Try VMRay Platform
Malicious
Classifications

Exploit Spyware Downloader Injector

Threat Names

RedLine RedLine.A Mal/Generic-S Mal/HTMLGen-A

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes" to "10 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\bd776414632dd90a5d459f240e2094566e70554d86ecb4bbb2a2914015426f09.doc Sample File Word Document
Malicious
»
Also Known As C:\Users\kEecfMwgj\AppData\Local\Temp\tmp16F4.tmp (Dropped File, Accessed File)
MIME Type application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Size 16.03 KB
MD5 15c09feba4b5e3928f38c6637295e7b8 Copy to Clipboard
SHA1 0c2dec1dde335d2ea464145a5f5960d2800aaef5 Copy to Clipboard
SHA256 bd776414632dd90a5d459f240e2094566e70554d86ecb4bbb2a2914015426f09 Copy to Clipboard
SSDeep 384:uyXG0buW+s8PL8wi4OEwH8TIbE91r2fRGJYlvibEEBvmp:ucG715P3DOqnYJQcv+EEBE Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Malicious
Office Information
»
Creator Modexcomm
Last Modified By Modexcomm
Revision 7
Create Time 2023-03-27 22:13 (UTC)
Modify Time 2023-08-16 13:25 (UTC)
Application Microsoft Office Word
App Version 12.0000
Template Normal.dotm
Document Security NONE
Editing Time 19.0
Page Count 7
Line Count 150
Paragraph Count 42
Word Count 3177
Character Count 18113
Chars With Spaces 21248
ScaleCrop False
SharedDoc False
Document Content Snippet
»
dMBCBESONDERHEDE BESONDERHEDE VIR HIERDIE MAANDDRAENDE NR. HOEV30208 NBC DRAAG 30 STK30308 NBC DRAAG 6 STK32007X NBC DRAAG 74 STK33005 NBC wat 5 stelle dra52799 / 800U (25877/21) NBC wat 30 PCS dra6001 NBC wat 100 stuks dra6004 NBC wat 180 stuks dra6006 NBC wat 30 PCS dra6011 C3 NBC wat 10 stuks dra6202 NBC wat 280 stuks dra6203 NBC DRAAG 330 STK6205 (Stel) NBC DRAER 224 STK6205ZZ NBC DRAAG 8 STELS6207 NBC DRAER 32 STK6207N NBC wat 10 stuks dra6207ZZ NBC DRAER 52 STK6209 NBC wat 24 stuks dra6209N NBC wat 10 stuks dra6211 NBC met 26 st6212 NBC met 24 st6213 C3 NBC wat 20 stuks dra6215 C3 NBC wat 10 stuks dra628RSS NBC wat 120 stuks dra6300 NBC wat 180 stuks dra6304 (Kit) NBC DRAER 4 STK6307ZZ NBC wat 10 stuks dra6308 C3 NBC DRAAG 40 STK6308ZZ NBC wat 10 stuks dra6311 NBC wat 10 stuks dra6312 NBC wat 10 stuks dra6312ZZ C3 NBC DRAER 6 STK6902 C3 NBC wat 20 stuks draLM48548 / 510 NBC DRAER 96 STKNJ309 NBC DRAER 6 STK1988/1922 (NSPP01) .NC 706304.BEARING SET (NPP02) 11230209 (NSPP01) .NC 20
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
Show WHOIS
Malicious
C:\Users\kEecfMwgj\AppData\Roaming\notorious69281.exe Downloaded File Binary
Malicious
»
Also Known As c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\wordpad[1].exe (Downloaded File, Extracted File)
MIME Type application/vnd.microsoft.portable-executable
File Size 1.02 MB
MD5 464709f3215d06f6703eb4ecb607ae7a Copy to Clipboard
SHA1 1f438f2ab699f842cec119981ae5bf799df5d203 Copy to Clipboard
SHA256 a591d3d035cf90395ad1078a415a46b5b44dd813496291b702fe36cfb22dee36 Copy to Clipboard
SSDeep 24576:3AHnh+eWsN3skA4RV1Hom2KXMmHaeAfg3sujtg5:qh+ZkldoPK8YaeAfTYg Copy to Clipboard
ImpHash afcdf79be1557326c854b6e20cb900a7 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x0042800A
Size Of Code 0x0008E000
Size Of Initialized Data 0x00077800
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2024-06-26 00:51 (UTC)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0008DFDD 0x0008E000 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.68
.rdata 0x0048F000 0x0002FD8E 0x0002FE00 0x0008E400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.76
.data 0x004BF000 0x00008F74 0x00005200 0x000BE200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.2
.rsrc 0x004C8000 0x0003B538 0x0003B600 0x000C3400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.15
.reloc 0x00504000 0x00007134 0x00007200 0x000FEA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.78
Imports (18)
»
WSOCK32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSACleanup 0x00000074 0x0048F7C8 0x000BCA10 0x000BBE10 -
socket 0x00000017 0x0048F7CC 0x000BCA14 0x000BBE14 -
inet_ntoa 0x0000000C 0x0048F7D0 0x000BCA18 0x000BBE18 -
setsockopt 0x00000015 0x0048F7D4 0x000BCA1C 0x000BBE1C -
ntohs 0x0000000F 0x0048F7D8 0x000BCA20 0x000BBE20 -
recvfrom 0x00000011 0x0048F7DC 0x000BCA24 0x000BBE24 -
ioctlsocket 0x0000000A 0x0048F7E0 0x000BCA28 0x000BBE28 -
htons 0x00000009 0x0048F7E4 0x000BCA2C 0x000BBE2C -
WSAStartup 0x00000073 0x0048F7E8 0x000BCA30 0x000BBE30 -
__WSAFDIsSet 0x00000097 0x0048F7EC 0x000BCA34 0x000BBE34 -
select 0x00000012 0x0048F7F0 0x000BCA38 0x000BBE38 -
accept 0x00000001 0x0048F7F4 0x000BCA3C 0x000BBE3C -
listen 0x0000000D 0x0048F7F8 0x000BCA40 0x000BBE40 -
bind 0x00000002 0x0048F7FC 0x000BCA44 0x000BBE44 -
closesocket 0x00000003 0x0048F800 0x000BCA48 0x000BBE48 -
WSAGetLastError 0x0000006F 0x0048F804 0x000BCA4C 0x000BBE4C -
recv 0x00000010 0x0048F808 0x000BCA50 0x000BBE50 -
sendto 0x00000014 0x0048F80C 0x000BCA54 0x000BBE54 -
send 0x00000013 0x0048F810 0x000BCA58 0x000BBE58 -
inet_addr 0x0000000B 0x0048F814 0x000BCA5C 0x000BBE5C -
gethostbyname 0x00000034 0x0048F818 0x000BCA60 0x000BBE60 -
gethostname 0x00000039 0x0048F81C 0x000BCA64 0x000BBE64 -
connect 0x00000004 0x0048F820 0x000BCA68 0x000BBE68 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoW - 0x0048F76C 0x000BC9B4 0x000BBDB4 0x00000006
GetFileVersionInfoSizeW - 0x0048F770 0x000BC9B8 0x000BBDB8 0x00000005
VerQueryValueW - 0x0048F774 0x000BC9BC 0x000BBDBC 0x0000000E
WINMM.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeGetTime - 0x0048F7B8 0x000BCA00 0x000BBE00 0x00000094
waveOutSetVolume - 0x0048F7BC 0x000BCA04 0x000BBE04 0x000000BB
mciSendStringW - 0x0048F7C0 0x000BCA08 0x000BBE08 0x00000032
COMCTL32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_ReplaceIcon - 0x0048F088 0x000BC2D0 0x000BB6D0 0x0000006F
ImageList_Destroy - 0x0048F08C 0x000BC2D4 0x000BB6D4 0x00000054
ImageList_Remove - 0x0048F090 0x000BC2D8 0x000BB6D8 0x0000006D
ImageList_SetDragCursorImage - 0x0048F094 0x000BC2DC 0x000BB6DC 0x00000072
ImageList_BeginDrag - 0x0048F098 0x000BC2E0 0x000BB6E0 0x00000050
