Project_Reboot_3.0.dll?ex=670c7d20&is=670b2ba0&hm=dca78df3f8d6766e62d5ec3bebd42d973ba587a8f1401a3067f81767b33c106e&

First submission 2024-10-13 20:18:01

File details

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	2092.0 KB (2142208 bytes)
Compile time:	2024-09-14 16:08:24
MD5:	6e9ddad2af0bb95b241ac92bd07282d7
SHA1:	fa35ba5239c7def50bd4b9481b3e7fcf4e44a218
SHA256:	6248b8a119344adca3ef9f9b9c920dae32abb061e5e365c041a3f6650c5c9903
Import Hash :	8a493cdd5f73e368024fd6dd71454181
Sections 6	.text .rdata .data .pdata .rsrc .reloc
Directories 5	import resource debug tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	8/77 VT report date: 2024-10-13 19:22:26
Malware Type 1	trojan

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://cdn.discordapp.com/attachments/1042567831570616431/1284516136993685545/Project_Reboot_3.0.dll?ex=670c7d20&is=670b2ba0&hm=dca78df3f8d6766e62d5ec3bebd42d973ba587a8f1401a3067f81767b33c106e&	cdn.discordapp.com	2024-10-13 20:18:01

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x173dc7	1523200	fcd2ffa4c8d2d1e137203c4b1a77f0322b04d71d	58e423b561075f6d455b1c359a1b6019
.rdata	0x175000	0x801e4	524800	25d43a1458bf89448c9335a630e04129b34c344c	33dc7000cd29dfdafea4b0e140c810a3
.data	0x1f6000	0xd770	35328	f2e8f32e01d3ab1191edb26594717be25a9ce2f5	1bb1379fb88b651cdc31d5e6a753ddd9
.pdata	0x204000	0xc240	50176	b349be59ec388b08c78c722a86d8722eb60a05da	b227317099eec7dd79918e71a03d3e0b
.rsrc	0x211000	0xf8	512	74b9c83e26fd2cabc3daf4ec67f61c0d2b9e0a40	e26841304580c214140c4e241d3b5a47
.reloc	0x212000	0x1bd4	7168	727dc5c2019d89714293007228dfd31088857b0c	0bc1b31a262172e993bc518acfad0b9f

PE Resources 1

Name	Language	Sublanguage	Offset	Size	Data
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x211060	145

Anti debug functions 5

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Temporary
%s.%s.tmp
Text
Playlists.txt
skins.txt
imgui_log.txt
ObjectsDump.txt
Weapons.txt
Library
ADVAPI32.dll
secur32.dll
d3d9.dll
api-ms-win-crt-utility-l1-1-0.dll
security.dll
api-ms-win-crt-string-l1-1-0.dll
VCRUNTIME140_1.dll
xinput1_3.dll
WS2_32.dll
api-ms-win-crt-time-l1-1-0.dll
xinput1_2.dll
xinput9_1_0.dll
IMM32.dll
KERNEL32.dll
api-ms-win-crt-environment-l1-1-0.dll
Crypt32.dll
USER32.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
msvcp140.dll
xinput1_1.dll
api-ms-win-crt-heap-l1-1-0.dll
xinput1_4.dll
api-ms-win-crt-stdio-l1-1-0.dll
IPHLPAPI.DLL
vcruntime140.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll

Strings analysis - Possible IPs found 29

127.0.0.1
2.5.4.8
2.5.4.9
2.5.4.6
2.5.4.7
2.5.4.4
2.5.4.5
2.5.4.3
2.5.4.72
68.134.74.228
1.2.0.4
26.66.97.190
2.5.4.10
2.5.4.11
2.5.4.12
2.5.4.13
2.5.4.17
1.3.14.3
2.5.4.45
101.3.4.2
2.5.29.19
2.5.4.65
2.5.29.17
2.5.4.46
2.5.29.18
2.5.4.44
2.5.4.43
2.5.4.42
2.5.4.41

Strings analysis - Possible URLs found 6

https://curl.se/docs/http-cookies.html
http://scripts.sil.org/ofl
file://
https://curl.se/docs/alt-svc.html
file://%s%s%s
https://curl.se/docs/hsts.html

