Obfuscated AutoIt Malware Injects Executables to Steal Passwords and Browser Data | Files
Try VMRay Analyzer
File Information
Sample files count 1
Created files count 55
Modified files count 0
c:\users\eebsym5\desktop\9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d.exe
-
File Properties
Names c:\users\eebsym5\desktop\9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d.exe (Sample File)
Size 912.25 KB (934144 bytes)
Hash Values MD5: 2090ff67346785ba32859de0065350c6
SHA1: 045e46667befb09b91ff797bdee91e5ef43d2366
SHA256: 9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x40ac87
Size Of Code 0x12400
Size Of Initialized Data 0x5600
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2012-06-09 15:19:49
Compiler/Packer Unknown
Sections (5)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x1231e 0x12400 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.56
.rdata 0x414000 0x1d15 0x1e00 0x12800 CNT_INITIALIZED_DATA, MEM_READ 4.99
.data 0x416000 0x17724 0x200 0x14600 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 3.55
.CRT 0x42e000 0x20 0x200 0x14800 CNT_INITIALIZED_DATA, MEM_READ 0.39
.rsrc 0x42f000 0x3280 0x3400 0x14a00 CNT_INITIALIZED_DATA, MEM_READ 4.91
Imports (168)
+
COMCTL32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
InitCommonControlsEx 0x0 0x41402c 0x14df8 0x135f8
SHLWAPI.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SHAutoComplete 0x0 0x4141c4 0x14f90 0x13790
KERNEL32.dll (75)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DeleteFileW 0x0 0x414068 0x14e34 0x13634
DeleteFileA 0x0 0x41406c 0x14e38 0x13638
CreateDirectoryA 0x0 0x414070 0x14e3c 0x1363c
CreateDirectoryW 0x0 0x414074 0x14e40 0x13640
FindClose 0x0 0x414078 0x14e44 0x13644
FindNextFileA 0x0 0x41407c 0x14e48 0x13648
FindFirstFileA 0x0 0x414080 0x14e4c 0x1364c
FindNextFileW 0x0 0x414084 0x14e50 0x13650
FindFirstFileW 0x0 0x414088 0x14e54 0x13654
GetVersionExW 0x0 0x41408c 0x14e58 0x13658
GetFullPathNameA 0x0 0x414090 0x14e5c 0x1365c
GetFullPathNameW 0x0 0x414094 0x14e60 0x13660
MultiByteToWideChar 0x0 0x414098 0x14e64 0x13664
GetModuleFileNameW 0x0 0x41409c 0x14e68 0x13668
FindResourceW 0x0 0x4140a0 0x14e6c 0x1366c
GetModuleHandleW 0x0 0x4140a4 0x14e70 0x13670
HeapAlloc 0x0 0x4140a8 0x14e74 0x13674
GetProcessHeap 0x0 0x4140ac 0x14e78 0x13678
HeapFree 0x0 0x4140b0 0x14e7c 0x1367c
HeapReAlloc 0x0 0x4140b4 0x14e80 0x13680
CompareStringA 0x0 0x4140b8 0x14e84 0x13684
ExitProcess 0x0 0x4140bc 0x14e88 0x13688
GetTickCount 0x0 0x4140c0 0x14e8c 0x1368c
FreeLibrary 0x0 0x4140c4 0x14e90 0x13690
GetProcAddress 0x0 0x4140c8 0x14e94 0x13694
LoadLibraryW 0x0 0x4140cc 0x14e98 0x13698
GetCurrentProcessId 0x0 0x4140d0 0x14e9c 0x1369c
SetFileAttributesW 0x0 0x4140d4 0x14ea0 0x136a0
GetNumberFormatW 0x0 0x4140d8 0x14ea4 0x136a4
DosDateTimeToFileTime 0x0 0x4140dc 0x14ea8 0x136a8
GetDateFormatW 0x0 0x4140e0 0x14eac 0x136ac
GetTimeFormatW 0x0 0x4140e4 0x14eb0 0x136b0
FileTimeToSystemTime 0x0 0x4140e8 0x14eb4 0x136b4
FileTimeToLocalFileTime 0x0 0x4140ec 0x14eb8 0x136b8
ExpandEnvironmentStringsW 0x0 0x4140f0 0x14ebc 0x136bc
WaitForSingleObject 0x0 0x4140f4 0x14ec0 0x136c0
Sleep 0x0 0x4140f8 0x14ec4 0x136c4
GetExitCodeProcess 0x0 0x4140fc 0x14ec8 0x136c8
GetTempPathW 0x0 0x414100 0x14ecc 0x136cc
MoveFileExW 0x0 0x414104 0x14ed0 0x136d0
UnmapViewOfFile 0x0 0x414108 0x14ed4 0x136d4
MapViewOfFile 0x0 0x41410c 0x14ed8 0x136d8
GetCommandLineW 0x0 0x414110 0x14edc 0x136dc
CreateFileMappingW 0x0 0x414114 0x14ee0 0x136e0
SetEnvironmentVariableW 0x0 0x414118 0x14ee4 0x136e4
OpenFileMappingW 0x0 0x41411c 0x14ee8 0x136e8
LocalFileTimeToFileTime 0x0 0x414120 0x14eec 0x136ec
SystemTimeToFileTime 0x0 0x414124 0x14ef0 0x136f0
GetSystemTime 0x0 0x414128 0x14ef4 0x136f4
WideCharToMultiByte 0x0 0x41412c 0x14ef8 0x136f8
CompareStringW 0x0 0x414130 0x14efc 0x136fc
IsDBCSLeadByte 0x0 0x414134 0x14f00 0x13700
GetCPInfo 0x0 0x414138 0x14f04 0x13704
GlobalAlloc 0x0 0x41413c 0x14f08 0x13708
SetCurrentDirectoryW 0x0 0x414140 0x14f0c 0x1370c
SetFileAttributesA 0x0 0x414144 0x14f10 0x13710
GetFileAttributesW 0x0 0x414148 0x14f14 0x13714
GetFileAttributesA 0x0 0x41414c 0x14f18 0x13718
WriteFile 0x0 0x414150 0x14f1c 0x1371c
GetStdHandle 0x0 0x414154 0x14f20 0x13720
ReadFile 0x0 0x414158 0x14f24 0x13724
GetCurrentDirectoryW 0x0 0x41415c 0x14f28 0x13728
CreateFileW 0x0 0x414160 0x14f2c 0x1372c
CreateFileA 0x0 0x414164 0x14f30 0x13730
GetFileType 0x0 0x414168 0x14f34 0x13734
SetEndOfFile 0x0 0x41416c 0x14f38 0x13738
SetFilePointer 0x0 0x414170 0x14f3c 0x1373c
FlushFileBuffers 0x0 0x414174 0x14f40 0x13740
MoveFileW 0x0 0x414178 0x14f44 0x13744
SetFileTime 0x0 0x41417c 0x14f48 0x13748
GetCurrentProcess 0x0 0x414180 0x14f4c 0x1374c
CloseHandle 0x0 0x414184 0x14f50 0x13750
SetLastError 0x0 0x414188 0x14f54 0x13754
GetLastError 0x0 0x41418c 0x14f58 0x13758
GetLocaleInfoW 0x0 0x414190 0x14f5c 0x1375c
USER32.dll (56)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetClassNameW 0x0 0x4141cc 0x14f98 0x13798
DialogBoxParamW 0x0 0x4141d0 0x14f9c 0x1379c
IsWindowVisible 0x0 0x4141d4 0x14fa0 0x137a0
WaitForInputIdle 0x0 0x4141d8 0x14fa4 0x137a4
SetForegroundWindow 0x0 0x4141dc 0x14fa8 0x137a8
GetSysColor 0x0 0x4141e0 0x14fac 0x137ac
PostMessageW 0x0 0x4141e4 0x14fb0 0x137b0
LoadBitmapW 0x0 0x4141e8 0x14fb4 0x137b4
LoadIconW 0x0 0x4141ec 0x14fb8 0x137b8
CharToOemA 0x0 0x4141f0 0x14fbc 0x137bc
OemToCharA 0x0 0x4141f4 0x14fc0 0x137c0
IsWindow 0x0 0x4141f8 0x14fc4 0x137c4
CopyRect 0x0 0x4141fc 0x14fc8 0x137c8
DestroyWindow 0x0 0x414200 0x14fcc 0x137cc
DefWindowProcW 0x0 0x414204 0x14fd0 0x137d0
RegisterClassExW 0x0 0x414208 0x14fd4 0x137d4
LoadCursorW 0x0 0x41420c 0x14fd8 0x137d8
UpdateWindow 0x0 0x414210 0x14fdc 0x137dc
CreateWindowExW 0x0 0x414214 0x14fe0 0x137e0
MapWindowPoints 0x0 0x414218 0x14fe4 0x137e4
GetParent 0x0 0x41421c 0x14fe8 0x137e8
GetDlgItemTextW 0x0 0x414220 0x14fec 0x137ec
TranslateMessage 0x0 0x414224 0x14ff0 0x137f0
DispatchMessageW 0x0 0x414228 0x14ff4 0x137f4
wvsprintfW 0x0 0x41422c 0x14ff8 0x137f8
wvsprintfA 0x0 0x414230 0x14ffc 0x137fc
CharUpperA 0x0 0x414234 0x15000 0x13800
CharToOemBuffA 0x0 0x414238 0x15004 0x13804
LoadStringW 0x0 0x41423c 0x15008 0x13808
GetWindowRect 0x0 0x414240 0x1500c 0x1380c
GetClientRect 0x0 0x414244 0x15010 0x13810
SetWindowPos 0x0 0x414248 0x15014 0x13814
GetWindowTextW 0x0 0x41424c 0x15018 0x13818
SetWindowTextW 0x0 0x414250 0x1501c 0x1381c
GetSystemMetrics 0x0 0x414254 0x15020 0x13820
GetWindow 0x0 0x414258 0x15024 0x13824
GetWindowLongW 0x0 0x41425c 0x15028 0x13828
CharUpperW 0x0 0x414260 0x1502c 0x1382c
CharToOemBuffW 0x0 0x414264 0x15030 0x13830
MessageBoxW 0x0 0x414268 0x15034 0x13834
ShowWindow 0x0 0x41426c 0x15038 0x13838
GetDlgItem 0x0 0x414270 0x1503c 0x1383c
EnableWindow 0x0 0x414274 0x15040 0x13840
OemToCharBuffA 0x0 0x414278 0x15044 0x13844
SendDlgItemMessageW 0x0 0x41427c 0x15048 0x13848
DestroyIcon 0x0 0x414280 0x1504c 0x1384c
