Binary
DLL False
Size 11.59MB
trid 47.6% Inno Setup installer
18.7% InstallShield setup
18.0% Win32 EXE PECompact compressed 5.6% Windows screen saver
4.3% DOS Borland compiled Executable
type PE
wordsize 32
Subsystem Windows GUI
Hashes
md5 5bf0e67f2a413ef44ff365a9f28ba4ce
sha1 6739fc00b013de378b79ebb759883f96da8c7b91
crc32 0x2081a185
sha224 8f938b4365689a25540e0e2f4020c53e1a01b66dfb160e4bc5db3707
sha256 4ed66ad6e2ca374221ed660177521dc2c4db9492a048c52410931b86a66cc 837
sha384 b9efee99cf6176ba9eacda0445a336fef363aa89ae5e87ed55a1f0dca57379e 5b6fac54f83bec547977b52f0b1897e57
sha512 0e0f9b3f6ed162328cce1635828fc5c056174c64699ddd4ce43800f9625101 6165d86b6ac95ea901a855feec179dcf92fda6024ed07a2c550d78ac129f4c 4923
ssdeep 196608:rea0/lFiriNDXbSOTVf/xdamo3Qvo8YMzsihz+AtehKUzzFhWxvDbmOv pOM7i7BK:ri/lF+iFXbSOTVf/xdaL18TzsihaAtes
Report #13811
Creation Date: March 28, 2022, 11:19 p.m.
Last Update: March 28, 2022, 11:27 p.m.
File:
Isname.name Results:
Community
Google False
HashLib False
YARA
Matches maldoc_getEIP_method_1, IP, FGint_FGIntDestroy, Borland, win_private_prof ile, Dropper_Strings, CRC16_table, Borland_Delphi_30_, CRC32_poly_Consta nt, BASE64_table, RIPEMD160_Constants, borland_delphi, Check_OutputDe bugStringA_iat, Delphi_FormShow, HasOverlay, CRC32_table, Microsoft_Visu al_Cpp_v50v60_MFC, TEAN, network_http, win_token, OpenSSL_DSA, win_h ook, win_mutex, VM_Generic_Detection, screenshot, Borland_Delphi_v40_v 50, keylogger, MD5_Constants, Borland_Delphi_40_additional, IsPE32, Borla nd_Delphi_40, network_ssl, Delphi_Random, with_urls, IsWindowsGUI, HasDi gitalSignature, win_files_operation, with_images, anti_dbg, Borland_Delphi_
Setup_Module, Borland_Delphi_DLL, Misc_Suspicious_Strings, SHA1_Consta nts, android_meterpreter, contentis_base64, win_registry, url, Delphi_Comp areCall, network_smtp_raw, Advapi_Hash_API, Borland_Delphi_30_additiona l, Borland_Delphi_v30, Big_Numbers2, Big_Numbers1
Suspicious True
Imports
mpr.dll WNetGetConnectionW
d3d9.dll Direct3DCreate9
GDI32.DLL GetRandomRgn
gdi32.dll UnrealizeObject, TextOutA, TextOutW, StretchDIBits, StretchBlt, StartPage, S tartDocW, SetWorldTransform, SetWindowOrgEx, SetWinMetaFileBits, SetVie wportOrgEx, SetTextCharacterExtra, SetTextColor, SetTextAlign, SetStretchB ltMode, SetROP2, SetPixelV, SetPixel, SetPaletteEntries, SetMapMode, SetGr aphicsMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrg Ex, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, Sele ctClipRgn, SelectClipPath, SaveDC, RoundRect, RestoreDC, ResizePalette, R ectangle, RectVisible, RealizePalette, PtInRegion, Polyline, Polygon, PolyBezi erTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, OffsetWindowOrgEx, OffsetRg n, OffsetClipRgn, MoveToEx, ModifyWorldTransform, MaskBlt, LineTo, LineDD A, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTex tMetricsW, GetTextExtentPointW, GetTextExtentPoint32A, GetTextExtentPoin t32W, GetTextExtentExPointA, GetTextExtentExPointW, GetTextColor, GetTe xtAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, Ge tPaletteEntries, GetObjectA, GetObjectW, GetNearestPaletteIndex, GetNear estColor, GetMapMode, GetGraphicsMode, GetGlyphOutlineW, GetEnhMeta FilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, Ge tEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentP ositionEx, GetCurrentObject, GetClipBox, GetBrushOrgEx, GetBkColor, GetB
itmapBits, GdiFlush, FrameRgn, FillRgn, ExtTextOutW, ExtFloodFill, ExtCreat eRegion, ExtCreatePen, ExcludeClipRect, EnumFontsW, EnumFontFamiliesE xW, EndPath, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, DPtoLP, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgnI ndirect, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePen, C reatePatternBrush, CreatePalette, CreateICW, CreateHalftonePalette, Create FontIndirectA, CreateFontIndirectW, CreateFontA, CreateEnhMetaFileW, Cre ateEllipticRgnIndirect, CreateEllipticRgn, CreateDIBitmap, CreateDIBSection , CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushI ndirect, CreateBitmap, CopyEnhMetaFileW, CombineRgn, CloseEnhMetaFile, Chord, BitBlt, BeginPath, ArcTo, Arc, AngleArc, AbortDoc, TranslateCharsetIn fo
imm32.dll ImmGetVirtualKey
ole32.dll CreateStreamOnHGlobal, OleRegEnumVerbs, IsAccelerator, ReleaseStgMedi um, OleDraw, OleSetMenuDescriptor, OleFlushClipboard, OleGetClipboard, OleSetClipboard, DoDragDrop, RevokeDragDrop, RegisterDragDrop, OleUni nitialize, OleInitialize, CreateDataAdviseHolder, CoTaskMemFree, CoTaskMe mAlloc, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoDisconne ctObject, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID, FreePr opVariantArray, CoTaskMemFree, OleUninitialize, OleInitialize, CoCreateInst ance, IsEqualGUID, StgCreateDocfile, CoTaskMemFree, OleUninitialize, OleIn itialize, CoCreateInstance, OleUninitialize, OleInitialize, CoCreateInstance, C oCreateGuid
winmm.dll timeGetTime, timeEndPeriod, timeBeginPeriod, PlaySoundW
dsound.dll DirectSoundCreate8
oleacc.dll LresultFromObject
urlmon.dll CoInternetSetFeatureEnabled
user32.dll LoadStringW, MessageBoxA, CharNextW, CreateWindowExW, wvsprintfA, W indowFromPoint, WaitMessage, WaitForInputIdle, ValidateRect, UpdateWind ow, UnregisterClassW, UnionRect, UnhookWindowsHookEx, TranslateMessa ge, TranslateMDISysAccel, TrackPopupMenu, ToAscii, SystemParametersInfo A, SystemParametersInfoW, SubtractRect, ShowWindow, ShowScrollBar, Sh owOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWi ndowTextW, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetTi mer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, Se tPropW, SetParent, SetMenuItemInfoW, SetMenu, SetKeyboardState, SetFor egroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, Set ClassLongW, SetCaretPos, SetCapture, SetActiveWindow, SendNotifyMessa geW, SendMessageTimeoutW, SendMessageA, SendMessageW, SendDlgIte mMessageW, ScrollWindow, ScrollDC, ScreenToClient, RemovePropW, Remo veMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterC lipboardFormatW, RegisterClassW, RedrawWindow, PtInRect, PostQuitMessa ge, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, Offset Rect, NotifyWinEvent, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObj ects, MoveWindow, MessageBoxA, MessageBoxW, MessageBeep, MapWind owPoints, MapVirtualKeyW, LockWindowUpdate, LoadStringW, LoadKeyboar dLayoutW, LoadImageA, LoadImageW, LoadIconW, LoadCursorA, LoadCurso rW, LoadBitmapA, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsW indowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialog MessageA, IsDialogMessageW, IsClipboardFormatAvailable, IsChild, IsCharAl
phaNumericW, IsCharAlphaW, InvalidateRgn, InvalidateRect, IntersectRect, InsertMenuItemW, InsertMenuW, InflateRect, HideCaret, GetWindowThread ProcessId, GetWindowTextA, GetWindowTextW, GetWindowRect, GetWindow Placement, GetWindowLongW, GetWindowDC, GetUpdateRect, GetTopWind ow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, G etSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropW, GetPare nt, GetWindow, GetMessageTime, GetMessagePos, GetMessageExtraInfo, G etMessageW, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMe nuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboard State, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLa yout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDlgItemTextA, GetDlgItemTextW, GetDlg Item, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, Ge tCursor, GetClipboardFormatNameW, GetClipboardData, GetClientRect, Get ClassNameA, GetClassNameW, GetClassLongW, GetClassInfoW, GetCapture , GetAsyncKeyState, GetActiveWindow, FrameRect, FindWindowExW, FindWi ndowW, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumCli pboardFormats, EnumChildWindows, EndPaint, EndMenu, EndDialog, EndDe ferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyCli pboard, DrawTextExW, DrawTextA, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DrawCaption, Dr awAnimatedRects, DispatchMessageA, DispatchMessageW, DialogBoxPara mA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DestroyCar et, DeleteMenu, DeferWindowPos, DefWindowProcA, DefWindowProcW, Def MDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIco nIndirect, CreateIcon, CreateDialogParamA, CreateCaret, CreateAccelerator TableW, CountClipboardFormats, CopyRect, CopyImage, CopyIcon, CloseCli pboard, ClipCursor, ClientToScreen, ChildWindowFromPointEx, ChildWindow FromPoint, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, Ch arLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BringWind owToTop, BeginPaint, BeginDeferWindowPos, CharLowerBuffA, CharUpperBu ffA, AdjustWindowRectEx, ActivateKeyboardLayout, EnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow MsVfW32.dll DrawDibRealize, DrawDibOpen, DrawDibDraw, DrawDibClose
