Malicious
Classifications
Injector Exploit Downloader Spyware
Threat Names
RedLine RedLine.A Mal/Generic-S Mal/HTMLGen-A
Dynamic Analysis Report
Created on 2024-07-10T08:14:01+00:00
noto.rtf
RTF Document
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes" to "10 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\kEecfMwgj\Desktop\noto.rtf | Sample File | RTF |
Malicious
|
...
|
»
| MIME Type | text/rtf |
| File Size | 587.84 KB |
| MD5 |
5dc12bc41c0a32f56f7a6d6271d29164
|
| SHA1 |
eb0a4f68a923401892465a7a3a155b3ccd77187f
|
| SHA256 |
301fed97c01d2236d1cbabe06160562605da6f445fa3a4c28417560d06d21430
|
| SSDeep |
6144:5GuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuVZTL:sl
|
| ImpHash | - |
| Static Analysis Parser Error | invalid control word value pattern |
File Reputation Information
»
| Verdict |
Malicious
|
| Names | Mal/Generic-S |
Office Information
»
Document Content Snippet
»
97833425please click Enable editing from the yellow bar above.The independent auditors’ opinion says the financial statements are fairly stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit’s) employees in the normal course of performing their duties. If the auditors detect an unexpected material misstatement during your audit, it could indicate that your internal controls are not functioning properly. Conver |
| C:\Users\kEecfMwgj\AppData\Roaming\notorious28194.exe | Downloaded File | Binary |
Malicious
|
...
|
»
| Also Known As |
c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\wabmig[1].exe (Downloaded File, Extracted File)
|
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 1.01 MB |
| MD5 |
b9ee640ecbfc92e1c9dcdbd9cb3f9c0a
|
| SHA1 |
2e35a14bd3248b06454171cbeccb6cfc4dc3d8ba
|
| SHA256 |
d240f1d613cb07b69b49acc24b5826d2623c96af6f7ff9674df690c7cc6745b1
|
| SSDeep |
24576:5AHnh+eWsN3skA4RV1Hom2KXMmHaLWPM9Bbm5:Ah+ZkldoPK8YaLKM9a
|
| ImpHash |
afcdf79be1557326c854b6e20cb900a7
|
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x0042800A |
| Size Of Code | 0x0008E000 |
| Size Of Initialized Data | 0x00074A00 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2024-07-09 22:39 (UTC) |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00401000 | 0x0008DFDD | 0x0008E000 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.68 |
| .rdata | 0x0048F000 | 0x0002FD8E | 0x0002FE00 | 0x0008E400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.76 |
| .data | 0x004BF000 | 0x00008F74 | 0x00005200 | 0x000BE200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.2 |
| .rsrc | 0x004C8000 | 0x0003876C | 0x00038800 | 0x000C3400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.31 |
| .reloc | 0x00501000 | 0x00007134 | 0x00007200 | 0x000FBC00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.78 |
Imports (18)
»
WSOCK32.dll (23)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WSACleanup | 0x00000074 | 0x0048F7C8 | 0x000BCA10 | 0x000BBE10 | - |
| socket | 0x00000017 | 0x0048F7CC | 0x000BCA14 | 0x000BBE14 | - |
| inet_ntoa | 0x0000000C | 0x0048F7D0 | 0x000BCA18 | 0x000BBE18 | - |
| setsockopt | 0x00000015 | 0x0048F7D4 | 0x000BCA1C | 0x000BBE1C | - |
| ntohs | 0x0000000F | 0x0048F7D8 | 0x000BCA20 | 0x000BBE20 | - |
| recvfrom | 0x00000011 | 0x0048F7DC | 0x000BCA24 | 0x000BBE24 | - |
| ioctlsocket | 0x0000000A | 0x0048F7E0 | 0x000BCA28 | 0x000BBE28 | - |
| htons | 0x00000009 | 0x0048F7E4 | 0x000BCA2C | 0x000BBE2C | - |
| WSAStartup | 0x00000073 | 0x0048F7E8 | 0x000BCA30 | 0x000BBE30 | - |
| __WSAFDIsSet | 0x00000097 | 0x0048F7EC | 0x000BCA34 | 0x000BBE34 | - |
| select | 0x00000012 | 0x0048F7F0 | 0x000BCA38 | 0x000BBE38 | - |
| accept | 0x00000001 | 0x0048F7F4 | 0x000BCA3C | 0x000BBE3C | - |
| listen | 0x0000000D | 0x0048F7F8 | 0x000BCA40 | 0x000BBE40 | - |
| bind | 0x00000002 | 0x0048F7FC | 0x000BCA44 | 0x000BBE44 | - |
| closesocket | 0x00000003 | 0x0048F800 | 0x000BCA48 | 0x000BBE48 | - |
| WSAGetLastError | 0x0000006F | 0x0048F804 | 0x000BCA4C | 0x000BBE4C | - |
| recv | 0x00000010 | 0x0048F808 | 0x000BCA50 | 0x000BBE50 | - |
| sendto | 0x00000014 | 0x0048F80C | 0x000BCA54 | 0x000BBE54 | - |
| send | 0x00000013 | 0x0048F810 | 0x000BCA58 | 0x000BBE58 | - |
| inet_addr | 0x0000000B | 0x0048F814 | 0x000BCA5C | 0x000BBE5C | - |
| gethostbyname | 0x00000034 | 0x0048F818 | 0x000BCA60 | 0x000BBE60 | - |
| gethostname | 0x00000039 | 0x0048F81C | 0x000BCA64 | 0x000BBE64 | - |
| connect | 0x00000004 | 0x0048F820 | 0x000BCA68 | 0x000BBE68 | - |
VERSION.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoW | - | 0x0048F76C | 0x000BC9B4 | 0x000BBDB4 | 0x00000006 |
| GetFileVersionInfoSizeW | - | 0x0048F770 | 0x000BC9B8 | 0x000BBDB8 | 0x00000005 |
| VerQueryValueW | - | 0x0048F774 | 0x000BC9BC | 0x000BBDBC | 0x0000000E |
WINMM.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| timeGetTime | - | 0x0048F7B8 | 0x000BCA00 | 0x000BBE00 | 0x00000094 |
| waveOutSetVolume | - | 0x0048F7BC | 0x000BCA04 | 0x000BBE04 | 0x000000BB |
| mciSendStringW | - | 0x0048F7C0 | 0x000BCA08 | 0x000BBE08 | 0x00000032 |
COMCTL32.dll (11)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ImageList_ReplaceIcon | - | 0x0048F088 | 0x000BC2D0 | 0x000BB6D0 | 0x0000006F |
| ImageList_Destroy | - | 0x0048F08C | 0x000BC2D4 | 0x000BB6D4 | 0x00000054 |
| ImageList_Remove | - | 0x0048F090 | 0x000BC2D8 | 0x000BB6D8 | 0x0000006D |
| ImageList_SetDragCursorImage | - | 0x0048F094 | 0x000BC2DC | 0x000BB6DC | 0x00000072 |
| ImageList_BeginDrag | - | 0x0048F098 | 0x000BC2E0 | 0x000BB6E0 | 0x00000050 |
| ImageList_DragEnter | - | 0x0048F09C | 0x000BC2E4 | 0x000BB6E4 | 0x00000056 |
| ImageList_DragLeave | - | 0x0048F0A0 | 0x000BC2E8 | 0x000BB6E8 | 0x00000057 |
| ImageList_EndDrag | - | 0x0048F0A4 | 0x000BC2EC | 0x000BB6EC | 0x0000005E |
| ImageList_DragMove | - | 0x0048F0A8 | 0x000BC2F0 | 0x000BB6F0 | 0x00000058 |
| InitCommonControlsEx | - | 0x0048F0AC | 0x000BC2F4 | 0x000BB6F4 | 0x0000007B |
| ImageList_Create | - | 0x0048F0B0 | 0x000BC2F8 | 0x000BB6F8 | 0x00000053 |
MPR.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WNetUseConnectionW | - | 0x0048F3F8 | 0x000BC640 | 0x000BBA40 | 0x00000049 |
| WNetCancelConnection2W | - | 0x0048F3FC | 0x000BC644 | 0x000BBA44 | 0x0000000C |
| WNetGetConnectionW | - | 0x0048F400 | 0x000BC648 | 0x000BBA48 | 0x00000024 |
| WNetAddConnection2W | - | 0x0048F404 | 0x000BC64C | 0x000BBA4C | 0x00000006 |
WININET.dll (14)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InternetQueryDataAvailable | - | 0x0048F77C | 0x000BC9C4 | 0x000BBDC4 | 0x0000009B |
| InternetCloseHandle | - | 0x0048F780 | 0x000BC9C8 | 0x000BBDC8 | 0x0000006B |
| InternetOpenW | - | 0x0048F784 | 0x000BC9CC | 0x000BBDCC | 0x0000009A |
