b0cbe3c2...5aee | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Threat Names:
Gen:Variant.Ursu.776837

dwm.exe

Windows Exe (x86-32)

Created at 2020-03-04T09:12:00

...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "30 seconds" to "10 seconds" to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dwm.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 759.00 KB
MD5 6826c287f78462c8dd70a6fb3731768f Copy to Clipboard
SHA1 f1c38c5c4052304e30d54debf7483353064e3666 Copy to Clipboard
SHA256 b0cbe3c24b1e610a9c4c8308f1996b128a4686e6a80edd1b3f22900b4dd95aee Copy to Clipboard
SSDeep 12288:hxEV8N4wsFqSyw4+J/v/6uTznISb3yWgomsns++ZG:zupqSvdH1TzXWWgvTo Copy to Clipboard
ImpHash 28c18451e2c6fb7c729079eeb5999bf3 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x48f13c
Size Of Code 0x8e200
Size Of Initialized Data 0x38a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-01-13 11:05:28+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x8e184 0x8e200 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x490000 0xad38 0xae00 0x8e600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.21
BSS 0x49b000 0xc45 0x0 0x0 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x49c000 0x27fa 0x2800 0x99400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.05
.tls 0x49f000 0x10 0x0 0x0 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x4a0000 0x18 0x200 0x9bc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.17
.vmp0 0x4a1000 0x600 0x600 0x9be00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.62
.rsrc 0x4a2000 0x21743 0x21800 0x9c400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 7.34
Imports (19)
»
kernel32.dll (39)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x49c190 0x9c190 0x99590 0x0
LeaveCriticalSection 0x0 0x49c194 0x9c194 0x99594 0x0
EnterCriticalSection 0x0 0x49c198 0x9c198 0x99598 0x0
InitializeCriticalSection 0x0 0x49c19c 0x9c19c 0x9959c 0x0
VirtualFree 0x0 0x49c1a0 0x9c1a0 0x995a0 0x0
VirtualAlloc 0x0 0x49c1a4 0x9c1a4 0x995a4 0x0
LocalFree 0x0 0x49c1a8 0x9c1a8 0x995a8 0x0
LocalAlloc 0x0 0x49c1ac 0x9c1ac 0x995ac 0x0
GetVersion 0x0 0x49c1b0 0x9c1b0 0x995b0 0x0
GetCurrentThreadId 0x0 0x49c1b4 0x9c1b4 0x995b4 0x0
InterlockedDecrement 0x0 0x49c1b8 0x9c1b8 0x995b8 0x0
InterlockedIncrement 0x0 0x49c1bc 0x9c1bc 0x995bc 0x0
VirtualQuery 0x0 0x49c1c0 0x9c1c0 0x995c0 0x0
WideCharToMultiByte 0x0 0x49c1c4 0x9c1c4 0x995c4 0x0
SetCurrentDirectoryA 0x0 0x49c1c8 0x9c1c8 0x995c8 0x0
MultiByteToWideChar 0x0 0x49c1cc 0x9c1cc 0x995cc 0x0
lstrlenA 0x0 0x49c1d0 0x9c1d0 0x995d0 0x0
lstrcpynA 0x0 0x49c1d4 0x9c1d4 0x995d4 0x0
LoadLibraryExA 0x0 0x49c1d8 0x9c1d8 0x995d8 0x0
GetThreadLocale 0x0 0x49c1dc 0x9c1dc 0x995dc 0x0
GetStartupInfoA 0x0 0x49c1e0 0x9c1e0 0x995e0 0x0
GetProcAddress 0x0 0x49c1e4 0x9c1e4 0x995e4 0x0
GetModuleHandleA 0x0 0x49c1e8 0x9c1e8 0x995e8 0x0
GetModuleFileNameA 0x0 0x49c1ec 0x9c1ec 0x995ec 0x0
GetLocaleInfoA 0x0 0x49c1f0 0x9c1f0 0x995f0 0x0
GetLastError 0x0 0x49c1f4 0x9c1f4 0x995f4 0x0
GetCurrentDirectoryA 0x0 0x49c1f8 0x9c1f8 0x995f8 0x0
GetCommandLineA 0x0 0x49c1fc 0x9c1fc 0x995fc 0x0
FreeLibrary 0x0 0x49c200 0x9c200 0x99600 0x0
FindFirstFileA 0x0 0x49c204 0x9c204 0x99604 0x0
FindClose 0x0 0x49c208 0x9c208 0x99608 0x0
ExitProcess 0x0 0x49c20c 0x9c20c 0x9960c 0x0
ExitThread 0x0 0x49c210 0x9c210 0x99610 0x0
CreateThread 0x0 0x49c214 0x9c214 0x99614 0x0
WriteFile 0x0 0x49c218 0x9c218 0x99618 0x0
UnhandledExceptionFilter 0x0 0x49c21c 0x9c21c 0x9961c 0x0
RtlUnwind 0x0 0x49c220 0x9c220 0x99620 0x0
RaiseException 0x0 0x49c224 0x9c224 0x99624 0x0
