ScreenShot
| Created | 2023.03.13 09:58 | Machine | s1_win7_x6401 |
| Filename | qbittorrent.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 1 detected () | ||
| md5 | cb03a80bc17d2d81fd34aab4341e89eb | ||
| sha256 | 8e6af6cbd3765b8d8c1dd553354a0d4ff9f7fc2eb293704845af7e66a9ccdb0a | ||
| ssdeep | 393216:keHUAF/9iRC0o+9xU+q7WndIFdU5cqyRZUSfruM4Jsv6tWKFdu9CCoR1:keHUwy9y9Wn+FK5cbfrVor | ||
| imphash | 7dc3762bf412e12afcfe9e5f5372513a | ||
| impfuzzy | 384:04idc1oUZGUEyleh96IgPbvg6ATrcHXbjy0cLznt:Ec1NZGUreh96NPLg6ATDZ | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | Appends a known multi-family ransomware file extension to files that have been encrypted |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by one AntiVirus engine on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Collects information to fingerprint the system (MachineGuid |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
POWRPROF.dll
0x140f96c98 SetSuspendState
WSOCK32.dll
0x140f97358 WSAGetLastError
0x140f97360 htons
0x140f97368 htonl
0x140f97370 WSACleanup
0x140f97378 ind
0x140f97380 accept
0x140f97388 __WSAFDIsSet
0x140f97390 getpeername
0x140f97398 ord1141
0x140f973a0 ord1142
0x140f973a8 WSAStartup
0x140f973b0 socket
0x140f973b8 WSASetLastError
0x140f973c0 ntohs
0x140f973c8 setsockopt
0x140f973d0 inet_ntoa
0x140f973d8 getsockopt
0x140f973e0 connect
0x140f973e8 WSAAsyncSelect
0x140f973f0 gethostname
0x140f973f8 closesocket
0x140f97400 select
0x140f97408 listen
0x140f97410 ntohl
0x140f97418 getsockname
WS2_32.dll
0x140f972d0 WSAAccept
0x140f972d8 WSAHtonl
0x140f972e0 getaddrinfo
0x140f972e8 WSANtohl
0x140f972f0 freeaddrinfo
0x140f972f8 WSAStringToAddressW
0x140f97300 WSAAddressToStringW
0x140f97308 WSARecvFrom
0x140f97310 WSANtohs
0x140f97318 WSASocketW
0x140f97320 WSASend
0x140f97328 WSAConnect
0x140f97330 getnameinfo
0x140f97338 WSAIoctl
0x140f97340 WSARecv
0x140f97348 WSASendTo
IPHLPAPI.DLL
0x140f963d0 NotifyUnicastIpAddressChange
0x140f963d8 ConvertInterfaceLuidToGuid
0x140f963e0 ConvertInterfaceIndexToLuid
0x140f963e8 ConvertInterfaceNameToLuidW
0x140f963f0 CancelMibChangeNotify2
0x140f963f8 GetAdaptersAddresses
0x140f96400 ConvertInterfaceLuidToNameW
0x140f96408 ConvertInterfaceLuidToIndex
CRYPT32.dll
0x140f961a8 CertGetCertificateContextProperty
0x140f961b0 CertFindCertificateInStore
0x140f961b8 CertEnumCertificatesInStore
0x140f961c0 CertFreeCertificateContext
0x140f961c8 CertOpenSystemStoreA
0x140f961d0 CertCloseStore
0x140f961d8 CertOpenStore
0x140f961e0 CertAddCertificateContextToStore
0x140f961e8 CertFreeCertificateChain
0x140f961f0 CertGetCertificateChain
0x140f961f8 CertOpenSystemStoreW
0x140f96200 CertCreateCertificateContext
0x140f96208 CertDuplicateCertificateContext
KERNEL32.dll
0x140f96418 FindNextFileW
0x140f96420 WriteFile
0x140f96428 DeviceIoControl
0x140f96430 SetEndOfFile
0x140f96438 FindClose
0x140f96440 LoadLibraryA
0x140f96448 GetOverlappedResult
0x140f96450 SetFilePointerEx
0x140f96458 CreateEventA
0x140f96460 CreateWaitableTimerA
0x140f96468 GetACP
0x140f96470 CancelIoEx
0x140f96478 CancelIo
0x140f96480 GetModuleHandleA
0x140f96488 GetSystemTimeAsFileTime
0x140f96490 GlobalMemoryStatusEx
0x140f96498 SystemTimeToFileTime
0x140f964a0 GetSystemTime
0x140f964a8 GetModuleHandleExW
0x140f964b0 DeleteFiber
0x140f964b8 SwitchToFiber
0x140f964c0 CreateFiber
0x140f964c8 GetStdHandle
0x140f964d0 GetEnvironmentVariableW
0x140f964d8 GetFileType
0x140f964e0 RtlVirtualUnwind
0x140f964e8 QueryPerformanceCounter
0x140f964f0 ConvertFiberToThread
0x140f964f8 ConvertThreadToFiber
0x140f96500 FreeLibrary
0x140f96508 SetConsoleMode
0x140f96510 ReadConsoleA
0x140f96518 GetConsoleMode
0x140f96520 ReadConsoleW
0x140f96528 DisconnectNamedPipe
0x140f96530 WaitNamedPipeW
0x140f96538 CreateNamedPipeW
0x140f96540 ConnectNamedPipe
0x140f96548 ResetEvent
0x140f96550 GlobalFree
0x140f96558 SetHandleInformation
0x140f96560 AreFileApisANSI
0x140f96568 TryEnterCriticalSection
0x140f96570 HeapCreate
0x140f96578 HeapFree
0x140f96580 GetFullPathNameW
0x140f96588 GetDiskFreeSpaceW
0x140f96590 OutputDebugStringA
0x140f96598 LockFile
0x140f965a0 SetFilePointer
0x140f965a8 GetFullPathNameA
0x140f965b0 UnlockFileEx
0x140f965b8 GetTempPathW
0x140f965c0 GetFileAttributesW
0x140f965c8 UnmapViewOfFile
0x140f965d0 HeapValidate
0x140f965d8 HeapSize
0x140f965e0 GetTempPathA
0x140f965e8 GetDiskFreeSpaceA
0x140f965f0 GetFileAttributesA
0x140f965f8 OutputDebugStringW
0x140f96600 FlushViewOfFile
0x140f96608 CreateFileA
0x140f96610 WaitForSingleObjectEx
0x140f96618 DeleteFileA
0x140f96620 HeapReAlloc
0x140f96628 GetSystemInfo
0x140f96630 HeapAlloc
0x140f96638 HeapCompact
0x140f96640 HeapDestroy
0x140f96648 UnlockFile
0x140f96650 LockFileEx
0x140f96658 GetFileSize
0x140f96660 GetProcessHeap
0x140f96668 CreateFileMappingW
0x140f96670 MapViewOfFile
0x140f96678 GetTickCount
0x140f96680 FlushFileBuffers
0x140f96688 CompareStringEx