ImageList_DragEnter - 0x0048F09C 0x000BC2E4 0x000BB6E4 0x00000056
ImageList_DragLeave - 0x0048F0A0 0x000BC2E8 0x000BB6E8 0x00000057
ImageList_EndDrag - 0x0048F0A4 0x000BC2EC 0x000BB6EC 0x0000005E
ImageList_DragMove - 0x0048F0A8 0x000BC2F0 0x000BB6F0 0x00000058
InitCommonControlsEx - 0x0048F0AC 0x000BC2F4 0x000BB6F4 0x0000007B
ImageList_Create - 0x0048F0B0 0x000BC2F8 0x000BB6F8 0x00000053
MPR.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetUseConnectionW - 0x0048F3F8 0x000BC640 0x000BBA40 0x00000049
WNetCancelConnection2W - 0x0048F3FC 0x000BC644 0x000BBA44 0x0000000C
WNetGetConnectionW - 0x0048F400 0x000BC648 0x000BBA48 0x00000024
WNetAddConnection2W - 0x0048F404 0x000BC64C 0x000BBA4C 0x00000006
WININET.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetQueryDataAvailable - 0x0048F77C 0x000BC9C4 0x000BBDC4 0x0000009B
InternetCloseHandle - 0x0048F780 0x000BC9C8 0x000BBDC8 0x0000006B
InternetOpenW - 0x0048F784 0x000BC9CC 0x000BBDCC 0x0000009A
InternetSetOptionW - 0x0048F788 0x000BC9D0 0x000BBDD0 0x000000AF
InternetCrackUrlW - 0x0048F78C 0x000BC9D4 0x000BBDD4 0x00000074
HttpQueryInfoW - 0x0048F790 0x000BC9D8 0x000BBDD8 0x0000005A
InternetQueryOptionW - 0x0048F794 0x000BC9DC 0x000BBDDC 0x0000009E
HttpOpenRequestW - 0x0048F798 0x000BC9E0 0x000BBDE0 0x00000058
HttpSendRequestW - 0x0048F79C 0x000BC9E4 0x000BBDE4 0x0000005E
FtpOpenFileW - 0x0048F7A0 0x000BC9E8 0x000BBDE8 0x00000035
FtpGetFileSize - 0x0048F7A4 0x000BC9EC 0x000BBDEC 0x00000032
InternetOpenUrlW - 0x0048F7A8 0x000BC9F0 0x000BBDF0 0x00000099
InternetReadFile - 0x0048F7AC 0x000BC9F4 0x000BBDF4 0x0000009F
InternetConnectW - 0x0048F7B0 0x000BC9F8 0x000BBDF8 0x00000072
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcessMemoryInfo - 0x0048F484 0x000BC6CC 0x000BBACC 0x00000015
IPHLPAPI.DLL (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IcmpCreateFile - 0x0048F154 0x000BC39C 0x000BB79C 0x00000085
IcmpCloseHandle - 0x0048F158 0x000BC3A0 0x000BB7A0 0x00000084
IcmpSendEcho - 0x0048F15C 0x000BC3A4 0x000BB7A4 0x00000087
USERENV.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DestroyEnvironmentBlock - 0x0048F750 0x000BC998 0x000BBD98 0x00000004
UnloadUserProfile - 0x0048F754 0x000BC99C 0x000BBD9C 0x0000002C
CreateEnvironmentBlock - 0x0048F758 0x000BC9A0 0x000BBDA0 0x00000000
LoadUserProfileW - 0x0048F75C 0x000BC9A4 0x000BBDA4 0x00000021
UxTheme.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsThemeActive - 0x0048F764 0x000BC9AC 0x000BBDAC 0x0000003F
KERNEL32.dll (164)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DuplicateHandle - 0x0048F164 0x000BC3AC 0x000BB7AC 0x000000E8
CreateThread - 0x0048F168 0x000BC3B0 0x000BB7B0 0x000000B5
WaitForSingleObject - 0x0048F16C 0x000BC3B4 0x000BB7B4 0x000004F9
HeapAlloc - 0x0048F170 0x000BC3B8 0x000BB7B8 0x000002CB
GetProcessHeap - 0x0048F174 0x000BC3BC 0x000BB7BC 0x0000024A
HeapFree - 0x0048F178 0x000BC3C0 0x000BB7C0 0x000002CF
Sleep - 0x0048F17C 0x000BC3C4 0x000BB7C4 0x000004B2
GetCurrentThreadId - 0x0048F180 0x000BC3C8 0x000BB7C8 0x000001C5
MultiByteToWideChar - 0x0048F184 0x000BC3CC 0x000BB7CC 0x00000367
MulDiv - 0x0048F188 0x000BC3D0 0x000BB7D0 0x00000366
GetVersionExW - 0x0048F18C 0x000BC3D4 0x000BB7D4 0x000002A4
IsWow64Process - 0x0048F190 0x000BC3D8 0x000BB7D8 0x0000030E
GetSystemInfo - 0x0048F194 0x000BC3DC 0x000BB7DC 0x00000273
FreeLibrary - 0x0048F198 0x000BC3E0 0x000BB7E0 0x00000162
LoadLibraryA - 0x0048F19C 0x000BC3E4 0x000BB7E4 0x0000033C
GetProcAddress - 0x0048F1A0 0x000BC3E8 0x000BB7E8 0x00000245
SetErrorMode - 0x0048F1A4 0x000BC3EC 0x000BB7EC 0x00000458
GetModuleFileNameW - 0x0048F1A8 0x000BC3F0 0x000BB7F0 0x00000214
WideCharToMultiByte - 0x0048F1AC 0x000BC3F4 0x000BB7F4 0x00000511
lstrcpyW - 0x0048F1B0 0x000BC3F8 0x000BB7F8 0x00000548
lstrlenW - 0x0048F1B4 0x000BC3FC 0x000BB7FC 0x0000054E
GetModuleHandleW - 0x0048F1B8 0x000BC400 0x000BB800 0x00000218
QueryPerformanceCounter - 0x0048F1BC 0x000BC404 0x000BB804 0x000003A7
VirtualFreeEx - 0x0048F1C0 0x000BC408 0x000BB808 0x000004ED
OpenProcess - 0x0048F1C4 0x000BC40C 0x000BB80C 0x00000380
VirtualAllocEx - 0x0048F1C8 0x000BC410 0x000BB810 0x000004EA
WriteProcessMemory - 0x0048F1CC 0x000BC414 0x000BB814 0x0000052E
ReadProcessMemory - 0x0048F1D0 0x000BC418 0x000BB818 0x000003C3
CreateFileW - 0x0048F1D4 0x000BC41C 0x000BB81C 0x0000008F
SetFilePointerEx - 0x0048F1D8 0x000BC420 0x000BB820 0x00000467
SetEndOfFile - 0x0048F1DC 0x000BC424 0x000BB824 0x00000453
ReadFile - 0x0048F1E0 0x000BC428 0x000BB828 0x000003C0
WriteFile - 0x0048F1E4 0x000BC42C 0x000BB82C 0x00000525
FlushFileBuffers - 0x0048F1E8 0x000BC430 0x000BB830 0x00000157
TerminateProcess - 0x0048F1EC 0x000BC434 0x000BB834 0x000004C0
CreateToolhelp32Snapshot - 0x0048F1F0 0x000BC438 0x000BB838 0x000000BE
Process32FirstW - 0x0048F1F4 0x000BC43C 0x000BB83C 0x00000396
Process32NextW - 0x0048F1F8 0x000BC440 0x000BB840 0x00000398
SetFileTime - 0x0048F1FC 0x000BC444 0x000BB844 0x0000046A
GetFileAttributesW - 0x0048F200 0x000BC448 0x000BB848 0x000001EA
FindFirstFileW - 0x0048F204 0x000BC44C 0x000BB84C 0x00000139
SetCurrentDirectoryW - 0x0048F208 0x000BC450 0x000BB850 0x0000044D
GetLongPathNameW - 0x0048F20C 0x000BC454 0x000BB854 0x0000020F
GetShortPathNameW - 0x0048F210 0x000BC458 0x000BB858 0x00000261
DeleteFileW - 0x0048F214 0x000BC45C 0x000BB85C 0x000000D6
FindNextFileW - 0x0048F218 0x000BC460 0x000BB860 0x00000145
CopyFileExW - 0x0048F21C 0x000BC464 0x000BB864 0x00000072
MoveFileW - 0x0048F220 0x000BC468 0x000BB868 0x00000363
CreateDirectoryW - 0x0048F224 0x000BC46C 0x000BB86C 0x00000081
RemoveDirectoryW - 0x0048F228 0x000BC470 0x000BB870 0x00000403
SetSystemPowerState - 0x0048F22C 0x000BC474 0x000BB874 0x0000048A
QueryPerformanceFrequency - 0x0048F230 0x000BC478 0x000BB878 0x000003A8
FindResourceW - 0x0048F234 0x000BC47C 0x000BB87C 0x0000014E
LoadResource - 0x0048F238 0x000BC480 0x000BB880 0x00000341
LockResource - 0x0048F23C 0x000BC484 0x000BB884 0x00000354
SizeofResource - 0x0048F240 0x000BC488 0x000BB888 0x000004B1
