Try VMRay Platform
Malicious
Classifications

Downloader Spyware

Threat Names

Emotet Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2023-03-16T01:24:01+00:00

2f39c2879989ddd7f9ecf52b6232598e5595f8bf367846ff188c9dfbf1251253.exe.ocx

Windows ActiveX Control (x86-64)
...

Remarks (2/2)

(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "3 hours" to "30 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDHJ0C~1\Desktop\2f39c2879989ddd7f9ecf52b6232598e5595f8bf367846ff188c9dfbf1251253.exe.ocx Sample File Binary
Malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\Desktop\2f39c2879989ddd7f9ecf52b6232598e5595f8bf367846ff188c9dfbf1251253.exe.ocx (VM File, Sample File)
C:\Windows\system32\VmbeuPWHC\meBYZGVWiDfurydh.dll (Accessed File, Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 309.50 KB
MD5 bfc060937dc90b273eccb6825145f298 Copy to Clipboard
SHA1 c156c00c7e918f0cb7363614fb1f177c90d8108a Copy to Clipboard
SHA256 2f39c2879989ddd7f9ecf52b6232598e5595f8bf367846ff188c9dfbf1251253 Copy to Clipboard
SSDeep 6144:cwNQMQTlfdUPABVy559hhR3iP7TfPYbrF1EFVw0todxKROsCt:rNbadDBkZ6rPeEFizdxxsCt Copy to Clipboard
ImpHash abb9300283e542fb453de5c4c87cd55d Copy to Clipboard
PE Information
»
Image Base 0x180000000
Entry Point 0x18000179C
Size Of Code 0x00014600
Size Of Initialized Data 0x0003A000
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2023-03-10 14:52 (UTC+1)
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x00014415 0x00014600 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.39
.rdata 0x180016000 0x0000A4B4 0x0000A600 0x00014A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.75
.data 0x180021000 0x00001EA4 0x00000C00 0x0001F000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.1
.pdata 0x180023000 0x000011A0 0x00001200 0x0001FC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.89
_RDATA 0x180025000 0x0000015C 0x00000200 0x00020E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.8
.rsrc 0x180026000 0x0002BD28 0x0002BE00 0x00021000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x180052000 0x00000684 0x00000800 0x0004CE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.92
Imports (4)
»
KERNEL32.dll (69)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetFilePointerEx - 0x180016038 0x0001FA00 0x0001E400 0x00000555
GetConsoleMode - 0x180016040 0x0001FA08 0x0001E408 0x00000216
GetConsoleOutputCP - 0x180016048 0x0001FA10 0x0001E410 0x0000021A
WriteFile - 0x180016050 0x0001FA18 0x0001E418 0x0000064B
FlushFileBuffers - 0x180016058 0x0001FA20 0x0001E420 0x000001B9
SetStdHandle - 0x180016060 0x0001FA28 0x0001E428 0x0000057F
HeapSize - 0x180016068 0x0001FA30 0x0001E430 0x00000375
GetStringTypeW - 0x180016070 0x0001FA38 0x0001E438 0x000002F8
GetFileType - 0x180016078 0x0001FA40 0x0001E440 0x0000026A
GetStdHandle - 0x180016080 0x0001FA48 0x0001E448 0x000002F3
GetProcessHeap - 0x180016088 0x0001FA50 0x0001E450 0x000002D4
CreateFileW - 0x180016090 0x0001FA58 0x0001E458 0x000000DA
CloseHandle - 0x180016098 0x0001FA60 0x0001E460 0x00000094
WriteConsoleW - 0x1800160A0 0x0001FA68 0x0001E468 0x0000064A
ExitProcess - 0x1800160A8 0x0001FA70 0x0001E470 0x00000178
HeapReAlloc - 0x1800160B0 0x0001FA78 0x0001E478 0x00000373
GetLastError - 0x1800160B8 0x0001FA80 0x0001E480 0x0000027D
LCMapStringW - 0x1800160C0 0x0001FA88 0x0001E488 0x000003D4
FlsFree - 0x1800160C8 0x0001FA90 0x0001E490 0x000001B5
FlsSetValue - 0x1800160D0 0x0001FA98 0x0001E498 0x000001B7
FlsGetValue - 0x1800160D8 0x0001FAA0 0x0001E4A0 0x000001B6
FlsAlloc - 0x1800160E0 0x0001FAA8 0x0001E4A8 0x000001B4
UnhandledExceptionFilter - 0x1800160E8 0x0001FAB0 0x0001E4B0 0x000005E6
SetUnhandledExceptionFilter - 0x1800160F0 0x0001FAB8 0x0001E4B8 0x000005A4
GetCurrentProcess - 0x1800160F8 0x0001FAC0 0x0001E4C0 0x00000232
TerminateProcess - 0x180016100 0x0001FAC8 0x0001E4C8 0x000005C4
IsProcessorFeaturePresent - 0x180016108 0x0001FAD0 0x0001E4D0 0x000003A8
IsDebuggerPresent - 0x180016110 0x0001FAD8 0x0001E4D8 0x000003A0
GetStartupInfoW - 0x180016118 0x0001FAE0 0x0001E4E0 0x000002F1
GetModuleHandleW - 0x180016120 0x0001FAE8 0x0001E4E8 0x00000295
QueryPerformanceCounter - 0x180016128 0x0001FAF0 0x0001E4F0 0x00000470
GetCurrentProcessId - 0x180016130 0x0001FAF8 0x0001E4F8 0x00000233
GetCurrentThreadId - 0x180016138 0x0001FB00 0x0001E500 0x00000237
GetSystemTimeAsFileTime - 0x180016140 0x0001FB08 0x0001E508 0x0000030A
InitializeSListHead - 0x180016148 0x0001FB10 0x0001E510 0x0000038A
RtlUnwindEx - 0x180016150 0x0001FB18 0x0001E518 0x00000503
InterlockedFlushSList - 0x180016158 0x0001FB20 0x0001E520 0x0000038E
SetLastError - 0x180016160 0x0001FB28 0x0001E528 0x00000564
EncodePointer - 0x180016168 0x0001FB30 0x0001E530 0x00000145
RaiseException - 0x180016170 0x0001FB38 0x0001E538 0x00000487
EnterCriticalSection - 0x180016178 0x0001FB40 0x0001E540 0x00000149
LeaveCriticalSection - 0x180016180 0x0001FB48 0x0001E548 0x000003E0
DeleteCriticalSection - 0x180016188 0x0001FB50 0x0001E550 0x00000123
InitializeCriticalSectionAndSpinCount - 0x180016190 0x0001FB58 0x0001E558 0x00000386
TlsAlloc - 0x180016198 0x0001FB60 0x0001E560 0x000005D6
TlsGetValue - 0x1800161A0 0x0001FB68 0x0001E568 0x000005D8
TlsSetValue - 0x1800161A8 0x0001FB70 0x0001E570 0x000005D9
TlsFree - 0x1800161B0 0x0001FB78 0x0001E578 0x000005D7
FreeLibrary - 0x1800161B8 0x0001FB80 0x0001E580 0x000001C5
GetProcAddress - 0x1800161C0 0x0001FB88 0x0001E588 0x000002CD
LoadLibraryExW - 0x1800161C8 0x0001FB90 0x0001E590 0x000003E6
RtlPcToFileHeader - 0x1800161D0 0x0001FB98 0x0001E598 0x000004FF
GetModuleHandleExW - 0x1800161D8 0x0001FBA0 0x0001E5A0 0x00000294
GetModuleFileNameW - 0x1800161E0 0x0001FBA8 0x0001E5A8 0x00000291
HeapAlloc - 0x1800161E8 0x0001FBB0 0x0001E5B0 0x0000036C
HeapFree - 0x1800161F0 0x0001FBB8 0x0001E5B8 0x00000370
FindClose - 0x1800161F8 0x0001FBC0 0x0001E5C0 0x0000018F
FindFirstFileExW - 0x180016200 0x0001FBC8 0x0001E5C8 0x00000195
FindNextFileW - 0x180016208 0x0001FBD0 0x0001E5D0 0x000001A6
IsValidCodePage - 0x180016210 0x0001FBD8 0x0001E5D8 0x000003AE
GetACP - 0x180016218 0x0001FBE0 0x0001E5E0 0x000001CC
GetOEMCP - 0x180016220 0x0001FBE8 0x0001E5E8 0x000002B6
GetCPInfo - 0x180016228 0x0001FBF0 0x0001E5F0 0x000001DB
GetCommandLineA - 0x180016230 0x0001FBF8 0x0001E5F8 0x000001F0
GetCommandLineW - 0x180016238 0x0001FC00 0x0001E600 0x000001F1
MultiByteToWideChar - 0x180016240 0x0001FC08 0x0001E608 0x00000412
WideCharToMultiByte - 0x180016248 0x0001FC10 0x0001E610 0x00000637
GetEnvironmentStringsW - 0x180016250 0x0001FC18 0x0001E618 0x00000253
FreeEnvironmentStringsW - 0x180016258 0x0001FC20 0x0001E620 0x000001C4
USER32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetGestureInfo - 0x180016268 0x0001FC30 0x0001E630 0x0000015E
InvalidateRect - 0x180016270 0x0001FC38 0x0001E638 0x00000224
ScreenToClient - 0x180016278 0x0001FC40 0x0001E640 0x0000030C
CloseGestureInfoHandle - 0x180016280 0x0001FC48 0x0001E648 0x00000051
EndPaint - 0x180016288 0x0001FC50 0x0001E650 0x000000F4
BeginPaint - 0x180016290 0x0001FC58 0x0001E658 0x00000011
UpdateWindow - 0x180016298 0x0001FC60 0x0001E660 0x000003D0
PostQuitMessage - 0x1800162A0 0x0001FC68 0x0001E668 0x000002AF
LoadCursorW - 0x1800162A8 0x0001FC70 0x0001E670 0x00000259
GetMessageW - 0x1800162B0 0x0001FC78 0x0001E678 0x0000018B
DefWindowProcW - 0x1800162B8 0x0001FC80 0x0001E680 0x000000A7
DestroyWindow - 0x1800162C0 0x0001FC88 0x0001E688 0x000000B5
CreateWindowExW - 0x1800162C8 0x0001FC90 0x0001E690 0x00000076
RegisterClassExW - 0x1800162D0 0x0001FC98 0x0001E698 0x000002DF
LoadStringW - 0x1800162D8 0x0001FCA0 0x0001E6A0 0x00000268
ShowWindow - 0x1800162E0 0x0001FCA8 0x0001E6A8 0x00000396
DispatchMessageW - 0x1800162E8 0x0001FCB0 0x0001E6B0 0x000000BD
SetGestureConfig - 0x1800162F0 0x0001FCB8 0x0001E6B8 0x0000033F
TranslateAcceleratorW - 0x1800162F8 0x0001FCC0 0x0001E6C0 0x000003B4
TranslateMessage - 0x180016300 0x0001FCC8 0x0001E6C8 0x000003B6
GDI32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Polyline - 0x180016000 0x0001F9C8 0x0001E3C8 0x0000032A
LineTo - 0x180016008 0x0001F9D0 0x0001E3D0 0x000002F9
CreatePen - 0x180016010 0x0001F9D8 0x0001E3D8 0x0000004F
MoveToEx - 0x180016018 0x0001F9E0 0x0001E3E0 0x0000030D
DeleteObject - 0x180016020 0x0001F9E8 0x0001E3E8 0x0000018F
SelectObject - 0x180016028 0x0001F9F0 0x0001E3F0 0x00000374
ntdll.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NtQueueApcThread - 0x180016310 0x0001FCD8 0x0001E6D8 0x0000020F
ZwOpenSymbolicLinkObject - 0x180016318 0x0001FCE0 0x0001E6E0 0x00000812
LdrFindResource_U - 0x180016320 0x0001FCE8 0x0001E6E8 0x00000074
NtAllocateVirtualMemory - 0x180016328 0x0001FCF0 0x0001E6F0 0x000000D9
NtTestAlert - 0x180016330 0x0001FCF8 0x0001E6F8 0x00000286
LdrAccessResource - 0x180016338 0x0001FD00 0x0001E700 0x00000064
RtlCaptureContext - 0x180016340 0x0001FD08 0x0001E708 0x00000305
RtlLookupFunctionEntry - 0x180016348 0x0001FD10 0x0001E710 0x00000509
RtlVirtualUnwind - 0x180016350 0x0001FD18 0x0001E718 0x0000064E
Exports (1)
»
API Name EAT Address Ordinal
DllRegisterServer 0x00010A70 0x00000001
C:\Users\RDHJ0C~1\AppData\Local\Temp\\bngjde.exe Dropped File Binary
Suspicious
Known to be clean.
...
»
Also Known As C:\Users\RDHJ0C~1\AppData\Local\Temp\\pnrr.exe (Accessed File, Dropped File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\bngjde.exe (Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\pnrr.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 1.35 MB
MD5 b80a34df495dd6d9ddeee698fb189658 Copy to Clipboard
SHA1 2853c01eeda196793d6056365bd15bc5ae298b5a Copy to Clipboard
SHA256 87c9242c02eddaa28f761b7d82a5a642745599139b1c642cff52ed11198269c6 Copy to Clipboard
SSDeep 24576:3HF/5jXosp3sy7DC+XZchzqbeNzd02YgBgIjcCA4jqmZ:3HF/5jXospc+C+pcRhmgBgz6qq Copy to Clipboard
ImpHash 88756362a16041d45555c4875ed5fc84 Copy to Clipboard
File Reputation Information
»
Verdict
Clean
Known to be clean.
PE Information
»
Image Base 0x140000000
Entry Point 0x1400EB5D0
Size Of Code 0x000F3200
Size Of Initialized Data 0x00069E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2015-10-30 03:28 (UTC+1)
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription CertUtil.exe
FileVersion 10.0.10586.0 (th2_release.151029-1700)
InternalName CertUtil.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename CertUtil.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.10586.0
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x000F313A 0x000F3200 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.5
.rdata 0x1400F5000 0x0004E496 0x0004E600 0x000F3600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.56
.data 0x140144000 0x00011278 0x0000E200 0x00141C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.38
.pdata 0x140156000 0x00006CCC 0x00006E00 0x0014FE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.07
.didat 0x14015D000 0x00000248 0x00000400 0x00156C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.07
.rsrc 0x14015E000 0x00000F40 0x00001000 0x00157000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.56
.reloc 0x14015F000 0x0000201C 0x00002200 0x00158000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.37
Imports (23)
»
ADVAPI32.dll (92)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsValidSecurityDescriptor - 0x1400F5000 0x0013EBE8 0x0013D1E8 0x0000019C
GetSecurityDescriptorLength - 0x1400F5008 0x0013EBF0 0x0013D1F0 0x0000015E
CryptReleaseContext - 0x1400F5010 0x0013EBF8 0x0013D1F8 0x000000DB
CryptAcquireContextW - 0x1400F5018 0x0013EC00 0x0013D200 0x000000C1
LookupAccountNameW - 0x1400F5020 0x0013EC08 0x0013D208 0x000001A6
IsValidSid - 0x1400F5028 0x0013EC10 0x0013D210 0x0000019D
ConvertSidToStringSidW - 0x1400F5030 0x0013EC18 0x0013D218 0x0000007B
ImpersonateSelf - 0x1400F5038 0x0013EC20 0x0013D220 0x0000018C
RevertToSelf - 0x1400F5040 0x0013EC28 0x0013D228 0x000002BC
LookupAccountSidW - 0x1400F5048 0x0013EC30 0x0013D230 0x000001A8
CryptGetProvParam - 0x1400F5050 0x0013EC38 0x0013D238 0x000000D6
CryptGetUserKey - 0x1400F5058 0x0013EC40 0x0013D240 0x000000D7
CryptGetKeyParam - 0x1400F5060 0x0013EC48 0x0013D248 0x000000D5
CryptDestroyKey - 0x1400F5068 0x0013EC50 0x0013D250 0x000000C7
RegCreateKeyExW - 0x1400F5070 0x0013EC58 0x0013D258 0x00000261
RegSetValueExW - 0x1400F5078 0x0013EC60 0x0013D260 0x000002A6
RegSetValueExA - 0x1400F5080 0x0013EC68 0x0013D268 0x000002A5
RegDeleteKeyExW - 0x1400F5088 0x0013EC70 0x0013D270 0x00000267
RegCloseKey - 0x1400F5090 0x0013EC78 0x0013D278 0x00000258
GetTokenInformation - 0x1400F5098 0x0013EC80 0x0013D280 0x0000016F
GetLengthSid - 0x1400F50A0 0x0013EC88 0x0013D288 0x0000014A
CopySid - 0x1400F50A8 0x0013EC90 0x0013D290 0x00000085
OpenProcessToken - 0x1400F50B0 0x0013EC98 0x0013D298 0x00000214
RegQueryValueExW - 0x1400F50B8 0x0013ECA0 0x0013D2A0 0x00000296
RegOpenKeyExW - 0x1400F50C0 0x0013ECA8 0x0013D2A8 0x00000289
RegEnumKeyExW - 0x1400F50C8 0x0013ECB0 0x0013D2B0 0x00000277
RegCreateKeyW - 0x1400F50D0 0x0013ECB8 0x0013D2B8 0x00000264
RegEnumValueW - 0x1400F50D8 0x0013ECC0 0x0013D2C0 0x0000027A
RegEnumKeyW - 0x1400F50E0 0x0013ECC8 0x0013D2C8 0x00000278
RegDeleteKeyW - 0x1400F50E8 0x0013ECD0 0x0013D2D0 0x0000026C
RegDeleteValueW - 0x1400F50F0 0x0013ECD8 0x0013D2D8 0x00000270
CryptSetProvParam - 0x1400F50F8 0x0013ECE0 0x0013D2E0 0x000000DE
CryptGenRandom - 0x1400F5100 0x0013ECE8 0x0013D2E8 0x000000D1
CryptCreateHash - 0x1400F5108 0x0013ECF0 0x0013D2F0 0x000000C3
CryptVerifySignatureW - 0x1400F5110 0x0013ECF8 0x0013D2F8 0x000000E6
CryptHashData - 0x1400F5118 0x0013ED00 0x0013D300 0x000000D8
CryptDestroyHash - 0x1400F5120 0x0013ED08 0x0013D308 0x000000C6
CryptSetKeyParam - 0x1400F5128 0x0013ED10 0x0013D310 0x000000DD
CryptDecrypt - 0x1400F5130 0x0013ED18 0x0013D318 0x000000C4
CryptImportKey - 0x1400F5138 0x0013ED20 0x0013D320 0x000000DA
RegOpenKeyW - 0x1400F5140 0x0013ED28 0x0013D328 0x0000028C
CryptGetHashParam - 0x1400F5148 0x0013ED30 0x0013D330 0x000000D4
CryptDuplicateKey - 0x1400F5150 0x0013ED38 0x0013D338 0x000000C9
CryptEncrypt - 0x1400F5158 0x0013ED40 0x0013D340 0x000000CA
CryptGenKey - 0x1400F5160 0x0013ED48 0x0013D348 0x000000D0
GetSidSubAuthorityCount - 0x1400F5168 0x0013ED50 0x0013D350 0x0000016C
GetSidSubAuthority - 0x1400F5170 0x0013ED58 0x0013D358 0x0000016B
GetSidIdentifierAuthority - 0x1400F5178 0x0013ED60 0x0013D360 0x00000169
SetNamedSecurityInfoW - 0x1400F5180 0x0013ED68 0x0013D368 0x000002DE
AddAccessDeniedAce - 0x1400F5188 0x0013ED70 0x0013D370 0x00000013
AddAccessAllowedAce - 0x1400F5190 0x0013ED78 0x0013D378 0x00000010
