This is a filtered view
This list contains only the embedded files and created files
There are no files for this filter
There are no files in this analysis
|
Filename
|
Category
|
Type
|
Severity
|
Actions
|
|
Also Known As
|
c:\users\jpenum\appdata\local\temp\cookies\index.dat (Modified File)
c:\users\jpenum\appdata\local\temp\history\history.ie5\index.dat (Modified File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
16.00 KB
|
|
MD5
|
d7a950fefd60dbaa01df2d85fefb3862
|
|
SHA1
|
15740b197555ba8e162c37a60ba655151e3bebae
|
|
SHA256
|
75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
|
|
SSDeep
|
3:qRFiJ2totWIlXllll:qjyx
|
|
Severity
|
|
|
First Seen
|
2011-05-28 23:39 (UTC+2)
|
|
Last Seen
|
2019-01-20 23:42 (UTC+1)
|
|
Mime Type
|
application/x-wine-extension-ini
|
|
File Size
|
0.04 KB
|
|
MD5
|
fffa3520c04320177050aa7c77c362e1
|
|
SHA1
|
e0f9e1ee1115bf5599d8c1430f4b9989ac3143e4
|
|
SHA256
|
68cfdeb4843fd56030848aeab87b86582f429080caea55d7a1f31b7a9e2e155f
|
|
SSDeep
|
3:0NdQDjotjIAXs:0NwoyAXs
|
|
Severity
|
|
|
First Seen
|
2013-10-11 09:54 (UTC+2)
|
|
Last Seen
|
2019-01-09 14:57 (UTC+1)
|
|
Mime Type
|
application/x-wine-extension-ini
|
|
File Size
|
0.14 KB
|
|
MD5
|
ba96961f5e22882527919e19daea510f
|
|
SHA1
|
e10e8bebbd0573e3a1494ea3f21682f7490c427b
|
|
SHA256
|
dace5ad59099429d8aed4ee279f1263efb65d64456931398465a396cf0e79bd7
|
|
SSDeep
|
3:0NdQDjotjIAXNam+p28jqGiEI7fOLyovZeLhzUzYcB:0NwoyAXNxW28CEI7QyyZeNUzxB
|
|
Severity
|
|
|
First Seen
|
2011-07-15 01:16 (UTC+2)
|
|
Last Seen
|
2019-01-21 12:39 (UTC+1)
|
|
Also Known As
|
C:\Windows\Installer\a6cfff.ipi (Created File)
C:\Windows\Installer\MSID0F9.tmp (Created File)
C:\Users\JPenUM\AppData\Roaming\appmgr\RtlUpd64.exe (Created File)
RtlUpd64.exe (Created File)
C:\Windows\Installer\MSI504.tmp (Created File)
C:\Config.Msi\MSI66C.tmp (Created File)
C:\Config.Msi\a6d000.rbs (Created File)
c:\users\jpenum\appdata\local\temp\msi70678.log (Created File)
C:\Config.Msi\MSI6F9.tmp (Created File)
|
|
Mime Type
|
application/x-empty
|
|
File Size
|
0.00 KB
|
|
MD5
|
d41d8cd98f00b204e9800998ecf8427e
|
|
SHA1
|
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
|
SHA256
|
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
|
SSDeep
|
3::
|
|
Severity
|
|
|
First Seen
|
2011-05-27 11:27 (UTC+2)
|
|
Last Seen
|
2017-04-19 12:47 (UTC+2)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
0.50 KB
|
|
MD5
|
bf619eac0cdf3f68d496ea9344137e8b
|
|
SHA1
|
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
|
SHA256
|
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
|
SSDeep
|
3::
|
|
Severity
|
|
|
First Seen
|
2011-07-06 01:20 (UTC+2)
|
|
Last Seen
|
2019-01-19 01:49 (UTC+1)
|
|
Mime Type
|
application/x-msaccess
|
|
File Size
|
336.00 KB
|
|
MD5
|
2601895cfe5909f5f66e98524bcd2aaf
|
|
SHA1
|
c81a4306207d6aedd9d4ec5b6e4b828bca8e20ab
|
|
SHA256
|
18f0b09725c3f4cea286aae7fceaec0cd6e49f90c9aa72dcc9c6d748bfe716cd
|
|
SSDeep
|
768:JlRTCFe+9BdQBrZ4oq03yfXwfksidQpcjEAZrsbVzoFrROlK0GLxt7kzRM/dw/d8:Jl5CArZ4vI0dN+z0lI6L34uSy
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1.96 KB
|
|
MD5
|
1f6b6f8487eab69adaeb377edfcafc9d
|
|
SHA1
|
2fad5a024e56ccbf56d97670902b8397a1919175
|
|
SHA256
|
ea075736526c71d4466d7e13f9513b40f375586ce59a3fe2eca6bb4d901ee5a7
|
|
SSDeep
|
48:P2yTxnvIL7IswvgvaqahU53h7xjXR7L1s0ou1n:P2avyIrgv9gEVx1psvut
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
2.64 KB
|
|
MD5
|
ccd7758db87057f11cd3d87af2177cdf
|
|
SHA1
|
8679fb8624dbb7bbd7b4650247bb443abe653421
|
|
SHA256
|
b51fee6d6da9d792e4e0371213c3be39e7095060710d87fc9e5a70014c7d4569
|
|
SSDeep
|
48:P2yTxnvIL7IswvgvaqahU53h7xjXR7L1s0ou1XR7L1s0ou1XR70:P2avyIrgv9gEVx1psvut1psvut10
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1.28 KB
|
|
MD5
|
fee0e69c9a0a3fc5087dfc959acf112b
|
|
SHA1
|
a66e1c5764b408d04e87cd1325ca7b32479b2ea0
|
|
SHA256
|
ad4ed7f36308b740c267ece08a79d89996614e092bc5a8525356077934987cb8
|
|
SSDeep
|
24:Pl4Gj9/8ExhNvILGfqIttGNavgDvrOrR/U6d1yUYL1lIYvWgh7UaIzm:P2yTxnvIL7IswvgvaqahU53h7p
|
|
Also Known As
|
c:\users\jpenum\appdata\local\temp\temporary internet files\content.ie5\index.dat (Modified File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
32.00 KB
|
|
MD5
|
777a1be14ca9df724f6ac1f470194b0a
|
|
SHA1
|
8b52e77e167435bddad31eae2df4e04256782233
|
|
SHA256
|
692202f2c086ecd363d06d6c41db7cf1a319f68ff5f38418cb1fe060ccb170b0
|
|
SSDeep
|
3:qRFiJ2totWIltvl3sl5ll4NzugqXZullSh/1/txRt/r/i//llevRR//:qjyxEUhAXZu/SJj1ji1IRX
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
2.98 KB
|
|
MD5
|
f06c426e60a245af24494f9752f83f88
|
|
SHA1
|
19e0ba2bb1fbfae9c9e19afc9c11e5910f11ca96
|
|
SHA256
|
98f0b910c36ef2ed53b65e8b70e8733464e28f875df5d47ef701dc7f99754578
|
|
SSDeep
|
48:P2yTxnvIL7IswvgvaqahU53h7xjXR7L1s0ou1XR7L1s0ou1XR7L1s0ou1n:P2avyIrgv9gEVx1psvut1psvut1psvut
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
0.60 KB
|
|
MD5
|
994741989ba591b1c5e097d91b60dfc5
|
|
SHA1
|
044b366541ab4e12456059c37ba4c37af3dfca5f
|
|
SHA256
|
513d4dfcfe24cfedd666d0c551ed11388cc98e5898275bbad784145266d9eef0
|
|
SSDeep
|
12:KXVegxxM1oyMzy7KW9EQ863Aw5hRTvhtEFLGgp1kR71sKVH:Pl4Gj9/8ExhNvILGfqIH
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1.62 KB
|
|
MD5
|
b9f0f1bc1b32a411839c3290785cb2ac
|
|
SHA1
|
29650a5a670c5adfaea6a3ab409bce1a19af8b99
|
|
SHA256
|
0e0a4a6f87edf9189ac73974f61d38d854a8a7d86cc429ab4dc5b515a741f7fd
|
|
SSDeep
|
24:Pl4Gj9/8ExhNvILGfqIttGNavgDvrOrR/U6d1yUYL1lIYvWgh7UaIzeaaCQ8OZVa:P2yTxnvIL7IswvgvaqahU53h7xjXR70
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
0.26 KB
|
|
MD5
|
fc67b6992fee084a0ca0635b98b9f6d9
|
|
SHA1
|
395b35ad7b955d380f76b15654219c8f0df4c151
|
|
SHA256
|
f7c03f2f3d92c01ed269b2f5fc3ccaa02e1559e20e164775fe135e0a3a5a6f36
|
|
SSDeep
|
6:t9OXVegxGqWZCrMFb0V4CyM2uC77KW9SRfbk9s:KXVegxxM1oyMzy7KW9EQi
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
0.94 KB
|
|
MD5
|
7cf1e7b6af8bf858baf4c6e2c6895870
|
|
SHA1
|
58f02df49cf9877b1a246cc0c9d47b2b4c8edcfa
|
|
SHA256
|
5b91a94add2dd8e98d5de0fc3bbecea0497205139653dbb60284e4ff2544f554
|
|
SSDeep
|
24:Pl4Gj9/8ExhNvILGfqIttGNavgDvrOrR/U6d1+:P2yTxnvIL7Iswvgvaqa+
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
2.30 KB
|
|
MD5
|
9ed4d3bc8a00a12c80f9e8d80423542a
|
|
SHA1
|
b52ffc461844c1b5227caf30fbb39b3a270c71f1
|
|
SHA256
|
ece76c8cfeec585ee9b2a1e4b183895d45be71cd5c3032bbd8a036607f300b99
|
|
SSDeep
|
48:P2yTxnvIL7IswvgvaqahU53h7xjXR7L1s0ou1XR7L1s0ouq:P2avyIrgv9gEVx1psvut1psvuq
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.40 KB
|
|
MD5
|
7bc6619ebfd2220192f0156c79530256
|
|
SHA1
|
45d5e0f84d6702cff7d3ad9c94b646df858fb87d
|
|
SHA256
|
7ecd2934009bd46e05769f1cc3362db668fac79644e75d070145365e75a75be7
|
|
SSDeep
|
12:bsP6M8U4Xp2BEAtLgpgb5gLO30+kSgpgb5gLOy:gP63UspEpFg4iL2lg4iLP
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.30 KB
|
|
MD5
|
25279e0c3d41dcc281f5f903b169810b
|
|
SHA1
|
6bb3dd1027cedfea8283e07d49d53308314216d3
|
|
SHA256
|
3c3fcab9f6ec4396d972a01404ccf54d16d3ac09ad16e2eaaf33c16f54af770f
|
|
SSDeep
|
6:bClP6M8U4XIUV07FheRAtXYOrDyEN23fRgb5gQCO5wozm10a+qPdn:bsP6M8U4Xp2BEAtLgpgb5gLO30+m
|
|
Mime Type
|
image/jpeg
|
|
File Size
|
1.24 MB
|
|
MD5
|
5b9849e016ab5210cbc8e78a1fdd3671
|
|
SHA1
|
560091b2bdf518dd892016722da62fa613d5e958
|
|
SHA256
|
76a430452cf0bbb0e429675afd0bf1ff9bb9391f6d41dc293afd6ef06abb7c15
|
|
SSDeep
|
24576:iJeNNh5l9eiuUVJlVkw0P8LP5A90RT5x0tjNbhC86F:iJeNNTlpVJRfLPo0zx+hClF
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
0.03 KB
|
|
MD5
|
74b7dba5f2d2c6ee0b33d3392da83d16
|
|
SHA1
|
71f88ba6cddc9fc7981593e9a1626fb38b31ebdd
|
|
SHA256
|
a772d643043e9e4d10ce3cbefad39cd312cac38fd30f4f36edcead88df5fc6b5
|
|
SSDeep
|
3:cE62oAttn:c0rttn
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.42 KB
|
|
MD5
|
c5293974b91460d812105f7c9ec8f1e2