EnumResourceNamesW - 0x0048F244 0x000BC48C 0x000BB88C 0x00000102
OutputDebugStringW - 0x0048F248 0x000BC490 0x000BB890 0x0000038A
GetTempPathW - 0x0048F24C 0x000BC494 0x000BB894 0x00000285
GetTempFileNameW - 0x0048F250 0x000BC498 0x000BB898 0x00000283
DeviceIoControl - 0x0048F254 0x000BC49C 0x000BB89C 0x000000DD
GetLocalTime - 0x0048F258 0x000BC4A0 0x000BB8A0 0x00000203
CompareStringW - 0x0048F25C 0x000BC4A4 0x000BB8A4 0x00000064
GetCurrentProcess - 0x0048F260 0x000BC4A8 0x000BB8A8 0x000001C0
EnterCriticalSection - 0x0048F264 0x000BC4AC 0x000BB8AC 0x000000EE
LeaveCriticalSection - 0x0048F268 0x000BC4B0 0x000BB8B0 0x00000339
GetStdHandle - 0x0048F26C 0x000BC4B4 0x000BB8B4 0x00000264
CreatePipe - 0x0048F270 0x000BC4B8 0x000BB8B8 0x000000A1
InterlockedExchange - 0x0048F274 0x000BC4BC 0x000BB8BC 0x000002EC
TerminateThread - 0x0048F278 0x000BC4C0 0x000BB8C0 0x000004C1
LoadLibraryExW - 0x0048F27C 0x000BC4C4 0x000BB8C4 0x0000033E
FindResourceExW - 0x0048F280 0x000BC4C8 0x000BB8C8 0x0000014D
CopyFileW - 0x0048F284 0x000BC4CC 0x000BB8CC 0x00000075
VirtualFree - 0x0048F288 0x000BC4D0 0x000BB8D0 0x000004EC
FormatMessageW - 0x0048F28C 0x000BC4D4 0x000BB8D4 0x0000015E
GetExitCodeProcess - 0x0048F290 0x000BC4D8 0x000BB8D8 0x000001DF
GetPrivateProfileStringW - 0x0048F294 0x000BC4DC 0x000BB8DC 0x00000242
WritePrivateProfileStringW - 0x0048F298 0x000BC4E0 0x000BB8E0 0x0000052B
GetPrivateProfileSectionW - 0x0048F29C 0x000BC4E4 0x000BB8E4 0x00000240
WritePrivateProfileSectionW - 0x0048F2A0 0x000BC4E8 0x000BB8E8 0x00000529
GetPrivateProfileSectionNamesW - 0x0048F2A4 0x000BC4EC 0x000BB8EC 0x0000023F
FileTimeToLocalFileTime - 0x0048F2A8 0x000BC4F0 0x000BB8F0 0x00000124
FileTimeToSystemTime - 0x0048F2AC 0x000BC4F4 0x000BB8F4 0x00000125
SystemTimeToFileTime - 0x0048F2B0 0x000BC4F8 0x000BB8F8 0x000004BD
LocalFileTimeToFileTime - 0x0048F2B4 0x000BC4FC 0x000BB8FC 0x00000346
GetDriveTypeW - 0x0048F2B8 0x000BC500 0x000BB900 0x000001D3
GetDiskFreeSpaceExW - 0x0048F2BC 0x000BC504 0x000BB904 0x000001CE
GetDiskFreeSpaceW - 0x0048F2C0 0x000BC508 0x000BB908 0x000001CF
GetVolumeInformationW - 0x0048F2C4 0x000BC50C 0x000BB90C 0x000002A7
SetVolumeLabelW - 0x0048F2C8 0x000BC510 0x000BB910 0x000004A9
CreateHardLinkW - 0x0048F2CC 0x000BC514 0x000BB914 0x00000093
SetFileAttributesW - 0x0048F2D0 0x000BC518 0x000BB918 0x00000461
CreateEventW - 0x0048F2D4 0x000BC51C 0x000BB91C 0x00000085
SetEvent - 0x0048F2D8 0x000BC520 0x000BB920 0x00000459
GetEnvironmentVariableW - 0x0048F2DC 0x000BC524 0x000BB924 0x000001DC
SetEnvironmentVariableW - 0x0048F2E0 0x000BC528 0x000BB928 0x00000457
GlobalLock - 0x0048F2E4 0x000BC52C 0x000BB92C 0x000002BE
GlobalUnlock - 0x0048F2E8 0x000BC530 0x000BB930 0x000002C5
GlobalAlloc - 0x0048F2EC 0x000BC534 0x000BB934 0x000002B3
GetFileSize - 0x0048F2F0 0x000BC538 0x000BB938 0x000001F0
GlobalFree - 0x0048F2F4 0x000BC53C 0x000BB93C 0x000002BA
GlobalMemoryStatusEx - 0x0048F2F8 0x000BC540 0x000BB940 0x000002C0
Beep - 0x0048F2FC 0x000BC544 0x000BB944 0x00000036
GetSystemDirectoryW - 0x0048F300 0x000BC548 0x000BB948 0x00000270
HeapReAlloc - 0x0048F304 0x000BC54C 0x000BB94C 0x000002D2
HeapSize - 0x0048F308 0x000BC550 0x000BB950 0x000002D4
GetComputerNameW - 0x0048F30C 0x000BC554 0x000BB954 0x0000018F
GetWindowsDirectoryW - 0x0048F310 0x000BC558 0x000BB958 0x000002AF
GetCurrentProcessId - 0x0048F314 0x000BC55C 0x000BB95C 0x000001C1
GetProcessIoCounters - 0x0048F318 0x000BC560 0x000BB960 0x0000024E
CreateProcessW - 0x0048F31C 0x000BC564 0x000BB964 0x000000A8
GetProcessId - 0x0048F320 0x000BC568 0x000BB968 0x0000024C
SetPriorityClass - 0x0048F324 0x000BC56C 0x000BB96C 0x0000047D
LoadLibraryW - 0x0048F328 0x000BC570 0x000BB970 0x0000033F
VirtualAlloc - 0x0048F32C 0x000BC574 0x000BB974 0x000004E9
IsDebuggerPresent - 0x0048F330 0x000BC578 0x000BB978 0x00000300
GetCurrentDirectoryW - 0x0048F334 0x000BC57C 0x000BB97C 0x000001BF
lstrcmpiW - 0x0048F338 0x000BC580 0x000BB980 0x00000545
DecodePointer - 0x0048F33C 0x000BC584 0x000BB984 0x000000CA
GetLastError - 0x0048F340 0x000BC588 0x000BB988 0x00000202
RaiseException - 0x0048F344 0x000BC58C 0x000BB98C 0x000003B1
InitializeCriticalSectionAndSpinCount - 0x0048F348 0x000BC590 0x000BB990 0x000002E3
DeleteCriticalSection - 0x0048F34C 0x000BC594 0x000BB994 0x000000D1
InterlockedDecrement - 0x0048F350 0x000BC598 0x000BB998 0x000002EB
InterlockedIncrement - 0x0048F354 0x000BC59C 0x000BB99C 0x000002EF
GetCurrentThread - 0x0048F358 0x000BC5A0 0x000BB9A0 0x000001C4
CloseHandle - 0x0048F35C 0x000BC5A4 0x000BB9A4 0x00000052
GetFullPathNameW - 0x0048F360 0x000BC5A8 0x000BB9A8 0x000001FB
EncodePointer - 0x0048F364 0x000BC5AC 0x000BB9AC 0x000000EA
ExitProcess - 0x0048F368 0x000BC5B0 0x000BB9B0 0x00000119
GetModuleHandleExW - 0x0048F36C 0x000BC5B4 0x000BB9B4 0x00000217
ExitThread - 0x0048F370 0x000BC5B8 0x000BB9B8 0x0000011A
GetSystemTimeAsFileTime - 0x0048F374 0x000BC5BC 0x000BB9BC 0x00000279
ResumeThread - 0x0048F378 0x000BC5C0 0x000BB9C0 0x00000413
GetCommandLineW - 0x0048F37C 0x000BC5C4 0x000BB9C4 0x00000187
IsProcessorFeaturePresent - 0x0048F380 0x000BC5C8 0x000BB9C8 0x00000304
IsValidCodePage - 0x0048F384 0x000BC5CC 0x000BB9CC 0x0000030A
GetACP - 0x0048F388 0x000BC5D0 0x000BB9D0 0x00000168
GetOEMCP - 0x0048F38C 0x000BC5D4 0x000BB9D4 0x00000237
GetCPInfo - 0x0048F390 0x000BC5D8 0x000BB9D8 0x00000172
SetLastError - 0x0048F394 0x000BC5DC 0x000BB9DC 0x00000473
UnhandledExceptionFilter - 0x0048F398 0x000BC5E0 0x000BB9E0 0x000004D3
SetUnhandledExceptionFilter - 0x0048F39C 0x000BC5E4 0x000BB9E4 0x000004A5
TlsAlloc - 0x0048F3A0 0x000BC5E8 0x000BB9E8 0x000004C5
TlsGetValue - 0x0048F3A4 0x000BC5EC 0x000BB9EC 0x000004C7
TlsSetValue - 0x0048F3A8 0x000BC5F0 0x000BB9F0 0x000004C8
TlsFree - 0x0048F3AC 0x000BC5F4 0x000BB9F4 0x000004C6
GetStartupInfoW - 0x0048F3B0 0x000BC5F8 0x000BB9F8 0x00000263
GetStringTypeW - 0x0048F3B4 0x000BC5FC 0x000BB9FC 0x00000269
SetStdHandle - 0x0048F3B8 0x000BC600 0x000BBA00 0x00000487
GetFileType - 0x0048F3BC 0x000BC604 0x000BBA04 0x000001F3
GetConsoleCP - 0x0048F3C0 0x000BC608 0x000BBA08 0x0000019A