| InternetSetOptionW | - | 0x0048F788 | 0x000BC9D0 | 0x000BBDD0 | 0x000000AF |
| InternetCrackUrlW | - | 0x0048F78C | 0x000BC9D4 | 0x000BBDD4 | 0x00000074 |
| HttpQueryInfoW | - | 0x0048F790 | 0x000BC9D8 | 0x000BBDD8 | 0x0000005A |
| InternetQueryOptionW | - | 0x0048F794 | 0x000BC9DC | 0x000BBDDC | 0x0000009E |
| HttpOpenRequestW | - | 0x0048F798 | 0x000BC9E0 | 0x000BBDE0 | 0x00000058 |
| HttpSendRequestW | - | 0x0048F79C | 0x000BC9E4 | 0x000BBDE4 | 0x0000005E |
| FtpOpenFileW | - | 0x0048F7A0 | 0x000BC9E8 | 0x000BBDE8 | 0x00000035 |
| FtpGetFileSize | - | 0x0048F7A4 | 0x000BC9EC | 0x000BBDEC | 0x00000032 |
| InternetOpenUrlW | - | 0x0048F7A8 | 0x000BC9F0 | 0x000BBDF0 | 0x00000099 |
| InternetReadFile | - | 0x0048F7AC | 0x000BC9F4 | 0x000BBDF4 | 0x0000009F |
| InternetConnectW | - | 0x0048F7B0 | 0x000BC9F8 | 0x000BBDF8 | 0x00000072 |
PSAPI.DLL (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetProcessMemoryInfo | - | 0x0048F484 | 0x000BC6CC | 0x000BBACC | 0x00000015 |
IPHLPAPI.DLL (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| IcmpCreateFile | - | 0x0048F154 | 0x000BC39C | 0x000BB79C | 0x00000085 |
| IcmpCloseHandle | - | 0x0048F158 | 0x000BC3A0 | 0x000BB7A0 | 0x00000084 |
| IcmpSendEcho | - | 0x0048F15C | 0x000BC3A4 | 0x000BB7A4 | 0x00000087 |
USERENV.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DestroyEnvironmentBlock | - | 0x0048F750 | 0x000BC998 | 0x000BBD98 | 0x00000004 |
| UnloadUserProfile | - | 0x0048F754 | 0x000BC99C | 0x000BBD9C | 0x0000002C |
| CreateEnvironmentBlock | - | 0x0048F758 | 0x000BC9A0 | 0x000BBDA0 | 0x00000000 |
| LoadUserProfileW | - | 0x0048F75C | 0x000BC9A4 | 0x000BBDA4 | 0x00000021 |
UxTheme.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| IsThemeActive | - | 0x0048F764 | 0x000BC9AC | 0x000BBDAC | 0x0000003F |
KERNEL32.dll (164)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DuplicateHandle | - | 0x0048F164 | 0x000BC3AC | 0x000BB7AC | 0x000000E8 |
| CreateThread | - | 0x0048F168 | 0x000BC3B0 | 0x000BB7B0 | 0x000000B5 |
| WaitForSingleObject | - | 0x0048F16C | 0x000BC3B4 | 0x000BB7B4 | 0x000004F9 |
| HeapAlloc | - | 0x0048F170 | 0x000BC3B8 | 0x000BB7B8 | 0x000002CB |
| GetProcessHeap | - | 0x0048F174 | 0x000BC3BC | 0x000BB7BC | 0x0000024A |
| HeapFree | - | 0x0048F178 | 0x000BC3C0 | 0x000BB7C0 | 0x000002CF |
| Sleep | - | 0x0048F17C | 0x000BC3C4 | 0x000BB7C4 | 0x000004B2 |
| GetCurrentThreadId | - | 0x0048F180 | 0x000BC3C8 | 0x000BB7C8 | 0x000001C5 |
| MultiByteToWideChar | - | 0x0048F184 | 0x000BC3CC | 0x000BB7CC | 0x00000367 |
| MulDiv | - | 0x0048F188 | 0x000BC3D0 | 0x000BB7D0 | 0x00000366 |
| GetVersionExW | - | 0x0048F18C | 0x000BC3D4 | 0x000BB7D4 | 0x000002A4 |
| IsWow64Process | - | 0x0048F190 | 0x000BC3D8 | 0x000BB7D8 | 0x0000030E |
| GetSystemInfo | - | 0x0048F194 | 0x000BC3DC | 0x000BB7DC | 0x00000273 |
| FreeLibrary | - | 0x0048F198 | 0x000BC3E0 | 0x000BB7E0 | 0x00000162 |
| LoadLibraryA | - | 0x0048F19C | 0x000BC3E4 | 0x000BB7E4 | 0x0000033C |
| GetProcAddress | - | 0x0048F1A0 | 0x000BC3E8 | 0x000BB7E8 | 0x00000245 |
| SetErrorMode | - | 0x0048F1A4 | 0x000BC3EC | 0x000BB7EC | 0x00000458 |
| GetModuleFileNameW | - | 0x0048F1A8 | 0x000BC3F0 | 0x000BB7F0 | 0x00000214 |
| WideCharToMultiByte | - | 0x0048F1AC | 0x000BC3F4 | 0x000BB7F4 | 0x00000511 |
| lstrcpyW | - | 0x0048F1B0 | 0x000BC3F8 | 0x000BB7F8 | 0x00000548 |
| lstrlenW | - | 0x0048F1B4 | 0x000BC3FC | 0x000BB7FC | 0x0000054E |
| GetModuleHandleW | - | 0x0048F1B8 | 0x000BC400 | 0x000BB800 | 0x00000218 |
| QueryPerformanceCounter | - | 0x0048F1BC | 0x000BC404 | 0x000BB804 | 0x000003A7 |
| VirtualFreeEx | - | 0x0048F1C0 | 0x000BC408 | 0x000BB808 | 0x000004ED |
| OpenProcess | - | 0x0048F1C4 | 0x000BC40C | 0x000BB80C | 0x00000380 |
| VirtualAllocEx | - | 0x0048F1C8 | 0x000BC410 | 0x000BB810 | 0x000004EA |
| WriteProcessMemory | - | 0x0048F1CC | 0x000BC414 | 0x000BB814 | 0x0000052E |
| ReadProcessMemory | - | 0x0048F1D0 | 0x000BC418 | 0x000BB818 | 0x000003C3 |
| CreateFileW | - | 0x0048F1D4 | 0x000BC41C | 0x000BB81C | 0x0000008F |
| SetFilePointerEx | - | 0x0048F1D8 | 0x000BC420 | 0x000BB820 | 0x00000467 |
| SetEndOfFile | - | 0x0048F1DC | 0x000BC424 | 0x000BB824 | 0x00000453 |
| ReadFile | - | 0x0048F1E0 | 0x000BC428 | 0x000BB828 | 0x000003C0 |
| WriteFile | - | 0x0048F1E4 | 0x000BC42C | 0x000BB82C | 0x00000525 |
| FlushFileBuffers | - | 0x0048F1E8 | 0x000BC430 | 0x000BB830 | 0x00000157 |
| TerminateProcess | - | 0x0048F1EC | 0x000BC434 | 0x000BB834 | 0x000004C0 |
| CreateToolhelp32Snapshot | - | 0x0048F1F0 | 0x000BC438 | 0x000BB838 | 0x000000BE |
| Process32FirstW | - | 0x0048F1F4 | 0x000BC43C | 0x000BB83C | 0x00000396 |
| Process32NextW | - | 0x0048F1F8 | 0x000BC440 | 0x000BB840 | 0x00000398 |
| SetFileTime | - | 0x0048F1FC | 0x000BC444 | 0x000BB844 | 0x0000046A |
| GetFileAttributesW | - | 0x0048F200 | 0x000BC448 | 0x000BB848 | 0x000001EA |
| FindFirstFileW | - | 0x0048F204 | 0x000BC44C | 0x000BB84C | 0x00000139 |
| SetCurrentDirectoryW | - | 0x0048F208 | 0x000BC450 | 0x000BB850 | 0x0000044D |
| GetLongPathNameW | - | 0x0048F20C | 0x000BC454 | 0x000BB854 | 0x0000020F |
| GetShortPathNameW | - | 0x0048F210 | 0x000BC458 | 0x000BB858 | 0x00000261 |
| DeleteFileW | - | 0x0048F214 | 0x000BC45C | 0x000BB85C | 0x000000D6 |
| FindNextFileW | - | 0x0048F218 | 0x000BC460 | 0x000BB860 | 0x00000145 |
| CopyFileExW | - | 0x0048F21C | 0x000BC464 | 0x000BB864 | 0x00000072 |
| MoveFileW | - | 0x0048F220 | 0x000BC468 | 0x000BB868 | 0x00000363 |
| CreateDirectoryW | - | 0x0048F224 | 0x000BC46C | 0x000BB86C | 0x00000081 |
| RemoveDirectoryW | - | 0x0048F228 | 0x000BC470 | 0x000BB870 | 0x00000403 |
| SetSystemPowerState | - | 0x0048F22C | 0x000BC474 | 0x000BB874 | 0x0000048A |
| QueryPerformanceFrequency | - | 0x0048F230 | 0x000BC478 | 0x000BB878 | 0x000003A8 |
| FindResourceW | - | 0x0048F234 | 0x000BC47C | 0x000BB87C | 0x0000014E |
| LoadResource | - | 0x0048F238 | 0x000BC480 | 0x000BB880 | 0x00000341 |
| LockResource | - | 0x0048F23C | 0x000BC484 | 0x000BB884 | 0x00000354 |
| SizeofResource | - | 0x0048F240 | 0x000BC488 | 0x000BB888 | 0x000004B1 |
| EnumResourceNamesW | - | 0x0048F244 | 0x000BC48C | 0x000BB88C | 0x00000102 |
| OutputDebugStringW | - | 0x0048F248 | 0x000BC490 | 0x000BB890 | 0x0000038A |
| GetTempPathW | - | 0x0048F24C | 0x000BC494 | 0x000BB894 | 0x00000285 |
| GetTempFileNameW | - | 0x0048F250 | 0x000BC498 | 0x000BB898 | 0x00000283 |
| DeviceIoControl | - | 0x0048F254 | 0x000BC49C | 0x000BB89C | 0x000000DD |
| GetLocalTime | - | 0x0048F258 | 0x000BC4A0 | 0x000BB8A0 | 0x00000203 |
| CompareStringW | - | 0x0048F25C | 0x000BC4A4 | 0x000BB8A4 | 0x00000064 |
| GetCurrentProcess | - | 0x0048F260 | 0x000BC4A8 | 0x000BB8A8 | 0x000001C0 |