Import functions

api-ms-win-crt-environment-l1-1-0.dll 1 api-ms-win-crt-filesystem-l1-1-0.dll 6 api-ms-win-crt-locale-l1-1-0.dll 2 api-ms-win-crt-time-l1-1-0.dll 3 api-ms-win-crt-convert-l1-1-0.dll 9 d3d9.dll 1 MSVCP140.dll 81 CRYPT32.dll 16 api-ms-win-crt-string-l1-1-0.dll 10 VCRUNTIME140_1.dll 1 api-ms-win-crt-runtime-l1-1-0.dll 18 KERNEL32.dll 81 api-ms-win-crt-math-l1-1-0.dll 15 api-ms-win-crt-utility-l1-1-0.dll 3 VCRUNTIME140.dll 16 ADVAPI32.dll 10 api-ms-win-crt-stdio-l1-1-0.dll 31 WS2_32.dll 36 api-ms-win-crt-heap-l1-1-0.dll 5 USER32.dll 30 IMM32.dll 5

Function	Address	Souspicious	Anti Debug
getenv	0x180175938

Function	Address	Souspicious	Anti Debug
_fstat64	0x180175948
_lock_file	0x180175950
_unlock_file	0x180175958
_unlink	0x180175960
_stat64	0x180175968
_access	0x180175970

Function	Address	Souspicious	Anti Debug
localeconv	0x1801759b0
___lc_codepage_func	0x1801759b8

Function	Address	Souspicious	Anti Debug
_gmtime64	0x180175c38
strftime	0x180175c40
_time64	0x180175c48

Function	Address	Souspicious	Anti Debug
strtod	0x1801758e8
strtoull	0x1801758f0
strtoul	0x1801758f8
atof	0x180175900
strtoll	0x180175908
strtof	0x180175910
wcstombs	0x180175918
strtol	0x180175920
atoi	0x180175928

Function	Address	Souspicious	Anti Debug
Direct3DCreate9	0x180175c78

Function	Address	Souspicious	Anti Debug
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z	0x1801753a0
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1801753a8
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ	0x1801753b0
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1801753b8
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1801753c0
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z	0x1801753c8
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z	0x1801753d0
??Bios_base@std@@QEBA_NXZ	0x1801753d8
?always_noconv@codecvt_base@std@@QEBA_NXZ	0x1801753e0
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A	0x1801753e8
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ	0x1801753f0
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A	0x1801753f8
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@PEAV32@@Z	0x180175400
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z	0x180175408
?sync_with_stdio@ios_base@std@@SA_N_N@Z	0x180175410
?_Random_device@std@@YAIXZ	0x180175418
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ	0x180175420
?_Xlength_error@std@@YAXPEBD@Z	0x180175428
_Mbrtowc	0x180175430
?_Xbad_alloc@std@@YAXXZ	0x180175438
?_Xbad_function_call@std@@YAXXZ	0x180175440
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ	0x180175448
?_Xout_of_range@std@@YAXPEBD@Z	0x180175450
_Strxfrm	0x180175458
??1_Lockit@std@@QEAA@XZ	0x180175460
??0_Lockit@std@@QEAA@H@Z	0x180175468
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ	0x180175470
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z	0x180175478
?id@?$ctype@_W@std@@2V0locale@2@A	0x180175480
?_Xinvalid_argument@std@@YAXPEBD@Z	0x180175488
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z	0x180175490
?id@?$numpunct@D@std@@2V0locale@2@A	0x180175498
?id@?$ctype@D@std@@2V0locale@2@A	0x1801754a0
?id@?$collate@D@std@@2V0locale@2@A	0x1801754a8
_Strcoll	0x1801754b0
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z	0x1801754b8
?narrow@?$ctype@_W@std@@QEBAPEB_WPEB_W0DPEAD@Z	0x1801754c0
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z	0x1801754c8
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z	0x1801754d0
?tolower@?$ctype@D@std@@QEBADD@Z	0x1801754d8
??1facet@locale@std@@MEAA@XZ	0x1801754e0
??0facet@locale@std@@IEAA@_K@Z	0x1801754e8
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ	0x1801754f0
?_Incref@facet@locale@std@@UEAAXXZ	0x1801754f8
??Bid@locale@std@@QEAA_KXZ	0x180175500
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ	0x180175508
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ	0x180175510
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ	0x180175518
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ	0x180175520
??1_Locinfo@std@@QEAA@XZ	0x180175528
??0_Locinfo@std@@QEAA@PEBD@Z	0x180175530
?uncaught_exceptions@std@@YAHXZ	0x180175538
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A	0x180175540
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ	0x180175548
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ	0x180175550
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z	0x180175558
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ	0x180175560
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z	0x180175568
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z	0x180175570
?good@ios_base@std@@QEBA_NXZ	0x180175578
?_Winerror_map@std@@YAHH@Z	0x180175580
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A	0x180175588
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z	0x180175590
?id@?$numpunct@_W@std@@2V0locale@2@A	0x180175598
?_Syserror_map@std@@YAPEBDH@Z	0x1801755a0
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z	0x1801755a8
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ	0x1801755b0
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z	0x1801755b8
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ	0x1801755c0
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z	0x1801755c8
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z	0x1801755d0
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z	0x1801755d8
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z	0x1801755e0
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1801755e8
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ	0x1801755f0
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ	0x1801755f8
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z	0x180175600
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z	0x180175608
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ	0x180175610
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z	0x180175618
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z	0x180175620