|
|
SHA1
|
08794bb1f666efb6fa9ef399ce6146e497933c53
|
|
SHA256
|
33868f1fa3247f2c0d6614eae55ed59cc8fbd72acee626037247ca954a413ef5
|
|
SSDeep
|
12:Qw5R6pORbloaHlrNQnloj495MYD3BNjlCKVSyGluw:QkRLRb1lrgmcvDxRx2luw
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.45 KB
|
|
MD5
|
f365a01801e01a3984d4f011e2da5853
|
|
SHA1
|
b506cf6b9ddb53a77d2e9e09d0d485627d639a84
|
|
SHA256
|
63d0e1c20df29a7a335eb24949b3c9d279f1c4d7aad8051fd8ad3becd3e1c8d9
|
|
SSDeep
|
12:bsP6M8U4Xp2BEAtLgpgb5gLO30+kSgpgb5gLOtJev:gP63UspEpFg4iL2lg4iLcev
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.24 KB
|
|
MD5
|
f95ece5e438edc7113c66093f0acbe94
|
|
SHA1
|
6548c30bbffd0841a4fbba57d3b67084000fef54
|
|
SHA256
|
e2caa554d113310855f5401c979521aa88cf0fe91e87f0e271c1bde34add3215
|
|
SSDeep
|
6:bClP6M8U4XIUV07FheRAtXYOrDyEN23fRgb5gQCO5wE:bsP6M8U4Xp2BEAtLgpgb5gLOr
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.42 KB
|
|
MD5
|
1e95aca3f45b6459e50e52bb8e3ffc24
|
|
SHA1
|
2c4878eb3ead53f98df38c19dc608192d7ef4c0d
|
|
SHA256
|
2b596ae87bee99a0609dedc313ce235a54ba6fb8e51f0bdd81187601fb2d9f5d
|
|
SSDeep
|
12:bsP6M8U4Xp2BEAtLgpgb5gLO30+kSgpgb5gLOtJV:gP63UspEpFg4iL2lg4iLcV
|
|
Mime Type
|
application/CDFV2-unknown
|
|
File Size
|
20.00 KB
|
|
MD5
|
13dcdb97a37b18e053c6ec56012b187d
|
|
SHA1
|
1fb252bfb82c4ec9da5825665b243193703c2893
|
|
SHA256
|
9ef634a98b3994acd7662c870fd2026fc27f17a97cdc01a1874e597229395e19
|
|
SSDeep
|
48:8M2B39dtbu2+KOvlBuUJVHdASAp0uSicYOvAbdASsOvvrlpj:8LB3g5llBdJV+0WcBOxpj
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
156.01 KB
|
|
MD5
|
6ddcd0652b02be46033cf067345ab620
|
|
SHA1
|
a6c9588293a88eeb8f20cb7fb33fba2b65910409
|
|
SHA256
|
b47f07be855ff9c70860856cf512427cc4b130da1607c55781a2e1c7233b596e
|
|
SSDeep
|
3072:0karRKLIauTODUD239BsvJWMPGD35qTtdZi+:TLIavDUDSuvnGDg1i+
|
|
Mime Type
|
application/x-dosexec
|
|
File Size
|
131.00 KB
|
|
MD5
|
a06ba919e980d32e0ebe80ddfa099524
|
|
SHA1
|
2a1c0cbec1cbf5774a6d00fc3a14d2ce979026d1
|
|
SHA256
|
b8074d53c56f7deb5832af3894ec20a21d1162252f177984807eb30fc1152fc8
|
|
SSDeep
|
3072:BkarRKLIauTODUD239BsvJWMPGD35qTtdZ:+LIavDUDSuvnGDg1
|
|
ImpHash
|
9f71a25b0d703c37414b356941a445d4
|
|
Image Base
|
0x10000000
|
|
Entry Point
|
0x1000a6af
|
|
Size Of Code
|
0x17000
|
|
Size Of Initialized Data
|
0x9800
|
|
File Type
|
dll
|
|
Subsystem
|
windows_gui
|
|
Machine Type
|
i386
|
|
Compile Timestamp
|
2018-05-16 12:02:43+00:00
|
|
Name
|
Virtual Address
|
Virtual Size
|
Raw Data Size
|
Raw Data Offset
|
Flags
|
Entropy
|
|
.text
|
0x10001000
|
0x16e0a
|
0x17000
|
0x400
|
cnt_code, mem_execute, mem_read
|
6.56
|
|
.rdata
|
0x10018000
|
0x645d
|
0x6600
|
0x17400
|
cnt_initialized_data, mem_read
|
4.71
|
|
.data
|
0x1001f000
|
0x2c3c
|
0x1000
|
0x1da00
|
cnt_initialized_data, mem_read, mem_write
|
2.53
|
|
.rsrc
|
0x10022000
|
0x1b4
|
0x200
|
0x1ea00
|
cnt_initialized_data, mem_read
|
5.1
|
|
.reloc
|
0x10023000
|
0x1efe
|
0x2000
|
0x1ec00
|
cnt_initialized_data, mem_discardable, mem_read
|
4.79
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
RpcStringFreeW
|
0x0
|
0x10018194
|
0x1d980
|
0x1cd80
|
0x1ea
|
|
UuidToStringW
|
0x0
|
0x10018198
|
0x1d984
|
0x1cd84
|
0x1fc
|
|
UuidCreate
|
0x0
|
0x1001819c
|
0x1d988
|
0x1cd88
|
0x1f3
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
(by ordinal)
|
0x20
|
0x100181f4
|
0x1d9e0
|
0x1cde0
|
-
|
|
(by ordinal)
|
0x31
|
0x100181f8
|
0x1d9e4
|
0x1cde4
|
-
|
|
(by ordinal)
|
0x4a
|
0x100181fc
|
0x1d9e8
|
0x1cde8
|
-
|
|
(by ordinal)
|
0x91
|
0x10018200
|
0x1d9ec
|
0x1cdec
|
-
|
|
(by ordinal)
|
0x67
|
0x10018204
|
0x1d9f0
|
0x1cdf0
|
-
|
|
(by ordinal)
|
0x7d
|
0x10018208
|
0x1d9f4
|
0x1cdf4
|
-
|
|
(by ordinal)
|
0x11
|
0x1001820c
|
0x1d9f8
|
0x1cdf8
|
-
|
|
(by ordinal)
|
0x8
|
0x10018210
|
0x1d9fc
|
0x1cdfc
|
-
|
|
(by ordinal)
|
0x9f
|
0x10018214
|
0x1da00
|
0x1ce00
|
-
|
|
(by ordinal)
|
0x78
|
0x10018218
|
0x1da04
|
0x1ce04
|
-
|
|
(by ordinal)
|
0xa0
|
0x1001821c
|
0x1da08
|
0x1ce08
|
-
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
WriteConsoleW
|
0x0
|
0x10018024
|
0x1d810
|
0x1cc10
|
0x48c
|
|
GetConsoleOutputCP
|
0x0
|
0x10018028
|
0x1d814
|
0x1cc14
|
0x199
|
|
WriteConsoleA
|
0x0
|
0x1001802c
|
0x1d818
|
0x1cc18
|
0x482
|
|
SetStdHandle
|
0x0
|
0x10018030
|
0x1d81c
|
0x1cc1c
|
0x3fc
|
|
HeapSize
|
0x0
|
0x10018034
|
0x1d820
|
0x1cc20
|
0x2a6
|
|
InitializeCriticalSectionAndSpinCount
|
0x0
|
0x10018038
|
0x1d824
|
0x1cc24
|
0x2b5
|
|
MultiByteToWideChar
|
0x0
|
0x1001803c
|
0x1d828
|
0x1cc28
|
0x31a
|
|
GetLastError
|
0x0
|
0x10018040
|
0x1d82c
|
0x1cc2c
|
0x1e6
|
|
LoadResource
|
0x0
|
0x10018044
|
0x1d830
|
0x1cc30
|
0x2f6
|
|
LockResource
|
0x0
|
0x10018048
|
0x1d834
|
0x1cc34
|
0x307
|
|
SizeofResource
|
0x0
|
0x1001804c
|
0x1d838
|
0x1cc38
|
0x420
|
|
FindResourceW
|
0x0
|
0x10018050
|
0x1d83c
|
0x1cc3c
|
0x139
|
|
FindResourceExW
|
0x0
|
0x10018054
|
0x1d840
|
0x1cc40
|
0x138
|
|
CloseHandle
|
0x0
|
0x10018058
|
0x1d844
|
0x1cc44
|
0x43
|
|
WaitForSingleObject
|
0x0
|
0x1001805c
|
0x1d848
|
0x1cc48
|
0x464
|
|
GetModuleHandleW
|
0x0
|
0x10018060
|
0x1d84c
|
0x1cc4c
|
0x1f9
|
|
CreateFileW
|
0x0
|
0x10018064
|
0x1d850
|
0x1cc50
|
0x7f
|
|
GetCurrentThreadId
|
0x0
|
0x10018068
|
0x1d854
|
0x1cc54
|
0x1ad
|
|
GetVersionExW
|
0x0
|
0x1001806c
|
0x1d858
|
0x1cc58
|
0x276
|
|
GetCurrentProcess
|
0x0
|
0x10018070
|
0x1d85c
|
0x1cc5c
|
0x1a9
|
|
CompareStringW
|
0x0
|
0x10018074
|
0x1d860
|
0x1cc60
|
0x55
|
|
WriteFile
|
0x0
|
0x10018078
|
0x1d864
|
0x1cc64
|
0x48d
|
|
WritePrivateProfileStringW
|
0x0
|
0x1001807c
|
0x1d868
|
0x1cc68
|
0x493
|
|
GetPrivateProfileStringW
|
0x0
|
0x10018080
|
0x1d86c
|
0x1cc6c
|
0x21d
|
|
Sleep
|
0x0
|
0x10018084
|
0x1d870
|
0x1cc70
|
0x421
|
|
GetExitCodeProcess
|
0x0
|
0x10018088
|
0x1d874
|
0x1cc74
|
0x1c5
|
|
LoadLibraryA
|
0x0
|
0x1001808c
|
0x1d878
|
0x1cc78
|
0x2f1
|
|
CreateProcessW
|
0x0
|
0x10018090
|
0x1d87c
|
0x1cc7c
|
0x97
|
|
GetConsoleMode
|
0x0
|
0x10018094
|
0x1d880
|
0x1cc80
|
0x195
|
|
GetConsoleCP
|
0x0
|
0x10018098
|
0x1d884
|
0x1cc84
|
0x183
|
|
SetFilePointer
|
0x0
|
0x1001809c
|
0x1d888
|
0x1cc88
|
0x3df
|
|
GetLocaleInfoA
|
0x0
|
0x100180a0
|
0x1d88c
|
0x1cc8c
|
0x1e8
|
|
GetStringTypeW
|
0x0
|
0x100180a4
|
0x1d890
|
0x1cc90
|
0x240
|
|
SetEnvironmentVariableA
|
0x0
|
0x100180a8
|
0x1d894
|
0x1cc94
|
0x3d0
|
|
SetEnvironmentVariableW
|
0x0
|
0x100180ac
|
0x1d898
|
0x1cc98
|
0x3d1
|
|
CreateFileA
|
0x0
|
0x100180b0
|
0x1d89c
|
0x1cc9c
|
0x78
|
|
FlushFileBuffers
|
0x0
|
0x100180b4
|
0x1d8a0
|
0x1cca0
|
0x141
|
|
InitializeCriticalSection
|
0x0
|
0x100180b8
|
0x1d8a4
|
0x1cca4
|
0x2b4
|
|
GetTempPathW
|
0x0
|
0x100180bc
|
0x1d8a8
|
0x1cca8
|
0x25b
|
|
GetCPInfo
|
0x0
|
0x100180c0
|
0x1d8ac
|
0x1ccac
|
0x15b
|
|
GetStringTypeA
|
0x0
|
0x100180c4
|
0x1d8b0
|
0x1ccb0
|
0x23d
|
|
LCMapStringW
|
0x0
|
0x100180c8
|
0x1d8b4
|
0x1ccb4
|
0x2e3
|
|
LCMapStringA
|
0x0
|
0x100180cc
|
0x1d8b8
|
0x1ccb8
|
0x2e1
|
|
RaiseException
|
0x0
|
0x100180d0
|
0x1d8bc
|
0x1ccbc
|
0x35a
|
|
RtlUnwind
|
0x0
|
0x100180d4
|
0x1d8c0
|
0x1ccc0
|
0x392
|
|
DeleteFileW
|
0x0
|
0x100180d8
|
0x1d8c4
|
0x1ccc4
|
0xc3
|
|
RemoveDirectoryW
|
0x0
|
0x100180dc
|
0x1d8c8
|
0x1ccc8
|
0x380
|
|
CreateDirectoryW
|
0x0
|
0x100180e0
|
0x1d8cc
|
0x1cccc
|
0x71
|
|
GetCommandLineA
|
0x0
|
0x100180e4
|
0x1d8d0
|
0x1ccd0
|
0x16f
|
|
TerminateProcess
|
0x0
|
0x100180e8
|
0x1d8d4
|
0x1ccd4
|
0x42d
|
|
UnhandledExceptionFilter
|
0x0
|
0x100180ec
|
0x1d8d8
|
0x1ccd8
|
0x43e
|
|
SetUnhandledExceptionFilter
|
0x0
|
0x100180f0
|
0x1d8dc
|
0x1ccdc
|
0x415
|
|
IsDebuggerPresent
|
0x0
|
0x100180f4
|
0x1d8e0
|
0x1cce0
|
0x2d1
|
|
HeapFree
|
0x0
|
0x100180f8
|
0x1d8e4
|
0x1cce4
|
0x2a1
|
|
GetProcessHeap
|
0x0
|
0x100180fc
|
0x1d8e8
|
0x1cce8
|
0x223
|
|
InterlockedIncrement
|
0x0
|