| EnterCriticalSection | - | 0x0048F264 | 0x000BC4AC | 0x000BB8AC | 0x000000EE |
| LeaveCriticalSection | - | 0x0048F268 | 0x000BC4B0 | 0x000BB8B0 | 0x00000339 |
| GetStdHandle | - | 0x0048F26C | 0x000BC4B4 | 0x000BB8B4 | 0x00000264 |
| CreatePipe | - | 0x0048F270 | 0x000BC4B8 | 0x000BB8B8 | 0x000000A1 |
| InterlockedExchange | - | 0x0048F274 | 0x000BC4BC | 0x000BB8BC | 0x000002EC |
| TerminateThread | - | 0x0048F278 | 0x000BC4C0 | 0x000BB8C0 | 0x000004C1 |
| LoadLibraryExW | - | 0x0048F27C | 0x000BC4C4 | 0x000BB8C4 | 0x0000033E |
| FindResourceExW | - | 0x0048F280 | 0x000BC4C8 | 0x000BB8C8 | 0x0000014D |
| CopyFileW | - | 0x0048F284 | 0x000BC4CC | 0x000BB8CC | 0x00000075 |
| VirtualFree | - | 0x0048F288 | 0x000BC4D0 | 0x000BB8D0 | 0x000004EC |
| FormatMessageW | - | 0x0048F28C | 0x000BC4D4 | 0x000BB8D4 | 0x0000015E |
| GetExitCodeProcess | - | 0x0048F290 | 0x000BC4D8 | 0x000BB8D8 | 0x000001DF |
| GetPrivateProfileStringW | - | 0x0048F294 | 0x000BC4DC | 0x000BB8DC | 0x00000242 |
| WritePrivateProfileStringW | - | 0x0048F298 | 0x000BC4E0 | 0x000BB8E0 | 0x0000052B |
| GetPrivateProfileSectionW | - | 0x0048F29C | 0x000BC4E4 | 0x000BB8E4 | 0x00000240 |
| WritePrivateProfileSectionW | - | 0x0048F2A0 | 0x000BC4E8 | 0x000BB8E8 | 0x00000529 |
| GetPrivateProfileSectionNamesW | - | 0x0048F2A4 | 0x000BC4EC | 0x000BB8EC | 0x0000023F |
| FileTimeToLocalFileTime | - | 0x0048F2A8 | 0x000BC4F0 | 0x000BB8F0 | 0x00000124 |
| FileTimeToSystemTime | - | 0x0048F2AC | 0x000BC4F4 | 0x000BB8F4 | 0x00000125 |
| SystemTimeToFileTime | - | 0x0048F2B0 | 0x000BC4F8 | 0x000BB8F8 | 0x000004BD |
| LocalFileTimeToFileTime | - | 0x0048F2B4 | 0x000BC4FC | 0x000BB8FC | 0x00000346 |
| GetDriveTypeW | - | 0x0048F2B8 | 0x000BC500 | 0x000BB900 | 0x000001D3 |
| GetDiskFreeSpaceExW | - | 0x0048F2BC | 0x000BC504 | 0x000BB904 | 0x000001CE |
| GetDiskFreeSpaceW | - | 0x0048F2C0 | 0x000BC508 | 0x000BB908 | 0x000001CF |
| GetVolumeInformationW | - | 0x0048F2C4 | 0x000BC50C | 0x000BB90C | 0x000002A7 |
| SetVolumeLabelW | - | 0x0048F2C8 | 0x000BC510 | 0x000BB910 | 0x000004A9 |
| CreateHardLinkW | - | 0x0048F2CC | 0x000BC514 | 0x000BB914 | 0x00000093 |
| SetFileAttributesW | - | 0x0048F2D0 | 0x000BC518 | 0x000BB918 | 0x00000461 |
| CreateEventW | - | 0x0048F2D4 | 0x000BC51C | 0x000BB91C | 0x00000085 |
| SetEvent | - | 0x0048F2D8 | 0x000BC520 | 0x000BB920 | 0x00000459 |
| GetEnvironmentVariableW | - | 0x0048F2DC | 0x000BC524 | 0x000BB924 | 0x000001DC |
| SetEnvironmentVariableW | - | 0x0048F2E0 | 0x000BC528 | 0x000BB928 | 0x00000457 |
| GlobalLock | - | 0x0048F2E4 | 0x000BC52C | 0x000BB92C | 0x000002BE |
| GlobalUnlock | - | 0x0048F2E8 | 0x000BC530 | 0x000BB930 | 0x000002C5 |
| GlobalAlloc | - | 0x0048F2EC | 0x000BC534 | 0x000BB934 | 0x000002B3 |
| GetFileSize | - | 0x0048F2F0 | 0x000BC538 | 0x000BB938 | 0x000001F0 |
| GlobalFree | - | 0x0048F2F4 | 0x000BC53C | 0x000BB93C | 0x000002BA |
| GlobalMemoryStatusEx | - | 0x0048F2F8 | 0x000BC540 | 0x000BB940 | 0x000002C0 |
| Beep | - | 0x0048F2FC | 0x000BC544 | 0x000BB944 | 0x00000036 |
| GetSystemDirectoryW | - | 0x0048F300 | 0x000BC548 | 0x000BB948 | 0x00000270 |
| HeapReAlloc | - | 0x0048F304 | 0x000BC54C | 0x000BB94C | 0x000002D2 |
| HeapSize | - | 0x0048F308 | 0x000BC550 | 0x000BB950 | 0x000002D4 |
| GetComputerNameW | - | 0x0048F30C | 0x000BC554 | 0x000BB954 | 0x0000018F |
| GetWindowsDirectoryW | - | 0x0048F310 | 0x000BC558 | 0x000BB958 | 0x000002AF |
| GetCurrentProcessId | - | 0x0048F314 | 0x000BC55C | 0x000BB95C | 0x000001C1 |
| GetProcessIoCounters | - | 0x0048F318 | 0x000BC560 | 0x000BB960 | 0x0000024E |
| CreateProcessW | - | 0x0048F31C | 0x000BC564 | 0x000BB964 | 0x000000A8 |
| GetProcessId | - | 0x0048F320 | 0x000BC568 | 0x000BB968 | 0x0000024C |
| SetPriorityClass | - | 0x0048F324 | 0x000BC56C | 0x000BB96C | 0x0000047D |
| LoadLibraryW | - | 0x0048F328 | 0x000BC570 | 0x000BB970 | 0x0000033F |
| VirtualAlloc | - | 0x0048F32C | 0x000BC574 | 0x000BB974 | 0x000004E9 |
| IsDebuggerPresent | - | 0x0048F330 | 0x000BC578 | 0x000BB978 | 0x00000300 |
| GetCurrentDirectoryW | - | 0x0048F334 | 0x000BC57C | 0x000BB97C | 0x000001BF |
| lstrcmpiW | - | 0x0048F338 | 0x000BC580 | 0x000BB980 | 0x00000545 |
| DecodePointer | - | 0x0048F33C | 0x000BC584 | 0x000BB984 | 0x000000CA |
| GetLastError | - | 0x0048F340 | 0x000BC588 | 0x000BB988 | 0x00000202 |
| RaiseException | - | 0x0048F344 | 0x000BC58C | 0x000BB98C | 0x000003B1 |
| InitializeCriticalSectionAndSpinCount | - | 0x0048F348 | 0x000BC590 | 0x000BB990 | 0x000002E3 |
| DeleteCriticalSection | - | 0x0048F34C | 0x000BC594 | 0x000BB994 | 0x000000D1 |
| InterlockedDecrement | - | 0x0048F350 | 0x000BC598 | 0x000BB998 | 0x000002EB |
| InterlockedIncrement | - | 0x0048F354 | 0x000BC59C | 0x000BB99C | 0x000002EF |
| GetCurrentThread | - | 0x0048F358 | 0x000BC5A0 | 0x000BB9A0 | 0x000001C4 |
| CloseHandle | - | 0x0048F35C | 0x000BC5A4 | 0x000BB9A4 | 0x00000052 |
| GetFullPathNameW | - | 0x0048F360 | 0x000BC5A8 | 0x000BB9A8 | 0x000001FB |
| EncodePointer | - | 0x0048F364 | 0x000BC5AC | 0x000BB9AC | 0x000000EA |
| ExitProcess | - | 0x0048F368 | 0x000BC5B0 | 0x000BB9B0 | 0x00000119 |
| GetModuleHandleExW | - | 0x0048F36C | 0x000BC5B4 | 0x000BB9B4 | 0x00000217 |
| ExitThread | - | 0x0048F370 | 0x000BC5B8 | 0x000BB9B8 | 0x0000011A |
| GetSystemTimeAsFileTime | - | 0x0048F374 | 0x000BC5BC | 0x000BB9BC | 0x00000279 |
| ResumeThread | - | 0x0048F378 | 0x000BC5C0 | 0x000BB9C0 | 0x00000413 |
| GetCommandLineW | - | 0x0048F37C | 0x000BC5C4 | 0x000BB9C4 | 0x00000187 |
| IsProcessorFeaturePresent | - | 0x0048F380 | 0x000BC5C8 | 0x000BB9C8 | 0x00000304 |
| IsValidCodePage | - | 0x0048F384 | 0x000BC5CC | 0x000BB9CC | 0x0000030A |
| GetACP | - | 0x0048F388 | 0x000BC5D0 | 0x000BB9D0 | 0x00000168 |
| GetOEMCP | - | 0x0048F38C | 0x000BC5D4 | 0x000BB9D4 | 0x00000237 |
| GetCPInfo | - | 0x0048F390 | 0x000BC5D8 | 0x000BB9D8 | 0x00000172 |
| SetLastError | - | 0x0048F394 | 0x000BC5DC | 0x000BB9DC | 0x00000473 |
| UnhandledExceptionFilter | - | 0x0048F398 | 0x000BC5E0 | 0x000BB9E0 | 0x000004D3 |
| SetUnhandledExceptionFilter | - | 0x0048F39C | 0x000BC5E4 | 0x000BB9E4 | 0x000004A5 |
| TlsAlloc | - | 0x0048F3A0 | 0x000BC5E8 | 0x000BB9E8 | 0x000004C5 |
| TlsGetValue | - | 0x0048F3A4 | 0x000BC5EC | 0x000BB9EC | 0x000004C7 |
| TlsSetValue | - | 0x0048F3A8 | 0x000BC5F0 | 0x000BB9F0 | 0x000004C8 |
| TlsFree | - | 0x0048F3AC | 0x000BC5F4 | 0x000BB9F4 | 0x000004C6 |
| GetStartupInfoW | - | 0x0048F3B0 | 0x000BC5F8 | 0x000BB9F8 | 0x00000263 |
| GetStringTypeW | - | 0x0048F3B4 | 0x000BC5FC | 0x000BB9FC | 0x00000269 |
| SetStdHandle | - | 0x0048F3B8 | 0x000BC600 | 0x000BBA00 | 0x00000487 |
