Try VMRay Platform
Malicious
Classifications

Wiper

Threat Names

-

Dynamic Analysis Report

Created on 2024-05-15T16:21:39+00:00

adobloc.exe

Windows Exe (x86-32)
...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "37 minutes, 9 seconds" to "3 minutes, 50 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\adobloc.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 4.12 MB
MD5 261a56d36006f274a3def7e2b0acb9d4 Copy to Clipboard
SHA1 3c6658e71b4b3a9c2200cf4c5cb337e1ebf449f4 Copy to Clipboard
SHA256 3e52c075a8eca95630727281a1380b78ac5392a035aef34aa3761afd1348e9f1 Copy to Clipboard
SSDeep 98304:+R0pI/IQlUoMPdmpSpM4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmn5n9klRKN41v Copy to Clipboard
ImpHash 1a611a7df1f3828b0157c4725145a721 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x00402EC0
Size Of Code 0x00175A20
Size Of Initialized Data 0x0001CF44
Size Of Uninitialized Data 0x00009554
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:00 (UTC+1)
Version Information (10)
»
FileDescription System Devices Optimizer
InternalName Devices Optimus
ProductName Devices Optimus
ProductVersion 6.0.0.0
Comments -
CompanyName -
FileVersion 6.0.0.0
LegalCopyright -
LegalTrademarks -
OriginalFilename -
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00175A20 0x00175C00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.06
.data 0x00577000 0x0001CF44 0x0001D000 0x00176000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.24
.rdata 0x00594000 0x000CC170 0x000CC200 0x00193000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.21
.bss 0x00661000 0x00009554 0x00000000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.CRT 0x0066B000 0x0000000C 0x00000200 0x0025F200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.06
.idata 0x0066C000 0x000030DE 0x00003200 0x0025F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.19
.rsrc 0x00670000 0x000206BC 0x00020800 0x00262600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.0
Imports (11)
»
kernel32.dll (126)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStdHandle - 0x0066C8A0 0x0026C0F0 0x0025F4F0 0x00000000
GetConsoleMode - 0x0066C8A4 0x0026C0F4 0x0025F4F4 0x00000000
TlsGetValue - 0x0066C8A8 0x0026C0F8 0x0025F4F8 0x00000000
GetLastError - 0x0066C8AC 0x0026C0FC 0x0025F4FC 0x00000000
SetLastError - 0x0066C8B0 0x0026C100 0x0025F500 0x00000000
RaiseException - 0x0066C8B4 0x0026C104 0x0025F504 0x00000000
GetTickCount - 0x0066C8B8 0x0026C108 0x0025F508 0x00000000
ExitProcess - 0x0066C8BC 0x0026C10C 0x0025F50C 0x00000000
GetStartupInfoA - 0x0066C8C0 0x0026C110 0x0025F510 0x00000000
GetCommandLineA - 0x0066C8C4 0x0026C114 0x0025F514 0x00000000
GetCurrentProcessId - 0x0066C8C8 0x0026C118 0x0025F518 0x00000000
GetCurrentThreadId - 0x0066C8CC 0x0026C11C 0x0025F51C 0x00000000
GetCurrentProcess - 0x0066C8D0 0x0026C120 0x0025F520 0x00000000
ReadProcessMemory - 0x0066C8D4 0x0026C124 0x0025F524 0x00000000
GetModuleFileNameA - 0x0066C8D8 0x0026C128 0x0025F528 0x00000000
GetModuleHandleA - 0x0066C8DC 0x0026C12C 0x0025F52C 0x00000000
WriteFile - 0x0066C8E0 0x0026C130 0x0025F530 0x00000000
ReadFile - 0x0066C8E4 0x0026C134 0x0025F534 0x00000000
CloseHandle - 0x0066C8E8 0x0026C138 0x0025F538 0x00000000
SetFilePointer - 0x0066C8EC 0x0026C13C 0x0025F53C 0x00000000
SetEndOfFile - 0x0066C8F0 0x0026C140 0x0025F540 0x00000000
GetSystemInfo - 0x0066C8F4 0x0026C144 0x0025F544 0x00000000
LoadLibraryW - 0x0066C8F8 0x0026C148 0x0025F548 0x00000000
LoadLibraryA - 0x0066C8FC 0x0026C14C 0x0025F54C 0x00000000
GetProcAddress - 0x0066C900 0x0026C150 0x0025F550 0x00000000
FreeLibrary - 0x0066C904 0x0026C154 0x0025F554 0x00000000
FormatMessageW - 0x0066C908 0x0026C158 0x0025F558 0x00000000
DeleteFileW - 0x0066C90C 0x0026C15C 0x0025F55C 0x00000000
CreateFileW - 0x0066C910 0x0026C160 0x0025F560 0x00000000
GetFileAttributesW - 0x0066C914 0x0026C164 0x0025F564 0x00000000
CreateDirectoryW - 0x0066C918 0x0026C168 0x0025F568 0x00000000
GetCurrentDirectoryW - 0x0066C91C 0x0026C16C 0x0025F56C 0x00000000
GetFullPathNameW - 0x0066C920 0x0026C170 0x0025F570 0x00000000
GetConsoleOutputCP - 0x0066C924 0x0026C174 0x0025F574 0x00000000
GetOEMCP - 0x0066C928 0x0026C178 0x0025F578 0x00000000
GetProcessHeap - 0x0066C92C 0x0026C17C 0x0025F57C 0x00000000
HeapAlloc - 0x0066C930 0x0026C180 0x0025F580 0x00000000
HeapFree - 0x0066C934 0x0026C184 0x0025F584 0x00000000
TlsAlloc - 0x0066C938 0x0026C188 0x0025F588 0x00000000
TlsSetValue - 0x0066C93C 0x0026C18C 0x0025F58C 0x00000000
CreateThread - 0x0066C940 0x0026C190 0x0025F590 0x00000000
ExitThread - 0x0066C944 0x0026C194 0x0025F594 0x00000000
LocalAlloc - 0x0066C948 0x0026C198 0x0025F598 0x00000000
LocalFree - 0x0066C94C 0x0026C19C 0x0025F59C 0x00000000
Sleep - 0x0066C950 0x0026C1A0 0x0025F5A0 0x00000000
SuspendThread - 0x0066C954 0x0026C1A4 0x0025F5A4 0x00000000
ResumeThread - 0x0066C958 0x0026C1A8 0x0025F5A8 0x00000000
TerminateThread - 0x0066C95C 0x0026C1AC 0x0025F5AC 0x00000000
WaitForSingleObject - 0x0066C960 0x0026C1B0 0x0025F5B0 0x00000000
SetThreadPriority - 0x0066C964 0x0026C1B4 0x0025F5B4 0x00000000
GetThreadPriority - 0x0066C968 0x0026C1B8 0x0025F5B8 0x00000000
GetCurrentThread - 0x0066C96C 0x0026C1BC 0x0025F5BC 0x00000000
OpenThread - 0x0066C970 0x0026C1C0 0x0025F5C0 0x00000000
IsDebuggerPresent - 0x0066C974 0x0026C1C4 0x0025F5C4 0x00000000
CreateEventA - 0x0066C978 0x0026C1C8 0x0025F5C8 0x00000000
ResetEvent - 0x0066C97C 0x0026C1CC 0x0025F5CC 0x00000000
SetEvent - 0x0066C980 0x0026C1D0 0x0025F5D0 0x00000000
InitializeCriticalSection - 0x0066C984 0x0026C1D4 0x0025F5D4 0x00000000
DeleteCriticalSection - 0x0066C988 0x0026C1D8 0x0025F5D8 0x00000000
EnterCriticalSection - 0x0066C98C 0x0026C1DC 0x0025F5DC 0x00000000
LeaveCriticalSection - 0x0066C990 0x0026C1E0 0x0025F5E0 0x00000000
TryEnterCriticalSection - 0x0066C994 0x0026C1E4 0x0025F5E4 0x00000000
GetEnvironmentStringsW - 0x0066C998 0x0026C1E8 0x0025F5E8 0x00000000
FreeEnvironmentStringsW - 0x0066C99C 0x0026C1EC 0x0025F5EC 0x00000000
MultiByteToWideChar - 0x0066C9A0 0x0026C1F0 0x0025F5F0 0x00000000
WideCharToMultiByte - 0x0066C9A4 0x0026C1F4 0x0025F5F4 0x00000000
GetACP - 0x0066C9A8 0x0026C1F8 0x0025F5F8 0x00000000
GetConsoleCP - 0x0066C9AC 0x0026C1FC 0x0025F5FC 0x00000000
RtlUnwind - 0x0066C9B0 0x0026C200 0x0025F600 0x00000000
EnumResourceTypesA - 0x0066C9B4 0x0026C204 0x0025F604 0x00000000
EnumResourceNamesA - 0x0066C9B8 0x0026C208 0x0025F608 0x00000000
EnumResourceLanguagesA - 0x0066C9BC 0x0026C20C 0x0025F60C 0x00000000
FindResourceA - 0x0066C9C0 0x0026C210 0x0025F610 0x00000000
FindResourceExA - 0x0066C9C4 0x0026C214 0x0025F614 0x00000000
LoadResource - 0x0066C9C8 0x0026C218 0x0025F618 0x00000000
SizeofResource - 0x0066C9CC 0x0026C21C 0x0025F61C 0x00000000
LockResource - 0x0066C9D0 0x0026C220 0x0025F620 0x00000000
FreeResource - 0x0066C9D4 0x0026C224 0x0025F624 0x00000000
GetEnvironmentStringsA - 0x0066C9D8 0x0026C228 0x0025F628 0x00000000
FreeEnvironmentStringsA - 0x0066C9DC 0x0026C22C 0x0025F62C 0x00000000
FormatMessageA - 0x0066C9E0 0x0026C230 0x0025F630 0x00000000
GlobalAddAtomA - 0x0066C9E4 0x0026C234 0x0025F634 0x00000000
GetDriveTypeA - 0x0066C9E8 0x0026C238 0x0025F638 0x00000000
GetSystemDirectoryA - 0x0066C9EC 0x0026C23C 0x0025F63C 0x00000000
GetWindowsDirectoryA - 0x0066C9F0 0x0026C240 0x0025F640 0x00000000
GetDiskFreeSpaceA - 0x0066C9F4 0x0026C244 0x0025F644 0x00000000
DeleteFileA - 0x0066C9F8 0x0026C248 0x0025F648 0x00000000
GetVersionExA - 0x0066C9FC 0x0026C24C 0x0025F64C 0x00000000
CompareStringA - 0x0066CA00 0x0026C250 0x0025F650 0x00000000
GetLocaleInfoA - 0x0066CA04 0x0026C254 0x0025F654 0x00000000
GetDateFormatA - 0x0066CA08 0x0026C258 0x0025F658 0x00000000
EnumCalendarInfoA - 0x0066CA0C 0x0026C25C 0x0025F65C 0x00000000
GetModuleFileNameW - 0x0066CA10 0x0026C260 0x0025F660 0x00000000
GetCommandLineW - 0x0066CA14 0x0026C264 0x0025F664 0x00000000
SetFileAttributesW - 0x0066CA18 0x0026C268 0x0025F668 0x00000000
FindNextFileW - 0x0066CA1C 0x0026C26C 0x0025F66C 0x00000000
CompareStringW - 0x0066CA20 0x0026C270 0x0025F670 0x00000000
GetLocaleInfoW - 0x0066CA24 0x0026C274 0x0025F674 0x00000000
GetDateFormatW - 0x0066CA28 0x0026C278 0x0025F678 0x00000000
FindFirstFileExW - 0x0066CA2C 0x0026C27C 0x0025F67C 0x00000000
GlobalAlloc - 0x0066CA30 0x0026C280 0x0025F680 0x00000000
GlobalReAlloc - 0x0066CA34 0x0026C284 0x0025F684 0x00000000
GlobalSize - 0x0066CA38 0x0026C288 0x0025F688 0x00000000
GlobalLock - 0x0066CA3C 0x0026C28C 0x0025F68C 0x00000000
GlobalUnlock - 0x0066CA40 0x0026C290 0x0025F690 0x00000000
VirtualFree - 0x0066CA44 0x0026C294 0x0025F694 0x00000000
GetExitCodeProcess - 0x0066CA48 0x0026C298 0x0025F698 0x00000000
GlobalDeleteAtom - 0x0066CA4C 0x0026C29C 0x0025F69C 0x00000000
GetLogicalDrives - 0x0066CA50 0x0026C2A0 0x0025F6A0 0x00000000
DeviceIoControl - 0x0066CA54 0x0026C2A4 0x0025F6A4 0x00000000
FindClose - 0x0066CA58 0x0026C2A8 0x0025F6A8 0x00000000
WinExec - 0x0066CA5C 0x0026C2AC 0x0025F6AC 0x00000000
MulDiv - 0x0066CA60 0x0026C2B0 0x0025F6B0 0x00000000
GetLocalTime - 0x0066CA64 0x0026C2B4 0x0025F6B4 0x00000000
SystemTimeToTzSpecificLocalTime - 0x0066CA68 0x0026C2B8 0x0025F6B8 0x00000000
FileTimeToLocalFileTime - 0x0066CA6C 0x0026C2BC 0x0025F6BC 0x00000000
FileTimeToSystemTime - 0x0066CA70 0x0026C2C0 0x0025F6C0 0x00000000
FileTimeToDosDateTime - 0x0066CA74 0x0026C2C4 0x0025F6C4 0x00000000
PeekNamedPipe - 0x0066CA78 0x0026C2C8 0x0025F6C8 0x00000000
GetCPInfo - 0x0066CA7C 0x0026C2CC 0x0025F6CC 0x00000000
GetThreadLocale - 0x0066CA80 0x0026C2D0 0x0025F6D0 0x00000000
SetThreadLocale - 0x0066CA84 0x0026C2D4 0x0025F6D4 0x00000000
GetUserDefaultLCID - 0x0066CA88 0x0026C2D8 0x0025F6D8 0x00000000
CreateToolhelp32Snapshot - 0x0066CA8C 0x0026C2DC 0x0025F6DC 0x00000000
Process32First - 0x0066CA90 0x0026C2E0 0x0025F6E0 0x00000000
Process32Next - 0x0066CA94 0x0026C2E4 0x0025F6E4 0x00000000
oleaut32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocStringLen - 0x0066CA9C 0x0026C2EC 0x0025F6EC 0x00000000
SysFreeString - 0x0066CAA0 0x0026C2F0 0x0025F6F0 0x00000000
SysReAllocStringLen - 0x0066CAA4 0x0026C2F4 0x0025F6F4 0x00000000
SafeArrayCreate - 0x0066CAA8 0x0026C2F8 0x0025F6F8 0x00000000
SafeArrayRedim - 0x0066CAAC 0x0026C2FC 0x0025F6FC 0x00000000
SafeArrayGetUBound - 0x0066CAB0 0x0026C300 0x0025F700 0x00000000
SafeArrayGetLBound - 0x0066CAB4 0x0026C304 0x0025F704 0x00000000
SafeArrayAccessData - 0x0066CAB8 0x0026C308 0x0025F708 0x00000000
SafeArrayUnaccessData - 0x0066CABC 0x0026C30C 0x0025F70C 0x00000000
SafeArrayGetElement - 0x0066CAC0 0x0026C310 0x0025F710 0x00000000
SafeArrayPutElement - 0x0066CAC4 0x0026C314 0x0025F714 0x00000000
SafeArrayPtrOfIndex - 0x0066CAC8 0x0026C318 0x0025F718 0x00000000
VariantChangeTypeEx - 0x0066CACC 0x0026C31C 0x0025F71C 0x00000000
VariantClear - 0x0066CAD0 0x0026C320 0x0025F720 0x00000000
VariantCopy - 0x0066CAD4 0x0026C324 0x0025F724 0x00000000
VariantInit - 0x0066CAD8 0x0026C328 0x0025F728 0x00000000
user32.dll (178)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA - 0x0066CAE0 0x0026C330 0x0025F730 0x00000000
CharUpperBuffW - 0x0066CAE4 0x0026C334 0x0025F734 0x00000000
CharLowerBuffW - 0x0066CAE8 0x0026C338 0x0025F738 0x00000000
SendMessageA - 0x0066CAEC 0x0026C33C 0x0025F73C 0x00000000
PostMessageA - 0x0066CAF0 0x0026C340 0x0025F740 0x00000000
DefWindowProcA - 0x0066CAF4 0x0026C344 0x0025F744 0x00000000
CallWindowProcA - 0x0066CAF8 0x0026C348 0x0025F748 0x00000000
RegisterClassA - 0x0066CAFC 0x0026C34C 0x0025F74C 0x00000000
UnregisterClassA - 0x0066CB00 0x0026C350 0x0025F750 0x00000000
GetClassInfoA - 0x0066CB04 0x0026C354 0x0025F754 0x00000000
CreateWindowExA - 0x0066CB08 0x0026C358 0x0025F758 0x00000000
RegisterClipboardFormatA - 0x0066CB0C 0x0026C35C 0x0025F75C 0x00000000
GetClipboardFormatNameA - 0x0066CB10 0x0026C360 0x0025F760 0x00000000
CharToOemA - 0x0066CB14 0x0026C364 0x0025F764 0x00000000
CharUpperA - 0x0066CB18 0x0026C368 0x0025F768 0x00000000
CharUpperBuffA - 0x0066CB1C 0x0026C36C 0x0025F76C 0x00000000
CharLowerA - 0x0066CB20 0x0026C370 0x0025F770 0x00000000
CharLowerBuffA - 0x0066CB24 0x0026C374 0x0025F774 0x00000000
GetMenuItemInfoA - 0x0066CB28 0x0026C378 0x0025F778 0x00000000
SetPropA - 0x0066CB2C 0x0026C37C 0x0025F77C 0x00000000
GetPropA - 0x0066CB30 0x0026C380 0x0025F780 0x00000000
RemovePropA - 0x0066CB34 0x0026C384 0x0025F784 0x00000000
EnumPropsA - 0x0066CB38 0x0026C388 0x0025F788 0x00000000
GetWindowLongA - 0x0066CB3C 0x0026C38C 0x0025F78C 0x00000000
SetWindowLongA - 0x0066CB40 0x0026C390 0x0025F790 0x00000000
GetClassLongA - 0x0066CB44 0x0026C394 0x0025F794 0x00000000
SetClassLongA - 0x0066CB48 0x0026C398 0x0025F798 0x00000000
GetClassNameA - 0x0066CB4C 0x0026C39C 0x0025F79C 0x00000000
LoadBitmapA - 0x0066CB50 0x0026C3A0 0x0025F7A0 0x00000000
LoadCursorA - 0x0066CB54 0x0026C3A4 0x0025F7A4 0x00000000
LoadIconA - 0x0066CB58 0x0026C3A8 0x0025F7A8 0x00000000
LoadImageA - 0x0066CB5C 0x0026C3AC 0x0025F7AC 0x00000000
SystemParametersInfoA - 0x0066CB60 0x0026C3B0 0x0025F7B0 0x00000000
DispatchMessageW - 0x0066CB64 0x0026C3B4 0x0025F7B4 0x00000000
PeekMessageW - 0x0066CB68 0x0026C3B8 0x0025F7B8 0x00000000
SendMessageW - 0x0066CB6C 0x0026C3BC 0x0025F7BC 0x00000000
DefWindowProcW - 0x0066CB70 0x0026C3C0 0x0025F7C0 0x00000000
CallWindowProcW - 0x0066CB74 0x0026C3C4 0x0025F7C4 0x00000000
RegisterClassW - 0x0066CB78 0x0026C3C8 0x0025F7C8 0x00000000
UnregisterClassW - 0x0066CB7C 0x0026C3CC 0x0025F7CC 0x00000000
GetClassInfoW - 0x0066CB80 0x0026C3D0 0x0025F7D0 0x00000000
CreateWindowExW - 0x0066CB84 0x0026C3D4 0x0025F7D4 0x00000000
InsertMenuItemW - 0x0066CB88 0x0026C3D8 0x0025F7D8 0x00000000
GetMenuItemInfoW - 0x0066CB8C 0x0026C3DC 0x0025F7DC 0x00000000
SetMenuItemInfoW - 0x0066CB90 0x0026C3E0 0x0025F7E0 0x00000000
DrawTextW - 0x0066CB94 0x0026C3E4 0x0025F7E4 0x00000000
DrawStateW - 0x0066CB98 0x0026C3E8 0x0025F7E8 0x00000000
SetWindowTextW - 0x0066CB9C 0x0026C3EC 0x0025F7EC 0x00000000
GetWindowTextW - 0x0066CBA0 0x0026C3F0 0x0025F7F0 0x00000000
GetWindowTextLengthW - 0x0066CBA4 0x0026C3F4 0x0025F7F4 0x00000000
MessageBoxW - 0x0066CBA8 0x0026C3F8 0x0025F7F8 0x00000000
GetWindowLongW - 0x0066CBAC 0x0026C3FC 0x0025F7FC 0x00000000
SetWindowLongW - 0x0066CBB0 0x0026C400 0x0025F800 0x00000000
DefFrameProcW - 0x0066CBB4 0x0026C404 0x0025F804 0x00000000
DefMDIChildProcW - 0x0066CBB8 0x0026C408 0x0025F808 0x00000000
TranslateMessage - 0x0066CBBC 0x0026C40C 0x0025F80C 0x00000000
PostQuitMessage - 0x0066CBC0 0x0026C410 0x0025F810 0x00000000
GetDoubleClickTime - 0x0066CBC4 0x0026C414 0x0025F814 0x00000000
IsWindow - 0x0066CBC8 0x0026C418 0x0025F818 0x00000000
IsMenu - 0x0066CBCC 0x0026C41C 0x0025F81C 0x00000000
DestroyWindow - 0x0066CBD0 0x0026C420 0x0025F820 0x00000000
ShowWindow - 0x0066CBD4 0x0026C424 0x0025F824 0x00000000
ShowWindowAsync - 0x0066CBD8 0x0026C428 0x0025F828 0x00000000
ShowOwnedPopups - 0x0066CBDC 0x0026C42C 0x0025F82C 0x00000000
MoveWindow - 0x0066CBE0 0x0026C430 0x0025F830 0x00000000
SetWindowPos - 0x0066CBE4 0x0026C434 0x0025F834 0x00000000
GetWindowPlacement - 0x0066CBE8 0x0026C438 0x0025F838 0x00000000
SetWindowPlacement - 0x0066CBEC 0x0026C43C 0x0025F83C 0x00000000
BeginDeferWindowPos - 0x0066CBF0 0x0026C440 0x0025F840 0x00000000
DeferWindowPos - 0x0066CBF4 0x0026C444 0x0025F844 0x00000000
EndDeferWindowPos - 0x0066CBF8 0x0026C448 0x0025F848 0x00000000
IsWindowVisible - 0x0066CBFC 0x0026C44C 0x0025F84C 0x00000000
IsIconic - 0x0066CC00 0x0026C450 0x0025F850 0x00000000
BringWindowToTop - 0x0066CC04 0x0026C454 0x0025F854 0x00000000
IsZoomed - 0x0066CC08 0x0026C458 0x0025F858 0x00000000
OpenClipboard - 0x0066CC0C 0x0026C45C 0x0025F85C 0x00000000
CloseClipboard - 0x0066CC10 0x0026C460 0x0025F860 0x00000000
SetClipboardData - 0x0066CC14 0x0026C464 0x0025F864 0x00000000
GetClipboardData - 0x0066CC18 0x0026C468 0x0025F868 0x00000000
CountClipboardFormats - 0x0066CC1C 0x0026C46C 0x0025F86C 0x00000000
EnumClipboardFormats - 0x0066CC20 0x0026C470 0x0025F870 0x00000000
EmptyClipboard - 0x0066CC24 0x0026C474 0x0025F874 0x00000000
IsClipboardFormatAvailable - 0x0066CC28 0x0026C478 0x0025F878 0x00000000
SetFocus - 0x0066CC2C 0x0026C47C 0x0025F87C 0x00000000
GetActiveWindow - 0x0066CC30 0x0026C480 0x0025F880 0x00000000
GetFocus - 0x0066CC34 0x0026C484 0x0025F884 0x00000000
GetKeyState - 0x0066CC38 0x0026C488 0x0025F888 0x00000000
GetCapture - 0x0066CC3C 0x0026C48C 0x0025F88C 0x00000000
SetCapture - 0x0066CC40 0x0026C490 0x0025F890 0x00000000
ReleaseCapture - 0x0066CC44 0x0026C494 0x0025F894 0x00000000
MsgWaitForMultipleObjects - 0x0066CC48 0x0026C498 0x0025F898 0x00000000
SetTimer - 0x0066CC4C 0x0026C49C 0x0025F89C 0x00000000
KillTimer - 0x0066CC50 0x0026C4A0 0x0025F8A0 0x00000000
EnableWindow - 0x0066CC54 0x0026C4A4 0x0025F8A4 0x00000000
IsWindowEnabled - 0x0066CC58 0x0026C4A8 0x0025F8A8 0x00000000
GetSystemMetrics - 0x0066CC5C 0x0026C4AC 0x0025F8AC 0x00000000
GetMenu - 0x0066CC60 0x0026C4B0 0x0025F8B0 0x00000000
SetMenu - 0x0066CC64 0x0026C4B4 0x0025F8B4 0x00000000
DrawMenuBar - 0x0066CC68 0x0026C4B8 0x0025F8B8 0x00000000
GetSystemMenu - 0x0066CC6C 0x0026C4BC 0x0025F8BC 0x00000000
CreateMenu - 0x0066CC70 0x0026C4C0 0x0025F8C0 0x00000000
CreatePopupMenu - 0x0066CC74 0x0026C4C4 0x0025F8C4 0x00000000
DestroyMenu - 0x0066CC78 0x0026C4C8 0x0025F8C8 0x00000000
EnableMenuItem - 0x0066CC7C 0x0026C4CC 0x0025F8CC 0x00000000
GetSubMenu - 0x0066CC80 0x0026C4D0 0x0025F8D0 0x00000000
GetMenuItemCount - 0x0066CC84 0x0026C4D4 0x0025F8D4 0x00000000
RemoveMenu - 0x0066CC88 0x0026C4D8 0x0025F8D8 0x00000000
DeleteMenu - 0x0066CC8C 0x0026C4DC 0x0025F8DC 0x00000000
GetMenuItemRect - 0x0066CC90 0x0026C4E0 0x0025F8E0 0x00000000
UpdateWindow - 0x0066CC94 0x0026C4E4 0x0025F8E4 0x00000000
SetActiveWindow - 0x0066CC98 0x0026C4E8 0x0025F8E8 0x00000000
GetForegroundWindow - 0x0066CC9C 0x0026C4EC 0x0025F8EC 0x00000000
SetForegroundWindow - 0x0066CCA0 0x0026C4F0 0x0025F8F0 0x00000000
WindowFromDC - 0x0066CCA4 0x0026C4F4 0x0025F8F4 0x00000000
GetDC - 0x0066CCA8 0x0026C4F8 0x0025F8F8 0x00000000
GetDCEx - 0x0066CCAC 0x0026C4FC 0x0025F8FC 0x00000000
GetWindowDC - 0x0066CCB0 0x0026C500 0x0025F900 0x00000000
ReleaseDC - 0x0066CCB4 0x0026C504 0x0025F904 0x00000000
BeginPaint - 0x0066CCB8 0x0026C508 0x0025F908 0x00000000
EndPaint - 0x0066CCBC 0x0026C50C 0x0025F90C 0x00000000
GetUpdateRect - 0x0066CCC0 0x0026C510 0x0025F910 0x00000000
SetWindowRgn - 0x0066CCC4 0x0026C514 0x0025F914 0x00000000
InvalidateRect - 0x0066CCC8 0x0026C518 0x0025F918 0x00000000
InvalidateRgn - 0x0066CCCC 0x0026C51C 0x0025F91C 0x00000000
RedrawWindow - 0x0066CCD0 0x0026C520 0x0025F920 0x00000000
ScrollWindowEx - 0x0066CCD4 0x0026C524 0x0025F924 0x00000000
ShowScrollBar - 0x0066CCD8 0x0026C528 0x0025F928 0x00000000
EnableScrollBar - 0x0066CCDC 0x0026C52C 0x0025F92C 0x00000000
GetClientRect - 0x0066CCE0 0x0026C530 0x0025F930 0x00000000
GetWindowRect - 0x0066CCE4 0x0026C534 0x0025F934 0x00000000
AdjustWindowRectEx - 0x0066CCE8 0x0026C538 0x0025F938 0x00000000
MessageBeep - 0x0066CCEC 0x0026C53C 0x0025F93C 0x00000000
SetCursorPos - 0x0066CCF0 0x0026C540 0x0025F940 0x00000000
SetCursor - 0x0066CCF4 0x0026C544 0x0025F944 0x00000000
GetCursorPos - 0x0066CCF8 0x0026C548 0x0025F948 0x00000000
CreateCaret - 0x0066CCFC 0x0026C54C 0x0025F94C 0x00000000
DestroyCaret - 0x0066CD00 0x0026C550 0x0025F950 0x00000000
HideCaret - 0x0066CD04 0x0026C554 0x0025F954 0x00000000
ShowCaret - 0x0066CD08 0x0026C558 0x0025F958 0x00000000
SetCaretPos - 0x0066CD0C 0x0026C55C 0x0025F95C 0x00000000
GetCaretPos - 0x0066CD10 0x0026C560 0x0025F960 0x00000000
ClientToScreen - 0x0066CD14 0x0026C564 0x0025F964 0x00000000
ScreenToClient - 0x0066CD18 0x0026C568 0x0025F968 0x00000000
MapWindowPoints - 0x0066CD1C 0x0026C56C 0x0025F96C 0x00000000
WindowFromPoint - 0x0066CD20 0x0026C570 0x0025F970 0x00000000
GetSysColor - 0x0066CD24 0x0026C574 0x0025F974 0x00000000
GetSysColorBrush - 0x0066CD28 0x0026C578 0x0025F978 0x00000000
SetSysColors - 0x0066CD2C 0x0026C57C 0x0025F97C 0x00000000
DrawFocusRect - 0x0066CD30 0x0026C580 0x0025F980 0x00000000
FillRect - 0x0066CD34 0x0026C584 0x0025F984 0x00000000
FrameRect - 0x0066CD38 0x0026C588 0x0025F988 0x00000000
SetRect - 0x0066CD3C 0x0026C58C 0x0025F98C 0x00000000
InflateRect - 0x0066CD40 0x0026C590 0x0025F990 0x00000000
IntersectRect - 0x0066CD44 0x0026C594 0x0025F994 0x00000000
OffsetRect - 0x0066CD48 0x0026C598 0x0025F998 0x00000000
GetDesktopWindow - 0x0066CD4C 0x0026C59C 0x0025F99C 0x00000000
GetParent - 0x0066CD50 0x0026C5A0 0x0025F9A0 0x00000000
SetParent - 0x0066CD54 0x0026C5A4 0x0025F9A4 0x00000000
EnumThreadWindows - 0x0066CD58 0x0026C5A8 0x0025F9A8 0x00000000
GetTopWindow - 0x0066CD5C 0x0026C5AC 0x0025F9AC 0x00000000
GetWindowThreadProcessId - 0x0066CD60 0x0026C5B0 0x0025F9B0 0x00000000
GetLastActivePopup - 0x0066CD64 0x0026C5B4 0x0025F9B4 0x00000000
GetWindow - 0x0066CD68 0x0026C5B8 0x0025F9B8 0x00000000
CallNextHookEx - 0x0066CD6C 0x0026C5BC 0x0025F9BC 0x00000000
DestroyCursor - 0x0066CD70 0x0026C5C0 0x0025F9C0 0x00000000
DestroyIcon - 0x0066CD74 0x0026C5C4 0x0025F9C4 0x00000000
CopyImage - 0x0066CD78 0x0026C5C8 0x0025F9C8 0x00000000
CreateIconIndirect - 0x0066CD7C 0x0026C5CC 0x0025F9CC 0x00000000
GetIconInfo - 0x0066CD80 0x0026C5D0 0x0025F9D0 0x00000000
SetScrollInfo - 0x0066CD84 0x0026C5D4 0x0025F9D4 0x00000000
GetScrollInfo - 0x0066CD88 0x0026C5D8 0x0025F9D8 0x00000000