EndDialog 0x0 0x414284 0x15050 0x13850
SetFocus 0x0 0x414288 0x15054 0x13854
SetDlgItemTextW 0x0 0x41428c 0x15058 0x13858
SendMessageW 0x0 0x414290 0x1505c 0x1385c
GetDC 0x0 0x414294 0x15060 0x13860
ReleaseDC 0x0 0x414298 0x15064 0x13864
PeekMessageW 0x0 0x41429c 0x15068 0x13868
FindWindowExW 0x0 0x4142a0 0x1506c 0x1386c
GetMessageW 0x0 0x4142a4 0x15070 0x13870
SetWindowLongW 0x0 0x4142a8 0x15074 0x13874
GDI32.dll (8)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetDeviceCaps 0x0 0x414044 0x14e10 0x13610
GetObjectW 0x0 0x414048 0x14e14 0x13614
CreateCompatibleBitmap 0x0 0x41404c 0x14e18 0x13618
SelectObject 0x0 0x414050 0x14e1c 0x1361c
StretchBlt 0x0 0x414054 0x14e20 0x13620
CreateCompatibleDC 0x0 0x414058 0x14e24 0x13624
DeleteObject 0x0 0x41405c 0x14e28 0x13628
DeleteDC 0x0 0x414060 0x14e2c 0x1362c
COMDLG32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetOpenFileNameW 0x0 0x414034 0x14e00 0x13600
CommDlgExtendedError 0x0 0x414038 0x14e04 0x13604
GetSaveFileNameW 0x0 0x41403c 0x14e08 0x13608
ADVAPI32.dll (10)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegOpenKeyExW 0x0 0x414000 0x14dcc 0x135cc
LookupPrivilegeValueW 0x0 0x414004 0x14dd0 0x135d0
RegQueryValueExW 0x0 0x414008 0x14dd4 0x135d4
RegCreateKeyExW 0x0 0x41400c 0x14dd8 0x135d8
RegSetValueExW 0x0 0x414010 0x14ddc 0x135dc
RegCloseKey 0x0 0x414014 0x14de0 0x135e0
SetFileSecurityW 0x0 0x414018 0x14de4 0x135e4
SetFileSecurityA 0x0 0x41401c 0x14de8 0x135e8
OpenProcessToken 0x0 0x414020 0x14dec 0x135ec
AdjustTokenPrivileges 0x0 0x414024 0x14df0 0x135f0
SHELL32.dll (8)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SHChangeNotify 0x0 0x4141a0 0x14f6c 0x1376c
ShellExecuteExW 0x0 0x4141a4 0x14f70 0x13770
SHFileOperationW 0x0 0x4141a8 0x14f74 0x13774
SHGetFileInfoW 0x0 0x4141ac 0x14f78 0x13778
SHGetSpecialFolderLocation 0x0 0x4141b0 0x14f7c 0x1377c
SHGetMalloc 0x0 0x4141b4 0x14f80 0x13780
SHBrowseForFolderW 0x0 0x4141b8 0x14f84 0x13784
SHGetPathFromIDListW 0x0 0x4141bc 0x14f88 0x13788
ole32.dll (5)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CLSIDFromString 0x0 0x4142b0 0x1507c 0x1387c
CreateStreamOnHGlobal 0x0 0x4142b4 0x15080 0x13880
OleUninitialize 0x0 0x4142b8 0x15084 0x13884
CoCreateInstance 0x0 0x4142bc 0x15088 0x13888
OleInitialize 0x0 0x4142c0 0x1508c 0x1388c
OLEAUT32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VariantInit 0x8 0x414198 0x14f64 0x13764
Icons (1)
+
Icon
c:\users\eebsym5\appdata\local\temp\60484525\__tmp_rar_sfx_access_check_18052931, ...
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\__tmp_rar_sfx_access_check_18052931 (Created File)
c:\users\eebsym5\appdata\local\temp\widfu (Created File)
c:\users\eebsym5\appdata\local\temp\wqnqmshpoxvbxmnplxmoexxv (Created File)
Size 0.00 KB (0 bytes)
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\users\eebsym5\appdata\local\temp\60484525\hin.ppt
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\hin.ppt (Created File)
Size 753.11 KB (771181 bytes)
Hash Values MD5: b4069d0c0e00f8266018f1263d28314a
SHA1: da9e1711e225aa694f28ac81677f0a8840acbd56
SHA256: 017a11f2c47b3329116d74da098437fef15a0283fd7df5b5cf16e167a74bf4bf
Actions
c:\users\eebsym5\appdata\local\temp\60484525\cvn-nhc
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\cvn-nhc (Created File)
Size 2.88 MB (3022508 bytes)
Hash Values MD5: de1a6fbf02c16cacd54d414ed4e6f73e
SHA1: 645a49fb10d04c18348e6614c3640cb2d732d7e2
SHA256: f0b7de110217d22b745eb45ad6c808974c667bb77dabdf824c7a439bb254d49d
Actions
c:\users\eebsym5\appdata\local\temp\60484525\cih.exe
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\cih.exe (Created File)
Size 732.73 KB (750320 bytes)
Hash Values MD5: 71d8f6d5dc35517275bc38ebcc815f9f
SHA1: cae4e8c730de5a01d30aabeb3e5cb2136090ed8d
SHA256: fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x4164e1
Size Of Code 0x80600
Size Of Initialized Data 0x34a00
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2012-01-29 22:32:28
Compiler/Packer Unknown
Sections (5)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x805d8 0x80600 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.69
.rdata 0x482000 0xdfa8 0xe000 0x80a00 CNT_INITIALIZED_DATA, MEM_READ 4.8
.data 0x490000 0x1a758 0x6800 0x8ea00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 2.15
.rsrc 0x4ab000 0x18a9c 0x18c00 0x95200 CNT_INITIALIZED_DATA, MEM_READ 7.35
.reloc 0x4c4000 0x758a 0x7600 0xade00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 6.24
Imports (513)
+
WSOCK32.dll (22)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
__WSAFDIsSet 0x97 0x482794 0x8dcec 0x8c6ec
setsockopt 0x15 0x482798 0x8dcf0 0x8c6f0
ntohs 0xf 0x48279c 0x8dcf4 0x8c6f4
recvfrom 0x11 0x4827a0 0x8dcf8 0x8c6f8
sendto 0x14 0x4827a4 0x8dcfc 0x8c6fc
htons 0x9 0x4827a8 0x8dd00 0x8c700
select 0x12 0x4827ac 0x8dd04 0x8c704
listen 0xd 0x4827b0 0x8dd08 0x8c708
WSAStartup 0x73 0x4827b4 0x8dd0c 0x8c70c
bind 0x2 0x4827b8 0x8dd10 0x8c710
closesocket 0x3 0x4827bc 0x8dd14 0x8c714
connect 0x4 0x4827c0 0x8dd18 0x8c718
socket 0x17 0x4827c4 0x8dd1c 0x8c71c
send 0x13 0x4827c8 0x8dd20 0x8c720
WSACleanup 0x74 0x4827cc 0x8dd24 0x8c724
ioctlsocket 0xa 0x4827d0 0x8dd28 0x8c728
accept 0x1 0x4827d4 0x8dd2c 0x8c72c
WSAGetLastError 0x6f 0x4827d8 0x8dd30 0x8c730
inet_addr 0xb 0x4827dc 0x8dd34 0x8c734
gethostbyname 0x34 0x4827e0 0x8dd38 0x8c738
gethostname 0x39 0x4827e4 0x8dd3c 0x8c73c
recv 0x10 0x4827e8 0x8dd40 0x8c740
VERSION.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VerQueryValueW 0x0 0x482738 0x8dc90 0x8c690
GetFileVersionInfoW 0x0 0x48273c 0x8dc94 0x8c694
GetFileVersionInfoSizeW 0x0 0x482740 0x8dc98 0x8c698
WINMM.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
timeGetTime 0x0 0x482784 0x8dcdc 0x8c6dc
waveOutSetVolume 0x0 0x482788 0x8dce0 0x8c6e0
mciSendStringW 0x0 0x48278c 0x8dce4 0x8c6e4
COMCTL32.dll (11)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ImageList_Remove 0x0 0x48208c 0x8d5e4 0x8bfe4
ImageList_SetDragCursorImage 0x0 0x482090 0x8d5e8 0x8bfe8
ImageList_BeginDrag 0x0 0x482094 0x8d5ec 0x8bfec
ImageList_DragEnter 0x0 0x482098 0x8d5f0 0x8bff0
ImageList_DragLeave 0x0 0x48209c 0x8d5f4 0x8bff4
ImageList_EndDrag 0x0 0x4820a0 0x8d5f8 0x8bff8
ImageList_DragMove 0x0 0x4820a4 0x8d5fc 0x8bffc
ImageList_ReplaceIcon 0x0 0x4820a8 0x8d600 0x8c000
ImageList_Create 0x0 0x4820ac 0x8d604 0x8c004
InitCommonControlsEx 0x0 0x4820b0 0x8d608 0x8c008
ImageList_Destroy 0x0 0x4820b4 0x8d60c 0x8c00c
MPR.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WNetCancelConnection2W 0x0 0x4823d8 0x8d930 0x8c330
WNetGetConnectionW 0x0 0x4823dc 0x8d934 0x8c334
WNetAddConnection2W 0x0 0x4823e0 0x8d938 0x8c338
WNetUseConnectionW 0x0 0x4823e4 0x8d93c 0x8c33c
WININET.dll (14)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
InternetReadFile 0x0 0x482748 0x8dca0 0x8c6a0
InternetCloseHandle 0x0 0x48274c 0x8dca4 0x8c6a4
InternetOpenW 0x0 0x482750 0x8dca8 0x8c6a8
InternetSetOptionW 0x0 0x482754 0x8dcac 0x8c6ac
