9542c4da...9ff2 | Grouped Behavior
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Dropper, Backdoor

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xc38 Analysis Target High (Elevated) laafdy.exe "C:\Users\FD1HVy\Desktop\laafdy.exe" -
#2 0xc70 Child Process High (Elevated) laafdy.exe "C:\Users\FD1HVy\Desktop\laafdy.exe" #1

Behavior Information - Grouped by Category

Process #1: laafdy.exe
3871 0
»
Information Value
ID #1
File Name c:\users\fd1hvy\desktop\laafdy.exe
Command Line "C:\Users\FD1HVy\Desktop\laafdy.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:00:29, Reason: Analysis Target
Unmonitor End Time: 00:03:25, Reason: Self Terminated
Monitor Duration 00:02:56
OS Process Information
»
Information Value
PID 0xc38
Parent PID 0x860 (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A6C
0x 6CC
0x 8F0
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
laafdy.exe 0x01300000 0x0142CFFF Process Termination - 32-bit - False
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setx.url 0.09 KB MD5: a635d51b90fc12c47dd74b2126c73a83
SHA1: 208591acfec3c5235865395317a5cc2cab9416bd
SHA256: 853ee679a046ef13c6b18fcc601e99e5fcb3ae3d738235d6382f37404745f5c5
SSDeep: 3:HRAbABGQVuOEwREaKC5KkZzIdktXNn:HRYF5OxiaZ5K0ICN
False
C:\Users\FD1HVy\AppData\Roaming\phoneactivate\setx.vbs 0.14 KB MD5: f674e1b3b514a8f401d779ae26147e6b
SHA1: 4822751d6b452261ad539813f99756c4dbf882b6
SHA256: 0a89f1b05c990f5fceaab56d385f8092cbd7960399a31e68f5423ef49cbf0003
SSDeep: 3:jaPcYoncIQBHoEwREaKC5KkZzIdktXNHn:jk+cjIxiaZ5K0IC1
False
C:\Users\FD1HVy\AppData\Roaming\phoneactivate\AboveLockAppHost.exe 1.20 MB MD5: 6d6a9da3ed1f72ed583f4c62373d9530
SHA1: 71961de25ea0d1f47ebfa33382a2db054f193b94
SHA256: 99a1b0fecaeef1933f737c9a8eccf5e05e91ed1aeba46ac9eac2dc7863ca88c5
SSDeep: 24576:KCdxte/80jYLT3U1jfsWagtD3Y37V7bLMKixQaR:Lw80cTsjkWag+79b4Kxg
False
Host Behavior
File (42)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\FD1HVy\Desktop\laafdy.exe desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 2
Fn
Create C:\Users\FD1HVy\Desktop\laafdy.exe desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\phoneactivate\AboveLockAppHost.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setx.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\phoneactivate\setx.vbs desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
Create Directory C:\Users\FD1HVy\AppData\Roaming\phoneactivate - True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\laafdy.exe type = file_type True 2
Fn
Get Info C:\Users\FD1HVy\Desktop\laafdy.exe:Zone.Identifier type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\phoneactivate type = file_attributes False 1
Fn
Get Info AboveLockAppHost.exe type = file_attributes True 2
Fn
Get Info phoneactivate type = file_attributes True 2
Fn
Open STD_INPUT_HANDLE - True 2
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Read C:\Users\FD1HVy\Desktop\laafdy.exe size = 65536, size_out = 65536 True 19
Fn
Data
Read C:\Users\FD1HVy\Desktop\laafdy.exe size = 65536, size_out = 10632 True 1
Fn
Data
Write C:\Users\FD1HVy\AppData\Roaming\phoneactivate\setx.vbs size = 139 True 1
Fn
Data
Write C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setx.url size = 97 True 1
Fn
Data
Write C:\Users\FD1HVy\AppData\Roaming\phoneactivate\AboveLockAppHost.exe size = 1255824 True 1
Fn
Registry (3)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Control Panel\Mouse - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\AutoIt v3\AutoIt - False 1
Fn
Read Value HKEY_CURRENT_USER\Control Panel\Mouse value_name = SwapMouseButtons, data = 48 True 1
Fn
Module (56)
»
Operation Module Additional Information Success Count Logfile
Load kernel32.dll base_address = 0x75e90000 True 6
Fn
Load C:\Users\FD1HVy\Desktop\laafdy.exe base_address = 0x1300000 True 2
Fn
Load Advapi32.dll base_address = 0x761b0000 True 1
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x75e90000 True 1
Fn
Get Filename - process_name = c:\users\fd1hvy\desktop\laafdy.exe, file_name_orig = C:\Users\FD1HVy\Desktop\laafdy.exe, size = 260 True 1
Fn
Get Filename - process_name = c:\users\fd1hvy\desktop\laafdy.exe, file_name_orig = C:\Users\FD1HVy\Desktop\laafdy.exe, size = 32767 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x75ea4ae0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x75ea4b00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x75ea4b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x75ea4b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeCriticalSectionEx, address_out = 0x75efebc0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateEventExW, address_out = 0x75efeb20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateSemaphoreExW, address_out = 0x75efeb80 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadStackGuarantee, address_out = 0x75ea6700 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThreadpoolTimer, address_out = 0x75ea6d30 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadpoolTimer, address_out = 0x77bfd7c0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WaitForThreadpoolTimerCallbacks, address_out = 0x77bfb840 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseThreadpoolTimer, address_out = 0x77bfb740 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThreadpoolWait, address_out = 0x75ea6d70 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadpoolWait, address_out = 0x77bfc0b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseThreadpoolWait, address_out = 