d45dfa19...b6e5

Filters:

Filename	Category	Type	Severity	Actions

c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\inetcache\counters.dat

Modified File

Stream

Whitelisted

Mime Type	application/octet-stream
File Size	0.12 KB
MD5	f09f35a5637839458e462e6350ecbce4
SHA1	0ae4f711ef5d6e9d26c611fd2c8c8ac45ecbf9e7
SHA256	38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca
SSDeep	3::

File Reputation Information

Severity	Whitelisted
First Seen	2011-06-02 13:30 (UTC+2)
Last Seen	2019-03-07 04:30 (UTC+1)

C:\Windows\TEMP\2ECB.tmp

Created File

Unknown

Whitelisted

Also Known As	C:\Windows\TEMP\3256.tmp (Created File) C:\Windows\TEMP\3267.tmp (Created File) C:\Windows\TEMP\3595.tmp (Created File) C:\Windows\SysWOW64\indexerneutralb.exe (Created File) C:\Windows\SysWOW64\indexerneutrala.exe (Created File)
Mime Type	application/x-empty
File Size	0.00 KB
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::

File Reputation Information

Severity	Whitelisted
First Seen	2011-05-27 11:27 (UTC+2)
Last Seen	2017-04-19 12:47 (UTC+2)

C:\Windows\SysWOW64\indexerneutralb.exe

Created File

Binary

Whitelisted

Also Known As	C:\Windows\SysWOW64\indexerneutrala.exe (Created File)
Mime Type	application/x-dosexec
File Size	95.50 KB
MD5	dd69535d379f9e40ad0d6002887aaa99
SHA1	8161ff401f7f706e648b79ae448b49c2795799dc
SHA256	579dd18ce2b264b4058c6069b8aee6fd9fe6a882b7da19e300dfe40b37a4e5be
SSDeep	1536:VDdMLazKn0KNp395hbNxwG6UZQ86llDJvHZr5XK338ldaA7H3:TMLazI0Kj95x7wG6plV5l6H8b
ImpHash	87ae244e6870d4ac1f9729cc0a576e1b

File Reputation Information

Severity	Whitelisted
First Seen	2015-07-19 04:11 (UTC+2)
Last Seen	2019-02-20 04:27 (UTC+1)

PE Information

Image Base	0x140000000
Entry Point	0x14000d690
Size Of Code	0xe400
Size Of Initialized Data	0xa000
File Type	executable
Subsystem	windows_gui
Machine Type	amd64
Compile Timestamp	2015-07-10 03:22:37+00:00

Version Information (8)

LegalCopyright	© Microsoft Corporation. All rights reserved.
InternalName	ALG.exe
FileVersion	10.0.10240.16384 (th1.150709-1700)
CompanyName	Microsoft Corporation
ProductName	Microsoft® Windows® Operating System
ProductVersion	10.0.10240.16384
FileDescription	Application Layer Gateway Service
OriginalFilename	ALG.exe

Sections (7)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x140001000	0xe26a	0xe400	0x400	cnt_code, mem_execute, mem_read	6.12
.rdata	0x140010000	0x5f32	0x6000	0xe800	cnt_initialized_data, mem_read	4.45
.data	0x140016000	0xcf0	0x400	0x14800	cnt_initialized_data, mem_read, mem_write	2.97
.pdata	0x140017000	0xcfc	0xe00	0x14c00	cnt_initialized_data, mem_read	4.7
.didat	0x140018000	0x118	0x200	0x15a00	cnt_initialized_data, mem_read, mem_write	1.48
.rsrc	0x140019000	0x1fc8	0x2000	0x15c00	cnt_initialized_data, mem_read	5.5
.reloc	0x14001b000	0x1f4	0x200	0x17c00	cnt_initialized_data, mem_discardable, mem_read	4.99

Imports (22)