gdiplus.dll GdipEmfToWmfBits, GdipDrawCachedBitmap, GdipDeleteCachedBitmap, Gd ipCreateCachedBitmap, GdipSetStringFormatMeasurableCharacterRanges, GdipGetStringFormatMeasurableCharacterRangeCount, GdipGetStringForm atDigitSubstitution, GdipSetStringFormatDigitSubstitution, GdipGetStringFo rmatTabStopCount, GdipGetStringFormatTabStops, GdipSetStringFormatTab Stops, GdipGetStringFormatHotkeyPrefix, GdipSetStringFormatHotkeyPrefix, GdipGetStringFormatTrimming, GdipSetStringFormatTrimming, GdipGetStrin gFormatLineAlign, GdipSetStringFormatLineAlign, GdipGetStringFormatAlig n, GdipSetStringFormatAlign, GdipGetStringFormatFlags, GdipSetStringFor matFlags, GdipCloneStringFormat, GdipDeleteStringFormat, GdipStringForm atGetGenericTypographic, GdipStringFormatGetGenericDefault, GdipCreate StringFormat, GdipMeasureDriverString, GdipDrawDriverString, GdipMeasur eCharacterRanges, GdipMeasureString, GdipDrawString, GdipPrivateAddMe moryFont, GdipPrivateAddFontFile, GdipGetFontCollectionFamilyList, GdipG etFontCollectionFamilyCount, GdipDeletePrivateFontCollection, GdipNewPri vateFontCollection, GdipGetLogFontW, GdipGetLogFontA, GdipGetFontHeig htGivenDPI, GdipGetFontHeight, GdipGetFontUnit, GdipGetFontSize, GdipGe tFontStyle, GdipGetFamily, GdipDeleteFont, GdipCloneFont, GdipCreateFont , GdipCreateFontFromLogfontW, GdipCreateFontFromLogfontA, GdipCreateF ontFromDC, GdipGetLineSpacing, GdipGetCellDescent, GdipGetCellAscent, GdipGetEmHeight, GdipIsStyleAvailable, GdipGetFamilyName, GdipGetGene ricFontFamilyMonospace, GdipGetGenericFontFamilySerif, GdipGetGenericF ontFamilySansSerif, GdipCloneFontFamily, GdipDeleteFontFamily, GdipCreat
eFontFamilyFromName, GdipComment, GdipGetImageEncoders, GdipGetIm ageEncodersSize, GdipGetMetafileDownLevelRasterizationLimit, GdipSetMe tafileDownLevelRasterizationLimit, GdipRecordMetafileStreamI, GdipRecord MetafileStream, GdipRecordMetafileFileNameI, GdipRecordMetafileFileName , GdipRecordMetafileI, GdipRecordMetafile, GdipCreateMetafileFromStream, GdipCreateMetafileFromWmfFile, GdipCreateMetafileFromFile, GdipCreateM etafileFromEmf, GdipCreateMetafileFromWmf, GdipGetHemfFromMetafile, G dipGetMetafileHeaderFromMetafile, GdipGetMetafileHeaderFromStream, Gd ipGetMetafileHeaderFromFile, GdipGetMetafileHeaderFromEmf, GdipGetMet afileHeaderFromWmf, GdipEndContainer, GdipBeginContainer2, GdipBegin ContainerI, GdipBeginContainer, GdipRestoreGraphics, GdipSaveGraphics, GdipIsVisibleRectI, GdipIsVisibleRect, GdipIsVisiblePointI, GdipIsVisiblePoint, GdipIsVisibleClipEmpty, GdipGetVisibleClipBoundsI, GdipGetVisibleClipBoun ds, GdipIsClipEmpty, GdipGetClipBoundsI, GdipGetClipBounds, GdipGetClip, GdipTranslateClipI, GdipTranslateClip, GdipResetClip, GdipSetClipHrgn, Gdip SetClipRegion, GdipSetClipPath, GdipSetClipRectI, GdipSetClipRect, GdipSet ClipGraphics, GdipPlayMetafileRecord, GdipEnumerateMetafileSrcRectDestP ointsI, GdipEnumerateMetafileSrcRectDestPoints, GdipEnumerateMetafileSr cRectDestRectI, GdipEnumerateMetafileSrcRectDestRect, GdipEnumerateM etafileSrcRectDestPointI, GdipEnumerateMetafileSrcRectDestPoint, GdipEnu merateMetafileDestPointsI, GdipEnumerateMetafileDestPoints, GdipEnumer ateMetafileDestRectI, GdipEnumerateMetafileDestRect, GdipEnumerateMet afileDestPointI, GdipEnumerateMetafileDestPoint, GdipDrawImagePointsRec tI, GdipDrawImagePointsRect, GdipDrawImageRectRectI, GdipDrawImageRe ctRect, GdipDrawImagePointRectI, GdipDrawImagePointRect, GdipDrawIma gePointsI, GdipDrawImagePoints, GdipDrawImageRectI, GdipDrawImageRec t, GdipDrawImageI, GdipDrawImage, GdipFillRegion, GdipFillClosedCurve2I, GdipFillClosedCurve2, GdipFillClosedCurveI, GdipFillClosedCurve, GdipFillPat h, GdipFillPieI, GdipFillPie, GdipFillEllipseI, GdipFillEllipse, GdipFillPolygonI, G dipFillPolygon, GdipFillRectanglesI, GdipFillRectangles, GdipFillRectangleI, G dipFillRectangle, GdipGraphicsClear, GdipDrawClosedCurve2I, GdipDrawClo sedCurve2, GdipDrawClosedCurveI, GdipDrawClosedCurve, GdipDrawCurve 3I, GdipDrawCurve3, GdipDrawCurve2I, GdipDrawCurve2, GdipDrawCurveI, GdipDrawCurve, GdipDrawPath, GdipDrawPolygonI, GdipDrawPolygon, Gdip DrawPieI, GdipDrawPie, GdipDrawEllipseI, GdipDrawEllipse, GdipDrawRecta nglesI, GdipDrawRectangles, GdipDrawRectangleI, GdipDrawRectangle, Gdi pDrawBeziersI, GdipDrawBeziers, GdipDrawBezierI, GdipDrawBezier, GdipD rawArcI, GdipDrawArc, GdipDrawLinesI, GdipDrawLines, GdipDrawLineI, Gdi pDrawLine, GdipCreateHalftonePalette, GdipGetNearestColor, GdipTransfor mPointsI, GdipTransformPoints, GdipGetDpiY, GdipGetDpiX, GdipSetPageSc ale, GdipSetPageUnit, GdipGetPageScale, GdipGetPageUnit, GdipGetWorldTr ansform, GdipRotateWorldTransform, GdipScaleWorldTransform, GdipTransl ateWorldTransform, GdipMultiplyWorldTransform, GdipResetWorldTransform, GdipSetWorldTransform, GdipGetInterpolationMode, GdipSetInterpolationMo de, GdipGetTextContrast, GdipSetTextContrast, GdipGetTextRenderingHint, GdipSetTextRenderingHint, GdipGetPixelOffsetMode, GdipSetPixelOffsetMod e, GdipGetSmoothingMode, GdipSetSmoothingMode, GdipGetCompositingQ uality, GdipSetCompositingQuality, GdipGetRenderingOrigin, GdipSetRende ringOrigin, GdipGetCompositingMode, GdipSetCompositingMode, GdipRelea seDC, GdipGetDC, GdipDeleteGraphics, GdipCreateFromHWNDICM, GdipCre ateFromHWND, GdipCreateFromHDC2, GdipCreateFromHDC, GdipFlush, Gdi pGetImageAttributesAdjustedPalette, GdipSetImageAttributesWrapMode, G dipSetImageAttributesRemapTable, GdipSetImageAttributesOutputChannel ColorProfile, GdipSetImageAttributesOutputChannel, GdipSetImageAttribute sColorKeys, GdipSetImageAttributesNoOp, GdipSetImageAttributesGamma, GdipSetImageAttributesThreshold, GdipSetImageAttributesColorMatrix, Gdi pResetImageAttributes, GdipSetImageAttributesToIdentity, GdipDisposeIma geAttributes, GdipCloneImageAttributes, GdipCreateImageAttributes, GdipB itmapSetResolution, GdipBitmapSetPixel, GdipBitmapGetPixel, GdipBitmapU