AddAccessDeniedObjectAce - 0x1400F5198 0x0013ED80 0x0013D380 0x00000015
AddAccessAllowedObjectAce - 0x1400F51A0 0x0013ED88 0x0013D388 0x00000012
AddAce - 0x1400F51A8 0x0013ED90 0x0013D390 0x00000016
InitializeAcl - 0x1400F51B0 0x0013ED98 0x0013D398 0x0000018D
LsaStorePrivateData - 0x1400F51B8 0x0013EDA0 0x0013D3A0 0x000001F2
LsaRetrievePrivateData - 0x1400F51C0 0x0013EDA8 0x0013D3A8 0x000001E6
RegConnectRegistryW - 0x1400F51C8 0x0013EDB0 0x0013D3B0 0x0000025C
AdjustTokenPrivileges - 0x1400F51D0 0x0013EDB8 0x0013D3B8 0x0000001F
ConvertStringSecurityDescriptorToSecurityDescriptorW - 0x1400F51D8 0x0013EDC0 0x0013D3C0 0x00000081
ConvertSecurityDescriptorToStringSecurityDescriptorW - 0x1400F51E0 0x0013EDC8 0x0013D3C8 0x00000079
CryptEnumProvidersA - 0x1400F51E8 0x0013EDD0 0x0013D3D0 0x000000CD
CryptGetDefaultProviderW - 0x1400F51F0 0x0013EDD8 0x0013D3D8 0x000000D3
LogonUserExW - 0x1400F51F8 0x0013EDE0 0x0013D3E0 0x000001A3
ImpersonateLoggedOnUser - 0x1400F5200 0x0013EDE8 0x0013D3E8 0x0000018A
CreateWellKnownSid - 0x1400F5208 0x0013EDF0 0x0013D3F0 0x00000092
MakeAbsoluteSD - 0x1400F5210 0x0013EDF8 0x0013D3F8 0x000001FC
MakeSelfRelativeSD - 0x1400F5218 0x0013EE00 0x0013D400 0x000001FE
LsaClose - 0x1400F5220 0x0013EE08 0x0013D408 0x000001B4
LsaFreeMemory - 0x1400F5228 0x0013EE10 0x0013D410 0x000001C2
LsaOpenPolicy - 0x1400F5230 0x0013EE18 0x0013D418 0x000001D6
FreeSid - 0x1400F5238 0x0013EE20 0x0013D420 0x00000133
CheckTokenMembership - 0x1400F5240 0x0013EE28 0x0013D428 0x0000005F
DuplicateToken - 0x1400F5248 0x0013EE30 0x0013D430 0x000000EE
OpenThreadToken - 0x1400F5250 0x0013EE38 0x0013D438 0x00000219
ConvertStringSidToSidW - 0x1400F5258 0x0013EE40 0x0013D440 0x00000083
AllocateAndInitializeSid - 0x1400F5260 0x0013EE48 0x0013D448 0x00000020
SetSecurityDescriptorDacl - 0x1400F5268 0x0013EE50 0x0013D450 0x000002E3
SetEntriesInAclW - 0x1400F5270 0x0013EE58 0x0013D458 0x000002D3
GetSecurityDescriptorDacl - 0x1400F5278 0x0013EE60 0x0013D460 0x0000015C
DeleteAce - 0x1400F5280 0x0013EE68 0x0013D468 0x000000E9
EqualSid - 0x1400F5288 0x0013EE70 0x0013D470 0x00000118
GetAce - 0x1400F5290 0x0013EE78 0x0013D478 0x00000136
GetAclInformation - 0x1400F5298 0x0013EE80 0x0013D480 0x00000137
SetSecurityDescriptorOwner - 0x1400F52A0 0x0013EE88 0x0013D488 0x000002E5
InitializeSecurityDescriptor - 0x1400F52A8 0x0013EE90 0x0013D490 0x0000018E
GetSecurityDescriptorControl - 0x1400F52B0 0x0013EE98 0x0013D498 0x0000015B
CryptSignHashW - 0x1400F52B8 0x0013EEA0 0x0013D4A0 0x000000E4
CryptSetHashParam - 0x1400F52C0 0x0013EEA8 0x0013D4A8 0x000000DC
CryptExportKey - 0x1400F52C8 0x0013EEB0 0x0013D4B0 0x000000CF
CryptDuplicateHash - 0x1400F52D0 0x0013EEB8 0x0013D4B8 0x000000C8
CryptContextAddRef - 0x1400F52D8 0x0013EEC0 0x0013D4C0 0x000000C2
KERNEL32.dll (126)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetEvent - 0x1400F5708 0x0013F2F0 0x0013D8F0 0x0000050B
CreateThreadpoolWait - 0x1400F5710 0x0013F2F8 0x0013D8F8 0x000000EB
FindFirstChangeNotificationW - 0x1400F5718 0x0013F300 0x0013D900 0x00000171
CreateThreadpoolTimer - 0x1400F5720 0x0013F308 0x0013D908 0x000000EA
GetFullPathNameW - 0x1400F5728 0x0013F310 0x0013D910 0x00000251
CloseThreadpoolTimer - 0x1400F5730 0x0013F318 0x0013D918 0x00000085
CloseThreadpoolWait - 0x1400F5738 0x0013F320 0x0013D920 0x00000086
FindCloseChangeNotification - 0x1400F5740 0x0013F328 0x0013D928 0x0000016F
FindNextChangeNotification - 0x1400F5748 0x0013F330 0x0013D930 0x00000182
SetThreadpoolWait - 0x1400F5750 0x0013F338 0x0013D938 0x0000055C
SetThreadpoolTimer - 0x1400F5758 0x0013F340 0x0013D940 0x0000055A
MultiByteToWideChar - 0x1400F5760 0x0013F348 0x0013D948 0x000003DB
VerifyVersionInfoW - 0x1400F5768 0x0013F350 0x0013D950 0x000005B9
VerSetConditionMask - 0x1400F5770 0x0013F358 0x0013D958 0x000005B5
LeaveCriticalSection - 0x1400F5778 0x0013F360 0x0013D960 0x000003AB
SetConsoleCtrlHandler - 0x1400F5780 0x0013F368 0x0013D968 0x000004DE
EnterCriticalSection - 0x1400F5788 0x0013F370 0x0013D970 0x00000129
SetEndOfFile - 0x1400F5790 0x0013F378 0x0013D978 0x00000505
WriteFile - 0x1400F5798 0x0013F380 0x0013D980 0x00000603
LockResource - 0x1400F57A0 0x0013F388 0x0013D988 0x000003C7
SizeofResource - 0x1400F57A8 0x0013F390 0x0013D990 0x0000056F
LoadResource - 0x1400F57B0 0x0013F398 0x0013D998 0x000003B5
FindResourceW - 0x1400F57B8 0x0013F3A0 0x0013D9A0 0x0000018F
GetVersionExW - 0x1400F57C0 0x0013F3A8 0x0013D9A8 0x00000312
GetComputerNameExW - 0x1400F57C8 0x0013F3B0 0x0013D9B0 0x000001D7
GetComputerNameW - 0x1400F57D0 0x0013F3B8 0x0013D9B8 0x000001D8
SetFilePointer - 0x1400F57D8 0x0013F3C0 0x0013D9C0 0x00000517
GetFileSize - 0x1400F57E0 0x0013F3C8 0x0013D9C8 0x00000243
ReleaseSemaphore - 0x1400F57E8 0x0013F3D0 0x0013D9D0 0x000004A0
ReadFile - 0x1400F57F0 0x0013F3D8 0x0013D9D8 0x0000045F
FindClose - 0x1400F57F8 0x0013F3E0 0x0013D9E0 0x0000016E
FindNextFileW - 0x1400F5800 0x0013F3E8 0x0013D9E8 0x00000185
FindFirstFileW - 0x1400F5808 0x0013F3F0 0x0013D9F0 0x00000179
Sleep - 0x1400F5810 0x0013F3F8 0x0013D9F8 0x00000570
GetTickCount - 0x1400F5818 0x0013F400 0x0013DA00 0x000002FD
LoadLibraryW - 0x1400F5820 0x0013F408 0x0013DA08 0x000003B2
DecodePointer - 0x1400F5828 0x0013F410 0x0013DA10 0x000000FE
EncodePointer - 0x1400F5830 0x0013F418 0x0013DA18 0x00000125
GetFileAttributesExW - 0x1400F5838 0x0013F420 0x0013DA20 0x0000023A
GetLastError - 0x1400F5840 0x0013F428 0x0013DA28 0x00000257
GetTickCount64 - 0x1400F5848 0x0013F430 0x0013DA30 0x000002FE
PulseEvent - 0x1400F5850 0x0013F438 0x0013DA38 0x00000429
OpenEventW - 0x1400F5858 0x0013F440 0x0013DA40 0x000003ED
GetSystemDefaultUILanguage - 0x1400F5860 0x0013F448 0x0013DA48 0x000002D5
GetUserDefaultUILanguage - 0x1400F5868 0x0013F450 0x0013DA50 0x0000030C
LocalReAlloc - 0x1400F5870 0x0013F458 0x0013DA58 0x000003BF
GetModuleHandleW - 0x1400F5878 0x0013F460 0x0013DA60 0x0000026E
RaiseException - 0x1400F5880 0x0013F468 0x0013DA68 0x0000044F
DeleteCriticalSection - 0x1400F5888 0x0013F470 0x0013DA70 0x00000105
InitializeCriticalSection - 0x1400F5890 0x0013F478 0x0013DA78 0x00000354
GetSystemDefaultLangID - 0x1400F5898 0x0013F480 0x0013DA80 0x000002D3
FormatMessageW - 0x1400F58A0 0x0013F488 0x0013DA88 0x000001A0
HeapAlloc - 0x1400F58A8 0x0013F490 0x0013DA90 0x0000033C
HeapFree - 0x1400F58B0 0x0013F498 0x0013DA98 0x00000340
GetProcessHeap - 0x1400F58B8 0x0013F4A0 0x0013DAA0 0x000002AB
lstrcmpW - 0x1400F58C0 0x0013F4A8 0x0013DAA8 0x00000625
DeleteFileW - 0x1400F58C8 0x0013F4B0 0x0013DAB0 0x0000010A
GetProcAddress - 0x1400F58D0 0x0013F4B8 0x0013DAB8 0x000002A5
CreateFileW - 0x1400F58D8 0x0013F4C0 0x0013DAC0 0x000000C0
GetCurrentProcess - 0x1400F58E0 0x0013F4C8 0x0013DAC8 0x00000210
TrySubmitThreadpoolCallback - 0x1400F58E8 0x0013F4D0 0x0013DAD0 0x0000059B
CreateSemaphoreW - 0x1400F58F0 0x0013F4D8 0x0013DAD8 0x000000E0
CreateEventW - 0x1400F58F8 0x0013F4E0 0x0013DAE0 0x000000B4
GetEnvironmentVariableW - 0x1400F5900 0x0013F4E8 0x0013DAE8 0x00000231
GetTempFileNameW - 0x1400F5908 0x0013F4F0 0x0013DAF0 0x000002EB
SetLastError - 0x1400F5910 0x0013F4F8 0x0013DAF8 0x00000526
SetConsoleMode - 0x1400F5918 0x0013F500 0x0013DB00 0x000004EE
GetConsoleMode - 0x1400F5920 0x0013F508 0x0013DB08 0x000001F5
GetStartupInfoW - 0x1400F5928 0x0013F510 0x0013DB10 0x000002C7
UnhandledExceptionFilter - 0x1400F5930 0x0013F518 0x0013DB18 0x000005A1
SetUnhandledExceptionFilter - 0x1400F5938 0x0013F520 0x0013DB20 0x00000561
TerminateProcess - 0x1400F5940 0x0013F528 0x0013DB28 0x0000057F
LocalFree - 0x1400F5948 0x0013F530 0x0013DB30 0x000003BC
GetSystemTime - 0x1400F5950 0x0013F538 0x0013DB38 0x000002DE
SystemTimeToFileTime - 0x1400F5958 0x0013F540 0x0013DB40 0x0000057B
GetSystemTimeAsFileTime - 0x1400F5960 0x0013F548 0x0013DB48 0x000002E0
LocalAlloc - 0x1400F5968 0x0013F550 0x0013DB50 0x000003B8
GetFileAttributesW - 0x1400F5970 0x0013F558 0x0013DB58 0x0000023D
FreeLibrary - 0x1400F5978 0x0013F560 0x0013DB60 0x000001A4
CompareFileTime - 0x1400F5980 0x0013F568 0x0013DB68 0x0000008C
CreateThread - 0x1400F5988 0x0013F570 0x0013DB70 0x000000E6
WaitForSingleObject - 0x1400F5990 0x0013F578 0x0013DB78 0x000005CB
GetExitCodeThread - 0x1400F5998 0x0013F580 0x0013DB80 0x00000235
CloseHandle - 0x1400F59A0 0x0013F588 0x0013DB88 0x0000007C
GetStdHandle - 0x1400F59A8 0x0013F590 0x0013DB90 0x000002C9
GetFileType - 0x1400F59B0 0x0013F598 0x0013DB98 0x00000246
QueryPerformanceCounter - 0x1400F59B8 0x0013F5A0 0x0013DBA0 0x00000439
GetCurrentProcessId - 0x1400F59C0 0x0013F5A8 0x0013DBA8 0x00000211
GetCurrentThreadId - 0x1400F59C8 0x0013F5B0 0x0013DBB0 0x00000215
OutputDebugStringA - 0x1400F59D0 0x0013F5B8 0x0013DBB8 0x00000404
WideCharToMultiByte - 0x1400F59D8 0x0013F5C0 0x0013DBC0 0x000005EF
GetACP - 0x1400F59E0 0x0013F5C8 0x0013DBC8 0x000001AB
WriteConsoleW - 0x1400F59E8 0x0013F5D0 0x0013DBD0 0x00000602
DelayLoadFailureHook - 0x1400F59F0 0x0013F5D8 0x0013DBD8 0x00000102
GetLocaleInfoW - 0x1400F59F8 0x0013F5E0 0x0013DBE0 0x0000025B
FindResourceExW - 0x1400F5A00 0x0013F5E8 0x0013DBE8 0x0000018E
SearchPathW - 0x1400F5A08 0x0013F5F0 0x0013DBF0 0x000004CD
LoadLibraryExA - 0x1400F5A10 0x0013F5F8 0x0013DBF8 0x000003B0
GetProfileStringA - 0x1400F5A18 0x0013F600 0x0013DC00 0x000002BF
ResetEvent - 0x1400F5A20 0x0013F608 0x0013DC08 0x000004B2
GetFileTime - 0x1400F5A28 0x0013F610 0x0013DC10 0x00000245
lstrlenW - 0x1400F5A30 0x0013F618 0x0013DC18 0x00000631
GetCommandLineW - 0x1400F5A38 0x0013F620 0x0013DC20 0x000001D0
VirtualFree - 0x1400F5A40 0x0013F628 0x0013DC28 0x000005BD
VirtualAlloc - 0x1400F5A48 0x0013F630 0x0013DC30 0x000005BA
GetTempPathW - 0x1400F5A50 0x0013F638 0x0013DC38 0x000002ED
GetLocalTime - 0x1400F5A58 0x0013F640 0x0013DC40 0x00000258
OpenProcess - 0x1400F5A60 0x0013F648 0x0013DC48 0x000003F9
HeapSetInformation - 0x1400F5A68 0x0013F650 0x0013DC50 0x00000344
LoadLibraryExW - 0x1400F5A70 0x0013F658 0x0013DC58 0x000003B1
GetSystemDirectoryW - 0x1400F5A78 0x0013F660 0x0013DC60 0x000002D7
CompareStringW - 0x1400F5A80 0x0013F668 0x0013DC68 0x00000090
UnmapViewOfFile - 0x1400F5A88 0x0013F670 0x0013DC70 0x000005A4
MapViewOfFile - 0x1400F5A90 0x0013F678 0x0013DC78 0x000003CA
CreateFileMappingW - 0x1400F5A98 0x0013F680 0x0013DC80 0x000000BD
GetSystemInfo - 0x1400F5AA0 0x0013F688 0x0013DC88 0x000002DA
GetCurrentThread - 0x1400F5AA8 0x0013F690 0x0013DC90 0x00000214
FoldStringW - 0x1400F5AB0 0x0013F698 0x0013DC98 0x0000019D
CreateDirectoryW - 0x1400F5AB8 0x0013F6A0 0x0013DCA0 0x000000AF
RemoveDirectoryW - 0x1400F5AC0 0x0013F6A8 0x0013DCA8 0x000004A5
GetConsoleOutputCP - 0x1400F5AC8 0x0013F6B0 0x0013DCB0 0x000001F9
GetTimeFormatW - 0x1400F5AD0 0x0013F6B8 0x0013DCB8 0x00000302
GetDateFormatW - 0x1400F5AD8 0x0013F6C0 0x0013DCC0 0x0000021B
FileTimeToLocalFileTime - 0x1400F5AE0 0x0013F6C8 0x0013DCC8 0x00000162
LocalFileTimeToFileTime - 0x1400F5AE8 0x0013F6D0 0x0013DCD0 0x000003BA
FileTimeToSystemTime - 0x1400F5AF0 0x0013F6D8 0x0013DCD8 0x00000163
msvcrt.dll (109)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_unlock - 0x1400F6140 0x0013FD28 0x0013E328 0x00000341
_lock - 0x1400F6148 0x0013FD30 0x0013E330 0x000001E6
?terminate@@YAXXZ - 0x1400F6150 0x0013FD38 0x0013E338 0x0000002F
__CxxFrameHandler3 - 0x1400F6158 0x0013FD40 0x0013E340 0x0000005B
realloc - 0x1400F6160 0x0013FD48 0x0013E348 0x000004A9
_errno - 0x1400F6168 0x0013FD50 0x0013E350 0x00000105
??1type_info@@UEAA@XZ - 0x1400F6170 0x0013FD58 0x0013E358 0x00000012
_commode - 0x1400F6178 0x0013FD60 0x0013E360 0x000000D2
_fmode - 0x1400F6180 0x0013FD68 0x0013E368 0x00000127
_wcmdln - 0x1400F6188 0x0013FD70 0x0013E370 0x00000382
__dllonexit - 0x1400F6190 0x0013FD78 0x0013E378 0x0000007B
_initterm - 0x1400F6198 0x0013FD80 0x0013E380 0x0000017D
__setusermatherr - 0x1400F61A0 0x0013FD88 0x0013E388 0x00000090
_cexit - 0x1400F61A8 0x0013FD90 0x0013E390 0x000000C1
_exit - 0x1400F61B0 0x0013FD98 0x0013E398 0x0000010E
exit - 0x1400F61B8 0x0013FDA0 0x0013E3A0 0x00000432
__set_app_type - 0x1400F61C0 0x0013FDA8 0x0013E3A8 0x0000008E
__wgetmainargs - 0x1400F61C8 0x0013FDB0 0x0013E3B0 0x0000009D
_amsg_exit - 0x1400F61D0 0x0013FDB8 0x0013E3B8 0x000000AE
_XcptFilter - 0x1400F61D8 0x0013FDC0 0x0013E3C0 0x00000055
_CxxThrowException - 0x1400F61E0 0x0013FDC8 0x0013E3C8 0x0000004B
__C_specific_handler - 0x1400F61E8 0x0013FDD0 0x0013E3D0 0x00000057
_onexit - 0x1400F61F0 0x0013FDD8 0x0013E3D8 0x00000290
_itoa_s - 0x1400F61F8 0x0013FDE0 0x0013E3E0 0x000001D8
memcmp - 0x1400F6200 0x0013FDE8 0x0013E3E8 0x00000491
memcpy - 0x1400F6208 0x0013FDF0 0x0013E3F0 0x00000492
memset - 0x1400F6210 0x0013FDF8 0x0013E3F8 0x00000496
wcscpy_s - 0x1400F6218 0x0013FE00 0x0013E400 0x00000505
towupper - 0x1400F6220 0x0013FE08 0x0013E408 0x000004EC
iswlower - 0x1400F6228 0x0013FE10 0x0013E410 0x00000475
towlower - 0x1400F6230 0x0013FE18 0x0013E418 0x000004EB
iswupper - 0x1400F6238 0x0013FE20 0x0013E420 0x00000479
sscanf_s - 0x1400F6240 0x0013FE28 0x0013E428 0x000004BE
strpbrk - 0x1400F6248 0x0013FE30 0x0013E430 0x000004D1
strcpy_s - 0x1400F6250 0x0013FE38 0x0013E438 0x000004C5
strspn - 0x1400F6258 0x0013FE40 0x0013E440 0x000004D3
fwrite - 0x1400F6260 0x0013FE48 0x0013E448 0x00000457
ftell - 0x1400F6268 0x0013FE50 0x0013E450 0x00000454
_fileno - 0x1400F6270 0x0013FE58 0x0013E458 0x0000011B
_setmode - 0x1400F6278 0x0013FE60 0x0013E460 0x000002C8
wcstoul - 0x1400F6280 0x0013FE68 0x0013E468 0x0000051B
fgetws - 0x1400F6288 0x0013FE70 0x0013E470 0x0000043E
feof - 0x1400F6290 0x0013FE78 0x0013E478 0x00000437
fgetc - 0x1400F6298 0x0013FE80 0x0013E480 0x0000043A
_wfopen - 0x1400F62A0 0x0013FE88 0x0013E488 0x000003C3
fputws - 0x1400F62A8 0x0013FE90 0x0013E490 0x0000044A
atoi - 0x1400F62B0 0x0013FE98 0x0013E498 0x00000420
isdigit - 0x1400F62B8 0x0013FEA0 0x0013E4A0 0x00000466
_wgetenv - 0x1400F62C0 0x0013FEA8 0x0013E4A8 0x000003CC
iswxdigit - 0x1400F62C8 0x0013FEB0 0x0013E4B0 0x0000047A
_wsetlocale - 0x1400F62D0 0x0013FEB8 0x0013E4B8 0x000003EA
iswalpha - 0x1400F62D8 0x0013FEC0 0x0013E4C0 0x0000046F
isxdigit - 0x1400F62E0 0x0013FEC8 0x0013E4C8 0x0000047B
__isascii - 0x1400F62E8 0x0013FED0 0x0013E4D0 0x00000082
gmtime - 0x1400F62F0 0x0013FED8 0x0013E4D8 0x00000461
vfwprintf - 0x1400F62F8 0x0013FEE0 0x0013E4E0 0x000004F2
iswspace - 0x1400F6300 0x0013FEE8 0x0013E4E8 0x00000478
__iob_func - 0x1400F6308 0x0013FEF0 0x0013E4F0 0x00000081
_callnewh - 0x1400F6310 0x0013FEF8 0x0013E4F8 0x000000BF
?what@exception@@UEBAPEBDXZ - 0x1400F6318 0x0013FF00 0x0013E500 0x00000031
??1exception@@UEAA@XZ - 0x1400F6320 0x0013FF08 0x0013E508 0x00000011
