File identification
Static PE information
Analysis
Layers & regions
VirusTotal scans
Summary
Visibility Public
Main file's SHA256 682f5e1c34bc4ba33bc646cd1cdf2efd5836105afd6abb3fdac0faaa0f541f5a
Complexity Type VI
Packer identification (signature based) Armadillo_v4_30_v4_40_Silicon_Realms_Toolworks, Armadillo_4_30a_Silicon_Realms_Toolworks, Armadillo_3_X_5_X_Silicon_Realms_Toolworks
Number of processes 2
Number of layers 103
Packer analysis graph
Click to open on new tab
How do I read the graph?

File identification

General information
SHA256 682f5e1c34bc4ba33bc646cd1cdf2efd5836105afd6abb3fdac0faaa0f541f5a
SHA1 ccf0dd7d2e6e7fea9887b65fb10170db4ce70ebd
MD5 9231a123f68106e776bd35a4dfe79be6
ssdeep 24576:82f/H+yC3ySRxd9priTuqHxeKVtMKvExTWRaREymH:/yyUvHgMcM7xEaR
sdhash sdbf:03:0::819200:sha1:256:5:7ff:160:80:149:UsKhzhYBtovKAGB4CSIAMDQFHzyDAAqjK/4CZABCADoBqIAorpwExQCYlQAgz+ICSkgwBVDjAAQCBiJSEAMREghhSIKEuAJaBEUEjEWEoXSsJ/AAJJMo0SIwukCEKHQnhJEeUIOXxQAJcUHLUQkKlBdOAsSCQ5BoWAEWngCRdEigKOIBDJRgQdCNNggKEgDMkSgpIgoKKyLICAMwHrarQm1hYGgjQQpI9sMgEMIAUQkAgOEEAl0QKqQbMEBCFpAgoKAACLDgSBhRSiiHhDmkAMAgyGZ5RPk6kBJ1IiYghXAAKF6kAZhEwipRGdBEJdQygBjFdNQUg3PQdpNIRkF8QoMA2TwYQCR8iKBmiIJcCooQdEDR1VYUQGeBFwNIhtAISAGQEgwUKp4BSYpIfAAAOEmII5LA5CxQhQEtNoNgjUAAAMIQrIAQBBjQAgBUFAAApDeMoYgBREpY2OghzEKIGDyYjhYwgqAiogRAmEh5SMbCAwlyEwIAcUEUY3kEDIjUgoUwjooixhypAIJUFESDwECU2gkToQAihjKgjFAiwIOXCKVoIrAMA5A4wYgEhIU6RJEAQqEAbsysAE1gwlEDM9lGyAchMZJBlEZLRIyxALWgDA0G1oMRWIJpADERAx5mCiGDAkgAKCiqSGwgJZDBScYThCCwDE8JwrL2wUkgeYRQB8K54AR0hbhCCYEDCNZDhEINLZO+GnAhbESOhBAPziTrgEQAQ01iEmEQhYB95oE/SAEXxQKESgBSnBx4QYloxBBAsQQBOAIClQEBHV4Z8ilCMAsECqAeRCQOwgBRgEaIMWyhIwug4rMMNgEgFIBAkpC3VABFQXCgQGSypAlLwSVoiGEBwpBz00ABBQgYMspxkhKRXepGSicHNKkGHQAiyEFAQB2QJLCMdP0sQQsAQwQCj0IROIAlooRAlAzCIiAom2xHAwEMwQAoQmAg2hyILMPwoJEFSGgIAgMgBhUAFAQo2CACI0gIwsAoBpAYCMBQoNJ45JCMFAROJi2EJgKUEKDdyl6CQxGevhIKIBMCAkBEEvmEEICMAGWFKQdCwIIIjDQAw0LEAYaZcCQF0LEgC+FUYRlWGACgAA0EPKyWNxUj4ZTTPIKiFiBKR9KDzYwomORgQXhKhcECD0eAAAIQQhnTtTC7BkBCAIK0pECKAUChTE+wsiBTQJEsSbIcABcOUOgJAhIiqBRyQlMwYGMgmkRpmAD9RoPUAACAqGAWVVIbBEACliKMkQRZgwwCUmdjBF5RLCIATJznwQCKSeCalCpAIZvGhBw4GgJgH8IcEBAAOxZxzQB4BSAUepCUgItELgDSLlILwSAGBAIEEBJRlFsFJCDYynEq5AAo2gBACeTJQAWIZQEUoIwQtAARngCoQCOgh0AQiyOBDwCJRCCsAAoBYTmbYF4MyMRAQ2GjLgQoQwDgpoUG4SrOpEYAQAqVgCkcP5hBDUeVEGUCA4QU9UMwKGAYBEceF3jq06BFIV8CAMC2mBTUggCQKElpGliEFGggESQiWAgF+hNQCA0AgMACdEKRjqDJZpQhAETAoohoA3JGAEgyCyBgFMi4joCMwgRAQUQAOqAYqGuECzCoBngAFAYhLHChRCiIwACgDhq7iwAhOF6wBtAbDQ4GMRqoIyYDYBmPwJbEAqgR6AKv5YpZFUULIEEQo4ABTqCHEEZAAyFEi6BWQZgFUDEMTFADhwKZ7IlsghgJCbeoNAAIonQWHgUBgAicgQ+MOA0xDxgwGgQzoADVYItQAAIShhSIgLR1IgBQECoIYwhA0ogEQQMkgqA1MIUoJTgR0BIooMiNViwQCERCAEDaqDiCDggAwIONkCAFmBADjcQQFyUJOIFVZcSAURujJIoVQQ0AxxDBgOPQ+RTlEBJEYCpCDOOQ2uRIZCJBDCUVQBANI9wAkHEAQEgAgElQbwCUGxABTBocFQsnBKC2ngLAAsbC1QiQDhyRokEAIRAPopSYaQeDNgkSYGWNSAtMosaulDCKJAQapGAttJfUwcQAuQBBJJAbQAkEAlsEADAl0ywroCBTLAkMywYMEMAGEHjoiFMWkStHFhwAQABWIyEYtAXpIjHN7ggKgIQgNJGsgSHYMUAYA4MoDkoAQhYBAILKFQAMJDiGJQiAcECzDEYCBIiEk3sQhNaghCAxqasQfFFCoJIM2sSL4APRgUMCOEAjEMgiBCICs4gSaMlxFSGBBSBIBcSODGRIDipWAEIluygrwSBSBBBhADsBERLIEMY8oxIgOGMYWfF9YAhAaqYQ5GVBAi8BOBCMDAANggEVIgjVFawjg/JBrOEAQYSTFBZQSRDAAgBpQhYJozxIStkIHEEzS0ImkBFSgDBTREIBpgrBAGiEKFgCrEhYIAEmCIGJQoloSUyJAijYowbtICyFzwBAigmWNKQQkHAAuwgoiCDDgKgIpwGmRhJkYFQAQU0AIhx0yF09JYEFGMMIkLSAB+TMhvQClYaBMezKCAgMEIB6JAKCURQUgFQFoSwASEF7YgwQPgHeDBNEAdAJMCBRgCHAEDIKBDQOYmAGyHwMEgBsghghsGSRgFAikAwAJNxrqjooAAClMUFAEIxQZQiCDAEdGYiEmq8+5FElqKApRSCFihtCaS8Eg4ABoKACgkgWREh+XXFsi860oQzwFJQEgQkwZigCL0MAUhKBEECYYQRBgawcQ6gDSEkQ0QomAD8B5cOGkBQBAJKiArDCDakREAliJgAOVkoDvEVEKGgQAEERAUTKABAOqkEEIOQqnJQYBFEIgQrjQEIiSzorYICEUDYCiJSJsoYQA5GjkNFGulABRRyDTA2K01iAREItgQ0CCMEApslKkyNHBIAAWkEcAIKPIiQAgCihpg3IMkkRIhRAEgAxK2CIX2IQ0OsaJCl4CBigdQlMBjIBBQX4JgNYgKJAsADS+E8yQKAcIHwZQkrLmEgggAYFAMKhqASiIMAhmyjgGCOGAZEvBAAhgFG5TADAaTJOAJcKkwktBWaYAkNEqSE4Y2oRayOmQcNQHwg0gZMiiGQEw6UpHBSaEkGeBgKJrQpGJnRImhACpBQqVDRZjIXESMQUAEUi6FhFZLESZYWSC6hAwFpkDTQ5QEkIAZkKGgRyIswIRYiFgGAnGAUFFEqqEzIhCEiCKggBBjBSJTggYUYahtEQkggASSHZZRgCQKYYCCPhVqOUwYDhEAQAGJCiJYkLC4AKBFR1hkxARIKBgXfYGq+iQA0oBkVjbAaAaEkgTgY7OdkIgAQXShE6qpgE1AFBemCJRQ0+gIgi6ymFxkIENiIMSZiwkBqJIKMJ2DoiAriGCDQEFBhDYQjfQgzCACSCEFCIOcAhDJhkDgWhiFAxZcUECUxTtECoIJACgo15RGhBhaESAwqI+COIWp9ghQoEIcNRQCKAbQQgwKwC0EzEIAIg5mlCQeKUAEIhkgvIBCBB5i0hnUBVmQoEABqpd4XJDhiMhYryEQq0EIJA67IJ9BoAICgQE0ETERkQVCBcKkkACQMaCMOgFQIIEwgOkEghKMWBMiGKxRABQUqAgqTiBykiDBG2UExIYQNCItEnAQoLqAxPDEZl8EAEUmxIAQrSQwmBSZlQuYBYIoBAiIEEQ3Lk8pFYOoYsEuIJC8sRFRsuJCAAwJhlkEGT3jhqUQAQxFIUKAgjQistQYk2EAccA5YCTjIjBhA5IAJgvIJhIenFIIBiEnKAGOhSAoJJUNIR5UxSAgcow4AmkFgeREXqS1BA0wYoyWqFZWAIcRgYdxRAAKogetUBIIBF0RZEEYUBBSZDEL/yIYBCggIAoELb2gDNlSGRECXDAowhKAmPA1yqBJVMFCUGpJCCCEoBxBnmAgwCGgBrAgOKABYUIjAJqWkjFxGgEBTigEHYo7sMAENQDICCUeAADRgCFQSTMViKHigACkkGQWBDN0pqTgpSEwQAg+KAVFHgQywHkATyayrBgICgPwIycBEjCQHm4JwDQ4QAkBKdJJzUZQIIKOEAWAEOFYoAbco7AlAARYLoFA86QFeCoQAQeCQih5DB9CnhBCQDFgKBoUkCEIIgCUgGsECgcyIuSFgpygApGFQhiYlXIXeAQyBgJD0shkNyuDkuOTKDAYAOLIVAORQoNQECMBKXU6HAAleGQRCSBZCCQeJYRX2VAEQkIANxBj6GIhIKrGnBwU8sYASKCCwJAGC4JIHAH3NECgxY5eAGAogsDGEQIG0AI0AEkLRno4gIQSzHFQQhIKAIABQSogBgFoZENNiAUCUBLKylRQIVYJFZBCgxZLEGaKUkBIEkUIFJSIMdYLEk0KNg0wAaCEKkgFnpEWR0IgoQDPDEEF6ITIbWSgBMVeIlQgBRG0UNAwoBAC3IEbBhpSDI6JJAcrohpQEgjhkRYKyCkSQWrQICByDSAcgEkGQEC9mUoJEJVKBIHpLM7+BAgAAq1BAF1EYAV4KYqjAkYaMCaAgcwm5UGRgCAykpLB0AWhCLBUwCrlfqQ4DGAGi5hVMCJSAwZABIEOBABr3yAShAJCAAYwRwAhvmiwAAckEmWGEgABoBwHgGfAgvAGABFCHRoWARWWyEhlXoDKEHiSJQARiDKMjAwIGlRRoBtKYNCYoUHNKGFgEsYwIAjGJ5KEuJMoAhMFkCigSUcO0MhciCS6MsABQIJ8ohjS3SZDCDBImB0QgADSliIVGxCHhWMAAAeBRWlxs2CqHQSSRg4gNgTXgY0DCwoJ5AbQoCQkAAIhBwHbgYigipEICYwARQAhJ4hKJAYXnYLYHwgUQBkQWDgkQFDMLO4FIe5zQAMYECGLsKJg+cHCVEEgYEARMBULVyAZBCBhYJqEjYFABJkCEkWgACDrABTIG1gwKJEARQEAGAlAJBKwAHYMBAAggAGBhqBqGDxBkCLBgGwVgjRIi7GQXAYMQ4KDFdMkdACyMggCDETL1IQCQwM1gSFkqgIEYmaYQBG0qp6xKEXgJQgxHJVMGEWgwTEDCwD3uE8YFRISjgYBgaDiCz6LFTAfpgYFAIZojUKZAEAEWqWAEtRYHRJcgjS1BIw5IBAIeoCABNmuHRgAcA3zJDiBEARKUAitXpgA0SBQZ0AWSCsDEAToYAUKgpihRAFlxgybFzBGIBp4nBlSK+NUEhBRHCCKOByggYKMQiUCQs60hxWXFQwfLQRgEKUBAEiChAAUIdAYEQgGXlaN4wWkrLMFBYwIQGsAUhYgkTG4phEAAKEIDQFA+L/oRfAVhjiKIiAEELEJ2BlgZAigIjBgBkRi2kG+ACwjK0NkECMgYCwIYAkAJwICfzUB8lACnAIIUAjtgRCFEK8TAxAhA4AIpARwoZMmml4QQM0gACgiVKE3GDlCAAYgQSOQKDUFMJDJ5cUByBAKQFQQGKAATAMksCkD5YHBjStXDJtqAgYzBBQLmljCxEQRAiUXKOBPEApkIKCFBBIqJVCmCgYqmA0y+HhhsMXGAUsJiqUBoGBAKWDrQQwMgn+JR74GoAAECQ0gGApIWWhKMQAAogUMIgAg0UhzSCiiXQgUcIJSRhjEqhS0QwyBGFQSR2BAyAsAHAJ1ARa8KwYOxg4ULMIAEXtKMUGARWNYoBkjQdhhKRIgRQABCUmAOmBEARUZRMLMGAIQpA3SHTiBOJiQWLUxKA5UKRAoiIACkBAo0UYogzSB7ADKEFCpAApKYCGDuAFojwTMwBMUTkIglAm0cQ1MSNKTApDnJAPuXAFEpQYHARgOKIZwAC7zGkkAxURuYKAAAjm4CEQVlwIkbpnMYQJkyjbgAYRAQQnvAgZQAgAByAiICaiIChWEsImxIihMVcOwKEkhygIJMoABIKasCg0yImiIDCDClXKiXUgypSIIoQgghAMARQpDURTg6JoHAQEIERGByggbOESWSjC4JcqAYQiBlaBEpvwo0MA8aAcHJG8iF4RI5LWKGdQsEkYIQKWwSCBIAYDBgEFQUMiKiI6NpYKADJGwAIBChnBoDgFJAEFGMEcQCgAIiQyhUaCOaCSoiAyaVuyECJSEmZmL4MHAIEJIgWKAASjQSUABKhhhQXA7mFAERgmAxHVHIwgaNdABaAITGBSAqiQKgiCACBDQLWQR8tBhJRwQBUxAaQGwUJO2yAJiVIJ0wADRUoZ6Ok2AEfQoFhkUXCpgMFAGroJbOKDYMG5QIgNQAKDYWhODLQQIDAQBKioASkn4VRFIMiKYABJEAGzApAjGAVkCCAS0rERV2P8uahgAWgYQ5YZARAhODak4QQTKZykhJCcNTpqQ4GxACiKCoRaA6AOFIBADFGCAAQiAgChRoAMMQgSKJZCEoROQ4QIDlSDRctAxCKoZ9DgQgOBYiikaK4aUBeQAMZCowBGVHC0CIDHBdSAgPA0BEEIF9lBSwhEMcZEjA9QIFuGAQJQKQAgDcmpCmAXOUwBA4BGNOjRMURCMVQjVAgyrCmmMokIQBmAMCYMsU4UGMrgzgSAEUDkHgIEAEamAKAQACK4l5RMRaYcMoeoFUByXAkCCKmBawCGE4SUIoB5JBFCEjGYA4Sm9YJJChPqIQUAQBxyGg1AkC4E1FLaJ5oENToolo+IgQmFCuAAAnQmABIZhIREIyXWwYJMIgUDxzorFgEAMxlAKgARAGCGWAxPoBSSIozGKMoSgJACJEoIEH4GNBRzgAGQaoAXRFDxOUjzYLYVtZgiQA0SACBKGBwWucICQoigEgSBCgyCwQEFCp5OgGMZgAAMALDiukGoKw4NPRRIAkAhsEmWISDABE7AOfUBkAgAPIazBEdCIcCDIsOmWEgqIFfKkLZLGKqFMJwAF2HJGBwcCAMAoIhg4CAp8CiArCAjlhBoChoCCACUiRIUUHMKlYBQCvGoJKHhANAGMigqCYJwdZgIZQBjQBYAhIYQKLBM8iYAigIUGLgAAA42KRypGkxAAQKYbKgSPICGoJUgpibUa4agje4AkYPSIP5LhBQ9oEaMAlCl1ACYsDJoArIEGCBVAhJKRoLg8jEDFWkEByAYCL1DTIwMHUwcoGjQBeOAzHhAilxhRRYkkAMIA4UCpO5ECtUW7GCAqhBSCBgHA27WJUjsAhAKgmABCFROAityIACBZAKSI8AEiBK+C4yIAbMQIrQoRTJKAhLFl4BAgAsGiCUhZDIMG2GAMKAUANii0GaIsMlWl7QABACInAcIBR1gB0ogImmYVABTGB/FQCQiSiDIiygScw3egTKCBQTDVPaBFgQXYDABgIXCkhJR1QaYoLTTAfb1RkJXBYCFoFAH5BmBPIiJK4VCTgDBAh0DLAQgixnYUIAAghGMZGWH3AiAIACohiawalEBAAGIjyAksI1aC1MJCSEkICgHAkg69guoUUIAJwECACGXoACi0IAQgcZI+CDRDAYnIIMA4xJRYk1YiwDAqIoMEEAmEeQBgAJVCxSI4qGqKlDgIQBaRNKTJKAToFJjKhkCilQIcQlAkYUoEgCoojFiiwYsFGKeLQQJl4hPMEhBgBA4gmRBMRRyUJxRBVdANnSAkCoayAOLCQIS0UKcCICEkQkAmUZGCiGgkBMpJuoMBQTkRiKiukSRgIKOpACgE0sEAlIUxMWSIa5ARklgg9TQBFAsIwAhIwmMWEQIIRYMwIwlIaAg0AUjTgB4nxCQEg1GQMAFdhpAJpOYBKqu26QOkgjmYu54iCSBQGQtMxMIgImgGwBpSR0cCAaEcRETT8SCHJCIgITMAsFA8LRgCVDWCABedGQaC8EgAkIKAcoUQCBQBwxWFgpAxsCiFURSiMiAhkYJlGIsSPQAFCAEgYKQARISwCKcqCFKqYAA+CAhMh0Srho1AIIhB4MAAZeE9kIYTMqmyETODKXoFloVMQYE1OGArBko6KKAkBdJiCZGACGAapAF3MMLgBQCLQaogykA5jHg+yMIzgwCRKJ2DzaQEETKYhgCCE2ARKgJjAEohKCApRAikwscNEFYDAK4IhImCGgBDdSQXyQtRBAW7AKhBQQ4Y5AoJAWFQCFQBBPYYkOCYgoKQIHYAMsRASYUKABIlACKpJkUExcBzmP5XcIYQkGDqIIFNNRwlyETWgABMBC3O4h05VSQTw4WhSKJbohBqEkWBosBKJrERpzDgM5EBGQH1jQNKgKAEQAE5DiBiCwJpIAl5GgI4AASEImhMxsALCAsBxAiUEUCYIliwOACQhBB/isOUKIIpwhkGgjALkqVgJChSEF1B1xKgyMhhMAIJYQkDCAqIiJhAhGCmQYH8VBWHGiCQiIgQACSG1RYwIUMwnopUMCJklQEhUScAEgGCxIQgVNICI2ICCRg6TOphKITrAxlAaU1gakFICsQAErUlZBhECTeY4QbEeIohQqFY2vQSA5F7BBoYKWwGJAz0hwIAEycoACBMgFIEMElIZAINAFCAqLWEoBgSiJYAAhUAHonXRXQ4iBBU2I6pCJTVgRPAKECEgwFABbQTIM2DJAoUKWCAYBvkg6SBiPFJAAjEUoCISISgCAcAJUivQEWJSGEAUABlBBaLQIBEwLlRaJNYTDyjYYENCckHiBmGAAjBcNJyGhCZIoHABhARFAI4BP1Su