Pastebin
API
tools
faq
paste
Login
Sign up
Please fix the following errors:
New Paste
Syntax Highlighting
[*] MalFamily: "" [*] MalScore: 10.0 [*] File Name: "Exes_aac0982467a7793be5a37df597c4a646.exe" [*] File Size: 1009000 [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows" [*] SHA256: "12b859664259599ecde3d9e5534861180caf6e59abfeb85a7744a6a0d1562c9a" [*] MD5: "aac0982467a7793be5a37df597c4a646" [*] SHA1: "c360b2cccab4fb06bc0f28ce16b1af84185a0bdc" [*] SHA512: "dfc024815434532be5189ba6245bb49af5e74eb284d56b36b34276eaec7dcc898aef97726d022b5da1411c1a44ffb3d3c567d3921ce2374ade45151eb90f9b68" [*] CRC32: "DB41AE0D" [*] SSDEEP: "24576:DAHnh+eWsN3skA4RV1Hom2KXMmHafXu+loG5F:Oh+ZkldoPK8YafXu+lJF" [*] Process Execution: [ "Exes_aac0982467a7793be5a37df597c4a646.exe", "cmd.exe", "icacls.exe", "icacls.exe", "icacls.exe", "services.exe", "svchost.exe", "mscorsvw.exe", "mscorsvw.exe", "mscorsvw.exe", "mscorsvw.exe", "mscorsvw.exe", "mscorsvw.exe", "mscorsvw.exe", "mscorsvw.exe", "mscorsvw.exe", "mscorsvw.exe", "mscorsvw.exe", "mscorsvw.exe", "mscorsvw.exe", "mscorsvw.exe", "svchost.exe", "svchost.exe", "sppsvc.exe", "svchost.exe", "svchost.exe", "taskhost.exe", "sc.exe", "svchost.exe", "WerFault.exe", "svchost.exe", "explorer.exe" ] [*] Signatures Detected: [ { "Description": "At least one process apparently crashed during execution", "Details": [] }, { "Description": "Creates RWX memory", "Details": [] }, { "Description": "A process attempted to delay the analysis task.", "Details": [ { "Process": "mscorsvw.exe tried to sleep 1200 seconds, actually delayed analysis time by 0 seconds" }, { "Process": "sppsvc.exe tried to sleep 300 seconds, actually delayed analysis time by 0 seconds" } ] }, { "Description": "At least one IP Address, Domain, or File Name was found in a crypto call", "Details": [ { "ioc": "v2.0.50727" } ] }, { "Description": "Deletes its original binary from disk", "Details": [] }, { "Description": "Queries information on disks, possibly for anti-virtualization", "Details": [] }, { "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time", "Details": [ { "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 7884904 times" } ] }, { "Description": "Creates a hidden or system file", "Details": [ { "file": "C:\\ProgramData\\amd64_dual_c_avc.inf_31bf3856ad364e35_10.0.17134.1_none_3c726f859cec7146" }, { "file": "C:\\ProgramData\\amd64_dual_c_avc.inf_31bf3856ad364e35_10.0.17134.1_none_3c726f859cec7146\\KBDFR.exe" }, { "file": "C:\\ProgramData\\Microsoft\\Windows Defender\\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock" }, { "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15f.dat" }, { "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15e.dat" }, { "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index160.dat" }, { "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index161.dat" }, { "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index162.dat" }, { "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index163.dat" } ] }, { "Description": "File has been identified by 19 Antiviruses on VirusTotal as malicious", "Details": [ { "McAfee": "RDN/Generic.grp" }, { "APEX": "Malicious" }, { "Kaspersky": "UDS:DangerousObject.Multi.Generic" }, { "Paloalto": "generic.ml" }, { "Sophos": "Mal/Generic-S" }, { "McAfee-GW-Edition": "Artemis!Trojan" }, { "Webroot": "W32.Trojan.Gen" }, { "Antiy-AVL": "Trojan/Generic.ASVCS3S.1E5" }, { "Microsoft": "Trojan:Win32/Conteban.B!ml" }, { "AegisLab": "Trojan.Multi.Generic.4!c" }, { "ZoneAlarm": "Trojan-Banker.Win32.ClipBanker.dar" }, { "Acronis": "suspicious" }, { "Malwarebytes": "Trojan.Qulab.AutoIt" }, { "ESET-NOD32": "a variant of Win32/Packed.AutoIt.KY" }, { "Rising": "Trojan.Win32.Agent_.sa (CLASSIC)" }, { "eGambit": "PE.Heur.InvalidSig" }, { "AVG": "FileRepMalware" }, { "CrowdStrike": "win/malicious_confidence_80% (W)" }, { "Qihoo-360": "HEUR/QVM10.1.264F.Malware.Gen" } ] }, { "Description": "Anomalous binary characteristics", "Details": [ { "anomaly": "Actual checksum does not match that reported in PE header" } ] } ] [*] Started Service: [ "SSDPSRV", "WerSvc", "W32Time" ] [*] Executed Commands: [ "C:\\Windows\\system32\\cmd.exe /c icacls \"C:\\ProgramData\\amd64_dual_c_avc.inf_31bf3856ad364e35_10.0.17134.1_none_3c726f859cec7146\" /inheritance:e /deny \"*S-1-1-0:(R,REA,RA,RD)\" & icacls \"C:\\ProgramData\\amd64_dual_c_avc.inf_31bf3856ad364e35_10.0.17134.1_none_3c726f859cec7146\" /inheritance:e /deny \"*S-1-5-7:(R,REA,RA,RD)\" & icacls \"C:\\ProgramData\\amd64_dual_c_avc.inf_31bf3856ad364e35_10.0.17134.1_none_3c726f859cec7146\" /inheritance:e /deny \"user:(R,REA,RA,RD)\"", "icacls \"C:\\ProgramData\\amd64_dual_c_avc.inf_31bf3856ad364e35_10.0.17134.1_none_3c726f859cec7146\" /inheritance:e /deny \"*S-1-1-0:(R,REA,RA,RD)\"", "icacls \"C:\\ProgramData\\amd64_dual_c_avc.inf_31bf3856ad364e35_10.0.17134.1_none_3c726f859cec7146\" /inheritance:e /deny \"*S-1-5-7:(R,REA,RA,RD)\"", "icacls \"C:\\ProgramData\\amd64_dual_c_avc.inf_31bf3856ad364e35_10.0.17134.1_none_3c726f859cec7146\" /inheritance:e /deny \"user:(R,REA,RA,RD)\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe", "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation", "C:\\Windows\\system32\\sppsvc.exe", "C:\\Windows\\System32\\svchost.exe -k secsvcs", "taskhost.exe $(Arg0)", "C:\\Windows\\system32\\sc.exe start w32time task_started", "C:\\Windows\\System32\\svchost.exe -k WerSvcGroup", "C:\\Windows\\system32\\svchost.exe -k LocalService", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {DBF9728D-C4C8-4B4B-8EC8-66E2058E4622} -Comment \"Dependency Analyzer\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {2DCE3796-6EE8-4688-B100-78187FE560FB} -Comment \"Dependency Analyzer\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {B7895310-ACDB-4E9B-A1B2-65F9C277F1F4} -Comment \"Dependency Analyzer\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {378C9427-65E6-4A01-A581-A689FD0C1808} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {17EB5400-3B79-4D3A-B981-EB983977E26B} -Comment \"Dependency Analyzer\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {68EBD710-E1FD-4CA5-B19E-25126D85B205} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {EB989D83-3157-41E0-9BDF-32DC31B64A44} -Comment \"Dependency Analyzer\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {ED075EE6-CB1D-49F5-B8E4-B499B96F9919} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {68B01732-5EF9-4372-8B33-E15493A3F201} -Comment \"Dependency Analyzer\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {56600C36-8783-48DF-A18C-B8ED1840A6D1} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {451E0A1C-893F-4EA5-99A6-9E4AE3930199} -Comment \"Dependency Analyzer\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {22333917-28C2-4E8B-A1A2-8F47934522FC} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.Office.Tools.v9.0.dll\"", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {9CF5AE5C-4A8A-4175-AFA4-89478D0F446B} -Comment \"Dependency Analyzer\"", "C:\\Windows\\system32\\WerFault.exe -u -p 1776 -s 288" ] [*] Mutexes: [ "1AKVrrKGSDtbLrcW77HPEwrJM2Ej2yFNYw9199712909clipperrorY6I3B2M1P4O", "Local\\ZoneAttributeCacheCounterMutex", "Local\\ZonesCacheCounterMutex", "Local\\ZonesLockedCacheCounterMutex", "Global\\CLR_CASOFF_MUTEX", "DBWinMutex", "Local\\WERReportingForProcess1776" ] [*] Modified Files: [ "C:\\ProgramData\\amd64_dual_c_avc.inf_31bf3856ad364e35_10.0.17134.1_none_3c726f859cec7146\\KBDFR.exe", "C:\\Windows\\sysnative\\Tasks\\C-9-7-76-1015802404-1034694970-1093792570-3066\\{FWVK9U7G-6I-OH33-QCUG-SXB6B6E62TTW}", "C:\\Windows\\appcompat\\Programs\\RecentFileCache.bcf", "C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", "C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat", "\\??\\PIPE\\samr", "C:\\Windows\\sysnative\\LogFiles\\Scm\\4963ad21-c4a5-42a5-b9bd-e441d57204fe", "C:\\Windows\\sysnative\\LogFiles\\Scm\\7bbc503c-5977-4798-a4ae-61483a7e030d", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngen_service.lock", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngen_service.log", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngenservicelock.dat", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngenrootstorelock.dat", "C:\\Windows\\Microsoft.NET\\ngenservice_pri3_lock.dat", "\\??\\SPDevice", "C:\\Windows\\ServiceProfiles\\NetworkService\\AppData\\Roaming\\Microsoft\\SoftwareProtectionPlatform\\Cache\\cache.dat", "C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221007.log", "C:", "C:\\ProgramData\\Microsoft\\Windows Defender\\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock", "\\??\\WMIDataDevice", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP7560.tmp\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll", "C:\\Windows\\assembly\\GACLock.dat", "C:\\Windows\\assembly\\ngenlock.dat", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15f.dat", "C:\\Windows\\assembly\\temp\\EEE9FC7WAZ", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\858a16566417324d7113703e9d9a220f\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll", "C:\\BVTBin\\Tests\\installpackage\\csilogfile.log", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP801E.tmp\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index160.dat", "C:\\Windows\\assembly\\temp\\VM8LNP9M6N", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\aa8c5b1ed8c1befde1f41b7cd4886163\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP92AC.tmp\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index161.dat", "C:\\Windows\\assembly\\temp\\HBHQ0SX8H4", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\a00f92391877dd945e4a4639788c20c4\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPA47E.tmp\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index162.dat", "C:\\Windows\\assembly\\temp\\BKIK3MOFDO", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\768fc8d43917315c6e1ea9a91b5295a8\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPB6CE.tmp\\Microsoft.Office.Tools.v9.0.dll", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index163.dat", "C:\\Windows\\assembly\\temp\\X9RP9OB9P5", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.Office.To#\\09c86f6b3ef36b680afe553f4bb7182d\\Microsoft.Office.Tools.v9.0.ni.dll", "\\??\\PIPE\\lsarpc" ] [*] Deleted Files: [ "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_aac0982467a7793be5a37df597c4a646.exe", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngenserviceclientlock.dat", "C:\\Windows\\Microsoft.NET\\ngenservice_pri0_lock.dat", "C:\\Windows\\Microsoft.NET\\ngenservice_pri1_lock.dat", "C:\\Windows\\Microsoft.NET\\ngenservice_pri2_lock.dat", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2296.9924625", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2296.9924640", "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2296.9924640", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1764.9934937", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1764.9934953", "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1764.9934953", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2308.9935656", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2308.9935656", "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2308.9935671", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP7560.tmp", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15e.dat", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\858a16566417324d7113703e9d9a220f", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP7560.tmp\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1988.9936546", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1988.9936546", "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1988.9936562", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1244.9938281", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1244.9938281", "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1244.9938296", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP801E.tmp", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15f.dat", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\aa8c5b1ed8c1befde1f41b7cd4886163", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP801E.tmp\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2620.9939328", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2620.9939328", "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2620.9939343", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2000.9943296", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2000.9943296", "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2000.9943312", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP92AC.tmp", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index160.dat", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\a00f92391877dd945e4a4639788c20c4", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP92AC.tmp\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2776.9944046", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2776.9944046", "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2776.9944062", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1580.9947828", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1580.9947828", "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1580.9947843", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPA47E.tmp", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index161.dat", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\768fc8d43917315c6e1ea9a91b5295a8", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPA47E.tmp\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1744.9948640", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1744.9948640", "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1744.9948640", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2588.9952500", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2588.9952515", "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2588.9952515", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPB6CE.tmp", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index162.dat", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.Office.To#\\09c86f6b3ef36b680afe553f4bb7182d", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.Office.To#", "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPB6CE.tmp\\Microsoft.Office.Tools.v9.0.dll", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1456.9953312", "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1456.9953328", "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1456.9953328" ] [*] Modified Registry Keys: [ "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2797ED64-BE2A-4B37-A62E-2235335F15B4}\\Path", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2797ED64-BE2A-4B37-A62E-2235335F15B4}\\Hash", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\C-9-7-76-1015802404-1034694970-1093792570-3066\\{FWVK9U7G-6I-OH33-QCUG-SXB6B6E62TTW}\\Id", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\C-9-7-76-1015802404-1034694970-1093792570-3066\\{FWVK9U7G-6I-OH33-QCUG-SXB6B6E62TTW}\\Index", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2797ED64-BE2A-4B37-A62E-2235335F15B4}\\Triggers", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2797ED64-BE2A-4B37-A62E-2235335F15B4}\\DynamicInfo", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Performance\\PerfMMFileName", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\BackupRestore\\FilesNotToBackup\\BITS_LOG", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\BackupRestore\\FilesNotToBackup\\BITS_BAK", "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VSS\\Diag\\BITS Writer", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ProcessID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ThrottleDrege", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\Parameters\\ServiceDllUnloadOnStop", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\Start", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\Start", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\Type", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\Type", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\3", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\3\\Scenario", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\3\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\2\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\3\\ImageList", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\AuditPolicyGPManagedStubs.