GetConsoleMode - 0x0048F3C4 0x000BC60C 0x000BBA0C 0x000001AC
RtlUnwind - 0x0048F3C8 0x000BC610 0x000BBA10 0x00000418
ReadConsoleW - 0x0048F3CC 0x000BC614 0x000BBA14 0x000003BE
GetTimeZoneInformation - 0x0048F3D0 0x000BC618 0x000BBA18 0x00000298
GetDateFormatW - 0x0048F3D4 0x000BC61C 0x000BBA1C 0x000001C8
GetTimeFormatW - 0x0048F3D8 0x000BC620 0x000BBA20 0x00000297
LCMapStringW - 0x0048F3DC 0x000BC624 0x000BBA24 0x0000032D
GetEnvironmentStringsW - 0x0048F3E0 0x000BC628 0x000BBA28 0x000001DA
FreeEnvironmentStringsW - 0x0048F3E4 0x000BC62C 0x000BBA2C 0x00000161
WriteConsoleW - 0x0048F3E8 0x000BC630 0x000BBA30 0x00000524
FindClose - 0x0048F3EC 0x000BC634 0x000BBA34 0x0000012E
SetEnvironmentVariableA - 0x0048F3F0 0x000BC638 0x000BBA38 0x00000456
USER32.dll (160)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustWindowRectEx - 0x0048F4CC 0x000BC714 0x000BBB14 0x00000003
CopyImage - 0x0048F4D0 0x000BC718 0x000BBB18 0x00000054
SetWindowPos - 0x0048F4D4 0x000BC71C 0x000BBB1C 0x000002C6
GetCursorInfo - 0x0048F4D8 0x000BC720 0x000BBB20 0x0000011F
RegisterHotKey - 0x0048F4DC 0x000BC724 0x000BBB24 0x00000256
ClientToScreen - 0x0048F4E0 0x000BC728 0x000BBB28 0x00000047
GetKeyboardLayoutNameW - 0x0048F4E4 0x000BC72C 0x000BBB2C 0x00000141
IsCharAlphaW - 0x0048F4E8 0x000BC730 0x000BBB30 0x000001C4
IsCharAlphaNumericW - 0x0048F4EC 0x000BC734 0x000BBB34 0x000001C3
IsCharLowerW - 0x0048F4F0 0x000BC738 0x000BBB38 0x000001C6
IsCharUpperW - 0x0048F4F4 0x000BC73C 0x000BBB3C 0x000001C8
GetMenuStringW - 0x0048F4F8 0x000BC740 0x000BBB40 0x00000158
GetSubMenu - 0x0048F4FC 0x000BC744 0x000BBB44 0x0000017A
GetCaretPos - 0x0048F500 0x000BC748 0x000BBB48 0x0000010A
IsZoomed - 0x0048F504 0x000BC74C 0x000BBB4C 0x000001E2
MonitorFromPoint - 0x0048F508 0x000BC750 0x000BBB50 0x00000218
GetMonitorInfoW - 0x0048F50C 0x000BC754 0x000BBB54 0x0000015F
SetWindowLongW - 0x0048F510 0x000BC758 0x000BBB58 0x000002C4
SetLayeredWindowAttributes - 0x0048F514 0x000BC75C 0x000BBB5C 0x00000298
FlashWindow - 0x0048F518 0x000BC760 0x000BBB60 0x000000FB
GetClassLongW - 0x0048F51C 0x000BC764 0x000BBB64 0x00000110
TranslateAcceleratorW - 0x0048F520 0x000BC768 0x000BBB68 0x000002FA
IsDialogMessageW - 0x0048F524 0x000BC76C 0x000BBB6C 0x000001CD
GetSysColor - 0x0048F528 0x000BC770 0x000BBB70 0x0000017B
InflateRect - 0x0048F52C 0x000BC774 0x000BBB74 0x000001B5
DrawFocusRect - 0x0048F530 0x000BC778 0x000BBB78 0x000000C4
DrawTextW - 0x0048F534 0x000BC77C 0x000BBB7C 0x000000D0
FrameRect - 0x0048F538 0x000BC780 0x000BBB80 0x000000FD
DrawFrameControl - 0x0048F53C 0x000BC784 0x000BBB84 0x000000C6
FillRect - 0x0048F540 0x000BC788 0x000BBB88 0x000000F6
PtInRect - 0x0048F544 0x000BC78C 0x000BBB8C 0x00000240
DestroyAcceleratorTable - 0x0048F548 0x000BC790 0x000BBB90 0x000000A0
CreateAcceleratorTableW - 0x0048F54C 0x000BC794 0x000BBB94 0x00000058
SetCursor - 0x0048F550 0x000BC798 0x000BBB98 0x00000288
GetWindowDC - 0x0048F554 0x000BC79C 0x000BBB9C 0x00000192
GetSystemMetrics - 0x0048F558 0x000BC7A0 0x000BBBA0 0x0000017E
GetActiveWindow - 0x0048F55C 0x000BC7A4 0x000BBBA4 0x00000100
CharNextW - 0x0048F560 0x000BC7A8 0x000BBBA8 0x00000031
wsprintfW - 0x0048F564 0x000BC7AC 0x000BBBAC 0x00000333
RedrawWindow - 0x0048F568 0x000BC7B0 0x000BBBB0 0x0000024A
DrawMenuBar - 0x0048F56C 0x000BC7B4 0x000BBBB4 0x000000C9
DestroyMenu - 0x0048F570 0x000BC7B8 0x000BBBB8 0x000000A4
SetMenu - 0x0048F574 0x000BC7BC 0x000BBBBC 0x0000029C
GetWindowTextLengthW - 0x0048F578 0x000BC7C0 0x000BBBC0 0x000001A2
CreateMenu - 0x0048F57C 0x000BC7C4 0x000BBBC4 0x0000006A
IsDlgButtonChecked - 0x0048F580 0x000BC7C8 0x000BBBC8 0x000001CE
DefDlgProcW - 0x0048F584 0x000BC7CC 0x000BBBCC 0x00000095
CallWindowProcW - 0x0048F588 0x000BC7D0 0x000BBBD0 0x0000001E
ReleaseCapture - 0x0048F58C 0x000BC7D4 0x000BBBD4 0x00000264
SetCapture - 0x0048F590 0x000BC7D8 0x000BBBD8 0x00000280
CreateIconFromResourceEx - 0x0048F594 0x000BC7DC 0x000BBBDC 0x00000066
mouse_event - 0x0048F598 0x000BC7E0 0x000BBBE0 0x00000331
ExitWindowsEx - 0x0048F59C 0x000BC7E4 0x000BBBE4 0x000000F5
SetActiveWindow - 0x0048F5A0 0x000BC7E8 0x000BBBE8 0x0000027F
FindWindowExW - 0x0048F5A4 0x000BC7EC 0x000BBBEC 0x000000F9
EnumThreadWindows - 0x0048F5A8 0x000BC7F0 0x000BBBF0 0x000000EF
SetMenuDefaultItem - 0x0048F5AC 0x000BC7F4 0x000BBBF4 0x0000029E
InsertMenuItemW - 0x0048F5B0 0x000BC7F8 0x000BBBF8 0x000001B9
IsMenu - 0x0048F5B4 0x000BC7FC 0x000BBBFC 0x000001D2
TrackPopupMenuEx - 0x0048F5B8 0x000BC800 0x000BBC00 0x000002F7
GetCursorPos - 0x0048F5BC 0x000BC804 0x000BBC04 0x00000120
DeleteMenu - 0x0048F5C0 0x000BC808 0x000BBC08 0x0000009E
SetRect - 0x0048F5C4 0x000BC80C 0x000BBC0C 0x000002AE
GetMenuItemID - 0x0048F5C8 0x000BC810 0x000BBC10 0x00000152
GetMenuItemCount - 0x0048F5CC 0x000BC814 0x000BBC14 0x00000151
SetMenuItemInfoW - 0x0048F5D0 0x000BC818 0x000BBC18 0x000002A2
GetMenuItemInfoW - 0x0048F5D4 0x000BC81C 0x000BBC1C 0x00000154
SetForegroundWindow - 0x0048F5D8 0x000BC820 0x000BBC20 0x00000293
IsIconic - 0x0048F5DC 0x000BC824 0x000BBC24 0x000001D1
FindWindowW - 0x0048F5E0 0x000BC828 0x000BBC28 0x000000FA
MonitorFromRect - 0x0048F5E4 0x000BC82C 0x000BBC2C 0x00000219
keybd_event - 0x0048F5E8 0x000BC830 0x000BBC30 0x00000330
SendInput - 0x0048F5EC 0x000BC834 0x000BBC34 0x00000276
GetAsyncKeyState - 0x0048F5F0 0x000BC838 0x000BBC38 0x00000107
SetKeyboardState - 0x0048F5F4 0x000BC83C 0x000BBC3C 0x00000296
GetKeyboardState - 0x0048F5F8 0x000BC840 0x000BBC40 0x00000142
GetKeyState - 0x0048F5FC 0x000BC844 0x000BBC44 0x0000013D
VkKeyScanW - 0x0048F600 0x000BC848 0x000BBC48 0x00000321
LoadStringW - 0x0048F604 0x000BC84C 0x000BBC4C 0x000001FA
DialogBoxParamW - 0x0048F608 0x000BC850 0x000BBC50 0x000000AC
MessageBeep - 0x0048F60C 0x000BC854 0x000BBC54 0x0000020D
EndDialog - 0x0048F610 0x000BC858 0x000BBC58 0x000000DA
SendDlgItemMessageW - 0x0048F614 0x000BC85C 0x000BBC5C 0x00000273
GetDlgItem - 0x0048F618 0x000BC860 0x000BBC60 0x00000127
SetWindowTextW - 0x0048F61C 0x000BC864 0x000BBC64 0x000002CB
