1e40bce6...ea33 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Dropper
Threat Names:
Gen:Variant.Strictor.150341
Gen:Heur.Bodegun.1
Generic.Ransom.Locked.767B115C
...

O4GkFtfMO8YRUkhr.exe

Windows Exe (x86-32)

Created at 2020-08-27T14:23:00

...

Remarks

(0x0200001B): The maximum number of file reputation requests per analysis (150) was exceeded.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\O4GkFtfMO8YRUkhr.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 4.29 MB
MD5 0a438448cebd370318b5294775e2405c Copy to Clipboard
SHA1 60abd37bf94ee406653af60e5b72f1f69f646308 Copy to Clipboard
SHA256 1e40bce6e476e4c0485b3f813cff5d493b1e07f52a89b56a31765529b809ea33 Copy to Clipboard
SSDeep 98304:HvZnhWoluETVQ75BZkD6g3H0VbeP1nc1Irit2LD4P5Q9RlH:RpAWQ75Bc6g0VSPSOs2maRlH Copy to Clipboard
ImpHash b146f7a4a9672ac6b4a25d031e4c5f05 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x858990
Size Of Code 0xd000
Size Of Initialized Data 0x43f000
Size Of Uninitialized Data 0x44b000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1980-08-25 02:27:27+00:00
Packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UPX0 0x401000 0x44b000 0x0 0x400 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
UPX1 0x84c000 0xd000 0xcc00 0x400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.75
.wh 0x859000 0x43f000 0x43e400 0xd000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.98
.bw 0xc98000 0x1000 0x200 0x44b400 - 1.19
Imports (9)
»
KERNEL32.DLL (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA 0x0 0xc971d0 0x8971d0 0x44b1d0 0x0
GetProcAddress 0x0 0xc971d4 0x8971d4 0x44b1d4 0x0
VirtualProtect 0x0 0xc971d8 0x8971d8 0x44b1d8 0x0
VirtualAlloc 0x0 0xc971dc 0x8971dc 0x44b1dc 0x0
VirtualFree 0x0 0xc971e0 0x8971e0 0x44b1e0 0x0
ExitProcess 0x0 0xc971e4 0x8971e4 0x44b1e4 0x0
COMCTL32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControlsEx 0x0 0xc971ec 0x8971ec 0x44b1ec 0x0
GDI32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStockObject 0x0 0xc971f4 0x8971f4 0x44b1f4 0x0
MSVCRT.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
free 0x0 0xc971fc 0x8971fc 0x44b1fc 0x0
OLE32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitialize 0x0 0xc97204 0x897204 0x44b204 0x0
SHELL32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteExW 0x0 0xc9720c 0x89720c 0x44b20c 0x0
SHLWAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathRemoveArgsW 0x0 0xc97214 0x897214 0x44b214 0x0
USER32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetFocus 0x0 0xc9721c 0x89721c 0x44b21c 0x0
WINMM.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeBeginPeriod 0x0 0xc97224 0x897224 0x44b224 0x0
Icons (1)
»
C:\Users\FD1HVy\Desktop\rd000db.dll Dropped File Binary
Malicious
...
»
Also Known As C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\MicrosoftNTSystem.sys (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 653.42 KB
MD5 14478bef65c236d8cb43239d03941f5d Copy to Clipboard
SHA1 efdcc398e6aeecddb0238fb92184a13b569a108a Copy to Clipboard
SHA256 b224099bfa13965a08018317c0a822004ad9b49106283fe37c62c53caf877172 Copy to Clipboard
SSDeep 12288:ohkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aJPC:QRmJkcoQricOIQxiZY1ia5C Copy to Clipboard
ImpHash d3bf8a7746a8d1ee8f6e5960c3f69378 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x4165c1
Size Of Code 0x80800
Size Of Initialized Data 0x1dc00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2012-01-29 21:32:28+00:00
Version Information (3)
»
CompiledScript AutoIt v3 Script: 3, 3, 8, 1
FileDescription -
FileVersion 3, 3, 8, 1
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x8061c 0x80800 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.68
.rdata 0x482000 0xdfc0 0xe000 0x80c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.8
.data 0x490000 0x1a758 0x6800 0x8ec00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.15
.rsrc 0x4ab000 0xcd78 0xce00 0x95400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.25
Imports (16)
»
WSOCK32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__WSAFDIsSet 0x97 0x482794 0x8dd04 0x8c904 -
setsockopt 0x15 0x482798 0x8dd08 0x8c908 -
ntohs 0xf 0x48279c 0x8dd0c 0x8c90c -
recvfrom 0x11 0x4827a0 0x8dd10 0x8c910 -
sendto 0x14 0x4827a4 0x8dd14 0x8c914 -
htons 0x9 0x4827a8 0x8dd18 0x8c918 -
select 0x12 0x4827ac 0x8dd1c 0x8c91c -
listen 0xd 0x4827b0 0x8dd20 0x8c920 -
WSAStartup 0x73 0x4827b4 0x8dd24 0x8c924 -
bind 0x2 0x4827b8 0x8dd28 0x8c928 -
closesocket 0x3 0x4827bc 0x8dd2c 0x8c92c -
connect 0x4 0x4827c0 0x8dd30 0x8c930 -
socket 0x17 0x4827c4 0x8dd34 0x8c934 -
send 0x13 0x4827c8 0x8dd38 0x8c938 -
WSACleanup 0x74 0x4827cc 0x8dd3c 0x8c93c -
ioctlsocket 0xa 0x4827d0 0x8dd40 0x8c940 -
accept 0x1 0x4827d4 0x8dd44 0x8c944 -
WSAGetLastError 0x6f 0x4827d8 0x8dd48 0x8c948 -
inet_addr 0xb 0x4827dc 0x8dd4c 0x8c94c -
gethostbyname 0x34 0x4827e0 0x8dd50 0x8c950 -
gethostname 0x39 0x4827e4 0x8dd54 0x8c954 -
recv 0x10 0x4827e8 0x8dd58 0x8c958 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW 0x0 0x482738 0x8dca8 0x8c8a8 0xe
GetFileVersionInfoW 0x0 0x48273c 0x8dcac 0x8c8ac 0x6
GetFileVersionInfoSizeW 0x0 0x482740 0x8dcb0 0x8c8b0 0x5
WINMM.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeGetTime 0x0 0x482784 0x8dcf4 0x8c8f4 0x94
waveOutSetVolume 0x0 0x482788 0x8dcf8 0x8c8f8 0xbb
mciSendStringW 0x0 0x48278c 0x8dcfc 0x8c8fc 0x32
COMCTL32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_Remove 0x0 0x48208c 0x8d5fc 0x8c1fc 0x6d
ImageList_SetDragCursorImage 0x0 0x482090 0x8d600 0x8c200 0x72
ImageList_BeginDrag 0x0 0x482094 0x8d604 0x8c204 0x50
ImageList_DragEnter 0x0 0x482098 0x8d608 0x8c208 0x56
ImageList_DragLeave 0x0 0x48209c 0x8d60c 0x8c20c 0x57
ImageList_EndDrag 0x0 0x4820a0 0x8d610 0x8c210 0x5e
ImageList_DragMove 0x0 0x4820a4 0x8d614 0x8c214 0x58
ImageList_ReplaceIcon 0x0 0x4820a8 0x8d618 0x8c218 0x6f
ImageList_Create 0x0 0x4820ac 0x8d61c 0x8c21c 0x53
InitCommonControlsEx 0x0 0x4820b0 0x8d620 0x8c220 0x7b
ImageList_Destroy 0x0 0x4820b4 0x8d624 0x8c224 0x54
MPR.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetCancelConnection2W 0x0 0x4823d8 0x8d948 0x8c548 0xc
WNetGetConnectionW 0x0 0x4823dc 0x8d94c 0x8c54c 0x24
WNetAddConnection2W 0x0 0x4823e0 0x8d950 0x8c550 0x6
WNetUseConnectionW 0x0 0x4823e4 0x8d954 0x8c554 0x49
WININET.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetReadFile 0x0 0x482748 0x8dcb8 0x8c8b8 0x9f
InternetCloseHandle 0x0 0x48274c 0x8dcbc 0x8c8bc 0x6b
InternetOpenW 0x0 0x482750 0x8dcc0 0x8c8c0 0x9a
InternetSetOptionW 0x0 0x482754 0x8dcc4 0x8c8c4 0xaf
InternetCrackUrlW 0x0 0x482758 0x8dcc8 0x8c8c8 0x74
HttpQueryInfoW 0x0 0x48275c 0x8dccc 0x8c8cc 0x5a
InternetConnectW 0x0 0x482760 0x8dcd0 0x8c8d0 0x72
HttpOpenRequestW 0x0 0x482764 0x8dcd4 0x8c8d4 0x58
HttpSendRequestW 0x0 0x482768 0x8dcd8 0x8c8d8 0x5e
FtpOpenFileW 0x0 0x48276c 0x8dcdc 0x8c8dc 0x35
FtpGetFileSize 0x0 0x482770 0x8dce0 0x8c8e0 0x32
InternetOpenUrlW 0x0 0x482774 0x8dce4 0x8c8e4 0x99
InternetQueryOptionW 0x0 0x482778 0x8dce8 0x8c8e8 0x9e
InternetQueryDataAvailable 0x0 0x48277c 0x8dcec 0x8c8ec 0x9b
PSAPI.DLL (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EnumProcesses 0x0 0x482450 0x8d9c0 0x8c5c0 0x6
GetModuleBaseNameW 0x0 0x482454 0x8d9c4 0x8c5c4 0xe
GetProcessMemoryInfo 0x0 0x482458 0x8d9c8 0x8c5c8 0x15
EnumProcessModules 0x0 0x48245c 0x8d9cc 0x8c5cc 0x4
USERENV.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateEnvironmentBlock 0x0 0x482724 0x8dc94 0x8c894 0x0
DestroyEnvironmentBlock 0x0 0x482728 0x8dc98 0x8c898 0x4
UnloadUserProfile 0x0 0x48272c 0x8dc9c 0x8c89c 0x2c
LoadUserProfileW 0x0 0x482730 0x8dca0 0x8c8a0 0x21
KERNEL32.dll (159)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
HeapAlloc 0x0 0x482158 0x8d6c8 0x8c2c8 0x2cb
Sleep 0x0 0x48215c 0x8d6cc 0x8c2cc 0x4b2
GetCurrentThreadId 0x0 0x482160 0x8d6d0 0x8c2d0 0x1c5
RaiseException 0x0 0x482164 0x8d6d4 0x8c2d4 0x3b1
MulDiv 0x0 0x482168 0x8d6d8 0x8c2d8 0x366
GetVersionExW 0x0 0x48216c 0x8d6dc 0x8c2dc 0x2a4
GetSystemInfo 0x0 0x482170 0x8d6e0 0x8c2e0 0x273
InterlockedIncrement 0x0 0x482174 0x8d6e4 0x8c2e4 0x2ef
InterlockedDecrement 0x0 0x482178 0x8d6e8 0x8c2e8 0x2eb
WideCharToMultiByte 0x0 0x48217c 0x8d6ec 0x8c2ec 0x511
lstrcpyW 0x0 0x482180 0x8d6f0 0x8c2f0 0x548
MultiByteToWideChar 0x0 0x482184 0x8d6f4 0x8c2f4 0x367
lstrlenW 0x0 0x482188 0x8d6f8 0x8c2f8 0x54e
lstrcmpiW 0x0 0x48218c 0x8d6fc 0x8c2fc 0x545
GetModuleHandleW 0x0 0x482190 0x8d700 0x8c300 0x218
QueryPerformanceCounter 0x0 0x482194 0x8d704 0x8c304 0x3a7
VirtualFreeEx 0x0 0x482198 0x8d708 0x8c308 0x4ed
OpenProcess 0x0 0x48219c 0x8d70c 0x8c30c 0x380
VirtualAllocEx 0x0 0x4821a0 0x8d710 0x8c310 0x4ea
WriteProcessMemory 0x0 0x4821a4 0x8d714 0x8c314 0x52e
ReadProcessMemory 0x0 0x4821a8 0x8d718 0x8c318 0x3c3
CreateFileW 0x0 0x4821ac 0x8d71c 0x8c31c 0x8f
SetFilePointerEx 0x0 0x4821b0 0x8d720 0x8c320 0x467
ReadFile 0x0 0x4821b4 0x8d724 0x8c324 0x3c0
WriteFile 0x0 0x4821b8 0x8d728 0x8c328 0x525
FlushFileBuffers 0x0 0x4821bc 0x8d72c 0x8c32c 0x157
TerminateProcess 0x0 0x4821c0 0x8d730 0x8c330 0x4c0
CreateToolhelp32Snapshot 0x0 0x4821c4 0x8d734 0x8c334 0xbe
Process32FirstW 0x0 0x4821c8 0x8d738 0x8c338 0x396
Process32NextW 0x0 0x4821cc 0x8d73c 0x8c33c 0x398
SetFileTime 0x0 0x4821d0 0x8d740 0x8c340 0x46a
GetFileAttributesW 0x0 0x4821d4 0x8d744 0x8c344 0x1ea
FindFirstFileW 0x0 0x4821d8 0x8d748 0x8c348 0x139
FindClose 0x0 0x4821dc 0x8d74c 0x8c34c 0x12e
DeleteFileW 0x0 0x4821e0 0x8d750 0x8c350 0xd6
FindNextFileW 0x0 0x4821e4 0x8d754 0x8c354 0x145
MoveFileW 0x0 0x4821e8 0x8d758 0x8c358 0x363
CopyFileW 0x0 0x4821ec 0x8d75c 0x8c35c 0x75
CreateDirectoryW 0x0 0x4821f0 0x8d760 0x8c360 0x81
RemoveDirectoryW 0x0 0x4821f4 0x8d764 0x8c364 0x403
GetProcessHeap 0x0 0x4821f8 0x8d768 0x8c368 0x24a
QueryPerformanceFrequency 0x0 0x4821fc 0x8d76c 0x8c36c 0x3a8
FindResourceW 0x0 0x482200 0x8d770 0x8c370 0x14e
LoadResource 0x0 0x482204 0x8d774 0x8c374 0x341
LockResource 0x0 0x482208 0x8d778 0x8c378 0x354
SizeofResource 0x0 0x48220c 0x8d77c 0x8c37c 0x4b1
EnumResourceNamesW 0x0 0x482210 0x8d780 0x8c380 0x102
OutputDebugStringW 0x0 0x482214 0x8d784 0x8c384 0x38a
GetLocalTime 0x0 0x482218 0x8d788 0x8c388 0x203
CompareStringW 0x0 0x48221c 0x8d78c 0x8c38c 0x64
DeleteCriticalSection 0x0 0x482220 0x8d790 0x8c390 0xd1
EnterCriticalSection 0x0 0x482224 0x8d794 0x8c394 0xee
LeaveCriticalSection 0x0 0x482228 0x8d798 0x8c398 0x339
InitializeCriticalSectionAndSpinCount 0x0 0x48222c 0x8d79c 0x8c39c 0x2e3
GetStdHandle 0x0 0x482230 0x8d7a0 0x8c3a0 0x264
CreatePipe 0x0 0x482234 0x8d7a4 0x8c3a4 0xa1
InterlockedExchange 0x0 0x482238 0x8d7a8 0x8c3a8 0x2ec
TerminateThread 0x0 0x48223c 0x8d7ac 0x8c3ac 0x4c1
GetTempPathW 0x0 0x482240 0x8d7b0 0x8c3b0 0x285
GetTempFileNameW 0x0 0x482244 0x8d7b4 0x8c3b4 0x283
VirtualFree 0x0 0x482248 0x8d7b8 0x8c3b8 0x4ec
FormatMessageW 0x0 0x48224c 0x8d7bc 0x8c3bc 0x15e
GetExitCodeProcess 0x0 0x482250 0x8d7c0 0x8c3c0 0x1df
SetErrorMode 0x0 0x482254 0x8d7c4 0x8c3c4 0x458
GetPrivateProfileStringW 0x0 0x482258 0x8d7c8 0x8c3c8 0x242
WritePrivateProfileStringW 0x0 0x48225c 0x8d7cc 0x8c3cc 0x52b
GetPrivateProfileSectionW 0x0 0x482260 0x8d7d0 0x8c3d0 0x240
WritePrivateProfileSectionW 0x0 0x482264 0x8d7d4 0x8c3d4 0x529
GetPrivateProfileSectionNamesW 0x0 0x482268 0x8d7d8 0x8c3d8 0x23f
FileTimeToLocalFileTime 0x0 0x48226c 0x8d7dc 0x8c3dc 0x124
FileTimeToSystemTime 0x0 0x482270 0x8d7e0 0x8c3e0 0x125
SystemTimeToFileTime 0x0 0x482274 0x8d7e4 0x8c3e4 0x4bd
LocalFileTimeToFileTime 0x0 0x482278 0x8d7e8 0x8c3e8 0x346
GetDriveTypeW 0x0 0x48227c 0x8d7ec 0x8c3ec 0x1d3
GetDiskFreeSpaceExW 0x0 0x482280 0x8d7f0 0x8c3f0 0x1ce
GetDiskFreeSpaceW 0x0 0x482284 0x8d7f4 0x8c3f4 0x1cf
GetVolumeInformationW 0x0 0x482288 0x8d7f8 0x8c3f8 0x2a7
SetVolumeLabelW 0x0 0x48228c 0x8d7fc 0x8c3fc 0x4a9
CreateHardLinkW 0x0 0x482290 0x8d800 0x8c400 0x93
DeviceIoControl 0x0 0x482294 0x8d804 0x8c404 0xdd
SetFileAttributesW 0x0 0x482298 0x8d808 0x8c408 0x461
GetShortPathNameW 0x0 0x48229c 0x8d80c 0x8c40c 0x261
CreateEventW 0x0 0x4822a0 0x8d810 0x8c410 0x85
SetEvent 0x0 0x4822a4 0x8d814 0x8c414 0x459
GetEnvironmentVariableW 0x0 0x4822a8 0x8d818 0x8c418 0x1dc
SetEnvironmentVariableW 0x0 0x4822ac 0x8d81c 0x8c41c 0x457
GlobalLock 0x0 0x4822b0 0x8d820 0x8c420 0x2be
GlobalUnlock 0x0 0x4822b4 0x8d824 0x8c424 0x2c5
GlobalAlloc 0x0 0x4822b8 0x8d828 0x8c428 0x2b3
GetFileSize 0x0 0x4822bc 0x8d82c 0x8c42c 0x1f0
GlobalFree 0x0 0x4822c0 0x8d830 0x8c430 0x2ba
GlobalMemoryStatusEx 0x0 0x4822c4 0x8d834 0x8c434 0x2c0
Beep 0x0 0x4822c8 0x8d838 0x8c438 0x36
GetSystemDirectoryW 0x0 0x4822cc 0x8d83c 0x8c43c 0x270
GetComputerNameW 0x0 0x4822d0 0x8d840 0x8c440 0x18f
GetWindowsDirectoryW 0x0 0x4822d4 0x8d844 0x8c444 0x2af
GetCurrentProcessId 0x0 0x4822d8 0x8d848 0x8c448 0x1c1
GetCurrentThread 0x0 0x4822dc 0x8d84c 0x8c44c 0x1c4
GetProcessIoCounters 0x0 0x4822e0 0x8d850 0x8c450 0x24e
CreateProcessW 0x0 0x4822e4 0x8d854 0x8c454 0xa8
SetPriorityClass 0x0 0x4822e8 0x8d858 0x8c458 0x47d
LoadLibraryW 0x0 0x4822ec 0x8d85c 0x8c45c 0x33f
VirtualAlloc 0x0 0x4822f0 0x8d860 0x8c460 0x4e9
LoadLibraryExW 0x0 0x4822f4 0x8d864 0x8c464 0x33e
HeapFree 0x0 0x4822f8 0x8d868 0x8c468 0x2cf
WaitForSingleObject 0x0 0x4822fc 0x8d86c 0x8c46c 0x4f9
CreateThread 0x0 0x482300 0x8d870 0x8c470 0xb5
DuplicateHandle 0x0 0x482304 0x8d874 0x8c474 0xe8
GetLastError 0x0 0x482308 0x8d878 0x8c478 0x202
CloseHandle 0x0 0x48230c 0x8d87c 0x8c47c 0x52
GetCurrentProcess 0x0 0x482310 0x8d880 0x8c480 0x1c0
GetProcAddress 0x0 0x482314 0x8d884 0x8c484 0x245
LoadLibraryA 0x0 0x482318 0x8d888 0x8c488 0x33c
FreeLibrary 0x0 0x48231c 0x8d88c 0x8c48c 0x162
GetModuleFileNameW 0x0 0x482320 0x8d890 0x8c490 0x214
GetFullPathNameW 0x0 0x482324 0x8d894 0x8c494 0x1fb
SetCurrentDirectoryW 0x0 0x482328 0x8d898 0x8c498 0x44d
IsDebuggerPresent 0x0 0x48232c 0x8d89c 0x8c49c 0x300
GetCurrentDirectoryW 0x0 0x482330 0x8d8a0 0x8c4a0 0x1bf
ExitProcess 0x0 0x482334 0x8d8a4 0x8c4a4 0x119
ExitThread 0x0 0x482338 0x8d8a8 0x8c4a8 0x11a
GetSystemTimeAsFileTime 0x0 0x48233c 0x8d8ac 0x8c4ac 0x279
ResumeThread 0x0 0x482340 0x8d8b0 0x8c4b0 0x413
GetTimeFormatW 0x0 0x482344 0x8d8b4 0x8c4b4 0x297
GetDateFormatW 0x0 0x482348 0x8d8b8 0x8c4b8 0x1c8
GetCommandLineW 0x0 0x48234c 0x8d8bc 0x8c4bc 0x187
GetStartupInfoW 0x0 0x482350 0x8d8c0 0x8c4c0 0x263
IsProcessorFeaturePresent 0x0 0x482354 0x8d8c4 0x8c4c4 0x304
HeapSize 0x0 0x482358 0x8d8c8 0x8c4c8 0x2d4
GetCPInfo 0x0 0x48235c 0x8d8cc 0x8c4cc 0x172
GetACP 0x0 0x482360 0x8d8d0 0x8c4d0 0x168
GetOEMCP 0x0 0x482364 0x8d8d4 0x8c4d4 0x237
IsValidCodePage 0x0 0x482368 0x8d8d8 0x8c4d8 0x30a
TlsAlloc 0x0 0x48236c 0x8d8dc 0x8c4dc 0x4c5
TlsGetValue 0x0 0x482370 0x8d8e0 0x8c4e0 0x4c7
TlsSetValue 0x0 0x482374 0x8d8e4 0x8c4e4 0x4c8
TlsFree 0x0 0x482378 0x8d8e8 0x8c4e8 0x4c6
SetLastError 0x0 0x48237c 0x8d8ec 0x8c4ec 0x473
UnhandledExceptionFilter 0x0 0x482380 0x8d8f0 0x8c4f0 0x4d3
SetUnhandledExceptionFilter 0x0 0x482384 0x8d8f4 0x8c4f4 0x4a5
GetStringTypeW 0x0 0x482388 0x8d8f8 0x8c4f8 0x269
HeapCreate 0x0 0x48238c 0x8d8fc 0x8c4fc 0x2cd
SetHandleCount 0x0 0x482390 0x8d900 0x8c500 0x46f
GetFileType 0x0 0x482394 0x8d904 0x8c504 0x1f3
SetStdHandle 0x0 0x482398 0x8d908 0x8c508 0x487
GetConsoleCP 0x0 0x48239c 0x8d90c 0x8c50c 0x19a
GetConsoleMode 0x0 0x4823a0 0x8d910 0x8c510 0x1ac
LCMapStringW 0x0 0x4823a4 0x8d914 0x8c514 0x32d
RtlUnwind 0x0 0x4823a8 0x8d918 0x8c518 0x418
SetFilePointer 0x0 0x4823ac 0x8d91c 0x8c51c 0x466
GetTimeZoneInformation 0x0 0x4823b0 0x8d920 0x8c520 0x298
FreeEnvironmentStringsW 0x0 0x4823b4 0x8d924 0x8c524 0x161
GetEnvironmentStringsW 0x0 0x4823b8 0x8d928 0x8c528 0x1da
GetTickCount 0x0 0x4823bc 0x8d92c 0x8c52c 0x293
HeapReAlloc 0x0 0x4823c0 0x8d930 0x8c530 0x2d2
WriteConsoleW 0x0 0x4823c4 0x8d934 0x8c534 0x524
SetEndOfFile 0x0 0x4823c8 0x8d938 0x8c538 0x453
SetSystemPowerState 0x0 0x4823cc 0x8d93c 0x8c53c 0x48a
SetEnvironmentVariableA 0x0 0x4823d0 0x8d940 0x8c540 0x456
USER32.dll (160)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetCursorInfo 0x0 0x4824a0 0x8da10 0x8c610 0x11f
RegisterHotKey 0x0 0x4824a4 0x8da14 0x8c614 0x256
ClientToScreen 0x0 0x4824a8 0x8da18 0x8c618 0x47
GetKeyboardLayoutNameW 0x0 0x4824ac 0x8da1c 0x8c61c 0x141
IsCharAlphaW 0x0 0x4824b0 0x8da20 0x8c620 0x1c4
