Malicious
Classifications
Injector Downloader
Threat Names
SmokeLoader Mal/Generic-S Mal/HTMLGen-A
Dynamic Analysis Report
Created on 2022-08-03T18:21:47+00:00
80f503f4fd7e84b614fc5a50888629178996402d10e245193136c0aee909b87b.exe
Windows Exe (x86-32)
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "13 minutes, 55 seconds" to "3 seconds" to reveal dormant functionality.
Remarks
(0x0200004A): 11 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 130 MB.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\80f503f4fd7e84b614fc5a50888629178996402d10e245193136c0aee909b87b.exe | Sample File | Binary |
Malicious
|
...
|
»
| Also Known As |
C:\Users\RDhJ0CNFevzX\AppData\Roaming\bcatcih (Accessed File)
|
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 182.00 KB |
| MD5 |
c9948059cdc5e0aef9c193d605c7f659
|
| SHA1 |
0c00b2242c86487e305d53aea8894100bda41035
|
| SHA256 |
80f503f4fd7e84b614fc5a50888629178996402d10e245193136c0aee909b87b
|
| SSDeep |
3072:O1CItAzXunlpY2Tw4gST76X9JfIruFeKQvd4xlYCjwm3Y:OgSllDwNS/6X9OihQvqb8m
|
| ImpHash |
19d26450af6fae284e6a28f691d90382
|
File Reputation Information
»
| Verdict |
Malicious
|
| Names | Mal/Generic-S |
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x00416767 |
| Size Of Code | 0x00022C00 |
| Size Of Initialized Data | 0x02094200 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2022-01-05 09:45 (UTC+1) |
Version Information (3)
»
| FileVersions | 48.90.12.34 |
| Copyrighz | Copyright (C) 2022, pozkarte |
| ProjectVersion | 82.79.7.9 |
Sections (3)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00401000 | 0x00022B40 | 0x00022C00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.43 |
| .data | 0x00424000 | 0x02083AD0 | 0x00003000 | 0x00023000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.75 |
| .rsrc | 0x024A8000 | 0x00007650 | 0x00007800 | 0x00026000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.26 |
Imports (2)
»
KERNEL32.dll (114)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FoldStringA | - | 0x00401000 | 0x000230A8 | 0x000224A8 | 0x0000015B |
| GetLocalTime | - | 0x00401004 | 0x000230AC | 0x000224AC | 0x00000203 |
| InterlockedDecrement | - | 0x00401008 | 0x000230B0 | 0x000224B0 | 0x000002EB |
| GetLocaleInfoA | - | 0x0040100C | 0x000230B4 | 0x000224B4 | 0x00000204 |
| InterlockedCompareExchange | - | 0x00401010 | 0x000230B8 | 0x000224B8 | 0x000002E9 |
| _hwrite | - | 0x00401014 | 0x000230BC | 0x000224BC | 0x00000536 |
| CancelWaitableTimer | - | 0x00401018 | 0x000230C0 | 0x000224C0 | 0x00000047 |
| GetSystemDirectoryA | - | 0x0040101C | 0x000230C4 | 0x000224C4 | 0x0000026F |
| CreateEventW | - | 0x00401020 | 0x000230C8 | 0x000224C8 | 0x00000085 |
| ReadConsoleA | - | 0x00401024 | 0x000230CC | 0x000224CC | 0x000003B4 |
| VerifyVersionInfoA | - | 0x00401028 | 0x000230D0 | 0x000224D0 | 0x000004E7 |
| BuildCommDCBA | - | 0x0040102C | 0x000230D4 | 0x000224D4 | 0x0000003A |
| GetConsoleAliasExesLengthA | - | 0x00401030 | 0x000230D8 | 0x000224D8 | 0x00000192 |
| SetSystemTimeAdjustment | - | 0x00401034 | 0x000230DC | 0x000224DC | 0x0000048C |
| PeekConsoleInputA | - | 0x00401038 | 0x000230E0 | 0x000224E0 | 0x0000038B |
| EnumDateFormatsA | - | 0x0040103C | 0x000230E4 | 0x000224E4 | 0x000000F4 |
| CreateFileW | - | 0x00401040 | 0x000230E8 | 0x000224E8 | 0x0000008F |
| RegisterWaitForSingleObjectEx | - | 0x00401044 | 0x000230EC | 0x000224EC | 0x000003F6 |
| LoadLibraryA | - | 0x00401048 | 0x000230F0 | 0x000224F0 | 0x0000033C |
| WaitNamedPipeA | - | 0x0040104C | 0x000230F4 | 0x000224F4 | 0x000004FF |
| GetEnvironmentStrings | - | 0x00401050 | 0x000230F8 | 0x000224F8 | 0x000001D8 |
| FindResourceExA | - | 0x00401054 | 0x000230FC | 0x000224FC | 0x0000014C |
| VirtualProtect | - | 0x00401058 | 0x00023100 | 0x00022500 | 0x000004EF |
| GetFirmwareEnvironmentVariableW | - | 0x0040105C | 0x00023104 | 0x00022504 | 0x000001F7 |
| GetModuleFileNameW | - | 0x00401060 | 0x00023108 | 0x00022508 | 0x00000214 |
| BeginUpdateResourceW | - | 0x00401064 | 0x0002310C | 0x0002250C | 0x00000038 |
| EnumCalendarInfoExW | - | 0x00401068 | 0x00023110 | 0x00022510 | 0x000000F2 |
| WriteConsoleOutputCharacterW | - | 0x0040106C | 0x00023114 | 0x00022514 | 0x00000522 |
| WriteConsoleA | - | 0x00401070 | 0x00023118 | 0x00022518 | 0x0000051A |
| LoadLibraryW | - | 0x00401074 | 0x0002311C | 0x0002251C | 0x0000033F |
| DeleteFileW | - | 0x00401078 | 0x00023120 | 0x00022520 | 0x000000D6 |
| LocalAlloc | - | 0x0040107C | 0x00023124 | 0x00022524 | 0x00000344 |
| GetProcAddress | - | 0x00401080 | 0x00023128 | 0x00022528 | 0x00000245 |
| GetModuleHandleW | - | 0x00401084 | 0x0002312C | 0x0002252C | 0x00000218 |
| GetUserDefaultLCID | - | 0x00401088 | 0x00023130 | 0x00022530 | 0x0000029B |
| FindFirstChangeNotificationW | - | 0x0040108C | 0x00023134 | 0x00022534 | 0x00000131 |
| HeapUnlock | - | 0x00401090 | 0x00023138 | 0x00022538 | 0x000002D6 |
| GetCalendarInfoW | - | 0x00401094 | 0x0002313C | 0x0002253C | 0x0000017B |
| SetConsoleTitleA | - | 0x00401098 | 0x00023140 | 0x00022540 | 0x00000447 |
| GetBinaryTypeW | - | 0x0040109C | 0x00023144 | 0x00022544 | 0x00000171 |
| GetComputerNameExA | - | 0x004010A0 | 0x00023148 | 0x00022548 | 0x0000018D |
| FindNextFileA | - | 0x004010A4 | 0x0002314C | 0x0002254C | 0x00000143 |
| OpenJobObjectA | - | 0x004010A8 | 0x00023150 | 0x00022550 | 0x0000037A |
| HeapValidate | - | 0x004010AC | 0x00023154 | 0x00022554 | 0x000002D7 |
| _lclose | - | 0x004010B0 | 0x00023158 | 0x00022558 | 0x00000537 |
| GetComputerNameW | - | 0x004010B4 | 0x0002315C | 0x0002255C | 0x0000018F |
| SetFileShortNameW | - | 0x004010B8 | 0x00023160 | 0x00022560 | 0x00000469 |
| TlsSetValue | - | 0x004010BC | 0x00023164 | 0x00022564 | 0x000004C8 |
| SetCalendarInfoW | - | 0x004010C0 | 0x00023168 | 0x00022568 | 0x0000041F |
| SetComputerNameW | - | 0x004010C4 | 0x0002316C | 0x0002256C | 0x0000042A |
| CreateDirectoryExA | - | 0x004010C8 | 0x00023170 | 0x00022570 | 0x0000007D |
| InitializeCriticalSectionAndSpinCount | - | 0x004010CC | 0x00023174 | 0x00022574 | 0x000002E3 |
| FindFirstChangeNotificationA | - | 0x004010D0 | 0x00023178 | 0x00022578 | 0x00000130 |
| GetVolumePathNameW | - | 0x004010D4 | 0x0002317C | 0x0002257C | 0x000002AB |
| GetProcessHandleCount | - | 0x004010D8 | 0x00023180 | 0x00022580 | 0x00000249 |
| GetThreadLocale | - | 0x004010DC | 0x00023184 | 0x00022584 | 0x0000028C |
| GetSystemDefaultLangID | - | 0x004010E0 | 0x00023188 | 0x00022588 | 0x0000026C |
| GetCurrentProcess | - | 0x004010E4 | 0x0002318C | 0x0002258C | 0x000001C0 |
| ReadFile | - | 0x004010E8 | 0x00023190 | 0x00022590 | 0x000003C0 |
| GetStringTypeW | - | 0x004010EC | 0x00023194 | 0x00022594 | 0x00000269 |
| HeapSize | - | 0x004010F0 | 0x00023198 | 0x00022598 | 0x000002D4 |
| GetDiskFreeSpaceA | - | 0x004010F4 | 0x0002319C | 0x0002259C | 0x000001CC |
| HeapReAlloc | - | 0x004010F8 | 0x000231A0 | 0x000225A0 | 0x000002D2 |
| RaiseException | - | 0x004010FC | 0x000231A4 | 0x000225A4 | 0x000003B1 |
| RtlUnwind | - | 0x00401100 | 0x000231A8 | 0x000225A8 | 0x00000418 |
| MultiByteToWideChar | - | 0x00401104 | 0x000231AC | 0x000225AC | 0x00000367 |
| GetCommandLineW | - | 0x00401108 | 0x000231B0 | 0x000225B0 | 0x00000187 |
| HeapSetInformation | - | 0x0040110C | 0x000231B4 | 0x000225B4 | 0x000002D3 |
| GetStartupInfoW | - | 0x00401110 | 0x000231B8 | 0x000225B8 | 0x00000263 |
| EncodePointer | - | 0x00401114 | 0x000231BC | 0x000225BC | 0x000000EA |
| HeapAlloc | - | 0x00401118 | 0x000231C0 | 0x000225C0 | 0x000002CB |
| GetLastError | - | 0x0040111C | 0x000231C4 | 0x000225C4 | 0x00000202 |
| HeapFree | - | 0x00401120 | 0x000231C8 | 0x000225C8 | 0x000002CF |
| IsProcessorFeaturePresent | - | 0x00401124 | 0x000231CC | 0x000225CC | 0x00000304 |
| SetFilePointer | - | 0x00401128 | 0x000231D0 | 0x000225D0 | 0x00000466 |
| EnterCriticalSection | - | 0x0040112C | 0x000231D4 | 0x000225D4 | 0x000000EE |
| LeaveCriticalSection | - | 0x00401130 | 0x000231D8 | 0x000225D8 | 0x00000339 |
| UnhandledExceptionFilter | - | 0x00401134 | 0x000231DC | 0x000225DC | 0x000004D3 |
| SetUnhandledExceptionFilter | - | 0x00401138 | 0x000231E0 | 0x000225E0 | 0x000004A5 |
| IsDebuggerPresent | - | 0x0040113C | 0x000231E4 | 0x000225E4 | 0x00000300 |
| DecodePointer | - | 0x00401140 | 0x000231E8 | 0x000225E8 | 0x000000CA |
| TerminateProcess | - | 0x00401144 | 0x000231EC | 0x000225EC | 0x000004C0 |
| TlsAlloc | - | 0x00401148 | 0x000231F0 | 0x000225F0 | 0x000004C5 |
| TlsGetValue | - | 0x0040114C | 0x000231F4 | 0x000225F4 | 0x000004C7 |
| TlsFree | - | 0x00401150 | 0x000231F8 | 0x000225F8 | 0x000004C6 |
| InterlockedIncrement | - | 0x00401154 | 0x000231FC | 0x000225FC | 0x000002EF |
| SetLastError | - | 0x00401158 | 0x00023200 | 0x00022600 | 0x00000473 |
| GetCurrentThreadId | - | 0x0040115C | 0x00023204 | 0x00022604 | 0x000001C5 |
| ExitProcess | - | 0x00401160 | 0x00023208 | 0x00022608 | 0x00000119 |
| GetCPInfo | - | 0x00401164 | 0x0002320C | 0x0002260C | 0x00000172 |
| GetACP | - | 0x00401168 | 0x00023210 | 0x00022610 | 0x00000168 |
| GetOEMCP | - | 0x0040116C | 0x00023214 | 0x00022614 | 0x00000237 |
| IsValidCodePage | - | 0x00401170 | 0x00023218 | 0x00022618 | 0x0000030A |
| CloseHandle | - | 0x00401174 | 0x0002321C | 0x0002261C | 0x00000052 |
| WriteFile | - | 0x00401178 | 0x00023220 | 0x00022620 | 0x00000525 |
| GetStdHandle | - | 0x0040117C | 0x00023224 | 0x00022624 | 0x00000264 |
| FreeEnvironmentStringsW | - | 0x00401180 | 0x00023228 | 0x00022628 | 0x00000161 |
| GetEnvironmentStringsW | - | 0x00401184 | 0x0002322C | 0x0002262C | 0x000001DA |
| SetHandleCount | - | 0x00401188 | 0x00023230 | 0x00022630 | 0x0000046F |
| GetFileType | - | 0x0040118C | 0x00023234 | 0x00022634 | 0x000001F3 |
| DeleteCriticalSection | - | 0x00401190 | 0x00023238 | 0x00022638 | 0x000000D1 |
| HeapCreate | - | 0x00401194 | 0x0002323C | 0x0002263C | 0x000002CD |
| QueryPerformanceCounter | - | 0x00401198 | 0x00023240 | 0x00022640 | 0x000003A7 |
| GetTickCount | - | 0x0040119C | 0x00023244 | 0x00022644 | 0x00000293 |
| GetCurrentProcessId | - | 0x004011A0 | 0x00023248 | 0x00022648 | 0x000001C1 |
| GetSystemTimeAsFileTime | - | 0x004011A4 | 0x0002324C | 0x0002264C | 0x00000279 |
| SetStdHandle | - | 0x004011A8 | 0x00023250 | 0x00022650 | 0x00000487 |
| WideCharToMultiByte | - | 0x004011AC | 0x00023254 | 0x00022654 | 0x00000511 |
| GetConsoleCP | - | 0x004011B0 | 0x00023258 | 0x00022658 | 0x0000019A |
| GetConsoleMode | - | 0x004011B4 | 0x0002325C | 0x0002265C | 0x000001AC |
| FlushFileBuffers | - | 0x004011B8 | 0x00023260 | 0x00022660 | 0x00000157 |
| Sleep | - | 0x004011BC | 0x00023264 | 0x00022664 | 0x000004B2 |
| LCMapStringW | - | 0x004011C0 | 0x00023268 | 0x00022668 | 0x0000032D |
| WriteConsoleW | - | 0x004011C4 | 0x0002326C | 0x0002266C | 0x00000524 |
USER32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ClientToScreen | - | 0x004011CC | 0x00023274 | 0x00022674 | 0x00000047 |
Memory Dumps (12)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buffer | 1 | 0x02751F48 | 0x02761697 | First Execution |
|
32-bit | 0x02755C20 |
|
...
