SmokeLoader | 8bbdda1786e1

Remarks

Maximum Dump Total Size Reached (0x0200005D): 327 additional dumps with the reason "Content Changed" and a total of 1084 MB were skipped because the respective maximum limit was reached.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\kEecfMwgj\Desktop\toolspab3.exe

Sample File

Binary

Also Known As	C:\Users\kEecfMwgj\AppData\Roaming\cdieedr (Dropped File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	331.50 KB
MD5	5e0ed8966761e70ee0b8dcd141aafb4c
SHA1	933e68212d0f6d029e920bd93e5dca7ca5bdcb7a
SHA256	8bbdda1786e15a568a573a2f38762e95de138af969e0a13b96d7086aaa98bfc2
SSDeep	6144:XFOSX78eVzsodTr6rv6acPyCmyD3+KHZc9FOKV:XvX77wo6rv6acPbmyDP5c9x
ImpHash	39de84e7a601fa8861e0e6a8c8b0a138

PE Information

Image Base	0x400000
Entry Point	0x423db0
Size Of Code	0x3ee00
Size Of Initialized Data	0x92000
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2021-04-01 11:52:59+00:00

Sections (6)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x3ed4e	0x3ee00	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.88
.data	0x440000	0x86f68	0x8c00	0x3f200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.69
.pejevu	0x4c7000	0x5	0x200	0x47e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.dozi	0x4c8000	0xd93	0xe00	0x48000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rsrc	0x4c9000	0x6288	0x6400	0x48e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.04
.reloc	0x4d0000	0x3bee	0x3c00	0x4f200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	4.58

Imports (1)

KERNEL32.dll (185)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetNamedPipeHandleStateW	-	0x401000	0x3ebf4	0x3dff4	0x221
CreateNamedPipeA	-	0x401004	0x3ebf8	0x3dff8	0x9f
CallNamedPipeW	-	0x401008	0x3ebfc	0x3dffc	0x3f
TerminateThread	-	0x40100c	0x3ec00	0x3e000	0x4c1
GetExitCodeProcess	-	0x401010	0x3ec04	0x3e004	0x1df
GetVersionExA	-	0x401014	0x3ec08	0x3e008	0x2a3
VerifyVersionInfoW	-	0x401018	0x3ec0c	0x3e00c	0x4e8
SetConsoleCP	-	0x40101c	0x3ec10	0x3e010	0x42c
GetConsoleAliasesLengthA	-	0x401020	0x3ec14	0x3e014	0x197
VerLanguageNameA	-	0x401024	0x3ec18	0x3e018	0x4e2
FindFirstFileExA	-	0x401028	0x3ec1c	0x3e01c	0x133
VerifyVersionInfoA	-	0x40102c	0x3ec20	0x3e020	0x4e7
FreeEnvironmentStringsA	-	0x401030	0x3ec24	0x3e024	0x160
GetProcessPriorityBoost	-	0x401034	0x3ec28	0x3e028	0x250
SetVolumeMountPointW	-	0x401038	0x3ec2c	0x3e02c	0x4ab
GetLongPathNameA	-	0x40103c	0x3ec30	0x3e030	0x20c
CopyFileA	-	0x401040	0x3ec34	0x3e034	0x70
TlsGetValue	-	0x401044	0x3ec38	0x3e038	0x4c7
SetConsoleCursorInfo	-	0x401048	0x3ec3c	0x3e03c	0x42f
TzSpecificLocalTimeToSystemTime	-	0x40104c	0x3ec40	0x3e040	0x4d0
AddAtomA	-	0x401050	0x3ec44	0x3e044	0x3
ReleaseMutex	-	0x401054	0x3ec48	0x3e048	0x3fa
GetNamedPipeHandleStateA	-	0x401058	0x3ec4c	0x3e04c	0x220
BuildCommDCBAndTimeoutsA	-	0x40105c	0x3ec50	0x3e050	0x3b
GetProcAddress	-	0x401060	0x3ec54	0x3e054	0x245
LoadLibraryA	-	0x401064	0x3ec58	0x3e058	0x33c
GlobalAlloc	-	0x401068	0x3ec5c	0x3e05c	0x2b3
Sleep	-	0x40106c	0x3ec60	0x3e060	0x4b2
TlsSetValue	-	0x401070	0x3ec64	0x3e064	0x4c8
MoveFileA	-	0x401074	0x3ec68	0x3e068	0x35e
GetCommandLineW	-	0x401078	0x3ec6c	0x3e06c	0x187
InterlockedExchange	-	0x40107c	0x3ec70	0x3e070	0x2ec
DeleteFileW	-	0x401080	0x3ec74	0x3e074	0xd6
CreateActCtxA	-	0x401084	0x3ec78	0x3e078	0x77
SetFileAttributesA	-	0x401088	0x3ec7c	0x3e07c	0x45e
GetPrivateProfileIntW	-	0x40108c	0x3ec80	0x3e080	0x23c
GetProcessHeap	-	0x401090	0x3ec84	0x3e084	0x24a
CreateNamedPipeW	-	0x401094	0x3ec88	0x3e088	0xa0
ReadConsoleOutputCharacterA	-	0x401098	0x3ec8c	0x3e08c	0x3bb
GetStartupInfoA	-	0x40109c	0x3ec90	0x3e090	0x262
GetDiskFreeSpaceExW	-	0x4010a0	0x3ec94	0x3e094	0x1ce
GetCPInfoExW	-	0x4010a4	0x3ec98	0x3e098	0x174
GetWindowsDirectoryW	-	0x4010a8	0x3ec9c	0x3e09c	0x2af
GetSystemWow64DirectoryA	-	0x4010ac	0x3eca0	0x3e0a0	0x27d
SetLastError	-	0x4010b0	0x3eca4	0x3e0a4	0x473
GetProfileStringA	-	0x4010b4	0x3eca8	0x3e0a8	0x25c
GetCalendarInfoW	-	0x4010b8	0x3ecac	0x3e0ac	0x17b
FreeUserPhysicalPages	-	0x4010bc	0x3ecb0	0x3e0b0	0x166
GetTickCount	-	0x4010c0	0x3ecb4	0x3e0b4	0x293
GetStringTypeA	-	0x4010c4	0x3ecb8	0x3e0b8	0x266
DebugBreak	-	0x4010c8	0x3ecbc	0x3e0bc	0xc7
FindFirstFileA	-	0x4010cc	0x3ecc0	0x3e0c0	0x132
lstrcmpA	-	0x4010d0	0x3ecc4	0x3e0c4	0x541
WriteFile	-	0x4010d4	0x3ecc8	0x3e0c8	0x525
GetConsoleMode	-	0x4010d8	0x3eccc	0x3e0cc	0x1ac
lstrcatW	-	0x4010dc	0x3ecd0	0x3e0d0	0x53f
SetFirmwareEnvironmentVariableA	-	0x4010e0	0x3ecd4	0x3e0d4	0x46c
DefineDosDeviceW	-	0x4010e4	0x3ecd8	0x3e0d8	0xcd
EndUpdateResourceA	-	0x4010e8	0x3ecdc	0x3e0dc	0xec
WriteConsoleW	-	0x4010ec	0x3ece0	0x3e0e0	0x524
InterlockedIncrement	-	0x4010f0	0x3ece4	0x3e0e4	0x2ef
SetSystemTimeAdjustment	-	0x4010f4	0x3ece8	0x3e0e8	0x48c
GetPrivateProfileSectionW	-	0x4010f8	0x3ecec	0x3e0ec	0x240
WritePrivateProfileSectionW	-	0x4010fc	0x3ecf0	0x3e0f0	0x529
GetPrivateProfileStructA	-	0x401100	0x3ecf4	0x3e0f4	0x243
GetPrivateProfileStructW	-	0x401104	0x3ecf8	0x3e0f8	0x244
GetFileAttributesExW	-	0x401108	0x3ecfc	0x3e0fc	0x1e7
HeapUnlock	-	0x40110c	0x3ed00	0x3e100	0x2d6
CreateIoCompletionPort	-	0x401110	0x3ed04	0x3e104	0x94
PeekConsoleInputA	-	0x401114	0x3ed08	0x3e108	0x38b
GetNumberFormatW	-	0x401118	0x3ed0c	0x3e10c	0x233
GetQueuedCompletionStatus	-	0x40111c	0x3ed10	0x3e110	0x25e
FindResourceExA	-	0x401120	0x3ed14	0x3e114	0x14c
SetLocalTime	-	0x401124	0x3ed18	0x3e118	0x476
TryEnterCriticalSection	-	0x401128	0x3ed1c	0x3e11c	0x4ce
CreateSemaphoreA	-	0x40112c	0x3ed20	0x3e120	0xab
GetThreadLocale	-	0x401130	0x3ed24	0x3e124	0x28c
SetFileShortNameA	-	0x401134	0x3ed28	0x3e128	0x468
lstrcpyA	-	0x401138	0x3ed2c	0x3e12c	0x547
ReplaceFileA	-	0x40113c	0x3ed30	0x3e130	0x40a
LockFileEx	-	0x401140	0x3ed34	0x3e134	0x353
MoveFileExA	-	0x401144	0x3ed38	0x3e138	0x35f
GetConsoleCP	-	0x401148	0x3ed3c	0x3e13c	0x19a
GetVolumePathNameA	-	0x40114c	0x3ed40	0x3e140	0x2aa
FlushConsoleInputBuffer	-	0x401150	0x3ed44	0x3e144	0x156
SearchPathW	-	0x401154	0x3ed48	0x3e148	0x41d
FreeConsole	-	0x401158	0x3ed4c	0x3e14c	0x15f
GetConsoleAliasExesLengthW	-	0x40115c	0x3ed50	0x3e150	0x193
WriteConsoleInputW	-	0x401160	0x3ed54	0x3e154	0x51e
LocalShrink	-	0x401164	0x3ed58	0x3e158	0x34c
SetCommState	-	0x401168	0x3ed5c	0x3e15c	0x425
GetSystemTimeAdjustment	-	0x40116c	0x3ed60	0x3e160	0x278
EnumSystemLocalesW	-	0x401170	0x3ed64	0x3e164	0x10f
ProcessIdToSessionId	-	0x401174	0x3ed68	0x3e168	0x399
GetDevicePowerState	-	0x401178	0x3ed6c	0x3e16c	0x1cb
DeleteTimerQueueTimer	-	0x40117c	0x3ed70	0x3e170	0xda
GetWriteWatch	-	0x401180	0x3ed74	0x3e174	0x2b0
OpenSemaphoreA	-	0x401184	0x3ed78	0x3e178	0x383
GetConsoleScreenBufferInfo	-	0x401188	0x3ed7c	0x3e17c	0x1b2
ClearCommBreak	-	0x40118c	0x3ed80	0x3e180	0x4f
TlsAlloc	-	0x401190	0x3ed84	0x3e184	0x4c5
OpenMutexW	-	0x401194	0x3ed88	0x3e188	0x37d
GetComputerNameW	-	0x401198	0x3ed8c	0x3e18c	0x18f
HeapValidate	-	0x40119c	0x3ed90	0x3e190	0x2d7
GetLastError	-	0x4011a0	0x3ed94	0x3e194	0x202
OpenMutexA	-	0x4011a4	0x3ed98	0x3e198	0x37c
WaitForMultipleObjectsEx	-	0x4011a8	0x3ed9c	0x3e19c	0x4f8
SignalObjectAndWait	-	0x4011ac	0x3eda0	0x3e1a0	0x4b0
GetSystemPowerStatus	-	0x4011b0	0x3eda4	0x3e1a4	0x274
VirtualLock	-	0x4011b4	0x3eda8	0x3e1a8	0x4ee
SetWaitableTimer	-	0x4011b8	0x3edac	0x3e1ac	0x4ac
ChangeTimerQueueTimer	-	0x4011bc	0x3edb0	0x3e1b0	0x48
GetProcessTimes	-	0x4011c0	0x3edb4	0x3e1b4	0x252
FatalAppExitA	-	0x4011c4	0x3edb8	0x3e1b8	0x120
lstrcpynA	-	0x4011c8	0x3edbc	0x3e1bc	0x54a
SetNamedPipeHandleState	-	0x4011cc	0x3edc0	0x3e1c0	0x47c
FillConsoleOutputCharacterA	-	0x4011d0	0x3edc4	0x3e1c4	0x127
GetCompressedFileSizeW	-	0x4011d4	0x3edc8	0x3e1c8	0x18b
FindNextVolumeMountPointA	-	0x4011d8	0x3edcc	0x3e1cc	0x148
GetFullPathNameA	-	0x4011dc	0x3edd0	0x3e1d0	0x1f8
WriteProfileStringA	-	0x4011e0	0x3edd4	0x3e1d4	0x531
UnlockFile	-	0x4011e4	0x3edd8	0x3e1d8	0x4d4
GlobalAddAtomW	-	0x4011e8	0x3eddc	0x3e1dc	0x2b2
EnterCriticalSection	-	0x4011ec	0x3ede0	0x3e1e0	0xee
SetCurrentDirectoryW	-	0x4011f0	0x3ede4	0x3e1e4	0x44d
InterlockedDecrement	-	0x4011f4	0x3ede8	0x3e1e8	0x2eb
InitializeCriticalSection	-	0x4011f8	0x3edec	0x3e1ec	0x2e2
DeleteCriticalSection	-	0x4011fc	0x3edf0	0x3e1f0	0xd1
LeaveCriticalSection	-	0x401200	0x3edf4	0x3e1f4	0x339
EncodePointer	-	0x401204	0x3edf8	0x3e1f8	0xea
DecodePointer	-	0x401208	0x3edfc	0x3e1fc	0xca
IsBadReadPtr	-	0x40120c	0x3ee00	0x3e200	0x2f7
RtlUnwind	-	0x401210	0x3ee04	0x3e204	0x418
RaiseException	-	0x401214	0x3ee08	0x3e208	0x3b1
GetModuleHandleW	-	0x401218	0x3ee0c	0x3e20c	0x218
ExitProcess	-	0x40121c	0x3ee10	0x3e210	0x119
DeleteFileA	-	0x401220	0x3ee14	0x3e214	0xd3
HeapSetInformation	-	0x401224	0x3ee18	0x3e218	0x2d3
GetStartupInfoW	-	0x401228	0x3ee1c	0x3e21c	0x263
WideCharToMultiByte	-	0x40122c	0x3ee20	0x3e220	0x511
LCMapStringW	-	0x401230	0x3ee24	0x3e224	0x32d
MultiByteToWideChar	-	0x401234	0x3ee28	0x3e228	0x367
GetCPInfo	-	0x401238	0x3ee2c	0x3e22c	0x172
GetModuleFileNameW	-	0x40123c	0x3ee30	0x3e230	0x214
InitializeCriticalSectionAndSpinCount	-	0x401240	0x3ee34	0x3e234	0x2e3
IsProcessorFeaturePresent	-	0x401244	0x3ee38	0x3e238	0x304
HeapAlloc	-	0x401248	0x3ee3c	0x3e23c	0x2cb
GetModuleFileNameA	-	0x40124c	0x3ee40	0x3e240	0x213
HeapReAlloc	-	0x401250	0x3ee44	0x3e244	0x2d2
HeapSize	-	0x401254	0x3ee48	0x3e248	0x2d4
HeapQueryInformation	-	0x401258	0x3ee4c	0x3e24c	0x2d1
TerminateProcess	-	0x40125c	0x3ee50	0x3e250	0x4c0
GetCurrentProcess	-	0x401260	0x3ee54	0x3e254	0x1c0
UnhandledExceptionFilter	-	0x401264	0x3ee58	0x3e258	0x4d3
SetUnhandledExceptionFilter	-	0x401268	0x3ee5c	0x3e25c	0x4a5
IsDebuggerPresent	-	0x40126c	0x3ee60	0x3e260	0x300
HeapFree	-	0x401270	0x3ee64	0x3e264	0x2cf
HeapCreate	-	0x401274	0x3ee68	0x3e268	0x2cd
GetACP	-	0x401278	0x3ee6c	0x3e26c	0x168
GetOEMCP	-	0x40127c	0x3ee70	0x3e270	0x237
IsValidCodePage	-	0x401280	0x3ee74	0x3e274	0x30a
GetCurrentThreadId	-	0x401284	0x3ee78	0x3e278	0x1c5
TlsFree	-	0x401288	0x3ee7c	0x3e27c	0x4c6
GetStdHandle	-	0x40128c	0x3ee80	0x3e280	0x264
LoadLibraryW	-	0x401290	0x3ee84	0x3e284	0x33f
GetLocaleInfoW	-	0x401294	0x3ee88	0x3e288	0x206
QueryPerformanceCounter	-	0x401298	0x3ee8c	0x3e28c	0x3a7
GetCurrentProcessId	-	0x40129c	0x3ee90	0x3e290	0x1c1
GetSystemTimeAsFileTime	-	0x4012a0	0x3ee94	0x3e294	0x279
FreeEnvironmentStringsW	-	0x4012a4	0x3ee98	0x3e298	0x161
GetEnvironmentStringsW	-	0x4012a8	0x3ee9c	0x3e29c	0x1da
SetHandleCount	-	0x4012ac	0x3eea0	0x3e2a0	0x46f
GetFileType	-	0x4012b0	0x3eea4	0x3e2a4	0x1f3
GetStringTypeW	-	0x4012b4	0x3eea8	0x3e2a8	0x269
GetLocaleInfoA	-	0x4012b8	0x3eeac	0x3e2ac	0x204
IsValidLocale	-	0x4012bc	0x3eeb0	0x3e2b0	0x30c
EnumSystemLocalesA	-	0x4012c0	0x3eeb4	0x3e2b4	0x10d
GetUserDefaultLCID	-	0x4012c4	0x3eeb8	0x3e2b8	0x29b
OutputDebugStringA	-	0x4012c8	0x3eebc	0x3e2bc	0x389
OutputDebugStringW	-	0x4012cc	0x3eec0	0x3e2c0	0x38a
SetFilePointer	-	0x4012d0	0x3eec4	0x3e2c4	0x466
SetStdHandle	-	0x4012d4	0x3eec8	0x3e2c8	0x487
CreateFileW	-	0x4012d8	0x3eecc	0x3e2cc	0x8f
CloseHandle	-	0x4012dc	0x3eed0	0x3e2d0	0x52
FlushFileBuffers	-	0x4012e0	0x3eed4	0x3e2d4	0x157