InternetCrackUrlW 0x0 0x482758 0x8dcb0 0x8c6b0
HttpQueryInfoW 0x0 0x48275c 0x8dcb4 0x8c6b4
InternetConnectW 0x0 0x482760 0x8dcb8 0x8c6b8
HttpOpenRequestW 0x0 0x482764 0x8dcbc 0x8c6bc
HttpSendRequestW 0x0 0x482768 0x8dcc0 0x8c6c0
FtpOpenFileW 0x0 0x48276c 0x8dcc4 0x8c6c4
FtpGetFileSize 0x0 0x482770 0x8dcc8 0x8c6c8
InternetOpenUrlW 0x0 0x482774 0x8dccc 0x8c6cc
InternetQueryOptionW 0x0 0x482778 0x8dcd0 0x8c6d0
InternetQueryDataAvailable 0x0 0x48277c 0x8dcd4 0x8c6d4
PSAPI.DLL (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
EnumProcesses 0x0 0x482450 0x8d9a8 0x8c3a8
GetModuleBaseNameW 0x0 0x482454 0x8d9ac 0x8c3ac
GetProcessMemoryInfo 0x0 0x482458 0x8d9b0 0x8c3b0
EnumProcessModules 0x0 0x48245c 0x8d9b4 0x8c3b4
USERENV.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreateEnvironmentBlock 0x0 0x482724 0x8dc7c 0x8c67c
DestroyEnvironmentBlock 0x0 0x482728 0x8dc80 0x8c680
UnloadUserProfile 0x0 0x48272c 0x8dc84 0x8c684
LoadUserProfileW 0x0 0x482730 0x8dc88 0x8c688
KERNEL32.dll (159)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
HeapAlloc 0x0 0x482158 0x8d6b0 0x8c0b0
Sleep 0x0 0x48215c 0x8d6b4 0x8c0b4
GetCurrentThreadId 0x0 0x482160 0x8d6b8 0x8c0b8
RaiseException 0x0 0x482164 0x8d6bc 0x8c0bc
MulDiv 0x0 0x482168 0x8d6c0 0x8c0c0
GetVersionExW 0x0 0x48216c 0x8d6c4 0x8c0c4
GetSystemInfo 0x0 0x482170 0x8d6c8 0x8c0c8
InterlockedIncrement 0x0 0x482174 0x8d6cc 0x8c0cc
InterlockedDecrement 0x0 0x482178 0x8d6d0 0x8c0d0
WideCharToMultiByte 0x0 0x48217c 0x8d6d4 0x8c0d4
lstrcpyW 0x0 0x482180 0x8d6d8 0x8c0d8
MultiByteToWideChar 0x0 0x482184 0x8d6dc 0x8c0dc
lstrlenW 0x0 0x482188 0x8d6e0 0x8c0e0
lstrcmpiW 0x0 0x48218c 0x8d6e4 0x8c0e4
GetModuleHandleW 0x0 0x482190 0x8d6e8 0x8c0e8
QueryPerformanceCounter 0x0 0x482194 0x8d6ec 0x8c0ec
VirtualFreeEx 0x0 0x482198 0x8d6f0 0x8c0f0
OpenProcess 0x0 0x48219c 0x8d6f4 0x8c0f4
VirtualAllocEx 0x0 0x4821a0 0x8d6f8 0x8c0f8
WriteProcessMemory 0x0 0x4821a4 0x8d6fc 0x8c0fc
ReadProcessMemory 0x0 0x4821a8 0x8d700 0x8c100
CreateFileW 0x0 0x4821ac 0x8d704 0x8c104
SetFilePointerEx 0x0 0x4821b0 0x8d708 0x8c108
ReadFile 0x0 0x4821b4 0x8d70c 0x8c10c
WriteFile 0x0 0x4821b8 0x8d710 0x8c110
FlushFileBuffers 0x0 0x4821bc 0x8d714 0x8c114
TerminateProcess 0x0 0x4821c0 0x8d718 0x8c118
CreateToolhelp32Snapshot 0x0 0x4821c4 0x8d71c 0x8c11c
Process32FirstW 0x0 0x4821c8 0x8d720 0x8c120
Process32NextW 0x0 0x4821cc 0x8d724 0x8c124
SetFileTime 0x0 0x4821d0 0x8d728 0x8c128
GetFileAttributesW 0x0 0x4821d4 0x8d72c 0x8c12c
FindFirstFileW 0x0 0x4821d8 0x8d730 0x8c130
FindClose 0x0 0x4821dc 0x8d734 0x8c134
DeleteFileW 0x0 0x4821e0 0x8d738 0x8c138
FindNextFileW 0x0 0x4821e4 0x8d73c 0x8c13c
MoveFileW 0x0 0x4821e8 0x8d740 0x8c140
CopyFileW 0x0 0x4821ec 0x8d744 0x8c144
CreateDirectoryW 0x0 0x4821f0 0x8d748 0x8c148
RemoveDirectoryW 0x0 0x4821f4 0x8d74c 0x8c14c
GetProcessHeap 0x0 0x4821f8 0x8d750 0x8c150
QueryPerformanceFrequency 0x0 0x4821fc 0x8d754 0x8c154
FindResourceW 0x0 0x482200 0x8d758 0x8c158
LoadResource 0x0 0x482204 0x8d75c 0x8c15c
LockResource 0x0 0x482208 0x8d760 0x8c160
SizeofResource 0x0 0x48220c 0x8d764 0x8c164
EnumResourceNamesW 0x0 0x482210 0x8d768 0x8c168
OutputDebugStringW 0x0 0x482214 0x8d76c 0x8c16c
GetLocalTime 0x0 0x482218 0x8d770 0x8c170
CompareStringW 0x0 0x48221c 0x8d774 0x8c174
DeleteCriticalSection 0x0 0x482220 0x8d778 0x8c178
EnterCriticalSection 0x0 0x482224 0x8d77c 0x8c17c
LeaveCriticalSection 0x0 0x482228 0x8d780 0x8c180
InitializeCriticalSectionAndSpinCount 0x0 0x48222c 0x8d784 0x8c184
GetStdHandle 0x0 0x482230 0x8d788 0x8c188
CreatePipe 0x0 0x482234 0x8d78c 0x8c18c
InterlockedExchange 0x0 0x482238 0x8d790 0x8c190
TerminateThread 0x0 0x48223c 0x8d794 0x8c194
GetTempPathW 0x0 0x482240 0x8d798 0x8c198
GetTempFileNameW 0x0 0x482244 0x8d79c 0x8c19c
VirtualFree 0x0 0x482248 0x8d7a0 0x8c1a0
FormatMessageW 0x0 0x48224c 0x8d7a4 0x8c1a4
GetExitCodeProcess 0x0 0x482250 0x8d7a8 0x8c1a8
SetErrorMode 0x0 0x482254 0x8d7ac 0x8c1ac
GetPrivateProfileStringW 0x0 0x482258 0x8d7b0 0x8c1b0
WritePrivateProfileStringW 0x0 0x48225c 0x8d7b4 0x8c1b4
GetPrivateProfileSectionW 0x0 0x482260 0x8d7b8 0x8c1b8
WritePrivateProfileSectionW 0x0 0x482264 0x8d7bc 0x8c1bc
GetPrivateProfileSectionNamesW 0x0 0x482268 0x8d7c0 0x8c1c0
FileTimeToLocalFileTime 0x0 0x48226c 0x8d7c4 0x8c1c4
FileTimeToSystemTime 0x0 0x482270 0x8d7c8 0x8c1c8
SystemTimeToFileTime 0x0 0x482274 0x8d7cc 0x8c1cc
LocalFileTimeToFileTime 0x0 0x482278 0x8d7d0 0x8c1d0
GetDriveTypeW 0x0 0x48227c 0x8d7d4 0x8c1d4
GetDiskFreeSpaceExW 0x0 0x482280 0x8d7d8 0x8c1d8
GetDiskFreeSpaceW 0x0 0x482284 0x8d7dc 0x8c1dc
GetVolumeInformationW 0x0 0x482288 0x8d7e0 0x8c1e0
SetVolumeLabelW 0x0 0x48228c 0x8d7e4 0x8c1e4
CreateHardLinkW 0x0 0x482290 0x8d7e8 0x8c1e8
DeviceIoControl 0x0 0x482294 0x8d7ec 0x8c1ec
SetFileAttributesW 0x0 0x482298 0x8d7f0 0x8c1f0
GetShortPathNameW 0x0 0x48229c 0x8d7f4 0x8c1f4
CreateEventW 0x0 0x4822a0 0x8d7f8 0x8c1f8
SetEvent 0x0 0x4822a4 0x8d7fc 0x8c1fc
GetEnvironmentVariableW 0x0 0x4822a8 0x8d800 0x8c200
SetEnvironmentVariableW 0x0 0x4822ac 0x8d804 0x8c204
GlobalLock 0x0 0x4822b0 0x8d808 0x8c208
GlobalUnlock 0x0 0x4822b4 0x8d80c 0x8c20c
GlobalAlloc 0x0 0x4822b8 0x8d810 0x8c210
GetFileSize 0x0 0x4822bc 0x8d814 0x8c214
GlobalFree 0x0 0x4822c0 0x8d818 0x8c218
GlobalMemoryStatusEx 0x0 0x4822c4 0x8d81c 0x8c21c
Beep 0x0 0x4822c8 0x8d820 0x8c220
GetSystemDirectoryW 0x0 0x4822cc 0x8d824 0x8c224
GetComputerNameW 0x0 0x4822d0 0x8d828 0x8c228
GetWindowsDirectoryW 0x0 0x4822d4 0x8d82c 0x8c22c
GetCurrentProcessId 0x0 0x4822d8 0x8d830 0x8c230
GetCurrentThread 0x0 0x4822dc 0x8d834 0x8c234
GetProcessIoCounters 0x0 0x4822e0 0x8d838 0x8c238
CreateProcessW 0x0 0x4822e4 0x8d83c 0x8c23c
SetPriorityClass 0x0 0x4822e8 0x8d840 0x8c240
LoadLibraryW 0x0 0x4822ec 0x8d844 0x8c244
VirtualAlloc 0x0 0x4822f0 0x8d848 0x8c248
LoadLibraryExW 0x0 0x4822f4 0x8d84c 0x8c24c
HeapFree 0x0 0x4822f8 0x8d850 0x8c250
WaitForSingleObject 0x0 0x4822fc 0x8d854 0x8c254
CreateThread 0x0 0x482300 0x8d858 0x8c258
DuplicateHandle 0x0 0x482304 0x8d85c 0x8c25c
GetLastError 0x0 0x482308 0x8d860 0x8c260
CloseHandle 0x0 0x48230c 0x8d864 0x8c264
GetCurrentProcess 0x0 0x482310 0x8d868 0x8c268
GetProcAddress 0x0 0x482314 0x8d86c 0x8c26c
LoadLibraryA 0x0 0x482318 0x8d870 0x8c270
FreeLibrary 0x0 0x48231c 0x8d874 0x8c274
GetModuleFileNameW 0x0 0x482320 0x8d878 0x8c278
GetFullPathNameW 0x0 0x482324 0x8d87c 0x8c27c
SetCurrentDirectoryW 0x0 0x482328 0x8d880 0x8c280
IsDebuggerPresent 0x0 0x48232c 0x8d884 0x8c284
GetCurrentDirectoryW 0x0 0x482330 0x8d888 0x8c288
ExitProcess 0x0 0x482334 0x8d88c 0x8c28c
ExitThread 0x0 0x482338 0x8d890 0x8c290
GetSystemTimeAsFileTime 0x0 0x48233c 0x8d894 0x8c294
ResumeThread 0x0 0x482340 0x8d898 0x8c298
GetTimeFormatW 0x0 0x482344 0x8d89c 0x8c29c
GetDateFormatW 0x0 0x482348 0x8d8a0 0x8c2a0
GetCommandLineW 0x0 0x48234c 0x8d8a4 0x8c2a4
GetStartupInfoW 0x0 0x482350 0x8d8a8 0x8c2a8
IsProcessorFeaturePresent 0x0 0x482354 0x8d8ac 0x8c2ac