TranslateMDISysAccel - 0x0066CD8C 0x0026C5DC 0x0025F9DC 0x00000000
DrawEdge - 0x0066CD90 0x0026C5E0 0x0025F9E0 0x00000000
DrawFrameControl - 0x0066CD94 0x0026C5E4 0x0025F9E4 0x00000000
TrackPopupMenuEx - 0x0066CD98 0x0026C5E8 0x0025F9E8 0x00000000
ChildWindowFromPointEx - 0x0066CD9C 0x0026C5EC 0x0025F9EC 0x00000000
DrawIconEx - 0x0066CDA0 0x0026C5F0 0x0025F9F0 0x00000000
FlashWindowEx - 0x0066CDA4 0x0026C5F4 0x0025F9F4 0x00000000
advapi32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserNameA - 0x0066CDAC 0x0026C5FC 0x0025F9FC 0x00000000
RegSetValueExW - 0x0066CDB0 0x0026C600 0x0025FA00 0x00000000
RegQueryValueExW - 0x0066CDB4 0x0026C604 0x0025FA04 0x00000000
RegCreateKeyExW - 0x0066CDB8 0x0026C608 0x0025FA08 0x00000000
RegOpenKeyExW - 0x0066CDBC 0x0026C60C 0x0025FA0C 0x00000000
RegCloseKey - 0x0066CDC0 0x0026C610 0x0025FA10 0x00000000
RegFlushKey - 0x0066CDC4 0x0026C614 0x0025FA14 0x00000000
gdi32.dll (108)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontIndirectA - 0x0066CDCC 0x0026C61C 0x0025FA1C 0x00000000
EnumFontFamiliesA - 0x0066CDD0 0x0026C620 0x0025FA20 0x00000000
GetCharABCWidthsA - 0x0066CDD4 0x0026C624 0x0025FA24 0x00000000
GetTextExtentPointA - 0x0066CDD8 0x0026C628 0x0025FA28 0x00000000
GetTextMetricsA - 0x0066CDDC 0x0026C62C 0x0025FA2C 0x00000000
GetObjectA - 0x0066CDE0 0x0026C630 0x0025FA30 0x00000000
ExtTextOutA - 0x0066CDE4 0x0026C634 0x0025FA34 0x00000000
CreateFontIndirectW - 0x0066CDE8 0x0026C638 0x0025FA38 0x00000000
EnumFontFamiliesExW - 0x0066CDEC 0x0026C63C 0x0025FA3C 0x00000000
GetCharABCWidthsW - 0x0066CDF0 0x0026C640 0x0025FA40 0x00000000
GetTextExtentPoint32W - 0x0066CDF4 0x0026C644 0x0025FA44 0x00000000
GetTextExtentExPointW - 0x0066CDF8 0x0026C648 0x0025FA48 0x00000000
GetObjectW - 0x0066CDFC 0x0026C64C 0x0025FA4C 0x00000000
TextOutW - 0x0066CE00 0x0026C650 0x0025FA50 0x00000000
ExtTextOutW - 0x0066CE04 0x0026C654 0x0025FA54 0x00000000
GetRandomRgn - 0x0066CE08 0x0026C658 0x0025FA58 0x00000000
Arc - 0x0066CE0C 0x0026C65C 0x0025FA5C 0x00000000
BitBlt - 0x0066CE10 0x0026C660 0x0025FA60 0x00000000
Chord - 0x0066CE14 0x0026C664 0x0025FA64 0x00000000
CombineRgn - 0x0066CE18 0x0026C668 0x0025FA68 0x00000000
CreateBitmap - 0x0066CE1C 0x0026C66C 0x0025FA6C 0x00000000
CreateBrushIndirect - 0x0066CE20 0x0026C670 0x0025FA70 0x00000000
CreateCompatibleBitmap - 0x0066CE24 0x0026C674 0x0025FA74 0x00000000
CreateCompatibleDC - 0x0066CE28 0x0026C678 0x0025FA78 0x00000000
CreateDIBitmap - 0x0066CE2C 0x0026C67C 0x0025FA7C 0x00000000
CreateEllipticRgn - 0x0066CE30 0x0026C680 0x0025FA80 0x00000000
CreatePen - 0x0066CE34 0x0026C684 0x0025FA84 0x00000000
CreatePenIndirect - 0x0066CE38 0x0026C688 0x0025FA88 0x00000000
CreatePatternBrush - 0x0066CE3C 0x0026C68C 0x0025FA8C 0x00000000
CreateRectRgn - 0x0066CE40 0x0026C690 0x0025FA90 0x00000000
CreateRoundRectRgn - 0x0066CE44 0x0026C694 0x0025FA94 0x00000000
CreateSolidBrush - 0x0066CE48 0x0026C698 0x0025FA98 0x00000000
DeleteDC - 0x0066CE4C 0x0026C69C 0x0025FA9C 0x00000000
DeleteObject - 0x0066CE50 0x0026C6A0 0x0025FAA0 0x00000000
Ellipse - 0x0066CE54 0x0026C6A4 0x0025FAA4 0x00000000
EqualRgn - 0x0066CE58 0x0026C6A8 0x0025FAA8 0x00000000
ExcludeClipRect - 0x0066CE5C 0x0026C6AC 0x0025FAAC 0x00000000
ExtCreateRegion - 0x0066CE60 0x0026C6B0 0x0025FAB0 0x00000000
ExtFloodFill - 0x0066CE64 0x0026C6B4 0x0025FAB4 0x00000000
FillRgn - 0x0066CE68 0x0026C6B8 0x0025FAB8 0x00000000
GetROP2 - 0x0066CE6C 0x0026C6BC 0x0025FABC 0x00000000
GetBkColor - 0x0066CE70 0x0026C6C0 0x0025FAC0 0x00000000
GetBitmapBits - 0x0066CE74 0x0026C6C4 0x0025FAC4 0x00000000
GetClipBox - 0x0066CE78 0x0026C6C8 0x0025FAC8 0x00000000
GetClipRgn - 0x0066CE7C 0x0026C6CC 0x0025FACC 0x00000000
GetCurrentObject - 0x0066CE80 0x0026C6D0 0x0025FAD0 0x00000000
GetDeviceCaps - 0x0066CE84 0x0026C6D4 0x0025FAD4 0x00000000
GetDIBits - 0x0066CE88 0x0026C6D8 0x0025FAD8 0x00000000
GetMapMode - 0x0066CE8C 0x0026C6DC 0x0025FADC 0x00000000
GetObjectType - 0x0066CE90 0x0026C6E0 0x0025FAE0 0x00000000
GetPixel - 0x0066CE94 0x0026C6E4 0x0025FAE4 0x00000000
GetRegionData - 0x0066CE98 0x0026C6E8 0x0025FAE8 0x00000000
GetRgnBox - 0x0066CE9C 0x0026C6EC 0x0025FAEC 0x00000000
GetStockObject - 0x0066CEA0 0x0026C6F0 0x0025FAF0 0x00000000
GetTextAlign - 0x0066CEA4 0x0026C6F4 0x0025FAF4 0x00000000
GetTextColor - 0x0066CEA8 0x0026C6F8 0x0025FAF8 0x00000000
GetViewportExtEx - 0x0066CEAC 0x0026C6FC 0x0025FAFC 0x00000000
GetViewportOrgEx - 0x0066CEB0 0x0026C700 0x0025FB00 0x00000000
GetWindowExtEx - 0x0066CEB4 0x0026C704 0x0025FB04 0x00000000
GetWindowOrgEx - 0x0066CEB8 0x0026C708 0x0025FB08 0x00000000
IntersectClipRect - 0x0066CEBC 0x0026C70C 0x0025FB0C 0x00000000
LineTo - 0x0066CEC0 0x0026C710 0x0025FB10 0x00000000
MaskBlt - 0x0066CEC4 0x0026C714 0x0025FB14 0x00000000
OffsetRgn - 0x0066CEC8 0x0026C718 0x0025FB18 0x00000000
PatBlt - 0x0066CECC 0x0026C71C 0x0025FB1C 0x00000000
Pie - 0x0066CED0 0x0026C720 0x0025FB20 0x00000000
PaintRgn - 0x0066CED4 0x0026C724 0x0025FB24 0x00000000
PtInRegion - 0x0066CED8 0x0026C728 0x0025FB28 0x00000000
RectInRegion - 0x0066CEDC 0x0026C72C 0x0025FB2C 0x00000000
RectVisible - 0x0066CEE0 0x0026C730 0x0025FB30 0x00000000
Rectangle - 0x0066CEE4 0x0026C734 0x0025FB34 0x00000000
RestoreDC - 0x0066CEE8 0x0026C738 0x0025FB38 0x00000000
RealizePalette - 0x0066CEEC 0x0026C73C 0x0025FB3C 0x00000000
RoundRect - 0x0066CEF0 0x0026C740 0x0025FB40 0x00000000
SaveDC - 0x0066CEF4 0x0026C744 0x0025FB44 0x00000000
SelectClipRgn - 0x0066CEF8 0x0026C748 0x0025FB48 0x00000000
ExtSelectClipRgn - 0x0066CEFC 0x0026C74C 0x0025FB4C 0x00000000
SelectObject - 0x0066CF00 0x0026C750 0x0025FB50 0x00000000
SelectPalette - 0x0066CF04 0x0026C754 0x0025FB54 0x00000000
SetBkColor - 0x0066CF08 0x0026C758 0x0025FB58 0x00000000
SetBkMode - 0x0066CF0C 0x0026C75C 0x0025FB5C 0x00000000
SetMapMode - 0x0066CF10 0x0026C760 0x0025FB60 0x00000000
SetPixel - 0x0066CF14 0x0026C764 0x0025FB64 0x00000000
SetPolyFillMode - 0x0066CF18 0x0026C768 0x0025FB68 0x00000000
StretchBlt - 0x0066CF1C 0x0026C76C 0x0025FB6C 0x00000000
SetRectRgn - 0x0066CF20 0x0026C770 0x0025FB70 0x00000000
SetROP2 - 0x0066CF24 0x0026C774 0x0025FB74 0x00000000
SetStretchBltMode - 0x0066CF28 0x0026C778 0x0025FB78 0x00000000
SetTextCharacterExtra - 0x0066CF2C 0x0026C77C 0x0025FB7C 0x00000000
SetTextColor - 0x0066CF30 0x0026C780 0x0025FB80 0x00000000
SetTextAlign - 0x0066CF34 0x0026C784 0x0025FB84 0x00000000
CreateDIBSection - 0x0066CF38 0x0026C788 0x0025FB88 0x00000000
SetArcDirection - 0x0066CF3C 0x0026C78C 0x0025FB8C 0x00000000
ExtCreatePen - 0x0066CF40 0x0026C790 0x0025FB90 0x00000000
MoveToEx - 0x0066CF44 0x0026C794 0x0025FB94 0x00000000
CreatePolygonRgn - 0x0066CF48 0x0026C798 0x0025FB98 0x00000000
DPtoLP - 0x0066CF4C 0x0026C79C 0x0025FB9C 0x00000000
LPtoDP - 0x0066CF50 0x0026C7A0 0x0025FBA0 0x00000000
Polygon - 0x0066CF54 0x0026C7A4 0x0025FBA4 0x00000000
Polyline - 0x0066CF58 0x0026C7A8 0x0025FBA8 0x00000000
PolyBezier - 0x0066CF5C 0x0026C7AC 0x0025FBAC 0x00000000
SetViewportExtEx - 0x0066CF60 0x0026C7B0 0x0025FBB0 0x00000000
SetViewportOrgEx - 0x0066CF64 0x0026C7B4 0x0025FBB4 0x00000000
SetWindowExtEx - 0x0066CF68 0x0026C7B8 0x0025FBB8 0x00000000
SetWindowOrgEx - 0x0066CF6C 0x0026C7BC 0x0025FBBC 0x00000000
OffsetViewportOrgEx - 0x0066CF70 0x0026C7C0 0x0025FBC0 0x00000000
SetBrushOrgEx - 0x0066CF74 0x0026C7C4 0x0025FBC4 0x00000000
GetDCOrgEx - 0x0066CF78 0x0026C7C8 0x0025FBC8 0x00000000
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeA - 0x0066CF80 0x0026C7D0 0x0025FBD0 0x00000000
GetFileVersionInfoA - 0x0066CF84 0x0026C7D4 0x0025FBD4 0x00000000
VerQueryValueA - 0x0066CF88 0x0026C7D8 0x0025FBD8 0x00000000
shell32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryFileA - 0x0066CF90 0x0026C7E0 0x0025FBE0 0x00000000
ShellExecuteA - 0x0066CF94 0x0026C7E4 0x0025FBE4 0x00000000
DragQueryFileW - 0x0066CF98 0x0026C7E8 0x0025FBE8 0x00000000
DragFinish - 0x0066CF9C 0x0026C7EC 0x0025FBEC 0x00000000
DragAcceptFiles - 0x0066CFA0 0x0026C7F0 0x0025FBF0 0x00000000
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleInitialize - 0x0066CFA8 0x0026C7F8 0x0025FBF8 0x00000000
OleUninitialize - 0x0066CFAC 0x0026C7FC 0x0025FBFC 0x00000000
comctl32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControls - 0x0066CFB4 0x0026C804 0x0025FC04 0x00000000
ImageList_Create - 0x0066CFB8 0x0026C808 0x0025FC08 0x00000000
ImageList_Destroy - 0x0066CFBC 0x0026C80C 0x0025FC0C 0x00000000
ImageList_GetImageCount - 0x0066CFC0 0x0026C810 0x0025FC10 0x00000000
ImageList_SetImageCount - 0x0066CFC4 0x0026C814 0x0025FC14 0x00000000
ImageList_Add - 0x0066CFC8 0x0026C818 0x0025FC18 0x00000000
ImageList_Replace - 0x0066CFCC 0x0026C81C 0x0025FC1C 0x00000000
ImageList_AddMasked - 0x0066CFD0 0x0026C820 0x0025FC20 0x00000000
ImageList_DrawEx - 0x0066CFD4 0x0026C824 0x0025FC24 0x00000000
ImageList_DrawIndirect - 0x0066CFD8 0x0026C828 0x0025FC28 0x00000000
ImageList_Remove - 0x0066CFDC 0x0026C82C 0x0025FC2C 0x00000000
ImageList_Copy - 0x0066CFE0 0x0026C830 0x0025FC30 0x00000000
ImageList_BeginDrag - 0x0066CFE4 0x0026C834 0x0025FC34 0x00000000
ImageList_EndDrag - 0x0066CFE8 0x0026C838 0x0025FC38 0x00000000
ImageList_DragEnter - 0x0066CFEC 0x0026C83C 0x0025FC3C 0x00000000
ImageList_DragLeave - 0x0066CFF0 0x0026C840 0x0025FC40 0x00000000
ImageList_DragMove - 0x0066CFF4 0x0026C844 0x0025FC44 0x00000000
ImageList_DragShowNolock - 0x0066CFF8 0x0026C848 0x0025FC48 0x00000000
_TrackMouseEvent - 0x0066CFFC 0x0026C84C 0x0025FC4C 0x00000000
ws2_32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
closesocket - 0x0066D004 0x0026C854 0x0025FC54 0x00000000
connect - 0x0066D008 0x0026C858 0x0025FC58 0x00000000
ioctlsocket - 0x0066D00C 0x0026C85C 0x0025FC5C 0x00000000
getsockopt - 0x0066D010 0x0026C860 0x0025FC60 0x00000000
recv - 0x0066D014 0x0026C864 0x0025FC64 0x00000000
select - 0x0066D018 0x0026C868 0x0025FC68 0x00000000
send - 0x0066D01C 0x0026C86C 0x0025FC6C 0x00000000
setsockopt - 0x0066D020 0x0026C870 0x0025FC70 0x00000000
shutdown - 0x0066D024 0x0026C874 0x0025FC74 0x00000000
socket - 0x0066D028 0x0026C878 0x0025FC78 0x00000000
WSAStartup - 0x0066D02C 0x0026C87C 0x0025FC7C 0x00000000
WSACleanup - 0x0066D030 0x0026C880 0x0025FC80 0x00000000
WSAGetLastError - 0x0066D034 0x0026C884 0x0025FC84 0x00000000
__WSAFDIsSet - 0x0066D038 0x0026C888 0x0025FC88 0x00000000
wsock32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
gethostbyaddr - 0x0066D040 0x0026C890 0x0025FC90 0x00000000
gethostbyname - 0x0066D044 0x0026C894 0x0025FC94 0x00000000
WSAStartup - 0x0066D048 0x0026C898 0x0025FC98 0x00000000
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
adobloc.exe 1 0x00400000 0x00690FFF Relevant Image False 32-bit 0x0040FCC0 False
...
buffer 1 0x04F0E020 0x0532E01F Image In Buffer False 32-bit - False
...
adobloc.exe 1 0x00400000 0x00690FFF Final Dump False 32-bit 0x00410687 False
...
C:\Users\RDhJ0CNFevzX% Dropped File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 4.12 MB
MD5 684176ba314c150a12a30c379aabcf96 Copy to Clipboard
SHA1 031158002560c79926666c419d1dc903a9dd2b20 Copy to Clipboard
SHA256 1bbc7f0b18f31285ff33c570e8122400d3a0cd11bb0c99f5964f7afb49ebc2ba Copy to Clipboard
SSDeep 98304:+R0pI/IQlUoMPdmpSp54ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmu5n9klRKN41v Copy to Clipboard
ImpHash 1a611a7df1f3828b0157c4725145a721 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00402EC0
Size Of Code 0x00175A20
Size Of Initialized Data 0x0001CF44
Size Of Uninitialized Data 0x00009554
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:00 (UTC+1)
Version Information (10)
»
FileDescription System Devices Optimizer
InternalName Devices Optimus
ProductName Devices Optimus
ProductVersion 6.0.0.0
Comments -
CompanyName -
FileVersion 6.0.0.0
LegalCopyright -
LegalTrademarks -
OriginalFilename -
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00175A20 0x00175C00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.06
.data 0x00577000 0x0001CF44 0x0001D000 0x00176000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.24
.rdata 0x00594000 0x000CC170 0x000CC200 0x00193000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.21
.bss 0x00661000 0x00009554 0x00000000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.CRT 0x0066B000 0x0000000C 0x00000200 0x0025F200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.06
.idata 0x0066C000 0x000030DE 0x00003200 0x0025F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.19
.rsrc 0x00670000 0x000206BC 0x00020800 0x00262600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.0
Imports (11)
»
kernel32.dll (126)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStdHandle - 0x0066C8A0 0x0026C0F0 0x0025F4F0 0x00000000
GetConsoleMode - 0x0066C8A4 0x0026C0F4 0x0025F4F4 0x00000000
TlsGetValue - 0x0066C8A8 0x0026C0F8 0x0025F4F8 0x00000000
GetLastError - 0x0066C8AC 0x0026C0FC 0x0025F4FC 0x00000000
SetLastError - 0x0066C8B0 0x0026C100 0x0025F500 0x00000000
RaiseException - 0x0066C8B4 0x0026C104 0x0025F504 0x00000000
GetTickCount - 0x0066C8B8 0x0026C108 0x0025F508 0x00000000
ExitProcess - 0x0066C8BC 0x0026C10C 0x0025F50C 0x00000000
GetStartupInfoA - 0x0066C8C0 0x0026C110 0x0025F510 0x00000000
GetCommandLineA - 0x0066C8C4 0x0026C114 0x0025F514 0x00000000
GetCurrentProcessId - 0x0066C8C8 0x0026C118 0x0025F518 0x00000000
GetCurrentThreadId - 0x0066C8CC 0x0026C11C 0x0025F51C 0x00000000
GetCurrentProcess - 0x0066C8D0 0x0026C120 0x0025F520 0x00000000
ReadProcessMemory - 0x0066C8D4 0x0026C124 0x0025F524 0x00000000
GetModuleFileNameA - 0x0066C8D8 0x0026C128 0x0025F528 0x00000000
GetModuleHandleA - 0x0066C8DC 0x0026C12C 0x0025F52C 0x00000000
WriteFile - 0x0066C8E0 0x0026C130 0x0025F530 0x00000000
ReadFile - 0x0066C8E4 0x0026C134 0x0025F534 0x00000000
CloseHandle - 0x0066C8E8 0x0026C138 0x0025F538 0x00000000
SetFilePointer - 0x0066C8EC 0x0026C13C 0x0025F53C 0x00000000
SetEndOfFile - 0x0066C8F0 0x0026C140 0x0025F540 0x00000000
GetSystemInfo - 0x0066C8F4 0x0026C144 0x0025F544 0x00000000
LoadLibraryW - 0x0066C8F8 0x0026C148 0x0025F548 0x00000000
LoadLibraryA - 0x0066C8FC 0x0026C14C 0x0025F54C 0x00000000
GetProcAddress - 0x0066C900 0x0026C150 0x0025F550 0x00000000
FreeLibrary - 0x0066C904 0x0026C154 0x0025F554 0x00000000
FormatMessageW - 0x0066C908 0x0026C158 0x0025F558 0x00000000
DeleteFileW - 0x0066C90C 0x0026C15C 0x0025F55C 0x00000000
CreateFileW - 0x0066C910 0x0026C160 0x0025F560 0x00000000
GetFileAttributesW - 0x0066C914 0x0026C164 0x0025F564 0x00000000
CreateDirectoryW - 0x0066C918 0x0026C168 0x0025F568 0x00000000
GetCurrentDirectoryW - 0x0066C91C 0x0026C16C 0x0025F56C 0x00000000
GetFullPathNameW - 0x0066C920 0x0026C170 0x0025F570 0x00000000
GetConsoleOutputCP - 0x0066C924 0x0026C174 0x0025F574 0x00000000
GetOEMCP - 0x0066C928 0x0026C178 0x0025F578 0x00000000
GetProcessHeap - 0x0066C92C 0x0026C17C 0x0025F57C 0x00000000
HeapAlloc - 0x0066C930 0x0026C180 0x0025F580 0x00000000
HeapFree - 0x0066C934 0x0026C184 0x0025F584 0x00000000
TlsAlloc - 0x0066C938 0x0026C188 0x0025F588 0x00000000
TlsSetValue - 0x0066C93C 0x0026C18C 0x0025F58C 0x00000000
CreateThread - 0x0066C940 0x0026C190 0x0025F590 0x00000000
ExitThread - 0x0066C944 0x0026C194 0x0025F594 0x00000000
LocalAlloc - 0x0066C948 0x0026C198 0x0025F598 0x00000000
LocalFree - 0x0066C94C 0x0026C19C 0x0025F59C 0x00000000
Sleep - 0x0066C950 0x0026C1A0 0x0025F5A0 0x00000000
SuspendThread - 0x0066C954 0x0026C1A4 0x0025F5A4 0x00000000
ResumeThread - 0x0066C958 0x0026C1A8 0x0025F5A8 0x00000000
TerminateThread - 0x0066C95C 0x0026C1AC 0x0025F5AC 0x00000000
WaitForSingleObject - 0x0066C960 0x0026C1B0 0x0025F5B0 0x00000000
SetThreadPriority - 0x0066C964 0x0026C1B4 0x0025F5B4 0x00000000
GetThreadPriority - 0x0066C968 0x0026C1B8 0x0025F5B8 0x00000000
GetCurrentThread - 0x0066C96C 0x0026C1BC 0x0025F5BC 0x00000000
OpenThread - 0x0066C970 0x0026C1C0 0x0025F5C0 0x00000000
IsDebuggerPresent - 0x0066C974 0x0026C1C4 0x0025F5C4 0x00000000
CreateEventA - 0x0066C978 0x0026C1C8 0x0025F5C8 0x00000000
ResetEvent - 0x0066C97C 0x0026C1CC 0x0025F5CC 0x00000000
SetEvent - 0x0066C980 0x0026C1D0 0x0025F5D0 0x00000000
InitializeCriticalSection - 0x0066C984 0x0026C1D4 0x0025F5D4 0x00000000
DeleteCriticalSection - 0x0066C988 0x0026C1D8 0x0025F5D8 0x00000000
EnterCriticalSection - 0x0066C98C 0x0026C1DC 0x0025F5DC 0x00000000
LeaveCriticalSection - 0x0066C990 0x0026C1E0 0x0025F5E0 0x00000000
TryEnterCriticalSection - 0x0066C994 0x0026C1E4 0x0025F5E4 0x00000000
GetEnvironmentStringsW - 0x0066C998 0x0026C1E8 0x0025F5E8 0x00000000
FreeEnvironmentStringsW - 0x0066C99C 0x0026C1EC 0x0025F5EC 0x00000000
MultiByteToWideChar - 0x0066C9A0 0x0026C1F0 0x0025F5F0 0x00000000
WideCharToMultiByte - 0x0066C9A4 0x0026C1F4 0x0025F5F4 0x00000000
GetACP - 0x0066C9A8 0x0026C1F8 0x0025F5F8 0x00000000
GetConsoleCP - 0x0066C9AC 0x0026C1FC 0x0025F5FC 0x00000000
RtlUnwind - 0x0066C9B0 0x0026C200 0x0025F600 0x00000000
EnumResourceTypesA - 0x0066C9B4 0x0026C204 0x0025F604 0x00000000
EnumResourceNamesA - 0x0066C9B8 0x0026C208 0x0025F608 0x00000000
EnumResourceLanguagesA - 0x0066C9BC 0x0026C20C 0x0025F60C 0x00000000
FindResourceA - 0x0066C9C0 0x0026C210 0x0025F610 0x00000000
FindResourceExA - 0x0066C9C4 0x0026C214 0x0025F614 0x00000000
LoadResource - 0x0066C9C8 0x0026C218 0x0025F618 0x00000000
SizeofResource - 0x0066C9CC 0x0026C21C 0x0025F61C 0x00000000
LockResource - 0x0066C9D0 0x0026C220 0x0025F620 0x00000000
FreeResource - 0x0066C9D4 0x0026C224 0x0025F624 0x00000000
GetEnvironmentStringsA - 0x0066C9D8 0x0026C228 0x0025F628 0x00000000
FreeEnvironmentStringsA - 0x0066C9DC 0x0026C22C 0x0025F62C 0x00000000
FormatMessageA - 0x0066C9E0 0x0026C230 0x0025F630 0x00000000
GlobalAddAtomA - 0x0066C9E4 0x0026C234 0x0025F634 0x00000000
GetDriveTypeA - 0x0066C9E8 0x0026C238 0x0025F638 0x00000000
GetSystemDirectoryA - 0x0066C9EC 0x0026C23C 0x0025F63C 0x00000000
GetWindowsDirectoryA - 0x0066C9F0 0x0026C240 0x0025F640 0x00000000
GetDiskFreeSpaceA - 0x0066C9F4 0x0026C244 0x0025F644 0x00000000
DeleteFileA - 0x0066C9F8 0x0026C248 0x0025F648 0x00000000
GetVersionExA - 0x0066C9FC 0x0026C24C 0x0025F64C 0x00000000
CompareStringA - 0x0066CA00 0x0026C250 0x0025F650 0x00000000
GetLocaleInfoA - 0x0066CA04 0x0026C254 0x0025F654 0x00000000
GetDateFormatA - 0x0066CA08 0x0026C258 0x0025F658 0x00000000
EnumCalendarInfoA - 0x0066CA0C 0x0026C25C 0x0025F65C 0x00000000
GetModuleFileNameW - 0x0066CA10 0x0026C260 0x0025F660 0x00000000
GetCommandLineW - 0x0066CA14 0x0026C264 0x0025F664 0x00000000
SetFileAttributesW - 0x0066CA18 0x0026C268 0x0025F668 0x00000000
FindNextFileW - 0x0066CA1C 0x0026C26C 0x0025F66C 0x00000000
CompareStringW - 0x0066CA20 0x0026C270 0x0025F670 0x00000000
GetLocaleInfoW - 0x0066CA24 0x0026C274 0x0025F674 0x00000000
GetDateFormatW - 0x0066CA28 0x0026C278 0x0025F678 0x00000000
FindFirstFileExW - 0x0066CA2C 0x0026C27C 0x0025F67C 0x00000000
GlobalAlloc - 0x0066CA30 0x0026C280 0x0025F680 0x00000000
GlobalReAlloc - 0x0066CA34 0x0026C284 0x0025F684 0x00000000
GlobalSize - 0x0066CA38 0x0026C288 0x0025F688 0x00000000
GlobalLock - 0x0066CA3C 0x0026C28C 0x0025F68C 0x00000000
GlobalUnlock - 0x0066CA40 0x0026C290 0x0025F690 0x00000000
VirtualFree - 0x0066CA44 0x0026C294 0x0025F694 0x00000000
GetExitCodeProcess - 0x0066CA48 0x0026C298 0x0025F698 0x00000000
GlobalDeleteAtom - 0x0066CA4C 0x0026C29C 0x0025F69C 0x00000000
GetLogicalDrives - 0x0066CA50 0x0026C2A0 0x0025F6A0 0x00000000
DeviceIoControl - 0x0066CA54 0x0026C2A4 0x0025F6A4 0x00000000
FindClose - 0x0066CA58 0x0026C2A8 0x0025F6A8 0x00000000
WinExec - 0x0066CA5C 0x0026C2AC 0x0025F6AC 0x00000000
MulDiv - 0x0066CA60 0x0026C2B0 0x0025F6B0 0x00000000
GetLocalTime - 0x0066CA64 0x0026C2B4 0x0025F6B4 0x00000000
SystemTimeToTzSpecificLocalTime - 0x0066CA68 0x0026C2B8 0x0025F6B8 0x00000000
FileTimeToLocalFileTime - 0x0066CA6C 0x0026C2BC 0x0025F6BC 0x00000000
FileTimeToSystemTime - 0x0066CA70 0x0026C2C0 0x0025F6C0 0x00000000
FileTimeToDosDateTime - 0x0066CA74 0x0026C2C4 0x0025F6C4 0x00000000
PeekNamedPipe - 0x0066CA78 0x0026C2C8 0x0025F6C8 0x00000000
GetCPInfo - 0x0066CA7C 0x0026C2CC 0x0025F6CC 0x00000000
GetThreadLocale - 0x0066CA80 0x0026C2D0 0x0025F6D0 0x00000000
SetThreadLocale - 0x0066CA84 0x0026C2D4 0x0025F6D4 0x00000000
GetUserDefaultLCID - 0x0066CA88 0x0026C2D8 0x0025F6D8 0x00000000
CreateToolhelp32Snapshot - 0x0066CA8C 0x0026C2DC 0x0025F6DC 0x00000000
Process32First - 0x0066CA90 0x0026C2E0 0x0025F6E0 0x00000000
Process32Next - 0x0066CA94 0x0026C2E4 0x0025F6E4 0x00000000
oleaut32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocStringLen - 0x0066CA9C 0x0026C2EC 0x0025F6EC 0x00000000
SysFreeString - 0x0066CAA0 0x0026C2F0 0x0025F6F0 0x00000000
SysReAllocStringLen - 0x0066CAA4 0x0026C2F4 0x0025F6F4 0x00000000
SafeArrayCreate - 0x0066CAA8 0x0026C2F8 0x0025F6F8 0x00000000
SafeArrayRedim - 0x0066CAAC 0x0026C2FC 0x0025F6FC 0x00000000
SafeArrayGetUBound - 0x0066CAB0 0x0026C300 0x0025F700 0x00000000
SafeArrayGetLBound - 0x0066CAB4 0x0026C304 0x0025F704 0x00000000
SafeArrayAccessData - 0x0066CAB8 0x0026C308 0x0025F708 0x00000000
SafeArrayUnaccessData - 0x0066CABC 0x0026C30C 0x0025F70C 0x00000000
SafeArrayGetElement - 0x0066CAC0 0x0026C310 0x0025F710 0x00000000
SafeArrayPutElement - 0x0066CAC4 0x0026C314 0x0025F714 0x00000000
SafeArrayPtrOfIndex - 0x0066CAC8 0x0026C318 0x0025F718 0x00000000
VariantChangeTypeEx - 0x0066CACC 0x0026C31C 0x0025F71C 0x00000000