| GetFileType | - | 0x0048F3BC | 0x000BC604 | 0x000BBA04 | 0x000001F3 |
| GetConsoleCP | - | 0x0048F3C0 | 0x000BC608 | 0x000BBA08 | 0x0000019A |
| GetConsoleMode | - | 0x0048F3C4 | 0x000BC60C | 0x000BBA0C | 0x000001AC |
| RtlUnwind | - | 0x0048F3C8 | 0x000BC610 | 0x000BBA10 | 0x00000418 |
| ReadConsoleW | - | 0x0048F3CC | 0x000BC614 | 0x000BBA14 | 0x000003BE |
| GetTimeZoneInformation | - | 0x0048F3D0 | 0x000BC618 | 0x000BBA18 | 0x00000298 |
| GetDateFormatW | - | 0x0048F3D4 | 0x000BC61C | 0x000BBA1C | 0x000001C8 |
| GetTimeFormatW | - | 0x0048F3D8 | 0x000BC620 | 0x000BBA20 | 0x00000297 |
| LCMapStringW | - | 0x0048F3DC | 0x000BC624 | 0x000BBA24 | 0x0000032D |
| GetEnvironmentStringsW | - | 0x0048F3E0 | 0x000BC628 | 0x000BBA28 | 0x000001DA |
| FreeEnvironmentStringsW | - | 0x0048F3E4 | 0x000BC62C | 0x000BBA2C | 0x00000161 |
| WriteConsoleW | - | 0x0048F3E8 | 0x000BC630 | 0x000BBA30 | 0x00000524 |
| FindClose | - | 0x0048F3EC | 0x000BC634 | 0x000BBA34 | 0x0000012E |
| SetEnvironmentVariableA | - | 0x0048F3F0 | 0x000BC638 | 0x000BBA38 | 0x00000456 |
USER32.dll (160)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| AdjustWindowRectEx | - | 0x0048F4CC | 0x000BC714 | 0x000BBB14 | 0x00000003 |
| CopyImage | - | 0x0048F4D0 | 0x000BC718 | 0x000BBB18 | 0x00000054 |
| SetWindowPos | - | 0x0048F4D4 | 0x000BC71C | 0x000BBB1C | 0x000002C6 |
| GetCursorInfo | - | 0x0048F4D8 | 0x000BC720 | 0x000BBB20 | 0x0000011F |
| RegisterHotKey | - | 0x0048F4DC | 0x000BC724 | 0x000BBB24 | 0x00000256 |
| ClientToScreen | - | 0x0048F4E0 | 0x000BC728 | 0x000BBB28 | 0x00000047 |
| GetKeyboardLayoutNameW | - | 0x0048F4E4 | 0x000BC72C | 0x000BBB2C | 0x00000141 |
| IsCharAlphaW | - | 0x0048F4E8 | 0x000BC730 | 0x000BBB30 | 0x000001C4 |
| IsCharAlphaNumericW | - | 0x0048F4EC | 0x000BC734 | 0x000BBB34 | 0x000001C3 |
| IsCharLowerW | - | 0x0048F4F0 | 0x000BC738 | 0x000BBB38 | 0x000001C6 |
| IsCharUpperW | - | 0x0048F4F4 | 0x000BC73C | 0x000BBB3C | 0x000001C8 |
| GetMenuStringW | - | 0x0048F4F8 | 0x000BC740 | 0x000BBB40 | 0x00000158 |
| GetSubMenu | - | 0x0048F4FC | 0x000BC744 | 0x000BBB44 | 0x0000017A |
| GetCaretPos | - | 0x0048F500 | 0x000BC748 | 0x000BBB48 | 0x0000010A |
| IsZoomed | - | 0x0048F504 | 0x000BC74C | 0x000BBB4C | 0x000001E2 |
| MonitorFromPoint | - | 0x0048F508 | 0x000BC750 | 0x000BBB50 | 0x00000218 |
| GetMonitorInfoW | - | 0x0048F50C | 0x000BC754 | 0x000BBB54 | 0x0000015F |
| SetWindowLongW | - | 0x0048F510 | 0x000BC758 | 0x000BBB58 | 0x000002C4 |
| SetLayeredWindowAttributes | - | 0x0048F514 | 0x000BC75C | 0x000BBB5C | 0x00000298 |
| FlashWindow | - | 0x0048F518 | 0x000BC760 | 0x000BBB60 | 0x000000FB |
| GetClassLongW | - | 0x0048F51C | 0x000BC764 | 0x000BBB64 | 0x00000110 |
| TranslateAcceleratorW | - | 0x0048F520 | 0x000BC768 | 0x000BBB68 | 0x000002FA |
| IsDialogMessageW | - | 0x0048F524 | 0x000BC76C | 0x000BBB6C | 0x000001CD |
| GetSysColor | - | 0x0048F528 | 0x000BC770 | 0x000BBB70 | 0x0000017B |
| InflateRect | - | 0x0048F52C | 0x000BC774 | 0x000BBB74 | 0x000001B5 |
| DrawFocusRect | - | 0x0048F530 | 0x000BC778 | 0x000BBB78 | 0x000000C4 |
| DrawTextW | - | 0x0048F534 | 0x000BC77C | 0x000BBB7C | 0x000000D0 |
| FrameRect | - | 0x0048F538 | 0x000BC780 | 0x000BBB80 | 0x000000FD |
| DrawFrameControl | - | 0x0048F53C | 0x000BC784 | 0x000BBB84 | 0x000000C6 |
| FillRect | - | 0x0048F540 | 0x000BC788 | 0x000BBB88 | 0x000000F6 |
| PtInRect | - | 0x0048F544 | 0x000BC78C | 0x000BBB8C | 0x00000240 |
| DestroyAcceleratorTable | - | 0x0048F548 | 0x000BC790 | 0x000BBB90 | 0x000000A0 |
| CreateAcceleratorTableW | - | 0x0048F54C | 0x000BC794 | 0x000BBB94 | 0x00000058 |
| SetCursor | - | 0x0048F550 | 0x000BC798 | 0x000BBB98 | 0x00000288 |
| GetWindowDC | - | 0x0048F554 | 0x000BC79C | 0x000BBB9C | 0x00000192 |
| GetSystemMetrics | - | 0x0048F558 | 0x000BC7A0 | 0x000BBBA0 | 0x0000017E |
| GetActiveWindow | - | 0x0048F55C | 0x000BC7A4 | 0x000BBBA4 | 0x00000100 |
| CharNextW | - | 0x0048F560 | 0x000BC7A8 | 0x000BBBA8 | 0x00000031 |
| wsprintfW | - | 0x0048F564 | 0x000BC7AC | 0x000BBBAC | 0x00000333 |
| RedrawWindow | - | 0x0048F568 | 0x000BC7B0 | 0x000BBBB0 | 0x0000024A |
| DrawMenuBar | - | 0x0048F56C | 0x000BC7B4 | 0x000BBBB4 | 0x000000C9 |
| DestroyMenu | - | 0x0048F570 | 0x000BC7B8 | 0x000BBBB8 | 0x000000A4 |
| SetMenu | - | 0x0048F574 | 0x000BC7BC | 0x000BBBBC | 0x0000029C |
| GetWindowTextLengthW | - | 0x0048F578 | 0x000BC7C0 | 0x000BBBC0 | 0x000001A2 |
| CreateMenu | - | 0x0048F57C | 0x000BC7C4 | 0x000BBBC4 | 0x0000006A |
| IsDlgButtonChecked | - | 0x0048F580 | 0x000BC7C8 | 0x000BBBC8 | 0x000001CE |
| DefDlgProcW | - | 0x0048F584 | 0x000BC7CC | 0x000BBBCC | 0x00000095 |
| CallWindowProcW | - | 0x0048F588 | 0x000BC7D0 | 0x000BBBD0 | 0x0000001E |
| ReleaseCapture | - | 0x0048F58C | 0x000BC7D4 | 0x000BBBD4 | 0x00000264 |
| SetCapture | - | 0x0048F590 | 0x000BC7D8 | 0x000BBBD8 | 0x00000280 |
| CreateIconFromResourceEx | - | 0x0048F594 | 0x000BC7DC | 0x000BBBDC | 0x00000066 |
| mouse_event | - | 0x0048F598 | 0x000BC7E0 | 0x000BBBE0 | 0x00000331 |
| ExitWindowsEx | - | 0x0048F59C | 0x000BC7E4 | 0x000BBBE4 | 0x000000F5 |
| SetActiveWindow | - | 0x0048F5A0 | 0x000BC7E8 | 0x000BBBE8 | 0x0000027F |
| FindWindowExW | - | 0x0048F5A4 | 0x000BC7EC | 0x000BBBEC | 0x000000F9 |
| EnumThreadWindows | - | 0x0048F5A8 | 0x000BC7F0 | 0x000BBBF0 | 0x000000EF |
| SetMenuDefaultItem | - | 0x0048F5AC | 0x000BC7F4 | 0x000BBBF4 | 0x0000029E |
| InsertMenuItemW | - | 0x0048F5B0 | 0x000BC7F8 | 0x000BBBF8 | 0x000001B9 |
| IsMenu | - | 0x0048F5B4 | 0x000BC7FC | 0x000BBBFC | 0x000001D2 |
| TrackPopupMenuEx | - | 0x0048F5B8 | 0x000BC800 | 0x000BBC00 | 0x000002F7 |
| GetCursorPos | - | 0x0048F5BC | 0x000BC804 | 0x000BBC04 | 0x00000120 |
| DeleteMenu | - | 0x0048F5C0 | 0x000BC808 | 0x000BBC08 | 0x0000009E |
| SetRect | - | 0x0048F5C4 | 0x000BC80C | 0x000BBC0C | 0x000002AE |
| GetMenuItemID | - | 0x0048F5C8 | 0x000BC810 | 0x000BBC10 | 0x00000152 |
| GetMenuItemCount | - | 0x0048F5CC | 0x000BC814 | 0x000BBC14 | 0x00000151 |
| SetMenuItemInfoW | - | 0x0048F5D0 | 0x000BC818 | 0x000BBC18 | 0x000002A2 |
| GetMenuItemInfoW | - | 0x0048F5D4 | 0x000BC81C | 0x000BBC1C | 0x00000154 |
| SetForegroundWindow | - | 0x0048F5D8 | 0x000BC820 | 0x000BBC20 | 0x00000293 |
| IsIconic | - | 0x0048F5DC | 0x000BC824 | 0x000BBC24 | 0x000001D1 |
| FindWindowW | - | 0x0048F5E0 | 0x000BC828 | 0x000BBC28 | 0x000000FA |
| MonitorFromRect | - | 0x0048F5E4 | 0x000BC82C | 0x000BBC2C | 0x00000219 |
| keybd_event | - | 0x0048F5E8 | 0x000BC830 | 0x000BBC30 | 0x00000330 |
| SendInput | - | 0x0048F5EC | 0x000BC834 | 0x000BBC34 | 0x00000276 |
| GetAsyncKeyState | - | 0x0048F5F0 | 0x000BC838 | 0x000BBC38 | 0x00000107 |
