VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: |
Ransomware
Wiper
Dropper
|
Threat Names: |
Win32.Virlock.Gen.1
Gen:Trojan.Heur.FU.IqX@aq8O8nni
Gen:Trojan.Heur.TP.IqX@bq8O8nni
...
|
Lef9NVBNY3Gqm5dX.exe
Windows Exe (x86-32)
Created at 2020-03-31T14:56:00
Remarks (2/3)
(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.
(0x0200000E): The overall sleep time of all monitored processes was truncated from "4 hours, 21 minutes, 12 seconds" to "7 minutes, 50 seconds" to reveal dormant functionality.
Remarks
(0x0200000F): The maximum number of memory dumps was exceeded. Some dumps may be missing in the report.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lef9NVBNY3Gqm5dX.exe | Sample File | Binary |
Malicious
|
...
|
»
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x401000 |
Size Of Code | 0x83200 |
Size Of Initialized Data | 0x1600 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2015-01-06 00:36:08+00:00 |
Sections (4)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x84000 | 0x83200 | 0x600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.96 |
.rdata | 0x485000 | 0x1000 | 0x200 | 0x83800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.94 |
.data | 0x486000 | 0x136 | 0x200 | 0x83a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.97 |
.rsrc | 0x487000 | 0x115c | 0x1200 | 0x83c00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 6.21 |
Imports (2)
»
advapi32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CryptVerifySignatureW | 0x0 | 0x485000 | 0x85050 | 0x83850 | 0xa3 |
user32.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetClipboardSequenceNumber | 0x0 | 0x485008 | 0x85058 | 0x83858 | 0xef |
GetMessageTime | 0x0 | 0x48500c | 0x8505c | 0x8385c | 0x125 |
Memory Dumps (354)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Relevant Image | 32-bit | 0x00481804 |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x00481F0B |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x00463B35 |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x00464BDF |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x00463B94 |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x00458A28 |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x004590F4 |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x0045D9DE |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x0046132D |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x0040ABE5 |
...
|
|||
buffer | 1 | 0x00900000 | 0x00901FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 1 | 0x008F0000 | 0x008F1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 1 | 0x00910000 | 0x00911FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 1 | 0x00900000 | 0x00901FFF | Content Changed | 32-bit | - |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x0045E000 |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x0045CF5A |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x00404619 |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x004628BD |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x00468B5F |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Content Changed | 32-bit | 0x0045B57D |
...
|
|||
buffer | 1 | 0x047B0000 | 0x047B0FFF | Image In Buffer | 32-bit | - |
...
|
|||
buffer | 1 | 0x047C0000 | 0x047C0FFF | Image In Buffer | 32-bit | - |
...
|
|||
lef9nvbny3gqm5dx.exe | 1 | 0x00400000 | 0x00488FFF | Final Dump | 32-bit | - |
...
|
|||
buffer | 1 | 0x047A0000 | 0x047A0FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04750000 | 0x04750FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052E0000 | 0x052E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052E0000 | 0x052E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052E0000 | 0x052E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052E0000 | 0x052E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052B0000 | 0x052B1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052B0000 | 0x052B1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052B0000 | 0x052B1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052B0000 | 0x052B1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04750000 | 0x04750FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x053A0000 | 0x053A1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05380000 | 0x05381FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x053A0000 | 0x053A1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05380000 | 0x05381FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x053A0000 | 0x053A1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05380000 | 0x05381FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x053A0000 | 0x053A1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05380000 | 0x05381FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05590000 | 0x05591FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05430000 | 0x05431FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05590000 | 0x05591FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05430000 | 0x05431FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05590000 | 0x05591FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05430000 | 0x05431FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05590000 | 0x05591FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05430000 | 0x05431FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Win32.Virlock.Gen.1 |
Malicious
|
C:\Users\5p5NrGJn0jS HALPmcxz\duIwksoU\BUccwoAg.exe | Dropped File | Binary |
Malicious
|
...
|
»
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x401000 |
Size Of Code | 0x77400 |
Size Of Initialized Data | 0x400 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2015-01-06 00:36:08+00:00 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x78000 | 0x77400 | 0x600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.96 |
.rdata | 0x479000 | 0x1000 | 0x200 | 0x77a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 2.05 |
.data | 0x47a000 | 0x158 | 0x200 | 0x77c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.37 |
Imports (3)
»
ntdll.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RtlDeleteElementGenericTable | 0x0 | 0x479000 | 0x79068 | 0x77a68 | 0x1e9 |
kernel32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetVersion | 0x0 | 0x479008 | 0x79070 | 0x77a70 | 0x195 |
user32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetActiveWindow | 0x0 | 0x479010 | 0x79078 | 0x77a78 | 0xd8 |
Memory Dumps (418)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
buffer | 1 | 0x00900000 | 0x00901FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 1 | 0x008F0000 | 0x008F1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 1 | 0x00910000 | 0x00911FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 1 | 0x00900000 | 0x00901FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Relevant Image | 32-bit | 0x004753A5 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x004754F2 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00463B35 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00458A28 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x004590F4 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045D9DE |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0046132D |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x004608E2 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045E000 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045CF5A |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00404619 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00403015 |
...