Function	Address	Souspicious	Anti Debug
CertOpenStore	0x180175058
CertCloseStore	0x180175060
CertEnumCertificatesInStore	0x180175068
CertFindCertificateInStore	0x180175070
CertFreeCertificateContext	0x180175078
CryptStringToBinaryA	0x180175080
PFXImportCertStore	0x180175088
CryptDecodeObjectEx	0x180175090
CryptQueryObject	0x180175098
CertCreateCertificateChainEngine	0x1801750a0
CertFreeCertificateChainEngine	0x1801750a8
CertGetCertificateChain	0x1801750b0
CertFreeCertificateChain	0x1801750b8
CertAddCertificateContextToStore	0x1801750c0
CertFindExtension	0x1801750c8
CertGetNameStringA	0x1801750d0

Function	Address	Souspicious	Anti Debug
strpbrk	0x180175be0
strcmp	0x180175be8
toupper	0x180175bf0
strspn	0x180175bf8
strcspn	0x180175c00
tolower	0x180175c08
_strdup	0x180175c10
strncpy	0x180175c18
strncmp	0x180175c20
isupper	0x180175c28

Function	Address	Souspicious	Anti Debug
__CxxFrameHandler4	0x1801757b0

Function	Address	Souspicious	Anti Debug
_initterm_e	0x180175a48
_cexit	0x180175a50
_crt_atexit	0x180175a58
_execute_onexit_table	0x180175a60
_register_onexit_function	0x180175a68
_initialize_onexit_table	0x180175a70
_initialize_narrow_environment	0x180175a78
_configure_narrow_argv	0x180175a80
_seh_filter_dll	0x180175a88
_beginthreadex	0x180175a90
__sys_nerr	0x180175a98
__sys_errlist	0x180175aa0
_invalid_parameter_noinfo_noreturn	0x180175aa8
_initterm	0x180175ab0
_invalid_parameter_noinfo	0x180175ab8
terminate	0x180175ac0
_errno	0x180175ac8
_getpid	0x180175ad0