HeapSize 0x0 0x482358 0x8d8b0 0x8c2b0
GetCPInfo 0x0 0x48235c 0x8d8b4 0x8c2b4
GetACP 0x0 0x482360 0x8d8b8 0x8c2b8
GetOEMCP 0x0 0x482364 0x8d8bc 0x8c2bc
IsValidCodePage 0x0 0x482368 0x8d8c0 0x8c2c0
TlsAlloc 0x0 0x48236c 0x8d8c4 0x8c2c4
TlsGetValue 0x0 0x482370 0x8d8c8 0x8c2c8
TlsSetValue 0x0 0x482374 0x8d8cc 0x8c2cc
TlsFree 0x0 0x482378 0x8d8d0 0x8c2d0
SetLastError 0x0 0x48237c 0x8d8d4 0x8c2d4
UnhandledExceptionFilter 0x0 0x482380 0x8d8d8 0x8c2d8
SetUnhandledExceptionFilter 0x0 0x482384 0x8d8dc 0x8c2dc
GetStringTypeW 0x0 0x482388 0x8d8e0 0x8c2e0
HeapCreate 0x0 0x48238c 0x8d8e4 0x8c2e4
SetHandleCount 0x0 0x482390 0x8d8e8 0x8c2e8
GetFileType 0x0 0x482394 0x8d8ec 0x8c2ec
SetStdHandle 0x0 0x482398 0x8d8f0 0x8c2f0
GetConsoleCP 0x0 0x48239c 0x8d8f4 0x8c2f4
GetConsoleMode 0x0 0x4823a0 0x8d8f8 0x8c2f8
LCMapStringW 0x0 0x4823a4 0x8d8fc 0x8c2fc
RtlUnwind 0x0 0x4823a8 0x8d900 0x8c300
SetFilePointer 0x0 0x4823ac 0x8d904 0x8c304
GetTimeZoneInformation 0x0 0x4823b0 0x8d908 0x8c308
FreeEnvironmentStringsW 0x0 0x4823b4 0x8d90c 0x8c30c
GetEnvironmentStringsW 0x0 0x4823b8 0x8d910 0x8c310
GetTickCount 0x0 0x4823bc 0x8d914 0x8c314
HeapReAlloc 0x0 0x4823c0 0x8d918 0x8c318
WriteConsoleW 0x0 0x4823c4 0x8d91c 0x8c31c
SetEndOfFile 0x0 0x4823c8 0x8d920 0x8c320
SetSystemPowerState 0x0 0x4823cc 0x8d924 0x8c324
SetEnvironmentVariableA 0x0 0x4823d0 0x8d928 0x8c328
USER32.dll (160)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetCursorInfo 0x0 0x4824a0 0x8d9f8 0x8c3f8
RegisterHotKey 0x0 0x4824a4 0x8d9fc 0x8c3fc
ClientToScreen 0x0 0x4824a8 0x8da00 0x8c400
GetKeyboardLayoutNameW 0x0 0x4824ac 0x8da04 0x8c404
IsCharAlphaW 0x0 0x4824b0 0x8da08 0x8c408
IsCharAlphaNumericW 0x0 0x4824b4 0x8da0c 0x8c40c
IsCharLowerW 0x0 0x4824b8 0x8da10 0x8c410
IsCharUpperW 0x0 0x4824bc 0x8da14 0x8c414
GetMenuStringW 0x0 0x4824c0 0x8da18 0x8c418
GetSubMenu 0x0 0x4824c4 0x8da1c 0x8c41c
GetCaretPos 0x0 0x4824c8 0x8da20 0x8c420
IsZoomed 0x0 0x4824cc 0x8da24 0x8c424
MonitorFromPoint 0x0 0x4824d0 0x8da28 0x8c428
GetMonitorInfoW 0x0 0x4824d4 0x8da2c 0x8c42c
SetWindowLongW 0x0 0x4824d8 0x8da30 0x8c430
SetLayeredWindowAttributes 0x0 0x4824dc 0x8da34 0x8c434
FlashWindow 0x0 0x4824e0 0x8da38 0x8c438
GetClassLongW 0x0 0x4824e4 0x8da3c 0x8c43c
TranslateAcceleratorW 0x0 0x4824e8 0x8da40 0x8c440
IsDialogMessageW 0x0 0x4824ec 0x8da44 0x8c444
GetSysColor 0x0 0x4824f0 0x8da48 0x8c448
InflateRect 0x0 0x4824f4 0x8da4c 0x8c44c
DrawFocusRect 0x0 0x4824f8 0x8da50 0x8c450
DrawTextW 0x0 0x4824fc 0x8da54 0x8c454
FrameRect 0x0 0x482500 0x8da58 0x8c458
DrawFrameControl 0x0 0x482504 0x8da5c 0x8c45c
FillRect 0x0 0x482508 0x8da60 0x8c460
PtInRect 0x0 0x48250c 0x8da64 0x8c464
DestroyAcceleratorTable 0x0 0x482510 0x8da68 0x8c468
CreateAcceleratorTableW 0x0 0x482514 0x8da6c 0x8c46c
SetCursor 0x0 0x482518 0x8da70 0x8c470
GetWindowDC 0x0 0x48251c 0x8da74 0x8c474
GetSystemMetrics 0x0 0x482520 0x8da78 0x8c478
GetActiveWindow 0x0 0x482524 0x8da7c 0x8c47c
CharNextW 0x0 0x482528 0x8da80 0x8c480
wsprintfW 0x0 0x48252c 0x8da84 0x8c484
RedrawWindow 0x0 0x482530 0x8da88 0x8c488
DrawMenuBar 0x0 0x482534 0x8da8c 0x8c48c
DestroyMenu 0x0 0x482538 0x8da90 0x8c490
SetMenu 0x0 0x48253c 0x8da94 0x8c494
GetWindowTextLengthW 0x0 0x482540 0x8da98 0x8c498
CreateMenu 0x0 0x482544 0x8da9c 0x8c49c
IsDlgButtonChecked 0x0 0x482548 0x8daa0 0x8c4a0
DefDlgProcW 0x0 0x48254c 0x8daa4 0x8c4a4
ReleaseCapture 0x0 0x482550 0x8daa8 0x8c4a8
SetCapture 0x0 0x482554 0x8daac 0x8c4ac
WindowFromPoint 0x0 0x482558 0x8dab0 0x8c4b0
LoadImageW 0x0 0x48255c 0x8dab4 0x8c4b4
CreateIconFromResourceEx 0x0 0x482560 0x8dab8 0x8c4b8
mouse_event 0x0 0x482564 0x8dabc 0x8c4bc
ExitWindowsEx 0x0 0x482568 0x8dac0 0x8c4c0
SetActiveWindow 0x0 0x48256c 0x8dac4 0x8c4c4
FindWindowExW 0x0 0x482570 0x8dac8 0x8c4c8
EnumThreadWindows 0x0 0x482574 0x8dacc 0x8c4cc
SetMenuDefaultItem 0x0 0x482578 0x8dad0 0x8c4d0
InsertMenuItemW 0x0 0x48257c 0x8dad4 0x8c4d4
IsMenu 0x0 0x482580 0x8dad8 0x8c4d8
TrackPopupMenuEx 0x0 0x482584 0x8dadc 0x8c4dc
GetCursorPos 0x0 0x482588 0x8dae0 0x8c4e0
DeleteMenu 0x0 0x48258c 0x8dae4 0x8c4e4
CheckMenuRadioItem 0x0 0x482590 0x8dae8 0x8c4e8
SetWindowPos 0x0 0x482594 0x8daec 0x8c4ec
GetMenuItemCount 0x0 0x482598 0x8daf0 0x8c4f0
SetMenuItemInfoW 0x0 0x48259c 0x8daf4 0x8c4f4
GetMenuItemInfoW 0x0 0x4825a0 0x8daf8 0x8c4f8
SetForegroundWindow 0x0 0x4825a4 0x8dafc 0x8c4fc
IsIconic 0x0 0x4825a8 0x8db00 0x8c500
FindWindowW 0x0 0x4825ac 0x8db04 0x8c504
SystemParametersInfoW 0x0 0x4825b0 0x8db08 0x8c508
TranslateMessage 0x0 0x4825b4 0x8db0c 0x8c50c
SendInput 0x0 0x4825b8 0x8db10 0x8c510
GetAsyncKeyState 0x0 0x4825bc 0x8db14 0x8c514
SetKeyboardState 0x0 0x4825c0 0x8db18 0x8c518
GetKeyboardState 0x0 0x4825c4 0x8db1c 0x8c51c
GetKeyState 0x0 0x4825c8 0x8db20 0x8c520
VkKeyScanW 0x0 0x4825cc 0x8db24 0x8c524
LoadStringW 0x0 0x4825d0 0x8db28 0x8c528
DialogBoxParamW 0x0 0x4825d4 0x8db2c 0x8c52c
MessageBeep 0x0 0x4825d8 0x8db30 0x8c530
EndDialog 0x0 0x4825dc 0x8db34 0x8c534
SendDlgItemMessageW 0x0 0x4825e0 0x8db38 0x8c538
GetDlgItem 0x0 0x4825e4 0x8db3c 0x8c53c
SetWindowTextW 0x0 0x4825e8 0x8db40 0x8c540
CopyRect 0x0 0x4825ec 0x8db44 0x8c544
ReleaseDC 0x0 0x4825f0 0x8db48 0x8c548
GetDC 0x0 0x4825f4 0x8db4c 0x8c54c
EndPaint 0x0 0x4825f8 0x8db50 0x8c550
BeginPaint 0x0 0x4825fc 0x8db54 0x8c554
GetClientRect 0x0 0x482600 0x8db58 0x8c558
GetMenu 0x0 0x482604 0x8db5c 0x8c55c
DestroyWindow 0x0 0x482608 0x8db60 0x8c560
EnumWindows 0x0 0x48260c 0x8db64 0x8c564
GetDesktopWindow 0x0 0x482610 0x8db68 0x8c568
IsWindow 0x0 0x482614 0x8db6c 0x8c56c
IsWindowEnabled 0x0 0x482618 0x8db70 0x8c570
IsWindowVisible 0x0 0x48261c 0x8db74 0x8c574
EnableWindow 0x0 0x482620 0x8db78 0x8c578
InvalidateRect 0x0 0x482624 0x8db7c 0x8c57c
GetWindowLongW 0x0 0x482628 0x8db80 0x8c580
AttachThreadInput 0x0 0x48262c 0x8db84 0x8c584
GetFocus 0x0 0x482630 0x8db88 0x8c588
GetWindowTextW 0x0 0x482634 0x8db8c 0x8c58c
ScreenToClient 0x0 0x482638 0x8db90 0x8c590
SendMessageTimeoutW 0x0 0x48263c 0x8db94 0x8c594
EnumChildWindows 0x0 0x482640 0x8db98 0x8c598
CharUpperBuffW 0x0 0x482644 0x8db9c 0x8c59c
GetClassNameW 0x0 0x482648 0x8dba0 0x8c5a0
GetParent 0x0 0x48264c 0x8dba4 0x8c5a4
GetDlgCtrlID 0x0 0x482650 0x8dba8 0x8c5a8
SendMessageW 0x0 0x482654 0x8dbac 0x8c5ac
MapVirtualKeyW 0x0 0x482658 0x8dbb0 0x8c5b0
PostMessageW 0x0 0x48265c 0x8dbb4 0x8c5b4
GetWindowRect 0x0 0x482660 0x8dbb8 0x8c5b8
SetUserObjectSecurity 0x0 0x482664 0x8dbbc 0x8c5bc
GetUserObjectSecurity 0x0 0x482668 0x8dbc0 0x8c5c0
CloseDesktop 0x0 0x48266c 0x8dbc4 0x8c5c4
CloseWindowStation 0x0 0x482670 0x8dbc8 0x8c5c8
OpenDesktopW 0x0 0x482674 0x8dbcc 0x8c5cc
SetProcessWindowStation 0x0 0x482678 0x8dbd0 0x8c5d0
GetProcessWindowStation 0x0 0x48267c 0x8dbd4 0x8c5d4
OpenWindowStationW 0x0 0x482680 0x8dbd8 0x8c5d8
MessageBoxW 0x0 0x482684 0x8dbdc 0x8c5dc
DefWindowProcW 0x0 0x482688 0x8dbe0 0x8c5e0
CopyImage 0x0 0x48268c 0x8dbe4 0x8c5e4
AdjustWindowRectEx 0x0 0x482690 0x8dbe8 0x8c5e8
SetRect 0x0 0x482694 0x8dbec 0x8c5ec