0x140f96690 GetNativeSystemInfo
0x140f96698 FindFirstFileW
0x140f966a0 IsProcessorFeaturePresent
0x140f966a8 TerminateProcess
0x140f966b0 GetEnvironmentStringsW
0x140f966b8 FreeEnvironmentStringsW
0x140f966c0 DuplicateHandle
0x140f966c8 GetExitCodeProcess
0x140f966d0 GetProcessId
0x140f966d8 GetLocalTime
0x140f966e0 CreateThread
0x140f966e8 SwitchToThread
0x140f966f0 GetThreadPriority
0x140f966f8 ResumeThread
0x140f96700 QueryPerformanceFrequency
0x140f96708 GetTickCount64
0x140f96710 GetUserDefaultLCID
0x140f96718 GetCurrencyFormatW
0x140f96720 GetDateFormatW
0x140f96728 GetTimeFormatW
0x140f96730 GetUserPreferredUILanguages
0x140f96738 RegisterWaitForSingleObject
0x140f96740 UnregisterWaitEx
0x140f96748 ReadFileEx
0x140f96750 PeekNamedPipe
0x140f96758 WriteFileEx
0x140f96760 GetModuleFileNameW
0x140f96768 GetStartupInfoW
0x140f96770 OpenFileMappingW
0x140f96778 VirtualQuery
0x140f96780 TzSpecificLocalTimeToSystemTime
0x140f96788 GetVolumePathNamesForVolumeNameW
0x140f96790 GetFileInformationByHandleEx
0x140f96798 SetFileTime
0x140f967a0 SetErrorMode
0x140f967a8 GetLogicalDrives
0x140f967b0 GetCurrentDirectoryW
0x140f967b8 MoveFileW
0x140f967c0 MoveFileExW
0x140f967c8 FileTimeToSystemTime
0x140f967d0 FindFirstFileExW
0x140f967d8 FindFirstChangeNotificationW
0x140f967e0 FindCloseChangeNotification
0x140f967e8 FindNextChangeNotification
0x140f967f0 GetVolumeNameForVolumeMountPointW
0x140f967f8 GetDiskFreeSpaceExW
0x140f96800 CompareStringW
0x140f96808 LCMapStringW
0x140f96810 CreateSemaphoreW
0x140f96818 ReleaseSemaphore
0x140f96820 GetTimeZoneInformation
0x140f96828 GetUserGeoID
0x140f96830 GetGeoInfoW
0x140f96838 VirtualFree
0x140f96840 VirtualAlloc
0x140f96848 WriteConsoleW
0x140f96850 ReadFile
0x140f96858 CopyFileW
0x140f96860 DeleteFileW
0x140f96868 GetFileInformationByHandle
0x140f96870 CreateFileW
0x140f96878 CreateHardLinkW
0x140f96880 RemoveDirectoryW
0x140f96888 CreateDirectoryW
0x140f96890 GetFileAttributesExW
0x140f96898 CreateIoCompletionPort
0x140f968a0 SleepEx
0x140f968a8 QueueUserAPC
0x140f968b0 TerminateThread
0x140f968b8 SetEvent
0x140f968c0 CreateEventW
0x140f968c8 GetQueuedCompletionStatus
0x140f968d0 InitializeCriticalSectionAndSpinCount
0x140f968d8 SetLastError
0x140f968e0 VerifyVersionInfoA
0x140f968e8 TlsSetValue
0x140f968f0 InitializeSRWLock
0x140f968f8 ReleaseSRWLockExclusive
0x140f96900 AcquireSRWLockExclusive
0x140f96908 SetEnvironmentVariableW
0x140f96910 GetOEMCP
0x140f96918 TryAcquireSRWLockExclusive
0x140f96920 GetLocaleInfoEx
0x140f96928 SetFileAttributesW
0x140f96930 IsValidCodePage
0x140f96938 EnumSystemLocalesW
0x140f96940 IsValidLocale
0x140f96948 SetWaitableTimer
0x140f96950 TlsGetValue
0x140f96958 PostQueuedCompletionStatus
0x140f96960 DeleteCriticalSection
0x140f96968 InitializeCriticalSection
0x140f96970 LeaveCriticalSection
0x140f96978 EnterCriticalSection
0x140f96980 ExitProcess
0x140f96988 GetUserDefaultLangID
0x140f96990 lstrcmpW
0x140f96998 GlobalSize
0x140f969a0 CreateProcessW
0x140f969a8 ExpandEnvironmentStringsW
0x140f969b0 GlobalUnlock
0x140f969b8 GlobalLock
0x140f969c0 GlobalAlloc
0x140f969c8 GetLocaleInfoW
0x140f969d0 CheckRemoteDebuggerPresent
0x140f969d8 OpenProcess
0x140f969e0 WTSGetActiveConsoleSessionId
0x140f969e8 GetModuleHandleW
0x140f969f0 GetCurrentThreadId
0x140f969f8 GetLongPathNameW
0x140f96a00 GetVolumeInformationW
0x140f96a08 GetConsoleWindow
0x140f96a10 LocalAlloc
0x140f96a18 SetThreadExecutionState
0x140f96a20 VerifyVersionInfoW
0x140f96a28 VerSetConditionMask
0x140f96a30 GetSystemDirectoryW
0x140f96a38 GetVolumePathNameW
0x140f96a40 GetDriveTypeW
0x140f96a48 MultiByteToWideChar
0x140f96a50 RtlCaptureStackBackTrace
0x140f96a58 WaitForMultipleObjects
0x140f96a60 Sleep
0x140f96a68 OpenMutexW
0x140f96a70 CreateMutexW
0x140f96a78 WaitForSingleObject
0x140f96a80 ReleaseMutex
0x140f96a88 GetCurrentProcessId
0x140f96a90 WideCharToMultiByte
0x140f96a98 FormatMessageW
0x140f96aa0 FormatMessageA
0x140f96aa8 LocalFree
0x140f96ab0 LoadLibraryW
0x140f96ab8 GetProcAddress
0x140f96ac0 TlsFree
0x140f96ac8 TlsAlloc
0x140f96ad0 SetThreadPriority
0x140f96ad8 GetCurrentThread
0x140f96ae0 GetCurrentProcess
0x140f96ae8 GetLastError
0x140f96af0 CloseHandle
0x140f96af8 SetStdHandle
0x140f96b00 GetCommandLineA
0x140f96b08 SystemTimeToTzSpecificLocalTime
0x140f96b10 FreeLibraryAndExitThread
0x140f96b18 RtlPcToFileHeader
0x140f96b20 RaiseException
0x140f96b28 InitializeConditionVariable
0x140f96b30 WakeConditionVariable
0x140f96b38 WakeAllConditionVariable
0x140f96b40 SleepConditionVariableSRW
0x140f96b48 InitOnceBeginInitialize
0x140f96b50 InitOnceComplete
0x140f96b58 FreeLibraryWhenCallbackReturns
0x140f96b60 CreateThreadpoolWork
0x140f96b68 SubmitThreadpoolWork
0x140f96b70 CloseThreadpoolWork
0x140f96b78 GetExitCodeThread
0x140f96b80 FlsAlloc
0x140f96b88 FlsGetValue
0x140f96b90 FlsSetValue
0x140f96b98 FlsFree
0x140f96ba0 InitializeCriticalSectionEx
0x140f96ba8 GetFileSizeEx