GetStdHandle 0x0 0x49c228 0x9c228 0x99628 0x0
user32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x49c230 0x9c230 0x99630 0x0
LoadStringA 0x0 0x49c234 0x9c234 0x99634 0x0
MessageBoxA 0x0 0x49c238 0x9c238 0x99638 0x0
CharNextA 0x0 0x49c23c 0x9c23c 0x9963c 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x49c244 0x9c244 0x99644 0x0
RegOpenKeyExA 0x0 0x49c248 0x9c248 0x99648 0x0
RegCloseKey 0x0 0x49c24c 0x9c24c 0x9964c 0x0
oleaut32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x49c254 0x9c254 0x99654 0x0
SysReAllocStringLen 0x0 0x49c258 0x9c258 0x99658 0x0
SysAllocStringLen 0x0 0x49c25c 0x9c25c 0x9965c 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x49c264 0x9c264 0x99664 0x0
TlsGetValue 0x0 0x49c268 0x9c268 0x99668 0x0
LocalAlloc 0x0 0x49c26c 0x9c26c 0x9966c 0x0
GetModuleHandleA 0x0 0x49c270 0x9c270 0x99670 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x49c278 0x9c278 0x99678 0x0
RegOpenKeyExA 0x0 0x49c27c 0x9c27c 0x9967c 0x0
RegCloseKey 0x0 0x49c280 0x9c280 0x99680 0x0
kernel32.dll (87)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
lstrlenA 0x0 0x49c288 0x9c288 0x99688 0x0
lstrcpyA 0x0 0x49c28c 0x9c28c 0x9968c 0x0
lstrcmpA 0x0 0x49c290 0x9c290 0x99690 0x0
WriteFile 0x0 0x49c294 0x9c294 0x99694 0x0
WaitForSingleObject 0x0 0x49c298 0x9c298 0x99698 0x0
WaitForMultipleObjects 0x0 0x49c29c 0x9c29c 0x9969c 0x0
VirtualQuery 0x0 0x49c2a0 0x9c2a0 0x996a0 0x0
VirtualFree 0x0 0x49c2a4 0x9c2a4 0x996a4 0x0
VirtualAlloc 0x0 0x49c2a8 0x9c2a8 0x996a8 0x0
Sleep 0x0 0x49c2ac 0x9c2ac 0x996ac 0x0
SizeofResource 0x0 0x49c2b0 0x9c2b0 0x996b0 0x0
SetThreadLocale 0x0 0x49c2b4 0x9c2b4 0x996b4 0x0
SetFilePointer 0x0 0x49c2b8 0x9c2b8 0x996b8 0x0
SetEvent 0x0 0x49c2bc 0x9c2bc 0x996bc 0x0
SetErrorMode 0x0 0x49c2c0 0x9c2c0 0x996c0 0x0
SetEndOfFile 0x0 0x49c2c4 0x9c2c4 0x996c4 0x0
SetCurrentDirectoryA 0x0 0x49c2c8 0x9c2c8 0x996c8 0x0
ResumeThread 0x0 0x49c2cc 0x9c2cc 0x996cc 0x0
ResetEvent 0x0 0x49c2d0 0x9c2d0 0x996d0 0x0
ReleaseMutex 0x0 0x49c2d4 0x9c2d4 0x996d4 0x0
ReadFile 0x0 0x49c2d8 0x9c2d8 0x996d8 0x0
MultiByteToWideChar 0x0 0x49c2dc 0x9c2dc 0x996dc 0x0
MulDiv 0x0 0x49c2e0 0x9c2e0 0x996e0 0x0
LockResource 0x0 0x49c2e4 0x9c2e4 0x996e4 0x0
LoadResource 0x0 0x49c2e8 0x9c2e8 0x996e8 0x0
LoadLibraryA 0x0 0x49c2ec 0x9c2ec 0x996ec 0x0
LeaveCriticalSection 0x0 0x49c2f0 0x9c2f0 0x996f0 0x0
InitializeCriticalSection 0x0 0x49c2f4 0x9c2f4 0x996f4 0x0
GlobalUnlock 0x0 0x49c2f8 0x9c2f8 0x996f8 0x0
GlobalReAlloc 0x0 0x49c2fc 0x9c2fc 0x996fc 0x0
GlobalHandle 0x0 0x49c300 0x9c300 0x99700 0x0
GlobalLock 0x0 0x49c304 0x9c304 0x99704 0x0
GlobalFree 0x0 0x49c308 0x9c308 0x99708 0x0
GlobalFindAtomA 0x0 0x49c30c 0x9c30c 0x9970c 0x0
GlobalDeleteAtom 0x0 0x49c310 0x9c310 0x99710 0x0
GlobalAlloc 0x0 0x49c314 0x9c314 0x99714 0x0
GlobalAddAtomA 0x0 0x49c318 0x9c318 0x99718 0x0
GetVolumeInformationA 0x0 0x49c31c 0x9c31c 0x9971c 0x0
GetVersionExA 0x0 0x49c320 0x9c320 0x99720 0x0
GetVersion 0x0 0x49c324 0x9c324 0x99724 0x0
GetTickCount 0x0 0x49c328 0x9c328 0x99728 0x0
GetThreadLocale 0x0 0x49c32c 0x9c32c 0x9972c 0x0
GetSystemInfo 0x0 0x49c330 0x9c330 0x99730 0x0
GetStringTypeExA 0x0 0x49c334 0x9c334 0x99734 0x0
GetStdHandle 0x0 0x49c338 0x9c338 0x99738 0x0
GetProcAddress 0x0 0x49c33c 0x9c33c 0x9973c 0x0
GetModuleHandleA 0x0 0x49c340 0x9c340 0x99740 0x0
GetModuleFileNameA 0x0 0x49c344 0x9c344 0x99744 0x0
GetLogicalDrives 0x0 0x49c348 0x9c348 0x99748 0x0
GetLocaleInfoA 0x0 0x49c34c 0x9c34c 0x9974c 0x0
GetLocalTime 0x0 0x49c350 0x9c350 0x99750 0x0
GetLastError 0x0 0x49c354 0x9c354 0x99754 0x0
GetFullPathNameA 0x0 0x49c358 0x9c358 0x99758 0x0
