476f6c43ba0d9c48a82b67b38cde1d7fe83b04ca133
Instruction Fuzzy Hash: 24E04CB4881201CED354DFB9EDC42857EE0A74C345745E27AD1089A271D77885448FDD

Uniqueness

Uniqueness Score: -1.00%

Function 00418A8C Relevance: .0, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00418A8C(void* __eflags) {
				char* _t2;
				signed char _t3;
				void* _t6;
				void* _t7;

				_t3 = E00418A38(_t2, _t6, _t7, __eflags); // executed
				if(_t3 == 0xffffffff || (_t3 & 0x00000010) == 0) {
					return 0;
				} else {
					return 1;
				}
			}

0x00418a8c
0x00418a94
0x00418a9c
0x00418a9d
0x00418a9f
0x00418a9f

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 749fcc46f477cbe4fda34f27d4d249327a57e2d4c685cb72166559598b3a3d21
Instruction ID: ca43f84a6122206ac020567cffa1272bcfb0dde1b71bf91b2c4818ab18dbb913
Opcode Fuzzy Hash: 749fcc46f477cbe4fda34f27d4d249327a57e2d4c685cb72166559598b3a3d21
Instruction Fuzzy Hash: C7B012348161020B1D20007805752DA12400FA13F9FD42B8FE9B4C06D1DE1C54D72019

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00405250 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144
stringfileCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E00405250(char* __eax, intOrPtr __edx) {
				char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				struct HINSTANCE__* _v28;
				struct _WIN32_FIND_DATAA _v346;
				char _v607;
				struct HINSTANCE__* _t53;
				char* _t75;
				char* _t85;
				void* _t107;
				void* _t111;
				struct HINSTANCE__* _t113;
				void* _t114;
				void* _t115;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t53 = GetModuleHandleA("kernel32.dll");
				_t113 = _t53;
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_v20 = _v8 + 2;
						goto L10;
					} else {
						if( *((char*)(_v8 + 1)) == 0x5c) {
							_v20 = E00405224(_v8 + 2);
							if( *_v20 != 0) {
								_v20 = E00405224(_v20 + 1);
								if( *_v20 != 0) {
									L10:
									_t107 = _v20 - _v8;
									_push(_t107 + 1);
									_push(_v8);
									_push( &_v607);
									L00401240();
									while( *_v20 != 0) {
										_v24 = E00405224(_v20 + 1);
										_t111 = _v24 - _v20;
										if(_t111 + _t107 + 1 <= 0x105) {
											_push(_t111 + 1);
											_push(_v20);
											_push( &(( &_v607)[_t107]));
											L00401240();
											_t114 = FindFirstFileA( &_v607,  &_v346);
											if(_t114 != 0xffffffff) {
												FindClose(_t114);
												_t75 =  &(_v346.cFileName);
												_push(_t75);
												L00401248();
												if(_t75 + _t107 + 1 + 1 <= 0x105) {
													 *((char*)(_t115 + _t107 - 0x25b)) = 0x5c;
													_push(0x105 - _t107 - 1);
													_push( &(_v346.cFileName));
													_push( &(( &(( &_v607)[_t107]))[1]));
													L00401240();
													_t85 =  &(_v346.cFileName);
													_push(_t85);
													L00401248();
													_t107 = _t107 + _t85 + 1;
													_v20 = _v24;
													continue;
												}
											}
										}
										goto L17;
									}
									_push(_v12);
									_push( &_v607);
									_push(_v8);
									L00401240();
								}
							}
						}
					}
				} else {
					_push("GetLongPathNameA");
					_push(_t113);
					L00401218();
					_v28 = _t53;
					if(_v28 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v607);
						_push(_v8);
						if(_v28() == 0) {
							goto L4;
						} else {
							_push(_v12);
							_push( &_v607);
							_push(_v8);
							L00401240();
						}
					}
				}
				L17:
				return _v16;
			}

0x0040525c
0x0040525f
0x00405265
0x0040526d
0x00405272
0x00405276
0x004052bc
0x004052c2
0x0040530b
0x00000000
0x004052c4
0x004052cb
0x004052dc
0x004052e5
0x004052f4
0x004052fd
0x0040530e
0x00405311
0x00405317
0x0040531b
0x00405322
0x00405323
0x004053d8
0x00405336
0x0040533c
0x00405349
0x00405350
0x00405354
0x0040535d
0x0040535e
0x00405376
0x0040537b
0x0040537e
0x00405383
0x00405389
0x0040538a
0x0040539a
0x0040539c
0x004053ac
0x004053b3
0x004053bd
0x004053be
0x004053c3
0x004053c9
0x004053ca
0x004053d0
0x004053d5
0x00000000
0x004053d5
0x0040539a
0x0040537b
0x00000000
0x00405349
0x004053e7
0x004053ee
0x004053f2
0x004053f3
0x004053f3
0x004052fd
0x004052e5
0x004052cb
0x00405278
0x00405278
0x0040527d
0x0040527e
0x00405283
0x0040528a
0x00000000
0x0040528c
0x0040528c
0x00405297
0x0040529b
0x004052a1
0x00000000
0x004052a3
0x004052a6
0x004052ad
0x004052b1
0x004052b2
0x004052b2
0x004052a1
0x0040528a
0x004053f8
0x00405401

APIs

GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0040526D
6C9C5550.KERNEL32(00000000,GetLongPathNameA,kernel32.dll), ref: 0040527E
lstrcpyn.KERNEL32(?,?,?), ref: 004052B2
lstrcpyn.KERNEL32(?,?,?,kernel32.dll), ref: 00405323
lstrcpyn.KERNEL32(?,?,?,?,?,?,kernel32.dll), ref: 0040535E
FindFirstFileA.KERNEL32(?,?,?,?,?,?,?,?,kernel32.dll), ref: 00405371
FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?,kernel32.dll), ref: 0040537E
lstrlen.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,kernel32.dll), ref: 0040538A
lstrcpyn.KERNEL32(0000005D,?,00000104), ref: 004053BE
lstrlen.KERNEL32(?,0000005D,?,00000104), ref: 004053CA
lstrcpyn.KERNEL32(?,0000005C,?,?,0000005D,?,00000104), ref: 004053F3

Strings

kernel32.dll, xrefs: 00405268
GetLongPathNameA, xrefs: 00405278
\, xrefs: 0040539C

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: lstrcpyn$Findlstrlen$C5550CloseFileFirstHandleModule
String ID: GetLongPathNameA$\$kernel32.dll
API String ID: 1612417938-1565342463
Opcode ID: 700c1238862a1275c11cd88edb2382d4921fc74cb8b1b9a53c5a391dd8bc8e07
Instruction ID: 4b3c55c1c854218d7c6179b5f5be603bd931605cb7b922ae0db066e27414c0c1
Opcode Fuzzy Hash: 700c1238862a1275c11cd88edb2382d4921fc74cb8b1b9a53c5a391dd8bc8e07
Instruction Fuzzy Hash: 90512A71D00659AFDB11DBE8CC85AEFB7B8EF48344F1405AAA514F7281D7789E408FA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040B5E0 Relevance: 3.0, APIs: 2, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E0040B5E0(int __eax, void* __ebx, void* __eflags) {
				char _v11;
				char _v16;
				intOrPtr _t28;
				void* _t31;
				void* _t33;

				_t33 = __eflags;
				_v16 = 0;
				_push(_t31);
				_push(0x40b644);
				_push( *[fs:edx]);
				 *[fs:edx] = _t31 + 0xfffffff4;
				GetLocaleInfoA(__eax, 0x1004,  &_v11, 7);
				E004044E4( &_v16, 7,  &_v11);
				_push(_v16);
				E004075CC(7, GetACP(), _t33);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E0040B64B);
				return E00404274( &_v16);
			}

0x0040b5e0
0x0040b5e9
0x0040b5ee
0x0040b5ef
0x0040b5f4
0x0040b5f7
0x0040b606
0x0040b616
0x0040b61e
0x0040b627
0x0040b630
0x0040b633
0x0040b636
0x0040b643

APIs

GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,0040B644), ref: 0040B606
GetACP.KERNEL32(?,?,00001004,?,00000007,00000000,0040B644), ref: 0040B61F

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 0776af4f0815bad762a9b6503c8b1673043ff9770696c04a0425ec12292e8c6c
Instruction ID: dfe97d73a5c29c4166f4f620a588365b6a14dd174aeea344373590cb4d2478df
Opcode Fuzzy Hash: 0776af4f0815bad762a9b6503c8b1673043ff9770696c04a0425ec12292e8c6c
Instruction Fuzzy Hash: 4EF09671E046047FDB04EFA2CC52A9DB3AEE7C5718F50C97AB210A76C1DB7D65008669

Uniqueness

Uniqueness Score: -1.00%

Function 004079D6 Relevance: 1.6, APIs: 1, Instructions: 52
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004079D6(CHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				CHAR* _v32;
				CHAR* _t28;
				int _t35;
				intOrPtr _t40;
				intOrPtr _t43;
				intOrPtr* _t48;
				intOrPtr* _t49;
				intOrPtr _t53;
				intOrPtr _t55;

				_t28 = _a4;
				if(_t28 == 0) {
					_v32 = 0;
				} else {
					_v32 = _t28;
				}
				_t35 = GetDiskFreeSpaceA(_v32,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t53 = _v24;
				_t40 = E00404EFC(_v28, _t53, _v16, 0);
				_t48 = _a8;
				 *_t48 = _t40;
				 *((intOrPtr*)(_t48 + 4)) = _t53;
				_t55 = _v24;
				_t43 = E00404EFC(_v28, _t55, _v20, 0);
				_t49 = _a12;
				 *_t49 = _t43;
				 *((intOrPtr*)(_t49 + 4)) = _t55;
				return _t35;
			}

0x004079df
0x004079e4
0x004079ed
0x004079e6
0x004079e6
0x004079e6
0x00407a04
0x00407a13
0x00407a16
0x00407a23
0x00407a26
0x00407a2b
0x00407a2e
0x00407a30
0x00407a3d
0x00407a40
0x00407a45
0x00407a48
0x00407a4a
0x00407a53

APIs

GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 00407A04

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: DiskFreeSpace
String ID:
API String ID: 1705453755-0
Opcode ID: 5ab6aaec8ffb519df21205ca8191666b6da16b0e91d1177282df0519c4965b96
Instruction ID: 69756d6b6bfd2fb148ded2d1fcecbba9d70454d06353f23d354645aceaa7ebbf
Opcode Fuzzy Hash: 5ab6aaec8ffb519df21205ca8191666b6da16b0e91d1177282df0519c4965b96
Instruction Fuzzy Hash: 2811ACB1E00109AFDB04CF99C8819AFB7FDFF88304B54816AA519E7251E631AE019BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00405D34 Relevance: 1.5, APIs: 1, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E00405D34(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x405d9a);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E004044E4( &_v20, 7,  &_v15);
				E00402FA8(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E00405DA1);
				return E00404274( &_v20);
			}

0x00405d3d
0x00405d42
0x00405d43
0x00405d48
0x00405d4b
0x00405d5a
0x00405d6a
0x00405d75
0x00405d80
0x00405d80
0x00405d86
0x00405d89
0x00405d8c
0x00405d99

APIs

GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00405D9A), ref: 00405D5A

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 70005bcf51871763af874ecc37e8fbd807d39ca89502ea8e351c4090c5bf6ec6
Instruction ID: 5e6db8bbae290df7465a049b34baaed35fd2face1521509e593687a3a543156d
Opcode Fuzzy Hash: 70005bcf51871763af874ecc37e8fbd807d39ca89502ea8e351c4090c5bf6ec6
Instruction Fuzzy Hash: 81F0A470A04609AFEB15DEA1CC45AEEB37AFBC4714F40857AA110B71C0E7B82600CA98

Uniqueness

Uniqueness Score: -1.00%

Function 0040A118 Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A118(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				char _v260;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				if(GetLocaleInfoA(__eax, __edx,  &_v260, 0x100) <= 0) {
					return E004042C8(_t10, _t18);
				}
				return E00404364(_t10, _t5 - 1,  &_v260);
			}

0x0040a123
0x0040a125
0x0040a13d
0x00000000
0x0040a155
0x00000000

APIs

GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040A136

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 55c1ba0770b5d834b2a4b2e3bc6602f6bb2871bc7554ac29c059f6f5f738b650
Instruction ID: 3a14a9fd315c2103eceb33d96c9df3f6727a3a9464dce56b4d19266877c00abe
Opcode Fuzzy Hash: 55c1ba0770b5d834b2a4b2e3bc6602f6bb2871bc7554ac29c059f6f5f738b650
Instruction Fuzzy Hash: BCE0927170031856D311B5695C86AE6725C9B98350F00827FBE09E73C2EDB49D5142AE

Uniqueness

Uniqueness Score: -1.00%

Function 0040A164 Relevance: 1.5, APIs: 1, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E0040A164(int __eax, char __ecx, int __edx) {
				char _v16;
				char _t5;
				char _t6;

				_push(__ecx);
				_t6 = __ecx;
				if(GetLocaleInfoA(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t6;
				} else {
					_t5 = _v16;
				}
				return _t5;
			}

0x0040a167
0x0040a168
0x0040a17e
0x0040a185
0x0040a180
0x0040a180
0x0040a180
0x0040a18b

APIs

GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040B8F6,00000000,0040BB0F,?,?,00000000,00000000), ref: 0040A177

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 856463b75bc678614df651b312365334bf1d7419e3571505d8805a3788825be2
Instruction ID: c44b0fdd1f3b10ac1bc7b9f90dfa0614dd64c7606da20ba772b0e345f2366e40
Opcode Fuzzy Hash: 856463b75bc678614df651b312365334bf1d7419e3571505d8805a3788825be2
Instruction Fuzzy Hash: DAD05E7630D2503AE210955A2D85DBB4B9CCBC97B4F10403EBA49DA282D2248C16A3B7

Uniqueness

Uniqueness Score: -1.00%

Function 00408BEC Relevance: 1.5, APIs: 1, Instructions: 6
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00408BEC() {
				struct _SYSTEMTIME* _t2;

				GetLocalTime(_t2);
				return _t2->wYear;
			}

0x00408bf0
0x00408bfc

APIs

GetLocalTime.KERNEL32 ref: 00408BF0

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: LocalTime
String ID:
API String ID: 481472006-0
Opcode ID: 7ce30579265dc3e48bb2eb9ef10c5c72b53bc5b2b32207088f261849c17acafd
Instruction ID: 9902bea88e255a4bcf22ee9f5ad582b9e3c9e9a1f819e29236d92fe157d339f0
Opcode Fuzzy Hash: 7ce30579265dc3e48bb2eb9ef10c5c72b53bc5b2b32207088f261849c17acafd
Instruction Fuzzy Hash: B0A0120844481101C14033180C0315830005801620FC4875868B8203D1E92E0134829B

Uniqueness

Uniqueness Score: -1.00%

Function 004183A0 Relevance: 1.3, Strings: 1, Instructions: 93
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E004183A0(void* __ecx, void* __edx, void* __eflags) {
				intOrPtr _t12;
				intOrPtr _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t20;
				intOrPtr _t28;
				void* _t41;
				void* _t57;

				_t57 = __edx;
				_t42 = __ecx;
				E004182E4();
				 *0x41d928 = E004029E4(0x2000, __ecx, _t57);
				 *0x41d930 = E004029E4(0x7f6, __ecx, _t57);
				 *0x41d934 = E004029E4(0x7f6, _t42, _t57);
				 *0x41db4c = E004029E4(0x2000, _t42, _t57);
				 *0x41db50 = E004029E4(0x1fe, _t42, _t57);
				_t12 =  *0x41d928; // 0x0
				E00402F6C(_t12, 0x2000);
				_t14 =  *0x41d930; // 0x0
				E00402F6C(_t14, 0x7f6);
				_t16 =  *0x41d934; // 0x0
				E00402F6C(_t16, 0x7f6);
				_t18 =  *0x41db4c; // 0x0
				E00402F6C(_t18, 0x2000);
				_t20 =  *0x41db50; // 0x0
				E00402F6C(_t20, 0x1fe);
				 *0x41e82e = 0;
				 *0x41d91c = 0;
				 *0x41d91e = 0;
				 *0x41d920 = 0;
				 *0x41d922 = 0;
				 *0x41d924 = 0;
				 *0x41d92c = 0;
				E00402F6C(0x41d938, 0x200);
				E00402F6C(0x41db38, 0x13);
				 *0x41db54 = 0;
				 *0x41db58 = E004029E4(0x3fe, 0, 0x13);
				_t28 =  *0x41db58; // 0x0
				E00402F6C(_t28, 0x3fe);
				E00402F6C(0x41db5c, 0x22);
				 *0x41db7e = 0;
				E00402F6C(0x41db80, 0x7f6);
				E00402F6C(0x41e378, 0x36);
				E00402F6C(0x41e3b0, 0x4a);
				E00402F6C(0x41e3fc, 0x3fc);
				_t41 = E00402F6C(0x41e7f8, 0x26);
				 *0x41e81e = 0;
				 *0x41e820 = 0;
				 *0x41e822 = 0;
				 *0x41e824 = 0;
				 *0x41e826 = 0;
				 *0x41e828 = 0;
				 *0x41e82a = 0;
				 *0x41e82c = 0;
				return _t41;
			}

0x004183a0
0x004183a0
0x004183a0
0x004183af
0x004183be
0x004183cd
0x004183dc
0x004183eb
0x004183f0
0x004183fc
0x00418401
0x0041840d
0x00418412
0x0041841e
0x00418423
0x0041842f
0x00418434
0x00418440
0x00418445
0x0041844e
0x00418457
0x00418460
0x00418469
0x00418472
0x0041847b
0x00418490
0x004184a1
0x004184a6
0x004184b9
0x004184be
0x004184ca
0x004184db
0x004184e0
0x004184f5
0x00418506
0x00418517
0x00418528
0x00418539
0x0041853e
0x00418547
0x00418550
0x00418559
0x00418562
0x0041856b
0x00418574
0x0041857d
0x00418586

Strings

xA, xrefs: 004184FA

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID: xA
API String ID: 0-523113891
Opcode ID: 77f00a5ec62a60a637f3902e212071dd2065fa5a026d339db5107aa01d91f9d8
Instruction ID: 544111c3c6bd262ca334c904e84cf43c3a63ff13141435a141ee01789ffd8f29
Opcode Fuzzy Hash: 77f00a5ec62a60a637f3902e212071dd2065fa5a026d339db5107aa01d91f9d8
Instruction Fuzzy Hash: 84310CA4B1920146E748AB7AE91E29733E1EF4C308F10903FB446DB2E1DBBD5944C75E

Uniqueness

Uniqueness Score: -1.00%

Function 0040CF7A Relevance: .9, Instructions: 866
COMMONCrypto

Download Yara Rule

C-Code - Quality: 77%

			E0040CF7A(void* __eax, void* __ebx, signed int __ecx, signed int __edx, signed int __edi, signed int __esi, signed long long __fp0, char _a1, void* _a64) {
				char _v1;
				char _v4;
				char _v8;
				char _v12;
				char _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				intOrPtr* _t323;
				void* _t324;
				void* _t325;
				signed char _t330;
				intOrPtr* _t333;
				void* _t340;
				intOrPtr* _t346;
				intOrPtr* _t347;
				void* _t348;
				signed int _t349;
				signed int _t354;
				signed int _t355;
				signed int _t356;
				intOrPtr* _t357;
				void* _t358;
				void* _t359;
				void* _t360;
				signed int _t364;
				signed int _t366;
				intOrPtr* _t375;
				intOrPtr* _t384;
				void* _t389;
				signed int _t392;
				intOrPtr* _t403;
				void* _t404;
				void* _t405;
				signed int _t410;
				signed int _t414;
				void* _t415;
				signed int _t420;
				void* _t421;
				signed int _t422;
				intOrPtr* _t423;
				void* _t424;
				void* _t425;
				signed int _t430;
				signed char _t431;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				void* _t437;
				void* _t438;
				signed int _t439;
				void* _t440;
				void* _t441;
				signed int _t450;
				intOrPtr* _t451;
				signed char _t453;
				void* _t454;
				signed int _t455;
				signed int _t462;
				signed int _t467;
				signed int _t469;
				signed int _t472;
				signed int _t473;
				char* _t474;
				void* _t476;
				signed int _t477;
				signed char _t479;
				void* _t480;
				signed int _t482;
				intOrPtr _t484;
				intOrPtr _t487;
				char* _t491;
				signed int _t492;
				signed int _t497;
				signed int _t504;
				signed int _t510;
				char* _t513;
				signed int _t517;
				char* _t518;
				intOrPtr _t521;
				signed int _t523;
				signed int _t524;
				intOrPtr _t529;
				signed int _t531;
				signed int _t538;
				void* _t539;
				signed int _t543;
				char* _t544;
				signed int _t550;
				void* _t553;
				signed int _t559;
				char* _t560;
				signed int _t565;
				signed int _t566;
				signed long long _t569;

				_t569 = __fp0;
				_t473 = __esi;
				_t472 = __edi;
				_t462 = __edx;
				_t455 = __ecx;
				_t323 = __eax + 1;
				 *((intOrPtr*)(_t323 + _t323)) =  *((intOrPtr*)(_t323 + _t323)) + __ecx;
				 *_t323 =  *_t323 + _t323;
				_t477 = _t476 - 1;
				asm("adc [eax], al");
				_push(0x74004037);
				asm("aaa");
				_t324 = _t323 + 1;
				 *((intOrPtr*)(_t324 + 0x37)) =  *((intOrPtr*)(_t324 + 0x37)) + __ebx;
				_t325 = _t324 + 1;
				 *((intOrPtr*)(__edi + __esi + 0x40)) =  *((intOrPtr*)(__edi + __esi + 0x40)) + __ebx;
				 *((intOrPtr*)(_t325 + 0x37)) =  *((intOrPtr*)(_t325 + 0x37)) + __edx;
				_t330 = (_t325 + 0x00000001 + __ebx ^ 0x00000040) + __edx ^ 0x00000040;
				 *((intOrPtr*)(_t474 + 0x40 + __esi * 8)) =  *((intOrPtr*)(_t474 + 0x40 + __esi * 8)) + __edx;
				 *((intOrPtr*)(_t330 - 0xa)) =  *((intOrPtr*)(_t330 - 0xa)) + __ebx;
				asm("cmc");
				_t333 = _t330 + 1 + _t330 + 1 + 1;
				 *_t333 =  *_t333 + __ebx;
				asm("cmc");
				 *((intOrPtr*)(__esi + __esi * 8)) =  *((intOrPtr*)(__esi + __esi * 8)) + __edx;
				asm("cmc");
				 *((intOrPtr*)(_t477 + 0x40 + __esi * 8)) =  *((intOrPtr*)(_t477 + 0x40 + __esi * 8)) + __edx;
				 *((intOrPtr*)(_t477 + __esi * 8 - 0xae7ffc0)) =  *((intOrPtr*)(_t477 + __esi * 8 - 0xae7ffc0)) + __ecx;
				 *((intOrPtr*)(__esi + _t474)) =  *((intOrPtr*)(__esi + _t474)) + __edx;
				 *((intOrPtr*)(__esi + _t474)) =  *((intOrPtr*)(__esi + _t474)) + __edx;
				_t340 = _t333 + 2 + _t333 + 2 + 4;
				 *((intOrPtr*)(_t340 - 0xc)) =  *((intOrPtr*)(_t340 - 0xc)) + __ecx;
				 *((intOrPtr*)(__esi + __esi * 8)) =  *((intOrPtr*)(__esi + __esi * 8)) + __ecx;
				asm("hlt");
				asm("hlt");
				_t346 = _t340 + 2 + _t340 + 2 + 1 + __edx + 1;
				 *__edx =  *__edx + __edx;
				_push(_t477);
				_t453 = __ebx + 1;
				_t479 = _t453;
				if(_t479 != 0) {
					L20:
					if(_t487 < 0) {
						goto L33;
					} else {
						_t349 = _t346 + 1;
						 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t453;
						goto L22;
					}
				} else {
					if(_t479 == 0) {
						L19:
						_t346 = _t346 + 1;
						_t64 = _t346 + 0x37;
						 *_t64 =  *((intOrPtr*)(_t346 + 0x37)) + _t453;
						_t487 =  *_t64;
						goto L20;
					} else {
						asm("insd");
						_push(__esi);
						asm("popad");
						if(_t479 < 0) {
							L18:
							asm("aaa");
							goto L19;
						} else {
							asm("popad");
							asm("outsb");
							if(_t479 == 0) {
								L16:
								if(_t484 < 0) {
									goto L11;
								} else {
									_t451 = _t356 + 1;
									 *((intOrPtr*)(_t451 + _t451)) =  *((intOrPtr*)(_t451 + _t451)) + _t455;
									 *_t451 =  *_t451 + _t451;
									 *((intOrPtr*)(_t451 + 0x37)) =  *((intOrPtr*)(_t451 + 0x37)) + _t455;
									_t346 = _t451 + 1;
									 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t462;
									goto L18;
								}
							} else {
								if(_t479 >= 0) {
									L23:
									_t450 = (_t346 + 0x00000001 + _t453 ^ 0x00000040) + _t462 ^ 0x00000040;
									 *_t450 =  *_t450 + _t462;
									_t349 = _t450 ^ 0x45160040;
									goto L24;
								} else {
									asm("clc");
									asm("iretd");
									L6:
									_t349 = _t356 + 1;
									 *_t472 =  *_t472 + _t349;
									_t480 =  *_t472;
									asm("adc dl, [ebx+eax*2+0x75]");
									if(_t480 >= 0) {
										L25:
										asm("popad");
										if(_t491 < 0) {
											goto L38;
										} else {
											asm("popad");
											asm("outsb");
											if(_t491 == 0) {
												goto L35;
											} else {
												asm("outsb");
												goto L28;
											}
										}
									} else {
										asm("outsd");
										asm("insd");
										_push(_t473);
										asm("popad");
										if(_t480 < 0) {
											L24:
											_t349 = _t349 + 1;
											 *_t473 =  *_t473 + _t462;
											_t474 =  &_a1;
											_t491 = _t474;
											_push(_t473);
											goto L25;
										} else {
											asm("popad");
											asm("outsb");
											if(_t480 == 0) {
												L22:
												asm("aaa");
												_t346 = _t349 + 1;
												 *((intOrPtr*)(_t346 + 0x37)) =  *((intOrPtr*)(_t346 + 0x37)) + _t462;
												goto L23;
											} else {
												if(_t480 >= 0) {
													L28:
													if(_t491 <= 0) {
														goto L37;
													} else {
														asm("insb");
														_t477 =  *(_t472 + 0x70 + _t455 * 2) * 0x6f727245;
														_t492 = _t477;
														goto L30;
													}
												} else {
													asm("gs movsb");
													asm("iretd");
													_t356 = _t349 + 1;
													 *((intOrPtr*)(_t356 + 0x4010)) =  *((intOrPtr*)(_t356 + 0x4010)) + _t356;
													 *_t356 =  *_t356 + _t455;
													L11:
													_t49 = _t473 + 0x61;
													 *_t49 =  *(_t473 + 0x61) | _t462;
													_t482 =  *_t49;
													L12:
													asm("popad");
													if(_t482 < 0) {
														L30:
														if(_t492 < 0) {
															 *_t356 =  *_t356 + _t356;
															 *_t356 =  *_t356 + _t356;
															 *_t356 =  *_t356 + _t356;
															 *_t356 =  *_t356 + _t356;
															 *_t356 =  *_t356 + _t356;
															 *_t356 =  *_t356 + _t356;
															 *_t356 =  *_t356 + _t356;
															 *_t356 =  *_t356 + _t356;
															 *_t356 =  *_t356 + _t356;
															 *_t356 =  *_t356 + _t356;
															 *_t356 =  *_t356 + _t356;
															 *_t356 =  *_t356 + _t453;
															asm("rol dword [eax], 1");
															_t439 = _t356;
															 *_t439 =  *_t439 + _t439;
															 *((intOrPtr*)(_t439 + 0x37)) =  *((intOrPtr*)(_t439 + 0x37)) + _t455;
															_t440 = _t439 + 1;
															 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t462;
															 *((intOrPtr*)(_t440 + 0x37)) =  *((intOrPtr*)(_t440 + 0x37)) + _t453;
															_t441 = _t440 + 1;
															 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t453;
															 *((intOrPtr*)(_t441 + 0x37)) =  *((intOrPtr*)(_t441 + 0x37)) + _t462;
															_t349 = (_t441 + 0x00000001 + _t453 ^ 0x00000040) + _t462 ^ 0x00000040;
															goto L45;
														} else {
															if(_t492 < 0) {
																goto L12;
															} else {
																asm("aam 0xd0");
																_t346 = _t356 + 1;
																 *_t346 =  *_t346 + _t346;
																 *_t346 =  *_t346 + _t346;
																 *_t346 =  *_t346 + _t346;
																L33:
																 *_t346 =  *_t346 + _t346;
																goto L34;
															}
														}
													} else {
														asm("popad");
														asm("outsb");
														if(_t482 == 0) {
															L34:
															 *_t346 =  *_t346 + _t346;
															 *_t346 =  *_t346 + _t346;
															 *_t346 =  *_t346 + _t346;
															 *_t346 =  *_t346 + _t346;
															 *_t346 =  *_t346 + _t346;
															 *_t346 =  *_t346 + _t346;
															 *_t346 =  *_t346 + _t346;
															 *_t346 =  *_t346 + _t346;
															 *_t346 =  *_t346 + _t346;
															 *_t346 =  *_t346 + _t346;
															 *_t346 =  *_t346 + _t346;
															asm("aam 0xd0");
															_t347 = _t346 + 1;
															 *((intOrPtr*)(_t347 + _t347)) =  *((intOrPtr*)(_t347 + _t347)) + _t455;
															 *_t347 =  *_t347 + _t347;
															 *((intOrPtr*)(_t347 + 0x37)) =  *((intOrPtr*)(_t347 + 0x37)) + _t455;
															_t348 = _t347 + 1;
															 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t462;
															 *((intOrPtr*)(_t348 + 0x37)) =  *((intOrPtr*)(_t348 + 0x37)) + _t453;
															_t349 = _t348 + 1;
															 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t453;
															L35:
															 *((intOrPtr*)(_t349 + 0x37)) =  *((intOrPtr*)(_t349 + 0x37)) + _t462;
															_t354 = (_t349 + 0x00000001 + _t453 ^ 0x00000040) + _t462 ^ 0x00000040;
															 *_t354 =  *_t354 + _t462;
															_t349 = _t354 ^ 0x45150040;
															_t497 = _t349;
															_push(_t473);
															asm("popad");
															if(_t497 < 0) {
																L48:
																if(_t504 < 0) {
																	goto L62;
																} else {
																	if(_t504 < 0) {
																		goto L63;
																	} else {
																		asm("insb");
																		asm("outsd");
																		if(_t504 > 0) {
																			goto L57;
																		} else {
																			if(_t504 < 0) {
																				goto L67;
																			} else {
																				asm("outsd");
																				if(_t504 < 0) {
																					goto L36;
																				} else {
																					asm("rcr byte [ecx+edx*8+0x40], 0x0");
																					goto L54;
																				}
																			}
																		}
																	}
																}
															} else {
																L36:
																asm("popad");
																asm("outsb");
																if(_t497 == 0) {
																	L45:
																	_t435 = _t349 + 1;
																	 *_t435 =  *_t435 + _t462;
																	_t356 = _t435 ^ 0x45150040;
																	_t504 = _t356;
																	_push(_t473);
																	asm("popad");
																	if(_t504 < 0) {
																		goto L61;
																	} else {
																		asm("popad");
																		asm("outsb");
																		if(_t504 == 0) {
																			goto L58;
																		} else {
																			if (_t504 <= 0) goto L62;
																			goto L48;
																		}
																	}
																} else {
																	L37:
																	if (_t497 >= 0) goto L54;
																	L38:
																	if(_t497 < 0) {
																		L54:
																		asm("pushfd");
																		asm("rol dword [eax], 1");
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		 *_t356 =  *_t356 + _t356;
																		asm("pushfd");
																		asm("rol dword [eax], 1");
																		_t436 = _t356;
																		 *_t436 =  *_t436 + _t436;
																		 *((intOrPtr*)(_t436 + 0x37)) =  *((intOrPtr*)(_t436 + 0x37)) + _t455;
																		_t437 = _t436 + 1;
																		 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t462;
																		 *((intOrPtr*)(_t437 + 0x37)) =  *((intOrPtr*)(_t437 + 0x37)) + _t453;
																		_t438 = _t437 + 1;
																		 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t453;
																		 *((intOrPtr*)(_t438 + 0x37)) =  *((intOrPtr*)(_t438 + 0x37)) + _t462;
																		_t349 = _t438 + 1;
																		L57:
																		_t431 = _t349 + _t453;
																		L58:
																		_t434 = (_t431 ^ 0x00000040) + _t462 ^ 0x00000040;
																		 *_t434 =  *_t434 + _t462;
																		_t356 = _t434 ^ 0x45170040;
																		_t510 = _t356;
																		_push(_t473);
																		asm("popad");
																		if(_t510 < 0) {
																			L71:
																			_push(_t473);
																			asm("popad");
																			if(_t517 < 0) {
																				goto L79;
																			} else {
																				if(_t517 >= 0) {
																					goto L87;
																				} else {
																					_t474 =  &_a1;
																					_t518 = _t474;
																					if(_t518 < 0) {
																						goto L89;
																					} else {
																						goto L74;
																					}
																				}
																			}
																		} else {
																			asm("popad");
																			asm("outsb");
																			if(_t510 == 0) {
																				L68:
																				 *((intOrPtr*)(_t425 + 0x37)) =  *((intOrPtr*)(_t425 + 0x37)) + _t462;
																				_t430 = (_t425 + 0x00000001 + _t453 ^ 0x00000040) + _t462 ^ 0x00000040;
																				 *_t430 =  *_t430 + _t462;
																				_t356 = _t430 ^ 0x45170040;
																				_t517 = _t356;
																				_push(_t473);
																				asm("popad");
																				if(_t517 < 0) {
																					_t455 = _t455 - 1;
																					_t524 = _t455;
																					asm("outsb");
																					if(_t524 < 0) {
																						goto L92;
																					} else {
																						if(_t524 < 0) {
																							goto L102;
																						} else {
																							asm("outsd");
																							if(_t524 < 0) {
																								goto L69;
																							} else {
																								asm("ror al, 0xd2");
																								goto L86;
																							}
																						}
																					}
																				} else {
																					L69:
																					asm("popad");
																					asm("outsb");
																					if(_t517 == 0) {
																						goto L77;
																					} else {
																						goto L70;
																					}
																				}
																			} else {
																				asm("outsb");
																				L61:
																				if(_t510 <= 0) {
																					L70:
																					asm("popad");
																					goto L71;
																				} else {
																					L62:
																					asm("insb");
																					_t477 =  *(_t455 + 0x72 + _t356 * 2) * 0x72724567;
																					L63:
																					_t455 = _t455 + 1;
																					if(_t455 < 0) {
																						L74:
																						asm("outsd");
																						if(_t518 < 0) {
																							L86:
																							asm("rol byte [eax], cl");
																							 *_t349 =  *_t349 + _t349;
																							L87:
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							goto L88;
																						} else {
																							asm("rol byte [eax], cl");
																							 *_t356 =  *_t356 + _t356;
																							 *_t356 =  *_t356 + _t356;
																							 *_t356 =  *_t356 + _t356;
																							 *_t356 =  *_t356 + _t356;
																							goto L76;
																						}
																					} else {
																						_t474 =  &_a1;
																						_t513 = _t474;
																						if(_t513 < 0) {
																							L76:
																							 *_t356 =  *_t356 + _t356;
																							 *_t356 =  *_t356 + _t356;
																							 *_t356 =  *_t356 + _t356;
																							 *_t356 =  *_t356 + _t356;
																							 *_t356 =  *_t356 + _t356;
																							 *_t356 =  *_t356 + _t356;
																							 *_t356 =  *_t356 + _t356;
																							 *_t356 =  *_t356 + _t356;
																							 *_t356 =  *_t356 + _t356;
																							 *_t356 =  *_t356 + _t356;
																							asm("rol byte [fs:eax], cl");
																							_t422 = _t356;
																							 *_t422 =  *_t422 + _t422;
																							 *((intOrPtr*)(_t422 + 0x37)) =  *((intOrPtr*)(_t422 + 0x37)) + _t455;
																							_t349 = _t422 + 1;
																							 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t462;
																							_t159 = _t349 + 0x37;
																							 *_t159 =  *((intOrPtr*)(_t349 + 0x37)) + _t453;
																							_t521 =  *_t159;
																							L77:
																							if(_t521 < 0) {
																								L88:
																								 *_t349 =  *_t349 + _t349;
																								 *_t349 =  *_t349 + _t349;
																								L89:
																								 *_t349 =  *_t349 + _t349;
																								 *_t349 =  *_t349 + _t349;
																								 *_t349 =  *_t349 + _t349;
																								 *_t349 =  *_t349 + _t349;
																								 *_t349 =  *_t349 + _t349;
																								 *_t349 =  *_t349 + _t349;
																								 *_t349 =  *_t349 + _t349;
																								 *_t349 =  *_t349 + _t349;
																								 *_t349 =  *_t349 + _t349;
																								 *_t349 =  *_t349 + _t349;
																								asm("enter 0x40d2, 0x0");
																								_t355 = _t349;
																								 *_t355 =  *_t355 + _t355;
																								 *((intOrPtr*)(_t355 + 0x37)) =  *((intOrPtr*)(_t355 + 0x37)) + _t455;
																								_t356 = _t355 + 1;
																								 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t462;
																								_t177 = _t356 + 0x37;
																								 *_t177 =  *((intOrPtr*)(_t356 + 0x37)) + _t453;
																								_t529 =  *_t177;
																								if(_t529 < 0) {
																									 *_t356 =  *_t356 + _t356;
																									L102:
																									 *_t356 =  *_t356 + _t356;
																									 *_t356 =  *_t356 + _t356;
																									 *_t356 =  *_t356 + _t356;
																									 *_t356 =  *_t356 + _t356;
																									 *_t356 =  *_t356 + _t356;
																									 *_t356 =  *_t356 + _t356;
																									 *_t356 =  *_t356 + _t356;
																									 *_t356 =  *_t356 + _t356;
																									 *_t356 =  *_t356 + _t356;
																									 *_t356 =  *_t356 + _t356;
																									 *_t356 =  *_t356 + _t356;
																									 *_t356 =  *_t356 + _t356;
																									 *_t356 =  *_t356 + _t356;
																									_t453 = _t453 ^ _t462;
																									_t357 = _t356 + 1;
																									 *((intOrPtr*)(_t357 + _t357)) =  *((intOrPtr*)(_t357 + _t357)) + _t455;
																									 *_t357 =  *_t357 + _t357;
																									 *((intOrPtr*)(_t357 + 0x37)) =  *((intOrPtr*)(_t357 + 0x37)) + _t455;
																									_t358 = _t357 + 1;
																									goto L103;
																								} else {
																									_t421 = _t356 + 1;
																									 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t453;
																									 *((intOrPtr*)(_t421 + 0x37)) =  *((intOrPtr*)(_t421 + 0x37)) + _t462;
																									_t356 = _t421 + 1;
																									L92:
																									_t414 = (_t356 + _t453 ^ 0x00000040) + _t462 ^ 0x00000040;
																									 *_t414 =  *_t414 + _t462;
																									_t356 = _t414 ^ 0x45180040;
																									_t531 = _t356;
																									_push(_t473);
																									asm("popad");
																									if(_t531 < 0) {
																										L106:
																										asm("outsb");
																										if(_t538 == 0) {
																											 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t462;
																											 *((intOrPtr*)(_t356 + 0x37)) =  *((intOrPtr*)(_t356 + 0x37)) + _t453;
																											_t405 = _t356 + 1;
																											 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t453;
																											 *((intOrPtr*)(_t405 + 0x37)) =  *((intOrPtr*)(_t405 + 0x37)) + _t462;
																											_t410 = (_t405 + 0x00000001 + _t453 ^ 0x00000040) + _t462 ^ 0x00000040;
																											 *_t410 =  *_t410 + _t462;
																											_t356 = _t410 ^ 0x45140040;
																											_t543 = _t356;
																											_push(_t473);
																											asm("popad");
																											if(_t543 < 0) {
																												goto L137;
																											} else {
																												asm("popad");
																												goto L122;
																											}
																										} else {
																											if (_t538 < 0) goto L130;
																											goto L108;
																										}
																									} else {
																										asm("popad");
																										asm("outsb");
																										if(_t531 == 0) {
																											L103:
																											 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t462;
																											 *((intOrPtr*)(_t358 + 0x37)) =  *((intOrPtr*)(_t358 + 0x37)) + _t453;
																											_t359 = _t358 + 1;
																											 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t453;
																											 *((intOrPtr*)(_t359 + 0x37)) =  *((intOrPtr*)(_t359 + 0x37)) + _t462;
																											_t360 = _t359 + 1;
																											_t364 = (_t360 + _t453 ^ 0x00000040) + _t462 ^ 0x00000040;
																											 *_t364 =  *_t364 + _t462;
																											_t356 = _t364 ^ 0x45180040;
																											_t538 = _t356;
																											_push(_t473);
																											asm("popad");
																											if(_t538 < 0) {
																												L122:
																												asm("outsb");
																												if(_t543 == 0) {
																													goto L134;
																												} else {
																													asm("outsd");
																													L124:
																													if(_t543 == 0) {
																														goto L133;
																													} else {
																														asm("insd");
																														if(_t543 < 0) {
																															if(_t553 < 0) {
																																goto L124;
																															} else {
																																_t356 = _t356 + 1;
																																 *((intOrPtr*)(_t477 + 0x40 + _t462 * 8)) =  *((intOrPtr*)(_t477 + 0x40 + _t462 * 8)) + _t356;
																																 *_t356 =  *_t356 + _t356;
																																goto L144;
																															}
																														} else {
																															_t474 =  &_a1;
																															_t544 = _t474;
																															if(_t544 < 0) {
																																L144:
																																 *_t356 =  *_t356 + _t356;
																																 *_t356 =  *_t356 + _t356;
																																 *_t356 =  *_t356 + _t356;
																																 *_t356 =  *_t356 + _t356;
																																 *_t356 =  *_t356 + _t356;
																																 *_t356 =  *_t356 + _t356;
																																 *_t356 =  *_t356 + _t356;
																																 *_t356 =  *_t356 + _t356;
																																 *_t356 =  *_t356 + _t356;
																																 *_t356 =  *_t356 + _t356;
																																 *_t356 =  *_t356 + _t356;
																																 *_t356 =  *_t356 + _t356;
																																 *_t356 =  *_t356 + _t356;
																																 *((intOrPtr*)(_t477 + 0x40 + _t462 * 8)) =  *((intOrPtr*)(_t477 + 0x40 + _t462 * 8)) + _t356;
																																 *((intOrPtr*)(_t356 + _t356)) =  *((intOrPtr*)(_t356 + _t356)) + _t455;
																																 *_t356 =  *_t356 + _t356;
																																 *((intOrPtr*)(_t356 + 0x37)) =  *((intOrPtr*)(_t356 + 0x37)) + _t455;
																																asm("aaa");
																																_t389 = _t356 + 1;
																																 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t462;
																																 *((intOrPtr*)(_t389 + 0x37)) =  *((intOrPtr*)(_t389 + 0x37)) + _t453;
																																_t356 = _t389 + 1;
																																 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t453;
																																 *((intOrPtr*)(_t356 + 0x37)) =  *((intOrPtr*)(_t356 + 0x37)) + _t462;
																																goto L146;
																															} else {
																																asm("outsd");
																																if(_t544 < 0) {
																																	L108:
																																	if(_t538 < 0) {
																																		goto L130;
																																	} else {
																																		asm("popad");
																																	}
																																} else {
																																	L130:
																																	_t356 = _t356 + 1 + _t453;
																																	asm("rol dword [eax], cl");
																																	 *_t356 =  *_t356 + _t356;
																																	 *_t356 =  *_t356 + _t356;
																																	 *_t356 =  *_t356 + _t356;
																																	goto L132;
																																}
																															}
																														}
																													}
																												}
																											} else {
																												asm("popad");
																												goto L106;
																											}
																										} else {
																											if (_t531 < 0) goto L114;
																											if(_t531 < 0) {
																												if(_t539 < 0) {
																													L132:
																													 *_t356 =  *_t356 + _t356;
																													 *_t356 =  *_t356 + _t356;
																													 *_t356 =  *_t356 + _t356;
																													 *_t356 =  *_t356 + _t356;
																													 *_t356 =  *_t356 + _t356;
																													 *_t356 =  *_t356 + _t356;
																													 *_t356 =  *_t356 + _t356;
																													 *_t356 =  *_t356 + _t356;
																													 *_t356 =  *_t356 + _t356;
																													 *_t356 =  *_t356 + _t356;
																													 *_t356 =  *_t356 + _t356;
																													asm("rol dword [eax], cl");
																													_t403 = _t356 + _t453;
																													 *_t403 =  *_t403 + _t403;
																													 *((intOrPtr*)(_t403 + 0x37)) =  *((intOrPtr*)(_t403 + 0x37)) + _t455;
																													_t404 = _t403 + 1;
																													 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t462;
																													 *((intOrPtr*)(_t404 + 0x37)) =  *((intOrPtr*)(_t404 + 0x37)) + _t453;
																													_t356 = _t404 + 1;
																													 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t453;
																													 *((intOrPtr*)(_t356 + 0x37)) =  *((intOrPtr*)(_t356 + 0x37)) + _t462;
																													L133:
																													_t356 = _t356 + 1 + _t453;
																													L134:
																													_t569 = _t569 /  *(_t356 + _t356 * 2);
																													_t366 = _t356 + _t462 ^ 0x00000040;
																													 *_t366 =  *_t366 + _t462;
																													_t356 = _t366 ^ 0x45180040;
																													_t550 = _t356;
																													_push(_t473);
																													asm("popad");
																													if(_t550 < 0) {
																														L149:
																														asm("outsb");
																														if(_t559 == 0) {
																															 *_t356 =  *_t356 + _t462;
																															_t356 = _t356 ^ 0x45150040;
																															_t565 = _t356;
																															_push(_t473);
																															asm("popad");
																															if(_t565 < 0) {
																																_t477 = _t477 + 0xffffffe4;
																																_push(_t453);
																																goto L171;
																															} else {
																																asm("popad");
																																asm("outsb");
																																if(_t565 == 0) {
																																	goto L168;
																																} else {
																																	_t473 =  *(_t453 + 0x70) * 0x68637461;
																																	_t566 = _t473;
																																	goto L160;
																																}
																															}
																														} else {
																															asm("outsb");
																															if(_t559 < 0) {
																																asm("in al, dx");
																																_push(0);
																																_t356 = 0;
																																_push(_t474);
																																_push(0x40d52a);
																																goto L167;
																															} else {
																																asm("arpl [gs:ebp+0x64], si");
																																_t474 =  &_a1;
																																_t560 = _t474;
																																if(_t560 < 0) {
																																	L167:
																																	 *((intOrPtr*)(_t472 + 0x30 + _t472 * 8)) =  *((intOrPtr*)(_t472 + 0x30 + _t472 * 8)) + _t356;
																																	 *[fs:eax] = _t477;
																																	_t384 =  *0x41b568; // 0x4063b8
																																	E00405CDC(_t384, _t455,  &_v8);
																																	E0040A8E4(_v8, 1);
																																	E00403CAC();
																																	L168:
																																	_pop(_t469);
																																	 *[fs:eax] = _t469;
																																	_push(E0040D531);
																																	return E00404274( &_v4);
																																} else {
																																	asm("outsd");
																																	if (_t560 < 0) goto L145;
																																	goto L153;
																																}
																															}
																														}
																													} else {
																														asm("popad");
																														asm("outsb");
																														if(_t550 == 0) {
																															L146:
																															asm("aaa");
																															_t356 = _t356 + 1 + _t453;
																															_t569 = _t569 /  *(_t356 + _t356 * 2);
																															_t392 = _t356 + _t462 ^ 0x00000040;
																															 *_t392 =  *_t392 + _t462;
																															_t356 = _t392 ^ 0x45170040;
																															_t559 = _t356;
																															_push(_t473);
																															asm("popad");
																															if(_t559 < 0) {
																																L160:
																																if(_t566 >= 0) {
																																	L172:
																																	asm("in al, 0x8b");
																																	asm("repne mov ebx, eax");
																																	_push( &_v1);
																																	_push(0x40d5c3);
																																	_push( *[fs:eax]);
																																	 *[fs:eax] = _t477;
																																	E0040F224(_t453, _t453,  &_v20, _t472, _t473);
																																	_v16 = _v20;
																																	_v12 = 0xb;
																																	E0040F224(_t473, _t453,  &_v24, _t472, _t473);
																																	_v8 = _v24;
																																	_v4 = 0xb;
																																	_t375 =  *0x41b464; // 0x4063d0
																																	E00405CDC(_t375, _t455,  &_v28);
																																	E0040A920(_t453, _v28, 1, _t472, _t473, 1,  &_v16);
																																	E00403CAC();
																																	_pop(_t467);
																																	 *[fs:eax] = _t467;
																																	_push(E0040D5CA);
																																	return E00404298( &_v28, 3);
																																} else {
																																	asm("popad");
																																	if(_t566 == 0) {
																																		L171:
																																		_push(_t473);
																																		_t455 = 0;
																																		_v20 = 0;
																																		_v24 = 0;
																																		_v28 = 0;
																																		goto L172;
																																	} else {
																																		_push(0x6f727245);
																																	}
																																}
																															} else {
																																asm("popad");
																																goto L149;
																															}
																														} else {
																															if (_t550 != 0) goto L153;
																															L137:
																															if(_t550 == 0) {
																																L153:
																																asm("enter 0x40d4, 0x0");
																															} else {
																																_t472 = _t472 - 1;
																															}
																														}
																													}
																												} else {
																													asm("outsd");
																												}
																											} else {
																												asm("popad");
																											}
																										}
																									}
																								}
																							} else {
																								_t415 = _t356 + 1;
																								 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t453;
																								 *((intOrPtr*)(_t415 + 0x37)) =  *((intOrPtr*)(_t415 + 0x37)) + _t462;
																								_t420 = (_t415 + 0x00000001 + _t453 ^ 0x00000040) + _t462 ^ 0x00000040;
																								 *_t420 =  *_t420 + _t462;
																								_t356 = _t420 ^ 0x45150040;
																								L79:
																								asm("adc eax, 0x72615645");
																								_t477 =  *(_t455 + 0x6e) * 0x64614274;
																								_t523 = _t477;
																							}
																						} else {
																							asm("outsd");
																							if (_t513 < 0) goto L66;
																							asm("rol byte [eax], cl");
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							L67:
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							 *_t349 =  *_t349 + _t349;
																							_t462 = _t462 + _t462;
																							_t423 = _t349 + 1;
																							 *((intOrPtr*)(_t423 + _t423)) =  *((intOrPtr*)(_t423 + _t423)) + _t455;
																							 *_t423 =  *_t423 + _t423;
																							 *((intOrPtr*)(_t423 + 0x37)) =  *((intOrPtr*)(_t423 + 0x37)) + _t455;
																							_t424 = _t423 + 1;
																							 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t462;
																							 *((intOrPtr*)(_t424 + 0x37)) =  *((intOrPtr*)(_t424 + 0x37)) + _t453;
																							_t425 = _t424 + 1;
																							 *((intOrPtr*)(_t472 + _t473 + 0x40)) =  *((intOrPtr*)(_t472 + _t473 + 0x40)) + _t453;
																							goto L68;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		_t454 = _t453 + 1;
																	}
																}
															}
														} else {
															 *_t356 =  *_t356 + _t356;
															if( *_t356 < 0) {
																goto L6;
															} else {
																_t356 = _t356 + 1;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																 *_t356 =  *_t356 + _t356;
																_t51 = _t356 - 0x30;
																 *_t51 =  *((intOrPtr*)(_t356 - 0x30)) + _t462;
																_t484 =  *_t51;
																goto L16;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}

0x0040cf7a
0x0040cf7a
0x0040cf7a
0x0040cf7a
0x0040cf7a
0x0040cf7a
0x0040cf7b
0x0040cf7e
0x0040cf80
0x0040cf81
0x0040cf84
0x0040cf89
0x0040cf8a
0x0040cf8b
0x0040cf8e
0x0040cf8f
0x0040cf93
0x0040cf9d
0x0040cf9f
0x0040cfa3
0x0040cfa9
0x0040cfaa
0x0040cfab
0x0040cfb1
0x0040cfb3
0x0040cfb9
0x0040cfbb
0x0040cfbf
0x0040cfc7
0x0040cfcb
0x0040cfce
0x0040cfcf
0x0040cfd3
0x0040cfd9
0x0040cfdd
0x0040cfde
0x0040cfdf
0x0040cfe1
0x0040cfe2
0x0040cfe2
0x0040cfe3
0x0040d058
0x0040d058
0x00000000
0x0040d05a
0x0040d05a
0x0040d05b
0x00000000
0x0040d05b
0x0040cfe5
0x0040cfe5
0x0040d056
0x0040d056
0x0040d057
0x0040d057
0x0040d057
0x00000000
0x0040cfe7
0x0040cfe7
0x0040cfe8
0x0040cfe9
0x0040cfea
0x0040d055
0x0040d055
0x00000000
0x0040cfec
0x0040cfec
0x0040cfed
0x0040cfee
0x0040d044
0x0040d044
0x00000000
0x0040d046
0x0040d046
0x0040d047
0x0040d04a
0x0040d04f
0x0040d052
0x0040d053
0x00000000
0x0040d053
0x0040cff0
0x0040cff0
0x0040d062
0x0040d069
0x0040d06b
0x0040d06d
0x00000000
0x0040cff4
0x0040cff4
0x0040cff5
0x0040cff6
0x0040cff6
0x0040cff7
0x0040cff7
0x0040cff9
0x0040cffd
0x0040d073
0x0040d073
0x0040d074
0x00000000
0x0040d076
0x0040d076
0x0040d077
0x0040d078
0x00000000
0x0040d07a
0x0040d07a
0x00000000
0x0040d07a
0x0040d078
0x0040cfff
0x0040cfff
0x0040d000
0x0040d001
0x0040d002
0x0040d003
0x0040d06e
0x0040d06e
0x0040d06f
0x0040d071
0x0040d071
0x0040d072
0x00000000
0x0040d005
0x0040d005
0x0040d006
0x0040d007
0x0040d05d
0x0040d05d
0x0040d05e
0x0040d05f
0x00000000
0x0040d009
0x0040d009
0x0040d07b
0x0040d07b
0x00000000
0x0040d07d
0x0040d07d
0x0040d07e
0x0040d07e
0x00000000
0x0040d07e
0x0040d00b
0x0040d00b
0x0040d00d
0x0040d00e
0x0040d00f
0x0040d015
0x0040d016
0x0040d016
0x0040d016
0x0040d016
0x0040d018
0x0040d018
0x0040d019
0x0040d084
0x0040d084
0x0040d0f5
0x0040d0f7
0x0040d0f9
0x0040d0fb
0x0040d0fd
0x0040d0ff
0x0040d101
0x0040d103
0x0040d105
0x0040d107
0x0040d109
0x0040d10b
0x0040d10d
0x0040d110
0x0040d112
0x0040d117
0x0040d11a
0x0040d11b
0x0040d11f
0x0040d122
0x0040d123
0x0040d127
0x0040d131
0x00000000
0x0040d086
0x0040d086
0x00000000
0x0040d088
0x0040d088
0x0040d08a
0x0040d08b
0x0040d08d
0x0040d08f
0x0040d091
0x0040d091
0x00000000
0x0040d091
0x0040d086
0x0040d01b
0x0040d01b
0x0040d01c
0x0040d01d
0x0040d092
0x0040d092
0x0040d094
0x0040d096
0x0040d098
0x0040d09a
0x0040d09c
0x0040d09e
0x0040d0a0
0x0040d0a2
0x0040d0a4
0x0040d0a6
0x0040d0a8
0x0040d0aa
0x0040d0ab
0x0040d0ae
0x0040d0b3
0x0040d0b6
0x0040d0b7
0x0040d0bb
0x0040d0be
0x0040d0bf
0x0040d0c3
0x0040d0c3
0x0040d0cd
0x0040d0cf
0x0040d0d1
0x0040d0d1
0x0040d0d6
0x0040d0d7
0x0040d0d8
0x0040d143
0x0040d143
0x00000000
0x0040d144
0x0040d144
0x00000000
0x0040d146
0x0040d146
0x0040d147
0x0040d148
0x00000000
0x0040d14a
0x0040d14a
0x00000000
0x0040d14c
0x0040d14c
0x0040d14d
0x00000000
0x0040d14f
0x0040d14f
0x00000000
0x0040d14f
0x0040d14d
0x0040d14a
0x0040d148
0x0040d144
0x0040d0da
0x0040d0da
0x0040d0da
0x0040d0db
0x0040d0dc
0x0040d132
0x0040d132
0x0040d133
0x0040d135
0x0040d135
0x0040d13a
0x0040d13b
0x0040d13c
0x00000000
0x0040d13e
0x0040d13e
0x0040d13f
0x0040d140
0x00000000
0x0040d142
0x0040d142
0x00000000
0x0040d142
0x0040d140
0x0040d0de
0x0040d0de
0x0040d0de
0x0040d0df
0x0040d0df
0x0040d150
0x0040d150
0x0040d151
0x0040d154
0x0040d156
0x0040d158
0x0040d159
0x0040d15a
0x0040d15c
0x0040d15e
0x0040d160
0x0040d162
0x0040d164
0x0040d166
0x0040d168
0x0040d16a
0x0040d16c
0x0040d16e
0x0040d170
0x0040d171
0x0040d174
0x0040d176
0x0040d17b
0x0040d17e
0x0040d17f
0x0040d183
0x0040d186
0x0040d187
0x0040d18b
0x0040d18e
0x0040d18f
0x0040d18f
0x0040d191
0x0040d195
0x0040d197
0x0040d199
0x0040d199
0x0040d19e
0x0040d19f
0x0040d1a0
0x0040d20b
0x0040d20b
0x0040d20d
0x0040d20e
0x00000000
0x0040d210
0x0040d210
0x00000000
0x0040d212
0x0040d212
0x0040d212
0x0040d214
0x00000000
0x00000000
0x00000000
0x00000000
0x0040d214
0x0040d210
0x0040d1a2
0x0040d1a2
0x0040d1a3
0x0040d1a4
0x0040d1ef
0x0040d1ef
0x0040d1f9
0x0040d1fb
0x0040d1fd
0x0040d1fd
0x0040d202
0x0040d203
0x0040d204
0x0040d26f
0x0040d26f
0x0040d271
0x0040d272
0x00000000
0x0040d276
0x0040d276
0x00000000
0x0040d278
0x0040d278
0x0040d279
0x00000000
0x0040d27b
0x0040d27b
0x00000000
0x0040d27b
0x0040d279
0x0040d276
0x0040d206
0x0040d206
0x0040d206
0x0040d207
0x0040d208
0x00000000
0x00000000
0x00000000
0x00000000
0x0040d208
0x0040d1a6
0x0040d1a6
0x0040d1a7
0x0040d1a7
0x0040d20a
0x0040d20a
0x00000000
0x0040d1a9
0x0040d1a9
0x0040d1a9
0x0040d1aa
0x0040d1ac
0x0040d1ac
0x0040d1ad
0x0040d216
0x0040d216
0x0040d217
0x0040d27d
0x0040d27d
0x0040d280
0x0040d282
0x0040d282
0x0040d284
0x00000000
0x0040d219
0x0040d219
0x0040d21c
0x0040d21e
0x0040d220
0x0040d222
0x00000000
0x0040d222
0x0040d1af
0x0040d1af
0x0040d1af
0x0040d1b0
0x0040d224
0x0040d224
0x0040d226
0x0040d228
0x0040d22a
0x0040d22c
0x0040d22e
0x0040d230
0x0040d232
0x0040d234
0x0040d236
0x0040d238
0x0040d23c
0x0040d23e
0x0040d243
0x0040d246
0x0040d247
0x0040d24b
0x0040d24b
0x0040d24b
0x0040d24c
0x0040d24c
0x0040d285
0x0040d285
0x0040d287
0x0040d288
0x0040d288
0x0040d28a
0x0040d28c
0x0040d28e
0x0040d290
0x0040d292
0x0040d294
0x0040d296
0x0040d298
0x0040d29a
0x0040d29c
0x0040d2a0
0x0040d2a2
0x0040d2a7
0x0040d2aa
0x0040d2ab
0x0040d2af
0x0040d2af
0x0040d2af
0x0040d2b0
0x0040d2e9
0x0040d2ea
0x0040d2ea
0x0040d2ec
0x0040d2ee
0x0040d2f0
0x0040d2f2
0x0040d2f4
0x0040d2f6
0x0040d2f8
0x0040d2fa
0x0040d2fc
0x0040d2fe
0x0040d300
0x0040d302
0x0040d304
0x0040d306
0x0040d307
0x0040d30a
0x0040d30f
0x0040d312
0x00000000
0x0040d2b2
0x0040d2b2
0x0040d2b3
0x0040d2b7
0x0040d2ba
0x0040d2bb
0x0040d2c1
0x0040d2c3
0x0040d2c5
0x0040d2c5
0x0040d2ca
0x0040d2cb
0x0040d2cc
0x0040d337
0x0040d337
0x0040d338
0x0040d37b
0x0040d37f
0x0040d382
0x0040d383
0x0040d387
0x0040d391
0x0040d393
0x0040d395
0x0040d395
0x0040d39a
0x0040d39b
0x0040d39c
0x00000000
0x0040d39e
0x0040d39e
0x00000000
0x0040d39e
0x0040d33a
0x0040d33a
0x00000000
0x0040d33a
0x0040d2ce
0x0040d2ce
0x0040d2cf
0x0040d2d0
0x0040d313
0x0040d313
0x0040d317
0x0040d31a
0x0040d31b
0x0040d31f
0x0040d322
0x0040d329
0x0040d32b
0x0040d32d
0x0040d32d
0x0040d332
0x0040d333
0x0040d334
0x0040d39f
0x0040d39f
0x0040d3a0
0x00000000
0x0040d3a2
0x0040d3a2
0x0040d3a3
0x0040d3a3
0x00000000
0x0040d3a5
0x0040d3a5
0x0040d3a6
0x0040d414
0x00000000
0x0040d416
0x0040d416
0x0040d417
0x0040d41b
0x00000000
0x0040d41b
0x0040d3a8
0x0040d3a8
0x0040d3a8
0x0040d3a9
0x0040d41d
0x0040d41d
0x0040d41f
0x0040d421
0x0040d423
0x0040d425
0x0040d427
0x0040d429
0x0040d42b
0x0040d42d
0x0040d42f
0x0040d431
0x0040d433
0x0040d435
0x0040d437
0x0040d43b
0x0040d43e
0x0040d443
0x0040d445
0x0040d446
0x0040d447
0x0040d44b
0x0040d44e
0x0040d44f
0x0040d453
0x00000000
0x0040d3ab
0x0040d3ab
0x0040d3ac
0x0040d33b
0x0040d33b
0x00000000
0x0040d33c
0x0040d33c
0x0040d33c
0x0040d3ae
0x0040d3ae
0x0040d3af
0x0040d3b1
0x0040d3b4
0x0040d3b6
0x0040d3b7
0x00000000
0x0040d3b7
0x0040d3ac
0x0040d3a9
0x0040d3a6
0x0040d3a3
0x0040d336
0x0040d336
0x00000000
0x0040d336
0x0040d2d2
0x0040d2d2
0x0040d2d3
0x0040d346
0x0040d3b9
0x0040d3b9
0x0040d3bb
0x0040d3bd
0x0040d3bf
0x0040d3c1
0x0040d3c3
0x0040d3c5
0x0040d3c7
0x0040d3c9
0x0040d3cb
0x0040d3cd
0x0040d3d1
0x0040d3d4
0x0040d3d6
0x0040d3db
0x0040d3de
0x0040d3df
0x0040d3e3
0x0040d3e6
0x0040d3e7
0x0040d3eb
0x0040d3ee
0x0040d3ef
0x0040d3f0
0x0040d3f0
0x0040d3f5
0x0040d3f7
0x0040d3f9
0x0040d3f9
0x0040d3fe
0x0040d3ff
0x0040d400
0x0040d46b
0x0040d46b
0x0040d46c
0x0040d4c3
0x0040d4c5
0x0040d4c5
0x0040d4ca
0x0040d4cb
0x0040d4cc
0x0040d537
0x0040d53a
0x00000000
0x0040d4ce
0x0040d4ce
0x0040d4cf
0x0040d4d0
0x00000000
0x0040d4d2
0x0040d4d2
0x0040d4d2
0x00000000
0x0040d4d2
0x0040d4d0
0x0040d46e
0x0040d46e
0x0040d46f
0x0040d4e2
0x0040d4e3
0x0040d4e5
0x0040d4e7
0x0040d4e8
0x00000000
0x0040d472
0x0040d472
0x0040d477
0x0040d477
0x0040d478
0x0040d4ec
0x0040d4ec
0x0040d4f0
0x0040d4f6
0x0040d4fb
0x0040d50a
0x0040d50f
0x0040d516
0x0040d516
0x0040d519
0x0040d51c
0x0040d529
0x0040d47a
0x0040d47a
0x0040d47b
0x00000000
0x0040d47b
0x0040d478
0x0040d46f
0x0040d402
0x0040d402
0x0040d403
0x0040d404
0x0040d455
0x0040d455
0x0040d457
0x0040d458
0x0040d45d
0x0040d45f
0x0040d461
0x0040d461
0x0040d466
0x0040d467
0x0040d468
0x0040d4d3
0x0040d4d3
0x0040d545
0x0040d546
0x0040d548
0x0040d54d
0x0040d54e
0x0040d553
0x0040d556
0x0040d55e
0x0040d566
0x0040d569
0x0040d572
0x0040d57a
0x0040d57d
0x0040d58a
0x0040d58f
0x0040d59e
0x0040d5a3
0x0040d5aa
0x0040d5ad
0x0040d5b0
0x0040d5c2
0x0040d4d5
0x0040d4d5
0x0040d4d6
0x0040d53b
0x0040d53b
0x0040d53c
0x0040d53e
0x0040d541
0x0040d544
0x00000000
0x0040d4d8
0x0040d4d8
0x0040d4d8
0x0040d4d6
0x0040d46a
0x0040d46a
0x00000000
0x0040d46a
0x0040d406
0x0040d406
0x0040d407
0x0040d407
0x0040d47c
0x0040d47c
0x0040d408
0x0040d408
0x0040d408
0x0040d407
0x0040d404
0x0040d347
0x0040d347
0x0040d347
0x0040d2d4
0x0040d2d4
0x0040d2d4
0x0040d2d3
0x0040d2d0
0x0040d2cc
0x0040d24e
0x0040d24e
0x0040d24f
0x0040d253
0x0040d25d
0x0040d25f
0x0040d261
0x0040d264
0x0040d264
0x0040d269
0x0040d269
0x0040d269
0x0040d1b2
0x0040d1b2
0x0040d1b3
0x0040d1b5
0x0040d1b8
0x0040d1ba
0x0040d1bc
0x0040d1be
0x0040d1be
0x0040d1c0
0x0040d1c2
0x0040d1c4
0x0040d1c6
0x0040d1c8
0x0040d1ca
0x0040d1cc
0x0040d1ce
0x0040d1d0
0x0040d1d2
0x0040d1d4
0x0040d1d6
0x0040d1d7
0x0040d1da
0x0040d1df
0x0040d1e2
0x0040d1e3
0x0040d1e7
0x0040d1ea
0x0040d1eb
0x00000000
0x0040d1eb
0x0040d1b0
0x0040d1ad
0x0040d1a7
0x0040d1a4
0x0040d0e0
0x0040d0e0
0x0040d0e0
0x0040d0df
0x0040d0dc
0x0040d01f
0x0040d01f
0x0040d024
0x00000000
0x0040d026
0x0040d026
0x0040d027
0x0040d029
0x0040d02b
0x0040d02d
0x0040d02f
0x0040d031
0x0040d033
0x0040d035
0x0040d037
0x0040d039
0x0040d03b
0x0040d03d
0x0040d03f
0x0040d041
0x0040d043
0x0040d043
0x0040d043
0x00000000
0x0040d043
0x0040d024
0x0040d01d
0x0040d019
0x0040d009
0x0040d007
0x0040d003
0x0040cffd
0x0040cff0
0x0040cfee
0x0040cfea
0x0040cfe5

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a47e2b7796ac3062c4901bfcfb0ba1246f940f142666487626629eef992ffd3d
Instruction ID: 9e9c60d98978b3a51ccc6c5d69d27c0464752141fe1159a5ee44064a4744e25d
Opcode Fuzzy Hash: a47e2b7796ac3062c4901bfcfb0ba1246f940f142666487626629eef992ffd3d
Instruction Fuzzy Hash: 5C12F36280C7C25FCB5397F00A655957FA0BE0321875A11FFC8D2AB5E3D2AD890B931E

Uniqueness

Uniqueness Score: -1.00%

Function 0040CBBC Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040CBBC() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleA("oleaut32.dll");
				 *0x41c79c = E0040CB90("VariantChangeTypeEx", E0040C72C, _t91);
				 *0x41c7a0 = E0040CB90("VarNeg", E0040C75C, _t91);
				 *0x41c7a4 = E0040CB90("VarNot", E0040C75C, _t91);
				 *0x41c7a8 = E0040CB90("VarAdd", E0040C768, _t91);
				 *0x41c7ac = E0040CB90("VarSub", E0040C768, _t91);
				 *0x41c7b0 = E0040CB90("VarMul", E0040C768, _t91);
				 *0x41c7b4 = E0040CB90("VarDiv", E0040C768, _t91);
				 *0x41c7b8 = E0040CB90("VarIdiv", E0040C768, _t91);
				 *0x41c7bc = E0040CB90("VarMod", E0040C768, _t91);
				 *0x41c7c0 = E0040CB90("VarAnd", E0040C768, _t91);
				 *0x41c7c4 = E0040CB90("VarOr", E0040C768, _t91);
				 *0x41c7c8 = E0040CB90("VarXor", E0040C768, _t91);
				 *0x41c7cc = E0040CB90("VarCmp", E0040C774, _t91);
				 *0x41c7d0 = E0040CB90("VarI4FromStr", E0040C780, _t91);
				 *0x41c7d4 = E0040CB90("VarR4FromStr", E0040C7EC, _t91);
				 *0x41c7d8 = E0040CB90("VarR8FromStr", E0040C858, _t91);
				 *0x41c7dc = E0040CB90("VarDateFromStr", E0040C8C4, _t91);
				 *0x41c7e0 = E0040CB90("VarCyFromStr", E0040C930, _t91);
				 *0x41c7e4 = E0040CB90("VarBoolFromStr", E0040C99C, _t91);
				 *0x41c7e8 = E0040CB90("VarBstrFromCy", E0040CA1C, _t91);
				 *0x41c7ec = E0040CB90("VarBstrFromDate", E0040CA8C, _t91);
				_t46 = E0040CB90("VarBstrFromBool", E0040CAFC, _t91);
				 *0x41c7f0 = _t46;
				return _t46;
			}

0x0040cbca
0x0040cbde
0x0040cbf4
0x0040cc0a
0x0040cc20
0x0040cc36
0x0040cc4c
0x0040cc62
0x0040cc78
0x0040cc8e
0x0040cca4
0x0040ccba
0x0040ccd0
0x0040cce6
0x0040ccfc
0x0040cd12
0x0040cd28
0x0040cd3e
0x0040cd54
0x0040cd6a
0x0040cd80
0x0040cd96
0x0040cda6
0x0040cdac
0x0040cdb3

APIs

GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 0040CBC5

Part of subcall function 0040CB90: 6C9C5550.KERNEL32(00000000), ref: 0040CBA9

Strings

VarR8FromStr, xrefs: 0040CD1D
VarAnd, xrefs: 0040CC99
VarXor, xrefs: 0040CCC5
VarMul, xrefs: 0040CC41
VarOr, xrefs: 0040CCAF
VarR4FromStr, xrefs: 0040CD07
VarDateFromStr, xrefs: 0040CD33
VarIdiv, xrefs: 0040CC6D
VarCmp, xrefs: 0040CCDB
VarMod, xrefs: 0040CC83
VarNot, xrefs: 0040CBFF
VariantChangeTypeEx, xrefs: 0040CBD3
VarBstrFromBool, xrefs: 0040CDA1
VarBoolFromStr, xrefs: 0040CD5F
VarCyFromStr, xrefs: 0040CD49
VarDiv, xrefs: 0040CC57
VarSub, xrefs: 0040CC2B
VarNeg, xrefs: 0040CBE9
VarBstrFromCy, xrefs: 0040CD75
VarBstrFromDate, xrefs: 0040CD8B
oleaut32.dll, xrefs: 0040CBC0
VarI4FromStr, xrefs: 0040CCF1
VarAdd, xrefs: 0040CC15

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: C5550HandleModule
String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
API String ID: 373995266-1918263038
Opcode ID: df62eca1142ed377255fd7d83bd285eaa64c744c6978d706885a5ee7bf40ee5e
Instruction ID: 57917c57f5ea6710641372b8d9229830467c6fb6e486ab123074dfbc342f850c
Opcode Fuzzy Hash: df62eca1142ed377255fd7d83bd285eaa64c744c6978d706885a5ee7bf40ee5e
Instruction Fuzzy Hash: 7C414A62644306DAE300BB6EBCD286677E9D648B14360C33BB414FB6C2CB78B8404F6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040A81C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 56
filewindowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A81C(void* __edx, void* __edi, void* __fp0) {
				void _v1024;
				char _v1088;
				long _v1092;
				void* _t12;
				char* _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t24;
				long _t32;

				_t40 = __edx;
				E0040A684(_t12,  &_v1024, __edx, __fp0, 0x400);
				_t14 =  *0x41b5dc; // 0x41c044
				if( *_t14 == 0) {
					_t16 =  *0x41b4c0; // 0x406370
					_t9 = _t16 + 4; // 0xffe9
					_t18 =  *0x41c660; // 0x400000
					LoadStringA(E004051DC(_t18,  &_v1024, _t40),  *_t9,  &_v1088, 0x40);
					return MessageBoxA(0,  &_v1024,  &_v1088, 0x2010);
				}
				_t24 =  *0x41b4e4; // 0x41c214
				E00402B08(E00402E98(_t24));
				CharToOemA( &_v1024,  &_v1024);
				_t32 = E00407A58( &_v1024, __edi);
				WriteFile(GetStdHandle(0xfffffff4),  &_v1024, _t32,  &_v1092, 0);
				return WriteFile(GetStdHandle(0xfffffff4), 0x40a8e0, 2,  &_v1092, 0);
			}

0x0040a81c
0x0040a82b
0x0040a830
0x0040a838
0x0040a89f
0x0040a8a4
0x0040a8a8
0x0040a8b3
0x00000000
0x0040a8c9
0x0040a83a
0x0040a844
0x0040a853
0x0040a863
0x0040a876
0x00000000

APIs

Part of subcall function 0040A684: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040A6A0
Part of subcall function 0040A684: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040A6C4
Part of subcall function 0040A684: GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040A6DF
Part of subcall function 0040A684: LoadStringA.USER32(00000000,0000FFE8,?,00000100), ref: 0040A783

CharToOemA.USER32(?,?), ref: 0040A853
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 0040A870
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0040A876
GetStdHandle.KERNEL32(000000F4,0040A8E0,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0040A88B
WriteFile.KERNEL32(00000000,000000F4,0040A8E0,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0040A891
LoadStringA.USER32(00000000,0000FFE9,?,00000040), ref: 0040A8B3
MessageBoxA.USER32(00000000,?,?,00002010), ref: 0040A8C9

Strings

pc@, xrefs: 0040A89F

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
String ID: pc@
API String ID: 185507032-2478622902
Opcode ID: 2bde84290078e9086633ad6f9a4ae5eb5a223b34b829168389f46d6593801389
Instruction ID: d9603d027e22e0aad42ced27b1ac745bb473868b2e33e18d5488b1dcf175cf74
Opcode Fuzzy Hash: 2bde84290078e9086633ad6f9a4ae5eb5a223b34b829168389f46d6593801389
Instruction Fuzzy Hash: DD115EB2544304AAD600F795CC86F8F77ACAB45704F40893BB745EA0E3DA79E9148B6A

Uniqueness

Uniqueness Score: -1.00%

Function 0040B844 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201
threadCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E0040B844(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t104;
				void* _t111;
				void* _t133;
				intOrPtr _t183;
				intOrPtr _t193;
				intOrPtr _t194;

				_t191 = __esi;
				_t190 = __edi;
				_t193 = _t194;
				_t133 = 8;
				do {
					_push(0);
					_push(0);
					_t133 = _t133 - 1;
				} while (_t133 != 0);
				_push(__ebx);
				_push(_t193);
				_push(0x40bb0f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				E0040B6CC();
				E0040A1C8(__ebx, __edi, __esi);
				_t196 =  *0x41c748;
				if( *0x41c748 != 0) {
					E0040A3A0(__esi, _t196);
				}
				_t132 = GetThreadLocale();
				E0040A118(_t43, 0, 0x14,  &_v20);
				E004042C8(0x41c67c, _v20);
				E0040A118(_t43, 0x40bb24, 0x1b,  &_v24);
				 *0x41c680 = E004075CC(0x40bb24, 0, _t196);
				E0040A118(_t132, 0x40bb24, 0x1c,  &_v28);
				 *0x41c681 = E004075CC(0x40bb24, 0, _t196);
				 *0x41c682 = E0040A164(_t132, 0x2c, 0xf);
				 *0x41c683 = E0040A164(_t132, 0x2e, 0xe);
				E0040A118(_t132, 0x40bb24, 0x19,  &_v32);
				 *0x41c684 = E004075CC(0x40bb24, 0, _t196);
				 *0x41c685 = E0040A164(_t132, 0x2f, 0x1d);
				E0040A118(_t132, "m/d/yy", 0x1f,  &_v40);
				E0040A450(_v40, _t132,  &_v36, _t190, _t191, _t196);
				E004042C8(0x41c688, _v36);
				E0040A118(_t132, "mmmm d, yyyy", 0x20,  &_v48);
				E0040A450(_v48, _t132,  &_v44, _t190, _t191, _t196);
				E004042C8(0x41c68c, _v44);
				 *0x41c690 = E0040A164(_t132, 0x3a, 0x1e);
				E0040A118(_t132, 0x40bb58, 0x28,  &_v52);
				E004042C8(0x41c694, _v52);
				E0040A118(_t132, 0x40bb64, 0x29,  &_v56);
				E004042C8(0x41c698, _v56);
				E00404274( &_v12);
				E00404274( &_v16);
				E0040A118(_t132, 0x40bb24, 0x25,  &_v60);
				_t104 = E004075CC(0x40bb24, 0, _t196);
				_t197 = _t104;
				if(_t104 != 0) {
					E0040430C( &_v8, 0x40bb7c);
				} else {
					E0040430C( &_v8, 0x40bb70);
				}
				E0040A118(_t132, 0x40bb24, 0x23,  &_v64);
				_t111 = E004075CC(0x40bb24, 0, _t197);
				_t198 = _t111;
				if(_t111 == 0) {
					E0040A118(_t132, 0x40bb24, 0x1005,  &_v68);
					if(E004075CC(0x40bb24, 0, _t198) != 0) {
						E0040430C( &_v12, 0x40bb98);
					} else {
						E0040430C( &_v16, 0x40bb88);
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E004045F4();
				_push(_v12);
				_push(_v8);
				_push(":mm:ss");
				_push(_v16);
				E004045F4();
				 *0x41c74a = E0040A164(_t132, 0x2c, 0xc);
				_pop(_t183);
				 *[fs:eax] = _t183;
				_push(E0040BB16);
				return E00404298( &_v68, 0x10);
			}

0x0040b844
0x0040b844
0x0040b845
0x0040b847
0x0040b84c
0x0040b84c
0x0040b84e
0x0040b850
0x0040b850
0x0040b853
0x0040b856
0x0040b857
0x0040b85c
0x0040b85f
0x0040b862
0x0040b867
0x0040b86c
0x0040b873
0x0040b875
0x0040b875
0x0040b87f
0x0040b88e
0x0040b89b
0x0040b8b0
0x0040b8bf
0x0040b8d4
0x0040b8e3
0x0040b8f6
0x0040b909
0x0040b91e
0x0040b92d
0x0040b940
0x0040b955
0x0040b960
0x0040b96d
0x0040b982
0x0040b98d
0x0040b99a
0x0040b9ad
0x0040b9c2
0x0040b9cf
0x0040b9e4
0x0040b9f1
0x0040b9f9
0x0040ba01
0x0040ba16
0x0040ba20
0x0040ba25
0x0040ba27
0x0040ba40
0x0040ba29
0x0040ba31
0x0040ba31
0x0040ba55
0x0040ba5f
0x0040ba64
0x0040ba66
0x0040ba78
0x0040ba89
0x0040baa2
0x0040ba8b
0x0040ba93
0x0040ba93
0x0040ba89
0x0040baa7
0x0040baaa
0x0040baad
0x0040bab2
0x0040babf
0x0040bac4
0x0040bac7
0x0040baca
0x0040bacf
0x0040badc
0x0040baef
0x0040baf6
0x0040baf9
0x0040bafc
0x0040bb0e

APIs

GetThreadLocale.KERNEL32(00000000,0040BB0F,?,?,00000000,00000000), ref: 0040B87A

Part of subcall function 0040A118: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040A136

Strings

:mm:ss, xrefs: 0040BACA
AMPM , xrefs: 0040BA9D
m/d/yy, xrefs: 0040B949
:mm, xrefs: 0040BAAD
mmmm d, yyyy, xrefs: 0040B976
AMPM, xrefs: 0040BA8E

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: Locale$InfoThread
String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
API String ID: 4232894706-2493093252
Opcode ID: aba40283fa732082eee35e2493008fa2edd7ee3b1a88207f10767889dd2fa3d0
Instruction ID: d04bf891cb3d381fedf09fba099abf0d9f692de31019415b70cfdd81836d4eed
Opcode Fuzzy Hash: aba40283fa732082eee35e2493008fa2edd7ee3b1a88207f10767889dd2fa3d0
Instruction Fuzzy Hash: E6613C307402499BDB00EBA5DC81A9E76B5DB88304F50E57BB501BB7CACB3CE905979D

Uniqueness

Uniqueness Score: -1.00%

Function 0040DD3C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E0040DD3C(short* __eax, intOrPtr __ecx, intOrPtr* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				intOrPtr _v792;
				signed short* _v796;
				char _v800;
				char _v804;
				intOrPtr* _v808;
				void* __ebp;
				signed char _t51;
				signed int _t58;
				void* _t66;
				intOrPtr* _t78;
				intOrPtr* _t96;
				void* _t98;
				void* _t100;
				void* _t103;
				void* _t104;
				intOrPtr* _t114;
				void* _t118;
				char* _t119;
				void* _t120;

				_t105 = __ecx;
				_v780 = __ecx;
				_t96 = __edx;
				_v776 = __eax;
				if(( *(__edx + 1) & 0x00000020) == 0) {
					E0040D968(0x80070057);
				}
				_t51 =  *_t96;
				if((_t51 & 0x00000fff) != 0xc) {
					_push(_t96);
					_push(_v776);
					L0040C71C();
					return E0040D968(_v776);
				} else {
					if((_t51 & 0x00000040) == 0) {
						_v796 =  *((intOrPtr*)(_t96 + 8));
					} else {
						_v796 =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 8))));
					}
					_v788 =  *_v796 & 0x0000ffff;
					_t98 = _v788 - 1;
					if(_t98 < 0) {
						L9:
						_push( &_v772);
						_t58 = _v788;
						_push(_t58);
						_push(0xc);
						L0040CB70();
						_v792 = _t58;
						if(_v792 == 0) {
							E0040D6C0(_t105);
						}
						E0040DC94(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _v792;
						_t100 = _v788 - 1;
						if(_t100 < 0) {
							L14:
							_t102 = _v788 - 1;
							if(E0040DCB0(_v788 - 1, _t120) != 0) {
								L0040CB88();
								E0040D968(_v796);
								L0040CB88();
								E0040D968(_v792);
								_v780(_v792,  &_v260,  &_v804, _v796,  &_v260,  &_v800);
							}
							_t66 = E0040DCE0(_t102, _t120);
						} else {
							_t103 = _t100 + 1;
							_t78 =  &_v768;
							_t114 =  &_v260;
							do {
								 *_t114 =  *_t78;
								_t114 = _t114 + 4;
								_t78 = _t78 + 8;
								_t103 = _t103 - 1;
							} while (_t103 != 0);
							do {
								goto L14;
							} while (_t66 != 0);
							return _t66;
						}
					} else {
						_t104 = _t98 + 1;
						_t118 = 0;
						_t119 =  &_v772;
						do {
							_v808 = _t119;
							_push(_v808 + 4);
							_t18 = _t118 + 1; // 0x1
							_push(_v796);
							L0040CB78();
							E0040D968(_v796);
							_push( &_v784);
							_t21 = _t118 + 1; // 0x1
							_push(_v796);
							L0040CB80();
							E0040D968(_v796);
							 *_v808 = _v784 -  *((intOrPtr*)(_v808 + 4)) + 1;
							_t118 = _t118 + 1;
							_t119 = _t119 + 8;
							_t104 = _t104 - 1;
						} while (_t104 != 0);
						goto L9;
					}
				}
			}

0x0040dd3c
0x0040dd48
0x0040dd4e
0x0040dd50
0x0040dd5a
0x0040dd61
0x0040dd61
0x0040dd66
0x0040dd74
0x0040df02
0x0040df09
0x0040df0a
0x00000000
0x0040dd7a
0x0040dd7d
0x0040dd8f
0x0040dd7f
0x0040dd84
0x0040dd84
0x0040dd9e
0x0040ddaa
0x0040ddad
0x0040de1a
0x0040de20
0x0040de21
0x0040de27
0x0040de28
0x0040de2a
0x0040de2f
0x0040de3c
0x0040de3e
0x0040de3e
0x0040de49
0x0040de54
0x0040de65
0x0040de6e
0x0040de71
0x0040de8d
0x0040de94
0x0040de9f
0x0040deb6
0x0040debb
0x0040ded5
0x0040deda
0x0040deed
0x0040deed
0x0040def6
0x0040de73
0x0040de73
0x0040de74
0x0040de7a
0x0040de80
0x0040de82
0x0040de84
0x0040de87
0x0040de8a
0x0040de8a
0x0040de8d
0x00000000
0x00000000
0x00000000
0x0040de8d
0x0040ddaf
0x0040ddaf
0x0040ddb0
0x0040ddb2
0x0040ddb8
0x0040ddba
0x0040ddc9
0x0040ddca
0x0040ddd4
0x0040ddd5
0x0040ddda
0x0040dde5
0x0040dde6
0x0040ddf0
0x0040ddf1
0x0040ddf6
0x0040de11
0x0040de13
0x0040de14
0x0040de17
0x0040de17
0x00000000
0x0040ddb8
0x0040ddad

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0040DDD5
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0040DDF1
SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0040DE2A
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0040DEB6
SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0040DED5
VariantCopy.OLEAUT32(?), ref: 0040DF0A

Strings

, xrefs: 0040DD56

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: ArraySafe$BoundIndex$CopyCreateVariant
String ID:
API String ID: 351091851-3916222277
Opcode ID: 8eadc968cc04d99d259176c1e8707c96ed514381868dcf456482f3187c2b6f4b
Instruction ID: d5681007b433e3dcaf87354e197aa698f842d7f30207d7d82da0ee3e336bc147
Opcode Fuzzy Hash: 8eadc968cc04d99d259176c1e8707c96ed514381868dcf456482f3187c2b6f4b
Instruction Fuzzy Hash: 2251DA7590061D9BCB62DB99CC81BD9B3BCAF4C304F4041EAA509F7291D674AF898F68

Uniqueness

Uniqueness Score: -1.00%

Function 00405DFD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405DFD(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				long _t11;
				void* _t16;

				_t16 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x41c5b4)) =  *((intOrPtr*)(__eax - 0x41c5b4)) + __eax - 0x41c5b4;
				 *0x41a00c = 2;
				 *0x41c014 = 0x4011a8;
				 *0x41c018 = 0x4011b0;
				 *0x41c046 = 2;
				 *0x41c000 = E00404EF4;
				if(E00403384() != 0) {
					_t3 = E004033B4();
				}
				E00403478(_t3);
				 *0x41c04c = 0xd7b0;
				 *0x41c218 = 0xd7b0;
				 *0x41c3e4 = 0xd7b0;
				 *0x41c03c = GetCommandLineA();
				 *0x41c038 = E004012C8();
				if((GetVersion() & 0x80000000) == 0x80000000) {
					 *0x41c5b8 = E00405D34(GetThreadLocale(), _t16, __eflags);
				} else {
					if((GetVersion() & 0x000000ff) <= 4) {
						 *0x41c5b8 = E00405D34(GetThreadLocale(), _t16, __eflags);
					} else {
						 *0x41c5b8 = 3;
					}
				}
				_t11 = GetCurrentThreadId();
				 *0x41c030 = _t11;
				return _t11;
			}

0x00405dfd
0x00405e02
0x00405e07
0x00405e09
0x00405e10
0x00405e1a
0x00405e24
0x00405e2b
0x00405e3c
0x00405e3e
0x00405e3e
0x00405e43
0x00405e48
0x00405e51
0x00405e5a
0x00405e68
0x00405e72
0x00405e86
0x00405ebf
0x00405e88
0x00405e96
0x00405eae
0x00405e98
0x00405e98
0x00405e98
0x00405e96
0x00405ec4
0x00405ec9
0x00405ece

APIs

Part of subcall function 00403384: GetKeyboardType.USER32(00000000), ref: 00403389
Part of subcall function 00403384: GetKeyboardType.USER32(00000001), ref: 00403395

GetCommandLineA.KERNEL32 ref: 00405E63
GetVersion.KERNEL32 ref: 00405E77
GetVersion.KERNEL32 ref: 00405E88
GetCurrentThreadId.KERNEL32 ref: 00405EC4

Part of subcall function 004033B4: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00403425,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403409
Part of subcall function 004033B4: RegCloseKey.ADVAPI32(?,0040342C,00000000,?,00000004,00000000,00403425,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040341F

GetThreadLocale.KERNEL32 ref: 00405EA4

Part of subcall function 00405D34: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00405D9A), ref: 00405D5A

Strings

x5D, xrefs: 00405E68

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineQueryValue
String ID: x5D
API String ID: 4066144866-1982048197
Opcode ID: 61f0c858b39e931c660d9119577f98695f271dcec85377300596aa787e165625
Instruction ID: 1477369c19d19e71f8a302857fe0a9b8cf8659b04ec342638a5f7207f07fede1
Opcode Fuzzy Hash: 61f0c858b39e931c660d9119577f98695f271dcec85377300596aa787e165625
Instruction Fuzzy Hash: 120130B0894641DDD710BFA1ECCA38A3E61AB05349F50C57F9140BA2F3DB7C42458BAE

Uniqueness

Uniqueness Score: -1.00%

Function 004040F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38
filewindowCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E004040F0(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x41c044 == 0) {
					if( *0x41a034 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x41c218 == 0xd7b2 &&  *0x41c220 > 0) {
						 *0x41c230();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), 0x404178, 2,  &_v4, 0);
				}
			}

0x004040f8
0x00404158
0x00404168
0x00404168
0x0040416e
0x004040fa
0x00404103
0x00404113
0x00404113
0x0040412f
0x00404150
0x00404150

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,00000000,00000000,?,004041BA,?,00000000,00000000,?,00000002,00404266,00402AAF,00402AF7,00000000), ref: 00404129
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,00000000,00000000,?,004041BA,?,00000000,00000000,?,00000002,00404266,00402AAF,00402AF7), ref: 0040412F
GetStdHandle.KERNEL32(000000F5,00404178,00000002,00000000,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,00000000,00000000,?,004041BA,?,00000000,00000000), ref: 00404144
WriteFile.KERNEL32(00000000,000000F5,00404178,00000002,00000000,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,00000000,00000000,?,004041BA,?,00000000), ref: 0040414A
MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404168

Strings

Error, xrefs: 0040415C
Runtime error at 00000000, xrefs: 00404122, 00404161

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: FileHandleWrite$Message
String ID: Error$Runtime error at 00000000
API String ID: 1570097196-2970929446
Opcode ID: 6505f6cabf1d03bd0f7951643f055f9dca0c8a3ca487ac6b2f30b75eb1997fb3
Instruction ID: 2f9c013ac3e44dc23c3a2affda7ff87c8faef24a3e1d61ca967936919d4342d4
Opcode Fuzzy Hash: 6505f6cabf1d03bd0f7951643f055f9dca0c8a3ca487ac6b2f30b75eb1997fb3
Instruction Fuzzy Hash: 74F096B0AD134479E620B7E09D4BFD62558479CB55F60467BB3107C0E2C7BC54C4822E

Uniqueness

Uniqueness Score: -1.00%

Function 00402BDC Relevance: 11.4, APIs: 9, Instructions: 151
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402BDC(CHAR* __eax, CHAR* __edx) {
				char _t67;
				char _t68;
				char _t69;
				CHAR** _t74;
				CHAR** _t75;
				void* _t76;
				void* _t77;
				CHAR** _t78;

				_t78[1] = __edx;
				 *_t78 = __eax;
				_t75 = _t78;
				_t74 =  &(_t78[5]);
				while(1) {
					L2:
					_t67 =  *( *_t75);
					if(_t67 != 0 && _t67 <= 0x20) {
						 *_t75 = CharNextA( *_t75);
					}
					L2:
					_t67 =  *( *_t75);
					if(_t67 != 0 && _t67 <= 0x20) {
						 *_t75 = CharNextA( *_t75);
					}
					L4:
					if( *( *_t75) != 0x22 || ( *_t75)[1] != 0x22) {
						_t76 = 0;
						_t78[3] =  *_t75;
						while( *( *_t75) > 0x20) {
							if( *( *_t75) != 0x22) {
								 *_t74 = CharNextA( *_t75);
								_t76 = _t76 +  *_t74 -  *_t75;
								 *_t75 =  *_t74;
								continue;
							}
							 *_t75 = CharNextA( *_t75);
							while(1) {
								_t69 =  *( *_t75);
								if(_t69 == 0 || _t69 == 0x22) {
									break;
								}
								 *_t74 = CharNextA( *_t75);
								_t76 = _t76 +  *_t74 -  *_t75;
								 *_t75 =  *_t74;
							}
							if( *( *_t75) != 0) {
								 *_t75 = CharNextA( *_t75);
							}
						}
						E00404864(_t78[1], _t76);
						 *_t75 = _t78[3];
						_t78[4] =  *(_t78[1]);
						_t77 = 0;
						while( *( *_t75) > 0x20) {
							if( *( *_t75) != 0x22) {
								 *_t74 = CharNextA( *_t75);
								if( *_t75 >=  *_t74) {
									continue;
								} else {
									goto L27;
								}
								do {
									L27:
									_t78[4][_t77] =  *( *_t75);
									 *_t75 =  &(( *_t75)[1]);
									_t77 = _t77 + 1;
								} while ( *_t75 <  *_t74);
								continue;
							}
							 *_t75 = CharNextA( *_t75);
							while(1) {
								_t68 =  *( *_t75);
								if(_t68 == 0 || _t68 == 0x22) {
									break;
								}
								 *_t74 = CharNextA( *_t75);
								if( *_t75 >=  *_t74) {
									continue;
								} else {
									goto L21;
								}
								do {
									L21:
									_t78[4][_t77] =  *( *_t75);
									 *_t75 =  &(( *_t75)[1]);
									_t77 = _t77 + 1;
								} while ( *_t75 <  *_t74);
							}
							if( *( *_t75) != 0) {
								 *_t75 = CharNextA( *_t75);
							}
						}
						_t78[2] =  *_t75;
						return _t78[2];
					} else {
						 *_t75 =  &(( *_t75)[2]);
						continue;
					}
				}
			}

0x00402be3
0x00402be7
0x00402bea
0x00402bec
0x00402bfc
0x00402bfc
0x00402bfe
0x00402c02
0x00402bfa
0x00402bfa
0x00402bfc
0x00402bfe
0x00402c02
0x00402bfa
0x00402bfa
0x00402c09
0x00402c0e
0x00402c1d
0x00402c21
0x00402c82
0x00402c2c
0x00402c76
0x00402c7c
0x00402c80
0x00000000
0x00402c80
0x00402c36
0x00402c4e
0x00402c50
0x00402c54
0x00000000
0x00000000
0x00402c42
0x00402c48
0x00402c4c
0x00402c4c
0x00402c60
0x00402c6a
0x00402c6a
0x00402c60
0x00402c8f
0x00402c98
0x00402ca0
0x00402ca4
0x00402d23
0x00402cad
0x00402d07
0x00402d0d
0x00000000
0x00000000
0x00000000
0x00000000
0x00402d0f
0x00402d0f
0x00402d17
0x00402d1a
0x00402d1c
0x00402d1f
0x00000000
0x00402d0f
0x00402cb7
0x00402cdf
0x00402ce1
0x00402ce5
0x00000000
0x00000000
0x00402cc3
0x00402cc9
0x00000000
0x00000000
0x00000000
0x00000000
0x00402ccb
0x00402ccb
0x00402cd3
0x00402cd6
0x00402cd8
0x00402cdb
0x00402ccb
0x00402cf1
0x00402cfb
0x00402cfb
0x00402cf1
0x00402d30
0x00402d3f
0x00402c18
0x00402c18
0x00000000
0x00402c18
0x00402c0e

APIs

CharNextA.USER32(00000000), ref: 00402C31
CharNextA.USER32(00000000,00000000), ref: 00402C3D
CharNextA.USER32(00000000,00000000), ref: 00402C65
CharNextA.USER32(00000000), ref: 00402C71
CharNextA.USER32(?,00000000), ref: 00402CB2
CharNextA.USER32(00000000,?,00000000), ref: 00402CBE
CharNextA.USER32(00000000,?,00000000), ref: 00402CF6
CharNextA.USER32(?,00000000), ref: 00402D02

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: CharNext
String ID:
API String ID: 3213498283-0
Opcode ID: d6b52474597a5abc507ddabcdd3964fca687d1123cb36b58bea3612f69ca448d
Instruction ID: 44aa21a944bd816be20f660331d5c98b9a736c3c74b6b812ee505bb736317220
Opcode Fuzzy Hash: d6b52474597a5abc507ddabcdd3964fca687d1123cb36b58bea3612f69ca448d
Instruction Fuzzy Hash: C4510B706082829FE361DF6CC588A19BBE0EF5A340B640C6EE5C1EB391D378AC40DB59

Uniqueness

Uniqueness Score: -1.00%

Function 00401C0C Relevance: 9.1, APIs: 6, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E00401C0C() {
				void* _v8;
				intOrPtr* _v12;
				void* _t13;
				void* _t15;
				intOrPtr* _t18;
				void* _t31;
				void* _t37;
				intOrPtr _t42;
				void* _t44;
				void* _t46;
				intOrPtr _t47;

				_t44 = _t46;
				_t47 = _t46 + 0xfffffff8;
				if( *0x41c5bc == 0) {
					return _t13;
				} else {
					_push(_t44);
					_push(E00401D00);
					_push( *[fs:eax]);
					 *[fs:eax] = _t47;
					if( *0x41c045 != 0) {
						_push(0x41c5c4);
						L00401314();
					}
					 *0x41c5bc = 0;
					_t15 =  *0x41c61c; // 0x46de58
					LocalFree(_t15);
					 *0x41c61c = 0;
					_t18 =  *0x41c5e4; // 0x46c334
					_v12 = _t18;
					while(0x41c5e4 != _v12) {
						VirtualFree( *(_v12 + 8), 0, 0x8000);
						_v12 =  *_v12;
					}
					E004013B0(0x41c5e4);
					E004013B0(0x41c5f4);
					E004013B0(0x41c620);
					_t31 =  *0x41c5dc; // 0x46bd00
					_v8 = _t31;
					while(_v8 != 0) {
						 *0x41c5dc =  *_v8;
						LocalFree(_v8);
						_t37 =  *0x41c5dc; // 0x46bd00
						_v8 = _t37;
					}
					_pop(_t42);
					 *[fs:eax] = _t42;
					_push(0x401d07);
					if( *0x41c045 != 0) {
						_push(0x41c5c4);
						L0040131C();
					}
					_push(0x41c5c4);
					L00401324();
					return 0;
				}
			}

0x00401c0d
0x00401c0f
0x00401c19
0x00401d0a
0x00401c1f
0x00401c21
0x00401c22
0x00401c27
0x00401c2a
0x00401c34
0x00401c36
0x00401c3b
0x00401c3b
0x00401c40
0x00401c47
0x00401c4d
0x00401c54
0x00401c59
0x00401c5e
0x00401c7e
0x00401c71
0x00401c7b
0x00401c7b
0x00401c8d
0x00401c97
0x00401ca1
0x00401ca6
0x00401cab
0x00401cb2
0x00401cb9
0x00401cc2
0x00401cc7
0x00401ccc
0x00401ccf
0x00401cd7
0x00401cda
0x00401cdd
0x00401ce9
0x00401ceb
0x00401cf0
0x00401cf0
0x00401cf5
0x00401cfa
0x00401cff
0x00401cff

APIs

RtlEnterCriticalSection.NTDLL(0041C5C4), ref: 00401C3B
LocalFree.KERNEL32(0046DE58,00000000,00401D00), ref: 00401C4D
VirtualFree.KERNEL32(?,00000000,00008000,0046DE58,00000000,00401D00), ref: 00401C71
LocalFree.KERNEL32(00000000,?,00000000,00008000,0046DE58,00000000,00401D00), ref: 00401CC2
RtlLeaveCriticalSection.NTDLL(0041C5C4), ref: 00401CF0
RtlDeleteCriticalSection.NTDLL(0041C5C4), ref: 00401CFA

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
String ID:
API String ID: 3782394904-0
Opcode ID: 4cd27e92dc432f425f61ff7018d5562dfa0d40a113790a833d20d924bb4c087d
Instruction ID: dd0913d52e67f906439bc4972f6def2751b37c12f1aad2b39496b41ff3b6de08
Opcode Fuzzy Hash: 4cd27e92dc432f425f61ff7018d5562dfa0d40a113790a833d20d924bb4c087d
Instruction Fuzzy Hash: 20211D70A84254AEE715EBA9DC85B9ABBE5AB08304F10807BF501E77E1D77CB940DB1C

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACF8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 109
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E0040ACF8(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				struct _MEMORY_BASIC_INFORMATION _v40;
				char _v301;
				char _v308;
				intOrPtr _v312;
				char _v316;
				char _v320;
				char _v324;
				intOrPtr _v328;
				char _v332;
				void* _v336;
				char _v340;
				char _v344;
				char _v348;
				char _v352;
				intOrPtr _v356;
				char _v360;
				char _v364;
				char _v368;
				void* _v372;
				char _v376;
				intOrPtr _t55;
				intOrPtr _t65;
				intOrPtr _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				intOrPtr _t107;
				void* _t114;
				void* _t115;
				void* _t118;

				_t115 = __esi;
				_t114 = __edi;
				_t98 = __ecx;
				_v376 = 0;
				_v340 = 0;
				_v348 = 0;
				_v344 = 0;
				_v8 = 0;
				_push(_t118);
				_push(0x40aebb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t118 + 0xfffffe8c;
				_t95 =  *((intOrPtr*)(_a4 - 4));
				if( *((intOrPtr*)(_t95 + 0x14)) != 0) {
					_t55 =  *0x41b5b4; // 0x406398
					E00405CDC(_t55, __ecx,  &_v8);
				} else {
					_t92 =  *0x41b66c; // 0x406390
					E00405CDC(_t92, __ecx,  &_v8);
				}
				_v12 =  *((intOrPtr*)(_t95 + 0x18));
				VirtualQuery( *(_t95 + 0xc),  &_v40, 0x1c);
				if(_v40.State != 0x1000 || GetModuleFileNameA(_v40.AllocationBase,  &_v301, 0x105) == 0) {
					_v372 =  *(_t95 + 0xc);
					_v368 = 5;
					_v364 = _v8;
					_v360 = 0xb;
					_v356 = _v12;
					_v352 = 5;
					_t65 =  *0x41b5b8; // 0x406340
					E00405CDC(_t65, _t98,  &_v376);
					E0040A920(_t95, _v376, 1, _t114, _t115, 2,  &_v372);
				} else {
					_v336 =  *(_t95 + 0xc);
					_v332 = 5;
					E004044E4( &_v344, 0x105,  &_v301);
					E00407964(_v344, 0x105,  &_v340);
					_v328 = _v340;
					_v324 = 0xb;
					_v320 = _v8;
					_v316 = 0xb;
					_v312 = _v12;
					_v308 = 5;
					_t88 =  *0x41b5f0; // 0x406438
					E00405CDC(_t88, 0x105,  &_v348);
					E0040A920(_t95, _v348, 1, _t114, _t115, 3,  &_v336);
				}
				_pop(_t107);
				 *[fs:eax] = _t107;
				_push(E0040AEC2);
				E00404274( &_v376);
				E00404298( &_v348, 3);
				return E00404274( &_v8);
			}

0x0040acf8
0x0040acf8
0x0040acf8
0x0040ad04
0x0040ad0a
0x0040ad10
0x0040ad16
0x0040ad1c
0x0040ad21
0x0040ad22
0x0040ad27
0x0040ad2a
0x0040ad30
0x0040ad37
0x0040ad4b
0x0040ad50
0x0040ad39
0x0040ad3c
0x0040ad41
0x0040ad41
0x0040ad58
0x0040ad65
0x0040ad71
0x0040ae30
0x0040ae36
0x0040ae40
0x0040ae46
0x0040ae50
0x0040ae56
0x0040ae6c
0x0040ae71
0x0040ae83
0x0040ad94
0x0040ad97
0x0040ad9d
0x0040adb5
0x0040adc6
0x0040add1
0x0040add7
0x0040ade1
0x0040ade7
0x0040adf1
0x0040adf7
0x0040ae0d
0x0040ae12
0x0040ae24
0x0040ae29
0x0040ae8c
0x0040ae8f
0x0040ae92
0x0040ae9d
0x0040aead
0x0040aeba

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,0040AEBB), ref: 0040AD65
GetModuleFileNameA.KERNEL32(?,?,00000105,?,?,0000001C,00000000,0040AEBB), ref: 0040AD87

Part of subcall function 00405CDC: LoadStringA.USER32(00000000,00010000,?,00001000), ref: 00405D0E

Strings

dl@, xrefs: 0040AE1F, 0040AE7E
8d@, xrefs: 0040AE0D
@c@, xrefs: 0040AE6C

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: FileLoadModuleNameQueryStringVirtual
String ID: 8d@$@c@$dl@
API String ID: 902310565-3473849982
Opcode ID: 56406663544741bb89d5e4996844cfdcad0121dbb6080fb9003a2cc42b046bc9
Instruction ID: 45f5526cc77c8da4907c19ede1d4a5e2b9cdfc974cf7fd87a609891d70ca10a0
Opcode Fuzzy Hash: 56406663544741bb89d5e4996844cfdcad0121dbb6080fb9003a2cc42b046bc9
Instruction Fuzzy Hash: 6951F270A04658DFDB60DF68CD85BCAB7F5AB48304F0045EAE508AB391D774AE84CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0040A684 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A684(intOrPtr* __eax, void* __ecx, void* __edx, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v277;
				char _v538;
				char _v794;
				struct _MEMORY_BASIC_INFORMATION _v824;
				char _v828;
				intOrPtr _v832;
				char _v836;
				intOrPtr _v840;
				char _v844;
				intOrPtr _v848;
				char _v852;
				char* _v856;
				char _v860;
				char _v864;
				char _v1120;
				void* __edi;
				struct HINSTANCE__* _t45;
				intOrPtr _t58;
				struct HINSTANCE__* _t60;
				void* _t78;
				intOrPtr* _t83;
				void* _t94;
				void* _t95;
				void* _t102;

				_t102 = __fp0;
				_t84 = __ecx;
				_t94 = __ecx;
				_t95 = __edx;
				_t83 = __eax;
				VirtualQuery(__edx,  &_v824, 0x1c);
				if(_v824.State != 0x1000 || GetModuleFileNameA(_v824.AllocationBase,  &_v538, 0x105) == 0) {
					_t45 =  *0x41c660; // 0x400000
					GetModuleFileNameA(_t45,  &_v538, 0x105);
					_v16 = E0040A678(_t95);
				} else {
					_v16 = _t95 - _v824.AllocationBase;
				}
				E00407A80( &_v277, 0x104, E0040B550( &_v538, _t84, 0x5c) + 1);
				_v8 = 0x40a814;
				_v12 = 0x40a814;
				_t91 =  *0x4065b8; // 0x406604
				if(E004036D8(_t83, _t91) != 0) {
					_v8 = E00404734( *((intOrPtr*)(_t83 + 4)));
					_t78 = E00407A58(_v8, _t94);
					if(_t78 != 0) {
						_t91 = _v8;
						if( *((char*)(_v8 + _t78 - 1)) != 0x2e) {
							_v12 = 0x40a818;
						}
					}
				}
				_t58 =  *0x41b654; // 0x406368
				_t21 = _t58 + 4; // 0xffe8
				_t60 =  *0x41c660; // 0x400000
				LoadStringA(E004051DC(_t60, 0x104, _t91),  *_t21,  &_v794, 0x100);
				E00403490( *_t83,  &_v1120);
				_v864 =  &_v1120;
				_v860 = 4;
				_v856 =  &_v277;
				_v852 = 6;
				_v848 = _v16;
				_v844 = 5;
				_v840 = _v8;
				_v836 = 6;
				_v832 = _v12;
				_v828 = 6;
				E00407FC8(_t94, _a4, _t102, 4,  &_v864);
				return E00407A58(_t94, _t94);
			}

0x0040a684
0x0040a684
0x0040a690
0x0040a692
0x0040a694
0x0040a6a0
0x0040a6af
0x0040a6d9
0x0040a6df
0x0040a6eb
0x0040a6f0
0x0040a6f6
0x0040a6f6
0x0040a714
0x0040a71e
0x0040a726
0x0040a72b
0x0040a738
0x0040a742
0x0040a748
0x0040a74f
0x0040a751
0x0040a759
0x0040a760
0x0040a760
0x0040a759
0x0040a74f
0x0040a76f
0x0040a774
0x0040a778
0x0040a783
0x0040a790
0x0040a79b
0x0040a7a1
0x0040a7ae
0x0040a7b4
0x0040a7be
0x0040a7c4
0x0040a7ce
0x0040a7d4
0x0040a7de
0x0040a7e4
0x0040a7ff
0x0040a811

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040A6A0
GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040A6C4
GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040A6DF
LoadStringA.USER32(00000000,0000FFE8,?,00000100), ref: 0040A783

Strings

hc@, xrefs: 0040A76F

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: FileModuleName$LoadQueryStringVirtual
String ID: hc@
API String ID: 3990497365-2173254270
Opcode ID: 9a43729b15250c963fa214c8b7513dd4a0f191be7fde8ea2fffdd01f07491500
Instruction ID: 79c60bedb4693cfb9ff43af56ab49222f6c196a3f3e184a143ca7f0f62e4e0b4
Opcode Fuzzy Hash: 9a43729b15250c963fa214c8b7513dd4a0f191be7fde8ea2fffdd01f07491500
Instruction Fuzzy Hash: BE41EC71E002589FDB11EB69CD85BDEB7B8AB08304F0480FAA508F7291D7789F948F59

Uniqueness

Uniqueness Score: -1.00%

Function 0040A682 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A682(intOrPtr* __eax, void* __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v277;
				char _v538;
				char _v794;
				struct _MEMORY_BASIC_INFORMATION _v824;
				char _v828;
				intOrPtr _v832;
				char _v836;
				intOrPtr _v840;
				char _v844;
				intOrPtr _v848;
				char _v852;
				char* _v856;
				char _v860;
				char _v864;
				char _v1120;
				void* __edi;
				struct HINSTANCE__* _t45;
				intOrPtr _t58;
				struct HINSTANCE__* _t60;
				void* _t78;
				intOrPtr* _t84;
				void* _t97;
				void* _t100;
				void* _t114;

				_t86 = __ecx;
				_t97 = __ecx;
				_t100 = __edx;
				_t84 = __eax;
				VirtualQuery(__edx,  &_v824, 0x1c);
				if(_v824.State != 0x1000 || GetModuleFileNameA(_v824.AllocationBase,  &_v538, 0x105) == 0) {
					_t45 =  *0x41c660; // 0x400000
					GetModuleFileNameA(_t45,  &_v538, 0x105);
					_v16 = E0040A678(_t100);
				} else {
					_v16 = _t100 - _v824.AllocationBase;
				}
				E00407A80( &_v277, 0x104, E0040B550( &_v538, _t86, 0x5c) + 1);
				_v8 = 0x40a814;
				_v12 = 0x40a814;
				_t93 =  *0x4065b8; // 0x406604
				if(E004036D8(_t84, _t93) != 0) {
					_v8 = E00404734( *((intOrPtr*)(_t84 + 4)));
					_t78 = E00407A58(_v8, _t97);
					if(_t78 != 0) {
						_t93 = _v8;
						if( *((char*)(_v8 + _t78 - 1)) != 0x2e) {
							_v12 = 0x40a818;
						}
					}
				}
				_t58 =  *0x41b654; // 0x406368
				_t21 = _t58 + 4; // 0xffe8
				_t60 =  *0x41c660; // 0x400000
				LoadStringA(E004051DC(_t60, 0x104, _t93),  *_t21,  &_v794, 0x100);
				E00403490( *_t84,  &_v1120);
				_v864 =  &_v1120;
				_v860 = 4;
				_v856 =  &_v277;
				_v852 = 6;
				_v848 = _v16;
				_v844 = 5;
				_v840 = _v8;
				_v836 = 6;
				_v832 = _v12;
				_v828 = 6;
				E00407FC8(_t97, _a4, _t114, 4,  &_v864);
				return E00407A58(_t97, _t97);
			}

0x0040a682
0x0040a690
0x0040a692
0x0040a694
0x0040a6a0
0x0040a6af
0x0040a6d9
0x0040a6df
0x0040a6eb
0x0040a6f0
0x0040a6f6
0x0040a6f6
0x0040a714
0x0040a71e
0x0040a726
0x0040a72b
0x0040a738
0x0040a742
0x0040a748
0x0040a74f
0x0040a751
0x0040a759
0x0040a760
0x0040a760
0x0040a759
0x0040a74f
0x0040a76f
0x0040a774
0x0040a778
0x0040a783
0x0040a790
0x0040a79b
0x0040a7a1
0x0040a7ae
0x0040a7b4
0x0040a7be
0x0040a7c4
0x0040a7ce
0x0040a7d4
0x0040a7de
0x0040a7e4
0x0040a7ff
0x0040a811

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040A6A0
GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040A6C4
GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040A6DF
LoadStringA.USER32(00000000,0000FFE8,?,00000100), ref: 0040A783

Strings

hc@, xrefs: 0040A76F

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: FileModuleName$LoadQueryStringVirtual
String ID: hc@
API String ID: 3990497365-2173254270
Opcode ID: 9d2ffe933522f304af0b90cd73593248ff549d2748ecaa3146972454a2204fa5
Instruction ID: 4fc7cf4bd39ae0a24afa0d30a17153fe370ccad99360870895831e1e8fddc686
Opcode Fuzzy Hash: 9d2ffe933522f304af0b90cd73593248ff549d2748ecaa3146972454a2204fa5
Instruction Fuzzy Hash: 03410D70A002589FDB11EB69CD85BDEB7F8AB08304F0480FAA508F7291D7789F948F59

Uniqueness

Uniqueness Score: -1.00%

Function 0040A3A0 Relevance: 7.6, APIs: 5, Instructions: 50
threadCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E0040A3A0(void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _t18;
				intOrPtr _t26;
				void* _t27;
				long _t29;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_push(0);
				_push(_t32);
				_push(0x40a437);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E0040A118(GetThreadLocale(), 0x40a44c, 0x100b,  &_v8);
				_t29 = E004075CC(0x40a44c, 1, _t33);
				if(_t29 + 0xfffffffd - 3 < 0) {
					EnumCalendarInfoA(E0040A2EC, GetThreadLocale(), _t29, 4);
					_t27 = 7;
					_t18 = 0x41c768;
					do {
						 *_t18 = 0xffffffff;
						_t18 = _t18 + 4;
						_t27 = _t27 - 1;
					} while (_t27 != 0);
					EnumCalendarInfoA(E0040A328, GetThreadLocale(), _t29, 3);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(E0040A43E);
				return E00404274( &_v8);
			}

0x0040a3a0
0x0040a3a3
0x0040a3a8
0x0040a3a9
0x0040a3ae
0x0040a3b1
0x0040a3c7
0x0040a3d9
0x0040a3e3
0x0040a3f3
0x0040a3f8
0x0040a3fd
0x0040a402
0x0040a402
0x0040a408
0x0040a40b
0x0040a40b
0x0040a41c
0x0040a41c
0x0040a423
0x0040a426
0x0040a429
0x0040a436

APIs

GetThreadLocale.KERNEL32(?,00000000,0040A437,?,?,00000000), ref: 0040A3B8

Part of subcall function 0040A118: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040A136

GetThreadLocale.KERNEL32(00000000,00000004,00000000,0040A437,?,?,00000000), ref: 0040A3E8
EnumCalendarInfoA.KERNEL32(Function_0000A2EC,00000000,00000000,00000004), ref: 0040A3F3
GetThreadLocale.KERNEL32(00000000,00000003,00000000,0040A437,?,?,00000000), ref: 0040A411
EnumCalendarInfoA.KERNEL32(Function_0000A328,00000000,00000000,00000003), ref: 0040A41C

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: Locale$InfoThread$CalendarEnum
String ID:
API String ID: 4102113445-0
Opcode ID: 3f84a179dfec281e8e18e7c9db9ac81cd796348ca171d2c28defc622f215a0ec
Instruction ID: 2202d6c9b10623066265bd013477627515e66472597f1c88d093805be87fb5a1
Opcode Fuzzy Hash: 3f84a179dfec281e8e18e7c9db9ac81cd796348ca171d2c28defc622f215a0ec
Instruction Fuzzy Hash: 0101F7752403046AE701A6658C03F5E365CDB4A718FA14676F500BA6C2D6BC9E2042AE

Uniqueness

Uniqueness Score: -1.00%

Function 0040A450 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148
threadCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E0040A450(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				void* _t41;
				signed int _t45;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				signed int _t83;
				signed int _t92;
				intOrPtr _t111;
				void* _t122;
				void* _t124;
				intOrPtr _t127;
				void* _t128;

				_t128 = __eflags;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t122 = __edx;
				_t124 = __eax;
				_push(_t127);
				_push(0x40a61a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				_t92 = 1;
				E00404274(__edx);
				E0040A118(GetThreadLocale(), 0x40a630, 0x1009,  &_v12);
				if(E004075CC(0x40a630, 1, _t128) + 0xfffffffd - 3 < 0) {
					while(1) {
						_t41 = E00404534(_t124);
						__eflags = _t92 - _t41;
						if(_t92 > _t41) {
							goto L28;
						}
						__eflags =  *(_t124 + _t92 - 1) & 0x000000ff;
						asm("bt [0x41a10c], eax");
						if(( *(_t124 + _t92 - 1) & 0x000000ff) >= 0) {
							_t45 = E00407AB4(_t124 + _t92 - 1, 2, 0x40a634);
							__eflags = _t45;
							if(_t45 != 0) {
								_t47 = E00407AB4(_t124 + _t92 - 1, 4, 0x40a644);
								__eflags = _t47;
								if(_t47 != 0) {
									_t49 = E00407AB4(_t124 + _t92 - 1, 2, 0x40a65c);
									__eflags = _t49;
									if(_t49 != 0) {
										_t51 =  *(_t124 + _t92 - 1) - 0x59;
										__eflags = _t51;
										if(_t51 == 0) {
											L24:
											E0040453C(_t122, 0x40a674);
										} else {
											__eflags = _t51 != 0x20;
											if(_t51 != 0x20) {
												E0040445C();
												E0040453C(_t122, _v24);
											} else {
												goto L24;
											}
										}
									} else {
										E0040453C(_t122, 0x40a668);
										_t92 = _t92 + 1;
									}
								} else {
									E0040453C(_t122, 0x40a654);
									_t92 = _t92 + 3;
								}
							} else {
								E0040453C(_t122, 0x40a640);
								_t92 = _t92 + 1;
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						} else {
							_v8 = E0040B3DC(_t124, _t92);
							E00404794(_t124, _v8, _t92,  &_v20);
							E0040453C(_t122, _v20);
							_t92 = _t92 + _v8;
						}
					}
				} else {
					_t75 =  *0x41c740; // 0x9
					_t76 = _t75 - 4;
					if(_t76 == 0 || _t76 + 0xfffffff3 - 2 < 0) {
						_t77 = 1;
					} else {
						_t77 = 0;
					}
					if(_t77 == 0) {
						E004042C8(_t122, _t124);
					} else {
						while(_t92 <= E00404534(_t124)) {
							_t83 =  *(_t124 + _t92 - 1) - 0x47;
							__eflags = _t83;
							if(_t83 != 0) {
								__eflags = _t83 != 0x20;
								if(_t83 != 0x20) {
									E0040445C();
									E0040453C(_t122, _v16);
								}
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						}
					}
				}
				L28:
				_pop(_t111);
				 *[fs:eax] = _t111;
				_push(E0040A621);
				return E00404298( &_v24, 4);
			}

0x0040a450
0x0040a455
0x0040a456
0x0040a457
0x0040a458
0x0040a459
0x0040a45d
0x0040a45f
0x0040a463
0x0040a464
0x0040a469
0x0040a46c
0x0040a46f
0x0040a476
0x0040a48e
0x0040a4a6
0x0040a5f0
0x0040a5f2
0x0040a5f7
0x0040a5f9
0x00000000
0x00000000
0x0040a50f
0x0040a514
0x0040a51b
0x0040a559
0x0040a55e
0x0040a560
0x0040a57f
0x0040a584
0x0040a586
0x0040a5a7
0x0040a5ac
0x0040a5ae
0x0040a5c3
0x0040a5c3
0x0040a5c5
0x0040a5cb
0x0040a5d2
0x0040a5c7
0x0040a5c7
0x0040a5c9
0x0040a5e0
0x0040a5ea
0x00000000
0x00000000
0x00000000
0x0040a5c9
0x0040a5b0
0x0040a5b7
0x0040a5bc
0x0040a5bc
0x0040a588
0x0040a58f
0x0040a594
0x0040a594
0x0040a562
0x0040a569
0x0040a56e
0x0040a56e
0x0040a5ef
0x0040a5ef
0x0040a51d
0x0040a526
0x0040a534
0x0040a53e
0x0040a543
0x0040a543
0x0040a51b
0x0040a4ac
0x0040a4ac
0x0040a4b1
0x0040a4b4
0x0040a4c2
0x0040a4be
0x0040a4be
0x0040a4be
0x0040a4c6
0x0040a501
0x0040a4c8
0x0040a4ed
0x0040a4ce
0x0040a4ce
0x0040a4d0
0x0040a4d2
0x0040a4d4
0x0040a4dd
0x0040a4e7
0x0040a4e7
0x0040a4d4
0x0040a4ec
0x0040a4ec
0x0040a4ec
0x0040a4f8
0x0040a4c6
0x0040a5ff
0x0040a601
0x0040a604
0x0040a607
0x0040a619

APIs

GetThreadLocale.KERNEL32(?,00000000,0040A61A,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0040A47F

Part of subcall function 0040A118: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040A136

Strings

eeee, xrefs: 0040A58A
yyyy, xrefs: 0040A571
ggg, xrefs: 0040A564

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: Locale$InfoThread
String ID: eeee$ggg$yyyy
API String ID: 4232894706-1253427255
Opcode ID: ade6539b1d728faef91547cf3abe46476493be7ab9fc49690dcf9b4a14eb4824
Instruction ID: a50bc60a06ad65bd1200327b862bf642a9e79c7deb957623cdcc0d0decd6a276
Opcode Fuzzy Hash: ade6539b1d728faef91547cf3abe46476493be7ab9fc49690dcf9b4a14eb4824
Instruction Fuzzy Hash: B44157753043006BC711FAB98C856BEB2A6EB84304B64453BE581F33C2EA3CDD168A1F

Uniqueness

Uniqueness Score: -1.00%

Function 004033B4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49
registryCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E004033B4() {
				void* _v8;
				char _v12;
				int _v16;
				void** _t10;
				signed short _t11;
				signed short _t13;
				intOrPtr _t26;
				void* _t28;
				void* _t30;
				intOrPtr _t31;

				_t28 = _t30;
				_t31 = _t30 + 0xfffffff4;
				_v12 =  *0x41a024 & 0x0000ffff;
				_t10 =  &_v8;
				_push(_t10);
				_push(1);
				_push(0);
				_push("SOFTWARE\\Borland\\Delphi\\RTL");
				_push(0x80000002);
				L00401260();
				if(_t10 != 0) {
					_t11 =  *0x41a024; // 0x1332
					_t13 = _t11 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x41a024 = _t13;
					return _t13;
				} else {
					_push(_t28);
					_push(E00403425);
					_push( *[fs:eax]);
					 *[fs:eax] = _t31;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t26);
					 *[fs:eax] = _t26;
					_push(0x40342c);
					return RegCloseKey(_v8);
				}
			}

0x004033b5
0x004033b7
0x004033c1
0x004033c4
0x004033c7
0x004033c8
0x004033ca
0x004033cc
0x004033d1
0x004033d6
0x004033dd
0x0040342c
0x0040343e
0x00403441
0x0040344a
0x004033df
0x004033e1
0x004033e2
0x004033e7
0x004033ea
0x004033ed
0x00403409
0x00403410
0x00403413
0x00403416
0x00403424
0x00403424

APIs

RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00403425,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403409
RegCloseKey.ADVAPI32(?,0040342C,00000000,?,00000004,00000000,00403425,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040341F

Strings

SOFTWARE\Borland\Delphi\RTL, xrefs: 004033CC
FPUMaskValue, xrefs: 00403400

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: CloseQueryValue
String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
API String ID: 3356406503-4173385793
Opcode ID: eff543dd11492d8f48a696bb5ff98e0173767fabcfeee09bd76c771c98ad308c
Instruction ID: a980d1bbe666b6c8b8d60dc1d5c403bfea5bafbe0ce0ebe4d8ef3dae5fed5d81
Opcode Fuzzy Hash: eff543dd11492d8f48a696bb5ff98e0173767fabcfeee09bd76c771c98ad308c
Instruction Fuzzy Hash: 34019275900308BAD711EFA08C42BAD7BBCD708B04F6040B6BA00F65D1E6799A10C75D

Uniqueness

Uniqueness Score: -1.00%

Function 0040BC9C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E0040BC9C() {
				struct HINSTANCE__* _t1;
				struct HINSTANCE__* _t3;

				_t1 = GetModuleHandleA("kernel32.dll");
				_t3 = _t1;
				if(_t3 != 0) {
					_push("GetDiskFreeSpaceExA");
					_push(_t3);
					L00406108();
					 *0x41a130 = _t1;
				}
				if( *0x41a130 == 0) {
					 *0x41a130 = E004079D8;
					return E004079D8;
				}
				return _t1;
			}

0x0040bca2
0x0040bca7
0x0040bcab
0x0040bcad
0x0040bcb2
0x0040bcb3
0x0040bcb8
0x0040bcb8
0x0040bcc4
0x0040bccb
0x00000000
0x0040bccb
0x0040bcd1

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,?,0040C6E1,00000000,0040C6F4), ref: 0040BCA2
6C9C5550.KERNEL32(00000000,GetDiskFreeSpaceExA,kernel32.dll,?,0040C6E1,00000000,0040C6F4), ref: 0040BCB3

Strings

kernel32.dll, xrefs: 0040BC9D
GetDiskFreeSpaceExA, xrefs: 0040BCAD

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: C5550HandleModule
String ID: GetDiskFreeSpaceExA$kernel32.dll
API String ID: 373995266-3712701948
Opcode ID: f2b8daee4023cd4b935d83e01bfd60b01be16578d1644749d6d6adf7b887b75c
Instruction ID: d6b41db955b5e8f5eff1c5e47fccdb4b7e1da2410441a1d5a5a7539c1c3dc5da
Opcode Fuzzy Hash: f2b8daee4023cd4b935d83e01bfd60b01be16578d1644749d6d6adf7b887b75c
Instruction Fuzzy Hash: 03D05EB06193056AFB005FA05DC1B1A3194EB00324F00403FA441793C2CBBC4820438E

Uniqueness

Uniqueness Score: -1.00%

Function 004094C2 Relevance: 6.4, Strings: 5, Instructions: 128
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E004094C2(void* __ecx, void* __edx, void* __edi, intOrPtr* __esi) {
				signed int _t168;
				signed int _t170;
				signed int _t172;
				signed int _t174;
				intOrPtr _t234;
				intOrPtr _t237;
				signed int _t242;
				void* _t255;
				void* _t256;
				intOrPtr _t270;
				intOrPtr* _t274;
				void* _t275;

				L0:
				while(1) {
					L0:
					_t274 = __esi;
					E00408D18(_t275);
					 *(_t275 - 0x24) =  *__esi - 1;
					if(E00407AB4( *(_t275 - 0x24), 5, 0x409780) != 0) {
						_t168 = E00407AB4( *(_t275 - 0x24), 3, 0x409788);
						__eflags = _t168;
						if(_t168 != 0) {
							_t170 = E00407AB4( *(_t275 - 0x24), 4, 0x40978c);
							__eflags = _t170;
							if(_t170 != 0) {
								_t172 = E00407AB4( *(_t275 - 0x24), 4, 0x409794);
								__eflags = _t172;
								if(_t172 != 0) {
									_t174 = E00407AB4( *(_t275 - 0x24), 3, 0x40979c);
									__eflags = _t174;
									if(_t174 != 0) {
										E00408C00(1,  *((intOrPtr*)(_t275 + 8)));
										_pop(5);
									} else {
										E00408CE0(_t275);
										_pop(_t255);
										E00408C44( *((intOrPtr*)(0x41c700 + (E00408BC4(__eflags,  *((intOrPtr*)( *((intOrPtr*)(_t275 + 8)) + 8)),  *((intOrPtr*)( *((intOrPtr*)(_t275 + 8)) + 0xc))) & 0x0000ffff) * 4)), _t255,  *((intOrPtr*)(_t275 + 8)));
										_pop(5);
										 *__esi =  *__esi + 2;
									}
								} else {
									E00408CE0(_t275);
									_pop(_t256);
									E00408C44( *((intOrPtr*)(0x41c71c + (E00408BC4(__eflags,  *((intOrPtr*)( *((intOrPtr*)(_t275 + 8)) + 8)),  *((intOrPtr*)( *((intOrPtr*)(_t275 + 8)) + 0xc))) & 0x0000ffff) * 4)), _t256,  *((intOrPtr*)(_t275 + 8)));
									_pop(5);
									 *__esi =  *__esi + 3;
								}
							} else {
								__eflags =  *((short*)(_t275 - 0x16)) - 0xc;
								if( *((short*)(_t275 - 0x16)) >= 0xc) {
									_t234 =  *0x41c698; // 0x1e007ec
									E00408C44(_t234, 4,  *((intOrPtr*)(_t275 + 8)));
									_pop(5);
								} else {
									_t237 =  *0x41c694; // 0x1e007dc
									E00408C44(_t237, 4,  *((intOrPtr*)(_t275 + 8)));
									_pop(5);
								}
								 *_t274 =  *_t274 + 3;
								 *((char*)(_t275 - 0x1f)) = 1;
							}
						} else {
							__eflags =  *((short*)(_t275 - 0x16)) - 0xc;
							if( *((short*)(_t275 - 0x16)) >= 0xc) {
								_t108 = _t275 - 0x24;
								 *_t108 =  *(_t275 - 0x24) + 2;
								__eflags =  *_t108;
							}
							E00408C00(1,  *((intOrPtr*)(_t275 + 8)));
							_pop(5);
							 *_t274 =  *_t274 + 2;
							 *((char*)(_t275 - 0x1f)) = 1;
						}
					} else {
						__eflags =  *((short*)(__ebp - 0x16)) - 0xc;
						if( *((short*)(__ebp - 0x16)) >= 0xc) {
							_t101 = __ebp - 0x24;
							 *_t101 =  *(__ebp - 0x24) + 3;
							__eflags =  *_t101;
						}
						__eax =  *(__ebp + 8);
						__edx = 2;
						__eax =  *(__ebp - 0x24);
						__eax = E00408C00(2,  *(__ebp + 8));
						 *__esi =  *__esi + 4;
						 *((char*)(__ebp - 0x1f)) = 1;
					}
					L109:
					while( *((char*)( *_t274)) != 0) {
						 *(_t275 - 5) =  *((intOrPtr*)( *_t274));
						asm("bt [0x41a10c], eax");
						if(( *(_t275 - 5) & 0x000000ff) >= 0) {
							 *_t274 = E0040B3C8( *_t274, 5);
							_t242 =  *(_t275 - 5);
							__eflags = _t242 + 0x9f - 0x1a;
							if(_t242 + 0x9f - 0x1a < 0) {
								_t242 = _t242 - 0x20;
								__eflags = _t242;
							}
							L5:
							__eflags = _t242 + 0xbf - 0x1a;
							if(_t242 + 0xbf - 0x1a >= 0) {
								L10:
								__eflags = 0xffffffffffffffde - 0x38;
								if(0xffffffffffffffde > 0x38) {
									L108:
									E00408C00(1,  *((intOrPtr*)(_t275 + 8)));
									_pop(5);
									continue;
								}
								L11:
								switch( *((intOrPtr*)(0xffffffffffffff78 +  &M004090EC))) {
									case 0:
										goto L108;
									case 1:
										L12:
										E00408CB0(_t275);
										E00408CE0(_t275);
										__eflags =  *((intOrPtr*)(_t275 - 0xc)) - 2;
										if( *((intOrPtr*)(_t275 - 0xc)) > 2) {
											E00408C64( *(_t275 - 0xe) & 0x0000ffff, 4, _t281,  *((intOrPtr*)(_t275 + 8)));
											_pop(5);
										} else {
											E00408C64(( *(_t275 - 0xe) & 0x0000ffff) % 0x64, 2, _t281,  *((intOrPtr*)(_t275 + 8)));
											_pop(5);
										}
										goto L109;
									case 2:
										L15:
										E00408CB0(__ebp) = E00408CE0(__ebp);
										__eax =  *(__ebp + 8);
										__edx = __ebp - 0x28;
										 *(__ebp - 0xc) = E00408D58( *(__ebp - 0xc), __ebx, __ebp - 0x28, __esi, __ebp);
										__eax =  *(__ebp - 0x28);
										__eax = E00408C44( *(__ebp - 0x28), __ecx,  *(__ebp + 8));
										goto L109;
									case 3:
										L16:
										E00408CB0(__ebp) = E00408CE0(__ebp);
										__eax =  *(__ebp + 8);
										__edx = __ebp - 0x2c;
										 *(__ebp - 0xc) = E00408EC4( *(__ebp - 0xc), __ebx, __ebp - 0x2c, __esi, __ebp);
										__eax =  *(__ebp - 0x2c);
										__eax = E00408C44( *(__ebp - 0x2c), __ecx,  *(__ebp + 8));
										goto L109;
									case 4:
										L17:
										E00408CB0(__ebp) = E00408CE0(__ebp);
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - 1;
										__eax =  *(__ebp - 0xc) - 0xffffffffffffffff;
										__eflags =  *(__ebp - 0xc) - 0xffffffffffffffff;
										if(__eflags < 0) {
											__eax =  *(__ebp + 8);
											__eax =  *(__ebp - 0x10) & 0x0000ffff;
											__edx =  *(__ebp - 0xc);
											__eax = E00408C64( *(__ebp - 0x10) & 0x0000ffff, __edx, __fp0,  *(__ebp + 8));
										} else {
											if(__eflags == 0) {
												 *(__ebp + 8) =  *(__ebp - 0x10) & 0x0000ffff;
												__eax = 0x41c6a0[ *(__ebp - 0x10) & 0x0000ffff];
												__eax = E00408C44(0x41c6a0[ *(__ebp - 0x10) & 0x0000ffff], __ecx,  *(__ebp + 8));
											} else {
												 *(__ebp + 8) =  *(__ebp - 0x10) & 0x0000ffff;
												__eax =  *(0x41c6d0 + ( *(__ebp - 0x10) & 0x0000ffff) * 4);
												__eax = E00408C44( *(0x41c6d0 + ( *(__ebp - 0x10) & 0x0000ffff) * 4), __ecx,  *(__ebp + 8));
											}
										}
										goto L109;
									case 5:
										L23:
										E00408CB0(__ebp) =  *(__ebp - 0xc);
										__eax =  *(__ebp - 0xc) - 1;
										__eax =  *(__ebp - 0xc) - 0xffffffffffffffff;
										__eflags = __eax;
										if(__eflags < 0) {
											E00408CE0(__ebp) =  *(__ebp + 8);
											__eax =  *(__ebp - 0x12) & 0x0000ffff;
											__edx =  *(__ebp - 0xc);
											__eax = E00408C64( *(__ebp - 0x12) & 0x0000ffff, __edx, __fp0,  *(__ebp + 8));
										} else {
											if(__eflags == 0) {
												E00408BC4(__eflags,  *((intOrPtr*)( *(__ebp + 8) + 8)),  *((intOrPtr*)( *(__ebp + 8) + 0xc))) = __ax & 0x0000ffff;
												__eax =  *(0x41c700 + (__ax & 0x0000ffff) * 4);
												__eax = E00408C44( *(0x41c700 + (__ax & 0x0000ffff) * 4), __ecx,  *(__ebp + 8));
											} else {
												__eax = __eax - 1;
												__eflags = __eax;
												if(__eflags == 0) {
													E00408BC4(__eflags,  *((intOrPtr*)( *(__ebp + 8) + 8)),  *((intOrPtr*)( *(__ebp + 8) + 0xc))) = __ax & 0x0000ffff;
													__eax =  *(0x41c71c + (__ax & 0x0000ffff) * 4);
													__eax = E00408C44( *(0x41c71c + (__ax & 0x0000ffff) * 4), __ecx,  *(__ebp + 8));
												} else {
													__eax = __eax - 1;
													__eflags = __eax;
													if(__eax == 0) {
														__eax =  *(__ebp + 8);
														__eax =  *0x41c688; // 0x1e007a4
														__eax = E00408FCC(__eax, __ebx, __edi, __esi,  *(__ebp + 8));
													} else {
														__eax =  *(__ebp + 8);
														__eax =  *0x41c68c; // 0x1e007bc
														__eax = E00408FCC(__eax, __ebx, __edi, __esi,  *(__ebp + 8));
													}
												}
											}
										}
										goto L109;
									case 6:
										L33:
										E00408CB0(__ebp) = E00408D18(__ebp);
										 *(__ebp - 0x20) = 0;
										__eax =  *__esi;
										 *(__ebp - 0x24) =  *__esi;
										while(1) {
											L52:
											__eax =  *(__ebp - 0x24);
											__eflags =  *( *(__ebp - 0x24));
											if( *( *(__ebp - 0x24)) == 0) {
												break;
											}
											L34:
											__eax =  *(__ebp - 0x24);
											__al =  *__eax;
											__eax = __eax & 0x000000ff;
											__eflags = __eax;
											asm("bt [0x41a10c], eax");
											if(__eax >= 0) {
												L36:
												__eax =  *(__ebp - 0x24);
												__eax =  *( *(__ebp - 0x24)) & 0x000000ff;
												__eflags = __eax - 0x48;
												if(__eflags > 0) {
													L42:
													__eax = __eax - 0x61;
													__eflags = __eax;
													if(__eax == 0) {
														L45:
														__eflags =  *(__ebp - 0x20);
														if( *(__ebp - 0x20) != 0) {
															L51:
															_t73 = __ebp - 0x24;
															 *_t73 =  *(__ebp - 0x24) + 1;
															__eflags =  *_t73;
															continue;
														}
														L46:
														__edx = 0x409780;
														__ecx = 5;
														__eax =  *(__ebp - 0x24);
														__eax = E00407AB4( *(__ebp - 0x24), 5, 0x409780);
														__eflags = __eax;
														if(__eax == 0) {
															L49:
															 *((char*)(__ebp - 0x1f)) = 1;
															break;
														}
														L47:
														__edx = 0x409788;
														__ecx = 3;
														__eax =  *(__ebp - 0x24);
														__eax = E00407AB4( *(__ebp - 0x24), 3, 0x409788);
														__eflags = __eax;
														if(__eax == 0) {
															goto L49;
														}
														L48:
														__edx = 0x40978c;
														__ecx = 4;
														__eax =  *(__ebp - 0x24);
														__eax = E00407AB4( *(__ebp - 0x24), 4, 0x40978c);
														__eflags = __eax;
														if(__eax != 0) {
															break;
														}
														goto L49;
													}
													L43:
													__eax = __eax - 7;
													__eflags = __eax;
													if(__eax == 0) {
														break;
													}
													L44:
													goto L51;
												}
												L37:
												if(__eflags == 0) {
													break;
												}
												L38:
												__eax = __eax - 0x22;
												__eflags = __eax;
												if(__eax == 0) {
													L50:
													__al =  *(__ebp - 0x20);
													__al =  *(__ebp - 0x20) ^ 0x00000001;
													__eflags = __al;
													 *(__ebp - 0x20) = __al;
													goto L51;
												}
												L39:
												__eax = __eax - 5;
												__eflags = __eax;
												if(__eax == 0) {
													goto L50;
												}
												L40:
												__eax = __eax - 0x1a;
												__eflags = __eax;
												if(__eax == 0) {
													goto L45;
												}
												L41:
												goto L51;
											} else {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x24) = E0040B3C8( *(__ebp - 0x24), __ecx);
												continue;
											}
										}
										L53:
										__di =  *((intOrPtr*)(__ebp - 0x16));
										__eflags =  *((char*)(__ebp - 0x1f));
										if( *((char*)(__ebp - 0x1f)) != 0) {
											__eflags = __di;
											if(__di != 0) {
												__eflags = __di - 0xc;
												if(__di > 0xc) {
													__di = __di - 0xc;
													__eflags = __di;
												}
											} else {
												__di = 0xc;
											}
										}
										__eflags =  *(__ebp - 0xc) - 2;
										if( *(__ebp - 0xc) > 2) {
											 *(__ebp - 0xc) = 2;
										}
										__eax =  *(__ebp + 8);
										__eax = __di & 0x0000ffff;
										__edx =  *(__ebp - 0xc);
										__eax = E00408C64(__di & 0x0000ffff, __edx, __fp0,  *(__ebp + 8));
										goto L109;
									case 7:
										L61:
										E00408CB0(__ebp) = E00408D18(__ebp);
										__eflags =  *(__ebp - 0xc) - 2;
										if( *(__ebp - 0xc) > 2) {
											 *(__ebp - 0xc) = 2;
										}
										__eax =  *(__ebp + 8);
										__eax =  *(__ebp - 0x18) & 0x0000ffff;
										__edx =  *(__ebp - 0xc);
										__eax = E00408C64( *(__ebp - 0x18) & 0x0000ffff, __edx, __fp0,  *(__ebp + 8));
										goto L109;
									case 8:
										L64:
										E00408CB0(__ebp) = E00408D18(__ebp);
										__eflags =  *(__ebp - 0xc) - 2;
										if( *(__ebp - 0xc) > 2) {
											 *(__ebp - 0xc) = 2;
										}
										__eax =  *(__ebp + 8);
										__eax =  *(__ebp - 0x1a) & 0x0000ffff;
										__edx =  *(__ebp - 0xc);
										__eax = E00408C64( *(__ebp - 0x1a) & 0x0000ffff, __edx, __fp0,  *(__ebp + 8));
										goto L109;
									case 9:
										L67:
										__eax = E00408CB0(__ebp);
										__eflags =  *(__ebp - 0xc) - 1;
										if( *(__ebp - 0xc) != 1) {
											__eax =  *(__ebp + 8);
											__eax =  *0x41c6a0; // 0x1e00844
											__eax = E00408FCC(__eax, __ebx, __edi, __esi,  *(__ebp + 8));
										} else {
											__eax =  *(__ebp + 8);
											__eax =  *0x41c69c; // 0x1e0082c
											__eax = E00408FCC(__eax, __ebx, __edi, __esi,  *(__ebp + 8));
										}
										goto L109;
									case 0xa:
										L70:
										E00408CB0(__ebp) = E00408D18(__ebp);
										__eflags =  *(__ebp - 0xc) - 3;
										if( *(__ebp - 0xc) > 3) {
											 *(__ebp - 0xc) = 3;
										}
										__eax =  *(__ebp + 8);
										__eax =  *(__ebp - 0x1c) & 0x0000ffff;
										__edx =  *(__ebp - 0xc);
										__eax = E00408C64( *(__ebp - 0x1c) & 0x0000ffff, __edx, __fp0,  *(__ebp + 8));
										goto L109;
									case 0xb:
										goto L0;
									case 0xc:
										L90:
										E00408CB0(__ebp) =  *(__ebp + 8);
										__eax =  *0x41c688; // 0x1e007a4
										__eax = E00408FCC(__eax, __ebx, __edi, __esi,  *(__ebp + 8));
										__eax = E00408D18(__ebp);
										__eflags =  *((short*)(__ebp - 0x16));
										if( *((short*)(__ebp - 0x16)) != 0) {
											L93:
											 *(__ebp + 8) = 0x4097a0;
											__edx = 1;
											E00408C00(1,  *(__ebp + 8)) =  *(__ebp + 8);
											__eax =  *0x41c6a0; // 0x1e00844
											__eax = E00408FCC(__eax, __ebx, __edi, __esi,  *(__ebp + 8));
											goto L109;
										}
										L91:
										__eflags =  *(__ebp - 0x18);
										if( *(__ebp - 0x18) != 0) {
											goto L93;
										}
										L92:
										__eflags =  *(__ebp - 0x1a);
										if( *(__ebp - 0x1a) == 0) {
											goto L109;
										}
										goto L93;
									case 0xd:
										L94:
										__eflags =  *0x41c685;
										__eflags = __eax - 0x41c685;
										 *__edi =  *__edi + __cl;
										__eflags =  *(__ebp - 0x75000000) & __bl;
									case 0xe:
										L97:
										__eflags =  *0x41c690;
										__eflags = __eax - 0x41c690;
										_t144 = __ebx + __edi * 2 - 0x75;
										 *_t144 =  *(__ebx + __edi * 2 - 0x75) + __dh;
										__eflags =  *_t144;
									case 0xf:
										L100:
										__eax =  *__esi;
										 *(__ebp - 0x24) =  *__esi;
										while(1) {
											L104:
											__eax =  *__esi;
											__eflags =  *( *__esi);
											if( *( *__esi) == 0) {
												break;
											}
											L105:
											__eax =  *__esi;
											__al =  *( *__esi);
											__eflags =  *( *__esi) -  *((intOrPtr*)(__ebp - 5));
											if( *( *__esi) !=  *((intOrPtr*)(__ebp - 5))) {
												L101:
												__eax =  *__esi;
												__al =  *__eax;
												__eax = __eax & 0x000000ff;
												__eflags = __eax;
												asm("bt [0x41a10c], eax");
												if(__eax >= 0) {
													 *__esi =  *__esi + 1;
													__eflags =  *__esi;
												} else {
													__eax =  *__esi;
													 *__esi = E0040B3C8( *__esi, __ecx);
												}
												continue;
											}
											break;
										}
										L106:
										__eax =  *(__ebp + 8);
										__edx =  *__esi;
										__edx =  *__esi -  *(__ebp - 0x24);
										 *(__ebp - 0x24) = E00408C00(__edx,  *(__ebp + 8));
										__eax =  *__esi;
										__eflags =  *__eax;
										if( *__eax != 0) {
											 *__esi =  *__esi + 1;
										}
										goto L109;
								}
							} else {
								__eflags = _t242 - 0x4d;
								if(_t242 == 0x4d) {
									__eflags =  *(_t275 - 0x1e) - 0x48;
									if( *(_t275 - 0x1e) == 0x48) {
										_t242 = 0x4e;
									}
								}
								L9:
								 *(_t275 - 0x1e) = _t242;
								goto L10;
							}
						} else {
							E00408C00(E0040B3A8( *_t274),  *((intOrPtr*)(_t275 + 8)));
							_pop(5);
							 *_t274 = E0040B3C8( *_t274, 5);
							 *(_t275 - 0x1e) = 0x20;
							continue;
						}
					}
					 *((intOrPtr*)( *((intOrPtr*)(_t275 + 8)) - 0x108)) =  *((intOrPtr*)( *((intOrPtr*)(_t275 + 8)) - 0x108)) - 1;
					_pop(_t270);
					 *[fs:eax] = _t270;
					_push(E00409779);
					return E00404298(_t275 - 0x2c, 2);
				}
			}

0x004094c2
0x004094c2
0x004094c2
0x004094c2
0x004094c3
0x004094cc
0x004094e3
0x0040951b
0x00409520
0x00409522
0x0040955a
0x0040955f
0x00409561
0x004095a3
0x004095a8
0x004095aa
0x004095ea
0x004095ef
0x004095f1
0x00409630
0x00409635
0x004095f3
0x004095f4
0x004095f9
0x00409616
0x0040961b
0x0040961c
0x0040961c
0x004095ac
0x004095ad
0x004095b2
0x004095cf
0x004095d4
0x004095d5
0x004095d5
0x00409563
0x00409563
0x00409568
0x0040957f
0x00409584
0x00409589
0x0040956a
0x0040956e
0x00409573
0x00409578
0x00409578
0x0040958a
0x0040958d
0x0040958d
0x00409524
0x00409524
0x00409529
0x0040952b
0x0040952b
0x0040952b
0x0040952b
0x0040953b
0x00409540
0x00409541
0x00409544
0x00409544
0x004094e5
0x004094e5
0x004094ea
0x004094ec
0x004094ec
0x004094ec
0x004094ec
0x004094f0
0x004094f4
0x004094f9
0x004094fc
0x00409502
0x00409505
0x00409505
0x00000000
0x00409743
0x0040902c
0x00409037
0x0040903e
0x0040906e
0x00409070
0x00409077
0x00409079
0x0040907b
0x0040907b
0x0040907b
0x0040907e
0x00409082
0x00409084
0x00409096
0x0040909d
0x004090a0
0x00409731
0x0040973d
0x00409742
0x00000000
0x00409742
0x004090a6
0x004090ac
0x00000000
0x00000000
0x00000000
0x0040912c
0x0040912d
0x00409134
0x0040913a
0x0040913e
0x00409170
0x00409175
0x00409140
0x00409158
0x0040915d
0x0040915d
0x00000000
0x00000000
0x0040917b
0x00409183
0x00409189
0x0040918e
0x00409194
0x0040919a
0x0040919d
0x00000000
0x00000000
0x004091a8
0x004091b0
0x004091b6
0x004091bb
0x004091c1
0x004091c7
0x004091ca
0x00000000
0x00000000
0x004091d5
0x004091dd
0x004091e6
0x004091e7
0x004091e7
0x004091ea
0x004091f0
0x004091f4
0x004091f8
0x004091fb
0x004091ec
0x004091ec
0x0040920a
0x0040920e
0x00409215
0x004091ee
0x00409224
0x00409228
0x0040922f
0x00409234
0x004091ec
0x00000000
0x00000000
0x0040923a
0x00409241
0x00409244
0x00409245
0x00409245
0x00409248
0x0040925b
0x0040925f
0x00409263
0x00409266
0x0040924a
0x0040924a
0x00409283
0x00409286
0x0040928d
0x0040924c
0x0040924c
0x0040924c
0x0040924d
0x004092aa
0x004092ad
0x004092b4
0x0040924f
0x0040924f
0x0040924f
0x00409250
0x004092bf
0x004092c3
0x004092c8
0x00409252
0x004092d3
0x004092d7
0x004092dc
0x004092e1
0x00409250
0x0040924d
0x0040924a
0x00000000
0x00000000
0x004092e7
0x004092ef
0x004092f5
0x004092f9
0x004092fb
0x004093ad
0x004093ad
0x004093ad
0x004093b0
0x004093b3
0x00000000
0x00000000
0x00409303
0x00409303
0x00409306
0x00409308
0x00409308
0x0040930d
0x00409314
0x00409326
0x00409326
0x00409329
0x0040932c
0x0040932f
0x00409348
0x00409348
0x00409348
0x0040934b
0x00409354
0x00409354
0x00409358
0x004093aa
0x004093aa
0x004093aa
0x004093aa
0x00000000
0x004093aa
0x0040935a
0x0040935a
0x0040935f
0x00409364
0x00409367
0x0040936c
0x0040936e
0x0040939c
0x0040939c
0x00000000
0x0040939c
0x00409370
0x00409370
0x00409375
0x0040937a
0x0040937d
0x00409382
0x00409384
0x00000000
0x00000000
0x00409386
0x00409386
0x0040938b
0x00409390
0x00409393
0x00409398
0x0040939a
0x00000000
0x00000000
0x00000000
0x0040939a
0x0040934d
0x0040934d
0x0040934d
0x00409350
0x00000000
0x00000000
0x00409352
0x00000000
0x00409352
0x00409331
0x00409331
0x00000000
0x00000000
0x00409337
0x00409337
0x00409337
0x0040933a
0x004093a2
0x004093a2
0x004093a5
0x004093a5
0x004093a7
0x00000000
0x004093a7
0x0040933c
0x0040933c
0x0040933c
0x0040933f
0x00000000
0x00000000
0x00409341
0x00409341
0x00409341
0x00409344
0x00000000
0x00000000
0x00409346
0x00000000
0x00409316
0x00409316
0x0040931e
0x00000000
0x0040931e
0x00409314
0x004093b9
0x004093b9
0x004093bd
0x004093c1
0x004093c3
0x004093c6
0x004093ce
0x004093d2
0x004093d4
0x004093d4
0x004093d4
0x004093c8
0x004093c8
0x004093c8
0x004093c6
0x004093d8
0x004093dc
0x004093de
0x004093de
0x004093e5
0x004093e9
0x004093ec
0x004093ef
0x00000000
0x00000000
0x004093fa
0x00409402
0x00409408
0x0040940c
0x0040940e
0x0040940e
0x00409415
0x00409419
0x0040941d
0x00409420
0x00000000
0x00000000
0x0040942b
0x00409433
0x00409439
0x0040943d
0x0040943f
0x0040943f
0x00409446
0x0040944a
0x0040944e
0x00409451
0x00000000
0x00000000
0x0040945c
0x0040945d
0x00409463
0x00409467
0x0040947d
0x00409481
0x00409486
0x00409469
0x00409469
0x0040946d
0x00409472
0x00409477
0x00000000
0x00000000
0x00409491
0x00409499
0x0040949f
0x004094a3
0x004094a5
0x004094a5
0x004094ac
0x004094b0
0x004094b4
0x004094b7
0x00000000
0x00000000
0x00000000
0x00000000
0x0040963b
0x00409642
0x00409646
0x0040964b
0x00409652
0x00409658
0x0040965d
0x00409671
0x00409675
0x0040967a
0x00409685
0x00409689
0x0040968e
0x00000000
0x00409693
0x0040965f
0x0040965f
0x00409664
0x00000000
0x00000000
0x00409666
0x00409666
0x0040966b
0x00000000
0x00000000
0x00000000
0x00000000
0x00409699
0x00409699
0x0040969a
0x0040969f
0x004096a1
0x00000000
0x004096bf
0x004096bf
0x004096c0
0x004096c5
0x004096c5
0x004096c5
0x00000000
0x004096de
0x004096de
0x004096e0
0x00409704
0x00409704
0x00409704
0x00409706
0x00409709
0x00000000
0x00000000
0x0040970b
0x0040970b
0x0040970d
0x0040970f
0x00409712
0x004096e5
0x004096e5
0x004096e7
0x004096e9
0x004096e9
0x004096ee
0x004096f5
0x00409702
0x00409702
0x004096f7
0x004096f7
0x004096fe
0x004096fe
0x00000000
0x004096f5
0x00000000
0x00409712
0x00409714
0x00409714
0x00409718
0x0040971a
0x00409720
0x00409726
0x00409728
0x0040972b
0x0040972d
0x0040972d
0x00000000
0x00000000
0x00409086
0x00409086
0x00409089
0x0040908b
0x0040908f
0x00409091
0x00409091
0x0040908f
0x00409093
0x00409093
0x00000000
0x00409093
0x00409040
0x0040904f
0x00409054
0x0040905c
0x0040905e
0x00000000
0x0040905e
0x0040903e
0x00409751
0x00409759
0x0040975c
0x0040975f
0x00409771
0x00409771

Strings

A/P, xrefs: 0040950E
AM/PM, xrefs: 004094CF
AAAA, xrefs: 00409596
AMPM, xrefs: 0040954D
AAA, xrefs: 004095DD

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID: A/P$AAA$AAAA$AM/PM$AMPM
API String ID: 0-3831542625
Opcode ID: 1fdd24253e9370fa086cd933c0a26a809c3b6e7475f7250cf902e71c107148b0
Instruction ID: d237a682ae2486c539e35768e2e8f7875c87f9ef86c983bedc224fbc5d8e543f
Opcode Fuzzy Hash: 1fdd24253e9370fa086cd933c0a26a809c3b6e7475f7250cf902e71c107148b0
Instruction Fuzzy Hash: 8A413876608104DBEB44DF55DA42B9E73F5AB08314F20407EE444AB2D3DB799E818B6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040DA9C Relevance: 6.1, APIs: 4, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E0040DA9C(intOrPtr* __eax) {
				char _v260;
				char _v768;
				char _v772;
				intOrPtr* _v776;
				signed short* _v780;
				char _v784;
				signed int _v788;
				char _v792;
				intOrPtr* _v796;
				signed char _t43;
				intOrPtr* _t60;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t85;
				intOrPtr* _t92;
				void* _t96;
				char* _t97;
				void* _t98;

				_v776 = __eax;
				if(( *(_v776 + 1) & 0x00000020) == 0) {
					E0040D968(0x80070057);
				}
				_t43 =  *_v776;
				if((_t43 & 0x00000fff) == 0xc) {
					if((_t43 & 0x00000040) == 0) {
						_v780 =  *((intOrPtr*)(_v776 + 8));
					} else {
						_v780 =  *((intOrPtr*)( *((intOrPtr*)(_v776 + 8))));
					}
					_v788 =  *_v780 & 0x0000ffff;
					_t79 = _v788 - 1;
					if(_t79 >= 0) {
						_t85 = _t79 + 1;
						_t96 = 0;
						_t97 =  &_v772;
						do {
							_v796 = _t97;
							_push(_v796 + 4);
							_t22 = _t96 + 1; // 0x1
							_push(_v780);
							L0040CB78();
							E0040D968(_v780);
							_push( &_v784);
							_t25 = _t96 + 1; // 0x1
							_push(_v780);
							L0040CB80();
							E0040D968(_v780);
							 *_v796 = _v784 -  *((intOrPtr*)(_v796 + 4)) + 1;
							_t96 = _t96 + 1;
							_t97 = _t97 + 8;
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					_t81 = _v788 - 1;
					if(_t81 >= 0) {
						_t84 = _t81 + 1;
						_t60 =  &_v768;
						_t92 =  &_v260;
						do {
							 *_t92 =  *_t60;
							_t92 = _t92 + 4;
							_t60 = _t60 + 8;
							_t84 = _t84 - 1;
						} while (_t84 != 0);
						do {
							goto L12;
						} while (E0040DA40(_t83, _t98) != 0);
						goto L15;
					}
					L12:
					_t83 = _v788 - 1;
					if(E0040DA10(_v788 - 1, _t98) != 0) {
						_push( &_v792);
						_push( &_v260);
						_push(_v780);
						L0040CB88();
						E0040D968(_v780);
						E0040DC94(_v792);
					}
				}
				L15:
				_push(_v776);
				L0040C714();
				return E0040D968(_v776);
			}

0x0040daa8
0x0040dab8
0x0040dabf
0x0040dabf
0x0040daca
0x0040dad8
0x0040dae7
0x0040db05
0x0040dae9
0x0040daf4
0x0040daf4
0x0040db14
0x0040db20
0x0040db23
0x0040db25
0x0040db26
0x0040db28
0x0040db2e
0x0040db30
0x0040db3f
0x0040db40
0x0040db4a
0x0040db4b
0x0040db50
0x0040db5b
0x0040db5c
0x0040db66
0x0040db67
0x0040db6c
0x0040db87
0x0040db89
0x0040db8a
0x0040db8d
0x0040db8d
0x0040db2e
0x0040db96
0x0040db99
0x0040db9b
0x0040db9c
0x0040dba2
0x0040dba8
0x0040dbaa
0x0040dbac
0x0040dbaf
0x0040dbb2
0x0040dbb2
0x0040dbb5
0x00000000
0x00000000
0x00000000
0x0040dbb5
0x0040dbb5
0x0040dbbc
0x0040dbc7
0x0040dbcf
0x0040dbd6
0x0040dbdd
0x0040dbde
0x0040dbe3
0x0040dbee
0x0040dbee
0x0040dbfc
0x0040dc00
0x0040dc06
0x0040dc07
0x0040dc17

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0040DB4B
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0040DB67
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0040DBDE
VariantClear.OLEAUT32(?), ref: 0040DC07

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: ArraySafe$Bound$ClearIndexVariant
String ID:
API String ID: 920484758-0
Opcode ID: 222dfd55f4586741cf6c642e18797c671bdcc356e7018be82b80e885789c82a2
Instruction ID: cb65c33fbd15e99c8b46a572fbb9a0f69ec699671839db6bc30c8d3839a206d5
Opcode Fuzzy Hash: 222dfd55f4586741cf6c642e18797c671bdcc356e7018be82b80e885789c82a2
Instruction Fuzzy Hash: 2541FF75E002199FCB61DF99CC91AC9B3BCAF48714F0041EAE549B7392D638AF858F58

Uniqueness

Uniqueness Score: -1.00%

Function 0040B6CC Relevance: 6.1, APIs: 4, Instructions: 97
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040B6CC() {
				char* _v28;
				char _v156;
				short _v414;
				signed short _t16;
				signed int _t18;
				int _t20;
				void* _t22;
				void* _t25;
				int _t26;
				int _t30;
				signed int _t34;
				signed int _t35;
				signed int _t36;
				signed int _t41;
				int* _t43;
				short* _t44;
				void* _t52;

				 *0x41c73c = 0x409;
				 *0x41c740 = 9;
				 *0x41c744 = 1;
				_t16 = GetThreadLocale();
				if(_t16 != 0) {
					 *0x41c73c = _t16;
				}
				if(_t16 != 0) {
					 *0x41c740 = _t16 & 0x3ff;
					 *0x41c744 = (_t16 & 0x0000ffff) >> 0xa;
				}
				memcpy(0x41a10c, 0x40b824, 8 << 2);
				if( *0x41a0c4 != 2) {
					_t18 = GetSystemMetrics(0x4a);
					__eflags = _t18;
					 *0x41c749 = _t18 & 0xffffff00 | _t18 != 0x00000000;
					_t20 = GetSystemMetrics(0x2a);
					__eflags = _t20;
					_t35 = _t34 & 0xffffff00 | _t20 != 0x00000000;
					 *0x41c748 = _t35;
					__eflags = _t35;
					if(__eflags != 0) {
						return E0040B654(__eflags, _t52);
					}
				} else {
					_t22 = E0040B6B4();
					if(_t22 != 0) {
						 *0x41c749 = 0;
						 *0x41c748 = 0;
						return _t22;
					}
					E0040B654(__eflags, _t52);
					_t41 = 0x20;
					_t25 = E0040307C(0x41a10c, 0x20, 0x40b824);
					_t36 = _t34 & 0xffffff00 | __eflags != 0x00000000;
					 *0x41c748 = _t36;
					__eflags = _t36;
					if(_t36 != 0) {
						 *0x41c749 = 0;
						return _t25;
					}
					_t26 = 0x80;
					_t43 =  &_v156;
					do {
						 *_t43 = _t26;
						_t26 = _t26 + 1;
						_t43 =  &(_t43[0]);
						__eflags = _t26 - 0x100;
					} while (_t26 != 0x100);
					_v28 =  &_v156;
					_t30 =  *0x41c73c; // 0x409
					GetStringTypeA(_t30, 2, _v28, 0x80,  &_v414);
					_t20 = 0x80;
					_t44 =  &_v414;
					while(1) {
						__eflags =  *_t44 - 2;
						_t41 = _t41 & 0xffffff00 |  *_t44 == 0x00000002;
						 *0x41c749 = _t41;
						__eflags = _t41;
						if(_t41 != 0) {
							goto L17;
						}
						_t44 = _t44 + 2;
						_t20 = _t20 - 1;
						__eflags = _t20;
						if(_t20 != 0) {
							continue;
						} else {
							return _t20;
						}
						L18:
					}
				}
				L17:
				return _t20;
				goto L18;
			}

0x0040b6d8
0x0040b6e2
0x0040b6ec
0x0040b6f6
0x0040b6fd
0x0040b6ff
0x0040b6ff
0x0040b707
0x0040b713
0x0040b71f
0x0040b71f
0x0040b733
0x0040b73c
0x0040b7f1
0x0040b7f6
0x0040b7fb
0x0040b802
0x0040b807
0x0040b809
0x0040b80c
0x0040b812
0x0040b814
0x00000000
0x0040b81c
0x0040b742
0x0040b742
0x0040b749
0x0040b74b
0x0040b752
0x00000000
0x0040b752
0x0040b75f
0x0040b76f
0x0040b771
0x0040b776
0x0040b779
0x0040b77f
0x0040b781
0x0040b783
0x00000000
0x0040b783
0x0040b78f
0x0040b794
0x0040b79a
0x0040b79a
0x0040b79c
0x0040b79d
0x0040b79e
0x0040b79e
0x0040b7ab
0x0040b7c0
0x0040b7c6
0x0040b7cb
0x0040b7d0
0x0040b7d6
0x0040b7d6
0x0040b7da
0x0040b7dd
0x0040b7e3
0x0040b7e5
0x00000000
0x00000000
0x0040b7e7
0x0040b7ea
0x0040b7ea
0x0040b7eb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040b7eb
0x0040b7d6
0x0040b823
0x0040b823
0x00000000

APIs

GetStringTypeA.KERNEL32(00000409,00000002,?,00000080,?), ref: 0040B7C6
GetThreadLocale.KERNEL32 ref: 0040B6F6

Part of subcall function 0040B654: GetCPInfo.KERNEL32(00000000,?), ref: 0040B66D

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: InfoLocaleStringThreadType
String ID:
API String ID: 1505017576-0
Opcode ID: 3794c920db37e6e97ba06ff53823b72820d057b72e698311a64b9840b593bf78
Instruction ID: 06f03b760bbf6a4ae54f9ae6f7b58259fe9b356b2d9927439d7f79daf329b313
Opcode Fuzzy Hash: 3794c920db37e6e97ba06ff53823b72820d057b72e698311a64b9840b593bf78
Instruction Fuzzy Hash: 853107315812468AD720EB69EC817E6379DEB55304F44C077D544AB3D2DBBC4894CBDE

Uniqueness

Uniqueness Score: -1.00%

Function 0040BBC4 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E0040BBC4(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				void* _t27;
				intOrPtr _t29;
				intOrPtr _t32;
				void* _t34;
				intOrPtr _t35;
				void* _t42;

				_push(__ebx);
				_v24 = 0;
				_push(_t42);
				_push(0x40bc54);
				_push( *[fs:eax]);
				 *[fs:eax] = _t42 + 0xffffffec;
				_t27 = GetLastError();
				if(_t27 == 0) {
					_t29 =  *0x41b640; // 0x406448
					_t34 = E0040A9A0(_t29, 1);
				} else {
					_v20 = _t27;
					_v16 = 0;
					E0040A0CC(_t27,  &_v24);
					_v12 = _v24;
					_v8 = 0xb;
					_t32 =  *0x41b5c4; // 0x406440
					_t34 = E0040A9DC(_t27, _t32, 1, __edi, __esi, 1,  &_v20);
				}
				 *((intOrPtr*)(_t34 + 0xc)) = _t27;
				E00403CAC();
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040BC5B);
				return E00404274( &_v24);
			}