0x10018100
|
0x1d8ec
|
0x1ccec
|
0x2c0
|
|
InterlockedDecrement
|
0x0
|
0x10018104
|
0x1d8f0
|
0x1ccf0
|
0x2bc
|
|
GetACP
|
0x0
|
0x10018108
|
0x1d8f4
|
0x1ccf4
|
0x152
|
|
GetOEMCP
|
0x0
|
0x1001810c
|
0x1d8f8
|
0x1ccf8
|
0x213
|
|
IsValidCodePage
|
0x0
|
0x10018110
|
0x1d8fc
|
0x1ccfc
|
0x2db
|
|
GetProcAddress
|
0x0
|
0x10018114
|
0x1d900
|
0x1cd00
|
0x220
|
|
TlsGetValue
|
0x0
|
0x10018118
|
0x1d904
|
0x1cd04
|
0x434
|
|
TlsAlloc
|
0x0
|
0x1001811c
|
0x1d908
|
0x1cd08
|
0x432
|
|
TlsSetValue
|
0x0
|
0x10018120
|
0x1d90c
|
0x1cd0c
|
0x435
|
|
TlsFree
|
0x0
|
0x10018124
|
0x1d910
|
0x1cd10
|
0x433
|
|
SetLastError
|
0x0
|
0x10018128
|
0x1d914
|
0x1cd14
|
0x3ec
|
|
GetFileAttributesW
|
0x0
|
0x1001812c
|
0x1d918
|
0x1cd18
|
0x1ce
|
|
ExitProcess
|
0x0
|
0x10018130
|
0x1d91c
|
0x1cd1c
|
0x104
|
|
SetHandleCount
|
0x0
|
0x10018134
|
0x1d920
|
0x1cd20
|
0x3e8
|
|
GetStdHandle
|
0x0
|
0x10018138
|
0x1d924
|
0x1cd24
|
0x23b
|
|
GetFileType
|
0x0
|
0x1001813c
|
0x1d928
|
0x1cd28
|
0x1d7
|
|
GetStartupInfoA
|
0x0
|
0x10018140
|
0x1d92c
|
0x1cd2c
|
0x239
|
|
DeleteCriticalSection
|
0x0
|
0x10018144
|
0x1d930
|
0x1cd30
|
0xbe
|
|
GetModuleFileNameA
|
0x0
|
0x10018148
|
0x1d934
|
0x1cd34
|
0x1f4
|
|
FreeEnvironmentStringsA
|
0x0
|
0x1001814c
|
0x1d938
|
0x1cd38
|
0x14a
|
|
GetEnvironmentStrings
|
0x0
|
0x10018150
|
0x1d93c
|
0x1cd3c
|
0x1bf
|
|
FreeEnvironmentStringsW
|
0x0
|
0x10018154
|
0x1d940
|
0x1cd40
|
0x14b
|
|
WideCharToMultiByte
|
0x0
|
0x10018158
|
0x1d944
|
0x1cd44
|
0x47a
|
|
GetEnvironmentStringsW
|
0x0
|
0x1001815c
|
0x1d948
|
0x1cd48
|
0x1c1
|
|
HeapCreate
|
0x0
|
0x10018160
|
0x1d94c
|
0x1cd4c
|
0x29f
|
|
HeapDestroy
|
0x0
|
0x10018164
|
0x1d950
|
0x1cd50
|
0x2a0
|
|
VirtualFree
|
0x0
|
0x10018168
|
0x1d954
|
0x1cd54
|
0x457
|
|
QueryPerformanceCounter
|
0x0
|
0x1001816c
|
0x1d958
|
0x1cd58
|
0x354
|
|
GetTickCount
|
0x0
|
0x10018170
|
0x1d95c
|
0x1cd5c
|
0x266
|
|
GetCurrentProcessId
|
0x0
|
0x10018174
|
0x1d960
|
0x1cd60
|
0x1aa
|
|
GetSystemTimeAsFileTime
|
0x0
|
0x10018178
|
0x1d964
|
0x1cd64
|
0x24f
|
|
LeaveCriticalSection
|
0x0
|
0x1001817c
|
0x1d968
|
0x1cd68
|
0x2ef
|
|
EnterCriticalSection
|
0x0
|
0x10018180
|
0x1d96c
|
0x1cd6c
|
0xd9
|
|
HeapAlloc
|
0x0
|
0x10018184
|
0x1d970
|
0x1cd70
|
0x29d
|
|
VirtualAlloc
|
0x0
|
0x10018188
|
0x1d974
|
0x1cd74
|
0x454
|
|
HeapReAlloc
|
0x0
|
0x1001818c
|
0x1d978
|
0x1cd78
|
0x2a4
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
CreateWindowExW
|
0x0
|
0x100181b8
|
0x1d9a4
|
0x1cda4
|
0x68
|
|
MessageBoxW
|
0x0
|
0x100181bc
|
0x1d9a8
|
0x1cda8
|
0x1ff
|
|
SetForegroundWindow
|
0x0
|
0x100181c0
|
0x1d9ac
|
0x1cdac
|
0x27a
|
|
AllowSetForegroundWindow
|
0x0
|
0x100181c4
|
0x1d9b0
|
0x1cdb0
|
0x6
|
|
SystemParametersInfoW
|
0x0
|
0x100181c8
|
0x1d9b4
|
0x1cdb4
|
0x2c5
|
|
AttachThreadInput
|
0x0
|
0x100181cc
|
0x1d9b8
|
0x1cdb8
|
0xc
|
|
GetWindowThreadProcessId
|
0x0
|
0x100181d0
|
0x1d9bc
|
0x1cdbc
|
0x190
|
|
GetForegroundWindow
|
0x0
|
0x100181d4
|
0x1d9c0
|
0x1cdc0
|
0x125
|
|
IsWindow
|
0x0
|
0x100181d8
|
0x1d9c4
|
0x1cdc4
|
0x1c5
|
|
ShowWindow
|
0x0
|
0x100181dc
|
0x1d9c8
|
0x1cdc8
|
0x2b8
|
|
DefWindowProcW
|
0x0
|
0x100181e0
|
0x1d9cc
|
0x1cdcc
|
0x96
|
|
BringWindowToTop
|
0x0
|
0x100181e4
|
0x1d9d0
|
0x1cdd0
|
0x10
|
|
RegisterClassExW
|
0x0
|
0x100181e8
|
0x1d9d4
|
0x1cdd4
|
0x235
|
|
UpdateWindow
|
0x0
|
0x100181ec
|
0x1d9d8
|
0x1cdd8
|
0x2e9
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
GetTokenInformation
|
0x0
|
0x10018000
|
0x1d7ec
|
0x1cbec
|
0x154
|
|
OpenProcessToken
|
0x0
|
0x10018004
|
0x1d7f0
|
0x1cbf0
|
0x1f1
|
|
RegSetValueExW
|
0x0
|
0x10018008
|
0x1d7f4
|
0x1cbf4
|
0x278
|
|
RegQueryValueExW
|
0x0
|
0x1001800c
|
0x1d7f8
|
0x1cbf8
|
0x268
|
|
RegOpenKeyExW
|
0x0
|
0x10018010
|
0x1d7fc
|
0x1cbfc
|
0x25b
|
|
RegCloseKey
|
0x0
|
0x10018014
|
0x1d800
|
0x1cc00
|
0x22a
|
|
RegDeleteValueW
|
0x0
|
0x10018018
|
0x1d804
|
0x1cc04
|
0x242
|
|
GetUserNameW
|
0x0
|
0x1001801c
|
0x1d808
|
0x1cc08
|
0x15f
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
ShellExecuteExW
|
0x0
|
0x100181a4
|
0x1d990
|
0x1cd90
|
0x117
|
|
(by ordinal)
|
0x2a8
|
0x100181a8
|
0x1d994
|
0x1cd94
|
-
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
PathFileExistsW
|
0x0
|
0x100181b0
|
0x1d99c
|
0x1cd9c
|
0x45
|
|
Api name
|
EAT Address
|
Ordinal
|
|
_CheckReboot@4
|
0x5e50
|
0x1
|
|
_InstallFinish1@4
|
0x5d80
|
0x2
|
|
_InstallFinish2@4
|
0x5fd0
|
0x3
|
|
_InstallMain@4
|
0x65e0
|
0x4
|
|
_InstallPrepare@4
|
0x4b60
|
0x5
|
|
_InstallRollback@4
|
0x67f0
|
0x6
|
|
_SubstWrappedArguments@4
|
0x68c0
|
0x7
|
|
_UninstallFinish1@4
|
0x71b0
|
0x8
|
|
_UninstallFinish2@4
|
0x8900
|
0x9
|
|
_UninstallPrepare@4
|
0x6aa0
|
0xa
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.50 KB
|
|
MD5
|
7a55267e63adf1640412c2ab6b01dac4
|
|
SHA1
|
941b1fce1a5aa8464a64b21f89e06dd65ec88dbe
|
|
SHA256
|
8ce571dfe3048386c1aee55871d7988a6723bf8800ac6258496556eab0423ab2
|
|
SSDeep
|
12:bsP6M8U4Xp2BEAtLgpgb5gLO30+kSgpgb5gLOtJeIh4:gP63UspEpFg4iL2lg4iLceF
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.13 KB
|
|
MD5
|
611d149667e47390736a8f42882df70b
|
|
SHA1
|
5e6f72f925e5b8802018c8ce2c7ce9adb3ddc00d
|
|
SHA256
|
865d59809c1c51938e120ae151c6d40a68ecc9c57a75ec903c0aaf00a7894fbe
|
|
SSDeep
|
3:bXyls86k2RMQsue90U4gvZcQdUV00GcaheRAtCXoJR3Gov:bClP6M8U4XIUV07FheRAtXYy
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.25 KB
|
|
MD5
|
af9a17b413b04101f2677e6100f03550
|
|
SHA1
|
65ba115edede6b342d3da0f6a583498900bec514
|
|
SHA256
|
9b41486c19e3de1f2083755271e292642b894da863eb44ccf736b0e619cb7110
|
|
SSDeep
|
6:bClP6M8U4XIUV07FheRAtXYOrDyEN23fRgb5gQCO5wozmb:bsP6M8U4Xp2BEAtLgpgb5gLO3K
|
|
Mime Type
|
application/x-wine-extension-ini
|
|
File Size
|
0.09 KB
|
|
MD5
|
c50f9efcbb6d5346a8d11cdbf4df75f3
|
|
SHA1
|
60e90da92d770d45500fb1f3a8a3186e14318912
|
|
SHA256
|
db79a15dce337e66cc45fafa371c057eb121360569122a8092d3b3e2972a1753
|
|
SSDeep
|
3:0NdQDjotjIAXNam+p28jqGiEI7fOLyovn:0NwoyAXNxW28CEI7Qyyn
|
|
Mime Type
|
application/x-dosexec
|
|
File Size
|
2.78 MB
|
|
MD5
|
51efb1f3b0816090a180ecbcc09b48b1
|
|
SHA1
|
2401e77e6c9e2084045e88424460441c9a01677a
|
|
SHA256
|
0329e53950720ff5d60c228c3a61109459a8e25a21b5863b4366f80305602b6c
|
|
SSDeep
|
49152:Sw80cTsjkWaYJJeNNTlpVJRfLPo0zx+hClxwA:n8sjkiUp3JBLw0zPlxw
|
|
ImpHash
|
afcdf79be1557326c854b6e20cb900a7
|
|
Parser Error Remark
|
Static analyzer was unable to completely parse the analyzed file
|
|
Image Base
|
0x400000
|
|
Entry Point
|
0x427f4a
|
|
Size Of Code
|
0x8de00
|
|
Size Of Initialized Data
|
0x239600
|
|
File Type
|
executable
|
|
Subsystem
|
windows_gui
|
|
Machine Type
|
i386
|
|
Compile Timestamp
|
2019-01-18 05:06:04+00:00
|
|
LegalCopyright
|
PnPUnattend
|
|
FileVersion
|
196.553.526.822
|
|
CompanyName
|
cttune
|
|
ProductName
|
omadmprc
|
|
ProductVersion
|
106.723.614.753
|
|
FileDescription
|
bdeunlock
|
|
OriginalFilename
|
msdt.exe
|
|
Name
|
Virtual Address
|
Virtual Size
|
Raw Data Size
|
Raw Data Offset
|
Flags
|
Entropy
|
|
.text
|
0x401000
|
0x8dd2e
|
0x8de00
|
0x400
|
cnt_code, mem_execute, mem_read
|
6.68
|
|
.rdata
|
0x48f000
|
0x2e10e
|
0x2e200
|
0x8e200
|
cnt_initialized_data, mem_read
|
5.76
|
|
.data
|
0x4be000
|
0x8f74
|
0x5200
|
0xbc400
|
cnt_initialized_data, mem_read, mem_write
|
1.2
|
|
.rsrc
|
0x4c7000
|
0x1fef9f
|
0x1ff000
|
0xc1600
|
cnt_initialized_data, mem_read
|
7.43
|
|
.reloc
|
0x6c6000
|
0x7130
|
0x7200
|
0x2c0600
|
cnt_initialized_data, mem_discardable, mem_read
|
6.78
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
WSACleanup
|
0x74
|
0x48f7c8
|
0xbad90
|
0xb9f90
|
-
|
|
socket
|
0x17
|
0x48f7cc
|
0xbad94
|
0xb9f94
|
-
|
|
inet_ntoa
|
0xc
|
0x48f7d0
|
0xbad98
|
0xb9f98
|
-
|
|
setsockopt
|
0x15
|
0x48f7d4
|
0xbad9c
|
0xb9f9c
|
-
|
|
ntohs
