Malicious
Classifications
Exploit Spyware Downloader Injector
Threat Names
RedLine RedLine.A Mal/Generic-S Mal/HTMLGen-A
Dynamic Analysis Report
Created on 2024-06-26T13:39:36+00:00
bd776414632dd90a5d459f240e2094566e70554d86ecb4bbb2a2914015426f09.doc
Word Document
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes" to "10 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\kEecfMwgj\Desktop\bd776414632dd90a5d459f240e2094566e70554d86ecb4bbb2a2914015426f09.doc | Sample File | Word Document |
Malicious
|
...
|
»
| Also Known As |
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp16F4.tmp (Dropped File, Accessed File)
|
| MIME Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Size | 16.03 KB |
| MD5 |
15c09feba4b5e3928f38c6637295e7b8
|
| SHA1 |
0c2dec1dde335d2ea464145a5f5960d2800aaef5
|
| SHA256 |
bd776414632dd90a5d459f240e2094566e70554d86ecb4bbb2a2914015426f09
|
| SSDeep |
384:uyXG0buW+s8PL8wi4OEwH8TIbE91r2fRGJYlvibEEBvmp:ucG715P3DOqnYJQcv+EEBE
|
| ImpHash | - |
File Reputation Information
»
| Verdict |
Malicious
|
Office Information
»
| Creator | Modexcomm |
| Last Modified By | Modexcomm |
| Revision | 7 |
| Create Time | 2023-03-27 22:13 (UTC) |
| Modify Time | 2023-08-16 13:25 (UTC) |
| Application | Microsoft Office Word |
| App Version | 12.0000 |
| Template | Normal.dotm |
| Document Security | NONE |
| Editing Time | 19.0 |
| Page Count | 7 |
| Line Count | 150 |
| Paragraph Count | 42 |
| Word Count | 3177 |
| Character Count | 18113 |
| Chars With Spaces | 21248 |
| ScaleCrop | False |
| SharedDoc | False |
Document Content Snippet
»
dMBCBESONDERHEDE BESONDERHEDE VIR HIERDIE MAANDDRAENDE NR. HOEV30208 NBC DRAAG 30 STK30308 NBC DRAAG 6 STK32007X NBC DRAAG 74 STK33005 NBC wat 5 stelle dra52799 / 800U (25877/21) NBC wat 30 PCS dra6001 NBC wat 100 stuks dra6004 NBC wat 180 stuks dra6006 NBC wat 30 PCS dra6011 C3 NBC wat 10 stuks dra6202 NBC wat 280 stuks dra6203 NBC DRAAG 330 STK6205 (Stel) NBC DRAER 224 STK6205ZZ NBC DRAAG 8 STELS6207 NBC DRAER 32 STK6207N NBC wat 10 stuks dra6207ZZ NBC DRAER 52 STK6209 NBC wat 24 stuks dra6209N NBC wat 10 stuks dra6211 NBC met 26 st6212 NBC met 24 st6213 C3 NBC wat 20 stuks dra6215 C3 NBC wat 10 stuks dra628RSS NBC wat 120 stuks dra6300 NBC wat 180 stuks dra6304 (Kit) NBC DRAER 4 STK6307ZZ NBC wat 10 stuks dra6308 C3 NBC DRAAG 40 STK6308ZZ NBC wat 10 stuks dra6311 NBC wat 10 stuks dra6312 NBC wat 10 stuks dra6312ZZ C3 NBC DRAER 6 STK6902 C3 NBC wat 20 stuks draLM48548 / 510 NBC DRAER 96 STKNJ309 NBC DRAER 6 STK1988/1922 (NSPP01) .NC 706304.BEARING SET (NPP02) 11230209 (NSPP01) .NC 20 |
Extracted URLs (1)
»
| URL | WHOIS Data | Reputation Status | Recursively Submitted | Actions |
|---|---|---|---|---|
| https://covid19help.top/notori.doc |
Show WHOIS
|
Malicious
|
- |
...
|
| C:\Users\kEecfMwgj\AppData\Roaming\notorious69281.exe | Downloaded File | Binary |
Malicious
|
...
|
»
| Also Known As |
c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\wordpad[1].exe (Downloaded File, Extracted File)
|
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 1.02 MB |
| MD5 |
464709f3215d06f6703eb4ecb607ae7a
|
| SHA1 |
1f438f2ab699f842cec119981ae5bf799df5d203
|
| SHA256 |
a591d3d035cf90395ad1078a415a46b5b44dd813496291b702fe36cfb22dee36
|
| SSDeep |
24576:3AHnh+eWsN3skA4RV1Hom2KXMmHaeAfg3sujtg5:qh+ZkldoPK8YaeAfTYg
|
| ImpHash |
afcdf79be1557326c854b6e20cb900a7
|
File Reputation Information
»
| Verdict |
Malicious
|
| Names | Mal/Generic-S |
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x0042800A |
| Size Of Code | 0x0008E000 |
| Size Of Initialized Data | 0x00077800 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2024-06-26 00:51 (UTC) |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00401000 | 0x0008DFDD | 0x0008E000 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.68 |
| .rdata | 0x0048F000 | 0x0002FD8E | 0x0002FE00 | 0x0008E400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.76 |
| .data | 0x004BF000 | 0x00008F74 | 0x00005200 | 0x000BE200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.2 |
| .rsrc | 0x004C8000 | 0x0003B538 | 0x0003B600 | 0x000C3400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.15 |
| .reloc | 0x00504000 | 0x00007134 | 0x00007200 | 0x000FEA00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.78 |
Imports (18)
»
WSOCK32.dll (23)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WSACleanup | 0x00000074 | 0x0048F7C8 | 0x000BCA10 | 0x000BBE10 | - |
| socket | 0x00000017 | 0x0048F7CC | 0x000BCA14 | 0x000BBE14 | - |
| inet_ntoa | 0x0000000C | 0x0048F7D0 | 0x000BCA18 | 0x000BBE18 | - |
| setsockopt | 0x00000015 | 0x0048F7D4 | 0x000BCA1C | 0x000BBE1C | - |
| ntohs | 0x0000000F | 0x0048F7D8 | 0x000BCA20 | 0x000BBE20 | - |
| recvfrom | 0x00000011 | 0x0048F7DC | 0x000BCA24 | 0x000BBE24 | - |
| ioctlsocket | 0x0000000A | 0x0048F7E0 | 0x000BCA28 | 0x000BBE28 | - |
| htons | 0x00000009 | 0x0048F7E4 | 0x000BCA2C | 0x000BBE2C | - |
| WSAStartup | 0x00000073 | 0x0048F7E8 | 0x000BCA30 | 0x000BBE30 | - |
| __WSAFDIsSet | 0x00000097 | 0x0048F7EC | 0x000BCA34 | 0x000BBE34 | - |
| select | 0x00000012 | 0x0048F7F0 | 0x000BCA38 | 0x000BBE38 | - |
| accept | 0x00000001 | 0x0048F7F4 | 0x000BCA3C | 0x000BBE3C | - |
| listen | 0x0000000D | 0x0048F7F8 | 0x000BCA40 | 0x000BBE40 | - |
| bind | 0x00000002 | 0x0048F7FC | 0x000BCA44 | 0x000BBE44 | - |
| closesocket | 0x00000003 | 0x0048F800 | 0x000BCA48 | 0x000BBE48 | - |
| WSAGetLastError | 0x0000006F | 0x0048F804 | 0x000BCA4C | 0x000BBE4C | - |
| recv | 0x00000010 | 0x0048F808 | 0x000BCA50 | 0x000BBE50 | - |
| sendto | 0x00000014 | 0x0048F80C | 0x000BCA54 | 0x000BBE54 | - |
| send | 0x00000013 | 0x0048F810 | 0x000BCA58 | 0x000BBE58 | - |
| inet_addr | 0x0000000B | 0x0048F814 | 0x000BCA5C | 0x000BBE5C | - |
| gethostbyname | 0x00000034 | 0x0048F818 | 0x000BCA60 | 0x000BBE60 | - |
| gethostname | 0x00000039 | 0x0048F81C | 0x000BCA64 | 0x000BBE64 | - |
| connect | 0x00000004 | 0x0048F820 | 0x000BCA68 | 0x000BBE68 | - |
VERSION.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoW | - | 0x0048F76C | 0x000BC9B4 | 0x000BBDB4 | 0x00000006 |
| GetFileVersionInfoSizeW | - | 0x0048F770 | 0x000BC9B8 | 0x000BBDB8 | 0x00000005 |
| VerQueryValueW | - | 0x0048F774 | 0x000BC9BC | 0x000BBDBC | 0x0000000E |
WINMM.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| timeGetTime | - | 0x0048F7B8 | 0x000BCA00 | 0x000BBE00 | 0x00000094 |
| waveOutSetVolume | - | 0x0048F7BC | 0x000BCA04 | 0x000BBE04 | 0x000000BB |
| mciSendStringW | - | 0x0048F7C0 | 0x000BCA08 | 0x000BBE08 | 0x00000032 |
COMCTL32.dll (11)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ImageList_ReplaceIcon | - | 0x0048F088 | 0x000BC2D0 | 0x000BB6D0 | 0x0000006F |
| ImageList_Destroy | - | 0x0048F08C | 0x000BC2D4 | 0x000BB6D4 | 0x00000054 |
| ImageList_Remove | - | 0x0048F090 | 0x000BC2D8 | 0x000BB6D8 | 0x0000006D |
| ImageList_SetDragCursorImage | - | 0x0048F094 | 0x000BC2DC | 0x000BB6DC | 0x00000072 |