0x0040bbca
0x0040bbcd
0x0040bbd2
0x0040bbd3
0x0040bbd8
0x0040bbdb
0x0040bbe3
0x0040bbe7
0x0040bc20
0x0040bc32
0x0040bbe9
0x0040bbe9
0x0040bbec
0x0040bbf5
0x0040bbfd
0x0040bc00
0x0040bc0a
0x0040bc1c
0x0040bc1c
0x0040bc34
0x0040bc39
0x0040bc40
0x0040bc43
0x0040bc46
0x0040bc53

APIs

GetLastError.KERNEL32(00000000,0040BC54), ref: 0040BBDE

Part of subcall function 0040A0CC: FormatMessageA.KERNEL32(00003200,00000000,00000000,00000000,?,00000100,00000000,00000000,0040BBFA,00000000,0040BC54), ref: 0040A0EB

Strings

Do@, xrefs: 0040BC12, 0040BC28
Hd@, xrefs: 0040BC20
@d@, xrefs: 0040BC0A

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID: @d@$Do@$Hd@
API String ID: 3479602957-4058831916
Opcode ID: 361e82b1f6fac66309a6106bb22aca1641d87dcd3541106325de7ff841b9ff01
Instruction ID: 51372cb0e1beb06329794f99284a3685744c2d8254db1d8812818b519f43b03b
Opcode Fuzzy Hash: 361e82b1f6fac66309a6106bb22aca1641d87dcd3541106325de7ff841b9ff01
Instruction Fuzzy Hash: 45115E706043099FE700EF65C881AAEB7F9EB48304B91847EE405F73C1DB799914CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00406208 Relevance: 6.0, APIs: 4, Instructions: 11
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406208(void* __eax, int __ecx, long __edx) {
				void* _t2;
				void* _t4;

				_t2 = GlobalHandle(__eax);
				GlobalUnWire(_t2);
				_t4 = GlobalReAlloc(_t2, __edx, __ecx);
				GlobalFix(_t4);
				return _t4;
			}

0x0040620b
0x00406212
0x00406217
0x0040621d
0x00406222

APIs

GlobalHandle.KERNEL32 ref: 0040620B
GlobalUnWire.KERNEL32(00000000), ref: 00406212
GlobalReAlloc.KERNEL32(00000000,00000000), ref: 00406217
GlobalFix.KERNEL32(00000000), ref: 0040621D

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: Global$AllocHandleWire
String ID:
API String ID: 2210401237-0
Opcode ID: 9f2e0acc68f9e2b8684d0ccdbcf489f6b0188e158b3370898db48574b1801adb
Instruction ID: f9789d26253292b1bd8d690e271fe4c7f8731a3866d56d680fda004eb2f9d0d9
Opcode Fuzzy Hash: 9f2e0acc68f9e2b8684d0ccdbcf489f6b0188e158b3370898db48574b1801adb
Instruction Fuzzy Hash: B1B009F8850254B8E98537F24D0FD3B921E989871A382596E7A02BA283D87DA824003D

Uniqueness

Uniqueness Score: -1.00%

Function 0040A1C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106
threadCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E0040A1C8(void* __ebx, void* __edi, void* __esi) {
				int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t53;
				void* _t54;
				intOrPtr _t80;
				void* _t83;
				void* _t84;
				void* _t86;
				void* _t87;
				intOrPtr _t90;

				_t89 = _t90;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(_t90);
				_push(0x40a2db);
				_push( *[fs:eax]);
				 *[fs:eax] = _t90;
				_v8 = GetThreadLocale();
				_t53 = 1;
				_t86 = 0x41c6a4;
				_t83 = 0x41c6d4;
				do {
					_t3 = _t53 + 0x44; // 0x45
					E0040A18C(_t3 - 1, _t53 - 1,  &_v16, 0xb, _t89);
					E004042C8(_t86, _v16);
					_t6 = _t53 + 0x38; // 0x39
					E0040A18C(_t6 - 1, _t53 - 1,  &_v20, 0xb, _t89);
					E004042C8(_t83, _v20);
					_t53 = _t53 + 1;
					_t83 = _t83 + 4;
					_t86 = _t86 + 4;
				} while (_t53 != 0xd);
				_t54 = 1;
				_t87 = 0x41c704;
				_t84 = 0x41c720;
				do {
					_t8 = _t54 + 5; // 0x6
					asm("cdq");
					_v12 = _t8 % 7;
					E0040A18C(_v12 + 0x31, _t54 - 1,  &_v24, 6, _t89);
					E004042C8(_t87, _v24);
					E0040A18C(_v12 + 0x2a, _t54 - 1,  &_v28, 6, _t89);
					E004042C8(_t84, _v28);
					_t54 = _t54 + 1;
					_t84 = _t84 + 4;
					_t87 = _t87 + 4;
				} while (_t54 != 8);
				_pop(_t80);
				 *[fs:eax] = _t80;
				_push(E0040A2E2);
				return E00404298( &_v28, 4);
			}

0x0040a1c9
0x0040a1cd
0x0040a1ce
0x0040a1cf
0x0040a1d0
0x0040a1d1
0x0040a1d2
0x0040a1d8
0x0040a1d9
0x0040a1de
0x0040a1e1
0x0040a1e9
0x0040a1ec
0x0040a1f1
0x0040a1f6
0x0040a1fb
0x0040a20a
0x0040a20e
0x0040a219
0x0040a22d
0x0040a231
0x0040a23c
0x0040a241
0x0040a242
0x0040a245
0x0040a248
0x0040a24d
0x0040a252
0x0040a257
0x0040a25c
0x0040a25c
0x0040a264
0x0040a267
0x0040a27f
0x0040a28a
0x0040a2a4
0x0040a2af
0x0040a2b4
0x0040a2b5
0x0040a2b8
0x0040a2bb
0x0040a2c2
0x0040a2c5
0x0040a2c8
0x0040a2da

APIs

GetThreadLocale.KERNEL32(00000000,0040A2DB,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040A1E4

Strings

He@, xrefs: 0040A296
Pd@, xrefs: 0040A202

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: LocaleThread
String ID: He@$Pd@
API String ID: 635194068-3739474730
Opcode ID: 672ea637b84f94cdcdf131e7f73cf041c4b40ee65dcc42bdb832a4ce45cf2957
Instruction ID: 47490b157cc27b464794dd44d2f7d0bfda04c09094b65753c667fc82aedcd1ed
Opcode Fuzzy Hash: 672ea637b84f94cdcdf131e7f73cf041c4b40ee65dcc42bdb832a4ce45cf2957
Instruction Fuzzy Hash: 0F31CA75F402086BDB00D645CC81AAF77A9EB89314F11817BF905EB3C1D63DED51876A

Uniqueness

Uniqueness Score: -1.00%

Function 00408EC4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74
threadCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E00408EC4(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				char _v280;
				char* _t32;
				intOrPtr* _t49;
				intOrPtr _t58;
				void* _t63;
				void* _t67;

				_v8 = 0;
				_t49 = __edx;
				_t63 = __eax;
				_push(_t67);
				_push(0x408fa2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffeec;
				E00404274(__edx);
				_v24 =  *((intOrPtr*)(_a4 - 0xe));
				_v22 =  *((intOrPtr*)(_a4 - 0x10));
				_v18 =  *((intOrPtr*)(_a4 - 0x12));
				if(_t63 > 2) {
					E0040430C( &_v8, 0x408fc4);
				} else {
					E0040430C( &_v8, 0x408fb8);
				}
				_t32 = E00404734(_v8);
				if(GetDateFormatA(GetThreadLocale(), 4,  &_v24, _t32,  &_v280, 0x100) != 0) {
					E004044E4(_t49, 0x100,  &_v280);
					if(_t63 == 1 &&  *((char*)( *_t49)) == 0x30) {
						E00404794( *_t49, E00404534( *_t49) - 1, 2, _t49);
					}
				}
				_pop(_t58);
				 *[fs:eax] = _t58;
				_push(E00408FA9);
				return E00404274( &_v8);
			}

0x00408ed1
0x00408ed4
0x00408ed6
0x00408eda
0x00408edb
0x00408ee0
0x00408ee3
0x00408ee8
0x00408ef4
0x00408eff
0x00408f0a
0x00408f11
0x00408f2a
0x00408f13
0x00408f1b
0x00408f1b
0x00408f3e
0x00408f57
0x00408f66
0x00408f6c
0x00408f87
0x00408f87
0x00408f6c
0x00408f8e
0x00408f91
0x00408f94
0x00408fa1

APIs

GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,00408FA2), ref: 00408F4A
GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,00408FA2), ref: 00408F50

Strings

yyyy, xrefs: 00408F25

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: DateFormatLocaleThread
String ID: yyyy
API String ID: 3303714858-3145165042
Opcode ID: 58406a18786425f2370cf754b75b7c9b4ee471d10be85077beef0581c5fbdb8d
Instruction ID: 5a83228c527fda4a9430351896f06e3c6fdb9cce138245c14f2bd672404fdb29
Opcode Fuzzy Hash: 58406a18786425f2370cf754b75b7c9b4ee471d10be85077beef0581c5fbdb8d
Instruction Fuzzy Hash: DD2171746041099BDB04EBA9C942AAEB3B9EF48300F5040BAF945F73D1DB389E00C769

Uniqueness

Uniqueness Score: -1.00%

Function 0040BE9C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E0040BE9C(void* __edx) {
				void* _t6;
				void* _t13;
				void* _t17;
				void* _t20;
				void* _t21;
				void* _t22;

				_t17 = __edx;
				if(__edx != 0) {
					_t22 = _t22 + 0xfffffff0;
					_t6 = E00403844(_t6, _t21);
				}
				_t20 = _t6;
				E00403510(0);
				 *((intOrPtr*)(_t20 + 0xc)) = 0xffff;
				 *((intOrPtr*)(_t20 + 0x10)) = CreateEventA(0, 0xffffffff, 0xffffffff, 0);
				 *((intOrPtr*)(_t20 + 0x14)) = CreateEventA(0, 0, 0, 0);
				 *(_t20 + 0x18) = 0xffffffff;
				 *((intOrPtr*)(_t20 + 0x20)) = E00403510(1);
				_t13 = _t20;
				if(_t17 != 0) {
					E0040389C(_t13);
					_pop( *[fs:0x0]);
				}
				return _t20;
			}

0x0040be9c
0x0040bea0
0x0040bea2
0x0040bea5
0x0040bea5
0x0040beac
0x0040beb2
0x0040beb7
0x0040becb
0x0040bedb
0x0040bede
0x0040bef1
0x0040bef4
0x0040bef8
0x0040befa
0x0040beff
0x0040bf06
0x0040bf0d

APIs

CreateEventA.KERNEL32(00000000,000000FF,000000FF,00000000,?,?,00416D49,00000000,00416D9D), ref: 0040BEC6
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,000000FF,000000FF,00000000,?,?,00416D49,00000000,00416D9D), ref: 0040BED6

Strings

Pp@, xrefs: 0040BEE7

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID: CreateEvent
String ID: Pp@
API String ID: 2692171526-3391016900
Opcode ID: 02dbef5ab87eed9b6754c1b9fc5d707e16669218e9fd5b910442afcbb4d5d06d
Instruction ID: a0ad5cc92a7b6c340a9271af2005998e5e38551338809d3d7900872c0ca25bac
Opcode Fuzzy Hash: 02dbef5ab87eed9b6754c1b9fc5d707e16669218e9fd5b910442afcbb4d5d06d
Instruction Fuzzy Hash: 02F0AF71640B115AD230AF294C02B067A919B02B39F24473AB664AB7E5E779A904479D

Uniqueness

Uniqueness Score: -1.00%

Function 0040F224 Relevance: 5.1, Strings: 4, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040F224(signed int __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				void* _v8;
				char _v264;
				char _v520;
				char _v524;
				signed char _t47;
				intOrPtr* _t59;
				intOrPtr _t61;
				intOrPtr* _t75;
				void* _t78;

				_v524 = 0;
				_t75 = __edx;
				_t47 = __eax;
				_push(_t78);
				_push(0x40f34a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t78 + 0xfffffdf8;
				_t73 = __eax & 0x00000fff;
				if((__eax & 0x00000fff) > 0x14) {
					if(__eax != 0x100) {
						if(__eax != 0x101) {
							if(E0040F680(__eax,  &_v8) == 0) {
								E00407568( &_v524, 4);
								_t59 =  *0x41b638; // 0x41a12c
								E00404580(_t75, _v524,  *_t59);
							} else {
								E00403490( *_v8,  &_v520);
								E00402B38( &_v520, 0x7fffffff, 2,  &_v264);
								E004044D8(__edx,  &_v264);
							}
						} else {
							E004042C8(__edx, 0x40f370);
						}
					} else {
						E004042C8(__edx, "String");
					}
				} else {
					E004042C8(__edx,  *((intOrPtr*)(0x41a33c + (_t73 & 0x0000ffff) * 4)));
				}
				if((_t47 & 0x00000020) != 0) {
					E00404580(_t75,  *_t75, "Array ");
				}
				if((_t47 & 0x00000040) != 0) {
					E00404580(_t75,  *_t75, "ByRef ");
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E0040F351);
				return E00404274( &_v524);
			}

0x0040f232
0x0040f238
0x0040f23a
0x0040f23e
0x0040f23f
0x0040f244
0x0040f247
0x0040f24c
0x0040f255
0x0040f272
0x0040f28a
0x0040f2a6
0x0040f2f1
0x0040f2fc
0x0040f306
0x0040f2a8
0x0040f2ba
0x0040f2cf
0x0040f2dc
0x0040f2dc
0x0040f28c
0x0040f293
0x0040f293
0x0040f274
0x0040f27b
0x0040f27b
0x0040f257
0x0040f263
0x0040f263
0x0040f30e
0x0040f319
0x0040f319
0x0040f321
0x0040f32c
0x0040f32c
0x0040f333
0x0040f336
0x0040f339
0x0040f349

Strings

Any, xrefs: 0040F28E
String, xrefs: 0040F276
Array , xrefs: 0040F314
ByRef , xrefs: 0040F327

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID: Any$Array $ByRef $String
API String ID: 0-2719049652
Opcode ID: 5dbb648f1cb5a93f2c94f81b0f3b8d108a4b45f72c6a37bef05bac062fbb4e01
Instruction ID: e2518fded1489171048f2a5cee91388dd0c3896a9c506eae5d6a59570d0575ab
Opcode Fuzzy Hash: 5dbb648f1cb5a93f2c94f81b0f3b8d108a4b45f72c6a37bef05bac062fbb4e01
Instruction Fuzzy Hash: 1B2148707042149BC730FA15C841AAA73A9EB88720F5486BFFE40B3BD1DB3C9D49869D

Uniqueness

Uniqueness Score: -1.00%

Function 00413B80 Relevance: 5.1, Strings: 4, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00413B80(intOrPtr __eax, void* __ebx, char* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v12;
				char* _t15;
				char* _t23;
				intOrPtr _t30;
				char _t31;
				intOrPtr _t39;
				intOrPtr _t42;
				void* _t45;

				_v12 = 0;
				_t23 = __edx;
				_push(_t45);
				_push(0x413c26);
				_push( *[fs:eax]);
				 *[fs:eax] = _t45 + 0xfffffff8;
				_v8 = 0;
				if(__edx != 0) {
					_t39 = __eax;
					while( *_t23 != 0) {
						_t15 = _t23;
						while(1) {
							_t31 =  *_t23;
							if(_t31 == 0 || _t31 + 0xd3 - 2 < 0) {
								break;
							}
							_t23 = _t23 + 1;
						}
						E00404364( &_v12, _t23 - _t15, _t15);
						_t42 = E00416938(_t39, _t23 - _t15, _v12);
						if(_t42 == 0 && E004072A8(_v12, 0x413c40) != 0) {
							_t42 = _t39;
						}
						if(_t42 != 0) {
							if( *_t23 == 0x2e) {
								_t23 = _t23 + 1;
							}
							if( *_t23 == 0x2d) {
								_t23 = _t23 + 1;
							}
							if( *_t23 == 0x3e) {
								_t23 = _t23 + 1;
							}
							_t39 = _t42;
							continue;
						}
						goto L19;
					}
					_v8 = _t39;
				}
				L19:
				_pop(_t30);
				 *[fs:eax] = _t30;
				_push(E00413C2D);
				return E00404274( &_v12);
			}

0x00413b8b
0x00413b8e
0x00413b94
0x00413b95
0x00413b9a
0x00413b9d
0x00413ba2
0x00413ba7
0x00413ba9
0x00413c08
0x00413bad
0x00413bb2
0x00413bb2
0x00413bb6
0x00000000
0x00000000
0x00413bb1
0x00413bb1
0x00413bc8
0x00413bd7
0x00413bdb
0x00413bee
0x00413bee
0x00413bf2
0x00413bf7
0x00413bf9
0x00413bf9
0x00413bfd
0x00413bff
0x00413bff
0x00413c03
0x00413c05
0x00413c05
0x00413c06
0x00000000
0x00413c06
0x00000000
0x00413bf2
0x00413c0d
0x00413c0d
0x00413c10
0x00413c12
0x00413c15
0x00413c18
0x00413c25

Strings

-, xrefs: 00413BFA
>, xrefs: 00413C00
., xrefs: 00413BF4
Owner, xrefs: 00413BDD

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID: -$.$>$Owner
API String ID: 0-4224991809
Opcode ID: 3481a8d3e807d23629ad8f2962a0b2d15f50816a2bf6a8093dbb72b7b197206a
Instruction ID: e2ac08daa1a8529d658826db3d208b93263f312bdbc23de68c8dc9a9885c59d1
Opcode Fuzzy Hash: 3481a8d3e807d23629ad8f2962a0b2d15f50816a2bf6a8093dbb72b7b197206a
Instruction Fuzzy Hash: 42113A76A082505FDB228E3484912EF7BD59B46725F1542FAD841AB386E63C9FC182C8

Uniqueness

Uniqueness Score: -1.00%

Function 00414CF0 Relevance: 5.0, Strings: 4, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00414CF0(void* __eax, void* __ecx, void* __edx) {
				signed int _t7;
				void* _t8;
				void* _t17;
				void* _t29;

				_push(__ecx);
				_t29 = __edx;
				_t17 = __eax;
				_t7 = E00415930(__ecx) & 0x0000007f;
				if(_t7 > 0xd) {
					L7:
					_t8 = E00413D90();
				} else {
					_t1 = _t7 + E00414D17; // 0x5
					switch( *((intOrPtr*)( *_t1 * 4 +  &M00414D25))) {
						case 0:
							goto L7;
						case 1:
							E004142B8(_t17, 1, _t30);
							E00404364(_t29,  *_t30, 0);
							_t8 = E004142B8(_t17,  *_t30, E0040478C(_t29));
							goto L8;
						case 2:
							__eax = __esi;
							__edx = 0x414dbc;
							__eax = E004042C8(__esi, 0x414dbc);
							goto L8;
						case 3:
							__eax = __esi;
							__edx = 0x414dcc;
							__eax = E004042C8(__esi, 0x414dcc);
							goto L8;
						case 4:
							__eax = __esi;
							__edx = 0x414ddc;
							__eax = E004042C8(__esi, 0x414ddc);
							goto L8;
						case 5:
							__eax = __esi;
							__edx = 0x414de8;
							__eax = E004042C8(__esi, 0x414de8);
							goto L8;
					}
				}
				L8:
				return _t8;
			}

0x00414cf2
0x00414cf3
0x00414cf5
0x00414cfe
0x00414d04
0x00414da8
0x00414da8
0x00414d0a
0x00414d0a
0x00414d10
0x00000000
0x00000000
0x00000000
0x00414d46
0x00414d54
0x00414d69
0x00000000
0x00000000
0x00414d70
0x00414d72
0x00414d77
0x00000000
0x00000000
0x00414d7e
0x00414d80
0x00414d85
0x00000000
0x00000000
0x00414d8c
0x00414d8e
0x00414d93
0x00000000
0x00000000
0x00414d9a
0x00414d9c
0x00414da1
0x00000000
0x00000000
0x00414d10
0x00414dad
0x00414db0

Strings

False, xrefs: 00414D72
nil, xrefs: 00414D8E
True, xrefs: 00414D80
Null, xrefs: 00414D9C

Memory Dump Source

Source File: 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.521871937.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000041F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.0000000000426000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.521934731.000000000042C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.522373914.0000000000430000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_ZeroX.jbxd

Similarity

API ID:
String ID: False$Null$True$nil
API String ID: 0-1063864068
Opcode ID: d6b6c0079952a2019b41b248c796b6e3b91ee410980cdbbaeab3a5d9dad15557
Instruction ID: ed8866f8eb20ed4e7d1bfd29c4e6a2e6d27cafb0617d59c3fd39bb294b81b458
Opcode Fuzzy Hash: d6b6c0079952a2019b41b248c796b6e3b91ee410980cdbbaeab3a5d9dad15557
Instruction Fuzzy Hash: 1201467832826047CA44767E28124EA12A64BC9759B31C6BFB24AD73D6C93C8CC2129E

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: DATOS.exePID: 6132, Parent PID: 6024COMMON

Execution Graph

Execution Coverage:	21.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1646
Total number of Limit Nodes:	72

Executed Functions

Function 0040C8D0 Relevance: 23.7, APIs: 12, Strings: 1, Instructions: 934
COMMONCrypto

Download Yara Rule

C-Code - Quality: 77%

			E0040C8D0(char* __ecx, signed int __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				signed int _t464;
				signed int _t478;
				void* _t486;
				intOrPtr* _t499;
				signed int _t501;
				signed int _t504;
				signed int _t508;
				signed int _t514;
				signed int _t515;
				intOrPtr* _t524;
				intOrPtr* _t525;
				signed int _t536;
				signed int _t546;
				signed int _t547;
				void* _t548;
				void* _t549;
				signed int _t551;
				void* _t557;
				signed int _t568;
				intOrPtr* _t576;
				signed int _t577;
				signed int _t578;
				signed int _t588;
				intOrPtr* _t589;
				signed int _t594;
				signed int _t595;
				signed int _t602;
				signed int _t613;
				signed int _t614;
				signed int _t618;
				signed int _t622;
				signed int _t623;
				intOrPtr* _t625;
				signed int _t630;
				signed int _t631;
				signed int _t633;
				signed int _t634;
				void* _t636;
				signed int _t637;
				intOrPtr _t639;
				signed int _t640;
				signed char _t644;
				char _t646;
				signed int _t647;
				signed int _t652;
				signed int _t656;
				signed int _t666;
				intOrPtr _t668;
				signed int _t669;
				intOrPtr _t670;
				void* _t671;
				void* _t672;
				signed int _t674;
				intOrPtr _t711;
				signed int _t712;
				intOrPtr _t720;
				intOrPtr* _t726;
				signed int _t747;
				intOrPtr _t750;
				signed int _t776;
				signed int _t817;
				char* _t821;
				intOrPtr* _t823;
				intOrPtr* _t824;
				intOrPtr _t826;
				void* _t827;
				intOrPtr* _t829;
				signed int* _t832;
				signed int _t833;
				void* _t834;
				intOrPtr* _t836;
				intOrPtr _t837;
				signed int _t838;
				signed int _t839;
				signed int _t840;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				void* _t845;

				_t815 = __edx;
				E00417F20(E00419A43, _t845);
				_t821 = __ecx;
				 *((intOrPtr*)(_t845 - 0x38)) = __ecx;
				E00401CD0(_t845 - 0x30);
				 *((intOrPtr*)(_t845 - 0x30)) = 0x41b788;
				_t666 = 0;
				 *(_t845 - 4) = 0;
				 *((intOrPtr*)(_t845 - 0x64)) = 0;
				InitializeCriticalSection(_t845 - 0x60);
				 *(_t845 - 4) = 1;
				E00405F8F(_t845 - 0x64,  *(_t845 + 8));
				 *(_t845 + 8) = 0;
				if( *((intOrPtr*)( *((intOrPtr*)(_t845 + 0x18)) + 0x30)) > 0) {
					_t829 =  *((intOrPtr*)(_t845 + 0x14));
					while(1) {
						_push(0x18);
						_t647 = E00402E12();
						if(_t647 == _t666) {
							_t844 = 0;
							__eflags = 0;
						} else {
							 *(_t647 + 4) = _t666;
							 *_t647 = 0x41b9a4;
							_t844 = _t647;
						}
						 *(_t845 - 0x18) = _t844;
						if(_t844 != _t666) {
							 *((intOrPtr*)( *_t844 + 4))(_t844);
						}
						_push(0x18);
						 *((intOrPtr*)(_t844 + 8)) = _t845 - 0x64;
						 *((intOrPtr*)(_t844 + 0x10)) =  *((intOrPtr*)(_t845 + 0xc));
						 *(_t844 + 0x14) =  *(_t845 + 0x10);
						 *((intOrPtr*)(_t845 + 0xc)) =  *((intOrPtr*)(_t845 + 0xc)) +  *_t829;
						 *(_t845 - 4) = 2;
						asm("adc [ebp+0x10], ecx");
						_t652 = E00402E12();
						if(_t652 == _t666) {
							_t674 = 0;
							__eflags = 0;
						} else {
							 *(_t652 + 4) =  *(_t652 + 4) & 0x00000000;
							 *(_t652 + 0x10) =  *(_t652 + 0x10) & 0x00000000;
							 *_t652 = 0x41b994;
							_t674 = _t652;
						}
						 *(_t845 - 0x10) = _t674;
						if(_t674 != 0) {
							 *((intOrPtr*)( *_t674 + 4))(_t674);
						}
						_push( *((intOrPtr*)(_t829 + 4)));
						 *(_t845 - 4) = 3;
						E00405FB6(_t674, _t844,  *_t829);
						_push(_t845 - 0x10);
						E0040B7D6(_t845 - 0x30, _t815);
						_t656 =  *(_t845 - 0x10);
						 *(_t845 - 4) = 2;
						if(_t656 != 0) {
							 *((intOrPtr*)( *_t656 + 8))(_t656);
						}
						 *(_t845 - 4) = 1;
						if(_t844 != 0) {
							 *((intOrPtr*)( *_t844 + 8))(_t844);
						}
						 *(_t845 + 8) =  *(_t845 + 8) + 1;
						_t829 = _t829 + 8;
						if( *(_t845 + 8) >=  *((intOrPtr*)( *((intOrPtr*)(_t845 + 0x18)) + 0x30))) {
							break;
						}
						_t666 = 0;
						__eflags = 0;
					}
					_t821 =  *((intOrPtr*)(_t845 - 0x38));
					_t666 = 0;
				}
				 *((intOrPtr*)(_t845 - 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t845 + 0x18)) + 8));
				E0040AE16(_t845 - 0x118);
				 *(_t845 - 4) = 4;
				E0040DDE1(_t845 - 0xc8);
				 *(_t845 - 4) = 5;
				E0040D8EC(_t815,  *((intOrPtr*)(_t845 + 0x18)), _t845 - 0x118);
				if( *_t821 == 0) {
					L21:
					E004030DF();
					_t464 =  *(_t821 + 0x74);
					_t832 = _t821 + 0x74;
					if(_t464 != _t666) {
						 *((intOrPtr*)( *_t464 + 8))(_t464);
						 *_t832 = _t666;
					}
					if( *((char*)(_t821 + 0x68)) != 0) {
						_push(0xc0);
						_t636 = E00402E12();
						 *(_t845 + 8) = _t636;
						_t864 = _t636 - _t666;
						 *(_t845 - 4) = 6;
						if(_t636 == _t666) {
							_t637 = 0;
							__eflags = 0;
						} else {
							_t637 = E0040ACA8(_t636, _t864); // executed
						}
						 *(_t845 - 4) = 5;
						 *((intOrPtr*)(_t821 + 0x6c)) = _t637;
						E00405F8F(_t832, _t637);
						_t639 =  *((intOrPtr*)(_t821 + 0x6c));
						if(_t639 == _t666) {
							_t640 = 0;
							__eflags = 0;
						} else {
							_t640 = _t639 + 4;
						}
						 *((intOrPtr*)(_t821 + 0x70)) = _t640;
					}
					_t815 = _t845 - 0x118;
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t821 + 0x70))))))(_t845 - 0x118);
					 *(_t845 - 0x14) = _t666;
					if( *((intOrPtr*)(_t845 - 0x34)) <= _t666) {
						L86:
						E0040DD67(_t821 + 4, _t886, _t845 - 0x118);
						 *_t821 = 1;
						goto L87;
					} else {
						do {
							_t576 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t845 + 0x18)) + 0xc)) +  *(_t845 - 0x14) * 4));
							_t841 =  *( *(_t576 + 0x14));
							 *(_t845 - 0x18) =  *( *(_t576 + 0x14));
							if( *_t576 != 1 ||  *((intOrPtr*)(_t576 + 4)) != 1) {
								 *(_t845 + 8) = _t666;
								 *(_t845 - 4) = 0x11;
								_t577 = E00412D3F(_t841, 0x4206a8);
								__eflags = _t577;
								if(_t577 != 0) {
									_push(0x4c0);
									_t594 = E00402E12();
									 *(_t845 + 0x10) = _t594;
									__eflags = _t594 - _t666;
									 *(_t845 - 4) = 0x12;
									if(__eflags == 0) {
										_t595 = 0;
										__eflags = 0;
									} else {
										_t595 = E0040DC77(_t594, __eflags);
									}
									 *(_t845 - 4) = 0x11;
									E00405F8F(_t845 + 8, _t595);
								}
								_t578 =  *(_t845 + 8);
								__eflags = _t578 - _t666;
								if(_t578 == _t666) {
									 *(_t845 - 4) = 0x13;
									E004030CF(_t845 - 0xc8);
									 *(_t845 - 4) = 1;
									E0040A5F4(_t845 - 0x118);
									_t272 = _t845 - 4;
									 *_t272 =  *(_t845 - 4) & 0x00000000;
									__eflags =  *_t272;
									DeleteCriticalSection(_t845 - 0x60);
									E004099E1(_t845 - 0x64);
									 *((intOrPtr*)(_t845 - 0x30)) = 0x41b788;
									 *(_t845 - 4) = 0x14;
									goto L120;
								} else {
									 *(_t845 + 0x10) = _t578;
									 *((intOrPtr*)( *_t578 + 4))(_t578);
									_push(_t845 + 0x10);
									 *(_t845 - 4) = 0x15;
									E0040DE28(_t821 + 0x78, _t815);
									_t588 =  *(_t845 + 0x10);
									 *(_t845 - 4) = 0x11;
									__eflags = _t588 - _t666;
									if(_t588 != _t666) {
										 *((intOrPtr*)( *_t588 + 8))(_t588);
									}
									__eflags =  *((char*)(_t821 + 0x68));
									if(__eflags != 0) {
										E0040B210(_t666,  *((intOrPtr*)(_t821 + 0x6c)), _t815, _t821, _t845, __eflags,  *(_t845 + 8));
									}
									_t589 =  *(_t845 + 8);
									 *(_t845 - 4) = 5;
									goto L83;
								}
							} else {
								 *(_t845 + 8) = _t666;
								 *(_t845 + 0x10) = _t666;
								 *(_t845 - 4) = 8;
								if(E00412D3F(_t841, 0x420678) != 0) {
									_push(0x1d78); // executed
									_t633 = E00402E12(); // executed
									 *(_t845 - 0x10) = _t633;
									_t870 = _t633 - _t666;
									 *(_t845 - 4) = 9;
									if(_t633 == _t666) {
										_t634 = 0;
										__eflags = 0;
									} else {
										_t634 = E0040D54C(_t633, _t870);
									}
									 *(_t845 - 4) = 8;
									E00405F8F(_t845 + 8, _t634);
								}
								if(E00412D3F(_t841, 0x420688) != 0) {
									_push(0x4c50);
									_t630 = E00402E12();
									 *(_t845 - 0x10) = _t630;
									_t872 = _t630 - _t666;
									 *(_t845 - 4) = 0xa;
									if(_t630 == _t666) {
										_t631 = 0;
										__eflags = 0;
									} else {
										_t631 = E0040D743(_t630, _t872);
									}
									 *(_t845 - 4) = 8;
									E00405F8F(_t845 + 8, _t631);
								}
								if(E00412D3F(_t841, 0x420698) != 0) {
									_push(0x14);
									_t843 = E00402E12();
									 *(_t845 - 0x10) = _t843;
									 *(_t845 - 4) = 0xb;
									if(_t843 == _t666) {
										_t843 = 0;
										__eflags = 0;
									} else {
										E0040DD93(_t843);
										 *_t843 = 0x41b978;
									}
									 *(_t845 - 4) = 8;
									E00405F8F(_t845 + 0x10, _t843);
									_t841 =  *(_t845 - 0x18);
								}
								if(E00412D3F(_t841, 0x4206b8) != 0) {
									_push(0x18);
									_t625 = E00402E12();
									if(_t625 == _t666) {
										_t625 = 0;
										__eflags = 0;
									} else {
										 *(_t625 + 4) = _t666;
										 *(_t625 + 0x10) = _t666;
										 *(_t625 + 8) = _t666;
										 *(_t625 + 0x14) = _t666;
										 *_t625 = 0x41b968;
									}
									E00405F8F(_t845 + 8, _t625);
								}
								if(E00412D3F(_t841, 0x4206c8) != 0) {
									_push(0x80);
									_t622 = E00402E12();
									 *(_t845 - 0x18) = _t622;
									 *(_t845 - 4) = 0xc;
									if(_t622 == _t666) {
										_t623 = 0;
										__eflags = 0;
									} else {
										_t623 = E0040DB37(_t622);
									}
									 *(_t845 - 4) = 8;
									E00405F8F(_t845 + 0x10, _t623);
								}
								if( *(_t845 + 0x10) != _t666) {
									_push(0x60);
									_t618 = E00402E12();
									 *(_t845 - 0x18) = _t618;
									 *(_t845 - 4) = 0xd;
									if(_t618 == _t666) {
										_t842 = 0;
										__eflags = 0;
									} else {
										_t842 = E0040BF42(_t618);
									}
									 *(_t845 - 4) = 8;
									E00405F8F(_t845 + 8, _t842);
									_t113 = _t842 + 0x58; // 0x58
									E00405F8F(_t113,  *(_t845 + 0x10));
								}
								_t602 =  *(_t845 + 8);
								if(_t602 == _t666) {
									_t776 =  *(_t845 + 0x10);
									 *(_t845 - 4) = 7;
									__eflags = _t776 - _t666;
									if(_t776 != _t666) {
										 *((intOrPtr*)( *_t776 + 8))(_t776);
										_t602 =  *(_t845 + 8);
									}
									__eflags = _t602 - _t666;
									 *(_t845 - 4) = 5;
									if(_t602 != _t666) {
										 *((intOrPtr*)( *_t602 + 8))(_t602);
									}
									 *(_t845 - 4) = 0xe;
									E004030CF(_t845 - 0xc8);
									 *(_t845 - 4) = 1;
									E0040A5F4(_t845 - 0x118);
									 *(_t845 - 4) =  *(_t845 - 4) & 0x00000000;
									DeleteCriticalSection(_t845 - 0x60);
									E004099E1(_t845 - 0x64);
									 *((intOrPtr*)(_t845 - 0x30)) = 0x41b788;
									 *(_t845 - 4) = 0xf;
									L120:
									E004030DF();
									 *(_t845 - 4) =  *(_t845 - 4) | 0xffffffff;
									E004030CF(_t845 - 0x30);
									_t486 = 0x80004001;
								} else {
									 *(_t845 - 0x10) = _t602;
									 *((intOrPtr*)( *_t602 + 4))(_t602);
									_push(_t845 - 0x10);
									 *(_t845 - 4) = 0x10;
									E0040DE28(_t821 + 0x78, _t815);
									_t613 =  *(_t845 - 0x10);
									 *(_t845 - 4) = 8;
									if(_t613 != _t666) {
										 *((intOrPtr*)( *_t613 + 8))(_t613);
									}
									if( *((char*)(_t821 + 0x68)) != 0) {
										E0040B1F1(_t666,  *((intOrPtr*)(_t821 + 0x6c)), _t815, _t821, _t845,  *(_t845 + 8));
									}
									_t614 =  *(_t845 + 0x10);
									 *(_t845 - 4) = 7;
									if(_t614 != _t666) {
										 *((intOrPtr*)( *_t614 + 8))(_t614);
									}
									_t589 =  *(_t845 + 8);
									 *(_t845 - 4) = 5;
									goto L83;
								}
							}
							goto L161;
							L83:
							if(_t589 != _t666) {
								 *((intOrPtr*)( *_t589 + 8))(_t589);
							}
							 *(_t845 - 0x14) =  *(_t845 - 0x14) + 1;
							_t886 =  *(_t845 - 0x14) -  *((intOrPtr*)(_t845 - 0x34));
						} while ( *(_t845 - 0x14) <  *((intOrPtr*)(_t845 - 0x34)));
						goto L86;
					}
				} else {
					_t56 = _t821 + 4; // 0x4
					_t644 = E0040DA11(_t845 - 0x118, _t56);
					asm("sbb al, al");
					_t646 =  ~_t644 + 1;
					 *((char*)(_t845 + 0xb)) = _t646;
					if(_t646 == 0) {
						L87:
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t821 + 0x70)))) + 4))();
						 *(_t845 - 0x18) = _t666;
						 *(_t845 - 0x3c) = _t666;
						 *(_t845 - 0x10) = _t666;
						if( *((intOrPtr*)(_t845 - 0x34)) <= _t666) {
							L153:
							E0040B47F(_t845 - 0x118,  *((intOrPtr*)( *((intOrPtr*)(_t845 - 0xd0)))), _t845 - 0x78, _t845 - 0x11c);
							if( *((char*)(_t821 + 0x68)) != 0) {
								 *((intOrPtr*)( *((intOrPtr*)(_t821 + 0x6c)) + 0xbc)) =  *((intOrPtr*)(_t845 - 0x78));
							}
							if( *((intOrPtr*)(_t845 - 0x34)) != _t666) {
								E00401EBF(_t845 - 0xb4, 4);
								 *((intOrPtr*)(_t845 - 0xb4)) = 0x41b778;
								 *(_t845 - 4) = 0x2b;
								E00403138(_t845 - 0xb4,  *((intOrPtr*)(_t845 - 0x28)));
								_t833 = 0;
								__eflags =  *((intOrPtr*)(_t845 - 0x28)) - _t666;
								if( *((intOrPtr*)(_t845 - 0x28)) > _t666) {
									do {
										E0040882F(_t845 - 0xb4, _t815,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t845 - 0x24)) + _t833 * 4)))));
										_t833 = _t833 + 1;
										__eflags = _t833 -  *((intOrPtr*)(_t845 - 0x28));
									} while (_t833 <  *((intOrPtr*)(_t845 - 0x28)));
								}
								 *((intOrPtr*)(_t845 - 0x74)) =  *((intOrPtr*)(_t845 + 0x1c));
								_t478 =  *(_t821 + 0x74);
								_t834 =  *((intOrPtr*)( *_t478 + 0xc))(_t478,  *((intOrPtr*)(_t845 - 0xa8)), _t666,  *((intOrPtr*)(_t845 - 0x28)), _t845 - 0x74, _t666, 1,  *((intOrPtr*)(_t845 + 0x20)));
								 *(_t845 - 4) = 5;
								E004030CF(_t845 - 0xb4);
								 *(_t845 - 4) = 0x2c;
								E004030CF(_t845 - 0xc8);
								 *(_t845 - 4) = 1;
								E0040A5F4(_t845 - 0x118);
								_t441 = _t845 - 4;
								 *_t441 =  *(_t845 - 4) & 0x00000000;
								__eflags =  *_t441;
								E0040DB1C(_t845 - 0x64);
								 *((intOrPtr*)(_t845 - 0x30)) = 0x41b788;
								 *(_t845 - 4) = 0x2d;
							} else {
								 *(_t845 - 4) = 0x29;
								E004030CF(_t845 - 0xc8);
								 *(_t845 - 4) = 1;
								E0040A5F4(_t845 - 0x118);
								 *(_t845 - 4) =  *(_t845 - 4) & 0x00000000;
								E0040DB1C(_t845 - 0x64);
								 *((intOrPtr*)(_t845 - 0x30)) = 0x41b788;
								 *(_t845 - 4) = 0x2a;
								_t834 = 0;
							}
							goto L160;
						} else {
							 *(_t845 + 0x10) = _t666;
							do {
								 *(_t845 + 8) =  *(_t845 + 8) & 0x00000000;
								_t836 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t845 + 0x18)) + 0xc)) +  *(_t845 - 0x10) * 4));
								_t668 =  *((intOrPtr*)( *((intOrPtr*)(_t836 + 0x14))));
								_t823 =  *((intOrPtr*)( *(_t845 + 0x10) +  *((intOrPtr*)( *((intOrPtr*)(_t845 - 0x38)) + 0x84))));
								_t499 =  *_t823;
								_t815 = _t845 + 8;
								 *(_t845 - 4) = 0x16;
								 *((intOrPtr*)( *_t499))(_t499, 0x41b2a0, _t845 + 8);
								_t501 =  *(_t845 + 8);
								if(_t501 == 0) {
									L94:
									_t669 = 0;
									 *(_t845 - 4) = 5;
									if(_t501 != 0) {
										 *((intOrPtr*)( *_t501 + 8))(_t501);
									}
									 *(_t845 - 0x1c) = _t669;
									_t824 =  *_t823;
									 *(_t845 - 4) = 0x1b;
									 *((intOrPtr*)( *_t824))(_t824, 0x41b250, _t845 - 0x1c);
									_t504 =  *(_t845 - 0x1c);
									if(_t504 == _t669) {
										L103:
										 *(_t845 - 4) = 5;
										if(_t504 != _t669) {
											 *((intOrPtr*)( *_t504 + 8))(_t504);
										}
										_t670 =  *_t836;
										 *(_t845 + 0x10) =  *(_t845 + 0x10) + 4;
										_t837 =  *((intOrPtr*)(_t836 + 4));
										E00401EBF(_t845 - 0x8c, 4);
										 *((intOrPtr*)(_t845 - 0x8c)) = 0x41b750;
										 *(_t845 - 4) = 0x25;
										E00401EBF(_t845 - 0xa0, 4);
										 *((intOrPtr*)(_t845 - 0xa0)) = 0x41b750;
										 *(_t845 - 4) = 0x26;
										E00403138(_t845 - 0x8c, _t670);
										_t508 = E00403138(_t845 - 0xa0, _t837);
										_t826 =  *((intOrPtr*)(_t845 + 0x18));
										if(_t837 > 0) {
											do {
												_t508 = E0040882F(_t845 - 0xa0, _t815,  *((intOrPtr*)(_t826 + 0x48)) +  *(_t845 - 0x3c) * 8);
												 *(_t845 - 0x3c) =  *(_t845 - 0x3c) + 1;
												_t837 = _t837 - 1;
											} while (_t837 != 0);
										}
										 *(_t845 + 8) =  *(_t845 + 8) & 0x00000000;
										if(_t670 > 0) {
											_t840 =  *(_t845 - 0x18);
											do {
												_t711 =  *((intOrPtr*)(_t826 + 0x1c));
												_t817 = 0;
												if(_t711 <= 0) {
													L122:
													_t514 = _t508 | 0xffffffff;
												} else {
													_t524 =  *((intOrPtr*)(_t826 + 0x20));
													while( *_t524 != _t840) {
														_t817 = _t817 + 1;
														_t524 = _t524 + 8;
														if(_t817 < _t711) {
															continue;
														} else {
															goto L122;
														}
														goto L123;
													}
													_t514 = _t817;
												}
												L123:
												if(_t514 < 0) {
													_t712 =  *(_t826 + 0x30);
													_t815 = 0;
													__eflags = _t712;
													if(_t712 <= 0) {
														L129:
														_t515 = _t514 | 0xffffffff;
														__eflags = _t515;
													} else {
														_t525 =  *((intOrPtr*)(_t826 + 0x34));
														while(1) {
															__eflags =  *_t525 - _t840;
															if( *_t525 == _t840) {
																break;
															}
															_t815 = _t815 + 1;
															_t525 = _t525 + 4;
															__eflags = _t815 - _t712;
															if(_t815 < _t712) {
																continue;
															} else {
																goto L129;
															}
															goto L130;
														}
														_t515 = _t815;
													}
													L130:
													__eflags = _t515;
													if(_t515 < 0) {
														 *(_t845 - 4) = 0x25;
														E004030CF(_t845 - 0xa0);
														 *(_t845 - 4) = 5;
														E004030CF(_t845 - 0x8c);
														 *(_t845 - 4) = 0x27;
														E004030CF(_t845 - 0xc8);
														 *(_t845 - 4) = 1;
														E0040A5F4(_t845 - 0x118);
														 *(_t845 - 4) =  *(_t845 - 4) & 0x00000000;
														E0040DB1C(_t845 - 0x64);
														 *((intOrPtr*)(_t845 - 0x30)) = 0x41b788;
														 *(_t845 - 4) = 0x28;
														E004030DF();
														 *(_t845 - 4) =  *(_t845 - 4) | 0xffffffff;
														E004030CF(_t845 - 0x30);
														_t486 = 0x80004005;
													} else {
														_t720 =  *((intOrPtr*)(_t845 + 0x14));
														goto L132;
													}
												} else {
													_t515 =  *( *((intOrPtr*)(_t826 + 0x20)) + 4 + _t514 * 8);
													_t720 =  *((intOrPtr*)(_t826 + 0x48));
													goto L132;
												}
												goto L161;
												L132:
												_t508 = E0040882F(_t845 - 0x8c, _t815, _t720 + _t515 * 8);
												 *(_t845 + 8) =  *(_t845 + 8) + 1;
												_t840 = _t840 + 1;
												 *(_t845 - 0x18) = _t840;
											} while ( *(_t845 + 8) < _t670);
										}
										goto L133;
									} else {
										_t726 =  *((intOrPtr*)(_t845 + 0x24));
										if(_t726 == _t669) {
											__eflags = _t504 - _t669;
											 *(_t845 - 4) = 5;
											if(_t504 != _t669) {
												 *((intOrPtr*)( *_t504 + 8))(_t504);
											}
											 *(_t845 - 4) = 0x1c;
											E004030CF(_t845 - 0xc8);
											 *(_t845 - 4) = 1;
											E0040A5F4(_t845 - 0x118);
											 *(_t845 - 4) =  *(_t845 - 4) & 0x00000000;
											DeleteCriticalSection(_t845 - 0x60);
											E004099E1(_t845 - 0x64);
											 *((intOrPtr*)(_t845 - 0x30)) = 0x41b788;
											 *(_t845 - 4) = 0x1d;
											_t834 = 0x80004005;
											goto L160;
										} else {
											 *(_t845 - 0x14) = _t669;
											_t815 = _t845 - 0x14;
											 *(_t845 - 4) = 0x1e;
											_t827 =  *((intOrPtr*)( *_t726 + 0xc))(_t726, _t845 - 0x14);
											if(_t827 != _t669) {
												__imp__#6( *(_t845 - 0x14));
												_t536 =  *(_t845 - 0x1c);
												 *(_t845 - 4) = 5;
												__eflags = _t536 - _t669;
												if(_t536 != _t669) {
													 *((intOrPtr*)( *_t536 + 8))(_t536);
												}
												 *(_t845 - 4) = 0x1f;
												E004030CF(_t845 - 0xc8);
												 *(_t845 - 4) = 1;
												E0040A5F4(_t845 - 0x118);
												 *(_t845 - 4) =  *(_t845 - 4) & 0x00000000;
												DeleteCriticalSection(_t845 - 0x60);
												E004099E1(_t845 - 0x64);
												 *((intOrPtr*)(_t845 - 0x30)) = 0x41b788;
												 *(_t845 - 4) = 0x20;
												_t834 = _t827;
												goto L160;
											} else {
												 *(_t845 - 0x44) = _t669;
												 *(_t845 - 0x40) = _t669;
												 *((intOrPtr*)(_t845 - 0x48)) = 0x41b964;
												 *(_t845 - 4) = 0x21;
												E0040190B(_t845 - 0x70,  *(_t845 - 0x14));
												 *(_t845 - 4) = 0x22;
												 *(_t845 + 8) =  *((intOrPtr*)(_t845 - 0x6c)) +  *((intOrPtr*)(_t845 - 0x6c));
												E0040668D(_t845 - 0x48,  *((intOrPtr*)(_t845 - 0x6c)) +  *((intOrPtr*)(_t845 - 0x6c)));
												_t546 = 0;
												if( *((intOrPtr*)(_t845 - 0x6c)) > _t669) {
													do {
														_t747 =  *((intOrPtr*)( *((intOrPtr*)(_t845 - 0x70)) + _t546 * 2));
														 *( *(_t845 - 0x40) + _t546 * 2) = _t747;
														_t815 = _t747;
														 *( *(_t845 - 0x40) + 1 + _t546 * 2) = _t747;
														_t546 = _t546 + 1;
													} while (_t546 <  *((intOrPtr*)(_t845 - 0x6c)));
												}
												_t547 =  *(_t845 - 0x1c);
												_t548 =  *((intOrPtr*)( *_t547 + 0xc))(_t547,  *(_t845 - 0x40),  *(_t845 + 8));
												_push( *((intOrPtr*)(_t845 - 0x70)));
												_t671 = _t548;
												if(_t671 != 0) {
													_t549 = E00402E39(_t548);
													 *((intOrPtr*)(_t845 - 0x48)) = 0x41b964;
													E00402E39(_t549,  *(_t845 - 0x40));
													__imp__#6( *(_t845 - 0x14));
													_t551 =  *(_t845 - 0x1c);
													 *(_t845 - 4) = 5;
													__eflags = _t551;
													if(_t551 != 0) {
														 *((intOrPtr*)( *_t551 + 8))(_t551);
													}
													 *(_t845 - 4) = 0x23;
													E004030CF(_t845 - 0xc8);
													 *(_t845 - 4) = 1;
													E0040A5F4(_t845 - 0x118);
													 *(_t845 - 4) =  *(_t845 - 4) & 0x00000000;
													DeleteCriticalSection(_t845 - 0x60);
													E004099E1(_t845 - 0x64);
													 *((intOrPtr*)(_t845 - 0x30)) = 0x41b788;
													 *(_t845 - 4) = 0x24;
													_t834 = _t671;
													L160:
													E004030DF();
													 *(_t845 - 4) =  *(_t845 - 4) | 0xffffffff;
													E004030CF(_t845 - 0x30);
													_t486 = _t834;
												} else {
													_t557 = E00402E39(_t548);
													 *((intOrPtr*)(_t845 - 0x48)) = 0x41b964;
													E00402E39(_t557,  *(_t845 - 0x40));
													__imp__#6( *(_t845 - 0x14));
													_t504 =  *(_t845 - 0x1c);
													_t669 = 0;
													goto L103;
												}
											}
										}
									}
								} else {
									_t750 =  *((intOrPtr*)(_t668 + 0x14));
									if(_t750 > 0xffffffff) {
										__eflags = _t501;
										 *(_t845 - 4) = 5;
										if(_t501 != 0) {
											 *((intOrPtr*)( *_t501 + 8))(_t501);
										}
										 *(_t845 - 4) = 0x17;
										E004030CF(_t845 - 0xc8);
										 *(_t845 - 4) = 1;
										E0040A5F4(_t845 - 0x118);
										 *(_t845 - 4) =  *(_t845 - 4) & 0x00000000;
										DeleteCriticalSection(_t845 - 0x60);
										E004099E1(_t845 - 0x64);
										 *((intOrPtr*)(_t845 - 0x30)) = 0x41b788;
										 *(_t845 - 4) = 0x18;
										_t672 = 0x80004001;
										goto L142;
									} else {
										if(_t750 <= 0) {
											goto L94;
										} else {
											_t815 =  *_t501;
											_t672 =  *((intOrPtr*)( *_t501 + 0xc))(_t501,  *((intOrPtr*)(_t668 + 0x18)), _t750);
											if(_t672 != 0) {
												_t568 =  *(_t845 + 8);
												 *(_t845 - 4) = 5;
												__eflags = _t568;
												if(_t568 != 0) {
													 *((intOrPtr*)( *_t568 + 8))(_t568);
												}
												 *(_t845 - 4) = 0x19;
												E004030CF(_t845 - 0xc8);
												 *(_t845 - 4) = 1;
												E0040A5F4(_t845 - 0x118);
												_t329 = _t845 - 4;
												 *_t329 =  *(_t845 - 4) & 0x00000000;
												__eflags =  *_t329;
												DeleteCriticalSection(_t845 - 0x60);
												E004099E1(_t845 - 0x64);
												 *((intOrPtr*)(_t845 - 0x30)) = 0x41b788;
												 *(_t845 - 4) = 0x1a;
												L142:
												E004030DF();
												 *(_t845 - 4) =  *(_t845 - 4) | 0xffffffff;
												E004030CF(_t845 - 0x30);
												_t486 = _t672;
											} else {
												_t501 =  *(_t845 + 8);
												goto L94;
											}
										}
									}
								}
								goto L161;
								L133:
								_t838 =  *(_t845 - 0x10);
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t845 - 0x38)) + 0x70)))) + 8))(_t838,  *((intOrPtr*)(_t845 - 0x80)),  *((intOrPtr*)(_t845 - 0x94)));
								 *(_t845 - 4) = 0x25;
								E004030CF(_t845 - 0xa0);
								 *(_t845 - 4) = 5;
								E004030CF(_t845 - 0x8c);
								_t839 = _t838 + 1;
								 *(_t845 - 0x10) = _t839;
							} while (_t839 <  *((intOrPtr*)(_t845 - 0x34)));
							_t821 =  *((intOrPtr*)(_t845 - 0x38));
							_t666 = 0;
							goto L153;
						}
					} else {
						goto L21;
					}
				}
				L161:
				 *[fs:0x0] =  *((intOrPtr*)(_t845 - 0xc));
				return _t486;
			}

0x0040c8d0
0x0040c8d5
0x0040c8e3
0x0040c8e8
0x0040c8eb
0x0040c8f0
0x0040c8fa
0x0040c8fd
0x0040c900
0x0040c903
0x0040c90f
0x0040c913
0x0040c91b
0x0040c923
0x0040c929
0x0040c930
0x0040c930
0x0040c932
0x0040c93a
0x0040c949
0x0040c949
0x0040c93c
0x0040c93c
0x0040c93f
0x0040c945
0x0040c945
0x0040c94d
0x0040c950
0x0040c955
0x0040c955
0x0040c95b
0x0040c95d
0x0040c963
0x0040c969
0x0040c96e
0x0040c974
0x0040c978
0x0040c97b
0x0040c983
0x0040c997
0x0040c997
0x0040c985
0x0040c985
0x0040c989
0x0040c98d
0x0040c993
0x0040c993
0x0040c99b
0x0040c99e
0x0040c9a3
0x0040c9a3
0x0040c9a6
0x0040c9ab
0x0040c9b2
0x0040c9bd
0x0040c9be
0x0040c9c3
0x0040c9c6
0x0040c9cc
0x0040c9d1
0x0040c9d1
0x0040c9d6
0x0040c9da
0x0040c9df
0x0040c9df
0x0040c9e2
0x0040c9eb
0x0040c9f1
0x00000000
0x00000000
0x0040c92e
0x0040c92e
0x0040c92e
0x0040c9f7
0x0040c9fa
0x0040c9fa
0x0040ca08
0x0040ca0b
0x0040ca16
0x0040ca1a
0x0040ca25
0x0040ca2b
0x0040ca33
0x0040ca54
0x0040ca57
0x0040ca5c
0x0040ca5f
0x0040ca64
0x0040ca69
0x0040ca6c
0x0040ca6c
0x0040ca72
0x0040ca74
0x0040ca79
0x0040ca7f
0x0040ca82
0x0040ca84
0x0040ca88
0x0040ca93
0x0040ca93
0x0040ca8a
0x0040ca8c
0x0040ca8c
0x0040ca98
0x0040ca9c
0x0040ca9f
0x0040caa4
0x0040caa9
0x0040cab0
0x0040cab0
0x0040caab
0x0040caab
0x0040caab
0x0040cab2
0x0040cab2
0x0040cab8
0x0040cac1
0x0040cac6
0x0040cac9
0x0040cd80
0x0040cd8a
0x0040cd8f
0x00000000
0x0040cacf
0x0040cacf
0x0040cad8
0x0040cae1
0x0040cae3
0x0040cae6
0x0040ccd6
0x0040ccdf
0x0040cce3
0x0040cce8
0x0040ccea
0x0040ccec
0x0040ccf1
0x0040ccf7
0x0040ccfa
0x0040ccfc
0x0040cd00
0x0040cd0b
0x0040cd0b
0x0040cd02
0x0040cd04
0x0040cd04
0x0040cd11
0x0040cd15
0x0040cd15
0x0040cd1a
0x0040cd1d
0x0040cd1f
0x0040d025
0x0040d029
0x0040d034
0x0040d038
0x0040d03d
0x0040d03d
0x0040d03d
0x0040d045
0x0040d04e
0x0040d053
0x0040d05a
0x00000000
0x0040cd25
0x0040cd25
0x0040cd2b
0x0040cd34
0x0040cd35
0x0040cd39
0x0040cd3e
0x0040cd41
0x0040cd45
0x0040cd47
0x0040cd4c
0x0040cd4c
0x0040cd4f
0x0040cd53
0x0040cd5b
0x0040cd5b
0x0040cd60
0x0040cd63
0x00000000
0x0040cd63
0x0040caf6
0x0040caf6
0x0040caf9
0x0040cb02
0x0040cb0d
0x0040cb0f
0x0040cb14
0x0040cb1a
0x0040cb1d
0x0040cb1f
0x0040cb23
0x0040cb2e
0x0040cb2e
0x0040cb25
0x0040cb27
0x0040cb27
0x0040cb34
0x0040cb38
0x0040cb38
0x0040cb4a
0x0040cb4c
0x0040cb51
0x0040cb57
0x0040cb5a
0x0040cb5c
0x0040cb60
0x0040cb6b
0x0040cb6b
0x0040cb62
0x0040cb64
0x0040cb64
0x0040cb71
0x0040cb75
0x0040cb75
0x0040cb87
0x0040cb89
0x0040cb90
0x0040cb93
0x0040cb98
0x0040cb9c
0x0040cbad
0x0040cbad
0x0040cb9e
0x0040cba0
0x0040cba5
0x0040cba5
0x0040cbb3
0x0040cbb7
0x0040cbbc
0x0040cbbc
0x0040cbcc
0x0040cbce
0x0040cbd0
0x0040cbd8
0x0040cbee
0x0040cbee
0x0040cbda
0x0040cbda
0x0040cbdd
0x0040cbe0
0x0040cbe3
0x0040cbe6
0x0040cbe6
0x0040cbf4
0x0040cbf4
0x0040cc06
0x0040cc08
0x0040cc0d
0x0040cc13
0x0040cc18
0x0040cc1c
0x0040cc27
0x0040cc27
0x0040cc1e
0x0040cc20
0x0040cc20
0x0040cc2d
0x0040cc31
0x0040cc31
0x0040cc39
0x0040cc3b
0x0040cc3d
0x0040cc43
0x0040cc48
0x0040cc4c
0x0040cc59
0x0040cc59
0x0040cc4e
0x0040cc55
0x0040cc55
0x0040cc5f
0x0040cc63
0x0040cc6b
0x0040cc6e
0x0040cc6e
0x0040cc73
0x0040cc78
0x0040cfb9
0x0040cfbc
0x0040cfc0
0x0040cfc2
0x0040cfc7
0x0040cfca
0x0040cfca
0x0040cfcd
0x0040cfcf
0x0040cfd3
0x0040cfd8
0x0040cfd8
0x0040cfe1
0x0040cfe5
0x0040cff0
0x0040cff4
0x0040cff9
0x0040d001
0x0040d00a
0x0040d00f
0x0040d016
0x0040d061
0x0040d064
0x0040d069
0x0040d070
0x0040d075
0x0040cc7e
0x0040cc7e
0x0040cc84
0x0040cc8d
0x0040cc8e
0x0040cc92
0x0040cc97
0x0040cc9a
0x0040cca0
0x0040cca5
0x0040cca5
0x0040ccac
0x0040ccb4
0x0040ccb4
0x0040ccb9
0x0040ccbc
0x0040ccc2
0x0040ccc7
0x0040ccc7
0x0040ccca
0x0040cccd
0x00000000
0x0040cccd
0x0040cc78
0x00000000
0x0040cd67
0x0040cd69
0x0040cd6e
0x0040cd6e
0x0040cd71
0x0040cd77
0x0040cd77
0x00000000
0x0040cacf
0x0040ca35
0x0040ca35
0x0040ca40
0x0040ca47
0x0040ca49
0x0040ca4b
0x0040ca4e
0x0040cd92
0x0040cd97
0x0040cd9d
0x0040cda0
0x0040cda3
0x0040cda6
0x0040d39b
0x0040d3b4
0x0040d3bd
0x0040d3c5
0x0040d3c5
0x0040d3ce
0x0040d417
0x0040d41c
0x0040d42f
0x0040d433
0x0040d438
0x0040d43a
0x0040d43d
0x0040d43f
0x0040d44d
0x0040d452
0x0040d453
0x0040d453
0x0040d43f
0x0040d461
0x0040d464
0x0040d481
0x0040d483
0x0040d487
0x0040d492
0x0040d496
0x0040d4a1
0x0040d4a5
0x0040d4aa
0x0040d4aa
0x0040d4aa
0x0040d4b1
0x0040d4b6
0x0040d4bd
0x0040d3d0
0x0040d3d6
0x0040d3da
0x0040d3e5
0x0040d3e9
0x0040d3ee
0x0040d3f5
0x0040d3fa
0x0040d401
0x0040d408
0x0040d408
0x00000000
0x0040cdac
0x0040cdac
0x0040cdaf
0x0040cdb5
0x0040cdbc
0x0040cdc5
0x0040cdd0
0x0040cdd3
0x0040cdd5
0x0040cde1
0x0040cde5
0x0040cde7
0x0040cdec
0x0040ce16
0x0040ce16
0x0040ce18
0x0040ce1e
0x0040ce23
0x0040ce23
0x0040ce26
0x0040ce29
0x0040ce37
0x0040ce3b
0x0040ce3d
0x0040ce42
0x0040cf01
0x0040cf03
0x0040cf07
0x0040cf0c
0x0040cf0c
0x0040cf0f
0x0040cf11
0x0040cf15
0x0040cf20
0x0040cf2a
0x0040cf38
0x0040cf3c
0x0040cf41
0x0040cf4e
0x0040cf52
0x0040cf5e
0x0040cf63
0x0040cf68
0x0040cf6a
0x0040cf7a
0x0040cf7f
0x0040cf82
0x0040cf82
0x0040cf6a
0x0040cf85
0x0040cf8b
0x0040cf91
0x0040cf94
0x0040cf94
0x0040cf97
0x0040cf9b
0x0040d083
0x0040d083
0x0040cfa1
0x0040cfa1
0x0040cfa4
0x0040cfac
0x0040cfad
0x0040cfb2
0x00000000
0x0040cfb4
0x00000000
0x0040cfb4
0x00000000
0x0040cfb2
0x0040d07f
0x0040d07f
0x0040d086
0x0040d088
0x0040d096
0x0040d099
0x0040d09b
0x0040d09d
0x0040d0b2
0x0040d0b2
0x0040d0b2
0x0040d09f
0x0040d09f
0x0040d0a2
0x0040d0a2
0x0040d0a4
0x00000000
0x00000000
0x0040d0aa
0x0040d0ab
0x0040d0ae
0x0040d0b0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040d0b0
0x0040d12c
0x0040d12c
0x0040d0b5
0x0040d0b5
0x0040d0b7
0x0040d32d
0x0040d331
0x0040d33c
0x0040d340
0x0040d34b
0x0040d34f
0x0040d35a
0x0040d35e
0x0040d363
0x0040d36a
0x0040d36f
0x0040d379
0x0040d380
0x0040d385
0x0040d38c
0x0040d391
0x0040d0bd
0x0040d0bd
0x00000000
0x0040d0bd
0x0040d08a
0x0040d08d
0x0040d091
0x00000000
0x0040d091
0x00000000
0x0040d0c0
0x0040d0ca
0x0040d0cf
0x0040d0d2
0x0040d0d6
0x0040d0d6
0x0040cf94
0x00000000
0x0040ce48
0x0040ce48
0x0040ce4d
0x0040d1f5
0x0040d1f7
0x0040d1fb
0x0040d200
0x0040d200
0x0040d209
0x0040d20d
0x0040d218
0x0040d21c
0x0040d221
0x0040d229
0x0040d232
0x0040d237
0x0040d23e
0x0040d245
0x00000000
0x0040ce53
0x0040ce53
0x0040ce58
0x0040ce5d
0x0040ce64
0x0040ce68
0x0040d252
0x0040d258
0x0040d25b
0x0040d25f
0x0040d261
0x0040d266
0x0040d266
0x0040d26f
0x0040d273
0x0040d27e
0x0040d282
0x0040d287
0x0040d28f
0x0040d298
0x0040d29d
0x0040d2a4
0x0040d2ab
0x00000000
0x0040ce6e
0x0040ce73
0x0040ce76
0x0040ce79
0x0040ce82
0x0040ce86
0x0040ce93
0x0040ce98
0x0040ce9b
0x0040cea0
0x0040cea5
0x0040cea7
0x0040cead
0x0040ceb1
0x0040ceb6
0x0040cebb
0x0040cebf
0x0040cec0
0x0040cea7
0x0040cec8
0x0040ced1
0x0040ced4
0x0040ced7
0x0040cedb
0x0040d2b2
0x0040d2ba
0x0040d2bd
0x0040d2c7
0x0040d2cd
0x0040d2d0
0x0040d2d4
0x0040d2d6
0x0040d2db
0x0040d2db
0x0040d2e4
0x0040d2e8
0x0040d2f3
0x0040d2f7
0x0040d2fc
0x0040d304
0x0040d30d
0x0040d312
0x0040d319
0x0040d320
0x0040d4c4
0x0040d4c7
0x0040d4cc
0x0040d4d3
0x0040d4d8
0x0040cee1
0x0040cee1
0x0040cee9
0x0040ceec
0x0040cef6
0x0040cefc
0x0040ceff
0x00000000
0x0040ceff
0x0040cedb
0x0040ce68
0x0040ce4d
0x0040cdee
0x0040cdee
0x0040cdf4
0x0040d130
0x0040d132
0x0040d136
0x0040d13b
0x0040d13b
0x0040d144
0x0040d148
0x0040d153
0x0040d157
0x0040d15c
0x0040d164
0x0040d16d
0x0040d172
0x0040d179
0x0040d180
0x00000000
0x0040cdfa
0x0040cdfc
0x00000000
0x0040cdfe
0x0040ce01
0x0040ce09
0x0040ce0d
0x0040d187
0x0040d18a
0x0040d18e
0x0040d190
0x0040d195
0x0040d195
0x0040d19e
0x0040d1a2
0x0040d1ad
0x0040d1b1
0x0040d1b6
0x0040d1b6
0x0040d1b6
0x0040d1be
0x0040d1c7
0x0040d1cc
0x0040d1d3
0x0040d1da
0x0040d1dd
0x0040d1e2
0x0040d1e9
0x0040d1ee
0x0040ce13
0x0040ce13
0x00000000
0x0040ce13
0x0040ce0d
0x0040cdfc
0x0040cdf4
0x00000000
0x0040d0df
0x0040d0e8
0x0040d0f4
0x0040d0fd
0x0040d101
0x0040d10c
0x0040d110
0x0040d115
0x0040d119
0x0040d119
0x0040d122
0x0040d125
0x00000000
0x0040d125
0x00000000
0x00000000
0x00000000
0x0040ca4e
0x0040d4da
0x0040d4e0
0x0040d4e8

APIs

__EH_prolog.LIBCMT ref: 0040C8D5
InitializeCriticalSection.KERNEL32(?,0041BBA8,00000000,?), ref: 0040C903

Part of subcall function 00402E12: malloc.MSVCRT ref: 00402E18
Part of subcall function 00402E12: _CxxThrowException.MSVCRT(?,0041C440), ref: 00402E32

SysFreeString.OLEAUT32(?), ref: 0040CEF6
DeleteCriticalSection.KERNEL32(?,?,004206C8,?,004206B8,?,00420698,?,00420688,?,00420678), ref: 0040D001
DeleteCriticalSection.KERNEL32(?,?,004206A8), ref: 0040D045
DeleteCriticalSection.KERNEL32(?), ref: 0040D164
DeleteCriticalSection.KERNEL32(?), ref: 0040D1BE
DeleteCriticalSection.KERNEL32(?,?,0041B250,?), ref: 0040D229
SysFreeString.OLEAUT32(?), ref: 0040D252
DeleteCriticalSection.KERNEL32(?,?,0041B250,?), ref: 0040D28F

Part of subcall function 0040668D: memmove.MSVCRT ref: 004066BA

SysFreeString.OLEAUT32(?), ref: 0040D2C7
DeleteCriticalSection.KERNEL32(?,?,0041B250,?), ref: 0040D304

Part of subcall function 0040A5F4: __EH_prolog.LIBCMT ref: 0040A5F9

Part of subcall function 0040DB1C: DeleteCriticalSection.KERNEL32(?,00000000,0040D4B6), ref: 0040DB23

Strings

-, xrefs: 0040D4BD

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: CriticalSection$Delete$FreeString$H_prolog$ExceptionInitializeThrowmallocmemmove
String ID: -
API String ID: 479663184-2547889144
Opcode ID: e91c205e4450d6adc337a297160ac3c1bb435901fad5177366636e86c8d92eb2
Instruction ID: 0196f8a96ebb18cfa360ae096be486a6267baf35d08476506b535b92fbe7a5db
Opcode Fuzzy Hash: e91c205e4450d6adc337a297160ac3c1bb435901fad5177366636e86c8d92eb2
Instruction Fuzzy Hash: DC82A170901249DFDB04DFA4C984AEEBBB4BF14308F1481AEE405B72D2DB789E49DB95

Uniqueness

Uniqueness Score: -1.00%

Function 00404771 Relevance: 6.1, APIs: 4, Instructions: 65
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E00404771(signed int* __ecx, void* __edx, void* __edi, void* __eflags) {
				signed int _t30;
				void* _t38;
				signed int _t39;
				signed int _t40;
				signed int _t45;
				signed int _t46;
				void* _t55;
				signed int* _t58;
				void* _t60;

				_t55 = __edx;
				E00417F20(E00418804, _t60);
				_t58 = __ecx;
				E0040474D(__ecx);
				if( *0x4207ec == 0) {
					E0040190B(_t60 - 0x18,  *(_t60 + 8));
					 *(_t60 - 4) =  *(_t60 - 4) & 0x00000000;
					_t30 = AreFileApisANSI();
					asm("sbb eax, eax");
					_push( ~_t30 + 1);
					_push(_t60 - 0x18);
					_push(_t60 - 0x24);
					 *_t58 = FindFirstFileA( *(E00402FED(__edi)), _t60 - 0x164);
					_t38 = E00402E39(_t37,  *((intOrPtr*)(_t60 - 0x24)));
					 *(_t60 - 4) =  *(_t60 - 4) | 0xffffffff;
					_t39 = E00402E39(_t38,  *((intOrPtr*)(_t60 - 0x18)));
					__eflags =  *_t58 - 0xffffffff;
					_t40 = _t39 & 0xffffff00 |  *_t58 != 0xffffffff;
					__eflags = _t40;
					_t58[1] = _t40;
					if(__eflags != 0) {
						_push( *((intOrPtr*)(_t60 + 0xc)));
						_push(_t60 - 0x164);
						E004048A8(_t55, __eflags);
					}
				} else {
					_t45 = FindFirstFileW( *(_t60 + 8), _t60 - 0x3b4); // executed
					 *_t58 = _t45;
					_t46 = _t45 & 0xffffff00 | _t45 != 0xffffffff;
					_t68 = _t46;
					_t58[1] = _t46;
					if(_t46 != 0) {
						E00404840(_t55, _t68, _t60 - 0x3b4,  *((intOrPtr*)(_t60 + 0xc)));
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t60 - 0xc));
				return _t58[1];
			}

0x00404771
0x00404776
0x00404782
0x00404784
0x00404790
0x004047c8
0x004047cd
0x004047d1
0x004047d9
0x004047dc
0x004047e0
0x004047e4
0x004047fd
0x004047ff
0x00404807
0x0040480b
0x00404810
0x00404815
0x00404818
0x0040481a
0x0040481d
0x0040481f
0x00404828
0x00404829
0x00404829
0x00404792
0x0040479c
0x004047a5
0x004047a7
0x004047aa
0x004047ac
0x004047af
0x004047bb
0x004047bb
0x004047af
0x00404835
0x0040483d

APIs

__EH_prolog.LIBCMT ref: 00404776
FindFirstFileW.KERNELBASE(?,?), ref: 0040479C
AreFileApisANSI.KERNEL32(?), ref: 004047D1
FindFirstFileA.KERNEL32(?,?,?,?,00000001), ref: 004047F4

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: File$FindFirst$ApisH_prolog
String ID:
API String ID: 2863654055-0
Opcode ID: 497c6fe4762c2e8e6f23bb27ea5864391d1fb815965b998b6300e2483c6e143a
Instruction ID: f07b215d453ed45f31f5ebf8d016a73a5cceb1a70f8308d7ed02373ad0302034
Opcode Fuzzy Hash: 497c6fe4762c2e8e6f23bb27ea5864391d1fb815965b998b6300e2483c6e143a
Instruction Fuzzy Hash: E821A476800249EFCF11AFA4CA059DE7BB9EF05319F00866EF5A5A31D1CB389A45CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00418136 Relevance: 16.6, APIs: 11, Instructions: 111
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 57%

			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				intOrPtr* _t23;
				intOrPtr* _t24;
				void* _t27;
				void _t29;
				intOrPtr _t36;
				signed int _t38;
				int _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t49;
				void* _t53;
				intOrPtr* _t56;
				intOrPtr _t59;
				intOrPtr _t62;

				_t53 = __edx;
				_push(0xffffffff);
				_push(0x41bde0);
				_push(0x41829a);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t59;
				_v28 = _t59 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x425d04 =  *0x425d04 | 0xffffffff;
				 *0x425d08 =  *0x425d08 | 0xffffffff;
				_t23 = __p__fmode();
				_t46 =  *0x420c74; // 0x0
				 *_t23 = _t46;
				_t24 = __p__commode();
				_t47 =  *0x420c70; // 0x0
				 *_t24 = _t47;
				 *0x425d00 = _adjust_fdiv;
				_t27 = E004182C4( *_adjust_fdiv);
				_t62 =  *0x4207e0; // 0x1
				if(_t62 == 0) {
					__setusermatherr(E004028AF);
				}
				E004182B2(_t27);
				_push(0x42002c);
				_push(0x420028);
				L004182AC();
				_t29 =  *0x420c6c; // 0x0
				_v112 = _t29;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x420c68,  &_v112);
				_push(0x420024);
				_push(0x420000); // executed
				L004182AC(); // executed
				_t56 =  *_acmdln;
				_v120 = _t56;
				if( *_t56 != 0x22) {
					while( *_t56 > 0x20) {
						_t56 = _t56 + 1;
						_v120 = _t56;
					}
				} else {
					do {
						_t56 = _t56 + 1;
						_v120 = _t56;
						_t42 =  *_t56;
					} while (_t42 != 0 && _t42 != 0x22);
					if( *_t56 == 0x22) {
						L6:
						_t56 = _t56 + 1;
						_v120 = _t56;
					}
				}
				_t36 =  *_t56;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_push(_t38);
				_push(_t56);
				_push(0);
				_push(GetModuleHandleA(0)); // executed
				_t40 = E00401000(_t53); // executed
				_v108 = _t40;
				exit(_t40); // executed
				_t41 = _v24;
				_t49 =  *((intOrPtr*)( *_t41));
				_v124 = _t49;
				_push(_t41);
				_push(_t49);
				L004182A6();
				return _t41;
			}

0x00418136
0x00418139
0x0041813b
0x00418140
0x0041814b
0x0041814c
0x00418159
0x0041815e
0x00418163
0x0041816a
0x00418171
0x00418178
0x0041817e
0x00418184
0x00418186
0x0041818c
0x00418192
0x0041819b
0x004181a0
0x004181a5
0x004181ab
0x004181b2
0x004181b8
0x004181b9
0x004181be
0x004181c3
0x004181c8
0x004181cd
0x004181d2
0x004181eb
0x004181f1
0x004181f6
0x004181fb
0x00418208
0x0041820a
0x00418210
0x0041824c
0x00418251
0x00418252
0x00418252
0x00418212
0x00418212
0x00418212
0x00418213
0x00418216
0x00418218
0x00418223
0x00418225
0x00418225
0x00418226
0x00418226
0x00418223
0x00418229
0x0041822d
0x00000000
0x00000000
0x00418233
0x0041823a
0x00418244
0x00418259
0x00418246
0x00418246
0x00418246
0x0041825a
0x0041825b
0x0041825c
0x00418264
0x00418265
0x0041826a
0x0041826e
0x00418274
0x00418279
0x0041827b
0x0041827e
0x0041827f
0x00418280
0x00418287

APIs

__set_app_type.MSVCRT ref: 00418163
__p__fmode.MSVCRT ref: 00418178
__p__commode.MSVCRT ref: 00418186
__setusermatherr.MSVCRT ref: 004181B2
_initterm.MSVCRT ref: 004181C8
__getmainargs.MSVCRT ref: 004181EB
_initterm.MSVCRT ref: 004181FB
GetStartupInfoA.KERNEL32(?), ref: 0041823A
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 0041825E
exit.KERNELBASE ref: 0041826E
_XcptFilter.MSVCRT ref: 00418280

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
String ID:
API String ID: 801014965-0
Opcode ID: 421bf12527551a72937c7380f543e488e63499fbc18369d04cd9f9f34bb4ab68
Instruction ID: 296b55fb8252cfb04be9632f5655a308a6e124b9b5a7fdfb412d6b92cf3ad6b3
Opcode Fuzzy Hash: 421bf12527551a72937c7380f543e488e63499fbc18369d04cd9f9f34bb4ab68
Instruction Fuzzy Hash: 2B4190B1A40718AFDB259FA5EC49AEA7BB8FB09310F20416FF45197291DB384881CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0040AE6B Relevance: 13.6, APIs: 9, Instructions: 118
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E0040AE6B(intOrPtr __ecx) {
				void* _t45;
				void* _t46;
				void* _t47;
				void* _t49;
				void* _t50;
				void* _t56;
				void* _t64;
				void* _t65;
				int _t67;
				signed int _t75;
				signed int* _t86;
				signed int* _t87;
				signed int _t88;
				signed int _t89;
				signed int* _t92;
				intOrPtr _t94;
				void* _t96;

				E00417F20(E00419607, _t96);
				_push(__ecx);
				_push(__ecx);
				_t94 = __ecx;
				 *((intOrPtr*)(_t96 - 0x14)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x41b79c;
				 *((intOrPtr*)(__ecx + 4)) = 0x41b790;
				 *(_t96 - 4) = 5;
				SetEvent( *(__ecx + 0xb8));
				_t45 =  *(_t94 + 0x98);
				if(_t45 != 0) {
					WaitForSingleObject(_t45, 0xffffffff);
				}
				 *(_t96 - 0x10) =  *(_t96 - 0x10) & 0x00000000;
				if( *((intOrPtr*)(_t94 + 0x8c)) <= 0) {
					L9:
					_t46 =  *(_t94 + 0xb8);
					if(_t46 != 0) {
						if(CloseHandle(_t46) != 0) {
							 *(_t94 + 0xb8) =  *(_t94 + 0xb8) & 0x00000000;
						}
					}
					_t47 =  *(_t94 + 0xb4);
					_t86 = _t94 + 0xb4;
					if(_t47 != 0 && CloseHandle(_t47) != 0) {
						 *_t86 =  *_t86 & 0x00000000;
					}
					E004030CF(_t94 + 0xa0);
					_t49 =  *(_t94 + 0x9c);
					_t87 = _t94 + 0x9c;
					if(_t49 != 0 && CloseHandle(_t49) != 0) {
						 *_t87 =  *_t87 & 0x00000000;
					}
					_t50 =  *(_t94 + 0x98);
					if(_t50 != 0 && CloseHandle(_t50) != 0) {
						 *(_t94 + 0x98) =  *(_t94 + 0x98) & 0x00000000;
					}
					 *(_t96 - 4) = 2;
					E004030CF(_t94 + 0x84);
					_t88 = _t94 + 0x70;
					 *(_t96 - 0x10) = _t88;
					 *_t88 = 0x41b7b8;
					 *(_t96 - 4) = 6;
					E004030DF();
					 *(_t96 - 4) = 1;
					E004030CF(_t88);
					_t89 = _t94 + 0x5c;
					 *(_t96 - 0x10) = _t89;
					 *_t89 = 0x41b7c0;
					 *(_t96 - 4) = 7;
					E004030DF();
					 *(_t96 - 4) =  *(_t96 - 4) & 0x00000000;
					E004030CF(_t89);
					 *(_t96 - 4) =  *(_t96 - 4) | 0xffffffff;
					_t56 = E0040A5F4(_t94 + 0xc);
					 *[fs:0x0] =  *((intOrPtr*)(_t96 - 0xc));
					return _t56;
				} else {
					goto L3;
				}
				do {
					L3:
					_t75 =  *(_t96 - 0x10) << 2;
					_t64 =  *( *((intOrPtr*)(_t94 + 0x90)) + _t75);
					if(_t64 != 0) {
						WaitForSingleObject(_t64, 0xffffffff);
					}
					_t92 =  *((intOrPtr*)(_t94 + 0x90)) + _t75;
					_t65 =  *_t92;
					if(_t65 != 0) {
						_t67 = FindCloseChangeNotification(_t65); // executed
						if(_t67 != 0) {
							 *_t92 =  *_t92 & 0x00000000;
						}
					}
					 *(_t96 - 0x10) =  *(_t96 - 0x10) + 1;
				} while ( *(_t96 - 0x10) <  *((intOrPtr*)(_t94 + 0x8c)));
				goto L9;
			}

0x0040ae70
0x0040ae75
0x0040ae76
0x0040ae79
0x0040ae7c
0x0040ae7f
0x0040ae85
0x0040ae92
0x0040ae99
0x0040ae9f
0x0040aea7
0x0040aeac
0x0040aeac
0x0040aeb2
0x0040aebd
0x0040af08
0x0040af08
0x0040af10
0x0040af1d
0x0040af1f
0x0040af1f
0x0040af1d
0x0040af2e
0x0040af34
0x0040af3c
0x0040af45
0x0040af45
0x0040af4e
0x0040af53
0x0040af59
0x0040af61
0x0040af6a
0x0040af6a
0x0040af6d
0x0040af75
0x0040af7e
0x0040af7e
0x0040af8b
0x0040af8f
0x0040af94
0x0040af97
0x0040af9a
0x0040afa2
0x0040afa6
0x0040afad
0x0040afb1
0x0040afb6
0x0040afb9
0x0040afbc
0x0040afc4
0x0040afc8
0x0040afcd
0x0040afd3
0x0040afd8
0x0040afdf
0x0040afea
0x0040aff2
0x00000000
0x00000000
0x00000000
0x0040aebf
0x0040aebf
0x0040aeca
0x0040aecf
0x0040aed3
0x0040aed8
0x0040aed8
0x0040aee4
0x0040aee6
0x0040aeea
0x0040aeed
0x0040aef5
0x0040aef7
0x0040aef7
0x0040aef5
0x0040aefa
0x0040af00
0x00000000

APIs

__EH_prolog.LIBCMT ref: 0040AE70
SetEvent.KERNEL32(?,?,?,?,?,?,0040ADDB), ref: 0040AE99
WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,0040ADDB), ref: 0040AEAC
WaitForSingleObject.KERNEL32(?,000000FF), ref: 0040AED8
FindCloseChangeNotification.KERNELBASE(?), ref: 0040AEED
CloseHandle.KERNEL32(?), ref: 0040AF19
CloseHandle.KERNEL32(?), ref: 0040AF3F
CloseHandle.KERNEL32(?), ref: 0040AF64
CloseHandle.KERNEL32(?), ref: 0040AF78

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: Close$Handle$ObjectSingleWait$ChangeEventFindH_prologNotification
String ID:
API String ID: 3060618342-0
Opcode ID: a8e431efe8320aee9521b838bdac6f326dd99197efa24b925a45b3913ca595f5
Instruction ID: d8bc1c252244e2b6ef2c95d408ceecea0870d91ef2e7257e9cddd0d074b441d4
Opcode Fuzzy Hash: a8e431efe8320aee9521b838bdac6f326dd99197efa24b925a45b3913ca595f5
Instruction Fuzzy Hash: CB416D706107068BDB20DF79C8447ABB7E9EF04355F14882E946AE32C1DB78E914CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00406852 Relevance: 9.6, APIs: 3, Strings: 2, Instructions: 896
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00406852() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t402;
				intOrPtr* _t403;
				char _t404;
				char _t405;
				char _t408;
				intOrPtr* _t412;
				intOrPtr* _t416;
				intOrPtr* _t422;
				intOrPtr _t424;
				intOrPtr* _t425;
				intOrPtr* _t426;
				void* _t435;
				void* _t440;
				void* _t441;
				signed int _t454;
				signed int _t463;
				char _t464;
				char _t465;
				char _t473;
				char _t475;
				char _t479;
				char _t482;
				void* _t489;
				char _t498;
				void* _t500;
				intOrPtr _t501;
				void* _t502;
				void* _t504;
				char _t507;
				void* _t522;
				void* _t524;
				char _t527;
				char _t542;
				void* _t554;
				void* _t556;
				char _t559;
				void* _t568;
				void* _t569;
				void* _t573;
				void* _t577;
				void* _t591;
				void* _t597;
				intOrPtr _t598;
				void* _t602;
				void* _t603;
				char _t630;
				char _t639;
				char _t641;
				intOrPtr _t734;
				char _t737;
				char _t739;
				char _t742;
				char _t743;
				intOrPtr* _t745;
				char _t746;
				intOrPtr* _t747;
				intOrPtr* _t748;
				intOrPtr* _t749;
				intOrPtr* _t750;
				char _t752;
				void* _t753;

				E00417F20(E00418BA7, _t753);
				_t742 =  *(_t753 + 8);
				_t639 = 0;
				 *( *(_t753 + 0x10)) = 0;
				_t402 =  *((intOrPtr*)(_t742 + 0x68));
				if(_t402 != 0) {
					 *((intOrPtr*)( *_t402 + 8))(_t402);
					 *((intOrPtr*)(_t742 + 0x68)) = 0;
				}
				 *(_t753 - 0x48) = _t639;
				_t403 =  *((intOrPtr*)(_t742 + 0xc));
				_t737 =  *(_t753 + 0xc);
				 *(_t753 - 4) = _t639;
				_t404 =  *((intOrPtr*)( *_t403 + 0x18))(_t403, _t737, 3, _t753 - 0x48);
				if(_t404 == _t639) {
					 *(_t753 - 0x54) = _t639;
					 *(_t753 - 0x50) = _t639;
					 *(_t753 - 0x4c) = _t639;
					_t405 = E00401CEB(_t753 - 0x54, 0xf);
					 *(_t753 - 4) = 1;
					if( *(_t753 - 0x48) != _t639) {
						if( *(_t753 - 0x48) != 8) {
							L12:
							_t743 = 0x80004005;
							L112:
							E00402E39(_t405,  *(_t753 - 0x54));
							L113:
							 *(_t753 - 4) =  *(_t753 - 4) | 0xffffffff;
							E00404E4C(_t753 - 0x48);
							_t408 = _t743;
							L136:
							 *[fs:0x0] =  *((intOrPtr*)(_t753 - 0xc));
							return _t408;
						}
						E004027B6(_t753 - 0x54,  *((intOrPtr*)(_t753 - 0x40)));
						L8:
						E00401975(_t742 + 0x2c, _t753 - 0x54);
						_t412 =  *((intOrPtr*)(_t742 + 0xc));
						 *(_t742 + 0x40) = _t639;
						_t405 =  *((intOrPtr*)( *_t412 + 0x18))(_t412, _t737, 0x1d, _t753 - 0x48);
						if(_t405 == _t639) {
							if( *(_t753 - 0x48) == _t639) {
								L14:
								if( *(_t753 + 0x14) != _t639) {
									_t413 =  *(_t753 + 0x10);
									 *( *(_t753 + 0x10)) = _t639;
									L135:
									E00402E39(_t413,  *(_t753 - 0x54));
									 *(_t753 - 4) =  *(_t753 - 4) | 0xffffffff;
									E00404E4C(_t753 - 0x48);
									_t408 = 0;
									goto L136;
								}
								if( *((intOrPtr*)(_t742 + 0x98)) == _t639) {
									_t416 =  *((intOrPtr*)(_t742 + 0xc));
									_t417 =  *((intOrPtr*)( *_t416 + 0x18))(_t416, _t737, 9, _t753 - 0x48);
									if(_t417 == _t639) {
										if( *(_t753 - 0x48) != _t639) {
											if( *(_t753 - 0x48) != 0x13) {
												_push(0x41c3e0);
												_push(_t753 + 0x10);
												 *(_t753 + 0x10) = "incorrect item";
												L00417F68();
											}
											 *(_t742 + 0x5d) = 1;
											 *((intOrPtr*)(_t742 + 0x60)) =  *((intOrPtr*)(_t753 - 0x40));
										} else {
											 *(_t742 + 0x5d) = _t639;
											 *((intOrPtr*)(_t742 + 0x60)) =  *((intOrPtr*)(_t742 + 0x94));
										}
										_t417 = E00408C56( *((intOrPtr*)(_t742 + 0xc)), _t737, _t742 + 0x5c);
										if(_t417 != _t639) {
											goto L23;
										} else {
											_t422 =  *((intOrPtr*)(_t742 + 0xc));
											_t417 =  *((intOrPtr*)( *_t422 + 0x18))(_t422, _t737, 0xc, _t753 - 0x48);
											if(_t417 != _t639) {
												goto L23;
											}
											_t417 =  *(_t753 - 0x48) & 0x0000ffff;
											if(_t417 == _t639) {
												 *((intOrPtr*)(_t742 + 0x54)) =  *((intOrPtr*)(_t742 + 0x8c));
												_t424 =  *((intOrPtr*)(_t742 + 0x90));
												L36:
												 *((intOrPtr*)(_t742 + 0x58)) = _t424;
												_t425 =  *((intOrPtr*)(_t742 + 0xc));
												_t734 = _t753 - 0x48;
												_t417 =  *((intOrPtr*)( *_t425 + 0x18))(_t425, _t737, 7, _t734);
												if(_t417 != _t639) {
													goto L23;
												}
												 *(_t753 + 0xf) =  *(_t753 - 0x48) != _t639;
												if( *(_t753 + 0xf) != _t639) {
													 *(_t753 - 0x88) = E00404FBF(_t753 - 0x48);
													 *((intOrPtr*)(_t753 - 0x84)) = _t734;
												}
												 *(_t753 + 0xb) = _t639;
												 *(_t753 - 0x64) = _t639;
												_t426 =  *((intOrPtr*)(_t742 + 0xc));
												_t735 = _t753 - 0x64;
												 *(_t753 - 4) = 2;
												_t739 =  *((intOrPtr*)( *_t426 + 0x18))(_t426, _t737, 0x15, _t753 - 0x64);
												if(_t739 == _t639) {
													if( *(_t753 - 0x64) == 0xb) {
														 *(_t753 + 0xb) =  *((intOrPtr*)(_t753 - 0x5c)) != _t639;
													}
													 *(_t753 - 4) = 1;
													E00404E4C(_t753 - 0x64);
													E00401CD0(_t753 - 0x20);
													 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
													 *(_t753 - 4) = 3;
													_push(_t753 - 0x20);
													_push(_t753 - 0x54);
													E00403299(_t735);
													if( *(_t753 - 0x18) != _t639) {
														 *(_t753 - 0x38) = _t639;
														 *(_t753 - 0x34) = _t639;
														 *(_t753 - 0x30) = _t639;
														E00401CEB(_t753 - 0x38, 0xf);
														 *(_t753 - 4) = 5;
														_t435 =  *((intOrPtr*)(_t742 + 0x24)) - _t639;
														if(_t435 == 0) {
															E00401975(_t753 - 0x38, _t753 - 0x54);
															L58:
															_push(_t753 - 0x38);
															_push(_t753 - 0x80); // executed
															_t440 = E00408A28(); // executed
															 *(_t753 - 4) = 9;
															_t441 = E00401975(_t753 - 0x38, _t440);
															 *(_t753 - 4) = 5;
															E00402E39(_t441,  *((intOrPtr*)(_t753 - 0x80)));
															if( *((intOrPtr*)(_t742 + 0x5c)) == _t639) {
																E004030E7(_t753 - 0x20);
															}
															_push(_t753 - 0x20);
															E00408B43(_t735);
															if( *(_t753 + 0xb) == _t639 &&  *(_t753 - 0x18) != _t639) {
																_push(_t753 - 0x20); // executed
																E004067EB(_t742, _t735); // executed
															}
															_push(_t753 - 0x38);
															_push(_t742 + 0x18);
															_push(_t753 - 0x2c);
															E00403BA6(_t735);
															 *(_t753 - 4) = 0xa;
															if( *((intOrPtr*)(_t742 + 0x5c)) == _t639) {
																if( *(_t742 + 0x40) != _t639) {
																	L103:
																	if( *(_t753 + 0xb) != _t639) {
																		L133:
																		E00402E39(E00402E39(E00401975(_t742 + 0x44, _t753 - 0x2c),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																		 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																		 *(_t753 - 4) = 0x2a;
																		L84:
																		E004030DF();
																		 *(_t753 - 4) = 1;
																		_t413 = E004030CF(_t753 - 0x20);
																		goto L135;
																	}
																	_push(0x14);
																	_t454 = E00402E12();
																	if(_t454 == _t639) {
																		 *(_t753 + 8) = _t639;
																		_t454 = _t639;
																	} else {
																		 *(_t454 + 4) = _t639;
																		 *(_t454 + 0xc) = _t639;
																		 *((intOrPtr*)(_t454 + 8)) = 0x41b574;
																		 *_t454 = 0x41b558;
																		 *(_t753 + 8) = _t454;
																	}
																	 *(_t742 + 0x64) = _t454;
																	 *(_t753 + 0x14) = _t454;
																	if(_t454 != _t639) {
																		_t482 =  *(_t753 + 8);
																		 *((intOrPtr*)( *_t482 + 4))(_t482);
																	}
																	asm("sbb eax, eax");
																	 *(_t753 - 4) = 0x25;
																	if(E00404C63( *((intOrPtr*)(_t753 - 0x2c)), ( ~( *(_t742 + 0x40)) & 0x00000002) + 2) != 0) {
																		if( *(_t742 + 0x40) == _t639) {
																			L132:
																			_t641 =  *(_t753 + 8);
																			E00405F8F(_t742 + 0x68, _t641);
																			 *(_t753 - 4) = 0xa;
																			 *( *(_t753 + 0x10)) = _t641;
																			goto L133;
																		}
																		_t463 =  *(_t742 + 0x64);
																		_t464 =  *((intOrPtr*)( *_t463 + 0x10))(_t463,  *((intOrPtr*)(_t742 + 0x38)),  *((intOrPtr*)(_t742 + 0x3c)), _t639, _t639);
																		 *(_t753 + 0xc) = _t464;
																		if(_t464 == _t639) {
																			goto L132;
																		}
																		_t465 =  *(_t753 + 8);
																		 *(_t753 - 4) = 0xa;
																		if(_t465 != _t639) {
																			_t465 =  *((intOrPtr*)( *_t465 + 8))(_t465);
																		}
																		E00402E39(E00402E39(_t465,  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																		 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																		_t639 =  *(_t753 + 0xc);
																		 *(_t753 - 4) = 0x29;
																	} else {
																		E004075B3(_t735);
																		_t745 =  *((intOrPtr*)(_t742 + 0x10));
																		 *(_t753 - 4) = 0x26;
																		_t473 =  *((intOrPtr*)( *_t745 + 0x1c))(_t745,  *((intOrPtr*)(_t753 - 0x80)), _t753 - 0x80, L"can not open output file ", _t753 - 0x2c);
																		_push( *((intOrPtr*)(_t753 - 0x80)));
																		_t746 = _t473;
																		if(_t746 == _t639) {
																			E00402E39(_t473);
																			_t475 =  *(_t753 + 8);
																			 *(_t753 - 4) = 0xa;
																			if(_t475 != _t639) {
																				_t475 =  *((intOrPtr*)( *_t475 + 8))(_t475);
																			}
																			E00402E39(E00402E39(_t475,  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																			 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																			 *(_t753 - 4) = 0x28;
																		} else {
																			E00402E39(_t473);
																			_t479 =  *(_t753 + 8);
																			 *(_t753 - 4) = 0xa;
																			if(_t479 != _t639) {
																				_t479 =  *((intOrPtr*)( *_t479 + 8))(_t479);
																			}
																			E00402E39(E00402E39(_t479,  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																			 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																			 *(_t753 - 4) = 0x27;
																			_t639 = _t746;
																		}
																	}
																	goto L130;
																}
																E0040279E(_t753 - 0x98);
																 *(_t753 - 4) = 0xc;
																_push(_t753 - 0xc8);
																_push( *((intOrPtr*)(_t753 - 0x2c)));
																_t486 = E0040497E(_t753 - 0x98, _t735, 0x41b320); // executed
																if(_t486 == 0) {
																	L102:
																	 *(_t753 - 4) = 0xa;
																	E00402E39(_t486,  *((intOrPtr*)(_t753 - 0x98)));
																	goto L103;
																}
																_t489 =  *((intOrPtr*)(_t742 + 0x28)) - _t639;
																if(_t489 == 0) {
																	_t735 = _t753 - 0x88;
																	asm("sbb eax, eax");
																	_t498 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t742 + 0x10)))) + 0x14))( *((intOrPtr*)(_t742 + 0x10)),  *((intOrPtr*)(_t753 - 0x2c)), _t753 - 0xb4, _t753 - 0xa8,  *(_t753 - 0x54), _t742 + 0x54,  ~( *(_t753 + 0xf)) & _t753 - 0x00000088, _t753 + 0x14);
																	 *(_t753 + 0xc) = _t498;
																	if(_t498 == _t639) {
																		_t500 =  *(_t753 + 0x14) - _t639;
																		if(_t500 == 0) {
																			L87:
																			_t501 =  *((intOrPtr*)(_t742 + 0x28));
																			if(_t501 != 3) {
																				if(_t501 != 4) {
																					if(E0040425E(0x41b320,  *((intOrPtr*)(_t753 - 0x2c))) != 0) {
																						goto L102;
																					}
																					_t502 = E0040190B(_t753 - 0x80,  *0x4202f8);
																					 *(_t753 - 4) = 0x20;
																					_t504 = E00403BA6(_t735);
																					 *(_t753 - 4) = 0x22;
																					E00402E39(_t504,  *((intOrPtr*)(_t753 - 0x80)));
																					_t747 =  *((intOrPtr*)(_t742 + 0x10));
																					_t507 =  *((intOrPtr*)( *_t747 + 0x1c))(_t747,  *((intOrPtr*)(_t753 - 0x60)), _t753 - 0x60, _t502, _t753 - 0x2c);
																					_push( *((intOrPtr*)(_t753 - 0x60)));
																					_t743 = _t507;
																					if(_t743 == _t639) {
																						E00402E39(E00402E39(E00402E39(E00402E39(_t507),  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																						 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																						 *(_t753 - 4) = 0x24;
																						L110:
																						_t743 = 0x80004004;
																						L111:
																						E004030DF();
																						 *(_t753 - 4) = 1;
																						_t405 = E004030CF(_t753 - 0x20);
																						goto L112;
																					}
																					E00402E39(E00402E39(E00402E39(E00402E39(_t507),  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																					 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																					 *(_t753 - 4) = 0x23;
																					goto L111;
																				}
																				E00401A6F(_t753 - 0x74, _t753 - 0x2c);
																				 *(_t753 - 4) = 0x17;
																				_push(_t753 - 0x74);
																				if(E00405A40() != 0) {
																					_push( *((intOrPtr*)(_t753 - 0x74)));
																					_push( *((intOrPtr*)(_t753 - 0x2c)));
																					if(E00403F59(0x41b320) != 0) {
																						_t486 = E00402E39(_t521,  *((intOrPtr*)(_t753 - 0x74)));
																						goto L102;
																					}
																					_t522 = E0040190B(_t753 - 0x80,  *0x4202f4);
																					 *(_t753 - 4) = 0x1b;
																					_t524 = E00403BA6(_t735);
																					 *(_t753 - 4) = 0x1d;
																					E00402E39(_t524,  *((intOrPtr*)(_t753 - 0x80)));
																					_t748 =  *((intOrPtr*)(_t742 + 0x10));
																					_t527 =  *((intOrPtr*)( *_t748 + 0x1c))(_t748,  *((intOrPtr*)(_t753 - 0x60)), _t753 - 0x60, _t522, _t753 - 0x2c);
																					_push( *((intOrPtr*)(_t753 - 0x60)));
																					_t743 = _t527;
																					if(_t743 == _t639) {
																						E00402E39(E00402E39(E00402E39(E00402E39(E00402E39(_t527),  *((intOrPtr*)(_t753 - 0x74))),  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																						 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																						 *(_t753 - 4) = 0x1f;
																						goto L110;
																					}
																					E00402E39(E00402E39(E00402E39(E00402E39(E00402E39(_t527),  *((intOrPtr*)(_t753 - 0x74))),  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																					 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																					 *(_t753 - 4) = 0x1e;
																					goto L111;
																				}
																				E004075B3(_t735);
																				_t749 =  *((intOrPtr*)(_t742 + 0x10));
																				 *(_t753 - 4) = 0x18;
																				_t542 =  *((intOrPtr*)( *_t749 + 0x1c))(_t749,  *((intOrPtr*)(_t753 - 0x60)), _t753 - 0x60,  *0x4202f0, _t753 - 0x2c);
																				_push( *((intOrPtr*)(_t753 - 0x60)));
																				_t743 = _t542;
																				if(_t743 == _t639) {
																					E00402E39(E00402E39(E00402E39(E00402E39(E00402E39(_t542),  *((intOrPtr*)(_t753 - 0x74))),  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																					 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																					 *(_t753 - 4) = 0x1a;
																					goto L110;
																				}
																				E00402E39(E00402E39(E00402E39(E00402E39(E00402E39(_t542),  *((intOrPtr*)(_t753 - 0x74))),  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																				 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																				 *(_t753 - 4) = 0x19;
																				goto L111;
																			}
																			_push(_t753 - 0x2c);
																			if(E00405A40() != 0) {
																				goto L102;
																			}
																			_t554 = E0040190B(_t753 - 0x80,  *0x4202f0);
																			 *(_t753 - 4) = 0x12;
																			_t556 = E00403BA6(_t735);
																			 *(_t753 - 4) = 0x14;
																			E00402E39(_t556,  *((intOrPtr*)(_t753 - 0x80)));
																			_t750 =  *((intOrPtr*)(_t742 + 0x10));
																			_t559 =  *((intOrPtr*)( *_t750 + 0x1c))(_t750,  *((intOrPtr*)(_t753 - 0x74)), _t753 - 0x74, _t554, _t753 - 0x2c);
																			_push( *((intOrPtr*)(_t753 - 0x74)));
																			_t743 = _t559;
																			if(_t743 == _t639) {
																				E00402E39(E00402E39(E00402E39(E00402E39(_t559),  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																				 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																				 *(_t753 - 4) = 0x16;
																				goto L110;
																			}
																			E00402E39(E00402E39(E00402E39(E00402E39(_t559),  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																			 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																			 *(_t753 - 4) = 0x15;
																			goto L111;
																		}
																		_t568 = _t500 - 1;
																		if(_t568 == 0) {
																			 *((intOrPtr*)(_t742 + 0x28)) = 1;
																			goto L87;
																		}
																		_t569 = _t568 - 1;
																		if(_t569 == 0) {
																			E00402E39(E00402E39(E00402E39(_t569,  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																			 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																			 *(_t753 - 4) = 0x10;
																			goto L130;
																		}
																		_t573 = _t569 - 1;
																		if(_t573 == 0) {
																			 *((intOrPtr*)(_t742 + 0x28)) = 2;
																			E00402E39(E00402E39(E00402E39(_t573,  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																			 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																			 *(_t753 - 4) = 0x11;
																			goto L84;
																		}
																		_t577 = _t573 - 1;
																		if(_t577 == 0) {
																			 *((intOrPtr*)(_t742 + 0x28)) = 3;
																			goto L87;
																		}
																		_t578 = _t577 != 1;
																		if(_t577 != 1) {
																			_t578 = _t753 - 0x68;
																			_push(0x41c1c0);
																			_push(_t753 - 0x68);
																			 *((intOrPtr*)(_t753 - 0x68)) = 0x4fbd;
																			L00417F68();
																		}
																		E00402E39(E00402E39(E00402E39(_t578,  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																		 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																		 *(_t753 - 4) = 0xf;
																		_t639 = 0x80004004;
																		goto L130;
																	}
																	E00402E39(E00402E39(E00402E39(_t498,  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																	 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																	_t639 =  *(_t753 + 0xc);
																	 *(_t753 - 4) = 0xe;
																	goto L130;
																}
																_t586 = _t489 != 0;
																if(_t489 != 0) {
																	goto L87;
																}
																E00402E39(E00402E39(E00402E39(_t586,  *((intOrPtr*)(_t753 - 0x98))),  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																 *(_t753 - 4) = 0xd;
																goto L84;
															} else {
																_t751 = _t742 + 0x44;
																_t591 = E00401975(_t742 + 0x44, _t753 - 0x2c);
																if( *(_t753 + 0xb) != _t639) {
																	_t591 = E00403F0F(0x41b320,  *_t751);
																}
																E00402E39(E00402E39(_t591,  *((intOrPtr*)(_t753 - 0x2c))),  *(_t753 - 0x38));
																 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																 *(_t753 - 4) = 0xb;
																goto L130;
															}
														}
														_t597 = _t435 - 1;
														if(_t597 == 0) {
															_t598 =  *((intOrPtr*)(_t742 + 0x74));
															 *((intOrPtr*)(_t753 - 0x68)) = _t598;
															if( *(_t753 - 0x18) > _t598) {
																 *(_t753 + 0x14) = _t639;
																if(_t598 <= _t639) {
																	L54:
																	E00401AA9(_t639, _t753 - 0x20, _t742, _t639,  *((intOrPtr*)(_t753 - 0x68)));
																	_push(_t753 - 0x20);
																	_push(_t753 - 0x60);
																	_t602 = E0040744C(_t735);
																	 *(_t753 - 4) = 8;
																	_t603 = E00401975(_t753 - 0x38, _t602);
																	 *(_t753 - 4) = 5;
																	E00402E39(_t603,  *((intOrPtr*)(_t753 - 0x60)));
																	goto L58;
																} else {
																	goto L52;
																}
																while(1) {
																	L52:
																	_t735 =  *(_t742 + 0x78);
																	if(E00402EF7( *((intOrPtr*)( *((intOrPtr*)( *(_t742 + 0x78) + ( *(_t753 + 0x14) << 2))))),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t753 - 0x14)) + ( *(_t753 + 0x14) << 2)))))) != _t639) {
																		break;
																	}
																	 *(_t753 + 0x14) =  *(_t753 + 0x14) + 1;
																	if( *(_t753 + 0x14) <  *((intOrPtr*)(_t753 - 0x68))) {
																		continue;
																	}
																	goto L54;
																}
																E00402E39(_t608,  *(_t753 - 0x38));
																 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
																 *(_t753 - 4) = 7;
																L56:
																E004030DF();
																 *(_t753 - 4) = 1;
																E00402E39(E004030CF(_t753 - 0x20),  *(_t753 - 0x54));
																 *(_t753 - 4) =  *(_t753 - 4) | 0xffffffff;
																E00404E4C(_t753 - 0x48);
																_t408 = 0x80004005;
																goto L136;
															}
															E00402E39(_t598,  *(_t753 - 0x38));
															 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
															 *(_t753 - 4) = 6;
															goto L56;
														}
														if(_t597 == 1) {
															E00401975(_t753 - 0x38,  *((intOrPtr*)( *((intOrPtr*)(_t753 - 0x14)) +  *(_t753 - 0x18) * 4 - 4)));
															E00401AA9(_t639, _t753 - 0x20, _t742, _t639,  *(_t753 - 0x18) - 1);
														}
														goto L58;
													} else {
														 *((intOrPtr*)(_t753 - 0x20)) = 0x41b320;
														 *(_t753 - 4) = 4;
														_t639 = 0x80004005;
														L130:
														E004030DF();
														 *(_t753 - 4) = 1;
														_t417 = E004030CF(_t753 - 0x20);
														L131:
														E00402E39(_t417,  *(_t753 - 0x54));
														 *(_t753 - 4) =  *(_t753 - 4) | 0xffffffff;
														E00404E4C(_t753 - 0x48);
														_t408 = _t639;
														goto L136;
													}
												} else {
													 *(_t753 - 4) = 1;
													E00402E39(E00404E4C(_t753 - 0x64),  *(_t753 - 0x54));
													 *(_t753 - 4) =  *(_t753 - 4) | 0xffffffff;
													E00404E4C(_t753 - 0x48);
													_t408 = _t739;
													goto L136;
												}
											}
											if(_t417 == 0x40) {
												 *((intOrPtr*)(_t742 + 0x54)) =  *((intOrPtr*)(_t753 - 0x40));
												_t424 =  *((intOrPtr*)(_t753 - 0x3c));
												goto L36;
											}
											_t639 = 0x80004005;
											goto L131;
										}
									}
									L23:
									_t639 = _t417;
									goto L131;
								}
								_push(8);
								_t630 = E00402E12();
								if(_t630 == _t639) {
									_t752 = 0;
								} else {
									 *(_t630 + 4) = _t639;
									 *_t630 = 0x41b57c;
									_t752 = _t630;
								}
								if(_t752 != _t639) {
									 *((intOrPtr*)( *_t752 + 4))(_t752);
								}
								_t417 =  *(_t753 + 0x10);
								 *( *(_t753 + 0x10)) = _t752;
								goto L131;
							}
							if( *(_t753 - 0x48) == 0x15) {
								 *(_t742 + 0x40) = 1;
								 *((intOrPtr*)(_t742 + 0x38)) =  *((intOrPtr*)(_t753 - 0x40));
								 *((intOrPtr*)(_t742 + 0x3c)) =  *((intOrPtr*)(_t753 - 0x3c));
								goto L14;
							}
							goto L12;
						}
						_t743 = _t405;
						goto L112;
					}
					E00401975(_t753 - 0x54, _t742 + 0x80);
					goto L8;
				}
				_t743 = _t404;
				goto L113;
			}

0x00406857
0x00406867
0x0040686a
0x0040686d
0x0040686f
0x00406874
0x00406879
0x0040687c
0x0040687c
0x0040687f
0x00406883
0x00406886
0x0040688c
0x00406896
0x0040689b
0x004068a9
0x004068ac
0x004068af
0x004068b2
0x004068bb
0x004068bf
0x004068d7
0x0040691b
0x0040691b
0x004071c6
0x004071c9
0x004071cf
0x004071cf
0x004071d6
0x004071db
0x00407384
0x0040738a
0x00407392
0x00407392
0x004068df
0x004068e4
0x004068eb
0x004068f0
0x004068f7
0x00406900
0x00406905
0x00406912
0x00406935
0x00406938
0x00407368
0x0040736b
0x0040736d
0x00407370
0x00407375
0x0040737d
0x00407382
0x00000000
0x00407382
0x00406944
0x00406975
0x00406982
0x00406987
0x00406994
0x004069a9
0x004069ae
0x004069b3
0x004069b4
0x004069bb
0x004069bb
0x004069c3
0x004069c7
0x00406996
0x0040699c
0x0040699f
0x0040699f
0x004069d3
0x004069da
0x00000000
0x004069dc
0x004069dc
0x004069e9
0x004069ee
0x00000000
0x00000000
0x004069f0
0x004069f6
0x00406a18
0x00406a1b
0x00406a21
0x00406a21
0x00406a24
0x00406a27
0x00406a31
0x00406a36
0x00000000
0x00000000
0x00406a40
0x00406a47
0x00406a52
0x00406a58
0x00406a58
0x00406a5e
0x00406a61
0x00406a65
0x00406a68
0x00406a72
0x00406a79
0x00406a7d
0x00406aac
0x00406ab2
0x00406ab2
0x00406ab9
0x00406abd
0x00406ac5
0x00406acf
0x00406ad5
0x00406ad9
0x00406add
0x00406ade
0x00406ae6
0x00406afe
0x00406b01
0x00406b04
0x00406b07
0x00406b0f
0x00406b13
0x00406b15
0x00406c17
0x00406c1c
0x00406c1f
0x00406c23
0x00406c24
0x00406c2d
0x00406c31
0x00406c39
0x00406c3d
0x00406c46
0x00406c4b
0x00406c4b
0x00406c53
0x00406c54
0x00406c5c
0x00406c68
0x00406c69
0x00406c69
0x00406c71
0x00406c75
0x00406c79
0x00406c7a
0x00406c82
0x00406c86
0x00406cc3
0x004070d5
0x004070d8
0x0040733e
0x00407355
0x0040735b
0x0040735f
0x00406e2e
0x00406e31
0x00406e39
0x00406e3d
0x00000000
0x00406e3d
0x004070de
0x004070e0
0x004070e8
0x004071e2
0x004071e5
0x004070ee
0x004070ee
0x004070f1
0x004070f4
0x004070fb
0x00407101
0x00407101
0x004071e9
0x004071ec
0x004071ef
0x004071f1
0x004071f7
0x004071f7
0x00407202
0x0040720a
0x0040721b
0x004072b5
0x00407329
0x00407329
0x00407330
0x00407338
0x0040733c
0x00000000
0x0040733c
0x004072b7
0x004072c5
0x004072ca
0x004072cd
0x00000000
0x00000000
0x004072cf
0x004072d2
0x004072d8
0x004072dd
0x004072dd
0x004072eb
0x004072f1
0x004072f5
0x004072f8
0x00407221
0x0040722e
0x00407233
0x00407239
0x00407240
0x00407243
0x00407246
0x0040724a
0x00407280
0x00407285
0x0040728b
0x0040728f
0x00407294
0x00407294
0x004072a2
0x004072a8
0x004072ac
0x0040724c
0x0040724c
0x00407251
0x00407257
0x0040725b
0x00407260
0x00407260
0x0040726e
0x00407274
0x00407278
0x0040727c
0x0040727c
0x0040724a
0x00000000
0x0040721b
0x00406ccf
0x00406cda
0x00406cde
0x00406cdf
0x00406ce2
0x00406ce9
0x004070c5
0x004070cb
0x004070cf
0x00000000
0x004070d4
0x00406cf2
0x00406cf4
0x00406d2b
0x00406d3c
0x00406d5c
0x00406d61
0x00406d64
0x00406d96
0x00406d98
0x00406e78
0x00406e78
0x00406e7e
0x00406f38
0x00407113
0x00000000
0x00000000
0x0040711e
0x00407126
0x00407130
0x00407138
0x0040713c
0x00407141
0x0040714b
0x0040714e
0x00407151
0x00407155
0x0040719e
0x004071a6
0x004071a9
0x004071ad
0x004071ad
0x004071b2
0x004071b5
0x004071bd
0x004071c1
0x00000000
0x004071c1
0x00407172
0x0040717a
0x0040717d
0x00000000
0x0040717d
0x00406f45
0x00406f4d
0x00406f51
0x00406f59
0x00406ff9
0x00406ffc
0x00407006
0x004070bf
0x00000000
0x004070c4
0x00407015
0x0040701d
0x00407027
0x0040702f
0x00407033
0x00407038
0x00407042
0x00407045
0x00407048
0x0040704c
0x004070a8
0x004070b0
0x004070b3
0x00000000
0x004070b3
0x00407071
0x00407079
0x0040707c
0x00000000
0x0040707c
0x00406f6d
0x00406f72
0x00406f78
0x00406f7f
0x00406f82
0x00406f85
0x00406f89
0x00406fe5
0x00406fed
0x00406ff0
0x00000000
0x00406ff0
0x00406fae
0x00406fb6
0x00406fb9
0x00000000
0x00406fb9
0x00406e87
0x00406e8f
0x00000000
0x00000000
0x00406e9e
0x00406ea6
0x00406eb0
0x00406eb8
0x00406ebc
0x00406ec1
0x00406ecb
0x00406ece
0x00406ed1
0x00406ed5
0x00406f21
0x00406f29
0x00406f2c
0x00000000
0x00406f2c
0x00406ef2
0x00406efa
0x00406efd
0x00000000
0x00406efd
0x00406d9e
0x00406d9f
0x00406e71
0x00000000
0x00406e71
0x00406da5
0x00406da6
0x00406e5d
0x00406e65
0x00406e68
0x00000000
0x00406e68
0x00406dac
0x00406dad
0x00406e08
0x00406e1f
0x00406e27
0x00406e2a
0x00000000
0x00406e2a
0x00406daf
0x00406db0
0x00406df9
0x00000000
0x00406df9
0x00406db2
0x00406db3
0x00406db5
0x00406db8
0x00406dbd
0x00406dbe
0x00406dc5
0x00406dc5
0x00406de0
0x00406de8
0x00406deb
0x00406def
0x00000000
0x00406def
0x00406d7c
0x00406d84
0x00406d87
0x00406d8a
0x00000000
0x00406d8a
0x00406cf7
0x00406cf8
0x00000000
0x00000000
0x00406d14
0x00406d1c
0x00406d1f
0x00000000
0x00406c88
0x00406c88
0x00406c91
0x00406c99
0x00406c9d
0x00406c9d
0x00406cad
0x00406cb3
0x00406cb7
0x00000000
0x00406cb7
0x00406c86
0x00406b1b
0x00406b1c
0x00406b4a
0x00406b50
0x00406b53
0x00406b69
0x00406b6c
0x00406b98
0x00406b9f
0x00406ba7
0x00406bab
0x00406bac
0x00406bb5
0x00406bb9
0x00406bc1
0x00406bc5
0x00000000
0x00000000
0x00000000
0x00000000
0x00406b6e
0x00406b6e
0x00406b74
0x00406b8b
0x00000000
0x00000000
0x00406b8d
0x00406b96
0x00000000
0x00000000
0x00000000
0x00406b96
0x00406bd0
0x00406bd6
0x00406bd9
0x00406bdd
0x00406be0
0x00406be8
0x00406bf4
0x00406bf9
0x00406c01
0x00406c06
0x00000000
0x00406c06
0x00406b58
0x00406b5e
0x00406b61
0x00000000
0x00406b61
0x00406b1f
0x00406b32
0x00406b40
0x00406b40
0x00000000
0x00406ae8
0x00406ae8
0x00406aeb
0x00406aef
0x004072fc
0x004072ff
0x00407307
0x0040730b
0x00407310
0x00407313
0x00407318
0x00407320
0x00407325
0x00000000
0x00407325
0x00406a7f
0x00406a82
0x00406a8e
0x00406a93
0x00406a9b
0x00406aa0
0x00000000
0x00406aa0
0x00406a7d
0x004069fb
0x00406a0a
0x00406a0d
0x00000000
0x00406a0d
0x004069fd
0x00000000
0x004069fd
0x004069da
0x00406989
0x00406989
0x00000000
0x00406989
0x00406946
0x00406948
0x00406950
0x0040695f
0x00406952
0x00406952
0x00406955
0x0040695b
0x0040695b
0x00406963
0x00406968
0x00406968
0x0040696b
0x0040696e
0x00000000
0x0040696e
0x00406919
0x00406928
0x0040692c
0x00406932
0x00000000
0x00406932
0x00000000
0x00406919
0x00406907
0x00000000
0x00406907
0x004068cb
0x00000000
0x004068cb
0x0040689d
0x00000000

APIs

__EH_prolog.LIBCMT ref: 00406857

Part of subcall function 00402E39: free.MSVCRT(00000000,00401D31,?,?,?,00000000,0040105A,0000000F,?,?,00000000), ref: 00402E3D

Strings

can not open output file , xrefs: 00407228
*, xrefs: 0040735F

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prologfree
String ID: *$can not open output file
API String ID: 1978129608-3400206703
Opcode ID: af5a9bd65865fecef656090565573ae75e392efefdf73bc4e7a3bf9b352950b8
Instruction ID: ce1575f11015aa8b1ada4e6e0b125104c70835fba2b28939b1544562dff147ed
Opcode Fuzzy Hash: af5a9bd65865fecef656090565573ae75e392efefdf73bc4e7a3bf9b352950b8
Instruction Fuzzy Hash: 19726C71804248EFCF11EFA5C9489DEBBB4AF14308F14407EE446B72D2DBB89A45DB69

Uniqueness

Uniqueness Score: -1.00%

Function 00412517 Relevance: 9.3, APIs: 6, Instructions: 261
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 64%

			E00412517(intOrPtr* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t117;
				intOrPtr* _t132;
				signed int _t134;
				signed int _t142;
				void* _t145;
				intOrPtr* _t147;
				signed int* _t151;
				signed int _t154;
				intOrPtr* _t158;
				intOrPtr* _t162;
				intOrPtr* _t165;
				intOrPtr* _t169;
				void* _t187;
				void* _t207;
				signed int _t210;
				intOrPtr* _t213;
				signed int _t215;
				void* _t216;

				E00417F20(E0041A1D0, _t216);
				_t210 =  *(_t216 + 8);
				_t213 = __ecx;
				E0040F67D(_t210);
				_t169 = _t210 + 0x78;
				 *((intOrPtr*)(_t210 + 0x80)) =  *((intOrPtr*)(_t213 + 0x20));
				 *((intOrPtr*)(_t210 + 0x84)) =  *((intOrPtr*)(_t213 + 0x24));
				_t117 = E0040FCB6(_t213, _t169, 1);
				if(_t117 == 0) {
					_t117 = E0040FCB6(_t213, _t210 + 0x79, 1);
					if(_t117 == 0) {
						if( *_t169 != _t117) {
							_t165 = E0040FC64(_t216 - 0x1c, _t117);
							_push(0x41eaf8);
							 *(_t216 + 0xc) =  *_t165;
							_push(_t216 + 0xc);
							L00417F68();
						}
						_push(_t216 - 0x18);
						_t117 = E0040FD05(_t213);
						if(_t117 == 0) {
							 *(_t216 + 8) =  *(_t216 + 8) | 0xffffffff;
							_push(_t216 - 0x38);
							_t117 = E0040FD3E(_t213, _t207);
							if(_t117 == 0) {
								E00402D20(_t216 + 8,  *((intOrPtr*)(_t216 - 0x38)),  *((intOrPtr*)(_t216 - 0x34)));
								_push(_t216 - 0x28);
								_t117 = E0040FD3E(_t213, _t207);
								if(_t117 == 0) {
									E00402D20(_t216 + 8,  *(_t216 - 0x28),  *(_t216 - 0x24));
									_push(_t216 - 0x10);
									_t117 = E0040FD05(_t213);
									if(_t117 == 0) {
										E00402CFD(_t216 + 8,  *((intOrPtr*)(_t216 - 0x10)));
										_t187 = _t213 + 0x28;
										 *((intOrPtr*)(_t210 + 0x88)) =  *((intOrPtr*)(_t213 + 0x28));
										 *((intOrPtr*)(_t210 + 0x8c)) =  *((intOrPtr*)(_t187 + 4));
										if( !( *(_t216 + 8)) !=  *((intOrPtr*)(_t216 - 0x18))) {
											_t187 = _t216 - 0x1c;
											_t162 = E0040FC64(_t187, 1);
											_push(0x41eaf8);
											 *(_t216 + 0xc) =  *_t162;
											_push(_t216 + 0xc);
											L00417F68();
										}
										if(( *(_t216 - 0x28) |  *(_t216 - 0x24)) != 0) {
											__eflags =  *(_t216 - 0x24);
											if( *(_t216 - 0x24) > 0) {
												L14:
												_t117 = 0x80004005;
											} else {
												__eflags =  *(_t216 - 0x28) - 0xffffffff;
												if( *(_t216 - 0x28) < 0xffffffff) {
													_t132 =  *_t213;
													_t208 =  *_t132;
													_t117 =  *((intOrPtr*)( *_t132 + 0x10))(_t132,  *((intOrPtr*)(_t216 - 0x38)),  *((intOrPtr*)(_t216 - 0x34)), 1, _t187);
													__eflags = _t117;
													if(_t117 == 0) {
														 *((intOrPtr*)(_t216 - 0x48)) = 0;
														 *((intOrPtr*)(_t216 - 0x44)) = 0;
														 *((intOrPtr*)(_t216 - 0x4c)) = 0x41b964;
														 *(_t216 - 4) =  *(_t216 - 4) & 0x00000000;
														E0040668D(_t216 - 0x4c,  *(_t216 - 0x28));
														_t134 = E0040FCB6(_t213,  *((intOrPtr*)(_t216 - 0x44)),  *(_t216 - 0x28));
														__eflags = _t134;
														 *(_t216 - 0x14) = _t134;
														if(_t134 == 0) {
															 *(_t216 - 0x14) =  *(_t216 - 0x14) | 0xffffffff;
															E00402D4A(_t216 - 0x14,  *((intOrPtr*)(_t216 - 0x44)),  *(_t216 - 0x28));
															__eflags =  !( *(_t216 - 0x14)) -  *((intOrPtr*)(_t216 - 0x10));
															if( !( *(_t216 - 0x14)) !=  *((intOrPtr*)(_t216 - 0x10))) {
																_t158 = E0040FC64(_t216 - 0x1c, 1);
																_push(0x41eaf8);
																 *(_t216 + 0xc) =  *_t158;
																_push(_t216 + 0xc);
																L00417F68();
															}
															_t65 = _t216 - 0x2c;
															 *_t65 =  *(_t216 - 0x2c) & 0x00000000;
															__eflags =  *_t65;
															 *(_t216 - 4) = 1;
															E0040FBDA(_t213, _t216 - 0x4c);
															E00401EBF(_t216 - 0x60, 4);
															 *((intOrPtr*)(_t216 - 0x60)) = 0x41bbe8;
															 *(_t216 - 4) = 2;
															while(1) {
																_push(_t216 - 0x40);
																_t142 = E0040FD81(_t213, _t208);
																__eflags = _t142;
																if(_t142 != 0) {
																	break;
																}
																__eflags =  *((intOrPtr*)(_t216 - 0x40)) - 1;
																if( *((intOrPtr*)(_t216 - 0x40)) != 1) {
																	L24:
																	__eflags =  *((intOrPtr*)(_t216 - 0x40)) - 0x17;
																	if( *((intOrPtr*)(_t216 - 0x40)) != 0x17) {
																		L32:
																		_t147 = E0040FC64(_t216 - 0x1c, 1);
																		_push(0x41eaf8);
																		 *(_t216 + 0xc) =  *_t147;
																		_t142 = _t216 + 0xc;
																		_push(_t142);
																		L00417F68();
																		goto L33;
																	} else {
																		__eflags =  *(_t216 - 0x3c);
																		if(__eflags != 0) {
																			goto L32;
																		} else {
																			_push( *(_t216 + 0xc));
																			_push(_t216 - 0x60);
																			_push(_t210 + 0x98);
																			_t142 = E00410F22(0x41bbe8, _t213, _t208, _t210, _t213, __eflags,  *((intOrPtr*)(_t210 + 0x88)),  *((intOrPtr*)(_t210 + 0x8c))); // executed
																			__eflags = _t142;
																			if(_t142 != 0) {
																				L33:
																				 *((intOrPtr*)(_t216 - 0x60)) = 0x41bbe8;
																				 *(_t216 - 4) = 4;
																				L31:
																				_t215 = _t142;
																			} else {
																				__eflags =  *((intOrPtr*)(_t216 - 0x58)) - _t142;
																				if( *((intOrPtr*)(_t216 - 0x58)) == _t142) {
																					 *((intOrPtr*)(_t216 - 0x60)) = 0x41bbe8;
																					 *(_t216 - 4) = 5;
																					_t215 = 0;
																				} else {
																					__eflags =  *((intOrPtr*)(_t216 - 0x58)) - 1;
																					if(__eflags > 0) {
																						_t151 = E0040FC64(_t216 - 0x20, 1);
																						_push(0x41eaf8);
																						 *(_t216 - 0x14) =  *_t151;
																						_push(_t216 - 0x14);
																						L00417F68();
																						goto L36;
																					} else {
																						E0040FB2C(_t216 - 0x30);
																						E0040FBDA(_t213,  *((intOrPtr*)( *((intOrPtr*)(_t216 - 0x54)))));
																						continue;
																					}
																				}
																			}
																		}
																	}
																} else {
																	__eflags =  *(_t216 - 0x3c) - _t142;
																	if(__eflags == 0) {
																		L36:
																		_push( *(_t216 + 0xc));
																		_push(_t210); // executed
																		_t154 = E0041142B(_t213, _t208, __eflags); // executed
																		_t215 = _t154;
																		 *((intOrPtr*)(_t216 - 0x60)) = 0x41bbe8;
																		 *(_t216 - 4) = 6;
																	} else {
																		goto L24;
																	}
																}
																E004030DF();
																 *(_t216 - 4) = 1;
																E004030CF(_t216 - 0x60);
																_t106 = _t216 - 4;
																 *_t106 =  *(_t216 - 4) & 0x00000000;
																__eflags =  *_t106;
																_t145 = E0040FB2C(_t216 - 0x30);
																 *((intOrPtr*)(_t216 - 0x4c)) = 0x41b964;
																E00402E39(_t145,  *((intOrPtr*)(_t216 - 0x44)));
																_t117 = _t215;
																goto L38;
															}
															 *((intOrPtr*)(_t216 - 0x60)) = 0x41bbe8;
															 *(_t216 - 4) = 3;
															goto L31;
														} else {
															 *((intOrPtr*)(_t216 - 0x4c)) = 0x41b964;
															E00402E39(_t134,  *((intOrPtr*)(_t216 - 0x44)));
															_t117 =  *(_t216 - 0x14);
														}
													}
												} else {
													goto L14;
												}
											}
										} else {
											_t117 = 0;
										}
									}
								}
							}
						}
					}
				}
				L38:
				 *[fs:0x0] =  *((intOrPtr*)(_t216 - 0xc));
				return _t117;
			}

0x0041251c
0x00412527
0x0041252a
0x0041252e
0x00412536
0x00412539
0x00412547
0x0041254d
0x00412554
0x00412562
0x00412569
0x00412571
0x00412577
0x0041257e
0x00412583
0x00412589
0x0041258a
0x0041258a
0x00412594
0x00412595
0x0041259e
0x004125a4
0x004125ab
0x004125ae
0x004125b5
0x004125c4
0x004125ce
0x004125cf
0x004125d6
0x004125e5
0x004125ef
0x004125f0
0x004125f7
0x00412603
0x0041260b
0x0041260e
0x00412617
0x00412625
0x00412629
0x0041262c
0x00412633
0x00412638
0x0041263e
0x0041263f
0x0041263f
0x0041264a
0x00412653
0x00412656
0x0041265e
0x0041265e
0x00412658
0x00412658
0x0041265c
0x00412668
0x00412670
0x00412676
0x00412679
0x0041267b
0x00412681
0x00412684
0x0041268c
0x00412692
0x00412699
0x004126a6
0x004126ab
0x004126ad
0x004126b0
0x004126cc
0x004126d6
0x004126e0
0x004126e2
0x004126e9
0x004126f0
0x004126f5
0x004126fb
0x004126fc
0x004126fc
0x00412701
0x00412701
0x00412701
0x0041270d
0x00412711
0x0041271b
0x00412725
0x00412728
0x0041272c
0x00412731
0x00412732
0x00412737
0x00412739
0x00000000
0x00000000
0x0041273b
0x0041273f
0x0041274a
0x0041274a
0x0041274e
0x004127a9
0x004127ae
0x004127b5
0x004127ba
0x004127bd
0x004127c0
0x004127c1
0x00000000
0x00412750
0x00412750
0x00412754
0x00000000
0x00412756
0x00412756
0x0041275e
0x00412765
0x00412772
0x00412777
0x00412779
0x004127c6
0x004127c6
0x004127c9
0x004127a5
0x004127a5
0x0041277b
0x0041277b
0x0041277e
0x004127cf
0x004127d2
0x004127d6
0x00412780
0x00412780
0x00412784
0x004127df
0x004127e6
0x004127eb
0x004127f1
0x004127f2
0x00000000
0x00412786
0x00412789
0x00412797
0x00000000
0x00412797
0x00412784
0x0041277e
0x00412779
0x00412754
0x00412741
0x00412741
0x00412744
0x004127f7
0x004127f7
0x004127fc
0x004127fd
0x00412802
0x00412804
0x00412807
0x00000000
0x00000000
0x00000000
0x00412744
0x0041280e
0x00412816
0x0041281a
0x0041281f
0x0041281f
0x0041281f
0x00412826
0x0041282e
0x00412835
0x0041283b
0x00000000
0x0041283b
0x0041279e
0x004127a1
0x00000000
0x004126b2
0x004126b5
0x004126b8
0x004126bd
0x004126c0
0x004126b0
0x00000000
0x00000000
0x00000000
0x0041265c
0x0041264c
0x0041264c
0x0041264c
0x0041264a
0x004125f7
0x004125d6
0x004125b5
0x0041259e
0x00412569
0x0041283d
0x00412843
0x0041284b

APIs

__EH_prolog.LIBCMT ref: 0041251C

Part of subcall function 0040FCB6: _CxxThrowException.MSVCRT(?,0041EAF8), ref: 0040FCEB

_CxxThrowException.MSVCRT(?,0041EAF8), ref: 0041258A
_CxxThrowException.MSVCRT(?,0041EAF8), ref: 0041263F
_CxxThrowException.MSVCRT(?,0041EAF8), ref: 004126FC
_CxxThrowException.MSVCRT(?,0041EAF8), ref: 004127C1

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ExceptionThrow$H_prolog
String ID:
API String ID: 206451386-0
Opcode ID: cc20de9f9ec00b95f15507edff99cff1649fadc3e6427e4a9a4f2f250351b5cc
Instruction ID: 62b53a06f1af85184b564f9dc70f8bbc562a2eb49f95a2c418fa034a70240661
Opcode Fuzzy Hash: cc20de9f9ec00b95f15507edff99cff1649fadc3e6427e4a9a4f2f250351b5cc
Instruction Fuzzy Hash: F6A17C70900219EBCF10EFA5C985ADEBBB5BF08314F10413AF415F7291DBB89A99CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 349
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 78%

			E00401000(void* __edx, intOrPtr _a4, signed int _a7) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				char _v56;
				signed int _v60;
				signed int _v64;
				char _v68;
				char _v80;
				char _v92;
				intOrPtr _v100;
				intOrPtr _v104;
				char _v112;
				char _v116;
				char _v136;
				char _v156;
				char _v168;
				char _v180;
				char _v196;
				char _v200;
				char _v204;
				char _v216;
				char _v228;
				char _v240;
				signed int _v248;
				char _v332;
				char _v344;
				signed int _v348;
				char _v351;
				char _v352;
				char _v428;
				struct _OSVERSIONINFOA _v576;
				void* __ebp;
				signed int _t158;
				signed int _t159;
				void* _t175;
				signed int _t176;
				signed int _t180;
				signed int _t181;
				char* _t187;
				void* _t188;
				char _t189;
				signed int _t201;
				signed int _t207;
				signed int _t214;
				void* _t218;
				signed int _t269;
				void* _t320;

				_t320 = __edx;
				 *0x4207e8 = _a4;
				_v44 = 0;
				_v576.dwOSVersionInfoSize = 0x94;
				_t158 = GetVersionExA( &_v576);
				if(_t158 != 0) {
					__eflags = _v576.dwPlatformId - 2;
					_t7 = _v576.dwPlatformId == 2;
					__eflags = _t7;
					_t159 = _t158 & 0xffffff00 | _t7;
				} else {
					_t159 = 0;
				}
				 *0x4207ec = _t159;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				E00401CEB( &_v28, 0xf);
				_a7 = 0;
				_v5 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				E00401CEB( &_v56, 0xf);
				E00401CD0( &_v112);
				_v112 = 0x41b320;
				E0040190B( &_v92, GetCommandLineW());
				_push( &_v112);
				_push( &_v92);
				E00402E39(E00402B20(_t320), _v92);
				_push(1);
				_pop(0);
				_v12 = 0;
				if(_v104 <= 0) {
					L12:
					_v68 = 0;
					_v64 = 0;
					_v60 = 0;
					E00401CEB( &_v68, 0xf);
					_push( &_v68);
					_push( *0x4207e8);
					E00403C46();
					_v40 = 0;
					_v36 = 0;
					_v32 = 0;
					E00401CEB( &_v40, 0xf);
					_push( &_v116);
					_push( &_v40);
					_push(_v68);
					_t175 = E0040432F(); // executed
					if(_t175 != 0) {
						_t176 = E00401621( &_v204);
						__eflags = _v24;
						_v200 = _t176 & 0xffffff00 | _v24 != 0x00000000;
						E00401975( &_v196,  &_v28);
						_push(0xd8);
						_t180 = E00402E12();
						__eflags = _t180;
						if(_t180 == 0) {
							_v12 = 0;
						} else {
							_v12 = E00401650(_t180);
						}
						_t181 = _v12;
						__eflags = _t181;
						if(_t181 != 0) {
							 *((intOrPtr*)( *_t181 + 4))(_t181);
						}
						_t269 = _v12;
						E00409B6C(_t269);
						__eflags = _v24;
						 *((char*)(_v12 + 0xc4)) = _t269 & 0xffffff00 | _v24 != 0x00000000;
						E00401975(_v12 + 0xc8,  &_v28);
						E004015A1( &_v352);
						__eflags = _v5;
						if(_v5 == 0) {
							_v44 = 0;
							_t187 = E004019D4( &_v40,  &_v168, _v116);
						} else {
							_t187 =  &_v56;
						}
						_t188 = E00401975( &_v344, _t187);
						__eflags = _v44 & 0x00000001;
						if((_v44 & 0x00000001) != 0) {
							E00402E39(_t188, _v168);
						}
						_t189 = _a7;
						__eflags = _t189;
						_v332 = _t189;
						_v248 = 0 | _t189 != 0x00000000;
						_v348 = 0;
						_v351 = 0;
						E00401CD0( &_v136);
						_v136 = 0x41b320;
						E00401CD0( &_v156);
						_push( &_v40);
						_v156 = 0x41b320;
						E00401A28( &_v136, _t320);
						_push( &_v40);
						E00401A28( &_v156, _t320);
						E004014B6( &_v428);
						E0040190B( &_v80, "*");
						_push(0);
						_push(0);
						_push(0);
						_push( &_v80);
						_push(0);
						E00402E39(E0040367E( &_v428, _t320), _v80);
						__eflags = _a7;
						_push(_v12);
						_t201 =  &_v204;
						_push(_t201);
						_push(_t201 & 0xffffff00 | __eflags == 0x00000000);
						_push( &_v352);
						_push( &_v428);
						_push( &_v156);
						_push( &_v136); // executed
						_t207 = E00402329(__eflags); // executed
						__eflags = _t207;
						if(_t207 != 0) {
							__eflags = _t207;
							if(_t207 != 0) {
								__eflags = _t207 - 0x80004004;
								if(_t207 != 0x80004004) {
									E004175CA(0, _t207);
								}
							}
						} else {
							E004175B2(0, L"Archive is not supported");
						}
						E0040150E( &_v428);
						_v156 = 0x41b320;
						E004030DF();
						E004030CF( &_v156);
						_v136 = 0x41b320;
						E004030DF();
						E004030CF( &_v136);
						E004018EB( &_v352);
						_t214 = _v12;
						__eflags = _t214;
						if(_t214 != 0) {
							_t214 =  *((intOrPtr*)( *_t214 + 8))(_t214);
						}
						E00402E39(E00402E39(E00402E39(_t214, _v196), _v40), _v68);
						_t218 = E004019F0( &_v112);
						__eflags = 0;
					} else {
						E00402E39(E00402E39(E004175B2(0, L"Error 1329484"), _v40), _v68);
						_v112 = 0x41b320;
						E004030DF();
						_t218 = E004030CF( &_v112);
					}
					E00402E39(E00402E39(_t218, _v56), _v28);
					return 0;
				} else {
					do {
						_t324 =  *((intOrPtr*)(_v100 + _v12 * 4));
						E0040190B( &_v92, L"-y");
						_v16 = E00402EF7( *((intOrPtr*)( *((intOrPtr*)(_v100 + _v12 * 4)))), _v92);
						E00402E39(_t233, _v92);
						if(_v16 != 0) {
							E0040190B( &_v180, L"-o");
							_v16 = E00402EF7( *((intOrPtr*)(E004019D4(_t324,  &_v240, 2))), _v180);
							E00402E39(E00402E39(_t238, _v240), _v180);
							__eflags = _v16;
							if(_v16 != 0) {
								E0040190B( &_v80, L"-p");
								_v16 = E00402EF7( *((intOrPtr*)(E004019D4(_t324,  &_v216, 2))), _v80);
								E00402E39(E00402E39(_t244, _v216), _v80);
								__eflags = _v16;
								if(_v16 == 0) {
									E00402E39(E00401975( &_v28, E004019B3(_t324,  &_v168, 2)), _v168);
								}
							} else {
								E00402E39(E00401975( &_v56, E004019B3(_t324,  &_v228, 2)), _v228);
								E00404D2E( &_v56);
								__eflags = _v52;
								_v5 = _v52 != 0;
							}
						} else {
							_a7 = 1;
						}
						_v12 = _v12 + 1;
					} while (_v12 < _v104);
					_push(1);
					_pop(0);
					goto L12;
				}
			}

0x00401000
0x0040100d
0x0040101d
0x00401020
0x0040102a
0x00401032
0x00401038
0x0040103f
0x0040103f
0x0040103f
0x00401034
0x00401034
0x00401034
0x00401047
0x0040104c
0x0040104f
0x00401052
0x00401055
0x0040105f
0x00401062
0x00401065
0x00401068
0x0040106b
0x0040106e
0x00401076
0x00401080
0x0040108d
0x00401095
0x00401099
0x004010a2
0x004010a8
0x004010aa
0x004010ae
0x004010b1
0x004011f0
0x004011f5
0x004011f8
0x004011fb
0x004011fe
0x00401206
0x00401207
0x0040120d
0x00401217
0x0040121a
0x0040121d
0x00401220
0x00401228
0x0040122c
0x0040122d
0x00401230
0x00401237
0x00401274
0x00401279
0x00401285
0x0040128f
0x00401294
0x00401299
0x0040129e
0x004012a1
0x004012af
0x004012a3
0x004012aa
0x004012aa
0x004012b2
0x004012b5
0x004012b7
0x004012bc
0x004012bc
0x004012bf
0x004012c2
0x004012c7
0x004012d0
0x004012e0
0x004012eb
0x004012f0
0x004012f3
0x00401306
0x0040130a
0x004012f5
0x004012f5
0x004012f5
0x00401316
0x0040131b
0x0040131f
0x00401327
0x0040132c
0x0040132d
0x00401332
0x00401334
0x0040133d
0x00401349
0x0040134f
0x00401355
0x00401360
0x00401366
0x00401374
0x00401375
0x0040137b
0x00401389
0x0040138a
0x00401395
0x004013a2
0x004013a7
0x004013a8
0x004013ac
0x004013ad
0x004013ae
0x004013bd
0x004013c2
0x004013c6
0x004013c9
0x004013cf
0x004013d3
0x004013da
0x004013e1
0x004013e8
0x004013ef
0x004013f0
0x004013f5
0x004013f7
0x00401406
0x00401408
0x0040140a
0x0040140f
0x00401413
0x00401413
0x0040140f
0x004013f9
0x004013ff
0x004013ff
0x0040141e
0x00401429
0x0040142f
0x0040143a
0x00401445
0x0040144b
0x00401456
0x00401461
0x00401466
0x00401469
0x0040146b
0x00401470
0x00401470
0x00401489
0x00401494
0x00401499
0x00401239
0x0040124f
0x00401255
0x0040125c
0x00401264
0x00401264
0x004014a6
0x004014b3
0x004010b7
0x004010b7
0x004010c2
0x004010c8
0x004010da
0x004010dd
0x004010e6
0x004010fc
0x00401124
0x00401132
0x00401137
0x0040113c
0x0040117d
0x004011a2
0x004011ad
0x004011b2
0x004011b7
0x004011d8
0x004011dd
0x0040113e
0x0040115d
0x00401167
0x0040116c
0x0040116f
0x0040116f
0x004010e8
0x004010e8
0x004010e8
0x004011de
0x004011e4
0x004011ed
0x004011ef
0x00000000
0x004011ef

APIs

GetVersionExA.KERNEL32(?,?,?,00000000), ref: 0040102A
GetCommandLineW.KERNEL32(0000000F,0000000F,?,?,00000000), ref: 00401083

Part of subcall function 00402E39: free.MSVCRT(00000000,00401D31,?,?,?,00000000,0040105A,0000000F,?,?,00000000), ref: 00402E3D

Part of subcall function 00401A28: __EH_prolog.LIBCMT ref: 00401A2D

Part of subcall function 0040367E: __EH_prolog.LIBCMT ref: 00403683

Part of subcall function 00402329: __EH_prolog.LIBCMT ref: 0040232E

Part of subcall function 004175B2: MessageBoxW.USER32(?,?,7-Zip,00000000), ref: 004175C1

Strings

Error 1329484, xrefs: 00401239
Archive is not supported, xrefs: 004013F9

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$CommandLineMessageVersionfree
String ID: Archive is not supported$Error 1329484
API String ID: 220176176-1134734249
Opcode ID: 05eba9540727d049ddce393f76457e4b31771fa326391907188ab1634e26420e
Instruction ID: 566234561cdbce61c8c7d524956091074afec70ba444695f29d652c16cc2941a
Opcode Fuzzy Hash: 05eba9540727d049ddce393f76457e4b31771fa326391907188ab1634e26420e
Instruction Fuzzy Hash: DBD17D71D01218AACF11EFA1DC95AEEBBB5AF04304F5040BFE109B61E2DB785A85CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0041142B Relevance: 6.3, APIs: 2, Strings: 1, Instructions: 1002
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 88%

			E0041142B(signed int __ecx, char __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t605;
				signed int* _t613;
				signed int _t617;
				signed int _t625;
				intOrPtr _t645;
				signed int _t647;
				signed int _t655;
				signed int _t657;
				signed int _t666;
				signed int _t675;
				signed int _t684;
				intOrPtr _t696;
				signed int _t698;
				signed int _t709;
				signed int _t718;
				intOrPtr _t729;
				signed int _t731;
				signed int _t741;
				signed int _t750;
				signed int _t759;
				signed int _t761;
				void* _t768;
				signed int _t774;
				signed int _t776;
				signed int _t785;
				void* _t797;
				signed int _t820;
				signed int _t823;
				signed int _t831;
				signed int _t837;
				signed int _t863;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int* _t877;
				signed int _t879;
				signed int _t923;
				void* _t925;
				signed int _t954;
				void* _t974;
				intOrPtr _t988;
				signed int _t1051;
				signed int _t1065;
				signed int _t1067;
				signed int _t1070;
				void* _t1071;

				_t1049 = __edx;
				E00417F20(E0041A18C, _t1071);
				_t1067 = __ecx;
				_push(_t1071 - 0x30);
				 *(_t1071 - 0x10) = __ecx;
				_t605 = E0040FD81(__ecx, __edx);
				_t837 = 0;
				if(_t605 != 0) {
					L112:
					 *[fs:0x0] =  *((intOrPtr*)(_t1071 - 0xc));
					return _t605;
				}
				_t1065 =  *(_t1071 + 8);
				if( *(_t1071 - 0x30) != 2) {
					L5:
					E00401CD0(_t1071 - 0x28);
					 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
					 *(_t1071 - 4) = _t837;
					if( *(_t1071 - 0x30) != 3) {
						L12:
						E00401EBF(_t1071 - 0x6c, 8);
						 *((intOrPtr*)(_t1071 - 0x6c)) = 0x41b758;
						E00401EBF(_t1071 - 0x58, 1);
						 *((intOrPtr*)(_t1071 - 0x58)) = 0x41bb18;
						E00401EBF(_t1071 - 0x44, 4);
						 *((intOrPtr*)(_t1071 - 0x44)) = 0x41b600;
						__eflags =  *(_t1071 - 0x30) - 4;
						 *(_t1071 - 4) = 5;
						if( *(_t1071 - 0x30) != 4) {
							L18:
							__eflags =  *((intOrPtr*)(_t1065 + 0x44)) - _t837;
							 *(_t1071 + 8) = _t837;
							if( *((intOrPtr*)(_t1065 + 0x44)) <= _t837) {
								L20:
								E004030DF();
								__eflags =  *(_t1071 - 0x30) |  *(_t1071 - 0x2c);
								if(( *(_t1071 - 0x30) |  *(_t1071 - 0x2c)) != 0) {
									__eflags =  *(_t1071 - 0x30) - 5;
									if(__eflags != 0) {
										L24:
										_t613 = E0040FC64(_t1071 + 0xc, 1);
										_push(0x41eaf8);
										 *(_t1071 + 8) =  *_t613;
										_push(_t1071 + 8);
										L00417F68();
										L25:
										_t617 = E0040FE03( *(_t1071 - 0x10), __eflags, _t1071 - 0x14);
										__eflags = _t617 - _t837;
										 *(_t1071 + 8) = _t617;
										if(_t617 == _t837) {
											E00403138(_t1065 + 0x64,  *((intOrPtr*)(_t1071 - 0x14)));
											__eflags =  *((intOrPtr*)(_t1071 - 0x14)) - _t837;
											 *(_t1071 + 8) = _t837;
											if( *((intOrPtr*)(_t1071 - 0x14)) <= _t837) {
												L30:
												E0040A74D(_t1065 + 0xa0, _t1049, 9, _t837);
												__eflags =  *((intOrPtr*)(_t1065 + 8)) - _t837;
												if( *((intOrPtr*)(_t1065 + 8)) != _t837) {
													E0040A74D(_t1065 + 0xa0, _t1049, 6, _t837);
												}
												__eflags =  *((intOrPtr*)(_t1071 - 0x14)) - _t837;
												if( *((intOrPtr*)(_t1071 - 0x14)) > _t837) {
													__eflags =  *((intOrPtr*)(_t1071 - 0x3c)) - _t837;
													if( *((intOrPtr*)(_t1071 - 0x3c)) != _t837) {
														E0040A74D(_t1065 + 0xa0, _t1049, 0xa, _t837);
													}
												}
												E00401EBF(_t1071 - 0x80, 1);
												 *((intOrPtr*)(_t1071 - 0x80)) = 0x41bb18;
												 *(_t1071 - 4) = 0xb;
												E00403138(_t1071 - 0x80,  *((intOrPtr*)(_t1071 - 0x14)));
												__eflags =  *((intOrPtr*)(_t1071 - 0x14)) - _t837;
												 *(_t1071 + 8) = _t837;
												if( *((intOrPtr*)(_t1071 - 0x14)) <= _t837) {
													L37:
													E00401EBF(_t1071 - 0x94, 1);
													 *((intOrPtr*)(_t1071 - 0x94)) = 0x41bb18;
													E00401EBF(_t1071 - 0xa8, 1);
													 *((intOrPtr*)(_t1071 - 0xa8)) = 0x41bb18;
													 *(_t1071 - 4) = 0xd;
													 *(_t1071 + 0xc) = _t837;
													while(1) {
														_push(_t1071 - 0xb0);
														_t625 = E0040FD81( *(_t1071 - 0x10), _t1049);
														__eflags = _t625 - _t837;
														 *(_t1071 + 8) = _t625;
														if(_t625 != _t837) {
															break;
														}
														__eflags =  *(_t1071 - 0xb0) |  *(_t1071 - 0xac);
														if(( *(_t1071 - 0xb0) |  *(_t1071 - 0xac)) == 0) {
															_t863 = 0;
															__eflags =  *((intOrPtr*)(_t1071 - 0x14)) - _t837;
															 *(_t1071 - 0x10) = _t837;
															 *(_t1071 + 0xc) = _t837;
															 *(_t1071 + 8) = 0;
															if( *((intOrPtr*)(_t1071 - 0x14)) <= _t837) {
																L111:
																 *(_t1071 - 4) = 0xc;
																E004030CF(_t1071 - 0xa8);
																 *(_t1071 - 4) = 0xb;
																E004030CF(_t1071 - 0x94);
																 *(_t1071 - 4) = 5;
																E004030CF(_t1071 - 0x80);
																 *(_t1071 - 4) = 4;
																E004030CF(_t1071 - 0x44);
																 *(_t1071 - 4) = 3;
																E004030CF(_t1071 - 0x58);
																 *(_t1071 - 4) = _t837;
																E004030CF(_t1071 - 0x6c);
																 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																 *(_t1071 - 4) = 0x22;
																E004030DF();
																 *(_t1071 - 4) =  *(_t1071 - 4) | 0xffffffff;
																E004030CF(_t1071 - 0x28);
																_t605 = 0;
																__eflags = 0;
																goto L112;
															} else {
																goto L107;
															}
															do {
																L107:
																__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t1071 - 0x74)) + _t863)) - _t837;
																_t645 =  *((intOrPtr*)( *((intOrPtr*)(_t1065 + 0x70)) + _t863 * 4));
																_t872 = _t863 & 0xffffff00 |  *((intOrPtr*)( *((intOrPtr*)(_t1071 - 0x74)) + _t863)) == _t837;
																__eflags = _t872 - _t837;
																 *(_t645 + 0x3c) = _t872;
																if(_t872 == _t837) {
																	_t1051 =  *(_t1071 - 0x88);
																	_t873 =  *(_t1071 - 0x10);
																	__eflags =  *((intOrPtr*)(_t1051 + _t873)) - _t837;
																	 *(_t645 + 0x3d) = _t1051 & 0xffffff00 |  *((intOrPtr*)(_t1051 + _t873)) == _t837;
																	_t874 = _t873 + 1;
																	__eflags = _t874;
																	 *(_t645 + 0x18) = _t837;
																	 *(_t645 + 0x3e) =  *((intOrPtr*)( *((intOrPtr*)(_t1071 - 0x9c)) + _t873));
																	 *(_t1071 - 0x10) = _t874;
																	 *(_t645 + 0x1c) = _t837;
																	 *(_t645 + 0x3f) = _t837;
																} else {
																	 *(_t645 + 0x3d) = _t837;
																	 *(_t645 + 0x3e) = _t837;
																	_t877 =  *((intOrPtr*)(_t1071 - 0x60)) +  *(_t1071 + 0xc) * 8;
																	 *(_t645 + 0x18) =  *_t877;
																	 *(_t645 + 0x1c) = _t877[1];
																	_t879 =  *(_t1071 + 0xc);
																	 *((intOrPtr*)(_t645 + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(_t1071 - 0x38)) + _t879 * 4));
																	 *(_t645 + 0x3f) =  *((intOrPtr*)( *((intOrPtr*)(_t1071 - 0x4c)) + _t879));
																	 *(_t1071 + 0xc) = _t879 + 1;
																}
																_t863 =  *(_t1071 + 8) + 1;
																__eflags = _t863 -  *((intOrPtr*)(_t1071 - 0x14));
																 *(_t1071 + 8) = _t863;
															} while (_t863 <  *((intOrPtr*)(_t1071 - 0x14)));
															goto L111;
														}
														_push(_t1071 - 0xfc);
														_t647 = E0040FD81( *(_t1071 - 0x10), _t1049);
														__eflags = _t647 - _t837;
														 *(_t1071 + 8) = _t647;
														if(_t647 != _t837) {
															 *(_t1071 - 4) = 0xc;
															E004030CF(_t1071 - 0xa8);
															 *(_t1071 - 4) = 0xb;
															E004030CF(_t1071 - 0x94);
															 *(_t1071 - 4) = 5;
															E004030CF(_t1071 - 0x80);
															 *(_t1071 - 4) = 4;
															E004030CF(_t1071 - 0x44);
															 *(_t1071 - 4) = 3;
															E004030CF(_t1071 - 0x58);
															 *(_t1071 - 4) = _t837;
															E004030CF(_t1071 - 0x6c);
															 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
															_t1070 =  *(_t1071 + 8);
															 *(_t1071 - 4) = 0xf;
															L105:
															E004030DF();
															 *(_t1071 - 4) =  *(_t1071 - 4) | 0xffffffff;
															E004030CF(_t1071 - 0x28);
															_t605 = _t1070;
															goto L112;
														}
														E0040A74D(_t1065 + 0xa0, _t1049,  *(_t1071 - 0xb0),  *(_t1071 - 0xac));
														__eflags =  *(_t1071 - 0xac) - _t837;
														_t655 =  *(_t1071 - 0xb0);
														if(__eflags > 0) {
															L88:
															E004030E7(_t1065 + 0xa0);
															_t657 = E004100D6( *(_t1071 - 0x10),  *((intOrPtr*)(_t1071 - 0xfc)),  *((intOrPtr*)(_t1071 - 0xf8)));
															__eflags = _t657 - _t837;
															 *(_t1071 + 8) = _t657;
															if(_t657 != _t837) {
																 *(_t1071 - 4) = 0xc;
																E004030CF(_t1071 - 0xa8);
																 *(_t1071 - 4) = 0xb;
																E004030CF(_t1071 - 0x94);
																 *(_t1071 - 4) = 5;
																E004030CF(_t1071 - 0x80);
																 *(_t1071 - 4) = 4;
																E004030CF(_t1071 - 0x44);
																 *(_t1071 - 4) = 3;
																E004030CF(_t1071 - 0x58);
																 *(_t1071 - 4) = _t837;
																E004030CF(_t1071 - 0x6c);
																 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																_t1070 =  *(_t1071 + 8);
																 *(_t1071 - 4) = 0x21;
																goto L105;
															}
															continue;
														}
														if(__eflags < 0) {
															L44:
															__eflags = _t655 - 0x11;
															if(__eflags > 0) {
																__eflags = _t655 - 0x12;
																if(_t655 < 0x12) {
																	goto L88;
																}
																__eflags = _t655 - 0x14;
																if(__eflags <= 0) {
																	_push( *(_t1071 - 0xac));
																	_push(_t655);
																	_push(_t1065 + 0x64);
																	_push(_t1071 - 0x28);
																	_t666 = E00410DE1( *(_t1071 - 0x10), __eflags);
																	__eflags = _t666 - _t837;
																	 *(_t1071 + 8) = _t666;
																	if(_t666 != _t837) {
																		 *(_t1071 - 4) = 0xc;
																		E004030CF(_t1071 - 0xa8);
																		 *(_t1071 - 4) = 0xb;
																		E004030CF(_t1071 - 0x94);
																		 *(_t1071 - 4) = 5;
																		E004030CF(_t1071 - 0x80);
																		 *(_t1071 - 4) = 4;
																		E004030CF(_t1071 - 0x44);
																		 *(_t1071 - 4) = 3;
																		E004030CF(_t1071 - 0x58);
																		 *(_t1071 - 4) = _t837;
																		E004030CF(_t1071 - 0x6c);
																		 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																		_t1070 =  *(_t1071 + 8);
																		 *(_t1071 - 4) = 0x20;
																		goto L105;
																	}
																	continue;
																}
																__eflags = _t655 - 0x15;
																if(_t655 == 0x15) {
																	E00401EBF(_t1071 - 0xf4, 1);
																	 *((intOrPtr*)(_t1071 - 0xf4)) = 0x41bb18;
																	 *(_t1071 - 4) = 0x13;
																	_t675 = E00410D8D( *(_t1071 - 0x10), _t1049,  *((intOrPtr*)(_t1065 + 0x6c)), _t1071 - 0xf4);
																	__eflags = _t675 - _t837;
																	 *(_t1071 + 8) = _t675;
																	if(__eflags != 0) {
																		 *(_t1071 - 4) = 0xd;
																		E004030CF(_t1071 - 0xf4);
																		 *(_t1071 - 4) = 0xc;
																		E004030CF(_t1071 - 0xa8);
																		 *(_t1071 - 4) = 0xb;
																		E004030CF(_t1071 - 0x94);
																		 *(_t1071 - 4) = 5;
																		E004030CF(_t1071 - 0x80);
																		 *(_t1071 - 4) = 4;
																		E004030CF(_t1071 - 0x44);
																		 *(_t1071 - 4) = 3;
																		E004030CF(_t1071 - 0x58);
																		 *(_t1071 - 4) = _t837;
																		E004030CF(_t1071 - 0x6c);
																		 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																		_t1070 =  *(_t1071 + 8);
																		 *(_t1071 - 4) = 0x14;
																		goto L105;
																	}
																	 *(_t1071 - 0xc0) = _t837;
																	 *(_t1071 - 4) = 0x15;
																	_t684 = E0040FBF0(_t1071 - 0xc4, __eflags,  *(_t1071 - 0x10), _t1071 - 0x28);
																	__eflags = _t684 - _t837;
																	 *(_t1071 + 8) = _t684;
																	if(_t684 != _t837) {
																		 *(_t1071 - 4) = 0x13;
																		E0040FB2C(_t1071 - 0xc4);
																		 *(_t1071 - 4) = 0xd;
																		E004030CF(_t1071 - 0xf4);
																		 *(_t1071 - 4) = 0xc;
																		E004030CF(_t1071 - 0xa8);
																		 *(_t1071 - 4) = 0xb;
																		E004030CF(_t1071 - 0x94);
																		 *(_t1071 - 4) = 5;
																		E004030CF(_t1071 - 0x80);
																		 *(_t1071 - 4) = 4;
																		E004030CF(_t1071 - 0x44);
																		 *(_t1071 - 4) = 3;
																		E004030CF(_t1071 - 0x58);
																		 *(_t1071 - 4) = _t837;
																		E004030CF(_t1071 - 0x6c);
																		 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																		_t1070 =  *(_t1071 + 8);
																		 *(_t1071 - 4) = 0x16;
																		goto L105;
																	}
																	_t923 = 0;
																	__eflags =  *((intOrPtr*)(_t1071 - 0x14)) - _t837;
																	 *(_t1071 + 8) = 0;
																	if( *((intOrPtr*)(_t1071 - 0x14)) <= _t837) {
																		L84:
																		 *(_t1071 - 4) = 0x13;
																		E0040FB2C(_t1071 - 0xc4);
																		 *(_t1071 - 4) = 0xd;
																		_t925 = _t1071 - 0xf4;
																		L85:
																		E004030CF(_t925);
																		continue;
																	} else {
																		goto L80;
																	}
																	do {
																		L80:
																		_t696 =  *((intOrPtr*)( *((intOrPtr*)(_t1065 + 0x70)) + _t923 * 4));
																		_t1049 =  *((intOrPtr*)( *((intOrPtr*)(_t1071 - 0xe8)) + _t923));
																		__eflags = _t1049 - _t837;
																		 *((char*)(_t696 + 0x40)) = _t1049;
																		if(_t1049 == _t837) {
																			goto L83;
																		}
																		_push(_t696 + 0x28);
																		_t698 = E0040FE36( *(_t1071 - 0x10));
																		__eflags = _t698 - _t837;
																		 *(_t1071 - 0xb4) = _t698;
																		if(_t698 != _t837) {
																			 *(_t1071 - 4) = 0x13;
																			E0040FB2C(_t1071 - 0xc4);
																			 *(_t1071 - 4) = 0xd;
																			E004030CF(_t1071 - 0xf4);
																			 *(_t1071 - 4) = 0xc;
																			E004030CF(_t1071 - 0xa8);
																			 *(_t1071 - 4) = 0xb;
																			E004030CF(_t1071 - 0x94);
																			 *(_t1071 - 4) = 5;
																			E004030CF(_t1071 - 0x80);
																			 *(_t1071 - 4) = 4;
																			E004030CF(_t1071 - 0x44);
																			 *(_t1071 - 4) = 3;
																			E004030CF(_t1071 - 0x58);
																			 *(_t1071 - 4) = _t837;
																			E004030CF(_t1071 - 0x6c);
																			 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																			_t1070 =  *(_t1071 - 0xb4);
																			 *(_t1071 - 4) = 0x17;
																			goto L105;
																		}
																		_t923 =  *(_t1071 + 8);
																		L83:
																		_t923 = _t923 + 1;
																		__eflags = _t923 -  *((intOrPtr*)(_t1071 - 0x14));
																		 *(_t1071 + 8) = _t923;
																	} while (_t923 <  *((intOrPtr*)(_t1071 - 0x14)));
																	goto L84;
																}
																__eflags = _t655 - 0x18;
																if(_t655 != 0x18) {
																	goto L88;
																}
																E00401EBF(_t1071 - 0xe0, 1);
																 *((intOrPtr*)(_t1071 - 0xe0)) = 0x41bb18;
																 *(_t1071 - 4) = 0x18;
																_t709 = E00410D8D( *(_t1071 - 0x10), _t1049,  *((intOrPtr*)(_t1065 + 0x6c)), _t1071 - 0xe0);
																__eflags = _t709 - _t837;
																 *(_t1071 + 8) = _t709;
																if(__eflags != 0) {
																	 *(_t1071 - 4) = 0xd;
																	E004030CF(_t1071 - 0xe0);
																	 *(_t1071 - 4) = 0xc;
																	E004030CF(_t1071 - 0xa8);
																	 *(_t1071 - 4) = 0xb;
																	E004030CF(_t1071 - 0x94);
																	 *(_t1071 - 4) = 5;
																	E004030CF(_t1071 - 0x80);
																	 *(_t1071 - 4) = 4;
																	E004030CF(_t1071 - 0x44);
																	 *(_t1071 - 4) = 3;
																	E004030CF(_t1071 - 0x58);
																	 *(_t1071 - 4) = _t837;
																	E004030CF(_t1071 - 0x6c);
																	 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																	_t1070 =  *(_t1071 + 8);
																	 *(_t1071 - 4) = 0x19;
																	goto L105;
																}
																 *(_t1071 - 0xb8) = _t837;
																 *(_t1071 - 4) = 0x1a;
																_t718 = E0040FBF0(_t1071 - 0xbc, __eflags,  *(_t1071 - 0x10), _t1071 - 0x28);
																__eflags = _t718 - _t837;
																 *(_t1071 + 8) = _t718;
																if(_t718 != _t837) {
																	 *(_t1071 - 4) = 0x18;
																	E0040FB2C(_t1071 - 0xbc);
																	 *(_t1071 - 4) = 0xd;
																	E004030CF(_t1071 - 0xe0);
																	 *(_t1071 - 4) = 0xc;
																	E004030CF(_t1071 - 0xa8);
																	 *(_t1071 - 4) = 0xb;
																	E004030CF(_t1071 - 0x94);
																	 *(_t1071 - 4) = 5;
																	E004030CF(_t1071 - 0x80);
																	 *(_t1071 - 4) = 4;
																	E004030CF(_t1071 - 0x44);
																	 *(_t1071 - 4) = 3;
																	E004030CF(_t1071 - 0x58);
																	 *(_t1071 - 4) = _t837;
																	E004030CF(_t1071 - 0x6c);
																	 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																	_t1070 =  *(_t1071 + 8);
																	 *(_t1071 - 4) = 0x1b;
																	goto L105;
																}
																_t954 = 0;
																__eflags =  *((intOrPtr*)(_t1071 - 0x14)) - _t837;
																 *(_t1071 + 8) = 0;
																if( *((intOrPtr*)(_t1071 - 0x14)) <= _t837) {
																	L76:
																	 *(_t1071 - 4) = 0x18;
																	E0040FB2C(_t1071 - 0xbc);
																	 *(_t1071 - 4) = 0xd;
																	_t925 = _t1071 - 0xe0;
																	goto L85;
																} else {
																	goto L72;
																}
																do {
																	L72:
																	_t729 =  *((intOrPtr*)( *((intOrPtr*)(_t1065 + 0x70)) + _t954 * 4));
																	_t1049 =  *((intOrPtr*)( *((intOrPtr*)(_t1071 - 0xd4)) + _t954));
																	__eflags = _t1049 - _t837;
																	 *((char*)(_t729 + 0x44)) = _t1049;
																	if(_t1049 == _t837) {
																		goto L75;
																	}
																	_push(_t729 + 0x20);
																	_t731 = E0040FE6F( *(_t1071 - 0x10), _t1049);
																	__eflags = _t731 - _t837;
																	 *(_t1071 - 0xb4) = _t731;
																	if(_t731 != _t837) {
																		 *(_t1071 - 4) = 0x18;
																		E0040FB2C(_t1071 - 0xbc);
																		 *(_t1071 - 4) = 0xd;
																		E004030CF(_t1071 - 0xe0);
																		 *(_t1071 - 4) = 0xc;
																		E004030CF(_t1071 - 0xa8);
																		 *(_t1071 - 4) = 0xb;
																		E004030CF(_t1071 - 0x94);
																		 *(_t1071 - 4) = 5;
																		E004030CF(_t1071 - 0x80);
																		 *(_t1071 - 4) = 4;
																		E004030CF(_t1071 - 0x44);
																		 *(_t1071 - 4) = 3;
																		E004030CF(_t1071 - 0x58);
																		 *(_t1071 - 4) = _t837;
																		E004030CF(_t1071 - 0x6c);
																		 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																		_t1070 =  *(_t1071 - 0xb4);
																		 *(_t1071 - 4) = 0x1c;
																		goto L105;
																	}
																	_t954 =  *(_t1071 + 8);
																	L75:
																	_t954 = _t954 + 1;
																	__eflags = _t954 -  *((intOrPtr*)(_t1071 - 0x14));
																	 *(_t1071 + 8) = _t954;
																} while (_t954 <  *((intOrPtr*)(_t1071 - 0x14)));
																goto L76;
															}
															if(__eflags == 0) {
																 *(_t1071 - 0xc8) = _t837;
																 *(_t1071 - 4) = 0x10;
																_t741 = E0040FBF0(_t1071 - 0xcc, __eflags,  *(_t1071 - 0x10), _t1071 - 0x28);
																__eflags = _t741 - _t837;
																 *(_t1071 + 8) = _t741;
																if(_t741 != _t837) {
																	 *(_t1071 - 4) = 0xd;
																	E0040FB2C(_t1071 - 0xcc);
																	 *(_t1071 - 4) = 0xc;
																	E004030CF(_t1071 - 0xa8);
																	 *(_t1071 - 4) = 0xb;
																	E004030CF(_t1071 - 0x94);
																	 *(_t1071 - 4) = 5;
																	E004030CF(_t1071 - 0x80);
																	 *(_t1071 - 4) = 4;
																	E004030CF(_t1071 - 0x44);
																	 *(_t1071 - 4) = 3;
																	E004030CF(_t1071 - 0x58);
																	 *(_t1071 - 4) = _t837;
																	E004030CF(_t1071 - 0x6c);
																	 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																	_t1070 =  *(_t1071 + 8);
																	 *(_t1071 - 4) = 0x11;
																	goto L105;
																}
																_t750 = E00410C8C( *(_t1071 - 0x10), _t1065 + 0x64); // executed
																__eflags = _t750 - _t837;
																 *(_t1071 + 8) = _t750;
																 *(_t1071 - 4) = 0xd;
																_t974 = _t1071 - 0xcc;
																if(_t750 != _t837) {
																	E0040FB2C(_t974);
																	 *(_t1071 - 4) = 0xc;
																	E004030CF(_t1071 - 0xa8);
																	 *(_t1071 - 4) = 0xb;
																	E004030CF(_t1071 - 0x94);
																	 *(_t1071 - 4) = 5;
																	E004030CF(_t1071 - 0x80);
																	 *(_t1071 - 4) = 4;
																	E004030CF(_t1071 - 0x44);
																	 *(_t1071 - 4) = 3;
																	E004030CF(_t1071 - 0x58);
																	 *(_t1071 - 4) = _t837;
																	E004030CF(_t1071 - 0x6c);
																	 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																	_t1070 =  *(_t1071 + 8);
																	 *(_t1071 - 4) = 0x12;
																	goto L105;
																}
																E0040FB2C(_t974);
																continue;
															}
															_t759 = _t655 - 0xe;
															__eflags = _t759;
															if(_t759 == 0) {
																_t761 = E00410D33( *(_t1071 - 0x10), _t1049,  *((intOrPtr*)(_t1071 - 0x14)), _t1071 - 0x80);
																__eflags = _t761 - _t837;
																 *(_t1071 + 8) = _t761;
																if(_t761 != _t837) {
																	 *(_t1071 - 4) = 0xc;
																	E004030CF(_t1071 - 0xa8);
																	 *(_t1071 - 4) = 0xb;
																	E004030CF(_t1071 - 0x94);
																	 *(_t1071 - 4) = 5;
																	E004030CF(_t1071 - 0x80);
																	 *(_t1071 - 4) = 4;
																	E004030CF(_t1071 - 0x44);
																	 *(_t1071 - 4) = 3;
																	E004030CF(_t1071 - 0x58);
																	 *(_t1071 - 4) = _t837;
																	E004030CF(_t1071 - 0x6c);
																	 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																	_t1070 =  *(_t1071 + 8);
																	 *(_t1071 - 4) = 0x1d;
																	goto L105;
																}
																_t988 =  *((intOrPtr*)(_t1071 - 0x78));
																_t768 = 0;
																__eflags = _t988 - _t837;
																if(_t988 <= _t837) {
																	L58:
																	E00403138(_t1071 - 0x94,  *(_t1071 + 0xc));
																	E00403138(_t1071 - 0xa8,  *(_t1071 + 0xc));
																	__eflags =  *(_t1071 + 0xc) - _t837;
																	if( *(_t1071 + 0xc) <= _t837) {
																		continue;
																	}
																	 *(_t1071 + 8) =  *(_t1071 + 0xc);
																	do {
																		E0040E9A1(_t1071 - 0x94, _t1049, _t837);
																		E0040E9A1(_t1071 - 0xa8, _t1049, _t837);
																		_t203 = _t1071 + 8;
																		 *_t203 =  *(_t1071 + 8) - 1;
																		__eflags =  *_t203;
																	} while ( *_t203 != 0);
																	continue;
																} else {
																	goto L55;
																}
																do {
																	L55:
																	_t1049 =  *((intOrPtr*)(_t1071 - 0x74));
																	__eflags =  *((intOrPtr*)(_t1049 + _t768)) - _t837;
																	if( *((intOrPtr*)(_t1049 + _t768)) != _t837) {
																		_t192 = _t1071 + 0xc;
																		 *_t192 =  *(_t1071 + 0xc) + 1;
																		__eflags =  *_t192;
																	}
																	_t768 = _t768 + 1;
																	__eflags = _t768 - _t988;
																} while (_t768 < _t988);
																goto L58;
															}
															_t774 = _t759 - 1;
															__eflags = _t774;
															if(_t774 == 0) {
																_t776 = E00410D33( *(_t1071 - 0x10), _t1049,  *(_t1071 + 0xc), _t1071 - 0x94);
																__eflags = _t776 - _t837;
																 *(_t1071 + 8) = _t776;
																if(_t776 != _t837) {
																	 *(_t1071 - 4) = 0xc;
																	E004030CF(_t1071 - 0xa8);
																	 *(_t1071 - 4) = 0xb;
																	E004030CF(_t1071 - 0x94);
																	 *(_t1071 - 4) = 5;
																	E004030CF(_t1071 - 0x80);
																	 *(_t1071 - 4) = 4;
																	E004030CF(_t1071 - 0x44);
																	 *(_t1071 - 4) = 3;
																	E004030CF(_t1071 - 0x58);
																	 *(_t1071 - 4) = _t837;
																	E004030CF(_t1071 - 0x6c);
																	 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																	_t1070 =  *(_t1071 + 8);
																	 *(_t1071 - 4) = 0x1e;
																	goto L105;
																}
																continue;
															}
															__eflags = _t774 != 1;
															if(_t774 != 1) {
																goto L88;
															}
															_t785 = E00410D33( *(_t1071 - 0x10), _t1049,  *(_t1071 + 0xc), _t1071 - 0xa8);
															__eflags = _t785 - _t837;
															 *(_t1071 + 8) = _t785;
															if(_t785 != _t837) {
																 *(_t1071 - 4) = 0xc;
																E004030CF(_t1071 - 0xa8);
																 *(_t1071 - 4) = 0xb;
																E004030CF(_t1071 - 0x94);
																 *(_t1071 - 4) = 5;
																E004030CF(_t1071 - 0x80);
																 *(_t1071 - 4) = 4;
																E004030CF(_t1071 - 0x44);
																 *(_t1071 - 4) = 3;
																E004030CF(_t1071 - 0x58);
																 *(_t1071 - 4) = _t837;
																E004030CF(_t1071 - 0x6c);
																 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
																_t1070 =  *(_t1071 + 8);
																 *(_t1071 - 4) = 0x1f;
																goto L105;
															}
															continue;
														}
														__eflags = _t655 - 0x18;
														if(_t655 > 0x18) {
															goto L88;
														}
														goto L44;
													}
													 *(_t1071 - 4) = 0xc;
													E004030CF(_t1071 - 0xa8);
													 *(_t1071 - 4) = 0xb;
													E004030CF(_t1071 - 0x94);
													 *(_t1071 - 4) = 5;
													E004030CF(_t1071 - 0x80);
													 *(_t1071 - 4) = 4;
													E004030CF(_t1071 - 0x44);
													 *(_t1071 - 4) = 3;
													E004030CF(_t1071 - 0x58);
													 *(_t1071 - 4) = _t837;
													E004030CF(_t1071 - 0x6c);
													 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
													_t1070 =  *(_t1071 + 8);
													 *(_t1071 - 4) = 0xe;
													goto L105;
												} else {
													do {
														E0040E9A1(_t1071 - 0x80, _t1049, _t837);
														 *(_t1071 + 8) =  *(_t1071 + 8) + 1;
														__eflags =  *(_t1071 + 8) -  *((intOrPtr*)(_t1071 - 0x14));
													} while ( *(_t1071 + 8) <  *((intOrPtr*)(_t1071 - 0x14)));
													goto L37;
												}
											} else {
												goto L29;
											}
											do {
												L29:
												_push(E0041235E(_t1071 - 0x144));
												 *(_t1071 - 4) = 0xa;
												_t797 = E0041295F(_t1065 + 0x64, _t1049); // executed
												 *(_t1071 - 4) = 5;
												E00402E39(_t797,  *((intOrPtr*)(_t1071 - 0x114)));
												 *(_t1071 + 8) =  *(_t1071 + 8) + 1;
												__eflags =  *(_t1071 + 8) -  *((intOrPtr*)(_t1071 - 0x14));
											} while ( *(_t1071 + 8) <  *((intOrPtr*)(_t1071 - 0x14)));
											goto L30;
										}
										 *(_t1071 - 4) = 4;
										E004030CF(_t1071 - 0x44);
										 *(_t1071 - 4) = 3;
										E004030CF(_t1071 - 0x58);
										 *(_t1071 - 4) = _t837;
										E004030CF(_t1071 - 0x6c);
										 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
										_t837 =  *(_t1071 + 8);
										 *(_t1071 - 4) = 9;
										L27:
										E004030DF();
										 *(_t1071 - 4) =  *(_t1071 - 4) | 0xffffffff;
										E004030CF(_t1071 - 0x28);
										_t605 = _t837;
										goto L112;
									}
									__eflags =  *(_t1071 - 0x2c) - _t837;
									if(__eflags == 0) {
										goto L25;
									}
									goto L24;
								}
								 *(_t1071 - 4) = 4;
								E004030CF(_t1071 - 0x44);
								 *(_t1071 - 4) = 3;
								E004030CF(_t1071 - 0x58);
								 *(_t1071 - 4) = _t837;
								E004030CF(_t1071 - 0x6c);
								 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
								 *(_t1071 - 4) = 8;
								goto L27;
							} else {
								goto L19;
							}
							do {
								L19:
								E0040882F(_t1065 + 0x50, _t1049, 1);
								 *(_t1071 + 0xc) =  *( *((intOrPtr*)(_t1065 + 0x48)) +  *(_t1071 + 8) * 4);
								E0040A74D(_t1071 - 0x6c, _t1049, E0040E81D( *( *((intOrPtr*)(_t1065 + 0x48)) +  *(_t1071 + 8) * 4)), _t1049);
								E0040E9A1(_t1071 - 0x58, _t1049,  *((intOrPtr*)( *(_t1071 + 0xc) + 0x54)));
								E0040882F(_t1071 - 0x44, _t1049,  *((intOrPtr*)( *(_t1071 + 0xc) + 0x50)));
								 *(_t1071 + 8) =  *(_t1071 + 8) + 1;
								__eflags =  *(_t1071 + 8) -  *((intOrPtr*)(_t1065 + 0x44));
							} while ( *(_t1071 + 8) <  *((intOrPtr*)(_t1065 + 0x44)));
							goto L20;
						}
						__eflags =  *(_t1071 - 0x2c) - _t837;
						if(__eflags != 0) {
							goto L18;
						}
						_t820 = E00410C0B( *(_t1071 - 0x10), __eflags, _t1071 - 0x28, _t1065 + 0x90, _t1065, _t1065 + 0x14, _t1065 + 0x28, _t1065 + 0x3c, _t1065 + 0x50, _t1071 - 0x6c, _t1071 - 0x58, _t1071 - 0x44);
						__eflags = _t820 - _t837;
						 *(_t1071 + 8) = _t820;
						if(_t820 == _t837) {
							_t1049 =  *((intOrPtr*)(_t1065 + 0x8c));
							 *((intOrPtr*)(_t1065 + 0x90)) =  *((intOrPtr*)(_t1065 + 0x90)) +  *((intOrPtr*)(_t1065 + 0x88));
							asm("adc [eax+0x4], edx");
							_push(_t1071 - 0x30);
							_t823 = E0040FD81( *(_t1071 - 0x10),  *((intOrPtr*)(_t1065 + 0x8c)));
							__eflags = _t823 - _t837;
							 *(_t1071 + 8) = _t823;
							if(_t823 == _t837) {
								goto L20;
							}
							 *(_t1071 - 4) = 4;
							E004030CF(_t1071 - 0x44);
							 *(_t1071 - 4) = 3;
							E004030CF(_t1071 - 0x58);
							 *(_t1071 - 4) = _t837;
							E004030CF(_t1071 - 0x6c);
							 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
							_t837 =  *(_t1071 + 8);
							 *(_t1071 - 4) = 7;
							goto L27;
						}
						 *(_t1071 - 4) = 4;
						E004030CF(_t1071 - 0x44);
						 *(_t1071 - 4) = 3;
						E004030CF(_t1071 - 0x58);
						 *(_t1071 - 4) = _t837;
						E004030CF(_t1071 - 0x6c);
						 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
						_t837 =  *(_t1071 + 8);
						 *(_t1071 - 4) = 6;
						goto L27;
					}
					_t1083 =  *(_t1071 - 0x2c) - _t837;
					if( *(_t1071 - 0x2c) != _t837) {
						goto L12;
					}
					_push( *(_t1071 + 0xc));
					_push(_t1071 - 0x28);
					_push(_t1065 + 0x98);
					_t831 = E00410F22(_t837,  *(_t1071 - 0x10), _t1049, _t1065, 0x41bbe8, _t1083,  *((intOrPtr*)(_t1065 + 0x88)),  *((intOrPtr*)(_t1065 + 0x8c)));
					if(_t831 == _t837) {
						_t1049 =  *((intOrPtr*)(_t1065 + 0x8c));
						 *((intOrPtr*)(_t1065 + 0x98)) =  *((intOrPtr*)(_t1065 + 0x98)) +  *((intOrPtr*)(_t1065 + 0x88));
						asm("adc [eax+0x4], edx");
						_push(_t1071 - 0x30);
						_t831 = E0040FD81( *(_t1071 - 0x10),  *((intOrPtr*)(_t1065 + 0x8c)));
						__eflags = _t831 - _t837;
						if(_t831 == _t837) {
							goto L12;
						}
						 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
						 *(_t1071 - 4) = 2;
						L9:
						_t837 = _t831;
						goto L27;
					}
					 *((intOrPtr*)(_t1071 - 0x28)) = 0x41bbe8;
					 *(_t1071 - 4) = 1;
					goto L9;
				}
				_t1079 =  *(_t1071 - 0x2c);
				if( *(_t1071 - 0x2c) != 0) {
					goto L5;
				}
				_t605 = E0041013D(__ecx, _t1079, _t1065 + 0x78);
				if(_t605 != 0) {
					goto L112;
				}
				_push(_t1071 - 0x30);
				_t605 = E0040FD81(_t1067, __edx);
				if(_t605 != 0) {
					goto L112;
				}
				goto L5;
			}