msvcrt.dll (40)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__setusermatherr	0x0	0x1400102e8	0x15340	0x13b40	0x90
__wgetmainargs	0x0	0x1400102f0	0x15348	0x13b48	0x9d
_cexit	0x0	0x1400102f8	0x15350	0x13b50	0xc1
_wcmdln	0x0	0x140010300	0x15358	0x13b58	0x382
_onexit	0x0	0x140010308	0x15360	0x13b60	0x290
__dllonexit	0x0	0x140010310	0x15368	0x13b68	0x7b
_amsg_exit	0x0	0x140010318	0x15370	0x13b70	0xae
__set_app_type	0x0	0x140010320	0x15378	0x13b78	0x8e
_XcptFilter	0x0	0x140010328	0x15380	0x13b80	0x55
_unlock	0x0	0x140010330	0x15388	0x13b88	0x341
_lock	0x0	0x140010338	0x15390	0x13b90	0x1e6
??1type_info@@UEAA@XZ	0x0	0x140010340	0x15398	0x13b98	0x12
_exit	0x0	0x140010348	0x153a0	0x13ba0	0x10e
??0exception@@QEAA@AEBQEBD@Z	0x0	0x140010350	0x153a8	0x13ba8	0xa
__C_specific_handler	0x0	0x140010358	0x153b0	0x13bb0	0x57
exit	0x0	0x140010360	0x153b8	0x13bb8	0x432
?terminate@@YAXXZ	0x0	0x140010368	0x153c0	0x13bc0	0x2f
_commode	0x0	0x140010370	0x153c8	0x13bc8	0xd2
_initterm	0x0	0x140010378	0x153d0	0x13bd0	0x17d
isdigit	0x0	0x140010380	0x153d8	0x13bd8	0x466
__CxxFrameHandler3	0x0	0x140010388	0x153e0	0x13be0	0x5b
_CxxThrowException	0x0	0x140010390	0x153e8	0x13be8	0x4b
_callnewh	0x0	0x140010398	0x153f0	0x13bf0	0xbf
??0exception@@QEAA@AEBQEBDH@Z	0x0	0x1400103a0	0x153f8	0x13bf8	0xb
memmove	0x0	0x1400103a8	0x15400	0x13c00	0x494
??0exception@@QEAA@XZ	0x0	0x1400103b0	0x15408	0x13c08	0xd
memmove_s	0x0	0x1400103b8	0x15410	0x13c10	0x495
memcpy_s	0x0	0x1400103c0	0x15418	0x13c18	0x493
_wcsicmp	0x0	0x1400103c8	0x15420	0x13c20	0x38a
?what@exception@@UEBAPEBDXZ	0x0	0x1400103d0	0x15428	0x13c28	0x31
realloc	0x0	0x1400103d8	0x15430	0x13c30	0x4a9
wcscat_s	0x0	0x1400103e0	0x15438	0x13c38	0x500
malloc	0x0	0x1400103e8	0x15440	0x13c40	0x486
free	0x0	0x1400103f0	0x15448	0x13c48	0x44c
??0exception@@QEAA@AEBV0@@Z	0x0	0x1400103f8	0x15450	0x13c50	0xc
??1exception@@UEAA@XZ	0x0	0x140010400	0x15458	0x13c58	0x11
_fmode	0x0	0x140010408	0x15460	0x13c60	0x127
memcmp	0x0	0x140010410	0x15468	0x13c68	0x491
memcpy	0x0	0x140010418	0x15470	0x13c70	0x492
memset	0x0	0x140010420	0x15478	0x13c78	0x496

api-ms-win-core-synch-l1-2-0.dll (8)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WaitForSingleObject	0x0	0x140010240	0x15298	0x13a98	0x36
SetEvent	0x0	0x140010248	0x152a0	0x13aa0	0x29
EnterCriticalSection	0x0	0x140010250	0x152a8	0x13aa8	0x11
Sleep	0x0	0x140010258	0x152b0	0x13ab0	0x2d
LeaveCriticalSection	0x0	0x140010260	0x152b8	0x13ab8	0x1d
CreateEventW	0x0	0x140010268	0x152c0	0x13ac0	0x6
InitializeCriticalSection	0x0	0x140010270	0x152c8	0x13ac8	0x18
DeleteCriticalSection	0x0	0x140010278	0x152d0	0x13ad0	0xf

api-ms-win-core-libraryloader-l1-2-0.dll (8)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetModuleHandleW	0x0	0x1400100d8	0x15130	0x13930	0x13
LoadResource	0x0	0x1400100e0	0x15138	0x13938	0x19
FindResourceExW	0x0	0x1400100e8	0x15140	0x13940	0x8
GetModuleFileNameW	0x0	0x1400100f0	0x15148	0x13948	0xf
SizeofResource	0x0	0x1400100f8	0x15150	0x13950	0x1f
LoadLibraryExW	0x0	0x140010100	0x15158	0x13958	0x17
GetProcAddress	0x0	0x140010108	0x15160	0x13960	0x14
FreeLibrary	0x0	0x140010110	0x15168	0x13968	0xb

api-ms-win-core-string-l2-1-0.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CharPrevW	0x0	0x140010210	0x15268	0x13a68	0x3
CharNextW	0x0	0x140010218	0x15270	0x13a70	0x2

api-ms-win-core-errorhandling-l1-1-1.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetLastError	0x0	0x140010040	0x15098	0x13898	0x5
RaiseException	0x0	0x140010048	0x150a0	0x138a0	0x7
UnhandledExceptionFilter	0x0	0x140010050	0x150a8	0x138a8	0x11
SetUnhandledExceptionFilter	0x0	0x140010058	0x150b0	0x138b0	0xf

