Malicious
Classifications
Spyware Injector
Threat Names
FormBook
Dynamic Analysis Report
Created on 2022-08-05T11:47:50+00:00
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe
Windows Exe (x86-32)
Remarks
(0x0200005D): 208 additional dumps with the reason "Content Changed" and a total of 63 MB were skipped because the respective maximum limit was reached.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x004A3B74 |
Size Of Code | 0x000A2C00 |
Size Of Initialized Data | 0x00053800 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 1992-06-20 00:22 (UTC+2) |
Packer | BobSoft Mini Delphi -> BoB / BobSoft |
Version Information (10)
»
CompanyName | e-China Petroleum & Chemical Corp |
FileDescription | China Petroleum & Chemical Corp |
FileVersion | 2.69.0.0 |
InternalName | |
LegalCopyright | 1997-2007 ACE Compression Software & e-merge GmbH |
LegalTrademarks | 1997-2007 ACE Compression Software & e-merge GmbH |
OriginalFilename | |
ProductName | China Petroleum & Chemical Corp |
ProductVersion | 02.69.00.00 |
Comments | China Petroleum & Chemical Corp!,(c) 1997-2005 e-merge GmbH, http://www.emerge.de |
Sections (8)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
CODE | 0x00401000 | 0x000A2BC8 | 0x000A2C00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.54 |
DATA | 0x004A4000 | 0x00001AA4 | 0x00001C00 | 0x000A3000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.1 |
BSS | 0x004A6000 | 0x00000EF5 | 0x00000000 | 0x000A4C00 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
.idata | 0x004A7000 | 0x000027A4 | 0x00002800 | 0x000A4C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.0 |
.tls | 0x004AA000 | 0x00000040 | 0x00000000 | 0x000A7400 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
.rdata | 0x004AB000 | 0x00000018 | 0x00000200 | 0x000A7400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ | 0.2 |
.reloc | 0x004AC000 | 0x0000C1EC | 0x0000C200 | 0x000A7600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ | 6.62 |
.rsrc | 0x004B9000 | 0x00043000 | 0x00043000 | 0x000B3800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ | 7.28 |
Imports (21)
»
kernel32.dll (42)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
DeleteCriticalSection | - | 0x004A71B8 | 0x000A71B8 | 0x000A4DB8 | 0x00000000 |
LeaveCriticalSection | - | 0x004A71BC | 0x000A71BC | 0x000A4DBC | 0x00000000 |
EnterCriticalSection | - | 0x004A71C0 | 0x000A71C0 | 0x000A4DC0 | 0x00000000 |
InitializeCriticalSection | - | 0x004A71C4 | 0x000A71C4 | 0x000A4DC4 | 0x00000000 |
VirtualFree | - | 0x004A71C8 | 0x000A71C8 | 0x000A4DC8 | 0x00000000 |
VirtualAlloc | - | 0x004A71CC | 0x000A71CC | 0x000A4DCC | 0x00000000 |
LocalFree | - | 0x004A71D0 | 0x000A71D0 | 0x000A4DD0 | 0x00000000 |
LocalAlloc | - | 0x004A71D4 | 0x000A71D4 | 0x000A4DD4 | 0x00000000 |
GetVersion | - | 0x004A71D8 | 0x000A71D8 | 0x000A4DD8 | 0x00000000 |
GetCurrentThreadId | - | 0x004A71DC | 0x000A71DC | 0x000A4DDC | 0x00000000 |
InterlockedDecrement | - | 0x004A71E0 | 0x000A71E0 | 0x000A4DE0 | 0x00000000 |
InterlockedIncrement | - | 0x004A71E4 | 0x000A71E4 | 0x000A4DE4 | 0x00000000 |
VirtualQuery | - | 0x004A71E8 | 0x000A71E8 | 0x000A4DE8 | 0x00000000 |
WideCharToMultiByte | - | 0x004A71EC | 0x000A71EC | 0x000A4DEC | 0x00000000 |
MultiByteToWideChar | - | 0x004A71F0 | 0x000A71F0 | 0x000A4DF0 | 0x00000000 |
lstrlenA | - | 0x004A71F4 | 0x000A71F4 | 0x000A4DF4 | 0x00000000 |
lstrcpynA | - | 0x004A71F8 | 0x000A71F8 | 0x000A4DF8 | 0x00000000 |
LoadLibraryExA | - | 0x004A71FC | 0x000A71FC | 0x000A4DFC | 0x00000000 |
GetThreadLocale | - | 0x004A7200 | 0x000A7200 | 0x000A4E00 | 0x00000000 |
GetStartupInfoA | - | 0x004A7204 | 0x000A7204 | 0x000A4E04 | 0x00000000 |
GetProcAddress | - | 0x004A7208 | 0x000A7208 | 0x000A4E08 | 0x00000000 |
GetModuleHandleA | - | 0x004A720C | 0x000A720C | 0x000A4E0C | 0x00000000 |
GetModuleFileNameA | - | 0x004A7210 | 0x000A7210 | 0x000A4E10 | 0x00000000 |
GetLocaleInfoA | - | 0x004A7214 | 0x000A7214 | 0x000A4E14 | 0x00000000 |
GetLastError | - | 0x004A7218 | 0x000A7218 | 0x000A4E18 | 0x00000000 |
GetCommandLineA | - | 0x004A721C | 0x000A721C | 0x000A4E1C | 0x00000000 |
FreeLibrary | - | 0x004A7220 | 0x000A7220 | 0x000A4E20 | 0x00000000 |
FindFirstFileA | - | 0x004A7224 | 0x000A7224 | 0x000A4E24 | 0x00000000 |
FindClose | - | 0x004A7228 | 0x000A7228 | 0x000A4E28 | 0x00000000 |
ExitProcess | - | 0x004A722C | 0x000A722C | 0x000A4E2C | 0x00000000 |
WriteFile | - | 0x004A7230 | 0x000A7230 | 0x000A4E30 | 0x00000000 |
UnhandledExceptionFilter | - | 0x004A7234 | 0x000A7234 | 0x000A4E34 | 0x00000000 |
SetFilePointer | - | 0x004A7238 | 0x000A7238 | 0x000A4E38 | 0x00000000 |
SetEndOfFile | - | 0x004A723C | 0x000A723C | 0x000A4E3C | 0x00000000 |
RtlUnwind | - | 0x004A7240 | 0x000A7240 | 0x000A4E40 | 0x00000000 |
ReadFile | - | 0x004A7244 | 0x000A7244 | 0x000A4E44 | 0x00000000 |
RaiseException | - | 0x004A7248 | 0x000A7248 | 0x000A4E48 | 0x00000000 |
GetStdHandle | - | 0x004A724C | 0x000A724C | 0x000A4E4C | 0x00000000 |
GetFileSize | - | 0x004A7250 | 0x000A7250 | 0x000A4E50 | 0x00000000 |
