Analysis

Category Package Started Completed Duration Log
FILE exe 2020-10-18 07:30:11 2020-10-18 07:35:15 304 seconds Show Log
2020-05-13 09:11:20,485 [root] INFO: Date set to: 20201018T07:30:10, timeout set to: 200
2020-10-18 07:30:10,046 [root] DEBUG: Starting analyzer from: C:\tmp52sk_on6
2020-10-18 07:30:10,046 [root] DEBUG: Storing results at: C:\Ckmbrw
2020-10-18 07:30:10,062 [root] DEBUG: Pipe server name: \\.\PIPE\oWTGWQ
2020-10-18 07:30:10,062 [root] DEBUG: Python path: C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32
2020-10-18 07:30:10,062 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-10-18 07:30:10,062 [root] INFO: Automatically selected analysis package "exe"
2020-10-18 07:30:10,062 [root] DEBUG: Importing analysis package "exe"...
2020-10-18 07:30:10,093 [root] DEBUG: Initializing analysis package "exe"...
2020-10-18 07:30:10,109 [root] DEBUG: Importing auxiliary module "modules.auxiliary.browser"...
2020-10-18 07:30:10,125 [root] DEBUG: Importing auxiliary module "modules.auxiliary.curtain"...
2020-10-18 07:30:10,156 [root] DEBUG: Importing auxiliary module "modules.auxiliary.digisig"...
2020-10-18 07:30:10,187 [root] DEBUG: Importing auxiliary module "modules.auxiliary.disguise"...
2020-10-18 07:30:10,218 [root] DEBUG: Importing auxiliary module "modules.auxiliary.human"...
2020-10-18 07:30:10,218 [root] DEBUG: Importing auxiliary module "modules.auxiliary.procmon"...
2020-10-18 07:30:10,218 [root] DEBUG: Importing auxiliary module "modules.auxiliary.screenshots"...
2020-10-18 07:30:10,234 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-10-18 07:30:10,234 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-10-18 07:30:10,234 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-10-18 07:30:10,234 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-10-18 07:30:10,234 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-10-18 07:30:10,234 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-10-18 07:30:10,234 [lib.api.screenshot] DEBUG: Importing 'math'
2020-10-18 07:30:10,234 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-10-18 07:30:10,515 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-10-18 07:30:10,515 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-10-18 07:30:10,546 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-10-18 07:30:10,546 [root] DEBUG: Importing auxiliary module "modules.auxiliary.sysmon"...
2020-10-18 07:30:10,546 [root] DEBUG: Importing auxiliary module "modules.auxiliary.usage"...
2020-10-18 07:30:10,546 [root] DEBUG: Initializing auxiliary module "Browser"...
2020-10-18 07:30:10,562 [root] DEBUG: Started auxiliary module Browser
2020-10-18 07:30:10,562 [root] DEBUG: Initializing auxiliary module "Curtain"...
2020-10-18 07:30:10,593 [root] DEBUG: Started auxiliary module Curtain
2020-10-18 07:30:10,593 [root] DEBUG: Initializing auxiliary module "DigiSig"...
2020-10-18 07:30:10,593 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-10-18 07:30:10,953 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-10-18 07:30:10,953 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-10-18 07:30:10,968 [root] DEBUG: Started auxiliary module DigiSig
2020-10-18 07:30:10,968 [root] DEBUG: Initializing auxiliary module "Disguise"...
2020-10-18 07:30:10,984 [modules.auxiliary.disguise] INFO: Disguising GUID to 186951ff-34c4-49e7-9b2e-fec2f2aebe3a
2020-10-18 07:30:10,984 [root] DEBUG: Started auxiliary module Disguise
2020-10-18 07:30:10,984 [root] DEBUG: Initializing auxiliary module "Human"...
2020-10-18 07:30:10,984 [root] DEBUG: Started auxiliary module Human
2020-10-18 07:30:11,000 [root] DEBUG: Initializing auxiliary module "Procmon"...
2020-10-18 07:30:11,000 [root] DEBUG: Started auxiliary module Procmon
2020-10-18 07:30:11,000 [root] DEBUG: Initializing auxiliary module "Screenshots"...
2020-10-18 07:30:11,015 [root] DEBUG: Started auxiliary module Screenshots
2020-10-18 07:30:11,015 [root] DEBUG: Initializing auxiliary module "Sysmon"...
2020-10-18 07:30:11,015 [root] DEBUG: Started auxiliary module Sysmon
2020-10-18 07:30:11,015 [root] DEBUG: Initializing auxiliary module "Usage"...
2020-10-18 07:30:11,031 [root] DEBUG: Started auxiliary module Usage
2020-10-18 07:30:11,031 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-10-18 07:30:11,031 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-10-18 07:30:11,031 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2020-10-18 07:30:11,031 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2020-10-18 07:30:11,093 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Rebecca\AppData\Local\Temp\20844dce50a4b4137c4e.exe" with arguments "" with pid 5652
2020-10-18 07:30:11,093 [lib.api.process] INFO: Monitor config for process 5652: C:\tmp52sk_on6\dll\5652.ini
2020-10-18 07:30:11,109 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp52sk_on6\dll\qkMErEVz.dll, loader C:\tmp52sk_on6\bin\HwHKjDG.exe
2020-10-18 07:30:11,140 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\oWTGWQ.
2020-10-18 07:30:11,140 [root] DEBUG: Loader: Injecting process 5652 (thread 5656) with C:\tmp52sk_on6\dll\qkMErEVz.dll.
2020-10-18 07:30:11,140 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmp52sk_on6\dll\qkMErEVz.dll.
2020-10-18 07:30:11,140 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-10-18 07:30:11,156 [root] DEBUG: Successfully injected DLL C:\tmp52sk_on6\dll\qkMErEVz.dll.
2020-10-18 07:30:13,156 [lib.api.process] INFO: Successfully resumed process with pid 5652
2020-10-18 07:30:13,234 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 07:30:13,234 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 07:30:13,249 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-10-18 07:30:13,249 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 5652 at 0x6ae60000, image base 0x400000, stack from 0x126000-0x130000
2020-10-18 07:30:13,249 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\"C:\Users\Rebecca\AppData\Local\Temp\20844dce50a4b4137c4e.exe"
2020-10-18 07:30:13,265 [root] INFO: Loaded monitor into process with pid 5652
2020-10-18 07:30:13,265 [root] DEBUG: DLL loaded at 0x756F0000: C:\Windows\system32\cryptbase (0xc000 bytes).
2020-10-18 07:30:13,312 [root] DEBUG: api-rate-cap: GetSystemTimeAsFileTime hook disabled.