0x0041142b
0x00411430
0x00411441
0x00411443
0x00411444
0x00411447
0x0041144c
0x00411450
0x0041234d
0x00412353
0x0041235b
0x0041235b
0x0041145a
0x0041145d
0x0041148a
0x0041148d
0x00411497
0x0041149e
0x004114a1
0x00411516
0x0041151b
0x00411520
0x0041152c
0x00411531
0x0041153d
0x00411542
0x00411549
0x0041154d
0x00411551
0x00411633
0x00411633
0x00411636
0x00411639
0x00411688
0x0041168b
0x00411693
0x00411696
0x004116c7
0x004116cb
0x004116d2
0x004116d7
0x004116de
0x004116e3
0x004116e9
0x004116ea
0x004116ef
0x004116f6
0x004116fb
0x004116fd
0x00411700
0x00411753
0x00411758
0x0041175b
0x0041175e
0x00411793
0x0041179c
0x004117a1
0x004117a4
0x004117af
0x004117af
0x004117b4
0x004117b7
0x004117b9
0x004117bc
0x004117c7
0x004117c7
0x004117bc
0x004117d1
0x004117d6
0x004117e3
0x004117e7
0x004117ec
0x004117ef
0x004117f2
0x00411808
0x00411810
0x00411815
0x00411827
0x0041182c
0x00411836
0x0041183a
0x0041183d
0x00411846
0x00411847
0x0041184c
0x0041184e
0x00411851
0x00000000
0x00000000
0x0041185d
0x00411863
0x00412246
0x00412248
0x0041224b
0x0041224e
0x00412251
0x00412254
0x004122e0
0x004122e6
0x004122ea
0x004122f5
0x004122f9
0x00412301
0x00412305
0x0041230d
0x00412311
0x00412319
0x0041231d
0x00412325
0x00412328
0x0041232d
0x00412333
0x0041233a
0x0041233f
0x00412346
0x0041234b
0x0041234b
0x00000000
0x00000000
0x00000000
0x00000000
0x0041225a
0x0041225a
0x00412260
0x00412263
0x00412266
0x00412269
0x0041226b
0x0041226e
0x004122a5
0x004122ab
0x004122ae
0x004122b4
0x004122c0
0x004122c0
0x004122c1
0x004122c4
0x004122c7
0x004122ca
0x004122cd
0x00412270
0x00412273
0x00412276
0x0041227c
0x00412281
0x00412287
0x0041228d
0x00412293
0x0041229d
0x004122a0
0x004122a0
0x004122d3
0x004122d4
0x004122d7
0x004122d7
0x00000000
0x0041225a
0x00411872
0x00411873
0x00411878
0x0041187a
0x0041187d
0x00411c57
0x00411c5b
0x00411c66
0x00411c6a
0x00411c72
0x00411c76
0x00411c7e
0x00411c82
0x00411c8a
0x00411c8e
0x00411c96
0x00411c99
0x00411c9e
0x00411ca1
0x00411ca4
0x0041222b
0x0041222e
0x00412233
0x0041223a
0x0041223f
0x00000000
0x0041223f
0x00411895
0x0041189a
0x004118a0
0x004118a6
0x00411bc3
0x00411bc9
0x00411bdd
0x00411be2
0x00411be4
0x00411be7
0x004121d7
0x004121db
0x004121e6
0x004121ea
0x004121f2
0x004121f6
0x004121fe
0x00412202
0x0041220a
0x0041220e
0x00412216
0x00412219
0x0041221e
0x00412221
0x00412224
0x00000000
0x00412224
0x00000000
0x00411bed
0x004118ac
0x004118b7
0x004118b7
0x004118ba
0x004119eb
0x004119ee
0x00000000
0x00000000
0x004119f4
0x004119f7
0x00411b9c
0x00411ba5
0x00411ba9
0x00411bad
0x00411bae
0x00411bb3
0x00411bb5
0x00411bb8
0x0041217b
0x0041217f
0x0041218a
0x0041218e
0x00412196
0x0041219a
0x004121a2
0x004121a6
0x004121ae
0x004121b2
0x004121ba
0x004121bd
0x004121c2
0x004121c5
0x004121c8
0x00000000
0x004121c8
0x00000000
0x00411bbe
0x004119fd
0x00411a00
0x00411adb
0x00411ae0
0x00411af8
0x00411afc
0x00411b01
0x00411b03
0x00411b06
0x00412010
0x00412014
0x0041201f
0x00412023
0x0041202e
0x00412032
0x0041203a
0x0041203e
0x00412046
0x0041204a
0x00412052
0x00412056
0x0041205e
0x00412061
0x00412066
0x00412069
0x0041206c
0x00000000
0x0041206c
0x00411b0c
0x00411b1c
0x00411b23
0x00411b28
0x00411b2a
0x00411b2d
0x0041207e
0x00412082
0x0041208d
0x00412091
0x0041209c
0x004120a0
0x004120ab
0x004120af
0x004120b7
0x004120bb
0x004120c3
0x004120c7
0x004120cf
0x004120d3
0x004120db
0x004120de
0x004120e3
0x004120e6
0x004120e9
0x00000000
0x004120e9
0x00411b33
0x00411b35
0x00411b38
0x00411b3b
0x00411b79
0x00411b7f
0x00411b83
0x00411b88
0x00411b8c
0x00411b92
0x00411b92
0x00000000
0x00000000
0x00000000
0x00000000
0x00411b3d
0x00411b3d
0x00411b46
0x00411b49
0x00411b4c
0x00411b4e
0x00411b51
0x00000000
0x00000000
0x00411b59
0x00411b5a
0x00411b5f
0x00411b61
0x00411b67
0x004120fb
0x004120ff
0x0041210a
0x0041210e
0x00412119
0x0041211d
0x00412128
0x0041212c
0x00412134
0x00412138
0x00412140
0x00412144
0x0041214c
0x00412150
0x00412158
0x0041215b
0x00412160
0x00412163
0x00412169
0x00000000
0x00412169
0x00411b6d
0x00411b70
0x00411b70
0x00411b71
0x00411b74
0x00411b74
0x00000000
0x00411b3d
0x00411a06
0x00411a09
0x00000000
0x00000000
0x00411a17
0x00411a1c
0x00411a34
0x00411a38
0x00411a3d
0x00411a3f
0x00411a42
0x00411ea5
0x00411ea9
0x00411eb4
0x00411eb8
0x00411ec3
0x00411ec7
0x00411ecf
0x00411ed3
0x00411edb
0x00411edf
0x00411ee7
0x00411eeb
0x00411ef3
0x00411ef6
0x00411efb
0x00411efe
0x00411f01
0x00000000
0x00411f01
0x00411a48
0x00411a58
0x00411a5f
0x00411a64
0x00411a66
0x00411a69
0x00411f13
0x00411f17
0x00411f22
0x00411f26
0x00411f31
0x00411f35
0x00411f40
0x00411f44
0x00411f4c
0x00411f50
0x00411f58
0x00411f5c
0x00411f64
0x00411f68
0x00411f70
0x00411f73
0x00411f78
0x00411f7b
0x00411f7e
0x00000000
0x00411f7e
0x00411a6f
0x00411a71
0x00411a74
0x00411a77
0x00411ab5
0x00411abb
0x00411abf
0x00411ac4
0x00411ac8
0x00000000
0x00000000
0x00000000
0x00000000
0x00411a79
0x00411a79
0x00411a82
0x00411a85
0x00411a88
0x00411a8a
0x00411a8d
0x00000000
0x00000000
0x00411a95
0x00411a96
0x00411a9b
0x00411a9d
0x00411aa3
0x00411f90
0x00411f94
0x00411f9f
0x00411fa3
0x00411fae
0x00411fb2
0x00411fbd
0x00411fc1
0x00411fc9
0x00411fcd
0x00411fd5
0x00411fd9
0x00411fe1
0x00411fe5
0x00411fed
0x00411ff0
0x00411ff5
0x00411ff8
0x00411ffe
0x00000000
0x00411ffe
0x00411aa9
0x00411aac
0x00411aac
0x00411aad
0x00411ab0
0x00411ab0
0x00000000
0x00411a79
0x004118c0
0x00411999
0x004119a9
0x004119b0
0x004119b5
0x004119b7
0x004119ba
0x00411dd3
0x00411dd7
0x00411de2
0x00411de6
0x00411df1
0x00411df5
0x00411dfd
0x00411e01
0x00411e09
0x00411e0d
0x00411e15
0x00411e19
0x00411e21
0x00411e24
0x00411e29
0x00411e2c
0x00411e2f
0x00000000
0x00411e2f
0x004119c7
0x004119cc
0x004119ce
0x004119d1
0x004119d5
0x004119db
0x00411e3b
0x00411e46
0x00411e4a
0x00411e55
0x00411e59
0x00411e61
0x00411e65
0x00411e6d
0x00411e71
0x00411e79
0x00411e7d
0x00411e85
0x00411e88
0x00411e8d
0x00411e90
0x00411e93
0x00000000
0x00411e93
0x004119e1
0x00000000
0x004119e1
0x004118c6
0x004118c6
0x004118c9
0x00411923
0x00411928
0x0041192a
0x0041192d
0x00411d74
0x00411d78
0x00411d83
0x00411d87
0x00411d8f
0x00411d93
0x00411d9b
0x00411d9f
0x00411da7
0x00411dab
0x00411db3
0x00411db6
0x00411dbb
0x00411dbe
0x00411dc1
0x00000000
0x00411dc1
0x00411933
0x00411936
0x00411938
0x0041193a
0x0041194c
0x00411955
0x00411963
0x00411968
0x0041196b
0x00000000
0x00000000
0x00411974
0x00411977
0x0041197e
0x0041198a
0x0041198f
0x0041198f
0x0041198f
0x0041198f
0x00000000
0x00000000
0x00000000
0x00000000
0x0041193c
0x0041193c
0x0041193c
0x0041193f
0x00411942
0x00411944
0x00411944
0x00411944
0x00411944
0x00411947
0x00411948
0x00411948
0x00000000
0x0041193c
0x004118cb
0x004118cb
0x004118cc
0x00411904
0x00411909
0x0041190b
0x0041190e
0x00411d15
0x00411d19
0x00411d24
0x00411d28
0x00411d30
0x00411d34
0x00411d3c
0x00411d40
0x00411d48
0x00411d4c
0x00411d54
0x00411d57
0x00411d5c
0x00411d5f
0x00411d62
0x00000000
0x00411d62
0x00000000
0x00411914
0x004118ce
0x004118cf
0x00000000
0x00000000
0x004118e2
0x004118e7
0x004118e9
0x004118ec
0x00411cb6
0x00411cba
0x00411cc5
0x00411cc9
0x00411cd1
0x00411cd5
0x00411cdd
0x00411ce1
0x00411ce9
0x00411ced
0x00411cf5
0x00411cf8
0x00411cfd
0x00411d00
0x00411d03
0x00000000
0x00411d03
0x00000000
0x004118f2
0x004118ae
0x004118b1
0x00000000
0x00000000
0x00000000
0x004118b1
0x00411bf8
0x00411bfc
0x00411c07
0x00411c0b
0x00411c13
0x00411c17
0x00411c1f
0x00411c23
0x00411c2b
0x00411c2f
0x00411c37
0x00411c3a
0x00411c3f
0x00411c42
0x00411c45
0x00000000
0x004117f4
0x004117f4
0x004117f8
0x004117fd
0x00411803
0x00411803
0x00000000
0x004117f4
0x00000000
0x00000000
0x00000000
0x00411760
0x00411760
0x0041176b
0x0041176f
0x00411773
0x0041177e
0x00411782
0x00411787
0x0041178d
0x00411790
0x00000000
0x00411760
0x00411705
0x00411709
0x00411711
0x00411715
0x0041171d
0x00411720
0x00411725
0x00411728
0x0041172b
0x00411732
0x00411735
0x0041173a
0x00411741
0x00411746
0x00000000
0x00411746
0x004116cd
0x004116d0
0x00000000
0x00000000
0x00000000
0x004116d0
0x0041169b
0x0041169f
0x004116a7
0x004116ab
0x004116b3
0x004116b6
0x004116bb
0x004116be
0x00000000
0x00000000
0x00000000
0x00000000
0x0041163b
0x0041163b
0x00411640
0x0041164e
0x0041165b
0x0041166a
0x00411678
0x0041167d
0x00411683
0x00411683
0x00000000
0x0041163b
0x00411557
0x0041155a
0x00000000
0x00000000
0x0041158b
0x00411590
0x00411592
0x00411595
0x004115d2
0x004115d8
0x004115e7
0x004115ed
0x004115ee
0x004115f3
0x004115f5
0x004115f8
0x00000000
0x00000000
0x00411601
0x00411605
0x0041160d
0x00411611
0x00411619
0x0041161c
0x00411621
0x00411624
0x00411627
0x00000000
0x00411627
0x0041159a
0x0041159e
0x004115a6
0x004115aa
0x004115b2
0x004115b5
0x004115ba
0x004115bd
0x004115c0
0x00000000
0x004115c0
0x004114a3
0x004114a6
0x00000000
0x00000000
0x004114a8
0x004114b4
0x004114b8
0x004114c5
0x004114cc
0x004114e5
0x004114eb
0x004114fa
0x00411500
0x00411501
0x00411506
0x00411508
0x00000000
0x00000000
0x0041150a
0x0041150d
0x004114d8
0x004114d8
0x00000000
0x004114d8
0x004114ce
0x004114d1
0x00000000
0x004114d1
0x0041145f
0x00411462
0x00000000
0x00000000
0x0041146a
0x00411471
0x00000000
0x00000000
0x0041147c
0x0041147d
0x00411484
0x00000000
0x00000000
0x00000000

APIs

__EH_prolog.LIBCMT ref: 00411430

Strings

", xrefs: 00412333

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog
String ID: "
API String ID: 3519838083-123907689
Opcode ID: 4e4c50eabd6debe2fed9b5aeed455f765e0b317d6aa2782eabe8c03cc283ae37
Instruction ID: ddca9daee3eeea727c3ed2a1a73c51fc709304dd337bda35bc0daae3cfc5a80c
Opcode Fuzzy Hash: 4e4c50eabd6debe2fed9b5aeed455f765e0b317d6aa2782eabe8c03cc283ae37
Instruction Fuzzy Hash: 87A27F30812249EEDF14EFA5C590BDCBF75AF15308F5480AED44973282EB785B88DB66

Uniqueness

Uniqueness Score: -1.00%

Function 00402329 Relevance: 6.2, APIs: 4, Instructions: 185
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00402329(void* __eflags) {
				void* __edi;
				void* __esi;
				void* _t100;
				intOrPtr _t105;
				void* _t111;
				void* _t114;
				void* _t128;
				void* _t129;
				intOrPtr _t161;
				intOrPtr _t162;
				void* _t164;

				E00417F20(E004184F3, _t164);
				 *((intOrPtr*)(_t164 - 0x6c)) = 0;
				 *(_t164 - 4) = 0;
				E0040279E(_t164 - 0x68);
				_t161 =  *((intOrPtr*)(_t164 + 0x14));
				 *(_t164 - 4) = 1;
				if( *(_t161 + 1) != 0) {
					L13:
					asm("sbb eax, eax");
					_push(( ~( *(_t161 + 1)) & 0x00000094) + 0xcf);
					_push(_t164 - 0x28); // executed
					E004050AA(_t161); // executed
					 *(_t164 - 4) = 4;
					 *((intOrPtr*)(_t164 - 0x84)) =  *((intOrPtr*)(_t164 + 0x20));
					E00405F8F(_t164 - 0x6c,  *((intOrPtr*)(_t164 + 0x20)));
					E00409B6C( *((intOrPtr*)(_t164 - 0x84)));
					 *((intOrPtr*)(_t164 - 0x74)) = _t161;
					 *((intOrPtr*)(_t164 - 0x80)) =  *((intOrPtr*)(_t164 + 8));
					 *((intOrPtr*)(_t164 - 0x7c)) =  *((intOrPtr*)(_t164 + 0xc));
					 *((intOrPtr*)(_t164 - 0x78)) =  *((intOrPtr*)(_t164 + 0x10));
					 *((intOrPtr*)(_t164 - 0x70)) =  *((intOrPtr*)(_t164 + 0x1c));
					 *(_t164 - 0x10) = 0;
					 *(_t164 - 4) = 5;
					_t100 = E004025AF(_t164 - 0x10, 0, 0, E004025DD, _t164 - 0x84, 0, _t164 + 0x18); // executed
					if(_t100 == 0) {
						_push(0x41c1c0);
						_push(_t164 + 0x18);
						 *((intOrPtr*)(_t164 + 0x18)) = 0x425d0;
						L00417F68();
					}
					_push( *((intOrPtr*)( *((intOrPtr*)(_t164 - 0x84)) + 0xb8)));
					_t102 = E0040258C( *((intOrPtr*)(_t164 - 0x84)) + 0x30, _t164, _t164 - 0x28);
					_t162 =  *((intOrPtr*)(_t164 - 0x5c));
					if(_t162 != 0 &&  *((intOrPtr*)(_t164 - 0x64)) != 0) {
						E00401A6F(_t164 - 0x34, _t164 - 0x68);
						_t102 = _t164 - 0x34;
						_push(0x41c1b0);
						_push(_t164 - 0x34);
						L00417F68();
					}
					if( *(_t164 - 0x10) != 0 && CloseHandle( *(_t164 - 0x10)) != 0) {
						 *(_t164 - 0x10) = 0;
					}
					E00402E39(_t102,  *((intOrPtr*)(_t164 - 0x28)));
					 *(_t164 - 4) =  *(_t164 - 4) | 0xffffffff;
					E0040270A(_t164 - 0x84);
					goto L22;
				} else {
					_t159 = _t161 + 8;
					E00401A6F(_t164 - 0x1c, _t161 + 8);
					 *(_t164 - 4) = 2;
					if( *((intOrPtr*)(_t164 - 0x18)) == 0) {
						_push(_t164 - 0x1c);
						E0040454A(_t159, _t161);
					}
					if( *((intOrPtr*)(_t164 + 0x18)) == 0) {
						L10:
						if(E004044EE( *((intOrPtr*)(_t164 - 0x1c)), _t159) != 0) {
							_t111 = E00404D2E(_t159);
							 *(_t164 - 4) = 1;
							E00402E39(_t111,  *((intOrPtr*)(_t164 - 0x1c)));
							goto L13;
						} else {
							_t114 = E00402E39(E004175B2(0,  *0x4200ac),  *((intOrPtr*)(_t164 - 0x1c)));
							 *(_t164 - 4) =  *(_t164 - 4) | 0xffffffff;
							E00402E39(_t114,  *((intOrPtr*)(_t164 - 0x68)));
							E004099E1(_t164 - 0x6c);
							_t105 = 0x80004005;
						}
					} else {
						E00402725(_t164 - 0x58);
						 *(_t164 - 4) = 3;
						if(E004044EE( *((intOrPtr*)(_t164 - 0x1c)), _t164 - 0x48) != 0) {
							E00404D2E(_t164 - 0x48);
							_push(0);
							_push(0x89);
							if(E0040597C(_t164 - 0x58) == 1) {
								E00401975(_t164 - 0x1c, _t164 - 0x48);
								 *((intOrPtr*)(_t161 + 0x68)) =  *((intOrPtr*)(_t164 - 0x38));
								 *((intOrPtr*)(_t161 + 4)) =  *((intOrPtr*)(_t164 - 0x3c));
								 *(_t164 - 4) = 2;
								E00402E39( *((intOrPtr*)(_t164 - 0x3c)),  *((intOrPtr*)(_t164 - 0x48)));
								goto L10;
							} else {
								_t162 = 0x80004004;
								goto L8;
							}
						} else {
							_t122 = E004175B2(0,  *0x4200ac);
							_t162 = 0x80004005;
							L8:
							_t128 = E00402E39(_t122,  *((intOrPtr*)(_t164 - 0x48)));
							 *((intOrPtr*)(_t164 - 0x58)) = 0x41b490;
							_t129 = E00402E39(_t128,  *((intOrPtr*)(_t164 - 0x1c)));
							 *(_t164 - 4) =  *(_t164 - 4) | 0xffffffff;
							E00402E39(_t129,  *((intOrPtr*)(_t164 - 0x68)));
							E004099E1(_t164 - 0x6c);
							L22:
							_t105 = _t162;
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t164 - 0xc));
				return _t105;
			}

0x0040232e
0x0040233b
0x00402341
0x00402344
0x00402349
0x0040234c
0x00402356
0x0040247f
0x00402484
0x0040248d
0x00402491
0x00402492
0x0040249e
0x004024a2
0x004024a8
0x004024b3
0x004024bb
0x004024be
0x004024c4
0x004024ca
0x004024d0
0x004024d3
0x004024ec
0x004024f0
0x004024f7
0x004024fc
0x00402501
0x00402502
0x00402509
0x00402509
0x00402517
0x00402521
0x00402526
0x0040252b
0x00402539
0x0040253e
0x00402541
0x00402546
0x00402547
0x00402547
0x0040254f
0x0040255e
0x0040255e
0x00402564
0x00402569
0x00402574
0x00000000
0x0040235c
0x0040235c
0x00402363
0x0040236b
0x0040236f
0x00402374
0x00402375
0x00402375
0x0040237d
0x0040242b
0x00402436
0x0040246d
0x00402475
0x00402479
0x00000000
0x00402438
0x00402447
0x0040244f
0x00402453
0x0040245d
0x00402462
0x00402462
0x00402383
0x00402386
0x0040238e
0x0040239d
0x004023b6
0x004023bb
0x004023bc
0x004023cc
0x0040240d
0x00402418
0x0040241e
0x00402421
0x00402425
0x00000000
0x004023ce
0x004023ce
0x00000000
0x004023ce
0x0040239f
0x004023a6
0x004023ab
0x004023d3
0x004023d6
0x004023de
0x004023e5
0x004023ed
0x004023f1
0x004023fc
0x00402579
0x00402579
0x00402579
0x0040239d
0x0040237d
0x00402581
0x00402589

APIs

__EH_prolog.LIBCMT ref: 0040232E
_CxxThrowException.MSVCRT(?,0041C1C0), ref: 00402509
_CxxThrowException.MSVCRT(?,0041C1B0), ref: 00402547
CloseHandle.KERNEL32(0041826A,00000001,?,00000000,00000000,004025DD,?,00000000,?,?,00000001,?,00000001,0041B320,00000000), ref: 00402554

Part of subcall function 0040454A: __EH_prolog.LIBCMT ref: 0040454F
Part of subcall function 0040454A: GetCurrentDirectoryW.KERNEL32(00000105,?,?,?,00000000), ref: 00404580

Part of subcall function 0040597C: __EH_prolog.LIBCMT ref: 00405981
Part of subcall function 0040597C: DialogBoxParamW.USER32 ref: 004059A9

Part of subcall function 00402E39: free.MSVCRT(00000000,00401D31,?,?,?,00000000,0040105A,0000000F,?,?,00000000), ref: 00402E3D

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$ExceptionThrow$CloseCurrentDialogDirectoryHandleParamfree
String ID:
API String ID: 1823863757-0
Opcode ID: 2307fe8f93ef306c6fce01b57dc2bfde77cb19178725102e5bfffb340c2b0bcd
Instruction ID: c8af93c7f3c70a11ed35ae31c2bac8f795d15dfd9e85b90db37ea893ef3c7e2a
Opcode Fuzzy Hash: 2307fe8f93ef306c6fce01b57dc2bfde77cb19178725102e5bfffb340c2b0bcd
Instruction Fuzzy Hash: A6713DB1C00209AECF11EFA5D989AEEBBB8AF14304F10406FF555B72D2DB785A45CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00417CC6 Relevance: 6.1, APIs: 4, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 80%

			E00417CC6(void* __ecx, void* __edx) {
				void* __edi;
				signed int _t47;
				void* _t58;
				void* _t59;
				signed int _t63;
				intOrPtr _t64;
				void* _t75;
				void* _t77;
				struct _CRITICAL_SECTION* _t80;
				signed int _t81;
				void* _t83;

				_t75 = __edx;
				E00417F20(E0041A424, _t83);
				_t77 = __ecx;
				_t80 = __ecx + 0x40;
				if(E00409C7A(_t80) == 0) {
					EnterCriticalSection(_t80);
					_t63 =  *(_t80 + 0x20);
					 *(_t83 - 0x10) =  *(_t80 + 0x24);
					 *((intOrPtr*)(_t83 - 0x20)) =  *((intOrPtr*)(_t80 + 0x28));
					 *((intOrPtr*)(_t83 - 0x1c)) =  *((intOrPtr*)(_t80 + 0x2c));
					LeaveCriticalSection(_t80);
					if(_t63 !=  *((intOrPtr*)(_t77 + 0x28)) ||  *(_t83 - 0x10) !=  *((intOrPtr*)(_t77 + 0x2c))) {
						E00417C09(_t77, _t63,  *(_t83 - 0x10));
					}
					E00417C4F(_t77,  *((intOrPtr*)(_t83 - 0x20)),  *((intOrPtr*)(_t83 - 0x1c)));
					_t81 = 0;
					if((_t63 |  *(_t83 - 0x10)) == 0) {
						 *(_t83 - 0x10) = _t81;
						_t63 = 1;
					}
					_t64 = E00417F90(E004180C0( *((intOrPtr*)(_t83 - 0x20)),  *((intOrPtr*)(_t83 - 0x1c)), 0x64, _t81), _t75, _t63,  *(_t83 - 0x10));
					if(_t64 !=  *((intOrPtr*)(_t77 + 0x34))) {
						asm("cdq");
						E00402D7B(_t75, _t64, _t75, _t83 - 0xa4);
						E0040190B(_t83 - 0x18, _t83 - 0xa4);
						 *(_t83 - 4) = _t81;
						E00405C3A(_t83 - 0x18, _t75, 0x420768);
						_push(_t77 + 0xc);
						_push(_t83 - 0x18);
						_push(_t83 - 0x24);
						_push( *((intOrPtr*)(E00403BA6(_t75))));
						 *(_t83 - 4) = 1;
						_push( *((intOrPtr*)(_t77 + 4)));
						_t58 = E004056A2(_t77); // executed
						_t59 = E00402E39(_t58,  *((intOrPtr*)(_t83 - 0x24)));
						 *((intOrPtr*)(_t77 + 0x34)) = _t64;
						E00402E39(_t59,  *((intOrPtr*)(_t83 - 0x18)));
					}
					_t47 = 1;
				} else {
					_t47 = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t83 - 0xc));
				return _t47;
			}

0x00417cc6
0x00417ccb
0x00417cd8
0x00417cda
0x00417ce6
0x00417cf1
0x00417cfa
0x00417cfd
0x00417d03
0x00417d0a
0x00417d0d
0x00417d16
0x00417d26
0x00417d26
0x00417d33
0x00417d3f
0x00417d40
0x00417d44
0x00417d47
0x00417d47
0x00417d61
0x00417d66
0x00417d71
0x00417d74
0x00417d83
0x00417d90
0x00417d93
0x00417d9b
0x00417d9f
0x00417da3
0x00417da9
0x00417dab
0x00417daf
0x00417db2
0x00417dba
0x00417dc2
0x00417dc5
0x00417dcb
0x00417dcc
0x00417ce8
0x00417ce8
0x00417ce8
0x00417dd4
0x00417ddc

APIs

__EH_prolog.LIBCMT ref: 00417CCB

Part of subcall function 00409C7A: EnterCriticalSection.KERNEL32(?,?,?,00417E96), ref: 00409C7F
Part of subcall function 00409C7A: LeaveCriticalSection.KERNEL32(?,?,?,00417E96), ref: 00409C89

EnterCriticalSection.KERNEL32(?), ref: 00417CF1
LeaveCriticalSection.KERNEL32(?), ref: 00417D0D
__aulldiv.LIBCMT ref: 00417D5C

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: CriticalSection$EnterLeave$H_prolog__aulldiv
String ID:
API String ID: 3848147900-0
Opcode ID: a7f078277f37e926f81abb91cf11f6c337dfb287974b1316e0059e55c0a62acd
Instruction ID: 8dc24adc4edcfff7f1b3f52621fd4401adbc184cd45f09d15f830cb0c541d387
Opcode Fuzzy Hash: a7f078277f37e926f81abb91cf11f6c337dfb287974b1316e0059e55c0a62acd
Instruction Fuzzy Hash: B1319071900619AFCB11EFA1CC85EEFBBB9FF08304F00042AF105A3251C779A951CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00407EBA Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 210
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00407EBA(void* __edx, void* __eflags) {
				void* __edi;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t113;
				intOrPtr* _t121;
				signed int _t127;
				signed int _t129;
				void* _t131;
				void* _t132;
				signed int _t143;
				void* _t151;
				signed int _t152;
				void* _t182;
				void* _t186;
				intOrPtr* _t187;
				void* _t190;
				signed int _t191;
				signed int _t192;
				void* _t194;

				_t182 = __edx;
				E00417F20(E00418D86, _t194);
				E00401EBF(_t194 - 0x58, 4);
				 *((intOrPtr*)(_t194 - 0x58)) = 0x41b600;
				_t187 =  *((intOrPtr*)(_t194 + 8));
				_t152 = 0;
				 *(_t194 - 4) = 0;
				_t105 =  *((intOrPtr*)( *_t187 + 0x14))(_t187, _t194 - 0x14, _t186, _t190, _t151);
				if(_t105 == 0) {
					_t191 =  *(_t194 + 0x14);
					 *((intOrPtr*)(_t194 - 0x10)) = 0;
					if( *((intOrPtr*)(_t194 - 0x14)) <= 0) {
						L8:
						if( *((intOrPtr*)(_t194 - 0x50)) != _t152) {
							_push(0xa8);
							_t106 = E00402E12();
							 *(_t194 + 0x14) = _t106;
							 *(_t194 - 4) = 2;
							if(_t106 == _t152) {
								 *(_t194 + 0x14) = _t152;
								_t107 = _t152;
							} else {
								_t107 = E00408118(_t106);
								 *(_t194 + 0x14) = _t107;
							}
							 *(_t194 - 4) = _t152;
							 *(_t194 + 0x10) = _t107;
							if(_t107 != _t152) {
								 *((intOrPtr*)( *_t107 + 4))(_t107);
							}
							 *(_t194 - 4) = 3;
							E00401EBF(_t194 - 0x6c, 4);
							 *((intOrPtr*)(_t194 - 0x6c)) = 0x41b320;
							 *(_t194 - 4) = 4;
							E00401A6F(_t194 - 0x2c, _t191 + 8);
							 *(_t194 - 4) = 5;
							E0040190B(_t194 - 0x20, "*");
							 *(_t194 - 4) = 6;
							_t113 = E004087B8(_t194 - 0x2c, _t194 - 0x20,  *((intOrPtr*)(_t194 + 0xc)));
							 *(_t194 - 4) = 5;
							E00402E39(_t113,  *(_t194 - 0x20));
							if( *((intOrPtr*)(_t194 - 0x28)) != _t152) {
								_push( *((intOrPtr*)(_t194 - 0x2c)));
								_t131 = E00404033(0x41b320); // executed
								if(_t131 == 0) {
									_t132 = E0040190B(_t194 - 0x44, L"Can not create output directory ");
									 *(_t194 - 4) = 7;
									_push(_t194 - 0x2c);
									_push(_t132);
									_push(_t194 - 0x38);
									E00403BA6(_t182);
									_push(0x41c1b0);
									_push(_t194 - 0x38);
									L00417F68();
								}
							}
							E00406727( *(_t194 + 0x14), _t182,  *((intOrPtr*)(_t194 + 8)),  *((intOrPtr*)(_t194 + 0x18)),  *_t191, _t194 - 0x2c,  *((intOrPtr*)(_t191 + 4)),  *((intOrPtr*)(_t191 + 0x68)), _t194 - 0x6c, _t191 + 0x18, _t191 + 0x3c,  *((intOrPtr*)(_t191 + 0x28)));
							_t121 =  *((intOrPtr*)(_t194 + 8));
							_t192 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t194 + 0x18)))) + 0x30))( *((intOrPtr*)( *_t121 + 0x1c))(_t121,  *((intOrPtr*)(_t194 - 0x4c)),  *((intOrPtr*)(_t194 - 0x50)), 0 |  *((intOrPtr*)(_t191 + 1)) != _t152,  *(_t194 + 0x14)));
							E00402E39(_t123,  *((intOrPtr*)(_t194 - 0x2c)));
							 *((intOrPtr*)(_t194 - 0x6c)) = 0x41b320;
							 *(_t194 - 4) = 8;
							E004030DF();
							 *(_t194 - 4) = 3;
							E004030CF(_t194 - 0x6c);
							_t127 =  *(_t194 + 0x14);
							 *(_t194 - 4) = _t152;
							if(_t127 != _t152) {
								 *((intOrPtr*)( *_t127 + 8))(_t127);
							}
							L22:
							 *(_t194 - 4) =  *(_t194 - 4) | 0xffffffff;
							E004030CF(_t194 - 0x58);
							_t129 = _t192;
							goto L23;
						}
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t194 + 0x18)))) + 0x2c))();
						goto L10;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						 *(_t194 - 0x20) = _t152;
						 *(_t194 - 0x1c) = _t152;
						 *(_t194 - 0x18) = _t152;
						E00401CEB(_t194 - 0x20, 0xf);
						 *(_t194 - 4) = 1;
						_push(_t194 - 0x20);
						_t143 = E00408C29(_t187,  *((intOrPtr*)(_t194 - 0x10)), _t191 + 0x18);
						if(_t143 != _t152) {
							break;
						}
						_t143 = E00408C56(_t187,  *((intOrPtr*)(_t194 - 0x10)), _t194 + 0x17);
						if(_t143 != _t152) {
							break;
						}
						if(E004038A8(_t194 - 0x20, _t143 & 0xffffff00 |  *((intOrPtr*)(_t194 + 0x17)) == _t152) != 0) {
							_t148 = E0040882F(_t194 - 0x58, _t182,  *((intOrPtr*)(_t194 - 0x10)));
						}
						 *(_t194 - 4) = _t152;
						E00402E39(_t148,  *(_t194 - 0x20));
						 *((intOrPtr*)(_t194 - 0x10)) =  *((intOrPtr*)(_t194 - 0x10)) + 1;
						if( *((intOrPtr*)(_t194 - 0x10)) <  *((intOrPtr*)(_t194 - 0x14))) {
							continue;
						} else {
							goto L8;
						}
					}
					_t192 = _t143;
					E00402E39(_t143,  *(_t194 - 0x20));
					goto L22;
				} else {
					_t152 = _t105;
					L10:
					 *(_t194 - 4) =  *(_t194 - 4) | 0xffffffff;
					E004030CF(_t194 - 0x58);
					_t129 = _t152;
					L23:
					 *[fs:0x0] =  *((intOrPtr*)(_t194 - 0xc));
					return _t129;
				}
			}

0x00407eba
0x00407ebf
0x00407ecf
0x00407ed4
0x00407edb
0x00407ee1
0x00407ee7
0x00407eea
0x00407eef
0x00407efb
0x00407efe
0x00407f01
0x00407f79
0x00407f7c
0x00407fa9
0x00407fae
0x00407fb4
0x00407fb9
0x00407fbd
0x00407fcb
0x00407fce
0x00407fbf
0x00407fc1
0x00407fc6
0x00407fc6
0x00407fd2
0x00407fd5
0x00407fd8
0x00407fdd
0x00407fdd
0x00407fe5
0x00407fe9
0x00407ff3
0x00407ffd
0x00408001
0x0040800e
0x00408012
0x00408020
0x00408025
0x0040802d
0x00408031
0x0040803a
0x0040803c
0x0040803f
0x00408046
0x00408050
0x00408058
0x0040805c
0x0040805d
0x00408061
0x00408062
0x0040806a
0x0040806f
0x00408070
0x00408070
0x00408046
0x0040809a
0x004080a7
0x004080c6
0x004080c8
0x004080ce
0x004080d4
0x004080d8
0x004080e0
0x004080e4
0x004080e9
0x004080ec
0x004080f1
0x004080f6
0x004080f6
0x004080f9
0x004080f9
0x00408100
0x00408105
0x00000000
0x00408105
0x00407f83
0x00000000
0x00000000
0x00000000
0x00000000
0x00407f03
0x00407f03
0x00407f08
0x00407f0b
0x00407f0e
0x00407f11
0x00407f19
0x00407f1d
0x00407f26
0x00407f2d
0x00000000
0x00000000
0x00407f37
0x00407f3e
0x00000000
0x00000000
0x00407f55
0x00407f5d
0x00407f5d
0x00407f65
0x00407f68
0x00407f6d
0x00407f77
0x00000000
0x00000000
0x00000000
0x00000000
0x00407f77
0x00407f9c
0x00407f9e
0x00000000
0x00407ef1
0x00407ef1
0x00407f86
0x00407f86
0x00407f8d
0x00407f92
0x00408107
0x0040810d
0x00408115
0x00408115

APIs

__EH_prolog.LIBCMT ref: 00407EBF

Part of subcall function 00402E39: free.MSVCRT(00000000,00401D31,?,?,?,00000000,0040105A,0000000F,?,?,00000000), ref: 00402E3D

Strings

Can not create output directory , xrefs: 00408048

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prologfree
String ID: Can not create output directory
API String ID: 1978129608-273059976
Opcode ID: 9a80ced2bb2418452adee7fc68d7a97c9ac950f0fba601a36068120f929fec87
Instruction ID: 23a3abd793ee8e9bcb1421cf9e85166d932a06686081cce6e6d8c1bcd6c59afc
Opcode Fuzzy Hash: 9a80ced2bb2418452adee7fc68d7a97c9ac950f0fba601a36068120f929fec87
Instruction Fuzzy Hash: 8E818F71D0024AEFCF01EFA5C9859EEBBB9AF18304F10446EF541B7292CB389A45CB65

Uniqueness

Uniqueness Score: -1.00%

Function 004082EF Relevance: 4.7, APIs: 3, Instructions: 212
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E004082EF(intOrPtr __edx, void* __eflags) {
				void* __edi;
				void* _t102;
				void* _t107;
				void* _t109;
				void* _t122;
				void* _t123;
				void* _t128;
				void* _t131;
				void* _t132;
				void* _t135;
				void* _t136;
				intOrPtr* _t148;
				signed int _t150;
				void* _t151;
				signed int _t161;
				intOrPtr* _t178;
				intOrPtr* _t190;
				void* _t197;
				intOrPtr* _t199;
				void* _t200;
				void* _t202;
				void* _t203;

				_t188 = __edx;
				E00417F20(E00418E8A, _t200);
				_t203 = _t202 - 0x154;
				_push(_t190);
				_push( *(_t200 + 0x14));
				E004085B8(_t200 - 0x160);
				 *(_t200 - 4) = 0;
				 *(_t200 + 0x14) = 0;
				if(( *(_t200 + 8))[8] <= 0) {
					L20:
					 *(_t200 - 4) =  *(_t200 - 4) | 0xffffffff;
					E004018EB(_t200 - 0x160);
					_t102 = 0;
				} else {
					while(1) {
						_t148 =  *((intOrPtr*)(( *(_t200 + 8))[0xc] +  *(_t200 + 0x14) * 4));
						E0040279E(_t200 - 0x44);
						_push(_t200 - 0x74);
						_push( *_t148);
						 *(_t200 - 4) = 1;
						_t107 = E0040497E(_t200 - 0x74, _t188, _t190); // executed
						if(_t107 == 0) {
							break;
						}
						if(( *(_t200 - 0x74) >> 0x00000004 & 0x00000001) != 0) {
							L23:
							_t109 = _t200 + 8;
							_push(0x41c3e0);
							_push(_t109);
							 *(_t200 + 8) = "there is no such archive";
							L00417F68();
							goto L24;
						} else {
							_t161 = 0xc;
							memcpy(_t200 - 0x138, _t200 - 0x74, _t161 << 2);
							_t203 = _t203 + 0xc;
							E00401975(_t200 - 0x108, _t200 - 0x44);
							_t199 =  *((intOrPtr*)(_t200 + 0x1c));
							_t188 =  *_t199;
							_t109 =  *((intOrPtr*)( *_t199 + 0x24))( *_t148);
							if(_t109 != 0) {
								L24:
								_t197 = _t109;
								goto L29;
							} else {
								E0040863B(_t200 - 0xf0);
								 *(_t200 - 4) = 2;
								_t190 = E004098FC(_t148, _t200 - 0xf0,  *((intOrPtr*)(_t200 + 0x18)));
								_t122 =  *((intOrPtr*)( *_t199 + 0x28))( *_t148, _t190);
								_t150 = 0;
								if(_t122 != 0) {
									_t197 = _t122;
									goto L28;
								} else {
									if(_t190 != 0) {
										L19:
										 *(_t200 - 4) = 1;
										_t123 = E004086C2(_t200 - 0xf0); // executed
										 *(_t200 - 4) =  *(_t200 - 4) & 0x00000000;
										E00402E39(_t123,  *((intOrPtr*)(_t200 - 0x44)));
										 *(_t200 + 0x14) =  *(_t200 + 0x14) + 1;
										if( *(_t200 + 0x14) < ( *(_t200 + 8))[8]) {
											continue;
										} else {
											goto L20;
										}
									} else {
										 *(_t200 - 0x10) = 0;
										if( *((intOrPtr*)(_t200 - 0x80)) > 0) {
											do {
												_t190 =  *((intOrPtr*)(_t200 + 0xc));
												_t151 = E00408754(_t188,  *((intOrPtr*)( *((intOrPtr*)(_t200 - 0x7c)) +  *(_t200 - 0x10) * 4)));
												if(_t151 >= 0 && _t151 >  *(_t200 + 0x14)) {
													 *((intOrPtr*)( *( *(_t200 + 8)) + 4))(_t151, 1);
													 *((intOrPtr*)( *_t190 + 4))(_t151, 1);
												}
												 *(_t200 - 0x10) =  *(_t200 - 0x10) + 1;
											} while ( *(_t200 - 0x10) <  *((intOrPtr*)(_t200 - 0x80)));
											_t150 = 0;
										}
										 *((intOrPtr*)(_t200 - 0x1c)) = _t150;
										 *((intOrPtr*)(_t200 - 0x18)) = _t150;
										 *((intOrPtr*)(_t200 - 0x14)) = _t150;
										E00401CEB(_t200 - 0x1c, 0xf);
										 *(_t200 - 4) = 3;
										_t128 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x18)))) + 0x10))(_t200 - 0x1c);
										if(_t128 != _t150) {
											L26:
											_t197 = _t128;
											goto L27;
										} else {
											if( *((intOrPtr*)(_t200 - 0x18)) == _t150) {
												L15:
												_t131 = E00408594(_t200 - 0xf0, _t200 - 0x34);
												 *(_t200 - 4) = 4;
												_t132 = E00401975(_t200 - 0x148, _t131);
												 *(_t200 - 4) = 3;
												E00402E39(_t132,  *((intOrPtr*)(_t200 - 0x34)));
												_t135 = E00408594(_t200 - 0xf0, _t200 - 0x28);
												_t220 =  *((intOrPtr*)(_t200 - 0xec)) - _t150;
												 *(_t200 - 4) = 5;
												_t178 = _t200 - 0xec;
												if( *((intOrPtr*)(_t200 - 0xec)) == _t150) {
													_t178 = _t200 - 0xf0;
												}
												_t188 = _t200 - 0x160;
												_t136 = E00407EBA(_t200 - 0x160, _t220,  *_t178, _t135,  *((intOrPtr*)(_t200 + 0x10)), _t200 - 0x160, _t199); // executed
												_t197 = _t136;
												_t128 = E00402E39(_t136,  *((intOrPtr*)(_t200 - 0x28)));
												if(_t197 != _t150) {
													L27:
													E00402E39(_t128,  *((intOrPtr*)(_t200 - 0x1c)));
													L28:
													 *(_t200 - 4) = 1;
													_t109 = E004086C2(_t200 - 0xf0);
													L29:
													E00402E39(_t109,  *((intOrPtr*)(_t200 - 0x44)));
													 *(_t200 - 4) =  *(_t200 - 4) | 0xffffffff;
													E004018EB(_t200 - 0x160);
													_t102 = _t197;
												} else {
													E00402E39(_t128,  *((intOrPtr*)(_t200 - 0x1c)));
													goto L19;
												}
											} else {
												_t128 =  *((intOrPtr*)( *_t199 + 0x34))(_t200 - 0x1c);
												if(_t128 != _t150) {
													goto L26;
												} else {
													goto L15;
												}
											}
										}
									}
								}
							}
						}
						goto L21;
					}
					_push(0x41c3e0);
					_push(_t200 + 8);
					 *(_t200 + 8) = "there is no such archive";
					L00417F68();
					goto L23;
				}
				L21:
				 *[fs:0x0] =  *((intOrPtr*)(_t200 - 0xc));
				return _t102;
			}

0x004082ef
0x004082f4
0x004082f9
0x00408301
0x00408308
0x0040830b
0x00408315
0x00408318
0x0040831e
0x0040850a
0x0040850a
0x00408514
0x00408519
0x00408324
0x00408324
0x0040832d
0x00408333
0x0040833d
0x0040833e
0x0040833f
0x00408343
0x0040834a
0x00000000
0x00000000
0x00408358
0x00408541
0x00408541
0x00408544
0x00408549
0x0040854a
0x00408551
0x00000000
0x0040835e
0x00408363
0x0040836a
0x0040836a
0x00408376
0x0040837b
0x00408383
0x00408385
0x0040838a
0x00408556
0x00408556
0x00000000
0x00408390
0x00408396
0x004083a4
0x004083b1
0x004083b9
0x004083bc
0x004083c0
0x0040855a
0x00000000
0x004083c6
0x004083c8
0x004084dc
0x004084e2
0x004084e6
0x004084ee
0x004084f2
0x004084f7
0x00408504
0x00000000
0x00000000
0x00000000
0x00000000
0x004083ce
0x004083d1
0x004083d4
0x004083d6
0x004083dc
0x004083e9
0x004083ed
0x004083fc
0x00408406
0x00408406
0x00408409
0x0040840f
0x00408414
0x00408414
0x0040841b
0x0040841e
0x00408421
0x00408424
0x00408430
0x00408436
0x0040843b
0x0040855e
0x0040855e
0x00000000
0x00408441
0x00408444
0x00408459
0x00408463
0x0040846f
0x00408473
0x0040847b
0x0040847f
0x0040848f
0x00408494
0x0040849a
0x0040849e
0x004084a4
0x004084a6
0x004084a6
0x004084ae
0x004084bb
0x004084c3
0x004084c5
0x004084cd
0x00408560
0x00408563
0x00408569
0x0040856f
0x00408573
0x00408578
0x0040857b
0x00408580
0x0040858b
0x00408590
0x004084d3
0x004084d6
0x00000000
0x004084db
0x00408446
0x0040844e
0x00408453
0x00000000
0x00000000
0x00000000
0x00000000
0x00408453
0x00408444
0x0040843b
0x004083c8
0x004083c0
0x0040838a
0x00000000
0x00408358
0x0040852f
0x00408534
0x00408535
0x0040853c
0x00000000
0x0040853c
0x0040851b
0x00408521
0x00408529

APIs

__EH_prolog.LIBCMT ref: 004082F4

Part of subcall function 004085B8: __EH_prolog.LIBCMT ref: 004085BD

Part of subcall function 0040497E: __EH_prolog.LIBCMT ref: 00404983

_CxxThrowException.MSVCRT(?,0041C3E0), ref: 0040853C
_CxxThrowException.MSVCRT(0042049C,0041C3E0), ref: 00408551

Part of subcall function 0040863B: __EH_prolog.LIBCMT ref: 00408640

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$ExceptionThrow
String ID:
API String ID: 2366012087-0
Opcode ID: e2094e9608597bb6533ff2cf8f038ce4b9d0a511db426f78727977092b1eedd4
Instruction ID: a3ec4727f97d56f118b55bc18b99023596d4102e99733a837ca6de4b558ce294
Opcode Fuzzy Hash: e2094e9608597bb6533ff2cf8f038ce4b9d0a511db426f78727977092b1eedd4
Instruction Fuzzy Hash: E3815B7190011AEFCF10EFA5C995AEEBBB4AF18304F1040AEE445B72D2DB789E45CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0040FEB2 Relevance: 4.7, APIs: 3, Instructions: 166
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E0040FEB2(void* __ecx) {
				intOrPtr _t64;
				intOrPtr _t65;
				intOrPtr* _t68;
				void* _t70;
				int _t78;
				intOrPtr* _t81;
				void* _t82;
				intOrPtr* _t83;
				intOrPtr _t85;
				intOrPtr _t87;
				int _t92;
				intOrPtr _t100;
				void* _t103;
				signed int _t105;
				void* _t106;
				intOrPtr* _t108;
				intOrPtr _t110;
				intOrPtr _t111;
				void* _t114;
				intOrPtr _t118;
				intOrPtr _t119;
				void* _t120;
				void* _t121;
				intOrPtr _t123;
				void* _t124;
				void* _t126;
				void* _t127;
				void* _t129;

				E00417F20(E00419F28, _t124);
				_t127 = _t126 - 0x2c;
				_t83 =  *((intOrPtr*)(_t124 + 8));
				_t121 = __ecx;
				_t64 =  *((intOrPtr*)(__ecx + 0x20));
				_t87 =  *((intOrPtr*)(__ecx + 0x24));
				 *((intOrPtr*)(__ecx + 0x28)) = _t64;
				 *((intOrPtr*)(__ecx + 0x2c)) = _t87;
				_t65 =  *((intOrPtr*)( *_t83 + 0x10))(_t83, _t64, _t87, 0, 0, _t114, _t120, _t82);
				_t130 = _t65;
				if(_t65 == 0) {
					_t65 = E0040FC6F(__ecx, _t130, _t83, _t124 - 0x2c, 6, _t124 - 0x14); // executed
					if(_t65 == 0) {
						if( *((intOrPtr*)(_t124 - 0x14)) == 6) {
							_t68 = 0;
							__eflags = 0;
							while(1) {
								_t12 = _t68 + 0x4206f0; // 0xafbc7a37
								__eflags =  *((intOrPtr*)(_t124 + _t68 - 0x2c)) -  *_t12;
								if( *((intOrPtr*)(_t124 + _t68 - 0x2c)) !=  *_t12) {
									break;
								}
								_t68 = _t68 + 1;
								__eflags = _t68 - 6;
								if(_t68 < 6) {
									continue;
								} else {
									_t65 = 0;
								}
								goto L26;
							}
							 *((intOrPtr*)(_t124 - 0x34)) = 0;
							 *(_t124 - 0x30) = 0;
							 *((intOrPtr*)(_t124 - 0x38)) = 0x41b964;
							 *((intOrPtr*)(_t124 - 4)) = 0;
							E0040668D(_t124 - 0x38, 0x10000);
							_t70 =  *(_t124 - 0x30);
							_t92 = 5;
							 *(_t124 - 0x18) = _t70;
							 *(_t124 - 0x10) = _t92;
							memmove(_t70, _t124 - 0x2b, _t92);
							_t85 =  *((intOrPtr*)(_t121 + 0x24));
							_t129 = _t127 + 0xc;
							_t118 =  *((intOrPtr*)(_t121 + 0x20)) + 1;
							asm("adc ebx, 0x0");
							while(1) {
								_t108 =  *((intOrPtr*)(_t124 + 0xc));
								__eflags = _t108;
								if(__eflags == 0) {
									goto L13;
								}
								_t75 = _t85;
								_t103 = _t118 -  *((intOrPtr*)(_t121 + 0x20));
								asm("sbb eax, [esi+0x24]");
								__eflags = _t85 -  *((intOrPtr*)(_t108 + 4));
								if(__eflags > 0) {
									L22:
									_t123 = 1;
								} else {
									if(__eflags < 0) {
										goto L13;
									} else {
										__eflags = _t103 -  *_t108;
										if(__eflags > 0) {
											goto L22;
										} else {
											goto L13;
										}
									}
								}
								L25:
								 *((intOrPtr*)(_t124 - 0x38)) = 0x41b964;
								E00402E39(_t75,  *(_t124 - 0x30));
								_t65 = _t123;
								goto L26;
								L13:
								_t75 = E0040FC6F(_t121, __eflags,  *((intOrPtr*)(_t124 + 8)),  *(_t124 - 0x18) +  *(_t124 - 0x10), 0x10000 -  *(_t124 - 0x10), _t124 - 0x14); // executed
								__eflags = _t75;
								if(_t75 != 0) {
									L24:
									_t123 = _t75;
								} else {
									_t75 =  *((intOrPtr*)(_t124 - 0x14)) +  *(_t124 - 0x10);
									__eflags = _t75 - 6;
									if(_t75 < 6) {
										goto L22;
									} else {
										 *(_t124 - 0x10) =  *(_t124 - 0x10) & 0x00000000;
										_t35 = _t75 - 5; // 0x1
										_t100 = _t35;
										__eflags = _t100;
										 *((intOrPtr*)(_t124 - 0x24)) = _t100;
										if(_t100 <= 0) {
											L21:
											_t78 = _t75 - _t100;
											 *(_t124 - 0x10) = _t78;
											memmove( *(_t124 - 0x18), _t100 +  *(_t124 - 0x18), _t78);
											_t129 = _t129 + 0xc;
											continue;
										} else {
											do {
												 *(_t124 - 0x1c) =  *(_t124 - 0x1c) & 0x00000000;
												_t110 =  *(_t124 - 0x18) +  *(_t124 - 0x10);
												__eflags = _t110;
												_t105 =  *(_t124 - 0x1c);
												 *((intOrPtr*)(_t124 - 0x20)) = _t110;
												while(1) {
													_t111 =  *((intOrPtr*)(_t124 - 0x20));
													_t45 = _t105 + 0x4206f0; // 0x27afbc7a
													__eflags =  *((intOrPtr*)(_t111 + _t105)) -  *_t45;
													if( *((intOrPtr*)(_t111 + _t105)) !=  *_t45) {
														goto L20;
													}
													_t105 = _t105 + 1;
													__eflags = _t105 - 6;
													if(_t105 >= 6) {
														_t81 =  *((intOrPtr*)(_t124 + 8));
														 *((intOrPtr*)(_t121 + 0x20)) = _t118;
														_t119 = _t118 + 6;
														__eflags = _t119;
														_t106 = 0;
														 *((intOrPtr*)(_t121 + 0x24)) = _t85;
														asm("adc ebx, ecx");
														 *((intOrPtr*)(_t121 + 0x28)) = _t119;
														 *((intOrPtr*)(_t121 + 0x2c)) = _t85;
														_t75 =  *((intOrPtr*)( *_t81 + 0x10))(_t81,  *((intOrPtr*)(_t121 + 0x28)), _t85, _t106, _t106);
														goto L24;
													} else {
														continue;
													}
													goto L25;
												}
												L20:
												 *(_t124 - 0x10) =  *(_t124 - 0x10) + 1;
												_t100 =  *((intOrPtr*)(_t124 - 0x24));
												_t118 = _t118 + 1;
												asm("adc ebx, 0x0");
												__eflags =  *(_t124 - 0x10) - _t100;
											} while ( *(_t124 - 0x10) < _t100);
											goto L21;
										}
									}
								}
								goto L25;
							}
						} else {
							_t65 = 1;
						}
					}
				}
				L26:
				 *[fs:0x0] =  *((intOrPtr*)(_t124 - 0xc));
				return _t65;
			}

0x0040feb7
0x0040febc
0x0040fec0
0x0040fec4
0x0040fec9
0x0040fecc
0x0040fed0
0x0040fed4
0x0040fedc
0x0040fedf
0x0040fee1
0x0040fef4
0x0040fefb
0x0040ff05
0x0040ff0f
0x0040ff0f
0x0040ff11
0x0040ff15
0x0040ff15
0x0040ff1b
0x00000000
0x00000000
0x0040ff1d
0x0040ff1e
0x0040ff21
0x00000000
0x0040ff23
0x0040ff23
0x0040ff23
0x00000000
0x0040ff21
0x0040ff2a
0x0040ff2d
0x0040ff30
0x0040ff3f
0x0040ff42
0x0040ff47
0x0040ff4c
0x0040ff4d
0x0040ff50
0x0040ff59
0x0040ff62
0x0040ff65
0x0040ff68
0x0040ff6b
0x0040ff6e
0x0040ff6e
0x0040ff71
0x0040ff73
0x00000000
0x00000000
0x0040ff77
0x0040ff79
0x0040ff7c
0x0040ff7f
0x0040ff82
0x00410028
0x0041002a
0x0040ff88
0x0040ff88
0x00000000
0x0040ff8a
0x0040ff8a
0x0040ff8c
0x00000000
0x00000000
0x00000000
0x00000000
0x0040ff8c
0x0040ff88
0x00410052
0x00410055
0x0041005c
0x00410062
0x00000000
0x0040ff92
0x0040ffac
0x0040ffb1
0x0040ffb3
0x00410050
0x00410050
0x0040ffb9
0x0040ffbf
0x0040ffc1
0x0040ffc4
0x00000000
0x0040ffc6
0x0040ffc6
0x0040ffca
0x0040ffca
0x0040ffcd
0x0040ffcf
0x0040ffd2
0x0041000d
0x0041000d
0x0041000f
0x0041001a
0x00410020
0x00000000
0x0040ffd4
0x0040ffd4
0x0040ffda
0x0040ffde
0x0040ffde
0x0040ffe0
0x0040ffe3
0x0040ffe6
0x0040ffe6
0x0040ffec
0x0040ffec
0x0040fff2
0x00000000
0x00000000
0x0040fff4
0x0040fff5
0x0040fff8
0x0041002d
0x00410032
0x00410035
0x00410035
0x00410038
0x00410039
0x0041003c
0x00410040
0x00410044
0x0041004d
0x00000000
0x0040fffa
0x00000000
0x0040fffa
0x00000000
0x0040fff8
0x0040fffc
0x0040fffc
0x0040ffff
0x00410002
0x00410005
0x00410008
0x00410008
0x00000000
0x0040ffd4
0x0040ffd2
0x0040ffc4
0x00000000
0x0040ffb3
0x0040ff07
0x0040ff09
0x0040ff09
0x0040ff05
0x0040fefb
0x00410064
0x0041006a
0x00410072

APIs

__EH_prolog.LIBCMT ref: 0040FEB7

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 2c5d26186ba94213f3abef3ac16856076ee61c0e799498b07ebcc88f7eb4ab6e
Instruction ID: a782cac4431e8fe53511cf7d82f83bb32858c56ce32644c7fe78256d0bee8d99
Opcode Fuzzy Hash: 2c5d26186ba94213f3abef3ac16856076ee61c0e799498b07ebcc88f7eb4ab6e
Instruction Fuzzy Hash: AF516CB1A002059FDB18CFA9D894AEEBBF6FF48300F10452EE446E7741D774A985CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACA8 Relevance: 4.6, APIs: 3, Instructions: 88
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 66%

			E0040ACA8(void* __ecx, void* __eflags) {
				intOrPtr* _t40;
				intOrPtr* _t42;
				void* _t46;
				char _t50;
				void* _t64;
				void* _t66;

				E00417F20(E004195A1, _t66);
				_push(__ecx);
				_push(__ecx);
				_t64 = __ecx;
				 *((intOrPtr*)(_t66 - 0x14)) = __ecx;
				 *__ecx = 0x41b7d4;
				 *((intOrPtr*)(__ecx + 4)) = 0x41b7c8;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				E0040AE16(__ecx + 0xc);
				_t50 = 4;
				 *((intOrPtr*)(_t66 - 4)) = 0;
				E00401EBF(__ecx + 0x5c, _t50);
				 *((intOrPtr*)(__ecx + 0x5c)) = 0x41b7c0;
				 *((char*)(_t66 - 4)) = 1;
				E00401EBF(__ecx + 0x70, _t50);
				 *((intOrPtr*)(__ecx + 0x70)) = 0x41b7b8;
				_t40 = __ecx + 0x84;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)(_t40 + 8)) = 0;
				 *((intOrPtr*)(_t40 + 0xc)) = 0;
				 *((intOrPtr*)(_t40 + 0x10)) = _t50;
				 *_t40 = 0x41b7b0;
				 *((intOrPtr*)(__ecx + 0x98)) = 0;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				 *((char*)(_t66 - 4)) = _t50;
				E00405627(__ecx + 0x9c);
				_t42 = __ecx + 0xa0;
				 *((intOrPtr*)(_t42 + 4)) = 0;
				 *((intOrPtr*)(_t42 + 8)) = 0;
				 *((intOrPtr*)(_t42 + 0xc)) = 0;
				 *((intOrPtr*)(_t42 + 0x10)) = _t50;
				 *_t42 = 0x41b4c0;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				 *((char*)(_t66 - 4)) = 6;
				E00405627(__ecx + 0xb4);
				_push(0);
				_push(0);
				_push(0);
				_push(1);
				 *((char*)(_t66 - 4)) = 7;
				E00405627(__ecx + 0xb8);
				 *((char*)(_t66 - 4)) = 8;
				 *__ecx = 0x41b79c;
				 *((intOrPtr*)(__ecx + 4)) = 0x41b790;
				_t46 = CreateThread(0, 0, E0040AE04, __ecx, 0, _t66 - 0x10); // executed
				 *(_t64 + 0x98) = _t46;
				if(_t46 == 0) {
					_push(0x41c1c0);
					_push(_t66 - 0x10);
					 *(_t66 - 0x10) = 0x425d1;
					L00417F68();
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t66 - 0xc));
				return _t64;
			}

0x0040acad
0x0040acb2
0x0040acb3
0x0040acb6
0x0040acbb
0x0040acbe
0x0040acc4
0x0040acce
0x0040acd1
0x0040acdb
0x0040acdc
0x0040ace0
0x0040ace5
0x0040acf0
0x0040acf4
0x0040acf9
0x0040ad00
0x0040ad06
0x0040ad09
0x0040ad0c
0x0040ad0f
0x0040ad12
0x0040ad18
0x0040ad1e
0x0040ad1f
0x0040ad20
0x0040ad27
0x0040ad28
0x0040ad2b
0x0040ad30
0x0040ad36
0x0040ad39
0x0040ad3c
0x0040ad3f
0x0040ad42
0x0040ad48
0x0040ad49
0x0040ad4a
0x0040ad51
0x0040ad52
0x0040ad56
0x0040ad5b
0x0040ad5c
0x0040ad5d
0x0040ad64
0x0040ad66
0x0040ad6a
0x0040ad72
0x0040ad80
0x0040ad86
0x0040ad8d
0x0040ad95
0x0040ad9b
0x0040ada0
0x0040ada5
0x0040ada6
0x0040adad
0x0040adad
0x0040adba
0x0040adc2

APIs

__EH_prolog.LIBCMT ref: 0040ACAD

Part of subcall function 00405627: __EH_prolog.LIBCMT ref: 0040562C
Part of subcall function 00405627: CreateEventA.KERNEL32(?,00000000,00000000,0041826A,?,?,00401769,00000001,00000000,00000000,00000000,0000000F,00000001,?,?,004016AE), ref: 00405657
Part of subcall function 00405627: _CxxThrowException.MSVCRT(00000000,0041C3E0), ref: 00405673

CreateThread.KERNELBASE ref: 0040AD8D
_CxxThrowException.MSVCRT(00000000,0041C1C0), ref: 0040ADAD

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: CreateExceptionH_prologThrow$EventThread
String ID:
API String ID: 1810649600-0
Opcode ID: 77fad629f09bf41806b387de452fba01a266a848767f36921bece8cae26cd5f5
Instruction ID: 257c4dc31257a6746243f5f83ba30a20cf56962bafec56043d3dea4fd139b007
Opcode Fuzzy Hash: 77fad629f09bf41806b387de452fba01a266a848767f36921bece8cae26cd5f5
Instruction Fuzzy Hash: 3F312AB1400744AEC320DF5AC849EDBFBF8EF95704F10885FE15993292C7B86544CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040A972 Relevance: 4.6, APIs: 3, Instructions: 76
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 94%

			E0040A972(intOrPtr __ecx) {
				intOrPtr* _t25;
				void* _t32;
				signed int _t34;
				signed int _t36;
				signed int* _t51;
				signed int* _t52;
				intOrPtr* _t53;
				intOrPtr* _t54;
				intOrPtr _t57;
				void* _t59;

				E00417F20(E0041950D, _t59);
				_push(__ecx);
				_push(__ecx);
				_t57 = __ecx;
				 *((intOrPtr*)(_t59 - 0x10)) = __ecx;
				_t51 =  *(__ecx + 0x60);
				 *(_t59 - 4) = 4;
				if(_t51 != 0) {
					_t36 =  *_t51;
					if(_t36 != 0 && _t36 != 0) {
						 *_t51 =  *_t51 & 0x00000000;
					}
					E00402E39(_t36, _t51);
				}
				_t52 =  *(_t57 + 0x68);
				if(_t52 != 0) {
					_t34 =  *_t52;
					if(_t34 != 0 && _t34 != 0) {
						 *_t52 =  *_t52 & 0x00000000;
					}
					E00402E39(_t34, _t52);
				}
				_t25 =  *((intOrPtr*)(_t57 + 0xbc));
				if(_t25 != 0) {
					 *((intOrPtr*)( *_t25 + 8))(_t25);
				}
				 *(_t59 - 4) = 3;
				E004030CF(_t57 + 0xa8);
				 *(_t59 - 4) = 2;
				E004030CF(_t57 + 0x94);
				_t53 = _t57 + 0x80;
				 *((intOrPtr*)(_t59 - 0x14)) = _t53;
				 *_t53 = 0x41b780;
				 *(_t59 - 4) = 5;
				E004030DF();
				 *(_t59 - 4) = 1;
				E004030CF(_t53);
				_t54 = _t57 + 0x6c;
				 *((intOrPtr*)(_t59 - 0x14)) = _t54;
				 *_t54 = 0x41b788;
				 *(_t59 - 4) = 6;
				E004030DF();
				 *(_t59 - 4) =  *(_t59 - 4) & 0x00000000;
				E004030CF(_t54);
				 *(_t59 - 4) =  *(_t59 - 4) | 0xffffffff;
				_t32 = E0040A88B(_t57); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t59 - 0xc));
				return _t32;
			}

0x0040a977
0x0040a97c
0x0040a97d
0x0040a97f
0x0040a982
0x0040a985
0x0040a988
0x0040a991
0x0040a993
0x0040a997
0x0040a9a4
0x0040a9a4
0x0040a9a8
0x0040a9ad
0x0040a9ae
0x0040a9b3
0x0040a9b5
0x0040a9b9
0x0040a9c6
0x0040a9c6
0x0040a9ca
0x0040a9cf
0x0040a9d0
0x0040a9d8
0x0040a9dd
0x0040a9dd
0x0040a9e6
0x0040a9ea
0x0040a9f5
0x0040a9f9
0x0040a9fe
0x0040aa04
0x0040aa07
0x0040aa0f
0x0040aa13
0x0040aa1a
0x0040aa1e
0x0040aa23
0x0040aa26
0x0040aa29
0x0040aa31
0x0040aa35
0x0040aa3a
0x0040aa40
0x0040aa45
0x0040aa4b
0x0040aa55
0x0040aa5d

APIs

__EH_prolog.LIBCMT ref: 0040A977
CloseHandle.KERNEL32(00000000,?,?,?,?,0040BA79), ref: 0040A99A
CloseHandle.KERNEL32(00000000,?,?,?,?,0040BA79), ref: 0040A9BC

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: CloseHandle$H_prolog
String ID:
API String ID: 3058810342-0
Opcode ID: 347ae9906ec998daa2fb2eab92162411fe8f2ded61a45ff3eb15560c99854be4
Instruction ID: f9ded29fe1cbcaeac99861df71764abd9fef427830e40d474eefdc4a799ffc01
Opcode Fuzzy Hash: 347ae9906ec998daa2fb2eab92162411fe8f2ded61a45ff3eb15560c99854be4
Instruction Fuzzy Hash: 09218FB16113069BDB109F65C4057AFFBA9AF90704F14446FE056B32C2DBB8AA0587AA

Uniqueness

Uniqueness Score: -1.00%

Function 0040B0E9 Relevance: 4.6, APIs: 3, Instructions: 75
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E0040B0E9(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t52;
				void* _t67;
				void* _t68;
				intOrPtr _t74;
				void* _t89;
				void* _t94;
				void* _t97;
				void* _t100;

				_t105 = __eflags;
				_t89 = __edx;
				E00417F20(E0041963B, _t100);
				_t52 =  *(__ecx + 0x78);
				_t74 =  *((intOrPtr*)(__ecx + 0x18));
				_push( *((intOrPtr*)(_t74 + 4 + _t52 * 8)));
				_push( *((intOrPtr*)(_t74 + _t52 * 8)));
				E0040A7B4(_t100 - 0xd8, __eflags);
				_t97 = __ecx + 0x70;
				_push(_t100 - 0xd8);
				 *(_t100 - 4) = 0;
				E0040B9F1(_t97, _t89);
				E0040A8FD( *( *((intOrPtr*)(_t97 + 0xc)) +  *(_t97 + 8) * 4 - 4));
				_t90 =  *((intOrPtr*)(_t97 + 0xc));
				 *((intOrPtr*)( *( *((intOrPtr*)(_t97 + 0xc)) +  *(_t97 + 8) * 4 - 4) + 0x64)) =  *((intOrPtr*)(__ecx + 0xb8));
				E0040882F(__ecx + 0xa0,  *((intOrPtr*)(_t97 + 0xc)),  *((intOrPtr*)( *((intOrPtr*)( *( *((intOrPtr*)(_t97 + 0xc)) +  *(_t97 + 8) * 4 - 4) + 0x68)))));
				 *((intOrPtr*)(_t100 - 0x14)) = 0;
				_t94 = __ecx + 0x84;
				_push(0);
				 *(_t100 - 4) = 1;
				E0040BA9C(_t94, _t90, _t105);
				_t41 =  *(_t94 + 8) * 4; // -4
				_t67 = CreateThread(0, 0, E0040B1DF,  *( *((intOrPtr*)(_t97 + 0xc)) +  *(_t97 + 8) * 4 - 4), 0, _t100 - 0x10); // executed
				 *( *((intOrPtr*)(_t94 + 0xc)) + _t41 - 4) = _t67;
				if(_t67 == 0) {
					_push(0x41c1c0);
					_push(_t100 - 0x10);
					 *(_t100 - 0x10) = 0x425d0;
					L00417F68();
				}
				 *(_t100 - 4) =  *(_t100 - 4) | 0xffffffff;
				_t68 = E0040A972(_t100 - 0xd8);
				 *[fs:0x0] =  *((intOrPtr*)(_t100 - 0xc));
				return _t68;
			}

0x0040b0e9
0x0040b0e9
0x0040b0ee
0x0040b0fe
0x0040b101
0x0040b104
0x0040b111
0x0040b113
0x0040b118
0x0040b123
0x0040b126
0x0040b129
0x0040b138
0x0040b140
0x0040b14d
0x0040b165
0x0040b16a
0x0040b16d
0x0040b173
0x0040b176
0x0040b17a
0x0040b18f
0x0040b1a0
0x0040b1a6
0x0040b1ad
0x0040b1b2
0x0040b1b7
0x0040b1b8
0x0040b1bf
0x0040b1bf
0x0040b1c4
0x0040b1ce
0x0040b1d6
0x0040b1de

APIs

__EH_prolog.LIBCMT ref: 0040B0EE

Part of subcall function 0040A7B4: __EH_prolog.LIBCMT ref: 0040A7B9

Part of subcall function 0040B9F1: __EH_prolog.LIBCMT ref: 0040B9F6

Part of subcall function 0040A8FD: __EH_prolog.LIBCMT ref: 0040A902

Part of subcall function 0040BA9C: __EH_prolog.LIBCMT ref: 0040BAA1
Part of subcall function 0040BA9C: CloseHandle.KERNEL32(?,?,?,0040B17F,00000000,?,?,?,00000011,?,?,00000000), ref: 0040BACD

CreateThread.KERNELBASE ref: 0040B1A0
_CxxThrowException.MSVCRT(00000000,0041C1C0), ref: 0040B1BF

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$CloseCreateExceptionHandleThreadThrow
String ID:
API String ID: 4111146282-0
Opcode ID: c624c9540360c7cf5ad111fa30e3c3c417a04fbc60477ed9fe6bd8a9d0c7c36c
Instruction ID: a64116a35d2a524fa00fce51f0e5186f80d66d3dea93ed013bdc16f419976b7c
Opcode Fuzzy Hash: c624c9540360c7cf5ad111fa30e3c3c417a04fbc60477ed9fe6bd8a9d0c7c36c
Instruction Fuzzy Hash: 01317C70600606DFC714DF59C890EAAB7B5FF48318B10856EE86AA3791CB34AE56CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0040597C Relevance: 4.6, APIs: 3, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040597C(long __ecx) {
				CHAR* _t26;
				int _t27;
				int _t29;
				void* _t33;
				void* _t52;
				intOrPtr _t57;

				E00417F20(E004189C0, _t52);
				_t57 =  *0x4207ec; // 0x1
				_t49 = __ecx;
				if(_t57 == 0) {
					 *(_t52 - 0x18) = 0;
					 *((intOrPtr*)(_t52 - 0x14)) = 0;
					 *((intOrPtr*)(_t52 - 0x10)) = 0;
					E0040285C(_t52 - 0x18, 0xf);
					_t26 =  *(_t52 + 8);
					 *((intOrPtr*)(_t52 - 4)) = 0;
					if((_t26 & 0xffff0000) != 0) {
						E0040190B(_t52 - 0x24, _t26);
						 *((char*)(_t52 - 4)) = 1;
						_t33 = E00405556(_t52 - 0x24, _t52 - 0x30, _t52 - 0x24);
						 *((char*)(_t52 - 4)) = 2;
						E00402E39(E00402E39(E0040462F(_t52 - 0x18, _t33),  *((intOrPtr*)(_t52 - 0x30))),  *((intOrPtr*)(_t52 - 0x24)));
						_t26 =  *(_t52 - 0x18);
					}
					_t27 = DialogBoxParamA( *0x4207e8, _t26,  *(_t52 + 0xc), E0040592D, _t49);
					E00402E39(_t27,  *(_t52 - 0x18));
					_t29 = _t27;
				} else {
					_t29 = DialogBoxParamW( *0x4207e8,  *(_t52 + 8),  *(_t52 + 0xc), E0040592D, __ecx); // executed
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t52 - 0xc));
				return _t29;
			}

0x00405981
0x0040598c
0x00405993
0x00405995
0x004059b6
0x004059b9
0x004059bc
0x004059bf
0x004059c4
0x004059c7
0x004059cf
0x004059d5
0x004059dd
0x004059e6
0x004059ef
0x00405a03
0x00405a08
0x00405a0c
0x00405a1d
0x00405a28
0x00405a2e
0x00405997
0x004059a9
0x004059a9
0x00405a35
0x00405a3d

APIs

__EH_prolog.LIBCMT ref: 00405981
DialogBoxParamW.USER32 ref: 004059A9
DialogBoxParamA.USER32 ref: 00405A1D

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: DialogParam$H_prolog
String ID:
API String ID: 2739952857-0
Opcode ID: ecbc6173805e72da444251a6d79df0b74c4af7350e398dc2278c867fe5942cd2
Instruction ID: 50fd6da8f01a94e3d9158249ff99d18863bc4b4d3e765d4e59dfed27c27b4718
Opcode Fuzzy Hash: ecbc6173805e72da444251a6d79df0b74c4af7350e398dc2278c867fe5942cd2
Instruction Fuzzy Hash: 65214DB6900218EBCB11EFA5DD8A9DFBBB8EF08314F50413AF505B2291D7795A40DF98

Uniqueness

Uniqueness Score: -1.00%

Function 00404A5A Relevance: 4.6, APIs: 3, Instructions: 61
fileCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E00404A5A(intOrPtr* __ecx, void* __edi) {
				signed int _t27;
				intOrPtr* _t32;
				signed int _t34;
				signed int _t37;
				signed int _t40;
				intOrPtr* _t53;
				void* _t55;
				intOrPtr _t60;

				E00417F20(E00418864, _t55);
				_t60 =  *0x4207ec; // 0x1
				_t53 = __ecx;
				if(_t60 == 0) {
					E0040190B(_t55 - 0x18,  *(_t55 + 8));
					 *((intOrPtr*)(_t55 - 4)) = 0;
					_t27 = AreFileApisANSI();
					asm("sbb eax, eax");
					_push( ~_t27 + 1);
					_push(_t55 - 0x18);
					_push(_t55 - 0x24);
					_t32 = E00402FED(__edi);
					 *((char*)(_t55 - 4)) = 1;
					_t34 = E00404A25(_t53,  *_t32,  *(_t55 + 0xc),  *(_t55 + 0x10),  *(_t55 + 0x14),  *(_t55 + 0x18));
					E00402E39(E00402E39(_t34,  *((intOrPtr*)(_t55 - 0x24))),  *((intOrPtr*)(_t55 - 0x18)));
					_t37 = _t34;
				} else {
					 *((intOrPtr*)( *__ecx + 4))();
					_t40 = CreateFileW( *(_t55 + 8),  *(_t55 + 0xc),  *(_t55 + 0x10), 0,  *(_t55 + 0x14),  *(_t55 + 0x18), 0); // executed
					 *(_t53 + 8) = _t40;
					_t37 = _t40 & 0xffffff00 | _t40 != 0xffffffff;
					 *(_t53 + 4) = _t37;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t55 - 0xc));
				return _t37;
			}

0x00404a5f
0x00404a6a
0x00404a71
0x00404a73
0x00404aa5
0x00404aaa
0x00404aad
0x00404ab5
0x00404ab8
0x00404abc
0x00404ac0
0x00404ac1
0x00404acd
0x00404adb
0x00404aed
0x00404af3
0x00404a75
0x00404a77
0x00404a8b
0x00404a94
0x00404a97
0x00404a9a
0x00404a9a
0x00404afb
0x00404b03

APIs

__EH_prolog.LIBCMT ref: 00404A5F
CreateFileW.KERNELBASE(?,?,?,00000000,?,?,00000000,?,?,?,?,?,00000000,?,?,0000000F), ref: 00404A8B
AreFileApisANSI.KERNEL32(?,00000000,?,00405CA3,?,00409083,?,00000000,?,?,00000000,00000000,?,?,?,?), ref: 00404AAD

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: File$ApisCreateH_prolog
String ID:
API String ID: 2957621570-0
Opcode ID: f4c813428f40a6f34fe55fab4a45614ac92208756b80a0499f66f61e5f35deab
Instruction ID: 3ea54a56ae6378928b536ac5fda4c9b6644be296bac2a1fd9aa0d5edcdcc9bab
Opcode Fuzzy Hash: f4c813428f40a6f34fe55fab4a45614ac92208756b80a0499f66f61e5f35deab
Instruction Fuzzy Hash: 1F118476940109EFCF01EFA4DD458DE7FBAEF08304B10842AF511A21A2C7358955EF64

Uniqueness

Uniqueness Score: -1.00%

Function 004056A2 Relevance: 4.5, APIs: 3, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E004056A2(void* __edi) {
				int _t19;
				signed int _t22;
				signed int _t23;
				void* _t34;
				intOrPtr _t39;

				E00417F20(E00418980, _t34);
				_t39 =  *0x4207ec; // 0x1
				_push( *((intOrPtr*)(_t34 + 0xc)));
				if(_t39 == 0) {
					E0040190B(_t34 - 0x18);
					 *((intOrPtr*)(_t34 - 4)) = 0;
					_t19 = SetWindowTextA( *(_t34 + 8),  *(E00402FED(__edi, _t34 - 0x24, _t34 - 0x18, 0)));
					E00402E39(E00402E39(_t19,  *((intOrPtr*)(_t34 - 0x24))),  *((intOrPtr*)(_t34 - 0x18)));
					_t22 = 0 | _t19 != 0x00000000;
				} else {
					_t23 = SetWindowTextW( *(_t34 + 8), ??); // executed
					asm("sbb eax, eax");
					_t22 =  ~( ~_t23);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t34 - 0xc));
				return _t22;
			}

0x004056a7
0x004056b2
0x004056b8
0x004056bb
0x004056d1
0x004056df
0x004056ec
0x00405702
0x00405708
0x004056bd
0x004056c0
0x004056c8
0x004056ca
0x004056ca
0x0040570f
0x00405717

APIs

__EH_prolog.LIBCMT ref: 004056A7
SetWindowTextW.USER32(?,?), ref: 004056C0
SetWindowTextA.USER32(?,00000000), ref: 004056EC

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: TextWindow$H_prolog
String ID:
API String ID: 3018873321-0
Opcode ID: 7c4aa7493388443a69770487e858e8f0c8c85e3fb3c1435fe65512b105e224fe
Instruction ID: b5a3c5db79d0ae5a1814d68b213e325735309db7623e4aed49ddde1d12b29ea0
Opcode Fuzzy Hash: 7c4aa7493388443a69770487e858e8f0c8c85e3fb3c1435fe65512b105e224fe
Instruction Fuzzy Hash: 63F08671540009AFCB02AFA1DD559DEBB79EB08344F40803AF006E10E2CB359955DF98

Uniqueness

Uniqueness Score: -1.00%

Function 0040601E Relevance: 4.5, APIs: 3, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040601E(intOrPtr* __ecx) {
				intOrPtr* _t15;
				void* _t16;
				void* _t22;
				struct _CRITICAL_SECTION* _t23;
				void* _t25;
				intOrPtr* _t26;
				intOrPtr* _t29;
				void* _t30;

				E00417F20(E00418A08, _t30);
				_t26 = __ecx;
				_t23 = __ecx + 4;
				 *(_t30 - 0x10) = _t23;
				EnterCriticalSection(_t23);
				_t15 =  *_t26;
				 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
				_t16 =  *((intOrPtr*)( *_t15 + 0x10))(_t15,  *((intOrPtr*)(_t30 + 8)),  *((intOrPtr*)(_t30 + 0xc)), 0, 0, _t22, _t25, __ecx);
				if(_t16 == 0) {
					_t29 =  *_t26;
					_t16 =  *((intOrPtr*)( *_t29 + 0xc))(_t29,  *((intOrPtr*)(_t30 + 0x10)),  *((intOrPtr*)(_t30 + 0x14)),  *((intOrPtr*)(_t30 + 0x18)));
				}
				LeaveCriticalSection(_t23);
				 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
				return _t16;
			}

0x00406023
0x0040602a
0x0040602d
0x00406031
0x00406034
0x0040603a
0x00406040
0x0040604d
0x00406052
0x00406057
0x00406062
0x00406062
0x00406068
0x00406075
0x0040607d

APIs

__EH_prolog.LIBCMT ref: 00406023
EnterCriticalSection.KERNEL32(00000000,?,?,?,004060AD,?,?,?,?,?), ref: 00406034
LeaveCriticalSection.KERNEL32(00000000,?,?,?,004060AD,?,?,?,?,?), ref: 00406068

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: CriticalSection$EnterH_prologLeave
String ID:
API String ID: 367238759-0
Opcode ID: 3214be0aebb8ce79a23f74cac1f98ddfbb827a7f2ad7c859e722ed8e9a23fdf8
Instruction ID: 7e091a019a4e8e39a858edc9c129f6d200f2abb39ab5d61ca220b4ef4b4cbf39
Opcode Fuzzy Hash: 3214be0aebb8ce79a23f74cac1f98ddfbb827a7f2ad7c859e722ed8e9a23fdf8
Instruction Fuzzy Hash: E2011976A00214AFCB218F94CC08B9ABBB9FF48711F11846AFD12A7250C7B4E911DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 004025E9 Relevance: 4.5, APIs: 3, Instructions: 38
synchronizationwindowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004025E9(intOrPtr* __ecx) {
				intOrPtr _t20;
				intOrPtr _t28;
				intOrPtr* _t32;
				void* _t34;
				void* _t36;
				void* _t39;

				E00417F20(E00418510, _t34);
				_t32 = __ecx;
				 *((intOrPtr*)(_t34 - 0x10)) = _t36 - 0x2c;
				 *((intOrPtr*)(_t34 - 0x14)) = __ecx;
				WaitForSingleObject( *( *__ecx + 0x68), 0xffffffff);
				 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
				_t20 = E004082EF(_t28, _t39,  *((intOrPtr*)(_t32 + 4)),  *((intOrPtr*)(_t32 + 8)),  *((intOrPtr*)(_t32 + 0xc)),  *((intOrPtr*)(_t32 + 0x10)),  *((intOrPtr*)(_t32 + 0x14)),  *((intOrPtr*)(_t32 + 0x18))); // executed
				 *((intOrPtr*)(_t32 + 0x28)) = _t20;
				PostMessageA( *( *_t32 + 0x34),  *0x41bdd4, 0, 0); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t34 - 0xc));
				return 0;
			}

0x004025ee
0x004025f8
0x004025fb
0x00402602
0x0040260b
0x00402614
0x00402627
0x0040262c
0x004026d7
0x004026e4
0x004026ed

APIs

__EH_prolog.LIBCMT ref: 004025EE
WaitForSingleObject.KERNEL32(?,000000FF), ref: 0040260B

Part of subcall function 004082EF: __EH_prolog.LIBCMT ref: 004082F4

PostMessageA.USER32 ref: 004026D7

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$MessageObjectPostSingleWait
String ID:
API String ID: 2380502847-0
Opcode ID: 1ba8de46d01083a42f6663df4cb07bf0b1e526c14cf171549814d6ee64cd4850
Instruction ID: adbeec03ab2ed659f4ec9a9cd2c22b625a23df9e3f7a470a1513d89c40a1535d
Opcode Fuzzy Hash: 1ba8de46d01083a42f6663df4cb07bf0b1e526c14cf171549814d6ee64cd4850
Instruction Fuzzy Hash: F6011D32500600FFCB219F99DD45B9ABBB2FF08714F10496EF192A65B0D772A850DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00417B98 Relevance: 4.5, APIs: 3, Instructions: 23
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00417B98(void* __ecx) {
				int _t15;
				void* _t20;
				void* _t21;

				_t21 = __ecx;
				 *(__ecx + 0x28) =  *(__ecx + 0x28) | 0xffffffff;
				 *(__ecx + 0x2c) =  *(__ecx + 0x2c) | 0xffffffff;
				 *(__ecx + 0x34) =  *(__ecx + 0x34) | 0xffffffff;
				 *((intOrPtr*)(_t21 + 0x30)) = GetDlgItem( *(__ecx + 4), 0x3e8);
				_t15 = SetTimer( *(_t21 + 4), 3, 0x32, 0); // executed
				 *(_t21 + 8) = _t15;
				SetEvent( *(_t21 + 0x38));
				E004056A2(_t20,  *(_t21 + 4),  *((intOrPtr*)(_t21 + 0xc))); // executed
				return 1;
			}

0x00417b99
0x00417ba3
0x00417ba7
0x00417bab
0x00417bbb
0x00417bc1
0x00417bca
0x00417bcd
0x00417bd9
0x00417be1

APIs

GetDlgItem.USER32 ref: 00417BAF
SetTimer.USER32(?,00000003,00000032,00000000), ref: 00417BC1
SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000003E8), ref: 00417BCD

Part of subcall function 004056A2: __EH_prolog.LIBCMT ref: 004056A7
Part of subcall function 004056A2: SetWindowTextW.USER32(?,?), ref: 004056C0

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: EventH_prologItemTextTimerWindow
String ID:
API String ID: 3818058485-0
Opcode ID: 407e587a8b274e45628b246e364adf8da603f69c65be6f034ac97e07db1ec960
Instruction ID: 58bf95bf989522a93157f6fe120696c1dc7162aa05aba6031ec0572c7d7245fe
Opcode Fuzzy Hash: 407e587a8b274e45628b246e364adf8da603f69c65be6f034ac97e07db1ec960
Instruction Fuzzy Hash: 2DF0DF31480B00AFD6755B61DE4AA46BEA0FB08720B108B2DA2BA859F0C761A5519F44

Uniqueness

Uniqueness Score: -1.00%

Function 004090DD Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 275
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E004090DD(void* __edx) {
				signed int _t118;
				intOrPtr* _t119;
				void* _t120;
				signed int _t121;
				signed int _t124;
				signed int _t126;
				signed int _t128;
				intOrPtr* _t130;
				void* _t137;
				signed int _t142;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t157;
				intOrPtr* _t161;
				signed int _t162;
				void* _t163;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				signed int _t222;
				signed int _t224;
				signed int _t226;
				intOrPtr* _t227;
				void* _t229;

				E00417F20(E004190A4, _t229);
				_t224 =  *(_t229 + 0xc);
				_push( *((intOrPtr*)(_t229 + 0x24)));
				_push( *((intOrPtr*)(_t229 + 0x1c)));
				_push( *((intOrPtr*)(_t229 + 0x14)));
				_push(_t224);
				_push( *(_t229 + 8));
				_t118 = E0040903E(__edx); // executed
				if(_t118 != 0) {
					L46:
					 *[fs:0x0] =  *((intOrPtr*)(_t229 - 0xc));
					return _t118;
				}
				 *(_t229 + 8) = 0;
				_t119 =  *_t224;
				 *(_t229 - 4) = 0;
				_t120 =  *((intOrPtr*)( *_t119))(_t119, 0x41b220, _t229 + 8);
				_t121 =  *(_t229 + 8);
				if(_t120 != 0 || _t121 == 0) {
					_t112 = _t229 - 4;
					 *_t112 =  *(_t229 - 4) | 0xffffffff;
					__eflags =  *_t112;
					goto L43;
				} else {
					 *(_t229 + 0xc) = 0;
					_push(_t229 + 0xc);
					_push(0);
					_push(_t121);
					 *(_t229 - 4) = 1;
					if( *((intOrPtr*)( *_t121 + 0xc))() != 0) {
						L17:
						_t124 =  *(_t229 + 0xc);
						 *(_t229 - 4) = 0;
						__eflags = _t124;
						if(_t124 != 0) {
							 *((intOrPtr*)( *_t124 + 8))(_t124);
						}
						 *(_t229 - 4) =  *(_t229 - 4) | 0xffffffff;
						_t121 =  *(_t229 + 8);
						L43:
						__eflags = _t121;
						if(_t121 != 0) {
							 *((intOrPtr*)( *_t121 + 8))(_t121);
						}
						L45:
						_t118 = 0;
						__eflags = 0;
						goto L46;
					}
					 *(_t229 - 0x10) = 0;
					_t126 =  *(_t229 + 0xc);
					_push(_t229 - 0x10);
					_push(0x41b2f0);
					_push(_t126);
					 *(_t229 - 4) = 2;
					if( *((intOrPtr*)( *_t126))() != 0) {
						L15:
						_t128 =  *(_t229 - 0x10);
						 *(_t229 - 4) = 1;
						__eflags = _t128;
						if(_t128 != 0) {
							 *((intOrPtr*)( *_t128 + 8))(_t128);
						}
						goto L17;
					}
					if( *(_t229 - 0x10) == 0) {
						goto L17;
					}
					_t130 =  *_t224;
					_t219 = _t229 - 0x18;
					_t222 =  *((intOrPtr*)( *_t130 + 0x14))(_t130, _t229 - 0x18);
					if(_t222 == 0) {
						__eflags =  *((intOrPtr*)(_t229 - 0x18)) - 1;
						if( *((intOrPtr*)(_t229 - 0x18)) >= 1) {
							_t190 = _t229 - 0x24;
							 *((intOrPtr*)(_t229 - 0x24)) = 0;
							 *(_t229 - 0x20) = 0;
							 *((intOrPtr*)(_t229 - 0x1c)) = 0;
							E00401CEB(_t229 - 0x24, 0xf);
							 *(_t229 - 4) = 3;
							_push(_t229 - 0x24);
							_push(0);
							_push( *_t224);
							_t226 = E00408BAF();
							__eflags = _t226;
							if(_t226 == 0) {
								__eflags =  *(_t229 - 0x20);
								if( *(_t229 - 0x20) != 0) {
									_t137 = E00403344(_t190, _t229 - 0x3c, _t229 - 0x24);
									 *(_t229 - 4) = 7;
									E00402E39(E00401975(_t229 - 0x24, _t137),  *((intOrPtr*)(_t229 - 0x3c)));
								} else {
									_push( *((intOrPtr*)(_t229 + 0x1c)));
									E004093D0();
									E00401975(_t229 - 0x24,  *((intOrPtr*)(_t229 + 0x1c)));
									E0040190B(_t229 - 0x30, 0x420430);
									 *(_t229 - 4) = 4;
									_t157 = E00402EF7( *((intOrPtr*)( *((intOrPtr*)(_t229 + 0x14)))),  *((intOrPtr*)(_t229 - 0x30)));
									__eflags = _t157;
									 *(_t229 + 0x1f) = _t157 == 0;
									 *(_t229 - 4) = 3;
									E00402E39(_t157,  *((intOrPtr*)(_t229 - 0x30)));
									__eflags =  *(_t229 + 0x1f);
									if( *(_t229 + 0x1f) != 0) {
										E0040190B(_t229 - 0x30, 0x4204d0);
										 *(_t229 - 4) = 5;
										_t161 = E00409921(_t229 - 0x24, _t229 - 0x3c, 3);
										 *(_t229 - 4) = 6;
										_t162 = E00402EF7( *_t161,  *((intOrPtr*)(_t229 - 0x30)));
										__eflags = _t162;
										 *(_t229 + 0x1f) = _t162 != 0;
										_t163 = E00402E39(_t162,  *((intOrPtr*)(_t229 - 0x3c)));
										 *(_t229 - 4) = 3;
										E00402E39(_t163,  *((intOrPtr*)(_t229 - 0x30)));
										__eflags =  *(_t229 + 0x1f);
										if( *(_t229 + 0x1f) != 0) {
											E00405C3A(_t229 - 0x24, _t219, 0x4204d0);
										}
									}
								}
								 *(_t229 - 0x14) = 0;
								_t227 =  *((intOrPtr*)(_t229 + 0x24));
								 *(_t229 - 4) = 8;
								 *((intOrPtr*)( *_t227))(_t227, 0x41b210, _t229 - 0x14);
								_t142 =  *(_t229 - 0x14);
								__eflags = _t142;
								if(__eflags != 0) {
									 *((intOrPtr*)( *_t142 + 0xc))(_t142,  *((intOrPtr*)(_t229 - 0x24)));
								}
								_push(_t227);
								_push( *((intOrPtr*)(_t229 + 0x20)));
								_push( *((intOrPtr*)(_t229 + 0x18)));
								_push( *((intOrPtr*)(_t229 + 0x10)));
								_push(_t229 - 0x24);
								_push( *(_t229 - 0x10));
								E00408CE2(_t219, __eflags);
								_t145 =  *(_t229 - 0x14);
								 *(_t229 - 4) = 3;
								__eflags = _t145;
								if(_t145 != 0) {
									_t145 =  *((intOrPtr*)( *_t145 + 8))(_t145);
								}
								E00402E39(_t145,  *((intOrPtr*)(_t229 - 0x24)));
								_t147 =  *(_t229 - 0x10);
								__eflags = _t147;
								 *(_t229 - 4) = 1;
								if(_t147 != 0) {
									 *((intOrPtr*)( *_t147 + 8))(_t147);
								}
								_t148 =  *(_t229 + 0xc);
								 *(_t229 - 4) = 0;
								__eflags = _t148;
								if(_t148 != 0) {
									 *((intOrPtr*)( *_t148 + 8))(_t148);
								}
								 *(_t229 - 4) =  *(_t229 - 4) | 0xffffffff;
								E004099E1(_t229 + 8);
								goto L45;
							}
							E00402E39(_t134,  *((intOrPtr*)(_t229 - 0x24)));
							_t167 =  *(_t229 - 0x10);
							__eflags = _t167;
							 *(_t229 - 4) = 1;
							if(_t167 != 0) {
								 *((intOrPtr*)( *_t167 + 8))(_t167);
							}
							_t168 =  *(_t229 + 0xc);
							 *(_t229 - 4) = 0;
							__eflags = _t168;
							if(_t168 != 0) {
								 *((intOrPtr*)( *_t168 + 8))(_t168);
							}
							_t169 =  *(_t229 + 8);
							 *(_t229 - 4) =  *(_t229 - 4) | 0xffffffff;
							__eflags = _t169;
							if(_t169 != 0) {
								 *((intOrPtr*)( *_t169 + 8))(_t169);
							}
							_t118 = _t226;
							goto L46;
						}
						goto L15;
					} else {
						_t173 =  *(_t229 - 0x10);
						 *(_t229 - 4) = 1;
						if(_t173 != 0) {
							 *((intOrPtr*)( *_t173 + 8))(_t173);
						}
						_t174 =  *(_t229 + 0xc);
						 *(_t229 - 4) = 0;
						if(_t174 != 0) {
							 *((intOrPtr*)( *_t174 + 8))(_t174);
						}
						_t175 =  *(_t229 + 8);
						 *(_t229 - 4) =  *(_t229 - 4) | 0xffffffff;
						if(_t175 != 0) {
							 *((intOrPtr*)( *_t175 + 8))(_t175);
						}
						_t118 = _t222;
						goto L46;
					}
				}
			}

0x004090e2
0x004090ed
0x004090f0
0x004090f3
0x004090f6
0x004090f9
0x004090fa
0x004090fd
0x00409106
0x004093bf
0x004093c5
0x004093cd
0x004093cd
0x0040910c
0x0040910f
0x0040911d
0x00409120
0x00409124
0x00409127
0x004093af
0x004093af
0x004093af
0x00000000
0x00409135
0x00409135
0x0040913d
0x0040913e
0x0040913f
0x00409140
0x00409149
0x004091d2
0x004091d2
0x004091d5
0x004091d8
0x004091da
0x004091df
0x004091df
0x004091e2
0x004091e6
0x004093b3
0x004093b3
0x004093b5
0x004093ba
0x004093ba
0x004093bd
0x004093bd
0x004093bd
0x00000000
0x004093bd
0x0040914f
0x00409152
0x00409158
0x00409159
0x00409160
0x00409161
0x00409169
0x004091c1
0x004091c1
0x004091c4
0x004091c8
0x004091ca
0x004091cf
0x004091cf
0x00000000
0x004091ca
0x0040916e
0x00000000
0x00000000
0x00409170
0x00409172
0x0040917c
0x00409180
0x004091bb
0x004091bf
0x004091f0
0x004091f3
0x004091f6
0x004091f9
0x004091fc
0x00409204
0x00409208
0x00409209
0x0040920a
0x00409211
0x00409213
0x00409215
0x00409259
0x0040925c
0x0040930d
0x00409316
0x00409322
0x00409262
0x00409262
0x00409265
0x00409270
0x0040927d
0x00409288
0x0040928e
0x00409296
0x00409298
0x0040929c
0x004092a0
0x004092a5
0x004092a9
0x004092b4
0x004092c2
0x004092c6
0x004092ce
0x004092d4
0x004092dc
0x004092de
0x004092e2
0x004092ea
0x004092ee
0x004092f3
0x004092f8
0x004092fe
0x004092fe
0x004092f8
0x004092a9
0x00409328
0x0040932b
0x0040933a
0x0040933e
0x00409340
0x00409343
0x00409345
0x0040934d
0x0040934d
0x00409350
0x00409354
0x00409357
0x0040935a
0x0040935d
0x0040935e
0x00409361
0x00409366
0x00409369
0x0040936d
0x0040936f
0x00409374
0x00409374
0x0040937a
0x0040937f
0x00409383
0x00409385
0x00409389
0x0040938e
0x0040938e
0x00409391
0x00409394
0x00409397
0x00409399
0x0040939e
0x0040939e
0x004093a1
0x004093a8
0x00000000
0x004093a8
0x0040921a
0x0040921f
0x00409223
0x00409225
0x00409229
0x0040922e
0x0040922e
0x00409231
0x00409234
0x00409237
0x00409239
0x0040923e
0x0040923e
0x00409241
0x00409244
0x00409248
0x0040924a
0x0040924f
0x0040924f
0x00409252
0x00000000
0x00409252
0x00000000
0x00409182
0x00409182
0x00409185
0x0040918b
0x00409190
0x00409190
0x00409193
0x00409196
0x0040919b
0x004091a0
0x004091a0
0x004091a3
0x004091a6
0x004091ac
0x004091b1
0x004091b1
0x004091b4
0x00000000
0x004091b4
0x00409180

APIs

__EH_prolog.LIBCMT ref: 004090E2

Part of subcall function 0040903E: __EH_prolog.LIBCMT ref: 00409043
Part of subcall function 0040903E: GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,00000000,?,?,0000000F), ref: 00409087

Strings

.7z, xrefs: 004092AB, 004092B3, 004092FA

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$ErrorLast
String ID: .7z
API String ID: 2901101390-3980757742
Opcode ID: 0098caddc7d1fa1aae48ebff277b984cae9882dffd06664364e78251fab8b75e
Instruction ID: e40bc76f63464f6be5c59e93e4402caca2f99b39b4c78c2f3d96004fa74bc0ec
Opcode Fuzzy Hash: 0098caddc7d1fa1aae48ebff277b984cae9882dffd06664364e78251fab8b75e
Instruction Fuzzy Hash: 90B17C71900149EFCF11DFA4C8889AEBBB5AF08304F2484AEF855B72D2CB399E45CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00410F22 Relevance: 3.4, APIs: 2, Instructions: 353
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00410F22(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				signed int _v4;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v36;
				signed int _v40;
				char _v48;
				intOrPtr* _v52;
				signed int _v56;
				signed int _v60;
				char _v64;
				char _v84;
				char _v104;
				char _v124;
				char _v144;
				intOrPtr _v152;
				intOrPtr _v160;
				char _v172;
				signed int _v176;
				char _v196;
				char _v216;
				char _v356;
				void* _v400;
				void* _v404;
				void* _v416;
				signed int _t245;
				void* _t249;
				intOrPtr _t252;
				signed int _t269;
				signed int _t274;
				signed int _t282;
				signed int _t283;
				intOrPtr* _t291;
				intOrPtr* _t305;
				intOrPtr _t309;
				intOrPtr _t363;
				char* _t365;
				signed int _t371;
				signed int _t377;
				char _t379;
				signed int _t380;
				void* _t381;
				void* _t383;
				void* _t385;
				void* _t386;
				void* _t389;

				_t389 = __eflags;
				_t371 = __edx;
				E00417F20(E0041A052, _t381);
				_t386 = _t385 - 0x158;
				_v52 = __ecx;
				E00401EBF( &_v172, 8);
				_v172 = 0x41b758;
				_v4 = _v4 & 0x00000000;
				E00401EBF( &_v196, 1);
				_v196 = 0x41bb18;
				_v4 = 1;
				E00401EBF( &_v216, 4);
				_v216 = 0x41b600;
				_v4 = 2;
				E00401CD0( &_v48);
				_v48 = 0x41bba8;
				_v4 = 3;
				E00401EBF( &_v104, 4);
				_v104 = 0x41b600;
				_v4 = 4;
				E00401EBF( &_v144, 8);
				_v144 = 0x41b758;
				_v4 = 5;
				E00401EBF( &_v84, 1);
				_v84 = 0x41bb18;
				_v4 = 6;
				E00401EBF( &_v124, 4);
				_v124 = 0x41b600;
				_t305 = _a16;
				_v4 = 7;
				_t377 = E00410C0B(_v52, _t389, 0, _t305,  &_v172,  &_v196,  &_v216,  &_v48,  &_v104,  &_v144,  &_v84,  &_v124);
				if(_t377 == 0) {
					_v16 = _v16 & 0x00000000;
					E0040C876( &_v356, __eflags, 1);
					asm("adc ebx, [ebp+0xc]");
					_a12 = _a12 & 0x00000000;
					__eflags = _v40;
					_v28 =  *_t305 + _a8;
					_v24 =  *((intOrPtr*)(_t305 + 4));
					if(_v40 <= 0) {
						L23:
						_v4 = 7;
						E0040E90E( &_v356); // executed
						_v4 = 6;
						E004030CF( &_v124);
						_v4 = 5;
						E004030CF( &_v84);
						_v4 = 4;
						E004030CF( &_v144);
						_v4 = 3;
						E004030CF( &_v104);
						_v48 = 0x41bba8;
						_v4 = 0xf;
						E004030DF();
						_v4 = 2;
						E004030CF( &_v48);
						_v4 = 1;
						E004030CF( &_v216);
						_v4 = _v4 & 0x00000000;
						E004030CF( &_v196);
						_v4 = _v4 | 0xffffffff;
						E004030CF( &_v172);
						_t245 = 0;
						__eflags = 0;
						goto L24;
					} else {
						while(1) {
							_v60 = _v60 & 0x00000000;
							_v56 = _v56 & 0x00000000;
							_a16 =  *((intOrPtr*)(_v36 + _a12 * 4));
							_v64 = 0x41b964;
							_t379 = _a20;
							_push( &_v64);
							_v4 = 0xa;
							_t249 = E004129DE(_t379, _t371);
							_v4 = 9;
							_v64 = 0x41b964;
							E00402E39(_t249, _v56);
							_t309 =  *((intOrPtr*)( *((intOrPtr*)(_t379 + 0xc)) +  *(_t379 + 8) * 4 - 4));
							_t252 = E0040E81D(_a16);
							_t380 = 0;
							_v152 = _t252;
							__eflags = _t371;
							if(__eflags > 0) {
								break;
							}
							if(__eflags < 0) {
								L6:
								__eflags = _t371 - _t380;
								if(__eflags > 0) {
									L27:
									_v4 = 7;
									E0040E90E( &_v356);
									_v4 = 6;
									E004030CF( &_v124);
									_v4 = 5;
									E004030CF( &_v84);
									_v4 = 4;
									E004030CF( &_v144);
									_v4 = 3;
									E004030CF( &_v104);
									_v48 = 0x41bba8;
									_v4 = 0xc;
									L26:
									_t377 = 0x80004005;
									goto L31;
								} else {
									if(__eflags < 0) {
										L9:
										E0040668D(_t309, _t252);
										_push(0x14);
										_t269 = E00402E12();
										__eflags = _t269 - _t380;
										if(_t269 != _t380) {
											 *(_t269 + 4) = _t380;
											 *_t269 = 0x41bbd8;
											_t380 = _t269;
										}
										__eflags = _t380;
										_v176 = _t380;
										if(__eflags != 0) {
											 *((intOrPtr*)( *_t380 + 4))(_t380);
										}
										 *(_t380 + 0x10) =  *(_t380 + 0x10) & 0x00000000;
										_t371 = _v16;
										 *((intOrPtr*)(_t380 + 8)) =  *((intOrPtr*)(_t309 + 8));
										 *((intOrPtr*)(_t380 + 0xc)) = _v152;
										_v4 = 0xd;
										_t274 = E0040C8D0( &_v356, _t371, __eflags,  *_v52, _v28, _v24, _v160 + _t371 * 8, _a16, _t380, 0, _a24); // executed
										__eflags = _t274;
										_v20 = _t274;
										if(_t274 != 0) {
											__eflags = _t380;
											_v4 = 9;
											if(_t380 != 0) {
												 *((intOrPtr*)( *_t380 + 8))(_t380);
											}
											_v4 = 7;
											E0040E90E( &_v356);
											_v4 = 6;
											E004030CF( &_v124);
											_v4 = 5;
											E004030CF( &_v84);
											_v4 = 4;
											E004030CF( &_v144);
											_v4 = 3;
											E004030CF( &_v104);
											_v48 = 0x41bba8;
											_t377 = _v20;
											_v4 = 0xe;
											goto L31;
										} else {
											_t282 = _a16;
											__eflags =  *((char*)(_t282 + 0x54));
											if( *((char*)(_t282 + 0x54)) == 0) {
												L17:
												_t283 =  *(_t282 + 0x30);
												_a16 = _a16 & 0x00000000;
												__eflags = _t283;
												_v20 = _t283;
												if(_t283 > 0) {
													_t363 = _v160;
													do {
														_v16 = _v16 + 1;
														_t371 =  *((_v16 << 3) + _t363);
														_v28 = _v28 + _t371;
														asm("adc [ebp-0x18], eax");
														_a16 = _a16 + 1;
														__eflags = _a16 - _v20;
													} while (_a16 < _v20);
												}
												__eflags = _t380;
												_v4 = 9;
												if(_t380 != 0) {
													 *((intOrPtr*)( *_t380 + 8))(_t380);
												}
												_a12 = _a12 + 1;
												__eflags = _a12 - _v40;
												if(_a12 < _v40) {
													continue;
												} else {
													goto L23;
												}
											} else {
												_push(_v152);
												_push( *((intOrPtr*)(_t309 + 8)));
												L33();
												__eflags = _t282 -  *((intOrPtr*)(_t282 + 0x50));
												if(_t282 !=  *((intOrPtr*)(_t282 + 0x50))) {
													_t365 =  &_a20;
													_t291 = E0040FC64(_t365, 1);
													_push(0x41eaf8);
													_a16 =  *_t291;
													_push( &_a16);
													L00417F68();
													_push(_t381);
													_t383 = _t386;
													_push(_t365);
													_t208 = _t383 - 4;
													 *_t208 =  *(_t383 - 4) | 0xffffffff;
													__eflags =  *_t208;
													E00402D4A(_t383 - 4,  *((intOrPtr*)(_t383 + 8)),  *((intOrPtr*)(_t383 + 0xc)));
													return  !( *(_t383 - 4));
												} else {
													_t282 = _a16;
													goto L17;
												}
											}
										}
									} else {
										__eflags = _t252 - 0xffffffff;
										if(_t252 > 0xffffffff) {
											goto L27;
										} else {
											goto L9;
										}
									}
								}
							} else {
								__eflags = _t252 - 0x7fffffff;
								if(_t252 > 0x7fffffff) {
									break;
								} else {
									goto L6;
								}
							}
							goto L34;
						}
						_v4 = 7;
						E0040E90E( &_v356);
						_v4 = 6;
						E004030CF( &_v124);
						_v4 = 5;
						E004030CF( &_v84);
						_v4 = 4;
						E004030CF( &_v144);
						_v4 = 3;
						E004030CF( &_v104);
						_v48 = 0x41bba8;
						_v4 = 0xb;
						goto L26;
					}
				} else {
					_v4 = 6;
					E004030CF( &_v124);
					_v4 = 5;
					E004030CF( &_v84);
					_v4 = 4;
					E004030CF( &_v144);
					_v4 = 3;
					E004030CF( &_v104);
					_v48 = 0x41bba8;
					_v4 = 8;
					L31:
					E004030DF();
					_v4 = 2;
					E004030CF( &_v48);
					_v4 = 1;
					E004030CF( &_v216);
					_v4 = _v4 & 0x00000000;
					E004030CF( &_v196);
					_v4 = _v4 | 0xffffffff;
					E004030CF( &_v172);
					_t245 = _t377;
					L24:
					 *[fs:0x0] = _v12;
					return _t245;
				}
				L34:
			}

0x00410f22
0x00410f22
0x00410f27
0x00410f2c
0x00410f34
0x00410f40
0x00410f45
0x00410f4f
0x00410f5b
0x00410f65
0x00410f73
0x00410f77
0x00410f81
0x00410f8a
0x00410f8e
0x00410f98
0x00410fa0
0x00410fa4
0x00410fa9
0x00410fb4
0x00410fb8
0x00410fbd
0x00410fcc
0x00410fd0
0x00410fd5
0x00410fdd
0x00410fe1
0x00410fe6
0x00410fec
0x00411013
0x00411027
0x0041102b
0x0041106c
0x00411078
0x00411085
0x00411088
0x0041108c
0x00411090
0x00411093
0x00411096
0x00411212
0x00411218
0x0041121c
0x00411224
0x00411228
0x00411230
0x00411234
0x0041123f
0x00411243
0x0041124b
0x0041124f
0x00411254
0x0041125a
0x0041125e
0x00411266
0x0041126a
0x00411275
0x00411279
0x0041127e
0x00411288
0x0041128d
0x00411297
0x0041129c
0x0041129c
0x00000000
0x0041109c
0x0041109c
0x004110a2
0x004110a6
0x004110b2
0x004110b5
0x004110b8
0x004110be
0x004110c1
0x004110c5
0x004110cd
0x004110d1
0x004110d4
0x004110e0
0x004110e7
0x004110ec
0x004110ee
0x004110f4
0x004110f6
0x00000000
0x00000000
0x004110fc
0x00411109
0x00411109
0x0041110b
0x00411302
0x00411308
0x0041130c
0x00411314
0x00411318
0x00411320
0x00411324
0x0041132f
0x00411333
0x0041133b
0x0041133f
0x00411344
0x00411347
0x004112f8
0x004112f8
0x00000000
0x00411111
0x00411111
0x0041111c
0x0041111f
0x00411124
0x00411126
0x0041112b
0x0041112e
0x00411130
0x00411133
0x00411139
0x00411139
0x0041113b
0x0041113d
0x00411143
0x00411148
0x00411148
0x00411151
0x00411155
0x00411158
0x00411161
0x00411178
0x0041118a
0x0041118f
0x00411191
0x00411194
0x0041134d
0x0041134f
0x00411353
0x00411358
0x00411358
0x00411361
0x00411365
0x0041136d
0x00411371
0x00411379
0x0041137d
0x00411388
0x0041138c
0x00411394
0x00411398
0x0041139d
0x004113a0
0x004113a3
0x00000000
0x0041119a
0x0041119a
0x0041119d
0x004111a1
0x004111c0
0x004111c0
0x004111c3
0x004111c7
0x004111c9
0x004111cc
0x004111ce
0x004111d4
0x004111da
0x004111dd
0x004111e4
0x004111e7
0x004111ea
0x004111f0
0x004111f0
0x004111d4
0x004111f5
0x004111f7
0x004111fb
0x00411200
0x00411200
0x00411203
0x00411209
0x0041120c
0x00000000
0x00000000
0x00000000
0x00000000
0x004111a3
0x004111a3
0x004111af
0x004111b0
0x004111b5
0x004111b7
0x004113f1
0x004113f4
0x004113fb
0x00411400
0x00411406
0x00411407
0x0041140c
0x0041140d
0x0041140f
0x00411413
0x00411413
0x00411413
0x0041141d
0x00411428
0x004111bd
0x004111bd
0x00000000
0x004111bd
0x004111b7
0x004111a1
0x00411113
0x00411113
0x00411116
0x00000000
0x00000000
0x00000000
0x00000000
0x00411116
0x00411111
0x004110fe
0x004110fe
0x00411103
0x00000000
0x00000000
0x00000000
0x00000000
0x00411103
0x00000000
0x004110fc
0x004112b5
0x004112b9
0x004112c1
0x004112c5
0x004112cd
0x004112d1
0x004112dc
0x004112e0
0x004112e8
0x004112ec
0x004112f1
0x004112f4
0x00000000
0x004112f4
0x0041102d
0x00411030
0x00411034
0x0041103c
0x00411040
0x0041104b
0x0041104f
0x00411057
0x0041105b
0x00411060
0x00411063
0x004113a7
0x004113aa
0x004113b2
0x004113b6
0x004113c1
0x004113c5
0x004113ca
0x004113d4
0x004113d9
0x004113e3
0x004113e8
0x0041129e
0x004112a4
0x004112ac
0x004112ac
0x00000000

APIs

__EH_prolog.LIBCMT ref: 00410F27

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 28a85ff73777532e8b256041fb6097bb697e513fdf5eb5fc4d58e57342cdf386
Instruction ID: 13d77ea9893de3ee9eca2abe8053b7bde07348bdf0aada694535453d8ba1c29b
Opcode Fuzzy Hash: 28a85ff73777532e8b256041fb6097bb697e513fdf5eb5fc4d58e57342cdf386
Instruction Fuzzy Hash: D4F19B30812259DFDB10EFA4C985BDDBBB4AF15308F10809EE919772D2DB785B48CB66

Uniqueness

Uniqueness Score: -1.00%

Function 00404033 Relevance: 3.2, APIs: 2, Instructions: 174
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E00404033(void* __edi) {
				signed int _t65;
				long _t67;
				signed int _t68;
				signed int _t71;
				intOrPtr* _t73;
				signed char _t74;
				signed char _t77;
				void* _t84;
				void* _t85;
				signed int _t87;
				signed int _t92;
				signed int _t98;
				long _t104;
				signed int _t109;
				long _t114;
				long _t115;
				void* _t116;
				signed int _t118;
				signed int _t120;
				signed int _t123;
				void* _t127;

				_t116 = __edi;
				E00417F20(E0041877C, _t127);
				E0040190B(_t127 - 0x18,  *((intOrPtr*)(_t127 + 8)));
				_t98 =  *(_t127 - 0x14);
				 *(_t127 - 4) =  *(_t127 - 4) & 0x00000000;
				if(_t98 == 0) {
					L13:
					E00401A6F(_t127 - 0x24, _t127 - 0x18);
					_t118 =  *(_t127 - 0x14);
					 *(_t127 - 4) = 1;
					while(1) {
						L14:
						_t65 = E00403FEB(_t116,  *(_t127 - 0x18)); // executed
						__eflags = _t65;
						if(_t65 != 0) {
							break;
						}
						_t67 = GetLastError();
						__eflags = _t67 - 0xb7;
						if(_t67 == 0xb7) {
							E0040279E(_t127 - 0x40);
							 *(_t127 - 4) = 2;
							_push(_t127 - 0x70);
							_push( *(_t127 - 0x18));
							_t77 = E0040497E(_t127 - 0x40, _t114, _t116); // executed
							__eflags = _t77;
							if(_t77 != 0) {
								_t77 =  *(_t127 - 0x70) >> 4;
								__eflags = _t77 & 0x00000001;
								if((_t77 & 0x00000001) != 0) {
									 *(_t127 - 4) = 1;
									E00402E39(_t77,  *((intOrPtr*)(_t127 - 0x40)));
									break;
								} else {
									_t92 = 0;
									__eflags = 0;
									goto L31;
								}
							} else {
								_t92 = 1;
								L31:
								E00402E39(E00402E39(E00402E39(_t77,  *((intOrPtr*)(_t127 - 0x40))),  *((intOrPtr*)(_t127 - 0x24))),  *(_t127 - 0x18));
							}
						} else {
							_t109 =  *(_t127 - 0x14);
							__eflags = _t109;
							if(_t109 == 0) {
								L44:
								_t92 = 0;
								L46:
								_t68 = E00402E39(_t67,  *((intOrPtr*)(_t127 - 0x24)));
								_t115 =  *(_t127 - 0x18);
								goto L47;
							} else {
								_t67 =  *(_t127 - 0x18);
								_t123 = _t67 + _t109 * 2 - 2;
								while(1) {
									__eflags =  *_t123 - 0x5c;
									if( *_t123 == 0x5c) {
										break;
									}
									__eflags = _t123 - _t67;
									if(_t123 == _t67) {
										_t118 = _t123 | 0xffffffff;
										__eflags = _t118;
									} else {
										_t123 = _t123;
										continue;
									}
									L23:
									__eflags = _t118;
									if(__eflags < 0 || __eflags == 0) {
										goto L44;
									} else {
										__eflags =  *((short*)(_t67 + _t118 * 2 - 2)) - 0x3a;
										if( *((short*)(_t67 + _t118 * 2 - 2)) == 0x3a) {
											goto L44;
										} else {
											_t84 = E004019D4(_t127 - 0x18, _t127 - 0x30, _t118);
											 *(_t127 - 4) = 3;
											_t85 = E00401975(_t127 - 0x18, _t84);
											 *(_t127 - 4) = 1;
											E00402E39(_t85,  *((intOrPtr*)(_t127 - 0x30)));
											goto L14;
										}
									}
									goto L48;
								}
								_t118 = _t123 - _t67 >> 1;
								goto L23;
							}
						}
						goto L48;
					}
					_t67 = E00401975(_t127 - 0x18, _t127 - 0x24);
					while(1) {
						L34:
						__eflags = _t118 -  *(_t127 - 0x14);
						if(_t118 >=  *(_t127 - 0x14)) {
							break;
						}
						_t104 =  *(_t127 - 0x18);
						_t120 = _t104 + 2 + _t118 * 2;
						while(1) {
							_t71 =  *_t120;
							__eflags = _t71 - 0x5c;
							if(_t71 == 0x5c) {
								break;
							}
							__eflags = _t71;
							if(_t71 == 0) {
								_t118 = _t120 | 0xffffffff;
								__eflags = _t118;
							} else {
								_t120 = _t120 + 2;
								continue;
							}
							L41:
							__eflags = _t118;
							if(_t118 < 0) {
								_t118 =  *(_t127 - 0x14);
							}
							_t73 = E004019D4(_t127 - 0x18, _t127 - 0x30, _t118);
							 *(_t127 - 4) = 4;
							_t74 = E00403FEB(_t116,  *_t73);
							asm("sbb bl, bl");
							 *(_t127 - 4) = 1;
							_t67 = E00402E39(_t74,  *((intOrPtr*)(_t127 - 0x30)));
							__eflags =  ~_t74 + 1;
							if( ~_t74 + 1 == 0) {
								goto L34;
							} else {
								goto L44;
							}
							goto L46;
						}
						_t118 = _t120 - _t104 >> 1;
						goto L41;
					}
					_t92 = 1;
					goto L46;
				} else {
					_t114 =  *(_t127 - 0x18);
					_t87 = _t114 + _t98 * 2 - 2;
					while( *_t87 != 0x5c) {
						if(_t87 == _t114) {
							_t68 = _t87 | 0xffffffff;
							__eflags = _t68;
						} else {
							_t87 = _t87;
							continue;
						}
						L7:
						__eflags = _t68;
						if(_t68 <= 0) {
							goto L13;
						} else {
							__eflags = _t68 - _t98 - 1;
							if(_t68 != _t98 - 1) {
								goto L13;
							} else {
								__eflags = _t98 - 3;
								if(_t98 != 3) {
									L12:
									E0040228E(_t127 - 0x18, _t68, 1);
									goto L13;
								} else {
									__eflags =  *((short*)(_t114 + 2)) - 0x3a;
									if( *((short*)(_t114 + 2)) != 0x3a) {
										goto L12;
									} else {
										_t92 = 1;
										L47:
										E00402E39(_t68, _t115);
									}
								}
							}
						}
						goto L48;
					}
					_t68 = _t87 - _t114 >> 1;
					goto L7;
				}
				L48:
				 *[fs:0x0] =  *((intOrPtr*)(_t127 - 0xc));
				return _t92;
			}

0x00404033
0x00404038
0x00404048
0x0040404d
0x00404050
0x00404056
0x0040409f
0x004040a6
0x004040ab
0x004040ae
0x004040b2
0x004040b2
0x004040b5
0x004040ba
0x004040bc
0x00000000
0x00000000
0x004040c2
0x004040c8
0x004040cd
0x00404141
0x00404149
0x0040414d
0x0040414e
0x00404151
0x00404156
0x00404158
0x00404161
0x00404164
0x00404166
0x0040418d
0x00404191
0x00000000
0x00404168
0x00404168
0x00404168
0x00000000
0x00404168
0x0040415a
0x0040415a
0x0040416a
0x0040417d
0x00404182
0x004040cf
0x004040cf
0x004040d2
0x004040d4
0x00404202
0x00404202
0x00404208
0x0040420b
0x00404210
0x00000000
0x004040da
0x004040da
0x004040dd
0x004040e1
0x004040e1
0x004040e5
0x00000000
0x00000000
0x004040e7
0x004040e9
0x004040f5
0x004040f5
0x004040eb
0x004040ec
0x00000000
0x004040ec
0x004040f8
0x004040f8
0x004040fa
0x00000000
0x00404106
0x00404106
0x0040410c
0x00000000
0x00404112
0x0040411a
0x00404123
0x00404127
0x0040412f
0x00404133
0x00000000
0x00404138
0x0040410c
0x00000000
0x004040fa
0x004040f1
0x00000000
0x004040f1
0x004040d4
0x00000000
0x004040cd
0x0040419e
0x004041a3
0x004041a3
0x004041a3
0x004041a6
0x00000000
0x00000000
0x004041a8
0x004041ab
0x004041af
0x004041af
0x004041b2
0x004041b6
0x00000000
0x00000000
0x004041b8
0x004041bb
0x004041c7
0x004041c7
0x004041bd
0x004041be
0x00000000
0x004041be
0x004041ca
0x004041ca
0x004041cc
0x004041ce
0x004041ce
0x004041d9
0x004041e0
0x004041e4
0x004041f0
0x004041f2
0x004041f8
0x004041fd
0x00404200
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00404200
0x004041c3
0x00000000
0x004041c3
0x00404206
0x00000000
0x00404058
0x00404058
0x0040405b
0x0040405f
0x00404067
0x00404073
0x00404073
0x00404069
0x0040406a
0x00000000
0x0040406a
0x00404076
0x00404076
0x00404078
0x00000000
0x0040407a
0x0040407d
0x0040407f
0x00000000
0x00404081
0x00404081
0x00404084
0x00404094
0x0040409a
0x00000000
0x00404086
0x00404086
0x0040408b
0x00000000
0x0040408d
0x0040408d
0x00404214
0x00404215
0x0040421a
0x0040408b
0x00404084
0x0040407f
0x00000000
0x00404078
0x0040406f
0x00000000
0x0040406f
0x0040421b
0x00404222
0x0040422a

APIs

__EH_prolog.LIBCMT ref: 00404038
GetLastError.KERNEL32(?,?,?,?,00000000), ref: 004040C2

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ErrorH_prologLast
String ID:
API String ID: 1057991267-0
Opcode ID: 080025d6c242cd595aee10c1d246f80f203de190cde2bf3e2e8749920cef0ec5
Instruction ID: 553582230435b2f7b116507667b3fbc3a8fd60cddbfbf1af8eb0f6b392f09343
Opcode Fuzzy Hash: 080025d6c242cd595aee10c1d246f80f203de190cde2bf3e2e8749920cef0ec5
Instruction Fuzzy Hash: AC51E0B190011ADACF11ABA0C949AEFBB70AF61308F10417FEB01772D2D7794D86C799

Uniqueness

Uniqueness Score: -1.00%

Function 0040AA5E Relevance: 3.1, APIs: 2, Instructions: 105
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AA5E(void* __ebx, intOrPtr* __ecx, void* __edx) {
				intOrPtr* _t66;
				intOrPtr* _t67;
				intOrPtr _t68;
				void* _t70;
				intOrPtr _t71;
				intOrPtr* _t72;
				intOrPtr _t76;
				intOrPtr* _t77;
				void* _t82;
				intOrPtr _t87;
				void* _t100;
				signed int _t104;
				signed int _t105;
				intOrPtr* _t108;
				void* _t110;

				_t100 = __edx;
				E00417F20(E00419520, _t110);
				_t108 = __ecx;
				_t104 = 0;
				 *(_t110 - 0x18) =  *(__ecx + 0x64);
				 *((intOrPtr*)(_t110 - 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x60))));
				if(WaitForMultipleObjects(2, _t110 - 0x18, 0, 0xffffffff) != 0) {
					_t82 = _t108 + 0x94;
					E004030DF();
					E004030DF();
					if( *((intOrPtr*)(_t108 + 8)) > 0) {
						do {
							_t76 =  *((intOrPtr*)(_t108 + 0x44));
							_t77 = _t76 + _t104 * 4;
							if( *((intOrPtr*)(_t76 + _t104 * 4)) != 0) {
								 *_t77 =  *((intOrPtr*)(_t108 + 0x1c)) + _t104 * 8;
							}
							E0040882F(_t82, _t100,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t108 + 0x78)) + _t104 * 4)))));
							_t104 = _t104 + 1;
						} while (_t104 <  *((intOrPtr*)(_t108 + 8)));
					}
					_t105 = 0;
					if( *((intOrPtr*)(_t108 + 0xc)) > 0) {
						do {
							_t71 =  *((intOrPtr*)(_t108 + 0x58));
							_t72 = _t71 + _t105 * 4;
							if( *((intOrPtr*)(_t71 + _t105 * 4)) != 0) {
								 *_t72 =  *((intOrPtr*)(_t108 + 0x30)) + _t105 * 8;
							}
							E0040882F(_t108 + 0xa8, _t100,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t108 + 0x8c)) + _t105 * 4)))));
							_t105 = _t105 + 1;
						} while (_t105 <  *((intOrPtr*)(_t108 + 0xc)));
					}
					 *((intOrPtr*)(_t110 - 0x10)) = _t108;
					_t66 =  *_t108;
					 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
					_t87 =  *((intOrPtr*)(_t108 + 0xbc));
					if(_t66 == 0) {
						_t67 =  *((intOrPtr*)(_t108 + 4));
						_t68 =  *((intOrPtr*)( *_t67 + 0xc))(_t67,  *((intOrPtr*)(_t108 + 0xa0)),  *((intOrPtr*)(_t108 + 0x44)),  *((intOrPtr*)(_t108 + 8)),  *((intOrPtr*)(_t108 + 0xb4)),  *((intOrPtr*)(_t108 + 0x58)),  *((intOrPtr*)(_t108 + 0xc)), _t87);
					} else {
						_t68 =  *((intOrPtr*)( *_t66 + 0xc))(_t66,  *((intOrPtr*)( *((intOrPtr*)(_t108 + 0xa0)))),  *((intOrPtr*)( *((intOrPtr*)(_t108 + 0xb4)))),  *((intOrPtr*)( *((intOrPtr*)(_t108 + 0x44)))),  *((intOrPtr*)( *((intOrPtr*)(_t108 + 0x58)))), _t87);
					}
					 *(_t110 - 4) =  *(_t110 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t108 + 0xc0)) = _t68;
					E0040AB93(_t110 - 0x10);
					_t70 = 1;
				} else {
					_t70 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t110 - 0xc));
				return _t70;
			}

0x0040aa5e
0x0040aa63
0x0040aa6c
0x0040aa6f
0x0040aa76
0x0040aa7f
0x0040aa90
0x0040aa9a
0x0040aaa2
0x0040aaad
0x0040aab6
0x0040aab8
0x0040aab8
0x0040aabf
0x0040aac2
0x0040aaca
0x0040aaca
0x0040aad6
0x0040aadb
0x0040aadc
0x0040aab8
0x0040aae1
0x0040aae7
0x0040aae9
0x0040aae9
0x0040aaf0
0x0040aaf3
0x0040aafb
0x0040aafb
0x0040ab0e
0x0040ab13
0x0040ab14
0x0040aae9
0x0040ab19
0x0040ab1c
0x0040ab1e
0x0040ab22
0x0040ab2a
0x0040ab50
0x0040ab6e
0x0040ab2c
0x0040ab4a
0x0040ab4a
0x0040ab71
0x0040ab78
0x0040ab7e
0x0040ab83
0x0040aa92
0x0040aa92
0x0040aa92
0x0040ab8a
0x0040ab92

APIs

__EH_prolog.LIBCMT ref: 0040AA63
WaitForMultipleObjects.KERNEL32(00000002,000000FF,00000000,000000FF), ref: 0040AA88

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prologMultipleObjectsWait
String ID:
API String ID: 1786005261-0
Opcode ID: 01809877176fc2c6734b752e88ba7ef30bda33ed4536cbb3309a309671a4ca58
Instruction ID: 91bdac2708d5532562f52593b68a9619f63ed7a3713799889eb7e3e79627f11f
Opcode Fuzzy Hash: 01809877176fc2c6734b752e88ba7ef30bda33ed4536cbb3309a309671a4ca58
Instruction Fuzzy Hash: EB413431600705DFCB25CFA5C880AAAB7F6FB48304F00496EE2A6972A1CB35B855CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0040903E Relevance: 3.1, APIs: 2, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E0040903E(void* __edx) {
				void* _t22;
				long _t23;
				void* _t37;
				long _t40;
				intOrPtr* _t43;
				void* _t45;

				_t37 = __edx;
				E00417F20(E00419050, _t45);
				_push(0x18);
				if(E00402E12() == 0) {
					_t43 = 0;
					__eflags = 0;
				} else {
					_t43 = E0040788B(_t19);
				}
				 *((intOrPtr*)(_t45 - 0x10)) = _t43;
				if(_t43 != 0) {
					 *((intOrPtr*)( *_t43 + 4))(_t43);
				}
				_t39 =  *((intOrPtr*)(_t45 + 8));
				 *(_t45 - 4) =  *(_t45 - 4) & 0x00000000;
				_t33 = _t43;
				if(E00405C97(_t43,  *((intOrPtr*)( *((intOrPtr*)(_t45 + 8))))) != 0) {
					_t22 = E00403344(_t33, _t45 - 0x1c, _t39);
					_push( *((intOrPtr*)(_t45 + 0x18)));
					 *(_t45 - 4) = 1;
					_push( *((intOrPtr*)(_t45 + 0x14)));
					_push( *((intOrPtr*)(_t45 + 0x10)));
					_push( *((intOrPtr*)(_t45 + 0xc)));
					_push(_t22);
					_push(_t43); // executed
					_t23 = E00408CE2(_t37, __eflags); // executed
					_t40 = _t23;
					E00402E39(_t23,  *((intOrPtr*)(_t45 - 0x1c)));
				} else {
					_t40 = GetLastError();
				}
				 *(_t45 - 4) =  *(_t45 - 4) | 0xffffffff;
				if(_t43 != 0) {
					 *((intOrPtr*)( *_t43 + 8))(_t43);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t45 - 0xc));
				return _t40;
			}

0x0040903e
0x00409043
0x0040904d
0x00409057
0x00409064
0x00409064
0x00409059
0x00409060
0x00409060
0x00409068
0x0040906b
0x00409070
0x00409070
0x00409073
0x00409076
0x0040907a
0x00409085
0x00409096
0x0040909b
0x0040909e
0x004090a2
0x004090a5
0x004090a8
0x004090ab
0x004090ac
0x004090ad
0x004090b5
0x004090b7
0x00409087
0x0040908d
0x0040908d
0x004090bd
0x004090c3
0x004090c8
0x004090c8
0x004090d2
0x004090da

APIs

__EH_prolog.LIBCMT ref: 00409043

Part of subcall function 00402E12: malloc.MSVCRT ref: 00402E18
Part of subcall function 00402E12: _CxxThrowException.MSVCRT(?,0041C440), ref: 00402E32

GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,00000000,?,?,0000000F), ref: 00409087

Part of subcall function 00408CE2: __EH_prolog.LIBCMT ref: 00408CE7

Part of subcall function 00402E39: free.MSVCRT(00000000,00401D31,?,?,?,00000000,0040105A,0000000F,?,?,00000000), ref: 00402E3D

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$ErrorExceptionLastThrowfreemalloc
String ID:
API String ID: 1455235784-0
Opcode ID: 438f127a3e0fc95236f05e8177ddae28f35a6dbcca531e65b49f2bf53542cf62
Instruction ID: feac3bc83fb1c1cee728802e675c95c667848cc563fd1b6af316fc2cf5eaa5d9
Opcode Fuzzy Hash: 438f127a3e0fc95236f05e8177ddae28f35a6dbcca531e65b49f2bf53542cf62
Instruction Fuzzy Hash: 4511C432901114ABCF11AFA1C909A9FBF75EF44750F10402AFC11B72D2CB398D11DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040948E Relevance: 3.0, APIs: 2, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E0040948E(void* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				intOrPtr* _t21;
				signed char _t23;
				void* _t25;
				void* _t38;
				void* _t40;
				void* _t43;
				void* _t45;

				_t38 = __edx;
				E00417F20(E004190D4, _t45);
				_t43 = __ecx;
				_t40 = __ecx + 0x14;
				E00401975(_t40,  *((intOrPtr*)(_t45 + 8)));
				_push( *((intOrPtr*)(_t45 + 0xc)));
				_push(_t40);
				_push(_t45 - 0x18);
				_t21 = E00403BA6(_t38);
				 *(_t45 - 4) =  *(_t45 - 4) & 0x00000000;
				_push(_t43 + 0x20);
				_push( *_t21); // executed
				_t23 = E0040497E(_t43 + 0x20, _t38, _t40); // executed
				asm("sbb bl, bl");
				 *(_t45 - 4) =  *(_t45 - 4) | 0xffffffff;
				E00402E39(_t23,  *((intOrPtr*)(_t45 - 0x18)));
				if( ~_t23 + 1 != 0) {
					_push(0x41c1c0);
					_push(_t45 + 8);
					 *((intOrPtr*)(_t45 + 8)) = 1;
					L00417F68();
				}
				_t25 = E004030DF();
				 *(_t43 + 0x60) =  *(_t43 + 0x60) & 0x00000000;
				 *[fs:0x0] =  *((intOrPtr*)(_t45 - 0xc));
				return _t25;
			}

0x0040948e
0x00409493
0x0040949d
0x004094a3
0x004094a8
0x004094ad
0x004094b3
0x004094b4
0x004094b5
0x004094bc
0x004094c3
0x004094c4
0x004094c5
0x004094d1
0x004094d3
0x004094d9
0x004094e1
0x004094e6
0x004094eb
0x004094ec
0x004094f3
0x004094f3
0x004094fb
0x00409500
0x0040950a
0x00409512

APIs

__EH_prolog.LIBCMT ref: 00409493

Part of subcall function 00403BA6: __EH_prolog.LIBCMT ref: 00403BAB

Part of subcall function 0040497E: __EH_prolog.LIBCMT ref: 00404983

Part of subcall function 00402E39: free.MSVCRT(00000000,00401D31,?,?,?,00000000,0040105A,0000000F,?,?,00000000), ref: 00402E3D

_CxxThrowException.MSVCRT(?,0041C1C0), ref: 004094F3

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$ExceptionThrowfree
String ID:
API String ID: 1371406966-0
Opcode ID: d2933ca0736f224e005e04f9bf233c9f1fc3c583b520d39149eb0ec7b4ff5d1c
Instruction ID: 6628bdcabad0ff01a4371d89d7ba4577efac5ecf02a485f883ff08a43f621030
Opcode Fuzzy Hash: d2933ca0736f224e005e04f9bf233c9f1fc3c583b520d39149eb0ec7b4ff5d1c
Instruction Fuzzy Hash: 5401DEB2540209ABCB10EFB1C856EDFBBB8EF45318F00412EF141672D2C778AA09CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0040592D Relevance: 3.0, APIs: 2, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E0040592D(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, long _a16) {
				long _t10;
				signed char _t11;
				struct HWND__* _t17;

				_t17 = _a4;
				if(_a8 == 0x110) {
					SetWindowLongA(_t17, 0xffffffeb, _a16);
				}
				_t10 = GetWindowLongA(_t17, 0xffffffeb);
				if(_t10 != 0) {
					if(_a8 == 0x110) {
						 *(_t10 + 4) = _t17;
					}
					_t11 =  *((intOrPtr*)( *_t10 + 4))(_a8, _a12, _a16);
					asm("sbb eax, eax");
					return  ~( ~_t11);
				}
				return _t10;
			}

0x0040593a
0x0040593d
0x00405945
0x00405945
0x0040594e
0x00405956
0x0040595b
0x0040595d
0x0040595d
0x0040596d
0x00405972
0x00000000
0x00405974
0x00405979

APIs

SetWindowLongA.USER32 ref: 00405945
GetWindowLongA.USER32 ref: 0040594E

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 47e17ef5f279431237ad9b03fe07143210b965b9ff6a073d895915c55fa2fa74
Instruction ID: d947436a8f2104b2133d1f1d1bff4b4b2c17dcfa74bdeba53e69d7154100894e
Opcode Fuzzy Hash: 47e17ef5f279431237ad9b03fe07143210b965b9ff6a073d895915c55fa2fa74
Instruction Fuzzy Hash: 74F03A31204119BFCF128F65DC04CAB7B69EB85B71B04C62AF919A62A0C734D810DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00404B77 Relevance: 3.0, APIs: 2, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00404B77(void* __ecx, long _a4, long _a8, long _a12, long* _a16) {
				long _v8;
				long _v12;
				long _t13;
				long _t14;
				long* _t15;

				_push(__ecx);
				_push(__ecx);
				_t13 = _a4;
				_v8 = _a8;
				_v12 = _t13;
				_t14 = SetFilePointer( *(__ecx + 8), _t13,  &_v8, _a12); // executed
				_v12 = _t14;
				if(_t14 != 0xffffffff || GetLastError() == 0) {
					_t15 = _a16;
					 *_t15 = _v12;
					_t15[1] = _v8;
					return 1;
				} else {
					return 0;
				}
			}

0x00404b7a
0x00404b7b
0x00404b82
0x00404b85
0x00404b8b
0x00404b93
0x00404b9c
0x00404b9f
0x00404baf
0x00404bb5
0x00404bba
0x00000000
0x00404bab
0x00000000
0x00404bab

APIs

SetFilePointer.KERNELBASE(?,?,?,?), ref: 00404B93
GetLastError.KERNEL32 ref: 00404BA1

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: fecaf00ad3e76744175a40dca52fc32aa6a2aca8a8f093c6092f238a423867c4
Instruction ID: 9c12adbfea6f859350077d2737dc833338c4af6415a3ae7552350777a5d48ae9
Opcode Fuzzy Hash: fecaf00ad3e76744175a40dca52fc32aa6a2aca8a8f093c6092f238a423867c4
Instruction Fuzzy Hash: 0FF017B4500208EFCB04CF54D9408AE7BBAEB88310B2081A9F915A7390D735EE11DB68

Uniqueness

Uniqueness Score: -1.00%

Function 00403E6C Relevance: 3.0, APIs: 2, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00403E6C(void* __edi, WCHAR* _a4, long _a8) {
				char _v16;
				void* __ebp;
				int _t12;
				signed int _t15;
				signed int _t18;

				if( *0x4207ec == 0) {
					_push(_t18);
					_t12 = SetFileAttributesA( *(E00403EBD(__edi,  &_v16, _a4)), _a8);
					E00402E39(_t12, _v16);
					return _t18 & 0xffffff00 | _t12 != 0x00000000;
				}
				_t15 = SetFileAttributesW(_a4, _a8); // executed
				asm("sbb eax, eax");
				return  ~( ~_t15);
			}

0x00403e79
0x00403e8f
0x00403ea2
0x00403eb0
0x00000000
0x00403eb8
0x00403e81
0x00403e89
0x00000000

APIs

SetFileAttributesW.KERNELBASE(?,?), ref: 00403E81
SetFileAttributesA.KERNEL32(?,?,?,?), ref: 00403EA2

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 310f21501a5be016182dd7003fe7342de844ec8930650a1897f17ddddea5bc00
Instruction ID: d8cbb10b9b343eb5b4d9ef2247b2341a0df6115b230ac55574fd6bd4061e75c1
Opcode Fuzzy Hash: 310f21501a5be016182dd7003fe7342de844ec8930650a1897f17ddddea5bc00
Instruction Fuzzy Hash: E5F03075940109BBCF026FB5EC09ACF7FACAB08301B008566BA1AE61A1D739C259DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00417E2B Relevance: 3.0, APIs: 2, Instructions: 28
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00417E2B(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t12;
				void* _t18;

				_t18 = __ecx;
				if(_a4 == 0xc) {
					if( *(__ecx + 8) != 0) {
						L5:
						_t12 = E0040586F(_t18, _a4, _a8, _a12); // executed
						return _t12;
					}
					L4:
					return 1;
				}
				if(_a4 != 0x401) {
					goto L5;
				}
				KillTimer( *(__ecx + 4),  *(__ecx + 8));
				 *(_t18 + 8) =  *(_t18 + 8) & 0x00000000;
				EndDialog( *(_t18 + 4), 0); // executed
				goto L4;
			}

0x00417e33
0x00417e35
0x00417e61
0x00417e67
0x00417e72
0x00000000
0x00417e72
0x00417e63
0x00000000
0x00417e63
0x00417e3e
0x00000000
0x00000000
0x00417e46
0x00417e4c
0x00417e55
0x00000000

APIs

KillTimer.USER32(?,00000401), ref: 00417E46
KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 00417E55

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: CallbackDispatcherKillTimerUser
String ID:
API String ID: 45433635-0
Opcode ID: 575b3fc409ac8f43412b9a8e833fd7be49e1a2dba526143f4eaeb2760c886ec6
Instruction ID: 9c8b30d2b9d70393699bdf8663fb78bcfb0c0fc285002a01acac569db1dcef5f
Opcode Fuzzy Hash: 575b3fc409ac8f43412b9a8e833fd7be49e1a2dba526143f4eaeb2760c886ec6
Instruction Fuzzy Hash: 48F03435004718EBCF211F01D848BAA7BB5EB00751F10C42AFA5A14A60C376A8A1EB89

Uniqueness

Uniqueness Score: -1.00%

Function 00418075 Relevance: 3.0, APIs: 2, Instructions: 12COMMON

Download Yara Rule

APIs

_onexit.KERNELBASE ref: 00418082
__dllonexit.MSVCRT ref: 00418098

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: __dllonexit_onexit
String ID:
API String ID: 2384194067-0
Opcode ID: 9bef378c4827da5c3d03dda6915b570280ae9456069aff500238d3875735a64c
Instruction ID: 2d176f09d34146333d225198213e5c843084d96cd61f927e1ee44e9013c17f79
Opcode Fuzzy Hash: 9bef378c4827da5c3d03dda6915b570280ae9456069aff500238d3875735a64c
Instruction Fuzzy Hash: 44C01230A90A00FACA111B20FC0A9857711AF91736FF0C36EF065105F18B390495AA0A

Uniqueness

Uniqueness Score: -1.00%

Function 00402E12 Relevance: 2.5, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00402E12(int _a4, char _a7) {
				void* _t5;
				char* _t7;

				_t5 = malloc(_a4); // executed
				if(_t5 == 0) {
					_push(0x41c440);
					_t7 =  &_a7;
					_push(_t7);
					L00417F68();
					return _t7;
				}
				return _t5;
			}

0x00402e18
0x00402e21
0x00402e26
0x00402e2e
0x00402e31
0x00402e32
0x00000000
0x00402e32
0x00402e38

APIs

malloc.MSVCRT ref: 00402E18
_CxxThrowException.MSVCRT(?,0041C440), ref: 00402E32

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ExceptionThrowmalloc
String ID:
API String ID: 2436765578-0
Opcode ID: 79669263aa9d3fd70470ab286481168121b981e8211ca0f3d48a9d4cc4ae6c00
Instruction ID: 431b3bfe8eb0b821248bdfabbccc367a8d20383d981a6c2ec53dfbc4564ab6a4
Opcode Fuzzy Hash: 79669263aa9d3fd70470ab286481168121b981e8211ca0f3d48a9d4cc4ae6c00
Instruction Fuzzy Hash: E3D0A93118828C7ACF006FA1DC088DB3F2C8904AA8B00902BF81C8E286DA34C3918799

Uniqueness

Uniqueness Score: -1.00%

Function 0040E087 Relevance: 2.1, APIs: 1, Instructions: 576
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E0040E087(intOrPtr __edx) {
				signed int _t310;
				signed char _t312;
				signed int _t314;
				signed char _t315;
				signed int _t318;
				signed char _t322;
				signed char _t325;
				void* _t326;
				intOrPtr _t329;
				signed char _t330;
				signed char _t333;
				signed char _t335;
				intOrPtr _t339;
				signed char _t341;
				signed char _t344;
				signed char _t345;
				signed char _t357;
				signed char _t365;
				signed char _t366;
				signed char _t367;
				signed char _t368;
				signed char _t372;
				signed char _t379;
				signed char _t380;
				signed char _t381;
				signed char _t382;
				signed char _t387;
				signed char _t388;
				signed char _t389;
				signed char _t396;
				signed char _t397;
				signed char _t398;
				signed char _t409;
				signed char _t411;
				signed char _t415;
				signed int _t425;
				intOrPtr _t433;
				intOrPtr _t442;
				signed char _t446;
				signed char _t452;
				signed char _t454;
				signed char _t455;
				signed char _t456;
				void* _t458;
				intOrPtr _t459;
				signed char _t470;
				intOrPtr _t537;
				intOrPtr _t547;
				intOrPtr* _t551;
				signed int _t553;
				signed int _t555;
				signed int _t556;
				intOrPtr _t557;
				void* _t561;
				signed char _t562;
				intOrPtr _t565;
				void* _t566;
				void* _t568;