GetFileType | - | 0x004A7254 | 0x000A7254 | 0x000A4E54 | 0x00000000 |
CreateFileA | - | 0x004A7258 | 0x000A7258 | 0x000A4E58 | 0x00000000 |
CloseHandle | - | 0x004A725C | 0x000A725C | 0x000A4E5C | 0x00000000 |
user32.dll (4)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetKeyboardType | - | 0x004A7264 | 0x000A7264 | 0x000A4E64 | 0x00000000 |
LoadStringA | - | 0x004A7268 | 0x000A7268 | 0x000A4E68 | 0x00000000 |
MessageBoxA | - | 0x004A726C | 0x000A726C | 0x000A4E6C | 0x00000000 |
CharNextA | - | 0x004A7270 | 0x000A7270 | 0x000A4E70 | 0x00000000 |
advapi32.dll (3)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RegQueryValueExA | - | 0x004A7278 | 0x000A7278 | 0x000A4E78 | 0x00000000 |
RegOpenKeyExA | - | 0x004A727C | 0x000A727C | 0x000A4E7C | 0x00000000 |
RegCloseKey | - | 0x004A7280 | 0x000A7280 | 0x000A4E80 | 0x00000000 |
oleaut32.dll (3)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SysFreeString | - | 0x004A7288 | 0x000A7288 | 0x000A4E88 | 0x00000000 |
SysReAllocStringLen | - | 0x004A728C | 0x000A728C | 0x000A4E8C | 0x00000000 |
SysAllocStringLen | - | 0x004A7290 | 0x000A7290 | 0x000A4E90 | 0x00000000 |
kernel32.dll (4)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
TlsSetValue | - | 0x004A7298 | 0x000A7298 | 0x000A4E98 | 0x00000000 |
TlsGetValue | - | 0x004A729C | 0x000A729C | 0x000A4E9C | 0x00000000 |
LocalAlloc | - | 0x004A72A0 | 0x000A72A0 | 0x000A4EA0 | 0x00000000 |
GetModuleHandleA | - | 0x004A72A4 | 0x000A72A4 | 0x000A4EA4 | 0x00000000 |
advapi32.dll (3)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RegQueryValueExA | - | 0x004A72AC | 0x000A72AC | 0x000A4EAC | 0x00000000 |
RegOpenKeyExA | - | 0x004A72B0 | 0x000A72B0 | 0x000A4EB0 | 0x00000000 |
RegCloseKey | - | 0x004A72B4 | 0x000A72B4 | 0x000A4EB4 | 0x00000000 |
kernel32.dll (73)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
lstrcpyA | - | 0x004A72BC | 0x000A72BC | 0x000A4EBC | 0x00000000 |
WriteFile | - | 0x004A72C0 | 0x000A72C0 | 0x000A4EC0 | 0x00000000 |
WaitForSingleObject | - | 0x004A72C4 | 0x000A72C4 | 0x000A4EC4 | 0x00000000 |
VirtualQuery | - | 0x004A72C8 | 0x000A72C8 | 0x000A4EC8 | 0x00000000 |
VirtualProtect | - | 0x004A72CC | 0x000A72CC | 0x000A4ECC | 0x00000000 |
VirtualAlloc | - | 0x004A72D0 | 0x000A72D0 | 0x000A4ED0 | 0x00000000 |
Sleep | - | 0x004A72D4 | 0x000A72D4 | 0x000A4ED4 | 0x00000000 |
SizeofResource | - | 0x004A72D8 | 0x000A72D8 | 0x000A4ED8 | 0x00000000 |
SetThreadLocale | - | 0x004A72DC | 0x000A72DC | 0x000A4EDC | 0x00000000 |
SetFilePointer | - | 0x004A72E0 | 0x000A72E0 | 0x000A4EE0 | 0x00000000 |
SetEvent | - | 0x004A72E4 | 0x000A72E4 | 0x000A4EE4 | 0x00000000 |
SetErrorMode | - | 0x004A72E8 | 0x000A72E8 | 0x000A4EE8 | 0x00000000 |
SetEndOfFile | - | 0x004A72EC | 0x000A72EC | 0x000A4EEC | 0x00000000 |
ResetEvent | - | 0x004A72F0 | 0x000A72F0 | 0x000A4EF0 | 0x00000000 |
ReadFile | - | 0x004A72F4 | 0x000A72F4 | 0x000A4EF4 | 0x00000000 |
MultiByteToWideChar | - | 0x004A72F8 | 0x000A72F8 | 0x000A4EF8 | 0x00000000 |
MulDiv | - | 0x004A72FC | 0x000A72FC | 0x000A4EFC | 0x00000000 |
LockResource | - | 0x004A7300 | 0x000A7300 | 0x000A4F00 | 0x00000000 |
LoadResource | - | 0x004A7304 | 0x000A7304 | 0x000A4F04 | 0x00000000 |
LoadLibraryA | - | 0x004A7308 | 0x000A7308 | 0x000A4F08 | 0x00000000 |
LeaveCriticalSection | - | 0x004A730C | 0x000A730C | 0x000A4F0C | 0x00000000 |
InitializeCriticalSection | - | 0x004A7310 | 0x000A7310 | 0x000A4F10 | 0x00000000 |
GlobalUnlock | - | 0x004A7314 | 0x000A7314 | 0x000A4F14 | 0x00000000 |
GlobalReAlloc | - | 0x004A7318 | 0x000A7318 | 0x000A4F18 | 0x00000000 |
GlobalHandle | - | 0x004A731C | 0x000A731C | 0x000A4F1C | 0x00000000 |
GlobalLock | - | 0x004A7320 | 0x000A7320 | 0x000A4F20 | 0x00000000 |
GlobalFree | - | 0x004A7324 | 0x000A7324 | 0x000A4F24 | 0x00000000 |
GlobalFindAtomA | - | 0x004A7328 | 0x000A7328 | 0x000A4F28 | 0x00000000 |
GlobalDeleteAtom | - | 0x004A732C | 0x000A732C | 0x000A4F2C | 0x00000000 |
GlobalAlloc | - | 0x004A7330 | 0x000A7330 | 0x000A4F30 | 0x00000000 |
GlobalAddAtomA | - | 0x004A7334 | 0x000A7334 | 0x000A4F34 | 0x00000000 |
GetVersionExA | - | 0x004A7338 | 0x000A7338 | 0x000A4F38 | 0x00000000 |
GetVersion | - | 0x004A733C | 0x000A733C | 0x000A4F3C | 0x00000000 |
GetTickCount | - | 0x004A7340 | 0x000A7340 | 0x000A4F40 | 0x00000000 |
GetThreadLocale | - | 0x004A7344 | 0x000A7344 | 0x000A4F44 | 0x00000000 |
GetSystemInfo | - | 0x004A7348 | 0x000A7348 | 0x000A4F48 | 0x00000000 |
GetStringTypeExA | - | 0x004A734C | 0x000A734C | 0x000A4F4C | 0x00000000 |
GetStdHandle | - | 0x004A7350 | 0x000A7350 | 0x000A4F50 | 0x00000000 |
GetProfileStringA | - | 0x004A7354 | 0x000A7354 | 0x000A4F54 | 0x00000000 |
GetProcAddress | - | 0x004A7358 | 0x000A7358 | 0x000A4F58 | 0x00000000 |
GetModuleHandleA | - | 0x004A735C | 0x000A735C | 0x000A4F5C | 0x00000000 |
GetModuleFileNameA | - | 0x004A7360 | 0x000A7360 | 0x000A4F60 | 0x00000000 |
GetLocaleInfoA | - | 0x004A7364 | 0x000A7364 | 0x000A4F64 | 0x00000000 |
GetLocalTime | - | 0x004A7368 | 0x000A7368 | 0x000A4F68 | 0x00000000 |