Machine

Name Label Manager Started On Shutdown On
win7_3 win7_3 KVM 2020-10-18 07:30:11 2020-10-18 07:35:15

File Details

File Name 20844dce50a4b4137c4e.exe
File Size 369664 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
PE timestamp 2020-10-16 20:44:09
MD5 ec27fc5e48db2214864acbc0fac7cb95
SHA1 3b6031e2dfd0a348fc08a8f8c905eda1829f6c5d
SHA256 20844dce50a4b4137c4ed63f833bc84a06bc6a4ab08b9c01bd62c75321ce3a5d
SHA512 01930518874064cff65e7dfe537c26aaf5a2a1ab28e3156c6f4e4850540157cb974d3e8217fcdf4ae5f5f29643b0c6831ba1d7e228c14f417362867a7d1f51ec
CRC32 301B0B28
Ssdeep 6144:NXIwVZttuO5pqIFLmg36H3uIxjmk4E/zgM4e8tyoi8On/0mc2+59NY5Vt/+z1k:VtP5pqIFT36H3uIxjm9E/KtyoipTc2+Y
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
The binary likely contains encrypted or compressed data.
section: name: .rsrc, entropy: 7.58, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00021800, virtual_size: 0x0002170c
Authenticode signature is invalid
authenticode error: No signature found. SignTool Error File not valid C\Users\Rebecca\AppData\Local\Temp\20844dce50a4b4137c4e.exe
File has been identified by 17 Antiviruses on VirusTotal as malicious
Bkav: W32.AIDetectVM.malware1
Cynet: Malicious (score: 85)
Qihoo-360: Win32/Trojan.095
McAfee: GenericRXAA-AA!EC27FC5E48DB
Symantec: ML.Attribute.HighConfidence
APEX: Malicious
Kaspersky: HEUR:Trojan-Banker.Win32.Emotet.gen
F-Secure: Trojan.TR/AD.Emotet.robdo
DrWeb: Trojan.Emotet.1042
McAfee-GW-Edition: BehavesLike.Win32.Trojan.fh
Avira: TR/AD.Emotet.robdo
ZoneAlarm: HEUR:Trojan-Banker.Win32.Emotet.gen
Microsoft: Trojan:Win32/Emotet!ibt
ESET-NOD32: Win32/Emotet.CI
SentinelOne: DFI - Suspicious PE
Fortinet: W32/BankerX.5CC7!tr
CrowdStrike: win/malicious_confidence_60% (W)
Anomalous binary characteristics
anomaly: Actual checksum does not match that reported in PE header

Screenshots


Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

C:\Users\Rebecca\AppData\Local\Temp\20844dce50a4b4137c4e.exe.2.Manifest
C:\Users\Rebecca\AppData\Local\Temp\20844dce50a4b4137c4e.exe.3.Manifest
C:\Users\Rebecca\AppData\Local\Temp\20844dce50a4b4137c4e.exe.Config
C:\Users\Rebecca\AppData\Local\Temp\20844dce50a4b4137c4e.exe
C:\Users\Rebecca\AppData\Local\Temp\20844dce50a4b4137c4e.exe.2.Manifest
C:\Users\Rebecca\AppData\Local\Temp\20844dce50a4b4137c4e.exe.3.Manifest
C:\Users\Rebecca\AppData\Local\Temp\20844dce50a4b4137c4e.exe.Config
C:\Users\Rebecca\AppData\Local\Temp\20844dce50a4b4137c4e.exe
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
winspool.drv.#218
winspool.drv.#217
winspool.drv.SetDefaultPrinterW
winspool.drv.GetDefaultPrinterW
winspool.drv.GetPrinterDriverPackagePathW
winspool.drv.CorePrinterDriverInstalledW
winspool.drv.GetCorePrinterDriversW
winspool.drv.UploadPrinterDriverPackageW
winspool.drv.InstallPrinterDriverFromPackageW
winspool.drv.#251
winspool.drv.AddPrinterConnection2W
winspool.drv.OpenPrinter2W
winspool.drv.DeletePrinterKeyW
winspool.drv.DeletePrinterDataExW
winspool.drv.EnumPrinterKeyW
winspool.drv.EnumPrinterDataExW
winspool.drv.GetPrinterDataExW
winspool.drv.SetPrinterDataExW
winspool.drv.DeletePrinterDataW
winspool.drv.EnumPrinterDataW
winspool.drv.SpoolerPrinterEvent
winspool.drv.SetPortW
winspool.drv.DocumentPropertySheets
winspool.drv.DevicePropertySheets
winspool.drv.IsValidDevmodeW
winspool.drv.IsValidDevmodeA
winspool.drv.AddPortExW
winspool.drv.DeletePrintProvidorW
winspool.drv.AddPrintProvidorW
winspool.drv.DeletePrintProcessorW
winspool.drv.DeleteMonitorW
winspool.drv.AddMonitorW
winspool.drv.StartDocDlgW
winspool.drv.AdvancedDocumentPropertiesW
winspool.drv.AdvancedDocumentPropertiesA
winspool.drv.DocumentPropertiesW
winspool.drv.DeviceCapabilitiesW
winspool.drv.DeletePrinterIC
winspool.drv.PlayGdiScriptOnPrinterIC
winspool.drv.CreatePrinterIC
winspool.drv.SetJobW
winspool.drv.GetJobW
winspool.drv.EnumJobsW
winspool.drv.AddPrinterW
winspool.drv.SetPrinterW
winspool.drv.GetPrinterDriverW
winspool.drv.GetPrinterDriverDirectoryW
winspool.drv.EnumPrintersW
winspool.drv.AddPrinterConnectionW
winspool.drv.DeletePrinterConnectionW
winspool.drv.AddPrinterDriverExW
winspool.drv.AddPrinterDriverExA
winspool.drv.EnumPrinterDriversW
winspool.drv.DeletePrinterDriverW
winspool.drv.DeletePrinterDriverExW
winspool.drv.AddPrintProcessorW
winspool.drv.EnumPrintProcessorsW
winspool.drv.GetPrintProcessorDirectoryW
winspool.drv.EnumPrintProcessorDatatypesW
winspool.drv.#207
winspool.drv.#209
winspool.drv.#211
winspool.drv.#212
winspool.drv.SplDriverUnloadComplete
winspool.drv.#213
winspool.drv.#214
winspool.drv.OpenPrinterW
winspool.drv.OpenPrinterA
winspool.drv.ResetPrinterW
winspool.drv.StartDocPrinterW
winspool.drv.FlushPrinter
winspool.drv.GetPrinterDataW
winspool.drv.SetPrinterDataW
winspool.drv.AddJobW
winspool.drv.ScheduleJob
winspool.drv.WaitForPrinterChange
winspool.drv.FindNextPrinterChangeNotification
winspool.drv.PrinterMessageBoxW
winspool.drv.ClosePrinter
winspool.drv.AddFormW
winspool.drv.DeleteFormW
winspool.drv.GetFormW
winspool.drv.SetFormW
winspool.drv.EnumFormsW
winspool.drv.EnumPortsW
winspool.drv.EnumMonitorsW
winspool.drv.AddPortW
winspool.drv.ConfigurePortW
winspool.drv.DeletePortW
winspool.drv.GetPrinterW
winspool.drv.DeletePrinterDriverPackageW
winspool.drv.#234
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.CreateActCtxW
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
user32.dll.NotifyWinEvent

BinGraph Download graph

2020-10-18T07:35:31.090712 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/

PE Information

Image Base Entry Point Reported Checksum Actual Checksum Minimum OS Version Compile Time Import Hash Icon Icon Exact Hash Icon Similarity Hash
0x00400000 0x0040ecf9 0x0005e854 0x0005dc79 5.0 2020-10-16 20:44:09 802db2b693e23b594e5f02f63ef92ced 3a807dc65fb160f5c875569f387561d7 40881eb50f4641dd9e840ec8234dfaa3

Sections

Name RAW Address Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00000400 0x00001000 0x00025227 0x00025400 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.59
.rdata 0x00025800 0x00027000 0x0000930a 0x00009400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.93
.data 0x0002ec00 0x00031000 0x000062d8 0x00002600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.93
.rsrc 0x00031200 0x00038000 0x0002170c 0x00021800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.58
.reloc 0x00052a00 0x0005a000 0x00007976 0x00007a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 2.93