SetClipboardData 0x0 0x482698 0x8dbf0 0x8c5f0
EmptyClipboard 0x0 0x48269c 0x8dbf4 0x8c5f4
CountClipboardFormats 0x0 0x4826a0 0x8dbf8 0x8c5f8
CloseClipboard 0x0 0x4826a4 0x8dbfc 0x8c5fc
GetClipboardData 0x0 0x4826a8 0x8dc00 0x8c600
IsClipboardFormatAvailable 0x0 0x4826ac 0x8dc04 0x8c604
OpenClipboard 0x0 0x4826b0 0x8dc08 0x8c608
BlockInput 0x0 0x4826b4 0x8dc0c 0x8c60c
GetMessageW 0x0 0x4826b8 0x8dc10 0x8c610
LockWindowUpdate 0x0 0x4826bc 0x8dc14 0x8c614
GetMenuItemID 0x0 0x4826c0 0x8dc18 0x8c618
DispatchMessageW 0x0 0x4826c4 0x8dc1c 0x8c61c
MoveWindow 0x0 0x4826c8 0x8dc20 0x8c620
SetFocus 0x0 0x4826cc 0x8dc24 0x8c624
PostQuitMessage 0x0 0x4826d0 0x8dc28 0x8c628
KillTimer 0x0 0x4826d4 0x8dc2c 0x8c62c
CreatePopupMenu 0x0 0x4826d8 0x8dc30 0x8c630
RegisterWindowMessageW 0x0 0x4826dc 0x8dc34 0x8c634
SetTimer 0x0 0x4826e0 0x8dc38 0x8c638
ShowWindow 0x0 0x4826e4 0x8dc3c 0x8c63c
CreateWindowExW 0x0 0x4826e8 0x8dc40 0x8c640
RegisterClassExW 0x0 0x4826ec 0x8dc44 0x8c644
LoadIconW 0x0 0x4826f0 0x8dc48 0x8c648
LoadCursorW 0x0 0x4826f4 0x8dc4c 0x8c64c
GetSysColorBrush 0x0 0x4826f8 0x8dc50 0x8c650
GetForegroundWindow 0x0 0x4826fc 0x8dc54 0x8c654
MessageBoxA 0x0 0x482700 0x8dc58 0x8c658
DestroyIcon 0x0 0x482704 0x8dc5c 0x8c65c
PeekMessageW 0x0 0x482708 0x8dc60 0x8c660
UnregisterHotKey 0x0 0x48270c 0x8dc64 0x8c664
CharLowerBuffW 0x0 0x482710 0x8dc68 0x8c668
keybd_event 0x0 0x482714 0x8dc6c 0x8c66c
MonitorFromRect 0x0 0x482718 0x8dc70 0x8c670
GetWindowThreadProcessId 0x0 0x48271c 0x8dc74 0x8c674
GDI32.dll (35)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DeleteObject 0x0 0x4820c8 0x8d620 0x8c020
AngleArc 0x0 0x4820cc 0x8d624 0x8c024
GetTextExtentPoint32W 0x0 0x4820d0 0x8d628 0x8c028
ExtCreatePen 0x0 0x4820d4 0x8d62c 0x8c02c
StrokeAndFillPath 0x0 0x4820d8 0x8d630 0x8c030
StrokePath 0x0 0x4820dc 0x8d634 0x8c034
EndPath 0x0 0x4820e0 0x8d638 0x8c038
SetPixel 0x0 0x4820e4 0x8d63c 0x8c03c
CloseFigure 0x0 0x4820e8 0x8d640 0x8c040
CreateCompatibleBitmap 0x0 0x4820ec 0x8d644 0x8c044
CreateCompatibleDC 0x0 0x4820f0 0x8d648 0x8c048
SelectObject 0x0 0x4820f4 0x8d64c 0x8c04c
StretchBlt 0x0 0x4820f8 0x8d650 0x8c050
GetDIBits 0x0 0x4820fc 0x8d654 0x8c054
GetDeviceCaps 0x0 0x482100 0x8d658 0x8c058
MoveToEx 0x0 0x482104 0x8d65c 0x8c05c
DeleteDC 0x0 0x482108 0x8d660 0x8c060
GetPixel 0x0 0x48210c 0x8d664 0x8c064
CreateDCW 0x0 0x482110 0x8d668 0x8c068
Ellipse 0x0 0x482114 0x8d66c 0x8c06c
PolyDraw 0x0 0x482118 0x8d670 0x8c070
BeginPath 0x0 0x48211c 0x8d674 0x8c074
Rectangle 0x0 0x482120 0x8d678 0x8c078
SetViewportOrgEx 0x0 0x482124 0x8d67c 0x8c07c
GetObjectW 0x0 0x482128 0x8d680 0x8c080
SetBkMode 0x0 0x48212c 0x8d684 0x8c084
RoundRect 0x0 0x482130 0x8d688 0x8c088
SetBkColor 0x0 0x482134 0x8d68c 0x8c08c
CreatePen 0x0 0x482138 0x8d690 0x8c090
CreateSolidBrush 0x0 0x48213c 0x8d694 0x8c094
SetTextColor 0x0 0x482140 0x8d698 0x8c098
CreateFontW 0x0 0x482144 0x8d69c 0x8c09c
GetTextFaceW 0x0 0x482148 0x8d6a0 0x8c0a0
GetStockObject 0x0 0x48214c 0x8d6a4 0x8c0a4
LineTo 0x0 0x482150 0x8d6a8 0x8c0a8
COMDLG32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetSaveFileNameW 0x0 0x4820bc 0x8d614 0x8c014
GetOpenFileNameW 0x0 0x4820c0 0x8d618 0x8c018
ADVAPI32.dll (34)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegEnumValueW 0x0 0x482000 0x8d558 0x8bf58
RegDeleteValueW 0x0 0x482004 0x8d55c 0x8bf5c
RegDeleteKeyW 0x0 0x482008 0x8d560 0x8bf60
RegEnumKeyExW 0x0 0x48200c 0x8d564 0x8bf64
RegSetValueExW 0x0 0x482010 0x8d568 0x8bf68
RegCreateKeyExW 0x0 0x482014 0x8d56c 0x8bf6c
GetUserNameW 0x0 0x482018 0x8d570 0x8bf70
RegConnectRegistryW 0x0 0x48201c 0x8d574 0x8bf74
CloseServiceHandle 0x0 0x482020 0x8d578 0x8bf78
UnlockServiceDatabase 0x0 0x482024 0x8d57c 0x8bf7c
OpenThreadToken 0x0 0x482028 0x8d580 0x8bf80
OpenProcessToken 0x0 0x48202c 0x8d584 0x8bf84
LookupPrivilegeValueW 0x0 0x482030 0x8d588 0x8bf88
DuplicateTokenEx 0x0 0x482034 0x8d58c 0x8bf8c
CreateProcessAsUserW 0x0 0x482038 0x8d590 0x8bf90
CreateProcessWithLogonW 0x0 0x48203c 0x8d594 0x8bf94
InitializeSecurityDescriptor 0x0 0x482040 0x8d598 0x8bf98
InitializeAcl 0x0 0x482044 0x8d59c 0x8bf9c
GetLengthSid 0x0 0x482048 0x8d5a0 0x8bfa0
CopySid 0x0 0x48204c 0x8d5a4 0x8bfa4
LogonUserW 0x0 0x482050 0x8d5a8 0x8bfa8
LockServiceDatabase 0x0 0x482054 0x8d5ac 0x8bfac
GetTokenInformation 0x0 0x482058 0x8d5b0 0x8bfb0
GetSecurityDescriptorDacl 0x0 0x48205c 0x8d5b4 0x8bfb4
GetAclInformation 0x0 0x482060 0x8d5b8 0x8bfb8
GetAce 0x0 0x482064 0x8d5bc 0x8bfbc
AddAce 0x0 0x482068 0x8d5c0 0x8bfc0
SetSecurityDescriptorDacl 0x0 0x48206c 0x8d5c4 0x8bfc4
RegOpenKeyExW 0x0 0x482070 0x8d5c8 0x8bfc8
RegQueryValueExW 0x0 0x482074 0x8d5cc 0x8bfcc
AdjustTokenPrivileges 0x0 0x482078 0x8d5d0 0x8bfd0
InitiateSystemShutdownExW 0x0 0x48207c 0x8d5d4 0x8bfd4
OpenSCManagerW 0x0 0x482080 0x8d5d8 0x8bfd8
RegCloseKey 0x0 0x482084 0x8d5dc 0x8bfdc
SHELL32.dll (14)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DragQueryPoint 0x0 0x482464 0x8d9bc 0x8c3bc
ShellExecuteExW 0x0 0x482468 0x8d9c0 0x8c3c0
SHGetFolderPathW 0x0 0x48246c 0x8d9c4 0x8c3c4
DragQueryFileW 0x0 0x482470 0x8d9c8 0x8c3c8
SHEmptyRecycleBinW 0x0 0x482474 0x8d9cc 0x8c3cc
SHBrowseForFolderW 0x0 0x482478 0x8d9d0 0x8c3d0
SHFileOperationW 0x0 0x48247c 0x8d9d4 0x8c3d4
SHGetPathFromIDListW 0x0 0x482480 0x8d9d8 0x8c3d8
SHGetDesktopFolder 0x0 0x482484 0x8d9dc 0x8c3dc
SHGetMalloc 0x0 0x482488 0x8d9e0 0x8c3e0
ExtractIconExW 0x0 0x48248c 0x8d9e4 0x8c3e4
Shell_NotifyIconW 0x0 0x482490 0x8d9e8 0x8c3e8
ShellExecuteW 0x0 0x482494 0x8d9ec 0x8c3ec
DragFinish 0x0 0x482498 0x8d9f0 0x8c3f0
ole32.dll (20)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
OleSetMenuDescriptor 0x0 0x4827f0 0x8dd48 0x8c748
MkParseDisplayName 0x0 0x4827f4 0x8dd4c 0x8c74c
OleSetContainedObject 0x0 0x4827f8 0x8dd50 0x8c750
CLSIDFromString 0x0 0x4827fc 0x8dd54 0x8c754
StringFromGUID2 0x0 0x482800 0x8dd58 0x8c758
CoInitialize 0x0 0x482804 0x8dd5c 0x8c75c
CoUninitialize 0x0 0x482808 0x8dd60 0x8c760
CoCreateInstance 0x0 0x48280c 0x8dd64 0x8c764
CreateStreamOnHGlobal 0x0 0x482810 0x8dd68 0x8c768
CoTaskMemAlloc 0x0 0x482814 0x8dd6c 0x8c76c
CoTaskMemFree 0x0 0x482818 0x8dd70 0x8c770
ProgIDFromCLSID 0x0 0x48281c 0x8dd74 0x8c774
OleInitialize 0x0 0x482820 0x8dd78 0x8c778
CreateBindCtx 0x0 0x482824 0x8dd7c 0x8c77c
CLSIDFromProgID 0x0 0x482828 0x8dd80 0x8c780
CoInitializeSecurity 0x0 0x48282c 0x8dd84 0x8c784
CoCreateInstanceEx 0x0 0x482830 0x8dd88 0x8c788
CoSetProxyBlanket 0x0 0x482834 0x8dd8c 0x8c78c
OleUninitialize 0x0 0x482838 0x8dd90 0x8c790
IIDFromString 0x0 0x48283c 0x8dd94 0x8c794
OLEAUT32.dll (24)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VariantChangeType 0xc 0x4823ec 0x8d944 0x8c344
VariantCopyInd 0xb 0x4823f0 0x8d948 0x8c348
DispCallFunc 0x92 0x4823f4 0x8d94c 0x8c34c
CreateStdDispatch 0x20 0x4823f8 0x8d950 0x8c350
CreateDispTypeInfo 0x1f 0x4823fc 0x8d954 0x8c354
SysFreeString 0x6 0x482400 0x8d958 0x8c358
SafeArrayDestroyDescriptor 0x26 0x482404 0x8d95c 0x8c35c