IsCharAlphaNumericW 0x0 0x4824b4 0x8da24 0x8c624 0x1c3
IsCharLowerW 0x0 0x4824b8 0x8da28 0x8c628 0x1c6
IsCharUpperW 0x0 0x4824bc 0x8da2c 0x8c62c 0x1c8
GetMenuStringW 0x0 0x4824c0 0x8da30 0x8c630 0x158
GetSubMenu 0x0 0x4824c4 0x8da34 0x8c634 0x17a
GetCaretPos 0x0 0x4824c8 0x8da38 0x8c638 0x10a
IsZoomed 0x0 0x4824cc 0x8da3c 0x8c63c 0x1e2
MonitorFromPoint 0x0 0x4824d0 0x8da40 0x8c640 0x218
GetMonitorInfoW 0x0 0x4824d4 0x8da44 0x8c644 0x15f
SetWindowLongW 0x0 0x4824d8 0x8da48 0x8c648 0x2c4
SetLayeredWindowAttributes 0x0 0x4824dc 0x8da4c 0x8c64c 0x298
FlashWindow 0x0 0x4824e0 0x8da50 0x8c650 0xfb
GetClassLongW 0x0 0x4824e4 0x8da54 0x8c654 0x110
TranslateAcceleratorW 0x0 0x4824e8 0x8da58 0x8c658 0x2fa
IsDialogMessageW 0x0 0x4824ec 0x8da5c 0x8c65c 0x1cd
GetSysColor 0x0 0x4824f0 0x8da60 0x8c660 0x17b
InflateRect 0x0 0x4824f4 0x8da64 0x8c664 0x1b5
DrawFocusRect 0x0 0x4824f8 0x8da68 0x8c668 0xc4
DrawTextW 0x0 0x4824fc 0x8da6c 0x8c66c 0xd0
FrameRect 0x0 0x482500 0x8da70 0x8c670 0xfd
DrawFrameControl 0x0 0x482504 0x8da74 0x8c674 0xc6
FillRect 0x0 0x482508 0x8da78 0x8c678 0xf6
PtInRect 0x0 0x48250c 0x8da7c 0x8c67c 0x240
DestroyAcceleratorTable 0x0 0x482510 0x8da80 0x8c680 0xa0
CreateAcceleratorTableW 0x0 0x482514 0x8da84 0x8c684 0x58
SetCursor 0x0 0x482518 0x8da88 0x8c688 0x288
GetWindowDC 0x0 0x48251c 0x8da8c 0x8c68c 0x192
GetSystemMetrics 0x0 0x482520 0x8da90 0x8c690 0x17e
GetActiveWindow 0x0 0x482524 0x8da94 0x8c694 0x100
CharNextW 0x0 0x482528 0x8da98 0x8c698 0x31
wsprintfW 0x0 0x48252c 0x8da9c 0x8c69c 0x333
RedrawWindow 0x0 0x482530 0x8daa0 0x8c6a0 0x24a
DrawMenuBar 0x0 0x482534 0x8daa4 0x8c6a4 0xc9
DestroyMenu 0x0 0x482538 0x8daa8 0x8c6a8 0xa4
SetMenu 0x0 0x48253c 0x8daac 0x8c6ac 0x29c
GetWindowTextLengthW 0x0 0x482540 0x8dab0 0x8c6b0 0x1a2
CreateMenu 0x0 0x482544 0x8dab4 0x8c6b4 0x6a
IsDlgButtonChecked 0x0 0x482548 0x8dab8 0x8c6b8 0x1ce
DefDlgProcW 0x0 0x48254c 0x8dabc 0x8c6bc 0x95
ReleaseCapture 0x0 0x482550 0x8dac0 0x8c6c0 0x264
SetCapture 0x0 0x482554 0x8dac4 0x8c6c4 0x280
WindowFromPoint 0x0 0x482558 0x8dac8 0x8c6c8 0x32c
LoadImageW 0x0 0x48255c 0x8dacc 0x8c6cc 0x1ef
CreateIconFromResourceEx 0x0 0x482560 0x8dad0 0x8c6d0 0x66
mouse_event 0x0 0x482564 0x8dad4 0x8c6d4 0x331
ExitWindowsEx 0x0 0x482568 0x8dad8 0x8c6d8 0xf5
SetActiveWindow 0x0 0x48256c 0x8dadc 0x8c6dc 0x27f
FindWindowExW 0x0 0x482570 0x8dae0 0x8c6e0 0xf9
EnumThreadWindows 0x0 0x482574 0x8dae4 0x8c6e4 0xef
SetMenuDefaultItem 0x0 0x482578 0x8dae8 0x8c6e8 0x29e
InsertMenuItemW 0x0 0x48257c 0x8daec 0x8c6ec 0x1b9
IsMenu 0x0 0x482580 0x8daf0 0x8c6f0 0x1d2
TrackPopupMenuEx 0x0 0x482584 0x8daf4 0x8c6f4 0x2f7
GetCursorPos 0x0 0x482588 0x8daf8 0x8c6f8 0x120
DeleteMenu 0x0 0x48258c 0x8dafc 0x8c6fc 0x9e
CheckMenuRadioItem 0x0 0x482590 0x8db00 0x8c700 0x40
SetWindowPos 0x0 0x482594 0x8db04 0x8c704 0x2c6
GetMenuItemCount 0x0 0x482598 0x8db08 0x8c708 0x151
SetMenuItemInfoW 0x0 0x48259c 0x8db0c 0x8c70c 0x2a2
GetMenuItemInfoW 0x0 0x4825a0 0x8db10 0x8c710 0x154
SetForegroundWindow 0x0 0x4825a4 0x8db14 0x8c714 0x293
IsIconic 0x0 0x4825a8 0x8db18 0x8c718 0x1d1
FindWindowW 0x0 0x4825ac 0x8db1c 0x8c71c 0xfa
SystemParametersInfoW 0x0 0x4825b0 0x8db20 0x8c720 0x2ec
TranslateMessage 0x0 0x4825b4 0x8db24 0x8c724 0x2fc
SendInput 0x0 0x4825b8 0x8db28 0x8c728 0x276
GetAsyncKeyState 0x0 0x4825bc 0x8db2c 0x8c72c 0x107
SetKeyboardState 0x0 0x4825c0 0x8db30 0x8c730 0x296
GetKeyboardState 0x0 0x4825c4 0x8db34 0x8c734 0x142
GetKeyState 0x0 0x4825c8 0x8db38 0x8c738 0x13d
VkKeyScanW 0x0 0x4825cc 0x8db3c 0x8c73c 0x321
LoadStringW 0x0 0x4825d0 0x8db40 0x8c740 0x1fa
DialogBoxParamW 0x0 0x4825d4 0x8db44 0x8c744 0xac
MessageBeep 0x0 0x4825d8 0x8db48 0x8c748 0x20d
EndDialog 0x0 0x4825dc 0x8db4c 0x8c74c 0xda
SendDlgItemMessageW 0x0 0x4825e0 0x8db50 0x8c750 0x273
GetDlgItem 0x0 0x4825e4 0x8db54 0x8c754 0x127
SetWindowTextW 0x0 0x4825e8 0x8db58 0x8c758 0x2cb
CopyRect 0x0 0x4825ec 0x8db5c 0x8c75c 0x55
ReleaseDC 0x0 0x4825f0 0x8db60 0x8c760 0x265
GetDC 0x0 0x4825f4 0x8db64 0x8c764 0x121
EndPaint 0x0 0x4825f8 0x8db68 0x8c768 0xdc
BeginPaint 0x0 0x4825fc 0x8db6c 0x8c76c 0xe
GetClientRect 0x0 0x482600 0x8db70 0x8c770 0x114
GetMenu 0x0 0x482604 0x8db74 0x8c774 0x14b
DestroyWindow 0x0 0x482608 0x8db78 0x8c778 0xa6
EnumWindows 0x0 0x48260c 0x8db7c 0x8c77c 0xf2
GetDesktopWindow 0x0 0x482610 0x8db80 0x8c780 0x123
IsWindow 0x0 0x482614 0x8db84 0x8c784 0x1db
IsWindowEnabled 0x0 0x482618 0x8db88 0x8c788 0x1dc
IsWindowVisible 0x0 0x48261c 0x8db8c 0x8c78c 0x1e0
EnableWindow 0x0 0x482620 0x8db90 0x8c790 0xd8
InvalidateRect 0x0 0x482624 0x8db94 0x8c794 0x1be
GetWindowLongW 0x0 0x482628 0x8db98 0x8c798 0x196
AttachThreadInput 0x0 0x48262c 0x8db9c 0x8c79c 0xc
GetFocus 0x0 0x482630 0x8dba0 0x8c7a0 0x12c
GetWindowTextW 0x0 0x482634 0x8dba4 0x8c7a4 0x1a3
ScreenToClient 0x0 0x482638 0x8dba8 0x8c7a8 0x26d
SendMessageTimeoutW 0x0 0x48263c 0x8dbac 0x8c7ac 0x27b
EnumChildWindows 0x0 0x482640 0x8dbb0 0x8c7b0 0xdf
CharUpperBuffW 0x0 0x482644 0x8dbb4 0x8c7b4 0x3b
GetClassNameW 0x0 0x482648 0x8dbb8 0x8c7b8 0x112
GetParent 0x0 0x48264c 0x8dbbc 0x8c7bc 0x164
GetDlgCtrlID 0x0 0x482650 0x8dbc0 0x8c7c0 0x126
SendMessageW 0x0 0x482654 0x8dbc4 0x8c7c4 0x27c
MapVirtualKeyW 0x0 0x482658 0x8dbc8 0x8c7c8 0x208
PostMessageW 0x0 0x48265c 0x8dbcc 0x8c7cc 0x236
GetWindowRect 0x0 0x482660 0x8dbd0 0x8c7d0 0x19c
SetUserObjectSecurity 0x0 0x482664 0x8dbd4 0x8c7d4 0x2be
GetUserObjectSecurity 0x0 0x482668 0x8dbd8 0x8c7d8 0x18c
CloseDesktop 0x0 0x48266c 0x8dbdc 0x8c7dc 0x4a
CloseWindowStation 0x0 0x482670 0x8dbe0 0x8c7e0 0x4e
OpenDesktopW 0x0 0x482674 0x8dbe4 0x8c7e4 0x228
SetProcessWindowStation 0x0 0x482678 0x8dbe8 0x8c7e8 0x2aa
GetProcessWindowStation 0x0 0x48267c 0x8dbec 0x8c7ec 0x168
OpenWindowStationW 0x0 0x482680 0x8dbf0 0x8c7f0 0x22d
MessageBoxW 0x0 0x482684 0x8dbf4 0x8c7f4 0x215
DefWindowProcW 0x0 0x482688 0x8dbf8 0x8c7f8 0x9c
CopyImage 0x0 0x48268c 0x8dbfc 0x8c7fc 0x54
AdjustWindowRectEx 0x0 0x482690 0x8dc00 0x8c800 0x3
SetRect 0x0 0x482694 0x8dc04 0x8c804 0x2ae
SetClipboardData 0x0 0x482698 0x8dc08 0x8c808 0x286
EmptyClipboard 0x0 0x48269c 0x8dc0c 0x8c80c 0xd5
CountClipboardFormats 0x0 0x4826a0 0x8dc10 0x8c810 0x56
CloseClipboard 0x0 0x4826a4 0x8dc14 0x8c814 0x49
GetClipboardData 0x0 0x4826a8 0x8dc18 0x8c818 0x116
IsClipboardFormatAvailable 0x0 0x4826ac 0x8dc1c 0x8c81c 0x1ca
OpenClipboard 0x0 0x4826b0 0x8dc20 0x8c820 0x226
BlockInput 0x0 0x4826b4 0x8dc24 0x8c824 0xf
GetMessageW 0x0 0x4826b8 0x8dc28 0x8c828 0x15d
LockWindowUpdate 0x0 0x4826bc 0x8dc2c 0x8c82c 0x1fd
GetMenuItemID 0x0 0x4826c0 0x8dc30 0x8c830 0x152
DispatchMessageW 0x0 0x4826c4 0x8dc34 0x8c834 0xaf
MoveWindow 0x0 0x4826c8 0x8dc38 0x8c838 0x21b
SetFocus 0x0 0x4826cc 0x8dc3c 0x8c83c 0x292
PostQuitMessage 0x0 0x4826d0 0x8dc40 0x8c840 0x237
KillTimer 0x0 0x4826d4 0x8dc44 0x8c844 0x1e3
CreatePopupMenu 0x0 0x4826d8 0x8dc48 0x8c848 0x6b
RegisterWindowMessageW 0x0 0x4826dc 0x8dc4c 0x8c84c 0x263
SetTimer 0x0 0x4826e0 0x8dc50 0x8c850 0x2bb
ShowWindow 0x0 0x4826e4 0x8dc54 0x8c854 0x2df
CreateWindowExW 0x0 0x4826e8 0x8dc58 0x8c858 0x6e
RegisterClassExW 0x0 0x4826ec 0x8dc5c 0x8c85c 0x24d
LoadIconW 0x0 0x4826f0 0x8dc60 0x8c860 0x1ed
LoadCursorW 0x0 0x4826f4 0x8dc64 0x8c864 0x1eb
GetSysColorBrush 0x0 0x4826f8 0x8dc68 0x8c868 0x17c
GetForegroundWindow 0x0 0x4826fc 0x8dc6c 0x8c86c 0x12d
MessageBoxA 0x0 0x482700 0x8dc70 0x8c870 0x20e
DestroyIcon 0x0 0x482704 0x8dc74 0x8c874 0xa3
PeekMessageW 0x0 0x482708 0x8dc78 0x8c878 0x233
UnregisterHotKey 0x0 0x48270c 0x8dc7c 0x8c87c 0x308
CharLowerBuffW 0x0 0x482710 0x8dc80 0x8c880 0x2d
keybd_event 0x0 0x482714 0x8dc84 0x8c884 0x330
MonitorFromRect 0x0 0x482718 0x8dc88 0x8c888 0x219
GetWindowThreadProcessId 0x0 0x48271c 0x8dc8c 0x8c88c 0x1a4
GDI32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteObject 0x0 0x4820c8 0x8d638 0x8c238 0xe6
AngleArc 0x0 0x4820cc 0x8d63c 0x8c23c 0x8
GetTextExtentPoint32W 0x0 0x4820d0 0x8d640 0x8c240 0x21e
ExtCreatePen 0x0 0x4820d4 0x8d644 0x8c244 0x132
StrokeAndFillPath 0x0 0x4820d8 0x8d648 0x8c248 0x2b5
StrokePath 0x0 0x4820dc 0x8d64c 0x8c24c 0x2b6
EndPath 0x0 0x4820e0 0x8d650 0x8c250 0xf3
SetPixel 0x0 0x4820e4 0x8d654 0x8c254 0x29b
CloseFigure 0x0 0x4820e8 0x8d658 0x8c258 0x1e
CreateCompatibleBitmap 0x0 0x4820ec 0x8d65c 0x8c25c 0x2f
CreateCompatibleDC 0x0 0x4820f0 0x8d660 0x8c260 0x30
SelectObject 0x0 0x4820f4 0x8d664 0x8c264 0x277
StretchBlt 0x0 0x4820f8 0x8d668 0x8c268 0x2b3
GetDIBits 0x0 0x4820fc 0x8d66c 0x8c26c 0x1ca
GetDeviceCaps 0x0 0x482100 0x8d670 0x8c270 0x1cb
MoveToEx 0x0 0x482104 0x8d674 0x8c274 0x23a
DeleteDC 0x0 0x482108 0x8d678 0x8c278 0xe3
GetPixel 0x0 0x48210c 0x8d67c 0x8c27c 0x204
CreateDCW 0x0 0x482110 0x8d680 0x8c280 0x32
Ellipse 0x0 0x482114 0x8d684 0x8c284 0xed
PolyDraw 0x0 0x482118 0x8d688 0x8c288 0x250
BeginPath 0x0 0x48211c 0x8d68c 0x8c28c 0x12
Rectangle 0x0 0x482120 0x8d690 0x8c290 0x25f
SetViewportOrgEx 0x0 0x482124 0x8d694 0x8c294 0x2a9
GetObjectW 0x0 0x482128 0x8d698 0x8c298 0x1fd
SetBkMode 0x0 0x48212c 0x8d69c 0x8c29c 0x27f
RoundRect 0x0 0x482130 0x8d6a0 0x8c2a0 0x26a
SetBkColor 0x0 0x482134 0x8d6a4 0x8c2a4 0x27e
CreatePen 0x0 0x482138 0x8d6a8 0x8c2a8 0x4b
CreateSolidBrush 0x0 0x48213c 0x8d6ac 0x8c2ac 0x54
SetTextColor 0x0 0x482140 0x8d6b0 0x8c2b0 0x2a6
CreateFontW 0x0 0x482144 0x8d6b4 0x8c2b4 0x41
GetTextFaceW 0x0 0x482148 0x8d6b8 0x8c2b8 0x224
GetStockObject 0x0 0x48214c 0x8d6bc 0x8c2bc 0x20d
LineTo 0x0 0x482150 0x8d6c0 0x8c2c0 0x236
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSaveFileNameW 0x0 0x4820bc 0x8d62c 0x8c22c 0xe
GetOpenFileNameW 0x0 0x4820c0 0x8d630 0x8c230 0xc
ADVAPI32.dll (34)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegEnumValueW 0x0 0x482000 0x8d570 0x8c170 0x252
RegDeleteValueW 0x0 0x482004 0x8d574 0x8c174 0x248
RegDeleteKeyW 0x0 0x482008 0x8d578 0x8c178 0x244
RegEnumKeyExW 0x0 0x48200c 0x8d57c 0x8c17c 0x24f
RegSetValueExW 0x0 0x482010 0x8d580 0x8c180 0x27e
RegCreateKeyExW 0x0 0x482014 0x8d584 0x8c184 0x239
GetUserNameW 0x0 0x482018 0x8d588 0x8c188 0x165
RegConnectRegistryW 0x0 0x48201c 0x8d58c 0x8c18c 0x234
CloseServiceHandle 0x0 0x482020 0x8d590 0x8c190 0x57
UnlockServiceDatabase 0x0 0x482024 0x8d594 0x8c194 0x300
OpenThreadToken 0x0 0x482028 0x8d598 0x8c198 0x1fc
OpenProcessToken 0x0 0x48202c 0x8d59c 0x8c19c 0x1f7
LookupPrivilegeValueW 0x0 0x482030 0x8d5a0 0x8c1a0 0x197
DuplicateTokenEx 0x0 0x482034 0x8d5a4 0x8c1a4 0xdf
CreateProcessAsUserW 0x0 0x482038 0x8d5a8 0x8c1a8 0x7c
CreateProcessWithLogonW 0x0 0x48203c 0x8d5ac 0x8c1ac 0x7d
InitializeSecurityDescriptor 0x0 0x482040 0x8d5b0 0x8c1b0 0x177
InitializeAcl 0x0 0x482044 0x8d5b4 0x8c1b4 0x176
GetLengthSid 0x0 0x482048 0x8d5b8 0x8c1b8 0x136
CopySid 0x0 0x48204c 0x8d5bc 0x8c1bc 0x76
LogonUserW 0x0 0x482050 0x8d5c0 0x8c1c0 0x18d
LockServiceDatabase 0x0 0x482054 0x8d5c4 0x8c1c4 0x188
GetTokenInformation 0x0 0x482058 0x8d5c8 0x8c1c8 0x15a
GetSecurityDescriptorDacl 0x0 0x48205c 0x8d5cc 0x8c1cc 0x148
GetAclInformation 0x0 0x482060 0x8d5d0 0x8c1d0 0x124
GetAce 0x0 0x482064 0x8d5d4 0x8c1d4 0x123
AddAce 0x0 0x482068 0x8d5d8 0x8c1d8 0x16
SetSecurityDescriptorDacl 0x0 0x48206c 0x8d5dc 0x8c1dc 0x2b6
RegOpenKeyExW 0x0 0x482070 0x8d5e0 0x8c1e0 0x261
RegQueryValueExW 0x0 0x482074 0x8d5e4 0x8c1e4 0x26e
AdjustTokenPrivileges 0x0 0x482078 0x8d5e8 0x8c1e8 0x1f
InitiateSystemShutdownExW 0x0 0x48207c 0x8d5ec 0x8c1ec 0x17d
OpenSCManagerW 0x0 0x482080 0x8d5f0 0x8c1f0 0x1f9
RegCloseKey 0x0 0x482084 0x8d5f4 0x8c1f4 0x230
SHELL32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryPoint 0x0 0x482464 0x8d9d4 0x8c5d4 0x20
ShellExecuteExW 0x0 0x482468 0x8d9d8 0x8c5d8 0x121
SHGetFolderPathW 0x0 0x48246c 0x8d9dc 0x8c5dc 0xc3
DragQueryFileW 0x0 0x482470 0x8d9e0 0x8c5e0 0x1f
SHEmptyRecycleBinW 0x0 0x482474 0x8d9e4 0x8c5e4 0xa5
SHBrowseForFolderW 0x0 0x482478 0x8d9e8 0x8c5e8 0x7b
SHFileOperationW 0x0 0x48247c 0x8d9ec 0x8c5ec 0xac
SHGetPathFromIDListW 0x0 0x482480 0x8d9f0 0x8c5f0 0xd7
SHGetDesktopFolder 0x0 0x482484 0x8d9f4 0x8c5f4 0xb6
SHGetMalloc 0x0 0x482488 0x8d9f8 0x8c5f8 0xcf
ExtractIconExW 0x0 0x48248c 0x8d9fc 0x8c5fc 0x2a
Shell_NotifyIconW 0x0 0x482490 0x8da00 0x8c600 0x12e
ShellExecuteW 0x0 0x482494 0x8da04 0x8c604 0x122
DragFinish 0x0 0x482498 0x8da08 0x8c608 0x1b
ole32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleSetMenuDescriptor 0x0 0x4827f0 0x8dd60 0x8c960 0x147
MkParseDisplayName 0x0 0x4827f4 0x8dd64 0x8c964 0xd4
OleSetContainedObject 0x0 0x4827f8 0x8dd68 0x8c968 0x146
CLSIDFromString 0x0 0x4827fc 0x8dd6c 0x8c96c 0x8
StringFromGUID2 0x0 0x482800 0x8dd70 0x8c970 0x179
CoInitialize 0x0 0x482804 0x8dd74 0x8c974 0x3e
CoUninitialize 0x0 0x482808 0x8dd78 0x8c978 0x6c
CoCreateInstance 0x0 0x48280c 0x8dd7c 0x8c97c 0x10
CreateStreamOnHGlobal 0x0 0x482810 0x8dd80 0x8c980 0x86
CoTaskMemAlloc 0x0 0x482814 0x8dd84 0x8c984 0x67
CoTaskMemFree 0x0 0x482818 0x8dd88 0x8c988 0x68
ProgIDFromCLSID 0x0 0x48281c 0x8dd8c 0x8c98c 0x14b
OleInitialize 0x0 0x482820 0x8dd90 0x8c990 0x132
CreateBindCtx 0x0 0x482824 0x8dd94 0x8c994 0x79
CLSIDFromProgID 0x0 0x482828 0x8dd98 0x8c998 0x6
CoInitializeSecurity 0x0 0x48282c 0x8dd9c 0x8c99c 0x40
CoCreateInstanceEx 0x0 0x482830 0x8dda0 0x8c9a0 0x11
CoSetProxyBlanket 0x0 0x482834 0x8dda4 0x8c9a4 0x63
OleUninitialize 0x0 0x482838 0x8dda8 0x8c9a8 0x149
IIDFromString 0x0 0x48283c 0x8ddac 0x8c9ac 0xcd
OLEAUT32.dll (24)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantChangeType 0xc 0x4823ec 0x8d95c 0x8c55c -
VariantCopyInd 0xb 0x4823f0 0x8d960 0x8c560 -
DispCallFunc 0x92 0x4823f4 0x8d964 0x8c564 -
CreateStdDispatch 0x20 0x4823f8 0x8d968 0x8c568 -
CreateDispTypeInfo 0x1f 0x4823fc 0x8d96c 0x8c56c -
SysFreeString 0x6 0x482400 0x8d970 0x8c570 -
SafeArrayDestroyDescriptor 0x26 0x482404 0x8d974 0x8c574 -
SafeArrayDestroyData 0x27 0x482408 0x8d978 0x8c578 -
SafeArrayUnaccessData 0x18 0x48240c 0x8d97c 0x8c57c -
SysStringLen 0x7 0x482410 0x8d980 0x8c580 -
SafeArrayAllocData 0x25 0x482414 0x8d984 0x8c584 -
GetActiveObject 0x23 0x482418 0x8d988 0x8c588 -
QueryPathOfRegTypeLib 0xa4 0x48241c 0x8d98c 0x8c58c -
SafeArrayAllocDescriptorEx 0x29 0x482420 0x8d990 0x8c590 -
SafeArrayCreateVector 0x19b 0x482424 0x8d994 0x8c594 -
SysAllocString 0x2 0x482428 0x8d998 0x8c598 -
VariantCopy 0xa 0x48242c 0x8d99c 0x8c59c -
VariantClear 0x9 0x482430 0x8d9a0 0x8c5a0 -
VariantTimeToSystemTime 0xb9 0x482434 0x8d9a4 0x8c5a4 -
VarR8FromDec 0xdc 0x482438 0x8d9a8 0x8c5a8 -
SafeArrayGetVartype 0x4d 0x48243c 0x8d9ac 0x8c5ac -
OleLoadPicture 0x1a2 0x482440 0x8d9b0 0x8c5b0 -
SafeArrayAccessData 0x17 0x482444 0x8d9b4 0x8c5b4 -
VariantInit 0x8 0x482448 0x8d9b8 0x8c5b8 -
Icons (4)
»
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Strictor.150341
Malicious
C:\Users\FD1HVy\Desktop\HexIF.hex Dropped File Binary
Malicious
...
»
Also Known As C:\Users\FD1HVy\desktop\HexInformation.exe (Dropped File)
C:\Users\FD1HVy\Desktop/HexInformation.exe (Dropped File)
C:\Users\FD1HVy\Desktop\HexInformation.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 1.94 MB
MD5 5dec089e217503791eb458d4f19ab8a8 Copy to Clipboard
SHA1 3e2df567fc7585d059895f4afec9d042b279cfaa Copy to Clipboard
SHA256 dfd96f1c0d58a4c993a623d98754a902e194aed21887531d0ccfb9eb94e6c7bf Copy to Clipboard
SSDeep 49152:6ycjiiqc7XH/J243rKlSZBa1Te+NDQJXJfBb:dcGiqc7htrH2sxJZb Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x5d8cee
Size Of Code 0x1d6e00
Size Of Initialized Data 0x19c00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2018-10-24 11:42:56+00:00
Version Information (8)
»
Assembly Version 1.0.0.0
FileDescription HexadecimalRansomware
FileVersion 1.0.0.0
InternalName HexadecimalRansomware.exe
LegalCopyright Copyright © 2018
OriginalFilename HexadecimalRansomware.exe
ProductName HexadecimalRansomware
ProductVersion 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x1d6cf4 0x1d6e00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.89
.rsrc 0x5da000 0x19820 0x19a00 0x1d7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.08
.reloc 0x5f4000 0xc 0x200 0x1f0a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x1d8cbc 0x1d6ebc 0x0
Icons (1)
»
Local AV Matches (1)
»
Threat Name Severity
Gen:Heur.Bodegun.1
Malicious
C:\Users\FD1HVy\desktop\HexLocker.exe Dropped File Binary
Malicious
...