Resources

Name Offset Size Language Sub-language Entropy File type
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_BITMAP 0x0003a198 0x00000144 LANG_GERMAN SUBLANG_GERMAN 2.88 None
RT_BITMAP 0x0003a198 0x00000144 LANG_GERMAN SUBLANG_GERMAN 2.88 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_DIALOG 0x0003e260 0x00000034 LANG_GERMAN SUBLANG_GERMAN 2.42 None
RT_DIALOG 0x0003e260 0x00000034 LANG_GERMAN SUBLANG_GERMAN 2.42 None
RT_DIALOG 0x0003e260 0x00000034 LANG_GERMAN SUBLANG_GERMAN 2.42 None
RT_DIALOG 0x0003e260 0x00000034 LANG_GERMAN SUBLANG_GERMAN 2.42 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_ICON 0x0003fbf0 0x00000022 LANG_GERMAN SUBLANG_GERMAN 2.55 None
RT_GROUP_ICON 0x0003fbf0 0x00000022 LANG_GERMAN SUBLANG_GERMAN 2.55 None
RT_GROUP_ICON 0x0003fbf0 0x00000022 LANG_GERMAN SUBLANG_GERMAN 2.55 None
RT_GROUP_ICON 0x0003fbf0 0x00000022 LANG_GERMAN SUBLANG_GERMAN 2.55 None
RT_GROUP_ICON 0x0003fbf0 0x00000022 LANG_GERMAN SUBLANG_GERMAN 2.55 None
RT_VERSION 0x0003fc14 0x00000354 LANG_GERMAN SUBLANG_GERMAN 3.38 None
RT_MANIFEST 0x0003ff68 0x0000026e LANG_ENGLISH SUBLANG_ENGLISH_US 5.02 None
None 0x000401d8 0x00019533 LANG_GERMAN SUBLANG_GERMAN 7.99 None

Imports

0x427088 GetStartupInfoW
0x42708c HeapAlloc
0x427094 HeapFree
0x427098 RtlUnwind
0x42709c RaiseException
0x4270a0 HeapReAlloc
0x4270a4 Sleep
0x4270a8 ExitProcess
0x4270ac HeapSize
0x4270b4 GetStdHandle
0x4270b8 GetModuleFileNameA
0x4270c4 GetCommandLineW
0x4270c8 SetHandleCount
0x4270cc GetFileType
0x4270d0 GetStartupInfoA
0x4270d4 HeapCreate
0x4270d8 VirtualFree
0x4270e0 GetTickCount
0x4270e4 TerminateProcess
0x4270e8 IsDebuggerPresent
0x4270ec VirtualAlloc
0x4270f4 GetCPInfo
0x4270f8 GetACP
0x4270fc GetOEMCP
0x427100 IsValidCodePage
0x427104 GetConsoleCP
0x427108 GetConsoleMode
0x42710c GetLocaleInfoA
0x427110 GetUserDefaultLCID
0x427114 EnumSystemLocalesA
0x427118 IsValidLocale
0x42711c GetStringTypeA
0x427120 GetStringTypeW
0x427124 LCMapStringA
0x427128 LCMapStringW
0x42712c SetStdHandle
0x427130 WriteConsoleA
0x427134 GetConsoleOutputCP
0x427138 WriteConsoleW
0x42713c CreateFileA
0x427140 SetErrorMode
0x427144 FlushFileBuffers
0x427148 SetFilePointer
0x42714c WriteFile
0x427150 ReadFile
0x427158 GlobalFlags
0x42715c TlsFree
0x427164 LocalReAlloc
0x427168 TlsSetValue
0x42716c TlsAlloc
0x427174 GlobalHandle
0x427178 GlobalReAlloc
0x427180 TlsGetValue
0x427188 LocalAlloc
0x427190 CloseHandle
0x427198 GetCurrentThread
0x4271a4 GetLocaleInfoW
0x4271a8 InterlockedExchange
0x4271ac lstrlenA
0x4271b0 lstrcmpA
0x4271b4 GetCurrentProcessId
0x4271b8 GetModuleFileNameW
0x4271bc GetModuleHandleA
0x4271c0 GlobalFree
0x4271c4 GlobalAlloc
0x4271c8 GlobalLock
0x4271cc GlobalUnlock
0x4271d0 WideCharToMultiByte
0x4271d4 lstrlenW
0x4271d8 GetCurrentThreadId
0x4271dc GlobalAddAtomW
0x4271e0 GlobalFindAtomW
0x4271e4 GlobalDeleteAtom
0x4271e8 LoadLibraryA
0x4271ec GetLastError
0x4271f0 SetLastError
0x4271f4 lstrcmpW
0x4271f8 MultiByteToWideChar
0x4271fc GetModuleHandleW
0x427200 GetVersionExA
0x427204 FindResourceW
0x427208 LoadResource
0x42720c LockResource
0x427210 SizeofResource
0x427214 GetCurrentProcess
0x427218 GetProcAddress
0x42721c GetModuleHandleExA
0x427220 LocalFree
0x427224 FormatMessageW
0x427228 FreeLibrary
0x42722c LoadLibraryW
0x427254 IsWindowEnabled
0x427258 ShowWindow
0x42725c SetWindowTextW
0x427264 WinHelpW
0x427268 GetCapture
0x42726c SetWindowsHookExW
0x427270 CallNextHookEx
0x427274 GetClassLongW
0x427278 GetClassNameW
0x42727c SetPropW
0x427280 GetPropW
0x427284 RemovePropW
0x427288 GetFocus
0x42728c GetWindowTextW
0x427290 GetForegroundWindow
0x427294 GetLastActivePopup
0x427298 DispatchMessageW
0x42729c GetDlgItem
0x4272a0 GetTopWindow
0x4272a4 DestroyWindow
0x4272a8 UnhookWindowsHookEx
0x4272ac GetMessageTime
0x4272b0 GetMessagePos
0x4272b4 PeekMessageW
0x4272b8 MapWindowPoints
0x4272bc GetKeyState
0x4272c0 SetMenu
0x4272c4 SetForegroundWindow
0x4272c8 IsWindowVisible
0x4272cc PostMessageW
0x4272d0 GetSubMenu
0x4272d4 GetMenuItemID
0x4272d8 GetMenuItemCount
0x4272dc MessageBoxW
0x4272e0 CreateWindowExW
0x4272e4 GetClassInfoExW
0x4272e8 GetClassInfoW
0x4272ec RegisterClassW
0x4272f0 AdjustWindowRectEx
0x4272f4 CopyRect
0x4272f8 GetDlgCtrlID
0x4272fc DefWindowProcW
0x427300 CallWindowProcW
0x427304 GetMenu
0x427308 GetWindowLongW
0x42730c SetWindowPos
0x427314 GetWindowPlacement
0x427318 GetWindow
0x42731c GetSystemMetrics
0x427320 IsIconic
0x427324 LoadIconW
0x427328 EnableWindow
0x42732c SendMessageW
0x427330 SetCursor
0x427334 PtInRect
0x427338 GetCursorPos
0x42733c LoadCursorW
0x427340 ReleaseDC
0x427344 GetDC
0x427348 GetParent
0x42734c GetWindowRect
0x427350 GetSysColor
0x427354 IsWindow
0x427358 UnregisterClassW
0x42735c SetWindowLongW
0x427360 GetClientRect
0x427364 GetSysColorBrush
0x427368 DestroyMenu
0x42736c GetMessageW
0x427370 TranslateMessage
0x427374 ValidateRect
0x427378 GetActiveWindow
0x42737c PostQuitMessage
0x427384 ClientToScreen
0x427388 GrayStringW
0x42738c DrawTextExW
0x427390 DrawTextW
0x427394 TabbedTextOutW
0x427398 SetMenuItemBitmaps
0x4273a0 LoadBitmapW
0x4273a4 ModifyMenuW
0x4273a8 GetMenuState
0x4273ac EnableMenuItem
0x4273b0 CheckMenuItem
0x427028 DeleteObject
0x42702c PtVisible
0x427030 RectVisible
0x427034 TextOutW
0x427038 ExtTextOutW
0x42703c Escape
0x427040 SelectObject
0x427044 SetViewportOrgEx
0x427048 OffsetViewportOrgEx
0x42704c SetViewportExtEx
0x427050 ScaleViewportExtEx
0x427054 SetWindowExtEx
0x427058 DeleteDC
0x42705c SetMapMode
0x427060 RestoreDC
0x427064 SaveDC
0x427068 SetBkColor
0x42706c GetDeviceCaps
0x427070 ScaleWindowExtEx
0x427074 GetStockObject
0x427078 SetTextColor
0x42707c GetClipBox
0x427080 CreateBitmap
0x4273b8 DocumentPropertiesW
0x4273bc OpenPrinterW
0x4273c0 ClosePrinter
0x427000 RegSetValueExW
0x427004 RegOpenKeyW
0x427008 RegEnumKeyW
0x42700c RegDeleteKeyW
0x427010 RegOpenKeyExW
0x427014 RegCreateKeyExW
0x427018 RegQueryValueExW
0x42701c RegCloseKey
0x427020 RegQueryValueW
0x427248 PathFindFileNameW
0x42724c PathFindExtensionW
0x427238 VariantInit
0x42723c VariantChangeType
0x427240 VariantClear