??0exception@@QEAA@AEBV0@@Z - 0x1400F6328 0x0013FF10 0x0013E510 0x0000000C
??0exception@@QEAA@AEBQEBDH@Z - 0x1400F6330 0x0013FF18 0x0013E518 0x0000000B
malloc - 0x1400F6338 0x0013FF20 0x0013E520 0x00000486
fprintf - 0x1400F6340 0x0013FF28 0x0013E528 0x00000445
_strlwr - 0x1400F6348 0x0013FF30 0x0013E530 0x000002FE
_swab - 0x1400F6350 0x0013FF38 0x0013E538 0x0000031B
ferror - 0x1400F6358 0x0013FF40 0x0013E540 0x00000438
fseek - 0x1400F6360 0x0013FF48 0x0013E548 0x00000452
strcmp - 0x1400F6368 0x0013FF50 0x0013E550 0x000004C2
strcat_s - 0x1400F6370 0x0013FF58 0x0013E558 0x000004C0
_wcsicmp - 0x1400F6378 0x0013FF60 0x0013E560 0x0000038A
_vsnwprintf - 0x1400F6380 0x0013FF68 0x0013E568 0x00000369
iswdigit - 0x1400F6388 0x0013FF70 0x0013E570 0x00000473
wcsrchr - 0x1400F6390 0x0013FF78 0x0013E578 0x00000510
wcschr - 0x1400F6398 0x0013FF80 0x0013E580 0x00000501
memmove - 0x1400F63A0 0x0013FF88 0x0013E588 0x00000494
wcstok - 0x1400F63A8 0x0013FF90 0x0013E590 0x00000516
fwprintf - 0x1400F63B0 0x0013FF98 0x0013E598 0x00000455
_wfopen_s - 0x1400F63B8 0x0013FFA0 0x0013E5A0 0x000003C4
fclose - 0x1400F63C0 0x0013FFA8 0x0013E5A8 0x00000436
_purecall - 0x1400F63C8 0x0013FFB0 0x0013E5B0 0x0000029E
fflush - 0x1400F63D0 0x0013FFB8 0x0013E5B8 0x00000439
_fgetwchar - 0x1400F63D8 0x0013FFC0 0x0013E5C0 0x00000116
wcsspn - 0x1400F63E0 0x0013FFC8 0x0013E5C8 0x00000513
_wcsnicmp - 0x1400F63E8 0x0013FFD0 0x0013E5D0 0x00000394
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z - 0x1400F63F0 0x0013FFD8 0x0013E5D8 0x00000028
qsort - 0x1400F63F8 0x0013FFE0 0x0013E5E0 0x000004A4
wcscspn - 0x1400F6400 0x0013FFE8 0x0013E5E8 0x00000506
getenv - 0x1400F6408 0x0013FFF0 0x0013E5F0 0x0000045C
free - 0x1400F6410 0x0013FFF8 0x0013E5F8 0x0000044C
wcscmp - 0x1400F6418 0x00140000 0x0013E600 0x00000502
_strnicmp - 0x1400F6420 0x00140008 0x0013E608 0x00000304
swscanf - 0x1400F6428 0x00140010 0x0013E610 0x000004DD
_stricmp - 0x1400F6430 0x00140018 0x0013E618 0x000002FA
_wtoi - 0x1400F6438 0x00140020 0x0013E620 0x00000405
_vsnprintf - 0x1400F6440 0x00140028 0x0013E628 0x00000363
_wcslwr - 0x1400F6448 0x00140030 0x0013E630 0x0000038E
strncmp - 0x1400F6450 0x00140038 0x0013E638 0x000004CD
strcspn - 0x1400F6458 0x00140040 0x0013E640 0x000004C6
wcsstr - 0x1400F6460 0x00140048 0x0013E648 0x00000514
strstr - 0x1400F6468 0x00140050 0x0013E650 0x000004D4
wcsncmp - 0x1400F6470 0x00140058 0x0013E658 0x0000050B
_ultow - 0x1400F6478 0x00140060 0x0013E660 0x0000033A
bsearch - 0x1400F6480 0x00140068 0x0013E668 0x00000422
fopen - 0x1400F6488 0x00140070 0x0013E670 0x00000443
fgets - 0x1400F6490 0x00140078 0x0013E678 0x0000043C
strchr - 0x1400F6498 0x00140080 0x0013E680 0x000004C1
fputs - 0x1400F64A0 0x00140088 0x0013E688 0x00000448
certcli.dll (71)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x000000E1 0x1400F5F00 0x0013FAE8 0x0013E0E8 -
None 0x00000166 0x1400F5F08 0x0013FAF0 0x0013E0F0 -
None 0x000000CF 0x1400F5F10 0x0013FAF8 0x0013E0F8 -
None 0x00000167 0x1400F5F18 0x0013FB00 0x0013E100 -
None 0x000000F6 0x1400F5F20 0x0013FB08 0x0013E108 -
None 0x000000D2 0x1400F5F28 0x0013FB10 0x0013E110 -
None 0x000000DF 0x1400F5F30 0x0013FB18 0x0013E118 -
None 0x00000168 0x1400F5F38 0x0013FB20 0x0013E120 -
None 0x000000D5 0x1400F5F40 0x0013FB28 0x0013E128 -
None 0x000000CD 0x1400F5F48 0x0013FB30 0x0013E130 -
None 0x00000164 0x1400F5F50 0x0013FB38 0x0013E138 -
CAEnumCertTypesEx - 0x1400F5F58 0x0013FB40 0x0013E140 0x0000001C
CAFindCertTypeByName - 0x1400F5F60 0x0013FB48 0x0013E148 0x00000025
None 0x00000102 0x1400F5F68 0x0013FB50 0x0013E150 -
CAGetCertTypeFlagsEx - 0x1400F5F70 0x0013FB58 0x0013E158 0x00000032
CAGetCertTypePropertyEx - 0x1400F5F78 0x0013FB60 0x0013E160 0x00000035
CAFreeCertTypeProperty - 0x1400F5F80 0x0013FB68 0x0013E168 0x00000028
CAGetCertTypeKeySpec - 0x1400F5F88 0x0013FB70 0x0013E170 0x00000033
CAGetCertTypeExpiration - 0x1400F5F90 0x0013FB78 0x0013E178 0x0000002E
CACertTypeGetSecurity - 0x1400F5F98 0x0013FB80 0x0013E180 0x00000007
CAGetCertTypeExtensions - 0x1400F5FA0 0x0013FB88 0x0013E188 0x0000002F
CAFreeCertTypeExtensions - 0x1400F5FA8 0x0013FB90 0x0013E190 0x00000027
CAEnumCertTypesForCAEx - 0x1400F5FB0 0x0013FB98 0x0013E198 0x0000001E
CAGetCertTypeProperty - 0x1400F5FB8 0x0013FBA0 0x0013E1A0 0x00000034
CACertTypeAccessCheckEx - 0x1400F5FC0 0x0013FBA8 0x0013E1A8 0x00000005
CAEnumNextCertType - 0x1400F5FC8 0x0013FBB0 0x0013E1B0 0x00000021
CACloseCertType - 0x1400F5FD0 0x0013FBB8 0x0013E1B8 0x0000000E
None 0x00000175 0x1400F5FD8 0x0013FBC0 0x0013E1C0 -
CAEnumFirstCA - 0x1400F5FE0 0x0013FBC8 0x0013E1C8 0x0000001F
CAFindByName - 0x1400F5FE8 0x0013FBD0 0x0013E1D0 0x00000024
CAGetCAProperty - 0x1400F5FF0 0x0013FBD8 0x0013E1D8 0x0000002C
CAFreeCAProperty - 0x1400F5FF8 0x0013FBE0 0x0013E1E0 0x00000026
CAEnumNextCA - 0x1400F6000 0x0013FBE8 0x0013E1E8 0x00000020
CACloseCA - 0x1400F6008 0x0013FBF0 0x0013E1F0 0x0000000D
None 0x0000016A 0x1400F6010 0x0013FBF8 0x0013E1F8 -
CAGetCAFlags - 0x1400F6018 0x0013FC00 0x0013E200 0x0000002B
CAGetCAExpiration - 0x1400F6020 0x0013FC08 0x0013E208 0x0000002A
CAAccessCheck - 0x1400F6028 0x0013FC10 0x0013E210 0x00000000
None 0x00000169 0x1400F6030 0x0013FC18 0x0013E218 -
CAGetCACertificate - 0x1400F6038 0x0013FC20 0x0013E220 0x00000029
CAGetCASecurity - 0x1400F6040 0x0013FC28 0x0013E228 0x0000002D
CASetCAProperty - 0x1400F6048 0x0013FC30 0x0013E230 0x0000004E
CAUpdateCAEx - 0x1400F6050 0x0013FC38 0x0013E238 0x00000058
CAFindByCertType - 0x1400F6058 0x0013FC40 0x0013E240 0x00000022
None 0x00000100 0x1400F6060 0x0013FC48 0x0013E248 -
None 0x00000101 0x1400F6068 0x0013FC50 0x0013E250 -
None 0x000000DA 0x1400F6070 0x0013FC58 0x0013E258 -
None 0x000000FF 0x1400F6078 0x0013FC60 0x0013E260 -
None 0x000000FE 0x1400F6080 0x0013FC68 0x0013E268 -
CAEnumCertTypesForCA - 0x1400F6088 0x0013FC70 0x0013E270 0x0000001D
CACountCertTypes - 0x1400F6090 0x0013FC78 0x0013E278 0x00000010
CACertTypeAccessCheck - 0x1400F6098 0x0013FC80 0x0013E280 0x00000004
CACountCAs - 0x1400F60A0 0x0013FC88 0x0013E288 0x0000000F
None 0x000000D9 0x1400F60A8 0x0013FC90 0x0013E290 -
None 0x000000F5 0x1400F60B0 0x0013FC98 0x0013E298 -
None 0x00000172 0x1400F60B8 0x0013FCA0 0x0013E2A0 -
CACreateNewCA - 0x1400F60C0 0x0013FCA8 0x0013E2A8 0x00000014
CASetCAFlags - 0x1400F60C8 0x0013FCB0 0x0013E2B0 0x0000004D
CASetCACertificate - 0x1400F60D0 0x0013FCB8 0x0013E2B8 0x0000004B
CASetCASecurity - 0x1400F60D8 0x0013FCC0 0x0013E2C0 0x0000004F
None 0x0000016E 0x1400F60E0 0x0013FCC8 0x0013E2C8 -
CARemoveCACertificateTypeEx - 0x1400F60E8 0x0013FCD0 0x0013E2D0 0x0000004A
CAAddCACertificateTypeEx - 0x1400F60F0 0x0013FCD8 0x0013E2D8 0x00000003
CAUpdateCA - 0x1400F60F8 0x0013FCE0 0x0013E2E0 0x00000057
None 0x000000FC 0x1400F6100 0x0013FCE8 0x0013E2E8 -
None 0x00000105 0x1400F6108 0x0013FCF0 0x0013E2F0 -
None 0x00000104 0x1400F6110 0x0013FCF8 0x0013E2F8 -
None 0x000000FD 0x1400F6118 0x0013FD00 0x0013E300 -
None 0x000000CB 0x1400F6120 0x0013FD08 0x0013E308 -
None 0x000000F7 0x1400F6128 0x0013FD10 0x0013E310 -
None 0x00000165 0x1400F6130 0x0013FD18 0x0013E318 -
CRYPT32.dll (118)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptFindOIDInfo - 0x1400F52F8 0x0013EEE0 0x0013D4E0 0x00000092
CertGetCertificateContextProperty - 0x1400F5300 0x0013EEE8 0x0013D4E8 0x00000046
CertFindExtension - 0x1400F5308 0x0013EEF0 0x0013D4F0 0x00000037
CryptEncodeObjectEx - 0x1400F5310 0x0013EEF8 0x0013D4F8 0x00000087
CertFreeCertificateContext - 0x1400F5318 0x0013EF00 0x0013D500 0x00000040
CertCloseStore - 0x1400F5320 0x0013EF08 0x0013D508 0x00000012
CertDuplicateCertificateContext - 0x1400F5328 0x0013EF10 0x0013D510 0x00000025
CertEnumCRLsInStore - 0x1400F5330 0x0013EF18 0x0013D518 0x00000028
CertFreeCRLContext - 0x1400F5338 0x0013EF20 0x0013D520 0x0000003B
CertCreateCRLContext - 0x1400F5340 0x0013EF28 0x0013D528 0x00000018
PFXExportCertStoreEx - 0x1400F5348 0x0013EF30 0x0013D530 0x00000120
PFXExportCertStore - 0x1400F5350 0x0013EF38 0x0013D538 0x0000011E
CryptFreeOIDFunctionAddress - 0x1400F5358 0x0013EF40 0x0013D540 0x00000094
CryptGetOIDFunctionAddress - 0x1400F5360 0x0013EF48 0x0013D548 0x0000009B
CryptInitOIDFunctionSet - 0x1400F5368 0x0013EF50 0x0013D550 0x000000A6
CertNameToStrW - 0x1400F5370 0x0013EF58 0x0013D558 0x00000056
CertStrToNameW - 0x1400F5378 0x0013EF60 0x0013D560 0x00000070
CryptFormatObject - 0x1400F5380 0x0013EF68 0x0013D568 0x00000093
CryptDecryptMessage - 0x1400F5388 0x0013EF70 0x0013D570 0x00000085
CryptEncryptMessage - 0x1400F5390 0x0013EF78 0x0013D578 0x00000088
CryptSignMessage - 0x1400F5398 0x0013EF80 0x0013D580 0x000000DC
CertAddCertificateLinkToStore - 0x1400F53A0 0x0013EF88 0x0013D588 0x00000005
CertGetIntendedKeyUsage - 0x1400F53A8 0x0013EF90 0x0013D590 0x00000048
CryptHashPublicKeyInfo - 0x1400F53B0 0x0013EF98 0x0013D598 0x000000A0
CryptSignCertificate - 0x1400F53B8 0x0013EFA0 0x0013D5A0 0x000000DB
CryptExportPublicKeyInfoEx - 0x1400F53C0 0x0013EFA8 0x0013D5A8 0x0000008E
CryptMsgOpenToDecode - 0x1400F53C8 0x0013EFB0 0x0013D5B0 0x000000B6
CryptStringToBinaryW - 0x1400F53D0 0x0013EFB8 0x0013D5B8 0x000000DF
CryptSignAndEncodeCertificate - 0x1400F53D8 0x0013EFC0 0x0013D5C0 0x000000D9
CryptImportPublicKeyInfoEx2 - 0x1400F53E0 0x0013EFC8 0x0013D5C8 0x000000A5
CertDuplicateStore - 0x1400F53E8 0x0013EFD0 0x0013D5D0 0x00000026
CryptMsgUpdate - 0x1400F53F0 0x0013EFD8 0x0013D5D8 0x000000B9
CryptMsgOpenToEncode - 0x1400F53F8 0x0013EFE0 0x0013D5E0 0x000000B7
CertOpenServerOcspResponse - 0x1400F5400 0x0013EFE8 0x0013D5E8 0x00000058
I_CryptWalkAllLruCacheEntries - 0x1400F5408 0x0013EFF0 0x0013D5F0 0x0000011C
I_CryptRemoveLruEntry - 0x1400F5410 0x0013EFF8 0x0013D5F8 0x00000116
I_CryptGetLruEntryData - 0x1400F5418 0x0013F000 0x0013D600 0x0000010C
I_CryptFindLruEntry - 0x1400F5420 0x0013F008 0x0013D608 0x00000101
I_CryptReleaseLruEntry - 0x1400F5428 0x0013F010 0x0013D610 0x00000115
I_CryptInsertLruEntry - 0x1400F5430 0x0013F018 0x0013D618 0x00000110
I_CryptCreateLruEntry - 0x1400F5438 0x0013F020 0x0013D620 0x000000FC
CertCloseServerOcspResponse - 0x1400F5440 0x0013F028 0x0013D628 0x00000011
I_CryptFreeLruCache - 0x1400F5448 0x0013F030 0x0013D630 0x00000105
I_CryptCreateLruCache - 0x1400F5450 0x0013F038 0x0013D638 0x000000FB
CryptMsgEncodeAndSignCTL - 0x1400F5458 0x0013F040 0x0013D640 0x000000B3
CertGetNameStringA - 0x1400F5460 0x0013F048 0x0013D648 0x0000004A
CertSetCertificateContextPropertiesFromCTLEntry - 0x1400F5468 0x0013F050 0x0013D650 0x0000006B
CertCreateContext - 0x1400F5470 0x0013F058 0x0013D658 0x0000001D
I_CertProtectFunction - 0x1400F5478 0x0013F060 0x0013D660 0x000000F3
CertAddStoreToCollection - 0x1400F5480 0x0013F068 0x0013D668 0x0000000F
CertVerifyCertificateChainPolicy - 0x1400F5488 0x0013F070 0x0013D670 0x00000076
CryptMemFree - 0x1400F5490 0x0013F078 0x0013D678 0x000000AB
CertVerifySubjectCertificateContext - 0x1400F5498 0x0013F080 0x0013D680 0x00000078
CryptVerifyCertificateSignatureEx - 0x1400F54A0 0x0013F088 0x0013D688 0x000000E8
CertGetEnhancedKeyUsage - 0x1400F54A8 0x0013F090 0x0013D690 0x00000047
CertVerifyCRLTimeValidity - 0x1400F54B0 0x0013F098 0x0013D698 0x00000074
CertVerifyRevocation - 0x1400F54B8 0x0013F0A0 0x0013D6A0 0x00000077
CertVerifyTimeValidity - 0x1400F54C0 0x0013F0A8 0x0013D6A8 0x00000079
CryptVerifyCertificateSignature - 0x1400F54C8 0x0013F0B0 0x0013D6B0 0x000000E7
CryptEnumKeyIdentifierProperties - 0x1400F54D0 0x0013F0B8 0x0013D6B8 0x00000089
CryptImportPublicKeyInfo - 0x1400F54D8 0x0013F0C0 0x0013D6C0 0x000000A3
CertDuplicateCRLContext - 0x1400F54E0 0x0013F0C8 0x0013D6C8 0x00000022
CertDeleteCRLFromStore - 0x1400F54E8 0x0013F0D0 0x0013D6D0 0x0000001F
CertCreateCTLContext - 0x1400F54F0 0x0013F0D8 0x0013D6D8 0x00000019
CertAddCTLContextToStore - 0x1400F54F8 0x0013F0E0 0x0013D6E0 0x00000002
CertAddCRLContextToStore - 0x1400F5500 0x0013F0E8 0x0013D6E8 0x00000000
CertEnumSystemStore - 0x1400F5508 0x0013F0F0 0x0013D6F0 0x0000002F
CertEnumSystemStoreLocation - 0x1400F5510 0x0013F0F8 0x0013D6F8 0x00000030
CertEnumPhysicalStore - 0x1400F5518 0x0013F100 0x0013D700 0x0000002D
CertControlStore - 0x1400F5520 0x0013F108 0x0013D708 0x00000017
CertSaveStore - 0x1400F5528 0x0013F110 0x0013D710 0x00000064
CryptFindLocalizedName - 0x1400F5530 0x0013F118 0x0013D718 0x00000091
CertAddSerializedElementToStore - 0x1400F5538 0x0013F120 0x0013D720 0x0000000E
CertAddEncodedCTLToStore - 0x1400F5540 0x0013F128 0x0013D728 0x00000007
CertAddEncodedCRLToStore - 0x1400F5548 0x0013F130 0x0013D730 0x00000006
CertAddEncodedCertificateToStore - 0x1400F5550 0x0013F138 0x0013D738 0x00000008
CertFreeCTLContext - 0x1400F5558 0x0013F140 0x0013D740 0x0000003C
CertSetCTLContextProperty - 0x1400F5560 0x0013F148 0x0013D748 0x0000006A
CertSetCRLContextProperty - 0x1400F5568 0x0013F150 0x0013D750 0x00000069
CryptFindCertificateKeyProvInfo - 0x1400F5570 0x0013F158 0x0013D758 0x00000090
CryptAcquireCertificatePrivateKey - 0x1400F5578 0x0013F160 0x0013D760 0x0000007B
CertEnumCertificateContextProperties - 0x1400F5580 0x0013F168 0x0013D768 0x0000002B
CertGetCRLContextProperty - 0x1400F5588 0x0013F170 0x0013D770 0x00000042
CertEnumCRLContextProperties - 0x1400F5590 0x0013F178 0x0013D778 0x00000027
CertGetCTLContextProperty - 0x1400F5598 0x0013F180 0x0013D780 0x00000044
CertEnumCTLContextProperties - 0x1400F55A0 0x0013F188 0x0013D788 0x00000029
CertSetStoreProperty - 0x1400F55A8 0x0013F190 0x0013D790 0x0000006E
CertFreeCertificateChain - 0x1400F55B0 0x0013F198 0x0013D798 0x0000003D
CertGetCertificateChain - 0x1400F55B8 0x0013F1A0 0x0013D7A0 0x00000045
CertComparePublicKeyInfo - 0x1400F55C0 0x0013F1A8 0x0013D7A8 0x00000016
CryptExportPublicKeyInfo - 0x1400F55C8 0x0013F1B0 0x0013D7B0 0x0000008D
CertEnumCTLsInStore - 0x1400F55D0 0x0013F1B8 0x0013D7B8 0x0000002A
CertDeleteCertificateFromStore - 0x1400F55D8 0x0013F1C0 0x0013D7C0 0x00000021
CertGetNameStringW - 0x1400F55E0 0x0013F1C8 0x0013D7C8 0x0000004B
CryptDecodeObjectEx - 0x1400F55E8 0x0013F1D0 0x0013D7D0 0x00000083
CryptQueryObject - 0x1400F55F0 0x0013F1D8 0x0013D7D8 0x000000C5
CryptMsgGetParam - 0x1400F55F8 0x0013F1E0 0x0013D7E0 0x000000B5
CryptMsgGetAndVerifySigner - 0x1400F5600 0x0013F1E8 0x0013D7E8 0x000000B4
CryptMsgControl - 0x1400F5608 0x0013F1F0 0x0013D7F0 0x000000AF
CertFindCertificateInStore - 0x1400F5610 0x0013F1F8 0x0013D7F8 0x00000035
CertEnumCertificatesInStore - 0x1400F5618 0x0013F200 0x0013D800 0x0000002C
PFXIsPFXBlob - 0x1400F5620 0x0013F208 0x0013D808 0x00000122
PFXImportCertStore - 0x1400F5628 0x0013F210 0x0013D810 0x00000121