| SetKeyboardState | - | 0x0048F5F4 | 0x000BC83C | 0x000BBC3C | 0x00000296 |
| GetKeyboardState | - | 0x0048F5F8 | 0x000BC840 | 0x000BBC40 | 0x00000142 |
| GetKeyState | - | 0x0048F5FC | 0x000BC844 | 0x000BBC44 | 0x0000013D |
| VkKeyScanW | - | 0x0048F600 | 0x000BC848 | 0x000BBC48 | 0x00000321 |
| LoadStringW | - | 0x0048F604 | 0x000BC84C | 0x000BBC4C | 0x000001FA |
| DialogBoxParamW | - | 0x0048F608 | 0x000BC850 | 0x000BBC50 | 0x000000AC |
| MessageBeep | - | 0x0048F60C | 0x000BC854 | 0x000BBC54 | 0x0000020D |
| EndDialog | - | 0x0048F610 | 0x000BC858 | 0x000BBC58 | 0x000000DA |
| SendDlgItemMessageW | - | 0x0048F614 | 0x000BC85C | 0x000BBC5C | 0x00000273 |
| GetDlgItem | - | 0x0048F618 | 0x000BC860 | 0x000BBC60 | 0x00000127 |
| SetWindowTextW | - | 0x0048F61C | 0x000BC864 | 0x000BBC64 | 0x000002CB |
| CopyRect | - | 0x0048F620 | 0x000BC868 | 0x000BBC68 | 0x00000055 |
| ReleaseDC | - | 0x0048F624 | 0x000BC86C | 0x000BBC6C | 0x00000265 |
| GetDC | - | 0x0048F628 | 0x000BC870 | 0x000BBC70 | 0x00000121 |
| EndPaint | - | 0x0048F62C | 0x000BC874 | 0x000BBC74 | 0x000000DC |
| BeginPaint | - | 0x0048F630 | 0x000BC878 | 0x000BBC78 | 0x0000000E |
| GetClientRect | - | 0x0048F634 | 0x000BC87C | 0x000BBC7C | 0x00000114 |
| GetMenu | - | 0x0048F638 | 0x000BC880 | 0x000BBC80 | 0x0000014B |
| DestroyWindow | - | 0x0048F63C | 0x000BC884 | 0x000BBC84 | 0x000000A6 |
| EnumWindows | - | 0x0048F640 | 0x000BC888 | 0x000BBC88 | 0x000000F2 |
| GetDesktopWindow | - | 0x0048F644 | 0x000BC88C | 0x000BBC8C | 0x00000123 |
| IsWindow | - | 0x0048F648 | 0x000BC890 | 0x000BBC90 | 0x000001DB |
| IsWindowEnabled | - | 0x0048F64C | 0x000BC894 | 0x000BBC94 | 0x000001DC |
| IsWindowVisible | - | 0x0048F650 | 0x000BC898 | 0x000BBC98 | 0x000001E0 |
| EnableWindow | - | 0x0048F654 | 0x000BC89C | 0x000BBC9C | 0x000000D8 |
| InvalidateRect | - | 0x0048F658 | 0x000BC8A0 | 0x000BBCA0 | 0x000001BE |
| GetWindowLongW | - | 0x0048F65C | 0x000BC8A4 | 0x000BBCA4 | 0x00000196 |
| GetWindowThreadProcessId | - | 0x0048F660 | 0x000BC8A8 | 0x000BBCA8 | 0x000001A4 |
| AttachThreadInput | - | 0x0048F664 | 0x000BC8AC | 0x000BBCAC | 0x0000000C |
| GetFocus | - | 0x0048F668 | 0x000BC8B0 | 0x000BBCB0 | 0x0000012C |
| GetWindowTextW | - | 0x0048F66C | 0x000BC8B4 | 0x000BBCB4 | 0x000001A3 |
| ScreenToClient | - | 0x0048F670 | 0x000BC8B8 | 0x000BBCB8 | 0x0000026D |
| SendMessageTimeoutW | - | 0x0048F674 | 0x000BC8BC | 0x000BBCBC | 0x0000027B |
| EnumChildWindows | - | 0x0048F678 | 0x000BC8C0 | 0x000BBCC0 | 0x000000DF |
| CharUpperBuffW | - | 0x0048F67C | 0x000BC8C4 | 0x000BBCC4 | 0x0000003B |
| GetParent | - | 0x0048F680 | 0x000BC8C8 | 0x000BBCC8 | 0x00000164 |
| GetDlgCtrlID | - | 0x0048F684 | 0x000BC8CC | 0x000BBCCC | 0x00000126 |
| SendMessageW | - | 0x0048F688 | 0x000BC8D0 | 0x000BBCD0 | 0x0000027C |
| MapVirtualKeyW | - | 0x0048F68C | 0x000BC8D4 | 0x000BBCD4 | 0x00000208 |
| PostMessageW | - | 0x0048F690 | 0x000BC8D8 | 0x000BBCD8 | 0x00000236 |
| GetWindowRect | - | 0x0048F694 | 0x000BC8DC | 0x000BBCDC | 0x0000019C |
| SetUserObjectSecurity | - | 0x0048F698 | 0x000BC8E0 | 0x000BBCE0 | 0x000002BE |
| CloseDesktop | - | 0x0048F69C | 0x000BC8E4 | 0x000BBCE4 | 0x0000004A |
| CloseWindowStation | - | 0x0048F6A0 | 0x000BC8E8 | 0x000BBCE8 | 0x0000004E |
| OpenDesktopW | - | 0x0048F6A4 | 0x000BC8EC | 0x000BBCEC | 0x00000228 |
| SetProcessWindowStation | - | 0x0048F6A8 | 0x000BC8F0 | 0x000BBCF0 | 0x000002AA |
| GetProcessWindowStation | - | 0x0048F6AC | 0x000BC8F4 | 0x000BBCF4 | 0x00000168 |
| OpenWindowStationW | - | 0x0048F6B0 | 0x000BC8F8 | 0x000BBCF8 | 0x0000022D |
| GetUserObjectSecurity | - | 0x0048F6B4 | 0x000BC8FC | 0x000BBCFC | 0x0000018C |
| MessageBoxW | - | 0x0048F6B8 | 0x000BC900 | 0x000BBD00 | 0x00000215 |
| DefWindowProcW | - | 0x0048F6BC | 0x000BC904 | 0x000BBD04 | 0x0000009C |
| SetClipboardData | - | 0x0048F6C0 | 0x000BC908 | 0x000BBD08 | 0x00000286 |
| EmptyClipboard | - | 0x0048F6C4 | 0x000BC90C | 0x000BBD0C | 0x000000D5 |
| CountClipboardFormats | - | 0x0048F6C8 | 0x000BC910 | 0x000BBD10 | 0x00000056 |
| CloseClipboard | - | 0x0048F6CC | 0x000BC914 | 0x000BBD14 | 0x00000049 |
| GetClipboardData | - | 0x0048F6D0 | 0x000BC918 | 0x000BBD18 | 0x00000116 |
| IsClipboardFormatAvailable | - | 0x0048F6D4 | 0x000BC91C | 0x000BBD1C | 0x000001CA |
| OpenClipboard | - | 0x0048F6D8 | 0x000BC920 | 0x000BBD20 | 0x00000226 |
| BlockInput | - | 0x0048F6DC | 0x000BC924 | 0x000BBD24 | 0x0000000F |
| GetMessageW | - | 0x0048F6E0 | 0x000BC928 | 0x000BBD28 | 0x0000015D |
| LockWindowUpdate | - | 0x0048F6E4 | 0x000BC92C | 0x000BBD2C | 0x000001FD |
| DispatchMessageW | - | 0x0048F6E8 | 0x000BC930 | 0x000BBD30 | 0x000000AF |
| TranslateMessage | - | 0x0048F6EC | 0x000BC934 | 0x000BBD34 | 0x000002FC |
| PeekMessageW | - | 0x0048F6F0 | 0x000BC938 | 0x000BBD38 | 0x00000233 |
| UnregisterHotKey | - | 0x0048F6F4 | 0x000BC93C | 0x000BBD3C | 0x00000308 |
| CheckMenuRadioItem | - | 0x0048F6F8 | 0x000BC940 | 0x000BBD40 | 0x00000040 |
| CharLowerBuffW | - | 0x0048F6FC | 0x000BC944 | 0x000BBD44 | 0x0000002D |
| MoveWindow | - | 0x0048F700 | 0x000BC948 | 0x000BBD48 | 0x0000021B |
| SetFocus | - | 0x0048F704 | 0x000BC94C | 0x000BBD4C | 0x00000292 |
| PostQuitMessage | - | 0x0048F708 | 0x000BC950 | 0x000BBD50 | 0x00000237 |
| KillTimer | - | 0x0048F70C | 0x000BC954 | 0x000BBD54 | 0x000001E3 |
| CreatePopupMenu | - | 0x0048F710 | 0x000BC958 | 0x000BBD58 | 0x0000006B |
| RegisterWindowMessageW | - | 0x0048F714 | 0x000BC95C | 0x000BBD5C | 0x00000263 |
| SetTimer | - | 0x0048F718 | 0x000BC960 | 0x000BBD60 | 0x000002BB |
| ShowWindow | - | 0x0048F71C | 0x000BC964 | 0x000BBD64 | 0x000002DF |
| CreateWindowExW | - | 0x0048F720 | 0x000BC968 | 0x000BBD68 | 0x0000006E |
| RegisterClassExW | - | 0x0048F724 | 0x000BC96C | 0x000BBD6C | 0x0000024D |
| LoadIconW | - | 0x0048F728 | 0x000BC970 | 0x000BBD70 | 0x000001ED |
| LoadCursorW | - | 0x0048F72C | 0x000BC974 | 0x000BBD74 | 0x000001EB |
| GetSysColorBrush | - | 0x0048F730 | 0x000BC978 | 0x000BBD78 | 0x0000017C |
| GetForegroundWindow | - | 0x0048F734 | 0x000BC97C | 0x000BBD7C | 0x0000012D |
| MessageBoxA | - | 0x0048F738 | 0x000BC980 | 0x000BBD80 | 0x0000020E |
| DestroyIcon | - | 0x0048F73C | 0x000BC984 | 0x000BBD84 | 0x000000A3 |
| SystemParametersInfoW | - | 0x0048F740 | 0x000BC988 | 0x000BBD88 | 0x000002EC |
| LoadImageW | - | 0x0048F744 | 0x000BC98C | 0x000BBD8C | 0x000001EF |
| GetClassNameW | - | 0x0048F748 | 0x000BC990 | 0x000BBD90 | 0x00000112 |
GDI32.dll (35)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| StrokePath | - | 0x0048F0C4 | 0x000BC30C | 0x000BB70C | 0x000002B6 |