CopyRect - 0x0048F620 0x000BC868 0x000BBC68 0x00000055
ReleaseDC - 0x0048F624 0x000BC86C 0x000BBC6C 0x00000265
GetDC - 0x0048F628 0x000BC870 0x000BBC70 0x00000121
EndPaint - 0x0048F62C 0x000BC874 0x000BBC74 0x000000DC
BeginPaint - 0x0048F630 0x000BC878 0x000BBC78 0x0000000E
GetClientRect - 0x0048F634 0x000BC87C 0x000BBC7C 0x00000114
GetMenu - 0x0048F638 0x000BC880 0x000BBC80 0x0000014B
DestroyWindow - 0x0048F63C 0x000BC884 0x000BBC84 0x000000A6
EnumWindows - 0x0048F640 0x000BC888 0x000BBC88 0x000000F2
GetDesktopWindow - 0x0048F644 0x000BC88C 0x000BBC8C 0x00000123
IsWindow - 0x0048F648 0x000BC890 0x000BBC90 0x000001DB
IsWindowEnabled - 0x0048F64C 0x000BC894 0x000BBC94 0x000001DC
IsWindowVisible - 0x0048F650 0x000BC898 0x000BBC98 0x000001E0
EnableWindow - 0x0048F654 0x000BC89C 0x000BBC9C 0x000000D8
InvalidateRect - 0x0048F658 0x000BC8A0 0x000BBCA0 0x000001BE
GetWindowLongW - 0x0048F65C 0x000BC8A4 0x000BBCA4 0x00000196
GetWindowThreadProcessId - 0x0048F660 0x000BC8A8 0x000BBCA8 0x000001A4
AttachThreadInput - 0x0048F664 0x000BC8AC 0x000BBCAC 0x0000000C
GetFocus - 0x0048F668 0x000BC8B0 0x000BBCB0 0x0000012C
GetWindowTextW - 0x0048F66C 0x000BC8B4 0x000BBCB4 0x000001A3
ScreenToClient - 0x0048F670 0x000BC8B8 0x000BBCB8 0x0000026D
SendMessageTimeoutW - 0x0048F674 0x000BC8BC 0x000BBCBC 0x0000027B
EnumChildWindows - 0x0048F678 0x000BC8C0 0x000BBCC0 0x000000DF
CharUpperBuffW - 0x0048F67C 0x000BC8C4 0x000BBCC4 0x0000003B
GetParent - 0x0048F680 0x000BC8C8 0x000BBCC8 0x00000164
GetDlgCtrlID - 0x0048F684 0x000BC8CC 0x000BBCCC 0x00000126
SendMessageW - 0x0048F688 0x000BC8D0 0x000BBCD0 0x0000027C
MapVirtualKeyW - 0x0048F68C 0x000BC8D4 0x000BBCD4 0x00000208
PostMessageW - 0x0048F690 0x000BC8D8 0x000BBCD8 0x00000236
GetWindowRect - 0x0048F694 0x000BC8DC 0x000BBCDC 0x0000019C
SetUserObjectSecurity - 0x0048F698 0x000BC8E0 0x000BBCE0 0x000002BE
CloseDesktop - 0x0048F69C 0x000BC8E4 0x000BBCE4 0x0000004A
CloseWindowStation - 0x0048F6A0 0x000BC8E8 0x000BBCE8 0x0000004E
OpenDesktopW - 0x0048F6A4 0x000BC8EC 0x000BBCEC 0x00000228
SetProcessWindowStation - 0x0048F6A8 0x000BC8F0 0x000BBCF0 0x000002AA
GetProcessWindowStation - 0x0048F6AC 0x000BC8F4 0x000BBCF4 0x00000168
OpenWindowStationW - 0x0048F6B0 0x000BC8F8 0x000BBCF8 0x0000022D
GetUserObjectSecurity - 0x0048F6B4 0x000BC8FC 0x000BBCFC 0x0000018C
MessageBoxW - 0x0048F6B8 0x000BC900 0x000BBD00 0x00000215
DefWindowProcW - 0x0048F6BC 0x000BC904 0x000BBD04 0x0000009C
SetClipboardData - 0x0048F6C0 0x000BC908 0x000BBD08 0x00000286
EmptyClipboard - 0x0048F6C4 0x000BC90C 0x000BBD0C 0x000000D5
CountClipboardFormats - 0x0048F6C8 0x000BC910 0x000BBD10 0x00000056
CloseClipboard - 0x0048F6CC 0x000BC914 0x000BBD14 0x00000049
GetClipboardData - 0x0048F6D0 0x000BC918 0x000BBD18 0x00000116
IsClipboardFormatAvailable - 0x0048F6D4 0x000BC91C 0x000BBD1C 0x000001CA
OpenClipboard - 0x0048F6D8 0x000BC920 0x000BBD20 0x00000226
BlockInput - 0x0048F6DC 0x000BC924 0x000BBD24 0x0000000F
GetMessageW - 0x0048F6E0 0x000BC928 0x000BBD28 0x0000015D
LockWindowUpdate - 0x0048F6E4 0x000BC92C 0x000BBD2C 0x000001FD
DispatchMessageW - 0x0048F6E8 0x000BC930 0x000BBD30 0x000000AF
TranslateMessage - 0x0048F6EC 0x000BC934 0x000BBD34 0x000002FC
PeekMessageW - 0x0048F6F0 0x000BC938 0x000BBD38 0x00000233
UnregisterHotKey - 0x0048F6F4 0x000BC93C 0x000BBD3C 0x00000308
CheckMenuRadioItem - 0x0048F6F8 0x000BC940 0x000BBD40 0x00000040
CharLowerBuffW - 0x0048F6FC 0x000BC944 0x000BBD44 0x0000002D
MoveWindow - 0x0048F700 0x000BC948 0x000BBD48 0x0000021B
SetFocus - 0x0048F704 0x000BC94C 0x000BBD4C 0x00000292
PostQuitMessage - 0x0048F708 0x000BC950 0x000BBD50 0x00000237
KillTimer - 0x0048F70C 0x000BC954 0x000BBD54 0x000001E3
CreatePopupMenu - 0x0048F710 0x000BC958 0x000BBD58 0x0000006B
RegisterWindowMessageW - 0x0048F714 0x000BC95C 0x000BBD5C 0x00000263
SetTimer - 0x0048F718 0x000BC960 0x000BBD60 0x000002BB
ShowWindow - 0x0048F71C 0x000BC964 0x000BBD64 0x000002DF
CreateWindowExW - 0x0048F720 0x000BC968 0x000BBD68 0x0000006E
RegisterClassExW - 0x0048F724 0x000BC96C 0x000BBD6C 0x0000024D
LoadIconW - 0x0048F728 0x000BC970 0x000BBD70 0x000001ED
LoadCursorW - 0x0048F72C 0x000BC974 0x000BBD74 0x000001EB
GetSysColorBrush - 0x0048F730 0x000BC978 0x000BBD78 0x0000017C
GetForegroundWindow - 0x0048F734 0x000BC97C 0x000BBD7C 0x0000012D
MessageBoxA - 0x0048F738 0x000BC980 0x000BBD80 0x0000020E
DestroyIcon - 0x0048F73C 0x000BC984 0x000BBD84 0x000000A3
SystemParametersInfoW - 0x0048F740 0x000BC988 0x000BBD88 0x000002EC
LoadImageW - 0x0048F744 0x000BC98C 0x000BBD8C 0x000001EF
GetClassNameW - 0x0048F748 0x000BC990 0x000BBD90 0x00000112
GDI32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrokePath - 0x0048F0C4 0x000BC30C 0x000BB70C 0x000002B6
DeleteObject - 0x0048F0C8 0x000BC310 0x000BB710 0x000000E6
GetTextExtentPoint32W - 0x0048F0CC 0x000BC314 0x000BB714 0x0000021E
ExtCreatePen - 0x0048F0D0 0x000BC318 0x000BB718 0x00000132
GetDeviceCaps - 0x0048F0D4 0x000BC31C 0x000BB71C 0x000001CB
EndPath - 0x0048F0D8 0x000BC320 0x000BB720 0x000000F3
SetPixel - 0x0048F0DC 0x000BC324 0x000BB724 0x0000029B
CloseFigure - 0x0048F0E0 0x000BC328 0x000BB728 0x0000001E
CreateCompatibleBitmap - 0x0048F0E4 0x000BC32C 0x000BB72C 0x0000002F
CreateCompatibleDC - 0x0048F0E8 0x000BC330 0x000BB730 0x00000030
SelectObject - 0x0048F0EC 0x000BC334 0x000BB734 0x00000277
StretchBlt - 0x0048F0F0 0x000BC338 0x000BB738 0x000002B3
GetDIBits - 0x0048F0F4 0x000BC33C 0x000BB73C 0x000001CA
LineTo - 0x0048F0F8 0x000BC340 0x000BB740 0x00000236
AngleArc - 0x0048F0FC 0x000BC344 0x000BB744 0x00000008
MoveToEx - 0x0048F100 0x000BC348 0x000BB748 0x0000023A
Ellipse - 0x0048F104 0x000BC34C 0x000BB74C 0x000000ED
DeleteDC - 0x0048F108 0x000BC350 0x000BB750 0x000000E3
GetPixel - 0x0048F10C 0x000BC354 0x000BB754 0x00000204
CreateDCW - 0x0048F110 0x000BC358 0x000BB758 0x00000032
GetStockObject - 0x0048F114 0x000BC35C 0x000BB75C 0x0000020D
GetTextFaceW - 0x0048F118 0x000BC360 0x000BB760 0x00000224
CreateFontW - 0x0048F11C 0x000BC364 0x000BB764 0x00000041
SetTextColor - 0x0048F120 0x000BC368 0x000BB768 0x000002A6