api-ms-win-core-registry-l1-1-0.dll (10)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegNotifyChangeKeyValue	0x0	0x140010188	0x151e0	0x139e0	0x1b
RegQueryInfoKeyW	0x0	0x140010190	0x151e8	0x139e8	0x21
RegOpenKeyExW	0x0	0x140010198	0x151f0	0x139f0	0x1e
RegEnumKeyExW	0x0	0x1400101a0	0x151f8	0x139f8	0xe
RegQueryValueExW	0x0	0x1400101a8	0x15200	0x13a00	0x23
RegSetValueExW	0x0	0x1400101b0	0x15208	0x13a08	0x2c
RegCloseKey	0x0	0x1400101b8	0x15210	0x13a10	0x0
RegCreateKeyExW	0x0	0x1400101c0	0x15218	0x13a18	0x3
RegDeleteValueW	0x0	0x1400101c8	0x15220	0x13a20	0xb
RegEnumValueW	0x0	0x1400101d0	0x15228	0x13a28	0x10

api-ms-win-core-sysinfo-l1-2-1.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetVersionExW	0x0	0x140010298	0x152f0	0x13af0	0x1c
GetSystemTimeAsFileTime	0x0	0x1400102a0	0x152f8	0x13af8	0x14
GetTickCount	0x0	0x1400102a8	0x15300	0x13b00	0x18
GetSystemInfo	0x0	0x1400102b0	0x15308	0x13b08	0x11

api-ms-win-core-memory-l1-1-2.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
VirtualProtect	0x0	0x140010120	0x15178	0x13978	0x28
VirtualAlloc	0x0	0x140010128	0x15180	0x13980	0x21
VirtualQuery	0x0	0x140010130	0x15188	0x13988	0x2b

api-ms-win-core-string-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
MultiByteToWideChar	0x0	0x140010200	0x15258	0x13a58	0x6

api-ms-win-core-handle-l1-1-0.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
DuplicateHandle	0x0	0x140010080	0x150d8	0x138d8	0x2
CloseHandle	0x0	0x140010088	0x150e0	0x138e0	0x0

api-ms-win-core-synch-l1-2-1.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WaitForMultipleObjects	0x0	0x140010288	0x152e0	0x13ae0	0x34

api-ms-win-core-heap-l1-2-0.dll (5)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
HeapFree	0x0	0x140010098	0x150f0	0x138f0	0x6
HeapDestroy	0x0	0x1400100a0	0x150f8	0x138f8	0x5
HeapAlloc	0x0	0x1400100a8	0x15100	0x13900	0x2
GetProcessHeap	0x0	0x1400100b0	0x15108	0x13908	0x0
HeapSetInformation	0x0	0x1400100b8	0x15110	0x13910	0xa

api-ms-win-core-processthreads-l1-1-2.dll (6)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetCurrentThreadId	0x0	0x140010140	0x15198	0x13998	0x11
GetCurrentProcessId	0x0	0x140010148	0x151a0	0x139a0	0xd
GetCurrentProcess	0x0	0x140010150	0x151a8	0x139a8	0xc
GetStartupInfoW	0x0	0x140010158	0x151b0	0x139b0	0x20
TerminateProcess	0x0	0x140010160	0x151b8	0x139b8	0x4b
CreateThread	0x0	0x140010168	0x151c0	0x139c0	0x6

api-ms-win-core-profile-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
QueryPerformanceCounter	0x0	0x140010178	0x151d0	0x139d0	0x0

api-ms-win-core-rtlsupport-l1-2-0.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RtlLookupFunctionEntry	0x0	0x1400101e0	0x15238	0x13a38	0x9
RtlCaptureContext	0x0	0x1400101e8	0x15240	0x13a40	0x2
RtlVirtualUnwind	0x0	0x1400101f0	0x15248	0x13a48	0xf

api-ms-win-core-threadpool-legacy-l1-1-0.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateTimerQueueTimer	0x0	0x1400102c0	0x15318	0x13b18	0x2
DeleteTimerQueueEx	0x0	0x1400102c8	0x15320	0x13b20	0x3
CreateTimerQueue	0x0	0x1400102d0	0x15328	0x13b28	0x1
DeleteTimerQueueTimer	0x0	0x1400102d8	0x15330	0x13b30	0x4

api-ms-win-core-string-obsolete-l1-1-0.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
lstrcpynW	0x0	0x140010228	0x15280	0x13a80	0x9
lstrcmpiW	0x0	0x140010230	0x15288	0x13a88	0x5

CRYPTBASE.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SystemFunction036	0x0	0x140010000	0x15058	0x13858	0x8

MSWSOCK.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
AcceptEx	0x0	0x140010010	0x15068	0x13868	0x0
GetAcceptExSockaddrs	0x0	0x140010018	0x15070	0x13870	0x3

api-ms-win-core-file-l1-2-1.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ReadFile	0x0	0x140010068	0x150c0	0x138c0	0x47
WriteFile	0x0	0x140010070	0x150c8	0x138c8	0x59

api-ms-win-core-delayload-l1-1-1.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ResolveDelayLoadedAPI	0x0	0x140010028	0x15080	0x13880	0x1
DelayLoadFailureHook	0x0	0x140010030	0x15088	0x13888	0x0

api-ms-win-core-kernel32-legacy-l1-1-1.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
BindIoCompletionCallback	0x0	0x1400100c8	0x15120	0x13920	0x3