»
Also Known As C:\Users\FD1HVy\Desktop\HexLK.hex (Dropped File)
HexLK.hex (Dropped File)
C:\Users\FD1HVy\Desktop/HexLK.hex (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 784.10 KB
MD5 f108097d18a4765a23365a8d7d8f9cec Copy to Clipboard
SHA1 ed34450f104b2c20ae2b4c90cbf65932a6f4f934 Copy to Clipboard
SHA256 0e057c1b445370fbc44da6a46121bd9491e2ed186d6dac596488eb058dbfdfeb Copy to Clipboard
SSDeep 12288:ShkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aGFbj:yRmJkcoQricOIQxiZY1iaGFbj Copy to Clipboard
ImpHash d3bf8a7746a8d1ee8f6e5960c3f69378 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x4165c1
Size Of Code 0x80800
Size Of Initialized Data 0x1dc00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2012-01-29 21:32:28+00:00
Version Information (3)
»
CompiledScript AutoIt v3 Script: 3, 3, 8, 1
FileDescription -
FileVersion 3, 3, 8, 1
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x8061c 0x80800 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.68
.rdata 0x482000 0xdfc0 0xe000 0x80c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.8
.data 0x490000 0x1a758 0x6800 0x8ec00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.15
.rsrc 0x4ab000 0x1c130 0x1c200 0x95400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.23
Imports (16)
»
WSOCK32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__WSAFDIsSet 0x97 0x482794 0x8dd04 0x8c904 -
setsockopt 0x15 0x482798 0x8dd08 0x8c908 -
ntohs 0xf 0x48279c 0x8dd0c 0x8c90c -
recvfrom 0x11 0x4827a0 0x8dd10 0x8c910 -
sendto 0x14 0x4827a4 0x8dd14 0x8c914 -
htons 0x9 0x4827a8 0x8dd18 0x8c918 -
select 0x12 0x4827ac 0x8dd1c 0x8c91c -
listen 0xd 0x4827b0 0x8dd20 0x8c920 -
WSAStartup 0x73 0x4827b4 0x8dd24 0x8c924 -
bind 0x2 0x4827b8 0x8dd28 0x8c928 -
closesocket 0x3 0x4827bc 0x8dd2c 0x8c92c -
connect 0x4 0x4827c0 0x8dd30 0x8c930 -
socket 0x17 0x4827c4 0x8dd34 0x8c934 -
send 0x13 0x4827c8 0x8dd38 0x8c938 -
WSACleanup 0x74 0x4827cc 0x8dd3c 0x8c93c -
ioctlsocket 0xa 0x4827d0 0x8dd40 0x8c940 -
accept 0x1 0x4827d4 0x8dd44 0x8c944 -
WSAGetLastError 0x6f 0x4827d8 0x8dd48 0x8c948 -
inet_addr 0xb 0x4827dc 0x8dd4c 0x8c94c -
gethostbyname 0x34 0x4827e0 0x8dd50 0x8c950 -
gethostname 0x39 0x4827e4 0x8dd54 0x8c954 -
recv 0x10 0x4827e8 0x8dd58 0x8c958 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW 0x0 0x482738 0x8dca8 0x8c8a8 0xe
GetFileVersionInfoW 0x0 0x48273c 0x8dcac 0x8c8ac 0x6
GetFileVersionInfoSizeW 0x0 0x482740 0x8dcb0 0x8c8b0 0x5
WINMM.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeGetTime 0x0 0x482784 0x8dcf4 0x8c8f4 0x94
waveOutSetVolume 0x0 0x482788 0x8dcf8 0x8c8f8 0xbb
mciSendStringW 0x0 0x48278c 0x8dcfc 0x8c8fc 0x32
COMCTL32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_Remove 0x0 0x48208c 0x8d5fc 0x8c1fc 0x6d
ImageList_SetDragCursorImage 0x0 0x482090 0x8d600 0x8c200 0x72
ImageList_BeginDrag 0x0 0x482094 0x8d604 0x8c204 0x50
ImageList_DragEnter 0x0 0x482098 0x8d608 0x8c208 0x56
ImageList_DragLeave 0x0 0x48209c 0x8d60c 0x8c20c 0x57
ImageList_EndDrag 0x0 0x4820a0 0x8d610 0x8c210 0x5e
ImageList_DragMove 0x0 0x4820a4 0x8d614 0x8c214 0x58
ImageList_ReplaceIcon 0x0 0x4820a8 0x8d618 0x8c218 0x6f
ImageList_Create 0x0 0x4820ac 0x8d61c 0x8c21c 0x53
InitCommonControlsEx 0x0 0x4820b0 0x8d620 0x8c220 0x7b
ImageList_Destroy 0x0 0x4820b4 0x8d624 0x8c224 0x54
MPR.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetCancelConnection2W 0x0 0x4823d8 0x8d948 0x8c548 0xc
WNetGetConnectionW 0x0 0x4823dc 0x8d94c 0x8c54c 0x24
WNetAddConnection2W 0x0 0x4823e0 0x8d950 0x8c550 0x6
WNetUseConnectionW 0x0 0x4823e4 0x8d954 0x8c554 0x49
WININET.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetReadFile 0x0 0x482748 0x8dcb8 0x8c8b8 0x9f
InternetCloseHandle 0x0 0x48274c 0x8dcbc 0x8c8bc 0x6b
InternetOpenW 0x0 0x482750 0x8dcc0 0x8c8c0 0x9a
InternetSetOptionW 0x0 0x482754 0x8dcc4 0x8c8c4 0xaf
InternetCrackUrlW 0x0 0x482758 0x8dcc8 0x8c8c8 0x74
HttpQueryInfoW 0x0 0x48275c 0x8dccc 0x8c8cc 0x5a
InternetConnectW 0x0 0x482760 0x8dcd0 0x8c8d0 0x72
HttpOpenRequestW 0x0 0x482764 0x8dcd4 0x8c8d4 0x58
HttpSendRequestW 0x0 0x482768 0x8dcd8 0x8c8d8 0x5e
FtpOpenFileW 0x0 0x48276c 0x8dcdc 0x8c8dc 0x35
FtpGetFileSize 0x0 0x482770 0x8dce0 0x8c8e0 0x32
InternetOpenUrlW 0x0 0x482774 0x8dce4 0x8c8e4 0x99
InternetQueryOptionW 0x0 0x482778 0x8dce8 0x8c8e8 0x9e
InternetQueryDataAvailable 0x0 0x48277c 0x8dcec 0x8c8ec 0x9b
PSAPI.DLL (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EnumProcesses 0x0 0x482450 0x8d9c0 0x8c5c0 0x6
GetModuleBaseNameW 0x0 0x482454 0x8d9c4 0x8c5c4 0xe
GetProcessMemoryInfo 0x0 0x482458 0x8d9c8 0x8c5c8 0x15
EnumProcessModules 0x0 0x48245c 0x8d9cc 0x8c5cc 0x4
USERENV.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateEnvironmentBlock 0x0 0x482724 0x8dc94 0x8c894 0x0
DestroyEnvironmentBlock 0x0 0x482728 0x8dc98 0x8c898 0x4
UnloadUserProfile 0x0 0x48272c 0x8dc9c 0x8c89c 0x2c
LoadUserProfileW 0x0 0x482730 0x8dca0 0x8c8a0 0x21
KERNEL32.dll (159)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
HeapAlloc 0x0 0x482158 0x8d6c8 0x8c2c8 0x2cb
Sleep 0x0 0x48215c 0x8d6cc 0x8c2cc 0x4b2
GetCurrentThreadId 0x0 0x482160 0x8d6d0 0x8c2d0 0x1c5
RaiseException 0x0 0x482164 0x8d6d4 0x8c2d4 0x3b1
MulDiv 0x0 0x482168 0x8d6d8 0x8c2d8 0x366
GetVersionExW 0x0 0x48216c 0x8d6dc 0x8c2dc 0x2a4
GetSystemInfo 0x0 0x482170 0x8d6e0 0x8c2e0 0x273
InterlockedIncrement 0x0 0x482174 0x8d6e4 0x8c2e4 0x2ef
InterlockedDecrement 0x0 0x482178 0x8d6e8 0x8c2e8 0x2eb
WideCharToMultiByte 0x0 0x48217c 0x8d6ec 0x8c2ec 0x511
lstrcpyW 0x0 0x482180 0x8d6f0 0x8c2f0 0x548
MultiByteToWideChar 0x0 0x482184 0x8d6f4 0x8c2f4 0x367
lstrlenW 0x0 0x482188 0x8d6f8 0x8c2f8 0x54e
lstrcmpiW 0x0 0x48218c 0x8d6fc 0x8c2fc 0x545
GetModuleHandleW 0x0 0x482190 0x8d700 0x8c300 0x218
QueryPerformanceCounter 0x0 0x482194 0x8d704 0x8c304 0x3a7
VirtualFreeEx 0x0 0x482198 0x8d708 0x8c308 0x4ed
OpenProcess 0x0 0x48219c 0x8d70c 0x8c30c 0x380
VirtualAllocEx 0x0 0x4821a0 0x8d710 0x8c310 0x4ea
WriteProcessMemory 0x0 0x4821a4 0x8d714 0x8c314 0x52e
ReadProcessMemory 0x0 0x4821a8 0x8d718 0x8c318 0x3c3
CreateFileW 0x0 0x4821ac 0x8d71c 0x8c31c 0x8f
SetFilePointerEx 0x0 0x4821b0 0x8d720 0x8c320 0x467
ReadFile 0x0 0x4821b4 0x8d724 0x8c324 0x3c0
WriteFile 0x0 0x4821b8 0x8d728 0x8c328 0x525
FlushFileBuffers 0x0 0x4821bc 0x8d72c 0x8c32c 0x157
TerminateProcess 0x0 0x4821c0 0x8d730 0x8c330 0x4c0
CreateToolhelp32Snapshot 0x0 0x4821c4 0x8d734 0x8c334 0xbe
Process32FirstW 0x0 0x4821c8 0x8d738 0x8c338 0x396
Process32NextW 0x0 0x4821cc 0x8d73c 0x8c33c 0x398
SetFileTime 0x0 0x4821d0 0x8d740 0x8c340 0x46a
GetFileAttributesW 0x0 0x4821d4 0x8d744 0x8c344 0x1ea
FindFirstFileW 0x0 0x4821d8 0x8d748 0x8c348 0x139
FindClose 0x0 0x4821dc 0x8d74c 0x8c34c 0x12e
DeleteFileW 0x0 0x4821e0 0x8d750 0x8c350 0xd6
FindNextFileW 0x0 0x4821e4 0x8d754 0x8c354 0x145
MoveFileW 0x0 0x4821e8 0x8d758 0x8c358 0x363
CopyFileW 0x0 0x4821ec 0x8d75c 0x8c35c 0x75
CreateDirectoryW 0x0 0x4821f0 0x8d760 0x8c360 0x81
RemoveDirectoryW 0x0 0x4821f4 0x8d764 0x8c364 0x403
GetProcessHeap 0x0 0x4821f8 0x8d768 0x8c368 0x24a
QueryPerformanceFrequency 0x0 0x4821fc 0x8d76c 0x8c36c 0x3a8
FindResourceW 0x0 0x482200 0x8d770 0x8c370 0x14e
LoadResource 0x0 0x482204 0x8d774 0x8c374 0x341
LockResource 0x0 0x482208 0x8d778 0x8c378 0x354
SizeofResource 0x0 0x48220c 0x8d77c 0x8c37c 0x4b1
EnumResourceNamesW 0x0 0x482210 0x8d780 0x8c380 0x102
OutputDebugStringW 0x0 0x482214 0x8d784 0x8c384 0x38a
GetLocalTime 0x0 0x482218 0x8d788 0x8c388 0x203
CompareStringW 0x0 0x48221c 0x8d78c 0x8c38c 0x64
DeleteCriticalSection 0x0 0x482220 0x8d790 0x8c390 0xd1
EnterCriticalSection 0x0 0x482224 0x8d794 0x8c394 0xee
LeaveCriticalSection 0x0 0x482228 0x8d798 0x8c398 0x339
InitializeCriticalSectionAndSpinCount 0x0 0x48222c 0x8d79c 0x8c39c 0x2e3
GetStdHandle 0x0 0x482230 0x8d7a0 0x8c3a0 0x264
CreatePipe 0x0 0x482234 0x8d7a4 0x8c3a4 0xa1
InterlockedExchange 0x0 0x482238 0x8d7a8 0x8c3a8 0x2ec
TerminateThread 0x0 0x48223c 0x8d7ac 0x8c3ac 0x4c1
GetTempPathW 0x0 0x482240 0x8d7b0 0x8c3b0 0x285
GetTempFileNameW 0x0 0x482244 0x8d7b4 0x8c3b4 0x283
VirtualFree 0x0 0x482248 0x8d7b8 0x8c3b8 0x4ec
FormatMessageW 0x0 0x48224c 0x8d7bc 0x8c3bc 0x15e
GetExitCodeProcess 0x0 0x482250 0x8d7c0 0x8c3c0 0x1df
SetErrorMode 0x0 0x482254 0x8d7c4 0x8c3c4 0x458
GetPrivateProfileStringW 0x0 0x482258 0x8d7c8 0x8c3c8 0x242
WritePrivateProfileStringW 0x0 0x48225c 0x8d7cc 0x8c3cc 0x52b
GetPrivateProfileSectionW 0x0 0x482260 0x8d7d0 0x8c3d0 0x240
WritePrivateProfileSectionW 0x0 0x482264 0x8d7d4 0x8c3d4 0x529
GetPrivateProfileSectionNamesW 0x0 0x482268 0x8d7d8 0x8c3d8 0x23f
FileTimeToLocalFileTime 0x0 0x48226c 0x8d7dc 0x8c3dc 0x124
FileTimeToSystemTime 0x0 0x482270 0x8d7e0 0x8c3e0 0x125
SystemTimeToFileTime 0x0 0x482274 0x8d7e4 0x8c3e4 0x4bd
LocalFileTimeToFileTime 0x0 0x482278 0x8d7e8 0x8c3e8 0x346
GetDriveTypeW 0x0 0x48227c 0x8d7ec 0x8c3ec 0x1d3
GetDiskFreeSpaceExW 0x0 0x482280 0x8d7f0 0x8c3f0 0x1ce
GetDiskFreeSpaceW 0x0 0x482284 0x8d7f4 0x8c3f4 0x1cf
GetVolumeInformationW 0x0 0x482288 0x8d7f8 0x8c3f8 0x2a7
SetVolumeLabelW 0x0 0x48228c 0x8d7fc 0x8c3fc 0x4a9
CreateHardLinkW 0x0 0x482290 0x8d800 0x8c400 0x93
DeviceIoControl 0x0 0x482294 0x8d804 0x8c404 0xdd
SetFileAttributesW 0x0 0x482298 0x8d808 0x8c408 0x461
GetShortPathNameW 0x0 0x48229c 0x8d80c 0x8c40c 0x261
CreateEventW 0x0 0x4822a0 0x8d810 0x8c410 0x85
SetEvent 0x0 0x4822a4 0x8d814 0x8c414 0x459
GetEnvironmentVariableW 0x0 0x4822a8 0x8d818 0x8c418 0x1dc
SetEnvironmentVariableW 0x0 0x4822ac 0x8d81c 0x8c41c 0x457
GlobalLock 0x0 0x4822b0 0x8d820 0x8c420 0x2be
GlobalUnlock 0x0 0x4822b4 0x8d824 0x8c424 0x2c5
GlobalAlloc 0x0 0x4822b8 0x8d828 0x8c428 0x2b3
GetFileSize 0x0 0x4822bc 0x8d82c 0x8c42c 0x1f0
GlobalFree 0x0 0x4822c0 0x8d830 0x8c430 0x2ba
GlobalMemoryStatusEx 0x0 0x4822c4 0x8d834 0x8c434 0x2c0
Beep 0x0 0x4822c8 0x8d838 0x8c438 0x36
GetSystemDirectoryW 0x0 0x4822cc 0x8d83c 0x8c43c 0x270
GetComputerNameW 0x0 0x4822d0 0x8d840 0x8c440 0x18f
GetWindowsDirectoryW 0x0 0x4822d4 0x8d844 0x8c444 0x2af
GetCurrentProcessId 0x0 0x4822d8 0x8d848 0x8c448 0x1c1
GetCurrentThread 0x0 0x4822dc 0x8d84c 0x8c44c 0x1c4
GetProcessIoCounters 0x0 0x4822e0 0x8d850 0x8c450 0x24e
CreateProcessW 0x0 0x4822e4 0x8d854 0x8c454 0xa8
SetPriorityClass 0x0 0x4822e8 0x8d858 0x8c458 0x47d
LoadLibraryW 0x0 0x4822ec 0x8d85c 0x8c45c 0x33f
VirtualAlloc 0x0 0x4822f0 0x8d860 0x8c460 0x4e9
LoadLibraryExW 0x0 0x4822f4 0x8d864 0x8c464 0x33e
HeapFree 0x0 0x4822f8 0x8d868 0x8c468 0x2cf
WaitForSingleObject 0x0 0x4822fc 0x8d86c 0x8c46c 0x4f9
CreateThread 0x0 0x482300 0x8d870 0x8c470 0xb5
DuplicateHandle 0x0 0x482304 0x8d874 0x8c474 0xe8
GetLastError 0x0 0x482308 0x8d878 0x8c478 0x202
CloseHandle 0x0 0x48230c 0x8d87c 0x8c47c 0x52
GetCurrentProcess 0x0 0x482310 0x8d880 0x8c480 0x1c0
GetProcAddress 0x0 0x482314 0x8d884 0x8c484 0x245
LoadLibraryA 0x0 0x482318 0x8d888 0x8c488 0x33c
FreeLibrary 0x0 0x48231c 0x8d88c 0x8c48c 0x162
GetModuleFileNameW 0x0 0x482320 0x8d890 0x8c490 0x214
GetFullPathNameW 0x0 0x482324 0x8d894 0x8c494 0x1fb
SetCurrentDirectoryW 0x0 0x482328 0x8d898 0x8c498 0x44d
IsDebuggerPresent 0x0 0x48232c 0x8d89c 0x8c49c 0x300
GetCurrentDirectoryW 0x0 0x482330 0x8d8a0 0x8c4a0 0x1bf
ExitProcess 0x0 0x482334 0x8d8a4 0x8c4a4 0x119
ExitThread 0x0 0x482338 0x8d8a8 0x8c4a8 0x11a
GetSystemTimeAsFileTime 0x0 0x48233c 0x8d8ac 0x8c4ac 0x279
ResumeThread 0x0 0x482340 0x8d8b0 0x8c4b0 0x413
GetTimeFormatW 0x0 0x482344 0x8d8b4 0x8c4b4 0x297
GetDateFormatW 0x0 0x482348 0x8d8b8 0x8c4b8 0x1c8
GetCommandLineW 0x0 0x48234c 0x8d8bc 0x8c4bc 0x187
GetStartupInfoW 0x0 0x482350 0x8d8c0 0x8c4c0 0x263
IsProcessorFeaturePresent 0x0 0x482354 0x8d8c4 0x8c4c4 0x304
HeapSize 0x0 0x482358 0x8d8c8 0x8c4c8 0x2d4
GetCPInfo 0x0 0x48235c 0x8d8cc 0x8c4cc 0x172
GetACP 0x0 0x482360 0x8d8d0 0x8c4d0 0x168
GetOEMCP 0x0 0x482364 0x8d8d4 0x8c4d4 0x237
IsValidCodePage 0x0 0x482368 0x8d8d8 0x8c4d8 0x30a
TlsAlloc 0x0 0x48236c 0x8d8dc 0x8c4dc 0x4c5
TlsGetValue 0x0 0x482370 0x8d8e0 0x8c4e0 0x4c7
TlsSetValue 0x0 0x482374 0x8d8e4 0x8c4e4 0x4c8
TlsFree 0x0 0x482378 0x8d8e8 0x8c4e8 0x4c6
SetLastError 0x0 0x48237c 0x8d8ec 0x8c4ec 0x473
UnhandledExceptionFilter 0x0 0x482380 0x8d8f0 0x8c4f0 0x4d3
SetUnhandledExceptionFilter 0x0 0x482384 0x8d8f4 0x8c4f4 0x4a5
GetStringTypeW 0x0 0x482388 0x8d8f8 0x8c4f8 0x269
HeapCreate 0x0 0x48238c 0x8d8fc 0x8c4fc 0x2cd
SetHandleCount 0x0 0x482390 0x8d900 0x8c500 0x46f
GetFileType 0x0 0x482394 0x8d904 0x8c504 0x1f3
SetStdHandle 0x0 0x482398 0x8d908 0x8c508 0x487
GetConsoleCP 0x0 0x48239c 0x8d90c 0x8c50c 0x19a
GetConsoleMode 0x0 0x4823a0 0x8d910 0x8c510 0x1ac
LCMapStringW 0x0 0x4823a4 0x8d914 0x8c514 0x32d
RtlUnwind 0x0 0x4823a8 0x8d918 0x8c518 0x418
SetFilePointer 0x0 0x4823ac 0x8d91c 0x8c51c 0x466
GetTimeZoneInformation 0x0 0x4823b0 0x8d920 0x8c520 0x298
FreeEnvironmentStringsW 0x0 0x4823b4 0x8d924 0x8c524 0x161
GetEnvironmentStringsW 0x0 0x4823b8 0x8d928 0x8c528 0x1da
GetTickCount 0x0 0x4823bc 0x8d92c 0x8c52c 0x293
HeapReAlloc 0x0 0x4823c0 0x8d930 0x8c530 0x2d2
WriteConsoleW 0x0 0x4823c4 0x8d934 0x8c534 0x524
SetEndOfFile 0x0 0x4823c8 0x8d938 0x8c538 0x453
SetSystemPowerState 0x0 0x4823cc 0x8d93c 0x8c53c 0x48a
SetEnvironmentVariableA 0x0 0x4823d0 0x8d940 0x8c540 0x456
USER32.dll (160)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetCursorInfo 0x0 0x4824a0 0x8da10 0x8c610 0x11f
RegisterHotKey 0x0 0x4824a4 0x8da14 0x8c614 0x256
ClientToScreen 0x0 0x4824a8 0x8da18 0x8c618 0x47
GetKeyboardLayoutNameW 0x0 0x4824ac 0x8da1c 0x8c61c 0x141
IsCharAlphaW 0x0 0x4824b0 0x8da20 0x8c620 0x1c4
IsCharAlphaNumericW 0x0 0x4824b4 0x8da24 0x8c624 0x1c3
IsCharLowerW 0x0 0x4824b8 0x8da28 0x8c628 0x1c6
IsCharUpperW 0x0 0x4824bc 0x8da2c 0x8c62c 0x1c8
GetMenuStringW 0x0 0x4824c0 0x8da30 0x8c630 0x158
GetSubMenu 0x0 0x4824c4 0x8da34 0x8c634 0x17a
GetCaretPos 0x0 0x4824c8 0x8da38 0x8c638 0x10a
IsZoomed 0x0 0x4824cc 0x8da3c 0x8c63c 0x1e2
MonitorFromPoint 0x0 0x4824d0 0x8da40 0x8c640 0x218
GetMonitorInfoW 0x0 0x4824d4 0x8da44 0x8c644 0x15f
SetWindowLongW 0x0 0x4824d8 0x8da48 0x8c648 0x2c4
SetLayeredWindowAttributes 0x0 0x4824dc 0x8da4c 0x8c64c 0x298
FlashWindow 0x0 0x4824e0 0x8da50 0x8c650 0xfb
GetClassLongW 0x0 0x4824e4 0x8da54 0x8c654 0x110
TranslateAcceleratorW 0x0 0x4824e8 0x8da58 0x8c658 0x2fa
IsDialogMessageW 0x0 0x4824ec 0x8da5c 0x8c65c 0x1cd
GetSysColor 0x0 0x4824f0 0x8da60 0x8c660 0x17b
InflateRect 0x0 0x4824f4 0x8da64 0x8c664 0x1b5
DrawFocusRect 0x0 0x4824f8 0x8da68 0x8c668 0xc4
DrawTextW 0x0 0x4824fc 0x8da6c 0x8c66c 0xd0
FrameRect 0x0 0x482500 0x8da70 0x8c670 0xfd
DrawFrameControl 0x0 0x482504 0x8da74 0x8c674 0xc6
FillRect 0x0 0x482508 0x8da78 0x8c678 0xf6
PtInRect 0x0 0x48250c 0x8da7c 0x8c67c 0x240
DestroyAcceleratorTable 0x0 0x482510 0x8da80 0x8c680 0xa0
CreateAcceleratorTableW 0x0 0x482514 0x8da84 0x8c684 0x58
SetCursor 0x0 0x482518 0x8da88 0x8c688 0x288
GetWindowDC 0x0 0x48251c 0x8da8c 0x8c68c 0x192
GetSystemMetrics 0x0 0x482520 0x8da90 0x8c690 0x17e
GetActiveWindow 0x0 0x482524 0x8da94 0x8c694 0x100
CharNextW 0x0 0x482528 0x8da98 0x8c698 0x31
wsprintfW 0x0 0x48252c 0x8da9c 0x8c69c 0x333
RedrawWindow 0x0 0x482530 0x8daa0 0x8c6a0 0x24a
DrawMenuBar 0x0 0x482534 0x8daa4 0x8c6a4 0xc9
DestroyMenu 0x0 0x482538 0x8daa8 0x8c6a8 0xa4
SetMenu 0x0 0x48253c 0x8daac 0x8c6ac 0x29c
GetWindowTextLengthW 0x0 0x482540 0x8dab0 0x8c6b0 0x1a2
CreateMenu 0x0 0x482544 0x8dab4 0x8c6b4 0x6a
IsDlgButtonChecked 0x0 0x482548 0x8dab8 0x8c6b8 0x1ce
DefDlgProcW 0x0 0x48254c 0x8dabc 0x8c6bc 0x95
ReleaseCapture 0x0 0x482550 0x8dac0 0x8c6c0 0x264
SetCapture 0x0 0x482554 0x8dac4 0x8c6c4 0x280
WindowFromPoint 0x0 0x482558 0x8dac8 0x8c6c8 0x32c
LoadImageW 0x0 0x48255c 0x8dacc 0x8c6cc 0x1ef
CreateIconFromResourceEx 0x0 0x482560 0x8dad0 0x8c6d0 0x66
mouse_event 0x0 0x482564 0x8dad4 0x8c6d4 0x331
ExitWindowsEx 0x0 0x482568 0x8dad8 0x8c6d8 0xf5
SetActiveWindow 0x0 0x48256c 0x8dadc 0x8c6dc 0x27f
FindWindowExW 0x0 0x482570 0x8dae0 0x8c6e0 0xf9
EnumThreadWindows 0x0 0x482574 0x8dae4 0x8c6e4 0xef
SetMenuDefaultItem 0x0 0x482578 0x8dae8 0x8c6e8 0x29e
InsertMenuItemW 0x0 0x48257c 0x8daec 0x8c6ec 0x1b9
IsMenu 0x0 0x482580 0x8daf0 0x8c6f0 0x1d2
TrackPopupMenuEx 0x0 0x482584 0x8daf4 0x8c6f4 0x2f7
GetCursorPos 0x0 0x482588 0x8daf8 0x8c6f8 0x120
DeleteMenu 0x0 0x48258c 0x8dafc 0x8c6fc 0x9e
CheckMenuRadioItem 0x0 0x482590 0x8db00 0x8c700 0x40
SetWindowPos 0x0 0x482594 0x8db04 0x8c704 0x2c6
GetMenuItemCount 0x0 0x482598 0x8db08 0x8c708 0x151
SetMenuItemInfoW 0x0 0x48259c 0x8db0c 0x8c70c 0x2a2
GetMenuItemInfoW 0x0 0x4825a0 0x8db10 0x8c710 0x154
SetForegroundWindow 0x0 0x4825a4 0x8db14 0x8c714 0x293
IsIconic 0x0 0x4825a8 0x8db18 0x8c718 0x1d1
FindWindowW 0x0 0x4825ac 0x8db1c 0x8c71c 0xfa
SystemParametersInfoW 0x0 0x4825b0 0x8db20 0x8c720 0x2ec
TranslateMessage 0x0 0x4825b4 0x8db24 0x8c724 0x2fc
SendInput 0x0 0x4825b8 0x8db28 0x8c728 0x276
GetAsyncKeyState 0x0 0x4825bc 0x8db2c 0x8c72c 0x107
SetKeyboardState 0x0 0x4825c0 0x8db30 0x8c730 0x296
GetKeyboardState 0x0 0x4825c4 0x8db34 0x8c734 0x142
GetKeyState 0x0 0x4825c8 0x8db38 0x8c738 0x13d
VkKeyScanW 0x0 0x4825cc 0x8db3c 0x8c73c 0x321
LoadStringW 0x0 0x4825d0 0x8db40 0x8c740 0x1fa
DialogBoxParamW 0x0 0x4825d4 0x8db44 0x8c744 0xac
MessageBeep 0x0 0x4825d8 0x8db48 0x8c748 0x20d
EndDialog 0x0 0x4825dc 0x8db4c 0x8c74c 0xda
SendDlgItemMessageW 0x0 0x4825e0 0x8db50 0x8c750 0x273
GetDlgItem 0x0 0x4825e4 0x8db54 0x8c754 0x127
SetWindowTextW 0x0 0x4825e8 0x8db58 0x8c758 0x2cb
CopyRect 0x0 0x4825ec 0x8db5c 0x8c75c 0x55
ReleaseDC 0x0 0x4825f0 0x8db60 0x8c760 0x265
GetDC 0x0 0x4825f4 0x8db64 0x8c764 0x121
EndPaint 0x0 0x4825f8 0x8db68 0x8c768 0xdc
BeginPaint 0x0 0x4825fc 0x8db6c 0x8c76c 0xe
GetClientRect 0x0 0x482600 0x8db70 0x8c770 0x114
GetMenu 0x0 0x482604 0x8db74 0x8c774 0x14b
DestroyWindow 0x0 0x482608 0x8db78 0x8c778 0xa6
EnumWindows 0x0 0x48260c 0x8db7c 0x8c77c 0xf2
GetDesktopWindow 0x0 0x482610 0x8db80 0x8c780 0x123
IsWindow 0x0 0x482614 0x8db84 0x8c784 0x1db
IsWindowEnabled 0x0 0x482618 0x8db88 0x8c788 0x1dc
IsWindowVisible 0x0 0x48261c 0x8db8c 0x8c78c 0x1e0
EnableWindow 0x0 0x482620 0x8db90 0x8c790 0xd8
InvalidateRect 0x0 0x482624 0x8db94 0x8c794 0x1be
GetWindowLongW 0x0 0x482628 0x8db98 0x8c798 0x196
AttachThreadInput 0x0 0x48262c 0x8db9c 0x8c79c 0xc
GetFocus 0x0 0x482630 0x8dba0 0x8c7a0 0x12c
GetWindowTextW 0x0 0x482634 0x8dba4 0x8c7a4 0x1a3
ScreenToClient 0x0 0x482638 0x8dba8 0x8c7a8 0x26d
SendMessageTimeoutW 0x0 0x48263c 0x8dbac 0x8c7ac 0x27b
EnumChildWindows 0x0 0x482640 0x8dbb0 0x8c7b0 0xdf
CharUpperBuffW 0x0 0x482644 0x8dbb4 0x8c7b4 0x3b
GetClassNameW 0x0 0x482648 0x8dbb8 0x8c7b8 0x112
GetParent 0x0 0x48264c 0x8dbbc 0x8c7bc 0x164
GetDlgCtrlID 0x0 0x482650 0x8dbc0 0x8c7c0 0x126
SendMessageW 0x0 0x482654 0x8dbc4 0x8c7c4 0x27c
MapVirtualKeyW 0x0 0x482658 0x8dbc8 0x8c7c8 0x208
PostMessageW 0x0 0x48265c 0x8dbcc 0x8c7cc 0x236
GetWindowRect 0x0 0x482660 0x8dbd0 0x8c7d0 0x19c
SetUserObjectSecurity 0x0 0x482664 0x8dbd4 0x8c7d4 0x2be
GetUserObjectSecurity 0x0 0x482668 0x8dbd8 0x8c7d8 0x18c
CloseDesktop 0x0 0x48266c 0x8dbdc 0x8c7dc 0x4a
CloseWindowStation 0x0 0x482670 0x8dbe0 0x8c7e0 0x4e
OpenDesktopW 0x0 0x482674 0x8dbe4 0x8c7e4 0x228