| ImageList_BeginDrag | - | 0x0048F098 | 0x000BC2E0 | 0x000BB6E0 | 0x00000050 |
| ImageList_DragEnter | - | 0x0048F09C | 0x000BC2E4 | 0x000BB6E4 | 0x00000056 |
| ImageList_DragLeave | - | 0x0048F0A0 | 0x000BC2E8 | 0x000BB6E8 | 0x00000057 |
| ImageList_EndDrag | - | 0x0048F0A4 | 0x000BC2EC | 0x000BB6EC | 0x0000005E |
| ImageList_DragMove | - | 0x0048F0A8 | 0x000BC2F0 | 0x000BB6F0 | 0x00000058 |
| InitCommonControlsEx | - | 0x0048F0AC | 0x000BC2F4 | 0x000BB6F4 | 0x0000007B |
| ImageList_Create | - | 0x0048F0B0 | 0x000BC2F8 | 0x000BB6F8 | 0x00000053 |
MPR.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WNetUseConnectionW | - | 0x0048F3F8 | 0x000BC640 | 0x000BBA40 | 0x00000049 |
| WNetCancelConnection2W | - | 0x0048F3FC | 0x000BC644 | 0x000BBA44 | 0x0000000C |
| WNetGetConnectionW | - | 0x0048F400 | 0x000BC648 | 0x000BBA48 | 0x00000024 |
| WNetAddConnection2W | - | 0x0048F404 | 0x000BC64C | 0x000BBA4C | 0x00000006 |
WININET.dll (14)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InternetQueryDataAvailable | - | 0x0048F77C | 0x000BC9C4 | 0x000BBDC4 | 0x0000009B |
| InternetCloseHandle | - | 0x0048F780 | 0x000BC9C8 | 0x000BBDC8 | 0x0000006B |
| InternetOpenW | - | 0x0048F784 | 0x000BC9CC | 0x000BBDCC | 0x0000009A |
| InternetSetOptionW | - | 0x0048F788 | 0x000BC9D0 | 0x000BBDD0 | 0x000000AF |
| InternetCrackUrlW | - | 0x0048F78C | 0x000BC9D4 | 0x000BBDD4 | 0x00000074 |
| HttpQueryInfoW | - | 0x0048F790 | 0x000BC9D8 | 0x000BBDD8 | 0x0000005A |
| InternetQueryOptionW | - | 0x0048F794 | 0x000BC9DC | 0x000BBDDC | 0x0000009E |
| HttpOpenRequestW | - | 0x0048F798 | 0x000BC9E0 | 0x000BBDE0 | 0x00000058 |
| HttpSendRequestW | - | 0x0048F79C | 0x000BC9E4 | 0x000BBDE4 | 0x0000005E |
| FtpOpenFileW | - | 0x0048F7A0 | 0x000BC9E8 | 0x000BBDE8 | 0x00000035 |
| FtpGetFileSize | - | 0x0048F7A4 | 0x000BC9EC | 0x000BBDEC | 0x00000032 |
| InternetOpenUrlW | - | 0x0048F7A8 | 0x000BC9F0 | 0x000BBDF0 | 0x00000099 |
| InternetReadFile | - | 0x0048F7AC | 0x000BC9F4 | 0x000BBDF4 | 0x0000009F |
| InternetConnectW | - | 0x0048F7B0 | 0x000BC9F8 | 0x000BBDF8 | 0x00000072 |
PSAPI.DLL (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetProcessMemoryInfo | - | 0x0048F484 | 0x000BC6CC | 0x000BBACC | 0x00000015 |
IPHLPAPI.DLL (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| IcmpCreateFile | - | 0x0048F154 | 0x000BC39C | 0x000BB79C | 0x00000085 |
| IcmpCloseHandle | - | 0x0048F158 | 0x000BC3A0 | 0x000BB7A0 | 0x00000084 |
| IcmpSendEcho | - | 0x0048F15C | 0x000BC3A4 | 0x000BB7A4 | 0x00000087 |
USERENV.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DestroyEnvironmentBlock | - | 0x0048F750 | 0x000BC998 | 0x000BBD98 | 0x00000004 |
| UnloadUserProfile | - | 0x0048F754 | 0x000BC99C | 0x000BBD9C | 0x0000002C |
| CreateEnvironmentBlock | - | 0x0048F758 | 0x000BC9A0 | 0x000BBDA0 | 0x00000000 |
| LoadUserProfileW | - | 0x0048F75C | 0x000BC9A4 | 0x000BBDA4 | 0x00000021 |
UxTheme.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| IsThemeActive | - | 0x0048F764 | 0x000BC9AC | 0x000BBDAC | 0x0000003F |
KERNEL32.dll (164)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DuplicateHandle | - | 0x0048F164 | 0x000BC3AC | 0x000BB7AC | 0x000000E8 |
| CreateThread | - | 0x0048F168 | 0x000BC3B0 | 0x000BB7B0 | 0x000000B5 |
| WaitForSingleObject | - | 0x0048F16C | 0x000BC3B4 | 0x000BB7B4 | 0x000004F9 |
| HeapAlloc | - | 0x0048F170 | 0x000BC3B8 | 0x000BB7B8 | 0x000002CB |
| GetProcessHeap | - | 0x0048F174 | 0x000BC3BC | 0x000BB7BC | 0x0000024A |
| HeapFree | - | 0x0048F178 | 0x000BC3C0 | 0x000BB7C0 | 0x000002CF |
| Sleep | - | 0x0048F17C | 0x000BC3C4 | 0x000BB7C4 | 0x000004B2 |
| GetCurrentThreadId | - | 0x0048F180 | 0x000BC3C8 | 0x000BB7C8 | 0x000001C5 |
| MultiByteToWideChar | - | 0x0048F184 | 0x000BC3CC | 0x000BB7CC | 0x00000367 |
| MulDiv | - | 0x0048F188 | 0x000BC3D0 | 0x000BB7D0 | 0x00000366 |
| GetVersionExW | - | 0x0048F18C | 0x000BC3D4 | 0x000BB7D4 | 0x000002A4 |
| IsWow64Process | - | 0x0048F190 | 0x000BC3D8 | 0x000BB7D8 | 0x0000030E |
| GetSystemInfo | - | 0x0048F194 | 0x000BC3DC | 0x000BB7DC | 0x00000273 |
| FreeLibrary | - | 0x0048F198 | 0x000BC3E0 | 0x000BB7E0 | 0x00000162 |
| LoadLibraryA | - | 0x0048F19C | 0x000BC3E4 | 0x000BB7E4 | 0x0000033C |
| GetProcAddress | - | 0x0048F1A0 | 0x000BC3E8 | 0x000BB7E8 | 0x00000245 |
| SetErrorMode | - | 0x0048F1A4 | 0x000BC3EC | 0x000BB7EC | 0x00000458 |
| GetModuleFileNameW | - | 0x0048F1A8 | 0x000BC3F0 | 0x000BB7F0 | 0x00000214 |
| WideCharToMultiByte | - | 0x0048F1AC | 0x000BC3F4 | 0x000BB7F4 | 0x00000511 |
| lstrcpyW | - | 0x0048F1B0 | 0x000BC3F8 | 0x000BB7F8 | 0x00000548 |
| lstrlenW | - | 0x0048F1B4 | 0x000BC3FC | 0x000BB7FC | 0x0000054E |
| GetModuleHandleW | - | 0x0048F1B8 | 0x000BC400 | 0x000BB800 | 0x00000218 |
| QueryPerformanceCounter | - | 0x0048F1BC | 0x000BC404 | 0x000BB804 | 0x000003A7 |
| VirtualFreeEx | - | 0x0048F1C0 | 0x000BC408 | 0x000BB808 | 0x000004ED |
| OpenProcess | - | 0x0048F1C4 | 0x000BC40C | 0x000BB80C | 0x00000380 |
| VirtualAllocEx | - | 0x0048F1C8 | 0x000BC410 | 0x000BB810 | 0x000004EA |
| WriteProcessMemory | - | 0x0048F1CC | 0x000BC414 | 0x000BB814 | 0x0000052E |
| ReadProcessMemory | - | 0x0048F1D0 | 0x000BC418 | 0x000BB818 | 0x000003C3 |
| CreateFileW | - | 0x0048F1D4 | 0x000BC41C | 0x000BB81C | 0x0000008F |
| SetFilePointerEx | - | 0x0048F1D8 | 0x000BC420 | 0x000BB820 | 0x00000467 |
| SetEndOfFile | - | 0x0048F1DC | 0x000BC424 | 0x000BB824 | 0x00000453 |
| ReadFile | - | 0x0048F1E0 | 0x000BC428 | 0x000BB828 | 0x000003C0 |
| WriteFile | - | 0x0048F1E4 | 0x000BC42C | 0x000BB82C | 0x00000525 |
| FlushFileBuffers | - | 0x0048F1E8 | 0x000BC430 | 0x000BB830 | 0x00000157 |
| TerminateProcess | - | 0x0048F1EC | 0x000BC434 | 0x000BB834 | 0x000004C0 |
| CreateToolhelp32Snapshot | - | 0x0048F1F0 | 0x000BC438 | 0x000BB838 | 0x000000BE |
| Process32FirstW | - | 0x0048F1F4 | 0x000BC43C | 0x000BB83C | 0x00000396 |
| Process32NextW | - | 0x0048F1F8 | 0x000BC440 | 0x000BB840 | 0x00000398 |
| SetFileTime | - | 0x0048F1FC | 0x000BC444 | 0x000BB844 | 0x0000046A |
| GetFileAttributesW | - | 0x0048F200 | 0x000BC448 | 0x000BB848 | 0x000001EA |
| FindFirstFileW | - | 0x0048F204 | 0x000BC44C | 0x000BB84C | 0x00000139 |
| SetCurrentDirectoryW | - | 0x0048F208 | 0x000BC450 | 0x000BB850 | 0x0000044D |
| GetLongPathNameW | - | 0x0048F20C | 0x000BC454 | 0x000BB854 | 0x0000020F |
| GetShortPathNameW | - | 0x0048F210 | 0x000BC458 | 0x000BB858 | 0x00000261 |
| DeleteFileW | - | 0x0048F214 | 0x000BC45C | 0x000BB85C | 0x000000D6 |
| FindNextFileW | - | 0x0048F218 | 0x000BC460 | 0x000BB860 | 0x00000145 |
| CopyFileExW | - | 0x0048F21C | 0x000BC464 | 0x000BB864 | 0x00000072 |
| MoveFileW | - | 0x0048F220 | 0x000BC468 | 0x000BB868 | 0x00000363 |
| CreateDirectoryW | - | 0x0048F224 | 0x000BC46C | 0x000BB86C | 0x00000081 |
| RemoveDirectoryW | - | 0x0048F228 | 0x000BC470 | 0x000BB870 | 0x00000403 |
| SetSystemPowerState | - | 0x0048F22C | 0x000BC474 | 0x000BB874 | 0x0000048A |
| QueryPerformanceFrequency | - | 0x0048F230 | 0x000BC478 | 0x000BB878 | 0x000003A8 |