GetFileAttributesA 0x0 0x49c35c 0x9c35c 0x9975c 0x0
GetExitCodeThread 0x0 0x49c360 0x9c360 0x99760 0x0
GetDriveTypeA 0x0 0x49c364 0x9c364 0x99764 0x0
GetDiskFreeSpaceA 0x0 0x49c368 0x9c368 0x99768 0x0
GetDateFormatA 0x0 0x49c36c 0x9c36c 0x9976c 0x0
GetCurrentThreadId 0x0 0x49c370 0x9c370 0x99770 0x0
GetCurrentProcessId 0x0 0x49c374 0x9c374 0x99774 0x0
GetCurrentDirectoryA 0x0 0x49c378 0x9c378 0x99778 0x0
GetCPInfo 0x0 0x49c37c 0x9c37c 0x9977c 0x0
GetACP 0x0 0x49c380 0x9c380 0x99780 0x0
FreeResource 0x0 0x49c384 0x9c384 0x99784 0x0
InterlockedIncrement 0x0 0x49c388 0x9c388 0x99788 0x0
InterlockedExchange 0x0 0x49c38c 0x9c38c 0x9978c 0x0
InterlockedDecrement 0x0 0x49c390 0x9c390 0x99790 0x0
FreeLibrary 0x0 0x49c394 0x9c394 0x99794 0x0
FormatMessageA 0x0 0x49c398 0x9c398 0x99798 0x0
FindResourceA 0x0 0x49c39c 0x9c39c 0x9979c 0x0
FindNextFileA 0x0 0x49c3a0 0x9c3a0 0x997a0 0x0
FindNextChangeNotification 0x0 0x49c3a4 0x9c3a4 0x997a4 0x0
FindFirstFileA 0x0 0x49c3a8 0x9c3a8 0x997a8 0x0
FindFirstChangeNotificationA 0x0 0x49c3ac 0x9c3ac 0x997ac 0x0
FindCloseChangeNotification 0x0 0x49c3b0 0x9c3b0 0x997b0 0x0
FindClose 0x0 0x49c3b4 0x9c3b4 0x997b4 0x0
FileTimeToLocalFileTime 0x0 0x49c3b8 0x9c3b8 0x997b8 0x0
FileTimeToDosDateTime 0x0 0x49c3bc 0x9c3bc 0x997bc 0x0
EnumCalendarInfoA 0x0 0x49c3c0 0x9c3c0 0x997c0 0x0
EnterCriticalSection 0x0 0x49c3c4 0x9c3c4 0x997c4 0x0
DeleteCriticalSection 0x0 0x49c3c8 0x9c3c8 0x997c8 0x0
CreateThread 0x0 0x49c3cc 0x9c3cc 0x997cc 0x0
CreateMutexA 0x0 0x49c3d0 0x9c3d0 0x997d0 0x0
CreateFileA 0x0 0x49c3d4 0x9c3d4 0x997d4 0x0
CreateEventA 0x0 0x49c3d8 0x9c3d8 0x997d8 0x0
CompareStringA 0x0 0x49c3dc 0x9c3dc 0x997dc 0x0
CloseHandle 0x0 0x49c3e0 0x9c3e0 0x997e0 0x0
mpr.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetGetConnectionA 0x0 0x49c3e8 0x9c3e8 0x997e8 0x0
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueA 0x0 0x49c3f0 0x9c3f0 0x997f0 0x0
GetFileVersionInfoSizeA 0x0 0x49c3f4 0x9c3f4 0x997f4 0x0
GetFileVersionInfoA 0x0 0x49c3f8 0x9c3f8 0x997f8 0x0
gdi32.dll (72)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UnrealizeObject 0x0 0x49c400 0x9c400 0x99800 0x0
StretchBlt 0x0 0x49c404 0x9c404 0x99804 0x0
SetWindowOrgEx 0x0 0x49c408 0x9c408 0x99808 0x0
SetWindowExtEx 0x0 0x49c40c 0x9c40c 0x9980c 0x0
SetWinMetaFileBits 0x0 0x49c410 0x9c410 0x99810 0x0
SetViewportOrgEx 0x0 0x49c414 0x9c414 0x99814 0x0
SetViewportExtEx 0x0 0x49c418 0x9c418 0x99818 0x0
SetTextColor 0x0 0x49c41c 0x9c41c 0x9981c 0x0
SetStretchBltMode 0x0 0x49c420 0x9c420 0x99820 0x0
SetROP2 0x0 0x49c424 0x9c424 0x99824 0x0
SetPixel 0x0 0x49c428 0x9c428 0x99828 0x0
SetMapMode 0x0 0x49c42c 0x9c42c 0x9982c 0x0
SetEnhMetaFileBits 0x0 0x49c430 0x9c430 0x99830 0x0
SetDIBColorTable 0x0 0x49c434 0x9c434 0x99834 0x0
SetBrushOrgEx 0x0 0x49c438 0x9c438 0x99838 0x0
SetBkMode 0x0 0x49c43c 0x9c43c 0x9983c 0x0
SetBkColor 0x0 0x49c440 0x9c440 0x99840 0x0
SelectPalette 0x0 0x49c444 0x9c444 0x99844 0x0
SelectObject 0x0 0x49c448 0x9c448 0x99848 0x0
SaveDC 0x0 0x49c44c 0x9c44c 0x9984c 0x0
RestoreDC 0x0 0x49c450 0x9c450 0x99850 0x0
Rectangle 0x0 0x49c454 0x9c454 0x99854 0x0
RectVisible 0x0 0x49c458 0x9c458 0x99858 0x0
RealizePalette 0x0 0x49c45c 0x9c45c 0x9985c 0x0
PolyPolyline 0x0 0x49c460 0x9c460 0x99860 0x0
PlayEnhMetaFile 0x0 0x49c464 0x9c464 0x99864 0x0
PathToRegion 0x0 0x49c468 0x9c468 0x99868 0x0
PatBlt 0x0 0x49c46c 0x9c46c 0x9986c 0x0
MoveToEx 0x0 0x49c470 0x9c470 0x99870 0x0
MaskBlt 0x0 0x49c474 0x9c474 0x99874 0x0
LineTo 0x0 0x49c478 0x9c478 0x99878 0x0
IntersectClipRect 0x0 0x49c47c 0x9c47c 0x9987c 0x0