SafeArrayDestroyData 0x27 0x482408 0x8d960 0x8c360
SafeArrayUnaccessData 0x18 0x48240c 0x8d964 0x8c364
SysStringLen 0x7 0x482410 0x8d968 0x8c368
SafeArrayAllocData 0x25 0x482414 0x8d96c 0x8c36c
GetActiveObject 0x23 0x482418 0x8d970 0x8c370
QueryPathOfRegTypeLib 0xa4 0x48241c 0x8d974 0x8c374
SafeArrayAllocDescriptorEx 0x29 0x482420 0x8d978 0x8c378
SafeArrayCreateVector 0x19b 0x482424 0x8d97c 0x8c37c
SysAllocString 0x2 0x482428 0x8d980 0x8c380
VariantCopy 0xa 0x48242c 0x8d984 0x8c384
VariantClear 0x9 0x482430 0x8d988 0x8c388
VariantTimeToSystemTime 0xb9 0x482434 0x8d98c 0x8c38c
VarR8FromDec 0xdc 0x482438 0x8d990 0x8c390
SafeArrayGetVartype 0x4d 0x48243c 0x8d994 0x8c394
OleLoadPicture 0x1a2 0x482440 0x8d998 0x8c398
SafeArrayAccessData 0x17 0x482444 0x8d99c 0x8c39c
VariantInit 0x8 0x482448 0x8d9a0 0x8c3a0
Icons (9)
+
Icon Icon Icon Icon Icon Icon Icon Icon Icon
Digital Signatures (1)
+
Signature Properties
LegalCopyright \xa91999-2012 Jonathan Bennett & AutoIt Team
InternalName AutoIt3.exe
FileVersion 3, 3, 8, 1
CompanyName AutoIt Team
Comments http://www.autoitscript.com/autoit3/
ProductName AutoIt v3 Script
ProductVersion 3, 3, 8, 1
FileDescription AutoIt v3 Script
OriginalFilename AutoIt3.exe
Signature verification True
Certificate: AutoIt Consulting Ltd
+
Certificate Properties
Issued by GlobalSign ObjectSign CA
Valid from 2011-05-25 09:43
Valid to 2014-05-25 09:43
Algorithm SHA-1 with RSA Encryption
Serial number 10 00 00 00 00 13 02 69 3C B4 5
Issuer Certificate: GlobalSign ObjectSign CA
+
Certificate Properties
Issued by GlobalSign Primary Object Publishing CA
Valid from 2004-01-22 10:00
Valid to 2017-01-27 10:00
Algorithm SHA-1 with RSA Encryption
Serial number 40 00 00 00 00 12 39 E0 FA F2 4
Issuer Certificate: GlobalSign Primary Object Publishing CA
+
Certificate Properties
Issued by GlobalSign Root CA
Valid from 1999-01-28 13:00
Valid to 2017-01-27 12:00
Algorithm SHA-1 with RSA Encryption
Serial number 40 00 00 00 00 12 39 E0 FA CB 3
Issuer Certificate: GlobalSign Root CA
+
Certificate Properties
Issued by GlobalSign Root CA
Valid from 1998-09-01 12:00
Valid to 2028-01-28 12:00
Algorithm SHA-1 with RSA Encryption
Serial number 40 00 00 00 00 11 54 B5 AC 39 4
Digital Countersignatures (1)
+
Signature Properties
LegalCopyright \xa91999-2012 Jonathan Bennett & AutoIt Team
InternalName AutoIt3.exe
FileVersion 3, 3, 8, 1
CompanyName AutoIt Team
Comments http://www.autoitscript.com/autoit3/
ProductName AutoIt v3 Script
ProductVersion 3, 3, 8, 1
FileDescription AutoIt v3 Script
OriginalFilename AutoIt3.exe
Signature verification True
Certificate: GlobalSign Time Stamping Authority
+
Certificate Properties
Issued by GlobalSign Timestamping CA
Valid from 2009-12-21 09:32
Valid to 2020-12-22 09:32
Algorithm SHA-1 with RSA Encryption
Serial number 10 00 00 00 00 12 5B 0B 4C C0 1
Issuer Certificate: GlobalSign Timestamping CA
+
Certificate Properties
Issued by GlobalSign Root CA
Valid from 2009-03-18 11:00
Valid to 2028-01-28 12:00
Algorithm SHA-1 with RSA Encryption
Serial number 40 00 00 00 00 12 01 9C 19 06 6
Issuer Certificate: GlobalSign Root CA
+
Certificate Properties
Issued by GlobalSign Root CA
Valid from 1998-09-01 12:00
Valid to 2028-01-28 12:00
Algorithm SHA-1 with RSA Encryption
Serial number 40 00 00 00 00 11 54 B5 AC 39 4
c:\users\eebsym5\appdata\local\temp\60484525\jdl.jpg
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\jdl.jpg (Created File)
Size 0.58 KB (593 bytes)
Hash Values MD5: 4cf50661adbe97e9144a1ae14e0cc2d4
SHA1: 6cfecd4625e5cac62f73cd766c0695545615a80e
SHA256: 01da59d2d9a62cc31d8a28f02e58762f775783d072dc92cd4882472991c6c489
Actions
c:\users\eebsym5\appdata\local\temp\60484525\vqm.xl
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\vqm.xl (Created File)
Size 0.51 KB (525 bytes)
Hash Values MD5: 39f5c28a7805e6993c878e2445b6de4f
SHA1: b1a4702db810d76ca9dab4a40b464161447a8485
SHA256: 2fb689a6de68f133a7baab6c6f6458fae38c6dae4d90f62da2b90641a048fc2a
Actions
c:\users\eebsym5\appdata\local\temp\60484525\bcu.mp4
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\bcu.mp4 (Created File)
Size 0.51 KB (521 bytes)
Hash Values MD5: e800b240b278b15f7e04a9aa5aad5a94
SHA1: 5c57cfd08c138ecb8aaf08638ff708ed0fc11e9c
SHA256: d4c33eed67247dbddc3dcd7400bd24fd7209a597f468978f014568c2ee0a7fd1
Actions
c:\users\eebsym5\appdata\local\temp\60484525\rnr.mp3
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\rnr.mp3 (Created File)
Size 0.54 KB (556 bytes)
Hash Values MD5: a1c50816b65f30e2260479114d0bcab6
SHA1: 74c73a920cbd9ef1057d4d8d7589363d14e4a55b
SHA256: c18f5a54575e9b56f95bbeb353318cba41fefbadc7f101589d5fc0df3fd56141
Actions
c:\users\eebsym5\appdata\local\temp\60484525\cvg.mp4
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\cvg.mp4 (Created File)
Size 0.49 KB (505 bytes)
Hash Values MD5: da230cfbc8a80e350c87d894eebb76b9
SHA1: ea6d7ae1dc826a9344c00a01d47e92ee60bd6d61
SHA256: bdfc89fb5460d262442882b76f31f9853370abd79e86be034afb53e2be694118
Actions
c:\users\eebsym5\appdata\local\temp\60484525\chm.docx
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\chm.docx (Created File)
Size 0.60 KB (614 bytes)
Hash Values MD5: 84d55a12fc2416df5c1553ee17ad0992
SHA1: b402fc11ff5ef3552be26235e9fd016c7fe912b2
SHA256: 918778adbeba224f4b9dd8910b717cf706563c35e06fbe0d04dfb00ced8678ee
Actions
c:\users\eebsym5\appdata\local\temp\60484525\vua.jpg
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\vua.jpg (Created File)
Size 0.50 KB (509 bytes)
Hash Values MD5: 6dd73a9654139bb6529a72207ddfde0f
SHA1: bd67f636d12ed1c4cff28f6a9a84e28b97d7f1a5
SHA256: 42220eec08a393cd359ec79cb610d2a845926b8d8119eb505276564aa25698c9
Actions
c:\users\eebsym5\appdata\local\temp\60484525\oxl.ico
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\oxl.ico (Created File)
Size 0.51 KB (520 bytes)
Hash Values MD5: 22c528e901375639d3a014f6fe12ed43
SHA1: 74f6a3c188759980c3e7dc9de94642f86a18fb59
SHA256: 1af85ae13aa9aa6114ec4c03cfd840fb8222eeceb611aac530411979bd9bede9
Actions
c:\users\eebsym5\appdata\local\temp\60484525\fun.mp4
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\fun.mp4 (Created File)
Size 0.62 KB (633 bytes)
Hash Values MD5: 41db425bddeb6edff3829ede53e4b059
SHA1: 8355713e8ff5b27cc72f2a784d597be7d02e3c26
SHA256: 668dff85c71ac5142e3105426be365b7834e1dd8e3e0043674a272af26138f35
Actions
c:\users\eebsym5\appdata\local\temp\60484525\fqv.xl
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\fqv.xl (Created File)
Size 0.55 KB (567 bytes)
Hash Values MD5: 2a8d81d0726edc11e6e4f75207fee58c
SHA1: 041b9554b7a23b86240e82c0c18e0c34cfdd4ae1
SHA256: bc2d0c9ff398b2883465e9c5963d0a8933b034ae43f6002481f674b5ade6c839
Actions
c:\users\eebsym5\appdata\local\temp\60484525\hgu.ico
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\hgu.ico (Created File)
Size 0.56 KB (569 bytes)
Hash Values MD5: e9a2566e0a5296cf122c7089e0558baf
SHA1: e7d3001b6b6ebf6928e942f4c8343f4f551e0284
