9f9bae001065

Remarks

Maximum Dump Size Exceeded (0x0200004A): 5 dump(s) were skipped because they exceeded the maximum dump size of 7 MB. The largest one was 10 MB.

Filters:

File Name	Category	Type	Verdict	Actions

C:\ProgramData:ApplicationData

Sample File

Binary

Also Known As	C:\ProgramData\images.exe (Dropped File, Accessed File) C:\Users\RDhJ0CNFevzX\Desktop\9f9bae001065a649a78ce6de997f160ef32d03a2c28f4633a8386f75c938cadf.exe (Accessed File, Sample File, VM File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	217.50 KB
MD5	dabc6f0c75c134e5310ba3526adba833
SHA1	854ec103a64182c97e8f25e45da04889dbbbf3ff
SHA256	9f9bae001065a649a78ce6de997f160ef32d03a2c28f4633a8386f75c938cadf
SSDeep	6144:DcsB/VWq2pmz2WGO3LPJRWE/4F0xXKk7ETkFI49Poih:DciKMoO3LDn4uxXKk7FI4d
ImpHash	12223521b494f53df3a1fd878d789144

PE Information

Image Base	0x00400000
Entry Point	0x00553B50
Size Of Code	0x00035000
Size Of Initialized Data	0x00002000
Size Of Uninitialized Data	0x0011E000
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2022-05-19 11:47 (UTC+2)

Version Information (9)

CompanyName
FileDescription	atlduck Module
FileVersion	1, 0, 0, 1
InternalName	ATLDUCK
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	ATLDUCK.DLL
ProductName	atlduck Module
ProductVersion	1, 0, 0, 1
OLESelfRegister

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
UPX0	0x00401000	0x0011E000	0x00000000	0x00000400	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
UPX1	0x0051F000	0x00035000	0x00035000	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.89
.rsrc	0x00554000	0x00002000	0x00001200	0x00035400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.94

Imports (7)

ADVAPI32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
AccessCheck	-	0x00554EFC	0x00154EFC	0x000362FC	0x00000000

GDI32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetTextExtentPoint32A	-	0x00554F04	0x00154F04	0x00036304	0x00000000

KERNEL32.DLL (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
LoadLibraryA	-	0x00554F0C	0x00154F0C	0x0003630C	0x00000000
ExitProcess	-	0x00554F10	0x00154F10	0x00036310	0x00000000
GetProcAddress	-	0x00554F14	0x00154F14	0x00036314	0x00000000
VirtualProtect	-	0x00554F18	0x00154F18	0x00036318	0x00000000

ole32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CoInitialize	-	0x00554F20	0x00154F20	0x00036320	0x00000000

OLEAUT32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SysFreeString	0x00000006	0x00554F28	0x00154F28	0x00036328	-

SHELL32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHGetFileInfoA	-	0x00554F30	0x00154F30	0x00036330	0x00000000

USER32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetDC	-	0x00554F38	0x00154F38	0x00036338	0x00000000

