6a5daad1...c666 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Dropper, Trojan

29. 08. 2019 .scr

Windows Exe (x86-32)

Created at 2019-09-01T21:39:00

...

Remarks (1/1)

(0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Remarks

(0x200001d): The maximum number of extracted files was exceeded. Some files may be missing in the report.

(0x200001b): The maximum number of file reputation requests per analysis (150) was exceeded.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\sysem.exe Dropped File Binary
Malicious
...
»
Also Known As asd.exe (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\asd.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 380.00 KB
MD5 7bb94c45ba183efc1f51177173340fac Copy to Clipboard
SHA1 bc91879493c4b8c2f62d7039c461b9c466e2cd39 Copy to Clipboard
SHA256 cb628880564aeaa6b2028705bb713569af3e286e02dc2186e48ff6828fe1380d Copy to Clipboard
SSDeep 3072:3EI+G+zzF+JBUu5VSRFjSOKk/+dPvw29SfM+MhIm5n3+fEDDR0UZiW:0y+F+gu5VSaw+5wKSfM+mIm5n3RDRR Copy to Clipboard
ImpHash d1c55ba810feded0b745004564419b5c Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-08-30 13:07 (UTC+2)
Last Seen 2019-08-31 19:44 (UTC+2)
Names Win32.Trojan.Waldek
Families Waldek
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x44500e
Size Of Code 0x5da00
Size Of Initialized Data 0x1200
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1970-01-01 00:00:00+00:00
Version Information (2)
»
FileVersion 2.1.0
ProductVersion 1.1.0.0
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.data 0x401000 0x164 0x200 0x400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.31
.CRT 0x402000 0x1 0x200 0x600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.02
.rsrc 0x403000 0x4a0 0x600 0x800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.09
.idata 0x404000 0xa8 0x200 0xe00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.44
.tls 0x405000 0x20 0x200 0x1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.11
.text 0x406000 0x5d8b9 0x5da00 0x1200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 4.47
.pdata 0x464000 0x274 0x400 0x5ec00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.88
Imports (2)
»
ADVAPI32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AddAccessAllowedAce 0x0 0x404060 0x4058 0xe58 0x0
WINSCARD.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SCardEstablishContext 0x0 0x404088 0x4080 0xe80 0x0
Memory Dumps (130)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
asd.exe 3 0x00400000 0x00464FFF Relevant Image - 32-bit - False False
...
buffer 3 0x00160000 0x00160FFF First Execution - 32-bit 0x00160000 False False
...
buffer 3 0x00400000 0x0043DFFF First Execution - 32-bit 0x0042E298 False False
...
buffer 3 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00404238 False False
...
buffer 3 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00402AE8 False False
...
buffer 3 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004037BC False False
...
buffer 3 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00401110 False False
...
asd.exe 5 0x00400000 0x00464FFF Relevant Image - 32-bit - False False
...
buffer 5 0x00130000 0x00130FFF First Execution - 32-bit 0x00130000 False False
...
buffer 5 0x00400000 0x0043DFFF First Execution - 32-bit 0x0042E298 False False
...
buffer 5 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00404238 False False
...
buffer 5 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00402AE8 False False
...
buffer 5 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004037BC False False
...
buffer 5 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00401110 False False
...
sysem.exe 7 0x00400000 0x00464FFF Relevant Image - 32-bit - False False
...
buffer 7 0x00160000 0x00160FFF First Execution - 32-bit 0x00160000 False False
...
buffer 7 0x00400000 0x0043DFFF First Execution - 32-bit 0x0042E298 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00404238 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00402AE8 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004037BC False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00401110 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0040F190 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00410008 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0040B7C4 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00417D9C False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004130D4 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0042A628 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0042CCB8 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004298C4 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00421B38 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00415964 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00416000 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004228A8 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00426BE4 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00427168 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00425FB4 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00424424 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00411838 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041B258 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00428C10 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041435F False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004186C4 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00410588 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00405090 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00425000 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041B258 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041C000 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00411064 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00426FED False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00424E94 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0040FFDC False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041B258 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00411064 False False
...
buffer 7 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00426FED False False
...
sysem.exe 25 0x00400000 0x00464FFF Relevant Image - 32-bit - False False
...
buffer 25 0x001A0000 0x001A0FFF First Execution - 32-bit 0x001A0000 False False
...
buffer 25 0x00400000 0x0043DFFF First Execution - 32-bit 0x0042E298 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00404238 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00402AE8 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004037BC False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00401110 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0040F190 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00410008 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0040B7C4 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00417D9C False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004130D4 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0042A628 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0042CCB8 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004298C4 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00421B38 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00415964 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00416000 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004228A8 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00426BE4 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00427168 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00425FB4 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00424424 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00411838 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041234C False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00428C10 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00424E94 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00410588 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00426FED False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041B258 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00411064 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00402CF4 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004243E6 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00405174 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00427BB3 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00410588 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0042894B False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041B258 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00411064 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00426FED False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00427074 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004060E4 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004230CC False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00410588 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0042894B False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041B258 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00411064 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00405505 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00427074 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00423150 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00421B38 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0040FCEC False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0042894B False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041B258 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00426FED False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00424E94 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00423670 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0040FFDC False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00410588 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00411064 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041D3EC False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0042894B False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00426FED False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00425681 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00427BB3 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00410588 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0042894B False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041B258 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00411064 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00426FED False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x004063B2 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00428725 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00425000 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00410588 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x00411064 False False
...
buffer 25 0x00400000 0x0043DFFF Content Changed - 32-bit 0x0041D3EC False False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Razy.548673
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\29. 08. 2019 .scr Sample File Binary
Blacklisted
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 350.10 KB
MD5 6b0b05fd4c9430ba6ec429884d82feae Copy to Clipboard
SHA1 7b17015b22849923b056a13a7d36d56ee0dee224 Copy to Clipboard
SHA256 6a5daad151a85ad064aeb9f610a0c98aaa2933252b3b09f18e3e34d7e531c666 Copy to Clipboard
SSDeep 6144:Q7eZ+LWGDlm4aaEt2GoyN6pB+DnDfuA6ClmKVqbPZTMQf+t/5BvWhFSuIH6YcNXw:SnLWElmXlw5GDfuTClxIbhT9WtRBvOFE Copy to Clipboard
ImpHash 3abe302b6d9a1256e6a915429af4ffd2 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-08-29 23:10 (UTC+2)
Last Seen 2019-09-01 20:24 (UTC+2)
Names Win32.Trojan.Dybmia
Families Dybmia
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x40320c
Size Of Code 0x6400
Size Of Initialized Data 0x27c00
Size Of Uninitialized Data 0x400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2018-12-15 22:24:41+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x628f 0x6400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.44
.rdata 0x408000 0x135c 0x1400 0x6800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.24
.data 0x40a000 0x25518 0x600 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.05
.ndata 0x430000 0x8000 0x0 0x0 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x438000 0x20f8 0x2200 0x8200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.61
Imports (7)
»
KERNEL32.dll (61)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTempPathA 0x0 0x408070 0x864c 0x6e4c 0x1d5
GetFileSize 0x0 0x408074 0x8650 0x6e50 0x163
GetModuleFileNameA 0x0 0x408078 0x8654 0x6e54 0x17d
GetCurrentProcess 0x0 0x40807c 0x8658 0x6e58 0x142
CopyFileA 0x0 0x408080 0x865c 0x6e5c 0x43
ExitProcess 0x0 0x408084 0x8660 0x6e60 0xb9
SetEnvironmentVariableA 0x0 0x408088 0x8664 0x6e64 0x313
Sleep 0x0 0x40808c 0x8668 0x6e68 0x356
GetTickCount 0x0 0x408090 0x866c 0x6e6c 0x1df
GetCommandLineA 0x0 0x408094 0x8670 0x6e70 0x110
lstrlenA 0x0 0x408098 0x8674 0x6e74 0x3cc
GetVersion 0x0 0x40809c 0x8678 0x6e78 0x1e8
SetErrorMode 0x0 0x4080a0 0x867c 0x6e7c 0x315
lstrcpynA 0x0 0x4080a4 0x8680 0x6e80 0x3c9
GetDiskFreeSpaceA 0x0 0x4080a8 0x8684 0x6e84 0x14d
GlobalUnlock 0x0 0x4080ac 0x8688 0x6e88 0x20a
GetWindowsDirectoryA 0x0 0x4080b0 0x868c 0x6e8c 0x1f3
SetCurrentDirectoryA 0x0 0x4080b4 0x8690 0x6e90 0x30a
GetLastError 0x0 0x4080b8 0x8694 0x6e94 0x171
CreateDirectoryA 0x0 0x4080bc 0x8698 0x6e98 0x4b
CreateProcessA 0x0 0x4080c0 0x869c 0x6e9c 0x66
RemoveDirectoryA 0x0 0x4080c4 0x86a0 0x6ea0 0x2c4
CreateFileA 0x0 0x4080c8 0x86a4 0x6ea4 0x53
GetTempFileNameA 0x0 0x4080cc 0x86a8 0x6ea8 0x1d3
ReadFile 0x0 0x4080d0 0x86ac 0x6eac 0x2b5
WriteFile 0x0 0x4080d4 0x86b0 0x6eb0 0x3a4
lstrcpyA 0x0 0x4080d8 0x86b4 0x6eb4 0x3c6
MoveFileExA 0x0 0x4080dc 0x86b8 0x6eb8 0x26f
lstrcatA 0x0 0x4080e0 0x86bc 0x6ebc 0x3bd
GetSystemDirectoryA 0x0 0x4080e4 0x86c0 0x6ec0 0x1c1
GetProcAddress 0x0 0x4080e8 0x86c4 0x6ec4 0x1a0
GetExitCodeProcess 0x0 0x4080ec 0x86c8 0x6ec8 0x15a
WaitForSingleObject 0x0 0x4080f0 0x86cc 0x6ecc 0x390
CompareFileTime 0x0 0x4080f4 0x86d0 0x6ed0 0x39
SetFileAttributesA 0x0 0x4080f8 0x86d4 0x6ed4 0x319
GetFileAttributesA 0x0 0x4080fc 0x86d8 0x6ed8 0x15e
GetShortPathNameA 0x0 0x408100 0x86dc 0x6edc 0x1b5
MoveFileA 0x0 0x408104 0x86e0 0x6ee0 0x26e
GetFullPathNameA 0x0 0x408108 0x86e4 0x6ee4 0x169
SetFileTime 0x0 0x40810c 0x86e8 0x6ee8 0x31f
SearchPathA 0x0 0x408110 0x86ec 0x6eec 0x2db
CloseHandle 0x0 0x408114 0x86f0 0x6ef0 0x34
lstrcmpiA 0x0 0x408118 0x86f4 0x6ef4 0x3c3
CreateThread 0x0 0x40811c 0x86f8 0x6ef8 0x6f
GlobalLock 0x0 0x408120 0x86fc 0x6efc 0x203
lstrcmpA 0x0 0x408124 0x8700 0x6f00 0x3c0
FindFirstFileA 0x0 0x408128 0x8704 0x6f04 0xd2
FindNextFileA 0x0 0x40812c 0x8708 0x6f08 0xdc
DeleteFileA 0x0 0x408130 0x870c 0x6f0c 0x83
SetFilePointer 0x0 0x408134 0x8710 0x6f10 0x31b
GetPrivateProfileStringA 0x0 0x408138 0x8714 0x6f14 0x19c
FindClose 0x0 0x40813c 0x8718 0x6f18 0xce
MultiByteToWideChar 0x0 0x408140 0x871c 0x6f1c 0x275
FreeLibrary 0x0 0x408144 0x8720 0x6f20 0xf8
MulDiv 0x0 0x408148 0x8724 0x6f24 0x274
WritePrivateProfileStringA 0x0 0x40814c 0x8728 0x6f28 0x3a9
LoadLibraryExA 0x0 0x408150 0x872c 0x6f2c 0x253
GetModuleHandleA 0x0 0x408154 0x8730 0x6f30 0x17f
GlobalAlloc 0x0 0x408158 0x8734 0x6f34 0x1f8
GlobalFree 0x0 0x40815c 0x8738 0x6f38 0x1ff
ExpandEnvironmentStringsA 0x0 0x408160 0x873c 0x6f3c 0xbc
USER32.dll (63)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ScreenToClient 0x0 0x408184 0x8760 0x6f60 0x231
GetSystemMenu 0x0 0x408188 0x8764 0x6f64 0x15c
SetClassLongA 0x0 0x40818c 0x8768 0x6f68 0x247
IsWindowEnabled 0x0 0x408190 0x876c 0x6f6c 0x1ae
SetWindowPos 0x0 0x408194 0x8770 0x6f70 0x283
GetSysColor 0x0 0x408198 0x8774 0x6f74 0x15a
GetWindowLongA 0x0 0x40819c 0x8778 0x6f78 0x16e
SetCursor 0x0 0x4081a0 0x877c 0x6f7c 0x24d
LoadCursorA 0x0 0x4081a4 0x8780 0x6f80 0x1ba
CheckDlgButton 0x0 0x4081a8 0x8784 0x6f84 0x38
GetMessagePos 0x0 0x4081ac 0x8788 0x6f88 0x13c
LoadBitmapA 0x0 0x4081b0 0x878c 0x6f8c 0x1b8
CallWindowProcA 0x0 0x4081b4 0x8790 0x6f90 0x1b
IsWindowVisible 0x0 0x4081b8 0x8794 0x6f94 0x1b1
CloseClipboard 0x0 0x4081bc 0x8798 0x6f98 0x42
SetClipboardData 0x0 0x4081c0 0x879c 0x6f9c 0x24a
EmptyClipboard 0x0 0x4081c4 0x87a0 0x6fa0 0xc1
PostQuitMessage 0x0 0x4081c8 0x87a4 0x6fa4 0x204
GetWindowRect 0x0 0x4081cc 0x87a8 0x6fa8 0x174
EnableMenuItem 0x0 0x4081d0 0x87ac 0x6fac 0xc2
CreatePopupMenu 0x0 0x4081d4 0x87b0 0x6fb0 0x5e
GetSystemMetrics 0x0 0x4081d8 0x87b4 0x6fb4 0x15d
SetDlgItemTextA 0x0 0x4081dc 0x87b8 0x6fb8 0x253
GetDlgItemTextA 0x0 0x4081e0 0x87bc 0x6fbc 0x113
MessageBoxIndirectA 0x0 0x4081e4 0x87c0 0x6fc0 0x1e2
CharPrevA 0x0 0x4081e8 0x87c4 0x6fc4 0x2d
DispatchMessageA 0x0 0x4081ec 0x87c8 0x6fc8 0xa1
PeekMessageA 0x0 0x4081f0 0x87cc 0x6fcc 0x200
ReleaseDC 0x0 0x4081f4 0x87d0 0x6fd0 0x22a
EnableWindow 0x0 0x4081f8 0x87d4 0x6fd4 0xc4
InvalidateRect 0x0 0x4081fc 0x87d8 0x6fd8 0x193
SendMessageA 0x0 0x408200 0x87dc 0x6fdc 0x23b
DefWindowProcA 0x0 0x408204 0x87e0 0x6fe0 0x8e
BeginPaint 0x0 0x408208 0x87e4 0x6fe4 0xd
GetClientRect 0x0 0x40820c 0x87e8 0x6fe8 0xff
FillRect 0x0 0x408210 0x87ec 0x6fec 0xe2
DrawTextA 0x0 0x408214 0x87f0 0x6ff0 0xbc
EndDialog 0x0 0x408218 0x87f4 0x6ff4 0xc6
RegisterClassA 0x0 0x40821c 0x87f8 0x6ff8 0x216
SystemParametersInfoA 0x0 0x408220 0x87fc 0x6ffc 0x299
CreateWindowExA 0x0 0x408224 0x8800 0x7000 0x60
GetClassInfoA 0x0 0x408228 0x8804 0x7004 0xf6
DialogBoxParamA 0x0 0x40822c 0x8808 0x7008 0x9e
CharNextA 0x0 0x408230 0x880c 0x700c 0x2a
ExitWindowsEx 0x0 0x408234 0x8810 0x7010 0xe1
GetDC 0x0 0x408238 0x8814 0x7014 0x10c
CreateDialogParamA 0x0 0x40823c 0x8818 0x7018 0x55
SetTimer 0x0 0x408240 0x881c 0x701c 0x27a
GetDlgItem 0x0 0x408244 0x8820 0x7020 0x111
SetWindowLongA 0x0 0x408248 0x8824 0x7024 0x280
SetForegroundWindow 0x0 0x40824c 0x8828 0x7028 0x257
LoadImageA 0x0 0x408250 0x882c 0x702c 0x1c0
IsWindow 0x0 0x408254 0x8830 0x7030 0x1ad
SendMessageTimeoutA 0x0 0x408258 0x8834 0x7034 0x23e
FindWindowExA 0x0 0x40825c 0x8838 0x7038 0xe4
OpenClipboard 0x0 0x408260 0x883c 0x703c 0x1f6
TrackPopupMenu 0x0 0x408264 0x8840 0x7040 0x2a4
AppendMenuA 0x0 0x408268 0x8844 0x7044 0x8
EndPaint 0x0 0x40826c 0x8848 0x7048 0xc8
DestroyWindow 0x0 0x408270 0x884c 0x704c 0x99
wsprintfA 0x0 0x408274 0x8850 0x7050 0x2d7
ShowWindow 0x0 0x408278 0x8854 0x7054 0x292
SetWindowTextA 0x0 0x40827c 0x8858 0x7058 0x286
GDI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SelectObject 0x0 0x40804c 0x8628 0x6e28 0x20e
SetBkMode 0x0 0x408050 0x862c 0x6e2c 0x216
CreateFontIndirectA 0x0 0x408054 0x8630 0x6e30 0x3a
SetTextColor 0x0 0x408058 0x8634 0x6e34 0x23c
DeleteObject 0x0 0x40805c 0x8638 0x6e38 0x8f
GetDeviceCaps 0x0 0x408060 0x863c 0x6e3c 0x16b
CreateBrushIndirect 0x0 0x408064 0x8640 0x6e40 0x29
SetBkColor 0x0 0x408068 0x8644 0x6e44 0x215
SHELL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetSpecialFolderLocation 0x0 0x408168 0x8744 0x6f44 0xc3
ShellExecuteExA 0x0 0x40816c 0x8748 0x6f48 0x109
SHGetPathFromIDListA 0x0 0x408170 0x874c 0x6f4c 0xbc
SHBrowseForFolderA 0x0 0x408174 0x8750 0x6f50 0x79
SHGetFileInfoA 0x0 0x408178 0x8754 0x6f54 0xac
SHFileOperationA 0x0 0x40817c 0x8758 0x6f58 0x9a
ADVAPI32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustTokenPrivileges 0x0 0x408000 0x85dc 0x6ddc 0x1c
RegCreateKeyExA 0x0 0x408004 0x85e0 0x6de0 0x1d1
RegOpenKeyExA 0x0 0x408008 0x85e4 0x6de4 0x1ec
SetFileSecurityA 0x0 0x40800c 0x85e8 0x6de8 0x22e
OpenProcessToken 0x0 0x408010 0x85ec 0x6dec 0x1ac
LookupPrivilegeValueA 0x0 0x408014 0x85f0 0x6df0 0x14f
RegEnumValueA 0x0 0x408018 0x85f4 0x6df4 0x1e1
RegDeleteKeyA 0x0 0x40801c 0x85f8 0x6df8 0x1d4
RegDeleteValueA 0x0 0x408020 0x85fc 0x6dfc 0x1d8
RegCloseKey 0x0 0x408024 0x8600 0x6e00 0x1cb
RegSetValueExA 0x0 0x408028 0x8604 0x6e04 0x204
RegQueryValueExA 0x0 0x40802c 0x8608 0x6e08 0x1f7
RegEnumKeyA 0x0 0x408030 0x860c 0x6e0c 0x1dd
COMCTL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_Create 0x0 0x408038 0x8614 0x6e14 0x37
ImageList_AddMasked 0x0 0x40803c 0x8618 0x6e18 0x34
ImageList_Destroy 0x0 0x408040 0x861c 0x6e1c 0x38
(by ordinal) 0x11 0x408044 0x8620 0x6e20 -
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleUninitialize 0x0 0x408284 0x8860 0x7060 0x105
OleInitialize 0x0 0x408288 0x8864 0x7064 0xee
CoTaskMemFree 0x0 0x40828c 0x8868 0x7068 0x65
CoCreateInstance 0x0 0x408290 0x886c 0x706c 0x10
Icons (1)
»
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
29. 08. 2019 .scr 1 0x00400000 0x0043AFFF Relevant Image - 32-bit - False False
...
29. 08. 2019 .scr 1 0x00400000 0x0043AFFF Final Dump - 32-bit - False False
...
29. 08. 2019 .scr 1 0x00400000 0x0043AFFF Process Termination - 32-bit - False False
...
C:\Users\5P5NRG~1\AppData\Local\Temp\LDP.exe Dropped File Binary
Blacklisted
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 389.52 KB
MD5 831a500491141f10ed4025070a06268f Copy to Clipboard
SHA1 1cf3cd0476c5cf42cb835c301d2ec5abbf961d2f Copy to Clipboard
SHA256 e7c23a1594429094ca4df29b3c24eb893155a64c35582b46ce7ff5e75d54b0fb Copy to Clipboard
SSDeep 12288:z9UPHFt8T+tc/ZIdcIbhT1WtRB1OFSuZcOX9AI:z9qFt+xwcZWXZcOXmI Copy to Clipboard
ImpHash c127345c03c7eb109783c6cc61e16834 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-08-29 23:10 (UTC+2)
Last Seen 2019-09-01 01:16 (UTC+2)
Names Win32.Trojan.Dybmia
Families Dybmia
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x41250b
Size Of Code 0x23600
Size Of Initialized Data 0x1a800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-04-02 08:03:24+00:00
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x23483 0x23600 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.67
.rdata 0x425000 0x9070 0x9200 0x23a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.11
.data 0x42f000 0x329f8 0xc00 0x2cc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.71
.gfids 0x462000 0xf4 0x200 0x2d800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.16
.rsrc 0x463000 0xe034 0xe200 0x2da00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.8
.reloc 0x472000 0x2514 0x2600 0x3bc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.69
Imports (2)
»
KERNEL32.dll (123)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetLastError 0x0 0x425000 0x2d4a0 0x2bea0 0x202
SetLastError 0x0 0x425004 0x2d4a4 0x2bea4 0x473
GetFileType 0x0 0x425008 0x2d4a8 0x2bea8 0x1f3
GetStdHandle 0x0 0x42500c 0x2d4ac 0x2beac 0x264
WriteFile 0x0 0x425010 0x2d4b0 0x2beb0 0x525
ReadFile 0x0 0x425014 0x2d4b4 0x2beb4 0x3c0
FlushFileBuffers 0x0 0x425018 0x2d4b8 0x2beb8 0x157
SetEndOfFile 0x0 0x42501c 0x2d4bc 0x2bebc 0x453
SetFilePointer 0x0 0x425020 0x2d4c0 0x2bec0 0x466
SetFileTime 0x0 0x425024 0x2d4c4 0x2bec4 0x46a
CloseHandle 0x0 0x425028 0x2d4c8 0x2bec8 0x52
CreateFileW 0x0 0x42502c 0x2d4cc 0x2becc 0x8f
CreateDirectoryW 0x0 0x425030 0x2d4d0 0x2bed0 0x81
SetFileAttributesW 0x0 0x425034 0x2d4d4 0x2bed4 0x461
GetFileAttributesW 0x0 0x425038 0x2d4d8 0x2bed8 0x1ea
DeleteFileW 0x0 0x42503c 0x2d4dc 0x2bedc 0xd6
MoveFileW 0x0 0x425040 0x2d4e0 0x2bee0 0x363
FindClose 0x0 0x425044 0x2d4e4 0x2bee4 0x12e
FindFirstFileW 0x0 0x425048 0x2d4e8 0x2bee8 0x139
FindNextFileW 0x0 0x42504c 0x2d4ec 0x2beec 0x145
GetVersionExW 0x0 0x425050 0x2d4f0 0x2bef0 0x2a4
GetCurrentDirectoryW 0x0 0x425054 0x2d4f4 0x2bef4 0x1bf
GetFullPathNameW 0x0 0x425058 0x2d4f8 0x2bef8 0x1fb
FoldStringW 0x0 0x42505c 0x2d4fc 0x2befc 0x15c
GetModuleFileNameW 0x0 0x425060 0x2d500 0x2bf00 0x214
GetModuleHandleW 0x0 0x425064 0x2d504 0x2bf04 0x218
FindResourceW 0x0 0x425068 0x2d508 0x2bf08 0x14e
FreeLibrary 0x0 0x42506c 0x2d50c 0x2bf0c 0x162
GetProcAddress 0x0 0x425070 0x2d510 0x2bf10 0x245
GetCurrentProcessId 0x0 0x425074 0x2d514 0x2bf14 0x1c1
ExitProcess 0x0 0x425078 0x2d518 0x2bf18 0x119
Sleep 0x0 0x42507c 0x2d51c 0x2bf1c 0x4b2
LoadLibraryW 0x0 0x425080 0x2d520 0x2bf20 0x33f
GetSystemDirectoryW 0x0 0x425084 0x2d524 0x2bf24 0x270
CompareStringW 0x0 0x425088 0x2d528 0x2bf28 0x64
AllocConsole 0x0 0x42508c 0x2d52c 0x2bf2c 0x10
FreeConsole 0x0 0x425090 0x2d530 0x2bf30 0x15f
AttachConsole 0x0 0x425094 0x2d534 0x2bf34 0x17
WriteConsoleW 0x0 0x425098 0x2d538 0x2bf38 0x524
TzSpecificLocalTimeToSystemTime 0x0 0x42509c 0x2d53c 0x2bf3c 0x4d0
SystemTimeToFileTime 0x0 0x4250a0 0x2d540 0x2bf40 0x4bd
FileTimeToLocalFileTime 0x0 0x4250a4 0x2d544 0x2bf44 0x124
LocalFileTimeToFileTime 0x0 0x4250a8 0x2d548 0x2bf48 0x346
FileTimeToSystemTime 0x0 0x4250ac 0x2d54c 0x2bf4c 0x125
GetCPInfo 0x0 0x4250b0 0x2d550 0x2bf50 0x172
IsDBCSLeadByte 0x0 0x4250b4 0x2d554 0x2bf54 0x2fe
MultiByteToWideChar 0x0 0x4250b8 0x2d558 0x2bf58 0x367
WideCharToMultiByte 0x0 0x4250bc 0x2d55c 0x2bf5c 0x511
GlobalAlloc 0x0 0x4250c0 0x2d560 0x2bf60 0x2b3
GetTickCount 0x0 0x4250c4 0x2d564 0x2bf64 0x293
LockResource 0x0 0x4250c8 0x2d568 0x2bf68 0x354
GlobalLock 0x0 0x4250cc 0x2d56c 0x2bf6c 0x2be
GlobalUnlock 0x0 0x4250d0 0x2d570 0x2bf70 0x2c5
GlobalFree 0x0 0x4250d4 0x2d574 0x2bf74 0x2ba
LoadResource 0x0 0x4250d8 0x2d578 0x2bf78 0x341
SizeofResource 0x0 0x4250dc 0x2d57c 0x2bf7c 0x4b1
SetCurrentDirectoryW 0x0 0x4250e0 0x2d580 0x2bf80 0x44d
GetExitCodeProcess 0x0 0x4250e4 0x2d584 0x2bf84 0x1df
WaitForSingleObject 0x0 0x4250e8 0x2d588 0x2bf88 0x4f9
GetLocalTime 0x0 0x4250ec 0x2d58c 0x2bf8c 0x203
MapViewOfFile 0x0 0x4250f0 0x2d590 0x2bf90 0x357
UnmapViewOfFile 0x0 0x4250f4 0x2d594 0x2bf94 0x4d6
CreateFileMappingW 0x0 0x4250f8 0x2d598 0x2bf98 0x8c
OpenFileMappingW 0x0 0x4250fc 0x2d59c 0x2bf9c 0x379
GetCommandLineW 0x0 0x425100 0x2d5a0 0x2bfa0 0x187
SetEnvironmentVariableW 0x0 0x425104 0x2d5a4 0x2bfa4 0x457
ExpandEnvironmentStringsW 0x0 0x425108 0x2d5a8 0x2bfa8 0x11d
GetTempPathW 0x0 0x42510c 0x2d5ac 0x2bfac 0x285
MoveFileExW 0x0 0x425110 0x2d5b0 0x2bfb0 0x360
GetLocaleInfoW 0x0 0x425114 0x2d5b4 0x2bfb4 0x206
GetTimeFormatW 0x0 0x425118 0x2d5b8 0x2bfb8 0x297
GetDateFormatW 0x0 0x42511c 0x2d5bc 0x2bfbc 0x1c8
GetNumberFormatW 0x0 0x425120 0x2d5c0 0x2bfc0 0x233
SetFilePointerEx 0x0 0x425124 0x2d5c4 0x2bfc4 0x467
GetConsoleMode 0x0 0x425128 0x2d5c8 0x2bfc8 0x1ac
GetConsoleCP 0x0 0x42512c 0x2d5cc 0x2bfcc 0x19a
HeapSize 0x0 0x425130 0x2d5d0 0x2bfd0 0x2d4
SetStdHandle 0x0 0x425134 0x2d5d4 0x2bfd4 0x487
GetProcessHeap 0x0 0x425138 0x2d5d8 0x2bfd8 0x24a
RaiseException 0x0 0x42513c 0x2d5dc 0x2bfdc 0x3b1
GetSystemInfo 0x0 0x425140 0x2d5e0 0x2bfe0 0x273
VirtualProtect 0x0 0x425144 0x2d5e4 0x2bfe4 0x4ef
VirtualQuery 0x0 0x425148 0x2d5e8 0x2bfe8 0x4f1
LoadLibraryExA 0x0 0x42514c 0x2d5ec 0x2bfec 0x33d
IsProcessorFeaturePresent 0x0 0x425150 0x2d5f0 0x2bff0 0x304
IsDebuggerPresent 0x0 0x425154 0x2d5f4 0x2bff4 0x300
UnhandledExceptionFilter 0x0 0x425158 0x2d5f8 0x2bff8 0x4d3
SetUnhandledExceptionFilter 0x0 0x42515c 0x2d5fc 0x2bffc 0x4a5
GetStartupInfoW 0x0 0x425160 0x2d600 0x2c000 0x263
QueryPerformanceCounter 0x0 0x425164 0x2d604 0x2c004 0x3a7
GetCurrentThreadId 0x0 0x425168 0x2d608 0x2c008 0x1c5
GetSystemTimeAsFileTime 0x0 0x42516c 0x2d60c 0x2c00c 0x279
InitializeSListHead 0x0 0x425170 0x2d610 0x2c010 0x2e7
GetCurrentProcess 0x0 0x425174 0x2d614 0x2c014 0x1c0
TerminateProcess 0x0 0x425178 0x2d618 0x2c018 0x4c0
RtlUnwind 0x0 0x42517c 0x2d61c 0x2c01c 0x418
EncodePointer 0x0 0x425180 0x2d620 0x2c020 0xea
EnterCriticalSection 0x0 0x425184 0x2d624 0x2c024 0xee
LeaveCriticalSection 0x0 0x425188 0x2d628 0x2c028 0x339
DeleteCriticalSection 0x0 0x42518c 0x2d62c 0x2c02c 0xd1
InitializeCriticalSectionAndSpinCount 0x0 0x425190 0x2d630 0x2c030 0x2e3
TlsAlloc 0x0 0x425194 0x2d634 0x2c034 0x4c5
TlsGetValue 0x0 0x425198 0x2d638 0x2c038 0x4c7
TlsSetValue 0x0 0x42519c 0x2d63c 0x2c03c 0x4c8
TlsFree 0x0 0x4251a0 0x2d640 0x2c040 0x4c6
LoadLibraryExW 0x0 0x4251a4 0x2d644 0x2c044 0x33e
QueryPerformanceFrequency 0x0 0x4251a8 0x2d648 0x2c048 0x3a8
GetModuleHandleExW 0x0 0x4251ac 0x2d64c 0x2c04c 0x217
GetModuleFileNameA 0x0 0x4251b0 0x2d650 0x2c050 0x213
GetACP 0x0 0x4251b4 0x2d654 0x2c054 0x168
HeapFree 0x0 0x4251b8 0x2d658 0x2c058 0x2cf
HeapAlloc 0x0 0x4251bc 0x2d65c 0x2c05c 0x2cb
HeapReAlloc 0x0 0x4251c0 0x2d660 0x2c060 0x2d2
GetStringTypeW 0x0 0x4251c4 0x2d664 0x2c064 0x269
LCMapStringW 0x0 0x4251c8 0x2d668 0x2c068 0x32d
FindFirstFileExA 0x0 0x4251cc 0x2d66c 0x2c06c 0x133
FindNextFileA 0x0 0x4251d0 0x2d670 0x2c070 0x143
IsValidCodePage 0x0 0x4251d4 0x2d674 0x2c074 0x30a
GetOEMCP 0x0 0x4251d8 0x2d678 0x2c078 0x237
GetCommandLineA 0x0 0x4251dc 0x2d67c 0x2c07c 0x186
GetEnvironmentStringsW 0x0 0x4251e0 0x2d680 0x2c080 0x1da
FreeEnvironmentStringsW 0x0 0x4251e4 0x2d684 0x2c084 0x161
DecodePointer 0x0 0x4251e8 0x2d688 0x2c088 0xca
gdiplus.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdiplusShutdown 0x0 0x4251f0 0x2d690 0x2c090 0x274
GdiplusStartup 0x0 0x4251f4 0x2d694 0x2c094 0x275
GdipCreateHBITMAPFromBitmap 0x0 0x4251f8 0x2d698 0x2c098 0x5f
GdipCreateBitmapFromStreamICM 0x0 0x4251fc 0x2d69c 0x2c09c 0x52
GdipCreateBitmapFromStream 0x0 0x425200 0x2d6a0 0x2c0a0 0x51
GdipDisposeImage 0x0 0x425204 0x2d6a4 0x2c0a4 0x98
GdipCloneImage 0x0 0x425208 0x2d6a8 0x2c0a8 0x36
GdipFree 0x0 0x42520c 0x2d6ac 0x2c0ac 0xed
GdipAlloc 0x0 0x425210 0x2d6b0 0x2c0b0 0x21
Icons (1)
»
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
ldp.exe 2 0x00BB0000 0x00C24FFF Relevant Image - 32-bit - False False
...
ldp.exe 2 0x00BB0000 0x00C24FFF Process Termination - 32-bit - False False
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM Modified File Text
Whitelisted
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\jWXSkMhS49ChdQXj06CQystbmrs.lbkut (Dropped File)
Mime Type text/html
File Size 1.90 KB
MD5 8334bb7c49213d435ec0e695066704e2 Copy to Clipboard
SHA1 5497ac3426fe931b1f07cd9aa15666740f3a6d2f Copy to Clipboard
SHA256 52f98ec060b0c0e11a2abdf5cf31283d30a63ade5b05c70c660212577b974365 Copy to Clipboard
SSDeep 48:vzdJb3zTE0xH6VOnSN4SNLSNzJZNGSxS4GSx/SrDeBSX5Db7NUO:rdJLzTvxH+OSNJN+NzJjkewPpDb7NUO Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
Embedded URLs (1)
»
URL First Seen Categories Threat Names Reputation Status WHOIS Data
http://r.office.microsoft.com/r/rlidOOOff14KnownIssues?clid=1033 - infrastructure -
Whitelisted
Not Queried
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\я Dropped File Stream
Whitelisted
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\shatter\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\videowall\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\EQUATION\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\pets\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\rectangles\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\vignette\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\я (Dropped File)
C:\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\full\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\babyboy\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\resizingpanels\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\stacking\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\sports\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\huecycle\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\specialoccasion\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\memories\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\performance\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\babygirl\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\push\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\flippage\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\Stationery\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\dvd maker\shared\dvdstyles\layeredtitles\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\я (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\я (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\resources\1033\я (Dropped File)
Mime Type application/octet-stream
File Size 1 bytes
MD5 93b885adfe0da089cdf634904fd59f71 Copy to Clipboard
SHA1 5ba93c9db0cff93f52b521d7420e43f6eda2784f Copy to Clipboard
SHA256 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2011-05-31 22:44 (UTC+2)
Last Seen 2019-08-20 23:34 (UTC+2)
C:\BOOTSECT.BAK Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 8.00 KB
MD5 14bd5376e096a37638a181b97ce41e4c Copy to Clipboard
SHA1 3c2b34613b2b2c20c62d8358395fbc63bd06281c Copy to Clipboard
SHA256 4529dec7f919ae5cce2db5f380290f376da22d8975ac5b90e2ddd0a3a524c050 Copy to Clipboard
SSDeep 96:vzDaidCuhFwDG+8A4PtbiW+uGGfz/+vWVrQUqDayFB3d4m:7Oid3zwDGIOtbiW4q/+ZUgBN4m Copy to Clipboard
C:\1cSrgADk1MvICnu4uvTWPDBMe3th6FTi.lbkut Dropped File Stream
Unknown
...