SHA256: 418946d3f5ab5a04d537045108c4e8db6dcb48bb465e2d0a01f91723b7948e49
Actions
c:\users\eebsym5\appdata\local\temp\60484525\brh.ppt
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\brh.ppt (Created File)
Size 0.58 KB (597 bytes)
Hash Values MD5: fda5e079dbe06cc05c59ba4e27fa48c2
SHA1: 88181205ec8323e457d5bcd4e7a03cea28ad47c7
SHA256: 75cfe292e1d9d6bd3bdadfe1ce6bef7a57bfc2a6bb7ce6fecd497bf4ec583c37
Actions
c:\users\eebsym5\appdata\local\temp\60484525\xqa.mp4
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\xqa.mp4 (Created File)
Size 0.54 KB (551 bytes)
Hash Values MD5: d46dd879f8205faa467df9c9a0019a9d
SHA1: 25631b0a07e69d1dc8e93e5e51946a27f98d2b17
SHA256: aa93b72e74034ed72878672e776fbe7fa55e93f78e485a337cbeae4bd18f4917
Actions
c:\users\eebsym5\appdata\local\temp\60484525\jub.bmp
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\jub.bmp (Created File)
Size 0.56 KB (574 bytes)
Hash Values MD5: 81932b74d719d9feaee98fd12634ac5b
SHA1: a7283637bc88dacb689b39cebfc28a91e32f1e03
SHA256: 1c9ccc3a409e293eadbb70410de3c3405da55ceb47d36a639054b6f5c10a3c91
Actions
c:\users\eebsym5\appdata\local\temp\60484525\jgu.bmp
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\jgu.bmp (Created File)
Size 0.52 KB (532 bytes)
Hash Values MD5: 2a84b8aefabec88301c0f50f7cfb46f6
SHA1: e4b2c15448b6dace8cfa8227784b3f9396a2f498
SHA256: ef754e4a3efc638823684023ef2ddbbcdaf1354c290e4c33ef394df4c2a8d2ca
Actions
c:\users\eebsym5\appdata\local\temp\60484525\tik.icm
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\tik.icm (Created File)
Size 0.54 KB (550 bytes)
Hash Values MD5: 74efb6a98e74a829daafef9945004dca
SHA1: c5102cd3b0d7602f51099a27657b37a3bf787561
SHA256: bf1ab35f7bd5d5fc365d2c176bb5c5374e578b8424ed0fde82f55d1eae1d350d
Actions
c:\users\eebsym5\appdata\local\temp\60484525\wjv.pdf
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\wjv.pdf (Created File)
Size 0.53 KB (539 bytes)
Hash Values MD5: 1474405a725bc37f9fea9479c11a78bf
SHA1: b57f9f373b5323f3b701bf350fd98cf8a827b3ff
SHA256: d83ec42f0ff63cf14851f789e85f2dc33d76cb4c2409e1488f7474df2086033f
Actions
c:\users\eebsym5\appdata\local\temp\60484525\nvl.xl
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\nvl.xl (Created File)
Size 0.51 KB (526 bytes)
Hash Values MD5: 90ca387ad342c41ae796173d560ccf84
SHA1: eb03b500bbf683a889c4758d228b55cedddd4c30
SHA256: 0ecf3eb5d0f794e7e32a941580da8641bff3bf248a68df43a35ae16d77eda192
Actions
c:\users\eebsym5\appdata\local\temp\60484525\xfg.dat
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\xfg.dat (Created File)
Size 0.51 KB (520 bytes)
Hash Values MD5: c82da2a4e862c90a2d961098b1d64956
SHA1: 7edf516e6c807d8fa5aa912e23d9460721769207
SHA256: db7f2a223fef17affd13a518ac21c7675942bd475bc416dd78c7c6c186548b64
Actions
c:\users\eebsym5\appdata\local\temp\60484525\aqa.bmp
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\aqa.bmp (Created File)
Size 0.54 KB (557 bytes)
Hash Values MD5: f8b9deca33aba33d64623f47e7c88855
SHA1: a70b7a6327133486d04d4d3c57bd8930a3e3a698
SHA256: 449952af1c2bd2a2e1878b3a81044793305185a7d27f0066521645906a5040c7
Actions
c:\users\eebsym5\appdata\local\temp\60484525\rnj.mp3
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\rnj.mp3 (Created File)
Size 0.53 KB (547 bytes)
Hash Values MD5: 6effc77853a885dd155870e04545880b
SHA1: 98ebfdb5b3ef2c2db538a290a0a26bc6cf885916
SHA256: 89b82044c02980606c7d6b39aa2cf08b66ca0db7e1b5ad23a7c0d64e056340d2
Actions
c:\users\eebsym5\appdata\local\temp\60484525\eff.icm
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\eff.icm (Created File)
Size 0.51 KB (522 bytes)
Hash Values MD5: c2f588f89c85d3c2c97e128f27234f2c
SHA1: b2b64e8b77e831f3a16fdd1da61f8f64f514b19e
SHA256: 1e8e0cc104f8c880f3a6d312f6bdc99c5f3f4fd3ee081eee7e2534ed511209fd
Actions
c:\users\eebsym5\appdata\local\temp\60484525\isi.xl
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\isi.xl (Created File)
Size 0.50 KB (507 bytes)
Hash Values MD5: 469067bf5a94e9002cf154a81f397c6a
SHA1: 737b86b50e3998052920f02bde3ad487743f1a6a
SHA256: 6b418ce9673895fb76b32b67faf05073e577444d82bf42ff21733e1f057c3d60
Actions
c:\users\eebsym5\appdata\local\temp\60484525\upe.mp3
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\upe.mp3 (Created File)
Size 0.56 KB (578 bytes)
Hash Values MD5: 62bd082578b0e38bc2b6b731b4a5ec49
SHA1: 3f6c8024888bf3caa19e6ad7db4a8f29859bdaa9
SHA256: 00a79f22f8ed82f6ea362254d04578bfa498dfed0d2ab8f733e6fbace1c2c078
Actions
c:\users\eebsym5\appdata\local\temp\60484525\fpo.xl
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\fpo.xl (Created File)
Size 0.57 KB (581 bytes)
Hash Values MD5: ff594e995d9f6268a047cc2e269eb2b9
SHA1: a0a8692e4560d122d0dd359157544b32fdc57cd0
SHA256: 6cc6a2d2a8196b938e5e332df30d025374d6c98a18c5e707021141966203d7e1
Actions
c:\users\eebsym5\appdata\local\temp\60484525\wlk.pdf
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\wlk.pdf (Created File)
Size 0.52 KB (536 bytes)
Hash Values MD5: 747d40f9300dbb3ba36d7310b5ee40da
SHA1: 90d715455eb32004107a92bf810df71371ed4047
SHA256: cef051d14bcbc14e12f9d130f71e8b285b37117cd20c23678419b9ab8659300d
Actions
c:\users\eebsym5\appdata\local\temp\60484525\nlb.pdf
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\nlb.pdf (Created File)
Size 0.53 KB (541 bytes)
Hash Values MD5: a49efa6c9f872faad2232a4b6a2394a7
SHA1: c8dff7972de40ab025314a8c74b5bb8e1552170e
SHA256: 97b1b6f6884f0f92342576a9667c5cb3c1b61fabc8a0b1b23d1f57582b0624d3
Actions
c:\users\eebsym5\appdata\local\temp\60484525\emv.bmp
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\emv.bmp (Created File)
Size 0.50 KB (511 bytes)
Hash Values MD5: 04f1e686525064abfdb4bfd7ff29a0b5
SHA1: 47748ea5978245b49c8136d9e147059afeb06ffe
SHA256: 8e3de8ce80c00091cb1aaa93f590226c7ac53a509926cdd815301237dd8e9e1b
Actions
c:\users\eebsym5\appdata\local\temp\60484525\raq.jpg
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\raq.jpg (Created File)
Size 0.50 KB (514 bytes)
Hash Values MD5: e5d188010c3203e2d37d4225d6cae53b
SHA1: 430d4c308efdb225a74e10d3facefa8e44252be1
SHA256: 93846c06cef1c5515a1f78e95c040be5c75d3b6c78bf6438cf12fd7345d3c1c8
Actions
c:\users\eebsym5\appdata\local\temp\60484525\nep.mp4
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\nep.mp4 (Created File)
Size 0.58 KB (589 bytes)
Hash Values MD5: 498138dfbfbe52214e73e9c1141aa981
SHA1: bc7166b6abe72bb216d77d48185330668186bb88
SHA256: b1b69fb21d93d6bae3fbcf8338aa66ee2791362ec5f918bd9dc45c1c14d4749c
Actions
c:\users\eebsym5\appdata\local\temp\60484525\neo.ico
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\neo.ico (Created File)
Size 0.54 KB (551 bytes)
Hash Values MD5: a128399da3f11bda3f2164a97cb2b531
SHA1: 0d00f9e17e6445805ef34c8fdb68fe8e38ab4868
SHA256: dcf09d4181263a2a3b0787085f7b8dc8913245c0d6ac535e16f8a77ba17ecc91
Actions
c:\users\eebsym5\appdata\local\temp\60484525\wxv.mp4
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\wxv.mp4 (Created File)
