bd5d3ebe...95b3 | Grouped Behavior
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Wiper, Trojan

dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe

Windows Exe (x86-32)

Created at 2019-05-15T23:24:00

...
Grouped Sequential

Monitored Processes

Process Graph

Process Graph Legend
Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x4d8 Analysis Target High (Elevated) dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe "C:\Users\FD1HVy\Desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe" -

Behavior Information - Grouped by Category

Process #1: dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe
1136 0
»
Information Value
ID #1
File Name c:\users\fd1hvy\desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe
Command Line "C:\Users\FD1HVy\Desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:00:40, Reason: Analysis Target
Unmonitor End Time: 00:01:07, Reason: Self Terminated
Monitor Duration 00:00:26
OS Process Information
»
Information Value
PID 0x4d8
Parent PID 0x860 (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 36C
0x A9C
0x 2AC
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe 0x00400000 0x0046EFFF Content Changed - 32-bit 0x0046D600 False False
...
dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe 0x00400000 0x0046EFFF Relevant Image - 32-bit - False False
...
buffer 0x00680000 0x00680FFF First Execution - 32-bit 0x00680FEF False False
...
dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe 0x00400000 0x0046EFFF Process Termination - 32-bit - False False
...
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\FD1HVy\Desktop\6Ap4.png.FilGZmsp 38.27 KB MD5: 2aaf15e9d4a1070d046298f899a57d24
SHA1: 2a52b47a6a535af27db7a408b006e281d9dd7c1f
SHA256: f247aeb0d0a4780c40c9b3a335524497f70c572239c5a0f1209d8d1f5ef266a9
SSDeep: 768:nooBiB7/5vG2eeb8u2CGO8Bv9HWJoZJ+1IcvIfsR6ODo3bwRLF+2jT4o1:nowiB750OJ25O8BvMyZJ+1IPQDoQWw 		False
...
C:\Users\FD1HVy\Desktop\73OqHhCstnZXqrw.m4a.FilGZmsp 53.19 KB MD5: 11df7900d064fa8b20e5a4e0147b9aef
SHA1: 06a3612df8fefeb8a74c115f8f611ecd4f71cf11
SHA256: 12808a24dcde102554a8fab8013f9d36cb17e60543cf23bd79cf6724fb638ff5
SSDeep: 768:xGwaD/WNRbvHqsCwZjsqXBAzF8Y7rfVHyaOMi3gokVZ8wu1aOmSkaJ1/Jim8S:xGwmWHb//3442X7r1CX3TkI/44 		False
...
C:\Users\FD1HVy\Desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe.FilGZmsp 165.50 KB MD5: ef36f731b3c3c13eb127cfcdd81e7302
SHA1: aadab2d976e932b1ef113aa597bfda01fead1889
SHA256: 5b621ab987325b4f62d71948c5d7310d44a2224344f7761c2db122c9aae28c8b
SSDeep: 3072:Fv6/48C+/vJ8xZKpAsWDIC6eNFmlPbYLkwCRzO2FBrHPGZjW:EpZJ8xxECh3mlMVIC4ZuFW 		False
...
C:\Users\FD1HVy\Desktop\Fcr1f3Gzw_W.avi.FilGZmsp 26.96 KB MD5: 2e1a2d931e7d3353904819bf04f5c97b
SHA1: 84bbf9d62d7d284d512ddc680b0db28aa0fd0af5
SHA256: 764a28d5ae56ece94993cbec0109b4ad2c6800ef5d29e2f79060fae9c29af3d5
SSDeep: 768:fqiBdkR355wD7zq/s4mQuoCFLx+kTofMSzpD74Th:fP4R38zYsbFEHksh7m 		False
...
C:\Users\FD1HVy\Desktop\FQqQPCoYEB.jpg.FilGZmsp 29.44 KB MD5: 3f562f5ab3ba478fc7c817ba2dac7257
SHA1: a39dc941147b6ffaf995db227991f9bd0f357e76
SHA256: 0e37fc95f67c5b18c7d8125c2bc6a12f80716b5962724a78888fe346b1b9c08b
SSDeep: 768:CHRcsvAZlXAuFEdNNM9je1qcA1zVuYOqvUN2/uUIjK:CxYlhFG115QzVuYOqvU/TG 		False
...
C:\Users\FD1HVy\Desktop\GMOyXDXwFM8W7-LhS.swf.FilGZmsp 37.25 KB MD5: f65eb2844b08407898f9b5dc54e8515c
SHA1: 50f6f949060d2509c7dc42e290ade676fd499759
SHA256: 3d718e56028b971196d333276d821775a663115c3833f97bd6a22f554041e3e6
SSDeep: 768:GzZwHSnZkwbccCXnc7pA2Lb/Vdk7rgZWa1kL8mmgE:GuynZk0pCXnc7pB/VagZH128B 		False
...
C:\Users\FD1HVy\Desktop\gv-rKvbphTHL.odp.FilGZmsp 91.07 KB MD5: 83109e375066342a9feff08d35daa8a4
SHA1: cf411bc81606e940384fccfeac8379ac8e8aa640
SHA256: 851b200e963de1e12dc52290059600a219f8ef95114cb4d95ea3e5f36dcb9511
SSDeep: 1536:tGx4Hj3K6RAUz2EsE/ZNG47JY19u16LXDy4ZP6F6TjKogMRPAcZ9UT9b0EUC4Y4d:pj3KCAUz2EHhNGcE9u16DDTl/TORxbbW 		False
...
C:\Users\FD1HVy\Desktop\IHFgpxkCmC_zEG.wav.FilGZmsp 1.18 KB MD5: 163729ea7a2eee340cdbecd28ac8a4a6
SHA1: 19acc475c3a0b223a8afb9ac6dc5ac027b377724
SHA256: 1ac62a4ccea75b9013e9324359da253c57abd01b9c07fbb85cc7aba40457340f
SSDeep: 24:oqqAY+8N35xKqY/AXc17Sy3pZbNwpUxCXpj+uR39Y8lLcpSj7:L8RGecgypwpJXpj+2Y8v7 		False
...
C:\Users\FD1HVy\Desktop\J5-kjHCPXByZQnhDJn.mp3.FilGZmsp 59.76 KB MD5: de5d6c88265c0528aae5ecde32c853ce
SHA1: bd736e7c38147e8a6d800b36a0377a191b6a91a4
SHA256: b271968773df082d0899af7a6f5f8f0bdc2840b71fc4d699b9c6fbc7b1d47280
SSDeep: 1536:5EsaMV+wX26s0gf7/ABRx7U9S4WC2NZmgyjoBKwg:5EsaI+wXRo74BQ9S4WC2NDhNg 		False
...
C:\Users\FD1HVy\Desktop\kbF_2PW7TjoQ4IMqkI.bmp.FilGZmsp 87.34 KB MD5: 501a366a6e556ffb3b22419538cf85bf
SHA1: 0736d7bea9ba7c74aff6b67ff7e2ae3dc4039f59
SHA256: ac514e1bdddb2b2279627a320700fa2281bb578722ebe596cea01873c09571ae
SSDeep: 1536:mOCSLjURwdEsR4NASMbmmXSYiOxqVMO5QL1Sthksolst5kGqCzFlDL8KiytsAmAT:mSvUR3sRqihXY5yO5eSttQ2/z5dIYm0 		False
...