Memory Dumps (8)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
toolspab3.exe	1	0x00400000	0x004D3FFF	Relevant Image	32-bit	0x00424000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x006CF258	0x006DE707	First Execution	32-bit	0x006D2E91	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00020000	0x00028FFF	First Execution	32-bit	0x00020000	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	First Execution	32-bit	0x00402F47	... Memory Dump Actions Go to Process Download Dump
toolspab3.exe	1	0x00400000	0x004D3FFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00400000	0x00408FFF	Content Changed	32-bit	0x0040283D	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00310000	0x00315FFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	2	0x00400000	0x00408FFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump

C:\Users\KEECFM~1\AppData\Local\Temp\663A.exe

Dropped File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	3.46 MB
MD5	e5bd8a53623522c49ccc35bc492b5a11
SHA1	e36258fc96f90432c79be82520ef0b27fdbe9c89
SHA256	7ce91a1e9b7df0d018835ee8483c9e97c9718f9865b53728f958f01c740035af
SSDeep	98304:4RptfnJsrnI6AqXP9kZ7vrcMTbdYroaZV55uQ:Ip7srnRtXK1vrcMvdYrvZVXV
ImpHash	c284fa365c4442728ac859c0f9ed4dc5

PE Information

Image Base	0x400000
Entry Point	0x424000
Size Of Code	0x22000
Size Of Initialized Data	0x2cc00
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2021-12-27 18:00:18+00:00
Packer	ASProtect v1.23 RC1

Sections (10)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
-	0x401000	0x21823	0x0	0x0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
-	0x423000	0x47c	0x0	0x0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
-	0x424000	0xf000	0x7800	0x400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
-	0x433000	0x2000	0x400	0x7c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.83
-	0x435000	0x185817	0x0	0x0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
-	0x5bb000	0x33b000	0x30d400	0x8000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
-	0x8f6000	0x2000	0xe00	0x315400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.95
.rsrc	0x8f8000	0x1b000	0x13a00	0x316200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
.f7uSTEx	0x913000	0x4b000	0x4b000	0x329c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.92
.adata	0x95e000	0x1000	0x0	0x374c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0

Imports (5)

kernel32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	-	0x913c28	0x513c28	0x32a828	0x0
GetModuleHandleA	-	0x913c2c	0x513c2c	0x32a82c	0x0
LoadLibraryA	-	0x913c30	0x513c30	0x32a830	0x0

user32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SendNotifyMessageA	-	0x913d24	0x513d24	0x32a924	0x0

user32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcessWindowStation	-	0x913d2c	0x513d2c	0x32a92c	0x0

oleaut32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
VariantChangeTypeEx	-	0x913d34	0x513d34	0x32a934	0x0

kernel32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RaiseException	-	0x913d3c	0x513d3c	0x32a93c	0x0

Memory Dumps (309)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
663a.exe	7	0x00400000	0x0095EFFF	First Execution	32-bit	0x00424000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x020D0000	0x0212FFFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	First Execution	32-bit	0x0218E000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02131000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02174DD8	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02134CB8	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02133518	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02132B38	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02136438	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x0213AA70	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x0213B05C	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02139D00	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02137500	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x0213D22C	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x021556A8	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02163540	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02164000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x021651F4	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x0214ACA0	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x0214D1F0	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x0214B000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x021514C0	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x021600E4	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x0215D8E8	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x0215CDC0	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02156BB4	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02157878	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x0216734C	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x0216D2EC	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02172040	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02148B24	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x021417A4	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03490000	0x03490FFF	First Execution	32-bit	0x03490000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02169EBC	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x034A0000	0x034A0FFF	First Execution	32-bit	0x034A0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03450000	0x03450FFF	First Execution	32-bit	0x03450000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x034C0000	0x034C0FFF	First Execution	32-bit	0x034C0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03480000	0x03480FFF	First Execution	32-bit	0x03480000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03470000	0x03470FFF	First Execution	32-bit	0x03470000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x034D0000	0x034D0FFF	First Execution	32-bit	0x034D0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x034E0000	0x034E0FFF	First Execution	32-bit	0x034E0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03330000	0x03330FFF	First Execution	32-bit	0x03330000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03340000	0x03340FFF	First Execution	32-bit	0x03340000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x032F0000	0x032F0FFF	First Execution	32-bit	0x032F0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03360000	0x03360FFF	First Execution	32-bit	0x03360000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03320000	0x03320FFF	First Execution	32-bit	0x03320000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03310000	0x03310FFF	First Execution	32-bit	0x03310000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03380000	0x03380FFF	First Execution	32-bit	0x03380000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03280000	0x03280FFF	First Execution	32-bit	0x03280000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03290000	0x03290FFF	First Execution	32-bit	0x03290000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03240000	0x03240FFF	First Execution	32-bit	0x03240000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x032B0000	0x032B0FFF	First Execution	32-bit	0x032B0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03270000	0x03270FFF	First Execution	32-bit	0x03270000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03260000	0x03260FFF	First Execution	32-bit	0x03260000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x032C0000	0x032C0FFF	First Execution	32-bit	0x032C0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x032D0000	0x032D0FFF	First Execution	32-bit	0x032D0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x028E0000	0x028E0FFF	First Execution	32-bit	0x028E0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x028F0000	0x028F0FFF	First Execution	32-bit	0x028F0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x028A0000	0x028A0FFF	First Execution	32-bit	0x028A0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02910000	0x02910FFF	First Execution	32-bit	0x02910000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x028D0000	0x028D0FFF	First Execution	32-bit	0x028D0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x028C0000	0x028C0FFF	First Execution	32-bit	0x028C0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02930000	0x02930FFF	First Execution	32-bit	0x02930000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02900000	0x02900FFF	First Execution	32-bit	0x02900000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x023C0000	0x023C0FFF	First Execution	32-bit	0x023C0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x023D0000	0x023D0FFF	First Execution	32-bit	0x023D0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02100000	0x02100FFF	First Execution	32-bit	0x02100000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02120000	0x02120FFF	First Execution	32-bit	0x02120000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x023F0000	0x023F0FFF	First Execution	32-bit	0x023F0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02410000	0x02410FFF	First Execution	32-bit	0x02410000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02176A38	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02830000	0x02830FFF	First Execution	32-bit	0x02830000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02840000	0x02840FFF	First Execution	32-bit	0x02840000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x027F0000	0x027F0FFF	First Execution	32-bit	0x027F0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02860000	0x02860FFF	First Execution	32-bit	0x02860000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02820000	0x02820FFF	First Execution	32-bit	0x02820000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02810000	0x02810FFF	First Execution	32-bit	0x02810000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02880000	0x02880FFF	First Execution	32-bit	0x02880000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x035C0000	0x035C0FFF	First Execution	32-bit	0x035C0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x021524F0	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02154210	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02130000	0x0218FFFF	Content Changed	32-bit	0x02153F1C	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03070000	0x03070FFF	First Execution	32-bit	0x03070000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03080000	0x03080FFF	First Execution	32-bit	0x03080000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03030000	0x03030FFF	First Execution	32-bit	0x03030000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x030A0000	0x030A0FFF	First Execution	32-bit	0x030A0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03060000	0x03060FFF	First Execution	32-bit	0x03060000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03050000	0x03050FFF	First Execution	32-bit	0x03050000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x030C0000	0x030C0FFF	First Execution	32-bit	0x030C0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03090000	0x03090FFF	First Execution	32-bit	0x03090000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x035C0000	0x035C0FFF	First Execution	32-bit	0x035C0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x035C0000	0x035C0FFF	First Execution	32-bit	0x035C0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x035C0000	0x035C0FFF	First Execution	32-bit	0x035C0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x035C0000	0x035C0FFF	First Execution	32-bit	0x035C0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x035C0000	0x035C0FFF	First Execution	32-bit	0x035C0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x020F0000	0x020F0FFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02420000	0x02420FFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x027E0000	0x027E0FFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02890000	0x02890FFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02940000	0x02940FFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x020F0000	0x020F0FFF	First Execution	32-bit	0x020F0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02990000	0x02990FFF	First Execution	32-bit	0x02990000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x029A0000	0x029A0FFF	First Execution	32-bit	0x029A0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02950000	0x02950FFF	First Execution	32-bit	0x02950000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x029C0000	0x029C0FFF	First Execution	32-bit	0x029C0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02980000	0x02980FFF	First Execution	32-bit	0x02980000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02970000	0x02970FFF	First Execution	32-bit	0x02970000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x029E0000	0x029E0FFF	First Execution	32-bit	0x029E0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x020F0000	0x020F0FFF	First Execution	32-bit	0x020F0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x020F0000	0x020F0FFF	First Execution	32-bit	0x020F0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x029D0000	0x029D0FFF	First Execution	32-bit	0x029D0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x020F0000	0x020F0FFF	First Execution	32-bit	0x020F0000	... Memory Dump Actions Go to Process Download Dump
663a.exe	7	0x00400000	0x0095EFFF	Content Changed	32-bit	0x008E6E61	... Memory Dump Actions Go to Process Download Dump
663a.exe	7	0x00400000	0x0095EFFF	Content Changed	32-bit	0x00406AA1	... Memory Dump Actions Go to Process Download Dump
663a.exe	7	0x00400000	0x0095EFFF	Content Changed	32-bit	0x00407270	... Memory Dump Actions Go to Process Download Dump
663a.exe	7	0x00400000	0x0095EFFF	Content Changed	32-bit	0x00405876	... Memory Dump Actions Go to Process Download Dump
663a.exe	7	0x00400000	0x0095EFFF	Content Changed	32-bit	0x0041C0B7	... Memory Dump Actions Go to Process Download Dump
663a.exe	7	0x00400000	0x0095EFFF	Content Changed	32-bit	0x0040DF33	... Memory Dump Actions Go to Process Download Dump
663a.exe	7	0x00400000	0x0095EFFF	Content Changed	32-bit	0x00402B90	... Memory Dump Actions Go to Process Download Dump
663a.exe	7	0x00400000	0x0095EFFF	Content Changed	32-bit	0x0040D000	... Memory Dump Actions Go to Process Download Dump
663a.exe	7	0x00400000	0x0095EFFF	Content Changed	32-bit	0x0040B387	... Memory Dump Actions Go to Process Download Dump
663a.exe	7	0x00400000	0x0095EFFF	Content Changed	32-bit	0x00403C60	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x0018F708	0x0018FE85	First Execution	32-bit	0x0018F889	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x035C0000	0x035DFFFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
663a.exe	7	0x00400000	0x0095EFFF	Content Changed	32-bit	0x00411AD2	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x001B0000	0x001B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x00240000	0x00240FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x003C0000	0x003C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x003D0000	0x003D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x003E0000	0x003E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x003F0000	0x003F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x00AF0000	0x00AF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x00B00000	0x00B00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x00B10000	0x00B10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x00B20000	0x00B20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x020D0000	0x020D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x020E0000	0x020E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02110000	0x02110FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02370000	0x02370FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x023E0000	0x023E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02400000	0x02400FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02430000	0x02430FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02440000	0x02440FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02450000	0x02450FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02460000	0x02460FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02470000	0x02470FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02790000	0x02790FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x027A0000	0x027A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x027B0000	0x027B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x027C0000	0x027C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x027D0000	0x027D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02800000	0x02800FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02850000	0x02850FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02870000	0x02870FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x028B0000	0x028B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02920000	0x02920FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02960000	0x02960FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x029B0000	0x029B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x029F0000	0x029F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02A00000	0x02A00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02A10000	0x02A10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02A20000	0x02A20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02A30000	0x02A30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02A40000	0x02A40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02A50000	0x02A50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02A60000	0x02A60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02A70000	0x02A70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02A80000	0x02A80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02A90000	0x02A90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02AA0000	0x02AA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02AB0000	0x02AB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02AC0000	0x02AC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02AD0000	0x02AD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02AE0000	0x02AE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02AF0000	0x02AF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02B00000	0x02B00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02B10000	0x02B10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02B20000	0x02B20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02B30000	0x02B30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02B40000	0x02B40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02B50000	0x02B50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02B60000	0x02B60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02B70000	0x02B70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02B80000	0x02B80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02B90000	0x02B90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02BA0000	0x02BA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02BB0000	0x02BB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02BC0000	0x02BC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02BD0000	0x02BD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02BE0000	0x02BE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02BF0000	0x02BF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02C00000	0x02C00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02C10000	0x02C10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02C20000	0x02C20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02C30000	0x02C30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02C40000	0x02C40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02C50000	0x02C50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02C60000	0x02C60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02C70000	0x02C70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02C80000	0x02C80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02C90000	0x02C90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02CA0000	0x02CA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02CB0000	0x02CB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02CC0000	0x02CC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02CD0000	0x02CD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02CE0000	0x02CE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02CF0000	0x02CF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02D00000	0x02D00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02D10000	0x02D10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02D20000	0x02D20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02D30000	0x02D30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02D40000	0x02D40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02D50000	0x02D50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02D60000	0x02D60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02D70000	0x02D70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02D80000	0x02D80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02D90000	0x02D90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02DA0000	0x02DA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02DB0000	0x02DB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02DC0000	0x02DC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02DD0000	0x02DD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02DE0000	0x02DE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02DF0000	0x02DF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02E00000	0x02E00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02E10000	0x02E10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02E20000	0x02E20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02E30000	0x02E30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02E40000	0x02E40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02E50000	0x02E50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02E60000	0x02E60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02E70000	0x02E70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02E80000	0x02E80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02E90000	0x02E90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02EA0000	0x02EA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02EB0000	0x02EB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02EC0000	0x02EC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02ED0000	0x02ED0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02EE0000	0x02EE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02EF0000	0x02EF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02F00000	0x02F00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02F10000	0x02F10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02F20000	0x02F20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02F30000	0x02F30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02F40000	0x02F40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02F50000	0x02F50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02F60000	0x02F60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02F70000	0x02F70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02F80000	0x02F80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02F90000	0x02F90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02FA0000	0x02FA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02FB0000	0x02FB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02FC0000	0x02FC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02FD0000	0x02FD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02FE0000	0x02FE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x02FF0000	0x02FF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03000000	0x03000FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03010000	0x03010FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03020000	0x03020FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03040000	0x03040FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x030B0000	0x030B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x030D0000	0x030D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x030E0000	0x030E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x030F0000	0x030F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03100000	0x03100FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03110000	0x03110FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03120000	0x03120FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03130000	0x03130FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03140000	0x03140FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03150000	0x03150FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03160000	0x03160FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03170000	0x03170FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03180000	0x03180FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03190000	0x03190FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x031A0000	0x031A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x031B0000	0x031B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x031C0000	0x031C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x031D0000	0x031D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x031E0000	0x031E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x031F0000	0x031F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03200000	0x03200FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03210000	0x03210FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03220000	0x03220FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03230000	0x03230FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03250000	0x03250FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x032A0000	0x032A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x032E0000	0x032E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03300000	0x03300FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03350000	0x03350FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03370000	0x03370FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03390000	0x03390FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x033A0000	0x033A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x033B0000	0x033B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x033C0000	0x033C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x033D0000	0x033D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x033E0000	0x033E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x033F0000	0x033F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03400000	0x03400FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03410000	0x03410FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03420000	0x03420FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03430000	0x03430FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03440000	0x03440FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03460000	0x03460FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x034B0000	0x034B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x034F0000	0x034F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03500000	0x03500FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03510000	0x03510FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03520000	0x03520FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03530000	0x03530FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x03540000	0x03540FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump

C:\Windows\Client.exe

Dropped File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	4.71 MB
MD5	7cb905f39bb3f47598e5de03edc94b3e
SHA1	e3ea37c07fb784cf40e112b9858ffa279456f5b3
SHA256	70dea30a261f5c45df3ab1ba7f93c9e3ded7ebc47b6ca6e343096412737feacb
SSDeep	49152:SMryEtFCEqdcY8WQMTSUtGiGhAw+vqm7C0aiTYxAFc13ep87V/0t1TguXrrTh:SL0FIcYLlw+vqm7C0aX2/pmV/0tWs
ImpHash	4789f300040f521f6090d693a77001f4

File Reputation Information

Verdict	malicious
Names	Mal/Generic-S

PE Information

Image Base	0x400000
Entry Point	0x81133c
Size Of Code	0x40fc00
Size Of Initialized Data	0xa6c00
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2021-11-10 20:25:42+00:00

Version Information (5)

FileVersion	105.4.0.0
ProductVersion	96.3.0.0
ProgramID	com.embarcadero.HS_Svc
FileDescription	HS_Svc
ProductName	HS_Svc

Sections (11)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x40c6c4	0x40c800	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.45
.itext	0x80e000	0x33b8	0x3400	0x40cc00	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.21
.data	0x812000	0x251ac	0x25200	0x410000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.7
.bss	0x838000	0x1b18c	0x0	0x0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.idata	0x854000	0x40e0	0x4200	0x435200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.03
.didata	0x859000	0xd00	0xe00	0x439400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.23
.edata	0x85a000	0x98	0x200	0x43a200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	1.89
.tls	0x85b000	0x58	0x0	0x0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rdata	0x85c000	0x5d	0x200	0x43a400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	1.39
.reloc	0x85d000	0x5aa2c	0x5ac00	0x43a600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	6.72
.rsrc	0x8b8000	0x21a00	0x21a00	0x495200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.9

Imports (16)

wininet.dll (11)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
InternetCloseHandle	-	0x854b5c	0x454154	0x435354	0x0
HttpAddRequestHeadersW	-	0x854b60	0x454158	0x435358	0x0
InternetReadFile	-	0x854b64	0x45415c	0x43535c	0x0
HttpOpenRequestW	-	0x854b68	0x454160	0x435360	0x0
HttpSendRequestW	-	0x854b6c	0x454164	0x435364	0x0
InternetConnectW	-	0x854b70	0x454168	0x435368	0x0
InternetOpenW	-	0x854b74	0x45416c	0x43536c	0x0
DeleteUrlCacheEntryW	-	0x854b78	0x454170	0x435370	0x0
HttpQueryInfoW	-	0x854b7c	0x454174	0x435374	0x0
InternetQueryDataAvailable	-	0x854b80	0x454178	0x435378	0x0
InternetSetFilePointer	-	0x854b84	0x45417c	0x43537c	0x0

winspool.drv (5)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
DocumentPropertiesW	-	0x854b8c	0x454184	0x435384	0x0
ClosePrinter	-	0x854b90	0x454188	0x435388	0x0
OpenPrinterW	-	0x854b94	0x45418c	0x43538c	0x0
GetDefaultPrinterW	-	0x854b98	0x454190	0x435390	0x0
EnumPrintersW	-	0x854b9c	0x454194	0x435394	0x0

comctl32.dll (37)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ImageList_GetImageInfo	-	0x854ba4	0x45419c	0x43539c	0x0
FlatSB_SetScrollInfo	-	0x854ba8	0x4541a0	0x4353a0	0x0
InitCommonControls	-	0x854bac	0x4541a4	0x4353a4	0x0
ImageList_DragMove	-	0x854bb0	0x4541a8	0x4353a8	0x0
ImageList_Destroy	-	0x854bb4	0x4541ac	0x4353ac	0x0
_TrackMouseEvent	-	0x854bb8	0x4541b0	0x4353b0	0x0
ImageList_DragShowNolock	-	0x854bbc	0x4541b4	0x4353b4	0x0
ImageList_Add	-	0x854bc0	0x4541b8	0x4353b8	0x0
FlatSB_SetScrollProp	-	0x854bc4	0x4541bc	0x4353bc	0x0
ImageList_GetDragImage	-	0x854bc8	0x4541c0	0x4353c0	0x0
ImageList_Create	-	0x854bcc	0x4541c4	0x4353c4	0x0
ImageList_EndDrag	-	0x854bd0	0x4541c8	0x4353c8	0x0
ImageList_DrawEx	-	0x854bd4	0x4541cc	0x4353cc	0x0
ImageList_SetImageCount	-	0x854bd8	0x4541d0	0x4353d0	0x0
FlatSB_GetScrollPos	-	0x854bdc	0x4541d4	0x4353d4	0x0
FlatSB_SetScrollPos	-	0x854be0	0x4541d8	0x4353d8	0x0
InitializeFlatSB	-	0x854be4	0x4541dc	0x4353dc	0x0
ImageList_Copy	-	0x854be8	0x4541e0	0x4353e0	0x0
FlatSB_GetScrollInfo	-	0x854bec	0x4541e4	0x4353e4	0x0
ImageList_Write	-	0x854bf0	0x4541e8	0x4353e8	0x0
ImageList_DrawIndirect	-	0x854bf4	0x4541ec	0x4353ec	0x0
ImageList_SetBkColor	-	0x854bf8	0x4541f0	0x4353f0	0x0
ImageList_GetBkColor	-	0x854bfc	0x4541f4	0x4353f4	0x0
ImageList_BeginDrag	-	0x854c00	0x4541f8	0x4353f8	0x0
ImageList_GetIcon	-	0x854c04	0x4541fc	0x4353fc	0x0
ImageList_Replace	-	0x854c08	0x454200	0x435400	0x0
ImageList_GetImageCount	-	0x854c0c	0x454204	0x435404	0x0
ImageList_DragEnter	-	0x854c10	0x454208	0x435408	0x0
ImageList_GetIconSize	-	0x854c14	0x45420c	0x43540c	0x0
ImageList_SetIconSize	-	0x854c18	0x454210	0x435410	0x0
ImageList_Read	-	0x854c1c	0x454214	0x435414	0x0
ImageList_DragLeave	-	0x854c20	0x454218	0x435418	0x0
ImageList_LoadImageW	-	0x854c24	0x45421c	0x43541c	0x0
ImageList_Draw	-	0x854c28	0x454220	0x435420	0x0
ImageList_Remove	-	0x854c2c	0x454224	0x435424	0x0
ImageList_ReplaceIcon	-	0x854c30	0x454228	0x435428	0x0
ImageList_SetOverlayImage	-	0x854c34	0x45422c	0x43542c	0x0

shell32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
Shell_NotifyIconW	-	0x854c3c	0x454234	0x435434	0x0
SHGetSpecialFolderPathW	-	0x854c40	0x454238	0x435438	0x0
ShellExecuteW	-	0x854c44	0x45423c	0x43543c	0x0
ShellExecuteExW	-	0x854c48	0x454240	0x435440	0x0

URLMON.DLL (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
URLDownloadToFileW	-	0x854c50	0x454248	0x435448	0x0