Function	Address	Souspicious	Anti Debug
VirtualFree	0x180175110
VirtualAlloc	0x180175118
SuspendThread	0x180175120
HeapReAlloc	0x180175128
GetCurrentThread	0x180175130
GetModuleHandleW	0x180175138
HeapAlloc	0x180175140
VirtualProtect	0x180175148
SetConsoleTitleA	0x180175150
HeapCreate	0x180175158
Sleep	0x180175160
GetLastError	0x180175168
LoadLibraryA	0x180175170
RtlCaptureContext	0x180175178
CloseHandle	0x180175180
HeapFree	0x180175188
CreateThread	0x180175190
RtlLookupFunctionEntry	0x180175198
GetThreadContext	0x1801751a0
SetThreadContext	0x1801751a8
QueryPerformanceCounter	0x1801751b0
RtlVirtualUnwind	0x1801751b8
GetCurrentProcess	0x1801751c0
GetSystemTimeAsFileTime	0x1801751c8
GetModuleHandleA	0x1801751d0
FlushInstructionCache	0x1801751d8
VirtualQuery	0x1801751e0
CreateToolhelp32Snapshot	0x1801751e8
IsBadReadPtr	0x1801751f0
GetCurrentProcessId	0x1801751f8
Thread32First	0x180175200
FormatMessageA	0x180175208
LocalFree	0x180175210
GetCurrentThreadId	0x180175218
GetTickCount	0x180175220
EnterCriticalSection	0x180175228
LeaveCriticalSection	0x180175230
InitializeCriticalSectionEx	0x180175238
DeleteCriticalSection	0x180175240
AreFileApisANSI	0x180175248
SleepEx	0x180175250
GetSystemDirectoryA	0x180175258
GetCurrentDirectoryW	0x180175260
SetLastError	0x180175268
FormatMessageW	0x180175270
MoveFileExA	0x180175278
InitializeSListHead	0x180175280
IsDebuggerPresent	0x180175288
IsProcessorFeaturePresent	0x180175290
WaitForSingleObjectEx	0x180175298
Thread32Next	0x1801752a0
GetSystemInfo	0x1801752a8
FreeLibrary	0x1801752b0
VerSetConditionMask	0x1801752b8
OpenThread	0x1801752c0
GetProcAddress	0x1801752c8
ResumeThread	0x1801752d0
GlobalUnlock	0x1801752d8
WideCharToMultiByte	0x1801752e0
GlobalLock	0x1801752e8
QueryPerformanceFrequency	0x1801752f0
GlobalFree	0x1801752f8
GlobalAlloc	0x180175300
GetEnvironmentVariableA	0x180175308
GetStdHandle	0x180175310
GetFileType	0x180175318
ReadFile	0x180175320
PeekNamedPipe	0x180175328
WaitForMultipleObjects	0x180175330
TerminateProcess	0x180175338
SetUnhandledExceptionFilter	0x180175340
UnhandledExceptionFilter	0x180175348
VerifyVersionInfoW	0x180175350
CreateFileA	0x180175358
GetFileSizeEx	0x180175360
SleepConditionVariableSRW	0x180175368
WakeAllConditionVariable	0x180175370
MultiByteToWideChar	0x180175378
AcquireSRWLockExclusive	0x180175380
GetLocaleInfoEx	0x180175388
ReleaseSRWLockExclusive	0x180175390

Function	Address	Souspicious	Anti Debug
roundf	0x1801759c8
powf	0x1801759d0
sinf	0x1801759d8
fminf	0x1801759e0
_dsign	0x1801759e8
sqrtf	0x1801759f0
acosf	0x1801759f8
ceilf	0x180175a00
cosf	0x180175a08
floor	0x180175a10
_fdsign	0x180175a18
fmodf	0x180175a20
fmaf	0x180175a28
_ldsign	0x180175a30
floorf	0x180175a38

Function	Address	Souspicious	Anti Debug
srand	0x180175c58
qsort	0x180175c60
rand	0x180175c68

Function	Address	Souspicious	Anti Debug
memset	0x180175728
__std_type_info_destroy_list	0x180175730
__std_terminate	0x180175738
strstr	0x180175740
strchr	0x180175748
__std_exception_destroy	0x180175750
__std_exception_copy	0x180175758
strrchr	0x180175760
memcpy	0x180175768
__C_specific_handler	0x180175770
memmove	0x180175778
memcmp	0x180175780
memchr	0x180175788
__current_exception	0x180175790
__current_exception_context	0x180175798
_CxxThrowException	0x1801757a0

Function	Address	Souspicious	Anti Debug
CryptCreateHash	0x180175000
CryptEncrypt	0x180175008
CryptImportKey	0x180175010
CryptDestroyKey	0x180175018
CryptAcquireContextA	0x180175020
CryptReleaseContext	0x180175028
CryptGetHashParam	0x180175030
CryptGenRandom	0x180175038
CryptHashData	0x180175040
CryptDestroyHash	0x180175048