|
0xf
|
0x48f7d8
|
0xbada0
|
0xb9fa0
|
-
|
|
recvfrom
|
0x11
|
0x48f7dc
|
0xbada4
|
0xb9fa4
|
-
|
|
ioctlsocket
|
0xa
|
0x48f7e0
|
0xbada8
|
0xb9fa8
|
-
|
|
htons
|
0x9
|
0x48f7e4
|
0xbadac
|
0xb9fac
|
-
|
|
WSAStartup
|
0x73
|
0x48f7e8
|
0xbadb0
|
0xb9fb0
|
-
|
|
__WSAFDIsSet
|
0x97
|
0x48f7ec
|
0xbadb4
|
0xb9fb4
|
-
|
|
select
|
0x12
|
0x48f7f0
|
0xbadb8
|
0xb9fb8
|
-
|
|
accept
|
0x1
|
0x48f7f4
|
0xbadbc
|
0xb9fbc
|
-
|
|
listen
|
0xd
|
0x48f7f8
|
0xbadc0
|
0xb9fc0
|
-
|
|
bind
|
0x2
|
0x48f7fc
|
0xbadc4
|
0xb9fc4
|
-
|
|
closesocket
|
0x3
|
0x48f800
|
0xbadc8
|
0xb9fc8
|
-
|
|
WSAGetLastError
|
0x6f
|
0x48f804
|
0xbadcc
|
0xb9fcc
|
-
|
|
recv
|
0x10
|
0x48f808
|
0xbadd0
|
0xb9fd0
|
-
|
|
sendto
|
0x14
|
0x48f80c
|
0xbadd4
|
0xb9fd4
|
-
|
|
send
|
0x13
|
0x48f810
|
0xbadd8
|
0xb9fd8
|
-
|
|
inet_addr
|
0xb
|
0x48f814
|
0xbaddc
|
0xb9fdc
|
-
|
|
gethostbyname
|
0x34
|
0x48f818
|
0xbade0
|
0xb9fe0
|
-
|
|
gethostname
|
0x39
|
0x48f81c
|
0xbade4
|
0xb9fe4
|
-
|
|
connect
|
0x4
|
0x48f820
|
0xbade8
|
0xb9fe8
|
-
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
GetFileVersionInfoW
|
0x0
|
0x48f76c
|
0xbad34
|
0xb9f34
|
0x6
|
|
GetFileVersionInfoSizeW
|
0x0
|
0x48f770
|
0xbad38
|
0xb9f38
|
0x5
|
|
VerQueryValueW
|
0x0
|
0x48f774
|
0xbad3c
|
0xb9f3c
|
0xe
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
timeGetTime
|
0x0
|
0x48f7b8
|
0xbad80
|
0xb9f80
|
0x94
|
|
waveOutSetVolume
|
0x0
|
0x48f7bc
|
0xbad84
|
0xb9f84
|
0xbb
|
|
mciSendStringW
|
0x0
|
0x48f7c0
|
0xbad88
|
0xb9f88
|
0x32
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
ImageList_ReplaceIcon
|
0x0
|
0x48f088
|
0xba650
|
0xb9850
|
0x6f
|
|
ImageList_Destroy
|
0x0
|
0x48f08c
|
0xba654
|
0xb9854
|
0x54
|
|
ImageList_Remove
|
0x0
|
0x48f090
|
0xba658
|
0xb9858
|
0x6d
|
|
ImageList_SetDragCursorImage
|
0x0
|
0x48f094
|
0xba65c
|
0xb985c
|
0x72
|
|
ImageList_BeginDrag
|
0x0
|
0x48f098
|
0xba660
|
0xb9860
|
0x50
|
|
ImageList_DragEnter
|
0x0
|
0x48f09c
|
0xba664
|
0xb9864
|
0x56
|
|
ImageList_DragLeave
|
0x0
|
0x48f0a0
|
0xba668
|
0xb9868
|
0x57
|
|
ImageList_EndDrag
|
0x0
|
0x48f0a4
|
0xba66c
|
0xb986c
|
0x5e
|
|
ImageList_DragMove
|
0x0
|
0x48f0a8
|
0xba670
|
0xb9870
|
0x58
|
|
InitCommonControlsEx
|
0x0
|
0x48f0ac
|
0xba674
|
0xb9874
|
0x7b
|
|
ImageList_Create
|
0x0
|
0x48f0b0
|
0xba678
|
0xb9878
|
0x53
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
WNetUseConnectionW
|
0x0
|
0x48f3f8
|
0xba9c0
|
0xb9bc0
|
0x49
|
|
WNetCancelConnection2W
|
0x0
|
0x48f3fc
|
0xba9c4
|
0xb9bc4
|
0xc
|
|
WNetGetConnectionW
|
0x0
|
0x48f400
|
0xba9c8
|
0xb9bc8
|
0x24
|
|
WNetAddConnection2W
|
0x0
|
0x48f404
|
0xba9cc
|
0xb9bcc
|
0x6
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
InternetQueryDataAvailable
|
0x0
|
0x48f77c
|
0xbad44
|
0xb9f44
|
0x9b
|
|
InternetCloseHandle
|
0x0
|
0x48f780
|
0xbad48
|
0xb9f48
|
0x6b
|
|
InternetOpenW
|
0x0
|
0x48f784
|
0xbad4c
|
0xb9f4c
|
0x9a
|
|
InternetSetOptionW
|
0x0
|
0x48f788
|
0xbad50
|
0xb9f50
|
0xaf
|
|
InternetCrackUrlW
|
0x0
|
0x48f78c
|
0xbad54
|
0xb9f54
|
0x74
|
|
HttpQueryInfoW
|
0x0
|
0x48f790
|
0xbad58
|
0xb9f58
|
0x5a
|
|
InternetQueryOptionW
|
0x0
|
0x48f794
|
0xbad5c
|
0xb9f5c
|
0x9e
|
|
HttpOpenRequestW
|
0x0
|
0x48f798
|
0xbad60
|
0xb9f60
|
0x58
|
|
HttpSendRequestW
|
0x0
|
0x48f79c
|
0xbad64
|
0xb9f64
|
0x5e
|
|
FtpOpenFileW
|
0x0
|
0x48f7a0
|
0xbad68
|
0xb9f68
|
0x35
|
|
FtpGetFileSize
|
0x0
|
0x48f7a4
|
0xbad6c
|
0xb9f6c
|
0x32
|
|
InternetOpenUrlW
|
0x0
|
0x48f7a8
|
0xbad70
|
0xb9f70
|
0x99
|
|
InternetReadFile
|
0x0
|
0x48f7ac
|
0xbad74
|
0xb9f74
|
0x9f
|
|
InternetConnectW
|
0x0
|
0x48f7b0
|
0xbad78
|
0xb9f78
|
0x72
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
GetProcessMemoryInfo
|
0x0
|
0x48f484
|
0xbaa4c
|
0xb9c4c
|
0x15
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
IcmpCreateFile
|
0x0
|
0x48f154
|
0xba71c
|
0xb991c
|
0x85
|
|
IcmpCloseHandle
|
0x0
|
0x48f158
|
0xba720
|
0xb9920
|
0x84
|
|
IcmpSendEcho
|
0x0
|
0x48f15c
|
0xba724
|
0xb9924
|
0x87
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
DestroyEnvironmentBlock
|
0x0
|
0x48f750
|
0xbad18
|
0xb9f18
|
0x4
|
|
UnloadUserProfile
|
0x0
|
0x48f754
|
0xbad1c
|
0xb9f1c
|
0x2c
|
|
CreateEnvironmentBlock
|
0x0
|
0x48f758
|
0xbad20
|
0xb9f20
|
0x0
|
|
LoadUserProfileW
|
0x0
|
0x48f75c
|
0xbad24
|
0xb9f24
|
0x21
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
IsThemeActive
|
0x0
|
0x48f764
|
0xbad2c
|
0xb9f2c
|
0x3f
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
DuplicateHandle
|
0x0
|
0x48f164
|
0xba72c
|
0xb992c
|
0xe8
|
|
CreateThread
|
0x0
|
0x48f168
|
0xba730
|
0xb9930
|
0xb5
|
|
WaitForSingleObject
|
0x0
|
0x48f16c
|
0xba734
|
0xb9934
|
0x4f9
|
|
HeapAlloc
|
0x0
|
0x48f170
|
0xba738
|
0xb9938
|
0x2cb
|
|
GetProcessHeap
|
0x0
|
0x48f174
|
0xba73c
|
0xb993c
|
0x24a
|
|
HeapFree
|
0x0
|
0x48f178
|
0xba740
|
0xb9940
|
0x2cf
|
|
Sleep
|
0x0
|
0x48f17c
|
0xba744
|
0xb9944
|
0x4b2
|
|
GetCurrentThreadId
|
0x0
|
0x48f180
|
0xba748
|
0xb9948
|
0x1c5
|
|
MultiByteToWideChar
|
0x0
|
0x48f184
|
0xba74c
|
0xb994c
|
0x367
|
|
MulDiv
|
0x0
|
0x48f188
|
0xba750
|
0xb9950
|
0x366
|
|
GetVersionExW
|
0x0
|
0x48f18c
|
0xba754
|
0xb9954
|
0x2a4
|
|
IsWow64Process
|
0x0
|
0x48f190
|
0xba758
|
0xb9958
|
0x30e
|
|
GetSystemInfo
|
0x0
|
0x48f194
|
0xba75c
|
0xb995c
|
0x273
|
|
FreeLibrary
|
0x0
|
0x48f198
|
0xba760
|
0xb9960
|
0x162
|
|
LoadLibraryA
|
0x0
|
0x48f19c
|
0xba764
|
0xb9964
|
0x33c
|
|
GetProcAddress
|
0x0
|
0x48f1a0
|
0xba768
|
0xb9968
|
0x245
|
|
SetErrorMode
|
0x0
|
0x48f1a4
|
0xba76c
|
0xb996c
|
0x458
|
|
GetModuleFileNameW
|
0x0
|
0x48f1a8
|
0xba770
|
0xb9970
|
0x214
|
|
WideCharToMultiByte
|
0x0
|
0x48f1ac
|
0xba774
|
0xb9974
|
0x511
|
|
lstrcpyW
|
0x0
|
0x48f1b0
|
0xba778
|
0xb9978
|
0x548
|
|
lstrlenW
|
0x0
|
0x48f1b4
|
0xba77c
|
0xb997c
|
0x54e
|
|
GetModuleHandleW
|
0x0
|
0x48f1b8
|
0xba780
|
0xb9980
|
0x218
|
|
QueryPerformanceCounter
|
0x0
|
0x48f1bc
|
0xba784
|
0xb9984
|
0x3a7
|
|
VirtualFreeEx
|
0x0
|
0x48f1c0
|
0xba788
|
0xb9988
|
0x4ed
|
|
OpenProcess
|
0x0
|
0x48f1c4
|
0xba78c
|
0xb998c
|
0x380
|
|
VirtualAllocEx
|
0x0
|
0x48f1c8
|
0xba790
|
0xb9990
|
0x4ea
|
|
WriteProcessMemory
|
0x0
|
0x48f1cc
|
0xba794
|
0xb9994
|
0x52e
|
|
ReadProcessMemory
|
0x0
|
0x48f1d0
|
0xba798
|
0xb9998
|
0x3c3
|
|
CreateFileW
|
0x0
|
0x48f1d4
|
0xba79c
|
0xb999c
|
0x8f
|
|
SetFilePointerEx
|
0x0
|
0x48f1d8
|
0xba7a0
|
0xb99a0
|
0x467
|
|
SetEndOfFile
|
0x0
|
0x48f1dc
|
0xba7a4
|
0xb99a4
|
0x453
|
|
ReadFile
|
0x0
|
0x48f1e0
|
0xba7a8
|
0xb99a8
|
0x3c0
|
|
WriteFile
|
0x0
|
0x48f1e4
|
0xba7ac
|
0xb99ac
|
0x525
|
|
FlushFileBuffers
|
0x0
|
0x48f1e8
|
0xba7b0
|
0xb99b0
|
0x157
|
|
TerminateProcess
|
0x0
|
0x48f1ec
|
0xba7b4
|
0xb99b4
|
0x4c0
|
|
CreateToolhelp32Snapshot
|
0x0
|
0x48f1f0
|
0xba7b8
|
0xb99b8
|
0xbe
|
|
Process32FirstW
|
0x0
|
0x48f1f4
|
0xba7bc
|
0xb99bc
|
0x396
|
|
Process32NextW
|
0x0
|
0x48f1f8
|
0xba7c0
|
0xb99c0
|
0x398
|
|
SetFileTime
|
0x0
|
0x48f1fc
|
0xba7c4
|
0xb99c4
|
0x46a
|
|
GetFileAttributesW
|
0x0
|
0x48f200
|
0xba7c8
|
0xb99c8
|
0x1ea
|
|
FindFirstFileW
|
0x0
|
0x48f204
|
0xba7cc
|
0xb99cc
|
0x139
|
|
SetCurrentDirectoryW
|
0x0
|
0x48f208
|
0xba7d0
|
0xb99d0
|
0x44d
|
|
GetLongPathNameW
|
0x0
|
0x48f20c
|
0xba7d4
|
0xb99d4
|
0x20f
|
|
GetShortPathNameW
|
0x0
|
0x48f210
|
0xba7d8
|
0xb99d8
|
0x261
|
|
DeleteFileW
|
0x0
|
0x48f214
|
0xba7dc
|
0xb99dc
|
0xd6
|
|
FindNextFileW
|
0x0
|
0x48f218
|
0xba7e0
|
0xb99e0
|
0x145
|
|
CopyFileExW
|
0x0
|
0x48f21c
|
0xba7e4
|
0xb99e4
|
0x72
|
|
MoveFileW
|
0x0
|
0x48f220
|
0xba7e8
|
0xb99e8
|
0x363
|
|
CreateDirectoryW
|
0x0
|
0x48f224
|
0xba7ec
|
0xb99ec
|
0x81
|
|
RemoveDirectoryW
|
0x0
|
0x48f228
|
0xba7f0
|
0xb99f0
|
0x403
|
|
SetSystemPowerState
|
0x0
|
0x48f22c
|
0xba7f4
|
0xb99f4
|
0x48a
|
|
