Analysis Report

File Information

Sample files count	1
Created files count	6
Modified files count	10

d8891477315db13a640ed5956a636951.exe, ...

File Properties
Names	d8891477315db13a640ed5956a636951.exe (Sample File) c:\users\hjrd1koky ds8lujv\appdata\roaming\{b3889326-9c2c-0b70-124e-56b7b618030c}\esentutl.exe (Created File)
Size	116.50 KB (119296 bytes)
Hash Values	MD5: d8891477315db13a640ed5956a636951 SHA1: abb3fd6a48b0881f4d01ff468ea81cd81e24e97b SHA256: ddffb78d1b7dd7831fc074911671fa5e3b9d7b33f10ab3a9933cf563b570f756
Actions	Actions Download

PE Information

File Properties
Image Base	0x400000
Entry Point	0x428105
Size Of Code	0x3400
Size Of Initialized Data	0x1fc00
Size Of Uninitialized Data	0x2000
Format	x86
Type	Executable
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2010-11-06 16:27:40
Compiler/Packer	Unknown

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.MPRESS1	0x401000	0x27000	0x1aa00	0x200	CNT_CODE, CNT_INITIALIZED_DATA, CNT_UNINITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE	8.0
.MPRESS2	0x428000	0xc6f	0xe00	0x1ac00	CNT_CODE, CNT_INITIALIZED_DATA, CNT_UNINITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE	5.62
.rsrc	0x429000	0x16ec	0x1800	0x1ba00	CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE	4.34

Imports (5)

KERNEL32.DLL (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
GetModuleHandleA	0x0	0x428064	0x28064	0x1ac64
GetProcAddress	0x0	0x428068	0x28068	0x1ac68

USER32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
IsWindow	0x0	0x428070	0x28070	0x1ac70

MSWSOCK.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
rexec	0x0	0x428078	0x28078	0x1ac78

GDI32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
CreateICW	0x0	0x428080	0x28080	0x1ac80

Icons (3)

c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\windows\start menu\programs\startup\esentutl.lnk

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\windows\start menu\programs\startup\esentutl.lnk (Created File)
Size	1.22 KB (1252 bytes)
Hash Values	MD5: 67cd3a3b1ce7ddb9773fb62685ccec50 SHA1: 9603fd2454b2c4e81307bceda814ea139cd4a089 SHA256: 3ab432c75c02fbd597e41a99e3956455472af6bd9bcc93d8444df0fb3f200561
Actions	Actions Download

c:\users\hjrd1koky ds8lujv\appdata\roaming\{b3889326-9c2c-0b70-124e-56b7b618030c}\esentutl.exe, ...

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\roaming\{b3889326-9c2c-0b70-124e-56b7b618030c}\esentutl.exe (Created File) c:\users\hjrd1k~1\appdata\local\temp\8055.tmp (Created File) c:\users\hjrd1k~1\appdata\local\temp\8361.tmp (Created File) c:\users\hjrd1k~1\appdata\local\temp\90d9.tmp (Created File) c:\windows\system32\wbem\repository\writable.tst (Created File)
Size	0.00 KB (0 bytes)
Hash Values	MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\json[1]

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\json[1] (Created File)
Size	0.21 KB (219 bytes)
Hash Values	MD5: 09fe17a7ae104aaf72f596d1b61ebaaf SHA1: b2d708cc49d7d0bdb63a7f2baaaa77dec116c56f SHA256: 6645aae9e4f1b450e44748f0438e9beed49ce51a280b286e27f47b46ba70d6c7
Actions	Actions Download

c:\users\hjrd1k~1\appdata\local\temp\8055.tmp, ...

File Properties
Names	c:\users\hjrd1k~1\appdata\local\temp\8055.tmp (Created File) c:\users\hjrd1k~1\appdata\local\temp\8361.tmp (Created File) c:\users\hjrd1k~1\appdata\local\temp\90d9.tmp (Created File)
Size	1.74 MB (1828352 bytes)
Hash Values	MD5: 6ef5f3f18413c367195f06e503ab86a6 SHA1: 74e5861dd61d6ddec17dc802664e26196d628bc9 SHA256: 6f8b87fb4d67f9e76a51ef759b58a95d903c4aac9c789a65a3fa1fc4f253d978
Actions	Actions Download

PE Information

File Properties
Image Base	0x75410000
Entry Point	0x75411a45
Size Of Code	0x1a7c00
Size Of Initialized Data	0x18a00
Size Of Uninitialized Data	0x0
Format	x86
Type	Dll
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2010-11-20 12:57:39
Compiler/Packer	Unknown

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x75411000	0x1a7ba5	0x1a7c00	0x400	CNT_CODE, MEM_EXECUTE, MEM_READ	6.75
.data	0x755b9000	0x996c	0x7600	0x1a8000	CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE	2.72
.rsrc	0x755c3000	0x3f0	0x400	0x1af600	CNT_INITIALIZED_DATA, MEM_READ	3.36
.reloc	0x755c4000	0xea3c	0xec00	0x1afa00	CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ	6.69

Imports (377)

msvcrt.dll (50)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
_aligned_realloc	0x0	0x75411000	0x1a674c	0x1a5b4c
memchr	0x0	0x75411004	0x1a6750	0x1a5b50
_strdup	0x0	0x75411008	0x1a6754	0x1a5b54
strtoul	0x0	0x7541100c	0x1a6758	0x1a5b58
??0exception@@QAE@ABQBD@Z	0x0	0x75411010	0x1a675c	0x1a5b5c
_lock	0x0	0x75411014	0x1a6760	0x1a5b60
__dllonexit	0x0	0x75411018	0x1a6764	0x1a5b64
_unlock	0x0	0x7541101c	0x1a6768	0x1a5b68
_except_handler4_common	0x0	0x75411020	0x1a676c	0x1a5b6c
??1type_info@@UAE@XZ	0x0	0x75411024	0x1a6770	0x1a5b70
memmove_s	0x0	0x75411028	0x1a6774	0x1a5b74
memcpy_s	0x0	0x7541102c	0x1a6778	0x1a5b78
??0exception@@QAE@ABV0@@Z	0x0	0x75411030	0x1a677c	0x1a5b7c
floor	0x0	0x75411034	0x1a6780	0x1a5b80
??1exception@@UAE@XZ	0x0	0x75411038	0x1a6784	0x1a5b84
?what@exception@@UBEPBDXZ	0x0	0x7541103c	0x1a6788	0x1a5b88
??0exception@@QAE@XZ	0x0	0x75411040	0x1a678c	0x1a5b8c
_onexit	0x0	0x75411044	0x1a6790	0x1a5b90
_CIexp	0x0	0x75411048	0x1a6794	0x1a5b94
qsort	0x0	0x7541104c	0x1a6798	0x1a5b98
_aligned_free	0x0	0x75411050	0x1a679c	0x1a5b9c
_CIcos	0x0	0x75411054	0x1a67a0	0x1a5ba0
__CxxFrameHandler3	0x0	0x75411058	0x1a67a4	0x1a5ba4
memcpy	0x0	0x7541105c	0x1a67a8	0x1a5ba8
_amsg_exit	0x0	0x75411060	0x1a67ac	0x1a5bac
_initterm	0x0	0x75411064	0x1a67b0	0x1a5bb0
_XcptFilter	0x0	0x75411068	0x1a67b4	0x1a5bb4
realloc	0x0	0x7541106c	0x1a67b8	0x1a5bb8
free	0x0	0x75411070	0x1a67bc	0x1a5bbc
malloc	0x0	0x75411074	0x1a67c0	0x1a5bc0
_CIlog10	0x0	0x75411078	0x1a67c4	0x1a5bc4
strstr	0x0	0x7541107c	0x1a67c8	0x1a5bc8
isalnum	0x0	0x75411080	0x1a67cc	0x1a5bcc
sscanf	0x0	0x75411084	0x1a67d0	0x1a5bd0
strrchr	0x0	0x75411088	0x1a67d4	0x1a5bd4
_purecall	0x0	0x7541108c	0x1a67d8	0x1a5bd8
ceil	0x0	0x75411090	0x1a67dc	0x1a5bdc
_stricmp	0x0	0x75411094	0x1a67e0	0x1a5be0
memmove	0x0	0x75411098	0x1a67e4	0x1a5be4
_vsnprintf	0x0	0x7541109c	0x1a67e8	0x1a5be8
_ftol2_sse	0x0	0x754110a0	0x1a67ec	0x1a5bec
memset	0x0	0x754110a4	0x1a67f0	0x1a5bf0
_CIsqrt	0x0	0x754110a8	0x1a67f4	0x1a5bf4
_CIsin	0x0	0x754110ac	0x1a67f8	0x1a5bf8
_CIpow	0x0	0x754110b0	0x1a67fc	0x1a5bfc
_CIlog	0x0	0x754110b4	0x1a6800	0x1a5c00
_CxxThrowException	0x0	0x754110b8	0x1a6804	0x1a5c04
?terminate@@YAXXZ	0x0	0x754110bc	0x1a6808	0x1a5c08
_aligned_malloc	0x0	0x754110c0	0x1a680c	0x1a5c0c
atoi	0x0	0x754110c4	0x1a6810	0x1a5c10

ntdll.dll (12)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
WinSqmIsOptedIn	0x0	0x754110cc	0x1a6818	0x1a5c18
EtwUnregisterTraceGuids	0x0	0x754110d0	0x1a681c	0x1a5c1c
EtwRegisterTraceGuidsA	0x0	0x754110d4	0x1a6820	0x1a5c20
EtwGetTraceLoggerHandle	0x0	0x754110d8	0x1a6824	0x1a5c24
EtwGetTraceEnableFlags	0x0	0x754110dc	0x1a6828	0x1a5c28
EtwGetTraceEnableLevel	0x0	0x754110e0	0x1a682c	0x1a5c2c
RtlIsCriticalSectionLockedByThread	0x0	0x754110e4	0x1a6830	0x1a5c30
RtlInitUnicodeString	0x0	0x754110e8	0x1a6834	0x1a5c34
NtQueryLicenseValue	0x0	0x754110ec	0x1a6838	0x1a5c38
VerSetConditionMask	0x0	0x754110f0	0x1a683c	0x1a5c3c
EtwLogTraceEvent	0x0	0x754110f4	0x1a6840	0x1a5c40
WinSqmAddToStreamEx	0x0	0x754110f8	0x1a6844	0x1a5c44