0x140f96bb0 EncodePointer
0x140f96bb8 DecodePointer
0x140f96bc0 LCMapStringEx
0x140f96bc8 GetStringTypeW
0x140f96bd0 GetCPInfo
0x140f96bd8 RtlCaptureContext
0x140f96be0 RtlLookupFunctionEntry
0x140f96be8 UnhandledExceptionFilter
0x140f96bf0 SetUnhandledExceptionFilter
0x140f96bf8 IsDebuggerPresent
0x140f96c00 InitializeSListHead
0x140f96c08 RtlUnwindEx
0x140f96c10 RtlUnwind
0x140f96c18 LoadLibraryExW
0x140f96c20 SetConsoleCtrlHandler
0x140f96c28 GetConsoleOutputCP
0x140f96c30 ExitThread
0x140f96c38 GetCommandLineW
USER32.dll
0x140f96d40 GetCursor
0x140f96d48 GetCursorInfo
0x140f96d50 CreateCursor
0x140f96d58 LoadCursorW
0x140f96d60 SetCursorPos
0x140f96d68 GetClipboardFormatNameW
0x140f96d70 TrackMouseEvent
0x140f96d78 RegisterClipboardFormatW
0x140f96d80 GetMenuItemInfoW
0x140f96d88 ModifyMenuW
0x140f96d90 CreatePopupMenu
0x140f96d98 TrackPopupMenu
0x140f96da0 SetMenu
0x140f96da8 GetAsyncKeyState
0x140f96db0 GetMessageExtraInfo
0x140f96db8 GetTouchInputInfo
0x140f96dc0 CloseTouchInputHandle
0x140f96dc8 GetWindowTextW
0x140f96dd0 EnumWindows
0x140f96dd8 RealGetWindowClassW
0x140f96de0 ChangeWindowMessageFilterEx
0x140f96de8 GetProcessWindowStation
0x140f96df0 GetUserObjectInformationW
0x140f96df8 PostThreadMessageW
0x140f96e00 KillTimer
0x140f96e08 GetQueueStatus
0x140f96e10 SetTimer
0x140f96e18 RegisterClassW
0x140f96e20 MsgWaitForMultipleObjectsEx
0x140f96e28 TranslateMessage
0x140f96e30 DispatchMessageW
0x140f96e38 UnregisterDeviceNotification
0x140f96e40 RegisterDeviceNotificationW
0x140f96e48 EnumDisplayDevicesW
0x140f96e50 DestroyMenu
0x140f96e58 DrawMenuBar
0x140f96e60 InsertMenuW
0x140f96e68 RemoveMenu
0x140f96e70 AppendMenuW
0x140f96e78 CreateMenu
0x140f96e80 LoadIconW
0x140f96e88 GetKeyState
0x140f96e90 MapVirtualKeyW
0x140f96e98 GetKeyboardState
0x140f96ea0 SetMenuItemInfoW
0x140f96ea8 PeekMessageW
0x140f96eb0 ToUnicode
0x140f96eb8 TrackPopupMenuEx
0x140f96ec0 IsZoomed
0x140f96ec8 ToAscii
0x140f96ed0 MonitorFromWindow
0x140f96ed8 EnumDisplayMonitors
0x140f96ee0 GetMonitorInfoW
0x140f96ee8 HideCaret
0x140f96ef0 SetCaretPos
0x140f96ef8 CreateCaret
0x140f96f00 GetKeyboardLayout
0x140f96f08 IsWindowEnabled
0x140f96f10 DestroyCaret
0x140f96f18 ShowCaret
0x140f96f20 FindWindowA
0x140f96f28 SetClipboardViewer
0x140f96f30 IsHungAppWindow
0x140f96f38 ChangeClipboardChain
0x140f96f40 GetFocus
0x140f96f48 UnregisterClassW
0x140f96f50 ChildWindowFromPointEx
0x140f96f58 RegisterClassExW
0x140f96f60 WindowFromPoint
0x140f96f68 GetClassInfoW
0x140f96f70 GetKeyboardLayoutList
0x140f96f78 UnregisterPowerSettingNotification
0x140f96f80 RegisterPowerSettingNotification
0x140f96f88 GetSysColorBrush
0x140f96f90 LoadImageW
0x140f96f98 GetCursorPos
0x140f96fa0 GetWindowLongW
0x140f96fa8 GetWindowThreadProcessId
0x140f96fb0 DefWindowProcW
0x140f96fb8 AdjustWindowRectEx
0x140f96fc0 IsTouchWindow
0x140f96fc8 PostMessageW
0x140f96fd0 MonitorFromPoint
0x140f96fd8 GetWindow
0x140f96fe0 GetWindowRect
0x140f96fe8 GetMenu
0x140f96ff0 DestroyWindow
0x140f96ff8 IsWindowVisible
0x140f97000 SetWindowPos
0x140f97008 SetWindowLongPtrW
0x140f97010 SetWindowRgn
0x140f97018 CreateWindowExW
0x140f97020 ScreenToClient
0x140f97028 SendMessageW
0x140f97030 SetWindowTextW
0x140f97038 GetWindowLongPtrW
0x140f97040 GetWindowPlacement
0x140f97048 DestroyCursor
0x140f97050 ShowWindow
0x140f97058 GetCapture
0x140f97060 RegisterTouchWindow
0x140f97068 ClientToScreen
0x140f97070 IsChild
0x140f97078 SetWindowPlacement
0x140f97080 AttachThreadInput
0x140f97088 GetForegroundWindow
0x140f97090 MoveWindow
0x140f97098 UnregisterTouchWindow
0x140f970a0 SetLayeredWindowAttributes
0x140f970a8 SetFocus
0x140f970b0 GetUpdateRect
0x140f970b8 SetParent
0x140f970c0 SetCapture
0x140f970c8 SetCursor
0x140f970d0 FlashWindowEx
0x140f970d8 SetWindowLongW
0x140f970e0 GetClientRect
0x140f970e8 GetParent
0x140f970f0 ReleaseCapture
0x140f970f8 SetForegroundWindow
0x140f97100 InvalidateRect
0x140f97108 GetAncestor
0x140f97110 IsIconic
0x140f97118 BeginPaint
0x140f97120 EndPaint
0x140f97128 MessageBeep
0x140f97130 IsWindow
0x140f97138 GetDoubleClickTime
0x140f97140 GetCaretBlinkTime
0x140f97148 GetDesktopWindow
0x140f97150 UpdateLayeredWindowIndirect
0x140f97158 GetSystemMetrics
0x140f97160 GetSysColor
0x140f97168 EnableMenuItem
0x140f97170 GetSystemMenu
0x140f97178 SystemParametersInfoW
0x140f97180 DrawIconEx
0x140f97188 GetIconInfo
0x140f97190 CreateIconIndirect
0x140f97198 ReleaseDC
0x140f971a0 GetDC
0x140f971a8 MessageBoxW
0x140f971b0 RegisterWindowMessageW
0x140f971b8 DestroyIcon
0x140f971c0 AllowSetForegroundWindow
0x140f971c8 ShutdownBlockReasonDestroy
0x140f971d0 ShutdownBlockReasonCreate
0x140f971d8 CharNextExA
0x140f971e0 UpdateLayeredWindow
GDI32.dll
0x140f96218 CreateDIBSection
0x140f96220 CreateBitmap
0x140f96228 GetDIBits
0x140f96230 GetRegionData
0x140f96238 DeleteObject
0x140f96240 ExtTextOutW
0x140f96248 SetTextAlign
0x140f96250 SetBkMode