SetProcessWindowStation 0x0 0x482678 0x8dbe8 0x8c7e8 0x2aa
GetProcessWindowStation 0x0 0x48267c 0x8dbec 0x8c7ec 0x168
OpenWindowStationW 0x0 0x482680 0x8dbf0 0x8c7f0 0x22d
MessageBoxW 0x0 0x482684 0x8dbf4 0x8c7f4 0x215
DefWindowProcW 0x0 0x482688 0x8dbf8 0x8c7f8 0x9c
CopyImage 0x0 0x48268c 0x8dbfc 0x8c7fc 0x54
AdjustWindowRectEx 0x0 0x482690 0x8dc00 0x8c800 0x3
SetRect 0x0 0x482694 0x8dc04 0x8c804 0x2ae
SetClipboardData 0x0 0x482698 0x8dc08 0x8c808 0x286
EmptyClipboard 0x0 0x48269c 0x8dc0c 0x8c80c 0xd5
CountClipboardFormats 0x0 0x4826a0 0x8dc10 0x8c810 0x56
CloseClipboard 0x0 0x4826a4 0x8dc14 0x8c814 0x49
GetClipboardData 0x0 0x4826a8 0x8dc18 0x8c818 0x116
IsClipboardFormatAvailable 0x0 0x4826ac 0x8dc1c 0x8c81c 0x1ca
OpenClipboard 0x0 0x4826b0 0x8dc20 0x8c820 0x226
BlockInput 0x0 0x4826b4 0x8dc24 0x8c824 0xf
GetMessageW 0x0 0x4826b8 0x8dc28 0x8c828 0x15d
LockWindowUpdate 0x0 0x4826bc 0x8dc2c 0x8c82c 0x1fd
GetMenuItemID 0x0 0x4826c0 0x8dc30 0x8c830 0x152
DispatchMessageW 0x0 0x4826c4 0x8dc34 0x8c834 0xaf
MoveWindow 0x0 0x4826c8 0x8dc38 0x8c838 0x21b
SetFocus 0x0 0x4826cc 0x8dc3c 0x8c83c 0x292
PostQuitMessage 0x0 0x4826d0 0x8dc40 0x8c840 0x237
KillTimer 0x0 0x4826d4 0x8dc44 0x8c844 0x1e3
CreatePopupMenu 0x0 0x4826d8 0x8dc48 0x8c848 0x6b
RegisterWindowMessageW 0x0 0x4826dc 0x8dc4c 0x8c84c 0x263
SetTimer 0x0 0x4826e0 0x8dc50 0x8c850 0x2bb
ShowWindow 0x0 0x4826e4 0x8dc54 0x8c854 0x2df
CreateWindowExW 0x0 0x4826e8 0x8dc58 0x8c858 0x6e
RegisterClassExW 0x0 0x4826ec 0x8dc5c 0x8c85c 0x24d
LoadIconW 0x0 0x4826f0 0x8dc60 0x8c860 0x1ed
LoadCursorW 0x0 0x4826f4 0x8dc64 0x8c864 0x1eb
GetSysColorBrush 0x0 0x4826f8 0x8dc68 0x8c868 0x17c
GetForegroundWindow 0x0 0x4826fc 0x8dc6c 0x8c86c 0x12d
MessageBoxA 0x0 0x482700 0x8dc70 0x8c870 0x20e
DestroyIcon 0x0 0x482704 0x8dc74 0x8c874 0xa3
PeekMessageW 0x0 0x482708 0x8dc78 0x8c878 0x233
UnregisterHotKey 0x0 0x48270c 0x8dc7c 0x8c87c 0x308
CharLowerBuffW 0x0 0x482710 0x8dc80 0x8c880 0x2d
keybd_event 0x0 0x482714 0x8dc84 0x8c884 0x330
MonitorFromRect 0x0 0x482718 0x8dc88 0x8c888 0x219
GetWindowThreadProcessId 0x0 0x48271c 0x8dc8c 0x8c88c 0x1a4
GDI32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteObject 0x0 0x4820c8 0x8d638 0x8c238 0xe6
AngleArc 0x0 0x4820cc 0x8d63c 0x8c23c 0x8
GetTextExtentPoint32W 0x0 0x4820d0 0x8d640 0x8c240 0x21e
ExtCreatePen 0x0 0x4820d4 0x8d644 0x8c244 0x132
StrokeAndFillPath 0x0 0x4820d8 0x8d648 0x8c248 0x2b5
StrokePath 0x0 0x4820dc 0x8d64c 0x8c24c 0x2b6
EndPath 0x0 0x4820e0 0x8d650 0x8c250 0xf3
SetPixel 0x0 0x4820e4 0x8d654 0x8c254 0x29b
CloseFigure 0x0 0x4820e8 0x8d658 0x8c258 0x1e
CreateCompatibleBitmap 0x0 0x4820ec 0x8d65c 0x8c25c 0x2f
CreateCompatibleDC 0x0 0x4820f0 0x8d660 0x8c260 0x30
SelectObject 0x0 0x4820f4 0x8d664 0x8c264 0x277
StretchBlt 0x0 0x4820f8 0x8d668 0x8c268 0x2b3
GetDIBits 0x0 0x4820fc 0x8d66c 0x8c26c 0x1ca
GetDeviceCaps 0x0 0x482100 0x8d670 0x8c270 0x1cb
MoveToEx 0x0 0x482104 0x8d674 0x8c274 0x23a
DeleteDC 0x0 0x482108 0x8d678 0x8c278 0xe3
GetPixel 0x0 0x48210c 0x8d67c 0x8c27c 0x204
CreateDCW 0x0 0x482110 0x8d680 0x8c280 0x32
Ellipse 0x0 0x482114 0x8d684 0x8c284 0xed
PolyDraw 0x0 0x482118 0x8d688 0x8c288 0x250
BeginPath 0x0 0x48211c 0x8d68c 0x8c28c 0x12
Rectangle 0x0 0x482120 0x8d690 0x8c290 0x25f
SetViewportOrgEx 0x0 0x482124 0x8d694 0x8c294 0x2a9
GetObjectW 0x0 0x482128 0x8d698 0x8c298 0x1fd
SetBkMode 0x0 0x48212c 0x8d69c 0x8c29c 0x27f
RoundRect 0x0 0x482130 0x8d6a0 0x8c2a0 0x26a
SetBkColor 0x0 0x482134 0x8d6a4 0x8c2a4 0x27e
CreatePen 0x0 0x482138 0x8d6a8 0x8c2a8 0x4b
CreateSolidBrush 0x0 0x48213c 0x8d6ac 0x8c2ac 0x54
SetTextColor 0x0 0x482140 0x8d6b0 0x8c2b0 0x2a6
CreateFontW 0x0 0x482144 0x8d6b4 0x8c2b4 0x41
GetTextFaceW 0x0 0x482148 0x8d6b8 0x8c2b8 0x224
GetStockObject 0x0 0x48214c 0x8d6bc 0x8c2bc 0x20d
LineTo 0x0 0x482150 0x8d6c0 0x8c2c0 0x236
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSaveFileNameW 0x0 0x4820bc 0x8d62c 0x8c22c 0xe
GetOpenFileNameW 0x0 0x4820c0 0x8d630 0x8c230 0xc
ADVAPI32.dll (34)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegEnumValueW 0x0 0x482000 0x8d570 0x8c170 0x252
RegDeleteValueW 0x0 0x482004 0x8d574 0x8c174 0x248
RegDeleteKeyW 0x0 0x482008 0x8d578 0x8c178 0x244
RegEnumKeyExW 0x0 0x48200c 0x8d57c 0x8c17c 0x24f
RegSetValueExW 0x0 0x482010 0x8d580 0x8c180 0x27e
RegCreateKeyExW 0x0 0x482014 0x8d584 0x8c184 0x239
GetUserNameW 0x0 0x482018 0x8d588 0x8c188 0x165
RegConnectRegistryW 0x0 0x48201c 0x8d58c 0x8c18c 0x234
CloseServiceHandle 0x0 0x482020 0x8d590 0x8c190 0x57
UnlockServiceDatabase 0x0 0x482024 0x8d594 0x8c194 0x300
OpenThreadToken 0x0 0x482028 0x8d598 0x8c198 0x1fc
OpenProcessToken 0x0 0x48202c 0x8d59c 0x8c19c 0x1f7
LookupPrivilegeValueW 0x0 0x482030 0x8d5a0 0x8c1a0 0x197
DuplicateTokenEx 0x0 0x482034 0x8d5a4 0x8c1a4 0xdf
CreateProcessAsUserW 0x0 0x482038 0x8d5a8 0x8c1a8 0x7c
CreateProcessWithLogonW 0x0 0x48203c 0x8d5ac 0x8c1ac 0x7d
InitializeSecurityDescriptor 0x0 0x482040 0x8d5b0 0x8c1b0 0x177
InitializeAcl 0x0 0x482044 0x8d5b4 0x8c1b4 0x176
GetLengthSid 0x0 0x482048 0x8d5b8 0x8c1b8 0x136
CopySid 0x0 0x48204c 0x8d5bc 0x8c1bc 0x76
LogonUserW 0x0 0x482050 0x8d5c0 0x8c1c0 0x18d
LockServiceDatabase 0x0 0x482054 0x8d5c4 0x8c1c4 0x188
GetTokenInformation 0x0 0x482058 0x8d5c8 0x8c1c8 0x15a
GetSecurityDescriptorDacl 0x0 0x48205c 0x8d5cc 0x8c1cc 0x148
GetAclInformation 0x0 0x482060 0x8d5d0 0x8c1d0 0x124
GetAce 0x0 0x482064 0x8d5d4 0x8c1d4 0x123
AddAce 0x0 0x482068 0x8d5d8 0x8c1d8 0x16
SetSecurityDescriptorDacl 0x0 0x48206c 0x8d5dc 0x8c1dc 0x2b6
RegOpenKeyExW 0x0 0x482070 0x8d5e0 0x8c1e0 0x261
RegQueryValueExW 0x0 0x482074 0x8d5e4 0x8c1e4 0x26e
AdjustTokenPrivileges 0x0 0x482078 0x8d5e8 0x8c1e8 0x1f
InitiateSystemShutdownExW 0x0 0x48207c 0x8d5ec 0x8c1ec 0x17d
OpenSCManagerW 0x0 0x482080 0x8d5f0 0x8c1f0 0x1f9
RegCloseKey 0x0 0x482084 0x8d5f4 0x8c1f4 0x230
SHELL32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryPoint 0x0 0x482464 0x8d9d4 0x8c5d4 0x20
ShellExecuteExW 0x0 0x482468 0x8d9d8 0x8c5d8 0x121
SHGetFolderPathW 0x0 0x48246c 0x8d9dc 0x8c5dc 0xc3
DragQueryFileW 0x0 0x482470 0x8d9e0 0x8c5e0 0x1f
SHEmptyRecycleBinW 0x0 0x482474 0x8d9e4 0x8c5e4 0xa5
SHBrowseForFolderW 0x0 0x482478 0x8d9e8 0x8c5e8 0x7b
SHFileOperationW 0x0 0x48247c 0x8d9ec 0x8c5ec 0xac
SHGetPathFromIDListW 0x0 0x482480 0x8d9f0 0x8c5f0 0xd7
SHGetDesktopFolder 0x0 0x482484 0x8d9f4 0x8c5f4 0xb6
SHGetMalloc 0x0 0x482488 0x8d9f8 0x8c5f8 0xcf
ExtractIconExW 0x0 0x48248c 0x8d9fc 0x8c5fc 0x2a
Shell_NotifyIconW 0x0 0x482490 0x8da00 0x8c600 0x12e
ShellExecuteW 0x0 0x482494 0x8da04 0x8c604 0x122
DragFinish 0x0 0x482498 0x8da08 0x8c608 0x1b
ole32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleSetMenuDescriptor 0x0 0x4827f0 0x8dd60 0x8c960 0x147
MkParseDisplayName 0x0 0x4827f4 0x8dd64 0x8c964 0xd4
OleSetContainedObject 0x0 0x4827f8 0x8dd68 0x8c968 0x146
CLSIDFromString 0x0 0x4827fc 0x8dd6c 0x8c96c 0x8
StringFromGUID2 0x0 0x482800 0x8dd70 0x8c970 0x179
CoInitialize 0x0 0x482804 0x8dd74 0x8c974 0x3e
CoUninitialize 0x0 0x482808 0x8dd78 0x8c978 0x6c
CoCreateInstance 0x0 0x48280c 0x8dd7c 0x8c97c 0x10
CreateStreamOnHGlobal 0x0 0x482810 0x8dd80 0x8c980 0x86
CoTaskMemAlloc 0x0 0x482814 0x8dd84 0x8c984 0x67
CoTaskMemFree 0x0 0x482818 0x8dd88 0x8c988 0x68
ProgIDFromCLSID 0x0 0x48281c 0x8dd8c 0x8c98c 0x14b
OleInitialize 0x0 0x482820 0x8dd90 0x8c990 0x132
CreateBindCtx 0x0 0x482824 0x8dd94 0x8c994 0x79
CLSIDFromProgID 0x0 0x482828 0x8dd98 0x8c998 0x6
CoInitializeSecurity 0x0 0x48282c 0x8dd9c 0x8c99c 0x40
CoCreateInstanceEx 0x0 0x482830 0x8dda0 0x8c9a0 0x11
CoSetProxyBlanket 0x0 0x482834 0x8dda4 0x8c9a4 0x63
OleUninitialize 0x0 0x482838 0x8dda8 0x8c9a8 0x149
IIDFromString 0x0 0x48283c 0x8ddac 0x8c9ac 0xcd
OLEAUT32.dll (24)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantChangeType 0xc 0x4823ec 0x8d95c 0x8c55c -
VariantCopyInd 0xb 0x4823f0 0x8d960 0x8c560 -
DispCallFunc 0x92 0x4823f4 0x8d964 0x8c564 -
CreateStdDispatch 0x20 0x4823f8 0x8d968 0x8c568 -
CreateDispTypeInfo 0x1f 0x4823fc 0x8d96c 0x8c56c -
SysFreeString 0x6 0x482400 0x8d970 0x8c570 -
SafeArrayDestroyDescriptor 0x26 0x482404 0x8d974 0x8c574 -
SafeArrayDestroyData 0x27 0x482408 0x8d978 0x8c578 -
SafeArrayUnaccessData 0x18 0x48240c 0x8d97c 0x8c57c -
SysStringLen 0x7 0x482410 0x8d980 0x8c580 -
SafeArrayAllocData 0x25 0x482414 0x8d984 0x8c584 -
GetActiveObject 0x23 0x482418 0x8d988 0x8c588 -
QueryPathOfRegTypeLib 0xa4 0x48241c 0x8d98c 0x8c58c -
SafeArrayAllocDescriptorEx 0x29 0x482420 0x8d990 0x8c590 -
SafeArrayCreateVector 0x19b 0x482424 0x8d994 0x8c594 -
SysAllocString 0x2 0x482428 0x8d998 0x8c598 -
VariantCopy 0xa 0x48242c 0x8d99c 0x8c59c -
VariantClear 0x9 0x482430 0x8d9a0 0x8c5a0 -
VariantTimeToSystemTime 0xb9 0x482434 0x8d9a4 0x8c5a4 -
VarR8FromDec 0xdc 0x482438 0x8d9a8 0x8c5a8 -
SafeArrayGetVartype 0x4d 0x48243c 0x8d9ac 0x8c5ac -
OleLoadPicture 0x1a2 0x482440 0x8d9b0 0x8c5b0 -
SafeArrayAccessData 0x17 0x482444 0x8d9b4 0x8c5b4 -
VariantInit 0x8 0x482448 0x8d9b8 0x8c5b8 -
Icons (4)
»
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
hexlocker.exe 13 0x00400000 0x004C7FFF Relevant Image True 32-bit 0x00410E4B False False
...
hexlocker.exe 13 0x00400000 0x004C7FFF Final Dump True 32-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Generic.Ransom.Locked.767B115C
Malicious
C:\Users\FD1HVy\Desktop\PCRepair_rkill.dll Dropped File Binary
Whitelisted
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.72 MB
MD5 6d622dcc87edc9a7b10d35372ade816b Copy to Clipboard
SHA1 47d98825b03c507b85dec02a2297e03ebc925f30 Copy to Clipboard
SHA256 d4ac5b3c525a5fd94019d80ff81b552e73b19b1bd0a554b9609cdd5e1b00955a Copy to Clipboard
SSDeep 49152:KpEsgw14kZV2HXsMnmjEREseBSsxHnfXsrHYi2Yijig:0wYJYW Copy to Clipboard
ImpHash 136bea86936e01e1f983ef31dafa8b2a Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
PE Information
»
Image Base 0x400000
Entry Point 0x452cbb
Size Of Code 0x6d800
Size Of Initialized Data 0x147a00
File Type FileType.executable
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2018-03-13 15:08:50+00:00
Version Information (10)
»
CompanyName Bleeping Computer, LLC
FileDescription Terminates malware processes so that you can run your normal security programs.
FileVersion 2.9.1
InternalName rkill.exe
LegalCopyright © BleepingComputer.com. All rights reserved.
LegalTrademarks1 -
LegalTrademarks2 -
OriginalFilename rkill.exe
ProductName Rkill
ProductVersion 2.9.1
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x6d7c5 0x6d800 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.63
.rdata 0x46f000 0x26c48 0x26e00 0x6dc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.0
.data 0x496000 0xb064 0x4e00 0x94a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.79
.rsrc 0x4a2000 0x113490 0x113600 0x99800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.66
.reloc 0x5b6000 0x87a4 0x8800 0x1ace00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.6
Imports (7)
»
KERNEL32.dll (113)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LockResource 0x0 0x46f060 0x94e8c 0x93a8c 0x354
SizeofResource 0x0 0x46f064 0x94e90 0x93a90 0x4b1
CreateFileMappingW 0x0 0x46f068 0x94e94 0x93a94 0x8c
MapViewOfFile 0x0 0x46f06c 0x94e98 0x93a98 0x357
UnmapViewOfFile 0x0 0x46f070 0x94e9c 0x93a9c 0x4d6
GetShortPathNameW 0x0 0x46f074 0x94ea0 0x93aa0 0x261
SetLastError 0x0 0x46f078 0x94ea4 0x93aa4 0x473
GetFileAttributesW 0x0 0x46f07c 0x94ea8 0x93aa8 0x1ea
SetFileAttributesW 0x0 0x46f080 0x94eac 0x93aac 0x461
LoadResource 0x0 0x46f084 0x94eb0 0x93ab0 0x341
LocalFree 0x0 0x46f088 0x94eb4 0x93ab4 0x348
GetProcessHeap 0x0 0x46f08c 0x94eb8 0x93ab8 0x24a
SetEndOfFile 0x0 0x46f090 0x94ebc 0x93abc 0x453
CreateProcessA 0x0 0x46f094 0x94ec0 0x93ac0 0xa4
GetExitCodeProcess 0x0 0x46f098 0x94ec4 0x93ac4 0x1df
FindResourceW 0x0 0x46f09c 0x94ec8 0x93ac8 0x14e
GetEnvironmentVariableW 0x0 0x46f0a0 0x94ecc 0x93acc 0x1dc
CreateDirectoryW 0x0 0x46f0a4 0x94ed0 0x93ad0 0x81
Sleep 0x0 0x46f0a8 0x94ed4 0x93ad4 0x4b2
Process32NextW 0x0 0x46f0ac 0x94ed8 0x93ad8 0x398
TerminateProcess 0x0 0x46f0b0 0x94edc 0x93adc 0x4c0
OpenProcess 0x0 0x46f0b4 0x94ee0 0x93ae0 0x380
Process32FirstW 0x0 0x46f0b8 0x94ee4 0x93ae4 0x396
CreateToolhelp32Snapshot 0x0 0x46f0bc 0x94ee8 0x93ae8 0xbe
WaitForSingleObject 0x0 0x46f0c0 0x94eec 0x93aec 0x4f9
CreateProcessW 0x0 0x46f0c4 0x94ef0 0x93af0 0xa8
GetTickCount 0x0 0x46f0c8 0x94ef4 0x93af4 0x293
lstrlenW 0x0 0x46f0cc 0x94ef8 0x93af8 0x54e
GetLastError 0x0 0x46f0d0 0x94efc 0x93afc 0x202
FileTimeToSystemTime 0x0 0x46f0d4 0x94f00 0x93b00 0x125
FileTimeToLocalFileTime 0x0 0x46f0d8 0x94f04 0x93b04 0x124
CloseHandle 0x0 0x46f0dc 0x94f08 0x93b08 0x52
DeviceIoControl 0x0 0x46f0e0 0x94f0c 0x93b0c 0xdd
CreateFileW 0x0 0x46f0e4 0x94f10 0x93b10 0x8f
FindClose 0x0 0x46f0e8 0x94f14 0x93b14 0x12e
FindNextFileW 0x0 0x46f0ec 0x94f18 0x93b18 0x145
FindFirstFileW 0x0 0x46f0f0 0x94f1c 0x93b1c 0x139
GetCurrentProcessId 0x0 0x46f0f4 0x94f20 0x93b20 0x1c1
GetNativeSystemInfo 0x0 0x46f0f8 0x94f24 0x93b24 0x225
GetCurrentProcess 0x0 0x46f0fc 0x94f28 0x93b28 0x1c0
GetVersionExW 0x0 0x46f100 0x94f2c 0x93b2c 0x2a4
WriteConsoleW 0x0 0x46f104 0x94f30 0x93b30 0x524
IsValidLocale 0x0 0x46f108 0x94f34 0x93b34 0x30c
EnumSystemLocalesA 0x0 0x46f10c 0x94f38 0x93b38 0x10d
GetLocaleInfoA 0x0 0x46f110 0x94f3c 0x93b3c 0x204
GetUserDefaultLCID 0x0 0x46f114 0x94f40 0x93b40 0x29b
HeapSize 0x0 0x46f118 0x94f44 0x93b44 0x2d4
QueryPerformanceCounter 0x0 0x46f11c 0x94f48 0x93b48 0x3a7
GetEnvironmentStringsW 0x0 0x46f120 0x94f4c 0x93b4c 0x1da
FreeEnvironmentStringsW 0x0 0x46f124 0x94f50 0x93b50 0x161
GetFileAttributesA 0x0 0x46f128 0x94f54 0x93b54 0x1e5
SetStdHandle 0x0 0x46f12c 0x94f58 0x93b58 0x487
LoadLibraryW 0x0 0x46f130 0x94f5c 0x93b5c 0x33f
SetEnvironmentVariableA 0x0 0x46f134 0x94f60 0x93b60 0x456
GetTimeZoneInformation 0x0 0x46f138 0x94f64 0x93b64 0x298
FlushFileBuffers 0x0 0x46f13c 0x94f68 0x93b68 0x157
InterlockedIncrement 0x0 0x46f140 0x94f6c 0x93b6c 0x2ef
InterlockedDecrement 0x0 0x46f144 0x94f70 0x93b70 0x2eb
WideCharToMultiByte 0x0 0x46f148 0x94f74 0x93b74 0x511
InterlockedCompareExchange 0x0 0x46f14c 0x94f78 0x93b78 0x2e9
InterlockedExchange 0x0 0x46f150 0x94f7c 0x93b7c 0x2ec
MultiByteToWideChar 0x0 0x46f154 0x94f80 0x93b80 0x367
GetStringTypeW 0x0 0x46f158 0x94f84 0x93b84 0x269
InitializeCriticalSection 0x0 0x46f15c 0x94f88 0x93b88 0x2e2
DeleteCriticalSection 0x0 0x46f160 0x94f8c 0x93b8c 0xd1
EnterCriticalSection 0x0 0x46f164 0x94f90 0x93b90 0xee
LeaveCriticalSection 0x0 0x46f168 0x94f94 0x93b94 0x339
EncodePointer 0x0 0x46f16c 0x94f98 0x93b98 0xea
DecodePointer 0x0 0x46f170 0x94f9c 0x93b9c 0xca
GetLocaleInfoW 0x0 0x46f174 0x94fa0 0x93ba0 0x206
HeapFree 0x0 0x46f178 0x94fa4 0x93ba4 0x2cf
GetCPInfo 0x0 0x46f17c 0x94fa8 0x93ba8 0x172
HeapAlloc 0x0 0x46f180 0x94fac 0x93bac 0x2cb
GetSystemTimeAsFileTime 0x0 0x46f184 0x94fb0 0x93bb0 0x279
GetProcAddress 0x0 0x46f188 0x94fb4 0x93bb4 0x245
GetModuleHandleW 0x0 0x46f18c 0x94fb8 0x93bb8 0x218
ExitProcess 0x0 0x46f190 0x94fbc 0x93bbc 0x119
DeleteFileW 0x0 0x46f194 0x94fc0 0x93bc0 0xd6
GetTimeFormatW 0x0 0x46f198 0x94fc4 0x93bc4 0x297
GetDateFormatW 0x0 0x46f19c 0x94fc8 0x93bc8 0x1c8
HeapReAlloc 0x0 0x46f1a0 0x94fcc 0x93bcc 0x2d2
GetCommandLineW 0x0 0x46f1a4 0x94fd0 0x93bd0 0x187
HeapSetInformation 0x0 0x46f1a8 0x94fd4 0x93bd4 0x2d3
RaiseException 0x0 0x46f1ac 0x94fd8 0x93bd8 0x3b1
RtlUnwind 0x0 0x46f1b0 0x94fdc 0x93bdc 0x418
LCMapStringW 0x0 0x46f1b4 0x94fe0 0x93be0 0x32d
CompareStringW 0x0 0x46f1b8 0x94fe4 0x93be4 0x64
GetTimeFormatA 0x0 0x46f1bc 0x94fe8 0x93be8 0x295
GetDateFormatA 0x0 0x46f1c0 0x94fec 0x93bec 0x1c6
UnhandledExceptionFilter 0x0 0x46f1c4 0x94ff0 0x93bf0 0x4d3
SetUnhandledExceptionFilter 0x0 0x46f1c8 0x94ff4 0x93bf4 0x4a5
IsDebuggerPresent 0x0 0x46f1cc 0x94ff8 0x93bf8 0x300
IsProcessorFeaturePresent 0x0 0x46f1d0 0x94ffc 0x93bfc 0x304
HeapCreate 0x0 0x46f1d4 0x95000 0x93c00 0x2cd
TlsAlloc 0x0 0x46f1d8 0x95004 0x93c04 0x4c5
TlsGetValue 0x0 0x46f1dc 0x95008 0x93c08 0x4c7
TlsSetValue 0x0 0x46f1e0 0x9500c 0x93c0c 0x4c8
TlsFree 0x0 0x46f1e4 0x95010 0x93c10 0x4c6
GetCurrentThreadId 0x0 0x46f1e8 0x95014 0x93c14 0x1c5
SetHandleCount 0x0 0x46f1ec 0x95018 0x93c18 0x46f
GetStdHandle 0x0 0x46f1f0 0x9501c 0x93c1c 0x264
InitializeCriticalSectionAndSpinCount 0x0 0x46f1f4 0x95020 0x93c20 0x2e3
GetFileType 0x0 0x46f1f8 0x95024 0x93c24 0x1f3
GetStartupInfoW 0x0 0x46f1fc 0x95028 0x93c28 0x263
GetACP 0x0 0x46f200 0x9502c 0x93c2c 0x168
GetOEMCP 0x0 0x46f204 0x95030 0x93c30 0x237
IsValidCodePage 0x0 0x46f208 0x95034 0x93c34 0x30a
ReadFile 0x0 0x46f20c 0x95038 0x93c38 0x3c0
WriteFile 0x0 0x46f210 0x9503c 0x93c3c 0x525
GetModuleFileNameW 0x0 0x46f214 0x95040 0x93c40 0x214
GetConsoleCP 0x0 0x46f218 0x95044 0x93c44 0x19a
GetConsoleMode 0x0 0x46f21c 0x95048 0x93c48 0x1ac
SetFilePointer 0x0 0x46f220 0x9504c 0x93c4c 0x466
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxW 0x0 0x46f244 0x95070 0x93c70 0x215
GetSystemMetrics 0x0 0x46f248 0x95074 0x93c74 0x17e
ADVAPI32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AllocateAndInitializeSid 0x0 0x46f000 0x94e2c 0x93a2c 0x20
SetNamedSecurityInfoW 0x0 0x46f004 0x94e30 0x93a30 0x2b1
SetEntriesInAclW 0x0 0x46f008 0x94e34 0x93a34 0x2a6
GetNamedSecurityInfoW 0x0 0x46f00c 0x94e38 0x93a38 0x142
AdjustTokenPrivileges 0x0 0x46f010 0x94e3c 0x93a3c 0x1f
LookupPrivilegeValueW 0x0 0x46f014 0x94e40 0x93a40 0x197
OpenProcessToken 0x0 0x46f018 0x94e44 0x93a44 0x1f7
ControlService 0x0 0x46f01c 0x94e48 0x93a48 0x5c
QueryServiceStatus 0x0 0x46f020 0x94e4c 0x93a4c 0x228
RegDeleteValueW 0x0 0x46f024 0x94e50 0x93a50 0x248
RegSetValueExW 0x0 0x46f028 0x94e54 0x93a54 0x27e
RegCreateKeyExW 0x0 0x46f02c 0x94e58 0x93a58 0x239
RegDeleteKeyW 0x0 0x46f030 0x94e5c 0x93a5c 0x244
RegEnumValueW 0x0 0x46f034 0x94e60 0x93a60 0x252
CloseServiceHandle 0x0 0x46f038 0x94e64 0x93a64 0x57
OpenServiceW 0x0 0x46f03c 0x94e68 0x93a68 0x1fb
OpenSCManagerW 0x0 0x46f040 0x94e6c 0x93a6c 0x1f9
RegCloseKey 0x0 0x46f044 0x94e70 0x93a70 0x230
RegQueryValueExW 0x0 0x46f048 0x94e74 0x93a74 0x26e
RegEnumKeyExW 0x0 0x46f04c 0x94e78 0x93a78 0x24f
RegQueryInfoKeyW 0x0 0x46f050 0x94e7c 0x93a7c 0x268
RegOpenKeyExW 0x0 0x46f054 0x94e80 0x93a80 0x261
FreeSid 0x0 0x46f058 0x94e84 0x93a84 0x120
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFolderPathW 0x0 0x46f234 0x95060 0x93c60 0xc3
PSAPI.DLL (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleFileNameExW 0x0 0x46f228 0x95054 0x93c54 0x10
EnumProcessModules 0x0 0x46f22c 0x95058 0x93c58 0x4
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrStrIW 0x0 0x46f23c 0x95068 0x93c68 0x145
WINTRUST.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptCATAdminReleaseCatalogContext 0x0 0x46f250 0x9507c 0x93c7c 0x7
CryptCATAdminAcquireContext 0x0 0x46f254 0x95080 0x93c80 0x2
CryptCATAdminReleaseContext 0x0 0x46f258 0x95084 0x93c84 0x8
CryptCATAdminCalcHashFromFileHandle 0x0 0x46f25c 0x95088 0x93c88 0x4
WinVerifyTrust 0x0 0x46f260 0x9508c 0x93c8c 0x73
CryptCATAdminEnumCatalogFromHash 0x0 0x46f264 0x95090 0x93c90 0x5
CryptCATCatalogInfoFromContext 0x0 0x46f268 0x95094 0x93c94 0x14
Digital Signatures (2)
»
Certificate: Bleeping Computer, LLC.