|
| buffer | 1 | 0x02580000 | 0x02588FFF | First Execution |
|
32-bit | 0x02580000 |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | First Execution |
|
32-bit | 0x00402DD8 |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x00401140 |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x00401849 |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x00402B9F |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Process Termination |
|
32-bit | - |
|
...
|
| buffer | 2 | 0x005F0000 | 0x005F5FFF | Process Termination |
|
32-bit | - |
|
...
|
| buffer | 6 | 0x025D1C28 | 0x025E1377 | First Execution |
|
32-bit | 0x025D5900 |
|
...
|
| buffer | 6 | 0x001C0000 | 0x001C8FFF | First Execution |
|
32-bit | 0x001C0000 |
|
...
|
| buffer | 10 | 0x00400000 | 0x00408FFF | First Execution |
|
32-bit | 0x00402DD8 |
|
...
|
| buffer | 10 | 0x00400000 | 0x00408FFF | Final Dump |
|
32-bit | - |
|
...
|
| C:\Users\RDHJ0C~1\AppData\Local\Temp\311B.exe | Dropped File | Binary |
Clean
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 4.47 MB |
| MD5 |
050fe4bb1732af8d3b24738ead641ccd
|
| SHA1 |
0d6e6d164b78f10daa3c006dcdd01c4e7632b41f
|
| SHA256 |
2193ac16d10f2a4c968fde0ae2d654258c073d731641b7c13cb688f5fea2c515
|
| SSDeep |
98304:um9RMVQDheoeaUuZDqpY9782DnZbAIGNkmfJDV:39vDo3uZbdnJYX
|
| ImpHash |
9b553a1c56fe0540e7546ebd7629aeae
|
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x004B826B |
| Size Of Code | 0x002E4A00 |
| Size Of Initialized Data | 0x0016F000 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2013-09-06 02:17 (UTC+2) |
Version Information (6)
»
| FileVersion | 1.5.2.8 |
| CompanyName | |
| FileDescription | PhotoBrowser Portable |
| InternalName | Browser.exe |
| OriginalFilename | Browser.exe |
| LegalCopyright | Copyright (C) 2014 |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00401000 | 0x002E4837 | 0x002E4A00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.72 |
| .rdata | 0x006E6000 | 0x000CFA68 | 0x000CFC00 | 0x002E4E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.45 |
| .data | 0x007B6000 | 0x0025C8A4 | 0x00056C00 | 0x003B4A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.97 |
| .tls | 0x00A13000 | 0x00000002 | 0x00000200 | 0x0040B600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .rsrc | 0x00A14000 | 0x000002A0 | 0x00000400 | 0x0040B800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 2.29 |
| .reloc | 0x00A15000 | 0x0006A400 | 0x0006A400 | 0x0040BC00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.81 |
Imports (22)
»
RPCRT4.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| UuidFromStringA | - | 0x006E6624 | 0x003B2354 | 0x003B1154 | 0x00000214 |
KERNEL32.dll (225)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| UnlockFile | - | 0x006E6244 | 0x003B1F74 | 0x003B0D74 | 0x00000590 |
| LockFile | - | 0x006E6248 | 0x003B1F78 | 0x003B0D78 | 0x000003BF |
| OutputDebugStringW | - | 0x006E624C | 0x003B1F7C | 0x003B0D7C | 0x000003FF |
| UnlockFileEx | - | 0x006E6250 | 0x003B1F80 | 0x003B0D80 | 0x00000591 |
| FormatMessageA | - | 0x006E6254 | 0x003B1F84 | 0x003B0D84 | 0x00000199 |
| HeapDestroy | - | 0x006E6258 | 0x003B1F88 | 0x003B0D88 | 0x00000336 |
| GetFileAttributesA | - | 0x006E625C | 0x003B1F8C | 0x003B0D8C | 0x00000231 |
| HeapCreate | - | 0x006E6260 | 0x003B1F90 | 0x003B0D90 | 0x00000335 |
| HeapValidate | - | 0x006E6264 | 0x003B1F94 | 0x003B0D94 | 0x0000033F |
| HeapSize | - | 0x006E6268 | 0x003B1F98 | 0x003B0D98 | 0x0000033C |
| LockFileEx | - | 0x006E626C | 0x003B1F9C | 0x003B0D9C | 0x000003C0 |
| CreateFileMappingA | - | 0x006E6270 | 0x003B1FA0 | 0x003B0DA0 | 0x000000B9 |
| CreateFileMappingW | - | 0x006E6274 | 0x003B1FA4 | 0x003B0DA4 | 0x000000BD |
| GetDiskFreeSpaceA | - | 0x006E6278 | 0x003B1FA8 | 0x003B0DA8 | 0x00000219 |
| GetFileAttributesExW | - | 0x006E627C | 0x003B1FAC | 0x003B0DAC | 0x00000233 |
| GetCurrentProcessId | - | 0x006E6280 | 0x003B1FB0 | 0x003B0DB0 | 0x0000020B |
| GetTempPathA | - | 0x006E6284 | 0x003B1FB4 | 0x003B0DB4 | 0x000002E5 |
| AreFileApisANSI | - | 0x006E6288 | 0x003B1FB8 | 0x003B0DB8 | 0x0000001B |
| DeleteFileA | - | 0x006E628C | 0x003B1FBC | 0x003B0DBC | 0x00000106 |
| SetFileTime | - | 0x006E6290 | 0x003B1FC0 | 0x003B0DC0 | 0x0000050A |
| GetThreadTimes | - | 0x006E6294 | 0x003B1FC4 | 0x003B0DC4 | 0x000002F4 |
| GetThreadContext | - | 0x006E6298 | 0x003B1FC8 | 0x003B0DC8 | 0x000002E7 |
| RtlCaptureContext | - | 0x006E629C | 0x003B1FCC | 0x003B0DCC | 0x000004B2 |
| SetUnhandledExceptionFilter | - | 0x006E62A0 | 0x003B1FD0 | 0x003B0DD0 | 0x00000550 |
| VirtualQueryEx | - | 0x006E62A4 | 0x003B1FD4 | 0x003B0DD4 | 0x000005B1 |
| TerminateThread | - | 0x006E62A8 | 0x003B1FD8 | 0x003B0DD8 | 0x0000056F |
| ReleaseSemaphore | - | 0x006E62AC | 0x003B1FDC | 0x003B0DDC | 0x00000499 |
| OpenThread | - | 0x006E62B0 | 0x003B1FE0 | 0x003B0DE0 | 0x000003FA |
| CreateSemaphoreW | - | 0x006E62B4 | 0x003B1FE4 | 0x003B0DE4 | 0x000000E0 |
| SuspendThread | - | 0x006E62B8 | 0x003B1FE8 | 0x003B0DE8 | 0x00000567 |
| ResumeThread | - | 0x006E62BC | 0x003B1FEC | 0x003B0DEC | 0x000004B1 |
| CreateThread | - | 0x006E62C0 | 0x003B1FF0 | 0x003B0DF0 | 0x000000E7 |
| WaitNamedPipeW | - | 0x006E62C4 | 0x003B1FF4 | 0x003B0DF4 | 0x000005C0 |
| TransactNamedPipe | - | 0x006E62C8 | 0x003B1FF8 | 0x003B0DF8 | 0x00000585 |
| SetNamedPipeHandleState | - | 0x006E62CC | 0x003B1FFC | 0x003B0DFC | 0x0000051F |
| WaitForMultipleObjects | - | 0x006E62D0 | 0x003B2000 | 0x003B0E00 | 0x000005B7 |
| VirtualQuery | - | 0x006E62D4 | 0x003B2004 | 0x003B0E04 | 0x000005B0 |
| VirtualFree | - | 0x006E62D8 | 0x003B2008 | 0x003B0E08 | 0x000005AB |
| VirtualAlloc | - | 0x006E62DC | 0x003B200C | 0x003B0E0C | 0x000005A8 |
| VirtualProtectEx | - | 0x006E62E0 | 0x003B2010 | 0x003B0E10 | 0x000005AF |
| GetThreadPriority | - | 0x006E62E4 | 0x003B2014 | 0x003B0E14 | 0x000002F0 |
| InterlockedCompareExchange | - | 0x006E62E8 | 0x003B2018 | 0x003B0E18 | 0x00000353 |
| SetEnvironmentVariableA | - | 0x006E62EC | 0x003B201C | 0x003B0E1C | 0x000004F7 |
| SetStdHandle | - | 0x006E62F0 | 0x003B2020 | 0x003B0E20 | 0x0000052E |
| GetConsoleMode | - | 0x006E62F4 | 0x003B2024 | 0x003B0E24 | 0x000001EF |
| GetConsoleCP | - | 0x006E62F8 | 0x003B2028 | 0x003B0E28 | 0x000001DD |
| IsValidLocale | - | 0x006E62FC | 0x003B202C | 0x003B0E2C | 0x00000378 |
| EnumSystemLocalesA | - | 0x006E6300 | 0x003B2030 | 0x003B0E30 | 0x00000145 |
| GetLocaleInfoA | - | 0x006E6304 | 0x003B2034 | 0x003B0E34 | 0x00000253 |
| GetUserDefaultLCID | - | 0x006E6308 | 0x003B2038 | 0x003B0E38 | 0x00000300 |
| SetHandleCount | - | 0x006E630C | 0x003B203C | 0x003B0E3C | 0x00000511 |
| GetEnvironmentStringsW | - | 0x006E6310 | 0x003B2040 | 0x003B0E40 | 0x00000228 |
| FreeEnvironmentStringsW | - | 0x006E6314 | 0x003B2044 | 0x003B0E44 | 0x0000019D |
| GetStringTypeW | - | 0x006E6318 | 0x003B2048 | 0x003B0E48 | 0x000002C7 |
| IsValidCodePage | - | 0x006E631C | 0x003B204C | 0x003B0E4C | 0x00000376 |
| GetOEMCP | - | 0x006E6320 | 0x003B2050 | 0x003B0E50 | 0x00000287 |
| GetACP | - | 0x006E6324 | 0x003B2054 | 0x003B0E54 | 0x000001A5 |
| GetCPInfo | - | 0x006E6328 | 0x003B2058 | 0x003B0E58 | 0x000001B4 |
| LCMapStringW | - | 0x006E632C | 0x003B205C | 0x003B0E5C | 0x0000039A |
| RtlUnwind | - | 0x006E6330 | 0x003B2060 | 0x003B0E60 | 0x000004B7 |
| GetStdHandle | - | 0x006E6334 | 0x003B2064 | 0x003B0E64 | 0x000002C2 |
| GetFileType | - | 0x006E6338 | 0x003B2068 | 0x003B0E68 | 0x0000023F |
| WriteConsoleW | - | 0x006E633C | 0x003B206C | 0x003B0E6C | 0x000005F0 |
| IsDebuggerPresent | - | 0x006E6340 | 0x003B2070 | 0x003B0E70 | 0x0000036B |
| UnhandledExceptionFilter | - | 0x006E6344 | 0x003B2074 | 0x003B0E74 | 0x0000058F |
| GetLogicalDrives | - | 0x006E6348 | 0x003B2078 | 0x003B0E78 | 0x00000258 |
| HeapSetInformation | - | 0x006E634C | 0x003B207C | 0x003B0E7C | 0x0000033B |
| ExitProcess | - | 0x006E6350 | 0x003B2080 | 0x003B0E80 | 0x00000151 |
| ExitThread | - | 0x006E6354 | 0x003B2084 | 0x003B0E84 | 0x00000152 |
| VirtualProtect | - | 0x006E6358 | 0x003B2088 | 0x003B0E88 | 0x000005AE |
| GetModuleHandleA | - | 0x006E635C | 0x003B208C | 0x003B0E8C | 0x00000265 |
| CreateWaitableTimerA | - | 0x006E6360 | 0x003B2090 | 0x003B0E90 | 0x000000F1 |
| SetWaitableTimer | - | 0x006E6364 | 0x003B2094 | 0x003B0E94 | 0x00000558 |
| TlsSetValue | - | 0x006E6368 | 0x003B2098 | 0x003B0E98 | 0x00000583 |
| OpenEventA | - | 0x006E636C | 0x003B209C | 0x003B0E9C | 0x000003E6 |
| TlsGetValue | - | 0x006E6370 | 0x003B20A0 | 0x003B0EA0 | 0x00000582 |