0x140f96258 SetTextColor
0x140f96260 GetCharABCWidthsW
0x140f96268 GetCharABCWidthsI
0x140f96270 GetCharABCWidthsFloatW
0x140f96278 GetGlyphOutlineW
0x140f96280 SetWorldTransform
0x140f96288 SetGraphicsMode
0x140f96290 GetTextExtentPoint32W
0x140f96298 GetOutlineTextMetricsW
0x140f962a0 GetTextFaceW
0x140f962a8 GetStockObject
0x140f962b0 RemoveFontResourceExW
0x140f962b8 AddFontResourceExW
0x140f962c0 GetTextMetricsW
0x140f962c8 RemoveFontMemResourceEx
0x140f962d0 AddFontMemResourceEx
0x140f962d8 EnumFontFamiliesExW
0x140f962e0 GetFontData
0x140f962e8 CreateFontIndirectW
0x140f962f0 GdiFlush
0x140f962f8 GetBitmapBits
0x140f96300 CreateCompatibleBitmap
0x140f96308 CreateDCW
0x140f96310 GetDeviceCaps
0x140f96318 SetLayout
0x140f96320 OffsetRgn
0x140f96328 SelectClipRgn
0x140f96330 BitBlt
0x140f96338 SelectObject
0x140f96340 DeleteDC
0x140f96348 CreateCompatibleDC
0x140f96350 CreateRectRgn
0x140f96358 CombineRgn
0x140f96360 GetObjectW
SHELL32.dll
0x140f96ca8 SHGetKnownFolderPath
0x140f96cb0 Shell_NotifyIconGetRect
0x140f96cb8 Shell_NotifyIconW
0x140f96cc0 SHCreateItemFromIDList
0x140f96cc8 SHGetPathFromIDListW
0x140f96cd0 SHGetKnownFolderIDList
0x140f96cd8 SHBrowseForFolderW
0x140f96ce0 SHGetMalloc
0x140f96ce8 SHGetStockIconInfo
0x140f96cf0 None
0x140f96cf8 SHCreateItemFromParsingName
0x140f96d00 SHGetFileInfoW
0x140f96d08 ShellExecuteW
0x140f96d10 SHOpenFolderAndSelectItems
0x140f96d18 None
0x140f96d20 None
0x140f96d28 SHChangeNotify
0x140f96d30 CommandLineToArgvW
ole32.dll
0x140f97488 DoDragDrop
0x140f97490 OleFlushClipboard
0x140f97498 CoGetMalloc
0x140f974a0 CoGetApartmentType
0x140f974a8 OleIsCurrentClipboard
0x140f974b0 OleSetClipboard
0x140f974b8 OleInitialize
0x140f974c0 OleUninitialize
0x140f974c8 RevokeDragDrop
0x140f974d0 CoLockObjectExternal
0x140f974d8 RegisterDragDrop
0x140f974e0 CoInitialize
0x140f974e8 CoTaskMemFree
0x140f974f0 StringFromGUID2
0x140f974f8 CoCreateGuid
0x140f97500 CoCreateInstance
0x140f97508 CoInitializeEx
0x140f97510 ReleaseStgMedium
0x140f97518 CoUninitialize
0x140f97520 OleGetClipboard
0x140f97528 CoGetObjectContext
OLEAUT32.dll
0x140f96c70 SafeArrayCreateVector
0x140f96c78 SafeArrayPutElement
0x140f96c80 SysFreeString
0x140f96c88 SysAllocString
ADVAPI32.dll
0x140f96000 RegOpenKeyExW
0x140f96008 RegQueryInfoKeyW
0x140f96010 RegEnumKeyExW
0x140f96018 RegCloseKey
0x140f96020 InitiateSystemShutdownW
0x140f96028 RegFlushKey
0x140f96030 RegSetValueExW
0x140f96038 RegDeleteValueW
0x140f96040 RegDeleteKeyW
0x140f96048 RegEnumValueW
0x140f96050 RegCreateKeyExW
0x140f96058 GetEffectiveRightsFromAclW
0x140f96060 AccessCheck
0x140f96068 MapGenericMask
0x140f96070 LookupAccountSidW
0x140f96078 GetNamedSecurityInfoW
0x140f96080 DuplicateToken
0x140f96088 BuildTrusteeWithSidW
0x140f96090 CopySid
0x140f96098 SystemFunction036
0x140f960a0 GetSidSubAuthorityCount
0x140f960a8 GetSidSubAuthority
0x140f960b0 RegNotifyChangeKeyValue
0x140f960b8 SetSecurityDescriptorDacl
0x140f960c0 SetSecurityDescriptorGroup
0x140f960c8 SetSecurityDescriptorOwner
0x140f960d0 FreeSid
0x140f960d8 AddAccessAllowedAce
0x140f960e0 InitializeAcl
0x140f960e8 GetLengthSid
0x140f960f0 AllocateAndInitializeSid
0x140f960f8 GetTokenInformation
0x140f96100 InitializeSecurityDescriptor
0x140f96108 CryptDestroyKey
0x140f96110 CryptGetUserKey
0x140f96118 CryptAcquireContextW
0x140f96120 CryptEnumProvidersW
0x140f96128 CryptDecrypt
0x140f96130 CryptExportKey
0x140f96138 CryptCreateHash
0x140f96140 CryptSetHashParam
0x140f96148 CryptDestroyHash
0x140f96150 CryptSignHashW
0x140f96158 CryptGetProvParam
0x140f96160 CryptReleaseContext
0x140f96168 DeregisterEventSource
0x140f96170 RegisterEventSourceW
0x140f96178 LookupPrivilegeValueW
0x140f96180 AdjustTokenPrivileges
0x140f96188 OpenProcessToken
0x140f96190 ReportEventW
0x140f96198 RegQueryValueExW
MPR.dll
0x140f96c48 WNetGetUniversalNameW
USERENV.dll
0x140f971f0 GetUserProfileDirectoryW
VERSION.dll
0x140f97290 VerQueryValueW
0x140f97298 GetFileVersionInfoW
0x140f972a0 GetFileVersionInfoSizeW
NETAPI32.dll
0x140f96c58 NetApiBufferFree
0x140f96c60 NetShareEnum
WINMM.dll
0x140f972b0 timeKillEvent
0x140f972b8 timeSetEvent
0x140f972c0 PlaySoundW
IMM32.dll
0x140f96370 ImmGetVirtualKey
0x140f96378 ImmNotifyIME
0x140f96380 ImmAssociateContextEx
0x140f96388 ImmSetCandidateWindow
0x140f96390 ImmGetOpenStatus
0x140f96398 ImmAssociateContext
0x140f963a0 ImmGetCompositionStringW
0x140f963a8 ImmSetCompositionWindow
0x140f963b0 ImmReleaseContext
0x140f963b8 ImmGetContext
0x140f963c0 ImmGetDefaultIMEWnd
UxTheme.dll
0x140f97200 SetWindowTheme
0x140f97208 IsThemeBackgroundPartiallyTransparent
0x140f97210 GetCurrentThemeName
0x140f97218 IsThemeActive
0x140f97220 CloseThemeData
0x140f97228 GetThemeBackgroundRegion
0x140f97230 IsAppThemed
0x140f97238 None
0x140f97240 GetThemeMargins
0x140f97248 GetThemeInt
0x140f97250 OpenThemeData
0x140f97258 GetThemeColor
0x140f97260 GetThemePartSize