				_t547 = __edx;
				_t310 = E00417F20(E00419C64, _t566);
				_t452 = 0;
				 *(_t566 - 4) = 0;
				 *((char*)(_t566 - 0x44)) = _t310 & 0xffffff00 |  *(_t566 + 0x14) != 0x00000000;
				_t312 =  *(_t566 + 0x18);
				 *((intOrPtr*)(_t566 - 0x10)) = _t568 - 0x124;
				 *(_t566 + 0x18) = _t312;
				if(_t312 != 0) {
					 *((intOrPtr*)( *_t312 + 4))(_t312);
				}
				 *(_t566 - 4) = 1;
				 *(_t566 - 0x24) = _t452;
				 *(_t566 - 0x20) = _t452;
				 *((char*)(_t566 + 0x17)) =  *(_t566 + 0x10) == 0xffffffff;
				if( *((char*)(_t566 + 0x17)) != 0) {
					 *(_t566 + 0x10) =  *( *((intOrPtr*)(_t566 + 8)) + 0x7c);
				}
				if( *(_t566 + 0x10) != _t452) {
					E00401CD0(_t566 - 0x38);
					 *((intOrPtr*)(_t566 - 0x38)) = 0x41bb10;
					_t314 = 0;
					__eflags = 0;
					 *(_t566 - 4) = 2;
					 *(_t566 - 0x18) = 0;
					while(1) {
						__eflags = _t314 -  *(_t566 + 0x10);
						if(__eflags >= 0) {
							break;
						}
						__eflags =  *((char*)(_t566 + 0x17));
						if( *((char*)(_t566 + 0x17)) == 0) {
							_t314 =  *( *(_t566 + 0xc) + _t314 * 4);
						}
						_t563 =  *((intOrPtr*)(_t566 + 8));
						 *(_t566 - 0x1c) = _t314;
						_t556 =  *( *((intOrPtr*)( *((intOrPtr*)(_t566 + 8)) + 0x110)) + _t314 * 4);
						__eflags = _t556 - 0xffffffff;
						if(_t556 != 0xffffffff) {
							_t425 =  *(_t566 - 0x30);
							__eflags = _t425 - _t452;
							if(_t425 == _t452) {
								L16:
								 *(_t566 - 0x7c) =  *(_t566 - 0x7c) | 0xffffffff;
								 *(_t566 - 0x78) = _t556;
								E0040E986(_t566 - 0x74);
								 *(_t566 - 0x5c) = _t452;
								 *(_t566 - 0x58) = _t452;
								_push(_t566 - 0x7c);
								 *(_t566 - 4) = 5;
								E0040E9FB(_t566 - 0x38, _t547);
								 *(_t566 - 4) = 2;
								E004030CF(_t566 - 0x74);
								_t537 = E0040E81D( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x58)) + _t556 * 4)));
								_t67 = _t566 - 0x24;
								 *_t67 =  *(_t566 - 0x24) + _t537;
								__eflags =  *_t67;
								_t433 =  *((intOrPtr*)( *((intOrPtr*)(_t566 - 0x2c)) +  *(_t566 - 0x30) * 4 - 4));
								asm("adc [ebp-0x20], edx");
								 *((intOrPtr*)(_t433 + 0x20)) = _t537;
								 *((intOrPtr*)(_t433 + 0x24)) = _t547;
								L17:
								_t565 =  *((intOrPtr*)( *((intOrPtr*)(_t566 - 0x2c)) +  *(_t566 - 0x30) * 4 - 4));
								_t459 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t566 + 8)) + 0xfc)) + _t556 * 4));
								_t557 =  *((intOrPtr*)(_t565 + 0x10));
								while(1) {
									_t438 =  *(_t566 - 0x1c) - _t459;
									__eflags = _t557 -  *(_t566 - 0x1c) - _t459;
									if(_t557 >  *(_t566 - 0x1c) - _t459) {
										goto L13;
									}
									_t87 = _t565 + 8; // 0xa
									E0040E9A1(_t87, _t547, _t438 & 0xffffff00 | __eflags == 0x00000000);
									_t557 = _t557 + 1;
								}
								goto L13;
							}
							_t442 =  *((intOrPtr*)( *((intOrPtr*)(_t566 - 0x2c)) + _t425 * 4 - 4));
							__eflags = _t556 -  *((intOrPtr*)(_t442 + 4));
							if(_t556 ==  *((intOrPtr*)(_t442 + 4))) {
								goto L17;
							}
							goto L16;
						} else {
							_push(_t556);
							_push(_t314);
							_push(E0040E89C(_t566 - 0x130, _t547));
							 *(_t566 - 4) = 3;
							E0040E9FB(_t566 - 0x38, _t547);
							 *(_t566 - 4) = 2;
							E004030CF(_t566 - 0x128);
							L13:
							_t314 =  *(_t566 - 0x18) + 1;
							_t452 = 0;
							 *(_t566 - 0x18) = _t314;
							continue;
						}
					}
					_t315 =  *(_t566 + 0x18);
					 *((intOrPtr*)( *_t315 + 0xc))(_t315,  *(_t566 - 0x24),  *(_t566 - 0x20));
					E0040C876(_t566 - 0x108, __eflags, 1);
					_t318 = 0;
					__eflags = 0;
					 *(_t566 - 4) = 6;
					 *(_t566 - 0x40) = _t452;
					 *(_t566 - 0x3c) = _t452;
					 *(_t566 - 0x1c) = 0;
					while(1) {
						__eflags = _t318 -  *(_t566 - 0x30);
						if(_t318 >=  *(_t566 - 0x30)) {
							break;
						}
						_t548 = _t566 - 0x40;
						_t551 =  *((intOrPtr*)( *((intOrPtr*)(_t566 - 0x2c)) + _t318 * 4));
						 *((intOrPtr*)(_t566 - 0x4c)) =  *((intOrPtr*)(_t551 + 0x20));
						 *((intOrPtr*)(_t566 - 0x48)) =  *((intOrPtr*)(_t551 + 0x24));
						_t325 =  *(_t566 + 0x18);
						_t326 =  *((intOrPtr*)( *_t325 + 0x10))(_t325, _t566 - 0x40);
						__eflags = _t326 - _t452;
						if(_t326 == _t452) {
							_push(0x38);
							_t470 = E00402E12();
							 *(_t566 - 0x20) = _t470;
							__eflags = _t470 - _t452;
							 *(_t566 - 4) = 8;
							if(_t470 != _t452) {
								_t452 = E0040EB76(_t470);
							}
							__eflags = _t452;
							 *(_t566 - 0x18) = _t452;
							 *(_t566 - 4) = 6;
							 *(_t566 + 0x10) = _t452;
							if(_t452 != 0) {
								 *((intOrPtr*)( *_t452 + 4))(_t452);
							}
							 *(_t566 - 4) = 9;
							_t561 =  *((intOrPtr*)(_t566 + 8)) + 0x10;
							_t329 =  *_t551;
							__eflags = _t329 - 0xffffffff;
							if(_t329 == 0xffffffff) {
								_t329 =  *((intOrPtr*)( *((intOrPtr*)(_t561 + 0xec)) +  *(_t551 + 4) * 4));
							}
							_t330 = E0040EC77(_t452, _t561, 0, _t329, _t551 + 8,  *(_t566 + 0x18),  *((intOrPtr*)(_t566 - 0x44))); // executed
							_t454 = _t330;
							__eflags = _t454;
							if(_t454 == 0) {
								__eflags =  *_t551 - 0xffffffff;
								if( *_t551 == 0xffffffff) {
									_t553 =  *(_t551 + 4) << 2;
									_push(0x10);
									 *(_t566 - 0x20) =  *( *((intOrPtr*)(_t561 + 0x48)) + _t553);
									_t333 = E00402E12();
									__eflags = _t333;
									if(_t333 == 0) {
										_t455 = 0;
										__eflags = 0;
									} else {
										 *(_t333 + 4) =  *(_t333 + 4) & 0x00000000;
										 *(_t333 + 8) =  *(_t333 + 8) & 0x00000000;
										 *_t333 = 0x41bb00;
										_t455 = _t333;
									}
									__eflags = _t455;
									 *(_t566 - 0x14) = _t455;
									if(_t455 != 0) {
										 *((intOrPtr*)( *_t455 + 4))(_t455);
									}
									_push(0);
									 *(_t566 - 4) = 0xb;
									E004062DB(_t455,  *(_t566 + 0x18));
									_push(0x20);
									_t335 = E00402E12();
									_t456 = 0;
									__eflags = _t335;
									if(_t335 != 0) {
										 *((intOrPtr*)(_t335 + 4)) = 0;
										 *((intOrPtr*)(_t335 + 8)) = 0;
										 *_t335 = 0x41baf0;
										_t456 = _t335;
									}
									__eflags = _t456;
									 *(_t566 + 0xc) = _t456;
									if(_t456 != 0) {
										 *((intOrPtr*)( *_t456 + 4))(_t456);
									}
									_push(_t566 - 0x40);
									 *(_t566 - 4) = 0xc;
									E0040622C(_t456,  *(_t566 - 0x14), 0);
									_t339 =  *((intOrPtr*)(_t561 + 0xc4));
									_t555 =  *( *((intOrPtr*)(_t561 + 0xd8)) + _t553) << 3;
									_t458 =  *((intOrPtr*)(_t339 + _t555)) +  *((intOrPtr*)(_t561 + 0x90));
									asm("adc eax, [esi+0x94]");
									 *(_t566 + 0x14) =  *(_t566 + 0x14) & 0x00000000;
									 *((intOrPtr*)(_t566 - 0x50)) =  *((intOrPtr*)(_t339 + _t555 + 4));
									_t341 =  *(_t566 + 0x18);
									 *(_t566 - 4) = 0xd;
									__eflags = _t341;
									if(__eflags != 0) {
										_t548 = _t566 + 0x14;
										 *((intOrPtr*)( *_t341))(_t341, 0x41b240, _t566 + 0x14);
									}
									 *(_t566 - 4) = 0xe;
									_t344 = E0040C8D0(_t566 - 0x108, _t548, __eflags,  *((intOrPtr*)( *((intOrPtr*)(_t566 + 8)) + 8)), _t458,  *((intOrPtr*)(_t566 - 0x50)),  *((intOrPtr*)(_t561 + 0xc)) + _t555,  *(_t566 - 0x20),  *(_t566 + 0x10),  *(_t566 + 0xc),  *(_t566 + 0x14)); // executed
									_t562 = _t344;
									__eflags = _t562 - 1;
									if(_t562 != 1) {
										__eflags = _t562 - 0x80004001;
										if(_t562 != 0x80004001) {
											__eflags = _t562;
											if(_t562 == 0) {
												_t345 = E0040EF71( *(_t566 - 0x18));
												__eflags = _t345;
												if(_t345 == 0) {
													 *(_t566 - 4) = 0xc;
													E004099E1(_t566 + 0x14);
													 *(_t566 - 4) = 0xb;
													E004099E1(_t566 + 0xc);
													 *(_t566 - 4) = 9;
													E004099E1(_t566 - 0x14);
													 *(_t566 - 4) = 6;
													E004099E1(_t566 + 0x10);
													goto L103;
												}
												_t562 = E0040EF24( *(_t566 - 0x18), _t566, 2);
												 *(_t566 - 4) = 0xc;
												__eflags = _t562;
												if(_t562 == 0) {
													E004099E1(_t566 + 0x14);
													 *(_t566 - 4) = 0xb;
													E004099E1(_t566 + 0xc);
													 *(_t566 - 4) = 9;
													E004099E1(_t566 - 0x14);
													 *(_t566 - 4) = 6;
													E004099E1(_t566 + 0x10);
													goto L100;
												}
												_t357 =  *(_t566 + 0x14);
												__eflags = _t357;
												if(_t357 != 0) {
													 *((intOrPtr*)( *_t357 + 8))(_t357);
												}
												 *(_t566 - 4) = 0xb;
												E004099E1(_t566 + 0xc);
												 *(_t566 - 4) = 9;
												E004099E1(_t566 - 0x14);
												 *(_t566 - 4) = 6;
												E004099E1(_t566 + 0x10);
												 *(_t566 - 4) = 2;
												E0040E90E(_t566 - 0x108);
												 *(_t566 - 4) = 1;
												E0040E9C3(_t566 - 0x38);
												_t275 = _t566 - 4;
												 *_t275 =  *(_t566 - 4) & 0x00000000;
												__eflags =  *_t275;
												E004099E1(_t566 + 0x18);
												goto L98;
											}
											_t365 =  *(_t566 + 0x14);
											 *(_t566 - 4) = 0xc;
											__eflags = _t365;
											if(_t365 != 0) {
												 *((intOrPtr*)( *_t365 + 8))(_t365);
											}
											_t366 =  *(_t566 + 0xc);
											 *(_t566 - 4) = 0xb;
											__eflags = _t366;
											if(_t366 != 0) {
												 *((intOrPtr*)( *_t366 + 8))(_t366);
											}
											_t367 =  *(_t566 - 0x14);
											 *(_t566 - 4) = 9;
											__eflags = _t367;
											if(_t367 != 0) {
												 *((intOrPtr*)( *_t367 + 8))(_t367);
											}
											_t368 =  *(_t566 + 0x10);
											 *(_t566 - 4) = 6;
											__eflags = _t368;
											if(_t368 != 0) {
												 *((intOrPtr*)( *_t368 + 8))(_t368);
											}
											 *(_t566 - 4) = 2;
											E0040E90E(_t566 - 0x108);
											 *((intOrPtr*)(_t566 - 0x38)) = 0x41bb10;
											 *(_t566 - 4) = 0x11;
											goto L90;
										}
										_t562 = E0040EF24( *(_t566 - 0x18), _t566, 1);
										_t379 =  *(_t566 + 0x14);
										__eflags = _t562;
										 *(_t566 - 4) = 0xc;
										if(_t562 == 0) {
											goto L72;
										}
										__eflags = _t379;
										if(_t379 != 0) {
											 *((intOrPtr*)( *_t379 + 8))(_t379);
										}
										_t387 =  *(_t566 + 0xc);
										 *(_t566 - 4) = 0xb;
										__eflags = _t387;
										if(_t387 != 0) {
											 *((intOrPtr*)( *_t387 + 8))(_t387);
										}
										_t388 =  *(_t566 - 0x14);
										 *(_t566 - 4) = 9;
										__eflags = _t388;
										if(_t388 != 0) {
											 *((intOrPtr*)( *_t388 + 8))(_t388);
										}
										_t389 =  *(_t566 + 0x10);
										 *(_t566 - 4) = 6;
										__eflags = _t389;
										if(_t389 != 0) {
											 *((intOrPtr*)( *_t389 + 8))(_t389);
										}
										 *(_t566 - 4) = 2;
										E0040E90E(_t566 - 0x108);
										 *((intOrPtr*)(_t566 - 0x38)) = 0x41bb10;
										 *(_t566 - 4) = 0x10;
										goto L90;
									} else {
										_t562 = E0040EF24( *(_t566 - 0x18), _t566, 2);
										_t379 =  *(_t566 + 0x14);
										__eflags = _t562;
										 *(_t566 - 4) = 0xc;
										if(_t562 == 0) {
											L72:
											__eflags = _t379;
											if(_t379 != 0) {
												 *((intOrPtr*)( *_t379 + 8))(_t379);
											}
											_t380 =  *(_t566 + 0xc);
											 *(_t566 - 4) = 0xb;
											__eflags = _t380;
											if(_t380 != 0) {
												 *((intOrPtr*)( *_t380 + 8))(_t380);
											}
											_t381 =  *(_t566 - 0x14);
											 *(_t566 - 4) = 9;
											__eflags = _t381;
											if(_t381 != 0) {
												 *((intOrPtr*)( *_t381 + 8))(_t381);
											}
											_t382 =  *(_t566 + 0x10);
											 *(_t566 - 4) = 6;
											__eflags = _t382;
											if(_t382 != 0) {
												 *((intOrPtr*)( *_t382 + 8))(_t382);
											}
											L100:
											 *(_t566 - 4) = 6;
											L103:
											 *(_t566 - 0x1c) =  *(_t566 - 0x1c) + 1;
											 *(_t566 - 0x40) =  *(_t566 - 0x40) +  *((intOrPtr*)(_t566 - 0x4c));
											asm("adc [ebp-0x3c], eax");
											_t318 =  *(_t566 - 0x1c);
											_t452 = 0;
											continue;
										}
										__eflags = _t379;
										if(_t379 != 0) {
											 *((intOrPtr*)( *_t379 + 8))(_t379);
										}
										_t396 =  *(_t566 + 0xc);
										 *(_t566 - 4) = 0xb;
										__eflags = _t396;
										if(_t396 != 0) {
											 *((intOrPtr*)( *_t396 + 8))(_t396);
										}
										_t397 =  *(_t566 - 0x14);
										 *(_t566 - 4) = 9;
										__eflags = _t397;
										if(_t397 != 0) {
											 *((intOrPtr*)( *_t397 + 8))(_t397);
										}
										_t398 =  *(_t566 + 0x10);
										 *(_t566 - 4) = 6;
										__eflags = _t398;
										if(_t398 != 0) {
											 *((intOrPtr*)( *_t398 + 8))(_t398);
										}
										 *(_t566 - 4) = 2;
										E0040E90E(_t566 - 0x108);
										 *((intOrPtr*)(_t566 - 0x38)) = 0x41bb10;
										 *(_t566 - 4) = 0xf;
										L90:
										E004030DF();
										 *(_t566 - 4) = 1;
										E004030CF(_t566 - 0x38);
										_t372 =  *(_t566 + 0x18);
										 *(_t566 - 4) =  *(_t566 - 4) & 0x00000000;
										__eflags = _t372;
										L91:
										if(__eflags != 0) {
											 *((intOrPtr*)( *_t372 + 8))(_t372);
										}
										L98:
										_t322 = _t562;
										goto L106;
									}
								}
								_t409 =  *(_t566 + 0x10);
								 *(_t566 - 4) = 6;
								__eflags = _t409;
								if(_t409 != 0) {
									 *((intOrPtr*)( *_t409 + 8))(_t409);
								}
								goto L103;
							} else {
								_t411 =  *(_t566 + 0x10);
								 *(_t566 - 4) = 6;
								__eflags = _t411;
								if(_t411 != 0) {
									 *((intOrPtr*)( *_t411 + 8))(_t411);
								}
								 *(_t566 - 4) = 2;
								E0040E90E(_t566 - 0x108);
								 *((intOrPtr*)(_t566 - 0x38)) = 0x41bb10;
								 *(_t566 - 4) = 0xa;
								E004030DF();
								 *(_t566 - 4) = 1;
								E004030CF(_t566 - 0x38);
								_t415 =  *(_t566 + 0x18);
								 *(_t566 - 4) =  *(_t566 - 4) & 0x00000000;
								__eflags = _t415;
								if(_t415 != 0) {
									 *((intOrPtr*)( *_t415 + 8))(_t415);
								}
								_t322 = _t454;
								L106:
								 *[fs:0x0] =  *((intOrPtr*)(_t566 - 0xc));
								return _t322;
							}
						}
						 *(_t566 - 4) = 2;
						E0040E90E(_t566 - 0x108);
						 *((intOrPtr*)(_t566 - 0x38)) = 0x41bb10;
						 *(_t566 - 4) = 7;
						E004030DF();
						 *(_t566 - 4) = 1;
						E004030CF(_t566 - 0x38);
						_t372 =  *(_t566 + 0x18);
						 *(_t566 - 4) =  *(_t566 - 4) & 0x00000000;
						__eflags = _t372 - _t452;
						goto L91;
					}
					 *(_t566 - 4) = 2;
					E0040E90E(_t566 - 0x108); // executed
					 *(_t566 - 4) = 1;
					E0040E9C3(_t566 - 0x38);
					_t305 = _t566 - 4;
					 *_t305 =  *(_t566 - 4) & 0x00000000;
					__eflags =  *_t305;
					E004099E1(_t566 + 0x18);
					L105:
					_t322 = 0;
					goto L106;
				}
				_t446 =  *(_t566 + 0x18);
				 *(_t566 - 4) =  *(_t566 - 4) & 0x00000000;
				if(_t446 != _t452) {
					 *((intOrPtr*)( *_t446 + 8))(_t446);
				}
				goto L105;
			}

0x0040e087
0x0040e08c
0x0040e098
0x0040e09f
0x0040e0a5
0x0040e0a8
0x0040e0ad
0x0040e0b0
0x0040e0b3
0x0040e0b8
0x0040e0b8
0x0040e0bf
0x0040e0c3
0x0040e0c6
0x0040e0c9
0x0040e0d1
0x0040e0d9
0x0040e0d9
0x0040e0df
0x0040e0fe
0x0040e103
0x0040e10a
0x0040e10a
0x0040e10c
0x0040e110
0x0040e113
0x0040e113
0x0040e116
0x00000000
0x00000000
0x0040e11c
0x0040e120
0x0040e125
0x0040e125
0x0040e128
0x0040e12b
0x0040e134
0x0040e137
0x0040e13a
0x0040e170
0x0040e173
0x0040e175
0x0040e183
0x0040e183
0x0040e18a
0x0040e18d
0x0040e192
0x0040e195
0x0040e19e
0x0040e19f
0x0040e1a3
0x0040e1ab
0x0040e1af
0x0040e1c2
0x0040e1c7
0x0040e1c7
0x0040e1c7
0x0040e1ca
0x0040e1ce
0x0040e1d1
0x0040e1d4
0x0040e1d7
0x0040e1dd
0x0040e1ea
0x0040e1ed
0x0040e1f0
0x0040e1f3
0x0040e1f5
0x0040e1f7
0x00000000
0x00000000
0x0040e201
0x0040e204
0x0040e209
0x0040e209
0x00000000
0x0040e1f0
0x0040e17a
0x0040e17e
0x0040e181
0x00000000
0x00000000
0x00000000
0x0040e13c
0x0040e13c
0x0040e13d
0x0040e149
0x0040e14d
0x0040e151
0x0040e15c
0x0040e160
0x0040e165
0x0040e168
0x0040e169
0x0040e16b
0x00000000
0x0040e16b
0x0040e13a
0x0040e20f
0x0040e218
0x0040e223
0x0040e228
0x0040e228
0x0040e22a
0x0040e22e
0x0040e231
0x0040e234
0x0040e237
0x0040e237
0x0040e23a
0x00000000
0x00000000
0x0040e243
0x0040e247
0x0040e24d
0x0040e253
0x0040e256
0x0040e25c
0x0040e261
0x0040e263
0x0040e2a1
0x0040e2a9
0x0040e2ab
0x0040e2ae
0x0040e2b0
0x0040e2b4
0x0040e2bb
0x0040e2bb
0x0040e2bd
0x0040e2bf
0x0040e2c2
0x0040e2c6
0x0040e2c9
0x0040e2ce
0x0040e2ce
0x0040e2d4
0x0040e2d8
0x0040e2db
0x0040e2dd
0x0040e2e0
0x0040e2eb
0x0040e2eb
0x0040e2fe
0x0040e303
0x0040e305
0x0040e307
0x0040e360
0x0040e363
0x0040e385
0x0040e388
0x0040e38d
0x0040e390
0x0040e395
0x0040e398
0x0040e3ac
0x0040e3ac
0x0040e39a
0x0040e39a
0x0040e39e
0x0040e3a2
0x0040e3a8
0x0040e3a8
0x0040e3ae
0x0040e3b0
0x0040e3b3
0x0040e3b8
0x0040e3b8
0x0040e3bb
0x0040e3c2
0x0040e3c6
0x0040e3cb
0x0040e3cd
0x0040e3d2
0x0040e3d5
0x0040e3d7
0x0040e3d9
0x0040e3dc
0x0040e3df
0x0040e3e5
0x0040e3e5
0x0040e3e7
0x0040e3e9
0x0040e3ec
0x0040e3f1
0x0040e3f1
0x0040e3f9
0x0040e3ff
0x0040e403
0x0040e411
0x0040e417
0x0040e41d
0x0040e427
0x0040e42d
0x0040e431
0x0040e434
0x0040e437
0x0040e43b
0x0040e43d
0x0040e441
0x0040e44b
0x0040e44b
0x0040e45b
0x0040e474
0x0040e479
0x0040e47b
0x0040e47e
0x0040e4f7
0x0040e4fd
0x0040e5bc
0x0040e5be
0x0040e650
0x0040e655
0x0040e657
0x0040e705
0x0040e794
0x0040e79c
0x0040e7a0
0x0040e7a8
0x0040e7ac
0x0040e7b4
0x0040e7b8
0x00000000
0x0040e7b8
0x0040e667
0x0040e669
0x0040e66d
0x0040e66f
0x0040e6d3
0x0040e6db
0x0040e6df
0x0040e6e7
0x0040e6eb
0x0040e6f3
0x0040e6f7
0x00000000
0x0040e6f7
0x0040e671
0x0040e674
0x0040e676
0x0040e67b
0x0040e67b
0x0040e681
0x0040e685
0x0040e68d
0x0040e691
0x0040e699
0x0040e69d
0x0040e6a8
0x0040e6ac
0x0040e6b4
0x0040e6b8
0x0040e6bd
0x0040e6bd
0x0040e6bd
0x0040e6c4
0x00000000
0x0040e6c4
0x0040e5c4
0x0040e5c7
0x0040e5cb
0x0040e5cd
0x0040e5d2
0x0040e5d2
0x0040e5d5
0x0040e5d8
0x0040e5dc
0x0040e5de
0x0040e5e3
0x0040e5e3
0x0040e5e6
0x0040e5e9
0x0040e5ed
0x0040e5ef
0x0040e5f4
0x0040e5f4
0x0040e5f7
0x0040e5fa
0x0040e5fe
0x0040e600
0x0040e605
0x0040e605
0x0040e60e
0x0040e612
0x0040e617
0x0040e61e
0x00000000
0x0040e61e
0x0040e50d
0x0040e50f
0x0040e512
0x0040e514
0x0040e518
0x00000000
0x00000000
0x0040e51a
0x0040e51c
0x0040e521
0x0040e521
0x0040e524
0x0040e527
0x0040e52b
0x0040e52d
0x0040e532
0x0040e532
0x0040e535
0x0040e538
0x0040e53c
0x0040e53e
0x0040e543
0x0040e543
0x0040e546
0x0040e549
0x0040e54d
0x0040e54f
0x0040e554
0x0040e554
0x0040e55d
0x0040e561
0x0040e566
0x0040e56d
0x00000000
0x0040e480
0x0040e48a
0x0040e48c
0x0040e48f
0x0040e491
0x0040e495
0x0040e576
0x0040e576
0x0040e578
0x0040e57d
0x0040e57d
0x0040e580
0x0040e583
0x0040e587
0x0040e589
0x0040e58e
0x0040e58e
0x0040e591
0x0040e594
0x0040e598
0x0040e59a
0x0040e59f
0x0040e59f
0x0040e5a2
0x0040e5a5
0x0040e5a9
0x0040e5ab
0x0040e5b4
0x0040e5b4
0x0040e6fc
0x0040e6fc
0x0040e7bd
0x0040e7c0
0x0040e7c3
0x0040e7c9
0x0040e7cc
0x0040e7cf
0x00000000
0x0040e7cf
0x0040e49b
0x0040e49d
0x0040e4a2
0x0040e4a2
0x0040e4a5
0x0040e4a8
0x0040e4ac
0x0040e4ae
0x0040e4b3
0x0040e4b3
0x0040e4b6
0x0040e4b9
0x0040e4bd
0x0040e4bf
0x0040e4c4
0x0040e4c4
0x0040e4c7
0x0040e4ca
0x0040e4ce
0x0040e4d0
0x0040e4d5
0x0040e4d5
0x0040e4de
0x0040e4e2
0x0040e4e7
0x0040e4ee
0x0040e622
0x0040e625
0x0040e62d
0x0040e631
0x0040e636
0x0040e639
0x0040e63d
0x0040e63f
0x0040e63f
0x0040e648
0x0040e648
0x0040e6c9
0x0040e6c9
0x00000000
0x0040e6c9
0x0040e47e
0x0040e365
0x0040e368
0x0040e36c
0x0040e36e
0x0040e377
0x0040e377
0x00000000
0x0040e309
0x0040e309
0x0040e30c
0x0040e310
0x0040e312
0x0040e317
0x0040e317
0x0040e320
0x0040e324
0x0040e329
0x0040e333
0x0040e337
0x0040e33f
0x0040e343
0x0040e348
0x0040e34b
0x0040e34f
0x0040e351
0x0040e356
0x0040e356
0x0040e359
0x0040e80c
0x0040e811
0x0040e81a
0x0040e81a
0x0040e307
0x0040e26b
0x0040e26f
0x0040e274
0x0040e27e
0x0040e282
0x0040e28a
0x0040e28e
0x0040e293
0x0040e296
0x0040e29a
0x00000000
0x0040e29a
0x0040e7dc
0x0040e7e0
0x0040e7e8
0x0040e7ec
0x0040e7f1
0x0040e7f1
0x0040e7f1
0x0040e7f8
0x0040e7fd
0x0040e7fd
0x00000000
0x0040e7fd
0x0040e0e1
0x0040e0e4
0x0040e0ea
0x0040e0f3
0x0040e0f3
0x00000000

APIs

__EH_prolog.LIBCMT ref: 0040E08C

Part of subcall function 00402E12: malloc.MSVCRT ref: 00402E18
Part of subcall function 00402E12: _CxxThrowException.MSVCRT(?,0041C440), ref: 00402E32

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ExceptionH_prologThrowmalloc
String ID:
API String ID: 3978722251-0
Opcode ID: 209af49b5374e4ac9737cdbbb9cc944baf009386517e3148fe314a52be54cc7b
Instruction ID: 943301b42689aee69292ef3fba15320e992329305ba3d62f2856346698ecbfec
Opcode Fuzzy Hash: 209af49b5374e4ac9737cdbbb9cc944baf009386517e3148fe314a52be54cc7b
Instruction Fuzzy Hash: A342B070904249DFDB10DFA5C584B9EBBB4AF18308F1448ADE845AB3C2CB78DE55CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00408CE2 Relevance: 1.8, APIs: 1, Instructions: 251
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00408CE2(void* __edx, void* __eflags) {
				void* __edi;
				signed int _t118;
				signed int _t123;
				void* _t129;
				signed int _t131;
				signed int _t136;
				signed int _t137;
				signed int _t143;
				void* _t146;
				signed int _t149;
				signed int _t153;
				signed int _t156;
				signed int _t164;
				signed int _t166;
				void* _t169;
				void* _t170;
				signed int _t174;
				intOrPtr _t196;
				intOrPtr _t205;
				intOrPtr _t210;
				intOrPtr* _t215;
				void* _t216;
				intOrPtr* _t218;
				signed int _t220;
				signed int _t221;
				intOrPtr* _t223;
				void* _t224;
				void* _t229;

				_t229 = __eflags;
				E00417F20(E00419036, _t224);
				_t174 = 0;
				_push(_t216);
				 *( *(_t224 + 0x10)) = 0;
				E00401CD0(_t224 - 0x44);
				 *((intOrPtr*)(_t224 - 0x44)) = 0x41b668;
				 *(_t224 - 4) = 0;
				_push(_t224 - 0x44);
				E00407A91(__edx, _t216, _t229);
				 *((intOrPtr*)(_t224 - 0x24)) = 0;
				 *((intOrPtr*)(_t224 - 0x20)) = 0;
				 *((intOrPtr*)(_t224 - 0x1c)) = 0;
				E00401CEB(_t224 - 0x24, 0xf);
				_t215 =  *((intOrPtr*)(_t224 + 0xc));
				 *(_t224 - 4) = 1;
				_t118 =  *(_t215 + 4);
				if(_t118 == 0) {
					L9:
					E00401EBF(_t224 - 0x58, 4);
					 *((intOrPtr*)(_t224 - 0x58)) = 0x41b660;
					_t220 = 0;
					__eflags =  *((intOrPtr*)(_t224 - 0x3c)) - _t174;
					 *(_t224 - 4) = 3;
					if( *((intOrPtr*)(_t224 - 0x3c)) <= _t174) {
						L14:
						__eflags =  *((intOrPtr*)(_t224 - 0x50)) - _t174;
						 *(_t224 - 0x18) = _t174;
						 *(_t224 - 0x14) = _t174;
						if( *((intOrPtr*)(_t224 - 0x50)) <= _t174) {
							L29:
							_t221 = 1;
							L30:
							 *(_t224 - 4) = 1;
							E00402E39(E004030CF(_t224 - 0x58),  *((intOrPtr*)(_t224 - 0x24)));
							_t73 = _t224 - 4;
							 *_t73 =  *(_t224 - 4) | 0xffffffff;
							__eflags =  *_t73;
							E00409948(_t224 - 0x44);
							_t123 = _t221;
							L31:
							 *[fs:0x0] =  *((intOrPtr*)(_t224 - 0xc));
							return _t123;
						}
						_t218 =  *((intOrPtr*)(_t224 + 8));
						while(1) {
							 *((intOrPtr*)( *_t218 + 0x10))(_t218, _t174, _t174, _t174, _t174);
							_t223 =  *((intOrPtr*)( *((intOrPtr*)(_t224 - 0x38)) + ( *(_t224 - 0x4c))[ *(_t224 - 0x14)] * 4));
							 *(_t224 - 0x10) = _t174;
							 *(_t224 - 4) = 4;
							E0040190B(_t224 - 0x30, 0x420430);
							 *(_t224 - 4) = 5;
							_t129 = E00402EF7( *_t223,  *((intOrPtr*)(_t224 - 0x30)));
							__eflags = _t129 - _t174;
							 *((char*)(_t224 + 0xb)) = _t129 == _t174;
							 *(_t224 - 4) = 4;
							E00402E39(_t129,  *((intOrPtr*)(_t224 - 0x30)));
							__eflags =  *((intOrPtr*)(_t224 + 0xb)) - _t174;
							if( *((intOrPtr*)(_t224 + 0xb)) != _t174) {
								_push(0x118);
								_t205 = E00402E12();
								 *((intOrPtr*)(_t224 + 8)) = _t205;
								__eflags = _t205 - _t174;
								 *(_t224 - 4) = 6;
								if(_t205 == _t174) {
									_t156 = 0;
									__eflags = 0;
								} else {
									_t156 = E0040EF84(_t205);
								}
								 *(_t224 - 4) = 4;
								E00405F8F(_t224 - 0x10, _t156);
							}
							_t131 =  *(_t224 - 0x10);
							__eflags = _t131 - _t174;
							if(_t131 == _t174) {
								break;
							}
							_t136 =  *((intOrPtr*)( *_t131 + 0xc))(_t131, _t218, 0x41b658,  *((intOrPtr*)(_t224 + 0x1c)));
							__eflags = _t136 - 1;
							if(_t136 == 1) {
								L25:
								_t137 =  *(_t224 - 0x10);
								 *(_t224 - 4) = 3;
								__eflags = _t137 - _t174;
								if(_t137 != _t174) {
									 *((intOrPtr*)( *_t137 + 8))(_t137);
								}
								 *(_t224 - 0x14) =  *(_t224 - 0x14) + 1;
								__eflags =  *(_t224 - 0x14) -  *((intOrPtr*)(_t224 - 0x50));
								if( *(_t224 - 0x14) <  *((intOrPtr*)(_t224 - 0x50))) {
									continue;
								} else {
									L28:
									_t221 =  *(_t224 - 0x18);
									__eflags = _t221 - _t174;
									if(_t221 != _t174) {
										goto L30;
									}
									goto L29;
								}
							}
							__eflags = _t136 - _t174;
							if(_t136 == _t174) {
								 *(_t224 - 0x10) = _t174;
								 *( *(_t224 + 0x10)) =  *(_t224 - 0x10);
								E00409006( *((intOrPtr*)(_t224 + 0x14)), _t223);
								_t143 = E00408FD2(_t223, _t224 - 0x24);
								__eflags = _t143 - _t174;
								if(_t143 < _t174) {
									_t143 = 0;
									__eflags = 0;
								}
								_t196 =  *((intOrPtr*)(_t223 + 0x18));
								_t93 =  *((intOrPtr*)(_t196 + _t143 * 4)) + 0xc; // 0xc
								_push( *((intOrPtr*)(_t196 + _t143 * 4)));
								_push( *((intOrPtr*)(_t224 + 0xc)));
								_push(_t224 - 0x30);
								_t146 = E00407E07();
								 *(_t224 - 4) = 8;
								E00402E39(E00401975( *((intOrPtr*)(_t224 + 0x18)), _t146),  *((intOrPtr*)(_t224 - 0x30)));
								_t149 =  *(_t224 - 0x10);
								__eflags = _t149 - _t174;
								 *(_t224 - 4) = 3;
								if(_t149 != _t174) {
									 *((intOrPtr*)( *_t149 + 8))(_t149);
								}
								 *(_t224 - 4) = 1;
								E00402E39(E004030CF(_t224 - 0x58),  *((intOrPtr*)(_t224 - 0x24)));
								 *((intOrPtr*)(_t224 - 0x44)) = 0x41b668;
								 *(_t224 - 4) = 9;
								L40:
								E004030DF();
								 *(_t224 - 4) =  *(_t224 - 4) | 0xffffffff;
								E004030CF(_t224 - 0x44);
								_t123 = _t174;
								goto L31;
							}
							__eflags = _t136 - 0x80004004;
							 *(_t224 - 0x18) = _t136;
							if(_t136 == 0x80004004) {
								_t153 =  *(_t224 - 0x10);
								 *(_t224 - 4) = 3;
								__eflags = _t153 - _t174;
								if(_t153 != _t174) {
									 *((intOrPtr*)( *_t153 + 8))(_t153);
								}
								goto L28;
							}
							goto L25;
						}
						 *(_t224 - 4) = 1;
						E00402E39(E004030CF(_t224 - 0x58),  *((intOrPtr*)(_t224 - 0x24)));
						 *((intOrPtr*)(_t224 - 0x44)) = 0x41b668;
						 *(_t224 - 4) = 7;
						_t174 = 0x80004005;
						goto L40;
					} else {
						goto L10;
					}
					do {
						L10:
						__eflags = E00408FD2( *((intOrPtr*)( *((intOrPtr*)(_t224 - 0x38)) + _t220 * 4)), _t224 - 0x24);
						if(__eflags < 0) {
							E0040882F(_t224 - 0x58, _t215, _t220);
						} else {
							E004031AC(_t224 - 0x58, __eflags, _t174);
							 *( *(_t224 - 0x4c)) = _t220;
						}
						_t220 = _t220 + 1;
						__eflags = _t220 -  *((intOrPtr*)(_t224 - 0x3c));
					} while (_t220 <  *((intOrPtr*)(_t224 - 0x3c)));
					goto L14;
				} else {
					_t210 =  *_t215;
					_t164 = _t210 + _t118 * 2 - 2;
					while( *_t164 != 0x2e) {
						if(_t164 == _t210) {
							_t166 = _t164 | 0xffffffff;
							__eflags = _t166;
							L7:
							__eflags = _t166 - _t174;
							if(_t166 >= _t174) {
								__eflags = _t166 + 1;
								_t169 = E004019B3(_t215, _t224 - 0x30, _t166 + 1);
								 *(_t224 - 4) = 2;
								_t170 = E00401975(_t224 - 0x24, _t169);
								 *(_t224 - 4) = 1;
								E00402E39(_t170,  *((intOrPtr*)(_t224 - 0x30)));
							}
							goto L9;
						}
						_t164 = _t164;
					}
					_t166 = _t164 - _t210 >> 1;
					goto L7;
				}
			}

0x00408ce2
0x00408ce7
0x00408cf4
0x00408cf6
0x00408cfa
0x00408cfc
0x00408d01
0x00408d0b
0x00408d0e
0x00408d0f
0x00408d19
0x00408d1c
0x00408d1f
0x00408d22
0x00408d27
0x00408d2a
0x00408d2e
0x00408d33
0x00408d7d
0x00408d82
0x00408d87
0x00408d8e
0x00408d90
0x00408d93
0x00408d97
0x00408dcb
0x00408dcb
0x00408dce
0x00408dd1
0x00408dd4
0x00408eba
0x00408ebc
0x00408ebd
0x00408ec0
0x00408ecc
0x00408ed1
0x00408ed1
0x00408ed1
0x00408ed9
0x00408ede
0x00408ee0
0x00408ee6
0x00408eee
0x00408eee
0x00408dda
0x00408ddd
0x00408de4
0x00408df3
0x00408df6
0x00408e01
0x00408e05
0x00408e0d
0x00408e13
0x00408e1b
0x00408e1d
0x00408e21
0x00408e25
0x00408e2a
0x00408e2e
0x00408e30
0x00408e3b
0x00408e3d
0x00408e40
0x00408e42
0x00408e46
0x00408e4f
0x00408e4f
0x00408e48
0x00408e48
0x00408e48
0x00408e55
0x00408e59
0x00408e59
0x00408e5e
0x00408e61
0x00408e63
0x00000000
0x00000000
0x00408e75
0x00408e78
0x00408e7b
0x00408e93
0x00408e93
0x00408e96
0x00408e9a
0x00408e9c
0x00408ea1
0x00408ea1
0x00408ea4
0x00408eaa
0x00408ead
0x00000000
0x00408eb3
0x00408eb3
0x00408eb3
0x00408eb6
0x00408eb8
0x00000000
0x00000000
0x00000000
0x00408eb8
0x00408ead
0x00408e7d
0x00408e7f
0x00408f38
0x00408f3b
0x00408f40
0x00408f4b
0x00408f50
0x00408f52
0x00408f54
0x00408f54
0x00408f54
0x00408f56
0x00408f5c
0x00408f60
0x00408f61
0x00408f67
0x00408f68
0x00408f71
0x00408f7d
0x00408f82
0x00408f86
0x00408f88
0x00408f8c
0x00408f91
0x00408f91
0x00408f97
0x00408fa3
0x00408fa9
0x00408fb0
0x00408fb7
0x00408fba
0x00408fbf
0x00408fc6
0x00408fcb
0x00000000
0x00408fcb
0x00408e85
0x00408e8a
0x00408e8d
0x00408f1e
0x00408f21
0x00408f25
0x00408f27
0x00408f2c
0x00408f2c
0x00000000
0x00408f27
0x00000000
0x00408e8d
0x00408ef4
0x00408f00
0x00408f06
0x00408f0d
0x00408f14
0x00000000
0x00000000
0x00000000
0x00000000
0x00408d99
0x00408d99
0x00408da8
0x00408daa
0x00408dc0
0x00408dac
0x00408db0
0x00408db8
0x00408db8
0x00408dc5
0x00408dc6
0x00408dc6
0x00000000
0x00408d35
0x00408d35
0x00408d37
0x00408d3b
0x00408d43
0x00408d4f
0x00408d4f
0x00408d52
0x00408d52
0x00408d54
0x00408d56
0x00408d5e
0x00408d67
0x00408d6b
0x00408d73
0x00408d77
0x00408d7c
0x00000000
0x00408d54
0x00408d46
0x00408d46
0x00408d4b
0x00000000
0x00408d4b

APIs

__EH_prolog.LIBCMT ref: 00408CE7

Part of subcall function 00407A91: __EH_prolog.LIBCMT ref: 00407A96

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: dff2a13ddbdbcd9cce84b1e8e2b524f1f81f43d8dbe8456c15f8e0d03a816782
Instruction ID: daf3cce609760218463fa66eb0855b9cfd27e8492e9c945774c7cfddc937f07a
Opcode Fuzzy Hash: dff2a13ddbdbcd9cce84b1e8e2b524f1f81f43d8dbe8456c15f8e0d03a816782
Instruction Fuzzy Hash: 8FA18C70900249EFCF05EFA5CA85AEEBBB5AF14308F20446EE445B72D2CB789E45CB55

Uniqueness

Uniqueness Score: -1.00%

Function 004096EA Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E004096EA(void* __edx) {
				intOrPtr* _t99;
				void* _t104;
				intOrPtr* _t112;
				void* _t117;
				intOrPtr* _t126;
				intOrPtr* _t133;
				intOrPtr _t136;
				void* _t157;
				signed int _t159;
				intOrPtr* _t162;
				void* _t164;

				_t157 = __edx;
				E00417F20(E00419194, _t164);
				_push(0x88);
				_t136 = E00402E12();
				 *((intOrPtr*)(_t164 - 0x48)) = _t136;
				_t159 = 0;
				 *(_t164 - 4) = 0;
				if(_t136 == 0) {
					_t162 = 0;
					__eflags = 0;
				} else {
					_t162 = E00409515(_t136);
				}
				 *(_t164 - 4) =  *(_t164 - 4) | 0xffffffff;
				_t172 = _t162 - _t159;
				 *((intOrPtr*)(_t164 - 0x10)) = _t162;
				if(_t162 != _t159) {
					 *((intOrPtr*)( *_t162 + 4))(_t162);
				}
				 *((intOrPtr*)(_t162 + 0x84)) =  *((intOrPtr*)(_t164 + 0x20));
				 *(_t164 - 4) = 1;
				 *(_t164 - 0x20) = _t159;
				 *(_t164 - 0x1c) = _t159;
				 *(_t164 - 0x18) = _t159;
				E00401CEB(_t164 - 0x20, 0xf);
				_push(_t164 - 0x14);
				_push(_t164 - 0x20);
				_push( *((intOrPtr*)( *((intOrPtr*)(_t164 + 8)))));
				 *(_t164 - 4) = 2;
				E0040432F();
				E004019D4(_t164 - 0x20, _t164 - 0x2c,  *((intOrPtr*)(_t164 - 0x14)));
				 *(_t164 - 4) = 3;
				E004019B3(_t164 - 0x20, _t164 - 0x38,  *((intOrPtr*)(_t164 - 0x14)));
				 *(_t164 - 4) = 4;
				E0040948E(_t162, _t157, _t172, _t164 - 0x2c, _t164 - 0x38); // executed
				E00407B40(_t164 - 0x90);
				 *(_t164 - 4) = 5;
				E00407B40(_t164 - 0x6c);
				 *(_t164 - 4) = 6;
				_t99 = E004090DD(_t157,  *((intOrPtr*)(_t164 + 8)),  *((intOrPtr*)(_t164 + 0xc)),  *((intOrPtr*)(_t164 + 0x10)), _t164 - 0x90, _t164 - 0x6c,  *((intOrPtr*)(_t164 + 0x14)),  *((intOrPtr*)(_t164 + 0x18)),  *((intOrPtr*)(_t164 - 0x10))); // executed
				_t133 = _t99;
				if(_t133 == _t159) {
					_push(_t164 - 0x38);
					_push(_t164 - 0x2c);
					_push(_t164 - 0x44);
					_push(E00403BA6(_t157));
					 *(_t164 - 4) = 9;
					_t104 = E00401A28( *((intOrPtr*)(_t164 + 0x1c)), _t157);
					 *(_t164 - 4) = 6;
					E00402E39(_t104,  *((intOrPtr*)(_t164 - 0x44)));
					__eflags =  *((intOrPtr*)(_t162 + 0x78)) - _t159;
					if( *((intOrPtr*)(_t162 + 0x78)) > _t159) {
						do {
							_push( *((intOrPtr*)( *((intOrPtr*)(_t162 + 0x7c)) + _t159 * 4)));
							_push(_t164 - 0x2c);
							_push(_t164 - 0x44);
							_push(E00403BA6(_t157));
							 *(_t164 - 4) = 0xa;
							_t117 = E00401A28( *((intOrPtr*)(_t164 + 0x1c)), _t157);
							 *(_t164 - 4) = 6;
							E00402E39(_t117,  *((intOrPtr*)(_t164 - 0x44)));
							_t159 = _t159 + 1;
							__eflags = _t159 -  *((intOrPtr*)(_t162 + 0x78));
						} while (_t159 <  *((intOrPtr*)(_t162 + 0x78)));
					}
					 *(_t164 - 4) = 5;
					E00407B77(_t164 - 0x6c);
					 *(_t164 - 4) = 4;
					E00402E39(E00402E39(E00402E39(E00407B77(_t164 - 0x90),  *((intOrPtr*)(_t164 - 0x38))),  *((intOrPtr*)(_t164 - 0x2c))),  *(_t164 - 0x20));
					 *(_t164 - 4) =  *(_t164 - 4) | 0xffffffff;
					E004099E1(_t164 - 0x10);
					_t112 = 0;
					__eflags = 0;
				} else {
					 *(_t164 - 4) = 7;
					E00402E39(E00407D01(_t164 - 0x60),  *((intOrPtr*)(_t164 - 0x6c)));
					 *(_t164 - 4) = 8;
					E00402E39(E00402E39(E00402E39(E00402E39(E00407D01(_t164 - 0x84),  *((intOrPtr*)(_t164 - 0x90))),  *((intOrPtr*)(_t164 - 0x38))),  *((intOrPtr*)(_t164 - 0x2c))),  *(_t164 - 0x20));
					_t126 =  *((intOrPtr*)(_t164 - 0x10));
					 *(_t164 - 4) =  *(_t164 - 4) | 0xffffffff;
					if(_t126 != _t159) {
						 *((intOrPtr*)( *_t126 + 8))(_t126);
					}
					_t112 = _t133;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t164 - 0xc));
				return _t112;
			}

0x004096ea
0x004096ef
0x004096fd
0x00409708
0x0040970a
0x0040970d
0x00409711
0x00409714
0x0040971f
0x0040971f
0x00409716
0x0040971b
0x0040971b
0x00409721
0x00409725
0x00409727
0x0040972a
0x0040972f
0x0040972f
0x00409737
0x00409740
0x00409747
0x0040974a
0x0040974d
0x00409750
0x0040975b
0x00409761
0x00409762
0x00409763
0x00409767
0x00409776
0x00409784
0x00409789
0x00409798
0x0040979c
0x004097a7
0x004097af
0x004097b3
0x004097be
0x004097d7
0x004097dc
0x004097e0
0x00409847
0x0040984b
0x0040984f
0x00409858
0x00409859
0x0040985d
0x00409865
0x00409869
0x0040986e
0x00409872
0x00409874
0x00409877
0x0040987d
0x00409881
0x0040988a
0x0040988b
0x0040988f
0x00409897
0x0040989b
0x004098a0
0x004098a2
0x004098a2
0x00409874
0x004098aa
0x004098ae
0x004098b9
0x004098d5
0x004098da
0x004098e4
0x004098e9
0x004098e9
0x004097e2
0x004097e5
0x004097f1
0x004097fd
0x00409824
0x00409829
0x0040982c
0x00409835
0x0040983a
0x0040983a
0x0040983d
0x0040983d
0x004098f1
0x004098f9

APIs

__EH_prolog.LIBCMT ref: 004096EF

Part of subcall function 00402E12: malloc.MSVCRT ref: 00402E18
Part of subcall function 00402E12: _CxxThrowException.MSVCRT(?,0041C440), ref: 00402E32

Part of subcall function 00409515: __EH_prolog.LIBCMT ref: 0040951A

Part of subcall function 00403BA6: __EH_prolog.LIBCMT ref: 00403BAB

Part of subcall function 00401A28: __EH_prolog.LIBCMT ref: 00401A2D

Part of subcall function 00402E39: free.MSVCRT(00000000,00401D31,?,?,?,00000000,0040105A,0000000F,?,?,00000000), ref: 00402E3D

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$ExceptionThrowfreemalloc
String ID:
API String ID: 2423332413-0
Opcode ID: 4d38d424713c5ec30c673e0a4f4bec4a5f76dddd5cea3e3cf3b54b9f52bee78e
Instruction ID: 6040f79d5621fd84c3435b1b92bf10a94f7850bc07ecad02225323adb82511b4
Opcode Fuzzy Hash: 4d38d424713c5ec30c673e0a4f4bec4a5f76dddd5cea3e3cf3b54b9f52bee78e
Instruction Fuzzy Hash: 09617B71C00249EECF01EFE5C945ADEBBB9AF18308F10806EE519B32D2DB785A04DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040F460 Relevance: 1.6, APIs: 1, Instructions: 122
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040F460(void* __edx) {
				intOrPtr _t56;
				intOrPtr* _t57;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t69;
				intOrPtr* _t74;
				void* _t82;
				intOrPtr* _t83;
				void* _t100;
				void* _t101;
				void* _t105;
				intOrPtr* _t106;
				void* _t108;
				void* _t110;

				_t100 = __edx;
				E00417F20(E00419E44, _t108);
				_t83 =  *((intOrPtr*)(_t108 + 8));
				 *((intOrPtr*)(_t108 - 0x10)) = _t110 - 0x38;
				 *((intOrPtr*)(_t108 - 4)) = 0;
				 *((intOrPtr*)( *_t83 + 0x10))(_t83, _t101, _t105, _t82);
				_t106 =  *((intOrPtr*)(_t108 + 0x14));
				 *((char*)(_t108 - 4)) = 1;
				 *((intOrPtr*)(_t108 - 0x14)) = _t106;
				if(_t106 != 0) {
					 *((intOrPtr*)( *_t106 + 4))(_t106);
				}
				 *((intOrPtr*)(_t108 + 0x14)) = 0;
				_t114 = _t106;
				 *((char*)(_t108 - 4)) = 3;
				if(_t106 != 0) {
					 *((intOrPtr*)( *_t106))(_t106, 0x41b240, _t108 + 0x14);
				}
				 *((intOrPtr*)(_t108 - 0x44)) = 0;
				 *((char*)(_t108 - 4)) = 4;
				E00401CD0(_t108 - 0x40);
				 *((intOrPtr*)(_t108 - 0x40)) = 0x41bbb8;
				_push( *((intOrPtr*)(_t108 + 0x10)));
				 *((char*)(_t108 - 4)) = 5;
				_t56 = E00410075(_t108 - 0x44, _t108, _t114,  *((intOrPtr*)(_t108 + 0xc)));
				 *((intOrPtr*)(_t108 + 0x10)) = _t56;
				if(_t56 == 0) {
					_t103 = _t83 + 0x10;
					_t57 = E00412517(_t108 - 0x44, _t83 + 0x10,  *((intOrPtr*)(_t108 + 0x14))); // executed
					__eflags = _t57;
					 *((intOrPtr*)(_t108 + 0x10)) = _t57;
					if(_t57 == 0) {
						E00412397(_t103, _t100);
						E004123D9(_t100);
						E0041242E(_t103);
						E00405F8F(_t83 + 8,  *((intOrPtr*)(_t108 + 0xc)));
						 *((char*)(_t108 - 4)) = 3;
						E0040F5D5(_t108 - 0x44);
						_t63 =  *((intOrPtr*)(_t108 + 0x14));
						 *((char*)(_t108 - 4)) = 2;
						__eflags = _t63;
						if(_t63 != 0) {
							 *((intOrPtr*)( *_t63 + 8))(_t63);
						}
						__eflags = _t106;
						 *((char*)(_t108 - 4)) = 1;
						if(_t106 != 0) {
							 *((intOrPtr*)( *_t106 + 8))(_t106);
						}
						_t64 = 0;
					} else {
						 *((char*)(_t108 - 4)) = 3;
						E0040F5D5(_t108 - 0x44);
						_t69 =  *((intOrPtr*)(_t108 + 0x14));
						 *((char*)(_t108 - 4)) = 2;
						__eflags = _t69;
						if(_t69 != 0) {
							 *((intOrPtr*)( *_t69 + 8))(_t69);
						}
						__eflags = _t106;
						 *((char*)(_t108 - 4)) = 1;
						if(_t106 != 0) {
							 *((intOrPtr*)( *_t106 + 8))(_t106);
						}
						_t64 =  *((intOrPtr*)(_t108 + 0x10));
					}
				} else {
					 *((char*)(_t108 - 4)) = 3;
					E0040F5D5(_t108 - 0x44);
					_t74 =  *((intOrPtr*)(_t108 + 0x14));
					 *((char*)(_t108 - 4)) = 2;
					if(_t74 != 0) {
						 *((intOrPtr*)( *_t74 + 8))(_t74);
					}
					 *((char*)(_t108 - 4)) = 1;
					if(_t106 != 0) {
						 *((intOrPtr*)( *_t106 + 8))(_t106);
					}
					_t64 =  *((intOrPtr*)(_t108 + 0x10));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t108 - 0xc));
				return _t64;
			}

0x0040f460
0x0040f465
0x0040f46e
0x0040f475
0x0040f47b
0x0040f47e
0x0040f481
0x0040f484
0x0040f48a
0x0040f48d
0x0040f492
0x0040f492
0x0040f495
0x0040f498
0x0040f49a
0x0040f49e
0x0040f4ac
0x0040f4ac
0x0040f4ae
0x0040f4b4
0x0040f4b8
0x0040f4bd
0x0040f4c4
0x0040f4ca
0x0040f4d1
0x0040f4d8
0x0040f4db
0x0040f513
0x0040f51a
0x0040f51f
0x0040f521
0x0040f524
0x0040f558
0x0040f55f
0x0040f566
0x0040f571
0x0040f579
0x0040f57d
0x0040f582
0x0040f585
0x0040f589
0x0040f58b
0x0040f590
0x0040f590
0x0040f593
0x0040f595
0x0040f599
0x0040f59e
0x0040f59e
0x0040f5a1
0x0040f526
0x0040f529
0x0040f52d
0x0040f532
0x0040f535
0x0040f539
0x0040f53b
0x0040f540
0x0040f540
0x0040f543
0x0040f545
0x0040f549
0x0040f54e
0x0040f54e
0x0040f551
0x0040f551
0x0040f4dd
0x0040f4e0
0x0040f4e4
0x0040f4e9
0x0040f4ec
0x0040f4f2
0x0040f4f7
0x0040f4f7
0x0040f4fc
0x0040f500
0x0040f505
0x0040f505
0x0040f508
0x0040f508
0x0040f5c9
0x0040f5d2

APIs

__EH_prolog.LIBCMT ref: 0040F465

Part of subcall function 00412517: __EH_prolog.LIBCMT ref: 0041251C
Part of subcall function 00412517: _CxxThrowException.MSVCRT(?,0041EAF8), ref: 0041258A
Part of subcall function 00412517: _CxxThrowException.MSVCRT(?,0041EAF8), ref: 0041263F

Part of subcall function 0040F5D5: __EH_prolog.LIBCMT ref: 0040F5DA

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$ExceptionThrow
String ID:
API String ID: 2366012087-0
Opcode ID: 3991ac3a77604a0f0b19c533bfd43f491d5b641ddd0b537425a3e1bd3ef5640b
Instruction ID: 7d6767fc25b5ce1e8e6344feef1e359ae1adee43b1fa7033a175072c4898afb9
Opcode Fuzzy Hash: 3991ac3a77604a0f0b19c533bfd43f491d5b641ddd0b537425a3e1bd3ef5640b
Instruction Fuzzy Hash: B641BF30900249EFCF21DF68C958ADEBBF4AF54304F1444AAE805A7392DB78DE45DB66

Uniqueness

Uniqueness Score: -1.00%

Function 00413D5A Relevance: 1.6, APIs: 1, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00413D5A(intOrPtr __edx, void* __eflags) {
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t54;
				intOrPtr* _t63;
				intOrPtr _t68;
				void* _t69;
				intOrPtr* _t71;
				void* _t72;
				void* _t73;
				intOrPtr* _t74;
				void* _t77;
				void* _t89;

				_t68 = __edx;
				E00417F20(E0041A2E0, _t77);
				_t74 =  *((intOrPtr*)(_t77 + 8));
				 *((intOrPtr*)( *_t74 + 0x14))(_t74,  *((intOrPtr*)(_t77 + 0xc)), _t69, _t73, _t54);
				_t55 = _t74 + 0x10;
				E0040610F(_t74 + 0x10,  *((intOrPtr*)(_t77 + 0x10)));
				 *((intOrPtr*)( *_t74 + 0x1c))(_t74,  *((intOrPtr*)(_t77 + 0x18)));
				 *((intOrPtr*)(_t77 - 0x14)) = _t74;
				 *(_t77 - 0x10) = 1;
				 *(_t77 - 4) =  *(_t77 - 4) & 0x00000000;
				while(1) {
					_t43 = E00413603(_t74, _t68, 0x40000); // executed
					if(_t43 != 0) {
						break;
					}
					if( *((intOrPtr*)(_t74 + 0x1d60)) == 0xffffffff) {
						L11:
						 *(_t77 - 0x10) =  *(_t77 - 0x10) & 0x00000000;
						_t43 = E004061F0(_t55);
						break;
					} else {
						_t71 =  *((intOrPtr*)(_t77 + 0x1c));
						if(_t71 == 0) {
							L5:
							if( *((char*)(_t74 + 0x1d70)) == 0) {
								continue;
							} else {
								_t46 = E00406136(_t55);
								_t89 = _t68 -  *((intOrPtr*)(_t74 + 0x1d6c));
								_t63 = _t74 + 0x1d68;
								if(_t89 > 0) {
									goto L11;
								} else {
									if(_t89 < 0) {
										continue;
									} else {
										if(_t46 >=  *_t63) {
											goto L11;
										} else {
											continue;
										}
									}
								}
							}
						} else {
							asm("cdq");
							asm("adc edx, [esi+0x4c]");
							 *((intOrPtr*)(_t77 - 0x24)) =  *((intOrPtr*)(_t74 + 0x38)) -  *((intOrPtr*)(_t74 + 0x40)) +  *((intOrPtr*)(_t74 + 0x48));
							 *((intOrPtr*)(_t77 - 0x20)) = _t68;
							 *((intOrPtr*)(_t77 - 0x1c)) = E00406136(_t55);
							 *((intOrPtr*)(_t77 - 0x18)) = _t68;
							_t72 =  *((intOrPtr*)( *_t71 + 0xc))(_t71, _t77 - 0x24, _t77 - 0x1c);
							if(_t72 != 0) {
								 *(_t77 - 4) =  *(_t77 - 4) | 0xffffffff;
								E00413E51(_t77 - 0x14);
								_t45 = _t72;
							} else {
								goto L5;
							}
						}
					}
					L13:
					 *[fs:0x0] =  *((intOrPtr*)(_t77 - 0xc));
					return _t45;
				}
				 *(_t77 - 4) =  *(_t77 - 4) | 0xffffffff;
				E00413E51(_t77 - 0x14);
				_t45 = _t43;
				goto L13;
			}

0x00413d5a
0x00413d5f
0x00413d69
0x00413d73
0x00413d79
0x00413d7e
0x00413d89
0x00413d8c
0x00413d8f
0x00413d93
0x00413d97
0x00413d9e
0x00413da5
0x00000000
0x00000000
0x00413db2
0x00413e25
0x00413e25
0x00413e2b
0x00000000
0x00413db4
0x00413db4
0x00413db9
0x00413def
0x00413df6
0x00000000
0x00413df8
0x00413dfa
0x00413dff
0x00413e05
0x00413e0b
0x00000000
0x00413e0d
0x00413e0d
0x00000000
0x00413e0f
0x00413e11
0x00000000
0x00413e13
0x00000000
0x00413e13
0x00413e11
0x00413e0d
0x00413e0b
0x00413dbb
0x00413dc3
0x00413dc7
0x00413dca
0x00413dcd
0x00413dd8
0x00413de1
0x00413de9
0x00413ded
0x00413e15
0x00413e1c
0x00413e21
0x00000000
0x00000000
0x00000000
0x00413ded
0x00413db9
0x00413e40
0x00413e46
0x00413e4e
0x00413e4e
0x00413e30
0x00413e39
0x00413e3e
0x00000000

APIs

__EH_prolog.LIBCMT ref: 00413D5F

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: e38e10ffa1e018970e9fd01f4ec231cc677817cb6e3a20526bbaff86734c0bb4
Instruction ID: 43469d190e9591fea7fcee964e9e51b1e9d8cfd00e19f9edadc677d6878c9bb6
Opcode Fuzzy Hash: e38e10ffa1e018970e9fd01f4ec231cc677817cb6e3a20526bbaff86734c0bb4
Instruction Fuzzy Hash: 0D319031900705DBCB24DF68C945AEEBBB1AF44315F10452FE862A3381D738AA85CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040ECBA Relevance: 1.6, APIs: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0040ECBA(void* __ecx) {
				intOrPtr _t48;
				intOrPtr* _t49;
				void* _t53;
				signed int _t54;
				void* _t55;
				signed int _t59;
				void* _t62;
				intOrPtr _t63;
				signed int _t80;
				intOrPtr _t82;
				void* _t84;
				intOrPtr* _t85;
				void* _t86;
				void* _t88;

				E00417F20(E00419D34, _t88);
				_push(__ecx);
				_push(__ecx);
				_t84 = __ecx;
				_t48 =  *((intOrPtr*)(__ecx + 0x20));
				if( *((char*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x14)) + 0xc)) + _t48)) == 0) {
					 *(_t88 - 0x10) = 2;
				} else {
					 *(_t88 - 0x10) = 0 |  *((intOrPtr*)(__ecx + 0x28)) != 0x00000000;
				}
				 *(_t88 - 0x14) =  *(_t88 - 0x14) & 0x00000000;
				 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
				_t80 =  *((intOrPtr*)(_t84 + 0x18)) + _t48;
				_t49 =  *((intOrPtr*)(_t84 + 0x24));
				_t62 =  *((intOrPtr*)( *_t49 + 0x14))(_t49,  *((intOrPtr*)(_t84 + 0x1c)) + _t80, _t88 - 0x14,  *(_t88 - 0x10));
				if(_t62 == 0) {
					_t63 =  *((intOrPtr*)(_t84 + 8));
					E00405F8F(_t63 + 0xc,  *(_t88 - 0x14));
					 *(_t63 + 8) =  *(_t63 + 8) | 0xffffffff;
					if( *(_t88 - 0x10) == 0 &&  *(_t88 - 0x14) == 0) {
						_t82 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x10)) + 0x70)) + _t80 * 4));
						if( *((char*)(_t82 + 0x3e)) == 0 &&  *((char*)(_t82 + 0x3d)) == 0) {
							 *(_t88 - 0x10) = 2;
						}
					}
					_t85 =  *((intOrPtr*)(_t84 + 0x24));
					_t53 =  *((intOrPtr*)( *_t85 + 0x18))(_t85,  *(_t88 - 0x10));
					 *(_t88 - 4) =  *(_t88 - 4) | 0xffffffff;
					_t86 = _t53;
					_t54 =  *(_t88 - 0x14);
					if(_t54 != 0) {
						 *((intOrPtr*)( *_t54 + 8))(_t54);
					}
					_t55 = _t86;
				} else {
					_t59 =  *(_t88 - 0x14);
					 *(_t88 - 4) =  *(_t88 - 4) | 0xffffffff;
					if(_t59 != 0) {
						 *((intOrPtr*)( *_t59 + 8))(_t59);
					}
					_t55 = _t62;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t88 - 0xc));
				return _t55;
			}

0x0040ecbf
0x0040ecc4
0x0040ecc5
0x0040ecc8
0x0040ecce
0x0040ecd8
0x0040ece7
0x0040ecda
0x0040ece2
0x0040ece2
0x0040ecee
0x0040ecfb
0x0040ed03
0x0040ed05
0x0040ed11
0x0040ed15
0x0040ed2c
0x0040ed35
0x0040ed3a
0x0040ed42
0x0040ed50
0x0040ed57
0x0040ed5f
0x0040ed5f
0x0040ed57
0x0040ed66
0x0040ed6f
0x0040ed72
0x0040ed76
0x0040ed78
0x0040ed7d
0x0040ed82
0x0040ed82
0x0040ed85
0x0040ed17
0x0040ed17
0x0040ed1a
0x0040ed20
0x0040ed25
0x0040ed25
0x0040ed28
0x0040ed28
0x0040ed8d
0x0040ed95

APIs

__EH_prolog.LIBCMT ref: 0040ECBF

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: db72e007de75ac8f0973631ea3f4e827a99498e4e9778e7ad0d259f5b3622dbb
Instruction ID: 8b671d1f6aead12e157184675e93217303cb233cbe894cb44ea9aa77ff2347f6
Opcode Fuzzy Hash: db72e007de75ac8f0973631ea3f4e827a99498e4e9778e7ad0d259f5b3622dbb
Instruction Fuzzy Hash: 9E31AC70A00206DFDB20CF65C984B6AB7F5FF44324F244A6EE452A7291C778EE51CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004067EB Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004067EB(void* __ecx, void* __edx) {
				void* __edi;
				void* _t16;
				void* _t17;
				void* _t28;
				signed int _t30;
				intOrPtr _t33;
				void* _t35;

				_t28 = __edx;
				E00417F20(E00418A58, _t35);
				_t16 = E00401A6F(_t35 - 0x18, __ecx + 0x18);
				_t33 =  *((intOrPtr*)(_t35 + 8));
				_t30 = 0;
				 *((intOrPtr*)(_t35 - 4)) = 0;
				_t40 =  *((intOrPtr*)(_t33 + 8));
				if( *((intOrPtr*)(_t33 + 8)) > 0) {
					do {
						E00403911(_t35 - 0x18, _t28, _t40,  *((intOrPtr*)( *((intOrPtr*)(_t33 + 0xc)) + _t30 * 4)));
						E00403FEB(_t30,  *((intOrPtr*)(_t35 - 0x18))); // executed
						_t16 = E00402240(_t35 - 0x18, _t28, _t40, 0x5c);
						_t30 = _t30 + 1;
					} while (_t30 <  *((intOrPtr*)(_t33 + 8)));
				}
				_t17 = E00402E39(_t16,  *((intOrPtr*)(_t35 - 0x18)));
				 *[fs:0x0] =  *((intOrPtr*)(_t35 - 0xc));
				return _t17;
			}

0x004067eb
0x004067f0
0x00406801
0x00406806
0x00406809
0x0040680b
0x0040680e
0x00406811
0x00406813
0x0040681c
0x00406824
0x0040682e
0x00406833
0x00406834
0x00406813
0x0040683c
0x00406847
0x0040684f

APIs

__EH_prolog.LIBCMT ref: 004067F0

Part of subcall function 00403FEB: CreateDirectoryW.KERNELBASE(?,00000000,?,?,00000000), ref: 00403FFF

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: CreateDirectoryH_prolog
String ID:
API String ID: 3554458247-0
Opcode ID: 9f0b33a63f053f3ff481d0887053c32d44844a0e82c502858e23c3805b6d6d92
Instruction ID: c49f7847aa3ba3770543b0e7a97de6d055661e23284ae3114879626658e14ae0
Opcode Fuzzy Hash: 9f0b33a63f053f3ff481d0887053c32d44844a0e82c502858e23c3805b6d6d92
Instruction Fuzzy Hash: CAF04F729005069FCB15AF5AD8529EFBBB5EF90304F00803FE102765E2DB786A86CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0040F023 Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E0040F023(intOrPtr __ecx) {
				void* _t23;
				void* _t35;

				E00417F20(E00419DAD, _t35);
				_push(__ecx);
				 *((intOrPtr*)(_t35 - 0x10)) = __ecx;
				 *(_t35 - 4) = 4;
				E004030CF(__ecx + 0xf4);
				 *(_t35 - 4) = 3;
				E004030CF(__ecx + 0xe0);
				 *(_t35 - 4) = 2;
				E004030CF(__ecx + 0xcc);
				 *(_t35 - 4) = 1;
				E004030CF(__ecx + 0xb8);
				 *(_t35 - 4) =  *(_t35 - 4) & 0x00000000;
				E004030CF(__ecx + 0xa0);
				 *(_t35 - 4) =  *(_t35 - 4) | 0xffffffff;
				_t23 = E0040F09A(__ecx); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t35 - 0xc));
				return _t23;
			}

0x0040f028
0x0040f02d
0x0040f031
0x0040f03a
0x0040f041
0x0040f04c
0x0040f050
0x0040f05b
0x0040f05f
0x0040f06a
0x0040f06e
0x0040f073
0x0040f07d
0x0040f082
0x0040f088
0x0040f091
0x0040f099

APIs

__EH_prolog.LIBCMT ref: 0040F028

Part of subcall function 0040F09A: __EH_prolog.LIBCMT ref: 0040F09F

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 53b9ee8f5ab2f1511d94371951bc90502b9f82f10a4a5db8cfd34e6ac130370d
Instruction ID: cc1425b0862953b6daa16fbb8f916fa6622ab9c434ef5ea927247a7fb1d658fe
Opcode Fuzzy Hash: 53b9ee8f5ab2f1511d94371951bc90502b9f82f10a4a5db8cfd34e6ac130370d
Instruction Fuzzy Hash: 06F0AF30826645DAD714EBA4C1117DDBBB9AF14708F0085AEE05A232C3DBB82B08D717

Uniqueness

Uniqueness Score: -1.00%

Function 00403FEB Relevance: 1.5, APIs: 1, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00403FEB(void* __edi, WCHAR* _a4) {
				char _v16;
				void* __ebp;
				void* _t7;
				signed int _t10;

				if( *0x4207ec == 0) {
					_t7 = E00403FD6( *((intOrPtr*)(E00403EBD(__edi,  &_v16, _a4))));
					E00402E39(_t7, _v16);
					return _t7;
				}
				_t10 = CreateDirectoryW(_a4, 0); // executed
				asm("sbb eax, eax");
				return  ~( ~_t10);
			}

0x00403ff8
0x0040401c
0x00404026
0x00000000
0x0040402e
0x00403fff
0x00404007
0x00000000

APIs

CreateDirectoryW.KERNELBASE(?,00000000,?,?,00000000), ref: 00403FFF

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 93aededbe5c4d971252d8527eedcba09085c477f17e6011c012f2fc125d0a6ab
Instruction ID: 3701eeb46ee3e4d77443911190eeca87ba5a7f2b72b97f1445fe2d3383c941d3
Opcode Fuzzy Hash: 93aededbe5c4d971252d8527eedcba09085c477f17e6011c012f2fc125d0a6ab
Instruction Fuzzy Hash: 34E0D875D44109BECF222FB4EC0AECE7FA89B09345F004533FA12B61E2D6799159DA9C

Uniqueness

Uniqueness Score: -1.00%

Function 00413394 Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00413394(void* __ecx, intOrPtr __edx) {
				void* _t15;
				void* _t26;
				intOrPtr _t28;

				E00417F20(E0041A2CC, _t26);
				_push(__ecx);
				_push(__ecx);
				 *((intOrPtr*)(_t26 - 0x10)) = _t28;
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				_t15 = E00412F46( *((intOrPtr*)(_t26 + 8)), __edx,  *((intOrPtr*)(_t26 + 0xc)),  *((intOrPtr*)(_t26 + 0x10)),  *((intOrPtr*)(_t26 + 0x14)),  *((intOrPtr*)(_t26 + 0x18)),  *((intOrPtr*)(_t26 + 0x1c)),  *((intOrPtr*)(_t26 + 0x20)),  *((intOrPtr*)(_t26 + 0x24))); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t26 - 0xc));
				return _t15;
			}

0x00413399
0x0041339e
0x0041339f
0x004133a6
0x004133ac
0x004133c2
0x004133ea
0x004133f3

APIs

__EH_prolog.LIBCMT ref: 00413399

Part of subcall function 00412F46: __EH_prolog.LIBCMT ref: 00412F4B

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 0d4d3e0b5d11d5954cfebff23517a47e8cf26c6f828c1e9b2284cf34578879e1
Instruction ID: 27ba6ecac905feca7f3a1e16450888556254d3450fb3b994dcf7296d1706def2
Opcode Fuzzy Hash: 0d4d3e0b5d11d5954cfebff23517a47e8cf26c6f828c1e9b2284cf34578879e1
Instruction Fuzzy Hash: 39F01532504109FFDF029F85DC42EEE7B76FB48354F00811AF91161160C7BA9971EB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040D66E Relevance: 1.5, APIs: 1, Instructions: 26
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 92%

			E0040D66E(intOrPtr __ecx, void* __eflags) {
				void* _t14;
				void* _t17;
				signed int* _t23;
				intOrPtr _t26;
				void* _t28;

				_t14 = E00417F20(E00419A73, _t28);
				_push(__ecx);
				_t26 = __ecx;
				 *((intOrPtr*)(_t28 - 0x10)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x41b9d4;
				 *((intOrPtr*)(__ecx + 4)) = 0x41b9c4;
				 *((intOrPtr*)(__ecx + 8)) = 0x41b9b4;
				 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
				_t23 = __ecx + 0x1d38;
				E004029E8(_t14,  *(__ecx + 0x1d38));
				 *_t23 =  *_t23 & 0x00000000;
				E0040D706(_t26 + 0x38, __eflags); // executed
				_t9 = _t28 - 4;
				 *(_t28 - 4) =  *(_t28 - 4) | 0xffffffff;
				_t17 = E0040D6CE(_t26 + 0x10,  *_t9); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t28 - 0xc));
				return _t17;
			}

0x0040d673
0x0040d678
0x0040d67a
0x0040d67d
0x0040d680
0x0040d686
0x0040d68d
0x0040d69a
0x0040d69e
0x0040d6a4
0x0040d6a9
0x0040d6af
0x0040d6b4
0x0040d6b4
0x0040d6bb
0x0040d6c5
0x0040d6cd

APIs

__EH_prolog.LIBCMT ref: 0040D673

Part of subcall function 004029E8: free.MSVCRT(?,00413FC5,00000000,?,?,?,00413F79,00000005,?,00000000), ref: 004029EC

Part of subcall function 0040D706: __EH_prolog.LIBCMT ref: 0040D70B

Part of subcall function 0040D6CE: __EH_prolog.LIBCMT ref: 0040D6D3

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$free
String ID:
API String ID: 2654054672-0
Opcode ID: 4771e64ca307d2440379405066d394d6a6f2f9eac9a4b9b69d506c8c1d2058d8
Instruction ID: a67350272edfb09cb70fe44cae63a81f97249f3d8a6d2b115e2e345cb0cf9c62
Opcode Fuzzy Hash: 4771e64ca307d2440379405066d394d6a6f2f9eac9a4b9b69d506c8c1d2058d8
Instruction Fuzzy Hash: ACF030B1520701DBC724DF55C5166EAB7B4FF40314F008A2FE0A2625E1DBB86A49CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0040DD07 Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E0040DD07(intOrPtr __ecx, void* __eflags) {
				void* _t21;
				void* _t32;

				_t35 = __eflags;
				E00417F20(E00419B94, _t32);
				_push(__ecx);
				 *((intOrPtr*)(_t32 - 0x10)) = __ecx;
				 *(_t32 - 4) = 3;
				E0040D6CE(__ecx + 0x498, __eflags); // executed
				 *(_t32 - 4) = 2;
				E0040D706(__ecx + 0x68, __eflags); // executed
				 *(_t32 - 4) = 1;
				E0040D706(__ecx + 0x48, _t35); // executed
				 *(_t32 - 4) =  *(_t32 - 4) & 0x00000000;
				E0040D706(__ecx + 0x28, _t35); // executed
				_t11 = _t32 - 4;
				 *(_t32 - 4) =  *(_t32 - 4) | 0xffffffff;
				_t21 = E0040D706(__ecx + 8,  *_t11); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t32 - 0xc));
				return _t21;
			}

0x0040dd07
0x0040dd0c
0x0040dd11
0x0040dd15
0x0040dd1e
0x0040dd25
0x0040dd2d
0x0040dd31
0x0040dd39
0x0040dd3d
0x0040dd42
0x0040dd49
0x0040dd4e
0x0040dd4e
0x0040dd55
0x0040dd5e
0x0040dd66

APIs

__EH_prolog.LIBCMT ref: 0040DD0C

Part of subcall function 0040D6CE: __EH_prolog.LIBCMT ref: 0040D6D3

Part of subcall function 0040D706: __EH_prolog.LIBCMT ref: 0040D70B

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: ce1d0444a8c51ef6f5c8a8c51709cccdb171aa95fe6828f4f7d04c6f36248cae
Instruction ID: 9ba81640c847e27c741769fa480f30d9ee0bc364dec865f8bcd1637fd11faa81
Opcode Fuzzy Hash: ce1d0444a8c51ef6f5c8a8c51709cccdb171aa95fe6828f4f7d04c6f36248cae
Instruction Fuzzy Hash: 03F09A71814650DBC714EBE5C4257DDBBB4AF14318F0046AEE056632D2DBB86B48C659

Uniqueness

Uniqueness Score: -1.00%

Function 0041295F Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E0041295F(void* __ecx, void* __edx) {
				intOrPtr _t9;
				signed int _t10;
				void* _t11;
				intOrPtr _t14;
				void* _t17;
				void* _t19;
				void* _t21;

				_t17 = __edx;
				E00417F20(E0041A222, _t21);
				_push(__ecx);
				_t19 = __ecx;
				_push(0x48); // executed
				_t9 = E00402E12(); // executed
				_t14 = _t9;
				 *((intOrPtr*)(_t21 - 0x10)) = _t14;
				_t10 = 0;
				 *(_t21 - 4) = 0;
				if(_t14 != 0) {
					_t10 = E00412AF5(_t14,  *((intOrPtr*)(_t21 + 8)));
				}
				 *(_t21 - 4) =  *(_t21 - 4) | 0xffffffff;
				_t11 = E0040882F(_t19, _t17, _t10);
				 *[fs:0x0] =  *((intOrPtr*)(_t21 - 0xc));
				return _t11;
			}

0x0041295f
0x00412964
0x00412969
0x0041296b
0x0041296d
0x0041296f
0x00412975
0x00412977
0x0041297a
0x0041297e
0x00412981
0x00412986
0x00412986
0x0041298b
0x00412992
0x0041299b
0x004129a3

APIs

__EH_prolog.LIBCMT ref: 00412964

Part of subcall function 00402E12: malloc.MSVCRT ref: 00402E18
Part of subcall function 00402E12: _CxxThrowException.MSVCRT(?,0041C440), ref: 00402E32

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ExceptionH_prologThrowmalloc
String ID:
API String ID: 3978722251-0
Opcode ID: 93700a85ef525f3eee1852efe90bdd68d09b65798c269787146c1e5b0e400018
Instruction ID: 9580e206e4323a54a0da30121eb84c4aff6e5b3934a114f892839fecbd123284
Opcode Fuzzy Hash: 93700a85ef525f3eee1852efe90bdd68d09b65798c269787146c1e5b0e400018
Instruction Fuzzy Hash: 70E09272A10115ABCB18EB6899166DE77A5AB48314F00863FA116F32C0DFF84E508758

Uniqueness

Uniqueness Score: -1.00%

Function 00413E76 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00413E76() {
				intOrPtr* _t14;
				void* _t15;
				void* _t16;
				void* _t20;
				void* _t22;
				void* _t24;
				void* _t26;

				E00417F20(E0041A2EC, _t24);
				_t14 =  *((intOrPtr*)(_t24 + 8));
				 *((intOrPtr*)(_t24 - 0x10)) = _t26 - 0xc;
				 *(_t24 - 4) =  *(_t24 - 4) & 0x00000000;
				_t15 =  *((intOrPtr*)( *_t14 + 0x10))(_t14,  *((intOrPtr*)(_t24 + 0xc)),  *((intOrPtr*)(_t24 + 0x10)),  *((intOrPtr*)(_t24 + 0x14)),  *((intOrPtr*)(_t24 + 0x18)),  *((intOrPtr*)(_t24 + 0x1c)), _t20, _t22, _t16);
				 *[fs:0x0] =  *((intOrPtr*)(_t24 - 0xc));
				return _t15;
			}

0x00413e7b
0x00413e86
0x00413e89
0x00413e91
0x00413ea2
0x00413edb
0x00413ee4

APIs

__EH_prolog.LIBCMT ref: 00413E7B

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 642594173727858caa004e5d3380a7696fc4838a5e73c102480a86511a475b02
Instruction ID: 6397ed1e6fe8c9da7117e1661932de648a0a3013199b5bcf43d6be2172ebcef0
Opcode Fuzzy Hash: 642594173727858caa004e5d3380a7696fc4838a5e73c102480a86511a475b02
Instruction Fuzzy Hash: FCF03972600208EFCF019F85D945ADE7F79FF49364F10845AF91196210C37A9A61DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00404C0B Relevance: 1.5, APIs: 1, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00404C0B(void* __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				long _t13;
				signed int _t15;
				void* _t17;

				_t17 = __ecx;
				_push(__ecx);
				_t13 =  *0x420204; // 0x1000000
				if(_a8 > _t13) {
					_a8 = _t13;
				}
				_v8 = _v8 & 0x00000000;
				_t15 = ReadFile( *(_t17 + 8), _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t15 & 0xffffff00 | _t15 != 0x00000000;
			}

0x00404c0b
0x00404c0e
0x00404c0f
0x00404c17
0x00404c19
0x00404c19
0x00404c22
0x00404c2f
0x00404c3d
0x00404c43

APIs

ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00404C2F

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 81df209c2c665388e8aaaca48e39441b945a939c975d1cf6b1303523e45e29d9
Instruction ID: a6006adf0eea1eac86237e634a4fe934aac8c4fe133450c2c8a53acb2385a07d
Opcode Fuzzy Hash: 81df209c2c665388e8aaaca48e39441b945a939c975d1cf6b1303523e45e29d9
Instruction Fuzzy Hash: C8E0E575640209FBCB11CF95CC01B8E7BBAFB48354F20C069F918AA260D339EA51DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00404CA8 Relevance: 1.5, APIs: 1, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00404CA8(void* __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				long _t13;
				signed int _t15;
				void* _t17;

				_t17 = __ecx;
				_push(__ecx);
				_t13 =  *0x420204; // 0x1000000
				if(_a8 > _t13) {
					_a8 = _t13;
				}
				_v8 = _v8 & 0x00000000;
				_t15 = WriteFile( *(_t17 + 8), _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t15 & 0xffffff00 | _t15 != 0x00000000;
			}

0x00404ca8
0x00404cab
0x00404cac
0x00404cb4
0x00404cb6
0x00404cb6
0x00404cbf
0x00404ccc
0x00404cda
0x00404ce0

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00404CCC

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 6bfc91271522fb6d00326eebcab231c83485961f40115b6b84192bf0e01a1573
Instruction ID: a5729da1ea5c54eb6fe627369c06faedc1863ea1b2229311989a619cc8c7fa87
Opcode Fuzzy Hash: 6bfc91271522fb6d00326eebcab231c83485961f40115b6b84192bf0e01a1573
Instruction Fuzzy Hash: ECE0C975601209EBCB11CF95D905B8E7BBAAB48354F10C069E9189A250D3359A51DF54

Uniqueness

Uniqueness Score: -1.00%

Function 0040EFE8 Relevance: 1.5, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E0040EFE8(intOrPtr __ecx, void* __eflags) {
				void* _t12;
				intOrPtr* _t19;
				void* _t21;

				E00417F20(E00419D63, _t21);
				_push(__ecx);
				 *((intOrPtr*)(_t21 - 0x10)) = __ecx;
				 *(_t21 - 4) =  *(_t21 - 4) & 0x00000000;
				_t12 = E0040F023(__ecx + 0x10); // executed
				_t19 =  *((intOrPtr*)(__ecx + 8));
				 *(_t21 - 4) =  *(_t21 - 4) | 0xffffffff;
				if(_t19 != 0) {
					_t12 =  *((intOrPtr*)( *_t19 + 8))(_t19);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t21 - 0xc));
				return _t12;
			}

0x0040efed
0x0040eff2
0x0040eff6
0x0040eff9
0x0040f000
0x0040f005
0x0040f008
0x0040f00e
0x0040f013
0x0040f013
0x0040f01a
0x0040f022

APIs

__EH_prolog.LIBCMT ref: 0040EFED

Part of subcall function 0040F023: __EH_prolog.LIBCMT ref: 0040F028

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 6194ded711dca007c7011cf09d8a6855260a0806ce0f987e83a610111d981e1a
Instruction ID: 360026ee47bc2774675eeda4f4d053965acd67044524eb8552abeec3d37c6b4a
Opcode Fuzzy Hash: 6194ded711dca007c7011cf09d8a6855260a0806ce0f987e83a610111d981e1a
Instruction Fuzzy Hash: 26E01A32C11620DBC724DF54D9457DEB3B4FF08724F00466EE4A2A3691DBB8AE45CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0040497E Relevance: 1.5, APIs: 1, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E0040497E(void* __ecx, void* __edx, void* __edi) {
				void* _t12;
				void* _t24;

				E00417F20(E00418834, _t24);
				_push(__ecx);
				_push(__ecx);
				 *(_t24 - 0x10) =  *(_t24 - 0x10) & 0x00000000;
				_t4 = _t24 - 4;
				 *(_t24 - 4) =  *(_t24 - 4) & 0x00000000;
				_t12 = E00404771(_t24 - 0x14, __edx, __edi,  *_t4,  *((intOrPtr*)(_t24 + 8)),  *((intOrPtr*)(_t24 + 0xc))); // executed
				E0040474D(_t24 - 0x14);
				 *[fs:0x0] =  *((intOrPtr*)(_t24 - 0xc));
				return _t12;
			}

0x00404983
0x00404988
0x00404989
0x0040498a
0x00404992
0x00404992
0x0040499c
0x004049a6
0x004049b1
0x004049b9

APIs

__EH_prolog.LIBCMT ref: 00404983

Part of subcall function 00404771: __EH_prolog.LIBCMT ref: 00404776
Part of subcall function 00404771: FindFirstFileW.KERNELBASE(?,?), ref: 0040479C

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$FileFindFirst
String ID:
API String ID: 3696804488-0
Opcode ID: 63e937022a650833264b746f0125d53e4837a5f79379f95a97068baea7eb73b3
Instruction ID: e3da10a1a92007781e6913d6f4b5b92d281dc24ae7273b1181fa3c8aadc3010e
Opcode Fuzzy Hash: 63e937022a650833264b746f0125d53e4837a5f79379f95a97068baea7eb73b3
Instruction Fuzzy Hash: 5CE08CB6851008AEDB05EF80C952BEEB774FB66308F50811EF46173281CB7C9A08DB29

Uniqueness

Uniqueness Score: -1.00%

Function 004025AF Relevance: 1.5, APIs: 1, Instructions: 19
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004025AF(void** __ecx, struct _SECURITY_ATTRIBUTES* _a4, long _a8, _Unknown_base(*)()* _a12, void* _a16, long _a20, DWORD* _a24) {
				void* _t9;
				void** _t14;

				_t14 = __ecx;
				_t9 = CreateThread(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				 *_t14 = _t9;
				return 0 | _t9 != 0x00000000;
			}

0x004025b3
0x004025c7
0x004025cf
0x004025da

APIs

CreateThread.KERNELBASE ref: 004025C7

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 1fcffb32e082485bf0481085c49cc8eb09168afbbee03ccbbeab8363ad1552dc
Instruction ID: 35e7865a9b0586689ad1c81e047d395b0e1c0f4c0e831869d56b423008eb4a1e
Opcode Fuzzy Hash: 1fcffb32e082485bf0481085c49cc8eb09168afbbee03ccbbeab8363ad1552dc
Instruction Fuzzy Hash: 2CE0423210021AAB8F065F95EC058DA7FAAEF19250B05802AFA5586160DB72D971AF95

Uniqueness

Uniqueness Score: -1.00%

Function 0040474D Relevance: 1.5, APIs: 1, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040474D(void** __ecx) {
				signed int _t7;
				signed int _t8;
				signed int _t10;
				void** _t12;

				_t10 = __ecx;
				_t12 = __ecx;
				if(__ecx[1] != 0) {
					_t7 = FindClose( *__ecx); // executed
					_t8 = _t7 & 0xffffff00 | _t7 != 0x00000000;
					 *((char*)(_t12 + 4)) = _t10 & 0xffffff00 | _t8 == 0x00000000;
					return _t8;
				} else {
					return 1;
				}
			}

0x0040474d
0x0040474e
0x00404754
0x0040475c
0x00404764
0x0040476c
0x00404770
0x00404756
0x00404759
0x00404759

APIs

FindClose.KERNELBASE(?,?,00404789), ref: 0040475C

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 3555938b232b97c30b9ca447e701692dffcd55623e5d1ee7b09cba1228303393
Instruction ID: ab58266e4b6c84c8612f70c1846fc454884ee3baad7e778c9323ceb97bcae3b1
Opcode Fuzzy Hash: 3555938b232b97c30b9ca447e701692dffcd55623e5d1ee7b09cba1228303393
Instruction Fuzzy Hash: 2DD022320063608BDB211A3878003C72FC49F02620F09C4EEE0E04B220C7518CC39790

Uniqueness

Uniqueness Score: -1.00%

Function 004026C5 Relevance: 1.5, APIs: 1, Instructions: 15
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004026C5() {
				intOrPtr* _t10;
				void* _t12;

				_t10 =  *((intOrPtr*)(_t12 - 0x14));
				PostMessageA( *( *_t10 + 0x34),  *0x41bdd4, 0, 0); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t12 - 0xc));
				return 0;
			}

0x004026c5
0x004026d7
0x004026e4
0x004026ed

APIs

PostMessageA.USER32 ref: 004026D7

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 386b0959d37dd0896f77f7c1367ac78cd0cc91b4e9b9c9211bd46f3b8f999c32
Instruction ID: 8177888b60eaacef8102c40bf1316a53285b4d297cde27ef721c7e89e0b76f07
Opcode Fuzzy Hash: 386b0959d37dd0896f77f7c1367ac78cd0cc91b4e9b9c9211bd46f3b8f999c32
Instruction Fuzzy Hash: 24D09236A40104EFDB158F98ED42B88BBB1FB48710F21846AE942A76A0D371A8008F58

Uniqueness

Uniqueness Score: -1.00%

Function 00404C7A Relevance: 1.5, APIs: 1, Instructions: 9
timeCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E00404C7A(void* __ecx, FILETIME* _a4, FILETIME* _a8, FILETIME* _a12) {
				signed int _t5;

				_t5 = SetFileTime( *(__ecx + 8), _a4, _a8, _a12); // executed
				asm("sbb eax, eax");
				return  ~( ~_t5);
			}

0x00404c89
0x00404c91
0x00404c95

APIs

SetFileTime.KERNELBASE(?,?,?,?,00404CA5,00000000,00000000,?,00407532,?), ref: 00404C89

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: FileTime
String ID:
API String ID: 1425588814-0
Opcode ID: cc82d5ad47254439cad3c4263489b4d04cbdb676537012c2c06d1cf040b32438
Instruction ID: 6c6b31b7f0b3b9f48e2e66f9ac327037271f9771431cf9cd6c013d1fedbb8201
Opcode Fuzzy Hash: cc82d5ad47254439cad3c4263489b4d04cbdb676537012c2c06d1cf040b32438
Instruction Fuzzy Hash: D7C04C36158205FFCF120F60CC08C1ABFB2EB98311F10C918B169C4070C7338421EB11

Uniqueness

Uniqueness Score: -1.00%

Function 0040615F Relevance: 1.3, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E0040615F(intOrPtr* __ecx) {
				int _v8;
				int _v12;
				intOrPtr _t30;
				void* _t31;
				intOrPtr* _t32;
				intOrPtr _t33;
				intOrPtr _t35;
				intOrPtr _t42;
				intOrPtr _t50;
				int _t51;
				intOrPtr* _t54;

				_push(__ecx);
				_push(__ecx);
				_t54 = __ecx;
				_t30 =  *((intOrPtr*)(__ecx + 0xc));
				_t50 =  *((intOrPtr*)(__ecx + 4));
				if(_t30 >= _t50) {
					_t50 =  *((intOrPtr*)(__ecx + 0x10));
				}
				_t51 = _t50 - _t30;
				_t31 =  *(_t54 + 0x20);
				_v12 = 0;
				if(_t31 != 0) {
					memmove(_t31,  *_t54 +  *((intOrPtr*)(_t54 + 0xc)), _t51);
					 *(_t54 + 0x20) =  *(_t54 + 0x20) + _t51;
				}
				_t32 =  *((intOrPtr*)(_t54 + 0x14));
				if(_t32 != 0) {
					_v8 = 0;
					_t35 =  *((intOrPtr*)( *_t32 + 0xc))(_t32,  *_t54 +  *((intOrPtr*)(_t54 + 0xc)), _t51,  &_v8);
					_t51 = _v8;
					_v12 = _t35;
				}
				 *((intOrPtr*)(_t54 + 0xc)) =  *((intOrPtr*)(_t54 + 0xc)) + _t51;
				_t33 =  *((intOrPtr*)(_t54 + 0x10));
				if( *((intOrPtr*)(_t54 + 0xc)) == _t33) {
					 *((intOrPtr*)(_t54 + 0xc)) = 0;
				}
				if( *((intOrPtr*)(_t54 + 4)) == _t33) {
					 *((char*)(_t54 + 0x24)) = 1;
					 *((intOrPtr*)(_t54 + 4)) = 0;
				}
				_t42 =  *((intOrPtr*)(_t54 + 0xc));
				if(_t42 >  *((intOrPtr*)(_t54 + 4))) {
					_t33 = _t42;
				}
				 *((intOrPtr*)(_t54 + 0x18)) =  *((intOrPtr*)(_t54 + 0x18)) + _t51;
				 *((intOrPtr*)(_t54 + 8)) = _t33;
				asm("adc [esi+0x1c], ebx");
				return _v12;
			}

0x00406162
0x00406163
0x00406166
0x00406169
0x0040616c
0x00406171
0x00406173
0x00406173
0x00406176
0x00406178
0x0040617f
0x00406182
0x0040618c
0x00406195
0x00406195
0x00406198
0x0040619d
0x004061a2
0x004061b0
0x004061b3
0x004061b6
0x004061b6
0x004061b9
0x004061bf
0x004061c4
0x004061c6
0x004061c6
0x004061cc
0x004061ce
0x004061d2
0x004061d2
0x004061d5
0x004061db
0x004061dd
0x004061dd
0x004061df
0x004061e2
0x004061e9
0x004061ef

APIs

memmove.MSVCRT ref: 0040618C

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: memmove
String ID:
API String ID: 2162964266-0
Opcode ID: 307d3e9cd5dab4160be7f54d0006184c662be811a00dd7dcb7bf5a41bf4bce26
Instruction ID: 4ed1b34bd6617891022857e45d5148d1c756a631deb00c11b7fddb13ca399038
Opcode Fuzzy Hash: 307d3e9cd5dab4160be7f54d0006184c662be811a00dd7dcb7bf5a41bf4bce26
Instruction Fuzzy Hash: 32210271A00B009FC724CF99C89085BF7FAFF88324725892EE49B97A41E374BD448B50

Uniqueness

Uniqueness Score: -1.00%

Function 00405F0D Relevance: 1.3, APIs: 1, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00405F0D(intOrPtr* __ecx) {
				char _v8;
				char _v12;
				intOrPtr* _t21;
				char _t22;
				intOrPtr _t23;
				signed int _t24;
				signed int _t25;
				signed int _t26;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t34;
				intOrPtr* _t38;

				_push(__ecx);
				_push(__ecx);
				_t38 = __ecx;
				if( *((char*)(__ecx + 0x1c)) == 0) {
					_t29 =  *((intOrPtr*)(__ecx + 8));
					asm("cdq");
					 *((intOrPtr*)(__ecx + 0x10)) =  *((intOrPtr*)(__ecx + 0x10)) +  *__ecx - _t29;
					_t21 =  *((intOrPtr*)(__ecx + 0xc));
					asm("adc [esi+0x14], edx");
					_t22 =  *((intOrPtr*)( *_t21 + 0xc))(_t21, _t29,  *((intOrPtr*)(__ecx + 0x18)),  &_v12, _t34);
					if(_t22 != 0) {
						_v8 = _t22;
						_push(0x41cc10);
						_push( &_v8);
						L00417F68();
					}
					_t23 =  *((intOrPtr*)(_t38 + 8));
					_t30 = _v12;
					 *_t38 = _t23;
					_t24 = _t23 + _t30;
					 *(_t38 + 4) = _t24;
					_t25 = _t24 & 0xffffff00 | _t30 == 0x00000000;
					 *(_t38 + 0x1c) = _t25;
					_t26 = 0 | _t25 == 0x00000000;
				} else {
					_t26 = 0;
				}
				return _t26;
			}

0x00405f10
0x00405f11
0x00405f13
0x00405f19
0x00405f1f
0x00405f27
0x00405f28
0x00405f2b
0x00405f35
0x00405f3c
0x00405f42
0x00405f44
0x00405f4a
0x00405f4f
0x00405f50
0x00405f50
0x00405f55
0x00405f58
0x00405f5b
0x00405f5d
0x00405f61
0x00405f64
0x00405f69
0x00405f71
0x00405f1b
0x00405f1b
0x00405f1b
0x00405f75

APIs

_CxxThrowException.MSVCRT(?,0041CC10), ref: 00405F50

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ExceptionThrow
String ID:
API String ID: 432778473-0
Opcode ID: b3b40b5d8a2d0cb6c09454b3de965939018be3a95e47e7f1889865268b5c6f1b
Instruction ID: b5ff3d60ddacea0aab4e33c9a49de9f0d52f65775751d6499660f334a55ee132
Opcode Fuzzy Hash: b3b40b5d8a2d0cb6c09454b3de965939018be3a95e47e7f1889865268b5c6f1b
Instruction Fuzzy Hash: 4A01D471600701AFCB28CFA9C84599BBBF8EF453107004A6EB086D3641E774F946CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0040668D Relevance: 1.3, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E0040668D(void* __ecx, int _a4) {
				int _t8;
				void* _t9;
				void* _t10;
				void* _t12;
				int _t17;
				void* _t18;

				_t17 = _a4;
				_t18 = __ecx;
				if(_t17 ==  *((intOrPtr*)(__ecx + 4))) {
					return _t8;
				}
				if(_t17 <= 0) {
					_t12 = 0;
				} else {
					_push(_t17); // executed
					_t10 = E00402E12(); // executed
					_t12 = _t10;
					_t8 =  *(_t18 + 4);
					if(_t8 > 0) {
						if(_t8 >= _t17) {
							_t8 = _t17;
						}
						_t8 = memmove(_t12,  *(_t18 + 8), _t8);
					}
				}
				_t9 = E00402E39(_t8,  *(_t18 + 8));
				 *(_t18 + 8) = _t12;
				 *(_t18 + 4) = _t17;
				return _t9;
			}

0x0040668f
0x00406693
0x00406698
0x004066d9
0x004066d9
0x0040669d
0x004066c5
0x0040669f
0x0040669f
0x004066a0
0x004066a5
0x004066a7
0x004066ad
0x004066b1
0x004066b3
0x004066b3
0x004066ba
0x004066c0
0x004066ad
0x004066ca
0x004066d0
0x004066d3
0x00000000

APIs

Part of subcall function 00402E12: malloc.MSVCRT ref: 00402E18
Part of subcall function 00402E12: _CxxThrowException.MSVCRT(?,0041C440), ref: 00402E32

memmove.MSVCRT ref: 004066BA

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ExceptionThrowmallocmemmove
String ID:
API String ID: 2847158419-0
Opcode ID: 6bdddc071a42336f3ad332a1aa8bc651ce745e4bb949d7371b7db17dd7bc1405
Instruction ID: 680b4d1f1c9a411aaee73c82872e777884a8b28e481ee0dbe9cb86ed406db870
Opcode Fuzzy Hash: 6bdddc071a42336f3ad332a1aa8bc651ce745e4bb949d7371b7db17dd7bc1405
Instruction Fuzzy Hash: BFF089726006105FC2205F16DD84827BBE9EBC47243128C3FE55FA3390C776E8648A59

Uniqueness

Uniqueness Score: -1.00%

Function 00405CDC Relevance: 1.3, APIs: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405CDC(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				void* _t14;
				intOrPtr* _t19;

				if(_a16 < 3) {
					_t14 = E00404B77(_a4 + 0xc, _a8, _a12, _a16,  &_a8); // executed
					_t19 = _a20;
					if(_t19 != 0) {
						 *_t19 = _a8;
						 *((intOrPtr*)(_t19 + 4)) = _a12;
					}
					if(_t14 == 0) {
						return GetLastError();
					} else {
						return 0;
					}
				}
				return 0x80030001;
			}

0x00405ce3
0x00405cff
0x00405d04
0x00405d09
0x00405d0e
0x00405d13
0x00405d13
0x00405d18
0x00000000
0x00405d1a
0x00000000
0x00405d1a
0x00405d18
0x00000000

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66a3d44ad36f1a5523917fbe63dd0bf288d0502e24de0109028ee4273ad19b23
Instruction ID: afa5ee6ee04699e77b95fc658e6dda8343a63d50d3d0eb39e8b6bdca909c7a74
Opcode Fuzzy Hash: 66a3d44ad36f1a5523917fbe63dd0bf288d0502e24de0109028ee4273ad19b23
Instruction Fuzzy Hash: 1FF05834101A0EEFCF04CF54D9449EB7BA5EF48304B24C02ABD199B260D336E922DF99

Uniqueness

Uniqueness Score: -1.00%

Function 00403138 Relevance: 1.3, APIs: 1, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E00403138(void* __ecx, signed int _a4) {
				void* _t10;
				void* _t13;
				void* _t17;
				void* _t19;
				signed int _t22;
				void* _t23;

				_t22 = _a4;
				_t23 = __ecx;
				if(_t22 >  *((intOrPtr*)(__ecx + 4))) {
					_push(_t22 *  *(__ecx + 0x10)); // executed
					_t13 = E00402E12(); // executed
					_t19 = _t13;
					_t17 = E00402E39(memmove(_t19,  *(_t23 + 0xc),  *(_t23 + 4) *  *(_t23 + 0x10)),  *(_t23 + 0xc));
					 *(_t23 + 0xc) = _t19;
					 *(_t23 + 4) = _t22;
					return _t17;
				}
				return _t10;
			}

0x0040313a
0x0040313e
0x00403143
0x0040314c
0x0040314d
0x00403152
0x00403169
0x00403171
0x00403174
0x00000000
0x00403177
0x0040317a

APIs

Part of subcall function 00402E12: malloc.MSVCRT ref: 00402E18
Part of subcall function 00402E12: _CxxThrowException.MSVCRT(?,0041C440), ref: 00402E32

memmove.MSVCRT ref: 00403160

Part of subcall function 00402E39: free.MSVCRT(00000000,00401D31,?,?,?,00000000,0040105A,0000000F,?,?,00000000), ref: 00402E3D

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ExceptionThrowfreemallocmemmove
String ID:
API String ID: 1097815484-0
Opcode ID: e20d6122d0c5e3f014b6d12016b3c2e28d0668d31e162c2f2849bad4a07350c8
Instruction ID: 1273e163681c087e6bc7ce0cea3e792d6396c63a61703f1748f17c277d9533e5
Opcode Fuzzy Hash: e20d6122d0c5e3f014b6d12016b3c2e28d0668d31e162c2f2849bad4a07350c8
Instruction Fuzzy Hash: 22F0AC72500710AFC3209F59DD85C17FBE9EB99721305C92EE59A97651C374F8108B64

Uniqueness

Uniqueness Score: -1.00%

Function 00405CA6 Relevance: 1.3, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405CA6(void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12, intOrPtr* _a16) {
				void* _t10;
				intOrPtr* _t14;

				_t10 = E00404C0B(_a4 + 0xc, _a8, _a12,  &_a12); // executed
				_t14 = _a16;
				if(_t14 != 0) {
					 *_t14 = _a12;
				}
				if(_t10 == 0) {
					return GetLastError();
				} else {
					return 0;
				}
			}

0x00405cb9
0x00405cbe
0x00405cc3
0x00405cc8
0x00405cc8
0x00405ccc
0x00000000
0x00405cce
0x00000000
0x00405cce

APIs

Part of subcall function 00404C0B: ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00404C2F

GetLastError.KERNEL32 ref: 00405CD2

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ErrorFileLastRead
String ID:
API String ID: 1948546556-0
Opcode ID: 39342fba2d2815a9b907a139efd48f2d5eac403090b3c99a9a79187e29c4e343
Instruction ID: 3841f146e8ca4901dc9fccd9beed7b62b9a0f21cd6fe3eb7b243f13c20b04a5c
Opcode Fuzzy Hash: 39342fba2d2815a9b907a139efd48f2d5eac403090b3c99a9a79187e29c4e343
Instruction Fuzzy Hash: 7EE01A7510470E9BDF04DF94D8509AB3769EF48300B10842AF91697291D731E921DF69

Uniqueness

Uniqueness Score: -1.00%

Function 00405D49 Relevance: 1.3, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405D49(void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12, intOrPtr* _a16) {
				void* _t10;
				intOrPtr* _t14;

				_t10 = E00404CA8(_a4 + 8, _a8, _a12,  &_a12); // executed
				_t14 = _a16;
				if(_t14 != 0) {
					 *_t14 = _a12;
				}
				if(_t10 == 0) {
					return GetLastError();
				} else {
					return 0;
				}
			}

0x00405d5c
0x00405d61
0x00405d66
0x00405d6b
0x00405d6b
0x00405d6f
0x00000000
0x00405d71
0x00000000
0x00405d71

APIs

Part of subcall function 00404CA8: WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00404CCC

GetLastError.KERNEL32 ref: 00405D75

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 9b286737f2a97ee7db552e1ded671d0df98d39c18982fdc41ae1bd43977e0647
Instruction ID: 9cf461506dcb8cd4b242ce7a24882d7741b334a79261173f8f3252edd0bad38e
Opcode Fuzzy Hash: 9b286737f2a97ee7db552e1ded671d0df98d39c18982fdc41ae1bd43977e0647
Instruction Fuzzy Hash: C3E01A7520060E9BCF04DF64E844DEB3769EF48304B05842BB916972A1E735D921DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040620C Relevance: 1.3, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E0040620C(intOrPtr* __ecx, void* __eflags) {
				char _v8;
				char _t3;
				char* _t4;

				_push(__ecx); // executed
				_t3 = E0040615F(__ecx); // executed
				if(_t3 != 0) {
					_v8 = _t3;
					_t4 =  &_v8;
					_push(0x41cc70);
					_push(_t4);
					L00417F68();
					return _t4;
				}
				return _t3;
			}

0x0040620f
0x00406210
0x00406217
0x00406219
0x0040621c
0x0040621f
0x00406224
0x00406225
0x00000000
0x00406225
0x0040622b

APIs

Part of subcall function 0040615F: memmove.MSVCRT ref: 0040618C

_CxxThrowException.MSVCRT(?,0041CC70), ref: 00406225

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ExceptionThrowmemmove
String ID:
API String ID: 3420374180-0
Opcode ID: 0befe0cd0616dab3c5e22673333cee6a264e4f7f4d6616b6762b6288aed908ce
Instruction ID: 88865d121a66d80080bc0d4664e468fc39c0d7ef62793e2e42d954fc5614cc26
Opcode Fuzzy Hash: 0befe0cd0616dab3c5e22673333cee6a264e4f7f4d6616b6762b6288aed908ce
Instruction Fuzzy Hash: 7FC01270580308B5CB00B7B2594298BB5AC8905248B10046BB401A2282F978DA414658

Uniqueness

Uniqueness Score: -1.00%

Function 004029F6 Relevance: 1.3, APIs: 1, Instructions: 10
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004029F6(long _a4) {
				void* _t3;

				if(_a4 != 0) {
					_t3 = VirtualAlloc(0, _a4, 0x1000, 4); // executed
					return _t3;
				}
				return 0;
			}

0x004029fb
0x00402a0e
0x00000000
0x00402a0e
0x00000000

APIs

VirtualAlloc.KERNELBASE(00000000,00420688,00001000,00000004,0040BFCB,00020000,?,0040CC55,?,004206C8,?,004206B8,?,00420698,?,00420688), ref: 00402A0E

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b8b0774f75c9037625a28e82d62b68dd101b2b2b531a22ecfeb6f5b3c65ee237
Instruction ID: 952d5cd460edadde0682d446466f4916809d579aad05bbad86dbc3bb5920caa2
Opcode Fuzzy Hash: b8b0774f75c9037625a28e82d62b68dd101b2b2b531a22ecfeb6f5b3c65ee237
Instruction Fuzzy Hash: 38C08C30388300FEE63186108E0DF4776909B98B66F00C835B349740C0C7F44000EA6E

Uniqueness

Uniqueness Score: -1.00%

Function 00402A17 Relevance: 1.3, APIs: 1, Instructions: 7
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00402A17(void* _a4) {
				void* _t3;
				int _t4;

				if(_a4 != 0) {
					_t4 = VirtualFree(_a4, 0, 0x8000); // executed
					return _t4;
				}
				return _t3;
			}

0x00402a1c
0x00402a29
0x00000000
0x00402a29
0x00402a2f

APIs

VirtualFree.KERNELBASE(?,00000000,00008000,0040610A,?,?,004060E7,?,?,00413F5F,00000000), ref: 00402A29

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 44ddf7ed07eec63cc73b584f1535556ca722d47a717908e2f0bfdf4aec2e539b
Instruction ID: 45b99d90834e0caa0d8d2e82644f9787aa5f7f2ffc597dcc0e1757bff2ab5656
Opcode Fuzzy Hash: 44ddf7ed07eec63cc73b584f1535556ca722d47a717908e2f0bfdf4aec2e539b
Instruction Fuzzy Hash: 5BC09230245300FEE7228B04DE0DF9BBBA0EB94B11F20C439B298A50E88BB45858DE0D

Uniqueness

Uniqueness Score: -1.00%

Function 004029E8 Relevance: 1.3, APIs: 1, Instructions: 4
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E004029E8(void* __eax, void* _a4) {
				void* _t2;

				_t2 = __eax;
				free(_a4); // executed
				return _t2;
			}

0x004029e8
0x004029ec
0x004029f3

APIs

free.MSVCRT(?,00413FC5,00000000,?,?,?,00413F79,00000005,?,00000000), ref: 004029EC

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: eb1fa8613a9c73d3249293091bc52a8cf7eb3aa27656853f0bf4d275c2b76abb
Instruction ID: 1836a8c0301004cec903a5407049889a0ac6589ee162c18bc27fff4d23c214e8
Opcode Fuzzy Hash: eb1fa8613a9c73d3249293091bc52a8cf7eb3aa27656853f0bf4d275c2b76abb
Instruction Fuzzy Hash: 07A00272005104EBC7055F11ED1D88EBB65FBA8752B25C43AF14740470CB314830FA59

Uniqueness

Uniqueness Score: -1.00%

Function 00402E39 Relevance: 1.3, APIs: 1, Instructions: 4
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00402E39(void* __eax, void* _a4) {
				void* _t2;

				_t2 = __eax;
				free(_a4); // executed
				return _t2;
			}

0x00402e39
0x00402e3d
0x00402e44

APIs

free.MSVCRT(00000000,00401D31,?,?,?,00000000,0040105A,0000000F,?,?,00000000), ref: 00402E3D

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: b57ffdd56b363bb5d4f42796e99cd40fc192a2b98acc84d2c8c0f77930c2eac5
Instruction ID: f9562082b6b1794bc1084bd899aae77752fbb4eb59269adab570762a81993a80
Opcode Fuzzy Hash: b57ffdd56b363bb5d4f42796e99cd40fc192a2b98acc84d2c8c0f77930c2eac5
Instruction Fuzzy Hash: FCA00271005104EBCB051F11ED1D48D7B61FB88652B258469F04740470CB314820BA45

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004172C7 Relevance: 22.7, APIs: 15, Instructions: 227
COMMONCrypto

Download Yara Rule

C-Code - Quality: 68%

			E004172C7() {
				signed int _v8;
				signed int _v12;
				char _v525;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				signed int _t84;
				signed char _t91;
				signed int _t92;
				signed int _t106;
				signed int _t107;
				signed int _t113;
				signed char _t114;
				signed int* _t115;
				signed char _t126;
				signed int _t127;
				signed int _t128;
				signed int _t153;
				signed int _t158;
				signed int _t161;
				signed int _t162;
				signed int _t164;
				signed int _t165;
				signed int _t168;
				void* _t169;
				void* _t170;
				void* _t171;

				_t114 = 0;
				_t74 = 1;
				do {
					 *(_t169 + _t114 - 0x308) = _t74;
					 *(_t169 + _t114 - 0x209) = _t74;
					 *(_t169 + _t74 - 0x108) = _t114;
					_t114 = _t114 + 1;
					asm("sbb edx, edx");
					_t74 = _t74 ^  ~(_t74 & 0x00000080) & 0x0000011b ^ _t74 + _t74;
				} while (_t74 != 1);
				_t115 = 0x423c80;
				do {
					 *_t115 = _t74;
					if(_t74 == 0) {
						_t74 = 0;
					} else {
						_t74 =  *(_t169 + ( *(_t169 + _t74 - 0x108) & 0x000000ff) - 0x2ef) & 0x000000ff;
					}
					_t115 =  &(_t115[1]);
				} while (_t115 < 0x423ca8);
				_v8 = _v8 & 0x00000000;
				do {
					if(_v8 == 0) {
						_t75 = 0;
					} else {
						_t75 =  *( &_v525 - ( *(_t169 + (_v8 & 0x000000ff) - 0x108) & 0x000000ff)) & 0x000000ff;
					}
					_t126 = (_t75 ^ (((_t75 + _t75 ^ _t75) << 0x00000001 ^ _t75) << 0x00000001 ^ _t75) << 0x00000001) >> 0x00000008 ^ _t75 ^ (((_t75 + _t75 ^ _t75) << 0x00000001 ^ _t75) << 0x00000001 ^ _t75) << 0x00000001 ^ 0x00000063;
					if(_t126 == 0) {
						_t77 = 0;
					} else {
						_t77 =  *(_t169 + ( *(_t169 + (_t126 & 0x000000ff) - 0x108) & 0x000000ff) - 0x307) & 0x000000ff;
					}
					if(_t126 == 0) {
						_t153 = 0;
					} else {
						_t153 =  *(_t169 + ( *(_t169 + (_t126 & 0x000000ff) - 0x108) & 0x000000ff) - 0x2ef) & 0x000000ff;
					}
					_t161 = _t126 & 0x000000ff;
					_push(8);
					_t106 = ((_t77 << 0x00000008 | _t161) << 0x00000008 | _t161) << 0x00000008 | _t153;
					_t84 = _v8;
					_push(_t106);
					_t168 = _t84 << 2;
					 *(_t168 + 0x421c80) = _t106;
					L00418130();
					_push(0x10);
					_push(_t106);
					 *(_t168 + 0x422080) = _t84;
					L00418130();
					_push(0x18);
					_push(_t106);
					 *(_t168 + 0x422480) = _t84;
					L00418130();
					_push(8);
					_push(_t161);
					 *(_t168 + 0x422880) = _t84;
					 *(_t168 + 0x420c80) = _t161;
					L00418130();
					_push(0x10);
					_push(_t161);
					 *(_t168 + 0x421080) = _t84;
					L00418130();
					_push(0x18);
					_push(_t161);
					 *(_t168 + 0x421480) = _t84;
					L00418130();
					_t127 = _v8 & 0x000000ff;
					 *(_t168 + 0x421880) = _t84;
					_t171 = _t170 + 0x30;
					if((((_t127 << 0x00000003 ^ _t127) << 0x00000002 ^ _t127) << 0x00000001 >> 0x00000008 ^ ((_t127 << 0x00000003 ^ _t127) << 0x00000002 ^ _t127) << 0x00000001 ^ 0x00000005) == 0) {
						_t91 = 0;
					} else {
						_t91 =  *((intOrPtr*)( &_v525 - ( *(_t169 + (((_t127 << 0x00000003 ^ _t127) << 0x00000002 ^ _t127) << 0x00000001 >> 0x00000008 & 0x000000ff ^ ((_t127 << 0x00000003 ^ _t127) << 0x00000002 ^ _t127) << 0x00000001 & 0x000000ff ^ 0x00000005) - 0x108) & 0x000000ff)));
					}
					if(_t91 == 0) {
						_t107 = 0;
					} else {
						_t107 =  *(_t169 + ( *(_t169 + (_t91 & 0x000000ff) - 0x108) & 0x000000ff) - 0x2a0) & 0x000000ff;
					}
					if(_t91 == 0) {
						_t162 = 0;
					} else {
						_t162 =  *(_t169 + ( *(_t169 + (_t91 & 0x000000ff) - 0x108) & 0x000000ff) - 0x21a) & 0x000000ff;
					}
					if(_t91 == 0) {
						_t158 = 0;
					} else {
						_t158 =  *(_t169 + ( *(_t169 + (_t91 & 0x000000ff) - 0x108) & 0x000000ff) - 0x241) & 0x000000ff;
					}
					if(_t91 == 0) {
						_t128 = 0;
					} else {
						_t128 =  *(_t169 + ( *(_t169 + (_t91 & 0x000000ff) - 0x108) & 0x000000ff) - 0x229) & 0x000000ff;
					}
					_push(8);
					_t92 = _t91 & 0x000000ff;
					_t113 = ((_t107 << 0x00000008 | _t162) << 0x00000008 | _t158) << 0x00000008 | _t128;
					_v12 = _t92;
					_t164 = _t92 << 2;
					_push(_t113);
					 *(_t164 + 0x424d00) = _t113;
					L00418130();
					_push(0x10);
					_push(_t113);
					 *(_t164 + 0x425100) = _t92;
					L00418130();
					_push(0x18);
					_push(_t113);
					 *(_t164 + 0x425500) = _t92;
					L00418130();
					_push(8);
					_push(_t113);
					 *(_t164 + 0x425900) = _t92;
					 *(_t168 + 0x423d00) = _t113;
					L00418130();
					_push(0x10);
					_push(_t113);
					 *(_t168 + 0x424100) = _t92;
					L00418130();
					_push(0x18);
					_push(_t113);
					 *(_t168 + 0x424500) = _t92;
					L00418130();
					_t165 = _v12;
					_push(8);
					_push(_t165);
					 *(_t168 + 0x424900) = _t92;
					 *(_t168 + 0x422c80) = _t165;
					L00418130();
					_push(0x10);
					_push(_t165);
					 *(_t168 + 0x423080) = _t92;
					L00418130();
					_t170 = _t171 + 0x40;
					 *(_t168 + 0x423480) = _t92;
					_push(0x18);
					_push(_t165);
					L00418130();
					_v8 = _v8 + 1;
					 *(_t168 + 0x423880) = _t92;
				} while (_v8 < 0x100);
				 *0x420c64 = 1;
				return _t92;
			}

0x004172d5
0x004172d7
0x004172d8
0x004172da
0x004172e1
0x004172e8
0x004172f2
0x004172f5
0x00417302
0x00417304
0x00417309
0x0041730e
0x00417310
0x00417312
0x00417326
0x00417314
0x0041731c
0x0041731c
0x00417328
0x0041732b
0x00417333
0x00417337
0x0041733b
0x00417356
0x0041733d
0x00417351
0x00417351
0x00417370
0x00417373
0x0041738a
0x00417375
0x00417380
0x00417380
0x0041738e
0x004173a5
0x00417390
0x0041739b
0x0041739b
0x004173a7
0x004173af
0x004173bb
0x004173bd
0x004173c2
0x004173c3
0x004173c6
0x004173cc
0x004173d1
0x004173d3
0x004173d4
0x004173da
0x004173df
0x004173e1
0x004173e2
0x004173e8
0x004173ed
0x004173ef
0x004173f0
0x004173f6
0x004173fc
0x00417401
0x00417403
0x00417404
0x0041740a
0x0041740f
0x00417411
0x00417412
0x00417418
0x0041741d
0x00417421
0x0041742e
0x00417442
0x00417476
0x00417444
0x00417472
0x00417472
0x0041747a
0x00417491
0x0041747c
0x00417487
0x00417487
0x00417495
0x004174ac
0x00417497
0x004174a2
0x004174a2
0x004174b0
0x004174c7
0x004174b2
0x004174bd
0x004174bd
0x004174cb
0x004174e2
0x004174cd
0x004174d8
0x004174d8
0x004174e9
0x004174ee
0x004174f8
0x004174fa
0x004174fd
0x00417500
0x00417501
0x00417507
0x0041750c
0x0041750e
0x0041750f
0x00417515
0x0041751a
0x0041751c
0x0041751d
0x00417523
0x00417528
0x0041752a
0x0041752b
0x00417531
0x00417537
0x0041753c
0x0041753e
0x0041753f
0x00417545
0x0041754a
0x0041754c
0x0041754d
0x00417553
0x00417558
0x0041755b
0x0041755d
0x0041755e
0x00417564
0x0041756a
0x0041756f
0x00417571
0x00417572
0x00417578
0x0041757d
0x00417580
0x00417586
0x00417588
0x00417589
0x0041758e
0x0041759a
0x0041759a
0x004175a8
0x004175b1

APIs

_lrotl.MSVCRT ref: 004173CC
_lrotl.MSVCRT ref: 004173DA
_lrotl.MSVCRT ref: 004173E8
_lrotl.MSVCRT ref: 004173FC
_lrotl.MSVCRT ref: 0041740A
_lrotl.MSVCRT ref: 00417418
_lrotl.MSVCRT ref: 00417507
_lrotl.MSVCRT ref: 00417515
_lrotl.MSVCRT ref: 00417523
_lrotl.MSVCRT ref: 00417537
_lrotl.MSVCRT ref: 00417545
_lrotl.MSVCRT ref: 00417553
_lrotl.MSVCRT ref: 0041756A
_lrotl.MSVCRT ref: 00417578
_lrotl.MSVCRT ref: 00417589

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: _lrotl
String ID:
API String ID: 2637362246-0
Opcode ID: f9a7d50f49870f1657a946cd86fcda5652473c0b11648665ea10cde6acb4a234
Instruction ID: 6da1b197a181d746186260b310e9c05cc6a06903fbfefac8b4099b3de0da191d
Opcode Fuzzy Hash: f9a7d50f49870f1657a946cd86fcda5652473c0b11648665ea10cde6acb4a234
Instruction Fuzzy Hash: A78167707083646AD7588A7A08547FA7AF06B91301F50067FFCEAD21C2DF7C5A92EB18

Uniqueness

Uniqueness Score: -1.00%

Function 0040A15F Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 289
memoryCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E0040A15F(void* __edx) {
				void* __edi;
				unsigned int _t128;
				unsigned int _t129;
				intOrPtr _t132;
				intOrPtr _t136;
				void* _t137;
				void* _t139;
				intOrPtr* _t141;
				unsigned int _t142;
				void* _t151;
				void* _t153;
				intOrPtr* _t155;
				void* _t156;
				void* _t161;
				void* _t163;
				void* _t164;
				void* _t166;
				void* _t170;
				intOrPtr* _t173;
				void* _t174;
				void* _t175;
				void* _t177;
				void* _t181;
				intOrPtr* _t184;
				unsigned int _t186;
				intOrPtr* _t216;
				intOrPtr _t220;
				unsigned int _t221;
				void* _t224;
				void* _t226;
				void* _t227;

				_t212 = __edx;
				E00417F20(E00419343, _t224);
				_t227 = _t226 - 0x94;
				E0040190B(_t224 - 0x3c,  *((intOrPtr*)(_t224 + 0x1c)));
				_t216 =  *((intOrPtr*)(_t224 + 0x24));
				_t186 = 0;
				 *( *(_t224 + 0x20)) = 0;
				 *((intOrPtr*)(_t224 - 4)) = 0;
				 *_t216 = 0;
				E0040190B(_t224 - 0x24,  *((intOrPtr*)(_t224 + 0x1c)));
				 *((char*)(_t224 - 4)) = 1;
				E00401A6F(_t224 - 0x18, _t224 - 0x24);
				 *((char*)(_t224 - 4)) = 2;
				 *((char*)(_t224 + 0x1f)) =  *((intOrPtr*)(_t224 + 0x10)) != 0;
				E0040279E(_t224 - 0x70);
				 *((char*)(_t224 - 4)) = 3;
				_push(_t224 - 0xa0);
				_push( *((intOrPtr*)(_t224 - 0x18)));
				_t123 = E0040497E(_t224 - 0x70, _t212, _t216);
				if(_t123 == 0) {
					L34:
					__imp__#2( *((intOrPtr*)(_t224 - 0x3c)));
					 *( *(_t224 + 0x20)) = _t123;
					 *_t216 = 1;
					__imp__#6(_t186);
					L35:
					E00402E39(E00402E39(E00402E39(E00402E39(_t123,  *((intOrPtr*)(_t224 - 0x70))),  *((intOrPtr*)(_t224 - 0x18))),  *((intOrPtr*)(_t224 - 0x24))),  *((intOrPtr*)(_t224 - 0x3c)));
					_t128 = 0;
					L36:
					 *[fs:0x0] =  *((intOrPtr*)(_t224 - 0xc));
					return _t128;
				}
				_t129 =  *(_t224 - 0xa0);
				if( *((intOrPtr*)(_t224 + 0x1f)) == 0) {
					if((_t129 >> 0x00000004 & 0x00000001) == 0) {
						_t220 =  *((intOrPtr*)(_t224 + 8));
						_t132 =  *((intOrPtr*)(_t220 + 0xbc));
						if(_t132 == 0) {
							_t212 = _t224 - 0x8c;
							_t134 =  *((intOrPtr*)( *((intOrPtr*)(_t220 - 4)) + 0x14))(_t220 - 4,  *((intOrPtr*)(_t224 - 0x24)), _t224 - 0x8c, _t224 - 0x80,  *((intOrPtr*)(_t224 + 0xc)),  *((intOrPtr*)(_t224 + 0x14)),  *((intOrPtr*)(_t224 + 0x18)), _t224 + 8);
							if(_t134 == 0) {
								_t136 =  *((intOrPtr*)(_t224 + 8));
								if(_t136 == 0) {
									L28:
									if( *((intOrPtr*)(_t220 + 0xbc)) != 3) {
										_t123 = E0040425E(_t216,  *((intOrPtr*)(_t224 - 0x18)));
										if(_t123 != 0) {
											goto L34;
										}
										_t137 = E0040190B(_t224 - 0x48, L"can not delete output file ");
										 *((char*)(_t224 - 4)) = 0x15;
										_t139 = E00403BA6(_t212);
										 *((char*)(_t224 - 4)) = 0x17;
										E00402E39(_t139,  *((intOrPtr*)(_t224 - 0x48)));
										_t141 = _t220 - 4;
										_t142 =  *((intOrPtr*)( *_t141 + 0x1c))(_t141,  *((intOrPtr*)(_t224 - 0x30)), _t224 - 0x30, _t137, _t224 - 0x18);
										_t221 = _t142;
										if(_t142 == _t186) {
											_t221 = 0x80004004;
										}
										_push( *((intOrPtr*)(_t224 - 0x30)));
										L41:
										E00402E39(E00402E39(E00402E39(E00402E39(E00402E39(_t142),  *((intOrPtr*)(_t224 - 0x70))),  *((intOrPtr*)(_t224 - 0x18))),  *((intOrPtr*)(_t224 - 0x24))),  *((intOrPtr*)(_t224 - 0x3c)));
										_t128 = _t221;
										goto L36;
									}
									_push(_t224 - 0x18);
									if(E00405A40() != 0) {
										_t123 = E00401975(_t224 - 0x3c, _t224 - 0x18);
										goto L34;
									}
									_t151 = E0040190B(_t224 - 0x48, L"can not create name of file ");
									 *((char*)(_t224 - 4)) = 0x12;
									_t153 = E00403BA6(_t212);
									 *((char*)(_t224 - 4)) = 0x14;
									E00402E39(_t153,  *((intOrPtr*)(_t224 - 0x48)));
									_t155 = _t220 - 4;
									_t142 =  *((intOrPtr*)( *_t155 + 0x1c))(_t155,  *((intOrPtr*)(_t224 - 0x30)), _t224 - 0x30, _t151, _t224 - 0x18);
									_t221 = _t142;
									if(_t142 == _t186) {
										_t221 = 0x80004004;
									}
									_push( *((intOrPtr*)(_t224 - 0x30)));
									goto L41;
								}
								_t156 = _t136 - 1;
								if(_t156 == 0) {
									 *((intOrPtr*)(_t220 + 0xbc)) = 1;
									goto L28;
								}
								_t134 = _t156 - 1;
								if(_t134 == 0) {
									L16:
									E00402E39(E00402E39(E00402E39(E00402E39(_t134,  *((intOrPtr*)(_t224 - 0x70))),  *((intOrPtr*)(_t224 - 0x18))),  *((intOrPtr*)(_t224 - 0x24))),  *((intOrPtr*)(_t224 - 0x3c)));
									_t128 = _t186;
									goto L36;
								}
								_t123 = _t134 - 1;
								if(_t123 == 0) {
									 *((intOrPtr*)(_t220 + 0xbc)) = 2;
									goto L35;
								}
								_t161 = _t123 - 1;
								if(_t161 == 0) {
									 *((intOrPtr*)(_t220 + 0xbc)) = 3;
									goto L28;
								}
								_t134 = _t161 != 1;
								if(_t161 != 1) {
									_t134 = _t224 + 0x1c;
									_push(0x41c1c0);
									_push(_t224 + 0x1c);
									 *((intOrPtr*)(_t224 + 0x1c)) = 0x4fbd;
									L00417F68();
								}
								_t186 = 0x80004004;
								goto L16;
							}
							_t186 = _t134;
							goto L16;
						}
						_t123 = _t132 != 0;
						if(_t132 != 0) {
							goto L28;
						}
						goto L35;
					}
					_t163 = E0040190B(_t224 - 0x60, L"\' with file with same name");
					 *((char*)(_t224 - 4)) = 0xb;
					_t164 = E0040190B(_t224 - 0x54, L"can not replace folder \'");
					 *((char*)(_t224 - 4)) = 0xc;
					_t166 = E00403BA6(_t212);
					 *((char*)(_t224 - 4)) = 0xd;
					_t170 = E00402E39(E00402E39(E00403BA6(_t212),  *((intOrPtr*)(_t224 - 0x48))),  *((intOrPtr*)(_t224 - 0x54)));
					 *((char*)(_t224 - 4)) = 0xf;
					E00402E39(_t170,  *((intOrPtr*)(_t224 - 0x60)));
					_t227 = _t227 + 0xc;
					_t173 =  *((intOrPtr*)(_t224 + 8)) + 0xfffffffc;
					_t142 =  *((intOrPtr*)( *_t173 + 0x1c))(_t173,  *((intOrPtr*)(_t224 - 0x30)), _t224 - 0x30, _t166, _t163, _t224 - 0x48, _t164, _t224 - 0x24);
					_t221 = _t142;
					if(_t142 == 0) {
						_t221 = 0x80004005;
					}
					_push( *((intOrPtr*)(_t224 - 0x30)));
					goto L41;
				}
				_t123 = _t129 >> 4;
				if((_t129 >> 0x00000004 & 0x00000001) != 0) {
					 *_t216 = 0;
					goto L35;
				}
				_t174 = E0040190B(_t224 - 0x48, L"\' with folder with same name");
				 *((char*)(_t224 - 4)) = 4;
				_t175 = E0040190B(_t224 - 0x54, L"can not replace file \'");
				 *((char*)(_t224 - 4)) = 5;
				_t177 = E00403BA6(_t212);
				 *((char*)(_t224 - 4)) = 6;
				_t181 = E00402E39(E00402E39(E00403BA6(_t212),  *((intOrPtr*)(_t224 - 0x60))),  *((intOrPtr*)(_t224 - 0x54)));
				 *((char*)(_t224 - 4)) = 8;
				E00402E39(_t181,  *((intOrPtr*)(_t224 - 0x48)));
				_t227 = _t227 + 0xc;
				_t184 =  *((intOrPtr*)(_t224 + 8)) + 0xfffffffc;
				_t142 =  *((intOrPtr*)( *_t184 + 0x1c))(_t184,  *((intOrPtr*)(_t224 - 0x30)), _t224 - 0x30, _t177, _t174, _t224 - 0x60, _t175, _t224 - 0x24);
				_t221 = _t142;
				if(_t142 == 0) {
					_t221 = 0x80004004;
				}
				_push( *((intOrPtr*)(_t224 - 0x30)));
				goto L41;
			}

0x0040a15f
0x0040a164
0x0040a169
0x0040a178
0x0040a180
0x0040a186
0x0040a188
0x0040a18d
0x0040a190
0x0040a192
0x0040a19e
0x0040a1a2
0x0040a1ad
0x0040a1b1
0x0040a1b5
0x0040a1c0
0x0040a1c4
0x0040a1c5
0x0040a1c8
0x0040a1cf
0x0040a43c
0x0040a43f
0x0040a449
0x0040a44b
0x0040a451
0x0040a457
0x0040a472
0x0040a47a
0x0040a47c
0x0040a482
0x0040a48a
0x0040a48a
0x0040a1d8
0x0040a1de
0x0040a27d
0x0040a305
0x0040a30e
0x0040a310
0x0040a336
0x0040a341
0x0040a346
0x0040a377
0x0040a379
0x0040a3cb
0x0040a3d2
0x0040a490
0x0040a497
0x00000000
0x00000000
0x0040a4a1
0x0040a4a9
0x0040a4b3
0x0040a4bb
0x0040a4bf
0x0040a4c5
0x0040a4ce
0x0040a4d3
0x0040a4d5
0x0040a4d7
0x0040a4d7
0x0040a4dc
0x0040a4df
0x0040a4ff
0x0040a507
0x00000000
0x0040a507
0x0040a3db
0x0040a3e3
0x0040a437
0x00000000
0x0040a437
0x0040a3ed
0x0040a3f5
0x0040a3ff
0x0040a407
0x0040a40b
0x0040a411
0x0040a41a
0x0040a41f
0x0040a421
0x0040a423
0x0040a423
0x0040a428
0x00000000
0x0040a428
0x0040a37b
0x0040a37c
0x0040a3c1
0x00000000
0x0040a3c1
0x0040a37e
0x0040a37f
0x0040a34a
0x0040a365
0x0040a36d
0x00000000
0x0040a36d
0x0040a381
0x0040a382
0x0040a3b2
0x00000000
0x0040a3b2
0x0040a384
0x0040a385
0x0040a3a6
0x00000000
0x0040a3a6
0x0040a387
0x0040a388
0x0040a38a
0x0040a38d
0x0040a392
0x0040a393
0x0040a39a
0x0040a39a
0x0040a39f
0x00000000
0x0040a39f
0x0040a348
0x00000000
0x0040a348
0x0040a313
0x0040a314
0x00000000
0x00000000
0x00000000
0x0040a31a
0x0040a28b
0x0040a29a
0x0040a29e
0x0040a2a6
0x0040a2b0
0x0040a2ba
0x0040a2cf
0x0040a2d7
0x0040a2db
0x0040a2e3
0x0040a2e6
0x0040a2ef
0x0040a2f4
0x0040a2f6
0x0040a2f8
0x0040a2f8
0x0040a2fd
0x00000000
0x0040a2fd
0x0040a1e4
0x0040a1e9
0x0040a271
0x00000000
0x0040a271
0x0040a1f7
0x0040a206
0x0040a20a
0x0040a212
0x0040a21c
0x0040a226
0x0040a23b
0x0040a243
0x0040a247
0x0040a24f
0x0040a252
0x0040a25b
0x0040a260
0x0040a262
0x0040a264
0x0040a264
0x0040a269
0x00000000

APIs

__EH_prolog.LIBCMT ref: 0040A164

Part of subcall function 0040497E: __EH_prolog.LIBCMT ref: 00404983

SysAllocString.OLEAUT32(?), ref: 0040A43F
SysFreeString.OLEAUT32(00000000), ref: 0040A451

Part of subcall function 00403BA6: __EH_prolog.LIBCMT ref: 00403BAB

Part of subcall function 00402E39: free.MSVCRT(00000000,00401D31,?,?,?,00000000,0040105A,0000000F,?,?,00000000), ref: 00402E3D

Strings

can not replace file ', xrefs: 0040A1FE
' with file with same name, xrefs: 0040A283
can not replace folder ', xrefs: 0040A292
' with folder with same name, xrefs: 0040A1EF
can not create name of file , xrefs: 0040A3E5
can not delete output file , xrefs: 0040A499

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$String$AllocFreefree
String ID: ' with file with same name$' with folder with same name$can not create name of file $can not delete output file $can not replace file '$can not replace folder '
API String ID: 3275269003-1361006145
Opcode ID: 7df5d9389aaa3b72f6f2edb60650f1f2d4ea6d3695ffb64426f7d89f0388e848
Instruction ID: 0760d8ce13784bc102bfb32918d95c35ad9f88c2592e0880f79d75469593ea21
Opcode Fuzzy Hash: 7df5d9389aaa3b72f6f2edb60650f1f2d4ea6d3695ffb64426f7d89f0388e848
Instruction Fuzzy Hash: 36B16A75800208AECF11EFA1C949EDEBBB5AF14308F14407AF905B32D2DBB95A15DB99

Uniqueness

Uniqueness Score: -1.00%

Function 00404ED8 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 57
stringtimeCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E00404ED8(FILETIME* _a4, char* _a8, char _a12, char _a16) {
				struct _SYSTEMTIME _v20;
				char* _t31;

				_t31 = _a8;
				 *_t31 =  *_t31 & 0x00000000;
				if(FileTimeToSystemTime(_a4,  &_v20) != 0) {
					sprintf(_t31, "%04d-%02d-%02d", _v20.wYear & 0x0000ffff, _v20.wMonth & 0x0000ffff, _v20.wDay & 0x0000ffff);
					if(_a12 != 0) {
						sprintf( &(_t31[strlen(_t31)]), " %02d:%02d", _v20.wHour & 0x0000ffff, _v20.wMinute & 0x0000ffff);
						if(_a16 != 0) {
							_push(_v20.wSecond & 0x0000ffff);
							sprintf( &(_t31[strlen(_t31)]), ":%02d");
						}
					}
					return 1;
				}
				return 0;
			}

0x00404ee2
0x00404ee9
0x00404ef4
0x00404f16
0x00404f1f
0x00404f3a
0x00404f43
0x00404f49
0x00404f59
0x00404f5b
0x00404f43
0x00000000
0x00404f60
0x00000000

APIs

FileTimeToSystemTime.KERNEL32(?,?), ref: 00404EEC
sprintf.MSVCRT ref: 00404F16
strlen.MSVCRT ref: 00404F31
sprintf.MSVCRT ref: 00404F3A
strlen.MSVCRT ref: 00404F50
sprintf.MSVCRT ref: 00404F59

Strings

:%02d, xrefs: 00404F4A
%04d-%02d-%02d, xrefs: 00404F10
%02d:%02d, xrefs: 00404F2B

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: sprintf$Timestrlen$FileSystem
String ID: %02d:%02d$%04d-%02d-%02d$:%02d
API String ID: 2802209455-323996821
Opcode ID: 5ae1cd4be3fd3a6d93ca5baf43e37319b0c11ae3eff07f3df56283958a5286f7
Instruction ID: 418037d6843f2cf9ad1d2eb8b7b82777e7bcc1e1487e96a9f498700d9ed8bebb
Opcode Fuzzy Hash: 5ae1cd4be3fd3a6d93ca5baf43e37319b0c11ae3eff07f3df56283958a5286f7
Instruction Fuzzy Hash: 1201D6A2900128BADB10AB999C05BFF7BACAF48714F040057F954A61C2E77C8981D3B9

Uniqueness

Uniqueness Score: -1.00%

Function 004177DC Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 196
timewindowCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E004177DC(intOrPtr __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				struct HWND__* _t97;
				long _t102;
				long _t103;
				void* _t106;
				int _t112;
				void* _t115;
				void* _t116;
				void* _t119;
				void* _t120;
				void* _t124;
				void* _t128;
				void* _t129;
				void* _t136;
				void* _t138;
				void* _t166;
				intOrPtr* _t172;
				void* _t176;
				void* _t178;
				intOrPtr* _t179;

				_t166 = __edx;
				E00417F20(E0041A3F4, _t176);
				_t179 = _t178 - 0x1ac;
				 *((intOrPtr*)(_t176 - 0x28)) = __ecx;
				 *((intOrPtr*)(_t176 - 0x40)) = 0;
				 *((intOrPtr*)(_t176 - 0x3c)) = 0;
				 *((intOrPtr*)(_t176 - 0x38)) = 0;
				E00401CEB(_t176 - 0x40, 0xf);
				_t172 =  *((intOrPtr*)(_t176 + 0x10));
				 *((intOrPtr*)(_t176 - 4)) = 0;
				if( *_t172 != 0) {
					_push(E0040A50E(_t176 - 0x58,  *((intOrPtr*)(_t172 + 8)),  *((intOrPtr*)(_t172 + 0xc))));
					_push(0x259);
					_push(_t176 - 0x18);
					 *((char*)(_t176 - 4)) = 1;
					_t136 = E0040A5AD(_t172);
					 *((char*)(_t176 - 4)) = 2;
					_t138 = E00402E39(E00401975(_t176 - 0x40, _t136),  *((intOrPtr*)(_t176 - 0x18)));
					 *((char*)(_t176 - 4)) = 0;
					E00402E39(_t138,  *((intOrPtr*)(_t176 - 0x58)));
				}
				 *((intOrPtr*)(_t176 - 0x34)) = 0;
				 *((intOrPtr*)(_t176 - 0x30)) = 0;
				 *((intOrPtr*)(_t176 - 0x2c)) = 0;
				E00401CEB(_t176 - 0x34, 0xf);
				 *((char*)(_t176 - 4)) = 3;
				_t183 =  *((intOrPtr*)(_t172 + 0x20));
				 *((intOrPtr*)(_t176 + 0x10)) = 0;
				_t168 = " ";
				if( *((intOrPtr*)(_t172 + 0x20)) > 0) {
					do {
						_push(0x58);
						_push( *((intOrPtr*)(_t176 + 0x10)));
						_push(_t176 - 0x18);
						_t128 = E00401D44(_t172 + 0x1c);
						 *((char*)(_t176 - 4)) = 4;
						_t129 = E00403911(_t176 - 0x34, _t166, _t183, _t128);
						 *((char*)(_t176 - 4)) = 3;
						E00402E39(_t129,  *((intOrPtr*)(_t176 - 0x18)));
						E00405C3A(_t176 - 0x34, _t166, " ");
						 *((intOrPtr*)(_t176 + 0x10)) =  *((intOrPtr*)(_t176 + 0x10)) + 0x58;
						_t184 =  *((intOrPtr*)(_t176 + 0x10)) -  *((intOrPtr*)(_t172 + 0x20));
					} while ( *((intOrPtr*)(_t176 + 0x10)) <  *((intOrPtr*)(_t172 + 0x20)));
				}
				E00401A6F(_t176 - 0x24, _t176 - 0x34);
				 *((char*)(_t176 - 4)) = 5;
				E00405C3A(_t176 - 0x24, _t166, 0x420758);
				E00403911(_t176 - 0x24, _t166, _t184, _t176 - 0x40);
				_t149 = _t176 - 0x24;
				E00405C3A(_t176 - 0x24, _t166, 0x420758);
				if( *((intOrPtr*)(_t172 + 0x10)) != 0) {
					 *((intOrPtr*)(_t176 - 0x18)) = 0;
					 *((intOrPtr*)(_t176 - 0x14)) = 0;
					 *((intOrPtr*)(_t176 - 0x10)) = 0;
					E00401CEB(_t176 - 0x18, 0xf);
					 *((char*)(_t176 - 4)) = 6;
					_t112 = FileTimeToLocalFileTime(_t172 + 0x14, _t176 - 0x54);
					_t186 = _t112;
					if(_t112 == 0) {
						_push(0x41c1c0);
						_push(_t176 + 0x10);
						 *((intOrPtr*)(_t176 + 0x10)) = 0x3ff0c2;
						L00417F68();
					}
					_push(1);
					_push(1);
					_push(_t176 - 0x54);
					_push(_t176 - 0x4c);
					_t115 = E00404F66(_t186);
					 *((char*)(_t176 - 4)) = 7;
					_t116 = E00401975(_t176 - 0x18, _t115);
					 *((char*)(_t176 - 4)) = 6;
					E00402E39(_t116,  *((intOrPtr*)(_t176 - 0x4c)));
					 *_t179 = 0x258;
					_push(_t176 - 0x4c);
					_t119 = E004050AA(_t172);
					 *((char*)(_t176 - 4)) = 8;
					_t120 = E00403911(_t176 - 0x24, _t166, _t186, _t119);
					 *((char*)(_t176 - 4)) = 6;
					E00402E39(_t120,  *((intOrPtr*)(_t176 - 0x4c)));
					E00405C3A(_t176 - 0x24, _t166, _t168);
					_t124 = E00403911(_t176 - 0x24, _t166, _t186, _t176 - 0x18);
					 *((char*)(_t176 - 4)) = 5;
					E00402E39(_t124,  *((intOrPtr*)(_t176 - 0x18)));
					_pop(_t149);
				}
				_t97 = GetDlgItem( *( *((intOrPtr*)(_t176 - 0x28)) + 4),  *(_t176 + 8));
				_push( *((intOrPtr*)(_t176 - 0x24)));
				_push(_t97);
				E004056A2(GetDlgItem);
				_t102 = SHGetFileInfoA( *(E00405556(_t149, _t176 - 0x4c, _t172 + 0x1c)), 0x80, _t176 - 0x1b8, 0x160, 0x110);
				_t103 = E00402E39(_t102,  *((intOrPtr*)(_t176 - 0x4c)));
				if(_t102 != 0) {
					_t103 = SendMessageA(GetDlgItem( *( *((intOrPtr*)(_t176 - 0x28)) + 4),  *(_t176 + 0xc)), 0x170,  *(_t176 - 0x1b8), 0);
				}
				_t106 = E00402E39(E00402E39(E00402E39(_t103,  *((intOrPtr*)(_t176 - 0x24))),  *((intOrPtr*)(_t176 - 0x34))),  *((intOrPtr*)(_t176 - 0x40)));
				 *[fs:0x0] =  *((intOrPtr*)(_t176 - 0xc));
				return _t106;
			}

0x004177dc
0x004177e1
0x004177e6
0x004177ee
0x004177f9
0x004177fc
0x004177ff
0x00417802
0x00417807
0x0041780a
0x0041780f
0x00417820
0x00417824
0x00417829
0x0041782a
0x0041782e
0x00417837
0x00417843
0x0041784b
0x0041784e
0x00417854
0x0041785a
0x0041785d
0x00417860
0x00417863
0x0041786b
0x0041786f
0x00417871
0x00417874
0x00417879
0x0041787b
0x0041787b
0x00417880
0x00417886
0x00417887
0x00417890
0x00417894
0x0041789c
0x004178a0
0x004178aa
0x004178af
0x004178b6
0x004178b6
0x0041787b
0x004178c2
0x004178cf
0x004178d3
0x004178df
0x004178e9
0x004178ec
0x004178f4
0x004178ff
0x00417902
0x00417905
0x00417908
0x00417910
0x00417919
0x0041791f
0x00417921
0x00417926
0x0041792b
0x0041792c
0x00417933
0x00417933
0x00417938
0x0041793d
0x0041793f
0x00417943
0x00417944
0x0041794d
0x00417951
0x00417959
0x0041795d
0x00417965
0x0041796c
0x0041796d
0x00417976
0x0041797a
0x00417982
0x00417986
0x00417990
0x0041799c
0x004179a4
0x004179a8
0x004179ad
0x004179ad
0x004179bd
0x004179bf
0x004179c2
0x004179c3
0x004179ee
0x004179f9
0x00417a01
0x00417a1b
0x00417a1b
0x00417a34
0x00417a3f
0x00417a4a

APIs

__EH_prolog.LIBCMT ref: 004177E1
FileTimeToLocalFileTime.KERNEL32(?,?,0000000F,00420758,?,00420758,?,0000000F,0000000F), ref: 00417919
_CxxThrowException.MSVCRT(?,0041C1C0), ref: 00417933

Part of subcall function 0040A5AD: __EH_prolog.LIBCMT ref: 0040A5B2

Part of subcall function 00402E39: free.MSVCRT(00000000,00401D31,?,?,?,00000000,0040105A,0000000F,?,?,00000000), ref: 00402E3D

GetDlgItem.USER32 ref: 004179BD

Part of subcall function 004056A2: __EH_prolog.LIBCMT ref: 004056A7
Part of subcall function 004056A2: SetWindowTextW.USER32(?,?), ref: 004056C0

SHGetFileInfoA.SHELL32(?,00000080,?,00000160,00000110,?,?,00000000,?), ref: 004179EE
GetDlgItem.USER32 ref: 00417A0C
SendMessageA.USER32 ref: 00417A1B

Strings

X, xrefs: 004178AF

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: FileH_prolog$ItemTime$ExceptionInfoLocalMessageSendTextThrowWindowfree
String ID: X
API String ID: 2007685388-3081909835
Opcode ID: b74ea10bd089b5b1187479a99cd95937b328a18b45a6a18444cf4101a184da15
Instruction ID: 905d5ba9afd08faa92380ad3e86545e057f49e597500baf4cd08761a9db755b8
Opcode Fuzzy Hash: b74ea10bd089b5b1187479a99cd95937b328a18b45a6a18444cf4101a184da15
Instruction Fuzzy Hash: E1713E71804248AEDF11EFE5CD8AADEBBB8AF08304F10446EF505B3192DB799A44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 004053AF Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E004053AF(void* __ecx) {
				_Unknown_base(*)()* _t16;
				void* _t22;
				void* _t29;
				intOrPtr _t31;
				void* _t32;

				E00417F20(E00418908, _t32);
				_t23 = 0;
				__imp__CoInitialize(0, _t29, _t22, __ecx);
				 *((intOrPtr*)(_t32 - 4)) = 0;
				_t16 = GetProcAddress(GetModuleHandleW(L"shell32.dll"), "SHBrowseForFolderW");
				if(_t16 != 0) {
					_t31 =  *_t16( *((intOrPtr*)(_t32 + 8)));
					if(_t31 != 0) {
						 *((intOrPtr*)(_t32 - 0x10)) = 0;
						 *((char*)(_t32 - 4)) = 1;
						E00405179(_t32 - 0x10);
						 *((intOrPtr*)(_t32 - 0x10)) = _t31;
						 *((char*)(_t32 + 0xb)) = E0040534C(_t31,  *((intOrPtr*)(_t32 + 0xc)));
						 *((char*)(_t32 - 4)) = 0;
						E00405179(_t32 - 0x10);
						_t23 =  *((intOrPtr*)(_t32 + 0xb));
					}
				}
				__imp__CoUninitialize();
				 *[fs:0x0] =  *((intOrPtr*)(_t32 - 0xc));
				return _t23;
			}

0x004053b4
0x004053bb
0x004053bf
0x004053cf
0x004053d9
0x004053e1
0x004053e8
0x004053ec
0x004053ee
0x004053f4
0x004053f8
0x00405400
0x0040540c
0x0040540f
0x00405412
0x00405417
0x00405417
0x004053ec
0x0040541a
0x00405427
0x0040542f

APIs

__EH_prolog.LIBCMT ref: 004053B4
CoInitialize.OLE32(00000000), ref: 004053BF
GetModuleHandleW.KERNEL32(shell32.dll,SHBrowseForFolderW,?,004055EC,?,?,00000000), ref: 004053D2
GetProcAddress.KERNEL32(00000000), ref: 004053D9
CoUninitialize.OLE32(?,004055EC,?,?,00000000), ref: 0040541A

Part of subcall function 00405179: __EH_prolog.LIBCMT ref: 0040517E
Part of subcall function 00405179: SHGetMalloc.SHELL32(00000000), ref: 00405199
Part of subcall function 00405179: _CxxThrowException.MSVCRT(?,0041C1C0), ref: 004051B3

Part of subcall function 0040534C: GetModuleHandleW.KERNEL32(shell32.dll,SHGetPathFromIDListW,00000000,00000000,00405409,00000000,?,?,004055EC,?,?,00000000), ref: 00405366
Part of subcall function 0040534C: GetProcAddress.KERNEL32(00000000), ref: 0040536D

Strings

SHBrowseForFolderW, xrefs: 004053C5
shell32.dll, xrefs: 004053CA

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: AddressH_prologHandleModuleProc$ExceptionInitializeMallocThrowUninitialize
String ID: SHBrowseForFolderW$shell32.dll
API String ID: 2985189276-3510330605
Opcode ID: 3d804a76c718f74e08b268920206f50d3eb6e1f731b8aa91dabc265492c9c29c
Instruction ID: 98a927a5966ab4b7e3250c97cb2ead09cb88e18da5798486d097da5b3302d5b0
Opcode Fuzzy Hash: 3d804a76c718f74e08b268920206f50d3eb6e1f731b8aa91dabc265492c9c29c
Instruction Fuzzy Hash: A2017171901168EFCB01AFE59C48ADFBF74EF14340B00847BF41267252CB784A44CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040BFD2 Relevance: 10.1, APIs: 8, Instructions: 143
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E0040BFD2(signed int _a4, intOrPtr _a8, signed int* _a12) {
				void* _t28;
				signed int _t30;
				intOrPtr* _t36;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;
				void* _t41;
				void* _t42;
				signed int _t43;
				void* _t45;
				signed int _t46;
				signed int _t53;
				intOrPtr _t57;
				signed int _t58;

				_t57 = _a8;
				_t41 = 0x10;
				_push(_t41);
				_push(0x41b2b0);
				_push(_t57);
				L00417F46();
				if(_t28 == 0) {
					_t39 = _a4;
					 *_a12 = _t39;
					L2:
					 *((intOrPtr*)( *_t39 + 4))(_t39);
					L23:
					return 0;
				}
				_push(_t41);
				_push(0x41b280);
				_push(_t57);
				L00417F46();
				if(_t28 == 0) {
					_t39 = _a4;
					_t46 = _t39;
					_t53 = _t39 + 4;
					L13:
					asm("sbb ecx, ecx");
					 *_a12 =  ~_t46 & _t53;
					goto L2;
				}
				_push(_t41);
				_push(0x41b310);
				_push(_t57);
				L00417F46();
				if(_t28 == 0) {
					_t39 = _a4;
					_t46 = _t39;
					_t53 = _t39 + 8;
					goto L13;
				}
				_push(_t41);
				_push(0x41b270);
				_push(_t57);
				L00417F46();
				if(_t28 == 0) {
					_t39 = _a4;
					_t46 = _t39;
					_t53 = _t39 + 0xc;
					goto L13;
				}
				_push(_t41);
				_push(0x41b300);
				_push(_t57);
				L00417F46();
				if(_t28 == 0) {
					_t39 = _a4;
					_t46 = _t39;
					_t53 = _t39 + 0x10;
					goto L13;
				}
				_push(_t41);
				_push(0x41b2c0);
				_push(_t57);
				L00417F46();
				if(_t28 == 0) {
					_t39 = _a4;
					_t46 = _t39;
					_t53 = _t39 + 0x14;
					goto L13;
				}
				_push(_t41);
				_push(0x41b250);
				_push(_t57);
				L00417F46();
				if(_t28 != 0) {
					_push(_t41);
					_push(0x41b2a0);
					_push(_t57);
					L00417F46();
					if(_t28 != 0) {
						return 0x80004002;
					}
					_t58 = _a4;
					_t42 = _t58 + 0x54;
					if( *((intOrPtr*)(_t58 + 0x54)) != _t28) {
						L21:
						_t30 = _t58;
						_t43 = _t58 + 0x1c;
						goto L22;
					}
					_t36 =  *((intOrPtr*)(_t58 + 0x58));
					_t37 =  *((intOrPtr*)( *_t36))(_t36, 0x41b2a0, _t42);
					if(_t37 == 0) {
						goto L21;
					}
				} else {
					_t58 = _a4;
					_t45 = _t58 + 0x50;
					if( *((intOrPtr*)(_t58 + 0x50)) != _t28) {
						L17:
						_t30 = _t58;
						_t43 = _t58 + 0x18;
						L22:
						asm("sbb eax, eax");
						 *_a12 =  ~_t30 & _t43;
						 *((intOrPtr*)( *_t58 + 4))(_t58);
						goto L23;
					}
					_t38 =  *((intOrPtr*)(_t58 + 0x58));
					_t37 =  *((intOrPtr*)( *_t38))(_t38, 0x41b250, _t45);
					if(_t37 == 0) {
						goto L17;
					}
				}
				return _t37;
			}

0x0040bfd7
0x0040bfdd
0x0040bfde
0x0040bfdf
0x0040bfe4
0x0040bfe5
0x0040bfef
0x0040bff4
0x0040bff7
0x0040bff9
0x0040bffc
0x0040c11a
0x00000000
0x0040c11a
0x0040c004
0x0040c005
0x0040c00a
0x0040c00b
0x0040c015
0x0040c017
0x0040c01a
0x0040c01c
0x0040c093
0x0040c095
0x0040c09c
0x00000000
0x0040c09c
0x0040c021
0x0040c022
0x0040c027
0x0040c028
0x0040c032
0x0040c034
0x0040c037
0x0040c039
0x00000000
0x0040c039
0x0040c03e
0x0040c03f
0x0040c044
0x0040c045
0x0040c04f
0x0040c051
0x0040c054
0x0040c056
0x00000000
0x0040c056
0x0040c05b
0x0040c05c
0x0040c061
0x0040c062
0x0040c06c
0x0040c06e
0x0040c071
0x0040c073
0x00000000
0x0040c073
0x0040c078
0x0040c079
0x0040c07e
0x0040c07f
0x0040c089
0x0040c08b
0x0040c08e
0x0040c090
0x00000000
0x0040c090
0x0040c0a8
0x0040c0a9
0x0040c0aa
0x0040c0ab
0x0040c0b5
0x0040c0dc
0x0040c0dd
0x0040c0de
0x0040c0df
0x0040c0e9
0x00000000
0x0040c11e
0x0040c0eb
0x0040c0f1
0x0040c0f4
0x0040c104
0x0040c104
0x0040c106
0x00000000
0x0040c106
0x0040c0f6
0x0040c0fe
0x0040c102
0x00000000
0x00000000
0x0040c0b7
0x0040c0b7
0x0040c0bd
0x0040c0c0
0x0040c0d0
0x0040c0d0
0x0040c0d2
0x0040c109
0x0040c10b
0x0040c113
0x0040c117
0x00000000
0x0040c117
0x0040c0c2
0x0040c0ca
0x0040c0ce
0x00000000
0x00000000
0x0040c0ce
0x0040c127

APIs

memcmp.MSVCRT ref: 0040BFE5
memcmp.MSVCRT ref: 0040C00B
memcmp.MSVCRT ref: 0040C028
memcmp.MSVCRT ref: 0040C045
memcmp.MSVCRT ref: 0040C0AB
memcmp.MSVCRT ref: 0040C0DF

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: bb61b8c2319a51d003d65b7d81390e2ff133de351c227bdc9e0c1e41927026e1
Instruction ID: 4044caa4a1fdfc364de07a5bbb350c46c67b03cbfc84deaee5793e0681caf3f7
Opcode Fuzzy Hash: bb61b8c2319a51d003d65b7d81390e2ff133de351c227bdc9e0c1e41927026e1
Instruction Fuzzy Hash: D8416D72600204EBDB14CF65DC85EAB73A8EF55348710427AFC06EB291E778EE45CA99

Uniqueness

Uniqueness Score: -1.00%

Function 0040534C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 34
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0040534C(char _a4, signed short** _a8) {
				void* _t11;
				signed int _t16;
				intOrPtr* _t21;
				signed short** _t22;

				_t22 = _a8;
				_t22[1] = _t22[1] & 0x00000000;
				 *( *_t22) =  *( *_t22) & 0x00000000;
				_t21 = GetProcAddress(GetModuleHandleW(L"shell32.dll"), "SHGetPathFromIDListW");
				if(_t21 != 0) {
					if(_t22[2] <= 0x208) {
						E00401CEB(_t22, 0x209);
					}
					_t5 =  &_a4; // 0x4055ec
					_t11 =  *_t21( *_t5,  *_t22, _t16);
					E00405608(_t22);
					return _t16 & 0xffffff00 | _t11 != 0x00000000;
				}
				return 0;
			}

0x0040534d
0x00405359
0x00405362
0x00405373
0x00405377
0x00405384
0x0040538d
0x0040538d
0x00405395
0x00405399
0x004053a2
0x00000000
0x004053a9
0x00000000

APIs

GetModuleHandleW.KERNEL32(shell32.dll,SHGetPathFromIDListW,00000000,00000000,00405409,00000000,?,?,004055EC,?,?,00000000), ref: 00405366
GetProcAddress.KERNEL32(00000000), ref: 0040536D

Strings

SHGetPathFromIDListW, xrefs: 00405352
U@, xrefs: 00405395
shell32.dll, xrefs: 0040535D

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: SHGetPathFromIDListW$shell32.dll$U@
API String ID: 1646373207-59463955
Opcode ID: bc719429142dd84a32a90aa884a7e9d910b9a9ee1aa53c0612c6c83a647f90d5
Instruction ID: 66c9dc92d9df230603e96f55437593b5ad16dbb607d07a99857295846f7b6618
Opcode Fuzzy Hash: bc719429142dd84a32a90aa884a7e9d910b9a9ee1aa53c0612c6c83a647f90d5
Instruction Fuzzy Hash: 9EF02432200710EBD6115B50DC49A1B77E4EF84710B21882BF4A4631D1C7788C048B28

Uniqueness

Uniqueness Score: -1.00%

Function 00417704 Relevance: 7.6, APIs: 5, Instructions: 73
windowCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E00417704(void* __ecx, void* __edx) {
				void* __esi;
				struct HWND__* _t33;
				int _t40;
				intOrPtr _t42;
				void* _t57;
				signed int _t60;
				void* _t63;
				void* _t65;

				_t57 = __edx;
				E00417F20(E0041A3A0, _t65);
				_t63 = __ecx;
				_t33 = GetDlgItem( *(__ecx + 4), 0x3e8);
				 *(_t63 + 8) = _t33;
				SendMessageA(_t33, 0x2005, 1, 0);
				 *(_t65 - 0x34) = 0;
				 *(_t65 - 0x24) = 0;
				 *(_t65 - 0x38) = 0xf;
				 *((intOrPtr*)(_t65 - 0x2c)) = 0x420750;
				 *((intOrPtr*)(_t65 - 0x30)) = 0x1e;
				SendMessageA( *(_t63 + 8), 0x1061, 0, _t65 - 0x38);
				 *(_t65 - 0x34) =  *(_t65 - 0x34) & 0x00000000;
				_push(0x1f7);
				_push(_t65 - 0x18);
				 *(_t65 - 0x38) = 0xf;
				E004050AA(_t63);
				 *((intOrPtr*)(_t65 - 0x2c)) =  *((intOrPtr*)(_t65 - 0x18));
				 *(_t65 - 4) =  *(_t65 - 4) & 0x00000000;
				_t40 = 1;
				 *(_t65 - 0x24) = _t40;
				 *((intOrPtr*)(_t65 - 0x30)) = 0x1c2;
				SendMessageA( *(_t63 + 8), 0x1061, _t40, _t65 - 0x38);
				_t42 =  *((intOrPtr*)(_t63 + 0xc));
				_t60 = 0;
				if( *((intOrPtr*)(_t42 + 8)) > 0) {
					do {
						_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t42 + 0xc)) + _t60 * 4)))));
						E00417661(_t63, _t57);
						_t42 =  *((intOrPtr*)(_t63 + 0xc));
						_t60 = _t60 + 1;
					} while (_t60 <  *((intOrPtr*)(_t42 + 8)));
				}
				E00402E39(_t42,  *((intOrPtr*)(_t65 - 0x18)));
				 *[fs:0x0] =  *((intOrPtr*)(_t65 - 0xc));
				return 1;
			}

0x00417704
0x00417709
0x00417714
0x0041771e
0x00417735
0x00417738
0x0041773d
0x00417741
0x0041774b
0x00417755
0x0041775c
0x00417763
0x00417765
0x0041776c
0x00417771
0x00417772
0x00417779
0x00417783
0x00417786
0x0041778a
0x00417791
0x00417797
0x0041779e
0x004177a0
0x004177a3
0x004177a8
0x004177aa
0x004177b2
0x004177b4
0x004177b9
0x004177bc
0x004177bd
0x004177aa
0x004177c5
0x004177d3
0x004177db

APIs

__EH_prolog.LIBCMT ref: 00417709
GetDlgItem.USER32 ref: 0041771E
SendMessageA.USER32 ref: 00417738
SendMessageA.USER32 ref: 00417763

Part of subcall function 004050AA: __EH_prolog.LIBCMT ref: 004050AF
Part of subcall function 004050AA: LoadStringW.USER32(00000000,?,00000000,0000000F), ref: 00405106

SendMessageA.USER32 ref: 0041779E

Part of subcall function 00417661: __EH_prolog.LIBCMT ref: 00417666

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prologMessageSend$ItemLoadString
String ID:
API String ID: 3661106435-0
Opcode ID: f91384ad6875bd2cf484dd767c8747f88f3ba0f3f6e36e9b60fc87f8b8679e65
Instruction ID: 5da51e7ab514d7d3f9639e67ef9557cc271cb0a4008349c84929f5341396e584
Opcode Fuzzy Hash: f91384ad6875bd2cf484dd767c8747f88f3ba0f3f6e36e9b60fc87f8b8679e65
Instruction Fuzzy Hash: 25212C71900208AFEB10DF99D8C5AEEBBF9FF48314F11802AF455A7291D7B5A880CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00402E45 Relevance: 7.6, APIs: 5, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00402E45(void* __ecx, short _a4) {
				char _v12;
				short _t13;
				short _t28;
				int _t30;
				void* _t31;

				if(_a4 != 0) {
					_t28 = CharUpperW(_a4 & 0x0000ffff);
					if(_t28 != 0 || GetLastError() != 0x78) {
						_t13 = _t28;
					} else {
						_t30 = WideCharToMultiByte(0, 0,  &_a4, 1,  &_v12, 4, 0, 0);
						if(_t30 != 0 && _t30 <= 4) {
							 *((char*)(_t31 + _t30 - 8)) = 0;
							CharUpperA( &_v12);
							MultiByteToWideChar(0, 0,  &_v12, _t30,  &_a4, 1);
						}
						_t13 = _a4;
					}
				} else {
					_t13 = 0;
				}
				return _t13;
			}

0x00402e52
0x00402e64
0x00402e68
0x00402ebd
0x00402e75
0x00402e8b
0x00402e8f
0x00402e99
0x00402e9e
0x00402eb1
0x00402eb1
0x00402eb7
0x00402eb7
0x00402e54
0x00402e54
0x00402e54
0x00402ec3

APIs

CharUpperW.USER32(0041B320,?,0041B324,?,?,?,00402F1A,00000000,00000000,?,00000000,?,00403560,?,?,00000000), ref: 00402E5E
GetLastError.KERNEL32(?,0041B324,?,?,?,00402F1A,00000000,00000000,?,00000000,?,00403560,?,?,00000000), ref: 00402E6A
WideCharToMultiByte.KERNEL32(00000000,00000000,0041B320,00000001,0041B320,00000004,00000000,00000000,?,0041B324,?,?,?,00402F1A,00000000,00000000), ref: 00402E85
CharUpperA.USER32(0041B320,?,0041B324,?,?,?,00402F1A,00000000,00000000,?,00000000,?,00403560,?,?,00000000), ref: 00402E9E
MultiByteToWideChar.KERNEL32(00000000,00000000,0041B320,00000000,0041B320,00000001,?,0041B324,?,?,?,00402F1A,00000000,00000000,?,00000000), ref: 00402EB1

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: Char$ByteMultiUpperWide$ErrorLast
String ID:
API String ID: 3939315453-0
Opcode ID: 1a5c64606ee7cdf19a0a1b54b57cc83bbda9f5f86089648253bb710226a01fea
Instruction ID: a2ab8a5ee1dc55b5f1f8d95adab53c3e1fddf348f6b6cb86bf7ba88fa194c957
Opcode Fuzzy Hash: 1a5c64606ee7cdf19a0a1b54b57cc83bbda9f5f86089648253bb710226a01fea
Instruction Fuzzy Hash: FB0156BA440128BADB116BA0DDCCDEF7A6DD704355F014432FE06A6180D3B49E8087F8

Uniqueness

Uniqueness Score: -1.00%

Function 004145C5 Relevance: 6.3, APIs: 5, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004145C5(void* __ecx, intOrPtr _a4) {
				intOrPtr _t33;
				char _t39;
				void* _t43;
				intOrPtr _t47;
				intOrPtr _t50;
				intOrPtr _t51;
				char _t52;
				intOrPtr _t56;
				void* _t57;
				char _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				char _t62;
				void* _t64;

