Try VMRay Platform

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "37 minutes, 9 seconds" to "3 minutes, 50 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\adobloc.exe Sample File Binary
Malicious
»
MIME Type application/vnd.microsoft.portable-executable
File Size 4.12 MB
MD5 261a56d36006f274a3def7e2b0acb9d4 Copy to Clipboard
SHA1 3c6658e71b4b3a9c2200cf4c5cb337e1ebf449f4 Copy to Clipboard
SHA256 3e52c075a8eca95630727281a1380b78ac5392a035aef34aa3761afd1348e9f1 Copy to Clipboard
SSDeep 98304:+R0pI/IQlUoMPdmpSpM4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmn5n9klRKN41v Copy to Clipboard
ImpHash 1a611a7df1f3828b0157c4725145a721 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x00402EC0
Size Of Code 0x00175A20
Size Of Initialized Data 0x0001CF44
Size Of Uninitialized Data 0x00009554
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:00 (UTC+1)
Version Information (10)
»
FileDescription System Devices Optimizer
InternalName Devices Optimus
ProductName Devices Optimus
ProductVersion 6.0.0.0
Comments -
CompanyName -
FileVersion 6.0.0.0
LegalCopyright -
LegalTrademarks -
OriginalFilename -
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00175A20 0x00175C00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.06
.data 0x00577000 0x0001CF44 0x0001D000 0x00176000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.24
.rdata 0x00594000 0x000CC170 0x000CC200 0x00193000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.21
.bss 0x00661000 0x00009554 0x00000000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.CRT 0x0066B000 0x0000000C 0x00000200 0x0025F200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.06
.idata 0x0066C000 0x000030DE 0x00003200 0x0025F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.19
.rsrc 0x00670000 0x000206BC 0x00020800 0x00262600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.0
Imports (11)
»
kernel32.dll (126)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStdHandle - 0x0066C8A0 0x0026C0F0 0x0025F4F0 0x00000000
GetConsoleMode - 0x0066C8A4 0x0026C0F4 0x0025F4F4 0x00000000
TlsGetValue - 0x0066C8A8 0x0026C0F8 0x0025F4F8 0x00000000
GetLastError - 0x0066C8AC 0x0026C0FC 0x0025F4FC 0x00000000
SetLastError - 0x0066C8B0 0x0026C100 0x0025F500 0x00000000
RaiseException - 0x0066C8B4 0x0026C104 0x0025F504 0x00000000
GetTickCount - 0x0066C8B8 0x0026C108 0x0025F508 0x00000000
ExitProcess - 0x0066C8BC 0x0026C10C 0x0025F50C 0x00000000
GetStartupInfoA - 0x0066C8C0 0x0026C110 0x0025F510 0x00000000
GetCommandLineA - 0x0066C8C4 0x0026C114 0x0025F514 0x00000000
GetCurrentProcessId - 0x0066C8C8 0x0026C118 0x0025F518 0x00000000
GetCurrentThreadId - 0x0066C8CC 0x0026C11C 0x0025F51C 0x00000000
GetCurrentProcess - 0x0066C8D0 0x0026C120 0x0025F520 0x00000000
ReadProcessMemory - 0x0066C8D4 0x0026C124 0x0025F524 0x00000000
GetModuleFileNameA - 0x0066C8D8 0x0026C128 0x0025F528 0x00000000
GetModuleHandleA - 0x0066C8DC 0x0026C12C 0x0025F52C 0x00000000
WriteFile - 0x0066C8E0 0x0026C130 0x0025F530 0x00000000
ReadFile - 0x0066C8E4 0x0026C134 0x0025F534 0x00000000
CloseHandle - 0x0066C8E8 0x0026C138 0x0025F538 0x00000000
SetFilePointer - 0x0066C8EC 0x0026C13C 0x0025F53C 0x00000000
SetEndOfFile - 0x0066C8F0 0x0026C140 0x0025F540 0x00000000
GetSystemInfo - 0x0066C8F4 0x0026C144 0x0025F544 0x00000000
LoadLibraryW - 0x0066C8F8 0x0026C148 0x0025F548 0x00000000
LoadLibraryA - 0x0066C8FC 0x0026C14C 0x0025F54C 0x00000000
GetProcAddress - 0x0066C900 0x0026C150 0x0025F550 0x00000000
FreeLibrary - 0x0066C904 0x0026C154 0x0025F554 0x00000000
FormatMessageW - 0x0066C908 0x0026C158 0x0025F558 0x00000000
DeleteFileW - 0x0066C90C 0x0026C15C 0x0025F55C 0x00000000
CreateFileW - 0x0066C910 0x0026C160 0x0025F560 0x00000000
GetFileAttributesW - 0x0066C914 0x0026C164 0x0025F564 0x00000000
CreateDirectoryW - 0x0066C918 0x0026C168 0x0025F568 0x00000000
GetCurrentDirectoryW - 0x0066C91C 0x0026C16C 0x0025F56C 0x00000000
GetFullPathNameW - 0x0066C920 0x0026C170 0x0025F570 0x00000000
GetConsoleOutputCP - 0x0066C924 0x0026C174 0x0025F574 0x00000000
GetOEMCP - 0x0066C928 0x0026C178 0x0025F578 0x00000000
GetProcessHeap - 0x0066C92C 0x0026C17C 0x0025F57C 0x00000000
HeapAlloc - 0x0066C930 0x0026C180 0x0025F580 0x00000000
HeapFree - 0x0066C934 0x0026C184 0x0025F584 0x00000000
TlsAlloc - 0x0066C938 0x0026C188 0x0025F588 0x00000000
TlsSetValue - 0x0066C93C 0x0026C18C 0x0025F58C 0x00000000
CreateThread - 0x0066C940 0x0026C190 0x0025F590 0x00000000
ExitThread - 0x0066C944 0x0026C194 0x0025F594 0x00000000
LocalAlloc - 0x0066C948 0x0026C198 0x0025F598 0x00000000
LocalFree - 0x0066C94C 0x0026C19C 0x0025F59C 0x00000000
Sleep - 0x0066C950 0x0026C1A0 0x0025F5A0 0x00000000
SuspendThread - 0x0066C954 0x0026C1A4 0x0025F5A4 0x00000000
ResumeThread - 0x0066C958 0x0026C1A8 0x0025F5A8 0x00000000
TerminateThread - 0x0066C95C 0x0026C1AC 0x0025F5AC 0x00000000
WaitForSingleObject - 0x0066C960 0x0026C1B0 0x0025F5B0 0x00000000
SetThreadPriority - 0x0066C964 0x0026C1B4 0x0025F5B4 0x00000000
GetThreadPriority - 0x0066C968 0x0026C1B8 0x0025F5B8 0x00000000
GetCurrentThread - 0x0066C96C 0x0026C1BC 0x0025F5BC 0x00000000
OpenThread - 0x0066C970 0x0026C1C0 0x0025F5C0 0x00000000
IsDebuggerPresent - 0x0066C974 0x0026C1C4 0x0025F5C4 0x00000000
CreateEventA - 0x0066C978 0x0026C1C8 0x0025F5C8 0x00000000
ResetEvent - 0x0066C97C 0x0026C1CC 0x0025F5CC 0x00000000
SetEvent - 0x0066C980 0x0026C1D0 0x0025F5D0 0x00000000
InitializeCriticalSection - 0x0066C984 0x0026C1D4 0x0025F5D4 0x00000000
DeleteCriticalSection - 0x0066C988 0x0026C1D8 0x0025F5D8 0x00000000
EnterCriticalSection - 0x0066C98C 0x0026C1DC 0x0025F5DC 0x00000000
LeaveCriticalSection - 0x0066C990 0x0026C1E0 0x0025F5E0 0x00000000
TryEnterCriticalSection - 0x0066C994 0x0026C1E4 0x0025F5E4 0x00000000
GetEnvironmentStringsW - 0x0066C998 0x0026C1E8 0x0025F5E8 0x00000000
FreeEnvironmentStringsW - 0x0066C99C 0x0026C1EC 0x0025F5EC 0x00000000
MultiByteToWideChar - 0x0066C9A0 0x0026C1F0 0x0025F5F0 0x00000000
WideCharToMultiByte - 0x0066C9A4 0x0026C1F4 0x0025F5F4 0x00000000
GetACP - 0x0066C9A8 0x0026C1F8 0x0025F5F8 0x00000000
GetConsoleCP - 0x0066C9AC 0x0026C1FC 0x0025F5FC 0x00000000
RtlUnwind - 0x0066C9B0 0x0026C200 0x0025F600 0x00000000
EnumResourceTypesA - 0x0066C9B4 0x0026C204 0x0025F604 0x00000000
EnumResourceNamesA - 0x0066C9B8 0x0026C208 0x0025F608 0x00000000
EnumResourceLanguagesA - 0x0066C9BC 0x0026C20C 0x0025F60C 0x00000000
FindResourceA - 0x0066C9C0 0x0026C210 0x0025F610 0x00000000
FindResourceExA - 0x0066C9C4 0x0026C214 0x0025F614 0x00000000
LoadResource - 0x0066C9C8 0x0026C218 0x0025F618 0x00000000
SizeofResource - 0x0066C9CC 0x0026C21C 0x0025F61C 0x00000000
LockResource - 0x0066C9D0 0x0026C220 0x0025F620 0x00000000
FreeResource - 0x0066C9D4 0x0026C224 0x0025F624 0x00000000
GetEnvironmentStringsA - 0x0066C9D8 0x0026C228 0x0025F628 0x00000000
FreeEnvironmentStringsA - 0x0066C9DC 0x0026C22C 0x0025F62C 0x00000000
FormatMessageA - 0x0066C9E0 0x0026C230 0x0025F630 0x00000000
GlobalAddAtomA - 0x0066C9E4 0x0026C234 0x0025F634 0x00000000
GetDriveTypeA - 0x0066C9E8 0x0026C238 0x0025F638 0x00000000
GetSystemDirectoryA - 0x0066C9EC 0x0026C23C 0x0025F63C 0x00000000
GetWindowsDirectoryA - 0x0066C9F0 0x0026C240 0x0025F640 0x00000000
GetDiskFreeSpaceA - 0x0066C9F4 0x0026C244 0x0025F644 0x00000000
DeleteFileA - 0x0066C9F8 0x0026C248 0x0025F648 0x00000000
GetVersionExA - 0x0066C9FC 0x0026C24C 0x0025F64C 0x00000000
CompareStringA - 0x0066CA00 0x0026C250 0x0025F650 0x00000000
GetLocaleInfoA - 0x0066CA04 0x0026C254 0x0025F654 0x00000000
GetDateFormatA - 0x0066CA08 0x0026C258 0x0025F658 0x00000000
EnumCalendarInfoA - 0x0066CA0C 0x0026C25C 0x0025F65C 0x00000000
GetModuleFileNameW - 0x0066CA10 0x0026C260 0x0025F660 0x00000000
GetCommandLineW - 0x0066CA14 0x0026C264 0x0025F664 0x00000000
SetFileAttributesW - 0x0066CA18 0x0026C268 0x0025F668 0x00000000
FindNextFileW - 0x0066CA1C 0x0026C26C 0x0025F66C 0x00000000
CompareStringW - 0x0066CA20 0x0026C270 0x0025F670 0x00000000
GetLocaleInfoW - 0x0066CA24 0x0026C274 0x0025F674 0x00000000
GetDateFormatW - 0x0066CA28 0x0026C278 0x0025F678 0x00000000
FindFirstFileExW - 0x0066CA2C 0x0026C27C 0x0025F67C 0x00000000
GlobalAlloc - 0x0066CA30 0x0026C280 0x0025F680 0x00000000
GlobalReAlloc - 0x0066CA34 0x0026C284 0x0025F684 0x00000000
GlobalSize - 0x0066CA38 0x0026C288 0x0025F688 0x00000000
GlobalLock - 0x0066CA3C 0x0026C28C 0x0025F68C 0x00000000
GlobalUnlock - 0x0066CA40 0x0026C290 0x0025F690 0x00000000
VirtualFree - 0x0066CA44 0x0026C294 0x0025F694 0x00000000
GetExitCodeProcess - 0x0066CA48 0x0026C298 0x0025F698 0x00000000
GlobalDeleteAtom - 0x0066CA4C 0x0026C29C 0x0025F69C 0x00000000
GetLogicalDrives - 0x0066CA50 0x0026C2A0 0x0025F6A0 0x00000000
DeviceIoControl - 0x0066CA54 0x0026C2A4 0x0025F6A4 0x00000000
FindClose - 0x0066CA58 0x0026C2A8 0x0025F6A8 0x00000000
WinExec - 0x0066CA5C 0x0026C2AC 0x0025F6AC 0x00000000
MulDiv - 0x0066CA60 0x0026C2B0 0x0025F6B0 0x00000000
GetLocalTime - 0x0066CA64 0x0026C2B4 0x0025F6B4 0x00000000
SystemTimeToTzSpecificLocalTime - 0x0066CA68 0x0026C2B8 0x0025F6B8 0x00000000
FileTimeToLocalFileTime - 0x0066CA6C 0x0026C2BC 0x0025F6BC 0x00000000
FileTimeToSystemTime - 0x0066CA70 0x0026C2C0 0x0025F6C0 0x00000000
FileTimeToDosDateTime - 0x0066CA74 0x0026C2C4 0x0025F6C4 0x00000000
PeekNamedPipe - 0x0066CA78 0x0026C2C8 0x0025F6C8 0x00000000
GetCPInfo - 0x0066CA7C 0x0026C2CC 0x0025F6CC 0x00000000
GetThreadLocale - 0x0066CA80 0x0026C2D0 0x0025F6D0 0x00000000
SetThreadLocale - 0x0066CA84 0x0026C2D4 0x0025F6D4 0x00000000
GetUserDefaultLCID - 0x0066CA88 0x0026C2D8 0x0025F6D8 0x00000000
CreateToolhelp32Snapshot - 0x0066CA8C 0x0026C2DC 0x0025F6DC 0x00000000
Process32First - 0x0066CA90 0x0026C2E0 0x0025F6E0 0x00000000
Process32Next - 0x0066CA94 0x0026C2E4 0x0025F6E4 0x00000000
oleaut32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocStringLen - 0x0066CA9C 0x0026C2EC 0x0025F6EC 0x00000000
SysFreeString - 0x0066CAA0 0x0026C2F0 0x0025F6F0 0x00000000
SysReAllocStringLen - 0x0066CAA4 0x0026C2F4 0x0025F6F4 0x00000000
SafeArrayCreate - 0x0066CAA8 0x0026C2F8 0x0025F6F8 0x00000000
SafeArrayRedim - 0x0066CAAC 0x0026C2FC 0x0025F6FC 0x00000000
SafeArrayGetUBound - 0x0066CAB0 0x0026C300 0x0025F700 0x00000000
SafeArrayGetLBound - 0x0066CAB4 0x0026C304 0x0025F704 0x00000000
SafeArrayAccessData - 0x0066CAB8 0x0026C308 0x0025F708 0x00000000
SafeArrayUnaccessData - 0x0066CABC 0x0026C30C 0x0025F70C 0x00000000
SafeArrayGetElement - 0x0066CAC0 0x0026C310 0x0025F710 0x00000000
SafeArrayPutElement - 0x0066CAC4 0x0026C314 0x0025F714 0x00000000
SafeArrayPtrOfIndex - 0x0066CAC8 0x0026C318 0x0025F718 0x00000000
VariantChangeTypeEx - 0x0066CACC 0x0026C31C 0x0025F71C 0x00000000
VariantClear - 0x0066CAD0 0x0026C320 0x0025F720 0x00000000
VariantCopy - 0x0066CAD4 0x0026C324 0x0025F724 0x00000000
VariantInit - 0x0066CAD8 0x0026C328 0x0025F728 0x00000000
user32.dll (178)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA - 0x0066CAE0 0x0026C330 0x0025F730 0x00000000
CharUpperBuffW - 0x0066CAE4 0x0026C334 0x0025F734 0x00000000
CharLowerBuffW - 0x0066CAE8 0x0026C338 0x0025F738 0x00000000
SendMessageA - 0x0066CAEC 0x0026C33C 0x0025F73C 0x00000000
PostMessageA - 0x0066CAF0 0x0026C340 0x0025F740 0x00000000
DefWindowProcA - 0x0066CAF4 0x0026C344 0x0025F744 0x00000000
CallWindowProcA - 0x0066CAF8 0x0026C348 0x0025F748 0x00000000
RegisterClassA - 0x0066CAFC 0x0026C34C 0x0025F74C 0x00000000
UnregisterClassA - 0x0066CB00 0x0026C350 0x0025F750 0x00000000
GetClassInfoA - 0x0066CB04 0x0026C354 0x0025F754 0x00000000
CreateWindowExA - 0x0066CB08 0x0026C358 0x0025F758 0x00000000
RegisterClipboardFormatA - 0x0066CB0C 0x0026C35C 0x0025F75C 0x00000000
GetClipboardFormatNameA - 0x0066CB10 0x0026C360 0x0025F760 0x00000000
CharToOemA - 0x0066CB14 0x0026C364 0x0025F764 0x00000000
CharUpperA - 0x0066CB18 0x0026C368 0x0025F768 0x00000000