»
Issued by Bleeping Computer, LLC.
Parent Certificate COMODO RSA Code Signing CA
Country Name US
Valid From 2018-03-13 00:00:00+00:00
Valid Until 2021-03-12 23:59:59+00:00
Algorithm sha256_rsa
Serial Number 37 76 9E E4 0A DB 40 B3 25 F0 1C AA A6 CF 1A 66
Thumbprint E7 BD BE EF FB 9C C6 DD FF B6 41 24 E1 C0 70 D1 B9 53 B4 DE
Certificate: COMODO RSA Code Signing CA
»
Issued by COMODO RSA Code Signing CA
Country Name GB
Valid From 2013-05-09 00:00:00+00:00
Valid Until 2028-05-08 23:59:59+00:00
Algorithm sha384_rsa
Serial Number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
Thumbprint B6 9E 75 2B BE 88 B4 45 82 00 A7 C0 F4 F5 B3 CC E6 F3 5B 47
C:\Users\FD1HVy\AppData\Local\Temp\9B7B.tmp\9BBA.tmp\9BCB.bat Dropped File Batch
Unknown
...
»
Mime Type application/x-bat
File Size 489 Bytes
MD5 4ba14db933e86ab78577f5f56f1fb1ea Copy to Clipboard
SHA1 6d544deb56787d303beffbfc0e887f52dbf149b5 Copy to Clipboard
SHA256 7887fe33d26e1d3f0f6776545164f5303aa2efdfccb3904158a4fcfa268b21b9 Copy to Clipboard
SSDeep 12:NS9uljwwwzi6/SNHSuVUxVzPLfsRz62gbLfsO2lLfs8vFnLfyozu:QJ/SwuVUxVzjPZdYRFLKH Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\SafePC_ver1.0.dll Dropped File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 44.00 KB
MD5 0fb39f2233ff0f50f115c3db0478a35c Copy to Clipboard
SHA1 f65c96b98a86e6978f416085eff4b3727634e8f6 Copy to Clipboard
SHA256 bf629256d396afed4bc728ff9d06730860e9d78291595b9fdad2016a811b60a5 Copy to Clipboard
SSDeep 384:lY/q2zRI5zj1E+R9Wo1+toSFYI98ZrKZCJQgm6NGMN95KKVJsoEEjcOcVuQbPjZC:OC2+yGPIGI9qHQMN95BxjcNVucDBgo Copy to Clipboard
ImpHash cbd4d52d13c666ada6680d0693deca35 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401620
Size Of Code 0x8000
Size Of Initialized Data 0x2000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2011-10-05 04:19:42+00:00
Version Information (9)
»
CompanyName woenxkatrox.blogspot.com
FileDescription Protect Your Disk
FileVersion 1.00.0005
InternalName KPD
LegalCopyright SMP NEGERI 2 SUKOHARJO
LegalTrademarks Indonesia
OriginalFilename KPD.exe
ProductName KatroX Protect Disk
ProductVersion 1.00.0005
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x7f2c 0x8000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.02
.data 0x409000 0xd50 0x1000 0x9000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x40a000 0xccc 0x1000 0xa000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.65
Imports (1)
»
MSVBVM60.DLL (101)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x2b2 0x401000 0x88ac 0x88ac -
_CIcos 0x0 0x401004 0x88b0 0x88b0 0x0
_adj_fptan 0x0 0x401008 0x88b4 0x88b4 0x0
__vbaStrI4 0x0 0x40100c 0x88b8 0x88b8 0x0
__vbaVarMove 0x0 0x401010 0x88bc 0x88bc 0x0
(by ordinal) 0x24b 0x401014 0x88c0 0x88c0 -
__vbaFreeVar 0x0 0x401018 0x88c4 0x88c4 0x0
__vbaLenBstr 0x0 0x40101c 0x88c8 0x88c8 0x0
__vbaStrVarMove 0x0 0x401020 0x88cc 0x88cc 0x0
__vbaFreeVarList 0x0 0x401024 0x88d0 0x88d0 0x0
_adj_fdiv_m64 0x0 0x401028 0x88d4 0x88d4 0x0
__vbaFreeObjList 0x0 0x40102c 0x88d8 0x88d8 0x0
(by ordinal) 0x204 0x401030 0x88dc 0x88dc -
_adj_fprem1 0x0 0x401034 0x88e0 0x88e0 0x0
__vbaCopyBytes 0x0 0x401038 0x88e4 0x88e4 0x0
__vbaStrCat 0x0 0x40103c 0x88e8 0x88e8 0x0
__vbaRecDestruct 0x0 0x401040 0x88ec 0x88ec 0x0
__vbaSetSystemError 0x0 0x401044 0x88f0 0x88f0 0x0
__vbaHresultCheckObj 0x0 0x401048 0x88f4 0x88f4 0x0
_adj_fdiv_m32 0x0 0x40104c 0x88f8 0x88f8 0x0
__vbaAryDestruct 0x0 0x401050 0x88fc 0x88fc 0x0
(by ordinal) 0x251 0x401054 0x8900 0x8900 -
__vbaExitProc 0x0 0x401058 0x8904 0x8904 0x0
(by ordinal) 0x12c 0x40105c 0x8908 0x8908 -
(by ordinal) 0x252 0x401060 0x890c 0x890c -
(by ordinal) 0x253 0x401064 0x8910 0x8910 -
__vbaObjSet 0x0 0x401068 0x8914 0x8914 0x0
__vbaOnError 0x0 0x40106c 0x8918 0x8918 0x0
_adj_fdiv_m16i 0x0 0x401070 0x891c 0x891c 0x0
(by ordinal) 0x12f 0x401074 0x8920 0x8920 -
_adj_fdivr_m16i 0x0 0x401078 0x8924 0x8924 0x0
(by ordinal) 0x132 0x40107c 0x8928 0x8928 -
__vbaStrFixstr 0x0 0x401080 0x892c 0x892c 0x0
(by ordinal) 0x135 0x401084 0x8930 0x8930 -
_CIsin 0x0 0x401088 0x8934 0x8934 0x0
(by ordinal) 0x278 0x40108c 0x8938 0x8938 -
__vbaChkstk 0x0 0x401090 0x893c 0x893c 0x0
__vbaFileClose 0x0 0x401094 0x8940 0x8940 0x0
EVENT_SINK_AddRef 0x0 0x401098 0x8944 0x8944 0x0
__vbaGenerateBoundsError 0x0 0x40109c 0x8948 0x8948 0x0
(by ordinal) 0x211 0x4010a0 0x894c 0x894c -
__vbaStrCmp 0x0 0x4010a4 0x8950 0x8950 0x0
__vbaAryConstruct2 0x0 0x4010a8 0x8954 0x8954 0x0
__vbaPutOwner4 0x0 0x4010ac 0x8958 0x8958 0x0
__vbaI2I4 0x0 0x4010b0 0x895c 0x895c 0x0
DllFunctionCall 0x0 0x4010b4 0x8960 0x8960 0x0
_adj_fpatan 0x0 0x4010b8 0x8964 0x8964 0x0
EVENT_SINK_Release 0x0 0x4010bc 0x8968 0x8968 0x0
__vbaUI1I2 0x0 0x4010c0 0x896c 0x896c 0x0
_CIsqrt 0x0 0x4010c4 0x8970 0x8970 0x0
EVENT_SINK_QueryInterface 0x0 0x4010c8 0x8974 0x8974 0x0
__vbaExceptHandler 0x0 0x4010cc 0x8978 0x8978 0x0
__vbaInputFile 0x0 0x4010d0 0x897c 0x897c 0x0
__vbaPrintFile 0x0 0x4010d4 0x8980 0x8980 0x0
__vbaStrToUnicode 0x0 0x4010d8 0x8984 0x8984 0x0
_adj_fprem 0x0 0x4010dc 0x8988 0x8988 0x0
_adj_fdivr_m64 0x0 0x4010e0 0x898c 0x898c 0x0
(by ordinal) 0x260 0x4010e4 0x8990 0x8990 -
(by ordinal) 0x213 0x4010e8 0x8994 0x8994 -
__vbaFPException 0x0 0x4010ec 0x8998 0x8998 0x0
(by ordinal) 0x214 0x4010f0 0x899c 0x899c -
__vbaUbound 0x0 0x4010f4 0x89a0 0x89a0 0x0
__vbaStrVarVal 0x0 0x4010f8 0x89a4 0x89a4 0x0
__vbaGetOwner4 0x0 0x4010fc 0x89a8 0x89a8 0x0
__vbaVarCat 0x0 0x401100 0x89ac 0x89ac 0x0
(by ordinal) 0x217 0x401104 0x89b0 0x89b0 -
_CIlog 0x0 0x401108 0x89b4 0x89b4 0x0
__vbaErrorOverflow 0x0 0x40110c 0x89b8 0x89b8 0x0
__vbaFileOpen 0x0 0x401110 0x89bc 0x89bc 0x0
(by ordinal) 0x288 0x401114 0x89c0 0x89c0 -
__vbaNew2 0x0 0x401118 0x89c4 0x89c4 0x0
__vbaR8Str 0x0 0x40111c 0x89c8 0x89c8 0x0
(by ordinal) 0x23b 0x401120 0x89cc 0x89cc -
_adj_fdiv_m32i 0x0 0x401124 0x89d0 0x89d0 0x0
_adj_fdivr_m32i 0x0 0x401128 0x89d4 0x89d4 0x0
(by ordinal) 0x23d 0x40112c 0x89d8 0x89d8 -
__vbaStrCopy 0x0 0x401130 0x89dc 0x89dc 0x0
(by ordinal) 0x2a9 0x401134 0x89e0 0x89e0 -
__vbaFreeStrList 0x0 0x401138 0x89e4 0x89e4 0x0
_adj_fdivr_m32 0x0 0x40113c 0x89e8 0x89e8 0x0
__vbaPowerR8 0x0 0x401140 0x89ec 0x89ec 0x0
_adj_fdiv_r 0x0 0x401144 0x89f0 0x89f0 0x0
(by ordinal) 0x2ad 0x401148 0x89f4 0x89f4 -
(by ordinal) 0x242 0x40114c 0x89f8 0x89f8 -
(by ordinal) 0x64 0x401150 0x89fc 0x89fc -
(by ordinal) 0x2b1 0x401154 0x8a00 0x8a00 -
__vbaVarDup 0x0 0x401158 0x8a04 0x8a04 0x0
__vbaStrToAnsi 0x0 0x40115c 0x8a08 0x8a08 0x0
__vbaFpI2 0x0 0x401160 0x8a0c 0x8a0c 0x0
__vbaVarCopy 0x0 0x401164 0x8a10 0x8a10 0x0
(by ordinal) 0x269 0x401168 0x8a14 0x8a14 -
_CIatan 0x0 0x40116c 0x8a18 0x8a18 0x0
__vbaStrMove 0x0 0x401170 0x8a1c 0x8a1c 0x0
__vbaStrVarCopy 0x0 0x401174 0x8a20 0x8a20 0x0
_allmul 0x0 0x401178 0x8a24 0x8a24 0x0
_CItan 0x0 0x40117c 0x8a28 0x8a28 0x0
_CIexp 0x0 0x401180 0x8a2c 0x8a2c 0x0
__vbaR8FixI2 0x0 0x401184 0x8a30 0x8a30 0x0
(by ordinal) 0x244 0x401188 0x8a34 0x8a34 -
__vbaFreeObj 0x0 0x40118c 0x8a38 0x8a38 0x0
__vbaFreeStr 0x0 0x401190 0x8a3c 0x8a3c 0x0
Icons (1)
»
C:\Users\FD1HVy\Desktop\AES256Encrypt.256 Dropped File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 78.00 KB
MD5 4b76082b7608ee7ff6ed4513d0b835c8 Copy to Clipboard
SHA1 fc2785402802c1d7468d04c8e73b321e41f2c35f Copy to Clipboard
SHA256 814d0cf1240691d4aacf744f82cb84dab8d07b5b4a24324cc1377d7dbd035cf9 Copy to Clipboard
SSDeep 1536:RlI/QTSoWCC+rKEtQwNq2aiVRb2p1fCdUjIYH9DqV2mctEBP:fI/QTSoo+rKEtQcqw3b2bCYH9GV2mc2V Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x414b32
Size Of Code 0x12c00
Size Of Initialized Data 0xa00
File Type FileType.executable
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2016-04-15 06:12:31+00:00
Version Information (11)
»
Assembly Version 0.0.2.4
Comments Data Chest Application. Provide File Encryption and Decryption.
CompanyName TeamDEV Korea
FileDescription DataChest
FileVersion 0.0.2.4
InternalName dc.exe
LegalCopyright TeamDEV Korea, 2016.
LegalTrademarks -
OriginalFilename dc.exe
ProductName dc
ProductVersion 0.0.2.4
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x12b58 0x12c00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.01
.rsrc 0x416000 0x624 0x800 0x12e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.48
.reloc 0x418000 0xc 0x200 0x13600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x14b08 0x12d08 0x0
C:\Users\FD1HVy\Desktop\Hexadecimal_Calculator.ns Dropped File Image
Unknown
...
»
Mime Type image/gif
File Size 13.00 KB
MD5 fd672424605b364a2d8d9ab9d23cef93 Copy to Clipboard
SHA1 28a878e8b6b9dd0a2318b9e42726b7fe0e3b0e11 Copy to Clipboard
SHA256 149126ba8e3126f0ed63b26c40af66398e8263a77303478f31822a0d739b388a Copy to Clipboard
SSDeep 384:Mx4oiat1mwKyH1bEskOzfQWU8bkONPoZWZQ9E:wjtnKgbEs5zo8baZyqE Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\sorry.form Dropped File Video
Unknown
...
»
Mime Type video/x-msvideo
File Size 1.08 MB
MD5 7e2755e97577a4cc87a094da5a43b9b3 Copy to Clipboard
SHA1 5b13d9e0b55decebcac732e21d83b1097a96995b Copy to Clipboard
SHA256 74b49ae1d629a325e110aac257bf6d5027bab18b11268e7918f7c400010d3d40 Copy to Clipboard
SSDeep 24576:nqtIDRwIwBcetYqhK6YSU/qSudEA4O4Rc+c/rFI4Jpko9Jq:yIDqvmIU/AdEA4ODRrFI4JqV Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\desktop\HexDecryptor.exe Dropped File Binary
Unknown
...
»
Also Known As C:\Users\FD1HVy\Desktop\HexDCIF.hex (Dropped File)
HexDCIF.hex (Dropped File)
C:\Users\FD1HVy\Desktop/HexDCIF.hex (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 189.50 KB
MD5 e46478badc7f3d6024928d13f56570f5 Copy to Clipboard
SHA1 424e0b4e6dadb81a03c23b4bc36c857ecd3a9abe Copy to Clipboard
SHA256 cab731ef60673346b91356dd1903e46f959b31b57f3a09823c277de323f985f6 Copy to Clipboard
SSDeep 1536:xT7ftfkS5g9YOms+gZcQipICdXkNDqLLZX9lItVGL++eIOlnToIfawSlWWfeOy:xPFfHgTWmCRkGbKGLeNTBfaXlk Copy to Clipboard
ImpHash 2c5f2513605e48f2d8ea5440a870cb9e Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401000
Size Of Code 0x11200
Size Of Initialized Data 0x1e000
File Type FileType.executable
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2018-02-01 20:18:05+00:00
Packer PureBasic 4.x -> Neil Hodgson
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.code 0x401000 0x387e 0x3a00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.53
.text 0x405000 0xd642 0xd800 0x3e00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.55
.rdata 0x413000 0x33a8 0x3400 0x11600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.11
.data 0x417000 0x178c 0x1200 0x14a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.1
.rsrc 0x419000 0x1995c 0x19a00 0x15c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.1
Imports (9)
»
MSVCRT.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
memset 0x0 0x417470 0x17234 0x14c34 0x299
wcsncmp 0x0 0x417474 0x17238 0x14c38 0x2e8
memmove 0x0 0x417478 0x1723c 0x14c3c 0x298
wcsncpy 0x0 0x41747c 0x17240 0x14c40 0x2e9
wcsstr 0x0 0x417480 0x17244 0x14c44 0x2ed
_wcsnicmp 0x0 0x417484 0x17248 0x14c48 0x1ee
_wcsdup 0x0 0x417488 0x1724c 0x14c4c 0x1e9
free 0x0 0x41748c 0x17250 0x14c50 0x25e
_wcsicmp 0x0 0x417490 0x17254 0x14c54 0x1ea
wcslen 0x0 0x417494 0x17258 0x14c58 0x2e6
wcscpy 0x0 0x417498 0x1725c 0x14c5c 0x2e3
wcscmp 0x0 0x41749c 0x17260 0x14c60 0x2e1
wcscat 0x0 0x4174a0 0x17264 0x14c64 0x2df
memcpy 0x0 0x4174a4 0x17268 0x14c68 0x297
tolower 0x0 0x4174a8 0x1726c 0x14c6c 0x2d3
malloc 0x0 0x4174ac 0x17270 0x14c70 0x291
KERNEL32.dll (72)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleW 0x0 0x4174b4 0x17278 0x14c78 0x1fa
HeapCreate 0x0 0x4174b8 0x1727c 0x14c7c 0x2a4
GetStdHandle 0x0 0x4174bc 0x17280 0x14c80 0x23e
SetConsoleCtrlHandler 0x0 0x4174c0 0x17284 0x14c84 0x3af
HeapDestroy 0x0 0x4174c4 0x17288 0x14c88 0x2a5
ExitProcess 0x0 0x4174c8 0x1728c 0x14c8c 0x105
WriteFile 0x0 0x4174cc 0x17290 0x14c90 0x497
GetTempFileNameW 0x0 0x4174d0 0x17294 0x14c94 0x25d
LoadLibraryExW 0x0 0x4174d4 0x17298 0x14c98 0x2f8
EnumResourceTypesW 0x0 0x4174d8 0x1729c 0x14c9c 0xf2
FreeLibrary 0x0 0x4174dc 0x172a0 0x14ca0 0x14d
RemoveDirectoryW 0x0 0x4174e0 0x172a4 0x14ca4 0x386
EnumResourceNamesW 0x0 0x4174e4 0x172a8 0x14ca8 0xee
GetCommandLineW 0x0 0x4174e8 0x172ac 0x14cac 0x171
LoadResource 0x0 0x4174ec 0x172b0 0x14cb0 0x2fb
SizeofResource 0x0 0x4174f0 0x172b4 0x14cb4 0x42a
FreeResource 0x0 0x4174f4 0x172b8 0x14cb8 0x150
FindResourceW 0x0 0x4174f8 0x172bc 0x14cbc 0x13a
GetNativeSystemInfo 0x0 0x4174fc 0x172c0 0x14cc0 0x207
GetShortPathNameW 0x0 0x417500 0x172c4 0x14cc4 0x23b
GetWindowsDirectoryW 0x0 0x417504 0x172c8 0x14cc8 0x286
GetSystemDirectoryW 0x0 0x417508 0x172cc 0x14ccc 0x24a
EnterCriticalSection 0x0 0x41750c 0x172d0 0x14cd0 0xda
CloseHandle 0x0 0x417510 0x172d4 0x14cd4 0x44
LeaveCriticalSection 0x0 0x417514 0x172d8 0x14cd8 0x2f4
InitializeCriticalSection 0x0 0x417518 0x172dc 0x14cdc 0x2b9
WaitForSingleObject 0x0 0x41751c 0x172e0 0x14ce0 0x46e
TerminateThread 0x0 0x417520 0x172e4 0x14ce4 0x438
CreateThread 0x0 0x417524 0x172e8 0x14ce8 0xa4
GetProcAddress 0x0 0x417528 0x172ec 0x14cec 0x222
GetVersionExW 0x0 0x41752c 0x172f0 0x14cf0 0x27b
Sleep 0x0 0x417530 0x172f4 0x14cf4 0x42b
WideCharToMultiByte 0x0 0x417534 0x172f8 0x14cf8 0x484
HeapAlloc 0x0 0x417538 0x172fc 0x14cfc 0x2a2
HeapFree 0x0 0x41753c 0x17300 0x14d00 0x2a6
LoadLibraryW 0x0 0x417540 0x17304 0x14d04 0x2f9
GetCurrentProcessId 0x0 0x417544 0x17308 0x14d08 0x1ab
GetCurrentThreadId 0x0 0x417548 0x1730c 0x14d0c 0x1ae
GetModuleFileNameW 0x0 0x41754c 0x17310 0x14d10 0x1f6
PeekNamedPipe 0x0 0x417550 0x17314 0x14d14 0x343
TerminateProcess 0x0 0x417554 0x17318 0x14d18 0x437
GetEnvironmentVariableW 0x0 0x417558 0x1731c 0x14d1c 0x1c4
SetEnvironmentVariableW 0x0 0x41755c 0x17320 0x14d20 0x3d9
GetCurrentProcess 0x0 0x417560 0x17324 0x14d24 0x1aa
DuplicateHandle 0x0 0x417564 0x17328 0x14d28 0xd5
CreatePipe 0x0 0x417568 0x1732c 0x14d2c 0x92
CreateProcessW 0x0 0x41756c 0x17330 0x14d30 0x98
GetExitCodeProcess 0x0 0x417570 0x17334 0x14d34 0x1c6
SetUnhandledExceptionFilter 0x0 0x417574 0x17338 0x14d38 0x41f
HeapSize 0x0 0x417578 0x1733c 0x14d3c 0x2ab
MultiByteToWideChar 0x0 0x41757c 0x17340 0x14d40 0x31f
CreateDirectoryW 0x0 0x417580 0x17344 0x14d44 0x72
SetFileAttributesW 0x0 0x417584 0x17348 0x14d48 0x3e2
GetTempPathW 0x0 0x417588 0x1734c 0x14d4c 0x25f
DeleteFileW 0x0 0x41758c 0x17350 0x14d50 0xc4
GetCurrentDirectoryW 0x0 0x417590 0x17354 0x14d54 0x1a9
SetCurrentDirectoryW 0x0 0x417594 0x17358 0x14d58 0x3cf
CreateFileW 0x0 0x417598 0x1735c 0x14d5c 0x80
SetFilePointer 0x0 0x41759c 0x17360 0x14d60 0x3e7
TlsFree 0x0 0x4175a0 0x17364 0x14d64 0x43d
TlsGetValue 0x0 0x4175a4 0x17368 0x14d68 0x43e
TlsSetValue 0x0 0x4175a8 0x1736c 0x14d6c 0x43f
TlsAlloc 0x0 0x4175ac 0x17370 0x14d70 0x43c
HeapReAlloc 0x0 0x4175b0 0x17374 0x14d74 0x2a9
DeleteCriticalSection 0x0 0x4175b4 0x17378 0x14d78 0xbf
InterlockedCompareExchange 0x0 0x4175b8 0x1737c 0x14d7c 0x2bf
InterlockedExchange 0x0 0x4175bc 0x17380 0x14d80 0x2c2
GetLastError 0x0 0x4175c0 0x17384 0x14d84 0x1e7
SetLastError 0x0 0x4175c4 0x17388 0x14d88 0x3f4
UnregisterWait 0x0 0x4175c8 0x1738c 0x14d8c 0x44f
GetCurrentThread 0x0 0x4175cc 0x17390 0x14d90 0x1ad
RegisterWaitForSingleObject 0x0 0x4175d0 0x17394 0x14d94 0x378
USER32.DLL (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharUpperW 0x0 0x4175d8 0x1739c 0x14d9c 0x0
CharLowerW 0x0 0x4175dc 0x173a0 0x14da0 0x0
MessageBoxW 0x0 0x4175e0 0x173a4 0x14da4 0x0
DefWindowProcW 0x0 0x4175e4 0x173a8 0x14da8 0x0
DestroyWindow 0x0 0x4175e8 0x173ac 0x14dac 0x0
GetWindowLongW 0x0 0x4175ec 0x173b0 0x14db0 0x0
GetWindowTextLengthW 0x0 0x4175f0 0x173b4 0x14db4 0x0
GetWindowTextW 0x0 0x4175f4 0x173b8 0x14db8 0x0
UnregisterClassW 0x0 0x4175f8 0x173bc 0x14dbc 0x0
LoadIconW 0x0 0x4175fc 0x173c0 0x14dc0 0x0
LoadCursorW 0x0 0x417600 0x173c4 0x14dc4 0x0
RegisterClassExW 0x0 0x417604 0x173c8 0x14dc8 0x0
IsWindowEnabled 0x0 0x417608 0x173cc 0x14dcc 0x0
EnableWindow 0x0 0x41760c 0x173d0 0x14dd0 0x0
GetSystemMetrics 0x0 0x417610 0x173d4 0x14dd4 0x0
CreateWindowExW 0x0 0x417614 0x173d8 0x14dd8 0x0
SetWindowLongW 0x0 0x417618 0x173dc 0x14ddc 0x0
SendMessageW 0x0 0x41761c 0x173e0 0x14de0 0x0
SetFocus 0x0 0x417620 0x173e4 0x14de4 0x0
CreateAcceleratorTableW 0x0 0x417624 0x173e8 0x14de8 0x0
SetForegroundWindow 0x0 0x417628 0x173ec 0x14dec 0x0
BringWindowToTop 0x0 0x41762c 0x173f0 0x14df0 0x0
GetMessageW 0x0 0x417630 0x173f4 0x14df4 0x0
TranslateAcceleratorW 0x0 0x417634 0x173f8 0x14df8 0x0
TranslateMessage 0x0 0x417638 0x173fc 0x14dfc 0x0
DispatchMessageW 0x0 0x41763c 0x17400 0x14e00 0x0
DestroyAcceleratorTable 0x0 0x417640 0x17404 0x14e04 0x0
PostMessageW 0x0 0x417644 0x17408 0x14e08 0x0
GetForegroundWindow 0x0 0x417648 0x1740c 0x14e0c 0x0
GetWindowThreadProcessId 0x0 0x41764c 0x17410 0x14e10 0x0
IsWindowVisible 0x0 0x417650 0x17414 0x14e14 0x0
EnumWindows 0x0 0x417654 0x17418 0x14e18 0x0
SetWindowPos 0x0 0x417658 0x1741c 0x14e1c 0x0
GDI32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStockObject 0x0 0x417660 0x17424 0x14e24 0x0
COMCTL32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControlsEx 0x0 0x417668 0x1742c 0x14e2c 0x0
SHELL32.DLL (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteExW 0x0 0x417670 0x17434 0x14e34 0x0
SHGetFolderLocation 0x0 0x417674 0x17438 0x14e38 0x0
SHGetPathFromIDListW 0x0 0x417678 0x1743c 0x14e3c 0x0
WINMM.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeBeginPeriod 0x0 0x417680 0x17444 0x14e44 0x0
OLE32.DLL (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitialize 0x0 0x417688 0x1744c 0x14e4c 0x0
CoTaskMemFree 0x0 0x41768c 0x17450 0x14e50 0x0
SHLWAPI.DLL (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathAddBackslashW 0x0 0x417694 0x17458 0x14e58 0x0
PathRenameExtensionW 0x0 0x417698 0x1745c 0x14e5c 0x0
PathQuoteSpacesW 0x0 0x41769c 0x17460 0x14e60 0x0
PathRemoveArgsW 0x0 0x4176a0 0x17464 0x14e64 0x0
PathRemoveBackslashW 0x0 0x4176a4 0x17468 0x14e68 0x0
Icons (1)
»
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
hexdecryptor.exe 11 0x00400000 0x00432FFF Relevant Image True 32-bit 0x0040E470 False False
...
hexdecryptor.exe 11 0x00400000 0x00432FFF Final Dump True 32-bit - False False
...
C:\Users\FD1HVy\AppData\Local\Temp\4AD5.tmp\4AD6.tmp\4AD7.bat Dropped File Batch
Unknown
...