0YDCE5EAlQ4Y0lMhABkMROQSylNELWMF5APAFBSpBYRiCd4FplCDPvm0fDAEA0BFMHQIFKpAEKwCCQJKKmQVVxzZoAaqukVYooSQpkpRqAcBFVosEEUCLwB4CFhG+OIQCBgIjZgZSOAkYwgCUlaHLL0KiFJDRgJIsAAgVQEIAVAEFBCCCIsgADggCNoUKEDxaCYSiSAAQQzEEwAtAYIOIG1yFhdwhKOGRiI4gPQAD0i30puHBaBcwkORgUBiIII+bgSRB2gMIozwgKBYUsoENs/gUAEAJNZIGYfBxIjfMgGCkAROFwRG0EgIwQMAggAgEkOD5SBAJEpGkiBgQebkYoMMUZCcjNsGMIFwEgRCc6JikLiE8ALwpUkAhCwMTOABAGRFQHBQIjABAYIOdyDwG56hAfKDwxCLOhBMQOIIwHJ7goQIECcALTZAn5DWoCCJMGxifgJEoAwlVhQCBHjAQQcSDBwMEBQYIhAVFVwLJQgIhBkOAKEm6hC8BiICCkIbAWIlAg4WND4kVAgT6AwFFsikBqiACJBfSQQIQIQYLhGDBQJNlJMREFAuQo2Q0jF73IkzoIIkHkRggpEKFIQNQ0UX2hIqCVAlFqxAAp0UyTYn04kNAIEFUUBAIAITyFCLwQNhcIocwQDHgkQ0AlIHAEYQMKY6KMCCMygQJkMhoJviIhApBYAYiARDSnNAJGEYwFUYJacECtDy8SJQWEECwEAZwQ8AlqIRhhjMSMUMAAZCRBFFj/da/IgA6AkoWAbjALYiAyFAABAwQBQATueWbIAJgC4AoDCEoEg06Ej0iQtSmDkSaAIJISDUFCmYIikExUZsCcykCjSG0mJIgV2oAkGCBVkggqAtsDCGBC1BoiJSDokNr6BmmAAIAuwpBeGoSIoUSIIKSGzNQjIMBwggivSAGCpECgSTdmoKHQAphRoRIUVUAZJOHAZBIRkkYTBgOFRNgwunRQUMBAICUgEAYULIJiWmjZPQAlhvBuQhqooA+AgRIJUPIGWuUOJFGAQw9IlAoByCrRAJxJygocYAiOGyjJGIz7IQEEYBRkAChAgAIBkBYBAgQgIBvgr0jFhhVzKAoGBQG8CyB0E4RhgEg5AOLyAiUJI+mcEA4IjCFDgAK4ISpCCYSSAii4kYikYplkWKw0GDGCmmgpwswGCXAVCOAa6FRFSpyADAYIy0cAyRjDNgJJASEQAEARYdNAADAulUiCpLZAbEIooAGSGIwGklcBcJAOEQmGehNIUXAIRg7I5SAkUggQgwKuRngUCGxmYNBDDAHBEj0GAws5KFEgABqERAAkHNYMoAgrQAUCggQRRokuEAiwFW0gZBUJIDliq5yAw6QAQAWBdK8JkABFOrdlgWQZQAQQDCIiQCMQ0MUZTwQAwgGFagCEoFF0MBQSA4ENixRBoAAPFKIugByUFEIAw2AD3omQFEN4QAGRSkvFwEOQhOBARCIGJlnUKRVEFW4CYEUtQMcgVBxogBIjMB0cCpBDAAKvWZoCGCoY1OVwkQQpMGI0R1GgCcCgDaeTiIXiFkMzJaE5IUIA0HCxICI9l1BAaAEi0BAEpgBgPJA2uBEWlx1I8RBFJYqIGEkEwNAjAkyGVAS3VUgcEGkwMxBexYxE4wFAACgUoJQBgAXQBBkIG9smxow2WYkQ8olBABkmhIOMaFKowyALFjnIZxpRHZAAz6qIKgCEgUNFKkoAKuRBYEoicgGBAGABQYnyFqSFAHeTigEpDEpQwyGH+qyKwFRKICysgO+IxzgoGiQYcBQMEgDZQdTGWKEgkijmByGGIaqBQEAEKgVgJBhCI6GXQMwgQQhAwByoCJIDgSIFsBISpCgU4kAFjEgMMIIaDAohA5hIaCkYDFlkVAlhMHAjw54jCTFClIQuoJxolgxbEojrSZsIGUIjrJNThAI4JQRCYDBcw4SJhUABmlnokDEkSAw0IGoyBAT2USjhgo24yABAAEyoawsiBhDJHvg0WgAECSciQIAxEQzgBAyEICCsDLCQqL3GcEYFAQDVEghwI6B0B6DKgL1gIIBQUoOihZkvWEAChcMOMAQEAapSEGgCUQAGIIZYiKkW5BAqAR2CU8BASAEQwQwkikg4iDAAAQBIGQGgVEFC5EgVFGMYQQvmC8LhDxGm6iLOkUoKOANRgAAUEwAbTsCCA1SEDBABBiPighgNCOQKAFICQItIgooIkIemUCjqUNaCGICAkgY4VMQEUwvSIBITYWSEqJAQNAoGwG0gC0GGCCKVVAjhASNEQiNDspbUGRgVAgEkIIBBt0BWQOk2UwswBBpYyOBkwUQBgFUanCxB64gsKhEK2sMo+hCf2NAeMEZCpgEIoERZEQTpB40BYCDYBmQDWRAAJChwiJQDUHKHeYFciwXnUgFwWCGJPFIC0d3Q3ECiLKQwwAQkOM4AhPVuAYjyBaFTEjEJABARA0mMrQcAKBgaQBJpQVYMg4eFoTJCxYDEWIoACAgaEnCgREQhzABiACIFlgtA+BwNNZEkYNBkGpjALQBYEHJSkCAEgQQSkQBwC5LGkYgBQAkym5LhHKAAAcCIARRJKAJWpyBBQUFV7EUgBBtEAOGAAKDCpKsSwBIHJIEUBIwPRYSqD4LuAiC+ARkg8fhEgI0pBzEuBxVIYdDkQAkCAkQND8RTOD9HEgDxJAQqgtEEgLAwQDCDzSA3QyBQlGyQEAmoiCLUAogBCGJwSQoKAEGREWyZGQQIKFdUiEkIC8kTZlgAUFFlsKYgjAhhFBDy4CHgAphQgSxT4EliCUCcCqIZBI1g0j1AVnAEFSAAYUqK1CNiIVEuQCgXkT0wAZmB70ABLQDeIlYhCAplptANyTPYakQcKCDFa5OARRcKAE0ABaMgEwABCDAABEQBMLNERqAAKAA5NDA1mip4WEBCIWUiAESSYwwnBAMgIgEFQRO5QIEwCAwAZAU5x8SY0yCDABgaBpUChAuyIliOSBwQJIBgAYEBvSpho9C7ShooKhARAAJQvtGQQhgYKYp22FAATgKUQIDASPDNpCIImMwYVgoUm4BPKSSgg2YcEZSH+AwBFhIFAZBEYuQG4lQDIdbYEgHg1mYgpEAW2REhECAEWABJEQQMtoQoGZRtCAC1iBkIkJCgV0gNBQAD3wdLJqZPHIAQS0jIgComjQMKsEI2USaqyBJkFBlkIIGAghheyOGQqIDlB0kYkEAFNgkFgNIS+BIw8ASQMgImDBNUIEAChZAABVIgAQkECNVCJewZpLAYa/QuUCmwaQDRlCgMBECxgwcASpggGgghPUeMbqYBZhuASrkARMAYViEOoct4hBkFhaBWBA9IEBJSjuBAA1yzQpGhgJCiAsUCmMQCgOpDRAoSkSgiFIUJUUFAAANToRoahCCWVGowGlc6gkAIQwKIAAEkapK1SCglInEVnV5LjDKMgyCinbtkgUuIWaCBKiXBZhiREABk0SIZUaVpGclyIMKGwU9rEDNA4VABIAiGjIACdoAQ2dAJkGU+ERjjuhEUCILUUiCAnQFokQKIFUAmEglKMkaQBgEBJNBihkABNrRL4EI6IIM8gRPCCDJFAiA6AjBBEZSwFgMAgsIjURAdQKgSmReAlsnEFVykhjIKMoCgegAkAUAPBpBkOiIaMkigcO0KIEnIwAgJBQAMa/dKqoq4QAdAAIkvAgmkwV0SI0gEQLHShqEBgFwmAotRTmABDkgEUYBBVUC0gCgGiQBkRsWnAiANILgQLAIJEgMilmGAJtEDEEBSnYACQVkGoABCiYMRoMWUJgQIxi1hACZ1ACYZBBiooCEEHFEPYUphDGqwgEZOJkYA8RFAiwBCJkmC2Wqoo1BmFCKiJQC17IKoAKJWHS3BAEwgBoggFCBTxgQxmALAgMERQPJqdK4YgKwgIIAQAwEkQGlh0YGpMImKMCaIgAJDwB2GwKJWjEDAxQkECgkhDgCwgzGgFBAFhGQQwEII6CoDBAQGv1UiIBEJKDWVgagiVg4RKRtZUyEIceEOaASJxgBRdCAAYKO6bhNx7ECY0lR2DAyCAySJyAxbkQDAAAACQGEVAhQZAEgIABlgjR31JrqQAFYhGH0FFmEgk6wmOIBEhLOgAxxwBwAAwRQoVVGLgNSZJGwAZeoYYQBwoWF4QMcEE9YICJAgAmlCKAPiBhJ0AgmORsAJ0dAm7QApBXQANVqYAUVSCIhgAsiShyXqPrRQokGIESmAoAcCC7MAA2EpBQCSIJrNYJRxQQYyLHQyABp4EB0EQIibEAKwAohkHIBEWAkNHADIRzJG0EcWFKnRiMVW3IIUMIAAjJaAEIkqcEGEwOSoDoEApEhpglHFggIEYaFBqwJiAoAiDCAQQFQR0GBBQACDiCQuQSQB5LAjg6SLOQwPACQmPZX0yQEwAgSUApU5j8JZMyBAZdQFEwEZUOAEMQ6gADAbKQZrMwqRcFhxjymQkODXACbQYNyUhCgLEwBIAGTDQRCmpMAQjBIQZQC0MWMAP9QBQIAMhoBBkKAcTwOFh96jDLKAAAQMgaB1hiU0JCoCQKTnKJ2SYHkGhiEpKGAAQgIRAkEQIEgWARxRgFYAmCSpV6Y5EkiEBVJliNhCZQDMkF4OEnQ0IOAhQIhKZ2wzgwGISthpZDcGEZgW9DQEBgADkBojYKAggQJAaBRERQjBiISAIq7EXQEZHVIJNwYhJYAxeAhEASFggaABLgAYEAtknFhkjlAVCFpjWAETlgAZMaQYUFmoQIxiCb1RJRAilsIAggMgwsOSYQfpCRAKHUgggBBQiB1ghIATirm1AlSCEBkiqQaUb6QAVJZMjSJPLIQIQAANQgWjJYgIEHyhlyKUigEAICAIOVgCJIRAQgTmYwAZIk1IyAQJP0ISgQrHmARBDzoxBZuEkAFChggWkzlYIEuFENQcJvFDFEzAY0AIBAwZsQAJ7AyBBDRINisoUIyhoHRL4g0CjB4E2N0MxJA4QQSTkQIrdAgHR1IuaHgIwaDIEo8DsgESkbIQrGyBQCy2HUUqg4sCGEYKAAIh3o0iEBiUExDmALYCDEgg3QsGvByIgg5gKGtCqThRqZYBIcACEJgARHIWGjEJiFcApYAQBoKGxhmIUICbSAAIRGecMCIQgSAAAGKJgEADMJohxccB9gRbABCDLSmQLA1BB+ZmYMCfIJDA0HVEComFTUoUEFlAgBgEaCIdcVWQAlA4aGCE+Iqow0wbgKwiwiQCogBIACgmgO6AA5tBwe6kSprqEERxsahEZgAA4ENCgggTAqCAhlopR+IUdRDKEWReqJRsxnBYU9AfEFhShASAxQBBLIIUCqIgAEKAsBNBBiKUZ9AySOJEAWhiwYtAQikV0gQaF8KFs0BxE8qKAWCBSqAwAQkEIEogAK+gTzGB7IkwAUY+mCAA+pawQSQTU0lsBAiAQpcrFMiCBEJwGQypQCQpYUAAsgxLjQI14FASEUCAY0kwCHQASLGEvAIqEgAAJEjTRBCBC2AWAJIUQhBBVAMRptCGwoaJA5qsPFLSFMTZABI1+Q+okAx6mAQKF9NZFBhARdqouIR0IUUAGMTAEk4KwKiWTBxHmY/GiIME0MUqALWJIApCYIkLTblADGgBRQAjCpgEoSwBMD9AQgoKckBASZAiAiQQkKAVKUC0EmQwoscdAkcEz9VGIM7AJACAGmg1KlETH2BWiCVQ5lC1QC0awUpIChWGKcBTADgoBLEiaA4DIwAVK7j3AgARIgIRMgZuAllIhgQvMJAgxKK2BMFBIShAGgUSsVYlAJqQzEcICYogJQlEGGwjBhAJEdgGCIqGW0BpHZbIAGIkEAaoMi0y2QigkjAWmMECEzkEqAEQzV4s2PpAYhwzLBB+VACaqSdCJUApaozD+UIRxrIIHAAMsiYAnACQHEIECQxkPoEtKCOCMwSUWkFEoQAgVUUSRGkzFEj4EkQGDYpIwBkBAkCYDIRAHUBJIIfOCjYFgeIIwUSEkRoEA4InOioIXLEwQCkPgLgMDUEEQSAgDlEAWkI3WAABN0ACyQIhcwRpQMhVk2oAQBAKOYpWR6AUAAoZABATxWGAUvgICuiCNhwwJmB6ITwcaEirOIAhGiBbqHXukUQROoUCgkm4JI8B40BmBhQ2jFY4qQCwYVAE2aYgVAKBCuCYRuJAlwTQNIBDQrRR0hABHBp5gitMAMgQSaAwAbQBwiQAAuASzQqBAASYQgQIJFiBkRhAINAXhotAJmZWQITHiIhItXwBRAtWDAADIgaDjw0BGwG0acjwgRLzRGRnEGkSQAQQoKEZiGiICjAAyIEFGMAzLiSJERDADAATDsG+gJWYKErADAgckg2waDAIVwEkCgIotIChbjECRsFQEZE4iilNkZrQUQTLD6wMFhwFSEEiXglFVgBwRnJGFBCRVADeAAgEaLADMBCGIxgYYEUFyGeOsjSZ7JQQvogCSU2FeBT9KUMEZBZDy1AhUKMJJIJAOhaWCxFCZBghlRCiGUIFZFIs1UUBrDIARgrDTgEYjWBgDFnBgAiTKQmqiQ2FaKQEB4hoRFIUgegDEANkHhBJgRgBidsFRCIva1rsk8ICJAEIrGRSSaQiPjAgYpIEJUYIQAikYXcCuklQDkEQEtQDUfKDI58ICMAECmARg3AGgligQUIVgsJIfShJBCRYQIQEARZ6CVcGBhIKnJBqEgAkzECDqKFVjyQWQJhIWksYStRk1EQBAuIAR4TCBMdEIAAgQi0PDpFgLEABCKABACkwBACMZUUuTAAIDSIDUlRMAiETIViYlNB8EjAXCGGTwBIFABBYAtIEAjQSqzRioIIW0IpgTKAIgWwwg0ShFAVEAZ4IjADgS0N4iPoBEJVTAAASABNooRkDKAMg8qAAA9wEARgEEyCc+AVQEAV0CKzfBBcMZERGhCYD8zNQQsIsMLgRI9hIIB7SQAECoEY4BHCcIAAB0MzdjYjwqQgDI6H+JENTeBgRQMbqMaociB6KHvuBMFvPRWE0bIUUSBghtmJIAAERACgLMnSDCBAoEiDQMQZZoFLAAAhhF4igEABWCAmAYAEKrmMpIHWRhiDBgEIAohBI6QEDowdtIM2UguVAcZeuiKUhQZRXTQh0bFXECBgFGExBEyEQgGkYNAIB0GRoKQIcJxikkCBRCpgEgIsYpotcHGBbmAAOQYDB8wQQUQCgIQSQ4ovUslgRsDdM0ISQQMACBgAuwMJVJCBAh0KAJhLZFUWaAjB8gLJAGggSgwYSwsg15QRQIgVQADGikMFrEbIUATqhMxAEqIOhkkoZQjq5l2oIp/ghNwEKAIHgRIgDMJoLEQAWBnyWUByeAhGwwOFSbuCCEECQgL2hLAiEUKFWSdIDBIcDSRCUehGgUaMAQIBIBsyQjBY5LmCQkMEEy1dwSHA4kZgARiBLFkbIrqOuKObEACQOYBQCJaAptRCEARwBGiW0IPEO7BEhCQxLXOGAg2QBRjFgjQBxH3ZRBEE4ggIEYJJIQsECiyDy1UgwEScfGoGKEgkzKAKEpgJCgpjLIQMhGAIaUHAuIBggEAMpSTIAzBnggQBYJzowkZ4oJgpAxC2BBL8CuwEREAIoSHCIwQImDwcwyg0lDRAHtiURWEpAga4UiU3iwQo0ERJvARlKhBSAUQgoIsGEFBwABAgQOlGwBRBCgBAEIIIVDgNCH7SCECIBzIBZAyAcESi4ggJQVZEtSEzlGmet7kKZdEBYYS0USg1AqIDMiMATIACVtCbJ+kGCIiECbxAoScoQIoCaAJwADAFIUogiuXCSnJAm+VkgBytCEDVkgA0SZZFhWYETTwhArIkVwiwiNxYIpIokAMDgBxsEmeMRFReERQGJLgiQaAKwYwRQVbAw1cKIuQQw4hgiZOGFgazGhKCAEGqLGhJZEkBiMhlATOpCAQMDI2RyKUcFbEJAZNY4iVKUkggiWHgJtmqA0iEGQoiAiQKZhgyAMmEsAEIQkIkFQhEgGFuElSCtrlYLQiEZABpBEAUKQCD1UPxNBljpgAoAFQESkeBxeQtStIgQQojBIJ0ShIRAGEdA4CUwDI+CrMCCYMgBaCEviCAAQAgTmFIArr8UQJyWBwKTWE0CAMBCUVGRJVgYBFABBZSxEoBHBABSgQUhiIi0EKVAM6rAACkMbhoSNiarZODGtKShiapchMcCBCNGERSFAYlIEOMADEsYQtFAcERNAFoIeznkUFoiBRi9EIIR0wAdwgTBYBhgtZRWCBRGV37KrAIIUsKAaAUCFIqojpJVmLYClamFSThMWIIAtZDGJEEBAvg2IEQRQthFo4BiFohkmEEFgEDGzssCCYK/NAHIQALAQW0AADAMcOZDKAzBBJpACYbqHMpEKDFYBFBnABMCgQhWDEgyBMElASYkblAHwMUSFsWgJAASQE3CQCWACAyjbIAghABZ4aEiFIIMoCISSBsbygEBAQAFFGVBdIJEJOIEshDdjilqSiSRT3gYIDEACDTJBgUsAFZ2TBKBglQGyJAkgfNAYAJAtAQFOADGArjQRUFK0gAEngAImWIwQeCA+sHVDB2VXIhc0OO4KANzs1KQEIFAFJAzBk4cTJrBJMUBY0NFuFMQjRIQgJYwEGA8Z7HAjMYTMKI0CEmoMQMFGMHaO2tjBGySCMCBAiDoEMQaiAEykqtcCijSSJhoYaYbaQK12EAkyQcCA6GDAgnEDKEIzTTbjBxiJqLEMCWeBjSVZ5IQIKrAigAYLCVgoOCCkDbhxAIggAD4T6qDSTAgy0AOIBGmtQhFGBZCBHcABkMAaBBMEkEgIBMDWEsysMA0xKgAtIAhgIgKkCKyApHGacNCELEBAgoHEiyDapMAwgkP5VmZoDAQAEgwBTAhiCNFwiQUoBAio6eUDBDFhoRrIjVAIEsAJIBOaExaCADiRwYcAgw0BUBKbEJhqmSh0EpERQAHyloBQEWpAQFAAFYESXoxEYJBygLrtWQCQgSBAeOZgkQAkEAMM4DDmKAAZEgkYCSECWQJUCCIFSJCiIeIUlkQgECDQiCPAETh3W8HB/zSIyACgoBKC2mRTAbzEIQKAImkgHJAwRlCZ5ANLQgwGHQgSqOREqAilhWmncI4KUAMQAgYFCIzEHy6g6o8AkmIFC+QhCKhGg7MIsGVAQERUBcpshcAKA4gEAwGRtMTMGMqxMhggUOUJXgp4mSMWAmNWghUAEhAk0WCg4CrrGLQFIbkmtiAWlTEBWyASoBsUC5RBo7cBQLjtRG2sWAxmOIwCRdBqIMg4gNOKIitAfvulzhKBJmNwARASgQRERAESAmIjIbyRioQNAYP4YTExphIWY4ASwYTrBECPCJAhFQFCCoIoagRgTSCUWLSQOJjQIAi5sMCAaUSQ1TgQMAAwYDhyqYcoAiFQFNqUeAJRQGlqGiIZQAwBeXDYZIQkYgUxQxCGcoSgqyDcgEJImBEAQlAQACIhwJWQALNIwcD6kAuIAQIOIoAERAOPCaRpR5Bo7AgUIwTkhgQwIAWARHWEWCUEkAWIEGDFjEiHTBFQ4waYYVV2A7gEzAcRk04fmIIYLiKUBNEWBgFBHAZZFVlQzgOWAQDNInDAAGKgBv8kQkgURiCzA4AESJBmhMbQAjjoYE+hBFMNIA4BERJEnFmFSJIEg4VhFCEqEhkYkhmIqBoRoDAUCwIQspUYEEpUaMD+ANoKFArNpOQwgeCBUQTYggiCSBAPmTQIwgohwS03AUpEdnIhOQCA3hgEi7bSCEAkSQaHWJscg4JXMOTSSLKIzgMo+AJAADBhmgSggAyQo0YADRIrVAREGyYkolBYJEQtuNB4gJQCFJQDRGW9UIgFVIJabCnYau0BgEgDDApJQTZ1ULgiCIY4zwnwUYBZWIJQCQTwWFmAAChLmCWCBibghPiCEAAaqIACAIIEEghFA4A+UCHJgcwOkYyCkiUgCAMByGeXYkIgPomnmAYwLCAkkUamKIwCAkIgZBDcE63crDhAJuNIMdpErhkYGYggAZUAAJHehEBoxAIOJJGuQeIA8AiEOJAKQSYsHj1gE4wFqJsSUaG4iJgYiE5oJkCitwAYQMAAdjEAtA6KCUhSEuipAao4IPNQAjwCQQJdBGN0BSppiiGJcxp2mIIjqhogJigAGKBQACCwBIFwxEjKCsMYaQGMQAAeGSoMBKnjhOVgkBKIEvBAASGwgOYREKMI1xBAKwMcV1GmqEQIUIAI4GCkILApUgDEUCIEcgKJgVMgOUENAUQUARD2DCDCCt5CDKiFMgHFAsNe05PASAFSGcRDdMBN8cBcgxsAFHgeASIjGAswlkgBVBARC8mB3w0gygoTaHHIjIo+wgWIEiYh8MkUgpqgQNgOBclTRONKIAEQolVsCXCUAFBQQCOACWBKKg6wc3CGAEgUS4GOxGTRp4mQAYGA1AwOoIFAzCJsExYIICuIBGY4ACQgAEjqb81MQRIAwIUAgqUgOkp5FCTEIyCYDcD6yFEFQUgQmggKAACagBYSNxAGFHaA0ZhCrCDRKEEIEEBCQkCjBoFAMRhHlzAhIdISewL4ACChiUQDMGDDEDIPpxxhIoRjC+EDRKsAAZKYACKGCYC0aQCYVGgnMAxREEQTsDAAkKWxAFWUDk3AdXdAAAVcoUCIUEAsJCQp4RynFyUJVESQBAuQBgoEBCIwLMWAhAyaMAAIeAAlEhVAoL+BRGWgoiQQWdFUMKAAKCRHgMCA0IkSQgfboGACggJN9gpO+apkI0SqUIAogVaA4UxUEtSWOABhCDlAoAgs0hdQC1BwMRgSG2eCUcQSUkdgAIYAagqQRwiYCXABggACCgesgbpHGSEwhCB1OiIx0AIKQwcTSIQFCVCAJ6QQYCIAKBUzIhUgawgcIcFQFMJeyzi9QAEAKREFBjhU1z4jPngwB5UAFBoSDBY3WBEgCgzMiCmgENIDOk2oRgyEmw6UCQggBR6iNKhY3ITAAKUiJETawAFKYkDEAQAMCIYAdjsh1AABgSQgDxUyyJTAXATAA0KFCKiEIwBDCZgtPGwgGlWDobnig+BKBwAKoEAtcTZggkAIayACjkI8hCLp5lsdEcI/kMqECEWkKYOAAAJE0AAhgkSuxrSIACEgSAsAAHBDuCG1SCGUqCR1KICTCJQVZAokiDBJpBIAJAKLEAwZaCEkEiShwCOyJOHWgAFAkccoRgABOB2XAIUykkBvTAqQCIsqATwdATAwPUmsUKCqBBkmaaBkZgNwowgKj8UaAQw4IARRCItBwWILsEZRMYYKYGJABMEkVSUCMwNHBGRIkwwBjh1AiKsgJQgTg65aIyMjoQcZQ4QEIIlOISqhQAdhBFDEQiguQWgooIoAESbAXsKRRQuBQoB2EZMBEkaQCocQgRiIAIgQAAQQsgQIjiqAUBbnybcMAAADRAONAIAGJwEiIiEYCigyEAAoMEVKYiQgQzChHhDjSYBDaGmTI2EiHABGEOIUjSyEjQOhRQUmwFwqQ4quwa4GBQkgqEVwVgBEOEE4GvyUJUTMwUdUYjUFHU/kEiZg4RABCmkBqITN4rhjQlSaBBAITCAIHiIY2IZq0tFg0bPhQgCgYDhCoFAN1wKtEKnFEkUFIDKA2grMUkwUEI4wQRIglyAmg72AoJwkiCDsoEIABECIpCRBEuCJo8gmgMUQ4JkAhQA1C9AZAAMqJKGyWiUIhhzJKAEwAUHmZCwEBEQReig09QBEUKDogJGDRyAgQ28YAqkKDwD1rBoGZHBILEBTQhEYIBAsAkB2RIoQoLCcMKcMAHBkGwohhMYIEhohQpECGB+wLY8SAMQFhwOYAOACByC4AMZHkIDrkwDBC0hIAmRIJGGABQNRQDxDRSJQXZAAQwRjwS7CgAcFBrEIwoBiKlcVghIk0IAUMMGpiBxERtAJBAILTAB4QCJypNPAoCfBCSA10GiYi0KEIEPiSh2QfPlqQlMgd1GS3DB6SMRi5UgFAEkDyCAggLYECikwXIRC5C0GjKNSgEUiQBk8CRhkgCkGPggGeAqIAYggyJaiXU8CAABlFggJETBEBQZG8AaJgQOxG6LoBAYYsAYQAAjCOTUiBg2lSQoQsYqElANgAASoAMoUKBnBVhkiiLGNIMOMGoITGyACDnqUUEgcAnEHgYQsCkcisAKtKH4SqArsBAAegIiAcRBwUMmQOqQBCCgQBMgAHEVCM02KcQgsC3CngYGIAMlQEAmCL4AExE00A0zNUbmiwwSNAIgrHlAk7qaIFWYYFOZZEREUBcAIR1WhWKSkiQgUU5mIAm0AoSKShXQwdQgHcgAFisYYEBAkCwIgswEGNHFlHkCwBEBOSD8IRBVRIhigSNph+ICZQGTIABkACQAEAciOKEN0hogYABC9QGcgY6iPIgEURMmkKssjIywPDaghQQgqIkkCJ4AV4Gh8DQBabpQKFJSgAjDIOwITKggkyXMgBEAIclkRKiBa83alRMcJIJBUGqJwASChCIABINKhAETBiAAigIZ8LASMjQGRZQhsAvoYhQBfAIyxqioFGSAlCCkCLqHCQHFOK1VIBSIQgD9SXhGZAQdaFkElAKSgIgsjECCAURDCeCFIesIWFibgMMCBJImDrhiYXFAAYRYBDmwg5+0hkhABGYxQAQEACIES2BAkRKZHFpCAzrGJAJCtWd14chxAJAAQRXCGhRdSFMADrDIHIIABBQwdIYCowJJKVEGKFGBZge0OWYGAClRiAUhaGggggiiOAAQCfSByEEHBABYAoVABqkYUwSAAEggSOZwICFVnRKkSTwAGAGhAEAAAqACkQaCGBgFVpNVRqBggAAUgBZAEAoJFgCKgiQXUjZXEeQRBMiDBg402TTYGB1OzwdAgBWAPCMusCNHChDE1EUpwMGVUoiAmpkHRC5CQd0ggTaZgELMCgqCJCGAGk7igww0jpqMRaWIBHKzEDUiC0IATAjUQdEDCgBdINxABBlFHzODTgwhAJQHLPCIWYjECXBKIII3y5IAzBARMwOAZDJMKKlQVVZIN5RR4gYICcQJA4mHCYABIUgh7CwhJCkwYgCRFGUBeG4SGjIBDMgQyRBh5gUc4IgPkVA07ISPqmbFWQokAmACdKqIUGgDlQqAXCtrJoAEQTCgxw4QABEQUYiwlVtaowAEAACbAu+BRHBTsRRP6agowBAoBCihxAACghkAIJyAtAtACIDMogeAFBFIXZRKGGIbTALJ28CCJZ10GDlImBgKIEANaWHZgwjKmBEAAASIHAgFBQlxkxBFMdSuAEgyAGaPABgIBBDBJKMRxWGHYBAQEqxAQxINyhyAKIAQBECUG+CKyopgSFAAAoUIIBCQTICwCZShEqRFhIyC5cXMERYXcj0CRJIAInAVEeFEbC4NCIDgM2KSBBBIOExrAC9sGRxNYMWJQVocNoHEAMQAQYVBoEwBWiwFBKQA1CG7DgIsghENEQNQhglsaYLgEZKImACYqETbAChyQyIWjCAoJApBwIx5XUOqIQQAYEMFCIISALBXvMMAMCAhsSQka3gIQWgFAQAAlAZiQAAoAJSChEhfIYEKmEDEwAa4G5BAhwAe+gA5N9JoNwIawdnEoNBDkGqLEgaOAQLIhAgVLYLR0qIAkJUnCdGAECQhkkBhCIZYQBCbyAZEAIFQkC+ka5MQYYxJgGBlVpwg7QYGREaSChgYShkAsAMQZgYipMnEMMugISwIhMSGzoohMBAgQAIlDQbhkHGZUFpwVQnBjUCVBPps7DMQuKJAQ0wVGjh6DrQYImDhvyAuQhIAD1VIhMZIKHAACNGglgzBUCDAZDiqvE68ACCGD6EjA8xQkANSjvA1SMQEJeh3AwAgEEgyEEQ7pxYAlEwGRAAW23FBjEhOwChEVCiIygmypAaICAGoELjCBQ4lEJImxIYFCERuwTCqRFiiCBwRxxB9EJEF0HghAOgYGLkVZdvYi4IERGUgPICzEBcAUEqQBGUIBQETjEIogAYhggwxYAQxAaRhS9NwhSCCgwRQyClAp1g4iGAgAMOoQFktAzCZheIkIhIEQACCIKyAaIpgGhNBlggSYFCCPg5hgEtxJGj4iMYBCZaMwsaAVJACQ8CoQSQkcKAaAd2mAoyylCAiGAdGaiggFlsAOSHkaiDXApp8nQJABQBykgACAdJis4FUgdSQIsIRWQggIRSmRMAMVwEkQml2LRErCVQYSFEiQEYkDqHFgcER9LZyAHKrKUDAzAMIAGJiWSECIJB4QDPESZhzAgGAAbEIwDIQE4rQIAAAIqEA01BEIBFMAgcZhKIc1YEBJUDAX4yMGAa9GACbYvZI/BDkIHZCIoEJAgkIiyVZtBAmyRSYAAgEQmFWkQAb9CLCEGHEmUIBANNRJI4SzIQISwWkLAIGgKaIhQgQwwZKCCETEAEAcAGDgBBVMgClAgCYBGYkxuNtd4ozSiNAVHGBwYAQQAjcEcHaoE4KY+FYkYhkARCBXECA3iNBcCnoFlp0CBAAYoAQIhChlA440hERAREEBrbAaEweh6a5McPChRhHZNGiBQAgQEWgKQXKxEACIkgQXAlQwhCICQarMEmFEBNBhWQN7BhRBRkYCEAUsyIgAEgw6wISMIUCchgAV8pmVgvADwABgsQQARm5IQAAgUTNsB4pARHAhnHCJVFAlqEwU6AVzaQIAEMIcMgiC0AB+tCFgDE4CwRIDQArYZQAYRulEhPoAE4ACwEDwz5HMUjIEocIALKhDBfWpECBJQYnuEggAQUBkFQUAQGNmggAOhCK0IUUHlOMEbGKyJhxicilgHswJFpUGIQNgeJDUCPCCvDygBICckWEOCNOZBEQIvAYAIQAIgogECQvlnYMxiyKCoAGdKiIM1LQxABDShICxIxTKBCkVAVMgzAEMgQDKQScCo6RQMdEQCRgVicqdqrhYMUgE7AKcihsDgAELaR4RkCAUkpEEkEnH6pRDSAAIKFA1ZigrDJPKQQciwogChYoZoAVAgJIIAxKDzKwISAsguAtEhJgWiDEkJDFkAAEBJAwFaAYHAyGxDyjsg0kYEAnQQDoAmEkg6kAIj8pnkIAQUCDRYiSjDEAE4hcmAxBEhYaDcZQCc0BBc4rKgcQQgBCZaJEYsogSRjRDgQsg0hEAIQzcgQR5iYCywkKUFQQLeFTGAAA0iMpcR4JUiUTpY3QpHFqCMREAJOlUyFwCkkgpEdUYEMeAAIAgouQBeH4hAIQQglMRFQQEcG0Ay4kzgqgBQxmmBAT5GtCNJA1QRgyqQdgnoDCAyECFgmSxChgIYCkAQCWDGj2AKSViQNwgiRIlQ1HIfkMEgwwQIITUAMuQEkYEkBKxEgABBJJqKMCAzCQwGRy0B8gIgQhQw9gAUhUJhACiAmiArYZo4CCQQDAmhDYZACGUFI0QUBCRUGSMAZqSUpJ0+An9BqZXUQZAjGUAYCSM2ORBQAgFgCJwC4qoDRgRgMB4CcRdEgjndAgiUkKAQhCQKJgBQNuVaAAJIiQrBBETjCg/BChKlGogxEgshwXyoeA1gEsaAjRSCICCXCEISK8MeKUeYp4hAHjCjEFMDoAMIiA5hnVMTgzUEzoiULYxjBAATsuBvIqM0JqKDAY6RGslGAAAtNLnASUEiAjDOUKCvVZBK0KtBho8fxQSjFCAVDIRbBgANZnocRH1DAAAXDUSAwmFMDgIhggZGIAQUkCIYRDAClgKQYADMgUACDUEgEAUBagvgDDbAIITGEgAU5IUFtraNAgTEKWXADgjKBjgMiEqpxAFWNSAigmgwC0ihoOlTAQMLxAQngKFfII2FMAgBIc5KERAEnItVFoRUIyAEIhoGMIdMV9aAd4BSD7QEQDNIAJBgIFWCiDYaCguCTlIPFIGwAYeASQJAlHANAIgCgjM6SI1ApAhnkgQoAissgkawN8IaIQAYikWA2jxgxIcKMkPJQNAcEAIgAKAAui0KGW5OkACp4hRiEazg5NJEIHAAeUDA4XoxAQIUVEwBxBEAAgpNAEB5wISNiEagoUriyAElNCDKeBElkoKNhIUS0ZCIVJwMgjCMmUNYeARCQqy3wfYIAIUYQHi2B0FAAwTEkSxiqGigDUACARcYgmDAjWA7ggABtY6YJQBQE6bSoIhlCEAxaYAAlDJCOKBihwtSVGMmsATEScSipCClo1GEgIACCNKSdN4AIkU4HQgBZECuZGmMAS1+gIHggqsVgOAtOAlkLnClBBKKcaBWQH6ACgBrCgITIGVaEiBgCAAtcFFgVIlwAIHwtWISAppEGQweDw6uEEDVqjAECQEa7SoLAApwN5lHgPEahgDCGBLAKhMCgAgEqFErZBc0iAStPBJChYAgACQGFcKWDgJAPXIOyALQEFQQBcFUUpoBYAAEE7gvOhcaYKzSgYNRJAIeAKFmANUBigcYI7SrdBA5CBA2EgeEJEWcRKIQM4EVLXEAQ7oEOACOBmBvhEBCCPCYQQwAbIAk4HCBBG2BFhB5xAoynUKwGKARGIVpUMqJRYJYQ6iiAkUQBCgVUICzAEQtoAus1AJz8gwV0WOgWIgGBBsYh4ESAGUGQocEkIMUghDgAAgUoFtkwU0OCE7AgM2EsLwIQEA0IK0xVAQeBIiYacMhLULXACIgAFQCgMEFCo0wxSiAzHAACIBIhCEpcWOGgAqAWJEwApxJCdV2ZyCCAzYAkoBEGqcpAQUeIQZFAIAg8uAYNgIDEE6E0C1DNDhrRCEwBBgg8xQ4FBCyAAKBQEht0jQSBkyJVzESAVAJiDF4opwIRS7GKCklCwwOZAhgkj+UGmQgFlVQQmMI6kAlAF6IBYPHggsFBMIL4QlvAOEALAFBTieKyNlaHIGAA0E4u6ZYASAgUkscxAxKcR7BykKDmLCCgcqwDCNg3UFQnA0aDAoDGBhrDLIgQUF5EgstCQzVEOA4JABhZMiICTMAwACh7EyIorQOyNkBgAKA0EYASGh6MMHBBAYhwIIgwQoOOiZhhwIaEioADQkGPRhQEAgmwCxMG9KAXABqFR3O+xYDSSolcQhDIix4CMwKALBYGChwPARMRBCAESAAwAJRAaBGiqVAFExgHnZDBhEAos3DCCjBpABgcA5jYGAA4vgIERZuIJg48QYrSoZAtFHQkgCqRQ4AMjyKfBl4gagJqAEBgIfCCiAHGAWAggDHBhpVUDJtNVNAQkVIgAQQACBUiAVAsAkIABeBHYAgUc6EAAlDQYEMgGFwFLoVgIABHhZgMQFFDqSmwZAZqSyNNkK0iqBiAqsAwcGJtBOQoBIVkKhZIgKGQFAY4peAWKExiqXSd6M7UgozNiDCCqWCAARt/SIJYAiwVAINNxABg3QIIXNgAUiCAJU4EBQJrpKDJBuSx0XBFIYQogohCQQqQAUidNEBMSYFDUKZKSAUQlAqeBJVZQAOQMgkBISWCSA+MxHGiYQqbAwACFhA4BhXQiEAGWKTwi4ARD5M8TDUIdKQoRChgPK0MpALPAhBBKqJI6qhTAAtJzxl8GCUIl53UQkc7QQAoEEhFAg4CRBhiBEEBEQQZA1kOHQkRWAEBJwAiYB4ITMIOEMDSZi0oFoEoABB8RDReBIiJHgRNgCAQtE0ErMZARkCREjLYWKgDlH0RgClca0SARICQcEpACIKSjJAWCUIKESKQEqGSz5QiVGTcgwjRWPLC5IAEYARqMLYg1ggB4sCAADqCBs5f4QAAGcVIPaATUhAKsYgDLFgEHIFEInrAo6ZwoArQLCCRIAKABYiCfFogiJEHS3whDALkSApBhCCCFXQxYMiBRAbEgBSAgAohKDFLMKAycBiQ7KgbwYkAQYgFAgdQMJJ9gClRCFTcAIgApKIPmxkLDBbCc0CCMAAqZhwpiUEABAAwd8w8ABAwyBPhoJLYILCTEARxMguKWRNJLkmk0QiJoFsAsgMRDmZoAExaCAyZQgRoCaYAJIoLKYIcCMUJUyhAJIMYhZDGAZJgiIAQDGEWAgnCJGiRgAOaSIEFokzgKlqgpBCSSBXnBGMCBsA1FAUkJVigChEgBIKMgWOEIEAwIQpGIxkBVzgRqDHokEoaBonmAZEhSTQwQFQgR/VoAZEgHleAED1hLUghwJAECgYA6Algc6awvhzUmMACVkiYWIpLEiqBEgAKYBgVAIswcQC7wBisQhy2tGMlAGfQcoEQB4JMwoZAxgPoBJFDEga2CgACUgbo4I8ANmDmuwDrMBjYiQLDjUCBKGBwSAYQswcwECUCAIAfoBJoiAApAmkRigQtChMIRguMCIggDooBNBABREAEARQCxWMwUMAaiLCQRUPQ6aCxQh6A4NiilLkgCiLpIEKY0JC0MKHgBYyIoBAhNUySUAAVUAgKQIcruMMEIjjCJHKcKRNQHcFQCBCvBMCPoAJK4IkkQBYGCKHOKoBCkKFSRcyEPB4BbooQInCYiDMwCTFkiQEPCFrUAD0NA7xkYRttYiXNdRU6KIjDwkBlESBgj22gCIUqZqCGiHQ6Q5AAJOTQIgFKESIEQIUEKCynJCFHIQXDGCxYIISqEcIkCJAOMdxLDZeGJ8iRLgaAZKwKZIIkQEJMJJDkKwCdEAQFCKEhjigCmGIEyDpBmnXKIQRBi4DIQwsEoIJogEABBCtgECz1mgQgYMFQGOFECoMAwARARKooFJPCS8FZzDDYLEAHiQQIDJBDgUkAAPISzoAqRJKCmwQICpwAsMIAEAAqYg5KMiMEKIlCCIwYgqLA0iCAVUaAGAAIMKEvkECJCgAkQCEEg4JKQasDmcaSAAk5TAAhYCaxxMIAMssgJTSgQQR7WcEpgGoKSAkGgoFCoQxhBEOgKJSCCCHPshAIVM8GXgaRIZYwiDGwRCAvCIKEQDmgwB0hAgA=