| TlsFree | - | 0x006E6374 | 0x003B20A4 | 0x003B0EA4 | 0x00000581 |
| TlsAlloc | - | 0x006E6378 | 0x003B20A8 | 0x003B0EA8 | 0x00000580 |
| InterlockedPopEntrySList | - | 0x006E637C | 0x003B20AC | 0x003B0EAC | 0x0000035A |
| IsProcessorFeaturePresent | - | 0x006E6380 | 0x003B20B0 | 0x003B0EB0 | 0x00000371 |
| InterlockedPushEntrySList | - | 0x006E6384 | 0x003B20B4 | 0x003B0EB4 | 0x0000035B |
| MapViewOfFile | - | 0x006E6388 | 0x003B20B8 | 0x003B0EB8 | 0x000003C4 |
| UnmapViewOfFile | - | 0x006E638C | 0x003B20BC | 0x003B0EBC | 0x00000592 |
| CreateFileA | - | 0x006E6390 | 0x003B20C0 | 0x003B0EC0 | 0x000000B8 |
| HeapReAlloc | - | 0x006E6394 | 0x003B20C4 | 0x003B0EC4 | 0x0000033A |
| GetFullPathNameA | - | 0x006E6398 | 0x003B20C8 | 0x003B0EC8 | 0x00000247 |
| LocalUnlock | - | 0x006E639C | 0x003B20CC | 0x003B0ECC | 0x000003BC |
| LocalLock | - | 0x006E63A0 | 0x003B20D0 | 0x003B0ED0 | 0x000003B8 |
| LocalAlloc | - | 0x006E63A4 | 0x003B20D4 | 0x003B0ED4 | 0x000003B2 |
| CompareFileTime | - | 0x006E63A8 | 0x003B20D8 | 0x003B0ED8 | 0x0000008D |
| SetProcessWorkingSetSize | - | 0x006E63AC | 0x003B20DC | 0x003B0EDC | 0x0000052A |
| lstrcmpA | - | 0x006E63B0 | 0x003B20E0 | 0x003B0EE0 | 0x0000060E |
| GetPrivateProfileSectionNamesW | - | 0x006E63B4 | 0x003B20E4 | 0x003B0EE4 | 0x00000298 |
| GetPrivateProfileSectionW | - | 0x006E63B8 | 0x003B20E8 | 0x003B0EE8 | 0x00000299 |
| WritePrivateProfileStringW | - | 0x006E63BC | 0x003B20EC | 0x003B0EEC | 0x000005F7 |
| MoveFileExW | - | 0x006E63C0 | 0x003B20F0 | 0x003B0EF0 | 0x000003CE |
| SystemTimeToFileTime | - | 0x006E63C4 | 0x003B20F4 | 0x003B0EF4 | 0x0000056A |
| GetSystemTime | - | 0x006E63C8 | 0x003B20F8 | 0x003B0EF8 | 0x000002D7 |
| LoadLibraryA | - | 0x006E63CC | 0x003B20FC | 0x003B0EFC | 0x000003A9 |
| GetTimeZoneInformation | - | 0x006E63D0 | 0x003B2100 | 0x003B0F00 | 0x000002FD |
| SystemTimeToTzSpecificLocalTime | - | 0x006E63D4 | 0x003B2104 | 0x003B0F04 | 0x0000056B |
| SetThreadPriority | - | 0x006E63D8 | 0x003B2108 | 0x003B0F08 | 0x00000541 |
| GetTickCount | - | 0x006E63DC | 0x003B210C | 0x003B0F0C | 0x000002F6 |
| IsBadStringPtrW | - | 0x006E63E0 | 0x003B2110 | 0x003B0F10 | 0x00000364 |
| CopyFileW | - | 0x006E63E4 | 0x003B2114 | 0x003B0F14 | 0x000000A3 |
| GetTempFileNameW | - | 0x006E63E8 | 0x003B2118 | 0x003B0F18 | 0x000002E4 |
| GetTempPathW | - | 0x006E63EC | 0x003B211C | 0x003B0F1C | 0x000002E6 |
| SetFileAttributesW | - | 0x006E63F0 | 0x003B2120 | 0x003B0F20 | 0x00000501 |
| GetEnvironmentVariableW | - | 0x006E63F4 | 0x003B2124 | 0x003B0F24 | 0x0000022A |
| ExpandEnvironmentStringsW | - | 0x006E63F8 | 0x003B2128 | 0x003B0F28 | 0x00000155 |
| GetSystemDirectoryW | - | 0x006E63FC | 0x003B212C | 0x003B0F2C | 0x000002D0 |
| GetCurrentThread | - | 0x006E6400 | 0x003B2130 | 0x003B0F30 | 0x0000020E |
| GetFullPathNameW | - | 0x006E6404 | 0x003B2134 | 0x003B0F34 | 0x0000024A |
| GetUserDefaultLangID | - | 0x006E6408 | 0x003B2138 | 0x003B0F38 | 0x00000301 |
| FileTimeToSystemTime | - | 0x006E640C | 0x003B213C | 0x003B0F3C | 0x0000015D |
| FileTimeToLocalFileTime | - | 0x006E6410 | 0x003B2140 | 0x003B0F40 | 0x0000015C |
| GetShortPathNameW | - | 0x006E6414 | 0x003B2144 | 0x003B0F44 | 0x000002BD |
| FindNextFileW | - | 0x006E6418 | 0x003B2148 | 0x003B0F48 | 0x0000017F |
| BackupSeek | - | 0x006E641C | 0x003B214C | 0x003B0F4C | 0x0000001F |
| BackupRead | - | 0x006E6420 | 0x003B2150 | 0x003B0F50 | 0x0000001E |
| GetCompressedFileSizeW | - | 0x006E6424 | 0x003B2154 | 0x003B0F54 | 0x000001CE |
| GetDriveTypeW | - | 0x006E6428 | 0x003B2158 | 0x003B0F58 | 0x00000220 |
| CreateDirectoryW | - | 0x006E642C | 0x003B215C | 0x003B0F5C | 0x000000B0 |
| RemoveDirectoryW | - | 0x006E6430 | 0x003B2160 | 0x003B0F60 | 0x0000049E |
| SetEndOfFile | - | 0x006E6434 | 0x003B2164 | 0x003B0F64 | 0x000004F4 |
| SetFilePointerEx | - | 0x006E6438 | 0x003B2168 | 0x003B0F68 | 0x00000507 |
| GetVolumeInformationW | - | 0x006E643C | 0x003B216C | 0x003B0F6C | 0x0000030C |
| GetDiskFreeSpaceW | - | 0x006E6440 | 0x003B2170 | 0x003B0F70 | 0x0000021C |
| MoveFileW | - | 0x006E6444 | 0x003B2174 | 0x003B0F74 | 0x000003D1 |
| FindClose | - | 0x006E6448 | 0x003B2178 | 0x003B0F78 | 0x00000168 |
| FindFirstFileW | - | 0x006E644C | 0x003B217C | 0x003B0F7C | 0x00000173 |
| DeviceIoControl | - | 0x006E6450 | 0x003B2180 | 0x003B0F80 | 0x00000111 |
| GetSystemTimeAsFileTime | - | 0x006E6454 | 0x003B2184 | 0x003B0F84 | 0x000002D9 |
| OutputDebugStringA | - | 0x006E6458 | 0x003B2188 | 0x003B0F88 | 0x000003FE |
| InitializeCriticalSection | - | 0x006E645C | 0x003B218C | 0x003B0F8C | 0x0000034B |
| GetLocalTime | - | 0x006E6460 | 0x003B2190 | 0x003B0F90 | 0x00000252 |
| GetModuleFileNameA | - | 0x006E6464 | 0x003B2194 | 0x003B0F94 | 0x00000263 |
| GetTimeFormatW | - | 0x006E6468 | 0x003B2198 | 0x003B0F98 | 0x000002FB |
| GetDateFormatW | - | 0x006E646C | 0x003B219C | 0x003B0F9C | 0x00000214 |
| GetNumberFormatW | - | 0x006E6470 | 0x003B21A0 | 0x003B0FA0 | 0x00000283 |
| GetLocaleInfoW | - | 0x006E6474 | 0x003B21A4 | 0x003B0FA4 | 0x00000255 |
| VerifyVersionInfoW | - | 0x006E6478 | 0x003B21A8 | 0x003B0FA8 | 0x000005A7 |
| VerSetConditionMask | - | 0x006E647C | 0x003B21AC | 0x003B0FAC | 0x000005A3 |
| GlobalMemoryStatus | - | 0x006E6480 | 0x003B21B0 | 0x003B0FB0 | 0x00000327 |
| GetSystemInfo | - | 0x006E6484 | 0x003B21B4 | 0x003B0FB4 | 0x000002D3 |
| GetVersionExA | - | 0x006E6488 | 0x003B21B8 | 0x003B0FB8 | 0x00000308 |
| lstrlenA | - | 0x006E648C | 0x003B21BC | 0x003B0FBC | 0x0000061A |
| GlobalHandle | - | 0x006E6490 | 0x003B21C0 | 0x003B0FC0 | 0x00000325 |
| lstrcmpW | - | 0x006E6494 | 0x003B21C4 | 0x003B0FC4 | 0x0000060F |
| GetDiskFreeSpaceExW | - | 0x006E6498 | 0x003B21C8 | 0x003B0FC8 | 0x0000021B |
| GetWindowsDirectoryW | - | 0x006E649C | 0x003B21CC | 0x003B0FCC | 0x00000314 |
| GetProcessTimes | - | 0x006E64A0 | 0x003B21D0 | 0x003B0FD0 | 0x000002AE |
| GetLongPathNameW | - | 0x006E64A4 | 0x003B21D4 | 0x003B0FD4 | 0x0000025E |
| SetFilePointer | - | 0x006E64A8 | 0x003B21D8 | 0x003B0FD8 | 0x00000506 |
| GetFileSize | - | 0x006E64AC | 0x003B21DC | 0x003B0FDC | 0x0000023C |
| ReadFile | - | 0x006E64B0 | 0x003B21E0 | 0x003B0FE0 | 0x00000458 |
| GetVersion | - | 0x006E64B4 | 0x003B21E4 | 0x003B0FE4 | 0x00000307 |
| CompareStringW | - | 0x006E64B8 | 0x003B21E8 | 0x003B0FE8 | 0x00000091 |
| Sleep | - | 0x006E64BC | 0x003B21EC | 0x003B0FEC | 0x0000055F |
| lstrcpyW | - | 0x006E64C0 | 0x003B21F0 | 0x003B0FF0 | 0x00000615 |
| GetPrivateProfileStringW | - | 0x006E64C4 | 0x003B21F4 | 0x003B0FF4 | 0x0000029B |
| DeleteFileW | - | 0x006E64C8 | 0x003B21F8 | 0x003B0FF8 | 0x00000109 |
| LocalFree | - | 0x006E64CC | 0x003B21FC | 0x003B0FFC | 0x000003B6 |
| FormatMessageW | - | 0x006E64D0 | 0x003B2200 | 0x003B1000 | 0x0000019A |
| lstrcpynW | - | 0x006E64D4 | 0x003B2204 | 0x003B1004 | 0x00000618 |
| GetVersionExW | - | 0x006E64D8 | 0x003B2208 | 0x003B1008 | 0x00000309 |
| LoadLibraryW | - | 0x006E64DC | 0x003B220C | 0x003B100C | 0x000003AC |
| MulDiv | - | 0x006E64E0 | 0x003B2210 | 0x003B1010 | 0x000003D4 |
| SetCurrentDirectoryW | - | 0x006E64E4 | 0x003B2214 | 0x003B1014 | 0x000004ED |
| GetCurrentDirectoryW | - | 0x006E64E8 | 0x003B2218 | 0x003B1018 | 0x00000204 |
| QueryPerformanceCounter | - | 0x006E64EC | 0x003B221C | 0x003B101C | 0x00000433 |
| QueryPerformanceFrequency | - | 0x006E64F0 | 0x003B2220 | 0x003B1020 | 0x00000434 |
| GetCommandLineW | - | 0x006E64F4 | 0x003B2224 | 0x003B1024 | 0x000001CA |
| CreateProcessW | - | 0x006E64F8 | 0x003B2228 | 0x003B1028 | 0x000000DA |
| GetStartupInfoW | - | 0x006E64FC | 0x003B222C | 0x003B102C | 0x000002C0 |
| SetErrorMode | - | 0x006E6500 | 0x003B2230 | 0x003B1030 | 0x000004F9 |
| InterlockedIncrement | - | 0x006E6504 | 0x003B2234 | 0x003B1034 | 0x00000359 |
| InterlockedDecrement | - | 0x006E6508 | 0x003B2238 | 0x003B1038 | 0x00000355 |
| LoadLibraryExW | - | 0x006E650C | 0x003B223C | 0x003B103C | 0x000003AB |
| lstrcmpiW | - | 0x006E6510 | 0x003B2240 | 0x003B1040 | 0x00000612 |
| FreeLibrary | - | 0x006E6514 | 0x003B2244 | 0x003B1044 | 0x0000019E |
| WriteFile | - | 0x006E6518 | 0x003B2248 | 0x003B1048 | 0x000005F1 |
| FlushFileBuffers | - | 0x006E651C | 0x003B224C | 0x003B104C | 0x00000192 |
| CreateFileW | - | 0x006E6520 | 0x003B2250 | 0x003B1050 | 0x000000C0 |
| GetFileAttributesW | - | 0x006E6524 | 0x003B2254 | 0x003B1054 | 0x00000236 |
| WideCharToMultiByte | - | 0x006E6528 | 0x003B2258 | 0x003B1058 | 0x000005DD |