| DeleteObject | - | 0x0048F0C8 | 0x000BC310 | 0x000BB710 | 0x000000E6 |
| GetTextExtentPoint32W | - | 0x0048F0CC | 0x000BC314 | 0x000BB714 | 0x0000021E |
| ExtCreatePen | - | 0x0048F0D0 | 0x000BC318 | 0x000BB718 | 0x00000132 |
| GetDeviceCaps | - | 0x0048F0D4 | 0x000BC31C | 0x000BB71C | 0x000001CB |
| EndPath | - | 0x0048F0D8 | 0x000BC320 | 0x000BB720 | 0x000000F3 |
| SetPixel | - | 0x0048F0DC | 0x000BC324 | 0x000BB724 | 0x0000029B |
| CloseFigure | - | 0x0048F0E0 | 0x000BC328 | 0x000BB728 | 0x0000001E |
| CreateCompatibleBitmap | - | 0x0048F0E4 | 0x000BC32C | 0x000BB72C | 0x0000002F |
| CreateCompatibleDC | - | 0x0048F0E8 | 0x000BC330 | 0x000BB730 | 0x00000030 |
| SelectObject | - | 0x0048F0EC | 0x000BC334 | 0x000BB734 | 0x00000277 |
| StretchBlt | - | 0x0048F0F0 | 0x000BC338 | 0x000BB738 | 0x000002B3 |
| GetDIBits | - | 0x0048F0F4 | 0x000BC33C | 0x000BB73C | 0x000001CA |
| LineTo | - | 0x0048F0F8 | 0x000BC340 | 0x000BB740 | 0x00000236 |
| AngleArc | - | 0x0048F0FC | 0x000BC344 | 0x000BB744 | 0x00000008 |
| MoveToEx | - | 0x0048F100 | 0x000BC348 | 0x000BB748 | 0x0000023A |
| Ellipse | - | 0x0048F104 | 0x000BC34C | 0x000BB74C | 0x000000ED |
| DeleteDC | - | 0x0048F108 | 0x000BC350 | 0x000BB750 | 0x000000E3 |
| GetPixel | - | 0x0048F10C | 0x000BC354 | 0x000BB754 | 0x00000204 |
| CreateDCW | - | 0x0048F110 | 0x000BC358 | 0x000BB758 | 0x00000032 |
| GetStockObject | - | 0x0048F114 | 0x000BC35C | 0x000BB75C | 0x0000020D |
| GetTextFaceW | - | 0x0048F118 | 0x000BC360 | 0x000BB760 | 0x00000224 |
| CreateFontW | - | 0x0048F11C | 0x000BC364 | 0x000BB764 | 0x00000041 |
| SetTextColor | - | 0x0048F120 | 0x000BC368 | 0x000BB768 | 0x000002A6 |
| PolyDraw | - | 0x0048F124 | 0x000BC36C | 0x000BB76C | 0x00000250 |
| BeginPath | - | 0x0048F128 | 0x000BC370 | 0x000BB770 | 0x00000012 |
| Rectangle | - | 0x0048F12C | 0x000BC374 | 0x000BB774 | 0x0000025F |
| SetViewportOrgEx | - | 0x0048F130 | 0x000BC378 | 0x000BB778 | 0x000002A9 |
| GetObjectW | - | 0x0048F134 | 0x000BC37C | 0x000BB77C | 0x000001FD |
| SetBkMode | - | 0x0048F138 | 0x000BC380 | 0x000BB780 | 0x0000027F |
| RoundRect | - | 0x0048F13C | 0x000BC384 | 0x000BB784 | 0x0000026A |
| SetBkColor | - | 0x0048F140 | 0x000BC388 | 0x000BB788 | 0x0000027E |
| CreatePen | - | 0x0048F144 | 0x000BC38C | 0x000BB78C | 0x0000004B |
| CreateSolidBrush | - | 0x0048F148 | 0x000BC390 | 0x000BB790 | 0x00000054 |
| StrokeAndFillPath | - | 0x0048F14C | 0x000BC394 | 0x000BB794 | 0x000002B5 |
COMDLG32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetOpenFileNameW | - | 0x0048F0B8 | 0x000BC300 | 0x000BB700 | 0x0000000C |
| GetSaveFileNameW | - | 0x0048F0BC | 0x000BC304 | 0x000BB704 | 0x0000000E |
ADVAPI32.dll (33)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetAce | - | 0x0048F000 | 0x000BC248 | 0x000BB648 | 0x00000123 |
| RegEnumValueW | - | 0x0048F004 | 0x000BC24C | 0x000BB64C | 0x00000252 |
| RegDeleteValueW | - | 0x0048F008 | 0x000BC250 | 0x000BB650 | 0x00000248 |
| RegDeleteKeyW | - | 0x0048F00C | 0x000BC254 | 0x000BB654 | 0x00000244 |
| RegEnumKeyExW | - | 0x0048F010 | 0x000BC258 | 0x000BB658 | 0x0000024F |
| RegSetValueExW | - | 0x0048F014 | 0x000BC25C | 0x000BB65C | 0x0000027E |
| RegOpenKeyExW | - | 0x0048F018 | 0x000BC260 | 0x000BB660 | 0x00000261 |
| RegCloseKey | - | 0x0048F01C | 0x000BC264 | 0x000BB664 | 0x00000230 |
| RegQueryValueExW | - | 0x0048F020 | 0x000BC268 | 0x000BB668 | 0x0000026E |
| RegConnectRegistryW | - | 0x0048F024 | 0x000BC26C | 0x000BB66C | 0x00000234 |
| InitializeSecurityDescriptor | - | 0x0048F028 | 0x000BC270 | 0x000BB670 | 0x00000177 |
| InitializeAcl | - | 0x0048F02C | 0x000BC274 | 0x000BB674 | 0x00000176 |
| AdjustTokenPrivileges | - | 0x0048F030 | 0x000BC278 | 0x000BB678 | 0x0000001F |
| OpenThreadToken | - | 0x0048F034 | 0x000BC27C | 0x000BB67C | 0x000001FC |
| OpenProcessToken | - | 0x0048F038 | 0x000BC280 | 0x000BB680 | 0x000001F7 |
| LookupPrivilegeValueW | - | 0x0048F03C | 0x000BC284 | 0x000BB684 | 0x00000197 |
| DuplicateTokenEx | - | 0x0048F040 | 0x000BC288 | 0x000BB688 | 0x000000DF |
| CreateProcessAsUserW | - | 0x0048F044 | 0x000BC28C | 0x000BB68C | 0x0000007C |
| CreateProcessWithLogonW | - | 0x0048F048 | 0x000BC290 | 0x000BB690 | 0x0000007D |
| GetLengthSid | - | 0x0048F04C | 0x000BC294 | 0x000BB694 | 0x00000136 |
| CopySid | - | 0x0048F050 | 0x000BC298 | 0x000BB698 | 0x00000076 |
| LogonUserW | - | 0x0048F054 | 0x000BC29C | 0x000BB69C | 0x0000018D |
| AllocateAndInitializeSid | - | 0x0048F058 | 0x000BC2A0 | 0x000BB6A0 | 0x00000020 |
| CheckTokenMembership | - | 0x0048F05C | 0x000BC2A4 | 0x000BB6A4 | 0x00000051 |
| RegCreateKeyExW | - | 0x0048F060 | 0x000BC2A8 | 0x000BB6A8 | 0x00000239 |
| FreeSid | - | 0x0048F064 | 0x000BC2AC | 0x000BB6AC | 0x00000120 |
| GetTokenInformation | - | 0x0048F068 | 0x000BC2B0 | 0x000BB6B0 | 0x0000015A |
| GetSecurityDescriptorDacl | - | 0x0048F06C | 0x000BC2B4 | 0x000BB6B4 | 0x00000148 |
| GetAclInformation | - | 0x0048F070 | 0x000BC2B8 | 0x000BB6B8 | 0x00000124 |
| AddAce | - | 0x0048F074 | 0x000BC2BC | 0x000BB6BC | 0x00000016 |
| SetSecurityDescriptorDacl | - | 0x0048F078 | 0x000BC2C0 | 0x000BB6C0 | 0x000002B6 |
| GetUserNameW | - | 0x0048F07C | 0x000BC2C4 | 0x000BB6C4 | 0x00000165 |
| InitiateSystemShutdownExW | - | 0x0048F080 | 0x000BC2C8 | 0x000BB6C8 | 0x0000017D |
SHELL32.dll (15)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DragQueryPoint | - | 0x0048F48C | 0x000BC6D4 | 0x000BBAD4 | 0x00000020 |
| ShellExecuteExW | - | 0x0048F490 | 0x000BC6D8 | 0x000BBAD8 | 0x00000121 |
| DragQueryFileW | - | 0x0048F494 | 0x000BC6DC | 0x000BBADC | 0x0000001F |
| SHEmptyRecycleBinW | - | 0x0048F498 | 0x000BC6E0 | 0x000BBAE0 | 0x000000A5 |
| SHGetPathFromIDListW | - | 0x0048F49C | 0x000BC6E4 | 0x000BBAE4 | 0x000000D7 |
| SHBrowseForFolderW | - | 0x0048F4A0 | 0x000BC6E8 | 0x000BBAE8 | 0x0000007B |
| SHCreateShellItem | - | 0x0048F4A4 | 0x000BC6EC | 0x000BBAEC | 0x0000009A |
| SHGetDesktopFolder | - | 0x0048F4A8 | 0x000BC6F0 | 0x000BBAF0 | 0x000000B6 |
| SHGetSpecialFolderLocation | - | 0x0048F4AC | 0x000BC6F4 | 0x000BBAF4 | 0x000000DF |
| SHGetFolderPathW | - | 0x0048F4B0 | 0x000BC6F8 | 0x000BBAF8 | 0x000000C3 |
| SHFileOperationW | - | 0x0048F4B4 | 0x000BC6FC | 0x000BBAFC | 0x000000AC |
| ExtractIconExW | - | 0x0048F4B8 | 0x000BC700 | 0x000BBB00 | 0x0000002A |
| Shell_NotifyIconW | - | 0x0048F4BC | 0x000BC704 | 0x000BBB04 | 0x0000012E |
| ShellExecuteW | - | 0x0048F4C0 | 0x000BC708 | 0x000BBB08 | 0x00000122 |
| DragFinish | - | 0x0048F4C4 | 0x000BC70C | 0x000BBB0C | 0x0000001B |
ole32.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoTaskMemAlloc | - | 0x0048F828 | 0x000BCA70 | 0x000BBE70 | 0x00000067 |