imphash aaa734bdf233e7b6248c47353f08a15f
authentihash -
File type PE32 executable (GUI) Intel 80386, for MS Windows
MIME type application/x-dosexec
First seen 2016-06-27 09:51:35
Size 819200
Known names 9231a123f68106e776bd35a4dfe79be6
TrID - File Identifier
Percentage Type
52.9% (.EXE) Win32 Executable (generic)
23.5% (.EXE) Generic Win/DOS Executable
23.4% (.EXE) DOS Executable Generic
0.0% (.CEL) Autodesk FLIC Image File (extensions: flc, fli, cel)

Auxiliary files

Behavioural packer analysis report

Packer analysis
Complexity type Type VI
Granularity Page
Execution time 662s
Number of processes 2
Number of layers 103
Number of regions 449
Number of upward transitions 26110
Number of downward transitions 28776
Number of multiframe layers 201
Number of processes with interprocess communication 2
Number of regions that call special APIs 14
Last executed region
Process 1
Layer number 100
Region number 4
Address 0xb51df1
Size 44580
Memory type None/Other
Number of API functions called 366709
Number of different APIs called 453
Calls APIs of GetVersion* family? Yes
Calls APIs of GetCommandLine* family? No
Calls APIs of GetModuleHandle* family? Yes
Modified by external process? No
Writes an executed region? Yes
Potential regions with original code
Process Layer number Region number Address Size Memory type Number of API functions called Different APIs called Calls APIs of GetVersion* family? Calls APIs of GetCommandLine* family? Calls APIs of GetModuleHandle* family? Modified by external process? Writes an executed region?
0 99 0 0x466f90 31 Module 0 0 No No No No No
0 99 1 0x46a990 5727 Module 0 0 No No No No No
1 99 0 0x466040 3951 Module 0 0 No No No No No
1 99 1 0x46a990 5727 Module 0 0 No No No No No
1 101 0 0x402516 1177 Module 0 0 No No No Yes No
1 101 1 0x40575c 12940 Module 39 23 No No No Yes No
1 101 2 0x40af48 670 Module 0 0 No No No Yes No
1 101 3 0x40d73e 7478 Module 0 0 No No No Yes No
1 101 4 0x410bf1 4686 Module 1 1 No No No Yes No
1 101 5 0x41bb18 5374 Module 2417 176 Yes No Yes Yes No
1 101 6 0x4223a0 12412 Module 155 33 No No No Yes No
1 101 7 0x426ff0 13050 Module 596 50 No No Yes Yes No
1 101 8 0x42bd20 25 Module 0 0 No No No Yes No
1 101 9 0x42dbf0 587 Module 6 5 No No No Yes No
1 101 10 0x4302e0 4913 Module 1650 98 No No No Yes No
1 101 11 0x4341d0 812 Module 4 2 No No No Yes No
1 101 12 0x435590 13910 Module 162 22 No No No Yes No
1 101 13 0x43a66a 7054 Module 11 3 No No No Yes No
1 101 14 0x43d880 156 Module 4175 69 No No No Yes No
1 101 15 0x44141c 585 Module 7 7 No No No Yes No
1 101 16 0x442bc1 125 Module 0 0 No No No Yes No
1 101 17 0x444e59 7068 Module 5115 82 No No No Yes No
Remote memory writes


Type Source address Dest. address Source process Dest. process Size
MemWrite 0xba010c 0x15a010c 0 1 4
MemWrite 0xbb0010 0x3c0010 1 0 4
MemWrite 0xba0110 0x15a0110 0 1 4
MemWrite 0xba0104 0x15a0104 0 1 4
MemWrite 0xbb001c 0x3c001c 1 0 4
MemWrite 0xbb0018 0x3c0018 1 0 4
MemWrite 0xba011c 0x15a011c 0 1 4
MemWrite 0xba0114 0x15a0114 0 1 4
MemWrite 0xbb0008 0x3c0008 1 0 4
MemWrite 0xba0120 0x15a0120 0 1 4
MemWrite 0xbb000c 0x3c000c 1 0 4
MemWrite 0xba0108 0x15a0108 0 1 4
MemWrite 0xba0118 0x15a0118 0 1 4
MemWrite 0xbb0014 0x3c0014 1 0 4
Type Source address Dest. address Source process Dest. process Size
NtWriteVirtualMemory - 0x427000 0 1 4096
NtWriteVirtualMemory - 0x410000 0 1 4096
NtWriteVirtualMemory - 0x426000 0 1 4096
NtWriteVirtualMemory - 0x411000 0 1 4096
NtWriteVirtualMemory - 0x445000 0 1 4096
NtWriteVirtualMemory - 0x424000 0 1 4096
NtWriteVirtualMemory - 0x423000 0 1 4096
NtWriteVirtualMemory - 0x402000 0 1 4096
NtWriteVirtualMemory - 0x441000 0 1 4096
NtWriteVirtualMemory - 0x41b000 0 1 4096
NtWriteVirtualMemory - 0x41d000 0 1 4096
NtWriteVirtualMemory - 0x20000 0 1 1716
NtWriteVirtualMemory - 0x43d000 0 1 4096
NtWriteVirtualMemory - 0x41c000 0 1 4096
NtWriteVirtualMemory - 0x442000 0 1 4096
NtWriteVirtualMemory - 0x43b000 0 1 4096
NtWriteVirtualMemory - 0x10000 0 1 1974
NtWriteVirtualMemory - 0x425000 0 1 4096
NtWriteVirtualMemory - 0x43a000 0 1 4096
NtWriteVirtualMemory - 0x40f000 0 1 4096
NtWriteVirtualMemory - 0x7ffd81e8 0 1 4
NtWriteVirtualMemory - 0x438000 0 1 4096
NtWriteVirtualMemory - 0x42b000 0 1 4096
NtWriteVirtualMemory - 0x437000 0 1 4096
NtWriteVirtualMemory - 0x406000 0 1 4096
NtWriteVirtualMemory - 0x436000 0 1 4096
NtWriteVirtualMemory - 0x435000 0 1 4096
NtWriteVirtualMemory - 0x446000 0 1 4096
NtWriteVirtualMemory - 0x434000 0 1 4096
NtWriteVirtualMemory - 0x43c000 0 1 4096
NtWriteVirtualMemory - 0x408000 0 1 4096
NtWriteVirtualMemory - 0x422000 0 1 4096
NtWriteVirtualMemory - 0x431000 0 1 4096
NtWriteVirtualMemory - 0x430000 0 1 4096
NtWriteVirtualMemory - 0x4b3000 0 1 2
NtWriteVirtualMemory - 0x7ffd8010 0 1 4
NtWriteVirtualMemory - 0x444000 0 1 4096
NtWriteVirtualMemory - 0x40e000 0 1 4096
NtWriteVirtualMemory - 0x42d000 0 1 4096
NtWriteVirtualMemory - 0x3afffc 0 1 4
NtWriteVirtualMemory - 0x405000 0 1 4096
NtWriteVirtualMemory - 0x40b000 0 1 4096
NtWriteVirtualMemory - 0x407000 0 1 4096
NtWriteVirtualMemory - 0x42a000 0 1 4096
NtWriteVirtualMemory - 0x40a000 0 1 4096
NtWriteVirtualMemory - 0x429000 0 1 4096
NtWriteVirtualMemory - 0x428000 0 1 4096
NtWriteVirtualMemory - 0x40d000 0 1 4096
Type Source address Dest. address Source process Dest. process Size
Memory unmap|deallocate - 0xca4000 1 1 135168
Memory unmap|deallocate - 0xc84000 1 1 126976
Memory unmap|deallocate - 0xd30000 1 1 475136
Memory unmap|deallocate - 0xbe1000 1 1 36864
Memory unmap|deallocate - 0xca4000 1 1 126976
Memory unmap|deallocate - 0xd11000 1 1 131072
Memory unmap|deallocate - 0xd27000 1 1 36864
Memory unmap|deallocate - 0x3f0000 0 0 4096
Memory unmap|deallocate - 0xca4000 1 1 65536
Memory unmap|deallocate - 0xca4000 1 1 139264
Memory unmap|deallocate - 0xa41000 1 1 36864
Memory unmap|deallocate - 0xd11000 1 1 135168
Memory unmap|deallocate - 0xa41000 1 1 294912
Memory unmap|deallocate - 0xa89000 1 1 167936
Memory unmap|deallocate - 0xbe1000 1 1 61440
Memory unmap|deallocate - 0xd31000 1 1 139264
Memory unmap|deallocate - 0xd11000 1 1 90112
Memory unmap|deallocate - 0xc84000 1 1 311296
Memory unmap|deallocate - 0xda4000 1 1 73728
Memory unmap|deallocate - 0xcb4000 1 1 73728
Type Source address Dest. address Source process Dest. process Size
NtReadVirtualMemory - 0x12df70 1 0 4
NtReadVirtualMemory - 0x145be0 1 0 4096
NtReadVirtualMemory - 0x3a6180 1 0 91
NtReadVirtualMemory - 0x12df74 1 0 520
NtReadVirtualMemory - 0x12d3b4 1 0 4
NtReadVirtualMemory - 0x12ce74 1 0 256
NtReadVirtualMemory - 0x4cb4a4 1 0 2
NtReadVirtualMemory - 0x3a4c38 1 0 4096
Type Source address Dest. address Source process Dest. process Size
Shared memory map - 0xbb0000 0 1 4096
Shared memory map - 0xba0000 1 0 262144
Shared memory map - 0xb90000 1 0 4096
Loaded modules
By PID Start address Size Name
736 0x400000 1421312 9231a123f68106e776bd35a4dfe79be6
724 0x400000 1421312 9231a123f68106e776bd35a4dfe79be6
736 0x77c90000 204800 activeds.dll
736 0x76dd0000 151552 adsldpc.dll
736 0x77da0000 704512 advapi32.dll
724 0x77da0000 704512 advapi32.dll
736 0x76ae0000 69632 atl.dll
736 0x58c30000 630784 comctl32.dll
736 0x76360000 303104 comdlg32.dll
736 0x77ef0000 299008 gdi32.dll
724 0x77ef0000 299008 gdi32.dll
736 0x66b90000 45056 inetmib1.dll
736 0x7c800000 1060864 kernel32.dll
724 0x7c800000 1060864 kernel32.dll
736 0x76d00000 98304 mprapi.dll
736 0x746b0000 311296 msctf.dll
724 0x746b0000 311296 msctf.dll
736 0x733a0000 1388544 msvbvm60.dll
736 0x77be0000 360448 msvcrt.dll
724 0x77be0000 360448 msvcrt.dll
736 0x597f0000 348160 netapi32.dll
736 0x7c910000 741376 ntdll.dll
724 0x7c910000 741376 ntdll.dll
736 0x774b0000 1298432 ole32.dll
736 0x770f0000 569344 oleaut32.dll
736 0x7e1e0000 139264 oledlg.dll
736 0x74dc0000 446464 riched20.dll
736 0x73260000 20480 riched32.dll
736 0x77e50000 598016 rpcrt4.dll
724 0x77e50000 598016 rpcrt4.dll
736 0x76e40000 57344 rtutils.dll
736 0x71b90000 77824 samlib.dll
736 0x77fc0000 69632 secur32.dll
724 0x77fc0000 69632 secur32.dll
736 0x778f0000 1011712 setupapi.dll
736 0x7e6a0000 8523776 shell32.dll
736 0x77f40000 483328 shlwapi.dll
736 0x71f00000 32768 snmpapi.dll
736 0x7e390000 593920 user32.dll
724 0x7e390000 593920 user32.dll
736 0x5b150000 229376 uxtheme.dll
724 0x5b150000 229376 uxtheme.dll
736 0x76b00000 188416 winmm.dll
736 0x72f80000 155648 winspool.drv
736 0x71a30000 94208 ws2_32.dll
736 0x71a50000 40960 wsock32.dll

Layers and regions

Summary
Layer Size Number of regions Number of frames Lowest address Highest address
0 379 KB 1 0 0x4b3000 0x4b3000
1 716 KB 2 3 0x4b310a 0x4bcae7
2 2786 KB 2 3 0x4b3238 0x4bc68d
3 5526 KB 2 10 0x4b3560 0x4bc550
4 374 KB 2 2 0x4b4a66 0x4bc4ae
5 417 KB 2 2 0x4b4b4e 0x4bc40c
6 351 KB 2 2 0x4b4c61 0x4bc368
7 407 KB 2 2 0x4b4d30 0x4bc2c6
8 366 KB 2 2 0x4b4e39 0x4bc222
9 405 KB 2 2 0x4b4f17 0x4bc17e
10 312 KB 2 2 0x4b501c 0x4bc0dc
11 356 KB 2 2 0x4b50c6 0x4bc039
12 408 KB 2 2 0x4b519b 0x4bbf96
13 365 KB 2 2 0x4b52a4 0x4bbef3
14 364 KB 2 2 0x4b5382 0x4bbe51
15 403 KB 2 2 0x4b5460 0x4bbdaf
16 312 KB 2 2 0x4b5565 0x4bbd0d
17 355 KB 2 2 0x4b560f 0x4bbc6b
18 407 KB 2 2 0x4b56e4 0x4bbbc9
19 370 KB 2 2 0x4b57ed 0x4bbb27
20 376 KB 2 2 0x4b58d1 0x4bba83
21 419 KB 2 2 0x4b59b9 0x4bb9df
22 351 KB 2 2 0x4b5acc 0x4bb93b
23 407 KB 2 2 0x4b5b9b 0x4bb899
24 366 KB 2 2 0x4b5ca4 0x4bb7f5