C:\Users\FD1HVy\Desktop\kvxI68o_1uIf1.avi.FilGZmsp 90.79 KB MD5: ddf8d75403fc50a62df5dd64b8dd1bd4
SHA1: c139c77b84080663bb2832b73efd2a056b3525c3
SHA256: 5347c7cadde2967945ec4f2e6d2cffe137b6664d34de566c17e7f38adf46839a
SSDeep: 1536:UEQEeeiCnhpWwjMSu+BBNlAFkyBZEBL4ph3nIMSKkqASIpNxTIbgz9YccuoDH:AEeeiCTWYMStNlAFLTEGXI5npkM9Y7B 		False
...
C:\Users\FD1HVy\Desktop\nbWphIhGB6Uy0.flv.FilGZmsp 53.30 KB MD5: c93b478560c7cbfd7937cf1c2840d9c4
SHA1: 425315d2983e2a2e3f39f41bc68573a00365476d
SHA256: 1e315cbc42da38b8cec45b8329abe37a2ca6b3edc2167ec153189b771585b337
SSDeep: 768:uJpMqQ69qViartO0i/GpvAeRmB4Xy0zBki53Q2OVva9Fj8f7b1B2g5lpuqPu0a:ipBoMXi9RmByZ6i53GVIjg9PYqo 		False
...
C:\Users\FD1HVy\Desktop\oFb2U6s9m6U6gOPb.mkv.FilGZmsp 47.70 KB MD5: 75ece8fc08b4b1ff0e72ca6f10c7dd44
SHA1: 1f297f9cea80e16c814d9ca3f9f9cc6c96886ee2
SHA256: 1d42324a8351e175a594a47488f31dc4a4c70e4dcda85cbb425e780b501bcaf0
SSDeep: 768:YCAMaYC/9TBIg8ZlNjZuex6Wx9iiyFr75623BgzFSBeRs6cvd8o8uQX:YNLptIbvNFlx6Wx9XyFr7seUPi1QX 		False
...
C:\Users\FD1HVy\Desktop\OKWfLhmwWcu5qOaGL.avi.FilGZmsp 14.22 KB MD5: 8b06736c1e1c9a7df8ee9d57de00bedd
SHA1: 3b367413b540bde49d5c0459aab0f0b4018bd67b
SHA256: 073b4edf65dfd5de8289e33f44632e14e1a4f9f1e17b8a42b104590b9f0628c5
SSDeep: 384:vfiiUKvevfb/pr8GWn2GgYPkrfeV6iqD8ax8SQgUUA7:vDIflFdGgYPkgID8CZA7 		False
...
C:\Users\FD1HVy\Desktop\rrB-W8Ex2Gbzq310V5Y.jpg.FilGZmsp 16.49 KB MD5: 0a2f916ded533e1c6d81a03825e9d9dc
SHA1: 4ffcb2ab4cff4cd5767c521527c1252f9c1dbde3
SHA256: 38211a38fb3e84bceddb190b3f09ebc823a16bdd0dfe8522458302a8d34bd5f1
SSDeep: 192:igK0H2yV06HCg97tEOpUvMykOpy5XTl3FsYlHWMqqP8dWlh4aXyTFxcDiFv7Shch:fnh7CItfQMyE5Xx1sYlfqzg9aFqDiliI 		False
...
C:\Users\FD1HVy\Desktop\Sa rHH25WBZ3QNDj7vy.jpg.FilGZmsp 8.01 KB MD5: 6e162b9d60e07a1af167dedbc496b35f
SHA1: 349985513c2c53e442a2487196450f6c809a073b
SHA256: fb0689fb4953cf0c7c9950e89116fe4397dc45482d22cc2d719cf31b3aa7a73d
SSDeep: 192:CT8xX5YC3zn1wLCe3WSWvQbLLcF3r/LBbfnSOrgjwz5OE:C8X55D15xIrcprVrnNgjw1OE 		False
...
C:\Users\FD1HVy\Desktop\WZcxh9yKmkx2N8.m4a.FilGZmsp 5.34 KB MD5: f7c055b2f19f051326150bf797b92cf6
SHA1: ea9ec9d28f9002ec59a9d53d3e72cd59219aef10
SHA256: 057d1bec546eb3570416fe5e2746651bcc24fcfd58d419d48eebf7bfa54c6c36
SSDeep: 96:K1ETtFJHt3Lt3AS1b5IF3UWyDqZkwibmCtQl6F07rj1RE:fTpHxiHKVDoibmCCrRRE 		False
...
C:\Users\FD1HVy\Desktop\y8Oq3F1\FQH0eS7fuhi.flv.FilGZmsp 16.95 KB MD5: 3babf518ba2218a27df9629c810c2011
SHA1: 2ac4494b486078ae35c6ad2f920f643ac9f41c4c
SHA256: 9bc81399192fa29a1f879066eac55c764b59ce179a6395ee6dcfa40769bfa633
SSDeep: 384:qIOkesqJ2zGbFDVslafsvqPsCJPidiSf7r6DF6bf/X6+5BMv:q/FsqHJVs+PsCJPYiQ7ysq+5B0 		False
...
C:\Users\FD1HVy\Desktop\y8Oq3F1\SS1V.mp3.FilGZmsp 31.29 KB MD5: 6153655ea22d9e87f82dcfb1877479c6
SHA1: 55c51fa8c6060c0c912498f84907613d790622fb
SHA256: 2d07393bfcefecea349ddb6302c0043b527497bae04cc6feb77375f652f9783b
SSDeep: 768:v3JSl2d1J1EVRpdu0ph1ghlTP9Gj02Fg9rhiVpt:Bd1Qrk0pngfT9VoVf 		False
...
C:\Users\FD1HVy\Desktop\0Dq8DV.jpg.FilGZmsp 47.45 KB MD5: d402d225bacab696630fef1fbc99ec94
SHA1: c3716a2894782b91c379c82decca2e21c0aaf97d
SHA256: 714e0c237cf0a8a4a7b224e9577eb2fde9a05738396f087c33e6b96192a2fdbe
SSDeep: 768:foBqjNtv08ZWrXtJu2CAc/U5FoWtKHFFj1fmgqaWXGJKX6C6xB72KhMqL9FjFY0V:foBB8gtxEcbVtKlP8aWTWiAzjnUlg 		False
...
C:\Users\FD1HVy\Desktop\0X-S5DVXJ55.ppt.FilGZmsp 64.41 KB MD5: 0c8131bcefbb294cc86c3520e3e9e65d
SHA1: 75d785ccb7052432a403ff8aaa06f7564cabe14e
SHA256: f6de6c71bf457ba4d700af14b6a23d048921b850728978ad7d5d940c6489518a
SSDeep: 1536:oX8O6+UPsNbSdpbqENc76g95dbqqxnNZYKR7fS8K/6sTU4:oM5PMbSdpbqENk6gFbqq/fR7fS8K/FT5 		False
...
C:\Users\FD1HVy\Desktop\2IpG0.wav.FilGZmsp 7.81 KB MD5: 4626b903656c6051601866e4315cdc7f
SHA1: a6c80241a0de9798054cd88d7fe34fd48c51b66d
SHA256: 641fcc19b4dfc0733e00854bda8d8dc0c25eb8db59d81960f52456b85e655847
SSDeep: 192:AK3N8+SFZF4Jcf86KnPiz4xncGyvtRZMksw:AK3N8+STFy6n3GydMksw 		False
...