0x140f97268 GetThemeEnumValue
0x140f97270 GetThemeTransitionDuration
0x140f97278 GetThemePropertyOrigin
0x140f97280 GetThemeBool
dwmapi.dll
0x140f97460 DwmIsCompositionEnabled
0x140f97468 DwmGetWindowAttribute
0x140f97470 DwmEnableBlurBehindWindow
0x140f97478 DwmSetWindowAttribute
WTSAPI32.dll
0x140f97428 WTSFreeMemory
0x140f97430 WTSQuerySessionInformationW
dbgeng.dll
0x140f97450 DebugCreate
crypt.dll
0x140f97440 BCryptGenRandom
EAT(Export Address Table) is none
POWRPROF.dll
0x140f96c98 SetSuspendState
WSOCK32.dll
0x140f97358 WSAGetLastError
0x140f97360 htons
0x140f97368 htonl
0x140f97370 WSACleanup
0x140f97378 ind
0x140f97380 accept
0x140f97388 __WSAFDIsSet
0x140f97390 getpeername
0x140f97398 ord1141
0x140f973a0 ord1142
0x140f973a8 WSAStartup
0x140f973b0 socket
0x140f973b8 WSASetLastError
0x140f973c0 ntohs
0x140f973c8 setsockopt
0x140f973d0 inet_ntoa
0x140f973d8 getsockopt
0x140f973e0 connect
0x140f973e8 WSAAsyncSelect
0x140f973f0 gethostname
0x140f973f8 closesocket
0x140f97400 select
0x140f97408 listen
0x140f97410 ntohl
0x140f97418 getsockname
WS2_32.dll
0x140f972d0 WSAAccept
0x140f972d8 WSAHtonl
0x140f972e0 getaddrinfo
0x140f972e8 WSANtohl
0x140f972f0 freeaddrinfo
0x140f972f8 WSAStringToAddressW
0x140f97300 WSAAddressToStringW
0x140f97308 WSARecvFrom
0x140f97310 WSANtohs
0x140f97318 WSASocketW
0x140f97320 WSASend
0x140f97328 WSAConnect
0x140f97330 getnameinfo
0x140f97338 WSAIoctl
0x140f97340 WSARecv
0x140f97348 WSASendTo
IPHLPAPI.DLL
0x140f963d0 NotifyUnicastIpAddressChange
0x140f963d8 ConvertInterfaceLuidToGuid
0x140f963e0 ConvertInterfaceIndexToLuid
0x140f963e8 ConvertInterfaceNameToLuidW
0x140f963f0 CancelMibChangeNotify2
0x140f963f8 GetAdaptersAddresses
0x140f96400 ConvertInterfaceLuidToNameW
0x140f96408 ConvertInterfaceLuidToIndex
CRYPT32.dll
0x140f961a8 CertGetCertificateContextProperty
0x140f961b0 CertFindCertificateInStore
0x140f961b8 CertEnumCertificatesInStore
0x140f961c0 CertFreeCertificateContext
0x140f961c8 CertOpenSystemStoreA
0x140f961d0 CertCloseStore
0x140f961d8 CertOpenStore
0x140f961e0 CertAddCertificateContextToStore
0x140f961e8 CertFreeCertificateChain
0x140f961f0 CertGetCertificateChain
0x140f961f8 CertOpenSystemStoreW
0x140f96200 CertCreateCertificateContext
0x140f96208 CertDuplicateCertificateContext
KERNEL32.dll
0x140f96418 FindNextFileW
0x140f96420 WriteFile
0x140f96428 DeviceIoControl
0x140f96430 SetEndOfFile
0x140f96438 FindClose
0x140f96440 LoadLibraryA
0x140f96448 GetOverlappedResult
0x140f96450 SetFilePointerEx
0x140f96458 CreateEventA
0x140f96460 CreateWaitableTimerA
0x140f96468 GetACP
0x140f96470 CancelIoEx
0x140f96478 CancelIo
0x140f96480 GetModuleHandleA
0x140f96488 GetSystemTimeAsFileTime
0x140f96490 GlobalMemoryStatusEx
0x140f96498 SystemTimeToFileTime
0x140f964a0 GetSystemTime
0x140f964a8 GetModuleHandleExW
0x140f964b0 DeleteFiber
0x140f964b8 SwitchToFiber
0x140f964c0 CreateFiber
0x140f964c8 GetStdHandle
0x140f964d0 GetEnvironmentVariableW
0x140f964d8 GetFileType
0x140f964e0 RtlVirtualUnwind
0x140f964e8 QueryPerformanceCounter
0x140f964f0 ConvertFiberToThread
0x140f964f8 ConvertThreadToFiber
0x140f96500 FreeLibrary
0x140f96508 SetConsoleMode
0x140f96510 ReadConsoleA
0x140f96518 GetConsoleMode
0x140f96520 ReadConsoleW
0x140f96528 DisconnectNamedPipe
0x140f96530 WaitNamedPipeW
0x140f96538 CreateNamedPipeW
0x140f96540 ConnectNamedPipe
0x140f96548 ResetEvent
0x140f96550 GlobalFree
0x140f96558 SetHandleInformation
0x140f96560 AreFileApisANSI
0x140f96568 TryEnterCriticalSection
0x140f96570 HeapCreate
0x140f96578 HeapFree
0x140f96580 GetFullPathNameW
0x140f96588 GetDiskFreeSpaceW
0x140f96590 OutputDebugStringA
0x140f96598 LockFile
0x140f965a0 SetFilePointer
0x140f965a8 GetFullPathNameA
0x140f965b0 UnlockFileEx
0x140f965b8 GetTempPathW
0x140f965c0 GetFileAttributesW
0x140f965c8 UnmapViewOfFile
0x140f965d0 HeapValidate
0x140f965d8 HeapSize
0x140f965e0 GetTempPathA
0x140f965e8 GetDiskFreeSpaceA
0x140f965f0 GetFileAttributesA
0x140f965f8 OutputDebugStringW
0x140f96600 FlushViewOfFile
0x140f96608 CreateFileA
0x140f96610 WaitForSingleObjectEx
0x140f96618 DeleteFileA
0x140f96620 HeapReAlloc
0x140f96628 GetSystemInfo
0x140f96630 HeapAlloc
0x140f96638 HeapCompact
0x140f96640 HeapDestroy
0x140f96648 UnlockFile
0x140f96650 LockFileEx
0x140f96658 GetFileSize
0x140f96660 GetProcessHeap
0x140f96668 CreateFileMappingW
0x140f96670 MapViewOfFile
0x140f96678 GetTickCount
0x140f96680 FlushFileBuffers
0x140f96688 CompareStringEx
0x140f96690 GetNativeSystemInfo
0x140f96698 FindFirstFileW
0x140f966a0 IsProcessorFeaturePresent
0x140f966a8 TerminateProcess
0x140f966b0 GetEnvironmentStringsW
0x140f966b8 FreeEnvironmentStringsW
0x140f966c0 DuplicateHandle
0x140f966c8 GetExitCodeProcess
0x140f966d0 GetProcessId
0x140f966d8 GetLocalTime
0x140f966e0 CreateThread
0x140f966e8 SwitchToThread
0x140f966f0 GetThreadPriority
0x140f966f8 ResumeThread
0x140f96700 QueryPerformanceFrequency
0x140f96708 GetTickCount64