API-MS-Win-Core-LocalRegistry-L1-1-0.dll (9)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
RegCloseKey	0x0	0x75411100	0x1a684c	0x1a5c4c
RegCreateKeyExA	0x0	0x75411104	0x1a6850	0x1a5c50
RegSetValueExA	0x0	0x75411108	0x1a6854	0x1a5c54
RegEnumKeyExA	0x0	0x7541110c	0x1a6858	0x1a5c58
RegQueryValueExA	0x0	0x75411110	0x1a685c	0x1a5c5c
RegDeleteValueA	0x0	0x75411114	0x1a6860	0x1a5c60
RegEnumValueA	0x0	0x75411118	0x1a6864	0x1a5c64
RegQueryInfoKeyA	0x0	0x7541111c	0x1a6868	0x1a5c68
RegOpenKeyExA	0x0	0x75411120	0x1a686c	0x1a5c6c

API-MS-Win-Security-Base-L1-1-0.dll (12)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
SetSecurityDescriptorDacl	0x0	0x75411128	0x1a6874	0x1a5c74
AddAccessAllowedAce	0x0	0x7541112c	0x1a6878	0x1a5c78
SetSecurityDescriptorSacl	0x0	0x75411130	0x1a687c	0x1a5c7c
SetKernelObjectSecurity	0x0	0x75411134	0x1a6880	0x1a5c80
IsValidSid	0x0	0x75411138	0x1a6884	0x1a5c84
GetLengthSid	0x0	0x7541113c	0x1a6888	0x1a5c88
InitializeAcl	0x0	0x75411140	0x1a688c	0x1a5c8c
AddMandatoryAce	0x0	0x75411144	0x1a6890	0x1a5c90
GetSidSubAuthority	0x0	0x75411148	0x1a6894	0x1a5c94
InitializeSid	0x0	0x7541114c	0x1a6898	0x1a5c98
GetSidLengthRequired	0x0	0x75411150	0x1a689c	0x1a5c9c
InitializeSecurityDescriptor	0x0	0x75411154	0x1a68a0	0x1a5ca0

API-MS-Win-Security-SDDL-L1-1-0.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
ConvertStringSecurityDescriptorToSecurityDescriptorW	0x0	0x7541115c	0x1a68a8	0x1a5ca8
ConvertStringSidToSidW	0x0	0x75411160	0x1a68ac	0x1a5cac

USER32.dll (64)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
UnionRect	0x0	0x75411168	0x1a68b4	0x1a5cb4
IsWindowUnicode	0x0	0x7541116c	0x1a68b8	0x1a5cb8
GetWindowLongW	0x0	0x75411170	0x1a68bc	0x1a5cbc
GetWindowLongA	0x0	0x75411174	0x1a68c0	0x1a5cc0
ClientToScreen	0x0	0x75411178	0x1a68c4	0x1a5cc4
SetRect	0x0	0x7541117c	0x1a68c8	0x1a5cc8
GetWindowInfo	0x0	0x75411180	0x1a68cc	0x1a5ccc
GetClientRect	0x0	0x75411184	0x1a68d0	0x1a5cd0
EnumDisplaySettingsA	0x0	0x75411188	0x1a68d4	0x1a5cd4
OffsetRect	0x0	0x7541118c	0x1a68d8	0x1a5cd8
GetSystemMetrics	0x0	0x75411190	0x1a68dc	0x1a5cdc
EnumDisplayMonitors	0x0	0x75411194	0x1a68e0	0x1a5ce0
GetDC	0x0	0x75411198	0x1a68e4	0x1a5ce4
ReleaseDC	0x0	0x7541119c	0x1a68e8	0x1a5ce8
EnumDisplayDevicesA	0x0	0x754111a0	0x1a68ec	0x1a5cec
SetWindowPos	0x0	0x754111a4	0x1a68f0	0x1a5cf0
SystemParametersInfoA	0x0	0x754111a8	0x1a68f4	0x1a5cf4
GetMonitorInfoA	0x0	0x754111ac	0x1a68f8	0x1a5cf8
IntersectRect	0x0	0x754111b0	0x1a68fc	0x1a5cfc
DefWindowProcA	0x0	0x754111b4	0x1a6900	0x1a5d00
SetForegroundWindow	0x0	0x754111b8	0x1a6904	0x1a5d04
SetTimer	0x0	0x754111bc	0x1a6908	0x1a5d08
IsZoomed	0x0	0x754111c0	0x1a690c	0x1a5d0c
ShowWindow	0x0	0x754111c4	0x1a6910	0x1a5d10
IsWindowVisible	0x0	0x754111c8	0x1a6914	0x1a5d14
GetForegroundWindow	0x0	0x754111cc	0x1a6918	0x1a5d18
CloseClipboard	0x0	0x754111d0	0x1a691c	0x1a5d1c
SetClipboardData	0x0	0x754111d4	0x1a6920	0x1a5d20
EmptyClipboard	0x0	0x754111d8	0x1a6924	0x1a5d24
OpenClipboard	0x0	0x754111dc	0x1a6928	0x1a5d28
PtInRect	0x0	0x754111e0	0x1a692c	0x1a5d2c
GetCursorPos	0x0	0x754111e4	0x1a6930	0x1a5d30
SetCursorPos	0x0	0x754111e8	0x1a6934	0x1a5d34
GetDesktopWindow	0x0	0x754111ec	0x1a6938	0x1a5d38
GetWindowDC	0x0	0x754111f0	0x1a693c	0x1a5d3c
CreateIconIndirect	0x0	0x754111f4	0x1a6940	0x1a5d40
GetWindowRect	0x0	0x754111f8	0x1a6944	0x1a5d44
GetCursor	0x0	0x754111fc	0x1a6948	0x1a5d48
SetCursor	0x0	0x75411200	0x1a694c	0x1a5d4c
DestroyIcon	0x0	0x75411204	0x1a6950	0x1a5d50
GetAncestor	0x0	0x75411208	0x1a6954	0x1a5d54
IsProcessDPIAware	0x0	0x7541120c	0x1a6958	0x1a5d58
mouse_event	0x0	0x75411210	0x1a695c	0x1a5d5c
GetWindowDisplayAffinity	0x0	0x75411214	0x1a6960	0x1a5d60
SetWindowDisplayAffinity	0x0	0x75411218	0x1a6964	0x1a5d64
OpenInputDesktop	0x0	0x7541121c	0x1a6968	0x1a5d68
GetUserObjectInformationA	0x0	0x75411220	0x1a696c	0x1a5d6c
CloseDesktop	0x0	0x75411224	0x1a6970	0x1a5d70
GetThreadDesktop	0x0	0x75411228	0x1a6974	0x1a5d74
RegisterHotKey	0x0	0x7541122c	0x1a6978	0x1a5d78
UnregisterHotKey	0x0	0x75411230	0x1a697c	0x1a5d7c
IsWindow	0x0	0x75411234	0x1a6980	0x1a5d80
KillTimer	0x0	0x75411238	0x1a6984	0x1a5d84
SetWindowLongW	0x0	0x7541123c	0x1a6988	0x1a5d88
CallWindowProcW	0x0	0x75411240	0x1a698c	0x1a5d8c
SetWindowLongA	0x0	0x75411244	0x1a6990	0x1a5d90
CallWindowProcA	0x0	0x75411248	0x1a6994	0x1a5d94
SendMessageA	0x0	0x7541124c	0x1a6998	0x1a5d98
IsIconic	0x0	0x75411250	0x1a699c	0x1a5d9c
PostMessageA	0x0	0x75411254	0x1a69a0	0x1a5da0
GetKeyState	0x0	0x75411258	0x1a69a4	0x1a5da4
SetRectEmpty	0x0	0x7541125c	0x1a69a8	0x1a5da8
SfmDxGetSwapChainStats	0x0	0x75411260	0x1a69ac	0x1a5dac
NotifyOverlayWindow	0x0	0x75411264	0x1a69b0	0x1a5db0

VERSION.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
GetFileVersionInfoA	0x0	0x7541126c	0x1a69b8	0x1a5db8
GetFileVersionInfoSizeA	0x0	0x75411270	0x1a69bc	0x1a5dbc
VerQueryValueA	0x0	0x75411274	0x1a69c0	0x1a5dc0