0x77bfbe10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlushProcessWriteBuffers, address_out = 0x77c22b20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FreeLibraryWhenCallbackReturns, address_out = 0x77c18e50 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcessorNumber, address_out = 0x77c152f0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLogicalProcessorInformation, address_out = 0x75ea71b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateSymbolicLinkW, address_out = 0x75ea4510 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetDefaultDllDirectories, address_out = 0x7500d900 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EnumSystemLocalesEx, address_out = 0x75ea49a0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CompareStringEx, address_out = 0x75ea7050 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetDateFormatEx, address_out = 0x75ea7760 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLocaleInfoEx, address_out = 0x75ea7190 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTimeFormatEx, address_out = 0x75ea7780 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetUserDefaultLocaleName, address_out = 0x75ea72c0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsValidLocaleName, address_out = 0x75ea7440 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LCMapStringEx, address_out = 0x75ea7480 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentPackageId, address_out = 0x74f9e260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTickCount64, address_out = 0x75ea0db0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetNativeSystemInfo, address_out = 0x75ea5130 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll address_out = 0x75ea6b30 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64RevertWow64FsRedirection, address_out = 0x75ea6b50 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetVersionExW, address_out = 0x75ea56f0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindResourceW, address_out = 0x75ea4aa0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptDestroyHash, address_out = 0x761cf0e0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptDecrypt, address_out = 0x761d3350 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptReleaseContext, address_out = 0x761cfbc0 True 1
Fn
Window (2)
»
Operation Window Name Additional Information Success Count Logfile
Create AutoIt v3 class_name = AutoIt v3, wndproc_parameter = 0 True 1
Fn
Create - class_name = edit, wndproc_parameter = 0 True 1
Fn
System (3757)
»
Operation Additional Information Success Count Logfile
Sleep duration = 750 milliseconds (0.750 seconds) True 220
Fn
Sleep duration = 10 milliseconds (0.010 seconds) True 3521
Fn
Get Time type = System Time, time = 2019-04-10 11:54:40 (UTC) True 13
Fn
Get Info type = Operating System True 2
Fn
Get Info type = Hardware Information True 1
Fn
Mutex (1)
»
Operation Additional Information Success Count Logfile
Create mutex_name = PnPUnattend True 1
Fn
Environment (3)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Get Environment String name = HOMEDRIVE, result_out = C: True 1
Fn
Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
Debug (1)
»
Operation Process Additional Information Success Count Logfile
Check for Presence c:\users\fd1hvy\desktop\laafdy.exe - True 1
Fn
Process #2: laafdy.exe
498 2
»
Information Value
ID #2
File Name c:\users\fd1hvy\desktop\laafdy.exe
Command Line "C:\Users\FD1HVy\Desktop\laafdy.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:03:18, Reason: Child Process
Unmonitor End Time: 00:04:39, Reason: Terminated by Timeout
Monitor Duration 00:01:20
OS Process Information
»
Information Value
PID 0xc70
Parent PID 0xc38 (c:\users\fd1hvy\desktop\laafdy.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D64
0x 1A4
0x E5C
0x 838
0x DA4
0x B80
0x 9C0
0x 840
0x EE4
0x 744
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points YARA Actions
buffer 0x00400000 0x00419FFF Marked Executable - 32-bit - False
laafdy.exe 0x01300000 0x0142CFFF Forced - 32-bit - False
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x00418340 False
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040CC74 True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040B8A0, 0x00401000, ... True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040928E, 0x00408FA2, ... True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040AAE3 True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x00407000 True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x004017BC True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040541B True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x00402193 True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040B90A, 0x0040CE70, ... True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040872E True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x00402193 True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040B90A True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x004017BC True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040541B True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040B90A, 0x0040CE70, ... True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040872E True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x004017BC True
buffer 0x00400000 0x00419FFF Content Changed - 32-bit 0x0040541B True
Host Behavior
Registry (60)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ - True 11
Fn
Open Key HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ - True 9
Fn