user32.dll (197)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CopyImage	-	0x854c58	0x454250	0x435450	0x0
SetMenuItemInfoW	-	0x854c5c	0x454254	0x435454	0x0
GetMenuItemInfoW	-	0x854c60	0x454258	0x435458	0x0
DefFrameProcW	-	0x854c64	0x45425c	0x43545c	0x0
GetDlgCtrlID	-	0x854c68	0x454260	0x435460	0x0
FrameRect	-	0x854c6c	0x454264	0x435464	0x0
RegisterWindowMessageW	-	0x854c70	0x454268	0x435468	0x0
GetMenuStringW	-	0x854c74	0x45426c	0x43546c	0x0
FillRect	-	0x854c78	0x454270	0x435470	0x0
SendMessageA	-	0x854c7c	0x454274	0x435474	0x0
EnumWindows	-	0x854c80	0x454278	0x435478	0x0
ShowOwnedPopups	-	0x854c84	0x45427c	0x43547c	0x0
GetClassInfoExW	-	0x854c88	0x454280	0x435480	0x0
GetClassInfoW	-	0x854c8c	0x454284	0x435484	0x0
GetScrollRange	-	0x854c90	0x454288	0x435488	0x0
SetActiveWindow	-	0x854c94	0x45428c	0x43548c	0x0
GetActiveWindow	-	0x854c98	0x454290	0x435490	0x0
DrawEdge	-	0x854c9c	0x454294	0x435494	0x0
GetKeyboardLayoutList	-	0x854ca0	0x454298	0x435498	0x0
LoadBitmapW	-	0x854ca4	0x45429c	0x43549c	0x0
EnumChildWindows	-	0x854ca8	0x4542a0	0x4354a0	0x0
UnhookWindowsHookEx	-	0x854cac	0x4542a4	0x4354a4	0x0
SetCapture	-	0x854cb0	0x4542a8	0x4354a8	0x0
GetCapture	-	0x854cb4	0x4542ac	0x4354ac	0x0
ShowCaret	-	0x854cb8	0x4542b0	0x4354b0	0x0
CreatePopupMenu	-	0x854cbc	0x4542b4	0x4354b4	0x0
GetMenuItemID	-	0x854cc0	0x4542b8	0x4354b8	0x0
CharLowerBuffW	-	0x854cc4	0x4542bc	0x4354bc	0x0
PostMessageW	-	0x854cc8	0x4542c0	0x4354c0	0x0
SetWindowLongW	-	0x854ccc	0x4542c4	0x4354c4	0x0
IsZoomed	-	0x854cd0	0x4542c8	0x4354c8	0x0
SetParent	-	0x854cd4	0x4542cc	0x4354cc	0x0
DrawMenuBar	-	0x854cd8	0x4542d0	0x4354d0	0x0
GetClientRect	-	0x854cdc	0x4542d4	0x4354d4	0x0
IsChild	-	0x854ce0	0x4542d8	0x4354d8	0x0
IsIconic	-	0x854ce4	0x4542dc	0x4354dc	0x0
CallNextHookEx	-	0x854ce8	0x4542e0	0x4354e0	0x0
ShowWindow	-	0x854cec	0x4542e4	0x4354e4	0x0
GetWindowTextW	-	0x854cf0	0x4542e8	0x4354e8	0x0
SetForegroundWindow	-	0x854cf4	0x4542ec	0x4354ec	0x0
IsDialogMessageW	-	0x854cf8	0x4542f0	0x4354f0	0x0
DestroyWindow	-	0x854cfc	0x4542f4	0x4354f4	0x0
RegisterClassW	-	0x854d00	0x4542f8	0x4354f8	0x0
EndMenu	-	0x854d04	0x4542fc	0x4354fc	0x0
CharNextW	-	0x854d08	0x454300	0x435500	0x0
GetFocus	-	0x854d0c	0x454304	0x435504	0x0
GetDC	-	0x854d10	0x454308	0x435508	0x0
SetFocus	-	0x854d14	0x45430c	0x43550c	0x0
ReleaseDC	-	0x854d18	0x454310	0x435510	0x0
GetClassLongW	-	0x854d1c	0x454314	0x435514	0x0
SetScrollRange	-	0x854d20	0x454318	0x435518	0x0
DrawTextW	-	0x854d24	0x45431c	0x43551c	0x0
PeekMessageA	-	0x854d28	0x454320	0x435520	0x0
MessageBeep	-	0x854d2c	0x454324	0x435524	0x0
SetClassLongW	-	0x854d30	0x454328	0x435528	0x0
RemovePropW	-	0x854d34	0x45432c	0x43552c	0x0
GetSubMenu	-	0x854d38	0x454330	0x435530	0x0
DestroyIcon	-	0x854d3c	0x454334	0x435534	0x0
IsWindowVisible	-	0x854d40	0x454338	0x435538	0x0
PtInRect	-	0x854d44	0x45433c	0x43553c	0x0
DispatchMessageA	-	0x854d48	0x454340	0x435540	0x0
UnregisterClassW	-	0x854d4c	0x454344	0x435544	0x0
GetTopWindow	-	0x854d50	0x454348	0x435548	0x0
SendMessageW	-	0x854d54	0x45434c	0x43554c	0x0
GetComboBoxInfo	-	0x854d58	0x454350	0x435550	0x0
LoadStringW	-	0x854d5c	0x454354	0x435554	0x0
CreateMenu	-	0x854d60	0x454358	0x435558	0x0
CharLowerW	-	0x854d64	0x45435c	0x43555c	0x0
SetWindowRgn	-	0x854d68	0x454360	0x435560	0x0
SetWindowPos	-	0x854d6c	0x454364	0x435564	0x0
GetMenuItemCount	-	0x854d70	0x454368	0x435568	0x0
GetSysColorBrush	-	0x854d74	0x45436c	0x43556c	0x0
GetWindowDC	-	0x854d78	0x454370	0x435570	0x0
DrawTextExW	-	0x854d7c	0x454374	0x435574	0x0
GetScrollInfo	-	0x854d80	0x454378	0x435578	0x0
SetWindowTextW	-	0x854d84	0x45437c	0x43557c	0x0
GetMessageExtraInfo	-	0x854d88	0x454380	0x435580	0x0
GetSysColor	-	0x854d8c	0x454384	0x435584	0x0
EnableScrollBar	-	0x854d90	0x454388	0x435588	0x0
TrackPopupMenu	-	0x854d94	0x45438c	0x43558c	0x0
DrawIconEx	-	0x854d98	0x454390	0x435590	0x0
GetClassNameW	-	0x854d9c	0x454394	0x435594	0x0
GetMessagePos	-	0x854da0	0x454398	0x435598	0x0
GetIconInfo	-	0x854da4	0x45439c	0x43559c	0x0
SetScrollInfo	-	0x854da8	0x4543a0	0x4355a0	0x0
GetKeyNameTextW	-	0x854dac	0x4543a4	0x4355a4	0x0
GetDesktopWindow	-	0x854db0	0x4543a8	0x4355a8	0x0
SetCursorPos	-	0x854db4	0x4543ac	0x4355ac	0x0
GetCursorPos	-	0x854db8	0x4543b0	0x4355b0	0x0
SetMenu	-	0x854dbc	0x4543b4	0x4355b4	0x0
GetMenuState	-	0x854dc0	0x4543b8	0x4355b8	0x0
GetMenu	-	0x854dc4	0x4543bc	0x4355bc	0x0
SetRect	-	0x854dc8	0x4543c0	0x4355c0	0x0
GetKeyState	-	0x854dcc	0x4543c4	0x4355c4	0x0
IsRectEmpty	-	0x854dd0	0x4543c8	0x4355c8	0x0
ValidateRect	-	0x854dd4	0x4543cc	0x4355cc	0x0
GetCursor	-	0x854dd8	0x4543d0	0x4355d0	0x0
KillTimer	-	0x854ddc	0x4543d4	0x4355d4	0x0
WaitMessage	-	0x854de0	0x4543d8	0x4355d8	0x0
TranslateMDISysAccel	-	0x854de4	0x4543dc	0x4355dc	0x0
GetWindowPlacement	-	0x854de8	0x4543e0	0x4355e0	0x0
GetMenuItemRect	-	0x854dec	0x4543e4	0x4355e4	0x0
CreateIconIndirect	-	0x854df0	0x4543e8	0x4355e8	0x0
CreateWindowExW	-	0x854df4	0x4543ec	0x4355ec	0x0
GetMessageW	-	0x854df8	0x4543f0	0x4355f0	0x0
GetDCEx	-	0x854dfc	0x4543f4	0x4355f4	0x0
PeekMessageW	-	0x854e00	0x4543f8	0x4355f8	0x0
MonitorFromWindow	-	0x854e04	0x4543fc	0x4355fc	0x0
GetUpdateRect	-	0x854e08	0x454400	0x435600	0x0
SetTimer	-	0x854e0c	0x454404	0x435604	0x0
WindowFromPoint	-	0x854e10	0x454408	0x435608	0x0
BeginPaint	-	0x854e14	0x45440c	0x43560c	0x0
RegisterClipboardFormatW	-	0x854e18	0x454410	0x435610	0x0
MapVirtualKeyW	-	0x854e1c	0x454414	0x435614	0x0
OffsetRect	-	0x854e20	0x454418	0x435618	0x0
IsWindowUnicode	-	0x854e24	0x45441c	0x43561c	0x0
DispatchMessageW	-	0x854e28	0x454420	0x435620	0x0
CreateAcceleratorTableW	-	0x854e2c	0x454424	0x435624	0x0
DefMDIChildProcW	-	0x854e30	0x454428	0x435628	0x0
GetSystemMenu	-	0x854e34	0x45442c	0x43562c	0x0
SetScrollPos	-	0x854e38	0x454430	0x435630	0x0
GetScrollPos	-	0x854e3c	0x454434	0x435634	0x0
InflateRect	-	0x854e40	0x454438	0x435638	0x0
DrawFocusRect	-	0x854e44	0x45443c	0x43563c	0x0
ReleaseCapture	-	0x854e48	0x454440	0x435640	0x0
LoadCursorW	-	0x854e4c	0x454444	0x435644	0x0
ScrollWindow	-	0x854e50	0x454448	0x435648	0x0
GetLastActivePopup	-	0x854e54	0x45444c	0x43564c	0x0
GetSystemMetrics	-	0x854e58	0x454450	0x435650	0x0
CharUpperBuffW	-	0x854e5c	0x454454	0x435654	0x0
SetClipboardData	-	0x854e60	0x454458	0x435658	0x0
GetClipboardData	-	0x854e64	0x45445c	0x43565c	0x0
ClientToScreen	-	0x854e68	0x454460	0x435660	0x0
SetWindowPlacement	-	0x854e6c	0x454464	0x435664	0x0
GetMonitorInfoW	-	0x854e70	0x454468	0x435668	0x0
CheckMenuItem	-	0x854e74	0x45446c	0x43566c	0x0
CharUpperW	-	0x854e78	0x454470	0x435670	0x0
DefWindowProcW	-	0x854e7c	0x454474	0x435674	0x0
GetForegroundWindow	-	0x854e80	0x454478	0x435678	0x0
EnableWindow	-	0x854e84	0x45447c	0x43567c	0x0
GetWindowThreadProcessId	-	0x854e88	0x454480	0x435680	0x0
RedrawWindow	-	0x854e8c	0x454484	0x435684	0x0
EndPaint	-	0x854e90	0x454488	0x435688	0x0
MsgWaitForMultipleObjectsEx	-	0x854e94	0x45448c	0x43568c	0x0
LoadKeyboardLayoutW	-	0x854e98	0x454490	0x435690	0x0
ActivateKeyboardLayout	-	0x854e9c	0x454494	0x435694	0x0
GetParent	-	0x854ea0	0x454498	0x435698	0x0
MonitorFromRect	-	0x854ea4	0x45449c	0x43569c	0x0
InsertMenuItemW	-	0x854ea8	0x4544a0	0x4356a0	0x0
GetPropW	-	0x854eac	0x4544a4	0x4356a4	0x0
MessageBoxW	-	0x854eb0	0x4544a8	0x4356a8	0x0
SetPropW	-	0x854eb4	0x4544ac	0x4356ac	0x0
UpdateWindow	-	0x854eb8	0x4544b0	0x4356b0	0x0
MsgWaitForMultipleObjects	-	0x854ebc	0x4544b4	0x4356b4	0x0
OemToCharA	-	0x854ec0	0x4544b8	0x4356b8	0x0
DestroyMenu	-	0x854ec4	0x4544bc	0x4356bc	0x0
SetWindowsHookExW	-	0x854ec8	0x4544c0	0x4356c0	0x0
EmptyClipboard	-	0x854ecc	0x4544c4	0x4356c4	0x0
GetDlgItem	-	0x854ed0	0x4544c8	0x4356c8	0x0
AdjustWindowRectEx	-	0x854ed4	0x4544cc	0x4356cc	0x0
IsWindow	-	0x854ed8	0x4544d0	0x4356d0	0x0
DrawIcon	-	0x854edc	0x4544d4	0x4356d4	0x0
EnumThreadWindows	-	0x854ee0	0x4544d8	0x4356d8	0x0
InvalidateRect	-	0x854ee4	0x4544dc	0x4356dc	0x0
GetKeyboardState	-	0x854ee8	0x4544e0	0x4356e0	0x0
ScreenToClient	-	0x854eec	0x4544e4	0x4356e4	0x0
DrawFrameControl	-	0x854ef0	0x4544e8	0x4356e8	0x0
SetCursor	-	0x854ef4	0x4544ec	0x4356ec	0x0
CreateIcon	-	0x854ef8	0x4544f0	0x4356f0	0x0
RemoveMenu	-	0x854efc	0x4544f4	0x4356f4	0x0
GetKeyboardLayoutNameW	-	0x854f00	0x4544f8	0x4356f8	0x0
OpenClipboard	-	0x854f04	0x4544fc	0x4356fc	0x0
TranslateMessage	-	0x854f08	0x454500	0x435700	0x0
MapWindowPoints	-	0x854f0c	0x454504	0x435704	0x0
EnumDisplayMonitors	-	0x854f10	0x454508	0x435708	0x0
CallWindowProcW	-	0x854f14	0x45450c	0x43570c	0x0
CloseClipboard	-	0x854f18	0x454510	0x435710	0x0
DestroyCursor	-	0x854f1c	0x454514	0x435714	0x0
CopyIcon	-	0x854f20	0x454518	0x435718	0x0
PostQuitMessage	-	0x854f24	0x45451c	0x43571c	0x0
ShowScrollBar	-	0x854f28	0x454520	0x435720	0x0
EnableMenuItem	-	0x854f2c	0x454524	0x435724	0x0
HideCaret	-	0x854f30	0x454528	0x435728	0x0
FindWindowExW	-	0x854f34	0x45452c	0x43572c	0x0
MonitorFromPoint	-	0x854f38	0x454530	0x435730	0x0
LoadIconW	-	0x854f3c	0x454534	0x435734	0x0
SystemParametersInfoW	-	0x854f40	0x454538	0x435738	0x0
GetWindow	-	0x854f44	0x45453c	0x43573c	0x0
GetWindowRect	-	0x854f48	0x454540	0x435740	0x0
GetWindowLongW	-	0x854f4c	0x454544	0x435744	0x0
InsertMenuW	-	0x854f50	0x454548	0x435748	0x0
PostThreadMessageW	-	0x854f54	0x45454c	0x43574c	0x0
IsWindowEnabled	-	0x854f58	0x454550	0x435750	0x0
IsDialogMessageA	-	0x854f5c	0x454554	0x435754	0x0
FindWindowW	-	0x854f60	0x454558	0x435758	0x0
GetKeyboardLayout	-	0x854f64	0x45455c	0x43575c	0x0
DeleteMenu	-	0x854f68	0x454560	0x435760	0x0

version.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetFileVersionInfoSizeW	-	0x854f70	0x454568	0x435768	0x0
VerQueryValueW	-	0x854f74	0x45456c	0x43576c	0x0
GetFileVersionInfoW	-	0x854f78	0x454570	0x435770	0x0

oleaut32.dll (19)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SafeArrayPutElement	-	0x854f80	0x454578	0x435778	0x0
GetErrorInfo	-	0x854f84	0x45457c	0x43577c	0x0
VariantInit	-	0x854f88	0x454580	0x435780	0x0
VariantClear	-	0x854f8c	0x454584	0x435784	0x0
SysFreeString	-	0x854f90	0x454588	0x435788	0x0
SafeArrayAccessData	-	0x854f94	0x45458c	0x43578c	0x0
SysReAllocStringLen	-	0x854f98	0x454590	0x435790	0x0
SafeArrayCreate	-	0x854f9c	0x454594	0x435794	0x0
SafeArrayGetElement	-	0x854fa0	0x454598	0x435798	0x0
GetActiveObject	-	0x854fa4	0x45459c	0x43579c	0x0
SysAllocStringLen	-	0x854fa8	0x4545a0	0x4357a0	0x0
SafeArrayUnaccessData	-	0x854fac	0x4545a4	0x4357a4	0x0
SafeArrayPtrOfIndex	-	0x854fb0	0x4545a8	0x4357a8	0x0
SafeArrayGetElemsize	-	0x854fb4	0x4545ac	0x4357ac	0x0
VariantCopy	-	0x854fb8	0x4545b0	0x4357b0	0x0
SafeArrayGetUBound	-	0x854fbc	0x4545b4	0x4357b4	0x0
SafeArrayGetLBound	-	0x854fc0	0x4545b8	0x4357b8	0x0
VariantCopyInd	-	0x854fc4	0x4545bc	0x4357bc	0x0
VariantChangeType	-	0x854fc8	0x4545c0	0x4357c0	0x0

msvcrt.dll (16)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
isupper	-	0x854fd0	0x4545c8	0x4357c8	0x0
isalpha	-	0x854fd4	0x4545cc	0x4357cc	0x0
isalnum	-	0x854fd8	0x4545d0	0x4357d0	0x0
toupper	-	0x854fdc	0x4545d4	0x4357d4	0x0
memchr	-	0x854fe0	0x4545d8	0x4357d8	0x0
memcmp	-	0x854fe4	0x4545dc	0x4357dc	0x0
memcpy	-	0x854fe8	0x4545e0	0x4357e0	0x0
memset	-	0x854fec	0x4545e4	0x4357e4	0x0
isprint	-	0x854ff0	0x4545e8	0x4357e8	0x0
isspace	-	0x854ff4	0x4545ec	0x4357ec	0x0
iscntrl	-	0x854ff8	0x4545f0	0x4357f0	0x0
isxdigit	-	0x854ffc	0x4545f4	0x4357f4	0x0
ispunct	-	0x855000	0x4545f8	0x4357f8	0x0
isgraph	-	0x855004	0x4545fc	0x4357fc	0x0
islower	-	0x855008	0x454600	0x435800	0x0
tolower	-	0x85500c	0x454604	0x435804	0x0

advapi32.dll (32)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CloseServiceHandle	-	0x855014	0x45460c	0x43580c	0x0
RegSetValueExW	-	0x855018	0x454610	0x435810	0x0
RegConnectRegistryW	-	0x85501c	0x454614	0x435814	0x0
CreateServiceW	-	0x855020	0x454618	0x435818	0x0
StartServiceCtrlDispatcherW	-	0x855024	0x45461c	0x43581c	0x0
DeregisterEventSource	-	0x855028	0x454620	0x435820	0x0
RegQueryInfoKeyW	-	0x85502c	0x454624	0x435824	0x0
SetServiceStatus	-	0x855030	0x454628	0x435828	0x0
RegUnLoadKeyW	-	0x855034	0x45462c	0x43582c	0x0
RegSaveKeyW	-	0x855038	0x454630	0x435830	0x0
DeleteService	-	0x85503c	0x454634	0x435834	0x0
RegReplaceKeyW	-	0x855040	0x454638	0x435838	0x0
RegisterEventSourceW	-	0x855044	0x45463c	0x43583c	0x0
RegCreateKeyExW	-	0x855048	0x454640	0x435840	0x0
RegisterServiceCtrlHandlerW	-	0x85504c	0x454644	0x435844	0x0
OpenServiceW	-	0x855050	0x454648	0x435848	0x0
RegLoadKeyW	-	0x855054	0x45464c	0x43584c	0x0
RegEnumKeyExW	-	0x855058	0x454650	0x435850	0x0
AdjustTokenPrivileges	-	0x85505c	0x454654	0x435854	0x0
RegDeleteKeyW	-	0x855060	0x454658	0x435858	0x0
LookupPrivilegeValueW	-	0x855064	0x45465c	0x43585c	0x0
OpenSCManagerW	-	0x855068	0x454660	0x435860	0x0
RegOpenKeyExW	-	0x85506c	0x454664	0x435864	0x0
OpenProcessToken	-	0x855070	0x454668	0x435868	0x0
RegDeleteValueW	-	0x855074	0x45466c	0x43586c	0x0
ReportEventW	-	0x855078	0x454670	0x435870	0x0
RegFlushKey	-	0x85507c	0x454674	0x435874	0x0
RegQueryValueExW	-	0x855080	0x454678	0x435878	0x0
RegEnumValueW	-	0x855084	0x45467c	0x43587c	0x0
RegCloseKey	-	0x855088	0x454680	0x435880	0x0
RegRestoreKeyW	-	0x85508c	0x454684	0x435884	0x0
EnumServicesStatusW	-	0x855090	0x454688	0x435888	0x0

netapi32.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
NetWkstaGetInfo	-	0x855098	0x454690	0x435890	0x0
NetApiBufferFree	-	0x85509c	0x454694	0x435894	0x0