d3d8thk.dll (47)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
OsThunkD3dContextDestroyAll	0x0	0x7541127c	0x1a69c8	0x1a5dc8
OsThunkDdGetScanLine	0x0	0x75411280	0x1a69cc	0x1a5dcc
OsThunkDdUnlockD3D	0x0	0x75411284	0x1a69d0	0x1a5dd0
OsThunkDdUnlock	0x0	0x75411288	0x1a69d4	0x1a5dd4
OsThunkDdSetExclusiveMode	0x0	0x7541128c	0x1a69d8	0x1a5dd8
OsThunkDdFlipToGDISurface	0x0	0x75411290	0x1a69dc	0x1a5ddc
OsThunkDdGetMoCompGuids	0x0	0x75411294	0x1a69e0	0x1a5de0
OsThunkDdGetMoCompFormats	0x0	0x75411298	0x1a69e4	0x1a5de4
OsThunkDdGetInternalMoCompInfo	0x0	0x7541129c	0x1a69e8	0x1a5de8
OsThunkDdGetMoCompBuffInfo	0x0	0x754112a0	0x1a69ec	0x1a5dec
OsThunkDdCreateMoComp	0x0	0x754112a4	0x1a69f0	0x1a5df0
OsThunkDdDestroyMoComp	0x0	0x754112a8	0x1a69f4	0x1a5df4
OsThunkDdBeginMoCompFrame	0x0	0x754112ac	0x1a69f8	0x1a5df8
OsThunkDdEndMoCompFrame	0x0	0x754112b0	0x1a69fc	0x1a5dfc
OsThunkDdRenderMoComp	0x0	0x754112b4	0x1a6a00	0x1a5e00
OsThunkDdQueryMoCompStatus	0x0	0x754112b8	0x1a6a04	0x1a5e04
OsThunkDdDeleteDirectDrawObject	0x0	0x754112bc	0x1a6a08	0x1a5e08
OsThunkDdReleaseDC	0x0	0x754112c0	0x1a6a0c	0x1a5e0c
OsThunkDdReenableDirectDrawObject	0x0	0x754112c4	0x1a6a10	0x1a5e10
OsThunkDdDestroyD3DBuffer	0x0	0x754112c8	0x1a6a14	0x1a5e14
OsThunkDdDestroySurface	0x0	0x754112cc	0x1a6a18	0x1a5e18
OsThunkDdDeleteSurfaceObject	0x0	0x754112d0	0x1a6a1c	0x1a5e1c
OsThunkDdSetGammaRamp	0x0	0x754112d4	0x1a6a20	0x1a5e20
OsThunkDdCreateSurfaceEx	0x0	0x754112d8	0x1a6a24	0x1a5e24
OsThunkDdCreateSurface	0x0	0x754112dc	0x1a6a28	0x1a5e28
OsThunkDdCreateD3DBuffer	0x0	0x754112e0	0x1a6a2c	0x1a5e2c
OsThunkDdAttachSurface	0x0	0x754112e4	0x1a6a30	0x1a5e30
OsThunkDdCreateSurfaceObject	0x0	0x754112e8	0x1a6a34	0x1a5e34
OsThunkDdCanCreateSurface	0x0	0x754112ec	0x1a6a38	0x1a5e38
OsThunkDdCanCreateD3DBuffer	0x0	0x754112f0	0x1a6a3c	0x1a5e3c
OsThunkD3dContextCreate	0x0	0x754112f4	0x1a6a40	0x1a5e40
OsThunkD3dContextDestroy	0x0	0x754112f8	0x1a6a44	0x1a5e44
OsThunkDdGetDriverState	0x0	0x754112fc	0x1a6a48	0x1a5e48
OsThunkD3dValidateTextureStageState	0x0	0x75411300	0x1a6a4c	0x1a5e4c
OsThunkD3dDrawPrimitives2	0x0	0x75411304	0x1a6a50	0x1a5e50
OsThunkDdResetVisrgn	0x0	0x75411308	0x1a6a54	0x1a5e54
OsThunkDdLockD3D	0x0	0x7541130c	0x1a6a58	0x1a5e58
OsThunkDdLock	0x0	0x75411310	0x1a6a5c	0x1a5e5c
OsThunkDdGetBltStatus	0x0	0x75411314	0x1a6a60	0x1a5e60
OsThunkDdQueryDirectDrawObject	0x0	0x75411318	0x1a6a64	0x1a5e64
OsThunkDdBlt	0x0	0x7541131c	0x1a6a68	0x1a5e68
OsThunkDdGetDC	0x0	0x75411320	0x1a6a6c	0x1a5e6c
OsThunkDdGetDriverInfo	0x0	0x75411324	0x1a6a70	0x1a5e70
OsThunkDdGetAvailDriverMemory	0x0	0x75411328	0x1a6a74	0x1a5e74
OsThunkDdWaitForVerticalBlank	0x0	0x7541132c	0x1a6a78	0x1a5e78
OsThunkDdGetFlipStatus	0x0	0x75411330	0x1a6a7c	0x1a5e7c
OsThunkDdFlip	0x0	0x75411334	0x1a6a80	0x1a5e80

GDI32.dll (79)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
D3DKMTSignalSynchronizationObject2	0x0	0x7541133c	0x1a6a88	0x1a5e88
D3DKMTGetRuntimeData	0x0	0x75411340	0x1a6a8c	0x1a5e8c
D3DKMTQueryAdapterInfo	0x0	0x75411344	0x1a6a90	0x1a5e90
D3DKMTLock	0x0	0x75411348	0x1a6a94	0x1a5e94
D3DKMTUnlock	0x0	0x7541134c	0x1a6a98	0x1a5e98
D3DKMTGetDisplayModeList	0x0	0x75411350	0x1a6a9c	0x1a5e9c
D3DKMTSetDisplayMode	0x0	0x75411354	0x1a6aa0	0x1a5ea0
D3DKMTGetMultisampleMethodList	0x0	0x75411358	0x1a6aa4	0x1a5ea4
D3DKMTSignalSynchronizationObject	0x0	0x7541135c	0x1a6aa8	0x1a5ea8
D3DKMTRender	0x0	0x75411360	0x1a6aac	0x1a5eac
D3DKMTOpenAdapterFromDeviceName	0x0	0x75411364	0x1a6ab0	0x1a5eb0
D3DKMTCloseAdapter	0x0	0x75411368	0x1a6ab4	0x1a5eb4
D3DKMTGetSharedPrimaryHandle	0x0	0x7541136c	0x1a6ab8	0x1a5eb8
D3DKMTEscape	0x0	0x75411370	0x1a6abc	0x1a5ebc
D3DKMTSetVidPnSourceOwner	0x0	0x75411374	0x1a6ac0	0x1a5ec0
D3DKMTWaitForVerticalBlankEvent	0x0	0x75411378	0x1a6ac4	0x1a5ec4
D3DKMTSetGammaRamp	0x0	0x7541137c	0x1a6ac8	0x1a5ec8
D3DKMTGetDeviceState	0x0	0x75411380	0x1a6acc	0x1a5ecc
D3DKMTCreateDCFromMemory	0x0	0x75411384	0x1a6ad0	0x1a5ed0
D3DKMTDestroyDCFromMemory	0x0	0x75411388	0x1a6ad4	0x1a5ed4
D3DKMTSetContextSchedulingPriority	0x0	0x7541138c	0x1a6ad8	0x1a5ed8
D3DKMTWaitForSynchronizationObject2	0x0	0x75411390	0x1a6adc	0x1a5edc
D3DKMTWaitForSynchronizationObject	0x0	0x75411394	0x1a6ae0	0x1a5ee0
D3DKMTDestroySynchronizationObject	0x0	0x75411398	0x1a6ae4	0x1a5ee4
D3DKMTCreateSynchronizationObject2	0x0	0x7541139c	0x1a6ae8	0x1a5ee8
D3DKMTCreateSynchronizationObject	0x0	0x754113a0	0x1a6aec	0x1a5eec
D3DKMTDestroyContext	0x0	0x754113a4	0x1a6af0	0x1a5ef0
D3DKMTCreateContext	0x0	0x754113a8	0x1a6af4	0x1a5ef4
D3DKMTDestroyDevice	0x0	0x754113ac	0x1a6af8	0x1a5ef8
D3DKMTCreateDevice	0x0	0x754113b0	0x1a6afc	0x1a5efc
D3DKMTQueryAllocationResidency	0x0	0x754113b4	0x1a6b00	0x1a5f00
D3DKMTSetAllocationPriority	0x0	0x754113b8	0x1a6b04	0x1a5f04
D3DKMTDestroyAllocation	0x0	0x754113bc	0x1a6b08	0x1a5f08
D3DKMTOpenResource2	0x0	0x754113c0	0x1a6b0c	0x1a5f0c
D3DKMTOpenResource	0x0	0x754113c4	0x1a6b10	0x1a5f10
D3DKMTQueryResourceInfo	0x0	0x754113c8	0x1a6b14	0x1a5f14
D3DKMTCreateAllocation2	0x0	0x754113cc	0x1a6b18	0x1a5f18
D3DKMTCreateAllocation	0x0	0x754113d0	0x1a6b1c	0x1a5f1c
D3DKMTOpenAdapterFromHdc	0x0	0x754113d4	0x1a6b20	0x1a5f20
GetSystemPaletteEntries	0x0	0x754113d8	0x1a6b24	0x1a5f24
CreateDIBitmap	0x0	0x754113dc	0x1a6b28	0x1a5f28
D3DKMTPresent	0x0	0x754113e0	0x1a6b2c	0x1a5f2c
CreateRectRgn	0x0	0x754113e4	0x1a6b30	0x1a5f30
D3DKMTGetContextSchedulingPriority	0x0	0x754113e8	0x1a6b34	0x1a5f34
D3DKMTGetScanLine	0x0	0x754113ec	0x1a6b38	0x1a5f38
D3DKMTSetQueuedLimit	0x0	0x754113f0	0x1a6b3c	0x1a5f3c
D3DKMTCheckOcclusion	0x0	0x754113f4	0x1a6b40	0x1a5f40
D3DKMTCheckMonitorPowerState	0x0	0x754113f8	0x1a6b44	0x1a5f44
D3DKMTCheckExclusiveOwnership	0x0	0x754113fc	0x1a6b48	0x1a5f48
D3DKMTSetDisplayPrivateDriverFormat	0x0	0x75411400	0x1a6b4c	0x1a5f4c
D3DKMTSharedPrimaryLockNotification	0x0	0x75411404	0x1a6b50	0x1a5f50
D3DKMTSharedPrimaryUnLockNotification	0x0	0x75411408	0x1a6b54	0x1a5f54
D3DKMTReleaseProcessVidPnSourceOwners	0x0	0x7541140c	0x1a6b58	0x1a5f58
D3DKMTCreateOverlay	0x0	0x75411410	0x1a6b5c	0x1a5f5c
D3DKMTUpdateOverlay	0x0	0x75411414	0x1a6b60	0x1a5f60
D3DKMTFlipOverlay	0x0	0x75411418	0x1a6b64	0x1a5f64
D3DKMTDestroyOverlay	0x0	0x7541141c	0x1a6b68	0x1a5f68
D3DKMTConfigureSharedResource	0x0	0x75411420	0x1a6b6c	0x1a5f6c
D3DKMTQueryStatistics	0x0	0x75411424	0x1a6b70	0x1a5f70
D3DKMTGetOverlayState	0x0	0x75411428	0x1a6b74	0x1a5f74
SetLayout	0x0	0x7541142c	0x1a6b78	0x1a5f78
SetStretchBltMode	0x0	0x75411430	0x1a6b7c	0x1a5f7c
StretchBlt	0x0	0x75411434	0x1a6b80	0x1a5f80
CreateCompatibleDC	0x0	0x75411438	0x1a6b84	0x1a5f84
CreateDIBSection	0x0	0x7541143c	0x1a6b88	0x1a5f88
SelectObject	0x0	0x75411440	0x1a6b8c	0x1a5f8c
GetDeviceGammaRamp	0x0	0x75411444	0x1a6b90	0x1a5f90
GdiEntry1	0x0	0x75411448	0x1a6b94	0x1a5f94
GdiEntry13	0x0	0x7541144c	0x1a6b98	0x1a5f98
CreateCompatibleBitmap	0x0	0x75411450	0x1a6b9c	0x1a5f9c
GetDIBits	0x0	0x75411454	0x1a6ba0	0x1a5fa0
GetRandomRgn	0x0	0x75411458	0x1a6ba4	0x1a5fa4
DeleteObject	0x0	0x7541145c	0x1a6ba8	0x1a5fa8
GetRegionData	0x0	0x75411460	0x1a6bac	0x1a5fac
CreateDCA	0x0	0x75411464	0x1a6bb0	0x1a5fb0
GetNearestColor	0x0	0x75411468	0x1a6bb4	0x1a5fb4
GetDeviceCaps	0x0	0x7541146c	0x1a6bb8	0x1a5fb8
DeleteDC	0x0	0x75411470	0x1a6bbc	0x1a5fbc
BitBlt	0x0	0x75411474	0x1a6bc0	0x1a5fc0