CharUpperBuffA - 0x0066CB1C 0x0026C36C 0x0025F76C 0x00000000
CharLowerA - 0x0066CB20 0x0026C370 0x0025F770 0x00000000
CharLowerBuffA - 0x0066CB24 0x0026C374 0x0025F774 0x00000000
GetMenuItemInfoA - 0x0066CB28 0x0026C378 0x0025F778 0x00000000
SetPropA - 0x0066CB2C 0x0026C37C 0x0025F77C 0x00000000
GetPropA - 0x0066CB30 0x0026C380 0x0025F780 0x00000000
RemovePropA - 0x0066CB34 0x0026C384 0x0025F784 0x00000000
EnumPropsA - 0x0066CB38 0x0026C388 0x0025F788 0x00000000
GetWindowLongA - 0x0066CB3C 0x0026C38C 0x0025F78C 0x00000000
SetWindowLongA - 0x0066CB40 0x0026C390 0x0025F790 0x00000000
GetClassLongA - 0x0066CB44 0x0026C394 0x0025F794 0x00000000
SetClassLongA - 0x0066CB48 0x0026C398 0x0025F798 0x00000000
GetClassNameA - 0x0066CB4C 0x0026C39C 0x0025F79C 0x00000000
LoadBitmapA - 0x0066CB50 0x0026C3A0 0x0025F7A0 0x00000000
LoadCursorA - 0x0066CB54 0x0026C3A4 0x0025F7A4 0x00000000
LoadIconA - 0x0066CB58 0x0026C3A8 0x0025F7A8 0x00000000
LoadImageA - 0x0066CB5C 0x0026C3AC 0x0025F7AC 0x00000000
SystemParametersInfoA - 0x0066CB60 0x0026C3B0 0x0025F7B0 0x00000000
DispatchMessageW - 0x0066CB64 0x0026C3B4 0x0025F7B4 0x00000000
PeekMessageW - 0x0066CB68 0x0026C3B8 0x0025F7B8 0x00000000
SendMessageW - 0x0066CB6C 0x0026C3BC 0x0025F7BC 0x00000000
DefWindowProcW - 0x0066CB70 0x0026C3C0 0x0025F7C0 0x00000000
CallWindowProcW - 0x0066CB74 0x0026C3C4 0x0025F7C4 0x00000000
RegisterClassW - 0x0066CB78 0x0026C3C8 0x0025F7C8 0x00000000
UnregisterClassW - 0x0066CB7C 0x0026C3CC 0x0025F7CC 0x00000000
GetClassInfoW - 0x0066CB80 0x0026C3D0 0x0025F7D0 0x00000000
CreateWindowExW - 0x0066CB84 0x0026C3D4 0x0025F7D4 0x00000000
InsertMenuItemW - 0x0066CB88 0x0026C3D8 0x0025F7D8 0x00000000
GetMenuItemInfoW - 0x0066CB8C 0x0026C3DC 0x0025F7DC 0x00000000
SetMenuItemInfoW - 0x0066CB90 0x0026C3E0 0x0025F7E0 0x00000000
DrawTextW - 0x0066CB94 0x0026C3E4 0x0025F7E4 0x00000000
DrawStateW - 0x0066CB98 0x0026C3E8 0x0025F7E8 0x00000000
SetWindowTextW - 0x0066CB9C 0x0026C3EC 0x0025F7EC 0x00000000
GetWindowTextW - 0x0066CBA0 0x0026C3F0 0x0025F7F0 0x00000000
GetWindowTextLengthW - 0x0066CBA4 0x0026C3F4 0x0025F7F4 0x00000000
MessageBoxW - 0x0066CBA8 0x0026C3F8 0x0025F7F8 0x00000000
GetWindowLongW - 0x0066CBAC 0x0026C3FC 0x0025F7FC 0x00000000
SetWindowLongW - 0x0066CBB0 0x0026C400 0x0025F800 0x00000000
DefFrameProcW - 0x0066CBB4 0x0026C404 0x0025F804 0x00000000
DefMDIChildProcW - 0x0066CBB8 0x0026C408 0x0025F808 0x00000000
TranslateMessage - 0x0066CBBC 0x0026C40C 0x0025F80C 0x00000000
PostQuitMessage - 0x0066CBC0 0x0026C410 0x0025F810 0x00000000
GetDoubleClickTime - 0x0066CBC4 0x0026C414 0x0025F814 0x00000000
IsWindow - 0x0066CBC8 0x0026C418 0x0025F818 0x00000000
IsMenu - 0x0066CBCC 0x0026C41C 0x0025F81C 0x00000000
DestroyWindow - 0x0066CBD0 0x0026C420 0x0025F820 0x00000000
ShowWindow - 0x0066CBD4 0x0026C424 0x0025F824 0x00000000
ShowWindowAsync - 0x0066CBD8 0x0026C428 0x0025F828 0x00000000
ShowOwnedPopups - 0x0066CBDC 0x0026C42C 0x0025F82C 0x00000000
MoveWindow - 0x0066CBE0 0x0026C430 0x0025F830 0x00000000
SetWindowPos - 0x0066CBE4 0x0026C434 0x0025F834 0x00000000
GetWindowPlacement - 0x0066CBE8 0x0026C438 0x0025F838 0x00000000
SetWindowPlacement - 0x0066CBEC 0x0026C43C 0x0025F83C 0x00000000
BeginDeferWindowPos - 0x0066CBF0 0x0026C440 0x0025F840 0x00000000
DeferWindowPos - 0x0066CBF4 0x0026C444 0x0025F844 0x00000000
EndDeferWindowPos - 0x0066CBF8 0x0026C448 0x0025F848 0x00000000
IsWindowVisible - 0x0066CBFC 0x0026C44C 0x0025F84C 0x00000000
IsIconic - 0x0066CC00 0x0026C450 0x0025F850 0x00000000
BringWindowToTop - 0x0066CC04 0x0026C454 0x0025F854 0x00000000
IsZoomed - 0x0066CC08 0x0026C458 0x0025F858 0x00000000
OpenClipboard - 0x0066CC0C 0x0026C45C 0x0025F85C 0x00000000
CloseClipboard - 0x0066CC10 0x0026C460 0x0025F860 0x00000000
SetClipboardData - 0x0066CC14 0x0026C464 0x0025F864 0x00000000
GetClipboardData - 0x0066CC18 0x0026C468 0x0025F868 0x00000000
CountClipboardFormats - 0x0066CC1C 0x0026C46C 0x0025F86C 0x00000000
EnumClipboardFormats - 0x0066CC20 0x0026C470 0x0025F870 0x00000000
EmptyClipboard - 0x0066CC24 0x0026C474 0x0025F874 0x00000000
IsClipboardFormatAvailable - 0x0066CC28 0x0026C478 0x0025F878 0x00000000
SetFocus - 0x0066CC2C 0x0026C47C 0x0025F87C 0x00000000
GetActiveWindow - 0x0066CC30 0x0026C480 0x0025F880 0x00000000
GetFocus - 0x0066CC34 0x0026C484 0x0025F884 0x00000000
GetKeyState - 0x0066CC38 0x0026C488 0x0025F888 0x00000000
GetCapture - 0x0066CC3C 0x0026C48C 0x0025F88C 0x00000000
SetCapture - 0x0066CC40 0x0026C490 0x0025F890 0x00000000
ReleaseCapture - 0x0066CC44 0x0026C494 0x0025F894 0x00000000
MsgWaitForMultipleObjects - 0x0066CC48 0x0026C498 0x0025F898 0x00000000
SetTimer - 0x0066CC4C 0x0026C49C 0x0025F89C 0x00000000
KillTimer - 0x0066CC50 0x0026C4A0 0x0025F8A0 0x00000000
EnableWindow - 0x0066CC54 0x0026C4A4 0x0025F8A4 0x00000000
IsWindowEnabled - 0x0066CC58 0x0026C4A8 0x0025F8A8 0x00000000
GetSystemMetrics - 0x0066CC5C 0x0026C4AC 0x0025F8AC 0x00000000
GetMenu - 0x0066CC60 0x0026C4B0 0x0025F8B0 0x00000000
SetMenu - 0x0066CC64 0x0026C4B4 0x0025F8B4 0x00000000
DrawMenuBar - 0x0066CC68 0x0026C4B8 0x0025F8B8 0x00000000
GetSystemMenu - 0x0066CC6C 0x0026C4BC 0x0025F8BC 0x00000000
CreateMenu - 0x0066CC70 0x0026C4C0 0x0025F8C0 0x00000000
CreatePopupMenu - 0x0066CC74 0x0026C4C4 0x0025F8C4 0x00000000
DestroyMenu - 0x0066CC78 0x0026C4C8 0x0025F8C8 0x00000000
EnableMenuItem - 0x0066CC7C 0x0026C4CC 0x0025F8CC 0x00000000
GetSubMenu - 0x0066CC80 0x0026C4D0 0x0025F8D0 0x00000000
GetMenuItemCount - 0x0066CC84 0x0026C4D4 0x0025F8D4 0x00000000
RemoveMenu - 0x0066CC88 0x0026C4D8 0x0025F8D8 0x00000000
DeleteMenu - 0x0066CC8C 0x0026C4DC 0x0025F8DC 0x00000000
GetMenuItemRect - 0x0066CC90 0x0026C4E0 0x0025F8E0 0x00000000
UpdateWindow - 0x0066CC94 0x0026C4E4 0x0025F8E4 0x00000000
SetActiveWindow - 0x0066CC98 0x0026C4E8 0x0025F8E8 0x00000000
GetForegroundWindow - 0x0066CC9C 0x0026C4EC 0x0025F8EC 0x00000000
SetForegroundWindow - 0x0066CCA0 0x0026C4F0 0x0025F8F0 0x00000000
WindowFromDC - 0x0066CCA4 0x0026C4F4 0x0025F8F4 0x00000000
GetDC - 0x0066CCA8 0x0026C4F8 0x0025F8F8 0x00000000
GetDCEx - 0x0066CCAC 0x0026C4FC 0x0025F8FC 0x00000000
GetWindowDC - 0x0066CCB0 0x0026C500 0x0025F900 0x00000000
ReleaseDC - 0x0066CCB4 0x0026C504 0x0025F904 0x00000000
BeginPaint - 0x0066CCB8 0x0026C508 0x0025F908 0x00000000
EndPaint - 0x0066CCBC 0x0026C50C 0x0025F90C 0x00000000
GetUpdateRect - 0x0066CCC0 0x0026C510 0x0025F910 0x00000000
SetWindowRgn - 0x0066CCC4 0x0026C514 0x0025F914 0x00000000
InvalidateRect - 0x0066CCC8 0x0026C518 0x0025F918 0x00000000
InvalidateRgn - 0x0066CCCC 0x0026C51C 0x0025F91C 0x00000000
RedrawWindow - 0x0066CCD0 0x0026C520 0x0025F920 0x00000000
ScrollWindowEx - 0x0066CCD4 0x0026C524 0x0025F924 0x00000000
ShowScrollBar - 0x0066CCD8 0x0026C528 0x0025F928 0x00000000
EnableScrollBar - 0x0066CCDC 0x0026C52C 0x0025F92C 0x00000000
GetClientRect - 0x0066CCE0 0x0026C530 0x0025F930 0x00000000
GetWindowRect - 0x0066CCE4 0x0026C534 0x0025F934 0x00000000
AdjustWindowRectEx - 0x0066CCE8 0x0026C538 0x0025F938 0x00000000
MessageBeep - 0x0066CCEC 0x0026C53C 0x0025F93C 0x00000000
SetCursorPos - 0x0066CCF0 0x0026C540 0x0025F940 0x00000000
SetCursor - 0x0066CCF4 0x0026C544 0x0025F944 0x00000000
GetCursorPos - 0x0066CCF8 0x0026C548 0x0025F948 0x00000000
CreateCaret - 0x0066CCFC 0x0026C54C 0x0025F94C 0x00000000
DestroyCaret - 0x0066CD00 0x0026C550 0x0025F950 0x00000000
HideCaret - 0x0066CD04 0x0026C554 0x0025F954 0x00000000
ShowCaret - 0x0066CD08 0x0026C558 0x0025F958 0x00000000
SetCaretPos - 0x0066CD0C 0x0026C55C 0x0025F95C 0x00000000
GetCaretPos - 0x0066CD10 0x0026C560 0x0025F960 0x00000000
ClientToScreen - 0x0066CD14 0x0026C564 0x0025F964 0x00000000
ScreenToClient - 0x0066CD18 0x0026C568 0x0025F968 0x00000000
MapWindowPoints - 0x0066CD1C 0x0026C56C 0x0025F96C 0x00000000
WindowFromPoint - 0x0066CD20 0x0026C570 0x0025F970 0x00000000
GetSysColor - 0x0066CD24 0x0026C574 0x0025F974 0x00000000
GetSysColorBrush - 0x0066CD28 0x0026C578 0x0025F978 0x00000000
SetSysColors - 0x0066CD2C 0x0026C57C 0x0025F97C 0x00000000
DrawFocusRect - 0x0066CD30 0x0026C580 0x0025F980 0x00000000
FillRect - 0x0066CD34 0x0026C584 0x0025F984 0x00000000
FrameRect - 0x0066CD38 0x0026C588 0x0025F988 0x00000000
SetRect - 0x0066CD3C 0x0026C58C 0x0025F98C 0x00000000
InflateRect - 0x0066CD40 0x0026C590 0x0025F990 0x00000000
IntersectRect - 0x0066CD44 0x0026C594 0x0025F994 0x00000000
OffsetRect - 0x0066CD48 0x0026C598 0x0025F998 0x00000000
GetDesktopWindow - 0x0066CD4C 0x0026C59C 0x0025F99C 0x00000000
GetParent - 0x0066CD50 0x0026C5A0 0x0025F9A0 0x00000000
SetParent - 0x0066CD54 0x0026C5A4 0x0025F9A4 0x00000000
EnumThreadWindows - 0x0066CD58 0x0026C5A8 0x0025F9A8 0x00000000
GetTopWindow - 0x0066CD5C 0x0026C5AC 0x0025F9AC 0x00000000
GetWindowThreadProcessId - 0x0066CD60 0x0026C5B0 0x0025F9B0 0x00000000
GetLastActivePopup - 0x0066CD64 0x0026C5B4 0x0025F9B4 0x00000000
GetWindow - 0x0066CD68 0x0026C5B8 0x0025F9B8 0x00000000
CallNextHookEx - 0x0066CD6C 0x0026C5BC 0x0025F9BC 0x00000000
DestroyCursor - 0x0066CD70 0x0026C5C0 0x0025F9C0 0x00000000
DestroyIcon - 0x0066CD74 0x0026C5C4 0x0025F9C4 0x00000000
CopyImage - 0x0066CD78 0x0026C5C8 0x0025F9C8 0x00000000
CreateIconIndirect - 0x0066CD7C 0x0026C5CC 0x0025F9CC 0x00000000
GetIconInfo - 0x0066CD80 0x0026C5D0 0x0025F9D0 0x00000000
SetScrollInfo - 0x0066CD84 0x0026C5D4 0x0025F9D4 0x00000000
GetScrollInfo - 0x0066CD88 0x0026C5D8 0x0025F9D8 0x00000000
TranslateMDISysAccel - 0x0066CD8C 0x0026C5DC 0x0025F9DC 0x00000000
DrawEdge - 0x0066CD90 0x0026C5E0 0x0025F9E0 0x00000000
DrawFrameControl - 0x0066CD94 0x0026C5E4 0x0025F9E4 0x00000000
TrackPopupMenuEx - 0x0066CD98 0x0026C5E8 0x0025F9E8 0x00000000
ChildWindowFromPointEx - 0x0066CD9C 0x0026C5EC 0x0025F9EC 0x00000000
DrawIconEx - 0x0066CDA0 0x0026C5F0 0x0025F9F0 0x00000000
FlashWindowEx - 0x0066CDA4 0x0026C5F4 0x0025F9F4 0x00000000
advapi32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserNameA - 0x0066CDAC 0x0026C5FC 0x0025F9FC 0x00000000
RegSetValueExW - 0x0066CDB0 0x0026C600 0x0025FA00 0x00000000
RegQueryValueExW - 0x0066CDB4 0x0026C604 0x0025FA04 0x00000000
RegCreateKeyExW - 0x0066CDB8 0x0026C608 0x0025FA08 0x00000000
RegOpenKeyExW - 0x0066CDBC 0x0026C60C 0x0025FA0C 0x00000000
RegCloseKey - 0x0066CDC0 0x0026C610 0x0025FA10 0x00000000
RegFlushKey - 0x0066CDC4 0x0026C614 0x0025FA14 0x00000000
gdi32.dll (108)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontIndirectA - 0x0066CDCC 0x0026C61C 0x0025FA1C 0x00000000
EnumFontFamiliesA - 0x0066CDD0 0x0026C620 0x0025FA20 0x00000000
GetCharABCWidthsA - 0x0066CDD4 0x0026C624 0x0025FA24 0x00000000
GetTextExtentPointA - 0x0066CDD8 0x0026C628 0x0025FA28 0x00000000
GetTextMetricsA - 0x0066CDDC 0x0026C62C 0x0025FA2C 0x00000000
GetObjectA - 0x0066CDE0 0x0026C630 0x0025FA30 0x00000000
ExtTextOutA - 0x0066CDE4 0x0026C634 0x0025FA34 0x00000000
CreateFontIndirectW - 0x0066CDE8 0x0026C638 0x0025FA38 0x00000000
EnumFontFamiliesExW - 0x0066CDEC 0x0026C63C 0x0025FA3C 0x00000000
GetCharABCWidthsW - 0x0066CDF0 0x0026C640 0x0025FA40 0x00000000
GetTextExtentPoint32W - 0x0066CDF4 0x0026C644 0x0025FA44 0x00000000
GetTextExtentExPointW - 0x0066CDF8 0x0026C648 0x0025FA48 0x00000000
GetObjectW - 0x0066CDFC 0x0026C64C 0x0025FA4C 0x00000000
TextOutW - 0x0066CE00 0x0026C650 0x0025FA50 0x00000000
ExtTextOutW - 0x0066CE04 0x0026C654 0x0025FA54 0x00000000
GetRandomRgn - 0x0066CE08 0x0026C658 0x0025FA58 0x00000000
Arc - 0x0066CE0C 0x0026C65C 0x0025FA5C 0x00000000
BitBlt - 0x0066CE10 0x0026C660 0x0025FA60 0x00000000
Chord - 0x0066CE14 0x0026C664 0x0025FA64 0x00000000
CombineRgn - 0x0066CE18 0x0026C668 0x0025FA68 0x00000000
CreateBitmap - 0x0066CE1C 0x0026C66C 0x0025FA6C 0x00000000
CreateBrushIndirect - 0x0066CE20 0x0026C670 0x0025FA70 0x00000000
CreateCompatibleBitmap - 0x0066CE24 0x0026C674 0x0025FA74 0x00000000