nlockBits, GdipBitmapLockBits, GdipCloneBitmapAreaI, GdipCloneBitmapAr ea, GdipCreateBitmapFromResource, GdipCreateHICONFromBitmap, GdipCr eateBitmapFromHICON, GdipCreateHBITMAPFromBitmap, GdipCreateBitma pFromHBITMAP, GdipCreateBitmapFromGdiDib, GdipCreateBitmapFromDire ctDrawSurface, GdipCreateBitmapFromGraphics, GdipCreateBitmapFromSc an0, GdipCreateBitmapFromFileICM, GdipCreateBitmapFromStreamICM, Gdi pCreateBitmapFromFile, GdipCreateBitmapFromStream, GdipSetPropertyIte m, GdipRemovePropertyItem, GdipGetAllPropertyItems, GdipGetPropertySiz e, GdipGetPropertyItem, GdipGetPropertyItemSize, GdipGetPropertyIdList, GdipGetPropertyCount, GdipGetImagePaletteSize, GdipSetImagePalette, Gd ipGetImagePalette, GdipImageRotateFlip, GdipImageSelectActiveFrame, Gdi pImageGetFrameCount, GdipImageGetFrameDimensionsList, GdipImageGet FrameDimensionsCount, GdipGetEncoderParameterList, GdipGetEncoderPar ameterListSize, GdipGetImageThumbnail, GdipGetImagePixelFormat, GdipG etImageRawFormat, GdipGetImageFlags, GdipGetImageVerticalResolution, GdipGetImageHorizontalResolution, GdipGetImageHeight, GdipGetImageWi dth, GdipGetImageType, GdipGetImageDimension, GdipGetImageBounds, G dipGetImageGraphicsContext, GdipSaveAddImage, GdipSaveAdd, GdipSave ImageToStream, GdipSaveImageToFile, GdipDisposeImage, GdipCloneImage , GdipLoadImageFromFileICM, GdipLoadImageFromStreamICM, GdipLoadIm ageFromFile, GdipLoadImageFromStream, GdipGetCustomLineCapWidthSca le, GdipSetCustomLineCapWidthScale, GdipGetCustomLineCapBaseInset, G dipSetCustomLineCapBaseInset, GdipGetCustomLineCapBaseCap, GdipSet CustomLineCapBaseCap, GdipGetCustomLineCapStrokeJoin, GdipSetCusto mLineCapStrokeJoin, GdipGetCustomLineCapStrokeCaps, GdipSetCustomLi neCapStrokeCaps, GdipCloneCustomLineCap, GdipDeleteCustomLineCap, G dipCreateCustomLineCap, GdipGetPenCompoundArray, GdipSetPenCompou ndArray, GdipGetPenCompoundCount, GdipGetPenDashArray, GdipSetPenD ashArray, GdipGetPenDashCount, GdipSetPenDashOffset, GdipGetPenDash Offset, GdipSetPenDashStyle, GdipGetPenDashStyle, GdipGetPenFillType, G dipGetPenBrushFill, GdipSetPenBrushFill, GdipGetPenColor, GdipSetPenColo r, GdipRotatePenTransform, GdipScalePenTransform, GdipTranslatePenTrans form, GdipMultiplyPenTransform, GdipResetPenTransform, GdipGetPenTransf orm, GdipSetPenTransform, GdipGetPenMode, GdipSetPenMode, GdipGetPe nMiterLimit, GdipSetPenMiterLimit, GdipGetPenCustomEndCap, GdipSetPen CustomEndCap, GdipGetPenCustomStartCap, GdipSetPenCustomStartCap, GdipGetPenLineJoin, GdipSetPenLineJoin, GdipGetPenDashCap197819, Gdip GetPenEndCap, GdipGetPenStartCap, GdipSetPenDashCap197819, GdipSet PenEndCap, GdipSetPenStartCap, GdipSetPenLineCap197819, GdipGetPen Width, GdipSetPenWidth, GdipDeletePen, GdipClonePen, GdipCreatePen2, G dipCreatePen1, GdipRotateLineTransform, GdipScaleLineTransform, GdipTra nslateLineTransform, GdipMultiplyLineTransform, GdipResetLineTransform, GdipSetLineTransform, GdipGetLineTransform, GdipGetLineWrapMode, Gdip SetLineWrapMode, GdipSetLineLinearBlend, GdipSetLineSigmaBlend, GdipS etLinePresetBlend, GdipGetLinePresetBlend, GdipGetLinePresetBlendCount, GdipSetLineBlend, GdipGetLineBlend, GdipGetLineBlendCount, GdipGetLine GammaCorrection, GdipSetLineGammaCorrection, GdipGetLineRectI, GdipG etLineRect, GdipGetLineColors, GdipSetLineColors, GdipCreateLineBrushFro mRectWithAngleI, GdipCreateLineBrushFromRectWithAngle, GdipCreateLine BrushFromRectI, GdipCreateLineBrushFromRect, GdipCreateLineBrushI, Gdi pCreateLineBrush, GdipGetSolidFillColor, GdipSetSolidFillColor, GdipCreateS olidFill, GdipGetTextureImage, GdipGetTextureWrapMode, GdipSetTextureWr apMode, GdipRotateTextureTransform, GdipScaleTextureTransform, GdipTra nslateTextureTransform, GdipMultiplyTextureTransform, GdipResetTextureTra nsform, GdipSetTextureTransform, GdipGetTextureTransform, GdipCreateTex tureIAI, GdipCreateTexture2I, GdipCreateTextureIA, GdipCreateTexture2, Gdi pCreateTexture, GdipGetHatchBackgroundColor, GdipGetHatchForegroundC olor, GdipGetHatchStyle, GdipCreateHatchBrush, GdipGetBrushType, GdipD eleteBrush, GdipCloneBrush, GdipGetRegionScansI, GdipGetRegionScans, G
dipGetRegionScansCount, GdipIsVisibleRegionRectI, GdipIsVisibleRegionRec t, GdipIsVisibleRegionPointI, GdipIsVisibleRegionPoint, GdipGetRegionData, GdipGetRegionDataSize, GdipIsEqualRegion, GdipIsInfiniteRegion, GdipIsEm ptyRegion, GdipGetRegionHRgn, GdipGetRegionBoundsI, GdipGetRegionBo unds, GdipTransformRegion, GdipTranslateRegionI, GdipTranslateRegion, Gd ipCombineRegionRegion, GdipCombineRegionPath, GdipCombineRegionRec tI, GdipCombineRegionRect, GdipSetEmpty, GdipSetInfinite, GdipDeleteRegi on, GdipCloneRegion, GdipCreateRegionHrgn, GdipCreateRegionRgnData, G dipCreateRegionPath, GdipCreateRegionRectI, GdipCreateRegionRect, Gdip CreateRegion, GdipIsMatrixEqual, GdipIsMatrixIdentity, GdipIsMatrixInvertib le, GdipGetMatrixElements, GdipVectorTransformMatrixPointsI, GdipVectorTr ansformMatrixPoints, GdipTransformMatrixPointsI, GdipTransformMatrixPoin ts, GdipInvertMatrix, GdipShearMatrix, GdipRotateMatrix, GdipScaleMatrix, GdipTranslateMatrix, GdipMultiplyMatrix, GdipSetMatrixElements, GdipDelet eMatrix, GdipCloneMatrix, GdipCreateMatrix3I, GdipCreateMatrix3, GdipCre ateMatrix2, GdipCreateMatrix, GdipIsOutlineVisiblePathPointI, GdipIsOutline VisiblePathPoint, GdipIsVisiblePathPointI, GdipIsVisiblePathPoint, GdipGetPat hWorldBoundsI, GdipGetPathWorldBounds, GdipTransformPath, GdipWarpPa th, GdipWidenPath, GdipWindingModeOutline, GdipFlattenPath, GdipAddPat hPolygonI, GdipAddPathPieI, GdipAddPathEllipseI, GdipAddPathRectanglesI, GdipAddPathRectangleI, GdipAddPathClosedCurve2I, GdipAddPathClosedCu rveI, GdipAddPathCurve3I, GdipAddPathCurve2I, GdipAddPathCurveI, GdipA ddPathBeziersI, GdipAddPathBezierI, GdipAddPathArcI, GdipAddPathLine2I, GdipAddPathLineI, GdipAddPathStringI, GdipAddPathString, GdipAddPathPat h, GdipAddPathPolygon, GdipAddPathPie, GdipAddPathEllipse, GdipAddPath Rectangles, GdipAddPathRectangle, GdipAddPathClosedCurve2, GdipAddPat hClosedCurve, GdipAddPathCurve3, GdipAddPathCurve2, GdipAddPathCurv e, GdipAddPathBeziers, GdipAddPathBezier, GdipAddPathArc, GdipAddPathL ine2, GdipAddPathLine, GdipGetPathLastPoint, GdipReversePath, GdipClear PathMarkers, GdipSetPathMarker, GdipClosePathFigures, GdipClosePathFigu re, GdipStartPathFigure, GdipGetPathData, GdipSetPathFillMode, GdipGetPat hFillMode, GdipGetPathPointsI, GdipGetPathPoints, GdipGetPathTypes, Gdip GetPointCount, GdipResetPath, GdipDeletePath, GdipClonePath, GdipCreate Path2I, GdipCreatePath2, GdipCreatePath, GdiplusShutdown, GdiplusStartu p, GdipFree, GdipAlloc
msimg32.dll AlphaBlend
shell32.dll SHGetFileInfoW, ShellExecuteA, ShellExecuteW, Shell_NotifyIconW, DragQu eryFileA, DragQueryFileW, SHGetSpecialFolderPathA, SHGetSpecialFolderLo cation, SHGetPathFromIDListW, SHGetMalloc, SHGetDesktopFolder, SHBrow seForFolderW
version.dll VerQueryValueA, VerQueryValueW, GetFileVersionInfoSizeA, GetFileVersionI nfoSizeW, GetFileVersionInfoA, GetFileVersionInfoW
wininet.dll InternetSetStatusCallback, InternetReadFile, InternetQueryOptionW, Interne tOpenUrlA, InternetOpenA, InternetConnectA, InternetCloseHandle, HttpSen dRequestA, HttpQueryInfoA, HttpQueryInfoW, HttpOpenRequestA, HttpAdd RequestHeadersW
Advapi32.dll CryptReleaseContext, CryptDestroyHash, CryptGetHashParam, CryptHashD ata, CryptCreateHash, CryptAcquireContextA
Kernel32.dll GetCPInfoExW, GetCPInfoExA
advapi32.dll RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegUnLoadKeyW, Reg
SetValueExA, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegRepla ceKeyW, RegQueryValueExA, RegQueryValueExW, RegQueryInfoKeyW, Reg OpenKeyExA, RegOpenKeyExW, RegOpenKeyW, RegLoadKeyW, RegFlushKe y, RegEnumValueW, RegEnumKeyW, RegEnumKeyExA, RegEnumKeyExW, R egDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegCreateKeyW, Reg ConnectRegistryW, RegCloseKey, PrivilegeCheck, OpenThreadToken, OpenP rocessToken, LookupPrivilegeValueW, LookupPrivilegeNameA, LookupPrivile geNameW, GetUserNameA, GetTokenInformation
avifil32.dll AVIMakeCompressedStream, AVISaveOptionsFree, AVISaveOptions, AVIStre amGetFrameClose, AVIStreamGetFrame, AVIStreamGetFrameOpen, AVIStre amWrite, AVIStreamSetFormat, AVIStreamInfoW, AVIStreamRelease, AVIFile CreateStreamW, AVIFileGetStream, AVIFileOpenW, AVIFileRelease, AVIFileExi t, AVIFileInit
comctl32.dll ImageList_Destroy, ImageList_Add, ImageList_Create, InitializeFlatSB, FlatS B_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScroll Pos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, Ima geList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Rea d, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragM ove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, Imag eList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIc on, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_D raw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkC olor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, Im ageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommon Controls