kernel32.dll (152)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SetFileAttributesW	-	0x8550a4	0x45469c	0x43589c	0x0
GetFileType	-	0x8550a8	0x4546a0	0x4358a0	0x0
SetFileTime	-	0x8550ac	0x4546a4	0x4358a4	0x0
QueryDosDeviceW	-	0x8550b0	0x4546a8	0x4358a8	0x0
GetACP	-	0x8550b4	0x4546ac	0x4358ac	0x0
CloseHandle	-	0x8550b8	0x4546b0	0x4358b0	0x0
LocalFree	-	0x8550bc	0x4546b4	0x4358b4	0x0
GetCurrentProcessId	-	0x8550c0	0x4546b8	0x4358b8	0x0
SizeofResource	-	0x8550c4	0x4546bc	0x4358bc	0x0
VirtualProtect	-	0x8550c8	0x4546c0	0x4358c0	0x0
QueryPerformanceFrequency	-	0x8550cc	0x4546c4	0x4358c4	0x0
IsDebuggerPresent	-	0x8550d0	0x4546c8	0x4358c8	0x0
FindNextFileW	-	0x8550d4	0x4546cc	0x4358cc	0x0
GetFullPathNameW	-	0x8550d8	0x4546d0	0x4358d0	0x0
VirtualFree	-	0x8550dc	0x4546d4	0x4358d4	0x0
HeapAlloc	-	0x8550e0	0x4546d8	0x4358d8	0x0
ExitProcess	-	0x8550e4	0x4546dc	0x4358dc	0x0
GetCPInfoExW	-	0x8550e8	0x4546e0	0x4358e0	0x0
RtlUnwind	-	0x8550ec	0x4546e4	0x4358e4	0x0
GetCPInfo	-	0x8550f0	0x4546e8	0x4358e8	0x0
EnumSystemLocalesW	-	0x8550f4	0x4546ec	0x4358ec	0x0
GetStdHandle	-	0x8550f8	0x4546f0	0x4358f0	0x0
GetTimeZoneInformation	-	0x8550fc	0x4546f4	0x4358f4	0x0
FileTimeToLocalFileTime	-	0x855100	0x4546f8	0x4358f8	0x0
SystemTimeToTzSpecificLocalTime	-	0x855104	0x4546fc	0x4358fc	0x0
GetModuleHandleW	-	0x855108	0x454700	0x435900	0x0
FreeLibrary	-	0x85510c	0x454704	0x435904	0x0
TryEnterCriticalSection	-	0x855110	0x454708	0x435908	0x0
HeapDestroy	-	0x855114	0x45470c	0x43590c	0x0
FileTimeToDosDateTime	-	0x855118	0x454710	0x435910	0x0
ReadFile	-	0x85511c	0x454714	0x435914	0x0
CreateProcessW	-	0x855120	0x454718	0x435918	0x0
GetLastError	-	0x855124	0x45471c	0x43591c	0x0
GetModuleFileNameW	-	0x855128	0x454720	0x435920	0x0
SetLastError	-	0x85512c	0x454724	0x435924	0x0
GlobalAlloc	-	0x855130	0x454728	0x435928	0x0
GlobalUnlock	-	0x855134	0x45472c	0x43592c	0x0
FindResourceW	-	0x855138	0x454730	0x435930	0x0
CreateThread	-	0x85513c	0x454734	0x435934	0x0
CompareStringW	-	0x855140	0x454738	0x435938	0x0
CopyFileW	-	0x855144	0x45473c	0x43593c	0x0
MapViewOfFile	-	0x855148	0x454740	0x435940	0x0
LoadLibraryA	-	0x85514c	0x454744	0x435944	0x0
GetVolumeInformationW	-	0x855150	0x454748	0x435948	0x0
ResetEvent	-	0x855154	0x45474c	0x43594c	0x0
MulDiv	-	0x855158	0x454750	0x435950	0x0
FreeResource	-	0x85515c	0x454754	0x435954	0x0
GetDriveTypeW	-	0x855160	0x454758	0x435958	0x0
GetVersion	-	0x855164	0x45475c	0x43595c	0x0
RaiseException	-	0x855168	0x454760	0x435960	0x0
MoveFileW	-	0x85516c	0x454764	0x435964	0x0
GlobalAddAtomW	-	0x855170	0x454768	0x435968	0x0
FormatMessageW	-	0x855174	0x45476c	0x43596c	0x0
OpenProcess	-	0x855178	0x454770	0x435970	0x0
SwitchToThread	-	0x85517c	0x454774	0x435974	0x0
GetExitCodeThread	-	0x855180	0x454778	0x435978	0x0
GetCurrentThread	-	0x855184	0x45477c	0x43597c	0x0
GetLogicalDrives	-	0x855188	0x454780	0x435980	0x0
GetFileAttributesExW	-	0x85518c	0x454784	0x435984	0x0
GlobalMemoryStatusEx	-	0x855190	0x454788	0x435988	0x0
ExpandEnvironmentStringsW	-	0x855194	0x45478c	0x43598c	0x0
GetPriorityClass	-	0x855198	0x454790	0x435990	0x0
LoadLibraryExW	-	0x85519c	0x454794	0x435994	0x0
TerminateProcess	-	0x8551a0	0x454798	0x435998	0x0
SetPriorityClass	-	0x8551a4	0x45479c	0x43599c	0x0
LockResource	-	0x8551a8	0x4547a0	0x4359a0	0x0
FileTimeToSystemTime	-	0x8551ac	0x4547a4	0x4359a4	0x0
GetCurrentThreadId	-	0x8551b0	0x4547a8	0x4359a8	0x0
UnhandledExceptionFilter	-	0x8551b4	0x4547ac	0x4359ac	0x0
PeekNamedPipe	-	0x8551b8	0x4547b0	0x4359b0	0x0
GlobalFindAtomW	-	0x8551bc	0x4547b4	0x4359b4	0x0
VirtualQuery	-	0x8551c0	0x4547b8	0x4359b8	0x0
GlobalFree	-	0x8551c4	0x4547bc	0x4359bc	0x0
VirtualQueryEx	-	0x8551c8	0x4547c0	0x4359c0	0x0
Sleep	-	0x8551cc	0x4547c4	0x4359c4	0x0
EnterCriticalSection	-	0x8551d0	0x4547c8	0x4359c8	0x0
SetFilePointer	-	0x8551d4	0x4547cc	0x4359cc	0x0
LoadResource	-	0x8551d8	0x4547d0	0x4359d0	0x0
SuspendThread	-	0x8551dc	0x4547d4	0x4359d4	0x0
GetTickCount	-	0x8551e0	0x4547d8	0x4359d8	0x0
WritePrivateProfileStringW	-	0x8551e4	0x4547dc	0x4359dc	0x0
GetFileSize	-	0x8551e8	0x4547e0	0x4359e0	0x0
GlobalDeleteAtom	-	0x8551ec	0x4547e4	0x4359e4	0x0
GetStartupInfoW	-	0x8551f0	0x4547e8	0x4359e8	0x0
GetFileAttributesW	-	0x8551f4	0x4547ec	0x4359ec	0x0
InitializeCriticalSection	-	0x8551f8	0x4547f0	0x4359f0	0x0
GetThreadPriority	-	0x8551fc	0x4547f4	0x4359f4	0x0
GetCurrentProcess	-	0x855200	0x4547f8	0x4359f8	0x0
GlobalLock	-	0x855204	0x4547fc	0x4359fc	0x0
SetThreadPriority	-	0x855208	0x454800	0x435a00	0x0
VirtualAlloc	-	0x85520c	0x454804	0x435a04	0x0
GetTempPathW	-	0x855210	0x454808	0x435a08	0x0
GetCommandLineW	-	0x855214	0x45480c	0x435a0c	0x0
GetSystemInfo	-	0x855218	0x454810	0x435a10	0x0
LeaveCriticalSection	-	0x85521c	0x454814	0x435a14	0x0
GetProcAddress	-	0x855220	0x454818	0x435a18	0x0
ResumeThread	-	0x855224	0x45481c	0x435a1c	0x0
GetLogicalDriveStringsW	-	0x855228	0x454820	0x435a20	0x0
WinExec	-	0x85522c	0x454824	0x435a24	0x0
GetVersionExW	-	0x855230	0x454828	0x435a28	0x0
VerifyVersionInfoW	-	0x855234	0x45482c	0x435a2c	0x0
HeapCreate	-	0x855238	0x454830	0x435a30	0x0
LCMapStringW	-	0x85523c	0x454834	0x435a34	0x0
GetDiskFreeSpaceW	-	0x855240	0x454838	0x435a38	0x0
VerSetConditionMask	-	0x855244	0x45483c	0x435a3c	0x0
FindFirstFileW	-	0x855248	0x454840	0x435a40	0x0
GetUserDefaultUILanguage	-	0x85524c	0x454844	0x435a44	0x0
GetConsoleOutputCP	-	0x855250	0x454848	0x435a48	0x0
UnmapViewOfFile	-	0x855254	0x45484c	0x435a4c	0x0
GetConsoleCP	-	0x855258	0x454850	0x435a50	0x0
lstrlenW	-	0x85525c	0x454854	0x435a54	0x0
SetEndOfFile	-	0x855260	0x454858	0x435a58	0x0
QueryPerformanceCounter	-	0x855264	0x45485c	0x435a5c	0x0
HeapFree	-	0x855268	0x454860	0x435a60	0x0
WideCharToMultiByte	-	0x85526c	0x454864	0x435a64	0x0
FindClose	-	0x855270	0x454868	0x435a68	0x0
MultiByteToWideChar	-	0x855274	0x45486c	0x435a6c	0x0
LoadLibraryW	-	0x855278	0x454870	0x435a70	0x0
SetEvent	-	0x85527c	0x454874	0x435a74	0x0
GetLocaleInfoW	-	0x855280	0x454878	0x435a78	0x0
CreateFileW	-	0x855284	0x45487c	0x435a7c	0x0
SystemTimeToFileTime	-	0x855288	0x454880	0x435a80	0x0
EnumResourceNamesW	-	0x85528c	0x454884	0x435a84	0x0
DeleteFileW	-	0x855290	0x454888	0x435a88	0x0
IsDBCSLeadByteEx	-	0x855294	0x45488c	0x435a8c	0x0
GetEnvironmentVariableW	-	0x855298	0x454890	0x435a90	0x0
GetLocalTime	-	0x85529c	0x454894	0x435a94	0x0
WaitForSingleObject	-	0x8552a0	0x454898	0x435a98	0x0
WriteFile	-	0x8552a4	0x45489c	0x435a9c	0x0
CreateFileMappingW	-	0x8552a8	0x4548a0	0x435aa0	0x0
ExitThread	-	0x8552ac	0x4548a4	0x435aa4	0x0
OpenThread	-	0x8552b0	0x4548a8	0x435aa8	0x0
CreatePipe	-	0x8552b4	0x4548ac	0x435aac	0x0
DeleteCriticalSection	-	0x8552b8	0x4548b0	0x435ab0	0x0
GetDateFormatW	-	0x8552bc	0x4548b4	0x435ab4	0x0
TlsGetValue	-	0x8552c0	0x4548b8	0x435ab8	0x0
SetErrorMode	-	0x8552c4	0x4548bc	0x435abc	0x0
GetComputerNameW	-	0x8552c8	0x4548c0	0x435ac0	0x0
TzSpecificLocalTimeToSystemTime	-	0x8552cc	0x4548c4	0x435ac4	0x0
IsValidLocale	-	0x8552d0	0x4548c8	0x435ac8	0x0
TlsSetValue	-	0x8552d4	0x4548cc	0x435acc	0x0
CreateDirectoryW	-	0x8552d8	0x4548d0	0x435ad0	0x0
GetSystemDefaultUILanguage	-	0x8552dc	0x4548d4	0x435ad4	0x0
EnumCalendarInfoW	-	0x8552e0	0x4548d8	0x435ad8	0x0
LocalAlloc	-	0x8552e4	0x4548dc	0x435adc	0x0
RemoveDirectoryW	-	0x8552e8	0x4548e0	0x435ae0	0x0
CreateEventW	-	0x8552ec	0x4548e4	0x435ae4	0x0
GetPrivateProfileStringW	-	0x8552f0	0x4548e8	0x435ae8	0x0
QueryFullProcessImageNameW	-	0x8552f4	0x4548ec	0x435aec	0x0
WaitForMultipleObjectsEx	-	0x8552f8	0x4548f0	0x435af0	0x0
GetThreadLocale	-	0x8552fc	0x4548f4	0x435af4	0x0
SetThreadLocale	-	0x855300	0x4548f8	0x435af8	0x0

SHFolder.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHGetFolderPathW	-	0x855308	0x454900	0x435b00	0x0

wsock32.dll (29)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
gethostbyaddr	-	0x855310	0x454908	0x435b08	0x0
setsockopt	-	0x855314	0x45490c	0x435b0c	0x0
select	-	0x855318	0x454910	0x435b10	0x0
getsockopt	-	0x85531c	0x454914	0x435b14	0x0
WSACleanup	-	0x855320	0x454918	0x435b18	0x0
gethostbyname	-	0x855324	0x45491c	0x435b1c	0x0
bind	-	0x855328	0x454920	0x435b20	0x0
gethostname	-	0x85532c	0x454924	0x435b24	0x0
closesocket	-	0x855330	0x454928	0x435b28	0x0
WSAGetLastError	-	0x855334	0x45492c	0x435b2c	0x0
connect	-	0x855338	0x454930	0x435b30	0x0
getpeername	-	0x85533c	0x454934	0x435b34	0x0
inet_addr	-	0x855340	0x454938	0x435b38	0x0
WSAAsyncSelect	-	0x855344	0x45493c	0x435b3c	0x0
WSAAsyncGetServByName	-	0x855348	0x454940	0x435b40	0x0
WSACancelAsyncRequest	-	0x85534c	0x454944	0x435b44	0x0
send	-	0x855350	0x454948	0x435b48	0x0
accept	-	0x855354	0x45494c	0x435b4c	0x0
ntohs	-	0x855358	0x454950	0x435b50	0x0
htons	-	0x85535c	0x454954	0x435b54	0x0
WSAStartup	-	0x855360	0x454958	0x435b58	0x0
getservbyname	-	0x855364	0x45495c	0x435b5c	0x0
getsockname	-	0x855368	0x454960	0x435b60	0x0
listen	-	0x85536c	0x454964	0x435b64	0x0
socket	-	0x855370	0x454968	0x435b68	0x0
recv	-	0x855374	0x45496c	0x435b6c	0x0
inet_ntoa	-	0x855378	0x454970	0x435b70	0x0
ioctlsocket	-	0x85537c	0x454974	0x435b74	0x0
WSAAsyncGetHostByName	-	0x855380	0x454978	0x435b78	0x0

ole32.dll (11)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
IsEqualGUID	-	0x855388	0x454980	0x435b80	0x0
ProgIDFromCLSID	-	0x85538c	0x454984	0x435b84	0x0
OleInitialize	-	0x855390	0x454988	0x435b88	0x0
CLSIDFromProgID	-	0x855394	0x45498c	0x435b8c	0x0
OleUninitialize	-	0x855398	0x454990	0x435b90	0x0
CoInitialize	-	0x85539c	0x454994	0x435b94	0x0
CoCreateInstance	-	0x8553a0	0x454998	0x435b98	0x0
CoUninitialize	-	0x8553a4	0x45499c	0x435b9c	0x0
CoTaskMemFree	-	0x8553a8	0x4549a0	0x435ba0	0x0
CoTaskMemAlloc	-	0x8553ac	0x4549a4	0x435ba4	0x0
StringFromCLSID	-	0x8553b0	0x4549a8	0x435ba8	0x0