CreateCompatibleDC - 0x0066CE28 0x0026C678 0x0025FA78 0x00000000
CreateDIBitmap - 0x0066CE2C 0x0026C67C 0x0025FA7C 0x00000000
CreateEllipticRgn - 0x0066CE30 0x0026C680 0x0025FA80 0x00000000
CreatePen - 0x0066CE34 0x0026C684 0x0025FA84 0x00000000
CreatePenIndirect - 0x0066CE38 0x0026C688 0x0025FA88 0x00000000
CreatePatternBrush - 0x0066CE3C 0x0026C68C 0x0025FA8C 0x00000000
CreateRectRgn - 0x0066CE40 0x0026C690 0x0025FA90 0x00000000
CreateRoundRectRgn - 0x0066CE44 0x0026C694 0x0025FA94 0x00000000
CreateSolidBrush - 0x0066CE48 0x0026C698 0x0025FA98 0x00000000
DeleteDC - 0x0066CE4C 0x0026C69C 0x0025FA9C 0x00000000
DeleteObject - 0x0066CE50 0x0026C6A0 0x0025FAA0 0x00000000
Ellipse - 0x0066CE54 0x0026C6A4 0x0025FAA4 0x00000000
EqualRgn - 0x0066CE58 0x0026C6A8 0x0025FAA8 0x00000000
ExcludeClipRect - 0x0066CE5C 0x0026C6AC 0x0025FAAC 0x00000000
ExtCreateRegion - 0x0066CE60 0x0026C6B0 0x0025FAB0 0x00000000
ExtFloodFill - 0x0066CE64 0x0026C6B4 0x0025FAB4 0x00000000
FillRgn - 0x0066CE68 0x0026C6B8 0x0025FAB8 0x00000000
GetROP2 - 0x0066CE6C 0x0026C6BC 0x0025FABC 0x00000000
GetBkColor - 0x0066CE70 0x0026C6C0 0x0025FAC0 0x00000000
GetBitmapBits - 0x0066CE74 0x0026C6C4 0x0025FAC4 0x00000000
GetClipBox - 0x0066CE78 0x0026C6C8 0x0025FAC8 0x00000000
GetClipRgn - 0x0066CE7C 0x0026C6CC 0x0025FACC 0x00000000
GetCurrentObject - 0x0066CE80 0x0026C6D0 0x0025FAD0 0x00000000
GetDeviceCaps - 0x0066CE84 0x0026C6D4 0x0025FAD4 0x00000000
GetDIBits - 0x0066CE88 0x0026C6D8 0x0025FAD8 0x00000000
GetMapMode - 0x0066CE8C 0x0026C6DC 0x0025FADC 0x00000000
GetObjectType - 0x0066CE90 0x0026C6E0 0x0025FAE0 0x00000000
GetPixel - 0x0066CE94 0x0026C6E4 0x0025FAE4 0x00000000
GetRegionData - 0x0066CE98 0x0026C6E8 0x0025FAE8 0x00000000
GetRgnBox - 0x0066CE9C 0x0026C6EC 0x0025FAEC 0x00000000
GetStockObject - 0x0066CEA0 0x0026C6F0 0x0025FAF0 0x00000000
GetTextAlign - 0x0066CEA4 0x0026C6F4 0x0025FAF4 0x00000000
GetTextColor - 0x0066CEA8 0x0026C6F8 0x0025FAF8 0x00000000
GetViewportExtEx - 0x0066CEAC 0x0026C6FC 0x0025FAFC 0x00000000
GetViewportOrgEx - 0x0066CEB0 0x0026C700 0x0025FB00 0x00000000
GetWindowExtEx - 0x0066CEB4 0x0026C704 0x0025FB04 0x00000000
GetWindowOrgEx - 0x0066CEB8 0x0026C708 0x0025FB08 0x00000000
IntersectClipRect - 0x0066CEBC 0x0026C70C 0x0025FB0C 0x00000000
LineTo - 0x0066CEC0 0x0026C710 0x0025FB10 0x00000000
MaskBlt - 0x0066CEC4 0x0026C714 0x0025FB14 0x00000000
OffsetRgn - 0x0066CEC8 0x0026C718 0x0025FB18 0x00000000
PatBlt - 0x0066CECC 0x0026C71C 0x0025FB1C 0x00000000
Pie - 0x0066CED0 0x0026C720 0x0025FB20 0x00000000
PaintRgn - 0x0066CED4 0x0026C724 0x0025FB24 0x00000000
PtInRegion - 0x0066CED8 0x0026C728 0x0025FB28 0x00000000
RectInRegion - 0x0066CEDC 0x0026C72C 0x0025FB2C 0x00000000
RectVisible - 0x0066CEE0 0x0026C730 0x0025FB30 0x00000000
Rectangle - 0x0066CEE4 0x0026C734 0x0025FB34 0x00000000
RestoreDC - 0x0066CEE8 0x0026C738 0x0025FB38 0x00000000
RealizePalette - 0x0066CEEC 0x0026C73C 0x0025FB3C 0x00000000
RoundRect - 0x0066CEF0 0x0026C740 0x0025FB40 0x00000000
SaveDC - 0x0066CEF4 0x0026C744 0x0025FB44 0x00000000
SelectClipRgn - 0x0066CEF8 0x0026C748 0x0025FB48 0x00000000
ExtSelectClipRgn - 0x0066CEFC 0x0026C74C 0x0025FB4C 0x00000000
SelectObject - 0x0066CF00 0x0026C750 0x0025FB50 0x00000000
SelectPalette - 0x0066CF04 0x0026C754 0x0025FB54 0x00000000
SetBkColor - 0x0066CF08 0x0026C758 0x0025FB58 0x00000000
SetBkMode - 0x0066CF0C 0x0026C75C 0x0025FB5C 0x00000000
SetMapMode - 0x0066CF10 0x0026C760 0x0025FB60 0x00000000
SetPixel - 0x0066CF14 0x0026C764 0x0025FB64 0x00000000
SetPolyFillMode - 0x0066CF18 0x0026C768 0x0025FB68 0x00000000
StretchBlt - 0x0066CF1C 0x0026C76C 0x0025FB6C 0x00000000
SetRectRgn - 0x0066CF20 0x0026C770 0x0025FB70 0x00000000
SetROP2 - 0x0066CF24 0x0026C774 0x0025FB74 0x00000000
SetStretchBltMode - 0x0066CF28 0x0026C778 0x0025FB78 0x00000000
SetTextCharacterExtra - 0x0066CF2C 0x0026C77C 0x0025FB7C 0x00000000
SetTextColor - 0x0066CF30 0x0026C780 0x0025FB80 0x00000000
SetTextAlign - 0x0066CF34 0x0026C784 0x0025FB84 0x00000000
CreateDIBSection - 0x0066CF38 0x0026C788 0x0025FB88 0x00000000
SetArcDirection - 0x0066CF3C 0x0026C78C 0x0025FB8C 0x00000000
ExtCreatePen - 0x0066CF40 0x0026C790 0x0025FB90 0x00000000
MoveToEx - 0x0066CF44 0x0026C794 0x0025FB94 0x00000000
CreatePolygonRgn - 0x0066CF48 0x0026C798 0x0025FB98 0x00000000
DPtoLP - 0x0066CF4C 0x0026C79C 0x0025FB9C 0x00000000
LPtoDP - 0x0066CF50 0x0026C7A0 0x0025FBA0 0x00000000
Polygon - 0x0066CF54 0x0026C7A4 0x0025FBA4 0x00000000
Polyline - 0x0066CF58 0x0026C7A8 0x0025FBA8 0x00000000
PolyBezier - 0x0066CF5C 0x0026C7AC 0x0025FBAC 0x00000000
SetViewportExtEx - 0x0066CF60 0x0026C7B0 0x0025FBB0 0x00000000
SetViewportOrgEx - 0x0066CF64 0x0026C7B4 0x0025FBB4 0x00000000
SetWindowExtEx - 0x0066CF68 0x0026C7B8 0x0025FBB8 0x00000000
SetWindowOrgEx - 0x0066CF6C 0x0026C7BC 0x0025FBBC 0x00000000
OffsetViewportOrgEx - 0x0066CF70 0x0026C7C0 0x0025FBC0 0x00000000
SetBrushOrgEx - 0x0066CF74 0x0026C7C4 0x0025FBC4 0x00000000
GetDCOrgEx - 0x0066CF78 0x0026C7C8 0x0025FBC8 0x00000000
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeA - 0x0066CF80 0x0026C7D0 0x0025FBD0 0x00000000
GetFileVersionInfoA - 0x0066CF84 0x0026C7D4 0x0025FBD4 0x00000000
VerQueryValueA - 0x0066CF88 0x0026C7D8 0x0025FBD8 0x00000000
shell32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryFileA - 0x0066CF90 0x0026C7E0 0x0025FBE0 0x00000000
ShellExecuteA - 0x0066CF94 0x0026C7E4 0x0025FBE4 0x00000000
DragQueryFileW - 0x0066CF98 0x0026C7E8 0x0025FBE8 0x00000000
DragFinish - 0x0066CF9C 0x0026C7EC 0x0025FBEC 0x00000000
DragAcceptFiles - 0x0066CFA0 0x0026C7F0 0x0025FBF0 0x00000000
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleInitialize - 0x0066CFA8 0x0026C7F8 0x0025FBF8 0x00000000
OleUninitialize - 0x0066CFAC 0x0026C7FC 0x0025FBFC 0x00000000
comctl32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControls - 0x0066CFB4 0x0026C804 0x0025FC04 0x00000000
ImageList_Create - 0x0066CFB8 0x0026C808 0x0025FC08 0x00000000
ImageList_Destroy - 0x0066CFBC 0x0026C80C 0x0025FC0C 0x00000000
ImageList_GetImageCount - 0x0066CFC0 0x0026C810 0x0025FC10 0x00000000
ImageList_SetImageCount - 0x0066CFC4 0x0026C814 0x0025FC14 0x00000000
ImageList_Add - 0x0066CFC8 0x0026C818 0x0025FC18 0x00000000
ImageList_Replace - 0x0066CFCC 0x0026C81C 0x0025FC1C 0x00000000
ImageList_AddMasked - 0x0066CFD0 0x0026C820 0x0025FC20 0x00000000
ImageList_DrawEx - 0x0066CFD4 0x0026C824 0x0025FC24 0x00000000
ImageList_DrawIndirect - 0x0066CFD8 0x0026C828 0x0025FC28 0x00000000
ImageList_Remove - 0x0066CFDC 0x0026C82C 0x0025FC2C 0x00000000
ImageList_Copy - 0x0066CFE0 0x0026C830 0x0025FC30 0x00000000
ImageList_BeginDrag - 0x0066CFE4 0x0026C834 0x0025FC34 0x00000000
ImageList_EndDrag - 0x0066CFE8 0x0026C838 0x0025FC38 0x00000000
ImageList_DragEnter - 0x0066CFEC 0x0026C83C 0x0025FC3C 0x00000000
ImageList_DragLeave - 0x0066CFF0 0x0026C840 0x0025FC40 0x00000000
ImageList_DragMove - 0x0066CFF4 0x0026C844 0x0025FC44 0x00000000
ImageList_DragShowNolock - 0x0066CFF8 0x0026C848 0x0025FC48 0x00000000
_TrackMouseEvent - 0x0066CFFC 0x0026C84C 0x0025FC4C 0x00000000
ws2_32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
closesocket - 0x0066D004 0x0026C854 0x0025FC54 0x00000000
connect - 0x0066D008 0x0026C858 0x0025FC58 0x00000000
ioctlsocket - 0x0066D00C 0x0026C85C 0x0025FC5C 0x00000000
getsockopt - 0x0066D010 0x0026C860 0x0025FC60 0x00000000
recv - 0x0066D014 0x0026C864 0x0025FC64 0x00000000
select - 0x0066D018 0x0026C868 0x0025FC68 0x00000000
send - 0x0066D01C 0x0026C86C 0x0025FC6C 0x00000000
setsockopt - 0x0066D020 0x0026C870 0x0025FC70 0x00000000
shutdown - 0x0066D024 0x0026C874 0x0025FC74 0x00000000
socket - 0x0066D028 0x0026C878 0x0025FC78 0x00000000
WSAStartup - 0x0066D02C 0x0026C87C 0x0025FC7C 0x00000000
WSACleanup - 0x0066D030 0x0026C880 0x0025FC80 0x00000000
WSAGetLastError - 0x0066D034 0x0026C884 0x0025FC84 0x00000000
__WSAFDIsSet - 0x0066D038 0x0026C888 0x0025FC88 0x00000000
wsock32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
gethostbyaddr - 0x0066D040 0x0026C890 0x0025FC90 0x00000000
gethostbyname - 0x0066D044 0x0026C894 0x0025FC94 0x00000000
WSAStartup - 0x0066D048 0x0026C898 0x0025FC98 0x00000000
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
adobloc.exe 1 0x00400000 0x00690FFF Relevant Image False 32-bit 0x0040FCC0 False
buffer 1 0x04F0E020 0x0532E01F Image In Buffer False 32-bit - False
adobloc.exe 1 0x00400000 0x00690FFF Final Dump False 32-bit 0x00410687 False
C:\Users\RDhJ0CNFevzX% Dropped File Binary
Malicious
»
MIME Type application/vnd.microsoft.portable-executable
File Size 4.12 MB
MD5 684176ba314c150a12a30c379aabcf96 Copy to Clipboard
SHA1 031158002560c79926666c419d1dc903a9dd2b20 Copy to Clipboard
SHA256 1bbc7f0b18f31285ff33c570e8122400d3a0cd11bb0c99f5964f7afb49ebc2ba Copy to Clipboard
SSDeep 98304:+R0pI/IQlUoMPdmpSp54ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmu5n9klRKN41v Copy to Clipboard
ImpHash 1a611a7df1f3828b0157c4725145a721 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00402EC0
Size Of Code 0x00175A20
Size Of Initialized Data 0x0001CF44
Size Of Uninitialized Data 0x00009554
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:00 (UTC+1)
Version Information (10)
»
FileDescription System Devices Optimizer
InternalName Devices Optimus
ProductName Devices Optimus
ProductVersion 6.0.0.0
Comments -
CompanyName -
FileVersion 6.0.0.0
LegalCopyright -
LegalTrademarks -
OriginalFilename -
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00175A20 0x00175C00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.06
.data 0x00577000 0x0001CF44 0x0001D000 0x00176000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.24
.rdata 0x00594000 0x000CC170 0x000CC200 0x00193000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.21
.bss 0x00661000 0x00009554 0x00000000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.CRT 0x0066B000 0x0000000C 0x00000200 0x0025F200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.06
.idata 0x0066C000 0x000030DE 0x00003200 0x0025F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.19
.rsrc 0x00670000 0x000206BC 0x00020800 0x00262600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.0
Imports (11)
»
kernel32.dll (126)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStdHandle - 0x0066C8A0 0x0026C0F0 0x0025F4F0 0x00000000
GetConsoleMode - 0x0066C8A4 0x0026C0F4 0x0025F4F4 0x00000000
TlsGetValue - 0x0066C8A8 0x0026C0F8 0x0025F4F8 0x00000000
GetLastError - 0x0066C8AC 0x0026C0FC 0x0025F4FC 0x00000000
SetLastError - 0x0066C8B0 0x0026C100 0x0025F500 0x00000000
RaiseException - 0x0066C8B4 0x0026C104 0x0025F504 0x00000000
GetTickCount - 0x0066C8B8 0x0026C108 0x0025F508 0x00000000
ExitProcess - 0x0066C8BC 0x0026C10C 0x0025F50C 0x00000000
GetStartupInfoA - 0x0066C8C0 0x0026C110 0x0025F510 0x00000000
GetCommandLineA - 0x0066C8C4 0x0026C114 0x0025F514 0x00000000
GetCurrentProcessId - 0x0066C8C8 0x0026C118 0x0025F518 0x00000000
GetCurrentThreadId - 0x0066C8CC 0x0026C11C 0x0025F51C 0x00000000
GetCurrentProcess - 0x0066C8D0 0x0026C120 0x0025F520 0x00000000
ReadProcessMemory - 0x0066C8D4 0x0026C124 0x0025F524 0x00000000
GetModuleFileNameA - 0x0066C8D8 0x0026C128 0x0025F528 0x00000000
GetModuleHandleA - 0x0066C8DC 0x0026C12C 0x0025F52C 0x00000000
WriteFile - 0x0066C8E0 0x0026C130 0x0025F530 0x00000000
ReadFile - 0x0066C8E4 0x0026C134 0x0025F534 0x00000000
CloseHandle - 0x0066C8E8 0x0026C138 0x0025F538 0x00000000
SetFilePointer - 0x0066C8EC 0x0026C13C 0x0025F53C 0x00000000
SetEndOfFile - 0x0066C8F0 0x0026C140 0x0025F540 0x00000000
GetSystemInfo - 0x0066C8F4 0x0026C144 0x0025F544 0x00000000
LoadLibraryW - 0x0066C8F8 0x0026C148 0x0025F548 0x00000000
LoadLibraryA - 0x0066C8FC 0x0026C14C 0x0025F54C 0x00000000
GetProcAddress - 0x0066C900 0x0026C150 0x0025F550 0x00000000
