FormBook | f28fc7b2cb76

Remarks

Maximum Dump Total Size Reached (0x0200005D): 208 additional dumps with the reason "Content Changed" and a total of 63 MB were skipped because the respective maximum limit was reached.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe

Sample File

Binary

Also Known As	C:\Users\Public\Libraries\Tdceco.exe (Dropped File, Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	986.00 KB
MD5	557232ed6bcc3043cba02aedcbc96891
SHA1	bd739f8686a3a535b9d2faee8990c77f0de06884
SHA256	f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0
SSDeep	24576:5DA1mchKTwkH17WtMBhiUDxvHiMYStUtVSn52pAf2rDNtl2aCHX:5Dhc8ZPbVI5Sn52KN
ImpHash	205f6434858f3f8cc9e8b96d094507a2

File Reputation Information

Verdict

Malicious

PE Information

Image Base	0x00400000
Entry Point	0x004A3B74
Size Of Code	0x000A2C00
Size Of Initialized Data	0x00053800
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	1992-06-20 00:22 (UTC+2)
Packer	BobSoft Mini Delphi -> BoB / BobSoft

Version Information (10)

CompanyName	e-China Petroleum & Chemical Corp
FileDescription	China Petroleum & Chemical Corp
FileVersion	2.69.0.0
InternalName
LegalCopyright	1997-2007 ACE Compression Software & e-merge GmbH
LegalTrademarks	1997-2007 ACE Compression Software & e-merge GmbH
OriginalFilename
ProductName	China Petroleum & Chemical Corp
ProductVersion	02.69.00.00
Comments	China Petroleum & Chemical Corp!,(c) 1997-2005 e-merge GmbH, http://www.emerge.de

Sections (8)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
CODE	0x00401000	0x000A2BC8	0x000A2C00	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.54
DATA	0x004A4000	0x00001AA4	0x00001C00	0x000A3000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.1
BSS	0x004A6000	0x00000EF5	0x00000000	0x000A4C00	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.idata	0x004A7000	0x000027A4	0x00002800	0x000A4C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.0
.tls	0x004AA000	0x00000040	0x00000000	0x000A7400	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rdata	0x004AB000	0x00000018	0x00000200	0x000A7400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ	0.2
.reloc	0x004AC000	0x0000C1EC	0x0000C200	0x000A7600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ	6.62
.rsrc	0x004B9000	0x00043000	0x00043000	0x000B3800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ	7.28

Imports (21)

kernel32.dll (42)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
DeleteCriticalSection	-	0x004A71B8	0x000A71B8	0x000A4DB8	0x00000000
LeaveCriticalSection	-	0x004A71BC	0x000A71BC	0x000A4DBC	0x00000000
EnterCriticalSection	-	0x004A71C0	0x000A71C0	0x000A4DC0	0x00000000
InitializeCriticalSection	-	0x004A71C4	0x000A71C4	0x000A4DC4	0x00000000
VirtualFree	-	0x004A71C8	0x000A71C8	0x000A4DC8	0x00000000
VirtualAlloc	-	0x004A71CC	0x000A71CC	0x000A4DCC	0x00000000
LocalFree	-	0x004A71D0	0x000A71D0	0x000A4DD0	0x00000000
LocalAlloc	-	0x004A71D4	0x000A71D4	0x000A4DD4	0x00000000
GetVersion	-	0x004A71D8	0x000A71D8	0x000A4DD8	0x00000000
GetCurrentThreadId	-	0x004A71DC	0x000A71DC	0x000A4DDC	0x00000000
InterlockedDecrement	-	0x004A71E0	0x000A71E0	0x000A4DE0	0x00000000
InterlockedIncrement	-	0x004A71E4	0x000A71E4	0x000A4DE4	0x00000000
VirtualQuery	-	0x004A71E8	0x000A71E8	0x000A4DE8	0x00000000
WideCharToMultiByte	-	0x004A71EC	0x000A71EC	0x000A4DEC	0x00000000
MultiByteToWideChar	-	0x004A71F0	0x000A71F0	0x000A4DF0	0x00000000
lstrlenA	-	0x004A71F4	0x000A71F4	0x000A4DF4	0x00000000
lstrcpynA	-	0x004A71F8	0x000A71F8	0x000A4DF8	0x00000000
LoadLibraryExA	-	0x004A71FC	0x000A71FC	0x000A4DFC	0x00000000
GetThreadLocale	-	0x004A7200	0x000A7200	0x000A4E00	0x00000000
GetStartupInfoA	-	0x004A7204	0x000A7204	0x000A4E04	0x00000000
GetProcAddress	-	0x004A7208	0x000A7208	0x000A4E08	0x00000000
GetModuleHandleA	-	0x004A720C	0x000A720C	0x000A4E0C	0x00000000
GetModuleFileNameA	-	0x004A7210	0x000A7210	0x000A4E10	0x00000000
GetLocaleInfoA	-	0x004A7214	0x000A7214	0x000A4E14	0x00000000
GetLastError	-	0x004A7218	0x000A7218	0x000A4E18	0x00000000
GetCommandLineA	-	0x004A721C	0x000A721C	0x000A4E1C	0x00000000
FreeLibrary	-	0x004A7220	0x000A7220	0x000A4E20	0x00000000
FindFirstFileA	-	0x004A7224	0x000A7224	0x000A4E24	0x00000000
FindClose	-	0x004A7228	0x000A7228	0x000A4E28	0x00000000
ExitProcess	-	0x004A722C	0x000A722C	0x000A4E2C	0x00000000
WriteFile	-	0x004A7230	0x000A7230	0x000A4E30	0x00000000
UnhandledExceptionFilter	-	0x004A7234	0x000A7234	0x000A4E34	0x00000000
SetFilePointer	-	0x004A7238	0x000A7238	0x000A4E38	0x00000000
SetEndOfFile	-	0x004A723C	0x000A723C	0x000A4E3C	0x00000000
RtlUnwind	-	0x004A7240	0x000A7240	0x000A4E40	0x00000000
ReadFile	-	0x004A7244	0x000A7244	0x000A4E44	0x00000000
RaiseException	-	0x004A7248	0x000A7248	0x000A4E48	0x00000000
GetStdHandle	-	0x004A724C	0x000A724C	0x000A4E4C	0x00000000
GetFileSize	-	0x004A7250	0x000A7250	0x000A4E50	0x00000000
GetFileType	-	0x004A7254	0x000A7254	0x000A4E54	0x00000000
CreateFileA	-	0x004A7258	0x000A7258	0x000A4E58	0x00000000
CloseHandle	-	0x004A725C	0x000A725C	0x000A4E5C	0x00000000