| CreateMutexW | - | 0x006E652C | 0x003B225C | 0x003B105C | 0x000000CF |
| lstrlenW | - | 0x006E6530 | 0x003B2260 | 0x003B1060 | 0x0000061B |
| GetProcAddress | - | 0x006E6534 | 0x003B2264 | 0x003B1064 | 0x0000029E |
| MultiByteToWideChar | - | 0x006E6538 | 0x003B2268 | 0x003B1068 | 0x000003D5 |
| InitializeCriticalSectionAndSpinCount | - | 0x006E653C | 0x003B226C | 0x003B106C | 0x0000034C |
| DeleteCriticalSection | - | 0x006E6540 | 0x003B2270 | 0x003B1070 | 0x00000104 |
| SetLastError | - | 0x006E6544 | 0x003B2274 | 0x003B1074 | 0x00000516 |
| RaiseException | - | 0x006E6548 | 0x003B2278 | 0x003B1078 | 0x00000448 |
| GetCurrentThreadId | - | 0x006E654C | 0x003B227C | 0x003B107C | 0x0000020F |
| GetModuleFileNameW | - | 0x006E6550 | 0x003B2280 | 0x003B1080 | 0x00000264 |
| FindResourceExW | - | 0x006E6554 | 0x003B2284 | 0x003B1084 | 0x00000188 |
| GetModuleHandleW | - | 0x006E6558 | 0x003B2288 | 0x003B1088 | 0x00000268 |
| CreateEventA | - | 0x006E655C | 0x003B228C | 0x003B108C | 0x000000B1 |
| CloseHandle | - | 0x006E6560 | 0x003B2290 | 0x003B1090 | 0x0000007D |
| HeapAlloc | - | 0x006E6564 | 0x003B2294 | 0x003B1094 | 0x00000333 |
| HeapFree | - | 0x006E6568 | 0x003B2298 | 0x003B1098 | 0x00000337 |
| GetProcessHeap | - | 0x006E656C | 0x003B229C | 0x003B109C | 0x000002A4 |
| GlobalAlloc | - | 0x006E6570 | 0x003B22A0 | 0x003B10A0 | 0x0000031B |
| GlobalLock | - | 0x006E6574 | 0x003B22A4 | 0x003B10A4 | 0x00000326 |
| GlobalUnlock | - | 0x006E6578 | 0x003B22A8 | 0x003B10A8 | 0x0000032D |
| GlobalFree | - | 0x006E657C | 0x003B22AC | 0x003B10AC | 0x00000322 |
| InterlockedExchange | - | 0x006E6580 | 0x003B22B0 | 0x003B10B0 | 0x00000356 |
| ResetEvent | - | 0x006E6584 | 0x003B22B4 | 0x003B10B4 | 0x000004AB |
| SetEvent | - | 0x006E6588 | 0x003B22B8 | 0x003B10B8 | 0x000004FA |
| CreateEventW | - | 0x006E658C | 0x003B22BC | 0x003B10BC | 0x000000B4 |
| GetLastError | - | 0x006E6590 | 0x003B22C0 | 0x003B10C0 | 0x00000251 |
| OpenProcess | - | 0x006E6594 | 0x003B22C4 | 0x003B10C4 | 0x000003F3 |
| TerminateProcess | - | 0x006E6598 | 0x003B22C8 | 0x003B10C8 | 0x0000056E |
| WaitForSingleObject | - | 0x006E659C | 0x003B22CC | 0x003B10CC | 0x000005B9 |
| LeaveCriticalSection | - | 0x006E65A0 | 0x003B22D0 | 0x003B10D0 | 0x000003A6 |
| EnterCriticalSection | - | 0x006E65A4 | 0x003B22D4 | 0x003B10D4 | 0x00000125 |
| FlushInstructionCache | - | 0x006E65A8 | 0x003B22D8 | 0x003B10D8 | 0x00000193 |
| GetCurrentProcess | - | 0x006E65AC | 0x003B22DC | 0x003B10DC | 0x0000020A |
| FindResourceW | - | 0x006E65B0 | 0x003B22E0 | 0x003B10E0 | 0x00000189 |
| LoadResource | - | 0x006E65B4 | 0x003B22E4 | 0x003B10E4 | 0x000003AF |
| LockResource | - | 0x006E65B8 | 0x003B22E8 | 0x003B10E8 | 0x000003C1 |
| SizeofResource | - | 0x006E65BC | 0x003B22EC | 0x003B10EC | 0x0000055E |
| GetTimeFormatA | - | 0x006E65C0 | 0x003B22F0 | 0x003B10F0 | 0x000002F8 |
| GetDateFormatA | - | 0x006E65C4 | 0x003B22F4 | 0x003B10F4 | 0x00000211 |
USER32.dll (183)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateAcceleratorTableW | - | 0x006E66D4 | 0x003B2404 | 0x003B1204 | 0x0000005A |
| InvalidateRgn | - | 0x006E66D8 | 0x003B2408 | 0x003B1208 | 0x000001FC |
| DestroyAcceleratorTable | - | 0x006E66DC | 0x003B240C | 0x003B120C | 0x000000A7 |
| SendDlgItemMessageW | - | 0x006E66E0 | 0x003B2410 | 0x003B1210 | 0x000002D5 |
| wsprintfW | - | 0x006E66E4 | 0x003B2414 | 0x003B1214 | 0x0000039F |
| GetForegroundWindow | - | 0x006E66E8 | 0x003B2418 | 0x003B1218 | 0x00000146 |
| GetDlgItemInt | - | 0x006E66EC | 0x003B241C | 0x003B121C | 0x0000013F |
| GetNextDlgTabItem | - | 0x006E66F0 | 0x003B2420 | 0x003B1220 | 0x0000017B |
| SetDlgItemTextW | - | 0x006E66F4 | 0x003B2424 | 0x003B1224 | 0x000002F4 |
| CloseClipboard | - | 0x006E66F8 | 0x003B2428 | 0x003B1228 | 0x0000004B |
| GetClipboardData | - | 0x006E66FC | 0x003B242C | 0x003B122C | 0x0000012A |
| OpenClipboard | - | 0x006E6700 | 0x003B2430 | 0x003B1230 | 0x0000026D |
| IsClipboardFormatAvailable | - | 0x006E6704 | 0x003B2434 | 0x003B1234 | 0x00000208 |
| GetShellWindow | - | 0x006E6708 | 0x003B2438 | 0x003B1238 | 0x000001A9 |
| GetWindowInfo | - | 0x006E670C | 0x003B243C | 0x003B123C | 0x000001C8 |
| SetMenuDefaultItem | - | 0x006E6710 | 0x003B2440 | 0x003B1240 | 0x00000305 |
| LockWindowUpdate | - | 0x006E6714 | 0x003B2444 | 0x003B1244 | 0x00000242 |
| PostQuitMessage | - | 0x006E6718 | 0x003B2448 | 0x003B1248 | 0x00000280 |
| IsDialogMessageW | - | 0x006E671C | 0x003B244C | 0x003B124C | 0x0000020B |
| FindWindowExW | - | 0x006E6720 | 0x003B2450 | 0x003B1250 | 0x0000010A |
| LoadIconW | - | 0x006E6724 | 0x003B2454 | 0x003B1254 | 0x00000232 |
| GetComboBoxInfo | - | 0x006E6728 | 0x003B2458 | 0x003B1258 | 0x00000130 |
| AdjustWindowRectEx | - | 0x006E672C | 0x003B245C | 0x003B125C | 0x00000003 |
| SetWindowContextHelpId | - | 0x006E6730 | 0x003B2460 | 0x003B1260 | 0x0000032D |
| MapDialogRect | - | 0x006E6734 | 0x003B2464 | 0x003B1264 | 0x0000024B |
| CreateDialogIndirectParamW | - | 0x006E6738 | 0x003B2468 | 0x003B1268 | 0x00000064 |
| GetSystemMetrics | - | 0x006E673C | 0x003B246C | 0x003B126C | 0x000001AE |
| GetWindowPlacement | - | 0x006E6740 | 0x003B2470 | 0x003B1270 | 0x000001CF |
| SystemParametersInfoA | - | 0x006E6744 | 0x003B2474 | 0x003B1274 | 0x00000352 |
| GetMenuItemID | - | 0x006E6748 | 0x003B2478 | 0x003B1278 | 0x0000016B |
| GetWindowThreadProcessId | - | 0x006E674C | 0x003B247C | 0x003B127C | 0x000001D8 |
| WaitForInputIdle | - | 0x006E6750 | 0x003B2480 | 0x003B1280 | 0x00000391 |
| EnumDisplaySettingsW | - | 0x006E6754 | 0x003B2484 | 0x003B1284 | 0x000000F9 |
| ExitWindowsEx | - | 0x006E6758 | 0x003B2488 | 0x003B1288 | 0x00000106 |
| GetLastInputInfo | - | 0x006E675C | 0x003B248C | 0x003B128C | 0x0000015E |
| EmptyClipboard | - | 0x006E6760 | 0x003B2490 | 0x003B1290 | 0x000000E0 |
| GetWindowRect | - | 0x006E6764 | 0x003B2494 | 0x003B1294 | 0x000001D0 |
| UnregisterClassA | - | 0x006E6768 | 0x003B2498 | 0x003B1298 | 0x0000036C |
| SetWindowPos | - | 0x006E676C | 0x003B249C | 0x003B129C | 0x00000333 |
| GetWindowLongW | - | 0x006E6770 | 0x003B24A0 | 0x003B12A0 | 0x000001CA |
| GetParent | - | 0x006E6774 | 0x003B24A4 | 0x003B12A4 | 0x0000017D |
| GetWindow | - | 0x006E6778 | 0x003B24A8 | 0x003B12A8 | 0x000001BF |
| GetDesktopWindow | - | 0x006E677C | 0x003B24AC | 0x003B12AC | 0x00000139 |
| GetClientRect | - | 0x006E6780 | 0x003B24B0 | 0x003B12B0 | 0x00000127 |
| MapWindowPoints | - | 0x006E6784 | 0x003B24B4 | 0x003B12B4 | 0x00000250 |
| SetWindowLongW | - | 0x006E6788 | 0x003B24B8 | 0x003B12B8 | 0x00000331 |
| SendMessageW | - | 0x006E678C | 0x003B24BC | 0x003B12BC | 0x000002DE |
| GetDlgItem | - | 0x006E6790 | 0x003B24C0 | 0x003B12C0 | 0x0000013E |
| ScreenToClient | - | 0x006E6794 | 0x003B24C4 | 0x003B12C4 | 0x000002CF |
| MoveWindow | - | 0x006E6798 | 0x003B24C8 | 0x003B12C8 | 0x00000262 |
| GetDC | - | 0x006E679C | 0x003B24CC | 0x003B12CC | 0x00000136 |
| ReleaseDC | - | 0x006E67A0 | 0x003B24D0 | 0x003B12D0 | 0x000002C6 |
| GetWindowTextW | - | 0x006E67A4 | 0x003B24D4 | 0x003B12D4 | 0x000001D7 |
| SetWindowTextW | - | 0x006E67A8 | 0x003B24D8 | 0x003B12D8 | 0x00000338 |
| DefWindowProcW | - | 0x006E67AC | 0x003B24DC | 0x003B12DC | 0x000000A2 |
| InvalidateRect | - | 0x006E67B0 | 0x003B24E0 | 0x003B12E0 | 0x000001FB |
| BeginPaint | - | 0x006E67B4 | 0x003B24E4 | 0x003B12E4 | 0x0000000E |
| EndPaint | - | 0x006E67B8 | 0x003B24E8 | 0x003B12E8 | 0x000000EB |
| DrawTextW | - | 0x006E67BC | 0x003B24EC | 0x003B12EC | 0x000000D7 |
| GetActiveWindow | - | 0x006E67C0 | 0x003B24F0 | 0x003B12F0 | 0x00000111 |
| GetMenu | - | 0x006E67C4 | 0x003B24F4 | 0x003B12F4 | 0x00000164 |
| DrawEdge | - | 0x006E67C8 | 0x003B24F8 | 0x003B12F8 | 0x000000CA |
| SetLayeredWindowAttributes | - | 0x006E67CC | 0x003B24FC | 0x003B12FC | 0x000002FE |
| DeleteMenu | - | 0x006E67D0 | 0x003B2500 | 0x003B1300 | 0x000000A5 |
| UnhookWindowsHookEx | - | 0x006E67D4 | 0x003B2504 | 0x003B1304 | 0x00000367 |
| SetWindowsHookExW | - | 0x006E67D8 | 0x003B2508 | 0x003B1308 | 0x0000033C |
| CallNextHookEx | - | 0x006E67DC | 0x003B250C | 0x003B130C | 0x0000001C |
| SetPropW | - | 0x006E67E0 | 0x003B2510 | 0x003B1310 | 0x00000316 |
| GetWindowTextLengthW | - | 0x006E67E4 | 0x003B2514 | 0x003B1314 | 0x000001D6 |
| SetScrollPos | - | 0x006E67E8 | 0x003B2518 | 0x003B1318 | 0x0000031A |
| GetScrollInfo | - | 0x006E67EC | 0x003B251C | 0x003B131C | 0x000001A5 |
| ScrollWindowEx | - | 0x006E67F0 | 0x003B2520 | 0x003B1320 | 0x000002D3 |