FreeLibrary - 0x0066C904 0x0026C154 0x0025F554 0x00000000
FormatMessageW - 0x0066C908 0x0026C158 0x0025F558 0x00000000
DeleteFileW - 0x0066C90C 0x0026C15C 0x0025F55C 0x00000000
CreateFileW - 0x0066C910 0x0026C160 0x0025F560 0x00000000
GetFileAttributesW - 0x0066C914 0x0026C164 0x0025F564 0x00000000
CreateDirectoryW - 0x0066C918 0x0026C168 0x0025F568 0x00000000
GetCurrentDirectoryW - 0x0066C91C 0x0026C16C 0x0025F56C 0x00000000
GetFullPathNameW - 0x0066C920 0x0026C170 0x0025F570 0x00000000
GetConsoleOutputCP - 0x0066C924 0x0026C174 0x0025F574 0x00000000
GetOEMCP - 0x0066C928 0x0026C178 0x0025F578 0x00000000
GetProcessHeap - 0x0066C92C 0x0026C17C 0x0025F57C 0x00000000
HeapAlloc - 0x0066C930 0x0026C180 0x0025F580 0x00000000
HeapFree - 0x0066C934 0x0026C184 0x0025F584 0x00000000
TlsAlloc - 0x0066C938 0x0026C188 0x0025F588 0x00000000
TlsSetValue - 0x0066C93C 0x0026C18C 0x0025F58C 0x00000000
CreateThread - 0x0066C940 0x0026C190 0x0025F590 0x00000000
ExitThread - 0x0066C944 0x0026C194 0x0025F594 0x00000000
LocalAlloc - 0x0066C948 0x0026C198 0x0025F598 0x00000000
LocalFree - 0x0066C94C 0x0026C19C 0x0025F59C 0x00000000
Sleep - 0x0066C950 0x0026C1A0 0x0025F5A0 0x00000000
SuspendThread - 0x0066C954 0x0026C1A4 0x0025F5A4 0x00000000
ResumeThread - 0x0066C958 0x0026C1A8 0x0025F5A8 0x00000000
TerminateThread - 0x0066C95C 0x0026C1AC 0x0025F5AC 0x00000000
WaitForSingleObject - 0x0066C960 0x0026C1B0 0x0025F5B0 0x00000000
SetThreadPriority - 0x0066C964 0x0026C1B4 0x0025F5B4 0x00000000
GetThreadPriority - 0x0066C968 0x0026C1B8 0x0025F5B8 0x00000000
GetCurrentThread - 0x0066C96C 0x0026C1BC 0x0025F5BC 0x00000000
OpenThread - 0x0066C970 0x0026C1C0 0x0025F5C0 0x00000000
IsDebuggerPresent - 0x0066C974 0x0026C1C4 0x0025F5C4 0x00000000
CreateEventA - 0x0066C978 0x0026C1C8 0x0025F5C8 0x00000000
ResetEvent - 0x0066C97C 0x0026C1CC 0x0025F5CC 0x00000000
SetEvent - 0x0066C980 0x0026C1D0 0x0025F5D0 0x00000000
InitializeCriticalSection - 0x0066C984 0x0026C1D4 0x0025F5D4 0x00000000
DeleteCriticalSection - 0x0066C988 0x0026C1D8 0x0025F5D8 0x00000000
EnterCriticalSection - 0x0066C98C 0x0026C1DC 0x0025F5DC 0x00000000
LeaveCriticalSection - 0x0066C990 0x0026C1E0 0x0025F5E0 0x00000000
TryEnterCriticalSection - 0x0066C994 0x0026C1E4 0x0025F5E4 0x00000000
GetEnvironmentStringsW - 0x0066C998 0x0026C1E8 0x0025F5E8 0x00000000
FreeEnvironmentStringsW - 0x0066C99C 0x0026C1EC 0x0025F5EC 0x00000000
MultiByteToWideChar - 0x0066C9A0 0x0026C1F0 0x0025F5F0 0x00000000
WideCharToMultiByte - 0x0066C9A4 0x0026C1F4 0x0025F5F4 0x00000000
GetACP - 0x0066C9A8 0x0026C1F8 0x0025F5F8 0x00000000
GetConsoleCP - 0x0066C9AC 0x0026C1FC 0x0025F5FC 0x00000000
RtlUnwind - 0x0066C9B0 0x0026C200 0x0025F600 0x00000000
EnumResourceTypesA - 0x0066C9B4 0x0026C204 0x0025F604 0x00000000
EnumResourceNamesA - 0x0066C9B8 0x0026C208 0x0025F608 0x00000000
EnumResourceLanguagesA - 0x0066C9BC 0x0026C20C 0x0025F60C 0x00000000
FindResourceA - 0x0066C9C0 0x0026C210 0x0025F610 0x00000000
FindResourceExA - 0x0066C9C4 0x0026C214 0x0025F614 0x00000000
LoadResource - 0x0066C9C8 0x0026C218 0x0025F618 0x00000000
SizeofResource - 0x0066C9CC 0x0026C21C 0x0025F61C 0x00000000
LockResource - 0x0066C9D0 0x0026C220 0x0025F620 0x00000000
FreeResource - 0x0066C9D4 0x0026C224 0x0025F624 0x00000000
GetEnvironmentStringsA - 0x0066C9D8 0x0026C228 0x0025F628 0x00000000
FreeEnvironmentStringsA - 0x0066C9DC 0x0026C22C 0x0025F62C 0x00000000
FormatMessageA - 0x0066C9E0 0x0026C230 0x0025F630 0x00000000
GlobalAddAtomA - 0x0066C9E4 0x0026C234 0x0025F634 0x00000000
GetDriveTypeA - 0x0066C9E8 0x0026C238 0x0025F638 0x00000000
GetSystemDirectoryA - 0x0066C9EC 0x0026C23C 0x0025F63C 0x00000000
GetWindowsDirectoryA - 0x0066C9F0 0x0026C240 0x0025F640 0x00000000
GetDiskFreeSpaceA - 0x0066C9F4 0x0026C244 0x0025F644 0x00000000
DeleteFileA - 0x0066C9F8 0x0026C248 0x0025F648 0x00000000
GetVersionExA - 0x0066C9FC 0x0026C24C 0x0025F64C 0x00000000
CompareStringA - 0x0066CA00 0x0026C250 0x0025F650 0x00000000
GetLocaleInfoA - 0x0066CA04 0x0026C254 0x0025F654 0x00000000
GetDateFormatA - 0x0066CA08 0x0026C258 0x0025F658 0x00000000
EnumCalendarInfoA - 0x0066CA0C 0x0026C25C 0x0025F65C 0x00000000
GetModuleFileNameW - 0x0066CA10 0x0026C260 0x0025F660 0x00000000
GetCommandLineW - 0x0066CA14 0x0026C264 0x0025F664 0x00000000
SetFileAttributesW - 0x0066CA18 0x0026C268 0x0025F668 0x00000000
FindNextFileW - 0x0066CA1C 0x0026C26C 0x0025F66C 0x00000000
CompareStringW - 0x0066CA20 0x0026C270 0x0025F670 0x00000000
GetLocaleInfoW - 0x0066CA24 0x0026C274 0x0025F674 0x00000000
GetDateFormatW - 0x0066CA28 0x0026C278 0x0025F678 0x00000000
FindFirstFileExW - 0x0066CA2C 0x0026C27C 0x0025F67C 0x00000000
GlobalAlloc - 0x0066CA30 0x0026C280 0x0025F680 0x00000000
GlobalReAlloc - 0x0066CA34 0x0026C284 0x0025F684 0x00000000
GlobalSize - 0x0066CA38 0x0026C288 0x0025F688 0x00000000
GlobalLock - 0x0066CA3C 0x0026C28C 0x0025F68C 0x00000000
GlobalUnlock - 0x0066CA40 0x0026C290 0x0025F690 0x00000000
VirtualFree - 0x0066CA44 0x0026C294 0x0025F694 0x00000000
GetExitCodeProcess - 0x0066CA48 0x0026C298 0x0025F698 0x00000000
GlobalDeleteAtom - 0x0066CA4C 0x0026C29C 0x0025F69C 0x00000000
GetLogicalDrives - 0x0066CA50 0x0026C2A0 0x0025F6A0 0x00000000
DeviceIoControl - 0x0066CA54 0x0026C2A4 0x0025F6A4 0x00000000
FindClose - 0x0066CA58 0x0026C2A8 0x0025F6A8 0x00000000
WinExec - 0x0066CA5C 0x0026C2AC 0x0025F6AC 0x00000000
MulDiv - 0x0066CA60 0x0026C2B0 0x0025F6B0 0x00000000
GetLocalTime - 0x0066CA64 0x0026C2B4 0x0025F6B4 0x00000000
SystemTimeToTzSpecificLocalTime - 0x0066CA68 0x0026C2B8 0x0025F6B8 0x00000000
FileTimeToLocalFileTime - 0x0066CA6C 0x0026C2BC 0x0025F6BC 0x00000000
FileTimeToSystemTime - 0x0066CA70 0x0026C2C0 0x0025F6C0 0x00000000
FileTimeToDosDateTime - 0x0066CA74 0x0026C2C4 0x0025F6C4 0x00000000
PeekNamedPipe - 0x0066CA78 0x0026C2C8 0x0025F6C8 0x00000000
GetCPInfo - 0x0066CA7C 0x0026C2CC 0x0025F6CC 0x00000000
GetThreadLocale - 0x0066CA80 0x0026C2D0 0x0025F6D0 0x00000000
SetThreadLocale - 0x0066CA84 0x0026C2D4 0x0025F6D4 0x00000000
GetUserDefaultLCID - 0x0066CA88 0x0026C2D8 0x0025F6D8 0x00000000
CreateToolhelp32Snapshot - 0x0066CA8C 0x0026C2DC 0x0025F6DC 0x00000000
Process32First - 0x0066CA90 0x0026C2E0 0x0025F6E0 0x00000000
Process32Next - 0x0066CA94 0x0026C2E4 0x0025F6E4 0x00000000
oleaut32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocStringLen - 0x0066CA9C 0x0026C2EC 0x0025F6EC 0x00000000
SysFreeString - 0x0066CAA0 0x0026C2F0 0x0025F6F0 0x00000000
SysReAllocStringLen - 0x0066CAA4 0x0026C2F4 0x0025F6F4 0x00000000
SafeArrayCreate - 0x0066CAA8 0x0026C2F8 0x0025F6F8 0x00000000
SafeArrayRedim - 0x0066CAAC 0x0026C2FC 0x0025F6FC 0x00000000
SafeArrayGetUBound - 0x0066CAB0 0x0026C300 0x0025F700 0x00000000
SafeArrayGetLBound - 0x0066CAB4 0x0026C304 0x0025F704 0x00000000
SafeArrayAccessData - 0x0066CAB8 0x0026C308 0x0025F708 0x00000000
SafeArrayUnaccessData - 0x0066CABC 0x0026C30C 0x0025F70C 0x00000000
SafeArrayGetElement - 0x0066CAC0 0x0026C310 0x0025F710 0x00000000
SafeArrayPutElement - 0x0066CAC4 0x0026C314 0x0025F714 0x00000000
SafeArrayPtrOfIndex - 0x0066CAC8 0x0026C318 0x0025F718 0x00000000
VariantChangeTypeEx - 0x0066CACC 0x0026C31C 0x0025F71C 0x00000000
VariantClear - 0x0066CAD0 0x0026C320 0x0025F720 0x00000000
VariantCopy - 0x0066CAD4 0x0026C324 0x0025F724 0x00000000
VariantInit - 0x0066CAD8 0x0026C328 0x0025F728 0x00000000
user32.dll (178)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA - 0x0066CAE0 0x0026C330 0x0025F730 0x00000000
CharUpperBuffW - 0x0066CAE4 0x0026C334 0x0025F734 0x00000000
CharLowerBuffW - 0x0066CAE8 0x0026C338 0x0025F738 0x00000000
SendMessageA - 0x0066CAEC 0x0026C33C 0x0025F73C 0x00000000
PostMessageA - 0x0066CAF0 0x0026C340 0x0025F740 0x00000000
DefWindowProcA - 0x0066CAF4 0x0026C344 0x0025F744 0x00000000
CallWindowProcA - 0x0066CAF8 0x0026C348 0x0025F748 0x00000000
RegisterClassA - 0x0066CAFC 0x0026C34C 0x0025F74C 0x00000000
UnregisterClassA - 0x0066CB00 0x0026C350 0x0025F750 0x00000000
GetClassInfoA - 0x0066CB04 0x0026C354 0x0025F754 0x00000000
CreateWindowExA - 0x0066CB08 0x0026C358 0x0025F758 0x00000000
RegisterClipboardFormatA - 0x0066CB0C 0x0026C35C 0x0025F75C 0x00000000
GetClipboardFormatNameA - 0x0066CB10 0x0026C360 0x0025F760 0x00000000
CharToOemA - 0x0066CB14 0x0026C364 0x0025F764 0x00000000
CharUpperA - 0x0066CB18 0x0026C368 0x0025F768 0x00000000
CharUpperBuffA - 0x0066CB1C 0x0026C36C 0x0025F76C 0x00000000
CharLowerA - 0x0066CB20 0x0026C370 0x0025F770 0x00000000
CharLowerBuffA - 0x0066CB24 0x0026C374 0x0025F774 0x00000000
GetMenuItemInfoA - 0x0066CB28 0x0026C378 0x0025F778 0x00000000
SetPropA - 0x0066CB2C 0x0026C37C 0x0025F77C 0x00000000
GetPropA - 0x0066CB30 0x0026C380 0x0025F780 0x00000000
RemovePropA - 0x0066CB34 0x0026C384 0x0025F784 0x00000000
EnumPropsA - 0x0066CB38 0x0026C388 0x0025F788 0x00000000
GetWindowLongA - 0x0066CB3C 0x0026C38C 0x0025F78C 0x00000000
SetWindowLongA - 0x0066CB40 0x0026C390 0x0025F790 0x00000000
GetClassLongA - 0x0066CB44 0x0026C394 0x0025F794 0x00000000
SetClassLongA - 0x0066CB48 0x0026C398 0x0025F798 0x00000000
GetClassNameA - 0x0066CB4C 0x0026C39C 0x0025F79C 0x00000000
LoadBitmapA - 0x0066CB50 0x0026C3A0 0x0025F7A0 0x00000000
LoadCursorA - 0x0066CB54 0x0026C3A4 0x0025F7A4 0x00000000
LoadIconA - 0x0066CB58 0x0026C3A8 0x0025F7A8 0x00000000
LoadImageA - 0x0066CB5C 0x0026C3AC 0x0025F7AC 0x00000000
SystemParametersInfoA - 0x0066CB60 0x0026C3B0 0x0025F7B0 0x00000000
DispatchMessageW - 0x0066CB64 0x0026C3B4 0x0025F7B4 0x00000000
PeekMessageW - 0x0066CB68 0x0026C3B8 0x0025F7B8 0x00000000
SendMessageW - 0x0066CB6C 0x0026C3BC 0x0025F7BC 0x00000000
DefWindowProcW - 0x0066CB70 0x0026C3C0 0x0025F7C0 0x00000000
CallWindowProcW - 0x0066CB74 0x0026C3C4 0x0025F7C4 0x00000000
RegisterClassW - 0x0066CB78 0x0026C3C8 0x0025F7C8 0x00000000
UnregisterClassW - 0x0066CB7C 0x0026C3CC 0x0025F7CC 0x00000000
GetClassInfoW - 0x0066CB80 0x0026C3D0 0x0025F7D0 0x00000000
CreateWindowExW - 0x0066CB84 0x0026C3D4 0x0025F7D4 0x00000000
InsertMenuItemW - 0x0066CB88 0x0026C3D8 0x0025F7D8 0x00000000
GetMenuItemInfoW - 0x0066CB8C 0x0026C3DC 0x0025F7DC 0x00000000
SetMenuItemInfoW - 0x0066CB90 0x0026C3E0 0x0025F7E0 0x00000000
DrawTextW - 0x0066CB94 0x0026C3E4 0x0025F7E4 0x00000000
DrawStateW - 0x0066CB98 0x0026C3E8 0x0025F7E8 0x00000000
SetWindowTextW - 0x0066CB9C 0x0026C3EC 0x0025F7EC 0x00000000
GetWindowTextW - 0x0066CBA0 0x0026C3F0 0x0025F7F0 0x00000000
GetWindowTextLengthW - 0x0066CBA4 0x0026C3F4 0x0025F7F4 0x00000000
MessageBoxW - 0x0066CBA8 0x0026C3F8 0x0025F7F8 0x00000000
GetWindowLongW - 0x0066CBAC 0x0026C3FC 0x0025F7FC 0x00000000
SetWindowLongW - 0x0066CBB0 0x0026C400 0x0025F800 0x00000000
DefFrameProcW - 0x0066CBB4 0x0026C404 0x0025F804 0x00000000
DefMDIChildProcW - 0x0066CBB8 0x0026C408 0x0025F808 0x00000000
TranslateMessage - 0x0066CBBC 0x0026C40C 0x0025F80C 0x00000000
PostQuitMessage - 0x0066CBC0 0x0026C410 0x0025F810 0x00000000
GetDoubleClickTime - 0x0066CBC4 0x0026C414 0x0025F814 0x00000000
IsWindow - 0x0066CBC8 0x0026C418 0x0025F818 0x00000000
IsMenu - 0x0066CBCC 0x0026C41C 0x0025F81C 0x00000000
DestroyWindow - 0x0066CBD0 0x0026C420 0x0025F820 0x00000000
ShowWindow - 0x0066CBD4 0x0026C424 0x0025F824 0x00000000
ShowWindowAsync - 0x0066CBD8 0x0026C428 0x0025F828 0x00000000
ShowOwnedPopups - 0x0066CBDC 0x0026C42C 0x0025F82C 0x00000000
MoveWindow - 0x0066CBE0 0x0026C430 0x0025F830 0x00000000
SetWindowPos - 0x0066CBE4 0x0026C434 0x0025F834 0x00000000
GetWindowPlacement - 0x0066CBE8 0x0026C438 0x0025F838 0x00000000
SetWindowPlacement - 0x0066CBEC 0x0026C43C 0x0025F83C 0x00000000
BeginDeferWindowPos - 0x0066CBF0 0x0026C440 0x0025F840 0x00000000
DeferWindowPos - 0x0066CBF4 0x0026C444 0x0025F844 0x00000000
EndDeferWindowPos - 0x0066CBF8 0x0026C448 0x0025F848 0x00000000
IsWindowVisible - 0x0066CBFC 0x0026C44C 0x0025F84C 0x00000000