»
Mime Type application/x-bat
File Size 582 Bytes
MD5 5549a431a076b7687e77fbe51ab28872 Copy to Clipboard
SHA1 d51862520a3443bec2b05b9ceec17c9f47e1b6df Copy to Clipboard
SHA256 ca77025200ebb4b35a93210d0cca8761e738ae71cd23b48141792b86c53df3f0 Copy to Clipboard
SSDeep 12:NS9ulYgHlf2nyqXfwWPdAZXg3Xs9yvXWHMoTdts5BEn6/SNHSuVF4dxuQiGha:QgqXfcZg3c9yPlobu+6/SwuVidxuQiUa Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.-2dSSUPd3c99IL5ta.jpg Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 62.25 KB
MD5 b28ea7c8cd48ae21e8022abf2093eb39 Copy to Clipboard
SHA1 8aa7d888f23e4c0efd8219a293bfe936ce1b62ed Copy to Clipboard
SHA256 c9ded3efd0bc53756baae04e6ba9c433a8cec8bc3a283b6d5430d4e439ff332e Copy to Clipboard
SSDeep 1536:6Xd0k+L/vjRNbSl0ikzVjYuVG1ruXSFpulaKcoRYrPk:6t/+L/vjRNnZjHmyXupuZAPk Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.-U62pFYLePGc.wav Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 42.27 KB
MD5 c3b4e10fbea6cc70d54281fd60f0d41d Copy to Clipboard
SHA1 172e1c8eae1dd44d3068594df423506ee870a1a6 Copy to Clipboard
SHA256 b8b61ec65e6d491f1ffbdddf8547f9dad1dfab740ff54f466084ca532b51af2f Copy to Clipboard
SSDeep 768:xRe3A0RGmxsQJh38nvTsYHiZNPGoIMi3Yr4iiNn6TXynf8yDp0/DB/z:xow0RdJE7gZZhIDosn67yfbDp0NL Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.2a44Hi4EE Lmnc.m4a Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 89.28 KB
MD5 c1cf252363f1d869dbb7bfb0941c68c2 Copy to Clipboard
SHA1 475a54ca036c56fe1c52446901e0d1e62535ca58 Copy to Clipboard
SHA256 b0555a22128527271f0826bf26395de3c9af410d54566e8279f00dae04ffa2a5 Copy to Clipboard
SSDeep 1536:89zQelkB4NQC0ChI6diJnxqc4Buev2DY50RgnqRPDHunVK:8NQeeBKQC0ChI4iJncTx0yy6A Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.3cV5UrNf8.mp3 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 4.77 KB
MD5 2df81c7b1babf9595cc2e00b11322f42 Copy to Clipboard
SHA1 6c2488670310027a4debeaa98c34cf22dd8a9c50 Copy to Clipboard
SHA256 aaacab40c245571f909b0a1c1eb0af68f9f1f8cafa74cec48b14b23cc3c78ea5 Copy to Clipboard
SSDeep 96:ZwCesk9Gq0NzNFYpvHAe4qPAmay+RdXsCPKL9bpTBEqsd9ieMDJd:WBjqvGlbAywXJP+/TAd98z Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.5_pKd716n7PnD.csv Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 79.94 KB
MD5 9a8547eeb800258a660caa963e3857bf Copy to Clipboard
SHA1 a4820ec9c952b31cb37db687f79dcb41f5c48b33 Copy to Clipboard
SHA256 5c11a291a21461d54bbe4dc6dc396debf08bffeb649d2bb783388be6b6f2eb1d Copy to Clipboard
SSDeep 1536:m6gIlbEaJDIUUZ+4AAa7XBpuhb9t1mJs1T8Ck0u0xFdC7e0pjA/bA:mSbEa5IpENEh/1Merk0hxFdsdA/bA Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.AES256Encrypt.256 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 78.01 KB
MD5 3980930887fb237cb0202fe1e2cda1c3 Copy to Clipboard
SHA1 a111180e556aa51b628e1cff3cc00cbe080a1915 Copy to Clipboard
SHA256 fcbb13c5a0d801811ea66f2d41f033b06fdb994bcaeae6f77f567945689eb8e3 Copy to Clipboard
SSDeep 1536:xMPfytIziV/+tkXFDzZ/tu7oxCXqAzNq7HzyVZjJJJRP30LOgby1Bq8dX2xc:xMXdiHVfO7okijOvdJzNgboBpdXOc Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.alm7UiDYbRcNr.jpg Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 89.74 KB
MD5 3f30bd059087efa337227065de974ef6 Copy to Clipboard
SHA1 a549682ab63a3358d882ddc6c097a5488a8ab941 Copy to Clipboard
SHA256 68769644c88f02ad1647d3bdb9016ad0950026d607386efd561313eef594589c Copy to Clipboard
SSDeep 1536:UF8TPlJmBSPxCyYZs27Z3D4C2XlrcWrm11D3TfEcPKge8ya+jQix7Pnon2htFfBq:iilJ0SPxCyYicdD4CagWM9xP8LpoMy6O Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.AuSKwF8iMWxqYFgPtC.odp Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 86.38 KB
MD5 fb3e1157819fef3cb3fe88cae16a12a6 Copy to Clipboard
SHA1 00f313f1ae1f6ca542aa88e5f440767bb621aab5 Copy to Clipboard
SHA256 558301d3c0451aff3b344ff4fa9252886d1135c68363308107ba0f3e519a4a06 Copy to Clipboard
SSDeep 1536:Cw3yyRf4memk7ueoc0/443nXXnls7bHL0K8oDehxDM00sFznjRZo68enO:4KwmbeoD/dXnuLDnehxDMlMjvO Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.aycVRCc36.ppt Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 63.98 KB
MD5 884f144885e25dad9c9e24788cb499ad Copy to Clipboard
SHA1 4b90a513dca2c4d5985128ae82c11d1a233e43b0 Copy to Clipboard
SHA256 6fd8e0cc3122a5cdf11cda1663526d0c45b102ae1c2fea59f8ff695b0733f9d7 Copy to Clipboard
SSDeep 1536:PC8JUkTxjE58m401wT6oNvb/37JUshemisgQv4Yr68n8w/xfy:PC0vVjzv3j/bgQVu88w/xa Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.cggtx8L.gif Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.62 KB
MD5 bac189656ee2f72664d9ae7d9d1370e0 Copy to Clipboard
SHA1 a46bf1471655342f91a66743fc8c28c90665203f Copy to Clipboard
SHA256 170b2f96585cd5fb2c3ad30a91f0a828dca2207cbf6d3303c9e8238464b0a787 Copy to Clipboard
SSDeep 192:7A95Z4N5yZQ/rzv7z96/vKT0elabLqle5CAtMMUS8qgcSp9Qbi:7AV4Nfvv96/vKTBlabR985rp97 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.CSIs1Qt1V9g.jpg Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 97.42 KB
MD5 ed1600317eb1b6b8cea1e8b802b5672f Copy to Clipboard
SHA1 262ea91dbdc032e227a516c96bd62ff806d49e2b Copy to Clipboard
SHA256 b0cc76789591097dc1bbcf4b8f46218295eee8cda38561e2576364ef8ffdf8f0 Copy to Clipboard
SSDeep 1536:wwAdckhrc8CseLeK4oFMQ8T8UyCUJlF+PqXZQtgis4hPc9zek3RywhrZ9Pp3zp:KnNDClUo+d8U9crZgxsUc9zjRdrZLzp Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.desktop.ini Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 288 Bytes
MD5 ba41cfaa9aff58c3b40c7ac73b4d1cd4 Copy to Clipboard
SHA1 691f19d9330522a47b16c832c6d6b51a3a2efc72 Copy to Clipboard
SHA256 30fb6cb48d4689a02731dedf82483a58738ba4131e4be90b2a44bd1ab9fd6a0a Copy to Clipboard
SSDeep 6:x/unJ6ZESn4iPU+HID8/KOv9C1pO+Q6M/N7P0lXXoU+IHn:x/YcZ74iPoQKG9CDO+eF7P0lXXoFyn Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.DH-NxMw2Lrt0X14_j.pdf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 40.87 KB
MD5 4f849e28a8cf2bbd119519adb4d70466 Copy to Clipboard
SHA1 3a42526c5303bfc042e914a25dd6b5dfa92b4501 Copy to Clipboard
SHA256 c4e33e4bfb9ef8bb0d4f4892279c5ade3454419bc66a7abd7c4931835a00f15c Copy to Clipboard
SSDeep 768:HcJU037AzgTmvk5cbEJjogGrVQLH+zNO3sBpWX8k9GRRsbjFAzosGMxzzBIji:8C9ETmvMcbeog88exO8GX8YGRRsXGovU Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.Dh6CM5.flv Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 79.08 KB
MD5 56d16e0e3f406f1fa5965318e8e9a431 Copy to Clipboard
SHA1 dfcf76a52d4d9b0abfe1f83a542bab8562557840 Copy to Clipboard
SHA256 91bcac56ff707101515872d6101840c4c96969607316fcefd42508623b233d6a Copy to Clipboard
SSDeep 1536:S8X8IB8Obl5VVk4Ce4pz1Ivlccy50OHgwRjWUpC2hihINBmcnN1bmEDr8kB9ylq:UObl5k4Ce490caZwBWUpCaHBl3mZk2lq Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.E-SkW-EYmoA5t.bmp Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 27.39 KB
MD5 7da457ced568d6c13cfdcbd3c9b6393f Copy to Clipboard
SHA1 b999e2f97d58ab8ebf65a073d6d4cbf9f5f709fb Copy to Clipboard
SHA256 4f694b71a8942babc1be98cbaa02c59dddb0528ad1b9d7a0ffe8815f9e9f8517 Copy to Clipboard
SSDeep 768:aKLABIrHMAoXunP0sC8DlpqsIXQOf1gSzwfy/LqNyMXPYpd:a/MH/IIcsCVQONSfXPYr Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.ElwQwY9lqgU4Me-0 5E.gif Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 87.24 KB
MD5 dbeb90fcbed4aff826946c65c7f52075 Copy to Clipboard
SHA1 9c34d205299b38ba56b768a2cf0382668f6cc3b3 Copy to Clipboard
SHA256 be2df8eadc862fc79411f302edd6aa99e7837ab288c635614cfd58155b067c54 Copy to Clipboard
SSDeep 1536:3BiwtXwvT7r1ohMTCxGLEmVmx1Ms3PGe7XRU3aq8BmeXKfsWNJ5nO/6Fc:3sw0xouTFEmoHMs+U+qqpp1NHO/6Fc Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.F Elbom0O1NrT.swf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 38.26 KB
MD5 cb0613f70012f8417c7f25689868f698 Copy to Clipboard
SHA1 c6c37e19cc0dfddd76ae75fd00ede44ed0a30b64 Copy to Clipboard
SHA256 b3eb7e74b7ac4914b6b24d157866cf2318cf11fed88bd109ebc9c6db8c3c7119 Copy to Clipboard
SSDeep 768:s2MMEgg+Kc34i3vHV6NshhCj5mBnEv7AtZPFnFpzUgSrvqixd:NY+934if16mSGAAlFnFp4Tv/ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.GHvT80V7X_pq3d.png Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 80.39 KB
MD5 dcc1a903a54b8315e2f59a062b818b60 Copy to Clipboard
SHA1 4ec5fea45abf0e79d50f51de24eabf13266726c8 Copy to Clipboard
SHA256 52fe10e934a2ce8f289a2b3f39cb5a3452a29c6046e44c457f3d6a8bbe5562da Copy to Clipboard
SSDeep 1536:ByXqXM106lyKQPzDNuy03BsmkVgaKJK/2uB937SCbZBfeckaggR9nBw0/WQWP:ByE6kKQPPNh0Rsmkyaf2wr91ockaRPwR Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.GUlu8dq_.pdf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 80.26 KB
MD5 97e119f4620bf7b2d39e29d83f3844d6 Copy to Clipboard
SHA1 ce129d0e6da3cbfa541f4d86593ff10fff8984f6 Copy to Clipboard
SHA256 c47c748bc3e3ca9ee52562bf1bbe34040cedb53fa3e7ee4a41afd3cdd7437afc Copy to Clipboard
SSDeep 1536:i2+rw6Jm29/fzWjahlPEiyQapIVpX6MH1KjiMB0idDBjrNkrbl/ATjktWGRR9Qvm:HqbJDh7WWff+pITH1S5dNfNkr5BRN Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.HCYfZCy ufaMx.jpg Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 41.38 KB
MD5 edc5efa22f17c17e2b7deb9cb9c5d030 Copy to Clipboard
SHA1 d4bbc4494c1964f091c14160cb9e871d8feef1b0 Copy to Clipboard
SHA256 eca86d0f11cbe1014e85dcbc2110d954892b05290a1555bd37f94014568b0d27 Copy to Clipboard
SSDeep 768:BwUDn3nynAire0qvGYIDdyxrtlltrKB8mzDOZPIE+4ezJMA9EO2DIF8RSQu10:3DnXynx60+7tFrG8mzD0AE+4e19EO2DV Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.Hexadecimal_Calculator.ns Dropped File Binary
Unknown
...
»
Mime Type application/x-dosexec
File Size 13.00 KB
MD5 e8d3dbed7611877fe69b6aadad50e4a1 Copy to Clipboard
SHA1 ce6980de274f430af85c91f4541b00376ce1bfe3 Copy to Clipboard
SHA256 e98761301a61b4524126674bd5bdfcfe6bd1d591e92410ee95d0fea3a6dcc027 Copy to Clipboard
SSDeep 192:9YTu+VAtJ7mtfS/ZpZu1g6pjXwqmP/68LE5YerRAStOhT81cShyBERqhok76:9U2itWnu1g61wtqIUDACmA++ykqhok76 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.HexDecryptor.exe Dropped File Stream
Unknown
...
»
Also Known As C:\Users\FD1HVy\Desktop/Lock.HexDCIF.hex (Dropped File)
Mime Type application/octet-stream
File Size 189.51 KB
MD5 4c99e2b03060c1a448cc7b892bac4e36 Copy to Clipboard
SHA1 91e3e2a5c63c1eb7de276899ecfb2060b2df5d98 Copy to Clipboard
SHA256 1626c2e38d6b70b51d0e81c938a875680d934c661da506378cc7b229504951db Copy to Clipboard
SSDeep 3072:L6+T+WMC24hGp8bPP3ufXBDV1ziCFFP45sC4ZIrUFGkJXna/jcO21Cc+:Ge+WMClhGGHGX9YWFGkhi Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.HexInformation.exe Dropped File Stream
Unknown
...
»
Also Known As C:\Users\FD1HVy\Desktop/Lock.HexIF.hex (Dropped File)
Mime Type application/octet-stream
File Size 1.94 MB
MD5 b24187a182913848a9648f28640ec357 Copy to Clipboard
SHA1 46aa3f4fca2b7482f12004043b6ea316074aa17b Copy to Clipboard
SHA256 2ebb26692355522db0ef997b07575d618065832de75b1d70bc1b564e6ad85cae Copy to Clipboard
SSDeep 49152:UXdGZ6MK8APauG6uA38kNZ8+Ra1BkcElrvQ5iz:Ux1nGM9Ra1BkplzQ5w Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.HexLK.hex Dropped File Stream
Unknown
...
»
Also Known As C:\Users\FD1HVy\Desktop/Lock.HexLocker.exe (Dropped File)
Mime Type application/octet-stream
File Size 784.10 KB
MD5 c4ad16e05325f6fe84df5b5cd10bd702 Copy to Clipboard
SHA1 a750993edfc3a40223fdf07f4147b0a78d18145d Copy to Clipboard
SHA256 5287bc0730b2f31aa9c92cb8cfe268f55343fb21cd7043c446a155dee27529ba Copy to Clipboard
SSDeep 12288:8u/UQtED3fAnJOXjMdHgTj5+pbYlr24SMHvEDED0bzyLdwXAMszyhWp:7tQIJOzMhgTt5w6OOKzyLdwwAhWp Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.hkGbR.wav Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 65.71 KB
MD5 0d15f7b189de19a2f3a5f733f07f04bd Copy to Clipboard
SHA1 01a1cd109a6b33539afaeb7cb6922aafc225e4ef Copy to Clipboard
SHA256 0df4d70aec3414370bba5d2d6ec507a4306579e3ff722d975ba9434b3e73c162 Copy to Clipboard
SSDeep 1536:x/GxzAItO/jZWLRAeI59HtsyNaLamCAn/Whuqbg0gFqL5fDdRx:x+ths7ZWLRBI59NlN6CA/W1bg0gFKRx Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.i48aq9pLiKOVw_egcT3.mp3 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 58.12 KB
MD5 2ad52fedaca01d02203243584230f91e Copy to Clipboard
SHA1 9d01bae6143e9ffa8f9da80ad9c6b42b2acff684 Copy to Clipboard
SHA256 d4b22de12c73d079e6aa1380bd0e2274f70495a2dfb9e1e70a4375a48a2c9fa8 Copy to Clipboard
SSDeep 1536:J/ITzB1SvUV6D1JjRW2i0OFePqEmjaLGQ/GvbsrMv6uX4s0r:J/KF0W0rjRw0OFaqRjoxGfyC4L Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.IqAWqPLMQZePl.doc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 16.79 KB
MD5 5eef9186d04a77415cff8152bc028731 Copy to Clipboard
SHA1 0ed5c9b04b2db91036e704a8fa8d8bd0eb31c00e Copy to Clipboard
SHA256 446712bfbc1745aae95aa190a644373ee8005112218a038e3d4499697d7ae507 Copy to Clipboard
SSDeep 384:26vxSGx/2FqzX0vrp1fWIgb39Gl2/ZIpsx+qiktamgEPbXmYnb:f3Uhrpc9W2/Zd/tamxPjHb Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.kjGjReTolqh2VyQZXmn2.m4a Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 78.29 KB
MD5 5a7d3b7c924c2341e3d44f4964980fef Copy to Clipboard
SHA1 ed70bc6a54f0ddc9eee589c0d9f69c3d09867d11 Copy to Clipboard
SHA256 1543fa461d95deebc956c2b8d999d6823671a5b54ef7019fc28d9bc3450c5b77 Copy to Clipboard
SSDeep 1536:Y2lAPaNZZqeqyfSPpYaGJ8X2KBjiOle6QSMJmlsi4q/ShdYplIblJWkoAtKYO0a7:YsACNZ8e7SPoiX5BjPlpQSROi4PblJzq Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.kMN4z.mp4 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 69.60 KB
MD5 ed4b094e86afe0bdf66ce8ed450089ed Copy to Clipboard
SHA1 56613e0e751d3077df60ae654b1b7dc11b6899e2 Copy to Clipboard
SHA256 7b3d1a59b94b505c89e4759b37221f30bac0cfeafd669cac9edac37c6ab3d6eb Copy to Clipboard
SSDeep 1536:XMtA+d5hy1ckpuP62acATtPsmldUdS6yhyKSWwsFxOU:XM1dpkMSMATtPsqUdlyhyew+ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.Ljw5WYRO6Wy.mp3 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 4.60 KB
MD5 69cbc46bdda0dc57789d3af21a0786a4 Copy to Clipboard
SHA1 7bd0532d904003664c9b252be36c53e7bba97da3 Copy to Clipboard
SHA256 7973c3b5600fb0a216d554b734c4a4560d4ddd2c17d65c207fef9a0204fc08d1 Copy to Clipboard
SSDeep 96:ZwfeU4RArB+sZw/lkq9X+TdGQcle182qJNAyds2+tCGdo38rK:WD4urB+sZ89adGVMwJNAyi2OC0o3p Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.mfyUopWTtUAprVK7.mp3 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 69.87 KB
MD5 b6364f550a1c32b9b96cec6d5ca75db8 Copy to Clipboard
SHA1 3227bffba3a6f6a7b0ea704f0f00264afe6d3d37 Copy to Clipboard
SHA256 f082fcb19982369dd5848e4cd983fba5e17668568701860acebbbfdcecd0d37f Copy to Clipboard
SSDeep 1536:+8/saO9cECz29HUpbq0jIl/lDeijGzxP/oL4K7d0IKann:+cm2gRCiqzBoLJgKn Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.mpe9Fe1_ci-oIpS.flv Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 65.71 KB
MD5 c817776d1e9c432b28af2c0aa762f755 Copy to Clipboard
SHA1 2bcb0b7dbfc8f9d83455b26228872dba0fcf7a2c Copy to Clipboard
SHA256 1b0d64d92a8c4b88082e9ee2076b839c600d8dd080ac5da8dd994021d2c37dd9 Copy to Clipboard
SSDeep 1536:HoQfu/rWekpQuwIkWApx1z8BodND4y0Z4ALL+l+jGbDmAMenwqybgI:Pyt4/d8/uodNDP0eAL6mGbLnnwZbB Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.O4GkFtfMO8YRUkhr.exe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 4.29 MB
MD5 fa8a0ef4a460aa3e6a37494b68ac3367 Copy to Clipboard
SHA1 8f51335ab8afa279d2240633e0fdf860d742a238 Copy to Clipboard
SHA256 94993bd640fbc1f1650f697687424609d781945aaab09f3c2b24261c3b6fc4c8 Copy to Clipboard
SSDeep 98304:4k6sKhkQhbWvxnMovMbOup9dbuU9ahzmO+pnNj2rdHL:4k6sEkQhqveBpFo+5h4dHL Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.P52g8.bmp Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 80.54 KB
MD5 08ae1359a8268ad3a963ff914e396f0c Copy to Clipboard
SHA1 b2a1fae1aa7a8e758ee09b505bb674992cbc9cc7 Copy to Clipboard
SHA256 0b84824979cdb5647ffa653e55719021eb18cbcd6d4dd7a11861ea225c5ca8ef Copy to Clipboard
SSDeep 1536:tE/oninqxwJndInQG/U+dU0k5CVqSwrfYhUeQ4imWVDnJASK:tu29addO/Ndk5CVq/fgdDYJJASK Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.PCRepair_rkill.dll Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.72 MB
MD5 37c95c59127d2fbe866d04490ebd9dfd Copy to Clipboard
SHA1 7fa6693008f6618baa7ab59b80114a2bb877a2a2 Copy to Clipboard
SHA256 7c116155b91a0fe3d9ad000d8bba45b6cc981eeb26eb184e8259980c84587112 Copy to Clipboard
SSDeep 24576:KkC56QzJW6V9/Mq6jjRa3mopwgYk+q2EYEFUTgpk8XXUBGd0b9N+dI7XS7U1nvYM:QW6f/gjjUxugYs2EUTgfU3NGI7q8gCAo Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.pGS8H.csv Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 84.24 KB
MD5 011128170d6116495b4f86e3cea6ce37 Copy to Clipboard
SHA1 e3d4ca3a6dcfb81f4d1157b33acb8ac0f3f62685 Copy to Clipboard
SHA256 2b3df2268b003864d43474bea73d180ef4e5b2e603a7b1b0a5f5ea6d5bfa8d5a Copy to Clipboard
SSDeep 1536:W2vFtcNLC+Qf109p8hjMdn/rL0LAVG0N1cyMQKE8ZwJo1l2eRBhb+6gmXwb:zttcNtWC0jynW0Q5EHJYXR7bdgewb Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.SafePC_ver1.0.dll Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 44.01 KB
MD5 634df7a5b8ba80a96cd07713a986c219 Copy to Clipboard
SHA1 aa6441bee44e6fe398441a72c7bfcafd53c68c46 Copy to Clipboard
SHA256 0feb294e46314d40b7bd5c851cd39152495b91aa7f4791ee77c489ec9b646555 Copy to Clipboard
SSDeep 768:55gp3uwptBNdstIyZeqDdXr2zxoaeka4uKFgqHEfvDYkSN2QDseZvX5hg:ipvs1Zeq572tRek3ucvHEDYM4t5hg Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.sorry.form Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.08 MB
MD5 f8701b7cac5e826955ef7f35215d9025 Copy to Clipboard
SHA1 f3caaa81d100aaab0cdd749119f978ef0e989018 Copy to Clipboard
SHA256 270a6582852a12ac92c5c82872507b8bc971ff6485f406b85c6235fbdfe3998c Copy to Clipboard
SSDeep 24576:QYgx+88n21ONewOib2hkA9hI1VrJoVjiz58Oup:QT1wNjuOxJoVOy7p Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.VstT.mp4 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 27.29 KB
MD5 6fee2e8693abce4004035da8dff96cfd Copy to Clipboard
SHA1 38df47f63fcb1747dcbbe10e369428342c7c7616 Copy to Clipboard
SHA256 3912dba6ff0c460866201f672e42e93646e51fc1e31cc4f985b933ff74df680b Copy to Clipboard
SSDeep 768:/r8nsNymrRAeV9HFx6flnS+BUU/rttTPekkg6:T8sNLdAeLwXBn/rttTrB6 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.WaYoUsnM2UCIentbe.swf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 22.35 KB
MD5 f7aceaee2304c9dd83bba65fdcbb9ea6 Copy to Clipboard
SHA1 b48111ee1fa79af75da29bce5de0a5f070ac8008 Copy to Clipboard
SHA256 2b8e55c4e5cc006b5b3d65e0d059914c77c2e4bfa06bc853586ee8b12dad2566 Copy to Clipboard
SSDeep 384:ytPvMCIp162WybLNBXGOlfUsu6N8WOsskAPN3UxyVYwepPDLZW3UuhVwTZv:CMCyDWETGiw6fODhG/wepE7Iv Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.wg77xQT1-Aj18nXa8K.swf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 37.70 KB
MD5 4993e3481f902afb9c52157354751936 Copy to Clipboard
SHA1 1ac8bf0e127a1e8a05e99379ae3e20628fccb4cf Copy to Clipboard
SHA256 bc83a5ec1b2732e606cbfedec36cd74cd53e13577f287026392e37fc4e071341 Copy to Clipboard
SSDeep 768:TqjL06wPTGu+Au+fNqdt2VpoCm9VPUaNsAPnTHiskio5TP6wn:2HsPTGPAuUbyRUylrHFrodhn Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.WUNf8 S 6YDp2i.mp3 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 75.24 KB
MD5 a94374d0f9974b604c89a8d67262b5db Copy to Clipboard
SHA1 c6647bf77257fbb419afd680eb8431f5966e0248 Copy to Clipboard
SHA256 4a990ff6bc8adc87ea6a71059a317ee0f2c4e23076432f780924d887b73ae186 Copy to Clipboard
SSDeep 1536:u2E6E9jkT1VPzHkhQgIelxRhGUKq+0rVwlk1gwe0nOs47nX3umn4ZyI:uAEST1VPD+QgRYRJUwggl0Os4z5JI Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.xTq6MCScdpqJ.odt Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 39.16 KB
MD5 ab7b60d61f5d1a44ef3dd4926866fa6f Copy to Clipboard
SHA1 5d1693610f0e6c168d5b97411c3cf9625bf804ae Copy to Clipboard
SHA256 2e72e625ed75f89c10c090eeabb399c5f53f5b8a124ba0496dee38c14d89434d Copy to Clipboard
SSDeep 768:/3HAYa56e1/6mEtzb8TDUyDYYbsZCUS5DJVLrHszHT7AAS6lChrBw/iyfJ:/3A4e2zIDUYbsADTs/7AAlrl Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.xwkMqwHw2FNJUh0.ods Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 6.15 KB
MD5 7cc16beafdf7ba76811a3270ec220404 Copy to Clipboard
SHA1 61a4c2f8cbe7c4a3dd15b379a8940a84e349c0f7 Copy to Clipboard
SHA256 31b5ddc066b037855f3b4fb2f7e358d55277d1b0833f8f8e5a6f23ac2f8ba2f5 Copy to Clipboard
SSDeep 192:vanJqI1CJTAQZl6yj3xBX06oap+YsAAVNAvtVQs:vaJqb1ZYyj3nX06/pTuNAV9 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.yW8EXq3.png Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 45.15 KB
MD5 31db3624c3741b246506426ba482b279 Copy to Clipboard
SHA1 4b7a3e6bc44f2e438cdf6801e492d68ec495fc67 Copy to Clipboard
SHA256 8553934c8fb7a149b4666568b9a95a56b22cdf9ed805c1a85109d7fcc2be24f2 Copy to Clipboard
SSDeep 768:cloX/6YPKbKt7Vwt8OLP7qPdKAzBknbJzEST1xsOK7e/Qx6mKc1If5eijbT/0SL0:+2/6YPKObwOOLQIAlYtEm1xMS/QUmK+J Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.Z3NyFrC6_WxtuHo-dMOg.ots Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 51.47 KB
MD5 c40bcf4f80f8871afdeb34342994dcb3 Copy to Clipboard
SHA1 25bb6af46604ae3ba4e6ea1401c662d843141f9d Copy to Clipboard
SHA256 7d1e81db17cd6f144060133e79e14061b1daccd2d393ca792c456ecf589b9abd Copy to Clipboard
SSDeep 768:PB+qU3EozVLgwBUJ4qfrRmLP3NtK737KPeRh4x9+skN3TRQg+qN0q+R7OYOv8jYt:PAqr0LJUed47OPMo9KS7e0YC3WGDsh Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock.ZsyajCuqv92xTr5whyk.bmp Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 8.41 KB
MD5 6f35e950ad34441a63d392f411f6f316 Copy to Clipboard
SHA1 6178c0f94cf2fcdb97c94ebb22a9dc6630ea09dd Copy to Clipboard
SHA256 3b83f323f31728c84e9fe3191cc78a0862f99b7618347f59c525db48c4fbf105 Copy to Clipboard