25 404 KB 2 2 0x4b5d82 0x4bb752
26 314 KB 2 2 0x4b5e87 0x4bb6ae
27 357 KB 2 2 0x4b5f31 0x4bb60a
28 409 KB 2 2 0x4b6006 0x4bb566
29 365 KB 2 2 0x4b610f 0x4bb4c3
30 364 KB 2 2 0x4b61ed 0x4bb421
31 404 KB 2 2 0x4b62cb 0x4bb37e
32 312 KB 2 2 0x4b63d0 0x4bb2dc
33 357 KB 2 2 0x4b647a 0x4bb238
34 407 KB 2 2 0x4b654f 0x4bb196
35 371 KB 2 2 0x4b6658 0x4bb0f3
36 374 KB 2 2 0x4b673c 0x4bb051
37 417 KB 2 2 0x4b6824 0x4bafaf
38 557 KB 2 2 0x4b6937 0x4baf58
39 215 KB 2 2 0x4b6b0d 0x4baf02
40 257 KB 2 2 0x4b6b8e 0x4baead
41 191 KB 2 2 0x4b6c3a 0x4bae56
42 247 KB 2 2 0x4b6ca2 0x4bae01
43 204 KB 2 2 0x4b6d44 0x4badac
44 243 KB 2 2 0x4b6dbb 0x4bad57
45 153 KB 2 2 0x4b6e59 0x4bad01
46 195 KB 2 2 0x4b6e9c 0x4bacac
47 249 KB 2 2 0x4b6f0a 0x4bac55
48 204 KB 2 2 0x4b6fac 0x4bac00
49 205 KB 2 2 0x4b7023 0x4babaa
50 243 KB 2 2 0x4b709a 0x4bab55
51 152 KB 2 2 0x4b7138 0x4bab00
52 195 KB 2 2 0x4b717b 0x4baaab
53 248 KB 2 2 0x4b71e9 0x4baa55
54 211 KB 2 2 0x4b728b 0x4ba9ff
55 214 KB 2 2 0x4b7308 0x4ba9aa
56 257 KB 2 2 0x4b7389 0x4ba955
57 189 KB 2 2 0x4b7435 0x4ba900
58 248 KB 2 2 0x4b749d 0x4ba8aa
59 206 KB 2 2 0x4b753f 0x4ba853
60 243 KB 2 2 0x4b75b6 0x4ba7fe
61 153 KB 2 2 0x4b7654 0x4ba7a8
62 195 KB 2 2 0x4b7697 0x4ba753
63 247 KB 2 2 0x4b7705 0x4ba6fe
64 206 KB 2 2 0x4b77a7 0x4ba6a7
65 205 KB 2 2 0x4b781e 0x4ba651
66 245 KB 2 2 0x4b7895 0x4ba5fa
67 152 KB 2 2 0x4b7933 0x4ba5a5
68 197 KB 2 2 0x4b7976 0x4ba54e
69 247 KB 2 2 0x4b79e4 0x4ba4f9
70 210 KB 2 2 0x4b7a86 0x4ba4a4
71 214 KB 2 2 0x4b7b03 0x4ba44f
72 259 KB 2 2 0x4b7b84 0x4ba3f8
73 189 KB 2 2 0x4b7c30 0x4ba3a3
74 247 KB 2 2 0x4b7c98 0x4ba34e
75 206 KB 2 2 0x4b7d3a 0x4ba2f7
76 245 KB 2 2 0x4b7db1 0x4ba2a0
77 153 KB 2 2 0x4b7e4f 0x4ba24a
78 197 KB 2 2 0x4b7e92 0x4ba1f3
79 247 KB 2 2 0x4b7f00 0x4ba19e
80 204 KB 2 2 0x4b7fa2 0x4ba149
81 204 KB 2 2 0x4b8019 0x4ba0f4
82 243 KB 2 2 0x4b8090 0x4ba09f
83 152 KB 2 2 0x4b812e 0x4ba04a
84 197 KB 2 2 0x4b8171 0x4b9ff3
85 247 KB 2 2 0x4b81df 0x4b9f9e
86 210 KB 2 2 0x4b8281 0x4b9f49
87 216 KB 2 2 0x4b82fe 0x4b9ef2
88 259 KB 2 2 0x4b837f 0x4b9e9b
89 191 KB 2 2 0x4b842b 0x4b9e44
90 247 KB 2 2 0x4b8493 0x4b9def
91 205 KB 2 2 0x4b8535 0x4b9d99
92 243 KB 2 2 0x4b85ac 0x4b9d44
93 152 KB 2 2 0x4b864a 0x4b9cef
94 195 KB 2 2 0x4b868d 0x4b9c9a
95 249 KB 2 2 0x4b86fb 0x4b9c43
96 205 KB 2 2 0x4b879d 0x4b9bed
97 204 KB 2 2 0x4b8814 0x4b9b98
98 4220 KB 1 1 0x4b888b 0x4b888b
99 71282 KB 9 12 0x466f90 0x4b8b77
100 211962 KB 12 13 0x4b3000 0x185aaf1
101 139925 KB 23 106 0x402516 0xb65403
102 50424 KB 4 4 0xb56427 0x185ab09
API calls
Layer Number of API calls
  0 0
  Region number Address space Number of API calls
  0 0x4b3000-0x4b317b 0
DLL Function/s
  We couldn't retrieve the functions. -
1 12
  Region number Address space Number of API calls
0 0x4b310a-0x4b3238 12
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
  1 0x4bcae7-0x4bcc85 0
DLL Function/s
  We couldn't retrieve the functions. -
  2 0
  Region number Address space Number of API calls
  0 0x4b3238-0x4b3798 0
DLL Function/s
  We couldn't retrieve the functions. -
  1 0x4bc68d-0x4bcc0f 0
DLL Function/s
  We couldn't retrieve the functions. -
3 186
  Region number Address space Number of API calls
0 0x4b3560-0x4b4a66 162
DLL Function/s
ntdll.dll
  1. _stricmp
  2. bsearch
  3. KiFastSystemCall
  4. KiFastSystemCallRet
  5. KiUserExceptionDispatcher
  6. LdrEnumerateLoadedModules
  7. LdrGetProcedureAddress
  8. LdrLoadDll
  9. LdrLockLoaderLock
  10. LdrUnlockLoaderLock
  11. memmove
  12. RtlAcquirePebLock
  13. RtlAllocateHeap
  14. RtlAnsiStringToUnicodeString
  15. RtlDetermineDosPathNameType_U
  16. RtlDosApplyFileIsolationRedirection_Ustr
  17. RtlDosPathNameToNtPathName_U
  18. RtlEnterCriticalSection
  19. RtlEqualUnicodeString
  20. RtlFindActivationContextSectionString
  21. RtlFindCharInUnicodeString
  22. RtlFreeHeap
  23. RtlFreeUnicodeString
  24. RtlGetNtGlobalFlags
  25. RtlHashUnicodeString
  26. RtlImageDirectoryEntryToData
  27. RtlImageNtHeader
  28. RtlInitAnsiString
  29. RtlInitString
  30. RtlInitUnicodeString
  31. RtlInitUnicodeStringEx
  32. RtlIsDosDeviceName_U
  33. RtlLeaveCriticalSection
  34. RtlMultiByteToUnicodeN
  35. RtlNtStatusToDosError
  36. RtlNtStatusToDosErrorNoTeb
  37. RtlQueryEnvironmentVariable_U
  38. RtlReleasePebLock
  39. RtlTryEnterCriticalSection
  40. RtlUpcaseUnicodeChar
  41. RtlValidateUnicodeString
  42. wcschr
  43. wcslen
  44. wcsncmp
  45. wcsrchr
  46. ZwClose
  47. ZwContinue
  48. ZwCreateFile
  49. ZwOpenKey
  50. ZwQueryInformationProcess
  51. ZwQueryValueKey
KERNEL32.DLL
  1. CreateFileA
  2. CreateFileW
  3. GetProcAddress
  4. InterlockedCompareExchange
  5. LoadLibraryA
  6. LoadLibraryExA
  7. LoadLibraryExW
1 0x4bc550-0x4bc5e0 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
4 24
  Region number Address space Number of API calls
  0 0x4b4a66-0x4b4b4e 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bc4ae-0x4bc53c 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
5 24
  Region number Address space Number of API calls
  0 0x4b4b4e-0x4b4c61 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bc40c-0x4bc49a 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
6 24
  Region number Address space Number of API calls
  0 0x4b4c61-0x4b4d30 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bc368-0x4bc3f8 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
7 24
  Region number Address space Number of API calls
  0 0x4b4d30-0x4b4e39 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bc2c6-0x4bc354 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
8 24
  Region number Address space Number of API calls
  0 0x4b4e39-0x4b4f17 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bc222-0x4bc2b2 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
9 24
  Region number Address space Number of API calls
  0 0x4b4f17-0x4b501c 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bc17e-0x4bc20e 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
10 24
  Region number Address space Number of API calls
  0 0x4b501c-0x4b50c6 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bc0dc-0x4bc16a 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
11 24
  Region number Address space Number of API calls
  0 0x4b50c6-0x4b519b 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bc039-0x4bc0c8 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
12 24
  Region number Address space Number of API calls
  0 0x4b519b-0x4b52a4 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bbf96-0x4bc025 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
13 24
  Region number Address space Number of API calls
  0 0x4b52a4-0x4b5382 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bbef3-0x4bbf82 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
14 24
  Region number Address space Number of API calls
  0 0x4b5382-0x4b5460 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bbe51-0x4bbedf 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
15 24
  Region number Address space Number of API calls
  0 0x4b5460-0x4b5565 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bbdaf-0x4bbe3d 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
16 24
  Region number Address space Number of API calls
  0 0x4b5565-0x4b560f 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bbd0d-0x4bbd9b 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
17 24
  Region number Address space Number of API calls
  0 0x4b560f-0x4b56e4 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bbc6b-0x4bbcf9 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
18 24
  Region number Address space Number of API calls
  0 0x4b56e4-0x4b57ed 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bbbc9-0x4bbc57 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
19 24
  Region number Address space Number of API calls
  0 0x4b57ed-0x4b58d1 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bbb27-0x4bbbb5 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
20 24
  Region number Address space Number of API calls
  0 0x4b58d1-0x4b59b9 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bba83-0x4bbb13 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
21 24
  Region number Address space Number of API calls
  0 0x4b59b9-0x4b5acc 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb9df-0x4bba6f 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
22 24
  Region number Address space Number of API calls
  0 0x4b5acc-0x4b5b9b 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb93b-0x4bb9cb 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
23 24
  Region number Address space Number of API calls
  0 0x4b5b9b-0x4b5ca4 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb899-0x4bb927 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
24 24
  Region number Address space Number of API calls
  0 0x4b5ca4-0x4b5d82 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb7f5-0x4bb885 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
25 24
  Region number Address space Number of API calls
  0 0x4b5d82-0x4b5e87 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb752-0x4bb7e1 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
26 24
  Region number Address space Number of API calls
  0 0x4b5e87-0x4b5f31 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb6ae-0x4bb73e 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
27 24