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\2\\ImageList", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\AuditPolicyGPManagedStubs.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\2\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll\\0\\ImageList", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll\\0\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll\\0\\ImageList", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll\\0\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll\\0\\ImageList", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll\\0\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll\\0\\ImageList", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll\\0\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.Office.Tools.v9.0.dll\\0\\ImageList", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.Office.Tools.v9.0.dll\\0\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll\\0\\ImageList", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform\\ServiceSessionId", "HKEY_USERS\\.DEFAULT\\SOFTWARE\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Signature Updates\\EngineVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Signature Updates\\ASSignatureVersion", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Signature Updates\\ASSignatureApplied", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Signature Updates\\SignatureLocation", "HKEY_USERS\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet", "HKEY_USERS\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\ILUsageMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NIUsageMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\SIG", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\LastModTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies\\172a6d0a\\5f403964\\b0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\SIG", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\LastModTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\172a6d0a\\5f403964\\b0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\SIG", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\LastModTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\172a6d0a\\5f403964\\b0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\SIG", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\LastModTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\172a6d0a\\5f403964\\b0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\505c41c7\\18407c1\\53", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\172a6d0a\\5f403964\\b0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\505c41c7\\18407c1\\53", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\172a6d0a\\5f403964\\b0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\172a6d0a\\5f403964\\b0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\172a6d0a\\5f403964\\b0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\505c41c7\\18407c1\\53", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\30bc7c4f\\3f50fe4f\\90", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\MVID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\ConfigString", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\ConfigMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\ILDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\NIDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index15f", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index15f\\NIUsageMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index15f\\ILUsageMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\SystemStoreChangeId", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\SIG", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\LastModTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\InvertDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\30bc7c4f\\3f50fe4f\\90", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5b43ba09\\4355c2d6\\7e\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\SIG", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\LastModTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\InvertDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\SIG", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\LastModTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\SIG", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\LastModTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\MVID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\ConfigString", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\ConfigMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\ILDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\NIDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index160", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index160\\NIUsageMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index160\\ILUsageMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\SIG", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\LastModTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\InvertDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\SIG", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\LastModTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\InvertDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\MVID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\ConfigString", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\ConfigMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\ILDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\NIDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index161", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index161\\NIUsageMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index161\\ILUsageMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\SIG", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\LastModTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\InvertDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\SIG", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\LastModTime", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\InvertDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\MVID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\ConfigString", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\ConfigMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\ILDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\NIDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index162", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index162\\NIUsageMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index162\\ILUsageMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\350c026a\\791c4ec4\\ab", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\350c026a\\791c4ec4\\ab", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\350c026a\\791c4ec4\\ab", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\InvertDependencies\\350c026a\\791c4ec4\\ab", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\350c026a\\791c4ec4\\ab", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\InvertDependencies\\350c026a\\791c4ec4\\ab", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\350c026a\\791c4ec4\\ab", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\350c026a\\791c4ec4\\ab", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\DisplayName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\Status", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\MVID", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\ConfigString", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\ConfigMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\ILDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\NIDependencies", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index163", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index163\\NIUsageMask", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index163\\ILUsageMask", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\TimeProviders\\NtpClient\\SpecialPollTimeRemaining", "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0\\CheckSetting" ] [*] Deleted Registry Keys: [ "HKEY_USERS\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass", "HKEY_USERS\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName" ] [*] DNS Communications: [] [*] Domains: [] [*] Network Communication - ICMP: [] [*] Network Communication - HTTP: [] [*] Network Communication - SMTP: [] [*] Network Communication - Hosts: [] [*] Network Communication - IRC: [] [*] Static Analysis: { "pe": { "peid_signatures": null, "imports": [ { "imports": [ { "name": "WSACleanup", "address": "0x48f7c8" }, { "name": "socket", "address": "0x48f7cc" }, { "name": "inet_ntoa", "address": "0x48f7d0" }, { "name": "setsockopt", "address": "0x48f7d4" }, { "name": "ntohs", "address": "0x48f7d8" }, { "name": "recvfrom", "address": "0x48f7dc" }, { "name": "ioctlsocket", "address": "0x48f7e0" }, { "name": "htons", "address": "0x48f7e4" }, { "name": "WSAStartup", "address": "0x48f7e8" }, { "name": "__WSAFDIsSet", "address": "0x48f7ec" }, { "name": "select", "address": "0x48f7f0" }, { "name": "accept", "address": "0x48f7f4" }, { "name": "listen", "address": "0x48f7f8" }, { "name": "bind", "address": "0x48f7fc" }, { "name": "closesocket", "address": "0x48f800" }, { "name": "WSAGetLastError", "address": "0x48f804" }, { "name": "recv", "address": "0x48f808" }, { "name": "sendto", "address": "0x48f80c" }, { "name": "send", "address": "0x48f810" }, { "name": "inet_addr", "address": "0x48f814" }, { "name": "gethostbyname", "address": "0x48f818" }, { "name": "gethostname", "address": "0x48f81c" }, { "name": "connect", "address": "0x48f820" } ], "dll": "WSOCK32.dll" }, { "imports": [ { "name": "GetFileVersionInfoW", "address": "0x48f76c" }, { "name": "GetFileVersionInfoSizeW", "address": "0x48f770" }, { "name": "VerQueryValueW", "address": "0x48f774" } ], "dll": "VERSION.dll" }, { "imports": [ { "name": "timeGetTime", "address": "0x48f7b8" }, { "name": "waveOutSetVolume", "address": "0x48f7bc" }, { "name": "mciSendStringW", "address": "0x48f7c0" } ], "dll": "WINMM.dll" }, { "imports": [ { "name": "ImageList_ReplaceIcon", "address": "0x48f088" }, { "name": "ImageList_Destroy", "address": "0x48f08c" }, { "name": "ImageList_Remove", "address": "0x48f090" }, { "name": "ImageList_SetDragCursorImage", "address": "0x48f094" }, { "name": "ImageList_BeginDrag", "address": "0x48f098" }, { "name": "ImageList_DragEnter", "address": "0x48f09c" }, { "name": "ImageList_DragLeave", "address": "0x48f0a0" }, { "name": "ImageList_EndDrag", "address": "0x48f0a4" }, { "name": "ImageList_DragMove", "address": "0x48f0a8" }, { "name": "InitCommonControlsEx", "address": "0x48f0ac" }, { "name": "ImageList_Create", "address": "0x48f0b0" } ], "dll": "COMCTL32.dll" }, { "imports": [ { "name": "WNetUseConnectionW", "address": "0x48f3f8" }, { "name": "WNetCancelConnection2W", "address": "0x48f3fc" }, { "name": "WNetGetConnectionW", "address": "0x48f400" }, { "name": "WNetAddConnection2W", "address": "0x48f404" } ], "dll": "MPR.dll" }, { "imports": [ { "name": "InternetQueryDataAvailable", "address": "0x48f77c" }, { "name": "InternetCloseHandle", "address": "0x48f780" }, { "name": "InternetOpenW", "address": "0x48f784" }, { "name": "InternetSetOptionW", "address": "0x48f788" }, { "name": "InternetCrackUrlW", "address": "0x48f78c" }, { "name": "HttpQueryInfoW", "address": "0x48f790" }, { "name": "InternetQueryOptionW", "address": "0x48f794" }, { "name": "HttpOpenRequestW", "address": "0x48f798" }, { "name": "HttpSendRequestW", "address": "0x48f79c" }, { "name": "FtpOpenFileW", "address": "0x48f7a0" }, { "name": "FtpGetFileSize", "address": "0x48f7a4" }, { "name": "InternetOpenUrlW", "address": "0x48f7a8" }, { "name": "InternetReadFile", "address": "0x48f7ac" }, { "name": "InternetConnectW", "address": "0x48f7b0" } ], "dll": "WININET.dll" }, { "imports": [ { "name": "GetProcessMemoryInfo", "address": "0x48f484" } ], "dll": "PSAPI.DLL" }, { "imports": [ { "name": "IcmpCreateFile", "address": "0x48f154" }, { "name": "IcmpCloseHandle", "address": "0x48f158" }, { "name": "IcmpSendEcho", "address": "0x48f15c" } ], "dll": "IPHLPAPI.DLL" }, { "imports": [ { "name": "DestroyEnvironmentBlock", "address": "0x48f750" }, { "name": "UnloadUserProfile", "address": "0x48f754" }, { "name": "CreateEnvironmentBlock", "address": "0x48f758" }, { "name": "LoadUserProfileW", "address": "0x48f75c" } ], "dll": "USERENV.dll" }, { "imports": [ { "name": "IsThemeActive", "address": "0x48f764" } ], "dll": "UxTheme.dll" }, { "imports": [ { "name": "DuplicateHandle", "address": "0x48f164" }, { "name": "CreateThread", "address": "0x48f168" }, { "name": "WaitForSingleObject", "address": "0x48f16c" }, { "name": "HeapAlloc", "address": "0x48f170" }, { "name": "GetProcessHeap", "address": "0x48f174" }, { "name": "HeapFree", "address": "0x48f178" }, { "name": "Sleep", "address": "0x48f17c" }, { "name": "GetCurrentThreadId", "address": "0x48f180" }, { "name": "MultiByteToWideChar", "address": "0x48f184" }, { "name": "MulDiv", "address": "0x48f188" }, { "name": "GetVersionExW", "address": "0x48f18c" }, { "name": "IsWow64Process", "address": "0x48f190" }, { "name": "GetSystemInfo", "address": "0x48f194" }, { "name": "FreeLibrary", "address": "0x48f198" }, { "name": "LoadLibraryA", "address": "0x48f19c" }, { "name": "GetProcAddress", "address": "0x48f1a0" }, { "name": "SetErrorMode", "address": "0x48f1a4" }, { "name": "GetModuleFileNameW", "address": "0x48f1a8" }, { "name": "WideCharToMultiByte", "address": "0x48f1ac" }, { "name": "lstrcpyW", "address": "0x48f1b0" }, { "name": "lstrlenW", "address": "0x48f1b4" }, { "name": "GetModuleHandleW", "address": "0x48f1b8" }, { "name": "QueryPerformanceCounter", "address": "0x48f1bc" }, { "name": "VirtualFreeEx", "address": "0x48f1c0" }, { "name": "OpenProcess", "address": "0x48f1c4" }, { "name": "VirtualAllocEx", "address": "0x48f1c8" }, { "name": "WriteProcessMemory", "address": "0x48f1cc" }, { "name": "ReadProcessMemory", "address": "0x48f1d0" }, { "name": "CreateFileW", "address": "0x48f1d4" }, { "name": "SetFilePointerEx", "address": "0x48f1d8" }, { "name": "SetEndOfFile", "address": "0x48f1dc" }, { "name": "ReadFile", "address": "0x48f1e0" }, { "name": "WriteFile", "address": "0x48f1e4" }, { "name": "FlushFileBuffers", "address": "0x48f1e8" }, { "name": "TerminateProcess", "address": "0x48f1ec" }, { "name": "CreateToolhelp32Snapshot", "address": "0x48f1f0" }, { "name": "Process32FirstW", "address": "0x48f1f4" }, { "name": "Process32NextW", "address": "0x48f1f8" }, { "name": "SetFileTime", "address": "0x48f1fc" }, { "name": "GetFileAttributesW", "address": "0x48f200" }, { "name": "FindFirstFileW", "address": "0x48f204" }, { "name": "SetCurrentDirectoryW", "address": "0x48f208" }, { "name": "GetLongPathNameW", "address": "0x48f20c" }, { "name": "GetShortPathNameW", "address": "0x48f210" }, { "name": "DeleteFileW", "address": "0x48f214" }, { "name": "FindNextFileW", "address": "0x48f218" }, { "name": "CopyFileExW", "address": "0x48f21c" }, { "name": "MoveFileW", "address": "0x48f220" }, { "name": "CreateDirectoryW", "address": "0x48f224" }, { "name": "RemoveDirectoryW", "address": "0x48f228" }, { "name": "SetSystemPowerState", "address": "0x48f22c" }, { "name": "QueryPerformanceFrequency", "address": "0x48f230" }, { "name": "FindResourceW", "address": "0x48f234" }, { "name": "LoadResource", "address": "0x48f238" }, { "name": "LockResource", "address": "0x48f23c" }, { "name": "SizeofResource", "address": "0x48f240" }, { "name": "EnumResourceNamesW", "address": "0x48f244" }, { "name": "OutputDebugStringW", "address": "0x48f248" }, { "name": "GetTempPathW", "address": "0x48f24c" }, { "name": "GetTempFileNameW", "address": "0x48f250" }, { "name": "DeviceIoControl", "address": "0x48f254" }, { "name": "GetLocalTime", "address": "0x48f258" }, { "name": "CompareStringW", "address": "0x48f25c" }, { "name": "GetCurrentProcess", "address": "0x48f260" }, { "name": "EnterCriticalSection", "address": "0x48f264" }, { "name": "LeaveCriticalSection", "address": "0x48f268" }, { "name": "GetStdHandle", "address": "0x48f26c" }, { "name": "CreatePipe", "address": "0x48f270" }, { "name": "InterlockedExchange", "address": "0x48f274" }, { "name": "TerminateThread", "address": "0x48f278" }, { "name": "LoadLibraryExW", "address": "0x48f27c" }, { "name": "FindResourceExW", "address": "0x48f280" }, { "name": "CopyFileW", "address": "0x48f284" }, { "name": "VirtualFree", "address": "0x48f288" }, { "name": "FormatMessageW", "address": "0x48f28c" }, { "name": "GetExitCodeProcess", "address": "0x48f290" }, { "name": "GetPrivateProfileStringW", "address": "0x48f294" }, { "name": "WritePrivateProfileStringW", "address": "0x48f298" }, { "name": "GetPrivateProfileSectionW", "address": "0x48f29c" }, { "name": "WritePrivateProfileSectionW", "address": "0x48f2a0" }, { "name": "GetPrivateProfileSectionNamesW", "address": "0x48f2a4" }, { "name": "FileTimeToLocalFileTime", "address": "0x48f2a8" }, { "name": "FileTimeToSystemTime", "address": "0x48f2ac" }, { "name": "SystemTimeToFileTime", "address": "0x48f2b0" }, { "name": "LocalFileTimeToFileTime", "address": "0x48f2b4" }, { "name": "GetDriveTypeW", "address": "0x48f2b8" }, { "name": "GetDiskFreeSpaceExW", "address": "0x48f2bc" }, { "name": "GetDiskFreeSpaceW", "address": "0x48f2c0" }, { "name": "GetVolumeInformationW", "address": "0x48f2c4" }, { "name": "SetVolumeLabelW", "address": "0x48f2c8" }, { "name": "CreateHardLinkW", "address": "0x48f2cc" }, { "name": "SetFileAttributesW", "address": "0x48f2d0" }, { "name": "CreateEventW", "address": "0x48f2d4" }, { "name": "SetEvent", "address": "0x48f2d8" }, { "name": "GetEnvironmentVariableW", "address": "0x48f2dc" }, { "name": "SetEnvironmentVariableW", "address": "0x48f2e0" }, { "name": "GlobalLock", "address": "0x48f2e4" }, { "name": "GlobalUnlock", "address": "0x48f2e8" }, { "name": "GlobalAlloc", "address": "0x48f2ec" }, { "name": "GetFileSize", "address": "0x48f2f0" }, { "name": "GlobalFree", "address": "0x48f2f4" }, { "name": "GlobalMemoryStatusEx", "address": "0x48f2f8" }, { "name": "Beep", "address": "0x48f2fc" }, { "name": "GetSystemDirectoryW", "address": "0x48f300" }, { "name": "HeapReAlloc", "address": "0x48f304" }, { "name": "HeapSize", "address": "0x48f308" }, { "name": "GetComputerNameW", "address": "0x48f30c" }, { "name": "GetWindowsDirectoryW", "address": "0x48f310" }, { "name": "GetCurrentProcessId", "address": "0x48f314" }, { "name": "GetProcessIoCounters", "address": "0x48f318" }, { "name": "CreateProcessW", "address": "0x48f31c" }, { "name": "GetProcessId", "address": "0x48f320" }, { "name": "SetPriorityClass", "address": "0x48f324" }, { "name": "LoadLibraryW", "address": "0x48f328" }, { "name": "VirtualAlloc", "address": "0x48f32c" }, { "name": "IsDebuggerPresent", "address": "0x48f330" }, { "name": "GetCurrentDirectoryW", "address": "0x48f334" }, { "name": "lstrcmpiW", "address": "0x48f338" }, { "name": "DecodePointer", "address": "0x48f33c" }, { "name": "GetLastError", "address": "0x48f340" }, { "name": "RaiseException", "address": "0x48f344" }, { "name": "InitializeCriticalSectionAndSpinCount", "address": "0x48f348" }, { "name": "DeleteCriticalSection", "address": "0x48f34c" }, { "name": "InterlockedDecrement", "address": "0x48f350" }, { "name": "InterlockedIncrement", "address": "0x48f354" }, { "name": "GetCurrentThread", "address": "0x48f358" }, { "name": "CloseHandle", "address": "0x48f35c" }, { "name": "GetFullPathNameW", "address": "0x48f360" }, { "name": "EncodePointer", "address": "0x48f364" }, { "name": "ExitProcess", "address": "0x48f368" }, { "name": "GetModuleHandleExW", "address": "0x48f36c" }, { "name": "ExitThread", "address": "0x48f370" }, { "name": "GetSystemTimeAsFileTime", "address": "0x48f374" }, { "name": "ResumeThread", "address": "0x48f378" }, { "name": "GetCommandLineW", "address": "0x48f37c" }, { "name": "IsProcessorFeaturePresent", "address": "0x48f380" }, { "name": "IsValidCodePage", "address": "0x48f384" }, { "name": "GetACP", "address": "0x48f388" }, { "name": "GetOEMCP", "address": "0x48f38c" }, { "name": "GetCPInfo", "address": "0x48f390" }, { "name": "SetLastError", "address": "0x48f394" }, { "name": "UnhandledExceptionFilter", "address": "0x48f398" }, { "name": "SetUnhandledExceptionFilter", "address": "0x48f39c" }, { "name": "TlsAlloc", "address": "0x48f3a0" }, { "name": "TlsGetValue", "address": "0x48f3a4" }, { "name": "TlsSetValue", "address": "0x48f3a8" }, { "name": "TlsFree", "address": "0x48f3ac" }, { "name": "GetStartupInfoW", "address": "0x48f3b0" }, { "name": "GetStringTypeW", "address": "0x48f3b4" }, { "name": "SetStdHandle", "address": "0x48f3b8" }, { "name": "GetFileType", "address": "0x48f3bc" }, { "name": "GetConsoleCP", "address": "0x48f3c0" }, { "name": "GetConsoleMode", "address": "0x48f3c4" }, { "name": "RtlUnwind", "address": "0x48f3c8" }, { "name": "ReadConsoleW", "address": "0x48f3cc" }, { "name": "GetTimeZoneInformation", "address": "0x48f3d0" }, { "name": "GetDateFormatW", "address": "0x48f3d4" }, { "name": "GetTimeFormatW", "address": "0x48f3d8" }, { "name": "LCMapStringW", "address": "0x48f3dc" }, { "name": "GetEnvironmentStringsW", "address": "0x48f3e0" }, { "name": "FreeEnvironmentStringsW", "address": "0x48f3e4" }, { "name": "WriteConsoleW", "address": "0x48f3e8" }, { "name": "FindClose", "address": "0x48f3ec" }, { "name": "SetEnvironmentVariableA", "address": "0x48f3f0" } ], "dll": "KERNEL32.dll" }, { "imports": [ { "name": "AdjustWindowRectEx", "address": "0x48f4cc" }, { "name": "CopyImage", "address": "0x48f4d0" }, { "name": "SetWindowPos", "address": "0x48f4d4" }, { "name": "GetCursorInfo", "address": "0x48f4d8" }, { "name": "RegisterHotKey", "address": "0x48f4dc" }, { "name": "ClientToScreen", "address": "0x48f4e0" }, { "name": "GetKeyboardLayoutNameW", "address": "0x48f4e4" }, { "name": "IsCharAlphaW", "address": "0x48f4e8" }, { "name": "IsCharAlphaNumericW", "address": "0x48f4ec" }, { "name": "IsCharLowerW", "address": "0x48f4f0" }, { "name": "IsCharUpperW", "address": "0x48f4f4" }, { "name": "GetMenuStringW", "address": "0x48f4f8" }, { "name": "GetSubMenu", "address": "0x48f4fc" }, { "name": "GetCaretPos", "address": "0x48f500" }, { "name": "IsZoomed", "address": "0x48f504" }, { "name": "MonitorFromPoint", "address": "0x48f508" }, { "name": "GetMonitorInfoW", "address": "0x48f50c" }, { "name": "SetWindowLongW", "address": "0x48f510" }, { "name": "SetLayeredWindowAttributes", "address": "0x48f514" }, { "name": "FlashWindow", "address": "0x48f518" }, { "name": "GetClassLongW", "address": "0x48f51c" }, { "name": "TranslateAcceleratorW", "address": "0x48f520" }, { "name": "IsDialogMessageW", "address": "0x48f524" }, { "name": "GetSysColor", "address": "0x48f528" }, { "name": "InflateRect", "address": "0x48f52c" }, { "name": "DrawFocusRect", "address": "0x48f530" }, { "name": "DrawTextW", "address": "0x48f534" }, { "name": "FrameRect", "address": "0x48f538" }, { "name": "DrawFrameControl", "address": "0x48f53c" }, { "name": "FillRect", "address": "0x48f540" }, { "name": "PtInRect", "address": "0x48f544" }, { "name": "DestroyAcceleratorTable", "address": "0x48f548" }, { "name": "CreateAcceleratorTableW", "address": "0x48f54c" }, { "name": "SetCursor", "address": "0x48f550" }, { "name": "GetWindowDC", "address": "0x48f554" }, { "name": "GetSystemMetrics", "address": "0x48f558" }, { "name": "GetActiveWindow", "address": "0x48f55c" }, { "name": "CharNextW", "address": "0x48f560" }, { "name": "wsprintfW", "address": "0x48f564" }, { "name": "RedrawWindow", "address": "0x48f568" }, { "name": "DrawMenuBar", "address": "0x48f56c" }, { "name": "DestroyMenu", "address": "0x48f570" }, { "name": "SetMenu", "address": "0x48f574" }, { "name": "GetWindowTextLengthW", "address": "0x48f578" }, { "name": "CreateMenu", "address": "0x48f57c" }, { "name": "IsDlgButtonChecked", "address": "0x48f580" }, { "name": "DefDlgProcW", "address": "0x48f584" }, { "name": "CallWindowProcW", "address": "0x48f588" }, { "name": "ReleaseCapture", "address": "0x48f58c" }, { "name": "SetCapture", "address": "0x48f590" }, { "name": "CreateIconFromResourceEx", "address": "0x48f594" }, { "name": "mouse_event", "address": "0x48f598" }, { "name": "ExitWindowsEx", "address": "0x48f59c" }, { "name": "SetActiveWindow", "address": "0x48f5a0" }, { "name": "FindWindowExW", "address": "0x48f5a4" }, { "name": "EnumThreadWindows", "address": "0x48f5a8" }, { "name": "SetMenuDefaultItem", "address": "0x48f5ac" }, { "name": "InsertMenuItemW", "address": "0x48f5b0" }, { "name": "IsMenu", "address": "0x48f5b4" }, { "name": "TrackPopupMenuEx", "address": "0x48f5b8" }, { "name": "GetCursorPos", "address": "0x48f5bc" }, { "name": "DeleteMenu", "address": "0x48f5c0" }, { "name": "SetRect", "address": "0x48f5c4" }, { "name": "GetMenuItemID", "address": "0x48f5c8" }, { "name": "GetMenuItemCount", "address": "0x48f5cc" }, { "name": "SetMenuItemInfoW", "address": "0x48f5d0" }, { "name": "GetMenuItemInfoW", "address": "0x48f5d4" }, { "name": "SetForegroundWindow", "address": "0x48f5d8" }, { "name": "IsIconic", "address": "0x48f5dc" }, { "name": "FindWindowW", "address": "0x48f5e0" }, { "name": "MonitorFromRect", "address": "0x48f5e4" }, { "name": "keybd_event", "address": "0x48f5e8" }, { "name": "SendInput", "address": "0x48f5ec" }, { "name": "GetAsyncKeyState", "address": "0x48f5f0" }, { "name": "SetKeyboardState", "address": "0x48f5f4" }, { "name": "GetKeyboardState", "address": "0x48f5f8" }, { "name": "GetKeyState", "address": "0x48f5fc" }, { "name": "VkKeyScanW", "address": "0x48f600" }, { "name": "LoadStringW", "address": "0x48f604" }, { "name": "DialogBoxParamW", "address": "0x48f608" }, { "name": "MessageBeep", "address": "0x48f60c" }, { "name": "EndDialog", "address": "0x48f610" }, { "name": "SendDlgItemMessageW", "address": "0x48f614" }, { "name": "GetDlgItem", "address": "0x48f618" }, { "name": "SetWindowTextW", "address": "0x48f61c" }, { "name": "CopyRect", "address": "0x48f620" }, { "name": "ReleaseDC", "address": "0x48f624" }, { "name": "GetDC", "address": "0x48f628" }, { "name": "EndPaint", "address": "0x48f62c" }, { "name": "BeginPaint", "address": "0x48f630" }, { "name": "GetClientRect", "address": "0x48f634" }, { "name": "GetMenu", "address": "0x48f638" }, { "name": "DestroyWindow", "address": "0x48f63c" }, { "name": "EnumWindows", "address": "0x48f640" }, { "name": "GetDesktopWindow", "address": "0x48f644" }, { "name": "IsWindow", "address": "0x48f648" }, { "name": "IsWindowEnabled", "address": "0x48f64c" }, { "name": "IsWindowVisible", "address": "0x48f650" }, { "name": "EnableWindow", "address": "0x48f654" }, { "name": "InvalidateRect", "address": "0x48f658" }, { "name": "GetWindowLongW", "address": "0x48f65c" }, { "name": "GetWindowThreadProcessId", "address": "0x48f660" }, { "name": "AttachThreadInput", "address": "0x48f664" }, { "name": "GetFocus", "address": "0x48f668" }, { "name": "GetWindowTextW", "address": "0x48f66c" }, { "name": "ScreenToClient", "address": "0x48f670" }, { "name": "SendMessageTimeoutW", "address": "0x48f674" }, { "name": "EnumChildWindows", "address": "0x48f678" }, { "name": "CharUpperBuffW", "address": "0x48f67c" }, { "name": "GetParent", "address": "0x48f680" }, { "name": "GetDlgCtrlID", "address": "0x48f684" }, { "name": "SendMessageW", "address": "0x48f688" }, { "name": "MapVirtualKeyW", "address": "0x48f68c" }, { "name": "PostMessageW", "address": "0x48f690" }, { "name": "GetWindowRect", "address": "0x48f694" }, { "name": "SetUserObjectSecurity", "address": "0x48f698" }, { "name": "CloseDesktop", "address": "0x48f69c" }, { "name": "CloseWindowStation", "address": "0x48f6a0" }, { "name": "OpenDesktopW", "address": "0x48f6a4" }, { "name": "SetProcessWindowStation", "address": "0x48f6a8" }, { "name": "GetProcessWindowStation", "address": "0x48f6ac" }, { "name": "OpenWindowStationW", "address": "0x48f6b0" }, { "name": "GetUserObjectSecurity", "address": "0x48f6b4" }, { "name": "MessageBoxW", "address": "0x48f6b8" }, { "name": "DefWindowProcW", "address": "0x48f6bc" }, { "name": "SetClipboardData", "address": "0x48f6c0" }, { "name": "EmptyClipboard", "address": "0x48f6c4" }, { "name": "CountClipboardFormats", "address": "0x48f6c8" }, { "name": "CloseClipboard", "address": "0x48f6cc" }, { "name": "GetClipboardData", "address": "0x48f6d0" }, { "name": "IsClipboardFormatAvailable", "address": "0x48f6d4" }, { "name": "OpenClipboard", "address": "0x48f6d8" }, { "name": "BlockInput", "address": "0x48f6dc" }, { "name": "GetMessageW", "address": "0x48f6e0" }, { "name": "LockWindowUpdate", "address": "0x48f6e4" }, { "name": "DispatchMessageW", "address": "0x48f6e8" }, { "name": "TranslateMessage", "address": "0x48f6ec" }, { "name": "PeekMessageW", "address": "0x48f6f0" }, { "name": "UnregisterHotKey", "address": "0x48f6f4" }, { "name": "CheckMenuRadioItem", "address": "0x48f6f8" }, { "name": "CharLowerBuffW", "address": "0x48f6fc" }, { "name": "MoveWindow", "address": "0x48f700" }, { "name": "SetFocus", "address": "0x48f704" }, { "name": "PostQuitMessage", "address": "0x48f708" }, { "name": "KillTimer", "address": "0x48f70c" }, { "name": "CreatePopupMenu", "address": "0x48f710" }, { "name": "RegisterWindowMessageW", "address": "0x48f714" }, { "name": "SetTimer", "address": "0x48f718" }, { "name": "ShowWindow", "address": "0x48f71c" }, { "name": "CreateWindowExW", "address": "0x48f720" }, { "name": "RegisterClassExW", "address": "0x48f724" }, { "name": "LoadIconW", "address": "0x48f728" }, { "name": "LoadCursorW", "address": "0x48f72c" }, { "name": "GetSysColorBrush", "address": "0x48f730" }, { "name": "GetForegroundWindow", "address": "0x48f734" }, { "name": "MessageBoxA", "address": "0x48f738" }, { "name": "DestroyIcon", "address": "0x48f73c" }, { "name": "SystemParametersInfoW", "address": "0x48f740" }, { "name": "LoadImageW", "address": "0x48f744" }, { "name": "GetClassNameW", "address": "0x48f748" } ], "dll": "USER32.dll" }, { "imports": [ { "name": "StrokePath", "address": "0x48f0c4" }, { "name": "DeleteObject", "address": "0x48f0c8" }, { "name": "GetTextExtentPoint32W", "address": "0x48f0cc" }, { "name": "ExtCreatePen", "address": "0x48f0d0" }, { "name": "GetDeviceCaps", "address": "0x48f0d4" }, { "name": "EndPath", "address": "0x48f0d8" }, { "name": "SetPixel", "address": "0x48f0dc" }, { "name": "CloseFigure", "address": "0x48f0e0" }, { "name": "CreateCompatibleBitmap", "address": "0x48f0e4" }, { "name": "CreateCompatibleDC", "address": "0x48f0e8" }, { "name": "SelectObject", "address": "0x48f0ec" }, { "name": "StretchBlt", "address": "0x48f0f0" }, { "name": "GetDIBits", "address": "0x48f0f4" }, { "name": "LineTo", "address": "0x48f0f8" }, { "name": "AngleArc", "address": "0x48f0fc" }, { "name": "MoveToEx", "address": "0x48f100" }, { "name": "Ellipse", "address": "0x48f104" }, { "name": "DeleteDC", "address": "0x48f108" }, { "name": "GetPixel", "address": "0x48f10c" }, { "name": "CreateDCW", "address": "0x48f110" }, { "name": "GetStockObject", "address": "0x48f114" }, { "name": "GetTextFaceW", "address": "0x48f118" }, { "name": "CreateFontW", "address": "0x48f11c" }, { "name": "SetTextColor", "address": "0x48f120" }, { "name": "PolyDraw", "address": "0x48f124" }, { "name": "BeginPath", "address": "0x48f128" }, { "name": "Rectangle", "address": "0x48f12c" }, { "name": "SetViewportOrgEx", "address": "0x48f130" }, { "name": "GetObjectW", "address": "0x48f134" }, { "name": "SetBkMode", "address": "0x48f138" }, { "name": "RoundRect", "address": "0x48f13c" }, { "name": "SetBkColor", "address": "0x48f140" }, { "name": "CreatePen", "address": "0x48f144" }, { "name": "CreateSolidBrush", "address": "0x48f148" }, { "name": "StrokeAndFillPath", "address": "0x48f14c" } ], "dll": "GDI32.dll" }, { "imports": [ { "name": "GetOpenFileNameW", "address": "0x48f0b8" }, { "name": "GetSaveFileNameW", "address": "0x48f0bc" } ], "dll": "COMDLG32.dll" }, { "imports": [ { "name": "GetAce", "address": "0x48f000" }, { "name": "RegEnumValueW", "address": "0x48f004" }, { "name": "RegDeleteValueW", "address": "0x48f008" }, { "name": "RegDeleteKeyW", "address": "0x48f00c" }, { "name": "RegEnumKeyExW", "address": "0x48f010" }, { "name": "RegSetValueExW", "address": "0x48f014" }, { "name": "RegOpenKeyExW", "address": "0x48f018" }, { "name": "RegCloseKey", "address": "0x48f01c" }, { "name": "RegQueryValueExW", "address": "0x48f020" }, { "name": "RegConnectRegistryW", "address": "0x48f024" }, { "name": "InitializeSecurityDescriptor", "address": "0x48f028" }, { "name": "InitializeAcl", "address": "0x48f02c" }, { "name": "AdjustTokenPrivileges", "address": "0x48f030" }, { "name": "OpenThreadToken", "address": "0x48f034" }, { "name": "OpenProcessToken", "address": "0x48f038" }, { "name": "LookupPrivilegeValueW", "address": "0x48f03c" }, { "name": "DuplicateTokenEx", "address": "0x48f040" }, { "name": "CreateProcessAsUserW", "address": "0x48f044" }, { "name": "CreateProcessWithLogonW", "address": "0x48f048" }, { "name": "GetLengthSid", "address": "0x48f04c" }, { "name": "CopySid", "address": "0x48f050" }, { "name": "LogonUserW", "address": "0x48f054" }, { "name": "AllocateAndInitializeSid", "address": "0x48f058" }, { "name": "CheckTokenMembership", "address": "0x48f05c" }, { "name": "RegCreateKeyExW", "address": "0x48f060" }, { "name": "FreeSid", "address": "0x48f064" }, { "name": "GetTokenInformation", "address": "0x48f068" }, { "name": "GetSecurityDescriptorDacl", "address": "0x48f06c" }, { "name": "GetAclInformation", "address": "0x48f070" }, { "name": "AddAce", "address": "0x48f074" }, { "name": "SetSecurityDescriptorDacl", "address": "0x48f078" }, { "name": "GetUserNameW", "address": "0x48f07c" }, { "name": "InitiateSystemShutdownExW", "address": "0x48f080" } ], "dll": "ADVAPI32.dll" }, { "imports": [ { "name": "DragQueryPoint", "address": "0x48f48c" }, { "name": "ShellExecuteExW", "address": "0x48f490" }, { "name": "DragQueryFileW", "address": "0x48f494" }, { "name": "SHEmptyRecycleBinW", "address": "0x48f498" }, { "name": "SHGetPathFromIDListW", "address": "0x48f49c" }, { "name": "SHBrowseForFolderW", "address": "0x48f4a0" }, { "name": "SHCreateShellItem", "address": "0x48f4a4" }, { "name": "SHGetDesktopFolder", "address": "0x48f4a8" }, { "name": "SHGetSpecialFolderLocation", "address": "0x48f4ac" }, { "name": "SHGetFolderPathW", "address": "0x48f4b0" }, { "name": "SHFileOperationW", "address": "0x48f4b4" }, { "name": "ExtractIconExW", "address": "0x48f4b8" }, { "name": "Shell_NotifyIconW", "address": "0x48f4bc" }, { "name": "ShellExecuteW", "address": "0x48f4c0" }, { "name": "DragFinish", "address": "0x48f4c4" } ], "dll": "SHELL32.dll" }, { "imports": [ { "name": "CoTaskMemAlloc", "address": "0x48f828" }, { "name": "CoTaskMemFree", "address": "0x48f82c" }, { "name": "CLSIDFromString", "address": "0x48f830" }, { "name": "ProgIDFromCLSID", "address": "0x48f834" }, { "name": "CLSIDFromProgID", "address": "0x48f838" }, { "name": "OleSetMenuDescriptor", "address": "0x48f83c" }, { "name": "MkParseDisplayName", "address": "0x48f840" }, { "name": "OleSetContainedObject", "address": "0x48f844" }, { "name": "CoCreateInstance", "address": "0x48f848" }, { "name": "IIDFromString", "address": "0x48f84c" }, { "name": "StringFromGUID2", "address": "0x48f850" }, { "name": "CreateStreamOnHGlobal", "address": "0x48f854" }, { "name": "OleInitialize", "address": "0x48f858" }, { "name": "OleUninitialize", "address": "0x48f85c" }, { "name": "CoInitialize", "address": "0x48f860" }, { "name": "CoUninitialize", "address": "0x48f864" }, { "name": "GetRunningObjectTable", "address": "0x48f868" }, { "name": "CoGetInstanceFromFile", "address": "0x48f86c" }, { "name": "CoGetObject", "address": "0x48f870" }, { "name": "CoSetProxyBlanket", "address": "0x48f874" }, { "name": "CoCreateInstanceEx", "address": "0x48f878" }, { "name": "CoInitializeSecurity", "address": "0x48f87c" } ], "dll": "ole32.dll" }, { "imports": [ { "name": "LoadTypeLibEx", "address": "0x48f40c" }, { "name": "VariantCopyInd", "address": "0x48f410" }, { "name": "SysReAllocString", "address": "0x48f414" }, { "name": "SysFreeString", "address": "0x48f418" }, { "name": "SafeArrayDestroyDescriptor", "address": "0x48f41c" }, { "name": "SafeArrayDestroyData", "address": "0x48f420" }, { "name": "SafeArrayUnaccessData", "address": "0x48f424" }, { "name": "SafeArrayAccessData", "address": "0x48f428" }, { "name": "SafeArrayAllocData", "address": "0x48f42c" }, { "name": "SafeArrayAllocDescriptorEx", "address": "0x48f430" }, { "name": "SafeArrayCreateVector", "address": "0x48f434" }, { "name": "RegisterTypeLib", "address": "0x48f438" }, { "name": "CreateStdDispatch", "address": "0x48f43c" }, { "name": "DispCallFunc", "address": "0x48f440" }, { "name": "VariantChangeType", "address": "0x48f444" }, { "name": "SysStringLen", "address": "0x48f448" }, { "name": "VariantTimeToSystemTime", "address": "0x48f44c" }, { "name": "VarR8FromDec", "address": "0x48f450" }, { "name": "SafeArrayGetVartype", "address": "0x48f454" }, { "name": "VariantCopy", "address": "0x48f458" }, { "name": "VariantClear", "address": "0x48f45c" }, { "name": "OleLoadPicture", "address": "0x48f460" }, { "name": "QueryPathOfRegTypeLib", "address": "0x48f464" }, { "name": "RegisterTypeLibForUser", "address": "0x48f468" }, { "name": "UnRegisterTypeLibForUser", "address": "0x48f46c" }, { "name": "UnRegisterTypeLib", "address": "0x48f470" }, { "name": "CreateDispTypeInfo", "address": "0x48f474" }, { "name": "SysAllocString", "address": "0x48f478" }, { "name": "VariantInit", "address": "0x48f47c" } ], "dll": "OLEAUT32.dll" } ], "digital_signers": null, "exported_dll_name": null, "actual_checksum": "0x000fec83", "overlay": { "size": "0x00001b68", "offset": "0x000f4a00" }, "imagebase": "0x00400000", "reported_checksum": "0x000f602f", "icon_hash": null, "entrypoint": "0x0042800a", "timestamp": "2019-06-27 10:31:27", "osversion": "5.1", "sections": [ { "name": ".text", "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ", "virtual_address": "0x00001000", "size_of_data": "0x0008e000", "entropy": "6.68", "raw_address": "0x00000400", "virtual_size": "0x0008dfdd", "characteristics_raw": "0x60000020" }, { "name": ".rdata", "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ", "virtual_address": "0x0008f000", "size_of_data": "0x0002fe00", "entropy": "5.76", "raw_address": "0x0008e400", "virtual_size": "0x0002fd8e", "characteristics_raw": "0x40000040" }, { "name": ".data", "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE", "virtual_address": "0x000bf000", "size_of_data": "0x00005200", "entropy": "1.20", "raw_address": "0x000be200", "virtual_size": "0x00008f74", "characteristics_raw": "0xc0000040" }, { "name": ".rsrc", "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ", "virtual_address": "0x000c8000", "size_of_data": "0x0002a400", "entropy": "7.68", "raw_address": "0x000c3400", "virtual_size": "0x0002a26c", "characteristics_raw": "0x40000040" }, { "name": ".reloc", "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ", "virtual_address": "0x000f3000", "size_of_data": "0x00007200", "entropy": "6.78", "raw_address": "0x000ed800", "virtual_size": "0x00007134", "characteristics_raw": "0x42000040" } ], "resources": [], "dirents": [ { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_EXPORT", "size": "0x00000000" }, { "virtual_address": "0x000bc0cc", "name": "IMAGE_DIRECTORY_ENTRY_IMPORT", "size": "0x0000017c" }, { "virtual_address": "0x000c8000", "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE", "size": "0x0002a26c" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION", "size": "0x00000000" }, { "virtual_address": "0x000f4a00", "name": "IMAGE_DIRECTORY_ENTRY_SECURITY", "size": "0x00001b68" }, { "virtual_address": "0x000f3000", "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC", "size": "0x00007134" }, { "virtual_address": "0x00092bc0", "name": "IMAGE_DIRECTORY_ENTRY_DEBUG", "size": "0x0000001c" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT", "size": "0x00000000" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR", "size": "0x00000000" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_TLS", "size": "0x00000000" }, { "virtual_address": "0x000a4b50", "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG", "size": "0x00000040" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT", "size": "0x00000000" }, { "virtual_address": "0x0008f000", "name": "IMAGE_DIRECTORY_ENTRY_IAT", "size": "0x00000884" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT", "size": "0x00000000" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR", "size": "0x00000000" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_RESERVED", "size": "0x00000000" } ], "exports": [], "guest_signers": {}, "imphash": "afcdf79be1557326c854b6e20cb900a7", "icon_fuzzy": null, "icon": null, "pdbpath": null, "imported_dll_count": 18, "versioninfo": [] } } [*] Resolved APIs: [ "kernel32.dll.FlsAlloc", "kernel32.dll.FlsFree", "kernel32.dll.FlsGetValue", "kernel32.dll.FlsSetValue", "kernel32.dll.InitializeCriticalSectionEx", "kernel32.dll.CreateEventExW", "kernel32.dll.CreateSemaphoreExW", "kernel32.dll.SetThreadStackGuarantee", "kernel32.dll.CreateThreadpoolTimer", "kernel32.dll.SetThreadpoolTimer", "kernel32.dll.WaitForThreadpoolTimerCallbacks", "kernel32.dll.CloseThreadpoolTimer", "kernel32.dll.CreateThreadpoolWait", "kernel32.dll.SetThreadpoolWait", "kernel32.dll.CloseThreadpoolWait", "kernel32.dll.FlushProcessWriteBuffers", "kernel32.dll.FreeLibraryWhenCallbackReturns", "kernel32.dll.GetCurrentProcessorNumber", "kernel32.dll.GetLogicalProcessorInformation", "kernel32.dll.CreateSymbolicLinkW", "kernel32.dll.EnumSystemLocalesEx", "kernel32.dll.CompareStringEx", "kernel32.dll.GetDateFormatEx", "kernel32.dll.GetLocaleInfoEx", "kernel32.dll.GetTimeFormatEx", "kernel32.dll.GetUserDefaultLocaleName", "kernel32.dll.IsValidLocaleName", "kernel32.dll.LCMapStringEx", "kernel32.dll.GetTickCount64", "kernel32.dll.GetNativeSystemInfo", "cryptbase.dll.SystemFunction036", "uxtheme.dll.ThemeInitApiHook", "user32.dll.IsProcessDPIAware", "kernel32.dll.Wow64DisableWow64FsRedirection", "kernel32.dll.Wow64RevertWow64FsRedirection", "dwmapi.dll.DwmIsCompositionEnabled", "comctl32.dll.RegisterClassNameW", "kernel32.dll.SortGetHandle", "kernel32.dll.SortCloseHandle", "uxtheme.dll.OpenThemeData", "uxtheme.dll.GetThemeBool", "imm32.dll.ImmGetContext", "imm32.dll.ImmReleaseContext", "imm32.dll.ImmAssociateContext", "imm32.dll.ImmIsIME", "comctl32.dll.HIMAGELIST_QueryInterface", "comctl32.dll.DrawShadowText", "comctl32.dll.DrawSizeBox", "comctl32.dll.DrawScrollBar", "comctl32.dll.SizeBoxHwnd", "comctl32.dll.ScrollBar_MouseMove", "comctl32.dll.ScrollBar_Menu", "comctl32.dll.HandleScrollCmd", "comctl32.dll.DetachScrollBars", "comctl32.dll.AttachScrollBars", "comctl32.dll.CCSetScrollInfo", "comctl32.dll.CCGetScrollInfo", "comctl32.dll.CCEnableScrollBar", "comctl32.dll.QuerySystemGestureStatus", "uxtheme.dll.#49", "kernel32.dll.CreateMutexW", "kernel32.dll.GetLastError", "sxs.dll.SxsOleAut32RedirectTypeLibrary", "advapi32.dll.RegOpenKeyW", "advapi32.dll.RegQueryValueW", "sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid", "sspicli.dll.GetUserNameExW", "xmllite.dll.CreateXmlWriter", "xmllite.dll.CreateXmlWriterOutputWithEncodingName", "uxtheme.dll.CloseThemeData", "oleaut32.dll.#500", "advapi32.dll.RegisterEventSourceW", "advapi32.dll.ReportEventW", "advapi32.dll.DeregisterEventSource", "ole32.dll.CoTaskMemAlloc", "qmgr.dll.ServiceMain", "advapi32.dll.SetEntriesInAclW", "ole32.dll.CoInitializeEx", "ws2_32.dll.#115", "ws2_32.dll.WSASocketW", "ws2_32.dll.WSAIoctl", "ws2_32.dll.#111", "bitsigd.dll.InitializeEx", "ole32.dll.CoCreateInstance", "upnp.dll.DllGetClassObject", "upnp.dll.DllCanUnloadNow", "rpcrt4.dll.RpcStringBindingComposeA", "rpcrt4.dll.RpcBindingFromStringBindingA", "rpcrt4.dll.RpcStringFreeA", "rpcrt4.dll.NdrClientCall3", "rpcrt4.dll.I_RpcExceptionFilter", "sechost.dll.OpenSCManagerA", "sechost.dll.OpenServiceA", "sechost.dll.QueryServiceStatus", "sechost.dll.StartServiceA", "sechost.dll.CloseServiceHandle", "rpcrt4.dll.RpcBindingFree", "ws2_32.dll.#116", "advapi32.dll.LogonUserW", "wtsapi32.dll.WTSQueryUserToken", "wtsapi32.dll.WTSEnumerateSessionsW", "wtsapi32.dll.WTSFreeMemory", "advapi32.dll.QueryAllTracesW", "vssapi.dll.CreateWriter", "propsys.dll.VariantToPropVariant", "ole32.dll.CoRegisterClassObject", "iphlpapi.dll.GetAdaptersAddresses", "wmisvc.dll.ServiceMain", "sechost.dll.RegisterServiceCtrlHandlerExW", "sechost.dll.SetServiceStatus", "wbemcore.dll.Reinitialize", "advapi32.dll.WmiOpenBlock", "kernel32.dll.SetThreadUILanguage", "kernel32.dll.CopyFileExW", "kernel32.dll.IsDebuggerPresent", "kernel32.dll.SetConsoleInputExeNameW", "sechost.dll.LookupAccountSidLocalW", "ntmarta.dll.GetMartaExtensionInterface", "sechost.dll.LookupAccountNameLocalW", "mscorsvc.dll.CorGetSvc", "advapi32.dll.StartServiceCtrlDispatcherW", "kernel32.dll.VerSetConditionMask", "kernel32.dll.VerifyVersionInfoW", "advapi32.dll.RegisterServiceCtrlHandlerExW", "advapi32.dll.SetServiceStatus", "advapi32.dll.OpenSCManagerW", "advapi32.dll.OpenServiceW", "advapi32.dll.ChangeServiceConfigW", "advapi32.dll.CloseServiceHandle", "mscoree.dll.CorIsLatestSvc", "advapi32.dll.RegOpenKeyExW", "advapi32.dll.RegQueryInfoKeyW", "advapi32.dll.RegEnumKeyExW", "advapi32.dll.RegEnumValueW", "advapi32.dll.RegCloseKey", "advapi32.dll.RegQueryValueExW", "shlwapi.dll.UrlIsW", "msidle.dll.