GetWindowOrgEx 0x0 0x49c480 0x9c480 0x99880 0x0
GetWinMetaFileBits 0x0 0x49c484 0x9c484 0x99884 0x0
GetTextMetricsA 0x0 0x49c488 0x9c488 0x99888 0x0
GetTextExtentPoint32A 0x0 0x49c48c 0x9c48c 0x9988c 0x0
GetSystemPaletteEntries 0x0 0x49c490 0x9c490 0x99890 0x0
GetStockObject 0x0 0x49c494 0x9c494 0x99894 0x0
GetPixel 0x0 0x49c498 0x9c498 0x99898 0x0
GetPaletteEntries 0x0 0x49c49c 0x9c49c 0x9989c 0x0
GetObjectA 0x0 0x49c4a0 0x9c4a0 0x998a0 0x0
GetEnhMetaFilePaletteEntries 0x0 0x49c4a4 0x9c4a4 0x998a4 0x0
GetEnhMetaFileHeader 0x0 0x49c4a8 0x9c4a8 0x998a8 0x0
GetEnhMetaFileBits 0x0 0x49c4ac 0x9c4ac 0x998ac 0x0
GetDeviceCaps 0x0 0x49c4b0 0x9c4b0 0x998b0 0x0
GetDIBits 0x0 0x49c4b4 0x9c4b4 0x998b4 0x0
GetDIBColorTable 0x0 0x49c4b8 0x9c4b8 0x998b8 0x0
GetDCOrgEx 0x0 0x49c4bc 0x9c4bc 0x998bc 0x0
GetCurrentPositionEx 0x0 0x49c4c0 0x9c4c0 0x998c0 0x0
GetClipBox 0x0 0x49c4c4 0x9c4c4 0x998c4 0x0
GetBrushOrgEx 0x0 0x49c4c8 0x9c4c8 0x998c8 0x0
GetBitmapBits 0x0 0x49c4cc 0x9c4cc 0x998cc 0x0
ExtTextOutA 0x0 0x49c4d0 0x9c4d0 0x998d0 0x0
ExtCreatePen 0x0 0x49c4d4 0x9c4d4 0x998d4 0x0
ExcludeClipRect 0x0 0x49c4d8 0x9c4d8 0x998d8 0x0
DeleteObject 0x0 0x49c4dc 0x9c4dc 0x998dc 0x0
DeleteEnhMetaFile 0x0 0x49c4e0 0x9c4e0 0x998e0 0x0
DeleteDC 0x0 0x49c4e4 0x9c4e4 0x998e4 0x0
CreateSolidBrush 0x0 0x49c4e8 0x9c4e8 0x998e8 0x0
CreatePenIndirect 0x0 0x49c4ec 0x9c4ec 0x998ec 0x0
CreatePen 0x0 0x49c4f0 0x9c4f0 0x998f0 0x0
CreatePalette 0x0 0x49c4f4 0x9c4f4 0x998f4 0x0
CreateHalftonePalette 0x0 0x49c4f8 0x9c4f8 0x998f8 0x0
CreateFontIndirectA 0x0 0x49c4fc 0x9c4fc 0x998fc 0x0
CreateDIBitmap 0x0 0x49c500 0x9c500 0x99900 0x0
CreateDIBSection 0x0 0x49c504 0x9c504 0x99904 0x0
CreateCompatibleDC 0x0 0x49c508 0x9c508 0x99908 0x0
CreateCompatibleBitmap 0x0 0x49c50c 0x9c50c 0x9990c 0x0
CreateBrushIndirect 0x0 0x49c510 0x9c510 0x99910 0x0
CreateBitmap 0x0 0x49c514 0x9c514 0x99914 0x0
CopyEnhMetaFileA 0x0 0x49c518 0x9c518 0x99918 0x0
BitBlt 0x0 0x49c51c 0x9c51c 0x9991c 0x0
user32.dll (177)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateWindowExA 0x0 0x49c524 0x9c524 0x99924 0x0
WindowFromPoint 0x0 0x49c528 0x9c528 0x99928 0x0
WinHelpA 0x0 0x49c52c 0x9c52c 0x9992c 0x0
WaitMessage 0x0 0x49c530 0x9c530 0x99930 0x0
ValidateRect 0x0 0x49c534 0x9c534 0x99934 0x0
UpdateWindow 0x0 0x49c538 0x9c538 0x99938 0x0
UnregisterClassA 0x0 0x49c53c 0x9c53c 0x9993c 0x0
UnionRect 0x0 0x49c540 0x9c540 0x99940 0x0
UnhookWindowsHookEx 0x0 0x49c544 0x9c544 0x99944 0x0
TranslateMessage 0x0 0x49c548 0x9c548 0x99948 0x0
TranslateMDISysAccel 0x0 0x49c54c 0x9c54c 0x9994c 0x0
TrackPopupMenu 0x0 0x49c550 0x9c550 0x99950 0x0
SystemParametersInfoA 0x0 0x49c554 0x9c554 0x99954 0x0
ShowWindow 0x0 0x49c558 0x9c558 0x99958 0x0
ShowScrollBar 0x0 0x49c55c 0x9c55c 0x9995c 0x0
ShowOwnedPopups 0x0 0x49c560 0x9c560 0x99960 0x0
ShowCursor 0x0 0x49c564 0x9c564 0x99964 0x0
SetWindowsHookExA 0x0 0x49c568 0x9c568 0x99968 0x0
SetWindowTextA 0x0 0x49c56c 0x9c56c 0x9996c 0x0
SetWindowPos 0x0 0x49c570 0x9c570 0x99970 0x0
SetWindowPlacement 0x0 0x49c574 0x9c574 0x99974 0x0
SetWindowLongA 0x0 0x49c578 0x9c578 0x99978 0x0
SetTimer 0x0 0x49c57c 0x9c57c 0x9997c 0x0
SetScrollRange 0x0 0x49c580 0x9c580 0x99980 0x0
SetScrollPos 0x0 0x49c584 0x9c584 0x99984 0x0
SetScrollInfo 0x0 0x49c588 0x9c588 0x99988 0x0
SetRect 0x0 0x49c58c 0x9c58c 0x9998c 0x0
SetPropA 0x0 0x49c590 0x9c590 0x99990 0x0
SetParent 0x0 0x49c594 0x9c594 0x99994 0x0
SetMenuItemInfoA 0x0 0x49c598 0x9c598 0x99998 0x0
SetMenu 0x0 0x49c59c 0x9c59c 0x9999c 0x0
SetKeyboardState 0x0 0x49c5a0 0x9c5a0 0x999a0 0x0