  Region number Address space Number of API calls
  0 0x4b5f31-0x4b6006 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb60a-0x4bb69a 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
28 24
  Region number Address space Number of API calls
  0 0x4b6006-0x4b610f 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb566-0x4bb5f6 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
29 24
  Region number Address space Number of API calls
  0 0x4b610f-0x4b61ed 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb4c3-0x4bb552 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
30 24
  Region number Address space Number of API calls
  0 0x4b61ed-0x4b62cb 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb421-0x4bb4af 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
31 24
  Region number Address space Number of API calls
  0 0x4b62cb-0x4b63d0 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb37e-0x4bb40d 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
32 24
  Region number Address space Number of API calls
  0 0x4b63d0-0x4b647a 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb2dc-0x4bb36a 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
33 24
  Region number Address space Number of API calls
  0 0x4b647a-0x4b654f 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb238-0x4bb2c8 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
34 24
  Region number Address space Number of API calls
  0 0x4b654f-0x4b6658 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb196-0x4bb224 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
35 24
  Region number Address space Number of API calls
  0 0x4b6658-0x4b673c 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb0f3-0x4bb182 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
36 24
  Region number Address space Number of API calls
  0 0x4b673c-0x4b6824 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bb051-0x4bb0df 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
37 24
  Region number Address space Number of API calls
  0 0x4b6824-0x4b6937 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bafaf-0x4bb03d 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
38 36
  Region number Address space Number of API calls
0 0x4b6937-0x4b6b0d 12
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
1 0x4baf58-0x4bafaf 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
39 24
  Region number Address space Number of API calls
  0 0x4b6b0d-0x4b6b8e 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4baf02-0x4baf58 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
40 24
  Region number Address space Number of API calls
  0 0x4b6b8e-0x4b6c3a 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4baead-0x4baf02 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
41 24
  Region number Address space Number of API calls
  0 0x4b6c3a-0x4b6ca2 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bae56-0x4baead 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
42 24
  Region number Address space Number of API calls
  0 0x4b6ca2-0x4b6d44 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bae01-0x4bae56 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
43 24
  Region number Address space Number of API calls
  0 0x4b6d44-0x4b6dbb 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4badac-0x4bae01 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
44 24
  Region number Address space Number of API calls
  0 0x4b6dbb-0x4b6e59 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bad57-0x4badac 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
45 24
  Region number Address space Number of API calls
  0 0x4b6e59-0x4b6e9c 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bad01-0x4bad57 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
46 24
  Region number Address space Number of API calls
  0 0x4b6e9c-0x4b6f0a 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bacac-0x4bad01 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
47 24
  Region number Address space Number of API calls
  0 0x4b6f0a-0x4b6fac 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bac55-0x4bacac 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
48 24
  Region number Address space Number of API calls
  0 0x4b6fac-0x4b7023 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bac00-0x4bac55 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
49 24
  Region number Address space Number of API calls
  0 0x4b7023-0x4b709a 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4babaa-0x4bac00 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
50 24
  Region number Address space Number of API calls
  0 0x4b709a-0x4b7138 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bab55-0x4babaa 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
51 24
  Region number Address space Number of API calls
  0 0x4b7138-0x4b717b 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4bab00-0x4bab55 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
52 24
  Region number Address space Number of API calls
  0 0x4b717b-0x4b71e9 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4baaab-0x4bab00 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
53 24
  Region number Address space Number of API calls
  0 0x4b71e9-0x4b728b 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4baa55-0x4baaab 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
54 24
  Region number Address space Number of API calls
  0 0x4b728b-0x4b7308 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba9ff-0x4baa55 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
55 24
  Region number Address space Number of API calls
  0 0x4b7308-0x4b7389 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba9aa-0x4ba9ff 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
56 24
  Region number Address space Number of API calls
  0 0x4b7389-0x4b7435 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba955-0x4ba9aa 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
57 24
  Region number Address space Number of API calls
  0 0x4b7435-0x4b749d 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba900-0x4ba955 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
58 24
  Region number Address space Number of API calls
  0 0x4b749d-0x4b753f 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba8aa-0x4ba900 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
59 24
  Region number Address space Number of API calls
  0 0x4b753f-0x4b75b6 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba853-0x4ba8aa 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
60 24
  Region number Address space Number of API calls
  0 0x4b75b6-0x4b7654 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba7fe-0x4ba853 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
61 24
  Region number Address space Number of API calls
  0 0x4b7654-0x4b7697 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba7a8-0x4ba7fe 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
62 24
  Region number Address space Number of API calls
  0 0x4b7697-0x4b7705 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba753-0x4ba7a8 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
63 24
  Region number Address space Number of API calls
  0 0x4b7705-0x4b77a7 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba6fe-0x4ba753 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
64 24
  Region number Address space Number of API calls
  0 0x4b77a7-0x4b781e 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba6a7-0x4ba6fe 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
65 24
  Region number Address space Number of API calls
  0 0x4b781e-0x4b7895 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba651-0x4ba6a7 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
66 24
  Region number Address space Number of API calls
  0 0x4b7895-0x4b7933 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba5fa-0x4ba651 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
67 24
  Region number Address space Number of API calls
  0 0x4b7933-0x4b7976 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba5a5-0x4ba5fa 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
68 24
  Region number Address space Number of API calls
  0 0x4b7976-0x4b79e4 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba54e-0x4ba5a5 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
69 24
  Region number Address space Number of API calls
  0 0x4b79e4-0x4b7a86 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba4f9-0x4ba54e 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
70 24
  Region number Address space Number of API calls
  0 0x4b7a86-0x4b7b03 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba4a4-0x4ba4f9 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
71 24
  Region number Address space Number of API calls
  0 0x4b7b03-0x4b7b84 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba44f-0x4ba4a4 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
72 24
  Region number Address space Number of API calls
  0 0x4b7b84-0x4b7c30 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba3f8-0x4ba44f 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
73 24
  Region number Address space Number of API calls
  0 0x4b7c30-0x4b7c98 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba3a3-0x4ba3f8 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