comdlg32.dll PrintDlgW, ChooseFontW, ChooseColorW, GetSaveFileNameA, GetSaveFileN ameW, GetOpenFileNameA, GetOpenFileNameW
kernel32.dll lstrcmpiA, LoadLibraryA, LocalFree, LocalAlloc, Sleep, VirtualFree, VirtualAllo c, SwitchToThread, GetACP, GetSystemInfo, GetTickCount, QueryPerforman ceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMulti Byte, SetCurrentDirectoryW, MultiByteToWideChar, lstrlenW, lstrcpynW, Loa dLibraryExW, IsValidLocale, GetSystemDefaultUILanguage, GetStartupInfoA , GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetUserDefa ultUILanguage, GetLocaleInfoW, GetLastError, GetCurrentDirectoryW, GetC ommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, ExitThre ad, CreateThread, CompareStringW, WriteFile, UnhandledExceptionFilter, Se tFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHand le, GetFileSize, GetFileType, DeleteCriticalSection, LeaveCriticalSection, Ent erCriticalSection, InitializeCriticalSection, CreateFileW, CloseHandle, TlsSet Value, TlsGetValue, LocalAlloc, GetModuleHandleW, lstrlenA, lstrlenW, lstrc mpW, lstrcatA, WritePrivateProfileStringA, WriteFile, WideCharToMultiByte, WaitForSingleObjectEx, WaitForSingleObject, WaitForMultipleObjectsEx, Wai tForMultipleObjects, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFre eEx, VirtualFree, VirtualAllocEx, VirtualAlloc, VerLanguageNameW, UnmapVi ewOfFile, TryEnterCriticalSection, TerminateThread, TerminateProcess, Switc hToThread, SuspendThread, Sleep, SizeofResource, SignalObjectAndWait, S etUnhandledExceptionFilter, SetThreadPriority, SetThreadLocale, SetThread AffinityMask, SetLastError, SetFilePointer, SetFileAttributesW, SetEvent, Set ErrorMode, SetEnvironmentVariableA, SetEnvironmentVariableW, SetEndOf File, SetCurrentDirectoryW, ResumeThread, ResetEvent, RemoveDirectoryW , ReleaseMutex, ReadProcessMemory, ReadFile, RaiseException, QueryPerfo rmanceFrequency, QueryPerformanceCounter, QueryDosDeviceW, IsDebug gerPresent, OutputDebugStringA, OutputDebugStringW, OpenProcess, Ope nMutexW, OpenFileMappingW, OpenFile, MultiByteToWideChar, MulDiv, Mov
eFileA, MapViewOfFile, LockResource, LocalFree, LoadResource, LoadLibrary ExA, LoadLibraryExW, LoadLibraryA, LoadLibraryW, LeaveCriticalSection, Is ValidLocale, IsBadReadPtr, InitializeCriticalSection, GlobalUnlock, GlobalSize , GlobalMemoryStatusEx, GlobalMemoryStatus, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAt omW, GetWindowsDirectoryA, GetWindowsDirectoryW, GetVolumeInformati onW, GetVersionExW, GetVersion, GetUserDefaultLCID, GetTimeZoneInform ation, GetTickCount, GetThreadPriority, GetThreadLocale, GetThreadContex t, GetTempPathA, GetTempPathW, GetSystemTime, GetSystemInfo, GetSyst emDirectoryW, GetSystemDefaultLangID, GetStringTypeExA, GetStringType ExW, GetStdHandle, GetStartupInfoA, GetShortPathNameW, GetProfileStrin gA, GetProcessAffinityMask, GetProcAddress, GetPrivateProfileStringA, GetP riorityClass, GetModuleHandleA, GetModuleHandleW, GetModuleFileNameA, GetModuleFileNameW, GetLogicalDrives, GetLogicalDriveStringsW, GetLoca leInfoA, GetLocaleInfoW, GetLocalTime, GetLastError, GetHandleInformation , GetFullPathNameA, GetFullPathNameW, GetFileSize, GetFileInformationBy Handle, GetFileAttributesExW, GetFileAttributesA, GetFileAttributesW, GetEx itCodeThread, GetExitCodeProcess, GetEnvironmentVariableA, GetEnvironm entVariableW, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, Get CurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProce ss, GetComputerNameA, GetComputerNameW, GetCommandLineW, GetCPI nfoExW, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, Interlocke dExchangeAdd, InterlockedExchange, InterlockedDecrement, InterlockedCo mpareExchange, FreeLibrary, FormatMessageW, FlushInstructionCache, Fin dResourceA, FindResourceW, FindNextFileW, FindFirstFileA, FindFirstFileW, Fi ndClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDat eTime, ExitThread, EnumSystemLocalesA, EnumSystemLocalesW, EnumSys temCodePagesW, EnumResourceTypesA, EnumResourceNamesA, EnumCale ndarInfoW, EnterCriticalSection, DuplicateHandle, DeleteFileA, DeleteFileW, DeleteCriticalSection, CreateThread, CreateProcessA, CreateProcessW, Crea teMutexW, CreateFileMappingW, CreateFileA, CreateFileW, CreateEventW, C reateDirectoryW, CompareStringA, CompareStringW, CloseHandle, Beep, B ackupWrite, BackupSeek, BackupRead, Sleep, GetVersionExW, CreateMutex W
oleaut32.dll SysFreeString, SysReAllocStringLen, SysAllocStringLen, GetErrorInfo, GetAct iveObject, SysFreeString, SafeArrayPtrOfIndex, SafeArrayPutElement, SafeA rrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArray GetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, Va riantCopyInd, VariantCopy, VariantClear, VariantInit
olepro32.dll OleLoadPicture, OleCreatePropertyFrame
winspool.drv OpenPrinterW, EnumPrintersW, DocumentPropertiesW, ClosePrinter, GetDef aultPrinterW
Strings
List
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/windows/JclWin32.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclFileUtils.pas $
@$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclIniFiles.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/windows/Snmp.pas $ http://www.photoonweb.com/sequenceur_app.php?mod=manage_album&login=_&passw=_
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/windows/JclSecurity.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/windows/JclShell.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/windows/JclRegistry.pas $ http://www.photoonweb.com/en/software/getRootHtaccess.php
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/Jcl8087.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclMath.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclCharsets.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/windows/JclConsole.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclSimpleXml.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclRTTI.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclBase.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclLogic.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclSynch.pas $ Ghttp://www.vso-software.fr/products/perfectlyclear/athentech-plugin.php
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclSysUtils.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclAnsiStrings.pas $ zip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclSysInfo.pas $ 5http://download.obviousidea.com/mk/be-spotted-pow.txt
@$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclWideStrings.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclUnicode.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclStrings.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclResources.pas $
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclMime.pas $ 7http://www.photoonweb.com/lostpassword.php?from=pow_app
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclDateTime.pas $ http://ns.adobe.com/tiff/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
3http://www.photoonweb.com/register.php?from=pow_app
g$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclStreams.pas $
&http://download.obviousidea.com/update http://download.obviousidea.com/update http://ns.adobe.com/exif/1.0/
http://www.photoonweb.com/register.php?from=pow_app
t$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclUnitVersioning.pas $ http://www.photoonweb.com/register.php
$URL: https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/JclStringConversions.pas $ http://www.photoonweb.com/lostpassword.php?from=pow_app
http://www.photoonweb.com/en/software/getFtpServer.php
Try to replaced the Memory Manager used with the last FastMM4 Memory Manager (http://fastmm.sourceforge.net) .