IsIconic - 0x0066CC00 0x0026C450 0x0025F850 0x00000000
BringWindowToTop - 0x0066CC04 0x0026C454 0x0025F854 0x00000000
IsZoomed - 0x0066CC08 0x0026C458 0x0025F858 0x00000000
OpenClipboard - 0x0066CC0C 0x0026C45C 0x0025F85C 0x00000000
CloseClipboard - 0x0066CC10 0x0026C460 0x0025F860 0x00000000
SetClipboardData - 0x0066CC14 0x0026C464 0x0025F864 0x00000000
GetClipboardData - 0x0066CC18 0x0026C468 0x0025F868 0x00000000
CountClipboardFormats - 0x0066CC1C 0x0026C46C 0x0025F86C 0x00000000
EnumClipboardFormats - 0x0066CC20 0x0026C470 0x0025F870 0x00000000
EmptyClipboard - 0x0066CC24 0x0026C474 0x0025F874 0x00000000
IsClipboardFormatAvailable - 0x0066CC28 0x0026C478 0x0025F878 0x00000000
SetFocus - 0x0066CC2C 0x0026C47C 0x0025F87C 0x00000000
GetActiveWindow - 0x0066CC30 0x0026C480 0x0025F880 0x00000000
GetFocus - 0x0066CC34 0x0026C484 0x0025F884 0x00000000
GetKeyState - 0x0066CC38 0x0026C488 0x0025F888 0x00000000
GetCapture - 0x0066CC3C 0x0026C48C 0x0025F88C 0x00000000
SetCapture - 0x0066CC40 0x0026C490 0x0025F890 0x00000000
ReleaseCapture - 0x0066CC44 0x0026C494 0x0025F894 0x00000000
MsgWaitForMultipleObjects - 0x0066CC48 0x0026C498 0x0025F898 0x00000000
SetTimer - 0x0066CC4C 0x0026C49C 0x0025F89C 0x00000000
KillTimer - 0x0066CC50 0x0026C4A0 0x0025F8A0 0x00000000
EnableWindow - 0x0066CC54 0x0026C4A4 0x0025F8A4 0x00000000
IsWindowEnabled - 0x0066CC58 0x0026C4A8 0x0025F8A8 0x00000000
GetSystemMetrics - 0x0066CC5C 0x0026C4AC 0x0025F8AC 0x00000000
GetMenu - 0x0066CC60 0x0026C4B0 0x0025F8B0 0x00000000
SetMenu - 0x0066CC64 0x0026C4B4 0x0025F8B4 0x00000000
DrawMenuBar - 0x0066CC68 0x0026C4B8 0x0025F8B8 0x00000000
GetSystemMenu - 0x0066CC6C 0x0026C4BC 0x0025F8BC 0x00000000
CreateMenu - 0x0066CC70 0x0026C4C0 0x0025F8C0 0x00000000
CreatePopupMenu - 0x0066CC74 0x0026C4C4 0x0025F8C4 0x00000000
DestroyMenu - 0x0066CC78 0x0026C4C8 0x0025F8C8 0x00000000
EnableMenuItem - 0x0066CC7C 0x0026C4CC 0x0025F8CC 0x00000000
GetSubMenu - 0x0066CC80 0x0026C4D0 0x0025F8D0 0x00000000
GetMenuItemCount - 0x0066CC84 0x0026C4D4 0x0025F8D4 0x00000000
RemoveMenu - 0x0066CC88 0x0026C4D8 0x0025F8D8 0x00000000
DeleteMenu - 0x0066CC8C 0x0026C4DC 0x0025F8DC 0x00000000
GetMenuItemRect - 0x0066CC90 0x0026C4E0 0x0025F8E0 0x00000000
UpdateWindow - 0x0066CC94 0x0026C4E4 0x0025F8E4 0x00000000
SetActiveWindow - 0x0066CC98 0x0026C4E8 0x0025F8E8 0x00000000
GetForegroundWindow - 0x0066CC9C 0x0026C4EC 0x0025F8EC 0x00000000
SetForegroundWindow - 0x0066CCA0 0x0026C4F0 0x0025F8F0 0x00000000
WindowFromDC - 0x0066CCA4 0x0026C4F4 0x0025F8F4 0x00000000
GetDC - 0x0066CCA8 0x0026C4F8 0x0025F8F8 0x00000000
GetDCEx - 0x0066CCAC 0x0026C4FC 0x0025F8FC 0x00000000
GetWindowDC - 0x0066CCB0 0x0026C500 0x0025F900 0x00000000
ReleaseDC - 0x0066CCB4 0x0026C504 0x0025F904 0x00000000
BeginPaint - 0x0066CCB8 0x0026C508 0x0025F908 0x00000000
EndPaint - 0x0066CCBC 0x0026C50C 0x0025F90C 0x00000000
GetUpdateRect - 0x0066CCC0 0x0026C510 0x0025F910 0x00000000
SetWindowRgn - 0x0066CCC4 0x0026C514 0x0025F914 0x00000000
InvalidateRect - 0x0066CCC8 0x0026C518 0x0025F918 0x00000000
InvalidateRgn - 0x0066CCCC 0x0026C51C 0x0025F91C 0x00000000
RedrawWindow - 0x0066CCD0 0x0026C520 0x0025F920 0x00000000
ScrollWindowEx - 0x0066CCD4 0x0026C524 0x0025F924 0x00000000
ShowScrollBar - 0x0066CCD8 0x0026C528 0x0025F928 0x00000000
EnableScrollBar - 0x0066CCDC 0x0026C52C 0x0025F92C 0x00000000
GetClientRect - 0x0066CCE0 0x0026C530 0x0025F930 0x00000000
GetWindowRect - 0x0066CCE4 0x0026C534 0x0025F934 0x00000000
AdjustWindowRectEx - 0x0066CCE8 0x0026C538 0x0025F938 0x00000000
MessageBeep - 0x0066CCEC 0x0026C53C 0x0025F93C 0x00000000
SetCursorPos - 0x0066CCF0 0x0026C540 0x0025F940 0x00000000
SetCursor - 0x0066CCF4 0x0026C544 0x0025F944 0x00000000
GetCursorPos - 0x0066CCF8 0x0026C548 0x0025F948 0x00000000
CreateCaret - 0x0066CCFC 0x0026C54C 0x0025F94C 0x00000000
DestroyCaret - 0x0066CD00 0x0026C550 0x0025F950 0x00000000
HideCaret - 0x0066CD04 0x0026C554 0x0025F954 0x00000000
ShowCaret - 0x0066CD08 0x0026C558 0x0025F958 0x00000000
SetCaretPos - 0x0066CD0C 0x0026C55C 0x0025F95C 0x00000000
GetCaretPos - 0x0066CD10 0x0026C560 0x0025F960 0x00000000
ClientToScreen - 0x0066CD14 0x0026C564 0x0025F964 0x00000000
ScreenToClient - 0x0066CD18 0x0026C568 0x0025F968 0x00000000
MapWindowPoints - 0x0066CD1C 0x0026C56C 0x0025F96C 0x00000000
WindowFromPoint - 0x0066CD20 0x0026C570 0x0025F970 0x00000000
GetSysColor - 0x0066CD24 0x0026C574 0x0025F974 0x00000000
GetSysColorBrush - 0x0066CD28 0x0026C578 0x0025F978 0x00000000
SetSysColors - 0x0066CD2C 0x0026C57C 0x0025F97C 0x00000000
DrawFocusRect - 0x0066CD30 0x0026C580 0x0025F980 0x00000000
FillRect - 0x0066CD34 0x0026C584 0x0025F984 0x00000000
FrameRect - 0x0066CD38 0x0026C588 0x0025F988 0x00000000
SetRect - 0x0066CD3C 0x0026C58C 0x0025F98C 0x00000000
InflateRect - 0x0066CD40 0x0026C590 0x0025F990 0x00000000
IntersectRect - 0x0066CD44 0x0026C594 0x0025F994 0x00000000
OffsetRect - 0x0066CD48 0x0026C598 0x0025F998 0x00000000
GetDesktopWindow - 0x0066CD4C 0x0026C59C 0x0025F99C 0x00000000
GetParent - 0x0066CD50 0x0026C5A0 0x0025F9A0 0x00000000
SetParent - 0x0066CD54 0x0026C5A4 0x0025F9A4 0x00000000
EnumThreadWindows - 0x0066CD58 0x0026C5A8 0x0025F9A8 0x00000000
GetTopWindow - 0x0066CD5C 0x0026C5AC 0x0025F9AC 0x00000000
GetWindowThreadProcessId - 0x0066CD60 0x0026C5B0 0x0025F9B0 0x00000000
GetLastActivePopup - 0x0066CD64 0x0026C5B4 0x0025F9B4 0x00000000
GetWindow - 0x0066CD68 0x0026C5B8 0x0025F9B8 0x00000000
CallNextHookEx - 0x0066CD6C 0x0026C5BC 0x0025F9BC 0x00000000
DestroyCursor - 0x0066CD70 0x0026C5C0 0x0025F9C0 0x00000000
DestroyIcon - 0x0066CD74 0x0026C5C4 0x0025F9C4 0x00000000
CopyImage - 0x0066CD78 0x0026C5C8 0x0025F9C8 0x00000000
CreateIconIndirect - 0x0066CD7C 0x0026C5CC 0x0025F9CC 0x00000000
GetIconInfo - 0x0066CD80 0x0026C5D0 0x0025F9D0 0x00000000
SetScrollInfo - 0x0066CD84 0x0026C5D4 0x0025F9D4 0x00000000
GetScrollInfo - 0x0066CD88 0x0026C5D8 0x0025F9D8 0x00000000
TranslateMDISysAccel - 0x0066CD8C 0x0026C5DC 0x0025F9DC 0x00000000
DrawEdge - 0x0066CD90 0x0026C5E0 0x0025F9E0 0x00000000
DrawFrameControl - 0x0066CD94 0x0026C5E4 0x0025F9E4 0x00000000
TrackPopupMenuEx - 0x0066CD98 0x0026C5E8 0x0025F9E8 0x00000000
ChildWindowFromPointEx - 0x0066CD9C 0x0026C5EC 0x0025F9EC 0x00000000
DrawIconEx - 0x0066CDA0 0x0026C5F0 0x0025F9F0 0x00000000
FlashWindowEx - 0x0066CDA4 0x0026C5F4 0x0025F9F4 0x00000000
advapi32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserNameA - 0x0066CDAC 0x0026C5FC 0x0025F9FC 0x00000000
RegSetValueExW - 0x0066CDB0 0x0026C600 0x0025FA00 0x00000000
RegQueryValueExW - 0x0066CDB4 0x0026C604 0x0025FA04 0x00000000
RegCreateKeyExW - 0x0066CDB8 0x0026C608 0x0025FA08 0x00000000
RegOpenKeyExW - 0x0066CDBC 0x0026C60C 0x0025FA0C 0x00000000
RegCloseKey - 0x0066CDC0 0x0026C610 0x0025FA10 0x00000000
RegFlushKey - 0x0066CDC4 0x0026C614 0x0025FA14 0x00000000
gdi32.dll (108)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontIndirectA - 0x0066CDCC 0x0026C61C 0x0025FA1C 0x00000000
EnumFontFamiliesA - 0x0066CDD0 0x0026C620 0x0025FA20 0x00000000
GetCharABCWidthsA - 0x0066CDD4 0x0026C624 0x0025FA24 0x00000000
GetTextExtentPointA - 0x0066CDD8 0x0026C628 0x0025FA28 0x00000000
GetTextMetricsA - 0x0066CDDC 0x0026C62C 0x0025FA2C 0x00000000
GetObjectA - 0x0066CDE0 0x0026C630 0x0025FA30 0x00000000
ExtTextOutA - 0x0066CDE4 0x0026C634 0x0025FA34 0x00000000
CreateFontIndirectW - 0x0066CDE8 0x0026C638 0x0025FA38 0x00000000
EnumFontFamiliesExW - 0x0066CDEC 0x0026C63C 0x0025FA3C 0x00000000
GetCharABCWidthsW - 0x0066CDF0 0x0026C640 0x0025FA40 0x00000000
GetTextExtentPoint32W - 0x0066CDF4 0x0026C644 0x0025FA44 0x00000000
GetTextExtentExPointW - 0x0066CDF8 0x0026C648 0x0025FA48 0x00000000
GetObjectW - 0x0066CDFC 0x0026C64C 0x0025FA4C 0x00000000
TextOutW - 0x0066CE00 0x0026C650 0x0025FA50 0x00000000
ExtTextOutW - 0x0066CE04 0x0026C654 0x0025FA54 0x00000000
GetRandomRgn - 0x0066CE08 0x0026C658 0x0025FA58 0x00000000
Arc - 0x0066CE0C 0x0026C65C 0x0025FA5C 0x00000000
BitBlt - 0x0066CE10 0x0026C660 0x0025FA60 0x00000000
Chord - 0x0066CE14 0x0026C664 0x0025FA64 0x00000000
CombineRgn - 0x0066CE18 0x0026C668 0x0025FA68 0x00000000
CreateBitmap - 0x0066CE1C 0x0026C66C 0x0025FA6C 0x00000000
CreateBrushIndirect - 0x0066CE20 0x0026C670 0x0025FA70 0x00000000
CreateCompatibleBitmap - 0x0066CE24 0x0026C674 0x0025FA74 0x00000000
CreateCompatibleDC - 0x0066CE28 0x0026C678 0x0025FA78 0x00000000
CreateDIBitmap - 0x0066CE2C 0x0026C67C 0x0025FA7C 0x00000000
CreateEllipticRgn - 0x0066CE30 0x0026C680 0x0025FA80 0x00000000
CreatePen - 0x0066CE34 0x0026C684 0x0025FA84 0x00000000
CreatePenIndirect - 0x0066CE38 0x0026C688 0x0025FA88 0x00000000
CreatePatternBrush - 0x0066CE3C 0x0026C68C 0x0025FA8C 0x00000000
CreateRectRgn - 0x0066CE40 0x0026C690 0x0025FA90 0x00000000
CreateRoundRectRgn - 0x0066CE44 0x0026C694 0x0025FA94 0x00000000
CreateSolidBrush - 0x0066CE48 0x0026C698 0x0025FA98 0x00000000
DeleteDC - 0x0066CE4C 0x0026C69C 0x0025FA9C 0x00000000
DeleteObject - 0x0066CE50 0x0026C6A0 0x0025FAA0 0x00000000
Ellipse - 0x0066CE54 0x0026C6A4 0x0025FAA4 0x00000000
EqualRgn - 0x0066CE58 0x0026C6A8 0x0025FAA8 0x00000000
ExcludeClipRect - 0x0066CE5C 0x0026C6AC 0x0025FAAC 0x00000000
ExtCreateRegion - 0x0066CE60 0x0026C6B0 0x0025FAB0 0x00000000
ExtFloodFill - 0x0066CE64 0x0026C6B4 0x0025FAB4 0x00000000
FillRgn - 0x0066CE68 0x0026C6B8 0x0025FAB8 0x00000000
GetROP2 - 0x0066CE6C 0x0026C6BC 0x0025FABC 0x00000000
GetBkColor - 0x0066CE70 0x0026C6C0 0x0025FAC0 0x00000000
GetBitmapBits - 0x0066CE74 0x0026C6C4 0x0025FAC4 0x00000000
GetClipBox - 0x0066CE78 0x0026C6C8 0x0025FAC8 0x00000000
GetClipRgn - 0x0066CE7C 0x0026C6CC 0x0025FACC 0x00000000
GetCurrentObject - 0x0066CE80 0x0026C6D0 0x0025FAD0 0x00000000
GetDeviceCaps - 0x0066CE84 0x0026C6D4 0x0025FAD4 0x00000000
GetDIBits - 0x0066CE88 0x0026C6D8 0x0025FAD8 0x00000000
GetMapMode - 0x0066CE8C 0x0026C6DC 0x0025FADC 0x00000000
GetObjectType - 0x0066CE90 0x0026C6E0 0x0025FAE0 0x00000000
GetPixel - 0x0066CE94 0x0026C6E4 0x0025FAE4 0x00000000
GetRegionData - 0x0066CE98 0x0026C6E8 0x0025FAE8 0x00000000
GetRgnBox - 0x0066CE9C 0x0026C6EC 0x0025FAEC 0x00000000
GetStockObject - 0x0066CEA0 0x0026C6F0 0x0025FAF0 0x00000000
GetTextAlign - 0x0066CEA4 0x0026C6F4 0x0025FAF4 0x00000000
GetTextColor - 0x0066CEA8 0x0026C6F8 0x0025FAF8 0x00000000
GetViewportExtEx - 0x0066CEAC 0x0026C6FC 0x0025FAFC 0x00000000
GetViewportOrgEx - 0x0066CEB0 0x0026C700 0x0025FB00 0x00000000
GetWindowExtEx - 0x0066CEB4 0x0026C704 0x0025FB04 0x00000000
GetWindowOrgEx - 0x0066CEB8 0x0026C708 0x0025FB08 0x00000000
IntersectClipRect - 0x0066CEBC 0x0026C70C 0x0025FB0C 0x00000000
LineTo - 0x0066CEC0 0x0026C710 0x0025FB10 0x00000000
MaskBlt - 0x0066CEC4 0x0026C714 0x0025FB14 0x00000000
OffsetRgn - 0x0066CEC8 0x0026C718 0x0025FB18 0x00000000
PatBlt - 0x0066CECC 0x0026C71C 0x0025FB1C 0x00000000
Pie - 0x0066CED0 0x0026C720 0x0025FB20 0x00000000
PaintRgn - 0x0066CED4 0x0026C724 0x0025FB24 0x00000000
PtInRegion - 0x0066CED8 0x0026C728 0x0025FB28 0x00000000
RectInRegion - 0x0066CEDC 0x0026C72C 0x0025FB2C 0x00000000
RectVisible - 0x0066CEE0 0x0026C730 0x0025FB30 0x00000000
Rectangle - 0x0066CEE4 0x0026C734 0x0025FB34 0x00000000
RestoreDC - 0x0066CEE8 0x0026C738 0x0025FB38 0x00000000
RealizePalette - 0x0066CEEC 0x0026C73C 0x0025FB3C 0x00000000
RoundRect - 0x0066CEF0 0x0026C740 0x0025FB40 0x00000000
SaveDC - 0x0066CEF4 0x0026C744 0x0025FB44 0x00000000
SelectClipRgn - 0x0066CEF8 0x0026C748 0x0025FB48 0x00000000
ExtSelectClipRgn - 0x0066CEFC 0x0026C74C 0x0025FB4C 0x00000000
SelectObject - 0x0066CF00 0x0026C750 0x0025FB50 0x00000000
SelectPalette - 0x0066CF04 0x0026C754 0x0025FB54 0x00000000
SetBkColor - 0x0066CF08 0x0026C758 0x0025FB58 0x00000000
SetBkMode - 0x0066CF0C 0x0026C75C 0x0025FB5C 0x00000000
SetMapMode - 0x0066CF10 0x0026C760 0x0025FB60 0x00000000