74 24
  Region number Address space Number of API calls
  0 0x4b7c98-0x4b7d3a 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba34e-0x4ba3a3 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
75 24
  Region number Address space Number of API calls
  0 0x4b7d3a-0x4b7db1 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba2f7-0x4ba34e 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
76 24
  Region number Address space Number of API calls
  0 0x4b7db1-0x4b7e4f 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba2a0-0x4ba2f7 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
77 24
  Region number Address space Number of API calls
  0 0x4b7e4f-0x4b7e92 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba24a-0x4ba2a0 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
78 24
  Region number Address space Number of API calls
  0 0x4b7e92-0x4b7f00 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba1f3-0x4ba24a 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
79 24
  Region number Address space Number of API calls
  0 0x4b7f00-0x4b7fa2 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba19e-0x4ba1f3 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
80 24
  Region number Address space Number of API calls
  0 0x4b7fa2-0x4b8019 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba149-0x4ba19e 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
81 24
  Region number Address space Number of API calls
  0 0x4b8019-0x4b8090 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba0f4-0x4ba149 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
82 24
  Region number Address space Number of API calls
  0 0x4b8090-0x4b812e 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba09f-0x4ba0f4 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
83 24
  Region number Address space Number of API calls
  0 0x4b812e-0x4b8171 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4ba04a-0x4ba09f 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
84 24
  Region number Address space Number of API calls
  0 0x4b8171-0x4b81df 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9ff3-0x4ba04a 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
85 24
  Region number Address space Number of API calls
  0 0x4b81df-0x4b8281 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9f9e-0x4b9ff3 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
86 24
  Region number Address space Number of API calls
  0 0x4b8281-0x4b82fe 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9f49-0x4b9f9e 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
87 24
  Region number Address space Number of API calls
  0 0x4b82fe-0x4b837f 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9ef2-0x4b9f49 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
88 24
  Region number Address space Number of API calls
  0 0x4b837f-0x4b842b 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9e9b-0x4b9ef2 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
89 24
  Region number Address space Number of API calls
  0 0x4b842b-0x4b8493 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9e44-0x4b9e9b 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
90 24
  Region number Address space Number of API calls
  0 0x4b8493-0x4b8535 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9def-0x4b9e44 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
91 24
  Region number Address space Number of API calls
  0 0x4b8535-0x4b85ac 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9d99-0x4b9def 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
92 24
  Region number Address space Number of API calls
  0 0x4b85ac-0x4b864a 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9d44-0x4b9d99 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
93 24
  Region number Address space Number of API calls
  0 0x4b864a-0x4b868d 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9cef-0x4b9d44 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
94 24
  Region number Address space Number of API calls
  0 0x4b868d-0x4b86fb 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9c9a-0x4b9cef 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
95 24
  Region number Address space Number of API calls
  0 0x4b86fb-0x4b879d 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9c43-0x4b9c9a 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
96 24
  Region number Address space Number of API calls
  0 0x4b879d-0x4b8814 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9bed-0x4b9c43 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
97 24
  Region number Address space Number of API calls
  0 0x4b8814-0x4b888b 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x4b9b98-0x4b9bed 24
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
98 25
  Region number Address space Number of API calls
0 0x4b888b-0x4b9907 25
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwContinue
  9. ZwQueryInformationProcess
KERNEL32.DLL
  1. GetVersion
99 40894
  Region number Address space Number of API calls
  0 0x466f90-0x466faf 0
DLL Function/s
  We couldn't retrieve the functions. -
  1 0x46a990-0x46bfef 0
DLL Function/s
  We couldn't retrieve the functions. -
2 0x488200-0x4886c5 139
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. LdrLockLoaderLock
  4. LdrUnlockLoaderLock
  5. memmove
  6. RtlAcquirePebLock
  7. RtlAllocateHeap
  8. RtlDeleteCriticalSection
  9. RtlDetermineDosPathNameType_U
  10. RtlDosPathNameToNtPathName_U
  11. RtlEnterCriticalSection
  12. RtlFreeHeap
  13. RtlGetNtGlobalFlags
  14. RtlGetNtProductType
  15. RtlGetVersion
  16. RtlInitializeCriticalSection
  17. RtlInitializeCriticalSectionAndSpinCount
  18. RtlInitUnicodeString
  19. RtlInitUnicodeStringEx
  20. RtlLeaveCriticalSection
  21. RtlLogStackBackTrace
  22. RtlReleasePebLock
  23. RtlUnicodeStringToAnsiString
  24. RtlUnicodeToMultiByteN
  25. RtlUpcaseUnicodeChar
  26. wcslen
  27. wcsncpy
  28. ZwClose
  29. ZwOpenFile
  30. ZwQueryAttributesFile
  31. ZwQueryDirectoryFile
  32. ZwQueryInformationProcess
  33. ZwSetInformationProcess
KERNEL32.DLL
  1. FindClose
  2. FindFirstFileExW
  3. FindFirstFileW
  4. GetCurrentProcessId
  5. GetFileAttributesW
  6. GetModuleFileNameW
  7. GetShortPathNameW
  8. GetVersionExA
  9. GetVersionExW
  10. InitializeCriticalSection
  11. SetErrorMode
  3 0x489862-0x489960 0
DLL Function/s
  We couldn't retrieve the functions. -
4 0x48aec3-0x495194 40516
DLL Function/s
KERNEL32.DLL
  1. BaseCheckAppcompatCache
  2. BaseInitAppcompatCache
  3. BasepCheckWinSaferRestrictions
  4. CloseHandle
  5. CompareStringA
  6. CompareStringW
  7. ContinueDebugEvent
  8. CreateFileMappingA
  9. CreateFileMappingW
  10. CreateMutexA
  11. CreateMutexW
  12. CreateProcessInternalW
  13. CreateProcessW
  14. CreateRemoteThread
  15. CreateThread
  16. DebugActiveProcess
  17. DisableThreadLibraryCalls
  18. DuplicateHandle
  19. FindResourceExW
  20. FreeEnvironmentStringsW
  21. FreeLibrary
  22. GetACP
  23. GetCommandLineA
  24. GetCommandLineW
  25. GetCPInfo
  26. GetCurrentProcess
  27. GetCurrentProcessId
  28. GetCurrentThread
  29. GetCurrentThreadId
  30. GetEnvironmentStringsW
  31. GetEnvironmentVariableA
  32. GetExitCodeProcess
  33. GetFileAttributesW
  34. GetFileSizeEx
  35. GetFileType
  36. GetFullPathNameA
  37. GetFullPathNameW
  38. GetLocaleInfoA
  39. GetLocaleInfoW
  40. GetLongPathNameW
  41. GetModuleFileNameA
  42. GetModuleFileNameW
  43. GetModuleHandleA
  44. GetModuleHandleW
  45. GetProcAddress
  46. GetProcessHeap
  47. GetStartupInfoA
  48. GetStartupInfoW
  49. GetStdHandle
  50. GetStringTypeW
  51. GetSystemDirectoryA
  52. GetSystemTimeAsFileTime
  53. GetSystemWindowsDirectoryW
  54. GetThreadContext
  55. GetThreadLocale
  56. GetTickCount
  57. GetUserDefaultUILanguage
  58. GetVersionExA
  59. GetVersionExW
  60. GetWindowsDirectoryW
  61. GlobalAlloc
  62. GlobalFree
  63. HeapCreate
  64. InitializeCriticalSection
  65. InitializeCriticalSectionAndSpinCount
  66. InterlockedDecrement
  67. InterlockedExchange
  68. InterlockedIncrement
  69. IsBadReadPtr
  70. IsBadStringPtrW
  71. IsBadWritePtr
  72. IsDebuggerPresent
  73. IsValidCodePage
  74. LCMapStringW
  75. LoadLibraryA
  76. LoadLibraryExA
  77. LoadLibraryExW
  78. LoadLibraryW
  79. LoadResource
  80. LocalAlloc
  81. LocalFree
  82. lstrcmpA
  83. lstrcpynA
  84. lstrlenA
  85. lstrlenW
  86. MapViewOfFile
  87. MapViewOfFileEx
  88. MulDiv
  89. MultiByteToWideChar
  90. OpenFileMappingA
  91. OpenFileMappingW
  92. OpenMutexA
  93. OpenMutexW
  94. OutputDebugStringA
  95. RaiseException
  96. ReadProcessMemory
  97. ReleaseMutex
  98. ResumeThread
  99. SetEnvironmentVariableA
  100. SetErrorMode
  101. SetHandleCount
  102. SetThreadPriority
  103. SetUnhandledExceptionFilter
  104. Sleep
  105. SleepEx
  106. SuspendThread
  107. TlsAlloc
  108. TlsGetValue
  109. TlsSetValue
  110. UnmapViewOfFile
  111. VerifyConsoleIoHandle
  112. VirtualProtectEx
  113. VirtualQuery
  114. VirtualQueryEx
  115. WaitForDebugEvent
  116. WaitForSingleObject
  117. WaitForSingleObjectEx
  118. WideCharToMultiByte
  119. WriteProcessMemory
ADVAPI32.dll
  1. CheckTokenMembership
  2. ConvertSidToStringSidA
  3. ConvertSidToStringSidW
  4. CreateWellKnownSid
  5. DuplicateToken