| SetScrollInfo | - | 0x006E67F4 | 0x003B2524 | 0x003B1324 | 0x00000319 |
| AppendMenuW | - | 0x006E67F8 | 0x003B2528 | 0x003B1328 | 0x0000000A |
| GetScrollPos | - | 0x006E67FC | 0x003B252C | 0x003B132C | 0x000001A6 |
| OffsetRect | - | 0x006E6800 | 0x003B2530 | 0x003B1330 | 0x0000026C |
| SendMessageTimeoutW | - | 0x006E6804 | 0x003B2534 | 0x003B1334 | 0x000002DD |
| GetMonitorInfoW | - | 0x006E6808 | 0x003B2538 | 0x003B1338 | 0x00000178 |
| MonitorFromWindow | - | 0x006E680C | 0x003B253C | 0x003B133C | 0x00000261 |
| GetAsyncKeyState | - | 0x006E6810 | 0x003B2540 | 0x003B1340 | 0x00000118 |
| GetNextDlgGroupItem | - | 0x006E6814 | 0x003B2544 | 0x003B1344 | 0x0000017A |
| DestroyCursor | - | 0x006E6818 | 0x003B2548 | 0x003B1348 | 0x000000A9 |
| GetLastActivePopup | - | 0x006E681C | 0x003B254C | 0x003B134C | 0x0000015D |
| MessageBeep | - | 0x006E6820 | 0x003B2550 | 0x003B1350 | 0x00000254 |
| DrawIcon | - | 0x006E6824 | 0x003B2554 | 0x003B1354 | 0x000000CE |
| GetDialogBaseUnits | - | 0x006E6828 | 0x003B2558 | 0x003B1358 | 0x0000013A |
| LoadStringW | - | 0x006E682C | 0x003B255C | 0x003B135C | 0x0000023F |
| WinHelpW | - | 0x006E6830 | 0x003B2560 | 0x003B1360 | 0x00000395 |
| SetClipboardData | - | 0x006E6834 | 0x003B2564 | 0x003B1364 | 0x000002E8 |
| WaitMessage | - | 0x006E6838 | 0x003B2568 | 0x003B1368 | 0x00000393 |
| DrawTextExW | - | 0x006E683C | 0x003B256C | 0x003B136C | 0x000000D6 |
| UnregisterClassW | - | 0x006E6840 | 0x003B2570 | 0x003B1370 | 0x0000036D |
| CharLowerW | - | 0x006E6844 | 0x003B2574 | 0x003B1374 | 0x0000002E |
| CharLowerA | - | 0x006E6848 | 0x003B2578 | 0x003B1378 | 0x0000002B |
| GetDlgItemTextW | - | 0x006E684C | 0x003B257C | 0x003B137C | 0x00000141 |
| LoadBitmapW | - | 0x006E6850 | 0x003B2580 | 0x003B1380 | 0x0000022C |
| EnableScrollBar | - | 0x006E6854 | 0x003B2584 | 0x003B1384 | 0x000000E4 |
| GetPropW | - | 0x006E6858 | 0x003B2588 | 0x003B1388 | 0x0000019A |
| ShowScrollBar | - | 0x006E685C | 0x003B258C | 0x003B138C | 0x00000341 |
| GetScrollRange | - | 0x006E6860 | 0x003B2590 | 0x003B1390 | 0x000001A7 |
| SetScrollRange | - | 0x006E6864 | 0x003B2594 | 0x003B1394 | 0x0000031B |
| DrawFrameControl | - | 0x006E6868 | 0x003B2598 | 0x003B1398 | 0x000000CD |
| GetClassLongW | - | 0x006E686C | 0x003B259C | 0x003B139C | 0x00000123 |
| DrawFocusRect | - | 0x006E6870 | 0x003B25A0 | 0x003B13A0 | 0x000000CB |
| DestroyIcon | - | 0x006E6874 | 0x003B25A4 | 0x003B13A4 | 0x000000AB |
| DrawStateW | - | 0x006E6878 | 0x003B25A8 | 0x003B13A8 | 0x000000D3 |
| GetKeyState | - | 0x006E687C | 0x003B25AC | 0x003B13AC | 0x00000156 |
| GetMessagePos | - | 0x006E6880 | 0x003B25B0 | 0x003B13B0 | 0x00000174 |
| CreateDialogParamW | - | 0x006E6884 | 0x003B25B4 | 0x003B13B4 | 0x00000066 |
| FrameRect | - | 0x006E6888 | 0x003B25B8 | 0x003B13B8 | 0x0000010E |
| DialogBoxParamW | - | 0x006E688C | 0x003B25BC | 0x003B13BC | 0x000000B3 |
| IsChild | - | 0x006E6890 | 0x003B25C0 | 0x003B13C0 | 0x00000206 |
| ChildWindowFromPoint | - | 0x006E6894 | 0x003B25C4 | 0x003B13C4 | 0x00000045 |
| GetSysColor | - | 0x006E6898 | 0x003B25C8 | 0x003B13C8 | 0x000001AB |
| SetRectEmpty | - | 0x006E689C | 0x003B25CC | 0x003B13CC | 0x00000318 |
| SetCursorPos | - | 0x006E68A0 | 0x003B25D0 | 0x003B13D0 | 0x000002ED |
| InsertMenuW | - | 0x006E68A4 | 0x003B25D4 | 0x003B13D4 | 0x000001F7 |
| GetCursorPos | - | 0x006E68A8 | 0x003B25D8 | 0x003B13D8 | 0x00000135 |
| CreatePopupMenu | - | 0x006E68AC | 0x003B25DC | 0x003B13DC | 0x0000006E |
| EnableMenuItem | - | 0x006E68B0 | 0x003B25E0 | 0x003B13E0 | 0x000000E2 |
| PostMessageW | - | 0x006E68B4 | 0x003B25E4 | 0x003B13E4 | 0x0000027F |
| IsWindow | - | 0x006E68B8 | 0x003B25E8 | 0x003B13E8 | 0x0000021E |
| EndDialog | - | 0x006E68BC | 0x003B25EC | 0x003B13EC | 0x000000E9 |
| RemovePropW | - | 0x006E68C0 | 0x003B25F0 | 0x003B13F0 | 0x000002CB |
| PtInRect | - | 0x006E68C4 | 0x003B25F4 | 0x003B13F4 | 0x00000289 |
| RedrawWindow | - | 0x006E68C8 | 0x003B25F8 | 0x003B13F8 | 0x000002A4 |
| TrackMouseEvent | - | 0x006E68CC | 0x003B25FC | 0x003B13FC | 0x0000035C |
| GetSystemMenu | - | 0x006E68D0 | 0x003B2600 | 0x003B1400 | 0x000001AD |
| TrackPopupMenu | - | 0x006E68D4 | 0x003B2604 | 0x003B1404 | 0x0000035D |
| SetForegroundWindow | - | 0x006E68D8 | 0x003B2608 | 0x003B1408 | 0x000002F8 |
| IsZoomed | - | 0x006E68DC | 0x003B260C | 0x003B140C | 0x00000227 |
| SystemParametersInfoW | - | 0x006E68E0 | 0x003B2610 | 0x003B1410 | 0x00000353 |
| InflateRect | - | 0x006E68E4 | 0x003B2614 | 0x003B1414 | 0x000001E9 |
| LoadImageW | - | 0x006E68E8 | 0x003B2618 | 0x003B1418 | 0x00000234 |
| CallWindowProcW | - | 0x006E68EC | 0x003B261C | 0x003B141C | 0x0000001E |
| ShowWindow | - | 0x006E68F0 | 0x003B2620 | 0x003B1420 | 0x00000344 |
| KillTimer | - | 0x006E68F4 | 0x003B2624 | 0x003B1424 | 0x00000228 |
| SetTimer | - | 0x006E68F8 | 0x003B2628 | 0x003B1428 | 0x00000325 |
| DestroyWindow | - | 0x006E68FC | 0x003B262C | 0x003B142C | 0x000000AE |
| FillRect | - | 0x006E6900 | 0x003B2630 | 0x003B1430 | 0x00000107 |
| GetSysColorBrush | - | 0x006E6904 | 0x003B2634 | 0x003B1434 | 0x000001AC |
| ClientToScreen | - | 0x006E6908 | 0x003B2638 | 0x003B1438 | 0x00000049 |
| RegisterWindowMessageW | - | 0x006E690C | 0x003B263C | 0x003B143C | 0x000002C4 |
| RegisterClassExW | - | 0x006E6910 | 0x003B2640 | 0x003B1440 | 0x000002A8 |
| GetClassInfoExW | - | 0x006E6914 | 0x003B2644 | 0x003B1444 | 0x00000120 |
| LoadCursorW | - | 0x006E6918 | 0x003B2648 | 0x003B1448 | 0x00000230 |
| CreateWindowExW | - | 0x006E691C | 0x003B264C | 0x003B144C | 0x00000071 |
| DestroyMenu | - | 0x006E6920 | 0x003B2650 | 0x003B1450 | 0x000000AC |
| CopyRect | - | 0x006E6924 | 0x003B2654 | 0x003B1454 | 0x00000057 |
| IsWindowEnabled | - | 0x006E6928 | 0x003B2658 | 0x003B1458 | 0x00000221 |
| CheckDlgButton | - | 0x006E692C | 0x003B265C | 0x003B145C | 0x0000003E |
| IsDlgButtonChecked | - | 0x006E6930 | 0x003B2660 | 0x003B1460 | 0x0000020C |
| GetClassNameW | - | 0x006E6934 | 0x003B2664 | 0x003B1464 | 0x00000125 |
| IsWindowVisible | - | 0x006E6938 | 0x003B2668 | 0x003B1468 | 0x00000225 |
| OpenIcon | - | 0x006E693C | 0x003B266C | 0x003B146C | 0x00000270 |
| FindWindowW | - | 0x006E6940 | 0x003B2670 | 0x003B1470 | 0x0000010B |
| EnumWindows | - | 0x006E6944 | 0x003B2674 | 0x003B1474 | 0x00000101 |
| IsIconic | - | 0x006E6948 | 0x003B2678 | 0x003B1478 | 0x0000020F |
| SetFocus | - | 0x006E694C | 0x003B267C | 0x003B147C | 0x000002F7 |
| SetRect | - | 0x006E6950 | 0x003B2680 | 0x003B1480 | 0x00000317 |
| GetCapture | - | 0x006E6954 | 0x003B2684 | 0x003B1484 | 0x0000011B |
| SetCapture | - | 0x006E6958 | 0x003B2688 | 0x003B1488 | 0x000002E2 |
| WindowFromPoint | - | 0x006E695C | 0x003B268C | 0x003B148C | 0x00000398 |
| ReleaseCapture | - | 0x006E6960 | 0x003B2690 | 0x003B1490 | 0x000002C5 |
| SetCursor | - | 0x006E6964 | 0x003B2694 | 0x003B1494 | 0x000002EB |
| CharNextW | - | 0x006E6968 | 0x003B2698 | 0x003B1498 | 0x00000031 |
| GetClassInfoW | - | 0x006E696C | 0x003B269C | 0x003B149C | 0x00000121 |
| RegisterClassW | - | 0x006E6970 | 0x003B26A0 | 0x003B14A0 | 0x000002A9 |
| DispatchMessageW | - | 0x006E6974 | 0x003B26A4 | 0x003B14A4 | 0x000000B6 |
| TranslateMessage | - | 0x006E6978 | 0x003B26A8 | 0x003B14A8 | 0x00000363 |
| GetMessageW | - | 0x006E697C | 0x003B26AC | 0x003B14AC | 0x00000176 |
| PeekMessageW | - | 0x006E6980 | 0x003B26B0 | 0x003B14B0 | 0x0000027B |
| MessageBoxW | - | 0x006E6984 | 0x003B26B4 | 0x003B14B4 | 0x0000025C |
| GetWindowDC | - | 0x006E6988 | 0x003B26B8 | 0x003B14B8 | 0x000001C4 |
| GetFocus | - | 0x006E698C | 0x003B26BC | 0x003B14BC | 0x00000145 |
| MsgWaitForMultipleObjects | - | 0x006E6990 | 0x003B26C0 | 0x003B14C0 | 0x00000263 |
| IsWindowUnicode | - | 0x006E6994 | 0x003B26C4 | 0x003B14C4 | 0x00000224 |
| GetMessageA | - | 0x006E6998 | 0x003B26C8 | 0x003B14C8 | 0x00000172 |
| EnableWindow | - | 0x006E699C | 0x003B26CC | 0x003B14CC | 0x000000E6 |
| BringWindowToTop | - | 0x006E69A0 | 0x003B26D0 | 0x003B14D0 | 0x00000010 |
| UpdateWindow | - | 0x006E69A4 | 0x003B26D4 | 0x003B14D4 | 0x0000037B |
| GetDlgCtrlID | - | 0x006E69A8 | 0x003B26D8 | 0x003B14D8 | 0x0000013D |
| DispatchMessageA | - | 0x006E69AC | 0x003B26DC | 0x003B14DC | 0x000000B5 |
GDI32.dll (48)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SaveDC | - | 0x006E6178 | 0x003B1EA8 | 0x003B0CA8 | 0x000002D6 |
| SetDIBColorTable | - | 0x006E617C | 0x003B1EAC | 0x003B0CAC | 0x00000315 |