CryptImportPKCS8 - 0x1400F5630 0x0013F218 0x0013D818 0x000000A2
CertGetPublicKeyLength - 0x1400F5638 0x0013F220 0x0013D820 0x0000004C
CryptMsgClose - 0x1400F5640 0x0013F228 0x0013D828 0x000000AE
CertAddCertificateContextToStore - 0x1400F5648 0x0013F230 0x0013D830 0x00000004
CertSetCertificateContextProperty - 0x1400F5650 0x0013F238 0x0013D838 0x0000006C
CertOpenStore - 0x1400F5658 0x0013F240 0x0013D840 0x00000059
CryptGetKeyIdentifierProperty - 0x1400F5660 0x0013F248 0x0013D848 0x00000098
CertFindAttribute - 0x1400F5668 0x0013F250 0x0013D850 0x00000031
CryptHashCertificate2 - 0x1400F5670 0x0013F258 0x0013D858 0x0000009E
CryptHashCertificate - 0x1400F5678 0x0013F260 0x0013D860 0x0000009D
CertCompareCertificateName - 0x1400F5680 0x0013F268 0x0013D868 0x00000014
CryptDecodeObject - 0x1400F5688 0x0013F270 0x0013D870 0x00000082
CryptRegisterOIDInfo - 0x1400F5690 0x0013F278 0x0013D878 0x000000C8
CertCreateCertificateContext - 0x1400F5698 0x0013F280 0x0013D880 0x0000001C
CryptEnumOIDInfo - 0x1400F56A0 0x0013F288 0x0013D888 0x0000008B
Cabinet.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x00000016 0x1400F56D0 0x0013F2B8 0x0013D8B8 -
None 0x00000015 0x1400F56D8 0x0013F2C0 0x0013D8C0 -
None 0x00000014 0x1400F56E0 0x0013F2C8 0x0013D8C8 -
None 0x00000017 0x1400F56E8 0x0013F2D0 0x0013D8D0 -
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControlsEx - 0x1400F52E8 0x0013EED0 0x0013D4D0 0x0000007C
CRYPTUI.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptUIDlgViewCRLW - 0x1400F56B0 0x0013F298 0x0013D898 0x00000016
CryptUIDlgFreeCAContext - 0x1400F56B8 0x0013F2A0 0x0013D8A0 0x0000000B
CryptUIDlgViewCertificateW - 0x1400F56C0 0x0013F2A8 0x0013D8A8 0x0000001C
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStockObject - 0x1400F56F8 0x0013F2E0 0x0013D8E0 0x0000026D
ncrypt.dll (49)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NCryptIsKeyHandle - 0x1400F64B0 0x00140098 0x0013E698 0x00000050
NCryptFreeObject - 0x1400F64B8 0x001400A0 0x0013E6A0 0x0000004B
NCryptOpenStorageProvider - 0x1400F64C0 0x001400A8 0x0013E6A8 0x00000055
NCryptImportKey - 0x1400F64C8 0x001400B0 0x0013E6B0 0x0000004E
NCryptSetProperty - 0x1400F64D0 0x001400B8 0x0013E6B8 0x0000005C
NCryptFinalizeKey - 0x1400F64D8 0x001400C0 0x0013E6C0 0x00000049
BCryptSetProperty - 0x1400F64E0 0x001400C8 0x0013E6C8 0x00000033
BCryptGetProperty - 0x1400F64E8 0x001400D0 0x0013E6D0 0x00000020
BCryptDestroyKey - 0x1400F64F0 0x001400D8 0x0013E6D8 0x0000000D
BCryptCloseAlgorithmProvider - 0x1400F64F8 0x001400E0 0x0013E6E0 0x00000002
SslEnumProtocolProviders - 0x1400F6500 0x001400E8 0x0013E6E8 0x00000075
SslOpenProvider - 0x1400F6508 0x001400F0 0x0013E6F0 0x00000087
SslFreeBuffer - 0x1400F6510 0x001400F8 0x0013E6F8 0x00000078
SslFreeObject - 0x1400F6518 0x00140100 0x0013E700 0x00000079
NCryptGetProperty - 0x1400F6520 0x00140108 0x0013E708 0x0000004C
BCryptFreeBuffer - 0x1400F6528 0x00140110 0x0013E710 0x0000001B
BCryptOpenAlgorithmProvider - 0x1400F6530 0x00140118 0x0013E718 0x00000026
BCryptCreateHash - 0x1400F6538 0x00140120 0x0013E720 0x00000006
BCryptHashData - 0x1400F6540 0x00140128 0x0013E728 0x00000022
BCryptFinishHash - 0x1400F6548 0x00140130 0x0013E730 0x0000001A
BCryptDestroyHash - 0x1400F6550 0x00140138 0x0013E738 0x0000000C
BCryptDecrypt - 0x1400F6558 0x00140140 0x0013E740 0x00000007
BCryptEncrypt - 0x1400F6560 0x00140148 0x0013E748 0x00000011
BCryptExportKey - 0x1400F6568 0x00140150 0x0013E750 0x00000018
BCryptGenRandom - 0x1400F6570 0x00140158 0x0013E758 0x0000001C
BCryptSignHash - 0x1400F6578 0x00140160 0x0013E760 0x00000034
BCryptVerifySignature - 0x1400F6580 0x00140168 0x0013E768 0x00000037
NCryptCreatePersistedKey - 0x1400F6588 0x00140170 0x0013E770 0x0000003E
NCryptDecrypt - 0x1400F6590 0x00140178 0x0013E778 0x00000040
NCryptDeleteKey - 0x1400F6598 0x00140180 0x0013E780 0x00000041
NCryptDeriveKey - 0x1400F65A0 0x00140188 0x0013E788 0x00000042
NCryptEncrypt - 0x1400F65A8 0x00140190 0x0013E790 0x00000044
NCryptExportKey - 0x1400F65B0 0x00140198 0x0013E798 0x00000048
NCryptOpenKey - 0x1400F65B8 0x001401A0 0x0013E7A0 0x00000053
NCryptSecretAgreement - 0x1400F65C0 0x001401A8 0x0013E7A8 0x0000005A
NCryptSignHash - 0x1400F65C8 0x001401B0 0x0013E7B0 0x0000005D
NCryptVerifySignature - 0x1400F65D0 0x001401B8 0x0013E7B8 0x00000067
NCryptEnumAlgorithms - 0x1400F65D8 0x001401C0 0x0013E7C0 0x00000045
NCryptIsAlgSupported - 0x1400F65E0 0x001401C8 0x0013E7C8 0x0000004F
NCryptEnumKeys - 0x1400F65E8 0x001401D0 0x0013E7D0 0x00000046
NCryptEnumStorageProviders - 0x1400F65F0 0x001401D8 0x0013E7D8 0x00000047
NCryptFreeBuffer - 0x1400F65F8 0x001401E0 0x0013E7E0 0x0000004A
BCryptEnumAlgorithms - 0x1400F6600 0x001401E8 0x0013E7E8 0x00000012
BCryptGenerateKeyPair - 0x1400F6608 0x001401F0 0x0013E7F0 0x0000001D
BCryptQueryProviderRegistration - 0x1400F6610 0x001401F8 0x0013E7F8 0x0000002A
BCryptEnumContexts - 0x1400F6618 0x00140200 0x0013E800 0x00000015
BCryptQueryContextConfiguration - 0x1400F6620 0x00140208 0x0013E808 0x00000027
BCryptEnumContextFunctions - 0x1400F6628 0x00140210 0x0013E810 0x00000014
BCryptResolveProviders - 0x1400F6630 0x00140218 0x0013E818 0x0000002F
NETAPI32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DsGetSiteNameW - 0x1400F5B00 0x0013F6E8 0x0013DCE8 0x0000001B
NetApiBufferFree - 0x1400F5B08 0x0013F6F0 0x0013DCF0 0x00000059
NetUserGetGroups - 0x1400F5B10 0x0013F6F8 0x0013DCF8 0x000000F6
DsRoleGetPrimaryDomainInformation - 0x1400F5B18 0x0013F700 0x0013DD00 0x0000001E
DsRoleFreeMemory - 0x1400F5B20 0x0013F708 0x0013DD08 0x0000001D
DsGetDcNameW - 0x1400F5B28 0x0013F710 0x0013DD10 0x00000010
Normaliz.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IdnToAscii - 0x1400F5B70 0x0013F758 0x0013DD58 0x00000000
IdnToUnicode - 0x1400F5B78 0x0013F760 0x0013DD60 0x00000002
ntdll.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlTimeToSecondsSince1970 - 0x1400F6640 0x00140228 0x0013E828 0x0000054C
NtQuerySystemTime - 0x1400F6648 0x00140230 0x0013E830 0x000001D9
WinSqmIncrementDWORD - 0x1400F6650 0x00140238 0x0013E838 0x00000635
RtlCaptureContext - 0x1400F6658 0x00140240 0x0013E840 0x000002C9
RtlLookupFunctionEntry - 0x1400F6660 0x00140248 0x0013E848 0x0000047B
RtlVirtualUnwind - 0x1400F6668 0x00140250 0x0013E850 0x0000058F
NTDSAPI.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DsFreeNameResultW - 0x1400F5B38 0x0013F720 0x0013DD20 0x00000024
DsUnBindW - 0x1400F5B40 0x0013F728 0x0013DD28 0x00000074
DsCrackNamesW - 0x1400F5B48 0x0013F730 0x0013DD30 0x00000014
DsGetDomainControllerInfoW - 0x1400F5B50 0x0013F738 0x0013DD38 0x00000032
DsFreeDomainControllerInfoW - 0x1400F5B58 0x0013F740 0x0013DD40 0x00000021
DsBindW - 0x1400F5B60 0x0013F748 0x0013DD48 0x00000008
SETUPAPI.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetupOpenInfFileW - 0x1400F5C60 0x0013F848 0x0013DE48 0x00000209
SetupFindFirstLineW - 0x1400F5C68 0x0013F850 0x0013DE50 0x000001BF
SetupGetFieldCount - 0x1400F5C70 0x0013F858 0x0013DE58 0x000001C8
SetupFindNextLine - 0x1400F5C78 0x0013F860 0x0013DE60 0x000001C0
SetupGetStringFieldW - 0x1400F5C80 0x0013F868 0x0013DE68 0x000001E9
SetupCloseInfFile - 0x1400F5C88 0x0013F870 0x0013DE70 0x00000107
SetupGetIntField - 0x1400F5C90 0x0013F878 0x0013DE78 0x000001D8
SetupGetLineCountW - 0x1400F5C98 0x0013F880 0x0013DE80 0x000001DC
SHELL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFolderPathW - 0x1400F5CA8 0x0013F890 0x0013DE90 0x00000157
SHGetKnownFolderPath - 0x1400F5CB0 0x0013F898 0x0013DE98 0x00000161
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoW - 0x1400F5E00 0x0013F9E8 0x0013DFE8 0x00000008
GetFileVersionInfoSizeW - 0x1400F5E08 0x0013F9F0 0x0013DFF0 0x00000007
VerQueryValueW - 0x1400F5E10 0x0013F9F8 0x0013DFF8 0x00000010
WLDAP32.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x00000010 0x1400F5E20 0x0013FA08 0x0013E008 -
None 0x0000000C 0x1400F5E28 0x0013FA10 0x0013E010 -
None 0x00000012 0x1400F5E30 0x0013FA18 0x0013E018 -
None 0x0000000E 0x1400F5E38 0x0013FA20 0x0013E020 -
None 0x00000071 0x1400F5E40 0x0013FA28 0x0013E028 -
None 0x0000008C 0x1400F5E48 0x0013FA30 0x0013E030 -
None 0x000000E0 0x1400F5E50 0x0013FA38 0x0013E038 -
None 0x0000008E 0x1400F5E58 0x0013FA40 0x0013E040 -
None 0x0000004F 0x1400F5E60 0x0013FA48 0x0013E048 -
None 0x0000007F 0x1400F5E68 0x0013FA50 0x0013E050 -
None 0x000000A7 0x1400F5E70 0x0013FA58 0x0013E058 -
None 0x00000093 0x1400F5E78 0x0013FA60 0x0013E060 -
None 0x000000CE 0x1400F5E80 0x0013FA68 0x0013E068 -
None 0x00000087 0x1400F5E88 0x0013FA70 0x0013E070 -
None 0x000000CB 0x1400F5E90 0x0013FA78 0x0013E078 -
None 0x00000024 0x1400F5E98 0x0013FA80 0x0013E080 -
None 0x0000001A 0x1400F5EA0 0x0013FA88 0x0013E088 -
None 0x0000001B 0x1400F5EA8 0x0013FA90 0x0013E090 -
None 0x000000BF 0x1400F5EB0 0x0013FA98 0x0013E098 -
None 0x00000029 0x1400F5EB8 0x0013FAA0 0x0013E0A0 -
None 0x00000041 0x1400F5EC0 0x0013FAA8 0x0013E0A8 -
None 0x0000009B 0x1400F5EC8 0x0013FAB0 0x0013E0B0 -
None 0x000000D2 0x1400F5ED0 0x0013FAB8 0x0013E0B8 -
None 0x0000000D 0x1400F5ED8 0x0013FAC0 0x0013E0C0 -
None 0x00000091 0x1400F5EE0 0x0013FAC8 0x0013E0C8 -
None 0x00000049 0x1400F5EE8 0x0013FAD0 0x0013E0D0 -
None 0x000000D0 0x1400F5EF0 0x0013FAD8 0x0013E0D8 -
ole32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemFree - 0x1400F6678 0x00140260 0x0013E860 0x0000008C
CoInitialize - 0x1400F6680 0x00140268 0x0013E868 0x00000060
CoUninitialize - 0x1400F6688 0x00140270 0x0013E870 0x00000090
CoInitializeEx - 0x1400F6690 0x00140278 0x0013E878 0x00000061
CoCreateInstance - 0x1400F6698 0x00140280 0x0013E880 0x0000002B
CLSIDFromString - 0x1400F66A0 0x00140288 0x0013E888 0x00000010
CLSIDFromProgID - 0x1400F66A8 0x00140290 0x0013E890 0x0000000E
StringFromCLSID - 0x1400F66B0 0x00140298 0x0013E898 0x0000020A
ProgIDFromCLSID - 0x1400F66B8 0x001402A0 0x0013E8A0 0x000001C9
CoTaskMemAlloc - 0x1400F66C0 0x001402A8 0x0013E8A8 0x0000008B
CoCreateInstanceEx - 0x1400F66C8 0x001402B0 0x0013E8B0 0x0000002C
CoSetProxyBlanket - 0x1400F66D0 0x001402B8 0x0013E8B8 0x00000087
StgOpenStorageEx - 0x1400F66D8 0x001402C0 0x0013E8C0 0x00000205
PropVariantClear - 0x1400F66E0 0x001402C8 0x0013E8C8 0x000001CE
OLEAUT32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysStringLen 0x00000007 0x1400F5B88 0x0013F770 0x0013DD70 -
VariantCopyInd 0x0000000B 0x1400F5B90 0x0013F778 0x0013DD78 -
CreateErrorInfo 0x000000CA 0x1400F5B98 0x0013F780 0x0013DD80 -
SystemTimeToVariantTime 0x000000B8 0x1400F5BA0 0x0013F788 0x0013DD88 -
VariantTimeToSystemTime 0x000000B9 0x1400F5BA8 0x0013F790 0x0013DD90 -
SysAllocStringByteLen 0x00000096 0x1400F5BB0 0x0013F798 0x0013DD98 -
SafeArrayDestroy 0x00000010 0x1400F5BB8 0x0013F7A0 0x0013DDA0 -
SafeArrayGetDim 0x00000011 0x1400F5BC0 0x0013F7A8 0x0013DDA8 -
SafeArrayGetLBound 0x00000014 0x1400F5BC8 0x0013F7B0 0x0013DDB0 -
SafeArrayGetUBound 0x00000013 0x1400F5BD0 0x0013F7B8 0x0013DDB8 -
SafeArrayAccessData 0x00000017 0x1400F5BD8 0x0013F7C0 0x0013DDC0 -
SafeArrayGetElement 0x00000019 0x1400F5BE0 0x0013F7C8 0x0013DDC8 -
SysFreeString 0x00000006 0x1400F5BE8 0x0013F7D0 0x0013DDD0 -
SafeArrayUnaccessData 0x00000018 0x1400F5BF0 0x0013F7D8 0x0013DDD8 -
SysStringByteLen 0x00000095 0x1400F5BF8 0x0013F7E0 0x0013DDE0 -
VariantInit 0x00000008 0x1400F5C00 0x0013F7E8 0x0013DDE8 -
VariantClear 0x00000009 0x1400F5C08 0x0013F7F0 0x0013DDF0 -
SysAllocString 0x00000002 0x1400F5C10 0x0013F7F8 0x0013DDF8 -
SysAllocStringLen 0x00000004 0x1400F5C18 0x0013F800 0x0013DE00 -
SafeArrayPutElement 0x0000001A 0x1400F5C20 0x0013F808 0x0013DE08 -
SafeArrayCreate 0x0000000F 0x1400F5C28 0x0013F810 0x0013DE10 -
SetErrorInfo 0x000000C9 0x1400F5C30 0x0013F818 0x0013DE18 -
RPCRT4.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NdrClientCall3 - 0x1400F5C40 0x0013F828 0x0013DE28 0x0000009D
I_RpcExceptionFilter - 0x1400F5C48 0x0013F830 0x0013DE30 0x0000002E
UuidCreate - 0x1400F5C50 0x0013F838 0x0013DE38 0x00000215
Secur32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TranslateNameW - 0x1400F5CC0 0x0013F8A8 0x0013DEA8 0x00000062
GetUserNameExW - 0x1400F5CC8 0x0013F8B0 0x0013DEB0 0x0000001D
GetComputerObjectNameW - 0x1400F5CD0 0x0013F8B8 0x0013DEB8 0x0000001A
USER32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SendDlgItemMessageA - 0x1400F5CE0 0x0013F8C8 0x0013DEC8 0x000002DB
CheckDlgButton - 0x1400F5CE8 0x0013F8D0 0x0013DED0 0x0000003E
ShowWindow - 0x1400F5CF0 0x0013F8D8 0x0013DED8 0x0000034E
SetFocus - 0x1400F5CF8 0x0013F8E0 0x0013DEE0 0x00000300
SetWindowLongPtrW - 0x1400F5D00 0x0013F8E8 0x0013DEE8 0x0000033A
UpdateWindow - 0x1400F5D08 0x0013F8F0 0x0013DEF0 0x00000386
LoadStringW - 0x1400F5D10 0x0013F8F8 0x0013DEF8 0x00000243
PostQuitMessage - 0x1400F5D18 0x0013F900 0x0013DF00 0x00000284
DefWindowProcW - 0x1400F5D20 0x0013F908 0x0013DF08 0x000000A2
CharLowerW - 0x1400F5D28 0x0013F910 0x0013DF10 0x0000002E
RegisterClassW - 0x1400F5D30 0x0013F918 0x0013DF18 0x000002AE
CreateWindowExW - 0x1400F5D38 0x0013F920 0x0013DF20 0x00000071
EnableWindow - 0x1400F5D40 0x0013F928 0x0013DF28 0x000000E6
GetMessageW - 0x1400F5D48 0x0013F930 0x0013DF30 0x00000178
TranslateMessage - 0x1400F5D50 0x0013F938 0x0013DF38 0x0000036D
SetDlgItemInt - 0x1400F5D58 0x0013F940 0x0013DF40 0x000002FB
EndDialog - 0x1400F5D60 0x0013F948 0x0013DF48 0x000000E9
GetDlgItemInt - 0x1400F5D68 0x0013F950 0x0013DF50 0x00000141
IsDlgButtonChecked - 0x1400F5D70 0x0013F958 0x0013DF58 0x00000210
GetDlgItemTextW - 0x1400F5D78 0x0013F960 0x0013DF60 0x00000143
DialogBoxParamW - 0x1400F5D80 0x0013F968 0x0013DF68 0x000000B3
SetWindowTextW - 0x1400F5D88 0x0013F970 0x0013DF70 0x00000342
DispatchMessageW - 0x1400F5D90 0x0013F978 0x0013DF78 0x000000B6
GetDlgItem - 0x1400F5D98 0x0013F980 0x0013DF80 0x00000140
SetDlgItemTextW - 0x1400F5DA0 0x0013F988 0x0013DF88 0x000002FD
LoadCursorW - 0x1400F5DA8 0x0013F990 0x0013DF90 0x00000234
GetDesktopWindow - 0x1400F5DB0 0x0013F998 0x0013DF98 0x0000013B
MessageBoxW - 0x1400F5DB8 0x0013F9A0 0x0013DFA0 0x00000260
SendMessageW - 0x1400F5DC0 0x0013F9A8 0x0013DFA8 0x000002E5
PostMessageW - 0x1400F5DC8 0x0013F9B0 0x0013DFB0 0x00000283
SetCursor - 0x1400F5DD0 0x0013F9B8 0x0013DFB8 0x000002F4
GetWindowTextW - 0x1400F5DD8 0x0013F9C0 0x0013DFC0 0x000001DB
CallWindowProcW - 0x1400F5DE0 0x0013F9C8 0x0013DFC8 0x0000001E
LoadIconW - 0x1400F5DE8 0x0013F9D0 0x0013DFD0 0x00000236
GetWindowLongPtrW - 0x1400F5DF0 0x0013F9D8 0x0013DFD8 0x000001CD
Memory Dumps (35)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
buffer 5 0x7FF776520000 0x7FF776542FFF First Execution False 64-bit 0x7FF776529B20 False
...