GetLastError | - | 0x004A736C | 0x000A736C | 0x000A4F6C | 0x00000000 |
GetFullPathNameA | - | 0x004A7370 | 0x000A7370 | 0x000A4F70 | 0x00000000 |
GetDiskFreeSpaceA | - | 0x004A7374 | 0x000A7374 | 0x000A4F74 | 0x00000000 |
GetDateFormatA | - | 0x004A7378 | 0x000A7378 | 0x000A4F78 | 0x00000000 |
GetCurrentThreadId | - | 0x004A737C | 0x000A737C | 0x000A4F7C | 0x00000000 |
GetCurrentProcessId | - | 0x004A7380 | 0x000A7380 | 0x000A4F80 | 0x00000000 |
GetCurrentProcess | - | 0x004A7384 | 0x000A7384 | 0x000A4F84 | 0x00000000 |
GetComputerNameA | - | 0x004A7388 | 0x000A7388 | 0x000A4F88 | 0x00000000 |
GetCPInfo | - | 0x004A738C | 0x000A738C | 0x000A4F8C | 0x00000000 |
GetACP | - | 0x004A7390 | 0x000A7390 | 0x000A4F90 | 0x00000000 |
FreeResource | - | 0x004A7394 | 0x000A7394 | 0x000A4F94 | 0x00000000 |
InterlockedExchange | - | 0x004A7398 | 0x000A7398 | 0x000A4F98 | 0x00000000 |
FreeLibrary | - | 0x004A739C | 0x000A739C | 0x000A4F9C | 0x00000000 |
FormatMessageA | - | 0x004A73A0 | 0x000A73A0 | 0x000A4FA0 | 0x00000000 |
FlushInstructionCache | - | 0x004A73A4 | 0x000A73A4 | 0x000A4FA4 | 0x00000000 |
FindResourceA | - | 0x004A73A8 | 0x000A73A8 | 0x000A4FA8 | 0x00000000 |
FindFirstFileA | - | 0x004A73AC | 0x000A73AC | 0x000A4FAC | 0x00000000 |
FindClose | - | 0x004A73B0 | 0x000A73B0 | 0x000A4FB0 | 0x00000000 |
FileTimeToLocalFileTime | - | 0x004A73B4 | 0x000A73B4 | 0x000A4FB4 | 0x00000000 |
FileTimeToDosDateTime | - | 0x004A73B8 | 0x000A73B8 | 0x000A4FB8 | 0x00000000 |
EnumCalendarInfoA | - | 0x004A73BC | 0x000A73BC | 0x000A4FBC | 0x00000000 |
EnterCriticalSection | - | 0x004A73C0 | 0x000A73C0 | 0x000A4FC0 | 0x00000000 |
DeleteFileA | - | 0x004A73C4 | 0x000A73C4 | 0x000A4FC4 | 0x00000000 |
DeleteCriticalSection | - | 0x004A73C8 | 0x000A73C8 | 0x000A4FC8 | 0x00000000 |
CreateThread | - | 0x004A73CC | 0x000A73CC | 0x000A4FCC | 0x00000000 |
CreateFileA | - | 0x004A73D0 | 0x000A73D0 | 0x000A4FD0 | 0x00000000 |
CreateEventA | - | 0x004A73D4 | 0x000A73D4 | 0x000A4FD4 | 0x00000000 |
CompareStringA | - | 0x004A73D8 | 0x000A73D8 | 0x000A4FD8 | 0x00000000 |
CloseHandle | - | 0x004A73DC | 0x000A73DC | 0x000A4FDC | 0x00000000 |
version.dll (3)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
VerQueryValueA | - | 0x004A73E4 | 0x000A73E4 | 0x000A4FE4 | 0x00000000 |
GetFileVersionInfoSizeA | - | 0x004A73E8 | 0x000A73E8 | 0x000A4FE8 | 0x00000000 |
GetFileVersionInfoA | - | 0x004A73EC | 0x000A73EC | 0x000A4FEC | 0x00000000 |
gdi32.dll (79)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
UnrealizeObject | - | 0x004A73F4 | 0x000A73F4 | 0x000A4FF4 | 0x00000000 |
StretchBlt | - | 0x004A73F8 | 0x000A73F8 | 0x000A4FF8 | 0x00000000 |
StartPage | - | 0x004A73FC | 0x000A73FC | 0x000A4FFC | 0x00000000 |
StartDocA | - | 0x004A7400 | 0x000A7400 | 0x000A5000 | 0x00000000 |
SetWindowOrgEx | - | 0x004A7404 | 0x000A7404 | 0x000A5004 | 0x00000000 |
SetWinMetaFileBits | - | 0x004A7408 | 0x000A7408 | 0x000A5008 | 0x00000000 |
SetViewportOrgEx | - | 0x004A740C | 0x000A740C | 0x000A500C | 0x00000000 |
SetTextColor | - | 0x004A7410 | 0x000A7410 | 0x000A5010 | 0x00000000 |
SetStretchBltMode | - | 0x004A7414 | 0x000A7414 | 0x000A5014 | 0x00000000 |
SetROP2 | - | 0x004A7418 | 0x000A7418 | 0x000A5018 | 0x00000000 |
SetPixel | - | 0x004A741C | 0x000A741C | 0x000A501C | 0x00000000 |
SetMapMode | - | 0x004A7420 | 0x000A7420 | 0x000A5020 | 0x00000000 |
SetEnhMetaFileBits | - | 0x004A7424 | 0x000A7424 | 0x000A5024 | 0x00000000 |
SetDIBColorTable | - | 0x004A7428 | 0x000A7428 | 0x000A5028 | 0x00000000 |
SetBrushOrgEx | - | 0x004A742C | 0x000A742C | 0x000A502C | 0x00000000 |
SetBkMode | - | 0x004A7430 | 0x000A7430 | 0x000A5030 | 0x00000000 |
SetBkColor | - | 0x004A7434 | 0x000A7434 | 0x000A5034 | 0x00000000 |
SetAbortProc | - | 0x004A7438 | 0x000A7438 | 0x000A5038 | 0x00000000 |
SelectPalette | - | 0x004A743C | 0x000A743C | 0x000A503C | 0x00000000 |
SelectObject | - | 0x004A7440 | 0x000A7440 | 0x000A5040 | 0x00000000 |
SelectClipRgn | - | 0x004A7444 | 0x000A7444 | 0x000A5044 | 0x00000000 |
SaveDC | - | 0x004A7448 | 0x000A7448 | 0x000A5048 | 0x00000000 |
RestoreDC | - | 0x004A744C | 0x000A744C | 0x000A504C | 0x00000000 |
Rectangle | - | 0x004A7450 | 0x000A7450 | 0x000A5050 | 0x00000000 |
RectVisible | - | 0x004A7454 | 0x000A7454 | 0x000A5054 | 0x00000000 |
RealizePalette | - | 0x004A7458 | 0x000A7458 | 0x000A5058 | 0x00000000 |
Polyline | - | 0x004A745C | 0x000A745C | 0x000A505C | 0x00000000 |
Polygon | - | 0x004A7460 | 0x000A7460 | 0x000A5060 | 0x00000000 |
PlayEnhMetaFile | - | 0x004A7464 | 0x000A7464 | 0x000A5064 | 0x00000000 |
PatBlt | - | 0x004A7468 | 0x000A7468 | 0x000A5068 | 0x00000000 |
MoveToEx | - | 0x004A746C | 0x000A746C | 0x000A506C | 0x00000000 |
MaskBlt | - | 0x004A7470 | 0x000A7470 | 0x000A5070 | 0x00000000 |
LineTo | - | 0x004A7474 | 0x000A7474 | 0x000A5074 | 0x00000000 |
IntersectClipRect | - | 0x004A7478 | 0x000A7478 | 0x000A5078 | 0x00000000 |
GetWindowOrgEx | - | 0x004A747C | 0x000A747C | 0x000A507C | 0x00000000 |
GetWinMetaFileBits | - | 0x004A7480 | 0x000A7480 | 0x000A5080 | 0x00000000 |