KERNEL32.dll (92)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
GetProcessAffinityMask	0x0	0x7541147c	0x1a6bc8	0x1a5fc8
ReleaseMutex	0x0	0x75411480	0x1a6bcc	0x1a5fcc
WaitForSingleObject	0x0	0x75411484	0x1a6bd0	0x1a5fd0
InterlockedIncrement	0x0	0x75411488	0x1a6bd4	0x1a5fd4
GetCurrentThreadId	0x0	0x7541148c	0x1a6bd8	0x1a5fd8
DeleteCriticalSection	0x0	0x75411490	0x1a6bdc	0x1a5fdc
InitializeCriticalSection	0x0	0x75411494	0x1a6be0	0x1a5fe0
EnterCriticalSection	0x0	0x75411498	0x1a6be4	0x1a5fe4
LeaveCriticalSection	0x0	0x7541149c	0x1a6be8	0x1a5fe8
FreeLibrary	0x0	0x754114a0	0x1a6bec	0x1a5fec
GetProcAddress	0x0	0x754114a4	0x1a6bf0	0x1a5ff0
LoadLibraryA	0x0	0x754114a8	0x1a6bf4	0x1a5ff4
InterlockedExchange	0x0	0x754114ac	0x1a6bf8	0x1a5ff8
SetErrorMode	0x0	0x754114b0	0x1a6bfc	0x1a5ffc
InterlockedDecrement	0x0	0x754114b4	0x1a6c00	0x1a6000
OutputDebugStringA	0x0	0x754114b8	0x1a6c04	0x1a6004
GetNativeSystemInfo	0x0	0x754114bc	0x1a6c08	0x1a6008
GetModuleFileNameA	0x0	0x754114c0	0x1a6c0c	0x1a600c
FreeLibraryAndExitThread	0x0	0x754114c4	0x1a6c10	0x1a6010
CloseHandle	0x0	0x754114c8	0x1a6c14	0x1a6014
DisableThreadLibraryCalls	0x0	0x754114cc	0x1a6c18	0x1a6018
GetCurrentProcessId	0x0	0x754114d0	0x1a6c1c	0x1a601c
LocalFree	0x0	0x754114d4	0x1a6c20	0x1a6020
CreateEventExA	0x0	0x754114d8	0x1a6c24	0x1a6024
CreateSemaphoreExA	0x0	0x754114dc	0x1a6c28	0x1a6028
HeapAlloc	0x0	0x754114e0	0x1a6c2c	0x1a602c
HeapFree	0x0	0x754114e4	0x1a6c30	0x1a6030
HeapCreate	0x0	0x754114e8	0x1a6c34	0x1a6034
HeapDestroy	0x0	0x754114ec	0x1a6c38	0x1a6038
VerifyVersionInfoA	0x0	0x754114f0	0x1a6c3c	0x1a603c
GetCurrentThread	0x0	0x754114f4	0x1a6c40	0x1a6040
SetThreadAffinityMask	0x0	0x754114f8	0x1a6c44	0x1a6044
SetThreadPriority	0x0	0x754114fc	0x1a6c48	0x1a6048
ResumeThread	0x0	0x75411500	0x1a6c4c	0x1a604c
SetThreadIdealProcessor	0x0	0x75411504	0x1a6c50	0x1a6050
GetEnvironmentVariableA	0x0	0x75411508	0x1a6c54	0x1a6054
TlsAlloc	0x0	0x7541150c	0x1a6c58	0x1a6058
TlsGetValue	0x0	0x75411510	0x1a6c5c	0x1a605c
TlsSetValue	0x0	0x75411514	0x1a6c60	0x1a6060
lstrlenA	0x0	0x75411518	0x1a6c64	0x1a6064
VirtualProtect	0x0	0x7541151c	0x1a6c68	0x1a6068
GetSystemInfo	0x0	0x75411520	0x1a6c6c	0x1a606c
VirtualAlloc	0x0	0x75411524	0x1a6c70	0x1a6070
VirtualFree	0x0	0x75411528	0x1a6c74	0x1a6074
WaitForMultipleObjects	0x0	0x7541152c	0x1a6c78	0x1a6078
CreateEventA	0x0	0x75411530	0x1a6c7c	0x1a607c
CreateThread	0x0	0x75411534	0x1a6c80	0x1a6080
SetEvent	0x0	0x75411538	0x1a6c84	0x1a6084
GetLogicalProcessorInformation	0x0	0x7541153c	0x1a6c88	0x1a6088
GetVersionExA	0x0	0x75411540	0x1a6c8c	0x1a608c
MultiByteToWideChar	0x0	0x75411544	0x1a6c90	0x1a6090
IsProcessorFeaturePresent	0x0	0x75411548	0x1a6c94	0x1a6094
GetFileSize	0x0	0x7541154c	0x1a6c98	0x1a6098
SetUnhandledExceptionFilter	0x0	0x75411550	0x1a6c9c	0x1a609c
UnhandledExceptionFilter	0x0	0x75411554	0x1a6ca0	0x1a60a0
TerminateProcess	0x0	0x75411558	0x1a6ca4	0x1a60a4
GetSystemTimeAsFileTime	0x0	0x7541155c	0x1a6ca8	0x1a60a8
CreateNamedPipeA	0x0	0x75411560	0x1a6cac	0x1a60ac
CreateFileA	0x0	0x75411564	0x1a6cb0	0x1a60b0
WaitNamedPipeA	0x0	0x75411568	0x1a6cb4	0x1a60b4
TransactNamedPipe	0x0	0x7541156c	0x1a6cb8	0x1a60b8
GetPrivateProfileStringA	0x0	0x75411570	0x1a6cbc	0x1a60bc
PeekNamedPipe	0x0	0x75411574	0x1a6cc0	0x1a60c0
WriteFile	0x0	0x75411578	0x1a6cc4	0x1a60c4
ReadFile	0x0	0x7541157c	0x1a6cc8	0x1a60c8
FlushFileBuffers	0x0	0x75411580	0x1a6ccc	0x1a60cc
DisconnectNamedPipe	0x0	0x75411584	0x1a6cd0	0x1a60d0
SetNamedPipeHandleState	0x0	0x75411588	0x1a6cd4	0x1a60d4
ConnectNamedPipe	0x0	0x7541158c	0x1a6cd8	0x1a60d8
CreateMutexW	0x0	0x75411590	0x1a6cdc	0x1a60dc
OpenMutexW	0x0	0x75411594	0x1a6ce0	0x1a60e0
GetProcessHeap	0x0	0x75411598	0x1a6ce4	0x1a60e4
ResetEvent	0x0	0x7541159c	0x1a6ce8	0x1a60e8
GlobalAddAtomA	0x0	0x754115a0	0x1a6cec	0x1a60ec
lstrcmpA	0x0	0x754115a4	0x1a6cf0	0x1a60f0
CreateSemaphoreA	0x0	0x754115a8	0x1a6cf4	0x1a60f4
LoadLibraryW	0x0	0x754115ac	0x1a6cf8	0x1a60f8
GetSystemTime	0x0	0x754115b0	0x1a6cfc	0x1a60fc
ReleaseSemaphore	0x0	0x754115b4	0x1a6d00	0x1a6100
GetProcessId	0x0	0x754115b8	0x1a6d04	0x1a6104
LocalAlloc	0x0	0x754115bc	0x1a6d08	0x1a6108
GetTickCount	0x0	0x754115c0	0x1a6d0c	0x1a610c
QueryPerformanceCounter	0x0	0x754115c4	0x1a6d10	0x1a6110
QueryPerformanceFrequency	0x0	0x754115c8	0x1a6d14	0x1a6114
Sleep	0x0	0x754115cc	0x1a6d18	0x1a6118
InterlockedCompareExchange	0x0	0x754115d0	0x1a6d1c	0x1a611c
GetModuleHandleA	0x0	0x754115d4	0x1a6d20	0x1a6120
DebugBreak	0x0	0x754115d8	0x1a6d24	0x1a6124
GetCurrentProcess	0x0	0x754115dc	0x1a6d28	0x1a6128
OutputDebugStringW	0x0	0x754115e0	0x1a6d2c	0x1a612c
WideCharToMultiByte	0x0	0x754115e4	0x1a6d30	0x1a6130
GetLastError	0x0	0x754115e8	0x1a6d34	0x1a6134

dwmapi.dll (7)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
(by ordinal)	0x7e	0x754115f0	0x1a6d3c	0x1a613c
(by ordinal)	0x7d	0x754115f4	0x1a6d40	0x1a6140
(by ordinal)	0x64	0x754115f8	0x1a6d44	0x1a6144
(by ordinal)	0x65	0x754115fc	0x1a6d48	0x1a6148
(by ordinal)	0x80	0x75411600	0x1a6d4c	0x1a614c
(by ordinal)	0x81	0x75411604	0x1a6d50	0x1a6150
(by ordinal)	0x82	0x75411608	0x1a6d54	0x1a6154

Exports (14)

Api name	EAT Address	Ordinal
D3DPERF_BeginEvent	0x754b71db	0x4
D3DPERF_EndEvent	0x754b7249	0x5
D3DPERF_GetStatus	0x754b746d	0x6
D3DPERF_QueryRepeatFrame	0x754b738d	0x7
D3DPERF_SetMarker	0x754b72b5	0x8
D3DPERF_SetOptions	0x754b7402	0x9
D3DPERF_SetRegion	0x754b7321	0xa
DebugSetLevel	0x754b88b1	0xb
DebugSetMute	0x754466c6	0xc
Direct3DCreate9	0x75470a62	0xd
Direct3DCreate9Ex	0x7541ccd5	0xe
Direct3DShaderValidatorCreate9	0x7544f5af	0x1
PSGPError	0x754ad77b	0x2
PSGPSampleTexture	0x754ad709	0x3

c:\users\hjrd1k~1\appdata\local\temp\8055.tmp, ...