PolyDraw - 0x0048F124 0x000BC36C 0x000BB76C 0x00000250
BeginPath - 0x0048F128 0x000BC370 0x000BB770 0x00000012
Rectangle - 0x0048F12C 0x000BC374 0x000BB774 0x0000025F
SetViewportOrgEx - 0x0048F130 0x000BC378 0x000BB778 0x000002A9
GetObjectW - 0x0048F134 0x000BC37C 0x000BB77C 0x000001FD
SetBkMode - 0x0048F138 0x000BC380 0x000BB780 0x0000027F
RoundRect - 0x0048F13C 0x000BC384 0x000BB784 0x0000026A
SetBkColor - 0x0048F140 0x000BC388 0x000BB788 0x0000027E
CreatePen - 0x0048F144 0x000BC38C 0x000BB78C 0x0000004B
CreateSolidBrush - 0x0048F148 0x000BC390 0x000BB790 0x00000054
StrokeAndFillPath - 0x0048F14C 0x000BC394 0x000BB794 0x000002B5
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameW - 0x0048F0B8 0x000BC300 0x000BB700 0x0000000C
GetSaveFileNameW - 0x0048F0BC 0x000BC304 0x000BB704 0x0000000E
ADVAPI32.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetAce - 0x0048F000 0x000BC248 0x000BB648 0x00000123
RegEnumValueW - 0x0048F004 0x000BC24C 0x000BB64C 0x00000252
RegDeleteValueW - 0x0048F008 0x000BC250 0x000BB650 0x00000248
RegDeleteKeyW - 0x0048F00C 0x000BC254 0x000BB654 0x00000244
RegEnumKeyExW - 0x0048F010 0x000BC258 0x000BB658 0x0000024F
RegSetValueExW - 0x0048F014 0x000BC25C 0x000BB65C 0x0000027E
RegOpenKeyExW - 0x0048F018 0x000BC260 0x000BB660 0x00000261
RegCloseKey - 0x0048F01C 0x000BC264 0x000BB664 0x00000230
RegQueryValueExW - 0x0048F020 0x000BC268 0x000BB668 0x0000026E
RegConnectRegistryW - 0x0048F024 0x000BC26C 0x000BB66C 0x00000234
InitializeSecurityDescriptor - 0x0048F028 0x000BC270 0x000BB670 0x00000177
InitializeAcl - 0x0048F02C 0x000BC274 0x000BB674 0x00000176
AdjustTokenPrivileges - 0x0048F030 0x000BC278 0x000BB678 0x0000001F
OpenThreadToken - 0x0048F034 0x000BC27C 0x000BB67C 0x000001FC
OpenProcessToken - 0x0048F038 0x000BC280 0x000BB680 0x000001F7
LookupPrivilegeValueW - 0x0048F03C 0x000BC284 0x000BB684 0x00000197
DuplicateTokenEx - 0x0048F040 0x000BC288 0x000BB688 0x000000DF
CreateProcessAsUserW - 0x0048F044 0x000BC28C 0x000BB68C 0x0000007C
CreateProcessWithLogonW - 0x0048F048 0x000BC290 0x000BB690 0x0000007D
GetLengthSid - 0x0048F04C 0x000BC294 0x000BB694 0x00000136
CopySid - 0x0048F050 0x000BC298 0x000BB698 0x00000076
LogonUserW - 0x0048F054 0x000BC29C 0x000BB69C 0x0000018D
AllocateAndInitializeSid - 0x0048F058 0x000BC2A0 0x000BB6A0 0x00000020
CheckTokenMembership - 0x0048F05C 0x000BC2A4 0x000BB6A4 0x00000051
RegCreateKeyExW - 0x0048F060 0x000BC2A8 0x000BB6A8 0x00000239
FreeSid - 0x0048F064 0x000BC2AC 0x000BB6AC 0x00000120
GetTokenInformation - 0x0048F068 0x000BC2B0 0x000BB6B0 0x0000015A
GetSecurityDescriptorDacl - 0x0048F06C 0x000BC2B4 0x000BB6B4 0x00000148
GetAclInformation - 0x0048F070 0x000BC2B8 0x000BB6B8 0x00000124
AddAce - 0x0048F074 0x000BC2BC 0x000BB6BC 0x00000016
SetSecurityDescriptorDacl - 0x0048F078 0x000BC2C0 0x000BB6C0 0x000002B6
GetUserNameW - 0x0048F07C 0x000BC2C4 0x000BB6C4 0x00000165
InitiateSystemShutdownExW - 0x0048F080 0x000BC2C8 0x000BB6C8 0x0000017D
SHELL32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryPoint - 0x0048F48C 0x000BC6D4 0x000BBAD4 0x00000020
ShellExecuteExW - 0x0048F490 0x000BC6D8 0x000BBAD8 0x00000121
DragQueryFileW - 0x0048F494 0x000BC6DC 0x000BBADC 0x0000001F
SHEmptyRecycleBinW - 0x0048F498 0x000BC6E0 0x000BBAE0 0x000000A5
SHGetPathFromIDListW - 0x0048F49C 0x000BC6E4 0x000BBAE4 0x000000D7
SHBrowseForFolderW - 0x0048F4A0 0x000BC6E8 0x000BBAE8 0x0000007B
SHCreateShellItem - 0x0048F4A4 0x000BC6EC 0x000BBAEC 0x0000009A
SHGetDesktopFolder - 0x0048F4A8 0x000BC6F0 0x000BBAF0 0x000000B6
SHGetSpecialFolderLocation - 0x0048F4AC 0x000BC6F4 0x000BBAF4 0x000000DF
SHGetFolderPathW - 0x0048F4B0 0x000BC6F8 0x000BBAF8 0x000000C3
SHFileOperationW - 0x0048F4B4 0x000BC6FC 0x000BBAFC 0x000000AC
ExtractIconExW - 0x0048F4B8 0x000BC700 0x000BBB00 0x0000002A
Shell_NotifyIconW - 0x0048F4BC 0x000BC704 0x000BBB04 0x0000012E
ShellExecuteW - 0x0048F4C0 0x000BC708 0x000BBB08 0x00000122
DragFinish - 0x0048F4C4 0x000BC70C 0x000BBB0C 0x0000001B
ole32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemAlloc - 0x0048F828 0x000BCA70 0x000BBE70 0x00000067
CoTaskMemFree - 0x0048F82C 0x000BCA74 0x000BBE74 0x00000068
CLSIDFromString - 0x0048F830 0x000BCA78 0x000BBE78 0x00000008
ProgIDFromCLSID - 0x0048F834 0x000BCA7C 0x000BBE7C 0x0000014B
CLSIDFromProgID - 0x0048F838 0x000BCA80 0x000BBE80 0x00000006
OleSetMenuDescriptor - 0x0048F83C 0x000BCA84 0x000BBE84 0x00000147
MkParseDisplayName - 0x0048F840 0x000BCA88 0x000BBE88 0x000000D4
OleSetContainedObject - 0x0048F844 0x000BCA8C 0x000BBE8C 0x00000146
CoCreateInstance - 0x0048F848 0x000BCA90 0x000BBE90 0x00000010
IIDFromString - 0x0048F84C 0x000BCA94 0x000BBE94 0x000000CD
StringFromGUID2 - 0x0048F850 0x000BCA98 0x000BBE98 0x00000179
CreateStreamOnHGlobal - 0x0048F854 0x000BCA9C 0x000BBE9C 0x00000086
OleInitialize - 0x0048F858 0x000BCAA0 0x000BBEA0 0x00000132
OleUninitialize - 0x0048F85C 0x000BCAA4 0x000BBEA4 0x00000149
CoInitialize - 0x0048F860 0x000BCAA8 0x000BBEA8 0x0000003E
CoUninitialize - 0x0048F864 0x000BCAAC 0x000BBEAC 0x0000006C
GetRunningObjectTable - 0x0048F868 0x000BCAB0 0x000BBEB0 0x00000097
CoGetInstanceFromFile - 0x0048F86C 0x000BCAB4 0x000BBEB4 0x0000002D
CoGetObject - 0x0048F870 0x000BCAB8 0x000BBEB8 0x00000035
CoSetProxyBlanket - 0x0048F874 0x000BCABC 0x000BBEBC 0x00000063
CoCreateInstanceEx - 0x0048F878 0x000BCAC0 0x000BBEC0 0x00000011
CoInitializeSecurity - 0x0048F87C 0x000BCAC4 0x000BBEC4 0x00000040
OLEAUT32.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadTypeLibEx 0x000000B7 0x0048F40C 0x000BC654 0x000BBA54 -
VariantCopyInd 0x0000000B 0x0048F410 0x000BC658 0x000BBA58 -
SysReAllocString 0x00000003 0x0048F414 0x000BC65C 0x000BBA5C -
SysFreeString 0x00000006 0x0048F418 0x000BC660 0x000BBA60 -
SafeArrayDestroyDescriptor 0x00000026 0x0048F41C 0x000BC664 0x000BBA64 -
SafeArrayDestroyData 0x00000027 0x0048F420 0x000BC668 0x000BBA68 -
SafeArrayUnaccessData 0x00000018 0x0048F424 0x000BC66C 0x000BBA6C -
SafeArrayAccessData 0x00000017 0x0048F428 0x000BC670 0x000BBA70 -