C:\Users\CIiHmnxMn6Ps\Desktop\sample.exe

Sample File

Binary

Unknown

Also Known As	C:\Windows\SysWOW64\indexerneutral.exe (Created File)
Mime Type	application/x-dosexec
File Size	441.76 KB
MD5	e89fe964d8ec168fe1b9b241cdfafc49
SHA1	b88bcb2d8d6a4ed477a639ad85a21e22a26aa638
SHA256	d45dfa19146949ef791c96b183f04f1b2ba480d32308b39a32976a2f30ecb6e5
SSDeep	6144:tQAL0EbQ1/2kAnKLfdfpe0KLk368xfCaU1c8HaIDvErTp:KAdQ8kXTd1KL/8xqaRVcEPp
ImpHash	de8a2f081bc69d8175a7d4a686d444ae
Parser Error Remark	Static analyzer was unable to completely parse the analyzed file

PE Information

Image Base	0x400000
Entry Point	0x401000
Size Of Code	0x1b200
Size Of Initialized Data	0x52400
File Type	executable
Subsystem	windows_gui
Machine Type	i386
Compile Timestamp	2019-03-08 05:12:50+00:00

Version Information (7)

eUp Software	\FileDescription
Comments	@CompanyName
eUp Utilities 2014	@ProductVersion
yright © AVG Netherlands B. V. 2011	LLegalTrademarks
eUp Utilities™	ProductName
eUp System Information	<FileVersion
0.1000.340	D

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x1b16b	0x1b200	0x400	cnt_code, mem_execute, mem_read	5.6
.rdata	0x41d000	0xb156	0xb200	0x1b600	cnt_initialized_data, mem_read	5.53
.data	0x429000	0x29154	0x29200	0x26800	cnt_initialized_data, mem_read, mem_write	5.08
.rsrc	0x453000	0x1de28	0x1e000	0x4fa00	cnt_initialized_data, mem_read	5.99

Imports (5)