				_t33 = _a4;
				_t64 = __ecx;
				_t52 = 1;
				 *((char*)(__ecx + 0xbc5)) = _t52;
				 *((char*)(__ecx + 0xbc4)) = _t52;
				if(_t33 >= 2) {
					 *((intOrPtr*)(__ecx + 0x7c0)) = _t33;
					E004146FD(__ecx, _t57);
					 *(__ecx + 0x9c4) =  *(__ecx + 0x9c4) & 0x00000000;
					 *((char*)(__ecx + 0x9c5)) = 2;
					memset(__ecx + 0x9c6, 4, 9);
					memset(_t64 + 0x9cf, 6, 0xf5);
					_t39 = 0;
					do {
						 *((char*)(_t64 + _t39 + 0x8c4)) = _t39;
						_t39 = _t39 + 1;
					} while (_t39 < 3);
					_t58 = _t39;
					_t62 = _t52;
					while(_t39 < 0x100) {
						_t62 = _t62 - 1;
						 *((char*)(_t64 + _t39 + 0x8c4)) = _t58;
						if(_t62 == 0) {
							_t52 = _t52 + 1;
							_t58 = _t58 + 1;
							_t62 = _t52;
						}
						_t39 = _t39 + 1;
					}
					memset(_t64 + 0xac4, 0, 0x40);
					_t43 = memset(_t64 + 0xb04, 8, 0xc0);
					 *((char*)(_t64 + 0x79e)) = 7;
					return _t43;
				}
				memset(__ecx + 0x7c4, 0, 0x100);
				_t56 =  *((intOrPtr*)(_t64 + 0x7a4));
				 *((intOrPtr*)(_t64 + 0x7b4)) =  *((intOrPtr*)(_t64 + 0x7c0));
				 *((intOrPtr*)(_t64 + 0x7a0)) = _t56;
				_t47 =  *((intOrPtr*)(_t56 + 8));
				if(_t47 == 0) {
					L4:
					_t59 =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x7a0)) + 4));
					if(_t59 != 0) {
						_t50 =  *((intOrPtr*)(_t64 + 0x144)) + _t59;
					} else {
						_t50 = 0;
					}
					 *((intOrPtr*)(_t64 + 0x7a8)) = _t50;
					 *((intOrPtr*)(_t64 + 0x7a0)) = _t56;
					return _t50;
				}
				_t60 =  *((intOrPtr*)(_t64 + 0x144));
				do {
					_t51 = _t47 + _t60;
					 *((intOrPtr*)(_t64 + 0x7b4)) =  *((intOrPtr*)(_t64 + 0x7b4)) - 1;
					 *((intOrPtr*)(_t64 + 0x7a0)) = _t51;
					_t47 =  *((intOrPtr*)(_t51 + 8));
				} while (_t47 != 0);
				goto L4;
			}

0x004145c5
0x004145cd
0x004145cf
0x004145d3
0x004145d9
0x004145df
0x0041465d
0x00414663
0x00414668
0x0041467a
0x00414681
0x00414694
0x0041469c
0x0041469e
0x0041469e
0x004146a5
0x004146a6
0x004146ac
0x004146ae
0x004146b5
0x004146b9
0x004146ba
0x004146c1
0x004146c3
0x004146c4
0x004146c5
0x004146c5
0x004146c7
0x004146c7
0x004146d5
0x004146e8
0x004146f0
0x00000000
0x004146f7
0x004145ef
0x004145fa
0x00414600
0x00414606
0x0041460c
0x00414614
0x00414631
0x00414637
0x0041463c
0x00414648
0x0041463e
0x0041463e
0x0041463e
0x0041464a
0x00414650
0x00000000
0x00414650
0x00414616
0x0041461c
0x0041461c
0x0041461e
0x00414624
0x0041462a
0x0041462d
0x00000000

APIs

memset.MSVCRT ref: 004145EF
memset.MSVCRT ref: 00414681
memset.MSVCRT ref: 00414694
memset.MSVCRT ref: 004146D5
memset.MSVCRT ref: 004146E8

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 6fc30134c3b44bc4d7067b70b454d77df10f9c33f34a9221d4e72c63967ef64e
Instruction ID: fecaf442fad04b5ef3da6e50801d50bd7802a60f4e04b1bbd1c5fd94062a05f3
Opcode Fuzzy Hash: 6fc30134c3b44bc4d7067b70b454d77df10f9c33f34a9221d4e72c63967ef64e
Instruction Fuzzy Hash: 91317E71A05B409EE320CB388855FD7B7D8AB96708F58086EE6DEC7282D77CB4418B59

Uniqueness

Uniqueness Score: -1.00%

Function 0040B543 Relevance: 6.1, APIs: 4, Instructions: 149
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E0040B543(void* __ecx) {
				intOrPtr _t62;
				signed int _t67;
				intOrPtr* _t86;
				void* _t94;
				intOrPtr _t95;
				void* _t102;
				intOrPtr* _t103;
				intOrPtr* _t104;
				intOrPtr _t107;
				signed int _t110;
				signed int _t112;
				intOrPtr* _t114;
				void* _t115;

				E00417F20(E00419676, _t115);
				_push(__ecx);
				_push(__ecx);
				_t112 =  *(_t115 + 8);
				if( *((intOrPtr*)(_t115 + 0x14)) !=  *((intOrPtr*)(_t112 + 0x3c)) ||  *((intOrPtr*)(_t115 + 0x20)) !=  *((intOrPtr*)(_t112 + 0x50))) {
					_t62 = 0x80070057;
				} else {
					 *((intOrPtr*)( *_t112 + 0x10))(_t112,  *((intOrPtr*)(_t115 + 0xc)),  *((intOrPtr*)(_t115 + 0x18)));
					ResetEvent( *(_t112 + 0xb4));
					_push(0x1c);
					_t67 = E00402E12();
					 *(_t115 + 8) = _t67;
					 *(_t115 - 4) =  *(_t115 - 4) & 0x00000000;
					if(_t67 == 0) {
						_t110 = 0;
					} else {
						_t110 = E0040B6FA(_t67);
					}
					 *(_t115 - 4) =  *(_t115 - 4) | 0xffffffff;
					 *(_t115 + 8) = _t110;
					if(_t110 != 0) {
						 *((intOrPtr*)( *_t110 + 4))(_t110);
					}
					 *(_t115 - 4) = 1;
					E0040B6E3(_t110);
					E00405F8F( *((intOrPtr*)( *((intOrPtr*)(_t112 + 0x7c)) +  *(_t112 + 0xbc) * 4)) + 0xbc, _t110);
					SetEvent( *(_t112 + 0x9c));
					while(1) {
						 *(_t115 - 0x14) =  *(_t112 + 0xb4);
						 *((intOrPtr*)(_t115 - 0x10)) =  *((intOrPtr*)(_t110 + 0x14));
						if(WaitForMultipleObjects(2, _t115 - 0x14, 0, 0xffffffff) == 0) {
							break;
						}
						_t86 =  *((intOrPtr*)(_t115 + 0x24));
						if(_t86 == 0) {
							 *(_t110 + 0x10) =  *(_t110 + 0x10) & 0x00000000;
						} else {
							 *(_t110 + 0x10) =  *((intOrPtr*)( *_t86 + 0xc))(_t86,  *((intOrPtr*)(_t110 + 8)),  *((intOrPtr*)(_t110 + 0xc)));
						}
						SetEvent( *(_t110 + 0x18));
					}
					_t107 =  *((intOrPtr*)(_t112 + 0x78));
					_t94 = 0;
					if(_t107 <= 0) {
						L17:
						 *(_t115 + 8) =  *(_t115 + 8) & 0x00000000;
						if(_t107 <= 0) {
							L22:
							_t102 = 0;
							if(_t107 <= 0) {
								L33:
								 *(_t115 - 4) =  *(_t115 - 4) | 0xffffffff;
								if(_t110 != 0) {
									 *((intOrPtr*)( *_t110 + 8))(_t110);
								}
								_t62 = 0;
							} else {
								_t114 =  *((intOrPtr*)(_t112 + 0x7c));
								while(1) {
									_t95 =  *((intOrPtr*)( *_t114 + 0xc0));
									if(_t95 != 0) {
										goto L30;
									}
									_t102 = _t102 + 1;
									_t114 = _t114 + 4;
									if(_t102 < _t107) {
										continue;
									} else {
										goto L33;
									}
									goto L37;
								}
								goto L30;
							}
						} else {
							_t103 =  *((intOrPtr*)(_t112 + 0x7c));
							while(1) {
								_t95 =  *((intOrPtr*)( *_t103 + 0xc0));
								if(_t95 != 0 && _t95 != 0x80004005) {
									break;
								}
								 *(_t115 + 8) =  *(_t115 + 8) + 1;
								_t103 = _t103 + 4;
								if( *(_t115 + 8) < _t107) {
									continue;
								} else {
									goto L22;
								}
								goto L37;
							}
							L30:
							 *(_t115 - 4) =  *(_t115 - 4) | 0xffffffff;
							if(_t110 != 0) {
								 *((intOrPtr*)( *_t110 + 8))(_t110);
							}
							_t62 = _t95;
						}
					} else {
						_t104 =  *((intOrPtr*)(_t112 + 0x7c));
						while( *((intOrPtr*)( *_t104 + 0xc0)) != 1) {
							_t94 = _t94 + 1;
							_t104 = _t104 + 4;
							if(_t94 < _t107) {
								continue;
							} else {
								goto L17;
							}
							goto L37;
						}
						 *(_t115 - 4) =  *(_t115 - 4) | 0xffffffff;
						if(_t110 != 0) {
							 *((intOrPtr*)( *_t110 + 8))(_t110);
						}
						_t62 = 1;
					}
				}
				L37:
				 *[fs:0x0] =  *((intOrPtr*)(_t115 - 0xc));
				return _t62;
			}

0x0040b548
0x0040b54d
0x0040b54e
0x0040b551
0x0040b55b
0x0040b6cd
0x0040b56d
0x0040b576
0x0040b57f
0x0040b585
0x0040b587
0x0040b58d
0x0040b590
0x0040b596
0x0040b5a3
0x0040b598
0x0040b59f
0x0040b59f
0x0040b5a5
0x0040b5a9
0x0040b5ae
0x0040b5b3
0x0040b5b3
0x0040b5b8
0x0040b5bf
0x0040b5d7
0x0040b5e8
0x0040b5e8
0x0040b5f2
0x0040b5f8
0x0040b60b
0x00000000
0x00000000
0x0040b60d
0x0040b612
0x0040b625
0x0040b614
0x0040b620
0x0040b620
0x0040b5e8
0x0040b5e8
0x0040b62e
0x0040b631
0x0040b635
0x0040b64d
0x0040b64d
0x0040b653
0x0040b677
0x0040b677
0x0040b67b
0x0040b6bb
0x0040b6bb
0x0040b6c1
0x0040b6c6
0x0040b6c6
0x0040b6c9
0x0040b67d
0x0040b67d
0x0040b680
0x0040b682
0x0040b68a
0x00000000
0x00000000
0x0040b68c
0x0040b68d
0x0040b692
0x00000000
0x0040b694
0x00000000
0x0040b694
0x00000000
0x0040b692
0x00000000
0x0040b680
0x0040b655
0x0040b655
0x0040b658
0x0040b65a
0x0040b662
0x00000000
0x00000000
0x0040b66c
0x0040b66f
0x0040b675
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040b675
0x0040b6a9
0x0040b6a9
0x0040b6af
0x0040b6b4
0x0040b6b4
0x0040b6b7
0x0040b6b7
0x0040b637
0x0040b637
0x0040b63a
0x0040b645
0x0040b646
0x0040b64b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040b64b
0x0040b696
0x0040b69c
0x0040b6a1
0x0040b6a1
0x0040b6a6
0x0040b6a6
0x0040b635
0x0040b6d2
0x0040b6d8
0x0040b6e0

APIs

__EH_prolog.LIBCMT ref: 0040B548
ResetEvent.KERNEL32(?), ref: 0040B57F

Part of subcall function 00402E12: malloc.MSVCRT ref: 00402E18
Part of subcall function 00402E12: _CxxThrowException.MSVCRT(?,0041C440), ref: 00402E32

SetEvent.KERNEL32(?,00000000), ref: 0040B5E8
WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 0040B603

Part of subcall function 0040B6FA: __EH_prolog.LIBCMT ref: 0040B6FF

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: EventH_prolog$ExceptionMultipleObjectsResetThrowWaitmalloc
String ID:
API String ID: 66690756-0
Opcode ID: 4ea3d399db9a020accc855f5deaae6bffb05a223dc9b13d3bbed0f7db5722226
Instruction ID: 761f908cdedc6f51e968300131a7952bc96293bd69acb0e7689eb1cc74734cef
Opcode Fuzzy Hash: 4ea3d399db9a020accc855f5deaae6bffb05a223dc9b13d3bbed0f7db5722226
Instruction Fuzzy Hash: 71515031600601DFD714CF58C884AAAB7B1FF48314F20867EE926A72D1D77AED41CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00405787 Relevance: 6.1, APIs: 4, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00405787(struct HWND__** __ecx) {
				char _t26;
				void* _t29;
				char _t33;
				signed int _t36;
				int _t39;
				WCHAR* _t54;
				signed int _t56;
				int _t59;
				WCHAR* _t61;
				WCHAR** _t66;
				void* _t67;

				E00417F20(E0041899C, _t67);
				_t43 = __ecx;
				if( *0x4207ec == 0) {
					 *((intOrPtr*)(_t67 - 0x18)) = 0;
					 *((intOrPtr*)(_t67 - 0x14)) = 0;
					 *((intOrPtr*)(_t67 - 0x10)) = 0;
					E0040285C(_t67 - 0x18, 0xf);
					_t49 = __ecx;
					 *((intOrPtr*)(_t67 - 4)) = 0;
					_t26 = E0040571A(__ecx, _t67 - 0x18);
					_t29 = E004026EE(_t49, _t67 - 0x24, _t67 - 0x18);
					 *((char*)(_t67 - 4)) = 1;
					E00402E39(E00402E39(E00401975( *(_t67 + 8), _t29),  *((intOrPtr*)(_t67 - 0x24))),  *((intOrPtr*)(_t67 - 0x18)));
					_t33 = _t26;
				} else {
					_t66 =  *(_t67 + 8);
					_t66[1] = _t66[1] & 0x00000000;
					 *( *_t66) =  *( *_t66) & 0x00000000;
					_t59 = GetWindowTextLengthW( *__ecx);
					if(_t59 == 0) {
						L8:
						_t36 = GetLastError();
						asm("sbb eax, eax");
						_t33 =  ~_t36 + 1;
					} else {
						if(_t59 >= _t66[2]) {
							E00401CEB(_t66, _t59 + 1);
						}
						_t39 = GetWindowTextW( *_t43,  *_t66, _t59 + 1);
						_t54 =  *_t66;
						_t56 = 0;
						if( *_t54 != 0) {
							_t61 = _t54;
							do {
								_t56 = _t56 + 1;
								_t61 =  &(_t61[1]);
							} while ( *_t61 != 0);
						}
						_t54[_t56] = 0;
						_t66[1] = _t56;
						if(_t39 != 0) {
							_t33 = 1;
						} else {
							goto L8;
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t67 - 0xc));
				return _t33;
			}

0x0040578c
0x0040579e
0x004057a0
0x00405812
0x00405815
0x00405818
0x0040581b
0x00405823
0x00405826
0x00405829
0x00405838
0x00405841
0x00405855
0x0040585b
0x004057a2
0x004057a2
0x004057a7
0x004057ab
0x004057b7
0x004057bb
0x004057fa
0x004057fa
0x00405802
0x00405804
0x004057bd
0x004057c0
0x004057c8
0x004057c8
0x004057d4
0x004057da
0x004057de
0x004057e3
0x004057e5
0x004057e7
0x004057e7
0x004057e9
0x004057ea
0x004057e7
0x004057ef
0x004057f5
0x004057f8
0x00405807
0x00000000
0x00000000
0x00000000
0x004057f8
0x004057bb
0x00405864
0x0040586c

APIs

__EH_prolog.LIBCMT ref: 0040578C
GetWindowTextLengthW.USER32 ref: 004057B1
GetWindowTextW.USER32 ref: 004057D4
GetLastError.KERNEL32(?,00000000,?,?), ref: 004057FA

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: TextWindow$ErrorH_prologLastLength
String ID:
API String ID: 3205914706-0
Opcode ID: 45593ae1a623846b3b66b6e3f8c905ea0d1320ce68fa769687d773e813968734
Instruction ID: d08f47cd52d5c4956c18650cb4e3581d5dbee762459b777e0bd963db7624c279
Opcode Fuzzy Hash: 45593ae1a623846b3b66b6e3f8c905ea0d1320ce68fa769687d773e813968734
Instruction Fuzzy Hash: 0031C376900615EBCB20EFA5C845AAFBBB9EF49304F10803FE546E3291DB745941DFA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040B4CA Relevance: 6.0, APIs: 4, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040B4CA() {
				intOrPtr _v4;
				void* _v8;
				void* _t30;
				signed int _t31;
				void* _t32;

				_t32 = _t30;
				_t31 = 0;
				_v8 =  *((intOrPtr*)(_t32 + 0xb8));
				_v4 =  *((intOrPtr*)(_t32 + 0x9c));
				if(WaitForMultipleObjects(2,  &_v8, 0, 0xffffffff) != 0) {
					if( *((intOrPtr*)(_t32 + 0x78)) <= 0) {
						L4:
						WaitForMultipleObjects( *(_t32 + 0xa8),  *(_t32 + 0xac), 1, 0xffffffff);
						SetEvent( *(_t32 + 0xb4));
						return 1;
					} else {
						goto L3;
					}
					do {
						L3:
						SetEvent( *( *( *((intOrPtr*)( *((intOrPtr*)(_t32 + 0x7c)) + _t31 * 4)) + 0x60)));
						_t31 = _t31 + 1;
					} while (_t31 <  *((intOrPtr*)(_t32 + 0x78)));
					goto L4;
				}
				return 0;
			}

0x0040b4ce
0x0040b4d7
0x0040b4e1
0x0040b4eb
0x0040b4fb
0x0040b50b
0x0040b520
0x0040b530
0x0040b538
0x00000000
0x00000000
0x00000000
0x00000000
0x0040b50d
0x0040b50d
0x0040b518
0x0040b51a
0x0040b51b
0x00000000
0x0040b50d
0x00000000

APIs

WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,?,?,?,?,0040AE0D), ref: 0040B4F7
SetEvent.KERNEL32(?,?,?,?,?,?,?,0040AE0D), ref: 0040B518
WaitForMultipleObjects.KERNEL32(?,?,00000001,000000FF,?,?,?,?,?,?,0040AE0D), ref: 0040B530
SetEvent.KERNEL32(?,?,?,?,?,?,?,0040AE0D), ref: 0040B538

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: EventMultipleObjectsWait
String ID:
API String ID: 1465615540-0
Opcode ID: dc38a1d30732c6496f1af98c77ec115bbda4f3b9d09737a556a2e2d1942d376d
Instruction ID: 78ae3e05f19f679f7658cc464a61c79fcdbc7afb43e608b57adc452981a35845
Opcode Fuzzy Hash: dc38a1d30732c6496f1af98c77ec115bbda4f3b9d09737a556a2e2d1942d376d
Instruction Fuzzy Hash: D6014C31204704AFD720CF29DC81EA7B7E9EB49324F11066EF6A5932A0D731A8409B69

Uniqueness

Uniqueness Score: -1.00%

Function 0040571A Relevance: 6.0, APIs: 4, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040571A(struct HWND__** __ecx, CHAR** _a4) {
				int _t9;
				signed int _t12;
				signed int _t17;
				struct HWND__** _t20;
				int _t24;
				CHAR** _t27;

				_t27 = _a4;
				_t20 = __ecx;
				_t27[1] = _t27[1] & 0x00000000;
				 *( *_t27) =  *( *_t27) & 0x00000000;
				_t24 = GetWindowTextLengthA( *__ecx);
				if(_t24 != 0) {
					if(_t24 >= _t27[2]) {
						E0040285C(_t27, _t24 + 1);
					}
					_t9 = GetWindowTextA( *_t20,  *_t27, _t24 + 1);
					E00404618(_t27);
					if(_t9 != 0) {
						return 1;
					} else {
						_t12 = GetLastError();
						asm("sbb eax, eax");
						return  ~( ~_t12);
					}
				}
				_t17 = GetLastError();
				asm("sbb eax, eax");
				return  ~_t17 + 1;
			}

0x0040571c
0x00405720
0x00405725
0x00405729
0x00405734
0x00405738
0x0040574a
0x00405752
0x00405752
0x0040575e
0x00405768
0x0040576f
0x00000000
0x00405771
0x00405771
0x00405779
0x00000000
0x0040577b
0x0040576f
0x0040573a
0x00405742
0x00000000

APIs

GetWindowTextLengthA.USER32 ref: 0040572E
GetLastError.KERNEL32(?,00000000,00000000,?,0040582E,?,0000000F,00000000,?,?), ref: 0040573A
GetWindowTextA.USER32 ref: 0040575E
GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000,?,0040582E,?,0000000F,00000000,?,?), ref: 00405771

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: ErrorLastTextWindow$Length
String ID:
API String ID: 3440162706-0
Opcode ID: 1fd6583d3ab8f8956c2cee4dd524ff613312b53716c89816097bd795fc8f0290
Instruction ID: 10b8deae00a72a38c0fec71d2df790bef38ab5045406e4323f0d35794ce2b368
Opcode Fuzzy Hash: 1fd6583d3ab8f8956c2cee4dd524ff613312b53716c89816097bd795fc8f0290
Instruction Fuzzy Hash: 32014436250512AFCB216B24C948A2B7BE9DBD5752F21843AE852D3290CB74A8019FA9

Uniqueness

Uniqueness Score: -1.00%

Function 00406541 Relevance: 6.0, APIs: 4, Instructions: 44
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00406541(void*** __ecx, void* _a4, int _a8, int* _a12) {
				int* _t15;
				int _t19;
				int _t27;
				void*** _t28;

				_t27 = _a8;
				_t28 = __ecx;
				if(_t27 <= 0) {
					L8:
					_t15 = _a12;
					if(_t15 != 0) {
						 *_t15 = _t27;
					}
					_t28[6] = _t28[6] + _t27;
					asm("adc dword [esi+0x1c], 0x0");
					return 0;
				}
				if(WaitForSingleObject( *( *(__ecx + 4)), 0xffffffff) != 0) {
					return 0x80004005;
				}
				_t19 = _t28[3];
				if(_t19 < _t27) {
					_t27 = _t19;
				}
				if(_t28[3] > 0) {
					memmove(_a4, _t28[4], _t27);
					_t28[4] = _t28[4] + _t27;
					_t9 =  &(_t28[3]);
					 *_t9 = _t28[3] - _t27;
					if( *_t9 == 0) {
						ResetEvent( *(_t28[1]));
						SetEvent( *( *_t28));
					}
				}
				goto L8;
			}

0x00406543
0x00406547
0x0040654b
0x004065a2
0x004065a2
0x004065a8
0x004065aa
0x004065aa
0x004065ac
0x004065af
0x00000000
0x004065b3
0x0040655c
0x00000000
0x0040655e
0x00406565
0x0040656a
0x0040656c
0x0040656c
0x00406572
0x0040657c
0x00406582
0x00406588
0x00406588
0x0040658b
0x00406592
0x0040659c
0x0040659c
0x0040658b
0x00000000

APIs

WaitForSingleObject.KERNEL32(?,000000FF,?,?,0040632C,?,?,?), ref: 00406554
memmove.MSVCRT ref: 0040657C
ResetEvent.KERNEL32(?), ref: 00406592
SetEvent.KERNEL32(00000000), ref: 0040659C

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: Event$ObjectResetSingleWaitmemmove
String ID:
API String ID: 3326749752-0
Opcode ID: bb0e33ca76b38194e69d1ebf460c0f9fe800ee85165e8adad923f047247a051d
Instruction ID: 76a108ed28c2422e9c39ba31888e59f2dfdb10b2e27319ccd714606a14a38e68
Opcode Fuzzy Hash: bb0e33ca76b38194e69d1ebf460c0f9fe800ee85165e8adad923f047247a051d
Instruction Fuzzy Hash: 06010931204700AFC721CF25EC04A4B77F1EF85760F16892AE4A6976A4DB34D914CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0040521E Relevance: 6.0, APIs: 4, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E0040521E(void* __ecx) {
				intOrPtr _t14;
				void* _t19;
				void* _t26;
				intOrPtr _t27;
				void* _t29;

				_t14 = E00417F20(E004188D8, _t29);
				_t20 = 0;
				__imp__CoInitialize(0, _t26, _t19, __ecx);
				 *((intOrPtr*)(_t29 - 4)) = 0;
				__imp__SHBrowseForFolderA( *((intOrPtr*)(_t29 + 8)));
				_t27 = _t14;
				if(_t27 != 0) {
					 *((intOrPtr*)(_t29 - 0x10)) = 0;
					 *((char*)(_t29 - 4)) = 1;
					E00405179(_t29 - 0x10);
					 *((intOrPtr*)(_t29 - 0x10)) = _t27;
					 *((char*)(_t29 + 0xb)) = E004051E4(_t27,  *((intOrPtr*)(_t29 + 0xc)));
					 *((char*)(_t29 - 4)) = 0;
					E00405179(_t29 - 0x10);
					_t20 =  *((intOrPtr*)(_t29 + 0xb));
				}
				__imp__CoUninitialize();
				 *[fs:0x0] =  *((intOrPtr*)(_t29 - 0xc));
				return _t20;
			}

0x00405223
0x0040522a
0x0040522e
0x00405237
0x0040523a
0x00405240
0x00405244
0x00405246
0x0040524c
0x00405250
0x00405258
0x00405264
0x00405267
0x0040526a
0x0040526f
0x0040526f
0x00405272
0x0040527f
0x00405287

APIs

__EH_prolog.LIBCMT ref: 00405223
CoInitialize.OLE32(00000000), ref: 0040522E
SHBrowseForFolderA.SHELL32(?,?,00405330,?,?,00000000,?,?,?,?,?,?,?,?,?,0000000F), ref: 0040523A
CoUninitialize.OLE32(?,00405330,?,?,00000000,?,?,?,?,?,?,?,?,?,0000000F), ref: 00405272

Part of subcall function 00405179: __EH_prolog.LIBCMT ref: 0040517E
Part of subcall function 00405179: SHGetMalloc.SHELL32(00000000), ref: 00405199
Part of subcall function 00405179: _CxxThrowException.MSVCRT(?,0041C1C0), ref: 004051B3

Part of subcall function 004051E4: SHGetPathFromIDListA.SHELL32(?,?,00000000,00000000,00405261,00000000,?,?,00405330,?,?,00000000), ref: 00405205

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog$BrowseExceptionFolderFromInitializeListMallocPathThrowUninitialize
String ID:
API String ID: 2234105922-0
Opcode ID: 8788b83362e8671a4fc9b5e53329614924c709eb5f982a91c9535c0542b05c43
Instruction ID: 5b3102281e17610bdf27ffc4c5a78f91d3745479ecc23675a12f503914bab6e8
Opcode Fuzzy Hash: 8788b83362e8671a4fc9b5e53329614924c709eb5f982a91c9535c0542b05c43
Instruction Fuzzy Hash: CDF01976901268EECB02AFA58C549DEBF30EF15354F00856FE86667251CB784B48CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00408A28 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00408A28() {
				void* __esi;
				void* _t47;
				void* _t54;
				short* _t62;
				intOrPtr _t64;
				signed int _t86;
				void* _t89;

				E00417F20(E00418F9C, _t89);
				 *((intOrPtr*)(_t89 - 0x10)) = 0;
				E00401A6F(_t89 - 0x1c,  *((intOrPtr*)(_t89 + 0xc)));
				_t86 = 0;
				 *((intOrPtr*)(_t89 - 4)) = 0;
				if( *((intOrPtr*)(_t89 - 0x18)) > 0) {
					_t62 =  *((intOrPtr*)(_t89 - 0x1c));
					while( *_t62 == 0x20) {
						_t86 = _t86 + 1;
						_t62 = _t62 + 2;
						if(_t86 <  *((intOrPtr*)(_t89 - 0x18))) {
							continue;
						}
						L4:
						while( *((intOrPtr*)(_t89 - 0x18)) > _t86) {
							_t64 =  *((intOrPtr*)( *((intOrPtr*)(_t89 - 0x1c)) + _t86 * 2));
							if(_t64 == 0x5c || _t64 == 0x2f) {
								E0040228E(_t89 - 0x1c, _t86, 1);
								continue;
							}
							goto L8;
						}
						goto L8;
					}
					goto L4;
				}
				L8:
				E0040190B(_t89 - 0x34, 0x420c24);
				 *((char*)(_t89 - 4)) = 1;
				E0040190B(_t89 - 0x28, L"..\\");
				 *((char*)(_t89 - 4)) = 2;
				_t47 = E00402E39(E004087B8(_t89 - 0x1c, _t89 - 0x28, _t89 - 0x34),  *((intOrPtr*)(_t89 - 0x28)));
				 *((char*)(_t89 - 4)) = 0;
				E00402E39(_t47,  *((intOrPtr*)(_t89 - 0x34)));
				E0040190B(_t89 - 0x28, 0x420c24);
				 *((char*)(_t89 - 4)) = 3;
				E0040190B(_t89 - 0x34, "../");
				 *((char*)(_t89 - 4)) = 4;
				_t54 = E00402E39(E004087B8(_t89 - 0x1c, _t89 - 0x34, _t89 - 0x28),  *((intOrPtr*)(_t89 - 0x34)));
				 *((char*)(_t89 - 4)) = 0;
				E00402E39(_t54,  *((intOrPtr*)(_t89 - 0x28)));
				E004089F1(0x420c24, _t89 - 0x1c);
				E00402E39(E00401A6F( *((intOrPtr*)(_t89 + 8)), _t89 - 0x1c),  *((intOrPtr*)(_t89 - 0x1c)));
				 *[fs:0x0] =  *((intOrPtr*)(_t89 - 0xc));
				return  *((intOrPtr*)(_t89 + 8));
			}

0x00408a2d
0x00408a3f
0x00408a42
0x00408a47
0x00408a4c
0x00408a4f
0x00408a51
0x00408a54
0x00408a5a
0x00408a5c
0x00408a60
0x00000000
0x00000000
0x00000000
0x00408a62
0x00408a6a
0x00408a72
0x00408a80
0x00000000
0x00408a80
0x00000000
0x00408a72
0x00000000
0x00408a62
0x00000000
0x00408a54
0x00408a87
0x00408a90
0x00408a9d
0x00408aa1
0x00408ab1
0x00408abd
0x00408ac5
0x00408ac8
0x00408ad3
0x00408ae0
0x00408ae4
0x00408af4
0x00408b00
0x00408b08
0x00408b0b
0x00408b16
0x00408b2a
0x00408b38
0x00408b40

APIs

__EH_prolog.LIBCMT ref: 00408A2D

Strings

../, xrefs: 00408AD8
..\, xrefs: 00408A95

Memory Dump Source

Source File: 00000004.00000002.436212319.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.436199560.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436236187.000000000041B000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436251219.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000004.00000002.436273854.0000000000426000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DATOS.jbxd

Similarity

API ID: H_prolog
String ID: ../$..\
API String ID: 3519838083-142607964
Opcode ID: 9314892f611aad1c715368264fbbd1c8de609f0bcade1117cfced80ca0cbff5f
Instruction ID: b595c6b84f65588c907c0e8de2cb0fddf1781686341a57e408e052ebb5fe01ac
Opcode Fuzzy Hash: 9314892f611aad1c715368264fbbd1c8de609f0bcade1117cfced80ca0cbff5f
Instruction Fuzzy Hash: 7C319C71D01109EECB01EBA5DA95AEEBBB4AF18304F10402FF451731D2CB7C5A45CBA9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: hl.exePID: 4512, Parent PID: 6024COMMON

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0.8%
Total number of Nodes:	798
Total number of Limit Nodes:	8

Executed Functions

Function 00C49AC8 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00C49AC8() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00C49A82); // executed
				 *0xc70750 = _t1;
				return _t1;
			}

0x00c49acd
0x00c49ad3
0x00c49ad8

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00029A82), ref: 00C49ACD

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: fcf5f64d962863484ab07aafb2ac51dd9cc6459ab8cd9e2dc64ade8d1dce78be
Instruction ID: b1059c7f806c2172a0f678264f4c4764b828503729bcc5a360bccb77e0d2e306
Opcode Fuzzy Hash: fcf5f64d962863484ab07aafb2ac51dd9cc6459ab8cd9e2dc64ade8d1dce78be
Instruction Fuzzy Hash: 13A002B8541350DB87049FB0AD09B5D3B64F6C574BB10017DE819C1665FB701142AF51

Uniqueness

Uniqueness Score: -1.00%

Function 00C40710 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 154
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 94%

			E00C40710(intOrPtr __ecx, void* __eflags, CHAR* _a4, int _a8, int _a12, intOrPtr _a16, int _a20, signed int _a24, signed int _a28, signed int _a32, char _a36) {
				struct HDC__* _v4;
				intOrPtr _v56;
				int _v120;
				short _v122;
				short _v124;
				signed int _v128;
				intOrPtr _v132;
				struct tagBITMAPINFO _v136;
				intOrPtr _v144;
				intOrPtr _t61;
				int _t64;
				struct HDC__* _t66;
				void* _t74;
				intOrPtr* _t77;
				int _t78;
				void* _t80;
				signed int _t82;
				intOrPtr _t84;
				long _t91;
				void* _t103;
				signed int _t114;
				CHAR* _t119;
				struct tagTEXTMETRICA* _t120;
				intOrPtr* _t123;
				intOrPtr _t126;
				int _t129;
				intOrPtr _t132;

				_push(0xffffffff);
				_push(E00C4E498);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t132;
				_t126 = __ecx;
				_v56 = __ecx;
				 *((intOrPtr*)(__ecx)) = 0xc552a8;
				_t2 = _t126 + 0xc54; // 0xc54
				_v4 = 0;
				E00C3E110(_t2);
				_t119 = _a4;
				 *((intOrPtr*)(__ecx)) = 0xc5528c;
				_t61 = E00C4DB67(_t119);
				_t129 = _a8;
				_t82 = _a24;
				 *((intOrPtr*)(_t126 + 0x1064)) = _t61;
				 *((intOrPtr*)(_t126 + 0x1068)) = _a12;
				 *((intOrPtr*)(_t126 + 0x1070)) = _a16;
				 *((intOrPtr*)(_t126 + 0x1074)) = _a20;
				 *(_t126 + 0x106c) = _t129;
				 *(_t126 + 0x1078) = _t82;
				 *((char*)(_t126 + 0x1079)) = _a28;
				 *((char*)(_t126 + 0x107a)) = _a32;
				 *((char*)(_t126 + 0x107b)) = _a36;
				_t64 = E00C43484();
				_t91 = 0;
				if(_a36 != 0) {
					_t91 = 2;
				}
				 *(_t126 + 4) = CreateFontA(_t129, _a12, _t64, _t64, _a20, _t82 & 0x000000ff, _a28 & 0x000000ff, _a32 & 0x000000ff, _t91, 0, 0, 0, 0, _t119);
				_t66 = CreateCompatibleDC(0); // executed
				 *(_t126 + 8) = _t66;
				SelectObject(_t66,  *(_t126 + 4));
				SetTextAlign( *(_t126 + 8), 1);
				_t33 = _t126 + 0x10; // 0x10
				_t120 = _t33;
				GetTextMetricsA( *(_t126 + 8), _t120);
				_t84 =  *((intOrPtr*)(_t126 + 0x28));
				_t114 = _t120->tmHeight +  *((intOrPtr*)(_t126 + 0x18)) +  *((intOrPtr*)(_t126 + 0x14));
				 *((intOrPtr*)(_t126 + 0xc48)) = _t84;
				memset( &_v136, 0, 0xa << 2);
				_v132 = _t84;
				 *(_t126 + 0xc4c) = _t114;
				_t42 = _t126 + 0xc50; // 0xc50
				_v128 =  ~_t114;
				_v136.bmiHeader = 0x28;
				_v124 = 1;
				_v122 = 0x20;
				_v120 = 0;
				_t74 = CreateDIBSection( *(_t126 + 8),  &_v136, 0, _t42, 0, 0); // executed
				 *(_t126 + 0xc) = _t74;
				SelectObject( *(_t126 + 8), _t74);
				_t52 = _t126 + 0x4c; // 0x4c
				_t123 = _t52;
				_t103 = 0x100;
				_t77 = _t123;
				do {
					 *((intOrPtr*)(_t77 - 4)) = 0;
					 *_t77 = 0;
					 *((intOrPtr*)(_t77 + 4)) = 0;
					_t77 = _t77 + 0xc;
					_t103 = _t103 - 1;
				} while (_t103 != 0);
				_t56 = _t126 + 0x48; // 0x48
				_t78 = GetCharABCWidthsA( *(_t126 + 8), 0, 0xff, _t56); // executed
				if(_t78 == 0) {
					_t80 = 0x100;
					do {
						 *_t123 =  *((intOrPtr*)(_t126 + 0x24));
						_t123 = _t123 + 0xc;
						_t80 = _t80 - 1;
					} while (_t80 != 0);
				}
				 *[fs:0x0] = _v144;
				return _t126;
			}

0x00c40710
0x00c40712
0x00c4071d
0x00c4071e
0x00c4072b
0x00c4072e
0x00c40732
0x00c40738
0x00c4073e
0x00c40746
0x00c4074b
0x00c4074f
0x00c40756
0x00c4076d
0x00c40771
0x00c40775
0x00c4077f
0x00c40789
0x00c40793
0x00c407a0
0x00c407a6
0x00c407ac
0x00c407b2
0x00c407b8
0x00c407be
0x00c407c7
0x00c407cb
0x00c407cd
0x00c407cd
0x00c40814
0x00c40817
0x00c40828
0x00c4082b
0x00c40833
0x00c4083c
0x00c4083c
0x00c40841
0x00c4084d
0x00c40856
0x00c40861
0x00c40867
0x00c40869
0x00c4086f
0x00c40878
0x00c4087f
0x00c4088e
0x00c40896
0x00c4089d
0x00c408a4
0x00c408a8
0x00c408ae
0x00c408b6
0x00c408b8
0x00c408b8
0x00c408bb
0x00c408c0
0x00c408c2
0x00c408c2
0x00c408c5
0x00c408c7
0x00c408ca
0x00c408cd
0x00c408cd
0x00c408d3
0x00c408de
0x00c408e6
0x00c408e8
0x00c408ed
0x00c408f0
0x00c408f2
0x00c408f5
0x00c408f5
0x00c408ed
0x00c40902
0x00c4090c

APIs

__ftol.LIBCMT ref: 00C407BE
CreateFontA.GDI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00C4080C
CreateCompatibleDC.GDI32(00000000), ref: 00C40817
SelectObject.GDI32(00000000,?), ref: 00C4082B
SetTextAlign.GDI32(?,00000001), ref: 00C40833
GetTextMetricsA.GDI32(?,00000010), ref: 00C40841
CreateDIBSection.GDI32 ref: 00C408A8
SelectObject.GDI32(?,00000000), ref: 00C408B6
GetCharABCWidthsA.GDI32(?,00000000,000000FF,00000048), ref: 00C408DE

Strings

, xrefs: 00C4089D
(, xrefs: 00C4088E

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Create$ObjectSelectText$AlignCharCompatibleFontMetricsSectionWidths__ftol
String ID: $(
API String ID: 3603512337-55695022
Opcode ID: 952f94b2293f42b0119079332c5e2b94adc28d8f8dd6fdde7fcac1823a97e9d8
Instruction ID: 4f6137c7857dd40d2440f37093f349f53f3997f8f73096cdf9d8154be25c0608
Opcode Fuzzy Hash: 952f94b2293f42b0119079332c5e2b94adc28d8f8dd6fdde7fcac1823a97e9d8
Instruction Fuzzy Hash: 765149B56047419FD324CF25C884BABFBE9FB89700F00892DE59A87391C674A848CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00C43AFF Relevance: 3.1, APIs: 2, Instructions: 57
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00C43AFF(intOrPtr _a8) {
				intOrPtr _t2;
				void* _t3;
				signed int _t12;
				signed int _t13;
				void* _t24;

				_t2 = _a8;
				if(_t2 != 1) {
					__eflags = _t2;
					if(_t2 != 0) {
						__eflags = _t2 - 3;
						if(_t2 == 3) {
							E00C44798(0);
						}
						L13:
						_t3 = 1;
						return _t3;
					}
					__eflags =  *0xc704d0; // 0x1
					if(__eflags <= 0) {
						L4:
						return 0;
					}
					 *0xc704d0 =  *0xc704d0 - 1;
					__eflags =  *0xc704a8; // 0x0
					if(__eflags == 0) {
						E00C4294D();
					}
					E00C49464();
					E00C44700();
					E00C46ACB();
					goto L13;
				}
				 *0xc70470 = GetVersion();
				if(E00C46A6E(_t24, 1) == 0) {
					goto L4;
				}
				_t12 =  *0xc70470; // 0x23f0
				_t13 = _t12 & 0x000000ff;
				 *0xc70470 =  *0xc70470 >> 0x10;
				 *0xc70478 = _t13;
				 *0xc7047c = 0;
				 *0xc70474 = _t13 << 8;
				if(E00C446AC() != 0) {
					 *0xc71bc4 = GetCommandLineA();
					 *0xc704d4 = E00C497BE(); // executed
					E00C492A8(); // executed
					E00C49571();
					E00C494B8();
					E00C428FE();
					 *0xc704d0 =  *0xc704d0 + 1;
					goto L13;
				}
				E00C46ACB();
				goto L4;
			}

0x00c43aff
0x00c43b06
0x00c43b96
0x00c43b98
0x00c43bc6
0x00c43bc9
0x00c43bcc
0x00c43bd1
0x00c43bd2
0x00c43bd4
0x00000000
0x00c43bd4
0x00c43b9a
0x00c43ba0
0x00c43b5f
0x00000000
0x00c43b5f
0x00c43ba2
0x00c43ba8
0x00c43bae
0x00c43bb0
0x00c43bb0
0x00c43bb5
0x00c43bba
0x00c43bbf
0x00000000
0x00c43bbf
0x00c43b14
0x00c43b21
0x00000000
0x00000000
0x00c43b23
0x00c43b30
0x00c43b35
0x00c43b3c
0x00c43b41
0x00c43b4c
0x00c43b58
0x00c43b69
0x00c43b73
0x00c43b78
0x00c43b7d
0x00c43b82
0x00c43b87
0x00c43b8c
0x00000000
0x00c43b8c
0x00c43b5a
0x00000000

APIs

GetVersion.KERNEL32(00C43C18,?,?,?), ref: 00C43B0C

Part of subcall function 00C46A6E: HeapCreate.KERNEL32(00000000,00001000,00000000,00C43B1E,00000001), ref: 00C46A7F
Part of subcall function 00C46A6E: HeapDestroy.KERNEL32 ref: 00C46ABE

Part of subcall function 00C446AC: TlsAlloc.KERNEL32(?,00C43B56), ref: 00C446B2
Part of subcall function 00C446AC: TlsSetValue.KERNEL32(00000000), ref: 00C446DA
Part of subcall function 00C446AC: GetCurrentThreadId.KERNEL32 ref: 00C446EB

GetCommandLineA.KERNEL32 ref: 00C43B63

Part of subcall function 00C46ACB: VirtualFree.KERNEL32(0000000C,00100000,00004000,?,?,?,?,00C43BC4,00C43C18,?,?,?), ref: 00C46B03
Part of subcall function 00C46ACB: VirtualFree.KERNEL32(0000000C,00000000,00008000,?,?,?,?,00C43BC4,00C43C18,?,?,?), ref: 00C46B0E
Part of subcall function 00C46ACB: HeapFree.KERNEL32(00000000,?,?,?,?,?,00C43BC4,00C43C18,?,?,?), ref: 00C46B1B
Part of subcall function 00C46ACB: HeapFree.KERNEL32(00000000,?,?,?,?,00C43BC4,00C43C18,?,?,?), ref: 00C46B37
Part of subcall function 00C46ACB: HeapDestroy.KERNEL32(?,?,00C43BC4,00C43C18,?,?,?), ref: 00C46B6A

Part of subcall function 00C44798: TlsGetValue.KERNEL32(0000002D,?,00C43BD1,00000000,00C43C18,?,?,?), ref: 00C447B0
Part of subcall function 00C44798: TlsSetValue.KERNEL32(00000000,?,00C43BD1,00000000,00C43C18,?,?,?), ref: 00C44830

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Heap$Free$Value$DestroyVirtual$AllocCommandCreateCurrentLineThreadVersion
String ID:
API String ID: 1348591257-0
Opcode ID: ea117c74480f37c5d41c0751251966666e3dd7b514129af62bc55d0d73623d99
Instruction ID: a3e45cf5a8b9594ccdc692bf3497ea6e190dd3c92ea750834219715b6118ff09
Opcode Fuzzy Hash: ea117c74480f37c5d41c0751251966666e3dd7b514129af62bc55d0d73623d99
Instruction Fuzzy Hash: 0D117071904291CBDB28BF74AC0B72E3760FB81316F34542EF659D6263DB748681EB22

Uniqueness

Uniqueness Score: -1.00%

Function 00CA1A03 Relevance: 3.1, APIs: 2, Instructions: 57
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00CA1A03(intOrPtr _a8) {
				intOrPtr _t2;
				void* _t3;
				signed int _t12;
				signed int _t13;
				void* _t24;

				_t2 = _a8;
				if(_t2 != 1) {
					__eflags = _t2;
					if(_t2 != 0) {
						__eflags = _t2 - 3;
						if(_t2 == 3) {
							E00CA352D(0);
						}
						L13:
						_t3 = 1;
						return _t3;
					}
					__eflags =  *0xcb30bc; // 0x1
					if(__eflags <= 0) {
						L4:
						return 0;
					}
					 *0xcb30bc =  *0xcb30bc - 1;
					__eflags =  *0xcb3118; // 0x0
					if(__eflags == 0) {
						E00CA3361();
					}
					E00CA3789();
					E00CA3495();
					E00CA3DE7();
					goto L13;
				}
				 *0xcb30e0 = GetVersion();
				if(E00CA3D8A(_t24, 1) == 0) {
					goto L4;
				}
				_t12 =  *0xcb30e0; // 0x23f0
				_t13 = _t12 & 0x000000ff;
				 *0xcb30e0 =  *0xcb30e0 >> 0x10;
				 *0xcb30e8 = _t13;
				 *0xcb30ec = 0;
				 *0xcb30e4 = _t13 << 8;
				if(E00CA3441() != 0) {
					 *0xcb47c4 = GetCommandLineA();
					 *0xcb30c0 = E00CA3AE3(); // executed
					E00CA35CD(); // executed
					E00CA3896();
					E00CA37DD();
					E00CA3323();
					 *0xcb30bc =  *0xcb30bc + 1;
					goto L13;
				}
				E00CA3DE7();
				goto L4;
			}

0x00ca1a03
0x00ca1a0a
0x00ca1a9a
0x00ca1a9c
0x00ca1aca
0x00ca1acd
0x00ca1ad0
0x00ca1ad5
0x00ca1ad6
0x00ca1ad8
0x00000000
0x00ca1ad8
0x00ca1a9e
0x00ca1aa4
0x00ca1a63
0x00000000
0x00ca1a63
0x00ca1aa6
0x00ca1aac
0x00ca1ab2
0x00ca1ab4
0x00ca1ab4
0x00ca1ab9
0x00ca1abe
0x00ca1ac3
0x00000000
0x00ca1ac3
0x00ca1a18
0x00ca1a25
0x00000000
0x00000000
0x00ca1a27
0x00ca1a34
0x00ca1a39
0x00ca1a40
0x00ca1a45
0x00ca1a50
0x00ca1a5c
0x00ca1a6d
0x00ca1a77
0x00ca1a7c
0x00ca1a81
0x00ca1a86
0x00ca1a8b
0x00ca1a90
0x00000000
0x00ca1a90
0x00ca1a5e
0x00000000

APIs

GetVersion.KERNEL32(00CA1B1C,?,?,?), ref: 00CA1A10

Part of subcall function 00CA3D8A: HeapCreate.KERNEL32(00000000,00001000,00000000,00CA1A22,00000001), ref: 00CA3D9B
Part of subcall function 00CA3D8A: HeapDestroy.KERNEL32 ref: 00CA3DDA

Part of subcall function 00CA3441: TlsAlloc.KERNEL32(?,00CA1A5A), ref: 00CA3447
Part of subcall function 00CA3441: TlsSetValue.KERNEL32(00000000), ref: 00CA346F
Part of subcall function 00CA3441: GetCurrentThreadId.KERNEL32 ref: 00CA3480

GetCommandLineA.KERNEL32 ref: 00CA1A67

Part of subcall function 00CA3DE7: VirtualFree.KERNEL32(0000000C,00100000,00004000,?,?,?,?,00CA1AC8,00CA1B1C,?,?,?), ref: 00CA3E1F
Part of subcall function 00CA3DE7: VirtualFree.KERNEL32(0000000C,00000000,00008000,?,?,?,?,00CA1AC8,00CA1B1C,?,?,?), ref: 00CA3E2A
Part of subcall function 00CA3DE7: HeapFree.KERNEL32(00000000,?,?,?,?,?,00CA1AC8,00CA1B1C,?,?,?), ref: 00CA3E37
Part of subcall function 00CA3DE7: HeapFree.KERNEL32(00000000,?,?,?,?,00CA1AC8,00CA1B1C,?,?,?), ref: 00CA3E53
Part of subcall function 00CA3DE7: HeapDestroy.KERNEL32(?,?,00CA1AC8,00CA1B1C,?,?,?), ref: 00CA3E86

Part of subcall function 00CA352D: TlsGetValue.KERNEL32(0000002F,?,00CA1AD5,00000000,00CA1B1C,?,?,?), ref: 00CA3545
Part of subcall function 00CA352D: TlsSetValue.KERNEL32(00000000,?,00CA1AD5,00000000,00CA1B1C,?,?,?), ref: 00CA35C5

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: Heap$Free$Value$DestroyVirtual$AllocCommandCreateCurrentLineThreadVersion
String ID:
API String ID: 1348591257-0
Opcode ID: d8368c41063714dc135f6a6645946e25446920a193e2b09dda2e2211dc8bd2df
Instruction ID: bca8cff56ed291cf45b65c6d50f6e34a037ec0d1beeb4650b98700b108b08480
Opcode Fuzzy Hash: d8368c41063714dc135f6a6645946e25446920a193e2b09dda2e2211dc8bd2df
Instruction Fuzzy Hash: 07114270D152D3CACB14BBB5B81632D36A4EF1731DF18452AF816C6192EB31CB40AA11

Uniqueness

Uniqueness Score: -1.00%

Function 00C46A6E Relevance: 3.0, APIs: 2, Instructions: 30
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00C46A6E(void* __ecx, intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;
				void* _t9;
				void* _t10;
				void* _t12;

				_t12 = __ecx;
				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				_t15 = _t6;
				 *0xc70ba0 = _t6;
				if(_t6 == 0) {
					L7:
					return 0;
				} else {
					_t8 = E00C46926(_t12, _t15);
					 *0xc70ba4 = _t8;
					if(_t8 != 3) {
						__eflags = _t8 - 2;
						if(_t8 != 2) {
							goto L8;
						} else {
							_t10 = E00C476BA();
							goto L5;
						}
					} else {
						_t10 = E00C46B73(0x3f8);
						L5:
						if(_t10 != 0) {
							L8:
							_t9 = 1;
							return _t9;
						} else {
							HeapDestroy( *0xc70ba0);
							goto L7;
						}
					}
				}
			}

0x00c46a6e
0x00c46a7f
0x00c46a85
0x00c46a87
0x00c46a8c
0x00c46ac4
0x00c46ac6
0x00c46a8e
0x00c46a8e
0x00c46a96
0x00c46a9b
0x00c46aaa
0x00c46aad
0x00000000
0x00c46aaf
0x00c46aaf
0x00000000
0x00c46aaf
0x00c46a9d
0x00c46aa2
0x00c46ab4
0x00c46ab6
0x00c46ac7
0x00c46ac9
0x00c46aca
0x00c46ab8
0x00c46abe
0x00000000
0x00c46abe
0x00c46ab6
0x00c46a9b

APIs

HeapCreate.KERNEL32(00000000,00001000,00000000,00C43B1E,00000001), ref: 00C46A7F

Part of subcall function 00C46926: GetVersionExA.KERNEL32 ref: 00C46945

HeapDestroy.KERNEL32 ref: 00C46ABE

Part of subcall function 00C46B73: HeapAlloc.KERNEL32(00000000,00000140,00C46AA7,000003F8), ref: 00C46B80

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Heap$AllocCreateDestroyVersion
String ID:
API String ID: 2507506473-0
Opcode ID: e02e687a46e59341ace633b08a388955cc8b2b9be19b6ef2f9476b7d3e6fb170
Instruction ID: 8631a243e51810c02442e92d696fdfb3fe617678d832207bbfda8751b44dde1e
Opcode Fuzzy Hash: e02e687a46e59341ace633b08a388955cc8b2b9be19b6ef2f9476b7d3e6fb170
Instruction Fuzzy Hash: 4FF06DB4A15B019FDB206B30AC0672D3995FB52B4AF248426F554D80ACEBB08680B613

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3D8A Relevance: 3.0, APIs: 2, Instructions: 30
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00CA3D8A(void* __ecx, intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;
				void* _t9;
				void* _t10;
				void* _t12;

				_t12 = __ecx;
				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				_t15 = _t6;
				 *0xcb3684 = _t6;
				if(_t6 == 0) {
					L7:
					return 0;
				} else {
					_t8 = E00CA3C42(_t12, _t15);
					 *0xcb3688 = _t8;
					if(_t8 != 3) {
						__eflags = _t8 - 2;
						if(_t8 != 2) {
							goto L8;
						} else {
							_t10 = E00CA66BF();
							goto L5;
						}
					} else {
						_t10 = E00CA5B78(0x3f8);
						L5:
						if(_t10 != 0) {
							L8:
							_t9 = 1;
							return _t9;
						} else {
							HeapDestroy( *0xcb3684);
							goto L7;
						}
					}
				}
			}

0x00ca3d8a
0x00ca3d9b
0x00ca3da1
0x00ca3da3
0x00ca3da8
0x00ca3de0
0x00ca3de2
0x00ca3daa
0x00ca3daa
0x00ca3db2
0x00ca3db7
0x00ca3dc6
0x00ca3dc9
0x00000000
0x00ca3dcb
0x00ca3dcb
0x00000000
0x00ca3dcb
0x00ca3db9
0x00ca3dbe
0x00ca3dd0
0x00ca3dd2
0x00ca3de3
0x00ca3de5
0x00ca3de6
0x00ca3dd4
0x00ca3dda
0x00000000
0x00ca3dda
0x00ca3dd2
0x00ca3db7

APIs

HeapCreate.KERNEL32(00000000,00001000,00000000,00CA1A22,00000001), ref: 00CA3D9B

Part of subcall function 00CA3C42: GetVersionExA.KERNEL32 ref: 00CA3C61

HeapDestroy.KERNEL32 ref: 00CA3DDA

Part of subcall function 00CA5B78: HeapAlloc.KERNEL32(00000000,00000140,00CA3DC3,000003F8), ref: 00CA5B85

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: Heap$AllocCreateDestroyVersion
String ID:
API String ID: 2507506473-0
Opcode ID: 526c3fbfda4811aa6bd266e1771a20ae03f2dc35c8b1223f50076cda12b6bc0d
Instruction ID: 54f0c13f1a639f7b3d93baa6fd82209ad386cdb42e4571fb68d8d298decf4114
Opcode Fuzzy Hash: 526c3fbfda4811aa6bd266e1771a20ae03f2dc35c8b1223f50076cda12b6bc0d
Instruction Fuzzy Hash: D3F09B70E65383FEDB212B316C5673D7BA4AB5678EF24042BF411C81E0FB718780A511

Uniqueness

Uniqueness Score: -1.00%

Function 00C435D2 Relevance: 1.6, APIs: 1, Instructions: 80
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 24%

			E00C435D2(unsigned int _a4) {
				signed int _v8;
				intOrPtr _v20;
				void* _v32;
				intOrPtr _t19;
				void* _t20;
				signed char _t22;
				void* _t23;
				void* _t24;
				void* _t36;
				unsigned int _t44;
				unsigned int _t46;
				intOrPtr _t47;
				void* _t50;

				_push(0xffffffff);
				_push(0xc55380);
				_push(E00C449C0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t47;
				_t19 =  *0xc70ba4; // 0x1
				if(_t19 != 3) {
					__eflags = _t19 - 2;
					if(_t19 != 2) {
						goto L11;
					} else {
						_t24 = _a4;
						__eflags = _t24;
						if(_t24 == 0) {
							_t44 = 0x10;
						} else {
							_t9 = _t24 + 0xf; // 0xf
							_t44 = _t9 & 0xfffffff0;
						}
						_a4 = _t44;
						__eflags = _t44 -  *0xc6e614; // 0x1e0
						if(__eflags > 0) {
							L10:
							_push(_t44);
							goto L14;
						} else {
							E00C43D3D(9);
							_pop(_t36);
							_v8 = 1;
							_v32 = E00C479B2(_t36, _t44 >> 4);
							_v8 = _v8 | 0xffffffff;
							E00C43698();
							_t23 = _v32;
							__eflags = _t23;
							if(_t23 == 0) {
								goto L10;
							}
						}
					}
				} else {
					_t46 = _a4;
					_t50 = _t46 -  *0xc70b9c; // 0x0
					if(_t50 > 0) {
						L11:
						_t20 = _a4;
						__eflags = _t20;
						if(_t20 == 0) {
							_t20 = 1;
						}
						_t22 = _t20 + 0x0000000f & 0x000000f0;
						__eflags = _t22;
						_push(_t22);
						L14:
						_push(0);
						_t23 = RtlAllocateHeap( *0xc70ba0); // executed
					} else {
						E00C43D3D(9);
						_v8 = _v8 & 0x00000000;
						_push(_t46);
						_v32 = E00C46F0F();
						_v8 = _v8 | 0xffffffff;
						E00C43639();
						_t23 = _v32;
						if(_t23 == 0) {
							goto L11;
						} else {
						}
					}
				}
				 *[fs:0x0] = _v20;
				return _t23;
			}

0x00c435d5
0x00c435d7
0x00c435dc
0x00c435e7
0x00c435e8
0x00c435f5
0x00c435fd
0x00c43642
0x00c43645
0x00000000
0x00c43647
0x00c43647
0x00c4364a
0x00c4364c
0x00c43658
0x00c4364e
0x00c4364e
0x00c43651
0x00c43651
0x00c43659
0x00c4365c
0x00c43662
0x00c43692
0x00c43692
0x00000000
0x00c43664
0x00c43666
0x00c4366b
0x00c4366c
0x00c4367f
0x00c43682
0x00c43686
0x00c4368b
0x00c4368e
0x00c43690
0x00000000
0x00000000
0x00c43690
0x00c43662
0x00c435ff
0x00c435ff
0x00c43602
0x00c43608
0x00c436a1
0x00c436a1
0x00c436a4
0x00c436a6
0x00c436aa
0x00c436aa
0x00c436ae
0x00c436ae
0x00c436b0
0x00c436b1
0x00c436b1
0x00c436b9
0x00c4360e
0x00c43610
0x00c43616
0x00c4361a
0x00c43621
0x00c43624
0x00c43628
0x00c4362d
0x00c43632
0x00000000
0x00000000
0x00c43634
0x00c43632
0x00c43608
0x00c436c2
0x00c436cd

APIs

RtlAllocateHeap.NTDLL(00000000,-0000000F,?,00000000,00000000,00000000,00000000), ref: 00C436B9

Part of subcall function 00C43D3D: InitializeCriticalSection.KERNEL32(00000000,?,00000010,?,00C4366B,00000009,?,00000000,00000000,00000000,00000000), ref: 00C43D7A
Part of subcall function 00C43D3D: EnterCriticalSection.KERNEL32(00000010,00000010,?,00C4366B,00000009,?,00000000,00000000,00000000,00000000), ref: 00C43D95

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: CriticalSection$AllocateEnterHeapInitialize
String ID:
API String ID: 1616793339-0
Opcode ID: 46fca8ef373af34e8fff6fccc8ce46a65d0b2c54ab90665386800dfa80dcb4e6
Instruction ID: c27dc0c601e7cbc248ad9a6b96f219c6301031bffd0aba0b69187a54c5d8e783
Opcode Fuzzy Hash: 46fca8ef373af34e8fff6fccc8ce46a65d0b2c54ab90665386800dfa80dcb4e6
Instruction Fuzzy Hash: 2321A431A40296BBDB10AF69EC42BDD77A4FB41724F214615F824EB3D0C7749B419E94

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5A7C Relevance: 1.6, APIs: 1, Instructions: 80
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 24%

			E00CA5A7C(unsigned int _a4) {
				signed int _v8;
				intOrPtr _v20;
				void* _v32;
				intOrPtr _t19;
				void* _t20;
				signed char _t22;
				void* _t23;
				void* _t24;
				void* _t36;
				unsigned int _t44;
				unsigned int _t46;
				intOrPtr _t47;
				void* _t50;

				_push(0xffffffff);
				_push(0xcab588);
				_push(E00CA6E84);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t47;
				_t19 =  *0xcb3688; // 0x1
				if(_t19 != 3) {
					__eflags = _t19 - 2;
					if(_t19 != 2) {
						goto L11;
					} else {
						_t24 = _a4;
						__eflags = _t24;
						if(_t24 == 0) {
							_t44 = 0x10;
						} else {
							_t9 = _t24 + 0xf; // 0xf
							_t44 = _t9 & 0xfffffff0;
						}
						_a4 = _t44;
						__eflags = _t44 -  *0xcaea14; // 0x1e0
						if(__eflags > 0) {
							L10:
							_push(_t44);
							goto L14;
						} else {
							E00CA59C8(9);
							_pop(_t36);
							_v8 = 1;
							_v32 = E00CA69B7(_t36, _t44 >> 4);
							_v8 = _v8 | 0xffffffff;
							E00CA5B42();
							_t23 = _v32;
							__eflags = _t23;
							if(_t23 == 0) {
								goto L10;
							}
						}
					}
				} else {
					_t46 = _a4;
					_t50 = _t46 -  *0xcb3680; // 0x0
					if(_t50 > 0) {
						L11:
						_t20 = _a4;
						__eflags = _t20;
						if(_t20 == 0) {
							_t20 = 1;
						}
						_t22 = _t20 + 0x0000000f & 0x000000f0;
						__eflags = _t22;
						_push(_t22);
						L14:
						_push(0);
						_t23 = RtlAllocateHeap( *0xcb3684); // executed
					} else {
						E00CA59C8(9);
						_v8 = _v8 & 0x00000000;
						_push(_t46);
						_v32 = E00CA5F14();
						_v8 = _v8 | 0xffffffff;
						E00CA5AE3();
						_t23 = _v32;
						if(_t23 == 0) {
							goto L11;
						} else {
						}
					}
				}
				 *[fs:0x0] = _v20;
				return _t23;
			}

0x00ca5a7f
0x00ca5a81
0x00ca5a86
0x00ca5a91
0x00ca5a92
0x00ca5a9f
0x00ca5aa7
0x00ca5aec
0x00ca5aef
0x00000000
0x00ca5af1
0x00ca5af1
0x00ca5af4
0x00ca5af6
0x00ca5b02
0x00ca5af8
0x00ca5af8
0x00ca5afb
0x00ca5afb
0x00ca5b03
0x00ca5b06
0x00ca5b0c
0x00ca5b3c
0x00ca5b3c
0x00000000
0x00ca5b0e
0x00ca5b10
0x00ca5b15
0x00ca5b16
0x00ca5b29
0x00ca5b2c
0x00ca5b30
0x00ca5b35
0x00ca5b38
0x00ca5b3a
0x00000000
0x00000000
0x00ca5b3a
0x00ca5b0c
0x00ca5aa9
0x00ca5aa9
0x00ca5aac
0x00ca5ab2
0x00ca5b4b
0x00ca5b4b
0x00ca5b4e
0x00ca5b50
0x00ca5b54
0x00ca5b54
0x00ca5b58
0x00ca5b58
0x00ca5b5a
0x00ca5b5b
0x00ca5b5b
0x00ca5b63
0x00ca5ab8
0x00ca5aba
0x00ca5ac0
0x00ca5ac4
0x00ca5acb
0x00ca5ace
0x00ca5ad2
0x00ca5ad7
0x00ca5adc
0x00000000
0x00000000
0x00ca5ade
0x00ca5adc
0x00ca5ab2
0x00ca5b6c
0x00ca5b77

APIs

RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 00CA5B63

Part of subcall function 00CA59C8: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00CA582B,00000009,00000000,00000000,?,?,00CA21C1,00CA2146,?,00CA19FB,00000000), ref: 00CA5A05
Part of subcall function 00CA59C8: EnterCriticalSection.KERNEL32(?,?,?,00CA582B,00000009,00000000,00000000,?,?,00CA21C1,00CA2146,?,00CA19FB,00000000), ref: 00CA5A20

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: CriticalSection$AllocateEnterHeapInitialize
String ID:
API String ID: 1616793339-0
Opcode ID: 7d8f027e8327223041f947047a43018a89cd80193e13197fc9a150ec16218090
Instruction ID: ac990604e2b38ac7b33629e8b99726705ab31b598fbe6c03a0c878be6f9eceb3
Opcode Fuzzy Hash: 7d8f027e8327223041f947047a43018a89cd80193e13197fc9a150ec16218090
Instruction Fuzzy Hash: 6721B831A40A06EBDB10DF65EC42B9EB7B4FB02729F148215F921EB2C1C7749E419764

Uniqueness

Uniqueness Score: -1.00%

Function 00C38060 Relevance: 1.5, APIs: 1, Instructions: 27
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E00C38060(intOrPtr* _a4, intOrPtr _a8) {
				char _v268;
				char _v528;
				intOrPtr* _t8;
				char* _t11;
				char _t14;
				void* _t18;
				char* _t20;
				void* _t21;
				void* _t22;

				_t8 = _a4;
				_t22 = _t21 - 0x210;
				_t18 =  &_v528 - _t8;
				do {
					_t14 =  *_t8;
					 *((char*)(_t18 + _t8)) = _t14;
					_t8 = _t8 + 1;
				} while (_t14 != 0);
				E00C37FF0(_t22);
				_t11 =  &_v528;
				__imp__SteamOpenFile(_t11, _a8,  &_v268); // executed
				_t20 = _t11;
				E00C38010(_t20,  &_v268);
				return _t20;
			}

0x00c38060
0x00c3806b
0x00c38071
0x00c38073
0x00c38073
0x00c38075
0x00c38078
0x00c38079
0x00c38082
0x00c38096
0x00c3809c
0x00c380a9
0x00c380ad
0x00c380ba

APIs

SteamOpenFile.STEAM(?,?,?,?), ref: 00C3809C

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: FileOpenSteam
String ID:
API String ID: 385550736-0
Opcode ID: 25a7edf05bbd34e440ca8e8c632fe67dbda57925c6cd0a5f36a9057d08d37ad4
Instruction ID: 47d9284d675b410cd8358a75f1545a05e2a8eff2dbd2231aa8d397e89e21b548
Opcode Fuzzy Hash: 25a7edf05bbd34e440ca8e8c632fe67dbda57925c6cd0a5f36a9057d08d37ad4
Instruction Fuzzy Hash: F5F08274508289AFD724D778C598AEB77E8ABD5300F00895CB48583105E934994D8752

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00C4BF71 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 46%

			E00C4BF71(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _t4;
				intOrPtr* _t7;
				_Unknown_base(*)()* _t11;
				void* _t14;
				struct HINSTANCE__* _t15;
				void* _t17;

				_t14 = 0;
				_t17 =  *0xc70780 - _t14; // 0x0
				if(_t17 != 0) {
					L4:
					_t4 =  *0xc70784; // 0x0
					if(_t4 != 0) {
						_t14 =  *_t4();
						if(_t14 != 0) {
							_t7 =  *0xc70788; // 0x0
							if(_t7 != 0) {
								_t14 =  *_t7(_t14);
							}
						}
					}
					return  *0xc70780(_t14, _a4, _a8, _a12);
				}
				_t15 = LoadLibraryA("user32.dll");
				if(_t15 == 0) {
					L10:
					return 0;
				}
				_t11 = GetProcAddress(_t15, "MessageBoxA");
				 *0xc70780 = _t11;
				if(_t11 == 0) {
					goto L10;
				} else {
					 *0xc70784 = GetProcAddress(_t15, "GetActiveWindow");
					 *0xc70788 = GetProcAddress(_t15, "GetLastActivePopup");
					goto L4;
				}
			}

0x00c4bf72
0x00c4bf74
0x00c4bf7c
0x00c4bfc0
0x00c4bfc0
0x00c4bfc7
0x00c4bfcb
0x00c4bfcf
0x00c4bfd1
0x00c4bfd8
0x00c4bfdd
0x00c4bfdd
0x00c4bfd8
0x00c4bfcf
0x00000000
0x00c4bfec
0x00c4bf89
0x00c4bf8d
0x00c4bff6
0x00000000
0x00c4bff6
0x00c4bf9b
0x00c4bf9f
0x00c4bfa4
0x00000000
0x00c4bfa6
0x00c4bfb4
0x00c4bfbb
0x00000000
0x00c4bfbb

APIs

LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,00C49A53,?,Microsoft Visual C++ Runtime Library,00012010,?,00C55898,?,00C558E8,?,?,?,Runtime Error!Program: ), ref: 00C4BF83
GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00C4BF9B
GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00C4BFAC
GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00C4BFB9

Strings

GetActiveWindow, xrefs: 00C4BFA6
MessageBoxA, xrefs: 00C4BF95
GetLastActivePopup, xrefs: 00C4BFAE
user32.dll, xrefs: 00C4BF7E

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
API String ID: 2238633743-4044615076
Opcode ID: 0cf9ce92916a2e96684719a5156280fa9e2cff61d0764b1770ead45d4324fc01
Instruction ID: bdc536b13d2358fc329e0e828a88d3b8b2b9c868b27580d12c85f5b4b399a5ad
Opcode Fuzzy Hash: 0cf9ce92916a2e96684719a5156280fa9e2cff61d0764b1770ead45d4324fc01
Instruction Fuzzy Hash: AA015E79600201EF9B509FF69C80B2E3AE9FA88691314003AF51DD2161DB74EC899F60

Uniqueness

Uniqueness Score: -1.00%

Function 00C400E0 Relevance: 6.0, APIs: 4, Instructions: 19
clipboardCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C400E0() {
				int _t1;
				void* _t2;
				long _t6;

				_t6 = 0;
				_t1 = OpenClipboard(0);
				if(_t1 != 0) {
					_t2 = GetClipboardData(1);
					if(_t2 != 0) {
						_t6 = GlobalSize(_t2);
					}
					CloseClipboard();
					return _t6;
				} else {
					return _t1;
				}
			}

0x00c400e1
0x00c400e4
0x00c400ec
0x00c400f2
0x00c400fa
0x00c40103
0x00c40103
0x00c40105
0x00c4010e
0x00c400ef
0x00c400ef
0x00c400ef

APIs

OpenClipboard.USER32(00000000), ref: 00C400E4
GetClipboardData.USER32 ref: 00C400F2
GlobalSize.KERNEL32(00000000), ref: 00C400FD
CloseClipboard.USER32 ref: 00C40105

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Clipboard$CloseDataGlobalOpenSize
String ID:
API String ID: 184691881-0
Opcode ID: 9b6be80ddad7b63cd93efc15bf08e8b016db231c692ecd63d5adc43d2ca8667d
Instruction ID: da0714b4769c690e87643309536fd37f86617778fc8ce8e7eec6178398ae759a
Opcode Fuzzy Hash: 9b6be80ddad7b63cd93efc15bf08e8b016db231c692ecd63d5adc43d2ca8667d
Instruction Fuzzy Hash: CFD09E3AA40220DBDB202B75BC0C78E7B58BF46762B014169F911D2151EB74894296E0

Uniqueness

Uniqueness Score: -1.00%

Function 00CA15AE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65
fileCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E00CA15AE(CHAR* _a4, signed int* _a8) {
				struct _WIN32_FIND_DATAA _v324;
				long _t31;
				signed int _t32;
				void* _t34;
				signed int* _t35;
				void* _t37;

				_t34 = FindFirstFileA(_a4,  &_v324);
				if(_t34 != 0xffffffff) {
					_t35 = _a8;
					asm("sbb eax, eax");
					 *_t35 =  ~(_v324.dwFileAttributes - 0x80) & _v324.dwFileAttributes;
					_t35[1] = E00CA1763( &(_v324.ftCreationTime));
					_t35[2] = E00CA1763( &(_v324.ftLastAccessTime));
					_t35[3] = E00CA1763( &(_v324.ftLastWriteTime));
					_t35[4] = _v324.nFileSizeLow;
					E00CA2050( &(_t35[5]),  &(_v324.cFileName));
					return _t34;
				}
				_t31 = GetLastError();
				_t37 = 2;
				if(_t31 < _t37) {
					L5:
					_t32 = E00CA21B3();
					 *_t32 = 0x16;
					L6:
					return _t32 | 0xffffffff;
				}
				if(_t31 <= 3) {
					L8:
					_t32 = E00CA21B3();
					 *_t32 = _t37;
					goto L6;
				}
				if(_t31 == 8) {
					_t32 = E00CA21B3();
					 *_t32 = 0xc;
					goto L6;
				}
				if(_t31 == 0x12) {
					goto L8;
				}
				goto L5;
			}

0x00ca15c9
0x00ca15ce
0x00ca1618
0x00ca1622
0x00ca162a
0x00ca1638
0x00ca1647
0x00ca1656
0x00ca165f
0x00ca166d
0x00000000
0x00ca1675
0x00ca15d0
0x00ca15d8
0x00ca15db
0x00ca15ec
0x00ca15ec
0x00ca15f1
0x00ca15f7
0x00000000
0x00ca15f7
0x00ca15e0
0x00ca1609
0x00ca1609
0x00ca160e
0x00000000
0x00ca160e
0x00ca15e5
0x00ca15fc
0x00ca1601
0x00000000
0x00ca1601
0x00ca15ea
0x00000000
0x00000000
0x00000000

APIs

FindFirstFileA.KERNEL32(?,?,?,errorlogs\*.txt), ref: 00CA15C3
GetLastError.KERNEL32 ref: 00CA15D0

Strings

errorlogs\*.txt, xrefs: 00CA15B7

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: ErrorFileFindFirstLast
String ID: errorlogs\*.txt
API String ID: 873889042-2537698831
Opcode ID: 1f93774b41099f0c4d00ad44bb71045700cb46e69f58a1509d440344444f798d
Instruction ID: 4ffb4b14bc29fd6730504745c4b149147eaae3c43ac777bb53e48acce73fcd16
Opcode Fuzzy Hash: 1f93774b41099f0c4d00ad44bb71045700cb46e69f58a1509d440344444f798d
Instruction Fuzzy Hash: 0511A5B5C002158BCB21AF68CC45BCD77B8EB47318F084666E96AD7251DB30DA409F90

Uniqueness

Uniqueness Score: -1.00%

Function 00C43A23 Relevance: 4.6, APIs: 3, Instructions: 75
timeCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E00C43A23(intOrPtr* _a4) {
				struct _SYSTEMTIME _v20;
				struct _SYSTEMTIME _v36;
				short _v54;
				struct _TIME_ZONE_INFORMATION _v208;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				intOrPtr _t31;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;
				void* _t43;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t47;

				GetLocalTime( &_v20);
				GetSystemTime( &_v36);
				_t43 = _v36.wMinute -  *0xc704ca; // 0x0
				if(_t43 != 0) {
					L6:
					_t23 = GetTimeZoneInformation( &_v208);
					if(_t23 == 0xffffffff) {
						_t24 = _t23 | 0xffffffff;
					} else {
						if(_t23 != 2 || _v54 == 0 || _v208.DaylightBias == 0) {
							_t24 = 0;
						} else {
							_t24 = 1;
						}
					}
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t37 = _t37;
					 *0xc704b8 = _t24;
					_t39 = _t39;
					L14:
					_t31 = E00C47FE9(_t37, _t39, _v20.wYear & 0x0000ffff, _v20.wMonth & 0x0000ffff, _v20.wDay & 0x0000ffff, _v20.wHour & 0x0000ffff, _v20.wMinute & 0x0000ffff, _v20.wSecond & 0x0000ffff, _t24);
					_t36 = _a4;
					if(_t36 == 0) {
						return _t31;
					}
					 *_t36 = _t31;
					return _t31;
				}
				_t44 = _v36.wHour -  *0xc704c8; // 0x0
				if(_t44 != 0) {
					goto L6;
				}
				_t45 = _v36.wDay -  *0xc704c6; // 0x0
				if(_t45 != 0) {
					goto L6;
				}
				_t46 = _v36.wMonth -  *0xc704c2; // 0x0
				if(_t46 != 0) {
					goto L6;
				}
				_t47 = _v36.wYear -  *0xc704c0; // 0x0
				if(_t47 != 0) {
					goto L6;
				}
				_t24 =  *0xc704b8; // 0x0
				goto L14;
			}

0x00c43a30
0x00c43a3a
0x00c43a44
0x00c43a4b
0x00c43a88
0x00c43a8f
0x00c43a98
0x00c43ab5
0x00c43a9a
0x00c43a9d
0x00c43ab1
0x00c43aac
0x00c43aae
0x00c43aae
0x00c43a9d
0x00c43ac2
0x00c43ac3
0x00c43ac4
0x00c43ac5
0x00c43ac6
0x00c43ac7
0x00c43acc
0x00c43acd
0x00c43aec
0x00c43af1
0x00c43af9
0x00c43afe
0x00c43afe
0x00c43afb
0x00000000
0x00c43afb
0x00c43a51
0x00c43a58
0x00000000
0x00000000
0x00c43a5e
0x00c43a65
0x00000000
0x00000000
0x00c43a6b
0x00c43a72
0x00000000
0x00000000
0x00c43a78
0x00c43a7f
0x00000000
0x00000000
0x00c43a81
0x00000000

APIs

GetLocalTime.KERNEL32(?), ref: 00C43A30
GetSystemTime.KERNEL32(?), ref: 00C43A3A
GetTimeZoneInformation.KERNEL32(?), ref: 00C43A8F

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Time$InformationLocalSystemZone
String ID:
API String ID: 2475273158-0
Opcode ID: 6927fb6fb20f59c0aa1073ef99e00c8b4236bef7188447a138ac01c7c0247c34
Instruction ID: 7ad793a520ec94b2bb9d274417ca5a7b83b5a551b50766e04b2ee8e4f4aa8d2b
Opcode Fuzzy Hash: 6927fb6fb20f59c0aa1073ef99e00c8b4236bef7188447a138ac01c7c0247c34
Instruction Fuzzy Hash: 23215E2A840155E5CF21ABD8D808BFE77B8BB45720F900505FE65E6190E3788EC6E775

Uniqueness

Uniqueness Score: -1.00%

Function 00C49ADA Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00C49ADF

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: b3efa9418223b7790c549f298ce7131d375eadd7d16bfe9c9d8630657e45e9dc
Instruction ID: fcca37c2eaefb409c4eb9ed94afafd532755fdf521b6b5c110c094ff3e447cde
Opcode Fuzzy Hash: b3efa9418223b7790c549f298ce7131d375eadd7d16bfe9c9d8630657e45e9dc
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00C21BB0 Relevance: 92.9, APIs: 1, Strings: 52, Instructions: 171
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E00C21BB0(intOrPtr* __ecx) {
				char _v4;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _t30;
				intOrPtr _t31;
				char* _t34;
				char* _t35;
				intOrPtr* _t50;
				intOrPtr _t52;

				_push(0xffffffff);
				_push(E00C4DBBB);
				_t30 =  *[fs:0x0];
				_push(_t30);
				 *[fs:0x0] = _t52;
				_push(__ecx);
				_t50 = __ecx;
				 *0xc6f3cc = __ecx;
				_push(0xe0);
				 *((char*)(__ecx + 5)) = 0;
				 *((char*)(__ecx + 4)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0;
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				 *((intOrPtr*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				L00C3E340();
				_v16 = _t30;
				_t55 = _t30;
				_v4 = 0;
				if(_t30 == 0) {
					_t31 = 0;
					__eflags = 0;
				} else {
					_t31 = E00C354C0(_t30, _t55);
				}
				 *((intOrPtr*)(_t50 + 0x1dc)) = _t31;
				_v4 = 0xffffffff;
				 *((char*)(_t50 + 0x1e0)) = 0;
				 *((char*)(_t50 + 0x1e1)) = 0;
				 *((intOrPtr*)(_t50 + 0x1e4)) = 0;
				 *((intOrPtr*)(_t50 + 0x220)) = 0;
				 *((intOrPtr*)(_t50 + 0x224)) =  *((intOrPtr*)( *_t50 + 0x5c))();
				 *((intOrPtr*)(_t50 + 0x228)) = 0x32;
				_t34 = _t50 + 0x2b;
				do {
					 *((char*)(_t34 - 3)) = 0;
					 *_t34 = 0;
					 *((char*)(_t34 + 3)) = 0;
					 *((char*)(_t34 + 6)) = 0;
					_t34 = _t34 + 1;
				} while (0xffffffd5 + _t34 < 3);
				_t35 = _t50 + 0x9b;
				do {
					 *((char*)(_t35 - 0x67)) = 0;
					 *_t35 = 0;
					 *((char*)(_t35 + 0x67)) = 0;
					 *((char*)(_t35 + 0xce)) = 0;
					_t35 = _t35 + 1;
				} while (0xffffff65 + _t35 < 0x67);
				 *0xc6f230 = "0)KEY_0";
				 *0xc6f234 = "1!KEY_1";
				 *0xc6f238 = "2@KEY_2";
				 *0xc6f23c = "3#KEY_3";
				 *0xc6f240 = "4$KEY_4";
				 *0xc6f244 = "5%KEY_5";
				 *0xc6f248 = "6^KEY_6";
				 *0xc6f24c = "7&KEY_7";
				 *0xc6f250 = "8*KEY_8";
				 *0xc6f254 = "9(KEY_9";
				 *0xc6f258 = "aAKEY_A";
				 *0xc6f25c = "bBKEY_B";
				 *0xc6f260 = "cCKEY_C";
				 *0xc6f264 = "dDKEY_D";
				 *0xc6f268 = "eEKEY_E";
				 *0xc6f26c = "fFKEY_F";
				 *0xc6f270 = "gGKEY_G";
				 *0xc6f274 = "hHKEY_H";
				 *0xc6f278 = "iIKEY_I";
				 *0xc6f27c = "jJKEY_J";
				 *0xc6f280 = "kKKEY_K";
				 *0xc6f284 = "lLKEY_L";
				 *0xc6f288 = "mMKEY_M";
				 *0xc6f28c = "nNKEY_N";
				 *0xc6f290 = "oOKEY_O";
				 *0xc6f294 = "pPKEY_P";
				 *0xc6f298 = "qQKEY_Q";
				 *0xc6f29c = "rRKEY_R";
				 *0xc6f2a0 = "sSKEY_S";
				 *0xc6f2a4 = "tTKEY_T";
				 *0xc6f2a8 = "uUKEY_U";
				 *0xc6f2ac = "vVKEY_V";
				 *0xc6f2b0 = "wWKEY_W";
				 *0xc6f2b4 = "xXKEY_X";
				 *0xc6f2b8 = "yYKEY_Y";
				 *0xc6f2bc = "zZKEY_Z";
				 *0xc6f2c0 = 0xc6a4b4;
				 *0xc6f2c4 = 0xc6a4a8;
				 *0xc6f2c8 = 0xc6a49c;
				 *0xc6f2cc = 0xc6a490;
				 *0xc6f2d0 = 0xc6a484;
				 *0xc6f2d4 = 0xc6a478;
				 *0xc6f2d8 = 0xc6a46c;
				 *0xc6f2dc = 0xc6a460;
				 *0xc6f2e0 = 0xc6a454;
				 *0xc6f2e4 = 0xc6a448;
				 *0xc6f2e8 = "//KEY_PAD_DIVIDE";
				 *0xc6f2ec = "**KEY_PAD_MULTIPLY";
				 *0xc6f2f0 = "--KEY_PAD_MINUS";
				 *0xc6f2f4 = "++KEY_PAD_PLUS";
				 *0xc6f2f8 = 0xc6a3f0;
				 *0xc6f2fc = 0xc6a3dc;
				 *0xc6f300 = "[{KEY_LBRACKET";
				 *0xc6f304 = "]}KEY_RBRACKET";
				 *0xc6f308 = ";:KEY_SEMICOLON";
				 *0xc6f30c = "\'\"KEY_APOSTROPHE";
				 *0xc6f310 = "`~KEY_BACKQUOTE";
				 *0xc6f314 = ",<KEY_COMMA";
				 *0xc6f318 = ".>KEY_PERIOD";
				 *0xc6f31c = "/?KEY_SLASH";
				 *0xc6f320 = "\\|KEY_BACKSLASH";
				 *0xc6f324 = "-_KEY_MINUS";
				 *0xc6f328 = "=+KEY_EQUAL";
				 *0xc6f32c = 0xc6a32c;
				 *0xc6f330 = "  KEY_SPACE";
				 *0xc6f334 = 0xc6a310;
				 *0xc6f338 = 0xc6a304;
				 *0xc6f33c = 0xc6a2f4;
				 *0xc6f340 = 0xc6a2e4;
				 *0xc6f344 = 0xc6a2d4;
				 *0xc6f348 = 0xc6a2c0;
				 *0xc6f34c = 0xc6a2b0;
				 *0xc6f350 = 0xc6a2a0;
				 *0xc6f354 = 0xc6a294;
				 *0xc6f358 = 0xc6a288;
				 *0xc6f35c = 0xc6a278;
				 *0xc6f360 = 0xc6a268;
				 *0xc6f364 = 0xc6a25c;
				 *0xc6f368 = 0xc6a24c;
				 *0xc6f36c = 0xc6a23c;
				 *0xc6f370 = 0xc6a230;
				 *0xc6f374 = 0xc6a224;
				 *0xc6f378 = 0xc6a214;
				 *0xc6f37c = 0xc6a204;
				 *0xc6f380 = 0xc6a1f8;
				 *0xc6f384 = 0xc6a1ec;
				 *0xc6f388 = 0xc6a1e0;
				 *0xc6f38c = 0xc6a1d4;
				 *0xc6f390 = 0xc6a1c8;
				 *0xc6f394 = 0xc6a1bc;
				 *0xc6f398 = 0xc6a1b0;
				 *0xc6f39c = 0xc6a1a4;
				 *0xc6f3a0 = 0xc6a198;
				 *0xc6f3a4 = 0xc6a18c;
				 *0xc6f3a8 = 0xc6a180;
				 *0xc6f3ac = 0xc6a174;
				 *0xc6f3b0 = 0xc6a168;
				 *0xc6f3b4 = 0xc6a15c;
				 *0xc6f3b8 = 0xc6a150;
				 *0xc6f3bc = 0xc6a144;
				 *0xc6f3c0 = 0xc6a138;
				 *0xc6f3c4 = 0xc6a12c;
				 *0xc6f3c8 = 0xc6a120;
				 *[fs:0x0] = _v12;
				return _t35;
			}

0x00c21bb0
0x00c21bb2
0x00c21bb7
0x00c21bbd
0x00c21bbe
0x00c21bc5
0x00c21bc8
0x00c21bcc
0x00c21bd2
0x00c21bd7
0x00c21bda
0x00c21bdd
0x00c21be0
0x00c21be3
0x00c21be6
0x00c21be9
0x00c21bec
0x00c21bf4
0x00c21bf8
0x00c21bfa
0x00c21bfe
0x00c21c09
0x00c21c09
0x00c21c00
0x00c21c02
0x00c21c02
0x00c21c0b
0x00c21c15
0x00c21c1d
0x00c21c23
0x00c21c29
0x00c21c2f
0x00c21c3d
0x00c21c43
0x00c21c4d
0x00c21c52
0x00c21c52
0x00c21c55
0x00c21c57
0x00c21c5a
0x00c21c5d
0x00c21c61
0x00c21c6b
0x00c21c73
0x00c21c73
0x00c21c76
0x00c21c78
0x00c21c7b
0x00c21c81
0x00c21c85
0x00c21c8a
0x00c21c94
0x00c21c9e
0x00c21ca8
0x00c21cb2
0x00c21cbc
0x00c21cc6
0x00c21cd0
0x00c21cda
0x00c21ce4
0x00c21cee
0x00c21cf8
0x00c21d02
0x00c21d0c
0x00c21d16
0x00c21d20
0x00c21d2a
0x00c21d34
0x00c21d3e
0x00c21d48
0x00c21d52
0x00c21d5c
0x00c21d66
0x00c21d70
0x00c21d7a
0x00c21d84
0x00c21d8e
0x00c21d98
0x00c21da2
0x00c21dac
0x00c21db6
0x00c21dc0
0x00c21dca
0x00c21dd4
0x00c21dde
0x00c21de8
0x00c21df2
0x00c21dfc
0x00c21e06
0x00c21e10
0x00c21e1a
0x00c21e24
0x00c21e2e
0x00c21e38
0x00c21e42
0x00c21e4c
0x00c21e56
0x00c21e60
0x00c21e6a
0x00c21e74
0x00c21e7e
0x00c21e88
0x00c21e92
0x00c21e9c
0x00c21ea6
0x00c21eb0
0x00c21eba
0x00c21ec4
0x00c21ece
0x00c21ed8
0x00c21ee2
0x00c21eec
0x00c21ef6
0x00c21f00
0x00c21f0a
0x00c21f14
0x00c21f1e
0x00c21f28
0x00c21f32
0x00c21f3c
0x00c21f46
0x00c21f50
0x00c21f5a
0x00c21f64
0x00c21f6e
0x00c21f78
0x00c21f82
0x00c21f8c
0x00c21f96
0x00c21fa0
0x00c21faa
0x00c21fb9
0x00c21fc3
0x00c21fcd
0x00c21fd7
0x00c21fe1
0x00c21feb
0x00c21ff5
0x00c21fff
0x00c22009
0x00c22013
0x00c2201d
0x00c22027
0x00c22031
0x00c2203b
0x00c22045
0x00c2204f
0x00c22059
0x00c22063
0x00c2206d
0x00c22077
0x00c22081
0x00c2208b
0x00c22096
0x00c220a0

APIs

??0Scheme@vgui@@QAE@XZ.VGUI(00C21A78), ref: 00C21C02

Part of subcall function 00C354C0: ?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000001,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00C4E17B,000000FF,00C21C07,00C21A78), ref: 00C354EA
Part of subcall function 00C354C0: ?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000002,000000FF,000000FF,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00C4E17B,000000FF), ref: 00C35504
Part of subcall function 00C354C0: ?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000003,00000066,00000066,00000099,00000000,00000002,000000FF,000000FF,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00C35518
Part of subcall function 00C354C0: ?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000004,00000099,00000099,000000CC,00000000,00000003,00000066,00000066,00000099,00000000,00000002,000000FF,000000FF,000000FF,00000000,00000001), ref: 00C35532
Part of subcall function 00C354C0: ?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000005,000000CC,000000CC,000000FF,00000000,00000004,00000099,00000099,000000CC,00000000,00000003,00000066,00000066,00000099,00000000,00000002), ref: 00C3554C
Part of subcall function 00C354C0: ?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000006,00000066,00000066,00000066,00000000,00000005,000000CC,000000CC,000000FF,00000000,00000004,00000099,00000099,000000CC,00000000,00000003), ref: 00C3555D
Part of subcall function 00C354C0: ?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000007,00000099,00000099,00000099,00000000,00000006,00000066,00000066,00000066,00000000,00000005,000000CC,000000CC,000000FF,00000000,00000004), ref: 00C35577
Part of subcall function 00C354C0: ?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000008,000000CC,000000CC,000000CC,00000000,00000007,00000099,00000099,00000099,00000000,00000006,00000066,00000066,00000066,00000000,00000005), ref: 00C35591
Part of subcall function 00C354C0: ?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000000,00000000,00000000,00000000,00000000,00000008,000000CC,000000CC,000000CC,00000000,00000007,00000099,00000099,00000099,00000000,00000006), ref: 00C355A2
Part of subcall function 00C354C0: ??0Font@vgui@@QAE@PBDPAXHHHMH_N222@Z.VGUI(Arial,00000000,00000000,00000014,00000000,00000000,00000190,00000000,00000000,00000000,00000000), ref: 00C355DF
Part of subcall function 00C354C0: ?setFont@Scheme@vgui@@UAEXW4SchemeFont@12@PAVFont@2@@Z.VGUI(00000001,00000000), ref: 00C355F4

Strings

4$KEY_4, xrefs: 00C21CB2
3#KEY_3, xrefs: 00C21CA8
-_KEY_MINUS, xrefs: 00C21EEC
0)KEY_0, xrefs: 00C21C8A
'"KEY_APOSTROPHE, xrefs: 00C21EB0
jJKEY_J, xrefs: 00C21D48
/?KEY_SLASH, xrefs: 00C21ED8
uUKEY_U, xrefs: 00C21DB6
rRKEY_R, xrefs: 00C21D98
nNKEY_N, xrefs: 00C21D70
//KEY_PAD_DIVIDE, xrefs: 00C21E56
iIKEY_I, xrefs: 00C21D3E
lLKEY_L, xrefs: 00C21D5C
**KEY_PAD_MULTIPLY, xrefs: 00C21E60
dDKEY_D, xrefs: 00C21D0C
vVKEY_V, xrefs: 00C21DC0
6^KEY_6, xrefs: 00C21CC6
eEKEY_E, xrefs: 00C21D16
cCKEY_C, xrefs: 00C21D02
KEY_SPACE, xrefs: 00C21F0A
1!KEY_1, xrefs: 00C21C94
]}KEY_RBRACKET, xrefs: 00C21E9C
yYKEY_Y, xrefs: 00C21DDE
;:KEY_SEMICOLON, xrefs: 00C21EA6
=+KEY_EQUAL, xrefs: 00C21EF6
xXKEY_X, xrefs: 00C21DD4
7&KEY_7, xrefs: 00C21CD0
oOKEY_O, xrefs: 00C21D7A
tTKEY_T, xrefs: 00C21DAC
bBKEY_B, xrefs: 00C21CF8
.>KEY_PERIOD, xrefs: 00C21ECE
++KEY_PAD_PLUS, xrefs: 00C21E74
mMKEY_M, xrefs: 00C21D66
`~KEY_BACKQUOTE, xrefs: 00C21EBA
--KEY_PAD_MINUS, xrefs: 00C21E6A
8*KEY_8, xrefs: 00C21CDA
\|KEY_BACKSLASH, xrefs: 00C21EE2
5%KEY_5, xrefs: 00C21CBC
2@KEY_2, xrefs: 00C21C9E
gGKEY_G, xrefs: 00C21D2A
kKKEY_K, xrefs: 00C21D52
aAKEY_A, xrefs: 00C21CEE
pPKEY_P, xrefs: 00C21D84
sSKEY_S, xrefs: 00C21DA2
,<KEY_COMMA, xrefs: 00C21EC4
[{KEY_LBRACKET, xrefs: 00C21E92
hHKEY_H, xrefs: 00C21D34
9(KEY_9, xrefs: 00C21CE4
qQKEY_Q, xrefs: 00C21D8E
zZKEY_Z, xrefs: 00C21DE8
wWKEY_W, xrefs: 00C21DCA
fFKEY_F, xrefs: 00C21D20

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Scheme@vgui@@$?setScheme$Color@Color@12@$Font@Font@12@Font@2@@Font@vgui@@N222@
String ID: KEY_SPACE$'"KEY_APOSTROPHE$**KEY_PAD_MULTIPLY$++KEY_PAD_PLUS$,<KEY_COMMA$--KEY_PAD_MINUS$-_KEY_MINUS$.>KEY_PERIOD$//KEY_PAD_DIVIDE$/?KEY_SLASH$0)KEY_0$1!KEY_1$2@KEY_2$3#KEY_3$4$KEY_4$5%KEY_5$6^KEY_6$7&KEY_7$8*KEY_8$9(KEY_9$;:KEY_SEMICOLON$=+KEY_EQUAL$[{KEY_LBRACKET$\|KEY_BACKSLASH$]}KEY_RBRACKET$`~KEY_BACKQUOTE$aAKEY_A$bBKEY_B$cCKEY_C$dDKEY_D$eEKEY_E$fFKEY_F$gGKEY_G$hHKEY_H$iIKEY_I$jJKEY_J$kKKEY_K$lLKEY_L$mMKEY_M$nNKEY_N$oOKEY_O$pPKEY_P$qQKEY_Q$rRKEY_R$sSKEY_S$tTKEY_T$uUKEY_U$vVKEY_V$wWKEY_W$xXKEY_X$yYKEY_Y$zZKEY_Z
API String ID: 389419611-3624305156
Opcode ID: 8923aa42ebd8045442721ecec52c8417dfa971f198d48e5f2deab9b16621e6aa
Instruction ID: 8e0eb4facfb7a6fddf58f5d6a2a1424b8df7bbf465e6baaa8ce4baa80a31aea3
Opcode Fuzzy Hash: 8923aa42ebd8045442721ecec52c8417dfa971f198d48e5f2deab9b16621e6aa
Instruction Fuzzy Hash: C6B169F504A6818ECB30CF16B9A835E7BE0B756708B90663DC05A6B331D7F4904ACF86

Uniqueness

Uniqueness Score: -1.00%

Function 00C354C0 Relevance: 80.9, APIs: 43, Strings: 3, Instructions: 409
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00C354C0(intOrPtr* __ecx, void* __eflags) {
				signed int _v4;
				intOrPtr _v12;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v184;
				intOrPtr _v196;
				void* __edi;
				intOrPtr _t62;
				void* _t63;
				intOrPtr _t64;
				void* _t65;
				intOrPtr _t66;
				void* _t67;
				intOrPtr _t68;
				void* _t69;
				intOrPtr _t70;
				void* _t71;
				intOrPtr _t72;
				void* _t73;
				intOrPtr _t74;
				void* _t75;
				intOrPtr _t76;
				void* _t77;
				intOrPtr _t78;
				void* _t79;
				intOrPtr _t80;
				void* _t81;
				intOrPtr _t82;
				void* _t83;
				intOrPtr _t84;
				void* _t85;
				intOrPtr _t86;
				void* _t87;
				intOrPtr _t88;
				void* _t89;
				intOrPtr _t90;
				void* _t91;
				intOrPtr _t92;
				void* _t93;
				intOrPtr _t94;
				void* _t95;
				signed int _t142;
				signed int _t143;
				intOrPtr* _t146;
				intOrPtr _t148;

				_push(0xffffffff);
				_push(E00C4E17B);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t148;
				_push(__ecx);
				_push(_t142);
				_t146 = __ecx;
				 *__ecx = 0xc4f31c;
				E00C359B0(__ecx, 1, 0, 0, 0, 0);
				E00C359B0(__ecx, 2, 0xff, 0xff, 0xff, 0);
				E00C359B0(__ecx, 3, 0x66, 0x66, 0x99, 0);
				E00C359B0(__ecx, 4, 0x99, 0x99, 0xcc, 0);
				E00C359B0(__ecx, 5, 0xcc, 0xcc, 0xff, 0);
				E00C359B0(__ecx, 6, 0x66, 0x66, 0x66, 0);
				E00C359B0(__ecx, 7, 0x99, 0x99, 0x99, 0);
				E00C359B0(__ecx, 8, 0xcc, 0xcc, 0xcc, 0);
				_t62 = E00C359B0(__ecx, 0, 0, 0, 0, 0);
				_push(0x10);
				L00C3E340();
				_v196 = _t62;
				_v184 = 0;
				if(_t62 == 0) {
					_t63 = 0;
				} else {
					_t63 = E00C41080(_t62, "Arial", 0, 0, 0x14, 0, 0, 0x190, 0, 0, 0, 0);
				}
				_t143 = _t142 | 0xffffffff;
				_v4 = _t143;
				_t64 = E00C35A20(_t146, 1, _t63);
				_push(0x10);
				L00C3E340();
				_v24 = _t64;
				_v12 = 1;
				if(_t64 == 0) {
					_t65 = 0;
				} else {
					_t65 = E00C41080(_t64, "FixedSys", 0, 0, 0x12, 0, 0, 0x190, 0, 0, 0, 0);
				}
				_v4 = _t143;
				_t66 = E00C35A20(_t146, 2, _t65);
				_push(0x10);
				L00C3E340();
				_v24 = _t66;
				_v12 = 2;
				if(_t66 == 0) {
					_t67 = 0;
				} else {
					_t67 = E00C41080(_t66, "Arial", 0, 0, 0xc, 0, 0, 0x190, 0, 0, 0, 0);
				}
				_v4 = _t143;
				_t68 = E00C35A20(_t146, 3, _t67);
				_push(0x10);
				L00C3E340();
				_v24 = _t68;
				_v12 = 3;
				if(_t68 == 0) {
					_t69 = 0;
				} else {
					_t69 = E00C41080(_t68, "Marlett", 0, 0, 0x10, 0, 0, 0, 0, 0, 0, 1);
				}
				_v4 = _t143;
				_t70 = E00C35A20(_t146, 4, _t69);
				_push(0x14);
				L00C3E340();
				_v24 = _t70;
				_v12 = 4;
				if(_t70 == 0) {
					_t71 = 0;
				} else {
					_t71 = E00C40510(_t70, _t143, 1);
				}
				_v4 = _t143;
				_t72 = E00C35A50(_t146, 1, _t71);
				_push(0x14);
				L00C3E340();
				_v24 = _t72;
				_v12 = 5;
				if(_t72 == 0) {
					_t73 = 0;
				} else {
					_t73 = E00C40510(_t72, _t143, 2);
				}
				_v4 = _t143;
				_t74 = E00C35A50(_t146, 2, _t73);
				_push(0x14);
				L00C3E340();
				_v24 = _t74;
				_v12 = 6;
				if(_t74 == 0) {
					_t75 = 0;
				} else {
					_t75 = E00C40510(_t74, _t143, 3);
				}
				_v4 = _t143;
				_t76 = E00C35A50(_t146, 3, _t75);
				_push(0x14);
				L00C3E340();
				_v24 = _t76;
				_v12 = 7;
				if(_t76 == 0) {
					_t77 = 0;
				} else {
					_t77 = E00C40510(_t76, _t143, 4);
				}
				_v4 = _t143;
				_t78 = E00C35A50(_t146, 4, _t77);
				_push(0x14);
				L00C3E340();
				_v24 = _t78;
				_v12 = 8;
				if(_t78 == 0) {
					_t79 = 0;
				} else {
					_t79 = E00C40510(_t78, _t143, 5);
				}
				_v4 = _t143;
				_t80 = E00C35A50(_t146, 5, _t79);
				_push(0x14);
				L00C3E340();
				_v24 = _t80;
				_v12 = 9;
				if(_t80 == 0) {
					_t81 = 0;
				} else {
					_t81 = E00C40510(_t80, _t143, 6);
				}
				_v4 = _t143;
				_t82 = E00C35A50(_t146, 6, _t81);
				_push(0x14);
				L00C3E340();
				_v24 = _t82;
				_v12 = 0xa;
				if(_t82 == 0) {
					_t83 = 0;
				} else {
					_t83 = E00C40510(_t82, _t143, 7);
				}
				_v4 = _t143;
				_t84 = E00C35A50(_t146, 7, _t83);
				_push(0x14);
				L00C3E340();
				_v24 = _t84;
				_v12 = 0xb;
				if(_t84 == 0) {
					_t85 = 0;
				} else {
					_t85 = E00C40510(_t84, _t143, 8);
				}
				_v4 = _t143;
				_t86 = E00C35A50(_t146, 8, _t85);
				_push(0x14);
				L00C3E340();
				_v24 = _t86;
				_v12 = 0xc;
				if(_t86 == 0) {
					_t87 = 0;
				} else {
					_t87 = E00C40510(_t86, _t143, 9);
				}
				_v4 = _t143;
				_t88 = E00C35A50(_t146, 9, _t87);
				_push(0x14);
				L00C3E340();
				_v24 = _t88;
				_v12 = 0xd;
				if(_t88 == 0) {
					_t89 = 0;
				} else {
					_t89 = E00C40510(_t88, _t143, 0xa);
				}
				_v4 = _t143;
				_t90 = E00C35A50(_t146, 0xa, _t89);
				_push(0x14);
				L00C3E340();
				_v24 = _t90;
				_v12 = 0xe;
				if(_t90 == 0) {
					_t91 = 0;
				} else {
					_t91 = E00C40510(_t90, _t143, 0xb);
				}
				_v4 = _t143;
				_t92 = E00C35A50(_t146, 0xb, _t91);
				_push(0x14);
				L00C3E340();
				_v24 = _t92;
				_v12 = 0xf;
				if(_t92 == 0) {
					_t93 = 0;
				} else {
					_t93 = E00C40510(_t92, _t143, 0xc);
				}
				_v4 = _t143;
				_t94 = E00C35A50(_t146, 0xc, _t93);
				_push(0x14);
				L00C3E340();
				_v24 = _t94;
				_v12 = 0x10;
				if(_t94 == 0) {
					_t95 = 0;
				} else {
					_t95 = E00C40510(_t94, _t143, 0xd);
				}
				_v4 = _t143;
				E00C35A50(_t146, 0xd, _t95);
				 *[fs:0x0] = _v20;
				return _t146;
			}

0x00c354c0
0x00c354c2
0x00c354cd
0x00c354ce
0x00c354d5
0x00c354d7
0x00c354dc
0x00c354e4
0x00c354ea
0x00c35504
0x00c35518
0x00c35532
0x00c3554c
0x00c3555d
0x00c35577
0x00c35591
0x00c355a2
0x00c355a7
0x00c355a9
0x00c355b1
0x00c355b7
0x00c355bf
0x00c355e6
0x00c355c1
0x00c355df
0x00c355df
0x00c355e8
0x00c355f0
0x00c355f4
0x00c355f9
0x00c355fb
0x00c35603
0x00c35609
0x00c35611
0x00c35638
0x00c35613
0x00c35631
0x00c35631
0x00c3563f
0x00c35643
0x00c35648
0x00c3564a
0x00c35652
0x00c35658
0x00c35660
0x00c35687
0x00c35662
0x00c35680
0x00c35680
0x00c3568e
0x00c35692
0x00c35697
0x00c35699
0x00c356a1
0x00c356a7
0x00c356af
0x00c356d3
0x00c356b1
0x00c356cc
0x00c356cc
0x00c356da
0x00c356de
0x00c356e3
0x00c356e5
0x00c356ed
0x00c356f3
0x00c356fb
0x00c35708
0x00c356fd
0x00c35701
0x00c35701
0x00c3570f
0x00c35713
0x00c35718
0x00c3571a
0x00c35722
0x00c35728
0x00c35730
0x00c3573d
0x00c35732
0x00c35736
0x00c35736
0x00c35744
0x00c35748
0x00c3574d
0x00c3574f
0x00c35757
0x00c3575d
0x00c35765
0x00c35772
0x00c35767
0x00c3576b
0x00c3576b
0x00c35779
0x00c3577d
0x00c35782
0x00c35784
0x00c3578c
0x00c35792
0x00c3579a
0x00c357a7
0x00c3579c
0x00c357a0
0x00c357a0
0x00c357ae
0x00c357b2
0x00c357b7
0x00c357b9
0x00c357c1
0x00c357c7
0x00c357cf
0x00c357dc
0x00c357d1
0x00c357d5
0x00c357d5
0x00c357e3
0x00c357e7
0x00c357ec
0x00c357ee
0x00c357f6
0x00c357fc
0x00c35804
0x00c35811
0x00c35806
0x00c3580a
0x00c3580a
0x00c35818
0x00c3581c
0x00c35821
0x00c35823
0x00c3582b
0x00c35831
0x00c35839
0x00c35846
0x00c3583b
0x00c3583f
0x00c3583f
0x00c3584d
0x00c35851
0x00c35856
0x00c35858
0x00c35860
0x00c35866
0x00c3586e
0x00c3587b
0x00c35870
0x00c35874
0x00c35874
0x00c35882
0x00c35886
0x00c3588b
0x00c3588d
0x00c35895
0x00c3589b
0x00c358a3
0x00c358b0
0x00c358a5
0x00c358a9
0x00c358a9
0x00c358b7
0x00c358bb
0x00c358c0
0x00c358c2
0x00c358ca
0x00c358d0
0x00c358d8
0x00c358e5
0x00c358da
0x00c358de
0x00c358de
0x00c358ec
0x00c358f0
0x00c358f5
0x00c358f7
0x00c358ff
0x00c35905
0x00c3590d
0x00c3591a
0x00c3590f
0x00c35913
0x00c35913
0x00c35921
0x00c35925
0x00c3592a
0x00c3592c
0x00c35934
0x00c3593a
0x00c35942
0x00c3594f
0x00c35944
0x00c35948
0x00c35948
0x00c35956
0x00c3595a
0x00c3595f
0x00c35961
0x00c35969
0x00c3596f
0x00c35977
0x00c35984
0x00c35979
0x00c3597d
0x00c3597d
0x00c3598b
0x00c3598f
0x00c3599c
0x00c359a6

APIs

?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000001,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00C4E17B,000000FF,00C21C07,00C21A78), ref: 00C354EA
?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000002,000000FF,000000FF,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00C4E17B,000000FF), ref: 00C35504
?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000003,00000066,00000066,00000099,00000000,00000002,000000FF,000000FF,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00C35518
?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000004,00000099,00000099,000000CC,00000000,00000003,00000066,00000066,00000099,00000000,00000002,000000FF,000000FF,000000FF,00000000,00000001), ref: 00C35532
?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000005,000000CC,000000CC,000000FF,00000000,00000004,00000099,00000099,000000CC,00000000,00000003,00000066,00000066,00000099,00000000,00000002), ref: 00C3554C
?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000006,00000066,00000066,00000066,00000000,00000005,000000CC,000000CC,000000FF,00000000,00000004,00000099,00000099,000000CC,00000000,00000003), ref: 00C3555D
?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000007,00000099,00000099,00000099,00000000,00000006,00000066,00000066,00000066,00000000,00000005,000000CC,000000CC,000000FF,00000000,00000004), ref: 00C35577
?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000008,000000CC,000000CC,000000CC,00000000,00000007,00000099,00000099,00000099,00000000,00000006,00000066,00000066,00000066,00000000,00000005), ref: 00C35591
?setColor@Scheme@vgui@@UAEXW4SchemeColor@12@HHHH@Z.VGUI(00000000,00000000,00000000,00000000,00000000,00000008,000000CC,000000CC,000000CC,00000000,00000007,00000099,00000099,00000099,00000000,00000006), ref: 00C355A2
??0Font@vgui@@QAE@PBDPAXHHHMH_N222@Z.VGUI(Arial,00000000,00000000,00000014,00000000,00000000,00000190,00000000,00000000,00000000,00000000), ref: 00C355DF

Part of subcall function 00C41080: ?init@Font@vgui@@EAEXPBDPAXHHHMH_N222@Z.VGUI(?,?,?,?,?,?,?,?,?,?,?,00000000,00C356D1,Marlett,00000000,00000000), ref: 00C410C2

?setFont@Scheme@vgui@@UAEXW4SchemeFont@12@PAVFont@2@@Z.VGUI(00000001,00000000), ref: 00C355F4
??0Font@vgui@@QAE@PBDPAXHHHMH_N222@Z.VGUI(FixedSys,00000000,00000000,00000012,00000000,00000000,00000190,00000000,00000000,00000000,00000000), ref: 00C35631
?setFont@Scheme@vgui@@UAEXW4SchemeFont@12@PAVFont@2@@Z.VGUI(00000002,00000000), ref: 00C35643
??0Font@vgui@@QAE@PBDPAXHHHMH_N222@Z.VGUI(Arial,00000000,00000000,0000000C,00000000,00000000,00000190,00000000,00000000,00000000,00000000), ref: 00C35680
?setFont@Scheme@vgui@@UAEXW4SchemeFont@12@PAVFont@2@@Z.VGUI(00000003,00000000), ref: 00C35692
??0Font@vgui@@QAE@PBDPAXHHHMH_N222@Z.VGUI(Marlett,00000000,00000000,00000010,00000000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 00C356CC
?setFont@Scheme@vgui@@UAEXW4SchemeFont@12@PAVFont@2@@Z.VGUI(00000004,00000000), ref: 00C356DE
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(00000001), ref: 00C35701
?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(00000001,00000000), ref: 00C35713
?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(00000008,00000000), ref: 00C35886
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(00000009), ref: 00C358A9
?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(00000009,00000000), ref: 00C358BB
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(0000000A), ref: 00C358DE
?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(0000000A,00000000), ref: 00C358F0
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(0000000B), ref: 00C35913
?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(0000000B,00000000), ref: 00C35925
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(0000000C), ref: 00C35948
?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(0000000C,00000000), ref: 00C3595A
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(00000002), ref: 00C35736

Part of subcall function 00C40510: ??0Bitmap@vgui@@QAE@XZ.VGUI(00000000), ref: 00C40563
Part of subcall function 00C40510: ?setSize@Bitmap@vgui@@MAEXHH@Z.VGUI(00000010,00000010,00000000), ref: 00C40587
Part of subcall function 00C40510: ?setRGBA@Bitmap@vgui@@MAEXHHEEEE@Z.VGUI(00000000,00000000,00000000,00000000,00000000,00000000,00000010,00000010,00000000), ref: 00C4059C
Part of subcall function 00C40510: ?setRGBA@Bitmap@vgui@@MAEXHHEEEE@Z.VGUI(00000000,00000008,00000000,000000FF,00000000,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000010,00000010,00000000), ref: 00C405C2
Part of subcall function 00C40510: ?setRGBA@Bitmap@vgui@@MAEXHHEEEE@Z.VGUI(00000008,00000000,00000000,00000000,000000FF,000000FF,00000000,00000008,00000000,000000FF,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 00C405E2
Part of subcall function 00C40510: ?privateInit@Cursor@vgui@@EAEXPAVBitmap@2@HH@Z.VGUI(00000000,?,?), ref: 00C4061C

?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(00000002,00000000), ref: 00C35748
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(00000003), ref: 00C3576B
?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(00000003,00000000), ref: 00C3577D
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(00000004), ref: 00C357A0
?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(00000004,00000000), ref: 00C357B2
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(00000005), ref: 00C357D5
?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(00000005,00000000), ref: 00C357E7
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(00000006), ref: 00C3580A
?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(00000006,00000000), ref: 00C3581C
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(00000007), ref: 00C3583F
?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(00000007,00000000), ref: 00C35851
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(00000008), ref: 00C35874
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(0000000D), ref: 00C3597D
?setCursor@Scheme@vgui@@UAEXW4SchemeCursor@12@PAVCursor@2@@Z.VGUI(0000000D,00000000), ref: 00C3598F

Strings

Arial, xrefs: 00C355D8, 00C35679
FixedSys, xrefs: 00C3562A
Marlett, xrefs: 00C356C5

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ?set$SchemeScheme@vgui@@$Cursor@vgui@@$Cursor@Cursor@01@@Cursor@12@Cursor@2@@Default$Color@Color@12@$Bitmap@vgui@@Font@vgui@@N222@$Font@Font@12@Font@2@@$?init@?privateBitmap@2@Init@Size@
String ID: Arial$FixedSys$Marlett
API String ID: 298286203-3317155299
Opcode ID: cd2ae87cfbc2dddaccef8eb78adf97e6ef638697f76805ead0f7d13a2ce01774
Instruction ID: e8c8f6f64c99d04f0c5c4fc4bace80b437a0b16e3c16ed7b1c5ffc16c25c85c8
Opcode Fuzzy Hash: cd2ae87cfbc2dddaccef8eb78adf97e6ef638697f76805ead0f7d13a2ce01774
Instruction Fuzzy Hash: EFC167B0BA4702AAF655AB348C53F3E25D4AB80F00F104829F745AE2D2EAF5D9057B57

Uniqueness

Uniqueness Score: -1.00%

Function 00C413A0 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 256
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00C413A0(long __ecx) {
				struct _WNDCLASSA _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				int _v60;
				int _v64;
				int _v68;
				int _v72;
				intOrPtr* _t56;
				struct HWND__** _t57;
				long _t104;

				_t104 = __ecx;
				 *0xc7040c = 0;
				 *0xc70410 = LoadCursorA(0, 0x7f00);
				 *0xc70414 = LoadCursorA(0, 0x7f01);
				 *0xc70418 = LoadCursorA(0, 0x7f02);
				 *0xc7041c = LoadCursorA(0, 0x7f03);
				 *0xc70420 = LoadCursorA(0, 0x7f04);
				 *0xc70424 = LoadCursorA(0, 0x7f82);
				 *0xc70428 = LoadCursorA(0, 0x7f83);
				 *0xc7042c = LoadCursorA(0, 0x7f84);
				 *0xc70430 = LoadCursorA(0, 0x7f85);
				 *0xc70434 = LoadCursorA(0, 0x7f86);
				 *0xc70438 = LoadCursorA(0, 0x7f88);
				 *0xc7043c = LoadCursorA(0, 0x7f89);
				 *0xc700c8 = 0;
				 *0xc700cc = 1;
				 *0xc700d0 = 2;
				 *0xc700d4 = 3;
				 *0xc700d8 = 4;
				 *0xc700dc = 5;
				 *0xc700e0 = 6;
				 *0xc700e4 = 7;
				 *0xc700e8 = 8;
				 *0xc700ec = 9;
				 *0xc7010c = 0xa;
				 *0xc70110 = 0xb;
				 *0xc70114 = 0xc;
				 *0xc70118 = 0xd;
				 *0xc7011c = 0xe;
				 *0xc70120 = 0xf;
				 *0xc70124 = 0x10;
				 *0xc70128 = 0x11;
				 *0xc7012c = 0x12;
				 *0xc70130 = 0x13;
				 *0xc70134 = 0x14;
				 *0xc70138 = 0x15;
				 *0xc7013c = 0x16;
				 *0xc70140 = 0x17;
				memset( &_v40, 0, 0xa << 2);
				 *0xc70144 = 0x18;
				 *0xc70148 = 0x19;
				 *0xc7014c = 0x1a;
				 *0xc70150 = 0x1b;
				 *0xc70154 = 0x1c;
				 *0xc70158 = 0x1d;
				 *0xc7015c = 0x1e;
				 *0xc70160 = 0x1f;
				 *0xc70164 = 0x20;
				 *0xc70168 = 0x21;
				 *0xc7016c = 0x22;
				 *0xc70170 = 0x23;
				 *0xc70188 = 0x24;
				 *0xc7018c = 0x25;
				 *0xc70190 = 0x26;
				 *0xc70194 = 0x27;
				 *0xc70198 = 0x28;
				 *0xc7019c = 0x29;
				 *0xc701a0 = 0x2a;
				 *0xc701a4 = 0x2b;
				 *0xc701a8 = 0x2c;
				 *0xc701ac = 0x2d;
				 *0xc701c4 = 0x2e;
				 *0xc701b0 = 0x2f;
				 *0xc701bc = 0x30;
				 *0xc701b4 = 0x31;
				 *0xc701c0 = 0x33;
				 *0xc70374 = 0x34;
				 *0xc7037c = 0x35;
				 *0xc702f0 = 0x36;
				 *0xc70380 = 0x37;
				 *0xc70308 = 0x38;
				 *0xc702f8 = 0x39;
				 *0xc70300 = 0x3a;
				 *0xc70304 = 0x3b;
				 *0xc70378 = 0x3c;
				 *0xc702fc = 0x3d;
				 *0xc702f4 = 0x3e;
				 *0xc7003c = 0x3f;
				 *0xc70088 = 0x40;
				 *0xc70028 = 0x41;
				 *0xc7002c = 0x42;
				 *0xc70058 = 0x43;
				 *0xc70248 = 0x44;
				 *0xc70074 = 0x45;
				 *0xc7024c = 0x46;
				 *0xc700bc = 0x47;
				 *0xc700c0 = 0x48;
				 *0xc70098 = 0x49;
				 *0xc70094 = 0x4a;
				 *0xc7008c = 0x4b;
				 *0xc70090 = 0x4c;
				 *0xc70054 = 0x4d;
				 *0xc70048 = 0x4f;
				 *0xc70050 = 0x51;
				 *0xc7004c = 0x53;
				 *0xc70174 = 0x54;
				 *0xc70178 = 0x55;
				 *0xc7017c = 0x56;
				 *0xc700a0 = 0x57;
				 *0xc7009c = 0x58;
				 *0xc700a8 = 0x59;
				 *0xc700a4 = 0x5a;
				 *0xc701c8 = 0x5b;
				 *0xc701cc = 0x5c;
				 *0xc701d0 = 0x5d;
				 *0xc701d4 = 0x5e;
				 *0xc701d8 = 0x5f;
				 *0xc701dc = 0x60;
				 *0xc701e0 = 0x61;
				 *0xc701e4 = 0x62;
				 *0xc701e8 = 0x63;
				 *0xc701ec = 0x64;
				 *0xc701f0 = 0x65;
				 *0xc701f4 = 0x66;
				_v40.style = 0xb;
				_v40.lpfnWndProc = E00C41950;
				_v40.hInstance = GetModuleHandleA(0);
				_v40.lpszClassName = "Surface";
				RegisterClassA( &_v40);
				_t56 =  *((intOrPtr*)( *_t104))();
				_t57 =  *((intOrPtr*)( *_t56 + 0x14))( &_v44,  &_v48,  &_v52,  &_v56);
				_push(0x44);
				L00C3E340();
				 *(_t104 + 0x24) = _t57;
				 *( *(_t104 + 0x24)) = CreateWindowExA(0, "Surface", 0xc6f3d0, 0x80000000, _v60, _v64, _v68, _v72, 0, 0, GetModuleHandleA(0), 0);
				( *(_t104 + 0x24))[5] = CreateRectRgn(0, 0, 0x40, 0x40);
				( *(_t104 + 0x24))[1] = CreateCompatibleDC(0);
				( *(_t104 + 0x24))[2] = GetDC( *( *(_t104 + 0x24)));
				( *(_t104 + 0x24))[6] = 0;
				( *(_t104 + 0x24))[7] = 0;
				( *(_t104 + 0x24))[8] = 0;
				( *(_t104 + 0x24))[0xd] = 0;
				SetBkMode(( *(_t104 + 0x24))[1], 1);
				SetWindowLongA( *( *(_t104 + 0x24)), 0xffffffeb, _t104);
				SetTextAlign(( *(_t104 + 0x24))[1], 1);
				return 1;
			}

0x00c413b4
0x00c413b6
0x00c413c4
0x00c413d1
0x00c413de
0x00c413eb
0x00c413f8
0x00c41405
0x00c41412
0x00c4141f
0x00c4142c
0x00c41439
0x00c41446
0x00c41457
0x00c4145c
0x00c41462
0x00c4146c
0x00c41476
0x00c41480
0x00c4148a
0x00c41494
0x00c4149e
0x00c414a8
0x00c414b2
0x00c414bc
0x00c414c2
0x00c414c8
0x00c414d2
0x00c414dc
0x00c414e6
0x00c414f0
0x00c414fa
0x00c41504
0x00c4150e
0x00c41518
0x00c41522
0x00c4152c
0x00c41536
0x00c41546
0x00c41548
0x00c41552
0x00c4155c
0x00c41566
0x00c41570
0x00c4157a
0x00c41584
0x00c4158e
0x00c41598
0x00c415a2
0x00c415ac
0x00c415b6
0x00c415c0
0x00c415ca
0x00c415d4
0x00c415de
0x00c415e8
0x00c415f2
0x00c415fc
0x00c41606
0x00c41610
0x00c4161a
0x00c41624
0x00c4162e
0x00c41638
0x00c41642
0x00c4164c
0x00c41656
0x00c41660
0x00c4166a
0x00c41674
0x00c4167e
0x00c41688
0x00c41692
0x00c4169c
0x00c416a6
0x00c416b0
0x00c416ba
0x00c416c4
0x00c416ce
0x00c416d8
0x00c416e2
0x00c416ec
0x00c416f6
0x00c41700
0x00c4170a
0x00c41714
0x00c4171e
0x00c41728
0x00c41732
0x00c4173c
0x00c41746
0x00c41750
0x00c4175a
0x00c41764
0x00c4176e
0x00c41778
0x00c41782
0x00c4178c
0x00c41796
0x00c417a0
0x00c417aa
0x00c417b4
0x00c417be
0x00c417c8
0x00c417d2
0x00c417dc
0x00c417e6
0x00c417f0
0x00c417fa
0x00c41804
0x00c4180e
0x00c41818
0x00c41822
0x00c4182c
0x00c41836
0x00c4183a
0x00c4184b
0x00c41854
0x00c4185c
0x00c41866
0x00c41880
0x00c41883
0x00c41885
0x00c4188d
0x00c418ca
0x00c418d6
0x00c418e2
0x00c418f6
0x00c418fc
0x00c41902
0x00c41908
0x00c4190e
0x00c41918
0x00c41927
0x00c41936
0x00c41944

APIs

LoadCursorA.USER32 ref: 00C413BC
LoadCursorA.USER32 ref: 00C413C9
LoadCursorA.USER32 ref: 00C413D6
LoadCursorA.USER32 ref: 00C413E3
LoadCursorA.USER32 ref: 00C413F0
LoadCursorA.USER32 ref: 00C413FD
LoadCursorA.USER32 ref: 00C4140A
LoadCursorA.USER32 ref: 00C41417
LoadCursorA.USER32 ref: 00C41424
LoadCursorA.USER32 ref: 00C41431
LoadCursorA.USER32 ref: 00C4143E
LoadCursorA.USER32 ref: 00C4144B
GetModuleHandleA.KERNEL32(00000000), ref: 00C41849
RegisterClassA.USER32 ref: 00C4185C
GetModuleHandleA.KERNEL32(00000000,00000000,00000001), ref: 00C41892
CreateWindowExA.USER32 ref: 00C418BB
CreateRectRgn.GDI32(00000000,00000000,00000040,00000040), ref: 00C418CC
CreateCompatibleDC.GDI32(00000000), ref: 00C418D9
GetDC.USER32(00000000), ref: 00C418EB
SetBkMode.GDI32(?,00000001), ref: 00C41918
SetWindowLongA.USER32 ref: 00C41927
SetTextAlign.GDI32(?,00000001), ref: 00C41936

Strings

Surface, xrefs: 00C41854, 00C418B5

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: CursorLoad$Create$HandleModuleWindow$AlignClassCompatibleLongModeRectRegisterText
String ID: Surface
API String ID: 2214724441-1945937906
Opcode ID: 57db56153b8a21c040d159a0c6d45d526e170e5feba57ea15d01829a726e818f
Instruction ID: 8d15d3679d9eaa4feb90782742625a2959868d52422f280d0c9838688d3654bd
Opcode Fuzzy Hash: 57db56153b8a21c040d159a0c6d45d526e170e5feba57ea15d01829a726e818f
Instruction Fuzzy Hash: 5AD1ADB0505740DFE350CF22ED88B5E7BE8B749318FA0851DE24D9B2A1C7BAA589CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00C384A0 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00C384A0(void* __eflags) {
				intOrPtr _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t47;
				intOrPtr _t66;
				void* _t70;

				_push(0xffffffff);
				_push(E00C4E268);
				 *[fs:0x0] = _t66;
				E00C4384E("{\n",  *[fs:0x0]);
				_push("aa");
				E00C38200( &_v36);
				_v8 = 0;
				E00C4384E("aa [%s]\n", _v40);
				_push("bb");
				E00C38200( &_v28);
				_v12 = 1;
				E00C4384E("bb [%s]\n", _v32);
				_t70 = _t66 - 0x1c + 0x14;
				_push("cc");
				E00C38200(_t70);
				_v16 = 2;
				E00C4384E("cc [%s]\n", _v52);
				E00C38200( &_v40);
				_v20 = 3;
				E00C4384E("dd [%s]\n", _v44);
				_t72 = _t70 + 0xc;
				_v32 = _t70 + 0xc;
				E00C38250(_t72,  &_v56);
				E00C382A0( &_v56,  &_v52, "dd");
				_v32 = 4;
				E00C4384E("aacc [%s]\n", _v60);
				E00C38200( &_v48);
				_t47 = E00C38260(E00C38260(E00C38260(E00C38260(E00C38260(E00C38260(E00C4384E(0xc6b898, "aa"),  &_v52),  &_v64),  &_v60), _t72 + 0xc),  &_v56),  &_v68);
				 *[fs:0x0] = _v44;
				return _t47;
			}

0x00c384a0
0x00c384a2
0x00c384ae
0x00c384bd
0x00c384c9
0x00c384ce
0x00c384d7
0x00c384e5
0x00c384f1
0x00c384f6
0x00c384ff
0x00c3850a
0x00c3850f
0x00c38516
0x00c3851b
0x00c38524
0x00c3852f
0x00c38540
0x00c38549
0x00c38554
0x00c38559
0x00c38562
0x00c38567
0x00c38575
0x00c3857e
0x00c38589
0x00c3859a
0x00c385dd
0x00c385e6
0x00c385f0

APIs

??0String@vgui@@QAE@PBD@Z.VGUI(00C6B8E4), ref: 00C384CE

Part of subcall function 00C38200: ?getCount@String@vgui@@AAEHPBD@Z.VGUI(?), ref: 00C3820B

??0String@vgui@@QAE@PBD@Z.VGUI(00C6B8D4), ref: 00C384F6
??0String@vgui@@QAE@PBD@Z.VGUI(00C6B8C4), ref: 00C3851B
??0String@vgui@@QAE@PBD@Z.VGUI(00C6B8B4), ref: 00C38540
??0String@vgui@@QAE@ABV01@@Z.VGUI(?), ref: 00C38567
??HString@vgui@@QAE?AV01@V01@@Z.VGUI(?), ref: 00C38575

Part of subcall function 00C382A0: ?getCount@String@vgui@@QAEHXZ.VGUI(?,?,?,?,?,?,00C4E228,000000FF), ref: 00C382C6
Part of subcall function 00C382A0: ?getCount@String@vgui@@AAEHPBD@Z.VGUI(?,?,?,?,?,?,?,00C4E228,000000FF), ref: 00C382D4
Part of subcall function 00C382A0: ??0String@vgui@@QAE@XZ.VGUI ref: 00C382EF
Part of subcall function 00C382A0: ??0String@vgui@@QAE@ABV01@@Z.VGUI(00000000), ref: 00C38347
Part of subcall function 00C382A0: ??1String@vgui@@QAE@XZ.VGUI ref: 00C38350

??0String@vgui@@QAE@PBD@Z.VGUI(00C6B8E4), ref: 00C3859A
??1String@vgui@@QAE@XZ.VGUI ref: 00C385B0
??1String@vgui@@QAE@XZ.VGUI ref: 00C385B9
??1String@vgui@@QAE@XZ.VGUI ref: 00C385C2
??1String@vgui@@QAE@XZ.VGUI ref: 00C385CB
??1String@vgui@@QAE@XZ.VGUI ref: 00C385D4
??1String@vgui@@QAE@XZ.VGUI ref: 00C385DD

Strings

aa [%s], xrefs: 00C384E0
dd [%s], xrefs: 00C3854F
aacc [%s], xrefs: 00C38584
cc [%s], xrefs: 00C3852A
bb [%s], xrefs: 00C38505

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: String@vgui@@$?getCount@V01@@$V01@
String ID: aa [%s]$aacc [%s]$bb [%s]$cc [%s]$dd [%s]
API String ID: 4098393410-199241524
Opcode ID: 5a97bafc9262e95229e7e240d828e1fd6615b04bc64d3df94d7a3dd1a0f8f308
Instruction ID: 8ea5d764c9d30cb25c066f3496a5981c33cab08f46d1d9bdfeb039c40904d442
Opcode Fuzzy Hash: 5a97bafc9262e95229e7e240d828e1fd6615b04bc64d3df94d7a3dd1a0f8f308
Instruction Fuzzy Hash: A5314EB0558741AFD214FB54CD83A5FB398ABD8B00F44492CF495932C2EFB5AA0CE663

Uniqueness

Uniqueness Score: -1.00%

Function 00C27D40 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 197
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00C27D40(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v0;
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _v36;
				void* _v40;
				intOrPtr _v44;
				void* _v48;
				void* _v60;
				intOrPtr _t52;
				intOrPtr* _t53;
				intOrPtr _t54;
				intOrPtr* _t55;
				intOrPtr _t56;
				intOrPtr* _t57;
				intOrPtr _t58;
				intOrPtr* _t59;
				intOrPtr _t60;
				intOrPtr* _t61;
				intOrPtr _t62;
				intOrPtr* _t63;
				signed int _t64;
				intOrPtr* _t65;
				signed int _t66;
				intOrPtr* _t67;
				signed int _t68;
				intOrPtr* _t69;
				signed int _t103;
				signed int _t104;
				intOrPtr* _t107;
				intOrPtr _t109;

				_push(0xffffffff);
				_push(E00C4DD33);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t109;
				_t107 = __ecx;
				_push(_t103);
				_t52 = E00C328C0(__ecx, _a4, _a8, _a12, _a16);
				_push(0x44);
				 *_t107 = 0xc505e4;
				L00C3E340();
				_v0 = _t52;
				_t120 = _t52;
				_v20 = 0;
				if(_t52 == 0) {
					_t53 = 0;
					__eflags = 0;
				} else {
					_t53 = E00C2FF40(_t52, _t120);
				}
				_t104 = _t103 | 0xffffffff;
				_v4 = _t104;
				_t54 = E00C34180(_t107, _t53);
				_push(0xc0);
				L00C3E340();
				_a12 = _t54;
				_v8 = 1;
				if(_t54 == 0) {
					_t55 = 0;
					__eflags = 0;
				} else {
					_push(0xa);
					_t55 = E00C3DE10(_t54, "DonkeyFoo", 0xa);
				}
				 *((intOrPtr*)(_t107 + 0xbc)) = _t55;
				_v4 = _t104;
				_t56 =  *((intOrPtr*)( *_t55 + 0x40))(_t107);
				_push(0x38);
				L00C3E340();
				_a12 = _t56;
				_t122 = _t56;
				_v8 = 2;
				if(_t56 == 0) {
					_t57 = 0;
					__eflags = 0;
				} else {
					_t57 = E00C30DF0(_t56, _t122);
				}
				_v8 = _t104;
				_t58 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t107 + 0xbc)))) + 0xd4))(_t57);
				_push(0xbc);
				L00C3E340();
				_a8 = _t58;
				_v12 = 3;
				if(_t58 == 0) {
					_t59 = 0;
					__eflags = 0;
				} else {
					_t59 = E00C328C0(_t58, 0x50, 0x1e, 0x40, 0x40);
				}
				 *((intOrPtr*)(_t107 + 0xc0)) = _t59;
				_v12 = _t104;
				_t60 =  *((intOrPtr*)( *_t59 + 0x40))(_t107);
				_push(0x44);
				L00C3E340();
				_a4 = _t60;
				_t124 = _t60;
				_v16 = 4;
				if(_t60 == 0) {
					_t61 = 0;
					__eflags = 0;
				} else {
					_t61 = E00C2FF40(_t60, _t124);
				}
				_v16 = _t104;
				_t62 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t107 + 0xc0)))) + 0xd4))(_t61);
				_push(0xf0);
				L00C3E340();
				_v0 = _t62;
				_v20 = 5;
				if(_t62 == 0) {
					_t63 = 0;
					__eflags = 0;
				} else {
					_t63 = E00C266A0(_t62, "Ok", 0x50, 0x50, 0x3c, 0x14);
				}
				 *((intOrPtr*)(_t107 + 0xc4)) = _t63;
				_v20 = _t104;
				_t64 =  *((intOrPtr*)( *_t63 + 0x40))(_t107);
				_push(0xf0);
				L00C3E340();
				_v4 = _t64;
				_v24 = 6;
				if(_t64 == 0) {
					_t65 = 0;
					__eflags = 0;
				} else {
					_t65 = E00C26770(_t64, "Cancel", 0x78, 0x50);
				}
				 *((intOrPtr*)(_t107 + 0xc8)) = _t65;
				_v24 = _t104;
				_t66 =  *((intOrPtr*)( *_t65 + 0x40))(_t107);
				_push(0xf0);
				L00C3E340();
				_v8 = _t66;
				_v28 = 7;
				if(_t66 == 0) {
					_t67 = 0;
					__eflags = 0;
				} else {
					_t67 = E00C26770(_t66, "Apply", 0xa0, 0x50);
				}
				 *((intOrPtr*)(_t107 + 0xcc)) = _t67;
				_v28 = _t104;
				_t68 =  *((intOrPtr*)( *_t67 + 0x40))(_t107);
				_push(0xf0);
				L00C3E340();
				_v12 = _t68;
				_v32 = 8;
				if(_t68 == 0) {
					_t69 = 0;
					__eflags = 0;
				} else {
					_t69 = E00C26770(_t68, "Help", 0xc8, 0x50);
				}
				 *((intOrPtr*)(_t107 + 0xd0)) = _t69;
				_v32 = _t104;
				 *((intOrPtr*)( *_t69 + 0x40))(_t107);
				 *[fs:0x0] = _v44;
				return _t107;
			}

0x00c27d46
0x00c27d4c
0x00c27d51
0x00c27d56
0x00c27d5e
0x00c27d64
0x00c27d6f
0x00c27d74
0x00c27d76
0x00c27d7c
0x00c27d84
0x00c27d88
0x00c27d8a
0x00c27d92
0x00c27d9d
0x00c27d9d
0x00c27d94
0x00c27d96
0x00c27d96
0x00c27d9f
0x00c27da5
0x00c27da9
0x00c27dae
0x00c27db3
0x00c27dbb
0x00c27dc1
0x00c27dc9
0x00c27ddd
0x00c27ddd
0x00c27dcb
0x00c27dcb
0x00c27dd6
0x00c27dd6
0x00c27ddf
0x00c27dea
0x00c27dee
0x00c27df1
0x00c27df3
0x00c27dfb
0x00c27dff
0x00c27e01
0x00c27e09
0x00c27e14
0x00c27e14
0x00c27e0b
0x00c27e0d
0x00c27e0d
0x00c27e1d
0x00c27e23
0x00c27e29
0x00c27e2e
0x00c27e36
0x00c27e3c
0x00c27e44
0x00c27e57
0x00c27e57
0x00c27e46
0x00c27e50
0x00c27e50
0x00c27e59
0x00c27e64
0x00c27e68
0x00c27e6b
0x00c27e6d
0x00c27e75
0x00c27e79
0x00c27e7b
0x00c27e83
0x00c27e8e
0x00c27e8e
0x00c27e85
0x00c27e87
0x00c27e87
0x00c27e97
0x00c27e9d
0x00c27ea3
0x00c27ea8
0x00c27eb0
0x00c27eb6
0x00c27ebe
0x00c27ed6
0x00c27ed6
0x00c27ec0
0x00c27ecf
0x00c27ecf
0x00c27ed8
0x00c27ee3
0x00c27ee7
0x00c27eea
0x00c27eef
0x00c27ef7
0x00c27efd
0x00c27f05
0x00c27f19
0x00c27f19
0x00c27f07
0x00c27f12
0x00c27f12
0x00c27f1b
0x00c27f26
0x00c27f2a
0x00c27f2d
0x00c27f32
0x00c27f3a
0x00c27f40
0x00c27f48
0x00c27f5f
0x00c27f5f
0x00c27f4a
0x00c27f58
0x00c27f58
0x00c27f61
0x00c27f6c
0x00c27f70
0x00c27f73
0x00c27f78
0x00c27f80
0x00c27f86
0x00c27f8e
0x00c27fa5
0x00c27fa5
0x00c27f90
0x00c27f9e
0x00c27f9e
0x00c27fa7
0x00c27fb2
0x00c27fb6
0x00c27fc0
0x00c27fcb

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,?,?,?,00C4DD33,000000FF), ref: 00C27D6F

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

??0LineBorder@vgui@@QAE@XZ.VGUI(?,?,?,?,?,000000FF), ref: 00C27D96

Part of subcall function 00C2FF40: ??0Border@vgui@@QAE@XZ.VGUI(00000000,00C2567D), ref: 00C2FF43
Part of subcall function 00C2FF40: ??0Color@vgui@@QAE@XZ.VGUI(00000000,00C2567D), ref: 00C2FF4B
Part of subcall function 00C2FF40: ??0Color@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,00000000,00000000,?,?,?,00000044), ref: 00C2FF63
Part of subcall function 00C2FF40: ?init@LineBorder@vgui@@EAEXHVColor@2@@Z.VGUI(00000001,00000000,00000000,00000000,00000000,?,?,?,00000044), ref: 00C2FF6C

?setBorder@Panel@vgui@@UAEXPAVBorder@2@@Z.VGUI(00000000,?,?,?,?,?,000000FF), ref: 00C27DA9
??0TreeFolder@vgui@@QAE@PBDHH@Z.VGUI(DonkeyFoo,0000000A,0000000A,?,?,?,?,?,?,000000FF), ref: 00C27DD6
??0LoweredBorder@vgui@@QAE@XZ.VGUI(?,?,?,?,?,?,?,000000FF), ref: 00C27E0D
??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000050,0000001E,00000040,00000040,?,?,?,?,?,?,?,?,000000FF), ref: 00C27E50
??0LineBorder@vgui@@QAE@XZ.VGUI(?,?,?,?,?,?,?,?,?,000000FF), ref: 00C27E87
??0Button@vgui@@QAE@PBDHHHH@Z.VGUI(00C6AA28,00000050,00000050,0000003C,00000014,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C27ECF
??0Button@vgui@@QAE@PBDHH@Z.VGUI(Cancel,00000078,00000050,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C27F12

Part of subcall function 00C26770: ??0Label@vgui@@QAE@PBDHH@Z.VGUI(?,?,?), ref: 00C26787
Part of subcall function 00C26770: ?init@Button@vgui@@AAEXXZ.VGUI ref: 00C26824

??0Button@vgui@@QAE@PBDHH@Z.VGUI(Apply,000000A0,00000050,?,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C27F58
??0Button@vgui@@QAE@PBDHH@Z.VGUI(Help,000000C8,00000050), ref: 00C27F9E

Strings

Cancel, xrefs: 00C27F0B
DonkeyFoo, xrefs: 00C27DCF
Apply, xrefs: 00C27F51
Help, xrefs: 00C27F97

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Border@vgui@@Button@vgui@@$LinePanel@vgui@@$?init@Color@vgui@@$?ensure?setBorder@Border@2@@Capacity@?$Color@2@@Dar@Folder@vgui@@Label@vgui@@LoweredSignal@vgui@@@vgui@@TickTree
String ID: Apply$Cancel$DonkeyFoo$Help
API String ID: 2071355570-483765934
Opcode ID: 3c695e2384e48759cedb2d1b4f0b65e5c7dbb20a5ea3bd5466f4229106ee6aab
Instruction ID: d2455adbfcded128e319b2a0dbaccffa880c33be7d0eee5bc6d384c6ce11d937
Opcode Fuzzy Hash: 3c695e2384e48759cedb2d1b4f0b65e5c7dbb20a5ea3bd5466f4229106ee6aab
Instruction Fuzzy Hash: 84616DB07483119FE794DF68A946B2BB6D4BF88B00F000A6DF259D76C1E7B4D9049B93

Uniqueness

Uniqueness Score: -1.00%

Function 00C35FB0 Relevance: 25.7, APIs: 17, Instructions: 231
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00C35FB0(intOrPtr* __ecx) {
				void* _t60;
				void* _t61;
				signed int _t66;
				intOrPtr _t68;
				void* _t69;
				intOrPtr _t70;
				void* _t71;
				intOrPtr _t72;
				void* _t73;
				void* _t81;
				intOrPtr _t82;
				void* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				void* _t126;
				signed int _t136;
				void* _t137;
				intOrPtr* _t143;
				intOrPtr _t149;
				void* _t150;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t155;
				void* _t156;
				void* _t158;
				void* _t159;
				void* _t168;

				_push(0xffffffff);
				_push(E00C4E1D2);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t149;
				_t87 =  *((intOrPtr*)(_t149 + 0x20));
				_t146 =  *((intOrPtr*)(_t149 + 0x20));
				_t143 = __ecx;
				E00C328C0(__ecx,  *((intOrPtr*)(_t149 + 0x20)),  *((intOrPtr*)(_t149 + 0x14)),  *((intOrPtr*)(_t149 + 0x20)),  *((intOrPtr*)(_t149 + 0x20)));
				 *((intOrPtr*)(_t143 + 0xc8)) = 0;
				 *((intOrPtr*)(_t143 + 0xcc)) = 0;
				 *((intOrPtr*)(_t143 + 0xd0)) = 0;
				_t60 = 1;
				while(1) {
					_t61 = _t60 + _t60;
					 *(_t149 + 0x2c) = _t61;
					if(_t61 >= 4) {
						break;
					}
					_t60 =  *(_t149 + 0x2c);
				}
				_t136 = _t61 * 4;
				_push(_t136);
				L00C3E340();
				_t126 = _t61;
				_t150 = _t149 + 4;
				 *(_t150 + 0x28) = _t126;
				if(_t126 == 0) {
					E00C4292B(_t61);
				}
				_t93 = _t136;
				_t137 = _t126;
				_t94 = _t93 >> 2;
				memset(_t137 + _t94, memset(_t137, 0, _t94 << 2), (_t93 & 0x00000003) << 0);
				_t152 = _t150 + 0x18;
				 *((intOrPtr*)(_t143 + 0xcc)) =  *((intOrPtr*)(_t152 + 0x2c));
				_t66 = 0;
				if( *((intOrPtr*)(_t143 + 0xc8)) > 0) {
					do {
						_t66 = 1 + _t66;
						 *((intOrPtr*)( *((intOrPtr*)(_t152 + 0x28)) + _t66 * 4 - 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t143 + 0xd0)) + _t66 * 4 - 4));
					} while (_t66 <  *((intOrPtr*)(_t143 + 0xc8)));
				}
				_push( *((intOrPtr*)(_t143 + 0xd0)));
				L00C3E350();
				_t68 =  *((intOrPtr*)(_t152 + 0x34));
				_t153 = _t152 + 4;
				 *((intOrPtr*)(_t143 + 0xd0)) =  *((intOrPtr*)(_t152 + 0x2c));
				 *_t143 = 0xc5246c;
				 *((intOrPtr*)(_t143 + 0xc4)) = 0;
				 *((intOrPtr*)(_t143 + 0xbc)) = 0;
				 *((intOrPtr*)(_t143 + 0xc0)) = 0;
				_push(0xfc);
				if(_t68 == 0) {
					L00C3E340();
					_t154 = _t153 + 4;
					 *((intOrPtr*)(_t154 + 0x30)) = _t68;
					 *((intOrPtr*)(_t154 + 0x18)) = 3;
					if(_t68 == 0) {
						_t69 = 0;
					} else {
						_t69 = E00C37340(_t68, _t168, _t87, 0, _t146 - _t87 + _t87, _t87, 0);
					}
					 *((intOrPtr*)(_t154 + 0x1c)) = 0xffffffff;
					_t70 = E00C36630(_t143, _t69);
					_push(0xf0);
					L00C3E340();
					_t155 = _t154 + 4;
					 *((intOrPtr*)(_t155 + 0x30)) = _t70;
					 *((intOrPtr*)(_t155 + 0x18)) = 4;
					if(_t70 == 0) {
						_t71 = 0;
					} else {
						_t71 = E00C266A0(_t70, 0xc6f3d0, 0, 0, _t87 + 1, _t87 + 1);
					}
					 *((intOrPtr*)(_t155 + 0x20)) = 0xffffffff;
					_t72 = E00C36590(_t143, _t71, 0);
					_push(0xf0);
					L00C3E340();
					_t156 = _t155 + 4;
					 *((intOrPtr*)(_t156 + 0x30)) = _t72;
					 *((intOrPtr*)(_t156 + 0x18)) = 5;
					if(_t72 == 0) {
						goto L24;
					} else {
						_t73 = E00C266A0(_t72, 0xc6f3d0, _t146 - _t87, 0, _t87 + 1, _t87 + 1);
					}
				} else {
					L00C3E340();
					_t158 = _t153 + 4;
					 *((intOrPtr*)(_t158 + 0x30)) = _t68;
					 *((intOrPtr*)(_t158 + 0x18)) = 0;
					if(_t68 == 0) {
						_t81 = 0;
					} else {
						_t81 = E00C37340(_t68, _t168, 0, _t146 - 1, _t146, _t87 - _t146 + _t146 + 2, 1);
					}
					 *((intOrPtr*)(_t158 + 0x1c)) = 0xffffffff;
					_t82 = E00C36630(_t143, _t81);
					_push(0xf0);
					L00C3E340();
					_t159 = _t158 + 4;
					 *((intOrPtr*)(_t159 + 0x30)) = _t82;
					 *(_t159 + 0x18) = 1;
					if(_t82 == 0) {
						_t83 = 0;
					} else {
						_t83 = E00C266A0(_t82, 0xc6f3d0, 0, 0, _t146, _t146);
					}
					 *((intOrPtr*)(_t159 + 0x20)) = 0xffffffff;
					_t84 = E00C36590(_t143, _t83, 0);
					_push(0xf0);
					L00C3E340();
					_t156 = _t159 + 4;
					 *((intOrPtr*)(_t156 + 0x30)) = _t84;
					 *((intOrPtr*)(_t156 + 0x18)) = 2;
					if(_t84 == 0) {
						L24:
						_t73 = 0;
					} else {
						_t73 = E00C266A0(_t84, 0xc6f3d0, 0, _t87 - _t146, _t146, _t146);
					}
				}
				 *((intOrPtr*)(_t156 + 0x20)) = 0xffffffff;
				E00C36590(_t143, _t73, 1);
				E00C341B0(_t143, 1);
				E00C341C0(_t143, 1);
				E00C341D0(_t143, 1);
				E00C366F0(_t143, 0xf);
				E00C36730(_t143);
				 *[fs:0x0] =  *((intOrPtr*)(_t156 + 0x10));
				return _t143;
			}

0x00c35fb6
0x00c35fb8
0x00c35fbd
0x00c35fc2
0x00c35fca
0x00c35fcf
0x00c35fd5
0x00c35fe1
0x00c35fe8
0x00c35fee
0x00c35ff4
0x00c35ffa
0x00c36005
0x00c36005
0x00c3600a
0x00c3600e
0x00000000
0x00000000
0x00c36001
0x00c36001
0x00c36012
0x00c36019
0x00c3601a
0x00c3601f
0x00c36021
0x00c36026
0x00c3602a
0x00c3602d
0x00c3602d
0x00c36032
0x00c36034
0x00c3603a
0x00c36044
0x00c36044
0x00c36050
0x00c36058
0x00c3605c
0x00c3605e
0x00c36064
0x00c3606d
0x00c36077
0x00c3605e
0x00c36081
0x00c36082
0x00c3608b
0x00c3608f
0x00c36092
0x00c3609a
0x00c360a0
0x00c360a6
0x00c360ac
0x00c360b2
0x00c360b7
0x00c3617a
0x00c3617f
0x00c36182
0x00c36188
0x00c36190
0x00c361a7
0x00c36192
0x00c361a0
0x00c361a0
0x00c361ac
0x00c361b4
0x00c361b9
0x00c361be
0x00c361c3
0x00c361c6
0x00c361cc
0x00c361d4
0x00c361eb
0x00c361d6
0x00c361e4
0x00c361e4
0x00c361f1
0x00c361f9
0x00c361fe
0x00c36203
0x00c36208
0x00c3620b
0x00c36211
0x00c36219
0x00000000
0x00c3621b
0x00c3622b
0x00c3622b
0x00c360bd
0x00c360bd
0x00c360c2
0x00c360c5
0x00c360cb
0x00c360cf
0x00c360ee
0x00c360d1
0x00c360e7
0x00c360e7
0x00c360f3
0x00c360fb
0x00c36100
0x00c36105
0x00c3610a
0x00c3610d
0x00c36113
0x00c3611b
0x00c3612f
0x00c3611d
0x00c36128
0x00c36128
0x00c36135
0x00c3613d
0x00c36142
0x00c36147
0x00c3614c
0x00c3614f
0x00c36155
0x00c3615d
0x00c36232
0x00c36232
0x00c36163
0x00c36170
0x00c36170
0x00c3615d
0x00c36239
0x00c36241
0x00c3624a
0x00c36253
0x00c3625c
0x00c36265
0x00c3626c
0x00c3627a
0x00c36285

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,00000002,?,?,?,?,?,?,00000000,00C4E1D2,000000FF,00C30AAA,?,00000000,0000000F,?), ref: 00C35FE1

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

??0Slider@vgui@@QAE@HHHH_N@Z.VGUI(00000000,?,?,?,00000001), ref: 00C360E7
?setSlider@ScrollBar@vgui@@UAEXPAVSlider@2@@Z.VGUI(?,?,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C360FB
??0Button@vgui@@QAE@PBDHHHH@Z.VGUI(00C6F3D0,00000000,00000000,?,?), ref: 00C36128
?setButton@ScrollBar@vgui@@UAEXPAVButton@2@H@Z.VGUI(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C3613D
??0Button@vgui@@QAE@PBDHHHH@Z.VGUI(00C6F3D0,00000000,?,?,?), ref: 00C36170

Part of subcall function 00C266A0: ??0Label@vgui@@QAE@PBDHHHH@Z.VGUI(?,?,?,?,?), ref: 00C266C1
Part of subcall function 00C266A0: ?init@Button@vgui@@AAEXXZ.VGUI ref: 00C2675E

?setButton@ScrollBar@vgui@@UAEXPAVButton@2@H@Z.VGUI(00000000,00000001), ref: 00C36241
?setPaintBorderEnabled@Panel@vgui@@UAEX_N@Z.VGUI(00000001,00000000,00000001), ref: 00C3624A
?setPaintBackgroundEnabled@Panel@vgui@@UAEX_N@Z.VGUI(00000001,00000001,00000000,00000001), ref: 00C36253
?setPaintEnabled@Panel@vgui@@UAEX_N@Z.VGUI(00000001,00000001,00000001,00000000,00000001), ref: 00C3625C
?setButtonPressedScrollValue@ScrollBar@vgui@@UAEXH@Z.VGUI(0000000F,00000001,00000001,00000001,00000000,00000001), ref: 00C36265
?validate@ScrollBar@vgui@@UAEXXZ.VGUI(0000000F,00000001,00000001,00000001,00000000,00000001), ref: 00C3626C

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ?set$Scroll$Bar@vgui@@$Panel@vgui@@$Button@vgui@@Enabled@Paint$Button@Button@2@$?ensure?init@?validate@BackgroundBorderButtonCapacity@?$Dar@Label@vgui@@PressedSignal@vgui@@@vgui@@Slider@Slider@2@@Slider@vgui@@TickValue@
String ID:
API String ID: 2505466829-0
Opcode ID: dab4418c31b907d4df450b8be44c2a92f320c5f87be07f6b07066b599b9f2dd5
Instruction ID: 2a3a42ab7836655a70cef137eb984d822fd84147ed0415644521e11823a93ece
Opcode Fuzzy Hash: dab4418c31b907d4df450b8be44c2a92f320c5f87be07f6b07066b599b9f2dd5
Instruction Fuzzy Hash: D771E4B07143406BD758EF358C46F6FBAE9EBC4704F148A2DF45AC7291DB71A9408B62

Uniqueness

Uniqueness Score: -1.00%

Function 00C34370 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00C34370(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr* _t34;
				signed int _t53;
				signed int _t54;
				intOrPtr* _t57;
				intOrPtr _t59;

				_push(0xffffffff);
				_push(E00C4E072);
				_t25 =  *[fs:0x0];
				_push(_t25);
				 *[fs:0x0] = _t59;
				_push(__ecx);
				_push(_t53);
				_push(0xc0);
				L00C3E340();
				_v16 = _t25;
				_v4 = 0;
				if(_t25 == 0) {
					_t34 = 0;
				} else {
					_t25 = E00C3DDE0(_t25, "Properties");
					_t34 = _t25;
				}
				_t54 = _t53 | 0xffffffff;
				_push(0xc0);
				_v4 = _t54;
				L00C3E340();
				_v16 = _t25;
				_v4 = 1;
				if(_t25 == 0) {
					_t57 = 0;
				} else {
					_t25 = E00C3DDE0(_t25, "Panel");
					_t57 = _t25;
				}
				_push(0xd0);
				_v4 = _t54;
				L00C3E340();
				_v16 = _t25;
				_v4 = 2;
				if(_t25 == 0) {
					_t25 = 0;
				} else {
					_push("setPos");
					"VWj\nj\nj"();
				}
				_v4 = _t54;
				_t26 =  *((intOrPtr*)( *_t57 + 0x44))(_t25);
				_push(0xd0);
				L00C3E340();
				_v20 = _t26;
				_v8 = 3;
				if(_t26 == 0) {
					_t26 = 0;
				} else {
					_push("setSize");
					"VWj\nj\nj"();
				}
				_v8 = _t54;
				_t27 =  *((intOrPtr*)( *_t57 + 0x44))(_t26);
				_push(0xd0);
				L00C3E340();
				_v24 = _t27;
				_v12 = 4;
				if(_t27 == 0) {
					_t27 = 0;
				} else {
					_push("setBorder");
					"VWj\nj\nj"();
				}
				_v12 = _t54;
				_t28 =  *((intOrPtr*)( *_t57 + 0x44))(_t27);
				_push(0xd0);
				L00C3E340();
				_v28 = _t28;
				_v16 = 5;
				if(_t28 == 0) {
					_t28 = 0;
				} else {
					_push("setLayout");
					"VWj\nj\nj"();
				}
				_v16 = _t54;
				 *((intOrPtr*)( *_t57 + 0x44))(_t28);
				 *((intOrPtr*)( *_t34 + 0x44))(_t57);
				 *[fs:0x0] = _v32;
				return _t34;
			}

0x00c34370
0x00c34372
0x00c34377
0x00c3437d
0x00c3437e
0x00c34385
0x00c34388
0x00c34389
0x00c3438e
0x00c34396
0x00c3439c
0x00c343a4
0x00c343b6
0x00c343a6
0x00c343ad
0x00c343b2
0x00c343b2
0x00c343b8
0x00c343bb
0x00c343c0
0x00c343c4
0x00c343cc
0x00c343d2
0x00c343da
0x00c343ec
0x00c343dc
0x00c343e3
0x00c343e8
0x00c343e8
0x00c343ee
0x00c343f3
0x00c343f7
0x00c343ff
0x00c34405
0x00c3440d
0x00c3441d
0x00c3440f
0x00c3440f
0x00c34416
0x00c34416
0x00c34424
0x00c34428
0x00c3442b
0x00c34430
0x00c34438
0x00c3443e
0x00c34446
0x00c34456
0x00c34448
0x00c34448
0x00c3444f
0x00c3444f
0x00c3445d
0x00c34461
0x00c34464
0x00c34469
0x00c34471
0x00c34477
0x00c3447f
0x00c3448f
0x00c34481
0x00c34481
0x00c34488
0x00c34488
0x00c34496
0x00c3449a
0x00c3449d
0x00c344a2
0x00c344aa
0x00c344b0
0x00c344b8
0x00c344c8
0x00c344ba
0x00c344ba
0x00c344c1
0x00c344c1
0x00c344cf
0x00c344d3
0x00c344db
0x00c344e7
0x00c344f1

APIs

??0TreeFolder@vgui@@QAE@PBD@Z.VGUI(Properties,?,?,?,?,?,?,?,?,?,00C4DC81,000000FF), ref: 00C343AD

Part of subcall function 00C3DDE0: ??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,000001F4,000001F4,?,00C343E8,Panel), ref: 00C3DDF1
Part of subcall function 00C3DDE0: ?init@TreeFolder@vgui@@MAEXPBD@Z.VGUI(?,00000000,00000000,000001F4,000001F4,?,00C343E8,Panel), ref: 00C3DE03

??0TreeFolder@vgui@@QAE@PBD@Z.VGUI(Panel,?,?,?,?,?,?,?,?,?,?,00C4DC81,000000FF), ref: 00C343E3
??0Label@vgui@@QAE@PBD@Z.VGUI(setPos,?,?,?,?,?,?,?,?,?,?,?,00C4DC81,000000FF), ref: 00C34416
??0Label@vgui@@QAE@PBD@Z.VGUI(setSize,?,?,?,?,?,?,?,?,?,?,?,?,00C4DC81,000000FF), ref: 00C3444F
??0Label@vgui@@QAE@PBD@Z.VGUI(setBorder,?,?,?,?,?,?,?,?,?,?,?,?,?,00C4DC81,000000FF), ref: 00C34488
??0Label@vgui@@QAE@PBD@Z.VGUI(setLayout,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C4DC81), ref: 00C344C1

Strings

setSize, xrefs: 00C34448
setBorder, xrefs: 00C34481
setPos, xrefs: 00C3440F
setLayout, xrefs: 00C344BA
Properties, xrefs: 00C343A6
Panel, xrefs: 00C343DC

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Label@vgui@@$Folder@vgui@@Tree$?init@Panel@vgui@@
String ID: Panel$Properties$setBorder$setLayout$setPos$setSize
API String ID: 251611901-3727834773
Opcode ID: 7c19e8e4a6b53e5a986633e9a87e5d2b719d330dadaebdd804633c45d267bf33
Instruction ID: f44514c52cef84885889562b1457fe6b205cf9b5809b000478f24b5515c4fdca
Opcode Fuzzy Hash: 7c19e8e4a6b53e5a986633e9a87e5d2b719d330dadaebdd804633c45d267bf33
Instruction Fuzzy Hash: 3141ACB0B143019FD784EF698846B2B7AD4AF88700F14493EF45AC7292EB74E9449F82

Uniqueness

Uniqueness Score: -1.00%

Function 00C32180 Relevance: 19.7, APIs: 13, Instructions: 165
windowCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E00C32180(intOrPtr* __ecx, void* __eflags, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v12;
				signed int _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v76;
				int _t50;
				signed int _t52;
				intOrPtr* _t56;
				intOrPtr _t58;
				intOrPtr* _t59;
				intOrPtr* _t61;
				signed int _t71;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t112;
				void* _t114;
				signed int _t115;
				signed int _t116;
				intOrPtr* _t120;
				intOrPtr _t125;
				void* _t126;
				void* _t128;
				void* _t130;
				void* _t131;
				void* _t132;

				_push(0xffffffff);
				_push(E00C4E026);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t125;
				_t120 = __ecx;
				E00C2BC10(__ecx, _a12, _a16, 0x40, 0x40);
				_t71 = 1;
				 *((intOrPtr*)(__ecx + 0x118)) = 0;
				 *((intOrPtr*)(__ecx + 0x11c)) = 0;
				 *((intOrPtr*)(__ecx + 0x120)) = 0;
				do {
					_t71 = _t71 + _t71;
				} while (_t71 < 4);
				_t112 = _t71 * 4;
				_push(_t112);
				L00C3E340();
				_t126 = _t125 + 4;
				if(0 == 0) {
					E00C4292B(0);
				}
				_t77 = _t112;
				_t78 = _t77 >> 2;
				_t50 = memset(0, 0, _t78 << 2);
				_t114 = 0 + _t78;
				_t81 = _t77 & 0x00000003;
				memset(_t114, _t50, _t81 << 0);
				_t128 = _t126 + 0x18;
				_t115 = _t114 + _t81;
				_t52 = 0;
				 *(_t120 + 0x11c) = _t71;
				if( *((intOrPtr*)(_t120 + 0x118)) > 0) {
					do {
						_t52 = _t52 + 1;
						 *((intOrPtr*)(0 + _t52 * 4 - 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t120 + 0x120)) + _t52 * 4 - 4));
					} while (_t52 <  *((intOrPtr*)(_t120 + 0x118)));
				}
				_push( *((intOrPtr*)(_t120 + 0x120)));
				L00C3E350();
				 *((intOrPtr*)(_t120 + 0x120)) = 0;
				 *_t120 = 0xc52dc4;
				E00C2CFA0(_t120,  *((intOrPtr*)(_t128 + 0x24)));
				E00C2D4A0(0);
				E00C2D4C0(0);
				E00C2D4E0(0);
				E00C2D500(0);
				E00C2D520(0);
				_t56 = E00C2D000(_t120, 0);
				_push(0xd0);
				L00C3E340();
				_t130 = _t128 + 8;
				 *((intOrPtr*)(_t130 + 0x20)) = _t56;
				_v32 = 0;
				if(_t56 == 0) {
					_t56 = 0;
				} else {
					_push(_v12);
					"VWj\nj\nj"();
				}
				_t116 = _t115 | 0xffffffff;
				 *((intOrPtr*)(_t120 + 0x110)) = _t56;
				 *(_t130 + 0x18) = _t116;
				_t58 =  *((intOrPtr*)( *_t56 + 0x40))(E00C2CF90(_t120));
				_push(0xf0);
				L00C3E340();
				_t131 = _t130 + 4;
				 *((intOrPtr*)(_t131 + 0x20)) = _t58;
				_v28 = 1;
				if(_t58 == 0) {
					_t59 = 0;
				} else {
					_t59 = E00C26770(_t58, "Ok", 0xa, 0xa);
				}
				_v28 = _t116;
				 *((intOrPtr*)(_t120 + 0x114)) = _t59;
				_t61 =  *((intOrPtr*)( *_t59 + 0x40))(E00C2CF90(_t120));
				_push(8);
				L00C3E340();
				_t132 = _t131 + 4;
				if(_t61 == 0) {
					_t61 = 0;
				} else {
					 *_t61 = 0xc53010;
					 *((intOrPtr*)(_t61 + 4)) = _t120;
				}
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t120 + 0x114)))) + 0x240))(_t61);
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t120 + 0x110)))) + 0xc))(_t132 + 0x2c, _t132 + 0x2c);
				E00C2CE10(_t120, _v28 + 0x64,  *((intOrPtr*)(_t132 + 0x2c)) + 0x64);
				 *[fs:0x0] =  *((intOrPtr*)(_t132 + 0x10));
				return _t120;
			}

0x00c32186
0x00c32188
0x00c3218d
0x00c32192
0x00c3219d
0x00c321ab
0x00c321b2
0x00c321b7
0x00c321bd
0x00c321c3
0x00c321c9
0x00c321c9
0x00c321cb
0x00c321d0
0x00c321d7
0x00c321d8
0x00c321df
0x00c321e4
0x00c321e7
0x00c321e7
0x00c321ec
0x00c321f4
0x00c321f7
0x00c321f7
0x00c321fb
0x00c321fe
0x00c321fe
0x00c321fe
0x00c32206
0x00c3220a
0x00c32210
0x00c32212
0x00c32218
0x00c3221d
0x00c32227
0x00c32212
0x00c32231
0x00c32232
0x00c3223e
0x00c32247
0x00c3224d
0x00c32256
0x00c3225f
0x00c32268
0x00c32271
0x00c3227a
0x00c32283
0x00c32288
0x00c3228d
0x00c32292
0x00c32295
0x00c3229b
0x00c322a3
0x00c322b3
0x00c322a5
0x00c322a9
0x00c322ac
0x00c322ac
0x00c322b5
0x00c322b8
0x00c322c2
0x00c322d2
0x00c322d5
0x00c322da
0x00c322df
0x00c322e2
0x00c322e8
0x00c322f0
0x00c32304
0x00c322f2
0x00c322fd
0x00c322fd
0x00c32306
0x00c3230a
0x00c32320
0x00c32323
0x00c32325
0x00c3232a
0x00c3232f
0x00c3233c
0x00c32331
0x00c32331
0x00c32337
0x00c32337
0x00c32347
0x00c3235f
0x00c32374
0x00c32382
0x00c3238d

APIs

??0Frame@vgui@@QAE@HHHH@Z.VGUI(?,?,00000040,00000040,?,?,?,?,?,00C4E026,000000FF), ref: 00C321AB

Part of subcall function 00C2BC10: ??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,?,?,?,?,?,00C4DEB8,000000FF), ref: 00C2BC41
Part of subcall function 00C2BC10: ?setTitle@Frame@vgui@@UAEXPBD@Z.VGUI ref: 00C2BD00
Part of subcall function 00C2BC10: ?setMinimumSize@Panel@vgui@@UAEXHH@Z.VGUI(00000040,00000021), ref: 00C2BD0B
Part of subcall function 00C2BC10: ??0Panel@vgui@@QAE@HHHH@Z.VGUI(0000000F,00000000,?,00000005,Untitled), ref: 00C2BD38