QueryPerformanceFrequency
|
0x0
|
0x48f230
|
0xba7f8
|
0xb99f8
|
0x3a8
|
|
FindResourceW
|
0x0
|
0x48f234
|
0xba7fc
|
0xb99fc
|
0x14e
|
|
LoadResource
|
0x0
|
0x48f238
|
0xba800
|
0xb9a00
|
0x341
|
|
LockResource
|
0x0
|
0x48f23c
|
0xba804
|
0xb9a04
|
0x354
|
|
SizeofResource
|
0x0
|
0x48f240
|
0xba808
|
0xb9a08
|
0x4b1
|
|
EnumResourceNamesW
|
0x0
|
0x48f244
|
0xba80c
|
0xb9a0c
|
0x102
|
|
OutputDebugStringW
|
0x0
|
0x48f248
|
0xba810
|
0xb9a10
|
0x38a
|
|
GetTempPathW
|
0x0
|
0x48f24c
|
0xba814
|
0xb9a14
|
0x285
|
|
GetTempFileNameW
|
0x0
|
0x48f250
|
0xba818
|
0xb9a18
|
0x283
|
|
DeviceIoControl
|
0x0
|
0x48f254
|
0xba81c
|
0xb9a1c
|
0xdd
|
|
GetLocalTime
|
0x0
|
0x48f258
|
0xba820
|
0xb9a20
|
0x203
|
|
CompareStringW
|
0x0
|
0x48f25c
|
0xba824
|
0xb9a24
|
0x64
|
|
GetCurrentProcess
|
0x0
|
0x48f260
|
0xba828
|
0xb9a28
|
0x1c0
|
|
EnterCriticalSection
|
0x0
|
0x48f264
|
0xba82c
|
0xb9a2c
|
0xee
|
|
LeaveCriticalSection
|
0x0
|
0x48f268
|
0xba830
|
0xb9a30
|
0x339
|
|
GetStdHandle
|
0x0
|
0x48f26c
|
0xba834
|
0xb9a34
|
0x264
|
|
CreatePipe
|
0x0
|
0x48f270
|
0xba838
|
0xb9a38
|
0xa1
|
|
InterlockedExchange
|
0x0
|
0x48f274
|
0xba83c
|
0xb9a3c
|
0x2ec
|
|
TerminateThread
|
0x0
|
0x48f278
|
0xba840
|
0xb9a40
|
0x4c1
|
|
LoadLibraryExW
|
0x0
|
0x48f27c
|
0xba844
|
0xb9a44
|
0x33e
|
|
FindResourceExW
|
0x0
|
0x48f280
|
0xba848
|
0xb9a48
|
0x14d
|
|
CopyFileW
|
0x0
|
0x48f284
|
0xba84c
|
0xb9a4c
|
0x75
|
|
VirtualFree
|
0x0
|
0x48f288
|
0xba850
|
0xb9a50
|
0x4ec
|
|
FormatMessageW
|
0x0
|
0x48f28c
|
0xba854
|
0xb9a54
|
0x15e
|
|
GetExitCodeProcess
|
0x0
|
0x48f290
|
0xba858
|
0xb9a58
|
0x1df
|
|
GetPrivateProfileStringW
|
0x0
|
0x48f294
|
0xba85c
|
0xb9a5c
|
0x242
|
|
WritePrivateProfileStringW
|
0x0
|
0x48f298
|
0xba860
|
0xb9a60
|
0x52b
|
|
GetPrivateProfileSectionW
|
0x0
|
0x48f29c
|
0xba864
|
0xb9a64
|
0x240
|
|
WritePrivateProfileSectionW
|
0x0
|
0x48f2a0
|
0xba868
|
0xb9a68
|
0x529
|
|
GetPrivateProfileSectionNamesW
|
0x0
|
0x48f2a4
|
0xba86c
|
0xb9a6c
|
0x23f
|
|
FileTimeToLocalFileTime
|
0x0
|
0x48f2a8
|
0xba870
|
0xb9a70
|
0x124
|
|
FileTimeToSystemTime
|
0x0
|
0x48f2ac
|
0xba874
|
0xb9a74
|
0x125
|
|
SystemTimeToFileTime
|
0x0
|
0x48f2b0
|
0xba878
|
0xb9a78
|
0x4bd
|
|
LocalFileTimeToFileTime
|
0x0
|
0x48f2b4
|
0xba87c
|
0xb9a7c
|
0x346
|
|
GetDriveTypeW
|
0x0
|
0x48f2b8
|
0xba880
|
0xb9a80
|
0x1d3
|
|
GetDiskFreeSpaceExW
|
0x0
|
0x48f2bc
|
0xba884
|
0xb9a84
|
0x1ce
|
|
GetDiskFreeSpaceW
|
0x0
|
0x48f2c0
|
0xba888
|
0xb9a88
|
0x1cf
|
|
GetVolumeInformationW
|
0x0
|
0x48f2c4
|
0xba88c
|
0xb9a8c
|
0x2a7
|
|
SetVolumeLabelW
|
0x0
|
0x48f2c8
|
0xba890
|
0xb9a90
|
0x4a9
|
|
CreateHardLinkW
|
0x0
|
0x48f2cc
|
0xba894
|
0xb9a94
|
0x93
|
|
SetFileAttributesW
|
0x0
|
0x48f2d0
|
0xba898
|
0xb9a98
|
0x461
|
|
CreateEventW
|
0x0
|
0x48f2d4
|
0xba89c
|
0xb9a9c
|
0x85
|
|
SetEvent
|
0x0
|
0x48f2d8
|
0xba8a0
|
0xb9aa0
|
0x459
|
|
GetEnvironmentVariableW
|
0x0
|
0x48f2dc
|
0xba8a4
|
0xb9aa4
|
0x1dc
|
|
SetEnvironmentVariableW
|
0x0
|
0x48f2e0
|
0xba8a8
|
0xb9aa8
|
0x457
|
|
GlobalLock
|
0x0
|
0x48f2e4
|
0xba8ac
|
0xb9aac
|
0x2be
|
|
GlobalUnlock
|
0x0
|
0x48f2e8
|
0xba8b0
|
0xb9ab0
|
0x2c5
|
|
GlobalAlloc
|
0x0
|
0x48f2ec
|
0xba8b4
|
0xb9ab4
|
0x2b3
|
|
GetFileSize
|
0x0
|
0x48f2f0
|
0xba8b8
|
0xb9ab8
|
0x1f0
|
|
GlobalFree
|
0x0
|
0x48f2f4
|
0xba8bc
|
0xb9abc
|
0x2ba
|
|
GlobalMemoryStatusEx
|
0x0
|
0x48f2f8
|
0xba8c0
|
0xb9ac0
|
0x2c0
|
|
Beep
|
0x0
|
0x48f2fc
|
0xba8c4
|
0xb9ac4
|
0x36
|
|
GetSystemDirectoryW
|
0x0
|
0x48f300
|
0xba8c8
|
0xb9ac8
|
0x270
|
|
HeapReAlloc
|
0x0
|
0x48f304
|
0xba8cc
|
0xb9acc
|
0x2d2
|
|
HeapSize
|
0x0
|
0x48f308
|
0xba8d0
|
0xb9ad0
|
0x2d4
|
|
GetComputerNameW
|
0x0
|
0x48f30c
|
0xba8d4
|
0xb9ad4
|
0x18f
|
|
GetWindowsDirectoryW
|
0x0
|
0x48f310
|
0xba8d8
|
0xb9ad8
|
0x2af
|
|
GetCurrentProcessId
|
0x0
|
0x48f314
|
0xba8dc
|
0xb9adc
|
0x1c1
|
|
GetProcessIoCounters
|
0x0
|
0x48f318
|
0xba8e0
|
0xb9ae0
|
0x24e
|
|
CreateProcessW
|
0x0
|
0x48f31c
|
0xba8e4
|
0xb9ae4
|
0xa8
|
|
GetProcessId
|
0x0
|
0x48f320
|
0xba8e8
|
0xb9ae8
|
0x24c
|
|
SetPriorityClass
|
0x0
|
0x48f324
|
0xba8ec
|
0xb9aec
|
0x47d
|
|
LoadLibraryW
|
0x0
|
0x48f328
|
0xba8f0
|
0xb9af0
|
0x33f
|
|
VirtualAlloc
|
0x0
|
0x48f32c
|
0xba8f4
|
0xb9af4
|
0x4e9
|
|
IsDebuggerPresent
|
0x0
|
0x48f330
|
0xba8f8
|
0xb9af8
|
0x300
|
|
GetCurrentDirectoryW
|
0x0
|
0x48f334
|
0xba8fc
|
0xb9afc
|
0x1bf
|
|
lstrcmpiW
|
0x0
|
0x48f338
|
0xba900
|
0xb9b00
|
0x545
|
|
DecodePointer
|
0x0
|
0x48f33c
|
0xba904
|
0xb9b04
|
0xca
|
|
GetLastError
|
0x0
|
0x48f340
|
0xba908
|
0xb9b08
|
0x202
|
|
RaiseException
|
0x0
|
0x48f344
|
0xba90c
|
0xb9b0c
|
0x3b1
|
|
InitializeCriticalSectionAndSpinCount
|
0x0
|
0x48f348
|
0xba910
|
0xb9b10
|
0x2e3
|
|
DeleteCriticalSection
|
0x0
|
0x48f34c
|
0xba914
|
0xb9b14
|
0xd1
|
|
InterlockedDecrement
|
0x0
|
0x48f350
|
0xba918
|
0xb9b18
|
0x2eb
|
|
InterlockedIncrement
|
0x0
|
0x48f354
|
0xba91c
|
0xb9b1c
|
0x2ef
|
|
GetCurrentThread
|
0x0
|
0x48f358
|
0xba920
|
0xb9b20
|
0x1c4
|
|
CloseHandle
|
0x0
|
0x48f35c
|
0xba924
|
0xb9b24
|
0x52
|
|
GetFullPathNameW
|
0x0
|
0x48f360
|
0xba928
|
0xb9b28
|
0x1fb
|
|
EncodePointer
|
0x0
|
0x48f364
|
0xba92c
|
0xb9b2c
|
0xea
|
|
ExitProcess
|
0x0
|
0x48f368
|
0xba930
|
0xb9b30
|
0x119
|
|
GetModuleHandleExW
|
0x0
|
0x48f36c
|
0xba934
|
0xb9b34
|
0x217
|
|
ExitThread
|
0x0
|
0x48f370
|
0xba938
|
0xb9b38
|
0x11a
|
|
GetSystemTimeAsFileTime
|
0x0
|
0x48f374
|
0xba93c
|
0xb9b3c
|
0x279
|
|
ResumeThread
|
0x0
|
0x48f378
|
0xba940
|
0xb9b40
|
0x413
|
|
GetCommandLineW
|
0x0
|
0x48f37c
|
0xba944
|
0xb9b44
|
0x187
|
|
IsProcessorFeaturePresent
|
0x0
|
0x48f380
|
0xba948
|
0xb9b48
|
0x304
|
|
IsValidCodePage
|
0x0
|
0x48f384
|
0xba94c
|
0xb9b4c
|
0x30a
|
|
GetACP
|
0x0
|
0x48f388
|
0xba950
|
0xb9b50
|
0x168
|
|
GetOEMCP
|
0x0
|
0x48f38c
|
0xba954
|
0xb9b54
|
0x237
|
|
GetCPInfo
|
0x0
|
0x48f390
|
0xba958
|
0xb9b58
|
0x172
|
|
SetLastError
|
0x0
|
0x48f394
|
0xba95c
|
0xb9b5c
|
0x473
|
|
UnhandledExceptionFilter
|
0x0
|
0x48f398
|
0xba960
|
0xb9b60
|
0x4d3
|
|
SetUnhandledExceptionFilter
|
0x0
|
0x48f39c
|
0xba964
|
0xb9b64
|
0x4a5
|
|
TlsAlloc
|
0x0
|
0x48f3a0
|
0xba968
|
0xb9b68
|
0x4c5
|
|
TlsGetValue
|
0x0
|
0x48f3a4
|
0xba96c
|
0xb9b6c
|
0x4c7
|
|
TlsSetValue
|
0x0
|
0x48f3a8
|
0xba970
|
0xb9b70
|
0x4c8
|
|
TlsFree
|
0x0
|
0x48f3ac
|
0xba974
|
0xb9b74
|
0x4c6
|
|
GetStartupInfoW
|
0x0
|
0x48f3b0
|
0xba978
|
0xb9b78
|
0x263
|
|
GetStringTypeW
|
0x0
|
0x48f3b4
|
0xba97c
|
0xb9b7c
|
0x269
|
|
SetStdHandle
|
0x0
|
0x48f3b8
|
0xba980
|
0xb9b80
|
0x487
|
|
GetFileType
|
0x0
|
0x48f3bc
|
0xba984
|
0xb9b84
|
0x1f3
|
|
GetConsoleCP
|
0x0
|
0x48f3c0
|
0xba988
|
0xb9b88
|
0x19a
|
|
GetConsoleMode
|
0x0
|
0x48f3c4
|
0xba98c
|
0xb9b8c
|
0x1ac
|
|
RtlUnwind
|
0x0
|
0x48f3c8
|
0xba990
|
0xb9b90
|
0x418
|
|
ReadConsoleW
|
0x0
|
0x48f3cc
|
0xba994
|
0xb9b94
|
0x3be
|
|
GetTimeZoneInformation
|
0x0
|
0x48f3d0
|
0xba998
|
0xb9b98
|
0x298
|
|
GetDateFormatW
|
0x0
|
0x48f3d4
|
0xba99c
|
0xb9b9c
|
0x1c8
|
|
GetTimeFormatW
|
0x0
|
0x48f3d8
|
0xba9a0
|
0xb9ba0
|
0x297
|
|
LCMapStringW
|
0x0
|
0x48f3dc
|
0xba9a4
|
0xb9ba4
|
0x32d
|
|
GetEnvironmentStringsW
|
0x0
|
0x48f3e0
|
0xba9a8
|
0xb9ba8
|
0x1da
|
|
FreeEnvironmentStringsW
|
0x0
|
0x48f3e4
|
0xba9ac
|
0xb9bac
|
0x161
|
|
WriteConsoleW
|
0x0
|
0x48f3e8
|
0xba9b0
|
0xb9bb0
|
0x524
|
|
FindClose
|
0x0
|
0x48f3ec
|
0xba9b4
|
0xb9bb4
|
0x12e
|
|
SetEnvironmentVariableA
|
0x0
|
0x48f3f0
|
0xba9b8
|
0xb9bb8
|
0x456
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
AdjustWindowRectEx
|
0x0
|
0x48f4cc
|
0xbaa94
|
0xb9c94
|
0x3
|
|
CopyImage
|
0x0
|
0x48f4d0
|
0xbaa98
|
0xb9c98
|
0x54
|
|
SetWindowPos
|
0x0
|
0x48f4d4
|
0xbaa9c
|
0xb9c9c
|
0x2c6
|
|
GetCursorInfo
|
0x0
|
0x48f4d8
|
0xbaaa0
|
0xb9ca0
|
0x11f
|
|
RegisterHotKey