KERNEL32.dll (63)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WritePrivateProfileStringA	0x0	0x41d158	0x26eb8	0x254b8	0x492
WaitForMultipleObjectsEx	0x0	0x41d15c	0x26ebc	0x254bc	0x463
UnmapViewOfFile	0x0	0x41d160	0x26ec0	0x254c0	0x441
TlsSetValue	0x0	0x41d164	0x26ec4	0x254c4	0x435
SystemTimeToFileTime	0x0	0x41d168	0x26ec8	0x254c8	0x42a
Sleep	0x0	0x41d16c	0x26ecc	0x254cc	0x421
SetStdHandle	0x0	0x41d170	0x26ed0	0x254d0	0x3fc
SetLastError	0x0	0x41d174	0x26ed4	0x254d4	0x3ec
SetFileTime	0x0	0x41d178	0x26ed8	0x254d8	0x3e3
SetFilePointer	0x0	0x41d17c	0x26edc	0x254dc	0x3df
SetEnvironmentVariableW	0x0	0x41d180	0x26ee0	0x254e0	0x3d1
SetEndOfFile	0x0	0x41d184	0x26ee4	0x254e4	0x3cd
SetConsoleOutputCP	0x0	0x41d188	0x26ee8	0x254e8	0x3bc
SetComputerNameW	0x0	0x41d18c	0x26eec	0x254ec	0x3a4
ResetWriteWatch	0x0	0x41d190	0x26ef0	0x254f0	0x38b
ReplaceFile	0x0	0x41d194	0x26ef4	0x254f4	0x385
OpenSemaphoreA	0x0	0x41d198	0x26ef8	0x254f8	0x335
OpenFileMappingW	0x0	0x41d19c	0x26efc	0x254fc	0x32c
MultiByteToWideChar	0x0	0x41d1a0	0x26f00	0x25500	0x31a
MoveFileW	0x0	0x41d1a4	0x26f04	0x25504	0x316
MoveFileExW	0x0	0x41d1a8	0x26f08	0x25508	0x313
Module32FirstW	0x0	0x41d1ac	0x26f0c	0x2550c	0x30e
MapViewOfFile	0x0	0x41d1b0	0x26f10	0x25510	0x30a
LocalFileTimeToFileTime	0x0	0x41d1b4	0x26f14	0x25514	0x2fb
IsDBCSLeadByte	0x0	0x41d1b8	0x26f18	0x25518	0x2cf
InitAtomTable	0x0	0x41d1bc	0x26f1c	0x2551c	0x2ae
GlobalFree	0x0	0x41d1c0	0x26f20	0x25520	0x28c
GetVolumeInformationA	0x0	0x41d1c4	0x26f24	0x25524	0x277
GetTimeZoneInformation	0x0	0x41d1c8	0x26f28	0x25528	0x26b
GetThreadSelectorEntry	0x0	0x41d1cc	0x26f2c	0x2552c	0x263
GetTempPathW	0x0	0x41d1d0	0x26f30	0x25530	0x25b
GetTempFileNameW	0x0	0x41d1d4	0x26f34	0x25534	0x259
GetSystemTime	0x0	0x41d1d8	0x26f38	0x25538	0x24d
GetSystemInfo	0x0	0x41d1dc	0x26f3c	0x2553c	0x249
VirtualAlloc	0x0	0x41d1e0	0x26f40	0x25540	0x454
GetSystemDefaultLCID	0x0	0x41d1e4	0x26f44	0x25544	0x241
GetProcAddress	0x0	0x41d1e8	0x26f48	0x25548	0x220
GetPrivateProfileSectionW	0x0	0x41d1ec	0x26f4c	0x2554c	0x21b
GetOverlappedResult	0x0	0x41d1f0	0x26f50	0x25550	0x214
GetNamedPipeHandleStateW	0x0	0x41d1f4	0x26f54	0x25554	0x202
GetLastError	0x0	0x41d1f8	0x26f58	0x25558	0x1e6
GetFileType	0x0	0x41d1fc	0x26f5c	0x2555c	0x1d7
GetDiskFreeSpaceExW	0x0	0x41d200	0x26f60	0x25560	0x1b6
GetCurrentProcess	0x0	0x41d204	0x26f64	0x25564	0x1a9
GetCurrentDirectoryW	0x0	0x41d208	0x26f68	0x25568	0x1a8
GetCommandLineW	0x0	0x41d20c	0x26f6c	0x2556c	0x170
GetCPInfo	0x0	0x41d210	0x26f70	0x25570	0x15b
GenerateConsoleCtrlEvent	0x0	0x41d214	0x26f74	0x25574	0x151
FindFirstFileW	0x0	0x41d218	0x26f78	0x25578	0x124
FileTimeToDosDateTime	0x0	0x41d21c	0x26f7c	0x2557c	0x10e
EnumUILanguagesA	0x0	0x41d220	0x26f80	0x25580	0xfe
DosDateTimeToFileTime	0x0	0x41d224	0x26f84	0x25584	0xd0
CreateToolhelp32Snapshot	0x0	0x41d228	0x26f88	0x25588	0xac
CreateFileW	0x0	0x41d22c	0x26f8c	0x2558c	0x7f
CreateFileMappingW	0x0	0x41d230	0x26f90	0x25590	0x7c
CreateFileA	0x0	0x41d234	0x26f94	0x25594	0x78
CreateDirectoryExW	0x0	0x41d238	0x26f98	0x25598	0x6e
CopyFileExA	0x0	0x41d23c	0x26f9c	0x2559c	0x61
CompareStringW	0x0	0x41d240	0x26fa0	0x255a0	0x55
CompareStringA	0x0	0x41d244	0x26fa4	0x255a4	0x52
CloseHandle	0x0	0x41d248	0x26fa8	0x255a8	0x43
CancelTimerQueueTimer	0x0	0x41d24c	0x26fac	0x255ac	0x37
GetModuleHandleA	0x0	0x41d250	0x26fb0	0x255b0	0x1f6