| FindResourceW | - | 0x0048F234 | 0x000BC47C | 0x000BB87C | 0x0000014E |
| LoadResource | - | 0x0048F238 | 0x000BC480 | 0x000BB880 | 0x00000341 |
| LockResource | - | 0x0048F23C | 0x000BC484 | 0x000BB884 | 0x00000354 |
| SizeofResource | - | 0x0048F240 | 0x000BC488 | 0x000BB888 | 0x000004B1 |
| EnumResourceNamesW | - | 0x0048F244 | 0x000BC48C | 0x000BB88C | 0x00000102 |
| OutputDebugStringW | - | 0x0048F248 | 0x000BC490 | 0x000BB890 | 0x0000038A |
| GetTempPathW | - | 0x0048F24C | 0x000BC494 | 0x000BB894 | 0x00000285 |
| GetTempFileNameW | - | 0x0048F250 | 0x000BC498 | 0x000BB898 | 0x00000283 |
| DeviceIoControl | - | 0x0048F254 | 0x000BC49C | 0x000BB89C | 0x000000DD |
| GetLocalTime | - | 0x0048F258 | 0x000BC4A0 | 0x000BB8A0 | 0x00000203 |
| CompareStringW | - | 0x0048F25C | 0x000BC4A4 | 0x000BB8A4 | 0x00000064 |
| GetCurrentProcess | - | 0x0048F260 | 0x000BC4A8 | 0x000BB8A8 | 0x000001C0 |
| EnterCriticalSection | - | 0x0048F264 | 0x000BC4AC | 0x000BB8AC | 0x000000EE |
| LeaveCriticalSection | - | 0x0048F268 | 0x000BC4B0 | 0x000BB8B0 | 0x00000339 |
| GetStdHandle | - | 0x0048F26C | 0x000BC4B4 | 0x000BB8B4 | 0x00000264 |
| CreatePipe | - | 0x0048F270 | 0x000BC4B8 | 0x000BB8B8 | 0x000000A1 |
| InterlockedExchange | - | 0x0048F274 | 0x000BC4BC | 0x000BB8BC | 0x000002EC |
| TerminateThread | - | 0x0048F278 | 0x000BC4C0 | 0x000BB8C0 | 0x000004C1 |
| LoadLibraryExW | - | 0x0048F27C | 0x000BC4C4 | 0x000BB8C4 | 0x0000033E |
| FindResourceExW | - | 0x0048F280 | 0x000BC4C8 | 0x000BB8C8 | 0x0000014D |
| CopyFileW | - | 0x0048F284 | 0x000BC4CC | 0x000BB8CC | 0x00000075 |
| VirtualFree | - | 0x0048F288 | 0x000BC4D0 | 0x000BB8D0 | 0x000004EC |
| FormatMessageW | - | 0x0048F28C | 0x000BC4D4 | 0x000BB8D4 | 0x0000015E |
| GetExitCodeProcess | - | 0x0048F290 | 0x000BC4D8 | 0x000BB8D8 | 0x000001DF |
| GetPrivateProfileStringW | - | 0x0048F294 | 0x000BC4DC | 0x000BB8DC | 0x00000242 |
| WritePrivateProfileStringW | - | 0x0048F298 | 0x000BC4E0 | 0x000BB8E0 | 0x0000052B |
| GetPrivateProfileSectionW | - | 0x0048F29C | 0x000BC4E4 | 0x000BB8E4 | 0x00000240 |
| WritePrivateProfileSectionW | - | 0x0048F2A0 | 0x000BC4E8 | 0x000BB8E8 | 0x00000529 |
| GetPrivateProfileSectionNamesW | - | 0x0048F2A4 | 0x000BC4EC | 0x000BB8EC | 0x0000023F |
| FileTimeToLocalFileTime | - | 0x0048F2A8 | 0x000BC4F0 | 0x000BB8F0 | 0x00000124 |
| FileTimeToSystemTime | - | 0x0048F2AC | 0x000BC4F4 | 0x000BB8F4 | 0x00000125 |
| SystemTimeToFileTime | - | 0x0048F2B0 | 0x000BC4F8 | 0x000BB8F8 | 0x000004BD |
| LocalFileTimeToFileTime | - | 0x0048F2B4 | 0x000BC4FC | 0x000BB8FC | 0x00000346 |
| GetDriveTypeW | - | 0x0048F2B8 | 0x000BC500 | 0x000BB900 | 0x000001D3 |
| GetDiskFreeSpaceExW | - | 0x0048F2BC | 0x000BC504 | 0x000BB904 | 0x000001CE |
| GetDiskFreeSpaceW | - | 0x0048F2C0 | 0x000BC508 | 0x000BB908 | 0x000001CF |
| GetVolumeInformationW | - | 0x0048F2C4 | 0x000BC50C | 0x000BB90C | 0x000002A7 |
| SetVolumeLabelW | - | 0x0048F2C8 | 0x000BC510 | 0x000BB910 | 0x000004A9 |
| CreateHardLinkW | - | 0x0048F2CC | 0x000BC514 | 0x000BB914 | 0x00000093 |
| SetFileAttributesW | - | 0x0048F2D0 | 0x000BC518 | 0x000BB918 | 0x00000461 |
| CreateEventW | - | 0x0048F2D4 | 0x000BC51C | 0x000BB91C | 0x00000085 |
| SetEvent | - | 0x0048F2D8 | 0x000BC520 | 0x000BB920 | 0x00000459 |
| GetEnvironmentVariableW | - | 0x0048F2DC | 0x000BC524 | 0x000BB924 | 0x000001DC |
| SetEnvironmentVariableW | - | 0x0048F2E0 | 0x000BC528 | 0x000BB928 | 0x00000457 |
| GlobalLock | - | 0x0048F2E4 | 0x000BC52C | 0x000BB92C | 0x000002BE |
| GlobalUnlock | - | 0x0048F2E8 | 0x000BC530 | 0x000BB930 | 0x000002C5 |
| GlobalAlloc | - | 0x0048F2EC | 0x000BC534 | 0x000BB934 | 0x000002B3 |
| GetFileSize | - | 0x0048F2F0 | 0x000BC538 | 0x000BB938 | 0x000001F0 |
| GlobalFree | - | 0x0048F2F4 | 0x000BC53C | 0x000BB93C | 0x000002BA |
| GlobalMemoryStatusEx | - | 0x0048F2F8 | 0x000BC540 | 0x000BB940 | 0x000002C0 |
| Beep | - | 0x0048F2FC | 0x000BC544 | 0x000BB944 | 0x00000036 |
| GetSystemDirectoryW | - | 0x0048F300 | 0x000BC548 | 0x000BB948 | 0x00000270 |
| HeapReAlloc | - | 0x0048F304 | 0x000BC54C | 0x000BB94C | 0x000002D2 |
| HeapSize | - | 0x0048F308 | 0x000BC550 | 0x000BB950 | 0x000002D4 |
| GetComputerNameW | - | 0x0048F30C | 0x000BC554 | 0x000BB954 | 0x0000018F |
| GetWindowsDirectoryW | - | 0x0048F310 | 0x000BC558 | 0x000BB958 | 0x000002AF |
| GetCurrentProcessId | - | 0x0048F314 | 0x000BC55C | 0x000BB95C | 0x000001C1 |
| GetProcessIoCounters | - | 0x0048F318 | 0x000BC560 | 0x000BB960 | 0x0000024E |
| CreateProcessW | - | 0x0048F31C | 0x000BC564 | 0x000BB964 | 0x000000A8 |
| GetProcessId | - | 0x0048F320 | 0x000BC568 | 0x000BB968 | 0x0000024C |
| SetPriorityClass | - | 0x0048F324 | 0x000BC56C | 0x000BB96C | 0x0000047D |
| LoadLibraryW | - | 0x0048F328 | 0x000BC570 | 0x000BB970 | 0x0000033F |
| VirtualAlloc | - | 0x0048F32C | 0x000BC574 | 0x000BB974 | 0x000004E9 |
| IsDebuggerPresent | - | 0x0048F330 | 0x000BC578 | 0x000BB978 | 0x00000300 |
| GetCurrentDirectoryW | - | 0x0048F334 | 0x000BC57C | 0x000BB97C | 0x000001BF |
| lstrcmpiW | - | 0x0048F338 | 0x000BC580 | 0x000BB980 | 0x00000545 |
| DecodePointer | - | 0x0048F33C | 0x000BC584 | 0x000BB984 | 0x000000CA |
| GetLastError | - | 0x0048F340 | 0x000BC588 | 0x000BB988 | 0x00000202 |
| RaiseException | - | 0x0048F344 | 0x000BC58C | 0x000BB98C | 0x000003B1 |
| InitializeCriticalSectionAndSpinCount | - | 0x0048F348 | 0x000BC590 | 0x000BB990 | 0x000002E3 |
| DeleteCriticalSection | - | 0x0048F34C | 0x000BC594 | 0x000BB994 | 0x000000D1 |
| InterlockedDecrement | - | 0x0048F350 | 0x000BC598 | 0x000BB998 | 0x000002EB |
| InterlockedIncrement | - | 0x0048F354 | 0x000BC59C | 0x000BB99C | 0x000002EF |
| GetCurrentThread | - | 0x0048F358 | 0x000BC5A0 | 0x000BB9A0 | 0x000001C4 |
| CloseHandle | - | 0x0048F35C | 0x000BC5A4 | 0x000BB9A4 | 0x00000052 |
| GetFullPathNameW | - | 0x0048F360 | 0x000BC5A8 | 0x000BB9A8 | 0x000001FB |
| EncodePointer | - | 0x0048F364 | 0x000BC5AC | 0x000BB9AC | 0x000000EA |
| ExitProcess | - | 0x0048F368 | 0x000BC5B0 | 0x000BB9B0 | 0x00000119 |
| GetModuleHandleExW | - | 0x0048F36C | 0x000BC5B4 | 0x000BB9B4 | 0x00000217 |
| ExitThread | - | 0x0048F370 | 0x000BC5B8 | 0x000BB9B8 | 0x0000011A |
| GetSystemTimeAsFileTime | - | 0x0048F374 | 0x000BC5BC | 0x000BB9BC | 0x00000279 |
| ResumeThread | - | 0x0048F378 | 0x000BC5C0 | 0x000BB9C0 | 0x00000413 |
| GetCommandLineW | - | 0x0048F37C | 0x000BC5C4 | 0x000BB9C4 | 0x00000187 |
| IsProcessorFeaturePresent | - | 0x0048F380 | 0x000BC5C8 | 0x000BB9C8 | 0x00000304 |
| IsValidCodePage | - | 0x0048F384 | 0x000BC5CC | 0x000BB9CC | 0x0000030A |
| GetACP | - | 0x0048F388 | 0x000BC5D0 | 0x000BB9D0 | 0x00000168 |
| GetOEMCP | - | 0x0048F38C | 0x000BC5D4 | 0x000BB9D4 | 0x00000237 |
| GetCPInfo | - | 0x0048F390 | 0x000BC5D8 | 0x000BB9D8 | 0x00000172 |
| SetLastError | - | 0x0048F394 | 0x000BC5DC | 0x000BB9DC | 0x00000473 |
| UnhandledExceptionFilter | - | 0x0048F398 | 0x000BC5E0 | 0x000BB9E0 | 0x000004D3 |