  6. DuplicateTokenEx
  7. GetSidLengthRequired
  8. GetTokenInformation
  9. OpenProcessToken
  10. RegCloseKey
  11. RegOpenCurrentUser
  12. RegOpenKeyExA
  13. RegOpenKeyExW
  14. RegQueryValueExA
  15. RegQueryValueExW
  16. SaferCloseLevel
  17. SaferComputeTokenFromLevel
  18. SaferIdentifyLevel
ntdll.dll
  1. _allshl
  2. _stricmp
  3. _strnicmp
  4. _vsnprintf
  5. _wcsicmp
  6. bsearch
  7. CsrClientCallServer
  8. CsrNewThread
  9. DbgPrint
  10. DbgPrintEx
  11. DbgUiConnectToDbg
  12. DbgUiContinue
  13. DbgUiConvertStateChangeStructure
  14. DbgUiDebugActiveProcess
  15. DbgUiIssueRemoteBreakin
  16. DbgUiWaitStateChange
  17. KiFastSystemCall
  18. KiFastSystemCallRet
  19. KiUserApcDispatcher
  20. KiUserCallbackDispatcher
  21. KiUserExceptionDispatcher
  22. LdrAccessResource
  23. LdrAlternateResourcesEnabled
  24. LdrCreateOutOfProcessImage
  25. LdrDestroyOutOfProcessImage
  26. LdrDisableThreadCalloutsForDll
  27. LdrFindCreateProcessManifest
  28. LdrFindResource_U
  29. LdrFindResourceDirectory_U
  30. LdrGetDllHandle
  31. LdrGetDllHandleEx
  32. LdrGetProcedureAddress
  33. LdrInitializeThunk
  34. LdrLoadAlternateResourceModule
  35. LdrLoadDll
  36. LdrLockLoaderLock
  37. LdrQueryImageFileExecutionOptions
  38. LdrUnloadDll
  39. LdrUnlockLoaderLock
  40. memmove
  41. RtlAcquirePebLock
  42. RtlAcquireResourceExclusive
  43. RtlActivateActivationContextUnsafeFast
  44. RtlAddAccessAllowedAce
  45. RtlAddRefActivationContext
  46. RtlAllocateAndInitializeSid
  47. RtlAllocateHandle
  48. RtlAllocateHeap
  49. RtlAnsiStringToUnicodeString
  50. RtlAppendUnicodeStringToString
  51. RtlAppendUnicodeToString
  52. RtlCompareUnicodeString
  53. RtlConvertSidToUnicodeString
  54. RtlCopySid
  55. RtlCopyUnicodeString
  56. RtlCreateAcl
  57. RtlCreateHeap
  58. RtlCreateProcessParameters
  59. RtlCreateSecurityDescriptor
  60. RtlCreateUnicodeString
  61. RtlCreateUnicodeStringFromAsciiz
  62. RtlCreateUserThread
  63. RtlDeactivateActivationContextUnsafeFast
  64. RtlDecodePointer
  65. RtlDeNormalizeProcessParams
  66. RtlDestroyProcessParameters
  67. RtlDetermineDosPathNameType_U
  68. RtlDosApplyFileIsolationRedirection_Ustr
  69. RtlDosPathNameToNtPathName_U
  70. RtlDosSearchPath_U
  71. RtlDuplicateUnicodeString
  72. RtlEncodePointer
  73. RtlEnterCriticalSection
  74. RtlEnumerateGenericTableWithoutSplaying
  75. RtlEqualSid
  76. RtlEqualUnicodeString
  77. RtlExpandEnvironmentStrings_U
  78. RtlFindActivationContextSectionString
  79. RtlFindCharInUnicodeString
  80. RtlFindClearBits
  81. RtlFindClearBitsAndSet
  82. RtlFirstFreeAce
  83. RtlFormatCurrentUserKeyPath
  84. RtlFreeHandle
  85. RtlFreeHeap
  86. RtlFreeSid
  87. RtlFreeUnicodeString
  88. RtlGetActiveActivationContext
  89. RtlGetFullPathName_U
  90. RtlGetLastWin32Error
  91. RtlGetNtGlobalFlags
  92. RtlGetNtProductType
  93. RtlGetNtVersionNumbers
  94. RtlGetVersion
  95. RtlGUIDFromString
  96. RtlHashUnicodeString
  97. RtlImageDirectoryEntryToData
  98. RtlImageNtHeader
  99. RtlInitAnsiString
  100. RtlInitializeContext
  101. RtlInitializeCriticalSection
  102. RtlInitializeCriticalSectionAndSpinCount
  103. RtlInitializeGenericTable
  104. RtlInitializeHandleTable
  105. RtlInitializeResource
  106. RtlInitializeSid
  107. RtlInitString
  108. RtlInitUnicodeString
  109. RtlInitUnicodeStringEx
  110. RtlInsertElementGenericTable
  111. RtlIntegerToChar
  112. RtlIntegerToUnicodeString
  113. RtlIsGenericTableEmpty
  114. RtlIsValidHandle
  115. RtlIsValidIndexHandle
  116. RtlLeaveCriticalSection
  117. RtlLengthRequiredSid
  118. RtlLengthSid
  119. RtlLogStackBackTrace
  120. RtlLookupElementGenericTable
  121. RtlMultiAppendUnicodeStringBuffer
  122. RtlMultiByteToUnicodeN
  123. RtlNtStatusToDosError
  124. RtlNtStatusToDosErrorNoTeb
  125. RtlOpenCurrentUser
  126. RtlpEnsureBufferSize
  127. RtlPrefixUnicodeString
  128. RtlQueryEnvironmentVariable_U
  129. RtlQueryInformationActivationContext
  130. RtlQueryInformationActiveActivationContext
  131. RtlRaiseException
  132. RtlReAllocateHeap
  133. RtlRealSuccessor
  134. RtlReleasePebLock
  135. RtlReleaseResource
  136. RtlSetBits
  137. RtlSetDaclSecurityDescriptor
  138. RtlSetEnvironmentVariable
  139. RtlSetGroupSecurityDescriptor
  140. RtlSetLastWin32Error
  141. RtlSetOwnerSecurityDescriptor
  142. RtlSplay
  143. RtlSubAuthoritySid
  144. RtlTryEnterCriticalSection
  145. RtlUnicodeStringToAnsiString
  146. RtlUnicodeToMultiByteN
  147. RtlUnicodeToMultiByteSize
  148. RtlUnwind
  149. RtlUpcaseUnicodeChar
  150. RtlValidAcl
  151. RtlValidateUnicodeString
  152. RtlValidSid
  153. strchr
  154. strncmp
  155. vDbgPrintExWithPrefix
  156. wcscat
  157. wcschr
  158. wcscpy
  159. wcslen
  160. wcsncmp
  161. wcsncpy
  162. wcsrchr
  163. wcsstr
  164. ZwAccessCheck
  165. ZwAllocateVirtualMemory
  166. ZwCallbackReturn
  167. ZwClose
  168. ZwConnectPort
  169. ZwContinue
  170. ZwCreateDebugObject
  171. ZwCreateMutant
  172. ZwCreateProcessEx
  173. ZwCreateSection
  174. ZwCreateSemaphore
  175. ZwCreateThread
  176. ZwDebugActiveProcess
  177. ZwDebugContinue
  178. ZwDelayExecution
  179. ZwDuplicateObject
  180. ZwDuplicateToken
  181. ZwEnumerateKey
  182. ZwFlushInstructionCache
  183. ZwFreeVirtualMemory
  184. ZwGetContextThread
  185. ZwMapViewOfSection
  186. ZwOpenDirectoryObject
  187. ZwOpenFile
  188. ZwOpenKey
  189. ZwOpenMutant
  190. ZwOpenProcess
  191. ZwOpenProcessToken
  192. ZwOpenProcessTokenEx
  193. ZwOpenSection
  194. ZwOpenSymbolicLinkObject
  195. ZwOpenThread
  196. ZwOpenThreadToken
  197. ZwOpenThreadTokenEx
  198. ZwProtectVirtualMemory
  199. ZwQueryAttributesFile
  200. ZwQueryDebugFilterState
  201. ZwQueryDefaultLocale
  202. ZwQueryDefaultUILanguage
  203. ZwQueryEvent
  204. ZwQueryInformationFile
  205. ZwQueryInformationJobObject
  206. ZwQueryInformationProcess
  207. ZwQueryInformationThread
  208. ZwQueryInformationToken
  209. ZwQueryInstallUILanguage
  210. ZwQuerySection
  211. ZwQuerySymbolicLinkObject
  212. ZwQuerySystemInformation
  213. ZwQueryValueKey
  214. ZwQueryVirtualMemory
  215. ZwQueryVolumeInformationFile
  216. ZwRaiseException
  217. ZwReadVirtualMemory
  218. ZwRegisterThreadTerminatePort
  219. ZwReleaseMutant
  220. ZwRequestWaitReplyPort
  221. ZwResumeThread
  222. ZwSetInformationObject
  223. ZwSetInformationProcess
  224. ZwSetInformationThread
  225. ZwSuspendThread
  226. ZwTestAlert
  227. ZwUnmapViewOfSection
  228. ZwWaitForDebugEvent
  229. ZwWaitForSingleObject
  230. ZwWriteVirtualMemory
USER32.DLL
  1. CallNextHookEx
  2. CharNextW
  3. ClientThreadSetup
  4. CreateWindowExA
  5. DefWindowProcA
  6. DispatchMessageA
  7. GetAncestor
  8. GetAppCompatFlags2
  9. GetClassLongW
  10. GetClassNameW
  11. GetGUIThreadInfo
  12. GetKeyboardLayout
  13. GetMessageA
  14. GetProcessWindowStation
  15. GetPropW
  16. GetSystemMetrics
  17. GetThreadDesktop
  18. GetUserObjectInformationA
  19. GetUserObjectInformationW
  20. GetWindow
  21. GetWindowDC
  22. GetWindowInfo
  23. GetWindowLongW
  24. GetWindowRect
  25. GetWindowRgnBox
  26. GetWindowThreadProcessId
  27. IsWindow
  28. LoadCursorA
  29. LoadCursorW
  30. MapWindowPoints
  31. RegisterClassA
  32. RegisterClassExA
  33. RegisterWindowMessageA
  34. ReleaseDC
  35. RemovePropW
  36. SetPropW
  37. SetTimer
  38. SetWindowPos
  39. SetWindowsHookExA
  40. TranslateMessage
  41. TranslateMessageEx
  42. WaitForInputIdle
  43. WCSToMBEx
5 0x49812a-0x498305 5
DLL Function/s
ntdll.dll
  1. KiFastSystemCallRet
6 0x49f266-0x4a1b07 190
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. LdrLockLoaderLock
  4. LdrUnlockLoaderLock
  5. memmove
  6. RtlAcquirePebLock
  7. RtlAllocateHeap
  8. RtlCreateHeap
  9. RtlEnterCriticalSection
  10. RtlExtendedMagicDivide
  11. RtlFreeHeap
  12. RtlFreeUnicodeString
  13. RtlGetNtGlobalFlags
  14. RtlGetNtProductType
  15. RtlGetVersion
  16. RtlInitUnicodeString
  17. RtlLeaveCriticalSection
  18. RtlNtStatusToDosError
  19. RtlNtStatusToDosErrorNoTeb
  20. RtlReleasePebLock
  21. RtlTimeToTimeFields
  22. RtlUnicodeStringToAnsiString
  23. RtlUnicodeToMultiByteN
  24. wcslen
  25. wcsncpy
  26. ZwAllocateVirtualMemory
  27. ZwQuerySystemInformation
KERNEL32.DLL
  1. FreeEnvironmentStringsW
  2. GetCommandLineA
  3. GetEnvironmentStringsW
  4. GetFileType
  5. GetLocalTime
  6. GetModuleFileNameA
  7. GetModuleFileNameW
  8. GetModuleHandleA
  9. GetStartupInfoA
  10. GetStdHandle
  11. GetSystemTime
  12. GetTimeZoneInformation
  13. GetVersion
  14. GetVersionExA
  15. GetVersionExW
  16. HeapCreate
  17. SetHandleCount
  18. VerifyConsoleIoHandle
  19. WideCharToMultiByte
7 0x4a3158-0x4a544d 44
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. memmove
  4. RtlEnterCriticalSection
  5. RtlInitUnicodeString
  6. RtlLeaveCriticalSection
  7. ZwClose
  8. ZwMapViewOfSection
  9. ZwOpenSection
  10. ZwQuerySystemInformation
KERNEL32.DLL
  1. CompareStringW
  2. GetACP
  3. GetCPInfo
  4. GetStringTypeW
  5. GetTimeZoneInformation
  6. LCMapStringW
  7. MultiByteToWideChar
  8. WideCharToMultiByte
  8 0x4b8b77-0x4b9566 0
DLL Function/s
  We couldn't retrieve the functions. -
100 427456
  Region number Address space Number of API calls
  0 0x4b3000-0x4b3006 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0xb41000-0xb46a38 33199