|
|||
buffer | 2 | 0x04790000 | 0x04790FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00408D79 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045396F |
...
|
|||
buffer | 2 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040D7AF |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00454000 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040A371 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040B21C |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040C44D |
...
|
|||
buffer | 3 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045D53D |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040A371 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040B21C |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00461B3E |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x004621C5 |
...
|
|||
buffer | 2 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052E0000 | 0x052E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052E0000 | 0x052E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052E0000 | 0x052E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052E0000 | 0x052E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00454059 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00457E5B |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00456105 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00463AC8 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00472000 |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x004730AF |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00470FE4 |
...
|
|||
buffer | 2 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052B0000 | 0x052B1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052B0000 | 0x052B1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052B0000 | 0x052B1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052B0000 | 0x052B1FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 2 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045A2A4 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Relevant Image | 32-bit | 0x004753A5 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x004754F2 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00463B35 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00402ACD |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00458A28 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x004590F4 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045D9DE |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0046132D |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045E000 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045CF5A |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00404619 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00403015 |
...
|
|||
buffer | 25 | 0x04790000 | 0x04790FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00408D79 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045396F |
...
|
|||
buffer | 25 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040D7AF |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00454000 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040A371 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040C44D |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x004621C5 |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045983F |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00457E5B |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00456105 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00463AC8 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040B45C |
...
|
|||
buffer | 25 | 0x053A0000 | 0x053A1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05380000 | 0x05381FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x053A0000 | 0x053A1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05380000 | 0x05381FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x053A0000 | 0x053A1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05380000 | 0x05381FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x053A0000 | 0x053A1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05380000 | 0x05381FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00410B05 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00471C8C |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x004730AF |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00470FE4 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045D53D |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045396F |
...
|
|||
buffer | 25 | 0x05590000 | 0x05591FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05430000 | 0x05431FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05590000 | 0x05591FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05430000 | 0x05431FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05590000 | 0x05591FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05430000 | 0x05431FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05590000 | 0x05591FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05430000 | 0x05431FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045A2A4 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045B57D |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x004655C0 |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00460AE7 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040F1D2 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00461B3E |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040D08E |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040EFB5 |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040AB3F |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00470FE4 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x004621C5 |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040EF30 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040C8E9 |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040D08E |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E52FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00467EE7 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00457522 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00456FDE |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045C0E5 |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045EC76 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00410B05 |
...
|
|||
buccwoag.exe | 25 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040F6F8 |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Win32.Virlock.Gen.1 |
Malicious
|
C:\ProgramData\GSogosQc\YMIIsQMA.exe | Dropped File | Binary |
Malicious
|
...
|
»
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x401000 |
Size Of Code | 0x77000 |
Size Of Initialized Data | 0x400 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2015-01-06 00:36:08+00:00 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x77000 | 0x77000 | 0x600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.96 |
.rdata | 0x478000 | 0x1000 | 0x200 | 0x77600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 2.96 |
.data | 0x479000 | 0x130 | 0x200 | 0x77800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.9 |
Imports (3)
»
advapi32.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SetNamedSecurityInfoExW | 0x0 | 0x478000 | 0x78070 | 0x77670 | 0x210 |
GetSidSubAuthorityCount | 0x0 | 0x478004 | 0x78074 | 0x77674 | 0x110 |
ws2_32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
WSAAsyncGetHostByName | 0x0 | 0x47800c | 0x7807c | 0x7767c | 0x9 |
kernel32.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetProcessHeap | 0x0 | 0x478014 | 0x78084 | 0x77684 | 0x156 |
GetConsoleWindow | 0x0 | 0x478018 | 0x78088 | 0x77688 | 0xf9 |
Memory Dumps (392)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
buffer | 1 | 0x00900000 | 0x00901FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 1 | 0x008F0000 | 0x008F1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 1 | 0x00910000 | 0x00911FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 1 | 0x00900000 | 0x00901FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 1 | 0x047A0000 | 0x047A0FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Relevant Image | 32-bit | 0x004752C8 |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00475C10 |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00463B35 |
...
|
|||
buffer | 2 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00458A28 |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x004590F4 |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0045D9DE |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0046132D |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0045E000 |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0046387E |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00404619 |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00458E42 |
...