C:\Users\FD1HVy\Desktop\41jdCZmpo.m4a.FilGZmsp 30.10 KB MD5: b1e4c506b03e034e45d5542b414e8e5d
SHA1: e0f13c965eeeb2a339d9fc5cc53e5e34b1f9f383
SHA256: af7c7ab6e3d109fb326f23abb6030bbdee0d35578ea24905c756582ec6ffa06e
SSDeep: 768:+GEhz0E1AVGSHo+1u5sn010hsFbHadnM7xyBzDDyB:+fz0EegA91uqcFbHaR+x6ns 		False
...
C:\Users\FD1HVy\Desktop\6oa-CSF.pptx.FilGZmsp 24.04 KB MD5: 9f8e30dd0483d32424ffab4eb6a187f1
SHA1: bc3f8180df6a3901cb2090f10e81694de3d8a4c2
SHA256: bd623ee57b7fd7aac8be4ff2d9842ad0a648848eba16b303d0ec670fd629dfc6
SSDeep: 384:KEPtohj7W2/KPYjglvo4PjlY5eHOVAq4m1cYm7cP22tpueZxmd9HnBznYj:KEP2hyPs01PxaeSAzecYh2QpeHBUj 		False
...
C:\Users\FD1HVy\Desktop\Ag_S2MWic2.png.FilGZmsp 1.09 KB MD5: 67281c2b965792aea9030ffb6d1e1483
SHA1: 8c397a36e3d7daa8cd04b489c32713fa52bf07d6
SHA256: 31bf4662a1233ce60210c40a61506515dd40c2c2ecd24f05e3e84f8c3c55fad2
SSDeep: 24:ldr+i0lfbdwob9vEDeqtCbwtKssVc+Ci6o8pEHi2Qvl:DiPgoxcD58CKssVyBocEM 		False
...
C:\Users\FD1HVy\Desktop\aLLtQe.avi.FilGZmsp 96.45 KB MD5: 0d94ad6d54eccf49243b17e594d7976c
SHA1: 23d9ae0dfd51abd99d91d5f6cf0e20ddf22c3543
SHA256: 950def8bb527100952e907848d56e2638f72f0b1c65c70028cb7b8309555f76e
SSDeep: 3072:7oQ4iGvNWntkpoWs3h2h0h7U088oReAvgwaiQPUIx:EiG1Wtky3kMo0hbxiQPUIx 		False
...
C:\Users\FD1HVy\Desktop\AURvHfheOx1i.swf.FilGZmsp 29.34 KB MD5: 9ac8f3b7abb573381373010e49a99f94
SHA1: 341c4270d1d3cba75432f75df302f9ea3552b5ec
SHA256: b1050730510aaea590749b99dfb2fa5a8a91f5db171b5a487723c6700de27b41
SSDeep: 768:prz79Ev3SJkvjrGHZJP6CzdB0JRUxlBj12yHGdz77Gs+r2KOWU:RFEviFZNdGJRIlx1aV7w2FWU 		False
...
C:\Users\FD1HVy\Desktop\BqgUDiIk osrwPL.mp3.FilGZmsp 94.72 KB MD5: 55ce75a589b3af8f68cd2d2d9179d235
SHA1: ee8ca050ef008fdad026b3a02ef6a0403f578286
SHA256: 24d1fb70ce137f0e0073d4d709e3a6babee5f2fa3850e75e275dcdf952bbffda
SSDeep: 1536:IiKgqJUgstPh1Q1zejjrUSnXGygz14oUrAKUpHgLELU8QWUtsbHL3NFcYW2Ey5Q:cge7MjoSn6J4oUDWvU8JU27cp0Q 		False
...
C:\Users\FD1HVy\Desktop\desktop.ini.FilGZmsp 282 bytes MD5: 78b13f36f288869ab09241652b3c6493
SHA1: cf0b176286a5e4cc47de323eda01cd6132987151
SHA256: 299e97bfdf1da5edb3bfd09677e8056206dfdeccbd35ac49d3a71beeeda27e61
SSDeep: 6:C66tg0gPH2HBnQkUMhnhXr0hQ3Dutr+NzprfwOLEavHNl8RdkC:90tHqShXghWuAzFpf4RSC 		False
...
C:\Users\FD1HVy\Desktop\Jl2N2rnE59pjXp.xls.FilGZmsp 44.14 KB MD5: 53ecb95e10bc9cb28381c9b09f97abc0
SHA1: d2f54eefc44bab15a694af206bbcaaa3b87f8296
SHA256: 3b79f3f4d17f288247fac612b6db37d525d95e106afafc2e07e8c2fc5417538f
SSDeep: 768:OQby2NJyx7ZJ+b2VwG/9ijIPG5UyHYHwyBsgw9wtzG2ARg1p2Qt2fK/sgp/0Zjkm:l477+5AiEPyowyBowUcpAK/lt0Om 		False
...
C:\Users\FD1HVy\Desktop\JZuk.bmp.FilGZmsp 51.22 KB MD5: c8c048a9d22abefc0fecc0b9ebd209f2
SHA1: 4d7ee8a264e92331f142d9f1bd009709ffc6ebe8
SHA256: 75d88a6be6772cf84dc0d59b722036d384e29b5d6c04af1e0d358bad0dc1adfe
SSDeep: 768:Wbzr9brzMs+jCzcJnqLU9A73EQn4jBD1v33++/RFptLZyo7VK65PzGRqIU6ZNmr:WvFr3aCMqIw0/lp3uSRFHLZN5/FoU66r 		False
...
C:\Users\FD1HVy\Desktop\Lcy6ULqCFh5oc.m4a.FilGZmsp 95.25 KB MD5: e4a7e693a6edfa6c93e0753377efec33
SHA1: 6ca24d9beb98df5c9ddb8fde00e107fa4337b12e
SHA256: 9da3274e17ec31fe93195d5ed1fc0222ecc2cc7341c62859d8b2ed1f494f698a
SSDeep: 1536:WPjXclDDDCH4RbLbjZTd8YiqaagtAMo1IgvlJPnSpjBQjCZV4OHxbJcFo+Z+JW:QODrlbZThiqaa1Mo15vnSp+jCf4OHz6p 		False
...
C:\Users\FD1HVy\Desktop\LPTP-K_YKmqLf5vm.xlsx.FilGZmsp 87.63 KB MD5: 55aa99dab6e4aa32ba0e51aad620783e
SHA1: 9c5e65b83966411389041d4dbfdc14fd06b44361
SHA256: bf37bbd8dc8a9d2358ef34c0112155f0afe49952a71bfcc73b109199a4ec4d0d
SSDeep: 1536:D2mXLa2RXWzz2RFFwEm8k4KifbmNIulvtxpO0fwotZPnorHWP1kQ:vNc6R4HkbmSuxtlxorHW9kQ 		False
...
C:\Users\FD1HVy\Desktop\rwhEj_au.m4a.FilGZmsp 20.99 KB MD5: a9f30de07570af7f664676d8a13df381
SHA1: 06a7de95458c7a54e8e175170c3a59e6da3d7880
SHA256: a2b38b2e9b107f2b15c7d8a1fdc8ccb6e929b87fa389d1bbf7823940d8f58818
SSDeep: 384:T0x2IjKROunvtfJUcoJzzlzE4+A9DSEh3IvdVBrQcho7Sqg2j0T8:T0xNKROuvtfJUpdERiDSEh4FrXhodgAh 		False
...