VariantClear - 0x0066CAD0 0x0026C320 0x0025F720 0x00000000
VariantCopy - 0x0066CAD4 0x0026C324 0x0025F724 0x00000000
VariantInit - 0x0066CAD8 0x0026C328 0x0025F728 0x00000000
user32.dll (178)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA - 0x0066CAE0 0x0026C330 0x0025F730 0x00000000
CharUpperBuffW - 0x0066CAE4 0x0026C334 0x0025F734 0x00000000
CharLowerBuffW - 0x0066CAE8 0x0026C338 0x0025F738 0x00000000
SendMessageA - 0x0066CAEC 0x0026C33C 0x0025F73C 0x00000000
PostMessageA - 0x0066CAF0 0x0026C340 0x0025F740 0x00000000
DefWindowProcA - 0x0066CAF4 0x0026C344 0x0025F744 0x00000000
CallWindowProcA - 0x0066CAF8 0x0026C348 0x0025F748 0x00000000
RegisterClassA - 0x0066CAFC 0x0026C34C 0x0025F74C 0x00000000
UnregisterClassA - 0x0066CB00 0x0026C350 0x0025F750 0x00000000
GetClassInfoA - 0x0066CB04 0x0026C354 0x0025F754 0x00000000
CreateWindowExA - 0x0066CB08 0x0026C358 0x0025F758 0x00000000
RegisterClipboardFormatA - 0x0066CB0C 0x0026C35C 0x0025F75C 0x00000000
GetClipboardFormatNameA - 0x0066CB10 0x0026C360 0x0025F760 0x00000000
CharToOemA - 0x0066CB14 0x0026C364 0x0025F764 0x00000000
CharUpperA - 0x0066CB18 0x0026C368 0x0025F768 0x00000000
CharUpperBuffA - 0x0066CB1C 0x0026C36C 0x0025F76C 0x00000000
CharLowerA - 0x0066CB20 0x0026C370 0x0025F770 0x00000000
CharLowerBuffA - 0x0066CB24 0x0026C374 0x0025F774 0x00000000
GetMenuItemInfoA - 0x0066CB28 0x0026C378 0x0025F778 0x00000000
SetPropA - 0x0066CB2C 0x0026C37C 0x0025F77C 0x00000000
GetPropA - 0x0066CB30 0x0026C380 0x0025F780 0x00000000
RemovePropA - 0x0066CB34 0x0026C384 0x0025F784 0x00000000
EnumPropsA - 0x0066CB38 0x0026C388 0x0025F788 0x00000000
GetWindowLongA - 0x0066CB3C 0x0026C38C 0x0025F78C 0x00000000
SetWindowLongA - 0x0066CB40 0x0026C390 0x0025F790 0x00000000
GetClassLongA - 0x0066CB44 0x0026C394 0x0025F794 0x00000000
SetClassLongA - 0x0066CB48 0x0026C398 0x0025F798 0x00000000
GetClassNameA - 0x0066CB4C 0x0026C39C 0x0025F79C 0x00000000
LoadBitmapA - 0x0066CB50 0x0026C3A0 0x0025F7A0 0x00000000
LoadCursorA - 0x0066CB54 0x0026C3A4 0x0025F7A4 0x00000000
LoadIconA - 0x0066CB58 0x0026C3A8 0x0025F7A8 0x00000000
LoadImageA - 0x0066CB5C 0x0026C3AC 0x0025F7AC 0x00000000
SystemParametersInfoA - 0x0066CB60 0x0026C3B0 0x0025F7B0 0x00000000
DispatchMessageW - 0x0066CB64 0x0026C3B4 0x0025F7B4 0x00000000
PeekMessageW - 0x0066CB68 0x0026C3B8 0x0025F7B8 0x00000000
SendMessageW - 0x0066CB6C 0x0026C3BC 0x0025F7BC 0x00000000
DefWindowProcW - 0x0066CB70 0x0026C3C0 0x0025F7C0 0x00000000
CallWindowProcW - 0x0066CB74 0x0026C3C4 0x0025F7C4 0x00000000
RegisterClassW - 0x0066CB78 0x0026C3C8 0x0025F7C8 0x00000000
UnregisterClassW - 0x0066CB7C 0x0026C3CC 0x0025F7CC 0x00000000
GetClassInfoW - 0x0066CB80 0x0026C3D0 0x0025F7D0 0x00000000
CreateWindowExW - 0x0066CB84 0x0026C3D4 0x0025F7D4 0x00000000
InsertMenuItemW - 0x0066CB88 0x0026C3D8 0x0025F7D8 0x00000000
GetMenuItemInfoW - 0x0066CB8C 0x0026C3DC 0x0025F7DC 0x00000000
SetMenuItemInfoW - 0x0066CB90 0x0026C3E0 0x0025F7E0 0x00000000
DrawTextW - 0x0066CB94 0x0026C3E4 0x0025F7E4 0x00000000
DrawStateW - 0x0066CB98 0x0026C3E8 0x0025F7E8 0x00000000
SetWindowTextW - 0x0066CB9C 0x0026C3EC 0x0025F7EC 0x00000000
GetWindowTextW - 0x0066CBA0 0x0026C3F0 0x0025F7F0 0x00000000
GetWindowTextLengthW - 0x0066CBA4 0x0026C3F4 0x0025F7F4 0x00000000
MessageBoxW - 0x0066CBA8 0x0026C3F8 0x0025F7F8 0x00000000
GetWindowLongW - 0x0066CBAC 0x0026C3FC 0x0025F7FC 0x00000000
SetWindowLongW - 0x0066CBB0 0x0026C400 0x0025F800 0x00000000
DefFrameProcW - 0x0066CBB4 0x0026C404 0x0025F804 0x00000000
DefMDIChildProcW - 0x0066CBB8 0x0026C408 0x0025F808 0x00000000
TranslateMessage - 0x0066CBBC 0x0026C40C 0x0025F80C 0x00000000
PostQuitMessage - 0x0066CBC0 0x0026C410 0x0025F810 0x00000000
GetDoubleClickTime - 0x0066CBC4 0x0026C414 0x0025F814 0x00000000
IsWindow - 0x0066CBC8 0x0026C418 0x0025F818 0x00000000
IsMenu - 0x0066CBCC 0x0026C41C 0x0025F81C 0x00000000
DestroyWindow - 0x0066CBD0 0x0026C420 0x0025F820 0x00000000
ShowWindow - 0x0066CBD4 0x0026C424 0x0025F824 0x00000000
ShowWindowAsync - 0x0066CBD8 0x0026C428 0x0025F828 0x00000000
ShowOwnedPopups - 0x0066CBDC 0x0026C42C 0x0025F82C 0x00000000
MoveWindow - 0x0066CBE0 0x0026C430 0x0025F830 0x00000000
SetWindowPos - 0x0066CBE4 0x0026C434 0x0025F834 0x00000000
GetWindowPlacement - 0x0066CBE8 0x0026C438 0x0025F838 0x00000000
SetWindowPlacement - 0x0066CBEC 0x0026C43C 0x0025F83C 0x00000000
BeginDeferWindowPos - 0x0066CBF0 0x0026C440 0x0025F840 0x00000000
DeferWindowPos - 0x0066CBF4 0x0026C444 0x0025F844 0x00000000
EndDeferWindowPos - 0x0066CBF8 0x0026C448 0x0025F848 0x00000000
IsWindowVisible - 0x0066CBFC 0x0026C44C 0x0025F84C 0x00000000
IsIconic - 0x0066CC00 0x0026C450 0x0025F850 0x00000000
BringWindowToTop - 0x0066CC04 0x0026C454 0x0025F854 0x00000000
IsZoomed - 0x0066CC08 0x0026C458 0x0025F858 0x00000000
OpenClipboard - 0x0066CC0C 0x0026C45C 0x0025F85C 0x00000000
CloseClipboard - 0x0066CC10 0x0026C460 0x0025F860 0x00000000
SetClipboardData - 0x0066CC14 0x0026C464 0x0025F864 0x00000000
GetClipboardData - 0x0066CC18 0x0026C468 0x0025F868 0x00000000
CountClipboardFormats - 0x0066CC1C 0x0026C46C 0x0025F86C 0x00000000
EnumClipboardFormats - 0x0066CC20 0x0026C470 0x0025F870 0x00000000
EmptyClipboard - 0x0066CC24 0x0026C474 0x0025F874 0x00000000
IsClipboardFormatAvailable - 0x0066CC28 0x0026C478 0x0025F878 0x00000000
SetFocus - 0x0066CC2C 0x0026C47C 0x0025F87C 0x00000000
GetActiveWindow - 0x0066CC30 0x0026C480 0x0025F880 0x00000000
GetFocus - 0x0066CC34 0x0026C484 0x0025F884 0x00000000
GetKeyState - 0x0066CC38 0x0026C488 0x0025F888 0x00000000
GetCapture - 0x0066CC3C 0x0026C48C 0x0025F88C 0x00000000
SetCapture - 0x0066CC40 0x0026C490 0x0025F890 0x00000000
ReleaseCapture - 0x0066CC44 0x0026C494 0x0025F894 0x00000000
MsgWaitForMultipleObjects - 0x0066CC48 0x0026C498 0x0025F898 0x00000000
SetTimer - 0x0066CC4C 0x0026C49C 0x0025F89C 0x00000000
KillTimer - 0x0066CC50 0x0026C4A0 0x0025F8A0 0x00000000
EnableWindow - 0x0066CC54 0x0026C4A4 0x0025F8A4 0x00000000
IsWindowEnabled - 0x0066CC58 0x0026C4A8 0x0025F8A8 0x00000000
GetSystemMetrics - 0x0066CC5C 0x0026C4AC 0x0025F8AC 0x00000000
GetMenu - 0x0066CC60 0x0026C4B0 0x0025F8B0 0x00000000
SetMenu - 0x0066CC64 0x0026C4B4 0x0025F8B4 0x00000000
DrawMenuBar - 0x0066CC68 0x0026C4B8 0x0025F8B8 0x00000000
GetSystemMenu - 0x0066CC6C 0x0026C4BC 0x0025F8BC 0x00000000
CreateMenu - 0x0066CC70 0x0026C4C0 0x0025F8C0 0x00000000
CreatePopupMenu - 0x0066CC74 0x0026C4C4 0x0025F8C4 0x00000000
DestroyMenu - 0x0066CC78 0x0026C4C8 0x0025F8C8 0x00000000
EnableMenuItem - 0x0066CC7C 0x0026C4CC 0x0025F8CC 0x00000000
GetSubMenu - 0x0066CC80 0x0026C4D0 0x0025F8D0 0x00000000
GetMenuItemCount - 0x0066CC84 0x0026C4D4 0x0025F8D4 0x00000000
RemoveMenu - 0x0066CC88 0x0026C4D8 0x0025F8D8 0x00000000
DeleteMenu - 0x0066CC8C 0x0026C4DC 0x0025F8DC 0x00000000
GetMenuItemRect - 0x0066CC90 0x0026C4E0 0x0025F8E0 0x00000000
UpdateWindow - 0x0066CC94 0x0026C4E4 0x0025F8E4 0x00000000
SetActiveWindow - 0x0066CC98 0x0026C4E8 0x0025F8E8 0x00000000
GetForegroundWindow - 0x0066CC9C 0x0026C4EC 0x0025F8EC 0x00000000
SetForegroundWindow - 0x0066CCA0 0x0026C4F0 0x0025F8F0 0x00000000
WindowFromDC - 0x0066CCA4 0x0026C4F4 0x0025F8F4 0x00000000
GetDC - 0x0066CCA8 0x0026C4F8 0x0025F8F8 0x00000000
GetDCEx - 0x0066CCAC 0x0026C4FC 0x0025F8FC 0x00000000
GetWindowDC - 0x0066CCB0 0x0026C500 0x0025F900 0x00000000
ReleaseDC - 0x0066CCB4 0x0026C504 0x0025F904 0x00000000
BeginPaint - 0x0066CCB8 0x0026C508 0x0025F908 0x00000000
EndPaint - 0x0066CCBC 0x0026C50C 0x0025F90C 0x00000000
GetUpdateRect - 0x0066CCC0 0x0026C510 0x0025F910 0x00000000
SetWindowRgn - 0x0066CCC4 0x0026C514 0x0025F914 0x00000000
InvalidateRect - 0x0066CCC8 0x0026C518 0x0025F918 0x00000000
InvalidateRgn - 0x0066CCCC 0x0026C51C 0x0025F91C 0x00000000
RedrawWindow - 0x0066CCD0 0x0026C520 0x0025F920 0x00000000
ScrollWindowEx - 0x0066CCD4 0x0026C524 0x0025F924 0x00000000
ShowScrollBar - 0x0066CCD8 0x0026C528 0x0025F928 0x00000000
EnableScrollBar - 0x0066CCDC 0x0026C52C 0x0025F92C 0x00000000
GetClientRect - 0x0066CCE0 0x0026C530 0x0025F930 0x00000000
GetWindowRect - 0x0066CCE4 0x0026C534 0x0025F934 0x00000000
AdjustWindowRectEx - 0x0066CCE8 0x0026C538 0x0025F938 0x00000000
MessageBeep - 0x0066CCEC 0x0026C53C 0x0025F93C 0x00000000
SetCursorPos - 0x0066CCF0 0x0026C540 0x0025F940 0x00000000
SetCursor - 0x0066CCF4 0x0026C544 0x0025F944 0x00000000
GetCursorPos - 0x0066CCF8 0x0026C548 0x0025F948 0x00000000
CreateCaret - 0x0066CCFC 0x0026C54C 0x0025F94C 0x00000000
DestroyCaret - 0x0066CD00 0x0026C550 0x0025F950 0x00000000
HideCaret - 0x0066CD04 0x0026C554 0x0025F954 0x00000000
ShowCaret - 0x0066CD08 0x0026C558 0x0025F958 0x00000000
SetCaretPos - 0x0066CD0C 0x0026C55C 0x0025F95C 0x00000000
GetCaretPos - 0x0066CD10 0x0026C560 0x0025F960 0x00000000
ClientToScreen - 0x0066CD14 0x0026C564 0x0025F964 0x00000000
ScreenToClient - 0x0066CD18 0x0026C568 0x0025F968 0x00000000
MapWindowPoints - 0x0066CD1C 0x0026C56C 0x0025F96C 0x00000000
WindowFromPoint - 0x0066CD20 0x0026C570 0x0025F970 0x00000000
GetSysColor - 0x0066CD24 0x0026C574 0x0025F974 0x00000000
GetSysColorBrush - 0x0066CD28 0x0026C578 0x0025F978 0x00000000
SetSysColors - 0x0066CD2C 0x0026C57C 0x0025F97C 0x00000000
DrawFocusRect - 0x0066CD30 0x0026C580 0x0025F980 0x00000000
FillRect - 0x0066CD34 0x0026C584 0x0025F984 0x00000000
FrameRect - 0x0066CD38 0x0026C588 0x0025F988 0x00000000
SetRect - 0x0066CD3C 0x0026C58C 0x0025F98C 0x00000000
InflateRect - 0x0066CD40 0x0026C590 0x0025F990 0x00000000
IntersectRect - 0x0066CD44 0x0026C594 0x0025F994 0x00000000
OffsetRect - 0x0066CD48 0x0026C598 0x0025F998 0x00000000
GetDesktopWindow - 0x0066CD4C 0x0026C59C 0x0025F99C 0x00000000
GetParent - 0x0066CD50 0x0026C5A0 0x0025F9A0 0x00000000
SetParent - 0x0066CD54 0x0026C5A4 0x0025F9A4 0x00000000
EnumThreadWindows - 0x0066CD58 0x0026C5A8 0x0025F9A8 0x00000000
GetTopWindow - 0x0066CD5C 0x0026C5AC 0x0025F9AC 0x00000000
GetWindowThreadProcessId - 0x0066CD60 0x0026C5B0 0x0025F9B0 0x00000000
GetLastActivePopup - 0x0066CD64 0x0026C5B4 0x0025F9B4 0x00000000
GetWindow - 0x0066CD68 0x0026C5B8 0x0025F9B8 0x00000000
CallNextHookEx - 0x0066CD6C 0x0026C5BC 0x0025F9BC 0x00000000
DestroyCursor - 0x0066CD70 0x0026C5C0 0x0025F9C0 0x00000000
DestroyIcon - 0x0066CD74 0x0026C5C4 0x0025F9C4 0x00000000
CopyImage - 0x0066CD78 0x0026C5C8 0x0025F9C8 0x00000000
CreateIconIndirect - 0x0066CD7C 0x0026C5CC 0x0025F9CC 0x00000000
GetIconInfo - 0x0066CD80 0x0026C5D0 0x0025F9D0 0x00000000
SetScrollInfo - 0x0066CD84 0x0026C5D4 0x0025F9D4 0x00000000
GetScrollInfo - 0x0066CD88 0x0026C5D8 0x0025F9D8 0x00000000
TranslateMDISysAccel - 0x0066CD8C 0x0026C5DC 0x0025F9DC 0x00000000
DrawEdge - 0x0066CD90 0x0026C5E0 0x0025F9E0 0x00000000
DrawFrameControl - 0x0066CD94 0x0026C5E4 0x0025F9E4 0x00000000
TrackPopupMenuEx - 0x0066CD98 0x0026C5E8 0x0025F9E8 0x00000000
ChildWindowFromPointEx - 0x0066CD9C 0x0026C5EC 0x0025F9EC 0x00000000
DrawIconEx - 0x0066CDA0 0x0026C5F0 0x0025F9F0 0x00000000
FlashWindowEx - 0x0066CDA4 0x0026C5F4 0x0025F9F4 0x00000000
advapi32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserNameA - 0x0066CDAC 0x0026C5FC 0x0025F9FC 0x00000000
RegSetValueExW - 0x0066CDB0 0x0026C600 0x0025FA00 0x00000000
RegQueryValueExW - 0x0066CDB4 0x0026C604 0x0025FA04 0x00000000
RegCreateKeyExW - 0x0066CDB8 0x0026C608 0x0025FA08 0x00000000
RegOpenKeyExW - 0x0066CDBC 0x0026C60C 0x0025FA0C 0x00000000
RegCloseKey - 0x0066CDC0 0x0026C610 0x0025FA10 0x00000000
RegFlushKey - 0x0066CDC4 0x0026C614 0x0025FA14 0x00000000
gdi32.dll (108)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontIndirectA - 0x0066CDCC 0x0026C61C 0x0025FA1C 0x00000000
EnumFontFamiliesA - 0x0066CDD0 0x0026C620 0x0025FA20 0x00000000
GetCharABCWidthsA - 0x0066CDD4 0x0026C624 0x0025FA24 0x00000000
GetTextExtentPointA - 0x0066CDD8 0x0026C628 0x0025FA28 0x00000000
GetTextMetricsA - 0x0066CDDC 0x0026C62C 0x0025FA2C 0x00000000
GetObjectA - 0x0066CDE0 0x0026C630 0x0025FA30 0x00000000
ExtTextOutA - 0x0066CDE4 0x0026C634 0x0025FA34 0x00000000
CreateFontIndirectW - 0x0066CDE8 0x0026C638 0x0025FA38 0x00000000
EnumFontFamiliesExW - 0x0066CDEC 0x0026C63C 0x0025FA3C 0x00000000
GetCharABCWidthsW - 0x0066CDF0 0x0026C640 0x0025FA40 0x00000000
GetTextExtentPoint32W - 0x0066CDF4 0x0026C644 0x0025FA44 0x00000000
GetTextExtentExPointW - 0x0066CDF8 0x0026C648 0x0025FA48 0x00000000
GetObjectW - 0x0066CDFC 0x0026C64C 0x0025FA4C 0x00000000
TextOutW - 0x0066CE00 0x0026C650 0x0025FA50 0x00000000
ExtTextOutW - 0x0066CE04 0x0026C654 0x0025FA54 0x00000000
GetRandomRgn - 0x0066CE08 0x0026C658 0x0025FA58 0x00000000
Arc - 0x0066CE0C 0x0026C65C 0x0025FA5C 0x00000000
BitBlt - 0x0066CE10 0x0026C660 0x0025FA60 0x00000000
Chord - 0x0066CE14 0x0026C664 0x0025FA64 0x00000000
CombineRgn - 0x0066CE18 0x0026C668 0x0025FA68 0x00000000
CreateBitmap - 0x0066CE1C 0x0026C66C 0x0025FA6C 0x00000000
CreateBrushIndirect - 0x0066CE20 0x0026C670 0x0025FA70 0x00000000
CreateCompatibleBitmap - 0x0066CE24 0x0026C674 0x0025FA74 0x00000000
CreateCompatibleDC - 0x0066CE28 0x0026C678 0x0025FA78 0x00000000
CreateDIBitmap - 0x0066CE2C 0x0026C67C 0x0025FA7C 0x00000000
CreateEllipticRgn - 0x0066CE30 0x0026C680 0x0025FA80 0x00000000
CreatePen - 0x0066CE34 0x0026C684 0x0025FA84 0x00000000
CreatePenIndirect - 0x0066CE38 0x0026C688 0x0025FA88 0x00000000
CreatePatternBrush - 0x0066CE3C 0x0026C68C 0x0025FA8C 0x00000000
CreateRectRgn - 0x0066CE40 0x0026C690 0x0025FA90 0x00000000
CreateRoundRectRgn - 0x0066CE44 0x0026C694 0x0025FA94 0x00000000
CreateSolidBrush - 0x0066CE48 0x0026C698 0x0025FA98 0x00000000
DeleteDC - 0x0066CE4C 0x0026C69C 0x0025FA9C 0x00000000
DeleteObject - 0x0066CE50 0x0026C6A0 0x0025FAA0 0x00000000
Ellipse - 0x0066CE54 0x0026C6A4 0x0025FAA4 0x00000000
EqualRgn - 0x0066CE58 0x0026C6A8 0x0025FAA8 0x00000000
ExcludeClipRect - 0x0066CE5C 0x0026C6AC 0x0025FAAC 0x00000000
ExtCreateRegion - 0x0066CE60 0x0026C6B0 0x0025FAB0 0x00000000
ExtFloodFill - 0x0066CE64 0x0026C6B4 0x0025FAB4 0x00000000
FillRgn - 0x0066CE68 0x0026C6B8 0x0025FAB8 0x00000000
GetROP2 - 0x0066CE6C 0x0026C6BC 0x0025FABC 0x00000000
GetBkColor - 0x0066CE70 0x0026C6C0 0x0025FAC0 0x00000000
GetBitmapBits - 0x0066CE74 0x0026C6C4 0x0025FAC4 0x00000000
GetClipBox - 0x0066CE78 0x0026C6C8 0x0025FAC8 0x00000000
GetClipRgn - 0x0066CE7C 0x0026C6CC 0x0025FACC 0x00000000
GetCurrentObject - 0x0066CE80 0x0026C6D0 0x0025FAD0 0x00000000
GetDeviceCaps - 0x0066CE84 0x0026C6D4 0x0025FAD4 0x00000000
GetDIBits - 0x0066CE88 0x0026C6D8 0x0025FAD8 0x00000000
GetMapMode - 0x0066CE8C 0x0026C6DC 0x0025FADC 0x00000000
GetObjectType - 0x0066CE90 0x0026C6E0 0x0025FAE0 0x00000000
GetPixel - 0x0066CE94 0x0026C6E4 0x0025FAE4 0x00000000
GetRegionData - 0x0066CE98 0x0026C6E8 0x0025FAE8 0x00000000
GetRgnBox - 0x0066CE9C 0x0026C6EC 0x0025FAEC 0x00000000
GetStockObject - 0x0066CEA0 0x0026C6F0 0x0025FAF0 0x00000000
GetTextAlign - 0x0066CEA4 0x0026C6F4 0x0025FAF4 0x00000000
GetTextColor - 0x0066CEA8 0x0026C6F8 0x0025FAF8 0x00000000
GetViewportExtEx - 0x0066CEAC 0x0026C6FC 0x0025FAFC 0x00000000
GetViewportOrgEx - 0x0066CEB0 0x0026C700 0x0025FB00 0x00000000
GetWindowExtEx - 0x0066CEB4 0x0026C704 0x0025FB04 0x00000000
GetWindowOrgEx - 0x0066CEB8 0x0026C708 0x0025FB08 0x00000000
IntersectClipRect - 0x0066CEBC 0x0026C70C 0x0025FB0C 0x00000000
LineTo - 0x0066CEC0 0x0026C710 0x0025FB10 0x00000000
MaskBlt - 0x0066CEC4 0x0026C714 0x0025FB14 0x00000000
OffsetRgn - 0x0066CEC8 0x0026C718 0x0025FB18 0x00000000
PatBlt - 0x0066CECC 0x0026C71C 0x0025FB1C 0x00000000
Pie - 0x0066CED0 0x0026C720 0x0025FB20 0x00000000
PaintRgn - 0x0066CED4 0x0026C724 0x0025FB24 0x00000000
PtInRegion - 0x0066CED8 0x0026C728 0x0025FB28 0x00000000
RectInRegion - 0x0066CEDC 0x0026C72C 0x0025FB2C 0x00000000
RectVisible - 0x0066CEE0 0x0026C730 0x0025FB30 0x00000000
Rectangle - 0x0066CEE4 0x0026C734 0x0025FB34 0x00000000
RestoreDC - 0x0066CEE8 0x0026C738 0x0025FB38 0x00000000
RealizePalette - 0x0066CEEC 0x0026C73C 0x0025FB3C 0x00000000
RoundRect - 0x0066CEF0 0x0026C740 0x0025FB40 0x00000000
SaveDC - 0x0066CEF4 0x0026C744 0x0025FB44 0x00000000
SelectClipRgn - 0x0066CEF8 0x0026C748 0x0025FB48 0x00000000
ExtSelectClipRgn - 0x0066CEFC 0x0026C74C 0x0025FB4C 0x00000000
SelectObject - 0x0066CF00 0x0026C750 0x0025FB50 0x00000000
SelectPalette - 0x0066CF04 0x0026C754 0x0025FB54 0x00000000
SetBkColor - 0x0066CF08 0x0026C758 0x0025FB58 0x00000000
SetBkMode - 0x0066CF0C 0x0026C75C 0x0025FB5C 0x00000000
SetMapMode - 0x0066CF10 0x0026C760 0x0025FB60 0x00000000
SetPixel - 0x0066CF14 0x0026C764 0x0025FB64 0x00000000
SetPolyFillMode - 0x0066CF18 0x0026C768 0x0025FB68 0x00000000
StretchBlt - 0x0066CF1C 0x0026C76C 0x0025FB6C 0x00000000
SetRectRgn - 0x0066CF20 0x0026C770 0x0025FB70 0x00000000
SetROP2 - 0x0066CF24 0x0026C774 0x0025FB74 0x00000000
SetStretchBltMode - 0x0066CF28 0x0026C778 0x0025FB78 0x00000000
SetTextCharacterExtra - 0x0066CF2C 0x0026C77C 0x0025FB7C 0x00000000
SetTextColor - 0x0066CF30 0x0026C780 0x0025FB80 0x00000000
SetTextAlign - 0x0066CF34 0x0026C784 0x0025FB84 0x00000000
CreateDIBSection - 0x0066CF38 0x0026C788 0x0025FB88 0x00000000
SetArcDirection - 0x0066CF3C 0x0026C78C 0x0025FB8C 0x00000000
ExtCreatePen - 0x0066CF40 0x0026C790 0x0025FB90 0x00000000
MoveToEx - 0x0066CF44 0x0026C794 0x0025FB94 0x00000000
CreatePolygonRgn - 0x0066CF48 0x0026C798 0x0025FB98 0x00000000
DPtoLP - 0x0066CF4C 0x0026C79C 0x0025FB9C 0x00000000
LPtoDP - 0x0066CF50 0x0026C7A0 0x0025FBA0 0x00000000
Polygon - 0x0066CF54 0x0026C7A4 0x0025FBA4 0x00000000
Polyline - 0x0066CF58 0x0026C7A8 0x0025FBA8 0x00000000
PolyBezier - 0x0066CF5C 0x0026C7AC 0x0025FBAC 0x00000000
SetViewportExtEx - 0x0066CF60 0x0026C7B0 0x0025FBB0 0x00000000
SetViewportOrgEx - 0x0066CF64 0x0026C7B4 0x0025FBB4 0x00000000
SetWindowExtEx - 0x0066CF68 0x0026C7B8 0x0025FBB8 0x00000000
SetWindowOrgEx - 0x0066CF6C 0x0026C7BC 0x0025FBBC 0x00000000
OffsetViewportOrgEx - 0x0066CF70 0x0026C7C0 0x0025FBC0 0x00000000
SetBrushOrgEx - 0x0066CF74 0x0026C7C4 0x0025FBC4 0x00000000
GetDCOrgEx - 0x0066CF78 0x0026C7C8 0x0025FBC8 0x00000000
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeA - 0x0066CF80 0x0026C7D0 0x0025FBD0 0x00000000
GetFileVersionInfoA - 0x0066CF84 0x0026C7D4 0x0025FBD4 0x00000000
VerQueryValueA - 0x0066CF88 0x0026C7D8 0x0025FBD8 0x00000000
shell32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryFileA - 0x0066CF90 0x0026C7E0 0x0025FBE0 0x00000000
ShellExecuteA - 0x0066CF94 0x0026C7E4 0x0025FBE4 0x00000000
DragQueryFileW - 0x0066CF98 0x0026C7E8 0x0025FBE8 0x00000000
DragFinish - 0x0066CF9C 0x0026C7EC 0x0025FBEC 0x00000000
DragAcceptFiles - 0x0066CFA0 0x0026C7F0 0x0025FBF0 0x00000000
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleInitialize - 0x0066CFA8 0x0026C7F8 0x0025FBF8 0x00000000
OleUninitialize - 0x0066CFAC 0x0026C7FC 0x0025FBFC 0x00000000
comctl32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControls - 0x0066CFB4 0x0026C804 0x0025FC04 0x00000000
ImageList_Create - 0x0066CFB8 0x0026C808 0x0025FC08 0x00000000
ImageList_Destroy - 0x0066CFBC 0x0026C80C 0x0025FC0C 0x00000000
ImageList_GetImageCount - 0x0066CFC0 0x0026C810 0x0025FC10 0x00000000
ImageList_SetImageCount - 0x0066CFC4 0x0026C814 0x0025FC14 0x00000000
ImageList_Add - 0x0066CFC8 0x0026C818 0x0025FC18 0x00000000
ImageList_Replace - 0x0066CFCC 0x0026C81C 0x0025FC1C 0x00000000
ImageList_AddMasked - 0x0066CFD0 0x0026C820 0x0025FC20 0x00000000
ImageList_DrawEx - 0x0066CFD4 0x0026C824 0x0025FC24 0x00000000
ImageList_DrawIndirect - 0x0066CFD8 0x0026C828 0x0025FC28 0x00000000
ImageList_Remove - 0x0066CFDC 0x0026C82C 0x0025FC2C 0x00000000
ImageList_Copy - 0x0066CFE0 0x0026C830 0x0025FC30 0x00000000
ImageList_BeginDrag - 0x0066CFE4 0x0026C834 0x0025FC34 0x00000000
ImageList_EndDrag - 0x0066CFE8 0x0026C838 0x0025FC38 0x00000000
ImageList_DragEnter - 0x0066CFEC 0x0026C83C 0x0025FC3C 0x00000000
ImageList_DragLeave - 0x0066CFF0 0x0026C840 0x0025FC40 0x00000000
ImageList_DragMove - 0x0066CFF4 0x0026C844 0x0025FC44 0x00000000
ImageList_DragShowNolock - 0x0066CFF8 0x0026C848 0x0025FC48 0x00000000
_TrackMouseEvent - 0x0066CFFC 0x0026C84C 0x0025FC4C 0x00000000
ws2_32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
closesocket - 0x0066D004 0x0026C854 0x0025FC54 0x00000000
connect - 0x0066D008 0x0026C858 0x0025FC58 0x00000000
ioctlsocket - 0x0066D00C 0x0026C85C 0x0025FC5C 0x00000000
getsockopt - 0x0066D010 0x0026C860 0x0025FC60 0x00000000
recv - 0x0066D014 0x0026C864 0x0025FC64 0x00000000
select - 0x0066D018 0x0026C868 0x0025FC68 0x00000000
send - 0x0066D01C 0x0026C86C 0x0025FC6C 0x00000000
setsockopt - 0x0066D020 0x0026C870 0x0025FC70 0x00000000
shutdown - 0x0066D024 0x0026C874 0x0025FC74 0x00000000
socket - 0x0066D028 0x0026C878 0x0025FC78 0x00000000
WSAStartup - 0x0066D02C 0x0026C87C 0x0025FC7C 0x00000000
WSACleanup - 0x0066D030 0x0026C880 0x0025FC80 0x00000000
WSAGetLastError - 0x0066D034 0x0026C884 0x0025FC84 0x00000000
__WSAFDIsSet - 0x0066D038 0x0026C888 0x0025FC88 0x00000000
wsock32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
gethostbyaddr - 0x0066D040 0x0026C890 0x0025FC90 0x00000000
gethostbyname - 0x0066D044 0x0026C894 0x0025FC94 0x00000000
WSAStartup - 0x0066D048 0x0026C898 0x0025FC98 0x00000000
Memory Dumps (136)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
rdhj0cnfevzx% 3 0x00400000 0x00690FFF Relevant Image False 32-bit 0x0040FCC0 False
...