SetForegroundWindow 0x0 0x49c5a4 0x9c5a4 0x999a4 0x0
SetFocus 0x0 0x49c5a8 0x9c5a8 0x999a8 0x0
SetCursor 0x0 0x49c5ac 0x9c5ac 0x999ac 0x0
SetClipboardData 0x0 0x49c5b0 0x9c5b0 0x999b0 0x0
SetClassLongA 0x0 0x49c5b4 0x9c5b4 0x999b4 0x0
SetCapture 0x0 0x49c5b8 0x9c5b8 0x999b8 0x0
SetActiveWindow 0x0 0x49c5bc 0x9c5bc 0x999bc 0x0
SendMessageA 0x0 0x49c5c0 0x9c5c0 0x999c0 0x0
ScrollWindowEx 0x0 0x49c5c4 0x9c5c4 0x999c4 0x0
ScrollWindow 0x0 0x49c5c8 0x9c5c8 0x999c8 0x0
ScreenToClient 0x0 0x49c5cc 0x9c5cc 0x999cc 0x0
RemovePropA 0x0 0x49c5d0 0x9c5d0 0x999d0 0x0
RemoveMenu 0x0 0x49c5d4 0x9c5d4 0x999d4 0x0
ReleaseDC 0x0 0x49c5d8 0x9c5d8 0x999d8 0x0
ReleaseCapture 0x0 0x49c5dc 0x9c5dc 0x999dc 0x0
RegisterWindowMessageA 0x0 0x49c5e0 0x9c5e0 0x999e0 0x0
RegisterClipboardFormatA 0x0 0x49c5e4 0x9c5e4 0x999e4 0x0
RegisterClassA 0x0 0x49c5e8 0x9c5e8 0x999e8 0x0
RedrawWindow 0x0 0x49c5ec 0x9c5ec 0x999ec 0x0
PtInRect 0x0 0x49c5f0 0x9c5f0 0x999f0 0x0
PostQuitMessage 0x0 0x49c5f4 0x9c5f4 0x999f4 0x0
PostMessageA 0x0 0x49c5f8 0x9c5f8 0x999f8 0x0
PeekMessageA 0x0 0x49c5fc 0x9c5fc 0x999fc 0x0
OpenClipboard 0x0 0x49c600 0x9c600 0x99a00 0x0
OffsetRect 0x0 0x49c604 0x9c604 0x99a04 0x0
OemToCharA 0x0 0x49c608 0x9c608 0x99a08 0x0
MsgWaitForMultipleObjects 0x0 0x49c60c 0x9c60c 0x99a0c 0x0
MessageBoxA 0x0 0x49c610 0x9c610 0x99a10 0x0
MessageBeep 0x0 0x49c614 0x9c614 0x99a14 0x0
MapWindowPoints 0x0 0x49c618 0x9c618 0x99a18 0x0
MapVirtualKeyA 0x0 0x49c61c 0x9c61c 0x99a1c 0x0
LoadStringA 0x0 0x49c620 0x9c620 0x99a20 0x0
LoadKeyboardLayoutA 0x0 0x49c624 0x9c624 0x99a24 0x0
LoadIconA 0x0 0x49c628 0x9c628 0x99a28 0x0
LoadCursorA 0x0 0x49c62c 0x9c62c 0x99a2c 0x0
LoadBitmapA 0x0 0x49c630 0x9c630 0x99a30 0x0
KillTimer 0x0 0x49c634 0x9c634 0x99a34 0x0
IsZoomed 0x0 0x49c638 0x9c638 0x99a38 0x0
IsWindowVisible 0x0 0x49c63c 0x9c63c 0x99a3c 0x0
IsWindowEnabled 0x0 0x49c640 0x9c640 0x99a40 0x0
IsWindow 0x0 0x49c644 0x9c644 0x99a44 0x0
IsRectEmpty 0x0 0x49c648 0x9c648 0x99a48 0x0
IsIconic 0x0 0x49c64c 0x9c64c 0x99a4c 0x0
IsDialogMessageA 0x0 0x49c650 0x9c650 0x99a50 0x0
IsChild 0x0 0x49c654 0x9c654 0x99a54 0x0
IsCharAlphaNumericA 0x0 0x49c658 0x9c658 0x99a58 0x0
IsCharAlphaA 0x0 0x49c65c 0x9c65c 0x99a5c 0x0
InvalidateRect 0x0 0x49c660 0x9c660 0x99a60 0x0
IntersectRect 0x0 0x49c664 0x9c664 0x99a64 0x0
InsertMenuItemA 0x0 0x49c668 0x9c668 0x99a68 0x0
InsertMenuA 0x0 0x49c66c 0x9c66c 0x99a6c 0x0
InflateRect 0x0 0x49c670 0x9c670 0x99a70 0x0
GetWindowThreadProcessId 0x0 0x49c674 0x9c674 0x99a74 0x0
GetWindowTextA 0x0 0x49c678 0x9c678 0x99a78 0x0
GetWindowRect 0x0 0x49c67c 0x9c67c 0x99a7c 0x0
GetWindowPlacement 0x0 0x49c680 0x9c680 0x99a80 0x0
GetWindowLongA 0x0 0x49c684 0x9c684 0x99a84 0x0
GetWindowDC 0x0 0x49c688 0x9c688 0x99a88 0x0
GetTopWindow 0x0 0x49c68c 0x9c68c 0x99a8c 0x0
GetSystemMetrics 0x0 0x49c690 0x9c690 0x99a90 0x0
GetSystemMenu 0x0 0x49c694 0x9c694 0x99a94 0x0
GetSysColorBrush 0x0 0x49c698 0x9c698 0x99a98 0x0
GetSysColor 0x0 0x49c69c 0x9c69c 0x99a9c 0x0
GetSubMenu 0x0 0x49c6a0 0x9c6a0 0x99aa0 0x0
GetScrollRange 0x0 0x49c6a4 0x9c6a4 0x99aa4 0x0
GetScrollPos 0x0 0x49c6a8 0x9c6a8 0x99aa8 0x0
GetScrollInfo 0x0 0x49c6ac 0x9c6ac 0x99aac 0x0
GetPropA 0x0 0x49c6b0 0x9c6b0 0x99ab0 0x0
GetParent 0x0 0x49c6b4 0x9c6b4 0x99ab4 0x0
GetWindow 0x0 0x49c6b8 0x9c6b8 0x99ab8 0x0
GetMessageTime 0x0 0x49c6bc 0x9c6bc 0x99abc 0x0
GetMessagePos 0x0 0x49c6c0 0x9c6c0 0x99ac0 0x0
GetMenuStringA 0x0 0x49c6c4 0x9c6c4 0x99ac4 0x0
GetMenuState 0x0 0x49c6c8 0x9c6c8 0x99ac8 0x0
GetMenuItemInfoA 0x0 0x49c6cc 0x9c6cc 0x99acc 0x0
GetMenuItemID 0x0 0x49c6d0 0x9c6d0 0x99ad0 0x0