Open Key HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ - True 7
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = 87 True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ value_name = override, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ value_name = name, data = 0 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ value_name = override, data = 0, type = REG_NONE False 10
Fn
Read Value HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ value_name = override, data = 0, type = REG_NONE False 9
Fn
Read Value HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ value_name = override, data = 0, type = REG_NONE False 7
Fn
Write Value HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ value_name = licence, data = CE0114D6E646D028D2ADA7FD688540F2, size = 32, type = REG_SZ True 1
Fn
Module (281)
»
Operation Module Additional Information Success Count Logfile
Load KERNEL32.DLL base_address = 0x75e90000 True 1
Fn
Load ADVAPI32.dll base_address = 0x761b0000 True 1
Fn
Load GDI32.dll base_address = 0x75b70000 True 1
Fn
Load gdiplus.dll base_address = 0x739a0000 True 1
Fn
Load MSVCP60.dll base_address = 0x73ed0000 True 1
Fn
Load MSVCRT.dll base_address = 0x77a30000 True 1
Fn
Load SHELL32.dll base_address = 0x76480000 True 1
Fn
Load SHLWAPI.dll base_address = 0x75f60000 True 1
Fn
Load urlmon.dll base_address = 0x73d30000 True 1
Fn
Load USER32.dll base_address = 0x74b70000 True 1
Fn
Load User32.dll base_address = 0x74b70000 True 1
Fn
Load kernel32.dll base_address = 0x75e90000 True 2
Fn
Load Psapi.dll base_address = 0x76180000 True 2
Fn
Get Handle c:\windows\syswow64\user32.dll base_address = 0x74b70000 True 1
Fn
Get Handle private_0x0000000000400000 base_address = 0x400000 True 1
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x75e90000 True 3
Fn
Get Handle c:\windows\syswow64\shell32.dll base_address = 0x76480000 True 1
Fn
Get Filename - process_name = c:\users\fd1hvy\desktop\laafdy.exe, file_name_orig = C:\Users\FD1HVy\Desktop\laafdy.exe, size = 260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLocaleInfoA, address_out = 0x75ea5020 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Process32NextW, address_out = 0x75edf8f0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Process32FirstW, address_out = 0x75edf750 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateToolhelp32Snapshot, address_out = 0x75ededc0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTickCount, address_out = 0x75efdd50 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalUnlock, address_out = 0x75ee44e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalLock, address_out = 0x75ee42f0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalAlloc, address_out = 0x75ea5750 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcessId, address_out = 0x75efea20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcess, address_out = 0x75efea10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteFileA, address_out = 0x75efed30 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalFree, address_out = 0x75ea1ee0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindResourceA, address_out = 0x75ee27c0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = OpenProcess, address_out = 0x75ea5cc0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DuplicateHandle, address_out = 0x75efeac0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentThread, address_out = 0x75ea8810 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RemoveDirectoryW, address_out = 0x75eff0d0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLongPathNameW, address_out = 0x75ed1710 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcpynA, address_out = 0x75ea6c10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleFileNameA, address_out = 0x75ea5070 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExitProcess, address_out = 0x75ea3cb0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = AllocConsole, address_out = 0x75eff430 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetStartupInfoA, address_out = 0x75ee28e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadResource, address_out = 0x75ea5b00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LockResource, address_out = 0x75ea5bc0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SizeofResource, address_out = 0x75ea6740 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleA, address_out = 0x75ea50b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateMutexA, address_out = 0x75efeb40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLastError, address_out = 0x75ea5010 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleFileNameW, address_out = 0x75ea5090 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFileAttributesW, address_out = 0x75eff100 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadLibraryA, address_out = 0x75ea5a80 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcAddress, address_out = 0x75ea51b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateFileMappingA, address_out = 0x75eddb60 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = MapViewOfFileEx, address_out = 0x75ea5c00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TerminateThread, address_out = 0x75ea6800 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindClose, address_out = 0x75efed70 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExitThread, address_out = 0x77c16390 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLogicalDriveStringsA, address_out = 0x75ee3590 