SetPixel - 0x0066CF14 0x0026C764 0x0025FB64 0x00000000
SetPolyFillMode - 0x0066CF18 0x0026C768 0x0025FB68 0x00000000
StretchBlt - 0x0066CF1C 0x0026C76C 0x0025FB6C 0x00000000
SetRectRgn - 0x0066CF20 0x0026C770 0x0025FB70 0x00000000
SetROP2 - 0x0066CF24 0x0026C774 0x0025FB74 0x00000000
SetStretchBltMode - 0x0066CF28 0x0026C778 0x0025FB78 0x00000000
SetTextCharacterExtra - 0x0066CF2C 0x0026C77C 0x0025FB7C 0x00000000
SetTextColor - 0x0066CF30 0x0026C780 0x0025FB80 0x00000000
SetTextAlign - 0x0066CF34 0x0026C784 0x0025FB84 0x00000000
CreateDIBSection - 0x0066CF38 0x0026C788 0x0025FB88 0x00000000
SetArcDirection - 0x0066CF3C 0x0026C78C 0x0025FB8C 0x00000000
ExtCreatePen - 0x0066CF40 0x0026C790 0x0025FB90 0x00000000
MoveToEx - 0x0066CF44 0x0026C794 0x0025FB94 0x00000000
CreatePolygonRgn - 0x0066CF48 0x0026C798 0x0025FB98 0x00000000
DPtoLP - 0x0066CF4C 0x0026C79C 0x0025FB9C 0x00000000
LPtoDP - 0x0066CF50 0x0026C7A0 0x0025FBA0 0x00000000
Polygon - 0x0066CF54 0x0026C7A4 0x0025FBA4 0x00000000
Polyline - 0x0066CF58 0x0026C7A8 0x0025FBA8 0x00000000
PolyBezier - 0x0066CF5C 0x0026C7AC 0x0025FBAC 0x00000000
SetViewportExtEx - 0x0066CF60 0x0026C7B0 0x0025FBB0 0x00000000
SetViewportOrgEx - 0x0066CF64 0x0026C7B4 0x0025FBB4 0x00000000
SetWindowExtEx - 0x0066CF68 0x0026C7B8 0x0025FBB8 0x00000000
SetWindowOrgEx - 0x0066CF6C 0x0026C7BC 0x0025FBBC 0x00000000
OffsetViewportOrgEx - 0x0066CF70 0x0026C7C0 0x0025FBC0 0x00000000
SetBrushOrgEx - 0x0066CF74 0x0026C7C4 0x0025FBC4 0x00000000
GetDCOrgEx - 0x0066CF78 0x0026C7C8 0x0025FBC8 0x00000000
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeA - 0x0066CF80 0x0026C7D0 0x0025FBD0 0x00000000
GetFileVersionInfoA - 0x0066CF84 0x0026C7D4 0x0025FBD4 0x00000000
VerQueryValueA - 0x0066CF88 0x0026C7D8 0x0025FBD8 0x00000000
shell32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryFileA - 0x0066CF90 0x0026C7E0 0x0025FBE0 0x00000000
ShellExecuteA - 0x0066CF94 0x0026C7E4 0x0025FBE4 0x00000000
DragQueryFileW - 0x0066CF98 0x0026C7E8 0x0025FBE8 0x00000000
DragFinish - 0x0066CF9C 0x0026C7EC 0x0025FBEC 0x00000000
DragAcceptFiles - 0x0066CFA0 0x0026C7F0 0x0025FBF0 0x00000000
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleInitialize - 0x0066CFA8 0x0026C7F8 0x0025FBF8 0x00000000
OleUninitialize - 0x0066CFAC 0x0026C7FC 0x0025FBFC 0x00000000
comctl32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControls - 0x0066CFB4 0x0026C804 0x0025FC04 0x00000000
ImageList_Create - 0x0066CFB8 0x0026C808 0x0025FC08 0x00000000
ImageList_Destroy - 0x0066CFBC 0x0026C80C 0x0025FC0C 0x00000000
ImageList_GetImageCount - 0x0066CFC0 0x0026C810 0x0025FC10 0x00000000
ImageList_SetImageCount - 0x0066CFC4 0x0026C814 0x0025FC14 0x00000000
ImageList_Add - 0x0066CFC8 0x0026C818 0x0025FC18 0x00000000
ImageList_Replace - 0x0066CFCC 0x0026C81C 0x0025FC1C 0x00000000
ImageList_AddMasked - 0x0066CFD0 0x0026C820 0x0025FC20 0x00000000
ImageList_DrawEx - 0x0066CFD4 0x0026C824 0x0025FC24 0x00000000
ImageList_DrawIndirect - 0x0066CFD8 0x0026C828 0x0025FC28 0x00000000
ImageList_Remove - 0x0066CFDC 0x0026C82C 0x0025FC2C 0x00000000
ImageList_Copy - 0x0066CFE0 0x0026C830 0x0025FC30 0x00000000
ImageList_BeginDrag - 0x0066CFE4 0x0026C834 0x0025FC34 0x00000000
ImageList_EndDrag - 0x0066CFE8 0x0026C838 0x0025FC38 0x00000000
ImageList_DragEnter - 0x0066CFEC 0x0026C83C 0x0025FC3C 0x00000000
ImageList_DragLeave - 0x0066CFF0 0x0026C840 0x0025FC40 0x00000000
ImageList_DragMove - 0x0066CFF4 0x0026C844 0x0025FC44 0x00000000
ImageList_DragShowNolock - 0x0066CFF8 0x0026C848 0x0025FC48 0x00000000
_TrackMouseEvent - 0x0066CFFC 0x0026C84C 0x0025FC4C 0x00000000
ws2_32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
closesocket - 0x0066D004 0x0026C854 0x0025FC54 0x00000000
connect - 0x0066D008 0x0026C858 0x0025FC58 0x00000000
ioctlsocket - 0x0066D00C 0x0026C85C 0x0025FC5C 0x00000000
getsockopt - 0x0066D010 0x0026C860 0x0025FC60 0x00000000
recv - 0x0066D014 0x0026C864 0x0025FC64 0x00000000
select - 0x0066D018 0x0026C868 0x0025FC68 0x00000000
send - 0x0066D01C 0x0026C86C 0x0025FC6C 0x00000000
setsockopt - 0x0066D020 0x0026C870 0x0025FC70 0x00000000
shutdown - 0x0066D024 0x0026C874 0x0025FC74 0x00000000
socket - 0x0066D028 0x0026C878 0x0025FC78 0x00000000
WSAStartup - 0x0066D02C 0x0026C87C 0x0025FC7C 0x00000000
WSACleanup - 0x0066D030 0x0026C880 0x0025FC80 0x00000000
WSAGetLastError - 0x0066D034 0x0026C884 0x0025FC84 0x00000000
__WSAFDIsSet - 0x0066D038 0x0026C888 0x0025FC88 0x00000000
wsock32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
gethostbyaddr - 0x0066D040 0x0026C890 0x0025FC90 0x00000000
gethostbyname - 0x0066D044 0x0026C894 0x0025FC94 0x00000000
WSAStartup - 0x0066D048 0x0026C898 0x0025FC98 0x00000000
Memory Dumps (136)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
rdhj0cnfevzx% 3 0x00400000 0x00690FFF Relevant Image False 32-bit 0x0040FCC0 False
rdhj0cnfevzx% 6 0x00400000 0x00690FFF Relevant Image False 32-bit 0x0040FCC0 False
buffer 6 0x01891AC0 0x01892C57 Process Termination False 32-bit - False
buffer 6 0x01892C60 0x0189AC5F Process Termination False 32-bit - False
buffer 6 0x0189AC68 0x018A2C67 Process Termination False 32-bit - False
buffer 6 0x018A3478 0x018AB477 Process Termination False 32-bit - False
buffer 6 0x018AB480 0x018B347F Process Termination False 32-bit - False
buffer 6 0x018B3488 0x018BB487 Process Termination False 32-bit - False
buffer 6 0x018BB490 0x018C348F Process Termination False 32-bit - False
buffer 6 0x018C3498 0x01903497 Process Termination False 32-bit - False
buffer 6 0x019034A0 0x0190B49F Process Termination False 32-bit - False
buffer 6 0x0190B4A8 0x019134A7 Process Termination False 32-bit - False
buffer 6 0x019134B0 0x0191B4AF Process Termination False 32-bit - False
buffer 6 0x0191B4B8 0x019234B7 Process Termination False 32-bit - False
buffer 6 0x019234C0 0x0192B4BF Process Termination False 32-bit - False
buffer 6 0x0192B4C8 0x019334C7 Process Termination False 32-bit - False
buffer 6 0x01937748 0x0193F747 Process Termination False 32-bit - False
buffer 6 0x0193F750 0x0194774F Process Termination False 32-bit - False
buffer 6 0x01949348 0x01951347 Process Termination False 32-bit - False
buffer 6 0x01951350 0x0195934F Process Termination False 32-bit - False
buffer 6 0x0195CE88 0x01964E87 Process Termination False 32-bit - False
buffer 6 0x01964E90 0x0196CE8F Process Termination False 32-bit - False
buffer 6 0x0196CE98 0x01974E97 Process Termination False 32-bit - False
buffer 6 0x01975810 0x019769A7 Process Termination False 32-bit - False
buffer 6 0x040A0048 0x040E0047 Process Termination False 32-bit - False
buffer 6 0x040E0050 0x0412004F Process Termination False 32-bit - False
buffer 6 0x04120DF8 0x04160DF7 Process Termination False 32-bit - False
buffer 6 0x04163FC8 0x0416BFC7 Process Termination False 32-bit - False
buffer 6 0x0416BFD0 0x04173FCF Process Termination False 32-bit - False
buffer 6 0x041781C0 0x04179357 Process Termination False 32-bit - False
buffer 6 0x0417B780 0x0417C917 Process Termination False 32-bit - False
buffer 6 0x04180898 0x04181A2F Process Termination False 32-bit - False
buffer 6 0x08877B58 0x08878CEF Process Termination False 32-bit - False
buffer 6 0x08878CF8 0x08880CF7 Process Termination False 32-bit - False
buffer 6 0x08880D00 0x08888CFF Process Termination False 32-bit - False
buffer 6 0x08888D08 0x08890D07 Process Termination False 32-bit - False
buffer 6 0x08890D10 0x08898D0F Process Termination False 32-bit - False
buffer 6 0x088C1D48 0x088C9D47 Process Termination False 32-bit - False
buffer 6 0x088C9D50 0x088D1D4F Process Termination False 32-bit - False
buffer 6 0x088D1D58 0x08911D57 Process Termination False 32-bit - False
buffer 6 0x09EF8020 0x0A31801F Process Termination False 32-bit - False
buffer 6 0x0A326020 0x0A74601F Process Termination False 32-bit - False
rdhj0cnfevzx% 6 0x00400000 0x00690FFF Process Termination False 32-bit - False
rdhj0cnfevzx% 30 0x00400000 0x00690FFF Relevant Image False 32-bit 0x00454C60 False
buffer 30 0x01A71AA8 0x01A72C3F Process Termination False 32-bit - False
buffer 30 0x01A72C48 0x01A7AC47 Process Termination False 32-bit - False
buffer 30 0x01A7AC50 0x01A82C4F Process Termination False 32-bit - False
buffer 30 0x01A83460 0x01A8B45F Process Termination False 32-bit - False
buffer 30 0x01A8B468 0x01A93467 Process Termination False 32-bit - False
buffer 30 0x01A93470 0x01A9B46F Process Termination False 32-bit - False
buffer 30 0x01A9B478 0x01AA3477 Process Termination False 32-bit - False
buffer 30 0x01AA3480 0x01AE347F Process Termination False 32-bit - False
buffer 30 0x01AE3488 0x01AEB487 Process Termination False 32-bit - False
buffer 30 0x01AEB490 0x01AF348F Process Termination False 32-bit - False
buffer 30 0x01AF3498 0x01AFB497 Process Termination False 32-bit - False
buffer 30 0x01AFB4A0 0x01B0349F Process Termination False 32-bit - False
buffer 30 0x01B034A8 0x01B0B4A7 Process Termination False 32-bit - False
buffer 30 0x01B0B4B0 0x01B134AF Process Termination False 32-bit - False
buffer 30 0x01B17328 0x01B1F327 Process Termination False 32-bit - False
buffer 30 0x01B1F330 0x01B2732F Process Termination False 32-bit - False
buffer 30 0x01B29680 0x01B3167F Process Termination False 32-bit - False
buffer 30 0x01B31898 0x01B32A2F Process Termination False 32-bit - False
buffer 30 0x01B32E40 0x01B3AE3F Process Termination False 32-bit - False
buffer 30 0x01B3F468 0x01B47467 Process Termination False 32-bit - False
buffer 30 0x01B47470 0x01B4F46F Process Termination False 32-bit - False
buffer 30 0x01B4F478 0x01B57477 Process Termination False 32-bit - False
buffer 30 0x040F0048 0x04130047 Process Termination False 32-bit - False
buffer 30 0x04130050 0x0417004F Process Termination False 32-bit - False
buffer 30 0x04170058 0x041B0057 Process Termination False 32-bit - False
buffer 30 0x041B0E38 0x041B1FCF Process Termination False 32-bit - False
buffer 30 0x041B1FD8 0x041B9FD7 Process Termination False 32-bit - False
buffer 30 0x041B9FE0 0x041C1FDF Process Termination False 32-bit - False
buffer 30 0x041C3120 0x041C42B7 Process Termination False 32-bit - False
buffer 30 0x041CE1A0 0x041CF337 Process Termination False 32-bit - False
buffer 30 0x041CF790 0x041D0927 Process Termination False 32-bit - False
buffer 30 0x089A24F0 0x089A3687 Process Termination False 32-bit - False
buffer 30 0x089ABF70 0x089B3F6F Process Termination False 32-bit - False
buffer 30 0x089B5F80 0x089BDF7F Process Termination False 32-bit - False
buffer 30 0x089BDF88 0x089C5F87 Process Termination False 32-bit - False
buffer 30 0x089C5F90 0x089CDF8F Process Termination False 32-bit - False
buffer 30 0x089CDF98 0x089D5F97 Process Termination False 32-bit - False
buffer 30 0x089D5FA0 0x089DDF9F Process Termination False 32-bit - False
buffer 30 0x089DDFA8 0x089E5FA7 Process Termination False 32-bit - False
buffer 30 0x089E7150 0x089EF14F Process Termination False 32-bit - False
buffer 30 0x089EF158 0x089F7157 Process Termination False 32-bit - False
buffer 30 0x089FEFD0 0x08A06FCF Process Termination False 32-bit - False
buffer 30 0x08A06FD8 0x08A0EFD7 Process Termination False 32-bit - False
buffer 30 0x08A0EFE0 0x08A4EFDF Process Termination False 32-bit - False
buffer 30 0x08A4EFE8 0x08A56FE7 Process Termination False 32-bit - False
buffer 30 0x08A56FF0 0x08A5EFEF Process Termination False 32-bit - False
buffer 30 0x08A5EFF8 0x08A66FF7 Process Termination False 32-bit - False
buffer 30 0x08A67000 0x08A6EFFF Process Termination False 32-bit - False
buffer 30 0x08A73460 0x08A7B45F Process Termination False 32-bit - False
buffer 30 0x09BAD020 0x09DBD01F Process Termination False 32-bit - False
buffer 30 0x09DCC020 0x09FDC01F Process Termination False 32-bit - False
buffer 30 0x0A636020 0x0A85601F Process Termination False 32-bit - False