GetMenuItemCount 0x0 0x49c6d4 0x9c6d4 0x99ad4 0x0
GetMenu 0x0 0x49c6d8 0x9c6d8 0x99ad8 0x0
GetLastActivePopup 0x0 0x49c6dc 0x9c6dc 0x99adc 0x0
GetKeyboardState 0x0 0x49c6e0 0x9c6e0 0x99ae0 0x0
GetKeyboardLayoutList 0x0 0x49c6e4 0x9c6e4 0x99ae4 0x0
GetKeyboardLayout 0x0 0x49c6e8 0x9c6e8 0x99ae8 0x0
GetKeyState 0x0 0x49c6ec 0x9c6ec 0x99aec 0x0
GetKeyNameTextA 0x0 0x49c6f0 0x9c6f0 0x99af0 0x0
GetIconInfo 0x0 0x49c6f4 0x9c6f4 0x99af4 0x0
GetForegroundWindow 0x0 0x49c6f8 0x9c6f8 0x99af8 0x0
GetFocus 0x0 0x49c6fc 0x9c6fc 0x99afc 0x0
GetDoubleClickTime 0x0 0x49c700 0x9c700 0x99b00 0x0
GetDesktopWindow 0x0 0x49c704 0x9c704 0x99b04 0x0
GetDCEx 0x0 0x49c708 0x9c708 0x99b08 0x0
GetDC 0x0 0x49c70c 0x9c70c 0x99b0c 0x0
GetCursorPos 0x0 0x49c710 0x9c710 0x99b10 0x0
GetCursor 0x0 0x49c714 0x9c714 0x99b14 0x0
GetClipboardData 0x0 0x49c718 0x9c718 0x99b18 0x0
GetClientRect 0x0 0x49c71c 0x9c71c 0x99b1c 0x0
GetClassNameA 0x0 0x49c720 0x9c720 0x99b20 0x0
GetClassInfoA 0x0 0x49c724 0x9c724 0x99b24 0x0
GetCaretPos 0x0 0x49c728 0x9c728 0x99b28 0x0
GetCapture 0x0 0x49c72c 0x9c72c 0x99b2c 0x0
GetActiveWindow 0x0 0x49c730 0x9c730 0x99b30 0x0
FrameRect 0x0 0x49c734 0x9c734 0x99b34 0x0
FindWindowA 0x0 0x49c738 0x9c738 0x99b38 0x0
FillRect 0x0 0x49c73c 0x9c73c 0x99b3c 0x0
EqualRect 0x0 0x49c740 0x9c740 0x99b40 0x0
EnumWindows 0x0 0x49c744 0x9c744 0x99b44 0x0
EnumThreadWindows 0x0 0x49c748 0x9c748 0x99b48 0x0
EnumClipboardFormats 0x0 0x49c74c 0x9c74c 0x99b4c 0x0
EndPaint 0x0 0x49c750 0x9c750 0x99b50 0x0
EnableWindow 0x0 0x49c754 0x9c754 0x99b54 0x0
EnableScrollBar 0x0 0x49c758 0x9c758 0x99b58 0x0
EnableMenuItem 0x0 0x49c75c 0x9c75c 0x99b5c 0x0
EmptyClipboard 0x0 0x49c760 0x9c760 0x99b60 0x0
DrawTextA 0x0 0x49c764 0x9c764 0x99b64 0x0
DrawMenuBar 0x0 0x49c768 0x9c768 0x99b68 0x0
DrawIconEx 0x0 0x49c76c 0x9c76c 0x99b6c 0x0
DrawIcon 0x0 0x49c770 0x9c770 0x99b70 0x0
DrawFrameControl 0x0 0x49c774 0x9c774 0x99b74 0x0
DrawFocusRect 0x0 0x49c778 0x9c778 0x99b78 0x0
DrawEdge 0x0 0x49c77c 0x9c77c 0x99b7c 0x0
DispatchMessageA 0x0 0x49c780 0x9c780 0x99b80 0x0
DestroyWindow 0x0 0x49c784 0x9c784 0x99b84 0x0
DestroyMenu 0x0 0x49c788 0x9c788 0x99b88 0x0
DestroyIcon 0x0 0x49c78c 0x9c78c 0x99b8c 0x0
DestroyCursor 0x0 0x49c790 0x9c790 0x99b90 0x0
DeleteMenu 0x0 0x49c794 0x9c794 0x99b94 0x0
DefWindowProcA 0x0 0x49c798 0x9c798 0x99b98 0x0
DefMDIChildProcA 0x0 0x49c79c 0x9c79c 0x99b9c 0x0
DefFrameProcA 0x0 0x49c7a0 0x9c7a0 0x99ba0 0x0
CreatePopupMenu 0x0 0x49c7a4 0x9c7a4 0x99ba4 0x0
CreateMenu 0x0 0x49c7a8 0x9c7a8 0x99ba8 0x0
CreateIcon 0x0 0x49c7ac 0x9c7ac 0x99bac 0x0
CloseClipboard 0x0 0x49c7b0 0x9c7b0 0x99bb0 0x0
ClientToScreen 0x0 0x49c7b4 0x9c7b4 0x99bb4 0x0
ChildWindowFromPoint 0x0 0x49c7b8 0x9c7b8 0x99bb8 0x0
CheckMenuItem 0x0 0x49c7bc 0x9c7bc 0x99bbc 0x0
CallWindowProcA 0x0 0x49c7c0 0x9c7c0 0x99bc0 0x0
CallNextHookEx 0x0 0x49c7c4 0x9c7c4 0x99bc4 0x0
BeginPaint 0x0 0x49c7c8 0x9c7c8 0x99bc8 0x0
CharNextA 0x0 0x49c7cc 0x9c7cc 0x99bcc 0x0
CharLowerBuffA 0x0 0x49c7d0 0x9c7d0 0x99bd0 0x0
CharLowerA 0x0 0x49c7d4 0x9c7d4 0x99bd4 0x0
CharUpperBuffA 0x0 0x49c7d8 0x9c7d8 0x99bd8 0x0
CharToOemA 0x0 0x49c7dc 0x9c7dc 0x99bdc 0x0
AdjustWindowRectEx 0x0 0x49c7e0 0x9c7e0 0x99be0 0x0
ActivateKeyboardLayout 0x0 0x49c7e4 0x9c7e4 0x99be4 0x0
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x49c7ec 0x9c7ec 0x99bec 0x0
oleaut32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayPtrOfIndex 0x0 0x49c7f4 0x9c7f4 0x99bf4 0x0
SafeArrayGetUBound 0x0 0x49c7f8 0x9c7f8 0x99bf8 0x0
SafeArrayGetLBound 0x0 0x49c7fc 0x9c7fc 0x99bfc 0x0