rdhj0cnfevzx% 6 0x00400000 0x00690FFF Relevant Image False 32-bit 0x0040FCC0 False
...
buffer 6 0x01891AC0 0x01892C57 Process Termination False 32-bit - False
...
buffer 6 0x01892C60 0x0189AC5F Process Termination False 32-bit - False
...
buffer 6 0x0189AC68 0x018A2C67 Process Termination False 32-bit - False
...
buffer 6 0x018A3478 0x018AB477 Process Termination False 32-bit - False
...
buffer 6 0x018AB480 0x018B347F Process Termination False 32-bit - False
...
buffer 6 0x018B3488 0x018BB487 Process Termination False 32-bit - False
...
buffer 6 0x018BB490 0x018C348F Process Termination False 32-bit - False
...
buffer 6 0x018C3498 0x01903497 Process Termination False 32-bit - False
...
buffer 6 0x019034A0 0x0190B49F Process Termination False 32-bit - False
...
buffer 6 0x0190B4A8 0x019134A7 Process Termination False 32-bit - False
...
buffer 6 0x019134B0 0x0191B4AF Process Termination False 32-bit - False
...
buffer 6 0x0191B4B8 0x019234B7 Process Termination False 32-bit - False
...
buffer 6 0x019234C0 0x0192B4BF Process Termination False 32-bit - False
...
buffer 6 0x0192B4C8 0x019334C7 Process Termination False 32-bit - False
...
buffer 6 0x01937748 0x0193F747 Process Termination False 32-bit - False
...
buffer 6 0x0193F750 0x0194774F Process Termination False 32-bit - False
...
buffer 6 0x01949348 0x01951347 Process Termination False 32-bit - False
...
buffer 6 0x01951350 0x0195934F Process Termination False 32-bit - False
...
buffer 6 0x0195CE88 0x01964E87 Process Termination False 32-bit - False
...
buffer 6 0x01964E90 0x0196CE8F Process Termination False 32-bit - False
...
buffer 6 0x0196CE98 0x01974E97 Process Termination False 32-bit - False
...
buffer 6 0x01975810 0x019769A7 Process Termination False 32-bit - False
...
buffer 6 0x040A0048 0x040E0047 Process Termination False 32-bit - False
...
buffer 6 0x040E0050 0x0412004F Process Termination False 32-bit - False
...
buffer 6 0x04120DF8 0x04160DF7 Process Termination False 32-bit - False
...
buffer 6 0x04163FC8 0x0416BFC7 Process Termination False 32-bit - False
...
buffer 6 0x0416BFD0 0x04173FCF Process Termination False 32-bit - False
...
buffer 6 0x041781C0 0x04179357 Process Termination False 32-bit - False
...
buffer 6 0x0417B780 0x0417C917 Process Termination False 32-bit - False
...
buffer 6 0x04180898 0x04181A2F Process Termination False 32-bit - False
...
buffer 6 0x08877B58 0x08878CEF Process Termination False 32-bit - False
...
buffer 6 0x08878CF8 0x08880CF7 Process Termination False 32-bit - False
...
buffer 6 0x08880D00 0x08888CFF Process Termination False 32-bit - False
...
buffer 6 0x08888D08 0x08890D07 Process Termination False 32-bit - False
...
buffer 6 0x08890D10 0x08898D0F Process Termination False 32-bit - False
...
buffer 6 0x088C1D48 0x088C9D47 Process Termination False 32-bit - False
...
buffer 6 0x088C9D50 0x088D1D4F Process Termination False 32-bit - False
...
buffer 6 0x088D1D58 0x08911D57 Process Termination False 32-bit - False
...
buffer 6 0x09EF8020 0x0A31801F Process Termination False 32-bit - False
...
buffer 6 0x0A326020 0x0A74601F Process Termination False 32-bit - False
...
rdhj0cnfevzx% 6 0x00400000 0x00690FFF Process Termination False 32-bit - False
...
rdhj0cnfevzx% 30 0x00400000 0x00690FFF Relevant Image False 32-bit 0x00454C60 False
...
buffer 30 0x01A71AA8 0x01A72C3F Process Termination False 32-bit - False
...
buffer 30 0x01A72C48 0x01A7AC47 Process Termination False 32-bit - False
...
buffer 30 0x01A7AC50 0x01A82C4F Process Termination False 32-bit - False
...
buffer 30 0x01A83460 0x01A8B45F Process Termination False 32-bit - False
...
buffer 30 0x01A8B468 0x01A93467 Process Termination False 32-bit - False
...
buffer 30 0x01A93470 0x01A9B46F Process Termination False 32-bit - False
...
buffer 30 0x01A9B478 0x01AA3477 Process Termination False 32-bit - False
...
buffer 30 0x01AA3480 0x01AE347F Process Termination False 32-bit - False
...
buffer 30 0x01AE3488 0x01AEB487 Process Termination False 32-bit - False
...
buffer 30 0x01AEB490 0x01AF348F Process Termination False 32-bit - False
...
buffer 30 0x01AF3498 0x01AFB497 Process Termination False 32-bit - False
...
buffer 30 0x01AFB4A0 0x01B0349F Process Termination False 32-bit - False
...
buffer 30 0x01B034A8 0x01B0B4A7 Process Termination False 32-bit - False
...
buffer 30 0x01B0B4B0 0x01B134AF Process Termination False 32-bit - False
...
buffer 30 0x01B17328 0x01B1F327 Process Termination False 32-bit - False
...
buffer 30 0x01B1F330 0x01B2732F Process Termination False 32-bit - False
...
buffer 30 0x01B29680 0x01B3167F Process Termination False 32-bit - False
...
buffer 30 0x01B31898 0x01B32A2F Process Termination False 32-bit - False
...
buffer 30 0x01B32E40 0x01B3AE3F Process Termination False 32-bit - False
...
buffer 30 0x01B3F468 0x01B47467 Process Termination False 32-bit - False
...
buffer 30 0x01B47470 0x01B4F46F Process Termination False 32-bit - False
...
buffer 30 0x01B4F478 0x01B57477 Process Termination False 32-bit - False
...
buffer 30 0x040F0048 0x04130047 Process Termination False 32-bit - False
...
buffer 30 0x04130050 0x0417004F Process Termination False 32-bit - False
...
buffer 30 0x04170058 0x041B0057 Process Termination False 32-bit - False
...
buffer 30 0x041B0E38 0x041B1FCF Process Termination False 32-bit - False
...
buffer 30 0x041B1FD8 0x041B9FD7 Process Termination False 32-bit - False
...
buffer 30 0x041B9FE0 0x041C1FDF Process Termination False 32-bit - False
...
buffer 30 0x041C3120 0x041C42B7 Process Termination False 32-bit - False
...
buffer 30 0x041CE1A0 0x041CF337 Process Termination False 32-bit - False
...
buffer 30 0x041CF790 0x041D0927 Process Termination False 32-bit - False
...
buffer 30 0x089A24F0 0x089A3687 Process Termination False 32-bit - False
...
buffer 30 0x089ABF70 0x089B3F6F Process Termination False 32-bit - False
...
buffer 30 0x089B5F80 0x089BDF7F Process Termination False 32-bit - False
...
buffer 30 0x089BDF88 0x089C5F87 Process Termination False 32-bit - False
...
buffer 30 0x089C5F90 0x089CDF8F Process Termination False 32-bit - False
...
buffer 30 0x089CDF98 0x089D5F97 Process Termination False 32-bit - False
...
buffer 30 0x089D5FA0 0x089DDF9F Process Termination False 32-bit - False
...
buffer 30 0x089DDFA8 0x089E5FA7 Process Termination False 32-bit - False
...
buffer 30 0x089E7150 0x089EF14F Process Termination False 32-bit - False
...
buffer 30 0x089EF158 0x089F7157 Process Termination False 32-bit - False
...
buffer 30 0x089FEFD0 0x08A06FCF Process Termination False 32-bit - False
...
buffer 30 0x08A06FD8 0x08A0EFD7 Process Termination False 32-bit - False
...
buffer 30 0x08A0EFE0 0x08A4EFDF Process Termination False 32-bit - False
...
buffer 30 0x08A4EFE8 0x08A56FE7 Process Termination False 32-bit - False
...
buffer 30 0x08A56FF0 0x08A5EFEF Process Termination False 32-bit - False
...
buffer 30 0x08A5EFF8 0x08A66FF7 Process Termination False 32-bit - False
...
buffer 30 0x08A67000 0x08A6EFFF Process Termination False 32-bit - False
...
buffer 30 0x08A73460 0x08A7B45F Process Termination False 32-bit - False
...
buffer 30 0x09BAD020 0x09DBD01F Process Termination False 32-bit - False
...
buffer 30 0x09DCC020 0x09FDC01F Process Termination False 32-bit - False
...
buffer 30 0x0A636020 0x0A85601F Process Termination False 32-bit - False
...
buffer 30 0x0BA77020 0x0BE9701F Process Termination False 32-bit - False
...
buffer 30 0x0BEAE020 0x0C0CE01F Process Termination False 32-bit - False
...
buffer 30 0x0C2E7020 0x0C70701F Process Termination False 32-bit - False
...
buffer 30 0x0CB47020 0x0CD6701F Process Termination False 32-bit - False
...
rdhj0cnfevzx% 30 0x00400000 0x00690FFF Process Termination False 32-bit - False
...
rdhj0cnfevzx% 53 0x00400000 0x00690FFF Relevant Image False 32-bit 0x00437260 False
...
buffer 53 0x01721AB0 0x01722C47 Final Dump False 32-bit - False
...
buffer 53 0x01722C50 0x0172AC4F Final Dump False 32-bit - False
...
buffer 53 0x0172AC58 0x01732C57 Final Dump False 32-bit - False
...
buffer 53 0x01733468 0x0173B467 Final Dump False 32-bit - False
...
buffer 53 0x0173B470 0x0174346F Final Dump False 32-bit - False
...
buffer 53 0x01743478 0x0174B477 Final Dump False 32-bit - False
...
buffer 53 0x0174B480 0x0175347F Final Dump False 32-bit - False
...
buffer 53 0x01753488 0x01793487 Final Dump False 32-bit - False
...
buffer 53 0x01793490 0x0179B48F Final Dump False 32-bit - False
...
buffer 53 0x0179B498 0x017A3497 Final Dump False 32-bit - False
...
buffer 53 0x017A34A0 0x017AB49F Final Dump False 32-bit - False
...
buffer 53 0x017AB4A8 0x017B34A7 Final Dump False 32-bit - False
...
buffer 53 0x017B34B0 0x017BB4AF Final Dump False 32-bit - False
...
buffer 53 0x017BB4B8 0x017C34B7 Final Dump False 32-bit - False
...
buffer 53 0x017C7AB8 0x017CFAB7 Final Dump False 32-bit - False
...
buffer 53 0x017CFAC0 0x017D7ABF Final Dump False 32-bit - False
...
buffer 53 0x017D9B48 0x017E1B47 Final Dump False 32-bit - False
...
buffer 53 0x017E1B50 0x017E9B4F Final Dump False 32-bit - False
...
buffer 53 0x017E9B58 0x017F1B57 Final Dump False 32-bit - False
...
buffer 53 0x017F54E8 0x017FD4E7 Final Dump False 32-bit - False
...
buffer 53 0x017FD4F0 0x018054EF Final Dump False 32-bit - False
...
buffer 53 0x018054F8 0x0180668F Final Dump False 32-bit - False
...
buffer 53 0x040E0048 0x04120047 Final Dump False 32-bit - False
...
buffer 53 0x04120050 0x0416004F Final Dump False 32-bit - False
...
buffer 53 0x04160FA0 0x041A0F9F Final Dump False 32-bit - False
...
buffer 53 0x041A0FA8 0x041A8FA7 Final Dump False 32-bit - False
...
buffer 53 0x041AC1A8 0x041B41A7 Final Dump False 32-bit - False
...
buffer 53 0x041B41B0 0x041BC1AF Final Dump False 32-bit - False
...
buffer 53 0x041BEFA0 0x041C0137 Final Dump False 32-bit - False
...
buffer 53 0x041C6050 0x041C71E7 Final Dump False 32-bit - False
...
buffer 53 0x041C7640 0x041C87D7 Final Dump False 32-bit - False
...
buffer 53 0x0889BB98 0x088A3B97 Final Dump False 32-bit - False
...
buffer 53 0x088A3BA0 0x088ABB9F Final Dump False 32-bit - False
...
rdhj0cnfevzx% 53 0x00400000 0x00690FFF Final Dump False 32-bit - False
...
C:\Users\RDhJ0CNFevzX\Desktop\oZDlZ.docx.exe Dropped File Empty
Malicious
...
  • Actions
»
Also Known As C:\Users\RDhJ0CNFevzX\grubb.dan (Accessed File, Dropped File)
C:\Users\RDhJ0CNFevzX\grubb.list (Accessed File, Dropped File)
MIME Type application/x-empty
File Size 0 Bytes (not extracted)
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\KaVBJI\dobaec.exe Dropped File Binary
Clean
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 4.12 MB
MD5 870340ef45eba76ef7803de412b3cd74 Copy to Clipboard
SHA1 1cd8f886178a08ae11862435c9e64422886e4207 Copy to Clipboard
SHA256 536b2aa3855bdb0df4491c48b29dc784e3d1fb736ef57d85a758006a20b791b1 Copy to Clipboard
SSDeep 98304:+R0pI/IQlUoMPdmpSpW4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmZ5n9klRKN41v Copy to Clipboard
ImpHash 1a611a7df1f3828b0157c4725145a721 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00402EC0
Size Of Code 0x00175A20
Size Of Initialized Data 0x0001CF44
Size Of Uninitialized Data 0x00009554
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:00 (UTC+1)
Version Information (10)
»
FileDescription System Devices Optimizer
InternalName Devices Optimus
ProductName Devices Optimus
ProductVersion 6.0.0.0
Comments -
CompanyName -
FileVersion 6.0.0.0
LegalCopyright -
LegalTrademarks -
OriginalFilename -
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00175A20 0x00175C00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.06
.data 0x00577000 0x0001CF44 0x0001D000 0x00176000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.24
.rdata 0x00594000 0x000CC170 0x000CC200 0x00193000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.21
.bss 0x00661000 0x00009554 0x00000000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.CRT 0x0066B000 0x0000000C 0x00000200 0x0025F200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.06
.idata 0x0066C000 0x000030DE 0x00003200 0x0025F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.19
.rsrc 0x00670000 0x000206BC 0x00020800 0x00262600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.0
Imports (11)
»
kernel32.dll (126)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStdHandle - 0x0066C8A0 0x0026C0F0 0x0025F4F0 0x00000000
GetConsoleMode - 0x0066C8A4 0x0026C0F4 0x0025F4F4 0x00000000
TlsGetValue - 0x0066C8A8 0x0026C0F8 0x0025F4F8 0x00000000
GetLastError - 0x0066C8AC 0x0026C0FC 0x0025F4FC 0x00000000
SetLastError - 0x0066C8B0 0x0026C100 0x0025F500 0x00000000
RaiseException - 0x0066C8B4 0x0026C104 0x0025F504 0x00000000
GetTickCount - 0x0066C8B8 0x0026C108 0x0025F508 0x00000000
ExitProcess - 0x0066C8BC 0x0026C10C 0x0025F50C 0x00000000
GetStartupInfoA - 0x0066C8C0 0x0026C110 0x0025F510 0x00000000
GetCommandLineA - 0x0066C8C4 0x0026C114 0x0025F514 0x00000000
GetCurrentProcessId - 0x0066C8C8 0x0026C118 0x0025F518 0x00000000
GetCurrentThreadId - 0x0066C8CC 0x0026C11C 0x0025F51C 0x00000000
GetCurrentProcess - 0x0066C8D0 0x0026C120 0x0025F520 0x00000000
ReadProcessMemory - 0x0066C8D4 0x0026C124 0x0025F524 0x00000000
GetModuleFileNameA - 0x0066C8D8 0x0026C128 0x0025F528 0x00000000
GetModuleHandleA - 0x0066C8DC 0x0026C12C 0x0025F52C 0x00000000
WriteFile - 0x0066C8E0 0x0026C130 0x0025F530 0x00000000
ReadFile - 0x0066C8E4 0x0026C134 0x0025F534 0x00000000
CloseHandle - 0x0066C8E8 0x0026C138 0x0025F538 0x00000000
SetFilePointer - 0x0066C8EC 0x0026C13C 0x0025F53C 0x00000000
SetEndOfFile - 0x0066C8F0 0x0026C140 0x0025F540 0x00000000
GetSystemInfo - 0x0066C8F4 0x0026C144 0x0025F544 0x00000000
LoadLibraryW - 0x0066C8F8 0x0026C148 0x0025F548 0x00000000
LoadLibraryA - 0x0066C8FC 0x0026C14C 0x0025F54C 0x00000000
GetProcAddress - 0x0066C900 0x0026C150 0x0025F550 0x00000000
FreeLibrary - 0x0066C904 0x0026C154 0x0025F554 0x00000000
FormatMessageW - 0x0066C908 0x0026C158 0x0025F558 0x00000000
DeleteFileW - 0x0066C90C 0x0026C15C 0x0025F55C 0x00000000
CreateFileW - 0x0066C910 0x0026C160 0x0025F560 0x00000000
GetFileAttributesW - 0x0066C914 0x0026C164 0x0025F564 0x00000000
CreateDirectoryW - 0x0066C918 0x0026C168 0x0025F568 0x00000000
GetCurrentDirectoryW - 0x0066C91C 0x0026C16C 0x0025F56C 0x00000000
GetFullPathNameW - 0x0066C920 0x0026C170 0x0025F570 0x00000000
GetConsoleOutputCP - 0x0066C924 0x0026C174 0x0025F574 0x00000000
GetOEMCP - 0x0066C928 0x0026C178 0x0025F578 0x00000000
GetProcessHeap - 0x0066C92C 0x0026C17C 0x0025F57C 0x00000000
HeapAlloc - 0x0066C930 0x0026C180 0x0025F580 0x00000000
HeapFree - 0x0066C934 0x0026C184 0x0025F584 0x00000000
TlsAlloc - 0x0066C938 0x0026C188 0x0025F588 0x00000000
TlsSetValue - 0x0066C93C 0x0026C18C 0x0025F58C 0x00000000
CreateThread - 0x0066C940 0x0026C190 0x0025F590 0x00000000
ExitThread - 0x0066C944 0x0026C194 0x0025F594 0x00000000
LocalAlloc - 0x0066C948 0x0026C198 0x0025F598 0x00000000
LocalFree - 0x0066C94C 0x0026C19C 0x0025F59C 0x00000000
Sleep - 0x0066C950 0x0026C1A0 0x0025F5A0 0x00000000
SuspendThread - 0x0066C954 0x0026C1A4 0x0025F5A4 0x00000000
ResumeThread - 0x0066C958 0x0026C1A8 0x0025F5A8 0x00000000
TerminateThread - 0x0066C95C 0x0026C1AC 0x0025F5AC 0x00000000
WaitForSingleObject - 0x0066C960 0x0026C1B0 0x0025F5B0 0x00000000
SetThreadPriority - 0x0066C964 0x0026C1B4 0x0025F5B4 0x00000000
GetThreadPriority - 0x0066C968 0x0026C1B8 0x0025F5B8 0x00000000
GetCurrentThread - 0x0066C96C 0x0026C1BC 0x0025F5BC 0x00000000
OpenThread - 0x0066C970 0x0026C1C0 0x0025F5C0 0x00000000
IsDebuggerPresent - 0x0066C974 0x0026C1C4 0x0025F5C4 0x00000000
CreateEventA - 0x0066C978 0x0026C1C8 0x0025F5C8 0x00000000
ResetEvent - 0x0066C97C 0x0026C1CC 0x0025F5CC 0x00000000
SetEvent - 0x0066C980 0x0026C1D0 0x0025F5D0 0x00000000
InitializeCriticalSection - 0x0066C984 0x0026C1D4 0x0025F5D4 0x00000000
DeleteCriticalSection - 0x0066C988 0x0026C1D8 0x0025F5D8 0x00000000
EnterCriticalSection - 0x0066C98C 0x0026C1DC 0x0025F5DC 0x00000000
LeaveCriticalSection - 0x0066C990 0x0026C1E0 0x0025F5E0 0x00000000
TryEnterCriticalSection - 0x0066C994 0x0026C1E4 0x0025F5E4 0x00000000
GetEnvironmentStringsW - 0x0066C998 0x0026C1E8 0x0025F5E8 0x00000000
FreeEnvironmentStringsW - 0x0066C99C 0x0026C1EC 0x0025F5EC 0x00000000
MultiByteToWideChar - 0x0066C9A0 0x0026C1F0 0x0025F5F0 0x00000000
WideCharToMultiByte - 0x0066C9A4 0x0026C1F4 0x0025F5F4 0x00000000
GetACP - 0x0066C9A8 0x0026C1F8 0x0025F5F8 0x00000000
GetConsoleCP - 0x0066C9AC 0x0026C1FC 0x0025F5FC 0x00000000
RtlUnwind - 0x0066C9B0 0x0026C200 0x0025F600 0x00000000
EnumResourceTypesA - 0x0066C9B4 0x0026C204 0x0025F604 0x00000000
EnumResourceNamesA - 0x0066C9B8 0x0026C208 0x0025F608 0x00000000
EnumResourceLanguagesA - 0x0066C9BC 0x0026C20C 0x0025F60C 0x00000000
FindResourceA - 0x0066C9C0 0x0026C210 0x0025F610 0x00000000
FindResourceExA - 0x0066C9C4 0x0026C214 0x0025F614 0x00000000
LoadResource - 0x0066C9C8 0x0026C218 0x0025F618 0x00000000
SizeofResource - 0x0066C9CC 0x0026C21C 0x0025F61C 0x00000000
LockResource - 0x0066C9D0 0x0026C220 0x0025F620 0x00000000
FreeResource - 0x0066C9D4 0x0026C224 0x0025F624 0x00000000
GetEnvironmentStringsA - 0x0066C9D8 0x0026C228 0x0025F628 0x00000000
FreeEnvironmentStringsA - 0x0066C9DC 0x0026C22C 0x0025F62C 0x00000000
FormatMessageA - 0x0066C9E0 0x0026C230 0x0025F630 0x00000000
GlobalAddAtomA - 0x0066C9E4 0x0026C234 0x0025F634 0x00000000
GetDriveTypeA - 0x0066C9E8 0x0026C238 0x0025F638 0x00000000
GetSystemDirectoryA - 0x0066C9EC 0x0026C23C 0x0025F63C 0x00000000
GetWindowsDirectoryA - 0x0066C9F0 0x0026C240 0x0025F640 0x00000000
GetDiskFreeSpaceA - 0x0066C9F4 0x0026C244 0x0025F644 0x00000000
DeleteFileA - 0x0066C9F8 0x0026C248 0x0025F648 0x00000000
GetVersionExA - 0x0066C9FC 0x0026C24C 0x0025F64C 0x00000000
CompareStringA - 0x0066CA00 0x0026C250 0x0025F650 0x00000000
GetLocaleInfoA - 0x0066CA04 0x0026C254 0x0025F654 0x00000000
GetDateFormatA - 0x0066CA08 0x0026C258 0x0025F658 0x00000000
EnumCalendarInfoA - 0x0066CA0C 0x0026C25C 0x0025F65C 0x00000000
GetModuleFileNameW - 0x0066CA10 0x0026C260 0x0025F660 0x00000000
GetCommandLineW - 0x0066CA14 0x0026C264 0x0025F664 0x00000000
SetFileAttributesW - 0x0066CA18 0x0026C268 0x0025F668 0x00000000
FindNextFileW - 0x0066CA1C 0x0026C26C 0x0025F66C 0x00000000
CompareStringW - 0x0066CA20 0x0026C270 0x0025F670 0x00000000
GetLocaleInfoW - 0x0066CA24 0x0026C274 0x0025F674 0x00000000
GetDateFormatW - 0x0066CA28 0x0026C278 0x0025F678 0x00000000
FindFirstFileExW - 0x0066CA2C 0x0026C27C 0x0025F67C 0x00000000
GlobalAlloc - 0x0066CA30 0x0026C280 0x0025F680 0x00000000
GlobalReAlloc - 0x0066CA34 0x0026C284 0x0025F684 0x00000000
GlobalSize - 0x0066CA38 0x0026C288 0x0025F688 0x00000000
GlobalLock - 0x0066CA3C 0x0026C28C 0x0025F68C 0x00000000
GlobalUnlock - 0x0066CA40 0x0026C290 0x0025F690 0x00000000
VirtualFree - 0x0066CA44 0x0026C294 0x0025F694 0x00000000
GetExitCodeProcess - 0x0066CA48 0x0026C298 0x0025F698 0x00000000
GlobalDeleteAtom - 0x0066CA4C 0x0026C29C 0x0025F69C 0x00000000
GetLogicalDrives - 0x0066CA50 0x0026C2A0 0x0025F6A0 0x00000000
DeviceIoControl - 0x0066CA54 0x0026C2A4 0x0025F6A4 0x00000000
FindClose - 0x0066CA58 0x0026C2A8 0x0025F6A8 0x00000000
WinExec - 0x0066CA5C 0x0026C2AC 0x0025F6AC 0x00000000
MulDiv - 0x0066CA60 0x0026C2B0 0x0025F6B0 0x00000000
GetLocalTime - 0x0066CA64 0x0026C2B4 0x0025F6B4 0x00000000
SystemTimeToTzSpecificLocalTime - 0x0066CA68 0x0026C2B8 0x0025F6B8 0x00000000
FileTimeToLocalFileTime - 0x0066CA6C 0x0026C2BC 0x0025F6BC 0x00000000
FileTimeToSystemTime - 0x0066CA70 0x0026C2C0 0x0025F6C0 0x00000000
FileTimeToDosDateTime - 0x0066CA74 0x0026C2C4 0x0025F6C4 0x00000000
PeekNamedPipe - 0x0066CA78 0x0026C2C8 0x0025F6C8 0x00000000
GetCPInfo - 0x0066CA7C 0x0026C2CC 0x0025F6CC 0x00000000
GetThreadLocale - 0x0066CA80 0x0026C2D0 0x0025F6D0 0x00000000
SetThreadLocale - 0x0066CA84 0x0026C2D4 0x0025F6D4 0x00000000
GetUserDefaultLCID - 0x0066CA88 0x0026C2D8 0x0025F6D8 0x00000000
CreateToolhelp32Snapshot - 0x0066CA8C 0x0026C2DC 0x0025F6DC 0x00000000
Process32First - 0x0066CA90 0x0026C2E0 0x0025F6E0 0x00000000
Process32Next - 0x0066CA94 0x0026C2E4 0x0025F6E4 0x00000000
oleaut32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocStringLen - 0x0066CA9C 0x0026C2EC 0x0025F6EC 0x00000000
SysFreeString - 0x0066CAA0 0x0026C2F0 0x0025F6F0 0x00000000
SysReAllocStringLen - 0x0066CAA4 0x0026C2F4 0x0025F6F4 0x00000000
SafeArrayCreate - 0x0066CAA8 0x0026C2F8 0x0025F6F8 0x00000000
SafeArrayRedim - 0x0066CAAC 0x0026C2FC 0x0025F6FC 0x00000000
SafeArrayGetUBound - 0x0066CAB0 0x0026C300 0x0025F700 0x00000000
SafeArrayGetLBound - 0x0066CAB4 0x0026C304 0x0025F704 0x00000000
SafeArrayAccessData - 0x0066CAB8 0x0026C308 0x0025F708 0x00000000
SafeArrayUnaccessData - 0x0066CABC 0x0026C30C 0x0025F70C 0x00000000
SafeArrayGetElement - 0x0066CAC0 0x0026C310 0x0025F710 0x00000000
SafeArrayPutElement - 0x0066CAC4 0x0026C314 0x0025F714 0x00000000
SafeArrayPtrOfIndex - 0x0066CAC8 0x0026C318 0x0025F718 0x00000000
VariantChangeTypeEx - 0x0066CACC 0x0026C31C 0x0025F71C 0x00000000
VariantClear - 0x0066CAD0 0x0026C320 0x0025F720 0x00000000
VariantCopy - 0x0066CAD4 0x0026C324 0x0025F724 0x00000000