File Properties
Names	c:\users\hjrd1k~1\appdata\local\temp\8055.tmp (Created File) c:\users\hjrd1k~1\appdata\local\temp\8361.tmp (Created File) c:\users\hjrd1k~1\appdata\local\temp\90d9.tmp (Created File)
Size	1.75 MB (1832448 bytes)
Hash Values	MD5: 511e8601a8e32a68f6ae78d52ab6ed48 SHA1: 474db26020869f581a8c4fd562ef4c1d8c33406f SHA256: c42ea6b812750bc54771d4ed044f654536a657db4dfebba6f0c2b6863f779a4a
Actions	Actions Download

PE Information

File Properties
Image Base	0x75410000
Entry Point	0x75411a45
Size Of Code	0x1a7c00
Size Of Initialized Data	0x18a00
Size Of Uninitialized Data	0x0
Format	x86
Type	Dll
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2010-11-20 12:57:39
Compiler/Packer	Unknown

Sections (5)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x75411000	0x1a7ba5	0x1a7c00	0x400	CNT_CODE, MEM_EXECUTE, MEM_READ	6.75
.data	0x755b9000	0x996c	0x7600	0x1a8000	CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE	2.72
.rsrc	0x755c3000	0x3f0	0x400	0x1af600	CNT_INITIALIZED_DATA, MEM_READ	3.36
.reloc	0x755c4000	0xea3c	0xec00	0x1afa00	CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ	6.69
	0x755d3000	0x1000	0x26d	0x1be600	CNT_CODE, MEM_EXECUTE, MEM_READ	4.84

Imports (377)

msvcrt.dll (50)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
_aligned_realloc	0x0	0x75411000	0x1a674c	0x1a5b4c
memchr	0x0	0x75411004	0x1a6750	0x1a5b50
_strdup	0x0	0x75411008	0x1a6754	0x1a5b54
strtoul	0x0	0x7541100c	0x1a6758	0x1a5b58
??0exception@@QAE@ABQBD@Z	0x0	0x75411010	0x1a675c	0x1a5b5c
_lock	0x0	0x75411014	0x1a6760	0x1a5b60
__dllonexit	0x0	0x75411018	0x1a6764	0x1a5b64
_unlock	0x0	0x7541101c	0x1a6768	0x1a5b68
_except_handler4_common	0x0	0x75411020	0x1a676c	0x1a5b6c
??1type_info@@UAE@XZ	0x0	0x75411024	0x1a6770	0x1a5b70
memmove_s	0x0	0x75411028	0x1a6774	0x1a5b74
memcpy_s	0x0	0x7541102c	0x1a6778	0x1a5b78
??0exception@@QAE@ABV0@@Z	0x0	0x75411030	0x1a677c	0x1a5b7c
floor	0x0	0x75411034	0x1a6780	0x1a5b80
??1exception@@UAE@XZ	0x0	0x75411038	0x1a6784	0x1a5b84
?what@exception@@UBEPBDXZ	0x0	0x7541103c	0x1a6788	0x1a5b88
??0exception@@QAE@XZ	0x0	0x75411040	0x1a678c	0x1a5b8c
_onexit	0x0	0x75411044	0x1a6790	0x1a5b90
_CIexp	0x0	0x75411048	0x1a6794	0x1a5b94
qsort	0x0	0x7541104c	0x1a6798	0x1a5b98
_aligned_free	0x0	0x75411050	0x1a679c	0x1a5b9c
_CIcos	0x0	0x75411054	0x1a67a0	0x1a5ba0
__CxxFrameHandler3	0x0	0x75411058	0x1a67a4	0x1a5ba4
memcpy	0x0	0x7541105c	0x1a67a8	0x1a5ba8
_amsg_exit	0x0	0x75411060	0x1a67ac	0x1a5bac
_initterm	0x0	0x75411064	0x1a67b0	0x1a5bb0
_XcptFilter	0x0	0x75411068	0x1a67b4	0x1a5bb4
realloc	0x0	0x7541106c	0x1a67b8	0x1a5bb8
free	0x0	0x75411070	0x1a67bc	0x1a5bbc
malloc	0x0	0x75411074	0x1a67c0	0x1a5bc0
_CIlog10	0x0	0x75411078	0x1a67c4	0x1a5bc4
strstr	0x0	0x7541107c	0x1a67c8	0x1a5bc8
isalnum	0x0	0x75411080	0x1a67cc	0x1a5bcc
sscanf	0x0	0x75411084	0x1a67d0	0x1a5bd0
strrchr	0x0	0x75411088	0x1a67d4	0x1a5bd4
_purecall	0x0	0x7541108c	0x1a67d8	0x1a5bd8
ceil	0x0	0x75411090	0x1a67dc	0x1a5bdc
_stricmp	0x0	0x75411094	0x1a67e0	0x1a5be0
memmove	0x0	0x75411098	0x1a67e4	0x1a5be4
_vsnprintf	0x0	0x7541109c	0x1a67e8	0x1a5be8
_ftol2_sse	0x0	0x754110a0	0x1a67ec	0x1a5bec
memset	0x0	0x754110a4	0x1a67f0	0x1a5bf0
_CIsqrt	0x0	0x754110a8	0x1a67f4	0x1a5bf4
_CIsin	0x0	0x754110ac	0x1a67f8	0x1a5bf8
_CIpow	0x0	0x754110b0	0x1a67fc	0x1a5bfc
_CIlog	0x0	0x754110b4	0x1a6800	0x1a5c00
_CxxThrowException	0x0	0x754110b8	0x1a6804	0x1a5c04
?terminate@@YAXXZ	0x0	0x754110bc	0x1a6808	0x1a5c08
_aligned_malloc	0x0	0x754110c0	0x1a680c	0x1a5c0c
atoi	0x0	0x754110c4	0x1a6810	0x1a5c10

ntdll.dll (12)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
WinSqmIsOptedIn	0x0	0x754110cc	0x1a6818	0x1a5c18
EtwUnregisterTraceGuids	0x0	0x754110d0	0x1a681c	0x1a5c1c
EtwRegisterTraceGuidsA	0x0	0x754110d4	0x1a6820	0x1a5c20
EtwGetTraceLoggerHandle	0x0	0x754110d8	0x1a6824	0x1a5c24
EtwGetTraceEnableFlags	0x0	0x754110dc	0x1a6828	0x1a5c28
EtwGetTraceEnableLevel	0x0	0x754110e0	0x1a682c	0x1a5c2c
RtlIsCriticalSectionLockedByThread	0x0	0x754110e4	0x1a6830	0x1a5c30
RtlInitUnicodeString	0x0	0x754110e8	0x1a6834	0x1a5c34
NtQueryLicenseValue	0x0	0x754110ec	0x1a6838	0x1a5c38
VerSetConditionMask	0x0	0x754110f0	0x1a683c	0x1a5c3c
EtwLogTraceEvent	0x0	0x754110f4	0x1a6840	0x1a5c40
WinSqmAddToStreamEx	0x0	0x754110f8	0x1a6844	0x1a5c44

API-MS-Win-Core-LocalRegistry-L1-1-0.dll (9)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
RegCloseKey	0x0	0x75411100	0x1a684c	0x1a5c4c
RegCreateKeyExA	0x0	0x75411104	0x1a6850	0x1a5c50
RegSetValueExA	0x0	0x75411108	0x1a6854	0x1a5c54
RegEnumKeyExA	0x0	0x7541110c	0x1a6858	0x1a5c58
RegQueryValueExA	0x0	0x75411110	0x1a685c	0x1a5c5c
RegDeleteValueA	0x0	0x75411114	0x1a6860	0x1a5c60
RegEnumValueA	0x0	0x75411118	0x1a6864	0x1a5c64
RegQueryInfoKeyA	0x0	0x7541111c	0x1a6868	0x1a5c68
RegOpenKeyExA	0x0	0x75411120	0x1a686c	0x1a5c6c

API-MS-Win-Security-Base-L1-1-0.dll (12)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
SetSecurityDescriptorDacl	0x0	0x75411128	0x1a6874	0x1a5c74
AddAccessAllowedAce	0x0	0x7541112c	0x1a6878	0x1a5c78
SetSecurityDescriptorSacl	0x0	0x75411130	0x1a687c	0x1a5c7c
SetKernelObjectSecurity	0x0	0x75411134	0x1a6880	0x1a5c80
IsValidSid	0x0	0x75411138	0x1a6884	0x1a5c84
GetLengthSid	0x0	0x7541113c	0x1a6888	0x1a5c88
InitializeAcl	0x0	0x75411140	0x1a688c	0x1a5c8c
AddMandatoryAce	0x0	0x75411144	0x1a6890	0x1a5c90
GetSidSubAuthority	0x0	0x75411148	0x1a6894	0x1a5c94
InitializeSid	0x0	0x7541114c	0x1a6898	0x1a5c98
GetSidLengthRequired	0x0	0x75411150	0x1a689c	0x1a5c9c
InitializeSecurityDescriptor	0x0	0x75411154	0x1a68a0	0x1a5ca0

API-MS-Win-Security-SDDL-L1-1-0.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
ConvertStringSecurityDescriptorToSecurityDescriptorW	0x0	0x7541115c	0x1a68a8	0x1a5ca8
ConvertStringSidToSidW	0x0	0x75411160	0x1a68ac	0x1a5cac