| CreateDIBSection | - | 0x006E6180 | 0x003B1EB0 | 0x003B0CB0 | 0x00000036 |
| GetObjectW | - | 0x006E6184 | 0x003B1EB4 | 0x003B0CB4 | 0x00000259 |
| GetDIBColorTable | - | 0x006E6188 | 0x003B1EB8 | 0x003B0CB8 | 0x00000225 |
| StretchBlt | - | 0x006E618C | 0x003B1EBC | 0x003B0CBC | 0x00000341 |
| CreateFontIndirectW | - | 0x006E6190 | 0x003B1EC0 | 0x003B0CC0 | 0x00000041 |
| SetTextColor | - | 0x006E6194 | 0x003B1EC4 | 0x003B0CC4 | 0x00000334 |
| RestoreDC | - | 0x006E6198 | 0x003B1EC8 | 0x003B0CC8 | 0x000002CF |
| TextOutW | - | 0x006E619C | 0x003B1ECC | 0x003B0CCC | 0x00000347 |
| GetStockObject | - | 0x006E61A0 | 0x003B1ED0 | 0x003B0CD0 | 0x00000269 |
| PatBlt | - | 0x006E61A4 | 0x003B1ED4 | 0x003B0CD4 | 0x000002AC |
| CreateBitmap | - | 0x006E61A8 | 0x003B1ED8 | 0x003B0CD8 | 0x00000029 |
| CreatePatternBrush | - | 0x006E61AC | 0x003B1EDC | 0x003B0CDC | 0x0000004B |
| GetClipBox | - | 0x006E61B0 | 0x003B1EE0 | 0x003B0CE0 | 0x0000021B |
| SetBkMode | - | 0x006E61B4 | 0x003B1EE4 | 0x003B0CE4 | 0x0000030D |
| ExtTextOutW | - | 0x006E61B8 | 0x003B1EE8 | 0x003B0CE8 | 0x00000190 |
| SetBkColor | - | 0x006E61BC | 0x003B1EEC | 0x003B0CEC | 0x0000030C |
| CreateSolidBrush | - | 0x006E61C0 | 0x003B1EF0 | 0x003B0CF0 | 0x00000056 |
| GetDeviceCaps | - | 0x006E61C4 | 0x003B1EF4 | 0x003B0CF4 | 0x00000227 |
| BitBlt | - | 0x006E61C8 | 0x003B1EF8 | 0x003B0CF8 | 0x00000013 |
| DeleteObject | - | 0x006E61CC | 0x003B1EFC | 0x003B0CFC | 0x0000013E |
| UnrealizeObject | - | 0x006E61D0 | 0x003B1F00 | 0x003B0D00 | 0x0000034A |
| GetTextExtentPoint32W | - | 0x006E61D4 | 0x003B1F04 | 0x003B0D04 | 0x0000027A |
| GetTextMetricsW | - | 0x006E61D8 | 0x003B1F08 | 0x003B0D08 | 0x00000282 |
| CreateDCW | - | 0x006E61DC | 0x003B1F0C | 0x003B0D0C | 0x00000033 |
| CreateRectRgn | - | 0x006E61E0 | 0x003B1F10 | 0x003B0D10 | 0x00000050 |
| StrokeAndFillPath | - | 0x006E61E4 | 0x003B1F14 | 0x003B0D14 | 0x00000343 |
| EndPath | - | 0x006E61E8 | 0x003B1F18 | 0x003B0D18 | 0x0000014B |
| BeginPath | - | 0x006E61EC | 0x003B1F1C | 0x003B0D1C | 0x00000012 |
| GetClipRgn | - | 0x006E61F0 | 0x003B1F20 | 0x003B0D20 | 0x0000021C |
| PolylineTo | - | 0x006E61F4 | 0x003B1F24 | 0x003B0D24 | 0x000002BE |
| Ellipse | - | 0x006E61F8 | 0x003B1F28 | 0x003B0D28 | 0x00000145 |
| LineTo | - | 0x006E61FC | 0x003B1F2C | 0x003B0D2C | 0x00000292 |
| MoveToEx | - | 0x006E6200 | 0x003B1F30 | 0x003B0D30 | 0x000002A0 |
| CreatePen | - | 0x006E6204 | 0x003B1F34 | 0x003B0D34 | 0x0000004C |
| Rectangle | - | 0x006E6208 | 0x003B1F38 | 0x003B0D38 | 0x000002C5 |
| SelectClipRgn | - | 0x006E620C | 0x003B1F3C | 0x003B0D3C | 0x00000303 |
| GetBkColor | - | 0x006E6210 | 0x003B1F40 | 0x003B0D40 | 0x00000204 |
| CreateCompatibleBitmap | - | 0x006E6214 | 0x003B1F44 | 0x003B0D44 | 0x00000030 |
| GetTextColor | - | 0x006E6218 | 0x003B1F48 | 0x003B0D48 | 0x00000274 |
| CreateRectRgnIndirect | - | 0x006E621C | 0x003B1F4C | 0x003B0D4C | 0x00000051 |
| DeleteDC | - | 0x006E6220 | 0x003B1F50 | 0x003B0D50 | 0x0000013B |
| SelectObject | - | 0x006E6224 | 0x003B1F54 | 0x003B0D54 | 0x00000305 |
| ExcludeClipRect | - | 0x006E6228 | 0x003B1F58 | 0x003B0D58 | 0x00000189 |
| CreateCompatibleDC | - | 0x006E622C | 0x003B1F5C | 0x003B0D5C | 0x00000031 |
| CombineRgn | - | 0x006E6230 | 0x003B1F60 | 0x003B0D60 | 0x00000022 |
| SetViewportOrgEx | - | 0x006E6234 | 0x003B1F64 | 0x003B0D64 | 0x00000337 |
COMDLG32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSaveFileNameW | - | 0x006E60EC | 0x003B1E1C | 0x003B0C1C | 0x0000000E |
| GetOpenFileNameW | - | 0x006E60F0 | 0x003B1E20 | 0x003B0C20 | 0x0000000C |
ADVAPI32.dll (43)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| AccessCheck | - | 0x006E6000 | 0x003B1D30 | 0x003B0B30 | 0x00000005 |
| CopySid | - | 0x006E6004 | 0x003B1D34 | 0x003B0B34 | 0x00000085 |
| GetLengthSid | - | 0x006E6008 | 0x003B1D38 | 0x003B0B38 | 0x0000014A |
| LookupAccountSidW | - | 0x006E600C | 0x003B1D3C | 0x003B0B3C | 0x000001A7 |
| EqualSid | - | 0x006E6010 | 0x003B1D40 | 0x003B0B40 | 0x00000118 |
| OpenThreadToken | - | 0x006E6014 | 0x003B1D44 | 0x003B0B44 | 0x00000218 |
| GetSidSubAuthority | - | 0x006E6018 | 0x003B1D48 | 0x003B0B48 | 0x0000016B |
| GetSidSubAuthorityCount | - | 0x006E601C | 0x003B1D4C | 0x003B0B4C | 0x0000016C |
| GetSidIdentifierAuthority | - | 0x006E6020 | 0x003B1D50 | 0x003B0B50 | 0x00000169 |
| IsValidSid | - | 0x006E6024 | 0x003B1D54 | 0x003B0B54 | 0x0000019C |
| RegEnumValueW | - | 0x006E6028 | 0x003B1D58 | 0x003B0B58 | 0x00000277 |
| MapGenericMask | - | 0x006E602C | 0x003B1D5C | 0x003B0B5C | 0x000001FE |
| DuplicateToken | - | 0x006E6030 | 0x003B1D60 | 0x003B0B60 | 0x000000EE |
| GetFileSecurityW | - | 0x006E6034 | 0x003B1D64 | 0x003B0B64 | 0x00000144 |
| SetNamedSecurityInfoW | - | 0x006E6038 | 0x003B1D68 | 0x003B0B68 | 0x000002DB |
| CryptGenRandom | - | 0x006E603C | 0x003B1D6C | 0x003B0B6C | 0x000000D1 |
| CryptReleaseContext | - | 0x006E6040 | 0x003B1D70 | 0x003B0B70 | 0x000000DB |
| CryptAcquireContextA | - | 0x006E6044 | 0x003B1D74 | 0x003B0B74 | 0x000000C0 |
| CloseEventLog | - | 0x006E6048 | 0x003B1D78 | 0x003B0B78 | 0x00000064 |
| ClearEventLogW | - | 0x006E604C | 0x003B1D7C | 0x003B0B7C | 0x00000061 |
| OpenEventLogW | - | 0x006E6050 | 0x003B1D80 | 0x003B0B80 | 0x00000212 |
| LookupPrivilegeNameW | - | 0x006E6054 | 0x003B1D84 | 0x003B0B84 | 0x000001AB |
| RegUnLoadKeyW | - | 0x006E6058 | 0x003B1D88 | 0x003B0B88 | 0x000002A6 |
| RegLoadKeyW | - | 0x006E605C | 0x003B1D8C | 0x003B0B8C | 0x0000027F |
| RegNotifyChangeKeyValue | - | 0x006E6060 | 0x003B1D90 | 0x003B0B90 | 0x00000282 |
| GetUserNameW | - | 0x006E6064 | 0x003B1D94 | 0x003B0B94 | 0x0000017A |
| RegCloseKey | - | 0x006E6068 | 0x003B1D98 | 0x003B0B98 | 0x00000255 |
| RegOpenKeyExW | - | 0x006E606C | 0x003B1D9C | 0x003B0B9C | 0x00000286 |
| RegDeleteKeyW | - | 0x006E6070 | 0x003B1DA0 | 0x003B0BA0 | 0x00000269 |
| RegQueryInfoKeyW | - | 0x006E6074 | 0x003B1DA4 | 0x003B0BA4 | 0x0000028D |
| RegEnumKeyExW | - | 0x006E6078 | 0x003B1DA8 | 0x003B0BA8 | 0x00000274 |
| RegSetValueExW | - | 0x006E607C | 0x003B1DAC | 0x003B0BAC | 0x000002A3 |
| RegCreateKeyExW | - | 0x006E6080 | 0x003B1DB0 | 0x003B0BB0 | 0x0000025E |
| RegDeleteValueW | - | 0x006E6084 | 0x003B1DB4 | 0x003B0BB4 | 0x0000026D |
| RegQueryValueExW | - | 0x006E6088 | 0x003B1DB8 | 0x003B0BB8 | 0x00000293 |
| OpenProcessToken | - | 0x006E608C | 0x003B1DBC | 0x003B0BBC | 0x00000213 |
| GetTokenInformation | - | 0x006E6090 | 0x003B1DC0 | 0x003B0BC0 | 0x0000016F |
| LookupPrivilegeValueW | - | 0x006E6094 | 0x003B1DC4 | 0x003B0BC4 | 0x000001AD |
| AdjustTokenPrivileges | - | 0x006E6098 | 0x003B1DC8 | 0x003B0BC8 | 0x0000001F |
| FreeSid | - | 0x006E609C | 0x003B1DCC | 0x003B0BCC | 0x00000133 |
| AllocateAndInitializeSid | - | 0x006E60A0 | 0x003B1DD0 | 0x003B0BD0 | 0x00000020 |
| SetEntriesInAclW | - | 0x006E60A4 | 0x003B1DD4 | 0x003B0BD4 | 0x000002D0 |
| LookupAccountNameW | - | 0x006E60A8 | 0x003B1DD8 | 0x003B0BD8 | 0x000001A5 |
SHELL32.dll (12)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetSpecialFolderLocation | - | 0x006E662C | 0x003B235C | 0x003B115C | 0x00000173 |
| SHGetPathFromIDListW | - | 0x006E6630 | 0x003B2360 | 0x003B1160 | 0x0000016B |
| SHBrowseForFolderW | - | 0x006E6634 | 0x003B2364 | 0x003B1164 | 0x00000087 |
| DragQueryFileW | - | 0x006E6638 | 0x003B2368 | 0x003B1168 | 0x00000028 |
| DragFinish | - | 0x006E663C | 0x003B236C | 0x003B116C | 0x00000024 |
| ShellExecuteExW | - | 0x006E6640 | 0x003B2370 | 0x003B1170 | 0x000001B5 |
| Shell_NotifyIconW | - | 0x006E6644 | 0x003B2374 | 0x003B1174 | 0x000001C2 |
| ExtractIconExW | - | 0x006E6648 | 0x003B2378 | 0x003B1178 | 0x00000033 |
| SHGetFileInfoW | - | 0x006E664C | 0x003B237C | 0x003B117C | 0x00000151 |
| SHEmptyRecycleBinW | - | 0x006E6650 | 0x003B2380 | 0x003B1180 | 0x00000139 |
| SHAddToRecentDocs | - | 0x006E6654 | 0x003B2384 | 0x003B1184 | 0x0000007C |
| ShellExecuteW | - | 0x006E6658 | 0x003B2388 | 0x003B1188 | 0x000001B6 |
ole32.dll (23)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoSetProxyBlanket | - | 0x006E6AD8 | 0x003B2808 | 0x003B1608 | 0x00000084 |
| CoInitializeEx | - | 0x006E6ADC | 0x003B280C | 0x003B160C | 0x0000005E |
| CoUninitialize | - | 0x006E6AE0 | 0x003B2810 | 0x003B1610 | 0x0000008D |
| CoInitialize | - | 0x006E6AE4 | 0x003B2814 | 0x003B1614 | 0x0000005D |
| PropVariantClear | - | 0x006E6AE8 | 0x003B2818 | 0x003B1618 | 0x00000193 |
| CLSIDFromString | - | 0x006E6AEC | 0x003B281C | 0x003B161C | 0x0000000C |