#8", "wtsapi32.dll.WTSQuerySessionInformationW", "winsta.dll.WinStationEnumerateW", "advapi32.dll.LookupAccountSidW", "advapi32.dll.CreateWellKnownSid", "rpcrt4.dll.RpcStringBindingComposeW", "rpcrt4.dll.RpcBindingFromStringBindingW", "rpcrt4.dll.RpcStringFreeW", "rpcrt4.dll.RpcBindingSetAuthInfoExW", "winsta.dll.WinStationFreeMemory", "powrprof.dll.CallNtPowerInformation", "advapi32.dll.QueryServiceConfig2W", "advapi32.dll.LookupPrivilegeValueW", "advapi32.dll.OpenProcessToken", "advapi32.dll.GetTokenInformation", "advapi32.dll.CreateRestrictedToken", "mscoree.dll.GetCORRootDirectory", "advapi32.dll.CreateProcessAsUserW", "oleaut32.dll.BSTR_UserSize", "oleaut32.dll.BSTR_UserMarshal", "oleaut32.dll.BSTR_UserUnmarshal", "oleaut32.dll.BSTR_UserFree", "oleaut32.dll.VARIANT_UserSize", "oleaut32.dll.VARIANT_UserMarshal", "oleaut32.dll.VARIANT_UserUnmarshal", "oleaut32.dll.VARIANT_UserFree", "oleaut32.dll.LPSAFEARRAY_UserSize", "oleaut32.dll.LPSAFEARRAY_UserMarshal", "oleaut32.dll.LPSAFEARRAY_UserUnmarshal", "oleaut32.dll.LPSAFEARRAY_UserFree", "ole32.dll.CoInitializeSecurity", "fntcache.dll.ServiceMain", "fntcache.dll.SvchostPushServiceGlobals", "ssdpsrv.dll.ServiceMain", "ssdpsrv.dll.SvchostPushServiceGlobals", "firewallapi.dll.IcfChangeNotificationCreate", "firewallapi.dll.IcfChangeNotificationDestroy", "firewallapi.dll.IcfAddrChangeNotificationCreate", "advapi32.dll.RegCreateKeyExW", "advapi32.dll.RegNotifyChangeKeyValue", "cryptsp.dll.CryptAcquireContextW", "cryptsp.dll.CryptCreateHash", "cryptsp.dll.CryptHashData", "cryptsp.dll.CryptGetHashParam", "cryptsp.dll.CryptDestroyHash", "cryptsp.dll.CryptReleaseContext", "mswsock.dll.WSPStartup", "wship6.dll.WSHOpenSocket", "wship6.dll.WSHOpenSocket2", "wship6.dll.WSHJoinLeaf", "wship6.dll.WSHNotify", "wship6.dll.WSHGetSocketInformation", "wship6.dll.WSHSetSocketInformation", "wship6.dll.WSHGetSockaddrType", "wship6.dll.WSHGetWildcardSockaddr", "wship6.dll.WSHAddressToString", "wship6.dll.WSHStringToAddress", "wship6.dll.WSHIoctl", "wshtcpip.dll.WSHOpenSocket", "wshtcpip.dll.WSHOpenSocket2", "wshtcpip.dll.WSHJoinLeaf", "wshtcpip.dll.WSHNotify", "wshtcpip.dll.WSHGetSocketInformation", "wshtcpip.dll.WSHSetSocketInformation", "wshtcpip.dll.WSHGetSockaddrType", "wshtcpip.dll.WSHGetWildcardSockaddr", "wshtcpip.dll.WSHGetBroadcastSockaddr", "wshtcpip.dll.WSHAddressToString", "wshtcpip.dll.WSHStringToAddress", "wshtcpip.dll.WSHIoctl", "iphlpapi.dll.ConvertInterfaceGuidToLuid", "secur32.dll.InitSecurityInterfaceW", "cryptsp.dll.SystemFunction035", "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint", "iphlpapi.dll.NotifyUnicastIpAddressChange", "advapi32.dll.EventWrite", "advapi32.dll.EventRegister", "advapi32.dll.EventUnregister", "advapi32.dll.EventEnabled", "ntdll.dll.ZwQueryInformationProcess", "ntdll.dll.NtQuerySection", "ntdll.dll.LdrProcessRelocationBlock", "sppwinob.dll.SppPluginInitialize", "sppwinob.dll.SppPluginShutdown", "sppwinob.dll.SppPluginCreateInstance", "sppwinob.dll.SppPluginCanUnloadNow", "sppobjs.dll.SppPluginInitialize", "sppobjs.dll.SppPluginShutdown", "sppobjs.dll.SppPluginCreateInstance", "sppobjs.dll.SppPluginCanUnloadNow", "advapi32.dll.NotifyServiceStatusChangeW", "setupapi.dll.SetupDiGetClassDevsW", "setupapi.dll.SetupDiEnumDeviceInfo", "setupapi.dll.SetupDiGetDeviceRegistryPropertyW", "setupapi.dll.SetupDiDestroyDeviceInfoList", "wintrust.dll.WinVerifyTrust", "setupapi.dll.SetupDiEnumDeviceInterfaces", "setupapi.dll.SetupDiGetDeviceInterfaceDetailW", "kernel32.dll.GetSystemFirmwareTable", "iphlpapi.dll.GetBestRoute2", "bcryptprimitives.dll.GetHashInterface", "advapi32.dll.TraceMessage", "advapi32.dll.TraceMessageVa", "mpsvc.dll.ServiceMain", "mpsvc.dll.SvchostPushServiceGlobals", "user32.dll.GetSystemMetrics", "kernel32.dll.CreateThreadpoolWork", "kernel32.dll.SubmitThreadpoolWork", "kernel32.dll.WaitForThreadpoolWorkCallbacks", "kernel32.dll.CloseThreadpoolWork", "kernel32.dll.CreateThreadpool", "kernel32.dll.CloseThreadpool", "kernel32.dll.SetThreadpoolThreadMinimum", "kernel32.dll.SetThreadpoolThreadMaximum", "gpapi.dll.RegisterGPNotificationInternal", "sechost.dll.OpenSCManagerW", "sechost.dll.OpenServiceW", "sechost.dll.QueryServiceConfigW", "cryptsp.dll.CryptGenRandom", "wintrust.dll.WintrustCertificateTrust", "wintrust.dll.SoftpubAuthenticode", "wintrust.dll.SoftpubInitialize", "wintrust.dll.SoftpubLoadMessage", "wintrust.dll.SoftpubLoadSignature", "wintrust.dll.SoftpubCheckCert", "wintrust.dll.SoftpubCleanup", "cryptsp.dll.CryptAcquireContextA", "wintrust.dll.CryptSIPPutSignedDataMsg", "wintrust.dll.CryptSIPGetSignedDataMsg", "imagehlp.dll.ImageGetCertificateData", "user32.dll.LoadStringW", "wintrust.dll.CryptSIPCreateIndirectData", "wintrust.dll.WVTAsn1SpcPeImageDataEncode", "bcrypt.dll.BCryptOpenAlgorithmProvider", "bcrypt.dll.BCryptGetProperty", "bcrypt.dll.BCryptCreateHash", "bcrypt.dll.BCryptHashData", "bcrypt.dll.BCryptFinishHash", "bcrypt.dll.BCryptDestroyHash", "bcrypt.dll.BCryptCloseAlgorithmProvider", "sechost.dll.ConvertStringSidToSidW", "sechost.dll.QueryServiceConfigA", "ncrypt.dll.BCryptOpenAlgorithmProvider", "ncrypt.dll.BCryptGetProperty", "ncrypt.dll.BCryptCreateHash", "ncrypt.dll.BCryptHashData", "ncrypt.dll.BCryptFinishHash", "cryptsp.dll.CryptSetHashParam", "cryptsp.dll.CryptImportKey", "cryptsp.dll.CryptVerifySignatureA", "cryptsp.dll.CryptDestroyKey", "ncrypt.dll.BCryptDestroyHash", "userenv.dll.GetUserProfileDirectoryW", "sechost.dll.ConvertSidToStringSidW", "userenv.dll.RegisterGPNotification", "advapi32.dll.SaferiSearchMatchingHashRules", "mprtp.dll.MpPluginInitialize", "mprtp.dll.MpPluginShutdown", "mprtp.dll.MpPluginSetEngine", "mprtp.dll.MpPluginReportThreadStatus", "mprtp.dll.MpPluginGetState", "mprtp.dll.MpPluginStop", "mprtp.dll.MpPluginSetState", "mprtp.dll.MpPluginSetUserInformation", "kernel32.dll.GetVolumePathNamesForVolumeNameW", "wintrust.dll.CryptSIPVerifyIndirectData", "advapi32.dll.AddAccessAllowedAce", "advapi32.dll.AddAccessAllowedAceEx", "advapi32.dll.AddAce", "advapi32.dll.AdjustTokenPrivileges", "advapi32.dll.AllocateAndInitializeSid", "advapi32.dll.ChangeServiceConfig2W", "advapi32.dll.CheckTokenMembership", "advapi32.dll.CloseEncryptedFileRaw", "advapi32.dll.ControlService", "advapi32.dll.ConvertSidToStringSidW", "advapi32.dll.ConvertStringSidToSidW", "advapi32.dll.CopySid", "advapi32.dll.CreateServiceW", "advapi32.dll.CryptAcquireContextW", "advapi32.dll.CryptCreateHash", "advapi32.dll.CryptDestroyHash", "advapi32.dll.CryptDestroyKey", "advapi32.dll.CryptGenRandom", "advapi32.dll.CryptHashData", "advapi32.dll.CryptImportKey", "advapi32.dll.CryptReleaseContext", "advapi32.dll.CryptVerifySignatureW", "advapi32.dll.DeleteService", "advapi32.dll.DuplicateToken", "advapi32.dll.EnumDependentServicesW", "advapi32.dll.EnumServicesStatusExW", "advapi32.dll.FreeSid", "advapi32.dll.GetAce", "advapi32.dll.GetAclInformation", "advapi32.dll.GetFileSecurityW", "advapi32.dll.GetKernelObjectSecurity", "advapi32.dll.GetLengthSid", "advapi32.dll.GetNamedSecurityInfoW", "advapi32.dll.GetSecurityDescriptorDacl", "advapi32.dll.GetSecurityDescriptorOwner", "advapi32.dll.GetSecurityInfo", "advapi32.dll.GetTraceEnableFlags", "advapi32.dll.GetTraceEnableLevel", "advapi32.dll.GetTraceLoggerHandle", "advapi32.dll.InitializeAcl", "advapi32.dll.InitializeSecurityDescriptor", "advapi32.dll.InitiateSystemShutdownExW", "advapi32.dll.IsValidAcl", "advapi32.dll.IsValidSid", "advapi32.dll.LockServiceDatabase", "advapi32.dll.LsaAddAccountRights", "advapi32.dll.LsaClose", "advapi32.dll.LsaOpenPolicy", "advapi32.dll.OpenEncryptedFileRawW", "advapi32.dll.OpenThreadToken", "advapi32.dll.QueryServiceConfigW", "advapi32.dll.QueryServiceStatusEx", "advapi32.dll.ReadEncryptedFileRaw", "advapi32.dll.RegCreateKeyTransactedW", "advapi32.dll.RegDeleteKeyTransactedW", "advapi32.dll.RegDeleteKeyW", "advapi32.dll.RegDeleteValueW", "advapi32.dll.RegDisableReflectionKey", "advapi32.dll.RegEnableReflectionKey", "advapi32.dll.RegFlushKey", "advapi32.dll.RegLoadKeyW", "advapi32.dll.RegOpenKeyTransactedW", "advapi32.dll.RegQueryReflectionKey", "advapi32.dll.RegReplaceKeyW", "advapi32.dll.RegRestoreKeyW", "advapi32.dll.RegSaveKeyW", "advapi32.dll.RegSetValueExW", "advapi32.dll.RegUnLoadKeyW", "advapi32.dll.RegisterTraceGuidsW", "advapi32.dll.SetFileSecurityW", "advapi32.dll.SetKernelObjectSecurity", "advapi32.dll.SetNamedSecurityInfoW", "advapi32.dll.SetSecurityDescriptorDacl", "advapi32.dll.SetSecurityDescriptorOwner", "advapi32.dll.SetSecurityInfo", "advapi32.dll.SetThreadToken", "advapi32.dll.StartServiceW", "advapi32.dll.TraceEvent", "advapi32.dll.UnlockServiceDatabase", "advapi32.dll.UnregisterTraceGuids", "advapi32.dll.WriteEncryptedFileRaw", "wintrust.dll.WTHelperGetProvSignerFromChain", "wintrust.dll.WTHelperProvDataFromStateData", "kernel32.dll.BackupRead", "kernel32.dll.BackupWrite", "kernel32.dll.BeginUpdateResourceW", "kernel32.dll.ChangeTimerQueueTimer", "kernel32.dll.CloseHandle", "kernel32.dll.CompareStringA", "kernel32.dll.CompareStringW", "kernel32.dll.CopyFileW", "kernel32.dll.CreateDirectoryW", "kernel32.dll.CreateDirectoryTransactedW", "kernel32.dll.CreateEventW", "kernel32.dll.CreateFileA", "kernel32.dll.CreateFileMappingW", "kernel32.dll.CreateFileTransactedW", "kernel32.dll.CreateFileW", "kernel32.dll.CreateHardLinkW", "kernel32.dll.CreateIoCompletionPort", "kernel32.dll.OpenMutexW", "kernel32.dll.CreateProcessW", "kernel32.dll.CreateSemaphoreA", "kernel32.dll.CreateSemaphoreW", "kernel32.dll.CreateThread", "kernel32.dll.CreateTimerQueueTimer", "kernel32.dll.CreateToolhelp32Snapshot", "kernel32.dll.CreateWaitableTimerW", "kernel32.dll.DeleteFileA", "kernel32.dll.DeleteFileW", "kernel32.dll.DeleteFileTransactedW", "kernel32.dll.DeleteTimerQueueTimer", "kernel32.dll.DeviceIoControl", "kernel32.dll.DisableThreadLibraryCalls", "kernel32.dll.DuplicateHandle", "kernel32.dll.EndUpdateResourceW", "kernel32.dll.EnumSystemLocalesA", "kernel32.dll.ExitThread", "kernel32.dll.ExpandEnvironmentStringsW", "kernel32.dll.FatalAppExitA", "kernel32.dll.FileTimeToDosDateTime", "kernel32.dll.FileTimeToLocalFileTime", "kernel32.dll.FileTimeToSystemTime", "kernel32.dll.FillConsoleOutputAttribute", "kernel32.dll.FindClose", "kernel32.dll.FindFirstFileTransactedW", "kernel32.dll.FindFirstFileW", "kernel32.dll.FindFirstVolumeW", "kernel32.dll.FindNextFileW", "kernel32.dll.FindNextVolumeW", "kernel32.dll.FindResourceW", "kernel32.dll.FindVolumeClose", "kernel32.dll.FlushFileBuffers", "kernel32.dll.FlushInstructionCache", "kernel32.dll.FlushViewOfFile", "kernel32.dll.FormatMessageA", "kernel32.dll.FormatMessageW", "kernel32.dll.FreeEnvironmentStringsA", "kernel32.dll.FreeEnvironmentStringsW", "kernel32.dll.GetACP", "kernel32.dll.GetCPInfo", "kernel32.dll.GetCommandLineA", "kernel32.dll.GetCommandLineW", "kernel32.dll.GetComputerNameW", "kernel32.dll.GetConsoleCP", "kernel32.dll.GetConsoleMode", "kernel32.dll.GetConsoleOutputCP", "kernel32.dll.GetConsoleScreenBufferInfo", "kernel32.dll.GetConsoleWindow", "kernel32.dll.GetCurrentDirectoryA", "kernel32.dll.GetCurrentDirectoryW", "kernel32.dll.GetCurrentProcess", "kernel32.dll.GetCurrentProcessId", "kernel32.dll.GetCurrentThread", "kernel32.dll.GetCurrentThreadId", "kernel32.dll.GetDateFormatA", "kernel32.dll.GetDriveTypeA", "kernel32.dll.GetDriveTypeW", "kernel32.dll.GetEnvironmentStringsW", "kernel32.dll.GetEnvironmentVariableA", "kernel32.dll.GetEnvironmentVariableW", "kernel32.dll.GetExitCodeProcess", "kernel32.dll.GetFileAttributesA", "kernel32.dll.GetFileAttributesExW", "kernel32.dll.GetFileAttributesTransactedW", "kernel32.dll.GetFileAttributesW", "kernel32.dll.GetFileInformationByHandle", "kernel32.dll.GetFileSize", "kernel32.dll.GetFileSizeEx", "kernel32.dll.GetFileTime", "kernel32.dll.GetFileType", "kernel32.dll.GetFullPathNameA", "kernel32.dll.GetFullPathNameTransactedW", "kernel32.dll.GetFullPathNameW", "kernel32.dll.GetLocaleInfoA", "kernel32.dll.GetLocaleInfoW", "kernel32.dll.GetLocalTime", "kernel32.dll.GetLogicalDrives", "kernel32.dll.GetLongPathNameW", "kernel32.dll.GetModuleFileNameA", "kernel32.dll.GetModuleFileNameW", "kernel32.dll.GetModuleHandleW", "kernel32.dll.GetNumaHighestNodeNumber", "kernel32.dll.GetNumberOfConsoleInputEvents", "kernel32.dll.GetOEMCP", "kernel32.dll.GetPrivateProfileIntW", "kernel32.dll.GetPrivateProfileStringW", "kernel32.dll.GetProcessHeap", "kernel32.dll.GetProcessTimes", "kernel32.dll.GetQueuedCompletionStatus", "kernel32.dll.GetShortPathNameW", "kernel32.dll.GetStartupInfoA", "kernel32.dll.GetStartupInfoW", "kernel32.dll.GetStdHandle", "kernel32.dll.GetStringTypeA", "kernel32.dll.GetStringTypeW", "kernel32.dll.GetSystemDirectoryA", "kernel32.dll.GetSystemInfo", "kernel32.dll.GetSystemTime", "kernel32.dll.GetSystemTimeAsFileTime", "kernel32.dll.GetSystemWindowsDirectoryW", "kernel32.dll.GetTempFileNameA", "kernel32.dll.GetTempFileNameW", "kernel32.dll.GetTempPathA", "kernel32.dll.GetTempPathW", "kernel32.dll.GetThreadContext", "kernel32.dll.GetThreadPriority", "kernel32.dll.GetThreadTimes", "kernel32.dll.GetTickCount", "kernel32.dll.GetTimeFormatA", "kernel32.dll.GetTimeZoneInformation", "kernel32.dll.GetUserDefaultLCID", "kernel32.dll.GetUserGeoID", "kernel32.dll.GetVersion", "kernel32.dll.GetVersionExA", "kernel32.dll.GetVersionExW", "kernel32.dll.GetVolumeInformationW", "kernel32.dll.GetVolumePathNameW", "kernel32.dll.GetWindowsDirectoryW", "kernel32.dll.GlobalMemoryStatusEx", "kernel32.dll.HeapAlloc", "kernel32.dll.HeapCompact", "kernel32.dll.HeapCreate", "kernel32.dll.HeapReAlloc", "kernel32.dll.HeapSetInformation", "kernel32.dll.HeapSize", "kernel32.dll.HeapValidate", "kernel32.dll.InitializeCriticalSection", "kernel32.dll.InitializeCriticalSectionAndSpinCount", "kernel32.dll.IsProcessorFeaturePresent", "kernel32.dll.IsValidCodePage", "kernel32.dll.IsValidLocale", "kernel32.dll.IsWow64Process", "kernel32.dll.LCMapStringA", "kernel32.dll.LCMapStringW", "kernel32.dll.LoadLibraryA", "kernel32.dll.LoadLibraryExW", "kernel32.dll.LoadResource", "kernel32.dll.LocalAlloc", "kernel32.dll.LocalFree", "kernel32.dll.LockResource", "kernel32.dll.MapViewOfFile", "kernel32.dll.Module32FirstW", "kernel32.dll.Module32NextW", "kernel32.dll.MoveFileExA", "kernel32.dll.MoveFileExW", "kernel32.dll.MoveFileTransactedW", "kernel32.dll.MoveFileW", "kernel32.dll.MultiByteToWideChar", "kernel32.dll.OpenEventW", "kernel32.dll.OpenFileMappingW", "kernel32.dll.OpenProcess", "kernel32.dll.OpenSemaphoreW", "kernel32.dll.OpenThread", "kernel32.dll.OutputDebugStringA", "kernel32.dll.PeekConsoleInputA", "kernel32.dll.PostQueuedCompletionStatus", "kernel32.dll.QueryDosDeviceW", "kernel32.dll.QueryPerformanceCounter", "kernel32.dll.QueryPerformanceFrequency", "kernel32.dll.RaiseException", "kernel32.dll.ReadConsoleA", "kernel32.dll.ReadConsoleInputA", "kernel32.dll.ReadConsoleOutputAttribute", "kernel32.dll.ReadConsoleW", "kernel32.dll.ReadFile", "kernel32.dll.ReadProcessMemory", "kernel32.dll.RegisterWaitForSingleObject", "kernel32.dll.ReleaseMutex", "kernel32.dll.ReleaseSemaphore", "kernel32.dll.RemoveDirectoryTransactedW", "kernel32.dll.RemoveDirectoryW", "kernel32.dll.ResetEvent", "kernel32.dll.ResumeThread", "kernel32.dll.SetConsoleCtrlHandler", "kernel32.dll.SetConsoleCursorPosition", "kernel32.dll.SetConsoleMode", "kernel32.dll.SetConsoleTextAttribute", "kernel32.dll.SetEndOfFile", "kernel32.dll.SetEnvironmentVariableA", "kernel32.dll.SetEnvironmentVariableW", "kernel32.dll.SetErrorMode", "kernel32.dll.SetEvent", "kernel32.dll.SetFileAttributesTransactedW", "kernel32.dll.SetFileAttributesW", "kernel32.dll.SetFilePointer", "kernel32.dll.SetFilePointerEx", "kernel32.dll.SetFileTime", "kernel32.dll.SetHandleCount", "kernel32.dll.SetStdHandle", "kernel32.dll.SetThreadContext", "kernel32.dll.SetThreadPriority", "kernel32.dll.SetUnhandledExceptionFilter", "kernel32.dll.SetWaitableTimer", "kernel32.dll.SizeofResource", "kernel32.dll.Sleep", "kernel32.dll.SuspendThread", "kernel32.dll.SwitchToThread", "kernel32.dll.SystemTimeToFileTime", "kernel32.dll.TerminateProcess", "kernel32.dll.TerminateThread", "kernel32.dll.Thread32First", "kernel32.dll.Thread32Next", "kernel32.dll.TryEnterCriticalSection", "kernel32.dll.UnhandledExceptionFilter", "kernel32.dll.UnmapViewOfFile", "kernel32.dll.UnregisterWaitEx", "kernel32.dll.UpdateResourceW", "kernel32.dll.VirtualAlloc", "kernel32.dll.VirtualAllocEx", "kernel32.dll.VirtualFree", "kernel32.dll.VirtualFreeEx", "kernel32.dll.VirtualProtect", "kernel32.dll.VirtualQuery", "kernel32.dll.VirtualQueryEx", "kernel32.dll.VirtualUnlock", "kernel32.dll.WaitForMultipleObjects", "kernel32.dll.WaitForSingleObject", "kernel32.dll.WideCharToMultiByte", "kernel32.dll.WriteConsoleA", "kernel32.dll.WriteConsoleOutputAttribute", "kernel32.dll.WriteConsoleW", "kernel32.dll.WriteFile", "kernel32.dll.WritePrivateProfileStringW", "kernel32.dll.WriteProcessMemory", "kernel32.dll.lstrcmpA", "ntdll.dll.LdrUnloadDll", "ntdll.dll.NtClose", "ntdll.dll.NtCreateFile", "ntdll.dll.NtCreateKey", "ntdll.dll.NtDeleteKey", "ntdll.dll.NtDeleteValueKey", "ntdll.dll.NtEnumerateKey", "ntdll.dll.NtOpenDirectoryObject", "ntdll.dll.NtOpenFile", "ntdll.dll.NtOpenKey", "ntdll.dll.NtOpenSymbolicLinkObject", "ntdll.dll.NtQueryDirectoryFile", "ntdll.dll.NtQueryDirectoryObject", "ntdll.dll.NtQueryInformationFile", "ntdll.dll.NtQueryInformationProcess", "ntdll.dll.NtQueryInformationThread", "ntdll.dll.NtQueryKey", "ntdll.dll.NtQuerySymbolicLinkObject", "ntdll.dll.NtQuerySystemInformation", "ntdll.dll.NtQueryValueKey", "ntdll.dll.NtQueryVolumeInformationFile", "ntdll.dll.NtSetInformationFile", "ntdll.dll.NtSetValueKey", "ntdll.dll.RtlInitUnicodeString", "ntdll.dll.RtlNtStatusToDosError", "mpengine.dll.