0x140f96710 GetUserDefaultLCID
0x140f96718 GetCurrencyFormatW
0x140f96720 GetDateFormatW
0x140f96728 GetTimeFormatW
0x140f96730 GetUserPreferredUILanguages
0x140f96738 RegisterWaitForSingleObject
0x140f96740 UnregisterWaitEx
0x140f96748 ReadFileEx
0x140f96750 PeekNamedPipe
0x140f96758 WriteFileEx
0x140f96760 GetModuleFileNameW
0x140f96768 GetStartupInfoW
0x140f96770 OpenFileMappingW
0x140f96778 VirtualQuery
0x140f96780 TzSpecificLocalTimeToSystemTime
0x140f96788 GetVolumePathNamesForVolumeNameW
0x140f96790 GetFileInformationByHandleEx
0x140f96798 SetFileTime
0x140f967a0 SetErrorMode
0x140f967a8 GetLogicalDrives
0x140f967b0 GetCurrentDirectoryW
0x140f967b8 MoveFileW
0x140f967c0 MoveFileExW
0x140f967c8 FileTimeToSystemTime
0x140f967d0 FindFirstFileExW
0x140f967d8 FindFirstChangeNotificationW
0x140f967e0 FindCloseChangeNotification
0x140f967e8 FindNextChangeNotification
0x140f967f0 GetVolumeNameForVolumeMountPointW
0x140f967f8 GetDiskFreeSpaceExW
0x140f96800 CompareStringW
0x140f96808 LCMapStringW
0x140f96810 CreateSemaphoreW
0x140f96818 ReleaseSemaphore
0x140f96820 GetTimeZoneInformation
0x140f96828 GetUserGeoID
0x140f96830 GetGeoInfoW
0x140f96838 VirtualFree
0x140f96840 VirtualAlloc
0x140f96848 WriteConsoleW
0x140f96850 ReadFile
0x140f96858 CopyFileW
0x140f96860 DeleteFileW
0x140f96868 GetFileInformationByHandle
0x140f96870 CreateFileW
0x140f96878 CreateHardLinkW
0x140f96880 RemoveDirectoryW
0x140f96888 CreateDirectoryW
0x140f96890 GetFileAttributesExW
0x140f96898 CreateIoCompletionPort
0x140f968a0 SleepEx
0x140f968a8 QueueUserAPC
0x140f968b0 TerminateThread
0x140f968b8 SetEvent
0x140f968c0 CreateEventW
0x140f968c8 GetQueuedCompletionStatus
0x140f968d0 InitializeCriticalSectionAndSpinCount
0x140f968d8 SetLastError
0x140f968e0 VerifyVersionInfoA
0x140f968e8 TlsSetValue
0x140f968f0 InitializeSRWLock
0x140f968f8 ReleaseSRWLockExclusive
0x140f96900 AcquireSRWLockExclusive
0x140f96908 SetEnvironmentVariableW
0x140f96910 GetOEMCP
0x140f96918 TryAcquireSRWLockExclusive
0x140f96920 GetLocaleInfoEx
0x140f96928 SetFileAttributesW
0x140f96930 IsValidCodePage
0x140f96938 EnumSystemLocalesW
0x140f96940 IsValidLocale
0x140f96948 SetWaitableTimer
0x140f96950 TlsGetValue
0x140f96958 PostQueuedCompletionStatus
0x140f96960 DeleteCriticalSection
0x140f96968 InitializeCriticalSection
0x140f96970 LeaveCriticalSection
0x140f96978 EnterCriticalSection
0x140f96980 ExitProcess
0x140f96988 GetUserDefaultLangID
0x140f96990 lstrcmpW
0x140f96998 GlobalSize
0x140f969a0 CreateProcessW
0x140f969a8 ExpandEnvironmentStringsW
0x140f969b0 GlobalUnlock
0x140f969b8 GlobalLock
0x140f969c0 GlobalAlloc
0x140f969c8 GetLocaleInfoW
0x140f969d0 CheckRemoteDebuggerPresent
0x140f969d8 OpenProcess
0x140f969e0 WTSGetActiveConsoleSessionId
0x140f969e8 GetModuleHandleW
0x140f969f0 GetCurrentThreadId
0x140f969f8 GetLongPathNameW
0x140f96a00 GetVolumeInformationW
0x140f96a08 GetConsoleWindow
0x140f96a10 LocalAlloc
0x140f96a18 SetThreadExecutionState
0x140f96a20 VerifyVersionInfoW
0x140f96a28 VerSetConditionMask
0x140f96a30 GetSystemDirectoryW
0x140f96a38 GetVolumePathNameW
0x140f96a40 GetDriveTypeW
0x140f96a48 MultiByteToWideChar
0x140f96a50 RtlCaptureStackBackTrace
0x140f96a58 WaitForMultipleObjects
0x140f96a60 Sleep
0x140f96a68 OpenMutexW
0x140f96a70 CreateMutexW
0x140f96a78 WaitForSingleObject
0x140f96a80 ReleaseMutex
0x140f96a88 GetCurrentProcessId
0x140f96a90 WideCharToMultiByte
0x140f96a98 FormatMessageW
0x140f96aa0 FormatMessageA
0x140f96aa8 LocalFree
0x140f96ab0 LoadLibraryW
0x140f96ab8 GetProcAddress
0x140f96ac0 TlsFree
0x140f96ac8 TlsAlloc
0x140f96ad0 SetThreadPriority
0x140f96ad8 GetCurrentThread
0x140f96ae0 GetCurrentProcess
0x140f96ae8 GetLastError
0x140f96af0 CloseHandle
0x140f96af8 SetStdHandle
0x140f96b00 GetCommandLineA
0x140f96b08 SystemTimeToTzSpecificLocalTime
0x140f96b10 FreeLibraryAndExitThread
0x140f96b18 RtlPcToFileHeader
0x140f96b20 RaiseException
0x140f96b28 InitializeConditionVariable
0x140f96b30 WakeConditionVariable
0x140f96b38 WakeAllConditionVariable
0x140f96b40 SleepConditionVariableSRW
0x140f96b48 InitOnceBeginInitialize
0x140f96b50 InitOnceComplete
0x140f96b58 FreeLibraryWhenCallbackReturns
0x140f96b60 CreateThreadpoolWork
0x140f96b68 SubmitThreadpoolWork
0x140f96b70 CloseThreadpoolWork
0x140f96b78 GetExitCodeThread
0x140f96b80 FlsAlloc
0x140f96b88 FlsGetValue
0x140f96b90 FlsSetValue
0x140f96b98 FlsFree
0x140f96ba0 InitializeCriticalSectionEx
0x140f96ba8 GetFileSizeEx
0x140f96bb0 EncodePointer
0x140f96bb8 DecodePointer
0x140f96bc0 LCMapStringEx
0x140f96bc8 GetStringTypeW
0x140f96bd0 GetCPInfo
0x140f96bd8 RtlCaptureContext
0x140f96be0 RtlLookupFunctionEntry
0x140f96be8 UnhandledExceptionFilter
0x140f96bf0 SetUnhandledExceptionFilter
0x140f96bf8 IsDebuggerPresent
0x140f96c00 InitializeSListHead
0x140f96c08 RtlUnwindEx
0x140f96c10 RtlUnwind
0x140f96c18 LoadLibraryExW
0x140f96c20 SetConsoleCtrlHandler