user32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetKeyboardType	-	0x004A7264	0x000A7264	0x000A4E64	0x00000000
LoadStringA	-	0x004A7268	0x000A7268	0x000A4E68	0x00000000
MessageBoxA	-	0x004A726C	0x000A726C	0x000A4E6C	0x00000000
CharNextA	-	0x004A7270	0x000A7270	0x000A4E70	0x00000000

advapi32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegQueryValueExA	-	0x004A7278	0x000A7278	0x000A4E78	0x00000000
RegOpenKeyExA	-	0x004A727C	0x000A727C	0x000A4E7C	0x00000000
RegCloseKey	-	0x004A7280	0x000A7280	0x000A4E80	0x00000000

oleaut32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SysFreeString	-	0x004A7288	0x000A7288	0x000A4E88	0x00000000
SysReAllocStringLen	-	0x004A728C	0x000A728C	0x000A4E8C	0x00000000
SysAllocStringLen	-	0x004A7290	0x000A7290	0x000A4E90	0x00000000

kernel32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
TlsSetValue	-	0x004A7298	0x000A7298	0x000A4E98	0x00000000
TlsGetValue	-	0x004A729C	0x000A729C	0x000A4E9C	0x00000000
LocalAlloc	-	0x004A72A0	0x000A72A0	0x000A4EA0	0x00000000
GetModuleHandleA	-	0x004A72A4	0x000A72A4	0x000A4EA4	0x00000000

advapi32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegQueryValueExA	-	0x004A72AC	0x000A72AC	0x000A4EAC	0x00000000
RegOpenKeyExA	-	0x004A72B0	0x000A72B0	0x000A4EB0	0x00000000
RegCloseKey	-	0x004A72B4	0x000A72B4	0x000A4EB4	0x00000000

kernel32.dll (73)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
lstrcpyA	-	0x004A72BC	0x000A72BC	0x000A4EBC	0x00000000
WriteFile	-	0x004A72C0	0x000A72C0	0x000A4EC0	0x00000000
WaitForSingleObject	-	0x004A72C4	0x000A72C4	0x000A4EC4	0x00000000
VirtualQuery	-	0x004A72C8	0x000A72C8	0x000A4EC8	0x00000000
VirtualProtect	-	0x004A72CC	0x000A72CC	0x000A4ECC	0x00000000
VirtualAlloc	-	0x004A72D0	0x000A72D0	0x000A4ED0	0x00000000
Sleep	-	0x004A72D4	0x000A72D4	0x000A4ED4	0x00000000
SizeofResource	-	0x004A72D8	0x000A72D8	0x000A4ED8	0x00000000
SetThreadLocale	-	0x004A72DC	0x000A72DC	0x000A4EDC	0x00000000
SetFilePointer	-	0x004A72E0	0x000A72E0	0x000A4EE0	0x00000000
SetEvent	-	0x004A72E4	0x000A72E4	0x000A4EE4	0x00000000
SetErrorMode	-	0x004A72E8	0x000A72E8	0x000A4EE8	0x00000000
SetEndOfFile	-	0x004A72EC	0x000A72EC	0x000A4EEC	0x00000000
ResetEvent	-	0x004A72F0	0x000A72F0	0x000A4EF0	0x00000000
ReadFile	-	0x004A72F4	0x000A72F4	0x000A4EF4	0x00000000
MultiByteToWideChar	-	0x004A72F8	0x000A72F8	0x000A4EF8	0x00000000
MulDiv	-	0x004A72FC	0x000A72FC	0x000A4EFC	0x00000000
LockResource	-	0x004A7300	0x000A7300	0x000A4F00	0x00000000
LoadResource	-	0x004A7304	0x000A7304	0x000A4F04	0x00000000
LoadLibraryA	-	0x004A7308	0x000A7308	0x000A4F08	0x00000000
LeaveCriticalSection	-	0x004A730C	0x000A730C	0x000A4F0C	0x00000000
InitializeCriticalSection	-	0x004A7310	0x000A7310	0x000A4F10	0x00000000
GlobalUnlock	-	0x004A7314	0x000A7314	0x000A4F14	0x00000000
GlobalReAlloc	-	0x004A7318	0x000A7318	0x000A4F18	0x00000000
GlobalHandle	-	0x004A731C	0x000A731C	0x000A4F1C	0x00000000
GlobalLock	-	0x004A7320	0x000A7320	0x000A4F20	0x00000000
GlobalFree	-	0x004A7324	0x000A7324	0x000A4F24	0x00000000
GlobalFindAtomA	-	0x004A7328	0x000A7328	0x000A4F28	0x00000000
GlobalDeleteAtom	-	0x004A732C	0x000A732C	0x000A4F2C	0x00000000
GlobalAlloc	-	0x004A7330	0x000A7330	0x000A4F30	0x00000000
GlobalAddAtomA	-	0x004A7334	0x000A7334	0x000A4F34	0x00000000
GetVersionExA	-	0x004A7338	0x000A7338	0x000A4F38	0x00000000
GetVersion	-	0x004A733C	0x000A733C	0x000A4F3C	0x00000000
GetTickCount	-	0x004A7340	0x000A7340	0x000A4F40	0x00000000
GetThreadLocale	-	0x004A7344	0x000A7344	0x000A4F44	0x00000000
GetSystemInfo	-	0x004A7348	0x000A7348	0x000A4F48	0x00000000
GetStringTypeExA	-	0x004A734C	0x000A734C	0x000A4F4C	0x00000000
GetStdHandle	-	0x004A7350	0x000A7350	0x000A4F50	0x00000000
GetProfileStringA	-	0x004A7354	0x000A7354	0x000A4F54	0x00000000
GetProcAddress	-	0x004A7358	0x000A7358	0x000A4F58	0x00000000
GetModuleHandleA	-	0x004A735C	0x000A735C	0x000A4F5C	0x00000000
GetModuleFileNameA	-	0x004A7360	0x000A7360	0x000A4F60	0x00000000
GetLocaleInfoA	-	0x004A7364	0x000A7364	0x000A4F64	0x00000000
GetLocalTime	-	0x004A7368	0x000A7368	0x000A4F68	0x00000000
GetLastError	-	0x004A736C	0x000A736C	0x000A4F6C	0x00000000
GetFullPathNameA	-	0x004A7370	0x000A7370	0x000A4F70	0x00000000
GetDiskFreeSpaceA	-	0x004A7374	0x000A7374	0x000A4F74	0x00000000
GetDateFormatA	-	0x004A7378	0x000A7378	0x000A4F78	0x00000000
GetCurrentThreadId	-	0x004A737C	0x000A737C	0x000A4F7C	0x00000000
GetCurrentProcessId	-	0x004A7380	0x000A7380	0x000A4F80	0x00000000
GetCurrentProcess	-	0x004A7384	0x000A7384	0x000A4F84	0x00000000
GetComputerNameA	-	0x004A7388	0x000A7388	0x000A4F88	0x00000000
GetCPInfo	-	0x004A738C	0x000A738C	0x000A4F8C	0x00000000
GetACP	-	0x004A7390	0x000A7390	0x000A4F90	0x00000000
FreeResource	-	0x004A7394	0x000A7394	0x000A4F94	0x00000000
InterlockedExchange	-	0x004A7398	0x000A7398	0x000A4F98	0x00000000
FreeLibrary	-	0x004A739C	0x000A739C	0x000A4F9C	0x00000000
FormatMessageA	-	0x004A73A0	0x000A73A0	0x000A4FA0	0x00000000
FlushInstructionCache	-	0x004A73A4	0x000A73A4	0x000A4FA4	0x00000000
FindResourceA	-	0x004A73A8	0x000A73A8	0x000A4FA8	0x00000000
FindFirstFileA	-	0x004A73AC	0x000A73AC	0x000A4FAC	0x00000000
FindClose	-	0x004A73B0	0x000A73B0	0x000A4FB0	0x00000000
FileTimeToLocalFileTime	-	0x004A73B4	0x000A73B4	0x000A4FB4	0x00000000
FileTimeToDosDateTime	-	0x004A73B8	0x000A73B8	0x000A4FB8	0x00000000
EnumCalendarInfoA	-	0x004A73BC	0x000A73BC	0x000A4FBC	0x00000000
EnterCriticalSection	-	0x004A73C0	0x000A73C0	0x000A4FC0	0x00000000
DeleteFileA	-	0x004A73C4	0x000A73C4	0x000A4FC4	0x00000000
DeleteCriticalSection	-	0x004A73C8	0x000A73C8	0x000A4FC8	0x00000000
CreateThread	-	0x004A73CC	0x000A73CC	0x000A4FCC	0x00000000
CreateFileA	-	0x004A73D0	0x000A73D0	0x000A4FD0	0x00000000
CreateEventA	-	0x004A73D4	0x000A73D4	0x000A4FD4	0x00000000
CompareStringA	-	0x004A73D8	0x000A73D8	0x000A4FD8	0x00000000
CloseHandle	-	0x004A73DC	0x000A73DC	0x000A4FDC	0x00000000