SafeArrayCreate 0x0 0x49c800 0x9c800 0x99c00 0x0
VariantChangeType 0x0 0x49c804 0x9c804 0x99c04 0x0
VariantCopy 0x0 0x49c808 0x9c808 0x99c08 0x0
VariantClear 0x0 0x49c80c 0x9c80c 0x99c0c 0x0
VariantInit 0x0 0x49c810 0x9c810 0x99c10 0x0
ole32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleUninitialize 0x0 0x49c818 0x9c818 0x99c18 0x0
OleInitialize 0x0 0x49c81c 0x9c81c 0x99c1c 0x0
CoTaskMemAlloc 0x0 0x49c820 0x9c820 0x99c20 0x0
CoCreateInstance 0x0 0x49c824 0x9c824 0x99c24 0x0
CoUninitialize 0x0 0x49c828 0x9c828 0x99c28 0x0
CoInitialize 0x0 0x49c82c 0x9c82c 0x99c2c 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetErrorInfo 0x0 0x49c834 0x9c834 0x99c34 0x0
SysFreeString 0x0 0x49c838 0x9c838 0x99c38 0x0
comctl32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_SetIconSize 0x0 0x49c840 0x9c840 0x99c40 0x0
ImageList_GetIconSize 0x0 0x49c844 0x9c844 0x99c44 0x0
ImageList_Write 0x0 0x49c848 0x9c848 0x99c48 0x0
ImageList_Read 0x0 0x49c84c 0x9c84c 0x99c4c 0x0
ImageList_GetDragImage 0x0 0x49c850 0x9c850 0x99c50 0x0
ImageList_DragShowNolock 0x0 0x49c854 0x9c854 0x99c54 0x0
ImageList_SetDragCursorImage 0x0 0x49c858 0x9c858 0x99c58 0x0
ImageList_DragMove 0x0 0x49c85c 0x9c85c 0x99c5c 0x0
ImageList_DragLeave 0x0 0x49c860 0x9c860 0x99c60 0x0
ImageList_DragEnter 0x0 0x49c864 0x9c864 0x99c64 0x0
ImageList_EndDrag 0x0 0x49c868 0x9c868 0x99c68 0x0
ImageList_BeginDrag 0x0 0x49c86c 0x9c86c 0x99c6c 0x0
ImageList_Remove 0x0 0x49c870 0x9c870 0x99c70 0x0
ImageList_DrawEx 0x0 0x49c874 0x9c874 0x99c74 0x0
ImageList_Draw 0x0 0x49c878 0x9c878 0x99c78 0x0
ImageList_GetBkColor 0x0 0x49c87c 0x9c87c 0x99c7c 0x0
ImageList_SetBkColor 0x0 0x49c880 0x9c880 0x99c80 0x0
ImageList_ReplaceIcon 0x0 0x49c884 0x9c884 0x99c84 0x0
ImageList_Add 0x0 0x49c888 0x9c888 0x99c88 0x0
ImageList_GetImageCount 0x0 0x49c88c 0x9c88c 0x99c8c 0x0
ImageList_Destroy 0x0 0x49c890 0x9c890 0x99c90 0x0
ImageList_Create 0x0 0x49c894 0x9c894 0x99c94 0x0
InitCommonControls 0x0 0x49c898 0x9c898 0x99c98 0x0
shell32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteExA 0x0 0x49c8a0 0x9c8a0 0x99ca0 0x0
ShellExecuteA 0x0 0x49c8a4 0x9c8a4 0x99ca4 0x0
SHGetFileInfoA 0x0 0x49c8a8 0x9c8a8 0x99ca8 0x0
shell32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetSpecialFolderLocation 0x0 0x49c8b0 0x9c8b0 0x99cb0 0x0
SHGetMalloc 0x0 0x49c8b4 0x9c8b4 0x99cb4 0x0
SHGetDesktopFolder 0x0 0x49c8b8 0x9c8b8 0x99cb8 0x0
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MulDiv 0x0 0x49c8c0 0x9c8c0 0x99cc0 0x0
Memory Dumps (58)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
dwm.exe 1 0x00400000 0x004C3FFF Relevant Image True 32-bit 0x0040598C False False
...
buffer 1 0x001A0000 0x001A0FFF First Execution False 32-bit 0x001A0FEF False False
...
buffer 1 0x00270000 0x00275FFF First Execution False 32-bit 0x00271340 False False
...
buffer 1 0x003A0000 0x003A0FFF First Execution False 32-bit 0x003A0004 False False
...
buffer 1 0x003C0000 0x003D7FFF Image In Buffer True 32-bit - False False
...
buffer 1 0x01F50000 0x01FA8FFF Image In Buffer True 32-bit - False False
...
dwm.exe 1 0x00400000 0x004C3FFF Process Termination True 32-bit - False False
...
buffer 2 0x00400000 0x00458FFF First Execution True 32-bit 0x00457710 False False
...
buffer 2 0x00400000 0x00458FFF Content Changed True 32-bit 0x004272BF False False
...
buffer 2 0x00400000 0x00458FFF Content Changed True 32-bit 0x0042812C False False
...
buffer 2 0x00400000 0x00458FFF Content Changed True 32-bit 0x0042A237 False False
...
buffer 2 0x00400000 0x00458FFF Content Changed True 32-bit 0x0042B4A4 False False
...