| SetUnhandledExceptionFilter | - | 0x0048F39C | 0x000BC5E4 | 0x000BB9E4 | 0x000004A5 |
| TlsAlloc | - | 0x0048F3A0 | 0x000BC5E8 | 0x000BB9E8 | 0x000004C5 |
| TlsGetValue | - | 0x0048F3A4 | 0x000BC5EC | 0x000BB9EC | 0x000004C7 |
| TlsSetValue | - | 0x0048F3A8 | 0x000BC5F0 | 0x000BB9F0 | 0x000004C8 |
| TlsFree | - | 0x0048F3AC | 0x000BC5F4 | 0x000BB9F4 | 0x000004C6 |
| GetStartupInfoW | - | 0x0048F3B0 | 0x000BC5F8 | 0x000BB9F8 | 0x00000263 |
| GetStringTypeW | - | 0x0048F3B4 | 0x000BC5FC | 0x000BB9FC | 0x00000269 |
| SetStdHandle | - | 0x0048F3B8 | 0x000BC600 | 0x000BBA00 | 0x00000487 |
| GetFileType | - | 0x0048F3BC | 0x000BC604 | 0x000BBA04 | 0x000001F3 |
| GetConsoleCP | - | 0x0048F3C0 | 0x000BC608 | 0x000BBA08 | 0x0000019A |
| GetConsoleMode | - | 0x0048F3C4 | 0x000BC60C | 0x000BBA0C | 0x000001AC |
| RtlUnwind | - | 0x0048F3C8 | 0x000BC610 | 0x000BBA10 | 0x00000418 |
| ReadConsoleW | - | 0x0048F3CC | 0x000BC614 | 0x000BBA14 | 0x000003BE |
| GetTimeZoneInformation | - | 0x0048F3D0 | 0x000BC618 | 0x000BBA18 | 0x00000298 |
| GetDateFormatW | - | 0x0048F3D4 | 0x000BC61C | 0x000BBA1C | 0x000001C8 |
| GetTimeFormatW | - | 0x0048F3D8 | 0x000BC620 | 0x000BBA20 | 0x00000297 |
| LCMapStringW | - | 0x0048F3DC | 0x000BC624 | 0x000BBA24 | 0x0000032D |
| GetEnvironmentStringsW | - | 0x0048F3E0 | 0x000BC628 | 0x000BBA28 | 0x000001DA |
| FreeEnvironmentStringsW | - | 0x0048F3E4 | 0x000BC62C | 0x000BBA2C | 0x00000161 |
| WriteConsoleW | - | 0x0048F3E8 | 0x000BC630 | 0x000BBA30 | 0x00000524 |
| FindClose | - | 0x0048F3EC | 0x000BC634 | 0x000BBA34 | 0x0000012E |
| SetEnvironmentVariableA | - | 0x0048F3F0 | 0x000BC638 | 0x000BBA38 | 0x00000456 |
USER32.dll (160)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| AdjustWindowRectEx | - | 0x0048F4CC | 0x000BC714 | 0x000BBB14 | 0x00000003 |
| CopyImage | - | 0x0048F4D0 | 0x000BC718 | 0x000BBB18 | 0x00000054 |
| SetWindowPos | - | 0x0048F4D4 | 0x000BC71C | 0x000BBB1C | 0x000002C6 |
| GetCursorInfo | - | 0x0048F4D8 | 0x000BC720 | 0x000BBB20 | 0x0000011F |
| RegisterHotKey | - | 0x0048F4DC | 0x000BC724 | 0x000BBB24 | 0x00000256 |
| ClientToScreen | - | 0x0048F4E0 | 0x000BC728 | 0x000BBB28 | 0x00000047 |
| GetKeyboardLayoutNameW | - | 0x0048F4E4 | 0x000BC72C | 0x000BBB2C | 0x00000141 |
| IsCharAlphaW | - | 0x0048F4E8 | 0x000BC730 | 0x000BBB30 | 0x000001C4 |
| IsCharAlphaNumericW | - | 0x0048F4EC | 0x000BC734 | 0x000BBB34 | 0x000001C3 |
| IsCharLowerW | - | 0x0048F4F0 | 0x000BC738 | 0x000BBB38 | 0x000001C6 |
| IsCharUpperW | - | 0x0048F4F4 | 0x000BC73C | 0x000BBB3C | 0x000001C8 |
| GetMenuStringW | - | 0x0048F4F8 | 0x000BC740 | 0x000BBB40 | 0x00000158 |
| GetSubMenu | - | 0x0048F4FC | 0x000BC744 | 0x000BBB44 | 0x0000017A |
| GetCaretPos | - | 0x0048F500 | 0x000BC748 | 0x000BBB48 | 0x0000010A |
| IsZoomed | - | 0x0048F504 | 0x000BC74C | 0x000BBB4C | 0x000001E2 |
| MonitorFromPoint | - | 0x0048F508 | 0x000BC750 | 0x000BBB50 | 0x00000218 |
| GetMonitorInfoW | - | 0x0048F50C | 0x000BC754 | 0x000BBB54 | 0x0000015F |
| SetWindowLongW | - | 0x0048F510 | 0x000BC758 | 0x000BBB58 | 0x000002C4 |
| SetLayeredWindowAttributes | - | 0x0048F514 | 0x000BC75C | 0x000BBB5C | 0x00000298 |
| FlashWindow | - | 0x0048F518 | 0x000BC760 | 0x000BBB60 | 0x000000FB |
| GetClassLongW | - | 0x0048F51C | 0x000BC764 | 0x000BBB64 | 0x00000110 |
| TranslateAcceleratorW | - | 0x0048F520 | 0x000BC768 | 0x000BBB68 | 0x000002FA |
| IsDialogMessageW | - | 0x0048F524 | 0x000BC76C | 0x000BBB6C | 0x000001CD |
| GetSysColor | - | 0x0048F528 | 0x000BC770 | 0x000BBB70 | 0x0000017B |
| InflateRect | - | 0x0048F52C | 0x000BC774 | 0x000BBB74 | 0x000001B5 |
| DrawFocusRect | - | 0x0048F530 | 0x000BC778 | 0x000BBB78 | 0x000000C4 |
| DrawTextW | - | 0x0048F534 | 0x000BC77C | 0x000BBB7C | 0x000000D0 |
| FrameRect | - | 0x0048F538 | 0x000BC780 | 0x000BBB80 | 0x000000FD |
| DrawFrameControl | - | 0x0048F53C | 0x000BC784 | 0x000BBB84 | 0x000000C6 |
| FillRect | - | 0x0048F540 | 0x000BC788 | 0x000BBB88 | 0x000000F6 |
| PtInRect | - | 0x0048F544 | 0x000BC78C | 0x000BBB8C | 0x00000240 |
| DestroyAcceleratorTable | - | 0x0048F548 | 0x000BC790 | 0x000BBB90 | 0x000000A0 |
| CreateAcceleratorTableW | - | 0x0048F54C | 0x000BC794 | 0x000BBB94 | 0x00000058 |
| SetCursor | - | 0x0048F550 | 0x000BC798 | 0x000BBB98 | 0x00000288 |
| GetWindowDC | - | 0x0048F554 | 0x000BC79C | 0x000BBB9C | 0x00000192 |
| GetSystemMetrics | - | 0x0048F558 | 0x000BC7A0 | 0x000BBBA0 | 0x0000017E |
| GetActiveWindow | - | 0x0048F55C | 0x000BC7A4 | 0x000BBBA4 | 0x00000100 |
| CharNextW | - | 0x0048F560 | 0x000BC7A8 | 0x000BBBA8 | 0x00000031 |
| wsprintfW | - | 0x0048F564 | 0x000BC7AC | 0x000BBBAC | 0x00000333 |
| RedrawWindow | - | 0x0048F568 | 0x000BC7B0 | 0x000BBBB0 | 0x0000024A |
| DrawMenuBar | - | 0x0048F56C | 0x000BC7B4 | 0x000BBBB4 | 0x000000C9 |
| DestroyMenu | - | 0x0048F570 | 0x000BC7B8 | 0x000BBBB8 | 0x000000A4 |
| SetMenu | - | 0x0048F574 | 0x000BC7BC | 0x000BBBBC | 0x0000029C |
| GetWindowTextLengthW | - | 0x0048F578 | 0x000BC7C0 | 0x000BBBC0 | 0x000001A2 |
| CreateMenu | - | 0x0048F57C | 0x000BC7C4 | 0x000BBBC4 | 0x0000006A |
| IsDlgButtonChecked | - | 0x0048F580 | 0x000BC7C8 | 0x000BBBC8 | 0x000001CE |
| DefDlgProcW | - | 0x0048F584 | 0x000BC7CC | 0x000BBBCC | 0x00000095 |
| CallWindowProcW | - | 0x0048F588 | 0x000BC7D0 | 0x000BBBD0 | 0x0000001E |
| ReleaseCapture | - | 0x0048F58C | 0x000BC7D4 | 0x000BBBD4 | 0x00000264 |
| SetCapture | - | 0x0048F590 | 0x000BC7D8 | 0x000BBBD8 | 0x00000280 |
| CreateIconFromResourceEx | - | 0x0048F594 | 0x000BC7DC | 0x000BBBDC | 0x00000066 |
| mouse_event | - | 0x0048F598 | 0x000BC7E0 | 0x000BBBE0 | 0x00000331 |
| ExitWindowsEx | - | 0x0048F59C | 0x000BC7E4 | 0x000BBBE4 | 0x000000F5 |
| SetActiveWindow | - | 0x0048F5A0 | 0x000BC7E8 | 0x000BBBE8 | 0x0000027F |
| FindWindowExW | - | 0x0048F5A4 | 0x000BC7EC | 0x000BBBEC | 0x000000F9 |
| EnumThreadWindows | - | 0x0048F5A8 | 0x000BC7F0 | 0x000BBBF0 | 0x000000EF |
| SetMenuDefaultItem | - | 0x0048F5AC | 0x000BC7F4 | 0x000BBBF4 | 0x0000029E |
| InsertMenuItemW | - | 0x0048F5B0 | 0x000BC7F8 | 0x000BBBF8 | 0x000001B9 |
| IsMenu | - | 0x0048F5B4 | 0x000BC7FC | 0x000BBBFC | 0x000001D2 |
| TrackPopupMenuEx | - | 0x0048F5B8 | 0x000BC800 | 0x000BBC00 | 0x000002F7 |
| GetCursorPos | - | 0x0048F5BC | 0x000BC804 | 0x000BBC04 | 0x00000120 |
| DeleteMenu | - | 0x0048F5C0 | 0x000BC808 | 0x000BBC08 | 0x0000009E |
| SetRect | - | 0x0048F5C4 | 0x000BC80C | 0x000BBC0C | 0x000002AE |
| GetMenuItemID | - | 0x0048F5C8 | 0x000BC810 | 0x000BBC10 | 0x00000152 |
| GetMenuItemCount | - | 0x0048F5CC | 0x000BC814 | 0x000BBC14 | 0x00000151 |
| SetMenuItemInfoW | - | 0x0048F5D0 | 0x000BC818 | 0x000BBC18 | 0x000002A2 |
| GetMenuItemInfoW | - | 0x0048F5D4 | 0x000BC81C | 0x000BBC1C | 0x00000154 |
| SetForegroundWindow | - | 0x0048F5D8 | 0x000BC820 | 0x000BBC20 | 0x00000293 |
| IsIconic | - | 0x0048F5DC | 0x000BC824 | 0x000BBC24 | 0x000001D1 |
| FindWindowW | - | 0x0048F5E0 | 0x000BC828 | 0x000BBC28 | 0x000000FA |