C:\Users\FD1HVy\Desktop\v7ySBIDKOsB6.wav.FilGZmsp 58.08 KB MD5: 6850a5f7e3e46858a86fbc1b3ecd7be9
SHA1: 108cd77017f9ec9148c2e1a9488c1de5877e53a9
SHA256: 24fce55c3cdd17c070c8d861ce806ebbf514eda9850b4f5492d39df09484b8c6
SSDeep: 1536:zH5IfASqPVI4XaQUIXNdM+fKFI7g+AfaLFe5uTUalwj/X:V6LyGdle/M+PgliuqURX 		False
...
C:\Users\FD1HVy\Desktop\vAirtIzQaFanKF.swf.FilGZmsp 41.38 KB MD5: bcd94ff31c2d1f57934525c200ddf082
SHA1: e611cea42bc883080b0e9dd29cb4ea14a3e49112
SHA256: 35f9dc3a681eee5e85b0d2c3fcea8ec0f6fab7fbbecfd60eab4ae6d21da95df9
SSDeep: 768:BN0qaDAV1rm3Tf99z6IIn+Yh3cVHR7BTDJeNwwB9UVXfWBsgg/meKwMgZ:BNy00TVQF1pcD7BTDJmr+fQXjeKwMgZ 		False
...
C:\Users\FD1HVy\Desktop\y8Oq3F1\8JhfB.jpg.FilGZmsp 34.48 KB MD5: 16708f8b05d181986c0c91acab176445
SHA1: fd10b4ddeb0e8bdeb63d8b07a3334faabe19ce02
SHA256: 46af68203bbfcb6f276d416f9ed51b821a846c21e7d0d5fb2258e06d1592446a
SSDeep: 768:tWfSMxUbeZZ/tcvGorR76xo3fW7up8he3Sd4QrBRxT+F9Np1Ury:UfjIGS3t1ieQNRZiNLUe 		False
...
C:\Users\FD1HVy\Desktop\y8Oq3F1\9Q5R_fBUKWX9lHvs25T.bmp.FilGZmsp 92.85 KB MD5: 1456f693392e621d9f81ddacdd3af27a
SHA1: 34141923cef0b66618541d32a9561eaf0f9764fa
SHA256: c19853c1f8ec5766a1d17e7dd815db5d12af47a6566edb758fd57e3f51b407d6
SSDeep: 1536:qbBRYLkUjabf9iG9/XixoIKE2CP845zfgrR/McLwcZGaqN1xcBaIIpJFpOT3HDlE:q9RECh9vidiCE45gracLZZGaqpcBWJFt 		False
...
C:\Users\FD1HVy\Desktop\y8Oq3F1\AMM2g-fJbZQfHhiIiTsQ.docx.FilGZmsp 19.64 KB MD5: 571fb7cd6a05dd50a044b4782ea43267
SHA1: aa2cf661724f4471640a7983c9f0ad671eff342d
SHA256: 04dbf4fe4c64df65bbb341409edd9dff6209b65aca72279de120ee9299448ff6
SSDeep: 384:li+Fqh3quZzAW6skVNYLmhFrf2bDXrvYI+yCsYUPJxZjJugE3iN4Tj:li+UhjuNMmriDjYf43N9Noj 		False
...
C:\Users\FD1HVy\Desktop\y8Oq3F1\F n0c9A.mkv.FilGZmsp 9.67 KB MD5: 42daba14b4c68a726b1776521d38363f
SHA1: 99de6fa2a351fd73ac092ffc71ac12f2b87e3aaf
SHA256: 08ddaf6e74c6df12b4136a030b2f35e7e99601c0223d2716adecbd2ead614165
SSDeep: 192:/QkeNlAqE5iqs4ZAVNR8+TueGObfWFt4jd5aVhZ7BFBauN1ymgx575EZJ:49uiT46NRJn/SFtGd5kBvN1Wx5752J 		False
...
C:\Users\FD1HVy\Desktop\y8Oq3F1\Iv_UL1Smn68W.pptx.FilGZmsp 3.35 KB MD5: 180ba14f9aa3668e4a1b07fc597f9259
SHA1: c8d5e8b6135024ca00961b86dbc08671416a5a46
SHA256: c1cdeb6200ed37f7b9a1dbc0f63b3625cfe7e4fa0be978de83a077fa27f49f37
SSDeep: 96:DG+0a3foq7KOey4bJTRwdI7EgIKPJ+28PpaLb2Dp:K+Jvo0KOey4bJidhNIkP2SDp 		False
...
C:\Users\FD1HVy\Desktop\y8Oq3F1\LdiI7dOGdPlqqn4FPm.csv.FilGZmsp 4.00 KB MD5: a1967136cba536f3d82f8b4714f762e3
SHA1: ff1b4f12b0f9a6ebf4b40b359624611eb068c879
SHA256: 92a089ba9054f9c7ab75cbd746c81f652fbd7e9a6de9b021c49fe598852fa4e3
SSDeep: 96:QfOsGyyZ6tMua36HKJjvdMKuP8PD4L9znVd/MN3hVVWYIenF6fPHcEB:Qf74Z6tMD36qJj6PsCt/oVVrkBB 		False
...
C:\Users\FD1HVy\Desktop\y8Oq3F1\p5KNKVfrENUFkNTd.jpg.FilGZmsp 23.83 KB MD5: 2c096152e858d36218f5b44c2f2fa30f
SHA1: 902782f69fb07afefe1cc64dede58f57346e251d
SHA256: 7cbc56ea7226ec187972ef52577d800182d21e09648c3f9c043fc93a59afa6f5
SSDeep: 384:91YDiydX+6SzsKqStanplIVbB4EFmYeFGumnYwHfWu35X0dquAVdTeiiR0T9mW/3:9K7dX+Z2Stanp+VbBhF4FAOupXUOVdTX 		False
...
C:\Users\FD1HVy\Desktop\y8Oq3F1\x8c4k zgybMBqz.pps.FilGZmsp 88.75 KB MD5: 9393eb8bc0ae7c27b66a46e8836d9b4e
SHA1: 99ef3f4979cb6d90abae9a2b86262d848c6cdb8d
SHA256: 20f7861744d1615f610cee5d8277fdbf2fdffca67d9b3643ba1dbac97123c608
SSDeep: 1536:OPUx3LEIpk98yNlMPM5Crb4D97W00ZuUvVyXz8K2kuC5yAmWuWuQyFgOaUB6YWfh:OPUVIIpkKy3ME5Ies00ZuUdyX4K2rC5F 		False
...
C:\Users\FD1HVy\Desktop\ynYByG93A60UMcX.gif.FilGZmsp 13.44 KB MD5: 0049ac5b1d580ef2378967a5ce13bf33
SHA1: 9da8b38928ac9818f7f6baf068a2d1a34f348284
SHA256: 03807b3e267611a101890987a616759de0b8392e91b933afc00faf70f2ac5207
SSDeep: 384:9SXUGnm33whpdAxCqw5CEuWfT2mPRnlaZXGPzoeUBP:0Nn75GgwWrpPRngozolP 		False
...
C:\Users\FD1HVy\Desktop\ZsRJeI7s.mkv.FilGZmsp 54.48 KB MD5: ce293eeff59b11a68183eaf0ba6e0f7d
SHA1: 584565b6ba04d3fd1907dae58587b706463c2d45
SHA256: f82068bf54a498f03438c7a8f9447ef51dad43e08bbad79d48c2c306d1ab5387
SSDeep: 1536:JqKPHgvSPb9I/M8asovuFSGbqgiF5I35ilqa:kCHgvUIUTsUc7bqgi3lqa 		False
...