?setTitle@Frame@vgui@@UAEXPBD@Z.VGUI(?), ref: 00C3224D
?setMenuButtonVisible@Frame@vgui@@UAEX_N@Z.VGUI(00000000,?), ref: 00C32256
?setTrayButtonVisible@Frame@vgui@@UAEX_N@Z.VGUI(00000000,00000000,?), ref: 00C3225F
?setMinimizeButtonVisible@Frame@vgui@@UAEX_N@Z.VGUI(00000000,00000000,00000000,?), ref: 00C32268
?setMaximizeButtonVisible@Frame@vgui@@UAEX_N@Z.VGUI(00000000,00000000,00000000,00000000,?), ref: 00C32271
?setCloseButtonVisible@Frame@vgui@@UAEX_N@Z.VGUI(00000000,00000000,00000000,00000000,00000000,?), ref: 00C3227A
?setSizeable@Frame@vgui@@UAEX_N@Z.VGUI(00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00C32283
??0Label@vgui@@QAE@PBD@Z.VGUI(?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C322AC
?getClient@Frame@vgui@@UAEPAVPanel@2@XZ.VGUI(?,?,?,?,?,?,?,?,?,000000FF), ref: 00C322C6
??0Button@vgui@@QAE@PBDHH@Z.VGUI(00C6AA28,0000000A,0000000A,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C322FD
?getClient@Frame@vgui@@UAEPAVPanel@2@XZ.VGUI(?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C32314
?setSize@Frame@vgui@@UAEXHH@Z.VGUI(?,?,?,?,?), ref: 00C32374

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Frame@vgui@@$?set$ButtonVisible@$Panel@vgui@@$?getClient@Panel@2@Size@Title@$Button@vgui@@CloseLabel@vgui@@MaximizeMenuMinimizeMinimumSizeable@Tray
String ID:
API String ID: 1786900485-0
Opcode ID: 27815b75eda7fd210fae061d8a52997db65bf2a09bfdbbeefa65fe7d032bd211
Instruction ID: 71ab76a3e76c07d76b862fd923131eceb05abfb04a9eb3d582c746ffc2025d4f
Opcode Fuzzy Hash: 27815b75eda7fd210fae061d8a52997db65bf2a09bfdbbeefa65fe7d032bd211
Instruction Fuzzy Hash: D251C1B07007009FC758EF68D852BAFB6E5AB88704F00092DF65BD7391DB75AA018B96

Uniqueness

Uniqueness Score: -1.00%

Function 00C2FBA0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E00C2FBA0(signed int __ecx) {
				intOrPtr* _v4;
				signed int _v8;
				signed int _v12;
				intOrPtr _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				intOrPtr _v36;
				void* _v40;
				intOrPtr _v44;
				void* _v60;
				intOrPtr* _t33;
				intOrPtr* _t35;
				intOrPtr _t36;
				intOrPtr _t39;
				intOrPtr* _t40;
				intOrPtr _t41;
				intOrPtr* _t42;
				intOrPtr* _t48;
				intOrPtr* _t70;
				intOrPtr* _t72;
				void* _t73;
				intOrPtr* _t74;
				signed int _t77;
				signed int _t78;
				intOrPtr _t80;
				void* _t82;
				void* _t83;
				void* _t86;
				void* _t87;

				_push(0xffffffff);
				_push(E00C4DF72);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t80;
				_t77 = __ecx;
				_t33 = E00C34370(__ecx);
				_t70 = _t33;
				_push(0xc0);
				_v24 = _t70;
				L00C3E340();
				_t82 = _t80 - 0xc + 4;
				_v20 = _t33;
				_t48 = 0;
				_v4 = 0;
				if(_t33 != 0) {
					_t48 = E00C3DDE0(_t33, "Label");
				}
				_v4 = 0xffffffff;
				_t35 =  *((intOrPtr*)( *_t70 + 0x44))(_t48, _t73);
				_push(0xc8);
				L00C3E340();
				_t74 = _t35;
				_t83 = _t82 + 4;
				_v24 = _t74;
				_v8 = 1;
				if(_t74 == 0) {
					_t74 = 0;
				} else {
					_t39 = E00C328C0(_t74, 0, 0, 0xc8, 0x14);
					_t8 = _t74 + 0xbc; // 0xbc
					_t72 = _t8;
					_push(8);
					 *_t72 = 0xc4fe50;
					 *_t74 = 0xc52054;
					 *_t72 = 0xc5204c;
					 *(_t74 + 0xc0) = _t77;
					L00C3E340();
					_t86 = _t83 + 4;
					_v36 = _t39;
					_v24 = 2;
					if(_t39 == 0) {
						_t40 = 0;
					} else {
						_t40 = E00C2B8F0(_t39, 2);
					}
					_v8 = 1;
					E00C33F60(_t40);
					_push(0xd0);
					L00C3E340();
					_t87 = _t86 + 4;
					_v24 = _t40;
					_v12 = 3;
					if(_t40 == 0) {
						_t40 = 0;
					} else {
						_push("setText");
						"VWj\nj\nj"();
					}
					_v12 = 1;
					_t41 =  *((intOrPtr*)( *_t40 + 0x40))(_t74);
					_push(0xf4);
					L00C3E340();
					_t83 = _t87 + 4;
					_v28 = _t41;
					 *((char*)(_t83 + 0x24)) = 4;
					if(_t41 == 0) {
						_t42 = 0;
					} else {
						_t42 = E00C3B4B0(_t41, 0xc6f3d0, 0, 0, 0x50, 0x14);
					}
					 *((intOrPtr*)(_t74 + 0xc4)) = _t42;
					 *((char*)(_t83 + 0x28)) = 1;
					 *((intOrPtr*)( *_t42 + 0x40))(_t74);
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t74 + 0xc4)))) + 0x238))(_t72);
					_t70 = _v44;
				}
				_t78 = _t77 | 0xffffffff;
				_v8 = _t78;
				_t36 =  *((intOrPtr*)( *_t48 + 0x44))(_t74);
				_push(0xd0);
				L00C3E340();
				_v24 = _t36;
				_v12 = 5;
				if(_t36 == 0) {
					_t36 = 0;
				} else {
					_push("setContentAlignment");
					"VWj\nj\nj"();
				}
				_v12 = _t78;
				 *((intOrPtr*)( *_t48 + 0x44))(_t36);
				 *[fs:0x0] = _v24;
				return _t70;
			}

0x00c2fba0
0x00c2fba2
0x00c2fbad
0x00c2fbae
0x00c2fbbb
0x00c2fbbd
0x00c2fbc2
0x00c2fbc4
0x00c2fbc9
0x00c2fbcd
0x00c2fbd2
0x00c2fbd5
0x00c2fbd9
0x00c2fbdd
0x00c2fbe1
0x00c2fbef
0x00c2fbef
0x00c2fbf7
0x00c2fbff
0x00c2fc02
0x00c2fc07
0x00c2fc0c
0x00c2fc0e
0x00c2fc11
0x00c2fc17
0x00c2fc1f
0x00c2fd17
0x00c2fc25
0x00c2fc32
0x00c2fc37
0x00c2fc37
0x00c2fc3d
0x00c2fc3f
0x00c2fc45
0x00c2fc4b
0x00c2fc51
0x00c2fc57
0x00c2fc5c
0x00c2fc5f
0x00c2fc65
0x00c2fc6a
0x00c2fc77
0x00c2fc6c
0x00c2fc70
0x00c2fc70
0x00c2fc7c
0x00c2fc81
0x00c2fc86
0x00c2fc8b
0x00c2fc90
0x00c2fc93
0x00c2fc99
0x00c2fc9e
0x00c2fcae
0x00c2fca0
0x00c2fca0
0x00c2fca7
0x00c2fca7
0x00c2fcb5
0x00c2fcba
0x00c2fcbd
0x00c2fcc2
0x00c2fcc7
0x00c2fcca
0x00c2fcd0
0x00c2fcd5
0x00c2fced
0x00c2fcd7
0x00c2fce6
0x00c2fce6
0x00c2fcef
0x00c2fcfa
0x00c2fcff
0x00c2fd0b
0x00c2fd11
0x00c2fd11
0x00c2fd1b
0x00c2fd21
0x00c2fd25
0x00c2fd28
0x00c2fd2d
0x00c2fd35
0x00c2fd3b
0x00c2fd44
0x00c2fd54
0x00c2fd46
0x00c2fd46
0x00c2fd4d
0x00c2fd4d
0x00c2fd5b
0x00c2fd5f
0x00c2fd6b
0x00c2fd75

APIs

?createPropertyPanel@Panel@vgui@@UAEPAV12@XZ.VGUI ref: 00C2FBBD

Part of subcall function 00C34370: ??0TreeFolder@vgui@@QAE@PBD@Z.VGUI(Properties,?,?,?,?,?,?,?,?,?,00C4DC81,000000FF), ref: 00C343AD
Part of subcall function 00C34370: ??0TreeFolder@vgui@@QAE@PBD@Z.VGUI(Panel,?,?,?,?,?,?,?,?,?,?,00C4DC81,000000FF), ref: 00C343E3
Part of subcall function 00C34370: ??0Label@vgui@@QAE@PBD@Z.VGUI(setPos,?,?,?,?,?,?,?,?,?,?,?,00C4DC81,000000FF), ref: 00C34416
Part of subcall function 00C34370: ??0Label@vgui@@QAE@PBD@Z.VGUI(setSize,?,?,?,?,?,?,?,?,?,?,?,?,00C4DC81,000000FF), ref: 00C3444F
Part of subcall function 00C34370: ??0Label@vgui@@QAE@PBD@Z.VGUI(setBorder,?,?,?,?,?,?,?,?,?,?,?,?,?,00C4DC81,000000FF), ref: 00C34488
Part of subcall function 00C34370: ??0Label@vgui@@QAE@PBD@Z.VGUI(setLayout,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C4DC81), ref: 00C344C1

??0TreeFolder@vgui@@QAE@PBD@Z.VGUI(Label), ref: 00C2FBEA

Part of subcall function 00C3DDE0: ??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,000001F4,000001F4,?,00C343E8,Panel), ref: 00C3DDF1
Part of subcall function 00C3DDE0: ?init@TreeFolder@vgui@@MAEXPBD@Z.VGUI(?,00000000,00000000,000001F4,000001F4,?,00C343E8,Panel), ref: 00C3DE03

??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,000000C8,00000014), ref: 00C2FC32
??0FlowLayout@vgui@@QAE@H@Z.VGUI(00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C4DC81), ref: 00C2FC70
?setLayout@Panel@vgui@@UAEXPAVLayout@2@@Z.VGUI(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C4DC81), ref: 00C2FC81
??0Label@vgui@@QAE@PBD@Z.VGUI(setText), ref: 00C2FCA7
??0TextEntry@vgui@@QAE@PBDHHHH@Z.VGUI(00C6F3D0,00000000,00000000,00000050,00000014), ref: 00C2FCE6
??0Label@vgui@@QAE@PBD@Z.VGUI(setContentAlignment,?,?,?,?,?,?,?,?,?,?,?,?,?,00C4DC81,000000FF), ref: 00C2FD4D

Strings

setText, xrefs: 00C2FCA0
setContentAlignment, xrefs: 00C2FD46
Label, xrefs: 00C2FBE3

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Label@vgui@@$Folder@vgui@@Panel@vgui@@Tree$?create?init@?setEntry@vgui@@FlowLayout@Layout@2@@Layout@vgui@@Panel@PropertyTextV12@
String ID: Label$setContentAlignment$setText
API String ID: 3827720331-1690678110
Opcode ID: 677ac2a14e59078a674e0e4f7b48a567938b33f26585a6d25d8afba4fb2c78ce
Instruction ID: a8512c6a721686de0e8557ec9c1c8bcc346f76c0128d6ab7093ed168591a2e2f
Opcode Fuzzy Hash: 677ac2a14e59078a674e0e4f7b48a567938b33f26585a6d25d8afba4fb2c78ce
Instruction Fuzzy Hash: 9F51D2B07043458FE750DF689845B1ABAE4BF88704F140A7DF54ADB3D2EBB4D9448B92

Uniqueness

Uniqueness Score: -1.00%

Function 00C40A80 Relevance: 16.7, APIs: 11, Instructions: 162
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00C40A80(void* __ecx, signed long long __fp0) {
				signed int _t86;
				signed int _t87;
				char _t95;
				signed int _t96;
				signed int _t102;
				signed int _t104;
				signed int _t109;
				signed int _t123;
				char* _t125;
				void* _t126;
				void* _t128;
				void* _t131;
				signed long long _t143;
				signed long long _t144;
				signed long long _t145;
				signed long long _t146;

				_t143 = __fp0;
				_t126 = __ecx;
				SelectObject( *(__ecx + 8),  *(__ecx + 4));
				SetBkColor( *(__ecx + 8), 0);
				SetTextColor( *(__ecx + 8), 0xffffff);
				SetBkMode( *(__ecx + 8), 2);
				_t96 =  *(_t131 + 0x38);
				MoveToEx( *(__ecx + 8),  ~( *(__ecx + (_t96 + 0x12 + _t96 * 2) * 4)), 0, 0);
				 *(_t131 + 0x2f) = _t96;
				ExtTextOutA( *(__ecx + 8), 0, 0, 0, 0, _t131 + 0x13, 1, 0);
				SetBkMode( *(__ecx + 8), 1);
				_t86 =  *(__ecx + 0xc48);
				_t102 =  *(__ecx + 0x10);
				 *(_t131 + 0x20) = _t102;
				_t109 =  *(__ecx + 0x4c + (_t96 + _t96 * 2) * 4);
				 *(_t131 + 0x1c) = _t109;
				if(_t109 > _t86) {
					_t109 = _t86;
					 *(_t131 + 0x1c) = _t109;
				}
				_t87 =  *(_t126 + 0xc4c);
				if(_t102 > _t87) {
					_t102 = _t87;
					 *(_t131 + 0x20) = _t102;
				}
				_t88 = 0;
				 *(_t131 + 0x24) = 0;
				if(_t102 > 0) {
					_t123 =  *(_t131 + 0x40) *  *(_t131 + 0x48);
					 *(_t131 + 0x2c) = _t123;
					do {
						_t128 = 0;
						if(_t109 <= 0) {
							goto L15;
						}
						_t104 =  *(_t131 + 0x40);
						 *((intOrPtr*)(_t131 + 0x30)) = _t88 +  *((intOrPtr*)(_t131 + 0x44));
						 *(_t131 + 0x1c) = _t104;
						do {
							if(_t104 <  *(_t131 + 0x48) &&  *((intOrPtr*)(_t131 + 0x30)) <  *((intOrPtr*)(_t131 + 0x4c))) {
								 *(_t131 + 0x18) = 0;
								asm("fild dword [esp+0x18]");
								 *(_t131 + 0x14) = 0;
								_t144 = _t143 *  *0xc552cc;
								 *((intOrPtr*)(_t131 + 0x34)) = 0;
								 *(_t131 + 0x18) = _t144;
								asm("fild dword [esp+0x14]");
								_t145 = _t144 *  *0xc552cc;
								 *(_t131 + 0x14) = _t145;
								asm("fild dword [esp+0x34]");
								_t146 = _t145 *  *0xc552cc;
								if(_t96 == 9) {
									st0 = _t146;
									 *(_t131 + 0x14) = 0;
									 *(_t131 + 0x18) = 0;
								}
								_t125 =  *((intOrPtr*)(_t131 + 0x50)) + (_t123 + _t104) * 4;
								 *_t125 = E00C43484();
								 *((char*)(_t125 + 1)) = E00C43484();
								 *((char*)(_t125 + 2)) = E00C43484();
								asm("faddp st1, st0");
								asm("faddp st1, st0");
								_t143 =  *(_t131 + 0x18) *  *0xc552c0 *  *0xc53430;
								_t95 = E00C43484();
								_t96 =  *(_t131 + 0x3c);
								_t104 =  *(_t131 + 0x1c);
								 *((char*)(_t125 + 3)) = _t95;
								_t88 =  *((intOrPtr*)(_t131 + 0x28));
								_t123 =  *(_t131 + 0x2c);
							}
							_t109 =  *(_t131 + 0x20);
							_t128 = _t128 + 1;
							_t104 = _t104 + 1;
							 *(_t131 + 0x1c) = _t104;
						} while (_t128 < _t109);
						_t102 =  *(_t131 + 0x24);
						L15:
						_t88 = _t88 + 1;
						_t123 = _t123 +  *(_t131 + 0x48);
						 *((intOrPtr*)(_t131 + 0x28)) = _t88;
						 *(_t131 + 0x2c) = _t123;
					} while (_t88 < _t102);
					return _t88;
				}
				return 0;
			}

0x00c40a80
0x00c40a85
0x00c40a90
0x00c40a9c
0x00c40aab
0x00c40abd
0x00c40abf
0x00c40ad5
0x00c40af0
0x00c40af4
0x00c40b00
0x00c40b02
0x00c40b08
0x00c40b0e
0x00c40b12
0x00c40b18
0x00c40b1c
0x00c40b1e
0x00c40b20
0x00c40b20
0x00c40b24
0x00c40b2c
0x00c40b2e
0x00c40b30
0x00c40b30
0x00c40b34
0x00c40b38
0x00c40b3c
0x00c40b47
0x00c40b4c
0x00c40b50
0x00c40b50
0x00c40b54
0x00000000
0x00000000
0x00c40b61
0x00c40b65
0x00c40b69
0x00c40b6d
0x00c40b71
0x00c40b9d
0x00c40ba3
0x00c40baa
0x00c40bb0
0x00c40bbc
0x00c40bc0
0x00c40bc4
0x00c40bc8
0x00c40bce
0x00c40bd2
0x00c40bd6
0x00c40bdc
0x00c40bde
0x00c40be6
0x00c40bee
0x00c40bee
0x00c40c06
0x00c40c18
0x00c40c27
0x00c40c3f
0x00c40c42
0x00c40c4e
0x00c40c50
0x00c40c56
0x00c40c5b
0x00c40c5f
0x00c40c63
0x00c40c66
0x00c40c6a
0x00c40c6a
0x00c40c6e
0x00c40c72
0x00c40c73
0x00c40c76
0x00c40c76
0x00c40c80
0x00c40c84
0x00c40c88
0x00c40c89
0x00c40c8d
0x00c40c91
0x00c40c91
0x00000000
0x00c40c9b
0x00c40ca2

APIs

SelectObject.GDI32(?,?), ref: 00C40A90
SetBkColor.GDI32(?,00000000), ref: 00C40A9C
SetTextColor.GDI32(?,00FFFFFF), ref: 00C40AAB
SetBkMode.GDI32(?,00000002), ref: 00C40ABD
MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00C40AD5
ExtTextOutA.GDI32(?,00000000,00000000,00000000,00000000,?,00000001,00000000), ref: 00C40AF4
SetBkMode.GDI32(?,00000001), ref: 00C40B00
__ftol.LIBCMT ref: 00C40C09
__ftol.LIBCMT ref: 00C40C1A
__ftol.LIBCMT ref: 00C40C2A
__ftol.LIBCMT ref: 00C40C56

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: __ftol$ColorModeText$MoveObjectSelect
String ID:
API String ID: 3398284437-0
Opcode ID: 7f0a3c78a5d2a82a47056d4ec8f6b24f4ac3c9a14dd979d28778884cebea70ba
Instruction ID: b270bae4d22f58a729bded15e8ab19bc10251fb39379f6f400b17c5f4497d239
Opcode Fuzzy Hash: 7f0a3c78a5d2a82a47056d4ec8f6b24f4ac3c9a14dd979d28778884cebea70ba
Instruction Fuzzy Hash: AD6179786093429FC314CF15C885B5ABBF6FBC8700F218A1DE59697262D730E989CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00C3F6B0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 181
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00C3F6B0(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v0;
				signed int _v4;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				intOrPtr _v36;
				signed int _t59;
				intOrPtr _t60;
				intOrPtr* _t61;
				intOrPtr* _t62;
				intOrPtr _t63;
				intOrPtr* _t64;
				intOrPtr* _t65;
				intOrPtr _t66;
				intOrPtr* _t67;
				signed int _t68;
				intOrPtr* _t69;
				signed int _t75;
				signed int _t80;
				signed int _t81;
				signed int _t110;
				intOrPtr* _t117;
				signed int _t120;
				intOrPtr _t122;

				_push(0xffffffff);
				_push(E00C4E45C);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t122;
				_t117 = __ecx;
				E00C328C0(__ecx, _a4, _a8, _a12, _a16);
				_t120 = 1;
				 *((intOrPtr*)(_t117 + 0xd0)) = 0;
				 *(_t117 + 0xd4) = 0;
				 *((intOrPtr*)(_t117 + 0xd8)) = 0;
				do {
					_t120 = _t120 + _t120;
				} while (_t120 < 4);
				_t110 = _t120 * 4;
				_push(_t110);
				L00C3E340();
				if(0 == 0) {
					E00C4292B(0);
				}
				_t80 = _t110;
				_t81 = _t80 >> 2;
				memset(0 + _t81, memset(0, 0, _t81 << 2), (_t80 & 0x00000003) << 0);
				_t59 = 0;
				 *(_t117 + 0xd4) = _t120;
				if( *((intOrPtr*)(_t117 + 0xd0)) > 0) {
					do {
						_t59 = _t59 + 1;
						 *((intOrPtr*)(0 + _t59 * 4 - 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t117 + 0xd8)) + _t59 * 4 - 4));
					} while (_t59 <  *((intOrPtr*)(_t117 + 0xd0)));
				}
				_t60 =  *((intOrPtr*)(_t117 + 0xd8));
				_push(_t60);
				L00C3E350();
				 *((intOrPtr*)(_t117 + 0xd8)) = 0;
				_push(0xf0);
				 *_t117 = 0xc54fdc;
				 *((intOrPtr*)(_t117 + 0xcc)) = 0;
				L00C3E340();
				_a16 = _t60;
				_v4 = 0;
				if(_t60 == 0) {
					_t61 = 0;
				} else {
					_t61 = E00C26770(_t60, "back", 0x14, 0x64);
				}
				 *((intOrPtr*)(_t117 + 0xbc)) = _t61;
				_t75 = 0xffffffff;
				_v4 = 0xffffffff;
				_t62 =  *((intOrPtr*)( *_t61 + 0x40))(_t117);
				_push(8);
				L00C3E340();
				if(_t62 == 0) {
					_t62 = 0;
				} else {
					 *_t62 = 0xc55210;
					 *((intOrPtr*)(_t62 + 4)) = _t117;
				}
				_t63 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t117 + 0xbc)))) + 0x240))(_t62);
				_push(0xf0);
				L00C3E340();
				_a8 = _t63;
				_v12 = 1;
				if(_t63 == 0) {
					_t64 = 0;
				} else {
					_t64 = E00C26770(_t63, "next", 0x50, 0x64);
				}
				 *((intOrPtr*)(_t117 + 0xc0)) = _t64;
				_v12 = _t75;
				_t65 =  *((intOrPtr*)( *_t64 + 0x40))(_t117);
				_push(8);
				L00C3E340();
				if(_t65 == 0) {
					_t65 = 0;
				} else {
					 *_t65 = 0xc55208;
					 *((intOrPtr*)(_t65 + 4)) = _t117;
				}
				_t66 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t117 + 0xc0)))) + 0x240))(_t65);
				_push(0xf0);
				L00C3E340();
				_v0 = _t66;
				_v20 = 2;
				if(_t66 == 0) {
					_t67 = 0;
				} else {
					_t67 = E00C26770(_t66, "finished", 0x78, 0x64);
				}
				 *((intOrPtr*)(_t117 + 0xc4)) = _t67;
				_v20 = _t75;
				_t68 =  *((intOrPtr*)( *_t67 + 0x40))(_t117);
				_push(0xf0);
				L00C3E340();
				_v4 = _t68;
				_v24 = 3;
				if(_t68 == 0) {
					_t69 = 0;
				} else {
					_t69 = E00C26770(_t68, "cancel", 0xb4, 0x64);
				}
				 *((intOrPtr*)(_t117 + 0xc8)) = _t69;
				_v24 = _t75;
				 *((intOrPtr*)( *_t69 + 0x40))(_t117);
				 *[fs:0x0] = _v36;
				return _t117;
			}

0x00c3f6b6
0x00c3f6b8
0x00c3f6bd
0x00c3f6c6
0x00c3f6d0
0x00c3f6e1
0x00c3f6e8
0x00c3f6ed
0x00c3f6f3
0x00c3f6f9
0x00c3f6ff
0x00c3f6ff
0x00c3f701
0x00c3f706
0x00c3f70d
0x00c3f70e
0x00c3f71a
0x00c3f71d
0x00c3f71d
0x00c3f722
0x00c3f72a
0x00c3f734
0x00c3f73e
0x00c3f742
0x00c3f748
0x00c3f74a
0x00c3f750
0x00c3f755
0x00c3f75f
0x00c3f74a
0x00c3f763
0x00c3f769
0x00c3f76a
0x00c3f76f
0x00c3f775
0x00c3f77a
0x00c3f780
0x00c3f786
0x00c3f78e
0x00c3f794
0x00c3f798
0x00c3f7ac
0x00c3f79a
0x00c3f7a5
0x00c3f7a5
0x00c3f7ae
0x00c3f7b6
0x00c3f7bc
0x00c3f7c0
0x00c3f7c3
0x00c3f7c5
0x00c3f7cf
0x00c3f7dc
0x00c3f7d1
0x00c3f7d1
0x00c3f7d7
0x00c3f7d7
0x00c3f7e7
0x00c3f7ed
0x00c3f7f2
0x00c3f7fa
0x00c3f800
0x00c3f808
0x00c3f81c
0x00c3f80a
0x00c3f815
0x00c3f815
0x00c3f81e
0x00c3f829
0x00c3f82d
0x00c3f830
0x00c3f832
0x00c3f83c
0x00c3f849
0x00c3f83e
0x00c3f83e
0x00c3f844
0x00c3f844
0x00c3f854
0x00c3f85a
0x00c3f85f
0x00c3f867
0x00c3f86d
0x00c3f875
0x00c3f889
0x00c3f877
0x00c3f882
0x00c3f882
0x00c3f88b
0x00c3f896
0x00c3f89a
0x00c3f89d
0x00c3f8a2
0x00c3f8aa
0x00c3f8b0
0x00c3f8b8
0x00c3f8cf
0x00c3f8ba
0x00c3f8c8
0x00c3f8c8
0x00c3f8d1
0x00c3f8dc
0x00c3f8e0
0x00c3f8ec
0x00c3f8f7

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,?,?,?,?,?,00C4E45C,000000FF), ref: 00C3F6E1

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

??0Button@vgui@@QAE@PBDHH@Z.VGUI(back,00000014,00000064), ref: 00C3F7A5
??0Button@vgui@@QAE@PBDHH@Z.VGUI(next,00000050,00000064,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C3F815
??0Button@vgui@@QAE@PBDHH@Z.VGUI(finished,00000078,00000064), ref: 00C3F882

Part of subcall function 00C26770: ??0Label@vgui@@QAE@PBDHH@Z.VGUI(?,?,?), ref: 00C26787
Part of subcall function 00C26770: ?init@Button@vgui@@AAEXXZ.VGUI ref: 00C26824

??0Button@vgui@@QAE@PBDHH@Z.VGUI(cancel,000000B4,00000064), ref: 00C3F8C8

Strings

cancel, xrefs: 00C3F8C1
back, xrefs: 00C3F79E
next, xrefs: 00C3F80E
finished, xrefs: 00C3F87B

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Button@vgui@@$?ensure?init@Capacity@?$Dar@Label@vgui@@Panel@vgui@@Signal@vgui@@@vgui@@Tick
String ID: back$cancel$finished$next
API String ID: 3029276525-3398007922
Opcode ID: f516711d5d142003b980dfdf4eda4dd9c2d8b7fc81ad15263ad85cb0e59e70b5
Instruction ID: cf9a4ae4e54fbf33f4b2094c58b2d1b216ba310f3616aebb2935047538a32dac
Opcode Fuzzy Hash: f516711d5d142003b980dfdf4eda4dd9c2d8b7fc81ad15263ad85cb0e59e70b5
Instruction Fuzzy Hash: B761BEB0B103009FD354EF78C885B6AB6E1BF88700F144D3EF15AC7291EA74A9458F92

Uniqueness

Uniqueness Score: -1.00%

Function 00C36C00 Relevance: 15.2, APIs: 10, Instructions: 209
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00C36C00(intOrPtr* __ecx) {
				intOrPtr _t66;
				signed int* _t67;
				intOrPtr _t75;
				intOrPtr* _t76;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr* _t83;
				intOrPtr* _t86;
				intOrPtr* _t87;
				intOrPtr* _t88;
				signed int _t95;
				signed int _t96;
				intOrPtr* _t148;
				intOrPtr _t154;
				void* _t155;
				intOrPtr _t156;
				void* _t157;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t161;

				_push(0xffffffff);
				_push(E00C4E20C);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t154;
				_t151 =  *((intOrPtr*)(_t154 + 0x20));
				_t144 =  *((intOrPtr*)(_t154 + 0x2c));
				_t148 = __ecx;
				E00C328C0(__ecx,  *((intOrPtr*)(_t154 + 0x20)),  *((intOrPtr*)(_t154 + 0x14)),  *((intOrPtr*)(_t154 + 0x20)),  *((intOrPtr*)(_t154 + 0x2c)));
				 *_t148 = 0xc53964;
				E00C341B0(_t148, 1);
				E00C341C0(_t148, 0);
				_t66 = E00C341D0(_t148, 0);
				_push(0xbc);
				L00C3E340();
				_t155 = _t154 + 4;
				 *((intOrPtr*)(_t155 + 0x2c)) = _t66;
				_t163 = _t66;
				 *((intOrPtr*)(_t155 + 0x18)) = 0;
				if(_t66 == 0) {
					_t67 = 0;
					__eflags = 0;
				} else {
					_t67 = E00C328C0(_t66, 0, 0, _t151 - 0x10, _t144 - 0x10);
				}
				 *(_t148 + 0xbc) = _t67;
				 *((intOrPtr*)(_t155 + 0x1c)) = 0xffffffff;
				 *((intOrPtr*)( *_t67 + 0x40))(_t148);
				_t156 = _t155 - 0xc;
				 *((intOrPtr*)(_t156 + 0x38)) = _t156;
				_t95 =  *( *(_t148 + 0xbc));
				E00C27990(_t156, _t163, 0, 0x80, 0, 0);
				 *((intOrPtr*)(_t95 + 0x128))();
				 *((intOrPtr*)( *( *(_t148 + 0xbc)) + 0xd8))(1);
				 *((intOrPtr*)( *( *(_t148 + 0xbc)) + 0xdc))(0);
				_t75 =  *((intOrPtr*)( *( *(_t148 + 0xbc)) + 0xe0))(0);
				_push(0xbc);
				L00C3E340();
				_t157 = _t156 + 4;
				 *((intOrPtr*)(_t157 + 0x2c)) = _t75;
				 *((intOrPtr*)(_t157 + 0x18)) = 1;
				if(_t75 == 0) {
					_t76 = 0;
					__eflags = 0;
				} else {
					_t76 = E00C328C0(_t75, 0, 0, _t151 + _t151, _t144 + _t144);
				}
				 *((intOrPtr*)(_t148 + 0xc0)) = _t76;
				_t96 = _t95 | 0xffffffff;
				 *(_t157 + 0x1c) = _t96;
				 *((intOrPtr*)( *_t76 + 0x40))( *(_t148 + 0xbc));
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t148 + 0xc0)))) + 0xd8))(1);
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t148 + 0xc0)))) + 0xdc))(0);
				_t81 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t148 + 0xc0)))) + 0xe0))(0);
				_push(0xd8);
				L00C3E340();
				_t158 = _t157 + 4;
				 *((intOrPtr*)(_t158 + 0x2c)) = _t81;
				 *((intOrPtr*)(_t158 + 0x18)) = 2;
				if(_t81 == 0) {
					_t82 = 0;
					__eflags = 0;
				} else {
					_t82 = E00C35FB0(_t81, 0, _t144 - 0x10, _t151 - 0x10, 0x10, 0);
				}
				 *((intOrPtr*)(_t148 + 0xc4)) = _t82;
				 *(_t158 + 0x1c) = _t96;
				_t83 =  *((intOrPtr*)( *_t82 + 0x40))(_t148);
				_push(8);
				L00C3E340();
				_t159 = _t158 + 4;
				if(_t83 == 0) {
					_t83 = 0;
					__eflags = 0;
				} else {
					 *_t83 = 0xc53b90;
					 *((intOrPtr*)(_t83 + 4)) = _t148;
				}
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t148 + 0xc4)))) + 0x204))(_t83);
				_t86 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t148 + 0xc4)))) + 0x24))(0);
				_push(0xd8);
				L00C3E340();
				_t160 = _t159 + 4;
				 *((intOrPtr*)(_t160 + 0x2c)) = _t86;
				 *((intOrPtr*)(_t160 + 0x18)) = 3;
				if(_t86 == 0) {
					_t87 = 0;
					__eflags = 0;
				} else {
					_t87 = E00C35FB0(_t86, _t151 + 0xfffffff0, 0, 0x10, _t144 + 0xfffffff0, 1);
				}
				 *((intOrPtr*)(_t148 + 0xc8)) = _t87;
				 *(_t160 + 0x1c) = _t96;
				_t88 =  *((intOrPtr*)( *_t87 + 0x40))(_t148);
				_push(8);
				L00C3E340();
				_t161 = _t160 + 4;
				if(_t88 == 0) {
					_t88 = 0;
					__eflags = 0;
				} else {
					 *_t88 = 0xc53b90;
					 *((intOrPtr*)(_t88 + 4)) = _t148;
				}
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t148 + 0xc8)))) + 0x204))(_t88);
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t148 + 0xc8)))) + 0x24))(0);
				 *((char*)(_t148 + 0xcc)) = 1;
				 *((char*)(_t148 + 0xcd)) = 1;
				E00C372C0(_t148);
				 *[fs:0x0] =  *((intOrPtr*)(_t161 + 0x10));
				return _t148;
			}

0x00c36c06
0x00c36c08
0x00c36c0d
0x00c36c12
0x00c36c1b
0x00c36c21
0x00c36c25
0x00c36c31
0x00c36c3a
0x00c36c40
0x00c36c49
0x00c36c52
0x00c36c57
0x00c36c5c
0x00c36c61
0x00c36c64
0x00c36c68
0x00c36c6a
0x00c36c72
0x00c36c89
0x00c36c89
0x00c36c74
0x00c36c82
0x00c36c82
0x00c36c8b
0x00c36c96
0x00c36c9e
0x00c36ca7
0x00c36cac
0x00c36cb0
0x00c36cbd
0x00c36cc8
0x00c36cd8
0x00c36ce8
0x00c36cf8
0x00c36cfe
0x00c36d03
0x00c36d08
0x00c36d0b
0x00c36d11
0x00c36d19
0x00c36d31
0x00c36d31
0x00c36d1b
0x00c36d2a
0x00c36d2a
0x00c36d39
0x00c36d41
0x00c36d47
0x00c36d4b
0x00c36d58
0x00c36d68
0x00c36d78
0x00c36d7e
0x00c36d83
0x00c36d88
0x00c36d8b
0x00c36d91
0x00c36d99
0x00c36db2
0x00c36db2
0x00c36d9b
0x00c36dab
0x00c36dab
0x00c36db4
0x00c36dbf
0x00c36dc3
0x00c36dc6
0x00c36dc8
0x00c36dcd
0x00c36dd2
0x00c36ddf
0x00c36ddf
0x00c36dd4
0x00c36dd4
0x00c36dda
0x00c36dda
0x00c36dea
0x00c36dfa
0x00c36dfd
0x00c36e02
0x00c36e07
0x00c36e0a
0x00c36e10
0x00c36e18
0x00c36e31
0x00c36e31
0x00c36e1a
0x00c36e2a
0x00c36e2a
0x00c36e33
0x00c36e3e
0x00c36e42
0x00c36e45
0x00c36e47
0x00c36e4c
0x00c36e51
0x00c36e5e
0x00c36e5e
0x00c36e53
0x00c36e53
0x00c36e59
0x00c36e59
0x00c36e69
0x00c36e79
0x00c36e7e
0x00c36e85
0x00c36e8c
0x00c36e9a
0x00c36ea5

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,?,?,?,?,?,00C4E20C,000000FF), ref: 00C36C31

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

?setPaintBorderEnabled@Panel@vgui@@UAEX_N@Z.VGUI(00000001,?,?,?,?,?,?,?,?,?,00C4E20C,000000FF), ref: 00C36C40
?setPaintBackgroundEnabled@Panel@vgui@@UAEX_N@Z.VGUI(00000000,00000001,?,?,?,?,?,?,?,?,?,00C4E20C,000000FF), ref: 00C36C49
?setPaintEnabled@Panel@vgui@@UAEX_N@Z.VGUI(00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,00C4E20C,000000FF), ref: 00C36C52
??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C36C82

Part of subcall function 00C328C0: ??0Color@vgui@@QAE@XZ.VGUI(?,00000004), ref: 00C32A58
Part of subcall function 00C328C0: ??0Color@vgui@@QAE@XZ.VGUI(?,00000004), ref: 00C32A63
Part of subcall function 00C328C0: ?init@Panel@vgui@@AAEXHHHH@Z.VGUI(?,?,?,?,?,00000004), ref: 00C32A84

??0Color@vgui@@QAE@HHHH@Z.VGUI(00000000,00000080,00000000,00000000), ref: 00C36CBD
??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C36D2A
??0ScrollBar@vgui@@QAE@HHHH_N@Z.VGUI(00000000,?,?,00000010,00000000,?,?,?,?,?,?,?,?,000000FF), ref: 00C36DAB
??0ScrollBar@vgui@@QAE@HHHH_N@Z.VGUI(?,00000000,00000010,?,00000001,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C36E2A

Part of subcall function 00C35FB0: ??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,00000002,?,?,?,?,?,?,00000000,00C4E1D2,000000FF,00C30AAA,?,00000000,0000000F,?), ref: 00C35FE1
Part of subcall function 00C35FB0: ??0Slider@vgui@@QAE@HHHH_N@Z.VGUI(00000000,?,?,?,00000001), ref: 00C360E7

?validate@ScrollPanel@vgui@@UAEXXZ.VGUI ref: 00C36E8C

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Panel@vgui@@$?setColor@vgui@@Enabled@PaintScroll$Bar@vgui@@$?ensure?init@?validate@BackgroundBorderCapacity@?$Dar@Signal@vgui@@@vgui@@Slider@vgui@@Tick
String ID:
API String ID: 2218878203-0
Opcode ID: e2dcbe39f0510bbc40496eaa6c689864818e33ca596980618f4b5e25fe765765
Instruction ID: 91f008d7250d03042e3389cab80aa988dc0e411de6633d9b4b2989f934c58db9
Opcode Fuzzy Hash: e2dcbe39f0510bbc40496eaa6c689864818e33ca596980618f4b5e25fe765765
Instruction Fuzzy Hash: 27818DB1350301AFE354DF64C855F6AB7E5BF88700F148A6CF55A8B2D1DBB1A804CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00CA80BF Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E00CA80BF(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _t4;
				intOrPtr* _t7;
				_Unknown_base(*)()* _t11;
				void* _t14;
				struct HINSTANCE__* _t15;
				void* _t17;

				_t14 = 0;
				_t17 =  *0xcb335c - _t14; // 0x0
				if(_t17 != 0) {
					L4:
					_t4 =  *0xcb3360; // 0x0
					if(_t4 != 0) {
						_t14 =  *_t4();
						if(_t14 != 0) {
							_t7 =  *0xcb3364; // 0x0
							if(_t7 != 0) {
								_t14 =  *_t7(_t14);
							}
						}
					}
					return  *0xcb335c(_t14, _a4, _a8, _a12);
				}
				_t15 = LoadLibraryA("user32.dll");
				if(_t15 == 0) {
					L10:
					return 0;
				}
				_t11 = GetProcAddress(_t15, "MessageBoxA");
				 *0xcb335c = _t11;
				if(_t11 == 0) {
					goto L10;
				} else {
					 *0xcb3360 = GetProcAddress(_t15, "GetActiveWindow");
					 *0xcb3364 = GetProcAddress(_t15, "GetLastActivePopup");
					goto L4;
				}
			}

0x00ca80c0
0x00ca80c2
0x00ca80ca
0x00ca810e
0x00ca810e
0x00ca8115
0x00ca8119
0x00ca811d
0x00ca811f
0x00ca8126
0x00ca812b
0x00ca812b
0x00ca8126
0x00ca811d
0x00000000
0x00ca813a
0x00ca80d7
0x00ca80db
0x00ca8144
0x00000000
0x00ca8144
0x00ca80e9
0x00ca80ed
0x00ca80f2
0x00000000
0x00ca80f4
0x00ca8102
0x00ca8109
0x00000000
0x00ca8109

APIs

LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,00CA3FF2,?,Microsoft Visual C++ Runtime Library,00012010,?,00CAB49C,?,00CAB4EC,?,?,?,Runtime Error!Program: ), ref: 00CA80D1
GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00CA80E9
GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00CA80FA
GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00CA8107

Strings

user32.dll, xrefs: 00CA80CC
GetLastActivePopup, xrefs: 00CA80FC
MessageBoxA, xrefs: 00CA80E3
GetActiveWindow, xrefs: 00CA80F4

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
API String ID: 2238633743-4044615076
Opcode ID: 97d6493c2a1cf202bb3667210f87cf864fdec032395223d5787d696478322b61
Instruction ID: 2e72feeb53040519bb4a918f10e8cbbd358f75bcc6f765e089e258b637572eed
Opcode Fuzzy Hash: 97d6493c2a1cf202bb3667210f87cf864fdec032395223d5787d696478322b61
Instruction Fuzzy Hash: 570121B1B04356AF87509FB99C84B2F7AE8AB4A7987080539B611D2131EF70CE069B60

Uniqueness

Uniqueness Score: -1.00%

Function 00C4D1DA Relevance: 13.7, APIs: 9, Instructions: 221
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E00C4D1DA(int _a4, int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28) {
				signed int _v8;
				intOrPtr _v20;
				short* _v28;
				int _v32;
				int _v36;
				short* _v40;
				short* _v44;
				char _v58;
				struct _cpinfo _v64;
				void* _v80;
				int _t65;
				int _t66;
				int _t69;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t86;
				int _t87;
				int _t88;
				void* _t96;
				char _t99;
				char _t101;
				intOrPtr _t104;
				intOrPtr _t105;
				int _t107;
				short* _t109;
				int _t111;
				int _t114;
				intOrPtr _t115;
				short* _t116;
				int _t118;

				_push(0xffffffff);
				_push(0xc559d0);
				_push(E00C449C0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t115;
				_t116 = _t115 - 0x30;
				_v28 = _t116;
				_t118 =  *0xc70818; // 0x0
				_t107 = 1;
				if(_t118 != 0) {
					L5:
					_t111 = _a16;
					if(_t111 > 0) {
						_t88 = E00C4B8C0(_a12, _t111);
						_pop(_t96);
						_t111 = _t88;
						_a16 = _t111;
					}
					if(_a24 > 0) {
						_t87 = E00C4B8C0(_a20, _a24);
						_pop(_t96);
						_a24 = _t87;
					}
					_t65 =  *0xc70818; // 0x0
					if(_t65 != 2) {
						if(_t65 != _t107) {
							goto L48;
						} else {
							if(_a28 == 0) {
								_t86 =  *0xc70778; // 0x0
								_a28 = _t86;
							}
							if(_t111 == 0 || _a24 == 0) {
								if(_t111 != _a24) {
									if(_a24 <= _t107) {
										if(_t111 > _t107) {
											L30:
											_push(3);
											goto L18;
										} else {
											if(GetCPInfo(_a28,  &_v64) == 0) {
												goto L48;
											} else {
												if(_t111 <= 0) {
													if(_a24 <= 0) {
														goto L39;
													} else {
														if(_v64 >= 2) {
															_t82 =  &_v58;
															if(_v58 != 0) {
																while(1) {
																	_t104 =  *((intOrPtr*)(_t82 + 1));
																	if(_t104 == 0) {
																		goto L20;
																	}
																	_t99 =  *_a20;
																	if(_t99 <  *_t82 || _t99 > _t104) {
																		_t82 = _t82 + 2;
																		if( *_t82 != 0) {
																			continue;
																		} else {
																			goto L20;
																		}
																	} else {
																		goto L17;
																	}
																	goto L49;
																}
															}
														}
														goto L20;
													}
												} else {
													if(_v64 >= 2) {
														_t84 =  &_v58;
														if(_v58 != 0) {
															while(1) {
																_t105 =  *((intOrPtr*)(_t84 + 1));
																if(_t105 == 0) {
																	goto L30;
																}
																_t101 =  *_a12;
																if(_t101 <  *_t84 || _t101 > _t105) {
																	_t84 = _t84 + 2;
																	if( *_t84 != 0) {
																		continue;
																	} else {
																		goto L30;
																	}
																} else {
																	goto L17;
																}
																goto L50;
															}
														}
													}
													goto L30;
													L50:
												}
											}
										}
									} else {
										L20:
										_t66 = _t107;
									}
								} else {
									L17:
									_push(2);
									L18:
									_pop(_t66);
								}
							} else {
								L39:
								_t69 = MultiByteToWideChar(_a28, 9, _a12, _t111, 0, 0);
								_v32 = _t69;
								if(_t69 == 0) {
									goto L48;
								} else {
									_v8 = 0;
									E00C43290(_t69 + _t69 + 0x00000003 & 0x000000fc, _t96);
									_v28 = _t116;
									_v40 = _t116;
									_v8 = _v8 | 0xffffffff;
									if(_v40 == 0 || MultiByteToWideChar(_a28, _t107, _a12, _t111, _v40, _v32) == 0) {
										goto L48;
									} else {
										_t114 = MultiByteToWideChar(_a28, 9, _a20, _a24, 0, 0);
										_v36 = _t114;
										if(_t114 == 0) {
											goto L48;
										} else {
											_v8 = _t107;
											E00C43290(_t114 + _t114 + 0x00000003 & 0x000000fc, _t96);
											_v28 = _t116;
											_t109 = _t116;
											_v44 = _t109;
											_v8 = _v8 | 0xffffffff;
											if(_t109 == 0 || MultiByteToWideChar(_a28, 1, _a20, _a24, _t109, _t114) == 0) {
												goto L48;
											} else {
												_t66 = CompareStringW(_a4, _a8, _v40, _v32, _t109, _t114);
											}
										}
									}
								}
							}
						}
					} else {
						_t66 = CompareStringA(_a4, _a8, _a12, _t111, _a20, _a24);
					}
				} else {
					if(CompareStringW(0, 0, 0xc55944, _t107, 0xc55944, _t107) == 0) {
						if(CompareStringA(0, 0, 0xc55940, _t107, 0xc55940, _t107) == 0) {
							L48:
							_t66 = 0;
						} else {
							 *0xc70818 = 2;
							goto L5;
						}
					} else {
						 *0xc70818 = _t107;
						goto L5;
					}
				}
				L49:
				 *[fs:0x0] = _v20;
				return _t66;
				goto L50;
			}

0x00c4d1dd
0x00c4d1df
0x00c4d1e4
0x00c4d1ef
0x00c4d1f0
0x00c4d1f7
0x00c4d1fd
0x00c4d202
0x00c4d20a
0x00c4d20b
0x00c4d24d
0x00c4d24d
0x00c4d252
0x00c4d258
0x00c4d25e
0x00c4d25f
0x00c4d261
0x00c4d261
0x00c4d267
0x00c4d26f
0x00c4d275
0x00c4d276
0x00c4d276
0x00c4d279
0x00c4d281
0x00c4d2a0
0x00000000
0x00c4d2a6
0x00c4d2a9
0x00c4d2ab
0x00c4d2b0
0x00c4d2b0
0x00c4d2b5
0x00c4d2c3
0x00c4d2d0
0x00c4d2db
0x00c4d31e
0x00c4d31e
0x00000000
0x00c4d2dd
0x00c4d2ec
0x00000000
0x00c4d2f2
0x00c4d2f4
0x00c4d325
0x00000000
0x00c4d327
0x00c4d32b
0x00c4d32d
0x00c4d333
0x00c4d335
0x00c4d335
0x00c4d33a
0x00000000
0x00000000
0x00c4d33f
0x00c4d343
0x00c4d34e
0x00c4d351
0x00000000
0x00c4d353
0x00000000
0x00c4d353
0x00000000
0x00000000
0x00000000
0x00000000
0x00c4d343
0x00c4d335
0x00c4d333
0x00000000
0x00c4d32b
0x00c4d2f6
0x00c4d2fa
0x00c4d2fc
0x00c4d302
0x00c4d304
0x00c4d304
0x00c4d309
0x00000000
0x00000000
0x00c4d30e
0x00c4d312
0x00c4d319
0x00c4d31c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00c4d312
0x00c4d304
0x00c4d302
0x00000000
0x00000000
0x00c4d2fa
0x00c4d2f4
0x00c4d2ec
0x00c4d2d2
0x00c4d2d2
0x00c4d2d2
0x00c4d2d2
0x00c4d2c5
0x00c4d2c5
0x00c4d2c5
0x00c4d2c7
0x00c4d2c7
0x00c4d2c7
0x00c4d358
0x00c4d358
0x00c4d363
0x00c4d369
0x00c4d36e
0x00000000
0x00c4d374
0x00c4d374
0x00c4d37e
0x00c4d383
0x00c4d388
0x00c4d38b
0x00c4d3aa
0x00000000
0x00c4d3ca
0x00c4d3d9
0x00c4d3db
0x00c4d3e0
0x00000000
0x00c4d3e2
0x00c4d3e2
0x00c4d3ed
0x00c4d3f2
0x00c4d3f5
0x00c4d3f7
0x00c4d3fa
0x00c4d414
0x00000000
0x00c4d42d
0x00c4d43b
0x00c4d43b
0x00c4d414
0x00c4d3e0
0x00c4d3aa
0x00c4d36e
0x00c4d2b5
0x00c4d283
0x00c4d293
0x00c4d293
0x00c4d20d
0x00c4d220
0x00c4d23d
0x00c4d443
0x00c4d443
0x00c4d243
0x00c4d243
0x00000000
0x00c4d243
0x00c4d222
0x00c4d222
0x00000000
0x00c4d222
0x00c4d220
0x00c4d445
0x00c4d44b
0x00c4d456
0x00000000

APIs

CompareStringW.KERNEL32(00000000,00000000,00C55944,00000001,00C55944,00000001,00000000,00CD11FC,?), ref: 00C4D218
CompareStringA.KERNEL32(00000000,00000000,00C55940,00000001,00C55940,00000001), ref: 00C4D235
CompareStringA.KERNEL32(?,?,00000000,?,?,?,00000000,00CD11FC,?), ref: 00C4D293
GetCPInfo.KERNEL32(?,00000000,00000000,00CD11FC,?), ref: 00C4D2E4
MultiByteToWideChar.KERNEL32(?,00000009,00000000,?,00000000,00000000), ref: 00C4D363
MultiByteToWideChar.KERNEL32(?,00000001,00000000,?,?,?), ref: 00C4D3C4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00C4D3D7
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 00C4D423
CompareStringW.KERNEL32(?,?,?,?,?,00000000,?,00000000), ref: 00C4D43B

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ByteCharCompareMultiStringWide$Info
String ID:
API String ID: 1651298574-0
Opcode ID: a96107054966bd7c53ae6b964a619f9a7951d76e49a5e2ea4c594beae6beac21
Instruction ID: 03f62d657bf220dff75fa390e3e315f976ab2b8f01ecfc12f0d0e792cd8167ac
Opcode Fuzzy Hash: a96107054966bd7c53ae6b964a619f9a7951d76e49a5e2ea4c594beae6beac21
Instruction Fuzzy Hash: CD71AE72900249EFCF21AF94DC45AEE7FBAFF45710F14412AF862A2160D3719E91DB92

Uniqueness

Uniqueness Score: -1.00%

Function 00CA99F1 Relevance: 13.7, APIs: 9, Instructions: 221
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E00CA99F1(int _a4, int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28) {
				signed int _v8;
				intOrPtr _v20;
				short* _v28;
				int _v32;
				int _v36;
				short* _v40;
				short* _v44;
				char _v58;
				struct _cpinfo _v64;
				void* _v80;
				int _t65;
				int _t66;
				int _t69;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t86;
				int _t87;
				int _t88;
				void* _t96;
				char _t99;
				char _t101;
				intOrPtr _t104;
				intOrPtr _t105;
				int _t107;
				short* _t109;
				int _t111;
				int _t114;
				intOrPtr _t115;
				short* _t116;
				int _t118;

				_push(0xffffffff);
				_push(0xcab758);
				_push(E00CA6E84);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t115;
				_t116 = _t115 - 0x30;
				_v28 = _t116;
				_t118 =  *0xcb3430; // 0x0
				_t107 = 1;
				if(_t118 != 0) {
					L5:
					_t111 = _a16;
					if(_t111 > 0) {
						_t88 = E00CA9C6E(_a12, _t111);
						_pop(_t96);
						_t111 = _t88;
						_a16 = _t111;
					}
					if(_a24 > 0) {
						_t87 = E00CA9C6E(_a20, _a24);
						_pop(_t96);
						_a24 = _t87;
					}
					_t65 =  *0xcb3430; // 0x0
					if(_t65 != 2) {
						if(_t65 != _t107) {
							goto L48;
						} else {
							if(_a28 == 0) {
								_t86 =  *0xcb33a4; // 0x0
								_a28 = _t86;
							}
							if(_t111 == 0 || _a24 == 0) {
								if(_t111 != _a24) {
									if(_a24 <= _t107) {
										if(_t111 > _t107) {
											L30:
											_push(3);
											goto L18;
										} else {
											if(GetCPInfo(_a28,  &_v64) == 0) {
												goto L48;
											} else {
												if(_t111 <= 0) {
													if(_a24 <= 0) {
														goto L39;
													} else {
														if(_v64 >= 2) {
															_t82 =  &_v58;
															if(_v58 != 0) {
																while(1) {
																	_t104 =  *((intOrPtr*)(_t82 + 1));
																	if(_t104 == 0) {
																		goto L20;
																	}
																	_t99 =  *_a20;
																	if(_t99 <  *_t82 || _t99 > _t104) {
																		_t82 = _t82 + 2;
																		if( *_t82 != 0) {
																			continue;
																		} else {
																			goto L20;
																		}
																	} else {
																		goto L17;
																	}
																	goto L49;
																}
															}
														}
														goto L20;
													}
												} else {
													if(_v64 >= 2) {
														_t84 =  &_v58;
														if(_v58 != 0) {
															while(1) {
																_t105 =  *((intOrPtr*)(_t84 + 1));
																if(_t105 == 0) {
																	goto L30;
																}
																_t101 =  *_a12;
																if(_t101 <  *_t84 || _t101 > _t105) {
																	_t84 = _t84 + 2;
																	if( *_t84 != 0) {
																		continue;
																	} else {
																		goto L30;
																	}
																} else {
																	goto L17;
																}
																goto L50;
															}
														}
													}
													goto L30;
													L50:
												}
											}
										}
									} else {
										L20:
										_t66 = _t107;
									}
								} else {
									L17:
									_push(2);
									L18:
									_pop(_t66);
								}
							} else {
								L39:
								_t69 = MultiByteToWideChar(_a28, 9, _a12, _t111, 0, 0);
								_v32 = _t69;
								if(_t69 == 0) {
									goto L48;
								} else {
									_v8 = 0;
									E00CA8090(_t69 + _t69 + 0x00000003 & 0x000000fc, _t96);
									_v28 = _t116;
									_v40 = _t116;
									_v8 = _v8 | 0xffffffff;
									if(_v40 == 0 || MultiByteToWideChar(_a28, _t107, _a12, _t111, _v40, _v32) == 0) {
										goto L48;
									} else {
										_t114 = MultiByteToWideChar(_a28, 9, _a20, _a24, 0, 0);
										_v36 = _t114;
										if(_t114 == 0) {
											goto L48;
										} else {
											_v8 = _t107;
											E00CA8090(_t114 + _t114 + 0x00000003 & 0x000000fc, _t96);
											_v28 = _t116;
											_t109 = _t116;
											_v44 = _t109;
											_v8 = _v8 | 0xffffffff;
											if(_t109 == 0 || MultiByteToWideChar(_a28, 1, _a20, _a24, _t109, _t114) == 0) {
												goto L48;
											} else {
												_t66 = CompareStringW(_a4, _a8, _v40, _v32, _t109, _t114);
											}
										}
									}
								}
							}
						}
					} else {
						_t66 = CompareStringA(_a4, _a8, _a12, _t111, _a20, _a24);
					}
				} else {
					if(CompareStringW(0, 0, 0xcab5e0, _t107, 0xcab5e0, _t107) == 0) {
						if(CompareStringA(0, 0, 0xcab5dc, _t107, 0xcab5dc, _t107) == 0) {
							L48:
							_t66 = 0;
						} else {
							 *0xcb3430 = 2;
							goto L5;
						}
					} else {
						 *0xcb3430 = _t107;
						goto L5;
					}
				}
				L49:
				 *[fs:0x0] = _v20;
				return _t66;
				goto L50;
			}

0x00ca99f4
0x00ca99f6
0x00ca99fb
0x00ca9a06
0x00ca9a07
0x00ca9a0e
0x00ca9a14
0x00ca9a19
0x00ca9a21
0x00ca9a22
0x00ca9a64
0x00ca9a64
0x00ca9a69
0x00ca9a6f
0x00ca9a75
0x00ca9a76
0x00ca9a78
0x00ca9a78
0x00ca9a7e
0x00ca9a86
0x00ca9a8c
0x00ca9a8d
0x00ca9a8d
0x00ca9a90
0x00ca9a98
0x00ca9ab7
0x00000000
0x00ca9abd
0x00ca9ac0
0x00ca9ac2
0x00ca9ac7
0x00ca9ac7
0x00ca9acc
0x00ca9ada
0x00ca9ae7
0x00ca9af2
0x00ca9b35
0x00ca9b35
0x00000000
0x00ca9af4
0x00ca9b03
0x00000000
0x00ca9b09
0x00ca9b0b
0x00ca9b3c
0x00000000
0x00ca9b3e
0x00ca9b42
0x00ca9b44
0x00ca9b4a
0x00ca9b4c
0x00ca9b4c
0x00ca9b51
0x00000000
0x00000000
0x00ca9b56
0x00ca9b5a
0x00ca9b65
0x00ca9b68
0x00000000
0x00ca9b6a
0x00000000
0x00ca9b6a
0x00000000
0x00000000
0x00000000
0x00000000
0x00ca9b5a
0x00ca9b4c
0x00ca9b4a
0x00000000
0x00ca9b42
0x00ca9b0d
0x00ca9b11
0x00ca9b13
0x00ca9b19
0x00ca9b1b
0x00ca9b1b
0x00ca9b20
0x00000000
0x00000000
0x00ca9b25
0x00ca9b29
0x00ca9b30
0x00ca9b33
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00ca9b29
0x00ca9b1b
0x00ca9b19
0x00000000
0x00000000
0x00ca9b11
0x00ca9b0b
0x00ca9b03
0x00ca9ae9
0x00ca9ae9
0x00ca9ae9
0x00ca9ae9
0x00ca9adc
0x00ca9adc
0x00ca9adc
0x00ca9ade
0x00ca9ade
0x00ca9ade
0x00ca9b6f
0x00ca9b6f
0x00ca9b7a
0x00ca9b80
0x00ca9b85
0x00000000
0x00ca9b8b
0x00ca9b8b
0x00ca9b95
0x00ca9b9a
0x00ca9b9f
0x00ca9ba2
0x00ca9bc1
0x00000000
0x00ca9be1
0x00ca9bf0
0x00ca9bf2
0x00ca9bf7
0x00000000
0x00ca9bf9
0x00ca9bf9
0x00ca9c04
0x00ca9c09
0x00ca9c0c
0x00ca9c0e
0x00ca9c11
0x00ca9c2b
0x00000000
0x00ca9c44
0x00ca9c52
0x00ca9c52
0x00ca9c2b
0x00ca9bf7
0x00ca9bc1
0x00ca9b85
0x00ca9acc
0x00ca9a9a
0x00ca9aaa
0x00ca9aaa
0x00ca9a24
0x00ca9a37
0x00ca9a54
0x00ca9c5a
0x00ca9c5a
0x00ca9a5a
0x00ca9a5a
0x00000000
0x00ca9a5a
0x00ca9a39
0x00ca9a39
0x00000000
0x00ca9a39
0x00ca9a37
0x00ca9c5c
0x00ca9c62
0x00ca9c6d
0x00000000

APIs

CompareStringW.KERNEL32(00000000,00000000,00CAB5E0,00000001,00CAB5E0,00000001,00000000,013C11FC,00CA2209,0000000C,?,?,?,0000000B,0000000B), ref: 00CA9A2F
CompareStringA.KERNEL32(00000000,00000000,00CAB5DC,00000001,00CAB5DC,00000001,?,00CA4CF3), ref: 00CA9A4C
CompareStringA.KERNEL32(?,00000000,00000000,00CA4CF3,?,0000000B,00000000,013C11FC,00CA2209,0000000C,?,?,?,0000000B,0000000B), ref: 00CA9AAA
GetCPInfo.KERNEL32(0000000B,00000000,00000000,013C11FC,00CA2209,0000000C,?,?,?,0000000B,0000000B,?,00CA4CF3), ref: 00CA9AFB
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,0000000B,00000000,00000000,?,00CA4CF3), ref: 00CA9B7A
MultiByteToWideChar.KERNEL32(?,00000001,00000000,0000000B,?,?,?,00CA4CF3), ref: 00CA9BDB
MultiByteToWideChar.KERNEL32(00000000,00000009,?,00000000,00000000,00000000,?,00CA4CF3), ref: 00CA9BEE
MultiByteToWideChar.KERNEL32(?,00000001,?,00000000,?,00000000,?,00CA4CF3), ref: 00CA9C3A
CompareStringW.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,00000000,?,00CA4CF3), ref: 00CA9C52

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: ByteCharCompareMultiStringWide$Info
String ID:
API String ID: 1651298574-0
Opcode ID: 0102d8d2b49abbc37e6101844ebc156915c85a76bd0977bd26b13d94b4eb8be3
Instruction ID: 8355976737e2bc5aef17d43c825601e5b9d3ea463e40d8d8aa46bde1a5b8f54d
Opcode Fuzzy Hash: 0102d8d2b49abbc37e6101844ebc156915c85a76bd0977bd26b13d94b4eb8be3
Instruction Fuzzy Hash: C0719D7194028AAFCF219F959C86AEE7FB9FB0771CF14412AF921A3160D3318E51DB60

Uniqueness

Uniqueness Score: -1.00%

Function 00C4B69C Relevance: 13.7, APIs: 9, Instructions: 177
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00C4B69C(int _a4, int _a8, signed char _a9, char* _a12, int _a16, short* _a20, int _a24, int _a28, signed int _a32) {
				signed int _v8;
				intOrPtr _v20;
				short* _v28;
				int _v32;
				short* _v36;
				short* _v40;
				int _v44;
				void* _v60;
				int _t61;
				int _t62;
				int _t82;
				int _t83;
				int _t88;
				short* _t89;
				int _t90;
				void* _t91;
				int _t99;
				intOrPtr _t101;
				short* _t102;
				int _t104;

				_push(0xffffffff);
				_push(0xc55948);
				_push(E00C449C0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t101;
				_t102 = _t101 - 0x1c;
				_v28 = _t102;
				_t104 =  *0xc7075c; // 0x1
				if(_t104 != 0) {
					L5:
					if(_a16 > 0) {
						_t83 = E00C4B8C0(_a12, _a16);
						_pop(_t91);
						_a16 = _t83;
					}
					_t61 =  *0xc7075c; // 0x1
					if(_t61 != 2) {
						if(_t61 != 1) {
							goto L21;
						} else {
							if(_a28 == 0) {
								_t82 =  *0xc70778; // 0x0
								_a28 = _t82;
							}
							asm("sbb eax, eax");
							_t88 = MultiByteToWideChar(_a28, ( ~_a32 & 0x00000008) + 1, _a12, _a16, 0, 0);
							_v32 = _t88;
							if(_t88 == 0) {
								goto L21;
							} else {
								_v8 = 0;
								E00C43290(_t88 + _t88 + 0x00000003 & 0x000000fc, _t91);
								_v28 = _t102;
								_v40 = _t102;
								_v8 = _v8 | 0xffffffff;
								if(_v40 == 0 || MultiByteToWideChar(_a28, 1, _a12, _a16, _v40, _t88) == 0) {
									goto L21;
								} else {
									_t99 = LCMapStringW(_a4, _a8, _v40, _t88, 0, 0);
									_v44 = _t99;
									if(_t99 == 0) {
										goto L21;
									} else {
										if((_a9 & 0x00000004) == 0) {
											_v8 = 1;
											E00C43290(_t99 + _t99 + 0x00000003 & 0x000000fc, _t91);
											_v28 = _t102;
											_t89 = _t102;
											_v36 = _t89;
											_v8 = _v8 | 0xffffffff;
											if(_t89 == 0 || LCMapStringW(_a4, _a8, _v40, _v32, _t89, _t99) == 0) {
												goto L21;
											} else {
												_push(0);
												_push(0);
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_t99 = WideCharToMultiByte(_a28, 0x220, _t89, _t99, ??, ??, ??, ??);
												if(_t99 == 0) {
													goto L21;
												} else {
													goto L30;
												}
											}
										} else {
											if(_a24 == 0 || _t99 <= _a24 && LCMapStringW(_a4, _a8, _v40, _t88, _a20, _a24) != 0) {
												L30:
												_t62 = _t99;
											} else {
												goto L21;
											}
										}
									}
								}
							}
						}
					} else {
						_t62 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
					}
				} else {
					_push(0);
					_push(0);
					_t90 = 1;
					if(LCMapStringW(0, 0x100, 0xc55944, _t90, ??, ??) == 0) {
						if(LCMapStringA(0, 0x100, 0xc55940, _t90, 0, 0) == 0) {
							L21:
							_t62 = 0;
						} else {
							 *0xc7075c = 2;
							goto L5;
						}
					} else {
						 *0xc7075c = _t90;
						goto L5;
					}
				}
				 *[fs:0x0] = _v20;
				return _t62;
			}

0x00c4b69f
0x00c4b6a1
0x00c4b6a6
0x00c4b6b1
0x00c4b6b2
0x00c4b6b9
0x00c4b6bf
0x00c4b6c4
0x00c4b6ca
0x00c4b712
0x00c4b715
0x00c4b71d
0x00c4b723
0x00c4b724
0x00c4b724
0x00c4b727
0x00c4b72f
0x00c4b751
0x00000000
0x00c4b757
0x00c4b75a
0x00c4b75c
0x00c4b761
0x00c4b761
0x00c4b771
0x00c4b781
0x00c4b783
0x00c4b788
0x00000000
0x00c4b78e
0x00c4b78e
0x00c4b799
0x00c4b79e
0x00c4b7a3
0x00c4b7a6
0x00c4b7c2
0x00000000
0x00c4b7dd
0x00c4b7ef
0x00c4b7f1
0x00c4b7f6
0x00000000
0x00c4b7f8
0x00c4b7fc
0x00c4b83e
0x00c4b84d
0x00c4b852
0x00c4b855
0x00c4b857
0x00c4b85a
0x00c4b874
0x00000000
0x00c4b88e
0x00c4b891
0x00c4b892
0x00c4b893
0x00c4b899
0x00c4b89c
0x00c4b895
0x00c4b895
0x00c4b896
0x00c4b896
0x00c4b8af
0x00c4b8b3
0x00000000
0x00000000
0x00000000
0x00000000
0x00c4b8b3
0x00c4b7fe
0x00c4b801
0x00c4b8b9
0x00c4b8b9
0x00000000
0x00000000
0x00000000
0x00c4b801
0x00c4b7fc
0x00c4b7f6
0x00c4b7c2
0x00c4b788
0x00c4b731
0x00c4b743
0x00c4b743
0x00c4b6cc
0x00c4b6cc
0x00c4b6cd
0x00c4b6d0
0x00c4b6e6
0x00c4b702
0x00c4b82a
0x00c4b82a
0x00c4b708
0x00c4b708
0x00000000
0x00c4b708
0x00c4b6e8
0x00c4b6e8
0x00000000
0x00c4b6e8
0x00c4b6e6
0x00c4b832
0x00c4b83d

APIs

LCMapStringW.KERNEL32(00000000,00000100,00C55944,00000001,00000000,00000000,74CB70F0,00C70838,?,00000003,00000000,00000001,00000000,?,?,00C4BA38), ref: 00C4B6DE
LCMapStringA.KERNEL32(00000000,00000100,00C55940,00000001,00000000,00000000,?,?,00C4BA38,?), ref: 00C4B6FA
LCMapStringA.KERNEL32(?,?,00000000,00000001,00000000,00000003,74CB70F0,00C70838,?,00000003,00000000,00000001,00000000,?,?,00C4BA38), ref: 00C4B743
MultiByteToWideChar.KERNEL32(?,00C70839,00000000,00000001,00000000,00000000,74CB70F0,00C70838,?,00000003,00000000,00000001,00000000,?,?,00C4BA38), ref: 00C4B77B
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,?,00000000), ref: 00C4B7D3
LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000), ref: 00C4B7E9
LCMapStringW.KERNEL32(?,?,?,00000000,?,?), ref: 00C4B81C
LCMapStringW.KERNEL32(?,?,?,?,?,00000000), ref: 00C4B884

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: String$ByteCharMultiWide
String ID:
API String ID: 352835431-0
Opcode ID: 44aea17dab9e60616410460ff7f3634d86a8c450ca9873bb84ff5a99093090d0
Instruction ID: f784f9a2117ec059e4f7b55f7d25a22106ecd0b2a374a9000764d1b03682e3db
Opcode Fuzzy Hash: 44aea17dab9e60616410460ff7f3634d86a8c450ca9873bb84ff5a99093090d0
Instruction Fuzzy Hash: 7F515831900649EFCF228FA5DD45AEE7FB9FB49750F204129F924A11A1D331CE51DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CA8291 Relevance: 13.7, APIs: 9, Instructions: 177
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00CA8291(int _a4, int _a8, signed char _a9, char* _a12, int _a16, short* _a20, int _a24, int _a28, signed int _a32) {
				signed int _v8;
				intOrPtr _v20;
				short* _v28;
				int _v32;
				short* _v36;
				short* _v40;
				int _v44;
				void* _v60;
				int _t61;
				int _t62;
				int _t82;
				int _t83;
				int _t88;
				short* _t89;
				int _t90;
				void* _t91;
				int _t99;
				intOrPtr _t101;
				short* _t102;
				int _t104;

				_push(0xffffffff);
				_push(0xcab5f8);
				_push(E00CA6E84);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t101;
				_t102 = _t101 - 0x1c;
				_v28 = _t102;
				_t104 =  *0xcb33ac; // 0x1
				if(_t104 != 0) {
					L5:
					if(_a16 > 0) {
						_t83 = E00CA9C6E(_a12, _a16);
						_pop(_t91);
						_a16 = _t83;
					}
					_t61 =  *0xcb33ac; // 0x1
					if(_t61 != 2) {
						if(_t61 != 1) {
							goto L21;
						} else {
							if(_a28 == 0) {
								_t82 =  *0xcb33a4; // 0x0
								_a28 = _t82;
							}
							asm("sbb eax, eax");
							_t88 = MultiByteToWideChar(_a28, ( ~_a32 & 0x00000008) + 1, _a12, _a16, 0, 0);
							_v32 = _t88;
							if(_t88 == 0) {
								goto L21;
							} else {
								_v8 = 0;
								E00CA8090(_t88 + _t88 + 0x00000003 & 0x000000fc, _t91);
								_v28 = _t102;
								_v40 = _t102;
								_v8 = _v8 | 0xffffffff;
								if(_v40 == 0 || MultiByteToWideChar(_a28, 1, _a12, _a16, _v40, _t88) == 0) {
									goto L21;
								} else {
									_t99 = LCMapStringW(_a4, _a8, _v40, _t88, 0, 0);
									_v44 = _t99;
									if(_t99 == 0) {
										goto L21;
									} else {
										if((_a9 & 0x00000004) == 0) {
											_v8 = 1;
											E00CA8090(_t99 + _t99 + 0x00000003 & 0x000000fc, _t91);
											_v28 = _t102;
											_t89 = _t102;
											_v36 = _t89;
											_v8 = _v8 | 0xffffffff;
											if(_t89 == 0 || LCMapStringW(_a4, _a8, _v40, _v32, _t89, _t99) == 0) {
												goto L21;
											} else {
												_push(0);
												_push(0);
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_t99 = WideCharToMultiByte(_a28, 0x220, _t89, _t99, ??, ??, ??, ??);
												if(_t99 == 0) {
													goto L21;
												} else {
													goto L30;
												}
											}
										} else {
											if(_a24 == 0 || _t99 <= _a24 && LCMapStringW(_a4, _a8, _v40, _t88, _a20, _a24) != 0) {
												L30:
												_t62 = _t99;
											} else {
												goto L21;
											}
										}
									}
								}
							}
						}
					} else {
						_t62 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
					}
				} else {
					_push(0);
					_push(0);
					_t90 = 1;
					if(LCMapStringW(0, 0x100, 0xcab5e0, _t90, ??, ??) == 0) {
						if(LCMapStringA(0, 0x100, 0xcab5dc, _t90, 0, 0) == 0) {
							L21:
							_t62 = 0;
						} else {
							 *0xcb33ac = 2;
							goto L5;
						}
					} else {
						 *0xcb33ac = _t90;
						goto L5;
					}
				}
				 *[fs:0x0] = _v20;
				return _t62;
			}

0x00ca8294
0x00ca8296
0x00ca829b
0x00ca82a6
0x00ca82a7
0x00ca82ae
0x00ca82b4
0x00ca82b9
0x00ca82bf
0x00ca8307
0x00ca830a
0x00ca8312
0x00ca8318
0x00ca8319
0x00ca8319
0x00ca831c
0x00ca8324
0x00ca8346
0x00000000
0x00ca834c
0x00ca834f
0x00ca8351
0x00ca8356
0x00ca8356
0x00ca8366
0x00ca8376
0x00ca8378
0x00ca837d
0x00000000
0x00ca8383
0x00ca8383
0x00ca838e
0x00ca8393
0x00ca8398
0x00ca839b
0x00ca83b7
0x00000000
0x00ca83d2
0x00ca83e4
0x00ca83e6
0x00ca83eb
0x00000000
0x00ca83ed
0x00ca83f1
0x00ca8433
0x00ca8442
0x00ca8447
0x00ca844a
0x00ca844c
0x00ca844f
0x00ca8469
0x00000000
0x00ca8483
0x00ca8486
0x00ca8487
0x00ca8488
0x00ca848e
0x00ca8491
0x00ca848a
0x00ca848a
0x00ca848b
0x00ca848b
0x00ca84a4
0x00ca84a8
0x00000000
0x00000000
0x00000000
0x00000000
0x00ca84a8
0x00ca83f3
0x00ca83f6
0x00ca84ae
0x00ca84ae
0x00000000
0x00000000
0x00000000
0x00ca83f6
0x00ca83f1
0x00ca83eb
0x00ca83b7
0x00ca837d
0x00ca8326
0x00ca8338
0x00ca8338
0x00ca82c1
0x00ca82c1
0x00ca82c2
0x00ca82c5
0x00ca82db
0x00ca82f7
0x00ca841f
0x00ca841f
0x00ca82fd
0x00ca82fd
0x00000000
0x00ca82fd
0x00ca82dd
0x00ca82dd
0x00000000
0x00ca82dd
0x00ca82db
0x00ca8427
0x00ca8432

APIs

LCMapStringW.KERNEL32(00000000,00000100,00CAB5E0,00000001,00000000,00000000,74CB70F0,00CB3440,?,00000003,00000000,00000001,00000000,?,?,00CA92BB), ref: 00CA82D3
LCMapStringA.KERNEL32(00000000,00000100,00CAB5DC,00000001,00000000,00000000,?,?,00CA92BB,?), ref: 00CA82EF
LCMapStringA.KERNEL32(?,?,00000000,00000001,00000000,00000003,74CB70F0,00CB3440,?,00000003,00000000,00000001,00000000,?,?,00CA92BB), ref: 00CA8338
MultiByteToWideChar.KERNEL32(?,00CB3441,00000000,00000001,00000000,00000000,74CB70F0,00CB3440,?,00000003,00000000,00000001,00000000,?,?,00CA92BB), ref: 00CA8370
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,?,00000000), ref: 00CA83C8
LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000), ref: 00CA83DE
LCMapStringW.KERNEL32(?,?,?,00000000,?,?), ref: 00CA8411
LCMapStringW.KERNEL32(?,?,?,?,?,00000000), ref: 00CA8479

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: String$ByteCharMultiWide
String ID:
API String ID: 352835431-0
Opcode ID: 209fb066ada7924eef703264f3ef5635dce0b173f72c2f19e7b670746d90ff5c
Instruction ID: b6ad73682c185f178c2e69c1eff7ef792fd48c71717b2f8a2fdb94465bab028a
Opcode Fuzzy Hash: 209fb066ada7924eef703264f3ef5635dce0b173f72c2f19e7b670746d90ff5c
Instruction Fuzzy Hash: 62516D7190024AEFCF218F95CC45AEF7FB5FB4A758F104129FA21A2161DB328E15EB60

Uniqueness

Uniqueness Score: -1.00%

Function 00CA11A0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 105
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00CA11A0(intOrPtr _a4, char _a8) {
				char _v260;
				intOrPtr _t14;
				intOrPtr _t15;
				void* _t18;
				intOrPtr _t23;
				signed int _t25;
				void* _t31;
				intOrPtr _t33;
				intOrPtr _t34;
				void* _t42;
				signed int _t44;
				void* _t45;
				char* _t47;
				void* _t52;
				void* _t53;
				void* _t54;
				void* _t56;

				E00CA19D7("errorlogs");
				_t14 =  *0xcb30b0; // 0x0
				_t52 =  &_v260 + 4;
				if(_t14 >= 1) {
					_t15 = _t14 + 1;
					 *0xcb30b0 = _t15;
					_push(_t15);
					_push("errorlogs\\errorlog%.5d.txt");
					_push( &_v260);
					goto L6;
				} else {
					while(1) {
						 *0xcb30b0 = _t14 + 1;
						E00CA1985( &_v260, "errorlogs\\errorlog%.5d.txt", _t14 + 1);
						_t31 = E00CA1972( &_v260, "rb");
						_t53 = _t52 + 0x14;
						if(_t31 == 0) {
							break;
						}
						E00CA18C4(_t31);
						_t14 =  *0xcb30b0; // 0x0
						_t52 = _t53 + 4;
					}
					if( *0xcb30b0 > 0x20) {
						E00CA10F0( &_v260);
						_t33 =  *0xcb30b0; // 0x0
						_t34 = _t33 + 1;
						_push(_t34);
						_push("errorlogs\\errorlog%.5d.txt");
						 *0xcb30b0 = _t34;
						_push(_t53);
						L6:
						E00CA1985();
						_t53 = _t52 + 0xc;
					}
				}
				_t18 = E00CA1972( &_v260, "wt");
				_t49 = _t18;
				_t54 = _t53 + 8;
				if(_t18 != 0) {
					E00CA1888(_t49, "Error:", _t42);
					E00CA184D(_t49, _a4,  &_a8);
					E00CA1888(_t49, "\n\nFunction trace:\n", _t45);
					_t23 =  *0xcb30ac; // 0x6
					_t56 = _t54 + 0x1c;
					if(_t23 > 0) {
						_t7 = _t23 - 1; // 0x5
						_t44 = _t7;
						_t25 = _t44 << 8;
						_t47 = _t25 + "Host_Init";
						while( *((intOrPtr*)(_t25 + "Host_Init")) != 0) {
							 *((char*)(_t25 + 0xcaf1ab)) = 0;
							E00CA1888(_t49, "%s\n", _t47);
							_t56 = _t56 + 0xc;
							 *_t47 = 0;
							if(_t44 == 0) {
								_t44 = 0x40;
							}
							_t44 = _t44 - 1;
							_t25 = _t44 << 8;
							_t47 = _t25 + "Host_Init";
						}
					}
					_t18 = E00CA18C4(_t49);
				}
				return _t18;
			}

0x00ca11ab
0x00ca11b0
0x00ca11b5
0x00ca11bb
0x00ca121f
0x00ca1220
0x00ca1225
0x00ca122a
0x00ca122f
0x00000000
0x00ca11bd
0x00ca11bd
0x00ca11be
0x00ca11ce
0x00ca11dd
0x00ca11e2
0x00ca11e7
0x00000000
0x00000000
0x00ca11ea
0x00ca11ef
0x00ca11f4
0x00ca11f4
0x00ca1200
0x00ca1202
0x00ca1207
0x00ca1210
0x00ca1211
0x00ca1212
0x00ca1217
0x00ca121c
0x00ca1230
0x00ca1230
0x00ca1235
0x00ca1235
0x00ca1200
0x00ca1243
0x00ca1248
0x00ca124a
0x00ca124f
0x00ca125d
0x00ca1273
0x00ca1281
0x00ca1286
0x00ca128b
0x00ca1290
0x00ca1292
0x00ca1292
0x00ca1297
0x00ca12a0
0x00ca12a8
0x00ca12b1
0x00ca12b8
0x00ca12bd
0x00ca12c0
0x00ca12c5
0x00ca12c7
0x00ca12c7
0x00ca12cc
0x00ca12cf
0x00ca12d8
0x00ca12de
0x00ca12a8
0x00ca12e3
0x00ca12ec
0x00ca12f4

APIs

Part of subcall function 00CA19D7: CreateDirectoryA.KERNEL32(00CA11B0,00000000,00CA11B0,errorlogs), ref: 00CA19DD
Part of subcall function 00CA19D7: GetLastError.KERNEL32 ref: 00CA19E7

ClearErrorLogs.DBG ref: 00CA1202

Strings

Error:, xrefs: 00CA1257
Function trace:, xrefs: 00CA127B
Host_Init, xrefs: 00CA129A, 00CA12A0, 00CA12AA, 00CA12D2, 00CA12D8
%s, xrefs: 00CA12AB
errorlogs\errorlog%.5d.txt, xrefs: 00CA11C8, 00CA1212, 00CA122A
errorlogs, xrefs: 00CA11A6

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: Error$ClearCreateDirectoryLastLogs
String ID: Function trace:$%s$Error:$Host_Init$errorlogs$errorlogs\errorlog%.5d.txt
API String ID: 331937278-151362360
Opcode ID: 25b1642bbe434e20dce7a2caef9710e6336839d1045840bfdb5fe419ab4e999c
Instruction ID: 73233aec4d36b0de0d5e3a634310b84a73035b84ce5d5f688ba8a3c934e8cda2
Opcode Fuzzy Hash: 25b1642bbe434e20dce7a2caef9710e6336839d1045840bfdb5fe419ab4e999c
Instruction Fuzzy Hash: D531D87150424A9FD310B7A49C86F6B379CAF8370CF0E4625FD49D7142E675DA098362

Uniqueness

Uniqueness Score: -1.00%

Function 00C4992F Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100
fileCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 96%

			E00C4992F(void* __edi, long _a4) {
				char _v164;
				char _v424;
				int _t17;
				long _t19;
				signed int _t42;
				long _t47;
				void* _t48;
				signed int _t54;
				void** _t56;
				void* _t57;

				_t48 = __edi;
				_t47 = _a4;
				_t42 = 0;
				_t17 = 0xc6e868;
				while(_t47 !=  *_t17) {
					_t17 = _t17 + 8;
					_t42 = _t42 + 1;
					if(_t17 < 0xc6e8f8) {
						continue;
					}
					break;
				}
				_t54 = _t42 << 3;
				_t2 = _t54 + 0xc6e868; // 0x98000000
				if(_t47 ==  *_t2) {
					_t17 =  *0xc704dc; // 0x0
					if(_t17 == 1 || _t17 == 0 &&  *0xc704e0 == 1) {
						_t16 = _t54 + 0xc6e86c; // 0xc55898
						_t56 = _t16;
						_t19 = E00C480B0( *_t56);
						_t17 = WriteFile(GetStdHandle(0xfffffff4),  *_t56, _t19,  &_a4, 0);
					} else {
						if(_t47 != 0xfc) {
							if(GetModuleFileNameA(0,  &_v424, 0x104) == 0) {
								E00C49FD0( &_v424, "<program name unknown>");
							}
							_push(_t48);
							_t49 =  &_v424;
							if(E00C480B0( &_v424) + 1 > 0x3c) {
								_t49 = E00C480B0( &_v424) +  &_v424 - 0x3b;
								E00C43750(E00C480B0( &_v424) +  &_v424 - 0x3b, "...", 3);
								_t57 = _t57 + 0x10;
							}
							E00C49FD0( &_v164, "Runtime Error!\n\nProgram: ");
							E00C49FE0( &_v164, _t49);
							E00C49FE0( &_v164, "\n\n");
							_t12 = _t54 + 0xc6e86c; // 0xc55898
							E00C49FE0( &_v164,  *_t12);
							_t17 = E00C4BF71( &_v164, "Microsoft Visual C++ Runtime Library", 0x12010);
						}
					}
				}
				return _t17;
			}

0x00c4992f
0x00c49938
0x00c4993b
0x00c4993d
0x00c49942
0x00c49946
0x00c49949
0x00c4994f
0x00000000
0x00000000
0x00000000
0x00c4994f
0x00c49954
0x00c49957
0x00c4995d
0x00c49963
0x00c4996b
0x00c49a5c
0x00c49a5c
0x00c49a67
0x00c49a79
0x00c49982
0x00c49988
0x00c499a4
0x00c499b2
0x00c499b8
0x00c499bf
0x00c499c1
0x00c499d1
0x00c499ec
0x00c499f4
0x00c499f9
0x00c499f9
0x00c49a08
0x00c49a15
0x00c49a26
0x00c49a2b
0x00c49a38
0x00c49a4e
0x00c49a56
0x00c49988
0x00c4996b
0x00c49a81

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000010), ref: 00C4999C
GetStdHandle.KERNEL32(000000F4,00C55898,00000000,00000000,00000000,00000010), ref: 00C49A72
WriteFile.KERNEL32(00000000), ref: 00C49A79

Strings

Microsoft Visual C++ Runtime Library, xrefs: 00C49A48
Runtime Error!Program: , xrefs: 00C49A02
<program name unknown>, xrefs: 00C499AC
..., xrefs: 00C499EE

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: File$HandleModuleNameWrite
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 3784150691-4022980321
Opcode ID: 1f7d0d960b56750ce1036fb5aadd211e9a71146e4d46476c1eb3c305330ec63b
Instruction ID: bc8e8ef2e7ff1a687be46d936eca536e933ff0831b904ea87cc66eeb6994a428
Opcode Fuzzy Hash: 1f7d0d960b56750ce1036fb5aadd211e9a71146e4d46476c1eb3c305330ec63b
Instruction Fuzzy Hash: 9A310772A40228AFEF20E6A0CC46F9F776CFB85350F54046AF945E6091E670EB89DB51

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3ECE Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E00CA3ECE(void* __edi, long _a4) {
				char _v164;
				char _v424;
				int _t17;
				long _t19;
				signed int _t42;
				long _t47;
				void* _t48;
				signed int _t54;
				void** _t56;
				void* _t57;

				_t48 = __edi;
				_t47 = _a4;
				_t42 = 0;
				_t17 = 0xcac530;
				while(_t47 !=  *_t17) {
					_t17 = _t17 + 8;
					_t42 = _t42 + 1;
					if(_t17 < 0xcac5c0) {
						continue;
					}
					break;
				}
				_t54 = _t42 << 3;
				_t2 = _t54 + 0xcac530; // 0x9c000000
				if(_t47 ==  *_t2) {
					_t17 =  *0xcb30c8; // 0x0
					if(_t17 == 1 || _t17 == 0 &&  *0xcb30cc == 1) {
						_t16 = _t54 + 0xcac534; // 0xcab49c
						_t56 = _t16;
						_t19 = E00CA4C50( *_t56);
						_t17 = WriteFile(GetStdHandle(0xfffffff4),  *_t56, _t19,  &_a4, 0);
					} else {
						if(_t47 != 0xfc) {
							if(GetModuleFileNameA(0,  &_v424, 0x104) == 0) {
								E00CA2050( &_v424, "<program name unknown>");
							}
							_push(_t48);
							_t49 =  &_v424;
							if(E00CA4C50( &_v424) + 1 > 0x3c) {
								_t49 = E00CA4C50( &_v424) +  &_v424 - 0x3b;
								E00CA1460(E00CA4C50( &_v424) +  &_v424 - 0x3b, "...", 3);
								_t57 = _t57 + 0x10;
							}
							E00CA2050( &_v164, "Runtime Error!\n\nProgram: ");
							E00CA2060( &_v164, _t49);
							E00CA2060( &_v164, "\n\n");
							_t12 = _t54 + 0xcac534; // 0xcab49c
							E00CA2060( &_v164,  *_t12);
							_t17 = E00CA80BF( &_v164, "Microsoft Visual C++ Runtime Library", 0x12010);
						}
					}
				}
				return _t17;
			}

0x00ca3ece
0x00ca3ed7
0x00ca3eda
0x00ca3edc
0x00ca3ee1
0x00ca3ee5
0x00ca3ee8
0x00ca3eee
0x00000000
0x00000000
0x00000000
0x00ca3eee
0x00ca3ef3
0x00ca3ef6
0x00ca3efc
0x00ca3f02
0x00ca3f0a
0x00ca3ffb
0x00ca3ffb
0x00ca4006
0x00ca4018
0x00ca3f21
0x00ca3f27
0x00ca3f43
0x00ca3f51
0x00ca3f57
0x00ca3f5e
0x00ca3f60
0x00ca3f70
0x00ca3f8b
0x00ca3f93
0x00ca3f98
0x00ca3f98
0x00ca3fa7
0x00ca3fb4
0x00ca3fc5
0x00ca3fca
0x00ca3fd7
0x00ca3fed
0x00ca3ff5
0x00ca3f27
0x00ca3f0a
0x00ca4020

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 00CA3F3B
GetStdHandle.KERNEL32(000000F4,00CAB49C,00000000,00000000,00000000,?), ref: 00CA4011
WriteFile.KERNEL32(00000000), ref: 00CA4018

Strings

Runtime Error!Program: , xrefs: 00CA3FA1
..., xrefs: 00CA3F8D
<program name unknown>, xrefs: 00CA3F4B
Microsoft Visual C++ Runtime Library, xrefs: 00CA3FE7

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: File$HandleModuleNameWrite
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 3784150691-4022980321
Opcode ID: 27ec2d73b1436a64755b5d8b8fa93dcfa2709b0e103db5902f659afb3005b187
Instruction ID: 13ab4c9585bdef1003bb74f25be972d50993f693f52600c930883a53a51c2de2
Opcode Fuzzy Hash: 27ec2d73b1436a64755b5d8b8fa93dcfa2709b0e103db5902f659afb3005b187
Instruction Fuzzy Hash: 4E31D472A0021AAFDF20E6A4DC46F9E776CAB8730CF100466F568D6082E7B0AF409B51

Uniqueness

Uniqueness Score: -1.00%

Function 00C26D30 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00C26D30(signed int __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _t15;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr* _t33;
				intOrPtr* _t36;
				intOrPtr _t38;

				_push(0xffffffff);
				_push(E00C4DC81);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t38;
				_push(__ecx);
				_t15 = E00C2FBA0(__ecx);
				_push(0xc0);
				_t33 = _t15;
				L00C3E340();
				_v16 = _t15;
				_v4 = 0;
				if(_t15 == 0) {
					_t36 = 0;
				} else {
					_t36 = E00C3DDE0(_t15, "Button");
				}
				_v4 = 0xffffffff;
				_t17 =  *((intOrPtr*)( *_t33 + 0x44))(_t36);
				_push(0xd0);
				L00C3E340();
				_v20 = _t17;
				_v8 = 1;
				if(_t17 == 0) {
					_t17 = 0;
				} else {
					_push("setSelected");
					"VWj\nj\nj"();
				}
				_v8 = 0xffffffff;
				_t18 =  *((intOrPtr*)( *_t36 + 0x44))(_t17);
				_push(0xd0);
				L00C3E340();
				_v24 = _t18;
				_v12 = 2;
				if(_t18 == 0) {
					_t18 = 0;
				} else {
					_push("setArmed");
					"VWj\nj\nj"();
				}
				_v12 = 0xffffffff;
				 *((intOrPtr*)( *_t36 + 0x44))(_t18);
				 *[fs:0x0] = _v24;
				return _t33;
			}

0x00c26d30
0x00c26d32
0x00c26d3d
0x00c26d3e
0x00c26d45
0x00c26d48
0x00c26d4d
0x00c26d52
0x00c26d54
0x00c26d5c
0x00c26d62
0x00c26d6a
0x00c26d7c
0x00c26d6c
0x00c26d78
0x00c26d78
0x00c26d83
0x00c26d8b
0x00c26d8e
0x00c26d93
0x00c26d9b
0x00c26da1
0x00c26da9
0x00c26db9
0x00c26dab
0x00c26dab
0x00c26db2
0x00c26db2
0x00c26dc0
0x00c26dc8
0x00c26dcb
0x00c26dd0
0x00c26dd8
0x00c26dde
0x00c26de6
0x00c26df6
0x00c26de8
0x00c26de8
0x00c26def
0x00c26def
0x00c26dfd
0x00c26e05
0x00c26e10
0x00c26e1a

APIs

?createPropertyPanel@Label@vgui@@UAEPAVPanel@2@XZ.VGUI(?,?,?,?,00C4DC81,000000FF), ref: 00C26D48

Part of subcall function 00C2FBA0: ?createPropertyPanel@Panel@vgui@@UAEPAV12@XZ.VGUI ref: 00C2FBBD
Part of subcall function 00C2FBA0: ??0TreeFolder@vgui@@QAE@PBD@Z.VGUI(Label), ref: 00C2FBEA
Part of subcall function 00C2FBA0: ??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,000000C8,00000014), ref: 00C2FC32
Part of subcall function 00C2FBA0: ??0FlowLayout@vgui@@QAE@H@Z.VGUI(00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C4DC81), ref: 00C2FC70
Part of subcall function 00C2FBA0: ?setLayout@Panel@vgui@@UAEXPAVLayout@2@@Z.VGUI(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C4DC81), ref: 00C2FC81
Part of subcall function 00C2FBA0: ??0Label@vgui@@QAE@PBD@Z.VGUI(setText), ref: 00C2FCA7
Part of subcall function 00C2FBA0: ??0TextEntry@vgui@@QAE@PBDHHHH@Z.VGUI(00C6F3D0,00000000,00000000,00000050,00000014), ref: 00C2FCE6

??0TreeFolder@vgui@@QAE@PBD@Z.VGUI(Button,?,?,?,?,?,?,000000FF), ref: 00C26D73

Part of subcall function 00C3DDE0: ??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,000001F4,000001F4,?,00C343E8,Panel), ref: 00C3DDF1
Part of subcall function 00C3DDE0: ?init@TreeFolder@vgui@@MAEXPBD@Z.VGUI(?,00000000,00000000,000001F4,000001F4,?,00C343E8,Panel), ref: 00C3DE03

??0Label@vgui@@QAE@PBD@Z.VGUI(setSelected,?,?,?,?,?,?,?,000000FF), ref: 00C26DB2
??0Label@vgui@@QAE@PBD@Z.VGUI(setArmed,?,?,?,?,?,?,?,?,000000FF), ref: 00C26DEF

Strings

setSelected, xrefs: 00C26DAB
setArmed, xrefs: 00C26DE8
Button, xrefs: 00C26D6C

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Label@vgui@@Panel@vgui@@$Folder@vgui@@Tree$?createPanel@Property$?init@?setEntry@vgui@@FlowLayout@Layout@2@@Layout@vgui@@Panel@2@TextV12@
String ID: Button$setArmed$setSelected
API String ID: 713430322-3181550568
Opcode ID: cd0cfd1ba000b32e4b03aad12a48d2ec24d42c59e2a387d56e41631eb2712257
Instruction ID: 0a50f684cb2e54a6cca93f7ede513aca16c3d12205e6d0fa39c836db07bad0b4
Opcode Fuzzy Hash: cd0cfd1ba000b32e4b03aad12a48d2ec24d42c59e2a387d56e41631eb2712257
Instruction Fuzzy Hash: 0E21D1B17003129BD350EF789849B1ABAE4AF88760F240A3DF465D73D1EA74C9408BA3

Uniqueness

Uniqueness Score: -1.00%

Function 00C29660 Relevance: 12.2, APIs: 8, Instructions: 179
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00C29660(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _v48;
				void* _v52;
				intOrPtr _v56;
				void* _v72;
				void* _v84;
				signed int _t61;
				intOrPtr _t65;
				intOrPtr* _t66;
				intOrPtr _t69;
				intOrPtr* _t70;
				intOrPtr _t76;
				intOrPtr* _t77;
				signed int _t83;
				intOrPtr _t84;
				signed int _t89;
				signed int _t90;
				signed int _t123;
				intOrPtr _t127;
				intOrPtr* _t131;
				intOrPtr _t135;
				intOrPtr _t137;
				void* _t138;
				void* _t140;
				void* _t142;
				void* _t143;
				void* _t144;

				_push(0xffffffff);
				_push(E00C4DD61);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t137;
				_t131 = __ecx;
				E00C328C0(__ecx, _a4, _a8, _a12, _a16);
				_t83 = 1;
				 *((intOrPtr*)(_t131 + 0xc8)) = 0;
				 *(_t131 + 0xcc) = 0;
				 *((intOrPtr*)(_t131 + 0xd0)) = 0;
				do {
					_t83 = _t83 + _t83;
				} while (_t83 < 4);
				_t123 = _t83 * 4;
				_push(_t123);
				L00C3E340();
				_t138 = _t137 + 4;
				if(0 == 0) {
					E00C4292B(0);
				}
				_t89 = _t123;
				_t90 = _t89 >> 2;
				memset(0 + _t90, memset(0, 0, _t90 << 2), (_t89 & 0x00000003) << 0);
				_t140 = _t138 + 0x18;
				_t61 = 0;
				 *(_t131 + 0xcc) = _t83;
				if( *((intOrPtr*)(_t131 + 0xc8)) > 0) {
					do {
						_t61 = _t61 + 1;
						 *((intOrPtr*)(0 + _t61 * 4 - 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t131 + 0xd0)) + _t61 * 4 - 4));
					} while (_t61 <  *((intOrPtr*)(_t131 + 0xc8)));
				}
				_push( *((intOrPtr*)(_t131 + 0xd0)));
				L00C3E350();
				 *((intOrPtr*)(_t131 + 0xd0)) = 0;
				 *_t131 = 0xc50864;
				_push(0);
				_push(0x80);
				_push(0x80);
				_push(0);
				E00C34580();
				E00C341B0(_t131, 0);
				E00C341C0(_t131, 0);
				_t65 = E00C341D0(_t131, 0);
				_push(0xbc);
				L00C3E340();
				_t142 = _t140 + 8;
				 *((intOrPtr*)(_t142 + 0x24)) = _t65;
				_t84 =  *((intOrPtr*)(_t142 + 0x28));
				_t127 =  *((intOrPtr*)(_t142 + 0x2c));
				_v32 = 0;
				if(_t65 == 0) {
					_t66 = 0;
				} else {
					_t66 = E00C328C0(_t65, 0, 0, _t84, _t127 - 0x24);
				}
				 *((intOrPtr*)(_t131 + 0xbc)) = _t66;
				_t135 = 0xffffffff;
				 *((intOrPtr*)(_t142 + 0x1c)) = 0xffffffff;
				 *((intOrPtr*)( *_t66 + 0x40))(_t131);
				_t69 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t131 + 0xbc)))) + 0x12c))(0, 0x80, 0x80, 0);
				_push(0xbc);
				L00C3E340();
				_t143 = _t142 + 4;
				 *((intOrPtr*)(_t143 + 0x2c)) = _t69;
				 *(_t143 + 0x18) = 1;
				if(_t69 == 0) {
					_t70 = 0;
				} else {
					_t70 = E00C328C0(_t69, 0, 0, _t84, _t127 - 0x24);
				}
				 *((intOrPtr*)(_t131 + 0xc0)) = _t70;
				 *((intOrPtr*)(_t143 + 0x1c)) = _t135;
				 *((intOrPtr*)( *_t70 + 0xd8))(0);
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t131 + 0xc0)))) + 0xdc))(0);
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t131 + 0xc0)))) + 0xe0))(0);
				_t76 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t131 + 0xc0)))) + 0x40))(_t131);
				_push(0xd8);
				L00C3E340();
				_t144 = _t143 + 4;
				_v36 = _t76;
				_v56 = 2;
				if(_t76 == 0) {
					_t77 = 0;
				} else {
					_t77 = E00C3AD50(_t76, 0, _t127 + 0xffffffdc, _t84, 0x24);
				}
				 *((intOrPtr*)(_t131 + 0xc4)) = _t77;
				_v56 = _t135;
				 *((intOrPtr*)( *_t77 + 0x40))(_t131);
				 *((intOrPtr*)(_t131 + 0xd4)) = 0x32;
				 *((intOrPtr*)(_t131 + 0xd8)) = 0x32;
				 *[fs:0x0] =  *((intOrPtr*)(_t144 + 0x10));
				return _t131;
			}

0x00c29666
0x00c29668
0x00c2966d
0x00c29676
0x00c29680
0x00c29691
0x00c29698
0x00c2969d
0x00c296a3
0x00c296a9
0x00c296af
0x00c296af
0x00c296b1
0x00c296b6
0x00c296bd
0x00c296be
0x00c296c5
0x00c296ca
0x00c296cd
0x00c296cd
0x00c296d2
0x00c296da
0x00c296e4
0x00c296e4
0x00c296ec
0x00c296f0
0x00c296f6
0x00c296f8
0x00c296fe
0x00c29703
0x00c2970d
0x00c296f8
0x00c29717
0x00c29718
0x00c29720
0x00c29728
0x00c2972e
0x00c29730
0x00c29735
0x00c2973a
0x00c2973c
0x00c29745
0x00c2974e
0x00c29757
0x00c2975c
0x00c29761
0x00c29766
0x00c29769
0x00c2976d
0x00c29771
0x00c29777
0x00c2977f
0x00c29793
0x00c29781
0x00c2978c
0x00c2978c
0x00c29795
0x00c2979d
0x00c297a3
0x00c297a7
0x00c297c0
0x00c297c6
0x00c297cb
0x00c297d0
0x00c297d3
0x00c297d9
0x00c297e1
0x00c297f5
0x00c297e3
0x00c297ee
0x00c297ee
0x00c297f7
0x00c29803
0x00c29807
0x00c29817
0x00c29827
0x00c29836
0x00c29839
0x00c2983e
0x00c29843
0x00c29846
0x00c2984c
0x00c29854
0x00c29868
0x00c29856
0x00c29861
0x00c29861
0x00c2986a
0x00c29875
0x00c29879
0x00c29885
0x00c2988b
0x00c29896
0x00c298a1

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,?,?,?,?,?,00C4DD61,000000FF), ref: 00C29691

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

?setBgColor@Panel@vgui@@UAEXHHHH@Z.VGUI(00000000,00000080,00000080,00000000), ref: 00C2973C
?setPaintBorderEnabled@Panel@vgui@@UAEX_N@Z.VGUI(00000000,00000000,00000080,00000080,00000000), ref: 00C29745
?setPaintBackgroundEnabled@Panel@vgui@@UAEX_N@Z.VGUI(00000000,00000000,00000000,00000080,00000080,00000000), ref: 00C2974E
?setPaintEnabled@Panel@vgui@@UAEX_N@Z.VGUI(00000000,00000000,00000000,00000000,00000080,00000080,00000000), ref: 00C29757
??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C2978C
??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C297EE
??0TaskBar@vgui@@QAE@HHHH@Z.VGUI(00000000,?,?,00000024,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C29861

Part of subcall function 00C3AD50: ??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,?,?,00000000,?,00000000,00C4E39C,000000FF,00C29866,00000000,?,?,00000024), ref: 00C3AD81

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Panel@vgui@@$?set$Enabled@Paint$?ensureBackgroundBar@vgui@@BorderCapacity@?$Color@Dar@Signal@vgui@@@vgui@@TaskTick
String ID:
API String ID: 3781334298-0
Opcode ID: bd1d99c64e1404579618b248da6eea6a826592bcacc2ba85a5ae151f30cec66c
Instruction ID: 79c0801dadd6f3ac0067c55b068ebca1b47e914925f239bff1c591d55299075d
Opcode Fuzzy Hash: bd1d99c64e1404579618b248da6eea6a826592bcacc2ba85a5ae151f30cec66c
Instruction Fuzzy Hash: 46617BB07407009FE354DF68D856F6AB6E5FB88700F10492DF65ADB2C1EB71A904CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00C39120 Relevance: 12.1, APIs: 8, Instructions: 139
windowCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E00C39120(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v0;
				signed int _v12;
				void* _v16;
				intOrPtr _v28;
				intOrPtr _v40;
				int _t55;
				signed int _t57;
				intOrPtr _t64;
				intOrPtr* _t65;
				signed int _t70;
				signed int _t76;
				signed int _t77;
				signed int _t80;
				intOrPtr* _t89;
				signed int _t100;
				void* _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr* _t107;
				intOrPtr _t112;
				void* _t113;
				void* _t115;
				signed int _t117;
				void* _t118;
				void* _t119;

				_push(0xffffffff);
				_push(E00C4E2EB);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t112;
				_t107 = __ecx;
				E00C328C0(__ecx, _a4, _a8, _a12, _a16);
				_t70 = 1;
				 *((intOrPtr*)(_t107 + 0xbc)) = 0;
				 *(_t107 + 0xc0) = 0;
				 *((intOrPtr*)(_t107 + 0xc4)) = 0;
				do {
					_t70 = _t70 + _t70;
				} while (_t70 < 4);
				_t100 = _t70 * 4;
				_push(_t100);
				L00C3E340();
				_t113 = _t112 + 4;
				if(0 == 0) {
					E00C4292B(0);
				}
				_t76 = _t100;
				_t77 = _t76 >> 2;
				_t55 = memset(0, 0, _t77 << 2);
				_t102 = 0 + _t77;
				_t80 = _t76 & 0x00000003;
				memset(_t102, _t55, _t80 << 0);
				_t115 = _t113 + 0x18;
				_t103 = _t102 + _t80;
				 *(_t107 + 0xc0) = _t70;
				_t57 = 0;
				if( *((intOrPtr*)(_t107 + 0xbc)) > 0) {
					do {
						_t57 = _t57 + 1;
						 *((intOrPtr*)(0 + _t57 * 4 - 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t107 + 0xc4)) + _t57 * 4 - 4));
						_t125 = _t57 -  *((intOrPtr*)(_t107 + 0xbc));
					} while (_t57 <  *((intOrPtr*)(_t107 + 0xbc)));
				}
				L00C3E350();
				 *((intOrPtr*)(_t107 + 0xc4)) = 0;
				 *_t107 = 0xc53e74;
				E00C393F0(_t107, 2, 2);
				E00C39410(_t107, 0);
				E00C39430(_t107, _a4);
				_t117 = _t115 + 4 - 0xc;
				_v12 = _t117;
				E00C279C0(_t117, _t125, 1);
				_t64 = E00C34640(_t107, 0,  *((intOrPtr*)(_t107 + 0xc4)));
				_t104 = _t103 | 0xffffffff;
				_push(0xbc);
				 *(_t107 + 0xd4) = _t104;
				 *(_t107 + 0xd8) = _t104;
				L00C3E340();
				_t118 = _t117 + 4;
				_v28 = _t64;
				_v40 = 0;
				if(_t64 == 0) {
					_t65 = 0;
					__eflags = 0;
				} else {
					_t65 = E00C326F0(_t64);
				}
				_push(0x10);
				_v12 = _t104;
				 *((intOrPtr*)(_t107 + 0xec)) = _t65;
				 *((char*)(_t107 + 0xf0)) = 0;
				 *((char*)(_t107 + 0xf1)) = 1;
				 *((char*)(_t107 + 0xf2)) = 1;
				 *((intOrPtr*)(_t107 + 0xdc)) = 0;
				 *((intOrPtr*)(_t107 + 0xe0)) = 0;
				 *(_t107 + 0xe4) = _t104;
				 *(_t107 + 0xe8) = _t104;
				 *((intOrPtr*)(_t107 + 0xf4)) = 0;
				 *((intOrPtr*)(_t107 + 0xf8)) = _a4;
				 *((intOrPtr*)(_t107 + 0xfc)) = _a8;
				 *((char*)(_t107 + 0x100)) = 1;
				L00C3E340();
				_t119 = _t118 + 4;
				if(_t65 == 0) {
					_t89 = 0;
					__eflags = 0;
				} else {
					_t44 = _t65 + 4; // 0x4
					_t89 = _t44;
					 *_t89 = 0xc4fe14;
					 *((intOrPtr*)(_t65 + 8)) = 0xc54108;
					 *_t65 = 0xc54100;
					 *_t89 = 0xc540d0;
					 *((intOrPtr*)(_t65 + 8)) = 0xc540c8;
					 *((intOrPtr*)(_t65 + 0xc)) = _t107;
				}
				E00C25A70(_t107, _t89);
				 *[fs:0x0] =  *((intOrPtr*)(_t119 + 0x10));
				return _t107;
			}

0x00c39126
0x00c39128
0x00c3912d
0x00c39136
0x00c39140
0x00c39151
0x00c39158
0x00c3915d
0x00c39163
0x00c39169
0x00c3916f
0x00c3916f
0x00c39171
0x00c39176
0x00c3917d
0x00c3917e
0x00c39185
0x00c3918a
0x00c3918d
0x00c3918d
0x00c39192
0x00c3919a
0x00c3919d
0x00c3919d
0x00c391a1
0x00c391a4
0x00c391a4
0x00c391a4
0x00c391ac
0x00c391b4
0x00c391b8
0x00c391ba
0x00c391c0
0x00c391c5
0x00c391cf
0x00c391cf
0x00c391ba
0x00c391da
0x00c391e2
0x00c391ea
0x00c391f4
0x00c391fd
0x00c39209
0x00c3920e
0x00c39213
0x00c39219
0x00c39220
0x00c39225
0x00c39228
0x00c3922d
0x00c39233
0x00c39239
0x00c3923e
0x00c39241
0x00c39247
0x00c3924b
0x00c39256
0x00c39256
0x00c3924d
0x00c3924f
0x00c3924f
0x00c39260
0x00c39262
0x00c39266
0x00c3926c
0x00c39273
0x00c3927a
0x00c39281
0x00c39287
0x00c3928d
0x00c39293
0x00c39299
0x00c3929f
0x00c392a5
0x00c392ab
0x00c392b2
0x00c392b7
0x00c392bc
0x00c392e6
0x00c392e6
0x00c392be
0x00c392be
0x00c392be
0x00c392c1
0x00c392c7
0x00c392ce
0x00c392d4
0x00c392da
0x00c392e1
0x00c392e1
0x00c392eb
0x00c392f9
0x00c39304

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,?,?,?,?,?,00C4E2EB,000000FF), ref: 00C39151

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

?setGridSize@TablePanel@vgui@@UAEXHH@Z.VGUI(00000002,00000002), ref: 00C391F4
?setGridVisible@TablePanel@vgui@@UAEX_N0@Z.VGUI(00000000,00000000,00000002,00000002), ref: 00C391FD
?setColumnCount@TablePanel@vgui@@UAEXH@Z.VGUI(?,00000000,00000000,00000002,00000002), ref: 00C39209
??0Color@vgui@@QAE@W4SchemeColor@Scheme@1@@Z.VGUI(00000001,?,00000002,00000002), ref: 00C39219
?setFgColor@Panel@vgui@@UAEXVColor@2@@Z.VGUI(00000001,?,00000002,00000002), ref: 00C39220
??0Panel@vgui@@QAE@XZ.VGUI ref: 00C3924F
?addInputSignal@Panel@vgui@@UAEXPAVInputSignal@2@@Z.VGUI(00000000,00000010), ref: 00C392EB

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Panel@vgui@@$?set$Table$Color@GridInput$?add?ensureCapacity@?$Color@2@@Color@vgui@@ColumnCount@Dar@SchemeScheme@1@@Signal@Signal@2@@Signal@vgui@@@vgui@@Size@TickVisible@
String ID:
API String ID: 1735523231-0
Opcode ID: fd0bb5de60dbc269d1f364311a8828dfe39c70ee607b51a34a972ff86b1a0390
Instruction ID: 7fe29aac2bae0fb9036e73d90ee2324f99d14e6f5d7331ef320bbbff8a512ce2
Opcode Fuzzy Hash: fd0bb5de60dbc269d1f364311a8828dfe39c70ee607b51a34a972ff86b1a0390
Instruction Fuzzy Hash: 7151E1B0614B408FD724DF39C891BABFBE5FB88304F00492DE56A87391D7B1A844CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00C497BE Relevance: 12.1, APIs: 8, Instructions: 132
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C497BE() {
				int _v4;
				int _v8;
				intOrPtr _t7;
				CHAR* _t9;
				WCHAR* _t17;
				int _t20;
				char* _t24;
				int _t32;
				CHAR* _t36;
				WCHAR* _t38;
				void* _t39;
				int _t42;

				_t7 =  *0xc70748; // 0x1
				_t32 = 0;
				_t38 = 0;
				_t36 = 0;
				if(_t7 != 0) {
					if(_t7 != 1) {
						if(_t7 != 2) {
							L27:
							return 0;
						}
						L18:
						if(_t36 != _t32) {
							L20:
							_t9 = _t36;
							if( *_t36 == _t32) {
								L23:
								_t41 = _t9 - _t36 + 1;
								_t39 = E00C43594(_t9 - _t36 + 1);
								if(_t39 != _t32) {
									E00C45D20(_t39, _t36, _t41);
								} else {
									_t39 = 0;
								}
								FreeEnvironmentStringsA(_t36);
								return _t39;
							} else {
								goto L21;
							}
							do {
								do {
									L21:
									_t9 =  &(_t9[1]);
								} while ( *_t9 != _t32);
								_t9 =  &(_t9[1]);
							} while ( *_t9 != _t32);
							goto L23;
						}
						_t36 = GetEnvironmentStrings();
						if(_t36 == _t32) {
							goto L27;
						}
						goto L20;
					}
					L6:
					if(_t38 != _t32) {
						L8:
						_t17 = _t38;
						if( *_t38 == _t32) {
							L11:
							_t20 = (_t17 - _t38 >> 1) + 1;
							_v4 = _t20;
							_t42 = WideCharToMultiByte(_t32, _t32, _t38, _t20, _t32, _t32, _t32, _t32);
							if(_t42 != _t32) {
								_t24 = E00C43594(_t42);
								_v8 = _t24;
								if(_t24 != _t32) {
									if(WideCharToMultiByte(_t32, _t32, _t38, _v4, _t24, _t42, _t32, _t32) == 0) {
										E00C434AB(_v8);
										_v8 = _t32;
									}
									_t32 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t38);
							return _t32;
						} else {
							goto L9;
						}
						do {
							do {
								L9:
								_t17 =  &(_t17[1]);
							} while ( *_t17 != _t32);
							_t17 =  &(_t17[1]);
						} while ( *_t17 != _t32);
						goto L11;
					}
					_t38 = GetEnvironmentStringsW();
					if(_t38 == _t32) {
						goto L27;
					}
					goto L8;
				}
				_t38 = GetEnvironmentStringsW();
				if(_t38 == 0) {
					_t36 = GetEnvironmentStrings();
					if(_t36 == 0) {
						goto L27;
					}
					 *0xc70748 = 2;
					goto L18;
				}
				 *0xc70748 = 1;
				goto L6;
			}

0x00c497c0
0x00c497cf
0x00c497d1
0x00c497d3
0x00c497d7
0x00c4980f
0x00c49899
0x00c498e7
0x00000000
0x00c498e7
0x00c4989b
0x00c4989d
0x00c498ab
0x00c498ad
0x00c498af
0x00c498bb
0x00c498be
0x00c498c6
0x00c498cb
0x00c498d4
0x00c498cd
0x00c498cd
0x00c498cd
0x00c498dd
0x00000000
0x00000000
0x00000000
0x00000000
0x00c498b1
0x00c498b1
0x00c498b1
0x00c498b1
0x00c498b2
0x00c498b6
0x00c498b7
0x00000000
0x00c498b1
0x00c498a5
0x00c498a9
0x00000000
0x00000000
0x00000000
0x00c498a9
0x00c49815
0x00c49817
0x00c49825
0x00c49828
0x00c4982a
0x00c4983a
0x00c49846
0x00c4984d
0x00c49853
0x00c49857
0x00c4985a
0x00c49862
0x00c49866
0x00c49877
0x00c4987d
0x00c49883
0x00c49883
0x00c49887
0x00c49887
0x00c49866
0x00c4988c
0x00000000
0x00000000
0x00000000
0x00000000
0x00c4982c
0x00c4982c
0x00c4982c
0x00c4982d
0x00c4982e
0x00c49834
0x00c49835
0x00000000
0x00c4982c
0x00c4981b
0x00c4981f
0x00000000
0x00000000
0x00000000
0x00c4981f
0x00c497db
0x00c497df
0x00c497f3
0x00c497f7
0x00000000
0x00000000
0x00c497fd
0x00000000
0x00c497fd
0x00c497e1
0x00000000

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00C43B73), ref: 00C497D9
GetEnvironmentStrings.KERNEL32(?,?,?,?,00C43B73), ref: 00C497ED
GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00C43B73), ref: 00C49819
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00C43B73), ref: 00C49851
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,00C43B73), ref: 00C49873
FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,00C43B73), ref: 00C4988C
GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,00C43B73), ref: 00C4989F
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00C498DD

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: EnvironmentStrings$ByteCharFreeMultiWide
String ID:
API String ID: 1823725401-0
Opcode ID: b2ecf618bc3445ed85ca6576c9979508135a12880e08afd242d5452c8d89d86e
Instruction ID: 97f4d51ce8e68773bc523f2a76c9c203f34f6fc244324e13510fdc4f104066ee
Opcode Fuzzy Hash: b2ecf618bc3445ed85ca6576c9979508135a12880e08afd242d5452c8d89d86e
Instruction Fuzzy Hash: 51310FB24042746FDB207F7C5C8493FBA9CFADB358F250939F566C3181E6318E8192A1

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3AE3 Relevance: 12.1, APIs: 8, Instructions: 132
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CA3AE3() {
				int _v4;
				int _v8;
				void* __ebx;
				intOrPtr _t7;
				CHAR* _t9;
				WCHAR* _t17;
				int _t20;
				char* _t24;
				int _t32;
				CHAR* _t36;
				WCHAR* _t38;
				void* _t39;
				int _t42;

				_t7 =  *0xcb3224; // 0x1
				_t32 = 0;
				_t38 = 0;
				_t36 = 0;
				if(_t7 != 0) {
					if(_t7 != 1) {
						if(_t7 != 2) {
							L27:
							return 0;
						}
						L18:
						if(_t36 != _t32) {
							L20:
							_t9 = _t36;
							if( *_t36 == _t32) {
								L23:
								_t41 = _t9 - _t36 + 1;
								_t39 = E00CA5A3E(_t9 - _t36 + 1);
								if(_t39 != _t32) {
									E00CA79A0(_t32, _t39, _t36, _t41);
								} else {
									_t39 = 0;
								}
								FreeEnvironmentStringsA(_t36);
								return _t39;
							} else {
								goto L21;
							}
							do {
								do {
									L21:
									_t9 =  &(_t9[1]);
								} while ( *_t9 != _t32);
								_t9 =  &(_t9[1]);
							} while ( *_t9 != _t32);
							goto L23;
						}
						_t36 = GetEnvironmentStrings();
						if(_t36 == _t32) {
							goto L27;
						}
						goto L20;
					}
					L6:
					if(_t38 != _t32) {
						L8:
						_t17 = _t38;
						if( *_t38 == _t32) {
							L11:
							_t20 = (_t17 - _t38 >> 1) + 1;
							_v4 = _t20;
							_t42 = WideCharToMultiByte(_t32, _t32, _t38, _t20, _t32, _t32, _t32, _t32);
							if(_t42 != _t32) {
								_t24 = E00CA5A3E(_t42);
								_v8 = _t24;
								if(_t24 != _t32) {
									if(WideCharToMultiByte(_t32, _t32, _t38, _v4, _t24, _t42, _t32, _t32) == 0) {
										E00CA2DC0(_v8);
										_v8 = _t32;
									}
									_t32 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t38);
							return _t32;
						} else {
							goto L9;
						}
						do {
							do {
								L9:
								_t17 =  &(_t17[1]);
							} while ( *_t17 != _t32);
							_t17 =  &(_t17[1]);
						} while ( *_t17 != _t32);
						goto L11;
					}
					_t38 = GetEnvironmentStringsW();
					if(_t38 == _t32) {
						goto L27;
					}
					goto L8;
				}
				_t38 = GetEnvironmentStringsW();
				if(_t38 == 0) {
					_t36 = GetEnvironmentStrings();
					if(_t36 == 0) {
						goto L27;
					}
					 *0xcb3224 = 2;
					goto L18;
				}
				 *0xcb3224 = 1;
				goto L6;
			}

0x00ca3ae5
0x00ca3af4
0x00ca3af6
0x00ca3af8
0x00ca3afc
0x00ca3b34
0x00ca3bbe
0x00ca3c0c
0x00000000
0x00ca3c0c
0x00ca3bc0
0x00ca3bc2
0x00ca3bd0
0x00ca3bd2
0x00ca3bd4
0x00ca3be0
0x00ca3be3
0x00ca3beb
0x00ca3bf0
0x00ca3bf9
0x00ca3bf2
0x00ca3bf2
0x00ca3bf2
0x00ca3c02
0x00000000
0x00000000
0x00000000
0x00000000
0x00ca3bd6
0x00ca3bd6
0x00ca3bd6
0x00ca3bd6
0x00ca3bd7
0x00ca3bdb
0x00ca3bdc
0x00000000
0x00ca3bd6
0x00ca3bca
0x00ca3bce
0x00000000
0x00000000
0x00000000
0x00ca3bce
0x00ca3b3a
0x00ca3b3c
0x00ca3b4a
0x00ca3b4d
0x00ca3b4f
0x00ca3b5f
0x00ca3b6b
0x00ca3b72
0x00ca3b78
0x00ca3b7c
0x00ca3b7f
0x00ca3b87
0x00ca3b8b
0x00ca3b9c
0x00ca3ba2
0x00ca3ba8
0x00ca3ba8
0x00ca3bac
0x00ca3bac
0x00ca3b8b
0x00ca3bb1
0x00000000
0x00000000
0x00000000
0x00000000
0x00ca3b51
0x00ca3b51
0x00ca3b51
0x00ca3b52
0x00ca3b53
0x00ca3b59
0x00ca3b5a
0x00000000
0x00ca3b51
0x00ca3b40
0x00ca3b44
0x00000000
0x00000000
0x00000000
0x00ca3b44
0x00ca3b00
0x00ca3b04
0x00ca3b18
0x00ca3b1c
0x00000000
0x00000000
0x00ca3b22
0x00000000
0x00ca3b22
0x00ca3b06
0x00000000

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00CA1A77), ref: 00CA3AFE
GetEnvironmentStrings.KERNEL32(?,?,?,?,00CA1A77), ref: 00CA3B12
GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00CA1A77), ref: 00CA3B3E
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00CA1A77), ref: 00CA3B76
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,00CA1A77), ref: 00CA3B98
FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,00CA1A77), ref: 00CA3BB1
GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,00CA1A77), ref: 00CA3BC4
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00CA3C02

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: EnvironmentStrings$ByteCharFreeMultiWide
String ID:
API String ID: 1823725401-0
Opcode ID: ccd14e2880b14a69604ecdea5aac5415086c4dfdba49bd5def4062671cbf7e27
Instruction ID: 401ad9295e8459b36bfd9ce5c2e568d1132d2aeaacbab353d016e806c96fbc56
Opcode Fuzzy Hash: ccd14e2880b14a69604ecdea5aac5415086c4dfdba49bd5def4062671cbf7e27
Instruction Fuzzy Hash: E431D6B25082D75FDB203FB97CA4A3FBA9DE64736C7110629F962D3101E6218F4082B5

Uniqueness

Uniqueness Score: -1.00%

Function 00CA72D0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 241
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CA72D0(CHAR* _a4, signed int _a7, signed int _a8, intOrPtr _a12, signed int _a15, signed int _a16) {
				signed int _v5;
				long _v12;
				signed char _v14;
				long _v16;
				long _v20;
				struct _SECURITY_ATTRIBUTES _v32;
				void* __edi;
				signed int _t89;
				intOrPtr _t90;
				signed char _t92;
				signed int _t96;
				intOrPtr _t105;
				long _t107;
				void* _t110;
				intOrPtr* _t113;
				signed int _t121;
				void* _t123;
				signed int _t126;
				signed char _t127;
				signed int _t128;
				signed char _t132;
				signed int _t138;
				intOrPtr* _t144;
				long _t145;
				long _t146;
				void* _t147;
				signed int _t149;
				signed int _t150;
				void* _t158;
				void* _t167;

				_t127 = _a8;
				_v32.nLength = 0xc;
				_v32.lpSecurityDescriptor = 0;
				if((_t127 & 0x00000080) == 0) {
					_t8 =  &_v5;
					 *_t8 = _v5 & 0x00000000;
					__eflags =  *_t8;
					_v32.bInheritHandle = 1;
				} else {
					_v32.bInheritHandle = 0;
					_v5 = 0x10;
				}
				if((0x00008000 & _t127) != 0) {
					L7:
					_t145 = 3;
					_t89 = _t127 & _t145;
					if(_t89 == 0) {
						_v16 = 0x80000000;
						L13:
						_t90 = _a12;
						if(_t90 == 0x10) {
							_v20 = 0;
							L21:
							_t128 = _t127 & 0x00000700;
							_t167 = _t128 - 0x400;
							if(_t167 > 0) {
								__eflags = _t128 - 0x500;
								if(_t128 == 0x500) {
									L35:
									_v12 = 1;
									L36:
									_t92 = _a8;
									_t146 = 0x80;
									if((0x00000100 & _t92) != 0) {
										_t138 =  *0xcb30dc; // 0x0
										if(( !_t138 & _a16 & 0x00000080) == 0) {
											_t146 = 1;
										}
									}
									if((_t92 & 0x00000040) != 0) {
										_t146 = _t146 | 0x04000000;
										_v14 = _v14 | 0x00000001;
									}
									if((_t92 & 0x00000010) != 0) {
										_t146 = _t146 | 0x00000100;
									}
									if((_t92 & 0x00000020) == 0) {
										__eflags = _t92 & 0x00000010;
										if((_t92 & 0x00000010) != 0) {
											_t146 = _t146 | 0x10000000;
											__eflags = _t146;
										}
									} else {
										_t146 = _t146 | 0x08000000;
									}
									_t126 = E00CA6F5C();
									if(_t126 != 0xffffffffffffffff) {
										_t147 = CreateFileA(_a4, _v16, _v20,  &_v32, _v12, _t146, 0);
										__eflags = _t147 - 0xffffffffffffffff;
										if(_t147 != 0xffffffffffffffff) {
											_t96 = GetFileType(_t147);
											__eflags = _t96;
											if(_t96 != 0) {
												__eflags = _t96 - 2;
												if(_t96 != 2) {
													__eflags = _t96 - 3;
													if(_t96 == 3) {
														_t53 =  &_v5;
														 *_t53 = _v5 | 0x00000008;
														__eflags =  *_t53;
													}
												} else {
													_v5 = _v5 | 0x00000040;
												}
												E00CA707F(_t126, _t147);
												_t144 = 0xcb36a0 + (_t126 >> 5) * 4;
												_t132 = _v5 | 0x00000001;
												_a7 = _t132;
												_t149 = (_t126 & 0x0000001f) + (_t126 & 0x0000001f) * 8 << 2;
												_t61 =  &_a7;
												 *_t61 = _a7 & 0x00000048;
												__eflags =  *_t61;
												 *( *_t144 + _t149 + 4) = _t132;
												if( *_t61 != 0) {
													L67:
													__eflags = _a7;
													if(_a7 == 0) {
														__eflags = _a8 & 0x00000008;
														if((_a8 & 0x00000008) != 0) {
															_t105 =  *_t144;
															_t80 = _t105 + _t149 + 4;
															 *_t80 =  *(_t105 + _t149 + 4) | 0x00000020;
															__eflags =  *_t80;
														}
													}
													_t150 = _t126;
													goto L71;
												} else {
													__eflags = _t132 & 0x00000080;
													if((_t132 & 0x00000080) == 0) {
														goto L67;
													}
													__eflags = _a8 & 0x00000002;
													if(__eflags == 0) {
														goto L67;
													}
													_t107 = E00CA52FB(__eflags, _t126, 0xffffffff, 2);
													__eflags = _t107 - 0xffffffff;
													_v20 = _t107;
													if(_t107 != 0xffffffff) {
														_a15 = _a15 & 0x00000000;
														__eflags = E00CA9091(_t126,  &_a15, 1);
														if(__eflags != 0) {
															L66:
															_t110 = E00CA52FB(__eflags, _t126, 0, 0);
															__eflags = _t110 - 0xffffffff;
															if(_t110 == 0xffffffff) {
																L62:
																E00CA2EA9(_t126);
																_t150 = _t149 | 0xffffffff;
																L71:
																E00CA721B(_t126);
																return _t150;
															}
															goto L67;
														}
														__eflags = _a15 - 0x1a;
														if(__eflags != 0) {
															goto L66;
														}
														__eflags = E00CA8F6C(_t132, 0x700, _t144, __eflags, _t126, _v20) - 0xffffffff;
														if(__eflags == 0) {
															goto L62;
														}
														goto L66;
													}
													_t113 = E00CA21BC();
													__eflags =  *_t113 - 0x83;
													if( *_t113 == 0x83) {
														goto L67;
													}
													goto L62;
												}
											}
											CloseHandle(_t147);
										}
										E00CA2140(GetLastError());
										_t150 = 0xffffffffffffffff;
										goto L71;
									} else {
										 *((intOrPtr*)(E00CA21B3())) = 0x18;
										 *(E00CA21BC()) =  *_t118 & 0x00000000;
										return 0xffffffffffffffff;
									}
								}
								__eflags = _t128 - 0x600;
								if(_t128 == 0x600) {
									L34:
									_v12 = 5;
									goto L36;
								}
								__eflags = _t128 - 0x700;
								if(_t128 == 0x700) {
									goto L35;
								}
								L33:
								 *((intOrPtr*)(E00CA21B3())) = 0x16;
								_t121 = E00CA21BC();
								 *_t121 = 0;
								return _t121 | 0xffffffff;
							}
							if(_t167 == 0 || _t128 == 0) {
								_v12 = _t145;
							} else {
								if(_t128 == 0x100) {
									_v12 = 4;
									goto L36;
								}
								if(_t128 == 0x200) {
									goto L34;
								}
								if(_t128 != 0x300) {
									goto L33;
								}
								_v12 = 2;
							}
							goto L36;
						}
						if(_t90 == 0x20) {
							_v20 = 1;
							goto L21;
						}
						if(_t90 == 0x30) {
							_v20 = 2;
							goto L21;
						}
						if(_t90 != 0x40) {
							goto L33;
						}
						_v20 = _t145;
						goto L21;
					}
					_t123 = _t89 - 1;
					if(_t123 == 0) {
						_v16 = 0x40000000;
						goto L13;
					}
					if(_t123 != 1) {
						goto L33;
					} else {
						_v16 = 0xc0000000;
						goto L13;
					}
				} else {
					if((_t127 & 0x00000040) != 0) {
						L6:
						_v5 = _v5 | 0x00000080;
						goto L7;
					}
					_t158 =  *0xcb33b8 - 0x8000; // 0x0
					if(_t158 == 0) {
						goto L7;
					}
					goto L6;
				}
			}

0x00ca72d6
0x00ca72e1
0x00ca72e8
0x00ca72eb
0x00ca72f6
0x00ca72f6
0x00ca72f6
0x00ca72fa
0x00ca72ed
0x00ca72ed
0x00ca72f0
0x00ca72f0
0x00ca7308
0x00ca731b
0x00ca731f
0x00ca7322
0x00ca7324
0x00ca7342
0x00ca7349
0x00ca7349
0x00ca734f
0x00ca7377
0x00ca737a
0x00ca7384
0x00ca738b
0x00ca738d
0x00ca73c0
0x00ca73c6
0x00ca73f7
0x00ca73f7
0x00ca73fe
0x00ca73fe
0x00ca7401
0x00ca7408
0x00ca740a
0x00ca7418
0x00ca741c
0x00ca741c
0x00ca7418
0x00ca741f
0x00ca7421
0x00ca7427
0x00ca7427
0x00ca742e
0x00ca7430
0x00ca7430
0x00ca7434
0x00ca743e
0x00ca7440
0x00ca7442
0x00ca7442
0x00ca7442
0x00ca7436
0x00ca7436
0x00ca7436
0x00ca744d
0x00ca7454
0x00ca7489
0x00ca748b
0x00ca748d
0x00ca74a4
0x00ca74aa
0x00ca74ac
0x00ca74b7
0x00ca74ba
0x00ca74c2
0x00ca74c5
0x00ca74c7
0x00ca74c7
0x00ca74c7
0x00ca74c7
0x00ca74bc
0x00ca74bc
0x00ca74bc
0x00ca74cd
0x00ca74dc
0x00ca74e5
0x00ca74eb
0x00ca74f3
0x00ca74f6
0x00ca74f6
0x00ca74f6
0x00ca74fa
0x00ca74fe
0x00ca7578
0x00ca7578
0x00ca757c
0x00ca757e
0x00ca7582
0x00ca7584
0x00ca7586
0x00ca7586
0x00ca7586
0x00ca758b
0x00ca7582
0x00ca758f
0x00000000
0x00ca7500
0x00ca7500
0x00ca7503
0x00000000
0x00000000
0x00ca7505
0x00ca7509
0x00000000
0x00000000
0x00ca7510
0x00ca7518
0x00ca751b
0x00ca751e
0x00ca7539
0x00ca754c
0x00ca754e
0x00ca7566
0x00ca756b
0x00ca7573
0x00ca7576
0x00ca752d
0x00ca752e
0x00ca7534
0x00ca7591
0x00ca7592
0x00000000
0x00ca7598
0x00000000
0x00ca7576
0x00ca7550
0x00ca7554
0x00000000
0x00000000
0x00ca7560
0x00ca7564
0x00000000
0x00000000
0x00000000
0x00ca7564
0x00ca7520
0x00ca7525
0x00ca752b
0x00000000
0x00000000
0x00000000
0x00ca752b
0x00ca74fe
0x00ca74af
0x00ca74af
0x00ca7496
0x00ca749c
0x00000000
0x00ca7456
0x00ca745b
0x00ca7466
0x00000000
0x00ca7469
0x00ca7454
0x00ca73c8
0x00ca73ce
0x00ca73ee
0x00ca73ee
0x00000000
0x00ca73ee
0x00ca73d0
0x00ca73d2
0x00000000
0x00000000
0x00ca73d4
0x00ca73d9
0x00ca73df
0x00ca73e4
0x00000000
0x00ca73e6
0x00ca738f
0x00ca73bb
0x00ca7395
0x00ca7397
0x00ca73b2
0x00000000
0x00ca73b2
0x00ca739f
0x00000000
0x00000000
0x00ca73a7
0x00000000
0x00000000
0x00ca73a9
0x00ca73a9
0x00000000
0x00ca738f
0x00ca7354
0x00ca736e
0x00000000
0x00ca736e
0x00ca7359
0x00ca7365
0x00000000
0x00ca7365
0x00ca735e
0x00000000
0x00000000
0x00ca7360
0x00000000
0x00ca7360
0x00ca7326
0x00ca7327
0x00ca7339
0x00000000
0x00ca7339
0x00ca732a
0x00000000
0x00ca7330
0x00ca7330
0x00000000
0x00ca7330
0x00ca730a
0x00ca730d
0x00ca7317
0x00ca7317
0x00000000
0x00ca7317
0x00ca730f
0x00ca7315
0x00000000
0x00000000
0x00000000
0x00ca7315

APIs

CreateFileA.KERNEL32(00000001,80000000,00CA1248,0000000C,00000001,00000080,00000000,?,00000000,00000000), ref: 00CA7483
GetLastError.KERNEL32 ref: 00CA748F
GetFileType.KERNEL32(00000000), ref: 00CA74A4
CloseHandle.KERNEL32(00000000), ref: 00CA74AF

Strings

@, xrefs: 00CA74BC
H, xrefs: 00CA74F6

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: File$CloseCreateErrorHandleLastType
String ID: @$H
API String ID: 1809617866-104103126
Opcode ID: 0221b00608bd543b7b86f7a5e0a6b9758a7f6d864f4c747933f2bc6a25363f4d
Instruction ID: 10376d12889141d88833ac6d9834bc4ceb765bc19c7f56ce05e0baa385d054b1
Opcode Fuzzy Hash: 0221b00608bd543b7b86f7a5e0a6b9758a7f6d864f4c747933f2bc6a25363f4d
Instruction Fuzzy Hash: C3810471D0D2479AEF208BA88C447AE7B60BF0736CF254719ED71AA1E1C7788E44AB51

Uniqueness

Uniqueness Score: -1.00%

Function 00C3AD50 Relevance: 10.7, APIs: 7, Instructions: 205
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00C3AD50(intOrPtr* __ecx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, signed int _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				intOrPtr _v24;
				signed int _t74;
				signed int _t75;
				signed int _t79;
				signed int _t80;
				void* _t81;
				intOrPtr _t82;
				signed int _t83;
				void* _t84;
				intOrPtr* _t87;
				intOrPtr* _t92;
				signed int _t98;
				signed int _t104;
				signed int _t105;
				signed int _t111;
				signed int _t112;
				signed int _t142;
				signed int _t147;
				void* _t148;
				intOrPtr* _t151;
				intOrPtr* _t154;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				signed int _t161;
				intOrPtr _t162;

				_push(0xffffffff);
				_push(E00C4E39C);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t162;
				_t154 = __ecx;
				E00C328C0(__ecx, _a4, _a8, _a12, _a16);
				_t157 = 1;
				 *((intOrPtr*)(_t154 + 0xbc)) = 0;
				 *(_t154 + 0xc0) = 0;
				 *(_t154 + 0xc4) = 0;
				do {
					_t157 = _t157 + _t157;
				} while (_t157 < 4);
				_t142 = _t157 * 4;
				_push(_t142);
				L00C3E340();
				if(0 == 0) {
					E00C4292B(0);
				}
				_t104 = _t142;
				_t105 = _t104 >> 2;
				memset(0 + _t105, memset(0, 0, _t105 << 2), (_t104 & 0x00000003) << 0);
				_t74 = 0;
				 *(_t154 + 0xc0) = _t157;
				if( *((intOrPtr*)(_t154 + 0xbc)) > 0) {
					do {
						_t74 = _t74 + 1;
						 *((intOrPtr*)(0 + _t74 * 4 - 4)) =  *((intOrPtr*)( *(_t154 + 0xc4) + _t74 * 4 - 4));
					} while (_t74 <  *((intOrPtr*)(_t154 + 0xbc)));
				}
				_t75 =  *(_t154 + 0xc4);
				_push(_t75);
				L00C3E350();
				 *(_t154 + 0xc4) = 0;
				 *((intOrPtr*)(_t154 + 0xc8)) = 0;
				 *(_t154 + 0xcc) = 0;
				 *(_t154 + 0xd0) = 0;
				_t98 = 1;
				do {
					_t98 = _t98 + _t98;
				} while (_t98 < 4);
				_t147 = _t98 * 4;
				_push(_t147);
				L00C3E340();
				_t158 = _t75;
				if(_t158 == 0) {
					E00C4292B(_t75);
				}
				_t111 = _t147;
				_t148 = _t158;
				_t112 = _t111 >> 2;
				memset(_t148 + _t112, memset(_t148, 0, _t112 << 2), (_t111 & 0x00000003) << 0);
				 *(_t154 + 0xcc) = _t98;
				_t79 = 0;
				if( *((intOrPtr*)(_t154 + 0xc8)) > 0) {
					do {
						_t79 = _t79 + 1;
						 *((intOrPtr*)(_t158 + _t79 * 4 - 4)) =  *((intOrPtr*)( *(_t154 + 0xd0) + _t79 * 4 - 4));
					} while (_t79 <  *((intOrPtr*)(_t154 + 0xc8)));
				}
				_t80 =  *(_t154 + 0xd0);
				_push(_t80);
				L00C3E350();
				 *(_t154 + 0xd0) = _t158;
				_push(0x38);
				 *_t154 = 0xc50a7c;
				L00C3E340();
				_a16 = _t80;
				_t184 = _t80;
				_v4 = 0;
				if(_t80 == 0) {
					_t81 = 0;
					__eflags = 0;
				} else {
					_t81 = E00C353D0(_t80, _t184);
				}
				_t159 = _t158 | 0xffffffff;
				_v4 = _t159;
				_t82 = E00C34180(_t154, _t81);
				_push(0xbc);
				L00C3E340();
				_a12 = _t82;
				_v8 = 1;
				if(_t82 == 0) {
					_t83 = 0;
					__eflags = 0;
				} else {
					_t83 = E00C328C0(_t82, 0x64, 0, 0x78, 0x1a);
				}
				_push(0x38);
				_v4 = _t159;
				 *(_t154 + 0xd4) = _t83;
				L00C3E340();
				_a16 = _t83;
				_t186 = _t83;
				_v4 = 2;
				if(_t83 == 0) {
					_t84 = 0;
					__eflags = 0;
				} else {
					_t84 = E00C30DF0(_t83, _t186);
				}
				_v4 = _t159;
				 *((intOrPtr*)( *( *(_t154 + 0xd4)) + 0xd4))(_t84);
				_t87 =  *((intOrPtr*)( *( *(_t154 + 0xd4)) + 0x40))(_t154);
				_push(0xcc);
				L00C3E340();
				_t151 = _t87;
				_a8 = _t151;
				_v12 = 3;
				if(_t151 == 0) {
					_t151 = 0;
					__eflags = 0;
				} else {
					E00C328C0(_t151, 0x19, 2, 0x55, 0x14);
					_t57 = _t151 + 0xbc; // 0xbc
					_t161 = _t57;
					 *_t161 = 0xc4f5e4;
					 *_t151 = 0xc5467c;
					 *_t161 = 0xc54670;
					 *((intOrPtr*)(_t151 + 0xc0)) = 0;
					 *((intOrPtr*)(_t151 + 0xc4)) = 0;
					 *((intOrPtr*)(_t151 + 0xc8)) = 0;
					_t92 = L00C34610();
					 *((intOrPtr*)( *_t92 + 0x2c))(_t161);
					_t159 = _t161 | 0xffffffff;
				}
				_v12 = _t159;
				 *((intOrPtr*)( *_t151 + 0x40))( *(_t154 + 0xd4));
				 *[fs:0x0] = _v24;
				return _t154;
			}

0x00c3ad56
0x00c3ad58
0x00c3ad5d
0x00c3ad66
0x00c3ad70
0x00c3ad81
0x00c3ad88
0x00c3ad8d
0x00c3ad93
0x00c3ad99
0x00c3ad9f
0x00c3ad9f
0x00c3ada1
0x00c3ada6
0x00c3adad
0x00c3adae
0x00c3adba
0x00c3adbd
0x00c3adbd
0x00c3adc2
0x00c3adca
0x00c3add4
0x00c3adde
0x00c3ade2
0x00c3ade8
0x00c3adea
0x00c3adf0
0x00c3adf5
0x00c3adff
0x00c3adea
0x00c3ae03
0x00c3ae09
0x00c3ae0a
0x00c3ae0f
0x00c3ae18
0x00c3ae1e
0x00c3ae24
0x00c3ae2a
0x00c3ae2f
0x00c3ae2f
0x00c3ae31
0x00c3ae36
0x00c3ae3d
0x00c3ae3e
0x00c3ae43
0x00c3ae4a
0x00c3ae4d
0x00c3ae4d
0x00c3ae52
0x00c3ae58
0x00c3ae5a
0x00c3ae64
0x00c3ae6c
0x00c3ae74
0x00c3ae78
0x00c3ae7a
0x00c3ae80
0x00c3ae85
0x00c3ae8f
0x00c3ae7a
0x00c3ae93
0x00c3ae99
0x00c3ae9a
0x00c3ae9f
0x00c3aea5
0x00c3aea7
0x00c3aead
0x00c3aeb5
0x00c3aeb9
0x00c3aebb
0x00c3aebf
0x00c3aeca
0x00c3aeca
0x00c3aec1
0x00c3aec3
0x00c3aec3
0x00c3aecc
0x00c3aed2
0x00c3aed6
0x00c3aedb
0x00c3aee0
0x00c3aee8
0x00c3aeee
0x00c3aef6
0x00c3af08
0x00c3af08
0x00c3aef8
0x00c3af01
0x00c3af01
0x00c3af0a
0x00c3af0c
0x00c3af10
0x00c3af16
0x00c3af1e
0x00c3af22
0x00c3af24
0x00c3af2c
0x00c3af37
0x00c3af37
0x00c3af2e
0x00c3af30
0x00c3af30
0x00c3af40
0x00c3af46
0x00c3af55
0x00c3af58
0x00c3af5d
0x00c3af62
0x00c3af67
0x00c3af6d
0x00c3af75
0x00c3afc6
0x00c3afc6
0x00c3af77
0x00c3af81
0x00c3af86
0x00c3af86
0x00c3af8e
0x00c3af95
0x00c3af9b
0x00c3afa2
0x00c3afa8
0x00c3afae
0x00c3afb4
0x00c3afbe
0x00c3afc1
0x00c3afc1
0x00c3afd3
0x00c3afd7
0x00c3afe3
0x00c3afee

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,?,?,00000000,?,00000000,00C4E39C,000000FF,00C29866,00000000,?,?,00000024), ref: 00C3AD81

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

??0RaisedBorder@vgui@@QAE@XZ.VGUI(?,?,?,?,?,?,?,00000000), ref: 00C3AEC3
?setBorder@Panel@vgui@@UAEXPAVBorder@2@@Z.VGUI(00000000,?,?,?,?,?,?,?,00000000), ref: 00C3AED6
??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000064,00000000,00000078,0000001A), ref: 00C3AF01

Part of subcall function 00C328C0: ??0Color@vgui@@QAE@XZ.VGUI(?,00000004), ref: 00C32A58
Part of subcall function 00C328C0: ??0Color@vgui@@QAE@XZ.VGUI(?,00000004), ref: 00C32A63
Part of subcall function 00C328C0: ?init@Panel@vgui@@AAEXHHHH@Z.VGUI(?,?,?,?,?,00000004), ref: 00C32A84

??0LoweredBorder@vgui@@QAE@XZ.VGUI ref: 00C3AF30
??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000019,00000002,00000055,00000014), ref: 00C3AF81

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Panel@vgui@@$Border@vgui@@Color@vgui@@$?ensure?init@?setBorder@Border@2@@Capacity@?$Dar@LoweredRaisedSignal@vgui@@@vgui@@Tick
String ID:
API String ID: 2556208406-0
Opcode ID: 421331e5eaf2b6a461ee51af8111729f24c1502aeb5c3bc56b91bb76e42ec165
Instruction ID: 8f7488369f3f02223ecbff8a1633f9968406eddd58763d580e49a240c7b649ab
Opcode Fuzzy Hash: 421331e5eaf2b6a461ee51af8111729f24c1502aeb5c3bc56b91bb76e42ec165
Instruction Fuzzy Hash: DA71DEB07107009FD714EF79C891BAAB7E5BB88300F004A2EE56AC7391DB75A915CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00C3B4B0 Relevance: 10.7, APIs: 7, Instructions: 156
windowCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E00C3B4B0(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _t50;
				void* _t54;
				void* _t55;
				signed int _t59;
				intOrPtr* _t64;
				void* _t72;
				signed int _t73;
				signed int _t74;
				signed int _t78;
				signed int _t79;
				signed int _t85;
				signed int _t86;
				void* _t113;
				signed int _t117;
				void* _t118;
				intOrPtr* _t125;
				signed int _t126;
				void* _t127;

				_t125 = __ecx;
				_t50 = E00C328C0(__ecx, _a8, _a12, _a16, _a20);
				 *((intOrPtr*)(_t125 + 0xbc)) = 0xc4fe14;
				 *((intOrPtr*)(_t125 + 0xc0)) = 0;
				 *(_t125 + 0xc4) = 0;
				 *(_t125 + 0xc8) = 0;
				_t126 = 1;
				do {
					_t126 = _t126 + _t126;
				} while (_t126 < 4);
				_push(_t126);
				L00C3E340();
				_t72 = _t50;
				if(_t72 == 0) {
					E00C4292B(0);
				}
				_t78 = _t126;
				_t113 = _t72;
				_t79 = _t78 >> 2;
				memset(_t113 + _t79, memset(_t113, 0, _t79 << 2), (_t78 & 0x00000003) << 0);
				_t54 = 0;
				 *(_t125 + 0xc4) = _t126;
				if( *((intOrPtr*)(_t125 + 0xc0)) <= 0) {
					L6:
					_t55 =  *(_t125 + 0xc8);
					_push(_t55);
					L00C3E350();
					 *(_t125 + 0xc8) = _t72;
					 *((intOrPtr*)(_t125 + 0xe4)) = 0;
					 *(_t125 + 0xe8) = 0;
					 *(_t125 + 0xec) = 0;
					_t73 = 1;
					do {
						_t73 = _t73 + _t73;
					} while (_t73 < 4);
					_t117 = _t73 * 4;
					_push(_t117);
					L00C3E340();
					_t127 = _t55;
					if(_t127 == 0) {
						E00C4292B(_t55);
					}
					_t85 = _t117;
					_t118 = _t127;
					_t86 = _t85 >> 2;
					memset(_t118 + _t86, memset(_t118, 0, _t86 << 2), (_t85 & 0x00000003) << 0);
					_t59 = 0;
					 *(_t125 + 0xe8) = _t73;
					if( *((intOrPtr*)(_t125 + 0xe4)) <= 0) {
						L12:
						_push( *(_t125 + 0xec));
						L00C3E350();
						 *(_t125 + 0xec) = _t127;
						_t39 = _t125 + 0xbc; // 0xbc
						_t74 = _t73 | 0xffffffff;
						 *_t125 = 0xc51dec;
						 *_t39 = 0xc51db8;
						 *((intOrPtr*)(_t125 + 0xf0)) = 0;
						 *((char*)(_t125 + 0xd1)) = 0;
						 *((intOrPtr*)(_t125 + 0xcc)) = 0;
						 *((intOrPtr*)(_t125 + 0xd8)) = 0x190;
						 *(_t125 + 0xdc) = _t74;
						 *(_t125 + 0xe0) = _t74;
						E00C3B940(_t125);
						asm("repne scasb");
						_push( !_t74 - 1);
						_push(_a4);
						E00C3B6C0(_t125);
						E00C3BFA0();
						_t64 = E00C25A70(_t125, _t39);
						_push(8);
						L00C3E340();
						if(_t64 == 0) {
							E00C34010(_t125, 0);
							return _t125;
						} else {
							 *_t64 = 0xc54898;
							 *((intOrPtr*)(_t64 + 4)) = _t125;
							E00C34010(_t125, _t64);
							return _t125;
						}
					} else {
						do {
							_t59 = _t59 + 1;
							 *((intOrPtr*)(_t127 + _t59 * 4 - 4)) =  *((intOrPtr*)( *(_t125 + 0xec) + _t59 * 4 - 4));
						} while (_t59 <  *((intOrPtr*)(_t125 + 0xe4)));
						goto L12;
					}
				} else {
					do {
						_t54 = _t54 + 1;
						 *((char*)(_t54 + _t72 - 1)) =  *((intOrPtr*)(_t54 +  *(_t125 + 0xc8) - 1));
					} while (_t54 <  *((intOrPtr*)(_t125 + 0xc0)));
					goto L6;
				}
			}

0x00c3b4bb
0x00c3b4cc
0x00c3b4d3
0x00c3b4dd
0x00c3b4e3
0x00c3b4e9
0x00c3b4ef
0x00c3b4f4
0x00c3b4f4
0x00c3b4f6
0x00c3b4fb
0x00c3b4fc
0x00c3b501
0x00c3b508
0x00c3b50b
0x00c3b50b
0x00c3b510
0x00c3b516
0x00c3b518
0x00c3b522
0x00c3b52c
0x00c3b530
0x00c3b536
0x00c3b551
0x00c3b551
0x00c3b557
0x00c3b558
0x00c3b55d
0x00c3b566
0x00c3b56c
0x00c3b572
0x00c3b578
0x00c3b57d
0x00c3b57d
0x00c3b57f
0x00c3b584
0x00c3b58b
0x00c3b58c
0x00c3b591
0x00c3b598
0x00c3b59b
0x00c3b59b
0x00c3b5a0
0x00c3b5a6
0x00c3b5a8
0x00c3b5b2
0x00c3b5bc
0x00c3b5c0
0x00c3b5c6
0x00c3b5e1
0x00c3b5e7
0x00c3b5e8
0x00c3b5ed
0x00c3b5f3
0x00c3b5f9
0x00c3b601
0x00c3b607
0x00c3b60e
0x00c3b614
0x00c3b61b
0x00c3b621
0x00c3b62b
0x00c3b631
0x00c3b637
0x00c3b646
0x00c3b64b
0x00c3b64c
0x00c3b64f
0x00c3b656
0x00c3b65e
0x00c3b663
0x00c3b665
0x00c3b66f
0x00c3b690
0x00c3b69b
0x00c3b671
0x00c3b674
0x00c3b67a
0x00c3b67d
0x00c3b688
0x00c3b688
0x00c3b5c8
0x00c3b5c8
0x00c3b5ce
0x00c3b5d3
0x00c3b5dd
0x00000000
0x00c3b5c8
0x00c3b538
0x00c3b538
0x00c3b53e
0x00c3b543
0x00c3b54d
0x00000000
0x00c3b538

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,000000BC,00000000,?,00000000,00C2FCEB,00C6F3D0,00000000,00000000,00000050,00000014), ref: 00C3B4CC

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

?resetCursorBlink@TextEntry@vgui@@UAEXXZ.VGUI ref: 00C3B637
?setText@TextEntry@vgui@@UAEXPBDH@Z.VGUI(?,00000000), ref: 00C3B64F
?doGotoEndOfLine@TextEntry@vgui@@UAEXXZ.VGUI(?,00000000), ref: 00C3B656
?addInputSignal@Panel@vgui@@UAEXPAVInputSignal@2@@Z.VGUI(000000BC,?,00000000), ref: 00C3B65E
?addFocusChangeSignal@Panel@vgui@@UAEXPAVFocusChangeSignal@2@@Z.VGUI(00000000), ref: 00C3B67D
?addFocusChangeSignal@Panel@vgui@@UAEXPAVFocusChangeSignal@2@@Z.VGUI(00000000), ref: 00C3B690

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ChangeFocusPanel@vgui@@$?addEntry@vgui@@Signal@Signal@2@@Text$Input$?ensure?reset?setBlink@Capacity@?$CursorDar@GotoLine@Signal@vgui@@@vgui@@Text@Tick
String ID:
API String ID: 3207540874-0
Opcode ID: 9a2b641f2c9c48168b9cefd2cf465079202f4ff5a99afcfa614766fd39e53d6b
Instruction ID: 3a63c0440553046e5f933c310b7894a96eb314cea2f7b446711b6fdc29ec62c7
Opcode Fuzzy Hash: 9a2b641f2c9c48168b9cefd2cf465079202f4ff5a99afcfa614766fd39e53d6b
Instruction Fuzzy Hash: 525190B17107048BD728DF69D891BAFF6E9AF84300F04892EE66BC7351DB71A805CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00C40110 Relevance: 10.6, APIs: 7, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C40110(intOrPtr _a4, void* _a8, unsigned int _a12) {
				int _t7;
				long _t11;
				void* _t12;
				unsigned int _t21;
				signed int _t25;
				unsigned int _t30;
				intOrPtr _t38;
				void* _t39;
				void* _t42;

				if(_a8 != 0) {
					_t30 = _a12;
					if(_t30 > 0) {
						_t21 = 0;
						_t7 = OpenClipboard(0);
						if(_t7 != 0) {
							_t42 = GetClipboardData(1);
							if(_t42 == 0) {
								L13:
								CloseClipboard();
								return _t21;
							} else {
								_t11 = GlobalSize(_t42);
								_t38 = _a4;
								_t21 = _t11 - _t38;
								if(_t21 > 0) {
									if(_t30 < _t21) {
										_t21 = _t30;
									}
									_t12 = GlobalLock(_t42);
									if(_t12 != 0) {
										_t39 = _t38 + _t12;
										_t25 = _t21 >> 2;
										memcpy(_t39 + _t25 + _t25, _t39, memcpy(_a8, _t39, _t25 << 2) & 0x00000003);
										GlobalUnlock(_t42);
									}
									goto L13;
								} else {
									CloseClipboard();
									return 0;
								}
							}
						} else {
							return _t7;
						}
					} else {
						return 0;
					}
				} else {
					return 0;
				}
			}

0x00c40118
0x00c40121
0x00c40127
0x00c40130
0x00c40133
0x00c4013b
0x00c4014c
0x00c40150
0x00c401a4
0x00c401a4
0x00c401b0
0x00c40152
0x00c40153
0x00c40159
0x00c4015f
0x00c40163
0x00c40178
0x00c4017a
0x00c4017a
0x00c4017d
0x00c40185
0x00c4018d
0x00c40191
0x00c4019c
0x00c4019e
0x00c4019e
0x00000000
0x00c40165
0x00c40167
0x00c40173
0x00c40173
0x00c40163
0x00c4013f
0x00c4013f
0x00c4013f
0x00c4012a
0x00c4012d
0x00c4012d
0x00c4011b
0x00c4011e
0x00c4011e

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3656271f9a6c0ca9f9ee15eea1615e78789354179ad6ef18855509a14d285132
Instruction ID: 4e99164b300439fb59fb1951a420d24db217ec6217b1ece9436712a0e889171a
Opcode Fuzzy Hash: 3656271f9a6c0ca9f9ee15eea1615e78789354179ad6ef18855509a14d285132
Instruction Fuzzy Hash: 6F112E373456059FA7109BB9BC88B6F7B98FBE5762710403EFE06D2211DA6198168660

Uniqueness

Uniqueness Score: -1.00%

Function 00C27850 Relevance: 10.6, APIs: 7, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E00C27850(intOrPtr* __ecx, void* __eflags, char _a4, char _a8, intOrPtr _a12) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr* _v12;
				intOrPtr _v20;
				intOrPtr _v32;
				intOrPtr* _t16;
				intOrPtr* _t39;
				intOrPtr* _t42;
				intOrPtr _t44;

				_push(0xffffffff);
				_push(E00C4DCBB);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t44;
				_t39 = __ecx;
				E00C3DB00(__ecx, _a4, _a8, _a12);
				 *_t39 = 0xc50314;
				_t16 = E00C2FB60(_t39, 5);
				_push(0x28);
				L00C3E340();
				_t42 = _t16;
				_v12 = _t42;
				_t48 = _t42;
				_v20 = 0;
				if(_t42 == 0) {
					_t42 = 0;
					__eflags = 0;
				} else {
					E00C2E470(_t42, _t48);
					 *_t42 = 0xc5057c;
					 *((intOrPtr*)(_t42 + 0x24)) = _t39;
					E00C2E4D0(_t42, 0x14, 0x14);
				}
				_v4 = 0xffffffff;
				E00C2F630(_t39, _t42);
				E00C2F590(_t39,  &_a4,  &_a8);
				E00C32AC0(_t39, _v4, _v0);
				 *[fs:0x0] = _v32;
				return _t39;
			}

0x00c27856
0x00c27858
0x00c27861
0x00c27866
0x00c2786f
0x00c2787a
0x00c27883
0x00c27889
0x00c2788e
0x00c27890
0x00c27895
0x00c2789a
0x00c2789e
0x00c278a0
0x00c278a8
0x00c278c7
0x00c278c7
0x00c278aa
0x00c278ac
0x00c278b7
0x00c278bd
0x00c278c0
0x00c278c0
0x00c278cc
0x00c278d4
0x00c278e5
0x00c278f6
0x00c27902
0x00c2790d

APIs

??0ToggleButton@vgui@@QAE@PBDHH@Z.VGUI(?,?,?,?,?,?,00C4DCBB,000000FF), ref: 00C2787A

Part of subcall function 00C3DB00: ??0Button@vgui@@QAE@PBDHH@Z.VGUI(?,?,?,?,00C2787F,?,?,?,?,?,?,00C4DCBB,000000FF), ref: 00C3DB14
Part of subcall function 00C3DB00: ?setButtonController@Button@vgui@@MAEXPAVButtonController@2@@Z.VGUI(00000000), ref: 00C3DB47

?setTextAlignment@Label@vgui@@UAEXW4Alignment@12@@Z.VGUI(00000005,?,?,?,?,?,?,00C4DCBB,000000FF), ref: 00C27889
??0Image@vgui@@QAE@XZ.VGUI(?,?,?,?,?,000000FF), ref: 00C278AC

Part of subcall function 00C2E470: ??0Color@vgui@@QAE@XZ.VGUI(00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E476
Part of subcall function 00C2E470: ?setPos@Panel@vgui@@UAEXHH@Z.VGUI(00000000,00000000,00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E48E
Part of subcall function 00C2E470: ?setSize@Image@vgui@@MAEXHH@Z.VGUI(00000000,00000000,00000000,00000000,00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E499
Part of subcall function 00C2E470: ??0Color@vgui@@QAE@HHHH@Z.VGUI(000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C2E4B4
Part of subcall function 00C2E470: ?setColor@Image@vgui@@UAEXVColor@2@@Z.VGUI(000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C2E4BB

?setSize@Image@vgui@@MAEXHH@Z.VGUI(00000014,00000014,?,?,?,?,?,000000FF), ref: 00C278C0
?setImage@Label@vgui@@UAEXPAVImage@2@@Z.VGUI(00000000,?,?,?,?,?,000000FF), ref: 00C278D4
?getContentSize@Label@vgui@@UAEXAAH0@Z.VGUI(?,?,00000000,?,?,?,?,?,000000FF), ref: 00C278E5
?setSize@Panel@vgui@@UAEXHH@Z.VGUI(?,?,?,?,00000000,?,?,?,?,?,000000FF), ref: 00C278F6

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ?set$Image@vgui@@Size@$Button@vgui@@Label@vgui@@$ButtonColor@vgui@@Panel@vgui@@$?getAlignment@Alignment@12@@Color@Color@2@@ContentController@Controller@2@@Image@Image@2@@Pos@TextToggle
String ID:
API String ID: 3109447518-0
Opcode ID: fd5e630964466075f0dd765bfa1cd2feb9aa41ffa1f3316f697934a97b3e0a99
Instruction ID: 0fd2d08e5e65814ac1dd3200ebe87d939616d25e513f6c2ca55eeb20a56c6f18
Opcode Fuzzy Hash: fd5e630964466075f0dd765bfa1cd2feb9aa41ffa1f3316f697934a97b3e0a99
Instruction Fuzzy Hash: 05118EB1704351ABC614EF099851B2FB7E9AFC8B10F044A2DB456977D0CBB49806DBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00C35310 Relevance: 10.6, APIs: 7, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E00C35310(intOrPtr* __ecx, void* __eflags, char _a4, char _a8, intOrPtr _a12) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr* _v12;
				intOrPtr _v20;
				intOrPtr _v32;
				intOrPtr* _t16;
				intOrPtr* _t39;
				intOrPtr* _t42;
				intOrPtr _t44;

				_push(0xffffffff);
				_push(E00C4E0AB);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t44;
				_t39 = __ecx;
				E00C3DB00(__ecx, _a4, _a8, _a12);
				 *_t39 = 0xc5343c;
				_t16 = E00C2FB60(_t39, 5);
				_push(0x28);
				L00C3E340();
				_t42 = _t16;
				_v12 = _t42;
				_t48 = _t42;
				_v20 = 0;
				if(_t42 == 0) {
					_t42 = 0;
					__eflags = 0;
				} else {
					E00C2E470(_t42, _t48);
					 *_t42 = 0xc536a4;
					 *((intOrPtr*)(_t42 + 0x24)) = _t39;
					E00C2E4D0(_t42, 0x14, 0x14);
				}
				_v4 = 0xffffffff;
				E00C2F630(_t39, _t42);
				E00C2F590(_t39,  &_a4,  &_a8);
				E00C32AC0(_t39, _v4, _v0);
				 *[fs:0x0] = _v32;
				return _t39;
			}

0x00c35316
0x00c35318
0x00c35321
0x00c35326
0x00c3532f
0x00c3533a
0x00c35343
0x00c35349
0x00c3534e
0x00c35350
0x00c35355
0x00c3535a
0x00c3535e
0x00c35360
0x00c35368
0x00c35387
0x00c35387
0x00c3536a
0x00c3536c
0x00c35377
0x00c3537d
0x00c35380
0x00c35380
0x00c3538c
0x00c35394
0x00c353a5
0x00c353b6
0x00c353c2
0x00c353cd

APIs

??0ToggleButton@vgui@@QAE@PBDHH@Z.VGUI(?,?,?,?,?,?,00C4E0AB,000000FF), ref: 00C3533A

Part of subcall function 00C3DB00: ??0Button@vgui@@QAE@PBDHH@Z.VGUI(?,?,?,?,00C2787F,?,?,?,?,?,?,00C4DCBB,000000FF), ref: 00C3DB14
Part of subcall function 00C3DB00: ?setButtonController@Button@vgui@@MAEXPAVButtonController@2@@Z.VGUI(00000000), ref: 00C3DB47

?setTextAlignment@Label@vgui@@UAEXW4Alignment@12@@Z.VGUI(00000005,?,?,?,?,?,?,00C4E0AB,000000FF), ref: 00C35349
??0Image@vgui@@QAE@XZ.VGUI(?,?,?,?,?,000000FF), ref: 00C3536C

Part of subcall function 00C2E470: ??0Color@vgui@@QAE@XZ.VGUI(00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E476
Part of subcall function 00C2E470: ?setPos@Panel@vgui@@UAEXHH@Z.VGUI(00000000,00000000,00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E48E
Part of subcall function 00C2E470: ?setSize@Image@vgui@@MAEXHH@Z.VGUI(00000000,00000000,00000000,00000000,00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E499
Part of subcall function 00C2E470: ??0Color@vgui@@QAE@HHHH@Z.VGUI(000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C2E4B4
Part of subcall function 00C2E470: ?setColor@Image@vgui@@UAEXVColor@2@@Z.VGUI(000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C2E4BB

?setSize@Image@vgui@@MAEXHH@Z.VGUI(00000014,00000014,?,?,?,?,?,000000FF), ref: 00C35380
?setImage@Label@vgui@@UAEXPAVImage@2@@Z.VGUI(00000000,?,?,?,?,?,000000FF), ref: 00C35394
?getContentSize@Label@vgui@@UAEXAAH0@Z.VGUI(?,?,00000000,?,?,?,?,?,000000FF), ref: 00C353A5
?setSize@Panel@vgui@@UAEXHH@Z.VGUI(?,?,?,?,00000000,?,?,?,?,?,000000FF), ref: 00C353B6