VariantInit - 0x0066CAD8 0x0026C328 0x0025F728 0x00000000
user32.dll (178)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA - 0x0066CAE0 0x0026C330 0x0025F730 0x00000000
CharUpperBuffW - 0x0066CAE4 0x0026C334 0x0025F734 0x00000000
CharLowerBuffW - 0x0066CAE8 0x0026C338 0x0025F738 0x00000000
SendMessageA - 0x0066CAEC 0x0026C33C 0x0025F73C 0x00000000
PostMessageA - 0x0066CAF0 0x0026C340 0x0025F740 0x00000000
DefWindowProcA - 0x0066CAF4 0x0026C344 0x0025F744 0x00000000
CallWindowProcA - 0x0066CAF8 0x0026C348 0x0025F748 0x00000000
RegisterClassA - 0x0066CAFC 0x0026C34C 0x0025F74C 0x00000000
UnregisterClassA - 0x0066CB00 0x0026C350 0x0025F750 0x00000000
GetClassInfoA - 0x0066CB04 0x0026C354 0x0025F754 0x00000000
CreateWindowExA - 0x0066CB08 0x0026C358 0x0025F758 0x00000000
RegisterClipboardFormatA - 0x0066CB0C 0x0026C35C 0x0025F75C 0x00000000
GetClipboardFormatNameA - 0x0066CB10 0x0026C360 0x0025F760 0x00000000
CharToOemA - 0x0066CB14 0x0026C364 0x0025F764 0x00000000
CharUpperA - 0x0066CB18 0x0026C368 0x0025F768 0x00000000
CharUpperBuffA - 0x0066CB1C 0x0026C36C 0x0025F76C 0x00000000
CharLowerA - 0x0066CB20 0x0026C370 0x0025F770 0x00000000
CharLowerBuffA - 0x0066CB24 0x0026C374 0x0025F774 0x00000000
GetMenuItemInfoA - 0x0066CB28 0x0026C378 0x0025F778 0x00000000
SetPropA - 0x0066CB2C 0x0026C37C 0x0025F77C 0x00000000
GetPropA - 0x0066CB30 0x0026C380 0x0025F780 0x00000000
RemovePropA - 0x0066CB34 0x0026C384 0x0025F784 0x00000000
EnumPropsA - 0x0066CB38 0x0026C388 0x0025F788 0x00000000
GetWindowLongA - 0x0066CB3C 0x0026C38C 0x0025F78C 0x00000000
SetWindowLongA - 0x0066CB40 0x0026C390 0x0025F790 0x00000000
GetClassLongA - 0x0066CB44 0x0026C394 0x0025F794 0x00000000
SetClassLongA - 0x0066CB48 0x0026C398 0x0025F798 0x00000000
GetClassNameA - 0x0066CB4C 0x0026C39C 0x0025F79C 0x00000000
LoadBitmapA - 0x0066CB50 0x0026C3A0 0x0025F7A0 0x00000000
LoadCursorA - 0x0066CB54 0x0026C3A4 0x0025F7A4 0x00000000
LoadIconA - 0x0066CB58 0x0026C3A8 0x0025F7A8 0x00000000
LoadImageA - 0x0066CB5C 0x0026C3AC 0x0025F7AC 0x00000000
SystemParametersInfoA - 0x0066CB60 0x0026C3B0 0x0025F7B0 0x00000000
DispatchMessageW - 0x0066CB64 0x0026C3B4 0x0025F7B4 0x00000000
PeekMessageW - 0x0066CB68 0x0026C3B8 0x0025F7B8 0x00000000
SendMessageW - 0x0066CB6C 0x0026C3BC 0x0025F7BC 0x00000000
DefWindowProcW - 0x0066CB70 0x0026C3C0 0x0025F7C0 0x00000000
CallWindowProcW - 0x0066CB74 0x0026C3C4 0x0025F7C4 0x00000000
RegisterClassW - 0x0066CB78 0x0026C3C8 0x0025F7C8 0x00000000
UnregisterClassW - 0x0066CB7C 0x0026C3CC 0x0025F7CC 0x00000000
GetClassInfoW - 0x0066CB80 0x0026C3D0 0x0025F7D0 0x00000000
CreateWindowExW - 0x0066CB84 0x0026C3D4 0x0025F7D4 0x00000000
InsertMenuItemW - 0x0066CB88 0x0026C3D8 0x0025F7D8 0x00000000
GetMenuItemInfoW - 0x0066CB8C 0x0026C3DC 0x0025F7DC 0x00000000
SetMenuItemInfoW - 0x0066CB90 0x0026C3E0 0x0025F7E0 0x00000000
DrawTextW - 0x0066CB94 0x0026C3E4 0x0025F7E4 0x00000000
DrawStateW - 0x0066CB98 0x0026C3E8 0x0025F7E8 0x00000000
SetWindowTextW - 0x0066CB9C 0x0026C3EC 0x0025F7EC 0x00000000
GetWindowTextW - 0x0066CBA0 0x0026C3F0 0x0025F7F0 0x00000000
GetWindowTextLengthW - 0x0066CBA4 0x0026C3F4 0x0025F7F4 0x00000000
MessageBoxW - 0x0066CBA8 0x0026C3F8 0x0025F7F8 0x00000000
GetWindowLongW - 0x0066CBAC 0x0026C3FC 0x0025F7FC 0x00000000
SetWindowLongW - 0x0066CBB0 0x0026C400 0x0025F800 0x00000000
DefFrameProcW - 0x0066CBB4 0x0026C404 0x0025F804 0x00000000
DefMDIChildProcW - 0x0066CBB8 0x0026C408 0x0025F808 0x00000000
TranslateMessage - 0x0066CBBC 0x0026C40C 0x0025F80C 0x00000000
PostQuitMessage - 0x0066CBC0 0x0026C410 0x0025F810 0x00000000
GetDoubleClickTime - 0x0066CBC4 0x0026C414 0x0025F814 0x00000000
IsWindow - 0x0066CBC8 0x0026C418 0x0025F818 0x00000000
IsMenu - 0x0066CBCC 0x0026C41C 0x0025F81C 0x00000000
DestroyWindow - 0x0066CBD0 0x0026C420 0x0025F820 0x00000000
ShowWindow - 0x0066CBD4 0x0026C424 0x0025F824 0x00000000
ShowWindowAsync - 0x0066CBD8 0x0026C428 0x0025F828 0x00000000
ShowOwnedPopups - 0x0066CBDC 0x0026C42C 0x0025F82C 0x00000000
MoveWindow - 0x0066CBE0 0x0026C430 0x0025F830 0x00000000
SetWindowPos - 0x0066CBE4 0x0026C434 0x0025F834 0x00000000
GetWindowPlacement - 0x0066CBE8 0x0026C438 0x0025F838 0x00000000
SetWindowPlacement - 0x0066CBEC 0x0026C43C 0x0025F83C 0x00000000
BeginDeferWindowPos - 0x0066CBF0 0x0026C440 0x0025F840 0x00000000
DeferWindowPos - 0x0066CBF4 0x0026C444 0x0025F844 0x00000000
EndDeferWindowPos - 0x0066CBF8 0x0026C448 0x0025F848 0x00000000
IsWindowVisible - 0x0066CBFC 0x0026C44C 0x0025F84C 0x00000000
IsIconic - 0x0066CC00 0x0026C450 0x0025F850 0x00000000
BringWindowToTop - 0x0066CC04 0x0026C454 0x0025F854 0x00000000
IsZoomed - 0x0066CC08 0x0026C458 0x0025F858 0x00000000
OpenClipboard - 0x0066CC0C 0x0026C45C 0x0025F85C 0x00000000
CloseClipboard - 0x0066CC10 0x0026C460 0x0025F860 0x00000000
SetClipboardData - 0x0066CC14 0x0026C464 0x0025F864 0x00000000
GetClipboardData - 0x0066CC18 0x0026C468 0x0025F868 0x00000000
CountClipboardFormats - 0x0066CC1C 0x0026C46C 0x0025F86C 0x00000000
EnumClipboardFormats - 0x0066CC20 0x0026C470 0x0025F870 0x00000000
EmptyClipboard - 0x0066CC24 0x0026C474 0x0025F874 0x00000000
IsClipboardFormatAvailable - 0x0066CC28 0x0026C478 0x0025F878 0x00000000
SetFocus - 0x0066CC2C 0x0026C47C 0x0025F87C 0x00000000
GetActiveWindow - 0x0066CC30 0x0026C480 0x0025F880 0x00000000
GetFocus - 0x0066CC34 0x0026C484 0x0025F884 0x00000000
GetKeyState - 0x0066CC38 0x0026C488 0x0025F888 0x00000000
GetCapture - 0x0066CC3C 0x0026C48C 0x0025F88C 0x00000000
SetCapture - 0x0066CC40 0x0026C490 0x0025F890 0x00000000
ReleaseCapture - 0x0066CC44 0x0026C494 0x0025F894 0x00000000
MsgWaitForMultipleObjects - 0x0066CC48 0x0026C498 0x0025F898 0x00000000
SetTimer - 0x0066CC4C 0x0026C49C 0x0025F89C 0x00000000
KillTimer - 0x0066CC50 0x0026C4A0 0x0025F8A0 0x00000000
EnableWindow - 0x0066CC54 0x0026C4A4 0x0025F8A4 0x00000000
IsWindowEnabled - 0x0066CC58 0x0026C4A8 0x0025F8A8 0x00000000
GetSystemMetrics - 0x0066CC5C 0x0026C4AC 0x0025F8AC 0x00000000
GetMenu - 0x0066CC60 0x0026C4B0 0x0025F8B0 0x00000000
SetMenu - 0x0066CC64 0x0026C4B4 0x0025F8B4 0x00000000
DrawMenuBar - 0x0066CC68 0x0026C4B8 0x0025F8B8 0x00000000
GetSystemMenu - 0x0066CC6C 0x0026C4BC 0x0025F8BC 0x00000000
CreateMenu - 0x0066CC70 0x0026C4C0 0x0025F8C0 0x00000000
CreatePopupMenu - 0x0066CC74 0x0026C4C4 0x0025F8C4 0x00000000
DestroyMenu - 0x0066CC78 0x0026C4C8 0x0025F8C8 0x00000000
EnableMenuItem - 0x0066CC7C 0x0026C4CC 0x0025F8CC 0x00000000
GetSubMenu - 0x0066CC80 0x0026C4D0 0x0025F8D0 0x00000000
GetMenuItemCount - 0x0066CC84 0x0026C4D4 0x0025F8D4 0x00000000
RemoveMenu - 0x0066CC88 0x0026C4D8 0x0025F8D8 0x00000000
DeleteMenu - 0x0066CC8C 0x0026C4DC 0x0025F8DC 0x00000000
GetMenuItemRect - 0x0066CC90 0x0026C4E0 0x0025F8E0 0x00000000
UpdateWindow - 0x0066CC94 0x0026C4E4 0x0025F8E4 0x00000000
SetActiveWindow - 0x0066CC98 0x0026C4E8 0x0025F8E8 0x00000000
GetForegroundWindow - 0x0066CC9C 0x0026C4EC 0x0025F8EC 0x00000000
SetForegroundWindow - 0x0066CCA0 0x0026C4F0 0x0025F8F0 0x00000000
WindowFromDC - 0x0066CCA4 0x0026C4F4 0x0025F8F4 0x00000000
GetDC - 0x0066CCA8 0x0026C4F8 0x0025F8F8 0x00000000
GetDCEx - 0x0066CCAC 0x0026C4FC 0x0025F8FC 0x00000000
GetWindowDC - 0x0066CCB0 0x0026C500 0x0025F900 0x00000000
ReleaseDC - 0x0066CCB4 0x0026C504 0x0025F904 0x00000000
BeginPaint - 0x0066CCB8 0x0026C508 0x0025F908 0x00000000
EndPaint - 0x0066CCBC 0x0026C50C 0x0025F90C 0x00000000
GetUpdateRect - 0x0066CCC0 0x0026C510 0x0025F910 0x00000000
SetWindowRgn - 0x0066CCC4 0x0026C514 0x0025F914 0x00000000
InvalidateRect - 0x0066CCC8 0x0026C518 0x0025F918 0x00000000
InvalidateRgn - 0x0066CCCC 0x0026C51C 0x0025F91C 0x00000000
RedrawWindow - 0x0066CCD0 0x0026C520 0x0025F920 0x00000000
ScrollWindowEx - 0x0066CCD4 0x0026C524 0x0025F924 0x00000000
ShowScrollBar - 0x0066CCD8 0x0026C528 0x0025F928 0x00000000
EnableScrollBar - 0x0066CCDC 0x0026C52C 0x0025F92C 0x00000000
GetClientRect - 0x0066CCE0 0x0026C530 0x0025F930 0x00000000
GetWindowRect - 0x0066CCE4 0x0026C534 0x0025F934 0x00000000
AdjustWindowRectEx - 0x0066CCE8 0x0026C538 0x0025F938 0x00000000
MessageBeep - 0x0066CCEC 0x0026C53C 0x0025F93C 0x00000000
SetCursorPos - 0x0066CCF0 0x0026C540 0x0025F940 0x00000000
SetCursor - 0x0066CCF4 0x0026C544 0x0025F944 0x00000000
GetCursorPos - 0x0066CCF8 0x0026C548 0x0025F948 0x00000000
CreateCaret - 0x0066CCFC 0x0026C54C 0x0025F94C 0x00000000
DestroyCaret - 0x0066CD00 0x0026C550 0x0025F950 0x00000000
HideCaret - 0x0066CD04 0x0026C554 0x0025F954 0x00000000
ShowCaret - 0x0066CD08 0x0026C558 0x0025F958 0x00000000
SetCaretPos - 0x0066CD0C 0x0026C55C 0x0025F95C 0x00000000
GetCaretPos - 0x0066CD10 0x0026C560 0x0025F960 0x00000000
ClientToScreen - 0x0066CD14 0x0026C564 0x0025F964 0x00000000
ScreenToClient - 0x0066CD18 0x0026C568 0x0025F968 0x00000000
MapWindowPoints - 0x0066CD1C 0x0026C56C 0x0025F96C 0x00000000
WindowFromPoint - 0x0066CD20 0x0026C570 0x0025F970 0x00000000
GetSysColor - 0x0066CD24 0x0026C574 0x0025F974 0x00000000
GetSysColorBrush - 0x0066CD28 0x0026C578 0x0025F978 0x00000000
SetSysColors - 0x0066CD2C 0x0026C57C 0x0025F97C 0x00000000
DrawFocusRect - 0x0066CD30 0x0026C580 0x0025F980 0x00000000
FillRect - 0x0066CD34 0x0026C584 0x0025F984 0x00000000
FrameRect - 0x0066CD38 0x0026C588 0x0025F988 0x00000000
SetRect - 0x0066CD3C 0x0026C58C 0x0025F98C 0x00000000
InflateRect - 0x0066CD40 0x0026C590 0x0025F990 0x00000000
IntersectRect - 0x0066CD44 0x0026C594 0x0025F994 0x00000000
OffsetRect - 0x0066CD48 0x0026C598 0x0025F998 0x00000000
GetDesktopWindow - 0x0066CD4C 0x0026C59C 0x0025F99C 0x00000000
GetParent - 0x0066CD50 0x0026C5A0 0x0025F9A0 0x00000000
SetParent - 0x0066CD54 0x0026C5A4 0x0025F9A4 0x00000000
EnumThreadWindows - 0x0066CD58 0x0026C5A8 0x0025F9A8 0x00000000
GetTopWindow - 0x0066CD5C 0x0026C5AC 0x0025F9AC 0x00000000
GetWindowThreadProcessId - 0x0066CD60 0x0026C5B0 0x0025F9B0 0x00000000
GetLastActivePopup - 0x0066CD64 0x0026C5B4 0x0025F9B4 0x00000000
GetWindow - 0x0066CD68 0x0026C5B8 0x0025F9B8 0x00000000
CallNextHookEx - 0x0066CD6C 0x0026C5BC 0x0025F9BC 0x00000000
DestroyCursor - 0x0066CD70 0x0026C5C0 0x0025F9C0 0x00000000
DestroyIcon - 0x0066CD74 0x0026C5C4 0x0025F9C4 0x00000000
CopyImage - 0x0066CD78 0x0026C5C8 0x0025F9C8 0x00000000
CreateIconIndirect - 0x0066CD7C 0x0026C5CC 0x0025F9CC 0x00000000
GetIconInfo - 0x0066CD80 0x0026C5D0 0x0025F9D0 0x00000000
SetScrollInfo - 0x0066CD84 0x0026C5D4 0x0025F9D4 0x00000000
GetScrollInfo - 0x0066CD88 0x0026C5D8 0x0025F9D8 0x00000000
TranslateMDISysAccel - 0x0066CD8C 0x0026C5DC 0x0025F9DC 0x00000000
DrawEdge - 0x0066CD90 0x0026C5E0 0x0025F9E0 0x00000000
DrawFrameControl - 0x0066CD94 0x0026C5E4 0x0025F9E4 0x00000000
TrackPopupMenuEx - 0x0066CD98 0x0026C5E8 0x0025F9E8 0x00000000
ChildWindowFromPointEx - 0x0066CD9C 0x0026C5EC 0x0025F9EC 0x00000000
DrawIconEx - 0x0066CDA0 0x0026C5F0 0x0025F9F0 0x00000000
FlashWindowEx - 0x0066CDA4 0x0026C5F4 0x0025F9F4 0x00000000
advapi32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserNameA - 0x0066CDAC 0x0026C5FC 0x0025F9FC 0x00000000
RegSetValueExW - 0x0066CDB0 0x0026C600 0x0025FA00 0x00000000
RegQueryValueExW - 0x0066CDB4 0x0026C604 0x0025FA04 0x00000000
RegCreateKeyExW - 0x0066CDB8 0x0026C608 0x0025FA08 0x00000000
RegOpenKeyExW - 0x0066CDBC 0x0026C60C 0x0025FA0C 0x00000000
RegCloseKey - 0x0066CDC0 0x0026C610 0x0025FA10 0x00000000
RegFlushKey - 0x0066CDC4 0x0026C614 0x0025FA14 0x00000000
gdi32.dll (108)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontIndirectA - 0x0066CDCC 0x0026C61C 0x0025FA1C 0x00000000
EnumFontFamiliesA - 0x0066CDD0 0x0026C620 0x0025FA20 0x00000000
GetCharABCWidthsA - 0x0066CDD4 0x0026C624 0x0025FA24 0x00000000
GetTextExtentPointA - 0x0066CDD8 0x0026C628 0x0025FA28 0x00000000
GetTextMetricsA - 0x0066CDDC 0x0026C62C 0x0025FA2C 0x00000000
GetObjectA - 0x0066CDE0 0x0026C630 0x0025FA30 0x00000000
ExtTextOutA - 0x0066CDE4 0x0026C634 0x0025FA34 0x00000000
CreateFontIndirectW - 0x0066CDE8 0x0026C638 0x0025FA38 0x00000000
EnumFontFamiliesExW - 0x0066CDEC 0x0026C63C 0x0025FA3C 0x00000000
GetCharABCWidthsW - 0x0066CDF0 0x0026C640 0x0025FA40 0x00000000
GetTextExtentPoint32W - 0x0066CDF4 0x0026C644 0x0025FA44 0x00000000
GetTextExtentExPointW - 0x0066CDF8 0x0026C648 0x0025FA48 0x00000000
GetObjectW - 0x0066CDFC 0x0026C64C 0x0025FA4C 0x00000000
TextOutW - 0x0066CE00 0x0026C650 0x0025FA50 0x00000000
ExtTextOutW - 0x0066CE04 0x0026C654 0x0025FA54 0x00000000
GetRandomRgn - 0x0066CE08 0x0026C658 0x0025FA58 0x00000000
Arc - 0x0066CE0C 0x0026C65C 0x0025FA5C 0x00000000
BitBlt - 0x0066CE10 0x0026C660 0x0025FA60 0x00000000
Chord - 0x0066CE14 0x0026C664 0x0025FA64 0x00000000
CombineRgn - 0x0066CE18 0x0026C668 0x0025FA68 0x00000000
CreateBitmap - 0x0066CE1C 0x0026C66C 0x0025FA6C 0x00000000
CreateBrushIndirect - 0x0066CE20 0x0026C670 0x0025FA70 0x00000000
CreateCompatibleBitmap - 0x0066CE24 0x0026C674 0x0025FA74 0x00000000
CreateCompatibleDC - 0x0066CE28 0x0026C678 0x0025FA78 0x00000000
CreateDIBitmap - 0x0066CE2C 0x0026C67C 0x0025FA7C 0x00000000
CreateEllipticRgn - 0x0066CE30 0x0026C680 0x0025FA80 0x00000000
CreatePen - 0x0066CE34 0x0026C684 0x0025FA84 0x00000000
CreatePenIndirect - 0x0066CE38 0x0026C688 0x0025FA88 0x00000000
CreatePatternBrush - 0x0066CE3C 0x0026C68C 0x0025FA8C 0x00000000
CreateRectRgn - 0x0066CE40 0x0026C690 0x0025FA90 0x00000000
CreateRoundRectRgn - 0x0066CE44 0x0026C694 0x0025FA94 0x00000000
CreateSolidBrush - 0x0066CE48 0x0026C698 0x0025FA98 0x00000000
DeleteDC - 0x0066CE4C 0x0026C69C 0x0025FA9C 0x00000000
DeleteObject - 0x0066CE50 0x0026C6A0 0x0025FAA0 0x00000000
Ellipse - 0x0066CE54 0x0026C6A4 0x0025FAA4 0x00000000
EqualRgn - 0x0066CE58 0x0026C6A8 0x0025FAA8 0x00000000
ExcludeClipRect - 0x0066CE5C 0x0026C6AC 0x0025FAAC 0x00000000
ExtCreateRegion - 0x0066CE60 0x0026C6B0 0x0025FAB0 0x00000000
ExtFloodFill - 0x0066CE64 0x0026C6B4 0x0025FAB4 0x00000000
FillRgn - 0x0066CE68 0x0026C6B8 0x0025FAB8 0x00000000
GetROP2 - 0x0066CE6C 0x0026C6BC 0x0025FABC 0x00000000
GetBkColor - 0x0066CE70 0x0026C6C0 0x0025FAC0 0x00000000
GetBitmapBits - 0x0066CE74 0x0026C6C4 0x0025FAC4 0x00000000
GetClipBox - 0x0066CE78 0x0026C6C8 0x0025FAC8 0x00000000
GetClipRgn - 0x0066CE7C 0x0026C6CC 0x0025FACC 0x00000000
GetCurrentObject - 0x0066CE80 0x0026C6D0 0x0025FAD0 0x00000000
GetDeviceCaps - 0x0066CE84 0x0026C6D4 0x0025FAD4 0x00000000
GetDIBits - 0x0066CE88 0x0026C6D8 0x0025FAD8 0x00000000
GetMapMode - 0x0066CE8C 0x0026C6DC 0x0025FADC 0x00000000
GetObjectType - 0x0066CE90 0x0026C6E0 0x0025FAE0 0x00000000
GetPixel - 0x0066CE94 0x0026C6E4 0x0025FAE4 0x00000000
GetRegionData - 0x0066CE98 0x0026C6E8 0x0025FAE8 0x00000000
GetRgnBox - 0x0066CE9C 0x0026C6EC 0x0025FAEC 0x00000000
GetStockObject - 0x0066CEA0 0x0026C6F0 0x0025FAF0 0x00000000
GetTextAlign - 0x0066CEA4 0x0026C6F4 0x0025FAF4 0x00000000
GetTextColor - 0x0066CEA8 0x0026C6F8 0x0025FAF8 0x00000000
GetViewportExtEx - 0x0066CEAC 0x0026C6FC 0x0025FAFC 0x00000000
GetViewportOrgEx - 0x0066CEB0 0x0026C700 0x0025FB00 0x00000000
GetWindowExtEx - 0x0066CEB4 0x0026C704 0x0025FB04 0x00000000
GetWindowOrgEx - 0x0066CEB8 0x0026C708 0x0025FB08 0x00000000
IntersectClipRect - 0x0066CEBC 0x0026C70C 0x0025FB0C 0x00000000
LineTo - 0x0066CEC0 0x0026C710 0x0025FB10 0x00000000
MaskBlt - 0x0066CEC4 0x0026C714 0x0025FB14 0x00000000
OffsetRgn - 0x0066CEC8 0x0026C718 0x0025FB18 0x00000000
PatBlt - 0x0066CECC 0x0026C71C 0x0025FB1C 0x00000000
Pie - 0x0066CED0 0x0026C720 0x0025FB20 0x00000000
PaintRgn - 0x0066CED4 0x0026C724 0x0025FB24 0x00000000
PtInRegion - 0x0066CED8 0x0026C728 0x0025FB28 0x00000000
RectInRegion - 0x0066CEDC 0x0026C72C 0x0025FB2C 0x00000000
RectVisible - 0x0066CEE0 0x0026C730 0x0025FB30 0x00000000
Rectangle - 0x0066CEE4 0x0026C734 0x0025FB34 0x00000000
RestoreDC - 0x0066CEE8 0x0026C738 0x0025FB38 0x00000000
RealizePalette - 0x0066CEEC 0x0026C73C 0x0025FB3C 0x00000000
RoundRect - 0x0066CEF0 0x0026C740 0x0025FB40 0x00000000
SaveDC - 0x0066CEF4 0x0026C744 0x0025FB44 0x00000000
SelectClipRgn - 0x0066CEF8 0x0026C748 0x0025FB48 0x00000000
ExtSelectClipRgn - 0x0066CEFC 0x0026C74C 0x0025FB4C 0x00000000
SelectObject - 0x0066CF00 0x0026C750 0x0025FB50 0x00000000
SelectPalette - 0x0066CF04 0x0026C754 0x0025FB54 0x00000000
SetBkColor - 0x0066CF08 0x0026C758 0x0025FB58 0x00000000
SetBkMode - 0x0066CF0C 0x0026C75C 0x0025FB5C 0x00000000
SetMapMode - 0x0066CF10 0x0026C760 0x0025FB60 0x00000000
SetPixel - 0x0066CF14 0x0026C764 0x0025FB64 0x00000000
SetPolyFillMode - 0x0066CF18 0x0026C768 0x0025FB68 0x00000000
StretchBlt - 0x0066CF1C 0x0026C76C 0x0025FB6C 0x00000000
SetRectRgn - 0x0066CF20 0x0026C770 0x0025FB70 0x00000000
SetROP2 - 0x0066CF24 0x0026C774 0x0025FB74 0x00000000
SetStretchBltMode - 0x0066CF28 0x0026C778 0x0025FB78 0x00000000
SetTextCharacterExtra - 0x0066CF2C 0x0026C77C 0x0025FB7C 0x00000000
SetTextColor - 0x0066CF30 0x0026C780 0x0025FB80 0x00000000
SetTextAlign - 0x0066CF34 0x0026C784 0x0025FB84 0x00000000
CreateDIBSection - 0x0066CF38 0x0026C788 0x0025FB88 0x00000000
SetArcDirection - 0x0066CF3C 0x0026C78C 0x0025FB8C 0x00000000
ExtCreatePen - 0x0066CF40 0x0026C790 0x0025FB90 0x00000000
MoveToEx - 0x0066CF44 0x0026C794 0x0025FB94 0x00000000
CreatePolygonRgn - 0x0066CF48 0x0026C798 0x0025FB98 0x00000000
DPtoLP - 0x0066CF4C 0x0026C79C 0x0025FB9C 0x00000000
LPtoDP - 0x0066CF50 0x0026C7A0 0x0025FBA0 0x00000000
Polygon - 0x0066CF54 0x0026C7A4 0x0025FBA4 0x00000000
Polyline - 0x0066CF58 0x0026C7A8 0x0025FBA8 0x00000000
PolyBezier - 0x0066CF5C 0x0026C7AC 0x0025FBAC 0x00000000
SetViewportExtEx - 0x0066CF60 0x0026C7B0 0x0025FBB0 0x00000000
SetViewportOrgEx - 0x0066CF64 0x0026C7B4 0x0025FBB4 0x00000000
SetWindowExtEx - 0x0066CF68 0x0026C7B8 0x0025FBB8 0x00000000
SetWindowOrgEx - 0x0066CF6C 0x0026C7BC 0x0025FBBC 0x00000000
OffsetViewportOrgEx - 0x0066CF70 0x0026C7C0 0x0025FBC0 0x00000000
SetBrushOrgEx - 0x0066CF74 0x0026C7C4 0x0025FBC4 0x00000000
GetDCOrgEx - 0x0066CF78 0x0026C7C8 0x0025FBC8 0x00000000
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeA - 0x0066CF80 0x0026C7D0 0x0025FBD0 0x00000000
GetFileVersionInfoA - 0x0066CF84 0x0026C7D4 0x0025FBD4 0x00000000
VerQueryValueA - 0x0066CF88 0x0026C7D8 0x0025FBD8 0x00000000
shell32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryFileA - 0x0066CF90 0x0026C7E0 0x0025FBE0 0x00000000
ShellExecuteA - 0x0066CF94 0x0026C7E4 0x0025FBE4 0x00000000
DragQueryFileW - 0x0066CF98 0x0026C7E8 0x0025FBE8 0x00000000
DragFinish - 0x0066CF9C 0x0026C7EC 0x0025FBEC 0x00000000
DragAcceptFiles - 0x0066CFA0 0x0026C7F0 0x0025FBF0 0x00000000
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleInitialize - 0x0066CFA8 0x0026C7F8 0x0025FBF8 0x00000000
OleUninitialize - 0x0066CFAC 0x0026C7FC 0x0025FBFC 0x00000000
comctl32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControls - 0x0066CFB4 0x0026C804 0x0025FC04 0x00000000
ImageList_Create - 0x0066CFB8 0x0026C808 0x0025FC08 0x00000000
ImageList_Destroy - 0x0066CFBC 0x0026C80C 0x0025FC0C 0x00000000
ImageList_GetImageCount - 0x0066CFC0 0x0026C810 0x0025FC10 0x00000000
ImageList_SetImageCount - 0x0066CFC4 0x0026C814 0x0025FC14 0x00000000
ImageList_Add - 0x0066CFC8 0x0026C818 0x0025FC18 0x00000000
ImageList_Replace - 0x0066CFCC 0x0026C81C 0x0025FC1C 0x00000000
ImageList_AddMasked - 0x0066CFD0 0x0026C820 0x0025FC20 0x00000000
ImageList_DrawEx - 0x0066CFD4 0x0026C824 0x0025FC24 0x00000000
ImageList_DrawIndirect - 0x0066CFD8 0x0026C828 0x0025FC28 0x00000000
ImageList_Remove - 0x0066CFDC 0x0026C82C 0x0025FC2C 0x00000000
ImageList_Copy - 0x0066CFE0 0x0026C830 0x0025FC30 0x00000000
ImageList_BeginDrag - 0x0066CFE4 0x0026C834 0x0025FC34 0x00000000
ImageList_EndDrag - 0x0066CFE8 0x0026C838 0x0025FC38 0x00000000
ImageList_DragEnter - 0x0066CFEC 0x0026C83C 0x0025FC3C 0x00000000
ImageList_DragLeave - 0x0066CFF0 0x0026C840 0x0025FC40 0x00000000
ImageList_DragMove - 0x0066CFF4 0x0026C844 0x0025FC44 0x00000000
ImageList_DragShowNolock - 0x0066CFF8 0x0026C848 0x0025FC48 0x00000000
_TrackMouseEvent - 0x0066CFFC 0x0026C84C 0x0025FC4C 0x00000000
ws2_32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
closesocket - 0x0066D004 0x0026C854 0x0025FC54 0x00000000
connect - 0x0066D008 0x0026C858 0x0025FC58 0x00000000
ioctlsocket - 0x0066D00C 0x0026C85C 0x0025FC5C 0x00000000
getsockopt - 0x0066D010 0x0026C860 0x0025FC60 0x00000000
recv - 0x0066D014 0x0026C864 0x0025FC64 0x00000000
select - 0x0066D018 0x0026C868 0x0025FC68 0x00000000
send - 0x0066D01C 0x0026C86C 0x0025FC6C 0x00000000
setsockopt - 0x0066D020 0x0026C870 0x0025FC70 0x00000000
shutdown - 0x0066D024 0x0026C874 0x0025FC74 0x00000000
socket - 0x0066D028 0x0026C878 0x0025FC78 0x00000000
WSAStartup - 0x0066D02C 0x0026C87C 0x0025FC7C 0x00000000
WSACleanup - 0x0066D030 0x0026C880 0x0025FC80 0x00000000
WSAGetLastError - 0x0066D034 0x0026C884 0x0025FC84 0x00000000
__WSAFDIsSet - 0x0066D038 0x0026C888 0x0025FC88 0x00000000
wsock32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
gethostbyaddr - 0x0066D040 0x0026C890 0x0025FC90 0x00000000
gethostbyname - 0x0066D044 0x0026C894 0x0025FC94 0x00000000
WSAStartup - 0x0066D048 0x0026C898 0x0025FC98 0x00000000
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
dobaec.exe 5 0x00400000 0x00690FFF Relevant Image False 32-bit 0x0040FCC0 False
...