C:\Users\FD1HVy\Desktop\\!!ÊàêÐàñøèôðîâàòüÝòóÏàðàøó.txt 213 bytes MD5: eaeefe50a0ba2470e6e52619be942adf
SHA1: 6b838b482296e34abf61659681bf5bf716b50bda
SHA256: 237144ea9b07403bf38f7a143d7f0b90d526d65e3280808045e3da303ff547aa
SSDeep: 6:/bX2moFAJYJGXYblvtbKvg8RluM+yl3vyNUqFYQICBZyY:/jnoFA7IbllGvFuMCmZQd 		False
...
Host Behavior
File (638)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\FD1HVy\Desktop\0Dq8DV.jpg desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\0Dq8DV.jpg.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\0X-S5DVXJ55.ppt desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\0X-S5DVXJ55.ppt.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\2IpG0.wav desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\2IpG0.wav.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\41jdCZmpo.m4a desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\41jdCZmpo.m4a.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\6Ap4.png desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\6Ap4.png.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\6oa-CSF.pptx desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\6oa-CSF.pptx.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\73OqHhCstnZXqrw.m4a desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\73OqHhCstnZXqrw.m4a.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\Ag_S2MWic2.png desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\Ag_S2MWic2.png.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\aLLtQe.avi desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\aLLtQe.avi.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\AURvHfheOx1i.swf desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\AURvHfheOx1i.swf.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\BqgUDiIk osrwPL.mp3 desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\BqgUDiIk osrwPL.mp3.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\desktop.ini desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\desktop.ini.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\Fcr1f3Gzw_W.avi desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\Fcr1f3Gzw_W.avi.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\FQqQPCoYEB.jpg desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\FQqQPCoYEB.jpg.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\GMOyXDXwFM8W7-LhS.swf desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\GMOyXDXwFM8W7-LhS.swf.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\gv-rKvbphTHL.odp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\gv-rKvbphTHL.odp.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\IHFgpxkCmC_zEG.wav desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\IHFgpxkCmC_zEG.wav.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\J5-kjHCPXByZQnhDJn.mp3 desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\J5-kjHCPXByZQnhDJn.mp3.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\Jl2N2rnE59pjXp.xls desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\Jl2N2rnE59pjXp.xls.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\JZuk.bmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\JZuk.bmp.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\kbF_2PW7TjoQ4IMqkI.bmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\kbF_2PW7TjoQ4IMqkI.bmp.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\kvxI68o_1uIf1.avi desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\kvxI68o_1uIf1.avi.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\Lcy6ULqCFh5oc.m4a desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\Lcy6ULqCFh5oc.m4a.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\LPTP-K_YKmqLf5vm.xlsx desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\LPTP-K_YKmqLf5vm.xlsx.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\nbWphIhGB6Uy0.flv desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\nbWphIhGB6Uy0.flv.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\oFb2U6s9m6U6gOPb.mkv desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\oFb2U6s9m6U6gOPb.mkv.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\OKWfLhmwWcu5qOaGL.avi desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\OKWfLhmwWcu5qOaGL.avi.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\rrB-W8Ex2Gbzq310V5Y.jpg desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\rrB-W8Ex2Gbzq310V5Y.jpg.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\rwhEj_au.m4a desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\rwhEj_au.m4a.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\Sa rHH25WBZ3QNDj7vy.jpg desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\Sa rHH25WBZ3QNDj7vy.jpg.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\v7ySBIDKOsB6.wav desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\v7ySBIDKOsB6.wav.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\vAirtIzQaFanKF.swf desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\vAirtIzQaFanKF.swf.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\WZcxh9yKmkx2N8.m4a desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\WZcxh9yKmkx2N8.m4a.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\8JhfB.jpg desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\8JhfB.jpg.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\9Q5R_fBUKWX9lHvs25T.bmp desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\9Q5R_fBUKWX9lHvs25T.bmp.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\AMM2g-fJbZQfHhiIiTsQ.docx desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\AMM2g-fJbZQfHhiIiTsQ.docx.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\F n0c9A.mkv desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\F n0c9A.mkv.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\FQH0eS7fuhi.flv desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\FQH0eS7fuhi.flv.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\Iv_UL1Smn68W.pptx desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\Iv_UL1Smn68W.pptx.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\LdiI7dOGdPlqqn4FPm.csv desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\LdiI7dOGdPlqqn4FPm.csv.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\p5KNKVfrENUFkNTd.jpg desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\p5KNKVfrENUFkNTd.jpg.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\SS1V.mp3 desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\SS1V.mp3.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\x8c4k zgybMBqz.pps desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\y8Oq3F1\x8c4k zgybMBqz.pps.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\ynYByG93A60UMcX.gif desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\ynYByG93A60UMcX.gif.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\ZsRJeI7s.mkv desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\ZsRJeI7s.mkv.FilGZmsp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\\!!ÊàêÐàñøèôðîâàòüÝòóÏàðàøó.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Read C:\Users\FD1HVy\Desktop\0Dq8DV.jpg size = 16, size_out = 16 True 249
Fn
Data
Write C:\Users\FD1HVy\Desktop\0Dq8DV.jpg.FilGZmsp size = 16 True 249
Fn
Data
Write C:\Users\FD1HVy\Desktop\\!!ÊàêÐàñøèôðîâàòüÝòóÏàðàøó.txt size = 213 True 1
Fn
Data
Delete C:\Users\FD1HVy\Desktop\0Dq8DV.jpg - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\0X-S5DVXJ55.ppt - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\2IpG0.wav - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\41jdCZmpo.m4a - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\6Ap4.png - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\6oa-CSF.pptx - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\73OqHhCstnZXqrw.m4a - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\Ag_S2MWic2.png - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\aLLtQe.avi - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\AURvHfheOx1i.swf - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\BqgUDiIk osrwPL.mp3 - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\desktop.ini - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe - False 1
Fn
Delete C:\Users\FD1HVy\Desktop\Fcr1f3Gzw_W.avi - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\FQqQPCoYEB.jpg - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\GMOyXDXwFM8W7-LhS.swf - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\gv-rKvbphTHL.odp - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\IHFgpxkCmC_zEG.wav - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\J5-kjHCPXByZQnhDJn.mp3 - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\Jl2N2rnE59pjXp.xls - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\JZuk.bmp - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\kbF_2PW7TjoQ4IMqkI.bmp - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\kvxI68o_1uIf1.avi - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\Lcy6ULqCFh5oc.m4a - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\LPTP-K_YKmqLf5vm.xlsx - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\nbWphIhGB6Uy0.flv - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\oFb2U6s9m6U6gOPb.mkv - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\OKWfLhmwWcu5qOaGL.avi - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\rrB-W8Ex2Gbzq310V5Y.jpg - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\rwhEj_au.m4a - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\Sa rHH25WBZ3QNDj7vy.jpg - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\v7ySBIDKOsB6.wav - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\vAirtIzQaFanKF.swf - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\WZcxh9yKmkx2N8.m4a - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\y8Oq3F1\8JhfB.jpg - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\y8Oq3F1\9Q5R_fBUKWX9lHvs25T.bmp - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\y8Oq3F1\AMM2g-fJbZQfHhiIiTsQ.docx - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\y8Oq3F1\F n0c9A.mkv - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\y8Oq3F1\FQH0eS7fuhi.flv - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\y8Oq3F1\Iv_UL1Smn68W.pptx - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\y8Oq3F1\LdiI7dOGdPlqqn4FPm.csv - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\y8Oq3F1\p5KNKVfrENUFkNTd.jpg - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\y8Oq3F1\SS1V.mp3 - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\y8Oq3F1\x8c4k zgybMBqz.pps - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\ynYByG93A60UMcX.gif - True 1
Fn
Delete C:\Users\FD1HVy\Desktop\ZsRJeI7s.mkv - True 1
Fn
Registry (3)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Borland\Locales - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Borland\Locales - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Borland\Delphi\Locales - False 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create winhlp32.exe - True 1
Fn
Module (362)
»
Operation Module Additional Information Success Count Logfile