SSDeep 192:1OSIwUVCKPKzfdpkB+9a+kwLv2tJlYjXtkCxCLyArGlsx/8+U91FT:cSNyizfrBaosfktJSrav Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop/Lock._BsqZItCPNq0eBuQ.xls Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 32.16 KB
MD5 23d50ab826ca6d56fca78ba1e4cc6970 Copy to Clipboard
SHA1 1e94c7c2600ee054520260579750ab204d517d86 Copy to Clipboard
SHA256 2ffdf5bc741a1f5190d962fd049459915566fdf70d684669a28a2a559169f4a0 Copy to Clipboard
SSDeep 768:J2WcK6GmE7LTgMBGfJCzq/Id/9ARI2JoxzTyCFzYO3C:P6AbgMBGfJCzq/lRboL5YO3C Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.-ZbS9.pps Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 60.06 KB
MD5 4fa317b277f4d5025dc8d52a77a34b64 Copy to Clipboard
SHA1 56b14588f16ad3ee07627021656eb024e1ce54a3 Copy to Clipboard
SHA256 64e06716ff6483bc8300cc39bbb0998e0e28713f2a22b276d0ff6940a47b35df Copy to Clipboard
SSDeep 1536:AL90pg2Dc23tRMJuxiWqTGcSGWXkLFl65d2/NP4M7BGR:0Ac2d24iWqizGWUaIP48gR Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.0lKdr4kmMec0.mp3 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 70.48 KB
MD5 dbbb05c8cead9d3ba120fe76e072a701 Copy to Clipboard
SHA1 b383e9392f9d2c7f7fb6d62ffb34dc5999956369 Copy to Clipboard
SHA256 9b2e34ff888479c6747c27695167aa70670eca0313a21c8f7677a51a7cfc84df Copy to Clipboard
SSDeep 1536:zB4maC/l4LBO/3S3NQQueAW0Np/14AHIoyLtUvi7vs/AUvclRYfKd4cKLx1i/hee:z7aCp+NQY30D/14AooMjDsYfTYu2m/hF Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.3P0loyjD.docx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 50.54 KB
MD5 8647b4d4b4366b26b8ed5a0a66abbd74 Copy to Clipboard
SHA1 ba48818d6c908b9479945f9aba5d14c3da353cd5 Copy to Clipboard
SHA256 dfe41d55827a3cecc10e9d690513b35d615afcdbbe1743cf8d0cffe7be7bad1d Copy to Clipboard
SSDeep 1536:AI8EPihklUE0XZ05emoksaCQuFz5AUt0s:AK/K2seIz36s Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.6KDjX0CerhkJtgMw88.mp3 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 32.82 KB
MD5 93a6a61084d1224e8c3c12f08bb0b6d2 Copy to Clipboard
SHA1 fc67bf11f802f1051893f9a8e0cd8d878161db4e Copy to Clipboard
SHA256 51da461af73a9ead9c4a9c144240f1c9dab85411540bab017f45f2dadd446bb6 Copy to Clipboard
SSDeep 768:QX3PLrFW5IBqytoJ1MiEaolL17aBYNTtQXGX/AggL1BV5aZrey:QnXsIIytseiEpLVKMpIq6XaZrb Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.af0Z-.flv Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 89.74 KB
MD5 2412bc7654c8e773692d794bee9224dc Copy to Clipboard
SHA1 07ad5e6bccad28e7285af93affdc5e02b9e3e3c4 Copy to Clipboard
SHA256 486cee33f917b0be8d350a7a6aac89014a5e62aeb52935bcc13b075d52a98017 Copy to Clipboard
SSDeep 1536:encaifrXPSr8iTWEa2Se4u8olg43UAJe0ORhXlwvkKQ6AbX1tGJzCah/bc9aTPxO:encaif7VEx94u8MgSXe0OzEHAGJzC+b0 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.ATHv.mp4 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 15.79 KB
MD5 17b6f0ec020d4a1014b32de310761a98 Copy to Clipboard
SHA1 bc06adf2d075b5c1c3aa2e3207367eeaa990f5ec Copy to Clipboard
SHA256 1965851dd5be94951d601c024eee571d08f3dd8bffc7f19b868609d4180ed3ed Copy to Clipboard
SSDeep 384:LkT2uvwPfFGr4mPitF0bMcxgYDaPWJzSd44axQTlCMLouU/:kfrrNitmbMsgQmWYdNDxfvU/ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.bbPMuZmaU.xlsx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 82.40 KB
MD5 7a6cfe7b825c78aa26cc9d944127cc63 Copy to Clipboard
SHA1 6d85d2efdf8f5a0e16c9b0f85c71b9c1151429f4 Copy to Clipboard
SHA256 ae7089ad926e30d412aacf3db4909062ac994b57ce75a72bee8d18d4d05437cb Copy to Clipboard
SSDeep 1536:ZzdfgGG1t1FmyfAs1LT/NsCmYIzb4o58hXN2RGGlfAYR+eFm:ZZfgvfboAxIlb4oA8GGl7vm Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.bfVxZ90.avi Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 8.77 KB
MD5 3ea81d5c9758f429f33034799214dfac Copy to Clipboard
SHA1 c2f104c7ac928b93a50020019a893159203629dc Copy to Clipboard
SHA256 a2e3d6ee88678b5558ca1a5509085c4ad4d517ac29371e6364d32c81b349b508 Copy to Clipboard
SSDeep 192:Aajo+ByIAY7Yiz/vMeagkDsH4UmyyEHSC9eZGZd97cVgL:boWnAeYizcnK7myHyC9em9gVgL Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.BTjJSlc2bP-ki.swf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 9.24 KB
MD5 48bc111c29833b324949b0e22850b508 Copy to Clipboard
SHA1 de33a066ac7b64bd1409e4e722475e0538bb6d8b Copy to Clipboard
SHA256 d1d126197465a043258e93a220461a84786878dc94ca5e41bf241bc458f70727 Copy to Clipboard
SSDeep 192:yrpJdy+7EwZ4ITVoSyI+5MBDL17fMYT5aXH6ph6VKAp90NSiEzWCac+6C:yr4+7fZ46VAI+4DL17E60X6eVZp9vsL7 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.CTe6ly.avi Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 19.90 KB
MD5 2e8a742729d51295778e533c769392fd Copy to Clipboard
SHA1 b751950f950c2b20928c9cee14c87f104b21a38c Copy to Clipboard
SHA256 f9cc66ac04afd0ba6fcdb9c856f5ca941192646878ae85e436679e07cd65122a Copy to Clipboard
SSDeep 384:DQXhmCs5A/JNtcrehKsAVAi5xeUPkWL1q6rrtk1JIWrILsy/fbQD9E9saM:jD5A/JNpEVAi5YUP7ztk1qWoXfb6E9sD Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.Dm2KF.flv Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20.27 KB
MD5 9b8e55a2b1d87c69966c3706bb3dacb8 Copy to Clipboard
SHA1 994b0b982874499cd1bfd8faaafc8857962f5006 Copy to Clipboard
SHA256 98c3e87a3b4a8cc0875980f204c04999ab86e6f0047d012374e92eab58380172 Copy to Clipboard
SSDeep 384:wqqe5TJNSNbbm1KzFUtk5+KEBlk42O3DYMDFAOsjo6Xc0NkpGORdhBrtABxW:wq3J89mgetk5YLynMDp90Yp5HbrQxW Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.DS6Dq4b7eKkPU5JH.mp3 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 77.32 KB
MD5 757e7554fb064479182e5581ea121155 Copy to Clipboard
SHA1 ea42d7e360c2e169ef6c7f8b2300b7066d6466f6 Copy to Clipboard
SHA256 abf82829801444c1d687464eefbba0c3ac402a3ee91ec5bc80726697f9ce6e31 Copy to Clipboard
SSDeep 1536:EtPiTsj8xDg+PxjjSVcSgsfd2wL9TaSxV9/UlHSCkD4qwOn4W4q0XOrSg:oysj8xnPxCVKedVp/UByDrn4Wd0Xk Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.E2eFopJKn6uustHoKg.pps Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 28.30 KB
MD5 28f941426a1dd1206a7a19b057ad3aa5 Copy to Clipboard
SHA1 63bfea06f365717c3ddbc4132d003503677a4b7e Copy to Clipboard
SHA256 4bcaac4965597a5f170fa591f20174ca2f0c1b511c85c89d54164eb669431384 Copy to Clipboard
SSDeep 768:TuIjs2T84YfWNWS/kTFsHI2O5bGSp1pfHb8L:TuGsvfSjcTtpIGpjK Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.EdsWI8rB4BywDqnX6.bmp Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 28.05 KB
MD5 da3a074bd47994216c0aae0b36e8fe8c Copy to Clipboard
SHA1 673ac9feb59055c5765c56d9143cea877c2ed6a2 Copy to Clipboard
SHA256 b7bbf9630a15c0677c859b8f07df849b4da45da55b6068045de0d7ed30975060 Copy to Clipboard
SSDeep 768:ic1QU6il7Xt7cgsIzUHC1ukauwlLeMzEqyTXCNBsLb0mOi:ihU6iTemBuHLnzlyTXCvPi Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.eeVXHty18.mp3 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 9.12 KB
MD5 48f70b9fe01ddbafd598ccdcd66be0e7 Copy to Clipboard
SHA1 296e9c71a058be9173d8975ebbb9493c694f90dd Copy to Clipboard
SHA256 1c8d3963dd987ef4886b5b9eeb9db7733f11409941270dfe487487981d01ef99 Copy to Clipboard
SSDeep 192:WrTShe7iUTFsGrEzGdFmTy1A2f30bYNvt/PUaLSuVcFq3v:WaheGSJEzG3mT+Pf3VxAscFEv Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.EQBMxAkSv-.pdf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 53.57 KB
MD5 28b749271573f83d1e3fbb0a7b0ed407 Copy to Clipboard
SHA1 8efde93fe68c3bd0d03c1cd8c7e54e9b7d8fe8cf Copy to Clipboard
SHA256 aaee2f4b9b99199a3c1c2759c3382d3473fe25e036c9edeae1e63445e166dfa2 Copy to Clipboard
SSDeep 1536:W3oNL7n/+SeXpNNFBAkai8ToFVLW/tok0UJJCkkK:WGnlexFJaicqpWlokVC1K Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.FDKSrtwPMRhz2PyeAx.gif Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 14.92 KB
MD5 468da3638deb3e30dfff829a3c2aa1e8 Copy to Clipboard
SHA1 b6213689e59509a3c812b4406965ceb485eabee8 Copy to Clipboard
SHA256 e7b9592e1a621f9e027e44376a37e8e87d59fa01d8702bbd7b48a21ed8d01d0b Copy to Clipboard
SSDeep 384:vwcFhuc49fmkcgtshPLXqpGMiEnpwJxBjbBXf:nFPkd/8JXxZb5f Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.FpHVdISbKXY46o.doc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 43.30 KB
MD5 3409ea9400ac80512ada8636d24c1a33 Copy to Clipboard
SHA1 0a2e671aa6891c79d9d703207ea95858ac3289da Copy to Clipboard
SHA256 7e2bfda54442863837609ad90f67cca8a97ab4b5a9a90dabbd3bb76253de1bd7 Copy to Clipboard
SSDeep 768:1bchTe9nR8YQIyc3CiERz//ps5Fw7hptv0NT4kTJHgJMP:NqEnR8aycSiOnkwt7voT4kTJAJMP Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.GxeLAc.mp3 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.55 KB
MD5 9663dba0bf84a779930774bc5f62ae3e Copy to Clipboard
SHA1 6efb2be563d4f185cbefd59a81bf669afa905566 Copy to Clipboard
SHA256 347e7a56883f1f6ef69d04622e2f08841f72507413e7d5fa8afef713dae2d9a4 Copy to Clipboard
SSDeep 192:WQLtMsXKA7LDDTg2t4ErMGbm1/LmxO+hX6UUj2uoJbonvaWKxLkbiIw6+D:WQLtMs6SD5iHQg/LmxO+hvZSvazxLiiP Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.Hr9y61oAkM-K.flv Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 80.24 KB
MD5 2054c342e7217c4aa58bb65527965bad Copy to Clipboard
SHA1 448f7467eb4d6ae4aee30e3c3bfbed6c68a0c0af Copy to Clipboard
SHA256 7a952db84ede21d95ccdee86e04914db68e92e3c8d149ba5d586250b89f78150 Copy to Clipboard
SSDeep 1536:2XRoy76jgy7SE145x0I8xq9QwCuf5DrHDsE4hjAkf2MaZZsWt+NJXUeG/oABBj:2XRoy76jgy7Srf0IlSy5D3sL9iZz0Nmp Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.IYqWm9FjXEquwVFEM.wav Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 50.90 KB
MD5 313bd860bef7d672cf976c8662fe6c46 Copy to Clipboard
SHA1 b3ce7b71ce2158c784843905f09d87d636323629 Copy to Clipboard
SHA256 c321cd40ab74896c559bd34e4eb5c41e90cbd14be146e5616c01ceaabe8c3c47 Copy to Clipboard
SSDeep 1536:zZ7wgdIax8awadaFRzyCEFz9fY0Y3xsIaVmDc:zZUB7xadQRzyCEfw0FF Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.K KvEQBDpvTatLEa.swf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 25.98 KB
MD5 b0093d7fabdd673b35e0ab394b5d8ce3 Copy to Clipboard
SHA1 bb80f92eda9e363fbcfea5d7754ada64dd40638f Copy to Clipboard
SHA256 4ee80b20d5115c2ba381b426f488342022f891df6b5b49830e9709e48be1ba71 Copy to Clipboard
SSDeep 384:yEnEMtZIwPCsIxe73fWsvSNtL6oqaBD3Mca89a/vlruroFSMLPrLPT0U3lVHsrDL:9EMtZVvIALrUmS34lo0LbTXVHMxfk+ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.ljcsRI_.swf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 44.20 KB
MD5 52a2897bf0c7bc7a67484c09bb2e6298 Copy to Clipboard
SHA1 5c52f24f5cf52aa306931691ba3d187c9a596909 Copy to Clipboard
SHA256 3f5fda8836864c7c5bc81cf3e350dec7f6519d1a86fb20a232a0face35add184 Copy to Clipboard
SSDeep 768:1mdWeq0FDI+u0ksuBgGFkXhNwFcTPFKjiCaMXK3xr3yj2CCyozx53/RZ:1mdnFE0ksueGaLCI8H320oFJJZ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.MWbKfh.gif Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 9.57 KB
MD5 674edac383bd6eff566812495ae5430b Copy to Clipboard
SHA1 4bab85fb12d4c670c0bc57a0ce37f9f7df33011a Copy to Clipboard
SHA256 7c28470cdc765e6fec93a8a0696805eb29ebc242caac64c67bbcbf49a18e6189 Copy to Clipboard
SSDeep 192:WTmc6v7NVBWoYdO4qHWwGL+P5Jq7423RyGAMvTrKsU51pxm:W8D/MomORaLe3KRyGAMvvS5w Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.NRdQ.m4a Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 82.75 KB
MD5 d5bf541f814077ae8002572e8d44d11a Copy to Clipboard
SHA1 0cbb8615951fd28151546b20a2fd925f34ba9776 Copy to Clipboard
SHA256 8b726cbaf10863ff90a09851d510efb71c050f1a8ae5343ab5ba2a9184f66aa7 Copy to Clipboard
SSDeep 1536:A52GJqUsyA2QEWw5P3ew89aXN9J7nTYxEiL0JjqtzNY7MRIVZ7ZH:chYcFH3ek7NTYx3iczqAKPR Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.P22ObdW9p9DNX.mkv Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 52.38 KB
MD5 9a2b92b7cc89bc14e6652089c7833b93 Copy to Clipboard
SHA1 585f89facabfc008b5c8be69a7d6a3dd7bc81b0e Copy to Clipboard
SHA256 552642142ca72cc4f8604941b0029053db715dd5921e6c85c48778e0346054b6 Copy to Clipboard
SSDeep 1536:+ytF/tPETWF+SUdGM88PsFyr5y5ODbqHVMB:+ytpF+SUhP8yly5ebd Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.pROXe.ods Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.92 KB
MD5 59e100d58b1a93bccc044f9ce70db8ab Copy to Clipboard
SHA1 7978e37e1ef1973e6df9177555a6bed8167f1d0b Copy to Clipboard
SHA256 7993bfe933f61a26b44a06d0e945983c6f47ec0180174cbe6fa25bd5dcf33829 Copy to Clipboard
SSDeep 48:lhkUt4XDyKQW1MF+C+Plq1P6o0Oqpy/1E3xeN1kFjn:l14MaNq8Rty/kxS2jn Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.PXFkhPM.gif Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 73.09 KB
MD5 4a71416cad4e3943dfb35c36253d6eab Copy to Clipboard
SHA1 337cd5ed2dbedeceb20b9fdaef3c65a5ff36094f Copy to Clipboard
SHA256 6746b41b2f73bf7f584e913fea5d174bf97df0e9d532226e9ab911853ada3c7d Copy to Clipboard
SSDeep 1536:fftyzYm2FGA4ry6DFuOoPmLIsPyNk9ddkqP9k1+95luE:dZ1GZy6DkOoO8sGkaqP6UluE Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.qFOBP8FwJiuKVs.avi Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 53.60 KB
MD5 aa0c5884d66402f084f9aeddd489bccc Copy to Clipboard
SHA1 f8ac7f5c41e8b20bfcbdb921b9e3682cf22cc6ef Copy to Clipboard
SHA256 2239a77ab45257e664ce18387cb072e40a72675f7257b5bfea35f063cae713f4 Copy to Clipboard
SSDeep 1536:7tCfWSgRXuE/XpzvqEafWAuYPeknFbm/pZTtXFF:78BgRX5RvpYWqPeknpmLTTF Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.R2j101Rhh.mp4 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 15.68 KB
MD5 3867eee9649639dab7bd00f4f922d206 Copy to Clipboard
SHA1 6b9b8add8ae687dc2975b2ae73459c564116753f Copy to Clipboard
SHA256 5e6350e949007ebc2905373f098c51f097cf1522d4689a1e0fa5cac356aae7dc Copy to Clipboard
SSDeep 384:LStoXh+fECvJcnf31Jt/8/Tb6msiXTs/KQMYkqH:ioXh+A31J58/ThscuVMq Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.TXuB6gyi89__NoT9.swf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 87.82 KB
MD5 a5e5d976c664e83197b8f96f1c91adcd Copy to Clipboard
SHA1 1f213df0ce61760f0b957522565165357c90ddfc Copy to Clipboard
SHA256 94500158d605e43d2401c9745960bbb7954703300c2f0aa617a38aca4cc389d2 Copy to Clipboard
SSDeep 1536:6cwbVpeFQH89RBW9b3tJud4oyrbm60l22+p+JFgX86H3F2YGDzZYV3nrRs5ldjWV:OI6cLBWBd0du35T2NgXV3F2YG5k7qCtb Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.UR7Y.png Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.27 KB
MD5 fbba61fcb59c49e0f4c68f0ec89b5f76 Copy to Clipboard
SHA1 6234bb9e814466e0bed161a68a78024e5833f2ae Copy to Clipboard
SHA256 fb0fecf2f63491471bdd065ee7dc187de70ec148b8984aa8e7810d08de2f7a7b Copy to Clipboard
SSDeep 1536:iHJKExWoa8zxR8uH0hfvOr8LIk2bhRtUunzgUcwyLkXnb2SP5ia:iHJKQWoagRRuvo8p2bhrUarVXb24 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.vJXjfUq6n4avnAr.avi Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.20 KB
MD5 05aba00cc811c882979c4fcb7f4a0c41 Copy to Clipboard
SHA1 2339b27f1b0df3f6f2bd87889d1100084e8eaae3 Copy to Clipboard
SHA256 8f7a890a246a25e4df000c21f946bc5e79030ed6a1b6b468d626bd268d7e7b6d Copy to Clipboard
SSDeep 96:xAYHQpcB9/1fPxoFVAASSLqzvFTQhtZCCi:xf+cB99fCFVAAdLqzvF8htZ8 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.yYa4EeIK4zJ1bJ59OB.rtf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 58.50 KB
MD5 51206f4824fff64e69b04af7e19c464f Copy to Clipboard
SHA1 9cd37dddfd9141b249b53a2f15696d3cf1b56c4a Copy to Clipboard
SHA256 af9de0820e5af18a8c6e82a319010b705e7388a4d5fe3bb1bd7b972814665c6b Copy to Clipboard
SSDeep 1536:fUthTFpCfksBhjgy+25eyytlTv5OULyHV8fHJ7:8thTFpCfkchV1KT5OyPHt Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.ZBOT YHAwSRJf tb.wav Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 81.80 KB
MD5 935a90d588771bd368a5be61f0ab9eb7 Copy to Clipboard
SHA1 d5b7b4fa76e859560012ab11abd2cc5311ba3dfe Copy to Clipboard
SHA256 8453031690d25a073c2d15791278d64ae15580c72e086eb57eccf4d0d7fa2ba6 Copy to Clipboard
SSDeep 1536:yAPnqTEWf8yna39j0148/UXolCaNixE56bO5AVDSR1MJ:yebriaN0KMU3is86BNJ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Roaming/Lock.ZTd7YZt.xlsx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 48.90 KB
MD5 c42e1dce61e339976611cad906feaef0 Copy to Clipboard
SHA1 774135fa8e760151130720ee09e2976d1af4efde Copy to Clipboard
SHA256 57be1584f87986a7b3ad6dcf699df8895659d1ebb0f566264d03284c869035dd Copy to Clipboard
SSDeep 1536:Pk5i32nYbRRzJPI0JueuxxoHlHIDLDx+a+w49DpJkQcNsQ3sa:P32nYbR7PI01ooFHIDHg5w8N+SQ3sa Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Local/Lock.IconCache.db Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 77.07 KB
MD5 42d8e9c042f460d4cb8d1ba0db474581 Copy to Clipboard
SHA1 ce0b12459afdff242cda41f804c160191ba1d4fa Copy to Clipboard
SHA256 2acfcf3929dcbb5b05c26ebb162af63a08a95ee21bf794e272ba65bd94e4d0cc Copy to Clipboard
SSDeep 1536:oik8mrJLOrnx9Dv6UIHfohko24yCdGdRtZ1loEEL7Wm8Gqo0A9KS65k:oN8mrJKrx9eUU6k3CQQEEvWm8Jo0AUXk Copy to Clipboard
ImpHash -
C:\Users\FD1HVy/AppData/Local/Lock.Resmon.ResmonCfg Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 7.43 KB
MD5 a48cf4bd897e96bfa8a3a0a8222f6541 Copy to Clipboard
SHA1 9896962b21901595e7d16f65b892fce44d4e9b7d Copy to Clipboard
SHA256 1d95094d29d03665e771077540370dcafc7f2a8d7b5b08ec7d7ac87b2ae3a34d Copy to Clipboard
SSDeep 192:RWfT7sq2vw1/R1WlecQTiJ9KGeiHyFQiq:RLq2MTWlecQTi/eiHyFQiq Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Music/Lock.DePu.wav Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 83.48 KB
MD5 aa5b3527a58a284608f7dc377f20ef93 Copy to Clipboard
SHA1 21639a77b6b164376109ad6a92f92d35246e5ced Copy to Clipboard
SHA256 2709d02dd81549f1dd1e1397d77866e51eea9c023996af14dded3a0be01e8ec5 Copy to Clipboard
SSDeep 1536:Zf4+YHVp9/7AHX+WqMf1yQWn8sEafyrgrAPCAVSX7Q0ERu27KxD3RHRtgPFNM:Wn1DAHX+WPa8Nkrx3Q3CZTtgPc Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Music/Lock.desktop.ini Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 512 Bytes
MD5 3e5d2582a5d0c915afef6c8cafa343d1 Copy to Clipboard
SHA1 7062928a2ec000838f78dce8c48693a1859471e1 Copy to Clipboard
SHA256 34ae08d15c34e017facda7c39f7b5f9e8cc891b160072b908969a1a2523772aa Copy to Clipboard
SSDeep 12:x/YcZ74iPoQKG9CHlw5Ok9LIDNV86xqSx95b+1ywId21p4sE0e11:xwA71FCdk9LIU4x3b4bId2Y4er Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Music/Lock.J0 iAXcBYZXSdt.wav Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 67.36 KB
MD5 2fcf5af9e7cd8f1bd708885300663da8 Copy to Clipboard
SHA1 ce76c181f7d9384f16d7e46c2e9940eb9aaa9186 Copy to Clipboard
SHA256 a2fa886eb7eccea940b5b73d3bde82d164fb2485becf5de51ed1f03dd6574e5a Copy to Clipboard
SSDeep 1536:iPMEayyp48QuuxFf0booE0OCJhUoi1QH2+Xz:i3C4/5DoTQ+D Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Music/Lock.n2lzfQolvCVgNf.m4a Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 64.95 KB
MD5 aeb95678e5682f47c9c712a5977216f5 Copy to Clipboard
SHA1 b3581987c9e41377721dbdf7b1f102d151f27ccc Copy to Clipboard
SHA256 d30d3665fc94d06c2106e0f4b05d93cea4211ca046acc6dcb60abdf14447ff2d Copy to Clipboard
SSDeep 1536:9sJ1xXARIVXpr2L4uH+qaJtYjRCWkRBmppJ1OKFqLMf7b4n9:9sJ1xXOITa5+n7YtCWkRBW86qLeon9 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Music/Lock.psWdx1ftUz7.m4a Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 40.17 KB
MD5 4e58ce31f405d30c6b328e8763fdeb41 Copy to Clipboard
SHA1 69e952a4c869aaac40ad200b7739be8bb65610c9 Copy to Clipboard
SHA256 6a675e802640b64a9dd5d78b623a14bb26a0b4eeb629d0a72656f6ebd97fa5ad Copy to Clipboard
SSDeep 768:AXVfO96dCKor8kwaUYu/F7+LuE1cVotnkvPnYL72yWzBJ+r4pD2e14TW:AXtOoiIGUYAFST19uY/2yWdUr4114y Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Music/Lock.RDmw5DGaT83 YD.mp3 Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 85.59 KB
MD5 f80a65edba207a71874ab01b6166190b Copy to Clipboard
SHA1 43ff977e1b23cc0038ff400d0b613a8080a1d8f3 Copy to Clipboard
SHA256 9a7a06d04eedea592b1596d7a79cf720528873ed4c7a1c78e0734b4ad93ca52d Copy to Clipboard
SSDeep 1536:XTWH7r7z3yeecmCfRTLETH+zrrZAd6cl9C8p635JBYaJBC0ioqNvx:XyKeecmCf+LiarC8IJzVm0iTT Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.abBnrhJwU.gif Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 94.10 KB
MD5 1312d0233c0209c3a954e3689bc09ac2 Copy to Clipboard
SHA1 df76188283ad7567a4c20890765b429bd28246e5 Copy to Clipboard
SHA256 8029a0fe563226a9be9a019d44095966deafbd23d53ca769bcb3329dcf1d077d Copy to Clipboard
SSDeep 1536:EP+fQ/xYnTpJWzK5vHU1z9huZqWZPy/+hhSwn+WALHAG/9qykjY5iAEv:EWfQJY3wG85hu/y2h04+1/9qXaiAEv Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.BspkZBQYHi.bmp Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 18.23 KB
MD5 4a71e11f0136c17c609cafedbb2b5035 Copy to Clipboard
SHA1 c5647d8e2d4c5beb363fd86aae28c630c1aadf35 Copy to Clipboard
SHA256 6e3a9ea6bc412a2671c29cfb907ab76ea4a2a0ad1cc5d51d381c7d9529e9bc5b Copy to Clipboard
SSDeep 384:aY7oc3VgJO59JNkM5wMWP2IFkQZEoThSHABSrpoE8/5cpTLf:aYkjJCJNk7oQyCSI6oVRcTb Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.d6Gq.jpg Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 84.79 KB
MD5 b3ed75641cdea02a0990c38c44b682dc Copy to Clipboard
SHA1 81785f672d658efdb837e2cfd9fecafff37fa986 Copy to Clipboard
SHA256 899682125e914dbf98ae3efa4e7e39ea7f5b5f0c14a61a7c58582b317fa3ab8e Copy to Clipboard
SSDeep 1536:BexXnDf1VB0wrDAufxuJDkEuzosd2y+87aWCVHJZCf5XTJKkTs5lTWpvh:IX7XB1DFxuJwEtsd5BuL7ZCRJKLD8Z Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.desktop.ini Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 512 Bytes
MD5 82d46e91be16a17eb99f24cac1768f01 Copy to Clipboard
SHA1 d1cd482829c5e89d764a36af5db3b23535b0d8f0 Copy to Clipboard