version.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
VerQueryValueA	-	0x004A73E4	0x000A73E4	0x000A4FE4	0x00000000
GetFileVersionInfoSizeA	-	0x004A73E8	0x000A73E8	0x000A4FE8	0x00000000
GetFileVersionInfoA	-	0x004A73EC	0x000A73EC	0x000A4FEC	0x00000000

gdi32.dll (79)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
UnrealizeObject	-	0x004A73F4	0x000A73F4	0x000A4FF4	0x00000000
StretchBlt	-	0x004A73F8	0x000A73F8	0x000A4FF8	0x00000000
StartPage	-	0x004A73FC	0x000A73FC	0x000A4FFC	0x00000000
StartDocA	-	0x004A7400	0x000A7400	0x000A5000	0x00000000
SetWindowOrgEx	-	0x004A7404	0x000A7404	0x000A5004	0x00000000
SetWinMetaFileBits	-	0x004A7408	0x000A7408	0x000A5008	0x00000000
SetViewportOrgEx	-	0x004A740C	0x000A740C	0x000A500C	0x00000000
SetTextColor	-	0x004A7410	0x000A7410	0x000A5010	0x00000000
SetStretchBltMode	-	0x004A7414	0x000A7414	0x000A5014	0x00000000
SetROP2	-	0x004A7418	0x000A7418	0x000A5018	0x00000000
SetPixel	-	0x004A741C	0x000A741C	0x000A501C	0x00000000
SetMapMode	-	0x004A7420	0x000A7420	0x000A5020	0x00000000
SetEnhMetaFileBits	-	0x004A7424	0x000A7424	0x000A5024	0x00000000
SetDIBColorTable	-	0x004A7428	0x000A7428	0x000A5028	0x00000000
SetBrushOrgEx	-	0x004A742C	0x000A742C	0x000A502C	0x00000000
SetBkMode	-	0x004A7430	0x000A7430	0x000A5030	0x00000000
SetBkColor	-	0x004A7434	0x000A7434	0x000A5034	0x00000000
SetAbortProc	-	0x004A7438	0x000A7438	0x000A5038	0x00000000
SelectPalette	-	0x004A743C	0x000A743C	0x000A503C	0x00000000
SelectObject	-	0x004A7440	0x000A7440	0x000A5040	0x00000000
SelectClipRgn	-	0x004A7444	0x000A7444	0x000A5044	0x00000000
SaveDC	-	0x004A7448	0x000A7448	0x000A5048	0x00000000
RestoreDC	-	0x004A744C	0x000A744C	0x000A504C	0x00000000
Rectangle	-	0x004A7450	0x000A7450	0x000A5050	0x00000000
RectVisible	-	0x004A7454	0x000A7454	0x000A5054	0x00000000
RealizePalette	-	0x004A7458	0x000A7458	0x000A5058	0x00000000
Polyline	-	0x004A745C	0x000A745C	0x000A505C	0x00000000
Polygon	-	0x004A7460	0x000A7460	0x000A5060	0x00000000
PlayEnhMetaFile	-	0x004A7464	0x000A7464	0x000A5064	0x00000000
PatBlt	-	0x004A7468	0x000A7468	0x000A5068	0x00000000
MoveToEx	-	0x004A746C	0x000A746C	0x000A506C	0x00000000
MaskBlt	-	0x004A7470	0x000A7470	0x000A5070	0x00000000
LineTo	-	0x004A7474	0x000A7474	0x000A5074	0x00000000
IntersectClipRect	-	0x004A7478	0x000A7478	0x000A5078	0x00000000
GetWindowOrgEx	-	0x004A747C	0x000A747C	0x000A507C	0x00000000
GetWinMetaFileBits	-	0x004A7480	0x000A7480	0x000A5080	0x00000000
GetTextMetricsA	-	0x004A7484	0x000A7484	0x000A5084	0x00000000
GetTextExtentPointA	-	0x004A7488	0x000A7488	0x000A5088	0x00000000
GetTextExtentPoint32A	-	0x004A748C	0x000A748C	0x000A508C	0x00000000
GetSystemPaletteEntries	-	0x004A7490	0x000A7490	0x000A5090	0x00000000
GetStockObject	-	0x004A7494	0x000A7494	0x000A5094	0x00000000
GetPixel	-	0x004A7498	0x000A7498	0x000A5098	0x00000000
GetPaletteEntries	-	0x004A749C	0x000A749C	0x000A509C	0x00000000
GetObjectA	-	0x004A74A0	0x000A74A0	0x000A50A0	0x00000000
GetEnhMetaFilePaletteEntries	-	0x004A74A4	0x000A74A4	0x000A50A4	0x00000000
GetEnhMetaFileHeader	-	0x004A74A8	0x000A74A8	0x000A50A8	0x00000000
GetEnhMetaFileBits	-	0x004A74AC	0x000A74AC	0x000A50AC	0x00000000
GetDeviceCaps	-	0x004A74B0	0x000A74B0	0x000A50B0	0x00000000
GetDIBits	-	0x004A74B4	0x000A74B4	0x000A50B4	0x00000000
GetDIBColorTable	-	0x004A74B8	0x000A74B8	0x000A50B8	0x00000000
GetDCOrgEx	-	0x004A74BC	0x000A74BC	0x000A50BC	0x00000000
GetCurrentPositionEx	-	0x004A74C0	0x000A74C0	0x000A50C0	0x00000000
GetClipBox	-	0x004A74C4	0x000A74C4	0x000A50C4	0x00000000
GetBrushOrgEx	-	0x004A74C8	0x000A74C8	0x000A50C8	0x00000000
GetBitmapBits	-	0x004A74CC	0x000A74CC	0x000A50CC	0x00000000
GdiFlush	-	0x004A74D0	0x000A74D0	0x000A50D0	0x00000000
ExtTextOutA	-	0x004A74D4	0x000A74D4	0x000A50D4	0x00000000
ExcludeClipRect	-	0x004A74D8	0x000A74D8	0x000A50D8	0x00000000
EndPage	-	0x004A74DC	0x000A74DC	0x000A50DC	0x00000000
EndDoc	-	0x004A74E0	0x000A74E0	0x000A50E0	0x00000000
DeleteObject	-	0x004A74E4	0x000A74E4	0x000A50E4	0x00000000
DeleteEnhMetaFile	-	0x004A74E8	0x000A74E8	0x000A50E8	0x00000000
DeleteDC	-	0x004A74EC	0x000A74EC	0x000A50EC	0x00000000
CreateSolidBrush	-	0x004A74F0	0x000A74F0	0x000A50F0	0x00000000
CreatePenIndirect	-	0x004A74F4	0x000A74F4	0x000A50F4	0x00000000
CreatePalette	-	0x004A74F8	0x000A74F8	0x000A50F8	0x00000000
CreateICA	-	0x004A74FC	0x000A74FC	0x000A50FC	0x00000000
CreateHalftonePalette	-	0x004A7500	0x000A7500	0x000A5100	0x00000000
CreateFontIndirectA	-	0x004A7504	0x000A7504	0x000A5104	0x00000000
CreateDIBitmap	-	0x004A7508	0x000A7508	0x000A5108	0x00000000
CreateDIBSection	-	0x004A750C	0x000A750C	0x000A510C	0x00000000
CreateDCA	-	0x004A7510	0x000A7510	0x000A5110	0x00000000
CreateCompatibleDC	-	0x004A7514	0x000A7514	0x000A5114	0x00000000
CreateCompatibleBitmap	-	0x004A7518	0x000A7518	0x000A5118	0x00000000
CreateBrushIndirect	-	0x004A751C	0x000A751C	0x000A511C	0x00000000
CreateBitmap	-	0x004A7520	0x000A7520	0x000A5120	0x00000000
CopyEnhMetaFileA	-	0x004A7524	0x000A7524	0x000A5124	0x00000000
CombineRgn	-	0x004A7528	0x000A7528	0x000A5128	0x00000000
BitBlt	-	0x004A752C	0x000A752C	0x000A512C	0x00000000