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ?set$Image@vgui@@Size@$Button@vgui@@Label@vgui@@$ButtonColor@vgui@@Panel@vgui@@$?getAlignment@Alignment@12@@Color@Color@2@@ContentController@Controller@2@@Image@Image@2@@Pos@TextToggle
String ID:
API String ID: 3109447518-0
Opcode ID: 4792b18e2a6970a3f17344d6861edc58805c57322b2a14f092f460be4272959e
Instruction ID: a8448edce1956a16e602abd0704f01596e38b5396df69856bef5f5198aae10ae
Opcode Fuzzy Hash: 4792b18e2a6970a3f17344d6861edc58805c57322b2a14f092f460be4272959e
Instruction Fuzzy Hash: 22118EB1614751ABC614DF089851B2FB7E9AFC8B10F044A2DF49587790CBB499069BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00C41950 Relevance: 9.3, APIs: 6, Instructions: 340
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E00C41950(struct HWND__* _a4, int _a8, signed int _a12, long _a16) {
				struct tagPAINTSTRUCT _v64;
				int _t69;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t81;
				signed int _t84;
				intOrPtr* _t85;
				intOrPtr* _t88;
				intOrPtr* _t90;
				signed int _t97;
				unsigned int _t104;
				signed int _t112;
				intOrPtr _t134;
				struct HWND__* _t142;
				signed int _t143;
				intOrPtr* _t144;
				signed int _t146;
				void* _t151;
				void* _t152;

				_t142 = _a4;
				_t144 = GetWindowLongA(_t142, 0xffffffeb);
				_t69 = _a8;
				_t151 = _t69 - 0x201;
				if(_t151 > 0) {
					_t97 = _t69 - 0x202;
					__eflags = _t97 - 8;
					if(_t97 > 8) {
						goto L32;
					} else {
						switch( *((intOrPtr*)(_t97 * 4 +  &M00C41CF0))) {
							case 0:
								__eax =  *__esi;
								__ecx = __esi;
								__eax =  *((intOrPtr*)( *__esi + 0x14))();
								__edx =  *__eax;
								_push(__esi);
								_push(0);
								__ecx = __eax;
								__eax = __ebp;
								return __ebp;
								goto L33;
							case 1:
								__eax =  *__esi;
								__ecx = __esi;
								__eax =  *((intOrPtr*)( *__esi + 0x14))();
								__edx =  *__eax;
								_push(__esi);
								_push(0);
								__ecx = __eax;
								__eax = __ebp;
								return __ebp;
								goto L33;
							case 2:
								_t72 =  *((intOrPtr*)( *_t144 + 0x14))();
								_push(_t144);
								_push(1);
								 *((intOrPtr*)( *_t72 + 0xa4))();
								return 1;
								goto L33;
							case 3:
								__eax =  *__esi;
								__ecx = __esi;
								__eax =  *((intOrPtr*)( *__esi + 0x14))();
								__edx =  *__eax;
								_push(__esi);
								_push(1);
								__ecx = __eax;
								__eax = __ebp;
								return __ebp;
								goto L33;
							case 4:
								__eax =  *__esi;
								__ecx = __esi;
								__eax =  *((intOrPtr*)( *__esi + 0x14))();
								__edx =  *__eax;
								_push(__esi);
								_push(1);
								__ecx = __eax;
								__eax = __ebp;
								return __ebp;
								goto L33;
							case 5:
								__eax =  *__esi;
								__ecx = __esi;
								__eax =  *((intOrPtr*)( *__esi + 0x14))();
								__edx =  *__eax;
								_push(__esi);
								_push(2);
								__ecx = __eax;
								__eax = __ebp;
								return __ebp;
								goto L33;
							case 6:
								__eax =  *__esi;
								__ecx = __esi;
								__eax =  *((intOrPtr*)( *__esi + 0x14))();
								__edx =  *__eax;
								_push(__esi);
								_push(2);
								__ecx = __eax;
								__eax = __ebp;
								return __ebp;
								goto L33;
							case 7:
								__eax =  *__esi;
								__ecx = __esi;
								__eax =  *((intOrPtr*)( *__esi + 0x14))();
								__edx =  *__eax;
								_push(__esi);
								_push(2);
								__ecx = __eax;
								__eax = __ebp;
								return __ebp;
								goto L33;
							case 8:
								__eax =  *__esi;
								__ecx = __esi;
								__eax =  *((intOrPtr*)( *__esi + 0x14))();
								__edx = _a12;
								_push(__esi);
								__edx = _a12 >> 0x10;
								__esi = __dx;
								__ecx = __eax;
								__eax = 0x88888889;
								__edx = 0x88888889 * __esi >> 0x20;
								__eax = 0x88888889 * __esi;
								__edx = (0x88888889 * __esi >> 0x20) + __esi;
								__edi =  *__ecx;
								__edx = (0x88888889 * __esi >> 0x20) + __esi >> 6;
								__edx = __edx >> 0x1f;
								__edx = __edx + (__edx >> 0x1f);
								__eflags = __edx;
								_push(__edx);
								 *((intOrPtr*)( *__ecx + 0xb0))() = __ebp;
								return __ebp;
								goto L33;
						}
					}
				} else {
					if(_t151 == 0) {
						_t75 =  *((intOrPtr*)( *_t144 + 0x14))();
						 *((intOrPtr*)( *_t75 + 0xa4))(0, _t144);
						return 1;
					} else {
						_t152 = _t69 - 0x100;
						if(_t152 > 0) {
							__eflags = _t69 - 0x105;
							if(__eflags > 0) {
								__eflags = _t69 - 0x200;
								if(_t69 != 0x200) {
									goto L32;
								} else {
									_t78 =  *((intOrPtr*)( *_t144 + 0x14))();
									_t104 = _a16;
									_t146 = _t104 >> 0x10;
									__eflags = _t146;
									 *((intOrPtr*)( *_t78 + 0xa0))(_t104, _t146, _t144);
									return 1;
								}
							} else {
								if(__eflags == 0) {
									L17:
									_t81 =  *((intOrPtr*)( *_t144 + 0x14))();
									 *((intOrPtr*)( *_t81 + 0xbc))( *((intOrPtr*)(0xc70008 + _a12 * 4)), _t144);
									return 1;
								} else {
									_t112 = _t69 - 0x101;
									__eflags = _t112;
									if(_t112 == 0) {
										goto L17;
									} else {
										__eflags = _t112 != 3;
										if(_t112 != 3) {
											goto L32;
										} else {
											goto L14;
										}
									}
								}
							}
						} else {
							if(_t152 == 0) {
								L14:
								_t84 = _a16;
								_t134 =  *_t144;
								__eflags = _t84 & 0x40000000;
								if((_t84 & 0x40000000) != 0) {
									_t85 =  *((intOrPtr*)(_t134 + 0x14))();
									 *((intOrPtr*)( *_t85 + 0xb8))( *((intOrPtr*)(0xc70008 + _a12 * 4)), _t144);
									return 1;
								} else {
									_t88 =  *((intOrPtr*)(_t134 + 0x14))();
									_t143 = _a12;
									 *((intOrPtr*)( *_t88 + 0xb4))( *((intOrPtr*)(0xc70008 + _t143 * 4)), _t144);
									_t90 =  *((intOrPtr*)( *_t144 + 0x14))();
									 *((intOrPtr*)( *_t90 + 0xb8))( *((intOrPtr*)(0xc70008 + _t143 * 4)), _t144);
									return 1;
								}
							} else {
								if(_t69 - 7 > 0x19) {
									L32:
									return DefWindowProcA(_t142, _t69, _a12, _a16);
								} else {
									switch( *((intOrPtr*)(0 +  &M00C41CC0))) {
										case 0:
											 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t144))())) + 0xa4))();
											return 1;
											goto L33;
										case 1:
											 &_v64 = BeginPaint(__edi,  &_v64);
											__edx =  *__esi;
											__ecx = __esi;
											__eax =  *( *__esi)();
											__edx =  *__eax;
											__ecx = __eax;
											__eax =  *__esi;
											__ecx = __esi;
											__eax =  *( *__esi)();
											__edx =  *__eax;
											__ecx = __eax;
											 &_v64 = EndPaint(__edi,  &_v64);
											ValidateRect(__edi, 0) = __ebp;
											return __ebp;
											goto L33;
										case 2:
											__edx =  *__esi;
											__ecx = __esi;
											__eax =  *( *__esi)();
											__edx =  *__eax;
											__ecx = __eax;
											__eax = __ebp;
											return __ebp;
											goto L33;
										case 3:
											 *0xc70458 = SetCursor( *0xc70458);
											__eax = __ebp;
											return __ebp;
											goto L33;
										case 4:
											goto L32;
									}
								}
							}
						}
					}
				}
				L33:
			}

0x00c41956
0x00c41968
0x00c4196a
0x00c4196e
0x00c41973
0x00c41b59
0x00c41b5f
0x00c41b62
0x00000000
0x00c41b68
0x00c41b68
0x00000000
0x00c41c0a
0x00c41c0c
0x00c41c0e
0x00c41c11
0x00c41c13
0x00c41c14
0x00c41c16
0x00c41c1f
0x00c41c26
0x00000000
0x00000000
0x00c41bad
0x00c41baf
0x00c41bb1
0x00c41bb4
0x00c41bb6
0x00c41bb7
0x00c41bb9
0x00c41bc2
0x00c41bc9
0x00000000
0x00000000
0x00c41b73
0x00c41b78
0x00c41b79
0x00c41b7d
0x00c41b8b
0x00000000
0x00000000
0x00c41c29
0x00c41c2b
0x00c41c2d
0x00c41c30
0x00c41c32
0x00c41c33
0x00c41c35
0x00c41c3e
0x00c41c45
0x00000000
0x00000000
0x00c41bcc
0x00c41bce
0x00c41bd0
0x00c41bd3
0x00c41bd5
0x00c41bd6
0x00c41bd8
0x00c41be1
0x00c41be8
0x00000000
0x00000000
0x00c41b8e
0x00c41b90
0x00c41b92
0x00c41b95
0x00c41b97
0x00c41b98
0x00c41b9a
0x00c41ba3
0x00c41baa
0x00000000
0x00000000
0x00c41c48
0x00c41c4a
0x00c41c4c
0x00c41c4f
0x00c41c51
0x00c41c52
0x00c41c54
0x00c41c5d
0x00c41c64
0x00000000
0x00000000
0x00c41beb
0x00c41bed
0x00c41bef
0x00c41bf2
0x00c41bf4
0x00c41bf5
0x00c41bf7
0x00c41c00
0x00c41c07
0x00000000
0x00000000
0x00c41c67
0x00c41c69
0x00c41c6b
0x00c41c6e
0x00c41c72
0x00c41c73
0x00c41c76
0x00c41c79
0x00c41c7b
0x00c41c80
0x00c41c80
0x00c41c82
0x00c41c84
0x00c41c86
0x00c41c8b
0x00c41c8e
0x00c41c8e
0x00c41c90
0x00c41c98
0x00c41c9f
0x00000000
0x00000000
0x00c41b68
0x00c41979
0x00c41979
0x00c41b3e
0x00c41b48
0x00c41b56
0x00c4197f
0x00c4197f
0x00c41984
0x00c41a41
0x00c41a46
0x00c41b01
0x00c41b06
0x00000000
0x00c41b0c
0x00c41b10
0x00c41b13
0x00c41b1c
0x00c41b1c
0x00c41b29
0x00c41b37
0x00c41b37
0x00c41a4c
0x00c41a4c
0x00c41ad8
0x00c41adc
0x00c41af0
0x00c41afe
0x00c41a52
0x00c41a54
0x00c41a54
0x00c41a5a
0x00000000
0x00c41a5c
0x00c41a5c
0x00c41a5f
0x00000000
0x00000000
0x00000000
0x00000000
0x00c41a5f
0x00c41a5a
0x00c41a4c
0x00c4198a
0x00c4198a
0x00c41a65
0x00c41a65
0x00c41a69
0x00c41a6b
0x00c41a72
0x00c41ab3
0x00c41ac7
0x00c41ad5
0x00c41a74
0x00c41a74
0x00c41a77
0x00c41a88
0x00c41a92
0x00c41aa2
0x00c41ab0
0x00c41ab0
0x00c41990
0x00c41996
0x00c41ca2
0x00c41cbc
0x00c4199c
0x00c419a4
0x00000000
0x00c419b5
0x00c419c3
0x00000000
0x00000000
0x00c419fb
0x00c41a01
0x00c41a03
0x00c41a05
0x00c41a07
0x00c41a09
0x00c41a11
0x00c41a13
0x00c41a15
0x00c41a17
0x00c41a19
0x00c41a27
0x00c41a37
0x00c41a3e
0x00000000
0x00000000
0x00c419dd
0x00c419df
0x00c419e1
0x00c419e3
0x00c419e5
0x00c419eb
0x00c419f2
0x00000000
0x00000000
0x00c419cc
0x00c419d3
0x00c419da
0x00000000
0x00000000
0x00000000
0x00000000
0x00c419a4
0x00c41996
0x00c4198a
0x00c41984
0x00c41979
0x00000000

APIs

GetWindowLongA.USER32 ref: 00C41962
SetCursor.USER32(00000000), ref: 00C419CC
BeginPaint.USER32(?,?), ref: 00C419FB
EndPaint.USER32(?,?,?,?), ref: 00C41A27
ValidateRect.USER32(?,00000000,?,?,?,?), ref: 00C41A30
DefWindowProcA.USER32(?,?,?,?), ref: 00C41CAE

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: PaintWindow$BeginCursorLongProcRectValidate
String ID:
API String ID: 2859937035-0
Opcode ID: e4fdc3f902176d6ac5b53009c178188bae356afd7f2ba5b36d1e8f352cfddefb
Instruction ID: 8886865bf6e3e2dadd22fe0c40ff80af3102adffd62a3fce50afbee9c92ebcdc
Opcode Fuzzy Hash: e4fdc3f902176d6ac5b53009c178188bae356afd7f2ba5b36d1e8f352cfddefb
Instruction Fuzzy Hash: D5B16C353001148FC7089B68D85CAAEFBA5FF99351F04456AE986CB391CB729945CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 00C4C1B9 Relevance: 9.1, APIs: 6, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00C4C1B9(int _a4, char* _a8, int _a12, short* _a16, int _a20, int _a24, signed int _a28) {
				int _v8;
				intOrPtr _v20;
				short* _v28;
				short _v32;
				int _v36;
				short* _v40;
				void* _v56;
				int _t31;
				int _t32;
				int _t37;
				int _t43;
				int _t44;
				int _t45;
				void* _t53;
				short* _t60;
				int _t61;
				intOrPtr _t62;
				short* _t63;

				_push(0xffffffff);
				_push(0xc559a0);
				_push(E00C449C0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t62;
				_t63 = _t62 - 0x18;
				_v28 = _t63;
				_t31 =  *0xc707a0; // 0x1
				if(_t31 != 0) {
					L6:
					if(_t31 != 2) {
						if(_t31 != 1) {
							goto L18;
						} else {
							if(_a20 == 0) {
								_t44 =  *0xc70778; // 0x0
								_a20 = _t44;
							}
							asm("sbb eax, eax");
							_t37 = MultiByteToWideChar(_a20, ( ~_a28 & 0x00000008) + 1, _a8, _a12, 0, 0);
							_v36 = _t37;
							if(_t37 == 0) {
								goto L18;
							} else {
								_v8 = 0;
								E00C43290(_t37 + _t37 + 0x00000003 & 0x000000fc, _t53);
								_v28 = _t63;
								_t60 = _t63;
								_v40 = _t60;
								E00C4A950(_t60, 0, _t37 + _t37);
								_v8 = _v8 | 0xffffffff;
								if(_t60 == 0) {
									goto L18;
								} else {
									_t43 = MultiByteToWideChar(_a20, 1, _a8, _a12, _t60, _v36);
									if(_t43 == 0) {
										goto L18;
									} else {
										_t32 = GetStringTypeW(_a4, _t60, _t43, _a16);
									}
								}
							}
						}
					} else {
						_t45 = _a24;
						if(_t45 == 0) {
							_t45 =  *0xc70768; // 0x0
						}
						_t32 = GetStringTypeA(_t45, _a4, _a8, _a12, _a16);
					}
				} else {
					_push( &_v32);
					_t61 = 1;
					if(GetStringTypeW(_t61, 0xc55944, _t61, ??) == 0) {
						if(GetStringTypeA(0, _t61, 0xc55940, _t61,  &_v32) == 0) {
							L18:
							_t32 = 0;
						} else {
							_t31 = 2;
							goto L5;
						}
					} else {
						_t31 = _t61;
						L5:
						 *0xc707a0 = _t31;
						goto L6;
					}
				}
				 *[fs:0x0] = _v20;
				return _t32;
			}

0x00c4c1bc
0x00c4c1be
0x00c4c1c3
0x00c4c1ce
0x00c4c1cf
0x00c4c1d6
0x00c4c1dc
0x00c4c1df
0x00c4c1e8
0x00c4c228
0x00c4c22b
0x00c4c254
0x00000000
0x00c4c25a
0x00c4c25d
0x00c4c25f
0x00c4c264
0x00c4c264
0x00c4c274
0x00c4c27e
0x00c4c284
0x00c4c289
0x00000000
0x00c4c28b
0x00c4c28b
0x00c4c298
0x00c4c29d
0x00c4c2a0
0x00c4c2a2
0x00c4c2a8
0x00c4c2bd
0x00c4c2c3
0x00000000
0x00c4c2c5
0x00c4c2d4
0x00c4c2dc
0x00000000
0x00c4c2de
0x00c4c2e6
0x00c4c2e6
0x00c4c2dc
0x00c4c2c3
0x00c4c289
0x00c4c22d
0x00c4c22d
0x00c4c232
0x00c4c234
0x00c4c234
0x00c4c246
0x00c4c246
0x00c4c1ea
0x00c4c1ed
0x00c4c1f0
0x00c4c200
0x00c4c21a
0x00c4c2ee
0x00c4c2ee
0x00c4c220
0x00c4c222
0x00000000
0x00c4c222
0x00c4c202
0x00c4c202
0x00c4c223
0x00c4c223
0x00000000
0x00c4c223
0x00c4c200
0x00c4c2f6
0x00c4c301

APIs

GetStringTypeW.KERNEL32(00000001,00C55944,00000001,00000000,?,?,00000000,00C4816E,?,00000008), ref: 00C4C1F8
GetStringTypeA.KERNEL32(00000000,00000001,00C55940,00000001,?), ref: 00C4C212
GetStringTypeA.KERNEL32(00000000,?,?,00000008,?,?,?,00000000,00C4816E,?,00000008), ref: 00C4C246
MultiByteToWideChar.KERNEL32(00C4816E,?,?,00000008,00000000,00000000,?,?,00000000,00C4816E,?,00000008), ref: 00C4C27E
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?), ref: 00C4C2D4
GetStringTypeW.KERNEL32(?,?,00000000,?,?,?), ref: 00C4C2E6

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: StringType$ByteCharMultiWide
String ID:
API String ID: 3852931651-0
Opcode ID: 1afcd8d55fb660dbcfe48b7e522a3f3f95486dee07c1db54753c01ba9ad5edf6
Instruction ID: bfeb9dd65cc391cf8d3360570c9e8cf4e4f814ca85603e11ebada8fc7369fad4
Opcode Fuzzy Hash: 1afcd8d55fb660dbcfe48b7e522a3f3f95486dee07c1db54753c01ba9ad5edf6
Instruction Fuzzy Hash: 57416B76601219EFCF609FA4DC86EEE7B79FB09760F104529F911E2160C3B09A51DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CA8148 Relevance: 9.1, APIs: 6, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00CA8148(int _a4, char* _a8, int _a12, short* _a16, int _a20, int _a24, signed int _a28) {
				int _v8;
				intOrPtr _v20;
				short* _v28;
				short _v32;
				int _v36;
				short* _v40;
				void* _v56;
				int _t31;
				int _t32;
				int _t37;
				int _t43;
				int _t44;
				int _t45;
				void* _t53;
				short* _t60;
				int _t61;
				intOrPtr _t62;
				short* _t63;

				_push(0xffffffff);
				_push(0xcab5e8);
				_push(E00CA6E84);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t62;
				_t63 = _t62 - 0x18;
				_v28 = _t63;
				_t31 =  *0xcb337c; // 0x1
				if(_t31 != 0) {
					L6:
					if(_t31 != 2) {
						if(_t31 != 1) {
							goto L18;
						} else {
							if(_a20 == 0) {
								_t44 =  *0xcb33a4; // 0x0
								_a20 = _t44;
							}
							asm("sbb eax, eax");
							_t37 = MultiByteToWideChar(_a20, ( ~_a28 & 0x00000008) + 1, _a8, _a12, 0, 0);
							_v36 = _t37;
							if(_t37 == 0) {
								goto L18;
							} else {
								_v8 = 0;
								E00CA8090(_t37 + _t37 + 0x00000003 & 0x000000fc, _t53);
								_v28 = _t63;
								_t60 = _t63;
								_v40 = _t60;
								E00CA48B0(_t60, 0, _t37 + _t37);
								_v8 = _v8 | 0xffffffff;
								if(_t60 == 0) {
									goto L18;
								} else {
									_t43 = MultiByteToWideChar(_a20, 1, _a8, _a12, _t60, _v36);
									if(_t43 == 0) {
										goto L18;
									} else {
										_t32 = GetStringTypeW(_a4, _t60, _t43, _a16);
									}
								}
							}
						}
					} else {
						_t45 = _a24;
						if(_t45 == 0) {
							_t45 =  *0xcb3394; // 0x0
						}
						_t32 = GetStringTypeA(_t45, _a4, _a8, _a12, _a16);
					}
				} else {
					_push( &_v32);
					_t61 = 1;
					if(GetStringTypeW(_t61, 0xcab5e0, _t61, ??) == 0) {
						if(GetStringTypeA(0, _t61, 0xcab5dc, _t61,  &_v32) == 0) {
							L18:
							_t32 = 0;
						} else {
							_t31 = 2;
							goto L5;
						}
					} else {
						_t31 = _t61;
						L5:
						 *0xcb337c = _t31;
						goto L6;
					}
				}
				 *[fs:0x0] = _v20;
				return _t32;
			}

0x00ca814b
0x00ca814d
0x00ca8152
0x00ca815d
0x00ca815e
0x00ca8165
0x00ca816b
0x00ca816e
0x00ca8177
0x00ca81b7
0x00ca81ba
0x00ca81e3
0x00000000
0x00ca81e9
0x00ca81ec
0x00ca81ee
0x00ca81f3
0x00ca81f3
0x00ca8203
0x00ca820d
0x00ca8213
0x00ca8218
0x00000000
0x00ca821a
0x00ca821a
0x00ca8227
0x00ca822c
0x00ca822f
0x00ca8231
0x00ca8237
0x00ca824c
0x00ca8252
0x00000000
0x00ca8254
0x00ca8263
0x00ca826b
0x00000000
0x00ca826d
0x00ca8275
0x00ca8275
0x00ca826b
0x00ca8252
0x00ca8218
0x00ca81bc
0x00ca81bc
0x00ca81c1
0x00ca81c3
0x00ca81c3
0x00ca81d5
0x00ca81d5
0x00ca8179
0x00ca817c
0x00ca817f
0x00ca818f
0x00ca81a9
0x00ca827d
0x00ca827d
0x00ca81af
0x00ca81b1
0x00000000
0x00ca81b1
0x00ca8191
0x00ca8191
0x00ca81b2
0x00ca81b2
0x00000000
0x00ca81b2
0x00ca818f
0x00ca8285
0x00ca8290

APIs

GetStringTypeW.KERNEL32(00000001,00CAB5E0,00000001,-00000033,00000000,-00000003,-00000033,0000000C,-00000003,?,00000000,00CA4EC8,-00000003), ref: 00CA8187
GetStringTypeA.KERNEL32(00000000,00000001,00CAB5DC,00000001,?,?,00000000,00CA4EC8,-00000003), ref: 00CA81A1
GetStringTypeA.KERNEL32(-00000033,00CA4EC8,00000000,?,-00000003,00000000,-00000003,-00000033,0000000C,-00000003,?,00000000,00CA4EC8,-00000003), ref: 00CA81D5
MultiByteToWideChar.KERNEL32(0000000C,-00000002,00000000,?,00000000,00000000,00000000,-00000003,-00000033,0000000C,-00000003,?,00000000,00CA4EC8,-00000003), ref: 00CA820D
MultiByteToWideChar.KERNEL32(?,00000001,00000000,?,?,?,?,?,?,?,?,?,00000000,00CA4EC8), ref: 00CA8263
GetStringTypeW.KERNEL32(00CA4EC8,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00CA4EC8), ref: 00CA8275

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: StringType$ByteCharMultiWide
String ID:
API String ID: 3852931651-0
Opcode ID: 2e792a3902085edeea264564dc55208590030b6fd306d59642495722c2abb707
Instruction ID: 2c55c0032e059c2b7469f35e7a055cc75c7664f8fb845d999d3e3e6f6010d8df
Opcode Fuzzy Hash: 2e792a3902085edeea264564dc55208590030b6fd306d59642495722c2abb707
Instruction Fuzzy Hash: 95416E71A0021AAFCF118FA5DC85FAF7FB8EB06758F104525FA21D2160DB308E55CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00C37550 Relevance: 9.1, APIs: 6, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E00C37550(intOrPtr* __ecx, signed int __fp0) {
				char _v4;
				char _v12;
				signed long long _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed char _t40;
				signed int _t41;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t51;
				intOrPtr _t52;
				void* _t53;
				intOrPtr _t73;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed long long _t86;

				_t77 = __ecx;
				_push( &_v12);
				_push( &_v4);
				 *((intOrPtr*)( *__ecx + 0xe8))();
				asm("fild dword [esp+0x1c]");
				_t40 =  *(__ecx + 0xe4);
				_v28 = __fp0;
				asm("fild dword [esp+0x14]");
				_v16 =  *((intOrPtr*)(__ecx + 0xe8)) - _t40;
				_v32 = __fp0;
				asm("fild dword [esp+0x18]");
				_v16 =  *((intOrPtr*)(__ecx + 0xec)) - _t40;
				_v24 = __fp0;
				asm("fild dword [esp+0x18]");
				_t86 = __fp0 / _v24;
				_v16 = _t86;
				asm("fild dword [esi+0xf0]");
				asm("fcom dword [0xc50854]");
				asm("fnstsw ax");
				if((_t40 & 0x00000005) == 0) {
					st0 = _t86;
					_t86 =  *0xc50854;
				}
				_t41 =  *((intOrPtr*)(_t77 + 0xf4));
				if(_t41 == 0) {
					st0 = _t86;
					_t86 = _v24;
				}
				asm("fcom dword [0xc50854]");
				asm("fnstsw ax");
				if((_t41 & 0x00004100) != 0) {
					L10:
					st0 = _t86;
					return  *((intOrPtr*)( *_t77 + 0x30))();
				} else {
					if( *((intOrPtr*)(_t77 + 0xbc)) == 0) {
						asm("fdivr dword [esp+0xc]");
						_t46 = E00C43484();
						_t86 = st0 + st1;
						 *((intOrPtr*)(_t77 + 0xc0)) = _t46;
						_t47 = E00C43484();
						_t73 = _v12;
						 *((intOrPtr*)(_t77 + 0xc4)) = _t47;
						if(_t47 <= _t73) {
							goto L10;
						} else {
							 *((intOrPtr*)(_t77 + 0xc0)) = _t73 - E00C43484();
							 *((intOrPtr*)(_t77 + 0xc4)) = _t73;
							return  *((intOrPtr*)( *_t77 + 0x30))();
						}
					} else {
						asm("fdivr dword [esp+0x8]");
						_t51 = E00C43484();
						_t86 = st0 + st1;
						 *((intOrPtr*)(_t77 + 0xc0)) = _t51;
						_t52 = E00C43484();
						_t75 = _v20;
						 *((intOrPtr*)(_t77 + 0xc4)) = _t52;
						if(_t52 <= _t75) {
							goto L10;
						} else {
							_t53 = E00C43484();
							 *((intOrPtr*)(_t77 + 0xc4)) = _t75;
							 *((intOrPtr*)(_t77 + 0xc0)) = _t75 - _t53;
							return  *((intOrPtr*)( *_t77 + 0x30))();
						}
					}
				}
			}

0x00c37554
0x00c37561
0x00c37562
0x00c37565
0x00c3756b
0x00c3756f
0x00c37583
0x00c37587
0x00c3758b
0x00c37591
0x00c37595
0x00c37599
0x00c3759d
0x00c375a1
0x00c375a5
0x00c375a9
0x00c375ad
0x00c375b3
0x00c375b9
0x00c375be
0x00c375c0
0x00c375c2
0x00c375c2
0x00c375c8
0x00c375d0
0x00c375d2
0x00c375d4
0x00c375d4
0x00c375d8
0x00c375de
0x00c375e5
0x00c376a1
0x00c376a5
0x00c376af
0x00c375eb
0x00c375f3
0x00c3764b
0x00c3765f
0x00c37664
0x00c37666
0x00c3766c
0x00c37671
0x00c37675
0x00c3767d
0x00000000
0x00c3767f
0x00c3768c
0x00c37692
0x00c376a0
0x00c376a0
0x00c375f5
0x00c375f5
0x00c37609
0x00c3760e
0x00c37610
0x00c37616
0x00c3761b
0x00c3761f
0x00c37627
0x00000000
0x00c37629
0x00c37629
0x00c37630
0x00c3763a
0x00c3764a
0x00c3764a
0x00c37627
0x00c375f3

APIs

__ftol.LIBCMT ref: 00C37609
__ftol.LIBCMT ref: 00C37616
__ftol.LIBCMT ref: 00C37629
__ftol.LIBCMT ref: 00C3765F
__ftol.LIBCMT ref: 00C3766C
__ftol.LIBCMT ref: 00C3767F

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: __ftol
String ID:
API String ID: 495808979-0
Opcode ID: 27dbac4170aadd3f8882be635430f3543ac6e25655141030c3eb1e16cdedd100
Instruction ID: 5397710a954051db702eefb39ae02302cafdf8e8b5715a36086737aa009b3abb
Opcode Fuzzy Hash: 27dbac4170aadd3f8882be635430f3543ac6e25655141030c3eb1e16cdedd100
Instruction Fuzzy Hash: 404179B4A087019FC715AF29C55969ABFF0FFC4340F618D4DE4DA93296E73094688A82

Uniqueness

Uniqueness Score: -1.00%

Function 00C40510 Relevance: 9.1, APIs: 6, Instructions: 100
windowCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00C40510(intOrPtr __ecx, void* __edi, char _a4) {
				intOrPtr _v4;
				intOrPtr* _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v48;
				intOrPtr* _t18;
				intOrPtr _t30;
				void* _t32;
				void* _t48;
				void* _t49;
				void* _t50;
				intOrPtr* _t52;
				intOrPtr _t54;

				_push(0xffffffff);
				_push(E00C4E47B);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t54;
				_t18 = _a4;
				_t30 = __ecx;
				_push(0x38);
				_v24 = __ecx;
				 *((intOrPtr*)(__ecx)) = 0xc4f224;
				 *((intOrPtr*)(__ecx + 0x10)) = _t18;
				L00C3E340();
				_t52 = _t18;
				_v16 = _t52;
				_t58 = _t52;
				_v4 = 0;
				if(_t52 == 0) {
					_t52 = 0;
					__eflags = 0;
				} else {
					E00C23840(_t52, _t58);
					 *_t52 = 0xc5521c;
					if( *((intOrPtr*)(__ecx + 0x10)) != 1) {
						 *((intOrPtr*)(_t52 + 0x30)) = 8;
						 *((intOrPtr*)(_t52 + 0x34)) = 8;
						E00C23860(_t52, 0x10, 0x10);
						_t32 = 0;
						do {
							_t48 = 0;
							do {
								_push(0);
								_push(0);
								E00C238A0(_t52, _t48, _t32, 0, 0);
								_t48 = _t48 + 1;
							} while (_t48 < 0x10);
							_t32 = _t32 + 1;
						} while (_t32 < 0x10);
						_t49 = 0;
						do {
							_push(0xff);
							_push(0);
							E00C238A0(_t52, _t49, 8, 0, 0xff);
							_t49 = _t49 + 1;
						} while (_t49 < 0x10);
						_t50 = 0;
						do {
							_push(0xff);
							_push(0xff);
							E00C238A0(_t52, 8, _t50, 0, 0);
							_t50 = _t50 + 1;
						} while (_t50 < 0x10);
						_t30 = _v48;
					}
				}
				_v4 = 0xffffffff;
				 *((intOrPtr*)( *_t52 + 0x64))( &_v20,  &_a4);
				E00C280E0(_t30, _t52, _v28, _v4);
				 *[fs:0x0] = _v32;
				return _t30;
			}

0x00c40510
0x00c40512
0x00c4051d
0x00c4051e
0x00c40528
0x00c4052d
0x00c40530
0x00c40532
0x00c40536
0x00c4053c
0x00c4053f
0x00c40544
0x00c40549
0x00c4054d
0x00c4054f
0x00c40557
0x00c405f4
0x00c405f4
0x00c4055d
0x00c40563
0x00c4056b
0x00c40571
0x00c40579
0x00c40580
0x00c40587
0x00c4058c
0x00c4058e
0x00c4058e
0x00c40590
0x00c40590
0x00c40592
0x00c4059c
0x00c405a1
0x00c405a2
0x00c405a7
0x00c405a8
0x00c405ad
0x00c405af
0x00c405af
0x00c405b4
0x00c405c2
0x00c405c7
0x00c405c8
0x00c405cd
0x00c405cf
0x00c405cf
0x00c405d4
0x00c405e2
0x00c405e7
0x00c405e8
0x00c405ed
0x00c405ed
0x00c405f1
0x00c40604
0x00c4060c
0x00c4061c
0x00c40629
0x00c40633

APIs

??0Bitmap@vgui@@QAE@XZ.VGUI(00000000), ref: 00C40563

Part of subcall function 00C23840: ??0Image@vgui@@QAE@XZ.VGUI(00000000,00C40568,00000000), ref: 00C23843

?setSize@Bitmap@vgui@@MAEXHH@Z.VGUI(00000010,00000010,00000000), ref: 00C40587

Part of subcall function 00C23860: ?setSize@Image@vgui@@MAEXHH@Z.VGUI(?,?,?,00000000,00000000,00C4058C,00000010,00000010,00000000), ref: 00C2386F

?setRGBA@Bitmap@vgui@@MAEXHHEEEE@Z.VGUI(00000000,00000000,00000000,00000000,00000000,00000000,00000010,00000010,00000000), ref: 00C4059C
?setRGBA@Bitmap@vgui@@MAEXHHEEEE@Z.VGUI(00000000,00000008,00000000,000000FF,00000000,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000010,00000010,00000000), ref: 00C405C2
?setRGBA@Bitmap@vgui@@MAEXHHEEEE@Z.VGUI(00000008,00000000,00000000,00000000,000000FF,000000FF,00000000,00000008,00000000,000000FF,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 00C405E2
?privateInit@Cursor@vgui@@EAEXPAVBitmap@2@HH@Z.VGUI(00000000,?,?), ref: 00C4061C

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ?setBitmap@vgui@@$Image@vgui@@Size@$?privateBitmap@2@Cursor@vgui@@Init@
String ID:
API String ID: 3812526404-0
Opcode ID: c0bfb094422a7d165ad813c2cbaa716effc9c723e11951e15811ce3e2631eee4
Instruction ID: c239b93c66b43840d3bcaffb6ea58fe6e9d3a046f57ce9e2b2f674550d22c284
Opcode Fuzzy Hash: c0bfb094422a7d165ad813c2cbaa716effc9c723e11951e15811ce3e2631eee4
Instruction Fuzzy Hash: F131C2B13807116BE3209E198C86F2FB7D5FBC4F00F20492EF6959B6C1CAB499059B95

Uniqueness

Uniqueness Score: -1.00%

Function 00C46ACB Relevance: 9.1, APIs: 6, Instructions: 56
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C46ACB() {
				intOrPtr _t4;
				void* _t6;
				void* _t9;
				void* _t14;
				intOrPtr* _t18;
				void** _t19;
				void* _t24;
				void* _t25;

				_t4 =  *0xc70ba4; // 0x1
				if(_t4 != 3) {
					if(_t4 == 2) {
						_t18 = 0xc6c5f0;
						do {
							_t3 = _t18 + 0x10; // 0xffffffff
							_t6 =  *_t3;
							if(_t6 != 0) {
								VirtualFree(_t6, 0, 0x8000);
							}
							_t18 =  *_t18;
						} while (_t18 != 0xc6c5f0);
					}
				} else {
					_t14 = 0;
					_t24 =  *0xc70b94 - _t14; // 0x0
					if(_t24 > 0) {
						_t9 =  *0xc70b98; // 0x0
						_t1 = _t9 + 0xc; // 0xc
						_t19 = _t1;
						do {
							VirtualFree( *_t19, 0x100000, 0x4000);
							VirtualFree( *_t19, 0, 0x8000);
							HeapFree( *0xc70ba0, 0, _t19[1]);
							_t19 =  &(_t19[5]);
							_t14 = _t14 + 1;
							_t25 = _t14 -  *0xc70b94; // 0x0
						} while (_t25 < 0);
					}
					HeapFree( *0xc70ba0, 0,  *0xc70b98);
				}
				return HeapDestroy( *0xc70ba0);
			}

0x00c46acb
0x00c46ad5
0x00c46b40
0x00c46b47
0x00c46b49
0x00c46b49
0x00c46b49
0x00c46b4e
0x00c46b58
0x00c46b58
0x00c46b5e
0x00c46b60
0x00c46b49
0x00c46ad7
0x00c46ad8
0x00c46ada
0x00c46ae7
0x00c46ae9
0x00c46af4
0x00c46af4
0x00c46af7
0x00c46b03
0x00c46b0e
0x00c46b1b
0x00c46b1d
0x00c46b20
0x00c46b21
0x00c46b21
0x00c46af7
0x00c46b37
0x00c46b3a
0x00c46b72

APIs

VirtualFree.KERNEL32(0000000C,00100000,00004000,?,?,?,?,00C43BC4,00C43C18,?,?,?), ref: 00C46B03
VirtualFree.KERNEL32(0000000C,00000000,00008000,?,?,?,?,00C43BC4,00C43C18,?,?,?), ref: 00C46B0E
HeapFree.KERNEL32(00000000,?,?,?,?,?,00C43BC4,00C43C18,?,?,?), ref: 00C46B1B
HeapFree.KERNEL32(00000000,?,?,?,?,00C43BC4,00C43C18,?,?,?), ref: 00C46B37
VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000,?,?,00C43BC4,00C43C18,?,?,?), ref: 00C46B58
HeapDestroy.KERNEL32(?,?,00C43BC4,00C43C18,?,?,?), ref: 00C46B6A

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Free$HeapVirtual$Destroy
String ID:
API String ID: 716807051-0
Opcode ID: 1185a07c65cb09716a4299b3471d13b455b84b67289fe2295d968497613ecc36
Instruction ID: 357dcd1923fcf86d6141d13b91a0da6dce129bcbf609b4006d1cb768266efee9
Opcode Fuzzy Hash: 1185a07c65cb09716a4299b3471d13b455b84b67289fe2295d968497613ecc36
Instruction Fuzzy Hash: 27115B79250604EFDB319B14EC86F19BBA1F782724F314025F699A70A4C772AA81EB19

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3DE7 Relevance: 9.1, APIs: 6, Instructions: 56
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CA3DE7() {
				intOrPtr _t4;
				void* _t6;
				void* _t9;
				void* _t14;
				intOrPtr* _t18;
				void** _t19;
				void* _t24;
				void* _t25;

				_t4 =  *0xcb3688; // 0x1
				if(_t4 != 3) {
					if(_t4 == 2) {
						_t18 = 0xcac9f0;
						do {
							_t3 = _t18 + 0x10; // 0xffffffff
							_t6 =  *_t3;
							if(_t6 != 0) {
								VirtualFree(_t6, 0, 0x8000);
							}
							_t18 =  *_t18;
						} while (_t18 != 0xcac9f0);
					}
				} else {
					_t14 = 0;
					_t24 =  *0xcb3678 - _t14; // 0x0
					if(_t24 > 0) {
						_t9 =  *0xcb367c; // 0x0
						_t1 = _t9 + 0xc; // 0xc
						_t19 = _t1;
						do {
							VirtualFree( *_t19, 0x100000, 0x4000);
							VirtualFree( *_t19, 0, 0x8000);
							HeapFree( *0xcb3684, 0, _t19[1]);
							_t19 =  &(_t19[5]);
							_t14 = _t14 + 1;
							_t25 = _t14 -  *0xcb3678; // 0x0
						} while (_t25 < 0);
					}
					HeapFree( *0xcb3684, 0,  *0xcb367c);
				}
				return HeapDestroy( *0xcb3684);
			}

0x00ca3de7
0x00ca3df1
0x00ca3e5c
0x00ca3e63
0x00ca3e65
0x00ca3e65
0x00ca3e65
0x00ca3e6a
0x00ca3e74
0x00ca3e74
0x00ca3e7a
0x00ca3e7c
0x00ca3e65
0x00ca3df3
0x00ca3df4
0x00ca3df6
0x00ca3e03
0x00ca3e05
0x00ca3e10
0x00ca3e10
0x00ca3e13
0x00ca3e1f
0x00ca3e2a
0x00ca3e37
0x00ca3e39
0x00ca3e3c
0x00ca3e3d
0x00ca3e3d
0x00ca3e13
0x00ca3e53
0x00ca3e56
0x00ca3e8e

APIs

VirtualFree.KERNEL32(0000000C,00100000,00004000,?,?,?,?,00CA1AC8,00CA1B1C,?,?,?), ref: 00CA3E1F
VirtualFree.KERNEL32(0000000C,00000000,00008000,?,?,?,?,00CA1AC8,00CA1B1C,?,?,?), ref: 00CA3E2A
HeapFree.KERNEL32(00000000,?,?,?,?,?,00CA1AC8,00CA1B1C,?,?,?), ref: 00CA3E37
HeapFree.KERNEL32(00000000,?,?,?,?,00CA1AC8,00CA1B1C,?,?,?), ref: 00CA3E53
VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000,?,?,00CA1AC8,00CA1B1C,?,?,?), ref: 00CA3E74
HeapDestroy.KERNEL32(?,?,00CA1AC8,00CA1B1C,?,?,?), ref: 00CA3E86

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: Free$HeapVirtual$Destroy
String ID:
API String ID: 716807051-0
Opcode ID: b409b5e49228de2361319e130a9f388dc9f46db2c9926029688c2f6f7b46429d
Instruction ID: fb2555e33bda4caf4885ded0fbc12803fc5991a1fa74c129418ce023f0f894e3
Opcode Fuzzy Hash: b409b5e49228de2361319e130a9f388dc9f46db2c9926029688c2f6f7b46429d
Instruction Fuzzy Hash: C711A135240285FFDB328F24EC8AF1AB765F755714F220619FA60672A1C732BE008B54

Uniqueness

Uniqueness Score: -1.00%

Function 00C40050 Relevance: 9.1, APIs: 6, Instructions: 55
clipboardmemoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C40050() {
				int _t8;
				int _t13;
				void* _t21;
				signed int _t23;
				signed int _t24;
				signed int _t30;
				void* _t35;
				long _t37;
				void* _t39;
				void* _t49;
				unsigned int _t51;
				void* _t52;

				_t8 =  *(_t52 + 4);
				if(_t8 == 0) {
					L7:
					return _t8;
				}
				_t51 =  *(_t52 + 0xc);
				if(_t51 <= 0) {
					goto L7;
				}
				_t8 = OpenClipboard(0);
				if(_t8 == 0) {
					goto L7;
				}
				_t37 = _t51 + 1;
				_t21 = GlobalAlloc(0x2002, _t37);
				if(_t21 != 0) {
					_t35 = GlobalLock(_t21);
					if(_t35 != 0) {
						_t23 = _t37;
						_t39 = _t35;
						_t24 = _t23 >> 2;
						_t13 = memset(_t39, 0, _t24 << 2);
						_t49 =  *(_t52 + 0x24);
						memset(_t39 + _t24, _t13, (_t23 & 0x00000003) << 0);
						_t30 = _t51 >> 2;
						memcpy(_t49 + _t30 + _t30, _t49, memcpy(_t35, _t49, _t30 << 2) & 0x00000003);
						GlobalUnlock(_t21);
						SetClipboardData(1, _t21);
					}
				}
				return CloseClipboard();
			}

0x00c40050
0x00c40057
0x00c400d6
0x00c400d6
0x00c400d6
0x00c40059
0x00c4005f
0x00000000
0x00000000
0x00c40063
0x00c4006b
0x00000000
0x00000000
0x00c4006f
0x00c4007e
0x00c40082
0x00c4008b
0x00c4008f
0x00c40091
0x00c40098
0x00c4009b
0x00c4009e
0x00c400a2
0x00c400a9
0x00c400b1
0x00c400bb
0x00c400bd
0x00c400c6
0x00c400cc
0x00c4008f
0x00000000

APIs

OpenClipboard.USER32(00000000), ref: 00C40063
GlobalAlloc.KERNEL32(00002002,?), ref: 00C40078
GlobalLock.KERNEL32 ref: 00C40085
GlobalUnlock.KERNEL32(00000000), ref: 00C400BD
SetClipboardData.USER32 ref: 00C400C6
CloseClipboard.USER32 ref: 00C400CD

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ClipboardGlobal$AllocCloseDataLockOpenUnlock
String ID:
API String ID: 2188462553-0
Opcode ID: d0c1d1bbb636829f0a5457af7cc97a7d043174b30b56a3568bde62d1e79b45f6
Instruction ID: 707f9f813ec5389e76665ef84c0e838f7be42aa7af342fd0075a799278959d11
Opcode Fuzzy Hash: d0c1d1bbb636829f0a5457af7cc97a7d043174b30b56a3568bde62d1e79b45f6
Instruction Fuzzy Hash: 2901B13630060AABDB286A69AC19B6F7ADAFBC9721F14403CBA16D3250DE71CD05C660

Uniqueness

Uniqueness Score: -1.00%

Function 00C46926 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00C46926(void* __ecx, void* __eflags) {
				char _v8;
				struct _OSVERSIONINFOA _v156;
				char _v416;
				char _v4656;
				void* _t24;
				CHAR* _t32;
				void* _t33;
				intOrPtr* _t34;
				void* _t35;
				char _t36;
				char _t38;
				void* _t40;
				char* _t44;
				char* _t45;
				char* _t50;

				E00C43290(0x122c, __ecx);
				_v156.dwOSVersionInfoSize = 0x94;
				if(GetVersionExA( &_v156) != 0 && _v156.dwPlatformId == 2 && _v156.dwMajorVersion >= 5) {
					_t40 = 1;
					return _t40;
				}
				if(GetEnvironmentVariableA("__MSVCRT_HEAP_SELECT",  &_v4656, 0x1090) == 0) {
					L28:
					_t24 = E00C468F9( &_v8);
					asm("sbb eax, eax");
					return _t24 + 3;
				}
				_t44 =  &_v4656;
				if(_v4656 != 0) {
					do {
						_t38 =  *_t44;
						if(_t38 >= 0x61 && _t38 <= 0x7a) {
							 *_t44 = _t38 - 0x20;
						}
						_t44 = _t44 + 1;
					} while ( *_t44 != 0);
				}
				if(E00C4B270("__GLOBAL_HEAP_SELECTED",  &_v4656, 0x16) != 0) {
					GetModuleFileNameA(0,  &_v416, 0x104);
					_t45 =  &_v416;
					if(_v416 != 0) {
						do {
							_t36 =  *_t45;
							if(_t36 >= 0x61 && _t36 <= 0x7a) {
								 *_t45 = _t36 - 0x20;
							}
							_t45 = _t45 + 1;
						} while ( *_t45 != 0);
					}
					_t32 = E00C4B1F0( &_v4656,  &_v416);
				} else {
					_t32 =  &_v4656;
				}
				if(_t32 == 0) {
					goto L28;
				}
				_t33 = E00C4B130(_t32, 0x2c);
				if(_t33 == 0) {
					goto L28;
				}
				_t34 = _t33 + 1;
				_t50 = _t34;
				if( *_t34 != 0) {
					do {
						if( *_t50 != 0x3b) {
							_t50 = _t50 + 1;
						} else {
							 *_t50 = 0;
						}
					} while ( *_t50 != 0);
				}
				_t35 = E00C4AEFE(_t34, 0, 0xa);
				if(_t35 != 2 && _t35 != 3 && _t35 != 1) {
					goto L28;
				}
				return _t35;
			}

0x00c4692e
0x00c4693b
0x00c4694d
0x00c46963
0x00000000
0x00c46963
0x00c46982
0x00c46a58
0x00c46a5c
0x00c46a66
0x00000000
0x00c46a68
0x00c4698a
0x00c46996
0x00c46998
0x00c46998
0x00c4699c
0x00c469a4
0x00c469a4
0x00c469a6
0x00c469a7
0x00c46998
0x00c469c3
0x00c469da
0x00c469e6
0x00c469ec
0x00c469ee
0x00c469ee
0x00c469f2
0x00c469fa
0x00c469fa
0x00c469fc
0x00c469fd
0x00c469ee
0x00c46a0f
0x00c469c5
0x00c469c5
0x00c469c5
0x00c46a18
0x00000000
0x00000000
0x00c46a1d
0x00c46a26
0x00000000
0x00000000
0x00c46a28
0x00c46a29
0x00c46a2d
0x00c46a2f
0x00c46a32
0x00c46a38
0x00c46a34
0x00c46a34
0x00c46a34
0x00c46a39
0x00c46a2f
0x00c46a41
0x00c46a4c
0x00000000
0x00000000
0x00c46a6d

APIs

GetVersionExA.KERNEL32 ref: 00C46945
GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00C4697A
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00C469DA

Strings

__GLOBAL_HEAP_SELECTED, xrefs: 00C469B4
__MSVCRT_HEAP_SELECT, xrefs: 00C46975

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: EnvironmentFileModuleNameVariableVersion
String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
API String ID: 1385375860-4131005785
Opcode ID: 663cb006d67a3abc964d6c17bd7218d43921e82d78051b74e3b018c220aab8e0
Instruction ID: 1d563a22cfc8339cd03f6b9ae3be9785cd1508b26860643fc667301e78efde92
Opcode Fuzzy Hash: 663cb006d67a3abc964d6c17bd7218d43921e82d78051b74e3b018c220aab8e0
Instruction Fuzzy Hash: 963155729413886DEB3196709C55BDD37A8BB17304F2484E9E185E608AE770DFCAEB13

Uniqueness

Uniqueness Score: -1.00%

Function 00CA3C42 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00CA3C42(void* __ecx, void* __eflags) {
				char _v8;
				struct _OSVERSIONINFOA _v156;
				char _v416;
				char _v4656;
				void* _t24;
				CHAR* _t32;
				void* _t33;
				intOrPtr* _t34;
				void* _t35;
				char _t36;
				char _t38;
				void* _t40;
				char* _t44;
				char* _t45;
				char* _t50;

				E00CA8090(0x122c, __ecx);
				_v156.dwOSVersionInfoSize = 0x94;
				if(GetVersionExA( &_v156) != 0 && _v156.dwPlatformId == 2 && _v156.dwMajorVersion >= 5) {
					_t40 = 1;
					return _t40;
				}
				if(GetEnvironmentVariableA("__MSVCRT_HEAP_SELECT",  &_v4656, 0x1090) == 0) {
					L28:
					_t24 = E00CA3C15( &_v8);
					asm("sbb eax, eax");
					return _t24 + 3;
				}
				_t44 =  &_v4656;
				if(_v4656 != 0) {
					do {
						_t38 =  *_t44;
						if(_t38 >= 0x61 && _t38 <= 0x7a) {
							 *_t44 = _t38 - 0x20;
						}
						_t44 = _t44 + 1;
					} while ( *_t44 != 0);
				}
				if(E00CA8050("__GLOBAL_HEAP_SELECTED",  &_v4656, 0x16) != 0) {
					GetModuleFileNameA(0,  &_v416, 0x104);
					_t45 =  &_v416;
					if(_v416 != 0) {
						do {
							_t36 =  *_t45;
							if(_t36 >= 0x61 && _t36 <= 0x7a) {
								 *_t45 = _t36 - 0x20;
							}
							_t45 = _t45 + 1;
						} while ( *_t45 != 0);
					}
					_t32 = E00CA7FD0( &_v4656,  &_v416);
				} else {
					_t32 =  &_v4656;
				}
				if(_t32 == 0) {
					goto L28;
				}
				_t33 = E00CA7F10(_t32, 0x2c);
				if(_t33 == 0) {
					goto L28;
				}
				_t34 = _t33 + 1;
				_t50 = _t34;
				if( *_t34 != 0) {
					do {
						if( *_t50 != 0x3b) {
							_t50 = _t50 + 1;
						} else {
							 *_t50 = 0;
						}
					} while ( *_t50 != 0);
				}
				_t35 = E00CA7CD5(_t34, 0, 0xa);
				if(_t35 != 2 && _t35 != 3 && _t35 != 1) {
					goto L28;
				}
				return _t35;
			}

0x00ca3c4a
0x00ca3c57
0x00ca3c69
0x00ca3c7f
0x00000000
0x00ca3c7f
0x00ca3c9e
0x00ca3d74
0x00ca3d78
0x00ca3d82
0x00000000
0x00ca3d84
0x00ca3ca6
0x00ca3cb2
0x00ca3cb4
0x00ca3cb4
0x00ca3cb8
0x00ca3cc0
0x00ca3cc0
0x00ca3cc2
0x00ca3cc3
0x00ca3cb4
0x00ca3cdf
0x00ca3cf6
0x00ca3d02
0x00ca3d08
0x00ca3d0a
0x00ca3d0a
0x00ca3d0e
0x00ca3d16
0x00ca3d16
0x00ca3d18
0x00ca3d19
0x00ca3d0a
0x00ca3d2b
0x00ca3ce1
0x00ca3ce1
0x00ca3ce1
0x00ca3d34
0x00000000
0x00000000
0x00ca3d39
0x00ca3d42
0x00000000
0x00000000
0x00ca3d44
0x00ca3d45
0x00ca3d49
0x00ca3d4b
0x00ca3d4e
0x00ca3d54
0x00ca3d50
0x00ca3d50
0x00ca3d50
0x00ca3d55
0x00ca3d4b
0x00ca3d5d
0x00ca3d68
0x00000000
0x00000000
0x00ca3d89

APIs

GetVersionExA.KERNEL32 ref: 00CA3C61
GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00CA3C96
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00CA3CF6

Strings

__GLOBAL_HEAP_SELECTED, xrefs: 00CA3CD0
__MSVCRT_HEAP_SELECT, xrefs: 00CA3C91

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: EnvironmentFileModuleNameVariableVersion
String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
API String ID: 1385375860-4131005785
Opcode ID: efb1d95a43604629f1d81428057066762071e28c144c60bf0d99085309d88a17
Instruction ID: 8bebe80ac7e9716d98518799a625e73f577f37b8eacf5fc2fd384d4d8b7345fb
Opcode Fuzzy Hash: efb1d95a43604629f1d81428057066762071e28c144c60bf0d99085309d88a17
Instruction Fuzzy Hash: 2E314871D152CAAEEB3186B09C66BDD7B789B0331CF2405D9F155D6142E6319F89CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00C25250 Relevance: 7.7, APIs: 5, Instructions: 226
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00C25250(intOrPtr* __ecx) {
				signed int _v4;
				intOrPtr _v12;
				void* _v16;
				void* __edi;
				signed int _t85;
				void* _t86;
				signed int _t90;
				void* _t91;
				int _t93;
				signed int _t95;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;
				intOrPtr _t101;
				void* _t108;
				void* _t109;
				signed int _t113;
				signed int _t114;
				signed int _t120;
				signed int _t121;
				signed int _t127;
				signed int _t128;
				signed int _t131;
				signed int _t153;
				signed int _t158;
				void* _t159;
				signed int _t163;
				void* _t164;
				void* _t165;
				signed int _t166;
				signed int _t167;
				intOrPtr* _t170;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				intOrPtr _t178;

				_push(0xffffffff);
				_push(E00C4DC27);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t178;
				_push(__ecx);
				_t170 = __ecx;
				 *((intOrPtr*)(__ecx + 0x40)) = 0;
				 *((intOrPtr*)(__ecx + 0x44)) = 0;
				 *((intOrPtr*)(__ecx + 0x48)) = 0;
				_t173 = 1;
				do {
					_t173 = _t173 + _t173;
				} while (_t173 < 4);
				_t153 = _t173 * 4;
				_push(_t153);
				L00C3E340();
				if(0 == 0) {
					E00C4292B(0);
				}
				_t113 = _t153;
				_t114 = _t113 >> 2;
				memset(0 + _t114, memset(0, 0, _t114 << 2), (_t113 & 0x00000003) << 0);
				_t85 = 0;
				 *(_t170 + 0x44) = _t173;
				if( *((intOrPtr*)(_t170 + 0x40)) > 0) {
					do {
						_t85 = _t85 + 1;
						 *((intOrPtr*)(0 + _t85 * 4 - 4)) =  *((intOrPtr*)( *(_t170 + 0x48) + _t85 * 4 - 4));
					} while (_t85 <  *((intOrPtr*)(_t170 + 0x40)));
				}
				_t86 =  *(_t170 + 0x48);
				_push(_t86);
				L00C3E350();
				 *(_t170 + 0x48) = 0;
				 *((intOrPtr*)(_t170 + 0x4c)) = 0;
				 *(_t170 + 0x50) = 0;
				 *(_t170 + 0x54) = 0;
				_t174 = 1;
				do {
					_t174 = _t174 + _t174;
				} while (_t174 < 4);
				_t158 = _t174 * 4;
				_push(_t158);
				L00C3E340();
				_t108 = _t86;
				if(_t108 == 0) {
					E00C4292B(_t86);
				}
				_t120 = _t158;
				_t159 = _t108;
				_t121 = _t120 >> 2;
				memset(_t159 + _t121, memset(_t159, 0, _t121 << 2), (_t120 & 0x00000003) << 0);
				_t90 = 0;
				 *(_t170 + 0x50) = _t174;
				if( *((intOrPtr*)(_t170 + 0x4c)) > 0) {
					do {
						_t90 = _t90 + 1;
						 *((intOrPtr*)(_t108 + _t90 * 4 - 4)) =  *((intOrPtr*)( *(_t170 + 0x54) + _t90 * 4 - 4));
					} while (_t90 <  *((intOrPtr*)(_t170 + 0x4c)));
				}
				_t91 =  *(_t170 + 0x54);
				_push(_t91);
				L00C3E350();
				 *(_t170 + 0x54) = _t108;
				 *((intOrPtr*)(_t170 + 0x58)) = 0;
				 *(_t170 + 0x5c) = 0;
				 *(_t170 + 0x60) = 0;
				_t175 = 1;
				do {
					_t175 = _t175 + _t175;
				} while (_t175 < 4);
				_t163 = _t175 * 4;
				_push(_t163);
				L00C3E340();
				_t109 = _t91;
				if(_t109 == 0) {
					E00C4292B(_t91);
				}
				_t127 = _t163;
				_t164 = _t109;
				_t128 = _t127 >> 2;
				_t93 = memset(_t164, 0, _t128 << 2);
				_t165 = _t164 + _t128;
				_t131 = _t127 & 0x00000003;
				memset(_t165, _t93, _t131 << 0);
				_t166 = _t165 + _t131;
				 *(_t170 + 0x5c) = _t175;
				_t95 = 0;
				if( *((intOrPtr*)(_t170 + 0x58)) > 0) {
					do {
						_t95 = _t95 + 1;
						 *((intOrPtr*)(_t109 + _t95 * 4 - 4)) =  *((intOrPtr*)( *(_t170 + 0x60) + _t95 * 4 - 4));
					} while (_t95 <  *((intOrPtr*)(_t170 + 0x58)));
				}
				_t96 =  *(_t170 + 0x60);
				_push(_t96);
				L00C3E350();
				 *(_t170 + 0x60) = _t109;
				_push(0x14);
				 *_t170 = 0xc4f8c0;
				 *((char*)(_t170 + 4)) = 0;
				 *(_t170 + 8) = 4;
				 *(_t170 + 0xc) = 4;
				L00C3E340();
				_v16 = _t96;
				_v4 = 0;
				if(_t96 == 0) {
					_t97 = 0;
				} else {
					_t97 = E00C40510(_t96, _t166, 7);
				}
				_t167 = _t166 | 0xffffffff;
				_push(0x14);
				_v4 = _t167;
				 *((intOrPtr*)(_t170 + 0x10)) = _t97;
				L00C3E340();
				_v16 = _t97;
				_v4 = 1;
				if(_t97 == 0) {
					_t98 = 0;
				} else {
					_t98 = E00C40510(_t97, _t167, 8);
				}
				_push(0x14);
				_v4 = _t167;
				 *((intOrPtr*)(_t170 + 0x14)) = _t98;
				L00C3E340();
				_v16 = _t98;
				_v4 = 2;
				if(_t98 == 0) {
					_t99 = 0;
				} else {
					_t99 = E00C40510(_t98, _t167, 9);
				}
				_push(0x14);
				_v4 = _t167;
				 *((intOrPtr*)(_t170 + 0x18)) = _t99;
				L00C3E340();
				_v16 = _t99;
				_v4 = 3;
				if(_t99 == 0) {
					_t100 = 0;
				} else {
					_t100 = E00C40510(_t99, _t167, 0xa);
				}
				_push(0x14);
				_v4 = _t167;
				 *(_t170 + 0x1c) = _t100;
				L00C3E340();
				_v16 = _t100;
				_v4 = 4;
				if(_t100 == 0) {
					_t101 = 0;
				} else {
					_t101 = E00C40510(_t100, _t167, 0xb);
				}
				 *((intOrPtr*)(_t170 + 0x20)) = _t101;
				 *((intOrPtr*)(_t170 + 0x3c)) = 0;
				 *((char*)(_t170 + 0x24)) = 0;
				 *[fs:0x0] = _v12;
				return _t170;
			}

0x00c25250
0x00c25252
0x00c2525d
0x00c2525e
0x00c25265
0x00c25269
0x00c2526e
0x00c25271
0x00c25274
0x00c25277
0x00c2527c
0x00c2527c
0x00c2527e
0x00c25283
0x00c2528a
0x00c2528b
0x00c25297
0x00c2529a
0x00c2529a
0x00c2529f
0x00c252a7
0x00c252b1
0x00c252b8
0x00c252bc
0x00c252bf
0x00c252c1
0x00c252c4
0x00c252c9
0x00c252d0
0x00c252c1
0x00c252d4
0x00c252d7
0x00c252d8
0x00c252dd
0x00c252e3
0x00c252e6
0x00c252e9
0x00c252ec
0x00c252f1
0x00c252f1
0x00c252f3
0x00c252f8
0x00c252ff
0x00c25300
0x00c25305
0x00c2530c
0x00c2530f
0x00c2530f
0x00c25314
0x00c2531a
0x00c2531c
0x00c25326
0x00c2532d
0x00c25331
0x00c25334
0x00c25336
0x00c25339
0x00c2533e
0x00c25345
0x00c25336
0x00c25349
0x00c2534c
0x00c2534d
0x00c25352
0x00c25358
0x00c2535b
0x00c2535e
0x00c25361
0x00c25366
0x00c25366
0x00c25368
0x00c2536d
0x00c25374
0x00c25375
0x00c2537a
0x00c25381
0x00c25384
0x00c25384
0x00c25389
0x00c2538f
0x00c25391
0x00c25394
0x00c25394
0x00c25398
0x00c2539b
0x00c2539b
0x00c253a0
0x00c253a5
0x00c253a9
0x00c253ab
0x00c253ae
0x00c253b3
0x00c253ba
0x00c253ab
0x00c253be
0x00c253c1
0x00c253c2
0x00c253c7
0x00c253cf
0x00c253d1
0x00c253d7
0x00c253db
0x00c253de
0x00c253e1
0x00c253e9
0x00c253ef
0x00c253f3
0x00c25400
0x00c253f5
0x00c253f9
0x00c253f9
0x00c25402
0x00c25405
0x00c25407
0x00c2540b
0x00c2540e
0x00c25416
0x00c2541c
0x00c25424
0x00c25431
0x00c25426
0x00c2542a
0x00c2542a
0x00c25433
0x00c25435
0x00c25439
0x00c2543c
0x00c25444
0x00c2544a
0x00c25452
0x00c2545f
0x00c25454
0x00c25458
0x00c25458
0x00c25461
0x00c25463
0x00c25467
0x00c2546a
0x00c25472
0x00c25478
0x00c25480
0x00c2548d
0x00c25482
0x00c25486
0x00c25486
0x00c2548f
0x00c25491
0x00c25495
0x00c25498
0x00c254a0
0x00c254a6
0x00c254aa
0x00c254b7
0x00c254ac
0x00c254b0
0x00c254b0
0x00c254bd
0x00c254c0
0x00c254c3
0x00c254cd
0x00c254d7

APIs

??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(00000007), ref: 00C253F9
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(00000008), ref: 00C2542A
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(00000009), ref: 00C25458
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(0000000A), ref: 00C25486
??0Cursor@vgui@@QAE@W4DefaultCursor@01@@Z.VGUI(0000000B), ref: 00C254B0

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Cursor@01@@Cursor@vgui@@Default
String ID:
API String ID: 683338753-0
Opcode ID: 80c3d1a561fbc5f04d85de10cace11d8e3637ef07833abd7d60f60c0ab9e3da7
Instruction ID: fad074141769d067fa69d260096703967a26dc60ddc65fd078ef296bb69bd3d2
Opcode Fuzzy Hash: 80c3d1a561fbc5f04d85de10cace11d8e3637ef07833abd7d60f60c0ab9e3da7
Instruction Fuzzy Hash: 6F81BEB0A00B548FD724EF6A988536BF6E1BB84300F140D2DE557C7BA1EBBAE5048B41

Uniqueness

Uniqueness Score: -1.00%

Function 00C3A260 Relevance: 7.7, APIs: 5, Instructions: 172
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00C3A260(intOrPtr* __ecx) {
				intOrPtr _t56;
				intOrPtr* _t57;
				intOrPtr* _t58;
				intOrPtr _t60;
				intOrPtr* _t61;
				intOrPtr* _t62;
				void* _t64;
				signed int _t69;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t78;
				signed int _t89;
				signed int _t90;
				void* _t106;
				void* _t111;
				signed int _t113;
				void* _t114;
				intOrPtr* _t118;
				signed int _t121;
				signed int _t122;
				signed int _t124;
				intOrPtr _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;
				void* _t132;
				void* _t134;

				_push(0xffffffff);
				_push(E00C4E337);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t125;
				_t75 =  *(_t125 + 0x20);
				_t121 =  *(_t125 + 0x20);
				_t118 = __ecx;
				_t56 = E00C328C0(__ecx,  *(_t125 + 0x20),  *((intOrPtr*)(_t125 + 0x14)), _t121,  *(_t125 + 0x20));
				_t111 = 0;
				_push(0xbc);
				 *_t118 = 0xc54114;
				 *((intOrPtr*)(_t118 + 0xbc)) = 0;
				L00C3E340();
				_t126 = _t125 + 4;
				 *((intOrPtr*)(_t126 + 0x2c)) = _t56;
				 *((intOrPtr*)(_t126 + 0x18)) = 0;
				if(_t56 == 0) {
					_t57 = 0;
					__eflags = 0;
				} else {
					_t121 = _t121 + 0xfffffff6;
					_t57 = E00C328C0(_t56, 5, 5, _t121, _t75 + 0xfffffff6);
				}
				 *((intOrPtr*)(_t118 + 0xc4)) = _t57;
				_t122 = _t121 | 0xffffffff;
				 *(_t126 + 0x1c) = _t122;
				_t58 =  *((intOrPtr*)( *_t57 + 0x40))(_t118);
				_push(0x38);
				L00C3E340();
				_t76 = _t58;
				_t127 = _t126 + 4;
				 *((intOrPtr*)(_t127 + 0x2c)) = _t76;
				_t136 = _t76 - _t111;
				 *(_t127 + 0x18) = 1;
				if(_t76 == _t111) {
					_t76 = 0;
					__eflags = 0;
				} else {
					E00C24420(_t76, _t136);
					 *_t76 = 0xc54394;
				}
				 *(_t127 + 0x1c) = _t122;
				_t60 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t118 + 0xc4)))) + 0xd4))(_t76);
				_push(0xbc);
				L00C3E340();
				_t128 = _t127 + 4;
				 *((intOrPtr*)(_t128 + 0x2c)) = _t60;
				 *((intOrPtr*)(_t128 + 0x18)) = 2;
				if(_t60 == _t111) {
					_t61 = 0;
					__eflags = 0;
				} else {
					_t61 = E00C328C0(_t60, 5, 5,  *((intOrPtr*)(_t128 + 0x28)), 5);
				}
				 *((intOrPtr*)(_t118 + 0xc0)) = _t61;
				 *(_t128 + 0x1c) = _t122;
				_t62 =  *((intOrPtr*)( *_t61 + 0x40))(_t118);
				_push(0x38);
				L00C3E340();
				_t77 = _t62;
				_t129 = _t128 + 4;
				 *((intOrPtr*)(_t129 + 0x28)) = _t77;
				_t138 = _t77 - _t111;
				 *((intOrPtr*)(_t129 + 0x18)) = 3;
				if(_t77 == _t111) {
					_t77 = 0;
					__eflags = 0;
				} else {
					E00C24420(_t77, _t138);
					 *_t77 = 0xc54324;
				}
				 *(_t129 + 0x1c) = _t122;
				_t64 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t118 + 0xc0)))) + 0xd4))(_t77);
				_push(0x10);
				 *(_t118 + 0xc8) = _t111;
				 *(_t118 + 0xcc) = _t111;
				L00C3E340();
				_t78 = _t64;
				_t130 = _t129 + 4;
				 *(_t130 + 0x2c) = _t78;
				 *((intOrPtr*)(_t130 + 0x18)) = 4;
				if(_t78 != _t111) {
					 *(_t78 + 4) = _t111;
					 *(_t78 + 8) = _t111;
					 *(_t78 + 0xc) = _t111;
					_t124 = 1;
					do {
						_t124 = _t124 + _t124;
					} while (_t124 < 4);
					_t113 = _t124 * 4;
					_push(_t113);
					L00C3E340();
					_t106 = _t64;
					_t132 = _t130 + 4;
					 *(_t132 + 0x28) = _t106;
					if(_t106 == 0) {
						E00C4292B(_t64);
					}
					_t89 = _t113;
					_t114 = _t106;
					_t90 = _t89 >> 2;
					memset(_t114 + _t90, memset(_t114, 0, _t90 << 2), (_t89 & 0x00000003) << 0);
					_t134 = _t132 + 0x18;
					_t69 = 0;
					 *(_t78 + 8) = _t124;
					if( *(_t78 + 4) > 0) {
						do {
							_t69 = _t69 + 1;
							 *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x28)) + _t69 * 4 - 4)) =  *((intOrPtr*)( *(_t78 + 0xc) + _t69 * 4 - 4));
						} while (_t69 <  *(_t78 + 4));
					}
					_push( *(_t78 + 0xc));
					L00C3E350();
					_t130 = _t134 + 4;
					 *(_t78 + 0xc) =  *(_t134 + 0x2c);
					 *_t78 = 0xc4fe44;
					_t111 = _t78;
				}
				 *(_t118 + 0xd0) = _t111;
				 *[fs:0x0] =  *((intOrPtr*)(_t130 + 0x10));
				return _t118;
			}

0x00c3a266
0x00c3a268
0x00c3a26d
0x00c3a272
0x00c3a27a
0x00c3a27f
0x00c3a285
0x00c3a291
0x00c3a296
0x00c3a298
0x00c3a29d
0x00c3a2a3
0x00c3a2a9
0x00c3a2ae
0x00c3a2b1
0x00c3a2b7
0x00c3a2bb
0x00c3a2d2
0x00c3a2d2
0x00c3a2bd
0x00c3a2c0
0x00c3a2cb
0x00c3a2cb
0x00c3a2d4
0x00c3a2dc
0x00c3a2e2
0x00c3a2e6
0x00c3a2e9
0x00c3a2eb
0x00c3a2f0
0x00c3a2f2
0x00c3a2f5
0x00c3a2f9
0x00c3a2fb
0x00c3a303
0x00c3a314
0x00c3a314
0x00c3a305
0x00c3a307
0x00c3a30c
0x00c3a30c
0x00c3a31d
0x00c3a323
0x00c3a329
0x00c3a32e
0x00c3a333
0x00c3a336
0x00c3a33c
0x00c3a344
0x00c3a35a
0x00c3a35a
0x00c3a346
0x00c3a353
0x00c3a353
0x00c3a35c
0x00c3a367
0x00c3a36b
0x00c3a36e
0x00c3a370
0x00c3a375
0x00c3a377
0x00c3a37a
0x00c3a37e
0x00c3a380
0x00c3a388
0x00c3a399
0x00c3a399
0x00c3a38a
0x00c3a38c
0x00c3a391
0x00c3a391
0x00c3a3a2
0x00c3a3a8
0x00c3a3ae
0x00c3a3b0
0x00c3a3b6
0x00c3a3bc
0x00c3a3c1
0x00c3a3c3
0x00c3a3c6
0x00c3a3cc
0x00c3a3d4
0x00c3a3da
0x00c3a3dd
0x00c3a3e0
0x00c3a3e3
0x00c3a3e8
0x00c3a3e8
0x00c3a3ea
0x00c3a3ef
0x00c3a3f6
0x00c3a3f7
0x00c3a3fc
0x00c3a3fe
0x00c3a403
0x00c3a407
0x00c3a40a
0x00c3a40a
0x00c3a40f
0x00c3a411
0x00c3a417
0x00c3a421
0x00c3a421
0x00c3a426
0x00c3a42a
0x00c3a42d
0x00c3a42f
0x00c3a432
0x00c3a43b
0x00c3a442
0x00c3a42f
0x00c3a449
0x00c3a44a
0x00c3a453
0x00c3a456
0x00c3a459
0x00c3a45f
0x00c3a45f
0x00c3a465
0x00c3a470
0x00c3a47b

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,?,?,?,?,?,00C4E337,000000FF), ref: 00C3A291

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000005,00000005,?,?), ref: 00C3A2CB

Part of subcall function 00C328C0: ??0Color@vgui@@QAE@XZ.VGUI(?,00000004), ref: 00C32A58
Part of subcall function 00C328C0: ??0Color@vgui@@QAE@XZ.VGUI(?,00000004), ref: 00C32A63
Part of subcall function 00C328C0: ?init@Panel@vgui@@AAEXHHHH@Z.VGUI(?,?,?,?,?,00000004), ref: 00C32A84

??0Border@vgui@@QAE@XZ.VGUI(?,?,?,?,?,?,?,?,000000FF), ref: 00C3A307
??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000005,00000005,?,00000005,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C3A353
??0Border@vgui@@QAE@XZ.VGUI(?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00C3A38C

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Panel@vgui@@$Border@vgui@@Color@vgui@@$?ensure?init@Capacity@?$Dar@Signal@vgui@@@vgui@@Tick
String ID:
API String ID: 2360991595-0
Opcode ID: 455a4b7418a3d913262e6b2fd034fcd163983957f67e3fc3d85f19a0ce8ee95b
Instruction ID: 5c3b4fea127fc2e2a69dbcab254c004d15f49e7f47df56fb1917e7155ed07c1a
Opcode Fuzzy Hash: 455a4b7418a3d913262e6b2fd034fcd163983957f67e3fc3d85f19a0ce8ee95b
Instruction Fuzzy Hash: 9751ADB06043008FD704DF69C885B2BB7E5BF88304F18492DE29A8B2A1DB759945CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00C492A8 Relevance: 7.6, APIs: 5, Instructions: 150
COMMON

Download Yara Rule

C-Code - Quality: 99%

			E00C492A8() {
				void** _v8;
				struct _STARTUPINFOA _v76;
				signed int* _t48;
				signed int _t50;
				long _t55;
				signed int _t57;
				signed int _t58;
				int _t59;
				signed char _t63;
				signed int _t65;
				void** _t67;
				int _t68;
				int _t69;
				signed int* _t70;
				int _t72;
				intOrPtr* _t73;
				signed int* _t75;
				void* _t76;
				void* _t84;
				void* _t87;
				int _t88;
				signed int* _t89;
				void** _t90;
				signed int _t91;
				int* _t92;

				_t89 = E00C43594(0x480);
				if(_t89 == 0) {
					E00C43C75(0x1b);
				}
				 *0xc70a80 = _t89;
				 *0xc70b80 = 0x20;
				_t1 =  &(_t89[0x120]); // 0x480
				_t48 = _t1;
				while(_t89 < _t48) {
					_t89[1] = _t89[1] & 0x00000000;
					 *_t89 =  *_t89 | 0xffffffff;
					_t89[2] = _t89[2] & 0x00000000;
					_t89[1] = 0xa;
					_t70 =  *0xc70a80; // 0xcd0d18
					_t89 =  &(_t89[9]);
					_t48 =  &(_t70[0x120]);
				}
				GetStartupInfoA( &_v76);
				__eflags = _v76.cbReserved2;
				if(_v76.cbReserved2 == 0) {
					L25:
					_t72 = 0;
					__eflags = 0;
					do {
						_t75 =  *0xc70a80; // 0xcd0d18
						_t50 = _t72 + _t72 * 8;
						__eflags = _t75[_t50] - 0xffffffff;
						_t90 =  &(_t75[_t50]);
						if(_t75[_t50] != 0xffffffff) {
							_t45 =  &(_t90[1]);
							 *_t45 = _t90[1] | 0x00000080;
							__eflags =  *_t45;
							goto L37;
						}
						__eflags = _t72;
						_t90[1] = 0x81;
						if(_t72 != 0) {
							asm("sbb eax, eax");
							_t55 =  ~(_t72 - 1) + 0xfffffff5;
							__eflags = _t55;
						} else {
							_t55 = 0xfffffff6;
						}
						_t87 = GetStdHandle(_t55);
						__eflags = _t87 - 0xffffffff;
						if(_t87 == 0xffffffff) {
							L33:
							_t90[1] = _t90[1] | 0x00000040;
						} else {
							_t57 = GetFileType(_t87);
							__eflags = _t57;
							if(_t57 == 0) {
								goto L33;
							}
							_t58 = _t57 & 0x000000ff;
							 *_t90 = _t87;
							__eflags = _t58 - 2;
							if(_t58 != 2) {
								__eflags = _t58 - 3;
								if(_t58 == 3) {
									_t90[1] = _t90[1] | 0x00000008;
								}
								goto L37;
							}
							goto L33;
						}
						L37:
						_t72 = _t72 + 1;
						__eflags = _t72 - 3;
					} while (_t72 < 3);
					return SetHandleCount( *0xc70b80);
				}
				_t59 = _v76.lpReserved2;
				__eflags = _t59;
				if(_t59 == 0) {
					goto L25;
				}
				_t88 =  *_t59;
				_t73 = _t59 + 4;
				_v8 = _t73 + _t88;
				__eflags = _t88 - 0x800;
				if(_t88 >= 0x800) {
					_t88 = 0x800;
				}
				__eflags =  *0xc70b80 - _t88; // 0x20
				if(__eflags >= 0) {
					L18:
					_t91 = 0;
					__eflags = _t88;
					if(_t88 <= 0) {
						goto L25;
					} else {
						goto L19;
					}
					do {
						L19:
						_t76 =  *_v8;
						__eflags = _t76 - 0xffffffff;
						if(_t76 == 0xffffffff) {
							goto L24;
						}
						_t63 =  *_t73;
						__eflags = _t63 & 0x00000001;
						if((_t63 & 0x00000001) == 0) {
							goto L24;
						}
						__eflags = _t63 & 0x00000008;
						if((_t63 & 0x00000008) != 0) {
							L23:
							_t65 = _t91 & 0x0000001f;
							__eflags = _t65;
							_t67 =  &(0xc70a80[_t91 >> 5][_t65 + _t65 * 8]);
							 *_t67 =  *_v8;
							_t67[1] =  *_t73;
							goto L24;
						}
						_t68 = GetFileType(_t76);
						__eflags = _t68;
						if(_t68 == 0) {
							goto L24;
						}
						goto L23;
						L24:
						_v8 =  &(_v8[1]);
						_t91 = _t91 + 1;
						_t73 = _t73 + 1;
						__eflags = _t91 - _t88;
					} while (_t91 < _t88);
					goto L25;
				} else {
					_t92 = 0xc70a84;
					while(1) {
						_t69 = E00C43594(0x480);
						__eflags = _t69;
						if(_t69 == 0) {
							break;
						}
						 *0xc70b80 =  *0xc70b80 + 0x20;
						__eflags =  *0xc70b80;
						 *_t92 = _t69;
						_t13 = _t69 + 0x480; // 0x480
						_t84 = _t13;
						while(1) {
							__eflags = _t69 - _t84;
							if(_t69 >= _t84) {
								break;
							}
							 *(_t69 + 4) =  *(_t69 + 4) & 0x00000000;
							 *_t69 =  *_t69 | 0xffffffff;
							 *(_t69 + 8) =  *(_t69 + 8) & 0x00000000;
							 *((char*)(_t69 + 5)) = 0xa;
							_t69 = _t69 + 0x24;
							_t84 =  *_t92 + 0x480;
						}
						_t92 =  &(_t92[1]);
						__eflags =  *0xc70b80 - _t88; // 0x20
						if(__eflags < 0) {
							continue;
						}
						goto L18;
					}
					_t88 =  *0xc70b80; // 0x20
					goto L18;
				}
			}

0x00c492bb
0x00c492c0
0x00c492c4
0x00c492c9
0x00c492ca
0x00c492d0
0x00c492da
0x00c492da
0x00c492e0
0x00c492e4
0x00c492e8
0x00c492eb
0x00c492ef
0x00c492f3
0x00c492f8
0x00c492fb
0x00c492fb
0x00c49306
0x00c4930c
0x00c49311
0x00c493e8
0x00c493e8
0x00c493e8
0x00c493ea
0x00c493ea
0x00c493f0
0x00c493f3
0x00c493f7
0x00c493fa
0x00c49449
0x00c49449
0x00c49449
0x00000000
0x00c49449
0x00c493fc
0x00c493fe
0x00c49402
0x00c4940e
0x00c49410
0x00c49410
0x00c49404
0x00c49406
0x00c49406
0x00c4941a
0x00c4941c
0x00c4941f
0x00c49438
0x00c49438
0x00c49421
0x00c49422
0x00c49428
0x00c4942a
0x00000000
0x00000000
0x00c4942c
0x00c49431
0x00c49433
0x00c49436
0x00c4943e
0x00c49441
0x00c49443
0x00c49443
0x00000000
0x00c49441
0x00000000
0x00c49436
0x00c4944d
0x00c4944d
0x00c4944e
0x00c4944e
0x00c49463
0x00c49463
0x00c49317
0x00c4931a
0x00c4931c
0x00000000
0x00000000
0x00c49322
0x00c49324
0x00c4932a
0x00c49332
0x00c49334
0x00c49336
0x00c49336
0x00c49338
0x00c4933e
0x00c49396
0x00c49396
0x00c49398
0x00c4939a
0x00000000
0x00000000
0x00000000
0x00000000
0x00c4939c
0x00c4939c
0x00c4939f
0x00c493a1
0x00c493a4
0x00000000
0x00000000
0x00c493a6
0x00c493a8
0x00c493aa
0x00000000
0x00000000
0x00c493ac
0x00c493ae
0x00c493bb
0x00c493c2
0x00c493c2
0x00c493cf
0x00c493d7
0x00c493db
0x00000000
0x00c493db
0x00c493b1
0x00c493b7
0x00c493b9
0x00000000
0x00000000
0x00000000
0x00c493de
0x00c493de
0x00c493e2
0x00c493e3
0x00c493e4
0x00c493e4
0x00000000
0x00c49340
0x00c49340
0x00c49345
0x00c4934a
0x00c4934f
0x00c49352
0x00000000
0x00000000
0x00c49354
0x00c49354
0x00c4935b
0x00c4935d
0x00c4935d
0x00c49363
0x00c49363
0x00c49365
0x00000000
0x00000000
0x00c49367
0x00c4936b
0x00c4936e
0x00c49372
0x00c49378
0x00c4937b
0x00c4937b
0x00c49383
0x00c49386
0x00c4938c
0x00000000
0x00000000
0x00000000
0x00c4938e
0x00c49390
0x00000000
0x00c49390

APIs

GetStartupInfoA.KERNEL32(?), ref: 00C49306
GetFileType.KERNEL32(00000480), ref: 00C493B1
GetStdHandle.KERNEL32(-000000F6), ref: 00C49414
GetFileType.KERNEL32(00000000), ref: 00C49422
SetHandleCount.KERNEL32 ref: 00C49459

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: FileHandleType$CountInfoStartup
String ID:
API String ID: 1710529072-0
Opcode ID: 1ac69f2fd776b91d36dbc6f205a0e21e7eb98231f76260719e187ec410870f71
Instruction ID: d412bd8fac9143d3d0f1c459e16dc0dcd2b66b34fbda6f19c719f9000769126a
Opcode Fuzzy Hash: 1ac69f2fd776b91d36dbc6f205a0e21e7eb98231f76260719e187ec410870f71
Instruction Fuzzy Hash: F8510175904221CFCB20CF68C898B6A7BE0FB12338F294669D5A6DB2F1D7309A46D750

Uniqueness

Uniqueness Score: -1.00%

Function 00CA35CD Relevance: 7.6, APIs: 5, Instructions: 150
COMMON

Download Yara Rule

C-Code - Quality: 99%

			E00CA35CD() {
				void** _v8;
				struct _STARTUPINFOA _v76;
				signed int* _t48;
				signed int _t50;
				long _t55;
				signed int _t57;
				signed int _t58;
				int _t59;
				signed char _t63;
				signed int _t65;
				void** _t67;
				int _t68;
				int _t69;
				signed int* _t70;
				int _t72;
				intOrPtr* _t73;
				signed int* _t75;
				void* _t76;
				void* _t84;
				void* _t87;
				int _t88;
				signed int* _t89;
				void** _t90;
				signed int _t91;
				int* _t92;

				_t89 = E00CA5A3E(0x480);
				if(_t89 == 0) {
					E00CA1B79(0x1b);
				}
				 *0xcb36a0 = _t89;
				 *0xcb37a0 = 0x20;
				_t1 =  &(_t89[0x120]); // 0x480
				_t48 = _t1;
				while(_t89 < _t48) {
					_t89[1] = _t89[1] & 0x00000000;
					 *_t89 =  *_t89 | 0xffffffff;
					_t89[2] = _t89[2] & 0x00000000;
					_t89[1] = 0xa;
					_t70 =  *0xcb36a0; // 0x13c0d18
					_t89 =  &(_t89[9]);
					_t48 =  &(_t70[0x120]);
				}
				GetStartupInfoA( &_v76);
				__eflags = _v76.cbReserved2;
				if(_v76.cbReserved2 == 0) {
					L25:
					_t72 = 0;
					__eflags = 0;
					do {
						_t75 =  *0xcb36a0; // 0x13c0d18
						_t50 = _t72 + _t72 * 8;
						__eflags = _t75[_t50] - 0xffffffff;
						_t90 =  &(_t75[_t50]);
						if(_t75[_t50] != 0xffffffff) {
							_t45 =  &(_t90[1]);
							 *_t45 = _t90[1] | 0x00000080;
							__eflags =  *_t45;
							goto L37;
						}
						__eflags = _t72;
						_t90[1] = 0x81;
						if(_t72 != 0) {
							asm("sbb eax, eax");
							_t55 =  ~(_t72 - 1) + 0xfffffff5;
							__eflags = _t55;
						} else {
							_t55 = 0xfffffff6;
						}
						_t87 = GetStdHandle(_t55);
						__eflags = _t87 - 0xffffffff;
						if(_t87 == 0xffffffff) {
							L33:
							_t90[1] = _t90[1] | 0x00000040;
						} else {
							_t57 = GetFileType(_t87);
							__eflags = _t57;
							if(_t57 == 0) {
								goto L33;
							}
							_t58 = _t57 & 0x000000ff;
							 *_t90 = _t87;
							__eflags = _t58 - 2;
							if(_t58 != 2) {
								__eflags = _t58 - 3;
								if(_t58 == 3) {
									_t90[1] = _t90[1] | 0x00000008;
								}
								goto L37;
							}
							goto L33;
						}
						L37:
						_t72 = _t72 + 1;
						__eflags = _t72 - 3;
					} while (_t72 < 3);
					return SetHandleCount( *0xcb37a0);
				}
				_t59 = _v76.lpReserved2;
				__eflags = _t59;
				if(_t59 == 0) {
					goto L25;
				}
				_t88 =  *_t59;
				_t73 = _t59 + 4;
				_v8 = _t73 + _t88;
				__eflags = _t88 - 0x800;
				if(_t88 >= 0x800) {
					_t88 = 0x800;
				}
				__eflags =  *0xcb37a0 - _t88; // 0x20
				if(__eflags >= 0) {
					L18:
					_t91 = 0;
					__eflags = _t88;
					if(_t88 <= 0) {
						goto L25;
					} else {
						goto L19;
					}
					do {
						L19:
						_t76 =  *_v8;
						__eflags = _t76 - 0xffffffff;
						if(_t76 == 0xffffffff) {
							goto L24;
						}
						_t63 =  *_t73;
						__eflags = _t63 & 0x00000001;
						if((_t63 & 0x00000001) == 0) {
							goto L24;
						}
						__eflags = _t63 & 0x00000008;
						if((_t63 & 0x00000008) != 0) {
							L23:
							_t65 = _t91 & 0x0000001f;
							__eflags = _t65;
							_t67 =  &(0xcb36a0[_t91 >> 5][_t65 + _t65 * 8]);
							 *_t67 =  *_v8;
							_t67[1] =  *_t73;
							goto L24;
						}
						_t68 = GetFileType(_t76);
						__eflags = _t68;
						if(_t68 == 0) {
							goto L24;
						}
						goto L23;
						L24:
						_v8 =  &(_v8[1]);
						_t91 = _t91 + 1;
						_t73 = _t73 + 1;
						__eflags = _t91 - _t88;
					} while (_t91 < _t88);
					goto L25;
				} else {
					_t92 = 0xcb36a4;
					while(1) {
						_t69 = E00CA5A3E(0x480);
						__eflags = _t69;
						if(_t69 == 0) {
							break;
						}
						 *0xcb37a0 =  *0xcb37a0 + 0x20;
						__eflags =  *0xcb37a0;
						 *_t92 = _t69;
						_t13 = _t69 + 0x480; // 0x480
						_t84 = _t13;
						while(1) {
							__eflags = _t69 - _t84;
							if(_t69 >= _t84) {
								break;
							}
							 *(_t69 + 4) =  *(_t69 + 4) & 0x00000000;
							 *_t69 =  *_t69 | 0xffffffff;
							 *(_t69 + 8) =  *(_t69 + 8) & 0x00000000;
							 *((char*)(_t69 + 5)) = 0xa;
							_t69 = _t69 + 0x24;
							_t84 =  *_t92 + 0x480;
						}
						_t92 =  &(_t92[1]);
						__eflags =  *0xcb37a0 - _t88; // 0x20
						if(__eflags < 0) {
							continue;
						}
						goto L18;
					}
					_t88 =  *0xcb37a0; // 0x20
					goto L18;
				}
			}

0x00ca35e0
0x00ca35e5
0x00ca35e9
0x00ca35ee
0x00ca35ef
0x00ca35f5
0x00ca35ff
0x00ca35ff
0x00ca3605
0x00ca3609
0x00ca360d
0x00ca3610
0x00ca3614
0x00ca3618
0x00ca361d
0x00ca3620
0x00ca3620
0x00ca362b
0x00ca3631
0x00ca3636
0x00ca370d
0x00ca370d
0x00ca370d
0x00ca370f
0x00ca370f
0x00ca3715
0x00ca3718
0x00ca371c
0x00ca371f
0x00ca376e
0x00ca376e
0x00ca376e
0x00000000
0x00ca376e
0x00ca3721
0x00ca3723
0x00ca3727
0x00ca3733
0x00ca3735
0x00ca3735
0x00ca3729
0x00ca372b
0x00ca372b
0x00ca373f
0x00ca3741
0x00ca3744
0x00ca375d
0x00ca375d
0x00ca3746
0x00ca3747
0x00ca374d
0x00ca374f
0x00000000
0x00000000
0x00ca3751
0x00ca3756
0x00ca3758
0x00ca375b
0x00ca3763
0x00ca3766
0x00ca3768
0x00ca3768
0x00000000
0x00ca3766
0x00000000
0x00ca375b
0x00ca3772
0x00ca3772
0x00ca3773
0x00ca3773
0x00ca3788
0x00ca3788
0x00ca363c
0x00ca363f
0x00ca3641
0x00000000
0x00000000
0x00ca3647
0x00ca3649
0x00ca364f
0x00ca3657
0x00ca3659
0x00ca365b
0x00ca365b
0x00ca365d
0x00ca3663
0x00ca36bb
0x00ca36bb
0x00ca36bd
0x00ca36bf
0x00000000
0x00000000
0x00000000
0x00000000
0x00ca36c1
0x00ca36c1
0x00ca36c4
0x00ca36c6
0x00ca36c9
0x00000000
0x00000000
0x00ca36cb
0x00ca36cd
0x00ca36cf
0x00000000
0x00000000
0x00ca36d1
0x00ca36d3
0x00ca36e0
0x00ca36e7
0x00ca36e7
0x00ca36f4
0x00ca36fc
0x00ca3700
0x00000000
0x00ca3700
0x00ca36d6
0x00ca36dc
0x00ca36de
0x00000000
0x00000000
0x00000000
0x00ca3703
0x00ca3703
0x00ca3707
0x00ca3708
0x00ca3709
0x00ca3709
0x00000000
0x00ca3665
0x00ca3665
0x00ca366a
0x00ca366f
0x00ca3674
0x00ca3677
0x00000000
0x00000000
0x00ca3679
0x00ca3679
0x00ca3680
0x00ca3682
0x00ca3682
0x00ca3688
0x00ca3688
0x00ca368a
0x00000000
0x00000000
0x00ca368c
0x00ca3690
0x00ca3693
0x00ca3697
0x00ca369d
0x00ca36a0
0x00ca36a0
0x00ca36a8
0x00ca36ab
0x00ca36b1
0x00000000
0x00000000
0x00000000
0x00ca36b3
0x00ca36b5
0x00000000
0x00ca36b5

APIs

GetStartupInfoA.KERNEL32(?), ref: 00CA362B
GetFileType.KERNEL32(00000480), ref: 00CA36D6
GetStdHandle.KERNEL32(-000000F6), ref: 00CA3739
GetFileType.KERNEL32(00000000), ref: 00CA3747
SetHandleCount.KERNEL32 ref: 00CA377E

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: FileHandleType$CountInfoStartup
String ID:
API String ID: 1710529072-0
Opcode ID: a085aa84ea135e1a3734adbd5a26f6f0c70c0cd8b7bbdcf94c4c96f699d23e10
Instruction ID: cbbebed8f369ee05dda35fa4cab373bfbd636f833264b96138f3e0bf3a554ed3
Opcode Fuzzy Hash: a085aa84ea135e1a3734adbd5a26f6f0c70c0cd8b7bbdcf94c4c96f699d23e10
Instruction Fuzzy Hash: 2851B2F19046829FD7208B28D9A87697BA0FB1332CF294668F562D72E1DB309B45D750

Uniqueness

Uniqueness Score: -1.00%

Function 00C382A0 Relevance: 7.6, APIs: 5, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00C382A0(void** __ecx, char _a4, void* _a8) {
				void* _v4;
				void* _v16;
				void* _v20;
				void* _t18;
				signed int _t21;
				void* _t23;
				signed int _t28;
				signed int _t33;
				signed int _t34;
				signed int _t39;
				signed int _t40;
				void* _t54;
				void** _t68;
				void* _t69;
				void* _t70;
				char _t71;
				void* _t74;
				intOrPtr _t76;

				_push(0xffffffff);
				_push(E00C4E228);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t76;
				_push(__ecx);
				_t74 = 0;
				_t68 = __ecx;
				_v16 = 0;
				_v4 = 0;
				_t28 = E00C38290(__ecx);
				_t18 = E00C38270(_a8);
				_t54 = _t18;
				_push(4);
				_v20 = _t54;
				L00C3E340();
				if(_t18 != 0) {
					_t18 = E00C381F0(_t18);
					_t74 = _t18;
				}
				_t6 = _t28 + 1; // 0x1
				_push(_t54 + _t6);
				L00C3E340();
				_t33 = _t28;
				 *_t74 = _t18;
				_t69 =  *_t68;
				_t34 = _t33 >> 2;
				memcpy(_t18, _t69, _t34 << 2);
				_t21 = memcpy(_t69 + _t34 + _t34, _t69, _t33 & 0x00000003);
				_t70 = _a8;
				_t39 = _t21;
				_t40 = _t39 >> 2;
				memcpy( *_t74 + _t28, _t70, _t40 << 2);
				_t23 = memcpy(_t70 + _t40 + _t40, _t70, _t39 & 0x00000003);
				_t71 = _a4;
				 *((char*)( *_t74 + _t23 + _t28)) = 0;
				E00C38260(E00C38250(_t71, _t74),  &_a4);
				 *[fs:0x0] = _v16;
				return _t71;
			}

0x00c382a0
0x00c382a2
0x00c382ad
0x00c382ae
0x00c382b5
0x00c382b8
0x00c382bc
0x00c382be
0x00c382c2
0x00c382cb
0x00c382d4
0x00c382d9
0x00c382db
0x00c382dd
0x00c382e1
0x00c382eb
0x00c382ef
0x00c382f4
0x00c382f4
0x00c382f6
0x00c382fa
0x00c382fb
0x00c38300
0x00c38302
0x00c38305
0x00c3830f
0x00c38312
0x00c3831c
0x00c38321
0x00c38325
0x00c3832c
0x00c3832f
0x00c38336
0x00c3833b
0x00c38341
0x00c38350
0x00c3835f
0x00c38369

APIs

?getCount@String@vgui@@QAEHXZ.VGUI(?,?,?,?,?,?,00C4E228,000000FF), ref: 00C382C6

Part of subcall function 00C38290: ?getCount@String@vgui@@AAEHPBD@Z.VGUI ref: 00C38293

?getCount@String@vgui@@AAEHPBD@Z.VGUI(?,?,?,?,?,?,?,00C4E228,000000FF), ref: 00C382D4
??0String@vgui@@QAE@XZ.VGUI ref: 00C382EF
??0String@vgui@@QAE@ABV01@@Z.VGUI(00000000), ref: 00C38347
??1String@vgui@@QAE@XZ.VGUI ref: 00C38350

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: String@vgui@@$?getCount@$V01@@
String ID:
API String ID: 3135861360-0
Opcode ID: 31282898d4b760112eafe14e8e9dc3d51ba0ba973387309492722197e7721211
Instruction ID: 38d979e6c916cf16f9fc98464319b9a70a025b3bb8c1fa968121723f0ab82b8f
Opcode Fuzzy Hash: 31282898d4b760112eafe14e8e9dc3d51ba0ba973387309492722197e7721211
Instruction Fuzzy Hash: 8B21BE727046045BCB18EF68981166FB7D5FB88720F48062CF90A97381DE76AD098B92

Uniqueness

Uniqueness Score: -1.00%

Function 00C310F0 Relevance: 7.6, APIs: 5, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00C310F0(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr _v20;
				void* _v24;
				void* _v32;
				intOrPtr _t15;
				void* _t16;
				intOrPtr _t17;
				void* _t18;
				intOrPtr* _t30;
				intOrPtr _t32;
				void* _t33;
				void* _t34;

				_push(0xffffffff);
				_push(E00C4DFE6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t32;
				_t30 = __ecx;
				_t15 = E00C328C0(__ecx, _a4, _a8, _a12, _a16);
				_push(0x38);
				 *_t30 = 0xc526b4;
				L00C3E340();
				_t33 = _t32 + 4;
				_v0 = _t15;
				_t36 = _t15;
				_v20 = 0;
				if(_t15 == 0) {
					_t16 = 0;
					__eflags = 0;
				} else {
					_t16 = E00C353D0(_t15, _t36);
				}
				_v4 = 0xffffffff;
				_t17 = E00C34180(_t30, _t16);
				_push(0xc);
				L00C3E340();
				_t34 = _t33 + 4;
				_a12 = _t17;
				 *((intOrPtr*)(_t34 + 0xc)) = 1;
				if(_t17 == 0) {
					_t18 = 0;
					__eflags = 0;
				} else {
					_t18 = E00C37F00(_t17, 1, 1);
				}
				_v4 = 0xffffffff;
				E00C33F60(_t18);
				 *[fs:0x0] =  *((intOrPtr*)(_t34 + 4));
				return _t30;
			}

0x00c310f6
0x00c310fc
0x00c31101
0x00c31106
0x00c3110e
0x00c3111e
0x00c31123
0x00c31125
0x00c3112b
0x00c31130
0x00c31133
0x00c31137
0x00c31139
0x00c31141
0x00c3114c
0x00c3114c
0x00c31143
0x00c31145
0x00c31145
0x00c31151
0x00c31159
0x00c3115e
0x00c31160
0x00c31165
0x00c31168
0x00c3116e
0x00c31176
0x00c31185
0x00c31185
0x00c31178
0x00c3117e
0x00c3117e
0x00c3118a
0x00c31192
0x00c3119d
0x00c311a8

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,?,?,00C4DFE6,000000FF), ref: 00C3111E

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

??0RaisedBorder@vgui@@QAE@XZ.VGUI(?,?,?,?,000000FF), ref: 00C31145

Part of subcall function 00C353D0: ??0Border@vgui@@QAE@XZ.VGUI(00000000,00C3AEC8,?,?,?,?,?,?,?,00000000), ref: 00C353D3
Part of subcall function 00C353D0: ?setInset@Border@vgui@@UAEXHHHH@Z.VGUI(00000002,00000002,00000002,00000002,00000000,00C3AEC8,?,?,?,?,?,?,?,00000000), ref: 00C353E8

?setBorder@Panel@vgui@@UAEXPAVBorder@2@@Z.VGUI(00000000,?,?,?,?,000000FF), ref: 00C31159
??0StackLayout@vgui@@QAE@H_N@Z.VGUI(00000001,00000001,?,?,?,?,?,000000FF), ref: 00C3117E
?setLayout@Panel@vgui@@UAEXPAVLayout@2@@Z.VGUI(00000000,?,?,?,?,?,000000FF), ref: 00C31192

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ?setBorder@vgui@@Panel@vgui@@$?ensureBorder@Border@2@@Capacity@?$Dar@Inset@Layout@Layout@2@@Layout@vgui@@RaisedSignal@vgui@@@vgui@@StackTick
String ID:
API String ID: 4087693374-0
Opcode ID: b58d54ee75d0d4ab4bc7927a4de78a7ab20094edd016a8c4dedf842cf8aaec38
Instruction ID: 3eb882f97eeabe81eeeee728eb34e8e50e8f2daac70479535645befe9a933c6d
Opcode Fuzzy Hash: b58d54ee75d0d4ab4bc7927a4de78a7ab20094edd016a8c4dedf842cf8aaec38
Instruction Fuzzy Hash: D21151B1728741AFD754EF688811BAF77E8BB88B10F044B2DB5A5C32C1DBB4D9048B52

Uniqueness

Uniqueness Score: -1.00%

Function 00C311B0 Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00C311B0(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				void* _v12;
				intOrPtr _v20;
				void* _v24;
				void* _v32;
				intOrPtr _t12;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				intOrPtr* _t26;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_push(0xffffffff);
				_push(E00C4E006);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t28;
				_t26 = __ecx;
				_t12 = E00C328C0(__ecx, 0, 0, _a4, _a8);
				_push(0x38);
				 *_t26 = 0xc526b4;
				L00C3E340();
				_t29 = _t28 + 4;
				_v8 = _t12;
				_t32 = _t12;
				_v20 = 0;
				if(_t12 == 0) {
					_t13 = 0;
					__eflags = 0;
				} else {
					_t13 = E00C353D0(_t12, _t32);
				}
				 *((intOrPtr*)(_t29 + 0x10)) = 0xffffffff;
				_t14 = E00C34180(_t26, _t13);
				_push(0xc);
				L00C3E340();
				_t30 = _t29 + 4;
				_a4 = _t14;
				_v8 = 1;
				if(_t14 == 0) {
					_t15 = 0;
					__eflags = 0;
				} else {
					_t15 = E00C37F00(_t14, 1, 1);
				}
				 *((intOrPtr*)(_t30 + 0x10)) = 0xffffffff;
				E00C33F60(_t15);
				 *[fs:0x0] =  *((intOrPtr*)(_t30 + 4));
				return _t26;
			}

0x00c311b6
0x00c311b8
0x00c311bd
0x00c311c2
0x00c311ca
0x00c311d8
0x00c311dd
0x00c311df
0x00c311e5
0x00c311ea
0x00c311ed
0x00c311f1
0x00c311f3
0x00c311fb
0x00c31206
0x00c31206
0x00c311fd
0x00c311ff
0x00c311ff
0x00c3120b
0x00c31213
0x00c31218
0x00c3121a
0x00c3121f
0x00c31222
0x00c31228
0x00c31230
0x00c3123f
0x00c3123f
0x00c31232
0x00c31238
0x00c31238
0x00c31244
0x00c3124c
0x00c31257
0x00c31262

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,?,?,?,?,00C4E006,000000FF), ref: 00C311D8

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

??0RaisedBorder@vgui@@QAE@XZ.VGUI(?,?,?,?,000000FF), ref: 00C311FF

Part of subcall function 00C353D0: ??0Border@vgui@@QAE@XZ.VGUI(00000000,00C3AEC8,?,?,?,?,?,?,?,00000000), ref: 00C353D3
Part of subcall function 00C353D0: ?setInset@Border@vgui@@UAEXHHHH@Z.VGUI(00000002,00000002,00000002,00000002,00000000,00C3AEC8,?,?,?,?,?,?,?,00000000), ref: 00C353E8

?setBorder@Panel@vgui@@UAEXPAVBorder@2@@Z.VGUI(00000000,?,?,?,?,000000FF), ref: 00C31213
??0StackLayout@vgui@@QAE@H_N@Z.VGUI(00000001,00000001,?,?,?,?,?,000000FF), ref: 00C31238
?setLayout@Panel@vgui@@UAEXPAVLayout@2@@Z.VGUI(00000000,?,?,?,?,?,000000FF), ref: 00C3124C

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ?setBorder@vgui@@Panel@vgui@@$?ensureBorder@Border@2@@Capacity@?$Dar@Inset@Layout@Layout@2@@Layout@vgui@@RaisedSignal@vgui@@@vgui@@StackTick
String ID:
API String ID: 4087693374-0
Opcode ID: 93b113a01ce0ac7501315f7bd9f072b2ad415d7fa99883ebe82957c016255622
Instruction ID: a880a1deecaa5ef14ec56432b8c19e3397378834c32277e4643a568d3be6df2e
Opcode Fuzzy Hash: 93b113a01ce0ac7501315f7bd9f072b2ad415d7fa99883ebe82957c016255622
Instruction Fuzzy Hash: 9D11E1B1728741AFE754EF289812B6B76D8AB44B10F140B2DB865D73C0EBB5D9048B93

Uniqueness

Uniqueness Score: -1.00%

Function 00C29B20 Relevance: 7.6, APIs: 5, Instructions: 54
windowCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00C29B20(intOrPtr* __ecx) {
				intOrPtr* _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				intOrPtr* _t14;
				intOrPtr* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				E00C328C0(__ecx, 0, 0, 0x20, 0x32);
				_t32 = _v8;
				 *_t33 = 0xc50c94;
				 *((intOrPtr*)(_t33 + 0xbc)) = 0;
				 *((intOrPtr*)(_t33 + 0xc0)) = _v12;
				_t14 = E00C29E10(_t32);
				if(_t32 != 0) {
					 *((intOrPtr*)( *_t32 + 8))(_t34 + 0x10, _t34 + 0xc);
					_t14 = E00C32AC0(_t33,  *((intOrPtr*)(_t34 + 0x10)),  *((intOrPtr*)(_t34 + 0xc)));
				}
				_push(0x1c);
				L00C3E340();
				if(_t14 == 0) {
					E00C25A70(_t33, 0);
					return _t33;
				} else {
					 *_t14 = 0xc510e8;
					 *((intOrPtr*)(_t14 + 4)) = _t33;
					 *((char*)(_t14 + 8)) = 0;
					E00C25A70(_t33, _t14);
					return _t33;
				}
			}

0x00c29b2a
0x00c29b2c
0x00c29b31
0x00c29b3c
0x00c29b42
0x00c29b4c
0x00c29b52
0x00c29b59
0x00c29b69
0x00c29b78
0x00c29b78
0x00c29b7d
0x00c29b7f
0x00c29b89
0x00c29bac
0x00c29bb5
0x00c29b8b
0x00c29b8e
0x00c29b94
0x00c29b97
0x00c29b9b
0x00c29ba4
0x00c29ba4

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,00000020,00000032), ref: 00C29B2C

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

?setImage@DesktopIcon@vgui@@UAEXPAVImage@2@@Z.VGUI ref: 00C29B52
?setSize@Panel@vgui@@UAEXHH@Z.VGUI(?,?), ref: 00C29B78
?addInputSignal@Panel@vgui@@UAEXPAVInputSignal@2@@Z.VGUI ref: 00C29B9B
?addInputSignal@Panel@vgui@@UAEXPAVInputSignal@2@@Z.VGUI(00000000), ref: 00C29BAC

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: InputPanel@vgui@@$?add?setSignal@Signal@2@@$?ensureCapacity@?$Dar@DesktopIcon@vgui@@Image@Image@2@@Signal@vgui@@@vgui@@Size@Tick
String ID:
API String ID: 2857691582-0
Opcode ID: 1a492c13e2a4a8e6cbaa680a855d9c62bfd2597a4e50e457dcd6d334425c355f
Instruction ID: 02d3be5fb9c2ba5ea3eb9b6fc074cab1b4df5f755eee1dc4a847d4ea2e026037
Opcode Fuzzy Hash: 1a492c13e2a4a8e6cbaa680a855d9c62bfd2597a4e50e457dcd6d334425c355f
Instruction Fuzzy Hash: 08115B71304320AFD650EB289845F6BB7E9EBC4B50F04891EF559CB281DB70E808DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00C351B0 Relevance: 7.6, APIs: 5, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00C351B0(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr* _v4;
				intOrPtr _v16;
				intOrPtr _v28;
				intOrPtr* _t15;
				intOrPtr* _t31;
				intOrPtr* _t34;
				intOrPtr _t36;

				_push(0xffffffff);
				_push(E00C4E08B);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t36;
				_t31 = __ecx;
				E00C3DA50(__ecx, _a4, _a8, _a12, _a16, _a20);
				 *_t31 = 0xc5343c;
				_t15 = E00C2FB60(_t31, 5);
				_push(0x28);
				L00C3E340();
				_t34 = _t15;
				_v4 = _t34;
				_t40 = _t34;
				_v28 = 0;
				if(_t34 == 0) {
					_t34 = 0;
					__eflags = 0;
				} else {
					E00C2E470(_t34, _t40);
					 *_t34 = 0xc536a4;
					 *((intOrPtr*)(_t34 + 0x24)) = _t31;
					E00C2E4D0(_t34, 0x14, 0x14);
				}
				_v4 = 0xffffffff;
				E00C2F630(_t31, _t34);
				 *[fs:0x0] = _v16;
				return _t31;
			}

0x00c351b6
0x00c351b8
0x00c351c1
0x00c351c6
0x00c351cf
0x00c351e4
0x00c351ed
0x00c351f3
0x00c351f8
0x00c351fa
0x00c351ff
0x00c35204
0x00c35208
0x00c3520a
0x00c35212
0x00c35231
0x00c35231
0x00c35214
0x00c35216
0x00c35221
0x00c35227
0x00c3522a
0x00c3522a
0x00c35236
0x00c3523e
0x00c3524a
0x00c35255

APIs

??0ToggleButton@vgui@@QAE@PBDHHHH@Z.VGUI(?,?,?,?,?,?,?,?,00C4E08B,000000FF), ref: 00C351E4

Part of subcall function 00C3DA50: ??0Button@vgui@@QAE@PBDHHHH@Z.VGUI(?,?,?,?,?,?,00C27729,?,?,?,?,?,?,?,?,00C4DC9B), ref: 00C3DA6E
Part of subcall function 00C3DA50: ?setButtonController@Button@vgui@@MAEXPAVButtonController@2@@Z.VGUI(00000000), ref: 00C3DAA1

?setTextAlignment@Label@vgui@@UAEXW4Alignment@12@@Z.VGUI(00000005,?,?,?,?,?,?,?,?,00C4E08B,000000FF), ref: 00C351F3
??0Image@vgui@@QAE@XZ.VGUI(?,?,?,?,?,000000FF), ref: 00C35216

Part of subcall function 00C2E470: ??0Color@vgui@@QAE@XZ.VGUI(00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E476
Part of subcall function 00C2E470: ?setPos@Panel@vgui@@UAEXHH@Z.VGUI(00000000,00000000,00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E48E
Part of subcall function 00C2E470: ?setSize@Image@vgui@@MAEXHH@Z.VGUI(00000000,00000000,00000000,00000000,00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E499
Part of subcall function 00C2E470: ??0Color@vgui@@QAE@HHHH@Z.VGUI(000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C2E4B4
Part of subcall function 00C2E470: ?setColor@Image@vgui@@UAEXVColor@2@@Z.VGUI(000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C2E4BB

?setSize@Image@vgui@@MAEXHH@Z.VGUI(00000014,00000014,?,?,?,?,?,000000FF), ref: 00C3522A
?setImage@Label@vgui@@UAEXPAVImage@2@@Z.VGUI(00000000,?,?,?,?,?,000000FF), ref: 00C3523E

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ?set$Image@vgui@@$Button@vgui@@$ButtonColor@vgui@@Label@vgui@@Size@$Alignment@Alignment@12@@Color@Color@2@@Controller@Controller@2@@Image@Image@2@@Panel@vgui@@Pos@TextToggle
String ID:
API String ID: 2016977631-0
Opcode ID: 75bf7c432ceed352c8dcea7954a794c0e83cf8e6cb9c981f0ccaa06acf01ed52
Instruction ID: ab667671f040a52e89655d088ff20ac780f33f159c8f0819ae80ce817a73500e
Opcode Fuzzy Hash: 75bf7c432ceed352c8dcea7954a794c0e83cf8e6cb9c981f0ccaa06acf01ed52
Instruction Fuzzy Hash: 0611C2B1704750ABC214DF499801F2BB7E9BBC8B20F040A1DF586A77D0CBB49901DBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00C276F0 Relevance: 7.6, APIs: 5, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00C276F0(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr* _v4;
				intOrPtr _v16;
				intOrPtr _v28;
				intOrPtr* _t15;
				intOrPtr* _t31;
				intOrPtr* _t34;
				intOrPtr _t36;

				_push(0xffffffff);
				_push(E00C4DC9B);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t36;
				_t31 = __ecx;
				E00C3DA50(__ecx, _a4, _a8, _a12, _a16, _a20);
				 *_t31 = 0xc50314;
				_t15 = E00C2FB60(_t31, 5);
				_push(0x28);
				L00C3E340();
				_t34 = _t15;
				_v4 = _t34;
				_t40 = _t34;
				_v28 = 0;
				if(_t34 == 0) {
					_t34 = 0;
					__eflags = 0;
				} else {
					E00C2E470(_t34, _t40);
					 *_t34 = 0xc5057c;
					 *((intOrPtr*)(_t34 + 0x24)) = _t31;
					E00C2E4D0(_t34, 0x14, 0x14);
				}
				_v4 = 0xffffffff;
				E00C2F630(_t31, _t34);
				 *[fs:0x0] = _v16;
				return _t31;
			}

0x00c276f6
0x00c276f8
0x00c27701
0x00c27706
0x00c2770f
0x00c27724
0x00c2772d
0x00c27733
0x00c27738
0x00c2773a
0x00c2773f
0x00c27744
0x00c27748
0x00c2774a
0x00c27752
0x00c27771
0x00c27771
0x00c27754
0x00c27756
0x00c27761
0x00c27767
0x00c2776a
0x00c2776a
0x00c27776
0x00c2777e
0x00c2778a
0x00c27795

APIs

??0ToggleButton@vgui@@QAE@PBDHHHH@Z.VGUI(?,?,?,?,?,?,?,?,00C4DC9B,000000FF), ref: 00C27724

Part of subcall function 00C3DA50: ??0Button@vgui@@QAE@PBDHHHH@Z.VGUI(?,?,?,?,?,?,00C27729,?,?,?,?,?,?,?,?,00C4DC9B), ref: 00C3DA6E
Part of subcall function 00C3DA50: ?setButtonController@Button@vgui@@MAEXPAVButtonController@2@@Z.VGUI(00000000), ref: 00C3DAA1

?setTextAlignment@Label@vgui@@UAEXW4Alignment@12@@Z.VGUI(00000005,?,?,?,?,?,?,?,?,00C4DC9B,000000FF), ref: 00C27733
??0Image@vgui@@QAE@XZ.VGUI(?,?,?,?,?,000000FF), ref: 00C27756

Part of subcall function 00C2E470: ??0Color@vgui@@QAE@XZ.VGUI(00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E476
Part of subcall function 00C2E470: ?setPos@Panel@vgui@@UAEXHH@Z.VGUI(00000000,00000000,00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E48E
Part of subcall function 00C2E470: ?setSize@Image@vgui@@MAEXHH@Z.VGUI(00000000,00000000,00000000,00000000,00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E499
Part of subcall function 00C2E470: ??0Color@vgui@@QAE@HHHH@Z.VGUI(000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C2E4B4
Part of subcall function 00C2E470: ?setColor@Image@vgui@@UAEXVColor@2@@Z.VGUI(000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C2E4BB

?setSize@Image@vgui@@MAEXHH@Z.VGUI(00000014,00000014,?,?,?,?,?,000000FF), ref: 00C2776A
?setImage@Label@vgui@@UAEXPAVImage@2@@Z.VGUI(00000000,?,?,?,?,?,000000FF), ref: 00C2777E

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ?set$Image@vgui@@$Button@vgui@@$ButtonColor@vgui@@Label@vgui@@Size@$Alignment@Alignment@12@@Color@Color@2@@Controller@Controller@2@@Image@Image@2@@Panel@vgui@@Pos@TextToggle
String ID:
API String ID: 2016977631-0
Opcode ID: b0f93573ece4e024538f83b77718e7755125ba5af9d0b0bfd4a896954c0229fe
Instruction ID: 876e0f22bed610826a5392d033580011ed7096ec978664d25e73d494779e5a7c
Opcode Fuzzy Hash: b0f93573ece4e024538f83b77718e7755125ba5af9d0b0bfd4a896954c0229fe
Instruction Fuzzy Hash: FB11C2B1708350ABC214DF099841B2BB7E9BBC8F20F040A1DF586977D0CBB49801DBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00C3C970 Relevance: 7.5, APIs: 5, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00C3C970(intOrPtr* __ecx, void* __eflags, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr* _t26;

				_t26 = __ecx;
				E00C328C0(__ecx, _a12, _a16, _a20, _a24);
				 *_t26 = 0xc548a4;
				 *((intOrPtr*)(_t26 + 0xdc)) = 0;
				 *((intOrPtr*)(_t26 + 0xe0)) = 0;
				 *((intOrPtr*)(_t26 + 0xe4)) = 0;
				E00C3CB90(_t26, 0, 0);
				_push(0);
				_push(0xff);
				_push(0xff);
				_push(0xff);
				E00C34580();
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				E00C34570();
				E00C3CA00(_t26, _v52, _v48);
				return _t26;
			}

0x00c3c979
0x00c3c989
0x00c3c994
0x00c3c99a
0x00c3c9a4
0x00c3c9ae
0x00c3c9b8
0x00c3c9bd
0x00c3c9bf
0x00c3c9c4
0x00c3c9c9
0x00c3c9d0
0x00c3c9d5
0x00c3c9d7
0x00c3c9d9
0x00c3c9db
0x00c3c9df
0x00c3c9f0
0x00c3c9f8

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?), ref: 00C3C989

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

?setXY@TextGrid@vgui@@UAEXHH@Z.VGUI ref: 00C3C9B8
?setBgColor@Panel@vgui@@UAEXHHHH@Z.VGUI(000000FF,000000FF,000000FF,00000000), ref: 00C3C9D0
?setFgColor@Panel@vgui@@UAEXHHHH@Z.VGUI(00000000,00000000,00000000,00000000,000000FF,000000FF,000000FF,00000000), ref: 00C3C9DF
?setGridSize@TextGrid@vgui@@UAEXHH@Z.VGUI(?,?,00000000,00000000,00000000,00000000,000000FF,000000FF,000000FF,00000000), ref: 00C3C9F0

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ?set$Panel@vgui@@$Color@Grid@vgui@@Text$?ensureCapacity@?$Dar@GridSignal@vgui@@@vgui@@Size@Tick
String ID:
API String ID: 707049858-0
Opcode ID: 6c1a71a43fb75dda5852aaa7eb19a52838ade2de1b0d30ea704d1d656a4d8d9d
Instruction ID: 22252ae469543a64006298dc429a496adc655df84a76f0549a3855eabbbb6ec3
Opcode Fuzzy Hash: 6c1a71a43fb75dda5852aaa7eb19a52838ade2de1b0d30ea704d1d656a4d8d9d
Instruction Fuzzy Hash: 150131713547526BE624EB14CC52F6FB6D59F84F40F10481DF246AB2C1CBF0B8459BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00C44731 Relevance: 7.5, APIs: 5, Instructions: 38
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C44731() {
				void _t10;
				long _t15;
				void* _t16;

				_t15 = GetLastError();
				_t16 = TlsGetValue( *0xc6c220);
				if(_t16 == 0) {
					_t16 = E00C49E75(1, 0x74);
					if(_t16 == 0 || TlsSetValue( *0xc6c220, _t16) == 0) {
						E00C43C75(0x10);
					} else {
						E00C4471E(_t16);
						_t10 = GetCurrentThreadId();
						 *(_t16 + 4) =  *(_t16 + 4) | 0xffffffff;
						 *_t16 = _t10;
					}
				}
				SetLastError(_t15);
				return _t16;
			}

0x00c4473f
0x00c44747
0x00c4474b
0x00c44756
0x00c4475c
0x00c44786
0x00c4476f
0x00c44770
0x00c44776
0x00c4477c
0x00c44780
0x00c44780
0x00c4475c
0x00c4478d
0x00c44797

APIs

GetLastError.KERNEL32(00000001,?,00C47FDC,00C45A45,00000000,00C45061,?,?,00000001,?,?,00000000,?,00C457EC,?,00000000), ref: 00C44733
TlsGetValue.KERNEL32(?,00C457EC,?,00000000,?,00C45264,00C4333C,?,00C4333C), ref: 00C44741
SetLastError.KERNEL32(00000000,?,00C457EC,?,00000000,?,00C45264,00C4333C,?,00C4333C), ref: 00C4478D

Part of subcall function 00C49E75: HeapAlloc.KERNEL32(00000008,00000000,00000000,00000000,?,00C4333C,?,00C4333C), ref: 00C49F6B

TlsSetValue.KERNEL32(00000000,?,00C457EC,?,00000000,?,00C45264,00C4333C,?,00C4333C), ref: 00C44765
GetCurrentThreadId.KERNEL32 ref: 00C44776

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ErrorLastValue$AllocCurrentHeapThread
String ID:
API String ID: 2020098873-0
Opcode ID: 242e79f4d608b39b5bd2ef59b2f724b9384d194f0a40fbd55f94cdd342ca1c57
Instruction ID: 6cadd9ea0b1e848b60ea383497f516f8ca10fbe3a957717b7da42ab24fef4606
Opcode Fuzzy Hash: 242e79f4d608b39b5bd2ef59b2f724b9384d194f0a40fbd55f94cdd342ca1c57
Instruction Fuzzy Hash: C2F09036900222ABD6352BB1BC4D72E3B64BB47771B200229F966D62A1DF648803D6A0

Uniqueness

Uniqueness Score: -1.00%

Function 00CA34C6 Relevance: 7.5, APIs: 5, Instructions: 38
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CA34C6() {
				void _t10;
				long _t15;
				void* _t16;

				_t15 = GetLastError();
				_t16 = TlsGetValue( *0xcac500);
				if(_t16 == 0) {
					_t16 = E00CA5775(1, 0x74);
					if(_t16 == 0 || TlsSetValue( *0xcac500, _t16) == 0) {
						E00CA1B79(0x10);
					} else {
						E00CA34B3(_t16);
						_t10 = GetCurrentThreadId();
						 *(_t16 + 4) =  *(_t16 + 4) | 0xffffffff;
						 *_t16 = _t10;
					}
				}
				SetLastError(_t15);
				return _t16;
			}

0x00ca34d4
0x00ca34dc
0x00ca34e0
0x00ca34eb
0x00ca34f1
0x00ca351b
0x00ca3504
0x00ca3505
0x00ca350b
0x00ca3511
0x00ca3515
0x00ca3515
0x00ca34f1
0x00ca3522
0x00ca352c

APIs

GetLastError.KERNEL32(?,?,00CA21C1,00CA2146,?,00CA19FB,00000000), ref: 00CA34C8
TlsGetValue.KERNEL32(?,?,00CA21C1,00CA2146,?,00CA19FB,00000000), ref: 00CA34D6
SetLastError.KERNEL32(00000000,?,?,00CA21C1,00CA2146,?,00CA19FB,00000000), ref: 00CA3522

Part of subcall function 00CA5775: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,?,?,00CA21C1,00CA2146,?,00CA19FB,00000000), ref: 00CA586B

TlsSetValue.KERNEL32(00000000,?,?,00CA21C1,00CA2146,?,00CA19FB,00000000), ref: 00CA34FA
GetCurrentThreadId.KERNEL32 ref: 00CA350B

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: ErrorLastValue$AllocCurrentHeapThread
String ID:
API String ID: 2020098873-0
Opcode ID: b80cedc0c03fdbd41c30ff91b060da1298e33d3fe17fc66c73eb8b871bc5afe9
Instruction ID: 419d26de91ff39c9cf4c2394c66820ba248a637bba9b8317f2df3304d73860ce
Opcode Fuzzy Hash: b80cedc0c03fdbd41c30ff91b060da1298e33d3fe17fc66c73eb8b871bc5afe9
Instruction Fuzzy Hash: FBF0F0369007139FC7312B74BC19B5F3B50EB03779B000214F866D72A1DB208E4096A0

Uniqueness

Uniqueness Score: -1.00%

Function 00C43CD1 Relevance: 7.5, APIs: 5, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C43CD1() {
				struct _CRITICAL_SECTION* _t1;
				struct _CRITICAL_SECTION** _t4;

				_t4 = 0xc6c144;
				do {
					_t1 =  *_t4;
					if(_t1 != 0 && _t4 != 0xc6c188 && _t4 != 0xc6c178 && _t4 != 0xc6c168 && _t4 != 0xc6c148) {
						DeleteCriticalSection(_t1);
						_t1 = E00C434AB( *_t4);
					}
					_t4 =  &(_t4[1]);
				} while (_t4 < 0xc6c204);
				DeleteCriticalSection( *0xc6c168);
				DeleteCriticalSection( *0xc6c178);
				DeleteCriticalSection( *0xc6c188);
				DeleteCriticalSection( *0xc6c148);
				return _t1;
			}

0x00c43cd9
0x00c43cde
0x00c43cde
0x00c43ce2
0x00c43d05
0x00c43d09
0x00c43d0e
0x00c43d0f
0x00c43d12
0x00c43d20
0x00c43d28
0x00c43d30
0x00c43d38
0x00c43d3c

APIs

DeleteCriticalSection.KERNEL32(00000000,?,?,00C44705,00C43BBF,00C43C18,?,?,?), ref: 00C43D05

Part of subcall function 00C434AB: HeapFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,?,00C4366B,00000009,?,00000000,00000000,00000000,00000000), ref: 00C4357F

DeleteCriticalSection.KERNEL32(?,?,00C44705,00C43BBF,00C43C18,?,?,?), ref: 00C43D20
DeleteCriticalSection.KERNEL32 ref: 00C43D28
DeleteCriticalSection.KERNEL32 ref: 00C43D30
DeleteCriticalSection.KERNEL32 ref: 00C43D38

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: CriticalDeleteSection$FreeHeap
String ID:
API String ID: 447823528-0
Opcode ID: 3a334d456c65cae6083a6c177af786a9ed5103eae7e219fcfdc680a0214c35e3
Instruction ID: a336eaf073a2b1270fadae57d3b73f1d3af8f3ebad697d146f5743b40b26fae5
Opcode Fuzzy Hash: 3a334d456c65cae6083a6c177af786a9ed5103eae7e219fcfdc680a0214c35e3
Instruction Fuzzy Hash: 3AF01965D040D457EF75373FDCC49AE7E35AAC37543168037D8E5A2031C9154E91D990

Uniqueness

Uniqueness Score: -1.00%

Function 00CA595C Relevance: 7.5, APIs: 5, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CA595C() {
				struct _CRITICAL_SECTION* _t1;
				struct _CRITICAL_SECTION** _t4;

				_t4 = 0xcac930;
				do {
					_t1 =  *_t4;
					if(_t1 != 0 && _t4 != 0xcac974 && _t4 != 0xcac964 && _t4 != 0xcac954 && _t4 != 0xcac934) {
						DeleteCriticalSection(_t1);
						_t1 = E00CA2DC0( *_t4);
					}
					_t4 =  &(_t4[1]);
				} while (_t4 < 0xcac9f0);
				DeleteCriticalSection( *0xcac954);
				DeleteCriticalSection( *0xcac964);
				DeleteCriticalSection( *0xcac974);
				DeleteCriticalSection( *0xcac934);
				return _t1;
			}

0x00ca5964
0x00ca5969
0x00ca5969
0x00ca596d
0x00ca5990
0x00ca5994
0x00ca5999
0x00ca599a
0x00ca599d
0x00ca59ab
0x00ca59b3
0x00ca59bb
0x00ca59c3
0x00ca59c7

APIs

DeleteCriticalSection.KERNEL32(00000000,?,?,00CA349A,00CA1AC3,00CA1B1C,?,?,?), ref: 00CA5990

Part of subcall function 00CA2DC0: HeapFree.KERNEL32(00000000,00000000,00000000,?,00000000,?,00CA582B,00000009,00000000,00000000,?,?,00CA21C1,00CA2146,?,00CA19FB), ref: 00CA2E94

DeleteCriticalSection.KERNEL32(?,?,00CA349A,00CA1AC3,00CA1B1C,?,?,?), ref: 00CA59AB
DeleteCriticalSection.KERNEL32 ref: 00CA59B3
DeleteCriticalSection.KERNEL32 ref: 00CA59BB
DeleteCriticalSection.KERNEL32 ref: 00CA59C3

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: CriticalDeleteSection$FreeHeap
String ID:
API String ID: 447823528-0
Opcode ID: f3d5c45ba81009c5a006e510f0e5cc0f13d8565e6aaa63224038e2d8b5e40125
Instruction ID: b37567c849e890361fd926417391390459883d8e7268533ce73b2db65af0b53d
Opcode Fuzzy Hash: f3d5c45ba81009c5a006e510f0e5cc0f13d8565e6aaa63224038e2d8b5e40125
Instruction Fuzzy Hash: 31F012A2C01517D6CE35377DECC9BEF6A55DBC332C30B5035D868671318E124D5699D1

Uniqueness

Uniqueness Score: -1.00%

Function 00C2E470 Relevance: 7.5, APIs: 5, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00C2E470(intOrPtr* __ecx, void* __eflags) {
				intOrPtr* _t15;
				void* _t16;

				_t15 = __ecx;
				_t1 = _t15 + 0x18; // 0x18
				E00C27980(_t1);
				 *__ecx = 0xc4f60c;
				 *((intOrPtr*)(__ecx + 0x14)) = 0;
				E00C32AA0(__ecx, 0, 0);
				E00C2E4D0(__ecx, 0, 0);
				E00C27990(_t16 - 0xc, __eflags, 0xff, 0xff, 0xff, 0);
				E00C2E6E0(_t15);
				return _t15;
			}

0x00c2e471
0x00c2e473
0x00c2e476
0x00c2e481
0x00c2e487
0x00c2e48e
0x00c2e499
0x00c2e4b4
0x00c2e4bb
0x00c2e4c3

APIs

??0Color@vgui@@QAE@XZ.VGUI(00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E476

Part of subcall function 00C27980: ?init@Color@vgui@@EAEXXZ.VGUI(00C2E47B,00000000,00C23848,00000000,00C40568,00000000), ref: 00C27986

?setPos@Panel@vgui@@UAEXHH@Z.VGUI(00000000,00000000,00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E48E
?setSize@Image@vgui@@MAEXHH@Z.VGUI(00000000,00000000,00000000,00000000,00000000,00C23848,00000000,00C40568,00000000), ref: 00C2E499
??0Color@vgui@@QAE@HHHH@Z.VGUI(000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C2E4B4

Part of subcall function 00C27990: ?init@Color@vgui@@EAEXXZ.VGUI(00000000,00C2E4B9,000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C27999
Part of subcall function 00C27990: ?setColor@Color@vgui@@UAEXHHHH@Z.VGUI(000000FF,000000FF,000000FF,00C2E4B9,00000000,00C2E4B9,000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C279B4

?setColor@Image@vgui@@UAEXVColor@2@@Z.VGUI(000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C2E4BB

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Color@vgui@@$?set$?init@Color@Image@vgui@@$Color@2@@Panel@vgui@@Pos@Size@
String ID:
API String ID: 2638904513-0
Opcode ID: 566605a321da9658d4fb7d561e178f2ed1c713c4b169db2514c40fe0fb129e2a
Instruction ID: 7375ec5367389d5c96e7ad7e3e96d75089809830fc9157ae6277e7a3229b149b
Opcode Fuzzy Hash: 566605a321da9658d4fb7d561e178f2ed1c713c4b169db2514c40fe0fb129e2a
Instruction Fuzzy Hash: EFE04F7038032226E5347A14AC13B6972914F40F00F10063DF2426EAC2CDD0294563C9

Uniqueness

Uniqueness Score: -1.00%

Function 00C420E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C420E0(intOrPtr __ecx, intOrPtr _a4, signed int _a12, signed int _a16) {
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				short _v26;
				short _v28;
				signed int _v32;
				signed int _v36;
				struct tagBITMAPINFO _v40;
				intOrPtr _v44;
				void* _t43;
				int _t45;
				signed int _t48;
				char* _t54;
				void** _t57;
				intOrPtr _t63;
				char _t69;
				intOrPtr _t73;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t80;

				_t73 = _a4;
				_v44 = __ecx;
				_t78 = E00C42200(_t73);
				if(_t78 != 0) {
					L3:
					_t43 =  *(_t78 + 4);
					if(_t43 != 0) {
						DeleteObject(_t43);
					}
					_t80 = _a12;
					_t45 = memset( &_v40, 0, 0xa << 2);
					_t76 = _a16;
					_t13 = _t78 + 0x10; // 0x10
					_t57 = _t13;
					_v40.bmiHeader = 0x28;
					_v36 = _t80;
					_v32 =  ~_t76;
					_v28 = 1;
					_v26 = 0x20;
					_v24 = _t45;
					 *(_t78 + 8) = _t80;
					 *(_t78 + 0xc) = _t76;
					_t48 = CreateDIBSection( *( *((intOrPtr*)(_v44 + 0x24)) + 4),  &_v40, _t45, _t57, _t45, _t45);
					 *(_t78 + 4) = _t48;
					if(_t76 > 0) {
						_v12 = _t76;
						_t63 = _v16 + 1;
						_v20 = _t63;
						do {
							if(_t80 > 0) {
								_t78 = (_t78 | 0xffffffff) - _v16;
								_t77 = _t80;
								do {
									_t69 =  *((intOrPtr*)(_t63 + 1));
									_t54 =  *_t57 + _t78 + _t63;
									_t63 = _t63 + 4;
									_t77 = _t77 - 1;
									 *_t54 = _t69;
									 *((char*)(_t54 + 1)) =  *((intOrPtr*)(_t63 - 4));
									 *((char*)(_t54 + 2)) =  *((intOrPtr*)(_t63 - 5));
									 *((char*)(_t54 + 3)) =  *((intOrPtr*)(_t63 - 2));
								} while (_t77 != 0);
							}
							_t63 = _v20 + _t80 * 4;
							_t48 = _v12 - 1;
							_v20 = _t63;
							_v12 = _t48;
						} while (_t48 != 0);
					}
				} else {
					_t48 =  *0xc7045c; // 0x0
					if(_t48 < 0x80) {
						 *0xc7045c = _t48 + 1;
						_t78 = 0xc6f608 + (_t48 + _t48 * 4) * 4;
						 *_t78 = _t73;
						goto L3;
					}
				}
				return _t48;
			}

0x00c420e7
0x00c420eb
0x00c420f5
0x00c420fc
0x00c42120
0x00c42120
0x00c42125
0x00c42128
0x00c42128
0x00c42139
0x00c4213d
0x00c4213f
0x00c42149
0x00c42149
0x00c42150
0x00c42158
0x00c4215c
0x00c42160
0x00c42167
0x00c4216e
0x00c42173
0x00c42176
0x00c42186
0x00c4218e
0x00c42191
0x00c42197
0x00c4219b
0x00c4219c
0x00c421a0
0x00c421a2
0x00c421ab
0x00c421ad
0x00c421af
0x00c421b1
0x00c421b6
0x00c421b8
0x00c421bb
0x00c421bc
0x00c421c1
0x00c421c7
0x00c421cd
0x00c421cd
0x00c421af
0x00c421dd
0x00c421e3
0x00c421e4
0x00c421e8
0x00c421e8
0x00c421a0
0x00c420fe
0x00c420fe
0x00c42108
0x00c42112
0x00c42117
0x00c4211e
0x00000000
0x00c4211e
0x00c42108
0x00c421f5

APIs

DeleteObject.GDI32(?), ref: 00C42128
CreateDIBSection.GDI32(?,?,00000000,00000010), ref: 00C42186

Strings

, xrefs: 00C42167
(, xrefs: 00C42150

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: CreateDeleteObjectSection
String ID: $(
API String ID: 2173382960-55695022
Opcode ID: b2d7a4200e0efea9800e0e9f3b94cb5a9dbc50e02c27e4a313cb3c1b8759a27e
Instruction ID: 8cf3d87645d936c5786f768e2578db3a7a09ea44af321220a48b9a6f66ae880d
Opcode Fuzzy Hash: b2d7a4200e0efea9800e0e9f3b94cb5a9dbc50e02c27e4a313cb3c1b8759a27e
Instruction Fuzzy Hash: 633145755083408FC320CF29C881A6AFBF5FF9A314F144A5DEA9997321D772E909CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00C44B22 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E00C44B22() {
				signed int _v12;
				signed long long _v20;
				signed long long _v28;
				void* _t10;
				struct HINSTANCE__* _t19;

				_t19 = GetModuleHandleA("KERNEL32");
				if(_t19 == 0) {
					L6:
					_v12 =  *0xc55458;
					_v20 =  *0xc55450;
					asm("fsubr qword [ebp-0x10]");
					_v28 = _v20 / _v12 * _v12;
					asm("fcomp qword [0xc55360]");
					asm("fnstsw ax");
					asm("sahf");
					if(_t19 <= 0) {
						return 0;
					} else {
						_t10 = 1;
						return _t10;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}

0x00c44b2d
0x00c44b2f
0x00c44b46
0x00c44af0
0x00c44af9
0x00c44b05
0x00c44b08
0x00c44b0e
0x00c44b14
0x00c44b16
0x00c44b17
0x00c44b21
0x00c44b19
0x00c44b1b
0x00c44b1d
0x00c44b1d
0x00c44b31
0x00c44b37
0x00c44b3f
0x00000000
0x00c44b41
0x00c44b41
0x00c44b45
0x00c44b45
0x00c44b3f

APIs

GetModuleHandleA.KERNEL32(KERNEL32,00C432C9), ref: 00C44B27
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00C44B37

Strings

IsProcessorFeaturePresent, xrefs: 00C44B31
KERNEL32, xrefs: 00C44B22

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: 779a68a78965af63a02fe7ce05318065e1d3e435a7b4f2a55d3fbab9f44c520c
Instruction ID: 592dd0511cc2dc22481c809c904d42a903b250f8ee40c4500257d867650cc784
Opcode Fuzzy Hash: 779a68a78965af63a02fe7ce05318065e1d3e435a7b4f2a55d3fbab9f44c520c
Instruction Fuzzy Hash: 65C0123C780A0466DA241BA11C1AF2A2008BB84B83F244028B82AD20C0CF54C2819828

Uniqueness

Uniqueness Score: -1.00%

Function 00CA1BFC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E00CA1BFC() {
				signed int _v12;
				signed long long _v20;
				signed long long _v28;
				void* _t10;
				struct HINSTANCE__* _t19;

				_t19 = GetModuleHandleA("KERNEL32");
				if(_t19 == 0) {
					L6:
					_v12 =  *0xcab138;
					_v20 =  *0xcab130;
					asm("fsubr qword [ebp-0x10]");
					_v28 = _v20 / _v12 * _v12;
					asm("fcomp qword [0xcab120]");
					asm("fnstsw ax");
					asm("sahf");
					if(_t19 <= 0) {
						return 0;
					} else {
						_t10 = 1;
						return _t10;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}

0x00ca1c07
0x00ca1c09
0x00ca1c20
0x00ca1bca
0x00ca1bd3
0x00ca1bdf
0x00ca1be2
0x00ca1be8
0x00ca1bee
0x00ca1bf0
0x00ca1bf1
0x00ca1bfb
0x00ca1bf3
0x00ca1bf5
0x00ca1bf7
0x00ca1bf7
0x00ca1c0b
0x00ca1c11
0x00ca1c19
0x00000000
0x00ca1c1b
0x00ca1c1b
0x00ca1c1f
0x00ca1c1f
0x00ca1c19

APIs

GetModuleHandleA.KERNEL32(KERNEL32,00CA1568), ref: 00CA1C01
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00CA1C11

Strings

IsProcessorFeaturePresent, xrefs: 00CA1C0B
KERNEL32, xrefs: 00CA1BFC

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: 0dd8d5e544d398d2e7d722a21adde8488e6556e718aa3cbc218c562f3098e432
Instruction ID: 98c24a43e728b95daaff44d5f7ff4f859905d37d06dffa10d359b72b4041d45e
Opcode Fuzzy Hash: 0dd8d5e544d398d2e7d722a21adde8488e6556e718aa3cbc218c562f3098e432
Instruction Fuzzy Hash: 4CC012B038520363DB202BA22E1DB1E62289F07B8EF080820BA26D2092EB50DA009024

Uniqueness

Uniqueness Score: -1.00%

Function 00C4D7A1 Relevance: 6.5, APIs: 5, Instructions: 278
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00C4D7A1(void* _a4, long _a8) {
				signed int _v8;
				intOrPtr _v20;
				long _v36;
				void* _v40;
				intOrPtr _v44;
				char _v48;
				long _v52;
				long _v56;
				char _v60;
				intOrPtr _t56;
				void* _t57;
				long _t58;
				long _t59;
				long _t63;
				long _t66;
				long _t68;
				long _t71;
				long _t72;
				long _t74;
				long _t78;
				intOrPtr _t80;
				void* _t83;
				long _t85;
				long _t88;
				void* _t89;
				long _t91;
				intOrPtr _t93;
				void* _t97;
				void* _t104;
				long _t113;
				long _t116;
				intOrPtr _t122;
				void* _t123;

				_push(0xffffffff);
				_push(0xc55b10);
				_push(E00C449C0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t122;
				_t123 = _t122 - 0x28;
				_t97 = _a4;
				_t113 = 0;
				if(_t97 != 0) {
					_t116 = _a8;
					__eflags = _t116;
					if(_t116 != 0) {
						_t56 =  *0xc70ba4; // 0x1
						__eflags = _t56 - 3;
						if(_t56 != 3) {
							__eflags = _t56 - 2;
							if(_t56 != 2) {
								while(1) {
									_t57 = 0;
									__eflags = _t116 - 0xffffffe0;
									if(_t116 <= 0xffffffe0) {
										__eflags = _t116 - _t113;
										if(_t116 == _t113) {
											_t116 = 1;
										}
										_t116 = _t116 + 0x0000000f & 0xfffffff0;
										__eflags = _t116;
										_t57 = HeapReAlloc( *0xc70ba0, _t113, _t97, _t116);
									}
									__eflags = _t57 - _t113;
									if(_t57 != _t113) {
										goto L64;
									}
									__eflags =  *0xc70550 - _t113; // 0x0
									if(__eflags == 0) {
										goto L64;
									}
									_t58 = E00C47D87(_t116);
									__eflags = _t58;
									if(_t58 != 0) {
										continue;
									}
									goto L63;
								}
								goto L64;
							}
							__eflags = _t116 - 0xffffffe0;
							if(_t116 <= 0xffffffe0) {
								__eflags = _t116;
								if(_t116 <= 0) {
									_t116 = 0x10;
								} else {
									_t116 = _t116 + 0x0000000f & 0xfffffff0;
								}
								_a8 = _t116;
							}
							while(1) {
								_v40 = _t113;
								__eflags = _t116 - 0xffffffe0;
								if(_t116 <= 0xffffffe0) {
									E00C43D3D(9);
									_pop(_t104);
									_v8 = 1;
									_t63 = E00C47916(_t97,  &_v60,  &_v48);
									_t123 = _t123 + 0xc;
									_t113 = _t63;
									_v52 = _t113;
									__eflags = _t113;
									if(_t113 == 0) {
										_v40 = HeapReAlloc( *0xc70ba0, 0, _t97, _t116);
									} else {
										__eflags = _t116 -  *0xc6e614; // 0x1e0
										if(__eflags < 0) {
											_t100 = _t116 >> 4;
											_t71 = E00C47CDE(_t104, _v60, _v48, _t113, _t116 >> 4);
											_t123 = _t123 + 0x10;
											__eflags = _t71;
											if(_t71 == 0) {
												_t72 = E00C479B2(_t104, _t100);
												_v40 = _t72;
												__eflags = _t72;
												if(_t72 != 0) {
													_t74 = ( *_t113 & 0x000000ff) << 4;
													_v56 = _t74;
													__eflags = _t74 - _t116;
													if(_t74 >= _t116) {
														_t74 = _t116;
													}
													E00C45D20(_v40, _a4, _t74);
													E00C4796D(_v60, _v48, _t113);
													_t123 = _t123 + 0x18;
												}
											} else {
												_v40 = _a4;
											}
											_t97 = _a4;
										}
										__eflags = _v40;
										if(_v40 == 0) {
											_t66 = HeapAlloc( *0xc70ba0, 0, _t116);
											_v40 = _t66;
											__eflags = _t66;
											if(_t66 != 0) {
												_t68 = ( *_t113 & 0x000000ff) << 4;
												_v56 = _t68;
												__eflags = _t68 - _t116;
												if(_t68 >= _t116) {
													_t68 = _t116;
												}
												E00C45D20(_v40, _t97, _t68);
												E00C4796D(_v60, _v48, _t113);
												_t123 = _t123 + 0x18;
											}
										}
									}
									_t51 =  &_v8;
									 *_t51 = _v8 | 0xffffffff;
									__eflags =  *_t51;
									E00C4DA7A();
								}
								_t57 = _v40;
								__eflags = _t57 - _t113;
								if(_t57 != _t113) {
									goto L64;
								}
								__eflags =  *0xc70550 - _t113; // 0x0
								if(__eflags == 0) {
									goto L64;
								}
								_t59 = E00C47D87(_t116);
								__eflags = _t59;
								if(_t59 != 0) {
									continue;
								}
								goto L63;
							}
							goto L64;
						} else {
							goto L5;
						}
						do {
							L5:
							_v40 = _t113;
							__eflags = _t116 - 0xffffffe0;
							if(_t116 > 0xffffffe0) {
								L25:
								_t57 = _v40;
								__eflags = _t57 - _t113;
								if(_t57 != _t113) {
									goto L64;
								}
								__eflags =  *0xc70550 - _t113; // 0x0
								if(__eflags == 0) {
									goto L64;
								}
								goto L27;
							}
							E00C43D3D(9);
							_v8 = _t113;
							_t80 = E00C46BBB(_t97);
							_v44 = _t80;
							__eflags = _t80 - _t113;
							if(_t80 == _t113) {
								L21:
								_v8 = _v8 | 0xffffffff;
								E00C4D92C();
								__eflags = _v44 - _t113;
								if(_v44 == _t113) {
									__eflags = _t116 - _t113;
									if(_t116 == _t113) {
										_t116 = 1;
									}
									_t116 = _t116 + 0x0000000f & 0xfffffff0;
									__eflags = _t116;
									_a8 = _t116;
									_v40 = HeapReAlloc( *0xc70ba0, _t113, _t97, _t116);
								}
								goto L25;
							}
							__eflags = _t116 -  *0xc70b9c; // 0x0
							if(__eflags <= 0) {
								_push(_t116);
								_push(_t97);
								_push(_t80);
								_t88 = E00C473C4();
								_t123 = _t123 + 0xc;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(_t116);
									_t89 = E00C46F0F();
									_v40 = _t89;
									__eflags = _t89 - _t113;
									if(_t89 != _t113) {
										_t91 =  *((intOrPtr*)(_t97 - 4)) - 1;
										_v36 = _t91;
										__eflags = _t91 - _t116;
										if(_t91 >= _t116) {
											_t91 = _t116;
										}
										E00C45D20(_v40, _t97, _t91);
										_t93 = E00C46BBB(_t97);
										_v44 = _t93;
										_push(_t97);
										_push(_t93);
										E00C46BE6();
										_t123 = _t123 + 0x18;
									}
								} else {
									_v40 = _t97;
								}
							}
							__eflags = _v40 - _t113;
							if(_v40 == _t113) {
								__eflags = _t116 - _t113;
								if(_t116 == _t113) {
									_t116 = 1;
									_a8 = _t116;
								}
								_t116 = _t116 + 0x0000000f & 0xfffffff0;
								_a8 = _t116;
								_t83 = HeapAlloc( *0xc70ba0, _t113, _t116);
								_v40 = _t83;
								__eflags = _t83 - _t113;
								if(_t83 != _t113) {
									_t85 =  *((intOrPtr*)(_t97 - 4)) - 1;
									_v36 = _t85;
									__eflags = _t85 - _t116;
									if(_t85 >= _t116) {
										_t85 = _t116;
									}
									E00C45D20(_v40, _t97, _t85);
									_push(_t97);
									_push(_v44);
									E00C46BE6();
									_t123 = _t123 + 0x14;
								}
							}
							goto L21;
							L27:
							_t78 = E00C47D87(_t116);
							__eflags = _t78;
						} while (_t78 != 0);
						goto L63;
					} else {
						E00C434AB(_t97);
						L63:
						_t57 = 0;
						__eflags = 0;
						goto L64;
					}
				} else {
					_t57 = E00C43594(_a8);
					L64:
					 *[fs:0x0] = _v20;
					return _t57;
				}
			}

0x00c4d7a4
0x00c4d7a6
0x00c4d7ab
0x00c4d7b6
0x00c4d7b7
0x00c4d7be
0x00c4d7c4
0x00c4d7c7
0x00c4d7cb
0x00c4d7db
0x00c4d7de
0x00c4d7e0
0x00c4d7ee
0x00c4d7f3
0x00c4d7f6
0x00c4d935
0x00c4d938
0x00c4da85
0x00c4da85
0x00c4da87
0x00c4da8a
0x00c4da8c
0x00c4da8e
0x00c4da92
0x00c4da92
0x00c4da96
0x00c4da96
0x00c4daa2
0x00c4daa2
0x00c4daa8
0x00c4daaa
0x00000000
0x00000000
0x00c4daac
0x00c4dab2
0x00000000
0x00000000
0x00c4dab5
0x00c4dabb
0x00c4dabd
0x00000000
0x00000000
0x00000000
0x00c4dabd
0x00000000
0x00c4da85
0x00c4d93e
0x00c4d941
0x00c4d943
0x00c4d945
0x00c4d951
0x00c4d947
0x00c4d94a
0x00c4d94a
0x00c4d952
0x00c4d952
0x00c4d955
0x00c4d955
0x00c4d958
0x00c4d95b
0x00c4d963
0x00c4d968
0x00c4d969
0x00c4d979
0x00c4d97e
0x00c4d981
0x00c4d983
0x00c4d986
0x00c4d988
0x00c4da48
0x00c4d98e
0x00c4d98e
0x00c4d994
0x00c4d998
0x00c4d9a3
0x00c4d9a8
0x00c4d9ab
0x00c4d9ad
0x00c4d9b8
0x00c4d9be
0x00c4d9c1
0x00c4d9c3
0x00c4d9c8
0x00c4d9cb
0x00c4d9ce
0x00c4d9d0
0x00c4d9d2
0x00c4d9d2
0x00c4d9db
0x00c4d9e7
0x00c4d9ec
0x00c4d9ec
0x00c4d9af
0x00c4d9b2
0x00c4d9b2
0x00c4d9ef
0x00c4d9ef
0x00c4d9f2
0x00c4d9f6
0x00c4da01
0x00c4da07
0x00c4da0a
0x00c4da0c
0x00c4da11
0x00c4da14
0x00c4da17
0x00c4da19
0x00c4da1b
0x00c4da1b
0x00c4da22
0x00c4da2e
0x00c4da33
0x00c4da33
0x00c4da0c
0x00c4d9f6
0x00c4da4b
0x00c4da4b
0x00c4da4b
0x00c4da4f
0x00c4da4f
0x00c4da54
0x00c4da57
0x00c4da59
0x00000000
0x00000000
0x00c4da5b
0x00c4da61
0x00000000
0x00000000
0x00c4da64
0x00c4da6a
0x00c4da6c
0x00000000
0x00000000
0x00000000
0x00c4da72
0x00000000
0x00000000
0x00000000
0x00000000
0x00c4d7fc
0x00c4d7fc
0x00c4d7fc
0x00c4d7ff
0x00c4d802
0x00c4d8f9
0x00c4d8f9
0x00c4d8fc
0x00c4d8fe
0x00000000
0x00000000
0x00c4d904
0x00c4d90a
0x00000000
0x00000000
0x00000000
0x00c4d90a
0x00c4d80a
0x00c4d810
0x00c4d814
0x00c4d81a
0x00c4d81d
0x00c4d81f
0x00c4d8c9
0x00c4d8c9
0x00c4d8cd
0x00c4d8d2
0x00c4d8d5
0x00c4d8d7
0x00c4d8d9
0x00c4d8dd
0x00c4d8dd
0x00c4d8e1
0x00c4d8e1
0x00c4d8e4
0x00c4d8f6
0x00c4d8f6
0x00000000
0x00c4d8d5
0x00c4d825
0x00c4d82b
0x00c4d82d
0x00c4d82e
0x00c4d82f
0x00c4d830
0x00c4d835
0x00c4d838
0x00c4d83a
0x00c4d841
0x00c4d842
0x00c4d848
0x00c4d84b
0x00c4d84d
0x00c4d852
0x00c4d853
0x00c4d856
0x00c4d858
0x00c4d85a
0x00c4d85a
0x00c4d861
0x00c4d867
0x00c4d86c
0x00c4d86f
0x00c4d870
0x00c4d871
0x00c4d876
0x00c4d876
0x00c4d83c
0x00c4d83c
0x00c4d83c
0x00c4d83a
0x00c4d879
0x00c4d87c
0x00c4d87e
0x00c4d880
0x00c4d884
0x00c4d885
0x00c4d885
0x00c4d88b
0x00c4d88e
0x00c4d899
0x00c4d89f
0x00c4d8a2
0x00c4d8a4
0x00c4d8a9
0x00c4d8aa
0x00c4d8ad
0x00c4d8af
0x00c4d8b1
0x00c4d8b1
0x00c4d8b8
0x00c4d8bd
0x00c4d8be
0x00c4d8c1
0x00c4d8c6
0x00c4d8c6
0x00c4d8a4
0x00000000
0x00c4d910
0x00c4d911
0x00c4d917
0x00c4d917
0x00000000
0x00c4d7e2
0x00c4d7e3
0x00c4dabf
0x00c4dabf
0x00c4dabf
0x00000000
0x00c4dabf
0x00c4d7cd
0x00c4d7d0
0x00c4dac1
0x00c4dac4
0x00c4dacf
0x00c4dacf

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5c10ad6b6b56c3fd93f494f9b6bc659dbfbb02053a4e874a8e2c0ecf662ca53
Instruction ID: 428560e0a2325b6d63f52ceee6cb2b979b1cbbecb04727b51d83a9c93156130e
Opcode Fuzzy Hash: a5c10ad6b6b56c3fd93f494f9b6bc659dbfbb02053a4e874a8e2c0ecf662ca53
Instruction Fuzzy Hash: 6E910271D05614ABCF21BF68DC44BEE7BB8FB45760F240226F866E6191D7318E40EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CA9EDF Relevance: 6.5, APIs: 5, Instructions: 278
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E00CA9EDF(void* _a4, long _a8) {
				signed int _v8;
				intOrPtr _v20;
				long _v36;
				void* _v40;
				intOrPtr _v44;
				char _v48;
				long _v52;
				long _v56;
				char _v60;
				void* __ebx;
				intOrPtr _t56;
				void* _t57;
				long _t58;
				long _t59;
				long _t63;
				long _t66;
				long _t68;
				long _t71;
				long _t72;
				long _t74;
				long _t78;
				intOrPtr _t80;
				void* _t83;
				long _t85;
				long _t88;
				void* _t89;
				long _t91;
				intOrPtr _t93;
				void* _t97;
				void* _t104;
				long _t113;
				long _t116;
				intOrPtr _t122;
				void* _t123;

				_push(0xffffffff);
				_push(0xcab770);
				_push(E00CA6E84);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t122;
				_t123 = _t122 - 0x28;
				_t97 = _a4;
				_t113 = 0;
				if(_t97 != 0) {
					_t116 = _a8;
					__eflags = _t116;
					if(_t116 != 0) {
						_t56 =  *0xcb3688; // 0x1
						__eflags = _t56 - 3;
						if(_t56 != 3) {
							__eflags = _t56 - 2;
							if(_t56 != 2) {
								while(1) {
									_t57 = 0;
									__eflags = _t116 - 0xffffffe0;
									if(_t116 <= 0xffffffe0) {
										__eflags = _t116 - _t113;
										if(_t116 == _t113) {
											_t116 = 1;
										}
										_t116 = _t116 + 0x0000000f & 0xfffffff0;
										__eflags = _t116;
										_t57 = HeapReAlloc( *0xcb3684, _t113, _t97, _t116);
									}
									__eflags = _t57 - _t113;
									if(_t57 != _t113) {
										goto L64;
									}
									__eflags =  *0xcb33b4 - _t113; // 0x0
									if(__eflags == 0) {
										goto L64;
									}
									_t58 = E00CA8F51(_t116);
									__eflags = _t58;
									if(_t58 != 0) {
										continue;
									}
									goto L63;
								}
								goto L64;
							}
							__eflags = _t116 - 0xffffffe0;
							if(_t116 <= 0xffffffe0) {
								__eflags = _t116;
								if(_t116 <= 0) {
									_t116 = 0x10;
								} else {
									_t116 = _t116 + 0x0000000f & 0xfffffff0;
								}
								_a8 = _t116;
							}
							while(1) {
								_v40 = _t113;
								__eflags = _t116 - 0xffffffe0;
								if(_t116 <= 0xffffffe0) {
									E00CA59C8(9);
									_pop(_t104);
									_v8 = 1;
									_t63 = E00CA691B(_t97,  &_v60,  &_v48);
									_t123 = _t123 + 0xc;
									_t113 = _t63;
									_v52 = _t113;
									__eflags = _t113;
									if(_t113 == 0) {
										_v40 = HeapReAlloc( *0xcb3684, 0, _t97, _t116);
									} else {
										__eflags = _t116 -  *0xcaea14; // 0x1e0
										if(__eflags < 0) {
											_t100 = _t116 >> 4;
											_t71 = E00CA6CE3(_t104, _v60, _v48, _t113, _t116 >> 4);
											_t123 = _t123 + 0x10;
											__eflags = _t71;
											if(_t71 == 0) {
												_t72 = E00CA69B7(_t104, _t100);
												_v40 = _t72;
												__eflags = _t72;
												if(_t72 != 0) {
													_t74 = ( *_t113 & 0x000000ff) << 4;
													_v56 = _t74;
													__eflags = _t74 - _t116;
													if(_t74 >= _t116) {
														_t74 = _t116;
													}
													E00CA79A0(_t100, _v40, _a4, _t74);
													E00CA6972(_v60, _v48, _t113);
													_t123 = _t123 + 0x18;
												}
											} else {
												_v40 = _a4;
											}
											_t97 = _a4;
										}
										__eflags = _v40;
										if(_v40 == 0) {
											_t66 = HeapAlloc( *0xcb3684, 0, _t116);
											_v40 = _t66;
											__eflags = _t66;
											if(_t66 != 0) {
												_t68 = ( *_t113 & 0x000000ff) << 4;
												_v56 = _t68;
												__eflags = _t68 - _t116;
												if(_t68 >= _t116) {
													_t68 = _t116;
												}
												E00CA79A0(_t97, _v40, _t97, _t68);
												E00CA6972(_v60, _v48, _t113);
												_t123 = _t123 + 0x18;
											}
										}
									}
									_t51 =  &_v8;
									 *_t51 = _v8 | 0xffffffff;
									__eflags =  *_t51;
									E00CAA1B8();
								}
								_t57 = _v40;
								__eflags = _t57 - _t113;
								if(_t57 != _t113) {
									goto L64;
								}
								__eflags =  *0xcb33b4 - _t113; // 0x0
								if(__eflags == 0) {
									goto L64;
								}
								_t59 = E00CA8F51(_t116);
								__eflags = _t59;
								if(_t59 != 0) {
									continue;
								}
								goto L63;
							}
							goto L64;
						} else {
							goto L5;
						}
						do {
							L5:
							_v40 = _t113;
							__eflags = _t116 - 0xffffffe0;
							if(_t116 > 0xffffffe0) {
								L25:
								_t57 = _v40;
								__eflags = _t57 - _t113;
								if(_t57 != _t113) {
									goto L64;
								}
								__eflags =  *0xcb33b4 - _t113; // 0x0
								if(__eflags == 0) {
									goto L64;
								}
								goto L27;
							}
							E00CA59C8(9);
							_v8 = _t113;
							_t80 = E00CA5BC0(_t97);
							_v44 = _t80;
							__eflags = _t80 - _t113;
							if(_t80 == _t113) {
								L21:
								_v8 = _v8 | 0xffffffff;
								E00CAA06A();
								__eflags = _v44 - _t113;
								if(_v44 == _t113) {
									__eflags = _t116 - _t113;
									if(_t116 == _t113) {
										_t116 = 1;
									}
									_t116 = _t116 + 0x0000000f & 0xfffffff0;
									__eflags = _t116;
									_a8 = _t116;
									_v40 = HeapReAlloc( *0xcb3684, _t113, _t97, _t116);
								}
								goto L25;
							}
							__eflags = _t116 -  *0xcb3680; // 0x0
							if(__eflags <= 0) {
								_push(_t116);
								_push(_t97);
								_push(_t80);
								_t88 = E00CA63C9();
								_t123 = _t123 + 0xc;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(_t116);
									_t89 = E00CA5F14();
									_v40 = _t89;
									__eflags = _t89 - _t113;
									if(_t89 != _t113) {
										_t91 =  *((intOrPtr*)(_t97 - 4)) - 1;
										_v36 = _t91;
										__eflags = _t91 - _t116;
										if(_t91 >= _t116) {
											_t91 = _t116;
										}
										E00CA79A0(_t97, _v40, _t97, _t91);
										_t93 = E00CA5BC0(_t97);
										_v44 = _t93;
										_push(_t97);
										_push(_t93);
										E00CA5BEB();
										_t123 = _t123 + 0x18;
									}
								} else {
									_v40 = _t97;
								}
							}
							__eflags = _v40 - _t113;
							if(_v40 == _t113) {
								__eflags = _t116 - _t113;
								if(_t116 == _t113) {
									_t116 = 1;
									_a8 = _t116;
								}
								_t116 = _t116 + 0x0000000f & 0xfffffff0;
								_a8 = _t116;
								_t83 = HeapAlloc( *0xcb3684, _t113, _t116);
								_v40 = _t83;
								__eflags = _t83 - _t113;
								if(_t83 != _t113) {
									_t85 =  *((intOrPtr*)(_t97 - 4)) - 1;
									_v36 = _t85;
									__eflags = _t85 - _t116;
									if(_t85 >= _t116) {
										_t85 = _t116;
									}
									E00CA79A0(_t97, _v40, _t97, _t85);
									_push(_t97);
									_push(_v44);
									E00CA5BEB();
									_t123 = _t123 + 0x14;
								}
							}
							goto L21;
							L27:
							_t78 = E00CA8F51(_t116);
							__eflags = _t78;
						} while (_t78 != 0);
						goto L63;
					} else {
						E00CA2DC0(_t97);
						L63:
						_t57 = 0;
						__eflags = 0;
						goto L64;
					}
				} else {
					_t57 = E00CA5A3E(_a8);
					L64:
					 *[fs:0x0] = _v20;
					return _t57;
				}
			}

0x00ca9ee2
0x00ca9ee4
0x00ca9ee9
0x00ca9ef4
0x00ca9ef5
0x00ca9efc
0x00ca9f02
0x00ca9f05
0x00ca9f09
0x00ca9f19
0x00ca9f1c
0x00ca9f1e
0x00ca9f2c
0x00ca9f31
0x00ca9f34
0x00caa073
0x00caa076
0x00caa1c3
0x00caa1c3
0x00caa1c5
0x00caa1c8
0x00caa1ca
0x00caa1cc
0x00caa1d0
0x00caa1d0
0x00caa1d4
0x00caa1d4
0x00caa1e0
0x00caa1e0
0x00caa1e6
0x00caa1e8
0x00000000
0x00000000
0x00caa1ea
0x00caa1f0
0x00000000
0x00000000
0x00caa1f3
0x00caa1f9
0x00caa1fb
0x00000000
0x00000000
0x00000000
0x00caa1fb
0x00000000
0x00caa1c3
0x00caa07c
0x00caa07f
0x00caa081
0x00caa083
0x00caa08f
0x00caa085
0x00caa088
0x00caa088
0x00caa090
0x00caa090
0x00caa093
0x00caa093
0x00caa096
0x00caa099
0x00caa0a1
0x00caa0a6
0x00caa0a7
0x00caa0b7
0x00caa0bc
0x00caa0bf
0x00caa0c1
0x00caa0c4
0x00caa0c6
0x00caa186
0x00caa0cc
0x00caa0cc
0x00caa0d2
0x00caa0d6
0x00caa0e1
0x00caa0e6
0x00caa0e9
0x00caa0eb
0x00caa0f6
0x00caa0fc
0x00caa0ff
0x00caa101
0x00caa106
0x00caa109
0x00caa10c
0x00caa10e
0x00caa110
0x00caa110
0x00caa119
0x00caa125
0x00caa12a
0x00caa12a
0x00caa0ed
0x00caa0f0
0x00caa0f0
0x00caa12d
0x00caa12d
0x00caa130
0x00caa134
0x00caa13f
0x00caa145
0x00caa148
0x00caa14a
0x00caa14f
0x00caa152
0x00caa155
0x00caa157
0x00caa159
0x00caa159
0x00caa160
0x00caa16c
0x00caa171
0x00caa171
0x00caa14a
0x00caa134
0x00caa189
0x00caa189
0x00caa189
0x00caa18d
0x00caa18d
0x00caa192
0x00caa195
0x00caa197
0x00000000
0x00000000
0x00caa199
0x00caa19f
0x00000000
0x00000000
0x00caa1a2
0x00caa1a8
0x00caa1aa
0x00000000
0x00000000
0x00000000
0x00caa1b0
0x00000000
0x00000000
0x00000000
0x00000000
0x00ca9f3a
0x00ca9f3a
0x00ca9f3a
0x00ca9f3d
0x00ca9f40
0x00caa037
0x00caa037
0x00caa03a
0x00caa03c
0x00000000
0x00000000
0x00caa042
0x00caa048
0x00000000
0x00000000
0x00000000
0x00caa048
0x00ca9f48
0x00ca9f4e
0x00ca9f52
0x00ca9f58
0x00ca9f5b
0x00ca9f5d
0x00caa007
0x00caa007
0x00caa00b
0x00caa010
0x00caa013
0x00caa015
0x00caa017
0x00caa01b
0x00caa01b
0x00caa01f
0x00caa01f
0x00caa022
0x00caa034
0x00caa034
0x00000000
0x00caa013
0x00ca9f63
0x00ca9f69
0x00ca9f6b
0x00ca9f6c
0x00ca9f6d
0x00ca9f6e
0x00ca9f73
0x00ca9f76
0x00ca9f78
0x00ca9f7f
0x00ca9f80
0x00ca9f86
0x00ca9f89
0x00ca9f8b
0x00ca9f90
0x00ca9f91
0x00ca9f94
0x00ca9f96
0x00ca9f98
0x00ca9f98
0x00ca9f9f
0x00ca9fa5
0x00ca9faa
0x00ca9fad
0x00ca9fae
0x00ca9faf
0x00ca9fb4
0x00ca9fb4
0x00ca9f7a
0x00ca9f7a
0x00ca9f7a
0x00ca9f78
0x00ca9fb7
0x00ca9fba
0x00ca9fbc
0x00ca9fbe
0x00ca9fc2
0x00ca9fc3
0x00ca9fc3
0x00ca9fc9
0x00ca9fcc
0x00ca9fd7
0x00ca9fdd
0x00ca9fe0
0x00ca9fe2
0x00ca9fe7
0x00ca9fe8
0x00ca9feb
0x00ca9fed
0x00ca9fef
0x00ca9fef
0x00ca9ff6
0x00ca9ffb
0x00ca9ffc
0x00ca9fff
0x00caa004
0x00caa004
0x00ca9fe2
0x00000000
0x00caa04e
0x00caa04f
0x00caa055
0x00caa055
0x00000000
0x00ca9f20
0x00ca9f21
0x00caa1fd
0x00caa1fd
0x00caa1fd
0x00000000
0x00caa1fd
0x00ca9f0b
0x00ca9f0e
0x00caa1ff
0x00caa202
0x00caa20d
0x00caa20d