!This program cannot be run in DOS mode.
.text
`.rdata
@.data
.rsrc
@.reloc
@t'9u
;(r[V
F0$xB
Q$_^]
Q(_^]
Q,_^]
Q0_^]
Q4_^]
Q8_^]
Q<_^]
QD_^]
QP_^]
QT_^]
QX_^]
Q\_^]
Qd_^]
Qh_^]
F0$xB
S\_^[]
S\_^[]
@[_^]
t39w u&
_ 9w$u
Ht;O u
Q$_^]
Q(_^]
Q,_^]
Q0_^]
Q4_^]
Q8_^]
Q<_^]
QD_^]
QP_^]
QT_^]
QX_^]
Q\_^]
Qd_^]
u8hdzB
8hXzB
u=j0^VP
SVWj(3
+F(_^[;E
F(@@;F,v
F(;^ r
F(;F0u
^(_^[]
v|ht`C
P|_^]
j _W3
PWVWWW
WVWWW
0WWWWS
WWWWS
Ph_^[
@_[^]
WtrHHt
tA9wht<
9p t-S
9p$ty
u*h(RC
Pj8hh
j8hh
QQSVW
^(_^[
9~8ucj
F4_^[]
YQPVh
SSSSS
SSSSS
HH_^[
VVVVV
VVVVV
SSSSS
SSSSS
0WWWWW
VVVVV
0WWWWW
@AA;E
0WWWWW
AAFFf;
QQSVWd
Y__^[
Y__^[
0WWWWW
@@BBf;
@@BBf;
0;1t|
wIVSP
uBhm0A
YhptB
0WWWWW
AAFFf;
SSSSS
WWWWW
WWWWW
SVWt*
VVVVV
PPPPP
VVVVV
VVVVV
VVVVV
>=Yt1j
tPVWP
PPPPP
QQSVWh
teht3A
PPPPP
PPPPP
PPPPP
0SSSSS
s[S;7|G;w
tR99u2
@_^[]
URPQQhLwA
SSSSS
PPPPP
_VVVVV
SSSSS
SSSSS
^WWWWW
PPPPP
SSSSS
SSSSS
VVVVV
WWWWW
0SSSSS
0SSSSS
VVVVV
to=H+C
Y_^[]
SSSSS
SSSSS
PPPPP
SSSSS
PPPPP
VVVVV
VVVVV
VVVVV
PPPPP
VVVVV
vSSSh
SSSSS
950^C
WWWWW
WWWWW
VVVVV
VVVVV
WWWWW
VVVVV
VVVVV
SVWUj
;t$,v-
UQPXY]Y[
u,VVWV
t VV9u
^SSSSS
j"^SSSSS
QSWVj
SSSSW
SSSSW
0SSSSS
PPPPP
_VVVVV
Pj1Q3
F Pj*
F$Pj+
F(Pj,
F,Pj-
F0Pj.
F4Pj/
F8PjD
F<PjE
FDPjG
FHPjH
FLPjI
FPPjJ
FTPjK
FXPjL
F\PjM
F`PjN
FdPjO
FhPj8
FlPj9
FpPj:
FtPj;
FxPj<
F|Pj=
;5P+C
v$;5l+C
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
PPPPPPPP
PPPPP
9] SS
PPPPPPPP
u8SS3
9]$SS
t"SS9]
VW|[;
VVVVV
~,WPV
WWWWW
@WuyV
WWWWW
VVVVV
WWWWW
SSSSS
<+t(<-t$:
+t HHt
VVVVV
VVVVV
SSSSS
SSSSS
VVVVV
SSSSS
SSSSS
VVVVV
^SSSSS
^SSSSS
WWWWV
t+WWVPV
WWWWW
WWWWW
SSSSS
SSSSS
SSSSS
VVVVV
WWWWW
FYY;u
FYY;u
HHtt2
t}9>uyj
9^Lth
F 98u
FAPPW
9^Lty
FAPPQ
F09^(u
WWWWW
WWWWW
WWWWW
WWWWW
SSSSS
WWWWW
VVVVV
WWWWW
WWWWW
VVVVV
VVVVV
WWWWW
SSSSS
GetMonitorInfoA
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
DISPLAY
InitCommonControls
InitCommonControlsEx
HtmlHelpW
hhctrl.ocx
CCmdTarget
COleException
CInvalidArgException
CNotSupportedException
CMemoryException
CSimpleException
CException
CGdiObject
CUserException
CResourceException
CArchiveException
CObject
CWinApp
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
CWinThread
CMenu
CMapPtrToPtr
CByteArray
NotifyWinEvent
CObArray
CPtrArray
Unknown exception
CorExitProcess
HeapQueryInformation
runtime error
TLOSS error
SING error
DOMAIN error
R6034
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
R6033
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
R6032
- not enough space for locale information
R6031
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
R6030
- CRT not initialized
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
bad exception
e+000
GAIsProcessorFeaturePresent
KERNEL32
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
(null)
( 8PX
700WP
`h````
xpxxxx
('8PW
700PP
`h`hhh
xppwpp
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
czech
china
britain
america
swiss
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
1#QNAN
1#INF
1#IND
1#SNAN
CONOUT$
bad cast
string too long
invalid string position
=L9o<
OLEACC.dll
bad allocation
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
kernel32.dll
VirtualAllocExNuma
LdrAcces
sResource
indResource_U
ntdll.dll
C:\Users\BEAUREGARD\Videos\PwdChange_src\PwdChange\Release\PwdChange.pdb
CreateStdAccessibleObject
LresultFromObject
LoadLibraryW
FreeLibrary
FormatMessageW
LocalFree
GetModuleHandleExA
GetProcAddress
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceW
GetVersionExA
GetModuleHandleW
MultiByteToWideChar
lstrcmpW
SetLastError
GetLastError
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetModuleHandleA
GetModuleFileNameW
GetCurrentProcessId
lstrcmpA
lstrlenA
InterlockedExchange
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
CloseHandle
InterlockedDecrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
InterlockedIncrement
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetErrorMode
GetStartupInfoW
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
Sleep
ExitProcess
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
KERNEL32.dll
EnableWindow
SendMessageW
SetCursor
SetWindowLongW
GetClientRect
IsWindow
GetSysColor
GetWindowRect
GetParent
GetDC
ReleaseDC
LoadCursorW
GetCursorPos
PtInRect
LoadIconW
IsIconic
GetSystemMetrics
GetWindow
GetWindowPlacement
SystemParametersInfoA
SetWindowPos
GetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
CopyRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
MessageBoxW
GetMenuItemCount
GetMenuItemID
GetSubMenu
PostMessageW
IsWindowVisible
SetForegroundWindow
SetMenu
GetKeyState
MapWindowPoints
PeekMessageW
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
DispatchMessageW