user32.dll (169)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateWindowExA	-	0x004A7534	0x000A7534	0x000A5134	0x00000000
WindowFromPoint	-	0x004A7538	0x000A7538	0x000A5138	0x00000000
WinHelpA	-	0x004A753C	0x000A753C	0x000A513C	0x00000000
WaitMessage	-	0x004A7540	0x000A7540	0x000A5140	0x00000000
UpdateWindow	-	0x004A7544	0x000A7544	0x000A5144	0x00000000
UnregisterClassA	-	0x004A7548	0x000A7548	0x000A5148	0x00000000
UnhookWindowsHookEx	-	0x004A754C	0x000A754C	0x000A514C	0x00000000
TranslateMessage	-	0x004A7550	0x000A7550	0x000A5150	0x00000000
TranslateMDISysAccel	-	0x004A7554	0x000A7554	0x000A5154	0x00000000
TrackPopupMenu	-	0x004A7558	0x000A7558	0x000A5158	0x00000000
SystemParametersInfoA	-	0x004A755C	0x000A755C	0x000A515C	0x00000000
ShowWindow	-	0x004A7560	0x000A7560	0x000A5160	0x00000000
ShowScrollBar	-	0x004A7564	0x000A7564	0x000A5164	0x00000000
ShowOwnedPopups	-	0x004A7568	0x000A7568	0x000A5168	0x00000000
ShowCursor	-	0x004A756C	0x000A756C	0x000A516C	0x00000000
ShowCaret	-	0x004A7570	0x000A7570	0x000A5170	0x00000000
SetWindowsHookExA	-	0x004A7574	0x000A7574	0x000A5174	0x00000000
SetWindowTextA	-	0x004A7578	0x000A7578	0x000A5178	0x00000000
SetWindowPos	-	0x004A757C	0x000A757C	0x000A517C	0x00000000
SetWindowPlacement	-	0x004A7580	0x000A7580	0x000A5180	0x00000000
SetWindowLongA	-	0x004A7584	0x000A7584	0x000A5184	0x00000000
SetTimer	-	0x004A7588	0x000A7588	0x000A5188	0x00000000
SetScrollRange	-	0x004A758C	0x000A758C	0x000A518C	0x00000000
SetScrollPos	-	0x004A7590	0x000A7590	0x000A5190	0x00000000
SetScrollInfo	-	0x004A7594	0x000A7594	0x000A5194	0x00000000
SetRect	-	0x004A7598	0x000A7598	0x000A5198	0x00000000
SetPropA	-	0x004A759C	0x000A759C	0x000A519C	0x00000000
SetParent	-	0x004A75A0	0x000A75A0	0x000A51A0	0x00000000
SetMenuItemInfoA	-	0x004A75A4	0x000A75A4	0x000A51A4	0x00000000
SetMenu	-	0x004A75A8	0x000A75A8	0x000A51A8	0x00000000
SetForegroundWindow	-	0x004A75AC	0x000A75AC	0x000A51AC	0x00000000
SetFocus	-	0x004A75B0	0x000A75B0	0x000A51B0	0x00000000
SetCursor	-	0x004A75B4	0x000A75B4	0x000A51B4	0x00000000
SetClipboardData	-	0x004A75B8	0x000A75B8	0x000A51B8	0x00000000
SetClassLongA	-	0x004A75BC	0x000A75BC	0x000A51BC	0x00000000
SetCapture	-	0x004A75C0	0x000A75C0	0x000A51C0	0x00000000
SetActiveWindow	-	0x004A75C4	0x000A75C4	0x000A51C4	0x00000000
SendMessageA	-	0x004A75C8	0x000A75C8	0x000A51C8	0x00000000
ScrollWindow	-	0x004A75CC	0x000A75CC	0x000A51CC	0x00000000
ScreenToClient	-	0x004A75D0	0x000A75D0	0x000A51D0	0x00000000
RemovePropA	-	0x004A75D4	0x000A75D4	0x000A51D4	0x00000000
RemoveMenu	-	0x004A75D8	0x000A75D8	0x000A51D8	0x00000000
ReleaseDC	-	0x004A75DC	0x000A75DC	0x000A51DC	0x00000000
ReleaseCapture	-	0x004A75E0	0x000A75E0	0x000A51E0	0x00000000
RegisterWindowMessageA	-	0x004A75E4	0x000A75E4	0x000A51E4	0x00000000
RegisterClipboardFormatA	-	0x004A75E8	0x000A75E8	0x000A51E8	0x00000000
RegisterClassA	-	0x004A75EC	0x000A75EC	0x000A51EC	0x00000000
RedrawWindow	-	0x004A75F0	0x000A75F0	0x000A51F0	0x00000000
PtInRect	-	0x004A75F4	0x000A75F4	0x000A51F4	0x00000000
PostQuitMessage	-	0x004A75F8	0x000A75F8	0x000A51F8	0x00000000
PostMessageA	-	0x004A75FC	0x000A75FC	0x000A51FC	0x00000000
PeekMessageA	-	0x004A7600	0x000A7600	0x000A5200	0x00000000
OpenClipboard	-	0x004A7604	0x000A7604	0x000A5204	0x00000000
OffsetRect	-	0x004A7608	0x000A7608	0x000A5208	0x00000000
OemToCharA	-	0x004A760C	0x000A760C	0x000A520C	0x00000000