|
0x0
|
0x48f4dc
|
0xbaaa4
|
0xb9ca4
|
0x256
|
|
ClientToScreen
|
0x0
|
0x48f4e0
|
0xbaaa8
|
0xb9ca8
|
0x47
|
|
GetKeyboardLayoutNameW
|
0x0
|
0x48f4e4
|
0xbaaac
|
0xb9cac
|
0x141
|
|
IsCharAlphaW
|
0x0
|
0x48f4e8
|
0xbaab0
|
0xb9cb0
|
0x1c4
|
|
IsCharAlphaNumericW
|
0x0
|
0x48f4ec
|
0xbaab4
|
0xb9cb4
|
0x1c3
|
|
IsCharLowerW
|
0x0
|
0x48f4f0
|
0xbaab8
|
0xb9cb8
|
0x1c6
|
|
IsCharUpperW
|
0x0
|
0x48f4f4
|
0xbaabc
|
0xb9cbc
|
0x1c8
|
|
GetMenuStringW
|
0x0
|
0x48f4f8
|
0xbaac0
|
0xb9cc0
|
0x158
|
|
GetSubMenu
|
0x0
|
0x48f4fc
|
0xbaac4
|
0xb9cc4
|
0x17a
|
|
GetCaretPos
|
0x0
|
0x48f500
|
0xbaac8
|
0xb9cc8
|
0x10a
|
|
IsZoomed
|
0x0
|
0x48f504
|
0xbaacc
|
0xb9ccc
|
0x1e2
|
|
MonitorFromPoint
|
0x0
|
0x48f508
|
0xbaad0
|
0xb9cd0
|
0x218
|
|
GetMonitorInfoW
|
0x0
|
0x48f50c
|
0xbaad4
|
0xb9cd4
|
0x15f
|
|
SetWindowLongW
|
0x0
|
0x48f510
|
0xbaad8
|
0xb9cd8
|
0x2c4
|
|
SetLayeredWindowAttributes
|
0x0
|
0x48f514
|
0xbaadc
|
0xb9cdc
|
0x298
|
|
FlashWindow
|
0x0
|
0x48f518
|
0xbaae0
|
0xb9ce0
|
0xfb
|
|
GetClassLongW
|
0x0
|
0x48f51c
|
0xbaae4
|
0xb9ce4
|
0x110
|
|
TranslateAcceleratorW
|
0x0
|
0x48f520
|
0xbaae8
|
0xb9ce8
|
0x2fa
|
|
IsDialogMessageW
|
0x0
|
0x48f524
|
0xbaaec
|
0xb9cec
|
0x1cd
|
|
GetSysColor
|
0x0
|
0x48f528
|
0xbaaf0
|
0xb9cf0
|
0x17b
|
|
InflateRect
|
0x0
|
0x48f52c
|
0xbaaf4
|
0xb9cf4
|
0x1b5
|
|
DrawFocusRect
|
0x0
|
0x48f530
|
0xbaaf8
|
0xb9cf8
|
0xc4
|
|
DrawTextW
|
0x0
|
0x48f534
|
0xbaafc
|
0xb9cfc
|
0xd0
|
|
FrameRect
|
0x0
|
0x48f538
|
0xbab00
|
0xb9d00
|
0xfd
|
|
DrawFrameControl
|
0x0
|
0x48f53c
|
0xbab04
|
0xb9d04
|
0xc6
|
|
FillRect
|
0x0
|
0x48f540
|
0xbab08
|
0xb9d08
|
0xf6
|
|
PtInRect
|
0x0
|
0x48f544
|
0xbab0c
|
0xb9d0c
|
0x240
|
|
DestroyAcceleratorTable
|
0x0
|
0x48f548
|
0xbab10
|
0xb9d10
|
0xa0
|
|
CreateAcceleratorTableW
|
0x0
|
0x48f54c
|
0xbab14
|
0xb9d14
|
0x58
|
|
SetCursor
|
0x0
|
0x48f550
|
0xbab18
|
0xb9d18
|
0x288
|
|
GetWindowDC
|
0x0
|
0x48f554
|
0xbab1c
|
0xb9d1c
|
0x192
|
|
GetSystemMetrics
|
0x0
|
0x48f558
|
0xbab20
|
0xb9d20
|
0x17e
|
|
GetActiveWindow
|
0x0
|
0x48f55c
|
0xbab24
|
0xb9d24
|
0x100
|
|
CharNextW
|
0x0
|
0x48f560
|
0xbab28
|
0xb9d28
|
0x31
|
|
wsprintfW
|
0x0
|
0x48f564
|
0xbab2c
|
0xb9d2c
|
0x333
|
|
RedrawWindow
|
0x0
|
0x48f568
|
0xbab30
|
0xb9d30
|
0x24a
|
|
DrawMenuBar
|
0x0
|
0x48f56c
|
0xbab34
|
0xb9d34
|
0xc9
|
|
DestroyMenu
|
0x0
|
0x48f570
|
0xbab38
|
0xb9d38
|
0xa4
|
|
SetMenu
|
0x0
|
0x48f574
|
0xbab3c
|
0xb9d3c
|
0x29c
|
|
GetWindowTextLengthW
|
0x0
|
0x48f578
|
0xbab40
|
0xb9d40
|
0x1a2
|
|
CreateMenu
|
0x0
|
0x48f57c
|
0xbab44
|
0xb9d44
|
0x6a
|
|
IsDlgButtonChecked
|
0x0
|
0x48f580
|
0xbab48
|
0xb9d48
|
0x1ce
|
|
DefDlgProcW
|
0x0
|
0x48f584
|
0xbab4c
|
0xb9d4c
|
0x95
|
|
CallWindowProcW
|
0x0
|
0x48f588
|
0xbab50
|
0xb9d50
|
0x1e
|
|
ReleaseCapture
|
0x0
|
0x48f58c
|
0xbab54
|
0xb9d54
|
0x264
|
|
SetCapture
|
0x0
|
0x48f590
|
0xbab58
|
0xb9d58
|
0x280
|
|
CreateIconFromResourceEx
|
0x0
|
0x48f594
|
0xbab5c
|
0xb9d5c
|
0x66
|
|
mouse_event
|
0x0
|
0x48f598
|
0xbab60
|
0xb9d60
|
0x331
|
|
ExitWindowsEx
|
0x0
|
0x48f59c
|
0xbab64
|
0xb9d64
|
0xf5
|
|
SetActiveWindow
|
0x0
|
0x48f5a0
|
0xbab68
|
0xb9d68
|
0x27f
|
|
FindWindowExW
|
0x0
|
0x48f5a4
|
0xbab6c
|
0xb9d6c
|
0xf9
|
|
EnumThreadWindows
|
0x0
|
0x48f5a8
|
0xbab70
|
0xb9d70
|
0xef
|
|
SetMenuDefaultItem
|
0x0
|
0x48f5ac
|
0xbab74
|
0xb9d74
|
0x29e
|
|
InsertMenuItemW
|
0x0
|
0x48f5b0
|
0xbab78
|
0xb9d78
|
0x1b9
|
|
IsMenu
|
0x0
|
0x48f5b4
|
0xbab7c
|
0xb9d7c
|
0x1d2
|
|
TrackPopupMenuEx
|
0x0
|
0x48f5b8
|
0xbab80
|
0xb9d80
|
0x2f7
|
|
GetCursorPos
|
0x0
|
0x48f5bc
|
0xbab84
|
0xb9d84
|
0x120
|
|
DeleteMenu
|
0x0
|
0x48f5c0
|
0xbab88
|
0xb9d88
|
0x9e
|
|
SetRect
|
0x0
|
0x48f5c4
|
0xbab8c
|
0xb9d8c
|
0x2ae
|
|
GetMenuItemID
|
0x0
|
0x48f5c8
|
0xbab90
|
0xb9d90
|
0x152
|
|
GetMenuItemCount
|
0x0
|
0x48f5cc
|
0xbab94
|
0xb9d94
|
0x151
|
|
SetMenuItemInfoW
|
0x0
|
0x48f5d0
|
0xbab98
|
0xb9d98
|
0x2a2
|
|
GetMenuItemInfoW
|
0x0
|
0x48f5d4
|
0xbab9c
|
0xb9d9c
|
0x154
|
|
SetForegroundWindow
|
0x0
|
0x48f5d8
|
0xbaba0
|
0xb9da0
|
0x293
|
|
IsIconic
|
0x0
|
0x48f5dc
|
0xbaba4
|
0xb9da4
|
0x1d1
|
|
FindWindowW
|
0x0
|
0x48f5e0
|
0xbaba8
|
0xb9da8
|
0xfa
|
|
MonitorFromRect
|
0x0
|
0x48f5e4
|
0xbabac
|
0xb9dac
|
0x219
|
|
keybd_event
|
0x0
|
0x48f5e8
|
0xbabb0
|
0xb9db0
|
0x330
|
|
SendInput
|
0x0
|
0x48f5ec
|
0xbabb4
|
0xb9db4
|
0x276
|
|
GetAsyncKeyState
|
0x0
|
0x48f5f0
|
0xbabb8
|
0xb9db8
|
0x107
|
|
SetKeyboardState
|
0x0
|
0x48f5f4
|
0xbabbc
|
0xb9dbc
|
0x296
|
|
GetKeyboardState
|
0x0
|
0x48f5f8
|
0xbabc0
|
0xb9dc0
|
0x142
|
|
GetKeyState
|
0x0
|
0x48f5fc
|
0xbabc4
|
0xb9dc4
|
0x13d
|
|
VkKeyScanW
|
0x0
|
0x48f600
|
0xbabc8
|
0xb9dc8
|
0x321
|
|
LoadStringW
|
0x0
|
0x48f604
|
0xbabcc
|
0xb9dcc
|
0x1fa
|
|
DialogBoxParamW
|
0x0
|
0x48f608
|
0xbabd0
|
0xb9dd0
|
0xac
|
|
MessageBeep
|
0x0
|
0x48f60c
|
0xbabd4
|
0xb9dd4
|
0x20d
|
|
EndDialog
|
0x0
|
0x48f610
|
0xbabd8
|
0xb9dd8
|
0xda
|
|
SendDlgItemMessageW
|
0x0
|
0x48f614
|
0xbabdc
|
0xb9ddc
|
0x273
|
|
GetDlgItem
|
0x0
|
0x48f618
|
0xbabe0
|
0xb9de0
|
0x127
|
|
SetWindowTextW
|
0x0
|
0x48f61c
|
0xbabe4
|
0xb9de4
|
0x2cb
|
|
CopyRect
|
0x0
|
0x48f620
|
0xbabe8
|
0xb9de8
|
0x55
|
|
ReleaseDC
|
0x0
|
0x48f624
|
0xbabec
|
0xb9dec
|
0x265
|
|
GetDC
|
0x0
|
0x48f628
|
0xbabf0
|
0xb9df0
|
0x121
|
|
EndPaint
|
0x0
|
0x48f62c
|
0xbabf4
|
0xb9df4
|
0xdc
|
|
BeginPaint
|
0x0
|
0x48f630
|
0xbabf8
|
0xb9df8
|
0xe
|
|
GetClientRect
|
0x0
|
0x48f634
|
0xbabfc
|
0xb9dfc
|
0x114
|
|
GetMenu
|
0x0
|
0x48f638
|
0xbac00
|
0xb9e00
|
0x14b
|
|
DestroyWindow
|
0x0
|
0x48f63c
|
0xbac04
|
0xb9e04
|
0xa6
|
|
EnumWindows
|
0x0
|
0x48f640
|
0xbac08
|
0xb9e08
|
0xf2
|
|
GetDesktopWindow
|
0x0
|
0x48f644
|
0xbac0c
|
0xb9e0c
|
0x123
|
|
IsWindow
|
0x0
|
0x48f648
|
0xbac10
|
0xb9e10
|
0x1db
|
|
IsWindowEnabled
|
0x0
|
0x48f64c
|
0xbac14
|
0xb9e14
|
0x1dc
|
|
IsWindowVisible
|
0x0
|
0x48f650
|
0xbac18
|
0xb9e18
|
0x1e0
|
|
EnableWindow
|
0x0
|
0x48f654
|
0xbac1c
|
0xb9e1c
|
0xd8
|
|
InvalidateRect
|
0x0
|
0x48f658
|
0xbac20
|
0xb9e20
|
0x1be
|
|
GetWindowLongW
|
0x0
|
0x48f65c
|
0xbac24
|
0xb9e24
|
0x196
|
|
GetWindowThreadProcessId
|
0x0
|
0x48f660
|
0xbac28
|
0xb9e28
|
0x1a4
|
|
AttachThreadInput
|
0x0
|
0x48f664
|
0xbac2c
|
0xb9e2c
|
0xc
|
|
GetFocus
|
0x0
|
0x48f668
|
0xbac30
|
0xb9e30
|
0x12c
|
|
GetWindowTextW
|
0x0
|
0x48f66c
|
0xbac34
|
0xb9e34
|
0x1a3
|
|
ScreenToClient
|
0x0
|
0x48f670
|
0xbac38
|
0xb9e38
|
0x26d
|
|
SendMessageTimeoutW
|
0x0
|
0x48f674
|
0xbac3c
|
0xb9e3c
|
0x27b
|
|
EnumChildWindows
|
0x0
|
0x48f678
|
0xbac40
|
0xb9e40
|
0xdf
|
|
CharUpperBuffW
|
0x0
|
0x48f67c
|
0xbac44
|
0xb9e44
|
0x3b
|
|
GetParent
|
0x0
|
0x48f680
|
0xbac48
|
0xb9e48
|
0x164
|
|
GetDlgCtrlID
|
0x0
|
0x48f684
|
0xbac4c
|
0xb9e4c
|
0x126
|
|
SendMessageW
|
0x0
|
0x48f688
|
0xbac50
|
0xb9e50
|
0x27c
|
|
MapVirtualKeyW
|
0x0
|
0x48f68c
|
0xbac54
|
0xb9e54
|
0x208
|
|
PostMessageW
|
0x0
|
0x48f690
|
0xbac58
|
0xb9e58
|
0x236
|
|
GetWindowRect
|
0x0
|
0x48f694
|
0xbac5c
|
0xb9e5c
|
0x19c
|
|
SetUserObjectSecurity
|
0x0
|
0x48f698
|
0xbac60
|
0xb9e60
|
0x2be
|
|
CloseDesktop
|
0x0
|
0x48f69c
|
0xbac64
|
0xb9e64
|
0x4a
|
|
CloseWindowStation
|
0x0
|
0x48f6a0
|
0xbac68
|
0xb9e68
|
0x4e
|
|
OpenDesktopW
|
0x0
|
0x48f6a4
|
0xbac6c
|
0xb9e6c
|
0x228
|
|
SetProcessWindowStation
|
0x0
|
0x48f6a8
|
0xbac70
|
0xb9e70
|
0x2aa
|
|
GetProcessWindowStation
|
0x0
|
0x48f6ac
|
0xbac74
|
0xb9e74
|
0x168
|
|
OpenWindowStationW
|
0x0
|
0x48f6b0
|
0xbac78
|
0xb9e78
|
0x22d
|
|
GetUserObjectSecurity
|
0x0
|
0x48f6b4
|
0xbac7c
|
0xb9e7c
|
0x18c
|
|
MessageBoxW
|
0x0
|
0x48f6b8
|
0xbac80
|
0xb9e80
|
0x215
|
|
DefWindowProcW
|
0x0
|
0x48f6bc
|
0xbac84
|
0xb9e84
|
0x9c
|
|
SetClipboardData
|
0x0
|
0x48f6c0
|
0xbac88
|
0xb9e88
|
0x286
|
|
EmptyClipboard