USER32.dll (89)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WaitForInputIdle	0x0	0x41d258	0x26fb8	0x255b8	0x2fc
wvsprintfA	0x0	0x41d25c	0x26fbc	0x255bc	0x309
wvsprintfW	0x0	0x41d260	0x26fc0	0x255c0	0x30a
UpdateWindow	0x0	0x41d264	0x26fc4	0x255c4	0x2e9
TranslateMessage	0x0	0x41d268	0x26fc8	0x255c8	0x2d5
ShowWindow	0x0	0x41d26c	0x26fcc	0x255cc	0x2b8
SetWindowTextW	0x0	0x41d270	0x26fd0	0x255d0	0x2ac
SetWindowPos	0x0	0x41d274	0x26fd4	0x255d4	0x2a7
SetWindowLongW	0x0	0x41d278	0x26fd8	0x255d8	0x2a5
SetTimer	0x0	0x41d27c	0x26fdc	0x255dc	0x29e
SetForegroundWindow	0x0	0x41d280	0x26fe0	0x255e0	0x27a
SetFocus	0x0	0x41d284	0x26fe4	0x255e4	0x279
SetDlgItemTextW	0x0	0x41d288	0x26fe8	0x255e8	0x277
SetCursor	0x0	0x41d28c	0x26fec	0x255ec	0x270
SendMessageW	0x0	0x41d290	0x26ff0	0x255f0	0x263
SendDlgItemMessageW	0x0	0x41d294	0x26ff4	0x255f4	0x25a
ScreenToClient	0x0	0x41d298	0x26ff8	0x255f8	0x254
ReleaseDC	0x0	0x41d29c	0x26ffc	0x255fc	0x24c
RegisterClassExW	0x0	0x41d2a0	0x27000	0x25600	0x235
PtInRect	0x0	0x41d2a4	0x27004	0x25604	0x229
PostMessageW	0x0	0x41d2a8	0x27008	0x25608	0x21f
PeekMessageW	0x0	0x41d2ac	0x2700c	0x2560c	0x21c
OemToCharBuffA	0x0	0x41d2b0	0x27010	0x25610	0x20b
OemToCharA	0x0	0x41d2b4	0x27014	0x25614	0x20a
MessageBoxW	0x0	0x41d2b8	0x27018	0x25618	0x1ff
MessageBeep	0x0	0x41d2bc	0x2701c	0x2561c	0x1f7
MapWindowPoints	0x0	0x41d2c0	0x27020	0x25620	0x1f3
LoadStringW	0x0	0x41d2c4	0x27024	0x25624	0x1e4
LoadIconW	0x0	0x41d2c8	0x27028	0x25628	0x1d7
LoadCursorW	0x0	0x41d2cc	0x2702c	0x2562c	0x1d5
LoadBitmapW	0x0	0x41d2d0	0x27030	0x25630	0x1d1
KillTimer	0x0	0x41d2d4	0x27034	0x25634	0x1cd
IsWindow	0x0	0x41d2d8	0x27038	0x25638	0x1c5
InvalidateRect	0x0	0x41d2dc	0x2703c	0x2563c	0x1aa
InflateRect	0x0	0x41d2e0	0x27040	0x25640	0x1a1
GetWindowTextW	0x0	0x41d2e4	0x27044	0x25644	0x18f
GetWindowRect	0x0	0x41d2e8	0x27048	0x25648	0x188
GetWindowLongW	0x0	0x41d2ec	0x2704c	0x2564c	0x182
GetWindow	0x0	0x41d2f0	0x27050	0x25650	0x17d
GetSystemMetrics	0x0	0x41d2f4	0x27054	0x25654	0x16f
GetSysColor	0x0	0x41d2f8	0x27058	0x25658	0x16c
GetParent	0x0	0x41d2fc	0x2705c	0x2565c	0x155
GetMessageW	0x0	0x41d300	0x27060	0x25660	0x14e
GetMessagePos	0x0	0x41d304	0x27064	0x25664	0x14c
GetDlgItemTextW	0x0	0x41d308	0x27068	0x25668	0x122
GetDlgItem	0x0	0x41d30c	0x2706c	0x2566c	0x11f
GetDesktopWindow	0x0	0x41d310	0x27070	0x25670	0x11c
GetDC	0x0	0x41d314	0x27074	0x25674	0x11a
GetClientRect	0x0	0x41d318	0x27078	0x25678	0x10d
GetClassNameW	0x0	0x41d31c	0x2707c	0x2567c	0x10b
FindWindowExW	0x0	0x41d320	0x27080	0x25680	0xf2
EndDialog	0x0	0x41d324	0x27084	0x25684	0xd3
EnableWindow	0x0	0x41d328	0x27088	0x25688	0xd1
DispatchMessageW	0x0	0x41d32c	0x2708c	0x2568c	0xa9
DialogBoxParamW	0x0	0x41d330	0x27090	0x25690	0xa6
DestroyIcon	0x0	0x41d334	0x27094	0x25694	0x9d
DefWindowProcW	0x0	0x41d338	0x27098	0x25698	0x96
CreateWindowExW	0x0	0x41d33c	0x2709c	0x2569c	0x68
CopyRect	0x0	0x41d340	0x270a0	0x256a0	0x4f
CopyIcon	0x0	0x41d344	0x270a4	0x256a4	0x4d
CharUpperW	0x0	0x41d348	0x270a8	0x256a8	0x3a
CharUpperA	0x0	0x41d34c	0x270ac	0x256ac	0x37
CharToOemBuffW	0x0	0x41d350	0x270b0	0x256b0	0x35
CharToOemBuffA	0x0	0x41d354	0x270b4	0x256b4	0x34
CharToOemA	0x0	0x41d358	0x270b8	0x256b8	0x33
GetFocus	0x0	0x41d35c	0x270bc	0x256bc	0x124
OpenIcon	0x0	0x41d360	0x270c0	0x256c0	0x212
IsMenu	0x0	0x41d364	0x270c4	0x256c4	0x1be
DestroyWindow	0x0	0x41d368	0x270c8	0x256c8	0xa0
WindowFromDC	0x0	0x41d36c	0x270cc	0x256cc	0x301
CloseWindowStation	0x0	0x41d370	0x270d0	0x256d0	0x4a
GetListBoxInfo	0x0	0x41d374	0x270d4	0x256d4	0x13b
CloseDesktop	0x0	0x41d378	0x270d8	0x256d8	0x48
CloseWindow	0x0	0x41d37c	0x270dc	0x256dc	0x49
CreateMenu	0x0	0x41d380	0x270e0	0x256e0	0x64
IsCharAlphaNumericW	0x0	0x41d384	0x270e4	0x256e4	0x1af
ReleaseCapture	0x0	0x41d388	0x270e8	0x256e8	0x24b
CharNextW	0x0	0x41d38c	0x270ec	0x256ec	0x2f
GetMessageExtraInfo	0x0	0x41d390	0x270f0	0x256f0	0x14b
IsClipboardFormatAvailable	0x0	0x41d394	0x270f4	0x256f4	0x1b6
InSendMessage	0x0	0x41d398	0x270f8	0x256f8	0x19f
EndMenu	0x0	0x41d39c	0x270fc	0x256fc	0xd4
DrawMenuBar	0x0	0x41d3a0	0x27100	0x25700	0xc1
IsCharUpperA	0x0	0x41d3a4	0x27104	0x25704	0x1b3
IsWindowEnabled	0x0	0x41d3a8	0x27108	0x25708	0x1c6
GetDialogBaseUnits	0x0	0x41d3ac	0x2710c	0x2570c	0x11d
GetDoubleClickTime	0x0	0x41d3b0	0x27110	0x25710	0x123
IsWindowUnicode	0x0	0x41d3b4	0x27114	0x25714	0x1c9
IsWindowVisible	0x0	0x41d3b8	0x27118	0x25718	0x1ca