GetTextMetricsA | - | 0x004A7484 | 0x000A7484 | 0x000A5084 | 0x00000000 |
GetTextExtentPointA | - | 0x004A7488 | 0x000A7488 | 0x000A5088 | 0x00000000 |
GetTextExtentPoint32A | - | 0x004A748C | 0x000A748C | 0x000A508C | 0x00000000 |
GetSystemPaletteEntries | - | 0x004A7490 | 0x000A7490 | 0x000A5090 | 0x00000000 |
GetStockObject | - | 0x004A7494 | 0x000A7494 | 0x000A5094 | 0x00000000 |
GetPixel | - | 0x004A7498 | 0x000A7498 | 0x000A5098 | 0x00000000 |
GetPaletteEntries | - | 0x004A749C | 0x000A749C | 0x000A509C | 0x00000000 |
GetObjectA | - | 0x004A74A0 | 0x000A74A0 | 0x000A50A0 | 0x00000000 |
GetEnhMetaFilePaletteEntries | - | 0x004A74A4 | 0x000A74A4 | 0x000A50A4 | 0x00000000 |
GetEnhMetaFileHeader | - | 0x004A74A8 | 0x000A74A8 | 0x000A50A8 | 0x00000000 |
GetEnhMetaFileBits | - | 0x004A74AC | 0x000A74AC | 0x000A50AC | 0x00000000 |
GetDeviceCaps | - | 0x004A74B0 | 0x000A74B0 | 0x000A50B0 | 0x00000000 |
GetDIBits | - | 0x004A74B4 | 0x000A74B4 | 0x000A50B4 | 0x00000000 |
GetDIBColorTable | - | 0x004A74B8 | 0x000A74B8 | 0x000A50B8 | 0x00000000 |
GetDCOrgEx | - | 0x004A74BC | 0x000A74BC | 0x000A50BC | 0x00000000 |
GetCurrentPositionEx | - | 0x004A74C0 | 0x000A74C0 | 0x000A50C0 | 0x00000000 |
GetClipBox | - | 0x004A74C4 | 0x000A74C4 | 0x000A50C4 | 0x00000000 |
GetBrushOrgEx | - | 0x004A74C8 | 0x000A74C8 | 0x000A50C8 | 0x00000000 |
GetBitmapBits | - | 0x004A74CC | 0x000A74CC | 0x000A50CC | 0x00000000 |
GdiFlush | - | 0x004A74D0 | 0x000A74D0 | 0x000A50D0 | 0x00000000 |
ExtTextOutA | - | 0x004A74D4 | 0x000A74D4 | 0x000A50D4 | 0x00000000 |
ExcludeClipRect | - | 0x004A74D8 | 0x000A74D8 | 0x000A50D8 | 0x00000000 |
EndPage | - | 0x004A74DC | 0x000A74DC | 0x000A50DC | 0x00000000 |
EndDoc | - | 0x004A74E0 | 0x000A74E0 | 0x000A50E0 | 0x00000000 |
DeleteObject | - | 0x004A74E4 | 0x000A74E4 | 0x000A50E4 | 0x00000000 |
DeleteEnhMetaFile | - | 0x004A74E8 | 0x000A74E8 | 0x000A50E8 | 0x00000000 |
DeleteDC | - | 0x004A74EC | 0x000A74EC | 0x000A50EC | 0x00000000 |
CreateSolidBrush | - | 0x004A74F0 | 0x000A74F0 | 0x000A50F0 | 0x00000000 |
CreatePenIndirect | - | 0x004A74F4 | 0x000A74F4 | 0x000A50F4 | 0x00000000 |
CreatePalette | - | 0x004A74F8 | 0x000A74F8 | 0x000A50F8 | 0x00000000 |
CreateICA | - | 0x004A74FC | 0x000A74FC | 0x000A50FC | 0x00000000 |
CreateHalftonePalette | - | 0x004A7500 | 0x000A7500 | 0x000A5100 | 0x00000000 |
CreateFontIndirectA | - | 0x004A7504 | 0x000A7504 | 0x000A5104 | 0x00000000 |
CreateDIBitmap | - | 0x004A7508 | 0x000A7508 | 0x000A5108 | 0x00000000 |
CreateDIBSection | - | 0x004A750C | 0x000A750C | 0x000A510C | 0x00000000 |
CreateDCA | - | 0x004A7510 | 0x000A7510 | 0x000A5110 | 0x00000000 |
CreateCompatibleDC | - | 0x004A7514 | 0x000A7514 | 0x000A5114 | 0x00000000 |
CreateCompatibleBitmap | - | 0x004A7518 | 0x000A7518 | 0x000A5118 | 0x00000000 |
CreateBrushIndirect | - | 0x004A751C | 0x000A751C | 0x000A511C | 0x00000000 |
CreateBitmap | - | 0x004A7520 | 0x000A7520 | 0x000A5120 | 0x00000000 |
CopyEnhMetaFileA | - | 0x004A7524 | 0x000A7524 | 0x000A5124 | 0x00000000 |
CombineRgn | - | 0x004A7528 | 0x000A7528 | 0x000A5128 | 0x00000000 |
BitBlt | - | 0x004A752C | 0x000A752C | 0x000A512C | 0x00000000 |
user32.dll (169)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CreateWindowExA | - | 0x004A7534 | 0x000A7534 | 0x000A5134 | 0x00000000 |
WindowFromPoint | - | 0x004A7538 | 0x000A7538 | 0x000A5138 | 0x00000000 |
WinHelpA | - | 0x004A753C | 0x000A753C | 0x000A513C | 0x00000000 |
WaitMessage | - | 0x004A7540 | 0x000A7540 | 0x000A5140 | 0x00000000 |
UpdateWindow | - | 0x004A7544 | 0x000A7544 | 0x000A5144 | 0x00000000 |
UnregisterClassA | - | 0x004A7548 | 0x000A7548 | 0x000A5148 | 0x00000000 |
UnhookWindowsHookEx | - | 0x004A754C | 0x000A754C | 0x000A514C | 0x00000000 |
TranslateMessage | - | 0x004A7550 | 0x000A7550 | 0x000A5150 | 0x00000000 |
TranslateMDISysAccel | - | 0x004A7554 | 0x000A7554 | 0x000A5154 | 0x00000000 |
TrackPopupMenu | - | 0x004A7558 | 0x000A7558 | 0x000A5158 | 0x00000000 |
SystemParametersInfoA | - | 0x004A755C | 0x000A755C | 0x000A515C | 0x00000000 |
ShowWindow | - | 0x004A7560 | 0x000A7560 | 0x000A5160 | 0x00000000 |
ShowScrollBar | - | 0x004A7564 | 0x000A7564 | 0x000A5164 | 0x00000000 |
ShowOwnedPopups | - | 0x004A7568 | 0x000A7568 | 0x000A5168 | 0x00000000 |
ShowCursor | - | 0x004A756C | 0x000A756C | 0x000A516C | 0x00000000 |
ShowCaret | - | 0x004A7570 | 0x000A7570 | 0x000A5170 | 0x00000000 |
SetWindowsHookExA | - | 0x004A7574 | 0x000A7574 | 0x000A5174 | 0x00000000 |
SetWindowTextA | - | 0x004A7578 | 0x000A7578 | 0x000A5178 | 0x00000000 |
SetWindowPos | - | 0x004A757C | 0x000A757C | 0x000A517C | 0x00000000 |
SetWindowPlacement | - | 0x004A7580 | 0x000A7580 | 0x000A5180 | 0x00000000 |
SetWindowLongA | - | 0x004A7584 | 0x000A7584 | 0x000A5184 | 0x00000000 |
SetTimer | - | 0x004A7588 | 0x000A7588 | 0x000A5188 | 0x00000000 |
SetScrollRange | - | 0x004A758C | 0x000A758C | 0x000A518C | 0x00000000 |
SetScrollPos | - | 0x004A7590 | 0x000A7590 | 0x000A5190 | 0x00000000 |