GetLastActivePopup
GetForegroundWindow
GetWindowTextW
GetFocus
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
GetCapture
WinHelpW
RegisterWindowMessageW
SetWindowTextW
ShowWindow
IsWindowEnabled
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetWindowThreadProcessId
PostQuitMessage
GetActiveWindow
ValidateRect
TranslateMessage
GetMessageW
DestroyMenu
GetSysColorBrush
UnregisterClassW
USER32.dll
GetStockObject
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
SaveDC
RestoreDC
SetMapMode
DeleteObject
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GDI32.dll
ClosePrinter
DocumentPropertiesW
OpenPrinterW
WINSPOOL.DRV
RegOpenKeyExW
RegQueryValueW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
ADVAPI32.dll
PathFindExtensionW
PathFindFileNameW
SHLWAPI.dll
OLEAUT32.dll
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
z?aUY
zc%C1
-64OS
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
E0*NkXU(t<4Igm7BmNdk5mISUbOFJImv?swVJc2FZv*[email protected](jd$pIJ6&8oVA
ww187
w7pwp8
87770
77777
77778
788777
ssssw
77777
78777
w777w77
swsss
33330
w77ww70888
ssssssp
78770708888
777p80
770888
wwwwwwp
wwwwww
wwwww
wwwwwp
wwwww
wwwwz
wwwwww
wwwwwp
pnnxp
pnnxp
wwwwz
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj{{{{{jjjjjjjjjjjjjjj}}}}}jjjjj
jjjjjjjjjjjj
+8}jjjjjjjjjj
ssv*w
#jjjjjjjjj
ssv*w
yjjjjjjjjj
0jjjjjjjjjjj
0jjjj
jjjjjj}}}|jjj
jjjjj
nn}}}}
LLN<<
AMQQQRH<
AMQQQRH<
KRSTTSR<
7lmmnb
KRSTTSR<
OUUWWUU<
yyyllllyyy
OUUWWUU<
KWZ[[[X<
jjjjyD
KWZ[[[X<
W[]cc\[<
jjjjyD
W[]cc\[<
Y\deed\<#jjjjyD
Y\ceed\<#j
:a_]<yjjjjj
7:a_]<yjjjjj
/jjjjjj
"jjjjjj
/jjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjj
/////+8}jjjjjjjjjjjjjjjjjjjjj
#jjjjjjjjjjjjjjjjjjjjj
yjjjjjjjjjjjjjjjjjjjjjj
+jjjjjjjjjjjjjjjjjjjjjjjj
|jjjjjjjjjjjjjjjjjjjjjj
AMQQQRH<
jjjjjjjjjjjjjjjjjjjjjj
KRSTTSR<
jjjjjjjjjjjjjjjjjjjjjj
OUUWWUU<
jjjjjjjjjjjjjjjjjjjjjj
KWZ[[[X<
jjjjjjjjjjjjjjjjjjjjj
W[]cc\[<
jjjjjjjjjjjjjjjjjjjjj
Y\deed\<#jjjjjjjjjjjjjjjjjjjjj
7:a_]<yjjjjjjjjjjjjjjjjjjjjjjjjj
/jjjjjjjjjjj
""""(
wwwwwww
ssxxx""
x8swxw
3swwxp
wwwww
wwwwwwwwww1"""
fffffffff
l|||||||f
nnnnn
n~~~~~~
s"""7wwwwwwwwwww2""
eSOJ`VH
E==5]]H
]b0..(bV
_X<%!!
]M`usqnh
>+?<#
}sqjXT
}hUGK44To
~aKIWakoS84To
>"1:Whsqnc\
sqncADGGD9J
sqnX;DGGG==
1sqnW/@76CA.
asqn:##$,;9'
(hsqn:
Dpppi_rv
{|oSO
DDDDD
{xcc9/////9jc
J/(,,%<[email protected]==7++# j
9,5DNO6
6OOOKC=;2-*$
!<>HOQV(
3ZYVQOF=;20
5>MOR\P
v8a^\VOH=;0!
X;HOT^fL|
]le^ZOE=09
<OS^gl1
)kle^TO>8u
<O\elp
|1pla\QB
,S^lmlX
?nh^Q&
Ldlsi
pVDCO
Q2EZx
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PA'
36>wB
O{tDRc
q?)=X
`:Nm=
/P9AY
02knuJ)
8L^+ %aD
!Id~U
`ZJu!
QDw~9uP.l
/uttK
\?PH$
*l9C+
@BY#|
-zD#)m#
P4-#h
7%*klb
9R;?$C
#])/wx
kC?K1-8L
9J)67
_AO`cr
1e*`<`
45=u-
ycVu8/n
|%,^3
f::L %
{Hr4`c
;*_rw
-d%KG
];?"@CG
zf$G)
TGUf2
jpb,Ww
>_;I4).
/xMDM
vE^D|6
}f-*~
?kafmb!V
?L7~V
$fa||
=%JH}
zrTws.:$
>~)a+
kwM_l
;#GIuW;
2=!P->SH
IBR*?C
&ILEK
97DqVXky
4Gv G
E)0,h
)hw$!)
=l`K]
9EDVxw<c
^x)&n9
;.6B*
#@1x`z
0=)tJ-
* 9x A
wtc9M
xN%BB
)h<H+wP1
zM2NE
31Y*.z
&'-Cvw
l'6Ci
=DSwR
c"Q*?
WA0"'
p9i7\
zj-:k
C%.KI
gL+ZM
01l 3
W tu[z
=n}GV
w3}DB<P
ne!AC'
)k'Az
O\R$B
yHgat
^rx>T
I6LrYah
;?qnu80
8Agd%5
.Vj:N
y7!=5
!'ph!
aJKNl
R5n*s
]ii34"Sv
J)HZv
y>/8i
~#J+i.Wc
>/ZA_
~ynkZ~
47&0,
Hk?Vmm
,DKGZ
Z&Px6:p
`,6"?
=xBV6
+[E+-z
(5Fc_
h_wE!
uL`M$5
R!S1:
w~VXA
Bv55z
]HBn)
~3FBG#
U(.GN
PW&TO
45%C^
L5ZFL
ujQ1J
7Pn|J
"3\sBZw
e:Pc#
L:}li3
oVu>g
rf)C?
I9Xy6e
_>MxG2
S(PKd
CtL}]
q,"3F
"ENI>
Q!EH<
<.dK470
P4SRyrv
Yqj#eO8
lJHMHN:G3
m-\jL
R1#:)
T{l{3
Z!")x$
wGh!#
uzB*F
}NB7X
R:Vao
k;qcB
lz-5i
miTwq
Pj<?]7
x&=B&aF-
N<D6}wm3
UUn&_
/S#cx
>f},%
C1Zzo
pLXd(q
7/fBz
gTS)m
p*mX&
j2Rs~
G,qv2
`&kX&
Q;),;
M)/9E
j?'~F
)I+%ho
*"O_B1A
;`dzh^8
/nN)G
J\+q,
EV>K4J
^]CB4
D\#P'z
(+ Ie
i'l&6
;R(Qt
tKUl4
Q"30\
+V0K$\
I+%|[
5WzKz g
~V1,+
HdRD
w<!Yi;s
a+(Tt
d Q6&
4yoA_
oZP+Lv
<8^?=
w)O~EU[ig
W|~#[p
T3'KHizl;F}
;u8*'
:EZSi9e
m~mPI
a=9$L6
;&Om7
xjlCw.
f4ZUr
>9ayx
F,X86
jm"DTI
-hF7N
t~4q1_
LDh*%
&Z9CdR
==%KB
pCiQ=x
(g MA
LK8+L_0D-
xUV'f
y<y~G
xKkf8j,
F#sGC
|XR4i
]1xM$
B6.8!A"
%xh`]K$!1
:8QE)
Q:hD9
N:8BK
+\&8r
GN0uw?
>D`mq
z*NLka
d<4{M#E
|9mavCpJq
DNK6S
O&cO|
q?-1C
d+:6C
)(#,55zF!
hk=L7
]J95M
3#>`+
F\>64W
X<!(2
9Mb/E
NqUvBPW
{CFoT
Kro/;m=N
PU8}KQ
+!>NJ&
d=!K+
P!eVT{
//_Xe
<:viB
<ps'|
EBT2t$7
XD%eM
*qkz;z`
DpE5TuU{
tR&V/
+6e::
J9:}+
O(o+'
N5lh\
Iiw0L
0`F(d
UPGkZ
!`ZuI
SPjGy
oG}[Yk,
B&/C!5
]kGwd
4'R9)u
.<7WJ
N1hIl
. o>"
.q610"
::\j
N"W3y
l~mXNd
osorf
o>2~S&
3CH*Km
Y\RA}
zlX<0
.OQvM
ba5$u
W^+'u
MV2W:
PX\?X
R*aZq#
[z1Ph(
YA(fYu
'j'8L
HwLLaR
3N3lg
O%gq2O
4SrML
rB'6FH
AU?.g:l
CYC'p
MPJ+n
3'Q~x
YuXv%
HF~RX
}p/r)O
g~e}E
Tp01cU
B2 WbF
ENTIx
{YB96
4~%$(
4d#hj
E5hM~
1l\UDxTT
L<I;t
;B$b1
uRtQs-
`%U[N
"RDyq
[;v:Ha
yE~>^8
8f^!y