buffer 5 0x7FF776520000 0x7FF776542FFF Content Changed False 64-bit 0x7FF77652AAEC False
...
buffer 5 0x7FF776520000 0x7FF776542FFF Content Changed False 64-bit 0x7FF77652C364 False
...
buffer 5 0x7FF776520000 0x7FF776542FFF Content Changed False 64-bit 0x7FF77652DC74 False
...
buffer 5 0x7FF776520000 0x7FF776542FFF Content Changed False 64-bit 0x7FF77652EC24 False
...
buffer 5 0x7FF776520000 0x7FF776542FFF Content Changed False 64-bit 0x7FF77652F850 False
...
buffer 5 0x7FF776520000 0x7FF776542FFF Content Changed False 64-bit 0x7FF776530AFC False
...
buffer 5 0x7FF776520000 0x7FF776542FFF Content Changed False 64-bit 0x7FF776526724 False
...
buffer 5 0x7FF776520000 0x7FF776542FFF Content Changed False 64-bit 0x7FF776525C40 False
...
buffer 5 0x1F262C144D0 0x1F262C14947 Process Termination False 64-bit - False
...
buffer 5 0x1F262C14950 0x1F262C1544F Process Termination False 64-bit - False
...
buffer 5 0x1F262C15460 0x1F262C15687 Process Termination False 64-bit - False
...
buffer 5 0x1F262C15690 0x1F262C157A7 Process Termination False 64-bit - False
...
buffer 5 0x1F262C159C0 0x1F262C15A61 Process Termination False 64-bit - False
...
buffer 5 0x1F262C15E70 0x1F262C15F6F Process Termination False 64-bit - False
...
buffer 5 0x1F262C15F80 0x1F262C16F7F Process Termination False 64-bit - False
...
buffer 5 0x1F262C21C30 0x1F262C21E77 Process Termination False 64-bit - False
...
buffer 5 0x7FF776520000 0x7FF776542FFF Process Termination False 64-bit - False
...
buffer 6 0x7FF6406A0000 0x7FF6406C4FFF First Execution False 64-bit 0x7FF6406AC898 False
...
buffer 6 0x7FF6406A0000 0x7FF6406C4FFF Content Changed False 64-bit 0x7FF6406B0748 False
...
buffer 6 0x7FF6406A0000 0x7FF6406C4FFF Content Changed False 64-bit 0x7FF6406B1704 False
...
buffer 6 0x7FF6406A0000 0x7FF6406C4FFF Content Changed False 64-bit 0x7FF6406B2330 False
...
buffer 6 0x7FF6406A0000 0x7FF6406C4FFF Content Changed False 64-bit 0x7FF6406B35DC False
...
buffer 6 0x7FF6406A0000 0x7FF6406C4FFF Content Changed False 64-bit 0x7FF6406A47D0 False
...
buffer 6 0x7FF6406A0000 0x7FF6406C4FFF Content Changed False 64-bit 0x7FF6406A10E0 False
...
buffer 6 0x7FF6406A0000 0x7FF6406C4FFF Content Changed False 64-bit 0x7FF6406A65EC False
...
buffer 6 0x1D408E044C0 0x1D408E04937 Process Termination False 64-bit - False
...
buffer 6 0x1D408E04940 0x1D408E0543F Process Termination False 64-bit - False
...
buffer 6 0x1D408E05450 0x1D408E05677 Process Termination False 64-bit - False
...
buffer 6 0x1D408E05680 0x1D408E05797 Process Termination False 64-bit - False
...
buffer 6 0x1D408E059B0 0x1D408E05A51 Process Termination False 64-bit - False
...
buffer 6 0x1D408E05E60 0x1D408E05F5F Process Termination False 64-bit - False
...
buffer 6 0x1D408E05F70 0x1D408E06F6F Process Termination False 64-bit - False
...
buffer 6 0x1D408E111F0 0x1D408E1143F Process Termination False 64-bit - False
...
buffer 6 0x7FF6406A0000 0x7FF6406C4FFF Process Termination False 64-bit - False
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\\kikumxvaypw.exe Dropped File Binary
Suspicious
...
»
Also Known As C:\Users\RDHJ0C~1\AppData\Local\Temp\kikumxvaypw.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 1.10 MB
MD5 c9e0c278dbe628762ae657d077b80f9c Copy to Clipboard
SHA1 8022bb0d29086bd8aa35008a7443bf378ba3a062 Copy to Clipboard
SHA256 97c74052cda317fbaa70bb45c5ec284b45d82cc2f3124cba638d2b27cb9936f6 Copy to Clipboard
SSDeep 24576:nRG20AZtEET9eFNfoUhplkVWLFRqeJmBzQeQTInVsKzKnm4eNF2H2kqG:VIZoUhJZ02esKzKnm4eNF2H2kq Copy to Clipboard
ImpHash 142f5d688939caa4a31705fc14de9bb7 Copy to Clipboard
PE Information
»
Image Base 0x00660000
Entry Point 0x00752950
Size Of Code 0x000FB800
Size Of Initialized Data 0x0001FC00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2015-10-30 03:25 (UTC+1)
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription CertUtil.exe
FileVersion 10.0.10586.0 (th2_release.151029-1700)
InternalName CertUtil.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename CertUtil.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.10586.0
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00661000 0x000FB7DC 0x000FB800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.41
.data 0x0075D000 0x0000B5C4 0x00008E00 0x000FBC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.43
.idata 0x00769000 0x00004A40 0x00004C00 0x00104A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.65
.didat 0x0076E000 0x00000124 0x00000200 0x00109600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.35
.rsrc 0x0076F000 0x00000F40 0x00001000 0x00109800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.56
.reloc 0x00770000 0x0000E7D8 0x0000E800 0x0010A800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.8
Imports (23)
»
ADVAPI32.dll (92)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsValidSecurityDescriptor - 0x00769000 0x00109D50 0x00105750 0x0000019C
GetSecurityDescriptorLength - 0x00769004 0x00109D54 0x00105754 0x0000015E
CryptReleaseContext - 0x00769008 0x00109D58 0x00105758 0x000000DB
CryptAcquireContextW - 0x0076900C 0x00109D5C 0x0010575C 0x000000C1
LookupAccountNameW - 0x00769010 0x00109D60 0x00105760 0x000001A6
IsValidSid - 0x00769014 0x00109D64 0x00105764 0x0000019D
ConvertSidToStringSidW - 0x00769018 0x00109D68 0x00105768 0x0000007B
ImpersonateSelf - 0x0076901C 0x00109D6C 0x0010576C 0x0000018C
RevertToSelf - 0x00769020 0x00109D70 0x00105770 0x000002BC
LookupAccountSidW - 0x00769024 0x00109D74 0x00105774 0x000001A8
CryptGetProvParam - 0x00769028 0x00109D78 0x00105778 0x000000D6
CryptGetUserKey - 0x0076902C 0x00109D7C 0x0010577C 0x000000D7
CryptGetKeyParam - 0x00769030 0x00109D80 0x00105780 0x000000D5
CryptDestroyKey - 0x00769034 0x00109D84 0x00105784 0x000000C7
RegCreateKeyExW - 0x00769038 0x00109D88 0x00105788 0x00000261
RegSetValueExW - 0x0076903C 0x00109D8C 0x0010578C 0x000002A6
RegSetValueExA - 0x00769040 0x00109D90 0x00105790 0x000002A5
RegDeleteKeyExW - 0x00769044 0x00109D94 0x00105794 0x00000267
RegCloseKey - 0x00769048 0x00109D98 0x00105798 0x00000258
GetTokenInformation - 0x0076904C 0x00109D9C 0x0010579C 0x0000016F
GetLengthSid - 0x00769050 0x00109DA0 0x001057A0 0x0000014A
CopySid - 0x00769054 0x00109DA4 0x001057A4 0x00000085
OpenProcessToken - 0x00769058 0x00109DA8 0x001057A8 0x00000214
RegQueryValueExW - 0x0076905C 0x00109DAC 0x001057AC 0x00000296
RegOpenKeyExW - 0x00769060 0x00109DB0 0x001057B0 0x00000289
RegEnumKeyExW - 0x00769064 0x00109DB4 0x001057B4 0x00000277
RegCreateKeyW - 0x00769068 0x00109DB8 0x001057B8 0x00000264
RegEnumValueW - 0x0076906C 0x00109DBC 0x001057BC 0x0000027A
RegEnumKeyW - 0x00769070 0x00109DC0 0x001057C0 0x00000278
RegDeleteKeyW - 0x00769074 0x00109DC4 0x001057C4 0x0000026C
RegDeleteValueW - 0x00769078 0x00109DC8 0x001057C8 0x00000270
CryptSetProvParam - 0x0076907C 0x00109DCC 0x001057CC 0x000000DE
CryptGenRandom - 0x00769080 0x00109DD0 0x001057D0 0x000000D1
CryptCreateHash - 0x00769084 0x00109DD4 0x001057D4 0x000000C3
CryptVerifySignatureW - 0x00769088 0x00109DD8 0x001057D8 0x000000E6
CryptHashData - 0x0076908C 0x00109DDC 0x001057DC 0x000000D8
CryptDestroyHash - 0x00769090 0x00109DE0 0x001057E0 0x000000C6
CryptSetKeyParam - 0x00769094 0x00109DE4 0x001057E4 0x000000DD
CryptDecrypt - 0x00769098 0x00109DE8 0x001057E8 0x000000C4
CryptImportKey - 0x0076909C 0x00109DEC 0x001057EC 0x000000DA
RegOpenKeyW - 0x007690A0 0x00109DF0 0x001057F0 0x0000028C
CryptGetHashParam - 0x007690A4 0x00109DF4 0x001057F4 0x000000D4
CryptDuplicateKey - 0x007690A8 0x00109DF8 0x001057F8 0x000000C9
CryptEncrypt - 0x007690AC 0x00109DFC 0x001057FC 0x000000CA
CryptGenKey - 0x007690B0 0x00109E00 0x00105800 0x000000D0
GetSidSubAuthorityCount - 0x007690B4 0x00109E04 0x00105804 0x0000016C
GetSidSubAuthority - 0x007690B8 0x00109E08 0x00105808 0x0000016B
GetSidIdentifierAuthority - 0x007690BC 0x00109E0C 0x0010580C 0x00000169
CryptContextAddRef - 0x007690C0 0x00109E10 0x00105810 0x000000C2
SetNamedSecurityInfoW - 0x007690C4 0x00109E14 0x00105814 0x000002DE
AddAccessDeniedAce - 0x007690C8 0x00109E18 0x00105818 0x00000013
AddAccessAllowedAce - 0x007690CC 0x00109E1C 0x0010581C 0x00000010
AddAccessDeniedObjectAce - 0x007690D0 0x00109E20 0x00105820 0x00000015
AddAccessAllowedObjectAce - 0x007690D4 0x00109E24 0x00105824 0x00000012
AddAce - 0x007690D8 0x00109E28 0x00105828 0x00000016
InitializeAcl - 0x007690DC 0x00109E2C 0x0010582C 0x0000018D
LsaStorePrivateData - 0x007690E0 0x00109E30 0x00105830 0x000001F2
LsaRetrievePrivateData - 0x007690E4 0x00109E34 0x00105834 0x000001E6
RegConnectRegistryW - 0x007690E8 0x00109E38 0x00105838 0x0000025C
AdjustTokenPrivileges - 0x007690EC 0x00109E3C 0x0010583C 0x0000001F
ConvertStringSecurityDescriptorToSecurityDescriptorW - 0x007690F0 0x00109E40 0x00105840 0x00000081
ConvertSecurityDescriptorToStringSecurityDescriptorW - 0x007690F4 0x00109E44 0x00105844 0x00000079
CryptEnumProvidersA - 0x007690F8 0x00109E48 0x00105848 0x000000CD
CryptGetDefaultProviderW - 0x007690FC 0x00109E4C 0x0010584C 0x000000D3
LogonUserExW - 0x00769100 0x00109E50 0x00105850 0x000001A3
ImpersonateLoggedOnUser - 0x00769104 0x00109E54 0x00105854 0x0000018A
CreateWellKnownSid - 0x00769108 0x00109E58 0x00105858 0x00000092
MakeAbsoluteSD - 0x0076910C 0x00109E5C 0x0010585C 0x000001FC
MakeSelfRelativeSD - 0x00769110 0x00109E60 0x00105860 0x000001FE
LsaClose - 0x00769114 0x00109E64 0x00105864 0x000001B4
LsaFreeMemory - 0x00769118 0x00109E68 0x00105868 0x000001C2
LsaOpenPolicy - 0x0076911C 0x00109E6C 0x0010586C 0x000001D6
FreeSid - 0x00769120 0x00109E70 0x00105870 0x00000133
CheckTokenMembership - 0x00769124 0x00109E74 0x00105874 0x0000005F
DuplicateToken - 0x00769128 0x00109E78 0x00105878 0x000000EE
OpenThreadToken - 0x0076912C 0x00109E7C 0x0010587C 0x00000219
ConvertStringSidToSidW - 0x00769130 0x00109E80 0x00105880 0x00000083
AllocateAndInitializeSid - 0x00769134 0x00109E84 0x00105884 0x00000020
SetSecurityDescriptorDacl - 0x00769138 0x00109E88 0x00105888 0x000002E3
SetEntriesInAclW - 0x0076913C 0x00109E8C 0x0010588C 0x000002D3
GetSecurityDescriptorDacl - 0x00769140 0x00109E90 0x00105890 0x0000015C
DeleteAce - 0x00769144 0x00109E94 0x00105894 0x000000E9
EqualSid - 0x00769148 0x00109E98 0x00105898 0x00000118
GetAce - 0x0076914C 0x00109E9C 0x0010589C 0x00000136
GetAclInformation - 0x00769150 0x00109EA0 0x001058A0 0x00000137
SetSecurityDescriptorOwner - 0x00769154 0x00109EA4 0x001058A4 0x000002E5
InitializeSecurityDescriptor - 0x00769158 0x00109EA8 0x001058A8 0x0000018E
GetSecurityDescriptorControl - 0x0076915C 0x00109EAC 0x001058AC 0x0000015B
CryptSignHashW - 0x00769160 0x00109EB0 0x001058B0 0x000000E4
CryptSetHashParam - 0x00769164 0x00109EB4 0x001058B4 0x000000DC
CryptExportKey - 0x00769168 0x00109EB8 0x001058B8 0x000000CF
CryptDuplicateHash - 0x0076916C 0x00109EBC 0x001058BC 0x000000C8
KERNEL32.dll (127)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateThreadpoolTimer - 0x00769384 0x0010A0D4 0x00105AD4 0x000000EB
GetFullPathNameW - 0x00769388 0x0010A0D8 0x00105AD8 0x0000024A
CloseThreadpoolTimer - 0x0076938C 0x0010A0DC 0x00105ADC 0x00000085
CloseThreadpoolWait - 0x00769390 0x0010A0E0 0x00105AE0 0x00000086
FindCloseChangeNotification - 0x00769394 0x0010A0E4 0x00105AE4 0x00000169
FindNextChangeNotification - 0x00769398 0x0010A0E8 0x00105AE8 0x0000017C
SetThreadpoolWait - 0x0076939C 0x0010A0EC 0x00105AEC 0x0000054F
SetThreadpoolTimer - 0x007693A0 0x0010A0F0 0x00105AF0 0x0000054D
MultiByteToWideChar - 0x007693A4 0x0010A0F4 0x00105AF4 0x000003D8
VerifyVersionInfoW - 0x007693A8 0x0010A0F8 0x00105AF8 0x000005AA
VerSetConditionMask - 0x007693AC 0x0010A0FC 0x00105AFC 0x000005A6
LeaveCriticalSection - 0x007693B0 0x0010A100 0x00105B00 0x000003A8
SetConsoleCtrlHandler - 0x007693B4 0x0010A104 0x00105B04 0x000004D0
EnterCriticalSection - 0x007693B8 0x0010A108 0x00105B08 0x00000125
SetEndOfFile - 0x007693BC 0x0010A10C 0x00105B0C 0x000004F7
WriteFile - 0x007693C0 0x0010A110 0x00105B10 0x000005F4
LockResource - 0x007693C4 0x0010A114 0x00105B14 0x000003C4
SizeofResource - 0x007693C8 0x0010A118 0x00105B18 0x00000561
LoadResource - 0x007693CC 0x0010A11C 0x00105B1C 0x000003B2
FindResourceW - 0x007693D0 0x0010A120 0x00105B20 0x00000189
GetVersionExW - 0x007693D4 0x0010A124 0x00105B24 0x00000309
GetComputerNameExW - 0x007693D8 0x0010A128 0x00105B28 0x000001D1
GetComputerNameW - 0x007693DC 0x0010A12C 0x00105B2C 0x000001D2
SetFilePointer - 0x007693E0 0x0010A130 0x00105B30 0x00000509
GetFileSize - 0x007693E4 0x0010A134 0x00105B34 0x0000023C
CreateFileW - 0x007693E8 0x0010A138 0x00105B38 0x000000C0
ReadFile - 0x007693EC 0x0010A13C 0x00105B3C 0x0000045B
FindFirstChangeNotificationW - 0x007693F0 0x0010A140 0x00105B40 0x0000016B
FindNextFileW - 0x007693F4 0x0010A144 0x00105B44 0x0000017F
FindFirstFileW - 0x007693F8 0x0010A148 0x00105B48 0x00000173
Sleep - 0x007693FC 0x0010A14C 0x00105B4C 0x00000562
GetTickCount - 0x00769400 0x0010A150 0x00105B50 0x000002F6
LoadLibraryW - 0x00769404 0x0010A154 0x00105B54 0x000003AF
DecodePointer - 0x00769408 0x0010A158 0x00105B58 0x000000FD
EncodePointer - 0x0076940C 0x0010A15C 0x00105B5C 0x00000121
GetFileAttributesExW - 0x00769410 0x0010A160 0x00105B60 0x00000233
GetLastError - 0x00769414 0x0010A164 0x00105B64 0x00000251
GetTickCount64 - 0x00769418 0x0010A168 0x00105B68 0x000002F7
PulseEvent - 0x0076941C 0x0010A16C 0x00105B6C 0x00000426