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateDirectoryW, address_out = 0x75efece0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileAttributesW, address_out = 0x75efef10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteFileW, address_out = 0x75efed40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateFileW, address_out = 0x75efed10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThread, address_out = 0x75ea46b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileSize, address_out = 0x75efef30 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFilePointer, address_out = 0x75eff120 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetDriveTypeA, address_out = 0x75efeec0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrlenA, address_out = 0x75ea6c50 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindFirstFileW, address_out = 0x75efedf0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindNextFileW, address_out = 0x75efee40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreatePipe, address_out = 0x75ea4590 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateProcessA, address_out = 0x75ea45b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = PeekNamedPipe, address_out = 0x75ea74d0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReadFile, address_out = 0x75eff090 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WriteFile, address_out = 0x75eff180 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TerminateProcess, address_out = 0x75ea67e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetEvent, address_out = 0x75efec50 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapCreate, address_out = 0x75ea57b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapFree, address_out = 0x75ea57f0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Sleep, address_out = 0x75ea6760 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLocalTime, address_out = 0x75ea5060 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateEventA, address_out = 0x75efeb00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WaitForSingleObject, address_out = 0x75efeca0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseHandle, address_out = 0x75efeab0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LocalAlloc, address_out = 0x75ea5b20 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegDeleteValueW, address_out = 0x761d0580 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegEnumKeyExA, address_out = 0x761d1960 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetUserNameW, address_out = 0x761cf890 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = ChangeServiceConfigW, address_out = 0x761e2670 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = QueryServiceStatus, address_out = 0x761d2380 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = ControlService, address_out = 0x761e26d0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = OpenSCManagerW, address_out = 0x761d0540 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = StartServiceW, address_out = 0x761d3b20 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = OpenSCManagerA, address_out = 0x761d07e0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = EnumServicesStatusW, address_out = 0x761f4350 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = OpenServiceW, address_out = 0x761cfa20 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegDeleteKeyA, address_out = 0x761cf8c0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegOpenKeyExA, address_out = 0x761cf210 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCloseKey, address_out = 0x761ced60 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegQueryValueExA, address_out = 0x761cf020 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegQueryValueExW, address_out = 0x761ce5a0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegOpenKeyExW, address_out = 0x761ce580 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegSetValueExA, address_out = 0x761cffc0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCreateKeyA, address_out = 0x761d1fa0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegSetValueExW, address_out = 0x761cf530 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCreateKeyW, address_out = 0x761cf9b0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegEnumValueW, address_out = 0x761cf250 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegEnumKeyExW, address_out = 0x761cefd0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegQueryInfoKeyW, address_out = 0x761cf270 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCreateKeyExW, address_out = 0x761cf4f0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = AdjustTokenPrivileges, address_out = 0x761cffa0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = LookupPrivilegeValueA, address_out = 0x761c8b30 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = OpenProcessToken, address_out = 0x761cefb0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CloseServiceHandle, address_out = 0x761cfc00 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = QueryServiceConfigW, address_out = 0x761cfbe0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetDIBits, address_out = 0x75b76680 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetObjectA, address_out = 0x75b739f0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = StretchBlt, address_out = 0x75b73810 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SelectObject, address_out = 0x75b76460 