| MonitorFromRect | - | 0x0048F5E4 | 0x000BC82C | 0x000BBC2C | 0x00000219 |
| keybd_event | - | 0x0048F5E8 | 0x000BC830 | 0x000BBC30 | 0x00000330 |
| SendInput | - | 0x0048F5EC | 0x000BC834 | 0x000BBC34 | 0x00000276 |
| GetAsyncKeyState | - | 0x0048F5F0 | 0x000BC838 | 0x000BBC38 | 0x00000107 |
| SetKeyboardState | - | 0x0048F5F4 | 0x000BC83C | 0x000BBC3C | 0x00000296 |
| GetKeyboardState | - | 0x0048F5F8 | 0x000BC840 | 0x000BBC40 | 0x00000142 |
| GetKeyState | - | 0x0048F5FC | 0x000BC844 | 0x000BBC44 | 0x0000013D |
| VkKeyScanW | - | 0x0048F600 | 0x000BC848 | 0x000BBC48 | 0x00000321 |
| LoadStringW | - | 0x0048F604 | 0x000BC84C | 0x000BBC4C | 0x000001FA |
| DialogBoxParamW | - | 0x0048F608 | 0x000BC850 | 0x000BBC50 | 0x000000AC |
| MessageBeep | - | 0x0048F60C | 0x000BC854 | 0x000BBC54 | 0x0000020D |
| EndDialog | - | 0x0048F610 | 0x000BC858 | 0x000BBC58 | 0x000000DA |
| SendDlgItemMessageW | - | 0x0048F614 | 0x000BC85C | 0x000BBC5C | 0x00000273 |
| GetDlgItem | - | 0x0048F618 | 0x000BC860 | 0x000BBC60 | 0x00000127 |
| SetWindowTextW | - | 0x0048F61C | 0x000BC864 | 0x000BBC64 | 0x000002CB |
| CopyRect | - | 0x0048F620 | 0x000BC868 | 0x000BBC68 | 0x00000055 |
| ReleaseDC | - | 0x0048F624 | 0x000BC86C | 0x000BBC6C | 0x00000265 |
| GetDC | - | 0x0048F628 | 0x000BC870 | 0x000BBC70 | 0x00000121 |
| EndPaint | - | 0x0048F62C | 0x000BC874 | 0x000BBC74 | 0x000000DC |
| BeginPaint | - | 0x0048F630 | 0x000BC878 | 0x000BBC78 | 0x0000000E |
| GetClientRect | - | 0x0048F634 | 0x000BC87C | 0x000BBC7C | 0x00000114 |
| GetMenu | - | 0x0048F638 | 0x000BC880 | 0x000BBC80 | 0x0000014B |
| DestroyWindow | - | 0x0048F63C | 0x000BC884 | 0x000BBC84 | 0x000000A6 |
| EnumWindows | - | 0x0048F640 | 0x000BC888 | 0x000BBC88 | 0x000000F2 |
| GetDesktopWindow | - | 0x0048F644 | 0x000BC88C | 0x000BBC8C | 0x00000123 |
| IsWindow | - | 0x0048F648 | 0x000BC890 | 0x000BBC90 | 0x000001DB |
| IsWindowEnabled | - | 0x0048F64C | 0x000BC894 | 0x000BBC94 | 0x000001DC |
| IsWindowVisible | - | 0x0048F650 | 0x000BC898 | 0x000BBC98 | 0x000001E0 |
| EnableWindow | - | 0x0048F654 | 0x000BC89C | 0x000BBC9C | 0x000000D8 |
| InvalidateRect | - | 0x0048F658 | 0x000BC8A0 | 0x000BBCA0 | 0x000001BE |
| GetWindowLongW | - | 0x0048F65C | 0x000BC8A4 | 0x000BBCA4 | 0x00000196 |
| GetWindowThreadProcessId | - | 0x0048F660 | 0x000BC8A8 | 0x000BBCA8 | 0x000001A4 |
| AttachThreadInput | - | 0x0048F664 | 0x000BC8AC | 0x000BBCAC | 0x0000000C |
| GetFocus | - | 0x0048F668 | 0x000BC8B0 | 0x000BBCB0 | 0x0000012C |
| GetWindowTextW | - | 0x0048F66C | 0x000BC8B4 | 0x000BBCB4 | 0x000001A3 |
| ScreenToClient | - | 0x0048F670 | 0x000BC8B8 | 0x000BBCB8 | 0x0000026D |
| SendMessageTimeoutW | - | 0x0048F674 | 0x000BC8BC | 0x000BBCBC | 0x0000027B |
| EnumChildWindows | - | 0x0048F678 | 0x000BC8C0 | 0x000BBCC0 | 0x000000DF |
| CharUpperBuffW | - | 0x0048F67C | 0x000BC8C4 | 0x000BBCC4 | 0x0000003B |
| GetParent | - | 0x0048F680 | 0x000BC8C8 | 0x000BBCC8 | 0x00000164 |
| GetDlgCtrlID | - | 0x0048F684 | 0x000BC8CC | 0x000BBCCC | 0x00000126 |
| SendMessageW | - | 0x0048F688 | 0x000BC8D0 | 0x000BBCD0 | 0x0000027C |
| MapVirtualKeyW | - | 0x0048F68C | 0x000BC8D4 | 0x000BBCD4 | 0x00000208 |
| PostMessageW | - | 0x0048F690 | 0x000BC8D8 | 0x000BBCD8 | 0x00000236 |
| GetWindowRect | - | 0x0048F694 | 0x000BC8DC | 0x000BBCDC | 0x0000019C |
| SetUserObjectSecurity | - | 0x0048F698 | 0x000BC8E0 | 0x000BBCE0 | 0x000002BE |
| CloseDesktop | - | 0x0048F69C | 0x000BC8E4 | 0x000BBCE4 | 0x0000004A |
| CloseWindowStation | - | 0x0048F6A0 | 0x000BC8E8 | 0x000BBCE8 | 0x0000004E |
| OpenDesktopW | - | 0x0048F6A4 | 0x000BC8EC | 0x000BBCEC | 0x00000228 |
| SetProcessWindowStation | - | 0x0048F6A8 | 0x000BC8F0 | 0x000BBCF0 | 0x000002AA |
| GetProcessWindowStation | - | 0x0048F6AC | 0x000BC8F4 | 0x000BBCF4 | 0x00000168 |
| OpenWindowStationW | - | 0x0048F6B0 | 0x000BC8F8 | 0x000BBCF8 | 0x0000022D |
| GetUserObjectSecurity | - | 0x0048F6B4 | 0x000BC8FC | 0x000BBCFC | 0x0000018C |
| MessageBoxW | - | 0x0048F6B8 | 0x000BC900 | 0x000BBD00 | 0x00000215 |
| DefWindowProcW | - | 0x0048F6BC | 0x000BC904 | 0x000BBD04 | 0x0000009C |
| SetClipboardData | - | 0x0048F6C0 | 0x000BC908 | 0x000BBD08 | 0x00000286 |
| EmptyClipboard | - | 0x0048F6C4 | 0x000BC90C | 0x000BBD0C | 0x000000D5 |
| CountClipboardFormats | - | 0x0048F6C8 | 0x000BC910 | 0x000BBD10 | 0x00000056 |
| CloseClipboard | - | 0x0048F6CC | 0x000BC914 | 0x000BBD14 | 0x00000049 |
| GetClipboardData | - | 0x0048F6D0 | 0x000BC918 | 0x000BBD18 | 0x00000116 |
| IsClipboardFormatAvailable | - | 0x0048F6D4 | 0x000BC91C | 0x000BBD1C | 0x000001CA |
| OpenClipboard | - | 0x0048F6D8 | 0x000BC920 | 0x000BBD20 | 0x00000226 |
| BlockInput | - | 0x0048F6DC | 0x000BC924 | 0x000BBD24 | 0x0000000F |
| GetMessageW | - | 0x0048F6E0 | 0x000BC928 | 0x000BBD28 | 0x0000015D |
| LockWindowUpdate | - | 0x0048F6E4 | 0x000BC92C | 0x000BBD2C | 0x000001FD |
| DispatchMessageW | - | 0x0048F6E8 | 0x000BC930 | 0x000BBD30 | 0x000000AF |
| TranslateMessage | - | 0x0048F6EC | 0x000BC934 | 0x000BBD34 | 0x000002FC |
| PeekMessageW | - | 0x0048F6F0 | 0x000BC938 | 0x000BBD38 | 0x00000233 |
| UnregisterHotKey | - | 0x0048F6F4 | 0x000BC93C | 0x000BBD3C | 0x00000308 |
| CheckMenuRadioItem | - | 0x0048F6F8 | 0x000BC940 | 0x000BBD40 | 0x00000040 |
| CharLowerBuffW | - | 0x0048F6FC | 0x000BC944 | 0x000BBD44 | 0x0000002D |
| MoveWindow | - | 0x0048F700 | 0x000BC948 | 0x000BBD48 | 0x0000021B |
| SetFocus | - | 0x0048F704 | 0x000BC94C | 0x000BBD4C | 0x00000292 |
| PostQuitMessage | - | 0x0048F708 | 0x000BC950 | 0x000BBD50 | 0x00000237 |
| KillTimer | - | 0x0048F70C | 0x000BC954 | 0x000BBD54 | 0x000001E3 |
| CreatePopupMenu | - | 0x0048F710 | 0x000BC958 | 0x000BBD58 | 0x0000006B |
| RegisterWindowMessageW | - | 0x0048F714 | 0x000BC95C | 0x000BBD5C | 0x00000263 |
| SetTimer | - | 0x0048F718 | 0x000BC960 | 0x000BBD60 | 0x000002BB |
| ShowWindow | - | 0x0048F71C | 0x000BC964 | 0x000BBD64 | 0x000002DF |
| CreateWindowExW | - | 0x0048F720 | 0x000BC968 | 0x000BBD68 | 0x0000006E |
| RegisterClassExW | - | 0x0048F724 | 0x000BC96C | 0x000BBD6C | 0x0000024D |
| LoadIconW | - | 0x0048F728 | 0x000BC970 | 0x000BBD70 | 0x000001ED |
| LoadCursorW | - | 0x0048F72C | 0x000BC974 | 0x000BBD74 | 0x000001EB |
| GetSysColorBrush | - | 0x0048F730 | 0x000BC978 | 0x000BBD78 | 0x0000017C |
| GetForegroundWindow | - | 0x0048F734 | 0x000BC97C | 0x000BBD7C | 0x0000012D |
| MessageBoxA | - | 0x0048F738 | 0x000BC980 | 0x000BBD80 | 0x0000020E |
| DestroyIcon | - | 0x0048F73C | 0x000BC984 | 0x000BBD84 | 0x000000A3 |
| SystemParametersInfoW | - | 0x0048F740 | 0x000BC988 | 0x000BBD88 | 0x000002EC |
| LoadImageW | - | 0x0048F744 | 0x000BC98C | 0x000BBD8C | 0x000001EF |
| GetClassNameW | - | 0x0048F748 | 0x000BC990 | 0x000BBD90 | 0x00000112 |
GDI32.dll (35)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| StrokePath | - | 0x0048F0C4 | 0x000BC30C | 0x000BB70C | 0x000002B6 |
| DeleteObject | - | 0x0048F0C8 | 0x000BC310 | 0x000BB710 | 0x000000E6 |