SafeArrayAllocData 0x00000025 0x0048F42C 0x000BC674 0x000BBA74 -
SafeArrayAllocDescriptorEx 0x00000029 0x0048F430 0x000BC678 0x000BBA78 -
SafeArrayCreateVector 0x0000019B 0x0048F434 0x000BC67C 0x000BBA7C -
RegisterTypeLib 0x000000A3 0x0048F438 0x000BC680 0x000BBA80 -
CreateStdDispatch 0x00000020 0x0048F43C 0x000BC684 0x000BBA84 -
DispCallFunc 0x00000092 0x0048F440 0x000BC688 0x000BBA88 -
VariantChangeType 0x0000000C 0x0048F444 0x000BC68C 0x000BBA8C -
SysStringLen 0x00000007 0x0048F448 0x000BC690 0x000BBA90 -
VariantTimeToSystemTime 0x000000B9 0x0048F44C 0x000BC694 0x000BBA94 -
VarR8FromDec 0x000000DC 0x0048F450 0x000BC698 0x000BBA98 -
SafeArrayGetVartype 0x0000004D 0x0048F454 0x000BC69C 0x000BBA9C -
VariantCopy 0x0000000A 0x0048F458 0x000BC6A0 0x000BBAA0 -
VariantClear 0x00000009 0x0048F45C 0x000BC6A4 0x000BBAA4 -
OleLoadPicture 0x000001A2 0x0048F460 0x000BC6A8 0x000BBAA8 -
QueryPathOfRegTypeLib 0x000000A4 0x0048F464 0x000BC6AC 0x000BBAAC -
RegisterTypeLibForUser 0x000001BA 0x0048F468 0x000BC6B0 0x000BBAB0 -
UnRegisterTypeLibForUser 0x000001BB 0x0048F46C 0x000BC6B4 0x000BBAB4 -
UnRegisterTypeLib 0x000000BA 0x0048F470 0x000BC6B8 0x000BBAB8 -
CreateDispTypeInfo 0x0000001F 0x0048F474 0x000BC6BC 0x000BBABC -
SysAllocString 0x00000002 0x0048F478 0x000BC6C0 0x000BBAC0 -
VariantInit 0x00000008 0x0048F47C 0x000BC6C4 0x000BBAC4 -
Memory Dumps (4)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
notorious69281.exe 6 0x01280000 0x0138BFFF Relevant Image False 32-bit 0x012A7E93 False
buffer 6 0x00110000 0x00113FFF First Execution False 32-bit 0x001123B0 False
buffer 6 0x007C0000 0x007D7FFF Dump Rule: RedLineConfig False 32-bit - False
notorious69281.exe 6 0x01280000 0x0138BFFF Process Termination False 32-bit - False
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp16F4.tmp Dropped File Word Document
Clean
»
MIME Type application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Size 20.06 KB
MD5 b10b1102dd840d5df261f219b4a56d36 Copy to Clipboard
SHA1 cca80545782da92595e1d6ec862c5f0a13735e35 Copy to Clipboard
SHA256 1c8bfa0eb3e36e7d474678079efb5755ea35113cc810262af79ac07c4964df00 Copy to Clipboard
SSDeep 384:aNqS4RqMWlSIJramvNQ32IPLSM/bDDEdFi6A3vLCtRYCUo17:rdqjlFrvTIPPbDDEdBA3vOtKCUw7 Copy to Clipboard
ImpHash -
Office Information
»
Creator Modexcomm
Last Modified By kEecfMwgj
Revision 9
Create Time 2023-03-27 22:13 (UTC)
Modify Time 2024-06-26 13:43 (UTC)
Application Microsoft Office Word
App Version 16.0000
Template 187DD0A5
Document Security NONE
Editing Time 22.0
Page Count 1
Line Count 151
Paragraph Count 42
Word Count 3179
Character Count 18121
Chars With Spaces 21258
ScaleCrop False
SharedDoc False
Document Content Snippet
»
dMBCBESONDERHEDE BESONDERHEDE VIR HIERDIE MAANDDRAENDE NR. HOEV30208 NBC DRAAG 30 STK30308 NBC DRAAG 6 STK32007X NBC DRAAG 74 STK33005 NBC wat 5 stelle dra52799 / 800U (25877/21) NBC wat 30 PCS dra6001 NBC wat 100 stuks dra6004 NBC wat 180 stuks dra6006 NBC wat 30 PCS dra6011 C3 NBC wat 10 stuks dra6202 NBC wat 280 stuks dra6203 NBC DRAAG 330 STK6205 (Stel) NBC DRAER 224 STK6205ZZ NBC DRAAG 8 STELS6207 NBC DRAER 32 STK6207N NBC wat 10 stuks dra6207ZZ NBC DRAER 52 STK6209 NBC wat 24 stuks dra6209N NBC wat 10 stuks dra6211 NBC met 26 st6212 NBC met 24 st6213 C3 NBC wat 20 stuks dra6215 C3 NBC wat 10 stuks dra628RSS NBC wat 120 stuks dra6300 NBC wat 180 stuks dra6304 (Kit) NBC DRAER 4 STK6307ZZ NBC wat 10 stuks dra6308 C3 NBC DRAAG 40 STK6308ZZ NBC wat 10 stuks dra6311 NBC wat 10 stuks dra6312 NBC wat 10 stuks dra6312ZZ C3 NBC DRAER 6 STK6902 C3 NBC wat 20 stuks draLM48548 / 510 NBC DRAER 96 STKNJ309 NBC DRAER 6 STK1988/1922 (NSPP01) .NC 706304.BEARING SET (NPP02) 11230209 (NSPP01) .NC 20
C:\Users\KEECFM~1\AppData\Local\Temp\Okeghem Dropped File Stream
Clean
»
MIME Type application/octet-stream
File Size 95.50 KB
MD5 a178429ecd4cad8c92aa4e2774f5f755 Copy to Clipboard
SHA1 372207ee15719cfe001f4ede770ef5a18479f61f Copy to Clipboard
SHA256 90f3b22bec26df402a0ab8fef7df8fbf79e5d74f9ed0f25943d1d5e7e2fe020b Copy to Clipboard
SSDeep 1536:zGkNRRFkyMZ/lYFV5X70lmn8tPpdXJqHOoRmJTUI0GVqIu5iL8A8U4:zGqylyhgXJqHO7wJU4 Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp1782.tmp Dropped File ZIP
Clean
»
MIME Type application/zip
File Size 91.93 KB
MD5 ff849a05d5036422021947f0f270e8fd Copy to Clipboard
SHA1 fc6d2903bf69e86bd2e8633f575b829d4ca037d4 Copy to Clipboard
SHA256 d0ce547483680a7c0d261210dfce8e633fdcdbe86cd6cc0f7fecf0e0d9cac1c4 Copy to Clipboard
SSDeep 1536:jqoXoc9EDI0Y/YSPyV6rTfJqEIWyx5Xe6o0Te8F1AqLxCkv+Abk6lhmq2M:jXVaYHyVaqEIWybeoHAqdxmAbk6lh1l Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp1762.tmp Dropped File ZIP
Clean
»
MIME Type application/zip
File Size 84.10 KB
MD5 c85fdcc13aa5703e88c30fa1dd294a10 Copy to Clipboard
SHA1 4393ff0b1d269020271d9b1b73d08d75c224309c Copy to Clipboard
SHA256 35d3caededcd7914d356eda934b67ae80aa639113dd3fe82ad710747a1c7d3f0 Copy to Clipboard
SSDeep 1536:BWAdo7KsI5nCijk+9ZMZr0uxYS9Flt/7/UyVyxurl5Q52I6BEm2onvTC:BWQshRZwuKS9FP/7dVyQrl5qsfnvW Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp17D2.tmp Dropped File ZIP
Clean
»
MIME Type application/zip
File Size 83.94 KB
MD5 33d432e30d84cafc56817d7b38c08100 Copy to Clipboard
SHA1 25546b695351d7d6d68b43aa16c1776f2f45e026 Copy to Clipboard
SHA256 6a0ea337ed0e2ea66ebde9aff30194f21e6d29580a5d7b9d557d067d67e00327 Copy to Clipboard
SSDeep 1536:nS8IZDRJQgAieBawFPpRiWyVp+bo/zmK6xoXkw+LxmU6skUa1uB7XrX8AXwa6Uxm:SnZD8gATB/FBRLyVZCToXQNmU6skUaIu Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp17A2.tmp Dropped File ZIP
Clean
»
MIME Type application/zip
File Size 82.57 KB
MD5 c13e1ae88c9468de5275f4c0b4ae221a Copy to Clipboard
SHA1 13a802b2a4af5e6902936b181e82073c97103495 Copy to Clipboard
SHA256 12c48c1e1ec4c69b91abeb7ede43d9e33eb8770ae1cb4c16d12f4fdd057edd69 Copy to Clipboard
SSDeep 1536:uN4dv1tl8rgXWmo8FtG1rjJlHkI8IVRRUMQEuFRw2uUXB:uN4n4895FtG1rwIhNQEKR9uSB Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\aut7B6.tmp Dropped File Stream
Clean
»
MIME Type application/octet-stream