http://www.photoonweb.com ftp.photoonweb.com
http://forums.vso-software.fr/vso-blu-ray-ripper-ultimate-available-now-0-0-1-8-t12998.html
http://www.vso-software.fr/products/bluray-converter/bluray-to-smartphone.php?autoDetectLang=1 http://www.vso-software.fr/products/Blindwrite/blindwrite.php?autoDetectLang=1
http://www.vso-software.fr/products/avchd-editor/avchd-editor.php?autoDetectLang=1 http://www.vso-software.fr/products/bluray-converter/bluray-to-apple.php?autoDetectLang=1 http://www.vso-software.fr/products/bluray-converter/bluray-to-xbox.php?autoDetectLang=1 http://www.vso-software.fr/products/bluray-converter/bluray-to-avi.php?autoDetectLang=1 http://www.vso-software.fr/products/bluray-converter/blu-ray-to-dvd.php?autoDetectLang=1 http://www.vso-software.fr/products/bluray-converter/bluray-to-ps3.php?autoDetectLang=1 http://www.vso-software.fr/products/copytodvd/copytodvd.php?autoDetectLang=1
http://www.photoonweb.com/en/software/updatemod.php?login=
http://www.vso-software.fr/products/photodvd/photodvd.php?autoDetectLang=1 http://www.photoonweb.com/sequenceur_app.php?mod=manage_album&login=
7http://www.photoonweb.com/how_it_works.php?from=pow_app
http://www.photoonweb.com/sequenceur_app.php?mod=manage_album http://www.photoonweb.com/sequenceur_app.php?mod=manage_album 4http://www.photoonweb.com/templates.php?from=pow_app
http://ns.microsoft.com/photo/1.0 http://ns.microsoft.com/photo/1.0
http://www.photoonweb.com/templates.php?from=pow_app http://www.photoonweb.com/templates.php?from=pow_app http://www.photoonweb.com/templates.php?from=pow_app http://www.photoonweb.com/templates.php?from=pow_app http://www.photoonweb.com/templates.php?from=pow_app http://www.photoonweb.com/how_it_works.php?from=pow_app http://www.photoonweb.com/buy.php?from=pow_app
http://www.photoonweb.com/buy.php?from=pow_app http://www.photoonweb.com/buy.php?from=pow_app .http://www.photoonweb.com/buy.php?from=pow_app http://www.photoonweb.com/?from=pow_app
'http://www.photoonweb.com/?from=pow_app
http://www.vso-software.fr/products/image_resizer/?autoDetectLang=1 http://aws.be-spotted.com/img/
http://albums.photoonweb.com/
http://albums.photoonweb.com/
http://albums.photoonweb.com/
http://albums.photoonweb.com/
http://search.yahoo.com/mrss http://search.yahoo.com/mrss
http://www.vso-software.fr/products/convert_x_to_dvd/?autoDetectLang=1 (http://www.vso-software.fr/?from=pow_app
http://www.obviousidea.com/?from=pow_app http://www.obviousidea.com/?from=pow_app
http://www.photoonweb.com/i/photoonweb_cooliris.png BugReport.zip
http://www.indyproject.org/
http://albums.vso-webalbum.com/
http://albums.vso-webalbum.com/
http://www.photoonweb.com/en/pubnotice.php?user=
Foremost
Matches 14917.gif, 73 KB, 19495.bmp, 1 KB, 19498.bmp, 1 KB, 19501.bmp, 1 KB, 1 9504.bmp, 1 KB, 19508.bmp, 1 KB, 19511.bmp, 1 KB, 19514.bmp, 1 KB, 19 517.bmp, 1 KB, 19520.bmp, 1 KB, 19523.bmp, 1 KB, 19525.bmp, 1 KB, 195 37.bmp, 1 KB, 19540.bmp, 1 KB, 19542.bmp, 1 KB, 19545.bmp, 1 KB, 1954 8.bmp, 1 KB, 19551.bmp, 1 KB, 19554.bmp, 1 KB, 19557.bmp, 1 KB, 19559 .bmp, 1 KB, 19569.bmp, 1 KB, 19573.bmp, 1 KB, 19576.bmp, 1 KB, 19579.
bmp, 1 KB, 19582.bmp, 1 KB, 19585.bmp, 1 KB, 19588.bmp, 1 KB, 19591.b mp, 1 KB, 19595.bmp, 1 KB, 19598.bmp, 1 KB, 19600.bmp, 1 KB, 19749.b mp, 42 KB, 9410.htm, 156 B, 16682.png, 9 KB, 16701.png, 1 KB, 16703.pn g, 1 KB, 16705.png, 3 KB, 17060.png, 57 KB, 17175.png, 58 KB, 19221.png, 911 B, 19223.png, 849 B, 19348.png, 766 B, 19350.png, 915 B, 19352.png, 1 KB, 19354.png, 859 B, 19368.png, 766 B, 19369.png, 915 B, 19371.png, 1 KB, 19374.png, 859 B, 19386.png, 766 B, 19387.png, 915 B, 19389.png, 1 KB, 19391.png, 859 B, 19413.png, 766 B, 19415.png, 915 B, 19417.png, 1 KB, 19419.png, 859 B, 19432.png, 888 B, 19444.png, 766 B, 19446.png, 915 B, 19448.png, 1 KB, 19450.png, 859 B, 19476.png, 766 B, 19477.png, 915 B, 19479.png, 1 KB, 19481.png, 859 B, 19848.png, 4 KB, 22538.png, 2 KB, 22543.png, 1 KB, 22546.png, 2 KB, 22551.png, 1 KB, 22554.png, 4 KB, 22562.png, 3 KB, 22570.png, 5 KB, 22582.png, 2 KB, 22588.png, 1 KB, 225
91.png, 2 KB, 22596.png, 2 KB, 22601.png, 1 KB, 22605.png, 2 KB, 22610.p ng, 2 KB, 22615.png, 1 KB, 22619.png, 2 KB, 22623.png, 1 KB, 22627.png, 2 KB, 22632.png, 2 KB, 22638.png, 2 KB, 22643.png, 2 KB, 22647.png, 1 K B, 22651.png, 3 KB, 22657.png, 4 KB, 22666.png, 4 KB, 22676.png, 5 KB, 2 2686.png, 4 KB, 22696.png, 3 KB, 22703.png, 5 KB, 22714.png, 2 KB, 2272 0.png, 863 B, 22722.png, 881 B, 22723.png, 925 B, 22725.png, 992 B, 227 27.png, 911 B, 22729.png, 999 B, 22731.png, 941 B, 22733.png, 848 B, 22 735.png, 850 B, 22737.png, 796 B, 22739.png, 914 B, 22740.png, 1006 B, 22743.png, 1 KB, 22745.png, 882 B, 22746.png, 863 B, 22748.png, 924 B, 22750.png, 963 B, 22752.png, 966 B, 22754.png, 924 B, 22756.png, 888 B, 22758.png, 994 B, 22760.png, 849 B, 22762.png, 824 B, 22764.png, 939 B, 22765.png, 1022 B, 22768.png, 3 KB, 22774.png, 3 KB, 22781.png, 3 KB, 2 2788.png, 3 KB, 22795.png, 3 KB, 22802.png, 881 B, 22804.png, 925 B, 22 806.png, 992 B, 22808.png, 911 B, 22810.png, 999 B, 22812.png, 941 B, 2 2814.png, 1016 B, 22816.png, 850 B, 22818.png, 796 B, 22819.png, 1006 B, 22821.png, 1 KB, 22824.png, 882 B, 22825.png, 863 B, 22827.png, 924 B, 22829.png, 963 B, 22831.png, 966 B, 22833.png, 924 B, 22835.png, 888 B, 22837.png, 994 B, 22839.png, 849 B, 22841.png, 824 B, 22842.png, 939 B, 22844.png, 1022 B, 22846.png, 3 KB, 22853.png, 3 KB, 22860.png, 3 KB, 22867.png, 3 KB, 22874.png, 848 B, 22876.png, 3 KB, 22882.png, 919 B, 2 2886.png, 1 KB, 22889.png, 1 KB, 22891.png, 1 KB, 22894.png, 1 KB, 2289 7.png, 1 KB, 22901.png, 1 KB, 22904.png, 1 KB, 22908.png, 1 KB, 22911.pn g, 1 KB, 22913.png, 1 KB, 22916.png, 1 KB, 22919.png, 1 KB, 22922.png, 1 KB, 22925.png, 1 KB, 22927.png, 1 KB, 22930.png, 1 KB, 22933.png, 1 KB, 22936.png, 1 KB, 22939.png, 1 KB, 22942.png, 1 KB, 22945.png, 1 KB, 229 48.png, 1 KB, 22951.png, 1 KB, 22953.png, 1 KB, 22956.png, 1 KB, 22959.p ng, 3 KB, 22967.png, 4 KB, 22975.png, 1 KB, 22978.png, 3 KB, 22986.png, 1 KB, 22989.png, 850 B, 22991.png, 881 B, 22993.png, 3 KB, 23000.png, 3 KB, 23007.png, 3 KB, 23014.png, 3 KB, 23020.png, 3 KB, 23027.png, 3 KB, 23034.png, 1 KB, 23037.png, 1 KB, 23040.png, 3 KB, 23048.png, 4 KB, 230 56.png, 3 KB, 23063.png, 3 KB, 23071.png, 3 KB, 23078.png, 3 KB, 23086.p ng, 2 KB, 23092.png, 2 KB, 23097.png, 5 KB, 23108.png, 4 KB, 23118.png, 4 KB, 23127.png, 4 KB, 23136.png, 4 KB, 23145.png, 4 KB, 23260.png, 2 K B, 23265.png, 5 KB, 23276.png, 4 KB, 23286.png, 4 KB, 23295.png, 4 KB, 2 3305.png, 5 KB, 23331.png, 8 KB, 23347.png, 8 KB, 23364.png, 8 KB, 2338 2.png, 9 KB, 23402.png, 10 KB, 23422.png, 10 KB, 23444.png, 10 KB, 2346 5.png, 10 KB, 23487.png, 10 KB, 23509.png, 10 KB, 23530.png, 10 KB, 235 52.png, 10 KB, 23573.png, 10 KB, 23595.png, 10 KB, 23615.png, 9 KB, 236 35.png, 9 KB, 23653.png, 8 KB, 23671.png, 7 KB
Suspicious True
Heuristics
IPs hasIPs: True
Allowed: 193.121.171.135, 1, dnse.scarlet.be., 255.255.255.255, 1, record , 127.0.0.1, 1, localhost.