7'N\7
zfO-~
qlkAA
B`UEr
IZ-h2
2X*:"
3gJ$Ww
~w?lF}
7rNMa
{YO6V
O{g3s
Ed9+9J
?=brP
jCU1K[n]
X -B&
kRTiv
EG2 X
&yAQ#s
EguUL
T8~\|
hfJEu
ckX4Y&
7WWTR
<#3d.&}K
#W0mJ%EcV:,
G4Dm$
m\e=sn0
9*rz#
*@fE^l
MN/S#
NoUZSLm
[Iot,'
1tGR*ae
=)5 k
<1NZC
zvbRB
3X\n|
$IV=dv
uPZ2[
LrnRDm[
_a<+{!
U\D$%
NShKZV
K,dp3
).HSk
;GICX
<jSGm
2-TlNX
Sl,v,Ia
|5i]Gp
~)(Z_![
PVW<YOB
W%BRQ
G]7C>
mIf&7
0^_u1
1t}FrUP
N3AOy
%fIGM
9^V^'
O.OeF
cJl(b
vZ|Z7
m>Qdr
EgvZ"[o
;_|dql
{Rvs"
$suHz
[ma,1
HI_d?-
ltiG)
f`@-v
(ovfO
?=q{hp
{y/<c
7-Ye:
ktY7%
qk*cT
WPIpU
U&URC
6#Zb4
Co42w
/oBtP
~03>S
d,U r=
ES3>5H
Z0B2F
DVSVSQ
fPPs>
c:N+k
[vbtL
Sn?[>
.K?$}^W
Ubtq>$
~H <=g
XGNlq
*"&*Nd
nO^}y
=,.dr
S)$RBqV=I
^aF/7
]S|Oql_
n,/Y^
omM[
hce(aB
.nYFg
pl<A8&
5]A5:
I.W9e
ffXX;
u8|4PV2h
h_yd]
Et\G^-
a{9fn
fKSDg
Q7]@wJ
}`mL;:^
/:Z[ZuA
[J=3J:
83Pef
GJrT\OD
`]T28W#
h"ERh?
vEtU}bIn
(G&A!
EcBU1
905=o
86fF|&
n_LC2jzK_>
O"NRn
KFGbj
(M%1o
&(UQC
RBWDA/
aX9[X
7b';$
9l (OO
KLI1e
uB D#MM%
=<7FEI`
&0b;H
9:LD*
6vw[l
3~klY
9i<6v
Fl=W]
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
1W5f5u5
8%8c8
8#9(9;9e9j9u9
92:W:
:&;^;p;y;
<G<o<
=9=H=O=e=w=~=}>
304>4C4U4^4
7N7\7n7
889j9
:!:):3:::A:I:X:d:j:p:v:|:
;#;2;j;x;
=Y>4?Z?
2T2[2b2
2?3o3$4t4~4
5+8F8
9 9^9
9&:@:H:
:8;l;
<I<^<
=f=0>E>x>
94:q:|:
:S;^;
<@=[=
>5>:>?>!?&?O?
1.131y1
22272
2f3y3*4?4y4
6&6.666>6
808]8
0`1n1y1
4!4(4
5H6o6w6~6
7)797>7o7
8A8Q8
919K9P9t9|9
1"1&1*1.12161:1>1B1F1J1N1R1V1Z1^1b1f1j1n1r1v1z1~1
2$3s3
4*4[4c4
6(6C6K6
6O7k7
8$:::
;M;x;
<&>,>2>l>w>
1&232;2P2[253
4K4s4
7I7x7
828Y8
;.;K;p;u;z;
<D<I<N<
=">6>I>g>
0,4\4
646<6
7>7^7
92:8:S:s:
:6;;;
=X=`=
>-?n?
0#0(0A0
2'303
4L4_4
5 5%505a5
6e6l6
8l819~:
;%;,;n;s;
;(<Y<^<
<%=}=+>
1*1E1
4#484O4r4
757:7P7`7
8#8.8A8M8v8
;<;O;_;
?"?7?
2/2M2
4N4[4~4
5E5S5\5c5m5
5%676C6s6
7#717A7S7c7
80878>8D8M8q8x8
>W?g?
0Q1e1
8*8Q8
<4<g<
>$>->4>9>
698v8
8`:k:
;,<6<
2Q3i3
5M5^5
7$7(7,707
8M8T8X8\8`8d8h8l8p8
8 9+9
;$;s;y;
<,?L?
2k2~2
2>3Z3}3
;E;};
;?<E<i<
=8=A=n=
= >(>;>F>K>[>e>l>w>
>4?A?k?p?{?
O0\0w1
1<2e2
3-3e3
4$4(4A4R4n4"7(7F7}7
8"8J8o8
;\;g;q;
>+>1>c>
?4?M?
"0(0K0P0q0v0
1'131H1O1c1j1
2&252<2I2l2
393Q3w3
4V4^4
5(5-52585<5B5G5M5R5a5w5
6G6L6Z6i6
7 7'7.757<7C7J7Q7Y7a7i7u7~7
:e:w:I;S;`;{;
444Z4B6p8t8x8|8
4 4$4(4,4Z4
6!6<6C6H6L6P6q6
:":;:O:U:^:q:
:*;J;X;];
>(>3>9>?>D>M>j>p>{>
?!?'?8?
93E3x3
8%818j8s8
9(9;9
:);5<~<
5#6.6Y6d6
8i9t9
9[:h:}:
<+<M<R<W<\<l<
<:=?=F=K=R=W=
=_>n>w>
:(:/:
<\<b<n<
=,=2=A=G=U=^=m=r=|=
>l?s?y?
1^2u2
3+363
4Q5W5t5y5
:(;h;~;
;A<y<
1/2:2D2]2g2z2
3^4}4
5#5>5F5N5e5~5
6'646~6
>R>q>
?B?q?
677C7
758A8}8
9V;t;
;D<b<t<
1d1u1q2
3 4D4
6^7g7
9;9J9
=1=a=
0N1_1
2J2X2g2u2}2
3&3G3S3z3
6^9e9t:
:P;~<
<f=\>d>
3[4=5
647K7{7
::>>>B>F>J>N>R>V>Z>^>b>f>s>N?f?u?
0%0/:
3L3V3
5V6`6
8'9d9
9g:/<<<J<z<
=U=_=w=
>p?v?|?
4"4(404C4R4\4k4
5D7W7
r1(2y2
4#4k4
6/6^6
717;7X7i7s7
:7:T:
;';0;
;+<R<[<t<
<5=B=L=Q=
=W>r>{>
0,0<0L0\0
1!1>1M1W1d1s1x1
3V3b3j3
8_:6;
?4?h?
3/3b3
4;4V4z4
5/5S5
747O7Y7z7
8'8R8v8
8N9{9
:9:\:
;M;z;
;-<a<|<
>#>(>->2>7><>H>T>Z>^>d>h>n>r>x>
?+?1?5?;???E?I?O?X?]?b?g?l?q?v?{?
0.0:0F0P0\0g0r0|0
161A1G1Q1[1e1o1y1
4 4$4(4,4044484D4H4L4P4T4`4d4x5|5
5 8$8(8,8084888<[email protected]\8`8d8h8l8p8t8x8|8
9 9$9(9,9094989<[email protected]\9`9d9h9l9p9t9x9|9
:$:(:p:t:x:|:
;$;0;<;
<,<D<\<t<
=4=L=d=|=
>$><>T>l>
?D?H?L?|?
0 0$0(0,[email protected]\0`0d0h0l0p0t0
[email protected]\1h1l1p1t1x1|1
2(282D2P2T2`2l2p2|2
3 3$3(3,3034383<[email protected]|3
4`4p4|4
488<[email protected]\8`8d8h8l8p8t8x8|8
: :$:d:h:l:p:t:x:|:
;0;@;L;P;T;X;\;`;
0 0$0(0,0004080<[email protected]\0`0d0h0l0p0t0x0
1 1(1,1014181<[email protected]\1`1d1h1l1p1t1
2 2$2(2,2P2T2X2\2`2x2|2
; ;$;(;,;0;4;
p1t1x1|1
2 2$2(2,2024282<[email protected]\2`2d2h2l2p2t2x2|2
2 2([email protected]`2h2p2x2
3 3([email protected]`3h3p3x3
4 4([email protected]`4h4p4x4
4H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<[email protected]|6
[email protected]\9`9d9h9l9p9t9x9|9
9<:@:
; ;8;H;L;\;`;p;t;x;
<4<D<H<\<`<d<h<l<p<t<|<
>$><>@>X>h>l>p>t>x>|>
?$?<[email protected]?X?h?l?p?x?
0 00040D0H0X0\0`0h0
1 1014181L1P1`1d1h1l1t1
242D2H2X2\2`2d2h2p2
5$54585H5L5P5T5\5t5
7 7$7,7D7T7X7h7l7p7x7
8$8(888<8L8P8T8\8t8
:4:8:P:`:d:l:
;0;4;L;P;h;x;|;
<$<(<8<<<@<H<`<p<t<x<
=4=D=H=X=\=`=d=l=
> >0>4>D>H>L>T>l>p>
?$?(?8?<[email protected]?D?L?d?t?x?
1X2x2
3,383p3
4$4H4T4\4t4
5$5,5D5L5`5x5
6(646<6\6d6p6
7$7(7,70747<7X7|7
:(:H:P:d:l:
;$;,;<;L;T;\;d;p;
<,<4<<<D<L<p<|<
= =(=0=<=\=d=
> >@>H>T>t>|>
101P1X1\1t1x1
303P3p3|3
4(4H4h4t4
5,505P5X5d5
6(646T6\6d6h6p6
7 7,7L7X7x7
80888D8d8p8
909P9p9
:,:4:H:P:d:l:p:t:|:
;$;0;8;P;\;|;
;0<D<P<X<p<|<
=0=<=D=l=t=|=
0X0\0`0d0h0l0p0t0x0|0
1 1D1d1
282p2
484`4
9$9,949<9L9\9d9l9|9
:,:L:h:
<,<0<P<T<
>$>,>4><>D>L>T>\>d>l>t>|>
@0D0t0x0|0
00141
1(282H2X2h2
7\:`:
; ;$;(;,;0;@;H;L;P;T;X;\;`;d;h;l;x;
0,0h0