OpenEventW - 0x00769420 0x0010A170 0x00105B70 0x000003EA
GetSystemDefaultUILanguage - 0x00769424 0x0010A174 0x00105B74 0x000002CE
GetUserDefaultUILanguage - 0x00769428 0x0010A178 0x00105B78 0x00000303
LocalReAlloc - 0x0076942C 0x0010A17C 0x00105B7C 0x000003BC
GetModuleHandleW - 0x00769430 0x0010A180 0x00105B80 0x00000268
RaiseException - 0x00769434 0x0010A184 0x00105B84 0x0000044B
DeleteCriticalSection - 0x00769438 0x0010A188 0x00105B88 0x00000104
InitializeCriticalSection - 0x0076943C 0x0010A18C 0x00105B8C 0x0000034B
GetSystemDefaultLangID - 0x00769440 0x0010A190 0x00105B90 0x000002CC
FormatMessageW - 0x00769444 0x0010A194 0x00105B94 0x0000019A
HeapAlloc - 0x00769448 0x0010A198 0x00105B98 0x00000333
HeapFree - 0x0076944C 0x0010A19C 0x00105B9C 0x00000337
GetProcessHeap - 0x00769450 0x0010A1A0 0x00105BA0 0x000002A4
lstrcmpW - 0x00769454 0x0010A1A4 0x00105BA4 0x00000612
DeleteFileW - 0x00769458 0x0010A1A8 0x00105BA8 0x00000109
GetProcAddress - 0x0076945C 0x0010A1AC 0x00105BAC 0x0000029E
SetLastError - 0x00769460 0x0010A1B0 0x00105BB0 0x00000519
FindClose - 0x00769464 0x0010A1B4 0x00105BB4 0x00000168
GetCurrentProcess - 0x00769468 0x0010A1B8 0x00105BB8 0x0000020A
CreateSemaphoreW - 0x0076946C 0x0010A1BC 0x00105BBC 0x000000E0
CreateEventW - 0x00769470 0x0010A1C0 0x00105BC0 0x000000B4
GetEnvironmentVariableW - 0x00769474 0x0010A1C4 0x00105BC4 0x0000022A
GetTempFileNameW - 0x00769478 0x0010A1C8 0x00105BC8 0x000002E4
SetConsoleMode - 0x0076947C 0x0010A1CC 0x00105BCC 0x000004E0
GetStartupInfoW - 0x00769480 0x0010A1D0 0x00105BD0 0x000002C0
UnhandledExceptionFilter - 0x00769484 0x0010A1D4 0x00105BD4 0x00000592
SetUnhandledExceptionFilter - 0x00769488 0x0010A1D8 0x00105BD8 0x00000553
TerminateProcess - 0x0076948C 0x0010A1DC 0x00105BDC 0x00000571
TrySubmitThreadpoolCallback - 0x00769490 0x0010A1E0 0x00105BE0 0x0000058D
ReleaseSemaphore - 0x00769494 0x0010A1E4 0x00105BE4 0x0000049C
SetEvent - 0x00769498 0x0010A1E8 0x00105BE8 0x000004FD
CreateThreadpoolWait - 0x0076949C 0x0010A1EC 0x00105BEC 0x000000EC
GetModuleHandleA - 0x007694A0 0x0010A1F0 0x00105BF0 0x00000265
LocalFree - 0x007694A4 0x0010A1F4 0x00105BF4 0x000003B9
GetSystemTime - 0x007694A8 0x0010A1F8 0x00105BF8 0x000002D7
SystemTimeToFileTime - 0x007694AC 0x0010A1FC 0x00105BFC 0x0000056D
GetSystemTimeAsFileTime - 0x007694B0 0x0010A200 0x00105C00 0x000002D9
LocalAlloc - 0x007694B4 0x0010A204 0x00105C04 0x000003B5
GetFileAttributesW - 0x007694B8 0x0010A208 0x00105C08 0x00000236
FreeLibrary - 0x007694BC 0x0010A20C 0x00105C0C 0x0000019E
CompareFileTime - 0x007694C0 0x0010A210 0x00105C10 0x0000008C
CreateThread - 0x007694C4 0x0010A214 0x00105C14 0x000000E7
WaitForSingleObject - 0x007694C8 0x0010A218 0x00105C18 0x000005BC
GetExitCodeThread - 0x007694CC 0x0010A21C 0x00105C1C 0x0000022E
CloseHandle - 0x007694D0 0x0010A220 0x00105C20 0x0000007C
GetStdHandle - 0x007694D4 0x0010A224 0x00105C24 0x000002C2
GetFileType - 0x007694D8 0x0010A228 0x00105C28 0x0000023F
QueryPerformanceCounter - 0x007694DC 0x0010A22C 0x00105C2C 0x00000436
GetCurrentProcessId - 0x007694E0 0x0010A230 0x00105C30 0x0000020B
GetCurrentThreadId - 0x007694E4 0x0010A234 0x00105C34 0x0000020F
OutputDebugStringA - 0x007694E8 0x0010A238 0x00105C38 0x00000401
WideCharToMultiByte - 0x007694EC 0x0010A23C 0x00105C3C 0x000005E0
GetACP - 0x007694F0 0x0010A240 0x00105C40 0x000001A5
WriteConsoleW - 0x007694F4 0x0010A244 0x00105C44 0x000005F3
FileTimeToSystemTime - 0x007694F8 0x0010A248 0x00105C48 0x0000015D
GetConsoleMode - 0x007694FC 0x0010A24C 0x00105C4C 0x000001EF
DelayLoadFailureHook - 0x00769500 0x0010A250 0x00105C50 0x00000101
GetLocaleInfoW - 0x00769504 0x0010A254 0x00105C54 0x00000255
FindResourceExW - 0x00769508 0x0010A258 0x00105C58 0x00000188
SearchPathW - 0x0076950C 0x0010A25C 0x00105C5C 0x000004BF
LoadLibraryExA - 0x00769510 0x0010A260 0x00105C60 0x000003AD
GetProfileStringA - 0x00769514 0x0010A264 0x00105C64 0x000002B8
ResetEvent - 0x00769518 0x0010A268 0x00105C68 0x000004AE
GetFileTime - 0x0076951C 0x0010A26C 0x00105C6C 0x0000023E
lstrlenW - 0x00769520 0x0010A270 0x00105C70 0x0000061E
GetCommandLineW - 0x00769524 0x0010A274 0x00105C74 0x000001CA
VirtualFree - 0x00769528 0x0010A278 0x00105C78 0x000005AE
VirtualAlloc - 0x0076952C 0x0010A27C 0x00105C7C 0x000005AB
GetTempPathW - 0x00769530 0x0010A280 0x00105C80 0x000002E6
GetLocalTime - 0x00769534 0x0010A284 0x00105C84 0x00000252
OpenProcess - 0x00769538 0x0010A288 0x00105C88 0x000003F6
HeapSetInformation - 0x0076953C 0x0010A28C 0x00105C8C 0x0000033B
LoadLibraryExW - 0x00769540 0x0010A290 0x00105C90 0x000003AE
GetSystemDirectoryW - 0x00769544 0x0010A294 0x00105C94 0x000002D0
CompareStringW - 0x00769548 0x0010A298 0x00105C98 0x00000090
UnmapViewOfFile - 0x0076954C 0x0010A29C 0x00105C9C 0x00000595
MapViewOfFile - 0x00769550 0x0010A2A0 0x00105CA0 0x000003C7
CreateFileMappingW - 0x00769554 0x0010A2A4 0x00105CA4 0x000000BD
GetSystemInfo - 0x00769558 0x0010A2A8 0x00105CA8 0x000002D3
GetCurrentThread - 0x0076955C 0x0010A2AC 0x00105CAC 0x0000020E
FoldStringW - 0x00769560 0x0010A2B0 0x00105CB0 0x00000197
CreateDirectoryW - 0x00769564 0x0010A2B4 0x00105CB4 0x000000AF
RemoveDirectoryW - 0x00769568 0x0010A2B8 0x00105CB8 0x000004A1
GetConsoleOutputCP - 0x0076956C 0x0010A2BC 0x00105CBC 0x000001F3
GetTimeFormatW - 0x00769570 0x0010A2C0 0x00105CC0 0x000002FB
GetDateFormatW - 0x00769574 0x0010A2C4 0x00105CC4 0x00000214
FileTimeToLocalFileTime - 0x00769578 0x0010A2C8 0x00105CC8 0x0000015C
LocalFileTimeToFileTime - 0x0076957C 0x0010A2CC 0x00105CCC 0x000003B7
msvcrt.dll (108)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__dllonexit - 0x007698A4 0x0010A5F4 0x00105FF4 0x0000009D
_unlock - 0x007698A8 0x0010A5F8 0x00105FF8 0x000003C4
_lock - 0x007698AC 0x0010A5FC 0x00105FFC 0x00000260
?terminate@@YAXXZ - 0x007698B0 0x0010A600 0x00106000 0x00000035
__CxxFrameHandler3 - 0x007698B4 0x0010A604 0x00106004 0x00000079
realloc - 0x007698B8 0x0010A608 0x00106008 0x0000051E
_errno - 0x007698BC 0x0010A60C 0x0010600C 0x00000167
??1type_info@@UAE@XZ - 0x007698C0 0x0010A610 0x00106010 0x00000011
_wcmdln - 0x007698C4 0x0010A614 0x00106014 0x00000405
_initterm - 0x007698C8 0x0010A618 0x00106018 0x000001E8
_onexit - 0x007698CC 0x0010A61C 0x0010601C 0x00000309
__p__fmode - 0x007698D0 0x0010A620 0x00106020 0x000000CE
_cexit - 0x007698D4 0x0010A624 0x00106024 0x00000124
_exit - 0x007698D8 0x0010A628 0x00106028 0x00000173
exit - 0x007698DC 0x0010A62C 0x0010602C 0x000004AE
__set_app_type - 0x007698E0 0x0010A630 0x00106030 0x000000E2
__wgetmainargs - 0x007698E4 0x0010A634 0x00106034 0x000000F1
_amsg_exit - 0x007698E8 0x0010A638 0x00106038 0x00000111
__p__commode - 0x007698EC 0x0010A63C 0x0010603C 0x000000C9
_XcptFilter - 0x007698F0 0x0010A640 0x00106040 0x0000006F
_CxxThrowException - 0x007698F4 0x0010A644 0x00106044 0x00000064
_callnewh - 0x007698F8 0x0010A648 0x00106048 0x00000122
__setusermatherr - 0x007698FC 0x0010A64C 0x0010604C 0x000000E4
_controlfp - 0x00769900 0x0010A650 0x00106050 0x00000137
_itoa_s - 0x00769904 0x0010A654 0x00106054 0x00000245
memset - 0x00769908 0x0010A658 0x00106058 0x0000050D
memcpy - 0x0076990C 0x0010A65C 0x0010605C 0x00000509
wcscpy_s - 0x00769910 0x0010A660 0x00106060 0x00000574
towupper - 0x00769914 0x0010A664 0x00106064 0x0000055B
iswlower - 0x00769918 0x0010A668 0x00106068 0x000004EE
towlower - 0x0076991C 0x0010A66C 0x0010606C 0x0000055A
iswupper - 0x00769920 0x0010A670 0x00106070 0x000004F2
sscanf_s - 0x00769924 0x0010A674 0x00106074 0x0000052F
_except_handler4_common - 0x00769928 0x0010A678 0x00106078 0x0000016A
strcat_s - 0x0076992C 0x0010A67C 0x0010607C 0x00000531
strcpy_s - 0x00769930 0x0010A680 0x00106080 0x00000536
strspn - 0x00769934 0x0010A684 0x00106084 0x00000544
fwrite - 0x00769938 0x0010A688 0x00106088 0x000004D0
ftell - 0x0076993C 0x0010A68C 0x0010608C 0x000004CD
_fileno - 0x00769940 0x0010A690 0x00106090 0x00000180
_setmode - 0x00769944 0x0010A694 0x00106094 0x0000034A
wcstoul - 0x00769948 0x0010A698 0x00106098 0x0000058A
fgetws - 0x0076994C 0x0010A69C 0x0010609C 0x000004B9
feof - 0x00769950 0x0010A6A0 0x001060A0 0x000004B2
fgetc - 0x00769954 0x0010A6A4 0x001060A4 0x000004B5
_wfopen - 0x00769958 0x0010A6A8 0x001060A8 0x00000446
fputws - 0x0076995C 0x0010A6AC 0x001060AC 0x000004C3
atoi - 0x00769960 0x0010A6B0 0x001060B0 0x0000049F
isdigit - 0x00769964 0x0010A6B4 0x001060B4 0x000004DF
_wgetenv - 0x00769968 0x0010A6B8 0x001060B8 0x0000044F
iswxdigit - 0x0076996C 0x0010A6BC 0x001060BC 0x000004F3
_wsetlocale - 0x00769970 0x0010A6C0 0x001060C0 0x0000046D
iswalpha - 0x00769974 0x0010A6C4 0x001060C4 0x000004E8
isxdigit - 0x00769978 0x0010A6C8 0x001060C8 0x000004F4
__isascii - 0x0076997C 0x0010A6CC 0x001060CC 0x000000A4
gmtime - 0x00769980 0x0010A6D0 0x001060D0 0x000004DA
vfwprintf - 0x00769984 0x0010A6D4 0x001060D4 0x00000561
iswspace - 0x00769988 0x0010A6D8 0x001060D8 0x000004F1
__iob_func - 0x0076998C 0x0010A6DC 0x001060DC 0x000000A3
?what@exception@@UBEPBDXZ - 0x00769990 0x0010A6E0 0x001060E0 0x00000037
??1exception@@UAE@XZ - 0x00769994 0x0010A6E4 0x001060E4 0x00000010
??0exception@@QAE@ABV0@@Z - 0x00769998 0x0010A6E8 0x001060E8 0x0000000B
??0exception@@QAE@XZ - 0x0076999C 0x0010A6EC 0x001060EC 0x0000000C
malloc - 0x007699A0 0x0010A6F0 0x001060F0 0x000004FD
fprintf - 0x007699A4 0x0010A6F4 0x001060F4 0x000004BE
_strlwr - 0x007699A8 0x0010A6F8 0x001060F8 0x00000380
_swab - 0x007699AC 0x0010A6FC 0x001060FC 0x0000039D
strpbrk - 0x007699B0 0x0010A700 0x00106100 0x00000542
_strnicmp - 0x007699B4 0x0010A704 0x00106104 0x00000386
_vsnwprintf - 0x007699B8 0x0010A708 0x00106108 0x000003EC
iswdigit - 0x007699BC 0x0010A70C 0x0010610C 0x000004EC
wcsrchr - 0x007699C0 0x0010A710 0x00106110 0x0000057F
wcschr - 0x007699C4 0x0010A714 0x00106114 0x00000570
memmove - 0x007699C8 0x0010A718 0x00106118 0x0000050B
wcstok - 0x007699CC 0x0010A71C 0x0010611C 0x00000585
fwprintf - 0x007699D0 0x0010A720 0x00106120 0x000004CE
_wfopen_s - 0x007699D4 0x0010A724 0x00106124 0x00000447
fclose - 0x007699D8 0x0010A728 0x00106128 0x000004B1
_purecall - 0x007699DC 0x0010A72C 0x0010612C 0x0000031A
fflush - 0x007699E0 0x0010A730 0x00106130 0x000004B4
_fgetwchar - 0x007699E4 0x0010A734 0x00106134 0x0000017B
wcsspn - 0x007699E8 0x0010A738 0x00106138 0x00000582
_wcsnicmp - 0x007699EC 0x0010A73C 0x0010613C 0x00000417
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z - 0x007699F0 0x0010A740 0x00106140 0x0000002E
qsort - 0x007699F4 0x0010A744 0x00106144 0x00000519
wcscspn - 0x007699F8 0x0010A748 0x00106148 0x00000575
getenv - 0x007699FC 0x0010A74C 0x0010614C 0x000004D5
free - 0x00769A00 0x0010A750 0x00106150 0x000004C5
_wcsicmp - 0x00769A04 0x0010A754 0x00106154 0x0000040D
memcmp - 0x00769A08 0x0010A758 0x00106158 0x00000508
swscanf - 0x00769A0C 0x0010A75C 0x0010615C 0x0000054E
_stricmp - 0x00769A10 0x0010A760 0x00106160 0x0000037C
_wtoi - 0x00769A14 0x0010A764 0x00106164 0x00000488
_vsnprintf - 0x00769A18 0x0010A768 0x00106168 0x000003E6
_wcslwr - 0x00769A1C 0x0010A76C 0x0010616C 0x00000411
strncmp - 0x00769A20 0x0010A770 0x00106170 0x0000053E
strcspn - 0x00769A24 0x0010A774 0x00106174 0x00000537
wcsstr - 0x00769A28 0x0010A778 0x00106178 0x00000583
strstr - 0x00769A2C 0x0010A77C 0x0010617C 0x00000545
wcsncmp - 0x00769A30 0x0010A780 0x00106180 0x0000057A
_ultow - 0x00769A34 0x0010A784 0x00106184 0x000003BC
bsearch - 0x00769A38 0x0010A788 0x00106188 0x000004A1
fopen - 0x00769A3C 0x0010A78C 0x0010618C 0x000004BC
fgets - 0x00769A40 0x0010A790 0x00106190 0x000004B7
strchr - 0x00769A44 0x0010A794 0x00106194 0x00000532
fputs - 0x00769A48 0x0010A798 0x00106198 0x000004C1
fseek - 0x00769A4C 0x0010A79C 0x0010619C 0x000004CB
ferror - 0x00769A50 0x0010A7A0 0x001061A0 0x000004B3
certcli.dll (71)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x000000D2 0x00769784 0x0010A4D4 0x00105ED4 -
None 0x00000167 0x00769788 0x0010A4D8 0x00105ED8 -
None 0x000000CF 0x0076978C 0x0010A4DC 0x00105EDC -
None 0x00000166 0x00769790 0x0010A4E0 0x00105EE0 -
None 0x000000E1 0x00769794 0x0010A4E4 0x00105EE4 -
None 0x000000F6 0x00769798 0x0010A4E8 0x00105EE8 -
None 0x000000DF 0x0076979C 0x0010A4EC 0x00105EEC -
None 0x00000168 0x007697A0 0x0010A4F0 0x00105EF0 -
None 0x000000D5 0x007697A4 0x0010A4F4 0x00105EF4 -
None 0x000000CD 0x007697A8 0x0010A4F8 0x00105EF8 -
None 0x00000164 0x007697AC 0x0010A4FC 0x00105EFC -
CAEnumCertTypesEx - 0x007697B0 0x0010A500 0x00105F00 0x0000001C
CAFindCertTypeByName - 0x007697B4 0x0010A504 0x00105F04 0x00000025
None 0x00000102 0x007697B8 0x0010A508 0x00105F08 -
CAGetCertTypeFlagsEx - 0x007697BC 0x0010A50C 0x00105F0C 0x00000032
CAGetCertTypePropertyEx - 0x007697C0 0x0010A510 0x00105F10 0x00000035
CAFreeCertTypeProperty - 0x007697C4 0x0010A514 0x00105F14 0x00000028
CAGetCertTypeKeySpec - 0x007697C8 0x0010A518 0x00105F18 0x00000033
CAGetCertTypeExpiration - 0x007697CC 0x0010A51C 0x00105F1C 0x0000002E
CACertTypeGetSecurity - 0x007697D0 0x0010A520 0x00105F20 0x00000007
CAGetCertTypeExtensions - 0x007697D4 0x0010A524 0x00105F24 0x0000002F
CAFreeCertTypeExtensions - 0x007697D8 0x0010A528 0x00105F28 0x00000027
CAEnumCertTypesForCAEx - 0x007697DC 0x0010A52C 0x00105F2C 0x0000001E
CAGetCertTypeProperty - 0x007697E0 0x0010A530 0x00105F30 0x00000034
CACertTypeAccessCheckEx - 0x007697E4 0x0010A534 0x00105F34 0x00000005
CAEnumNextCertType - 0x007697E8 0x0010A538 0x00105F38 0x00000021