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = DeleteObject, address_out = 0x75b752b0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = DeleteDC, address_out = 0x75b75870 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateCompatibleBitmap, address_out = 0x75b76640 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetDeviceCaps, address_out = 0x75b75c60 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateCompatibleDC, address_out = 0x75b765a0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateDCA, address_out = 0x75b76a90 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll function = GdipLoadImageFromStreamICM, address_out = 0x739f51f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll function = GdipLoadImageFromStream, address_out = 0x739f6ac0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll function = GdipDisposeImage, address_out = 0x73a0a860 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll function = GdipCloneImage, address_out = 0x73a069c0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll function = GdipAlloc, address_out = 0x73a03c70 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll function = GdipSaveImageToStream, address_out = 0x73a08ec0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll function = GdipGetImageEncoders, address_out = 0x73a03cf0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll function = GdipGetImageEncodersSize, address_out = 0x73a03e90 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll function = GdipFree, address_out = 0x73a03f40 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\gdiplus.dll function = GdiplusStartup, address_out = 0x73a0f300 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ, address_out = 0x73ee9230 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z, address_out = 0x73efb3e0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z, address_out = 0x73eda480 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z, address_out = 0x73edd590 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z, address_out = 0x73eee3a0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z, address_out = 0x73eee380 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z, address_out = 0x73efb920 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ, address_out = 0x73ef0c80 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0Init@ios_base@std@@QAE@XZ, address_out = 0x73ef6fb0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??1Init@ios_base@std@@QAE@XZ, address_out = 0x73ef70f0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0_Winit@std@@QAE@XZ, address_out = 0x73ef8ad0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??1_Winit@std@@QAE@XZ, address_out = 0x73ef8c10 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z, address_out = 0x73ee8af0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z, address_out = 0x73edab70 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z, address_out = 0x73eedba0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ, address_out = 0x73ee8ed0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ, address_out = 0x73eed460 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z, address_out = 0x73edacb0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ, address_out = 0x73ee8f00 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ, address_out = 0x73eed4a0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ, address_out = 0x73ee8eb0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z, address_out = 0x73eeda60 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z, address_out = 0x73ef3db0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ, address_out = 0x73eed3f0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z, address_out = 0x73edad40 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ, address_out = 0x73ee0f70 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z, address_out = 0x73efcd60 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z, address_out = 0x73ee0da0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z, address_out = 0x73ee0de0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z, address_out = 0x73edac90 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ, address_out = 0x73eed480 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z, address_out = 0x73eedb70 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z, address_out = 0x73edac30 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ, address_out = 0x73ef0cf0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z, address_out = 0x73ef5020 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z, address_out = 0x73eedae0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z, address_out = 0x73ef3d80 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z, address_out = 0x73efcbe0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z, address_out = 0x73ee0dc0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB, address_out = 0x73ed5df8 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z, address_out = 0x73ef3f70 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z, address_out = 0x73efcca0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z, address_out = 0x73ef3de0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z, address_out = 0x73efcc40 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z, address_out = 0x73edd550 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z, address_out = 0x73efcb70 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z, address_out = 