Memory Dumps (96)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
9f9bae001065a649a78ce6de997f160ef32d03a2c28f4633a8386f75c938cadf.exe	1	0x00400000	0x00555FFF	First Execution	32-bit	0x00553B50	... Actions Go to Process Download Dump
9f9bae001065a649a78ce6de997f160ef32d03a2c28f4633a8386f75c938cadf.exe	1	0x00400000	0x00555FFF	Content Changed	32-bit	0x00409370	... Actions Go to Process Download Dump
9f9bae001065a649a78ce6de997f160ef32d03a2c28f4633a8386f75c938cadf.exe	1	0x00400000	0x00555FFF	Content Changed	32-bit	0x0040B1C0	... Actions Go to Process Download Dump
9f9bae001065a649a78ce6de997f160ef32d03a2c28f4633a8386f75c938cadf.exe	1	0x00400000	0x00555FFF	Content Changed	32-bit	0x00406DA0	... Actions Go to Process Download Dump
9f9bae001065a649a78ce6de997f160ef32d03a2c28f4633a8386f75c938cadf.exe	1	0x00400000	0x00555FFF	Content Changed	32-bit	0x00415901	... Actions Go to Process Download Dump
9f9bae001065a649a78ce6de997f160ef32d03a2c28f4633a8386f75c938cadf.exe	1	0x00400000	0x00555FFF	Content Changed	32-bit	0x00404360	... Actions Go to Process Download Dump
user32.dll	1	0x75640000	0x75786FFF	First Execution	32-bit	0x756BFEC0	... Actions Go to Process Download Dump
buffer	1	0x02B50000	0x02CA3FFF	First Execution	32-bit	0x02B63058	... Actions Go to Process Download Dump
buffer	1	0x0320C020	0x0360C01F	Image In Buffer	32-bit	-	... Actions Go to Process Download Dump
9f9bae001065a649a78ce6de997f160ef32d03a2c28f4633a8386f75c938cadf.exe	1	0x00400000	0x00555FFF	Final Dump	32-bit	0x00405507	... Actions Go to Process Download Dump
9f9bae001065a649a78ce6de997f160ef32d03a2c28f4633a8386f75c938cadf.exe	1	0x00400000	0x00555FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
images.exe	4	0x00400000	0x00555FFF	First Execution	32-bit	0x00553B50	... Actions Go to Process Download Dump
images.exe	4	0x00400000	0x00555FFF	Content Changed	32-bit	0x00409370	... Actions Go to Process Download Dump
user32.dll	4	0x75640000	0x75786FFF	First Execution	32-bit	0x756BFEC0	... Actions Go to Process Download Dump
images.exe	7	0x00400000	0x00555FFF	First Execution	32-bit	0x00553B50	... Actions Go to Process Download Dump
images.exe	7	0x00400000	0x00555FFF	Content Changed	32-bit	0x0041232F	... Actions Go to Process Download Dump
images.exe	7	0x00400000	0x00555FFF	Content Changed	32-bit	0x00406DA0	... Actions Go to Process Download Dump
images.exe	7	0x00400000	0x00555FFF	Content Changed	32-bit	0x00415901	... Actions Go to Process Download Dump
images.exe	7	0x00400000	0x00555FFF	Content Changed	32-bit	0x00404360	... Actions Go to Process Download Dump
user32.dll	7	0x756D0000	0x75816FFF	First Execution	32-bit	0x7574FEC0	... Actions Go to Process Download Dump
buffer	7	0x02190000	0x022E3FFF	First Execution	32-bit	0x021A3058	... Actions Go to Process Download Dump
buffer	7	0x03206020	0x0360601F	Image In Buffer	32-bit	-	... Actions Go to Process Download Dump
images.exe	7	0x00400000	0x00555FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
images.exe	14	0x00400000	0x00555FFF	First Execution	32-bit	0x00407DB2	... Actions Go to Process Download Dump
images.exe	14	0x00400000	0x00555FFF	Content Changed	32-bit	0x00409370	... Actions Go to Process Download Dump
images.exe	14	0x00400000	0x00555FFF	Content Changed	32-bit	0x00415901	... Actions Go to Process Download Dump
images.exe	14	0x00400000	0x00555FFF	Content Changed	32-bit	0x00404360	... Actions Go to Process Download Dump
user32.dll	14	0x756D0000	0x75816FFF	First Execution	32-bit	0x7574FEC0	... Actions Go to Process Download Dump
buffer	14	0x02BF0000	0x02D43FFF	First Execution	32-bit	0x02C03058	... Actions Go to Process Download Dump
buffer	14	0x0320A020	0x0360A01F	Image In Buffer	32-bit	-	... Actions Go to Process Download Dump
images.exe	14	0x00400000	0x00555FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
images.exe	16	0x00400000	0x00555FFF	First Execution	32-bit	0x00407DB2	... Actions Go to Process Download Dump
images.exe	16	0x00400000	0x00555FFF	Content Changed	32-bit	0x00409370	... Actions Go to Process Download Dump
images.exe	16	0x00400000	0x00555FFF	Content Changed	32-bit	0x00415901	... Actions Go to Process Download Dump
images.exe	16	0x00400000	0x00555FFF	Content Changed	32-bit	0x00404360	... Actions Go to Process Download Dump
user32.dll	16	0x756D0000	0x75816FFF	First Execution	32-bit	0x7574FEC0	... Actions Go to Process Download Dump
buffer	16	0x029F0000	0x02B43FFF	First Execution	32-bit	0x02A03058	... Actions Go to Process Download Dump
buffer	16	0x02C8D000	0x02C8FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x0019D000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x00656D30	0x00656DAF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x00659088	0x00659127	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x00659E20	0x00659EAF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x0065A328	0x0065A3A7	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x00660E88	0x006611EB	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x006611F8	0x00661DF7	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x00661E00	0x0066201F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x00662430	0x00662C2F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x0067FCB8	0x0067FDAB	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x006A8FD8	0x006A957B	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x006AF208	0x006AF407	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x006AF410	0x006AF60F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x006AF618	0x006AF817	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x006AF988	0x006AFA87	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x006AFA90	0x006AFB8F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x006AFB98	0x006AFC96	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x029F0000	0x02B43FFF	First Network Behavior	32-bit	0x029F2D0C	... Actions Go to Process Download Dump
buffer	16	0x02D60000	0x02D60FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x02D70000	0x02D70FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x02D90000	0x02D90FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x02E20000	0x02E20FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x02E30000	0x02E30FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x02E40000	0x02E40FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03190000	0x03190FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x031A0000	0x031A0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x031B0000	0x031B0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x031C0000	0x031C0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x031D0000	0x031D0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x031E0000	0x031E0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x031F0000	0x031F0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x0320A020	0x0360A01F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03610000	0x03610FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03620000	0x03620FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03630000	0x03630FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03640000	0x03640FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03650000	0x03650FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03660000	0x03660FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03670000	0x03670FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03680000	0x03680FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03690000	0x03690FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x036A0000	0x036A0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x036B0000	0x036B0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x036C0000	0x036C0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x036D0000	0x036D0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x036E0000	0x036E0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x036F0000	0x036F0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03700000	0x03700FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03710000	0x03710FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03720000	0x03720FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03730000	0x03730FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03750000	0x03750FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03760000	0x03760FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03770000	0x03770FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	16	0x03780000	0x03780FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
images.exe	16	0x00400000	0x00555FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
user32.dll	16	0x756D0000	0x75816FFF	Content Changed	32-bit	0x756FF890	... Actions Go to Process Download Dump
buffer	16	0x04600000	0x04746FFF	First Execution	32-bit	0x04634010	... Actions Go to Process Download Dump