»
Also Known As C:\BOOTSECT.BAK (Modified File)
Mime Type application/octet-stream
File Size 8.20 KB
MD5 79d34cba5759c3084482241f8b4d631b Copy to Clipboard
SHA1 155dcefe3e86a4c26b87f974c6312ea9e1227462 Copy to Clipboard
SHA256 3e3a32315b0500385f1a96eee31e16add8f6b86b733438987eef158ddc347716 Copy to Clipboard
SSDeep 96:WtbKo86feCe/Q14PtbiW+uGGfz/+vWVrQUqDayFB3d4A+e:Wscf8I1OtbiW4q/+ZUgBN4AZ Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\EQUATION\bHhi52zghL012uV9OCZWYhLAKaj8zYXI.lbkut (Dropped File)
Mime Type text/plain
File Size 2.50 KB
MD5 4537465e8ea20412de3b7c1d37e1ff8f Copy to Clipboard
SHA1 112e6aca1afe0ec644f42f0aeb5cdcb865321bc2 Copy to Clipboard
SHA256 5dc3b998d1d57b19bba2bf341529b56dbc6b34f6731c98510b9a7e8f3c80cbaf Copy to Clipboard
SSDeep 48:UlRHc3gyWTjgfGjOY9mXTbk2hXBkwKQnwbfwfwWELuF90:UlRHcgyWXXydXTbkkWwKQnwbfwfwWELb Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP Modified File Unknown
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\EQUATION\05XxLV4gafDMXmre0IXV8zGvckuyTpEZ.lbkut (Dropped File)
Mime Type application/winhelp
File Size 172.18 KB
MD5 7a82a0048dd015ee6514e10a47032874 Copy to Clipboard
SHA1 64bce2fc1308ff7589d970e71431daa9516f870c Copy to Clipboard
SHA256 28a86588021c3c89494fe54300847d9a4d495ee27be0f667f5e625e42e417ca0 Copy to Clipboard
SSDeep 3072:WyUPCJNcEANAsHeEiZs81WdXyrSxGjcwmz:WaJN2BeEiZs81O4SxGjcwmz Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\j7yU7W=Z4J2IjitttkkXkwkgUUGmG5XK.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG (Modified File)
Mime Type text/plain
File Size 6.65 KB
MD5 09d9c7ad7b11f6d0becf4bba1fc5ed1b Copy to Clipboard
SHA1 e145bec65e4898268dbc923b1fb393829d1f7476 Copy to Clipboard
SHA256 ab7f0237149bf046400663b59615d8dd731829f40f7626c41880f676fe17dfd8 Copy to Clipboard
SSDeep 192:QxGCJFy8UHxc130YhrOJTQWOwI9x2MwdjbGF7YSBXPNfXKnTThITTSuv:QxJ48UHxc130YhrOJTQWOwI9x2MwdjbA Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT Modified File Binary
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\c9wuaH5Oj7gVZa88Rk9Efc7P+oa5PM0Z.lbkut (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 316.34 KB
MD5 030833c714868aa89eef2aec2dbd5040 Copy to Clipboard
SHA1 ae3026992be2410d32e34474f934f106f02384db Copy to Clipboard
SHA256 c6017dc814983ecb6a019fbababdde746c520dc14de23697268d7c50ac320f06 Copy to Clipboard
SSDeep 6144:/x0S8XiWWThUDZOuOiFGR4bRStylR1TLg9gBjHnmbl0/s:P8XGThUDZLOVR4bRS+LoCs Copy to Clipboard
ImpHash a207b302ed083df04b3bda7658ff8ad4 Copy to Clipboard
PE Information
»
Image Base 0x180000000
Entry Point 0x180036e90
Size Of Code 0x36600
Size Of Initialized Data 0x1ca00
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2010-12-20 18:42:43+00:00
Version Information (10)
»
CompanyName Microsoft Corporation
FileDescription CGM Import Filter
FileVersion 2010.1400.6015.1000
InternalName CGMIMP32
LegalCopyright Copyright (c) Microsoft Corporation. All rights reserved. Copyright (c) 1993-1996 Henderson Software Inc.
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename CGMIMP32.FLT
ProductName Microsoft Office 2010
ProductVersion 2010.1400.6015.1000
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x36498 0x36600 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.49
.rdata 0x180038000 0x7688 0x7800 0x36a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.41
.data 0x180040000 0x11c80 0xc400 0x3e200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.91
.pdata 0x180052000 0x1314 0x1400 0x4a600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.34
.rsrc 0x180054000 0x1b48 0x1c00 0x4ba00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.92
.reloc 0x180056000 0x3a8 0x400 0x4d600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.89
Imports (6)
»
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x180038000 0x3c3c0 0x3adc0 0x277
RegCreateKeyExA 0x0 0x180038008 0x3c3c8 0x3adc8 0x232
RegOpenKeyExA 0x0 0x180038010 0x3c3d0 0x3add0 0x25a
RegQueryValueExA 0x0 0x180038018 0x3c3d8 0x3add8 0x267
RegCloseKey 0x0 0x180038020 0x3c3e0 0x3ade0 0x22a
COMDLG32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ChooseColorA 0x0 0x180038030 0x3c3f0 0x3adf0 0x0
GDI32.dll (43)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteObject 0x0 0x180038040 0x3c400 0x3ae00 0xd0
CreateSolidBrush 0x0 0x180038048 0x3c408 0x3ae08 0x52
Rectangle 0x0 0x180038050 0x3c410 0x3ae10 0x246
SelectObject 0x0 0x180038058 0x3c418 0x3ae18 0x25e
GetStockObject 0x0 0x180038060 0x3c420 0x3ae20 0x1f4
CopyMetaFileA 0x0 0x180038068 0x3c428 0x3ae28 0x26
RestoreDC 0x0 0x180038070 0x3c430 0x3ae30 0x250
DeleteMetaFile 0x0 0x180038078 0x3c438 0x3ae38 0xcf
CloseMetaFile 0x0 0x180038080 0x3c440 0x3ae40 0x1e
RealizePalette 0x0 0x180038088 0x3c448 0x3ae48 0x243
SelectPalette 0x0 0x180038090 0x3c450 0x3ae50 0x25f
CreatePalette 0x0 0x180038098 0x3c458 0x3ae58 0x47
SetStretchBltMode 0x0 0x1800380a0 0x3c460 0x3ae60 0x289
SaveDC 0x0 0x1800380a8 0x3c468 0x3ae68 0x257
Escape 0x0 0x1800380b0 0x3c470 0x3ae70 0x119
CreateMetaFileA 0x0 0x1800380b8 0x3c478 0x3ae78 0x44
StretchDIBits 0x0 0x1800380c0 0x3c480 0x3ae80 0x29b
Polygon 0x0 0x1800380c8 0x3c488 0x3ae88 0x23d
SetROP2 0x0 0x1800380d0 0x3c490 0x3ae90 0x286
CreateDIBPatternBrush 0x0 0x1800380d8 0x3c498 0x3ae98 0x31
CreateFontIndirectA 0x0 0x1800380e0 0x3c4a0 0x3aea0 0x3b
SetTextAlign 0x0 0x1800380e8 0x3c4a8 0x3aea8 0x28b
SetBkMode 0x0 0x1800380f0 0x3c4b0 0x3aeb0 0x266
CreatePenIndirect 0x0 0x1800380f8 0x3c4b8 0x3aeb8 0x4a
CreateBrushIndirect 0x0 0x180038100 0x3c4c0 0x3aec0 0x2a
GetTextMetricsA 0x0 0x180038108 0x3c4c8 0x3aec8 0x20c
SetTextColor 0x0 0x180038110 0x3c4d0 0x3aed0 0x28d
Polyline 0x0 0x180038118 0x3c4d8 0x3aed8 0x23e
PolyPolygon 0x0 0x180038120 0x3c4e0 0x3aee0 0x239
Ellipse 0x0 0x180038128 0x3c4e8 0x3aee8 0xd9
IntersectClipRect 0x0 0x180038130 0x3c4f0 0x3aef0 0x217
SelectClipRgn 0x0 0x180038138 0x3c4f8 0x3aef8 0x25c
GetCharABCWidthsA 0x0 0x180038140 0x3c500 0x3af00 0x19b
GetTextExtentPoint32A 0x0 0x180038148 0x3c508 0x3af08 0x204
SetTextCharacterExtra 0x0 0x180038150 0x3c510 0x3af10 0x28c
CreateRectRgn 0x0 0x180038158 0x3c518 0x3af18 0x4d
SetWindowExtEx 0x0 0x180038160 0x3c520 0x3af20 0x293
SetWindowOrgEx 0x0 0x180038168 0x3c528 0x3af28 0x294
TextOutA 0x0 0x180038170 0x3c530 0x3af30 0x29f
DeleteDC 0x0 0x180038178 0x3c538 0x3af38 0xcd
CreateFontA 0x0 0x180038180 0x3c540 0x3af40 0x3a
CreateICA 0x0 0x180038188 0x3c548 0x3af48 0x42
GetGlyphOutlineA 0x0 0x180038190 0x3c550 0x3af50 0x1ca
KERNEL32.dll (40)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RaiseException 0x0 0x1800381a0 0x3c560 0x3af60 0x354
_lclose 0x0 0x1800381a8 0x3c568 0x3af68 0x4a6
_lread 0x0 0x1800381b0 0x3c570 0x3af70 0x4ab
_lopen 0x0 0x1800381b8 0x3c578 0x3af78 0x4aa
_llseek 0x0 0x1800381c0 0x3c580 0x3af80 0x4a8
GlobalUnlock 0x0 0x1800381c8 0x3c588 0x3af88 0x297
GlobalLock 0x0 0x1800381d0 0x3c590 0x3af90 0x290
GlobalAlloc 0x0 0x1800381d8 0x3c598 0x3af98 0x285
lstrcmpA 0x0 0x1800381e0 0x3c5a0 0x3afa0 0x4b1
_lwrite 0x0 0x1800381e8 0x3c5a8 0x3afa8 0x4ac
OpenFile 0x0 0x1800381f0 0x3c5b0 0x3afb0 0x323
GlobalFree 0x0 0x1800381f8 0x3c5b8 0x3afb8 0x28c
LocalFree 0x0 0x180038200 0x3c5c0 0x3afc0 0x2f7
LocalAlloc 0x0 0x180038208 0x3c5c8 0x3afc8 0x2f3
GetTempFileNameA 0x0 0x180038210 0x3c5d0 0x3afd0 0x258
GetTempPathA 0x0 0x180038218 0x3c5d8 0x3afd8 0x25a
lstrlenA 0x0 0x180038220 0x3c5e0 0x3afe0 0x4bd
GetWindowsDirectoryA 0x0 0x180038228 0x3c5e8 0x3afe8 0x280
GetModuleFileNameA 0x0 0x180038230 0x3c5f0 0x3aff0 0x1f4
GlobalHandle 0x0 0x180038238 0x3c5f8 0x3aff8 0x28f
GlobalReAlloc 0x0 0x180038240 0x3c600 0x3b000 0x293
GetLastError 0x0 0x180038248 0x3c608 0x3b008 0x1e6
RtlLookupFunctionEntry 0x0 0x180038250 0x3c610 0x3b010 0x390
RtlVirtualUnwind 0x0 0x180038258 0x3c618 0x3b018 0x397
IsDebuggerPresent 0x0 0x180038260 0x3c620 0x3b020 0x2cb
SetUnhandledExceptionFilter 0x0 0x180038268 0x3c628 0x3b028 0x419
UnhandledExceptionFilter 0x0 0x180038270 0x3c630 0x3b030 0x442
GetCurrentProcess 0x0 0x180038278 0x3c638 0x3b038 0x1aa
TerminateProcess 0x0 0x180038280 0x3c640 0x3b040 0x431
Sleep 0x0 0x180038288 0x3c648 0x3b048 0x425
GetModuleHandleW 0x0 0x180038290 0x3c650 0x3b050 0x1f9
GetProcAddress 0x0 0x180038298 0x3c658 0x3b058 0x220
GetProcessHeap 0x0 0x1800382a0 0x3c660 0x3b060 0x223
GetSystemTimeAsFileTime 0x0 0x1800382a8 0x3c668 0x3b068 0x24f
GetCurrentProcessId 0x0 0x1800382b0 0x3c670 0x3b070 0x1ab
GetCurrentThreadId 0x0 0x1800382b8 0x3c678 0x3b078 0x1ae
GetTickCount 0x0 0x1800382c0 0x3c680 0x3b080 0x266
QueryPerformanceCounter 0x0 0x1800382c8 0x3c688 0x3b088 0x34e
VirtualProtect 0x0 0x1800382d0 0x3c690 0x3b090 0x45e
RtlCaptureContext 0x0 0x1800382d8 0x3c698 0x3b098 0x389
USER32.dll (37)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DestroyWindow 0x0 0x1800382e8 0x3c6a8 0x3b0a8 0xa0
CreateWindowExA 0x0 0x1800382f0 0x3c6b0 0x3b0b0 0x67
GetDesktopWindow 0x0 0x1800382f8 0x3c6b8 0x3b0b8 0x11e
GetActiveWindow 0x0 0x180038300 0x3c6c0 0x3b0c0 0xf9
DialogBoxParamA 0x0 0x180038308 0x3c6c8 0x3b0c8 0xa5
MapWindowPoints 0x0 0x180038310 0x3c6d0 0x3b0d0 0x1f7
BeginPaint 0x0 0x180038318 0x3c6d8 0x3b0d8 0xe
IsWindowVisible 0x0 0x180038320 0x3c6e0 0x3b0e0 0x1ce
EndPaint 0x0 0x180038328 0x3c6e8 0x3b0e8 0xd5
WinHelpA 0x0 0x180038330 0x3c6f0 0x3b0f0 0x307
SetWindowTextA 0x0 0x180038338 0x3c6f8 0x3b0f8 0x2b3
CheckDlgButton 0x0 0x180038340 0x3c700 0x3b100 0x3c
ShowWindow 0x0 0x180038348 0x3c708 0x3b108 0x2c0
InvalidateRect 0x0 0x180038350 0x3c710 0x3b110 0x1ae
PostMessageA 0x0 0x180038358 0x3c718 0x3b118 0x222
GetWindowTextA 0x0 0x180038360 0x3c720 0x3b120 0x190
IsDlgButtonChecked 0x0 0x180038368 0x3c728 0x3b128 0x1be
SendDlgItemMessageA 0x0 0x180038370 0x3c730 0x3b130 0x25d
GetDlgItem 0x0 0x180038378 0x3c738 0x3b138 0x121
LoadStringA 0x0 0x180038380 0x3c740 0x3b140 0x1e7
EndDialog 0x0 0x180038388 0x3c748 0x3b148 0xd3
SetDlgItemTextA 0x0 0x180038390 0x3c750 0x3b150 0x27c
GetDC 0x0 0x180038398 0x3c758 0x3b158 0x11c
ReleaseDC 0x0 0x1800383a0 0x3c760 0x3b160 0x250
GetSystemMetrics 0x0 0x1800383a8 0x3c768 0x3b168 0x171
GetWindowRect 0x0 0x1800383b0 0x3c770 0x3b170 0x18c
GetParent 0x0 0x1800383b8 0x3c778 0x3b178 0x157
GetClientRect 0x0 0x1800383c0 0x3c780 0x3b180 0x10f
ClientToScreen 0x0 0x1800383c8 0x3c788 0x3b188 0x45
SetWindowPos 0x0 0x1800383d0 0x3c790 0x3b190 0x2af
SendMessageA 0x0 0x1800383d8 0x3c798 0x3b198 0x262
PeekMessageA 0x0 0x1800383e0 0x3c7a0 0x3b1a0 0x21f
IsDialogMessageA 0x0 0x1800383e8 0x3c7a8 0x3b1a8 0x1bc
TranslateMessage 0x0 0x1800383f0 0x3c7b0 0x3b1b0 0x2dd
DispatchMessageA 0x0 0x1800383f8 0x3c7b8 0x3b1b8 0xa8
MessageBoxA 0x0 0x180038400 0x3c7c0 0x3b1c0 0x1fc
EnableWindow 0x0 0x180038408 0x3c7c8 0x3b1c8 0xd1
MSVCR90.dll (63)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
sscanf_s 0x0 0x180038418 0x3c7d8 0x3b1d8 0x51b
_onexit 0x0 0x180038420 0x3c7e0 0x3b1e0 0x2e4
_lock 0x0 0x180038428 0x3c7e8 0x3b1e8 0x23d
__dllonexit 0x0 0x180038430 0x3c7f0 0x3b1f0 0x85
_unlock 0x0 0x180038438 0x3c7f8 0x3b1f8 0x3a4
__clean_type_info_names_internal 0x0 0x180038440 0x3c800 0x3b200 0x7b
__crt_debugger_hook 0x0 0x180038448 0x3c808 0x3b208 0x83
__CppXcptFilter 0x0 0x180038450 0x3c810 0x3b210 0x5a
_amsg_exit 0x0 0x180038458 0x3c818 0x3b218 0xe2
_decode_pointer 0x0 0x180038460 0x3c820 0x3b220 0x12d
_encoded_null 0x0 0x180038468 0x3c828 0x3b228 0x138
_initterm_e 0x0 0x180038470 0x3c830 0x3b230 0x1cf
_initterm 0x0 0x180038478 0x3c838 0x3b238 0x1ce
_malloc_crt 0x0 0x180038480 0x3c840 0x3b240 0x24e
_encode_pointer 0x0 0x180038488 0x3c848 0x3b248 0x137
__C_specific_handler 0x0 0x180038490 0x3c850 0x3b250 0x59
_errno 0x0 0x180038498 0x3c858 0x3b258 0x13d
sin 0x0 0x1800384a0 0x3c860 0x3b260 0x511
cos 0x0 0x1800384a8 0x3c868 0x3b268 0x48c
_vsnprintf 0x0 0x1800384b0 0x3c870 0x3b270 0x3c8
free 0x0 0x1800384b8 0x3c878 0x3b278 0x4ac
malloc 0x0 0x1800384c0 0x3c880 0x3b280 0x4e5
_strupr_s 0x0 0x1800384c8 0x3c888 0x3b288 0x376
ftell 0x0 0x1800384d0 0x3c890 0x3b290 0x4b4
fseek 0x0 0x1800384d8 0x3c898 0x3b298 0x4b2
atof 0x0 0x1800384e0 0x3c8a0 0x3b2a0 0x480
atoi 0x0 0x1800384e8 0x3c8a8 0x3b2a8 0x481
memset 0x0 0x1800384f0 0x3c8b0 0x3b2b0 0x4f4
_localtime64_s 0x0 0x1800384f8 0x3c8b8 0x3b2b8 0x23c
_time64 0x0 0x180038500 0x3c8c0 0x3b2c0 0x388
asctime_s 0x0 0x180038508 0x3c8c8 0x3b2c8 0x478
strstr 0x0 0x180038510 0x3c8d0 0x3b2d0 0x531
remove 0x0 0x180038518 0x3c8d8 0x3b2d8 0x507
memcpy 0x0 0x180038520 0x3c8e0 0x3b2e0 0x4f0
sqrt 0x0 0x180038528 0x3c8e8 0x3b2e8 0x517
atan 0x0 0x180038530 0x3c8f0 0x3b2f0 0x47b
fclose 0x0 0x180038538 0x3c8f8 0x3b2f8 0x495
_fcvt_s 0x0 0x180038540 0x3c900 0x3b300 0x14b
strrchr 0x0 0x180038548 0x3c908 0x3b308 0x52f
fprintf 0x0 0x180038550 0x3c910 0x3b310 0x4a4
fopen_s 0x0 0x180038558 0x3c918 0x3b318 0x4a3
fflush 0x0 0x180038560 0x3c920 0x3b320 0x498
toupper 0x0 0x180038568 0x3c928 0x3b328 0x545
rand 0x0 0x180038570 0x3c930 0x3b330 0x504
srand 0x0 0x180038578 0x3c938 0x3b338 0x519
qsort 0x0 0x180038580 0x3c940 0x3b340 0x501
isspace 0x0 0x180038588 0x3c948 0x3b348 0x4cc
ferror 0x0 0x180038590 0x3c950 0x3b350 0x497
feof 0x0 0x180038598 0x3c958 0x3b358 0x496
fgetc 0x0 0x1800385a0 0x3c960 0x3b360 0x499
_access 0x0 0x1800385a8 0x3c968 0x3b368 0xd6
strtok_s 0x0 0x1800385b0 0x3c970 0x3b370 0x534
isdigit 0x0 0x1800385b8 0x3c978 0x3b378 0x4c6
_dupenv_s 0x0 0x1800385c0 0x3c980 0x3b380 0x134
__iob_func 0x0 0x1800385c8 0x3c988 0x3b388 0x92
printf 0x0 0x1800385d0 0x3c990 0x3b390 0x4fa
fgets 0x0 0x1800385d8 0x3c998 0x3b398 0x49b
ungetc 0x0 0x1800385e0 0x3c9a0 0x3b3a0 0x548
getc 0x0 0x1800385e8 0x3c9a8 0x3b3a8 0x4ba
fread 0x0 0x1800385f0 0x3c9b0 0x3b3b0 0x4aa
strncmp 0x0 0x1800385f8 0x3c9b8 0x3b3b8 0x52a
islower 0x0 0x180038600 0x3c9c0 0x3b3c0 0x4c9
atan2 0x0 0x180038608 0x3c9c8 0x3b3c8 0x47c
Exports (7)
»
Api name EAT Address Ordinal
DlgErrorProc 0x1c7c 0x5
GetFilterInfo 0x3dcc 0x1
GetFilterPref 0x3f10 0x3
ImportGr 0x452c 0x2
ProgressProc 0x2a48 0x4
RegisterPercentCallback 0x370d8 0x6
SetFilterPref 0x3e9c 0x7
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2009-12-07 22:40:29+00:00
Valid Until 2011-03-07 22:40:29+00:00
Algorithm sha1_rsa
Serial Number 61 01 CF 3E 00 00 00 00 00 0F
Thumbprint 96 17 09 4A 1C FB 59 AE 7C 1F 7D FD B6 73 9E 4E 7C 40 50 8F
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2007-08-22 22:31:02+00:00
Valid Until 2012-08-25 07:00:00+00:00
Algorithm sha1_rsa
Serial Number 2E AB 11 DC 50 FF 5C 9D CB C0
Thumbprint 30 36 E3 B2 5B 88 A5 5B 86 FC 90 E6 E9 EA AD 50 81 44 51 66
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT Modified File Binary
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\QqnMLtAVhlrT0EG+1ZjKnDnks=71zLLB.lbkut (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 695.89 KB
MD5 71e3990790a3fbd7a823d511d0f0b8d7 Copy to Clipboard
SHA1 18d0c9603d906db501b3c024c6b17330bf1465d7 Copy to Clipboard
SHA256 aad9cda6c5d6930c4112fd354f5cdf4b8b85e9ec4c9cb8d642b4a903c9cf78dc Copy to Clipboard
SSDeep 12288:yTopnBnmoAcyDYo/bJuCqZ5GYLVZTSiR/vjYEsFfhs9BJTzsz4X:3BnmoAcyDYo/bYCqZc2jl/vjYEsFfhsX Copy to Clipboard
ImpHash 31d87328c86414d73c639f4ccb5974e1 Copy to Clipboard
PE Information
»
Image Base 0x180000000
Entry Point 0x18008b124
Size Of Code 0x8c600
Size Of Initialized Data 0x20400
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2010-02-04 11:34:49+00:00
Version Information (10)
»
CompanyName Access Softek, Inc.
FileDescription Encapsulated PostScript Graphics Filter
FileVersion 2010.1400.4740.1000
InternalName epsimp32
LegalCopyright Copyright © 2000 Access Softek, Inc.
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename epsimp32.flt
ProductName Microsoft Office 2010
ProductVersion 2010.1400.4740.1000
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x8c5cc 0x8c600 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.32
.rdata 0x18008e000 0x156bc 0x15800 0x8ca00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.43
.data 0x1800a4000 0x4858 0x4400 0xa2200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.27
.pdata 0x1800a9000 0x4464 0x4600 0xa6600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.77
.rsrc 0x1800ae000 0xa30 0xc00 0xaac00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.78
.reloc 0x1800af000 0xfe4 0x1000 0xab800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.44
Imports (4)
»
GDI32.dll (60)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdiComment 0x0 0x18008e000 0x99b60 0x98560 0x139
Escape 0x0 0x18008e008 0x99b68 0x98568 0x119
SetPolyFillMode 0x0 0x18008e010 0x99b70 0x98570 0x285
EndPath 0x0 0x18008e018 0x99b78 0x98578 0xde
PolyDraw 0x0 0x18008e020 0x99b80 0x98580 0x237
CloseFigure 0x0 0x18008e028 0x99b88 0x98588 0x1d
MoveToEx 0x0 0x18008e030 0x99b90 0x98590 0x221
BeginPath 0x0 0x18008e038 0x99b98 0x98598 0x11
CreateEnhMetaFileA 0x0 0x18008e040 0x99ba0 0x985a0 0x38
GetDeviceCaps 0x0 0x18008e048 0x99ba8 0x985a8 0x1b5
DeleteObject 0x0 0x18008e050 0x99bb0 0x985b0 0xd0
SelectObject 0x0 0x18008e058 0x99bb8 0x985b8 0x25e
CreatePen 0x0 0x18008e060 0x99bc0 0x985c0 0x49
ExtCreatePen 0x0 0x18008e068 0x99bc8 0x985c8 0x11d
SetMiterLimit 0x0 0x18008e070 0x99bd0 0x985d0 0x27f
SetWorldTransform 0x0 0x18008e078 0x99bd8 0x985d8 0x295
GetStockObject 0x0 0x18008e080 0x99be0 0x985e0 0x1f4
StrokePath 0x0 0x18008e088 0x99be8 0x985e8 0x29d
SelectClipRgn 0x0 0x18008e090 0x99bf0 0x985f0 0x25c
CreateRectRgn 0x0 0x18008e098 0x99bf8 0x985f8 0x4d
SelectClipPath 0x0 0x18008e0a0 0x99c00 0x98600 0x25b
ExtSelectClipRgn 0x0 0x18008e0a8 0x99c08 0x98608 0x121
Rectangle 0x0 0x18008e0b0 0x99c10 0x98610 0x246
DeleteEnhMetaFile 0x0 0x18008e0b8 0x99c18 0x98618 0xce
CloseEnhMetaFile 0x0 0x18008e0c0 0x99c20 0x98620 0x1c
GetWorldTransform 0x0 0x18008e0c8 0x99c28 0x98628 0x214
GetEnhMetaFileHeader 0x0 0x18008e0d0 0x99c30 0x98630 0x1be
CreateSolidBrush 0x0 0x18008e0d8 0x99c38 0x98638 0x52
StrokeAndFillPath 0x0 0x18008e0e0 0x99c40 0x98640 0x29c
GetCurrentPositionEx 0x0 0x18008e0e8 0x99c48 0x98648 0x1af
SetTextColor 0x0 0x18008e0f0 0x99c50 0x98650 0x28d
GetTextExtentPoint32A 0x0 0x18008e0f8 0x99c58 0x98658 0x204
SetGraphicsMode 0x0 0x18008e100 0x99c60 0x98660 0x274
SetTextAlign 0x0 0x18008e108 0x99c68 0x98668 0x28b
TextOutA 0x0 0x18008e110 0x99c70 0x98670 0x29f
GetTextFaceA 0x0 0x18008e118 0x99c78 0x98678 0x209
CreateFontIndirectA 0x0 0x18008e120 0x99c80 0x98680 0x3b
GetTextMetricsA 0x0 0x18008e128 0x99c88 0x98688 0x20c
GetOutlineTextMetricsA 0x0 0x18008e130 0x99c90 0x98690 0x1e5
StretchDIBits 0x0 0x18008e138 0x99c98 0x98698 0x29b
CreateMetaFileA 0x0 0x18008e140 0x99ca0 0x986a0 0x44
SetROP2 0x0 0x18008e148 0x99ca8 0x986a8 0x286
PolyPolygon 0x0 0x18008e150 0x99cb0 0x986b0 0x239
Polyline 0x0 0x18008e158 0x99cb8 0x986b8 0x23e
GetPath 0x0 0x18008e160 0x99cc0 0x986c0 0x1e8
CloseMetaFile 0x0 0x18008e168 0x99cc8 0x986c8 0x1e
SetStretchBltMode 0x0 0x18008e170 0x99cd0 0x986d0 0x289
SetBkMode 0x0 0x18008e178 0x99cd8 0x986d8 0x266
SetWindowOrgEx 0x0 0x18008e180 0x99ce0 0x986e0 0x294
SetWindowExtEx 0x0 0x18008e188 0x99ce8 0x986e8 0x293
WidenPath 0x0 0x18008e190 0x99cf0 0x986f0 0x2a7
GetTextExtentPointA 0x0 0x18008e198 0x99cf8 0x986f8 0x206
DeleteMetaFile 0x0 0x18008e1a0 0x99d00 0x98700 0xcf
GetGlyphOutlineA 0x0 0x18008e1a8 0x99d08 0x98708 0x1ca
GetDIBits 0x0 0x18008e1b0 0x99d10 0x98710 0x1b4
CreateBitmap 0x0 0x18008e1b8 0x99d18 0x98718 0x28
DeleteDC 0x0 0x18008e1c0 0x99d20 0x98720 0xcd
GetCharacterPlacementA 0x0 0x18008e1c8 0x99d28 0x98728 0x1a8
SetMapMode 0x0 0x18008e1d0 0x99d30 0x98730 0x27b
CreateCompatibleDC 0x0 0x18008e1d8 0x99d38 0x98738 0x2e
KERNEL32.dll (39)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RaiseException 0x0 0x18008e1e8 0x99d48 0x98748 0x354
CloseHandle 0x0 0x18008e1f0 0x99d50 0x98750 0x43
SetFilePointer 0x0 0x18008e1f8 0x99d58 0x98758 0x3e4
ReadFile 0x0 0x18008e200 0x99d60 0x98760 0x362
GetFileSize 0x0 0x18008e208 0x99d68 0x98768 0x1d5
CreateFileA 0x0 0x18008e210 0x99d70 0x98770 0x79
MulDiv 0x0 0x18008e218 0x99d78 0x98778 0x313
UnmapViewOfFile 0x0 0x18008e220 0x99d80 0x98780 0x445
GetTickCount 0x0 0x18008e228 0x99d88 0x98788 0x266
MapViewOfFileEx 0x0 0x18008e230 0x99d90 0x98790 0x305
CreateFileMappingA 0x0 0x18008e238 0x99d98 0x98798 0x7a
GetSystemInfo 0x0 0x18008e240 0x99da0 0x987a0 0x249
GlobalUnlock 0x0 0x18008e248 0x99da8 0x987a8 0x297
GlobalLock 0x0 0x18008e250 0x99db0 0x987b0 0x290
GlobalAlloc 0x0 0x18008e258 0x99db8 0x987b8 0x285
GlobalFree 0x0 0x18008e260 0x99dc0 0x987c0 0x28c
DeleteCriticalSection 0x0 0x18008e268 0x99dc8 0x987c8 0xbf
VirtualFree 0x0 0x18008e270 0x99dd0 0x987d0 0x45b
LeaveCriticalSection 0x0 0x18008e278 0x99dd8 0x987d8 0x2e9
EnterCriticalSection 0x0 0x18008e280 0x99de0 0x987e0 0xda
VirtualAlloc 0x0 0x18008e288 0x99de8 0x987e8 0x458
InitializeCriticalSection 0x0 0x18008e290 0x99df0 0x987f0 0x2b4
RtlLookupFunctionEntry 0x0 0x18008e298 0x99df8 0x987f8 0x390
RtlVirtualUnwind 0x0 0x18008e2a0 0x99e00 0x98800 0x397
IsDebuggerPresent 0x0 0x18008e2a8 0x99e08 0x98808 0x2cb
SetUnhandledExceptionFilter 0x0 0x18008e2b0 0x99e10 0x98810 0x419
UnhandledExceptionFilter 0x0 0x18008e2b8 0x99e18 0x98818 0x442
GetCurrentProcess 0x0 0x18008e2c0 0x99e20 0x98820 0x1aa
TerminateProcess 0x0 0x18008e2c8 0x99e28 0x98828 0x431
Sleep 0x0 0x18008e2d0 0x99e30 0x98830 0x425
GetModuleHandleW 0x0 0x18008e2d8 0x99e38 0x98838 0x1f9
GetProcAddress 0x0 0x18008e2e0 0x99e40 0x98840 0x220
GetProcessHeap 0x0 0x18008e2e8 0x99e48 0x98848 0x223
GetSystemTimeAsFileTime 0x0 0x18008e2f0 0x99e50 0x98850 0x24f
GetCurrentProcessId 0x0 0x18008e2f8 0x99e58 0x98858 0x1ab
RtlCaptureContext 0x0 0x18008e300 0x99e60 0x98860 0x389
GetCurrentThreadId 0x0 0x18008e308 0x99e68 0x98868 0x1ae
QueryPerformanceCounter 0x0 0x18008e310 0x99e70 0x98870 0x34e
VirtualProtect 0x0 0x18008e318 0x99e78 0x98878 0x45e
USER32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadCursorA 0x0 0x18008e328 0x99e88 0x98888 0x1d6
SetCursor 0x0 0x18008e330 0x99e90 0x98890 0x276
CreateDialogParamW 0x0 0x18008e338 0x99e98 0x98898 0x5d
GetClientRect 0x0 0x18008e340 0x99ea0 0x988a0 0x10f
IsDialogMessageA 0x0 0x18008e348 0x99ea8 0x988a8 0x1bc
TranslateMessage 0x0 0x18008e350 0x99eb0 0x988b0 0x2dd
DispatchMessageA 0x0 0x18008e358 0x99eb8 0x988b8 0xa8
PeekMessageA 0x0 0x18008e360 0x99ec0 0x988c0 0x21f
GetActiveWindow 0x0 0x18008e368 0x99ec8 0x988c8 0xf9
GetDlgItem 0x0 0x18008e370 0x99ed0 0x988d0 0x121
SendMessageA 0x0 0x18008e378 0x99ed8 0x988d8 0x262
GetDlgCtrlID 0x0 0x18008e380 0x99ee0 0x988e0 0x120
SetFocus 0x0 0x18008e388 0x99ee8 0x988e8 0x27f
GetSystemMetrics 0x0 0x18008e390 0x99ef0 0x988f0 0x171
GetWindowRect 0x0 0x18008e398 0x99ef8 0x988f8 0x18c
MoveWindow 0x0 0x18008e3a0 0x99f00 0x98900 0x209
IsWindow 0x0 0x18008e3a8 0x99f08 0x98908 0x1c9
EnableWindow 0x0 0x18008e3b0 0x99f10 0x98910 0xd1
DestroyWindow 0x0 0x18008e3b8 0x99f18 0x98918 0xa0
GetDC 0x0 0x18008e3c0 0x99f20 0x98920 0x11c
ReleaseDC 0x0 0x18008e3c8 0x99f28 0x98928 0x250
SetWindowTextA 0x0 0x18008e3d0 0x99f30 0x98930 0x2b3
MSVCR90.dll (68)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
rand 0x0 0x18008e3e0 0x99f40 0x98940 0x504
_onexit 0x0 0x18008e3e8 0x99f48 0x98948 0x2e4
_lock 0x0 0x18008e3f0 0x99f50 0x98950 0x23d
__dllonexit 0x0 0x18008e3f8 0x99f58 0x98958 0x85
_unlock 0x0 0x18008e400 0x99f60 0x98960 0x3a4
_vsnprintf 0x0 0x18008e408 0x99f68 0x98968 0x3c8
exit 0x0 0x18008e410 0x99f70 0x98970 0x491
fprintf 0x0 0x18008e418 0x99f78 0x98978 0x4a4
__iob_func 0x0 0x18008e420 0x99f80 0x98980 0x92
malloc 0x0 0x18008e428 0x99f88 0x98988 0x4e5
free 0x0 0x18008e430 0x99f90 0x98990 0x4ac
_CxxThrowException 0x0 0x18008e438 0x99f98 0x98998 0x49
sqrt 0x0 0x18008e440 0x99fa0 0x989a0 0x517
tan 0x0 0x18008e448 0x99fa8 0x989a8 0x53c
sin 0x0 0x18008e450 0x99fb0 0x989b0 0x511
cos 0x0 0x18008e458 0x99fb8 0x989b8 0x48c
??3@YAXPEAX@Z 0x0 0x18008e460 0x99fc0 0x989c0 0x13
memcpy 0x0 0x18008e468 0x99fc8 0x989c8 0x4f0
??2@YAPEAX_K@Z 0x0 0x18008e470 0x99fd0 0x989d0 0x11
cosf 0x0 0x18008e478 0x99fd8 0x989d8 0x48d
sinf 0x0 0x18008e480 0x99fe0 0x989e0 0x512
sqrtf 0x0 0x18008e488 0x99fe8 0x989e8 0x518
memset 0x0 0x18008e490 0x99ff0 0x989f0 0x4f4
memmove 0x0 0x18008e498 0x99ff8 0x989f8 0x4f2
??_V@YAXPEAX@Z 0x0 0x18008e4a0 0x9a000 0x98a00 0x23
??_U@YAPEAX_K@Z 0x0 0x18008e4a8 0x9a008 0x98a08 0x21
realloc 0x0 0x18008e4b0 0x9a010 0x98a10 0x506
floor 0x0 0x18008e4b8 0x9a018 0x98a18 0x49e
_isnan 0x0 0x18008e4c0 0x9a020 0x98a20 0x218
__CxxFrameHandler3 0x0 0x18008e4c8 0x9a028 0x98a28 0x63
memcmp 0x0 0x18008e4d0 0x9a030 0x98a30 0x4ef
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z 0x0 0x18008e4d8 0x9a038 0x98a38 0x33
_expand 0x0 0x18008e4e0 0x9a040 0x98a40 0x147
_msize 0x0 0x18008e4e8 0x9a048 0x98a48 0x2e1
strstr 0x0 0x18008e4f0 0x9a050 0x98a50 0x531
isdigit 0x0 0x18008e4f8 0x9a058 0x98a58 0x4c6
islower 0x0 0x18008e500 0x9a060 0x98a60 0x4c9
isupper 0x0 0x18008e508 0x9a068 0x98a68 0x4cd
isalnum 0x0 0x18008e510 0x9a070 0x98a70 0x4c3
_time64 0x0 0x18008e518 0x9a078 0x98a78 0x388
srand 0x0 0x18008e520 0x9a080 0x98a80 0x519
log10f 0x0 0x18008e528 0x9a088 0x98a88 0x4e2
ceil 0x0 0x18008e530 0x9a090 0x98a90 0x487
atan2 0x0 0x18008e538 0x9a098 0x98a98 0x47c
log 0x0 0x18008e540 0x9a0a0 0x98aa0 0x4e0
__clean_type_info_names_internal 0x0 0x18008e548 0x9a0a8 0x98aa8 0x7b
memchr 0x0 0x18008e550 0x9a0b0 0x98ab0 0x4ee
strchr 0x0 0x18008e558 0x9a0b8 0x98ab8 0x51e
atof 0x0 0x18008e560 0x9a0c0 0x98ac0 0x480
ceilf 0x0 0x18008e568 0x9a0c8 0x98ac8 0x488
floorf 0x0 0x18008e570 0x9a0d0 0x98ad0 0x49f
longjmp 0x0 0x18008e578 0x9a0d8 0x98ad8 0x4e4
_setjmp 0x0 0x18008e580 0x9a0e0 0x98ae0 0x321
atan2f 0x0 0x18008e588 0x9a0e8 0x98ae8 0x47d
_finite 0x0 0x18008e590 0x9a0f0 0x98af0 0x15e
_errno 0x0 0x18008e598 0x9a0f8 0x98af8 0x13d
__C_specific_handler 0x0 0x18008e5a0 0x9a100 0x98b00 0x59
_encode_pointer 0x0 0x18008e5a8 0x9a108 0x98b08 0x137
_malloc_crt 0x0 0x18008e5b0 0x9a110 0x98b10 0x24e
_initterm 0x0 0x18008e5b8 0x9a118 0x98b18 0x1ce
_initterm_e 0x0 0x18008e5c0 0x9a120 0x98b20 0x1cf
_encoded_null 0x0 0x18008e5c8 0x9a128 0x98b28 0x138
_decode_pointer 0x0 0x18008e5d0 0x9a130 0x98b30 0x12d
_amsg_exit 0x0 0x18008e5d8 0x9a138 0x98b38 0xe2
__CppXcptFilter 0x0 0x18008e5e0 0x9a140 0x98b40 0x5a
?terminate@@YAXXZ 0x0 0x18008e5e8 0x9a148 0x98b48 0x43
__crt_debugger_hook 0x0 0x18008e5f0 0x9a150 0x98b50 0x83
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x18008e5f8 0x9a158 0x98b58 0x38
Exports (5)
»
Api name EAT Address Ordinal
GetFilterInfo 0x2a72c 0x1
GetFilterPref 0x84cc0 0x3
ImportGr 0x2a964 0x2
RegisterPercentCallback 0x2ad14 0x4
SetFilterPref 0x2a838 0x5
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2009-12-07 22:40:29+00:00
Valid Until 2011-03-07 22:40:29+00:00
Algorithm sha1_rsa
Serial Number 61 01 CF 3E 00 00 00 00 00 0F
Thumbprint 96 17 09 4A 1C FB 59 AE 7C 1F 7D FD B6 73 9E 4E 7C 40 50 8F
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2007-08-22 22:31:02+00:00
Valid Until 2012-08-25 07:00:00+00:00
Algorithm sha1_rsa
Serial Number 2E AB 11 DC 50 FF 5C 9D CB C0
Thumbprint 30 36 E3 B2 5B 88 A5 5B 86 FC 90 E6 E9 EA AD 50 81 44 51 66
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT Modified File Binary
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\H7+cLQXs64HFiBcSaO17FDnyqSt++J=q.lbkut (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 312.88 KB
MD5 0ef2cb77f806bab10fc2c85d848c4eee Copy to Clipboard
SHA1 d57b38a64cec5b11d88f97e9eb6ba5c3501890c1 Copy to Clipboard
SHA256 d6d26dcf64b3c823e16c32c5f30d610a3807d7e36b0565d347cc7ffecb6c7a3e Copy to Clipboard
SSDeep 6144:gc9qgqv+/V4e6i3GJKlgGM5t11YRxYfYCnijXy/e24TBq2vFKOIh63cT0:gcQgt/V4eVgfBYCir24Ts2K0 Copy to Clipboard
ImpHash a2e950d89d58d6b6caa19bdff0f14cd8 Copy to Clipboard
PE Information
»
Image Base 0x180000000
Entry Point 0x180039b38
Size Of Code 0x3ac00
Size Of Initialized Data 0x14e00
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2010-02-04 11:35:01+00:00
Version Information (10)
»
CompanyName Microsoft Corporation
FileDescription GIF Import/Export Graphic Filter
FileVersion 2010.1400.4740.1000
InternalName gifimp32
LegalCopyright Copyright © 1995 Media Cybernetics, L.P.