Load KERNEL32.DLL base_address = 0x75e90000 True 4
Fn
Load advapi32.dll base_address = 0x761b0000 True 2
Fn
Load comctl32.dll base_address = 0x73100000 True 1
Fn
Load gdi32.dll base_address = 0x75b70000 True 1
Fn
Load oleaut32.dll base_address = 0x75bb0000 True 2
Fn
Load shell32.dll base_address = 0x76480000 True 1
Fn
Load user32.dll base_address = 0x74b70000 True 1
Fn
Load C:\Users\FD1HVy\Desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.ENU base_address = 0x0 False 1
Fn
Load C:\Users\FD1HVy\Desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.EN base_address = 0x0 False 1
Fn
Load uxtheme.dll base_address = 0x74550000 True 1
Fn
Get Handle c:\users\fd1hvy\desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe base_address = 0x400000 True 1
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x75e90000 True 1
Fn
Get Handle c:\windows\syswow64\oleaut32.dll base_address = 0x75bb0000 True 1
Fn
Get Handle c:\windows\syswow64\user32.dll base_address = 0x74b70000 True 3
Fn
Get Handle c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll base_address = 0x73100000 True 1
Fn
Get Filename c:\users\fd1hvy\desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe process_name = c:\users\fd1hvy\desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe, file_name_orig = C:\Users\FD1HVy\Desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe, size = 261 True 1
Fn
Get Filename - process_name = c:\users\fd1hvy\desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe, file_name_orig = C:\Users\FD1HVy\Desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe, size = 261 True 1
Fn
Get Filename c:\users\fd1hvy\desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe process_name = c:\users\fd1hvy\desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe, file_name_orig = C:\Users\FD1HVy\Desktop\dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3.exe, size = 256 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcpyA, address_out = 0x75ee7060 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WriteFile, address_out = 0x75eff180 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WaitForSingleObject, address_out = 0x75efeca0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualQuery, address_out = 0x75ea6a70 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualAlloc, address_out = 0x75ea6970 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Sleep, address_out = 0x75ea6760 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SizeofResource, address_out = 0x75ea6740 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadLocale, address_out = 0x75ea6fc0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFilePointer, address_out = 0x75eff120 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetEvent, address_out = 0x75efec50 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetErrorMode, address_out = 0x75ea6500 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetEndOfFile, address_out = 0x75eff0e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ResetEvent, address_out = 0x75efec40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReadFile, address_out = 0x75eff090 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = MulDiv, address_out = 0x75efe6e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LockResource, address_out = 0x75ea5bc0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadResource, address_out = 0x75ea5b00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadLibraryA, address_out = 0x75ea5a80 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LeaveCriticalSection, address_out = 0x77bfb250 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeCriticalSection, address_out = 0x77c0af20 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalUnlock, address_out = 0x75ee44e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalReAlloc, address_out = 0x75ee3f90 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalHandle, address_out = 0x75ee4420 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalLock, address_out = 0x75ee42f0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalFree, address_out = 0x75ea1ee0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalFindAtomA, address_out = 0x75ed2090 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalDeleteAtom, address_out = 0x75ed20b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalAlloc, address_out = 0x75ea5750 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalAddAtomA, address_out = 0x75ed2050 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetVersionExA, address_out = 0x75ea56d0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetVersion, address_out = 0x75ea56c0 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTickCount, address_out = 0x75efdd50 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetThreadLocale, address_out = 0x75ea5600 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemInfo, address_out = 0x75ea54d0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetStringTypeExA, address_out = 0x75ea5370 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetStdHandle, address_out = 0x75ea5330 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcAddress, address_out = 0x75ea51b0 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleA, address_out = 0x75ea50b0 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleFileNameA, address_out = 0x75ea5070 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLocaleInfoA, address_out = 0x75ea5020 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLocalTime, address_out = 0x75ea5060 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLastError, address_out = 0x75ea5010 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFullPathNameA, address_out = 0x75efef90 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetEnvironmentVariableA, address_out = 0x75ea4f90 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetDiskFreeSpaceA, address_out = 0x75efee80 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetDateFormatA, address_out = 0x75ea76e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentThreadId, address_out = 0x75ea8820 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcessId, address_out = 0x75efea20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcess, address_out = 0x75efea10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCPInfo, address_out = 0x75ea4d10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetACP, address_out = 0x75ea4ca0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FreeResource, address_out = 0x75ea4c80 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InterlockedExchange, address_out = 0x75ea73e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FreeLibrary, address_out = 0x75ea4c40 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FormatMessageA, address_out = 0x75ea4bc0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindResourceA, address_out = 0x75ee27c0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindNextFileA, address_out = 0x75efee20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindFirstFileA, address_out = 0x75efedb0 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindClose, address_out = 0x75efed70 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FileTimeToLocalFileTime, address_out = 0x75efed60 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FileTimeToDosDateTime, address_out = 0x75ee1eb0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EnumCalendarInfoA, address_out = 0x75ebc0d0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EnterCriticalSection, address_out = 0x77bfb2d0 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteFileA, address_out = 0x75efed30 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteCriticalSection, address_out = 0x77bdfb90 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThread, address_out = 0x75ea46b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateFileA, address_out = 0x75efed00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateEventA, address_out = 0x75efeb00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CompareStringA, address_out = 0x75ea4410 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseHandle, address_out = 0x75efeab0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsSetValue, address_out = 0x75ea6870 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsGetValue, address_out = 0x75ea6850 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LocalAlloc, address_out = 0x75ea5b20 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualFree, address_out = 0x75ea69d0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LocalFree, address_out = 0x75ea5b40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InterlockedDecrement, address_out = 0x75ea73c0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InterlockedIncrement, address_out = 0x75ea7420 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WideCharToMultiByte, address_out = 0x75ea6b10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = MultiByteToWideChar, address_out = 0x75ea5c40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrlenA, address_out = 0x75ea6c50 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcpynA, address_out = 0x75ea6c10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadLibraryExA, address_out = 0x75ea5aa0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetStartupInfoA, address_out = 0x75ee28e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCommandLineA, address_out = 0x75ea4cb0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExitProcess, address_out = 0x75ea3cb0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = UnhandledExceptionFilter, address_out = 0x75ea68d0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RtlUnwind, address_out = 0x75ea7c10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RaiseException, address_out = 0x75ea5e20 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegQueryValueExA, address_out = 0x761cf020 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegOpenKeyExA, address_out = 0x761cf210 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCloseKey, address_out = 0x761ced60 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = OpenProcessToken, address_out = 0x761cefb0 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = LookupPrivilegeValueA, address_out = 0x761c8b30 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = AdjustTokenPrivileges, address_out = 0x761cffa0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_SetIconSize, address_out = 0x73161c50 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_GetIconSize, address_out = 0x73161bd0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_Write, address_out = 0x731611f0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_Read, address_out = 0x73161270 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_GetDragImage, address_out = 0x73160b20 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_DragShowNolock, address_out = 0x73160d50 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_SetDragCursorImage, address_out = 0x73160a90 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_DragMove, address_out = 0x73160cb0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_DragLeave, address_out = 0x73160d00 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_DragEnter, address_out = 0x73160c60 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_EndDrag, address_out = 0x73160b80 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_BeginDrag, address_out = 0x73160bf0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_Remove, address_out = 0x73161a50 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_DrawEx, address_out = 0x73161840 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_Draw, address_out = 0x73161910 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_GetBkColor, address_out = 0x73161650 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_SetBkColor, address_out = 0x731615d0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_ReplaceIcon, address_out = 0x73161550 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_Add, address_out = 0x731614d0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_SetImageCount, address_out = 0x73161450 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_GetImageCount, address_out = 0x731613e0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_Destroy, address_out = 0x73161370 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = ImageList_Create, address_out = 0x73160ec0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = UnrealizeObject, address_out = 0x75b74480 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = StretchBlt, address_out = 0x75b73810 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetWindowOrgEx, address_out = 0x75b738a0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetWinMetaFileBits, address_out = 0x75b7b930 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetViewportOrgEx, address_out = 0x75b739b0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetTextColor, address_out = 0x75b76490 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetStretchBltMode, address_out = 0x75b73bd0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetROP2, address_out = 0x75b73f80 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetPixel, address_out = 0x75b74fd0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetEnhMetaFileBits, address_out = 0x75b77830 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetDIBColorTable, address_out = 0x75b77130 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetBrushOrgEx, address_out = 0x75b77110 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetBkMode, address_out = 0x75b76560 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetBkColor, address_out = 0x75b76520 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SelectPalette, address_out = 0x745f86b0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SelectObject, address_out = 0x75b76460 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SaveDC, address_out = 0x75b76610 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = RestoreDC, address_out = 0x75b765d0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = Rectangle, address_out = 0x75b742a0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = RectVisible, address_out = 0x75b73a30 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = RealizePalette, address_out = 0x745ee500 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = PlayEnhMetaFile, address_out = 0x75b7cee0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = PatBlt, address_out = 0x75b737a0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = MoveToEx, address_out = 0x75b73730 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = MaskBlt, address_out = 0x75b7b270 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = LineTo, address_out = 0x75b73ec0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = IntersectClipRect, address_out = 0x75b734c0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetWindowOrgEx, address_out = 0x75b77070 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetWinMetaFileBits, address_out = 0x75b77810 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetTextMetricsA, address_out = 0x75b736f0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetTextExtentPointA, address_out = 0x75b74c90 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetTextExtentPoint32A, address_out = 0x75b74f30 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetSystemPaletteEntries, address_out = 0x74623fc0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetStockObject, address_out = 0x75b766c0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetPixel, address_out = 0x75b748b0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetPaletteEntries, address_out = 0x74602b50 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetObjectA, address_out = 0x75b739f0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetEnhMetaFilePaletteEntries, address_out = 0x75b777d0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetEnhMetaFileHeader, address_out = 0x75b777b0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetEnhMetaFileBits, address_out = 0x75b7cc70 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetDeviceCaps, address_out = 0x74600060 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetDIBits, address_out = 0x75b76680 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetDIBColorTable, address_out = 0x75b77010 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetDCOrgEx, address_out = 0x75b76d20 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetCurrentPositionEx, address_out = 0x75b7cc00 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetClipBox, address_out = 0x75b73de0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetBrushOrgEx, address_out = 0x75b76ff0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetBitmapBits, address_out = 0x75b750b0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = ExcludeClipRect, address_out = 0x75b77b70 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = DeleteObject, address_out = 0x75b752b0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = DeleteEnhMetaFile, address_out = 0x75b742e0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = DeleteDC, address_out = 0x75b75870 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateSolidBrush, address_out = 0x75b76860 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreatePenIndirect, address_out = 0x75b750f0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreatePalette, address_out = 0x746027b0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateHalftonePalette, address_out = 0x75b74d50 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateFontIndirectA, address_out = 0x75b74880 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateDIBitmap, address_out = 0x74602430 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateDIBSection, address_out = 0x74600870 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateCompatibleDC, address_out = 0x74600720 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateCompatibleBitmap, address_out = 0x746005f0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateBrushIndirect, address_out = 0x75b740e0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateBitmap, address_out = 0x746021b0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CopyEnhMetaFileA, address_out = 0x75b78af0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = BitBlt, address_out = 0x74600760 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = SafeArrayPtrOfIndex, address_out = 0x75bd6670 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = SafeArrayGetUBound, address_out = 0x75bd5460 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = SafeArrayGetLBound, address_out = 0x75bd5ea0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = SafeArrayCreate, address_out = 0x75bd0340 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VariantChangeType, address_out = 0x75bca5e0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VariantCopy, address_out = 0x75be9dc0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VariantClear, address_out = 0x75be9db0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VariantInit, address_out = 0x75be9de0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = SysFreeString, address_out = 0x75bcb920 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = SysReAllocStringLen, address_out = 0x75bd1500 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = SysAllocStringLen, address_out = 0x75bcb7e0 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = SHGetSpecialFolderPathA, address_out = 0x766dcc90 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = CreateWindowExA, address_out = 0x74b91470 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = WindowFromPoint, address_out = 0x74ba4080 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = WinHelpA, address_out = 0x74b88290 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = WaitMessage, address_out = 0x74ba4060 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = UpdateWindow, address_out = 0x74b82b80 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = UnregisterClassA, address_out = 0x74b9b230 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = UnhookWindowsHookEx, address_out = 0x74ba3fa0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = TranslateMessage, address_out = 0x74b9f900 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = TranslateMDISysAccel, address_out = 0x74bdb350 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = TrackPopupMenu, address_out = 0x74bdbe20 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SystemParametersInfoA, address_out = 0x74b85060 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = ShowWindow, address_out = 0x74ba3ee0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = ShowScrollBar, address_out = 0x74ba3ec0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = ShowOwnedPopups, address_out = 0x74b93650 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = ShowCursor, address_out = 0x74b92820 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetWindowsHookExA, address_out = 0x74b92730 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetWindowTextA, address_out = 0x74b7e620 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetWindowPos, address_out = 0x74ba3e90 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetWindowPlacement, address_out = 0x74ba3e80 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetWindowLongA, address_out = 0x74b90a80 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetTimer, address_out = 0x74ba0370 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetScrollRange, address_out = 0x74b850e0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetScrollPos, address_out = 0x74b92380 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetScrollInfo, address_out = 0x74b81fa0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetRect, address_out = 0x74b8bd40 