GDI32.dll (59)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateFontIndirectW	0x0	0x41d034	0x26d94	0x25394	0x3e
CreateHalftonePalette	0x0	0x41d038	0x26d98	0x25398	0x40
CreatePalette	0x0	0x41d03c	0x26d9c	0x2539c	0x47
CreatePen	0x0	0x41d040	0x26da0	0x253a0	0x49
CreatePolygonRgn	0x0	0x41d044	0x26da4	0x253a4	0x4c
CreateSolidBrush	0x0	0x41d048	0x26da8	0x253a8	0x52
DPtoLP	0x0	0x41d04c	0x26dac	0x253ac	0x92
DeleteDC	0x0	0x41d050	0x26db0	0x253b0	0xcd
Escape	0x0	0x41d054	0x26db4	0x253b4	0x119
ExtFloodFill	0x0	0x41d058	0x26db8	0x253b8	0x120
ExtTextOutA	0x0	0x41d05c	0x26dbc	0x253bc	0x122
ExtTextOutW	0x0	0x41d060	0x26dc0	0x253c0	0x123
GetClipBox	0x0	0x41d064	0x26dc4	0x253c4	0x1aa
GetDIBColorTable	0x0	0x41d068	0x26dc8	0x253c8	0x1b3
GetDIBits	0x0	0x41d06c	0x26dcc	0x253cc	0x1b4
GetDeviceCaps	0x0	0x41d070	0x26dd0	0x253d0	0x1b5
GetMapMode	0x0	0x41d074	0x26dd4	0x253d4	0x1d7
GetObjectA	0x0	0x41d078	0x26dd8	0x253d8	0x1e2
GetObjectW	0x0	0x41d07c	0x26ddc	0x253dc	0x1e4
GetPixel	0x0	0x41d080	0x26de0	0x253e0	0x1eb
GetStockObject	0x0	0x41d084	0x26de4	0x253e4	0x1f4
GetSystemPaletteEntries	0x0	0x41d088	0x26de8	0x253e8	0x1f9
GetTextExtentPoint32W	0x0	0x41d08c	0x26dec	0x253ec	0x205
CreateFontIndirectA	0x0	0x41d090	0x26df0	0x253f0	0x3b
OffsetViewportOrgEx	0x0	0x41d094	0x26df4	0x253f4	0x225
PatBlt	0x0	0x41d098	0x26df8	0x253f8	0x22d
PtInRegion	0x0	0x41d09c	0x26dfc	0x253fc	0x240
PtVisible	0x0	0x41d0a0	0x26e00	0x25400	0x241
RealizePalette	0x0	0x41d0a4	0x26e04	0x25404	0x243
RectVisible	0x0	0x41d0a8	0x26e08	0x25408	0x245
Rectangle	0x0	0x41d0ac	0x26e0c	0x2540c	0x246
RestoreDC	0x0	0x41d0b0	0x26e10	0x25410	0x250
ScaleViewportExtEx	0x0	0x41d0b4	0x26e14	0x25414	0x258
ScaleWindowExtEx	0x0	0x41d0b8	0x26e18	0x25418	0x259
SelectObject	0x0	0x41d0bc	0x26e1c	0x2541c	0x25e
SelectPalette	0x0	0x41d0c0	0x26e20	0x25420	0x25f
SetBkColor	0x0	0x41d0c4	0x26e24	0x25424	0x265
SetBkMode	0x0	0x41d0c8	0x26e28	0x25428	0x266
SetMapMode	0x0	0x41d0cc	0x26e2c	0x2542c	0x27b
SetPixel	0x0	0x41d0d0	0x26e30	0x25430	0x282
SetTextColor	0x0	0x41d0d4	0x26e34	0x25434	0x28d
SetViewportExtEx	0x0	0x41d0d8	0x26e38	0x25438	0x28f
SetViewportOrgEx	0x0	0x41d0dc	0x26e3c	0x2543c	0x290
SetWindowExtEx	0x0	0x41d0e0	0x26e40	0x25440	0x293
StretchBlt	0x0	0x41d0e4	0x26e44	0x25444	0x29a
TextOutA	0x0	0x41d0e8	0x26e48	0x25448	0x29f
CreateDIBitmap	0x0	0x41d0ec	0x26e4c	0x2544c	0x34
CreateDCW	0x0	0x41d0f0	0x26e50	0x25450	0x30
CreateCompatibleDC	0x0	0x41d0f4	0x26e54	0x25454	0x2e
CreateCompatibleBitmap	0x0	0x41d0f8	0x26e58	0x25458	0x2d
CreateBitmap	0x0	0x41d0fc	0x26e5c	0x2545c	0x28
BitBlt	0x0	0x41d100	0x26e60	0x25460	0x12
GetObjectType	0x0	0x41d104	0x26e64	0x25464	0x1e3
CreatePatternBrush	0x0	0x41d108	0x26e68	0x25468	0x48
CloseFigure	0x0	0x41d10c	0x26e6c	0x2546c	0x1d
DeleteObject	0x0	0x41d110	0x26e70	0x25470	0xd0
DeleteEnhMetaFile	0x0	0x41d114	0x26e74	0x25474	0xce
GetTextExtentPointW	0x0	0x41d118	0x26e78	0x25478	0x208
SaveDC	0x0	0x41d11c	0x26e7c	0x2547c	0x257