| GetTextExtentPoint32W | - | 0x0048F0CC | 0x000BC314 | 0x000BB714 | 0x0000021E |
| ExtCreatePen | - | 0x0048F0D0 | 0x000BC318 | 0x000BB718 | 0x00000132 |
| GetDeviceCaps | - | 0x0048F0D4 | 0x000BC31C | 0x000BB71C | 0x000001CB |
| EndPath | - | 0x0048F0D8 | 0x000BC320 | 0x000BB720 | 0x000000F3 |
| SetPixel | - | 0x0048F0DC | 0x000BC324 | 0x000BB724 | 0x0000029B |
| CloseFigure | - | 0x0048F0E0 | 0x000BC328 | 0x000BB728 | 0x0000001E |
| CreateCompatibleBitmap | - | 0x0048F0E4 | 0x000BC32C | 0x000BB72C | 0x0000002F |
| CreateCompatibleDC | - | 0x0048F0E8 | 0x000BC330 | 0x000BB730 | 0x00000030 |
| SelectObject | - | 0x0048F0EC | 0x000BC334 | 0x000BB734 | 0x00000277 |
| StretchBlt | - | 0x0048F0F0 | 0x000BC338 | 0x000BB738 | 0x000002B3 |
| GetDIBits | - | 0x0048F0F4 | 0x000BC33C | 0x000BB73C | 0x000001CA |
| LineTo | - | 0x0048F0F8 | 0x000BC340 | 0x000BB740 | 0x00000236 |
| AngleArc | - | 0x0048F0FC | 0x000BC344 | 0x000BB744 | 0x00000008 |
| MoveToEx | - | 0x0048F100 | 0x000BC348 | 0x000BB748 | 0x0000023A |
| Ellipse | - | 0x0048F104 | 0x000BC34C | 0x000BB74C | 0x000000ED |
| DeleteDC | - | 0x0048F108 | 0x000BC350 | 0x000BB750 | 0x000000E3 |
| GetPixel | - | 0x0048F10C | 0x000BC354 | 0x000BB754 | 0x00000204 |
| CreateDCW | - | 0x0048F110 | 0x000BC358 | 0x000BB758 | 0x00000032 |
| GetStockObject | - | 0x0048F114 | 0x000BC35C | 0x000BB75C | 0x0000020D |
| GetTextFaceW | - | 0x0048F118 | 0x000BC360 | 0x000BB760 | 0x00000224 |
| CreateFontW | - | 0x0048F11C | 0x000BC364 | 0x000BB764 | 0x00000041 |
| SetTextColor | - | 0x0048F120 | 0x000BC368 | 0x000BB768 | 0x000002A6 |
| PolyDraw | - | 0x0048F124 | 0x000BC36C | 0x000BB76C | 0x00000250 |
| BeginPath | - | 0x0048F128 | 0x000BC370 | 0x000BB770 | 0x00000012 |
| Rectangle | - | 0x0048F12C | 0x000BC374 | 0x000BB774 | 0x0000025F |
| SetViewportOrgEx | - | 0x0048F130 | 0x000BC378 | 0x000BB778 | 0x000002A9 |
| GetObjectW | - | 0x0048F134 | 0x000BC37C | 0x000BB77C | 0x000001FD |
| SetBkMode | - | 0x0048F138 | 0x000BC380 | 0x000BB780 | 0x0000027F |
| RoundRect | - | 0x0048F13C | 0x000BC384 | 0x000BB784 | 0x0000026A |
| SetBkColor | - | 0x0048F140 | 0x000BC388 | 0x000BB788 | 0x0000027E |
| CreatePen | - | 0x0048F144 | 0x000BC38C | 0x000BB78C | 0x0000004B |
| CreateSolidBrush | - | 0x0048F148 | 0x000BC390 | 0x000BB790 | 0x00000054 |
| StrokeAndFillPath | - | 0x0048F14C | 0x000BC394 | 0x000BB794 | 0x000002B5 |
COMDLG32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetOpenFileNameW | - | 0x0048F0B8 | 0x000BC300 | 0x000BB700 | 0x0000000C |
| GetSaveFileNameW | - | 0x0048F0BC | 0x000BC304 | 0x000BB704 | 0x0000000E |
ADVAPI32.dll (33)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetAce | - | 0x0048F000 | 0x000BC248 | 0x000BB648 | 0x00000123 |
| RegEnumValueW | - | 0x0048F004 | 0x000BC24C | 0x000BB64C | 0x00000252 |
| RegDeleteValueW | - | 0x0048F008 | 0x000BC250 | 0x000BB650 | 0x00000248 |
| RegDeleteKeyW | - | 0x0048F00C | 0x000BC254 | 0x000BB654 | 0x00000244 |
| RegEnumKeyExW | - | 0x0048F010 | 0x000BC258 | 0x000BB658 | 0x0000024F |
| RegSetValueExW | - | 0x0048F014 | 0x000BC25C | 0x000BB65C | 0x0000027E |
| RegOpenKeyExW | - | 0x0048F018 | 0x000BC260 | 0x000BB660 | 0x00000261 |
| RegCloseKey | - | 0x0048F01C | 0x000BC264 | 0x000BB664 | 0x00000230 |
| RegQueryValueExW | - | 0x0048F020 | 0x000BC268 | 0x000BB668 | 0x0000026E |
| RegConnectRegistryW | - | 0x0048F024 | 0x000BC26C | 0x000BB66C | 0x00000234 |
| InitializeSecurityDescriptor | - | 0x0048F028 | 0x000BC270 | 0x000BB670 | 0x00000177 |
| InitializeAcl | - | 0x0048F02C | 0x000BC274 | 0x000BB674 | 0x00000176 |
| AdjustTokenPrivileges | - | 0x0048F030 | 0x000BC278 | 0x000BB678 | 0x0000001F |
| OpenThreadToken | - | 0x0048F034 | 0x000BC27C | 0x000BB67C | 0x000001FC |
| OpenProcessToken | - | 0x0048F038 | 0x000BC280 | 0x000BB680 | 0x000001F7 |
| LookupPrivilegeValueW | - | 0x0048F03C | 0x000BC284 | 0x000BB684 | 0x00000197 |
| DuplicateTokenEx | - | 0x0048F040 | 0x000BC288 | 0x000BB688 | 0x000000DF |
| CreateProcessAsUserW | - | 0x0048F044 | 0x000BC28C | 0x000BB68C | 0x0000007C |
| CreateProcessWithLogonW | - | 0x0048F048 | 0x000BC290 | 0x000BB690 | 0x0000007D |
| GetLengthSid | - | 0x0048F04C | 0x000BC294 | 0x000BB694 | 0x00000136 |
| CopySid | - | 0x0048F050 | 0x000BC298 | 0x000BB698 | 0x00000076 |
| LogonUserW | - | 0x0048F054 | 0x000BC29C | 0x000BB69C | 0x0000018D |
| AllocateAndInitializeSid | - | 0x0048F058 | 0x000BC2A0 | 0x000BB6A0 | 0x00000020 |
| CheckTokenMembership | - | 0x0048F05C | 0x000BC2A4 | 0x000BB6A4 | 0x00000051 |
| RegCreateKeyExW | - | 0x0048F060 | 0x000BC2A8 | 0x000BB6A8 | 0x00000239 |
| FreeSid | - | 0x0048F064 | 0x000BC2AC | 0x000BB6AC | 0x00000120 |
| GetTokenInformation | - | 0x0048F068 | 0x000BC2B0 | 0x000BB6B0 | 0x0000015A |
| GetSecurityDescriptorDacl | - | 0x0048F06C | 0x000BC2B4 | 0x000BB6B4 | 0x00000148 |
| GetAclInformation | - | 0x0048F070 | 0x000BC2B8 | 0x000BB6B8 | 0x00000124 |
| AddAce | - | 0x0048F074 | 0x000BC2BC | 0x000BB6BC | 0x00000016 |
| SetSecurityDescriptorDacl | - | 0x0048F078 | 0x000BC2C0 | 0x000BB6C0 | 0x000002B6 |
| GetUserNameW | - | 0x0048F07C | 0x000BC2C4 | 0x000BB6C4 | 0x00000165 |
| InitiateSystemShutdownExW | - | 0x0048F080 | 0x000BC2C8 | 0x000BB6C8 | 0x0000017D |
SHELL32.dll (15)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DragQueryPoint | - | 0x0048F48C | 0x000BC6D4 | 0x000BBAD4 | 0x00000020 |
| ShellExecuteExW | - | 0x0048F490 | 0x000BC6D8 | 0x000BBAD8 | 0x00000121 |
| DragQueryFileW | - | 0x0048F494 | 0x000BC6DC | 0x000BBADC | 0x0000001F |
| SHEmptyRecycleBinW | - | 0x0048F498 | 0x000BC6E0 | 0x000BBAE0 | 0x000000A5 |
| SHGetPathFromIDListW | - | 0x0048F49C | 0x000BC6E4 | 0x000BBAE4 | 0x000000D7 |
| SHBrowseForFolderW | - | 0x0048F4A0 | 0x000BC6E8 | 0x000BBAE8 | 0x0000007B |
| SHCreateShellItem | - | 0x0048F4A4 | 0x000BC6EC | 0x000BBAEC | 0x0000009A |
| SHGetDesktopFolder | - | 0x0048F4A8 | 0x000BC6F0 | 0x000BBAF0 | 0x000000B6 |
| SHGetSpecialFolderLocation | - | 0x0048F4AC | 0x000BC6F4 | 0x000BBAF4 | 0x000000DF |
| SHGetFolderPathW | - | 0x0048F4B0 | 0x000BC6F8 | 0x000BBAF8 | 0x000000C3 |
| SHFileOperationW | - | 0x0048F4B4 | 0x000BC6FC | 0x000BBAFC | 0x000000AC |
| ExtractIconExW | - | 0x0048F4B8 | 0x000BC700 | 0x000BBB00 | 0x0000002A |
| Shell_NotifyIconW | - | 0x0048F4BC | 0x000BC704 | 0x000BBB04 | 0x0000012E |
| ShellExecuteW | - | 0x0048F4C0 | 0x000BC708 | 0x000BBB08 | 0x00000122 |
| DragFinish | - | 0x0048F4C4 | 0x000BC70C | 0x000BBB0C | 0x0000001B |
ole32.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoTaskMemAlloc | - | 0x0048F828 | 0x000BCA70 | 0x000BBE70 | 0x00000067 |
| CoTaskMemFree | - | 0x0048F82C | 0x000BCA74 | 0x000BBE74 | 0x00000068 |
| CLSIDFromString | - | 0x0048F830 | 0x000BCA78 | 0x000BBE78 | 0x00000008 |
| ProgIDFromCLSID | - | 0x0048F834 | 0x000BCA7C | 0x000BBE7C | 0x0000014B |
| CLSIDFromProgID | - | 0x0048F838 | 0x000BCA80 | 0x000BBE80 | 0x00000006 |
| OleSetMenuDescriptor | - | 0x0048F83C | 0x000BCA84 | 0x000BBE84 | 0x00000147 |