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetPropA, address_out = 0x74b914c0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetParent, address_out = 0x74b925c0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetMenuItemInfoA, address_out = 0x74bef800 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetMenu, address_out = 0x74b932c0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetForegroundWindow, address_out = 0x74b92900 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetFocus, address_out = 0x74ba3d10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetDiskFreeSpaceExA, address_out = 0x75efee90 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VariantChangeTypeEx, address_out = 0x75bca610 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarNeg, address_out = 0x75c152c0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarNot, address_out = 0x75c16560 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarAdd, address_out = 0x75bed610 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarSub, address_out = 0x75bee3e0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarMul, address_out = 0x75bedb10 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarDiv, address_out = 0x75c15800 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarIdiv, address_out = 0x75c161a0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarMod, address_out = 0x75c16400 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarAnd, address_out = 0x75be3200 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarOr, address_out = 0x75c16610 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarXor, address_out = 0x75c167b0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarCmp, address_out = 0x75bd60b0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarI4FromStr, address_out = 0x75bd6ec0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarR4FromStr, address_out = 0x75be3010 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarR8FromStr, address_out = 0x75be3630 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarDateFromStr, address_out = 0x75bd8b90 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarCyFromStr, address_out = 0x75bc2d90 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarBoolFromStr, address_out = 0x75bd48f0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarBstrFromCy, address_out = 0x75bd7f50 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarBstrFromDate, address_out = 0x75bd89c0 True 1
Fn
Get Address c:\windows\syswow64\oleaut32.dll function = VarBstrFromBool, address_out = 0x75bd48a0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetMonitorInfoA, address_out = 0x74b9df30 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetSystemMetrics, address_out = 0x74b9ddc0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = EnumDisplayMonitors, address_out = 0x74ba32e0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = AnimateWindow, address_out = 0x74b87000 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = InitializeFlatSB, address_out = 0x7311abf0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = UninitializeFlatSB, address_out = 0x7311aaa0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = FlatSB_GetScrollProp, address_out = 0x7311c720 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = FlatSB_SetScrollProp, address_out = 0x7311d980 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = FlatSB_EnableScrollBar, address_out = 0x7311cc50 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = FlatSB_ShowScrollBar, address_out = 0x7311ca10 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = FlatSB_GetScrollRange, address_out = 0x7311c890 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = FlatSB_GetScrollInfo, address_out = 0x7311c920 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = FlatSB_GetScrollPos, address_out = 0x7311c6c0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = FlatSB_SetScrollPos, address_out = 0x7311d730 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = FlatSB_SetScrollInfo, address_out = 0x7311d8b0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll function = FlatSB_SetScrollRange, address_out = 0x7311d7c0 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetLayeredWindowAttributes, address_out = 0x74ba3d70 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = OpenThemeData, address_out = 0x74574220 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = CloseThemeData, address_out = 0x74582680 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = DrawThemeBackground, address_out = 0x7457b760 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = DrawThemeText, address_out = 0x7457cbb0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeBackgroundContentRect, address_out = 0x7457bcc0 True 2
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemePartSize, address_out = 0x74587470 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeTextExtent, address_out = 0x745800a0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeTextMetrics, address_out = 0x74580430 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeBackgroundRegion, address_out = 0x7457b0a0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = HitTestThemeBackground, address_out = 0x745ae0d0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = DrawThemeEdge, address_out = 0x745aca70 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = DrawThemeIcon, address_out = 0x745acb10 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = IsThemePartDefined, address_out = 0x745833c0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = IsThemeBackgroundPartiallyTransparent, address_out = 0x745836e0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeColor, address_out = 0x745824b0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeMetric, address_out = 0x745ad860 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeString, address_out = 0x745ad9e0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeBool, address_out = 0x745828d0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeInt, address_out = 0x74582d10 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeEnumValue, address_out = 0x74581360 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemePosition, address_out = 0x74580af0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeFont, address_out = 0x74580350 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeRect, address_out = 0x745ad900 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeMargins, address_out = 0x74582750 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeIntList, address_out = 0x745ad7f0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemePropertyOrigin, address_out = 0x74574660 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = SetWindowTheme, address_out = 0x745742a0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeFilename, address_out = 0x745ad770 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeSysColor, address_out = 0x745adb10 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeSysColorBrush, address_out = 0x745adbc0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeSysBool, address_out = 0x745ada60 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeSysSize, address_out = 0x745ade80 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeSysFont, address_out = 0x745adc70 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeSysString, address_out = 0x745adf20 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeSysInt, address_out = 0x745ade00 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = IsThemeActive, address_out = 0x74582890 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = IsAppThemed, address_out = 0x745825a0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetWindowTheme, address_out = 0x745ae080 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = EnableThemeDialogTexture, address_out = 0x74573970 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = IsThemeDialogTextureEnabled, address_out = 0x745ae260 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeAppProperties, address_out = 0x745754e0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = SetThemeAppProperties, address_out = 0x745ae590 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetCurrentThemeName, address_out = 0x74574e10 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = GetThemeDocumentationProperty, address_out = 0x745ad700 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = DrawThemeParentBackground, address_out = 0x745736b0 True 1
Fn
Get Address c:\windows\syswow64\uxtheme.dll function = EnableTheming, address_out = 0x745ace00 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = MonitorFromWindow, address_out = 0x74b85c10 True 1
Fn
Window (14)
»
Operation Window Name Additional Information Success Count Logfile
Create dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3 class_name = TApplication, wndproc_parameter = 0 True 1
Fn
Create DelphiRansomware class_name = TForm1, wndproc_parameter = 0 True 1
Fn
Create - class_name = TMemo, wndproc_parameter = 0 True 1
Fn
Create Okay! class_name = TButton, wndproc_parameter = 0 True 1
Fn
Create Im fucking faggot! PLEASE DELETE MY SYSTEM! class_name = TButton, wndproc_parameter = 0 True 1
Fn
Set Attribute dnasmalwareprovider!dailyransomwaresbd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3 class_name = TApplication, index = -4, new_long = 6819823 True 1
Fn
Set Attribute DelphiRansomware class_name = TForm1, index = -4, new_long = 6819797 True 1
Fn
Set Attribute DelphiRansomware class_name = TForm1, index = -20, new_long = 65792 True 1
Fn
Set Attribute - class_name = TMemo, index = -4, new_long = 6819784 True 1
Fn
Set Attribute - class_name = TMemo, index = -12, new_long = 328184 False 1
Fn
Set Attribute Okay! class_name = TButton, index = -4, new_long = 6819771 True 1
Fn
Set Attribute Okay! class_name = TButton, index = -12, new_long = 197136 False 1
Fn
Set Attribute Im fucking faggot! PLEASE DELETE MY SYSTEM! class_name = TButton, index = -4, new_long = 6819758 True 1
Fn
Set Attribute Im fucking faggot! PLEASE DELETE MY SYSTEM! class_name = TButton, index = -12, new_long = 458868 False 1
Fn
Keyboard (12)
»
Operation Additional Information Success Count Logfile
Get Info type = 0, result_out = 4 True 1
Fn
Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 1
Fn
Get Info type = KB_LOCALE_ID True 1
Fn
Read virtual_key_code = VK_MENU, result_out = 0 True 6
Fn
Read virtual_key_code = VK_MENU, result_out = -127 True 1
Fn
Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
System (16)
»
Operation Additional Information Success Count Logfile
Get window text window_text = 1703492 True 1
Fn
Get Cursor x_out = 320, y_out = 329 True 8
Fn
Get Cursor x_out = 490, y_out = 323 True 3
Fn
Get Info type = Operating System True 3
Fn
Get Info type = Operating System True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String name = USERPROFILE, result_out = C:\Users\FD1HVy True 1
Fn
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image