|
0x0
|
0x48f6c4
|
0xbac8c
|
0xb9e8c
|
0xd5
|
|
CountClipboardFormats
|
0x0
|
0x48f6c8
|
0xbac90
|
0xb9e90
|
0x56
|
|
CloseClipboard
|
0x0
|
0x48f6cc
|
0xbac94
|
0xb9e94
|
0x49
|
|
GetClipboardData
|
0x0
|
0x48f6d0
|
0xbac98
|
0xb9e98
|
0x116
|
|
IsClipboardFormatAvailable
|
0x0
|
0x48f6d4
|
0xbac9c
|
0xb9e9c
|
0x1ca
|
|
OpenClipboard
|
0x0
|
0x48f6d8
|
0xbaca0
|
0xb9ea0
|
0x226
|
|
BlockInput
|
0x0
|
0x48f6dc
|
0xbaca4
|
0xb9ea4
|
0xf
|
|
GetMessageW
|
0x0
|
0x48f6e0
|
0xbaca8
|
0xb9ea8
|
0x15d
|
|
LockWindowUpdate
|
0x0
|
0x48f6e4
|
0xbacac
|
0xb9eac
|
0x1fd
|
|
DispatchMessageW
|
0x0
|
0x48f6e8
|
0xbacb0
|
0xb9eb0
|
0xaf
|
|
TranslateMessage
|
0x0
|
0x48f6ec
|
0xbacb4
|
0xb9eb4
|
0x2fc
|
|
PeekMessageW
|
0x0
|
0x48f6f0
|
0xbacb8
|
0xb9eb8
|
0x233
|
|
UnregisterHotKey
|
0x0
|
0x48f6f4
|
0xbacbc
|
0xb9ebc
|
0x308
|
|
CheckMenuRadioItem
|
0x0
|
0x48f6f8
|
0xbacc0
|
0xb9ec0
|
0x40
|
|
CharLowerBuffW
|
0x0
|
0x48f6fc
|
0xbacc4
|
0xb9ec4
|
0x2d
|
|
MoveWindow
|
0x0
|
0x48f700
|
0xbacc8
|
0xb9ec8
|
0x21b
|
|
SetFocus
|
0x0
|
0x48f704
|
0xbaccc
|
0xb9ecc
|
0x292
|
|
PostQuitMessage
|
0x0
|
0x48f708
|
0xbacd0
|
0xb9ed0
|
0x237
|
|
KillTimer
|
0x0
|
0x48f70c
|
0xbacd4
|
0xb9ed4
|
0x1e3
|
|
CreatePopupMenu
|
0x0
|
0x48f710
|
0xbacd8
|
0xb9ed8
|
0x6b
|
|
RegisterWindowMessageW
|
0x0
|
0x48f714
|
0xbacdc
|
0xb9edc
|
0x263
|
|
SetTimer
|
0x0
|
0x48f718
|
0xbace0
|
0xb9ee0
|
0x2bb
|
|
ShowWindow
|
0x0
|
0x48f71c
|
0xbace4
|
0xb9ee4
|
0x2df
|
|
CreateWindowExW
|
0x0
|
0x48f720
|
0xbace8
|
0xb9ee8
|
0x6e
|
|
RegisterClassExW
|
0x0
|
0x48f724
|
0xbacec
|
0xb9eec
|
0x24d
|
|
LoadIconW
|
0x0
|
0x48f728
|
0xbacf0
|
0xb9ef0
|
0x1ed
|
|
LoadCursorW
|
0x0
|
0x48f72c
|
0xbacf4
|
0xb9ef4
|
0x1eb
|
|
GetSysColorBrush
|
0x0
|
0x48f730
|
0xbacf8
|
0xb9ef8
|
0x17c
|
|
GetForegroundWindow
|
0x0
|
0x48f734
|
0xbacfc
|
0xb9efc
|
0x12d
|
|
MessageBoxA
|
0x0
|
0x48f738
|
0xbad00
|
0xb9f00
|
0x20e
|
|
DestroyIcon
|
0x0
|
0x48f73c
|
0xbad04
|
0xb9f04
|
0xa3
|
|
SystemParametersInfoW
|
0x0
|
0x48f740
|
0xbad08
|
0xb9f08
|
0x2ec
|
|
LoadImageW
|
0x0
|
0x48f744
|
0xbad0c
|
0xb9f0c
|
0x1ef
|
|
GetClassNameW
|
0x0
|
0x48f748
|
0xbad10
|
0xb9f10
|
0x112
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
StrokePath
|
0x0
|
0x48f0c4
|
0xba68c
|
0xb988c
|
0x2b6
|
|
DeleteObject
|
0x0
|
0x48f0c8
|
0xba690
|
0xb9890
|
0xe6
|
|
GetTextExtentPoint32W
|
0x0
|
0x48f0cc
|
0xba694
|
0xb9894
|
0x21e
|
|
ExtCreatePen
|
0x0
|
0x48f0d0
|
0xba698
|
0xb9898
|
0x132
|
|
GetDeviceCaps
|
0x0
|
0x48f0d4
|
0xba69c
|
0xb989c
|
0x1cb
|
|
EndPath
|
0x0
|
0x48f0d8
|
0xba6a0
|
0xb98a0
|
0xf3
|
|
SetPixel
|
0x0
|
0x48f0dc
|
0xba6a4
|
0xb98a4
|
0x29b
|
|
CloseFigure
|
0x0
|
0x48f0e0
|
0xba6a8
|
0xb98a8
|
0x1e
|
|
CreateCompatibleBitmap
|
0x0
|
0x48f0e4
|
0xba6ac
|
0xb98ac
|
0x2f
|
|
CreateCompatibleDC
|
0x0
|
0x48f0e8
|
0xba6b0
|
0xb98b0
|
0x30
|
|
SelectObject
|
0x0
|
0x48f0ec
|
0xba6b4
|
0xb98b4
|
0x277
|
|
StretchBlt
|
0x0
|
0x48f0f0
|
0xba6b8
|
0xb98b8
|
0x2b3
|
|
GetDIBits
|
0x0
|
0x48f0f4
|
0xba6bc
|
0xb98bc
|
0x1ca
|
|
LineTo
|
0x0
|
0x48f0f8
|
0xba6c0
|
0xb98c0
|
0x236
|
|
AngleArc
|
0x0
|
0x48f0fc
|
0xba6c4
|
0xb98c4
|
0x8
|
|
MoveToEx
|
0x0
|
0x48f100
|
0xba6c8
|
0xb98c8
|
0x23a
|
|
Ellipse
|
0x0
|
0x48f104
|
0xba6cc
|
0xb98cc
|
0xed
|
|
DeleteDC
|
0x0
|
0x48f108
|
0xba6d0
|
0xb98d0
|
0xe3
|
|
GetPixel
|
0x0
|
0x48f10c
|
0xba6d4
|
0xb98d4
|
0x204
|
|
CreateDCW
|
0x0
|
0x48f110
|
0xba6d8
|
0xb98d8
|
0x32
|
|
GetStockObject
|
0x0
|
0x48f114
|
0xba6dc
|
0xb98dc
|
0x20d
|
|
GetTextFaceW
|
0x0
|
0x48f118
|
0xba6e0
|
0xb98e0
|
0x224
|
|
CreateFontW
|
0x0
|
0x48f11c
|
0xba6e4
|
0xb98e4
|
0x41
|
|
SetTextColor
|
0x0
|
0x48f120
|
0xba6e8
|
0xb98e8
|
0x2a6
|
|
PolyDraw
|
0x0
|
0x48f124
|
0xba6ec
|
0xb98ec
|
0x250
|
|
BeginPath
|
0x0
|
0x48f128
|
0xba6f0
|
0xb98f0
|
0x12
|
|
Rectangle
|
0x0
|
0x48f12c
|
0xba6f4
|
0xb98f4
|
0x25f
|
|
SetViewportOrgEx
|
0x0
|
0x48f130
|
0xba6f8
|
0xb98f8
|
0x2a9
|
|
GetObjectW
|
0x0
|
0x48f134
|
0xba6fc
|
0xb98fc
|
0x1fd
|
|
SetBkMode
|
0x0
|
0x48f138
|
0xba700
|
0xb9900
|
0x27f
|
|
RoundRect
|
0x0
|
0x48f13c
|
0xba704
|
0xb9904
|
0x26a
|
|
SetBkColor
|
0x0
|
0x48f140
|
0xba708
|
0xb9908
|
0x27e
|
|
CreatePen
|
0x0
|
0x48f144
|
0xba70c
|
0xb990c
|
0x4b
|
|
CreateSolidBrush
|
0x0
|
0x48f148
|
0xba710
|
0xb9910
|
0x54
|
|
StrokeAndFillPath
|
0x0
|
0x48f14c
|
0xba714
|
0xb9914
|
0x2b5
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
GetOpenFileNameW
|
0x0
|
0x48f0b8
|
0xba680
|
0xb9880
|
0xc
|
|
GetSaveFileNameW
|
0x0
|
0x48f0bc
|
0xba684
|
0xb9884
|
0xe
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
GetAce
|
0x0
|
0x48f000
|
0xba5c8
|
0xb97c8
|
0x123
|
|
RegEnumValueW
|
0x0
|
0x48f004
|
0xba5cc
|
0xb97cc
|
0x252
|
|
RegDeleteValueW
|
0x0
|
0x48f008
|
0xba5d0
|
0xb97d0
|
0x248
|
|
RegDeleteKeyW
|
0x0
|
0x48f00c
|
0xba5d4
|
0xb97d4
|
0x244
|
|
RegEnumKeyExW
|
0x0
|
0x48f010
|
0xba5d8
|
0xb97d8
|
0x24f
|
|
RegSetValueExW
|
0x0
|
0x48f014
|
0xba5dc
|
0xb97dc
|
0x27e
|
|
RegOpenKeyExW
|
0x0
|
0x48f018
|
0xba5e0
|
0xb97e0
|
0x261
|
|
RegCloseKey
|
0x0
|
0x48f01c
|
0xba5e4
|
0xb97e4
|
0x230
|
|
RegQueryValueExW
|
0x0
|
0x48f020
|
0xba5e8
|
0xb97e8
|
0x26e
|
|
RegConnectRegistryW
|
0x0
|
0x48f024
|
0xba5ec
|
0xb97ec
|
0x234
|
|
InitializeSecurityDescriptor
|
0x0
|
0x48f028
|
0xba5f0
|
0xb97f0
|
0x177
|
|
InitializeAcl
|
0x0
|
0x48f02c
|
0xba5f4
|
0xb97f4
|
0x176
|
|
AdjustTokenPrivileges
|
0x0
|
0x48f030
|
0xba5f8
|
0xb97f8
|
0x1f
|
|
OpenThreadToken
|
0x0
|
0x48f034
|
0xba5fc
|
0xb97fc
|
0x1fc
|
|
OpenProcessToken
|
0x0
|
0x48f038
|
0xba600
|
0xb9800
|
0x1f7
|
|
LookupPrivilegeValueW
|
0x0
|
0x48f03c
|
0xba604
|
0xb9804
|
0x197
|
|
DuplicateTokenEx
|
0x0
|
0x48f040
|
0xba608
|
0xb9808
|
0xdf
|
|
CreateProcessAsUserW
|
0x0
|
0x48f044
|
0xba60c
|
0xb980c
|
0x7c
|
|
CreateProcessWithLogonW
|
0x0
|
0x48f048
|
0xba610
|
0xb9810
|
0x7d
|
|
GetLengthSid
|
0x0
|
0x48f04c
|
0xba614
|
0xb9814
|
0x136
|
|
CopySid
|
0x0
|
0x48f050
|
0xba618
|
0xb9818
|
0x76
|
|
LogonUserW
|
0x0
|
0x48f054
|
0xba61c
|
0xb981c
|
0x18d
|
|
AllocateAndInitializeSid
|
0x0
|
0x48f058
|
0xba620
|
0xb9820
|
0x20
|
|
CheckTokenMembership
|
0x0
|
0x48f05c
|
0xba624
|
0xb9824
|
0x51
|
|
RegCreateKeyExW
|
0x0
|
0x48f060
|
0xba628
|
0xb9828
|
0x239
|
|
FreeSid
|
0x0
|
0x48f064
|
0xba62c
|
0xb982c
|
0x120
|
|
GetTokenInformation
|
0x0
|
0x48f068
|
0xba630
|
0xb9830
|
0x15a
|
|
GetSecurityDescriptorDacl
|
0x0
|
0x48f06c
|
0xba634
|
0xb9834
|
0x148
|
|
GetAclInformation
|
0x0
|
0x48f070
|
0xba638
|
0xb9838
|
0x124
|
|
AddAce
|
0x0
|
0x48f074
|
0xba63c
|
0xb983c
|
0x16
|
|
SetSecurityDescriptorDacl
|
0x0
|
0x48f078
|
0xba640
|
0xb9840
|
0x2b6
|
|
GetUserNameW
|
0x0
|
0x48f07c
|
0xba644
|
0xb9844
|
0x165
|
|
InitiateSystemShutdownExW
|
0x0
|
0x48f080
|
0xba648
|
0xb9848
|
0x17d
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
DragQueryPoint
|
0x0
|
0x48f48c
|
0xbaa54
|
0xb9c54
|
0x20
|
|
ShellExecuteExW
|
0x0
|
0x48f490
|
0xbaa58
|
0xb9c58
|
0x121
|
|
DragQueryFileW
|
0x0
|
0x48f494
|
0xbaa5c
|
0xb9c5c
|
0x1f
|
|
SHEmptyRecycleBinW
|
0x0
|
0x48f498
|
0xbaa60
|
0xb9c60
|
0xa5
|
|
SHGetPathFromIDListW
|
0x0
|
0x48f49c
|
0xbaa64
|
0xb9c64
|
0xd7
|
|
SHBrowseForFolderW
|
0x0
|
0x48f4a0
|
0xbaa68
|
0xb9c68
|
0x7b
|
|
SHCreateShellItem
|
0x0
|
0x48f4a4
|
0xbaa6c
|
0xb9c6c
|
0x9a
|
|
SHGetDesktopFolder
|
0x0
|
0x48f4a8
|
0xbaa70
|
0xb9c70
|
0xb6
|
|
SHGetSpecialFolderLocation
|
0x0
|
0x48f4ac
|
0xbaa74
|
0xb9c74
|
0xdf
|
|
SHGetFolderPathW
|
0x0
|
0x48f4b0
|
0xbaa78
|
0xb9c78
|
0xc3
|
|
SHFileOperationW
|
0x0
|
0x48f4b4
|
0xbaa7c
|
0xb9c7c
|
0xac
|
|
ExtractIconExW
|
0x0
|
0x48f4b8
|
0xbaa80
|
0xb9c80
|
0x2a
|
|
Shell_NotifyIconW
|
0x0
|
0x48f4bc
|
0xbaa84
|
0xb9c84
|
0x12e
|
|
ShellExecuteW
|
0x0
|
0x48f4c0
|
0xbaa88
|
0xb9c88
|
0x122
|
|
DragFinish