buffer 30 0x0BA77020 0x0BE9701F Process Termination False 32-bit - False
buffer 30 0x0BEAE020 0x0C0CE01F Process Termination False 32-bit - False
buffer 30 0x0C2E7020 0x0C70701F Process Termination False 32-bit - False
buffer 30 0x0CB47020 0x0CD6701F Process Termination False 32-bit - False
rdhj0cnfevzx% 30 0x00400000 0x00690FFF Process Termination False 32-bit - False
rdhj0cnfevzx% 53 0x00400000 0x00690FFF Relevant Image False 32-bit 0x00437260 False
buffer 53 0x01721AB0 0x01722C47 Final Dump False 32-bit - False
buffer 53 0x01722C50 0x0172AC4F Final Dump False 32-bit - False
buffer 53 0x0172AC58 0x01732C57 Final Dump False 32-bit - False
buffer 53 0x01733468 0x0173B467 Final Dump False 32-bit - False
buffer 53 0x0173B470 0x0174346F Final Dump False 32-bit - False
buffer 53 0x01743478 0x0174B477 Final Dump False 32-bit - False
buffer 53 0x0174B480 0x0175347F Final Dump False 32-bit - False
buffer 53 0x01753488 0x01793487 Final Dump False 32-bit - False
buffer 53 0x01793490 0x0179B48F Final Dump False 32-bit - False
buffer 53 0x0179B498 0x017A3497 Final Dump False 32-bit - False
buffer 53 0x017A34A0 0x017AB49F Final Dump False 32-bit - False
buffer 53 0x017AB4A8 0x017B34A7 Final Dump False 32-bit - False
buffer 53 0x017B34B0 0x017BB4AF Final Dump False 32-bit - False
buffer 53 0x017BB4B8 0x017C34B7 Final Dump False 32-bit - False
buffer 53 0x017C7AB8 0x017CFAB7 Final Dump False 32-bit - False
buffer 53 0x017CFAC0 0x017D7ABF Final Dump False 32-bit - False
buffer 53 0x017D9B48 0x017E1B47 Final Dump False 32-bit - False
buffer 53 0x017E1B50 0x017E9B4F Final Dump False 32-bit - False
buffer 53 0x017E9B58 0x017F1B57 Final Dump False 32-bit - False
buffer 53 0x017F54E8 0x017FD4E7 Final Dump False 32-bit - False
buffer 53 0x017FD4F0 0x018054EF Final Dump False 32-bit - False
buffer 53 0x018054F8 0x0180668F Final Dump False 32-bit - False
buffer 53 0x040E0048 0x04120047 Final Dump False 32-bit - False
buffer 53 0x04120050 0x0416004F Final Dump False 32-bit - False
buffer 53 0x04160FA0 0x041A0F9F Final Dump False 32-bit - False
buffer 53 0x041A0FA8 0x041A8FA7 Final Dump False 32-bit - False
buffer 53 0x041AC1A8 0x041B41A7 Final Dump False 32-bit - False
buffer 53 0x041B41B0 0x041BC1AF Final Dump False 32-bit - False
buffer 53 0x041BEFA0 0x041C0137 Final Dump False 32-bit - False
buffer 53 0x041C6050 0x041C71E7 Final Dump False 32-bit - False
buffer 53 0x041C7640 0x041C87D7 Final Dump False 32-bit - False
buffer 53 0x0889BB98 0x088A3B97 Final Dump False 32-bit - False
buffer 53 0x088A3BA0 0x088ABB9F Final Dump False 32-bit - False
rdhj0cnfevzx% 53 0x00400000 0x00690FFF Final Dump False 32-bit - False
C:\Users\RDhJ0CNFevzX\Desktop\oZDlZ.docx.exe Dropped File Empty
Malicious
»
Also Known As C:\Users\RDhJ0CNFevzX\grubb.dan (Accessed File, Dropped File)
C:\Users\RDhJ0CNFevzX\grubb.list (Accessed File, Dropped File)
MIME Type application/x-empty
File Size 0 Bytes (not extracted)
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\KaVBJI\dobaec.exe Dropped File Binary
Clean
»
MIME Type application/vnd.microsoft.portable-executable
File Size 4.12 MB
MD5 870340ef45eba76ef7803de412b3cd74 Copy to Clipboard
SHA1 1cd8f886178a08ae11862435c9e64422886e4207 Copy to Clipboard
SHA256 536b2aa3855bdb0df4491c48b29dc784e3d1fb736ef57d85a758006a20b791b1 Copy to Clipboard
SSDeep 98304:+R0pI/IQlUoMPdmpSpW4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmZ5n9klRKN41v Copy to Clipboard
ImpHash 1a611a7df1f3828b0157c4725145a721 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00402EC0
Size Of Code 0x00175A20
Size Of Initialized Data 0x0001CF44
Size Of Uninitialized Data 0x00009554
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:00 (UTC+1)
Version Information (10)
»
FileDescription System Devices Optimizer
InternalName Devices Optimus
ProductName Devices Optimus
ProductVersion 6.0.0.0
Comments -
CompanyName -
FileVersion 6.0.0.0
LegalCopyright -
LegalTrademarks -
OriginalFilename -
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00175A20 0x00175C00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.06
.data 0x00577000 0x0001CF44 0x0001D000 0x00176000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.24
.rdata 0x00594000 0x000CC170 0x000CC200 0x00193000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.21
.bss 0x00661000 0x00009554 0x00000000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.CRT 0x0066B000 0x0000000C 0x00000200 0x0025F200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.06
.idata 0x0066C000 0x000030DE 0x00003200 0x0025F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.19
.rsrc 0x00670000 0x000206BC 0x00020800 0x00262600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.0
Imports (11)
»
kernel32.dll (126)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStdHandle - 0x0066C8A0 0x0026C0F0 0x0025F4F0 0x00000000
GetConsoleMode - 0x0066C8A4 0x0026C0F4 0x0025F4F4 0x00000000
TlsGetValue - 0x0066C8A8 0x0026C0F8 0x0025F4F8 0x00000000
GetLastError - 0x0066C8AC 0x0026C0FC 0x0025F4FC 0x00000000
SetLastError - 0x0066C8B0 0x0026C100 0x0025F500 0x00000000
RaiseException - 0x0066C8B4 0x0026C104 0x0025F504 0x00000000
GetTickCount - 0x0066C8B8 0x0026C108 0x0025F508 0x00000000
ExitProcess - 0x0066C8BC 0x0026C10C 0x0025F50C 0x00000000
GetStartupInfoA - 0x0066C8C0 0x0026C110 0x0025F510 0x00000000
GetCommandLineA - 0x0066C8C4 0x0026C114 0x0025F514 0x00000000
GetCurrentProcessId - 0x0066C8C8 0x0026C118 0x0025F518 0x00000000
GetCurrentThreadId - 0x0066C8CC 0x0026C11C 0x0025F51C 0x00000000
GetCurrentProcess - 0x0066C8D0 0x0026C120 0x0025F520 0x00000000
ReadProcessMemory - 0x0066C8D4 0x0026C124 0x0025F524 0x00000000
GetModuleFileNameA - 0x0066C8D8 0x0026C128 0x0025F528 0x00000000
GetModuleHandleA - 0x0066C8DC 0x0026C12C 0x0025F52C 0x00000000
WriteFile - 0x0066C8E0 0x0026C130 0x0025F530 0x00000000
ReadFile - 0x0066C8E4 0x0026C134 0x0025F534 0x00000000
CloseHandle - 0x0066C8E8 0x0026C138 0x0025F538 0x00000000
SetFilePointer - 0x0066C8EC 0x0026C13C 0x0025F53C 0x00000000
SetEndOfFile - 0x0066C8F0 0x0026C140 0x0025F540 0x00000000
GetSystemInfo - 0x0066C8F4 0x0026C144 0x0025F544 0x00000000
LoadLibraryW - 0x0066C8F8 0x0026C148 0x0025F548 0x00000000
LoadLibraryA - 0x0066C8FC 0x0026C14C 0x0025F54C 0x00000000
GetProcAddress - 0x0066C900 0x0026C150 0x0025F550 0x00000000
FreeLibrary - 0x0066C904 0x0026C154 0x0025F554 0x00000000
FormatMessageW - 0x0066C908 0x0026C158 0x0025F558 0x00000000
DeleteFileW - 0x0066C90C 0x0026C15C 0x0025F55C 0x00000000
CreateFileW - 0x0066C910 0x0026C160 0x0025F560 0x00000000
GetFileAttributesW - 0x0066C914 0x0026C164 0x0025F564 0x00000000
CreateDirectoryW - 0x0066C918 0x0026C168 0x0025F568 0x00000000
GetCurrentDirectoryW - 0x0066C91C 0x0026C16C 0x0025F56C 0x00000000
GetFullPathNameW - 0x0066C920 0x0026C170 0x0025F570 0x00000000
GetConsoleOutputCP - 0x0066C924 0x0026C174 0x0025F574 0x00000000
GetOEMCP - 0x0066C928 0x0026C178 0x0025F578 0x00000000
GetProcessHeap - 0x0066C92C 0x0026C17C 0x0025F57C 0x00000000
HeapAlloc - 0x0066C930 0x0026C180 0x0025F580 0x00000000
HeapFree - 0x0066C934 0x0026C184 0x0025F584 0x00000000
TlsAlloc - 0x0066C938 0x0026C188 0x0025F588 0x00000000
TlsSetValue - 0x0066C93C 0x0026C18C 0x0025F58C 0x00000000
CreateThread - 0x0066C940 0x0026C190 0x0025F590 0x00000000
ExitThread - 0x0066C944 0x0026C194 0x0025F594 0x00000000
LocalAlloc - 0x0066C948 0x0026C198 0x0025F598 0x00000000
LocalFree - 0x0066C94C 0x0026C19C 0x0025F59C 0x00000000
Sleep - 0x0066C950 0x0026C1A0 0x0025F5A0 0x00000000
SuspendThread - 0x0066C954 0x0026C1A4 0x0025F5A4 0x00000000
ResumeThread - 0x0066C958 0x0026C1A8 0x0025F5A8 0x00000000
TerminateThread - 0x0066C95C 0x0026C1AC 0x0025F5AC 0x00000000
WaitForSingleObject - 0x0066C960 0x0026C1B0 0x0025F5B0 0x00000000
SetThreadPriority - 0x0066C964 0x0026C1B4 0x0025F5B4 0x00000000
GetThreadPriority - 0x0066C968 0x0026C1B8 0x0025F5B8 0x00000000
GetCurrentThread - 0x0066C96C 0x0026C1BC 0x0025F5BC 0x00000000
OpenThread - 0x0066C970 0x0026C1C0 0x0025F5C0 0x00000000
IsDebuggerPresent - 0x0066C974 0x0026C1C4 0x0025F5C4 0x00000000
CreateEventA - 0x0066C978 0x0026C1C8 0x0025F5C8 0x00000000
ResetEvent - 0x0066C97C 0x0026C1CC 0x0025F5CC 0x00000000
SetEvent - 0x0066C980 0x0026C1D0 0x0025F5D0 0x00000000
InitializeCriticalSection - 0x0066C984 0x0026C1D4 0x0025F5D4 0x00000000
DeleteCriticalSection - 0x0066C988 0x0026C1D8 0x0025F5D8 0x00000000
EnterCriticalSection - 0x0066C98C 0x0026C1DC 0x0025F5DC 0x00000000
LeaveCriticalSection - 0x0066C990 0x0026C1E0 0x0025F5E0 0x00000000
TryEnterCriticalSection - 0x0066C994 0x0026C1E4 0x0025F5E4 0x00000000
GetEnvironmentStringsW - 0x0066C998 0x0026C1E8 0x0025F5E8 0x00000000
FreeEnvironmentStringsW - 0x0066C99C 0x0026C1EC 0x0025F5EC 0x00000000
MultiByteToWideChar - 0x0066C9A0 0x0026C1F0 0x0025F5F0 0x00000000
WideCharToMultiByte - 0x0066C9A4 0x0026C1F4 0x0025F5F4 0x00000000
GetACP - 0x0066C9A8 0x0026C1F8 0x0025F5F8 0x00000000
GetConsoleCP - 0x0066C9AC 0x0026C1FC 0x0025F5FC 0x00000000
RtlUnwind - 0x0066C9B0 0x0026C200 0x0025F600 0x00000000
EnumResourceTypesA - 0x0066C9B4 0x0026C204 0x0025F604 0x00000000
EnumResourceNamesA - 0x0066C9B8 0x0026C208 0x0025F608 0x00000000
EnumResourceLanguagesA - 0x0066C9BC 0x0026C20C 0x0025F60C 0x00000000
FindResourceA - 0x0066C9C0 0x0026C210 0x0025F610 0x00000000
FindResourceExA - 0x0066C9C4 0x0026C214 0x0025F614 0x00000000
LoadResource - 0x0066C9C8 0x0026C218 0x0025F618 0x00000000
SizeofResource - 0x0066C9CC 0x0026C21C 0x0025F61C 0x00000000
LockResource - 0x0066C9D0 0x0026C220 0x0025F620 0x00000000
FreeResource - 0x0066C9D4 0x0026C224 0x0025F624 0x00000000
GetEnvironmentStringsA - 0x0066C9D8 0x0026C228 0x0025F628 0x00000000
FreeEnvironmentStringsA - 0x0066C9DC 0x0026C22C 0x0025F62C 0x00000000
FormatMessageA - 0x0066C9E0 0x0026C230 0x0025F630 0x00000000
GlobalAddAtomA - 0x0066C9E4 0x0026C234 0x0025F634 0x00000000
GetDriveTypeA - 0x0066C9E8 0x0026C238 0x0025F638 0x00000000
GetSystemDirectoryA - 0x0066C9EC 0x0026C23C 0x0025F63C 0x00000000
GetWindowsDirectoryA - 0x0066C9F0 0x0026C240 0x0025F640 0x00000000
GetDiskFreeSpaceA - 0x0066C9F4 0x0026C244 0x0025F644 0x00000000
DeleteFileA - 0x0066C9F8 0x0026C248 0x0025F648 0x00000000
GetVersionExA - 0x0066C9FC 0x0026C24C 0x0025F64C 0x00000000
CompareStringA - 0x0066CA00 0x0026C250 0x0025F650 0x00000000
GetLocaleInfoA - 0x0066CA04 0x0026C254 0x0025F654 0x00000000
GetDateFormatA - 0x0066CA08 0x0026C258 0x0025F658 0x00000000
EnumCalendarInfoA - 0x0066CA0C 0x0026C25C 0x0025F65C 0x00000000
GetModuleFileNameW - 0x0066CA10 0x0026C260 0x0025F660 0x00000000
GetCommandLineW - 0x0066CA14 0x0026C264 0x0025F664 0x00000000
SetFileAttributesW - 0x0066CA18 0x0026C268 0x0025F668 0x00000000
FindNextFileW - 0x0066CA1C 0x0026C26C 0x0025F66C 0x00000000
CompareStringW - 0x0066CA20 0x0026C270 0x0025F670 0x00000000
GetLocaleInfoW - 0x0066CA24 0x0026C274 0x0025F674 0x00000000
GetDateFormatW - 0x0066CA28 0x0026C278 0x0025F678 0x00000000
FindFirstFileExW - 0x0066CA2C 0x0026C27C 0x0025F67C 0x00000000
GlobalAlloc - 0x0066CA30 0x0026C280 0x0025F680 0x00000000
GlobalReAlloc - 0x0066CA34 0x0026C284 0x0025F684 0x00000000
GlobalSize - 0x0066CA38 0x0026C288 0x0025F688 0x00000000
GlobalLock - 0x0066CA3C 0x0026C28C 0x0025F68C 0x00000000
GlobalUnlock - 0x0066CA40 0x0026C290 0x0025F690 0x00000000
VirtualFree - 0x0066CA44 0x0026C294 0x0025F694 0x00000000
GetExitCodeProcess - 0x0066CA48 0x0026C298 0x0025F698 0x00000000
GlobalDeleteAtom - 0x0066CA4C 0x0026C29C 0x0025F69C 0x00000000
GetLogicalDrives - 0x0066CA50 0x0026C2A0 0x0025F6A0 0x00000000
DeviceIoControl - 0x0066CA54 0x0026C2A4 0x0025F6A4 0x00000000
FindClose - 0x0066CA58 0x0026C2A8 0x0025F6A8 0x00000000
WinExec - 0x0066CA5C 0x0026C2AC 0x0025F6AC 0x00000000
MulDiv - 0x0066CA60 0x0026C2B0 0x0025F6B0 0x00000000
GetLocalTime - 0x0066CA64 0x0026C2B4 0x0025F6B4 0x00000000
