File details
File name: 1gbarsvc.exe
Name: PRODUCTVERS_NAME
Description: PRODUCTVERS_TITLE
Version: 1, 0, 1, 0
Product version: 2, 3, 0, 0
Size: 85.07 KB
Original file name: TWOLETTERPREFIXVERSsvc.exe
Digital certificate
Certificate authority:
VeriSign
Resource utilization
 | CPU utilization averages |
Total CPU: 0.0000012749%
Privileged CPU:
0.0000012749%

User CPU:
0%

Privileged CPU time: 15.6 ms
Privileged CPU time /min: 0 ms
CPU cycle count:
21,871,542
 | Memory utilization averages |
Committed memory:
17.15 MB
Peak committed memory: 19.15 MB
Paged memory:
828 KB
Peak paged memory: 864 KB
Paged system memory:
17.39 KB
Non-paged system memory: 2.94 KB
Working set memory:
96 KB
Peak working set memory: 2.64 MB
Min working set memory: 88 KB
Private memory:
828 KB
Page faults:
758
Page faults /min: 0
Resources
Handle count average: 44
Thread count average: 4
Thread resource averages
ntdll.dll

Total CPU: 0.000001325881%
Privileged CPU: 0.000001325881%
User CPU: 0.000000000000%
CPU Cycle count /sec: 3
Module memory size: 1.23 MB
Process details
Runs as (owner): System
Integrety level: System
Windows platform: 32-bit
Runs as a service: Yes
Parent Process
Process Command
C:\Program Files1\INBOXA~2\bar\1.bin\1gbarsvc.exe
Service details
Name: InboxAceService
Service name: InboxAce_1gService
Service type:
Win32OwnProcess
Image hashes
MD5: 42a3968959e3803d204b30496f215b14
SHA-1: 1a17de78283c88a1f2e9bd86c734067beee6e43b
SHA-256: 58447c726ef0e003423e87cd410570e90e292bae2c69657cfcd60255b788b19c
PE image details
Subsystem: Windows GUI
File packed: No
Import Table
advapi32.dll

RegSetValueExA
RegCreateKeyExA
InitializeSecurityDescriptor
OpenThreadToken
ImpersonateNamedPipeClient
DeleteService
ControlService
OpenServiceA
CloseServiceHandle
QueryServiceStatus
StartServiceA
CreateServiceA
OpenSCManagerA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorA
RevertToSelf
DuplicateTokenEx
kernel32.dll

EnterCriticalSection
LeaveCriticalSection
GetCurrentThread
GetCurrentThreadId
CreateDirectoryA
CopyFileA
DeleteFileA
MoveFileA
GetLocalTime
_lopen
_lcreat
_llseek
_lwrite
_lclose
WaitForMultipleObjects
CreateEventA
CreateNamedPipeA
ResetEvent
SetLastError
ConnectNamedPipe
ReadFile
GetOverlappedResult
WriteFile
DisconnectNamedPipe
SetEvent
ExpandEnvironmentStringsA
FreeResource
GetVersionExA
EncodePointer
DecodePointer
ExitThread
CreateThread
HeapAlloc
HeapFree
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
GetCPInfo
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
RtlUnwind
IsProcessorFeaturePresent
GetStdHandle
GetModuleFileNameW
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
LoadLibraryW
GetStringTypeW
RaiseException
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
WaitForSingleObject
CloseHandle
FindResourceA
LoadResource
LockResource
FormatMessageA
GetLastError
LocalFree
FreeLibrary
Sleep
lstrcmpiA
GetModuleFileNameA
LoadLibraryExA
LocalAlloc
GetCommandLineA
lstrcpyA
lstrlenA
lstrcpynA
ExitProcess
GetACP
shlwapi.dll

SHDeleteValueA
SHDeleteKeyA
user32.dll