gdi32.dll (106)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
Pie	-	0x8553b8	0x4549b0	0x435bb0	0x0
SetBkMode	-	0x8553bc	0x4549b4	0x435bb4	0x0
CreateCompatibleBitmap	-	0x8553c0	0x4549b8	0x435bb8	0x0
GetEnhMetaFileHeader	-	0x8553c4	0x4549bc	0x435bbc	0x0
RectVisible	-	0x8553c8	0x4549c0	0x435bc0	0x0
AngleArc	-	0x8553cc	0x4549c4	0x435bc4	0x0
SetAbortProc	-	0x8553d0	0x4549c8	0x435bc8	0x0
SetTextColor	-	0x8553d4	0x4549cc	0x435bcc	0x0
GetTextColor	-	0x8553d8	0x4549d0	0x435bd0	0x0
StretchBlt	-	0x8553dc	0x4549d4	0x435bd4	0x0
RoundRect	-	0x8553e0	0x4549d8	0x435bd8	0x0
RestoreDC	-	0x8553e4	0x4549dc	0x435bdc	0x0
SetRectRgn	-	0x8553e8	0x4549e0	0x435be0	0x0
GetTextMetricsW	-	0x8553ec	0x4549e4	0x435be4	0x0
GetWindowOrgEx	-	0x8553f0	0x4549e8	0x435be8	0x0
CreatePalette	-	0x8553f4	0x4549ec	0x435bec	0x0
PolyBezierTo	-	0x8553f8	0x4549f0	0x435bf0	0x0
CreateICW	-	0x8553fc	0x4549f4	0x435bf4	0x0
CreateDCW	-	0x855400	0x4549f8	0x435bf8	0x0
GetStockObject	-	0x855404	0x4549fc	0x435bfc	0x0
CreateSolidBrush	-	0x855408	0x454a00	0x435c00	0x0
GetBkMode	-	0x85540c	0x454a04	0x435c04	0x0
Polygon	-	0x855410	0x454a08	0x435c08	0x0
MoveToEx	-	0x855414	0x454a0c	0x435c0c	0x0
PlayEnhMetaFile	-	0x855418	0x454a10	0x435c10	0x0
Ellipse	-	0x85541c	0x454a14	0x435c14	0x0
StartPage	-	0x855420	0x454a18	0x435c18	0x0
GetBitmapBits	-	0x855424	0x454a1c	0x435c1c	0x0
StartDocW	-	0x855428	0x454a20	0x435c20	0x0
AbortDoc	-	0x85542c	0x454a24	0x435c24	0x0
GetSystemPaletteEntries	-	0x855430	0x454a28	0x435c28	0x0
GetEnhMetaFileBits	-	0x855434	0x454a2c	0x435c2c	0x0
GetEnhMetaFilePaletteEntries	-	0x855438	0x454a30	0x435c30	0x0
CreatePenIndirect	-	0x85543c	0x454a34	0x435c34	0x0
CreateFontIndirectW	-	0x855440	0x454a38	0x435c38	0x0
PolyBezier	-	0x855444	0x454a3c	0x435c3c	0x0
EndDoc	-	0x855448	0x454a40	0x435c40	0x0
GetObjectW	-	0x85544c	0x454a44	0x435c44	0x0
GetCurrentObject	-	0x855450	0x454a48	0x435c48	0x0
GetWinMetaFileBits	-	0x855454	0x454a4c	0x435c4c	0x0
SetROP2	-	0x855458	0x454a50	0x435c50	0x0
GetEnhMetaFileDescriptionW	-	0x85545c	0x454a54	0x435c54	0x0
ArcTo	-	0x855460	0x454a58	0x435c58	0x0
Arc	-	0x855464	0x454a5c	0x435c5c	0x0
SelectPalette	-	0x855468	0x454a60	0x435c60	0x0
SetGraphicsMode	-	0x85546c	0x454a64	0x435c64	0x0
ExcludeClipRect	-	0x855470	0x454a68	0x435c68	0x0
MaskBlt	-	0x855474	0x454a6c	0x435c6c	0x0
SetWindowOrgEx	-	0x855478	0x454a70	0x435c70	0x0
EndPage	-	0x85547c	0x454a74	0x435c74	0x0
DeleteEnhMetaFile	-	0x855480	0x454a78	0x435c78	0x0
Chord	-	0x855484	0x454a7c	0x435c7c	0x0
SetDIBits	-	0x855488	0x454a80	0x435c80	0x0
GetViewportOrgEx	-	0x85548c	0x454a84	0x435c84	0x0
SetViewportOrgEx	-	0x855490	0x454a88	0x435c88	0x0
CreateRectRgn	-	0x855494	0x454a8c	0x435c8c	0x0
RealizePalette	-	0x855498	0x454a90	0x435c90	0x0
SetDIBColorTable	-	0x85549c	0x454a94	0x435c94	0x0
GetDIBColorTable	-	0x8554a0	0x454a98	0x435c98	0x0
CreateBrushIndirect	-	0x8554a4	0x454a9c	0x435c9c	0x0
PatBlt	-	0x8554a8	0x454aa0	0x435ca0	0x0
SetEnhMetaFileBits	-	0x8554ac	0x454aa4	0x435ca4	0x0
Rectangle	-	0x8554b0	0x454aa8	0x435ca8	0x0
SaveDC	-	0x8554b4	0x454aac	0x435cac	0x0
DeleteDC	-	0x8554b8	0x454ab0	0x435cb0	0x0
BitBlt	-	0x8554bc	0x454ab4	0x435cb4	0x0
SetWorldTransform	-	0x8554c0	0x454ab8	0x435cb8	0x0
FrameRgn	-	0x8554c4	0x454abc	0x435cbc	0x0
GetDeviceCaps	-	0x8554c8	0x454ac0	0x435cc0	0x0
GetTextExtentPoint32W	-	0x8554cc	0x454ac4	0x435cc4	0x0
GetClipBox	-	0x8554d0	0x454ac8	0x435cc8	0x0
IntersectClipRect	-	0x8554d4	0x454acc	0x435ccc	0x0
Polyline	-	0x8554d8	0x454ad0	0x435cd0	0x0
CreateBitmap	-	0x8554dc	0x454ad4	0x435cd4	0x0
CombineRgn	-	0x8554e0	0x454ad8	0x435cd8	0x0
SetWinMetaFileBits	-	0x8554e4	0x454adc	0x435cdc	0x0
GetStretchBltMode	-	0x8554e8	0x454ae0	0x435ce0	0x0
CreateDIBitmap	-	0x8554ec	0x454ae4	0x435ce4	0x0
SetStretchBltMode	-	0x8554f0	0x454ae8	0x435ce8	0x0
GetDIBits	-	0x8554f4	0x454aec	0x435cec	0x0
CreateDIBSection	-	0x8554f8	0x454af0	0x435cf0	0x0
ExtCreateRegion	-	0x8554fc	0x454af4	0x435cf4	0x0
LineTo	-	0x855500	0x454af8	0x435cf8	0x0
GetRgnBox	-	0x855504	0x454afc	0x435cfc	0x0
EnumFontsW	-	0x855508	0x454b00	0x435d00	0x0
CreateHalftonePalette	-	0x85550c	0x454b04	0x435d04	0x0
SelectObject	-	0x855510	0x454b08	0x435d08	0x0
DeleteObject	-	0x855514	0x454b0c	0x435d0c	0x0
ExtFloodFill	-	0x855518	0x454b10	0x435d10	0x0
UnrealizeObject	-	0x85551c	0x454b14	0x435d14	0x0
CopyEnhMetaFileW	-	0x855520	0x454b18	0x435d18	0x0
SetBkColor	-	0x855524	0x454b1c	0x435d1c	0x0
CreateCompatibleDC	-	0x855528	0x454b20	0x435d20	0x0
GetBrushOrgEx	-	0x85552c	0x454b24	0x435d24	0x0
GetCurrentPositionEx	-	0x855530	0x454b28	0x435d28	0x0
SetDCPenColor	-	0x855534	0x454b2c	0x435d2c	0x0
CreateRoundRectRgn	-	0x855538	0x454b30	0x435d30	0x0
GetTextExtentPointW	-	0x85553c	0x454b34	0x435d34	0x0
ExtTextOutW	-	0x855540	0x454b38	0x435d38	0x0
SetBrushOrgEx	-	0x855544	0x454b3c	0x435d3c	0x0
GetPixel	-	0x855548	0x454b40	0x435d40	0x0
GdiFlush	-	0x85554c	0x454b44	0x435d44	0x0
SetPixel	-	0x855550	0x454b48	0x435d48	0x0
EnumFontFamiliesExW	-	0x855554	0x454b4c	0x435d4c	0x0
StretchDIBits	-	0x855558	0x454b50	0x435d50	0x0
GetPaletteEntries	-	0x85555c	0x454b54	0x435d54	0x0

Exports (3)

Api name	EAT Address	Ordinal
TMethodImplementationIntercept	0x7b5e8	0x3
__dbk_fcall_wrapper	0x123ec	0x2
dbkFCallWrapperAddr	0x43b63c	0x1

Memory Dumps (2)

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	YARA	Actions
client.exe	50	0x00400000	0x008D9FFF	Relevant Image		32-bit	0x0040F9A0		... Memory Dump Actions Go to Process Download Dump
buffer	50	0x002E0000	0x002E0FFF	First Execution		32-bit	0x002E0FE2		... Memory Dump Actions Go to Process Download Dump

C:\Users\kEecfMwgj\AppData\Local\Temp\99.exe

Downloaded File

Binary

Also Known As	C:\Users\kEecfMwgj\AppData\Roaming\cube\cube.exe (Downloaded File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	1.72 MB
MD5	5ebe1f3ee445d330edff730a493a8204
SHA1	923f6892244103436d8cac859a4f585aa9f9556f
SHA256	b2fa2aac6edc31b98312c25bdcec5c603bd5ec1c3f22fe8db54933bf2efaac91
SSDeep	49152:0mvE4xJ74YNONL7NYAEA1pAj0f2KvTIhyfvWeToNaPIar:Hx5ONLpYAN/AY2q8xeTwzK
ImpHash	c1d428a624f7ef12578461f043fa097d

PE Information

Image Base	0x400000
Entry Point	0x401000
Size Of Code	0x52c00
Size Of Initialized Data	0x20c00
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2021-11-20 16:08:19+00:00
Packer	ASProtect v1.23 RC1

Sections (15)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
-	0x401000	0x53000	0x29e00	0x600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
-	0x454000	0x18000	0x8800	0x2a400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.99
-	0x46c000	0x4000	0x400	0x32c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.83
-	0x470000	0x1000	0x200	0x33000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.78
-	0x471000	0x1000	0x200	0x33200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.55
-	0x472000	0x5000	0x1400	0x33400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.96
-	0x477000	0x4000	0x2800	0x34800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.98
-	0x47b000	0x4000	0xa00	0x37000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.92
-	0x47f000	0x1000	0x200	0x37a00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.55
-	0x480000	0x1000	0x200	0x37c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.56
.rsrc	0x481000	0x6000	0x5a00	0x37e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.89
-	0x487000	0x352000	0x130000	0x3d800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
-	0x7d9000	0x1000	0x200	0x16d800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.65
.wEPSSPx	0x7da000	0x4b000	0x4aa00	0x16da00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.91
.adata	0x825000	0x1000	0x0	0x1b8400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0

Imports (12)

kernel32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	-	0x7dac28	0x3dac28	0x16e628	0x0
GetModuleHandleA	-	0x7dac2c	0x3dac2c	0x16e62c	0x0
LoadLibraryA	-	0x7dac30	0x3dac30	0x16e630	0x0

user32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SetForegroundWindow	-	0x7dae00	0x3dae00	0x16e800	0x0

gdi32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateCompatibleBitmap	-	0x7dae08	0x3dae08	0x16e808	0x0

advapi32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CryptAcquireContextA	-	0x7dae10	0x3dae10	0x16e810	0x0

shell32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShellExecuteW	-	0x7dae18	0x3dae18	0x16e818	0x0

shlwapi.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
PathFileExistsW	-	0x7dae20	0x3dae20	0x16e820	0x0

winmm.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
PlaySoundW	-	0x7dae28	0x3dae28	0x16e828	0x0

ws2_32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
send	0x13	0x7dae30	0x3dae30	0x16e830	-

urlmon.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
URLDownloadToFileW	-	0x7dae38	0x3dae38	0x16e838	0x0

gdiplus.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GdiplusStartup	-	0x7dae40	0x3dae40	0x16e840	0x0

oleaut32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
VariantChangeTypeEx	-	0x7dae48	0x3dae48	0x16e848	0x0

kernel32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RaiseException	-	0x7dae50	0x3dae50	0x16e850	0x0