USER32.dll (64)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
UnionRect	0x0	0x75411168	0x1a68b4	0x1a5cb4
IsWindowUnicode	0x0	0x7541116c	0x1a68b8	0x1a5cb8
GetWindowLongW	0x0	0x75411170	0x1a68bc	0x1a5cbc
GetWindowLongA	0x0	0x75411174	0x1a68c0	0x1a5cc0
ClientToScreen	0x0	0x75411178	0x1a68c4	0x1a5cc4
SetRect	0x0	0x7541117c	0x1a68c8	0x1a5cc8
GetWindowInfo	0x0	0x75411180	0x1a68cc	0x1a5ccc
GetClientRect	0x0	0x75411184	0x1a68d0	0x1a5cd0
EnumDisplaySettingsA	0x0	0x75411188	0x1a68d4	0x1a5cd4
OffsetRect	0x0	0x7541118c	0x1a68d8	0x1a5cd8
GetSystemMetrics	0x0	0x75411190	0x1a68dc	0x1a5cdc
EnumDisplayMonitors	0x0	0x75411194	0x1a68e0	0x1a5ce0
GetDC	0x0	0x75411198	0x1a68e4	0x1a5ce4
ReleaseDC	0x0	0x7541119c	0x1a68e8	0x1a5ce8
EnumDisplayDevicesA	0x0	0x754111a0	0x1a68ec	0x1a5cec
SetWindowPos	0x0	0x754111a4	0x1a68f0	0x1a5cf0
SystemParametersInfoA	0x0	0x754111a8	0x1a68f4	0x1a5cf4
GetMonitorInfoA	0x0	0x754111ac	0x1a68f8	0x1a5cf8
IntersectRect	0x0	0x754111b0	0x1a68fc	0x1a5cfc
DefWindowProcA	0x0	0x754111b4	0x1a6900	0x1a5d00
SetForegroundWindow	0x0	0x754111b8	0x1a6904	0x1a5d04
SetTimer	0x0	0x754111bc	0x1a6908	0x1a5d08
IsZoomed	0x0	0x754111c0	0x1a690c	0x1a5d0c
ShowWindow	0x0	0x754111c4	0x1a6910	0x1a5d10
IsWindowVisible	0x0	0x754111c8	0x1a6914	0x1a5d14
GetForegroundWindow	0x0	0x754111cc	0x1a6918	0x1a5d18
CloseClipboard	0x0	0x754111d0	0x1a691c	0x1a5d1c
SetClipboardData	0x0	0x754111d4	0x1a6920	0x1a5d20
EmptyClipboard	0x0	0x754111d8	0x1a6924	0x1a5d24
OpenClipboard	0x0	0x754111dc	0x1a6928	0x1a5d28
PtInRect	0x0	0x754111e0	0x1a692c	0x1a5d2c
GetCursorPos	0x0	0x754111e4	0x1a6930	0x1a5d30
SetCursorPos	0x0	0x754111e8	0x1a6934	0x1a5d34
GetDesktopWindow	0x0	0x754111ec	0x1a6938	0x1a5d38
GetWindowDC	0x0	0x754111f0	0x1a693c	0x1a5d3c
CreateIconIndirect	0x0	0x754111f4	0x1a6940	0x1a5d40
GetWindowRect	0x0	0x754111f8	0x1a6944	0x1a5d44
GetCursor	0x0	0x754111fc	0x1a6948	0x1a5d48
SetCursor	0x0	0x75411200	0x1a694c	0x1a5d4c
DestroyIcon	0x0	0x75411204	0x1a6950	0x1a5d50
GetAncestor	0x0	0x75411208	0x1a6954	0x1a5d54
IsProcessDPIAware	0x0	0x7541120c	0x1a6958	0x1a5d58
mouse_event	0x0	0x75411210	0x1a695c	0x1a5d5c
GetWindowDisplayAffinity	0x0	0x75411214	0x1a6960	0x1a5d60
SetWindowDisplayAffinity	0x0	0x75411218	0x1a6964	0x1a5d64
OpenInputDesktop	0x0	0x7541121c	0x1a6968	0x1a5d68
GetUserObjectInformationA	0x0	0x75411220	0x1a696c	0x1a5d6c
CloseDesktop	0x0	0x75411224	0x1a6970	0x1a5d70
GetThreadDesktop	0x0	0x75411228	0x1a6974	0x1a5d74
RegisterHotKey	0x0	0x7541122c	0x1a6978	0x1a5d78
UnregisterHotKey	0x0	0x75411230	0x1a697c	0x1a5d7c
IsWindow	0x0	0x75411234	0x1a6980	0x1a5d80
KillTimer	0x0	0x75411238	0x1a6984	0x1a5d84
SetWindowLongW	0x0	0x7541123c	0x1a6988	0x1a5d88
CallWindowProcW	0x0	0x75411240	0x1a698c	0x1a5d8c
SetWindowLongA	0x0	0x75411244	0x1a6990	0x1a5d90
CallWindowProcA	0x0	0x75411248	0x1a6994	0x1a5d94
SendMessageA	0x0	0x7541124c	0x1a6998	0x1a5d98
IsIconic	0x0	0x75411250	0x1a699c	0x1a5d9c
PostMessageA	0x0	0x75411254	0x1a69a0	0x1a5da0
GetKeyState	0x0	0x75411258	0x1a69a4	0x1a5da4
SetRectEmpty	0x0	0x7541125c	0x1a69a8	0x1a5da8
SfmDxGetSwapChainStats	0x0	0x75411260	0x1a69ac	0x1a5dac
NotifyOverlayWindow	0x0	0x75411264	0x1a69b0	0x1a5db0

VERSION.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
GetFileVersionInfoA	0x0	0x7541126c	0x1a69b8	0x1a5db8
GetFileVersionInfoSizeA	0x0	0x75411270	0x1a69bc	0x1a5dbc
VerQueryValueA	0x0	0x75411274	0x1a69c0	0x1a5dc0

d3d8thk.dll (47)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
OsThunkD3dContextDestroyAll	0x0	0x7541127c	0x1a69c8	0x1a5dc8
OsThunkDdGetScanLine	0x0	0x75411280	0x1a69cc	0x1a5dcc
OsThunkDdUnlockD3D	0x0	0x75411284	0x1a69d0	0x1a5dd0
OsThunkDdUnlock	0x0	0x75411288	0x1a69d4	0x1a5dd4
OsThunkDdSetExclusiveMode	0x0	0x7541128c	0x1a69d8	0x1a5dd8
OsThunkDdFlipToGDISurface	0x0	0x75411290	0x1a69dc	0x1a5ddc
OsThunkDdGetMoCompGuids	0x0	0x75411294	0x1a69e0	0x1a5de0
OsThunkDdGetMoCompFormats	0x0	0x75411298	0x1a69e4	0x1a5de4
OsThunkDdGetInternalMoCompInfo	0x0	0x7541129c	0x1a69e8	0x1a5de8
OsThunkDdGetMoCompBuffInfo	0x0	0x754112a0	0x1a69ec	0x1a5dec
OsThunkDdCreateMoComp	0x0	0x754112a4	0x1a69f0	0x1a5df0
OsThunkDdDestroyMoComp	0x0	0x754112a8	0x1a69f4	0x1a5df4
OsThunkDdBeginMoCompFrame	0x0	0x754112ac	0x1a69f8	0x1a5df8
OsThunkDdEndMoCompFrame	0x0	0x754112b0	0x1a69fc	0x1a5dfc
OsThunkDdRenderMoComp	0x0	0x754112b4	0x1a6a00	0x1a5e00
OsThunkDdQueryMoCompStatus	0x0	0x754112b8	0x1a6a04	0x1a5e04
OsThunkDdDeleteDirectDrawObject	0x0	0x754112bc	0x1a6a08	0x1a5e08
OsThunkDdReleaseDC	0x0	0x754112c0	0x1a6a0c	0x1a5e0c
OsThunkDdReenableDirectDrawObject	0x0	0x754112c4	0x1a6a10	0x1a5e10
OsThunkDdDestroyD3DBuffer	0x0	0x754112c8	0x1a6a14	0x1a5e14
OsThunkDdDestroySurface	0x0	0x754112cc	0x1a6a18	0x1a5e18
OsThunkDdDeleteSurfaceObject	0x0	0x754112d0	0x1a6a1c	0x1a5e1c
OsThunkDdSetGammaRamp	0x0	0x754112d4	0x1a6a20	0x1a5e20
OsThunkDdCreateSurfaceEx	0x0	0x754112d8	0x1a6a24	0x1a5e24
OsThunkDdCreateSurface	0x0	0x754112dc	0x1a6a28	0x1a5e28
OsThunkDdCreateD3DBuffer	0x0	0x754112e0	0x1a6a2c	0x1a5e2c
OsThunkDdAttachSurface	0x0	0x754112e4	0x1a6a30	0x1a5e30
OsThunkDdCreateSurfaceObject	0x0	0x754112e8	0x1a6a34	0x1a5e34
OsThunkDdCanCreateSurface	0x0	0x754112ec	0x1a6a38	0x1a5e38
OsThunkDdCanCreateD3DBuffer	0x0	0x754112f0	0x1a6a3c	0x1a5e3c
OsThunkD3dContextCreate	0x0	0x754112f4	0x1a6a40	0x1a5e40
OsThunkD3dContextDestroy	0x0	0x754112f8	0x1a6a44	0x1a5e44
OsThunkDdGetDriverState	0x0	0x754112fc	0x1a6a48	0x1a5e48
OsThunkD3dValidateTextureStageState	0x0	0x75411300	0x1a6a4c	0x1a5e4c
OsThunkD3dDrawPrimitives2	0x0	0x75411304	0x1a6a50	0x1a5e50
OsThunkDdResetVisrgn	0x0	0x75411308	0x1a6a54	0x1a5e54
OsThunkDdLockD3D	0x0	0x7541130c	0x1a6a58	0x1a5e58
OsThunkDdLock	0x0	0x75411310	0x1a6a5c	0x1a5e5c
OsThunkDdGetBltStatus	0x0	0x75411314	0x1a6a60	0x1a5e60
OsThunkDdQueryDirectDrawObject	0x0	0x75411318	0x1a6a64	0x1a5e64
OsThunkDdBlt	0x0	0x7541131c	0x1a6a68	0x1a5e68
OsThunkDdGetDC	0x0	0x75411320	0x1a6a6c	0x1a5e6c
OsThunkDdGetDriverInfo	0x0	0x75411324	0x1a6a70	0x1a5e70
OsThunkDdGetAvailDriverMemory	0x0	0x75411328	0x1a6a74	0x1a5e74
OsThunkDdWaitForVerticalBlank	0x0	0x7541132c	0x1a6a78	0x1a5e78
OsThunkDdGetFlipStatus	0x0	0x75411330	0x1a6a7c	0x1a5e7c
OsThunkDdFlip	0x0	0x75411334	0x1a6a80	0x1a5e80