Suspicious: 1.2.4.57, 0, Unknown, 1.2.4.50, 0, Unknown, 1.2.4.91, 0, Unkn own, 0.9.6.1, 0, Unknown, 1.2.4.100, 0, Unknown, 1.2.4.70, 0, Unknown, 0.
0.0.1, 0, Unknown hasAllowed: True hasSuspicious: True
URLs Allowed: http://www.w3.org/1999/02/22-rdf-syntax-ns#, http://ns.microsoft .com/photo/1.0, http://www.w3.org/2005/atom
hasURLs: True
Suspicious: http://www.vso-software.fr/products/bluray-converter/bluray-to -apple.php?autodetectlang=1, http://www.vso-software.fr/products/image_r esizer/?autodetectlang=1, https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/j cl/source/common/jclstrings.pas, http://forums.vso-software.fr/vso-blu-ray-ri pper-ultimate-available-now-0-0-1-8-t12998.html, https://jcl.svn.sourceforg e.net/svnroot/jcl/trunk/jcl/source/common/jclwidestrings.pas, http://www.vs o-software.fr/products/blindwrite/blindwrite.php?autodetectlang=1, https://j cl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/jclmath.pas, htt ps://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/jclbase.pas, https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/jclunitve rsioning.pas, http://www.vso-software.fr/products/convert_x_to_dvd/?autode tectlang=1, https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/com mon/jclsynch.pas, http://fastmm.sourceforge.net)., http://www.photoonweb.
com/sequenceur_app.php?mod=manage_album&login=, http://www.photo onweb.com, http://www.vso-software.fr/?from=pow_app, http://www.photoo nweb.com/en/software/getroothtaccess.php, http://download.obviousidea.c om/mk/be-spotted-pow.txt, http://www.photoonweb.com/en/software/getftp server.php, http://www.indyproject.org/, http://crl.verisign.com/tss-ca.crl0, h ttp://albums.vso-webalbum.com/, http://www.vso-software.fr/products/blura y-converter/bluray-to-xbox.php?autodetectlang=1, http://www.photoonweb.
com/templates.php?from=pow_app, https://jcl.svn.sourceforge.net/svnroot/
jcl/trunk/jcl/source/common/jclcharsets.pas, https://jcl.svn.sourceforge.net/s vnroot/jcl/trunk/jcl/source/common/jclsimplexml.pas, http://www.photoonwe b.com/sequenceur_app.php?mod=manage_album, http://www.photoonweb.
com/sequenceur_app.php?mod=manage_album&login=_&passw=_, http://
www.vso-software.fr/products/bluray-converter/blu-ray-to-dvd.php?autodet ectlang=1, http://www.photoonweb.com/en/software/updatemod.php?login
=, https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/windows/jclsec urity.pas, http://www.vso-software.fr/products/avchd-editor/avchd-editor.ph p?autodetectlang=1, http://, http://www.photoonweb.com/lostpassword.php
?from=pow_app, https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/
windows/snmp.pas, https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/sourc e/common/jclansistrings.pas, file://, https://jcl.svn.sourceforge.net/svnroot/j cl/trunk/jcl/source/common/jclstringconversions.pas, http://www.winimage.c om/zlibdll, https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/commo n/jclsysinfo.pas, http://www.obviousidea.com/?from=pow_app, http://www.p hotoonweb.com/i/photoonweb_cooliris.png, http://albums.photoonweb.com/
, http://www.vso-software.fr/products/photodvd/photodvd.php?autodetectla ng=1, http://www.vso-software.fr, https://, http://www.vso-software.fr/produ cts/copytodvd/copytodvd.php?autodetectlang=1, https://jcl.svn.sourceforge .net/svnroot/jcl/trunk/jcl/source/windows/jclwin32.pas, https://jcl.svn.sourcef orge.net/svnroot/jcl/trunk/jcl/source/common/jclunicode.pas, https://jcl.svn.
sourceforge.net/svnroot/jcl/trunk/jcl/source/common/jclstreams.pas, https://
jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/windows/jclregistry.pas, h ttp://crl.thawte.com/thawtepca.crl0, https://jcl.svn.sourceforge.net/svnroot/j cl/trunk/jcl/source/common/jcldatetime.pas, http://crl.verisign.com/thawteti mestampingca.crl0, http://cs-g2-crl.thawte.com/thawtecsg2.crl0, http://ww w.photoonweb.com/how_it_works.php?from=pow_app, https://jcl.svn.source forge.net/svnroot/jcl/trunk/jcl/source/windows/jclconsole.pas, http://www.ob viousidea.com, http://www.photoonweb.com/en/pubnotice.php?user=, http:
//www.vso-software.fr/products/bluray-converter/bluray-to-smartphone.php
?autodetectlang=1, http://ocsp.thawte.com0, https://jcl.svn.sourceforge.net /svnroot/jcl/trunk/jcl/source/common/jclresources.pas, https://jcl.svn.sourcef orge.net/svnroot/jcl/trunk/jcl/source/common/jcl8087.pas, ftp://, https://jcl.s vn.sourceforge.net/svnroot/jcl/trunk/jcl/source/common/jclinifiles.pas, http:/
/ns.adobe.com/exif/1.0/, http://www.photoonweb.com/register.php?from=po w_app, http://www.photoonweb.com/buy.php?from=pow_app, https://jcl.svn .sourceforge.net/svnroot/jcl/trunk/jcl/source/common/jcllogic.pas, http://ww w.vso-software.fr/products/bluray-converter/bluray-to-ps3.php?autodetectla
ng=1, https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/source/windows/jcl shell.pas, http://www.vso-software.fr/products/bluray-converter/bluray-to-av i.php?autodetectlang=1, http://ocsp.verisign.com0, https://jcl.svn.sourcefor ge.net/svnroot/jcl/trunk/jcl/source/common/jclrtti.pas, https://jcl.svn.sourcef orge.net/svnroot/jcl/trunk/jcl/source/common/jclfileutils.pas, https://jcl.svn.s ourceforge.net/svnroot/jcl/trunk/jcl/source/common/jclmime.pas, http://ns.a dobe.com/tiff/1.0/, http://search.yahoo.com/mrss, http://www.photoonweb.c om/?from=pow_app, http://www.photoonweb.com/register.php, http://www.
vso-software.fr/products/perfectlyclear/athentech-plugin.php, file:///, http://
ns.adobe.com/xap/1.0/, http://aws.be-spotted.com/img/, http://download.ob viousidea.com/update, https://jcl.svn.sourceforge.net/svnroot/jcl/trunk/jcl/so urce/common/jclsysutils.pas
hasAllowed: True hasSuspicious: True
Files Allowed: IJL20.DLL, secur32.dll, ssleay32.dll, oleacc.dll, security.dll, MSWS OCK.DLL, shfolder.dll, PSAPI.DLL, GDIPlus.dll, Fwpuclnt.dll, wininet.dll, imag emagick.dll, WS2_32.DLL, vsoscaler.dll, user32.dll, uxtheme.dll, jbiglib.dll, R edEye.dll, comctl32.dll, ole32.dll, IPHLPAPI.DLL, imm32.dll, advapi32.dll, ole pro32.dll, PerfectlyClearComprehensive.dll, MSIMG32.DLL, dcrawlib.dll, sws cale.dll, Wship6.dll, wsock32.dll, oleaut32.dll, mscms.dll, MSVCRT20.DLL, K ernel32.dll, MSVCRT.DLL, NTDLL.DLL, EDSDK.DLL, libeay32.dll, vsorsz.dll, sh ell32.dll, libssl32.dll, avifil32.dll, dsound.dll, mapi32.dll, DWMAPI.DLL, comdl g32.dll, urlmon.dll, version.dll, RICHED20.DLL, MsVfW32.dll, gdi32.dll, wind owscodecs.dll, mpr.dll, d3d9.dll, TWAIN_32.DLL, winmm.dll, 5http://downloa d.obviousidea.com/mk/be-spotted-pow.txt, http://www.photoonweb.com/en/
software/getRootHtaccess.php, http://www.photoonweb.com/en/software/ge tFtpServer.php, http://www.photoonweb.com/register.php, Ghttp://www.vso- software.fr/products/perfectlyclear/athentech-plugin.php
hasFiles: True
Suspicious: template.xml, ObviousIdea\PhotoOnWeb.xml, /data.xml, /men u_entry.xml, /gallery.xml, _crash.log, PhotoOnWeb.log, |DAT (VCD, SVCD) (*.