Memory Dumps (301)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
99.exe	18	0x00400000	0x00825FFF	First Execution	32-bit	0x00401000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x00290000	0x002EFFFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	First Execution	32-bit	0x0200E000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FB1000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FF4DD8	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FB4CB8	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FB3518	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FB2B38	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FB6438	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FBC310	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FBAA70	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FBB05C	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FB9D00	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FB7500	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FBD22C	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FBF3A4	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FD56A8	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FE3540	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FE4000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FE51F4	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FCACA0	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FCB000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FD14C0	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FE00E4	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FDD8E8	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FDCDC0	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FD6BB4	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FE734C	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FED2EC	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FF2040	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FC8B24	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FC17A4	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03310000	0x03310FFF	First Execution	32-bit	0x03310000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FE9EBC	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03320000	0x03320FFF	First Execution	32-bit	0x03320000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x032D0000	0x032D0FFF	First Execution	32-bit	0x032D0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03340000	0x03340FFF	First Execution	32-bit	0x03340000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03300000	0x03300FFF	First Execution	32-bit	0x03300000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x032F0000	0x032F0FFF	First Execution	32-bit	0x032F0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03350000	0x03350FFF	First Execution	32-bit	0x03350000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03360000	0x03360FFF	First Execution	32-bit	0x03360000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x031B0000	0x031B0FFF	First Execution	32-bit	0x031B0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x031C0000	0x031C0FFF	First Execution	32-bit	0x031C0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03170000	0x03170FFF	First Execution	32-bit	0x03170000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x031E0000	0x031E0FFF	First Execution	32-bit	0x031E0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x031A0000	0x031A0FFF	First Execution	32-bit	0x031A0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03190000	0x03190FFF	First Execution	32-bit	0x03190000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03200000	0x03200FFF	First Execution	32-bit	0x03200000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x01FB0000	0x0200FFFF	Content Changed	32-bit	0x01FE9EBC	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03100000	0x03100FFF	First Execution	32-bit	0x03100000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03110000	0x03110FFF	First Execution	32-bit	0x03110000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x030C0000	0x030C0FFF	First Execution	32-bit	0x030C0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03130000	0x03130FFF	First Execution	32-bit	0x03130000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x030F0000	0x030F0FFF	First Execution	32-bit	0x030F0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x030E0000	0x030E0FFF	First Execution	32-bit	0x030E0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03140000	0x03140FFF	First Execution	32-bit	0x03140000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03150000	0x03150FFF	First Execution	32-bit	0x03150000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02760000	0x02760FFF	First Execution	32-bit	0x02760000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02770000	0x02770FFF	First Execution	32-bit	0x02770000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02720000	0x02720FFF	First Execution	32-bit	0x02720000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02790000	0x02790FFF	First Execution	32-bit	0x02790000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02750000	0x02750FFF	First Execution	32-bit	0x02750000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02740000	0x02740FFF	First Execution	32-bit	0x02740000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x027B0000	0x027B0FFF	First Execution	32-bit	0x027B0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02780000	0x02780FFF	First Execution	32-bit	0x02780000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02160000	0x02160FFF	First Execution	32-bit	0x02160000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02170000	0x02170FFF	First Execution	32-bit	0x02170000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02120000	0x02120FFF	First Execution	32-bit	0x02120000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02140000	0x02140FFF	First Execution	32-bit	0x02140000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02190000	0x02190FFF	First Execution	32-bit	0x02190000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x025A0000	0x025A0FFF	First Execution	32-bit	0x025A0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x026B0000	0x026B0FFF	First Execution	32-bit	0x026B0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x026C0000	0x026C0FFF	First Execution	32-bit	0x026C0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02670000	0x02670FFF	First Execution	32-bit	0x02670000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x026E0000	0x026E0FFF	First Execution	32-bit	0x026E0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x026A0000	0x026A0FFF	First Execution	32-bit	0x026A0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02690000	0x02690FFF	First Execution	32-bit	0x02690000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02700000	0x02700FFF	First Execution	32-bit	0x02700000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02EF0000	0x02EF0FFF	First Execution	32-bit	0x02EF0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02F00000	0x02F00FFF	First Execution	32-bit	0x02F00000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02EB0000	0x02EB0FFF	First Execution	32-bit	0x02EB0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02F20000	0x02F20FFF	First Execution	32-bit	0x02F20000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02EE0000	0x02EE0FFF	First Execution	32-bit	0x02EE0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02ED0000	0x02ED0FFF	First Execution	32-bit	0x02ED0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02F40000	0x02F40FFF	First Execution	32-bit	0x02F40000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02F10000	0x02F10FFF	First Execution	32-bit	0x02F10000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03440000	0x03440FFF	First Execution	32-bit	0x03440000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03440000	0x03440FFF	First Execution	32-bit	0x03440000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03440000	0x03440FFF	First Execution	32-bit	0x03440000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03440000	0x03440FFF	First Execution	32-bit	0x03440000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03440000	0x03440FFF	First Execution	32-bit	0x03440000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02110000	0x02110FFF	First Execution	32-bit	0x02110000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02810000	0x02810FFF	First Execution	32-bit	0x02810000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02820000	0x02820FFF	First Execution	32-bit	0x02820000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x027D0000	0x027D0FFF	First Execution	32-bit	0x027D0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02840000	0x02840FFF	First Execution	32-bit	0x02840000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02800000	0x02800FFF	First Execution	32-bit	0x02800000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x027F0000	0x027F0FFF	First Execution	32-bit	0x027F0000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02860000	0x02860FFF	First Execution	32-bit	0x02860000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02110000	0x02110FFF	First Execution	32-bit	0x02110000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02110000	0x02110FFF	First Execution	32-bit	0x02110000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02850000	0x02850FFF	First Execution	32-bit	0x02850000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02110000	0x02110FFF	First Execution	32-bit	0x02110000	... Memory Dump Actions Go to Process Download Dump
99.exe	18	0x00400000	0x00825FFF	Final Dump	32-bit	0x004061E9	... Memory Dump Actions Go to Process Download Dump
99.exe	34	0x00400000	0x00825FFF	First Execution	32-bit	0x00401000	... Memory Dump Actions Go to Process Download Dump
buffer	34	0x03440000	0x03440FFF	First Execution	32-bit	0x03440000	... Memory Dump Actions Go to Process Download Dump
buffer	34	0x03440000	0x03440FFF	First Execution	32-bit	0x03440000	... Memory Dump Actions Go to Process Download Dump
buffer	34	0x03440000	0x03440FFF	First Execution	32-bit	0x03440000	... Memory Dump Actions Go to Process Download Dump
buffer	34	0x03440000	0x03440FFF	First Execution	32-bit	0x03440000	... Memory Dump Actions Go to Process Download Dump
buffer	34	0x03440000	0x03440FFF	First Execution	32-bit	0x03440000	... Memory Dump Actions Go to Process Download Dump
buffer	34	0x00C50000	0x00C50FFF	First Execution	32-bit	0x00C50000	... Memory Dump Actions Go to Process Download Dump
buffer	34	0x00C50000	0x00C50FFF	First Execution	32-bit	0x00C50000	... Memory Dump Actions Go to Process Download Dump
buffer	34	0x00C50000	0x00C50FFF	First Execution	32-bit	0x00C50000	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x00290000	0x00290FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x002A0000	0x002A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x002B0000	0x002B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x002C0000	0x002C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x002D0000	0x002D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x002E0000	0x002E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x002F0000	0x002F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x009C0000	0x009C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x009D0000	0x009D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x009E0000	0x009E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x009F0000	0x009F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x00A00000	0x00A00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02130000	0x02130FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02150000	0x02150FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02180000	0x02180FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x021A0000	0x021A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x025C0000	0x025C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x025D0000	0x025D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x025E0000	0x025E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x025F0000	0x025F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02600000	0x02600FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02610000	0x02610FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02620000	0x02620FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02630000	0x02630FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02640000	0x02640FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02650000	0x02650FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02680000	0x02680FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x026D0000	0x026D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x026F0000	0x026F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02730000	0x02730FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x027A0000	0x027A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x027E0000	0x027E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02830000	0x02830FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02870000	0x02870FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02880000	0x02880FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02890000	0x02890FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x028A0000	0x028A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x028B0000	0x028B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x028C0000	0x028C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x028D0000	0x028D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x028E0000	0x028E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x028F0000	0x028F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02900000	0x02900FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02910000	0x02910FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02920000	0x02920FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02930000	0x02930FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02940000	0x02940FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02950000	0x02950FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02960000	0x02960FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02970000	0x02970FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02980000	0x02980FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02990000	0x02990FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x029A0000	0x029A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x029B0000	0x029B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x029C0000	0x029C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x029D0000	0x029D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x029E0000	0x029E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x029F0000	0x029F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02A00000	0x02A00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02A10000	0x02A10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02A20000	0x02A20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02A30000	0x02A30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02A40000	0x02A40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02A50000	0x02A50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02A60000	0x02A60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02A70000	0x02A70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02A80000	0x02A80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02A90000	0x02A90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02AA0000	0x02AA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02AB0000	0x02AB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02AC0000	0x02AC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02AD0000	0x02AD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02AE0000	0x02AE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02AF0000	0x02AF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02B00000	0x02B00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02B10000	0x02B10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02B20000	0x02B20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02B30000	0x02B30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02B40000	0x02B40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02B50000	0x02B50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02B60000	0x02B60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02B70000	0x02B70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02B80000	0x02B80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02B90000	0x02B90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02BA0000	0x02BA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02BB0000	0x02BB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02BC0000	0x02BC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02BD0000	0x02BD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02BE0000	0x02BE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02BF0000	0x02BF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02C00000	0x02C00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02C10000	0x02C10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02C20000	0x02C20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02C30000	0x02C30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02C40000	0x02C40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02C50000	0x02C50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02C60000	0x02C60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02C70000	0x02C70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02C80000	0x02C80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02C90000	0x02C90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02CA0000	0x02CA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02CB0000	0x02CB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02CC0000	0x02CC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02CD0000	0x02CD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02CE0000	0x02CE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02CF0000	0x02CF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02D00000	0x02D00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02D10000	0x02D10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02D20000	0x02D20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02D30000	0x02D30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02D40000	0x02D40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02D50000	0x02D50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02D60000	0x02D60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02D70000	0x02D70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02D80000	0x02D80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02D90000	0x02D90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02DA0000	0x02DA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02DB0000	0x02DB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02DC0000	0x02DC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02DD0000	0x02DD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02DE0000	0x02DE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02DF0000	0x02DF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02E00000	0x02E00FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02E10000	0x02E10FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02E20000	0x02E20FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02E30000	0x02E30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02E40000	0x02E40FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02E50000	0x02E50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02E60000	0x02E60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02E70000	0x02E70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02E80000	0x02E80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02E90000	0x02E90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02EA0000	0x02EA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02EC0000	0x02EC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02F30000	0x02F30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02F50000	0x02F50FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02F60000	0x02F60FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02F70000	0x02F70FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02F80000	0x02F80FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02F90000	0x02F90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02FA0000	0x02FA0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02FB0000	0x02FB0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02FC0000	0x02FC0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02FD0000	0x02FD0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02FE0000	0x02FE0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x02FF0000	0x02FF0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03000000	0x03000FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03010000	0x03010FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03020000	0x03020FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03030000	0x03030FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03040000	0x03040FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03050000	0x03050FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03060000	0x03060FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03070000	0x03070FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03080000	0x03080FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03090000	0x03090FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x030A0000	0x030A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x030B0000	0x030B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x030D0000	0x030D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03120000	0x03120FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03160000	0x03160FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03180000	0x03180FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x031D0000	0x031D0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x031F0000	0x031F0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03210000	0x03210FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03220000	0x03220FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03230000	0x03230FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03240000	0x03240FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03250000	0x03250FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03260000	0x03260FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03270000	0x03270FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03280000	0x03280FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03290000	0x03290FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x032A0000	0x032A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x032B0000	0x032B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x032C0000	0x032C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x032E0000	0x032E0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03330000	0x03330FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03370000	0x03370FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03380000	0x03380FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x03390000	0x03390FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x033A0000	0x033A0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x033B0000	0x033B0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	18	0x033C0000	0x033C0FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	34	0x00C50000	0x00C50FFF	First Execution	32-bit	0x00C50000	... Memory Dump Actions Go to Process Download Dump
buffer	34	0x02870000	0x02870FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	34	0x02B30000	0x02B30FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	34	0x02C90000	0x02C90FFF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump

C:\Users\KEECFM~1\AppData\Local\Temp\nsaEA97.tmp\nsProcess.dll

Dropped File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	4.00 KB
MD5	05450face243b3a7472407b999b03a72
SHA1	ffd88af2e338ae606c444390f7eaaf5f4aef2cd9
SHA256	95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89
SSDeep	48:SKgfJzwtr95f5wiXnfkm4ZixVWmWDYWWDYvt6ENGAa4GW6ENcuHdtjq6vo:hZ9Htnfd/xVJ3W3V6aQ4GW6azdtj
ImpHash	c9fc7f6df8fedf8f8f1f9f820c072664

PE Information

Image Base	0x10000000
Entry Point	0x1000109f
Size Of Code	0x600
Size Of Initialized Data	0xc00
File Type	FileType.dll
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2006-08-31 08:46:27+00:00

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x10001000	0x47d	0x600	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.14
.rdata	0x10002000	0x286	0x400	0xa00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	3.42
.data	0x10003000	0x40c	0x0	0x0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.reloc	0x10004000	0x92	0x200	0xe00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	1.48

Imports (1)

KERNEL32.dll (15)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
lstrlenA	-	0x10002000	0x20dc	0xadc	0x3cc
CloseHandle	-	0x10002004	0x20e0	0xae0	0x34
TerminateProcess	-	0x10002008	0x20e4	0xae4	0x35e
OpenProcess	-	0x1000200c	0x20e8	0xae8	0x286
lstrcmpiA	-	0x10002010	0x20ec	0xaec	0x3c3
WideCharToMultiByte	-	0x10002014	0x20f0	0xaf0	0x394
FreeLibrary	-	0x10002018	0x20f4	0xaf4	0xf8
LocalFree	-	0x1000201c	0x20f8	0xaf8	0x25c
LocalAlloc	-	0x10002020	0x20fc	0xafc	0x258
GetProcAddress	-	0x10002024	0x2100	0xb00	0x1a0
LoadLibraryA	-	0x10002028	0x2104	0xb04	0x252
GetVersionExA	-	0x1000202c	0x2108	0xb08	0x1e9
GlobalFree	-	0x10002030	0x210c	0xb0c	0x1ff
lstrcpynA	-	0x10002034	0x2110	0xb10	0x3c9
GlobalAlloc	-	0x10002038	0x2114	0xb14	0x1f8

Exports (3)

Api name	EAT Address	Ordinal
_FindProcess	0x13ff	0x1
_KillProcess	0x143e	0x2
_Unload	0x109e	0x3

C:\Users\KEECFM~1\AppData\Local\Temp\nsaEA97.tmp\nsExec.dll

Dropped File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	6.50 KB
MD5	b5a1f9dc73e2944a388a61411bdd8c70
SHA1	dc9b20df3f3810c2e81a0c54dea385704ba8bef7
SHA256	288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884
SSDeep	96:p7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNQ3e:lXhHR0aTQN4gRHdMqJVgNH
ImpHash	46f8b6973f33717335c0f6d8087de67b

PE Information

Image Base	0x10000000
Entry Point	0x10001087
Size Of Code	0xc00
Size Of Initialized Data	0xe00
File Type	FileType.dll
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2016-12-11 21:50:09+00:00

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x10001000	0xa2e	0xc00	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.72
.rdata	0x10002000	0x52c	0x600	0x1000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.51
.data	0x10003000	0x494	0x200	0x1600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	1.39
.reloc	0x10004000	0x1ca	0x200	0x1800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	4.06

Imports (3)

KERNEL32.dll (36)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetModuleHandleA	-	0x1000200c	0x2118	0x1118	0x17f
lstrlenA	-	0x10002010	0x211c	0x111c	0x3cc
GetExitCodeProcess	-	0x10002014	0x2120	0x1120	0x15a
WaitForSingleObject	-	0x10002018	0x2124	0x1124	0x390
Sleep	-	0x1000201c	0x2128	0x1128	0x356
TerminateProcess	-	0x10002020	0x212c	0x112c	0x35e
GlobalReAlloc	-	0x10002024	0x2130	0x1130	0x206
GlobalUnlock	-	0x10002028	0x2134	0x1134	0x20a
GlobalSize	-	0x1000202c	0x2138	0x1138	0x207
lstrcpynA	-	0x10002030	0x213c	0x113c	0x3c9
ReadFile	-	0x10002034	0x2140	0x1140	0x2b5
PeekNamedPipe	-	0x10002038	0x2144	0x1144	0x291
GetTickCount	-	0x1000203c	0x2148	0x1148	0x1df
lstrcpyA	-	0x10002040	0x214c	0x114c	0x3c6
CreateProcessA	-	0x10002044	0x2150	0x1150	0x66
GetStartupInfoA	-	0x10002048	0x2154	0x1154	0x1b7
GetProcAddress	-	0x1000204c	0x2158	0x1158	0x1a0
GetVersion	-	0x10002050	0x215c	0x115c	0x1e8
DeleteFileA	-	0x10002054	0x2160	0x1160	0x83
lstrcmpiA	-	0x10002058	0x2164	0x1164	0x3c3
GetCurrentProcess	-	0x1000205c	0x2168	0x1168	0x142
CloseHandle	-	0x10002060	0x216c	0x116c	0x34
UnmapViewOfFile	-	0x10002064	0x2170	0x1170	0x371
MapViewOfFile	-	0x10002068	0x2174	0x1174	0x268
CreateFileMappingA	-	0x1000206c	0x2178	0x1178	0x54
CreateFileA	-	0x10002070	0x217c	0x117c	0x53
CopyFileA	-	0x10002074	0x2180	0x1180	0x43
GetTempFileNameA	-	0x10002078	0x2184	0x1184	0x1d3
GlobalFree	-	0x1000207c	0x2188	0x1188	0x1ff
GlobalAlloc	-	0x10002080	0x218c	0x118c	0x1f8
GetModuleFileNameA	-	0x10002084	0x2190	0x1190	0x17d
ExitProcess	-	0x10002088	0x2194	0x1194	0xb9
GetCommandLineA	-	0x1000208c	0x2198	0x1198	0x110
CreatePipe	-	0x10002090	0x219c	0x119c	0x65
GlobalLock	-	0x10002094	0x21a0	0x11a0	0x203
lstrcatA	-	0x10002098	0x21a4	0x11a4	0x3bd

USER32.dll (6)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SendMessageA	-	0x100020a0	0x21ac	0x11ac	0x23b
OemToCharBuffA	-	0x100020a4	0x21b0	0x11b0	0x1f2
FindWindowExA	-	0x100020a8	0x21b4	0x11b4	0xe4
CharNextA	-	0x100020ac	0x21b8	0x11b8	0x2a
wsprintfA	-	0x100020b0	0x21bc	0x11bc	0x2d7
CharPrevA	-	0x100020b4	0x21c0	0x11c0	0x2d

ADVAPI32.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
InitializeSecurityDescriptor	-	0x10002000	0x210c	0x110c	0x134
SetSecurityDescriptorDacl	-	0x10002004	0x2110	0x1110	0x23a

Exports (3)

Api name	EAT Address	Ordinal
Exec	0x1000	0x1
ExecToLog	0x102d	0x2
ExecToStack	0x105a	0x3

C:\Windows\parameters.ini

Dropped File

Unknown

MIME Type	application/x-wine-extension-ini
File Size	221 Bytes
MD5	a250144574eb2c2bbe6105316d30e5ac
SHA1	57865463c0e453c4c5f0fba27aaee4f6d50d4cf3
SHA256	5132473519727449bbb03a67eff6536e0d80c5944fd785fb70950ea6e48bf498
SSDeep	6:G4LaEmAyIcC+jmCGgXMA/kZiL9Bv+F4yseRNy:fL10IIjmFgXm4Lbw13+
ImpHash	-

C:\Users\KEECFM~1\AppData\Local\Temp\install.vbs

Dropped File

Stream

MIME Type	application/octet-stream
File Size	540 Bytes
MD5	cc88d68e527808cf71b3c45405ef0ab0
SHA1	3d731948a18c9da38618f374cd58fdca5311cc3f
SHA256	c1f2496c034f47cadd6b9f8947b3b2eb8d7143f063e0c8bf70feee9aa052d92e
SSDeep	12:4D8o++ugypjBQMB3DUQ1u49ZvFQ4lOPnINMJCqRF0M/0aimi:4Dh+SMTZE49hFNOPnzvF0Nait
ImpHash	-

C:\Users\kEecfMwgj\AppData\Local\Temp\88.exe

Downloaded File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	1.91 MB
MD5	084788632c2f3c0f11bd5fa972447b77
SHA1	b88b78c9b2640413763f701cd468f69bd622b93a
SHA256	77a19114247e6beb7268107e231d3aa6a4e28ca7242e73506eeec7e8b2ecb196
SSDeep	49152:eYCzaWct2mph4nm83MsWpErDZ4rgNvFeBIDOeZ:pCGpt/ph4n9B4rgxk0Z
ImpHash	b78ecf47c0a3e24a6f4af114e2d1f5de

PE Information

Image Base	0x400000
Entry Point	0x4031a3
Size Of Code	0x6200
Size Of Initialized Data	0x27c00
Size Of Uninitialized Data	0x400
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2016-12-11 21:50:52+00:00

Sections (5)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x6071	0x6200	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.43
.rdata	0x408000	0x1352	0x1400	0x6600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.24
.data	0x40a000	0x254f8	0x600	0x7a00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.04
.ndata	0x430000	0x9000	0x0	0x0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rsrc	0x439000	0x6b50	0x6c00	0x8000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.81

Imports (7)