buffer 2 0x00400000 0x00458FFF Content Changed True 32-bit 0x0042C3B2 False False
...
buffer 2 0x00400000 0x00458FFF Content Changed True 32-bit 0x0042E7C7 False False
...
buffer 2 0x00310000 0x00335FFF Content Changed True 32-bit - False False
...
buffer 2 0x00400000 0x00458FFF Content Changed True 32-bit 0x0042D5F3 False False
...
buffer 2 0x00400000 0x00458FFF Content Changed True 32-bit 0x0042704F False False
...
buffer 2 0x003B2000 0x003B2FFF First Execution False 32-bit 0x003B2CF8 False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF First Execution True 32-bit 0x76D4435F False False
...
buffer 2 0x003B2000 0x003B2FFF Marked Executable False 32-bit - False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
buffer 2 0x003B2000 0x003B2FFF Marked Executable False 32-bit - False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
buffer 2 0x003B2000 0x003B2FFF Marked Executable False 32-bit - False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
buffer 2 0x003B2000 0x003B2FFF Marked Executable False 32-bit - False False
...
ntdll.dll 2 0x77C40000 0x77DBFFFF First Execution True 32-bit 0x77C6E026 False False
...
buffer 2 0x003B2000 0x003B2FFF Marked Executable False 32-bit - False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
buffer 2 0x003B2000 0x003B2FFF Marked Executable False 32-bit - False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
buffer 2 0x003B2000 0x003B2FFF Marked Executable False 32-bit - False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
buffer 2 0x003B2000 0x003B2FFF Marked Executable False 32-bit - False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
buffer 2 0x003B2000 0x003B2FFF Marked Executable False 32-bit - False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
buffer 2 0x00400000 0x00458FFF Content Changed True 32-bit 0x0040F3DA False False
...
buffer 2 0x00400000 0x00458FFF Content Changed True 32-bit 0x0042B7F0 False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
ntdll.dll 2 0x77C40000 0x77DBFFFF Content Changed True 32-bit 0x77C6E026 False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
buffer 2 0x00400000 0x00458FFF Content Changed True 32-bit 0x0042D4BC False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
kernel32.dll 2 0x76D30000 0x76E3FFFF Content Changed True 32-bit 0x76D4435F False False
...
buffer 2 0x004D4000 0x004D5FFF First Execution False 32-bit 0x004D5560 False False
...
buffer 2 0x003DD000 0x003DDFFF First Execution False 32-bit 0x003DD040 False False
...
buffer 2 0x003DD000 0x003DDFFF Content Changed False 32-bit 0x003DD15C False False
...
buffer 2 0x004D4000 0x004D5FFF Content Changed False 32-bit 0x004D406A False False
...
buffer 2 0x003DD000 0x003DDFFF Content Changed False 32-bit 0x003DD040 False False
...
buffer 2 0x003DD000 0x003DDFFF Content Changed False 32-bit 0x003DD040 False False
...
buffer 2 0x003DD000 0x003DDFFF Content Changed False 32-bit 0x003DD040 False False
...
buffer 2 0x00400000 0x00458FFF Content Changed True 32-bit 0x0042ABED False False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Ursu.776837
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Au3lbVRbKt_X9 qS\r3SYZ85_GQIxusl\tDH0GbrIBu8Em\s55Qk9yhgt-v7rwcM\HELP_ME_RECOVER_MY_FILES.txt Dropped File Text
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\t9A_Y7biy1Qa0YsT1Bd\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\JWWFC2T3w\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\TrRtfx2cJO4BBngXdF6\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\my0UQGSHN\fejpucERprfje\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Au3lbVRbKt_X9 qS\r3SYZ85_GQIxusl\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\Public\Music\Sample Music\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Au3lbVRbKt_X9 qS\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\Default\AppData\Local\Temp\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Au3lbVRbKt_X9 qS\r3SYZ85_GQIxusl\tDH0GbrIBu8Em\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\TrRtfx2cJO4BBngXdF6\975BR3VH\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\RcDO_z0f1_ld\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\JWWFC2T3w\6s_UcgaOk3wAB0zvyd\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\my0UQGSHN\fejpucERprfje\mtsH\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\my0UQGSHN\LVQDCWarYFzD_\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\JWWFC2T3w\6s_UcgaOk3wAB0zvyd\l_QNcKeGQXWHKIVov\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\my0UQGSHN\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\my0UQGSHN\fejpucERprfje\K5dvl7fT\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Media Player\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\Public\Pictures\Sample Pictures\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Mozilla\Firefox\Profiles\silmbjec.default\thumbnails\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\STgA9T8b\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Music\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Qt4 x3LEEV\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\Default\AppData\Local\Microsoft\Media Player\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Au3lbVRbKt_X9 qS\sb 40mThxX\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Music\Kgi6bSwR\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\HELP_ME_RECOVER_MY_FILES.txt (Dropped File)
Mime Type text/plain
File Size 1.60 KB
MD5 c7d0f430e92111ab844c5367a7924a83 Copy to Clipboard
SHA1 eaad5702d27b5628bab13298baa73308a1f9d946 Copy to Clipboard
SHA256 48a7515822768ad77b6c021cd6bd20388c97429f50b79f547535b4218969b975 Copy to Clipboard
SSDeep 48:6cgIvtWn9gQ81xQIDo2fa8ka8bugBC+pWuX:DgKtHp5DPfsDTBhpP Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\wallpaper.bmp Dropped File Image
Unknown
...
»
Mime Type image/x-ms-bmp
File Size 10.05 MB
MD5 00a7288926e3b1e80aed5b286fd1b0ce Copy to Clipboard
SHA1 daddb8030a1df2fefb98246ef1b5979995c52cfd Copy to Clipboard
SHA256 2bea2f11a499a60eab951a5b0bad6955fa16bc862b4ebe622b979f6ecc22d315 Copy to Clipboard
SSDeep 49152:F/7L9jX1sn6ucE2uJhuKKobCI6vOE/xDogMmUhq:F/7L92n6uczgua+vOEJDogMmUhq Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\FXSAPIDebugLogFile.txt.ravack Dropped File Unknown
Not Queried
...
»
Mime Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image