dat)|*.dat, |TIFF Bitmap (TIF)|*.tif, |Windows Media Video (*.wmv)|*.wmv, ;*.
wmv, |WMV (Windows Media Video) (*.wmv)|*.wmv, BugReport.zip, \*.zip, _i nfo.txt, view.php, login_select_proj_page.php, bug_update.php, bug_report_
advanced_page.php, view_all_bug_page.php, bug_report.php, set_project.p hp, login.php, my_view_page.php, bug_update_page.php, \viewers\photosto ry viewer.swf, |SWF (ShockWave Flash) (*.swf)|*.swf, /viewer.swf, \viewers\i magewall viewer.swf, \viewers\photo viewer.swf, \viewers\video viewer.swf hasAllowed: True
hasSuspicious: True
Binary
Sizes RVA
RVA: 16
Suspicious: False Code
Size: 3851264 Suspicious: False Image
Address: 4194304 Suspicious: False Stack
Stack: 16384 Suspicious: False
Headers Headers: 1024 Suspicious: False Suspicious: False
Symbols Number
Number: 0
Suspicious: True Pointer
Pointer: 0
Suspicious: True Directories Number: 16 Suspicious: False
Checksum Value: 12168622
Suspicous: False
Sections Allowed: .text, .itext, .data, .bss, .idata, .didata, .edata, .tls, .rdata, .reloc, .rsr c
Suspicious
hasAllowed: True hasSections: True hasSuspicious: False
Versions OS
Version: 5
Suspicious: False Image
Version: True Suspicious: 5 Linker
Version: 2.25 Suspicious: False Subsystem
Version: 5.0 Suspicious: False Suspicious: False
EntryPoint Address: 8300192
Suspicious: False
Anomalies Anomalies
hasAnomalies: False
Libraries Allowed: secur32.dll, oleacc.dll, security.dll, mswsock.dll, shfolder.dll, psapi .dll, gdiplus.dll, wininet.dll, ws2_32.dll, user32.dll, uxtheme.dll, comctl32.dll , ole32.dll, imm32.dll, advapi32.dll, olepro32.dll, msimg32.dll, wship6.dll, w sock32.dll, oleaut32.dll, mscms.dll, msvcrt20.dll, kernel32.dll, msvcrt.dll, nt dll.dll, shell32.dll, avifil32.dll, dsound.dll, mapi32.dll, dwmapi.dll, comdlg32.
dll, urlmon.dll, version.dll, riched20.dll, msvfw32.dll, gdi32.dll, windowscod ecs.dll, mpr.dll, d3d9.dll, twain_32.dll, winmm.dll
hasLibs: True
Suspicious: ijl20.dll, ssleay32.dll, fwpuclnt.dll, imagemagick.dll, vsoscaler.
dll, jbiglib.dll, redeye.dll, iphlpapi.dll, perfectlyclearcomprehensive.dll, dcra wlib.dll, swscale.dll, edsdk.dll, libeay32.dll, vsorsz.dll, libssl32.dll
hasAllowed: True hasSuspicious: True
Timestamp Past: False
Valid: True
Value: 2011-09-05 14:36:45 Future: False
Compilation Packed: False
Missing: False Packers
Compiled: True
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v6.
0 - v7.0
Obfuscation XOR: False
Fuzzing: True
PEDetector
Matches None
Suspicious False
Disassembly
hasTricks True
Tricks
pushret .data: 80
.rsrc: 429 .text: 243 .itext: 17 .didata: 3
nopsequence .data: 1
.rsrc: 1
pushpopmath .data: 103
.rsrc: 342 .text: 274
ss register .rsrc: 16
garbagebytes .data: 40
.rsrc: 151 .text: 187 .itext: 17 .didata: 3
hookdetection .data: 1
.rsrc: 7 .text: 10
stealthimport .text: 1
software breakpoint .data: 2 .rsrc: 11 .text: 49
fakeconditionaljumps .data: 1 .rsrc: 14 .text: 6
programcontrolflowchange .data: 39 .rsrc: 138 .text: 181 .itext: 17 .didata: 3
cpuinstructionsresultscomparison .data: 42 .rsrc: 179 .text: 129
AVclass
None 1
VirusTotal
md5 5bf0e67f2a413ef44ff365a9f28ba4ce
sha1 6739fc00b013de378b79ebb759883f96da8c7b91
SCANS (DETECTION RATE = 0.00%)
CMC update: 20211026 version: 2.10.2019.1 detected: False
MAX update: 20220321
version: 2019.9.16.1 detected: False
APEX update: 20220319
version: 6.272 detected: False
Bkav update: 20220319
version: 1.3.0.9899 detected: False
K7GW update: 20220321
version: 11.255.41404 detected: False
ALYac update: 20220321
version: 1.1.3.1 detected: False
Avast update: 20220321
version: 21.1.5827.0 detected: False
Avira update: 20220321
version: 8.3.3.14 detected: False
Baidu update: 20190318
version: 1.0.0.2 detected: False
Cynet update: 20220321
version: 4.0.0.27 detected: False
Cyren update: 20220321
version: 6.5.1.2 detected: False
DrWeb update: 20220321
version: 7.0.52.8270 detected: False
GData update: 20220321
version: A:25.32597B:27.26740 detected: False
Panda update: 20220320
version: 4.6.4.2 detected: False
VBA32 update: 20220321
version: 5.0.0 detected: False
VirIT update: 20220318
version: 9.5.157 detected: False
Zoner update: 20220320
version: 2.2.2.0 detected: False
ClamAV update: 20220321
version: 0.104.2.0 detected: False
Comodo update: 20220321
version: 34457 detected: False
Ikarus update: 20220321
version: 6.0.9.0 detected: False
Lionic update: 20220321
version: 7.5 detected: False
McAfee update: 20220321
version: 6.0.6.653 detected: False
Rising update: 20220321
version: 25.0.0.27
detected: False
Sophos update: 20220321
version: 1.4.1.0 detected: False
Yandex update: 20220321
version: 5.5.2.24 detected: False
Zillya update: 20220320
version: 2.0.0.4593 detected: False
Acronis update: 20210512
version: 1.1.1.82 detected: False
Alibaba update: 20190527
version: 0.3.0.5 detected: False
Arcabit update: 20220321
version: 1.0.0.889 detected: False
Cylance update: 20220321
version: 2.3.1.101 detected: False
Elastic update: 20220302
version: 4.0.35 detected: False
FireEye update: 20220321
version: 32.44.1.0 detected: False
Sangfor update: 20211224
version: 2.9.0.0 detected: False
TACHYON update: 20220321
version: 2022-03-21.02 detected: False
Tencent update: 20220321 version: 1.0.0.1 detected: False
ViRobot update: 20220321
version: 2014.3.20.0 detected: False
Webroot update: 20220321
version: 1.0.0.403 detected: False
tehtris update: 20220321
version: v0.0.7 detected: False
Ad-Aware update: 20220321
version: 3.0.21.193 detected: False
Emsisoft update: 20220321
version: 2021.5.0.7597 detected: False
F-Secure update: 20220321
version: 12.0.86.52 detected: False
Fortinet update: 20220321
version: 6.2.142.0 detected: False
Jiangmin update: 20220320
version: 16.0.100 detected: False
Kingsoft update: 20220321
version: 2017.9.26.565 detected: False
Paloalto update: 20220321
version: 0.9.0.1003 detected: False
Trapmine update: 20220217 version: 3.5.45.75 detected: False
AhnLab-V3 update: 20220321
version: 3.21.3.10230 detected: False
Antiy-AVL update: 20220321
version: 3.0.0.1 detected: False
Kaspersky update: 20220321
version: 21.0.1.45 detected: False
MaxSecure update: 20220321
version: 1.0.0.1 detected: False
Microsoft update: 20220321
version: 1.1.19000.8 detected: False
ZoneAlarm update: 20220321
version: 1.0 detected: False
Cybereason update: 20210330
version: 1.2.449 detected: False
ESET-NOD32 update: 20220321
version: 24974 detected: False
Gridinsoft update: 20220321
version: 1.0.74.174 detected: False
TrendMicro update: 20220321
version: 11.0.0.1006 detected: False
BitDefender update: 20220321
version: 7.2 detected: False
CrowdStrike update: 20210907
version: 1.0 detected: False
K7AntiVirus update: 20220321
version: 11.254.41402 detected: False
SentinelOne update: 20220201
version: 7.2.0.1 detected: False
Malwarebytes update: 20220321
version: 4.2.2.27 detected: False
CAT-QuickHeal update: 20220320
version: 14.00 detected: False
NANO-Antivirus update: 20220321
version: 1.0.146.25563 detected: False
BitDefenderTheta update: 20220318 version: 7.2.37796.0 detected: False
MicroWorld-eScan update: 20220321 version: 14.0.409.0 detected: False
SUPERAntiSpyware update: 20220319 version: 5.6.0.1032 detected: False
McAfee-GW-Edition update: 20220321 version: v2019.1.2+3728 detected: False
TrendMicro-HouseCall update: 20220321 version: 10.0.0.1040
detected: False
total 68
sha256 4ed66ad6e2ca374221ed660177521dc2c4db9492a048c52410931b86a66cc 837
scan_id 4ed66ad6e2ca374221ed660177521dc2c4db9492a048c52410931b86a66cc 837-1647864142
resource 5bf0e67f2a413ef44ff365a9f28ba4ce
permalink https://www.virustotal.com/gui/file/4ed66ad6e2ca374221ed660177521dc2c 4db9492a048c52410931b86a66cc837/detection/f-4ed66ad6e2ca374221ed 660177521dc2c4db9492a048c52410931b86a66cc837-1647864142
positives 0