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename gifimp32.flt
ProductName Microsoft Office 2010
ProductVersion 2010.1400.4740.1000
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x3abd8 0x3ac00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.46
.rdata 0x18003c000 0xd538 0xd600 0x3b000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.7
.data 0x18004a000 0x3fb0 0xe00 0x48600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.36
.pdata 0x18004e000 0x26a0 0x2800 0x49400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.45
.rsrc 0x180051000 0xaf4 0xc00 0x4bc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.91
.reloc 0x180052000 0x2e4 0x400 0x4c800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.5
Imports (7)
»
ADVAPI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x18003c000 0x44c50 0x43c50 0x22a
RegOpenKeyExA 0x0 0x18003c008 0x44c58 0x43c58 0x25a
RegQueryValueExA 0x0 0x18003c010 0x44c60 0x43c60 0x267
RegQueryValueExW 0x0 0x18003c018 0x44c68 0x43c68 0x268
RegOpenKeyExW 0x0 0x18003c020 0x44c70 0x43c70 0x25b
RegCreateKeyExA 0x0 0x18003c028 0x44c78 0x43c78 0x232
RegSetValueExA 0x0 0x18003c030 0x44c80 0x43c80 0x277
RegEnumKeyExA 0x0 0x18003c038 0x44c88 0x43c88 0x248
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x11 0x18003c048 0x44c98 0x43c98 -
GDI32.dll (37)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteMetaFile 0x0 0x18003c058 0x44ca8 0x43ca8 0xcf
CloseMetaFile 0x0 0x18003c060 0x44cb0 0x43cb0 0x1e
CreateMetaFileA 0x0 0x18003c068 0x44cb8 0x43cb8 0x44
DeleteDC 0x0 0x18003c070 0x44cc0 0x43cc0 0xcd
GetDeviceCaps 0x0 0x18003c078 0x44cc8 0x43cc8 0x1b5
CreateCompatibleDC 0x0 0x18003c080 0x44cd0 0x43cd0 0x2e
GetTextExtentPoint32A 0x0 0x18003c088 0x44cd8 0x43cd8 0x204
GetViewportExtEx 0x0 0x18003c090 0x44ce0 0x43ce0 0x20f
GetWindowExtEx 0x0 0x18003c098 0x44ce8 0x43ce8 0x212
GetMetaFileA 0x0 0x18003c0a0 0x44cf0 0x43cf0 0x1d8
StretchDIBits 0x0 0x18003c0a8 0x44cf8 0x43cf8 0x29b
SetBkColor 0x0 0x18003c0b0 0x44d00 0x43d00 0x265
SetTextColor 0x0 0x18003c0b8 0x44d08 0x43d08 0x28d
SetStretchBltMode 0x0 0x18003c0c0 0x44d10 0x43d10 0x289
SetWindowExtEx 0x0 0x18003c0c8 0x44d18 0x43d18 0x293
SetWindowOrgEx 0x0 0x18003c0d0 0x44d20 0x43d20 0x294
SetMapMode 0x0 0x18003c0d8 0x44d28 0x43d28 0x27b
GetEnhMetaFileA 0x0 0x18003c0e0 0x44d30 0x43d30 0x1ba
DeleteEnhMetaFile 0x0 0x18003c0e8 0x44d38 0x43d38 0xce
CloseEnhMetaFile 0x0 0x18003c0f0 0x44d40 0x43d40 0x1c
SetViewportExtEx 0x0 0x18003c0f8 0x44d48 0x43d48 0x28f
CreateEnhMetaFileA 0x0 0x18003c100 0x44d50 0x43d50 0x38
DeleteObject 0x0 0x18003c108 0x44d58 0x43d58 0xd0
GetObjectA 0x0 0x18003c110 0x44d60 0x43d60 0x1e2
GetMetaFileBitsEx 0x0 0x18003c118 0x44d68 0x43d68 0x1d9
PlayEnhMetaFileRecord 0x0 0x18003c120 0x44d70 0x43d70 0x231
PlayMetaFileRecord 0x0 0x18003c128 0x44d78 0x43d78 0x233
EnumEnhMetaFile 0x0 0x18003c130 0x44d80 0x43d80 0x10d
EnumMetaFile 0x0 0x18003c138 0x44d88 0x43d88 0x116
SelectObject 0x0 0x18003c140 0x44d90 0x43d90 0x25e
CreateDIBSection 0x0 0x18003c148 0x44d98 0x43d98 0x33
GetEnhMetaFileHeader 0x0 0x18003c150 0x44da0 0x43da0 0x1be
SetMetaFileBitsEx 0x0 0x18003c158 0x44da8 0x43da8 0x27d
Escape 0x0 0x18003c160 0x44db0 0x43db0 0x119
GdiComment 0x0 0x18003c168 0x44db8 0x43db8 0x139
SelectPalette 0x0 0x18003c170 0x44dc0 0x43dc0 0x25f
RealizePalette 0x0 0x18003c178 0x44dc8 0x43dc8 0x243
gdiplus.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdipGetImageFlags 0x0 0x18003c188 0x44dd8 0x43dd8 0x120
GdipBitmapLockBits 0x0 0x18003c190 0x44de0 0x43de0 0x2b
GdiplusStartup 0x0 0x18003c198 0x44de8 0x43de8 0x275
GdipBitmapUnlockBits 0x0 0x18003c1a0 0x44df0 0x43df0 0x2e
GdiplusShutdown 0x0 0x18003c1a8 0x44df8 0x43df8 0x274
GdipDisposeImage 0x0 0x18003c1b0 0x44e00 0x43e00 0x98
GdipDeleteGraphics 0x0 0x18003c1b8 0x44e08 0x43e08 0x90
GdipGetImageHeight 0x0 0x18003c1c0 0x44e10 0x43e10 0x122
GdipGetImageWidth 0x0 0x18003c1c8 0x44e18 0x43e18 0x12c
GdipCreateBitmapFromFileICM 0x0 0x18003c1d0 0x44e20 0x43e20 0x4a
GdipGetHemfFromMetafile 0x0 0x18003c1d8 0x44e28 0x43e28 0x118
GdipDrawImageRectRectI 0x0 0x18003c1e0 0x44e30 0x43e30 0xba
GdipGetImageGraphicsContext 0x0 0x18003c1e8 0x44e38 0x43e38 0x121
GdipRecordMetafile 0x0 0x18003c1f0 0x44e40 0x43e40 0x1d4
GdipGetImageBounds 0x0 0x18003c1f8 0x44e48 0x43e48 0x11a
GdipEmfToWmfBits 0x0 0x18003c200 0x44e50 0x43e50 0xc9
GdipLoadImageFromFileICM 0x0 0x18003c208 0x44e58 0x43e58 0x1b6
GdipGetImageVerticalResolution 0x0 0x18003c210 0x44e60 0x43e60 0x12b
GdipGetImageHorizontalResolution 0x0 0x18003c218 0x44e68 0x43e68 0x123
KERNEL32.dll (62)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MapViewOfFile 0x0 0x18003c228 0x44e78 0x43e78 0x304
CreateFileMappingA 0x0 0x18003c230 0x44e80 0x43e80 0x7a
_lread 0x0 0x18003c238 0x44e88 0x43e88 0x4ab
_lwrite 0x0 0x18003c240 0x44e90 0x43e90 0x4ac
_llseek 0x0 0x18003c248 0x44e98 0x43e98 0x4a8
GetTickCount 0x0 0x18003c250 0x44ea0 0x43ea0 0x266
GetLastError 0x0 0x18003c258 0x44ea8 0x43ea8 0x1e6
MultiByteToWideChar 0x0 0x18003c260 0x44eb0 0x43eb0 0x314
GlobalHandle 0x0 0x18003c268 0x44eb8 0x43eb8 0x28f
MulDiv 0x0 0x18003c270 0x44ec0 0x43ec0 0x313
GetVersionExA 0x0 0x18003c278 0x44ec8 0x43ec8 0x275
GlobalMemoryStatus 0x0 0x18003c280 0x44ed0 0x43ed0 0x291
GetDiskFreeSpaceA 0x0 0x18003c288 0x44ed8 0x43ed8 0x1b5
GetTempPathA 0x0 0x18003c290 0x44ee0 0x43ee0 0x25a
GetTempFileNameA 0x0 0x18003c298 0x44ee8 0x43ee8 0x258
FlushFileBuffers 0x0 0x18003c2a0 0x44ef0 0x43ef0 0x142
GlobalSize 0x0 0x18003c2a8 0x44ef8 0x43ef8 0x294
LoadLibraryA 0x0 0x18003c2b0 0x44f00 0x43f00 0x2eb
GetProcAddress 0x0 0x18003c2b8 0x44f08 0x43f08 0x220
FreeLibrary 0x0 0x18003c2c0 0x44f10 0x43f10 0x14d
FindClose 0x0 0x18003c2c8 0x44f18 0x43f18 0x11a
FindFirstFileA 0x0 0x18003c2d0 0x44f20 0x43f20 0x11e
lstrcpyA 0x0 0x18003c2d8 0x44f28 0x43f28 0x4b7
lstrcatA 0x0 0x18003c2e0 0x44f30 0x43f30 0x4ae
lstrlenA 0x0 0x18003c2e8 0x44f38 0x43f38 0x4bd
lstrcmpA 0x0 0x18003c2f0 0x44f40 0x43f40 0x4b1
GetFileSize 0x0 0x18003c2f8 0x44f48 0x43f48 0x1d5
Sleep 0x0 0x18003c300 0x44f50 0x43f50 0x425
DecodePointer 0x0 0x18003c308 0x44f58 0x43f58 0xb8
EncodePointer 0x0 0x18003c310 0x44f60 0x43f60 0xd6
UnmapViewOfFile 0x0 0x18003c318 0x44f68 0x43f68 0x445
SetFilePointer 0x0 0x18003c320 0x44f70 0x43f70 0x3e4
WriteFile 0x0 0x18003c328 0x44f78 0x43f78 0x491
RtlCaptureContext 0x0 0x18003c330 0x44f80 0x43f80 0x389
RtlLookupFunctionEntry 0x0 0x18003c338 0x44f88 0x43f88 0x390
RtlVirtualUnwind 0x0 0x18003c340 0x44f90 0x43f90 0x397
IsDebuggerPresent 0x0 0x18003c348 0x44f98 0x43f98 0x2cb
SetUnhandledExceptionFilter 0x0 0x18003c350 0x44fa0 0x43fa0 0x419
UnhandledExceptionFilter 0x0 0x18003c358 0x44fa8 0x43fa8 0x442
GetCurrentProcess 0x0 0x18003c360 0x44fb0 0x43fb0 0x1aa
TerminateProcess 0x0 0x18003c368 0x44fb8 0x43fb8 0x431
GetModuleHandleW 0x0 0x18003c370 0x44fc0 0x43fc0 0x1f9
GetSystemTimeAsFileTime 0x0 0x18003c378 0x44fc8 0x43fc8 0x24f
GetCurrentProcessId 0x0 0x18003c380 0x44fd0 0x43fd0 0x1ab
QueryPerformanceCounter 0x0 0x18003c388 0x44fd8 0x43fd8 0x34e
VirtualProtect 0x0 0x18003c390 0x44fe0 0x43fe0 0x45e
GetCurrentThreadId 0x0 0x18003c398 0x44fe8 0x43fe8 0x1ae
RaiseException 0x0 0x18003c3a0 0x44ff0 0x43ff0 0x354
HeapAlloc 0x0 0x18003c3a8 0x44ff8 0x43ff8 0x29d
GetProcessHeap 0x0 0x18003c3b0 0x45000 0x44000 0x223
HeapFree 0x0 0x18003c3b8 0x45008 0x44008 0x2a1
GlobalUnlock 0x0 0x18003c3c0 0x45010 0x44010 0x297
GlobalLock 0x0 0x18003c3c8 0x45018 0x44018 0x290
DeleteFileA 0x0 0x18003c3d0 0x45020 0x44020 0xc1
GetVersion 0x0 0x18003c3d8 0x45028 0x44028 0x274
GlobalFree 0x0 0x18003c3e0 0x45030 0x44030 0x28c
GlobalAlloc 0x0 0x18003c3e8 0x45038 0x44038 0x285
HeapReAlloc 0x0 0x18003c3f0 0x45040 0x44040 0x2a4
CloseHandle 0x0 0x18003c3f8 0x45048 0x44048 0x43
ReadFile 0x0 0x18003c400 0x45050 0x44050 0x362
CreateFileA 0x0 0x18003c408 0x45058 0x44058 0x79
GetFileAttributesA 0x0 0x18003c410 0x45060 0x44060 0x1ca
USER32.dll (26)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateDialogParamA 0x0 0x18003c420 0x45070 0x44070 0x5c
wsprintfA 0x0 0x18003c428 0x45078 0x44078 0x30f
SetDlgItemTextA 0x0 0x18003c430 0x45080 0x44080 0x27c
ShowWindow 0x0 0x18003c438 0x45088 0x44088 0x2c0
UpdateWindow 0x0 0x18003c440 0x45090 0x44090 0x2f1
GetParent 0x0 0x18003c448 0x45098 0x44098 0x157
GetClientRect 0x0 0x18003c450 0x450a0 0x440a0 0x10f
ClientToScreen 0x0 0x18003c458 0x450a8 0x440a8 0x45
SystemParametersInfoA 0x0 0x18003c460 0x450b0 0x440b0 0x2cc
GetSystemMetrics 0x0 0x18003c468 0x450b8 0x440b8 0x171
SetWindowPos 0x0 0x18003c470 0x450c0 0x440c0 0x2af
LoadStringA 0x0 0x18003c478 0x450c8 0x440c8 0x1e7
GetWindowRect 0x0 0x18003c480 0x450d0 0x440d0 0x18c
GetDC 0x0 0x18003c488 0x450d8 0x440d8 0x11c
ReleaseDC 0x0 0x18003c490 0x450e0 0x440e0 0x250
PeekMessageA 0x0 0x18003c498 0x450e8 0x440e8 0x21f
IsDialogMessageA 0x0 0x18003c4a0 0x450f0 0x440f0 0x1bc
TranslateMessage 0x0 0x18003c4a8 0x450f8 0x440f8 0x2dd
DispatchMessageA 0x0 0x18003c4b0 0x45100 0x44100 0xa8
GetDlgItem 0x0 0x18003c4b8 0x45108 0x44108 0x121
SendMessageA 0x0 0x18003c4c0 0x45110 0x44110 0x262
DestroyWindow 0x0 0x18003c4c8 0x45118 0x44118 0xa0
GetActiveWindow 0x0 0x18003c4d0 0x45120 0x44120 0xf9
LoadCursorA 0x0 0x18003c4d8 0x45128 0x44128 0x1d6
SetCursor 0x0 0x18003c4e0 0x45130 0x44130 0x276
ShowCursor 0x0 0x18003c4e8 0x45138 0x44138 0x2bb
MSVCR90.dll (46)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_errno 0x0 0x18003c4f8 0x45148 0x44148 0x13d
__C_specific_handler 0x0 0x18003c500 0x45150 0x44150 0x59
_encode_pointer 0x0 0x18003c508 0x45158 0x44158 0x137
_malloc_crt 0x0 0x18003c510 0x45160 0x44160 0x24e
_initterm 0x0 0x18003c518 0x45168 0x44168 0x1ce
_initterm_e 0x0 0x18003c520 0x45170 0x44170 0x1cf
_encoded_null 0x0 0x18003c528 0x45178 0x44178 0x138
_decode_pointer 0x0 0x18003c530 0x45180 0x44180 0x12d
_amsg_exit 0x0 0x18003c538 0x45188 0x44188 0xe2
__CppXcptFilter 0x0 0x18003c540 0x45190 0x44190 0x5a
_unlock 0x0 0x18003c548 0x45198 0x44198 0x3a4
__dllonexit 0x0 0x18003c550 0x451a0 0x441a0 0x85
_lock 0x0 0x18003c558 0x451a8 0x441a8 0x23d
_onexit 0x0 0x18003c560 0x451b0 0x441b0 0x2e4
__crt_debugger_hook 0x0 0x18003c568 0x451b8 0x441b8 0x83
__clean_type_info_names_internal 0x0 0x18003c570 0x451c0 0x441c0 0x7b
?terminate@@YAXXZ 0x0 0x18003c578 0x451c8 0x441c8 0x43
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x18003c580 0x451d0 0x441d0 0x38
strtod 0x0 0x18003c588 0x451d8 0x441d8 0x532
free 0x0 0x18003c590 0x451e0 0x441e0 0x4ac
malloc 0x0 0x18003c598 0x451e8 0x441e8 0x4e5
fread 0x0 0x18003c5a0 0x451f0 0x441f0 0x4aa
abort 0x0 0x18003c5a8 0x451f8 0x441f8 0x473
fflush 0x0 0x18003c5b0 0x45200 0x44200 0x498
fwrite 0x0 0x18003c5b8 0x45208 0x44208 0x4b7
sprintf 0x0 0x18003c5c0 0x45210 0x44210 0x515
__iob_func 0x0 0x18003c5c8 0x45218 0x44218 0x92
fprintf 0x0 0x18003c5d0 0x45220 0x44220 0x4a4
longjmp 0x0 0x18003c5d8 0x45228 0x44228 0x4e4
memcmp 0x0 0x18003c5e0 0x45230 0x44230 0x4ef
strncmp 0x0 0x18003c5e8 0x45238 0x44238 0x52a
strrchr 0x0 0x18003c5f0 0x45240 0x44240 0x52f
_stricmp 0x0 0x18003c5f8 0x45248 0x44248 0x358
ceilf 0x0 0x18003c600 0x45250 0x44250 0x488
floorf 0x0 0x18003c608 0x45258 0x44258 0x49f
strncpy_s 0x0 0x18003c610 0x45260 0x44260 0x52c
strstr 0x0 0x18003c618 0x45268 0x44268 0x531
atol 0x0 0x18003c620 0x45270 0x44270 0x482
_setjmp 0x0 0x18003c628 0x45278 0x44278 0x321
_CxxThrowException 0x0 0x18003c630 0x45280 0x44280 0x49
__CxxFrameHandler3 0x0 0x18003c638 0x45288 0x44288 0x63
memset 0x0 0x18003c640 0x45290 0x44290 0x4f4
strcat_s 0x0 0x18003c648 0x45298 0x44298 0x51d
strcpy_s 0x0 0x18003c650 0x452a0 0x442a0 0x522
memcpy 0x0 0x18003c658 0x452a8 0x442a8 0x4f0
strncpy 0x0 0x18003c660 0x452b0 0x442b0 0x52b
Exports (12)
»
Api name EAT Address Ordinal
ExportGr 0x56ec 0x4
GetFilterInfo 0x70ac 0x1
GetFilterPref 0x1d474 0x3
ImportGr 0x64ec 0x2
MSFFClose 0x3164 0x8
MSFFControl 0x1f80 0xc
MSFFGetLine 0x1ac4 0x9
MSFFOpen 0x2e90 0x7
MSFFPutLine 0x35f0 0xa
MSFFSeek 0x1ee8 0xb
RegisterPercentCallback 0x5690 0x6
SetFilterPref 0x5ff4 0x5
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2009-12-07 22:40:29+00:00
Valid Until 2011-03-07 22:40:29+00:00
Algorithm sha1_rsa
Serial Number 61 01 CF 3E 00 00 00 00 00 0F
Thumbprint 96 17 09 4A 1C FB 59 AE 7C 1F 7D FD B6 73 9E 4E 7C 40 50 8F
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2007-08-22 22:31:02+00:00
Valid Until 2012-08-25 07:00:00+00:00
Algorithm sha1_rsa
Serial Number 2E AB 11 DC 50 FF 5C 9D CB C0
Thumbprint 30 36 E3 B2 5B 88 A5 5B 86 FC 90 E6 E9 EA AD 50 81 44 51 66
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT Modified File Binary
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\qpcL9x0v7=ymMdvJoogI38hsCVPZTDpl.lbkut (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 235.38 KB
MD5 b38c3b799c7cb8d322b528d955384c2d Copy to Clipboard
SHA1 75fdbb3163def908b3909902b4dbcc5a56f229fb Copy to Clipboard
SHA256 eadbdee1951c5bc92698f2d131e6c37b09842046e8ee87ca86ee0b41eb12dd44 Copy to Clipboard
SSDeep 6144:8xAd9VZHRbxiNYXnUW9fnVh5ng3vapPEKpMyPKcFbpmYU7bds1KOLhFH:8xWtdu4FU7yH Copy to Clipboard
ImpHash 4920f3dfbfbf1d4e5b56de6e4a4c4505 Copy to Clipboard
PE Information
»
Image Base 0x180000000
Entry Point 0x18002b31c
Size Of Code 0x2c800
Size Of Initialized Data 0xfc00
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2010-02-04 11:35:08+00:00
Version Information (10)
»
CompanyName Microsoft Corporation
FileDescription JPEG Import/Export Graphic Filter
FileVersion 2010.1400.4740.1000
InternalName jpegim32
LegalCopyright © 2010 Microsoft Corporation. All rights reserved.
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename jpegim32.flt
ProductName Microsoft Office 2010
ProductVersion 2010.1400.4740.1000
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x2c604 0x2c800 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.4
.rdata 0x18002e000 0x8ccc 0x8e00 0x2cc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.92
.data 0x180037000 0x3b88 0xa00 0x35a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.97
.pdata 0x18003b000 0x21f0 0x2200 0x36400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.46
.rsrc 0x18003e000 0xb00 0xc00 0x38600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.89
.reloc 0x18003f000 0x398 0x400 0x39200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.02
Imports (7)
»
ADVAPI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x18002e000 0x32ea8 0x31aa8 0x22a
RegOpenKeyExA 0x0 0x18002e008 0x32eb0 0x31ab0 0x25a
RegQueryValueExA 0x0 0x18002e010 0x32eb8 0x31ab8 0x267
RegQueryValueExW 0x0 0x18002e018 0x32ec0 0x31ac0 0x268
RegOpenKeyExW 0x0 0x18002e020 0x32ec8 0x31ac8 0x25b
RegCreateKeyExA 0x0 0x18002e028 0x32ed0 0x31ad0 0x232
RegSetValueExA 0x0 0x18002e030 0x32ed8 0x31ad8 0x277
RegEnumKeyExA 0x0 0x18002e038 0x32ee0 0x31ae0 0x248
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x11 0x18002e048 0x32ef0 0x31af0 -
GDI32.dll (37)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteDC 0x0 0x18002e058 0x32f00 0x31b00 0xcd
GetDeviceCaps 0x0 0x18002e060 0x32f08 0x31b08 0x1b5
CreateCompatibleDC 0x0 0x18002e068 0x32f10 0x31b10 0x2e
GetMetaFileA 0x0 0x18002e070 0x32f18 0x31b18 0x1d8
DeleteMetaFile 0x0 0x18002e078 0x32f20 0x31b20 0xcf
CloseMetaFile 0x0 0x18002e080 0x32f28 0x31b28 0x1e
StretchDIBits 0x0 0x18002e088 0x32f30 0x31b30 0x29b
SetBkColor 0x0 0x18002e090 0x32f38 0x31b38 0x265
SetTextColor 0x0 0x18002e098 0x32f40 0x31b40 0x28d
SetStretchBltMode 0x0 0x18002e0a0 0x32f48 0x31b48 0x289
SetWindowExtEx 0x0 0x18002e0a8 0x32f50 0x31b50 0x293
SetWindowOrgEx 0x0 0x18002e0b0 0x32f58 0x31b58 0x294
SetMapMode 0x0 0x18002e0b8 0x32f60 0x31b60 0x27b
CreateMetaFileA 0x0 0x18002e0c0 0x32f68 0x31b68 0x44
GetEnhMetaFileA 0x0 0x18002e0c8 0x32f70 0x31b70 0x1ba
DeleteEnhMetaFile 0x0 0x18002e0d0 0x32f78 0x31b78 0xce
CloseEnhMetaFile 0x0 0x18002e0d8 0x32f80 0x31b80 0x1c
SetViewportExtEx 0x0 0x18002e0e0 0x32f88 0x31b88 0x28f
CreateEnhMetaFileA 0x0 0x18002e0e8 0x32f90 0x31b90 0x38
DeleteObject 0x0 0x18002e0f0 0x32f98 0x31b98 0xd0
GetObjectA 0x0 0x18002e0f8 0x32fa0 0x31ba0 0x1e2
GetMetaFileBitsEx 0x0 0x18002e100 0x32fa8 0x31ba8 0x1d9
PlayEnhMetaFileRecord 0x0 0x18002e108 0x32fb0 0x31bb0 0x231
PlayMetaFileRecord 0x0 0x18002e110 0x32fb8 0x31bb8 0x233
EnumEnhMetaFile 0x0 0x18002e118 0x32fc0 0x31bc0 0x10d
EnumMetaFile 0x0 0x18002e120 0x32fc8 0x31bc8 0x116
SelectObject 0x0 0x18002e128 0x32fd0 0x31bd0 0x25e
CreateDIBSection 0x0 0x18002e130 0x32fd8 0x31bd8 0x33
GetEnhMetaFileHeader 0x0 0x18002e138 0x32fe0 0x31be0 0x1be
GetTextExtentPoint32A 0x0 0x18002e140 0x32fe8 0x31be8 0x204
GetViewportExtEx 0x0 0x18002e148 0x32ff0 0x31bf0 0x20f
GetWindowExtEx 0x0 0x18002e150 0x32ff8 0x31bf8 0x212
SetMetaFileBitsEx 0x0 0x18002e158 0x33000 0x31c00 0x27d
Escape 0x0 0x18002e160 0x33008 0x31c08 0x119
GdiComment 0x0 0x18002e168 0x33010 0x31c10 0x139
SelectPalette 0x0 0x18002e170 0x33018 0x31c18 0x25f
RealizePalette 0x0 0x18002e178 0x33020 0x31c20 0x243
gdiplus.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdipGetImageFlags 0x0 0x18002e188 0x33030 0x31c30 0x120
GdipBitmapLockBits 0x0 0x18002e190 0x33038 0x31c38 0x2b
GdiplusStartup 0x0 0x18002e198 0x33040 0x31c40 0x275
GdipBitmapUnlockBits 0x0 0x18002e1a0 0x33048 0x31c48 0x2e
GdiplusShutdown 0x0 0x18002e1a8 0x33050 0x31c50 0x274
GdipDisposeImage 0x0 0x18002e1b0 0x33058 0x31c58 0x98
GdipDeleteGraphics 0x0 0x18002e1b8 0x33060 0x31c60 0x90
GdipGetImageHeight 0x0 0x18002e1c0 0x33068 0x31c68 0x122
GdipGetImageWidth 0x0 0x18002e1c8 0x33070 0x31c70 0x12c
GdipCreateBitmapFromFileICM 0x0 0x18002e1d0 0x33078 0x31c78 0x4a
GdipGetHemfFromMetafile 0x0 0x18002e1d8 0x33080 0x31c80 0x118
GdipDrawImageRectRectI 0x0 0x18002e1e0 0x33088 0x31c88 0xba
GdipGetImageGraphicsContext 0x0 0x18002e1e8 0x33090 0x31c90 0x121
GdipRecordMetafile 0x0 0x18002e1f0 0x33098 0x31c98 0x1d4
GdipGetImageBounds 0x0 0x18002e1f8 0x330a0 0x31ca0 0x11a
GdipEmfToWmfBits 0x0 0x18002e200 0x330a8 0x31ca8 0xc9
GdipLoadImageFromFileICM 0x0 0x18002e208 0x330b0 0x31cb0 0x1b6
GdipGetImageVerticalResolution 0x0 0x18002e210 0x330b8 0x31cb8 0x12b
GdipGetImageHorizontalResolution 0x0 0x18002e218 0x330c0 0x31cc0 0x123
KERNEL32.dll (60)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTickCount 0x0 0x18002e228 0x330d0 0x31cd0 0x266
ReadFile 0x0 0x18002e230 0x330d8 0x31cd8 0x362
GetFileSize 0x0 0x18002e238 0x330e0 0x31ce0 0x1d5
HeapReAlloc 0x0 0x18002e240 0x330e8 0x31ce8 0x2a4
GetVersionExA 0x0 0x18002e248 0x330f0 0x31cf0 0x275
GlobalMemoryStatus 0x0 0x18002e250 0x330f8 0x31cf8 0x291
GetDiskFreeSpaceA 0x0 0x18002e258 0x33100 0x31d00 0x1b5
GetTempPathA 0x0 0x18002e260 0x33108 0x31d08 0x25a
GetTempFileNameA 0x0 0x18002e268 0x33110 0x31d10 0x258
FlushFileBuffers 0x0 0x18002e270 0x33118 0x31d18 0x142
WriteFile 0x0 0x18002e278 0x33120 0x31d20 0x491
CreateFileMappingA 0x0 0x18002e280 0x33128 0x31d28 0x7a
MapViewOfFile 0x0 0x18002e288 0x33130 0x31d30 0x304
UnmapViewOfFile 0x0 0x18002e290 0x33138 0x31d38 0x445
GlobalSize 0x0 0x18002e298 0x33140 0x31d40 0x294
LoadLibraryA 0x0 0x18002e2a0 0x33148 0x31d48 0x2eb
GetProcAddress 0x0 0x18002e2a8 0x33150 0x31d50 0x220
FreeLibrary 0x0 0x18002e2b0 0x33158 0x31d58 0x14d
FindClose 0x0 0x18002e2b8 0x33160 0x31d60 0x11a
FindFirstFileA 0x0 0x18002e2c0 0x33168 0x31d68 0x11e
lstrcpyA 0x0 0x18002e2c8 0x33170 0x31d70 0x4b7
lstrcatA 0x0 0x18002e2d0 0x33178 0x31d78 0x4ae
lstrlenA 0x0 0x18002e2d8 0x33180 0x31d80 0x4bd
MulDiv 0x0 0x18002e2e0 0x33188 0x31d88 0x313
Sleep 0x0 0x18002e2e8 0x33190 0x31d90 0x425
DecodePointer 0x0 0x18002e2f0 0x33198 0x31d98 0xb8
EncodePointer 0x0 0x18002e2f8 0x331a0 0x31da0 0xd6
GlobalHandle 0x0 0x18002e300 0x331a8 0x31da8 0x28f
MultiByteToWideChar 0x0 0x18002e308 0x331b0 0x31db0 0x314
GetLastError 0x0 0x18002e310 0x331b8 0x31db8 0x1e6
RtlCaptureContext 0x0 0x18002e318 0x331c0 0x31dc0 0x389
RtlLookupFunctionEntry 0x0 0x18002e320 0x331c8 0x31dc8 0x390
RtlVirtualUnwind 0x0 0x18002e328 0x331d0 0x31dd0 0x397
IsDebuggerPresent 0x0 0x18002e330 0x331d8 0x31dd8 0x2cb
SetUnhandledExceptionFilter 0x0 0x18002e338 0x331e0 0x31de0 0x419
UnhandledExceptionFilter 0x0 0x18002e340 0x331e8 0x31de8 0x442
GetCurrentProcess 0x0 0x18002e348 0x331f0 0x31df0 0x1aa
TerminateProcess 0x0 0x18002e350 0x331f8 0x31df8 0x431
GetModuleHandleW 0x0 0x18002e358 0x33200 0x31e00 0x1f9
GetSystemTimeAsFileTime 0x0 0x18002e360 0x33208 0x31e08 0x24f
GetCurrentProcessId 0x0 0x18002e368 0x33210 0x31e10 0x1ab
QueryPerformanceCounter 0x0 0x18002e370 0x33218 0x31e18 0x34e
VirtualProtect 0x0 0x18002e378 0x33220 0x31e20 0x45e
lstrcmpA 0x0 0x18002e380 0x33228 0x31e28 0x4b1
GetCurrentThreadId 0x0 0x18002e388 0x33230 0x31e30 0x1ae
HeapFree 0x0 0x18002e390 0x33238 0x31e38 0x2a1
GetProcessHeap 0x0 0x18002e398 0x33240 0x31e40 0x223
HeapAlloc 0x0 0x18002e3a0 0x33248 0x31e48 0x29d
RaiseException 0x0 0x18002e3a8 0x33250 0x31e50 0x354
GlobalUnlock 0x0 0x18002e3b0 0x33258 0x31e58 0x297
GlobalLock 0x0 0x18002e3b8 0x33260 0x31e60 0x290
DeleteFileA 0x0 0x18002e3c0 0x33268 0x31e68 0xc1
GetVersion 0x0 0x18002e3c8 0x33270 0x31e70 0x274
GlobalFree 0x0 0x18002e3d0 0x33278 0x31e78 0x28c
GlobalAlloc 0x0 0x18002e3d8 0x33280 0x31e80 0x285
CreateFileA 0x0 0x18002e3e0 0x33288 0x31e88 0x79
_lread 0x0 0x18002e3e8 0x33290 0x31e90 0x4ab
_lwrite 0x0 0x18002e3f0 0x33298 0x31e98 0x4ac
CloseHandle 0x0 0x18002e3f8 0x332a0 0x31ea0 0x43
_llseek 0x0 0x18002e400 0x332a8 0x31ea8 0x4a8
USER32.dll (26)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateDialogParamA 0x0 0x18002e410 0x332b8 0x31eb8 0x5c
wsprintfA 0x0 0x18002e418 0x332c0 0x31ec0 0x30f
SetDlgItemTextA 0x0 0x18002e420 0x332c8 0x31ec8 0x27c
ShowWindow 0x0 0x18002e428 0x332d0 0x31ed0 0x2c0
UpdateWindow 0x0 0x18002e430 0x332d8 0x31ed8 0x2f1
GetParent 0x0 0x18002e438 0x332e0 0x31ee0 0x157
GetClientRect 0x0 0x18002e440 0x332e8 0x31ee8 0x10f
ClientToScreen 0x0 0x18002e448 0x332f0 0x31ef0 0x45
SystemParametersInfoA 0x0 0x18002e450 0x332f8 0x31ef8 0x2cc
GetSystemMetrics 0x0 0x18002e458 0x33300 0x31f00 0x171
SetWindowPos 0x0 0x18002e460 0x33308 0x31f08 0x2af
LoadStringA 0x0 0x18002e468 0x33310 0x31f10 0x1e7
GetWindowRect 0x0 0x18002e470 0x33318 0x31f18 0x18c
PeekMessageA 0x0 0x18002e478 0x33320 0x31f20 0x21f
IsDialogMessageA 0x0 0x18002e480 0x33328 0x31f28 0x1bc
TranslateMessage 0x0 0x18002e488 0x33330 0x31f30 0x2dd
DispatchMessageA 0x0 0x18002e490 0x33338 0x31f38 0xa8
GetDlgItem 0x0 0x18002e498 0x33340 0x31f40 0x121
SendMessageA 0x0 0x18002e4a0 0x33348 0x31f48 0x262
DestroyWindow 0x0 0x18002e4a8 0x33350 0x31f50 0xa0
GetDC 0x0 0x18002e4b0 0x33358 0x31f58 0x11c
ReleaseDC 0x0 0x18002e4b8 0x33360 0x31f60 0x250
GetActiveWindow 0x0 0x18002e4c0 0x33368 0x31f68 0xf9
LoadCursorA 0x0 0x18002e4c8 0x33370 0x31f70 0x1d6
SetCursor 0x0 0x18002e4d0 0x33378 0x31f78 0x276
ShowCursor 0x0 0x18002e4d8 0x33380 0x31f80 0x2bb
MSVCR90.dll (39)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__CppXcptFilter 0x0 0x18002e4e8 0x33390 0x31f90 0x5a
_unlock 0x0 0x18002e4f0 0x33398 0x31f98 0x3a4
__dllonexit 0x0 0x18002e4f8 0x333a0 0x31fa0 0x85
_lock 0x0 0x18002e500 0x333a8 0x31fa8 0x23d
_onexit 0x0 0x18002e508 0x333b0 0x31fb0 0x2e4
__crt_debugger_hook 0x0 0x18002e510 0x333b8 0x31fb8 0x83
__clean_type_info_names_internal 0x0 0x18002e518 0x333c0 0x31fc0 0x7b
?terminate@@YAXXZ 0x0 0x18002e520 0x333c8 0x31fc8 0x43
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x18002e528 0x333d0 0x31fd0 0x38
__C_specific_handler 0x0 0x18002e530 0x333d8 0x31fd8 0x59
_amsg_exit 0x0 0x18002e538 0x333e0 0x31fe0 0xe2
_decode_pointer 0x0 0x18002e540 0x333e8 0x31fe8 0x12d
_encoded_null 0x0 0x18002e548 0x333f0 0x31ff0 0x138
_initterm_e 0x0 0x18002e550 0x333f8 0x31ff8 0x1cf
_initterm 0x0 0x18002e558 0x33400 0x32000 0x1ce
_malloc_crt 0x0 0x18002e560 0x33408 0x32008 0x24e
_encode_pointer 0x0 0x18002e568 0x33410 0x32010 0x137
memcmp 0x0 0x18002e570 0x33418 0x32018 0x4ef
strncmp 0x0 0x18002e578 0x33420 0x32020 0x52a
strrchr 0x0 0x18002e580 0x33428 0x32028 0x52f
_stricmp 0x0 0x18002e588 0x33430 0x32030 0x358
ceilf 0x0 0x18002e590 0x33438 0x32038 0x488
floorf 0x0 0x18002e598 0x33440 0x32040 0x49f
_CxxThrowException 0x0 0x18002e5a0 0x33448 0x32048 0x49
strncpy_s 0x0 0x18002e5a8 0x33450 0x32050 0x52c
strstr 0x0 0x18002e5b0 0x33458 0x32058 0x531
atol 0x0 0x18002e5b8 0x33460 0x32060 0x482
tmpnam_s 0x0 0x18002e5c0 0x33468 0x32068 0x543
strcpy_s 0x0 0x18002e5c8 0x33470 0x32070 0x522
malloc 0x0 0x18002e5d0 0x33478 0x32078 0x4e5
_dupenv_s 0x0 0x18002e5d8 0x33480 0x32080 0x134
sscanf_s 0x0 0x18002e5e0 0x33488 0x32088 0x51b
free 0x0 0x18002e5e8 0x33490 0x32090 0x4ac
sprintf_s 0x0 0x18002e5f0 0x33498 0x32098 0x516
longjmp 0x0 0x18002e5f8 0x334a0 0x320a0 0x4e4
memcpy 0x0 0x18002e600 0x334a8 0x320a8 0x4f0
memset 0x0 0x18002e608 0x334b0 0x320b0 0x4f4
_setjmp 0x0 0x18002e610 0x334b8 0x320b8 0x321
__CxxFrameHandler3 0x0 0x18002e618 0x334c0 0x320c0 0x63
Exports (12)
»
Api name EAT Address Ordinal
ExportGr 0x12c40 0x4
GetFilterInfo 0x13958 0x1
GetFilterPref 0x9e6c 0x3
ImportGr 0x13b24 0x2
MSFFClose 0x17b0 0x8
MSFFControl 0x1a88 0xc
MSFFGetLine 0x1860 0x9
MSFFOpen 0x14dc 0x7
MSFFPutLine 0x1984 0xa
MSFFSeek 0x1a50 0xb
RegisterPercentCallback 0x12be4 0x6
SetFilterPref 0x13338 0x5
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2009-12-07 22:40:29+00:00
Valid Until 2011-03-07 22:40:29+00:00
Algorithm sha1_rsa
Serial Number 61 01 CF 3E 00 00 00 00 00 0F
Thumbprint 96 17 09 4A 1C FB 59 AE 7C 1F 7D FD B6 73 9E 4E 7C 40 50 8F
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2007-08-22 22:31:02+00:00
Valid Until 2012-08-25 07:00:00+00:00
Algorithm sha1_rsa
Serial Number 2E AB 11 DC 50 FF 5C 9D CB C0
Thumbprint 30 36 E3 B2 5B 88 A5 5B 86 FC 90 E6 E9 EA AD 50 81 44 51 66
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\O29WSJy2KdV2HoMd.lbkut Dropped File Stream
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM (Modified File)
Mime Type application/octet-stream
File Size 1.86 KB
MD5 8d4966fc4d36b307dd37891988dfaa18 Copy to Clipboard
SHA1 89326a74f9cee147ede2e92186090b3796863583 Copy to Clipboard
SHA256 73365bf3cec1e8cd17b517aa08d7575bb271eb347e89628252168549e9d44681 Copy to Clipboard
SSDeep 24:x73mTRWpFoWBZf5EOyhA813ItBfWLjKjjjhgabDPXKo7Sn:l4RWpG0ZfwhLIt44vhP/KL Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\f90DtEKM7NoSHgkr.lbkut Dropped File Image
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS (Modified File)
Mime Type image/x-eps
File Size 14.71 KB
MD5 1cef653bc3eb26cbbdffd9e3e0d06a1d Copy to Clipboard
SHA1 1ff08f2009d83d240a0c290803ce8e43f0b38d8c Copy to Clipboard
SHA256 6e36dad354a85e5cb1663840e96adf5fde1ad63d9e01fcbd82858ee4bf71e449 Copy to Clipboard
SSDeep 96:KJLPTjHZnhMeRcFAZp9nKmS7PBiJYJGRfNzej7Fae:yOyZp9KmSbBiJYMRfNK/Fb Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\Z+lKGJWRvd=WcAxe.lbkut (Dropped File)
Mime Type image/gif
File Size 1.04 KB
MD5 489c88ee13f967cda7c3b25bf7af819a Copy to Clipboard
SHA1 1f0968a4131e186c299beaf10ca54aa07b514798 Copy to Clipboard
SHA256 43a47281b927e115f98e963aa2cd9af84d5a4ee2f4f01b51355e4d0929b0ca1b Copy to Clipboard
SSDeep 24:3nPBb4dvG3iW4HbzXP4KiBxyvsv7UjYBVX07PzRnZCEHpJ:3PBbXuHbzXAjovszUEBULKur Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\8zp5ijvpG26dJFax.lbkut Dropped File Image
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG (Modified File)
Mime Type image/jpeg
File Size 1.04 KB
MD5 c3c77cea3ac0c2f879f4cc6651016aa1 Copy to Clipboard
SHA1 04e482b2186cdb58d8c7f03e81ee4826cd400d2f Copy to Clipboard
SHA256 2ffffd4b00e8d00506373a198b198a9d8a3a6e92732de34df36f21821fad5364 Copy to Clipboard
SSDeep 24:ve/6XBM0XxDuLHeOWXG427DAJuLHenX3y4jtaYXghv2ai81bjYpb47k:ZiuETAljwYXUNPbcV4A Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\ZsSV=BpjpbBzNwSM.lbkut Dropped File Image
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG (Modified File)
Mime Type image/png
File Size 1.64 KB
MD5 a43d86a7f4ac7bb10c11cfd6d001431b Copy to Clipboard
SHA1 fc804e3c463aecabbaffa4a68793eda134fe0272 Copy to Clipboard
SHA256 53d89762d97d6810142aa860025b675fd39c3143f310bc84730430677e35f3e7 Copy to Clipboard
SSDeep 24:KsPBb4dvG3iW4HbzXP4KiBxyvsv7UDq5IrFRcA9vdmISeO+r2n:KEBbXuHbzXAjovszUeqZ2A9FaeO+Cn Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT Modified File Binary
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\Fm998PjbkmAA+q2Y=zoc85u+IivPCWHf.lbkut (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 71.37 KB
MD5 2569b9c1f3c85962b4c7be2cfbc977da Copy to Clipboard
SHA1 e7aeaadb2358c8d46455f6fc8c6c33e136959ed2 Copy to Clipboard
SHA256 f1ca498b97deb671a47ebf5903a7563766fd0d9eb054c5d1f0623aaa8e9d0bfd Copy to Clipboard
SSDeep 1536:s0mj90Esi4nWBz1yKpo9sPERH4pQgt95l:HmjOEsiXyZ14Kgt95l Copy to Clipboard
ImpHash 5649640d5834fb5ed99d5b791de2a7e3 Copy to Clipboard
PE Information
»
Image Base 0x180000000
Entry Point 0x18000b854
Size Of Code 0xb000
Size Of Initialized Data 0x6400
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2010-02-04 11:35:15+00:00
Version Information (10)
»
CompanyName Microsoft Corporation
FileDescription Microsoft PICT Import Filter
FileVersion 2010.1400.4740.1000
InternalName PICTIM32
LegalCopyright © 2010 Microsoft Corporation. All rights reserved.