MessageBoxA	-	0x004A7610	0x000A7610	0x000A5210	0x00000000
MessageBeep	-	0x004A7614	0x000A7614	0x000A5214	0x00000000
MapWindowPoints	-	0x004A7618	0x000A7618	0x000A5218	0x00000000
MapVirtualKeyA	-	0x004A761C	0x000A761C	0x000A521C	0x00000000
LoadStringA	-	0x004A7620	0x000A7620	0x000A5220	0x00000000
LoadKeyboardLayoutA	-	0x004A7624	0x000A7624	0x000A5224	0x00000000
LoadIconA	-	0x004A7628	0x000A7628	0x000A5228	0x00000000
LoadCursorA	-	0x004A762C	0x000A762C	0x000A522C	0x00000000
LoadBitmapA	-	0x004A7630	0x000A7630	0x000A5230	0x00000000
KillTimer	-	0x004A7634	0x000A7634	0x000A5234	0x00000000
IsZoomed	-	0x004A7638	0x000A7638	0x000A5238	0x00000000
IsWindowVisible	-	0x004A763C	0x000A763C	0x000A523C	0x00000000
IsWindowEnabled	-	0x004A7640	0x000A7640	0x000A5240	0x00000000
IsWindow	-	0x004A7644	0x000A7644	0x000A5244	0x00000000
IsRectEmpty	-	0x004A7648	0x000A7648	0x000A5248	0x00000000
IsIconic	-	0x004A764C	0x000A764C	0x000A524C	0x00000000
IsDialogMessageA	-	0x004A7650	0x000A7650	0x000A5250	0x00000000
IsChild	-	0x004A7654	0x000A7654	0x000A5254	0x00000000
InvalidateRect	-	0x004A7658	0x000A7658	0x000A5258	0x00000000
IntersectRect	-	0x004A765C	0x000A765C	0x000A525C	0x00000000
InsertMenuItemA	-	0x004A7660	0x000A7660	0x000A5260	0x00000000
InsertMenuA	-	0x004A7664	0x000A7664	0x000A5264	0x00000000
InflateRect	-	0x004A7668	0x000A7668	0x000A5268	0x00000000
HideCaret	-	0x004A766C	0x000A766C	0x000A526C	0x00000000
GetWindowThreadProcessId	-	0x004A7670	0x000A7670	0x000A5270	0x00000000
GetWindowTextA	-	0x004A7674	0x000A7674	0x000A5274	0x00000000
GetWindowRect	-	0x004A7678	0x000A7678	0x000A5278	0x00000000
GetWindowPlacement	-	0x004A767C	0x000A767C	0x000A527C	0x00000000
GetWindowLongA	-	0x004A7680	0x000A7680	0x000A5280	0x00000000
GetWindowDC	-	0x004A7684	0x000A7684	0x000A5284	0x00000000
GetUpdateRect	-	0x004A7688	0x000A7688	0x000A5288	0x00000000
GetTopWindow	-	0x004A768C	0x000A768C	0x000A528C	0x00000000
GetSystemMetrics	-	0x004A7690	0x000A7690	0x000A5290	0x00000000
GetSystemMenu	-	0x004A7694	0x000A7694	0x000A5294	0x00000000
GetSysColorBrush	-	0x004A7698	0x000A7698	0x000A5298	0x00000000
GetSysColor	-	0x004A769C	0x000A769C	0x000A529C	0x00000000
GetSubMenu	-	0x004A76A0	0x000A76A0	0x000A52A0	0x00000000
GetScrollRange	-	0x004A76A4	0x000A76A4	0x000A52A4	0x00000000
GetScrollPos	-	0x004A76A8	0x000A76A8	0x000A52A8	0x00000000
GetScrollInfo	-	0x004A76AC	0x000A76AC	0x000A52AC	0x00000000
GetPropA	-	0x004A76B0	0x000A76B0	0x000A52B0	0x00000000
GetParent	-	0x004A76B4	0x000A76B4	0x000A52B4	0x00000000
GetWindow	-	0x004A76B8	0x000A76B8	0x000A52B8	0x00000000
GetMenuStringA	-	0x004A76BC	0x000A76BC	0x000A52BC	0x00000000
GetMenuState	-	0x004A76C0	0x000A76C0	0x000A52C0	0x00000000
GetMenuItemInfoA	-	0x004A76C4	0x000A76C4	0x000A52C4	0x00000000
GetMenuItemID	-	0x004A76C8	0x000A76C8	0x000A52C8	0x00000000
GetMenuItemCount	-	0x004A76CC	0x000A76CC	0x000A52CC	0x00000000
GetMenu	-	0x004A76D0	0x000A76D0	0x000A52D0	0x00000000
GetLastActivePopup	-	0x004A76D4	0x000A76D4	0x000A52D4	0x00000000
GetKeyboardState	-	0x004A76D8	0x000A76D8	0x000A52D8	0x00000000
GetKeyboardLayoutList	-	0x004A76DC	0x000A76DC	0x000A52DC	0x00000000
GetKeyboardLayout	-	0x004A76E0	0x000A76E0	0x000A52E0	0x00000000
GetKeyState	-	0x004A76E4	0x000A76E4	0x000A52E4	0x00000000
GetKeyNameTextA	-	0x004A76E8	0x000A76E8	0x000A52E8	0x00000000
GetIconInfo	-	0x004A76EC	0x000A76EC	0x000A52EC	0x00000000
GetForegroundWindow	-	0x004A76F0	0x000A76F0	0x000A52F0	0x00000000