C:\Program Files\Microsoft DN1\sqlmap.dll

Dropped File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	114.00 KB
MD5	461ade40b800ae80a40985594e1ac236
SHA1	b3892eef846c044a2b0785d54a432b3e93a968c8
SHA256	798af20db39280f90a1d35f2ac2c1d62124d1f5218a2a0fa29d87a13340bd3e4
SSDeep	3072:m3zxbyHM+TstVfFyov7je9LBMMmMJDOvYYVs:oMjTiVw2ve9LBMMpJsT
ImpHash	53a3dacee6717ddc12074523c645029b

PE Information

Image Base	0x180000000
Entry Point	0x18000511C
Size Of Code	0x00010E00
Size Of Initialized Data	0x0000DA00
File Type	IMAGE_FILE_DLL
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_AMD64
Compile Timestamp	2014-12-10 21:17 (UTC+1)

Version Information (10)

CompanyName	Stas'M Corp.
FileDescription	Terminal Services Wrapper Library
FileVersion	1.5.0.0
InternalName	RDPWrap
LegalCopyright	Copyright © Stas'M Corp. 2014
LegalTrademarks	Stas'M Corp.
OriginalFilename	rdpwrap.dll
ProductName	RDP Host Support
ProductVersion	1.5.0.0
Comments	http://stascorp.com

Sections (6)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x180001000	0x00010CEA	0x00010E00	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.41
.rdata	0x180012000	0x0000813C	0x00008200	0x00011200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.28
.data	0x18001B000	0x00003D18	0x00001A00	0x00019400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	2.74
.pdata	0x18001F000	0x00000CCC	0x00000E00	0x0001AE00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.61
.rsrc	0x180020000	0x00001000	0x00000400	0x0001BC00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	3.28
.reloc	0x180021000	0x00000614	0x00000800	0x0001C000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	4.76

Imports (2)