dobaec.exe 5 0x00400000 0x00690FFF Process Termination False 32-bit - False
...
C:\IntelprocSB\devoptisys.exe Dropped File Binary
Clean
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 4.12 MB
MD5 1357b0e6978996c5b3087e1d8213b7c4 Copy to Clipboard
SHA1 471190cd24616276f7b070fdc451d405028ce646 Copy to Clipboard
SHA256 61ecf0519833fdcccf07650287661dbb156cabed257dbbb64a72b428ce8af5c1 Copy to Clipboard
SSDeep 98304:+R0pI/IQlUoMPdmpSpq4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmp5n9klRKN41v Copy to Clipboard
ImpHash 1a611a7df1f3828b0157c4725145a721 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00402EC0
Size Of Code 0x00175A20
Size Of Initialized Data 0x0001CF44
Size Of Uninitialized Data 0x00009554
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:00 (UTC+1)
Version Information (10)
»
FileDescription System Devices Optimizer
InternalName Devices Optimus
ProductName Devices Optimus
ProductVersion 6.0.0.0
Comments -
CompanyName -
FileVersion 6.0.0.0
LegalCopyright -
LegalTrademarks -
OriginalFilename -
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00175A20 0x00175C00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.06
.data 0x00577000 0x0001CF44 0x0001D000 0x00176000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.24
.rdata 0x00594000 0x000CC170 0x000CC200 0x00193000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.21
.bss 0x00661000 0x00009554 0x00000000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.CRT 0x0066B000 0x0000000C 0x00000200 0x0025F200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.06
.idata 0x0066C000 0x000030DE 0x00003200 0x0025F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.19
.rsrc 0x00670000 0x000206BC 0x00020800 0x00262600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.0
Imports (11)
»
kernel32.dll (126)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStdHandle - 0x0066C8A0 0x0026C0F0 0x0025F4F0 0x00000000
GetConsoleMode - 0x0066C8A4 0x0026C0F4 0x0025F4F4 0x00000000
TlsGetValue - 0x0066C8A8 0x0026C0F8 0x0025F4F8 0x00000000
GetLastError - 0x0066C8AC 0x0026C0FC 0x0025F4FC 0x00000000
SetLastError - 0x0066C8B0 0x0026C100 0x0025F500 0x00000000
RaiseException - 0x0066C8B4 0x0026C104 0x0025F504 0x00000000
GetTickCount - 0x0066C8B8 0x0026C108 0x0025F508 0x00000000
ExitProcess - 0x0066C8BC 0x0026C10C 0x0025F50C 0x00000000
GetStartupInfoA - 0x0066C8C0 0x0026C110 0x0025F510 0x00000000
GetCommandLineA - 0x0066C8C4 0x0026C114 0x0025F514 0x00000000
GetCurrentProcessId - 0x0066C8C8 0x0026C118 0x0025F518 0x00000000
GetCurrentThreadId - 0x0066C8CC 0x0026C11C 0x0025F51C 0x00000000
GetCurrentProcess - 0x0066C8D0 0x0026C120 0x0025F520 0x00000000
ReadProcessMemory - 0x0066C8D4 0x0026C124 0x0025F524 0x00000000
GetModuleFileNameA - 0x0066C8D8 0x0026C128 0x0025F528 0x00000000
GetModuleHandleA - 0x0066C8DC 0x0026C12C 0x0025F52C 0x00000000
WriteFile - 0x0066C8E0 0x0026C130 0x0025F530 0x00000000
ReadFile - 0x0066C8E4 0x0026C134 0x0025F534 0x00000000
CloseHandle - 0x0066C8E8 0x0026C138 0x0025F538 0x00000000
SetFilePointer - 0x0066C8EC 0x0026C13C 0x0025F53C 0x00000000
SetEndOfFile - 0x0066C8F0 0x0026C140 0x0025F540 0x00000000
GetSystemInfo - 0x0066C8F4 0x0026C144 0x0025F544 0x00000000
LoadLibraryW - 0x0066C8F8 0x0026C148 0x0025F548 0x00000000
LoadLibraryA - 0x0066C8FC 0x0026C14C 0x0025F54C 0x00000000
GetProcAddress - 0x0066C900 0x0026C150 0x0025F550 0x00000000
FreeLibrary - 0x0066C904 0x0026C154 0x0025F554 0x00000000
FormatMessageW - 0x0066C908 0x0026C158 0x0025F558 0x00000000
DeleteFileW - 0x0066C90C 0x0026C15C 0x0025F55C 0x00000000
CreateFileW - 0x0066C910 0x0026C160 0x0025F560 0x00000000
GetFileAttributesW - 0x0066C914 0x0026C164 0x0025F564 0x00000000
CreateDirectoryW - 0x0066C918 0x0026C168 0x0025F568 0x00000000
GetCurrentDirectoryW - 0x0066C91C 0x0026C16C 0x0025F56C 0x00000000
GetFullPathNameW - 0x0066C920 0x0026C170 0x0025F570 0x00000000
GetConsoleOutputCP - 0x0066C924 0x0026C174 0x0025F574 0x00000000
GetOEMCP - 0x0066C928 0x0026C178 0x0025F578 0x00000000
GetProcessHeap - 0x0066C92C 0x0026C17C 0x0025F57C 0x00000000
HeapAlloc - 0x0066C930 0x0026C180 0x0025F580 0x00000000
HeapFree - 0x0066C934 0x0026C184 0x0025F584 0x00000000
TlsAlloc - 0x0066C938 0x0026C188 0x0025F588 0x00000000
TlsSetValue - 0x0066C93C 0x0026C18C 0x0025F58C 0x00000000
CreateThread - 0x0066C940 0x0026C190 0x0025F590 0x00000000
ExitThread - 0x0066C944 0x0026C194 0x0025F594 0x00000000
LocalAlloc - 0x0066C948 0x0026C198 0x0025F598 0x00000000
LocalFree - 0x0066C94C 0x0026C19C 0x0025F59C 0x00000000
Sleep - 0x0066C950 0x0026C1A0 0x0025F5A0 0x00000000
SuspendThread - 0x0066C954 0x0026C1A4 0x0025F5A4 0x00000000
ResumeThread - 0x0066C958 0x0026C1A8 0x0025F5A8 0x00000000
TerminateThread - 0x0066C95C 0x0026C1AC 0x0025F5AC 0x00000000
WaitForSingleObject - 0x0066C960 0x0026C1B0 0x0025F5B0 0x00000000
SetThreadPriority - 0x0066C964 0x0026C1B4 0x0025F5B4 0x00000000
GetThreadPriority - 0x0066C968 0x0026C1B8 0x0025F5B8 0x00000000
GetCurrentThread - 0x0066C96C 0x0026C1BC 0x0025F5BC 0x00000000
OpenThread - 0x0066C970 0x0026C1C0 0x0025F5C0 0x00000000
IsDebuggerPresent - 0x0066C974 0x0026C1C4 0x0025F5C4 0x00000000
CreateEventA - 0x0066C978 0x0026C1C8 0x0025F5C8 0x00000000
ResetEvent - 0x0066C97C 0x0026C1CC 0x0025F5CC 0x00000000
SetEvent - 0x0066C980 0x0026C1D0 0x0025F5D0 0x00000000
InitializeCriticalSection - 0x0066C984 0x0026C1D4 0x0025F5D4 0x00000000
DeleteCriticalSection - 0x0066C988 0x0026C1D8 0x0025F5D8 0x00000000
EnterCriticalSection - 0x0066C98C 0x0026C1DC 0x0025F5DC 0x00000000
LeaveCriticalSection - 0x0066C990 0x0026C1E0 0x0025F5E0 0x00000000
TryEnterCriticalSection - 0x0066C994 0x0026C1E4 0x0025F5E4 0x00000000
GetEnvironmentStringsW - 0x0066C998 0x0026C1E8 0x0025F5E8 0x00000000
FreeEnvironmentStringsW - 0x0066C99C 0x0026C1EC 0x0025F5EC 0x00000000
MultiByteToWideChar - 0x0066C9A0 0x0026C1F0 0x0025F5F0 0x00000000
WideCharToMultiByte - 0x0066C9A4 0x0026C1F4 0x0025F5F4 0x00000000
GetACP - 0x0066C9A8 0x0026C1F8 0x0025F5F8 0x00000000
GetConsoleCP - 0x0066C9AC 0x0026C1FC 0x0025F5FC 0x00000000
RtlUnwind - 0x0066C9B0 0x0026C200 0x0025F600 0x00000000
EnumResourceTypesA - 0x0066C9B4 0x0026C204 0x0025F604 0x00000000
EnumResourceNamesA - 0x0066C9B8 0x0026C208 0x0025F608 0x00000000
EnumResourceLanguagesA - 0x0066C9BC 0x0026C20C 0x0025F60C 0x00000000
FindResourceA - 0x0066C9C0 0x0026C210 0x0025F610 0x00000000
FindResourceExA - 0x0066C9C4 0x0026C214 0x0025F614 0x00000000
LoadResource - 0x0066C9C8 0x0026C218 0x0025F618 0x00000000
SizeofResource - 0x0066C9CC 0x0026C21C 0x0025F61C 0x00000000
LockResource - 0x0066C9D0 0x0026C220 0x0025F620 0x00000000
FreeResource - 0x0066C9D4 0x0026C224 0x0025F624 0x00000000
GetEnvironmentStringsA - 0x0066C9D8 0x0026C228 0x0025F628 0x00000000
FreeEnvironmentStringsA - 0x0066C9DC 0x0026C22C 0x0025F62C 0x00000000
FormatMessageA - 0x0066C9E0 0x0026C230 0x0025F630 0x00000000
GlobalAddAtomA - 0x0066C9E4 0x0026C234 0x0025F634 0x00000000
GetDriveTypeA - 0x0066C9E8 0x0026C238 0x0025F638 0x00000000
GetSystemDirectoryA - 0x0066C9EC 0x0026C23C 0x0025F63C 0x00000000
GetWindowsDirectoryA - 0x0066C9F0 0x0026C240 0x0025F640 0x00000000
GetDiskFreeSpaceA - 0x0066C9F4 0x0026C244 0x0025F644 0x00000000
DeleteFileA - 0x0066C9F8 0x0026C248 0x0025F648 0x00000000
GetVersionExA - 0x0066C9FC 0x0026C24C 0x0025F64C 0x00000000
CompareStringA - 0x0066CA00 0x0026C250 0x0025F650 0x00000000
GetLocaleInfoA - 0x0066CA04 0x0026C254 0x0025F654 0x00000000
GetDateFormatA - 0x0066CA08 0x0026C258 0x0025F658 0x00000000
EnumCalendarInfoA - 0x0066CA0C 0x0026C25C 0x0025F65C 0x00000000
GetModuleFileNameW - 0x0066CA10 0x0026C260 0x0025F660 0x00000000
GetCommandLineW - 0x0066CA14 0x0026C264 0x0025F664 0x00000000
SetFileAttributesW - 0x0066CA18 0x0026C268 0x0025F668 0x00000000
FindNextFileW - 0x0066CA1C 0x0026C26C 0x0025F66C 0x00000000
CompareStringW - 0x0066CA20 0x0026C270 0x0025F670 0x00000000
GetLocaleInfoW - 0x0066CA24 0x0026C274 0x0025F674 0x00000000
GetDateFormatW - 0x0066CA28 0x0026C278 0x0025F678 0x00000000
FindFirstFileExW - 0x0066CA2C 0x0026C27C 0x0025F67C 0x00000000
GlobalAlloc - 0x0066CA30 0x0026C280 0x0025F680 0x00000000
GlobalReAlloc - 0x0066CA34 0x0026C284 0x0025F684 0x00000000
GlobalSize - 0x0066CA38 0x0026C288 0x0025F688 0x00000000
GlobalLock - 0x0066CA3C 0x0026C28C 0x0025F68C 0x00000000
GlobalUnlock - 0x0066CA40 0x0026C290 0x0025F690 0x00000000
VirtualFree - 0x0066CA44 0x0026C294 0x0025F694 0x00000000
GetExitCodeProcess - 0x0066CA48 0x0026C298 0x0025F698 0x00000000
GlobalDeleteAtom - 0x0066CA4C 0x0026C29C 0x0025F69C 0x00000000
GetLogicalDrives - 0x0066CA50 0x0026C2A0 0x0025F6A0 0x00000000
DeviceIoControl - 0x0066CA54 0x0026C2A4 0x0025F6A4 0x00000000
FindClose - 0x0066CA58 0x0026C2A8 0x0025F6A8 0x00000000
WinExec - 0x0066CA5C 0x0026C2AC 0x0025F6AC 0x00000000
MulDiv - 0x0066CA60 0x0026C2B0 0x0025F6B0 0x00000000
GetLocalTime - 0x0066CA64 0x0026C2B4 0x0025F6B4 0x00000000
SystemTimeToTzSpecificLocalTime - 0x0066CA68 0x0026C2B8 0x0025F6B8 0x00000000
FileTimeToLocalFileTime - 0x0066CA6C 0x0026C2BC 0x0025F6BC 0x00000000
FileTimeToSystemTime - 0x0066CA70 0x0026C2C0 0x0025F6C0 0x00000000
FileTimeToDosDateTime - 0x0066CA74 0x0026C2C4 0x0025F6C4 0x00000000
PeekNamedPipe - 0x0066CA78 0x0026C2C8 0x0025F6C8 0x00000000
GetCPInfo - 0x0066CA7C 0x0026C2CC 0x0025F6CC 0x00000000
GetThreadLocale - 0x0066CA80 0x0026C2D0 0x0025F6D0 0x00000000
SetThreadLocale - 0x0066CA84 0x0026C2D4 0x0025F6D4 0x00000000
GetUserDefaultLCID - 0x0066CA88 0x0026C2D8 0x0025F6D8 0x00000000
CreateToolhelp32Snapshot - 0x0066CA8C 0x0026C2DC 0x0025F6DC 0x00000000
Process32First - 0x0066CA90 0x0026C2E0 0x0025F6E0 0x00000000
Process32Next - 0x0066CA94 0x0026C2E4 0x0025F6E4 0x00000000
oleaut32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocStringLen - 0x0066CA9C 0x0026C2EC 0x0025F6EC 0x00000000
SysFreeString - 0x0066CAA0 0x0026C2F0 0x0025F6F0 0x00000000
SysReAllocStringLen - 0x0066CAA4 0x0026C2F4 0x0025F6F4 0x00000000
SafeArrayCreate - 0x0066CAA8 0x0026C2F8 0x0025F6F8 0x00000000
SafeArrayRedim - 0x0066CAAC 0x0026C2FC 0x0025F6FC 0x00000000
SafeArrayGetUBound - 0x0066CAB0 0x0026C300 0x0025F700 0x00000000
SafeArrayGetLBound - 0x0066CAB4 0x0026C304 0x0025F704 0x00000000
SafeArrayAccessData - 0x0066CAB8 0x0026C308 0x0025F708 0x00000000
SafeArrayUnaccessData - 0x0066CABC 0x0026C30C 0x0025F70C 0x00000000
SafeArrayGetElement - 0x0066CAC0 0x0026C310 0x0025F710 0x00000000
SafeArrayPutElement - 0x0066CAC4 0x0026C314 0x0025F714 0x00000000
SafeArrayPtrOfIndex - 0x0066CAC8 0x0026C318 0x0025F718 0x00000000
VariantChangeTypeEx - 0x0066CACC 0x0026C31C 0x0025F71C 0x00000000
VariantClear - 0x0066CAD0 0x0026C320 0x0025F720 0x00000000
VariantCopy - 0x0066CAD4 0x0026C324 0x0025F724 0x00000000
VariantInit - 0x0066CAD8 0x0026C328 0x0025F728 0x00000000
user32.dll (178)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA - 0x0066CAE0 0x0026C330 0x0025F730 0x00000000
CharUpperBuffW - 0x0066CAE4 0x0026C334 0x0025F734 0x00000000
CharLowerBuffW - 0x0066CAE8 0x0026C338 0x0025F738 0x00000000
SendMessageA - 0x0066CAEC 0x0026C33C 0x0025F73C 0x00000000
PostMessageA - 0x0066CAF0 0x0026C340 0x0025F740 0x00000000
DefWindowProcA - 0x0066CAF4 0x0026C344 0x0025F744 0x00000000
CallWindowProcA - 0x0066CAF8 0x0026C348 0x0025F748 0x00000000
RegisterClassA - 0x0066CAFC 0x0026C34C 0x0025F74C 0x00000000
UnregisterClassA - 0x0066CB00 0x0026C350 0x0025F750 0x00000000
GetClassInfoA - 0x0066CB04 0x0026C354 0x0025F754 0x00000000
CreateWindowExA - 0x0066CB08 0x0026C358 0x0025F758 0x00000000
RegisterClipboardFormatA - 0x0066CB0C 0x0026C35C 0x0025F75C 0x00000000
GetClipboardFormatNameA - 0x0066CB10 0x0026C360 0x0025F760 0x00000000
CharToOemA - 0x0066CB14 0x0026C364 0x0025F764 0x00000000
CharUpperA - 0x0066CB18 0x0026C368 0x0025F768 0x00000000
CharUpperBuffA - 0x0066CB1C 0x0026C36C 0x0025F76C 0x00000000
CharLowerA - 0x0066CB20 0x0026C370 0x0025F770 0x00000000
CharLowerBuffA - 0x0066CB24 0x0026C374 0x0025F774 0x00000000
GetMenuItemInfoA - 0x0066CB28 0x0026C378 0x0025F778 0x00000000
SetPropA - 0x0066CB2C 0x0026C37C 0x0025F77C 0x00000000
GetPropA - 0x0066CB30 0x0026C380 0x0025F780 0x00000000
RemovePropA - 0x0066CB34 0x0026C384 0x0025F784 0x00000000
EnumPropsA - 0x0066CB38 0x0026C388 0x0025F788 0x00000000
GetWindowLongA - 0x0066CB3C 0x0026C38C 0x0025F78C 0x00000000
SetWindowLongA - 0x0066CB40 0x0026C390 0x0025F790 0x00000000
GetClassLongA - 0x0066CB44 0x0026C394 0x0025F794 0x00000000
SetClassLongA - 0x0066CB48 0x0026C398 0x0025F798 0x00000000
GetClassNameA - 0x0066CB4C 0x0026C39C 0x0025F79C 0x00000000
LoadBitmapA - 0x0066CB50 0x0026C3A0 0x0025F7A0 0x00000000
LoadCursorA - 0x0066CB54 0x0026C3A4 0x0025F7A4 0x00000000
LoadIconA - 0x0066CB58 0x0026C3A8 0x0025F7A8 0x00000000
LoadImageA - 0x0066CB5C 0x0026C3AC 0x0025F7AC 0x00000000
SystemParametersInfoA - 0x0066CB60 0x0026C3B0 0x0025F7B0 0x00000000
DispatchMessageW - 0x0066CB64 0x0026C3B4 0x0025F7B4 0x00000000
PeekMessageW - 0x0066CB68 0x0026C3B8 0x0025F7B8 0x00000000
SendMessageW - 0x0066CB6C 0x0026C3BC 0x0025F7BC 0x00000000
DefWindowProcW - 0x0066CB70 0x0026C3C0 0x0025F7C0 0x00000000
CallWindowProcW - 0x0066CB74 0x0026C3C4 0x0025F7C4 0x00000000
RegisterClassW - 0x0066CB78 0x0026C3C8 0x0025F7C8 0x00000000
UnregisterClassW - 0x0066CB7C 0x0026C3CC 0x0025F7CC 0x00000000
GetClassInfoW - 0x0066CB80 0x0026C3D0 0x0025F7D0 0x00000000
CreateWindowExW - 0x0066CB84 0x0026C3D4 0x0025F7D4 0x00000000
InsertMenuItemW - 0x0066CB88 0x0026C3D8 0x0025F7D8 0x00000000
GetMenuItemInfoW - 0x0066CB8C 0x0026C3DC 0x0025F7DC 0x00000000
SetMenuItemInfoW - 0x0066CB90 0x0026C3E0 0x0025F7E0 0x00000000
DrawTextW - 0x0066CB94 0x0026C3E4 0x0025F7E4 0x00000000
DrawStateW - 0x0066CB98 0x0026C3E8 0x0025F7E8 0x00000000
SetWindowTextW - 0x0066CB9C 0x0026C3EC 0x0025F7EC 0x00000000
GetWindowTextW - 0x0066CBA0 0x0026C3F0 0x0025F7F0 0x00000000
GetWindowTextLengthW - 0x0066CBA4 0x0026C3F4 0x0025F7F4 0x00000000
MessageBoxW - 0x0066CBA8 0x0026C3F8 0x0025F7F8 0x00000000
GetWindowLongW - 0x0066CBAC 0x0026C3FC 0x0025F7FC 0x00000000
SetWindowLongW - 0x0066CBB0 0x0026C400 0x0025F800 0x00000000
DefFrameProcW - 0x0066CBB4 0x0026C404 0x0025F804 0x00000000
DefMDIChildProcW - 0x0066CBB8 0x0026C408 0x0025F808 0x00000000
TranslateMessage - 0x0066CBBC 0x0026C40C 0x0025F80C 0x00000000
PostQuitMessage - 0x0066CBC0 0x0026C410 0x0025F810 0x00000000
GetDoubleClickTime - 0x0066CBC4 0x0026C414 0x0025F814 0x00000000
IsWindow - 0x0066CBC8 0x0026C418 0x0025F818 0x00000000
IsMenu - 0x0066CBCC 0x0026C41C 0x0025F81C 0x00000000
DestroyWindow - 0x0066CBD0 0x0026C420 0x0025F820 0x00000000
ShowWindow - 0x0066CBD4 0x0026C424 0x0025F824 0x00000000
ShowWindowAsync - 0x0066CBD8 0x0026C428 0x0025F828 0x00000000
ShowOwnedPopups - 0x0066CBDC 0x0026C42C 0x0025F82C 0x00000000
MoveWindow - 0x0066CBE0 0x0026C430 0x0025F830 0x00000000
SetWindowPos - 0x0066CBE4 0x0026C434 0x0025F834 0x00000000
GetWindowPlacement - 0x0066CBE8 0x0026C438 0x0025F838 0x00000000
SetWindowPlacement - 0x0066CBEC 0x0026C43C 0x0025F83C 0x00000000
BeginDeferWindowPos - 0x0066CBF0 0x0026C440 0x0025F840 0x00000000
DeferWindowPos - 0x0066CBF4 0x0026C444 0x0025F844 0x00000000
EndDeferWindowPos - 0x0066CBF8 0x0026C448 0x0025F848 0x00000000
IsWindowVisible - 0x0066CBFC 0x0026C44C 0x0025F84C 0x00000000
IsIconic - 0x0066CC00 0x0026C450 0x0025F850 0x00000000
BringWindowToTop - 0x0066CC04 0x0026C454 0x0025F854 0x00000000
IsZoomed - 0x0066CC08 0x0026C458 0x0025F858 0x00000000
OpenClipboard - 0x0066CC0C 0x0026C45C 0x0025F85C 0x00000000
CloseClipboard - 0x0066CC10 0x0026C460 0x0025F860 0x00000000
SetClipboardData - 0x0066CC14 0x0026C464 0x0025F864 0x00000000
GetClipboardData - 0x0066CC18 0x0026C468 0x0025F868 0x00000000
CountClipboardFormats - 0x0066CC1C 0x0026C46C 0x0025F86C 0x00000000
EnumClipboardFormats - 0x0066CC20 0x0026C470 0x0025F870 0x00000000
EmptyClipboard - 0x0066CC24 0x0026C474 0x0025F874 0x00000000
IsClipboardFormatAvailable - 0x0066CC28 0x0026C478 0x0025F878 0x00000000
SetFocus - 0x0066CC2C 0x0026C47C 0x0025F87C 0x00000000
GetActiveWindow - 0x0066CC30 0x0026C480 0x0025F880 0x00000000
GetFocus - 0x0066CC34 0x0026C484 0x0025F884 0x00000000
GetKeyState - 0x0066CC38 0x0026C488 0x0025F888 0x00000000
GetCapture - 0x0066CC3C 0x0026C48C 0x0025F88C 0x00000000
SetCapture - 0x0066CC40 0x0026C490 0x0025F890 0x00000000
ReleaseCapture - 0x0066CC44 0x0026C494 0x0025F894 0x00000000
MsgWaitForMultipleObjects - 0x0066CC48 0x0026C498 0x0025F898 0x00000000
SetTimer - 0x0066CC4C 0x0026C49C 0x0025F89C 0x00000000
KillTimer - 0x0066CC50 0x0026C4A0 0x0025F8A0 0x00000000
EnableWindow - 0x0066CC54 0x0026C4A4 0x0025F8A4 0x00000000
IsWindowEnabled - 0x0066CC58 0x0026C4A8 0x0025F8A8 0x00000000
GetSystemMetrics - 0x0066CC5C 0x0026C4AC 0x0025F8AC 0x00000000
GetMenu - 0x0066CC60 0x0026C4B0 0x0025F8B0 0x00000000
SetMenu - 0x0066CC64 0x0026C4B4 0x0025F8B4 0x00000000
DrawMenuBar - 0x0066CC68 0x0026C4B8 0x0025F8B8 0x00000000
GetSystemMenu - 0x0066CC6C 0x0026C4BC 0x0025F8BC 0x00000000
CreateMenu - 0x0066CC70 0x0026C4C0 0x0025F8C0 0x00000000
CreatePopupMenu - 0x0066CC74 0x0026C4C4 0x0025F8C4 0x00000000
DestroyMenu - 0x0066CC78 0x0026C4C8 0x0025F8C8 0x00000000
EnableMenuItem - 0x0066CC7C 0x0026C4CC 0x0025F8CC 0x00000000
GetSubMenu - 0x0066CC80 0x0026C4D0 0x0025F8D0 0x00000000
GetMenuItemCount - 0x0066CC84 0x0026C4D4 0x0025F8D4 0x00000000
RemoveMenu - 0x0066CC88 0x0026C4D8 0x0025F8D8 0x00000000
DeleteMenu - 0x0066CC8C 0x0026C4DC 0x0025F8DC 0x00000000
GetMenuItemRect - 0x0066CC90 0x0026C4E0 0x0025F8E0 0x00000000
UpdateWindow - 0x0066CC94 0x0026C4E4 0x0025F8E4 0x00000000
SetActiveWindow - 0x0066CC98 0x0026C4E8 0x0025F8E8 0x00000000
GetForegroundWindow - 0x0066CC9C 0x0026C4EC 0x0025F8EC 0x00000000