GetFocus	-	0x004A76F4	0x000A76F4	0x000A52F4	0x00000000
GetDlgItem	-	0x004A76F8	0x000A76F8	0x000A52F8	0x00000000
GetDesktopWindow	-	0x004A76FC	0x000A76FC	0x000A52FC	0x00000000
GetDCEx	-	0x004A7700	0x000A7700	0x000A5300	0x00000000
GetDC	-	0x004A7704	0x000A7704	0x000A5304	0x00000000
GetCursorPos	-	0x004A7708	0x000A7708	0x000A5308	0x00000000
GetCursor	-	0x004A770C	0x000A770C	0x000A530C	0x00000000
GetClipboardData	-	0x004A7710	0x000A7710	0x000A5310	0x00000000
GetClientRect	-	0x004A7714	0x000A7714	0x000A5314	0x00000000
GetClassNameA	-	0x004A7718	0x000A7718	0x000A5318	0x00000000
GetClassInfoA	-	0x004A771C	0x000A771C	0x000A531C	0x00000000
GetCapture	-	0x004A7720	0x000A7720	0x000A5320	0x00000000
GetActiveWindow	-	0x004A7724	0x000A7724	0x000A5324	0x00000000
FrameRect	-	0x004A7728	0x000A7728	0x000A5328	0x00000000
FindWindowA	-	0x004A772C	0x000A772C	0x000A532C	0x00000000
FillRect	-	0x004A7730	0x000A7730	0x000A5330	0x00000000
EqualRect	-	0x004A7734	0x000A7734	0x000A5334	0x00000000
EnumWindows	-	0x004A7738	0x000A7738	0x000A5338	0x00000000
EnumThreadWindows	-	0x004A773C	0x000A773C	0x000A533C	0x00000000
EndPaint	-	0x004A7740	0x000A7740	0x000A5340	0x00000000
EnableWindow	-	0x004A7744	0x000A7744	0x000A5344	0x00000000
EnableScrollBar	-	0x004A7748	0x000A7748	0x000A5348	0x00000000
EnableMenuItem	-	0x004A774C	0x000A774C	0x000A534C	0x00000000
EmptyClipboard	-	0x004A7750	0x000A7750	0x000A5350	0x00000000
DrawTextA	-	0x004A7754	0x000A7754	0x000A5354	0x00000000
DrawStateA	-	0x004A7758	0x000A7758	0x000A5358	0x00000000
DrawMenuBar	-	0x004A775C	0x000A775C	0x000A535C	0x00000000
DrawIconEx	-	0x004A7760	0x000A7760	0x000A5360	0x00000000
DrawIcon	-	0x004A7764	0x000A7764	0x000A5364	0x00000000
DrawFrameControl	-	0x004A7768	0x000A7768	0x000A5368	0x00000000
DrawFocusRect	-	0x004A776C	0x000A776C	0x000A536C	0x00000000
DrawEdge	-	0x004A7770	0x000A7770	0x000A5370	0x00000000
DispatchMessageA	-	0x004A7774	0x000A7774	0x000A5374	0x00000000
DestroyWindow	-	0x004A7778	0x000A7778	0x000A5378	0x00000000
DestroyMenu	-	0x004A777C	0x000A777C	0x000A537C	0x00000000
DestroyIcon	-	0x004A7780	0x000A7780	0x000A5380	0x00000000
DestroyCursor	-	0x004A7784	0x000A7784	0x000A5384	0x00000000
DeleteMenu	-	0x004A7788	0x000A7788	0x000A5388	0x00000000
DefWindowProcA	-	0x004A778C	0x000A778C	0x000A538C	0x00000000
DefMDIChildProcA	-	0x004A7790	0x000A7790	0x000A5390	0x00000000
DefFrameProcA	-	0x004A7794	0x000A7794	0x000A5394	0x00000000
CreatePopupMenu	-	0x004A7798	0x000A7798	0x000A5398	0x00000000
CreateMenu	-	0x004A779C	0x000A779C	0x000A539C	0x00000000
CreateIcon	-	0x004A77A0	0x000A77A0	0x000A53A0	0x00000000
CloseClipboard	-	0x004A77A4	0x000A77A4	0x000A53A4	0x00000000
ClientToScreen	-	0x004A77A8	0x000A77A8	0x000A53A8	0x00000000
CheckMenuItem	-	0x004A77AC	0x000A77AC	0x000A53AC	0x00000000
CallWindowProcA	-	0x004A77B0	0x000A77B0	0x000A53B0	0x00000000
CallNextHookEx	-	0x004A77B4	0x000A77B4	0x000A53B4	0x00000000
BeginPaint	-	0x004A77B8	0x000A77B8	0x000A53B8	0x00000000
CharNextA	-	0x004A77BC	0x000A77BC	0x000A53BC	0x00000000
CharLowerBuffA	-	0x004A77C0	0x000A77C0	0x000A53C0	0x00000000
CharLowerA	-	0x004A77C4	0x000A77C4	0x000A53C4	0x00000000
CharUpperBuffA	-	0x004A77C8	0x000A77C8	0x000A53C8	0x00000000
CharToOemA	-	0x004A77CC	0x000A77CC	0x000A53CC	0x00000000
AdjustWindowRectEx	-	0x004A77D0	0x000A77D0	0x000A53D0	0x00000000
ActivateKeyboardLayout	-	0x004A77D4	0x000A77D4	0x000A53D4	0x00000000