SetScrollInfo | - | 0x004A7594 | 0x000A7594 | 0x000A5194 | 0x00000000 |
SetRect | - | 0x004A7598 | 0x000A7598 | 0x000A5198 | 0x00000000 |
SetPropA | - | 0x004A759C | 0x000A759C | 0x000A519C | 0x00000000 |
SetParent | - | 0x004A75A0 | 0x000A75A0 | 0x000A51A0 | 0x00000000 |
SetMenuItemInfoA | - | 0x004A75A4 | 0x000A75A4 | 0x000A51A4 | 0x00000000 |
SetMenu | - | 0x004A75A8 | 0x000A75A8 | 0x000A51A8 | 0x00000000 |
SetForegroundWindow | - | 0x004A75AC | 0x000A75AC | 0x000A51AC | 0x00000000 |
SetFocus | - | 0x004A75B0 | 0x000A75B0 | 0x000A51B0 | 0x00000000 |
SetCursor | - | 0x004A75B4 | 0x000A75B4 | 0x000A51B4 | 0x00000000 |
SetClipboardData | - | 0x004A75B8 | 0x000A75B8 | 0x000A51B8 | 0x00000000 |
SetClassLongA | - | 0x004A75BC | 0x000A75BC | 0x000A51BC | 0x00000000 |
SetCapture | - | 0x004A75C0 | 0x000A75C0 | 0x000A51C0 | 0x00000000 |
SetActiveWindow | - | 0x004A75C4 | 0x000A75C4 | 0x000A51C4 | 0x00000000 |
SendMessageA | - | 0x004A75C8 | 0x000A75C8 | 0x000A51C8 | 0x00000000 |
ScrollWindow | - | 0x004A75CC | 0x000A75CC | 0x000A51CC | 0x00000000 |
ScreenToClient | - | 0x004A75D0 | 0x000A75D0 | 0x000A51D0 | 0x00000000 |
RemovePropA | - | 0x004A75D4 | 0x000A75D4 | 0x000A51D4 | 0x00000000 |
RemoveMenu | - | 0x004A75D8 | 0x000A75D8 | 0x000A51D8 | 0x00000000 |
ReleaseDC | - | 0x004A75DC | 0x000A75DC | 0x000A51DC | 0x00000000 |
ReleaseCapture | - | 0x004A75E0 | 0x000A75E0 | 0x000A51E0 | 0x00000000 |
RegisterWindowMessageA | - | 0x004A75E4 | 0x000A75E4 | 0x000A51E4 | 0x00000000 |
RegisterClipboardFormatA | - | 0x004A75E8 | 0x000A75E8 | 0x000A51E8 | 0x00000000 |
RegisterClassA | - | 0x004A75EC | 0x000A75EC | 0x000A51EC | 0x00000000 |
RedrawWindow | - | 0x004A75F0 | 0x000A75F0 | 0x000A51F0 | 0x00000000 |
PtInRect | - | 0x004A75F4 | 0x000A75F4 | 0x000A51F4 | 0x00000000 |
PostQuitMessage | - | 0x004A75F8 | 0x000A75F8 | 0x000A51F8 | 0x00000000 |
PostMessageA | - | 0x004A75FC | 0x000A75FC | 0x000A51FC | 0x00000000 |
PeekMessageA | - | 0x004A7600 | 0x000A7600 | 0x000A5200 | 0x00000000 |
OpenClipboard | - | 0x004A7604 | 0x000A7604 | 0x000A5204 | 0x00000000 |
OffsetRect | - | 0x004A7608 | 0x000A7608 | 0x000A5208 | 0x00000000 |
OemToCharA | - | 0x004A760C | 0x000A760C | 0x000A520C | 0x00000000 |
MessageBoxA | - | 0x004A7610 | 0x000A7610 | 0x000A5210 | 0x00000000 |
MessageBeep | - | 0x004A7614 | 0x000A7614 | 0x000A5214 | 0x00000000 |
MapWindowPoints | - | 0x004A7618 | 0x000A7618 | 0x000A5218 | 0x00000000 |
MapVirtualKeyA | - | 0x004A761C | 0x000A761C | 0x000A521C | 0x00000000 |
LoadStringA | - | 0x004A7620 | 0x000A7620 | 0x000A5220 | 0x00000000 |
LoadKeyboardLayoutA | - | 0x004A7624 | 0x000A7624 | 0x000A5224 | 0x00000000 |
LoadIconA | - | 0x004A7628 | 0x000A7628 | 0x000A5228 | 0x00000000 |
LoadCursorA | - | 0x004A762C | 0x000A762C | 0x000A522C | 0x00000000 |
LoadBitmapA | - | 0x004A7630 | 0x000A7630 | 0x000A5230 | 0x00000000 |
KillTimer | - | 0x004A7634 | 0x000A7634 | 0x000A5234 | 0x00000000 |
IsZoomed | - | 0x004A7638 | 0x000A7638 | 0x000A5238 | 0x00000000 |
IsWindowVisible | - | 0x004A763C | 0x000A763C | 0x000A523C | 0x00000000 |
IsWindowEnabled | - | 0x004A7640 | 0x000A7640 | 0x000A5240 | 0x00000000 |
IsWindow | - | 0x004A7644 | 0x000A7644 | 0x000A5244 | 0x00000000 |
IsRectEmpty | - | 0x004A7648 | 0x000A7648 | 0x000A5248 | 0x00000000 |
IsIconic | - | 0x004A764C | 0x000A764C | 0x000A524C | 0x00000000 |
IsDialogMessageA | - | 0x004A7650 | 0x000A7650 | 0x000A5250 | 0x00000000 |
IsChild | - | 0x004A7654 | 0x000A7654 | 0x000A5254 | 0x00000000 |
InvalidateRect | - | 0x004A7658 | 0x000A7658 | 0x000A5258 | 0x00000000 |
IntersectRect | - | 0x004A765C | 0x000A765C | 0x000A525C | 0x00000000 |
InsertMenuItemA | - | 0x004A7660 | 0x000A7660 | 0x000A5260 | 0x00000000 |
InsertMenuA | - | 0x004A7664 | 0x000A7664 | 0x000A5264 | 0x00000000 |
InflateRect | - | 0x004A7668 | 0x000A7668 | 0x000A5268 | 0x00000000 |
HideCaret | - | 0x004A766C | 0x000A766C | 0x000A526C | 0x00000000 |
GetWindowThreadProcessId | - | 0x004A7670 | 0x000A7670 | 0x000A5270 | 0x00000000 |
GetWindowTextA | - | 0x004A7674 | 0x000A7674 | 0x000A5274 | 0x00000000 |
GetWindowRect | - | 0x004A7678 | 0x000A7678 | 0x000A5278 | 0x00000000 |
GetWindowPlacement | - | 0x004A767C | 0x000A767C | 0x000A527C | 0x00000000 |
GetWindowLongA | - | 0x004A7680 | 0x000A7680 | 0x000A5280 | 0x00000000 |
GetWindowDC | - | 0x004A7684 | 0x000A7684 | 0x000A5284 | 0x00000000 |
GetUpdateRect | - | 0x004A7688 | 0x000A7688 | 0x000A5288 | 0x00000000 |
GetTopWindow | - | 0x004A768C | 0x000A768C | 0x000A528C | 0x00000000 |
GetSystemMetrics | - | 0x004A7690 | 0x000A7690 | 0x000A5290 | 0x00000000 |
GetSystemMenu | - | 0x004A7694 | 0x000A7694 | 0x000A5294 | 0x00000000 |
GetSysColorBrush | - | 0x004A7698 | 0x000A7698 | 0x000A5298 | 0x00000000 |
GetSysColor | - | 0x004A769C | 0x000A769C | 0x000A529C | 0x00000000 |
GetSubMenu | - | 0x004A76A0 | 0x000A76A0 | 0x000A52A0 | 0x00000000 |
GetScrollRange | - | 0x004A76A4 | 0x000A76A4 | 0x000A52A4 | 0x00000000 |
GetScrollPos | - | 0x004A76A8 | 0x000A76A8 | 0x000A52A8 | 0x00000000 |
GetScrollInfo | - | 0x004A76AC | 0x000A76AC | 0x000A52AC | 0x00000000 |