0x73efca50 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z, address_out = 0x73ee86e0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z, address_out = 0x73efc410 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z, address_out = 0x73efc9f0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z, address_out = 0x73efc0b0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z, address_out = 0x73edd540 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z, address_out = 0x73ee0d90 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z, address_out = 0x73edab20 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z, address_out = 0x73edc230 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??1out_of_range@std@@UAE@XZ, address_out = 0x73edcf20 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0out_of_range@std@@QAE@ABV01@@Z, address_out = 0x73edc200 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0logic_error@std@@QAE@ABV01@@Z, address_out = 0x73edc110 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ, address_out = 0x73ee8ee0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ, address_out = 0x73ee8f30 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ, address_out = 0x73edc8b0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z, address_out = 0x73edad10 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z, address_out = 0x73edabd0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z, address_out = 0x73efcab0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z, address_out = 0x73ee0b30 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ, address_out = 0x73eed3e0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z, address_out = 0x73efc3b0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ, address_out = 0x73ef4c40 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ, address_out = 0x73ee98e0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ, address_out = 0x73ee8f10 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ, address_out = 0x73ef0ce0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB, address_out = 0x73ed5df0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z, address_out = 0x73ef4fe0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z, address_out = 0x73edac00 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, address_out = 0x73edd500 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ, address_out = 0x73edc8a0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z, address_out = 0x73edab50 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z, address_out = 0x73edaaf0 True 1
Fn
Get Address c:\windows\syswow64\msvcp60.dll function = ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, address_out = 0x73ee0d50 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _controlfp, address_out = 0x77ac8ac0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _except_handler3, address_out = 0x77a87d94 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = __set_app_type, address_out = 0x77a871c0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = __p__fmode, address_out = 0x77a65870 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = __p__commode, address_out = 0x77a65840 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _adjust_fdiv, address_out = 0x77ae4bd4 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = __setusermatherr, address_out = 0x77ac7030 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _initterm, address_out = 0x77a95ea0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = __getmainargs, address_out = 0x77a65730 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _acmdln, address_out = 0x77ae3b94 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _XcptFilter, address_out = 0x77a84820 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _exit, address_out = 0x77a95ad0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = ??1type_info@@UAE@XZ, address_out = 0x77a70b70 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _onexit, address_out = 0x77a86aa0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = __dllonexit, address_out = 0x77a869c0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = freopen, address_out = 0x77aa8860 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcscat, address_out = 0x77ab8fb0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _itow, address_out = 0x77a60ab0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _wsystem, address_out = 0x77a739e0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = sprintf, address_out = 0x77aa4670 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcscpy, address_out = 0x77ab8ff0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcslen, address_out = 0x77ab9200 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _wgetenv, address_out = 0x77a89fc0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = exit, address_out = 0x77a96100 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _EH_prolog, address_out = 0x77a6a210 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = __CxxFrameHandler, address_out = 0x77a6aaa0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = tolower, address_out = 0x77a62520 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcscmp, address_out = 0x77ab90e0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = atoi, address_out = 0x77a5fed0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _wrename, address_out = 0x77a67920 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = ??2@YAPAXI@Z, address_out = 0x77a74980 