CACloseCertType - 0x007697EC 0x0010A53C 0x00105F3C 0x0000000E
None 0x00000175 0x007697F0 0x0010A540 0x00105F40 -
CAEnumFirstCA - 0x007697F4 0x0010A544 0x00105F44 0x0000001F
CAFindByName - 0x007697F8 0x0010A548 0x00105F48 0x00000024
CAGetCAProperty - 0x007697FC 0x0010A54C 0x00105F4C 0x0000002C
CAFreeCAProperty - 0x00769800 0x0010A550 0x00105F50 0x00000026
CAEnumNextCA - 0x00769804 0x0010A554 0x00105F54 0x00000020
CACloseCA - 0x00769808 0x0010A558 0x00105F58 0x0000000D
None 0x0000016A 0x0076980C 0x0010A55C 0x00105F5C -
CAGetCAFlags - 0x00769810 0x0010A560 0x00105F60 0x0000002B
CAGetCAExpiration - 0x00769814 0x0010A564 0x00105F64 0x0000002A
CAAccessCheck - 0x00769818 0x0010A568 0x00105F68 0x00000000
None 0x00000169 0x0076981C 0x0010A56C 0x00105F6C -
CAGetCACertificate - 0x00769820 0x0010A570 0x00105F70 0x00000029
CAGetCASecurity - 0x00769824 0x0010A574 0x00105F74 0x0000002D
CASetCAProperty - 0x00769828 0x0010A578 0x00105F78 0x0000004E
CAUpdateCAEx - 0x0076982C 0x0010A57C 0x00105F7C 0x00000058
CAFindByCertType - 0x00769830 0x0010A580 0x00105F80 0x00000022
None 0x00000100 0x00769834 0x0010A584 0x00105F84 -
None 0x00000101 0x00769838 0x0010A588 0x00105F88 -
None 0x000000DA 0x0076983C 0x0010A58C 0x00105F8C -
None 0x000000FF 0x00769840 0x0010A590 0x00105F90 -
None 0x000000FE 0x00769844 0x0010A594 0x00105F94 -
CAEnumCertTypesForCA - 0x00769848 0x0010A598 0x00105F98 0x0000001D
CACountCertTypes - 0x0076984C 0x0010A59C 0x00105F9C 0x00000010
CACertTypeAccessCheck - 0x00769850 0x0010A5A0 0x00105FA0 0x00000004
CACountCAs - 0x00769854 0x0010A5A4 0x00105FA4 0x0000000F
None 0x000000D9 0x00769858 0x0010A5A8 0x00105FA8 -
None 0x000000F5 0x0076985C 0x0010A5AC 0x00105FAC -
None 0x00000172 0x00769860 0x0010A5B0 0x00105FB0 -
CACreateNewCA - 0x00769864 0x0010A5B4 0x00105FB4 0x00000014
CASetCAFlags - 0x00769868 0x0010A5B8 0x00105FB8 0x0000004D
CASetCACertificate - 0x0076986C 0x0010A5BC 0x00105FBC 0x0000004B
CASetCASecurity - 0x00769870 0x0010A5C0 0x00105FC0 0x0000004F
None 0x0000016E 0x00769874 0x0010A5C4 0x00105FC4 -
CARemoveCACertificateTypeEx - 0x00769878 0x0010A5C8 0x00105FC8 0x0000004A
CAAddCACertificateTypeEx - 0x0076987C 0x0010A5CC 0x00105FCC 0x00000003
CAUpdateCA - 0x00769880 0x0010A5D0 0x00105FD0 0x00000057
None 0x000000FC 0x00769884 0x0010A5D4 0x00105FD4 -
None 0x00000105 0x00769888 0x0010A5D8 0x00105FD8 -
None 0x00000104 0x0076988C 0x0010A5DC 0x00105FDC -
None 0x000000FD 0x00769890 0x0010A5E0 0x00105FE0 -
None 0x000000CB 0x00769894 0x0010A5E4 0x00105FE4 -
None 0x000000F7 0x00769898 0x0010A5E8 0x00105FE8 -
None 0x00000165 0x0076989C 0x0010A5EC 0x00105FEC -
CRYPT32.dll (118)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptEncodeObjectEx - 0x0076917C 0x00109ECC 0x001058CC 0x00000089
CryptFindOIDInfo - 0x00769180 0x00109ED0 0x001058D0 0x00000095
CertGetCertificateContextProperty - 0x00769184 0x00109ED4 0x001058D4 0x00000046
CertFreeCertificateContext - 0x00769188 0x00109ED8 0x001058D8 0x00000040
CertFindExtension - 0x0076918C 0x00109EDC 0x001058DC 0x00000037
CertDuplicateCertificateContext - 0x00769190 0x00109EE0 0x001058E0 0x00000025
CertCloseStore - 0x00769194 0x00109EE4 0x001058E4 0x00000012
CertEnumCRLsInStore - 0x00769198 0x00109EE8 0x001058E8 0x00000028
CertFreeCRLContext - 0x0076919C 0x00109EEC 0x001058EC 0x0000003B
CertCreateCRLContext - 0x007691A0 0x00109EF0 0x001058F0 0x00000018
PFXExportCertStoreEx - 0x007691A4 0x00109EF4 0x001058F4 0x00000126
PFXExportCertStore - 0x007691A8 0x00109EF8 0x001058F8 0x00000124
CryptFreeOIDFunctionAddress - 0x007691AC 0x00109EFC 0x001058FC 0x00000097
CryptGetOIDFunctionAddress - 0x007691B0 0x00109F00 0x00105900 0x0000009E
CryptInitOIDFunctionSet - 0x007691B4 0x00109F04 0x00105904 0x000000A9
CertNameToStrW - 0x007691B8 0x00109F08 0x00105908 0x00000056
CertStrToNameW - 0x007691BC 0x00109F0C 0x0010590C 0x00000070
CryptFormatObject - 0x007691C0 0x00109F10 0x00105910 0x00000096
CryptDecryptMessage - 0x007691C4 0x00109F14 0x00105914 0x00000087
CryptEncryptMessage - 0x007691C8 0x00109F18 0x00105918 0x0000008A
CryptSignMessage - 0x007691CC 0x00109F1C 0x0010591C 0x000000E1
CertAddCertificateLinkToStore - 0x007691D0 0x00109F20 0x00105920 0x00000005
CertGetIntendedKeyUsage - 0x007691D4 0x00109F24 0x00105924 0x00000048
CryptHashPublicKeyInfo - 0x007691D8 0x00109F28 0x00105928 0x000000A3
CryptSignCertificate - 0x007691DC 0x00109F2C 0x0010592C 0x000000DF
CryptExportPublicKeyInfoEx - 0x007691E0 0x00109F30 0x00105930 0x00000091
CryptMsgOpenToDecode - 0x007691E4 0x00109F34 0x00105934 0x000000B9
CryptStringToBinaryW - 0x007691E8 0x00109F38 0x00105938 0x000000E4
CryptSignAndEncodeCertificate - 0x007691EC 0x00109F3C 0x0010593C 0x000000DD
CryptImportPublicKeyInfoEx2 - 0x007691F0 0x00109F40 0x00105940 0x000000A8
CertDuplicateStore - 0x007691F4 0x00109F44 0x00105944 0x00000026
CryptMsgUpdate - 0x007691F8 0x00109F48 0x00105948 0x000000BC
CryptMsgOpenToEncode - 0x007691FC 0x00109F4C 0x0010594C 0x000000BA
CertOpenServerOcspResponse - 0x00769200 0x00109F50 0x00105950 0x00000058
I_CryptWalkAllLruCacheEntries - 0x00769204 0x00109F54 0x00105954 0x00000122
I_CryptRemoveLruEntry - 0x00769208 0x00109F58 0x00105958 0x0000011C
I_CryptGetLruEntryData - 0x0076920C 0x00109F5C 0x0010595C 0x00000112
I_CryptFindLruEntry - 0x00769210 0x00109F60 0x00105960 0x00000107
I_CryptReleaseLruEntry - 0x00769214 0x00109F64 0x00105964 0x0000011B
I_CryptInsertLruEntry - 0x00769218 0x00109F68 0x00105968 0x00000116
I_CryptCreateLruEntry - 0x0076921C 0x00109F6C 0x0010596C 0x00000102
CertCloseServerOcspResponse - 0x00769220 0x00109F70 0x00105970 0x00000011
I_CryptFreeLruCache - 0x00769224 0x00109F74 0x00105974 0x0000010B
I_CryptCreateLruCache - 0x00769228 0x00109F78 0x00105978 0x00000101
CryptMsgEncodeAndSignCTL - 0x0076922C 0x00109F7C 0x0010597C 0x000000B6
CertGetNameStringA - 0x00769230 0x00109F80 0x00105980 0x0000004A
CertSetCertificateContextPropertiesFromCTLEntry - 0x00769234 0x00109F84 0x00105984 0x0000006B
CertCreateContext - 0x00769238 0x00109F88 0x00105988 0x0000001D
I_CertProtectFunction - 0x0076923C 0x00109F8C 0x0010598C 0x000000F9
CertAddStoreToCollection - 0x00769240 0x00109F90 0x00105990 0x0000000F
CertVerifyCertificateChainPolicy - 0x00769244 0x00109F94 0x00105994 0x00000076
CryptMemFree - 0x00769248 0x00109F98 0x00105998 0x000000AE
CertVerifySubjectCertificateContext - 0x0076924C 0x00109F9C 0x0010599C 0x00000078
CryptVerifyCertificateSignatureEx - 0x00769250 0x00109FA0 0x001059A0 0x000000ED
CertGetEnhancedKeyUsage - 0x00769254 0x00109FA4 0x001059A4 0x00000047
CertVerifyCRLTimeValidity - 0x00769258 0x00109FA8 0x001059A8 0x00000074
CertVerifyRevocation - 0x0076925C 0x00109FAC 0x001059AC 0x00000077
CertVerifyTimeValidity - 0x00769260 0x00109FB0 0x001059B0 0x00000079
CryptVerifyCertificateSignature - 0x00769264 0x00109FB4 0x001059B4 0x000000EC
CryptEnumKeyIdentifierProperties - 0x00769268 0x00109FB8 0x001059B8 0x0000008B
CryptImportPublicKeyInfo - 0x0076926C 0x00109FBC 0x001059BC 0x000000A6
CertDuplicateCRLContext - 0x00769270 0x00109FC0 0x001059C0 0x00000022
CertDeleteCRLFromStore - 0x00769274 0x00109FC4 0x001059C4 0x0000001F
CertCreateCTLContext - 0x00769278 0x00109FC8 0x001059C8 0x00000019
CertAddCTLContextToStore - 0x0076927C 0x00109FCC 0x001059CC 0x00000002
CertAddCRLContextToStore - 0x00769280 0x00109FD0 0x001059D0 0x00000000
CertEnumSystemStore - 0x00769284 0x00109FD4 0x001059D4 0x0000002F
CertEnumSystemStoreLocation - 0x00769288 0x00109FD8 0x001059D8 0x00000030
CertEnumPhysicalStore - 0x0076928C 0x00109FDC 0x001059DC 0x0000002D
CertControlStore - 0x00769290 0x00109FE0 0x001059E0 0x00000017
CertSaveStore - 0x00769294 0x00109FE4 0x001059E4 0x00000064
CryptFindLocalizedName - 0x00769298 0x00109FE8 0x001059E8 0x00000094
CertAddSerializedElementToStore - 0x0076929C 0x00109FEC 0x001059EC 0x0000000E
CertAddEncodedCTLToStore - 0x007692A0 0x00109FF0 0x001059F0 0x00000007
CertAddEncodedCRLToStore - 0x007692A4 0x00109FF4 0x001059F4 0x00000006
CertAddEncodedCertificateToStore - 0x007692A8 0x00109FF8 0x001059F8 0x00000008
CertFreeCTLContext - 0x007692AC 0x00109FFC 0x001059FC 0x0000003C
CertSetCTLContextProperty - 0x007692B0 0x0010A000 0x00105A00 0x0000006A
CertSetCRLContextProperty - 0x007692B4 0x0010A004 0x00105A04 0x00000069
CryptFindCertificateKeyProvInfo - 0x007692B8 0x0010A008 0x00105A08 0x00000093
CryptAcquireCertificatePrivateKey - 0x007692BC 0x0010A00C 0x00105A0C 0x0000007C
CertEnumCertificateContextProperties - 0x007692C0 0x0010A010 0x00105A10 0x0000002B
CertGetCRLContextProperty - 0x007692C4 0x0010A014 0x00105A14 0x00000042
CertEnumCRLContextProperties - 0x007692C8 0x0010A018 0x00105A18 0x00000027
CertGetCTLContextProperty - 0x007692CC 0x0010A01C 0x00105A1C 0x00000044
CertEnumCTLContextProperties - 0x007692D0 0x0010A020 0x00105A20 0x00000029
CertSetStoreProperty - 0x007692D4 0x0010A024 0x00105A24 0x0000006E
CertFreeCertificateChain - 0x007692D8 0x0010A028 0x00105A28 0x0000003D
CertGetCertificateChain - 0x007692DC 0x0010A02C 0x00105A2C 0x00000045
CertComparePublicKeyInfo - 0x007692E0 0x0010A030 0x00105A30 0x00000016
CryptExportPublicKeyInfo - 0x007692E4 0x0010A034 0x00105A34 0x00000090
CertEnumCTLsInStore - 0x007692E8 0x0010A038 0x00105A38 0x0000002A
CertDeleteCertificateFromStore - 0x007692EC 0x0010A03C 0x00105A3C 0x00000021
CertGetNameStringW - 0x007692F0 0x0010A040 0x00105A40 0x0000004B
CryptDecodeObjectEx - 0x007692F4 0x0010A044 0x00105A44 0x00000085
CryptQueryObject - 0x007692F8 0x0010A048 0x00105A48 0x000000C8
CryptMsgGetParam - 0x007692FC 0x0010A04C 0x00105A4C 0x000000B8
CryptMsgGetAndVerifySigner - 0x00769300 0x0010A050 0x00105A50 0x000000B7
CryptMsgControl - 0x00769304 0x0010A054 0x00105A54 0x000000B2
CertFindCertificateInStore - 0x00769308 0x0010A058 0x00105A58 0x00000035
CertEnumCertificatesInStore - 0x0076930C 0x0010A05C 0x00105A5C 0x0000002C
PFXIsPFXBlob - 0x00769310 0x0010A060 0x00105A60 0x00000128
PFXImportCertStore - 0x00769314 0x0010A064 0x00105A64 0x00000127
CryptImportPKCS8 - 0x00769318 0x0010A068 0x00105A68 0x000000A5
CertGetPublicKeyLength - 0x0076931C 0x0010A06C 0x00105A6C 0x0000004C
CryptMsgClose - 0x00769320 0x0010A070 0x00105A70 0x000000B1
CertAddCertificateContextToStore - 0x00769324 0x0010A074 0x00105A74 0x00000004
CertSetCertificateContextProperty - 0x00769328 0x0010A078 0x00105A78 0x0000006C
CertOpenStore - 0x0076932C 0x0010A07C 0x00105A7C 0x00000059
CryptGetKeyIdentifierProperty - 0x00769330 0x0010A080 0x00105A80 0x0000009B
CertFindAttribute - 0x00769334 0x0010A084 0x00105A84 0x00000031
CryptHashCertificate2 - 0x00769338 0x0010A088 0x00105A88 0x000000A1
CryptHashCertificate - 0x0076933C 0x0010A08C 0x00105A8C 0x000000A0
CertCompareCertificateName - 0x00769340 0x0010A090 0x00105A90 0x00000014
CryptDecodeObject - 0x00769344 0x0010A094 0x00105A94 0x00000084
CryptRegisterOIDInfo - 0x00769348 0x0010A098 0x00105A98 0x000000CB
CertCreateCertificateContext - 0x0076934C 0x0010A09C 0x00105A9C 0x0000001C
CryptEnumOIDInfo - 0x00769350 0x0010A0A0 0x00105AA0 0x0000008D
Cabinet.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x00000016 0x00769368 0x0010A0B8 0x00105AB8 -
None 0x00000015 0x0076936C 0x0010A0BC 0x00105ABC -
None 0x00000014 0x00769370 0x0010A0C0 0x00105AC0 -
None 0x00000017 0x00769374 0x0010A0C4 0x00105AC4 -
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControlsEx - 0x00769174 0x00109EC4 0x001058C4 0x0000007B
CRYPTUI.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptUIDlgViewCRLW - 0x00769358 0x0010A0A8 0x00105AA8 0x00000016
CryptUIDlgFreeCAContext - 0x0076935C 0x0010A0AC 0x00105AAC 0x0000000B
CryptUIDlgViewCertificateW - 0x00769360 0x0010A0B0 0x00105AB0 0x0000001C
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStockObject - 0x0076937C 0x0010A0CC 0x00105ACC 0x0000026D
ncrypt.dll (49)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NCryptIsKeyHandle - 0x00769A58 0x0010A7A8 0x001061A8 0x00000050
NCryptFreeObject - 0x00769A5C 0x0010A7AC 0x001061AC 0x0000004B
NCryptOpenStorageProvider - 0x00769A60 0x0010A7B0 0x001061B0 0x00000055
NCryptImportKey - 0x00769A64 0x0010A7B4 0x001061B4 0x0000004E
NCryptSetProperty - 0x00769A68 0x0010A7B8 0x001061B8 0x0000005C
NCryptFinalizeKey - 0x00769A6C 0x0010A7BC 0x001061BC 0x00000049
BCryptSetProperty - 0x00769A70 0x0010A7C0 0x001061C0 0x00000033
BCryptGetProperty - 0x00769A74 0x0010A7C4 0x001061C4 0x00000020
BCryptDestroyKey - 0x00769A78 0x0010A7C8 0x001061C8 0x0000000D
BCryptCloseAlgorithmProvider - 0x00769A7C 0x0010A7CC 0x001061CC 0x00000002
SslEnumProtocolProviders - 0x00769A80 0x0010A7D0 0x001061D0 0x00000075
SslOpenProvider - 0x00769A84 0x0010A7D4 0x001061D4 0x00000087
SslFreeBuffer - 0x00769A88 0x0010A7D8 0x001061D8 0x00000078
SslFreeObject - 0x00769A8C 0x0010A7DC 0x001061DC 0x00000079
NCryptGetProperty - 0x00769A90 0x0010A7E0 0x001061E0 0x0000004C
BCryptFreeBuffer - 0x00769A94 0x0010A7E4 0x001061E4 0x0000001B
BCryptOpenAlgorithmProvider - 0x00769A98 0x0010A7E8 0x001061E8 0x00000026
BCryptCreateHash - 0x00769A9C 0x0010A7EC 0x001061EC 0x00000006
BCryptHashData - 0x00769AA0 0x0010A7F0 0x001061F0 0x00000022
BCryptFinishHash - 0x00769AA4 0x0010A7F4 0x001061F4 0x0000001A
BCryptDestroyHash - 0x00769AA8 0x0010A7F8 0x001061F8 0x0000000C
BCryptDecrypt - 0x00769AAC 0x0010A7FC 0x001061FC 0x00000007
BCryptEncrypt - 0x00769AB0 0x0010A800 0x00106200 0x00000011
BCryptExportKey - 0x00769AB4 0x0010A804 0x00106204 0x00000018