| MkParseDisplayName | - | 0x0048F840 | 0x000BCA88 | 0x000BBE88 | 0x000000D4 |
| OleSetContainedObject | - | 0x0048F844 | 0x000BCA8C | 0x000BBE8C | 0x00000146 |
| CoCreateInstance | - | 0x0048F848 | 0x000BCA90 | 0x000BBE90 | 0x00000010 |
| IIDFromString | - | 0x0048F84C | 0x000BCA94 | 0x000BBE94 | 0x000000CD |
| StringFromGUID2 | - | 0x0048F850 | 0x000BCA98 | 0x000BBE98 | 0x00000179 |
| CreateStreamOnHGlobal | - | 0x0048F854 | 0x000BCA9C | 0x000BBE9C | 0x00000086 |
| OleInitialize | - | 0x0048F858 | 0x000BCAA0 | 0x000BBEA0 | 0x00000132 |
| OleUninitialize | - | 0x0048F85C | 0x000BCAA4 | 0x000BBEA4 | 0x00000149 |
| CoInitialize | - | 0x0048F860 | 0x000BCAA8 | 0x000BBEA8 | 0x0000003E |
| CoUninitialize | - | 0x0048F864 | 0x000BCAAC | 0x000BBEAC | 0x0000006C |
| GetRunningObjectTable | - | 0x0048F868 | 0x000BCAB0 | 0x000BBEB0 | 0x00000097 |
| CoGetInstanceFromFile | - | 0x0048F86C | 0x000BCAB4 | 0x000BBEB4 | 0x0000002D |
| CoGetObject | - | 0x0048F870 | 0x000BCAB8 | 0x000BBEB8 | 0x00000035 |
| CoSetProxyBlanket | - | 0x0048F874 | 0x000BCABC | 0x000BBEBC | 0x00000063 |
| CoCreateInstanceEx | - | 0x0048F878 | 0x000BCAC0 | 0x000BBEC0 | 0x00000011 |
| CoInitializeSecurity | - | 0x0048F87C | 0x000BCAC4 | 0x000BBEC4 | 0x00000040 |
OLEAUT32.dll (29)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadTypeLibEx | 0x000000B7 | 0x0048F40C | 0x000BC654 | 0x000BBA54 | - |
| VariantCopyInd | 0x0000000B | 0x0048F410 | 0x000BC658 | 0x000BBA58 | - |
| SysReAllocString | 0x00000003 | 0x0048F414 | 0x000BC65C | 0x000BBA5C | - |
| SysFreeString | 0x00000006 | 0x0048F418 | 0x000BC660 | 0x000BBA60 | - |
| SafeArrayDestroyDescriptor | 0x00000026 | 0x0048F41C | 0x000BC664 | 0x000BBA64 | - |
| SafeArrayDestroyData | 0x00000027 | 0x0048F420 | 0x000BC668 | 0x000BBA68 | - |
| SafeArrayUnaccessData | 0x00000018 | 0x0048F424 | 0x000BC66C | 0x000BBA6C | - |
| SafeArrayAccessData | 0x00000017 | 0x0048F428 | 0x000BC670 | 0x000BBA70 | - |
| SafeArrayAllocData | 0x00000025 | 0x0048F42C | 0x000BC674 | 0x000BBA74 | - |
| SafeArrayAllocDescriptorEx | 0x00000029 | 0x0048F430 | 0x000BC678 | 0x000BBA78 | - |
| SafeArrayCreateVector | 0x0000019B | 0x0048F434 | 0x000BC67C | 0x000BBA7C | - |
| RegisterTypeLib | 0x000000A3 | 0x0048F438 | 0x000BC680 | 0x000BBA80 | - |
| CreateStdDispatch | 0x00000020 | 0x0048F43C | 0x000BC684 | 0x000BBA84 | - |
| DispCallFunc | 0x00000092 | 0x0048F440 | 0x000BC688 | 0x000BBA88 | - |
| VariantChangeType | 0x0000000C | 0x0048F444 | 0x000BC68C | 0x000BBA8C | - |
| SysStringLen | 0x00000007 | 0x0048F448 | 0x000BC690 | 0x000BBA90 | - |
| VariantTimeToSystemTime | 0x000000B9 | 0x0048F44C | 0x000BC694 | 0x000BBA94 | - |
| VarR8FromDec | 0x000000DC | 0x0048F450 | 0x000BC698 | 0x000BBA98 | - |
| SafeArrayGetVartype | 0x0000004D | 0x0048F454 | 0x000BC69C | 0x000BBA9C | - |
| VariantCopy | 0x0000000A | 0x0048F458 | 0x000BC6A0 | 0x000BBAA0 | - |
| VariantClear | 0x00000009 | 0x0048F45C | 0x000BC6A4 | 0x000BBAA4 | - |
| OleLoadPicture | 0x000001A2 | 0x0048F460 | 0x000BC6A8 | 0x000BBAA8 | - |
| QueryPathOfRegTypeLib | 0x000000A4 | 0x0048F464 | 0x000BC6AC | 0x000BBAAC | - |
| RegisterTypeLibForUser | 0x000001BA | 0x0048F468 | 0x000BC6B0 | 0x000BBAB0 | - |
| UnRegisterTypeLibForUser | 0x000001BB | 0x0048F46C | 0x000BC6B4 | 0x000BBAB4 | - |
| UnRegisterTypeLib | 0x000000BA | 0x0048F470 | 0x000BC6B8 | 0x000BBAB8 | - |
| CreateDispTypeInfo | 0x0000001F | 0x0048F474 | 0x000BC6BC | 0x000BBABC | - |
| SysAllocString | 0x00000002 | 0x0048F478 | 0x000BC6C0 | 0x000BBAC0 | - |
| VariantInit | 0x00000008 | 0x0048F47C | 0x000BC6C4 | 0x000BBAC4 | - |
Memory Dumps (4)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| notorious69281.exe | 6 | 0x01280000 | 0x0138BFFF | Relevant Image |
|
32-bit | 0x012A7E93 |
|
...
|
| buffer | 6 | 0x00110000 | 0x00113FFF | First Execution |
|
32-bit | 0x001123B0 |
|
...
|
| buffer | 6 | 0x007C0000 | 0x007D7FFF | Dump Rule: RedLineConfig |
|
32-bit | - |
|
...
|
| notorious69281.exe | 6 | 0x01280000 | 0x0138BFFF | Process Termination |
|
32-bit | - |
|
...
|
| C:\Users\kEecfMwgj\AppData\Local\Temp\tmp16F4.tmp | Dropped File | Word Document |
Clean
|
...
|
»
| MIME Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Size | 20.06 KB |
| MD5 |
b10b1102dd840d5df261f219b4a56d36
|
| SHA1 |
cca80545782da92595e1d6ec862c5f0a13735e35
|
| SHA256 |
1c8bfa0eb3e36e7d474678079efb5755ea35113cc810262af79ac07c4964df00
|
| SSDeep |
384:aNqS4RqMWlSIJramvNQ32IPLSM/bDDEdFi6A3vLCtRYCUo17:rdqjlFrvTIPPbDDEdBA3vOtKCUw7
|
| ImpHash | - |
Office Information
»
| Creator | Modexcomm |
| Last Modified By | kEecfMwgj |
| Revision | 9 |
| Create Time | 2023-03-27 22:13 (UTC) |
| Modify Time | 2024-06-26 13:43 (UTC) |
| Application | Microsoft Office Word |
| App Version | 16.0000 |
| Template | 187DD0A5 |
| Document Security | NONE |
| Editing Time | 22.0 |
| Page Count | 1 |
| Line Count | 151 |
| Paragraph Count | 42 |
| Word Count | 3179 |
| Character Count | 18121 |
| Chars With Spaces | 21258 |
| ScaleCrop | False |
| SharedDoc | False |
Document Content Snippet
»
dMBCBESONDERHEDE BESONDERHEDE VIR HIERDIE MAANDDRAENDE NR. HOEV30208 NBC DRAAG 30 STK30308 NBC DRAAG 6 STK32007X NBC DRAAG 74 STK33005 NBC wat 5 stelle dra52799 / 800U (25877/21) NBC wat 30 PCS dra6001 NBC wat 100 stuks dra6004 NBC wat 180 stuks dra6006 NBC wat 30 PCS dra6011 C3 NBC wat 10 stuks dra6202 NBC wat 280 stuks dra6203 NBC DRAAG 330 STK6205 (Stel) NBC DRAER 224 STK6205ZZ NBC DRAAG 8 STELS6207 NBC DRAER 32 STK6207N NBC wat 10 stuks dra6207ZZ NBC DRAER 52 STK6209 NBC wat 24 stuks dra6209N NBC wat 10 stuks dra6211 NBC met 26 st6212 NBC met 24 st6213 C3 NBC wat 20 stuks dra6215 C3 NBC wat 10 stuks dra628RSS NBC wat 120 stuks dra6300 NBC wat 180 stuks dra6304 (Kit) NBC DRAER 4 STK6307ZZ NBC wat 10 stuks dra6308 C3 NBC DRAAG 40 STK6308ZZ NBC wat 10 stuks dra6311 NBC wat 10 stuks dra6312 NBC wat 10 stuks dra6312ZZ C3 NBC DRAER 6 STK6902 C3 NBC wat 20 stuks draLM48548 / 510 NBC DRAER 96 STKNJ309 NBC DRAER 6 STK1988/1922 (NSPP01) .NC 706304.BEARING SET (NPP02) 11230209 (NSPP01) .NC 20 |
| C:\Users\KEECFM~1\AppData\Local\Temp\Okeghem | Dropped File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 95.50 KB |
| MD5 |
a178429ecd4cad8c92aa4e2774f5f755
|
| SHA1 |
372207ee15719cfe001f4ede770ef5a18479f61f
|
| SHA256 |
90f3b22bec26df402a0ab8fef7df8fbf79e5d74f9ed0f25943d1d5e7e2fe020b
|
| SSDeep |
1536:zGkNRRFkyMZ/lYFV5X70lmn8tPpdXJqHOoRmJTUI0GVqIu5iL8A8U4:zGqylyhgXJqHO7wJU4
|
| ImpHash | - |
| C:\Users\kEecfMwgj\AppData\Local\Temp\tmp1782.tmp | Dropped File | ZIP |
Clean
|
...
|
»
| MIME Type | application/zip |
| File Size | 91.93 KB |
| MD5 |
ff849a05d5036422021947f0f270e8fd
|
| SHA1 |
fc6d2903bf69e86bd2e8633f575b829d4ca037d4
|
| SHA256 |
d0ce547483680a7c0d261210dfce8e633fdcdbe86cd6cc0f7fecf0e0d9cac1c4
|
| SSDeep |
1536:jqoXoc9EDI0Y/YSPyV6rTfJqEIWyx5Xe6o0Te8F1AqLxCkv+Abk6lhmq2M:jXVaYHyVaqEIWybeoHAqdxmAbk6lh1l
|
| ImpHash | - |
| C:\Users\kEecfMwgj\AppData\Local\Temp\tmp1762.tmp | Dropped File | ZIP |
Clean
|
...