GetPropA | - | 0x004A76B0 | 0x000A76B0 | 0x000A52B0 | 0x00000000 |
GetParent | - | 0x004A76B4 | 0x000A76B4 | 0x000A52B4 | 0x00000000 |
GetWindow | - | 0x004A76B8 | 0x000A76B8 | 0x000A52B8 | 0x00000000 |
GetMenuStringA | - | 0x004A76BC | 0x000A76BC | 0x000A52BC | 0x00000000 |
GetMenuState | - | 0x004A76C0 | 0x000A76C0 | 0x000A52C0 | 0x00000000 |
GetMenuItemInfoA | - | 0x004A76C4 | 0x000A76C4 | 0x000A52C4 | 0x00000000 |
GetMenuItemID | - | 0x004A76C8 | 0x000A76C8 | 0x000A52C8 | 0x00000000 |
GetMenuItemCount | - | 0x004A76CC | 0x000A76CC | 0x000A52CC | 0x00000000 |
GetMenu | - | 0x004A76D0 | 0x000A76D0 | 0x000A52D0 | 0x00000000 |
GetLastActivePopup | - | 0x004A76D4 | 0x000A76D4 | 0x000A52D4 | 0x00000000 |
GetKeyboardState | - | 0x004A76D8 | 0x000A76D8 | 0x000A52D8 | 0x00000000 |
GetKeyboardLayoutList | - | 0x004A76DC | 0x000A76DC | 0x000A52DC | 0x00000000 |
GetKeyboardLayout | - | 0x004A76E0 | 0x000A76E0 | 0x000A52E0 | 0x00000000 |
GetKeyState | - | 0x004A76E4 | 0x000A76E4 | 0x000A52E4 | 0x00000000 |
GetKeyNameTextA | - | 0x004A76E8 | 0x000A76E8 | 0x000A52E8 | 0x00000000 |
GetIconInfo | - | 0x004A76EC | 0x000A76EC | 0x000A52EC | 0x00000000 |
GetForegroundWindow | - | 0x004A76F0 | 0x000A76F0 | 0x000A52F0 | 0x00000000 |
GetFocus | - | 0x004A76F4 | 0x000A76F4 | 0x000A52F4 | 0x00000000 |
GetDlgItem | - | 0x004A76F8 | 0x000A76F8 | 0x000A52F8 | 0x00000000 |
GetDesktopWindow | - | 0x004A76FC | 0x000A76FC | 0x000A52FC | 0x00000000 |
GetDCEx | - | 0x004A7700 | 0x000A7700 | 0x000A5300 | 0x00000000 |
GetDC | - | 0x004A7704 | 0x000A7704 | 0x000A5304 | 0x00000000 |
GetCursorPos | - | 0x004A7708 | 0x000A7708 | 0x000A5308 | 0x00000000 |
GetCursor | - | 0x004A770C | 0x000A770C | 0x000A530C | 0x00000000 |
GetClipboardData | - | 0x004A7710 | 0x000A7710 | 0x000A5310 | 0x00000000 |
GetClientRect | - | 0x004A7714 | 0x000A7714 | 0x000A5314 | 0x00000000 |
GetClassNameA | - | 0x004A7718 | 0x000A7718 | 0x000A5318 | 0x00000000 |
GetClassInfoA | - | 0x004A771C | 0x000A771C | 0x000A531C | 0x00000000 |
GetCapture | - | 0x004A7720 | 0x000A7720 | 0x000A5320 | 0x00000000 |
GetActiveWindow | - | 0x004A7724 | 0x000A7724 | 0x000A5324 | 0x00000000 |
FrameRect | - | 0x004A7728 | 0x000A7728 | 0x000A5328 | 0x00000000 |
FindWindowA | - | 0x004A772C | 0x000A772C | 0x000A532C | 0x00000000 |
FillRect | - | 0x004A7730 | 0x000A7730 | 0x000A5330 | 0x00000000 |
EqualRect | - | 0x004A7734 | 0x000A7734 | 0x000A5334 | 0x00000000 |
EnumWindows | - | 0x004A7738 | 0x000A7738 | 0x000A5338 | 0x00000000 |
EnumThreadWindows | - | 0x004A773C | 0x000A773C | 0x000A533C | 0x00000000 |
EndPaint | - | 0x004A7740 | 0x000A7740 | 0x000A5340 | 0x00000000 |
EnableWindow | - | 0x004A7744 | 0x000A7744 | 0x000A5344 | 0x00000000 |
EnableScrollBar | - | 0x004A7748 | 0x000A7748 | 0x000A5348 | 0x00000000 |
EnableMenuItem | - | 0x004A774C | 0x000A774C | 0x000A534C | 0x00000000 |
EmptyClipboard | - | 0x004A7750 | 0x000A7750 | 0x000A5350 | 0x00000000 |
DrawTextA | - | 0x004A7754 | 0x000A7754 | 0x000A5354 | 0x00000000 |
DrawStateA | - | 0x004A7758 | 0x000A7758 | 0x000A5358 | 0x00000000 |
DrawMenuBar | - | 0x004A775C | 0x000A775C | 0x000A535C | 0x00000000 |
DrawIconEx | - | 0x004A7760 | 0x000A7760 | 0x000A5360 | 0x00000000 |
DrawIcon | - | 0x004A7764 | 0x000A7764 | 0x000A5364 | 0x00000000 |
DrawFrameControl | - | 0x004A7768 | 0x000A7768 | 0x000A5368 | 0x00000000 |
DrawFocusRect | - | 0x004A776C | 0x000A776C | 0x000A536C | 0x00000000 |
DrawEdge | - | 0x004A7770 | 0x000A7770 | 0x000A5370 | 0x00000000 |
DispatchMessageA | - | 0x004A7774 | 0x000A7774 | 0x000A5374 | 0x00000000 |
DestroyWindow | - | 0x004A7778 | 0x000A7778 | 0x000A5378 | 0x00000000 |
DestroyMenu | - | 0x004A777C | 0x000A777C | 0x000A537C | 0x00000000 |
DestroyIcon | - | 0x004A7780 | 0x000A7780 | 0x000A5380 | 0x00000000 |
DestroyCursor | - | 0x004A7784 | 0x000A7784 | 0x000A5384 | 0x00000000 |
DeleteMenu | - | 0x004A7788 | 0x000A7788 | 0x000A5388 | 0x00000000 |
DefWindowProcA | - | 0x004A778C | 0x000A778C | 0x000A538C | 0x00000000 |
DefMDIChildProcA | - | 0x004A7790 | 0x000A7790 | 0x000A5390 | 0x00000000 |
DefFrameProcA | - | 0x004A7794 | 0x000A7794 | 0x000A5394 | 0x00000000 |
CreatePopupMenu | - | 0x004A7798 | 0x000A7798 | 0x000A5398 | 0x00000000 |
CreateMenu | - | 0x004A779C | 0x000A779C | 0x000A539C | 0x00000000 |
CreateIcon | - | 0x004A77A0 | 0x000A77A0 | 0x000A53A0 | 0x00000000 |
CloseClipboard | - | 0x004A77A4 | 0x000A77A4 | 0x000A53A4 | 0x00000000 |
ClientToScreen | - | 0x004A77A8 | 0x000A77A8 | 0x000A53A8 | 0x00000000 |
CheckMenuItem | - | 0x004A77AC | 0x000A77AC | 0x000A53AC | 0x00000000 |
CallWindowProcA | - | 0x004A77B0 | 0x000A77B0 | 0x000A53B0 | 0x00000000 |
CallNextHookEx | - | 0x004A77B4 | 0x000A77B4 | 0x000A53B4 | 0x00000000 |
BeginPaint | - | 0x004A77B8 | 0x000A77B8 | 0x000A53B8 | 0x00000000 |
CharNextA | - | 0x004A77BC | 0x000A77BC | 0x000A53BC | 0x00000000 |
CharLowerBuffA | - | 0x004A77C0 | 0x000A77C0 | 0x000A53C0 | 0x00000000 |
CharLowerA | - | 0x004A77C4 | 0x000A77C4 | 0x000A53C4 | 0x00000000 |