| CoTaskMemFree | - | 0x0048F82C | 0x000BCA74 | 0x000BBE74 | 0x00000068 |
| CLSIDFromString | - | 0x0048F830 | 0x000BCA78 | 0x000BBE78 | 0x00000008 |
| ProgIDFromCLSID | - | 0x0048F834 | 0x000BCA7C | 0x000BBE7C | 0x0000014B |
| CLSIDFromProgID | - | 0x0048F838 | 0x000BCA80 | 0x000BBE80 | 0x00000006 |
| OleSetMenuDescriptor | - | 0x0048F83C | 0x000BCA84 | 0x000BBE84 | 0x00000147 |
| MkParseDisplayName | - | 0x0048F840 | 0x000BCA88 | 0x000BBE88 | 0x000000D4 |
| OleSetContainedObject | - | 0x0048F844 | 0x000BCA8C | 0x000BBE8C | 0x00000146 |
| CoCreateInstance | - | 0x0048F848 | 0x000BCA90 | 0x000BBE90 | 0x00000010 |
| IIDFromString | - | 0x0048F84C | 0x000BCA94 | 0x000BBE94 | 0x000000CD |
| StringFromGUID2 | - | 0x0048F850 | 0x000BCA98 | 0x000BBE98 | 0x00000179 |
| CreateStreamOnHGlobal | - | 0x0048F854 | 0x000BCA9C | 0x000BBE9C | 0x00000086 |
| OleInitialize | - | 0x0048F858 | 0x000BCAA0 | 0x000BBEA0 | 0x00000132 |
| OleUninitialize | - | 0x0048F85C | 0x000BCAA4 | 0x000BBEA4 | 0x00000149 |
| CoInitialize | - | 0x0048F860 | 0x000BCAA8 | 0x000BBEA8 | 0x0000003E |
| CoUninitialize | - | 0x0048F864 | 0x000BCAAC | 0x000BBEAC | 0x0000006C |
| GetRunningObjectTable | - | 0x0048F868 | 0x000BCAB0 | 0x000BBEB0 | 0x00000097 |
| CoGetInstanceFromFile | - | 0x0048F86C | 0x000BCAB4 | 0x000BBEB4 | 0x0000002D |
| CoGetObject | - | 0x0048F870 | 0x000BCAB8 | 0x000BBEB8 | 0x00000035 |
| CoSetProxyBlanket | - | 0x0048F874 | 0x000BCABC | 0x000BBEBC | 0x00000063 |
| CoCreateInstanceEx | - | 0x0048F878 | 0x000BCAC0 | 0x000BBEC0 | 0x00000011 |
| CoInitializeSecurity | - | 0x0048F87C | 0x000BCAC4 | 0x000BBEC4 | 0x00000040 |
OLEAUT32.dll (29)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadTypeLibEx | 0x000000B7 | 0x0048F40C | 0x000BC654 | 0x000BBA54 | - |
| VariantCopyInd | 0x0000000B | 0x0048F410 | 0x000BC658 | 0x000BBA58 | - |
| SysReAllocString | 0x00000003 | 0x0048F414 | 0x000BC65C | 0x000BBA5C | - |
| SysFreeString | 0x00000006 | 0x0048F418 | 0x000BC660 | 0x000BBA60 | - |
| SafeArrayDestroyDescriptor | 0x00000026 | 0x0048F41C | 0x000BC664 | 0x000BBA64 | - |
| SafeArrayDestroyData | 0x00000027 | 0x0048F420 | 0x000BC668 | 0x000BBA68 | - |
| SafeArrayUnaccessData | 0x00000018 | 0x0048F424 | 0x000BC66C | 0x000BBA6C | - |
| SafeArrayAccessData | 0x00000017 | 0x0048F428 | 0x000BC670 | 0x000BBA70 | - |
| SafeArrayAllocData | 0x00000025 | 0x0048F42C | 0x000BC674 | 0x000BBA74 | - |
| SafeArrayAllocDescriptorEx | 0x00000029 | 0x0048F430 | 0x000BC678 | 0x000BBA78 | - |
| SafeArrayCreateVector | 0x0000019B | 0x0048F434 | 0x000BC67C | 0x000BBA7C | - |
| RegisterTypeLib | 0x000000A3 | 0x0048F438 | 0x000BC680 | 0x000BBA80 | - |
| CreateStdDispatch | 0x00000020 | 0x0048F43C | 0x000BC684 | 0x000BBA84 | - |
| DispCallFunc | 0x00000092 | 0x0048F440 | 0x000BC688 | 0x000BBA88 | - |
| VariantChangeType | 0x0000000C | 0x0048F444 | 0x000BC68C | 0x000BBA8C | - |
| SysStringLen | 0x00000007 | 0x0048F448 | 0x000BC690 | 0x000BBA90 | - |
| VariantTimeToSystemTime | 0x000000B9 | 0x0048F44C | 0x000BC694 | 0x000BBA94 | - |
| VarR8FromDec | 0x000000DC | 0x0048F450 | 0x000BC698 | 0x000BBA98 | - |
| SafeArrayGetVartype | 0x0000004D | 0x0048F454 | 0x000BC69C | 0x000BBA9C | - |
| VariantCopy | 0x0000000A | 0x0048F458 | 0x000BC6A0 | 0x000BBAA0 | - |
| VariantClear | 0x00000009 | 0x0048F45C | 0x000BC6A4 | 0x000BBAA4 | - |
| OleLoadPicture | 0x000001A2 | 0x0048F460 | 0x000BC6A8 | 0x000BBAA8 | - |
| QueryPathOfRegTypeLib | 0x000000A4 | 0x0048F464 | 0x000BC6AC | 0x000BBAAC | - |
| RegisterTypeLibForUser | 0x000001BA | 0x0048F468 | 0x000BC6B0 | 0x000BBAB0 | - |
| UnRegisterTypeLibForUser | 0x000001BB | 0x0048F46C | 0x000BC6B4 | 0x000BBAB4 | - |
| UnRegisterTypeLib | 0x000000BA | 0x0048F470 | 0x000BC6B8 | 0x000BBAB8 | - |
| CreateDispTypeInfo | 0x0000001F | 0x0048F474 | 0x000BC6BC | 0x000BBABC | - |
| SysAllocString | 0x00000002 | 0x0048F478 | 0x000BC6C0 | 0x000BBAC0 | - |
| VariantInit | 0x00000008 | 0x0048F47C | 0x000BC6C4 | 0x000BBAC4 | - |
Memory Dumps (4)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| notorious28194.exe | 4 | 0x01130000 | 0x01238FFF | Relevant Image |
|
32-bit | 0x01157E93 |
|
...
|
| buffer | 4 | 0x00250000 | 0x00253FFF | First Execution |
|
32-bit | 0x002523B0 |
|
...
|
| buffer | 4 | 0x002A0000 | 0x002B7FFF | Dump Rule: RedLineConfig |
|
32-bit | - |
|
...
|
| notorious28194.exe | 4 | 0x01130000 | 0x01238FFF | Process Termination |
|
32-bit | - |
|
...
|
| C:\Users\kEecfMwgj\AppData\Local\Temp\tmp441F.tmp | Dropped File | ZIP |
Clean
|
...
|
»
| MIME Type | application/zip |
| File Size | 97.74 KB |
| MD5 |
668022f8b459f259f14ad98e211e06e5
|
| SHA1 |
feca4b3596d7fa675d84690ebb46848a48059b72
|
| SHA256 |
100a35dd88de337c6a82030fc2c3494540d2990f6d461b0990c5c23efd484c50
|
| SSDeep |
1536:K0sxRM4ICF6pJXCL7UsBHzxbM680Z7DmzWvs5ybTR/CW/POQn/H4fjhKSd/iMBzU:K0sbRfFUXHoJ980Z74ynRj/F4Mi/iM9U
|
| ImpHash | - |
| C:\Users\kEecfMwgj\AppData\Local\Temp\tmp43E0.tmp | Dropped File | ZIP |
Clean
|
...
|
»
| MIME Type | application/zip |
| File Size | 96.30 KB |
| MD5 |
b08618c5fedaf0461a749d44f0d5a23a
|
| SHA1 |
24f5c5c22d8588022417b3260749ffba117ceb65
|
| SHA256 |
a937eeed78d09159361d29b52c9bd8119a5e7ca964e93a99f26f33380eef0b89
|
| SSDeep |
1536:CUJqBore4KVKRsi9mHlTWCyYgZ57iSDFgN6jNQ0a5Dc1TEliZNSQzKJlYoU7UOtv:/QorTIi6WCyYgZRvupQT+iZAQuX56Uwr
|
| ImpHash | - |
| C:\Users\KEECFM~1\AppData\Local\Temp\piceworth | Dropped File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 95.50 KB |
| MD5 |
94851ab2a1c6a4295627067290c6b6ac
|
| SHA1 |
580ac2b5c5d6d91c3546b4b0f841ed63a87968e9
|
| SHA256 |
8b5025a74f95d7e29cb0296402adb1306dcd636a406d130d61e10714ae5e5b9a
|
| SSDeep |
1536:okJOfxguQh83KDekuuvc+mZT0Jwm9m4uEbPdOViUb4D9ybAmWhvCm0nUh95WNQCB:d85XQIKik7kTmMKVjUb4D9w0qmWUXG
|
| ImpHash | - |
| C:\Users\KEECFM~1\AppData\Local\Temp\autDD0F.tmp | Dropped File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 76.48 KB |
| MD5 |
6c7258c7ad0ccd677fcbd2df81a5efc9
|
| SHA1 |
0eb360ed69c0804daf4b88b2ee7bf96ef5231eb1
|
| SHA256 |
ac86308ec985dfd91974879fbd75c8441fd0572df917af92d541c1f2228f41b6
|
| SSDeep |
1536:1Flb97aXox9ukXBIS2ReJE3ZSzsnERPvx0sp5KEQC7oiz3gePb0XorYXpgX:JdaXQuABIS9JEkssP7E0710npgX
|
| ImpHash | - |
| C:\Users\kEecfMwgj\AppData\Local\Temp\tmp446E.tmp | Dropped File | ZIP |
Clean
|
...
|
»
| MIME Type | application/zip |
| File Size | 53.10 KB |
| MD5 |
b1a49475950aaa9a72e5dd8801558919
|
| SHA1 |
bacf4ef485b413ef172ae168553a63ac3d434616
|
| SHA256 |
54b3c2aa3435bc13e4959f8fa3edd1945f9268a9487009f9275f2fcab764eda3
|
| SSDeep |
1536:K48BwMoRZ8tal7R90LlMpFxrLoBXqz9Un5:x8GZ8QhCMtLoBXwU5
|
| ImpHash | - |
| C:\Users\kEecfMwgj\AppData\Local\Temp\tmp43CF.tmp | Dropped File | ZIP |
Clean
|
...