__rsignal", "iphlpapi.dll.GetExtendedTcpTable", "iphlpapi.dll.GetExtendedUdpTable", "wintrust.dll.CryptCATAdminCalcHashFromFileHandle", "wintrust.dll.CryptCATAdminAcquireContext", "wintrust.dll.CryptCATAdminEnumCatalogFromHash", "wintrust.dll.CryptCATCatalogInfoFromContext", "wintrust.dll.CryptCATAdminReleaseCatalogContext", "wintrust.dll.CryptCATAdminReleaseContext", "crypt32.dll.CertCloseStore", "crypt32.dll.CertFindCertificateInStore", "crypt32.dll.CertFreeCertificateContext", "crypt32.dll.CertGetCertificateContextProperty", "crypt32.dll.CertGetNameStringW", "crypt32.dll.CertVerifyCertificateChainPolicy", "crypt32.dll.CryptDecodeObject", "crypt32.dll.CryptMsgClose", "crypt32.dll.CryptMsgGetParam", "crypt32.dll.CryptQueryObject", "kernel32.dll.CreateThreadpoolIo", "kernel32.dll.CloseThreadpoolIo", "kernel32.dll.StartThreadpoolIo", "kernel32.dll.CancelThreadpoolIo", "kernel32.dll.WaitForThreadpoolIoCallbacks", "ws2_32.dll.WSAStartup", "ws2_32.dll.WSACleanup", "ws2_32.dll.WSAGetLastError", "ws2_32.dll.WSCUpdateProvider", "ws2_32.dll.WSCEnumProtocols", "ws2_32.dll.WSCInstallProvider", "ws2_32.dll.WSCDeinstallProvider", "ws2_32.dll.WSCWriteProviderOrder", "ws2_32.dll.WSCGetProviderPath", "ws2_32.dll.WSAEnumNameSpaceProvidersW", "ws2_32.dll.WSCUnInstallNameSpace", "ws2_32.dll.WSCUpdateProvider32", "ws2_32.dll.WSCEnumProtocols32", "ws2_32.dll.WSCGetProviderPath32", "ws2_32.dll.WSCUnInstallNameSpace32", "ws2_32.dll.WSCWriteProviderOrder32", "ws2_32.dll.WSCInstallProvider64_32", "ws2_32.dll.WSCDeinstallProvider32", "rpcrt4.dll.I_RpcBindingInqLocalClientPID", "rpcrt4.dll.RpcServerUnregisterIfEx", "wscapi.dll.WscRegisterForChanges", "urlmon.dll.DllCanUnloadNow", "urlmon.dll.IEDllLoader", "urlmon.dll.CoInternetCreateZoneManager", "urlmon.dll.CoInternetGetSession", "urlmon.dll.CopyBindInfo", "urlmon.dll.CreateURLMoniker", "urlmon.dll.RegisterBindStatusCallback", "urlmon.dll.ReleaseBindInfo", "urlmon.dll.RevokeBindStatusCallback", "urlmon.dll.UrlMkGetSessionOption", "urlmon.dll.CoInternetCreateSecurityManager", "urlmon.dll.CreateUri", "urlmon.dll.CoInternetCombineUrl", "urlmon.dll.CoInternetGetSecurityUrl", "urlmon.dll.IsValidURL", "wininet.dll.InternetCrackUrlW", "wininet.dll.InternetCreateUrlW", "kernel32.dll.InitializeSRWLock", "kernel32.dll.AcquireSRWLockExclusive", "kernel32.dll.AcquireSRWLockShared", "kernel32.dll.ReleaseSRWLockExclusive", "kernel32.dll.ReleaseSRWLockShared", "advapi32.dll.AddMandatoryAce", "ole32.dll.CoGetClassObject", "ole32.dll.CoGetMarshalSizeMax", "ole32.dll.CoMarshalInterface", "ole32.dll.CoUnmarshalInterface", "ole32.dll.StringFromIID", "ole32.dll.CoGetPSClsid", "ole32.dll.CoTaskMemFree", "ole32.dll.CoReleaseMarshalData", "ole32.dll.DcomChannelSetHResult", "wscisvif.dll.DllGetClassObject", "wscisvif.dll.DllCanUnloadNow", "wscproxystub.dll.DllGetClassObject", "wscproxystub.dll.DllCanUnloadNow", "psapi.dll.EnumPageFilesW", "psapi.dll.EnumProcessModules", "psapi.dll.EnumProcesses", "psapi.dll.GetModuleBaseNameW", "psapi.dll.GetModuleFileNameExW", "psapi.dll.GetModuleInformation", "psapi.dll.GetProcessImageFileNameW", "psapi.dll.GetProcessMemoryInfo", "ole32.dll.CLSIDFromOle1Class", "clbcatq.dll.GetCatalogObject", "clbcatq.dll.GetCatalogObject2", "ole32.dll.NdrOleInitializeExtension", "oleaut32.dll.DllGetClassObject", "oleaut32.dll.DllCanUnloadNow", "sxs.dll.SxsOleAut32MapIIDToProxyStubCLSID", "sxs.dll.SxsOleAut32MapIIDToTLBPath", "advapi32.dll.RegEnumKeyW", "mscoree.dll.GetProcessExecutableHeap", "mscorwks.dll.NGenCreateNGenWorker", "mscorwks.dll.GetCLRFunction", "mscoree.dll.GetCORSystemDirectory", "mscoree.dll.IEE", "mscorwks.dll.IEE", "mscoree.dll.GetStartupFlags", "mscoree.dll.GetHostConfigurationFile", "ntdll.dll.RtlVirtualUnwind", "kernel32.dll.AddVectoredContinueHandler", "kernel32.dll.RemoveVectoredContinueHandler", "shell32.dll.SHGetFolderPathW", "kernel32.dll.GetWriteWatch", "kernel32.dll.ResetWriteWatch", "kernel32.dll.CreateMemoryResourceNotification", "kernel32.dll.QueryMemoryResourceNotification", "mscorjit.dll.getJit", "oleaut32.dll.#2", "oleaut32.dll.#7", "ole32.dll.CoCreateGuid", "oleaut32.dll.#6", "kernel32.dll.GetUserDefaultUILanguage", "advapi32.dll.CryptAcquireContextA", "advapi32.dll.CryptGetHashParam", "advapi32.dll.CryptExportKey", "advapi32.dll.CryptGenKey", "advapi32.dll.CryptGetKeyParam", "advapi32.dll.CryptVerifySignatureA", "advapi32.dll.CryptSignHashA", "advapi32.dll.CryptGetProvParam", "advapi32.dll.CryptGetUserKey", "advapi32.dll.CryptEnumProvidersA", "version.dll.GetFileVersionInfoSizeW", "version.dll.GetFileVersionInfoW", "version.dll.VerQueryValueW", "oleaut32.dll.#411", "oleaut32.dll.#26", "kernel32.dll.CreateActCtxW", "kernel32.dll.AddRefActCtx", "kernel32.dll.ReleaseActCtx", "kernel32.dll.ActivateActCtx", "kernel32.dll.DeactivateActCtx", "kernel32.dll.GetCurrentActCtx", "kernel32.dll.QueryActCtxW", "mscoree.dll.CorExitProcess", "mscorwks.dll.CorExitProcess", "mscoree.dll.GetMetaDataInternalInterface", "mscorwks.dll.GetMetaDataInternalInterface", "oleaut32.dll.#19", "oleaut32.dll.#23", "oleaut32.dll.#24", "ole32.dll.CoGetContextToken", "ole32.dll.CoWaitForMultipleHandles", "mscoree.dll.GetTokenForVTableEntry", "mscoree.dll.SetTargetForVTableEntry", "mscoree.dll.GetTargetForVTableEntry", "mscorwks.dll._CorDllMain", "ole32.dll.IIDFromString", "advapi32.dll.RegDeleteKeyExW", "kernel32.dll.ProcessIdToSessionId", "imm32.dll.ImmCreateContext", "imm32.dll.ImmDestroyContext", "imm32.dll.ImmNotifyIME", "imm32.dll.ImmGetCompositionStringA", "imm32.dll.ImmSetCompositionStringA", "imm32.dll.ImmGetCompositionStringW", "imm32.dll.ImmSetCompositionStringW", "imm32.dll.ImmSetCandidateWindow", "mscorsec.dll.GetPublisher", "mscoree.dll.CoInitializeEE", "mscorwks.dll.CoInitializeEE", "mscorsec.dll.CORPolicyEE", "wersvc.dll.ServiceMain", "wersvc.dll.SvchostPushServiceGlobals", "advapi32.dll.RegGetValueW", "sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW", "faultrep.dll.WerpInitiateCrashReporting", "wer.dll.WerpCreateMachineStore", "shell32.dll.SHGetFolderPathEx", "ole32.dll.StringFromGUID2", "profapi.dll.#104", "userenv.dll.CreateEnvironmentBlock", "userenv.dll.DestroyEnvironmentBlock", "w32time.dll.SvchostEntry_W32Time", "w32time.dll.SvchostPushServiceGlobals", "dsrole.dll.DsRoleGetPrimaryDomainInformation", "dsrole.dll.DsRoleFreeMemory", "sspicli.dll.LsaRegisterPolicyChangeNotification", "w32time.dll.TimeProvClose", "w32time.dll.TimeProvCommand", "w32time.dll.TimeProvOpen", "ws2_32.dll.getaddrinfo", "ws2_32.dll.freeaddrinfo", "ws2_32.dll.#23", "ws2_32.dll.#21", "ws2_32.dll.#2", "ws2_32.dll.WSAEventSelect", "vmictimeprovider.dll.TimeProvClose", "vmictimeprovider.dll.TimeProvCommand", "vmictimeprovider.dll.TimeProvOpen", "ws2_32.dll.GetAddrInfoW", "ws2_32.dll.FreeAddrInfoW", "ws2_32.dll.WSAAddressToStringW", "ws2_32.dll.#3", "sspicli.dll.LsaUnregisterPolicyChangeNotification", "userenv.dll.UnregisterGPNotification", "gpapi.dll.UnregisterGPNotificationInternal", "imm32.dll.ImmDisableIME", "wer.dll.WerpCreateIntegratorReportId", "wer.dll.WerReportCreate", "wer.dll.WerpSetIntegratorReportId", "wer.dll.WerReportSetParameter", "dbgeng.dll.DebugCreate", "ntdll.dll.CsrGetProcessId", "ntdll.dll.DbgBreakPoint", "ntdll.dll.DbgPrint", "ntdll.dll.DbgPrompt", "ntdll.dll.DbgUiConvertStateChangeStructure", "ntdll.dll.DbgUiGetThreadDebugObject", "ntdll.dll.DbgUiIssueRemoteBreakin", "ntdll.dll.DbgUiSetThreadDebugObject", "ntdll.dll.NtAllocateVirtualMemory", "ntdll.dll.NtCreateDebugObject", "ntdll.dll.NtDebugActiveProcess", "ntdll.dll.NtDebugContinue", "ntdll.dll.NtFreeVirtualMemory", "ntdll.dll.NtOpenProcess", "ntdll.dll.NtOpenThread", "ntdll.dll.NtQueryMutant", "ntdll.dll.NtQueryObject", "ntdll.dll.NtRemoveProcessDebug", "ntdll.dll.NtResumeThread", "ntdll.dll.NtSetInformationDebugObject", "ntdll.dll.NtSetInformationProcess", "ntdll.dll.NtSystemDebugControl", "ntdll.dll.NtWaitForDebugEvent", "ntdll.dll.RtlAnsiStringToUnicodeString", "ntdll.dll.RtlCreateProcessParameters", "ntdll.dll.RtlCreateUserProcess", "ntdll.dll.RtlDestroyProcessParameters", "ntdll.dll.RtlDosPathNameToNtPathName_U", "ntdll.dll.RtlFindMessage", "ntdll.dll.RtlFreeHeap", "ntdll.dll.RtlFreeUnicodeString", "ntdll.dll.RtlGetFunctionTableListHead", "ntdll.dll.RtlGetUnloadEventTrace", "ntdll.dll.RtlGetUnloadEventTraceEx", "ntdll.dll.RtlInitAnsiString", "ntdll.dll.RtlTryEnterCriticalSection", "ntdll.dll.RtlUnicodeStringToAnsiString", "ntdll.dll.NtOpenProcessToken", "ntdll.dll.NtOpenThreadToken", "ntdll.dll.NtQueryInformationToken", "kernel32.dll.CloseProfileUserMapping", "kernel32.dll.DebugActiveProcessStop", "kernel32.dll.DebugBreak", "kernel32.dll.DebugBreakProcess", "kernel32.dll.DebugSetProcessKillOnExit", "kernel32.dll.Module32First", "kernel32.dll.Module32Next", "kernel32.dll.Process32First", "kernel32.dll.Process32FirstW", "kernel32.dll.Process32Next", "kernel32.dll.Process32NextW", "kernel32.dll.SetProcessShutdownParameters", "kernel32.dll.Wow64GetThreadSelectorEntry", "advapi32.dll.CreateServiceA", "advapi32.dll.EnumServicesStatusExA", "advapi32.dll.GetEventLogInformation", "advapi32.dll.OpenSCManagerA", "advapi32.dll.OpenServiceA", "advapi32.dll.StartServiceA", "advapi32.dll.GetSidSubAuthority", "advapi32.dll.GetSidSubAuthorityCount", "version.dll.GetFileVersionInfoSizeExW", "version.dll.GetFileVersionInfoExW", "dbghelp.dll.WinDbgExtensionDllInit", "dbghelp.dll.ExtensionApiVersion", "ntdll.dll.RtlDllShutdownInProgress" ] [*] Static Analysis: { "pe": { "peid_signatures": null, "imports": [ { "imports": [ { "name": "WSACleanup", "address": "0x48f7c8" }, { "name": "socket", "address": "0x48f7cc" }, { "name": "inet_ntoa", "address": "0x48f7d0" }, { "name": "setsockopt", "address": "0x48f7d4" }, { "name": "ntohs", "address": "0x48f7d8" }, { "name": "recvfrom", "address": "0x48f7dc" }, { "name": "ioctlsocket", "address": "0x48f7e0" }, { "name": "htons", "address": "0x48f7e4" }, { "name": "WSAStartup", "address": "0x48f7e8" }, { "name": "__WSAFDIsSet", "address": "0x48f7ec" }, { "name": "select", "address": "0x48f7f0" }, { "name": "accept", "address": "0x48f7f4" }, { "name": "listen", "address": "0x48f7f8" }, { "name": "bind", "address": "0x48f7fc" }, { "name": "closesocket", "address": "0x48f800" }, { "name": "WSAGetLastError", "address": "0x48f804" }, { "name": "recv", "address": "0x48f808" }, { "name": "sendto", "address": "0x48f80c" }, { "name": "send", "address": "0x48f810" }, { "name": "inet_addr", "address": "0x48f814" }, { "name": "gethostbyname", "address": "0x48f818" }, { "name": "gethostname", "address": "0x48f81c" }, { "name": "connect", "address": "0x48f820" } ], "dll": "WSOCK32.dll" }, { "imports": [ { "name": "GetFileVersionInfoW", "address": "0x48f76c" }, { "name": "GetFileVersionInfoSizeW", "address": "0x48f770" }, { "name": "VerQueryValueW", "address": "0x48f774" } ], "dll": "VERSION.dll" }, { "imports": [ { "name": "timeGetTime", "address": "0x48f7b8" }, { "name": "waveOutSetVolume", "address": "0x48f7bc" }, { "name": "mciSendStringW", "address": "0x48f7c0" } ], "dll": "WINMM.dll" }, { "imports": [ { "name": "ImageList_ReplaceIcon", "address": "0x48f088" }, { "name": "ImageList_Destroy", "address": "0x48f08c" }, { "name": "ImageList_Remove", "address": "0x48f090" }, { "name": "ImageList_SetDragCursorImage", "address": "0x48f094" }, { "name": "ImageList_BeginDrag", "address": "0x48f098" }, { "name": "ImageList_DragEnter", "address": "0x48f09c" }, { "name": "ImageList_DragLeave", "address": "0x48f0a0" }, { "name": "ImageList_EndDrag", "address": "0x48f0a4" }, { "name": "ImageList_DragMove", "address": "0x48f0a8" }, { "name": "InitCommonControlsEx", "address": "0x48f0ac" }, { "name": "ImageList_Create", "address": "0x48f0b0" } ], "dll": "COMCTL32.dll" }, { "imports": [ { "name": "WNetUseConnectionW", "address": "0x48f3f8" }, { "name": "WNetCancelConnection2W", "address": "0x48f3fc" }, { "name": "WNetGetConnectionW", "address": "0x48f400" }, { "name": "WNetAddConnection2W", "address": "0x48f404" } ], "dll": "MPR.dll" }, { "imports": [ { "name": "InternetQueryDataAvailable", "address": "0x48f77c" }, { "name": "InternetCloseHandle", "address": "0x48f780" }, { "name": "InternetOpenW", "address": "0x48f784" }, { "name": "InternetSetOptionW", "address": "0x48f788" }, { "name": "InternetCrackUrlW", "address": "0x48f78c" }, { "name": "HttpQueryInfoW", "address": "0x48f790" }, { "name": "InternetQueryOptionW", "address": "0x48f794" }, { "name": "HttpOpenRequestW", "address": "0x48f798" }, { "name": "HttpSendRequestW", "address": "0x48f79c" }, { "name": "FtpOpenFileW", "address": "0x48f7a0" }, { "name": "FtpGetFileSize", "address": "0x48f7a4" }, { "name": "InternetOpenUrlW", "address": "0x48f7a8" }, { "name": "InternetReadFile", "address": "0x48f7ac" }, { "name": "InternetConnectW", "address": "0x48f7b0" } ], "dll": "WININET.dll" }, { "imports": [ { "name": "GetProcessMemoryInfo", "address": "0x48f484" } ], "dll": "PSAPI.DLL" }, { "imports": [ { "name": "IcmpCreateFile", "address": "0x48f154" }, { "name": "IcmpCloseHandle", "address": "0x48f158" }, { "name": "IcmpSendEcho", "address": "0x48f15c" } ], "dll": "IPHLPAPI.DLL" }, { "imports": [ { "name": "DestroyEnvironmentBlock", "address": "0x48f750" }, { "name": "UnloadUserProfile", "address": "0x48f754" }, { "name": "CreateEnvironmentBlock", "address": "0x48f758" }, { "name": "LoadUserProfileW", "address": "0x48f75c" } ], "dll": "USERENV.dll" }, { "imports": [ { "name": "IsThemeActive", "address": "0x48f764" } ], "dll": "UxTheme.dll" }, { "imports": [ { "name": "DuplicateHandle", "address": "0x48f164" }, { "name": "CreateThread", "address": "0x48f168" }, { "name": "WaitForSingleObject", "address": "0x48f16c" }, { "name": "HeapAlloc", "address": "0x48f170" }, { "name": "GetProcessHeap", "address": "0x48f174" }, { "name": "HeapFree", "address": "0x48f178" }, { "name": "Sleep", "address": "0x48f17c" }, { "name": "GetCurrentThreadId", "address": "0x48f180" }, { "name": "MultiByteToWideChar", "address": "0x48f184" }, { "name": "MulDiv", "address": "0x48f188" }, { "name": "GetVersionExW", "address": "0x48f18c" }, { "name": "IsWow64Process", "address": "0x48f190" }, { "name": "GetSystemInfo", "address": "0x48f194" }, { "name": "FreeLibrary", "address": "0x48f198" }, { "name": "LoadLibraryA", "address": "0x48f19c" }, { "name": "GetProcAddress", "address": "0x48f1a0" }, { "name": "SetErrorMode", "address": "0x48f1a4" }, { "name": "GetModuleFileNameW", "address": "0x48f1a8" }, { "name": "WideCharToMultiByte", "address": "0x48f1ac" }, { "name": "lstrcpyW", "address": "0x48f1b0" }, { "name": "lstrlenW", "address": "0x48f1b4" }, { "name": "GetModuleHandleW", "address": "0x48f1b8" }, { "name": "QueryPerformanceCounter", "address": "0x48f1bc" }, { "name": "VirtualFreeEx", "address": "0x48f1c0" }, { "name": "OpenProcess", "address": "0x48f1c4" }, { "name": "VirtualAllocEx", "address": "0x48f1c8" }, { "name": "WriteProcessMemory", "address": "0x48f1cc" }, { "name": "ReadProcessMemory", "address": "0x48f1d0" }, { "name": "CreateFileW", "address": "0x48f1d4" }, { "name": "SetFilePointerEx", "address": "0x48f1d8" }, { "name": "SetEndOfFile", "address": "0x48f1dc" }, { "name": "ReadFile", "address": "0x48f1e0" }, { "name": "WriteFile", "address": "0x48f1e4" }, { "name": "FlushFileBuffers", "address": "0x48f1e8" }, { "name": "TerminateProcess", "address": "0x48f1ec" }, { "name": "CreateToolhelp32Snapshot", "address": "0x48f1f0" }, { "name": "Process32FirstW", "address": "0x48f1f4" }, { "name": "Process32NextW", "address": "0x48f1f8" }, { "name": "SetFileTime", "address": "0x48f1fc" }, { "name": "GetFileAttributesW", "address": "0x48f200" }, { "name": "FindFirstFileW", "address": "0x48f204" }, { "name": "SetCurrentDirectoryW", "address": "0x48f208" }, { "name": "GetLongPathNameW", "address": "0x48f20c" }, { "name": "GetShortPathNameW", "address": "0x48f210" }, { "name": "DeleteFileW", "address": "0x48f214" }, { "name": "FindNextFileW", "address": "0x48f218" }, { "name": "CopyFileExW", "address": "0x48f21c" }, { "name": "MoveFileW", "address": "0x48f220" }, { "name": "CreateDirectoryW", "address": "0x48f224" }, { "name": "RemoveDirectoryW", "address": "0x48f228" }, { "name": "SetSystemPowerState", "address": "0x48f22c" }, { "name": "QueryPerformanceFrequency", "address": "0x48f230" }, { "name": "FindResourceW", "address": "0x48f234" }, { "name": "LoadResource", "address": "0x48f238" }, { "name": "LockResource", "address": "0x48f23c" }, { "name": "SizeofResource", "address": "0x48f240" }, { "name": "EnumResourceNamesW", "address": "0x48f244" }, { "name": "OutputDebugStringW", "address": "0x48f248" }, { "name": "GetTempPathW", "address": "0x48f24c" }, { "name": "GetTempFileNameW", "address": "0x48f250" }, { "name": "DeviceIoControl", "address": "0x48f254" }, { "name": "GetLocalTime", "address": "0x48f258" }, { "name": "CompareStringW", "address": "0x48f25c" }, { "name": "GetCurrentProcess", "address": "0x48f260" }, { "name": "EnterCriticalSection", "address": "0x48f264" }, { "name": "LeaveCriticalSection", "address": "0x48f268" }, { "name": "GetStdHandle", "address": "0x48f26c" }, { "name": "CreatePipe", "address": "0x48f270" }, { "name": "InterlockedExchange", "address": "0x48f274" }, { "name": "TerminateThread", "address": "0x48f278" }, { "name": "LoadLibraryExW", "address": "0x48f27c" }, { "name": "FindResourceExW", "address": "0x48f280" }, { "name": "CopyFileW", "address": "0x48f284" }, { "name": "VirtualFree", "address": "0x48f288" }, { "name": "FormatMessageW", "address": "0x48f28c" }, { "name": "GetExitCodeProcess", "address": "0x48f290" }, { "name": "GetPrivateProfileStringW", "address": "0x48f294" }, { "name": "WritePrivateProfileStringW", "address": "0x48f298" }, { "name": "GetPrivateProfileSectionW", "address": "0x48f29c" }, { "name": "WritePrivateProfileSectionW", "address": "0x48f2a0" }, { "name": "GetPrivateProfileSectionNamesW", "address": "0x48f2a4" }, { "name": "FileTimeToLocalFileTime", "address": "0x48f2a8" }, { "name": "FileTimeToSystemTime", "address": "0x48f2ac" }, { "name": "SystemTimeToFileTime", "address": "0x48f2b0" }, { "name": "LocalFileTimeToFileTime", "address": "0x48f2b4" }, { "name": "GetDriveTypeW", "address": "0x48f2b8" }, { "name": "GetDiskFreeSpaceExW", "address": "0x48f2bc" }, { "name": "GetDiskFreeSpaceW", "address": "0x48f2c0" }, { "name": "GetVolumeInformationW", "address": "0x48f2c4" }, { "name": "SetVolumeLabelW", "address": "0x48f2c8" }, { "name": "CreateHardLinkW", "address": "0x48f2cc" }, { "name": "SetFileAttributesW", "address": "0x48f2d0" }, { "name": "CreateEventW", "address": "0x48f2d4" }, { "name": "SetEvent", "address": "0x48f2d8" }, { "name": "GetEnvironmentVariableW", "address": "0x48f2dc" }, { "name": "SetEnvironmentVariableW", "address": "0x48f2e0" }, { "name": "GlobalLock", "address": "0x48f2e4" }, { "name": "GlobalUnlock", "address": "0x48f2e8" }, { "name": "GlobalAlloc", "address": "0x48f2ec" }, { "name": "GetFileSize", "address": "0x48f2f0" }, { "name": "GlobalFree", "address": "0x48f2f4" }, { "name": "GlobalMemoryStatusEx", "address": "0x48f2f8" }, { "name": "Beep", "address": "0x48f2fc" }, { "name": "GetSystemDirectoryW", "address": "0x48f300" }, { "name": "HeapReAlloc", "address": "0x48f304" }, { "name": "HeapSize", "address": "0x48f308" }, { "name": "GetComputerNameW", "address": "0x48f30c" }, { "name": "GetWindowsDirectoryW", "address": "0x48f310" }, { "name": "GetCurrentProcessId", "address": "0x48f314" }, { "name": "GetProcessIoCounters", "address": "0x48f318" }, { "name": "CreateProcessW", "address": "0x48f31c" }, { "name": "GetProcessId", "address": "0x48f320" }, { "name": "SetPriorityClass", "address": "0x48f324" }, { "name": "LoadLibraryW", "address": "0x48f328" }, { "name": "VirtualAlloc", "address": "0x48f32c" }, { "name": "IsDebuggerPresent", "address": "0x48f330" }, { "name": "GetCurrentDirectoryW", "address": "0x48f334" }, { "name": "lstrcmpiW", "address": "0x48f338" }, { "name": "DecodePointer", "address": "0x48f33c" }, { "name": "GetLastError", "address": "0x48f340" }, { "name": "RaiseException", "address": "0x48f344" }, { "name": "InitializeCriticalSectionAndSpinCount", "address": "0x48f348" }, { "name": "DeleteCriticalSection", "address": "0x48f34c" }, { "name": "InterlockedDecrement", "address": "0x48f350" }, { "name": "InterlockedIncrement", "address": "0x48f354" }, { "name": "GetCurrentThread", "address": "0x48f358" }, { "name": "CloseHandle", "address": "0x48f35c" }, { "name": "GetFullPathNameW", "address": "0x48f360" }, { "name": "EncodePointer", "address": "0x48f364" }, { "name": "ExitProcess", "address": "0x48f368" }, { "name": "GetModuleHandleExW", "address": "0x48f36c" }, { "name": "ExitThread", "address": "0x48f370" }, { "name": "GetSystemTimeAsFileTime", "address": "0x48f374" }, { "name": "ResumeThread", "address": "0x48f378" }, { "name": "GetCommandLineW", "address": "0x48f37c" }, { "name": "IsProcessorFeaturePresent", "address": "0x48f380" }, { "name": "IsValidCodePage", "address": "0x48f384" }, { "name": "GetACP", "address": "0x48f388" }, { "name": "GetOEMCP", "address": "0x48f38c" }, { "name": "GetCPInfo", "address": "0x48f390" }, { "name": "SetLastError", "address": "0x48f394" }, { "name": "UnhandledExceptionFilter", "address": "0x48f398" }, { "name": "SetUnhandledExceptionFilter", "address": "0x48f39c" }, { "name": "TlsAlloc", "address": "0x48f3a0" }, { "name": "TlsGetValue", "address": "0x48f3a4" }, { "name": "TlsSetValue", "address": "0x48f3a8" }, { "name": "TlsFree", "address": "0x48f3ac" }, { "name": "GetStartupInfoW", "address": "0x48f3b0" }, { "name": "GetStringTypeW", "address": "0x48f3b4" }, { "name": "SetStdHandle", "address": "0x48f3b8" }, { "name": "GetFileType", "address": "0x48f3bc" }, { "name": "GetConsoleCP", "address": "0x48f3c0" }, { "name": "GetConsoleMode", "address": "0x48f3c4" }, { "name": "RtlUnwind", "address": "0x48f3c8" }, { "name": "ReadConsoleW", "address": "0x48f3cc" }, { "name": "GetTimeZoneInformation", "address": "0x48f3d0" }, { "name": "GetDateFormatW", "address": "0x48f3d4" }, { "name": "GetTimeFormatW", "address": "0x48f3d8" }, { "name": "LCMapStringW", "address": "0x48f3dc" }, { "name": "GetEnvironmentStringsW", "address": "0x48f3e0" }, { "name": "FreeEnvironmentStringsW", "address": "0x48f3e4" }, { "name": "WriteConsoleW", "address": "0x48f3e8" }, { "name": "FindClose", "address": "0x48f3ec" }, { "name": "SetEnvironmentVariableA", "address": "0x48f3f0" } ], "dll": "KERNEL32.dll" }, { "imports": [ { "name": "AdjustWindowRectEx", "address": "0x48f4cc" }, { "name": "CopyImage", "address": "0x48f4d0" }, { "name": "SetWindowPos", "address": "0x48f4d4" }, { "name": "GetCursorInfo", "address": "0x48f4d8" }, { "name": "RegisterHotKey", "address": "0x48f4dc" }, { "name": "ClientToScreen", "address": "0x48f4e0" }, { "name": "GetKeyboardLayoutNameW", "address": "0x48f4e4" }, { "name": "IsCharAlphaW", "address": "0x48f4e8" }, { "name": "IsCharAlphaNumericW", "address": "0x48f4ec" }, { "name": "IsCharLowerW", "address": "0x48f4f0" }, { "name": "IsCharUpperW", "address": "0x48f4f4" }, { "name": "GetMenuStringW", "address": "0x48f4f8" }, { "name": "GetSubMenu", "address": "0x48f4fc" }, { "name": "GetCaretPos", "address": "0x48f500" }, { "name": "IsZoomed", "address": "0x48f504" }, { "name": "MonitorFromPoint", "address": "0x48f508" }, { "name": "GetMonitorInfoW", "address": "0x48f50c" }, { "name": "SetWindowLongW", "address": "0x48f510" }, { "name": "SetLayeredWindowAttributes", "address": "0x48f514" }, { "name": "FlashWindow", "address": "0x48f518" }, { "name": "GetClassLongW", "address": "0x48f51c" }, { "name": "TranslateAcceleratorW", "address": "0x48f520" }, { "name": "IsDialogMessageW", "address": "0x48f524" }, { "name": "GetSysColor", "address": "0x48f528" }, { "name": "InflateRect", "address": "0x48f52c" }, { "name": "DrawFocusRect", "address": "0x48f530" }, { "name": "DrawTextW", "address": "0x48f534" }, { "name": "FrameRect", "address": "0x48f538" }, { "name": "DrawFrameControl", "address": "0x48f53c" }, { "name": "FillRect", "address": "0x48f540" }, { "name": "PtInRect", "address": "0x48f544" }, { "name": "DestroyAcceleratorTable", "address": "0x48f548" }, { "name": "CreateAcceleratorTableW", "address": "0x48f54c" }, { "name": "SetCursor", "address": "0x48f550" }, { "name": "GetWindowDC", "address": "0x48f554" }, { "name": "GetSystemMetrics", "address": "0x48f558" }, { "name": "GetActiveWindow", "address": "0x48f55c" }, { "name": "CharNextW", "address": "0x48f560" }, { "name": "wsprintfW", "address": "0x48f564" }, { "name": "RedrawWindow", "address": "0x48f568" }, { "name": "DrawMenuBar", "address": "0x48f56c" }, { "name": "DestroyMenu", "address": "0x48f570" }, { "name": "SetMenu", "address": "0x48f574" }, { "name": "GetWindowTextLengthW", "address": "0x48f578" }, { "name": "CreateMenu", "address": "0x48f57c" }, { "name": "IsDlgButtonChecked", "address": "0x48f580" }, { "name": "DefDlgProcW", "address": "0x48f584" }, { "name": "CallWindowProcW", "address": "0x48f588" }, { "name": "ReleaseCapture", "address": "0x48f58c" }, { "name": "SetCapture", "address": "0x48f590" }, { "name": "CreateIconFromResourceEx", "address": "0x48f594" }, { "name": "mouse_event", "address": "0x48f598" }, { "name": "ExitWindowsEx", "address": "0x48f59c" }, { "name": "SetActiveWindow", "address": "0x48f5a0" }, { "name": "FindWindowExW", "address": "0x48f5a4" }, { "name": "EnumThreadWindows", "address": "0x48f5a8" }, { "name": "SetMenuDefaultItem", "address": "0x48f5ac" }, { "name": "InsertMenuItemW", "address": "0x48f5b0" }, { "name": "IsMenu", "address": "0x48f5b4" }, { "name": "TrackPopupMenuEx", "address": "0x48f5b8" }, { "name": "GetCursorPos", "address": "0x48f5bc" }, { "name": "DeleteMenu", "address": "0x48f5c0" }, { "name": "SetRect", "address": "0x48f5c4" }, { "name": "GetMenuItemID", "address": "0x48f5c8" }, { "name": "GetMenuItemCount", "address": "0x48f5cc" }, { "name": "SetMenuItemInfoW", "address": "0x48f5d0" }, { "name": "GetMenuItemInfoW", "address": "0x48f5d4" }, { "name": "SetForegroundWindow", "address": "0x48f5d8" }, { "name": "IsIconic", "address": "0x48f5dc" }, { "name": "FindWindowW", "address": "0x48f5e0" }, { "name": "MonitorFromRect", "address": "0x48f5e4" }, { "name": "keybd_event", "address": "0x48f5e8" }, { "name": "SendInput", "address": "0x48f5ec" }, { "name": "GetAsyncKeyState", "address": "0x48f5f0" }, { "name": "SetKeyboardState", "address": "0x48f5f4" }, { "name": "GetKeyboardState", "address": "0x48f5f8" }, { "name": "GetKeyState", "address": "0x48f5fc" }, { "name": "VkKeyScanW", "address": "0x48f600" }, { "name": "LoadStringW", "address": "0x48f604" }, { "name": "DialogBoxParamW", "address": "0x48f608" }, { "name": "MessageBeep", "address": "0x48f60c" }, { "name": "EndDialog", "address": "0x48f610" }, { "name": "SendDlgItemMessageW", "address": "0x48f614" }, { "name": "GetDlgItem", "address": "0x48f618" }, { "name": "SetWindowTextW", "address": "0x48f61c" }, { "name": "CopyRect", "address": "0x48f620" }, { "name": "ReleaseDC", "address": "0x48f624" }, { "name": "GetDC", "address": "0x48f628" }, { "name": "EndPaint", "address": "0x48f62c" }, { "name": "BeginPaint", "address": "0x48f630" }, { "name": "GetClientRect", "address": "0x48f634" }, { "name": "GetMenu", "address": "0x48f638" }, { "name": "DestroyWindow", "address": "0x48f63c" }, { "name": "EnumWindows", "address": "0x48f640" }, { "name": "GetDesktopWindow", "address": "0x48f644" }, { "name": "IsWindow", "address": "0x48f648" }, { "name": "IsWindowEnabled", "address": "0x48f64c" }, { "name": "IsWindowVisible", "address": "0x48f650" }, { "name": "EnableWindow", "address": "0x48f654" }, { "name": "InvalidateRect", "address": "0x48f658" }, { "name": "GetWindowLongW", "address": "0x48f65c" }, { "name": "GetWindowThreadProcessId", "address": "0x48f660" }, { "name": "AttachThreadInput", "address": "0x48f664" }, { "name": "GetFocus", "address": "0x48f668" }, { "name": "GetWindowTextW", "address": "0x48f66c" }, { "name": "ScreenToClient", "address": "0x48f670" }, { "name": "SendMessageTimeoutW", "address": "0x48f674" }, { "name": "EnumChildWindows", "address": "0x48f678" }, { "name": "CharUpperBuffW", "address": "0x48f67c" }, { "name": "GetParent", "address": "0x48f680" }, { "name": "GetDlgCtrlID", "address": "0x48f684" }, { "name": "SendMessageW", "address": "0x48f688" }, { "name": "MapVirtualKeyW", "address": "0x48f68c" }, { "name": "PostMessageW", "address": "0x48f690" }, { "name": "GetWindowRect", "address": "0x48f694" }, { "name": "SetUserObjectSecurity", "address": "0x48f698" }, { "name": "CloseDesktop", "address": "0x48f69c" }, { "name": "CloseWindowStation", "address": "0x48f6a0" }, { "name": "OpenDesktopW", "address": "0x48f6a4" }, { "name": "SetProcessWindowStation", "address": "0x48f6a8" }, { "name": "GetProcessWindowStation", "address": "0x48f6ac" }, { "name": "OpenWindowStationW", "address": "0x48f6b0" }, { "name": "GetUserObjectSecurity", "address": "0x48f6b4" }, { "name": "MessageBoxW", "address": "0x48f6b8" }, { "name": "DefWindowProcW", "address": "0x48f6bc" }, { "name": "SetClipboardData", "address": "0x48f6c0" }, { "name": "EmptyClipboard", "address": "0x48f6c4" }, { "name": "CountClipboardFormats", "address": "0x48f6c8" }, { "name": "CloseClipboard", "address": "0x48f6cc" }, { "name": "GetClipboardData", "address": "0x48f6d0" }, { "name": "IsClipboardFormatAvailable", "address": "0x48f6d4" }, { "name": "OpenClipboard", "address": "0x48f6d8" }, { "name": "BlockInput", "address": "0x48f6dc" }, { "name": "GetMessageW", "address": "0x48f6e0" }, { "name": "LockWindowUpdate", "address": "0x48f6e4" }, { "name": "DispatchMessageW", "address": "0x48f6e8" }, { "name": "TranslateMessage", "address": "0x48f6ec" }, { "name": "PeekMessageW", "address": "0x48f6f0" }, { "name": "UnregisterHotKey", "address": "0x48f6f4" }, { "name": "CheckMenuRadioItem", "address": "0x48f6f8" }, { "name": "CharLowerBuffW", "address": "0x48f6fc" }, { "name": "MoveWindow", "address": "0x48f700" }, { "name": "SetFocus", "address": "0x48f704" }, { "name": "PostQuitMessage", "address": "0x48f708" }, { "name": "KillTimer", "address": "0x48f70c" }, { "name": "CreatePopupMenu", "address": "0x48f710" }, { "name": "RegisterWindowMessageW", "address": "0x48f714" }, { "name": "SetTimer", "address": "0x48f718" }, { "name": "ShowWindow", "address": "0x48f71c" }, { "name": "CreateWindowExW", "address": "0x48f720" }, { "name": "RegisterClassExW", "address": "0x48f724" }, { "name": "LoadIconW", "address": "0x48f728" }, { "name": "LoadCursorW", "address": "0x48f72c" }, { "name": "GetSysColorBrush", "address": "0x48f730" }, { "name": "GetForegroundWindow", "address": "0x48f734" }, { "name": "MessageBoxA", "address": "0x48f738" }, { "name": "DestroyIcon", "address": "0x48f73c" }, { "name": "SystemParametersInfoW", "address": "0x48f740" }, { "name": "LoadImageW", "address": "0x48f744" }, { "name": "GetClassNameW", "address": "0x48f748" } ], "dll": "USER32.dll" }, { "imports": [ { "name": "StrokePath", "address": "0x48f0c4" }, { "name": "DeleteObject", "address": "0x48f0c8" }, { "name": "GetTextExtentPoint32W", "address": "0x48f0cc" }, { "name": "ExtCreatePen", "address": "0x48f0d0" }, { "name": "GetDeviceCaps", "address": "0x48f0d4" }, { "name": "EndPath", "address": "0x48f0d8" }, { "name": "SetPixel", "address": "0x48f0dc" }, { "name": "CloseFigure", "address": "0x48f0e0" }, { "name": "CreateCompatibleBitmap", "address": "0x48f0e4" }, { "name": "CreateCompatibleDC", "address": "0x48f0e8" }, { "name": "SelectObject", "address": "0x48f0ec" }, { "name": "StretchBlt", "address": "0x48f0f0" }, { "name": "GetDIBits", "address": "0x48f0f4" }, { "name": "LineTo", "address": "0x48f0f8" }, { "name": "AngleArc", "address": "0x48f0fc" }, { "name": "MoveToEx", "address": "0x48f100" }, { "name": "Ellipse", "address": "0x48f104" }, { "name": "DeleteDC", "address": "0x48f108" }, { "name": "GetPixel", "address": "0x48f10c" }, { "name": "CreateDCW", "address": "0x48f110" }, { "name": "GetStockObject", "address": "0x48f114" }, { "name": "GetTextFaceW", "address": "0x48f118" }, { "name": "CreateFontW", "address": "0x48f11c" }, { "name": "SetTextColor", "address": "0x48f120" }, { "name": "PolyDraw", "address": "0x48f124" }, { "name": "BeginPath", "address": "0x48f128" }, { "name": "Rectangle", "address": "0x48f12c" }, { "name": "SetViewportOrgEx", "address": "0x48f130" }, { "name": "GetObjectW", "address": "0x48f134" }, { "name": "SetBkMode", "address": "0x48f138" }, { "name": "RoundRect", "address": "0x48f13c" }, { "name": "SetBkColor", "address": "0x48f140" }, { "name": "CreatePen", "address": "0x48f144" }, { "name": "CreateSolidBrush", "address": "0x48f148" }, { "name": "StrokeAndFillPath", "address": "0x48f14c" } ], "dll": "GDI32.dll" }, { "imports": [ { "name": "GetOpenFileNameW", "address": "0x48f0b8" }, { "name": "GetSaveFileNameW", "address": "0x48f0bc" } ], "dll": "COMDLG32.dll" }, { "imports": [ { "name": "GetAce", "address": "0x48f000" }, { "name": "RegEnumValueW", "address": "0x48f004" }, { "name": "RegDeleteValueW", "address": "0x48f008" }, { "name": "RegDeleteKeyW", "address": "0x48f00c" }, { "name": "RegEnumKeyExW", "address": "0x48f010" }, { "name": "RegSetValueExW", "address": "0x48f014" }, { "name": "RegOpenKeyExW", "address": "0x48f018" }, { "name": "RegCloseKey", "address": "0x48f01c" }, { "name": "RegQueryValueExW", "address": "0x48f020" }, { "name": "RegConnectRegistryW", "address": "0x48f024" }, { "name": "InitializeSecurityDescriptor", "address": "0x48f028" }, { "name": "InitializeAcl", "address": "0x48f02c" }, { "name": "AdjustTokenPrivileges", "address": "0x48f030" }, { "name": "OpenThreadToken", "address": "0x48f034" }, { "name": "OpenProcessToken", "address": "0x48f038" }, { "name": "LookupPrivilegeValueW", "address": "0x48f03c" }, { "name": "DuplicateTokenEx", "address": "0x48f040" }, { "name": "CreateProcessAsUserW", "address": "0x48f044" }, { "name": "CreateProcessWithLogonW", "address": "0x48f048" }, { "name": "GetLengthSid", "address": "0x48f04c" }, { "name": "CopySid", "address": "0x48f050" }, { "name": "LogonUserW", "address": "0x48f054" }, { "name": "AllocateAndInitializeSid", "address": "0x48f058" }, { "name": "CheckTokenMembership", "address": "0x48f05c" }, { "name": "RegCreateKeyExW", "address": "0x48f060" }, { "name": "FreeSid", "address": "0x48f064" }, { "name": "GetTokenInformation", "address": "0x48f068" }, { "name": "GetSecurityDescriptorDacl", "address": "0x48f06c" }, { "name": "GetAclInformation", "address": "0x48f070" }, { "name": "AddAce", "address": "0x48f074" }, { "name": "SetSecurityDescriptorDacl", "address": "0x48f078" }, { "name": "GetUserNameW", "address": "0x48f07c" }, { "name": "InitiateSystemShutdownExW", "address": "0x48f080" } ], "dll": "ADVAPI32.dll" }, { "imports": [ { "name": "DragQueryPoint", "address": "0x48f48c" }, { "name": "ShellExecuteExW", "address": "0x48f490" }, { "name": "DragQueryFileW", "address": "0x48f494" }, { "name": "SHEmptyRecycleBinW", "address": "0x48f498" }, { "name": "SHGetPathFromIDListW", "address": "0x48f49c" }, { "name": "SHBrowseForFolderW", "address": "0x48f4a0" }, { "name": "SHCreateShellItem", "address": "0x48f4a4" }, { "name": "SHGetDesktopFolder", "address": "0x48f4a8" }, { "name": "SHGetSpecialFolderLocation", "address": "0x48f4ac" }, { "name": "SHGetFolderPathW", "address": "0x48f4b0" }, { "name": "SHFileOperationW", "address": "0x48f4b4" }, { "name": "ExtractIconExW", "address": "0x48f4b8" }, { "name": "Shell_NotifyIconW", "address": "0x48f4bc" }, { "name": "ShellExecuteW", "address": "0x48f4c0" }, { "name": "DragFinish", "address": "0x48f4c4" } ], "dll": "SHELL32.dll" }, { "imports": [ { "name": "CoTaskMemAlloc", "address": "0x48f828" }, { "name": "CoTaskMemFree", "address": "0x48f82c" }, { "name": "CLSIDFromString", "address": "0x48f830" }, { "name": "ProgIDFromCLSID", "address": "0x48f834" }, { "name": "CLSIDFromProgID", "address": "0x48f838" }, { "name": "OleSetMenuDescriptor", "address": "0x48f83c" }, { "name": "MkParseDisplayName", "address": "0x48f840" }, { "name": "OleSetContainedObject", "address": "0x48f844" }, { "name": "CoCreateInstance", "address": "0x48f848" }, { "name": "IIDFromString", "address": "0x48f84c" }, { "name": "StringFromGUID2", "address": "0x48f850" }, { "name": "CreateStreamOnHGlobal", "address": "0x48f854" }, { "name": "OleInitialize", "address": "0x48f858" }, { "name": "OleUninitialize", "address": "0x48f85c" }, { "name": "CoInitialize", "address": "0x48f860" }, { "name": "CoUninitialize", "address": "0x48f864" }, { "name": "GetRunningObjectTable", "address": "0x48f868" }, { "name": "CoGetInstanceFromFile", "address": "0x48f86c" }, { "name": "CoGetObject", "address": "0x48f870" }, { "name": "CoSetProxyBlanket", "address": "0x48f874" }, { "name": "CoCreateInstanceEx", "address": "0x48f878" }, { "name": "CoInitializeSecurity", "address": "0x48f87c" } ], "dll": "ole32.dll" }, { "imports": [ { "name": "LoadTypeLibEx", "address": "0x48f40c" }, { "name": "VariantCopyInd", "address": "0x48f410" }, { "name": "SysReAllocString", "address": "0x48f414" }, { "name": "SysFreeString", "address": "0x48f418" }, { "name": "SafeArrayDestroyDescriptor", "address": "0x48f41c" }, { "name": "SafeArrayDestroyData", "address": "0x48f420" }, { "name": "SafeArrayUnaccessData", "address": "0x48f424" }, { "name": "SafeArrayAccessData", "address": "0x48f428" }, { "name": "SafeArrayAllocData", "address": "0x48f42c" }, { "name": "SafeArrayAllocDescriptorEx", "address": "0x48f430" }, { "name": "SafeArrayCreateVector", "address": "0x48f434" }, { "name": "RegisterTypeLib", "address": "0x48f438" }, { "name": "CreateStdDispatch", "address": "0x48f43c" }, { "name": "DispCallFunc", "address": "0x48f440" }, { "name": "VariantChangeType", "address": "0x48f444" }, { "name": "SysStringLen", "address": "0x48f448" }, { "name": "VariantTimeToSystemTime", "address": "0x48f44c" }, { "name": "VarR8FromDec", "address": "0x48f450" }, { "name": "SafeArrayGetVartype", "address": "0x48f454" }, { "name": "VariantCopy", "address": "0x48f458" }, { "name": "VariantClear", "address": "0x48f45c" }, { "name": "OleLoadPicture", "address": "0x48f460" }, { "name": "QueryPathOfRegTypeLib", "address": "0x48f464" }, { "name": "RegisterTypeLibForUser", "address": "0x48f468" }, { "name": "UnRegisterTypeLibForUser", "address": "0x48f46c" }, { "name": "UnRegisterTypeLib", "address": "0x48f470" }, { "name": "CreateDispTypeInfo", "address": "0x48f474" }, { "name": "SysAllocString", "address": "0x48f478" }, { "name": "VariantInit", "address": "0x48f47c" } ], "dll": "OLEAUT32.dll" } ], "digital_signers": null, "exported_dll_name": null, "actual_checksum": "0x000fec83", "overlay": { "size": "0x00001b68", "offset": "0x000f4a00" }, "imagebase": "0x00400000", "reported_checksum": "0x000f602f", "icon_hash": null, "entrypoint": "0x0042800a", "timestamp": "2019-06-27 10:31:27", "osversion": "5.1", "sections": [ { "name": ".text", "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ", "virtual_address": "0x00001000", "size_of_data": "0x0008e000", "entropy": "6.68", "raw_address": "0x00000400", "virtual_size": "0x0008dfdd", "characteristics_raw": "0x60000020" }, { "name": ".rdata", "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ", "virtual_address": "0x0008f000", "size_of_data": "0x0002fe00", "entropy": "5.76", "raw_address": "0x0008e400", "virtual_size": "0x0002fd8e", "characteristics_raw": "0x40000040" }, { "name": ".data", "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE", "virtual_address": "0x000bf000", "size_of_data": "0x00005200", "entropy": "1.20", "raw_address": "0x000be200", "virtual_size": "0x00008f74", "characteristics_raw": "0xc0000040" }, { "name": ".rsrc", "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ", "virtual_address": "0x000c8000", "size_of_data": "0x0002a400", "entropy": "7.68", "raw_address": "0x000c3400", "virtual_size": "0x0002a26c", "characteristics_raw": "0x40000040" }, { "name": ".reloc", "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ", "virtual_address": "0x000f3000", "size_of_data": "0x00007200", "entropy": "6.78", "raw_address": "0x000ed800", "virtual_size": "0x00007134", "characteristics_raw": "0x42000040" } ], "resources": [], "dirents": [ { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_EXPORT", "size": "0x00000000" }, { "virtual_address": "0x000bc0cc", "name": "IMAGE_DIRECTORY_ENTRY_IMPORT", "size": "0x0000017c" }, { "virtual_address": "0x000c8000", "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE", "size": "0x0002a26c" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION", "size": "0x00000000" }, { "virtual_address": "0x000f4a00", "name": "IMAGE_DIRECTORY_ENTRY_SECURITY", "size": "0x00001b68" }, { "virtual_address": "0x000f3000", "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC", "size": "0x00007134" }, { "virtual_address": "0x00092bc0", "name": "IMAGE_DIRECTORY_ENTRY_DEBUG", "size": "0x0000001c" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT", "size": "0x00000000" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR", "size": "0x00000000" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_TLS", "size": "0x00000000" }, { "virtual_address": "0x000a4b50", "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG", "size": "0x00000040" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT", "size": "0x00000000" }, { "virtual_address": "0x0008f000", "name": "IMAGE_DIRECTORY_ENTRY_IAT", "size": "0x00000884" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT", "size": "0x00000000" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR", "size": "0x00000000" }, { "virtual_address": "0x00000000", "name": "IMAGE_DIRECTORY_ENTRY_RESERVED", "size": "0x00000000" } ], "exports": [], "guest_signers": {}, "imphash": "afcdf79be1557326c854b6e20cb900a7", "icon_fuzzy": null, "icon": null, "pdbpath": null, "imported_dll_count": 18, "versioninfo": [] } }
Optional Paste Settings
Category:
None
Cryptocurrency
Cybersecurity
Fixit
Food
Gaming
Haiku
Help
History
Housing
Jokes
Legal
Money
Movies
Music
Pets
Photo
Science
Software
Source Code
Spirit
Sports
Travel
TV
Writing
Tags:
Syntax Highlighting:
None
Bash
C
C#
C++
CSS
HTML
JSON
Java
JavaScript
Lua
Markdown (PRO members only)
Objective C
PHP
Perl
Python
Ruby
Swift
4CS
6502 ACME Cross Assembler
6502 Kick Assembler
6502 TASM/64TASS
ABAP
AIMMS
ALGOL 68
APT Sources
ARM
ASM (NASM)
ASP
ActionScript
ActionScript 3
Ada
Apache Log
AppleScript
Arduino
Asymptote
AutoIt
Autohotkey
Avisynth
Awk
BASCOM AVR
BNF
BOO
Bash
Basic4GL
Batch
BibTeX
Blitz Basic
Blitz3D
BlitzMax
BrainFuck
C
C (WinAPI)
C Intermediate Language
C for Macs
C#
C++
C++ (WinAPI)
C++ (with Qt extensions)
C: Loadrunner
CAD DCL
CAD Lisp
CFDG
CMake
COBOL
CSS
Ceylon
ChaiScript
Chapel
Clojure
Clone C
Clone C++
CoffeeScript
ColdFusion
Cuesheet
D
DCL
DCPU-16
DCS
DIV
DOT
Dart
Delphi
Delphi Prism (Oxygene)
Diff
E
ECMAScript
EPC
Easytrieve
Eiffel
Email
Erlang
Euphoria
F#
FO Language
Falcon
Filemaker
Formula One
Fortran
FreeBasic
FreeSWITCH
GAMBAS
GDB
GDScript
Game Maker
Genero
Genie
GetText
Go
Godot GLSL
Groovy
GwBasic
HQ9 Plus
HTML
HTML 5
Haskell
Haxe
HicEst
IDL
INI file
INTERCAL
IO
ISPF Panel Definition
Icon
Inno Script
J
JCL
JSON
Java
Java 5
JavaScript
Julia
KSP (Kontakt Script)
KiXtart
Kotlin
LDIF
LLVM
LOL Code
LScript
Latex
Liberty BASIC
Linden Scripting
Lisp
Loco Basic
Logtalk
Lotus Formulas
Lotus Script
Lua
M68000 Assembler
MIX Assembler
MK-61/52
MPASM
MXML
MagikSF
Make
MapBasic
Markdown (PRO members only)
MatLab
Mercury
MetaPost
Modula 2
Modula 3
Motorola 68000 HiSoft Dev
MySQL
Nagios
NetRexx
Nginx
Nim
NullSoft Installer
OCaml
OCaml Brief
Oberon 2
Objeck Programming Langua
Objective C
Octave
Open Object Rexx
OpenBSD PACKET FILTER
OpenGL Shading
Openoffice BASIC
Oracle 11
Oracle 8
Oz
PARI/GP
PCRE
PHP
PHP Brief
PL/I
PL/SQL
POV-Ray
ParaSail
Pascal
Pawn
Per
Perl
Perl 6
Phix
Pic 16
Pike
Pixel Bender
PostScript
PostgreSQL
PowerBuilder
PowerShell
ProFTPd
Progress
Prolog
Properties
ProvideX
Puppet
PureBasic
PyCon
Python
Python for S60
QBasic
QML
R
RBScript
REBOL
REG
RPM Spec
Racket
Rails
Rexx
Robots
Roff Manpage
Ruby
Ruby Gnuplot
Rust
SAS
SCL
SPARK
SPARQL
SQF
SQL
SSH Config
Scala
Scheme
Scilab
SdlBasic
Smalltalk
Smarty
StandardML
StoneScript
SuperCollider
Swift
SystemVerilog
T-SQL
TCL
TeXgraph
Tera Term
TypeScript
TypoScript
UPC
Unicon
UnrealScript
Urbi
VB.NET
VBScript
VHDL
VIM
Vala
Vedit
VeriLog
Visual Pro Log
VisualBasic
VisualFoxPro
WHOIS
WhiteSpace
Winbatch
XBasic
XML
XPP
Xojo
Xorg Config
YAML
YARA
Z80 Assembler
ZXBasic
autoconf
jQuery
mIRC
newLISP
q/kdb+
thinBasic
Paste Expiration:
Never
Burn after read
10 Minutes
1 Hour
1 Day
1 Week
2 Weeks
1 Month
6 Months
1 Year
Paste Exposure:
Public
Unlisted
Private
Folder:
(members only)
Password
NEW
Enabled
Disabled
Burn after read
NEW
Paste Name / Title:
Create New Paste
Hello
Guest
Sign Up
or
Login
Sign in with Facebook
Sign in with Twitter
Sign in with Google
You are currently not logged in, this means you can not edit or delete anything you paste.
Sign Up
or
Login
Public Pastes
VinCheckUp
4 hours ago | 1.69 KB
Dark Warning 4
8 hours ago | 0.72 KB
Dark Warning 3
8 hours ago | 0.21 KB
Dark Warning 2
8 hours ago | 5.63 KB
Dark Warning 1
8 hours ago | 1.50 KB
BH V BD 2
8 hours ago | 2.07 KB
BH V BD 1
8 hours ago | 1.07 KB
Boba Fett Pursuit 3
8 hours ago | 6.33 KB
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the
Cookies Policy
.
OK, I Understand
Not a member of Pastebin yet?
Sign Up
, it unlocks many cool features!