KERNEL32.dll (79)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateFileW	-	0x180012000	0x000198D8	0x00018AD8	0x000000C2
GetFileSize	-	0x180012008	0x000198E0	0x00018AE0	0x00000242
ReadFile	-	0x180012010	0x000198E8	0x00018AE8	0x00000453
SetLastError	-	0x180012018	0x000198F0	0x00018AF0	0x00000518
SetFilePointer	-	0x180012020	0x000198F8	0x00018AF8	0x0000050A
WriteFile	-	0x180012028	0x00019900	0x00018B00	0x000005EF
CloseHandle	-	0x180012030	0x00019908	0x00018B08	0x0000007F
GetModuleHandleExW	-	0x180012038	0x00019910	0x00018B10	0x0000026C
GetCurrentThreadId	-	0x180012040	0x00019918	0x00018B18	0x00000214
GetCurrentProcessId	-	0x180012048	0x00019920	0x00018B20	0x00000210
CreateToolhelp32Snapshot	-	0x180012050	0x00019928	0x00018B28	0x000000F0
Thread32First	-	0x180012058	0x00019930	0x00018B30	0x0000057E
OpenThread	-	0x180012060	0x00019938	0x00018B38	0x000003F8
ResumeThread	-	0x180012068	0x00019940	0x00018B40	0x000004AB
SuspendThread	-	0x180012070	0x00019948	0x00018B48	0x00000567
Thread32Next	-	0x180012078	0x00019950	0x00018B50	0x0000057F
GetModuleHandleW	-	0x180012080	0x00019958	0x00018B58	0x0000026D
FindResourceW	-	0x180012088	0x00019960	0x00018B60	0x0000018F
LoadResource	-	0x180012090	0x00019968	0x00018B68	0x000003AE
LoadLibraryExW	-	0x180012098	0x00019970	0x00018B70	0x000003AA
WriteProcessMemory	-	0x1800120A0	0x00019978	0x00018B78	0x000005F8
GetCurrentProcess	-	0x1800120A8	0x00019980	0x00018B80	0x0000020F
GetModuleFileNameW	-	0x1800120B0	0x00019988	0x00018B88	0x00000269
LoadLibraryW	-	0x1800120B8	0x00019990	0x00018B90	0x000003AB
GetProcAddress	-	0x1800120C0	0x00019998	0x00018B98	0x000002A4
ReadProcessMemory	-	0x1800120C8	0x000199A0	0x00018BA0	0x00000456
SetFilePointerEx	-	0x1800120D0	0x000199A8	0x00018BA8	0x0000050B
SetStdHandle	-	0x1800120D8	0x000199B0	0x00018BB0	0x0000052E
GetLastError	-	0x1800120E0	0x000199B8	0x00018BB8	0x00000256
WideCharToMultiByte	-	0x1800120E8	0x000199C0	0x00018BC0	0x000005DB
MultiByteToWideChar	-	0x1800120F0	0x000199C8	0x00018BC8	0x000003D4
GetCommandLineA	-	0x1800120F8	0x000199D0	0x00018BD0	0x000001CE
IsDebuggerPresent	-	0x180012100	0x000199D8	0x00018BD8	0x0000036A
IsProcessorFeaturePresent	-	0x180012108	0x000199E0	0x00018BE0	0x00000370
HeapAlloc	-	0x180012110	0x000199E8	0x00018BE8	0x00000338
EncodePointer	-	0x180012118	0x000199F0	0x00018BF0	0x00000125
DecodePointer	-	0x180012120	0x000199F8	0x00018BF8	0x000000FF
RtlPcToFileHeader	-	0x180012128	0x00019A00	0x00018C00	0x000004B6
RaiseException	-	0x180012130	0x00019A08	0x00018C08	0x00000443
HeapFree	-	0x180012138	0x00019A10	0x00018C10	0x0000033C
IsValidCodePage	-	0x180012140	0x00019A18	0x00018C18	0x00000375
GetACP	-	0x180012148	0x00019A20	0x00018C20	0x000001AA
GetOEMCP	-	0x180012150	0x00019A28	0x00018C28	0x0000028D
GetCPInfo	-	0x180012158	0x00019A30	0x00018C30	0x000001B9
ExitProcess	-	0x180012160	0x00019A38	0x00018C38	0x00000157
GetProcessHeap	-	0x180012168	0x00019A40	0x00018C40	0x000002A9
GetStdHandle	-	0x180012170	0x00019A48	0x00018C48	0x000002C7
GetFileType	-	0x180012178	0x00019A50	0x00018C50	0x00000245
DeleteCriticalSection	-	0x180012180	0x00019A58	0x00018C58	0x00000106
GetStartupInfoW	-	0x180012188	0x00019A60	0x00018C60	0x000002C5
GetModuleFileNameA	-	0x180012190	0x00019A68	0x00018C68	0x00000268
QueryPerformanceCounter	-	0x180012198	0x00019A70	0x00018C70	0x00000430
GetSystemTimeAsFileTime	-	0x1800121A0	0x00019A78	0x00018C78	0x000002DD
GetEnvironmentStringsW	-	0x1800121A8	0x00019A80	0x00018C80	0x0000022E
FreeEnvironmentStringsW	-	0x1800121B0	0x00019A88	0x00018C88	0x000001A3
RtlCaptureContext	-	0x1800121B8	0x00019A90	0x00018C90	0x000004AD
RtlLookupFunctionEntry	-	0x1800121C0	0x00019A98	0x00018C98	0x000004B4
RtlVirtualUnwind	-	0x1800121C8	0x00019AA0	0x00018CA0	0x000004BB
UnhandledExceptionFilter	-	0x1800121D0	0x00019AA8	0x00018CA8	0x00000590
SetUnhandledExceptionFilter	-	0x1800121D8	0x00019AB0	0x00018CB0	0x00000550
InitializeCriticalSectionAndSpinCount	-	0x1800121E0	0x00019AB8	0x00018CB8	0x00000351
Sleep	-	0x1800121E8	0x00019AC0	0x00018CC0	0x0000055F
TerminateProcess	-	0x1800121F0	0x00019AC8	0x00018CC8	0x0000056E
TlsAlloc	-	0x1800121F8	0x00019AD0	0x00018CD0	0x00000580
TlsGetValue	-	0x180012200	0x00019AD8	0x00018CD8	0x00000582
TlsSetValue	-	0x180012208	0x00019AE0	0x00018CE0	0x00000583
TlsFree	-	0x180012210	0x00019AE8	0x00018CE8	0x00000581
RtlUnwindEx	-	0x180012218	0x00019AF0	0x00018CF0	0x000004BA
EnterCriticalSection	-	0x180012220	0x00019AF8	0x00018CF8	0x00000129
LeaveCriticalSection	-	0x180012228	0x00019B00	0x00018D00	0x000003A5
GetStringTypeW	-	0x180012230	0x00019B08	0x00018D08	0x000002CC
LCMapStringW	-	0x180012238	0x00019B10	0x00018D10	0x00000399
HeapReAlloc	-	0x180012240	0x00019B18	0x00018D18	0x0000033F
OutputDebugStringW	-	0x180012248	0x00019B20	0x00018D20	0x000003FD
HeapSize	-	0x180012250	0x00019B28	0x00018D28	0x00000341
FlushFileBuffers	-	0x180012258	0x00019B30	0x00018D30	0x00000198
GetConsoleCP	-	0x180012260	0x00019B38	0x00018D38	0x000001E2
GetConsoleMode	-	0x180012268	0x00019B40	0x00018D40	0x000001F4
WriteConsoleW	-	0x180012270	0x00019B48	0x00018D48	0x000005EE