GDI32.dll (79)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
D3DKMTSignalSynchronizationObject2	0x0	0x7541133c	0x1a6a88	0x1a5e88
D3DKMTGetRuntimeData	0x0	0x75411340	0x1a6a8c	0x1a5e8c
D3DKMTQueryAdapterInfo	0x0	0x75411344	0x1a6a90	0x1a5e90
D3DKMTLock	0x0	0x75411348	0x1a6a94	0x1a5e94
D3DKMTUnlock	0x0	0x7541134c	0x1a6a98	0x1a5e98
D3DKMTGetDisplayModeList	0x0	0x75411350	0x1a6a9c	0x1a5e9c
D3DKMTSetDisplayMode	0x0	0x75411354	0x1a6aa0	0x1a5ea0
D3DKMTGetMultisampleMethodList	0x0	0x75411358	0x1a6aa4	0x1a5ea4
D3DKMTSignalSynchronizationObject	0x0	0x7541135c	0x1a6aa8	0x1a5ea8
D3DKMTRender	0x0	0x75411360	0x1a6aac	0x1a5eac
D3DKMTOpenAdapterFromDeviceName	0x0	0x75411364	0x1a6ab0	0x1a5eb0
D3DKMTCloseAdapter	0x0	0x75411368	0x1a6ab4	0x1a5eb4
D3DKMTGetSharedPrimaryHandle	0x0	0x7541136c	0x1a6ab8	0x1a5eb8
D3DKMTEscape	0x0	0x75411370	0x1a6abc	0x1a5ebc
D3DKMTSetVidPnSourceOwner	0x0	0x75411374	0x1a6ac0	0x1a5ec0
D3DKMTWaitForVerticalBlankEvent	0x0	0x75411378	0x1a6ac4	0x1a5ec4
D3DKMTSetGammaRamp	0x0	0x7541137c	0x1a6ac8	0x1a5ec8
D3DKMTGetDeviceState	0x0	0x75411380	0x1a6acc	0x1a5ecc
D3DKMTCreateDCFromMemory	0x0	0x75411384	0x1a6ad0	0x1a5ed0
D3DKMTDestroyDCFromMemory	0x0	0x75411388	0x1a6ad4	0x1a5ed4
D3DKMTSetContextSchedulingPriority	0x0	0x7541138c	0x1a6ad8	0x1a5ed8
D3DKMTWaitForSynchronizationObject2	0x0	0x75411390	0x1a6adc	0x1a5edc
D3DKMTWaitForSynchronizationObject	0x0	0x75411394	0x1a6ae0	0x1a5ee0
D3DKMTDestroySynchronizationObject	0x0	0x75411398	0x1a6ae4	0x1a5ee4
D3DKMTCreateSynchronizationObject2	0x0	0x7541139c	0x1a6ae8	0x1a5ee8
D3DKMTCreateSynchronizationObject	0x0	0x754113a0	0x1a6aec	0x1a5eec
D3DKMTDestroyContext	0x0	0x754113a4	0x1a6af0	0x1a5ef0
D3DKMTCreateContext	0x0	0x754113a8	0x1a6af4	0x1a5ef4
D3DKMTDestroyDevice	0x0	0x754113ac	0x1a6af8	0x1a5ef8
D3DKMTCreateDevice	0x0	0x754113b0	0x1a6afc	0x1a5efc
D3DKMTQueryAllocationResidency	0x0	0x754113b4	0x1a6b00	0x1a5f00
D3DKMTSetAllocationPriority	0x0	0x754113b8	0x1a6b04	0x1a5f04
D3DKMTDestroyAllocation	0x0	0x754113bc	0x1a6b08	0x1a5f08
D3DKMTOpenResource2	0x0	0x754113c0	0x1a6b0c	0x1a5f0c
D3DKMTOpenResource	0x0	0x754113c4	0x1a6b10	0x1a5f10
D3DKMTQueryResourceInfo	0x0	0x754113c8	0x1a6b14	0x1a5f14
D3DKMTCreateAllocation2	0x0	0x754113cc	0x1a6b18	0x1a5f18
D3DKMTCreateAllocation	0x0	0x754113d0	0x1a6b1c	0x1a5f1c
D3DKMTOpenAdapterFromHdc	0x0	0x754113d4	0x1a6b20	0x1a5f20
GetSystemPaletteEntries	0x0	0x754113d8	0x1a6b24	0x1a5f24
CreateDIBitmap	0x0	0x754113dc	0x1a6b28	0x1a5f28
D3DKMTPresent	0x0	0x754113e0	0x1a6b2c	0x1a5f2c
CreateRectRgn	0x0	0x754113e4	0x1a6b30	0x1a5f30
D3DKMTGetContextSchedulingPriority	0x0	0x754113e8	0x1a6b34	0x1a5f34
D3DKMTGetScanLine	0x0	0x754113ec	0x1a6b38	0x1a5f38
D3DKMTSetQueuedLimit	0x0	0x754113f0	0x1a6b3c	0x1a5f3c
D3DKMTCheckOcclusion	0x0	0x754113f4	0x1a6b40	0x1a5f40
D3DKMTCheckMonitorPowerState	0x0	0x754113f8	0x1a6b44	0x1a5f44
D3DKMTCheckExclusiveOwnership	0x0	0x754113fc	0x1a6b48	0x1a5f48
D3DKMTSetDisplayPrivateDriverFormat	0x0	0x75411400	0x1a6b4c	0x1a5f4c
D3DKMTSharedPrimaryLockNotification	0x0	0x75411404	0x1a6b50	0x1a5f50
D3DKMTSharedPrimaryUnLockNotification	0x0	0x75411408	0x1a6b54	0x1a5f54
D3DKMTReleaseProcessVidPnSourceOwners	0x0	0x7541140c	0x1a6b58	0x1a5f58
D3DKMTCreateOverlay	0x0	0x75411410	0x1a6b5c	0x1a5f5c
D3DKMTUpdateOverlay	0x0	0x75411414	0x1a6b60	0x1a5f60
D3DKMTFlipOverlay	0x0	0x75411418	0x1a6b64	0x1a5f64
D3DKMTDestroyOverlay	0x0	0x7541141c	0x1a6b68	0x1a5f68
D3DKMTConfigureSharedResource	0x0	0x75411420	0x1a6b6c	0x1a5f6c
D3DKMTQueryStatistics	0x0	0x75411424	0x1a6b70	0x1a5f70
D3DKMTGetOverlayState	0x0	0x75411428	0x1a6b74	0x1a5f74
SetLayout	0x0	0x7541142c	0x1a6b78	0x1a5f78
SetStretchBltMode	0x0	0x75411430	0x1a6b7c	0x1a5f7c
StretchBlt	0x0	0x75411434	0x1a6b80	0x1a5f80
CreateCompatibleDC	0x0	0x75411438	0x1a6b84	0x1a5f84
CreateDIBSection	0x0	0x7541143c	0x1a6b88	0x1a5f88
SelectObject	0x0	0x75411440	0x1a6b8c	0x1a5f8c
GetDeviceGammaRamp	0x0	0x75411444	0x1a6b90	0x1a5f90
GdiEntry1	0x0	0x75411448	0x1a6b94	0x1a5f94
GdiEntry13	0x0	0x7541144c	0x1a6b98	0x1a5f98
CreateCompatibleBitmap	0x0	0x75411450	0x1a6b9c	0x1a5f9c
GetDIBits	0x0	0x75411454	0x1a6ba0	0x1a5fa0
GetRandomRgn	0x0	0x75411458	0x1a6ba4	0x1a5fa4
DeleteObject	0x0	0x7541145c	0x1a6ba8	0x1a5fa8
GetRegionData	0x0	0x75411460	0x1a6bac	0x1a5fac
CreateDCA	0x0	0x75411464	0x1a6bb0	0x1a5fb0
GetNearestColor	0x0	0x75411468	0x1a6bb4	0x1a5fb4
GetDeviceCaps	0x0	0x7541146c	0x1a6bb8	0x1a5fb8
DeleteDC	0x0	0x75411470	0x1a6bbc	0x1a5fbc
BitBlt	0x0	0x75411474	0x1a6bc0	0x1a5fc0