SystemTimeToTzSpecificLocalTime - 0x0066CA68 0x0026C2B8 0x0025F6B8 0x00000000
FileTimeToLocalFileTime - 0x0066CA6C 0x0026C2BC 0x0025F6BC 0x00000000
FileTimeToSystemTime - 0x0066CA70 0x0026C2C0 0x0025F6C0 0x00000000
FileTimeToDosDateTime - 0x0066CA74 0x0026C2C4 0x0025F6C4 0x00000000
PeekNamedPipe - 0x0066CA78 0x0026C2C8 0x0025F6C8 0x00000000
GetCPInfo - 0x0066CA7C 0x0026C2CC 0x0025F6CC 0x00000000
GetThreadLocale - 0x0066CA80 0x0026C2D0 0x0025F6D0 0x00000000
SetThreadLocale - 0x0066CA84 0x0026C2D4 0x0025F6D4 0x00000000
GetUserDefaultLCID - 0x0066CA88 0x0026C2D8 0x0025F6D8 0x00000000
CreateToolhelp32Snapshot - 0x0066CA8C 0x0026C2DC 0x0025F6DC 0x00000000
Process32First - 0x0066CA90 0x0026C2E0 0x0025F6E0 0x00000000
Process32Next - 0x0066CA94 0x0026C2E4 0x0025F6E4 0x00000000
oleaut32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocStringLen - 0x0066CA9C 0x0026C2EC 0x0025F6EC 0x00000000
SysFreeString - 0x0066CAA0 0x0026C2F0 0x0025F6F0 0x00000000
SysReAllocStringLen - 0x0066CAA4 0x0026C2F4 0x0025F6F4 0x00000000
SafeArrayCreate - 0x0066CAA8 0x0026C2F8 0x0025F6F8 0x00000000
SafeArrayRedim - 0x0066CAAC 0x0026C2FC 0x0025F6FC 0x00000000
SafeArrayGetUBound - 0x0066CAB0 0x0026C300 0x0025F700 0x00000000
SafeArrayGetLBound - 0x0066CAB4 0x0026C304 0x0025F704 0x00000000
SafeArrayAccessData - 0x0066CAB8 0x0026C308 0x0025F708 0x00000000
SafeArrayUnaccessData - 0x0066CABC 0x0026C30C 0x0025F70C 0x00000000
SafeArrayGetElement - 0x0066CAC0 0x0026C310 0x0025F710 0x00000000
SafeArrayPutElement - 0x0066CAC4 0x0026C314 0x0025F714 0x00000000
SafeArrayPtrOfIndex - 0x0066CAC8 0x0026C318 0x0025F718 0x00000000
VariantChangeTypeEx - 0x0066CACC 0x0026C31C 0x0025F71C 0x00000000
VariantClear - 0x0066CAD0 0x0026C320 0x0025F720 0x00000000
VariantCopy - 0x0066CAD4 0x0026C324 0x0025F724 0x00000000
VariantInit - 0x0066CAD8 0x0026C328 0x0025F728 0x00000000
user32.dll (178)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA - 0x0066CAE0 0x0026C330 0x0025F730 0x00000000
CharUpperBuffW - 0x0066CAE4 0x0026C334 0x0025F734 0x00000000
CharLowerBuffW - 0x0066CAE8 0x0026C338 0x0025F738 0x00000000
SendMessageA - 0x0066CAEC 0x0026C33C 0x0025F73C 0x00000000
PostMessageA - 0x0066CAF0 0x0026C340 0x0025F740 0x00000000
DefWindowProcA - 0x0066CAF4 0x0026C344 0x0025F744 0x00000000
CallWindowProcA - 0x0066CAF8 0x0026C348 0x0025F748 0x00000000
RegisterClassA - 0x0066CAFC 0x0026C34C 0x0025F74C 0x00000000
UnregisterClassA - 0x0066CB00 0x0026C350 0x0025F750 0x00000000
GetClassInfoA - 0x0066CB04 0x0026C354 0x0025F754 0x00000000
CreateWindowExA - 0x0066CB08 0x0026C358 0x0025F758 0x00000000
RegisterClipboardFormatA - 0x0066CB0C 0x0026C35C 0x0025F75C 0x00000000
GetClipboardFormatNameA - 0x0066CB10 0x0026C360 0x0025F760 0x00000000
CharToOemA - 0x0066CB14 0x0026C364 0x0025F764 0x00000000
CharUpperA - 0x0066CB18 0x0026C368 0x0025F768 0x00000000
CharUpperBuffA - 0x0066CB1C 0x0026C36C 0x0025F76C 0x00000000
CharLowerA - 0x0066CB20 0x0026C370 0x0025F770 0x00000000
CharLowerBuffA - 0x0066CB24 0x0026C374 0x0025F774 0x00000000
GetMenuItemInfoA - 0x0066CB28 0x0026C378 0x0025F778 0x00000000
SetPropA - 0x0066CB2C 0x0026C37C 0x0025F77C 0x00000000
GetPropA - 0x0066CB30 0x0026C380 0x0025F780 0x00000000
RemovePropA - 0x0066CB34 0x0026C384 0x0025F784 0x00000000
EnumPropsA - 0x0066CB38 0x0026C388 0x0025F788 0x00000000
GetWindowLongA - 0x0066CB3C 0x0026C38C 0x0025F78C 0x00000000
SetWindowLongA - 0x0066CB40 0x0026C390 0x0025F790 0x00000000
GetClassLongA - 0x0066CB44 0x0026C394 0x0025F794 0x00000000
SetClassLongA - 0x0066CB48 0x0026C398 0x0025F798 0x00000000
GetClassNameA - 0x0066CB4C 0x0026C39C 0x0025F79C 0x00000000
LoadBitmapA - 0x0066CB50 0x0026C3A0 0x0025F7A0 0x00000000
LoadCursorA - 0x0066CB54 0x0026C3A4 0x0025F7A4 0x00000000
LoadIconA - 0x0066CB58 0x0026C3A8 0x0025F7A8 0x00000000
LoadImageA - 0x0066CB5C 0x0026C3AC 0x0025F7AC 0x00000000
SystemParametersInfoA - 0x0066CB60 0x0026C3B0 0x0025F7B0 0x00000000
DispatchMessageW - 0x0066CB64 0x0026C3B4 0x0025F7B4 0x00000000
PeekMessageW - 0x0066CB68 0x0026C3B8 0x0025F7B8 0x00000000
SendMessageW - 0x0066CB6C 0x0026C3BC 0x0025F7BC 0x00000000
DefWindowProcW - 0x0066CB70 0x0026C3C0 0x0025F7C0 0x00000000
CallWindowProcW - 0x0066CB74 0x0026C3C4 0x0025F7C4 0x00000000
RegisterClassW - 0x0066CB78 0x0026C3C8 0x0025F7C8 0x00000000
UnregisterClassW - 0x0066CB7C 0x0026C3CC 0x0025F7CC 0x00000000
GetClassInfoW - 0x0066CB80 0x0026C3D0 0x0025F7D0 0x00000000
CreateWindowExW - 0x0066CB84 0x0026C3D4 0x0025F7D4 0x00000000
InsertMenuItemW - 0x0066CB88 0x0026C3D8 0x0025F7D8 0x00000000
GetMenuItemInfoW - 0x0066CB8C 0x0026C3DC 0x0025F7DC 0x00000000
SetMenuItemInfoW - 0x0066CB90 0x0026C3E0 0x0025F7E0 0x00000000
DrawTextW - 0x0066CB94 0x0026C3E4 0x0025F7E4 0x00000000
DrawStateW - 0x0066CB98 0x0026C3E8 0x0025F7E8 0x00000000
SetWindowTextW - 0x0066CB9C 0x0026C3EC 0x0025F7EC 0x00000000
GetWindowTextW - 0x0066CBA0 0x0026C3F0 0x0025F7F0 0x00000000
GetWindowTextLengthW - 0x0066CBA4 0x0026C3F4 0x0025F7F4 0x00000000
MessageBoxW - 0x0066CBA8 0x0026C3F8 0x0025F7F8 0x00000000
GetWindowLongW - 0x0066CBAC 0x0026C3FC 0x0025F7FC 0x00000000
SetWindowLongW - 0x0066CBB0 0x0026C400 0x0025F800 0x00000000
DefFrameProcW - 0x0066CBB4 0x0026C404 0x0025F804 0x00000000
DefMDIChildProcW - 0x0066CBB8 0x0026C408 0x0025F808 0x00000000
TranslateMessage - 0x0066CBBC 0x0026C40C 0x0025F80C 0x00000000
PostQuitMessage - 0x0066CBC0 0x0026C410 0x0025F810 0x00000000
GetDoubleClickTime - 0x0066CBC4 0x0026C414 0x0025F814 0x00000000
IsWindow - 0x0066CBC8 0x0026C418 0x0025F818 0x00000000
IsMenu - 0x0066CBCC 0x0026C41C 0x0025F81C 0x00000000
DestroyWindow - 0x0066CBD0 0x0026C420 0x0025F820 0x00000000
ShowWindow - 0x0066CBD4 0x0026C424 0x0025F824 0x00000000
ShowWindowAsync - 0x0066CBD8 0x0026C428 0x0025F828 0x00000000
ShowOwnedPopups - 0x0066CBDC 0x0026C42C 0x0025F82C 0x00000000
MoveWindow - 0x0066CBE0 0x0026C430 0x0025F830 0x00000000
SetWindowPos - 0x0066CBE4 0x0026C434 0x0025F834 0x00000000
GetWindowPlacement - 0x0066CBE8 0x0026C438 0x0025F838 0x00000000
SetWindowPlacement - 0x0066CBEC 0x0026C43C 0x0025F83C 0x00000000
BeginDeferWindowPos - 0x0066CBF0 0x0026C440 0x0025F840 0x00000000
DeferWindowPos - 0x0066CBF4 0x0026C444 0x0025F844 0x00000000
EndDeferWindowPos - 0x0066CBF8 0x0026C448 0x0025F848 0x00000000
IsWindowVisible - 0x0066CBFC 0x0026C44C 0x0025F84C 0x00000000
IsIconic - 0x0066CC00 0x0026C450 0x0025F850 0x00000000
BringWindowToTop - 0x0066CC04 0x0026C454 0x0025F854 0x00000000
IsZoomed - 0x0066CC08 0x0026C458 0x0025F858 0x00000000
OpenClipboard - 0x0066CC0C 0x0026C45C 0x0025F85C 0x00000000
CloseClipboard - 0x0066CC10 0x0026C460 0x0025F860 0x00000000
SetClipboardData - 0x0066CC14 0x0026C464 0x0025F864 0x00000000
GetClipboardData - 0x0066CC18 0x0026C468 0x0025F868 0x00000000
CountClipboardFormats - 0x0066CC1C 0x0026C46C 0x0025F86C 0x00000000
EnumClipboardFormats - 0x0066CC20 0x0026C470 0x0025F870 0x00000000
EmptyClipboard - 0x0066CC24 0x0026C474 0x0025F874 0x00000000
IsClipboardFormatAvailable - 0x0066CC28 0x0026C478 0x0025F878 0x00000000
SetFocus - 0x0066CC2C 0x0026C47C 0x0025F87C 0x00000000
GetActiveWindow - 0x0066CC30 0x0026C480 0x0025F880 0x00000000
GetFocus - 0x0066CC34 0x0026C484 0x0025F884 0x00000000
GetKeyState - 0x0066CC38 0x0026C488 0x0025F888 0x00000000
GetCapture - 0x0066CC3C 0x0026C48C 0x0025F88C 0x00000000
SetCapture - 0x0066CC40 0x0026C490 0x0025F890 0x00000000
ReleaseCapture - 0x0066CC44 0x0026C494 0x0025F894 0x00000000
MsgWaitForMultipleObjects - 0x0066CC48 0x0026C498 0x0025F898 0x00000000
SetTimer - 0x0066CC4C 0x0026C49C 0x0025F89C 0x00000000
KillTimer - 0x0066CC50 0x0026C4A0 0x0025F8A0 0x00000000
EnableWindow - 0x0066CC54 0x0026C4A4 0x0025F8A4 0x00000000
IsWindowEnabled - 0x0066CC58 0x0026C4A8 0x0025F8A8 0x00000000
GetSystemMetrics - 0x0066CC5C 0x0026C4AC 0x0025F8AC 0x00000000
GetMenu - 0x0066CC60 0x0026C4B0 0x0025F8B0 0x00000000
SetMenu - 0x0066CC64 0x0026C4B4 0x0025F8B4 0x00000000
DrawMenuBar - 0x0066CC68 0x0026C4B8 0x0025F8B8 0x00000000
GetSystemMenu - 0x0066CC6C 0x0026C4BC 0x0025F8BC 0x00000000
CreateMenu - 0x0066CC70 0x0026C4C0 0x0025F8C0 0x00000000
CreatePopupMenu - 0x0066CC74 0x0026C4C4 0x0025F8C4 0x00000000
DestroyMenu - 0x0066CC78 0x0026C4C8 0x0025F8C8 0x00000000
EnableMenuItem - 0x0066CC7C 0x0026C4CC 0x0025F8CC 0x00000000
GetSubMenu - 0x0066CC80 0x0026C4D0 0x0025F8D0 0x00000000
GetMenuItemCount - 0x0066CC84 0x0026C4D4 0x0025F8D4 0x00000000
RemoveMenu - 0x0066CC88 0x0026C4D8 0x0025F8D8 0x00000000
DeleteMenu - 0x0066CC8C 0x0026C4DC 0x0025F8DC 0x00000000
GetMenuItemRect - 0x0066CC90 0x0026C4E0 0x0025F8E0 0x00000000
UpdateWindow - 0x0066CC94 0x0026C4E4 0x0025F8E4 0x00000000
SetActiveWindow - 0x0066CC98 0x0026C4E8 0x0025F8E8 0x00000000
GetForegroundWindow - 0x0066CC9C 0x0026C4EC 0x0025F8EC 0x00000000
SetForegroundWindow - 0x0066CCA0 0x0026C4F0 0x0025F8F0 0x00000000
WindowFromDC - 0x0066CCA4 0x0026C4F4 0x0025F8F4 0x00000000
GetDC - 0x0066CCA8 0x0026C4F8 0x0025F8F8 0x00000000
GetDCEx - 0x0066CCAC 0x0026C4FC 0x0025F8FC 0x00000000
GetWindowDC - 0x0066CCB0 0x0026C500 0x0025F900 0x00000000
ReleaseDC - 0x0066CCB4 0x0026C504 0x0025F904 0x00000000
BeginPaint - 0x0066CCB8 0x0026C508 0x0025F908 0x00000000
EndPaint - 0x0066CCBC 0x0026C50C 0x0025F90C 0x00000000
GetUpdateRect - 0x0066CCC0 0x0026C510 0x0025F910 0x00000000
SetWindowRgn - 0x0066CCC4 0x0026C514 0x0025F914 0x00000000
InvalidateRect - 0x0066CCC8 0x0026C518 0x0025F918 0x00000000
InvalidateRgn - 0x0066CCCC 0x0026C51C 0x0025F91C 0x00000000
RedrawWindow - 0x0066CCD0 0x0026C520 0x0025F920 0x00000000
ScrollWindowEx - 0x0066CCD4 0x0026C524 0x0025F924 0x00000000
ShowScrollBar - 0x0066CCD8 0x0026C528 0x0025F928 0x00000000
EnableScrollBar - 0x0066CCDC 0x0026C52C 0x0025F92C 0x00000000
GetClientRect - 0x0066CCE0 0x0026C530 0x0025F930 0x00000000
GetWindowRect - 0x0066CCE4 0x0026C534 0x0025F934 0x00000000
AdjustWindowRectEx - 0x0066CCE8 0x0026C538 0x0025F938 0x00000000
MessageBeep - 0x0066CCEC 0x0026C53C 0x0025F93C 0x00000000
SetCursorPos - 0x0066CCF0 0x0026C540 0x0025F940 0x00000000
SetCursor - 0x0066CCF4 0x0026C544 0x0025F944 0x00000000
GetCursorPos - 0x0066CCF8 0x0026C548 0x0025F948 0x00000000
CreateCaret - 0x0066CCFC 0x0026C54C 0x0025F94C 0x00000000
DestroyCaret - 0x0066CD00 0x0026C550 0x0025F950 0x00000000
HideCaret - 0x0066CD04 0x0026C554 0x0025F954 0x00000000
ShowCaret - 0x0066CD08 0x0026C558 0x0025F958 0x00000000
SetCaretPos - 0x0066CD0C 0x0026C55C 0x0025F95C 0x00000000
GetCaretPos - 0x0066CD10 0x0026C560 0x0025F960 0x00000000
ClientToScreen - 0x0066CD14 0x0026C564 0x0025F964 0x00000000
ScreenToClient - 0x0066CD18 0x0026C568 0x0025F968 0x00000000
MapWindowPoints - 0x0066CD1C 0x0026C56C 0x0025F96C 0x00000000
WindowFromPoint - 0x0066CD20 0x0026C570 0x0025F970 0x00000000
GetSysColor - 0x0066CD24 0x0026C574 0x0025F974 0x00000000
GetSysColorBrush - 0x0066CD28 0x0026C578 0x0025F978 0x00000000
SetSysColors - 0x0066CD2C 0x0026C57C 0x0025F97C 0x00000000
DrawFocusRect - 0x0066CD30 0x0026C580 0x0025F980 0x00000000
FillRect - 0x0066CD34 0x0026C584 0x0025F984 0x00000000
FrameRect - 0x0066CD38 0x0026C588 0x0025F988 0x00000000
SetRect - 0x0066CD3C 0x0026C58C 0x0025F98C 0x00000000
InflateRect - 0x0066CD40 0x0026C590 0x0025F990 0x00000000
IntersectRect - 0x0066CD44 0x0026C594 0x0025F994 0x00000000
OffsetRect - 0x0066CD48 0x0026C598 0x0025F998 0x00000000
GetDesktopWindow - 0x0066CD4C 0x0026C59C 0x0025F99C 0x00000000
GetParent - 0x0066CD50 0x0026C5A0 0x0025F9A0 0x00000000
SetParent - 0x0066CD54 0x0026C5A4 0x0025F9A4 0x00000000
EnumThreadWindows - 0x0066CD58 0x0026C5A8 0x0025F9A8 0x00000000
GetTopWindow - 0x0066CD5C 0x0026C5AC 0x0025F9AC 0x00000000
GetWindowThreadProcessId - 0x0066CD60 0x0026C5B0 0x0025F9B0 0x00000000
GetLastActivePopup - 0x0066CD64 0x0026C5B4 0x0025F9B4 0x00000000
GetWindow - 0x0066CD68 0x0026C5B8 0x0025F9B8 0x00000000
CallNextHookEx - 0x0066CD6C 0x0026C5BC 0x0025F9BC 0x00000000