kernel32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
Sleep	-	0x004A77DC	0x000A77DC	0x000A53DC	0x00000000

oleaut32.dll (13)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SafeArrayPtrOfIndex	-	0x004A77E4	0x000A77E4	0x000A53E4	0x00000000
SafeArrayPutElement	-	0x004A77E8	0x000A77E8	0x000A53E8	0x00000000
SafeArrayGetElement	-	0x004A77EC	0x000A77EC	0x000A53EC	0x00000000
SafeArrayUnaccessData	-	0x004A77F0	0x000A77F0	0x000A53F0	0x00000000
SafeArrayAccessData	-	0x004A77F4	0x000A77F4	0x000A53F4	0x00000000
SafeArrayGetUBound	-	0x004A77F8	0x000A77F8	0x000A53F8	0x00000000
SafeArrayGetLBound	-	0x004A77FC	0x000A77FC	0x000A53FC	0x00000000
SafeArrayCreate	-	0x004A7800	0x000A7800	0x000A5400	0x00000000
VariantChangeType	-	0x004A7804	0x000A7804	0x000A5404	0x00000000
VariantCopyInd	-	0x004A7808	0x000A7808	0x000A5408	0x00000000
VariantCopy	-	0x004A780C	0x000A780C	0x000A540C	0x00000000
VariantClear	-	0x004A7810	0x000A7810	0x000A5410	0x00000000
VariantInit	-	0x004A7814	0x000A7814	0x000A5414	0x00000000

ole32.dll (7)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CoTaskMemFree	-	0x004A781C	0x000A781C	0x000A541C	0x00000000
ProgIDFromCLSID	-	0x004A7820	0x000A7820	0x000A5420	0x00000000
StringFromCLSID	-	0x004A7824	0x000A7824	0x000A5424	0x00000000
CoCreateInstance	-	0x004A7828	0x000A7828	0x000A5428	0x00000000
CoUninitialize	-	0x004A782C	0x000A782C	0x000A542C	0x00000000
CoInitialize	-	0x004A7830	0x000A7830	0x000A5430	0x00000000
IsEqualGUID	-	0x004A7834	0x000A7834	0x000A5434	0x00000000

oleaut32.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetErrorInfo	-	0x004A783C	0x000A783C	0x000A543C	0x00000000
GetActiveObject	-	0x004A7840	0x000A7840	0x000A5440	0x00000000
SysFreeString	-	0x004A7844	0x000A7844	0x000A5444	0x00000000