File Size 78.10 KB
MD5 6ac263e637540a51c7ec77095e6eb38d Copy to Clipboard
SHA1 979f12e57dd3da0772db830ebce1f5c183747d19 Copy to Clipboard
SHA256 e74ef457af291610afb6c315b80bcb6f9861a7a411f3f744fa3faf1273d4df9f Copy to Clipboard
SSDeep 1536:ZEgnoNAibgXZs/CEMFCtRBQ1Q8aciwfIh93Y1GhuVNYH7ut:ZJnoNABvEMFqRe3EwO93uVEg Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp17F2.tmp Dropped File ZIP
Clean
»
MIME Type application/zip
File Size 28.79 KB
MD5 878f950fc007a6ac73620fb83b2e2e89 Copy to Clipboard
SHA1 3dbfc74a157ddd870f6b4a9d6a23fdbf978c8ab4 Copy to Clipboard
SHA256 9b512d1431b193b7754be257776d63fd1cf8387bd3a6998fc5614372b423c99e Copy to Clipboard
SSDeep 768:rT9F6kH160T94eu+blp3gcLdiF2SuLvMFmMRPccl6u:rTHH15LnRu6d+2XvMFmN26u Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\brontothere Dropped File Text
Clean
»
MIME Type text/plain
File Size 28.08 KB
MD5 daacd4a278b38b990e87d30142501a33 Copy to Clipboard
SHA1 2a023a5dd8a12720d750b840edf59f1106cf97a8 Copy to Clipboard
SHA256 423a70f3606d0d0f96d2f932614a2125dad3ff3170e2f04ff4bc3cef82bd57cd Copy to Clipboard
SSDeep 768:miTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbCO+IFh6q84vfF3if6g1:miTZ+2QoioGRk6ZklputwjpjBkCiw2RW Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\aut90E.tmp Dropped File Stream
Clean
»
MIME Type application/octet-stream
File Size 9.64 KB
MD5 33b02492281b84aaf805eb88202ebf4f Copy to Clipboard
SHA1 84cc0dbe32c6241b6a1b8f9621ed5450e247e578 Copy to Clipboard
SHA256 6369e06e6a3e2495442d98898cfa8d51fcb272b4a54f8818e5a5804f0f029c05 Copy to Clipboard
SSDeep 192:65jwEiqiSLLhK6mXmHAMo0XrFZbHuAAAGVp200bAsmIr+C3VfuOfu36/sLGPF9C7:I6qin6OZ70XrFZbsp200csmIr+C31fIf Copy to Clipboard
ImpHash -
86e88eac92b0bf840e689e4d71d66735f70c9309b82b540736b3ec50dcb11fb5 Downloaded File RTF
Clean
»
MIME Type text/rtf
File Size 529.33 KB
MD5 db8f3652029d8ac1f8b232eba66eee71 Copy to Clipboard
SHA1 da725478e8d9d0294f624206c2e7ca7f2bb5baad Copy to Clipboard
SHA256 86e88eac92b0bf840e689e4d71d66735f70c9309b82b540736b3ec50dcb11fb5 Copy to Clipboard
SSDeep 6144:FwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAr:ky Copy to Clipboard
ImpHash -
Static Analysis Parser Error invalid control word value pattern
Office Information
»
Document Content Snippet
»
51247139please click Enable editing from the yellow bar above.The independent auditors’ opinion says the financial statements are fairly stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit’s) employees in the normal course of performing their duties. If the auditors detect an unexpected material misstatement during your audit, it could indicate that your internal controls are not functioning properly. Conver
4abd3b1898112ca3eae5c272408e91e03a0af8ac8bfc81b1b313a18915e202de Downloaded File Text
Clean
»
MIME Type text/plain
File Size 45.37 KB
MD5 f7105f865c5317cb89b5a1d542f86682 Copy to Clipboard
SHA1 4d5560d44cca994b49a33052f04be1eba348a058 Copy to Clipboard
SHA256 4abd3b1898112ca3eae5c272408e91e03a0af8ac8bfc81b1b313a18915e202de Copy to Clipboard
SSDeep 768:kOuAOYdiqsu0fLsEpaqtMtB+BWvB0IjhtLc/cLLMU6rY7MeTxwrOcw2y:kOuzSiqmQE8p4cGIjhtc/VMV1sc Copy to Clipboard
ImpHash -
54dec80fc8344b4123d4fe9981b1338e947822e758b62eda47b8ec39a582fbfb Downloaded File Text
Clean
»
MIME Type text/plain
File Size 4.63 KB
MD5 e5352cba98e11406528542044acbbe7e Copy to Clipboard
SHA1 b1eaaacc1325cc909535c2841e8d684aa2273891 Copy to Clipboard
SHA256 54dec80fc8344b4123d4fe9981b1338e947822e758b62eda47b8ec39a582fbfb Copy to Clipboard
SSDeep 48:k+9Sj+eM8gVZOYZMVYZUkVYZUnVYxYZb1VYZfVYZ4NVYZwVYZjVYZPVYZVVYZQuB:k8SZMfaKAwsGUmFIHg6Pf6/WYiiLc Copy to Clipboard
ImpHash -
80dbc115aafd513275851f917754af04a502a21273e4ee8b23fd11a8d6ca16ef Downloaded File Unknown
Clean
»
MIME Type application/json
File Size 351 Bytes
MD5 b15daa66b8baaf1b856a34254bd80996 Copy to Clipboard
SHA1 1ddcab196b0f99de282bc930a0c994e91b5dc5d7 Copy to Clipboard
SHA256 80dbc115aafd513275851f917754af04a502a21273e4ee8b23fd11a8d6ca16ef Copy to Clipboard
SSDeep 6:YK71n8FCP2T0JWuvyClk45INZxJPn8F2AXZIXm6ww62fVHJEamhn:YKBP2T0JWu6ClZE8yXm6f679 Copy to Clipboard
ImpHash -
86df651850a7cf084bff38e62aca1a54d165735533e3b182a0224e3a80f5c9c9 Downloaded File Text
Clean
»
MIME Type text/plain
File Size 212 Bytes
MD5 fc84bcc8146c9ff744b7b40b32d6e2ba Copy to Clipboard
SHA1 f47e4ac2333724ff55ce229f32aa60e54f4af6fe Copy to Clipboard
SHA256 86df651850a7cf084bff38e62aca1a54d165735533e3b182a0224e3a80f5c9c9 Copy to Clipboard
SSDeep 6:CYJL2NAUnW52Y/X7mKgr/O191i/O9ri/kwt8:CYF2N4n/r8r/OD1i/Os/kv Copy to Clipboard
ImpHash -
c7effe833dabd5a007460d8fcd17f5b36284c933be0f9d40a8a65fb68d102dcd Downloaded File Text
Clean
»
MIME Type text/plain
File Size 144 Bytes
MD5 48f60f2233183cbf7feefff44bb2c9b0 Copy to Clipboard
SHA1 703d119e8daecff83e7cab5eb3beb8239e39a54f Copy to Clipboard
SHA256 c7effe833dabd5a007460d8fcd17f5b36284c933be0f9d40a8a65fb68d102dcd Copy to Clipboard
SSDeep 3:CObJLWHNANGzppWWodLe2e3oIJiqDmKADJqbZKWPKBq0Y88:CYJL2NAUnW5w2Oo4mKgE9KK4t8 Copy to Clipboard
ImpHash -
59fb57baf1ed70984221ca94cd509b46a1242a99092ec0c05585c2b58c74ccf5 Downloaded File Text
Clean
»
MIME Type text/plain
File Size 137 Bytes
MD5 f6fbd3d72da9e92b7698097dbff33f36 Copy to Clipboard
SHA1 ee221cd7fc9792f7609b771c0dbe1a5aa51c6905 Copy to Clipboard
SHA256 59fb57baf1ed70984221ca94cd509b46a1242a99092ec0c05585c2b58c74ccf5 Copy to Clipboard
SSDeep 3:CObJLWHNANGzppWWodLYSYQLjRn0DDmKADJqbZKWPKBq0Y88:CYJL2NAUnW52Y/h4mKgE9KK4t8 Copy to Clipboard
ImpHash -
9e398ae77dc73d393d62430aa28c05cf1973f37ccc1ae0b803896cdd7d19cbc0 Extracted File Image
Clean
»
Parent File C:\Users\kEecfMwgj\AppData\Roaming\notorious69281.exe
MIME Type image/png
File Size 7.18 KB
MD5 b8972c83445adcdfefe241235c0908f1 Copy to Clipboard
SHA1 84820f31e6ff0d1d4a02d248a68ae893e01c6d73 Copy to Clipboard
SHA256 9e398ae77dc73d393d62430aa28c05cf1973f37ccc1ae0b803896cdd7d19cbc0 Copy to Clipboard
SSDeep 192:8ZRZ2/f7/m5iyMrE5AGC4HDk6Jl09JpuqL0Qb:8ZRZ2aAyM0a0IErqL0Qb Copy to Clipboard
ImpHash -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image