041T1t1x1
3(3H3L3
jjjjj
AfxWnd90su
AfxControlBar90su
AfxMDIFrame90su
AfxFrameOrView90su
AfxOleControl90su
AfxOldWndProc423
USER32
YaccParent
accChildCount
accChild
accName
accValue
accDescription
accRole
accState
accHelp
accHelpTopic
accKeyboardShortcut
accFocus
accSelection
accDefaultAction
accSelect
accLocation
accNavigate
accHitTest
accDoDefaultAction
#32768
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
commctrl_DragListMsg
tDelete
NoRemove
ForceRemove
pSettings
PreviewPages
KERNEL32
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRun
NoDrives
RestrictRun
NoNetConnectDisconnect
NoRecentDocsHistory
NoClose
Software\Microsoft\Windows\CurrentVersion\Policies\Network
NoEntireNetwork
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
NoPlacesBar
NoBackButton
NoFileMru
ntdll.dll
kernel32.dll
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
software
@Software\Classes\
Software\
@comctl32.dll
@comdlg32.dll
@shell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
%2\CLSID
%2\Insertable
%2\protocol\StdFileEditing\verb\0
&Edit
%2\protocol\StdFileEditing\server
CLSID\%1
CLSID\%1\ProgID
CLSID\%1\InprocHandler32
ole32.dll
CLSID\%1\LocalServer32
CLSID\%1\Verb\0
&Edit,0,2
CLSID\%1\Verb\1
&Open,0,2
CLSID\%1\Insertable
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultIcon
%3,%7
CLSID\%1\MiscStatus
CLSID\%1\InProcServer32
CLSID\%1\DocObject
%2\DocObject
CLSID\%1\Printable
CLSID\%1\DefaultExtension
%9, %8
B.INI
user32.dll
mscoree.dll
KERNEL32.DLL
B(null)
((((( H
h(((( H
H
C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\afxwin1.inl
Exception thrown in destructor
%s (%s:%d)
%s (%s:%d)
Apartment
Info
ber Password Changer
MS Shell Dlg
Password Changer
Version 1.0
(C) Copyright 2006 by Steffen Lange
Alle Rechte vorbehalten.
Password Changer
MS Shell Dlg
IDCANCEL
IDC_LBL_DOMAIN
IDC_LBL_SERVER
IDC_BTN_SERVER
IDC_LBL_USER
IDC_BTN_USER
IDC_LBL_OLDPASSWORD
IDC_LBL_NEWPASSWORD
IDC_BTN_CHANGE
Steffen-Lange.com
MS Shell Dlg
&New
Cancel
&Help
MS Shell Dlg
&Info...
&Schlie
&Computer suchen
&Benutzer suchen
&Kennwort
ndern
ne / Arbeitsgruppe
Computer
Benutzer
Altes Kennwort
Neues KennwortSDer Benutzername ist falsch oder die eingegebenen Kennw
rter stimmen nicht
berein.
Save As
All Files (*.*)
Untitled
an unnamed file
&Hide
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Out of memory.
An unknown error has occurred.!Encountered an improper argument.
Incorrect filename.
Failed to open document.
Failed to save document.
Save changes to %1? Failed to create empty document.
The file is too large to open.
Could not start print job.
Failed to launch help.
Internal application error.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Enter an integer.
Enter a number.#Enter an integer between %1 and %2.!Enter a number between %1 and %2.!Enter no more than %1 characters.
Select a button.#Enter an integer between 0 and 255.
Enter a positive integer.
Enter a date and/or time.
Enter a currency.
Enter a GUID.
Enter a time.
Enter a date.
Unexpected file format.O%1
Cannot find this file.
Verify that the correct path and file name are given.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
%1: %2
Continue running script?
Dispatch exception: %1
#Unable to read write-only property.#Unable to write read-only property.
#Unable to load mail system support.
Mail system DLL is invalid.!Send Mail failed to send message.
No error occurred.-An unknown error occurred while accessing %1.
%1 was not found.
%1 contains an incorrect path.8Could not open %1 because there are too many open files.
Access to %1 was denied.0An incorrect file handle was associated with %1.8Could not remove %1 because it is the current directory.2Could not create %1 because the directory is full.
Seek failed on %14Encountered a hardware I/O error while accessing %1.3Encountered a sharing violation while accessing %1.3Encountered a locking violation while accessing %1.
Disk full while accessing %1.$Attempted to access %1 past its end.
No error occurred.-An unknown error occurred while accessing %1.%Attempted to write to the reading %1.$Attempted to access %1 past its end.&Attempted to read from the writing %1.
%1 has a bad format."%1 contained an unexpected object. %1 contains an incorrect schema.
pixels
Uncheck
Check
Mixed
VS_VERSION_INFO
StringFileInfo
040704e4
CompanyName
Steffen Lange
FileDescription
Password Changer
FileVersion
1.0.0.1
InternalName
PwdChange.exe
LegalCopyright
(C) Copyright 2006 by Steffen Lange
LegalTrademarks
Alle Rechte vorbehalten.
OriginalFilename
PwdChange.exe
ProductName
Password Changer
ProductVersion
1.0.0.1
VarFileInfo
Translation