CharUpperBuffA | - | 0x004A77C8 | 0x000A77C8 | 0x000A53C8 | 0x00000000 |
CharToOemA | - | 0x004A77CC | 0x000A77CC | 0x000A53CC | 0x00000000 |
AdjustWindowRectEx | - | 0x004A77D0 | 0x000A77D0 | 0x000A53D0 | 0x00000000 |
ActivateKeyboardLayout | - | 0x004A77D4 | 0x000A77D4 | 0x000A53D4 | 0x00000000 |
kernel32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
Sleep | - | 0x004A77DC | 0x000A77DC | 0x000A53DC | 0x00000000 |
oleaut32.dll (13)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SafeArrayPtrOfIndex | - | 0x004A77E4 | 0x000A77E4 | 0x000A53E4 | 0x00000000 |
SafeArrayPutElement | - | 0x004A77E8 | 0x000A77E8 | 0x000A53E8 | 0x00000000 |
SafeArrayGetElement | - | 0x004A77EC | 0x000A77EC | 0x000A53EC | 0x00000000 |
SafeArrayUnaccessData | - | 0x004A77F0 | 0x000A77F0 | 0x000A53F0 | 0x00000000 |
SafeArrayAccessData | - | 0x004A77F4 | 0x000A77F4 | 0x000A53F4 | 0x00000000 |
SafeArrayGetUBound | - | 0x004A77F8 | 0x000A77F8 | 0x000A53F8 | 0x00000000 |
SafeArrayGetLBound | - | 0x004A77FC | 0x000A77FC | 0x000A53FC | 0x00000000 |
SafeArrayCreate | - | 0x004A7800 | 0x000A7800 | 0x000A5400 | 0x00000000 |
VariantChangeType | - | 0x004A7804 | 0x000A7804 | 0x000A5404 | 0x00000000 |
VariantCopyInd | - | 0x004A7808 | 0x000A7808 | 0x000A5408 | 0x00000000 |
VariantCopy | - | 0x004A780C | 0x000A780C | 0x000A540C | 0x00000000 |
VariantClear | - | 0x004A7810 | 0x000A7810 | 0x000A5410 | 0x00000000 |
VariantInit | - | 0x004A7814 | 0x000A7814 | 0x000A5414 | 0x00000000 |
ole32.dll (7)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CoTaskMemFree | - | 0x004A781C | 0x000A781C | 0x000A541C | 0x00000000 |
ProgIDFromCLSID | - | 0x004A7820 | 0x000A7820 | 0x000A5420 | 0x00000000 |
StringFromCLSID | - | 0x004A7824 | 0x000A7824 | 0x000A5424 | 0x00000000 |
CoCreateInstance | - | 0x004A7828 | 0x000A7828 | 0x000A5428 | 0x00000000 |
CoUninitialize | - | 0x004A782C | 0x000A782C | 0x000A542C | 0x00000000 |
CoInitialize | - | 0x004A7830 | 0x000A7830 | 0x000A5430 | 0x00000000 |
IsEqualGUID | - | 0x004A7834 | 0x000A7834 | 0x000A5434 | 0x00000000 |
oleaut32.dll (3)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetErrorInfo | - | 0x004A783C | 0x000A783C | 0x000A543C | 0x00000000 |
GetActiveObject | - | 0x004A7840 | 0x000A7840 | 0x000A5440 | 0x00000000 |
SysFreeString | - | 0x004A7844 | 0x000A7844 | 0x000A5444 | 0x00000000 |
comctl32.dll (25)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
ImageList_SetIconSize | - | 0x004A784C | 0x000A784C | 0x000A544C | 0x00000000 |
ImageList_GetIconSize | - | 0x004A7850 | 0x000A7850 | 0x000A5450 | 0x00000000 |
ImageList_Write | - | 0x004A7854 | 0x000A7854 | 0x000A5454 | 0x00000000 |
ImageList_Read | - | 0x004A7858 | 0x000A7858 | 0x000A5458 | 0x00000000 |
ImageList_GetDragImage | - | 0x004A785C | 0x000A785C | 0x000A545C | 0x00000000 |
ImageList_DragShowNolock | - | 0x004A7860 | 0x000A7860 | 0x000A5460 | 0x00000000 |
ImageList_SetDragCursorImage | - | 0x004A7864 | 0x000A7864 | 0x000A5464 | 0x00000000 |
ImageList_DragMove | - | 0x004A7868 | 0x000A7868 | 0x000A5468 | 0x00000000 |
ImageList_DragLeave | - | 0x004A786C | 0x000A786C | 0x000A546C | 0x00000000 |
ImageList_DragEnter | - | 0x004A7870 | 0x000A7870 | 0x000A5470 | 0x00000000 |
ImageList_EndDrag | - | 0x004A7874 | 0x000A7874 | 0x000A5474 | 0x00000000 |
ImageList_BeginDrag | - | 0x004A7878 | 0x000A7878 | 0x000A5478 | 0x00000000 |
ImageList_Remove | - | 0x004A787C | 0x000A787C | 0x000A547C | 0x00000000 |
ImageList_DrawEx | - | 0x004A7880 | 0x000A7880 | 0x000A5480 | 0x00000000 |
ImageList_Replace | - | 0x004A7884 | 0x000A7884 | 0x000A5484 | 0x00000000 |
ImageList_Draw | - | 0x004A7888 | 0x000A7888 | 0x000A5488 | 0x00000000 |
ImageList_GetBkColor | - | 0x004A788C | 0x000A788C | 0x000A548C | 0x00000000 |
ImageList_SetBkColor | - | 0x004A7890 | 0x000A7890 | 0x000A5490 | 0x00000000 |
ImageList_ReplaceIcon | - | 0x004A7894 | 0x000A7894 | 0x000A5494 | 0x00000000 |
ImageList_Add | - | 0x004A7898 | 0x000A7898 | 0x000A5498 | 0x00000000 |
ImageList_SetImageCount | - | 0x004A789C | 0x000A789C | 0x000A549C | 0x00000000 |
ImageList_GetImageCount | - | 0x004A78A0 | 0x000A78A0 | 0x000A54A0 | 0x00000000 |
ImageList_Destroy | - | 0x004A78A4 | 0x000A78A4 | 0x000A54A4 | 0x00000000 |
ImageList_Create | - | 0x004A78A8 | 0x000A78A8 | 0x000A54A8 | 0x00000000 |
InitCommonControls | - | 0x004A78AC | 0x000A78AC | 0x000A54AC | 0x00000000 |
winspool.drv (4)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
OpenPrinterA | - | 0x004A78B4 | 0x000A78B4 | 0x000A54B4 | 0x00000000 |
EnumPrintersA | - | 0x004A78B8 | 0x000A78B8 | 0x000A54B8 | 0x00000000 |
DocumentPropertiesA | - | 0x004A78BC | 0x000A78BC | 0x000A54BC | 0x00000000 |
ClosePrinter | - | 0x004A78C0 | 0x000A78C0 | 0x000A54C0 | 0x00000000 |
shell32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
ShellExecuteA | - | 0x004A78C8 | 0x000A78C8 | 0x000A54C8 | 0x00000000 |
comdlg32.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetSaveFileNameA | - | 0x004A78D0 | 0x000A78D0 | 0x000A54D0 | 0x00000000 |
GetOpenFileNameA | - | 0x004A78D4 | 0x000A78D4 | 0x000A54D4 | 0x00000000 |