scan_date 2022-03-21 12:02:22
verbose_msg Scan finished, information embedded
response_code 1
File
Trace
28/3/2022 - 22:45:44 .465
Un kn ow n
4 C:\Users\Behemot\Desktop\desktop.ini
28/3/2022 - 22:45:44 .465
Un kn ow n
4 C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE-
1F3E9D7E.pf
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe
28/3/2022 - 22:45:48 .856
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe
28/3/2022 - 22:45:48 .856
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe
28/3/2022 - 22:45:48 .856
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe
28/3/2022 - 22:45:48 .856
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe
28/3/2022 - 22:45:48 .856
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Windows\Temp\TMP000000A13589B7957053C575
28/3/2022 - 22:45:48 .856
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Windows\Temp\TMP000000A13589B7957053C575
TMP000000A1 3589B7957053 C575
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe
28/3/2022 - 22:45:48 .856
Re ad
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:48 .856
Re ad
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:48 .856
Re ad
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:48 .856
Re ad
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Windows\Temp\TMP000000A2AF46498673C01EB8
28/3/2022 - 22:45:48 .856
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Windows\Temp\TMP000000A2AF46498673C01EB8
TMP000000A2 AF46498673C0 1EB8
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
28/3/2022 - 22:45:48 .856
Re ad
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
28/3/2022 - 22:45:48 .856
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Windows\Temp\TMP000000A2AF46498673C01EB8
TMP000000A2 AF46498673C0 1EB8
28/3/2022 - 22:45:48 .856
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2
28/3/2022 - 22:45:48 .856
Op en
9 2 8
C:\Windows\System32\
svchost.exe
C:\Monitor\WKCD_Load_Use.exe
28/3/2022 - 22:45:48 .856
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe
28/3/2022 - 22:45:48 .856
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:48 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe
28/3/2022 - 22:45:48 .856
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:48 .872
Un kn ow n
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Windows\Temp\TMP000000A13589B7957053C575
TMP000000A1 3589B7957053 C575
28/3/2022 - 22:45:48 .872
Wri te
2 3 3 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
28/3/2022 - 22:45:50 .465
Wri
te 4 C:\Users\Behemot
28/3/2022 - 22:45:50 .465
Un kn ow n
4 C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
28/3/2022 - 22:45:50 .465
Wri
te 4 C:\Monitor\Files\Logs\File.log
28/3/2022 - 22:45:50 .465
Un kn
ow 4 C:\Monitor\Files\Logs\File.log
n
28/3/2022 - 22:45:53 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Windows\System32\conhost.exe
28/3/2022 - 22:45:53 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Windows\System32\conhost.exe
28/3/2022 - 22:45:53 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Windows\System32\conhost.exe
28/3/2022 - 22:45:53 .856
Op en
2 9 2 8
C:\Windows\System32\
svchost.exe C:\Windows\System32\conhost.exe
28/3/2022 - 22:45:53 .872
Op en
7 9 6
C:\Windows\System32\
svchost.exe
C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782 7.pf
28/3/2022 - 22:45:53 .872
Op en
7 9 6
C:\Windows\System32\
svchost.exe
C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782 7.pf
28/3/2022 - 22:45:53 .872
Wri te
7 9 6
C:\Windows\System32\
svchost.exe
C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782 7.pf
WKCD_LOAD_U SE.EXE-695C7 827.pf
28/3/2022 - 22:45:53 .872
Un kn ow n
7 9 6
C:\Windows\System32\
svchost.exe
C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782 7.pf
WKCD_LOAD_U SE.EXE-695C7 827.pf
28/3/2022 - 22:45:53 .872
Op en
7 9 6
C:\Windows\System32\
svchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
28/3/2022 - 22:45:53 .872
Un kn ow n
7 9 6
C:\Windows\System32\
svchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf
28/3/2022 - 22:45:53 .872
Op en
7 9 6
C:\Windows\System32\
svchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
28/3/2022 - 22:45:53 .872
Wri te
7 9 6
C:\Windows\System32\
svchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf
28/3/2022 - 22:45:53 .872
Un kn ow n
7 9 6
C:\Windows\System32\
svchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf
28/3/2022 - 22:45:53 .872
Wri te
2 3 3 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
28/3/2022 - 22:45:53 .872
Wri te
2 3 3 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
28/3/2022 - 22:45:54 .481
Wri
te 4 C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782
7.pf
WKCD_LOAD_U SE.EXE-695C7 827.pf
28/3/2022 - 22:45:54 .481
Wri
te 4 C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE-
1F3E9D7E.pf
28/3/2022 - 22:45:54 .481
Wri
te 4 C:\Monitor\Files\Logs\File.log
28/3/2022 - 22:45:54 .481
Un kn ow n
4 C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782
7.pf
WKCD_LOAD_U SE.EXE-695C7 827.pf
28/3/2022 - 22:45:54 .481
Un kn ow n
4 C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE-
1F3E9D7E.pf
28/3/2022 - 22:45:54 .481
Un kn ow n
4 C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE-
1F3E9D7E.pf
28/3/2022 - 22:45:54 .481
Un kn ow n
4 C:\Monitor\Files\Logs\File.log
28/3/2022 - 22:45:59 .543
Wri te
6 8 4
C:\Windows\System32\
svchost.exe C:\Windows\System32\winevt\Logs\System.evtx
28/3/2022 - 22:45:59 .543
Wri te
6 8 4
C:\Windows\System32\
svchost.exe C:\Windows\System32\winevt\Logs\System.evtx
28/3/2022 - 22:45:59 .543
Wri te
6 8 4
C:\Windows\System32\
svchost.exe
C:\Windows\System32\winevt\Logs\Security.evtx
28/3/2022 - 22:45:59 .543
Wri te
6 8 4
C:\Windows\System32\
svchost.exe C:\Windows\System32\winevt\Logs\Security.evtx
28/3/2022 - 22:46:0.
465
Wri
te 4 C:\Windows\System32\winevt\Logs\System.evtx
28/3/2022 - 22:46:0.
465
Wri
te 4 C:\Windows\System32\winevt\Logs\Security.evtx
28/3/2022 - 22:46:2.
59
Wri
te 4 C:\Monitor
28/3/2022 - 22:46:2.
481
Wri
te 4 C:\Windows\System32\winevt\Logs\System.evtx
28/3/2022 - 22:46:2.
481
Wri
te 4 C:\Windows\System32\winevt\Logs\Security.evtx
28/3/2022 - 22:46:2.
481
Un kn ow n
4 C:\Windows\System32\winevt\Logs\System.evtx
28/3/2022 - 22:46:2.
481
Un kn ow n
4 C:\Windows\System32\winevt\Logs\Security.evtx
28/3/2022 - 22:46:17 .465
Wri te
6 8 4
C:\Windows\System32\
svchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
28/3/2022 - 22:46:20 .465
Wri
te 4 C:\Windows\Temp
28/3/2022 - 22:46:20 .465
Wri
te 4 C:\Windows
28/3/2022 - 22:46:27 .418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
28/3/2022 Wri
- 22:46:27 .418
te 4 C:\System Volume Information\Syscache.hve.LOG1
28/3/2022 - 22:46:27 .418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
28/3/2022 - 22:46:27 .418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
28/3/2022 - 22:46:27 .418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
28/3/2022 - 22:46:27 .418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve
28/3/2022 - 22:46:27 .434
Wri
te 4 C:\System Volume Information\Syscache.hve
28/3/2022 - 22:46:27 .434
Wri te
2 3 3 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
28/3/2022 - 22:46:27 .512
Wri
te 4 C:\System Volume Information\Syscache.hve
28/3/2022 - 22:46:30 .465
Wri
te 4 C:\Monitor\Files\Logs\File.log
28/3/2022 - 22:46:30 .465
Un kn ow n
4 C:\Monitor\Files\Logs\File.log
28/3/2022 - 22:46:37 .512
Wri
te 4 C:\Windows\System32\config\SYSTEM.LOG1
28/3/2022 - 22:46:37 .512
Wri
te 4 C:\Windows\System32\config\SYSTEM.LOG1
28/3/2022 - 22:46:37 .512
Wri
te 4 C:\Windows\System32\config\SYSTEM.LOG1
28/3/2022 - 22:46:37 .512
Wri
te 4 C:\Windows\System32\config\SYSTEM.LOG1
28/3/2022 - 22:46:37 .512
Wri
te 4 C:\Windows\System32\config\SYSTEM
28/3/2022 Wri