ADVAPI32.dll (12)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetUserNameW	0x0	0x41d000	0x26d60	0x25360	0x15f
SetFileSecurityW	0x0	0x41d004	0x26d64	0x25364	0x2a4
SetFileSecurityA	0x0	0x41d008	0x26d68	0x25368	0x2a3
RegSetValueExW	0x0	0x41d00c	0x26d6c	0x2536c	0x278
RegOpenKeyExW	0x0	0x41d010	0x26d70	0x25370	0x25b
RegCloseKey	0x0	0x41d014	0x26d74	0x25374	0x22a
OpenProcessToken	0x0	0x41d018	0x26d78	0x25378	0x1f1
LookupPrivilegeValueW	0x0	0x41d01c	0x26d7c	0x2537c	0x191
DuplicateTokenEx	0x0	0x41d020	0x26d80	0x25380	0xdb
AdjustTokenPrivileges	0x0	0x41d024	0x26d84	0x25384	0x1e
RegOpenKeyA	0x0	0x41d028	0x26d88	0x25388	0x259
RegQueryValueExW	0x0	0x41d02c	0x26d8c	0x2538c	0x268

IMM32.dll (12)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ImmCreateContext	0x0	0x41d124	0x26e84	0x25484	0x1d
ImmConfigureIMEW	0x0	0x41d128	0x26e88	0x25488	0x1c
ImmAssociateContext	0x0	0x41d12c	0x26e8c	0x2548c	0x18
ImmEnumRegisterWordW	0x0	0x41d130	0x26e90	0x25490	0x28
ImmEscapeW	0x0	0x41d134	0x26e94	0x25494	0x2a
ImmGetCompositionStringW	0x0	0x41d138	0x26e98	0x25498	0x36
ImmGetConversionStatus	0x0	0x41d13c	0x26e9c	0x2549c	0x3b
ImmIsIME	0x0	0x41d140	0x26ea0	0x254a0	0x58
ImmRegisterWordW	0x0	0x41d144	0x26ea4	0x254a4	0x67
ImmSetCompositionStringW	0x0	0x41d148	0x26ea8	0x254a8	0x73
ImmSetConversionStatus	0x0	0x41d14c	0x26eac	0x254ac	0x75
ImmDestroyContext	0x0	0x41d150	0x26eb0	0x254b0	0x20

Icons (1)

Digital Signatures (1)

Certificate: ZCHJYRFA

Issued by	ZCHJYRFA
Country Name	-
Valid From	2019-03-07 13:24:19+00:00
Valid Until	2039-12-31 23:59:59+00:00
Algorithm	sha1_rsa
Serial Number	7B AF F4 94 2F A0 0F A4 40 B2 6A 7D 52 5E 2B 33
Thumbprint	3F 9B 7E A4 B6 7E AF CC C2 12 E2 37 CE D0 DD 7F 87 E7 CB 52

C:\Windows\TEMP\2ECB.tmp

Created File

Text

Unknown

Mime Type	text/plain
File Size	0.11 KB
MD5	36427ecb2a0faf13af3047c51b29f9c5
SHA1	9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f
SHA256	ea156f649bb1180b32c6d5be76c0969941ec76d1fface734f401b5327ac57345
SSDeep	3:q8CJGEIUEF7eSAMzr+WABEImBzEWVAZGXhRAJ1zKI9:hCyUEZNiWSmBzNmeRAH9

Notifications (1/1)

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After