|
»
| MIME Type | application/zip |
| File Size | 84.10 KB |
| MD5 |
c85fdcc13aa5703e88c30fa1dd294a10
|
| SHA1 |
4393ff0b1d269020271d9b1b73d08d75c224309c
|
| SHA256 |
35d3caededcd7914d356eda934b67ae80aa639113dd3fe82ad710747a1c7d3f0
|
| SSDeep |
1536:BWAdo7KsI5nCijk+9ZMZr0uxYS9Flt/7/UyVyxurl5Q52I6BEm2onvTC:BWQshRZwuKS9FP/7dVyQrl5qsfnvW
|
| ImpHash | - |
| C:\Users\kEecfMwgj\AppData\Local\Temp\tmp17D2.tmp | Dropped File | ZIP |
Clean
|
...
|
»
| MIME Type | application/zip |
| File Size | 83.94 KB |
| MD5 |
33d432e30d84cafc56817d7b38c08100
|
| SHA1 |
25546b695351d7d6d68b43aa16c1776f2f45e026
|
| SHA256 |
6a0ea337ed0e2ea66ebde9aff30194f21e6d29580a5d7b9d557d067d67e00327
|
| SSDeep |
1536:nS8IZDRJQgAieBawFPpRiWyVp+bo/zmK6xoXkw+LxmU6skUa1uB7XrX8AXwa6Uxm:SnZD8gATB/FBRLyVZCToXQNmU6skUaIu
|
| ImpHash | - |
| C:\Users\kEecfMwgj\AppData\Local\Temp\tmp17A2.tmp | Dropped File | ZIP |
Clean
|
...
|
»
| MIME Type | application/zip |
| File Size | 82.57 KB |
| MD5 |
c13e1ae88c9468de5275f4c0b4ae221a
|
| SHA1 |
13a802b2a4af5e6902936b181e82073c97103495
|
| SHA256 |
12c48c1e1ec4c69b91abeb7ede43d9e33eb8770ae1cb4c16d12f4fdd057edd69
|
| SSDeep |
1536:uN4dv1tl8rgXWmo8FtG1rjJlHkI8IVRRUMQEuFRw2uUXB:uN4n4895FtG1rwIhNQEKR9uSB
|
| ImpHash | - |
| C:\Users\KEECFM~1\AppData\Local\Temp\aut7B6.tmp | Dropped File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 78.10 KB |
| MD5 |
6ac263e637540a51c7ec77095e6eb38d
|
| SHA1 |
979f12e57dd3da0772db830ebce1f5c183747d19
|
| SHA256 |
e74ef457af291610afb6c315b80bcb6f9861a7a411f3f744fa3faf1273d4df9f
|
| SSDeep |
1536:ZEgnoNAibgXZs/CEMFCtRBQ1Q8aciwfIh93Y1GhuVNYH7ut:ZJnoNABvEMFqRe3EwO93uVEg
|
| ImpHash | - |
| C:\Users\kEecfMwgj\AppData\Local\Temp\tmp17F2.tmp | Dropped File | ZIP |
Clean
|
...
|
»
| MIME Type | application/zip |
| File Size | 28.79 KB |
| MD5 |
878f950fc007a6ac73620fb83b2e2e89
|
| SHA1 |
3dbfc74a157ddd870f6b4a9d6a23fdbf978c8ab4
|
| SHA256 |
9b512d1431b193b7754be257776d63fd1cf8387bd3a6998fc5614372b423c99e
|
| SSDeep |
768:rT9F6kH160T94eu+blp3gcLdiF2SuLvMFmMRPccl6u:rTHH15LnRu6d+2XvMFmN26u
|
| ImpHash | - |
| C:\Users\KEECFM~1\AppData\Local\Temp\brontothere | Dropped File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 28.08 KB |
| MD5 |
daacd4a278b38b990e87d30142501a33
|
| SHA1 |
2a023a5dd8a12720d750b840edf59f1106cf97a8
|
| SHA256 |
423a70f3606d0d0f96d2f932614a2125dad3ff3170e2f04ff4bc3cef82bd57cd
|
| SSDeep |
768:miTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbCO+IFh6q84vfF3if6g1:miTZ+2QoioGRk6ZklputwjpjBkCiw2RW
|
| ImpHash | - |
| C:\Users\KEECFM~1\AppData\Local\Temp\aut90E.tmp | Dropped File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 9.64 KB |
| MD5 |
33b02492281b84aaf805eb88202ebf4f
|
| SHA1 |
84cc0dbe32c6241b6a1b8f9621ed5450e247e578
|
| SHA256 |
6369e06e6a3e2495442d98898cfa8d51fcb272b4a54f8818e5a5804f0f029c05
|
| SSDeep |
192:65jwEiqiSLLhK6mXmHAMo0XrFZbHuAAAGVp200bAsmIr+C3VfuOfu36/sLGPF9C7:I6qin6OZ70XrFZbsp200csmIr+C31fIf
|
| ImpHash | - |
| 86e88eac92b0bf840e689e4d71d66735f70c9309b82b540736b3ec50dcb11fb5 | Downloaded File | RTF |
Clean
|
...
|
»
| MIME Type | text/rtf |
| File Size | 529.33 KB |
| MD5 |
db8f3652029d8ac1f8b232eba66eee71
|
| SHA1 |
da725478e8d9d0294f624206c2e7ca7f2bb5baad
|
| SHA256 |
86e88eac92b0bf840e689e4d71d66735f70c9309b82b540736b3ec50dcb11fb5
|
| SSDeep |
6144:FwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAr:ky
|
| ImpHash | - |
| Static Analysis Parser Error | invalid control word value pattern |
Office Information
»
Document Content Snippet
»
51247139please click Enable editing from the yellow bar above.The independent auditors’ opinion says the financial statements are fairly stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit’s) employees in the normal course of performing their duties. If the auditors detect an unexpected material misstatement during your audit, it could indicate that your internal controls are not functioning properly. Conver |
| 4abd3b1898112ca3eae5c272408e91e03a0af8ac8bfc81b1b313a18915e202de | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 45.37 KB |
| MD5 |
f7105f865c5317cb89b5a1d542f86682
|
| SHA1 |
4d5560d44cca994b49a33052f04be1eba348a058
|
| SHA256 |
4abd3b1898112ca3eae5c272408e91e03a0af8ac8bfc81b1b313a18915e202de
|
| SSDeep |
768:kOuAOYdiqsu0fLsEpaqtMtB+BWvB0IjhtLc/cLLMU6rY7MeTxwrOcw2y:kOuzSiqmQE8p4cGIjhtc/VMV1sc
|
| ImpHash | - |
| 54dec80fc8344b4123d4fe9981b1338e947822e758b62eda47b8ec39a582fbfb | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 4.63 KB |
| MD5 |
e5352cba98e11406528542044acbbe7e
|
| SHA1 |
b1eaaacc1325cc909535c2841e8d684aa2273891
|
| SHA256 |
54dec80fc8344b4123d4fe9981b1338e947822e758b62eda47b8ec39a582fbfb
|
| SSDeep |
48:k+9Sj+eM8gVZOYZMVYZUkVYZUnVYxYZb1VYZfVYZ4NVYZwVYZjVYZPVYZVVYZQuB:k8SZMfaKAwsGUmFIHg6Pf6/WYiiLc
|
| ImpHash | - |
| 80dbc115aafd513275851f917754af04a502a21273e4ee8b23fd11a8d6ca16ef | Downloaded File | Unknown |
Clean
|
...
|
»
| MIME Type | application/json |
| File Size | 351 Bytes |
| MD5 |
b15daa66b8baaf1b856a34254bd80996
|
| SHA1 |
1ddcab196b0f99de282bc930a0c994e91b5dc5d7
|
| SHA256 |
80dbc115aafd513275851f917754af04a502a21273e4ee8b23fd11a8d6ca16ef
|
| SSDeep |
6:YK71n8FCP2T0JWuvyClk45INZxJPn8F2AXZIXm6ww62fVHJEamhn:YKBP2T0JWu6ClZE8yXm6f679
|
| ImpHash | - |
| 86df651850a7cf084bff38e62aca1a54d165735533e3b182a0224e3a80f5c9c9 | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 212 Bytes |
| MD5 |
fc84bcc8146c9ff744b7b40b32d6e2ba
|
| SHA1 |
f47e4ac2333724ff55ce229f32aa60e54f4af6fe
|
| SHA256 |
86df651850a7cf084bff38e62aca1a54d165735533e3b182a0224e3a80f5c9c9
|
| SSDeep |
6:CYJL2NAUnW52Y/X7mKgr/O191i/O9ri/kwt8:CYF2N4n/r8r/OD1i/Os/kv
|
| ImpHash | - |
| c7effe833dabd5a007460d8fcd17f5b36284c933be0f9d40a8a65fb68d102dcd | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 144 Bytes |
| MD5 |
48f60f2233183cbf7feefff44bb2c9b0
|
| SHA1 |
703d119e8daecff83e7cab5eb3beb8239e39a54f
|
| SHA256 |
c7effe833dabd5a007460d8fcd17f5b36284c933be0f9d40a8a65fb68d102dcd
|
| SSDeep |
3:CObJLWHNANGzppWWodLe2e3oIJiqDmKADJqbZKWPKBq0Y88:CYJL2NAUnW5w2Oo4mKgE9KK4t8
|
| ImpHash | - |
| 59fb57baf1ed70984221ca94cd509b46a1242a99092ec0c05585c2b58c74ccf5 | Downloaded File | Text |
Clean
|
...
|
»
| MIME Type | text/plain |
| File Size | 137 Bytes |
| MD5 |
f6fbd3d72da9e92b7698097dbff33f36
|
| SHA1 |
ee221cd7fc9792f7609b771c0dbe1a5aa51c6905
|
| SHA256 |
59fb57baf1ed70984221ca94cd509b46a1242a99092ec0c05585c2b58c74ccf5
|
| SSDeep |
3:CObJLWHNANGzppWWodLYSYQLjRn0DDmKADJqbZKWPKBq0Y88:CYJL2NAUnW52Y/h4mKgE9KK4t8
|
| ImpHash | - |
| 9e398ae77dc73d393d62430aa28c05cf1973f37ccc1ae0b803896cdd7d19cbc0 | Extracted File | Image |
Clean
|
...
|
»
| Parent File | C:\Users\kEecfMwgj\AppData\Roaming\notorious69281.exe |
| MIME Type | image/png |
| File Size | 7.18 KB |
| MD5 |
b8972c83445adcdfefe241235c0908f1
|
| SHA1 |
84820f31e6ff0d1d4a02d248a68ae893e01c6d73
|
| SHA256 |
9e398ae77dc73d393d62430aa28c05cf1973f37ccc1ae0b803896cdd7d19cbc0
|
| SSDeep |
192:8ZRZ2/f7/m5iyMrE5AGC4HDk6Jl09JpuqL0Qb:8ZRZ2aAyM0a0IErqL0Qb
|
| ImpHash | - |