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename PICTIM32.FLT
ProductName Microsoft Office 2010
ProductVersion 2010.1400.4740.1000
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0xae14 0xb000 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.33
.rdata 0x18000c000 0x1fa8 0x2000 0xb400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.74
.data 0x18000e000 0x2f08 0x1e00 0xd400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.77
.pdata 0x180011000 0x63c 0x800 0xf200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.65
.rsrc 0x180012000 0x95c 0xa00 0xfa00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.04
.reloc 0x180013000 0x10 0x200 0x10400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.16
Imports (6)
»
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x18000c000 0xc968 0xbd68 0x22a
RegSetValueExA 0x0 0x18000c008 0xc970 0xbd70 0x277
RegCreateKeyExA 0x0 0x18000c010 0xc978 0xbd78 0x232
RegOpenKeyExA 0x0 0x18000c018 0xc980 0xbd80 0x25a
RegQueryValueExA 0x0 0x18000c020 0xc988 0xbd88 0x267
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x11 0x18000c030 0xc998 0xbd98 -
GDI32.dll (51)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreatePen 0x0 0x18000c040 0xc9a8 0xbda8 0x49
GetStockObject 0x0 0x18000c048 0xc9b0 0xbdb0 0x1f4
DeleteObject 0x0 0x18000c050 0xc9b8 0xbdb8 0xd0
SaveDC 0x0 0x18000c058 0xc9c0 0xbdc0 0x257
RestoreDC 0x0 0x18000c060 0xc9c8 0xbdc8 0x250
SelectObject 0x0 0x18000c068 0xc9d0 0xbdd0 0x25e
LineTo 0x0 0x18000c070 0xc9d8 0xbdd8 0x21d
MoveToEx 0x0 0x18000c078 0xc9e0 0xbde0 0x221
Rectangle 0x0 0x18000c080 0xc9e8 0xbde8 0x246
RoundRect 0x0 0x18000c088 0xc9f0 0xbdf0 0x251
Ellipse 0x0 0x18000c090 0xc9f8 0xbdf8 0xd9
Arc 0x0 0x18000c098 0xca00 0xbe00 0xb
Pie 0x0 0x18000c0a0 0xca08 0xbe08 0x22f
Polyline 0x0 0x18000c0a8 0xca10 0xbe10 0x23e
Polygon 0x0 0x18000c0b0 0xca18 0xbe18 0x23d
CreatePenIndirect 0x0 0x18000c0b8 0xca20 0xbe20 0x4a
CreateBrushIndirect 0x0 0x18000c0c0 0xca28 0xbe28 0x2a
CreatePatternBrush 0x0 0x18000c0c8 0xca30 0xbe30 0x48
CreateFontIndirectA 0x0 0x18000c0d0 0xca38 0xbe38 0x3b
SetBkMode 0x0 0x18000c0d8 0xca40 0xbe40 0x266
SetROP2 0x0 0x18000c0e0 0xca48 0xbe48 0x286
SetStretchBltMode 0x0 0x18000c0e8 0xca50 0xbe50 0x289
SetTextAlign 0x0 0x18000c0f0 0xca58 0xbe58 0x28b
SetTextColor 0x0 0x18000c0f8 0xca60 0xbe60 0x28d
SetTextCharacterExtra 0x0 0x18000c100 0xca68 0xbe68 0x28c
SetBkColor 0x0 0x18000c108 0xca70 0xbe70 0x265
IntersectClipRect 0x0 0x18000c110 0xca78 0xbe78 0x217
SetWindowOrgEx 0x0 0x18000c118 0xca80 0xbe80 0x294
Escape 0x0 0x18000c120 0xca88 0xbe88 0x119
SetWindowExtEx 0x0 0x18000c128 0xca90 0xbe90 0x293
DeleteMetaFile 0x0 0x18000c130 0xca98 0xbe98 0xcf
DeleteDC 0x0 0x18000c138 0xcaa0 0xbea0 0xcd
CloseMetaFile 0x0 0x18000c140 0xcaa8 0xbea8 0x1e
CreateICA 0x0 0x18000c148 0xcab0 0xbeb0 0x42
CreateMetaFileA 0x0 0x18000c150 0xcab8 0xbeb8 0x44
EnumFontsA 0x0 0x18000c158 0xcac0 0xbec0 0x112
CreateDIBitmap 0x0 0x18000c160 0xcac8 0xbec8 0x34
CreateCompatibleBitmap 0x0 0x18000c168 0xcad0 0xbed0 0x2d
CreateCompatibleDC 0x0 0x18000c170 0xcad8 0xbed8 0x2e
StretchDIBits 0x0 0x18000c178 0xcae0 0xbee0 0x29b
ExcludeClipRect 0x0 0x18000c180 0xcae8 0xbee8 0x11c
TextOutA 0x0 0x18000c188 0xcaf0 0xbef0 0x29f
PolyPolygon 0x0 0x18000c190 0xcaf8 0xbef8 0x239
DeleteEnhMetaFile 0x0 0x18000c198 0xcb00 0xbf00 0xce
CloseEnhMetaFile 0x0 0x18000c1a0 0xcb08 0xbf08 0x1c
PlayMetaFile 0x0 0x18000c1a8 0xcb10 0xbf10 0x232
CreateEnhMetaFileA 0x0 0x18000c1b0 0xcb18 0xbf18 0x38
GetDeviceCaps 0x0 0x18000c1b8 0xcb20 0xbf20 0x1b5
GetTextExtentPoint32A 0x0 0x18000c1c0 0xcb28 0xbf28 0x204
GetViewportExtEx 0x0 0x18000c1c8 0xcb30 0xbf30 0x20f
GetWindowExtEx 0x0 0x18000c1d0 0xcb38 0xbf38 0x212
KERNEL32.dll (39)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RaiseException 0x0 0x18000c1e0 0xcb48 0xbf48 0x354
GlobalSize 0x0 0x18000c1e8 0xcb50 0xbf50 0x294
GetLastError 0x0 0x18000c1f0 0xcb58 0xbf58 0x1e6
GlobalLock 0x0 0x18000c1f8 0xcb60 0xbf60 0x290
GlobalUnlock 0x0 0x18000c200 0xcb68 0xbf68 0x297
GlobalAlloc 0x0 0x18000c208 0xcb70 0xbf70 0x285
GlobalFree 0x0 0x18000c210 0xcb78 0xbf78 0x28c
GlobalReAlloc 0x0 0x18000c218 0xcb80 0xbf80 0x293
lstrcmpA 0x0 0x18000c220 0xcb88 0xbf88 0x4b1
_lread 0x0 0x18000c228 0xcb90 0xbf90 0x4ab
_llseek 0x0 0x18000c230 0xcb98 0xbf98 0x4a8
CreateFileA 0x0 0x18000c238 0xcba0 0xbfa0 0x79
CloseHandle 0x0 0x18000c240 0xcba8 0xbfa8 0x43
GetVersion 0x0 0x18000c248 0xcbb0 0xbfb0 0x274
GetSystemDefaultLangID 0x0 0x18000c250 0xcbb8 0xbfb8 0x242
lstrcmpiA 0x0 0x18000c258 0xcbc0 0xbfc0 0x4b4
IsDBCSLeadByte 0x0 0x18000c260 0xcbc8 0xbfc8 0x2c9
GetVersionExA 0x0 0x18000c268 0xcbd0 0xbfd0 0x275
lstrlenA 0x0 0x18000c270 0xcbd8 0xbfd8 0x4bd
HeapFree 0x0 0x18000c278 0xcbe0 0xbfe0 0x2a1
GetProcessHeap 0x0 0x18000c280 0xcbe8 0xbfe8 0x223
GetTickCount 0x0 0x18000c288 0xcbf0 0xbff0 0x266
HeapAlloc 0x0 0x18000c290 0xcbf8 0xbff8 0x29d
RtlLookupFunctionEntry 0x0 0x18000c298 0xcc00 0xc000 0x390
RtlVirtualUnwind 0x0 0x18000c2a0 0xcc08 0xc008 0x397
IsDebuggerPresent 0x0 0x18000c2a8 0xcc10 0xc010 0x2cb
SetUnhandledExceptionFilter 0x0 0x18000c2b0 0xcc18 0xc018 0x419
UnhandledExceptionFilter 0x0 0x18000c2b8 0xcc20 0xc020 0x442
GetCurrentProcess 0x0 0x18000c2c0 0xcc28 0xc028 0x1aa
TerminateProcess 0x0 0x18000c2c8 0xcc30 0xc030 0x431
Sleep 0x0 0x18000c2d0 0xcc38 0xc038 0x425
GetModuleHandleW 0x0 0x18000c2d8 0xcc40 0xc040 0x1f9
GetProcAddress 0x0 0x18000c2e0 0xcc48 0xc048 0x220
GetSystemTimeAsFileTime 0x0 0x18000c2e8 0xcc50 0xc050 0x24f
GetCurrentProcessId 0x0 0x18000c2f0 0xcc58 0xc058 0x1ab
GetCurrentThreadId 0x0 0x18000c2f8 0xcc60 0xc060 0x1ae
QueryPerformanceCounter 0x0 0x18000c300 0xcc68 0xc068 0x34e
VirtualProtect 0x0 0x18000c308 0xcc70 0xc070 0x45e
RtlCaptureContext 0x0 0x18000c310 0xcc78 0xc078 0x389
USER32.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateDialogParamA 0x0 0x18000c320 0xcc88 0xc088 0x5c
wsprintfA 0x0 0x18000c328 0xcc90 0xc090 0x30f
SetDlgItemTextA 0x0 0x18000c330 0xcc98 0xc098 0x27c
ShowWindow 0x0 0x18000c338 0xcca0 0xc0a0 0x2c0
UpdateWindow 0x0 0x18000c340 0xcca8 0xc0a8 0x2f1
GetParent 0x0 0x18000c348 0xccb0 0xc0b0 0x157
GetClientRect 0x0 0x18000c350 0xccb8 0xc0b8 0x10f
ClientToScreen 0x0 0x18000c358 0xccc0 0xc0c0 0x45
SystemParametersInfoA 0x0 0x18000c360 0xccc8 0xc0c8 0x2cc
GetSystemMetrics 0x0 0x18000c368 0xccd0 0xc0d0 0x171
SetWindowPos 0x0 0x18000c370 0xccd8 0xc0d8 0x2af
LoadStringA 0x0 0x18000c378 0xcce0 0xc0e0 0x1e7
GetWindowRect 0x0 0x18000c380 0xcce8 0xc0e8 0x18c
IsDialogMessageA 0x0 0x18000c388 0xccf0 0xc0f0 0x1bc
TranslateMessage 0x0 0x18000c390 0xccf8 0xc0f8 0x2dd
DispatchMessageA 0x0 0x18000c398 0xcd00 0xc100 0xa8
GetDlgItem 0x0 0x18000c3a0 0xcd08 0xc108 0x121
SendMessageA 0x0 0x18000c3a8 0xcd10 0xc110 0x262
DestroyWindow 0x0 0x18000c3b0 0xcd18 0xc118 0xa0
GetDC 0x0 0x18000c3b8 0xcd20 0xc120 0x11c
ReleaseDC 0x0 0x18000c3c0 0xcd28 0xc128 0x250
OffsetRect 0x0 0x18000c3c8 0xcd30 0xc130 0x212
EqualRect 0x0 0x18000c3d0 0xcd38 0xc138 0xec
IntersectRect 0x0 0x18000c3d8 0xcd40 0xc140 0x1ad
GetActiveWindow 0x0 0x18000c3e0 0xcd48 0xc148 0xf9
LoadCursorA 0x0 0x18000c3e8 0xcd50 0xc150 0x1d6
SetCursor 0x0 0x18000c3f0 0xcd58 0xc158 0x276
ShowCursor 0x0 0x18000c3f8 0xcd60 0xc160 0x2bb
PeekMessageA 0x0 0x18000c400 0xcd68 0xc168 0x21f
MSVCR90.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_onexit 0x0 0x18000c410 0xcd78 0xc178 0x2e4
_lock 0x0 0x18000c418 0xcd80 0xc180 0x23d
__dllonexit 0x0 0x18000c420 0xcd88 0xc188 0x85
_unlock 0x0 0x18000c428 0xcd90 0xc190 0x3a4
__clean_type_info_names_internal 0x0 0x18000c430 0xcd98 0xc198 0x7b
__crt_debugger_hook 0x0 0x18000c438 0xcda0 0xc1a0 0x83
__CppXcptFilter 0x0 0x18000c440 0xcda8 0xc1a8 0x5a
__C_specific_handler 0x0 0x18000c448 0xcdb0 0xc1b0 0x59
_amsg_exit 0x0 0x18000c450 0xcdb8 0xc1b8 0xe2
_decode_pointer 0x0 0x18000c458 0xcdc0 0xc1c0 0x12d
_encoded_null 0x0 0x18000c460 0xcdc8 0xc1c8 0x138
free 0x0 0x18000c468 0xcdd0 0xc1d0 0x4ac
_initterm_e 0x0 0x18000c470 0xcdd8 0xc1d8 0x1cf
memcpy 0x0 0x18000c478 0xcde0 0xc1e0 0x4f0
_vsnprintf 0x0 0x18000c480 0xcde8 0xc1e8 0x3c8
sqrt 0x0 0x18000c488 0xcdf0 0xc1f0 0x517
floor 0x0 0x18000c490 0xcdf8 0xc1f8 0x49e
ceil 0x0 0x18000c498 0xce00 0xc200 0x487
memset 0x0 0x18000c4a0 0xce08 0xc208 0x4f4
sin 0x0 0x18000c4a8 0xce10 0xc210 0x511
cos 0x0 0x18000c4b0 0xce18 0xc218 0x48c
isdigit 0x0 0x18000c4b8 0xce20 0xc220 0x4c6
strncmp 0x0 0x18000c4c0 0xce28 0xc228 0x52a
strcpy_s 0x0 0x18000c4c8 0xce30 0xc230 0x522
_encode_pointer 0x0 0x18000c4d0 0xce38 0xc238 0x137
_malloc_crt 0x0 0x18000c4d8 0xce40 0xc240 0x24e
_initterm 0x0 0x18000c4e0 0xce48 0xc248 0x1ce
Exports (8)
»
Api name EAT Address Ordinal
EnumFontFunc 0x289c 0x7
GetFilterInfo 0x7970 0x1
GetFilterPref 0x72a4 0x3
ImportEmbeddedGr 0x7bd0 0x5
ImportGr 0x7a98 0x2
QD2GDI 0x7d18 0x6
SetFilterPref 0x71f0 0x4
WEP 0x71e8 0x8
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2009-12-07 22:40:29+00:00
Valid Until 2011-03-07 22:40:29+00:00
Algorithm sha1_rsa
Serial Number 61 01 CF 3E 00 00 00 00 00 0F
Thumbprint 96 17 09 4A 1C FB 59 AE 7C 1F 7D FD B6 73 9E 4E 7C 40 50 8F
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2007-08-22 22:31:02+00:00
Valid Until 2012-08-25 07:00:00+00:00
Algorithm sha1_rsa
Serial Number 2E AB 11 DC 50 FF 5C 9D CB C0
Thumbprint 30 36 E3 B2 5B 88 A5 5B 86 FC 90 E6 E9 EA AD 50 81 44 51 66
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT Modified File Binary
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\wqGvf3iZH8xqet4eQanFfcoo.lbkut (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 295.88 KB
MD5 32e57db867eb6356a49b1f495a41b5e9 Copy to Clipboard
SHA1 027908341147f3784a03a547c38cd1df506acd11 Copy to Clipboard
SHA256 ae45c3a283a60d56b2a22a9bff01a1736f4809c58d8e3487d15623101359fb0a Copy to Clipboard
SSDeep 6144:kKzY5eAApjk2ea1YRerOIeql3aT/yYwCeITBqEeSkKOx10:kK0QXrpxsw+TsEez0 Copy to Clipboard
ImpHash 5f2ab9a746ec7c7ae2fd38fe4c30ff03 Copy to Clipboard
PE Information
»
Image Base 0x180000000
Entry Point 0x180035cdc
Size Of Code 0x36e00
Size Of Initialized Data 0x14600
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2010-02-04 11:35:20+00:00
Version Information (10)
»
CompanyName Microsoft Corporation
FileDescription PNG Import/Export Graphic Filter
FileVersion 2010.1400.4740.1000
InternalName png32
LegalCopyright © 2010 Microsoft Corporation. All rights reserved.
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename png32.flt
ProductName Microsoft Office 2010
ProductVersion 2010.1400.4740.1000
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x36caa 0x36e00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.44
.rdata 0x180038000 0xd158 0xd200 0x37200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.7
.data 0x180046000 0x3dd0 0xe00 0x44400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.37
.pdata 0x18004a000 0x24fc 0x2600 0x45200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.46
.rsrc 0x18004d000 0xafc 0xc00 0x47800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.89
.reloc 0x18004e000 0x2f4 0x400 0x48400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.57
Imports (7)
»
ADVAPI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x180038000 0x40cf0 0x3fef0 0x22a
RegOpenKeyExA 0x0 0x180038008 0x40cf8 0x3fef8 0x25a
RegQueryValueExA 0x0 0x180038010 0x40d00 0x3ff00 0x267
RegQueryValueExW 0x0 0x180038018 0x40d08 0x3ff08 0x268
RegOpenKeyExW 0x0 0x180038020 0x40d10 0x3ff10 0x25b
RegCreateKeyExA 0x0 0x180038028 0x40d18 0x3ff18 0x232
RegSetValueExA 0x0 0x180038030 0x40d20 0x3ff20 0x277
RegEnumKeyExA 0x0 0x180038038 0x40d28 0x3ff28 0x248
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x11 0x180038048 0x40d38 0x3ff38 -
GDI32.dll (37)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteMetaFile 0x0 0x180038058 0x40d48 0x3ff48 0xcf
CloseMetaFile 0x0 0x180038060 0x40d50 0x3ff50 0x1e
CreateMetaFileA 0x0 0x180038068 0x40d58 0x3ff58 0x44
DeleteDC 0x0 0x180038070 0x40d60 0x3ff60 0xcd
GetDeviceCaps 0x0 0x180038078 0x40d68 0x3ff68 0x1b5
CreateCompatibleDC 0x0 0x180038080 0x40d70 0x3ff70 0x2e
GetMetaFileA 0x0 0x180038088 0x40d78 0x3ff78 0x1d8
StretchDIBits 0x0 0x180038090 0x40d80 0x3ff80 0x29b
SetBkColor 0x0 0x180038098 0x40d88 0x3ff88 0x265
SetTextColor 0x0 0x1800380a0 0x40d90 0x3ff90 0x28d
SetStretchBltMode 0x0 0x1800380a8 0x40d98 0x3ff98 0x289
SetWindowExtEx 0x0 0x1800380b0 0x40da0 0x3ffa0 0x293
SetWindowOrgEx 0x0 0x1800380b8 0x40da8 0x3ffa8 0x294
SetMapMode 0x0 0x1800380c0 0x40db0 0x3ffb0 0x27b
GetEnhMetaFileA 0x0 0x1800380c8 0x40db8 0x3ffb8 0x1ba
DeleteEnhMetaFile 0x0 0x1800380d0 0x40dc0 0x3ffc0 0xce
CloseEnhMetaFile 0x0 0x1800380d8 0x40dc8 0x3ffc8 0x1c
SetViewportExtEx 0x0 0x1800380e0 0x40dd0 0x3ffd0 0x28f
CreateEnhMetaFileA 0x0 0x1800380e8 0x40dd8 0x3ffd8 0x38
DeleteObject 0x0 0x1800380f0 0x40de0 0x3ffe0 0xd0
GetObjectA 0x0 0x1800380f8 0x40de8 0x3ffe8 0x1e2
GetMetaFileBitsEx 0x0 0x180038100 0x40df0 0x3fff0 0x1d9
PlayEnhMetaFileRecord 0x0 0x180038108 0x40df8 0x3fff8 0x231
PlayMetaFileRecord 0x0 0x180038110 0x40e00 0x40000 0x233
EnumEnhMetaFile 0x0 0x180038118 0x40e08 0x40008 0x10d
EnumMetaFile 0x0 0x180038120 0x40e10 0x40010 0x116
SelectObject 0x0 0x180038128 0x40e18 0x40018 0x25e
CreateDIBSection 0x0 0x180038130 0x40e20 0x40020 0x33
GetEnhMetaFileHeader 0x0 0x180038138 0x40e28 0x40028 0x1be
GetTextExtentPoint32A 0x0 0x180038140 0x40e30 0x40030 0x204
GetViewportExtEx 0x0 0x180038148 0x40e38 0x40038 0x20f
GetWindowExtEx 0x0 0x180038150 0x40e40 0x40040 0x212
SetMetaFileBitsEx 0x0 0x180038158 0x40e48 0x40048 0x27d
Escape 0x0 0x180038160 0x40e50 0x40050 0x119
GdiComment 0x0 0x180038168 0x40e58 0x40058 0x139
SelectPalette 0x0 0x180038170 0x40e60 0x40060 0x25f
RealizePalette 0x0 0x180038178 0x40e68 0x40068 0x243
gdiplus.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdipGetImageFlags 0x0 0x180038188 0x40e78 0x40078 0x120
GdipBitmapLockBits 0x0 0x180038190 0x40e80 0x40080 0x2b
GdiplusStartup 0x0 0x180038198 0x40e88 0x40088 0x275
GdipBitmapUnlockBits 0x0 0x1800381a0 0x40e90 0x40090 0x2e
GdiplusShutdown 0x0 0x1800381a8 0x40e98 0x40098 0x274
GdipDisposeImage 0x0 0x1800381b0 0x40ea0 0x400a0 0x98
GdipDeleteGraphics 0x0 0x1800381b8 0x40ea8 0x400a8 0x90
GdipGetImageHeight 0x0 0x1800381c0 0x40eb0 0x400b0 0x122
GdipGetImageWidth 0x0 0x1800381c8 0x40eb8 0x400b8 0x12c
GdipCreateBitmapFromFileICM 0x0 0x1800381d0 0x40ec0 0x400c0 0x4a
GdipGetHemfFromMetafile 0x0 0x1800381d8 0x40ec8 0x400c8 0x118
GdipDrawImageRectRectI 0x0 0x1800381e0 0x40ed0 0x400d0 0xba
GdipGetImageGraphicsContext 0x0 0x1800381e8 0x40ed8 0x400d8 0x121
GdipRecordMetafile 0x0 0x1800381f0 0x40ee0 0x400e0 0x1d4
GdipGetImageBounds 0x0 0x1800381f8 0x40ee8 0x400e8 0x11a
GdipEmfToWmfBits 0x0 0x180038200 0x40ef0 0x400f0 0xc9
GdipLoadImageFromFileICM 0x0 0x180038208 0x40ef8 0x400f8 0x1b6
GdipGetImageVerticalResolution 0x0 0x180038210 0x40f00 0x40100 0x12b
GdipGetImageHorizontalResolution 0x0 0x180038218 0x40f08 0x40108 0x123
KERNEL32.dll (59)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTickCount 0x0 0x180038228 0x40f18 0x40118 0x266
ReadFile 0x0 0x180038230 0x40f20 0x40120 0x362
HeapReAlloc 0x0 0x180038238 0x40f28 0x40128 0x2a4
GetVersionExA 0x0 0x180038240 0x40f30 0x40130 0x275
GlobalMemoryStatus 0x0 0x180038248 0x40f38 0x40138 0x291
GetDiskFreeSpaceA 0x0 0x180038250 0x40f40 0x40140 0x1b5
GetTempPathA 0x0 0x180038258 0x40f48 0x40148 0x25a
GetTempFileNameA 0x0 0x180038260 0x40f50 0x40150 0x258
FlushFileBuffers 0x0 0x180038268 0x40f58 0x40158 0x142
WriteFile 0x0 0x180038270 0x40f60 0x40160 0x491
CreateFileMappingA 0x0 0x180038278 0x40f68 0x40168 0x7a
MapViewOfFile 0x0 0x180038280 0x40f70 0x40170 0x304
UnmapViewOfFile 0x0 0x180038288 0x40f78 0x40178 0x445
GlobalSize 0x0 0x180038290 0x40f80 0x40180 0x294
LoadLibraryA 0x0 0x180038298 0x40f88 0x40188 0x2eb
GetProcAddress 0x0 0x1800382a0 0x40f90 0x40190 0x220
FreeLibrary 0x0 0x1800382a8 0x40f98 0x40198 0x14d
FindClose 0x0 0x1800382b0 0x40fa0 0x401a0 0x11a
FindFirstFileA 0x0 0x1800382b8 0x40fa8 0x401a8 0x11e
lstrcpyA 0x0 0x1800382c0 0x40fb0 0x401b0 0x4b7
lstrcatA 0x0 0x1800382c8 0x40fb8 0x401b8 0x4ae
lstrlenA 0x0 0x1800382d0 0x40fc0 0x401c0 0x4bd
lstrcmpA 0x0 0x1800382d8 0x40fc8 0x401c8 0x4b1
MulDiv 0x0 0x1800382e0 0x40fd0 0x401d0 0x313
Sleep 0x0 0x1800382e8 0x40fd8 0x401d8 0x425
DecodePointer 0x0 0x1800382f0 0x40fe0 0x401e0 0xb8
EncodePointer 0x0 0x1800382f8 0x40fe8 0x401e8 0xd6
GlobalHandle 0x0 0x180038300 0x40ff0 0x401f0 0x28f
MultiByteToWideChar 0x0 0x180038308 0x40ff8 0x401f8 0x314
GetLastError 0x0 0x180038310 0x41000 0x40200 0x1e6
RtlCaptureContext 0x0 0x180038318 0x41008 0x40208 0x389
RtlLookupFunctionEntry 0x0 0x180038320 0x41010 0x40210 0x390
RtlVirtualUnwind 0x0 0x180038328 0x41018 0x40218 0x397
IsDebuggerPresent 0x0 0x180038330 0x41020 0x40220 0x2cb
SetUnhandledExceptionFilter 0x0 0x180038338 0x41028 0x40228 0x419
UnhandledExceptionFilter 0x0 0x180038340 0x41030 0x40230 0x442
GetCurrentProcess 0x0 0x180038348 0x41038 0x40238 0x1aa
TerminateProcess 0x0 0x180038350 0x41040 0x40240 0x431
GetModuleHandleW 0x0 0x180038358 0x41048 0x40248 0x1f9
GetSystemTimeAsFileTime 0x0 0x180038360 0x41050 0x40250 0x24f
GetCurrentProcessId 0x0 0x180038368 0x41058 0x40258 0x1ab
QueryPerformanceCounter 0x0 0x180038370 0x41060 0x40260 0x34e
VirtualProtect 0x0 0x180038378 0x41068 0x40268 0x45e
GetCurrentThreadId 0x0 0x180038380 0x41070 0x40270 0x1ae
RaiseException 0x0 0x180038388 0x41078 0x40278 0x354
HeapAlloc 0x0 0x180038390 0x41080 0x40280 0x29d
GetProcessHeap 0x0 0x180038398 0x41088 0x40288 0x223
HeapFree 0x0 0x1800383a0 0x41090 0x40290 0x2a1
GlobalUnlock 0x0 0x1800383a8 0x41098 0x40298 0x297
GlobalLock 0x0 0x1800383b0 0x410a0 0x402a0 0x290
DeleteFileA 0x0 0x1800383b8 0x410a8 0x402a8 0xc1
GetVersion 0x0 0x1800383c0 0x410b0 0x402b0 0x274
GlobalFree 0x0 0x1800383c8 0x410b8 0x402b8 0x28c
GlobalAlloc 0x0 0x1800383d0 0x410c0 0x402c0 0x285
CreateFileA 0x0 0x1800383d8 0x410c8 0x402c8 0x79
_lread 0x0 0x1800383e0 0x410d0 0x402d0 0x4ab
_lwrite 0x0 0x1800383e8 0x410d8 0x402d8 0x4ac
CloseHandle 0x0 0x1800383f0 0x410e0 0x402e0 0x43
_llseek 0x0 0x1800383f8 0x410e8 0x402e8 0x4a8
USER32.dll (26)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateDialogParamA 0x0 0x180038408 0x410f8 0x402f8 0x5c
wsprintfA 0x0 0x180038410 0x41100 0x40300 0x30f
SetDlgItemTextA 0x0 0x180038418 0x41108 0x40308 0x27c
ShowWindow 0x0 0x180038420 0x41110 0x40310 0x2c0
UpdateWindow 0x0 0x180038428 0x41118 0x40318 0x2f1
GetParent 0x0 0x180038430 0x41120 0x40320 0x157
GetClientRect 0x0 0x180038438 0x41128 0x40328 0x10f
ClientToScreen 0x0 0x180038440 0x41130 0x40330 0x45
SystemParametersInfoA 0x0 0x180038448 0x41138 0x40338 0x2cc
GetSystemMetrics 0x0 0x180038450 0x41140 0x40340 0x171
SetWindowPos 0x0 0x180038458 0x41148 0x40348 0x2af
LoadStringA 0x0 0x180038460 0x41150 0x40350 0x1e7
GetWindowRect 0x0 0x180038468 0x41158 0x40358 0x18c
PeekMessageA 0x0 0x180038470 0x41160 0x40360 0x21f
IsDialogMessageA 0x0 0x180038478 0x41168 0x40368 0x1bc
TranslateMessage 0x0 0x180038480 0x41170 0x40370 0x2dd
DispatchMessageA 0x0 0x180038488 0x41178 0x40378 0xa8
GetDlgItem 0x0 0x180038490 0x41180 0x40380 0x121
SendMessageA 0x0 0x180038498 0x41188 0x40388 0x262
DestroyWindow 0x0 0x1800384a0 0x41190 0x40390 0xa0
GetDC 0x0 0x1800384a8 0x41198 0x40398 0x11c
ReleaseDC 0x0 0x1800384b0 0x411a0 0x403a0 0x250
GetActiveWindow 0x0 0x1800384b8 0x411a8 0x403a8 0xf9
LoadCursorA 0x0 0x1800384c0 0x411b0 0x403b0 0x1d6
SetCursor 0x0 0x1800384c8 0x411b8 0x403b8 0x276
ShowCursor 0x0 0x1800384d0 0x411c0 0x403c0 0x2bb
MSVCR90.dll (46)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__C_specific_handler 0x0 0x1800384e0 0x411d0 0x403d0 0x59
_encode_pointer 0x0 0x1800384e8 0x411d8 0x403d8 0x137
_malloc_crt 0x0 0x1800384f0 0x411e0 0x403e0 0x24e
_initterm 0x0 0x1800384f8 0x411e8 0x403e8 0x1ce
_initterm_e 0x0 0x180038500 0x411f0 0x403f0 0x1cf
_encoded_null 0x0 0x180038508 0x411f8 0x403f8 0x138
_decode_pointer 0x0 0x180038510 0x41200 0x40400 0x12d
_amsg_exit 0x0 0x180038518 0x41208 0x40408 0xe2
__CppXcptFilter 0x0 0x180038520 0x41210 0x40410 0x5a
_unlock 0x0 0x180038528 0x41218 0x40418 0x3a4
__dllonexit 0x0 0x180038530 0x41220 0x40420 0x85
_lock 0x0 0x180038538 0x41228 0x40428 0x23d
_onexit 0x0 0x180038540 0x41230 0x40430 0x2e4
__crt_debugger_hook 0x0 0x180038548 0x41238 0x40438 0x83
__clean_type_info_names_internal 0x0 0x180038550 0x41240 0x40440 0x7b
?terminate@@YAXXZ 0x0 0x180038558 0x41248 0x40448 0x43
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x180038560 0x41250 0x40450 0x38
_errno 0x0 0x180038568 0x41258 0x40458 0x13d
strtod 0x0 0x180038570 0x41260 0x40460 0x532
free 0x0 0x180038578 0x41268 0x40468 0x4ac
malloc 0x0 0x180038580 0x41270 0x40470 0x4e5
abort 0x0 0x180038588 0x41278 0x40478 0x473
fflush 0x0 0x180038590 0x41280 0x40480 0x498
fwrite 0x0 0x180038598 0x41288 0x40488 0x4b7
fread 0x0 0x1800385a0 0x41290 0x40490 0x4aa
sprintf 0x0 0x1800385a8 0x41298 0x40498 0x515
__iob_func 0x0 0x1800385b0 0x412a0 0x404a0 0x92
longjmp 0x0 0x1800385b8 0x412a8 0x404a8 0x4e4
strncpy 0x0 0x1800385c0 0x412b0 0x404b0 0x52b
memcmp 0x0 0x1800385c8 0x412b8 0x404b8 0x4ef
strncmp 0x0 0x1800385d0 0x412c0 0x404c0 0x52a
strrchr 0x0 0x1800385d8 0x412c8 0x404c8 0x52f
_stricmp 0x0 0x1800385e0 0x412d0 0x404d0 0x358
ceilf 0x0 0x1800385e8 0x412d8 0x404d8 0x488
floorf 0x0 0x1800385f0 0x412e0 0x404e0 0x49f
__CxxFrameHandler3 0x0 0x1800385f8 0x412e8 0x404e8 0x63
_CxxThrowException 0x0 0x180038600 0x412f0 0x404f0 0x49
strncpy_s 0x0 0x180038608 0x412f8 0x404f8 0x52c
strstr 0x0 0x180038610 0x41300 0x40500 0x531
atol 0x0 0x180038618 0x41308 0x40508 0x482
_setjmp 0x0 0x180038620 0x41310 0x40510 0x321
ceil 0x0 0x180038628 0x41318 0x40518 0x487
strcpy_s 0x0 0x180038630 0x41320 0x40520 0x522
memcpy 0x0 0x180038638 0x41328 0x40528 0x4f0
memset 0x0 0x180038640 0x41330 0x40530 0x4f4
fprintf 0x0 0x180038648 0x41338 0x40538 0x4a4
Exports (12)
»
Api name EAT Address Ordinal
ExportGr 0x40d8 0x4
GetFilterInfo 0x52f4 0x1
GetFilterPref 0x4aa8 0x3
ImportGr 0x4aac 0x2
MSFFClose 0x2df8 0x8
MSFFControl 0x3a74 0xc
MSFFGetLine 0x2f00 0x9
MSFFOpen 0x3c60 0x7
MSFFPutLine 0x3070 0xa
MSFFSeek 0x1000 0xb
RegisterPercentCallback 0x407c 0x6
SetFilterPref 0x489c 0x5
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2009-12-07 22:40:29+00:00
Valid Until 2011-03-07 22:40:29+00:00
Algorithm sha1_rsa
Serial Number 61 01 CF 3E 00 00 00 00 00 0F
Thumbprint 96 17 09 4A 1C FB 59 AE 7C 1F 7D FD B6 73 9E 4E 7C 40 50 8F
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2007-08-22 22:31:02+00:00
Valid Until 2012-08-25 07:00:00+00:00
Algorithm sha1_rsa
Serial Number 2E AB 11 DC 50 FF 5C 9D CB C0
Thumbprint 30 36 E3 B2 5B 88 A5 5B 86 FC 90 E6 E9 EA AD 50 81 44 51 66
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\1=eNPBj9NxQwEG4=XKd72QkE+N07HzAS.lbkut Dropped File Binary
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT (Modified File)
Mime Type application/vnd.microsoft.portable-executable
File Size 273.88 KB
MD5 3f8f11c0964d51232581a2dd1ace7f69 Copy to Clipboard
SHA1 88168094cffc9f6210a318030a971e2caf08b4ea Copy to Clipboard
SHA256 b1a05662f3c2a8b5d3c733ffb417fc2d5b702831c11c52d1d8cf65201deaa043 Copy to Clipboard
SSDeep 3072:XgxsreKNQFsQ8RXtz11yB0IkJXt2up7zQYRYR2iMdWw+jnJOLGAKuA/c9oEu:QoNpRXtz115t2IQYJi2WzLJOKAKuvu Copy to Clipboard
ImpHash 83ef981db7bc6024677a46c9345ea0d4 Copy to Clipboard
PE Information
»
Image Base 0x180000000
Entry Point 0x18002fd6c
Size Of Code 0x30000
Size Of Initialized Data 0x13a00
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2010-10-20 12:58:53+00:00
Version Information (10)
»
CompanyName Access Softek, Inc.
FileDescription WordPerfect Graphic Import Filter
FileVersion 2010.1400.6009.1000
InternalName wpgimp32
LegalCopyright Copyright © 1995-1996 Access Softek, Inc.
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename WPGIMP32.FLT
ProductName Microsoft Office 2010
ProductVersion 2010.1400.6009.1000
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x2fe4c 0x30000 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.28
.rdata 0x180031000 0xf4a4 0xf600 0x30400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.17
.data 0x180041000 0x2258 0x1600 0x3fa00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.07
.pdata 0x180044000 0xe70 0x1000 0x41000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.85
.rsrc 0x180045000 0xc50 0xe00 0x42000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.83
.reloc 0x180046000 0x1d4 0x200 0x42e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.05
Imports (5)
»
ADVAPI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegOpenKeyExA 0x0 0x180031000 0x3e448 0x3d848 0x25a
RegQueryValueExA 0x0 0x180031008 0x3e450 0x3d850 0x267
GDI32.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteObject 0x0 0x180031018 0x3e460 0x3d860 0xd0
SelectObject 0x0 0x180031020 0x3e468 0x3d868 0x25e
CreatePen 0x0 0x180031028 0x3e470 0x3d870 0x49
SetPolyFillMode 0x0 0x180031030 0x3e478 0x3d878 0x285
GetStockObject 0x0 0x180031038 0x3e480 0x3d880 0x1f4
Polyline 0x0 0x180031040 0x3e488 0x3d888 0x23e
CreateSolidBrush 0x0 0x180031048 0x3e490 0x3d890 0x52
SetBkColor 0x0 0x180031050 0x3e498 0x3d898 0x265
SetBkMode 0x0 0x180031058 0x3e4a0 0x3d8a0 0x266
SetTextColor 0x0 0x180031060 0x3e4a8 0x3d8a8 0x28d
CreatePatternBrush 0x0 0x180031068 0x3e4b0 0x3d8b0 0x48
CreateBitmap 0x0 0x180031070 0x3e4b8 0x3d8b8 0x28
Polygon 0x0 0x180031078 0x3e4c0 0x3d8c0 0x23d
PolyPolygon 0x0 0x180031080 0x3e4c8 0x3d8c8 0x239
StretchDIBits 0x0 0x180031088 0x3e4d0 0x3d8d0 0x29b
GetGlyphOutlineA 0x0 0x180031090 0x3e4d8 0x3d8d8 0x1ca
CreateCompatibleDC 0x0 0x180031098 0x3e4e0 0x3d8e0 0x2e
DeleteDC 0x0 0x1800310a0 0x3e4e8 0x3d8e8 0xcd
CreateFontA 0x0 0x1800310a8 0x3e4f0 0x3d8f0 0x3a
EnumFontFamiliesA 0x0 0x1800310b0 0x3e4f8 0x3d8f8 0x10e
CloseMetaFile 0x0 0x1800310b8 0x3e500 0x3d900 0x1e
DeleteMetaFile 0x0 0x1800310c0 0x3e508 0x3d908 0xcf
PlayMetaFile 0x0 0x1800310c8 0x3e510 0x3d910 0x232
Rectangle 0x0 0x1800310d0 0x3e518 0x3d918 0x246
SetWindowExtEx 0x0 0x1800310d8 0x3e520 0x3d920 0x293
SetWindowOrgEx 0x0 0x1800310e0 0x3e528 0x3d928 0x294
CreateMetaFileA 0x0 0x1800310e8 0x3e530 0x3d930 0x44
KERNEL32.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RaiseException 0x0 0x1800310f8 0x3e540 0x3d940 0x354
GlobalUnlock 0x0 0x180031100 0x3e548 0x3d948 0x297
GlobalLock 0x0 0x180031108 0x3e550 0x3d950 0x290
GlobalSize 0x0 0x180031110 0x3e558 0x3d958 0x294
GlobalAlloc 0x0 0x180031118 0x3e560 0x3d960 0x285
MulDiv 0x0 0x180031120 0x3e568 0x3d968 0x313
lstrlenA 0x0 0x180031128 0x3e570 0x3d970 0x4bd
GlobalFree 0x0 0x180031130 0x3e578 0x3d978 0x28c
GlobalHandle 0x0 0x180031138 0x3e580 0x3d980 0x28f
GetProfileStringA 0x0 0x180031140 0x3e588 0x3d988 0x233
lstrcmpA 0x0 0x180031148 0x3e590 0x3d990 0x4b1
_lread 0x0 0x180031150 0x3e598 0x3d998 0x4ab
_llseek 0x0 0x180031158 0x3e5a0 0x3d9a0 0x4a8
_lclose 0x0 0x180031160 0x3e5a8 0x3d9a8 0x4a6
_lopen 0x0 0x180031168 0x3e5b0 0x3d9b0 0x4aa
RtlLookupFunctionEntry 0x0 0x180031170 0x3e5b8 0x3d9b8 0x390
RtlVirtualUnwind 0x0 0x180031178 0x3e5c0 0x3d9c0 0x397
IsDebuggerPresent 0x0 0x180031180 0x3e5c8 0x3d9c8 0x2cb
SetUnhandledExceptionFilter 0x0 0x180031188 0x3e5d0 0x3d9d0 0x419
UnhandledExceptionFilter 0x0 0x180031190 0x3e5d8 0x3d9d8 0x442
GetCurrentProcess 0x0 0x180031198 0x3e5e0 0x3d9e0 0x1aa
TerminateProcess 0x0 0x1800311a0 0x3e5e8 0x3d9e8 0x431
Sleep 0x0 0x1800311a8 0x3e5f0 0x3d9f0 0x425
GetModuleHandleW 0x0 0x1800311b0 0x3e5f8 0x3d9f8 0x1f9
GetProcAddress 0x0 0x1800311b8 0x3e600 0x3da00 0x220
GetProcessHeap 0x0 0x1800311c0 0x3e608 0x3da08 0x223
GetSystemTimeAsFileTime 0x0 0x1800311c8 0x3e610 0x3da10 0x24f
GetCurrentProcessId 0x0 0x1800311d0 0x3e618 0x3da18 0x1ab
GetCurrentThreadId 0x0 0x1800311d8 0x3e620 0x3da20 0x1ae
GetTickCount 0x0 0x1800311e0 0x3e628 0x3da28 0x266
QueryPerformanceCounter 0x0 0x1800311e8 0x3e630 0x3da30 0x34e
RtlCaptureContext 0x0 0x1800311f0 0x3e638 0x3da38 0x389
VirtualProtect 0x0 0x1800311f8 0x3e640 0x3da40 0x45e
USER32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DialogBoxParamA 0x0 0x180031208 0x3e650 0x3da50 0xa5
PeekMessageA 0x0 0x180031210 0x3e658 0x3da58 0x21f
TranslateMessage 0x0 0x180031218 0x3e660 0x3da60 0x2dd
DispatchMessageA 0x0 0x180031220 0x3e668 0x3da68 0xa8
IsWindow 0x0 0x180031228 0x3e670 0x3da70 0x1c9
SendMessageA 0x0 0x180031230 0x3e678 0x3da78 0x262
GetDlgItem 0x0 0x180031238 0x3e680 0x3da80 0x121
IsWindowEnabled 0x0 0x180031240 0x3e688 0x3da88 0x1ca
EndDialog 0x0 0x180031248 0x3e690 0x3da90 0xd3
EnableWindow 0x0 0x180031250 0x3e698 0x3da98 0xd1
GetActiveWindow 0x0 0x180031258 0x3e6a0 0x3daa0 0xf9
GetParent 0x0 0x180031260 0x3e6a8 0x3daa8 0x157
GetWindowRect 0x0 0x180031268 0x3e6b0 0x3dab0 0x18c
GetSystemMetrics 0x0 0x180031270 0x3e6b8 0x3dab8 0x171
SetWindowPos 0x0 0x180031278 0x3e6c0 0x3dac0 0x2af
SetDlgItemTextA 0x0 0x180031280 0x3e6c8 0x3dac8 0x27c
PostMessageA 0x0 0x180031288 0x3e6d0 0x3dad0 0x222
OemToCharBuffA 0x0 0x180031290 0x3e6d8 0x3dad8 0x20f
IsDialogMessageA 0x0 0x180031298 0x3e6e0 0x3dae0 0x1bc
MSVCR90.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_decode_pointer 0x0 0x1800312a8 0x3e6f0 0x3daf0 0x12d
?terminate@@YAXXZ 0x0 0x1800312b0 0x3e6f8 0x3daf8 0x43
_onexit 0x0 0x1800312b8 0x3e700 0x3db00 0x2e4
_lock 0x0 0x1800312c0 0x3e708 0x3db08 0x23d
atan2 0x0 0x1800312c8 0x3e710 0x3db10 0x47c
cosf 0x0 0x1800312d0 0x3e718 0x3db18 0x48d
sinf 0x0 0x1800312d8 0x3e720 0x3db20 0x512
_CxxThrowException 0x0 0x1800312e0 0x3e728 0x3db28 0x49
memcpy 0x0 0x1800312e8 0x3e730 0x3db30 0x4f0
__CxxFrameHandler3 0x0 0x1800312f0 0x3e738 0x3db38 0x63
sqrtf 0x0 0x1800312f8 0x3e740 0x3db40 0x518
sin 0x0 0x180031300 0x3e748 0x3db48 0x511
cos 0x0 0x180031308 0x3e750 0x3db50 0x48c
memset 0x0 0x180031310 0x3e758 0x3db58 0x4f4
longjmp 0x0 0x180031318 0x3e760 0x3db60 0x4e4
strcpy_s 0x0 0x180031320 0x3e768 0x3db68 0x522
sqrt 0x0 0x180031328 0x3e770 0x3db70 0x517
atan2f 0x0 0x180031330 0x3e778 0x3db78 0x47d
_setjmp 0x0 0x180031338 0x3e780 0x3db80 0x321
??3@YAXPEAX@Z 0x0 0x180031340 0x3e788 0x3db88 0x13
??2@YAPEAX_K@Z 0x0 0x180031348 0x3e790 0x3db90 0x11
_encode_pointer 0x0 0x180031350 0x3e798 0x3db98 0x137
_malloc_crt 0x0 0x180031358 0x3e7a0 0x3dba0 0x24e
_initterm 0x0 0x180031360 0x3e7a8 0x3dba8 0x1ce
_initterm_e 0x0 0x180031368 0x3e7b0 0x3dbb0 0x1cf
free 0x0 0x180031370 0x3e7b8 0x3dbb8 0x4ac
_encoded_null 0x0 0x180031378 0x3e7c0 0x3dbc0 0x138
__dllonexit 0x0 0x180031380 0x3e7c8 0x3dbc8 0x85
_amsg_exit 0x0 0x180031388 0x3e7d0 0x3dbd0 0xe2
__C_specific_handler 0x0 0x180031390 0x3e7d8 0x3dbd8 0x59
__CppXcptFilter 0x0 0x180031398 0x3e7e0 0x3dbe0 0x5a
__crt_debugger_hook 0x0 0x1800313a0 0x3e7e8 0x3dbe8 0x83
__clean_type_info_names_internal 0x0 0x1800313a8 0x3e7f0 0x3dbf0 0x7b
_unlock 0x0 0x1800313b0 0x3e7f8 0x3dbf8 0x3a4
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x1800313b8 0x3e800 0x3dc00 0x38
Exports (5)
»
Api name EAT Address Ordinal
DllMain 0x2e6d0 0xc
GetFilterInfo 0x2e6f0 0x1
GetFilterPref 0x5fa8 0x3
ImportEmbeddedGr 0x2f848 0x4
ImportGr 0x2f828 0x2
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2009-12-07 22:40:29+00:00
Valid Until 2011-03-07 22:40:29+00:00
Algorithm sha1_rsa
Serial Number 61 01 CF 3E 00 00 00 00 00 0F
Thumbprint 96 17 09 4A 1C FB 59 AE 7C 1F 7D FD B6 73 9E 4E 7C 40 50 8F
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2007-08-22 22:31:02+00:00
Valid Until 2012-08-25 07:00:00+00:00
Algorithm sha1_rsa
Serial Number 2E AB 11 DC 50 FF 5C 9D CB C0
Thumbprint 30 36 E3 B2 5B 88 A5 5B 86 FC 90 E6 E9 EA AD 50 81 44 51 66
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\=mXDtuALsY=F6MmCHnzwgeYSs6Y.lbkut Dropped File Unknown
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM (Modified File)
Mime Type application/vnd.ms-htmlhelp
File Size 1.60 MB
MD5 33e18141a20a567e2b9fd492634720f8 Copy to Clipboard
SHA1 45bbc8a4943b62f83040c89597ca8d9c3dc1cc0c Copy to Clipboard
SHA256 59ee990c0a1c5c6aa28f163f1f5543cc661c6399c3b27093ed76f28674db8659 Copy to Clipboard
SSDeep 24576:B/TLXt9cczyc0opacbhtYNLJo0blgk5gHL7a35AyjQgz9vzBA4rdeNaj3vAYWKTF:BLZ9co0opH2zmcgHa3HRxz+4gacwGyr Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\fyeLyTEnD6DacdrHW9U=pKxeWCK8D4jdxjs.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML (Modified File)
Mime Type text/xml
File Size 1.32 KB
MD5 891fab6dcf4f0e9f7dae20fb1e376b6a Copy to Clipboard
SHA1 f1d994cfb50257f9a45c558c4848c5377f019c91 Copy to Clipboard
SHA256 947b95e69c032e4f4990b53d070679c0ec36c89d09965874bdf63ed630089010 Copy to Clipboard
SSDeep 24:2djVYFfRZxV2Qo9DB/soIWDOwuYEBhhCWn2hgKuW2uO/5uWsflwuKBHGnH3pHJ:cjwfrfk9VkY2YE/hCy9aK4VfRK5GH3 Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\9leC8x6Kjb+nTNhbiZrSsB1xPy3q=iA8+kznsSUjZbw.lbkut (Dropped File)
Mime Type text/xml
File Size 820 bytes
MD5 06fa6657c01deb1b363d7be22fa0b958 Copy to Clipboard
SHA1 3949357ac681ad9f16a58b5ace51a31a82fe06d6 Copy to Clipboard
SHA256 57eda2a6ebe09d3db6e66a1ed3ec89476092bc74eb536878fdcbfc2926d175c3 Copy to Clipboard
SSDeep 12:TMHdjk813VhetZbHhxshmlpdzueg/HGbEwQhhU/9tIFl/x1/GIFl/x1/aSOhzwQp:2djk8hGvuoaB/6EBhhC3IlHGIlHKBHJ Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\9DXCdVX1LF3IjlMbAld2QI4y.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML (Modified File)
Mime Type text/xml
File Size 2.56 KB
MD5 8569290a5c70402cc87536c468bea543 Copy to Clipboard
SHA1 c2dfdd862d68f57e142832097ce95dc35ed8b7ef Copy to Clipboard
SHA256 dac250673829114428839b1b915ee99ef3fab9573a35683e45ddfed202fa3b09 Copy to Clipboard
SSDeep 48:cjdIETQSXxQ0QlQLQsQWaQgDQIGwNTpFc2QYLbs7mQaW1z3pRhLh:YdIETTxP2iNja9DN5lFc2Xns7m9W1zD/ Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\9Vco1kVdKGRfm8FtND62Smugm1nk7hy+.lbkut (Dropped File)
Mime Type text/xml
File Size 1.53 KB
MD5 ca5b89b9b0e6cd7e5fde30033ad5135c Copy to Clipboard
SHA1 cd2a143687d8041c8d24d3e6b4a5777302e3ca94 Copy to Clipboard
SHA256 8fffce858aa0c5b4d3623c72b9aaf144f997906f2019fea2daccd0628528fdfe Copy to Clipboard
SSDeep 48:cjwXAoyQ7agavBmYEpYE/hCTMfY5MfXKJFMtFFK59DtWGGTMaJMb:YHoZam/iohBYa6gbWDE0 Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\yHxaGjBkEkvoJ2qlxYVtfCOm.lbkut (Dropped File)
Mime Type text/xml
File Size 2.24 KB
MD5 72b9c920adecda3b42788f5eafb2eb2b Copy to Clipboard
SHA1 4b57e614eee91d2fed46a688da3138b560ce935b Copy to Clipboard
SHA256 8b06823dcc6a4b92085ec98f89beaa5c85f32547a9f2168538ff299df1c47ac4 Copy to Clipboard
SSDeep 48:cjHpBfpx/+QSXxQ0Q16QkMfQnMfoQEMqQNQZBOQxweaeQPU2ekGkWCrAZc9Ch9QG:YJBxx/+TxPM6oBoZeeBORkq2k2Cr19Cx Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\KXhWbUrsfZVxOps5QTn5m3wwqODEIf5mU5g.lbkut (Dropped File)
Mime Type text/xml
File Size 914 bytes
MD5 80a16ca1c6d666f86ccafe5cad6cf5fe Copy to Clipboard
SHA1 4a0fbfcd7db49e29b4e6bf7e1b12e319a264e616 Copy to Clipboard
SHA256 721c6d6ec13be18348b4dea5f5e9a040340c176bc96dc7ccd7074f82ff12bed0 Copy to Clipboard
SSDeep 24:2djtHZqI34DhBVtELoWVB/6EBhhC3IlHGIlHR9jNAuKBHJ:cjnJ34BV+6E/hCWGGR9jFKf Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\CgP3PsDMtUQduELekefcUSTf.lbkut (Dropped File)
Mime Type text/xml
File Size 1.42 KB
MD5 aede83cd31639a2f608c1a2deaeabdfa Copy to Clipboard
SHA1 50f1d3fa4c576506e9ac889a7b2f669850c9e4f4 Copy to Clipboard
SHA256 0a5db07607ac72c5ff735064a97840566e4f8ef62d5be3037dc31568bad4651e Copy to Clipboard
SSDeep 24:2djsCSgoRWWbr75sXr+l1QQzQxXw1QQzQ01QQKb5QQB4iKDWVj/SzcnYqImjgMnE:cjsCSg3I7CQSXxQ0QKeQZGyKzcdyMsQ2 Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\H48Uo5XMaut8O13579jkhAM8rXllYTUGYxH2=G+0.lbkut (Dropped File)
Mime Type text/xml
File Size 1.20 KB
MD5 b81c8d47b56367404301addb977d700d Copy to Clipboard
SHA1 9af8ff1f44bfc1312c75578b50c10284799a3c6b Copy to Clipboard
SHA256 1a2e9aa44069d7a263332db4e2a0f8383134615fbd3345fa0c645b0f9d4e796f Copy to Clipboard
SSDeep 24:2djJ2NxTIovB//OHKuYEBhhCStCwQBuNSSuuKBH2yfAYGIlH3IlHJ:cjJmxTr5/eYE/hCS/9NSOK5RLGGk Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\oI3ONK6OS8LC6i4S2VFSJSw2.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML (Modified File)
Mime Type text/xml
File Size 1.81 KB
MD5 a0b1f6feeadfd82c12be5cecd96a08d9 Copy to Clipboard
SHA1 6313de576f770b1fdd30fc7e5f99db8116974506 Copy to Clipboard
SHA256 7c7ef2670a4121c6a491c217d9b90c3e0f0c6d214c8af70fa0433a85511efef0 Copy to Clipboard
SSDeep 48:cjy0gnaQSXxQ0Q8QfQ8QQQ71GbEcLq4GaQqP+jjnLh:Yy0gnaTxPliDzy+6aJ0jLh Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\rBYXzt2uFjRHwFYnRkbBGTW5B2FY+6gG.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML (Modified File)
Mime Type text/xml
File Size 582.37 KB
MD5 372847b0840d460466b69e31e728cb80 Copy to Clipboard
SHA1 2fbf72bb245b032fd8d2d979ee1982a6a47b765a Copy to Clipboard
SHA256 dc603c9582350896803a19af92ed46c7bcf85637b39339e8233fff72081d3330 Copy to Clipboard
SSDeep 12288:vfCAijFvYFpjKW4MgJZZ/CAi02uCAi0IoiyEfCAijFvYFpjKW4MgJG:N Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\pqiTqsKj6DOsVsOyAKA.lbkut Dropped File Unknown
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM (Modified File)
Mime Type application/vnd.ms-htmlhelp
File Size 69.57 KB
MD5 cd3cde96205de2c809243b3a79578b53 Copy to Clipboard
SHA1 873577dadc158ccd1b866b5f179c8021aec2acb0 Copy to Clipboard
SHA256 234e494cfdfea0e1efe3600cb3737dd7ff4fff8bd8501ddc759b8b2ef963a8cf Copy to Clipboard
SSDeep 1536:Xi/u8dq5/58CvCuEm/t2rPdw3/KPR5QEjg:y/pMkuPI5wK81 Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\zTDuSI0uQQr=WIvG6z9U9VshXTkuiNlrGNE.lbkut (Dropped File)
Mime Type text/xml
File Size 5.43 KB
MD5 1dcf831ca4284f0696165b08cdd5317e Copy to Clipboard
SHA1 9bcd1c9fda217ac1adc1ebf15313fdbc3bb01d51 Copy to Clipboard
SHA256 c7f6ffd37668e6c8e54933208d20ed6526df6b01ba70cb4e115139663706c219 Copy to Clipboard
SSDeep 96:YEl/zIl1FDhh4RY/xBLvxjxHEtTW+WMWf0ohO1efqXP09u5jsYpYNtOL7CI9Iii:llC48xeohlIiky Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\IumPxjeoQfZJxaoGGlYOnsewyn9gQuYI62hnl+tr0fA.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML (Modified File)
Mime Type text/xml
File Size 820 bytes
MD5 4166f31889507cf87330123acbf7bbc6 Copy to Clipboard
SHA1 318f3ad759a06ed69834e43e7c2c5e133ab5ce5e Copy to Clipboard
SHA256 23b4c793a86ecbe58e19e0da150167ae94d0179b6141718e68bbe3bd4f1b6e63 Copy to Clipboard
SSDeep 24:2dj9R2TQvcekwowB/6EBhhC3IlHGIlHKBHJ:cjeci26E/hCWGGKf Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM Modified File Unknown
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\Cvz2ZIGj4lVJGlqXyXhgWrf48=MxdXX1.lbkut (Dropped File)
Mime Type application/vnd.ms-htmlhelp
File Size 36.81 KB
MD5 d855678fc956c74fafde41c1fc611c14 Copy to Clipboard
SHA1 9476d120df752e563343a595b92b307e04dab1dc Copy to Clipboard
SHA256 659e854e8cfddf54411122207a5c67b220e63822b00209a80a04a27f83d800f3 Copy to Clipboard
SSDeep 768:m8SfxBXKpWSWEzLE4IXoUIdx2HfjDFza3oGG:m17uWSvzLE4n7OfX9a3oGG Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\VabUxhJImv0tUxEpC89znQGJXqA.lbkut Dropped File Unknown
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM (Modified File)
Mime Type application/vnd.ms-htmlhelp
File Size 26.30 KB
MD5 1b0f96eeea38f08fdebff5bfecb6ad73 Copy to Clipboard
SHA1 124a9b1062dc588a653715accb6a3f3cd52b932b Copy to Clipboard
SHA256 a407aae3e8f79c0e873f8ad5f66d36753f28c23520db309b24f353003b9dc612 Copy to Clipboard
SSDeep 384:1aBTBF5HgBaQRf3X8g2Ox0cdAKhEHJz5UcH8u3P1MxhmzAd2/2:1aBTH2Tf8g2Ox8KuN5UA8GdMx5ku Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM Modified File Unknown
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\k8IHRgqNmSA0G4Magze8Bo5ewEI.lbkut (Dropped File)
Mime Type application/vnd.ms-htmlhelp
File Size 26.56 KB
MD5 5b71c62e7027d66d7f7427b862675ebc Copy to Clipboard
SHA1 a78f3ed97218b9dc5327b238c4d5b9a207e53f43 Copy to Clipboard
SHA256 19964d7869f4b2b607f9dadf2c1b51372db62dbd11aec95091e0ceeb70d739fd Copy to Clipboard
SSDeep 384:1QBTSS5HgBaQRf3X8g2Ox0cdAKhEHJz5UpPI/PAIq8bm7JUah:1QBTSS2Tf8g2Ox8KuN5Upw/4oSaah Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\f29WCVn6XSG8ZU2vuXtuABMN.lbkut Dropped File Unknown
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM (Modified File)
Mime Type application/vnd.ms-htmlhelp
File Size 65.62 KB
MD5 d5ecacad95bce7f5f2a1b903cc5164a3 Copy to Clipboard
SHA1 2ea9fc72439b820b8b89197e80168eb67b81bf4e Copy to Clipboard
SHA256 d7bac3cd98dfa37989fe2397d1c2ebaded1fa3c607f9afa923508c98c85449ec Copy to Clipboard
SSDeep 1536:wCTCijzijP/HA2amS/mOQlIOz7nIV5aD7U4RgK8+:QqzqPHS/mOrOz745s7UygKH Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\DpMcgJbNeavj9boKnNJcWAIx.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML (Modified File)
Mime Type text/xml
File Size 9.13 KB
MD5 434a1da33badc5aa57c8b40463116491 Copy to Clipboard
SHA1 d2eb9242cd8796a58cdf9359b1dd097ab5b7aaf8 Copy to Clipboard
SHA256 1591d995a95036b8ca9a84dd81c687d829da483a736429f7f9717407757fab8b Copy to Clipboard
SSDeep 192:GSGr+gTFFlEcqJNOFNSytg2LcrWPHLuZBqmqmxs/h:GSG6gJFOcqJNOFNSytg2LcrWPHLuZBqp Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\vHSgTSpksBOk3GX=3B6vuuqyvzjhBdzNQSKn1CSJ.lbkut (Dropped File)
Mime Type text/xml
File Size 1.35 KB
MD5 65f7a3ee96e303181986ff671553393d Copy to Clipboard
SHA1 0f52edf304e07ebbd2e5334379c61024f6e456bf Copy to Clipboard
SHA256 8d2e8c2d0722b3ead4228704fdd9e393b4545b10bacdbd19f09db1a437d0c181 Copy to Clipboard
SSDeep 24:2dj3gQLx8oyZoIB/u5/DBL5aYEBhhCSJujh5JeumMQ7Jtg7hhVuolpuKBHGIlH3U:cjPyiuu5/Dd5aYE/hCSJuHJxmMuH6h/k Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\v1n2NEsIc3D8lQ0UIwVkzkDH.lbkut (Dropped File)
Mime Type text/xml
File Size 2.31 KB
MD5 0a559585e525a87ecc7a1dac4614d37d Copy to Clipboard
SHA1 5a25e87d620dfb6636c71a8dfb22ee1f6dc93cf7 Copy to Clipboard
SHA256 979a71aaaed54f32ff2de271d26a3be129bfea4fcc0d9661959d1d341058c954 Copy to Clipboard
SSDeep 48:cjQkAuQSXxQ0QK2QlA5pQ/2YQx22QsQIjJWQzUZSUHUxGi9f5gGQsEuYBxLh:YQHuTxPCV5pqUFH1WTZR0xTxgGhWB9h Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\H85UbG9MQX3fDxdousiKr7wyLTlKmUzN0Ukizk.lbkut (Dropped File)
Mime Type text/xml
File Size 4.17 KB
MD5 10b99c0099a950687e796eb93d5c3bc8 Copy to Clipboard
SHA1 ec3a67961d947d1a8bb1cda8b44546ba9cefa0ea Copy to Clipboard
SHA256 e344f051cae0fbd38f882b1928cef1b9b2beb71d36f1e1df806d4aabb8544d98 Copy to Clipboard
SSDeep 48:cjzUXlz5sLA7ahDVy4l4LO5i3qeX/miebcoIRYmokA7USJyPJx4HzGhG9j89oYEM:YzUVHWIc69ohdFy Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\MzYACJ+G2ZVFfK+mGowJnuPbyOuQ9jUErhNrI4.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML (Modified File)
Mime Type text/xml
File Size 1.57 KB
MD5 a1954df7aa467ed7d66b6df76ea5910e Copy to Clipboard
SHA1 255c36b5620a2d487ee36f25e00b96190dc3d30c Copy to Clipboard
SHA256 21c7121369da7cd9a4019a335178df35cf69bc5f3cd3e6dbfd31ad7f41a09d0b Copy to Clipboard
SSDeep 48:cjWG6KlPy2y1XKyYE/hCQ5sd5adLQ5/sd5a1lK5Q5Gd5aabGGk:YWGhlajKZohz545Ks5/45K5O5FE Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\QWKVz4F=1G0lwtHO989y+L51.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML (Modified File)
Mime Type text/xml
File Size 1.94 KB
MD5 2b6076609ff47d011f3302f8a7fe91b8 Copy to Clipboard
SHA1 734e746c792d1e7905295ca3d9a30062b4f7bbe5 Copy to Clipboard
SHA256 abd523cfef2fa17671fd2ebb31a123f5d1eb57cf2d62f9613be7946f795f6ca6 Copy to Clipboard
SSDeep 48:cjf3dUQQSXxQ0QhQ1Q6QxQo5pQ/SrGh3YtGIh4GG2QUXSEk55Lh:Y/CQTxPYuL6p5ppM88CIEk5Vh Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\PzLxrGhGcITgjvV=WiOzDbIJF7z5PRVGCbfbQ4.lbkut (Dropped File)
Mime Type text/xml
File Size 3.11 KB
MD5 4dbf9f1c6b0f436ac1a9e953a167efd8 Copy to Clipboard
SHA1 c46029aeebdcefdc60ca9eabf0e3424266e300c9 Copy to Clipboard
SHA256 069a1989a6cfedcc7ba63cbe32e1d5acd80881ee7ef3f174f2bbe19e90afecfa Copy to Clipboard
SSDeep 48:cjBEA+T1hXgXtWmGFGGmzTm1RYmh70mLtu5LQRagavm6im4hYmaqNdmCOuFYE/hi:YG/gg5nuwiqVCohzRSt5JbbJ+hD6 Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\ABMAmNziJ0DuuUVUTUEJBxvD.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML (Modified File)
Mime Type text/xml
File Size 4.11 KB
MD5 db38b1daefdfb4678b65828fafa5aa84 Copy to Clipboard
SHA1 015f9d1b412422618c9658d47a50e057099bf59b Copy to Clipboard
SHA256 21647d6718e2623799e42191296af3be22483182d6b1242e8eec80adbb92020d Copy to Clipboard
SSDeep 96:YNdiTxPFH0LN1+M+U+N+0+/yZfxuRNoGNpgd/2LtkqJte2sCyNdh:cdKxtcdxNLe2sjNdh Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\c+onAgZHq6ScItHc84eX76+OCH8fOE5DYeAb5FbZMpbsiA.lbkut (Dropped File)
Mime Type text/xml
File Size 1.42 KB
MD5 f788e77665c8b794dda699ba853c53fa Copy to Clipboard
SHA1 20942ae8759c8c4d39011e1c3638980c69d3fe89 Copy to Clipboard
SHA256 8eb7f4295ac25e8a1d2d6359f842083bb0071c2cddb60bfb868f9583dea792c6 Copy to Clipboard
SSDeep 24:2djH8RBuybOaoYB/6EBhhCRpH8T2uBF2uFdb8uKBHu6OKuOQFGIlH3IlHJ:cjCuy0+6E/hCRh8VBzFdrK5u/OAGGk Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\3tuVIDHren+Coc9ENw4YgR7q.lbkut (Dropped File)
Mime Type text/xml
File Size 1.84 KB
MD5 947b7bb825fae5df7787483f1de53704 Copy to Clipboard
SHA1 84c32425c87f7243a659a2fb26b50df0923bbad3 Copy to Clipboard
SHA256 41c3dd2dfb4671e494e780ce7ff2d83d0a91c4e7a84af8e308806355077e0939 Copy to Clipboard
SSDeep 48:cjfpPaDyf+QSXxQ0QlQiQNQDQ7fGyrzTuWQnVGqLh:Yhr+TxPMdmuc1PuWAGkh Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\k9RKLkAEvohi4hkLiSQnud4SvwJwopaLz10.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML (Modified File)
Mime Type text/xml
File Size 6.27 KB
MD5 8a261afe2fb09af0858fc9ce38bbfbac Copy to Clipboard
SHA1 39fd5c5aaa9ebfb8d889189795f79047591f25b4 Copy to Clipboard
SHA256 a708a85788ae4171c7cae07813177eba66f0ee0330811c94fe36ee890e03b41c Copy to Clipboard
SSDeep 48:cjVFUhgl5lpetie9i35t+51eXveXT/5KicpKWs/3inzHjZiketZJ5CPJYQLnrRti:YTKgXeAea2uHxKipmhoh1CLZyQJ Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\ITU6+xV7kP1Xq=YnMhVBou6S.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML (Modified File)
Mime Type text/xml
File Size 16.29 KB
MD5 9003bf3ca5659db4c0f73afb062df3c6 Copy to Clipboard
SHA1 9633ae3a3b361401e8caf56e86bd6e40149fc33b Copy to Clipboard
SHA256 b41b83227f36fb7a4aab93a38e933567f90079dea9c43ad73640e1672fd2c285 Copy to Clipboard
SSDeep 384:+rc45MKuoqoWa4iG3qeBFYBxzhqmAh0pNLh:EH5Mbg5eBFYBZhqFh0pNLh Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ihmh4b4UlF3XbpB=Q0DlsOq5mpzBUrNds64vkQ.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML (Modified File)
Mime Type text/xml
File Size 1.42 KB
MD5 d5dab16b2fa188b7b5acd791a4b91281 Copy to Clipboard
SHA1 2db10ba7adae6e597d304493e8f0da6d59b707a4 Copy to Clipboard
SHA256 dae2cf685bd0878e9036ccdf13be38e5d6e3eceee66e5e4e3bccc07c80faf5cc Copy to Clipboard
SSDeep 24:2djAwA2poYd8nJo7xB/6EBhhCCBD15eKuaKYquKBHJdBlYqu7MJKuceGIlH3IlHH:cjAwA2pHrr6E/hCCBDfUalK5/+7WPGGY Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\CETVahej6upnYZ4a1CqphZKy.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML (Modified File)
Mime Type text/xml
File Size 1.83 KB
MD5 d055ace991b1d1732c18c27b5aa98c31 Copy to Clipboard
SHA1 c137c1630b9cdbcb75aa4bbd7cf6db5bccc6bbad Copy to Clipboard
SHA256 02e86185862cc3e75150c282d52c1e7b5ff348076374b53884ca6a7cf245c649 Copy to Clipboard
SSDeep 48:cjNeF2ouQSXxQ0QGQeQ7pQPQN/GtrHk7WkmQXr/Lh:Y4F2ouTxPvBqcCAHkCkm6rzh Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\cWHX68YSC=l17JO=DgZy1uVR.lbkut (Dropped File)
Mime Type text/xml
File Size 1.32 KB
MD5 6561d4006a5e59a0686783499543e7e0 Copy to Clipboard
SHA1 824cc344c8d6eba2bc22ba7fabe88281ec2720ea Copy to Clipboard
SHA256 8b0424c2fb197883b7d3e9b35ef3b8e93c7fcfe34c1180b97ec6c79a5e665ad1 Copy to Clipboard
SSDeep 24:2djkZOta0VgA/oOB/YQYEBhhCSlj0Hs0/KBHDQYKQAGpH3pHJ:cj8+axABYE/hCmj0M0/K5DnKhGh3 Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\QnCApwGnTp3w2ZeASHrGTIn2.lbkut (Dropped File)
Mime Type text/xml
File Size 1.42 KB
MD5 78fce04b34dc67549e7a97f846bd049f Copy to Clipboard
SHA1 6f684d7dd2d13f75b29ed8b96cbbb156ae2c3f95 Copy to Clipboard
SHA256 89b759ee255a75c1af12fa45c6ad2527ebb0022ee9b31590a00859f1cf0cae53 Copy to Clipboard
SSDeep 24:2djUUkhV+/onB/6EBhhCfLQba7KC3a06QSj0khs0ltaBHGpH3pHENBw1NmJ:cjN6xR6E/hCTqpNv9j0b0ls5Ghxag6 Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Z7N1BN9H8Ol2A7xsG3FYi3Rk.lbkut (Dropped File)
Mime Type text/xml
File Size 1.42 KB
MD5 e869c60518f9ef170130eddca48dd502 Copy to Clipboard
SHA1 883159c0fa919ff67cf97b69d0cdbf42b2889496 Copy to Clipboard
SHA256 c99284dedb360add3df36320a21505b7c1466dcae8ad7f8bffd124b4735f6241 Copy to Clipboard
SSDeep 24:2djPaWA+7jNw/okB/RNBHYEBhhCtuvKGpHmceKEN3FzB1NsKj0o1s0hKYX2K3pHN:cjyG7jNViD5YE/hCSKGhGKaRJsKj0z0r Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\QNs90DRaeaOu21owbukdMQ2MWIt2eVV7.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML (Modified File)
Mime Type text/xml
File Size 812 bytes
MD5 192a33a35bd47e94c3e179a230112879 Copy to Clipboard
SHA1 1ba9e6368d7ccc028abcc2ddebf3577009ccc741 Copy to Clipboard
SHA256 7acf431a81a39e4715539801439332266528849a963a4234e528ffa966d05183 Copy to Clipboard
SSDeep 24:2dj/q8FaeRXhmJoSB/6EBhhC3IlHGIlHKBHJ:cj/lYeRX1M6E/hCWGGKf Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\gcnniixXVtjiVV5=wEEXlgUY.lbkut (Dropped File)
Mime Type text/xml
File Size 5.75 KB
MD5 e4f54c719bf89216e0cf6817b8912490 Copy to Clipboard
SHA1 e0a54fe08f91ae3023f8f7504ede5c40bce0f6d0 Copy to Clipboard
SHA256 f6561e7867354cb6508e4ecb642dd4ac325a7b825a4acf6aaa5240f4a7ef02d4 Copy to Clipboard
SSDeep 96:YkFrTxPHNINw+e+OQWpU/lQz/qw9Nf+F+/QWpU/4Qz/qf+jYNS+w+gQWpU/vQz/b:3vIKitRitUis1jzQ/9g7F7CXuWbsGsh Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ZT1QsawYF+TjJyLtxYEo26njdNBrDUpUI+EyZA.lbkut (Dropped File)
Mime Type text/xml
File Size 16.46 KB
MD5 3c81ca6f780323b6f25666e7042ce2a6 Copy to Clipboard
SHA1 d77382c9092f80e0277c4dfbfe062a78cab84113 Copy to Clipboard
SHA256 8be3dae490577977c73d07d192633e1f2719aff5426e3ec8722a2fd7c0d559c7 Copy to Clipboard
SSDeep 192:afHQ87fOohlCXsl2Y1HL0vIKRpSy2JENf:Mw87fOoT6YNL0vIKRpSy2JENf Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\fRhUnZZC9S6ZO0pV1XZuWhSp.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML (Modified File)
Mime Type text/xml
File Size 30.37 KB
MD5 d6aa91c2af43edc31387dbd006b6d9d8 Copy to Clipboard
SHA1 b4fb2cb1b44025d61fadc53ef610afdec8e0d931 Copy to Clipboard
SHA256 a1cef5c13f9125d06d1c3c486be1f8a2e99d07770fa94bf2ad774304b2028a4d Copy to Clipboard
SSDeep 768:fSrqMkwuakvBOWjo1qrBFYBaQpBJh0pNLh:fSrqMkwuakvBOWjo1OPYBaQpBJh0pNLh Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\C8NyFYQkC4eHTehonA4croPY95U8bbdTySKMPQGqBLQ.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML (Modified File)
Mime Type text/xml
File Size 1.42 KB
MD5 98f50e3df33b64333251ee59d9240cb4 Copy to Clipboard
SHA1 a62abb979c413d9361f31724539461bff62a15c6 Copy to Clipboard
SHA256 79b7685da08d2d66ba5f40a8a73fe2a4c4047b40060132df0ebd29de7b589369 Copy to Clipboard
SSDeep 24:2djDY7+WrhSoJB/6EBhhCgfUBF0CdqXF0Cd0F0CaBF0CKBHzSxSF0CaZMYjxZMZm:cjDYKWrrv6E/hC+C7CzCa8CK5WhCaz17 Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\nw0UdgoB9NfGKBCR4FmS+Vbp.lbkut (Dropped File)
Mime Type text/xml
File Size 1.57 KB
MD5 9a004482d50fb57381deba9ec94f999f Copy to Clipboard
SHA1 57552e0321bd7ac3514bb611e7c27d318dcfed1d Copy to Clipboard
SHA256 6fb6858d3b2bbf54a0c15754672dce399ff8513b16ac7a00533901f29b8c32ed Copy to Clipboard
SSDeep 48:cj3qmfD0fQSXxQ0QxLQFrQ7YGJH0CYrOzeQuZf3Lh:Y3qYITxPA+lwYGeRf7h Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\=Sl6akI6OhdvygwYvKh3bbc=.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML (Modified File)
Mime Type text/xml
File Size 6.10 KB
MD5 0cf24bec6b65ad2f07046d860df5c98b Copy to Clipboard
SHA1 8bfdb8946da3fb1662797608a3c6c9f2e8b540e9 Copy to Clipboard
SHA256 1bc287ce0123a43cffe76b7f731d1b5218cb641fb3032faeba12fa0e6d82a5d0 Copy to Clipboard
SSDeep 96:Y1oswTxPC0pULL3kyKnB9dUxrX6d8RU03flXamcoUGE6eUj3hyDWTW3SqyLIeCue:fsgCl5Ow/jsWGMuh Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\ReIQOxClbElcBdUyrop6h59u2FOL0j+o.lbkut (Dropped File)
Mime Type text/xml
File Size 9.28 KB
MD5 25b51f45cac30e72e111fd1592ce14ab Copy to Clipboard
SHA1 fd587b3e0d47a9c17a8463cae7720fb2f7234e27 Copy to Clipboard
SHA256 c9ccc7afa5b9d65a5cdf9dfe7219a66ed6f29aba6cca4cd20372a7570c768c03 Copy to Clipboard
SSDeep 96:YF/wA+shwUDpzSiohYLYgmsAMXI2XhyRlozpT4yfiyvuvmvLZnLU2iSAl:QYAphw4BSiohw5AM42gME6RxVno Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\XbQBv0=0=jcYQx4vXCe4aw+F.lbkut (Dropped File)
Mime Type text/xml
File Size 20.10 KB
MD5 b7e2ed3209e9f328ea1ce68ddf59b166 Copy to Clipboard
SHA1 a56c0d5af6a65e320404516ad62eb3380b3231f6 Copy to Clipboard
SHA256 72c3bd24a7c96ba9629ff390cad25563bd21bb972ad7173ca23e75a2a041534c Copy to Clipboard
SSDeep 384:2u45MFuoqoWa4BG3qoYjG41DBFYBx00ggaMh0pNLh:2J5MSgKoYjGCDBFYBS0ggxh0pNLh Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\RIKLM8yc4xJlaFdD6TEtxOe+H138BynY.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML (Modified File)
Mime Type text/xml
File Size 8.52 KB
MD5 2245048d9fd74e9524ac1d047e49f7b8 Copy to Clipboard
SHA1 07a6983b298ed29549434c10ef54ce1c7508efec Copy to Clipboard
SHA256 3990b20879fbd77bf3c8c4240f89d030d879257e48bcbcd0690fd3804ee04546 Copy to Clipboard
SSDeep 48:cjIrW1r6VJVDtZJ5IQAIMwJacJzTJLFFmCGCQorQkZxt+5x6uZBZJY6deXn357tr:Yz9QZmyZDvOho2ohIwEyRiXYHJtcw Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\I2naAsB28WucjoyDS3cGUczF.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML (Modified File)
Mime Type text/xml
File Size 2.37 KB
MD5 9eded7e53ed95359283cf62b149798df Copy to Clipboard
SHA1 1b7d4170bb69a2f407a11175d3b1fca9d3c9c33b Copy to Clipboard
SHA256 0bf03d435f48fbc0062087168788da14af4788dd58658748be3f0512be97fb95 Copy to Clipboard
SSDeep 48:cjcZHRcWcQSXxQ0QakQtSQkfQ4nQ63Q1a4Ql/weaeQPU2KNGA9mIG2a3Dt2sgQzE:YcZxc/TxPbkmSBfTnL3KLtkqIJ/G7AUE Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\=HRkgPtF=elivCvtPoPfTkzXdWcIPA.lbkut (Dropped File)
Mime Type text/xml
File Size 1.76 KB
MD5 a29ee8b64791bd2e5fa86688f4417b49 Copy to Clipboard
SHA1 090774be7410a6c6f3bab7fe3e7ef302d5b6fea9 Copy to Clipboard
SHA256 8d4ff079601b5db65f20d5b70120f86643ff74916fa0ed0a18e051c2722c7792 Copy to Clipboard
SSDeep 48:cjlRIsCNt+IpgLkePjRagavYE/hC/A2vER4K5ifkNRhGGWaXr:YM9kItePPohGzsWf2b Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\Smart Tag\aTGxaEAYHgrziZ4DRWwIXw4BG+HCwA.lbkut (Dropped File)
Mime Type text/plain
File Size 1.13 MB
MD5 d1397e6297ed19e87aa812c1d12d461b Copy to Clipboard
SHA1 edab1147aeb20f2162a178cf3844909590e0a0a5 Copy to Clipboard
SHA256 e0ca8482ec5cfb1b45c544b5cb9e3681005580d98eecd191c6d4795b261500f7 Copy to Clipboard
SSDeep 24576:eRORrRaRLRLRiIi/A/N/RxRGR6LRARlRTRm:A Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\Ht+opRO709NgN3nm8ItfhrVN.lbkut Dropped File Stream
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\Smart Tag\MSTAG.TLB (Modified File)
Mime Type application/octet-stream
File Size 13.36 KB
MD5 b81532976f2fd26bc7a50d23dd669a34 Copy to Clipboard
SHA1 8874552298b8d05172d0843ef5b3bde5817a62f8 Copy to Clipboard
SHA256 9eed448ff29a998d949ee347f587eac2633c32436d04b62d34e970459edd4443 Copy to Clipboard
SSDeep 192:OjtkQGn/H+Y4PagGvXyWRF9RW34jNy8lAA+oRtdT:6tnZ+X5RW3Iy8l3+oRt1 Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\GJCeZiAbrEjuUKymlW9CWMIUVpyUT4.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM (Modified File)
Mime Type text/html
File Size 11.20 KB
MD5 3a876dfb59193827e7d33622238a20a6 Copy to Clipboard
SHA1 8857044f373d00426d0b4d93b6d1df55c8a082fd Copy to Clipboard
SHA256 5783ca34e9f3d23915c0fe06678409dcd0d5e2749e457661e58bdd6f218b24f5 Copy to Clipboard
SSDeep 192:NSAqeJcMBsLyituGC9GrGVhTx4oD+elxh:YAqVLhXrGVhTGelxh Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
Embedded URLs (1)
»
URL First Seen Categories Threat Names Reputation Status WHOIS Data
http://msdn.microsoft.com/ - - -
Unknown
Not Queried
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\Qk2Ra1IZ1BhI=r1SjiWOQjTen0Y.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL (Modified File)
Mime Type text/xml
File Size 221.98 KB
MD5 cc12f7ca1357f6c91368022b91ad8ad8 Copy to Clipboard
SHA1 7e98757b56b3c88e8e30ca686e49903ee586ab8d Copy to Clipboard
SHA256 5ce07e1d796c8f6d2909334f39d21a97a9dbeaf4e41114ada31063a46804a05f Copy to Clipboard
SSDeep 6144:Rbj83uzVrzSAIo1DhGyeR9CYnlbzuq2H67L2lFTMiS3IWtmTvdpg1zZWy2d6mp94:a Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\OsGZiQST277LZL1TAxf7gQ2w.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML (Modified File)
Mime Type text/plain
File Size 8.71 KB
MD5 089f9c53eeb72e069a9cc14f160dcd5e Copy to Clipboard
SHA1 a2c8ebb68771761bb4278100d558c0ad27531278 Copy to Clipboard
SHA256 9f9f795eb79d8f58f9d6fedf5744d87df3303b9afac198fe234a6f999b79acb8 Copy to Clipboard
SSDeep 192:ZVIg+bTu2guN2F9uN2ruN2CuN22uN2/uN2YuN27sN2jsN2dsN2/sN2vUN2EDbONU:ZVIg+bC2guN2vuN2ruN2CuN22uN2/uNM Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\yMR9HLayOVlUN86BBXtXD2fP.lbkut (Dropped File)
Mime Type text/plain
File Size 1.80 KB
MD5 7f23c849d5447d1f481a9c818c81997d Copy to Clipboard
SHA1 267c0e4890b1bffece5dff3bb3a13ea18e3f32f8 Copy to Clipboard
SHA256 e0ec9609fe78436c9d2c17fb64cde826309f7b0129d48e48c03853d89716e4a9 Copy to Clipboard
SSDeep 48:ZlNQl0lNNlYD0OXdgQsnJkE99gDOdD/IQYMeygNnQIoKnQboZ/Qsi6:Zfrfc5NgQg1kUgjygtQIoqQboZosi6 Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\UT=AVo=nXl7RV3nlDzP06KHqIyA.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 38.10 KB
MD5 d3e5f0d2747aad4d747e78e04bfd193d Copy to Clipboard
SHA1 c976f491812826a1801433d16b155c001dbfa2a4 Copy to Clipboard
SHA256 6aac91742665affa5370509b84469f9ce3ae3e46b63e2b2fcc304ad78ca1aac2 Copy to Clipboard
SSDeep 768:oaH7D4eVIWpB82BtUf3pqcjKTLc7q5h9GyMZrF83D:oaby2Y31Ogu5Hh8x8T Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\knl7k4mROkn+byA0UyqQCtfBYRI.lbkut Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML (Modified File)
Mime Type text/plain
File Size 2.62 KB
MD5 793d4883512cd21a01c1e74cd213b9ad Copy to Clipboard
SHA1 ab8750f15ce3681623375595a34641429e6e7a83 Copy to Clipboard
SHA256 a4a92dbe1c35b5b76dce3b147110e27dd1e462bc502e56fabcd9c36af9cc4d76 Copy to Clipboard
SSDeep 48:W7jcr6Dt0fhnYDyYJowR+NJVJ8JPZjBlT+lqDuwR7T+0rhqDm4cT+YqDcjK:W7Aret0JYuYJ7sN/J8JPPlyMDuwBy1D9 Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\njM=a+mtY53235bUkSiTuA.lbkut (Dropped File)
Mime Type text/plain
File Size 8.36 KB
MD5 f36cc2ac5660b04fdc40a36e574e4603 Copy to Clipboard
SHA1 d21cc24a17193110e0db7bad6559b236d9330dc0 Copy to Clipboard
SHA256 59bc0fb2adf65ad21480b7f6dae430486c779c7c72f930d5cc80ed7e4f053d9a Copy to Clipboard
SSDeep 192:0UIgknruBmQKP7zLTvTL8U1lsLFkYg08QYnPKq1E5EBELhE1EhEpEMEuE2EmE2ER:0UIgknqBmQKP7z3vTL8U1lsLFkYg08Ql Copy to Clipboard
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\61SGV8UzBL0xwV9go+uRnA.lbkut Dropped File Text
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\as80.xsl (Modified File)
Mime Type text/xml
File Size 16.84 KB
MD5 38f0237de84eded35be09d2f067f222d Copy to Clipboard
SHA1 a1a8e2f9c9ee5118ae0edf35fad3c04d21916d3f Copy to Clipboard
SHA256 b6f61674d81da50d135b123c1514f9e90e5ed426664de1fb922ec1f70dab16cb Copy to Clipboard
SSDeep 192:NB+vTTqiHr3iHrnFBbs5zcAEVKHb8/2XGTaCnJib+Ahbw:f+vnqiHr3iHrnFBbs5zsVK7bGGIibHc Copy to Clipboard
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\b4O9g91Ot3XA1IiMiwgyU4.lbkut Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\b4O9g91Ot3XA1IiMiwgyU4.lbkut (Dropped File)
Mime Type text/xml
File Size 18.30 KB
MD5 df39348298fe23b2afffc099592e3bc8 Copy to Clipboard
SHA1 c5bb32727a168a8bf3ff9a56d757d28758d4911e Copy to Clipboard
SHA256 0c19cbea4cc6c78fa912643094c645844c01aba894f0bfb224188fad651ad129 Copy to Clipboard
SSDeep 384:fWvnqiHr3iHrnFBbs5z7l16VKubGGIibHc:uvnKK7l16VK5GIibHc Copy to Clipboard
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\fZVlQt3gkeCxezh4QSoLlWGzRKZJTYzN.lbkut Dropped File Text
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\informix.xsl (Modified File)
Mime Type text/xml
File Size 30.22 KB
MD5 9f50e2544d4bf36d3c120df983c306ff Copy to Clipboard
SHA1 dadc9830d30fd315a3fc02b5456bb6bbfa6b9162 Copy to Clipboard
SHA256 3abf4017d8b97952d9c77a7d320f90df6fbc0baeec6392def5ff45abb014dbfd Copy to Clipboard
SSDeep 384:3ByDmvqiHr3iHrnFBbs5crEnP5cV/EGk/T/VpQrIibHM:3BAmvK5rEPGkBpQrIibHM Copy to Clipboard
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\FmDWPGadWzbevLbZOj1hQ33k.lbkut Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\FmDWPGadWzbevLbZOj1hQ33k.lbkut (Dropped File)
Mime Type text/xml
File Size 28.30 KB
MD5 76b217fb3ab2f61971e8150808bfc868 Copy to Clipboard
SHA1 1ebf56aed8bc47079683bf2cb8c3304863edc3fe Copy to Clipboard
SHA256 c6b28acad5968d41a2f192f23ed9f79ef86476fe812f0d3fab94168d62164b49 Copy to Clipboard
SSDeep 384:fdMOrJnSprJlKpNeqrJQvnqiHr3iHrnFBbs5zs0wV0nZK3JnPnKzsQbGk/T/wIiI:VMvvnKMs0wV0n83JPnKOkEIibHk Copy to Clipboard
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\5x7UZOeJSfKPIGIw1AFCyc+gFVeWNk.lbkut Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\5x7UZOeJSfKPIGIw1AFCyc+gFVeWNk.lbkut (Dropped File)
Mime Type text/xml
File Size 33.28 KB
MD5 099c73956178c3cc2797cf5941ca7b36 Copy to Clipboard
SHA1 fda1a83c2c6ac8a429c0829ff78ba0be1af1b1aa Copy to Clipboard
SHA256 b10d1ebe7d30316e5431696a568fd793ea60627b01cd4c0f5bc14c993f820fac Copy to Clipboard
SSDeep 768:x0QGyvAKMs0wV0xD8E50hnPnKekcIibHk:xv8KMs0wV0xD8EGhnPnKeksk Copy to Clipboard
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\X11W9eYqDgtV9NchRs6KUkgH.lbkut Dropped File Text
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\sql70.xsl (Modified File)
Mime Type text/xml
File Size 31.39 KB
MD5 2a250d254f9222a21655cbf7af6d75f0 Copy to Clipboard
SHA1 2b802629398fe3de6df9a44d22283b66811848b6 Copy to Clipboard
SHA256 1c9c063725fc9d8a4bc4e507efc26c100685cf99a67bee1a757a851a0bf6535b Copy to Clipboard
SSDeep 384:fiOOrJnkpSlKpNeJMu/yvAqiHr3iHrnFBbs5zs0wVyuK90JnPnKzsxcV/mGk/T/d:KOGyvAKMs0wVyuK90JPnK7kcIibHk Copy to Clipboard
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\9KDoh5D5SdCnjEbcOEVOsFZe.lbkut Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\9KDoh5D5SdCnjEbcOEVOsFZe.lbkut (Dropped File)
Mime Type text/xml
File Size 38.59 KB
MD5 4aa6843e295ee5e017814caacaaef8f0 Copy to Clipboard
SHA1 94c0f287127b1f87dd81dce7f904d045f39350ea Copy to Clipboard
SHA256 52b1826486c3dbc7cb491bcdeaa3c8f601bc5eb0793373ebe9be35bacb4bf7bb Copy to Clipboard
SSDeep 768:GIfVV29KMs0wVEcu8BraQG5Whn7nKekcIibSJ0AKbTh:GGiKMs0wVEcu81aQGMhn7nKekLJ0AKbN Copy to Clipboard
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\9JVtFrRGQ9gqgnC5ayHpJiWlawc.lbkut Modified File Text
Unknown
...
»
Also Known As C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\9JVtFrRGQ9gqgnC5ayHpJiWlawc.lbkut (Dropped File)
Mime Type text/xml
File Size 29.09 KB
MD5 c446c7e0a207b02c93f6ff7104365c78 Copy to Clipboard
SHA1 af45391df735afd367d33ed09623b12b4c9879d1 Copy to Clipboard
SHA256 4761afb982f755469ed10572efd86e014ed6a7a884f531a6501443055654c009 Copy to Clipboard
SSDeep 384:N5mCDmlqiHr3iHrnFBbs5zs0wVN3hEnPBKzsxcV/HGk/T/VIibHU:N5NmlKMs0wVN3hEPBKekpIibHU Copy to Clipboard
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\ny2p9P19p1Hf3qg6EQquTyWxpyziTQ.lbkut Dropped File Binary
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\resources\1033\msmdsrv.rll (Modified File)
Mime Type application/vnd.microsoft.portable-executable
File Size 650.84 KB
MD5 fb8958e6cac0b0dc725f7bb5314c44f0 Copy to Clipboard
SHA1 14c354568c13199338a6d926d65d06c81c0518c2 Copy to Clipboard
SHA256 01ebfa12e5817e9339b3928d69d48c6ab865ce33564a1410580ab3d00b8aaf55 Copy to Clipboard
SSDeep 6144:GVG5g4GLrhwG4AQWmi3fMCBJCDr1QN4bUL7:GVG5g4GLrhwG4AQWmi3fMCBJC8/L7 Copy to Clipboard
PE Information
»
Image Base 0x46410000
Size Of Initialized Data 0xa1200
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2009-03-29 18:20:10+00:00
Version Information (10)
»
CompanyName Microsoft Corporation
FileDescription Microsoft SQL Server Analysis Services
FileVersion 2007.0100.2531.00
InternalName Resource strings
LegalCopyright Microsoft Corp. All rights reserved.
LegalTrademarks Microsoft SQL Server is a registered trademark of Microsoft Corporation.
OriginalFilename msmdsrv.rll
Platform NT
ProductName Microsoft SQL Server Analysis Services
ProductVersion 10.0.2531.0
Sections (1)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rsrc 0x46411000 0xa10a8 0xa1200 0x200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.97
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2008-10-22 21:24:55+00:00
Valid Until 2010-01-22 21:34:55+00:00
Algorithm sha1_rsa
Serial Number 61 06 27 81 00 00 00 00 00 08
Thumbprint 9E 95 C6 25 D8 1B 2B A9 C7 2F D7 02 75 C3 69 96 13 AF 61 E3
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2007-08-22 22:31:02+00:00
Valid Until 2012-08-25 07:00:00+00:00
Algorithm sha1_rsa
Serial Number 2E AB 11 DC 50 FF 5C 9D CB C0
Thumbprint 30 36 E3 B2 5B 88 A5 5B 86 FC 90 E6 E9 EA AD 50 81 44 51 66
C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\Z8qEW5=vv6Rje1MQmfasMgfQP90wGQkLS=o.lbkut Dropped File Binary
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\resources\1033\msolui100.rll (Modified File)
Mime Type application/vnd.microsoft.portable-executable
File Size 14.52 KB
MD5 a3c7efe8954fc201727981b62d1ec43b Copy to Clipboard
SHA1 155c164c9ef5391017971a489b72065fcfe7bce1 Copy to Clipboard
SHA256 7151d5ff489191cda6a260ecc3acfac9d09b006c9f9b0a5b21f408ce77b63f96 Copy to Clipboard
SSDeep 192:gKWdcO1jJ5WO05MsaYOF4gavfo6oEQKPnEt2yt8mJz+jaIhjTH/S8:ZWdcEjJ5WD5S4CnELKt8Cy/j+8 Copy to Clipboard
PE Information
»
Image Base 0x429f0000
Size Of Initialized Data 0x1400
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2008-07-09 21:50:46+00:00
Version Information (10)
»
CompanyName Microsoft Corporation
FileDescription Microsoft OLE DB Provider for Analysis Services Connection Dialog 10.0 Strings
FileVersion 2007.0100.1600.022
InternalName OLE DB Provider Connection Dialog Resource Strings
LegalCopyright Microsoft Corp. All rights reserved.
LegalTrademarks Microsoft SQL Server is a registered trademark of Microsoft Corporation.
OriginalFilename msolui100.rll
Platform NT
ProductName Microsoft SQL Server Analysis Services
ProductVersion 10.0.1600.22
Sections (1)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rsrc 0x429f1000 0x13c0 0x1400 0x200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.43
Digital Signatures (3)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2007-08-23 00:23:13+00:00
Valid Until 2009-02-23 00:33:13+00:00
Algorithm sha1_rsa
Serial Number 61 0F 78 4D 00 00 00 00 00 03
Thumbprint D5 7F AC 60 F1 A8 D3 48 77 AE B3 50 E8 3F 46 F6 EF C9 E5 F1
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Parent Certificate Microsoft Root Authority
Country Name US
Valid From 2007-08-22 22:31:02+00:00
Valid Until 2012-08-25 07:00:00+00:00
Algorithm sha1_rsa
Serial Number 2E AB 11 DC 50 FF 5C 9D CB C0
Thumbprint 30 36 E3 B2 5B 88 A5 5B 86 FC 90 E6 E9 EA AD 50 81 44 51 66
Certificate: Microsoft Root Authority
»
Issued by Microsoft Root Authority
Country Name -
Valid From 1997-01-10 07:00:00+00:00
Valid Until 2020-12-31 07:00:00+00:00
Algorithm md5_rsa
Serial Number C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
Thumbprint A4 34 89 15 9A 52 0F 0D 93 D0 32 CC AF 37 E7 FE 20 A8 B4 19
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\UKqzg2rIV6xIN=gGnQ=bAlPhnhSzlrAR.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00004_.gif (Modified File)
Mime Type image/gif
File Size 8.81 KB
MD5 b9ef7c90b3c0dd27a9ce99311b679e87 Copy to Clipboard
SHA1 b19c0279e261cb6c6e3d0ffcbad33b440a6ce491 Copy to Clipboard
SHA256 3aedf96227b7d04a1fc9fd4c4bd043b8d591889f974f65ad3b6162fd6ae8f60b Copy to Clipboard
SSDeep 192:D/TCj+tFJu5/8pFWXeWAFY6xNSPVjdUw0VVNntG9iTVvM/QWdSPVjdUw0q:D/T2EUSFWXeWAy80VBUFVdNU/0VBU6 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\QnNahk9N2icZJS1W85b=s=MKj=3gsrx+.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\QnNahk9N2icZJS1W85b=s=MKj=3gsrx+.lbkut (Dropped File)
Mime Type image/gif
File Size 7.05 KB
MD5 6cafce55eb2b278e4aa369b1761fbd74 Copy to Clipboard
SHA1 b0d261315dc138c03562083179ddf98214edc20a Copy to Clipboard
SHA256 49521a0d414d086b0ae5aeb6d91a6bbab74107a62d61e39d1f4b245336459904 Copy to Clipboard
SSDeep 192:0nsybGduWvD72oug7BAUo6TyD8VUJqUGLx5ED1GLx5qj:0nsGWL72ox7BA94yD8KJqUO5EhO5qj Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WCfBz7UOKDVkbq7leJGKBhFkbXdEsSVM.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00021_.gif (Modified File)
Mime Type image/gif
File Size 14.53 KB
MD5 af136469fafedf8a85e277fab2cf5a7a Copy to Clipboard
SHA1 4bc0066870814163041b9de636e919d46fd21357 Copy to Clipboard
SHA256 2e34e6e16dd66fc9800be6a142f15b0db4ba5cd60b342cddd78db0f2a447e0ac Copy to Clipboard
SSDeep 384:kRFG8Fjt5X65VpMXD+7XM4OEWlvKGxNNSN/0Y54OEWG:ki8FRLDo84/WlSKN2/0m4/WG Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Hq1Cb+qh=ENy8PNplpweHgVfoXgrJC=a.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00037_.gif (Modified File)
Mime Type image/gif
File Size 6.53 KB
MD5 aa5d48e8ac51a1ee4b597f927cf6fe6e Copy to Clipboard
SHA1 c5561fd2aa7778e4babe4f500e77fa86c0840cd6 Copy to Clipboard
SHA256 97a460b1105b7b34b8d2ca38a62c3fbd888273736667a3db1dd92d26dd6f78a3 Copy to Clipboard
SSDeep 192:22acBRn658GECWSmP9r2mMJTQQ8aMcQQhE4XrT:22DPn6Wnr71rDeXM6lrT Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\3hIqYd0AgHFL=qlxRMuTaMlzLJb0G3I1.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00038_.gif (Modified File)
Mime Type image/gif
File Size 3.18 KB
MD5 345103230cc713be70d4dc9d62346cfb Copy to Clipboard
SHA1 b52f20966fc523a2857af73823495c1df66f799d Copy to Clipboard
SHA256 d59bd123cd1f67f161c64b647b0c3b2f26c43fbbab06c8792ed2f39953c9f4f8 Copy to Clipboard
SSDeep 96:vofQSxliD1zwiZexIClxRLtXHJKmsLYd2:UQSxliD1zw1FNLzKVI2 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\spI4wWxkVrw1y+AMhB+aBl68kpVlqqjK.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00040_.gif (Modified File)
Mime Type image/gif
File Size 7.91 KB
MD5 8b44f1625d5451393af36dc1da700002 Copy to Clipboard
SHA1 35c054c0c28cf6d44dd011080a821dff7aeb1861 Copy to Clipboard
SHA256 bdefdd6d42ce6157282bd2c72ff1909270ecb1912f6ae8a9de6f7db011471894 Copy to Clipboard
SSDeep 192:bopGhtbnNKAPd7jeTJAAG8mNZuTGa1rAdBzs6:bQObnfVje1AAG88E6adazz Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\gu0Jp6L6yuIsEEl+uz=4ryCgSa2OCZk1.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00052_.gif (Modified File)
Mime Type image/gif
File Size 7.51 KB
MD5 7ff426c280a0c8817ee9df55c5ff8b6e Copy to Clipboard
SHA1 77f9db7035a64cd7d502a0bcab0e290a027a2df7 Copy to Clipboard
SHA256 044520bf5bc242dfb665e2e12f72adc3721ca9b85e1949fff26adf106e7b283d Copy to Clipboard
SSDeep 96:tCcNHHjAt9W/BWFoLXo89BXJ9MgPXjTorod0ZZlJueFj0Ld2HbEPgf33UhGc28Z2:ndHUIDY8zXXXvoy4RHHhuP2vT2VIw8t Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\mJR+e6hbXXCWN=lSujT=ic+xTlVsh+dd.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\mJR+e6hbXXCWN=lSujT=ic+xTlVsh+dd.lbkut (Dropped File)
Mime Type image/gif
File Size 11.61 KB
MD5 f590857cbba2b54e2bb26df8769abdd9 Copy to Clipboard
SHA1 70391bceaefc021487e6ce95fe1285e873ede050 Copy to Clipboard
SHA256 b5fff453913458cc35cb5c8fe242e703f1b369648fe3ee6fdb093dfeae796e3a Copy to Clipboard
SSDeep 192:kkhgkvIbBm8OBVkuYdLrVDsG0oBjxyrKiFIfY2JQ1ME4CKIatOMEo:kkhRvIbBwEuYdPVDB00qNFOYs2MEtKVF Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Tzjd7RGzVQjSLjp=CYWbxMQW1XzdhOL7.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00090_.gif (Modified File)
Mime Type image/gif
File Size 518 bytes
MD5 a5e77d60cbd0dedbe2ec12c4a49a1a23 Copy to Clipboard
SHA1 b64a6a2e6e3ebba247526cb86760ae1ecc1a162d Copy to Clipboard
SHA256 3bf1d5f6252311ef2e73f59e6d86041647111dbad248ebe0c3a8171d74af0d40 Copy to Clipboard
SSDeep 12:y/TSs6wKfzGhBpKtKsPLvJi9JYnJAWKIeAjpUUKsPLvJi9JYnJAs:w6pzKP2QJK606mQJK6s Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\q5VM7PIKaVrbSI7FCwPrkJGRwaj1Bunj.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00092_.gif (Modified File)
Mime Type image/gif
File Size 503 bytes
MD5 d1e8e9373f74395debe5ea242a694d43 Copy to Clipboard
SHA1 4547f63583312329cac15f748b9fc3583d61c325 Copy to Clipboard
SHA256 1f1b5b9021c1ed27e4b67a639b696111f2cfaab5d5a58075a9e62f6236708243 Copy to Clipboard
SSDeep 12:KDTSs6wV0IBYFQK0/qpkA4fqo3wl4/qpkA3a:K768FBcQ/ci9wlCc3a Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\s8l49L6l+aHfKIIGRmaXtOAtG1z7qwjM.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\s8l49L6l+aHfKIIGRmaXtOAtG1z7qwjM.lbkut (Dropped File)
Mime Type image/gif
File Size 12.41 KB
MD5 e0bd451114f8d5a5ac97ea18104d6830 Copy to Clipboard
SHA1 764f88733fdf18b612016bbd29f3613eca9ba06a Copy to Clipboard
SHA256 f89eee8d796f218d8f844cba1d67df267e472a7ae9897786e682cee9ec656a0f Copy to Clipboard
SSDeep 384:0MC8SOcnsgNYMC8SOcbsgNQMC8SOcssgNh:NC8iTzC8i3rC8iQj Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ufDjJe3JTVQ7QAAP+oofBPcaeitsKWHH.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00120_.gif (Modified File)
Mime Type image/gif
File Size 3.40 KB
MD5 b3c88495de92384c75868da380ce722e Copy to Clipboard
SHA1 c33028fd6652899cf3d59e20de5c446ecb75d228 Copy to Clipboard
SHA256 cb85140ae1d445faa8774b2df9203eceb20dd9ff4f3d61e938d3faf0d1a4248c Copy to Clipboard
SSDeep 96:0evyyQq0J9b+W/zRQInzOy4MiqzMIU6MM:0eayQxLjiqzJUdM Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\QE4n+bKi8nf5LgN3t9RcwgGvnT5bU8RZ.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\QE4n+bKi8nf5LgN3t9RcwgGvnT5bU8RZ.lbkut (Dropped File)
Mime Type image/gif
File Size 3.07 KB
MD5 5059df0a17eb4c2e6dbe653ded27c4aa Copy to Clipboard
SHA1 4487e62bcd2d1adf03afc3915cfc9d342debf531 Copy to Clipboard
SHA256 a445c84f69a9b6ce3d72070f38df039633a052d81284dbd72f24245da4785bbd Copy to Clipboard
SSDeep 48:3Zxuzhg9NICc7JAl/4HmeJcfRKKVaxiT9rn9MASmM6CZ7K0hF:32gX9qo/BfJIiBDBXCZ7Kk Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DJJDERvJSbne9iBvEGXLyMw23mhRETkJ.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DJJDERvJSbne9iBvEGXLyMw23mhRETkJ.lbkut (Dropped File)
Mime Type image/gif
File Size 12.19 KB
MD5 7e0e2ae94638d5c0fcea8f743e306de5 Copy to Clipboard
SHA1 928ccbd8608317c707ab953be373f6e55dc62102 Copy to Clipboard
SHA256 0ed4a0db1920cb4deb41f0373f84fb3f15ac6ee5c6df9eec62280f9b0208fc08 Copy to Clipboard
SSDeep 384:kRPk5cf+ejgTbCgsm7h3XKw1h4D3KAy7fWlVdzlRrc71g4Vr:kRWzejgTbCg/96WuD3KAy7f8/7rH4Vr Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\6mUjIPzYsUwBXrw3ne45WFpXwZGbwmGF.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\6mUjIPzYsUwBXrw3ne45WFpXwZGbwmGF.lbkut (Dropped File)
Mime Type image/gif
File Size 5.13 KB
MD5 0beea1ea40816f11ee166af4f6143b19 Copy to Clipboard
SHA1 6ad7ccfa90ffb322a75b4eb7d211b3388c9091a1 Copy to Clipboard
SHA256 fc312e1133accfcb2f09fe9fbf248553cd9697e26b5d70a0c3cb73ae49a39f17 Copy to Clipboard
SSDeep 96:DE6+s+/hMds+s+/hMdHtmDOPv8EI9wnr+Qpkyv8EI9wnrtmDOm:DE6+bhMW+bhMZlP09u+vy09ulm Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\oBOnFCNxncMDJR1xvS2ARSU1UzP2eY4v.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00135_.gif (Modified File)
Mime Type image/gif
File Size 2.54 KB
MD5 ee1b3f31f2692e91ba69b8d004ce8ae1 Copy to Clipboard
SHA1 97e6fc428f824a385f92bc4408b94030cbd25ade Copy to Clipboard
SHA256 8f0eae1f3c1d639bc031a4daa97b80e18d4684920b3586fdb1bf836f80549e32 Copy to Clipboard
SSDeep 48:66X+RwpX6nRwpX6zsp2qBMrW5Iw+fBkQEJvo:d+Rw2Rw2sp2efIw+ZkS Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\K0zQTxAjPETxVR6SDEnRNHS+tR4aB+Hz.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\K0zQTxAjPETxVR6SDEnRNHS+tR4aB+Hz.lbkut (Dropped File)
Mime Type image/gif
File Size 10.36 KB
MD5 cb0b433efa2e7ebc85724d52bb66e6ff Copy to Clipboard
SHA1 ee2a32a8a6cdcee35b93ca26fb67297f8c11febf Copy to Clipboard
SHA256 a85cda9096b0ac1c29863fe95dd8d925540f46374ab7c1835f7acbf21ad92188 Copy to Clipboard
SSDeep 96:0C6dfaPr3UdWkZmNUpCoIpVIQXHt00SHs5684TR/nbLGSHs5SXHt04oIpVIUNUpX:l6d0OZypVIQXr41//1XDpVIEZG Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\0t0UyUpPPmA7fYjkMXA2MJPGjaxfsRxe.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00142_.gif (Modified File)
Mime Type image/gif
File Size 14.95 KB
MD5 861cf94d4ef0104d5f074464dd7288bc Copy to Clipboard
SHA1 f579f9d6dbf903a9bad7ddd9784da26fed7ca75e Copy to Clipboard
SHA256 7772444c3626b860ba67388d8a3a111c8112a0a6093f50a8bf8116ce56b1d795 Copy to Clipboard
SSDeep 384:pAD2kMBFSNqKFSbbFSXfFSUFQPM0aLFOU56Fi8F7w6NFSZ:pFkg4qK8bSNuaLvkk8Jw6N8 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\kHraXaaSISW2qAOCgdE5rKoRjj=3fUcY.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\kHraXaaSISW2qAOCgdE5rKoRjj=3fUcY.lbkut (Dropped File)
Mime Type image/gif
File Size 5.19 KB
MD5 82a326bde1cd049d4071ea7d50a90c4c Copy to Clipboard
SHA1 ce9a282373dc3add07f1980b14320f43de9c79c4 Copy to Clipboard
SHA256 5ef9e0bcb795a2ee8a56eca6bad8b1d490cc17c7e2ba08fbc762809126716fb3 Copy to Clipboard
SSDeep 96:P42ZQz2ec4hBwNl/oR82ZQz2ec4hBwNl/oRyprALxlarZk:PjIJMNpo5IJMNpo0a9A6 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\McHsxJLoMm6suVjD8iZFNHkPi5CH30Xn.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00157_.gif (Modified File)
Mime Type image/gif
File Size 4.84 KB
MD5 dea090908ae587f949598c5df8bd6cdc Copy to Clipboard
SHA1 028aa2e4715477c8e40bf7947693ad2f0dd6fafd Copy to Clipboard
SHA256 ea5f1d8c6dd285a705f55a9d6d7615238fd693f9ada80e0c28d98a4beed94d17 Copy to Clipboard
SSDeep 96:z2gG0QU5rFX3xFe1OEs2ovYJSqae7mcdiov9xFe1OEsyFXC:aCQs/ooMovZqYovDoob Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JN9RPuQhRbSqgLo2lU+g+Cd6Vn=F2NnS.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JN9RPuQhRbSqgLo2lU+g+Cd6Vn=F2NnS.lbkut (Dropped File)
Mime Type image/gif
File Size 4.91 KB
MD5 965212fef3795f657267181750ae36c9 Copy to Clipboard
SHA1 ac45b5a0bf8aae93219e830d5160cc911f4a028f Copy to Clipboard
SHA256 bb2abccf6c48e0779fea49f507de780ca3c95035e800259a46784f36fc4ee832 Copy to Clipboard
SSDeep 96:6fDkHDB6DYMhVvfDkHDB6DYMhVrlp6vVXmwl2F6ATrKs16YzeZymwlX3DTXlWLzs:4D0BF0V3D0BF0VngVK4uR1kUlWhRyWts Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\wb7oBhD1IegEJDt+kO3jsyYHSNJioT6m.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00160_.gif (Modified File)
Mime Type image/gif
File Size 1.12 KB
MD5 374bc54f14b63f22487e6f91e44aa791 Copy to Clipboard
SHA1 2f1130eedff45642776df5fc8244002548067f43 Copy to Clipboard
SHA256 50f371792d694147c36cbfa91091474f33250b3757306183ab96c081ec6d2969 Copy to Clipboard
SSDeep 24:Es6llT3bPct1d6ZqbYjs30lT3bPct1d6ZqbYjs3oslbcTKosP9MS3Q18M6slPjQ9:CPPeJ5sPPeJ5bbvo49VA9PjQe7FoXExs Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\6driC936vp0=41gEEHkmC2XLAdqDfvQY.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00161_.gif (Modified File)
Mime Type image/gif
File Size 7.41 KB
MD5 970ee06970fe503ff56896b1ac835a7d Copy to Clipboard
SHA1 4edfb06c25d045378c3223768efac8e3741581c7 Copy to Clipboard
SHA256 a6b5e060b9ebc6fb7637b5c5509124d4a705177e9bb60188e6b78a1de16f12f2 Copy to Clipboard
SSDeep 192:mMAKvdOr+g5NzUUWAWCVFkwM3qN0qbQcNxXGDOGoDG3xh0Z45:mMAK1MpHU3AlVuwB0kxCOfCxh0ZG Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PaYt00SI9UIgi73NMJQnTZTqPWK3oVwK.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PaYt00SI9UIgi73NMJQnTZTqPWK3oVwK.lbkut (Dropped File)
Mime Type image/gif
File Size 6.82 KB
MD5 6e04554573e493950ee1892f0fce0ec6 Copy to Clipboard
SHA1 876cfb9b128e376a6902be00f28df40042e8cb33 Copy to Clipboard
SHA256 8f443bf3f24db46ed379bc0922af771aaddfb0f1b1ecb1c231baa0876de5266c Copy to Clipboard
SSDeep 192:5MAKqy88HEa7oQ1qwKDYdGzwGzKy885u7:5MAKQwDoQUwwrEx7 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\XyL5Z7Ci1Ec38c5Pp6jvu=7e9HnL5lKU.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00164_.gif (Modified File)
Mime Type image/gif
File Size 12.94 KB
MD5 586d007b01126001c26c33f2e3d232fd Copy to Clipboard
SHA1 7e6e487b9a5427e0f4bc14e8c20af86b0d39f7f3 Copy to Clipboard
SHA256 ae09dc214c1d836801f0ad376204497bf51569a6f907d23dbaefb565afe20220 Copy to Clipboard
SSDeep 384:yMAK0MAKYWkxfCfC/d4DMAKv85kyuYXMAKh2DGw4XwFBs:yMAK0MAKYWKqCmDMAK8kyHMAKh2D7c0s Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\XS9=BP2D3JXWnXoJK5amBYtbBmmJWW+8.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\XS9=BP2D3JXWnXoJK5amBYtbBmmJWW+8.lbkut (Dropped File)
Mime Type image/gif
File Size 8.38 KB
MD5 cc8e3233903f1f0b36084d64af6e9386 Copy to Clipboard
SHA1 2240a33f1910851dac9dfa13b31ffb2c6f2431b3 Copy to Clipboard
SHA256 42a780d78b8cfc9997d13dfaac73c25a5e8d3c66f5fe6ba36d20e48c6e7dfd0f Copy to Clipboard
SSDeep 192:4MAKJww9ZL6PHKuu6smEOO9W9jbGqSpP5huCBTFGpqzZl7XVN2XZ:4MAKJwwXOLJfEOO09HGqOjuwf7M Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\rmRY8ec7mmhQfmsdkl3E6RhrAJDcYfD+.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00167_.gif (Modified File)
Mime Type image/gif
File Size 4.78 KB
MD5 928c5481700b4d1ff8121e177cb37cd6 Copy to Clipboard
SHA1 0e0b9a979f3f799b95142b2a4179caa589562844 Copy to Clipboard
SHA256 7db02d971d9d5b30c04a62ca2d5fec84740706a327e9ac93390f4083442db916 Copy to Clipboard
SSDeep 96:1OAIMAEMQ7weKnbnL6KvZyl5KVoNKvaM33K8K6HXSNx5:8MAKR6n6NmoNrM33FKoCH5 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\pfbPZMuOIPy9LmR0y1OTkARMiT1ZuxQa.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00169_.gif (Modified File)
Mime Type image/gif
File Size 5.25 KB
MD5 300b919f418919d2981980c2e25610a1 Copy to Clipboard
SHA1 c6dcc4491aade13d83be759a356b858ff212db3f Copy to Clipboard
SHA256 0e82a21d29eb7ff12bfea45e28ba88acb10a8a923eb02f10b1b9bfb1e6f3cd43 Copy to Clipboard
SSDeep 96:4AIMAEMQ7wUYQn1WHaefAZQ27+Qn1WHae4ZZ4tAE0R5njJlQn1WHaeTFykx+:oMAKn1n1W6efAZQ27/n1W6e4ZGarjJ6n Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\5zZqNbaF5VafZPmy4SB5S+2nvLZtO9oV.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\5zZqNbaF5VafZPmy4SB5S+2nvLZtO9oV.lbkut (Dropped File)
Mime Type image/gif
File Size 9.03 KB
MD5 89db6f4185b170e9470b8d08e73334c0 Copy to Clipboard
SHA1 4400057a59f27865b31f8fe2b19b5ebb488a480d Copy to Clipboard
SHA256 24fb0f5402957994ae0c0bcb2bd9f85da2df558c96b9497ff73210a4c85356dd Copy to Clipboard
SSDeep 192:32GGc1VJxWNMSZV3AAPHhHl3WAgf6IlhQBM1FaXX9YAjzhwdMH4k:ZGcpxWOS33tPHhHFWAgf6IlhQByFadYc Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ixBLk8TOlKrzEAZv+E0qCrb06bbFpVbe.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ixBLk8TOlKrzEAZv+E0qCrb06bbFpVbe.lbkut (Dropped File)
Mime Type image/gif
File Size 4.90 KB
MD5 c410a4ebb04ad9f40d6a8bd5c089d14d Copy to Clipboard
SHA1 d40a8d14cd5d4247e42865e33f51fafcec26545a Copy to Clipboard
SHA256 b62d22c3f0874fc113ee2ca17eb9524a8433da4dbddce623bac04da5fb6d8b1d Copy to Clipboard
SSDeep 96:JAIMAEMQ7wfKqJu9ibRwBNosQvAa24zKkxS9w1HiEoq3VrWUxe9xG:tMAK1qci2GufmOct3hWUWG Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\yGT4Ok0te4xt0fCu76m=nxCX8CCOk7QF.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\yGT4Ok0te4xt0fCu76m=nxCX8CCOk7QF.lbkut (Dropped File)
Mime Type image/gif
File Size 4.29 KB
MD5 6c488099f34128694de86259f67066bd Copy to Clipboard
SHA1 4665dfc0413e66aaa2a270c4f7bbfe626517fb4a Copy to Clipboard
SHA256 2674063b98feb797b1e3346deec63393de7ca0b782493e3879a33e24f650078b Copy to Clipboard
SSDeep 96:1lfNph7zHShwvi0AzHShw7r4gYk2zHShwZ8zHShw/0xM9Qk:9HzHSKHAzHSJlVzHSy8zHSI+m Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AJz5B58OSATl3KwUehRVkWErJlLY8Kro.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AJz5B58OSATl3KwUehRVkWErJlLY8Kro.lbkut (Dropped File)
Mime Type image/gif
File Size 3.87 KB
MD5 6a4f4024d6b531bfde74f6a3fa6b8c2f Copy to Clipboard
SHA1 11725fb095c0b58647bfb5037fd2072a29e5e74f Copy to Clipboard
SHA256 18153aa7d955926dc37a6cf00f2be7ea94e0b8beece87119d7ddc47e507e9abb Copy to Clipboard
SSDeep 96:fDspSXIDfGFDft4slDfkDfXdSXzDfReDfBdZDfeEDfczFDfLfaDfGXuDf3mB:uSX4ct4spsgXR+BdleMczJLaG+3U Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ccUk33AOyBE6ke0O2P5EoPf04EYy9zQH.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ccUk33AOyBE6ke0O2P5EoPf04EYy9zQH.lbkut (Dropped File)
Mime Type image/gif
File Size 3.30 KB
MD5 28115e11753768892060131852d9c4d4 Copy to Clipboard
SHA1 c5781f43718bcfa796440a3646b0446d4989a415 Copy to Clipboard
SHA256 b00f3fad15f2e3a4da104158d73e1c0952976a3f4c454dcc900c8e045b0bd17e Copy to Clipboard
SSDeep 96:vlfNprrPO0sxPIb3BvP0EKalLdan2U/79xT:TxG0sqb3BAn53T Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\hrnjuPDMosy9octq1vDXObfqCh2DZh6K.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00176_.gif (Modified File)
Mime Type image/gif
File Size 3.05 KB
MD5 e3310e5eb13ca97714058ce286ad2c04 Copy to Clipboard
SHA1 f79b32d0a4654e8eafa70d1d522f95f993c68097 Copy to Clipboard
SHA256 2ef4176b14f12a24a27829b59c64d8e47a2d2dd0f1c783c72ed2b74a46f8878f Copy to Clipboard
SSDeep 48:m9WRIBPzGEWRIBPzGjJ5yaEiAgNNOSFLBI3RaBpvP2qk8iro+pjEAUwTRoW4S:iP1dP1y1EJO5FL+6vPpkzk+o8Rt4S Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\14WTR7OKNoqDdcBrK8PnTdLifLVwQnl+.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an00010_.wmf (Modified File)
Mime Type application/octet-stream
File Size 2.96 KB
MD5 65bfd5bc721b3a10503e14dfa06ff66b Copy to Clipboard
SHA1 33664b87395ec807a36b2ec6e0c1433dbbf7fc1f Copy to Clipboard
SHA256 76c4f1589ad64447b6a95810b605f38ba7708be515dfcec6949a5e8f6e2e1de2 Copy to Clipboard
SSDeep 48:1ZT0UflP/hcobcDavUk+BWJSh6PvMDFWv/h8cB05bBdLnBo39LHFVy1eaUYmRY95:n77bg+Ssb0DFWxB0515BeFsAaUYmSqI Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\+=obmaKZ7alUGazNgCBOktoQZXoyWffw.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\+=obmaKZ7alUGazNgCBOktoQZXoyWffw.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 4.62 KB
MD5 a5990de529176204be8ddf1282fce1c9 Copy to Clipboard
SHA1 c06e4d58fbd9d06052201acc91c66a86b02f104c Copy to Clipboard
SHA256 991108c843208bf0c6a573c5da18a2a4d76b0a04c32c7c9a3c92347218a54680 Copy to Clipboard
SSDeep 96:GPESShRLN7cgXcmAa375cOL/AcEPBirT0CkM7Ex:G3+Fcs0k/zEiTjY Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\th=XoL1LT0bMBarqqvoAGkESEPV8pwrd.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\th=XoL1LT0bMBarqqvoAGkESEPV8pwrd.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 5.55 KB
MD5 80b29fa49db3939e0b34759f12ed257d Copy to Clipboard
SHA1 f0092a6b018b14d5fbcd80956294fb15f8106407 Copy to Clipboard
SHA256 a090ff40579c451a60b443a6ac0ad73bf015990713b99aea90818a6a704a7b65 Copy to Clipboard
SSDeep 96:JVRPeywwyHx3jEsFyOl03QkKUVAuhjj9UzXTie6CeHpgstQt0Srct:JVRPdwasrmjJUzvLeJTtQDC Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Bqrv2a9YDSNmM=bc4ED=kSrHWXK7yX=z.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an00853_.wmf (Modified File)
Mime Type application/octet-stream
File Size 20.10 KB
MD5 3898dab4ced562598f9d3d8d895a9389 Copy to Clipboard
SHA1 d101d4ca76d4ad8df457c9eb21ab253ae1fffc57 Copy to Clipboard
SHA256 63c364a77fcad971b73170e69688eaae99df3b973825981167b8e14eac7b42c3 Copy to Clipboard
SSDeep 384:X5be/I9XLsZFmYyGPFWE32Z7kKbrwaBFa9ji/rW9i4S3dF46kHyDHML7oSDC:XdUG7q0LIV2Z7kEUaaA05S3dFnRtSW Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ZujhcqVQFCd434tR2zy4X0A3Wsdlmy34.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ZujhcqVQFCd434tR2zy4X0A3Wsdlmy34.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 10.58 KB
MD5 5153cdf9f0c963e3d9cd97fc99aeade3 Copy to Clipboard
SHA1 c4b00359bb8d7ee4a480df882de41a857ed334db Copy to Clipboard
SHA256 c0bc5c5a60f3052b86e420c146fe71166b07729c6116ec21a01a7030023c628f Copy to Clipboard
SSDeep 192:i/ikeWqGWTazAQ9GbekT9BKAX3MudiGLL/MzCPO0FEeiwvu4JepEbMzmjyaK1Up6:i6keWqGWT2AQkykT9sk3MetHUzCG0FG7 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SMZBRdxpX684o1CCcLtOS5p6In3x9L8K.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an00932_.wmf (Modified File)
Mime Type application/octet-stream
File Size 14.09 KB
MD5 7a6a0ec140f1b6fe6f7a5e8f5cc44175 Copy to Clipboard
SHA1 f54dd8886e47a6e85ea96372b32d7daf89f0b949 Copy to Clipboard
SHA256 c4edc85e5ef5618e1f2c9c90184d3e2cca3372d08def28dc44879415528bf0d3 Copy to Clipboard
SSDeep 384:qjg0QL923IgqRYVBri7ITlAZrDTNuVXH+Xi4hb0IoaV5KdxTkYs9NBcnITG9tYhE:qjnQx23IgqGVBrWITlAZrD5uVXHEi4h2 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\dNSnQDH2cRtMSeVJlLSRG80gp1hscd4P.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\dNSnQDH2cRtMSeVJlLSRG80gp1hscd4P.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 6.91 KB
MD5 9cae1023dfdcd310203764919398e10b Copy to Clipboard
SHA1 759af59b628b6f0dcf36d9fe8071346b75c88f89 Copy to Clipboard
SHA256 0003d02c09adb5309d37a524a296d4b71941f11504f6cdd52863fe78a5925f33 Copy to Clipboard
SSDeep 192:a9v0YlK4Fbw4KYxhi4s7x6FoGf3BFGJ+zMRtiGy/HAwW8uE8JtHZzTv/zEPAQbBG:a9v0YlK4b/KYxhi4sVkoGf3BFGJ+zMRR Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\t83LpfSikw8R6CPE0nC2RwyXRPsGrpc=.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01039_.wmf (Modified File)
Mime Type application/octet-stream
File Size 3.27 KB
MD5 a72b0a3aebe6b9d4e31d72d76df61427 Copy to Clipboard
SHA1 f53a792ba8cfea9650feaf1581abaf4ef92596f4 Copy to Clipboard
SHA256 6deb90897d34188b6298f52e593d8c918db9a9ca995ac7c776a78a87c4b1403f Copy to Clipboard
SSDeep 96:s1WWWYQ16tNGScAE/IdmOVZmllyrwpLtsm+ruuYb:m1WYQ167GrlAZmllyqhsm+ruuYb Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\bHju8DbsSaYjzznZm5fgYkeAOcR9NYwL.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01044_.wmf (Modified File)
Mime Type application/octet-stream
File Size 1.56 KB
MD5 e475ef299dcea1ac238887c6ed89d5b1 Copy to Clipboard
SHA1 bae2ebdd0a322201698d5fa4e50619b40f265ec8 Copy to Clipboard
SHA256 f6ed0a9f8cc6f94edb947362776733b86004219366055db6b65153d3cc093631 Copy to Clipboard
SSDeep 48:uEsK4/Aw9Vp8r1N453kWoRM8k1EPVyyz/p4j:o1wpN450Wommyyz/a Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\nTFOqdHMxlelsDZTsvQ6bQhpywnr2dLm.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\nTFOqdHMxlelsDZTsvQ6bQhpywnr2dLm.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 7.78 KB
MD5 6e9410d9980d89708b59eaa6c85b2d65 Copy to Clipboard
SHA1 8775a42a0985475ee1ff31b78ce1cf1289707830 Copy to Clipboard
SHA256 f144bbb22536dc8d42de2d4991e96949d0f87950d6b5035acdc0ad361238a675 Copy to Clipboard
SSDeep 192:TOSB0q9J0QDaZ8vO1O9/Dl8McpjWJ+46uW5fh1SS4hIukUBBTvxPnx+N:TRd0QWZDO9/Dl83RWJ/k1SSNukUHTxPY Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\XuADcX6m4lGy=QCQ=5GSuEJbzswFutFN.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01084_.wmf (Modified File)
Mime Type application/octet-stream
File Size 1.79 KB
MD5 e3bb6431eb22d434637b55624b156282 Copy to Clipboard
SHA1 a4994d1a39c6635be09ebc3e576da927dce38588 Copy to Clipboard
SHA256 579648a00a2ec3a233faf75e180fdaf2cc418422fb9f5d8227a7d8dd5408ac3e Copy to Clipboard
SSDeep 48:xBK4/rhS0SnQHOmQ+W0nWhUYkKPRotkLkYl0LkyLkOBwTLkYANj:xB1NS0SQeN0UxNubY3jaYAZ Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\3IRqjO7moCT=T0lwjHbONkjV4R3Wcn=m.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01173_.wmf (Modified File)
Mime Type application/octet-stream
File Size 25.72 KB
MD5 1c3acb8bd97b14c2b5f77060b4533b68 Copy to Clipboard
SHA1 5cdb9d61d5b863ddc3ee85fb40c6e2c3766872a7 Copy to Clipboard
SHA256 1fcd0638ab37880105f630e97ecdd2b631fe86276f0388fac91fcffa99261c79 Copy to Clipboard
SSDeep 768:tm7L7wO+ec57BM0aRxDy6SwQAz4GKUZpqjsk5FcjZUSang2CB7eno4C7+GLGVrQI:QTJK1AoOTPHAbDEayR8ECfv Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\aF4hiwi7O3kdHCRbnAQoRWPe=x8kD4U6.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\aF4hiwi7O3kdHCRbnAQoRWPe=x8kD4U6.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 27.21 KB
MD5 a83e8dd0720bc145ac24d57d3e14963b Copy to Clipboard
SHA1 829ef8a0849ad399ba516b32cc5788ce639125c6 Copy to Clipboard
SHA256 24e8a230c21549cf83950260780786cbbab3a08b9de7374227d5de3156afd0ba Copy to Clipboard
SSDeep 768:UBjDy6SwZAzBGiTZpn3l9AEc+gNv3GL7rOgec5yBZxmP5n7CNWj6pZ/WDrTGV6Q0:Mo/12SeDKA/XoL9byR8Pyqz Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\sLsCF=yegHPFPCN75MfsTRXsQhFHR2Js.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01184_.wmf (Modified File)
Mime Type application/octet-stream
File Size 3.66 KB
MD5 71c87874b4a49d2f30c8b85d5d253011 Copy to Clipboard
SHA1 8b20eb071cf5045374afb12ba83fe7bd6853211b Copy to Clipboard
SHA256 aa58e508cc2edd2ce517891ce094e89e333343d4d196fc0013a679ba386e653f Copy to Clipboard
SSDeep 96:s4U7yT436IJ3XvgYyPBOJARsXa8bWOZFXrsmg9M4E4x22OAvY:HU7M4KIJ3fgvPgJAwa8bWAFXrsmg9M48 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\YUZq7C7+aw5wkxUiM+B254+N1GT3X+pV.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01216_.wmf (Modified File)
Mime Type application/octet-stream
File Size 5.70 KB
MD5 044525cda2815ea2f602b32af7ac9dea Copy to Clipboard
SHA1 27fadd42741c87e187157345166a84e815ba575d Copy to Clipboard
SHA256 d79c6bc30709a20b7b4afb5302e2c5e5bd8e8e5774bceae12a7a07a63e899c3d Copy to Clipboard
SSDeep 96:eP15xV7KmcNgcIUosyf/ebFmSz2GVFXThlGPVUHXy1FG2UHXy1FGnjVsBkL8cWex:e5xVGm8g9T/f/5S6GjXTPGPVJ/XJ/mlt Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\aIw9nhRQr96eEDDrDZdmmOVUvZ8X29LB.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01218_.wmf (Modified File)
Mime Type application/octet-stream
File Size 2.94 KB
MD5 11286fc83647a698ad80959433faa2e6 Copy to Clipboard
SHA1 2324ff0d0307e6011b916ade68c042edc29ed186 Copy to Clipboard
SHA256 c4dd6be209742e1a188abe114156dca439fce9e75a9bdb18510082b35fadfee0 Copy to Clipboard
SSDeep 48:IK4/oELpo2/RLkBLkqOLkHLkkLkxLkRjALkDLk9LkoWLkL57LkKLkIhVLkOhXCLD:I1LTm2ooZGrkSuWLO6OXTfSqQlFrhnHV Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Lsu7LFTic5cZfzgV=V+=Ba+TTENXgjfL.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Lsu7LFTic5cZfzgV=V+=Ba+TTENXgjfL.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 2.69 KB
MD5 30333e703a0a8dc31498761614603425 Copy to Clipboard
SHA1 1e88d701b2bfb8a1a87eb7bfd01fd3f81613d309 Copy to Clipboard
SHA256 ffea1eef72ac1d86f35b15d15dc8056d50ab30f0cb02751d46465bbdd8949618 Copy to Clipboard
SSDeep 48:OK4/1fCrneMOtbsk4u8LplGiTC2+LDpFjqqLpo7MdZX1qVBXDJRcXY0Wfj:O11abeMob64iTC2+LjN2MiBFRcXY0Wr Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\eiTP=6lNYc2PWQDR8upIhGuFrwyfGjLt.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01545_.wmf (Modified File)
Mime Type application/octet-stream
File Size 7.20 KB
MD5 92d45e93bc507ecf27b55ca1ecfc44ad Copy to Clipboard
SHA1 4623d6ec06f2e822cc20b30413c1bf330d7756cf Copy to Clipboard
SHA256 48e87ddbc4c8323d55f80056000ac21d8867319e01045100f3c251475359eac7 Copy to Clipboard
SSDeep 192:ElCp76lstfENbDKl52TxX60LkS9NaPI2+Q3v7TB7CGY50AVTpT7:ElU+lufo3Kl56p64kANWWQ3vPB7CF50G Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\P6byK76zGlv53e+hNy8L4nhSLyTYtqNr.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\P6byK76zGlv53e+hNy8L4nhSLyTYtqNr.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 7.36 KB
MD5 0ccf3813c0804cf403d27fc6c257e60a Copy to Clipboard
SHA1 d995d7878e3318fd46532d3cc4a69fd9cc1d0d5c Copy to Clipboard
SHA256 dcdad7418f88d92d7166dc69f93d8df4c0c5967322653dac0ae7111d21a6254e Copy to Clipboard
SSDeep 192:n0LUL84GibfbPE1cRMhvH8bTdpM+KsbTKjjN6qNcBC7i:nGULrGU41cRMhvH8bT4+JKHN6qNK8i Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\7IUFErpVXzGZel7I7idxO6sl3bbAUzCc.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\7IUFErpVXzGZel7I7idxO6sl3bbAUzCc.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 6.48 KB
MD5 7455aebc3988acb385113ec7376ea9b0 Copy to Clipboard
SHA1 3959567f77091e693d758c30139d38aa79bddda2 Copy to Clipboard
SHA256 128c103a830ba78dc840878ad0171425e95df8552a3603eca7ed1601c4e4e606 Copy to Clipboard
SSDeep 192:US66AOGAPivNkywd78jomSXuONYCxKdaKT0iqDV:r6IzKvO1HHzKc60iqDV Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\aPmzlwPMYWhjDWW954GabNxpGcJgchxy.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an02724_.wmf (Modified File)
Mime Type application/octet-stream
File Size 2.06 KB
MD5 3df06aae83357ace36466969fbc57a79 Copy to Clipboard
SHA1 caa68fda9be23ec1c4415b6c8828b805a9aebedb Copy to Clipboard
SHA256 eb985783eecea26fbe26a8e4e403d19c9da5769ec9ac521d6f2d129a0ed626cc Copy to Clipboard
SSDeep 48:FJCsK4/yiLpzESd0UdUZN1GKgBzC9aA9qTm2JKa5Rj:Fn1yqzB0UO8w9aAITbKar Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\q72NyGv2Cth==WWm9UaTgO9Ajo6jjv55.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an03500_.wmf (Modified File)
Mime Type application/octet-stream
File Size 9.02 KB
MD5 d87c8d858b66b8e8d51577091c088a1c Copy to Clipboard
SHA1 00b1afe010d2ae22ba15dbdfad7ba79fa5c9b6c9 Copy to Clipboard
SHA256 1708912ac36e9bfe091903fe6887b077ebdb039d176b15cc6f6e7b72e635d684 Copy to Clipboard
SSDeep 192:pPLbk6rn4tPpw4hUmQj/ZFU0jACkUJA7cjRLZTak62WrTNKWZiH5mK4aKrZKryi5:pPnF431hUV/ZFU0ECpocl9mk62WrpKW0 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\9=HNq7dCPepnedrN=Eye=7TwqsDLlflf.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04108_.wmf (Modified File)
Mime Type application/octet-stream
File Size 2.29 KB
MD5 0986c974e3fe3165d5e090b04b10f8c7 Copy to Clipboard
SHA1 9cef36b86bcf8f32385d6ce83f58e1eae43f95fd Copy to Clipboard
SHA256 3b8147002b32047e214f72357ffbd4ca5e8e5d81ff04eaad8240199ec48271a6 Copy to Clipboard
SSDeep 48:1CB4gYT8YNXpQVkMtkxPEU1DLQ1YRlKwqjuUyYyp:iJ6XiVkxPQ1OMw6uwA Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GjdO6VfPgMoQCAAP3drJQwRjyw87ruZK.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04117_.wmf (Modified File)
Mime Type application/octet-stream
File Size 5.92 KB
MD5 90d428c2b956bbcfe8bf8b9723fd73d4 Copy to Clipboard
SHA1 fce81b467dc50e5a0403ed8ad8255d1d4a53def6 Copy to Clipboard
SHA256 d862f0d7eae7c765c2b59b5aaa16046c1967a1f0fee5a2e56ec442053ec2703a Copy to Clipboard
SSDeep 96:sZJpIcnoaD1CF1aq43mXyBLS+2yq84zBhr4lb5aY6jM+qxaZ4uDT5GgboBTDCTAP:szicnonF1fXULX2yJ4dhshj6jM+qxaZe Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\fWfP5ek5Qwfxx6WxJsbZTsNdcE=3XNKA.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04134_.wmf (Modified File)
Mime Type application/octet-stream
File Size 3.34 KB
MD5 4cd7b1d61ed9f7556c20570b11a3726b Copy to Clipboard
SHA1 f19aeed9ecb8e3f6a0abc62ff3fe22ab75c6f1a4 Copy to Clipboard
SHA256 0c264b3c4a98d2a87cad34edb789317fa32c5d3f8e378f8b4f65f4fe522866d0 Copy to Clipboard
SSDeep 96:maf/aghCkXAph3Ua9qfYTy0dDIxXXJCHdj:fHBhCthkVfAddDIZc9j Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CNg=mrgMpB0sagx7=M3LrKSmyjaFAHig.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CNg=mrgMpB0sagx7=M3LrKSmyjaFAHig.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 2.58 KB
MD5 006263f45ecf7b57e62fe8f8a0053e3c Copy to Clipboard
SHA1 22ead0c4a79b021876c1eb00a4c1572b36020839 Copy to Clipboard
SHA256 f07d8ec44e4ac327e3bddddfe5dec1a851cbb0193e0287eb5d3dd58e4fa56638 Copy to Clipboard
SSDeep 48:1GmIB4gYT84daVUZqnf8pl/kOibPj9rk6kgwrfIZDQ9ps304oIp:kmCJq6GIfgNkBb66pwrfIZDMs304oS Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\qwZQnCKJtjfk4=oVymJgTHYpmXkTpGs5.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04191_.wmf (Modified File)
Mime Type application/octet-stream
File Size 6.48 KB
MD5 eee036b43e75dcf037eebfe5dd5bd39e Copy to Clipboard
SHA1 517da632f4560c1888d27adfb87203fdc2ba8e2d Copy to Clipboard
SHA256 14af25db685e58b05aef1e5d486a28022cf1215b6a5a95c22dc238532b73c959 Copy to Clipboard
SSDeep 192:7jLxPK/OSdZFxs13MkWhaoURKk8cITyGx2E9q8zqslsc2/04McgW5m+Z:/LxiOSDFx8ckW0oUQk8cIHYE9Vqslj2B Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\wRjeTZansBpD2zjlvBTp95ykhmd25rCO.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04195_.wmf (Modified File)
Mime Type application/octet-stream
File Size 4.50 KB
MD5 237a5754e0491e777b4d7622ee542305 Copy to Clipboard
SHA1 8fcdd6c0ea5dbff578daf35f445ce415f1cd99d4 Copy to Clipboard
SHA256 098b67145d16b81206120505585834ce0b18caf4d2747f1e51c06f1dd6b79dc6 Copy to Clipboard
SSDeep 96:bJYOWqJF9c0pEcZloazkMXviveifrPzLKAKoMBrA34kuKj9EnS+TD0xseY:dvVpfZlVnq9z3KALMBtkuKj9EnS+TD0K Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\2uUKmMHikdmEDU+uwWvgeZp0fR+K2MN2.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04196_.wmf (Modified File)
Mime Type application/octet-stream
File Size 3.07 KB
MD5 44183214f9bd6c0b0c05e6af34f701c8 Copy to Clipboard
SHA1 5df89969cc8cd6f63b6abfb57de90647a4f2ed55 Copy to Clipboard
SHA256 d5d73f119ceb5dd84fb2f6a3e0732f922ff11409b9774fe05f04a0078c0f11be Copy to Clipboard
SSDeep 48:1GiaB4gYT89iZay9P/4rVzu/8JuCOjImlW1rQfEOrxVz6OdeZcZ27/Nch/W4/+jp:pcJ9WFiFu/8XmIhQxz6zZcZ271CO4/+1 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\pYWmCCG26zStDAwfhnEO5gSnmeJU+vaS.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\pYWmCCG26zStDAwfhnEO5gSnmeJU+vaS.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 7.49 KB
MD5 4b70f98162f75d2845e56cdbdcfd6b68 Copy to Clipboard
SHA1 decd916e3d8ef0751caf259125ea4b959f1215da Copy to Clipboard
SHA256 03078868138d1530e1df08b94fb4dca7ba97dfb81405751bec1732c5e9adf46c Copy to Clipboard
SSDeep 192:DuMel1Qt14TYnnvuCl661ilrXLiHWKUsN9iPFlZfDTzo2vVOgQh9UqeQJc56OfzE:DuMeXw1kYnnvuS661il7Li24zMFltfde Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\wMY61Ngq3KbXFiykOs7MMo0ZpevNwLWB.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\wMY61Ngq3KbXFiykOs7MMo0ZpevNwLWB.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 8.29 KB
MD5 6fe14951a7e436879df70d2035265908 Copy to Clipboard
SHA1 e416d7ac4af885da8f2afae5f2fdb03fe842af04 Copy to Clipboard
SHA256 61e598946979edc0c69472f9867391fdf598a7279d8b736f088072328331cfbb Copy to Clipboard
SSDeep 192:WlrRZlvQ8TO0NdCSCeLT5CQKMpRm8q7YE8tMoGu+Ya7CcfBba/b7ES586Jt5dcYj:WlrRZm8TddHCeLoQKMLmd7YpuE+t7Cye Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\8m=e0mYEj2xmC+ZriOg5IzptYlSmeMN9.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\8m=e0mYEj2xmC+ZriOg5IzptYlSmeMN9.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 7.62 KB
MD5 104a8c1eb2dd0efd04a228ac3f4fb298 Copy to Clipboard
SHA1 31f53dcbe6d3136630d2e9af72bb21f244eb95c5 Copy to Clipboard
SHA256 93c6e224e1e0c6ed445bd4c285fde39f6f000a9663879967f90d5e53fce7598e Copy to Clipboard
SSDeep 192:74ux7g1lzq9rpwB9LxD0KQymhrFM93TE54VpIdmMLKzxgL8/84RQlTi8IpI:7Hxyzq9rWfLxD0KQyyrFM93TE54VpIdF Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ubpXqzZdT1+nfgqiUTdpUfwT6fJvCpOW.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04267_.wmf (Modified File)
Mime Type application/octet-stream
File Size 7.62 KB
MD5 6e5fd90c560c6910632c14492d9f94bf Copy to Clipboard
SHA1 3c711340c23ef0dd24d137e6f2dc9f53765b9af6 Copy to Clipboard
SHA256 c6f88050d53c9eef36548484757788af36820a3138cd372a2c1004e02a548676 Copy to Clipboard
SSDeep 192:HErtsB1wI0E3ms1c400OFQ39XqQ88mCY5nBFq7vIRZOFAL7Z5X9iJlzpISFoli8:HErt8wI0E3ms230Oy39XqQ88mf5BF4vS Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\N85=SBrgdm=N+ZdSq0BD+ddZGLOU2i0x.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\N85=SBrgdm=N+ZdSq0BD+ddZGLOU2i0x.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 1.97 KB
MD5 278715e34606e82da78d611d54d31922 Copy to Clipboard
SHA1 99b9c8c85a0bfcc33d4a98bf87317edb92ec7f62 Copy to Clipboard
SHA256 edb708d322cb80ad03f7b8b525e967f9e984f62a6b8f21bc6725393c41e08b3b Copy to Clipboard
SSDeep 48:1eaB4gYT8oKoCEAEHMK5YT2XMN4MDi+anp:QcJjpHT284Bp Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ttM4kHXAPsGujzyGYc7EJjUWnCEcV0Y5.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ttM4kHXAPsGujzyGYc7EJjUWnCEcV0Y5.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 2.43 KB
MD5 1591966fbe31c4f62c3671d20d912146 Copy to Clipboard
SHA1 3d914390c57d15eae4bd1625cfecbd57701cccd9 Copy to Clipboard
SHA256 651c923cc9354295452bcf1fd1c6afef35f181497ab60effa910bc134abb36db Copy to Clipboard
SSDeep 48:1/CB4gYTvi4P/17q3ljlWpbKbVd53lQ/ch91QqjD+UjwlB+oDWaZp:yai4FYkluVdxlQ/X+CUjwVfn Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\9Pr61VrruNEiVTTR1oVf3q6YxL8u2kJW.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\9Pr61VrruNEiVTTR1oVf3q6YxL8u2kJW.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 3.27 KB
MD5 36acced748450471792cd56c28b5cad7 Copy to Clipboard
SHA1 b820dc0e96baa9c6180ceef0fa1c10fb81c38e63 Copy to Clipboard
SHA256 b27bb189636d95874408efc14a1cca506a394e0a845f7f653547a309ed440e3c Copy to Clipboard
SSDeep 96:RJY/npm7dNyrZKq7KFXvObgheMQHeCH41xrTn:7qpmpNy0q7avCgheMQHeCH41tTn Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\70pxA535h+p8kMvRFEXg5jER6vDwZD7S.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\70pxA535h+p8kMvRFEXg5jER6vDwZD7S.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 4.20 KB
MD5 1fa561db2336c76051348d4c50066bfd Copy to Clipboard
SHA1 b2e43c2bc390b34903caddc0df9a7ade17465546 Copy to Clipboard
SHA256 7195fccc9f687ea55831eb07ba7f0a3ffd472fede80b2b0313e5ec38be303968 Copy to Clipboard
SSDeep 96:vJGRqy/SRERWnmFwIBHuO+q6bxn0OY278dB/YXmCYeQYshWfLlTJ0gTQ14Tb:hFytRWmHHuO+qQl0OT7OlCmCVQtOLlTd Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\pNFdYmlDt0ya8TeyObpI9LYZKaei=m4+.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\pNFdYmlDt0ya8TeyObpI9LYZKaei=m4+.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 3.15 KB
MD5 648be04014d5a6accd8580769019c6b7 Copy to Clipboard
SHA1 96e3a62ca13d7f3df1f5bb3e0110ef9c31fb06e4 Copy to Clipboard
SHA256 43bd1dfcfae4ea2ddac40b0a412bf1735dfe4ddc7263558f9c8e58bc2becf1e1 Copy to Clipboard
SSDeep 96:sJ1bQxSlZEZvJtq4ByHyBBYewRdNVJ25+eyf:i1blZW7dgHgBYfJh Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\f5DujcibJfAfJHVzNiSOt8zHSPqWNzv8.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\f5DujcibJfAfJHVzNiSOt8zHSPqWNzv8.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 4.70 KB
MD5 1a0a2f28f8d1d3e337522a57a786b393 Copy to Clipboard
SHA1 29ac81102e7503dab4683c181db8b251dad191f0 Copy to Clipboard
SHA256 ce57aa100f718d0fece6b0574b094ae6df1482cbaf980cd9d07c562e9bb969cc Copy to Clipboard
SSDeep 96:AJVLoxQRq3WDtrqsWB4MKAbd2gULwgI8PZmDY:WZoeRTtrKiAxULwH8PZ0Y Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\cVdtTog2pBehHZSbBvGjYizzGVYb=KVH.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04384_.wmf (Modified File)
Mime Type application/octet-stream
File Size 4.88 KB
MD5 bfb95034f8acb2d7a197fce055dc16cd Copy to Clipboard
SHA1 b74676a0bb85b011470bd27a3a4ffa723c7e1990 Copy to Clipboard
SHA256 ea43df5aab618e65ab248bc238d12c77510f04350e5783131a4ea403772942b8 Copy to Clipboard
SSDeep 96:wJtus2ysn2bF59lR8Lrwry8UEbIRjMsudJsc20Tu3g7fpB3z7qj:GQ32bF59lRi0ry8nItnudJsc2Ouw7fpy Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\rwbPUFW5zCSrp2Cgaqs=LHzbg5JppoGq.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\rwbPUFW5zCSrp2Cgaqs=LHzbg5JppoGq.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 4.89 KB
MD5 121d5940b9fbc5f0f60e32734aa76761 Copy to Clipboard
SHA1 1173105eaef5bf7d429cdea23ff866473df556e4 Copy to Clipboard
SHA256 8d5747a61b73aa00d3ef85503edb869219a2255ea3b649bbe9837b9ea051018e Copy to Clipboard
SSDeep 96:KJnGwkn8L9PlWxvCDhb0dIUlcePYJFA5da5oP24IjCW0FUJQzlIuXoxS:QGd8L9COyIULPYza247FUgl9XMS Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\R+RtagTOeYBqd6FZfAdewWjR3ks58A.lbkut Dropped File Audio
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\baby_01.mid (Modified File)
Mime Type audio/midi
File Size 7.21 KB
MD5 39836d28c428a8e235df5b2d36edf8b0 Copy to Clipboard
SHA1 ec6eb84554656b73a8c25b2a3190c1dfda41862f Copy to Clipboard
SHA256 5f6a347461a48dc1a948a0135c4522262c763f9f892c9134c20f725d691219c0 Copy to Clipboard
SSDeep 192:RprCIC+CUC+CUC+C8kYJQQQQQex6KLRvs3DMA9WCuWCW:RpOIgUgUg8kYJQQQQQex1R5A9gW Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\xWLYWF36UvC=HD33hULY+9XmOgQleR8K.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\xWLYWF36UvC=HD33hULY+9XmOgQleR8K.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 4.76 KB
MD5 ee4e891028c09bda28cda0e8edbbb1b7 Copy to Clipboard
SHA1 c49083d2b0a1db5cacce6234187dd300d5608eef Copy to Clipboard
SHA256 b7048edbf15347724a6edeee48e1c15db8852067da85a392d0159cdcbc629f18 Copy to Clipboard
SSDeep 96:z/JM0o/ci3Nwx4VJd0KjDediZmtyRVxpST4FQRd3L4FQRd3EVwFl02UqEYvTBR3C:lMVyx4VJdfjDediZmt2xpG44b44UVKlO Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\xqFlOkiYpsTMBkcBp+icGx47sgblg6lh.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\bd00141_.wmf (Modified File)
Mime Type application/octet-stream
File Size 26.26 KB
MD5 1fee7c2f894e342671d40deb688ff4ef Copy to Clipboard
SHA1 1335f783c2109f1c2d39eae8eb4fe60d40703541 Copy to Clipboard
SHA256 6574c38b23abdaa058a332bb0314327c79d8a3922f9fb4b2ab9d47ec966234ef Copy to Clipboard
SSDeep 768:GiwsdfX0GPPXlHM6OBQImAcm03LvQb3TiRt35MwRPE1HhYigq49/rsiTxmIEyqVB:wifPDVvNHQKQ1BCWBEi Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Aizbun0FvZzGl8Db6nStUZwsOQN3T0bG.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\bd00146_.wmf (Modified File)
Mime Type application/octet-stream
File Size 28.27 KB
MD5 5a4f006b1cd2e1c6b8697bd13b38cf73 Copy to Clipboard
SHA1 f7de06c65c159c036500e9511914df1c82c4b8e2 Copy to Clipboard
SHA256 a8545d47da477a8a67d7d90a3a535a45db07b5e3796de0653c0b1e27511e910a Copy to Clipboard
SSDeep 768:AnC2KLqmi5AfdzGi3bHCQc9yM2XvlomvoK+hlJZFAf5iUnZlh+LiakoAstICYF7s:1dNBQ0mhyXCKG62wNL/G Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\a5EhUbCF6wY1kXzJnvPRgKP7cT77HjWi.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\a5EhUbCF6wY1kXzJnvPRgKP7cT77HjWi.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 11.36 KB
MD5 4c2ed266f0b5316b6f4c69fccec49cbb Copy to Clipboard
SHA1 13c090bc84a1f24c3d01977101735aa00d6ef75c Copy to Clipboard
SHA256 954c25485e1ee32654fd630b3ddab481f964a45ae17a884634ed1e862188766c Copy to Clipboard
SSDeep 192:2xtAOP927mZ8OuHNRDgXjXIGInt6RVIMVM4tu6kYoF7DUuFN58G4xcnScxPsfDlg:2xtDM7mZ8BmrIGE6RVIMVM4tu6kYoF7T Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Syo9Esbdg=+44LpkxKCKB7OdISd56cpI.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Syo9Esbdg=+44LpkxKCKB7OdISd56cpI.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 21.99 KB
MD5 989576950e1c433371e27b36b04c5433 Copy to Clipboard
SHA1 64cd4cfc54c3a1365a307611af1e237a797da9b2 Copy to Clipboard
SHA256 3c8041ea05099b19732bfec5a3bd0096cfc703d7ac5a38c30e672d8e96c15b5b Copy to Clipboard
SSDeep 384:Is6r8M1mJk/dluq9s76GmW8BxdvzeDVoa5myWKYba38exzRui7c6JCuRKeSCz8PR:I7r81Jk/2q9s9mW8Bxdvze5oaYyWKYb7 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ZXg0JZau2KepW2hur0X6hdvzYCAXojvr.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\bd00173_.wmf (Modified File)
Mime Type application/octet-stream
File Size 15.80 KB
MD5 ed86191a8a505f62109a8486b592fb4a Copy to Clipboard
SHA1 7de40ff238c94b57037e9df20b671d4b543d85cf Copy to Clipboard
SHA256 b9d4cbd350d1e38e8b1b3d33c2c8feb7e8652497a65fde5a9e7491124023ba19 Copy to Clipboard
SSDeep 384:3oVk2+VIKj58FUO8u67wmmHqNc5XTfe8eLZAzy/X7RV4V+RX/Ldh0llj1/9/EY7t:3Uk2+Vt58+O8u67wmwqNc5XTfehLZAW8 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\xQw7B5VsJmuD0G=XJA1pYAHQP4Hj1WCB.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\bd05119_.wmf (Modified File)
Mime Type application/octet-stream
File Size 16.83 KB
MD5 345abcb80c5d273f6c009639fa396cb2 Copy to Clipboard
SHA1 8f3d7d38cb9fad39840821e3d0c58faf1a369197 Copy to Clipboard
SHA256 2de3e8c211a577cd708c46601a464fed066009451879e65fbc79e9d82e878be7 Copy to Clipboard
SSDeep 384:xL55ROgj/lrYyB8AqyFlxjM4bOzAAI9fTguitwCX70:xpLZrHuAqGxHOzPjtwCX70 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\VMulQkkcGArmRRdLlS8UrevDoJnHPoE2.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\VMulQkkcGArmRRdLlS8UrevDoJnHPoE2.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 15.74 KB
MD5 97d3501cb240f8e848cbc0b23dcb6cd9 Copy to Clipboard
SHA1 83142fa9a88c51115c32848f18b71211a51df79c Copy to Clipboard
SHA256 07de4c6c2198e4f138ef830ef5c4cc1f6d89a0318374899e96c3cf80abf8a887 Copy to Clipboard
SSDeep 384:i4anifAYOE4INNPGMrvnA6/vJ4md9LmsHpBtYviXRIdRpYVkLWqRCwKdxMqivf8g:i4auAYOE4INNPGMrvnA6/vJ4mbysHpBi Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\wBup8kfCs88NpnDtA3z6d0hyk6iYpPsW.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\wBup8kfCs88NpnDtA3z6d0hyk6iYpPsW.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 16.29 KB
MD5 c803b4ae4e50cf585a987ce894435e5b Copy to Clipboard
SHA1 b8e4c7bccd25f2d1c207c17bf572733bedf69e5a Copy to Clipboard
SHA256 bfbe351c90c07e497f348f0fc5237c98cc633b9764d9857e037e59222821dc70 Copy to Clipboard
SSDeep 384:81vmFtzk0THj4Y3lC5GZ20wLi14cVVeixCUS0oWMD7oKSXWqOWMHgJBoq1BaqifW:8pm3Q0ff1C5GZ20wLi1HVVeixlS0oWM0 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JSivZvi60tBzNlzAbKUKUNNnf2cLyDNP.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\bd07761_.wmf (Modified File)
Mime Type application/octet-stream
File Size 26.12 KB
MD5 6aec2676232d10f3ac272c23e112b6c2 Copy to Clipboard
SHA1 13f839ee31df597b8ee2de67cc8a863c0547852f Copy to Clipboard
SHA256 8d2fce2193b6de2e1b1ca6f1a65fe0d30be425efd3c8930a87f5a6b58498dd37 Copy to Clipboard
SSDeep 768:6WFXaxMFxivMfSi3RGGKrVJ0EgKzaeM9jKqE9Bx8KF7bnbkYQwXtFYqvZTPs/2sm:hFXMvCiGyAmygtw48OxH Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\RSo3FhIsbZo5dBIKhDO3sQgOa96mvtmX.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\RSo3FhIsbZo5dBIKhDO3sQgOa96mvtmX.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 4.81 KB
MD5 f08d902d73018b3c6c17691ce5e45127 Copy to Clipboard
SHA1 be47929fa7f2488fdd27f6a2b0f0110dde8bc33a Copy to Clipboard
SHA256 f5deddeeac2bbda22ec8784ee412c0b7c7417ea46b4a8909a8a7ed313801c335 Copy to Clipboard
SSDeep 96:0JQiGD3QayRZmJUdsYUHnIsSmLw0BhQLHC2ysjTYdlmQD/qorR3jT7i:6QiGsayRZGUdsYUHIsSms0BhQLHCtsTJ Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\XjSjQxjn62ZndIQ8kLiWMAN78tf=hviW.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\XjSjQxjn62ZndIQ8kLiWMAN78tf=hviW.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 3.97 KB
MD5 cfc2e4f98135857bfd26819d276d00a3 Copy to Clipboard
SHA1 1262f6eba985a7c9eff0f55e2f4a7e3983101025 Copy to Clipboard
SHA256 0cc625e61e65449747892df4fb7522c84a233a251526e986b2ea515826f05189 Copy to Clipboard
SSDeep 96:wJ1V0urvwKkSiZ18kjV9YtmBy+s5tINZCZjYPP4Zb6tmzcr3mF:G304YnSiv8SXYtmsXtgZCZjqPA6tmzcW Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\5Ad1afTCpYYqgv1lMfz4tsnQv1Q1SSEE.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\bd08758_.wmf (Modified File)
Mime Type application/octet-stream
File Size 23.75 KB
MD5 52e3ca2ffe0b1af1c21a9509fb9db115 Copy to Clipboard
SHA1 0eda305d078bc77f200c52efa53c4ec441de067e Copy to Clipboard
SHA256 0acdf832965ef004f3059f99dba58e762252c0a795e82f1f48c473e6a2ff2e44 Copy to Clipboard
SSDeep 384:GmB5ln37wvmxuD1ZBwpbg91/sPJ3OdKi7VjDWs+JHByL0SgYJzQmrmH985rbAR6n:GmBHn3UOxUjaEFsPdOdB7dDB0r8zQMaO Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ab0egJPixcXr=joInrsKQVXoE+hVbEYi.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\bd08773_.wmf (Modified File)
Mime Type application/octet-stream
File Size 24.20 KB
MD5 e69161ac96c614c34fc2e3640740ea81 Copy to Clipboard
SHA1 317bc8bc165b49fc87736dafff1eef18bb3221ac Copy to Clipboard
SHA256 68f756ba2df162f6abce27a870048e16fd0f056960557e565584b7a84832bb76 Copy to Clipboard
SSDeep 384:yyf+LkSDlfTCbv7A8varAuKXNfVcIzF8M2iBJ3UBx359EgBSBUmEnAw07SSs8Z:yc+HpqE8veAuStzaMvJEBxp9RSB2n4F Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\lTw2sizpuZxa3vM+31zr8iOVvoRtHdAM.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\lTw2sizpuZxa3vM+31zr8iOVvoRtHdAM.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 46.87 KB
MD5 f2808842ec05198f5f063efc77186b2d Copy to Clipboard
SHA1 6f5d56802790baf5d75ff93b920f5a391c028c86 Copy to Clipboard
SHA256 11d545fa228b59bda39b9bc959638d55eabdb630bd4b4d0f3b6e4d72227ba788 Copy to Clipboard
SSDeep 768:Kqo4MS13fndvHfA0vRHxgOeM98GMg0PCXzo1MhD7XuxD0w2l:dbrRz6so1MhD7exD0w2l Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\QeMarFV0PWEb1jvtJkgdeslOFQp=KCFU.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\bd08868_.wmf (Modified File)
Mime Type application/octet-stream
File Size 39.26 KB
MD5 d4d5c5266d94158e0307df6ffe5ef33f Copy to Clipboard
SHA1 873563ae0c19b1ca7afba7a9e65a772b5ee603e6 Copy to Clipboard
SHA256 ccb11826b2dcaabff94206a75cc0deaa3a3e366543171a1a06a89fccd1e34029 Copy to Clipboard
SSDeep 768:PzD607BWZBPz43+ZS21BYTpvAPCP0zwITG/wBWOKEe3Jqhj:P607YPNql4KP0z9S/i7QJg Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\stxF97DxoXCce3T+54YOBchZiTktNDFS.lbkut Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\bd09031_.wmf (Modified File)
Mime Type application/octet-stream
File Size 46.67 KB
MD5 cd408e634d28b014e3361fbb9317f49e Copy to Clipboard
SHA1 8c98ffdb398161e32b1535c35056e863c1497c03 Copy to Clipboard
SHA256 33c3db54e94678879e528c83af69c360d7e86468de664e2da44f1c5f693d3cf4 Copy to Clipboard
SSDeep 768:GNf5Co/PqvU+Dqf/f+BQ7kCHEC+r7lHuAA08lMHojdJhm6RqweaB59h0Vj+UGbQg:uf5C8PqszP+5lrhHumHcdCKqwwPGbQg Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\f18lCPpX0bIZFoy5RpC1kg7ZU4PbmHHD.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\f18lCPpX0bIZFoy5RpC1kg7ZU4PbmHHD.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 14.20 KB
MD5 1609f0c5e035a3389b9894ba4c402c51 Copy to Clipboard
SHA1 67dae7ea998efd177b1d0d2e3aa874b4a27d11a3 Copy to Clipboard
SHA256 6573d7208ff3137b39edf4a389e7cf29ad93e12255cfcb04746d5de2d7e00fce Copy to Clipboard
SSDeep 384:x6fzQrQR2eIr0tYyM0znUO2UaPOUZGufMSDBDyKA/:x67QrQR2eIr0ylYnc5fxDFyP Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\3YLOJodHdyBvS2M8tONPgq+pQITRfLzZ.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\3YLOJodHdyBvS2M8tONPgq+pQITRfLzZ.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 20.07 KB
MD5 4f930c27e190e6243a20b1ffa78db4e0 Copy to Clipboard
SHA1 acc61d6219265b6e8169fed1b1df969be2aae5e9 Copy to Clipboard
SHA256 42eab6fcbbd761eee3852e1b709261ae5db41e4d635fdb2209e8bd2f4f3d371d Copy to Clipboard
SSDeep 384:BtX9FpZF++LJhfUsdwwfYOiof8plbxXJl8M74KpXzlmWJH9RyYwzzmOI+RNdkhls:7X9Fpb38+aOLf8VXJl8M0KpXzlmWJd4T Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\p4ETBoT8M0yS5oG6nUJktJPvZr4SHm78.lbkut Modified File Stream
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\p4ETBoT8M0yS5oG6nUJktJPvZr4SHm78.lbkut (Dropped File)
Mime Type application/octet-stream
File Size 7.78 KB
MD5 5e29a48cfe0a4818c6a126588b82d666 Copy to Clipboard
SHA1 d10cd5201a6835664728e8de73bd94c91202a744 Copy to Clipboard
SHA256 ce0c2e06b73242a4e926a80b734658b5441cf2c48a7dcff324b9a912aa0bc9f6 Copy to Clipboard
SSDeep 192:iiph805wfAH4nf3CJlT4WHr3BSFOEzWvkpOkJWHfSNx31GzEJ6YUoy1kTQirr6i2:i08Rg4nKAWH1oykpOk3x31Go4YZy1kMp Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\v5O251XZScuMXw2eFoxucpwXCHs+pN8k.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\bd10890_.gif (Modified File)
Mime Type image/gif
File Size 13.20 KB
MD5 f2277fe6db591beacb5582aad8a19636 Copy to Clipboard
SHA1 735758e5ca2c07465fa616d0d6c2b86470840c3c Copy to Clipboard
SHA256 802253665b6cfb1c4150b6c7a1c48d78f2c0b5f61bc87a822e56213c7afc211e Copy to Clipboard
SSDeep 384:LSZCWR+JO6ePsWR/8JBBpxtaMwisArcgP:Lgv36ePsWRkdpxta5isccQ Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\xEWsDeD9PYgEgp80H97Vlgj5pbpTszOj.lbkut Dropped File Image
Unknown
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\bd10972_.gif (Modified File)
Mime Type image/gif
File Size 19.72 KB
MD5 cc2b30e1bdebe3f897ac0f28e5cd83bb Copy to Clipboard
SHA1 743a50621f726702ac6d32e07c6d161884c8a95a Copy to Clipboard
SHA256 837aae9d0b5a200fe0d481fdbe57340c6e39c3352a07145284e8d8069f2e635d Copy to Clipboard
SSDeep 384:lSIX013bX99oje/jtXiM7t3acqk3tTHB2uuj9yhyqCVt1:ltXYgQtXiMB3xqkdTH29KGv1 Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\plyQsEeRLjy+1MEfv1dm5ZjR9P+gVaI6.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\plyQsEeRLjy+1MEfv1dm5ZjR9P+gVaI6.lbkut (Dropped File)
Mime Type image/gif
File Size 19.98 KB
MD5 48214db2db03ea3921c2e4b7298ec790 Copy to Clipboard
SHA1 d494246723b85b9787ad452e5c5b6f99bda47885 Copy to Clipboard
SHA256 e8574cd9cc02e4d01ddb8d764ed5ba1f062cd82996c5c8dfda88bcb6b1cfce36 Copy to Clipboard
SSDeep 384:hNKdZYYB/S5MaxgNEb6UP14JqkH2oBiFs1qg0nR8OL7vDaXU9YlpNUOL7vDaXd:h0ZL/eBxgKb6a4JVkFav0L/vDaXqc//y Copy to Clipboard
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\bT7xP+1zIhbwYLA2PF8mRb2HRkLjVh+o.lbkut Modified File Image
Unknown
...
»
Also Known As C:\Program Files\Microsoft Office\CLIPART\PUB60COR\bT7xP+1zIhbwYLA2PF8mRb2HRkLjVh+o.lbkut (Dropped File)
Mime Type image/gif
File Size 15.37 KB
MD5 7932a39dce0cb3e9cbdcb10d057c5ab2 Copy to Clipboard
SHA1 01b802fbb46c3d5010ded3b8b5f9bdb5b93deb37 Copy to Clipboard
SHA256 6b25b12384f9f6e8b650956dbd33e5b93b03ebccd04aa44f63bfb5c1f4fe9745 Copy to Clipboard
SSDeep 384:hjWFWvfXmurlgjcFxGtz9+md+kQb/hVXiGPgmBBkU+YRm:hjWFWv/1l8cFxGh/EbhMGPgoKUp8 Copy to Clipboard
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 64.00 KB
MD5 2db89fb48fd886b621627751f2ae15ed Copy to Clipboard
SHA1 e2f78c6a535f4ba230a4470402b6f905f0b4c066 Copy to Clipboard
SHA256 dfc9aeb2ad6900a7b836db92a36a9d2162c84551134c0291757cc352206a3166 Copy to Clipboard
SSDeep 384:gnjyLKYBfFVZJptKF2KTFZTCzXTtX+Yih9aX5Jqiq+AN:6OLKYBdVZJptKF2KTFZTCzp++8 Copy to Clipboard
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\cookies\index.dat Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 32.00 KB
MD5 74d69403f4a938faa28298c110bc71c3 Copy to Clipboard
SHA1 c016f27979d48a90bb341ccf7ffef41a3955f4d5 Copy to Clipboard
SHA256 8b9d3a6a22778e368c9e81397e2b1af64b9739f7ade535966708f34bcf6eada9 Copy to Clipboard
SSDeep 48:qMhaLouhzppiksLSLWFM+AWi3QTGnbYbQWy58V4l9:qO7appiksLSLaH0QCnMbQ5ll9 Copy to Clipboard
C:\Users\5P5NRG~1\AppData\Local\Temp\dal.exe Dropped File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 35.83 KB
MD5 027c4b8a7fb67e435bc187f69d602a6f Copy to Clipboard
SHA1 928859ba2a16c89e4a12c45a0bfccb1e2b178eb1 Copy to Clipboard
SHA256 5be93a3ebb6dfac090ae1324075ba4a9d02047d4e3ec1638e221f4fd9d337766 Copy to Clipboard
SSDeep 768:8nHmFxIFRQp8lLsdQLErWVPAVHpIkX0D3TuInmyd0cybkW:eHY0iClLsdSA5ppX0Dkyecybr Copy to Clipboard
ImpHash 3abe302b6d9a1256e6a915429af4ffd2 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x40320c
Size Of Code 0x6400
Size Of Initialized Data 0x27c00
Size Of Uninitialized Data 0x400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2018-12-15 22:24:41+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x628f 0x6400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.44
.rdata 0x408000 0x135c 0x1400 0x6800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.24
.data 0x40a000 0x25518 0x600 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.05
.ndata 0x430000 0x8000 0x0 0x0 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x438000 0xa50 0xc00 0x8200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.18
Imports (7)
»
KERNEL32.dll (61)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTempPathA 0x0 0x408070 0x864c 0x6e4c 0x1d5
GetFileSize 0x0 0x408074 0x8650 0x6e50 0x163
GetModuleFileNameA 0x0 0x408078 0x8654 0x6e54 0x17d
GetCurrentProcess 0x0 0x40807c 0x8658 0x6e58 0x142
CopyFileA 0x0 0x408080 0x865c 0x6e5c 0x43
ExitProcess 0x0 0x408084 0x8660 0x6e60 0xb9
SetEnvironmentVariableA 0x0 0x408088 0x8664 0x6e64 0x313
Sleep 0x0 0x40808c 0x8668 0x6e68 0x356
GetTickCount 0x0 0x408090 0x866c 0x6e6c 0x1df
GetCommandLineA 0x0 0x408094 0x8670 0x6e70 0x110
lstrlenA 0x0 0x408098 0x8674 0x6e74 0x3cc
GetVersion 0x0 0x40809c 0x8678 0x6e78 0x1e8
SetErrorMode 0x0 0x4080a0 0x867c 0x6e7c 0x315
lstrcpynA 0x0 0x4080a4 0x8680 0x6e80 0x3c9
GetDiskFreeSpaceA 0x0 0x4080a8 0x8684 0x6e84 0x14d
GlobalUnlock 0x0 0x4080ac 0x8688 0x6e88 0x20a
GetWindowsDirectoryA 0x0 0x4080b0 0x868c 0x6e8c 0x1f3
SetCurrentDirectoryA 0x0 0x4080b4 0x8690 0x6e90 0x30a
GetLastError 0x0 0x4080b8 0x8694 0x6e94 0x171
CreateDirectoryA 0x0 0x4080bc 0x8698 0x6e98 0x4b
CreateProcessA 0x0 0x4080c0 0x869c 0x6e9c 0x66
RemoveDirectoryA 0x0 0x4080c4 0x86a0 0x6ea0 0x2c4
CreateFileA 0x0 0x4080c8 0x86a4 0x6ea4 0x53
GetTempFileNameA 0x0 0x4080cc 0x86a8 0x6ea8 0x1d3
ReadFile 0x0 0x4080d0 0x86ac 0x6eac 0x2b5
WriteFile 0x0 0x4080d4 0x86b0 0x6eb0 0x3a4
lstrcpyA 0x0 0x4080d8 0x86b4 0x6eb4 0x3c6
MoveFileExA 0x0 0x4080dc 0x86b8 0x6eb8 0x26f
lstrcatA 0x0 0x4080e0 0x86bc 0x6ebc 0x3bd
GetSystemDirectoryA 0x0 0x4080e4 0x86c0 0x6ec0 0x1c1
GetProcAddress 0x0 0x4080e8 0x86c4 0x6ec4 0x1a0
GetExitCodeProcess 0x0 0x4080ec 0x86c8 0x6ec8 0x15a
WaitForSingleObject 0x0 0x4080f0 0x86cc 0x6ecc 0x390
CompareFileTime 0x0 0x4080f4 0x86d0 0x6ed0 0x39
SetFileAttributesA 0x0 0x4080f8 0x86d4 0x6ed4 0x319
GetFileAttributesA 0x0 0x4080fc 0x86d8 0x6ed8 0x15e
GetShortPathNameA 0x0 0x408100 0x86dc 0x6edc 0x1b5
MoveFileA 0x0 0x408104 0x86e0 0x6ee0 0x26e
GetFullPathNameA 0x0 0x408108 0x86e4 0x6ee4 0x169
SetFileTime 0x0 0x40810c 0x86e8 0x6ee8 0x31f
SearchPathA 0x0 0x408110 0x86ec 0x6eec 0x2db
CloseHandle 0x0 0x408114 0x86f0 0x6ef0 0x34
lstrcmpiA 0x0 0x408118 0x86f4 0x6ef4 0x3c3
CreateThread 0x0 0x40811c 0x86f8 0x6ef8 0x6f
GlobalLock 0x0 0x408120 0x86fc 0x6efc 0x203
lstrcmpA 0x0 0x408124 0x8700 0x6f00 0x3c0
FindFirstFileA 0x0 0x408128 0x8704 0x6f04 0xd2
FindNextFileA 0x0 0x40812c 0x8708 0x6f08 0xdc
DeleteFileA 0x0 0x408130 0x870c 0x6f0c 0x83
SetFilePointer 0x0 0x408134 0x8710 0x6f10 0x31b
GetPrivateProfileStringA 0x0 0x408138 0x8714 0x6f14 0x19c
FindClose 0x0 0x40813c 0x8718 0x6f18 0xce
MultiByteToWideChar 0x0 0x408140 0x871c 0x6f1c 0x275
FreeLibrary 0x0 0x408144 0x8720 0x6f20 0xf8
MulDiv 0x0 0x408148 0x8724 0x6f24 0x274
WritePrivateProfileStringA 0x0 0x40814c 0x8728 0x6f28 0x3a9
LoadLibraryExA 0x0 0x408150 0x872c 0x6f2c 0x253
GetModuleHandleA 0x0 0x408154 0x8730 0x6f30 0x17f
GlobalAlloc 0x0 0x408158 0x8734 0x6f34 0x1f8
GlobalFree 0x0 0x40815c 0x8738 0x6f38 0x1ff
ExpandEnvironmentStringsA 0x0 0x408160 0x873c 0x6f3c 0xbc
USER32.dll (63)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ScreenToClient 0x0 0x408184 0x8760 0x6f60 0x231
GetSystemMenu 0x0 0x408188 0x8764 0x6f64 0x15c
SetClassLongA 0x0 0x40818c 0x8768 0x6f68 0x247
IsWindowEnabled 0x0 0x408190 0x876c 0x6f6c 0x1ae
SetWindowPos 0x0 0x408194 0x8770 0x6f70 0x283
GetSysColor 0x0 0x408198 0x8774 0x6f74 0x15a
GetWindowLongA 0x0 0x40819c 0x8778 0x6f78 0x16e
SetCursor 0x0 0x4081a0 0x877c 0x6f7c 0x24d
LoadCursorA 0x0 0x4081a4 0x8780 0x6f80 0x1ba
CheckDlgButton 0x0 0x4081a8 0x8784 0x6f84 0x38
GetMessagePos 0x0 0x4081ac 0x8788 0x6f88 0x13c
LoadBitmapA 0x0 0x4081b0 0x878c 0x6f8c 0x1b8
CallWindowProcA 0x0 0x4081b4 0x8790 0x6f90 0x1b
IsWindowVisible 0x0 0x4081b8 0x8794 0x6f94 0x1b1
CloseClipboard 0x0 0x4081bc 0x8798 0x6f98 0x42
SetClipboardData 0x0 0x4081c0 0x879c 0x6f9c 0x24a
EmptyClipboard 0x0 0x4081c4 0x87a0 0x6fa0 0xc1
PostQuitMessage 0x0 0x4081c8 0x87a4 0x6fa4 0x204
GetWindowRect 0x0 0x4081cc 0x87a8 0x6fa8 0x174
EnableMenuItem 0x0 0x4081d0 0x87ac 0x6fac 0xc2
CreatePopupMenu 0x0 0x4081d4 0x87b0 0x6fb0 0x5e
GetSystemMetrics 0x0 0x4081d8 0x87b4 0x6fb4 0x15d
SetDlgItemTextA 0x0 0x4081dc 0x87b8 0x6fb8 0x253
GetDlgItemTextA 0x0 0x4081e0 0x87bc 0x6fbc 0x113
MessageBoxIndirectA 0x0 0x4081e4 0x87c0 0x6fc0 0x1e2
CharPrevA 0x0 0x4081e8 0x87c4 0x6fc4 0x2d
DispatchMessageA 0x0 0x4081ec 0x87c8 0x6fc8 0xa1
PeekMessageA 0x0 0x4081f0 0x87cc 0x6fcc 0x200
ReleaseDC 0x0 0x4081f4 0x87d0 0x6fd0 0x22a
EnableWindow 0x0 0x4081f8 0x87d4 0x6fd4 0xc4
InvalidateRect 0x0 0x4081fc 0x87d8 0x6fd8 0x193
SendMessageA 0x0 0x408200 0x87dc 0x6fdc 0x23b
DefWindowProcA 0x0 0x408204 0x87e0 0x6fe0 0x8e
BeginPaint 0x0 0x408208 0x87e4 0x6fe4 0xd
GetClientRect 0x0 0x40820c 0x87e8 0x6fe8 0xff
FillRect 0x0 0x408210 0x87ec 0x6fec 0xe2
DrawTextA 0x0 0x408214 0x87f0 0x6ff0 0xbc
EndDialog 0x0 0x408218 0x87f4 0x6ff4 0xc6
RegisterClassA 0x0 0x40821c 0x87f8 0x6ff8 0x216
SystemParametersInfoA 0x0 0x408220 0x87fc 0x6ffc 0x299
CreateWindowExA 0x0 0x408224 0x8800 0x7000 0x60
GetClassInfoA 0x0 0x408228 0x8804 0x7004 0xf6
DialogBoxParamA 0x0 0x40822c 0x8808 0x7008 0x9e
CharNextA 0x0 0x408230 0x880c 0x700c 0x2a
ExitWindowsEx 0x0 0x408234 0x8810 0x7010 0xe1
GetDC 0x0 0x408238 0x8814 0x7014 0x10c
CreateDialogParamA 0x0 0x40823c 0x8818 0x7018 0x55
SetTimer 0x0 0x408240 0x881c 0x701c 0x27a
GetDlgItem 0x0 0x408244 0x8820 0x7020 0x111
SetWindowLongA 0x0 0x408248 0x8824 0x7024 0x280
SetForegroundWindow 0x0 0x40824c 0x8828 0x7028 0x257
LoadImageA 0x0 0x408250 0x882c 0x702c 0x1c0
IsWindow 0x0 0x408254 0x8830 0x7030 0x1ad
SendMessageTimeoutA 0x0 0x408258 0x8834 0x7034 0x23e
FindWindowExA 0x0 0x40825c 0x8838 0x7038 0xe4
OpenClipboard 0x0 0x408260 0x883c 0x703c 0x1f6
TrackPopupMenu 0x0 0x408264 0x8840 0x7040 0x2a4
AppendMenuA 0x0 0x408268 0x8844 0x7044 0x8
EndPaint 0x0 0x40826c 0x8848 0x7048 0xc8
DestroyWindow 0x0 0x408270 0x884c 0x704c 0x99
wsprintfA 0x0 0x408274 0x8850 0x7050 0x2d7
ShowWindow 0x0 0x408278 0x8854 0x7054 0x292
SetWindowTextA 0x0 0x40827c 0x8858 0x7058 0x286
GDI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SelectObject 0x0 0x40804c 0x8628 0x6e28 0x20e
SetBkMode 0x0 0x408050 0x862c 0x6e2c 0x216
CreateFontIndirectA 0x0 0x408054 0x8630 0x6e30 0x3a
SetTextColor 0x0 0x408058 0x8634 0x6e34 0x23c
DeleteObject 0x0 0x40805c 0x8638 0x6e38 0x8f
GetDeviceCaps 0x0 0x408060 0x863c 0x6e3c 0x16b
CreateBrushIndirect 0x0 0x408064 0x8640 0x6e40 0x29
SetBkColor 0x0 0x408068 0x8644 0x6e44 0x215
SHELL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetSpecialFolderLocation 0x0 0x408168 0x8744 0x6f44 0xc3
ShellExecuteExA 0x0 0x40816c 0x8748 0x6f48 0x109
SHGetPathFromIDListA 0x0 0x408170 0x874c 0x6f4c 0xbc
SHBrowseForFolderA 0x0 0x408174 0x8750 0x6f50 0x79
SHGetFileInfoA 0x0 0x408178 0x8754 0x6f54 0xac
SHFileOperationA 0x0 0x40817c 0x8758 0x6f58 0x9a
ADVAPI32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustTokenPrivileges 0x0 0x408000 0x85dc 0x6ddc 0x1c
RegCreateKeyExA 0x0 0x408004 0x85e0 0x6de0 0x1d1
RegOpenKeyExA 0x0 0x408008 0x85e4 0x6de4 0x1ec
SetFileSecurityA 0x0 0x40800c 0x85e8 0x6de8 0x22e
OpenProcessToken 0x0 0x408010 0x85ec 0x6dec 0x1ac
LookupPrivilegeValueA 0x0 0x408014 0x85f0 0x6df0 0x14f
RegEnumValueA 0x0 0x408018 0x85f4 0x6df4 0x1e1
RegDeleteKeyA 0x0 0x40801c 0x85f8 0x6df8 0x1d4
RegDeleteValueA 0x0 0x408020 0x85fc 0x6dfc 0x1d8
RegCloseKey 0x0 0x408024 0x8600 0x6e00 0x1cb
RegSetValueExA 0x0 0x408028 0x8604 0x6e04 0x204
RegQueryValueExA 0x0 0x40802c 0x8608 0x6e08 0x1f7
RegEnumKeyA 0x0 0x408030 0x860c 0x6e0c 0x1dd
COMCTL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_Create 0x0 0x408038 0x8614 0x6e14 0x37
ImageList_AddMasked 0x0 0x40803c 0x8618 0x6e18 0x34
ImageList_Destroy 0x0 0x408040 0x861c 0x6e1c 0x38
(by ordinal) 0x11 0x408044 0x8620 0x6e20 -
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleUninitialize 0x0 0x408284 0x8860 0x7060 0x105
OleInitialize 0x0 0x408288 0x8864 0x7064 0xee
CoTaskMemFree 0x0 0x40828c 0x8868 0x7068 0x65
CoCreateInstance 0x0 0x408290 0x886c 0x706c 0x10
Icons (1)
»
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
dal.exe 17 0x00400000 0x00438FFF Relevant Image - 32-bit - False False
...
dal.exe 17 0x00400000 0x00438FFF Process Termination - 32-bit - False False
...
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT Dropped File Text
Unknown
...
»
Also Known As C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\EQUATION\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\resources\1033\âàøè ôàéëû çàøèôðîâàíû.txt (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\âàøè ôàéëû çàøèôðîâàíû.txt (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\âàøè ôàéëû çàøèôðîâàíû.txt (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\ÂÀØÈ ÔÀÉËÛ ÇÀØÈÔÐÎÂÀÍÛ.TXT (Dropped File)
Mime Type text/plain
File Size 1.87 KB
MD5 49e35d0054ef45ca00faf780bb06b1c2 Copy to Clipboard
SHA1 9aa6d7dc128dbe657b811ce3b2e793b53fbaca05 Copy to Clipboard
SHA256 ca542f300a5eb2eaa1c0ba0c45ed05eade5622e1795152370b7a02a73c18ca61 Copy to Clipboard
SSDeep 48:NiXl70eQOUT1NtLYQiF6DBcvCWb5LxWTG8aIcJs:d9T1HLYb+KvC45gg2 Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image