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c501da555f7721a4710ab2931254d5693c8297af36f5ac862d946a80d780a5e4
Instruction ID: 6117b85b3da875dc0c656cb6b6a8256a0ba9e70d9be8e435f7c7b1088f94bc8a
Opcode Fuzzy Hash: c501da555f7721a4710ab2931254d5693c8297af36f5ac862d946a80d780a5e4
Instruction Fuzzy Hash: 9791C471D01616FFCF21AB68DC41ADEBBB4EB0B368F240216F825E6191E7318E40D7A5

Uniqueness

Uniqueness Score: -1.00%

Function 00C476BA Relevance: 6.4, APIs: 5, Instructions: 102
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00C476BA() {
				void* _t25;
				intOrPtr* _t28;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t55;

				if( *0xc6c600 != 0xffffffff) {
					_t43 = HeapAlloc( *0xc70ba0, 0, 0x2020);
					if(_t43 == 0) {
						goto L20;
					}
					goto L3;
				} else {
					_t43 = 0xc6c5f0;
					L3:
					_t42 = VirtualAlloc(0, 0x400000, 0x2000, 4);
					if(_t42 == 0) {
						L18:
						if(_t43 != 0xc6c5f0) {
							HeapFree( *0xc70ba0, 0, _t43);
						}
						L20:
						return 0;
					}
					if(VirtualAlloc(_t42, 0x10000, 0x1000, 4) == 0) {
						VirtualFree(_t42, 0, 0x8000);
						goto L18;
					}
					if(_t43 != 0xc6c5f0) {
						 *_t43 = 0xc6c5f0;
						_t25 =  *0xc6c5f4; // 0xc6c5f0
						 *(_t43 + 4) = _t25;
						 *0xc6c5f4 = _t43;
						 *( *(_t43 + 4)) = _t43;
					} else {
						if( *0xc6c5f0 == 0) {
							 *0xc6c5f0 = 0xc6c5f0;
						}
						if( *0xc6c5f4 == 0) {
							 *0xc6c5f4 = 0xc6c5f0;
						}
					}
					_t3 = _t42 + 0x400000; // 0x400000
					_t4 = _t43 + 0x98; // 0x98
					 *((intOrPtr*)(_t43 + 0x14)) = _t3;
					_t6 = _t43 + 0x18; // 0x18
					_t28 = _t6;
					 *((intOrPtr*)(_t43 + 0xc)) = _t4;
					 *(_t43 + 0x10) = _t42;
					 *((intOrPtr*)(_t43 + 8)) = _t28;
					_t45 = 0;
					do {
						_t55 = _t45 - 0x10;
						_t45 = _t45 + 1;
						 *_t28 = ((0 | _t55 >= 0x00000000) - 0x00000001 & 0x000000f1) - 1;
						 *((intOrPtr*)(_t28 + 4)) = 0xf1;
						_t28 = _t28 + 8;
					} while (_t45 < 0x400);
					E00C4A950(_t42, 0, 0x10000);
					while(_t42 <  *(_t43 + 0x10) + 0x10000) {
						 *(_t42 + 0xf8) =  *(_t42 + 0xf8) | 0x000000ff;
						_t16 = _t42 + 8; // -4088
						 *_t42 = _t16;
						 *((intOrPtr*)(_t42 + 4)) = 0xf0;
						_t42 = _t42 + 0x1000;
					}
					return _t43;
				}
			}

0x00c476c5
0x00c476e1
0x00c476e5
0x00000000
0x00000000
0x00000000
0x00c476c7
0x00c476c7
0x00c476eb
0x00c47701
0x00c47705
0x00c477e0
0x00c477e6
0x00c477f1
0x00c477f1
0x00c477f7
0x00000000
0x00c477f7
0x00c4771d
0x00c477da
0x00000000
0x00c477da
0x00c4772a
0x00c4774a
0x00c4774c
0x00c47751
0x00c47754
0x00c4775d
0x00c4772c
0x00c47733
0x00c47735
0x00c47735
0x00c47741
0x00c47743
0x00c47743
0x00c47741
0x00c4775f
0x00c47765
0x00c4776b
0x00c4776e
0x00c4776e
0x00c47771
0x00c47774
0x00c47777
0x00c4777a
0x00c47781
0x00c47783
0x00c4778d
0x00c4778e
0x00c47790
0x00c47793
0x00c47796
0x00c477a2
0x00c477aa
0x00c477b3
0x00c477ba
0x00c477bd
0x00c477bf
0x00c477c6
0x00c477c6
0x00000000
0x00c477ce

APIs

HeapAlloc.KERNEL32(00000000,00002020,00C6C5F0,00C6C5F0,?,00000000,00C47B86,?,00000010,00000000,00000009,00000009,?,00C4367E,00000010,?), ref: 00C476DB
VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,00000000,00C47B86,?,00000010,00000000,00000009,00000009,?,00C4367E,00000010,?), ref: 00C476FF
VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,00000000,00C47B86,?,00000010,00000000,00000009,00000009,?,00C4367E,00000010,?), ref: 00C47719
VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,00C47B86,?,00000010,00000000,00000009,00000009,?,00C4367E,00000010,?,00000000), ref: 00C477DA
HeapFree.KERNEL32(00000000,00000000,?,00000000,00C47B86,?,00000010,00000000,00000009,00000009,?,00C4367E,00000010,?,00000000,00000000), ref: 00C477F1

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: AllocVirtual$FreeHeap
String ID:
API String ID: 714016831-0
Opcode ID: 103d8976296985aa52d66915a66e6098bb61b8a3efe4af33cf012fa072ef2b94
Instruction ID: c0e7fbd29768df756bc608467be25b900dac8c8e5e4b4c6d7eccb1c36e625daa
Opcode Fuzzy Hash: 103d8976296985aa52d66915a66e6098bb61b8a3efe4af33cf012fa072ef2b94
Instruction Fuzzy Hash: D93134B46047029FD3368F29DC81B29B7E4FB84764F21423AF1B6E7290E7B0A841DB44

Uniqueness

Uniqueness Score: -1.00%

Function 00CA66BF Relevance: 6.4, APIs: 5, Instructions: 102
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CA66BF() {
				void* _t25;
				intOrPtr* _t28;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t55;

				if( *0xcaca00 != 0xffffffff) {
					_t43 = HeapAlloc( *0xcb3684, 0, 0x2020);
					if(_t43 == 0) {
						goto L20;
					}
					goto L3;
				} else {
					_t43 = 0xcac9f0;
					L3:
					_t42 = VirtualAlloc(0, 0x400000, 0x2000, 4);
					if(_t42 == 0) {
						L18:
						if(_t43 != 0xcac9f0) {
							HeapFree( *0xcb3684, 0, _t43);
						}
						L20:
						return 0;
					}
					if(VirtualAlloc(_t42, 0x10000, 0x1000, 4) == 0) {
						VirtualFree(_t42, 0, 0x8000);
						goto L18;
					}
					if(_t43 != 0xcac9f0) {
						 *_t43 = 0xcac9f0;
						_t25 =  *0xcac9f4; // 0xcac9f0
						 *(_t43 + 4) = _t25;
						 *0xcac9f4 = _t43;
						 *( *(_t43 + 4)) = _t43;
					} else {
						if( *0xcac9f0 == 0) {
							 *0xcac9f0 = 0xcac9f0;
						}
						if( *0xcac9f4 == 0) {
							 *0xcac9f4 = 0xcac9f0;
						}
					}
					_t3 = _t42 + 0x400000; // 0x400000
					_t4 = _t43 + 0x98; // 0x98
					 *((intOrPtr*)(_t43 + 0x14)) = _t3;
					_t6 = _t43 + 0x18; // 0x18
					_t28 = _t6;
					 *((intOrPtr*)(_t43 + 0xc)) = _t4;
					 *(_t43 + 0x10) = _t42;
					 *((intOrPtr*)(_t43 + 8)) = _t28;
					_t45 = 0;
					do {
						_t55 = _t45 - 0x10;
						_t45 = _t45 + 1;
						 *_t28 = ((0 | _t55 >= 0x00000000) - 0x00000001 & 0x000000f1) - 1;
						 *((intOrPtr*)(_t28 + 4)) = 0xf1;
						_t28 = _t28 + 8;
					} while (_t45 < 0x400);
					E00CA48B0(_t42, 0, 0x10000);
					while(_t42 <  *(_t43 + 0x10) + 0x10000) {
						 *(_t42 + 0xf8) =  *(_t42 + 0xf8) | 0x000000ff;
						_t16 = _t42 + 8; // -4088
						 *_t42 = _t16;
						 *((intOrPtr*)(_t42 + 4)) = 0xf0;
						_t42 = _t42 + 0x1000;
					}
					return _t43;
				}
			}

0x00ca66ca
0x00ca66e6
0x00ca66ea
0x00000000
0x00000000
0x00000000
0x00ca66cc
0x00ca66cc
0x00ca66f0
0x00ca6706
0x00ca670a
0x00ca67e5
0x00ca67eb
0x00ca67f6
0x00ca67f6
0x00ca67fc
0x00000000
0x00ca67fc
0x00ca6722
0x00ca67df
0x00000000
0x00ca67df
0x00ca672f
0x00ca674f
0x00ca6751
0x00ca6756
0x00ca6759
0x00ca6762
0x00ca6731
0x00ca6738
0x00ca673a
0x00ca673a
0x00ca6746
0x00ca6748
0x00ca6748
0x00ca6746
0x00ca6764
0x00ca676a
0x00ca6770
0x00ca6773
0x00ca6773
0x00ca6776
0x00ca6779
0x00ca677c
0x00ca677f
0x00ca6786
0x00ca6788
0x00ca6792
0x00ca6793
0x00ca6795
0x00ca6798
0x00ca679b
0x00ca67a7
0x00ca67af
0x00ca67b8
0x00ca67bf
0x00ca67c2
0x00ca67c4
0x00ca67cb
0x00ca67cb
0x00000000
0x00ca67d3

APIs

HeapAlloc.KERNEL32(00000000,00002020,00CAC9F0,00CAC9F0,?,?,00CA6B8B,00000000,00000010,00000000,00000009,00000009,?,00CA5B28,00000010,00000000), ref: 00CA66E0
VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,00CA6B8B,00000000,00000010,00000000,00000009,00000009,?,00CA5B28,00000010,00000000), ref: 00CA6704
VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,00CA6B8B,00000000,00000010,00000000,00000009,00000009,?,00CA5B28,00000010,00000000), ref: 00CA671E
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00CA6B8B,00000000,00000010,00000000,00000009,00000009,?,00CA5B28,00000010,00000000,?), ref: 00CA67DF
HeapFree.KERNEL32(00000000,00000000,?,?,00CA6B8B,00000000,00000010,00000000,00000009,00000009,?,00CA5B28,00000010,00000000,?,00000000), ref: 00CA67F6

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: AllocVirtual$FreeHeap
String ID:
API String ID: 714016831-0
Opcode ID: 41eebe2472e269d09b2c84e577c3fb86776811a47b00f3a0e7981cda271297d9
Instruction ID: 4abb73f4fc7f08ccc5ed9d59cb4b7f36b818a58a284056c00d2cad14dd316842
Opcode Fuzzy Hash: 41eebe2472e269d09b2c84e577c3fb86776811a47b00f3a0e7981cda271297d9
Instruction Fuzzy Hash: C531C0B1641707AFD3318F28DC85B6AB7E4EB46B5CF148639E165E7290EB74A840CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00C4CC6C Relevance: 6.2, APIs: 4, Instructions: 170
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C4CC6C(signed int _a4, signed int _a8, long _a12) {
				void _v5;
				signed int _v12;
				long _v16;
				signed int _t75;
				void* _t78;
				intOrPtr _t82;
				signed char _t83;
				signed char _t85;
				long _t86;
				void* _t88;
				signed char _t90;
				signed char _t91;
				signed int _t95;
				intOrPtr _t96;
				char _t98;
				signed int _t99;
				long _t101;
				long _t102;
				signed int _t103;
				intOrPtr _t106;
				signed int _t108;
				signed int _t109;
				signed int _t111;
				signed char _t112;
				signed char* _t113;
				long _t115;
				void* _t119;
				signed int _t120;
				intOrPtr* _t121;
				signed int _t123;
				signed char* _t124;
				void* _t125;
				void* _t126;

				_v12 = _v12 & 0x00000000;
				_t108 = _a8;
				_t119 = _t108;
				if(_a12 == 0) {
					L42:
					__eflags = 0;
					return 0;
				}
				_t75 = _a4;
				_t111 = _t75 >> 5;
				_t121 = 0xc70a80 + _t111 * 4;
				_t123 = (_t75 & 0x0000001f) + (_t75 & 0x0000001f) * 8 << 2;
				_t78 =  *((intOrPtr*)(0xc70a80 + _t111 * 4)) + _t123;
				_t112 =  *((intOrPtr*)(_t78 + 4));
				if((_t112 & 0x00000002) != 0) {
					goto L42;
				}
				if((_t112 & 0x00000048) != 0) {
					_t106 =  *((intOrPtr*)(_t78 + 5));
					if(_t106 != 0xa) {
						_a12 = _a12 - 1;
						 *_t108 = _t106;
						_t119 = _t108 + 1;
						_v12 = 1;
						 *((char*)( *_t121 + _t123 + 5)) = 0xa;
					}
				}
				if(ReadFile( *( *_t121 + _t123), _t119, _a12,  &_v16, 0) != 0) {
					_t82 =  *_t121;
					_t120 = _v16;
					_v12 = _v12 + _t120;
					_t31 = _t123 + 4; // 0x4
					_t113 = _t82 + _t31;
					_t83 =  *((intOrPtr*)(_t82 + _t123 + 4));
					__eflags = _t83 & 0x00000080;
					if((_t83 & 0x00000080) == 0) {
						L41:
						return _v12;
					}
					__eflags = _t120;
					if(_t120 == 0) {
						L15:
						_t85 = _t83 & 0x000000fb;
						__eflags = _t85;
						L16:
						 *_t113 = _t85;
						_t86 = _a8;
						_a12 = _t86;
						_t115 = _v12 + _t86;
						__eflags = _t86 - _t115;
						_v12 = _t115;
						if(_t86 >= _t115) {
							L40:
							_t109 = _t108 - _a8;
							__eflags = _t109;
							_v12 = _t109;
							goto L41;
						} else {
							goto L17;
						}
						while(1) {
							L17:
							_t88 =  *_a12;
							__eflags = _t88 - 0x1a;
							if(_t88 == 0x1a) {
								break;
							}
							__eflags = _t88 - 0xd;
							if(_t88 == 0xd) {
								__eflags = _a12 - _t115 - 1;
								if(_a12 >= _t115 - 1) {
									_a12 = _a12 + 1;
									_t95 = ReadFile( *( *_t121 + _t123),  &_v5, 1,  &_v16, 0);
									__eflags = _t95;
									if(_t95 != 0) {
										L26:
										__eflags = _v16;
										if(_v16 == 0) {
											L34:
											 *_t108 = 0xd;
											L35:
											_t108 = _t108 + 1;
											__eflags = _t108;
											L36:
											_t115 = _v12;
											__eflags = _a12 - _t115;
											if(_a12 < _t115) {
												continue;
											}
											goto L40;
										}
										_t96 =  *_t121;
										__eflags =  *(_t96 + _t123 + 4) & 0x00000048;
										if(( *(_t96 + _t123 + 4) & 0x00000048) == 0) {
											__eflags = _t108 - _a8;
											if(__eflags != 0) {
												L33:
												E00C4AA16(__eflags, _a4, 0xffffffff, 1);
												_t126 = _t126 + 0xc;
												__eflags = _v5 - 0xa;
												if(_v5 == 0xa) {
													goto L36;
												}
												goto L34;
											}
											__eflags = _v5 - 0xa;
											if(__eflags != 0) {
												goto L33;
											}
											L32:
											 *_t108 = 0xa;
											goto L35;
										}
										_t98 = _v5;
										__eflags = _t98 - 0xa;
										if(_t98 == 0xa) {
											goto L32;
										}
										 *_t108 = 0xd;
										_t108 = _t108 + 1;
										 *((char*)( *_t121 + _t123 + 5)) = _t98;
										goto L36;
									}
									_t99 = GetLastError();
									__eflags = _t99;
									if(_t99 != 0) {
										goto L34;
									}
									goto L26;
								}
								_t101 = _a12 + 1;
								__eflags =  *_t101 - 0xa;
								if( *_t101 != 0xa) {
									 *_t108 = 0xd;
									_t108 = _t108 + 1;
									_a12 = _t101;
									goto L36;
								}
								_a12 = _a12 + 2;
								goto L32;
							}
							 *_t108 = _t88;
							_t108 = _t108 + 1;
							_a12 = _a12 + 1;
							goto L36;
						}
						_t124 =  *_t121 + _t123 + 4;
						_t90 =  *_t124;
						__eflags = _t90 & 0x00000040;
						if((_t90 & 0x00000040) == 0) {
							_t91 = _t90 | 0x00000002;
							__eflags = _t91;
							 *_t124 = _t91;
						}
						goto L40;
					}
					__eflags =  *_t108 - 0xa;
					if( *_t108 != 0xa) {
						goto L15;
					}
					_t85 = _t83 | 0x00000004;
					goto L16;
				}
				_t102 = GetLastError();
				_t125 = 5;
				if(_t102 != _t125) {
					__eflags = _t102 - 0x6d;
					if(_t102 == 0x6d) {
						goto L42;
					}
					_t103 = E00C47F64(_t102);
					L10:
					return _t103 | 0xffffffff;
				}
				 *((intOrPtr*)(E00C47FD7())) = 9;
				_t103 = E00C47FE0();
				 *_t103 = _t125;
				goto L10;
			}

0x00c4cc72
0x00c4cc7b
0x00c4cc80
0x00c4cc82
0x00c4ce3e
0x00c4ce3e
0x00000000
0x00c4ce3e
0x00c4cc88
0x00c4cc90
0x00c4cc9d
0x00c4cca4
0x00c4cca7
0x00c4cca9
0x00c4ccaf
0x00000000
0x00000000
0x00c4ccb8
0x00c4ccba
0x00c4ccbf
0x00c4ccc1
0x00c4ccc4
0x00c4ccc8
0x00c4cccb
0x00c4ccd2
0x00c4ccd2
0x00c4ccbf
0x00c4ccee
0x00c4cd29
0x00c4cd2b
0x00c4cd2e
0x00c4cd31
0x00c4cd31
0x00c4cd35
0x00c4cd39
0x00c4cd3b
0x00c4ce39
0x00000000
0x00c4ce39
0x00c4cd41
0x00c4cd43
0x00c4cd4e
0x00c4cd4e
0x00c4cd4e
0x00c4cd50
0x00c4cd50
0x00c4cd52
0x00c4cd58
0x00c4cd5b
0x00c4cd5d
0x00c4cd5f
0x00c4cd62
0x00c4ce33
0x00c4ce33
0x00c4ce33
0x00c4ce36
0x00000000
0x00000000
0x00000000
0x00000000
0x00c4cd68
0x00c4cd68
0x00c4cd6b
0x00c4cd6d
0x00c4cd6f
0x00000000
0x00000000
0x00c4cd75
0x00c4cd77
0x00c4cd85
0x00c4cd88
0x00c4cda8
0x00c4cdb6
0x00c4cdbc
0x00c4cdbe
0x00c4cdca
0x00c4cdca
0x00c4cdce
0x00c4ce11
0x00c4ce11
0x00c4ce14
0x00c4ce14
0x00c4ce14
0x00c4ce15
0x00c4ce15
0x00c4ce18
0x00c4ce1b
0x00000000
0x00000000
0x00000000
0x00c4ce21
0x00c4cdd0
0x00c4cdd2
0x00c4cdd7
0x00c4cdec
0x00c4cdef
0x00c4cdfc
0x00c4ce03
0x00c4ce08
0x00c4ce0b
0x00c4ce0f
0x00000000
0x00000000
0x00000000
0x00c4ce0f
0x00c4cdf1
0x00c4cdf5
0x00000000
0x00000000
0x00c4cdf7
0x00c4cdf7
0x00000000
0x00c4cdf7
0x00c4cdd9
0x00c4cddc
0x00c4cdde
0x00000000
0x00000000
0x00c4cde0
0x00c4cde5
0x00c4cde6
0x00000000
0x00c4cde6
0x00c4cdc0
0x00c4cdc6
0x00c4cdc8
0x00000000
0x00000000
0x00000000
0x00c4cdc8
0x00c4cd8d
0x00c4cd8e
0x00c4cd91
0x00c4cd99
0x00c4cd9c
0x00c4cd9d
0x00000000
0x00c4cd9d
0x00c4cd93
0x00000000
0x00c4cd93
0x00c4cd79
0x00c4cd7b
0x00c4cd7c
0x00000000
0x00c4cd7c
0x00c4ce25
0x00c4ce29
0x00c4ce2b
0x00c4ce2d
0x00c4ce2f
0x00c4ce2f
0x00c4ce31
0x00c4ce31
0x00000000
0x00c4ce2d
0x00c4cd45
0x00c4cd48
0x00000000
0x00000000
0x00c4cd4a
0x00000000
0x00c4cd4a
0x00c4ccf0
0x00c4ccf8
0x00c4ccfb
0x00c4cd11
0x00c4cd14
0x00000000
0x00000000
0x00c4cd1b
0x00c4cd21
0x00000000
0x00c4cd21
0x00c4cd02
0x00c4cd08
0x00c4cd0d
0x00000000

APIs

ReadFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000), ref: 00C4CCE6
GetLastError.KERNEL32 ref: 00C4CCF0
ReadFile.KERNEL32(?,?,00000001,?,00000000), ref: 00C4CDB6
GetLastError.KERNEL32 ref: 00C4CDC0

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ErrorFileLastRead
String ID:
API String ID: 1948546556-0
Opcode ID: 96d78d8e9e777c154f1ed3b8ec3b93f378b2ca86a0e3c87788fc152170a596f8
Instruction ID: 2cba6f2ee9ff0e094468ccf48bf28002cd1c86317561780c12c99e26cf76f00d
Opcode Fuzzy Hash: 96d78d8e9e777c154f1ed3b8ec3b93f378b2ca86a0e3c87788fc152170a596f8
Instruction Fuzzy Hash: 1D51D134A05389DFDFA28F98C8C0BAD7FB0BF06304F1444A9E8659B272C7749A56CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00CA9091 Relevance: 6.2, APIs: 4, Instructions: 170
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CA9091(signed int _a4, signed int _a8, long _a12) {
				void _v5;
				signed int _v12;
				long _v16;
				signed int _t75;
				void* _t78;
				intOrPtr _t82;
				signed char _t83;
				signed char _t85;
				long _t86;
				void* _t88;
				signed char _t90;
				signed char _t91;
				signed int _t95;
				intOrPtr _t96;
				char _t98;
				signed int _t99;
				long _t101;
				long _t102;
				signed int _t103;
				intOrPtr _t106;
				signed int _t108;
				signed int _t109;
				signed int _t111;
				signed char _t112;
				signed char* _t113;
				long _t115;
				void* _t119;
				signed int _t120;
				intOrPtr* _t121;
				signed int _t123;
				signed char* _t124;
				void* _t125;
				void* _t126;

				_v12 = _v12 & 0x00000000;
				_t108 = _a8;
				_t119 = _t108;
				if(_a12 == 0) {
					L42:
					__eflags = 0;
					return 0;
				}
				_t75 = _a4;
				_t111 = _t75 >> 5;
				_t121 = 0xcb36a0 + _t111 * 4;
				_t123 = (_t75 & 0x0000001f) + (_t75 & 0x0000001f) * 8 << 2;
				_t78 =  *((intOrPtr*)(0xcb36a0 + _t111 * 4)) + _t123;
				_t112 =  *((intOrPtr*)(_t78 + 4));
				if((_t112 & 0x00000002) != 0) {
					goto L42;
				}
				if((_t112 & 0x00000048) != 0) {
					_t106 =  *((intOrPtr*)(_t78 + 5));
					if(_t106 != 0xa) {
						_a12 = _a12 - 1;
						 *_t108 = _t106;
						_t20 = _t108 + 1; // 0x1
						_t119 = _t20;
						_v12 = 1;
						 *((char*)( *_t121 + _t123 + 5)) = 0xa;
					}
				}
				if(ReadFile( *( *_t121 + _t123), _t119, _a12,  &_v16, 0) != 0) {
					_t82 =  *_t121;
					_t120 = _v16;
					_v12 = _v12 + _t120;
					_t31 = _t123 + 4; // 0x4
					_t113 = _t82 + _t31;
					_t83 =  *((intOrPtr*)(_t82 + _t123 + 4));
					__eflags = _t83 & 0x00000080;
					if((_t83 & 0x00000080) == 0) {
						L41:
						return _v12;
					}
					__eflags = _t120;
					if(_t120 == 0) {
						L15:
						_t85 = _t83 & 0x000000fb;
						__eflags = _t85;
						L16:
						 *_t113 = _t85;
						_t86 = _a8;
						_a12 = _t86;
						_t115 = _v12 + _t86;
						__eflags = _t86 - _t115;
						_v12 = _t115;
						if(_t86 >= _t115) {
							L40:
							_t109 = _t108 - _a8;
							__eflags = _t109;
							_v12 = _t109;
							goto L41;
						} else {
							goto L17;
						}
						while(1) {
							L17:
							_t88 =  *_a12;
							__eflags = _t88 - 0x1a;
							if(_t88 == 0x1a) {
								break;
							}
							__eflags = _t88 - 0xd;
							if(_t88 == 0xd) {
								__eflags = _a12 - _t115 - 1;
								if(_a12 >= _t115 - 1) {
									_a12 = _a12 + 1;
									_t95 = ReadFile( *( *_t121 + _t123),  &_v5, 1,  &_v16, 0);
									__eflags = _t95;
									if(_t95 != 0) {
										L26:
										__eflags = _v16;
										if(_v16 == 0) {
											L34:
											 *_t108 = 0xd;
											L35:
											_t108 = _t108 + 1;
											__eflags = _t108;
											L36:
											_t115 = _v12;
											__eflags = _a12 - _t115;
											if(_a12 < _t115) {
												continue;
											}
											goto L40;
										}
										_t96 =  *_t121;
										__eflags =  *(_t96 + _t123 + 4) & 0x00000048;
										if(( *(_t96 + _t123 + 4) & 0x00000048) == 0) {
											__eflags = _t108 - _a8;
											if(__eflags != 0) {
												L33:
												E00CA52FB(__eflags, _a4, 0xffffffff, 1);
												_t126 = _t126 + 0xc;
												__eflags = _v5 - 0xa;
												if(_v5 == 0xa) {
													goto L36;
												}
												goto L34;
											}
											__eflags = _v5 - 0xa;
											if(__eflags != 0) {
												goto L33;
											}
											L32:
											 *_t108 = 0xa;
											goto L35;
										}
										_t98 = _v5;
										__eflags = _t98 - 0xa;
										if(_t98 == 0xa) {
											goto L32;
										}
										 *_t108 = 0xd;
										_t108 = _t108 + 1;
										 *((char*)( *_t121 + _t123 + 5)) = _t98;
										goto L36;
									}
									_t99 = GetLastError();
									__eflags = _t99;
									if(_t99 != 0) {
										goto L34;
									}
									goto L26;
								}
								_t101 = _a12 + 1;
								__eflags =  *_t101 - 0xa;
								if( *_t101 != 0xa) {
									 *_t108 = 0xd;
									_t108 = _t108 + 1;
									_a12 = _t101;
									goto L36;
								}
								_a12 = _a12 + 2;
								goto L32;
							}
							 *_t108 = _t88;
							_t108 = _t108 + 1;
							_a12 = _a12 + 1;
							goto L36;
						}
						_t124 =  *_t121 + _t123 + 4;
						_t90 =  *_t124;
						__eflags = _t90 & 0x00000040;
						if((_t90 & 0x00000040) == 0) {
							_t91 = _t90 | 0x00000002;
							__eflags = _t91;
							 *_t124 = _t91;
						}
						goto L40;
					}
					__eflags =  *_t108 - 0xa;
					if( *_t108 != 0xa) {
						goto L15;
					}
					_t85 = _t83 | 0x00000004;
					goto L16;
				}
				_t102 = GetLastError();
				_t125 = 5;
				if(_t102 != _t125) {
					__eflags = _t102 - 0x6d;
					if(_t102 == 0x6d) {
						goto L42;
					}
					_t103 = E00CA2140(_t102);
					L10:
					return _t103 | 0xffffffff;
				}
				 *((intOrPtr*)(E00CA21B3())) = 9;
				_t103 = E00CA21BC();
				 *_t103 = _t125;
				goto L10;
			}

0x00ca9097
0x00ca90a0
0x00ca90a5
0x00ca90a7
0x00ca9263
0x00ca9263
0x00000000
0x00ca9263
0x00ca90ad
0x00ca90b5
0x00ca90c2
0x00ca90c9
0x00ca90cc
0x00ca90ce
0x00ca90d4
0x00000000
0x00000000
0x00ca90dd
0x00ca90df
0x00ca90e4
0x00ca90e6
0x00ca90e9
0x00ca90ed
0x00ca90ed
0x00ca90f0
0x00ca90f7
0x00ca90f7
0x00ca90e4
0x00ca9113
0x00ca914e
0x00ca9150
0x00ca9153
0x00ca9156
0x00ca9156
0x00ca915a
0x00ca915e
0x00ca9160
0x00ca925e
0x00000000
0x00ca925e
0x00ca9166
0x00ca9168
0x00ca9173
0x00ca9173
0x00ca9173
0x00ca9175
0x00ca9175
0x00ca9177
0x00ca917d
0x00ca9180
0x00ca9182
0x00ca9184
0x00ca9187
0x00ca9258
0x00ca9258
0x00ca9258
0x00ca925b
0x00000000
0x00000000
0x00000000
0x00000000
0x00ca918d
0x00ca918d
0x00ca9190
0x00ca9192
0x00ca9194
0x00000000
0x00000000
0x00ca919a
0x00ca919c
0x00ca91aa
0x00ca91ad
0x00ca91cd
0x00ca91db
0x00ca91e1
0x00ca91e3
0x00ca91ef
0x00ca91ef
0x00ca91f3
0x00ca9236
0x00ca9236
0x00ca9239
0x00ca9239
0x00ca9239
0x00ca923a
0x00ca923a
0x00ca923d
0x00ca9240
0x00000000
0x00000000
0x00000000
0x00ca9246
0x00ca91f5
0x00ca91f7
0x00ca91fc
0x00ca9211
0x00ca9214
0x00ca9221
0x00ca9228
0x00ca922d
0x00ca9230
0x00ca9234
0x00000000
0x00000000
0x00000000
0x00ca9234
0x00ca9216
0x00ca921a
0x00000000
0x00000000
0x00ca921c
0x00ca921c
0x00000000
0x00ca921c
0x00ca91fe
0x00ca9201
0x00ca9203
0x00000000
0x00000000
0x00ca9205
0x00ca920a
0x00ca920b
0x00000000
0x00ca920b
0x00ca91e5
0x00ca91eb
0x00ca91ed
0x00000000
0x00000000
0x00000000
0x00ca91ed
0x00ca91b2
0x00ca91b3
0x00ca91b6
0x00ca91be
0x00ca91c1
0x00ca91c2
0x00000000
0x00ca91c2
0x00ca91b8
0x00000000
0x00ca91b8
0x00ca919e
0x00ca91a0
0x00ca91a1
0x00000000
0x00ca91a1
0x00ca924a
0x00ca924e
0x00ca9250
0x00ca9252
0x00ca9254
0x00ca9254
0x00ca9256
0x00ca9256
0x00000000
0x00ca9252
0x00ca916a
0x00ca916d
0x00000000
0x00000000
0x00ca916f
0x00000000
0x00ca916f
0x00ca9115
0x00ca911d
0x00ca9120
0x00ca9136
0x00ca9139
0x00000000
0x00000000
0x00ca9140
0x00ca9146
0x00000000
0x00ca9146
0x00ca9127
0x00ca912d
0x00ca9132
0x00000000

APIs

ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000100,00000000,00000000), ref: 00CA910B
GetLastError.KERNEL32 ref: 00CA9115
ReadFile.KERNEL32(?,?,00000001,00000000,00000000), ref: 00CA91DB
GetLastError.KERNEL32 ref: 00CA91E5

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: ErrorFileLastRead
String ID:
API String ID: 1948546556-0
Opcode ID: 78ff4339e3c5dc2d4f3376ba3daabd713e7e57610bdcaa79b0a1a2bf2e15271f
Instruction ID: 274a5678cb3d05e6ce07a8e31a56ca8ff4a5f65d3e53e8ab151860b5d46d02c3
Opcode Fuzzy Hash: 78ff4339e3c5dc2d4f3376ba3daabd713e7e57610bdcaa79b0a1a2bf2e15271f
Instruction Fuzzy Hash: 6951D234A08387AFDF218F98C886BED7BB0EF1730CF544299E9659B252C3749A45CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00C328C0 Relevance: 6.2, APIs: 4, Instructions: 161
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00C328C0(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _t68;
				void* _t69;
				signed int _t73;
				void* _t75;
				signed int _t79;
				signed int _t89;
				void* _t90;
				signed int _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t101;
				intOrPtr* _t107;
				signed int _t108;
				signed int _t109;
				signed int _t133;
				signed int _t138;
				void* _t139;
				signed int _t143;
				void* _t144;
				intOrPtr* _t147;
				signed int _t149;
				void* _t150;

				_t147 = __ecx;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				 *((intOrPtr*)(__ecx + 0x30)) = 0;
				 *((intOrPtr*)(__ecx + 0x34)) = 0;
				_t89 = 1;
				do {
					_t89 = _t89 + _t89;
				} while (_t89 < 4);
				_t133 = _t89 * 4;
				_push(_t133);
				L00C3E340();
				if(0 == 0) {
					E00C4292B(0);
				}
				_t93 = _t133;
				_t94 = _t93 >> 2;
				memset(0 + _t94, memset(0, 0, _t94 << 2), (_t93 & 0x00000003) << 0);
				_t68 = 0;
				 *(_t147 + 0x30) = _t89;
				if( *((intOrPtr*)(_t147 + 0x2c)) > 0) {
					do {
						_t68 = _t68 + 1;
						 *((intOrPtr*)(0 + _t68 * 4 - 4)) =  *((intOrPtr*)( *(_t147 + 0x34) + _t68 * 4 - 4));
					} while (_t68 <  *((intOrPtr*)(_t147 + 0x2c)));
				}
				_t69 =  *(_t147 + 0x34);
				_push(_t69);
				L00C3E350();
				 *(_t147 + 0x34) = 0;
				 *((intOrPtr*)(_t147 + 0x40)) = 0;
				 *(_t147 + 0x44) = 0;
				 *(_t147 + 0x48) = 0;
				_t149 = 1;
				do {
					_t149 = _t149 + _t149;
				} while (_t149 < 4);
				_t138 = _t149 * 4;
				_push(_t138);
				L00C3E340();
				_t90 = _t69;
				if(_t90 == 0) {
					E00C4292B(_t69);
				}
				_t100 = _t138;
				_t139 = _t90;
				_t101 = _t100 >> 2;
				memset(_t139 + _t101, memset(_t139, 0, _t101 << 2), (_t100 & 0x00000003) << 0);
				_t73 = 0;
				 *(_t147 + 0x44) = _t149;
				if( *((intOrPtr*)(_t147 + 0x40)) > 0) {
					do {
						_t73 = _t73 + 1;
						 *((intOrPtr*)(_t90 + _t73 * 4 - 4)) =  *((intOrPtr*)( *(_t147 + 0x48) + _t73 * 4 - 4));
					} while (_t73 <  *((intOrPtr*)(_t147 + 0x40)));
				}
				_push( *(_t147 + 0x48));
				L00C3E350();
				_t107 = _t147 + 0x4c;
				 *(_t147 + 0x48) = _t90;
				 *_t107 = 0;
				 *((intOrPtr*)(_t107 + 4)) = 0;
				 *((intOrPtr*)(_t107 + 8)) = 0;
				_t75 = E00C23300(_t107, 4);
				 *((intOrPtr*)(_t147 + 0x80)) = 0;
				 *(_t147 + 0x84) = 0;
				 *(_t147 + 0x88) = 0;
				_t91 = 1;
				do {
					_t91 = _t91 + _t91;
				} while (_t91 < 4);
				_t143 = _t91 * 4;
				_push(_t143);
				L00C3E340();
				_t150 = _t75;
				if(_t150 == 0) {
					E00C4292B(_t75);
				}
				_t108 = _t143;
				_t144 = _t150;
				_t109 = _t108 >> 2;
				memset(_t144 + _t109, memset(_t144, 0, _t109 << 2), (_t108 & 0x00000003) << 0);
				_t79 = 0;
				 *(_t147 + 0x84) = _t91;
				if( *((intOrPtr*)(_t147 + 0x80)) > 0) {
					do {
						_t79 = _t79 + 1;
						 *((intOrPtr*)(_t150 + _t79 * 4 - 4)) =  *((intOrPtr*)( *(_t147 + 0x88) + _t79 * 4 - 4));
					} while (_t79 <  *((intOrPtr*)(_t147 + 0x80)));
				}
				_push( *(_t147 + 0x88));
				L00C3E350();
				 *(_t147 + 0x88) = _t150;
				E00C27980(_t147 + 0x9c);
				E00C27980(_t147 + 0xa8);
				 *_t147 = 0xc4f3e4;
				E00C32640(_t147, _a4, _a8, _a12, _a16);
				return _t147;
			}

0x00c328c3
0x00c328c8
0x00c328cb
0x00c328ce
0x00c328d1
0x00c328d6
0x00c328d6
0x00c328d8
0x00c328dd
0x00c328e4
0x00c328e5
0x00c328f1
0x00c328f4
0x00c328f4
0x00c328f9
0x00c32901
0x00c3290b
0x00c32912
0x00c32916
0x00c32919
0x00c3291b
0x00c3291e
0x00c32923
0x00c3292a
0x00c3291b
0x00c3292e
0x00c32931
0x00c32932
0x00c32937
0x00c3293d
0x00c32940
0x00c32943
0x00c32946
0x00c3294b
0x00c3294b
0x00c3294d
0x00c32952
0x00c32959
0x00c3295a
0x00c3295f
0x00c32966
0x00c32969
0x00c32969
0x00c3296e
0x00c32974
0x00c32976
0x00c32980
0x00c32987
0x00c3298b
0x00c3298e
0x00c32990
0x00c32993
0x00c32998
0x00c3299f
0x00c32990
0x00c329a6
0x00c329a7
0x00c329af
0x00c329b2
0x00c329b7
0x00c329b9
0x00c329bc
0x00c329bf
0x00c329c4
0x00c329ca
0x00c329d0
0x00c329d6
0x00c329db
0x00c329db
0x00c329dd
0x00c329e2
0x00c329e9
0x00c329ea
0x00c329ef
0x00c329f6
0x00c329f9
0x00c329f9
0x00c329fe
0x00c32a04
0x00c32a06
0x00c32a10
0x00c32a18
0x00c32a1c
0x00c32a22
0x00c32a24
0x00c32a2a
0x00c32a2f
0x00c32a39
0x00c32a24
0x00c32a43
0x00c32a44
0x00c32a52
0x00c32a58
0x00c32a63
0x00c32a7e
0x00c32a84
0x00c32a8f

APIs

?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF
??0Color@vgui@@QAE@XZ.VGUI(?,00000004), ref: 00C32A58
??0Color@vgui@@QAE@XZ.VGUI(?,00000004), ref: 00C32A63
?init@Panel@vgui@@AAEXHHHH@Z.VGUI(?,?,?,?,?,00000004), ref: 00C32A84

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Color@vgui@@$?ensure?init@Capacity@?$Dar@Panel@vgui@@Signal@vgui@@@vgui@@Tick
String ID:
API String ID: 3675849737-0
Opcode ID: 86ec434ba9fdf1b987ad4730f87fca7d98c22b60c9dad36eb9fcf8a8a1af51ee
Instruction ID: 68bc2903748353c06a591cfad1a90818bd5c67c0072efb63a47c75ab3291ea6f
Opcode Fuzzy Hash: 86ec434ba9fdf1b987ad4730f87fca7d98c22b60c9dad36eb9fcf8a8a1af51ee
Instruction Fuzzy Hash: 0E517EB06107048FC728EF69D89176BB2E6BF88300F54482DE59BC7761DB76B906DB41

Uniqueness

Uniqueness Score: -1.00%

Function 00C326F0 Relevance: 6.2, APIs: 4, Instructions: 157
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00C326F0(intOrPtr* __ecx) {
				signed int _t64;
				void* _t65;
				signed int _t69;
				void* _t71;
				signed int _t75;
				signed int _t84;
				void* _t85;
				signed int _t86;
				signed int _t88;
				signed int _t89;
				signed int _t95;
				signed int _t96;
				intOrPtr* _t102;
				signed int _t103;
				signed int _t104;
				signed int _t125;
				signed int _t130;
				void* _t131;
				signed int _t135;
				void* _t136;
				intOrPtr* _t139;
				signed int _t141;
				void* _t142;

				_t139 = __ecx;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				 *((intOrPtr*)(__ecx + 0x30)) = 0;
				 *((intOrPtr*)(__ecx + 0x34)) = 0;
				_t84 = 1;
				do {
					_t84 = _t84 + _t84;
				} while (_t84 < 4);
				_t125 = _t84 * 4;
				_push(_t125);
				L00C3E340();
				if(0 == 0) {
					E00C4292B(0);
				}
				_t88 = _t125;
				_t89 = _t88 >> 2;
				memset(0 + _t89, memset(0, 0, _t89 << 2), (_t88 & 0x00000003) << 0);
				_t64 = 0;
				 *(_t139 + 0x30) = _t84;
				if( *((intOrPtr*)(_t139 + 0x2c)) > 0) {
					do {
						_t64 = _t64 + 1;
						 *((intOrPtr*)(0 + _t64 * 4 - 4)) =  *((intOrPtr*)( *(_t139 + 0x34) + _t64 * 4 - 4));
					} while (_t64 <  *((intOrPtr*)(_t139 + 0x2c)));
				}
				_t65 =  *(_t139 + 0x34);
				_push(_t65);
				L00C3E350();
				 *(_t139 + 0x34) = 0;
				 *((intOrPtr*)(_t139 + 0x40)) = 0;
				 *(_t139 + 0x44) = 0;
				 *(_t139 + 0x48) = 0;
				_t141 = 1;
				do {
					_t141 = _t141 + _t141;
				} while (_t141 < 4);
				_t130 = _t141 * 4;
				_push(_t130);
				L00C3E340();
				_t85 = _t65;
				if(_t85 == 0) {
					E00C4292B(_t65);
				}
				_t95 = _t130;
				_t131 = _t85;
				_t96 = _t95 >> 2;
				memset(_t131 + _t96, memset(_t131, 0, _t96 << 2), (_t95 & 0x00000003) << 0);
				_t69 = 0;
				 *(_t139 + 0x44) = _t141;
				if( *((intOrPtr*)(_t139 + 0x40)) > 0) {
					do {
						_t69 = _t69 + 1;
						 *((intOrPtr*)(_t85 + _t69 * 4 - 4)) =  *((intOrPtr*)( *(_t139 + 0x48) + _t69 * 4 - 4));
					} while (_t69 <  *((intOrPtr*)(_t139 + 0x40)));
				}
				_push( *(_t139 + 0x48));
				L00C3E350();
				_t102 = _t139 + 0x4c;
				 *(_t139 + 0x48) = _t85;
				 *_t102 = 0;
				 *((intOrPtr*)(_t102 + 4)) = 0;
				 *((intOrPtr*)(_t102 + 8)) = 0;
				_t71 = E00C23300(_t102, 4);
				 *((intOrPtr*)(_t139 + 0x80)) = 0;
				 *(_t139 + 0x84) = 0;
				 *(_t139 + 0x88) = 0;
				_t86 = 1;
				do {
					_t86 = _t86 + _t86;
				} while (_t86 < 4);
				_t135 = _t86 * 4;
				_push(_t135);
				L00C3E340();
				_t142 = _t71;
				if(_t142 == 0) {
					E00C4292B(_t71);
				}
				_t103 = _t135;
				_t136 = _t142;
				_t104 = _t103 >> 2;
				memset(_t136 + _t104, memset(_t136, 0, _t104 << 2), (_t103 & 0x00000003) << 0);
				_t75 = 0;
				 *(_t139 + 0x84) = _t86;
				if( *((intOrPtr*)(_t139 + 0x80)) > 0) {
					do {
						_t75 = _t75 + 1;
						 *((intOrPtr*)(_t142 + _t75 * 4 - 4)) =  *((intOrPtr*)( *(_t139 + 0x88) + _t75 * 4 - 4));
					} while (_t75 <  *((intOrPtr*)(_t139 + 0x80)));
				}
				_push( *(_t139 + 0x88));
				L00C3E350();
				 *(_t139 + 0x88) = _t142;
				E00C27980(_t139 + 0x9c);
				E00C27980(_t139 + 0xa8);
				 *_t139 = 0xc4f3e4;
				E00C32640(_t139, 0, 0, 0x40, 0x40);
				return _t139;
			}

0x00c326f3
0x00c326f8
0x00c326fb
0x00c326fe
0x00c32701
0x00c32706
0x00c32706
0x00c32708
0x00c3270d
0x00c32714
0x00c32715
0x00c32721
0x00c32724
0x00c32724
0x00c32729
0x00c32731
0x00c3273b
0x00c32742
0x00c32746
0x00c32749
0x00c3274b
0x00c3274e
0x00c32753
0x00c3275a
0x00c3274b
0x00c3275e
0x00c32761
0x00c32762
0x00c32767
0x00c3276d
0x00c32770
0x00c32773
0x00c32776
0x00c3277b
0x00c3277b
0x00c3277d
0x00c32782
0x00c32789
0x00c3278a
0x00c3278f
0x00c32796
0x00c32799
0x00c32799
0x00c3279e
0x00c327a4
0x00c327a6
0x00c327b0
0x00c327b7
0x00c327bb
0x00c327be
0x00c327c0
0x00c327c3
0x00c327c8
0x00c327cf
0x00c327c0
0x00c327d6
0x00c327d7
0x00c327df
0x00c327e2
0x00c327e7
0x00c327e9
0x00c327ec
0x00c327ef
0x00c327f4
0x00c327fa
0x00c32800
0x00c32806
0x00c3280b
0x00c3280b
0x00c3280d
0x00c32812
0x00c32819
0x00c3281a
0x00c3281f
0x00c32826
0x00c32829
0x00c32829
0x00c3282e
0x00c32834
0x00c32836
0x00c32840
0x00c32848
0x00c3284c
0x00c32852
0x00c32854
0x00c3285a
0x00c3285f
0x00c32869
0x00c32854
0x00c32873
0x00c32874
0x00c32882
0x00c32888
0x00c32893
0x00c328a2
0x00c328a8
0x00c328b3

APIs

?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C327EF
??0Color@vgui@@QAE@XZ.VGUI(?,00000004), ref: 00C32888
??0Color@vgui@@QAE@XZ.VGUI(?,00000004), ref: 00C32893
?init@Panel@vgui@@AAEXHHHH@Z.VGUI(00000000,00000000,00000040,00000040,?,00000004), ref: 00C328A8

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Color@vgui@@$?ensure?init@Capacity@?$Dar@Panel@vgui@@Signal@vgui@@@vgui@@Tick
String ID:
API String ID: 3675849737-0
Opcode ID: 279f6e27f0e16b96da9591347913450cd02d9c7a2780edf0290dac46fc75f3d6
Instruction ID: 34e12df06ea21d4580d8c582f38b0c79a0d11e87336d78f544ce594ce629e61f
Opcode Fuzzy Hash: 279f6e27f0e16b96da9591347913450cd02d9c7a2780edf0290dac46fc75f3d6
Instruction Fuzzy Hash: 8151A0B0610B044FD728EF69D8917ABB2E6BF88300F54482DD69BC77A1DB76B905CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00C45A58 Relevance: 6.1, APIs: 4, Instructions: 135
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C45A58(long _a4, void* _a8, long _a12) {
				intOrPtr* _v8;
				long _v12;
				long _v16;
				signed int _v20;
				void _v1048;
				void** _t66;
				signed int _t67;
				intOrPtr _t69;
				signed int _t70;
				intOrPtr _t71;
				signed int _t73;
				signed int _t80;
				int _t85;
				long _t87;
				intOrPtr* _t91;
				intOrPtr _t97;
				struct _OVERLAPPED* _t101;
				long _t103;
				signed int _t105;
				struct _OVERLAPPED* _t106;

				_t101 = 0;
				_v12 = 0;
				_v20 = 0;
				if(_a12 != 0) {
					_t91 = 0xc70a80 + (_a4 >> 5) * 4;
					_t105 = (_a4 & 0x0000001f) + (_a4 & 0x0000001f) * 8 << 2;
					__eflags =  *( *_t91 + _t105 + 4) & 0x00000020;
					if(__eflags != 0) {
						E00C4AA16(__eflags, _a4, 0, 2);
					}
					_t66 =  *_t91 + _t105;
					__eflags = _t66[1] & 0x00000080;
					if((_t66[1] & 0x00000080) == 0) {
						_t67 = WriteFile( *_t66, _a8, _a12,  &_v16, _t101);
						__eflags = _t67;
						if(_t67 == 0) {
							_a4 = GetLastError();
						} else {
							_a4 = _t101;
							_v12 = _v16;
						}
						L15:
						_t69 = _v12;
						__eflags = _t69 - _t101;
						if(_t69 != _t101) {
							_t70 = _t69 - _v20;
							__eflags = _t70;
							return _t70;
						}
						__eflags = _a4 - _t101;
						if(_a4 == _t101) {
							L25:
							_t71 =  *_t91;
							__eflags =  *(_t71 + _t105 + 4) & 0x00000040;
							if(( *(_t71 + _t105 + 4) & 0x00000040) == 0) {
								L27:
								 *((intOrPtr*)(E00C47FD7())) = 0x1c;
								_t73 = E00C47FE0();
								 *_t73 = _t101;
								L24:
								return _t73 | 0xffffffff;
							}
							__eflags =  *_a8 - 0x1a;
							if( *_a8 == 0x1a) {
								goto L1;
							}
							goto L27;
						}
						_t106 = 5;
						__eflags = _a4 - _t106;
						if(_a4 != _t106) {
							_t73 = E00C47F64(_a4);
						} else {
							 *((intOrPtr*)(E00C47FD7())) = 9;
							_t73 = E00C47FE0();
							 *_t73 = _t106;
						}
						goto L24;
					}
					__eflags = _a12 - _t101;
					_v8 = _a8;
					_a4 = _t101;
					if(_a12 <= _t101) {
						goto L25;
					} else {
						goto L6;
					}
					do {
						L6:
						_t80 =  &_v1048;
						do {
							__eflags = _v8 - _a8 - _a12;
							if(_v8 - _a8 >= _a12) {
								break;
							}
							_v8 = _v8 + 1;
							_t97 =  *_v8;
							__eflags = _t97 - 0xa;
							if(_t97 == 0xa) {
								_v20 = _v20 + 1;
								 *_t80 = 0xd;
								_t80 = _t80 + 1;
								__eflags = _t80;
							}
							 *_t80 = _t97;
							_t80 = _t80 + 1;
							__eflags = _t80 -  &_v1048 - 0x400;
						} while (_t80 -  &_v1048 < 0x400);
						_t103 = _t80 -  &_v1048;
						_t85 = WriteFile( *( *_t91 + _t105),  &_v1048, _t103,  &_v16, 0);
						__eflags = _t85;
						if(_t85 == 0) {
							_a4 = GetLastError();
							break;
						}
						_t87 = _v16;
						_v12 = _v12 + _t87;
						__eflags = _t87 - _t103;
						if(_t87 < _t103) {
							break;
						}
						__eflags = _v8 - _a8 - _a12;
					} while (_v8 - _a8 < _a12);
					_t101 = 0;
					__eflags = 0;
					goto L15;
				}
				L1:
				return 0;
			}

0x00c45a64
0x00c45a69
0x00c45a6c
0x00c45a6f
0x00c45a7e
0x00c45a90
0x00c45a93
0x00c45a98
0x00c45aa0
0x00c45aa5
0x00c45aaa
0x00c45aac
0x00c45ab0
0x00c45b84
0x00c45b8a
0x00c45b8c
0x00c45b9f
0x00c45b8e
0x00c45b91
0x00c45b94
0x00c45b94
0x00c45b40
0x00c45b40
0x00c45b43
0x00c45b45
0x00c45bdb
0x00c45bdb
0x00000000
0x00c45bdb
0x00c45b4b
0x00c45b4e
0x00c45bb2
0x00c45bb2
0x00c45bb4
0x00c45bb9
0x00c45bc7
0x00c45bcc
0x00c45bd2
0x00c45bd7
0x00c45bad
0x00000000
0x00c45bad
0x00c45bbe
0x00c45bc1
0x00000000
0x00000000
0x00000000
0x00c45bc1
0x00c45b52
0x00c45b53
0x00c45b56
0x00c45ba7
0x00c45b58
0x00c45b5d
0x00c45b63
0x00c45b68
0x00c45b68
0x00000000
0x00c45b56
0x00c45ab9
0x00c45abc
0x00c45abf
0x00c45ac2
0x00000000
0x00000000
0x00000000
0x00000000
0x00c45ac8
0x00c45ac8
0x00c45ac8
0x00c45ace
0x00c45ad4
0x00c45ad7
0x00000000
0x00000000
0x00c45adc
0x00c45adf
0x00c45ae1
0x00c45ae4
0x00c45ae6
0x00c45ae9
0x00c45aec
0x00c45aec
0x00c45aec
0x00c45aed
0x00c45aef
0x00c45afa
0x00c45afa
0x00c45b0a
0x00c45b1f
0x00c45b25
0x00c45b27
0x00c45b72
0x00000000
0x00c45b72
0x00c45b29
0x00c45b2c
0x00c45b2f
0x00c45b31
0x00000000
0x00000000
0x00c45b39
0x00c45b39
0x00c45b3e
0x00c45b3e
0x00000000
0x00c45b3e
0x00c45a71
0x00000000

APIs

WriteFile.KERNEL32(?,?,?,00000000,00000000,00000001,?,?), ref: 00C45B1F

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 10358a647d701e9e2eb3c25a375ea8643af6496dc379204bdb4821ed4d909aa1
Instruction ID: fc256a97aaffffde7a0814bbc19626e918ba61bd28b42391a998648f7075d050
Opcode Fuzzy Hash: 10358a647d701e9e2eb3c25a375ea8643af6496dc379204bdb4821ed4d909aa1
Instruction Fuzzy Hash: 80516E71900648EFDB12CFA8C884BAD7BB4FF41350F2485A9E825DB252D770DA45DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00CA53D3 Relevance: 6.1, APIs: 4, Instructions: 135
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CA53D3(long _a4, void* _a8, long _a12) {
				intOrPtr* _v8;
				long _v12;
				long _v16;
				signed int _v20;
				void _v1048;
				void** _t66;
				signed int _t67;
				intOrPtr _t69;
				signed int _t70;
				intOrPtr _t71;
				signed int _t73;
				signed int _t80;
				int _t85;
				long _t87;
				intOrPtr* _t91;
				intOrPtr _t97;
				struct _OVERLAPPED* _t101;
				long _t103;
				signed int _t105;
				struct _OVERLAPPED* _t106;

				_t101 = 0;
				_v12 = 0;
				_v20 = 0;
				if(_a12 != 0) {
					_t91 = 0xcb36a0 + (_a4 >> 5) * 4;
					_t105 = (_a4 & 0x0000001f) + (_a4 & 0x0000001f) * 8 << 2;
					__eflags =  *( *_t91 + _t105 + 4) & 0x00000020;
					if(__eflags != 0) {
						E00CA52FB(__eflags, _a4, 0, 2);
					}
					_t66 =  *_t91 + _t105;
					__eflags = _t66[1] & 0x00000080;
					if((_t66[1] & 0x00000080) == 0) {
						_t67 = WriteFile( *_t66, _a8, _a12,  &_v16, _t101);
						__eflags = _t67;
						if(_t67 == 0) {
							_a4 = GetLastError();
						} else {
							_a4 = _t101;
							_v12 = _v16;
						}
						L15:
						_t69 = _v12;
						__eflags = _t69 - _t101;
						if(_t69 != _t101) {
							_t70 = _t69 - _v20;
							__eflags = _t70;
							return _t70;
						}
						__eflags = _a4 - _t101;
						if(_a4 == _t101) {
							L25:
							_t71 =  *_t91;
							__eflags =  *(_t71 + _t105 + 4) & 0x00000040;
							if(( *(_t71 + _t105 + 4) & 0x00000040) == 0) {
								L27:
								 *((intOrPtr*)(E00CA21B3())) = 0x1c;
								_t73 = E00CA21BC();
								 *_t73 = _t101;
								L24:
								return _t73 | 0xffffffff;
							}
							__eflags =  *_a8 - 0x1a;
							if( *_a8 == 0x1a) {
								goto L1;
							}
							goto L27;
						}
						_t106 = 5;
						__eflags = _a4 - _t106;
						if(_a4 != _t106) {
							_t73 = E00CA2140(_a4);
						} else {
							 *((intOrPtr*)(E00CA21B3())) = 9;
							_t73 = E00CA21BC();
							 *_t73 = _t106;
						}
						goto L24;
					}
					__eflags = _a12 - _t101;
					_v8 = _a8;
					_a4 = _t101;
					if(_a12 <= _t101) {
						goto L25;
					} else {
						goto L6;
					}
					do {
						L6:
						_t80 =  &_v1048;
						do {
							__eflags = _v8 - _a8 - _a12;
							if(_v8 - _a8 >= _a12) {
								break;
							}
							_v8 = _v8 + 1;
							_t97 =  *_v8;
							__eflags = _t97 - 0xa;
							if(_t97 == 0xa) {
								_v20 = _v20 + 1;
								 *_t80 = 0xd;
								_t80 = _t80 + 1;
								__eflags = _t80;
							}
							 *_t80 = _t97;
							_t80 = _t80 + 1;
							__eflags = _t80 -  &_v1048 - 0x400;
						} while (_t80 -  &_v1048 < 0x400);
						_t103 = _t80 -  &_v1048;
						_t85 = WriteFile( *( *_t91 + _t105),  &_v1048, _t103,  &_v16, 0);
						__eflags = _t85;
						if(_t85 == 0) {
							_a4 = GetLastError();
							break;
						}
						_t87 = _v16;
						_v12 = _v12 + _t87;
						__eflags = _t87 - _t103;
						if(_t87 < _t103) {
							break;
						}
						__eflags = _v8 - _a8 - _a12;
					} while (_v8 - _a8 < _a12);
					_t101 = 0;
					__eflags = 0;
					goto L15;
				}
				L1:
				return 0;
			}

0x00ca53df
0x00ca53e4
0x00ca53e7
0x00ca53ea
0x00ca53f9
0x00ca540b
0x00ca540e
0x00ca5413
0x00ca541b
0x00ca5420
0x00ca5425
0x00ca5427
0x00ca542b
0x00ca54ff
0x00ca5505
0x00ca5507
0x00ca551a
0x00ca5509
0x00ca550c
0x00ca550f
0x00ca550f
0x00ca54bb
0x00ca54bb
0x00ca54be
0x00ca54c0
0x00ca5556
0x00ca5556
0x00000000
0x00ca5556
0x00ca54c6
0x00ca54c9
0x00ca552d
0x00ca552d
0x00ca552f
0x00ca5534
0x00ca5542
0x00ca5547
0x00ca554d
0x00ca5552
0x00ca5528
0x00000000
0x00ca5528
0x00ca5539
0x00ca553c
0x00000000
0x00000000
0x00000000
0x00ca553c
0x00ca54cd
0x00ca54ce
0x00ca54d1
0x00ca5522
0x00ca54d3
0x00ca54d8
0x00ca54de
0x00ca54e3
0x00ca54e3
0x00000000
0x00ca54d1
0x00ca5434
0x00ca5437
0x00ca543a
0x00ca543d
0x00000000
0x00000000
0x00000000
0x00000000
0x00ca5443
0x00ca5443
0x00ca5443
0x00ca5449
0x00ca544f
0x00ca5452
0x00000000
0x00000000
0x00ca5457
0x00ca545a
0x00ca545c
0x00ca545f
0x00ca5461
0x00ca5464
0x00ca5467
0x00ca5467
0x00ca5467
0x00ca5468
0x00ca546a
0x00ca5475
0x00ca5475
0x00ca5485
0x00ca549a
0x00ca54a0
0x00ca54a2
0x00ca54ed
0x00000000
0x00ca54ed
0x00ca54a4
0x00ca54a7
0x00ca54aa
0x00ca54ac
0x00000000
0x00000000
0x00ca54b4
0x00ca54b4
0x00ca54b9
0x00ca54b9
0x00000000
0x00ca54b9
0x00ca53ec
0x00000000

APIs

WriteFile.KERNEL32(?,?,?,00000000,00000000,00000001,?,?), ref: 00CA549A

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 77b8f2af1c8e03e5a0ce03bb61b3b5bde44613696de10dbf1c5cbd20916fd2a6
Instruction ID: 056678a3f97bc7c32c0e4ef7ba9f8ef3ebe47107a3e998f86b508805803c8d7d
Opcode Fuzzy Hash: 77b8f2af1c8e03e5a0ce03bb61b3b5bde44613696de10dbf1c5cbd20916fd2a6
Instruction Fuzzy Hash: 8B518A7190065AEFCB11CFA9C884B9D7BB5FF46348F20C1A6E9259B261D730DA80DB60

Uniqueness

Uniqueness Score: -1.00%

Function 00C309A0 Relevance: 6.1, APIs: 4, Instructions: 112
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00C309A0(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr* _v0;
				intOrPtr _v4;
				intOrPtr _v20;
				void* _v24;
				intOrPtr _v44;
				void* _v60;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t32;
				void* _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr* _t67;
				intOrPtr _t69;
				void* _t70;
				void* _t71;
				void* _t72;

				_push(0xffffffff);
				_push(E00C4DFA1);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t69;
				_t42 = _a12;
				_t64 = _a16;
				_t67 = __ecx;
				_t30 = E00C328C0(__ecx, _a4, _a8, _a12, _a16);
				_push(0xbc);
				 *_t67 = 0xc52254;
				L00C3E340();
				_t70 = _t69 + 4;
				_v0 = _t30;
				_v20 = 0;
				if(_t30 == 0) {
					_t31 = 0;
				} else {
					_t31 = E00C328C0(_t30, 0, 0, _t42 - 0xf, _t64 + _t64);
				}
				 *((intOrPtr*)(_t67 + 0xbc)) = _t31;
				_v4 = 0xffffffff;
				_t32 =  *((intOrPtr*)( *_t31 + 0x40))(_t67);
				_push(0xc);
				L00C3E340();
				_t71 = _t70 + 4;
				_a12 = _t32;
				 *((intOrPtr*)(_t71 + 0x14)) = 1;
				if(_t32 == 0) {
					_t33 = 0;
				} else {
					_t33 = E00C37F00(_t32, 1, 0);
				}
				 *((intOrPtr*)(_t71 + 0x18)) = 0xffffffff;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t67 + 0xbc)))) + 0xb4))(_t33);
				_t36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t67 + 0xbc)))) + 0x12c))(0, 0, 0x64, 0);
				_push(0xd8);
				L00C3E340();
				_t72 = _t71 + 4;
				 *((intOrPtr*)(_t72 + 0x28)) = _t36;
				 *((intOrPtr*)(_t72 + 0x14)) = 2;
				if(_t36 == 0) {
					_t37 = 0;
				} else {
					_t37 = E00C35FB0(_t36, _t42 + 0xfffffff1, 0, 0xf, _t64, 1);
				}
				 *((intOrPtr*)(_t67 + 0xc0)) = _t37;
				 *((intOrPtr*)(_t72 + 0x18)) = 0xffffffff;
				_t38 =  *((intOrPtr*)( *_t37 + 0x40))(_t67);
				_push(8);
				L00C3E340();
				if(_t38 == 0) {
					_t38 = 0;
				} else {
					 *_t38 = 0xc526ac;
					 *((intOrPtr*)(_t38 + 4)) = _t67;
				}
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t67 + 0xc0)))) + 0x204))(_t38);
				 *[fs:0x0] = _v44;
				return _t67;
			}

0x00c309a6
0x00c309a8
0x00c309ad
0x00c309b2
0x00c309ba
0x00c309c0
0x00c309c4
0x00c309d0
0x00c309d5
0x00c309da
0x00c309e0
0x00c309e5
0x00c309e8
0x00c309ee
0x00c309f6
0x00c30a0d
0x00c309f8
0x00c30a06
0x00c30a06
0x00c30a0f
0x00c30a1a
0x00c30a22
0x00c30a25
0x00c30a27
0x00c30a2c
0x00c30a2f
0x00c30a35
0x00c30a3d
0x00c30a4c
0x00c30a3f
0x00c30a45
0x00c30a45
0x00c30a55
0x00c30a5f
0x00c30a75
0x00c30a7b
0x00c30a80
0x00c30a85
0x00c30a88
0x00c30a8e
0x00c30a96
0x00c30aac
0x00c30a98
0x00c30aa5
0x00c30aa5
0x00c30aae
0x00c30ab9
0x00c30ac1
0x00c30ac4
0x00c30ac6
0x00c30ad0
0x00c30add
0x00c30ad2
0x00c30ad2
0x00c30ad8
0x00c30ad8
0x00c30ae8
0x00c30af6
0x00c30b01

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,?,?,?,?,00C4DFA1,000000FF), ref: 00C309D0

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,?,?,?,?,?,?,?,?,000000FF), ref: 00C30A06

Part of subcall function 00C328C0: ??0Color@vgui@@QAE@XZ.VGUI(?,00000004), ref: 00C32A58
Part of subcall function 00C328C0: ??0Color@vgui@@QAE@XZ.VGUI(?,00000004), ref: 00C32A63
Part of subcall function 00C328C0: ?init@Panel@vgui@@AAEXHHHH@Z.VGUI(?,?,?,?,?,00000004), ref: 00C32A84

??0StackLayout@vgui@@QAE@H_N@Z.VGUI(00000001,00000000,?,?,?,?,?,?,?,000000FF), ref: 00C30A45
??0ScrollBar@vgui@@QAE@HHHH_N@Z.VGUI(?,00000000,0000000F,?,00000001,?,?,?,?,?,?,?,?,000000FF), ref: 00C30AA5

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Panel@vgui@@$Color@vgui@@$?ensure?init@Bar@vgui@@Capacity@?$Dar@Layout@vgui@@ScrollSignal@vgui@@@vgui@@StackTick
String ID:
API String ID: 3831396016-0
Opcode ID: 2fa620053bf2c02986691ccc7e89d94ab9f8629e557f6dd38705321478ba65fc
Instruction ID: 291764e0a41407d202bd3ecf227fe96bcd272a1b2645a575e43c0a9bee427c62
Opcode Fuzzy Hash: 2fa620053bf2c02986691ccc7e89d94ab9f8629e557f6dd38705321478ba65fc
Instruction Fuzzy Hash: A541ADB27143019FE350DF68DC55F5BBBE4AB88710F240A2CB16ADB2D1D770A904CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00C41DF0 Relevance: 6.1, APIs: 4, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00C41DF0(intOrPtr* __ecx) {
				struct tagRECT _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				int _v40;
				int _v44;
				int _v48;
				int _v52;
				long _t31;
				intOrPtr* _t33;
				int _t35;
				int _t40;
				void* _t48;
				intOrPtr _t51;
				int _t58;
				int _t69;
				void* _t78;
				intOrPtr* _t79;
				int _t81;

				_t79 = __ecx;
				GetWindowRect( *( *(__ecx + 0x24)),  &_v16);
				_t31 = _v16.left;
				_t51 = _v16.top;
				_t78 = _v16.right - _t31;
				_v20 = _t51;
				_t48 = _v16.bottom - _t51;
				_t33 =  *((intOrPtr*)( *_t79))();
				 *((intOrPtr*)( *_t33 + 0x14))( &_v28,  &_v24,  &_v36,  &_v32);
				_t35 = _v44;
				_t58 = _v48;
				_t69 = _v52;
				_t81 = _v40;
				if(_t35 != _t31 || _t81 != _v36 || _t69 != _t78 || _t58 != _t78) {
					SetWindowPos( *( *(_t79 + 0x24)), 0, _t35, _t81, _t69, _t58, 0x114);
				}
				if((GetWindowLongA( *( *(_t79 + 0x24)), 0xfffffff0) & 0x10000000) == 0) {
					_t40 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t79))())) + 0x28))();
					if(_t40 != 0) {
						_push(5);
						goto L10;
					}
				} else {
					_t40 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t79))())) + 0x28))();
					if(_t40 == 0) {
						_push(0);
						L10:
						_t40 = ShowWindow( *( *(_t79 + 0x24)), ??);
					}
				}
				if(_v52 != _t78 || _v48 != _t48) {
					_t40 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t79))())) + 0x28))();
					if(_t40 != 0) {
						return  *((intOrPtr*)( *_t79 + 0x8c))();
					}
				}
				return _t40;
			}

0x00c41df6
0x00c41e04
0x00c41e0a
0x00c41e12
0x00c41e1c
0x00c41e20
0x00c41e24
0x00c41e28
0x00c41e42
0x00c41e45
0x00c41e49
0x00c41e4d
0x00c41e53
0x00c41e57
0x00c41e78
0x00c41e78
0x00c41e93
0x00c41eb0
0x00c41eb5
0x00c41eb7
0x00000000
0x00c41eb7
0x00c41e95
0x00c41e9d
0x00c41ea2
0x00c41ea4
0x00c41eb9
0x00c41ebf
0x00c41ebf
0x00c41ea2
0x00c41ec9
0x00c41edb
0x00c41ee0
0x00000000
0x00c41ee6
0x00c41ee0
0x00c41ef3

APIs

GetWindowRect.USER32 ref: 00C41E04
SetWindowPos.USER32(?,00000000,?,?,?,?,00000114,?,?), ref: 00C41E78
GetWindowLongA.USER32 ref: 00C41E86
ShowWindow.USER32(?,00000005,?,000000F0,?,?), ref: 00C41EBF

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Window$LongRectShow
String ID:
API String ID: 444125371-0
Opcode ID: 8cfadb7a103df302e572dc561e50999305ef633ede028532792a22566035d6fd
Instruction ID: 54c549e45ea441bdc99d629792536f150b5bab57710a768fc4adbfd3409f04b2
Opcode Fuzzy Hash: 8cfadb7a103df302e572dc561e50999305ef633ede028532792a22566035d6fd
Instruction Fuzzy Hash: 9B3125783042019FCB14DF64C888A2AB7E5BF8D705F140A6CF99697294DB31ED85CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CA6F5C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 103
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E00CA6F5C() {
				signed int* _t35;
				signed int* _t39;
				signed int _t47;
				struct _CRITICAL_SECTION* _t49;
				signed int** _t53;
				signed int _t55;
				signed int* _t58;
				signed int _t61;
				signed int _t62;
				signed int* _t64;
				signed int** _t66;
				void* _t67;

				_t62 = _t61 | 0xffffffff;
				E00CA59C8(0x12);
				_t47 = 0;
				 *(_t67 + 0x10) = 0;
				 *((intOrPtr*)(_t67 + 0x14)) = 0;
				_t66 = 0xcb36a0;
				while(1) {
					_t64 =  *_t66;
					if(_t64 == 0) {
						break;
					}
					_t3 =  &(_t64[0x120]); // 0x500
					_t39 = _t3;
					while(_t64 < _t39) {
						if((_t64[1] & 0x00000001) != 0) {
							L11:
							_t64 =  &(_t64[9]);
							_t39 =  &(( *_t66)[0x120]);
							continue;
						} else {
							if(_t64[2] == 0) {
								E00CA59C8(0x11);
								if(_t64[2] == 0) {
									_t9 =  &(_t64[3]); // 0x8c
									InitializeCriticalSection(_t9);
									_t64[2] = _t64[2] + 1;
								}
								E00CA5A29(0x11);
							}
							_t12 =  &(_t64[3]); // 0x68
							_t49 = _t12;
							EnterCriticalSection(_t49);
							if((_t64[1] & 0x00000001) == 0) {
								 *_t64 =  *_t64 | 0xffffffff;
								_t55 = 0x24;
								asm("cdq");
								_t62 = (_t64 -  *_t66) / _t55 +  *((intOrPtr*)(_t67 + 0x14));
								if(_t62 == 0xffffffff) {
									_t47 =  *(_t67 + 0x10);
									break;
								}
							} else {
								LeaveCriticalSection(_t49);
								_t47 =  *(_t67 + 0x10);
								goto L11;
							}
						}
						L21:
						E00CA5A29(0x12);
						return _t62;
					}
					 *((intOrPtr*)(_t67 + 0x14)) =  *((intOrPtr*)(_t67 + 0x14)) + 0x20;
					_t66 =  &(_t66[1]);
					_t47 = _t47 + 1;
					 *(_t67 + 0x10) = _t47;
					if(_t66 < 0xcb37a0) {
						continue;
					} else {
					}
					goto L21;
				}
				_t35 = E00CA5A3E(0x480);
				if(_t35 != 0) {
					 *0xcb37a0 =  *0xcb37a0 + 0x20;
					_t53 =  &(0xcb36a0[_t47]);
					_t28 =  &(_t35[0x120]); // 0x480
					_t58 = _t28;
					 *_t53 = _t35;
					while(_t35 < _t58) {
						_t35[1] = _t35[1] & 0x00000000;
						 *_t35 =  *_t35 | 0xffffffff;
						_t35[2] = _t35[2] & 0x00000000;
						_t35[1] = 0xa;
						_t35 =  &(_t35[9]);
						_t58 =  &(( *_t53)[0x120]);
					}
					_t62 = _t47 << 5;
					E00CA71BC(_t62);
				}
				goto L21;
			}

0x00ca6f64
0x00ca6f67
0x00ca6f6c
0x00ca6f6f
0x00ca6f73
0x00ca6f77
0x00ca6f7c
0x00ca6f7c
0x00ca6f81
0x00000000
0x00000000
0x00ca6f87
0x00ca6f87
0x00ca6f8d
0x00ca6f95
0x00ca6fdb
0x00ca6fde
0x00ca6fe1
0x00000000
0x00ca6f97
0x00ca6f9b
0x00ca6f9f
0x00ca6fa9
0x00ca6fab
0x00ca6faf
0x00ca6fb5
0x00ca6fb5
0x00ca6fba
0x00ca6fbf
0x00ca6fc0
0x00ca6fc0
0x00ca6fc4
0x00ca6fce
0x00ca6fe8
0x00ca6ff2
0x00ca6ff3
0x00ca6ff8
0x00ca6fff
0x00ca7001
0x00000000
0x00ca7001
0x00ca6fd0
0x00ca6fd1
0x00ca6fd7
0x00000000
0x00ca6fd7
0x00ca6fce
0x00ca706e
0x00ca7070
0x00ca707e
0x00ca707e
0x00ca7005
0x00ca700a
0x00ca700d
0x00ca7014
0x00ca7018
0x00000000
0x00000000
0x00ca701e
0x00000000
0x00ca7018
0x00ca7026
0x00ca702e
0x00ca7030
0x00ca7037
0x00ca703e
0x00ca703e
0x00ca7044
0x00ca7046
0x00ca704a
0x00ca704e
0x00ca7051
0x00ca7055
0x00ca705b
0x00ca705e
0x00ca705e
0x00ca7065
0x00ca7068
0x00ca706d
0x00000000

APIs

Part of subcall function 00CA59C8: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00CA582B,00000009,00000000,00000000,?,?,00CA21C1,00CA2146,?,00CA19FB,00000000), ref: 00CA5A05
Part of subcall function 00CA59C8: EnterCriticalSection.KERNEL32(?,?,?,00CA582B,00000009,00000000,00000000,?,?,00CA21C1,00CA2146,?,00CA19FB,00000000), ref: 00CA5A20

InitializeCriticalSection.KERNEL32(00000068,00000100,00000080,?,00000000,?,?,00CA744D,?,00000000,00000000), ref: 00CA6FAF
EnterCriticalSection.KERNEL32(00000068,00000100,00000080,?,00000000,?,?,00CA744D,?,00000000,00000000), ref: 00CA6FC4
LeaveCriticalSection.KERNEL32(00000068,?,00000000,?,?,00CA744D,?,00000000,00000000), ref: 00CA6FD1

Strings

, xrefs: 00CA7005

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: CriticalSection$EnterInitialize$Leave
String ID:
API String ID: 713024617-3916222277
Opcode ID: 7e8b1ce937f7043ed720e5aba28081bc818ad8b3108113680b494581c08516b5
Instruction ID: 5b53df601e33dea1677b18895b500b0ba6a7d5ea76be78a40e9b9b44ccc3274c
Opcode Fuzzy Hash: 7e8b1ce937f7043ed720e5aba28081bc818ad8b3108113680b494581c08516b5
Instruction Fuzzy Hash: BA3124B21083429FD7109F60EC84B9AB7E0FB4232CF288B2DE5758B2D1D7B099489711

Uniqueness

Uniqueness Score: -1.00%

Function 00C37340 Relevance: 6.1, APIs: 4, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E00C37340(intOrPtr* __ecx, signed int __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20) {
				signed int _t40;
				intOrPtr* _t42;
				signed int _t53;
				signed int _t54;
				signed int _t70;
				intOrPtr* _t77;
				signed int _t78;
				signed int _t91;

				_t91 = __fp0;
				_t77 = __ecx;
				E00C328C0(__ecx, _a4, _a8, _a12, _a16);
				_t78 = 1;
				 *((intOrPtr*)(_t77 + 0xd8)) = 0;
				 *(_t77 + 0xdc) = 0;
				 *((intOrPtr*)(_t77 + 0xe0)) = 0;
				do {
					_t78 = _t78 + _t78;
				} while (_t78 < 4);
				_t70 = _t78 * 4;
				_push(_t70);
				L00C3E340();
				if(0 == 0) {
					E00C4292B(0);
				}
				_t53 = _t70;
				_t54 = _t53 >> 2;
				memset(0 + _t54, memset(0, 0, _t54 << 2), (_t53 & 0x00000003) << 0);
				_t40 = 0;
				 *(_t77 + 0xdc) = _t78;
				if( *((intOrPtr*)(_t77 + 0xd8)) <= 0) {
					L6:
					_push( *((intOrPtr*)(_t77 + 0xe0)));
					L00C3E350();
					 *((intOrPtr*)(_t77 + 0xe0)) = 0;
					 *((char*)(_t77 + 0xbc)) = _a20;
					 *_t77 = 0xc5370c;
					 *((char*)(_t77 + 0xbd)) = 0;
					 *((intOrPtr*)(_t77 + 0xec)) = 0;
					 *((intOrPtr*)(_t77 + 0xe4)) = 0;
					 *((intOrPtr*)(_t77 + 0xe8)) = 0x12b;
					 *((intOrPtr*)(_t77 + 0xf0)) = 0;
					 *((char*)(_t77 + 0xf4)) = 0;
					 *((intOrPtr*)(_t77 + 0xf8)) = 0;
					_t42 = E00C37550(_t77, _t91);
					_push(8);
					L00C3E340();
					if(_t42 == 0) {
						E00C25A70(_t77, 0);
						return _t77;
					} else {
						 *_t42 = 0xc53b98;
						 *((intOrPtr*)(_t42 + 4)) = _t77;
						E00C25A70(_t77, _t42);
						return _t77;
					}
				} else {
					do {
						_t40 = _t40 + 1;
						 *((intOrPtr*)(0 + _t40 * 4 - 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t77 + 0xe0)) + _t40 * 4 - 4));
					} while (_t40 <  *((intOrPtr*)(_t77 + 0xd8)));
					goto L6;
				}
			}

0x00c37340
0x00c3734b
0x00c3735c
0x00c37363
0x00c37368
0x00c3736e
0x00c37374
0x00c3737a
0x00c3737a
0x00c3737c
0x00c37381
0x00c37388
0x00c37389
0x00c37395
0x00c37398
0x00c37398
0x00c3739d
0x00c373a5
0x00c373af
0x00c373b9
0x00c373bd
0x00c373c3
0x00c373de
0x00c373e4
0x00c373e5
0x00c373ee
0x00c373f4
0x00c373ff
0x00c37405
0x00c3740c
0x00c37412
0x00c37418
0x00c37422
0x00c37428
0x00c3742f
0x00c37435
0x00c3743a
0x00c3743c
0x00c37446
0x00c37467
0x00c37472
0x00c37448
0x00c3744b
0x00c37451
0x00c37454
0x00c3745f
0x00c3745f
0x00c373c5
0x00c373c5
0x00c373cb
0x00c373d0
0x00c373da
0x00000000
0x00c373c5

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(00000003,?,00000003,?,00000000,00000000,?,?,00C361A5,?,00000000,?,?,00000000), ref: 00C3735C

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

?recomputeNobPosFromValue@Slider@vgui@@EAEXXZ.VGUI ref: 00C37435
?addInputSignal@Panel@vgui@@UAEXPAVInputSignal@2@@Z.VGUI(00000000), ref: 00C37454
?addInputSignal@Panel@vgui@@UAEXPAVInputSignal@2@@Z.VGUI(00000000), ref: 00C37467

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Input$Panel@vgui@@$?addSignal@Signal@2@@$?ensure?recomputeCapacity@?$Dar@FromSignal@vgui@@@vgui@@Slider@vgui@@TickValue@
String ID:
API String ID: 7889609-0
Opcode ID: b41799327598f1a9b2979a5053b6a39bfd089fb854e92765fe1bbd834d43aa67
Instruction ID: ad85d284fb7e1a86371dfbc13435b023576b6e8d627e89adeda73a88c0636341
Opcode Fuzzy Hash: b41799327598f1a9b2979a5053b6a39bfd089fb854e92765fe1bbd834d43aa67
Instruction Fuzzy Hash: FC31CFB13007408FC364DF68D881BABBBD9AB88340F048C2EE59FC7351DB75A8459BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00C2A2B0 Relevance: 6.1, APIs: 4, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00C2A2B0(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _t34;
				intOrPtr* _t36;
				signed int _t41;
				signed int _t45;
				signed int _t46;
				signed int _t61;
				intOrPtr* _t67;

				_t67 = __ecx;
				E00C328C0(__ecx, _a4, _a8, _a12, _a16);
				_t41 = 1;
				 *((intOrPtr*)(_t67 + 0xbc)) = 0;
				 *(_t67 + 0xc0) = 0;
				 *((intOrPtr*)(_t67 + 0xc4)) = 0;
				do {
					_t41 = _t41 + _t41;
				} while (_t41 < 4);
				_t61 = _t41 * 4;
				_push(_t61);
				L00C3E340();
				if(0 == 0) {
					E00C4292B(0);
				}
				_t45 = _t61;
				_t46 = _t45 >> 2;
				memset(0 + _t46, memset(0, 0, _t46 << 2), (_t45 & 0x00000003) << 0);
				_t34 = 0;
				 *(_t67 + 0xc0) = _t41;
				if( *((intOrPtr*)(_t67 + 0xbc)) > 0) {
					do {
						_t34 = _t34 + 1;
						 *((intOrPtr*)(0 + _t34 * 4 - 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t67 + 0xc4)) + _t34 * 4 - 4));
					} while (_t34 <  *((intOrPtr*)(_t67 + 0xbc)));
				}
				_push( *((intOrPtr*)(_t67 + 0xc4)));
				L00C3E350();
				 *((intOrPtr*)(_t67 + 0xc4)) = 0;
				 *_t67 = 0xc5111c;
				 *((intOrPtr*)(_t67 + 0xc8)) = 0;
				 *((intOrPtr*)(_t67 + 0xcc)) = 0;
				 *((intOrPtr*)(_t67 + 0xd8)) = 0;
				_t36 = E00C2A990(_t67, 1);
				_push(8);
				L00C3E340();
				if(_t36 == 0) {
					_t36 = 0;
				} else {
					 *_t36 = 0xc51378;
					 *((intOrPtr*)(_t36 + 4)) = _t67;
				}
				E00C25A70(_t67, _t36);
				_push(0);
				E00C2A5E0(_t67);
				return _t67;
			}

0x00c2a2bb
0x00c2a2cc
0x00c2a2d3
0x00c2a2d8
0x00c2a2de
0x00c2a2e4
0x00c2a2ea
0x00c2a2ea
0x00c2a2ec
0x00c2a2f1
0x00c2a2f8
0x00c2a2f9
0x00c2a305
0x00c2a308
0x00c2a308
0x00c2a30d
0x00c2a315
0x00c2a31f
0x00c2a329
0x00c2a32d
0x00c2a333
0x00c2a335
0x00c2a33b
0x00c2a340
0x00c2a34a
0x00c2a335
0x00c2a354
0x00c2a355
0x00c2a35d
0x00c2a365
0x00c2a36d
0x00c2a373
0x00c2a379
0x00c2a37f
0x00c2a384
0x00c2a386
0x00c2a390
0x00c2a39d
0x00c2a392
0x00c2a392
0x00c2a398
0x00c2a398
0x00c2a3a2
0x00c2a3a7
0x00c2a3aa
0x00c2a3b5

APIs

??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?), ref: 00C2A2CC

Part of subcall function 00C328C0: ?ensureCapacity@?$Dar@PAVTickSignal@vgui@@@vgui@@QAEXH@Z.VGUI(00000004), ref: 00C329BF

?setCursorBlink@EditPanel@vgui@@UAEX_N@Z.VGUI(00000001), ref: 00C2A37F
?addInputSignal@Panel@vgui@@UAEXPAVInputSignal@2@@Z.VGUI(00000000,00000001), ref: 00C2A3A2
?getLine@EditPanel@vgui@@MAEPAV?$Dar@D@2@H@Z.VGUI(00000000,00000001), ref: 00C2A3AA

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Panel@vgui@@$Dar@EditInput$?add?ensure?get?setBlink@Capacity@?$CursorD@2@Line@Signal@Signal@2@@Signal@vgui@@@vgui@@Tick
String ID:
API String ID: 4193691956-0
Opcode ID: 69aa672f939fd4bdbb5b18d4811def6db62f330c7c5d0c2ea22ff471f259383c
Instruction ID: 017e533adc73d08785344915aeedb790bd2b37f0fe7bf3dd0a7c8b94cf751714
Opcode Fuzzy Hash: 69aa672f939fd4bdbb5b18d4811def6db62f330c7c5d0c2ea22ff471f259383c
Instruction Fuzzy Hash: 4621ADB17007109FE314EF69EC91BAFB6E9AB88300F14492EE55AC3391DB71A8418B52

Uniqueness

Uniqueness Score: -1.00%

Function 00C41D20 Relevance: 6.1, APIs: 4, Instructions: 72
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C41D20(intOrPtr* __ecx) {
				char _v4;
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr* _t30;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t43;
				intOrPtr _t49;
				intOrPtr _t57;
				intOrPtr _t65;
				intOrPtr* _t67;

				_t67 = __ecx;
				_t30 =  *((intOrPtr*)( *__ecx))();
				 *((intOrPtr*)( *_t30 + 0xc))( &_v8,  &_v4);
				_t32 =  *((intOrPtr*)(__ecx + 0x24));
				_t57 = _v16;
				_t65 = _v12;
				_t49 =  *((intOrPtr*)(_t32 + 0x1c));
				if(_t57 > _t49) {
					L4:
					_t33 =  *(_t32 + 0x18);
					if(_t33 != 0) {
						DeleteObject(_t33);
						_t65 = _v16;
						_t57 = _v20;
					}
					 *( *((intOrPtr*)(_t67 + 0x24)) + 0x18) = CreateCompatibleBitmap( *( *((intOrPtr*)(_t67 + 0x24)) + 8), _t57 + 0x64, _t65 + 0x64);
					 *((intOrPtr*)( *((intOrPtr*)(_t67 + 0x24)) + 0x1c)) = _v28 + 0x64;
					 *((intOrPtr*)( *((intOrPtr*)(_t67 + 0x24)) + 0x20)) = _v24 + 0x64;
					SelectObject( *( *((intOrPtr*)(_t67 + 0x24)) + 4),  *( *((intOrPtr*)(_t67 + 0x24)) + 0x18));
					 *((intOrPtr*)( *((intOrPtr*)(_t67 + 0x24)) + 0xc)) = CreateCompatibleDC( *( *((intOrPtr*)(_t67 + 0x24)) + 4));
				} else {
					_t43 =  *((intOrPtr*)(_t32 + 0x20));
					if(_t65 > _t43 || _t57 < _t49 + 0xffffff38 || _t65 < _t43 + 0xffffff38) {
						goto L4;
					}
				}
				return 1;
			}

0x00c41d25
0x00c41d2a
0x00c41d3a
0x00c41d3d
0x00c41d40
0x00c41d44
0x00c41d48
0x00c41d4d
0x00c41d6a
0x00c41d6a
0x00c41d6f
0x00c41d72
0x00c41d78
0x00c41d7c
0x00c41d7c
0x00c41d98
0x00c41da5
0x00c41db2
0x00c41dc0
0x00c41dd6
0x00c41d4f
0x00c41d4f
0x00c41d54
0x00000000
0x00000000
0x00c41d54
0x00c41de1

APIs

DeleteObject.GDI32(?), ref: 00C41D72
CreateCompatibleBitmap.GDI32(?,?,?), ref: 00C41D8F
SelectObject.GDI32(?,?), ref: 00C41DC0
CreateCompatibleDC.GDI32(?), ref: 00C41DCD

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: CompatibleCreateObject$BitmapDeleteSelect
String ID:
API String ID: 2649417129-0
Opcode ID: c84220aecc110ef8593ec69c93e4f38442efd44007bbe691db39ba3bb6ce689b
Instruction ID: 622525326e39eda1c344e5fb671aff6a031c23ffa64cd951e5f43a60ec46aab6
Opcode Fuzzy Hash: c84220aecc110ef8593ec69c93e4f38442efd44007bbe691db39ba3bb6ce689b
Instruction Fuzzy Hash: 4E21F4B96007019FC318CF19D98491AB7E6FFD87107198A6DE89A8B365D730EC46CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00C4D395 Relevance: 6.1, APIs: 4, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00C4D395(void* __ecx) {
				int _t30;
				void* _t40;
				int _t42;
				short* _t44;
				int _t45;
				int _t48;
				void* _t49;
				short* _t51;

				_t40 = __ecx;
				_t51 =  *(_t49 - 0x18);
				 *(_t49 - 0x24) = 0;
				 *(_t49 - 4) =  *(_t49 - 4) | 0xffffffff;
				_t45 =  *(_t49 + 0x14);
				_t42 = 1;
				if( *(_t49 - 0x24) == 0 || MultiByteToWideChar( *(_t49 + 0x20), _t42,  *(_t49 + 0x10), _t45,  *(_t49 - 0x24),  *(_t49 - 0x1c)) == 0) {
					L8:
					_t30 = 0;
				} else {
					_t48 = MultiByteToWideChar( *(_t49 + 0x20), 9,  *(_t49 + 0x18),  *(_t49 + 0x1c), 0, 0);
					 *(_t49 - 0x20) = _t48;
					if(_t48 == 0) {
						goto L8;
					} else {
						 *(_t49 - 4) = _t42;
						E00C43290(_t48 + _t48 + 0x00000003 & 0x000000fc, _t40);
						 *(_t49 - 0x18) = _t51;
						_t44 = _t51;
						 *(_t49 - 0x28) = _t44;
						 *(_t49 - 4) =  *(_t49 - 4) | 0xffffffff;
						if(_t44 == 0 || MultiByteToWideChar( *(_t49 + 0x20), 1,  *(_t49 + 0x18),  *(_t49 + 0x1c), _t44, _t48) == 0) {
							goto L8;
						} else {
							_t30 = CompareStringW( *(_t49 + 8),  *(_t49 + 0xc),  *(_t49 - 0x24),  *(_t49 - 0x1c), _t44, _t48);
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t49 - 0x10));
				return _t30;
			}

0x00c4d395
0x00c4d395
0x00c4d39a
0x00c4d39d
0x00c4d3a1
0x00c4d3a6
0x00c4d3aa
0x00c4d443
0x00c4d443
0x00c4d3ca
0x00c4d3d9
0x00c4d3db
0x00c4d3e0
0x00000000
0x00c4d3e2
0x00c4d3e2
0x00c4d3ed
0x00c4d3f2
0x00c4d3f5
0x00c4d3f7
0x00c4d3fa
0x00c4d414
0x00000000
0x00c4d42d
0x00c4d43b
0x00c4d43b
0x00c4d414
0x00c4d3e0
0x00c4d44b
0x00c4d456

APIs

MultiByteToWideChar.KERNEL32(?,00000001,00000000,?,?,?), ref: 00C4D3C4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00C4D3D7
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 00C4D423
CompareStringW.KERNEL32(?,?,?,?,?,00000000,?,00000000), ref: 00C4D43B

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ByteCharMultiWide$CompareString
String ID:
API String ID: 376665442-0
Opcode ID: c13956126f1d9e90669132a16f9336af9bbe27cfa43803c3c31c58d4bb172c53
Instruction ID: d0fb1c391cced7fbe0e5d6db7bff3e4d076217df8b58b5b245587d815d32824e
Opcode Fuzzy Hash: c13956126f1d9e90669132a16f9336af9bbe27cfa43803c3c31c58d4bb172c53
Instruction Fuzzy Hash: 2C213B32900249EFCF219F94DC45ADEBFB5FF49760F104129FA2172160D3329A61EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CA9BAC Relevance: 6.1, APIs: 4, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00CA9BAC(void* __ecx) {
				int _t30;
				void* _t40;
				int _t42;
				short* _t44;
				int _t45;
				int _t48;
				void* _t49;
				short* _t51;

				_t40 = __ecx;
				_t51 =  *(_t49 - 0x18);
				 *(_t49 - 0x24) = 0;
				 *(_t49 - 4) =  *(_t49 - 4) | 0xffffffff;
				_t45 =  *(_t49 + 0x14);
				_t42 = 1;
				if( *(_t49 - 0x24) == 0 || MultiByteToWideChar( *(_t49 + 0x20), _t42,  *(_t49 + 0x10), _t45,  *(_t49 - 0x24),  *(_t49 - 0x1c)) == 0) {
					L8:
					_t30 = 0;
				} else {
					_t48 = MultiByteToWideChar( *(_t49 + 0x20), 9,  *(_t49 + 0x18),  *(_t49 + 0x1c), 0, 0);
					 *(_t49 - 0x20) = _t48;
					if(_t48 == 0) {
						goto L8;
					} else {
						 *(_t49 - 4) = _t42;
						E00CA8090(_t48 + _t48 + 0x00000003 & 0x000000fc, _t40);
						 *(_t49 - 0x18) = _t51;
						_t44 = _t51;
						 *(_t49 - 0x28) = _t44;
						 *(_t49 - 4) =  *(_t49 - 4) | 0xffffffff;
						if(_t44 == 0 || MultiByteToWideChar( *(_t49 + 0x20), 1,  *(_t49 + 0x18),  *(_t49 + 0x1c), _t44, _t48) == 0) {
							goto L8;
						} else {
							_t30 = CompareStringW( *(_t49 + 8),  *(_t49 + 0xc),  *(_t49 - 0x24),  *(_t49 - 0x1c), _t44, _t48);
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t49 - 0x10));
				return _t30;
			}

0x00ca9bac
0x00ca9bac
0x00ca9bb1
0x00ca9bb4
0x00ca9bb8
0x00ca9bbd
0x00ca9bc1
0x00ca9c5a
0x00ca9c5a
0x00ca9be1
0x00ca9bf0
0x00ca9bf2
0x00ca9bf7
0x00000000
0x00ca9bf9
0x00ca9bf9
0x00ca9c04
0x00ca9c09
0x00ca9c0c
0x00ca9c0e
0x00ca9c11
0x00ca9c2b
0x00000000
0x00ca9c44
0x00ca9c52
0x00ca9c52
0x00ca9c2b
0x00ca9bf7
0x00ca9c62
0x00ca9c6d

APIs

MultiByteToWideChar.KERNEL32(?,00000001,00000000,0000000B,?,?,?,00CA4CF3), ref: 00CA9BDB
MultiByteToWideChar.KERNEL32(00000000,00000009,?,00000000,00000000,00000000,?,00CA4CF3), ref: 00CA9BEE
MultiByteToWideChar.KERNEL32(?,00000001,?,00000000,?,00000000,?,00CA4CF3), ref: 00CA9C3A
CompareStringW.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,00000000,?,00CA4CF3), ref: 00CA9C52

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: ByteCharMultiWide$CompareString
String ID:
API String ID: 376665442-0
Opcode ID: 10d9c6bc4c9d628b22aa8ed196544ca1c51c6ed9a9315f2e199b98223708766a
Instruction ID: 86ab89164977a0d3912f71f394d410c7eb4f6b257da7a06ede05488d7da14b30
Opcode Fuzzy Hash: 10d9c6bc4c9d628b22aa8ed196544ca1c51c6ed9a9315f2e199b98223708766a
Instruction Fuzzy Hash: DD213B7290060AEBCF218F95CD42ADEBFB5FF4A768F104129FA2172160D3329D21DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00C38370 Relevance: 6.1, APIs: 4, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E00C38370() {
				void* __ecx;
				void* _t14;
				signed int _t17;
				void* _t19;
				void* _t22;
				void** _t23;
				signed int _t26;
				signed int _t27;
				signed int _t32;
				signed int _t33;
				void* _t44;
				void** _t56;
				void* _t57;
				void* _t58;
				intOrPtr _t59;
				signed int _t60;
				void* _t61;
				void* _t62;
				void* _t65;

				_t22 = 0;
				_t56 = _t23;
				 *((intOrPtr*)(_t61 + 0x10)) = 0;
				_t60 = E00C38290(_t23);
				_t14 = E00C38270( *((intOrPtr*)(_t61 + 0x1c)));
				_t44 = _t14;
				_push(4);
				 *(_t61 + 0x14) = _t44;
				L00C3E340();
				_t62 = _t61 + 4;
				if(_t14 != 0) {
					_t14 = E00C381F0(_t14);
					_t22 = _t14;
				}
				_t5 = _t60 + 1; // 0x1
				_push(_t44 + _t5);
				L00C3E340();
				_t26 = _t60;
				 *_t22 = _t14;
				_t57 =  *_t56;
				_t27 = _t26 >> 2;
				memcpy(_t14, _t57, _t27 << 2);
				_t17 = memcpy(_t57 + _t27 + _t27, _t57, _t26 & 0x00000003);
				_t65 = _t62 + 0x1c;
				_t58 =  *(_t65 + 0x1c);
				_t32 = _t17;
				_t33 = _t32 >> 2;
				memcpy( *_t22 + _t60, _t58, _t33 << 2);
				_t19 = memcpy(_t58 + _t33 + _t33, _t58, _t32 & 0x00000003);
				_t59 =  *((intOrPtr*)(_t65 + 0x34));
				 *((char*)( *_t22 + _t19 + _t60)) = 0;
				E00C38250(_t59, _t22);
				return _t59;
			}

0x00c38374
0x00c38377
0x00c38379
0x00c38382
0x00c3838b
0x00c38390
0x00c38392
0x00c38394
0x00c38398
0x00c3839d
0x00c383a2
0x00c383a6
0x00c383ab
0x00c383ab
0x00c383ad
0x00c383b1
0x00c383b2
0x00c383b7
0x00c383b9
0x00c383bb
0x00c383c5
0x00c383c8
0x00c383d2
0x00c383d2
0x00c383d6
0x00c383da
0x00c383e1
0x00c383e4
0x00c383eb
0x00c383ef
0x00c383f5
0x00c383fb
0x00c38407

APIs

?getCount@String@vgui@@QAEHXZ.VGUI ref: 00C3837D

Part of subcall function 00C38290: ?getCount@String@vgui@@AAEHPBD@Z.VGUI ref: 00C38293

?getCount@String@vgui@@AAEHPBD@Z.VGUI(?), ref: 00C3838B
??0String@vgui@@QAE@XZ.VGUI ref: 00C383A6
??0String@vgui@@QAE@ABV01@@Z.VGUI(00000000), ref: 00C383FB

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: String@vgui@@$?getCount@$V01@@
String ID:
API String ID: 3135861360-0
Opcode ID: fdfafed52e120f34a9b079ffa6106f7843c2415caa155094bae9b5f722b582a0
Instruction ID: 41b29ea29eff93ac0f4f7306f9ca3d733e4788143d289861feabc78d31845511
Opcode Fuzzy Hash: fdfafed52e120f34a9b079ffa6106f7843c2415caa155094bae9b5f722b582a0
Instruction Fuzzy Hash: A811CE727006184FCB18EE68985162FB3D6ABC8710F08053DF602CB381DE7AAD0AC792

Uniqueness

Uniqueness Score: -1.00%

Function 00C401C0 Relevance: 6.1, APIs: 4, Instructions: 57
registryCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00C401C0(void* __eflags, intOrPtr _a4, char* _a8) {
				char _v256;
				char _v512;
				void* _v516;
				void* _t9;
				int _t12;
				char* _t19;
				void** _t31;

				_push(0x100);
				_push( &_v256);
				_t9 = E00C40270( &_v512, _a4,  &_v512, 0x100);
				_t31 =  &(( &_v516)[5]);
				if(_t9 == 0) {
					L5:
					return 0;
				} else {
					_t19 =  &_v512;
					_t12 = RegCreateKeyExA(0x80000001, _t19, 0, 0, 0, 0x20006, 0, _t31, 0);
					if(_t12 != 0) {
						goto L5;
					} else {
						asm("repne scasb");
						if(RegSetValueExA(_v516,  &_v256, _t12, 1, _a8,  !(_t19 | 0xffffffff)) != 0) {
							RegCloseKey(_v516);
							goto L5;
						} else {
							RegCloseKey(_v516);
							return 1;
						}
					}
				}
			}

0x00c401d5
0x00c401da
0x00c401e2
0x00c401e7
0x00c401ec
0x00c40265
0x00c4026d
0x00c401ee
0x00c40200
0x00c4020c
0x00c40214
0x00000000
0x00c40216
0x00c40223
0x00c40242
0x00c4025f
0x00000000
0x00c40244
0x00c40249
0x00c40257
0x00c40257
0x00c40242
0x00c40214

APIs

RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00020006,00000000,00000000,00000000), ref: 00C4020C
RegSetValueExA.ADVAPI32(00000000,?,00000000,00000001,?), ref: 00C40239
RegCloseKey.ADVAPI32 ref: 00C40249
RegCloseKey.ADVAPI32 ref: 00C4025F

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Close$CreateValue
String ID:
API String ID: 1009429713-0
Opcode ID: cecfa0d017ac73b7b1b732120894f44cbe57303fa33e5ddaf405f45fabaa099f
Instruction ID: 5efaab0ef1636b39a1f9f1963bad36f00448080efea2d9c42f8424435a03cc7b
Opcode Fuzzy Hash: cecfa0d017ac73b7b1b732120894f44cbe57303fa33e5ddaf405f45fabaa099f
Instruction Fuzzy Hash: 991165B52443007FE734DB60DC4AFBB73A8FBD5B00F20891CB7A5961C2E6B1A9058761

Uniqueness

Uniqueness Score: -1.00%

Function 00C3FF30 Relevance: 6.1, APIs: 4, Instructions: 55
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C3FF30(intOrPtr* __ecx) {
				struct tagMSG _v28;
				int _t6;
				int _t10;
				intOrPtr* _t19;

				_t19 = __ecx;
				_t6 = PeekMessageA( &_v28, 0, 0, 0, 0);
				if(_t6 == 0) {
					L7:
					return _t6;
				} else {
					while(1) {
						_t6 = GetMessageA( &_v28, 0, 0, 0);
						if(_t6 == 0) {
							goto L7;
						}
						if(_t6 == 0xffffffff) {
							return  *((intOrPtr*)( *_t19 + 4))();
						}
						DispatchMessageA( &_v28);
						_t10 = PeekMessageA( &_v28, 0, 0, 0, 0);
						if(_t10 != 0) {
							continue;
						} else {
							return _t10;
						}
						goto L8;
					}
					goto L7;
				}
				L8:
			}

0x00c3ff4a
0x00c3ff4c
0x00c3ff50
0x00c3ffa5
0x00c3ffa5
0x00c3ff52
0x00c3ff5e
0x00c3ff69
0x00c3ff6d
0x00000000
0x00000000
0x00c3ff72
0x00000000
0x00c3ff9b
0x00c3ff79
0x00c3ff88
0x00c3ff8c
0x00000000
0x00c3ff95
0x00c3ff95
0x00c3ff95
0x00000000
0x00c3ff8c
0x00000000
0x00c3ff5e
0x00000000

APIs

PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00C3FF4C
GetMessageA.USER32 ref: 00C3FF69
DispatchMessageA.USER32 ref: 00C3FF79
PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 00C3FF88

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Message$Peek$Dispatch
String ID:
API String ID: 14830804-0
Opcode ID: 911f20827b5dccd653add44d12a493b72868a4826ba474ec7dc952d7017ad2bc
Instruction ID: d2b50cd83b8856a28d452a115d537f8441b70156f8cb8c7686ff15a75161c5ed
Opcode Fuzzy Hash: 911f20827b5dccd653add44d12a493b72868a4826ba474ec7dc952d7017ad2bc
Instruction Fuzzy Hash: AA012B36740305BBE620DA54DC41FAF7798EB89B60F540939FF04DA0D0D665F50A87B5

Uniqueness

Uniqueness Score: -1.00%

Function 00C41F00 Relevance: 6.1, APIs: 4, Instructions: 53
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C41F00(intOrPtr* __ecx) {
				char _v4;
				char _v8;
				int _v12;
				int _v16;
				int _v56;
				int _v60;
				intOrPtr* _t19;

				_t19 =  *((intOrPtr*)( *__ecx))();
				 *((intOrPtr*)( *_t19 + 0xc))( &_v4,  &_v8);
				SetRectRgn( *( *((intOrPtr*)(__ecx + 0x24)) + 0x14), 0, 0, _v12, _v16);
				SelectObject( *( *((intOrPtr*)(__ecx + 0x24)) + 4),  *( *((intOrPtr*)(__ecx + 0x24)) + 0x14));
				SetViewportOrgEx( *( *((intOrPtr*)(__ecx + 0x24)) + 4), 0, 0, 0);
				return BitBlt( *( *((intOrPtr*)(__ecx + 0x24)) + 8), 0, 0, _v56, _v60,  *( *((intOrPtr*)(__ecx + 0x24)) + 4), 0, 0, 0xcc0020);
			}

0x00c41f08
0x00c41f18
0x00c41f30
0x00c41f41
0x00c41f54
0x00c41f86

APIs

SetRectRgn.GDI32(?,00000000,00000000,?,?), ref: 00C41F30
SelectObject.GDI32(?,?), ref: 00C41F41
SetViewportOrgEx.GDI32(?,00000000,00000000,00000000), ref: 00C41F54
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00C41F7C

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ObjectRectSelectViewport
String ID:
API String ID: 65095062-0
Opcode ID: d216903b82b1c5de5d1eea3a9d86810b312dcb0b9d71a1721e224c9329c904d4
Instruction ID: db892ff26bcab9348c69538e30c8499ce1c02d212c85d28478291ef40ce8b256
Opcode Fuzzy Hash: d216903b82b1c5de5d1eea3a9d86810b312dcb0b9d71a1721e224c9329c904d4
Instruction Fuzzy Hash: 7711D679240300AFD324DB54DD99F67B7E5AB8CB00F108A5CFA4A9B291C670FC018BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00C403A0 Relevance: 6.1, APIs: 4, Instructions: 51
registryCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E00C403A0(void* __eflags, intOrPtr _a4, char _a8) {
				char _v256;
				char _v512;
				void* _t8;
				int _t11;
				void* _t24;
				void** _t25;

				_push(0x100);
				_push( &_v256);
				_t8 = E00C40270( &_v512, _a4,  &_v512, 0x100);
				_t25 = _t24 + 0x14;
				if(_t8 == 0) {
					L5:
					return 0;
				} else {
					_t11 = RegCreateKeyExA(0x80000001,  &_v512, 0, 0, 0, 0x20006, 0, _t25, 0);
					if(_t11 != 0) {
						goto L5;
					} else {
						if(RegSetValueExA( *_t25,  &_v256, _t11, 4,  &_a8, 4) != 0) {
							RegCloseKey( *_t25);
							goto L5;
						} else {
							RegCloseKey( *_t25);
							return 1;
						}
					}
				}
			}

0x00c403b5
0x00c403ba
0x00c403c2
0x00c403c7
0x00c403cc
0x00c4043b
0x00c40443
0x00c403ce
0x00c403ec
0x00c403f4
0x00000000
0x00c403f6
0x00c40418
0x00c40435
0x00000000
0x00c4041a
0x00c4041f
0x00c4042d
0x00c4042d
0x00c40418
0x00c403f4

APIs

RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00020006,00000000,00000000,00000000), ref: 00C403EC
RegSetValueExA.ADVAPI32(?,?,00000000,00000004,?,00000004), ref: 00C40410
RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,?,00000004), ref: 00C4041F
RegCloseKey.ADVAPI32(00000000,?,?,00000000,00000004,?,00000004), ref: 00C40435

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Close$CreateValue
String ID:
API String ID: 1009429713-0
Opcode ID: 331c5b3a1de42987e3ca6d7635953711562110dd3785981e45c0343d9d67dac0
Instruction ID: 056f32a4639415b1d9f0d21587d047bcee8ee469787caae4fd74c14180e02919
Opcode Fuzzy Hash: 331c5b3a1de42987e3ca6d7635953711562110dd3785981e45c0343d9d67dac0
Instruction Fuzzy Hash: 7D0152B5244300BFE724DB50DC4AFBB73A8BB94B04F50891CB7959A1C1E6B1A509C766

Uniqueness

Uniqueness Score: -1.00%

Function 00C402F0 Relevance: 6.0, APIs: 4, Instructions: 50
registryCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E00C402F0(void* __eflags, intOrPtr _a4, char* _a8, int _a12) {
				char _v256;
				char _v512;
				int _v516;
				void* _v520;
				void* _t12;
				void** _t31;

				_push(0x100);
				_push( &_v256);
				_t12 = E00C40270( &_v512, _a4,  &_v512, 0x100);
				_t31 =  &(( &_v520)[5]);
				if(_t12 == 0 || RegOpenKeyExA(0x80000001,  &_v512, 0, 0x20019, _t31) != 0) {
					L5:
					return 0;
				} else {
					_v516 = _a12;
					if(RegQueryValueExA(_v520,  &_v256, 0, 0, _a8,  &_v516) != 0) {
						RegCloseKey(_v520);
						goto L5;
					} else {
						RegCloseKey(_v520);
						return 1;
					}
				}
			}

0x00c40305
0x00c4030a
0x00c40312
0x00c40317
0x00c4031c
0x00c40392
0x00c4039a
0x00c4033e
0x00c40350
0x00c4036f
0x00c4038c
0x00000000
0x00c40371
0x00c40376
0x00c40384
0x00c40384
0x00c4036f

APIs

RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,00000000), ref: 00C40334
RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?), ref: 00C40367
RegCloseKey.ADVAPI32 ref: 00C40376
RegCloseKey.ADVAPI32 ref: 00C4038C

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID:
API String ID: 1607946009-0
Opcode ID: 6cbd282a432fa9b8fa8794ca1e5ae33e3e59587bae8632c34e69ee8057d00f4d
Instruction ID: b8e5ae5cd771cd53080fb0669ca40a241f0874088eef6916855bd746884d536b
Opcode Fuzzy Hash: 6cbd282a432fa9b8fa8794ca1e5ae33e3e59587bae8632c34e69ee8057d00f4d
Instruction Fuzzy Hash: 5C115EB9144301BFE720DB10DD89FAF77A8BBD4B04F10891CB69986182E670E905DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00C40450 Relevance: 6.0, APIs: 4, Instructions: 49
registryCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E00C40450(void* __eflags, intOrPtr _a4, char* _a8) {
				char _v256;
				char _v512;
				int _v516;
				void* _v520;
				void* _t11;
				void** _t29;

				_push(0x100);
				_push( &_v256);
				_t11 = E00C40270( &_v512, _a4,  &_v512, 0x100);
				_t29 =  &(( &_v520)[5]);
				if(_t11 == 0 || RegOpenKeyExA(0x80000001,  &_v512, 0, 0x20019, _t29) != 0) {
					L5:
					return 0;
				} else {
					_v516 = 4;
					if(RegQueryValueExA(_v520,  &_v256, 0, 0, _a8,  &_v516) != 0) {
						RegCloseKey(_v520);
						goto L5;
					} else {
						RegCloseKey(_v520);
						return 1;
					}
				}
			}

0x00c40465
0x00c4046a
0x00c40472
0x00c40477
0x00c4047c
0x00c404ef
0x00c404f7
0x00c4049e
0x00c404bc
0x00c404cc
0x00c404e9
0x00000000
0x00c404ce
0x00c404d3
0x00c404e1
0x00c404e1
0x00c404cc

APIs

RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,00000000), ref: 00C40494
RegQueryValueExA.ADVAPI32 ref: 00C404C4
RegCloseKey.ADVAPI32(00000000), ref: 00C404D3
RegCloseKey.ADVAPI32 ref: 00C404E9

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID:
API String ID: 1607946009-0
Opcode ID: 7817c2a01bcb9ef70023fbc07d3d2f3e54f06316f71645b1376826f6e2e10ca7
Instruction ID: 8e93b4d98d4eaa60fdca945415cf0136b079cba9543d39884e5d386c1b8936eb
Opcode Fuzzy Hash: 7817c2a01bcb9ef70023fbc07d3d2f3e54f06316f71645b1376826f6e2e10ca7
Instruction Fuzzy Hash: 9D0144B9144301BFE720DB50DC49FAF73A8BBD4B04F10891CB79986182E671E509DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00C2FF80 Relevance: 6.0, APIs: 4, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C2FF80(intOrPtr* __ecx, void* __eflags) {
				intOrPtr _v12;
				intOrPtr* _t13;
				void* _t14;

				_t16 = __eflags;
				_t13 = __ecx;
				E00C24420(__ecx, __eflags);
				E00C27980(__ecx + 0x38);
				 *__ecx = 0xc4f904;
				E00C27990(_t14 - 0xc, _t16, 0, 0, 0, 0);
				E00C30050(_t13, _v12);
				return _t13;
			}

0x00c2ff80
0x00c2ff81
0x00c2ff83
0x00c2ff8b
0x00c2ff93
0x00c2ffa3
0x00c2ffaf
0x00c2ffb7

APIs

??0Border@vgui@@QAE@XZ.VGUI ref: 00C2FF83

Part of subcall function 00C24420: ??0Image@vgui@@QAE@XZ.VGUI ref: 00C24423

??0Color@vgui@@QAE@XZ.VGUI ref: 00C2FF8B

Part of subcall function 00C27980: ?init@Color@vgui@@EAEXXZ.VGUI(00C2E47B,00000000,00C23848,00000000,00C40568,00000000), ref: 00C27986

??0Color@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,00000000,00000000), ref: 00C2FFA3

Part of subcall function 00C27990: ?init@Color@vgui@@EAEXXZ.VGUI(00000000,00C2E4B9,000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C27999
Part of subcall function 00C27990: ?setColor@Color@vgui@@UAEXHHHH@Z.VGUI(000000FF,000000FF,000000FF,00C2E4B9,00000000,00C2E4B9,000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C279B4

?init@LineBorder@vgui@@EAEXHVColor@2@@Z.VGUI(?,00000000,00000000,00000000,00000000), ref: 00C2FFAF

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Color@vgui@@$?init@$Border@vgui@@$?setColor@Color@2@@Image@vgui@@Line
String ID:
API String ID: 129461050-0
Opcode ID: d54e590c050aed31cc2472527a8b645cc69df5305b81a9b334c30a57c8fa6b05
Instruction ID: 91ec9c115b731267625e9ab20d22a1e3bcf5ffc701929b6ff18bede3d743705f
Opcode Fuzzy Hash: d54e590c050aed31cc2472527a8b645cc69df5305b81a9b334c30a57c8fa6b05
Instruction Fuzzy Hash: 86D05EB134832067D528FB28AD53F5BB6D89F50B50F10092DF6816BAC1CAA1AC4497E5

Uniqueness

Uniqueness Score: -1.00%

Function 00C2FF40 Relevance: 6.0, APIs: 4, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C2FF40(intOrPtr* __ecx, void* __eflags) {
				intOrPtr* _t11;
				void* _t12;

				_t14 = __eflags;
				_t11 = __ecx;
				E00C24420(__ecx, __eflags);
				_t1 = _t11 + 0x38; // 0x38
				E00C27980(_t1);
				 *__ecx = 0xc4f904;
				E00C27990(_t12 - 0xc, _t14, 0, 0, 0, 0);
				E00C30050(_t11, 1);
				return _t11;
			}

0x00c2ff40
0x00c2ff41
0x00c2ff43
0x00c2ff48
0x00c2ff4b
0x00c2ff53
0x00c2ff63
0x00c2ff6c
0x00c2ff74

APIs

??0Border@vgui@@QAE@XZ.VGUI(00000000,00C2567D), ref: 00C2FF43

Part of subcall function 00C24420: ??0Image@vgui@@QAE@XZ.VGUI ref: 00C24423

??0Color@vgui@@QAE@XZ.VGUI(00000000,00C2567D), ref: 00C2FF4B

Part of subcall function 00C27980: ?init@Color@vgui@@EAEXXZ.VGUI(00C2E47B,00000000,00C23848,00000000,00C40568,00000000), ref: 00C27986

??0Color@vgui@@QAE@HHHH@Z.VGUI(00000000,00000000,00000000,00000000,?,?,?,00000044), ref: 00C2FF63

Part of subcall function 00C27990: ?init@Color@vgui@@EAEXXZ.VGUI(00000000,00C2E4B9,000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C27999
Part of subcall function 00C27990: ?setColor@Color@vgui@@UAEXHHHH@Z.VGUI(000000FF,000000FF,000000FF,00C2E4B9,00000000,00C2E4B9,000000FF,000000FF,000000FF,00000000,?,?,?,00000000), ref: 00C279B4

?init@LineBorder@vgui@@EAEXHVColor@2@@Z.VGUI(00000001,00000000,00000000,00000000,00000000,?,?,?,00000044), ref: 00C2FF6C

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Color@vgui@@$?init@$Border@vgui@@$?setColor@Color@2@@Image@vgui@@Line
String ID:
API String ID: 129461050-0
Opcode ID: 6bce88c6ce9849c21db3bb2dd0ea632c364449dd085bbf0d781e4e94645d8e3c
Instruction ID: 0826e4ac6f7af96927565ffaebcbdf5cdee5e4ebbd701d4f2ac015a2f8ef14bd
Opcode Fuzzy Hash: 6bce88c6ce9849c21db3bb2dd0ea632c364449dd085bbf0d781e4e94645d8e3c
Instruction Fuzzy Hash: 41D0A77134433023E528B7287C13B5DB1545F40B00F10012CF6412E9C2CED2788153C9

Uniqueness

Uniqueness Score: -1.00%

Function 00C42560 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 158
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00C42560(intOrPtr* __ecx, struct HWND__* _a4, struct HWND__* _a8, intOrPtr _a12) {
				struct _devicemodeA _v148;
				char _v152;
				char _v156;
				char _v160;
				int _v164;
				intOrPtr _t55;
				intOrPtr _t59;
				intOrPtr* _t70;
				intOrPtr* _t80;
				struct HWND__* _t86;
				intOrPtr _t109;
				struct HWND__** _t116;
				signed int _t121;
				intOrPtr* _t125;
				struct HWND__* _t126;
				int* _t127;

				_t127 =  &_v164;
				_t125 = __ecx;
				_t126 = _a8;
				_t86 = _a4;
				_t55 =  *((intOrPtr*)(__ecx + 0x24));
				if( *((intOrPtr*)(_t55 + 0x34)) == 0 ||  *((intOrPtr*)(_t55 + 0x38)) != _t86 ||  *((intOrPtr*)(_t55 + 0x3c)) != _t126 ||  *((intOrPtr*)(_t55 + 0x40)) != _a12) {
					if( *((intOrPtr*)(_t125 + 0x30)) == 0) {
						 *((intOrPtr*)( *_t125 + 0xc))();
					}
					_t121 = 0;
					_v164 = 0;
					if( *((intOrPtr*)(_t125 + 0x30)) <= 0) {
						L18:
						return 0;
					} else {
						do {
							if(_t121 < 0 || _t121 >=  *((intOrPtr*)(_t125 + 0x30))) {
								_t59 = 0;
							} else {
								_t59 =  *((intOrPtr*)( *((intOrPtr*)(_t125 + 0x38)) + _t121 * 4));
							}
							_push( &_v156);
							_push( &_v160);
							E00C4388F(_t59, "%dx%dx%d",  &_v152);
							_t127 =  &(_t127[5]);
							if(_t86 != _v152 || _t126 != _v160) {
								goto L17;
							} else {
								_t109 = _a12;
								if(_t109 != _v156) {
									goto L17;
								} else {
									memset( &_v148, 0, 0x25 << 2);
									_t127 =  &(_t127[3]);
									_v148.dmSize = 0x94;
									_v148.dmFields = 0x1c0000;
									_v148.dmBitsPerPel = _t109;
									_v148.dmPelsWidth = _t86;
									_v148.dmPelsHeight = _t126;
									if(ChangeDisplaySettingsA( &_v148, 4) == 0) {
										if(( *(_t125 + 0x24))[0xd] == 0) {
											_t80 =  *((intOrPtr*)( *_t125))();
											_t116 =  *(_t125 + 0x24);
											 *((intOrPtr*)( *_t80 + 0x14))( &(_t116[9]),  &(_t116[0xa]),  &(_t116[0xb]),  &(_t116[0xc]));
											SetWindowPos( *( *(_t125 + 0x24)), 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 3);
										}
										_t70 =  *((intOrPtr*)( *_t125))();
										 *((intOrPtr*)( *_t70 + 0x10))(0, 0, _t86, _t126);
										 *((intOrPtr*)( *_t125 + 0x84))();
										( *(_t125 + 0x24))[0xd] = 1;
										( *(_t125 + 0x24))[0xe] = _t86;
										( *(_t125 + 0x24))[0xf] = _t126;
										( *(_t125 + 0x24))[0x10] = _v148.dmReserved2;
										 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t125))())) + 0x30))();
										return 1;
									} else {
										_t121 = _v164;
										goto L17;
									}
								}
							}
							goto L22;
							L17:
							_t121 = _t121 + 1;
							_v164 = _t121;
						} while (_t121 <  *((intOrPtr*)(_t125 + 0x30)));
						goto L18;
					}
				} else {
					return 1;
				}
				L22:
			}

0x00c42560
0x00c42569
0x00c4256b
0x00c42572
0x00c42579
0x00c42582
0x00c425b0
0x00c425b6
0x00c425b6
0x00c425bc
0x00c425c0
0x00c425c4
0x00c42672
0x00c4267b
0x00c425ca
0x00c425ca
0x00c425cc
0x00c425db
0x00c425d3
0x00c425d6
0x00c425d6
0x00c425e5
0x00c425ea
0x00c425f2
0x00c425fb
0x00c42600
0x00000000
0x00c42608
0x00c42608
0x00c42615
0x00000000
0x00c42617
0x00c42624
0x00c42624
0x00c4262d
0x00c42634
0x00c4263c
0x00c42643
0x00c4264a
0x00c42659
0x00c42686
0x00c4268c
0x00c4268e
0x00c426a5
0x00c426ba
0x00c426ba
0x00c426c4
0x00c426d0
0x00c426d7
0x00c426e0
0x00c426e7
0x00c426f4
0x00c426fa
0x00c42707
0x00c42716
0x00c4265b
0x00c4265b
0x00000000
0x00c4265b
0x00c42659
0x00c42615
0x00000000
0x00c4265f
0x00c42662
0x00c42665
0x00c42665
0x00000000
0x00c425ca
0x00c4259f
0x00c425a8
0x00c425a8
0x00000000

APIs

ChangeDisplaySettingsA.USER32 ref: 00C42651
SetWindowPos.USER32(00000000,000000FF,000000FF,000000FF,000000FF,000000FF,00000003), ref: 00C426BA

Strings

%dx%dx%d, xrefs: 00C425EC

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ChangeDisplaySettingsWindow
String ID: %dx%dx%d
API String ID: 4190868572-160946287
Opcode ID: 5d62eeb04fc8fd4199555eea613c5773384be3a83506495fd2223823741b5a28
Instruction ID: 68e892faab75a7ffe55b3aa90a408d6190be35ca7436964a6a35fda817d15e15
Opcode Fuzzy Hash: 5d62eeb04fc8fd4199555eea613c5773384be3a83506495fd2223823741b5a28
Instruction Fuzzy Hash: 5E5188352043018FC724CF19C990BAAB7E1BF98320F504A5DF5AA8B391DB31E946CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00C255C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E00C255C0(intOrPtr* __ecx, intOrPtr _a4, char _a8) {
				char _v0;
				intOrPtr _v8;
				void* _v20;
				char _v24;
				char _v28;
				void* _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr* _t52;
				intOrPtr* _t58;
				void* _t59;
				intOrPtr* _t62;
				intOrPtr* _t65;
				void* _t66;
				intOrPtr* _t108;
				intOrPtr* _t111;
				void* _t113;
				char _t114;
				intOrPtr _t116;
				void* _t117;
				void* _t119;

				_push(0xffffffff);
				_push(E00C4DC56);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t116;
				_t117 = _t116 - 0x10;
				_t108 = __ecx;
				if(_a4 != 1) {
					_t111 = _a8;
				} else {
					_t114 = _a8;
					_t62 =  *((intOrPtr*)(_v0 + 0x14c))(_t113);
					 *((intOrPtr*)( *_t62 + 0x34))( &_v20,  &_v24);
					_t65 =  *((intOrPtr*)(_v0 + 0x8c))( &_v28,  &_v32);
					_push(0xd0);
					L00C3E340();
					_t119 = _t117 + 4;
					_v32 = _t65;
					_t111 = 0;
					_v20 = 0;
					if(_t65 != 0) {
						_push(0);
						_t65 = E00C2F4B0(_t65, "Label", _v36, _v40, 0);
						_t111 = _t65;
					}
					_push(0x44);
					_v20 = 0xffffffff;
					L00C3E340();
					_t117 = _t119 + 4;
					_v32 = _t65;
					_t122 = _t65;
					_v20 = 1;
					if(_t65 == 0) {
						_t66 = 0;
						__eflags = 0;
					} else {
						_t66 = E00C2FF40(_t65, _t122);
					}
					_v20 = 0xffffffff;
					 *((intOrPtr*)( *_t111 + 0xd4))(_t66);
					 *((intOrPtr*)( *_t111 + 0x40))(_t114);
					 *((intOrPtr*)( *_t111 + 0x100))(_t108, "Label");
				}
				 *((char*)(_t108 + 0x24)) = 1;
				 *((intOrPtr*)(_t108 + 0x28)) = _a4;
				 *((intOrPtr*)( *_t111 + 0xa4))();
				_t52 =  *((intOrPtr*)( *_t111 + 0x14c))();
				 *((intOrPtr*)( *_t52 + 0x34))( &_a8,  &_v28);
				 *((intOrPtr*)(_t108 + 0x38)) = _v36;
				 *((intOrPtr*)(_t108 + 0x34)) = _v0;
				 *((intOrPtr*)( *_t111 + 4))( &_v0,  &_v36);
				 *((intOrPtr*)(_t108 + 0x2c)) = _v8;
				 *((intOrPtr*)(_t108 + 0x30)) = _v44;
				_t58 =  *((intOrPtr*)( *_t111 + 0x14c))();
				_t59 =  *((intOrPtr*)( *_t58 + 0x38))(_t111);
				if( *((intOrPtr*)(_t108 + 0x3c)) != _t111) {
					 *((intOrPtr*)(_t108 + 0x3c)) = _t111;
					_t59 =  *((intOrPtr*)( *_t108 + 0x18))();
				}
				 *[fs:0x0] = _v32;
				return _t59;
			}

0x00c255c6
0x00c255c8
0x00c255cd
0x00c255d2
0x00c255d9
0x00c255e1
0x00c255e3
0x00c256af
0x00c255e9
0x00c255ea
0x00c255f3
0x00c25607
0x00c25619
0x00c2561f
0x00c25624
0x00c25629
0x00c2562c
0x00c25630
0x00c25634
0x00c25638
0x00c25642
0x00c2564d
0x00c25652
0x00c25652
0x00c25654
0x00c25656
0x00c2565e
0x00c25663
0x00c25666
0x00c2566a
0x00c2566c
0x00c25674
0x00c2567f
0x00c2567f
0x00c25676
0x00c25678
0x00c25678
0x00c25686
0x00c2568e
0x00c25699
0x00c256a6
0x00c256ac
0x00c256b7
0x00c256bb
0x00c256c2
0x00c256cc
0x00c256e0
0x00c256eb
0x00c256f6
0x00c256ff
0x00c2570a
0x00c2570d
0x00c25714
0x00c2571f
0x00c25725
0x00c2572b
0x00c2572e
0x00c2572e
0x00c25737
0x00c25741

APIs

??0Label@vgui@@QAE@PBDHHHH@Z.VGUI(Label,?,?,00000000,00000000), ref: 00C2564D

Part of subcall function 00C2F4B0: ??0Panel@vgui@@QAE@HHHH@Z.VGUI(?,?,?,?,?,00000000,00C25652,Label,?,?,00000000,00000000), ref: 00C2F4CA
Part of subcall function 00C2F4B0: ?init@Label@vgui@@AAEXHPBD_N@Z.VGUI(?,?,00000000,?,?,?,?,?,00000000,00C25652,Label,?,?,00000000,00000000), ref: 00C2F4E8

??0LineBorder@vgui@@QAE@XZ.VGUI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C4DC56,000000FF), ref: 00C25678

Strings

Label, xrefs: 00C25646, 00C2569E

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Label@vgui@@$?init@Border@vgui@@LinePanel@vgui@@
String ID: Label
API String ID: 4126737049-3479601132
Opcode ID: 6b091949650fe02aa8c7b600d072cb299a3a6779b5770fc26776475a527bc240
Instruction ID: f645561f7d00b9a6dc0d1272a50d8227116b911860b289bd786c1cfa9556af93
Opcode Fuzzy Hash: 6b091949650fe02aa8c7b600d072cb299a3a6779b5770fc26776475a527bc240
Instruction Fuzzy Hash: 33415A746046129FC744DF28C488AAAFBE5FF88710F144A6DF89A87791DB30E945CF92

Uniqueness

Uniqueness Score: -1.00%

Function 00C4B4FB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E00C4B4FB(void* __ebx, void* __edi) {
				char _v17;
				signed char _v18;
				struct _cpinfo _v24;
				char _v280;
				char _v536;
				char _v792;
				char _v1304;
				void* _t43;
				char _t44;
				signed char _t45;
				void* _t55;
				signed int _t56;
				signed char _t64;
				intOrPtr* _t66;
				signed int _t68;
				signed int _t70;
				signed int _t71;
				signed char _t76;
				signed char _t77;
				signed char* _t78;
				void* _t81;
				void* _t87;
				void* _t88;

				if(GetCPInfo( *0xc7083c,  &_v24) == 1) {
					_t44 = 0;
					do {
						 *((char*)(_t87 + _t44 - 0x114)) = _t44;
						_t44 = _t44 + 1;
					} while (_t44 < 0x100);
					_t45 = _v18;
					_v280 = 0x20;
					if(_t45 == 0) {
						L9:
						E00C4C1B9(1,  &_v280, 0x100,  &_v1304,  *0xc7083c,  *0xc70a64, 0);
						E00C4B69C( *0xc70a64, 0x100,  &_v280, 0x100,  &_v536, 0x100,  *0xc7083c, 0);
						E00C4B69C( *0xc70a64, 0x200,  &_v280, 0x100,  &_v792, 0x100,  *0xc7083c, 0);
						_t55 = 0;
						_t66 =  &_v1304;
						do {
							_t76 =  *_t66;
							if((_t76 & 0x00000001) == 0) {
								if((_t76 & 0x00000002) == 0) {
									 *(_t55 + 0xc70860) =  *(_t55 + 0xc70860) & 0x00000000;
									goto L16;
								}
								 *(_t55 + 0xc70961) =  *(_t55 + 0xc70961) | 0x00000020;
								_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x314));
								L12:
								 *(_t55 + 0xc70860) = _t77;
								goto L16;
							}
							 *(_t55 + 0xc70961) =  *(_t55 + 0xc70961) | 0x00000010;
							_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x214));
							goto L12;
							L16:
							_t55 = _t55 + 1;
							_t66 = _t66 + 2;
						} while (_t55 < 0x100);
						return _t55;
					}
					_t78 =  &_v17;
					do {
						_t68 =  *_t78 & 0x000000ff;
						_t56 = _t45 & 0x000000ff;
						if(_t56 <= _t68) {
							_t81 = _t87 + _t56 - 0x114;
							_t70 = _t68 - _t56 + 1;
							_t71 = _t70 >> 2;
							memset(_t81 + _t71, memset(_t81, 0x20202020, _t71 << 2), (_t70 & 0x00000003) << 0);
							_t88 = _t88 + 0x18;
						}
						_t78 =  &(_t78[2]);
						_t45 =  *((intOrPtr*)(_t78 - 1));
					} while (_t45 != 0);
					goto L9;
				}
				_t43 = 0;
				do {
					if(_t43 < 0x41 || _t43 > 0x5a) {
						if(_t43 < 0x61 || _t43 > 0x7a) {
							 *(_t43 + 0xc70860) =  *(_t43 + 0xc70860) & 0x00000000;
						} else {
							 *(_t43 + 0xc70961) =  *(_t43 + 0xc70961) | 0x00000020;
							_t64 = _t43 - 0x20;
							goto L22;
						}
					} else {
						 *(_t43 + 0xc70961) =  *(_t43 + 0xc70961) | 0x00000010;
						_t64 = _t43 + 0x20;
						L22:
						 *(_t43 + 0xc70860) = _t64;
					}
					_t43 = _t43 + 1;
				} while (_t43 < 0x100);
				return _t43;
			}

0x00c4b518
0x00c4b51e
0x00c4b525
0x00c4b525
0x00c4b52c
0x00c4b52d
0x00c4b531
0x00c4b534
0x00c4b53d
0x00c4b576
0x00c4b595
0x00c4b5b9
0x00c4b5e1
0x00c4b5e9
0x00c4b5eb
0x00c4b5f1
0x00c4b5f1
0x00c4b5f7
0x00c4b612
0x00c4b624
0x00000000
0x00c4b624
0x00c4b614
0x00c4b61b
0x00c4b607
0x00c4b607
0x00000000
0x00c4b607
0x00c4b5f9
0x00c4b600
0x00000000
0x00c4b62b
0x00c4b62b
0x00c4b62d
0x00c4b62e
0x00000000
0x00c4b5f1
0x00c4b541
0x00c4b544
0x00c4b544
0x00c4b547
0x00c4b54c
0x00c4b550
0x00c4b557
0x00c4b55f
0x00c4b569
0x00c4b569
0x00c4b569
0x00c4b56c
0x00c4b56d
0x00c4b570
0x00000000
0x00c4b575
0x00c4b634
0x00c4b63b
0x00c4b63e
0x00c4b65c
0x00c4b671
0x00c4b663
0x00c4b663
0x00c4b66c
0x00000000
0x00c4b66c
0x00c4b645
0x00c4b645
0x00c4b64e
0x00c4b651
0x00c4b651
0x00c4b651
0x00c4b678
0x00c4b679
0x00c4b67f

APIs

GetCPInfo.KERNEL32(?,?), ref: 00C4B50F

Strings

, xrefs: 00C4B534
, xrefs: 00C4B558

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: Info
String ID: $
API String ID: 1807457897-3032137957
Opcode ID: db973ffdca773769018e836f96746b5d64152bb18e0a909732b36f5e5d0d2133
Instruction ID: 6bed27315563384244b74aeeb81b17ecebac50de49ff161f0556aba4bfee5fb7
Opcode Fuzzy Hash: db973ffdca773769018e836f96746b5d64152bb18e0a909732b36f5e5d0d2133
Instruction Fuzzy Hash: F84126314042589AEB1A9714DC49BFBBFEDBB05700F2904E5E64DC7193C3718E48DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00CA77F2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E00CA77F2(void* __ebx, void* __edi) {
				char _v17;
				signed char _v18;
				struct _cpinfo _v24;
				char _v280;
				char _v536;
				char _v792;
				char _v1304;
				void* _t43;
				char _t44;
				signed char _t45;
				void* _t55;
				signed int _t56;
				signed char _t64;
				intOrPtr* _t66;
				signed int _t68;
				signed int _t70;
				signed int _t71;
				signed char _t76;
				signed char _t77;
				signed char* _t78;
				void* _t81;
				void* _t87;
				void* _t88;

				if(GetCPInfo( *0xcb3444,  &_v24) == 1) {
					_t44 = 0;
					do {
						 *((char*)(_t87 + _t44 - 0x114)) = _t44;
						_t44 = _t44 + 1;
					} while (_t44 < 0x100);
					_t45 = _v18;
					_v280 = 0x20;
					if(_t45 == 0) {
						L9:
						E00CA8148(1,  &_v280, 0x100,  &_v1304,  *0xcb3444,  *0xcb3664, 0);
						E00CA8291( *0xcb3664, 0x100,  &_v280, 0x100,  &_v536, 0x100,  *0xcb3444, 0);
						E00CA8291( *0xcb3664, 0x200,  &_v280, 0x100,  &_v792, 0x100,  *0xcb3444, 0);
						_t55 = 0;
						_t66 =  &_v1304;
						do {
							_t76 =  *_t66;
							if((_t76 & 0x00000001) == 0) {
								if((_t76 & 0x00000002) == 0) {
									 *(_t55 + 0xcb3460) =  *(_t55 + 0xcb3460) & 0x00000000;
									goto L16;
								}
								 *(_t55 + 0xcb3561) =  *(_t55 + 0xcb3561) | 0x00000020;
								_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x314));
								L12:
								 *(_t55 + 0xcb3460) = _t77;
								goto L16;
							}
							 *(_t55 + 0xcb3561) =  *(_t55 + 0xcb3561) | 0x00000010;
							_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x214));
							goto L12;
							L16:
							_t55 = _t55 + 1;
							_t66 = _t66 + 2;
						} while (_t55 < 0x100);
						return _t55;
					}
					_t78 =  &_v17;
					do {
						_t68 =  *_t78 & 0x000000ff;
						_t56 = _t45 & 0x000000ff;
						if(_t56 <= _t68) {
							_t81 = _t87 + _t56 - 0x114;
							_t70 = _t68 - _t56 + 1;
							_t71 = _t70 >> 2;
							memset(_t81 + _t71, memset(_t81, 0x20202020, _t71 << 2), (_t70 & 0x00000003) << 0);
							_t88 = _t88 + 0x18;
						}
						_t78 =  &(_t78[2]);
						_t45 =  *((intOrPtr*)(_t78 - 1));
					} while (_t45 != 0);
					goto L9;
				}
				_t43 = 0;
				do {
					if(_t43 < 0x41 || _t43 > 0x5a) {
						if(_t43 < 0x61 || _t43 > 0x7a) {
							 *(_t43 + 0xcb3460) =  *(_t43 + 0xcb3460) & 0x00000000;
						} else {
							 *(_t43 + 0xcb3561) =  *(_t43 + 0xcb3561) | 0x00000020;
							_t64 = _t43 - 0x20;
							goto L22;
						}
					} else {
						 *(_t43 + 0xcb3561) =  *(_t43 + 0xcb3561) | 0x00000010;
						_t64 = _t43 + 0x20;
						L22:
						 *(_t43 + 0xcb3460) = _t64;
					}
					_t43 = _t43 + 1;
				} while (_t43 < 0x100);
				return _t43;
			}

0x00ca780f
0x00ca7815
0x00ca781c
0x00ca781c
0x00ca7823
0x00ca7824
0x00ca7828
0x00ca782b
0x00ca7834
0x00ca786d
0x00ca788c
0x00ca78b0
0x00ca78d8
0x00ca78e0
0x00ca78e2
0x00ca78e8
0x00ca78e8
0x00ca78ee
0x00ca7909
0x00ca791b
0x00000000
0x00ca791b
0x00ca790b
0x00ca7912
0x00ca78fe
0x00ca78fe
0x00000000
0x00ca78fe
0x00ca78f0
0x00ca78f7
0x00000000
0x00ca7922
0x00ca7922
0x00ca7924
0x00ca7925
0x00000000
0x00ca78e8
0x00ca7838
0x00ca783b
0x00ca783b
0x00ca783e
0x00ca7843
0x00ca7847
0x00ca784e
0x00ca7856
0x00ca7860
0x00ca7860
0x00ca7860
0x00ca7863
0x00ca7864
0x00ca7867
0x00000000
0x00ca786c
0x00ca792b
0x00ca7932
0x00ca7935
0x00ca7953
0x00ca7968
0x00ca795a
0x00ca795a
0x00ca7963
0x00000000
0x00ca7963
0x00ca793c
0x00ca793c
0x00ca7945
0x00ca7948
0x00ca7948
0x00ca7948
0x00ca796f
0x00ca7970
0x00ca7976

APIs

GetCPInfo.KERNEL32(?,?), ref: 00CA7806

Strings

, xrefs: 00CA782B
, xrefs: 00CA784F

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: Info
String ID: $
API String ID: 1807457897-3032137957
Opcode ID: d20487e3766eadae5d341dc0d29ab18a0ec69d3d5e097ef27a0f392c2954b816
Instruction ID: 11fd81efb16b43f9f1d1ade9d2f0897bd57291bdff222676369a259d2086cb75
Opcode Fuzzy Hash: d20487e3766eadae5d341dc0d29ab18a0ec69d3d5e097ef27a0f392c2954b816
Instruction Fuzzy Hash: 4A413B311082995ADB129728DC59FFB7FADBB03708F1406E5D285D7193C2354B49DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00C25CB0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00C25CB0(signed int __ecx, void* __eflags) {
				intOrPtr* _t25;
				signed int _t43;
				signed int _t44;
				signed int _t49;
				signed int _t51;
				signed int _t54;
				signed int _t70;
				intOrPtr _t74;
				void* _t91;
				void* _t92;
				signed int _t93;
				void* _t94;
				void* _t97;
				void* _t98;

				_t44 = __ecx;
				E00C43290(0x8204, __ecx);
				_t93 = _t44;
				_t43 = 0;
				 *((char*)(_t94 + 0x214)) = 0;
				if( *((intOrPtr*)(_t93 + 0x4c)) > 0) {
					do {
						if(_t43 < 0 || _t43 >=  *((intOrPtr*)(_t93 + 0x4c))) {
							_t49 = 0;
						} else {
							_t49 =  *( *((intOrPtr*)(_t93 + 0x54)) + _t43 * 4);
						}
						 *((intOrPtr*)( *_t49 + 0x114))(_t94 + 0x14, 0x200);
						if(_t43 < 0 || _t43 >=  *((intOrPtr*)(_t93 + 0x58))) {
							_t74 = 0;
						} else {
							_t49 =  *(_t93 + 0x60);
							_t74 =  *((intOrPtr*)(_t49 + _t43 * 4));
						}
						asm("repne scasb");
						_t51 =  !(_t49 | 0xffffffff);
						_t91 = _t74 - _t51;
						_t70 = _t51;
						asm("repne scasb");
						_t54 = _t70 >> 2;
						memcpy(_t94 + 0x214 - 1, _t91, _t54 << 2);
						_t97 = _t94 + 0xc;
						memcpy(_t91 + _t54 + _t54, _t91, _t70 & 0x00000003);
						_t98 = _t97 + 0xc;
						asm("repne scasb");
						_t92 = _t98 + 0x14;
						asm("repne scasb");
						memcpy(_t97 + 0x214 - 1, _t92, 0 >> 2 << 2);
						_t43 = _t43 + 1;
						memcpy(_t92 + 0x175b75a, _t92, 0);
						_t94 = _t98 + 0x18;
						_t44 = 0;
					} while (_t43 <  *((intOrPtr*)(_t93 + 0x4c)));
				}
				_t25 = E00C40500();
				asm("repne scasb");
				 *((intOrPtr*)( *_t25 + 0x6c))( !(_t44 | 0xffffffff) - 1);
				return E00C3E3E0("Copied to clipboard\n", _t94 + 0x214);
			}

0x00c25cb0
0x00c25cb5
0x00c25cbc
0x00c25cbe
0x00c25cc5
0x00c25ccf
0x00c25cd5
0x00c25cd7
0x00c25ce6
0x00c25cde
0x00c25ce1
0x00c25ce1
0x00c25cf4
0x00c25cfc
0x00c25d0b
0x00c25d03
0x00c25d03
0x00c25d06
0x00c25d06
0x00c25d12
0x00c25d14
0x00c25d21
0x00c25d25
0x00c25d2c
0x00c25d31
0x00c25d34
0x00c25d34
0x00c25d42
0x00c25d42
0x00c25d4b
0x00c25d53
0x00c25d5e
0x00c25d66
0x00c25d70
0x00c25d73
0x00c25d73
0x00c25d73
0x00c25d73
0x00c25cd5
0x00c25d7b
0x00c25d8e
0x00c25da0
0x00c25dba

APIs

?getInstance@App@vgui@@SAPAV12@XZ.VGUI ref: 00C25D7B
?vgui_printf@vgui@@YAHPBDZZ.VGUI(Copied to clipboard), ref: 00C25DA8

Strings

Copied to clipboard, xrefs: 00C25DA3

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ?get?vgui_printf@vgui@@App@vgui@@Instance@V12@
String ID: Copied to clipboard
API String ID: 32801250-1312545821
Opcode ID: 0412a71368b55126e5845efcd66c2d22bad3265d8d07909724feb7e91c4103a2
Instruction ID: 57304ea1f05fe4da1dcf9634a8fefb279854ec1223c9a9488e62ec33ffb08477
Opcode Fuzzy Hash: 0412a71368b55126e5845efcd66c2d22bad3265d8d07909724feb7e91c4103a2
Instruction Fuzzy Hash: BF310331300A180BDB2CD97899895AF77D2FFC4320F24862EF92BC76C1EE70AC048661

Uniqueness

Uniqueness Score: -1.00%

Function 00C3B000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON

Download Yara Rule

APIs

?paintBackground@Panel@vgui@@MAEXXZ.VGUI ref: 00C3B040

Strings

%d:%.2d:%.2d PM, xrefs: 00C3B024
%d:%.2d:%.2d AM, xrefs: 00C3B02C

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: ?paintBackground@Panel@vgui@@
String ID: %d:%.2d:%.2d AM$%d:%.2d:%.2d PM
API String ID: 1384949256-3577016940
Opcode ID: 6a9ba33af339a14f4d958b3562c102b16ac191490185cb5b8b3e2cb8a5f7289e
Instruction ID: 1cc9f3811a4faea72fa6275b89580d19fb2bcfd932bbe1685641adfba29fe49d
Opcode Fuzzy Hash: 6a9ba33af339a14f4d958b3562c102b16ac191490185cb5b8b3e2cb8a5f7289e
Instruction Fuzzy Hash: FA0175713105106BD6189B24CC56FABB7A9EF84710F104629F96A872D1DBB0AD454791

Uniqueness

Uniqueness Score: -1.00%

Function 00CA10A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00CA10A0(void* __fp0, char _a4, long long _a8, long long _a16) {
				signed char _t7;
				void* _t13;
				long long* _t15;
				void* _t19;
				void* _t20;
				long long _t21;

				_t19 = __fp0;
				_t7 = E00CA1380(0xcaf088);
				_t20 = _t19 - _a8;
				asm("fcom qword [esp+0x10]");
				asm("fnstsw ax");
				if((_t7 & 0x00000041) != 0) {
					st0 = _t20;
					return E00CA1020(_a4, _a4, 0);
				} else {
					_t21 = _a16;
					_t15 = _t13 - 8;
					 *_t15 = _t21;
					 *((long long*)(_t15 - 8)) = _t21;
					return E00CA11A0("Function (%s) took too long, %.3f (max %.3f)\n", _a4);
				}
			}

0x00ca10a0
0x00ca10a5
0x00ca10aa
0x00ca10ae
0x00ca10b2
0x00ca10b7
0x00ca10e3
0x00ca10ed
0x00ca10b9
0x00ca10b9
0x00ca10c1
0x00ca10c4
0x00ca10ca
0x00ca10db
0x00ca10db

APIs

Part of subcall function 00CA1380: QueryPerformanceCounter.KERNEL32 ref: 00CA138C

Error.DBG(Function (%s) took too long, %.3f (max %.3f),?), ref: 00CA10D3

Part of subcall function 00CA11A0: ClearErrorLogs.DBG ref: 00CA1202

_LogFunctionTrace.DBG(?,00000000), ref: 00CA10E5

Strings

Function (%s) took too long, %.3f (max %.3f), xrefs: 00CA10CE

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: Error$ClearCounterFunctionLogsPerformanceQueryTrace
String ID: Function (%s) took too long, %.3f (max %.3f)
API String ID: 941761197-2711672902
Opcode ID: a3631717c8f04ea093750869155f86ebf710c4c429f5419d41e639c64872187a
Instruction ID: d6b5cfb4235bf55c6f32862ea376e39553da7f65934dd82b1b8744efc6fdad1f
Opcode Fuzzy Hash: a3631717c8f04ea093750869155f86ebf710c4c429f5419d41e639c64872187a
Instruction Fuzzy Hash: 12E048B9904703AADB00BFA4ED5A62E7AE4BFC5744F884D9CFAD4001C5DE34446C9367

Uniqueness

Uniqueness Score: -1.00%

Function 00C47218 Relevance: 5.1, APIs: 4, Instructions: 53
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00C47218() {
				signed int _t15;
				void* _t17;
				void* _t19;
				void* _t25;
				signed int _t26;
				void* _t27;
				intOrPtr* _t29;

				_t15 =  *0xc70b94; // 0x0
				_t26 =  *0xc70b84; // 0x0
				if(_t15 != _t26) {
					L3:
					_t27 =  *0xc70b98; // 0x0
					_t29 = _t27 + (_t15 + _t15 * 4) * 4;
					_t17 = HeapAlloc( *0xc70ba0, 8, 0x41c4);
					 *(_t29 + 0x10) = _t17;
					if(_t17 == 0) {
						L6:
						return 0;
					}
					_t19 = VirtualAlloc(0, 0x100000, 0x2000, 4);
					 *(_t29 + 0xc) = _t19;
					if(_t19 != 0) {
						 *(_t29 + 8) =  *(_t29 + 8) | 0xffffffff;
						 *_t29 = 0;
						 *((intOrPtr*)(_t29 + 4)) = 0;
						 *0xc70b94 =  *0xc70b94 + 1;
						 *( *(_t29 + 0x10)) =  *( *(_t29 + 0x10)) | 0xffffffff;
						return _t29;
					}
					HeapFree( *0xc70ba0, 0,  *(_t29 + 0x10));
					goto L6;
				}
				_t2 = _t26 * 4; // 0x50
				_t25 = HeapReAlloc( *0xc70ba0, 0,  *0xc70b98, _t26 + _t2 + 0x50 << 2);
				if(_t25 == 0) {
					goto L6;
				}
				 *0xc70b84 =  *0xc70b84 + 0x10;
				 *0xc70b98 = _t25;
				_t15 =  *0xc70b94; // 0x0
				goto L3;
			}

0x00c47218
0x00c4721d
0x00c47229
0x00c4725b
0x00c4725b
0x00c47271
0x00c47274
0x00c4727c
0x00c4727f
0x00c472ab
0x00000000
0x00c472ab
0x00c4728e
0x00c47296
0x00c47299
0x00c472af
0x00c472b3
0x00c472b5
0x00c472b8
0x00c472c1
0x00000000
0x00c472c4
0x00c472a5
0x00000000
0x00c472a5
0x00c4722b
0x00c47240
0x00c47248
0x00000000
0x00000000
0x00c4724a
0x00c47251
0x00c47256
0x00000000

APIs

HeapReAlloc.KERNEL32(00000000,00000050,?,00000000,00C46FE0,?,00000000,00000000,00C43620,00000000,?,00000000,00000000,00000000,00000000), ref: 00C47240
HeapAlloc.KERNEL32(00000008,000041C4,?,00000000,00C46FE0,?,00000000,00000000,00C43620,00000000,?,00000000,00000000,00000000,00000000), ref: 00C47274
VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00C4728E
HeapFree.KERNEL32(00000000,?), ref: 00C472A5

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: AllocHeap$FreeVirtual
String ID:
API String ID: 3499195154-0
Opcode ID: e48dd39df0608a6c6a9652b4b4b48f489e36d93ddd8eaef614ad60b5b36d087f
Instruction ID: 4757b7a57e11e9edb8843cc330be44420e5e01c82bb35a51ed4f2ad63c02636e
Opcode Fuzzy Hash: e48dd39df0608a6c6a9652b4b4b48f489e36d93ddd8eaef614ad60b5b36d087f
Instruction Fuzzy Hash: EE110A74210601DFD7318F19EC45F6A7BB6FB85728B600A29F1AAC61B0D3B19A82CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00CA621D Relevance: 5.1, APIs: 4, Instructions: 53
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CA621D() {
				signed int _t15;
				void* _t17;
				void* _t19;
				void* _t25;
				signed int _t26;
				void* _t27;
				intOrPtr* _t29;

				_t15 =  *0xcb3678; // 0x0
				_t26 =  *0xcb3668; // 0x0
				if(_t15 != _t26) {
					L3:
					_t27 =  *0xcb367c; // 0x0
					_t29 = _t27 + (_t15 + _t15 * 4) * 4;
					_t17 = HeapAlloc( *0xcb3684, 8, 0x41c4);
					 *(_t29 + 0x10) = _t17;
					if(_t17 == 0) {
						L6:
						return 0;
					}
					_t19 = VirtualAlloc(0, 0x100000, 0x2000, 4);
					 *(_t29 + 0xc) = _t19;
					if(_t19 != 0) {
						 *(_t29 + 8) =  *(_t29 + 8) | 0xffffffff;
						 *_t29 = 0;
						 *((intOrPtr*)(_t29 + 4)) = 0;
						 *0xcb3678 =  *0xcb3678 + 1;
						 *( *(_t29 + 0x10)) =  *( *(_t29 + 0x10)) | 0xffffffff;
						return _t29;
					}
					HeapFree( *0xcb3684, 0,  *(_t29 + 0x10));
					goto L6;
				}
				_t2 = _t26 * 4; // 0x50
				_t25 = HeapReAlloc( *0xcb3684, 0,  *0xcb367c, _t26 + _t2 + 0x50 << 2);
				if(_t25 == 0) {
					goto L6;
				}
				 *0xcb3668 =  *0xcb3668 + 0x10;
				 *0xcb367c = _t25;
				_t15 =  *0xcb3678; // 0x0
				goto L3;
			}

0x00ca621d
0x00ca6222
0x00ca622e
0x00ca6260
0x00ca6260
0x00ca6276
0x00ca6279
0x00ca6281
0x00ca6284
0x00ca62b0
0x00000000
0x00ca62b0
0x00ca6293
0x00ca629b
0x00ca629e
0x00ca62b4
0x00ca62b8
0x00ca62ba
0x00ca62bd
0x00ca62c6
0x00000000
0x00ca62c9
0x00ca62aa
0x00000000
0x00ca62aa
0x00ca6230
0x00ca6245
0x00ca624d
0x00000000
0x00000000
0x00ca624f
0x00ca6256
0x00ca625b
0x00000000

APIs

HeapReAlloc.KERNEL32(00000000,00000050,00000000,00000000,00CA5FE5,00000000,00000000,00000000,00CA5ACA,00000000,00000000,?,00000000,00000000,00000000), ref: 00CA6245
HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00CA5FE5,00000000,00000000,00000000,00CA5ACA,00000000,00000000,?,00000000,00000000,00000000), ref: 00CA6279
VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00CA6293
HeapFree.KERNEL32(00000000,?), ref: 00CA62AA

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: AllocHeap$FreeVirtual
String ID:
API String ID: 3499195154-0
Opcode ID: 7bf00250b0aa833a4826cb95c8abbc788df72f52021ba64d9fe9533273d0480d
Instruction ID: 73a9dfa447d090732b10cf061f0079f7a54fc7bc9b368ca8829b697fe41f77f8
Opcode Fuzzy Hash: 7bf00250b0aa833a4826cb95c8abbc788df72f52021ba64d9fe9533273d0480d
Instruction Fuzzy Hash: 7F113D70200642FFD7218F29EC49B6A7BB5FB56719B504719F561C72B1D371AA41CF10

Uniqueness

Uniqueness Score: -1.00%

Function 00C43CA8 Relevance: 5.0, APIs: 4, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C43CA8(void* __eax) {
				void* _t1;

				_t1 = __eax;
				InitializeCriticalSection( *0xc6c188);
				InitializeCriticalSection( *0xc6c178);
				InitializeCriticalSection( *0xc6c168);
				InitializeCriticalSection( *0xc6c148);
				return _t1;
			}

0x00c43ca8
0x00c43cb5
0x00c43cbd
0x00c43cc5
0x00c43ccd
0x00c43cd0

APIs

InitializeCriticalSection.KERNEL32(?,00C446B2,?,00C43B56), ref: 00C43CB5
InitializeCriticalSection.KERNEL32 ref: 00C43CBD
InitializeCriticalSection.KERNEL32 ref: 00C43CC5
InitializeCriticalSection.KERNEL32 ref: 00C43CCD

Memory Dump Source

Source File: 0000000F.00000002.524286180.0000000000C21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00C20000, based on PE: true

Associated: 0000000F.00000002.524257069.0000000000C20000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524369318.0000000000C4F000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524418782.0000000000C6A000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524429587.0000000000C6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000F.00000002.524440867.0000000000C72000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_c20000_hl.jbxd

Similarity

API ID: CriticalInitializeSection
String ID:
API String ID: 32694325-0
Opcode ID: 7f505265f0de3813b9f20f050c7129b6782ab48b99b4031670191a925c0a5086
Instruction ID: 307a46327f3db69bbc4a0762698ece02f0ad662b5b80d7cfdb39cabefcd3b234
Opcode Fuzzy Hash: 7f505265f0de3813b9f20f050c7129b6782ab48b99b4031670191a925c0a5086
Instruction Fuzzy Hash: 03C00231805034ABEA312B67FC84B9E3F25EF072603010063E1445103186A11CA2DFD0

Uniqueness

Uniqueness Score: -1.00%

Function 00CA5933 Relevance: 5.0, APIs: 4, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CA5933(void* __eax) {
				void* _t1;

				_t1 = __eax;
				InitializeCriticalSection( *0xcac974);
				InitializeCriticalSection( *0xcac964);
				InitializeCriticalSection( *0xcac954);
				InitializeCriticalSection( *0xcac934);
				return _t1;
			}

0x00ca5933
0x00ca5940
0x00ca5948
0x00ca5950
0x00ca5958
0x00ca595b

APIs

InitializeCriticalSection.KERNEL32(?,00CA3447,?,00CA1A5A), ref: 00CA5940
InitializeCriticalSection.KERNEL32 ref: 00CA5948
InitializeCriticalSection.KERNEL32 ref: 00CA5950
InitializeCriticalSection.KERNEL32 ref: 00CA5958

Memory Dump Source

Source File: 0000000F.00000002.524490976.0000000000CA1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00CA0000, based on PE: true

Associated: 0000000F.00000002.524481493.0000000000CA0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524504149.0000000000CAB000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524513952.0000000000CAC000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524522984.0000000000CAE000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524536202.0000000000CB3000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000F.00000002.524551706.0000000000CB5000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_ca0000_hl.jbxd

Similarity

API ID: CriticalInitializeSection
String ID:
API String ID: 32694325-0
Opcode ID: 83a15540ae299bdcfa72892a7c97c6aeb5944bac46a040c93452f78548a1acd4
Instruction ID: 1f1d2bf6b0384986a6e8b247391d7b5606b19d0995046eaf419cfefcd13e6965
Opcode Fuzzy Hash: 83a15540ae299bdcfa72892a7c97c6aeb5944bac46a040c93452f78548a1acd4
Instruction Fuzzy Hash: 99C00231803138AACA526B75FE86BAF7F26EB873A83050063A118531318F261C64EFC0

Uniqueness

Uniqueness Score: -1.00%

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.metamod.org/	DATOS.exe, 00000004.00000003.427407106.0000000004B4C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.gearboxsoftware.com/D	hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.goldwave.comICRD	DATOS.exe, 00000004.00000003.408551867.0000000004196000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.amxmodx.org/AMX	DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.bailopan.net/	DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.bailopan.net/csdm/	DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.counter-strike.net/cheat.html	hl.exe, 0000000F.00000002.524925651.0000000001D01000.00000004.00000001.01000000.0000000A.sdmp	false		high
http://www.steampowered.com/_	hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.goldwave.com	DATOS.exe, 00000004.00000003.408551867.0000000004529000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.408551867.0000000004196000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.cs-conditionzero.com/	hl.exe, 0000000F.00000002.532657730.000000000E4B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.gearboxsoftware.com/	hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.counter-strike.net/	hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.goldwave.comRIFFpdWAVEfmt	DATOS.exe, 00000004.00000003.408551867.0000000004196000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.counter-strike.net/U	hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.steampowered.com/autoupdate	hl.exe, 0000000F.00000003.481152891.00000000067DA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://http://invalidCGameUI::StartProgressBar%s.dllCreateInterface	DATOS.exe, 00000004.00000003.427407106.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.000000000475E000.00000004.00001000.00020000.00000000.sdmp, hl.exe, 0000000F.00000002.529796530.00000000066CD000.00000004.00000001.01000000.00000012.sdmp	false	Avira URL Cloud: safe	low
http://www.goldwave.comRIFFdOWAVEfmt	DATOS.exe, 00000004.00000003.408551867.0000000004529000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.bailopan.net/CSDM	DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.steampowered.com/platform/friends/	hl.exe, 0000000F.00000002.532082643.000000000AB98000.00000004.00000001.01000000.0000001D.sdmp	false		high
http://www.amxmodx.org	DATOS.exe, 00000004.00000003.427407106.00000000042CD000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.0000000004540000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.amxmodx.org/	DATOS.exe, 00000004.00000003.427407106.00000000042CD000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.429601239.0000000001FF0000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.431162957.0000000000660000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.amxmodx.orgAMX	DATOS.exe, 00000004.00000003.427407106.0000000004540000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, DATOS.exe, 00000004.00000003.427407106.00000000044DB000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.steampowered.com/	hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.abyssmedia.com	ZeroX.exe, ZeroX.exe, 00000001.00000002.521934731.0000000000401000.00000040.00000001.01000000.00000006.sdmp	false	Avira URL Cloud: safe	unknown
http://www.steampowered.com/platform/friends/Friends/DialogSystemMessage.rescloseCloseButton#Tracker	hl.exe, 0000000F.00000002.532082643.000000000AB98000.00000004.00000001.01000000.0000001D.sdmp	false		high
http://www.goldwave.comRIFF	DATOS.exe, 00000004.00000003.408551867.0000000004196000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://dayofdefeatmod.com/	hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.steampowered.com/I	hl.exe, 0000000F.00000002.532621641.000000000E4A4000.00000004.00000020.00020000.00000000.sdmp	false		high

Target ID:	0
Start time:	15:48:52
Start date:	10/03/2023
Path:	C:\Users\user\Desktop\0RzXzro3zx.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\0RzXzro3zx.exe
Imagebase:	0x400000
File size:	67826994 bytes
MD5 hash:	300072E208756288B4D1FC51197635F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	1
Start time:	15:48:58
Start date:	10/03/2023
Path:	C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe"
Imagebase:	0x400000
File size:	67702 bytes
MD5 hash:	990CB25406490C0A25467C53CE847E6F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 4%, ReversingLabs
Reputation:	low

Target ID:	4
Start time:	15:48:59
Start date:	10/03/2023
Path:	C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe
Wow64 process (32bit):	true
Commandline:	DATOS.exe -y
Imagebase:	0x400000
File size:	67588215 bytes
MD5 hash:	E920233CFC72E6D7E8AEC9D0B52C0A28
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 6%, ReversingLabs
Reputation:	low

Target ID:	14
Start time:	15:50:16
Start date:	10/03/2023
Path:	C:\Windows\SysWOW64\regedit.exe
Wow64 process (32bit):	true
Commandline:	regedit /s REG.reg
Imagebase:	0x130000
File size:	316416 bytes
MD5 hash:	617538C965AC4DDC72F9CF647C4343D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Target ID:	15
Start time:	15:50:17
Start date:	10/03/2023
Path:	C:\Users\user\AppData\Local\Temp\RarSFX0\hl.exe
Wow64 process (32bit):	true
Commandline:	hl.exe -game cstrike
Imagebase:	0x1400000
File size:	81920 bytes
MD5 hash:	46A54ABFC758AD1FACD11B2926F40D3C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 0RzXzro3zx.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\RarSFX0\Core.dll

C:\Users\user\AppData\Local\Temp\RarSFX0\DATOS.exe

C:\Users\user\AppData\Local\Temp\RarSFX0\DemoPlayer.dll

C:\Users\user\AppData\Local\Temp\RarSFX0\FileSystem_Stdio.dll

C:\Users\user\AppData\Local\Temp\RarSFX0\FileSystem_Steam.dll

C:\Users\user\AppData\Local\Temp\RarSFX0\ZeroX.exe

C:\Users\user\AppData\Local\Temp\RarSFX0\a3dapi.dll

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\BotCampaignProfile.db

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\BotChatter.db

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\BotProfile.db

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\clcmds.ini

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\cmds.ini

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\configs.ini

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\conmotd.txt

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\core.ini

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\csdm\extraconfigs\readme.txt

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\cvars.ini

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\maps.ini

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\modules.ini

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\plugins-csdm.ini

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\plugins.ini

C:\Users\user\AppData\Local\Temp\RarSFX0\cstrike\addons\amxmodx\configs\speech.ini

Windows Analysis Report
0RzXzro3zx.exe

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre