Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 280989ad6e26896334cfadfe414b4cdc --

Hashes
MD5: 280989ad6e26896334cfadfe414b4cdc
SHA1: 0fa084e47948fa5eec0af1aa69862448dd45abf1
SHA256: f6114ad326268ab23b2198e0d45b52312c21a24054fb5db97cbeb69553fdaf0c
SSDEEP: 6144:FStaHBCR6mEJfqDG6SxBX7RxhOrabZN4Kuyv:FSQHB4ifqDGZxt7RxEabX4K1
Details
File Type: PE32
Yara Hits
YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet | YRP/UPX_wwwupxsourceforgenet_additional | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/Netopsystems_FEAD_Optimizer_1 | YRP/UPX_290_LZMA | YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser | YRP/UPX_290_LZMA_additional | YRP/UPX_wwwupxsourceforgenet | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser | YRP/upx_3 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/CRC32_poly_Constant | YRP/MD5_Constants | YRP/UPX | YRP/suspicious_packer_section |
Sub Files
ea3eeff008dd8a3109c80df19f407465
Strings
		!This program cannot be run in DOS mode.
Qkkbal
Bmp_Button_Classx
vs 9hs
8*.t=f
SVi<stx
\V#Y5i
Uj{Fo&j
)Z*|_-
O{jSy0
)QRr'}
>p	QC-\
<Ar*Zw
fxo$^D$@
t'e1%1
#/M&M=
dy(E}}
 EI@>@-
ruJW}>
Etk<tp5
MmC<Pb
CreateTh
d`\T^.
$(,0\.
48<@D.
</u7SWSV
D`ShBt
T2rD0(A%#G<4
$n}dEf
`p@HPX`l
h[^_]q
"&(ddd *,.
5B=DF'
HKEY_CLASSES_ROOTURk
ONFIG'UTR#
?LOCAL_MACHINE%9S
user32.dll
o"etLay
edWindowAttributes
MOD_Init
MvicF'
k\e#LoadPl
Exe Fil
PP@Pwx
|ABOUT
KsMS SANb
k8nel%?
64Disab
ctionWpq
:v&tUs:n
.ta^"work
<>[]|$^!%&/\(){}=?`*+-h
'#.:;,@~"@	
wI2BLED
TZVE/\
%116lo?
)K?OA6
EPwo4H
HQ_EP 
C>1nf""&
novl@<D
n~U$0<<D
*(1:"D
 5,=77n8
YAHTT!
)xF?#*y"S
(_[UU<
WRRVxnX
t@6-1`
U~-2/0`!
*%+. #0<yo
bq<2Zr^l
rb-n(zo5WR
Zo*hKg
a.bsywG_{
4K Video
 Downloar/Stogram/YouTube (
 MP3 Gen8ic P[
 v.2.3-WD
https://w
Warez_
1. Copy p
@E folb@2
hplBit
3n'Joy!rMbJ
uZzik:|eek
d - Refl
~Skin bnMADRABAZ"
2~2236
>^EGL@Rn6
i0yV^1
rt,iUS
Very ]S
psN ODr
Thing q
SCra6\
	 	!	"	#	$
	%	&	'	(	)	*	+	,	-	.	/	0	1	2	3	4
	5	6	7	8	9	:	;	<	=	>	?	@	A	B	C	D
	E	F	G	H	I	J	K	L	M	N	O	P	Q	R	S	T
	U	V	W	X	Y	Z	[	\	]	^	_	`	a	b	c	d
	e	f	g	h	i	j	k	l	m	n	o	p	q	r	s	t
	u	v	w	S|
eZcessa_!
BXCowbellO
dAlmost Forgo
LN6PDC
Bh:*qs
=Piano
WAVE FTW!S
Organ 
(awtooth
NPACK2.IT
/%X*,C
.!&.@S
$S2H<C
! 28QK
0J%HMCL
3ko8Qk5
l<mj>@
cUAJ!Q
xAp~pZO
TnsX=X
e^Hu?g
1sLy`D
cP KTy[
8R:D4 <8@~2
|>6.>~0
_Dxl&2iDt
5XHpA	
""LOe`
]-x-D,
Vm0'_`?
efhovno
dJ0LP$%R
h@$}N#
	zAVh"2Y
=U	m}cV
'D#QuJ
a:rjy!
GH2Y<8
#f\cb2
 8tC1C\
i/YfHhb|
aO,,xh
`(k?"M
F6I7@c!
F$01`-
]@&`:`
]$B,-s
]^1wBZ
?H_?aP
tF8n71
hQ? nu
CXn~^z{
Fgl`pi
K8wfqA
-,+x*$
l"O9bL-^
a]lY	[V
A VT@S
~P`SB 
pl|bO\
9WbYSp
b]t?BaID
P1::"1.