|
»
| MIME Type | application/zip |
| File Size | 30.27 KB |
| MD5 |
3b82c7a93e6cf7cbedb7e86013a02615
|
| SHA1 |
901e9b96be14331804a54eaa4fec34b467d2d474
|
| SHA256 |
cb071ad18ef8195e7a37c169a0f37e42e806e28f7c440bcbc03196ef93a504b6
|
| SSDeep |
768:l1PoO0v/c5a9xaUu0qejCjTyd2sfA37EpCaCQYWSc223V:/wB/c5oaaJ+Xyd2H37zQ93N3V
|
| ImpHash | - |
| C:\Users\KEECFM~1\AppData\Local\Temp\incalculable | Dropped File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 28.08 KB |
| MD5 |
1c01542b845526743cade5382bf493f4
|
| SHA1 |
b1129b4ba152d31f4f3ea0cc545a98c34f9bb98b
|
| SHA256 |
eb32d4a000857efe0465af6c8155992511880bb7ed36fa946dd6a41bf71a54d8
|
| SSDeep |
768:4iTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbp+IC6bd4vfF3if6gyuX:4iTZ+2QoioGRk6ZklputwjpjBkCiw2Rj
|
| ImpHash | - |
| C:\Users\kEecfMwgj\AppData\Local\Temp\tmp42D5.tmp | Dropped File | ZIP |
Clean
|
...
|
»
| MIME Type | application/zip |
| File Size | 18.96 KB |
| MD5 |
84513190064b528e15be1d6d1ee6acad
|
| SHA1 |
ae41a1955ebcc01e5799b0967d4a32707a35dc45
|
| SHA256 |
9e5629c068f236db04e3104fff03a22294935ad6e3a2715d18605ac120afb28d
|
| SSDeep |
384:Ol3iIO4I1a/deRuHQpzueVZ8tpx2/FzsjuPyV4SKTnuKECs90Q7Nl:OJqzRu0NVZopg/Fb3Siu+enH
|
| ImpHash | - |
| C:\Users\KEECFM~1\AppData\Local\Temp\autDD7E.tmp | Dropped File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 9.62 KB |
| MD5 |
7f3c576f883695c2b6d3140f6888901b
|
| SHA1 |
c7ff2f1e3515e52100ef461f265593eaad59b6f1
|
| SHA256 |
ebafb85f0cceb0c54345eaa184b330700bb34ebe8b289cfb0bd5233687f314e2
|
| SSDeep |
192:ZyaFcK4/IltCuhjXcmP7m/aE/Qlu5/K9s9mrl0XXzXn:3F744hjXZKiE/QQlKsY6Xzn
|
| ImpHash | - |
| C:\Users\kEecfMwgj\AppData\Local\Temp\tmp4276.tmp | Dropped File | Unknown |
Clean
|
...
|
»
| MIME Type | application/CDFV2 |
| File Size | 1.93 KB |
| MD5 |
1f4f12aa2ba1b0f86375c61205e8dafd
|
| SHA1 |
b10dd23583ce389652206580932f9fd7503639ae
|
| SHA256 |
c8f3ed9384ef5793987aff86f2ec307ddc83fac22aa8356f1c1105085c024cf6
|
| SSDeep |
48:E60rd5oezsUv+Lbtj9yuol1vvK20YTJQdAtrZpa85wwZy:grEet+dj9yuovXSdCTTSwE
|
| ImpHash | - |
| a07c358417169528d4d831f1d7ecdfecf80ecb2c6356cdaa738b66fbe608464a | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 623.02 KB |
| MD5 |
00fd5acc9cb9c6f9c0d12d051dcf8620
|
| SHA1 |
c64ddd42ff0bfce62f0c0864fd48433bf603cc33
|
| SHA256 |
a07c358417169528d4d831f1d7ecdfecf80ecb2c6356cdaa738b66fbe608464a
|
| SSDeep |
12288:RaVYQ+/NfG9PN8SeM2nGtIe0STbk1+n4NpGPvTCV8zPuYiGNlGoBGz:9Q7PN3ennGt36ps7eMPJiuRE
|
| ImpHash | - |
| 686263a64ea50c5a1a8c08f2ca6ce63bbe7efbce5ac5c6917ecc2d950cd97aac | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 623.01 KB |
| MD5 |
9d93e54bf024c227e65464d454d53f76
|
| SHA1 |
96729a039e3bdf61a8f83c3c7d9b0159047c10f6
|
| SHA256 |
686263a64ea50c5a1a8c08f2ca6ce63bbe7efbce5ac5c6917ecc2d950cd97aac
|
| SSDeep |
12288:IaVYQ+/NfG9PN8SeM2nGtIe0STbk1+n4NpGPvTCV8zPuYiGNlGoBGs:gQ7PN3ennGt36ps7eMPJiuRL
|
| ImpHash | - |
| 54dec80fc8344b4123d4fe9981b1338e947822e758b62eda47b8ec39a582fbfb | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 4.63 KB |
| MD5 |
e5352cba98e11406528542044acbbe7e
|
| SHA1 |
b1eaaacc1325cc909535c2841e8d684aa2273891
|
| SHA256 |
54dec80fc8344b4123d4fe9981b1338e947822e758b62eda47b8ec39a582fbfb
|
| SSDeep |
48:k+9Sj+eM8gVZOYZMVYZUkVYZUnVYxYZb1VYZfVYZ4NVYZwVYZjVYZPVYZVVYZQuB:k8SZMfaKAwsGUmFIHg6Pf6/WYiiLc
|
| ImpHash | - |
| fb679c0dba7f5c9ca703e18707cf815f15226ad52570a7052fe3aec8128df7cb | Downloaded File | Unknown |
Clean
|
...
|
»
| MIME Type | application/json |
| File Size | 351 Bytes |
| MD5 |
344ad6db60a1529c2209bf78ecd21ac7
|
| SHA1 |
f09dae45efc50ca0b66e1108686941f7283537ba
|
| SHA256 |
fb679c0dba7f5c9ca703e18707cf815f15226ad52570a7052fe3aec8128df7cb
|
| SSDeep |
6:YK71n8FCP2Yb+0JWuvyClk45INZxJPn8F2AXXam6WwWW2fVHJEamhn:YKBP2Yb+0JWu6ClZE86m6Wm79
|
| ImpHash | - |
| a01f6550acea4ad2c0c8332472a0e8a63f43c139af065986e91f8984d3ab6a41 | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 261 Bytes |
| MD5 |
7079745e2963d13060970a5e87f2ab3c
|
| SHA1 |
e308db2baf129843650dab3c81473f7281dd7edc
|
| SHA256 |
a01f6550acea4ad2c0c8332472a0e8a63f43c139af065986e91f8984d3ab6a41
|
| SSDeep |
6:CYJL2NAUnW5yOfN7mKgJfcRnndosSic4subiK9KWCfewt8:CYF2N4FV8Z4nG+i8KVev
|
| ImpHash | - |
| 86df651850a7cf084bff38e62aca1a54d165735533e3b182a0224e3a80f5c9c9 | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 212 Bytes |
| MD5 |
fc84bcc8146c9ff744b7b40b32d6e2ba
|
| SHA1 |
f47e4ac2333724ff55ce229f32aa60e54f4af6fe
|
| SHA256 |
86df651850a7cf084bff38e62aca1a54d165735533e3b182a0224e3a80f5c9c9
|
| SSDeep |
6:CYJL2NAUnW52Y/X7mKgr/O191i/O9ri/kwt8:CYF2N4n/r8r/OD1i/Os/kv
|
| ImpHash | - |
| 359a09d8bba39991c5b282cf52279faf23590694be06e3910dadf8dd2d0f20bc | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 147 Bytes |
| MD5 |
2dbf63f4272184fe195caedbe831ec4f
|
| SHA1 |
e27100726d5716af1b61c73d04371cf0b4a1f097
|
| SHA256 |
359a09d8bba39991c5b282cf52279faf23590694be06e3910dadf8dd2d0f20bc
|
| SSDeep |
3:CObJLWHNANGzppWWodLI0newWVQHyWqDmKADJqbZKWPKBq0Y88:CYJL2NAUnW5m4UVD7mKgE9KK4t8
|
| ImpHash | - |
| c7effe833dabd5a007460d8fcd17f5b36284c933be0f9d40a8a65fb68d102dcd | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 144 Bytes |
| MD5 |
48f60f2233183cbf7feefff44bb2c9b0
|
| SHA1 |
703d119e8daecff83e7cab5eb3beb8239e39a54f
|
| SHA256 |
c7effe833dabd5a007460d8fcd17f5b36284c933be0f9d40a8a65fb68d102dcd
|
| SSDeep |
3:CObJLWHNANGzppWWodLe2e3oIJiqDmKADJqbZKWPKBq0Y88:CYJL2NAUnW5w2Oo4mKgE9KK4t8
|
| ImpHash | - |
| 59fb57baf1ed70984221ca94cd509b46a1242a99092ec0c05585c2b58c74ccf5 | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 137 Bytes |
| MD5 |
f6fbd3d72da9e92b7698097dbff33f36
|
| SHA1 |
ee221cd7fc9792f7609b771c0dbe1a5aa51c6905
|
| SHA256 |
59fb57baf1ed70984221ca94cd509b46a1242a99092ec0c05585c2b58c74ccf5
|
| SSDeep |
3:CObJLWHNANGzppWWodLYSYQLjRn0DDmKADJqbZKWPKBq0Y88:CYJL2NAUnW52Y/h4mKgE9KK4t8
|
| ImpHash | - |
| e085e45202a0d9ccdeaf26923ffbf0dcc8992ec667102258dff9047d5a495ba5 | Extracted File | Image |
Clean
|
...
|
»
| Parent File | C:\Users\kEecfMwgj\AppData\Roaming\notorious28194.exe |
| MIME Type | image/png |
| File Size | 8.25 KB |
| MD5 |
6ee593555096dda9c8f881edd6e9227d
|
| SHA1 |
92c40444e57e3ed87f675cb9d64da3c42f746e17
|
| SHA256 |
e085e45202a0d9ccdeaf26923ffbf0dcc8992ec667102258dff9047d5a495ba5
|
| SSDeep |
192:0WxwF7XF5fLrpHBZfFYmkW1xNe8U8Xv7lcuUB/ezQ8OHms5Pqty3pCwYe:8nHZntBD1NUWv7l6BG88OHms5PpCwN
|
| ImpHash | - |