SetForegroundWindow - 0x0066CCA0 0x0026C4F0 0x0025F8F0 0x00000000
WindowFromDC - 0x0066CCA4 0x0026C4F4 0x0025F8F4 0x00000000
GetDC - 0x0066CCA8 0x0026C4F8 0x0025F8F8 0x00000000
GetDCEx - 0x0066CCAC 0x0026C4FC 0x0025F8FC 0x00000000
GetWindowDC - 0x0066CCB0 0x0026C500 0x0025F900 0x00000000
ReleaseDC - 0x0066CCB4 0x0026C504 0x0025F904 0x00000000
BeginPaint - 0x0066CCB8 0x0026C508 0x0025F908 0x00000000
EndPaint - 0x0066CCBC 0x0026C50C 0x0025F90C 0x00000000
GetUpdateRect - 0x0066CCC0 0x0026C510 0x0025F910 0x00000000
SetWindowRgn - 0x0066CCC4 0x0026C514 0x0025F914 0x00000000
InvalidateRect - 0x0066CCC8 0x0026C518 0x0025F918 0x00000000
InvalidateRgn - 0x0066CCCC 0x0026C51C 0x0025F91C 0x00000000
RedrawWindow - 0x0066CCD0 0x0026C520 0x0025F920 0x00000000
ScrollWindowEx - 0x0066CCD4 0x0026C524 0x0025F924 0x00000000
ShowScrollBar - 0x0066CCD8 0x0026C528 0x0025F928 0x00000000
EnableScrollBar - 0x0066CCDC 0x0026C52C 0x0025F92C 0x00000000
GetClientRect - 0x0066CCE0 0x0026C530 0x0025F930 0x00000000
GetWindowRect - 0x0066CCE4 0x0026C534 0x0025F934 0x00000000
AdjustWindowRectEx - 0x0066CCE8 0x0026C538 0x0025F938 0x00000000
MessageBeep - 0x0066CCEC 0x0026C53C 0x0025F93C 0x00000000
SetCursorPos - 0x0066CCF0 0x0026C540 0x0025F940 0x00000000
SetCursor - 0x0066CCF4 0x0026C544 0x0025F944 0x00000000
GetCursorPos - 0x0066CCF8 0x0026C548 0x0025F948 0x00000000
CreateCaret - 0x0066CCFC 0x0026C54C 0x0025F94C 0x00000000
DestroyCaret - 0x0066CD00 0x0026C550 0x0025F950 0x00000000
HideCaret - 0x0066CD04 0x0026C554 0x0025F954 0x00000000
ShowCaret - 0x0066CD08 0x0026C558 0x0025F958 0x00000000
SetCaretPos - 0x0066CD0C 0x0026C55C 0x0025F95C 0x00000000
GetCaretPos - 0x0066CD10 0x0026C560 0x0025F960 0x00000000
ClientToScreen - 0x0066CD14 0x0026C564 0x0025F964 0x00000000
ScreenToClient - 0x0066CD18 0x0026C568 0x0025F968 0x00000000
MapWindowPoints - 0x0066CD1C 0x0026C56C 0x0025F96C 0x00000000
WindowFromPoint - 0x0066CD20 0x0026C570 0x0025F970 0x00000000
GetSysColor - 0x0066CD24 0x0026C574 0x0025F974 0x00000000
GetSysColorBrush - 0x0066CD28 0x0026C578 0x0025F978 0x00000000
SetSysColors - 0x0066CD2C 0x0026C57C 0x0025F97C 0x00000000
DrawFocusRect - 0x0066CD30 0x0026C580 0x0025F980 0x00000000
FillRect - 0x0066CD34 0x0026C584 0x0025F984 0x00000000
FrameRect - 0x0066CD38 0x0026C588 0x0025F988 0x00000000
SetRect - 0x0066CD3C 0x0026C58C 0x0025F98C 0x00000000
InflateRect - 0x0066CD40 0x0026C590 0x0025F990 0x00000000
IntersectRect - 0x0066CD44 0x0026C594 0x0025F994 0x00000000
OffsetRect - 0x0066CD48 0x0026C598 0x0025F998 0x00000000
GetDesktopWindow - 0x0066CD4C 0x0026C59C 0x0025F99C 0x00000000
GetParent - 0x0066CD50 0x0026C5A0 0x0025F9A0 0x00000000
SetParent - 0x0066CD54 0x0026C5A4 0x0025F9A4 0x00000000
EnumThreadWindows - 0x0066CD58 0x0026C5A8 0x0025F9A8 0x00000000
GetTopWindow - 0x0066CD5C 0x0026C5AC 0x0025F9AC 0x00000000
GetWindowThreadProcessId - 0x0066CD60 0x0026C5B0 0x0025F9B0 0x00000000
GetLastActivePopup - 0x0066CD64 0x0026C5B4 0x0025F9B4 0x00000000
GetWindow - 0x0066CD68 0x0026C5B8 0x0025F9B8 0x00000000
CallNextHookEx - 0x0066CD6C 0x0026C5BC 0x0025F9BC 0x00000000
DestroyCursor - 0x0066CD70 0x0026C5C0 0x0025F9C0 0x00000000
DestroyIcon - 0x0066CD74 0x0026C5C4 0x0025F9C4 0x00000000
CopyImage - 0x0066CD78 0x0026C5C8 0x0025F9C8 0x00000000
CreateIconIndirect - 0x0066CD7C 0x0026C5CC 0x0025F9CC 0x00000000
GetIconInfo - 0x0066CD80 0x0026C5D0 0x0025F9D0 0x00000000
SetScrollInfo - 0x0066CD84 0x0026C5D4 0x0025F9D4 0x00000000
GetScrollInfo - 0x0066CD88 0x0026C5D8 0x0025F9D8 0x00000000
TranslateMDISysAccel - 0x0066CD8C 0x0026C5DC 0x0025F9DC 0x00000000
DrawEdge - 0x0066CD90 0x0026C5E0 0x0025F9E0 0x00000000
DrawFrameControl - 0x0066CD94 0x0026C5E4 0x0025F9E4 0x00000000
TrackPopupMenuEx - 0x0066CD98 0x0026C5E8 0x0025F9E8 0x00000000
ChildWindowFromPointEx - 0x0066CD9C 0x0026C5EC 0x0025F9EC 0x00000000
DrawIconEx - 0x0066CDA0 0x0026C5F0 0x0025F9F0 0x00000000
FlashWindowEx - 0x0066CDA4 0x0026C5F4 0x0025F9F4 0x00000000
advapi32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserNameA - 0x0066CDAC 0x0026C5FC 0x0025F9FC 0x00000000
RegSetValueExW - 0x0066CDB0 0x0026C600 0x0025FA00 0x00000000
RegQueryValueExW - 0x0066CDB4 0x0026C604 0x0025FA04 0x00000000
RegCreateKeyExW - 0x0066CDB8 0x0026C608 0x0025FA08 0x00000000
RegOpenKeyExW - 0x0066CDBC 0x0026C60C 0x0025FA0C 0x00000000
RegCloseKey - 0x0066CDC0 0x0026C610 0x0025FA10 0x00000000
RegFlushKey - 0x0066CDC4 0x0026C614 0x0025FA14 0x00000000
gdi32.dll (108)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontIndirectA - 0x0066CDCC 0x0026C61C 0x0025FA1C 0x00000000
EnumFontFamiliesA - 0x0066CDD0 0x0026C620 0x0025FA20 0x00000000
GetCharABCWidthsA - 0x0066CDD4 0x0026C624 0x0025FA24 0x00000000
GetTextExtentPointA - 0x0066CDD8 0x0026C628 0x0025FA28 0x00000000
GetTextMetricsA - 0x0066CDDC 0x0026C62C 0x0025FA2C 0x00000000
GetObjectA - 0x0066CDE0 0x0026C630 0x0025FA30 0x00000000
ExtTextOutA - 0x0066CDE4 0x0026C634 0x0025FA34 0x00000000
CreateFontIndirectW - 0x0066CDE8 0x0026C638 0x0025FA38 0x00000000
EnumFontFamiliesExW - 0x0066CDEC 0x0026C63C 0x0025FA3C 0x00000000
GetCharABCWidthsW - 0x0066CDF0 0x0026C640 0x0025FA40 0x00000000
GetTextExtentPoint32W - 0x0066CDF4 0x0026C644 0x0025FA44 0x00000000
GetTextExtentExPointW - 0x0066CDF8 0x0026C648 0x0025FA48 0x00000000
GetObjectW - 0x0066CDFC 0x0026C64C 0x0025FA4C 0x00000000
TextOutW - 0x0066CE00 0x0026C650 0x0025FA50 0x00000000
ExtTextOutW - 0x0066CE04 0x0026C654 0x0025FA54 0x00000000
GetRandomRgn - 0x0066CE08 0x0026C658 0x0025FA58 0x00000000
Arc - 0x0066CE0C 0x0026C65C 0x0025FA5C 0x00000000
BitBlt - 0x0066CE10 0x0026C660 0x0025FA60 0x00000000
Chord - 0x0066CE14 0x0026C664 0x0025FA64 0x00000000
CombineRgn - 0x0066CE18 0x0026C668 0x0025FA68 0x00000000
CreateBitmap - 0x0066CE1C 0x0026C66C 0x0025FA6C 0x00000000
CreateBrushIndirect - 0x0066CE20 0x0026C670 0x0025FA70 0x00000000
CreateCompatibleBitmap - 0x0066CE24 0x0026C674 0x0025FA74 0x00000000
CreateCompatibleDC - 0x0066CE28 0x0026C678 0x0025FA78 0x00000000
CreateDIBitmap - 0x0066CE2C 0x0026C67C 0x0025FA7C 0x00000000
CreateEllipticRgn - 0x0066CE30 0x0026C680 0x0025FA80 0x00000000
CreatePen - 0x0066CE34 0x0026C684 0x0025FA84 0x00000000
CreatePenIndirect - 0x0066CE38 0x0026C688 0x0025FA88 0x00000000
CreatePatternBrush - 0x0066CE3C 0x0026C68C 0x0025FA8C 0x00000000
CreateRectRgn - 0x0066CE40 0x0026C690 0x0025FA90 0x00000000
CreateRoundRectRgn - 0x0066CE44 0x0026C694 0x0025FA94 0x00000000
CreateSolidBrush - 0x0066CE48 0x0026C698 0x0025FA98 0x00000000
DeleteDC - 0x0066CE4C 0x0026C69C 0x0025FA9C 0x00000000
DeleteObject - 0x0066CE50 0x0026C6A0 0x0025FAA0 0x00000000
Ellipse - 0x0066CE54 0x0026C6A4 0x0025FAA4 0x00000000
EqualRgn - 0x0066CE58 0x0026C6A8 0x0025FAA8 0x00000000
ExcludeClipRect - 0x0066CE5C 0x0026C6AC 0x0025FAAC 0x00000000
ExtCreateRegion - 0x0066CE60 0x0026C6B0 0x0025FAB0 0x00000000
ExtFloodFill - 0x0066CE64 0x0026C6B4 0x0025FAB4 0x00000000
FillRgn - 0x0066CE68 0x0026C6B8 0x0025FAB8 0x00000000
GetROP2 - 0x0066CE6C 0x0026C6BC 0x0025FABC 0x00000000
GetBkColor - 0x0066CE70 0x0026C6C0 0x0025FAC0 0x00000000
GetBitmapBits - 0x0066CE74 0x0026C6C4 0x0025FAC4 0x00000000
GetClipBox - 0x0066CE78 0x0026C6C8 0x0025FAC8 0x00000000
GetClipRgn - 0x0066CE7C 0x0026C6CC 0x0025FACC 0x00000000
GetCurrentObject - 0x0066CE80 0x0026C6D0 0x0025FAD0 0x00000000
GetDeviceCaps - 0x0066CE84 0x0026C6D4 0x0025FAD4 0x00000000
GetDIBits - 0x0066CE88 0x0026C6D8 0x0025FAD8 0x00000000
GetMapMode - 0x0066CE8C 0x0026C6DC 0x0025FADC 0x00000000
GetObjectType - 0x0066CE90 0x0026C6E0 0x0025FAE0 0x00000000
GetPixel - 0x0066CE94 0x0026C6E4 0x0025FAE4 0x00000000
GetRegionData - 0x0066CE98 0x0026C6E8 0x0025FAE8 0x00000000
GetRgnBox - 0x0066CE9C 0x0026C6EC 0x0025FAEC 0x00000000
GetStockObject - 0x0066CEA0 0x0026C6F0 0x0025FAF0 0x00000000
GetTextAlign - 0x0066CEA4 0x0026C6F4 0x0025FAF4 0x00000000
GetTextColor - 0x0066CEA8 0x0026C6F8 0x0025FAF8 0x00000000
GetViewportExtEx - 0x0066CEAC 0x0026C6FC 0x0025FAFC 0x00000000
GetViewportOrgEx - 0x0066CEB0 0x0026C700 0x0025FB00 0x00000000
GetWindowExtEx - 0x0066CEB4 0x0026C704 0x0025FB04 0x00000000
GetWindowOrgEx - 0x0066CEB8 0x0026C708 0x0025FB08 0x00000000
IntersectClipRect - 0x0066CEBC 0x0026C70C 0x0025FB0C 0x00000000
LineTo - 0x0066CEC0 0x0026C710 0x0025FB10 0x00000000
MaskBlt - 0x0066CEC4 0x0026C714 0x0025FB14 0x00000000
OffsetRgn - 0x0066CEC8 0x0026C718 0x0025FB18 0x00000000
PatBlt - 0x0066CECC 0x0026C71C 0x0025FB1C 0x00000000
Pie - 0x0066CED0 0x0026C720 0x0025FB20 0x00000000
PaintRgn - 0x0066CED4 0x0026C724 0x0025FB24 0x00000000
PtInRegion - 0x0066CED8 0x0026C728 0x0025FB28 0x00000000
RectInRegion - 0x0066CEDC 0x0026C72C 0x0025FB2C 0x00000000
RectVisible - 0x0066CEE0 0x0026C730 0x0025FB30 0x00000000
Rectangle - 0x0066CEE4 0x0026C734 0x0025FB34 0x00000000
RestoreDC - 0x0066CEE8 0x0026C738 0x0025FB38 0x00000000
RealizePalette - 0x0066CEEC 0x0026C73C 0x0025FB3C 0x00000000
RoundRect - 0x0066CEF0 0x0026C740 0x0025FB40 0x00000000
SaveDC - 0x0066CEF4 0x0026C744 0x0025FB44 0x00000000
SelectClipRgn - 0x0066CEF8 0x0026C748 0x0025FB48 0x00000000
ExtSelectClipRgn - 0x0066CEFC 0x0026C74C 0x0025FB4C 0x00000000
SelectObject - 0x0066CF00 0x0026C750 0x0025FB50 0x00000000
SelectPalette - 0x0066CF04 0x0026C754 0x0025FB54 0x00000000
SetBkColor - 0x0066CF08 0x0026C758 0x0025FB58 0x00000000
SetBkMode - 0x0066CF0C 0x0026C75C 0x0025FB5C 0x00000000
SetMapMode - 0x0066CF10 0x0026C760 0x0025FB60 0x00000000
SetPixel - 0x0066CF14 0x0026C764 0x0025FB64 0x00000000
SetPolyFillMode - 0x0066CF18 0x0026C768 0x0025FB68 0x00000000
StretchBlt - 0x0066CF1C 0x0026C76C 0x0025FB6C 0x00000000
SetRectRgn - 0x0066CF20 0x0026C770 0x0025FB70 0x00000000
SetROP2 - 0x0066CF24 0x0026C774 0x0025FB74 0x00000000
SetStretchBltMode - 0x0066CF28 0x0026C778 0x0025FB78 0x00000000
SetTextCharacterExtra - 0x0066CF2C 0x0026C77C 0x0025FB7C 0x00000000
SetTextColor - 0x0066CF30 0x0026C780 0x0025FB80 0x00000000
SetTextAlign - 0x0066CF34 0x0026C784 0x0025FB84 0x00000000
CreateDIBSection - 0x0066CF38 0x0026C788 0x0025FB88 0x00000000
SetArcDirection - 0x0066CF3C 0x0026C78C 0x0025FB8C 0x00000000
ExtCreatePen - 0x0066CF40 0x0026C790 0x0025FB90 0x00000000
MoveToEx - 0x0066CF44 0x0026C794 0x0025FB94 0x00000000
CreatePolygonRgn - 0x0066CF48 0x0026C798 0x0025FB98 0x00000000
DPtoLP - 0x0066CF4C 0x0026C79C 0x0025FB9C 0x00000000
LPtoDP - 0x0066CF50 0x0026C7A0 0x0025FBA0 0x00000000
Polygon - 0x0066CF54 0x0026C7A4 0x0025FBA4 0x00000000
Polyline - 0x0066CF58 0x0026C7A8 0x0025FBA8 0x00000000
PolyBezier - 0x0066CF5C 0x0026C7AC 0x0025FBAC 0x00000000
SetViewportExtEx - 0x0066CF60 0x0026C7B0 0x0025FBB0 0x00000000
SetViewportOrgEx - 0x0066CF64 0x0026C7B4 0x0025FBB4 0x00000000
SetWindowExtEx - 0x0066CF68 0x0026C7B8 0x0025FBB8 0x00000000
SetWindowOrgEx - 0x0066CF6C 0x0026C7BC 0x0025FBBC 0x00000000
OffsetViewportOrgEx - 0x0066CF70 0x0026C7C0 0x0025FBC0 0x00000000
SetBrushOrgEx - 0x0066CF74 0x0026C7C4 0x0025FBC4 0x00000000
GetDCOrgEx - 0x0066CF78 0x0026C7C8 0x0025FBC8 0x00000000
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeA - 0x0066CF80 0x0026C7D0 0x0025FBD0 0x00000000
GetFileVersionInfoA - 0x0066CF84 0x0026C7D4 0x0025FBD4 0x00000000
VerQueryValueA - 0x0066CF88 0x0026C7D8 0x0025FBD8 0x00000000
shell32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryFileA - 0x0066CF90 0x0026C7E0 0x0025FBE0 0x00000000
ShellExecuteA - 0x0066CF94 0x0026C7E4 0x0025FBE4 0x00000000
DragQueryFileW - 0x0066CF98 0x0026C7E8 0x0025FBE8 0x00000000
DragFinish - 0x0066CF9C 0x0026C7EC 0x0025FBEC 0x00000000
DragAcceptFiles - 0x0066CFA0 0x0026C7F0 0x0025FBF0 0x00000000
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleInitialize - 0x0066CFA8 0x0026C7F8 0x0025FBF8 0x00000000
OleUninitialize - 0x0066CFAC 0x0026C7FC 0x0025FBFC 0x00000000
comctl32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControls - 0x0066CFB4 0x0026C804 0x0025FC04 0x00000000
ImageList_Create - 0x0066CFB8 0x0026C808 0x0025FC08 0x00000000
ImageList_Destroy - 0x0066CFBC 0x0026C80C 0x0025FC0C 0x00000000
ImageList_GetImageCount - 0x0066CFC0 0x0026C810 0x0025FC10 0x00000000
ImageList_SetImageCount - 0x0066CFC4 0x0026C814 0x0025FC14 0x00000000
ImageList_Add - 0x0066CFC8 0x0026C818 0x0025FC18 0x00000000
ImageList_Replace - 0x0066CFCC 0x0026C81C 0x0025FC1C 0x00000000
ImageList_AddMasked - 0x0066CFD0 0x0026C820 0x0025FC20 0x00000000
ImageList_DrawEx - 0x0066CFD4 0x0026C824 0x0025FC24 0x00000000
ImageList_DrawIndirect - 0x0066CFD8 0x0026C828 0x0025FC28 0x00000000
ImageList_Remove - 0x0066CFDC 0x0026C82C 0x0025FC2C 0x00000000
ImageList_Copy - 0x0066CFE0 0x0026C830 0x0025FC30 0x00000000
ImageList_BeginDrag - 0x0066CFE4 0x0026C834 0x0025FC34 0x00000000
ImageList_EndDrag - 0x0066CFE8 0x0026C838 0x0025FC38 0x00000000
ImageList_DragEnter - 0x0066CFEC 0x0026C83C 0x0025FC3C 0x00000000
ImageList_DragLeave - 0x0066CFF0 0x0026C840 0x0025FC40 0x00000000
ImageList_DragMove - 0x0066CFF4 0x0026C844 0x0025FC44 0x00000000
ImageList_DragShowNolock - 0x0066CFF8 0x0026C848 0x0025FC48 0x00000000
_TrackMouseEvent - 0x0066CFFC 0x0026C84C 0x0025FC4C 0x00000000
ws2_32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
closesocket - 0x0066D004 0x0026C854 0x0025FC54 0x00000000
connect - 0x0066D008 0x0026C858 0x0025FC58 0x00000000
ioctlsocket - 0x0066D00C 0x0026C85C 0x0025FC5C 0x00000000
getsockopt - 0x0066D010 0x0026C860 0x0025FC60 0x00000000
recv - 0x0066D014 0x0026C864 0x0025FC64 0x00000000
select - 0x0066D018 0x0026C868 0x0025FC68 0x00000000
send - 0x0066D01C 0x0026C86C 0x0025FC6C 0x00000000
setsockopt - 0x0066D020 0x0026C870 0x0025FC70 0x00000000
shutdown - 0x0066D024 0x0026C874 0x0025FC74 0x00000000
socket - 0x0066D028 0x0026C878 0x0025FC78 0x00000000
WSAStartup - 0x0066D02C 0x0026C87C 0x0025FC7C 0x00000000
WSACleanup - 0x0066D030 0x0026C880 0x0025FC80 0x00000000
WSAGetLastError - 0x0066D034 0x0026C884 0x0025FC84 0x00000000
__WSAFDIsSet - 0x0066D038 0x0026C888 0x0025FC88 0x00000000
wsock32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
gethostbyaddr - 0x0066D040 0x0026C890 0x0025FC90 0x00000000
gethostbyname - 0x0066D044 0x0026C894 0x0025FC94 0x00000000
WSAStartup - 0x0066D048 0x0026C898 0x0025FC98 0x00000000
Memory Dumps (30)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
devoptisys.exe 2 0x00400000 0x00690FFF Relevant Image False 32-bit 0x0040FCC0 False
...
devoptisys.exe 4 0x00400000 0x00690FFF Relevant Image False 32-bit 0x0040FCC0 False
...
devoptisys.exe 4 0x00400000 0x00690FFF Process Termination False 32-bit - False
...
devoptisys.exe 8 0x00400000 0x00690FFF Relevant Image False 32-bit 0x0040FCC0 False
...
buffer 8 0x017D1AE8 0x017D2C7F Final Dump False 32-bit - False
...
buffer 8 0x017D2C88 0x017DAC87 Final Dump False 32-bit - False
...
buffer 8 0x017DAC90 0x017E2C8F Final Dump False 32-bit - False
...
buffer 8 0x017E2C98 0x017EAC97 Final Dump False 32-bit - False
...
buffer 8 0x017EACA0 0x017F2C9F Final Dump False 32-bit - False
...
buffer 8 0x017F2CA8 0x017FACA7 Final Dump False 32-bit - False
...
buffer 8 0x017FACB0 0x01802CAF Final Dump False 32-bit - False
...
buffer 8 0x01802CB8 0x01842CB7 Final Dump False 32-bit - False
...
buffer 8 0x01842CC0 0x0184ACBF Final Dump False 32-bit - False
...
buffer 8 0x0184ACC8 0x01852CC7 Final Dump False 32-bit - False
...
buffer 8 0x01852CD0 0x0185ACCF Final Dump False 32-bit - False
...
buffer 8 0x0185ACD8 0x01862CD7 Final Dump False 32-bit - False
...
buffer 8 0x018634E8 0x0186B4E7 Final Dump False 32-bit - False
...
buffer 8 0x0186B4F0 0x018734EF Final Dump False 32-bit - False
...
buffer 8 0x01877368 0x0187F367 Final Dump False 32-bit - False
...
buffer 8 0x0187F370 0x0188736F Final Dump False 32-bit - False
...
buffer 8 0x018896C0 0x018916BF Final Dump False 32-bit - False
...
buffer 8 0x018916C8 0x018996C7 Final Dump False 32-bit - False
...
buffer 8 0x0189DFA0 0x018A5F9F Final Dump False 32-bit - False
...
buffer 8 0x018A5FA8 0x018ADFA7 Final Dump False 32-bit - False
...
buffer 8 0x018ADFB0 0x018B5FAF Final Dump False 32-bit - False
...
buffer 8 0x018B6FC0 0x018B8157 Final Dump False 32-bit - False
...
buffer 8 0x03FF0048 0x04030047 Final Dump False 32-bit - False
...
buffer 8 0x04030050 0x0407004F Final Dump False 32-bit - False
...
buffer 8 0x04070058 0x040B0057 Final Dump False 32-bit - False
...
devoptisys.exe 8 0x00400000 0x00690FFF Final Dump False 32-bit - False
...
C:\Users\RDhJ0CNFevzX\netstat.txt Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 1.78 KB
MD5 c6b9c6b86db25a9f771e01536e2e4d3c Copy to Clipboard
SHA1 a176032949cbd18be3d8dfd5e757d9fd62e0ec3d Copy to Clipboard
SHA256 2cd15e7cc01bfa633f0db4388c104b1ab81706fc20d96aa798e4ee698090267d Copy to Clipboard
SSDeep 48:Ai++SNbRXGmGcE3zc0q1AjTjJfEFEsVdVrTA:01xhGDcEjc0q1AjTjJfEFEsVdVrTA Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\ipconfig.txt Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 775 Bytes
MD5 12368ed39cc22d75a3070bdac1a320bf Copy to Clipboard
SHA1 21798c8766d861352cc6676d3e13589de1fa2f65 Copy to Clipboard
SHA256 bf503e0f96fff818da5c61fc6446c8613d294f16c3c69023ab6ca8723039c5cb Copy to Clipboard
SSDeep 24:IOcspTGis6AlAPLw8Rx+Dw8bVBQNXw2XRo:IYfZhqxkM Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\549752664064_10.0_RDhJ0CNFevzX.ini Dropped File Unknown
Clean
...
»
MIME Type application/x-wine-extension-ini
File Size 235 Bytes
MD5 015258aeb4face479031a3469616afb7 Copy to Clipboard
SHA1 483169f013cc8d74066a39f434802049ab3dbbc8 Copy to Clipboard
SHA256 ee30c8689c85917a525488ab7002d2179866ba1f8c7c8c7b994a4d86bb690c92 Copy to Clipboard
SSDeep 6:1MU9DW0TgkLXbLwOc9NvapzRMUnhC0r+THjjHqfvn:GWKOLLs9a5RMUh8THvqH Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\549752664064_10.0_RDhJ0CNFevzX.ini Dropped File Unknown
Clean
...