0x140f96c28 GetConsoleOutputCP
0x140f96c30 ExitThread
0x140f96c38 GetCommandLineW
USER32.dll
0x140f96d40 GetCursor
0x140f96d48 GetCursorInfo
0x140f96d50 CreateCursor
0x140f96d58 LoadCursorW
0x140f96d60 SetCursorPos
0x140f96d68 GetClipboardFormatNameW
0x140f96d70 TrackMouseEvent
0x140f96d78 RegisterClipboardFormatW
0x140f96d80 GetMenuItemInfoW
0x140f96d88 ModifyMenuW
0x140f96d90 CreatePopupMenu
0x140f96d98 TrackPopupMenu
0x140f96da0 SetMenu
0x140f96da8 GetAsyncKeyState
0x140f96db0 GetMessageExtraInfo
0x140f96db8 GetTouchInputInfo
0x140f96dc0 CloseTouchInputHandle
0x140f96dc8 GetWindowTextW
0x140f96dd0 EnumWindows
0x140f96dd8 RealGetWindowClassW
0x140f96de0 ChangeWindowMessageFilterEx
0x140f96de8 GetProcessWindowStation
0x140f96df0 GetUserObjectInformationW
0x140f96df8 PostThreadMessageW
0x140f96e00 KillTimer
0x140f96e08 GetQueueStatus
0x140f96e10 SetTimer
0x140f96e18 RegisterClassW
0x140f96e20 MsgWaitForMultipleObjectsEx
0x140f96e28 TranslateMessage
0x140f96e30 DispatchMessageW
0x140f96e38 UnregisterDeviceNotification
0x140f96e40 RegisterDeviceNotificationW
0x140f96e48 EnumDisplayDevicesW
0x140f96e50 DestroyMenu
0x140f96e58 DrawMenuBar
0x140f96e60 InsertMenuW
0x140f96e68 RemoveMenu
0x140f96e70 AppendMenuW
0x140f96e78 CreateMenu
0x140f96e80 LoadIconW
0x140f96e88 GetKeyState
0x140f96e90 MapVirtualKeyW
0x140f96e98 GetKeyboardState
0x140f96ea0 SetMenuItemInfoW
0x140f96ea8 PeekMessageW
0x140f96eb0 ToUnicode
0x140f96eb8 TrackPopupMenuEx
0x140f96ec0 IsZoomed
0x140f96ec8 ToAscii
0x140f96ed0 MonitorFromWindow
0x140f96ed8 EnumDisplayMonitors
0x140f96ee0 GetMonitorInfoW
0x140f96ee8 HideCaret
0x140f96ef0 SetCaretPos
0x140f96ef8 CreateCaret
0x140f96f00 GetKeyboardLayout
0x140f96f08 IsWindowEnabled
0x140f96f10 DestroyCaret
0x140f96f18 ShowCaret
0x140f96f20 FindWindowA
0x140f96f28 SetClipboardViewer
0x140f96f30 IsHungAppWindow
0x140f96f38 ChangeClipboardChain
0x140f96f40 GetFocus
0x140f96f48 UnregisterClassW
0x140f96f50 ChildWindowFromPointEx
0x140f96f58 RegisterClassExW
0x140f96f60 WindowFromPoint
0x140f96f68 GetClassInfoW
0x140f96f70 GetKeyboardLayoutList
0x140f96f78 UnregisterPowerSettingNotification
0x140f96f80 RegisterPowerSettingNotification
0x140f96f88 GetSysColorBrush
0x140f96f90 LoadImageW
0x140f96f98 GetCursorPos
0x140f96fa0 GetWindowLongW
0x140f96fa8 GetWindowThreadProcessId
0x140f96fb0 DefWindowProcW
0x140f96fb8 AdjustWindowRectEx
0x140f96fc0 IsTouchWindow
0x140f96fc8 PostMessageW
0x140f96fd0 MonitorFromPoint
0x140f96fd8 GetWindow
0x140f96fe0 GetWindowRect
0x140f96fe8 GetMenu
0x140f96ff0 DestroyWindow
0x140f96ff8 IsWindowVisible
0x140f97000 SetWindowPos
0x140f97008 SetWindowLongPtrW
0x140f97010 SetWindowRgn
0x140f97018 CreateWindowExW
0x140f97020 ScreenToClient
0x140f97028 SendMessageW
0x140f97030 SetWindowTextW
0x140f97038 GetWindowLongPtrW
0x140f97040 GetWindowPlacement
0x140f97048 DestroyCursor
0x140f97050 ShowWindow
0x140f97058 GetCapture
0x140f97060 RegisterTouchWindow
0x140f97068 ClientToScreen
0x140f97070 IsChild
0x140f97078 SetWindowPlacement
0x140f97080 AttachThreadInput
0x140f97088 GetForegroundWindow
0x140f97090 MoveWindow
0x140f97098 UnregisterTouchWindow
0x140f970a0 SetLayeredWindowAttributes
0x140f970a8 SetFocus
0x140f970b0 GetUpdateRect
0x140f970b8 SetParent
0x140f970c0 SetCapture
0x140f970c8 SetCursor
0x140f970d0 FlashWindowEx
0x140f970d8 SetWindowLongW
0x140f970e0 GetClientRect
0x140f970e8 GetParent
0x140f970f0 ReleaseCapture
0x140f970f8 SetForegroundWindow
0x140f97100 InvalidateRect
0x140f97108 GetAncestor
0x140f97110 IsIconic
0x140f97118 BeginPaint
0x140f97120 EndPaint
0x140f97128 MessageBeep
0x140f97130 IsWindow
0x140f97138 GetDoubleClickTime
0x140f97140 GetCaretBlinkTime
0x140f97148 GetDesktopWindow
0x140f97150 UpdateLayeredWindowIndirect
0x140f97158 GetSystemMetrics
0x140f97160 GetSysColor
0x140f97168 EnableMenuItem
0x140f97170 GetSystemMenu
0x140f97178 SystemParametersInfoW
0x140f97180 DrawIconEx
0x140f97188 GetIconInfo
0x140f97190 CreateIconIndirect
0x140f97198 ReleaseDC
0x140f971a0 GetDC
0x140f971a8 MessageBoxW
0x140f971b0 RegisterWindowMessageW
0x140f971b8 DestroyIcon
0x140f971c0 AllowSetForegroundWindow
0x140f971c8 ShutdownBlockReasonDestroy
0x140f971d0 ShutdownBlockReasonCreate
0x140f971d8 CharNextExA
0x140f971e0 UpdateLayeredWindow
GDI32.dll
0x140f96218 CreateDIBSection
0x140f96220 CreateBitmap
0x140f96228 GetDIBits
0x140f96230 GetRegionData
0x140f96238 DeleteObject
0x140f96240 ExtTextOutW
0x140f96248 SetTextAlign
0x140f96250 SetBkMode
0x140f96258 SetTextColor
0x140f96260 GetCharABCWidthsW
0x140f96268 GetCharABCWidthsI
0x140f96270 GetCharABCWidthsFloatW
0x140f96278 GetGlyphOutlineW
0x140f96280 SetWorldTransform
0x140f96288 SetGraphicsMode
0x140f96290 GetTextExtentPoint32W
0x140f96298 GetOutlineTextMetricsW
0x140f962a0 GetTextFaceW
0x140f962a8 GetStockObject
0x140f962b0 RemoveFontResourceExW
0x140f962b8 AddFontResourceExW
0x140f962c0 GetTextMetricsW
0x140f962c8 RemoveFontMemResourceEx