|
0x0
|
0x48f4c4
|
0xbaa8c
|
0xb9c8c
|
0x1b
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
CoTaskMemAlloc
|
0x0
|
0x48f828
|
0xbadf0
|
0xb9ff0
|
0x67
|
|
CoTaskMemFree
|
0x0
|
0x48f82c
|
0xbadf4
|
0xb9ff4
|
0x68
|
|
CLSIDFromString
|
0x0
|
0x48f830
|
0xbadf8
|
0xb9ff8
|
0x8
|
|
ProgIDFromCLSID
|
0x0
|
0x48f834
|
0xbadfc
|
0xb9ffc
|
0x14b
|
|
CLSIDFromProgID
|
0x0
|
0x48f838
|
0xbae00
|
0xba000
|
0x6
|
|
OleSetMenuDescriptor
|
0x0
|
0x48f83c
|
0xbae04
|
0xba004
|
0x147
|
|
MkParseDisplayName
|
0x0
|
0x48f840
|
0xbae08
|
0xba008
|
0xd4
|
|
OleSetContainedObject
|
0x0
|
0x48f844
|
0xbae0c
|
0xba00c
|
0x146
|
|
CoCreateInstance
|
0x0
|
0x48f848
|
0xbae10
|
0xba010
|
0x10
|
|
IIDFromString
|
0x0
|
0x48f84c
|
0xbae14
|
0xba014
|
0xcd
|
|
StringFromGUID2
|
0x0
|
0x48f850
|
0xbae18
|
0xba018
|
0x179
|
|
CreateStreamOnHGlobal
|
0x0
|
0x48f854
|
0xbae1c
|
0xba01c
|
0x86
|
|
OleInitialize
|
0x0
|
0x48f858
|
0xbae20
|
0xba020
|
0x132
|
|
OleUninitialize
|
0x0
|
0x48f85c
|
0xbae24
|
0xba024
|
0x149
|
|
CoInitialize
|
0x0
|
0x48f860
|
0xbae28
|
0xba028
|
0x3e
|
|
CoUninitialize
|
0x0
|
0x48f864
|
0xbae2c
|
0xba02c
|
0x6c
|
|
GetRunningObjectTable
|
0x0
|
0x48f868
|
0xbae30
|
0xba030
|
0x97
|
|
CoGetInstanceFromFile
|
0x0
|
0x48f86c
|
0xbae34
|
0xba034
|
0x2d
|
|
CoGetObject
|
0x0
|
0x48f870
|
0xbae38
|
0xba038
|
0x35
|
|
CoSetProxyBlanket
|
0x0
|
0x48f874
|
0xbae3c
|
0xba03c
|
0x63
|
|
CoCreateInstanceEx
|
0x0
|
0x48f878
|
0xbae40
|
0xba040
|
0x11
|
|
CoInitializeSecurity
|
0x0
|
0x48f87c
|
0xbae44
|
0xba044
|
0x40
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
LoadTypeLibEx
|
0xb7
|
0x48f40c
|
0xba9d4
|
0xb9bd4
|
-
|
|
VariantCopyInd
|
0xb
|
0x48f410
|
0xba9d8
|
0xb9bd8
|
-
|
|
SysReAllocString
|
0x3
|
0x48f414
|
0xba9dc
|
0xb9bdc
|
-
|
|
SysFreeString
|
0x6
|
0x48f418
|
0xba9e0
|
0xb9be0
|
-
|
|
SafeArrayDestroyDescriptor
|
0x26
|
0x48f41c
|
0xba9e4
|
0xb9be4
|
-
|
|
SafeArrayDestroyData
|
0x27
|
0x48f420
|
0xba9e8
|
0xb9be8
|
-
|
|
SafeArrayUnaccessData
|
0x18
|
0x48f424
|
0xba9ec
|
0xb9bec
|
-
|
|
SafeArrayAccessData
|
0x17
|
0x48f428
|
0xba9f0
|
0xb9bf0
|
-
|
|
SafeArrayAllocData
|
0x25
|
0x48f42c
|
0xba9f4
|
0xb9bf4
|
-
|
|
SafeArrayAllocDescriptorEx
|
0x29
|
0x48f430
|
0xba9f8
|
0xb9bf8
|
-
|
|
SafeArrayCreateVector
|
0x19b
|
0x48f434
|
0xba9fc
|
0xb9bfc
|
-
|
|
RegisterTypeLib
|
0xa3
|
0x48f438
|
0xbaa00
|
0xb9c00
|
-
|
|
CreateStdDispatch
|
0x20
|
0x48f43c
|
0xbaa04
|
0xb9c04
|
-
|
|
DispCallFunc
|
0x92
|
0x48f440
|
0xbaa08
|
0xb9c08
|
-
|
|
VariantChangeType
|
0xc
|
0x48f444
|
0xbaa0c
|
0xb9c0c
|
-
|
|
SysStringLen
|
0x7
|
0x48f448
|
0xbaa10
|
0xb9c10
|
-
|
|
VariantTimeToSystemTime
|
0xb9
|
0x48f44c
|
0xbaa14
|
0xb9c14
|
-
|
|
VarR8FromDec
|
0xdc
|
0x48f450
|
0xbaa18
|
0xb9c18
|
-
|
|
SafeArrayGetVartype
|
0x4d
|
0x48f454
|
0xbaa1c
|
0xb9c1c
|
-
|
|
VariantCopy
|
0xa
|
0x48f458
|
0xbaa20
|
0xb9c20
|
-
|
|
VariantClear
|
0x9
|
0x48f45c
|
0xbaa24
|
0xb9c24
|
-
|
|
OleLoadPicture
|
0x1a2
|
0x48f460
|
0xbaa28
|
0xb9c28
|
-
|
|
QueryPathOfRegTypeLib
|
0xa4
|
0x48f464
|
0xbaa2c
|
0xb9c2c
|
-
|
|
RegisterTypeLibForUser
|
0x1ba
|
0x48f468
|
0xbaa30
|
0xb9c30
|
-
|
|
UnRegisterTypeLibForUser
|
0x1bb
|
0x48f46c
|
0xbaa34
|
0xb9c34
|
-
|
|
UnRegisterTypeLib
|
0xba
|
0x48f470
|
0xbaa38
|
0xb9c38
|
-
|
|
CreateDispTypeInfo
|
0x1f
|
0x48f474
|
0xbaa3c
|
0xb9c3c
|
-
|
|
SysAllocString
|
0x2
|
0x48f478
|
0xbaa40
|
0xb9c40
|
-
|
|
VariantInit
|
0x8
|
0x48f47c
|
0xbaa44
|
0xb9c44
|
-
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
68.00 KB
|
|
MD5
|
b837f9f74a93c63541185253c2dc583a
|
|
SHA1
|
bf1e5336bd69f8831a5127227db1c523cb32e7aa
|
|
SHA256
|
ab2820a44213dd22c9ca52f83638e58422e69eb0798698f984725f8aae5caa6a
|
|
SSDeep
|
48:Qj2lrfdASsOvNdASAp0uSicYOvAQGGOvlBul:Qj2MOA0WcPGRlBC
|
|
Mime Type
|
application/CDFV2-unknown
|
|
File Size
|
2.97 MB
|
|
MD5
|
3b492beae3a48d7e9eb420571c1e8356
|
|
SHA1
|
01fb0896e612ef9ca0ec981087e8ac8201e26149
|
|
SHA256
|
6b287b271706696a6d63e37c31be1ebf6483dd9d53c40428bc8b371cc1c34e83
|
|
SSDeep
|
49152:YhbvWeD1soj7Ba3DaMNtklBXTdVTPT0GStMCtijo:wnD6oj7iJuNTXT70Gwtij
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
0.07 KB
|
|
MD5
|
9c035c1f1fd99090f94bc1db10edf0c3
|
|
SHA1
|
1e2c8e69e7a3159c72ad880bf7842624bddb50b9
|
|
SHA256
|
6d32514009798d3bb5110497641808fb36f7059833c2a717f31ff8e257288ffd
|
|
SSDeep
|
3:ElcqCLEllYA/vll+llJXtmmvllXllXn:Ea3LMmAe/qW
|
|
Mime Type
|
application/vnd.ms-cab-compressed
|
|
File Size
|
2.78 MB
|
|
MD5
|
cfb868c2490e1007003f2733754bc878
|
|
SHA1
|
5674380a700d3875400c0fb266a7e3a4b85e2b8f
|
|
SHA256
|
aca0e5d3fca1c4ac504afe2f76c73d9f51bf9b84d94b5060e7648eeca81e9a16
|
|
SSDeep
|
49152:vhbvWxBj7Ba3DaMNtklBXTdVTPT0GStMCtijo:ZaBj7iJuNTXT70Gwtij
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
0.03 KB
|
|
MD5
|
5c968bf21646d66492c1dd12d0d1c641
|
|
SHA1
|
db5de9eb47ba27964019961597062ee0f77e3797
|
|
SHA256
|
be0cf0ee8c14bb4c83ba264c5249b5e4fa526eba52e2fddeb60fb86bceb8018f
|
|
SSDeep
|
3:RMQGgr4/d+C:rGD/
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
0.02 KB
|
|
MD5
|
2cb9315e533e3700bedf1a77bba374bc
|
|
SHA1
|
c40c5eaf4227171ab007742d0af29bec01ee130c
|
|
SHA256
|
a262de468045d279966577b6bae961c2f90650acbb91c7a4c88b380671d12281
|
|
SSDeep
|
3:cE627w:c0k
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.27 KB
|
|
MD5
|
573fbc745d5032a5becd4b390a39dcef
|
|
SHA1
|
2e8351361b5f275908db0d693eecd5d5cae7eb5f
|
|
SHA256
|
279859304784581d518a30a777c53f91a8d48109f51e1a920f01abe3ccde6716
|
|
SSDeep
|
6:bClP6M8U4XIUV07FheRAtXYOrDyEN23fRgb5gQCO5wozm10y:bsP6M8U4Xp2BEAtLgpgb5gLO3I
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.47 KB
|
|
MD5
|
d2b63037375a9e85731d45eb19ec7402
|
|
SHA1
|
3cf3dc5edef6559ad4eef335425a45c8eafc83c4
|
|
SHA256
|
61779986c88cf5d7bfd8b42bd6c1d49554a51489c526e4228d7e58438db882bd
|
|
SSDeep
|
12:bsP6M8U4Xp2BEAtLgpgb5gLO30+kSgpgb5gLOtJeI+:gP63UspEpFg4iL2lg4iLceV
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.07 KB
|
|
MD5
|
1fb5d124bb9ea0decacfa8158ceb2cdf
|
|
SHA1
|
a87d131b4715bd1939b3425832abd371ce058e09
|
|
SHA256
|
4819352607f07d27601091f94380ee4eff0479c34566c3e49ba9800c7ae0e729
|
|
SSDeep
|
3:bXyls86k2RMQsue90U4gvZcQdUV0v:bClP6M8U4XIUV0v
|
|
Mime Type
|
application/x-wine-extension-ini
|
|
File Size
|
0.05 KB
|
|
MD5
|
727675d3579482f4d0e4d1063806e492
|
|
SHA1
|
56392ef9456107e89cd102a69d12a84b376504ba
|
|
SHA256
|
45465070215b849bb278e47849a8f2ca986a17299e055b41afbdc09f0cf3c012
|
|
SSDeep
|
3:0NdQDjotjIAXNamv:0NwoyAXNxv
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.31 KB
|
|
MD5
|
15615243ec595fde3b4053b7d44710cc
|
|
SHA1
|
285c183086f825998d7b15ebda7259c4d3e9d550
|
|
SHA256
|
febc0b6d7db9938d977850a17dbb3fbf0e1096c5a11f6871b06b36a0ddf28311
|
|
SSDeep
|
6:bClP6M8U4XIUV07FheRAtXYOrDyEN23fRgb5gQCO5wozm10a+qPdGX:bsP6M8U4Xp2BEAtLgpgb5gLO30+r
|
|
Mime Type
|
application/CDFV2-unknown
|
|
File Size
|
20.00 KB
|
|
MD5
|
d1b39760f6e1be7c44ebacf0908e5c11
|
|
SHA1
|
7e0e34d3417b54dd8920e27ea20b977e51d0a17d
|
|
SHA256
|
d67b6804cd05912270ca632da34e1d304fc65a5df87fd9856047ce90a5331bad
|
|
SSDeep
|
48:o0gcDHQbuaKOvlBuUJVHdASAp0uSicYOvAbdASsOvvrlpj:olCallBdJV+0WcBOxpj
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.29 KB
|
|
MD5
|
9dfaf393b467e1ebc4819076a874201e
|
|
SHA1
|
0c3cc90678db89fd5086bfe147d531264f461bfc
|
|
SHA256
|
e1b8c1acb96b17f1d21f77b60d1625414cf5033d9b58b8bc8ade171e1971225d
|
|
SSDeep
|
6:bClP6M8U4XIUV07FheRAtXYOrDyEN23fRgb5gQCO5wozm10a+qPn:bsP6M8U4Xp2BEAtLgpgb5gLO30+i
|
|
Mime Type
|
text/plain
|
|
File Size
|
0.10 KB
|
|
MD5
|
fbff3a1e9a3326288b76a4f8c4311c1e
|
|
SHA1
|
de4bd5156c7db48c6bd0b43424cdbc1d7a457791
|
|
SHA256
|
3f5ecc5e68b269d127324a7ee0de70a02371b62234548dcc70d62cd24b6d7218
|
|
SSDeep
|
3:bXyls86k2RMQsue90U4gvZcQdUV00Gcahn:bClP6M8U4XIUV07Fhn
|