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = getenv, address_out = 0x77a8b6a0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = ??3@YAXPAX@Z, address_out = 0x77a749b0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _CxxThrowException, address_out = 0x77a6a1b0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = ??0exception@@QAE@ABV0@@Z, address_out = 0x77a68be0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = printf, address_out = 0x77aa4140 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = strncmp, address_out = 0x77ab8950 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = malloc, address_out = 0x77a77230 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = free, address_out = 0x77a77070 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _iob, address_out = 0x77ae2608 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _itoa, address_out = 0x77a605c0 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = ExtractIconA, address_out = 0x7665f160 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = Shell_NotifyIconA, address_out = 0x766dcdd0 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = ShellExecuteExA, address_out = 0x76683f70 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = ShellExecuteW, address_out = 0x765e42e0 True 1
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = StrToIntA, address_out = 0x75f7ccb0 True 1
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = PathFileExistsW, address_out = 0x75f74660 True 1
Fn
Get Address c:\windows\syswow64\urlmon.dll function = URLDownloadToFileW, address_out = 0x73db2f60 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = CreatePopupMenu, address_out = 0x74b935d0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = AppendMenuA, address_out = 0x74bef1a0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = RegisterClassExA, address_out = 0x74b88260 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = CreateWindowExA, address_out = 0x74b91470 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SystemParametersInfoW, address_out = 0x74b9f210 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetForegroundWindow, address_out = 0x74ba3420 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SendInput, address_out = 0x74ba3bd0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetCursorInfo, address_out = 0x74ba33b0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetLastInputInfo, address_out = 0x74b8bd10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetConsoleWindow, address_out = 0x75ee9b20 True 1
Fn
Get Address c:\windows\syswow64\psapi.dll function = GetModuleFileNameExA, address_out = 0x76181660 True 1
Fn
Get Address c:\windows\syswow64\psapi.dll function = GetModuleFileNameExW, address_out = 0x761813f0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalMemoryStatusEx, address_out = 0x75ea5770 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsWow64Process, address_out = 0x75ea5a20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetComputerNameExW, address_out = 0x75ea4cf0 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = IsUserAnAdmin, address_out = 0x766f38b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetProcessDEPPolicy, address_out = 0x75ea3cd0 True 1
Fn
User (1)
»
Operation Additional Information Success Count Logfile
Get Username user_name_out = FD1HVy True 1
Fn
System (125)
»
Operation Additional Information Success Count Logfile
Get foreground window - True 5
Fn
Get window text window_text = 18870484 True 1
Fn
Get window text window_text = 51574624 True 1
Fn
Get window text window_text = 51574676 True 1
Fn
Get window text window_text = 59964016 True 1
Fn
Get window text window_text = 59962568 True 1
Fn
Get Computer Name result_out = NQdPdE, type = ComputerNameDnsHostname True 1
Fn
Sleep duration = 3000 milliseconds (3.000 seconds) True 27
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 77
Fn
Get Time type = Ticks, time = 292859 True 2
Fn
Get Time type = Ticks, time = 293515 True 2
Fn
Get Time type = Ticks, time = 313390 True 2
Fn
Get Time type = Ticks, time = 333390 True 2
Fn
Get Time type = Ticks, time = 353515 True 2
Fn
Mutex (1)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Net123432asdds-QHTWEM True 1
Fn
Network Behavior
DNS (1)
»
Operation Additional Information Success Count Logfile
Resolve Name host = micxrus.ru, address_out = 194.5.98.89 True 1
Fn
TCP Sessions (1)
»
Information Value
Total Data Sent 778 bytes
Total Data Received 108 bytes
Contacted Host Count 1
Contacted Hosts 194.5.98.89
TCP Session #1
»
Information Value
Remote Address 194.5.98.89
Remote Port 1530
Local Address 192.168.0.141
Local Port 49704
Data Sent 778 bytes
Data Received 108 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_UNSPEC, type = SOCK_STREAM True 1
Fn
Connect remote_address = 194.5.98.89, remote_port = 1530 True 1
Fn
Send flags = NO_FLAG_SET, size = 398, size_out = 398 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1000, size_out = 27 True 2
Fn
Data
Send flags = NO_FLAG_SET, size = 95, size_out = 95 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1000, size_out = 27 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 95, size_out = 95 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1000, size_out = 27 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 95, size_out = 95 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1000 False 1
Fn
Send flags = NO_FLAG_SET, size = 95, size_out = 95 True 1
Fn
Data
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image