KERNEL32.dll (92)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
GetProcessAffinityMask	0x0	0x7541147c	0x1a6bc8	0x1a5fc8
ReleaseMutex	0x0	0x75411480	0x1a6bcc	0x1a5fcc
WaitForSingleObject	0x0	0x75411484	0x1a6bd0	0x1a5fd0
InterlockedIncrement	0x0	0x75411488	0x1a6bd4	0x1a5fd4
GetCurrentThreadId	0x0	0x7541148c	0x1a6bd8	0x1a5fd8
DeleteCriticalSection	0x0	0x75411490	0x1a6bdc	0x1a5fdc
InitializeCriticalSection	0x0	0x75411494	0x1a6be0	0x1a5fe0
EnterCriticalSection	0x0	0x75411498	0x1a6be4	0x1a5fe4
LeaveCriticalSection	0x0	0x7541149c	0x1a6be8	0x1a5fe8
FreeLibrary	0x0	0x754114a0	0x1a6bec	0x1a5fec
GetProcAddress	0x0	0x754114a4	0x1a6bf0	0x1a5ff0
LoadLibraryA	0x0	0x754114a8	0x1a6bf4	0x1a5ff4
InterlockedExchange	0x0	0x754114ac	0x1a6bf8	0x1a5ff8
SetErrorMode	0x0	0x754114b0	0x1a6bfc	0x1a5ffc
InterlockedDecrement	0x0	0x754114b4	0x1a6c00	0x1a6000
OutputDebugStringA	0x0	0x754114b8	0x1a6c04	0x1a6004
GetNativeSystemInfo	0x0	0x754114bc	0x1a6c08	0x1a6008
GetModuleFileNameA	0x0	0x754114c0	0x1a6c0c	0x1a600c
FreeLibraryAndExitThread	0x0	0x754114c4	0x1a6c10	0x1a6010
CloseHandle	0x0	0x754114c8	0x1a6c14	0x1a6014
DisableThreadLibraryCalls	0x0	0x754114cc	0x1a6c18	0x1a6018
GetCurrentProcessId	0x0	0x754114d0	0x1a6c1c	0x1a601c
LocalFree	0x0	0x754114d4	0x1a6c20	0x1a6020
CreateEventExA	0x0	0x754114d8	0x1a6c24	0x1a6024
CreateSemaphoreExA	0x0	0x754114dc	0x1a6c28	0x1a6028
HeapAlloc	0x0	0x754114e0	0x1a6c2c	0x1a602c
HeapFree	0x0	0x754114e4	0x1a6c30	0x1a6030
HeapCreate	0x0	0x754114e8	0x1a6c34	0x1a6034
HeapDestroy	0x0	0x754114ec	0x1a6c38	0x1a6038
VerifyVersionInfoA	0x0	0x754114f0	0x1a6c3c	0x1a603c
GetCurrentThread	0x0	0x754114f4	0x1a6c40	0x1a6040
SetThreadAffinityMask	0x0	0x754114f8	0x1a6c44	0x1a6044
SetThreadPriority	0x0	0x754114fc	0x1a6c48	0x1a6048
ResumeThread	0x0	0x75411500	0x1a6c4c	0x1a604c
SetThreadIdealProcessor	0x0	0x75411504	0x1a6c50	0x1a6050
GetEnvironmentVariableA	0x0	0x75411508	0x1a6c54	0x1a6054
TlsAlloc	0x0	0x7541150c	0x1a6c58	0x1a6058
TlsGetValue	0x0	0x75411510	0x1a6c5c	0x1a605c
TlsSetValue	0x0	0x75411514	0x1a6c60	0x1a6060
lstrlenA	0x0	0x75411518	0x1a6c64	0x1a6064
VirtualProtect	0x0	0x7541151c	0x1a6c68	0x1a6068
GetSystemInfo	0x0	0x75411520	0x1a6c6c	0x1a606c
VirtualAlloc	0x0	0x75411524	0x1a6c70	0x1a6070
VirtualFree	0x0	0x75411528	0x1a6c74	0x1a6074
WaitForMultipleObjects	0x0	0x7541152c	0x1a6c78	0x1a6078
CreateEventA	0x0	0x75411530	0x1a6c7c	0x1a607c
CreateThread	0x0	0x75411534	0x1a6c80	0x1a6080
SetEvent	0x0	0x75411538	0x1a6c84	0x1a6084
GetLogicalProcessorInformation	0x0	0x7541153c	0x1a6c88	0x1a6088
GetVersionExA	0x0	0x75411540	0x1a6c8c	0x1a608c
MultiByteToWideChar	0x0	0x75411544	0x1a6c90	0x1a6090
IsProcessorFeaturePresent	0x0	0x75411548	0x1a6c94	0x1a6094
GetFileSize	0x0	0x7541154c	0x1a6c98	0x1a6098
SetUnhandledExceptionFilter	0x0	0x75411550	0x1a6c9c	0x1a609c
UnhandledExceptionFilter	0x0	0x75411554	0x1a6ca0	0x1a60a0
TerminateProcess	0x0	0x75411558	0x1a6ca4	0x1a60a4
GetSystemTimeAsFileTime	0x0	0x7541155c	0x1a6ca8	0x1a60a8
CreateNamedPipeA	0x0	0x75411560	0x1a6cac	0x1a60ac
CreateFileA	0x0	0x75411564	0x1a6cb0	0x1a60b0
WaitNamedPipeA	0x0	0x75411568	0x1a6cb4	0x1a60b4
TransactNamedPipe	0x0	0x7541156c	0x1a6cb8	0x1a60b8
GetPrivateProfileStringA	0x0	0x75411570	0x1a6cbc	0x1a60bc
PeekNamedPipe	0x0	0x75411574	0x1a6cc0	0x1a60c0
WriteFile	0x0	0x75411578	0x1a6cc4	0x1a60c4
ReadFile	0x0	0x7541157c	0x1a6cc8	0x1a60c8
FlushFileBuffers	0x0	0x75411580	0x1a6ccc	0x1a60cc
DisconnectNamedPipe	0x0	0x75411584	0x1a6cd0	0x1a60d0
SetNamedPipeHandleState	0x0	0x75411588	0x1a6cd4	0x1a60d4
ConnectNamedPipe	0x0	0x7541158c	0x1a6cd8	0x1a60d8
CreateMutexW	0x0	0x75411590	0x1a6cdc	0x1a60dc
OpenMutexW	0x0	0x75411594	0x1a6ce0	0x1a60e0
GetProcessHeap	0x0	0x75411598	0x1a6ce4	0x1a60e4
ResetEvent	0x0	0x7541159c	0x1a6ce8	0x1a60e8
GlobalAddAtomA	0x0	0x754115a0	0x1a6cec	0x1a60ec
lstrcmpA	0x0	0x754115a4	0x1a6cf0	0x1a60f0
CreateSemaphoreA	0x0	0x754115a8	0x1a6cf4	0x1a60f4
LoadLibraryW	0x0	0x754115ac	0x1a6cf8	0x1a60f8
GetSystemTime	0x0	0x754115b0	0x1a6cfc	0x1a60fc
ReleaseSemaphore	0x0	0x754115b4	0x1a6d00	0x1a6100
GetProcessId	0x0	0x754115b8	0x1a6d04	0x1a6104
LocalAlloc	0x0	0x754115bc	0x1a6d08	0x1a6108
GetTickCount	0x0	0x754115c0	0x1a6d0c	0x1a610c
QueryPerformanceCounter	0x0	0x754115c4	0x1a6d10	0x1a6110
QueryPerformanceFrequency	0x0	0x754115c8	0x1a6d14	0x1a6114
Sleep	0x0	0x754115cc	0x1a6d18	0x1a6118
InterlockedCompareExchange	0x0	0x754115d0	0x1a6d1c	0x1a611c
GetModuleHandleA	0x0	0x754115d4	0x1a6d20	0x1a6120
DebugBreak	0x0	0x754115d8	0x1a6d24	0x1a6124
GetCurrentProcess	0x0	0x754115dc	0x1a6d28	0x1a6128
OutputDebugStringW	0x0	0x754115e0	0x1a6d2c	0x1a612c
WideCharToMultiByte	0x0	0x754115e4	0x1a6d30	0x1a6130
GetLastError	0x0	0x754115e8	0x1a6d34	0x1a6134

dwmapi.dll (7)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
(by ordinal)	0x7e	0x754115f0	0x1a6d3c	0x1a613c
(by ordinal)	0x7d	0x754115f4	0x1a6d40	0x1a6140
(by ordinal)	0x64	0x754115f8	0x1a6d44	0x1a6144
(by ordinal)	0x65	0x754115fc	0x1a6d48	0x1a6148
(by ordinal)	0x80	0x75411600	0x1a6d4c	0x1a614c
(by ordinal)	0x81	0x75411604	0x1a6d50	0x1a6150
(by ordinal)	0x82	0x75411608	0x1a6d54	0x1a6154

Exports (14)

Api name	EAT Address	Ordinal
D3DPERF_BeginEvent	0x754b71db	0x4
D3DPERF_EndEvent	0x754b7249	0x5
D3DPERF_GetStatus	0x754b746d	0x6
D3DPERF_QueryRepeatFrame	0x754b738d	0x7
D3DPERF_SetMarker	0x754b72b5	0x8
D3DPERF_SetOptions	0x754b7402	0x9
D3DPERF_SetRegion	0x754b7321	0xa
DebugSetLevel	0x754b88b1	0xb
DebugSetMute	0x754466c6	0xc
Direct3DCreate9	0x75470a62	0xd
Direct3DCreate9Ex	0x7541ccd5	0xe
Direct3DShaderValidatorCreate9	0x7544f5af	0x1
PSGPError	0x754ad77b	0x2
PSGPSampleTexture	0x754ad709	0x3

c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_32.db

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_32.db (Modified File)
Size	1.00 MB (1048576 bytes)
Hash Values	MD5: b21042cae5f16c8491412d5c0fe6efc1 SHA1: e8576008f904e5bd7ba9e21bf423269f9a8cb02a SHA256: 53eeba74de368e1da24a5a2f63b1e572e99b446228cc8d928b213de6829a11e0
Actions	Actions Download

c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_96.db

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_96.db (Modified File)
Size	1.00 MB (1048576 bytes)
Hash Values	MD5: 1565b6034cb30d34f9253e40fc60e3a8 SHA1: ab07f5b01f1e8f45c77d46fac1aa5952ddc96070 SHA256: ef0b02378e7297aa6e0d79adb3f2288b5d9b0dde297e5e5a9cbd2901a69cb4c4
Actions	Actions Download

c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_256.db

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_256.db (Modified File)
Size	1.00 MB (1048576 bytes)
Hash Values	MD5: c7f8f5ef1ef5e8a7401c9e4fbc927da8 SHA1: 90d545e9a500109dd4d96d6b4eccdf76f4e88935 SHA256: cd7829efe2b9f9e586080875f6d965d50f4af5089172df1f9bd1c324b1bb1641
Actions	Actions Download

c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_1024.db

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_1024.db (Modified File)
Size	0.02 KB (24 bytes)
Hash Values	MD5: b623140136560adaf3786e262c01676f SHA1: 7143c103e1d52c99eeaa3b11beb9f02d2c50ca3d SHA256: ee3e1212dbd47e058e30b119a92f853d3962558065fa3065ad5c1d47654c4140
Actions	Actions Download

c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_sr.db

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_sr.db (Modified File)
Size	0.02 KB (24 bytes)
Hash Values	MD5: 2034995f0bbaa16db835b462eb78152a SHA1: ce19b1a236f95307067d4979f8dd96c70d69c18a SHA256: 62ce260f5e10fc17bf63faafa39912febf61d20fad51cc11606a295801743799
Actions	Actions Download

c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat (Modified File)
Size	48.00 KB (49152 bytes)
Hash Values	MD5: e6b1de6678d90bcb09e9f80b9a7e9b19 SHA1: 60fba1f703325131737b4d497239dba8af92491c SHA256: 744862c62b36201f4cf54b2809fc4e21e5819df25f51bebe5d88c65c7963790a
Actions	Actions Download

c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\windows\cookies\index.dat, ...

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\windows\cookies\index.dat (Modified File) process_00000002-region_00001446-addr_0x0000000000530000-size_0x0000000000004000-perm_rw.bin (Process Dump)
Size	16.00 KB (16384 bytes)
Hash Values	MD5: d7a950fefd60dbaa01df2d85fefb3862 SHA1: 15740b197555ba8e162c37a60ba655151e3bebae SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
Actions	Actions Download

c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\history\history.ie5\index.dat, ...

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\history\history.ie5\index.dat (Modified File) process_00000002-region_00001447-addr_0x0000000000540000-size_0x0000000000008000-perm_rw.bin (Process Dump)
Size	32.00 KB (32768 bytes)
Hash Values	MD5: 5a8d4270f45ec3e2b9386f235de25fea SHA1: aa48c9431ecf28d39c56ea43b084039a4f9e1f7e SHA256: a079616c415e9e394bbb8175baeadbd23a306f534b7c8c4d9ea75c6f5e368169
Actions	Actions Download

c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\windows\ietldcache\index.dat

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\windows\ietldcache\index.dat (Modified File)
Size	256.00 KB (262144 bytes)
Hash Values	MD5: 523c9c2f0803c81fb5baf9ae734c5313 SHA1: 2bdb52c4b4920a39084818ab848a39bde4e6fe19 SHA256: 8f32b74a611bdcf55195007d815d1028c287d4068c1feea68061aeec9626455f
Actions	Actions Download

c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_idx.db

File Properties
Names	c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_idx.db (Modified File)
Size	3.18 KB (3256 bytes)
Hash Values	MD5: 4f50d242174f1e946d222d3cda5ee094 SHA1: ae45f37e5df444532c47224b7cf78c43e9f675e7 SHA256: 147c1416aaa31785b01eaf6ae2658f1c31970b1cac9568b6b403e68fb2e565db
Actions	Actions Download