BCryptGenRandom - 0x00769AB8 0x0010A808 0x00106208 0x0000001C
BCryptSignHash - 0x00769ABC 0x0010A80C 0x0010620C 0x00000034
BCryptVerifySignature - 0x00769AC0 0x0010A810 0x00106210 0x00000037
NCryptCreatePersistedKey - 0x00769AC4 0x0010A814 0x00106214 0x0000003E
NCryptDecrypt - 0x00769AC8 0x0010A818 0x00106218 0x00000040
NCryptDeleteKey - 0x00769ACC 0x0010A81C 0x0010621C 0x00000041
NCryptDeriveKey - 0x00769AD0 0x0010A820 0x00106220 0x00000042
NCryptEncrypt - 0x00769AD4 0x0010A824 0x00106224 0x00000044
NCryptExportKey - 0x00769AD8 0x0010A828 0x00106228 0x00000048
NCryptOpenKey - 0x00769ADC 0x0010A82C 0x0010622C 0x00000053
NCryptSecretAgreement - 0x00769AE0 0x0010A830 0x00106230 0x0000005A
NCryptSignHash - 0x00769AE4 0x0010A834 0x00106234 0x0000005D
NCryptVerifySignature - 0x00769AE8 0x0010A838 0x00106238 0x00000067
NCryptEnumAlgorithms - 0x00769AEC 0x0010A83C 0x0010623C 0x00000045
NCryptIsAlgSupported - 0x00769AF0 0x0010A840 0x00106240 0x0000004F
NCryptEnumKeys - 0x00769AF4 0x0010A844 0x00106244 0x00000046
NCryptEnumStorageProviders - 0x00769AF8 0x0010A848 0x00106248 0x00000047
NCryptFreeBuffer - 0x00769AFC 0x0010A84C 0x0010624C 0x0000004A
BCryptEnumAlgorithms - 0x00769B00 0x0010A850 0x00106250 0x00000012
BCryptGenerateKeyPair - 0x00769B04 0x0010A854 0x00106254 0x0000001D
BCryptQueryProviderRegistration - 0x00769B08 0x0010A858 0x00106258 0x0000002A
BCryptResolveProviders - 0x00769B0C 0x0010A85C 0x0010625C 0x0000002F
BCryptEnumContextFunctions - 0x00769B10 0x0010A860 0x00106260 0x00000014
BCryptQueryContextConfiguration - 0x00769B14 0x0010A864 0x00106264 0x00000027
BCryptEnumContexts - 0x00769B18 0x0010A868 0x00106268 0x00000015
NETAPI32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DsGetSiteNameW - 0x00769584 0x0010A2D4 0x00105CD4 0x0000001B
DsGetDcNameW - 0x00769588 0x0010A2D8 0x00105CD8 0x00000010
NetApiBufferFree - 0x0076958C 0x0010A2DC 0x00105CDC 0x00000059
NetUserGetGroups - 0x00769590 0x0010A2E0 0x00105CE0 0x000000F6
DsRoleGetPrimaryDomainInformation - 0x00769594 0x0010A2E4 0x00105CE4 0x0000001E
DsRoleFreeMemory - 0x00769598 0x0010A2E8 0x00105CE8 0x0000001D
Normaliz.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IdnToAscii - 0x007695BC 0x0010A30C 0x00105D0C 0x00000000
IdnToUnicode - 0x007695C0 0x0010A310 0x00105D10 0x00000002
ntdll.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlTimeToSecondsSince1970 - 0x00769B20 0x0010A870 0x00106270 0x00000545
NtQuerySystemTime - 0x00769B24 0x0010A874 0x00106274 0x000001DA
WinSqmIncrementDWORD - 0x00769B28 0x0010A878 0x00106278 0x00000622
NTDSAPI.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DsGetDomainControllerInfoW - 0x007695A0 0x0010A2F0 0x00105CF0 0x00000032
DsFreeDomainControllerInfoW - 0x007695A4 0x0010A2F4 0x00105CF4 0x00000021
DsBindW - 0x007695A8 0x0010A2F8 0x00105CF8 0x00000008
DsCrackNamesW - 0x007695AC 0x0010A2FC 0x00105CFC 0x00000014
DsUnBindW - 0x007695B0 0x0010A300 0x00105D00 0x00000074
DsFreeNameResultW - 0x007695B4 0x0010A304 0x00105D04 0x00000024
SETUPAPI.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetupGetIntField - 0x00769634 0x0010A384 0x00105D84 0x000001D8
SetupOpenInfFileW - 0x00769638 0x0010A388 0x00105D88 0x00000209
SetupGetLineCountW - 0x0076963C 0x0010A38C 0x00105D8C 0x000001DC
SetupFindFirstLineW - 0x00769640 0x0010A390 0x00105D90 0x000001BF
SetupGetFieldCount - 0x00769644 0x0010A394 0x00105D94 0x000001C8
SetupFindNextLine - 0x00769648 0x0010A398 0x00105D98 0x000001C0
SetupCloseInfFile - 0x0076964C 0x0010A39C 0x00105D9C 0x00000107
SetupGetStringFieldW - 0x00769650 0x0010A3A0 0x00105DA0 0x000001E9
SHELL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFolderPathW - 0x00769658 0x0010A3A8 0x00105DA8 0x00000157
SHGetKnownFolderPath - 0x0076965C 0x0010A3AC 0x00105DAC 0x00000161
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeW - 0x00769704 0x0010A454 0x00105E54 0x00000007
GetFileVersionInfoW - 0x00769708 0x0010A458 0x00105E58 0x00000008
VerQueryValueW - 0x0076970C 0x0010A45C 0x00105E5C 0x00000010
WLDAP32.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x000000D0 0x00769714 0x0010A464 0x00105E64 -
None 0x00000071 0x00769718 0x0010A468 0x00105E68 -
None 0x0000008C 0x0076971C 0x0010A46C 0x00105E6C -
None 0x000000E0 0x00769720 0x0010A470 0x00105E70 -
None 0x0000008E 0x00769724 0x0010A474 0x00105E74 -
None 0x0000004F 0x00769728 0x0010A478 0x00105E78 -
None 0x0000007F 0x0076972C 0x0010A47C 0x00105E7C -
None 0x000000A7 0x00769730 0x0010A480 0x00105E80 -
None 0x00000093 0x00769734 0x0010A484 0x00105E84 -
None 0x000000CE 0x00769738 0x0010A488 0x00105E88 -
None 0x00000087 0x0076973C 0x0010A48C 0x00105E8C -
None 0x000000CB 0x00769740 0x0010A490 0x00105E90 -
None 0x00000024 0x00769744 0x0010A494 0x00105E94 -
None 0x0000001A 0x00769748 0x0010A498 0x00105E98 -
None 0x0000001B 0x0076974C 0x0010A49C 0x00105E9C -
None 0x000000BF 0x00769750 0x0010A4A0 0x00105EA0 -
None 0x00000029 0x00769754 0x0010A4A4 0x00105EA4 -
None 0x00000041 0x00769758 0x0010A4A8 0x00105EA8 -
None 0x0000009B 0x0076975C 0x0010A4AC 0x00105EAC -
None 0x000000D2 0x00769760 0x0010A4B0 0x00105EB0 -
None 0x0000000D 0x00769764 0x0010A4B4 0x00105EB4 -
None 0x00000091 0x00769768 0x0010A4B8 0x00105EB8 -
None 0x0000000E 0x0076976C 0x0010A4BC 0x00105EBC -
None 0x00000049 0x00769770 0x0010A4C0 0x00105EC0 -
None 0x00000012 0x00769774 0x0010A4C4 0x00105EC4 -
None 0x00000010 0x00769778 0x0010A4C8 0x00105EC8 -
None 0x0000000C 0x0076977C 0x0010A4CC 0x00105ECC -
ole32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemFree - 0x00769B30 0x0010A880 0x00106280 0x00000089
CoInitialize - 0x00769B34 0x0010A884 0x00106284 0x0000005D
CoUninitialize - 0x00769B38 0x0010A888 0x00106288 0x0000008D
CoInitializeEx - 0x00769B3C 0x0010A88C 0x0010628C 0x0000005E
CoCreateInstance - 0x00769B40 0x0010A890 0x00106290 0x00000028
CLSIDFromString - 0x00769B44 0x0010A894 0x00106294 0x0000000C
CLSIDFromProgID - 0x00769B48 0x0010A898 0x00106298 0x0000000A
StringFromCLSID - 0x00769B4C 0x0010A89C 0x0010629C 0x000001C8
ProgIDFromCLSID - 0x00769B50 0x0010A8A0 0x001062A0 0x0000018E
CoTaskMemAlloc - 0x00769B54 0x0010A8A4 0x001062A4 0x00000088
CoCreateInstanceEx - 0x00769B58 0x0010A8A8 0x001062A8 0x00000029
CoSetProxyBlanket - 0x00769B5C 0x0010A8AC 0x001062AC 0x00000084
StgOpenStorageEx - 0x00769B60 0x0010A8B0 0x001062B0 0x000001C2
PropVariantClear - 0x00769B64 0x0010A8B4 0x001062B4 0x00000193
OLEAUT32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetErrorInfo 0x000000C9 0x007695C8 0x0010A318 0x00105D18 -
SafeArrayGetLBound 0x00000014 0x007695CC 0x0010A31C 0x00105D1C -
SafeArrayGetUBound 0x00000013 0x007695D0 0x0010A320 0x00105D20 -
SafeArrayAccessData 0x00000017 0x007695D4 0x0010A324 0x00105D24 -
SafeArrayGetElement 0x00000019 0x007695D8 0x0010A328 0x00105D28 -
SysFreeString 0x00000006 0x007695DC 0x0010A32C 0x00105D2C -
SafeArrayUnaccessData 0x00000018 0x007695E0 0x0010A330 0x00105D30 -
SysStringByteLen 0x00000095 0x007695E4 0x0010A334 0x00105D34 -
VariantInit 0x00000008 0x007695E8 0x0010A338 0x00105D38 -
VariantClear 0x00000009 0x007695EC 0x0010A33C 0x00105D3C -
SysAllocString 0x00000002 0x007695F0 0x0010A340 0x00105D40 -
SysAllocStringLen 0x00000004 0x007695F4 0x0010A344 0x00105D44 -
SafeArrayCreate 0x0000000F 0x007695F8 0x0010A348 0x00105D48 -
SafeArrayPutElement 0x0000001A 0x007695FC 0x0010A34C 0x00105D4C -
SafeArrayDestroy 0x00000010 0x00769600 0x0010A350 0x00105D50 -
SysAllocStringByteLen 0x00000096 0x00769604 0x0010A354 0x00105D54 -
SysStringLen 0x00000007 0x00769608 0x0010A358 0x00105D58 -
VariantTimeToSystemTime 0x000000B9 0x0076960C 0x0010A35C 0x00105D5C -
SystemTimeToVariantTime 0x000000B8 0x00769610 0x0010A360 0x00105D60 -
VariantCopyInd 0x0000000B 0x00769614 0x0010A364 0x00105D64 -
SafeArrayGetDim 0x00000011 0x00769618 0x0010A368 0x00105D68 -
CreateErrorInfo 0x000000CA 0x0076961C 0x0010A36C 0x00105D6C -
RPCRT4.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UuidCreate - 0x00769624 0x0010A374 0x00105D74 0x00000210
I_RpcExceptionFilter - 0x00769628 0x0010A378 0x00105D78 0x00000030
NdrClientCall2 - 0x0076962C 0x0010A37C 0x00105D7C 0x0000009D
Secur32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetComputerObjectNameW - 0x00769664 0x0010A3B4 0x00105DB4 0x0000001A
TranslateNameW - 0x00769668 0x0010A3B8 0x00105DB8 0x00000062
GetUserNameExW - 0x0076966C 0x0010A3BC 0x00105DBC 0x0000001D
USER32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDlgItemInt - 0x00769674 0x0010A3C4 0x00105DC4 0x0000013F
EndDialog - 0x00769678 0x0010A3C8 0x00105DC8 0x000000E9
SetDlgItemInt - 0x0076967C 0x0010A3CC 0x00105DCC 0x000002F5
CheckDlgButton - 0x00769680 0x0010A3D0 0x00105DD0 0x0000003E
SendDlgItemMessageA - 0x00769684 0x0010A3D4 0x00105DD4 0x000002D7
EnableWindow - 0x00769688 0x0010A3D8 0x00105DD8 0x000000E6
GetDlgItem - 0x0076968C 0x0010A3DC 0x00105DDC 0x0000013E
SetDlgItemTextW - 0x00769690 0x0010A3E0 0x00105DE0 0x000002F7
LoadCursorW - 0x00769694 0x0010A3E4 0x00105DE4 0x00000230
SetWindowTextW - 0x00769698 0x0010A3E8 0x00105DE8 0x0000033A
SendMessageW - 0x0076969C 0x0010A3EC 0x00105DEC 0x000002E1
SetCursor - 0x007696A0 0x0010A3F0 0x00105DF0 0x000002EE
CharLowerW - 0x007696A4 0x0010A3F4 0x00105DF4 0x0000002E
GetWindowLongW - 0x007696A8 0x0010A3F8 0x00105DF8 0x000001CA
CallWindowProcW - 0x007696AC 0x0010A3FC 0x00105DFC 0x0000001E
GetWindowTextW - 0x007696B0 0x0010A400 0x00105E00 0x000001D7
ShowWindow - 0x007696B4 0x0010A404 0x00105E04 0x00000346
SetFocus - 0x007696B8 0x0010A408 0x00105E08 0x000002FA
GetDesktopWindow - 0x007696BC 0x0010A40C 0x00105E0C 0x00000139
DialogBoxParamW - 0x007696C0 0x0010A410 0x00105E10 0x000000B3
GetDlgItemTextW - 0x007696C4 0x0010A414 0x00105E14 0x00000141
MessageBoxW - 0x007696C8 0x0010A418 0x00105E18 0x0000025C
SetWindowLongW - 0x007696CC 0x0010A41C 0x00105E1C 0x00000333
UpdateWindow - 0x007696D0 0x0010A420 0x00105E20 0x0000037E
LoadStringW - 0x007696D4 0x0010A424 0x00105E24 0x0000023F
PostQuitMessage - 0x007696D8 0x0010A428 0x00105E28 0x00000280
DefWindowProcW - 0x007696DC 0x0010A42C 0x00105E2C 0x000000A2
LoadIconW - 0x007696E0 0x0010A430 0x00105E30 0x00000232
RegisterClassW - 0x007696E4 0x0010A434 0x00105E34 0x000002AA
CreateWindowExW - 0x007696E8 0x0010A438 0x00105E38 0x00000071
PostMessageW - 0x007696EC 0x0010A43C 0x00105E3C 0x0000027F
GetMessageW - 0x007696F0 0x0010A440 0x00105E40 0x00000176
TranslateMessage - 0x007696F4 0x0010A444 0x00105E44 0x00000365
DispatchMessageW - 0x007696F8 0x0010A448 0x00105E48 0x000000B6
IsDlgButtonChecked - 0x007696FC 0x0010A44C 0x00105E4C 0x0000020C
Memory Dumps (14)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
buffer 4 0x00660000 0x006BCFFF First Execution False 32-bit 0x0066191C False
...
buffer 4 0x00660000 0x006BCFFF Content Changed False 32-bit 0x00661B07 False
...
buffer 4 0x00400000 0x0045EFFF First Execution False 32-bit 0x00444C4A False
...
buffer 4 0x00400000 0x0045EFFF Content Changed False 32-bit 0x0044B2C5 False
...
buffer 4 0x00400000 0x0045EFFF Content Changed False 32-bit 0x00410D0E False
...
buffer 4 0x00400000 0x0045EFFF Content Changed False 32-bit 0x00407926 False
...
buffer 4 0x00400000 0x0045EFFF Content Changed False 32-bit 0x0040998E False
...
buffer 4 0x00400000 0x0045EFFF Content Changed False 32-bit 0x004023B2 False
...
buffer 4 0x00400000 0x0045EFFF Content Changed False 32-bit 0x0040B4D0 False
...
buffer 4 0x00400000 0x0045EFFF Content Changed False 32-bit 0x00403C16 False
...
buffer 4 0x00400000 0x0045EFFF Content Changed False 32-bit 0x0040A431 False
...
buffer 4 0x00400000 0x0045EFFF Process Termination False 32-bit - False
...
buffer 4 0x00660000 0x006BCFFF Process Termination False 32-bit - False
...
buffer 4 0x048C3478 0x0491BE77 Process Termination False 32-bit - False
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\3FB5.tmp Dropped File Text
Suspicious
...
»
MIME Type text/plain
File Size 127 Bytes
MD5 d61a9e2612c4b9202ebff59f285e5635 Copy to Clipboard
SHA1 9bf734eb336c179427fd654b23b28a9ed23d427b Copy to Clipboard
SHA256 0e34cb783eff75799814357a71cc789fc1053d2d7ef24cb7984be9df026295a3 Copy to Clipboard
SSDeep 3:nREJoFcKaKKlKJQyBKm1SlKJQiBCSAEGRaJ7F2xK2dCqL:nuoModKC/5BRmaeMY5L Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\7F3B.tmp Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\1F83.tmp Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\wkssvc Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
b4393bfd252ac8596a787c3e22ac21fa444e61c18f52df4b5c6b2f8a4cffd017 Downloaded File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 530 Bytes
MD5 fd23f88e45838904e9cc44651fdcc5a5 Copy to Clipboard
SHA1 612cb81b1ef6462fb625cf40eb1ecb1c78095244 Copy to Clipboard
SHA256 b4393bfd252ac8596a787c3e22ac21fa444e61c18f52df4b5c6b2f8a4cffd017 Copy to Clipboard
SSDeep 12:02oi71zvUAyCDOfNl7Op3YRm/ISlTT1zozolMMKxZbmH3pFBztPzmWN3:n/71zv3DOFlCOv6TZzozyO5MZFzPzma Copy to Clipboard
ImpHash -
7ad9cebdd4aafd9a033d0711d85e8193b41763c294ebc1ffdc5000cf78e613b4 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 434 Bytes
MD5 10f1efe7d9bf793b26b7b643595e7ba1 Copy to Clipboard
SHA1 87809b79674ac8b63e3d726b051b0e547cf7b363 Copy to Clipboard
SHA256 7ad9cebdd4aafd9a033d0711d85e8193b41763c294ebc1ffdc5000cf78e613b4 Copy to Clipboard
SSDeep 12:Z27e8hLsNuDlNRPR8Y4p2f2o41YQvu6XJekL:ZKeOLq0d74o741rXJekL Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image