winmm.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
sndPlaySoundA | - | 0x004A78DC | 0x000A78DC | 0x000A54DC | 0x00000000 |
kernel32 (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
VirtualProtect | - | 0x004A78E4 | 0x000A78E4 | 0x000A54E4 | 0x00000000 |
GetProcAddress | - | 0x004A78E8 | 0x000A78E8 | 0x000A54E8 | 0x00000000 |
URL (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
AddMIMEFileTypesPS | - | 0x004A78F0 | 0x000A78F0 | 0x000A54F0 | 0x00000000 |
Memory Dumps (128)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Relevant Image | 32-bit | 0x0040482C |
...
|
||
buffer | 1 | 0x021D0000 | 0x021D0FFF | First Execution | 32-bit | 0x021D0FEF |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | 0x004A0000 |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | 0x00402D50 |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | 0x0040F18E |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | 0x00401E4C |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | 0x0049E08A |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | 0x00407250 |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | 0x00402D50 |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | 0x0049F000 |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | 0x0040F18E |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
buffer | 1 | 0x02330000 | 0x0234CFFF | Marked Executable | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
buffer | 1 | 0x02330000 | 0x0234CFFF | Marked Executable | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
buffer | 1 | 0x02330000 | 0x0234CFFF | Marked Executable | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
buffer | 1 | 0x02330000 | 0x0234CFFF | Marked Executable | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | - |
...
|
||
buffer | 1 | 0x02330000 | 0x0234CFFF | Marked Executable | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | 0x0049F276 |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Content Changed | 32-bit | 0x00426680 |
...
|
||
buffer | 1 | 0x02330000 | 0x0234CFFF | First Execution | 32-bit | 0x0234529C |
...
|
||
buffer | 1 | 0x0416A000 | 0x0416FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x0019C000 | 0x0019FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x00671AE8 | 0x00672ADF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x00672AE8 | 0x0067312B | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x0068AA58 | 0x0068BA4F | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x0068BA58 | 0x0068C09B | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x021D0000 | 0x021D0FFF | First Network Behavior | 32-bit | 0x021D0E69 |
...
|
||
buffer | 1 | 0x02214000 | 0x02217FFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x02218000 | 0x0221BFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x0221C000 | 0x0221FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x02220000 | 0x022BFFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x02330000 | 0x0234CFFF | First Network Behavior | 32-bit | 0x02336684 |
...
|
||
buffer | 1 | 0x03E68000 | 0x03E6FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x03EE8000 | 0x03EEBFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x03EEC000 | 0x03EEFFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x03EF0000 | 0x03EF3FFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x03EF4000 | 0x03EF7FFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x03EF8000 | 0x03EFBFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x03EFC000 | 0x03EFFFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x04270000 | 0x0464FFFF | First Network Behavior | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | First Network Behavior | 32-bit | 0x0044769C |
...
|
||
counters.dat | 1 | 0x026E0000 | 0x026E0FFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x04D20000 | 0x04D83FFF | Marked Executable | 32-bit | - |
...
|
||
buffer | 1 | 0x04D20000 | 0x04D83FFF | Marked Executable | 32-bit | - |
...
|
||
buffer | 1 | 0x04D20000 | 0x04D83FFF | Marked Executable | 32-bit | - |
...
|
||
buffer | 1 | 0x04D20000 | 0x04D83FFF | Marked Executable | 32-bit | - |
...
|
||
buffer | 1 | 0x04D20000 | 0x04D83FFF | Marked Executable | 32-bit | - |
...
|
||
buffer | 1 | 0x04D20000 | 0x04D83FFF | Marked Executable | 32-bit | - |
...
|
||
buffer | 1 | 0x04D20000 | 0x04D83FFF | Marked Executable | 32-bit | - |
...
|
||
buffer | 1 | 0x04D20000 | 0x04D83FFF | First Execution | 32-bit | 0x04D4656C |
...
|
||
buffer | 1 | 0x04FE0000 | 0x0511FFFF | Dump Rule: FormBookConfig | 32-bit | - |
...
|
||
buffer | 1 | 0x04BE0000 | 0x04BE3FFF | Image In Buffer | 32-bit | - |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Final Dump | 32-bit | 0x00426680 |
...
|
||
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe | 1 | 0x00400000 | 0x004FBFFF | Process Termination | 32-bit | - |
...
|
C:\Users\Public\Libraries\ocecdT.url | Dropped File | Text |
Clean
|
...
|
»
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat | Modified File | Stream |
Clean
|
...
|
»