| CLSIDFromProgID | - | 0x006E6AF0 | 0x003B2820 | 0x003B1620 | 0x0000000A |
| CoGetClassObject | - | 0x006E6AF4 | 0x003B2824 | 0x003B1624 | 0x00000041 |
| OleLockRunning | - | 0x006E6AF8 | 0x003B2828 | 0x003B1628 | 0x00000178 |
| StringFromGUID2 | - | 0x006E6AFC | 0x003B282C | 0x003B162C | 0x000001C9 |
| CoInitializeSecurity | - | 0x006E6B00 | 0x003B2830 | 0x003B1630 | 0x0000005F |
| DoDragDrop | - | 0x006E6B04 | 0x003B2834 | 0x003B1634 | 0x000000B1 |
| RegisterDragDrop | - | 0x006E6B08 | 0x003B2838 | 0x003B1638 | 0x0000019C |
| RevokeDragDrop | - | 0x006E6B0C | 0x003B283C | 0x003B163C | 0x0000019F |
| OleDuplicateData | - | 0x006E6B10 | 0x003B2840 | 0x003B1640 | 0x00000167 |
| ReleaseStgMedium | - | 0x006E6B14 | 0x003B2844 | 0x003B1644 | 0x0000019D |
| CoCreateInstance | - | 0x006E6B18 | 0x003B2848 | 0x003B1648 | 0x00000028 |
| CoTaskMemAlloc | - | 0x006E6B1C | 0x003B284C | 0x003B164C | 0x00000088 |
| CoTaskMemRealloc | - | 0x006E6B20 | 0x003B2850 | 0x003B1650 | 0x0000008A |
| CoTaskMemFree | - | 0x006E6B24 | 0x003B2854 | 0x003B1654 | 0x00000089 |
| OleUninitialize | - | 0x006E6B28 | 0x003B2858 | 0x003B1658 | 0x0000018C |
| OleInitialize | - | 0x006E6B2C | 0x003B285C | 0x003B165C | 0x0000016F |
| CreateStreamOnHGlobal | - | 0x006E6B30 | 0x003B2860 | 0x003B1660 | 0x000000A8 |
OLEAUT32.dll (15)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadRegTypeLib | 0x000000A2 | 0x006E65E4 | 0x003B2314 | 0x003B1114 | - |
| LoadTypeLib | 0x000000A1 | 0x006E65E8 | 0x003B2318 | 0x003B1118 | - |
| SysAllocStringLen | 0x00000004 | 0x006E65EC | 0x003B231C | 0x003B111C | - |
| DispCallFunc | 0x00000092 | 0x006E65F0 | 0x003B2320 | 0x003B1120 | - |
| OleCreateFontIndirect | 0x000001A4 | 0x006E65F4 | 0x003B2324 | 0x003B1124 | - |
| VarBstrFromI4 | 0x0000006E | 0x006E65F8 | 0x003B2328 | 0x003B1128 | - |
| VariantChangeType | 0x0000000C | 0x006E65FC | 0x003B232C | 0x003B112C | - |
| VariantTimeToSystemTime | 0x000000B9 | 0x006E6600 | 0x003B2330 | 0x003B1130 | - |
| SysStringLen | 0x00000007 | 0x006E6604 | 0x003B2334 | 0x003B1134 | - |
| VariantInit | 0x00000008 | 0x006E6608 | 0x003B2338 | 0x003B1138 | - |
| VariantClear | 0x00000009 | 0x006E660C | 0x003B233C | 0x003B113C | - |
| SysAllocString | 0x00000002 | 0x006E6610 | 0x003B2340 | 0x003B1140 | - |
| VarUI4FromStr | 0x00000115 | 0x006E6614 | 0x003B2344 | 0x003B1144 | - |
| SysFreeString | 0x00000006 | 0x006E6618 | 0x003B2348 | 0x003B1148 | - |
| VarBstrFromR8 | 0x00000070 | 0x006E661C | 0x003B234C | 0x003B114C | - |
SHLWAPI.dll (28)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| PathFindExtensionW | - | 0x006E6660 | 0x003B2390 | 0x003B1190 | 0x0000004B |
| PathCombineW | - | 0x006E6664 | 0x003B2394 | 0x003B1194 | 0x0000003D |
| PathRemoveExtensionA | - | 0x006E6668 | 0x003B2398 | 0x003B1198 | 0x0000008C |
| PathRemoveExtensionW | - | 0x006E666C | 0x003B239C | 0x003B119C | 0x0000008D |
| PathAddExtensionW | - | 0x006E6670 | 0x003B23A0 | 0x003B11A0 | 0x00000035 |
| PathStripToRootW | - | 0x006E6674 | 0x003B23A4 | 0x003B11A4 | 0x0000009B |
| PathSkipRootW | - | 0x006E6678 | 0x003B23A8 | 0x003B11A8 | 0x00000097 |
| PathRemoveArgsW | - | 0x006E667C | 0x003B23AC | 0x003B11AC | 0x00000087 |
| PathGetDriveNumberW | - | 0x006E6680 | 0x003B23B0 | 0x003B11B0 | 0x00000059 |
| PathCompactPathW | - | 0x006E6684 | 0x003B23B4 | 0x003B11B4 | 0x00000043 |
| PathRemoveFileSpecW | - | 0x006E6688 | 0x003B23B8 | 0x003B11B8 | 0x0000008F |
| PathIsDirectoryW | - | 0x006E668C | 0x003B23BC | 0x003B11BC | 0x0000005F |
| PathFileExistsW | - | 0x006E6690 | 0x003B23C0 | 0x003B11C0 | 0x00000049 |
| PathAppendW | - | 0x006E6694 | 0x003B23C4 | 0x003B11C4 | 0x00000037 |
| PathMatchSpecW | - | 0x006E6698 | 0x003B23C8 | 0x003B11C8 | 0x0000007F |
| PathUnquoteSpacesW | - | 0x006E669C | 0x003B23CC | 0x003B11CC | 0x000000A3 |
| SHStrDupW | - | 0x006E66A0 | 0x003B23D0 | 0x003B11D0 | 0x00000108 |
| PathStripPathW | - | 0x006E66A4 | 0x003B23D4 | 0x003B11D4 | 0x00000099 |
| PathIsURLW | - | 0x006E66A8 | 0x003B23D8 | 0x003B11D8 | 0x00000077 |
| PathCreateFromUrlW | - | 0x006E66AC | 0x003B23DC | 0x003B11DC | 0x00000046 |
| PathStripPathA | - | 0x006E66B0 | 0x003B23E0 | 0x003B11E0 | 0x00000098 |
| PathIsUNCW | - | 0x006E66B4 | 0x003B23E4 | 0x003B11E4 | 0x00000075 |
| PathIsRelativeW | - | 0x006E66B8 | 0x003B23E8 | 0x003B11E8 | 0x00000069 |
| PathFindFileNameW | - | 0x006E66BC | 0x003B23EC | 0x003B11EC | 0x0000004D |
| None | 0x000001E7 | 0x006E66C0 | 0x003B23F0 | 0x003B11F0 | - |
| StrRetToStrW | - | 0x006E66C4 | 0x003B23F4 | 0x003B11F4 | 0x0000014A |
| PathIsDirectoryEmptyW | - | 0x006E66C8 | 0x003B23F8 | 0x003B11F8 | 0x0000005E |
| PathRemoveBackslashW | - | 0x006E66CC | 0x003B23FC | 0x003B11FC | 0x00000089 |
COMCTL32.dll (14)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ImageList_LoadImageW | - | 0x006E60B0 | 0x003B1DE0 | 0x003B0BE0 | 0x00000069 |
| ImageList_Add | - | 0x006E60B4 | 0x003B1DE4 | 0x003B0BE4 | 0x0000004D |
| ImageList_Create | - | 0x006E60B8 | 0x003B1DE8 | 0x003B0BE8 | 0x00000053 |
| ImageList_GetIcon | - | 0x006E60BC | 0x003B1DEC | 0x003B0BEC | 0x00000062 |
| _TrackMouseEvent | - | 0x006E60C0 | 0x003B1DF0 | 0x003B0BF0 | 0x00000092 |
| ImageList_Remove | - | 0x006E60C4 | 0x003B1DF4 | 0x003B0BF4 | 0x0000006D |
| ImageList_SetIconSize | - | 0x006E60C8 | 0x003B1DF8 | 0x003B0BF8 | 0x00000075 |
| ImageList_Duplicate | - | 0x006E60CC | 0x003B1DFC | 0x003B0BFC | 0x0000005D |
| InitCommonControlsEx | - | 0x006E60D0 | 0x003B1E00 | 0x003B0C00 | 0x0000007B |
| ImageList_Destroy | - | 0x006E60D4 | 0x003B1E04 | 0x003B0C04 | 0x00000054 |
| ImageList_Draw | - | 0x006E60D8 | 0x003B1E08 | 0x003B0C08 | 0x0000005A |
| ImageList_GetIconSize | - | 0x006E60DC | 0x003B1E0C | 0x003B0C0C | 0x00000063 |
| ImageList_GetImageCount | - | 0x006E60E0 | 0x003B1E10 | 0x003B0C10 | 0x00000064 |
| ImageList_ReplaceIcon | - | 0x006E60E4 | 0x003B1E14 | 0x003B0C14 | 0x0000006F |
MSIMG32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| TransparentBlt | - | 0x006E65CC | 0x003B22FC | 0x003B10FC | 0x00000003 |
| AlphaBlend | - | 0x006E65D0 | 0x003B2300 | 0x003B1100 | 0x00000000 |
gdiplus.dll (35)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GdipCloneBrush | - | 0x006E6A48 | 0x003B2778 | 0x003B1578 | 0x00000032 |
| GdipCreateSolidFill | - | 0x006E6A4C | 0x003B277C | 0x003B157C | 0x00000082 |
| GdipFillRectangleI | - | 0x006E6A50 | 0x003B2780 | 0x003B1580 | 0x000000E5 |
| GdipCreateFromHDC | - | 0x006E6A54 | 0x003B2784 | 0x003B1584 | 0x0000005B |
| GdipSetSmoothingMode | - | 0x006E6A58 | 0x003B2788 | 0x003B1588 | 0x00000249 |
| GdipAddPathPieI | - | 0x006E6A5C | 0x003B278C | 0x003B158C | 0x00000018 |
| GdipIsVisiblePathPointI | - | 0x006E6A60 | 0x003B2790 | 0x003B1590 | 0x000001AC |
| GdipCreatePen1 | - | 0x006E6A64 | 0x003B2794 | 0x003B1594 | 0x0000007A |
| GdipDeletePen | - | 0x006E6A68 | 0x003B2798 | 0x003B1598 | 0x00000094 |
| GdipDrawRectangleI | - | 0x006E6A6C | 0x003B279C | 0x003B159C | 0x000000C5 |
| GdipCreateHatchBrush | - | 0x006E6A70 | 0x003B27A0 | 0x003B15A0 | 0x00000062 |
| GdipFillPieI | - | 0x006E6A74 | 0x003B27A4 | 0x003B15A4 | 0x000000DF |
| GdipDrawPieI | - | 0x006E6A78 | 0x003B27A8 | 0x003B15A8 | 0x000000C1 |
| GdipCreateBitmapFromFile | - | 0x006E6A7C | 0x003B27AC | 0x003B15AC | 0x00000049 |
| GdipDeleteBrush | - | 0x006E6A80 | 0x003B27B0 | 0x003B15B0 | 0x0000008A |
| GdipDeletePath | - | 0x006E6A84 | 0x003B27B4 | 0x003B15B4 | 0x00000092 |
| GdipCreatePath | - | 0x006E6A88 | 0x003B27B8 | 0x003B15B8 | 0x00000073 |
| GdiplusShutdown | - | 0x006E6A8C | 0x003B27BC | 0x003B15BC | 0x00000274 |
| GdiplusStartup | - | 0x006E6A90 | 0x003B27C0 | 0x003B15C0 | 0x00000275 |
| GdipCreateBitmapFromStream | - | 0x006E6A94 | 0x003B27C4 | 0x003B15C4 | 0x00000051 |
| GdipGetImagePixelFormat | - | 0x006E6A98 | 0x003B27C8 | 0x003B15C8 | 0x00000127 |
| GdipGetImageHeight | - | 0x006E6A9C | 0x003B27CC | 0x003B15CC | 0x00000122 |
| GdipGetImageWidth | - | 0x006E6AA0 | 0x003B27D0 | 0x003B15D0 | 0x0000012C |
| GdipGetImagePaletteSize | - | 0x006E6AA4 | 0x003B27D4 | 0x003B15D4 | 0x00000126 |
| GdipGetImagePalette | - | 0x006E6AA8 | 0x003B27D8 | 0x003B15D8 | 0x00000125 |
| GdipBitmapLockBits | - | 0x006E6AAC | 0x003B27DC | 0x003B15DC | 0x0000002B |
| GdipBitmapUnlockBits | - | 0x006E6AB0 | 0x003B27E0 | 0x003B15E0 | 0x0000002E |
| GdipCreateBitmapFromScan0 | - | 0x006E6AB4 | 0x003B27E4 | 0x003B15E4 | 0x00000050 |
| GdipCloneImage | - | 0x006E6AB8 | 0x003B27E8 | 0x003B15E8 | 0x00000036 |