USER32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
wsprintfA	-	0x180012280	0x00019B58	0x00018D58	0x00000382

Exports (2)

API Name	EAT Address	Ordinal
ServiceMain	0x000042D0	0x00000001
SvchostPushServiceGlobals	0x00004330	0x00000002

C:\Program Files\Microsoft DN1\rdpwrap.ini

Dropped File

Unknown

MIME Type	application/x-wine-extension-ini
File Size	247.75 KB
MD5	4997128ef0eca4c4696bf4177ff3aff5
SHA1	7dd50f7be34f25d580378a84b8f11a08f7ee8d1f
SHA256	c59a7cf7b08fa7f79c51ca9126300b32fceece6972a9e8837d384804fd613e24
SSDeep	768:NUiQVQpXQq4WDi9SUnpB8fbQnxJcy8RMFdKKb5x8Rr/d6gl/+f8jZ0ftlFi4x7Qc:WJ33L+MoIiG4IvREWddadl/FY
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat

Dropped File

Text

MIME Type	text/plain
File Size	147 Bytes
MD5	7bf97672db548f972b2af62670439a51
SHA1	cee49a6dc3aa6d6339ac714b2ff1e8bee6d67248
SHA256	655eecee51a14c7c966ce1e13cde0e9560cb36b4e2230d641577b21ac1dff9be
SSDeep	3:QwZ2vOUrKaM6eNGRjDOc96VkEaKC5SufyM1K/RFofD6tRQLRWLyLRHgn:QElPhxuOc9+NaZ5SuH1MUmt2FWLyS
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:start

Dropped File

Text

MIME Type	text/plain
File Size	59 Bytes
MD5	579e29cec6bde04c5c074d8311d6b884
SHA1	2fdfd4c6b8eb43a4c6f4c0d3998e4a5364221dff
SHA256	65138897f467adf9fe20594326d724d2cd5b437d9aacf5f83721af340f70ce3c
SSDeep	3:eGAjGJwbZkREfcjMGERMQhM:ZuGJwi8cwGj
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft Vision\22-05-2022_13.27.02

Dropped File

Empty

MIME Type	application/x-empty
File Size	0 Bytes
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::
ImpHash	-

Remarks (2/2)

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information