SHA256 cb4e93277081095bdbd95f8bd745a80700689bc25483259ae9d970a2c72f076e Copy to Clipboard
SSDeep 12:x/YcZ74iPoQKG9CuF/+Pih/a63DCoDSr3xGFUZ4ppWpo4:xwA71FCi4iVn32oDskFUZQpW64 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.k1wdGB_YAwU14UY.bmp Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 36.01 KB
MD5 9daa5292651bebbe06f0e41ea6a7ed75 Copy to Clipboard
SHA1 7c993c6e29a5f60ee4e237fa64a35b9f9f656c9a Copy to Clipboard
SHA256 c8e0c066b2c92275eadcca6bcd33b049cdb848bc5991f1e3f46eb61637631db8 Copy to Clipboard
SSDeep 768:HrNDuiwLWJVqI0X7CPzrxtk2JNeGs9qIL+dnWVT/6ObRqdC9kvM+:JgLrI0X7CPJtVeGskjnEyERuC94 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.MYUszCBAPCzmXXDSG.png Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 27.87 KB
MD5 20809facce88ba637ba1749cd7c645c5 Copy to Clipboard
SHA1 5e255aa1f8014d699db2505c3c61b813df60de6e Copy to Clipboard
SHA256 03239f21a450220c2d563c9315a754b49154fa6929bd10124f8da1cbfff249c5 Copy to Clipboard
SSDeep 384:HqoRvFVDQz4tjHy9xIuOqDNIB/zy2zGC0x0PrNc4hDIGW1W9KSKXwy+65VU9uT8N:KmVUsC6hQWyCp5BhsG8tgTRubdZfVY Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.Ndo_wHdmDfLw8EHAJ.bmp Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 49.22 KB
MD5 a46f660ebbeb90a6229102d8c567c587 Copy to Clipboard
SHA1 9c830db7941a7f928a189fe85ffd35589f052290 Copy to Clipboard
SHA256 0a02975c6f57b6e0ed58a180fcd854e5848d1f9c1640a1abc8ba1006629cf057 Copy to Clipboard
SSDeep 768:UQwI36486mciHV6ovqlfuvBOkqCvotYa/V7d7qYlivXQTBGdxKGkqGe5SBwShaZ:JqlL1NiYKiSf/FwYrTBGz3b5iaZ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.NU6pYHrnfbris-w219Y.png Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 71.74 KB
MD5 61c1792dc7985179df12f69ae5565d12 Copy to Clipboard
SHA1 3077b6cbd86a74173e62952575fa7ca5a34c3c17 Copy to Clipboard
SHA256 55680dd889c29c304eb70f1c2ce48bcc0d5769f8a96e0844567b82709cbdb4e9 Copy to Clipboard
SSDeep 1536:p3NNvXuXu4eESGcmCS8K60iNpqBiVhJTg/EyaPyVwFdt5SasA5LfU:3NveX/eDmGNp/VhJ0/wPZdaeU Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.q0Ayv.png Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 45.05 KB
MD5 5bcb10e62a410cb1ef6fef91952aff3e Copy to Clipboard
SHA1 f419ff18c385563496ddb31a9c33b98d5669d072 Copy to Clipboard
SHA256 acab46fe82e0f7b0446214602edc24262320be1db937693a5f5029a0b5cd5086 Copy to Clipboard
SSDeep 768:oKwVfSOzIHBUiwwDlNn18t9sM7HMvfXTAfpin0H8jEdhJEKU/B+sjq9+7uDGE02m:gqO2SiwwDlNyt97HM3X0fEjEdzEKevjL Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.SWfcb.jpg Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 83.78 KB
MD5 89c4feb59dbde990f8f4f539660cd20e Copy to Clipboard
SHA1 cb20e8f2d92aa58dc7bf0483af8e2a29edfba235 Copy to Clipboard
SHA256 2872c8ffd961e6bd7f7c3a95d217ba31c0c0ef5849fd46c3ff589027702b4595 Copy to Clipboard
SSDeep 1536:YzyRlgm/i5tQQgMnpLkWGdHtNxBgytVnfPsQ7lEgwnuw6N/ni5O2u6:Yzagm/kKQPnXG5tNLggdEQ7Muw/du6 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.T9bmRc0wgjLMG_.jpg Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.37 KB
MD5 54c12c3cfeb9d372afc43279326b44aa Copy to Clipboard
SHA1 c511fff8685d539c927570e537b21128c807b5f3 Copy to Clipboard
SHA256 0f8a3241e8bae0642b550e07a96b9567b55f864cb9150a04e21fda2f566459c5 Copy to Clipboard
SSDeep 24:uPYp9dkLcfw/EVf0IOiTfOJMJd2zIS2CJc0oeGnvypsuurrhvlxnsSOSa:uQpCcfiEVcWCi6F29vy2u8V/ba Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.TbPkae.gif Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 76.38 KB
MD5 c0b2965fdd48f45d96e4ce9dda4709cf Copy to Clipboard
SHA1 85337ddfbb237b668499a1043654977aa2e1fe17 Copy to Clipboard
SHA256 2a020a7ea0342b88dcfc68777fe759b28db91506b9b3d7c138f373784169a21c Copy to Clipboard
SSDeep 1536:LdWoNrl2s80yZ0tCdGezFbcupGqw0RIfdYHEewd0yvTwf17XtE6AV6:pWoCf0yZ0tdezFJQZewd0yAtu8 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.Th2s_hnP9cJx5.bmp Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 14.71 KB
MD5 c4d477a35e3ef01792244958238990fb Copy to Clipboard
SHA1 8a7a3fb4198e1d113c69b85899015e5ac4b07a14 Copy to Clipboard
SHA256 137eb7021211fa25196cfe71ee90440cab6590bb989ef4c85ed7e2906a76dd52 Copy to Clipboard
SSDeep 384:t9Mvh7HfypnzzKCa1QDkgzVDzw2P8H0Pu3ie8PLLR+F42/9tnz:DMp7/wzhPZzptkgTLR+3nz Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.thpKc0ZlnbdGnIRJzL.gif Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 49.74 KB
MD5 f5fea38ba8968045cf7274e0936aca5d Copy to Clipboard
SHA1 b4554f9d2cb77077a390daffa4aaca8d82f790eb Copy to Clipboard
SHA256 23047e956bd68a7db8ace727e1c8c0576d65601172f5152c5e7e291001030882 Copy to Clipboard
SSDeep 768:PPkLlAgxmuyCuV5b83M3FT4RF07qODC/eNDOg545dtpy2i81vxFG8dZoyj:XkLvArV3F8s2k745dtMw1vWorj Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Pictures/Lock.yuOTM-ydpavUWyQnpT.gif Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 71.42 KB
MD5 c96ec3174ca2895aebb00f7c9c251e0e Copy to Clipboard
SHA1 be19e4be178bdbca27fde0f30c1a8314a43e6ce0 Copy to Clipboard
SHA256 78a1cc92112f1f050a0c7edf464c1f340f34f367d90930e9ac607288a3c8a7cc Copy to Clipboard
SSDeep 1536:y3Y9vklxkeovpDzgKRmRnp2ZPvcNUgR3sKzXLYdtmLM07cHg5PM:T9vkkpvpf1RmRp2C7RsKGmFQHg9M Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Videos/Lock.0FMiSmnvsI1v8s.swf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 36.24 KB
MD5 f8b7331716d9125285e0aea49b3e4b74 Copy to Clipboard
SHA1 6e8ce8abf887290d3992e36b0f12f71968b43201 Copy to Clipboard
SHA256 606d46be8630f5309452a6a14eaec4a8494c1221de00bf0dd9afc591f7a37d85 Copy to Clipboard
SSDeep 768:asDlRumkweePNqLF6TQOuLS8tEI30YwsdwnuK9w87+NoLOuta4edkH:/bQwdV1TQOD8tEI30jsdQ9w87+No6u4K Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Videos/Lock.desktop.ini Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 512 Bytes
MD5 ba8e16029d84e8959d9562cb2032d9bf Copy to Clipboard
SHA1 b2953e85caaeca1257522b2efcbec4c0937b20da Copy to Clipboard
SHA256 e78630bba56447930624526c839eeb26fa8192df0f97ddd5115fbf630dc2eeb0 Copy to Clipboard
SSDeep 12:x/YcZ74iPoQKG9ChqkxEWGx/rb0l4iLNnO91lo:xwA71FCAdf5rM/ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Videos/Lock.hRmi.mkv Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 12.62 KB
MD5 d581a80f99178e83a9ae42e14c5f544f Copy to Clipboard
SHA1 2d9b140824c163d208cb997b522518ff21dc3049 Copy to Clipboard
SHA256 5ad93813d98e942821cf083b0ba8dbf70ec5ef2b68baadd528587cd58c06f27b Copy to Clipboard
SSDeep 192:OF/QoIGObGzuV8B/6NSzzN/YVW6moyq0znSoYFb9lsmiwVh6sCOLY17R9cuI:44rGBNzzN09lyq0znwb9+vwVsPn9cuI Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Videos/Lock.XujfB_EFQdQYTzBm8.flv Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.97 KB
MD5 ed8c42697f5655e568d7890de0cf6b1a Copy to Clipboard
SHA1 ac164478b729a9356edb25732dc038913f3bc65e Copy to Clipboard
SHA256 4245eb3ef9877e61057204dce1b60e72043e27c4faa1f51d98dd6a6dd592b782 Copy to Clipboard
SSDeep 192:D9evPNcp2J9txJ8o7D6uKCJjGo3Za4WPuupS/ZcbPtkePYHsyUDbpld/g:D8ip2J3xJXucCGQSebjPYMLXd/g Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.1jNOs4dsiatFwtPt-_j2.doc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 54.52 KB
MD5 401dfd945a7681a81b4f75699befa9d5 Copy to Clipboard
SHA1 848995534bb83724cdc3afd65a0d33c7727f71af Copy to Clipboard
SHA256 501cdafeeb68adf1548b7df8de14469615fb1ea13bbbb9cf19bddf211344390a Copy to Clipboard
SSDeep 1536:7duUp9zq0XNOCLdILQyK7Cxkwst3ZwmclJ:7duUvzqT2KLk7CjSpDclJ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.1L1L.xlsx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 18.40 KB
MD5 752dc27eeb9cb3406a71030e4f034270 Copy to Clipboard
SHA1 6065c3bc67b4a078f33971051c85c1a1ed726617 Copy to Clipboard
SHA256 49f4264def5eac08871054e966c562446ce0a3b1ebc902c55f9372fc876e1439 Copy to Clipboard
SSDeep 384:2eVgl1HxoHcg+r5PADuT6lyqPvnCSjtIe0yR7P/I8ivnwu6Dw6UoZEKwT5PGKGYt:vVMSHy5PAYCdCuSe3RbCbQLC9bGW Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.9mu- e5Z.xlsx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 16.69 KB
MD5 14baf58a713b06e0644a5b32448ac4a0 Copy to Clipboard
SHA1 3a9941c8b08565c94702c1ceb0005e74d613737a Copy to Clipboard
SHA256 aebd72ce7e402b7a9874d7eaa5106b346565b0e1d7f0de62ce7f4ef847cd12ec Copy to Clipboard
SSDeep 384:YAr8Jnplj/39zfDyGuc0BWJDlIqoWBu4khV4JaeZTi8rrgHttg:YR5X/bu/wDlIqMVreZTi8Cc Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.BDml_a2hzV.docx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 41.27 KB
MD5 972de6365585d8cf4db651cfecdcd2e2 Copy to Clipboard
SHA1 db793c1ecabad8339d0265b5b4325c3746848382 Copy to Clipboard
SHA256 5b74e86117d4fc30ce73bdcfd4b7776fc71a6ca847f9f665066baabadf037e94 Copy to Clipboard
SSDeep 768:czkwy8K+KdDWsqNqHXWlIJ7bPoQdNh35cXN4m3a415dBbwB:V3J+6iKJ7EQdNh3OXNz33BC Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.BGmPJ_.pptx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 86.97 KB
MD5 1e73caa4b49d6110307af0941ea5f81d Copy to Clipboard
SHA1 d377c59b0bad378ac03304cc4b3a81a22eefc280 Copy to Clipboard
SHA256 ad81e5becd87802cfaf3e18f28af1ee7c56f5c7faa6a91c9b13e47840b98c4ef Copy to Clipboard
SSDeep 1536:BQSGZBrQg4kKcblFTodLV1ZtgSnP3qgY7rWCreD9TJGEhDoDsa9pRFUYekXvl/Lf:BQSKcRzAzTodlt3PK76uyJoIsTFUg9/7 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.Database1.accdb Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 340.01 KB
MD5 fd21abab929c2370501fe2a6238e47bc Copy to Clipboard
SHA1 f2bff8713ee051773768ccf2b8408f28e969b9f6 Copy to Clipboard
SHA256 be36d2ff402c8ce0e0cd2eba18763b41e44ecae64903aacfdb61740d9c92126d Copy to Clipboard
SSDeep 6144:F0xUrI8PArYAItqhq9rFl5zxbicpnjz/rfsqngSJjvuU73kXXQK:F/rY8AI8hCrr5ocpnvjUqzJjvDkXB Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.desktop.ini Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 408 Bytes
MD5 7835655816219d921dffbdb312396000 Copy to Clipboard
SHA1 bee4392a2a21f1faff64510296ed6d29d5ba6e7a Copy to Clipboard
SHA256 4ef42b28c2d34762c16b1b31beae549b7a01c891ecf402fe5fe84b79f12afce5 Copy to Clipboard
SSDeep 6:x/unJ6ZESn4iPU+HID8/KOv9CuA4+2Nof9wWdQM4hW0Zi7DYVc8k:x/YcZ74iPoQKG9CuA4GlqG2k Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.Fuv1mdjpidzq-6YHGh.xlsx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 76.58 KB
MD5 318631ba40c85cc90842decad22c0b58 Copy to Clipboard
SHA1 6134cc071adad5874f8acef82140a52ef525f82a Copy to Clipboard
SHA256 c65b6fa7da74a6c78e5dd377499c9308a48dbb648fcf9ea284fd338a1370ee18 Copy to Clipboard
SSDeep 1536:CigFbKn+lGlnzAV2BKB+Pa/xxy9Hn+rHJs1OsG58E5TiPbEqXIx:4F2/cQbPaT+OsK8CiPbEHx Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.hYiEt-0f.docx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 74.83 KB
MD5 6e3deeab2d962d9258bd5117e02fe28e Copy to Clipboard
SHA1 223f846474fa01df77853f584a4062e1abaa70cf Copy to Clipboard
SHA256 7edb6091e9ae33280be0be247e92c7abaa7e8ef93032e996de7557e897c2e56f Copy to Clipboard
SSDeep 1536:EWh5X3SEPA2yC9eAEdwiqiYDH/gTmtkMT8I1kGyU:DDtL1EKilYWKfJP Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.ith_1X2kFN3hB-U9.xlsx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 75.55 KB
MD5 fd96f993f5e35df4cb2e311cff08dddf Copy to Clipboard
SHA1 6e6dfc77dbd2c0e36ba9218bf662e1cbd6210103 Copy to Clipboard
SHA256 4ba92a7aa39b0bc88513cd7eaaf00032fa8f67416357701e85bd724593221a87 Copy to Clipboard
SSDeep 1536:LhMs/ebmaG+owPVFo5KChzUCU7yDNpMBp1wNA6SRscIWnYabR:LhD/ZawawKmU19Bp1UksJWf Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.J30FxxC-.doc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 62.17 KB
MD5 f478603bf148a19200a9962d1e0b116f Copy to Clipboard
SHA1 9aa8ac10c49e0349f18d09cd4a01e319e8c3282d Copy to Clipboard
SHA256 11ac343c3db720cf4850868d137474a2ea5ead73f7778b31b7e4b64da7e087f7 Copy to Clipboard
SSDeep 1536:BfgDnvljXeV4qcX8ZrVpF0eUd4o6qiPbVV0mnw:RgDv1OVzg4HF0eUyhqipV0Sw Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.kw9ZLIvDnQk.xlsx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.63 KB
MD5 2d78eba621dbdf46cd7a8c909b358fec Copy to Clipboard
SHA1 49f121c7e1d4f3f4412d1e08696c3aab175760d8 Copy to Clipboard
SHA256 bae1b394f5b5f06187b12716c9b341cad9b6865d6c22fed33743ece641ffc0a9 Copy to Clipboard
SSDeep 48:IQ/qOuD/igHCDOJuieePqws46Rq3P+EmBUG5UqXDSiBhNKZHP2c01:JUHDJuie00eGqqXDhB3KZHP2cU Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.kZP09G.docx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 23.08 KB
MD5 42877c6eb9c15fdde68d20029090875b Copy to Clipboard
SHA1 69e8227a682f040b8093b19de1edf9f6d0528e3f Copy to Clipboard
SHA256 5f618fe772e9caf11a8234acc538e01a45e9d8b89b3a9584ed8949af37a720d5 Copy to Clipboard
SSDeep 384:MhNFeHhPlMBg0Kq+Iqf4GDnln9YtjTfVYCnXS+F1z3SB5O2JYsSpY73wJOjQenhf:qFe9lMBg0VSfLDEVTNYIXS21z3SHJYIp Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.L7MGGQIaJ.pptx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 84.95 KB
MD5 a00e5667295e7616a2009b71a19fb691 Copy to Clipboard
SHA1 ee9efcaa899d4a808672ff9b875df8ab5998b7be Copy to Clipboard
SHA256 c59d05b664d09ea17a1913627e11c17941d93efb364e6cdbbfa92019921d5df3 Copy to Clipboard
SSDeep 1536:5wxgJTtwzCCi//7EZvkS3YfFem/cdPc4tOSvRSlSE99NjRaA00xKYGJgaeA61lGr:66T+CpECS3YIyS4jjEjMKL81lG3b Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.lC9iCEh8edFMc0F.xlsx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 38.72 KB
MD5 adffaba3c660a31cdf922c1acf78f585 Copy to Clipboard
SHA1 b9328eed49ce6f24daaf3a9cc63feb19afa408ce Copy to Clipboard
SHA256 2449a158a53e06eee051daeab0f74dbbcf7d5b63f4f422137ab9266de98cfe90 Copy to Clipboard
SSDeep 768:oMLwwsE3CoK1IfSPcnJMneDpw8PRJKgaA5/gcO06/3LvTT8k:oZwL301IfSPcJ5Da8PUAid3v4k Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.Lci9q.pptx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 54.20 KB
MD5 3356c5bda7b11ddba0cac61d2da1baeb Copy to Clipboard
SHA1 b1d323f823b639eb4646920dc10ad47946d9ddfd Copy to Clipboard
SHA256 a21fc441ddab6560ef7b4a85c9f85128c7bb1fad7d65c41efb7d9871099d11d6 Copy to Clipboard
SSDeep 1536:OVD2JSFHMHtWO/tQpYuRIsefDxN0o/6Vn5hfwS8XXGcifj8Z:OVnYtWAtQpYFsOHrCVn/wL/igZ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.MvKsZ2f3N9SAK.pptx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20.95 KB
MD5 1d5b30d7593155d909e4e96fbf210f7a Copy to Clipboard
SHA1 316a29bef051e8459e0bbc3ddba0105bf50bbe8d Copy to Clipboard
SHA256 93c19369593dcd07fb4747328b7196e7085a1d54da4ba675495e2a003f950b5a Copy to Clipboard
SSDeep 384:VqF7OdpmBB9v8ENB/HDVBASKNXZUhPcjCjrEurSUh2pNS+wl23D1+aiEtOqYCdQn:VqF7OGzuE7HDV6ZMkmjr7Z2pDgPEjEYi Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.nBWvBa.pptx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 5.95 KB
MD5 1324229b70441bc08ebea3938491d7f8 Copy to Clipboard
SHA1 a60516c6ec71442e5109ccb1a79a47b3ea1368c6 Copy to Clipboard
SHA256 0de99e9ce0f4f5d23a68091511a8d54221da041f7493102975cdff58474dda7f Copy to Clipboard
SSDeep 96:oQXi9qJzJbA15XX18ZxvcQDHvZ8Vw19yZWMi+76Erk//3e3r7wXJONNLUKc:oQfJbA15CZxv5BfRO1rk/ve3PcQA Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.nuI2xgrk2vyv2-2D.pps Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 79.55 KB
MD5 be475413424e63f457da83e4e88d6365 Copy to Clipboard
SHA1 14d63880fa267a338be7eb841e5c1ba88e4b99cc Copy to Clipboard
SHA256 8e09f71a374bac340eb8ae5ff1c8f2b5f9af31a03a681a59a4a743b9d8c37230 Copy to Clipboard
SSDeep 1536:15Hys9D3hdlKSFQ6vCpFyEZmh23JL1BDf72dHlQPYvw6kx6AGAHHdESSrRuDDSQd:15HyIxdlKSqpUE4h23hf772NlQewpE3w Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.pFCcGpVbcXPSBWLa.pps Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 80.71 KB
MD5 28bb8c67cedea3ff5a2205b44a74ea8c Copy to Clipboard
SHA1 f760d023e0e0210b6a74256751627f10120725f5 Copy to Clipboard
SHA256 6b3227329578deba5674d2d1fd308785c3f92a1d1318f48d662e442c6cf90c39 Copy to Clipboard
SSDeep 1536:+CFoZv92CCe3R28Ah/wJLKiDtG1j5ZajD4mpWdSo6fUSu/jNEA/0ynL:FK2CCe3DACJGj16jW4vA/jNEAcyL Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.pTQouiVh4lNVdQWF_W.rtf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 61.64 KB
MD5 d263933a777e7af6fdcc80483902c096 Copy to Clipboard
SHA1 27d479fe51ec55eb937a2adb16fdad3ed1611b06 Copy to Clipboard
SHA256 7d32d421a298f3a8d36521726fa4b5f1f3dffdde5ced6010c12fc8bac038ade4 Copy to Clipboard
SSDeep 1536:fb0hh8dVH9aJmJRqoNEowZk78sdoHlMJBGxvdOA4x:wmdRJRVEol78sdoHlMJByFxi Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.R8WIHAk.pdf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 33.27 KB
MD5 a5bba0060661fc582c9d84fdac20b372 Copy to Clipboard
SHA1 469fe8b5e9a5115a3252f660f38453206770db6b Copy to Clipboard
SHA256 693265a47c996027d5b999e25b00577050135e33699a7e14bbe698aae0e053ef Copy to Clipboard
SSDeep 768:PYbfPMVuqiGzQMfx2OJLgXVBazukgvH4KWlFfPK:PGXMjHzmOaXK6kOH/QPK Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.S7DDzGLO.docx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 25.90 KB
MD5 dc0eb5c6db12b58d95b10b89287f1db0 Copy to Clipboard
SHA1 e7fd3a66315c17d1cd7a190f7f89579f0a6fe1e0 Copy to Clipboard
SHA256 a922d5cee6684d09f1f511bc2e8622a31e1380db15d8b021cf073b0e12aa5744 Copy to Clipboard
SSDeep 384:xQDR3/SiZJsKs9szMTSpqIGG/b6r1/tF+P6YHXus9nrkAZyoTaHXxt0HJIPg/UK1:xihlwE25tF+P6YHXuGrkA9OMSPaec Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.vai5o9F.pptx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.78 KB
MD5 433fcb8c76a6efe1da0f5fbf31c7736f Copy to Clipboard
SHA1 b98651a965919c75235ed1a1bbf861aa0f6f713c Copy to Clipboard
SHA256 67cf271deac29022298e72de1c1a8d6037268ba5bb78e573bda04988191d7358 Copy to Clipboard
SSDeep 1536:TMTPTLhxCYKROXih1Fg1nQmcGDp7tgOd6xOQMxiPQmameRF1n:Uh0giCQmluOd6IUNKRF9 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.VQCf4sXQz0.docx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 28.78 KB
MD5 a0d998a85e96b34072eb33ad41dc175e Copy to Clipboard
SHA1 eaad9a90696ec8ee34e7702269bb79fc13600878 Copy to Clipboard
SHA256 dfe9770de00509b786764670898750cc28cb996fb66a599f51e089306762e22f Copy to Clipboard
SSDeep 768:3vZXQtT3yjmCSsTl0e065Zq6VVPtQzv1PNU9DORtg:xAtTCTNhDsEQzv1Pu9ay Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.y89VhZ.rtf Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 26.00 KB
MD5 153266a535430243909892d2911ab5f8 Copy to Clipboard
SHA1 c7cf8081c8bcaa20609ee6d5a7c5c16e43a57fbe Copy to Clipboard
SHA256 699fa516b6217598d3bb2ff3ea6e4144d77ff732a90f01ff4dcb136341febb2f Copy to Clipboard
SSDeep 768:fZPEadDqnAQ9r3zo+7vlu762YsnRwnSnVAdV4L40:fJElnAQ1n7vlu762YynViVix Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.ypyYdQHgVdPHUEe.odt Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 70.48 KB
MD5 2646144a99f5419184611664ba81216f Copy to Clipboard
SHA1 743a9f58d13a43d2b7344948796722eb808eccf8 Copy to Clipboard
SHA256 f72af673b3a01dbaa5e495ce3560a9bdbad7813c3fbfd9dec38e63fdd67f1e26 Copy to Clipboard
SSDeep 1536:MJWUBl+qNqXjdku6f3HXviljLogW/7bkkffOtM8VUCSN:MNltsjdkucHXvh1Akmw Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Documents/Lock.zP4h.xlsx Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 19.44 KB
MD5 acbcb6c433fcead846a45e522d0a9763 Copy to Clipboard
SHA1 0c871275af843048aa13468e0899203dc491df15 Copy to Clipboard
SHA256 e554f9e66977492cd8eaffe4c2a932a2832c474d156848371a12faca5fdfe861 Copy to Clipboard
SSDeep 384:uDoBGSmEUX18FP4hzL7Z9njMvcTWWDT4Wp7ynpXe6ZWBl8O:uDhHEUF8FwzL7ZWESWDTThuWBlv Copy to Clipboard
ImpHash -
C:\Users\Public\Documents/Lock.desktop.ini Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 280 Bytes
MD5 ed32321288e596a743e12080885bd804 Copy to Clipboard
SHA1 bb98925e7c07132b23bb32b11978b6bda0b11bf5 Copy to Clipboard
SHA256 b5a21156abd7ed5f0c2b1a0a4ac458ca832e401707ed97361967d46e240045bc Copy to Clipboard
SSDeep 6:x/unJ6ZESn4iPU+HID8/KOv9Cwd2oqbAeifTeWBUhUxcx:x/YcZ74iPoQKG9CwdS+eWehuA Copy to Clipboard
ImpHash -
C:\Users\Public\Pictures/Lock.desktop.ini Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 384 Bytes
MD5 ab6923299c092b4c0f3fcfbbe65b1621 Copy to Clipboard
SHA1 72261916cc9544c36b6f9c50bd3c1ba12d1f058d Copy to Clipboard
SHA256 25e6ceecdbf5de7a584bb272da67f20ddb8fba4f068a7b15ea05eab2bb60bd0f Copy to Clipboard
SSDeep 6:x/unJ6ZESn4iPU+HID8/KOv9Cwd+Iy+DTybApfQ4a94tu7fu7Kesza865InVVdwA:x/YcZ74iPoQKG9Cwd+IPTcAp4P9p7fuo Copy to Clipboard
ImpHash -
C:\Users\Public\Videos/Lock.desktop.ini Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 384 Bytes
MD5 1266a4ab23e5f2bb48db47c0ad3a391c Copy to Clipboard
SHA1 8a3c979136b0432c9291d5dbe25cf5a9c1bc043b Copy to Clipboard
SHA256 7ff02fe5fdd24624fb413f493ecb593606663dac00382a7a0e12303bd45a7ae9 Copy to Clipboard
SSDeep 6:x/unJ6ZESn4iPU+HID8/KOv9CwdRgZ/6xDhyPlrt45UxnDmOY+FfzFqrQxhNeEof:x/YcZ74iPoQKG9CwdRgZ/qDhyAaiCzFs Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\aut90DD.tmp Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 69.39 KB
MD5 49edb451621ea67fb6f7bbbca2a54904 Copy to Clipboard
SHA1 d07fbbf93f001bd138ba60805b3468e55c103a38 Copy to Clipboard
SHA256 2773f982c4d0e9ed262c5f3d35c3122870dfdf402d1b224de72413e9c69e633c Copy to Clipboard
SSDeep 1536:WWxKpQMOMTWN3JmyJrxcMZn5AvlwkbnyiMim:WEqyMTWtJmmiuAvlwCyiS Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\wl.jpg Dropped File Image
Unknown
...
»
Mime Type image/jpeg
File Size 75.05 KB
MD5 c4aaaa8add0aea17b91b92d82570d652 Copy to Clipboard
SHA1 50a4a93a23b349cbec3fee322eb47f1729c07b2b Copy to Clipboard
SHA256 6a2d6fce8111eebd5aefd6bac6afcd710b3f4094236ae86bdd3987e1766deac9 Copy to Clipboard
SSDeep 1536:zgVqQA2vzy/DtN0lnmdlcR938EWdCFq7Yyt5wsI9Sht9hMg:cwQeDmgcf38V8FsDPwsIsAg Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image