|
|||
buffer | 3 | 0x04750000 | 0x04750FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00408D79 |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00460360 |
...
|
|||
buffer | 3 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0040D7AF |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00454000 |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00410A5D |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0040C44D |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0045D53D |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00410B05 |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0040B21C |
...
|
|||
buffer | 2 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00461B3E |
...
|
|||
ymiisqma.exe | 3 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x004621C5 |
...
|
|||
buffer | 3 | 0x052E0000 | 0x052E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052E0000 | 0x052E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052E0000 | 0x052E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052E0000 | 0x052E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 3 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052B0000 | 0x052B1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052B0000 | 0x052B1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052B0000 | 0x052B1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052D0000 | 0x052D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 2 | 0x052B0000 | 0x052B1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BE0000 | 0x04BE1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04BD0000 | 0x04BD1FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Relevant Image | 32-bit | 0x004752C8 |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00475C10 |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00463B35 |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00458A28 |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x004590F4 |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0045D9DE |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0046132D |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0045E000 |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0045CF5A |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00404619 |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05220000 | 0x05221FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05210000 | 0x05211FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00403015 |
...
|
|||
buffer | 27 | 0x04750000 | 0x04750FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00408D79 |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0045396F |
...
|
|||
buffer | 27 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04BA0000 | 0x04BA1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x04B90000 | 0x04B91FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0040D7AF |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00454000 |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0040C44D |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0040A371 |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0040B21C |
...
|
|||
buffer | 25 | 0x053A0000 | 0x053A1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05380000 | 0x05381FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x053A0000 | 0x053A1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05380000 | 0x05381FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x053A0000 | 0x053A1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05380000 | 0x05381FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x053A0000 | 0x053A1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05380000 | 0x05381FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0045396F |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00461B3E |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05590000 | 0x05591FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05430000 | 0x05431FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05590000 | 0x05591FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05430000 | 0x05431FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05590000 | 0x05591FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05430000 | 0x05431FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05590000 | 0x05591FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05430000 | 0x05431FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00454059 |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00410B05 |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0040F1D2 |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D2FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D2FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051E0000 | 0x051E1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x051D0000 | 0x051D1FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0045D53D |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05252FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05610000 | 0x05611FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x05600000 | 0x05601FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0040C44D |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00460AE7 |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0040EF30 |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0040D08E |
...
|
|||
buffer | 27 | 0x05250000 | 0x05252FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x004621C5 |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x00454059 |
...
|
|||
ymiisqma.exe | 27 | 0x00400000 | 0x00479FFF | Content Changed | 32-bit | 0x0040B45C |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05260000 | 0x05261FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 27 | 0x05250000 | 0x05251FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E60000 | 0x04E61FFF | Content Changed | 32-bit | - |
...
|
|||
buffer | 25 | 0x04E50000 | 0x04E51FFF | Content Changed | 32-bit | - |
...
|
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Win32.Virlock.Gen.1 |
Malicious
|
C:\ProgramData\VWcUEoYI\ssYIYkgc.exe | Dropped File | Binary |
Malicious
|
...
|
»
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x401000 |
Size Of Code | 0x77c00 |
Size Of Initialized Data | 0x400 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2015-01-06 00:36:08+00:00 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x78000 | 0x77c00 | 0x600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.96 |
.rdata | 0x479000 | 0x1000 | 0x200 | 0x78200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.28 |
.data | 0x47a000 | 0xc3 | 0x200 | 0x78400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.45 |
Imports (4)
»
ntdll.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RtlComputePrivatizedDllName_U | 0x0 | 0x479000 | 0x79088 | 0x78288 | 0x1b3 |
RtlpUnWaitCriticalSection | 0x0 | 0x479004 | 0x7908c | 0x7828c | 0x371 |
shell32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SHPropStgReadMultiple | 0x0 | 0x47900c | 0x79094 | 0x78294 | 0xb4 |
user32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetInputState | 0x0 | 0x479014 | 0x7909c | 0x7829c | 0x105 |
kernel32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetSystemDefaultLangID | 0x0 | 0x47901c | 0x790a4 | 0x782a4 | 0x170 |
Memory Dumps (15)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
ssyiykgc.exe | 17 | 0x00400000 | 0x0047AFFF | Relevant Image | 32-bit | 0x0047589E |
...
|
|||
ssyiykgc.exe | 17 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00475D62 |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Relevant Image | 32-bit | 0x0047589E |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00475D62 |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00463B35 |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00458A28 |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x004590F4 |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045D9DE |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0046132D |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045E000 |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00404619 |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x00403015 |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0040AE4A |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045F078 |
...
|
|||
ssyiykgc.exe | 26 | 0x00400000 | 0x0047AFFF | Content Changed | 32-bit | 0x0045F1D4 |
...