;rC30 
P/W|R+\
r>SX0V
%5,`U*
@V,pX;7l5_
D%%.Pe
@Y2@ZV0
&@ QaMa
zx4Zi7
^v)L7RZ
"h8JX8
rYjD/I
r:B*JJC
7O[3y-v
e|taVPU
?0v\afr
5GfDDu
t[OQi>
>Y]g`eu
Y:(J^A
L(H&v 
D(VmP1
^kn[+&
y"a^p6
a%px:BL
e5(4/%]z
,a-~_J
Oe.@rc
no<p>}
>P,rHd#
Hh#^%:$
g]` Ws
^|;/8~
<s]{NX
J02rSq
fy1:CB 
?vTb-H
	a:##8
K`>f	R
7.8M8s
)pB.x1m9
`fS!lAETv
cRJ&.0e
y/Uk4n
}s/)Ck
r;7sH=@/
|W6	xeZOt
}o?(`%
rxDd8/
B<=f1G
11L=1MHq
0+`AA8w
u-9-[)
cNA2`T
^B</NH
 )[bvt<
`uN?<r_2
XE+^w{
Xpz?'VER
~y;BW]
\u}68]
#<f2\t~
v3k)"b
<o7G	DD|
C"| J!P
(> dfH
	E#"CT#
]"dfF\
[S '@x
`?@x~e
~b?~@1
:}rCQ|
y#82j8
w^zs(#
A) +&{
b]lyW35
f.w:wQ
^SGx\g
=^IQ,UG
&5H(<G)|\vY
^Oq$Ur
Tc<@ *
HRTww\
@"mSpS
VPBft}-
Y4umA2
NuML|)
i^g->l
k^HXF-
L:`*+B
?FOW/ 
*E_EQ,
'TF!x:
\qCjVK
C)aW)+
a6eAFn
+GtP#I	
eu%bz8
"^=oeZ
EkebrW
de@,8r
g[xH0C
fDT;,(XJ
oP68	(
7J$p	pX)x
7pP |p
pO`Q@P"
dWQMER@j&
@ZAARM
_)XvXm]
@ CpF)
L"P Ah
2X`@j 
CR`dE)6
xU0>HT
,@N" 	
2dY7nS
R.XP`POB
^0p_HX;Y
;o$w=k
/AA~X`
WddQ	Z
{X> m[7
wwF=0_
0LCO_H
a+am~'
/ASDFD
ZK1\fz
3%FdT(Mz
!@PFUU#2
&CUR42
 nHTU|DTB
PZtnL(
DsCDQ!
RBpv'|
aH:)!d
"CA4U$
xpVt"6
 U	@Q0
*#(Iv$
GL*()t
UC34x&
/"#r4$
 "v^o{v~
j8>8=#(
 DAb1p
B&Dr4!A~
vK1"~_
P"F$TS"
[evtTT	|
?CcC$5CN
:1!R2CTA(M
NJ6Hf.
#9Q^T.
U^QVj-
Xx}%VVa
eURYQeTRJ
1)Kd*T
[h{eVZa
TSU?}5
ReW##B
 BfF#!rH
*r8DFA;
!Fx,![
8UEA Q
R2`c|;
yw'"tKg
*|ycl&
|o(G[2
!2TDCg
~X '	r
]zFj;(
T]{`(IZ
wFi;YF
CpVCB"
Wv)`)c
iw(h5v
Y}I_Tm
ZZ)!#z
g+@]hm
	mZ]%J
B! 1T%
_@1DA'
c5U]<P
ERROR!
trrupt Data
4hLibr
A;Ge9AddrA
?,irtual*t
'xGlob Al
ageBox
MSVCRT
DevhTl
sc`pV1
`9V2s%L
Length
_-IsAcXv
o&SAmplify/Panb
-KLY*h
C)B+0+
CP3	xo
Mov8E;3
	PI/1?
1gY`;K
zMaOM	
!8NI*?
bPw2&gu
j6@~Iq`
! lf[I
(*Pp/+T
k8yl(K
/W&dO]
He\KR@u 
+VSa'T*#
PUJH_ak
}& \k0(Nm]
f>vXk:'YZW
CQ@HnU
#Zk2TaDf
Rf08<H
<L4:n,
 ?di[3 M)
w38Ej:
nE6&;;
f&>FQZY
K`]L mX
c	x lL^
%QC"NVZ
<p&jJP
lspUDn
$/9en6
T_GRm-
Z^=`;	
[C ]RQ
"*WY~ T
| EnI9
wt~v{a
REm	^,~
mF#Ez&
MPOb^[B!
(bRT7?a
;\R[q/0~
p9yUM"H
y']cp;
:up%.=
%&}U t
ry(rNW
PKyBxgG
p-p{v}
XLv@FBV"@
TEjqH6
CLU+HL(NHCA
Ld;!68C
XNkkm`w6
RUGECNsy
{~BM]YRPP
P@Ct{o<``
{YpZA_^SX`
<+-.4Bt7
^=_'%+
0zcO[A
Lzm+|`
b)a{\Ux*~
*oNwCm
*DRZ!4)
\fn~/;
74 2eQ$
Findw C
Buffe."W	
$ngXGD
Acpy,,
ToMultiBy
M(map$lIH
Envi"&
k$n:!Pr
(RtlEM
S/'Poi;
$gQu\y
ppup@C
DlgIHm
1D\5Xd
XPTPSW
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="2.0.0.0"
    processorArchitecture="X86"
    name="diablo2oo2's.Universal.Patcher"
    type="win32"
  <description>diablo2oo2's.Universal.Patcher</description>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
        type="win32"
        name="Microsoft.Windows.Common-Controls"
        version="6.0.0.0"
        processorArchitecture="X86"
        publicKeyToken="6595b64144ccf1df"
        language="*"
      />
    </dependentAssembly>
  </dependency>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel
          level="asInvoker"
          uiAccess="false"
        />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
KERNEL32.DLL
advapi32.dll
comctl32.dll
comdlg32.dll
gdi32.dll
shell32.dll
user32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
InitCommonControls
GetOpenFileNameA
BitBlt
ShellExecuteA