»
MIME Type application/x-wine-extension-ini
File Size 235 Bytes
MD5 d1fc81ab6b25cf10a330facabf182a97 Copy to Clipboard
SHA1 7063817bc036b919e2d0cf06292ad284a0e61000 Copy to Clipboard
SHA256 91e46da198cf5e6c13fd7c944367d0faf8d0add51d19411f889c60714bab640c Copy to Clipboard
SSDeep 6:1MU9DW0TgkLXbLwOc9NvapzRMUnhC0r+THjjHJvn:GWKOLLs9a5RMUh8THvh Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\549752664064_10.0_RDhJ0CNFevzX.ini Dropped File Unknown
Clean
...
»
MIME Type application/x-wine-extension-ini
File Size 216 Bytes
MD5 53b23e9a2a412efb921e9d1c79719efb Copy to Clipboard
SHA1 863da8d6031019d84f6657e3859490028fa6d1bd Copy to Clipboard
SHA256 b29e3880621abec3d1a0707a917576ee09495b7b5633b9a26832dfd664a3cb00 Copy to Clipboard
SSDeep 6:1MU9DW0TgkLXbLwOc9NvapzRMUnhC0r+THjjHi:GWKOLLs9a5RMUh8THvi Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\549752664064_10.0_RDhJ0CNFevzX.ini Dropped File Unknown
Clean
...
»
MIME Type application/x-wine-extension-ini
File Size 216 Bytes
MD5 47758c2e19fc72b25697e99c7288a13e Copy to Clipboard
SHA1 71a9be5c5b09fd00d2bc6bd90bc9323d280503c1 Copy to Clipboard
SHA256 4a4d3e0fbbae1b2fbfc23dfc7fba7baab479ed603505d3a27440c93ced0854d6 Copy to Clipboard
SSDeep 6:1MU9DW0TgkLXbLwOc9NvapzRMUnhC0r+THjjHp:GWKOLLs9a5RMUh8THvp Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\549752664064_10.0_RDhJ0CNFevzX.ini Dropped File Unknown
Clean
...
»
MIME Type application/x-wine-extension-ini
File Size 216 Bytes
MD5 6a9bb40ed89c11a5466da1574b7e58d3 Copy to Clipboard
SHA1 28dbc51d4dd8cecd5f6426549b254f28961f68c7 Copy to Clipboard
SHA256 8a0ee73a80d4f8ee24928369c4107c92c1fedc80adc80e569489f6f46b453148 Copy to Clipboard
SSDeep 6:1MU9DW0TgkLXbLwOc9NvapzRMUnhC0r+THjjHs:GWKOLLs9a5RMUh8THvs Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\549752664064_10.0_RDhJ0CNFevzX.ini Dropped File Unknown
Clean
...
»
MIME Type application/x-wine-extension-ini
File Size 213 Bytes
MD5 b0ed8b342821cea3fec6901605f7b76e Copy to Clipboard
SHA1 745b6ab7fe4a54b9f4f0c5bc504aef0edbbf39c3 Copy to Clipboard
SHA256 3411d0be81cc9ea180def3521a01715d26ddba2294a9b87c905518f575d692c1 Copy to Clipboard
SSDeep 6:1MU9DW0TgkLXbLwOc9HcblMUnhC0r+THjjHs:GWKOLLs8hMUh8THvs Copy to Clipboard
ImpHash -
842914e746afd743c0b4319b2ccb1d80f1e88ec1c162cbd70112d81e68f7c5c0 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 2.03 KB
MD5 c24ee1ff4117c3f8c541e0cca00e0c94 Copy to Clipboard
SHA1 0b117a0499db5f5ce2e165fa1d8e13fadcb81f1b Copy to Clipboard
SHA256 842914e746afd743c0b4319b2ccb1d80f1e88ec1c162cbd70112d81e68f7c5c0 Copy to Clipboard
SSDeep 48:OnChie5J5NI6M/nkdezPVQIPdgb9F13YTwuZ+wc6Vb:OeD5NIpkmPdgbVYhZ+ON Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
a0a1b573a6b491299c13d2728ee7bd0ea9417ab35183eefe55cca090ffd535c3 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 1.78 KB
MD5 11ce57ca14e3dece5a90a1268158ba9f Copy to Clipboard
SHA1 3fb25fc2f5983feaa1b7c46043123a08617268ae Copy to Clipboard
SHA256 a0a1b573a6b491299c13d2728ee7bd0ea9417ab35183eefe55cca090ffd535c3 Copy to Clipboard
SSDeep 48:2lkwXWTq0mPV5Ea8K7ENmo9iVnfruWDaGPDq0:2OrYg4+6fpaY Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
b8748c0322852287a898da843a4dea7d581151ae42aa920fcd6eed2c69d098cc Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 1.76 KB
MD5 038bed7ce6b4ea50338f36467d216aef Copy to Clipboard
SHA1 217ca008458cdfcb17f58fc29c9482636a5a0edd Copy to Clipboard
SHA256 b8748c0322852287a898da843a4dea7d581151ae42aa920fcd6eed2c69d098cc Copy to Clipboard
SSDeep 48:P+zX5o2s4UJ/FAsgwbyTp31PwaH1Yv3lxGDnCOqsdqz:P+zzdUhWsBuLR2v3/kq5z Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
98448c1a43b72867ac08344f25e5faa5b55dbfb474c0adb91de05efa034c03c1 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 1.54 KB
MD5 1f784578b55ab7ea7ce0c69b5dba5bda Copy to Clipboard
SHA1 82f73350403b3dc86a1aa4726abca8ed422caa10 Copy to Clipboard
SHA256 98448c1a43b72867ac08344f25e5faa5b55dbfb474c0adb91de05efa034c03c1 Copy to Clipboard
SSDeep 48:CtFYmAqdQFfCbNsRMT8hQBo3ivOvE7WHDTGyz:YYOofzyTxBiHXGyz Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
b965e37e3bb998029faf25df2fa9bef5b3c4e4f7d52054e1b707c1b1cc1d5ed1 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 1.50 KB
MD5 7ce226dde7656ff1c1ded9bde7389884 Copy to Clipboard
SHA1 569ea8f3d474a12b98b7752d6b9454480eb7c789 Copy to Clipboard
SHA256 b965e37e3bb998029faf25df2fa9bef5b3c4e4f7d52054e1b707c1b1cc1d5ed1 Copy to Clipboard
SSDeep 48:rEDJD/+60gE3Ga0gkzbJecXkDY0z1cr6L:rEDJD/+60jGa0ge947Bci Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
e75d2f5b882d37aad4a527ff7727d9e7645c57b02e7a4fe47651db0571672235 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 1.39 KB
MD5 ca1508457a323e56e24d2115e26064c9 Copy to Clipboard
SHA1 1ba13d43af9a79981639dfb356d7f5f1638586f5 Copy to Clipboard
SHA256 e75d2f5b882d37aad4a527ff7727d9e7645c57b02e7a4fe47651db0571672235 Copy to Clipboard
SSDeep 24:CtZS5hhAcV4Hk/MTnHeR8yJNyuWvD2r+nix8W11Jro2MsR3zHEy1VERcjHuUUD4O:CtE5huHkkTnHIfJNyuWLY++911Jro2Mb Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
4a24971851c42fb80e201a33239dc4573b65a922bb90653b23bb344c4eb6b878 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 1.33 KB
MD5 cccdb6845bea895aae0a898c4c9523f7 Copy to Clipboard
SHA1 f83d81c5240f1943778866e6ef89463c4a8c1783 Copy to Clipboard
SHA256 4a24971851c42fb80e201a33239dc4573b65a922bb90653b23bb344c4eb6b878 Copy to Clipboard
SSDeep 24:ltqh4sLOPv24Mmf8Qdh7cLcX0BTti1S1pvI4KV8ceXwRGUGW3kVAG5:lt04sqPthd9qJti1aFInyJXwXVIAG5 Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
f185f322e2041074006f7b816914afda83fa7e90265490bf3fe1c24a11e62176 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 1.29 KB
MD5 78c3c39f5162e83dda947303052af1ef Copy to Clipboard
SHA1 79ca235572964c24d0b0860cfd4eb79521942c43 Copy to Clipboard
SHA256 f185f322e2041074006f7b816914afda83fa7e90265490bf3fe1c24a11e62176 Copy to Clipboard
SSDeep 24:CtkROVwwOU3/x4q/lKRX1ID0/oSqJfYIaSzK9ywmWkHQNrhIhga:Ct+cx3/x4UelID0gSqJfYduKMLPHQhhg Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
408da8e699df3b28f178859773ef0a3bae5bb98e6359a37335b71efcea534fed Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 1.26 KB
MD5 b68a0e5a62091edf8322b193b5101b4a Copy to Clipboard
SHA1 f8a90ca769f51dc3cab6696dcc321374a571bf08 Copy to Clipboard
SHA256 408da8e699df3b28f178859773ef0a3bae5bb98e6359a37335b71efcea534fed Copy to Clipboard
SSDeep 24:uXYA3/K2nyxMMEx5O4gXgaRdF7CPfoxDvHvvHeKyBjY+9EvRq0q8K6:uXYA3yE/pOZTZCPwlHv7yv9T0l/ Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
e8083d39b49e33edb47eff8fcafa5a5507a5e5a4c558c6b1e151b1d27f1aa2e8 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 1.17 KB
MD5 c281a508e9e84e3eff251bdc8e93b8ba Copy to Clipboard
SHA1 315eb4b996ff45df7dc60a23024a87b68ea5caa3 Copy to Clipboard
SHA256 e8083d39b49e33edb47eff8fcafa5a5507a5e5a4c558c6b1e151b1d27f1aa2e8 Copy to Clipboard
SSDeep 24:Ctz6O/T1aJtXwwDezj04x+Xfh0U+MnE9eCP9b6:CtzhToXwwa3vx+k9eE6 Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
18e20847b3a4ce78202efc0da5d396028e6bddf8a7cbe47877172c50c26b4a6e Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 1.06 KB
MD5 da09513d7fb95c7f9f6c13278bbbf958 Copy to Clipboard
SHA1 0e74cdf088bcc4057662f0a2218217720cb0296d Copy to Clipboard
SHA256 18e20847b3a4ce78202efc0da5d396028e6bddf8a7cbe47877172c50c26b4a6e Copy to Clipboard
SSDeep 24:ltre3hfpL2HxyA/GgxT9QwZ1gcKYEbe8OVzCOgMcJo0:ltre3tYYA+UBJz9Ebevw9v Copy to Clipboard
ImpHash -
e9aee2a7155c4de9910decbf5b27c255d82d0c39e0ebc3baa365944fc376c376 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 960 Bytes
MD5 e4308c42eac8f39c9245973717aeb5fe Copy to Clipboard
SHA1 b0be140dd3b6571b06e48c8eaf3ebc4405bb76b3 Copy to Clipboard
SHA256 e9aee2a7155c4de9910decbf5b27c255d82d0c39e0ebc3baa365944fc376c376 Copy to Clipboard
SSDeep 24:ltQIEoCflQC/xc6+75NL5/XH30PnUrVOUw4W/fo:ltBEc6S5NLh6nUhOljfo Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
0ccb16682f13a75b29a8e19d71cc2b33eb8bbd7ce04a8871a06a791f269c943b Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 925 Bytes
MD5 32edfa0e03bf318473045a640616cefa Copy to Clipboard
SHA1 ebaaaad92435ad341172a7cb00e8fa6cf20d1ebb Copy to Clipboard
SHA256 0ccb16682f13a75b29a8e19d71cc2b33eb8bbd7ce04a8871a06a791f269c943b Copy to Clipboard
SSDeep 24:CtrswMtZ8IHbF5FmWIk5l40Xni6wlo9BiLsmDspi+Z:Ct4wMtZ8IB50W3Zwlopo6i+Z Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
099125b54dbc4290932166f8833c62050782e085db727094f378b659d9df9fbf Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 893 Bytes
MD5 285cf3fe937c627358c0bb97980abb7b Copy to Clipboard
SHA1 82e9e0afcdbd8fa63457f700509985323224f921 Copy to Clipboard
SHA256 099125b54dbc4290932166f8833c62050782e085db727094f378b659d9df9fbf Copy to Clipboard
SSDeep 24:Xtffdo71oUP4jRFBo8KarfCok14H5ejjGm:Xt3do7DiRFBrlrfCiejjGm Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
c7055a97d4bf7b106f58c00070a22b1d09082344cf40685f98f8d1c433327a0c Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 876 Bytes
MD5 a9fed5a6d5d78aa7d5e9376712c4cb95 Copy to Clipboard
SHA1 e19334532caee6fe00a34d95cd7bdbaee8bf22e6 Copy to Clipboard
SHA256 c7055a97d4bf7b106f58c00070a22b1d09082344cf40685f98f8d1c433327a0c Copy to Clipboard
SSDeep 24:CtQb+HewVUC1E7YwI2rfmZry4SWDSqapxx:CtWuecUL7Rr8TIfx Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
5787581fc804c120df743e12098f08ce58b272006253a06d5fbb4076541d97ae Extracted File Image
Clean
Known to be clean.
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 865 Bytes
MD5 c783712d2f467f92b7abae4bf3553d00 Copy to Clipboard
SHA1 16b775c72c6f5b0d61908791a86d6bdec2337bd7 Copy to Clipboard
SHA256 5787581fc804c120df743e12098f08ce58b272006253a06d5fbb4076541d97ae Copy to Clipboard
SSDeep 24:lt2PKzxWJVi2rKGkQWkJF9nQ0XrWSv2i7EokLlz:ltjzxyieWkT9Q0Xrci69 Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
e106f7f299d78e4dca40450883bb093f7cd1378d53983b867b7cef9993bd02f8 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 838 Bytes
MD5 74578a5f621cc9eff83f9c938afbdabd Copy to Clipboard
SHA1 21816769c8c0edc8ef93f7b545748eefdefc5d6f Copy to Clipboard
SHA256 e106f7f299d78e4dca40450883bb093f7cd1378d53983b867b7cef9993bd02f8 Copy to Clipboard
SSDeep 24:lt33e/p6yR+iNQRfnRYsdaGH98LGVTkyL8oK2c:lt33eBlAZ188QyL8H2c Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
77d24a01ad76c86290bb45b9bd614621f3d66c8da9ded252c181bfefacf277f6 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 804 Bytes
MD5 d4091bd24345012fb272e82e2e73c9df Copy to Clipboard
SHA1 8bfcf3cd784a22bf3ae94a2964e5bf3910624552 Copy to Clipboard
SHA256 77d24a01ad76c86290bb45b9bd614621f3d66c8da9ded252c181bfefacf277f6 Copy to Clipboard
SSDeep 12:6v/7i8tZVWaphhlJHwoOQrSoAlXbPnqeCULffb0bBEWM8eBRNptMwNGeXczf55cG:Ct/XlBDOq/AzqPULHWMBEwCl5DCXU Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
4fc8467a6cee88ea4399139aede19a67b3fb8a709f260de13508a47409e0da69 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 789 Bytes
MD5 532d40c96c2f2b94e08c5aeb1307c54d Copy to Clipboard
SHA1 22acbd579bcbb839175e4c8064065fde0958ab46 Copy to Clipboard
SHA256 4fc8467a6cee88ea4399139aede19a67b3fb8a709f260de13508a47409e0da69 Copy to Clipboard
SSDeep 24:Cts0oqNkBsQ9oFyq0MPI7gSVICBsIjKN9x:CtsJS7qoFyq/Cy Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
19a618dad57c410b9c3abc6b440f02c5f2216a913eed8d3365a41c094d069f5e Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 745 Bytes
MD5 d7184543028c41befed65d5cae53da2b Copy to Clipboard
SHA1 fa39883998a474a3e96f96c48d8bcaca0d19d4b5 Copy to Clipboard
SHA256 19a618dad57c410b9c3abc6b440f02c5f2216a913eed8d3365a41c094d069f5e Copy to Clipboard
SSDeep 12:6v/7ytZOzHvP/nSBnChA+YlceP+X3zWFbHR8NAzyoUsSGqSEzbc0lDepu7:ltAPHnSRfbaeWnzWFbaNAusS2EzbVlDl Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
63113b2d9cdf6daebdf9b8e6207983a09ab70a2f95140f2acc7bb4c7484577c9 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 730 Bytes
MD5 2e83ff09960657ea2ca422b8300df081 Copy to Clipboard
SHA1 84986b91380f96692fb5c53c039adc2eecfc16d2 Copy to Clipboard
SHA256 63113b2d9cdf6daebdf9b8e6207983a09ab70a2f95140f2acc7bb4c7484577c9 Copy to Clipboard
SSDeep 12:6v/7wtZ0kJVdZTXTy/TgTIIG9ApQcGrcqflkzYvvpPd/dJsiEr0P2rXQMlrg2a/R:Xthf6/yI90+DlIYn9BdjEr0eL9lrQ/R Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
84f0654345776a6ca545dd69990e34d06020012ccca8b402fda87b5b1428eb82 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 684 Bytes
MD5 bf04e2ff00f6977db5fb30d048f1d661 Copy to Clipboard
SHA1 93d370c7232a694337240c3f081efbf866f2b8bb Copy to Clipboard
SHA256 84f0654345776a6ca545dd69990e34d06020012ccca8b402fda87b5b1428eb82 Copy to Clipboard
SSDeep 12:6v/7ytZdIgV1Z5LbPqlWxzN428FMq44dduc8K2UHNbK:lt3IgDq4n42UZ44/uc8K22W Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
8deca71c2daf7bb420244740748e86446b307af93a9c3ee2a13d1bc082b33a10 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 633 Bytes
MD5 ee31c0e37f7d53d7baa70a77a021689f Copy to Clipboard
SHA1 5bd438e8bf530fa380568bce19f563ab610fecc3 Copy to Clipboard
SHA256 8deca71c2daf7bb420244740748e86446b307af93a9c3ee2a13d1bc082b33a10 Copy to Clipboard
SSDeep 12:6v/7wtZX8c/dZeA9CV1ErvMMVdydn6iqlNP1Buh/N:XtRL/dIbEIMVdy3qlzO/N Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
a2bcef8d11e19e0cd18e2920871c294e4007a603cee95b29511579171515d9fe Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 620 Bytes
MD5 307d78d0fcc372876c5d8b5555c9be0a Copy to Clipboard
SHA1 5a7691099dffcc723c6729dcba55b7857410561e Copy to Clipboard
SHA256 a2bcef8d11e19e0cd18e2920871c294e4007a603cee95b29511579171515d9fe Copy to Clipboard
SSDeep 12:6v/7wtZUy3izQrXLt9ESSaUDgNo0SnPO4Fk7uSAFZNjlipacDG4JU4/M9:Xt6y3i6XLMS1Sg6k7u5FZNh9B Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
b91661b56ba60fd88d0436280b0b319aaf4a741ec715873bd0b50f126f17bef7 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 612 Bytes
MD5 a6e78d8e24b8e353052e2249d6f9aeab Copy to Clipboard
SHA1 b64ebfc6e638460c18be138bc4fe269e2ca87e2e Copy to Clipboard
SHA256 b91661b56ba60fd88d0436280b0b319aaf4a741ec715873bd0b50f126f17bef7 Copy to Clipboard
SSDeep 12:6v/7wtZh6XCliIiPQy4veNCyBnTR7DvHMwdycuUQJH:Xt3OQy4vkbzd9u9 Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
214ccdf39043a8af0bdc8321ca3015bb57fafbde737a7a2440f5d6f6843458ab Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 584 Bytes
MD5 e749d8a8a8c0eb219b5a9fdbeb119e49 Copy to Clipboard
SHA1 f64af6bb8c15c5c6ffbf1d772a327d7aa92cba2c Copy to Clipboard
SHA256 214ccdf39043a8af0bdc8321ca3015bb57fafbde737a7a2440f5d6f6843458ab Copy to Clipboard
SSDeep 12:6v/7i8tZok56CHO0YWf3wZzyeW8LYN/OBPiOccl4uVmUWlU+u1:Ctn6D0YKYWeWBOBPiGlGq+u1 Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
da2fa5885361bf6dec84d6d406485acb0d6775bcd7b80321f00c73a1cd4f0cc2 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 579 Bytes
MD5 7e23fdd721429b45ecbad6496d2dae59 Copy to Clipboard
SHA1 36c4f743d016af2fb3b342bc2a172b22bdea34cb Copy to Clipboard
SHA256 da2fa5885361bf6dec84d6d406485acb0d6775bcd7b80321f00c73a1cd4f0cc2 Copy to Clipboard
SSDeep 12:6v/7ytZtH3dibaSDwPEqPFjsD41jCjHp4mk8o+7:ltLwtDwsqPFjRUHpy8o+7 Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
5337cd89b2f10858d9e0737dc9b4508a91f53698e2ae9c0b71b37434cb0f285f Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 579 Bytes
MD5 94fbab09356fb40ed84a76c2992540a1 Copy to Clipboard
SHA1 c8254567dcfb2d1869f3992ac7828452a8da568b Copy to Clipboard
SHA256 5337cd89b2f10858d9e0737dc9b4508a91f53698e2ae9c0b71b37434cb0f285f Copy to Clipboard
SSDeep 12:6v/7i8b6jaZtH346beiShajJJHSx1e9omUNVmJNKeGTJSubYuk0k:C2OLIINJH2iomTX1YSuEu9k Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
9275ef0f309be9754a5586f730cb3164bd9a81351dd34db4ed0896fd046556a7 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 575 Bytes
MD5 c5e8ca4845eb66e9c2950221372e4860 Copy to Clipboard
SHA1 67202fa11440f39264725f6341d2fcd694899ba3 Copy to Clipboard
SHA256 9275ef0f309be9754a5586f730cb3164bd9a81351dd34db4ed0896fd046556a7 Copy to Clipboard
SSDeep 12:6v/7i8b6jaZJWYK9dy/On9Fe1LmAW9EmGaiCbb/4Ooy0HJ302/LKxOP2lurN:C2OS9oG9ok2w7w/HJt/LtGMN Copy to Clipboard
ImpHash -
3469503fc64c55815809de519c47ab160a5a99d4c18caa743b4384ee0a724ae6 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 550 Bytes
MD5 ad478e2ee5154b8492c9f316ecbcf739 Copy to Clipboard
SHA1 0f23c1f7d2fc79d82b59e724cab55bf7a388e37d Copy to Clipboard
SHA256 3469503fc64c55815809de519c47ab160a5a99d4c18caa743b4384ee0a724ae6 Copy to Clipboard
SSDeep 12:6v/7wtZm/B9ll/iywYaXAHrk3Jf6sD+YoaIlu7RqxcpLVpa:Xt4/lxi3AHrk34M+9aiqhp/a Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
1714c78207dc35876976b442ca8f89d6abd79962e35ddc661d2e39a443488342 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 512 Bytes
MD5 872f3d91184b9b898af7c9a09dca0c5c Copy to Clipboard
SHA1 4f22a72788bd4bab52fd1b8382936025869538fc Copy to Clipboard
SHA256 1714c78207dc35876976b442ca8f89d6abd79962e35ddc661d2e39a443488342 Copy to Clipboard
SSDeep 12:6v/7ytZQticKvzYl5FYnvLIyMWMrKljoHr2ac:lteMDUl3KvECqgayn Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
984bbca1cc2a014b08b9f4a8fd8ee9068c3f4f23b77730ededb08cb9da7fda42 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 489 Bytes
MD5 1df91cde9ced88dfa76117c618c94764 Copy to Clipboard
SHA1 75868130a2d71fb563126576f6c2d1a3fcdeaa27 Copy to Clipboard
SHA256 984bbca1cc2a014b08b9f4a8fd8ee9068c3f4f23b77730ededb08cb9da7fda42 Copy to Clipboard
SSDeep 12:6v/7wtZG7X1wW0OWQ1ejL9WUNiVa3yHC0K+HagIs2WzUoX:XtE7XqF/QKRp+Cv+Ha+2SUs Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
2af5eb4a28229e28e77d4850a7e96ad7bddf8a3ac5dbcede469b1be2505182ba Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 461 Bytes
MD5 c0a13ecc30e2f7aec7e4d3daf93fd29d Copy to Clipboard
SHA1 6ddaa4ee933dc3641d148eec6732943c987a0b6f Copy to Clipboard
SHA256 2af5eb4a28229e28e77d4850a7e96ad7bddf8a3ac5dbcede469b1be2505182ba Copy to Clipboard
SSDeep 6:6v/lhPysQ9hm+jdKcnH9fFStQLj8a+FAevh1XR7PWSlGISdg853+aq1g28eB0VRG:6v/7wtZH3PL6nhHLLl4v+7FB+x6GGM+ Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
777ca72dc7a8b663b47156656cc736a7e895a2905d88c18cc7c9644fbddac237 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 433 Bytes
MD5 20cdb4019769362ee605b52cc63e491d Copy to Clipboard
SHA1 2428983c86abab034517f2afb88972bd09141468 Copy to Clipboard
SHA256 777ca72dc7a8b663b47156656cc736a7e895a2905d88c18cc7c9644fbddac237 Copy to Clipboard
SSDeep 12:6v/7yObvZTpIz+X1NJY7VJugwlsjNqMYEodW:lMvUyXRY7VJtQ6NqLlW Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
e43fa1c7c8d01e8f09c09a6ebac6b07bdd8b5f732f422e3e1458b1f248af3872 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 404 Bytes
MD5 ff35eba5192f4b70b51a96e71123c8ed Copy to Clipboard
SHA1 0a58b084c480dd7f7d28a41968fcb79c939d764b Copy to Clipboard
SHA256 e43fa1c7c8d01e8f09c09a6ebac6b07bdd8b5f732f422e3e1458b1f248af3872 Copy to Clipboard
SSDeep 12:6v/7yObvZ6OwAQhhui/wIJ8WMc3dwq7CYRR:lMv8OYhhV/wItD7CY3 Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
3dbd71020e4826cd755c9cdfdf04b21be018543f35d6e9451ff06b488e675782 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 381 Bytes
MD5 7c78f540f586c6b00975b71e26b57577 Copy to Clipboard
SHA1 3d8c831d13e6029ebb7d187d5dbc4f01772fe9d7 Copy to Clipboard
SHA256 3dbd71020e4826cd755c9cdfdf04b21be018543f35d6e9451ff06b488e675782 Copy to Clipboard
SSDeep 6:6v/lhPysQtPujdKcpXHklQlgw/mos0jv36+WNFUI7Mj60VEuOwx1gXnpHmWai5YP:6v/7wEZlRP6+sUMMGdgyXnJmWapiycsx Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
7ee27d6d1cb9dd888a3a5a557b298d3eae41f24c5ba3b0b32a8080065f1b5428 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 376 Bytes
MD5 a787faf2df8129f4ce9c900e0eaaf1e2 Copy to Clipboard
SHA1 185fd18332fe051f02f0532cfb87ccfd960ca27b Copy to Clipboard
SHA256 7ee27d6d1cb9dd888a3a5a557b298d3eae41f24c5ba3b0b32a8080065f1b5428 Copy to Clipboard
SSDeep 6:6v/lhPysQ9hm+jdKcvAkCmbvFT77R43F6IlCOnMadVWpbZKGBQkzmPCJu/AvuHAV:6v/7wtZ/CGp/EgaMadVvG7z4CJGmR Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
5fca6f0494825f91674d7b0991fed54d37656318b5438119ef14abe942a4568e Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 367 Bytes
MD5 fe2f3a031d5dc85d4175f25e5ed24a4a Copy to Clipboard
SHA1 cf169feb1fbe0bbf9cd312a937450b2469c457d9 Copy to Clipboard
SHA256 5fca6f0494825f91674d7b0991fed54d37656318b5438119ef14abe942a4568e Copy to Clipboard
SSDeep 6:6v/lhPysQtPujdKcV1PesUVuHNxEDpPpUV+M0J2Xq0OobS4VnGAWFHuNv6qDw5tI:6v/7wEZV1mnZRkzw2Xq0S8XeQzOm9 Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
84ca1578ef156a0bc84cb9d9d5d176620109b231dda4ba244450eaf6055f0857 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 354 Bytes
MD5 52e99349624c999fd7d1c8e7012db9cc Copy to Clipboard
SHA1 76cf6674ed2b6f9640df31bf15411d0cbb6a10bd Copy to Clipboard
SHA256 84ca1578ef156a0bc84cb9d9d5d176620109b231dda4ba244450eaf6055f0857 Copy to Clipboard
SSDeep 6:6v/lhPIcssQ9hm+jdKcFtTFfpHcuuWe+z3We6UFJqCzCtQuIpU1v7tjhaXp:6v/7D2tZFtTFfdctWeMme/FJG7eIjtjI Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
6002ad2939e01c4213afa5139a59e7d5ade74a3f23c9631e5048e5c17047e254 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 349 Bytes
MD5 4adc5763893d08a9b2cd651abced1f77 Copy to Clipboard
SHA1 ca2a2b945c18f2bd97495b1c95fc0df60799953d Copy to Clipboard
SHA256 6002ad2939e01c4213afa5139a59e7d5ade74a3f23c9631e5048e5c17047e254 Copy to Clipboard
SSDeep 6:6v/lhPIcssQ9hm+jdKcJq/+6terQJMveG6PRO9bZwoXeKG/UwplXp:6v/7D2tZ1uAOGYg9bZwoOKGtZ Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
eca821a2347305c0f5e3f3526026b23bdcbcdae775c84726140b446b3bef83f7 Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 301 Bytes
MD5 60ba153b0cd471db98849e99e6f59764 Copy to Clipboard
SHA1 18d771c7116b2bd84acb78b45d090b69e3e48427 Copy to Clipboard
SHA256 eca821a2347305c0f5e3f3526026b23bdcbcdae775c84726140b446b3bef83f7 Copy to Clipboard
SSDeep 6:6v/lhPZNQ7rPRA4dKcZc2BAGJQ4t9XQU0g40mHIhwwjm++wRSnnLeup:6v/7R27VAcZEMrXQU0behwsOwoLec Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
828552b82b42ce737cc387976880aad36629bf16d63c029153a0cbeec0d6a05b Extracted File Image
Clean
...
»
Parent File C:\KaVBJI\dobaec.exe
MIME Type image/png
File Size 264 Bytes
MD5 4a82f96ee10b3098b1fd686d1a6d83ea Copy to Clipboard
SHA1 442c86083ff62696aff304605cae9eec4d7ae413 Copy to Clipboard
SHA256 828552b82b42ce737cc387976880aad36629bf16d63c029153a0cbeec0d6a05b Copy to Clipboard
SSDeep 6:6v/lhPZNQ7rPRA4dKcfyk5kjjjKPhJNyoGXtbp:6v/7R27VAcZKvvjKPhJKXL Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image