|
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Win32.Virlock.Gen.1 |
Malicious
|
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x401000 |
Size Of Code | 0x143600 |
Size Of Initialized Data | 0x400 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2015-01-06 00:36:08+00:00 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x144000 | 0x143600 | 0x600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.88 |
.rdata | 0x545000 | 0x1000 | 0x200 | 0x143c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.17 |
.data | 0x546000 | 0x16c | 0x200 | 0x143e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.65 |
Imports (4)
»
oleaut32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
OleCreatePropertyFrameIndirect | 0x0 | 0x545000 | 0x145088 | 0x143c88 | 0x26 |
ntdll.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RtlInitializeAtomPackage | 0x0 | 0x545008 | 0x145090 | 0x143c90 | 0x275 |
kernel32.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetUserDefaultLangID | 0x0 | 0x545010 | 0x145098 | 0x143c98 | 0x192 |
DefineDosDeviceW | 0x0 | 0x545014 | 0x14509c | 0x143c9c | 0x65 |
user32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetInputDesktop | 0x0 | 0x54501c | 0x1450a4 | 0x143ca4 | 0x104 |
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Win32.Virlock.Gen.1 |
Malicious
|
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x401000 |
Size Of Code | 0x143600 |
Size Of Initialized Data | 0x400 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2015-01-06 00:36:08+00:00 |
Sections (4)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x144000 | 0x143600 | 0x600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.88 |
.rdata | 0x545000 | 0x1000 | 0x200 | 0x143c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.17 |
.data | 0x546000 | 0x16c | 0x200 | 0x143e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.65 |
.rsrc | 0x547000 | 0x200 | 0x200 | 0x144000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
Imports (4)
»
oleaut32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
OleCreatePropertyFrameIndirect | 0x0 | 0x545000 | 0x145088 | 0x143c88 | 0x26 |
ntdll.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RtlInitializeAtomPackage | 0x0 | 0x545008 | 0x145090 | 0x143c90 | 0x275 |
kernel32.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetUserDefaultLangID | 0x0 | 0x545010 | 0x145098 | 0x143c98 | 0x192 |
DefineDosDeviceW | 0x0 | 0x545014 | 0x14509c | 0x143c9c | 0x65 |
user32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetInputDesktop | 0x0 | 0x54501c | 0x1450a4 | 0x143ca4 | 0x104 |
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Win32.Virlock.Gen.1 |
Malicious
|
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.exe | Dropped File | Binary |
Malicious
|
...
|
»
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x401000 |
Size Of Code | 0x143600 |
Size Of Initialized Data | 0x1600 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2015-01-06 00:36:08+00:00 |
Sections (4)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x144000 | 0x143600 | 0x600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.88 |
.rdata | 0x545000 | 0x1000 | 0x200 | 0x143c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.17 |
.data | 0x546000 | 0x16c | 0x200 | 0x143e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.65 |
.rsrc | 0x547000 | 0x115c | 0x1200 | 0x144000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.8 |
Imports (4)
»
oleaut32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
OleCreatePropertyFrameIndirect | 0x0 | 0x545000 | 0x145088 | 0x143c88 | 0x26 |
ntdll.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RtlInitializeAtomPackage | 0x0 | 0x545008 | 0x145090 | 0x143c90 | 0x275 |
kernel32.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetUserDefaultLangID | 0x0 | 0x545010 | 0x145098 | 0x143c98 | 0x192 |
DefineDosDeviceW | 0x0 | 0x545014 | 0x14509c | 0x143c9c | 0x65 |
user32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetInputDesktop | 0x0 | 0x54501c | 0x1450a4 | 0x143ca4 | 0x104 |
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Win32.Virlock.Gen.1 |
Malicious
|
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ueeg.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ayiy.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\omgy.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ekcq.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mqey.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ekis.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iqme.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ueeq.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\sekq.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\auio.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\eykg.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kysq.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gkas.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ceao.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kkqu.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mmie.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\qckc.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mgyi.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\qqom.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ekao.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ywks.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ccsw.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gcgi.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ugow.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cais.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gyou.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\owqo.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\qkmq.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ouyk.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wwim.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\eacy.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cwwk.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\swqy.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\quyg.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ywma.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ysag.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kaiq.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cimc.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iwus.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wyys.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kucg.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gqia.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\sags.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\egeu.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\oqyu.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\yykq.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mkum.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kewu.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\esuy.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mqkk.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ykos.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ukkw.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\skwe.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wigc.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\auyy.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kwoq.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wyco.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\saqw.ico | Dropped File | Image |
Unknown
|
...
|
»
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\oeie.ico | Dropped File | Image |
Unknown
|
...
|
»