KERNEL32.dll (61)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SetEnvironmentVariableA	-	0x408070	0x8644	0x6c44	0x313
Sleep	-	0x408074	0x8648	0x6c48	0x356
GetTickCount	-	0x408078	0x864c	0x6c4c	0x1df
GetFileSize	-	0x40807c	0x8650	0x6c50	0x163
GetModuleFileNameA	-	0x408080	0x8654	0x6c54	0x17d
GetCurrentProcess	-	0x408084	0x8658	0x6c58	0x142
CopyFileA	-	0x408088	0x865c	0x6c5c	0x43
GetFileAttributesA	-	0x40808c	0x8660	0x6c60	0x15e
SetFileAttributesA	-	0x408090	0x8664	0x6c64	0x319
GetWindowsDirectoryA	-	0x408094	0x8668	0x6c68	0x1f3
GetTempPathA	-	0x408098	0x866c	0x6c6c	0x1d5
GetCommandLineA	-	0x40809c	0x8670	0x6c70	0x110
lstrlenA	-	0x4080a0	0x8674	0x6c74	0x3cc
GetVersion	-	0x4080a4	0x8678	0x6c78	0x1e8
SetErrorMode	-	0x4080a8	0x867c	0x6c7c	0x315
lstrcpynA	-	0x4080ac	0x8680	0x6c80	0x3c9
ExitProcess	-	0x4080b0	0x8684	0x6c84	0xb9
GetFullPathNameA	-	0x4080b4	0x8688	0x6c88	0x169
GlobalLock	-	0x4080b8	0x868c	0x6c8c	0x203
CreateThread	-	0x4080bc	0x8690	0x6c90	0x6f
GetLastError	-	0x4080c0	0x8694	0x6c94	0x171
CreateDirectoryA	-	0x4080c4	0x8698	0x6c98	0x4b
CreateProcessA	-	0x4080c8	0x869c	0x6c9c	0x66
RemoveDirectoryA	-	0x4080cc	0x86a0	0x6ca0	0x2c4
CreateFileA	-	0x4080d0	0x86a4	0x6ca4	0x53
GetTempFileNameA	-	0x4080d4	0x86a8	0x6ca8	0x1d3
ReadFile	-	0x4080d8	0x86ac	0x6cac	0x2b5
WriteFile	-	0x4080dc	0x86b0	0x6cb0	0x3a4
lstrcpyA	-	0x4080e0	0x86b4	0x6cb4	0x3c6
MoveFileExA	-	0x4080e4	0x86b8	0x6cb8	0x26f
lstrcatA	-	0x4080e8	0x86bc	0x6cbc	0x3bd
GetSystemDirectoryA	-	0x4080ec	0x86c0	0x6cc0	0x1c1
GetProcAddress	-	0x4080f0	0x86c4	0x6cc4	0x1a0
CloseHandle	-	0x4080f4	0x86c8	0x6cc8	0x34
SetCurrentDirectoryA	-	0x4080f8	0x86cc	0x6ccc	0x30a
MoveFileA	-	0x4080fc	0x86d0	0x6cd0	0x26e
CompareFileTime	-	0x408100	0x86d4	0x6cd4	0x39
GetShortPathNameA	-	0x408104	0x86d8	0x6cd8	0x1b5
SearchPathA	-	0x408108	0x86dc	0x6cdc	0x2db
lstrcmpiA	-	0x40810c	0x86e0	0x6ce0	0x3c3
SetFileTime	-	0x408110	0x86e4	0x6ce4	0x31f
lstrcmpA	-	0x408114	0x86e8	0x6ce8	0x3c0
ExpandEnvironmentStringsA	-	0x408118	0x86ec	0x6cec	0xbc
GlobalUnlock	-	0x40811c	0x86f0	0x6cf0	0x20a
GetDiskFreeSpaceA	-	0x408120	0x86f4	0x6cf4	0x14d
GlobalFree	-	0x408124	0x86f8	0x6cf8	0x1ff
FindFirstFileA	-	0x408128	0x86fc	0x6cfc	0xd2
FindNextFileA	-	0x40812c	0x8700	0x6d00	0xdc
DeleteFileA	-	0x408130	0x8704	0x6d04	0x83
SetFilePointer	-	0x408134	0x8708	0x6d08	0x31b
GetPrivateProfileStringA	-	0x408138	0x870c	0x6d0c	0x19c
FindClose	-	0x40813c	0x8710	0x6d10	0xce
MultiByteToWideChar	-	0x408140	0x8714	0x6d14	0x275
FreeLibrary	-	0x408144	0x8718	0x6d18	0xf8
MulDiv	-	0x408148	0x871c	0x6d1c	0x274
WritePrivateProfileStringA	-	0x40814c	0x8720	0x6d20	0x3a9
LoadLibraryExA	-	0x408150	0x8724	0x6d24	0x253
GetModuleHandleA	-	0x408154	0x8728	0x6d28	0x17f
GetExitCodeProcess	-	0x408158	0x872c	0x6d2c	0x15a
WaitForSingleObject	-	0x40815c	0x8730	0x6d30	0x390
GlobalAlloc	-	0x408160	0x8734	0x6d34	0x1f8

USER32.dll (63)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ScreenToClient	-	0x408184	0x8758	0x6d58	0x231
GetSystemMenu	-	0x408188	0x875c	0x6d5c	0x15c
SetClassLongA	-	0x40818c	0x8760	0x6d60	0x247
IsWindowEnabled	-	0x408190	0x8764	0x6d64	0x1ae
SetWindowPos	-	0x408194	0x8768	0x6d68	0x283
GetSysColor	-	0x408198	0x876c	0x6d6c	0x15a
GetWindowLongA	-	0x40819c	0x8770	0x6d70	0x16e
SetCursor	-	0x4081a0	0x8774	0x6d74	0x24d
LoadCursorA	-	0x4081a4	0x8778	0x6d78	0x1ba
CheckDlgButton	-	0x4081a8	0x877c	0x6d7c	0x38
GetMessagePos	-	0x4081ac	0x8780	0x6d80	0x13c
LoadBitmapA	-	0x4081b0	0x8784	0x6d84	0x1b8
CallWindowProcA	-	0x4081b4	0x8788	0x6d88	0x1b
IsWindowVisible	-	0x4081b8	0x878c	0x6d8c	0x1b1
CloseClipboard	-	0x4081bc	0x8790	0x6d90	0x42
SetClipboardData	-	0x4081c0	0x8794	0x6d94	0x24a
EmptyClipboard	-	0x4081c4	0x8798	0x6d98	0xc1
PostQuitMessage	-	0x4081c8	0x879c	0x6d9c	0x204
GetWindowRect	-	0x4081cc	0x87a0	0x6da0	0x174
EnableMenuItem	-	0x4081d0	0x87a4	0x6da4	0xc2
CreatePopupMenu	-	0x4081d4	0x87a8	0x6da8	0x5e
GetSystemMetrics	-	0x4081d8	0x87ac	0x6dac	0x15d
SetDlgItemTextA	-	0x4081dc	0x87b0	0x6db0	0x253
GetDlgItemTextA	-	0x4081e0	0x87b4	0x6db4	0x113
MessageBoxIndirectA	-	0x4081e4	0x87b8	0x6db8	0x1e2
CharPrevA	-	0x4081e8	0x87bc	0x6dbc	0x2d
DispatchMessageA	-	0x4081ec	0x87c0	0x6dc0	0xa1
PeekMessageA	-	0x4081f0	0x87c4	0x6dc4	0x200
ReleaseDC	-	0x4081f4	0x87c8	0x6dc8	0x22a
EnableWindow	-	0x4081f8	0x87cc	0x6dcc	0xc4
InvalidateRect	-	0x4081fc	0x87d0	0x6dd0	0x193
SendMessageA	-	0x408200	0x87d4	0x6dd4	0x23b
DefWindowProcA	-	0x408204	0x87d8	0x6dd8	0x8e
BeginPaint	-	0x408208	0x87dc	0x6ddc	0xd
GetClientRect	-	0x40820c	0x87e0	0x6de0	0xff
FillRect	-	0x408210	0x87e4	0x6de4	0xe2
DrawTextA	-	0x408214	0x87e8	0x6de8	0xbc
EndDialog	-	0x408218	0x87ec	0x6dec	0xc6
RegisterClassA	-	0x40821c	0x87f0	0x6df0	0x216
SystemParametersInfoA	-	0x408220	0x87f4	0x6df4	0x299
CreateWindowExA	-	0x408224	0x87f8	0x6df8	0x60
GetClassInfoA	-	0x408228	0x87fc	0x6dfc	0xf6
DialogBoxParamA	-	0x40822c	0x8800	0x6e00	0x9e
CharNextA	-	0x408230	0x8804	0x6e04	0x2a
ExitWindowsEx	-	0x408234	0x8808	0x6e08	0xe1
GetDC	-	0x408238	0x880c	0x6e0c	0x10c
CreateDialogParamA	-	0x40823c	0x8810	0x6e10	0x55
SetTimer	-	0x408240	0x8814	0x6e14	0x27a
GetDlgItem	-	0x408244	0x8818	0x6e18	0x111
SetWindowLongA	-	0x408248	0x881c	0x6e1c	0x280
SetForegroundWindow	-	0x40824c	0x8820	0x6e20	0x257
LoadImageA	-	0x408250	0x8824	0x6e24	0x1c0
IsWindow	-	0x408254	0x8828	0x6e28	0x1ad
SendMessageTimeoutA	-	0x408258	0x882c	0x6e2c	0x23e
FindWindowExA	-	0x40825c	0x8830	0x6e30	0xe4
OpenClipboard	-	0x408260	0x8834	0x6e34	0x1f6
TrackPopupMenu	-	0x408264	0x8838	0x6e38	0x2a4
AppendMenuA	-	0x408268	0x883c	0x6e3c	0x8
EndPaint	-	0x40826c	0x8840	0x6e40	0xc8
DestroyWindow	-	0x408270	0x8844	0x6e44	0x99
wsprintfA	-	0x408274	0x8848	0x6e48	0x2d7
ShowWindow	-	0x408278	0x884c	0x6e4c	0x292
SetWindowTextA	-	0x40827c	0x8850	0x6e50	0x286

GDI32.dll (8)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SelectObject	-	0x40804c	0x8620	0x6c20	0x20e
SetBkMode	-	0x408050	0x8624	0x6c24	0x216
CreateFontIndirectA	-	0x408054	0x8628	0x6c28	0x3a
SetTextColor	-	0x408058	0x862c	0x6c2c	0x23c
DeleteObject	-	0x40805c	0x8630	0x6c30	0x8f
GetDeviceCaps	-	0x408060	0x8634	0x6c34	0x16b
CreateBrushIndirect	-	0x408064	0x8638	0x6c38	0x29
SetBkColor	-	0x408068	0x863c	0x6c3c	0x215

SHELL32.dll (6)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHGetSpecialFolderLocation	-	0x408168	0x873c	0x6d3c	0xc3
SHGetPathFromIDListA	-	0x40816c	0x8740	0x6d40	0xbc
SHBrowseForFolderA	-	0x408170	0x8744	0x6d44	0x79
SHGetFileInfoA	-	0x408174	0x8748	0x6d48	0xac
ShellExecuteA	-	0x408178	0x874c	0x6d4c	0x107
SHFileOperationA	-	0x40817c	0x8750	0x6d50	0x9a

ADVAPI32.dll (13)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegDeleteKeyA	-	0x408000	0x85d4	0x6bd4	0x1d4
SetFileSecurityA	-	0x408004	0x85d8	0x6bd8	0x22e
OpenProcessToken	-	0x408008	0x85dc	0x6bdc	0x1ac
LookupPrivilegeValueA	-	0x40800c	0x85e0	0x6be0	0x14f
AdjustTokenPrivileges	-	0x408010	0x85e4	0x6be4	0x1c
RegOpenKeyExA	-	0x408014	0x85e8	0x6be8	0x1ec
RegEnumValueA	-	0x408018	0x85ec	0x6bec	0x1e1
RegDeleteValueA	-	0x40801c	0x85f0	0x6bf0	0x1d8
RegCloseKey	-	0x408020	0x85f4	0x6bf4	0x1cb
RegCreateKeyExA	-	0x408024	0x85f8	0x6bf8	0x1d1
RegSetValueExA	-	0x408028	0x85fc	0x6bfc	0x204
RegQueryValueExA	-	0x40802c	0x8600	0x6c00	0x1f7
RegEnumKeyA	-	0x408030	0x8604	0x6c04	0x1dd

COMCTL32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ImageList_Create	-	0x408038	0x860c	0x6c0c	0x37
ImageList_AddMasked	-	0x40803c	0x8610	0x6c10	0x34
ImageList_Destroy	-	0x408040	0x8614	0x6c14	0x38
(by ordinal)	0x11	0x408044	0x8618	0x6c18	-

ole32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
OleUninitialize	-	0x408284	0x8858	0x6e58	0x105
OleInitialize	-	0x408288	0x885c	0x6e5c	0xee
CoTaskMemFree	-	0x40828c	0x8860	0x6e60	0x65
CoCreateInstance	-	0x408290	0x8864	0x6e64	0x10

Memory Dumps (2)

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	YARA	Actions
88.exe	17	0x00400000	0x0043FFFF	Relevant Image		32-bit	0x0040615C		... Memory Dump Actions Go to Process Download Dump
88.exe	17	0x00400000	0x0043FFFF	Final Dump		32-bit	-		... Memory Dump Actions Go to Process Download Dump

39ff87fbf98a6ce3984d9d2c2142165e8b4fcb4a4fb03f0780aa3873ca89a7d4

Embedded File

Image

Parent File	C:\Windows\Client.exe
MIME Type	image/png
File Size	6.12 KB
MD5	5f8899366098b601a8cf2ecdca4b7aae
SHA1	4bc98783129a69a27dab2ccd34485e8acbc51744
SHA256	39ff87fbf98a6ce3984d9d2c2142165e8b4fcb4a4fb03f0780aa3873ca89a7d4
SSDeep	192:IGfYUsO8CcC7FN4OIrFkVI8yY3rUs7VJB34E:VYUsO8LkFN4OIryI8J3Y2JB3Z
ImpHash	-

e74432afd4c7fe4cfb0cf8425ae298fcf425e0f0437510bde8546dbd02da0a2d

Embedded File

Image

Parent File	C:\Windows\Client.exe
MIME Type	image/png
File Size	5.14 KB
MD5	50ea148a8b3f8e6e0bcf6b37918f4a93
SHA1	4d4a0a69e7f3f1a234cf4edcf3a897e18531b07e
SHA256	e74432afd4c7fe4cfb0cf8425ae298fcf425e0f0437510bde8546dbd02da0a2d
SSDeep	96:DSDZ/I09Da01l+gmkyTt6Hk8nTJzBhj0F4JeRUQxpMO4nAXM0L54z:DSDS0tKg9E05TJFNZJeR5V2AXS
ImpHash	-

25e3ec43b207e22a0ee7701b9525975043ec2817e492dd07eb40306b944374c4

Embedded File

Image

Parent File	C:\Windows\Client.exe
MIME Type	image/png
File Size	4.28 KB
MD5	51ffac6dde5a49e226a5435dc08656a0
SHA1	2d4a625ab8c1c45ed5f0e2a4e4138077d5ee89e6
SHA256	25e3ec43b207e22a0ee7701b9525975043ec2817e492dd07eb40306b944374c4
SSDeep	96:DSDZ/I09Da01l+gmkyTt6Hk8nT+li5r/tOWX2747Yz:DSDS0tKg9E05T+liR/tOV476
ImpHash	-

636f368c9f42323b69cdf2463823eadd363e91df7f37a9d0eb863708a7f3fb83

Embedded File

Image

Parent File	C:\Windows\Client.exe
MIME Type	image/png
File Size	3.39 KB
MD5	481232c3ddd70cc57011d3d8ed8191ca
SHA1	8722e588f04dab44a4ec94e248d74d058f269220
SHA256	636f368c9f42323b69cdf2463823eadd363e91df7f37a9d0eb863708a7f3fb83
SSDeep	96:DSDZ/I09Da01l+gmkyTt6Hk8nTAaxZYRzAJvz:DSDS0tKg9E05TFJvz
ImpHash	-

Remarks (2/2)

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After