Size 0.51 KB (526 bytes)
Hash Values MD5: 924bdfca849290fd510d72a39da75d43
SHA1: b5c18c00e3596b8a87d068f67e59f46aba6509da
SHA256: b32f0a65698effe8c62e482bf9b6aec6f5fd496d52da525dca2078988956d3d9
Actions
c:\users\eebsym5\appdata\local\temp\60484525\beb.ppt
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\beb.ppt (Created File)
Size 0.52 KB (530 bytes)
Hash Values MD5: afcc6587b4839826588ae54512851ef8
SHA1: e55525356075eba71766e12d7db9d67ef4cdd8cc
SHA256: 5fdfa5c8afbda02553bbf95969ca4434c57456b4e51a56330fddd770d9f84277
Actions
c:\users\eebsym5\appdata\local\temp\60484525\als.txt
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\als.txt (Created File)
Size 0.50 KB (512 bytes)
Hash Values MD5: a81eeaae706a9e8ab123d3ed140d837e
SHA1: 3f0feac929dd6f1f5776298da84a14298f12cb10
SHA256: 169b9a0889e98c8e239c472e3041fccb2433c668f269782b28c74648c5135ba7
Actions
c:\users\eebsym5\appdata\local\temp\60484525\jkg.txt
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\jkg.txt (Created File)
Size 0.57 KB (588 bytes)
Hash Values MD5: 0f7278aeb0c194405013a9963334e38c
SHA1: 2b7dab89793af056f56e84b9a1040c2c3e01f5a9
SHA256: 0c9293277fd0325971a2cf297d88460ad8df83d40f09f947fb36a50c59ad9c31
Actions
c:\users\eebsym5\appdata\local\temp\60484525\idv.xl
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\idv.xl (Created File)
Size 0.54 KB (550 bytes)
Hash Values MD5: 307fe5bd3f52c0aefb503401e2b08505
SHA1: 67ef51104877c6e6ca67e868b2a5d589e415a255
SHA256: 79bb5d0d7e6e403335b863935f832da481a550f7174e77f56a112d5a1f7bff8f
Actions
c:\users\eebsym5\appdata\local\temp\60484525\erk.ico
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\erk.ico (Created File)
Size 0.56 KB (576 bytes)
Hash Values MD5: 0a5b38cbc77ff6bfd9ca434eb372e88e
SHA1: a093894e555294518d98937f61e1eac26298539b
SHA256: a3cc42516891627a6ff9dcc5dcca3a4deaefbbf2f9a5411a644a34242b57f6f7
Actions
c:\users\eebsym5\appdata\local\temp\60484525\jfo.dat
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\jfo.dat (Created File)
Size 0.54 KB (556 bytes)
Hash Values MD5: faf4d8efca05d9b305d0970a8417274c
SHA1: 847aff73ea3889518231b2a8e5aa2befd843f48b
SHA256: 4f081e6dfab65d9c1910303f41fafac0e3652e2af3713140d8cc30d79aed912e
Actions
c:\users\eebsym5\appdata\local\temp\60484525\pac.ppt
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\pac.ppt (Created File)
Size 0.55 KB (564 bytes)
Hash Values MD5: bc062df0b1cf65138efbd74028d417ee
SHA1: 4e3254580fc0eea7fcd2daa270b5e94e7fca7560
SHA256: b007b3703bec0526df06de06a88e97f706f09554ac2eb930cad38a80a3c663f7
Actions
c:\users\eebsym5\appdata\local\temp\60484525\okk.pdf
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\okk.pdf (Created File)
Size 0.53 KB (538 bytes)
Hash Values MD5: 7c65637227835e997638cdbbdda237db
SHA1: ddd80c708a202210df0c6bab2d53fad31510c77a
SHA256: 26f1259b8d53d6b4a43da7ebf431f4aff6617bbad13a188e9b4f534e21fd94b5
Actions
c:\users\eebsym5\appdata\local\temp\60484525\dxj.docx
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\dxj.docx (Created File)
Size 0.64 KB (651 bytes)
Hash Values MD5: 1690024ca4904bc8664deb3b5c046a09
SHA1: d78d488168c4a91dfb4883107bb0b344e47f6103
SHA256: dc2a1291b72a6b56d6acf1a4d52278ff82a9ac18d20f650d7bf1c1527a0675d1
Actions
c:\users\eebsym5\appdata\local\temp\60484525\tob.ico
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\tob.ico (Created File)
Size 0.56 KB (575 bytes)
Hash Values MD5: 5d4a58ea600887506e113f87226108a7
SHA1: 6fd6c6d7b08df98858f8cd8bab2a8ddbaef39b78
SHA256: f6b0188a75c7fa2bcc06eb7d5de15a84facab9b2e2cc8d54aa7708833888d49b
Actions
c:\users\eebsym5\appdata\local\temp\60484525\guv.xl
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\guv.xl (Created File)
Size 0.54 KB (550 bytes)
Hash Values MD5: df21088736f29414e1aeacbea6dd4adb
SHA1: 2444bd270127ae12148eaf048fe82021f5580952
SHA256: 0bb6caa082e474fd47bdb620aa88536820e95f84cef92dcbda4fb686f29b3c3a
Actions
c:\users\eebsym5\appdata\local\temp\60484525\hjd.mp4
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\hjd.mp4 (Created File)
Size 0.53 KB (543 bytes)
Hash Values MD5: ce4596068d05d9436fa2512cfe90a81a
SHA1: 4e209aede4adcee82bb4a8008291069a3a558f5c
SHA256: 54f750492edac60c64348bf5131e7ec5c2e60aa796d80194b673b9e632c9c9cd
Actions
c:\users\eebsym5\appdata\local\temp\60484525\ain.icm
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\ain.icm (Created File)
Size 0.52 KB (532 bytes)
Hash Values MD5: d997ac87e2adca0fe86fb0ba4a628299
SHA1: 14cae556c130ac9c5fa65168e9680893a4c73899
SHA256: c4a221aabd4c8dbc1ba62bd28e79af98b2e7a2c5d624c5f5c889352499bb47af
Actions
c:\users\eebsym5\appdata\local\temp\60484525\ugv.icm
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\ugv.icm (Created File)
Size 0.54 KB (549 bytes)
Hash Values MD5: a8ca3dd1e20cbeba4c51df819b7bb68e
SHA1: 36d2b3b494d42d9958553cad17fa04819dfa2883
SHA256: d7820ee70bff4ff3f6922ab56d97c88aa79eb8591311d3a6c58b33c1c289d14a
Actions
c:\users\eebsym5\appdata\local\temp\60484525\iwlwk, ...
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\60484525\iwlwk (Created File)
c:\users\eebsym5\appdata\local\temp\60484525\kqmao (Created File)
Size 271.35 KB (277864 bytes)
Hash Values MD5: 1ddc15ba0f5ad90873d42c41f4a2abc3
SHA1: 4cc438d56cd0317c3cd75f6630f2ce4ce4b31ca0
SHA256: c1492aca20af26af0c906dc391b808f2b227904a8948aa7b34caeddb70fc83cb
Actions
c:\users\eebsym5\appdata\local\temp\moqutzmqrxoadnrfihvxswbpaqgibrkh, ...
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\moqutzmqrxoadnrfihvxswbpaqgibrkh (Created File)
c:\users\eebsym5\appdata\local\temp\mwixlzwnapdxngrlcvznt (Created File)
Size 0.00 KB (2 bytes)
Hash Values MD5: f3b25701fe362ec84616a93a45ce9998
SHA1: d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256: b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
Actions
c:\users\eebsym5\appdata\local\temp\zljxukhl, ...
-
File Properties
Names c:\users\eebsym5\appdata\local\temp\zljxukhl (Created File)
c:\users\eebsym5\appdata\local\temp\gsabfkrjcfngatbtcigqhckmyel (Created File)
Size 0.46 KB (469 bytes)
Hash Values MD5: b2912991f1be1bdf15ea7028328cc3bf
SHA1: a18027ccd9e804696cac7dc581c58ce59b77e3c5
SHA256: 1035b4c326e3ee76f23a9532c2de82ba28071fb55ebfa27f99f48bb08f7c8114
Actions
c:\users\eebsym5\appdata\roaming\chrome\logs.dat
-
File Properties
Names c:\users\eebsym5\appdata\roaming\chrome\logs.dat (Created File)
Size 0.02 KB (19 bytes)
Hash Values MD5: 38182931074f70c4af328e12641acd51
SHA1: 96a8d3ad86aa0991ed7e8a0b89b1e3ea007d4327
SHA256: f05dd4eb5990bd9ca1497af17ab66595f92853535c1619748d316e09a4a1a126
Actions
c:\users\eebsym5\appdata\roaming\chrome\logs.dat
-
File Properties
Names c:\users\eebsym5\appdata\roaming\chrome\logs.dat (Created File)
Size 0.01 KB (13 bytes)
Hash Values MD5: 4241be51b5abe777809dc6f32247a4a9
SHA1: 24df3e03dd8d4a0467a7887c9ce865f630f03725
SHA256: 6bf4b2ce4815a57a74e5314f7087bad520eeb4fadc849c3088b62e24ca7dea8c
Actions
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image