Function	Address	Souspicious	Anti Debug
fclose	0x180175ae0
__acrt_iob_func	0x180175ae8
fseek	0x180175af0
ftell	0x180175af8
__stdio_common_vsprintf_s	0x180175b00
__stdio_common_vfprintf	0x180175b08
fwrite	0x180175b10
_wfopen	0x180175b18
_close	0x180175b20
_write	0x180175b28
_read	0x180175b30
__stdio_common_vsprintf	0x180175b38
fread	0x180175b40
__stdio_common_vsscanf	0x180175b48
fputc	0x180175b50
fgetc	0x180175b58
_lseeki64	0x180175b60
_open	0x180175b68
fopen	0x180175b70
fgetpos	0x180175b78
fgets	0x180175b80
setvbuf	0x180175b88
ungetc	0x180175b90
feof	0x180175b98
fputs	0x180175ba0
fflush	0x180175ba8
__stdio_common_vswprintf	0x180175bb0
fsetpos	0x180175bb8
_fseeki64	0x180175bc0
__stdio_common_vswprintf_s	0x180175bc8
_get_stream_buffer_pointers	0x180175bd0

Function	Address	Souspicious	Anti Debug
__WSAFDIsSet	0x1801757c0
gethostname	0x1801757c8
ioctlsocket	0x1801757d0
sendto	0x1801757d8
recvfrom	0x1801757e0
freeaddrinfo	0x1801757e8
getaddrinfo	0x1801757f0
listen	0x1801757f8
htonl	0x180175800
ntohl	0x180175808
socket	0x180175810
send	0x180175818
recv	0x180175820
closesocket	0x180175828
accept	0x180175830
WSACleanup	0x180175838
WSAStartup	0x180175840
inet_pton	0x180175848
WSAIoctl	0x180175850
setsockopt	0x180175858
ntohs	0x180175860
WSACloseEvent	0x180175868
htons	0x180175870
getsockopt	0x180175878
getsockname	0x180175880
getpeername	0x180175888
connect	0x180175890
bind	0x180175898
WSASetLastError	0x1801758a0
select	0x1801758a8
WSACreateEvent	0x1801758b0
WSAGetLastError	0x1801758b8
WSAEnumNetworkEvents	0x1801758c0
WSAWaitForMultipleEvents	0x1801758c8
WSAEventSelect	0x1801758d0
WSAResetEvent	0x1801758d8

Function	Address	Souspicious	Anti Debug
free	0x180175980
_callnewh	0x180175988
realloc	0x180175990
calloc	0x180175998
malloc	0x1801759a0

Function	Address	Souspicious	Anti Debug
RegisterClassExW	0x180175630
ShowWindow	0x180175638
DispatchMessageW	0x180175640
PeekMessageW	0x180175648
TranslateMessage	0x180175650
PostQuitMessage	0x180175658
UpdateWindow	0x180175660
MessageBoxA	0x180175668
GetKeyState	0x180175670
UnregisterClassW	0x180175678
CreateWindowExW	0x180175680
ScreenToClient	0x180175688
GetCapture	0x180175690
ClientToScreen	0x180175698
TrackMouseEvent	0x1801756a0
GetForegroundWindow	0x1801756a8
LoadCursorW	0x1801756b0
SetCapture	0x1801756b8
GetWindowRect	0x1801756c0
DefWindowProcW	0x1801756c8
SetCursor	0x1801756d0
GetClientRect	0x1801756d8
ReleaseCapture	0x1801756e0
SetCursorPos	0x1801756e8
GetCursorPos	0x1801756f0
OpenClipboard	0x1801756f8
CloseClipboard	0x180175700
EmptyClipboard	0x180175708
GetClipboardData	0x180175710
SetClipboardData	0x180175718

Function	Address	Souspicious	Anti Debug
ImmSetCandidateWindow	0x1801750e0
ImmGetContext	0x1801750e8
ImmSetCompositionWindow	0x1801750f0
ImmReleaseContext	0x1801750f8
ImmAssociateContextEx	0x180175100