| GdipAlloc | - | 0x006E6ABC | 0x003B27EC | 0x003B15EC | 0x00000021 |
| GdipFree | - | 0x006E6AC0 | 0x003B27F0 | 0x003B15F0 | 0x000000ED |
| GdipGetImageGraphicsContext | - | 0x006E6AC4 | 0x003B27F4 | 0x003B15F4 | 0x00000121 |
| GdipDeleteGraphics | - | 0x006E6AC8 | 0x003B27F8 | 0x003B15F8 | 0x00000090 |
| GdipDrawImageI | - | 0x006E6ACC | 0x003B27FC | 0x003B15FC | 0x000000B0 |
| GdipDisposeImage | - | 0x006E6AD0 | 0x003B2800 | 0x003B1600 | 0x00000098 |
UxTheme.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| IsThemeActive | - | 0x006E69B4 | 0x003B26E4 | 0x003B14E4 | 0x00000049 |
| GetThemeInt | - | 0x006E69B8 | 0x003B26E8 | 0x003B14E8 | 0x0000002F |
| OpenThemeData | - | 0x006E69BC | 0x003B26EC | 0x003B14EC | 0x0000004D |
| GetThemeColor | - | 0x006E69C0 | 0x003B26F0 | 0x003B14F0 | 0x0000002A |
| DrawThemeEdge | - | 0x006E69C4 | 0x003B26F4 | 0x003B14F4 | 0x0000000F |
| GetThemeBackgroundContentRect | - | 0x006E69C8 | 0x003B26F8 | 0x003B14F8 | 0x00000025 |
| DrawThemeBackground | - | 0x006E69CC | 0x003B26FC | 0x003B14FC | 0x0000000D |
| CloseThemeData | - | 0x006E69D0 | 0x003B2700 | 0x003B1500 | 0x00000009 |
WTSAPI32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WTSFreeMemory | - | 0x006E6A3C | 0x003B276C | 0x003B156C | 0x00000017 |
| WTSQuerySessionInformationW | - | 0x006E6A40 | 0x003B2770 | 0x003B1570 | 0x00000026 |
NETAPI32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| NetApiBufferFree | - | 0x006E65D8 | 0x003B2308 | 0x003B1108 | 0x00000059 |
| NetLocalGroupGetMembers | - | 0x006E65DC | 0x003B230C | 0x003B110C | 0x000000A4 |
CRYPT32.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptMsgClose | - | 0x006E60F8 | 0x003B1E28 | 0x003B0C28 | 0x000000B1 |
| CryptDecodeObject | - | 0x006E60FC | 0x003B1E2C | 0x003B0C2C | 0x00000084 |
| CertFindCertificateInStore | - | 0x006E6100 | 0x003B1E30 | 0x003B0C30 | 0x00000035 |
| CertGetNameStringW | - | 0x006E6104 | 0x003B1E34 | 0x003B0C34 | 0x0000004B |
| CertFreeCertificateContext | - | 0x006E6108 | 0x003B1E38 | 0x003B0C38 | 0x00000040 |
| CryptQueryObject | - | 0x006E610C | 0x003B1E3C | 0x003B0C3C | 0x000000C8 |
| CryptMsgGetParam | - | 0x006E6110 | 0x003B1E40 | 0x003B0C40 | 0x000000B8 |
| CertCloseStore | - | 0x006E6114 | 0x003B1E44 | 0x003B0C44 | 0x00000012 |
WINTRUST.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WinVerifyTrust | - | 0x006E6A34 | 0x003B2764 | 0x003B1564 | 0x00000084 |
ESENT.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| JetDeleteTable | - | 0x006E611C | 0x003B1E4C | 0x003B0C4C | 0x0000006D |
| JetCreateInstance2 | - | 0x006E6120 | 0x003B1E50 | 0x003B0C50 | 0x00000044 |
| JetSetSystemParameter | - | 0x006E6124 | 0x003B1E54 | 0x003B0C54 | 0x0000014B |
| JetTerm2 | - | 0x006E6128 | 0x003B1E58 | 0x003B0C58 | 0x00000159 |
| JetEndSession | - | 0x006E612C | 0x003B1E5C | 0x003B0C5C | 0x00000081 |
| JetCloseDatabase | - | 0x006E6130 | 0x003B1E60 | 0x003B0C60 | 0x00000021 |
| JetCloseTable | - | 0x006E6134 | 0x003B1E64 | 0x003B0C64 | 0x00000024 |
| JetGetDatabaseFileInfo | - | 0x006E6138 | 0x003B1E68 | 0x003B0C68 | 0x0000009B |
| JetInit2 | - | 0x006E613C | 0x003B1E6C | 0x003B0C6C | 0x000000DD |
| JetBeginSession | - | 0x006E6140 | 0x003B1E70 | 0x003B0C70 | 0x0000001A |
| JetCreateDatabase2 | - | 0x006E6144 | 0x003B1E74 | 0x003B0C74 | 0x00000031 |
| JetAttachDatabase2 | - | 0x006E6148 | 0x003B1E78 | 0x003B0C78 | 0x00000007 |
| JetOpenDatabase | - | 0x006E614C | 0x003B1E7C | 0x003B0C7C | 0x000000F5 |
| JetOpenTable | - | 0x006E6150 | 0x003B1E80 | 0x003B0C80 | 0x00000101 |
| JetSetCurrentIndex4 | - | 0x006E6154 | 0x003B1E84 | 0x003B0C84 | 0x0000013C |
| JetMove | - | 0x006E6158 | 0x003B1E88 | 0x003B0C88 | 0x000000E6 |
| JetEnumerateColumns | - | 0x006E615C | 0x003B1E8C | 0x003B0C8C | 0x00000083 |
| JetBeginTransaction | - | 0x006E6160 | 0x003B1E90 | 0x003B0C90 | 0x0000001E |
| JetRetrieveColumn | - | 0x006E6164 | 0x003B1E94 | 0x003B0C94 | 0x0000012A |
| JetDelete | - | 0x006E6168 | 0x003B1E98 | 0x003B0C98 | 0x00000063 |
| JetCommitTransaction | - | 0x006E616C | 0x003B1E9C | 0x003B0C9C | 0x00000025 |
| JetRollback | - | 0x006E6170 | 0x003B1EA0 | 0x003B0CA0 | 0x0000012E |
IPHLPAPI.DLL (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetAdaptersAddresses | - | 0x006E623C | 0x003B1F6C | 0x003B0D6C | 0x0000003F |
VERSION.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VerQueryValueW | - | 0x006E69D8 | 0x003B2708 | 0x003B1508 | 0x00000010 |
| GetFileVersionInfoW | - | 0x006E69DC | 0x003B270C | 0x003B150C | 0x00000008 |
| GetFileVersionInfoSizeW | - | 0x006E69E0 | 0x003B2710 | 0x003B1510 | 0x00000007 |
WININET.dll (18)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteUrlCacheEntryW | - | 0x006E69E8 | 0x003B2718 | 0x003B1518 | 0x00000021 |
| HttpOpenRequestW | - | 0x006E69EC | 0x003B271C | 0x003B151C | 0x00000078 |
| HttpAddRequestHeadersW | - | 0x006E69F0 | 0x003B2720 | 0x003B1520 | 0x0000006D |
| HttpSendRequestW | - | 0x006E69F4 | 0x003B2724 | 0x003B1524 | 0x00000081 |
| InternetConnectW | - | 0x006E69F8 | 0x003B2728 | 0x003B1528 | 0x0000009B |
| DeleteUrlCacheEntryA | - | 0x006E69FC | 0x003B272C | 0x003B152C | 0x00000020 |
| InternetQueryDataAvailable | - | 0x006E6A00 | 0x003B2730 | 0x003B1530 | 0x000000C8 |
| InternetCloseHandle | - | 0x006E6A04 | 0x003B2734 | 0x003B1534 | 0x00000094 |
| InternetReadFile | - | 0x006E6A08 | 0x003B2738 | 0x003B1538 | 0x000000CC |
| HttpQueryInfoW | - | 0x006E6A0C | 0x003B273C | 0x003B153C | 0x0000007D |
| InternetOpenUrlW | - | 0x006E6A10 | 0x003B2740 | 0x003B1540 | 0x000000C6 |
| InternetOpenW | - | 0x006E6A14 | 0x003B2744 | 0x003B1544 | 0x000000C7 |
| FindNextUrlCacheEntryExW | - | 0x006E6A18 | 0x003B2748 | 0x003B1548 | 0x00000037 |
| FindFirstUrlCacheEntryExW | - | 0x006E6A1C | 0x003B274C | 0x003B154C | 0x00000030 |
| FindCloseUrlCache | - | 0x006E6A20 | 0x003B2750 | 0x003B1550 | 0x0000002B |
| FindNextUrlCacheEntryW | - | 0x006E6A24 | 0x003B2754 | 0x003B1554 | 0x00000038 |
| FindFirstUrlCacheEntryW | - | 0x006E6A28 | 0x003B2758 | 0x003B1558 | 0x00000031 |
| InternetCrackUrlW | - | 0x006E6A2C | 0x003B275C | 0x003B155C | 0x0000009D |
Memory Dumps (11)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 311b.exe | 9 | 0x00400000 | 0x00A7FFFF | Relevant Image |
|
32-bit | 0x004C65D4 |
|
...
|
| buffer | 9 | 0x00C90000 | 0x00D3FFFF | First Execution |
|
32-bit | 0x00D105A8 |
|
...
|
| buffer | 9 | 0x00C90000 | 0x00D3FFFF | Content Changed |
|
32-bit | 0x00D112AF |
|
...
|
| buffer | 9 | 0x00C90000 | 0x00D3FFFF | Content Changed |
|
32-bit | 0x00D111AB |
|
...
|
| buffer | 9 | 0x00C90000 | 0x00D3FFFF | Final Dump |
|
32-bit | - |
|
...
|
| buffer | 9 | 0x02860FD0 | 0x028617CF | Final Dump |
|
32-bit | - |
|
...
|
| buffer | 9 | 0x028617D8 | 0x028619F7 | Final Dump |
|
32-bit | - |
|
...
|
| buffer | 9 | 0x02862920 | 0x028629F7 | Final Dump |
|
32-bit | - |
|
...
|
| buffer | 9 | 0x02862AE0 | 0x02862CDF | Final Dump |
|
32-bit | - |
|
...
|
| buffer | 9 | 0x02862CE8 | 0x02862DE7 | Final Dump |
|
32-bit | - |
|
...
|
| 311b.exe | 9 | 0x00400000 | 0x00A7FFFF | Final Dump |
|
32-bit | - |
|
...
|
| C:\Users\RDHJ0C~1\AppData\Local\Temp\311B.tmp | Dropped File | Empty |
Clean
|
...
|
»
| MIME Type | application/x-empty |
| File Size | 0 Bytes |
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SSDeep |
3::
|
| ImpHash | - |
| a1aaaf3a627c8a4f9e25bd0ecb3b446a79fe46d1695d03790c8c8f89eba402dc | Downloaded File | HTML |
Clean
|
...
|
»
| MIME Type | text/html |
| File Size | 407 Bytes |
| MD5 |
ae7ee35a75964da74bf291771f240930
|
| SHA1 |
b018fdb28a05adf26fcbe8bbd9048b0a33fd4ae6
|
| SHA256 |
a1aaaf3a627c8a4f9e25bd0ecb3b446a79fe46d1695d03790c8c8f89eba402dc
|
| SSDeep |
12:J0+t9xqeRKWTQzetSzRxnnezWfCJjsKtgizRon44ma8:39YeRKveQxawCJjsuRe4Y8
|
| ImpHash | - |
| 0b2cf6f19062846abe69598be7353f148c28d58882ace4487dd7e9e8e01a6449 | Downloaded File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 55 Bytes |
| MD5 |
1b09b5830666b024ef588bb467bad35f
|
| SHA1 |
39b5dd4188c7ff630ec2fc4566e4b8fef79a3d31
|
| SHA256 |
0b2cf6f19062846abe69598be7353f148c28d58882ace4487dd7e9e8e01a6449
|
| SSDeep |
3:oQz5Ok0aCQa4K:oQlOktCP4K
|
| ImpHash | - |
| 9f37ee32b5f1620f44adc2a458c60e504a650419f2de2882c912792c3e0d8a93 | Downloaded File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 24 Bytes |
| MD5 |
0a6b6b1b2993ce58d0ae4932baa2a39a
|
| SHA1 |
d111cd8d93188aabcd179193091b6e5e04aed84f
|
| SHA256 |
9f37ee32b5f1620f44adc2a458c60e504a650419f2de2882c912792c3e0d8a93
|
| SSDeep |
3:tfAVX:tIB
|
| ImpHash | - |