Full Results

Engine Signature Engine Signature Engine Signature
Bkav W32.AIDetectVM.malware1 Elastic Clean Cynet Malicious (score: 85)
CMC Clean CAT-QuickHeal Clean Qihoo-360 Win32/Trojan.095
McAfee GenericRXAA-AA!EC27FC5E48DB Cylance Clean Zillya Clean
SUPERAntiSpyware Clean Sangfor Clean K7AntiVirus Clean
Alibaba Clean K7GW Clean Cybereason Clean
TrendMicro Clean Baidu Clean Cyren Clean
Symantec ML.Attribute.HighConfidence TotalDefense Clean APEX Malicious
Avast Clean ClamAV Clean Kaspersky HEUR:Trojan-Banker.Win32.Emotet.gen
BitDefender Clean NANO-Antivirus Clean Paloalto Clean
AegisLab Clean MicroWorld-eScan Clean Ad-Aware Clean
Sophos Clean Comodo Clean F-Secure Trojan.TR/AD.Emotet.robdo
DrWeb Trojan.Emotet.1042 VIPRE Clean Invincea Clean
McAfee-GW-Edition BehavesLike.Win32.Trojan.fh FireEye Clean Emsisoft Clean
Ikarus Clean GData Clean Jiangmin Clean
Webroot Clean Avira TR/AD.Emotet.robdo Antiy-AVL Clean
Kingsoft Clean Arcabit Clean ViRobot Clean
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.gen Microsoft Trojan:Win32/Emotet!ibt TACHYON Clean
AhnLab-V3 Clean Acronis Clean VBA32 Clean
MAX Clean Malwarebytes Clean Zoner Clean
ESET-NOD32 Win32/Emotet.CI TrendMicro-HouseCall Clean Rising Clean
Yandex Clean SentinelOne DFI - Suspicious PE eGambit Clean
Fortinet W32/BankerX.5CC7!tr BitDefenderTheta Clean AVG Clean
Panda Clean CrowdStrike win/malicious_confidence_60% (W) MaxSecure Clean
Sorry! No behavior.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
Defense Evasion
  • T1116 - Code Signing
    • Signature - invalid_authenticode_signature
  • T1045 - Software Packing
    • Signature - packer_entropy

    Processing ( 10.401 seconds )

    • 5.26 Suricata
    • 2.261 VirusTotal
    • 1.965 CAPE
    • 0.668 Static
    • 0.093 AnalysisInfo
    • 0.048 Deduplicate
    • 0.048 TargetInfo
    • 0.029 BehaviorAnalysis
    • 0.011 peid
    • 0.01 Strings
    • 0.005 Debug
    • 0.003 NetworkAnalysis

    Signatures ( 0.08200000000000002 seconds )

    • 0.011 ransomware_files
    • 0.01 antiav_detectreg
    • 0.008 ransomware_extensions
    • 0.007 antiav_detectfile
    • 0.005 infostealer_ftp
    • 0.004 antianalysis_detectfile
    • 0.004 infostealer_bitcoin
    • 0.004 territorial_disputes_sigs
    • 0.003 persistence_autorun
    • 0.003 infostealer_im
    • 0.003 masquerade_process_name
    • 0.002 antianalysis_detectreg
    • 0.002 antivm_vbox_files
    • 0.002 geodo_banking_trojan
    • 0.002 infostealer_mail
    • 0.001 antiemu_wine_func
    • 0.001 betabot_behavior
    • 0.001 kibex_behavior
    • 0.001 tinba_behavior
    • 0.001 antidbg_devices
    • 0.001 antivm_vbox_keys
    • 0.001 browser_security
    • 0.001 disables_backups
    • 0.001 disables_browser_warn
    • 0.001 azorult_mutexes
    • 0.001 revil_mutexes
    • 0.001 ursnif_behavior

    Reporting ( 2.269 seconds )

    • 1.978 BinGraph
    • 0.291 MITRE_TTPS