0x140f962d0 AddFontMemResourceEx
0x140f962d8 EnumFontFamiliesExW
0x140f962e0 GetFontData
0x140f962e8 CreateFontIndirectW
0x140f962f0 GdiFlush
0x140f962f8 GetBitmapBits
0x140f96300 CreateCompatibleBitmap
0x140f96308 CreateDCW
0x140f96310 GetDeviceCaps
0x140f96318 SetLayout
0x140f96320 OffsetRgn
0x140f96328 SelectClipRgn
0x140f96330 BitBlt
0x140f96338 SelectObject
0x140f96340 DeleteDC
0x140f96348 CreateCompatibleDC
0x140f96350 CreateRectRgn
0x140f96358 CombineRgn
0x140f96360 GetObjectW
SHELL32.dll
0x140f96ca8 SHGetKnownFolderPath
0x140f96cb0 Shell_NotifyIconGetRect
0x140f96cb8 Shell_NotifyIconW
0x140f96cc0 SHCreateItemFromIDList
0x140f96cc8 SHGetPathFromIDListW
0x140f96cd0 SHGetKnownFolderIDList
0x140f96cd8 SHBrowseForFolderW
0x140f96ce0 SHGetMalloc
0x140f96ce8 SHGetStockIconInfo
0x140f96cf0 None
0x140f96cf8 SHCreateItemFromParsingName
0x140f96d00 SHGetFileInfoW
0x140f96d08 ShellExecuteW
0x140f96d10 SHOpenFolderAndSelectItems
0x140f96d18 None
0x140f96d20 None
0x140f96d28 SHChangeNotify
0x140f96d30 CommandLineToArgvW
ole32.dll
0x140f97488 DoDragDrop
0x140f97490 OleFlushClipboard
0x140f97498 CoGetMalloc
0x140f974a0 CoGetApartmentType
0x140f974a8 OleIsCurrentClipboard
0x140f974b0 OleSetClipboard
0x140f974b8 OleInitialize
0x140f974c0 OleUninitialize
0x140f974c8 RevokeDragDrop
0x140f974d0 CoLockObjectExternal
0x140f974d8 RegisterDragDrop
0x140f974e0 CoInitialize
0x140f974e8 CoTaskMemFree
0x140f974f0 StringFromGUID2
0x140f974f8 CoCreateGuid
0x140f97500 CoCreateInstance
0x140f97508 CoInitializeEx
0x140f97510 ReleaseStgMedium
0x140f97518 CoUninitialize
0x140f97520 OleGetClipboard
0x140f97528 CoGetObjectContext
OLEAUT32.dll
0x140f96c70 SafeArrayCreateVector
0x140f96c78 SafeArrayPutElement
0x140f96c80 SysFreeString
0x140f96c88 SysAllocString
ADVAPI32.dll
0x140f96000 RegOpenKeyExW
0x140f96008 RegQueryInfoKeyW
0x140f96010 RegEnumKeyExW
0x140f96018 RegCloseKey
0x140f96020 InitiateSystemShutdownW
0x140f96028 RegFlushKey
0x140f96030 RegSetValueExW
0x140f96038 RegDeleteValueW
0x140f96040 RegDeleteKeyW
0x140f96048 RegEnumValueW
0x140f96050 RegCreateKeyExW
0x140f96058 GetEffectiveRightsFromAclW
0x140f96060 AccessCheck
0x140f96068 MapGenericMask
0x140f96070 LookupAccountSidW
0x140f96078 GetNamedSecurityInfoW
0x140f96080 DuplicateToken
0x140f96088 BuildTrusteeWithSidW
0x140f96090 CopySid
0x140f96098 SystemFunction036
0x140f960a0 GetSidSubAuthorityCount
0x140f960a8 GetSidSubAuthority
0x140f960b0 RegNotifyChangeKeyValue
0x140f960b8 SetSecurityDescriptorDacl
0x140f960c0 SetSecurityDescriptorGroup
0x140f960c8 SetSecurityDescriptorOwner
0x140f960d0 FreeSid
0x140f960d8 AddAccessAllowedAce
0x140f960e0 InitializeAcl
0x140f960e8 GetLengthSid
0x140f960f0 AllocateAndInitializeSid
0x140f960f8 GetTokenInformation
0x140f96100 InitializeSecurityDescriptor
0x140f96108 CryptDestroyKey
0x140f96110 CryptGetUserKey
0x140f96118 CryptAcquireContextW
0x140f96120 CryptEnumProvidersW
0x140f96128 CryptDecrypt
0x140f96130 CryptExportKey
0x140f96138 CryptCreateHash
0x140f96140 CryptSetHashParam
0x140f96148 CryptDestroyHash
0x140f96150 CryptSignHashW
0x140f96158 CryptGetProvParam
0x140f96160 CryptReleaseContext
0x140f96168 DeregisterEventSource
0x140f96170 RegisterEventSourceW
0x140f96178 LookupPrivilegeValueW
0x140f96180 AdjustTokenPrivileges
0x140f96188 OpenProcessToken
0x140f96190 ReportEventW
0x140f96198 RegQueryValueExW
MPR.dll
0x140f96c48 WNetGetUniversalNameW
USERENV.dll
0x140f971f0 GetUserProfileDirectoryW
VERSION.dll
0x140f97290 VerQueryValueW
0x140f97298 GetFileVersionInfoW
0x140f972a0 GetFileVersionInfoSizeW
NETAPI32.dll
0x140f96c58 NetApiBufferFree
0x140f96c60 NetShareEnum
WINMM.dll
0x140f972b0 timeKillEvent
0x140f972b8 timeSetEvent
0x140f972c0 PlaySoundW
IMM32.dll
0x140f96370 ImmGetVirtualKey
0x140f96378 ImmNotifyIME
0x140f96380 ImmAssociateContextEx
0x140f96388 ImmSetCandidateWindow
0x140f96390 ImmGetOpenStatus
0x140f96398 ImmAssociateContext
0x140f963a0 ImmGetCompositionStringW
0x140f963a8 ImmSetCompositionWindow
0x140f963b0 ImmReleaseContext
0x140f963b8 ImmGetContext
0x140f963c0 ImmGetDefaultIMEWnd
UxTheme.dll
0x140f97200 SetWindowTheme
0x140f97208 IsThemeBackgroundPartiallyTransparent
0x140f97210 GetCurrentThemeName
0x140f97218 IsThemeActive
0x140f97220 CloseThemeData
0x140f97228 GetThemeBackgroundRegion
0x140f97230 IsAppThemed
0x140f97238 None
0x140f97240 GetThemeMargins
0x140f97248 GetThemeInt
0x140f97250 OpenThemeData
0x140f97258 GetThemeColor
0x140f97260 GetThemePartSize
0x140f97268 GetThemeEnumValue
0x140f97270 GetThemeTransitionDuration
0x140f97278 GetThemePropertyOrigin
0x140f97280 GetThemeBool
dwmapi.dll
0x140f97460 DwmIsCompositionEnabled
0x140f97468 DwmGetWindowAttribute
0x140f97470 DwmEnableBlurBehindWindow
0x140f97478 DwmSetWindowAttribute
WTSAPI32.dll
0x140f97428 WTSFreeMemory
0x140f97430 WTSQuerySessionInformationW
dbgeng.dll
0x140f97450 DebugCreate
crypt.dll
0x140f97440 BCryptGenRandom
EAT(Export Address Table) is none