comctl32.dll (25)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ImageList_SetIconSize	-	0x004A784C	0x000A784C	0x000A544C	0x00000000
ImageList_GetIconSize	-	0x004A7850	0x000A7850	0x000A5450	0x00000000
ImageList_Write	-	0x004A7854	0x000A7854	0x000A5454	0x00000000
ImageList_Read	-	0x004A7858	0x000A7858	0x000A5458	0x00000000
ImageList_GetDragImage	-	0x004A785C	0x000A785C	0x000A545C	0x00000000
ImageList_DragShowNolock	-	0x004A7860	0x000A7860	0x000A5460	0x00000000
ImageList_SetDragCursorImage	-	0x004A7864	0x000A7864	0x000A5464	0x00000000
ImageList_DragMove	-	0x004A7868	0x000A7868	0x000A5468	0x00000000
ImageList_DragLeave	-	0x004A786C	0x000A786C	0x000A546C	0x00000000
ImageList_DragEnter	-	0x004A7870	0x000A7870	0x000A5470	0x00000000
ImageList_EndDrag	-	0x004A7874	0x000A7874	0x000A5474	0x00000000
ImageList_BeginDrag	-	0x004A7878	0x000A7878	0x000A5478	0x00000000
ImageList_Remove	-	0x004A787C	0x000A787C	0x000A547C	0x00000000
ImageList_DrawEx	-	0x004A7880	0x000A7880	0x000A5480	0x00000000
ImageList_Replace	-	0x004A7884	0x000A7884	0x000A5484	0x00000000
ImageList_Draw	-	0x004A7888	0x000A7888	0x000A5488	0x00000000
ImageList_GetBkColor	-	0x004A788C	0x000A788C	0x000A548C	0x00000000
ImageList_SetBkColor	-	0x004A7890	0x000A7890	0x000A5490	0x00000000
ImageList_ReplaceIcon	-	0x004A7894	0x000A7894	0x000A5494	0x00000000
ImageList_Add	-	0x004A7898	0x000A7898	0x000A5498	0x00000000
ImageList_SetImageCount	-	0x004A789C	0x000A789C	0x000A549C	0x00000000
ImageList_GetImageCount	-	0x004A78A0	0x000A78A0	0x000A54A0	0x00000000
ImageList_Destroy	-	0x004A78A4	0x000A78A4	0x000A54A4	0x00000000
ImageList_Create	-	0x004A78A8	0x000A78A8	0x000A54A8	0x00000000
InitCommonControls	-	0x004A78AC	0x000A78AC	0x000A54AC	0x00000000

winspool.drv (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
OpenPrinterA	-	0x004A78B4	0x000A78B4	0x000A54B4	0x00000000
EnumPrintersA	-	0x004A78B8	0x000A78B8	0x000A54B8	0x00000000
DocumentPropertiesA	-	0x004A78BC	0x000A78BC	0x000A54BC	0x00000000
ClosePrinter	-	0x004A78C0	0x000A78C0	0x000A54C0	0x00000000

shell32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShellExecuteA	-	0x004A78C8	0x000A78C8	0x000A54C8	0x00000000

comdlg32.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetSaveFileNameA	-	0x004A78D0	0x000A78D0	0x000A54D0	0x00000000
GetOpenFileNameA	-	0x004A78D4	0x000A78D4	0x000A54D4	0x00000000

winmm.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
sndPlaySoundA	-	0x004A78DC	0x000A78DC	0x000A54DC	0x00000000

kernel32 (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
VirtualProtect	-	0x004A78E4	0x000A78E4	0x000A54E4	0x00000000
GetProcAddress	-	0x004A78E8	0x000A78E8	0x000A54E8	0x00000000

URL (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
AddMIMEFileTypesPS	-	0x004A78F0	0x000A78F0	0x000A54F0	0x00000000

Memory Dumps (128)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Relevant Image	32-bit	0x0040482C	... Actions Go to Process Download Dump
buffer	1	0x021D0000	0x021D0FFF	First Execution	32-bit	0x021D0FEF	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	0x004A0000	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	0x00402D50	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	0x0040F18E	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	0x00401E4C	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	0x0049E08A	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	0x00407250	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	0x00402D50	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	0x0049F000	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	0x0040F18E	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02330000	0x0234CFFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02330000	0x0234CFFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02330000	0x0234CFFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02330000	0x0234CFFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02330000	0x0234CFFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	0x0049F276	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Content Changed	32-bit	0x00426680	... Actions Go to Process Download Dump
buffer	1	0x02330000	0x0234CFFF	First Execution	32-bit	0x0234529C	... Actions Go to Process Download Dump
buffer	1	0x0416A000	0x0416FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0019C000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00671AE8	0x00672ADF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00672AE8	0x0067312B	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0068AA58	0x0068BA4F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0068BA58	0x0068C09B	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x021D0000	0x021D0FFF	First Network Behavior	32-bit	0x021D0E69	... Actions Go to Process Download Dump
buffer	1	0x02214000	0x02217FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02218000	0x0221BFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0221C000	0x0221FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02220000	0x022BFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02330000	0x0234CFFF	First Network Behavior	32-bit	0x02336684	... Actions Go to Process Download Dump
buffer	1	0x03E68000	0x03E6FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x03EE8000	0x03EEBFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x03EEC000	0x03EEFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x03EF0000	0x03EF3FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x03EF4000	0x03EF7FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x03EF8000	0x03EFBFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x03EFC000	0x03EFFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04270000	0x0464FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	First Network Behavior	32-bit	0x0044769C	... Actions Go to Process Download Dump
counters.dat	1	0x026E0000	0x026E0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04D20000	0x04D83FFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04D20000	0x04D83FFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04D20000	0x04D83FFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04D20000	0x04D83FFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04D20000	0x04D83FFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04D20000	0x04D83FFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04D20000	0x04D83FFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04D20000	0x04D83FFF	First Execution	32-bit	0x04D4656C	... Actions Go to Process Download Dump
buffer	1	0x04FE0000	0x0511FFFF	Dump Rule: FormBookConfig	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	1	0x04BE0000	0x04BE3FFF	Image In Buffer	32-bit	-	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Final Dump	32-bit	0x00426680	... Actions Go to Process Download Dump
f28fc7b2cb76f0a714ef1e43b37ec0f5aa6c497d25d7de4379e8e0b91913d1c0.exe	1	0x00400000	0x004FBFFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump

C:\Users\Public\Libraries\ocecdT.url

Dropped File

Text

MIME Type	text/plain
File Size	98 Bytes
MD5	3c5b128b06fbf91bd414b04640e73221
SHA1	69df0dba5ab496ecc6c7f3c9e75106110dc1233f
SHA256	16d3da3f2169377e4152fa6e9ee9fd0016420c5a93bc782e2d677f3556303055
SSDeep	3:HRAbABGQYmTWAX+rSF55i0XMSQssGKd5Nt1A5ov:HRYFVmTWDyzbsb5C2v
ImpHash	-

c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat

Modified File

Stream

MIME Type	application/octet-stream
File Size	128 Bytes
MD5	cc90851958032b8c8bbb7b24ec6271dd
SHA1	e027ad2ea4049374a3b01af2e3626b667dc816bc
SHA256	c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858
SSDeep	3:Fl:
ImpHash	-

Remarks (1/1)

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information