ScreenShot
| Created | 2023.03.17 07:52 | Machine | s1_win7_x6401 |
| Filename | My5PdKnB | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 8 detected (malicious, high confidence, Artemis, confidence, 100%, Attribute, HighConfidence, score) | ||
| md5 | 6f262e779fc26d8dd89c942c744eecba | ||
| sha256 | 0b8682fe1ee1d9a8ad485452179e9c8651c682660591077e0fb7077e89af81bd | ||
| ssdeep | 12288:UF+tM6XshMhiEPV8dltumwktXEaUfRLN7ku4xAYuIbm6YvKKypnweFcqFXeN2wq:O/6XqMciFypnwscqReN2D | ||
| imphash | ae55e8b8a9d3d40a822932c6e1ca35d5 | ||
| impfuzzy | 48:TsZEomWtdS1CcjBc+ppn0339QQ5mS5ECnB+F/KA/X09jKJOzi7OaJ:gEQtdS1CwBc+ppnar+cyJ | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| watch | Attempts to remove evidence of file being downloaded from the Internet |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | Expresses interest in specific running processes |
| notice | File has been identified by 8 AntiVirus engines on VirusTotal as malicious |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x18005d038 SetFilePointerEx
0x18005d040 GetFileSizeEx
0x18005d048 GetConsoleMode
0x18005d050 GetConsoleOutputCP
0x18005d058 WriteFile
0x18005d060 FlushFileBuffers
0x18005d068 SetStdHandle
0x18005d070 ReadFile
0x18005d078 HeapSize
0x18005d080 GetStringTypeW
0x18005d088 SetConsoleCtrlHandler
0x18005d090 GetFileType
0x18005d098 GetStdHandle
0x18005d0a0 GetProcessHeap
0x18005d0a8 EnumSystemLocalesW
0x18005d0b0 GetUserDefaultLCID
0x18005d0b8 ReadConsoleW
0x18005d0c0 OutputDebugStringW
0x18005d0c8 CreateFileW
0x18005d0d0 CloseHandle
0x18005d0d8 WriteConsoleW
0x18005d0e0 HeapReAlloc
0x18005d0e8 ExitProcess
0x18005d0f0 IsValidLocale
0x18005d0f8 GetLocaleInfoW
0x18005d100 LCMapStringW
0x18005d108 CompareStringW
0x18005d110 GetTimeFormatW
0x18005d118 GetDateFormatW
0x18005d120 FlsFree
0x18005d128 FlsSetValue
0x18005d130 FlsGetValue
0x18005d138 FlsAlloc
0x18005d140 UnhandledExceptionFilter
0x18005d148 SetUnhandledExceptionFilter
0x18005d150 GetCurrentProcess
0x18005d158 TerminateProcess
0x18005d160 IsProcessorFeaturePresent
0x18005d168 IsDebuggerPresent
0x18005d170 GetStartupInfoW
0x18005d178 GetModuleHandleW
0x18005d180 QueryPerformanceCounter
0x18005d188 GetCurrentProcessId
0x18005d190 GetCurrentThreadId
0x18005d198 GetSystemTimeAsFileTime
0x18005d1a0 InitializeSListHead
0x18005d1a8 RtlUnwindEx
0x18005d1b0 InterlockedPushEntrySList
0x18005d1b8 InterlockedFlushSList
0x18005d1c0 GetLastError
0x18005d1c8 SetLastError
0x18005d1d0 EncodePointer
0x18005d1d8 RaiseException
0x18005d1e0 EnterCriticalSection
0x18005d1e8 LeaveCriticalSection
0x18005d1f0 DeleteCriticalSection
0x18005d1f8 InitializeCriticalSectionAndSpinCount
0x18005d200 TlsAlloc
0x18005d208 TlsGetValue
0x18005d210 TlsSetValue
0x18005d218 TlsFree
0x18005d220 FreeLibrary
0x18005d228 GetProcAddress
0x18005d230 LoadLibraryExW
0x18005d238 RtlPcToFileHeader
0x18005d240 GetModuleHandleExW
0x18005d248 GetModuleFileNameW
0x18005d250 GetCurrentThread
0x18005d258 HeapAlloc
0x18005d260 HeapFree
0x18005d268 FindClose
0x18005d270 FindFirstFileExW
0x18005d278 FindNextFileW
0x18005d280 IsValidCodePage
0x18005d288 GetACP
0x18005d290 GetOEMCP
0x18005d298 GetCPInfo
0x18005d2a0 GetCommandLineA
0x18005d2a8 GetCommandLineW
0x18005d2b0 MultiByteToWideChar
0x18005d2b8 WideCharToMultiByte
0x18005d2c0 GetEnvironmentStringsW
0x18005d2c8 FreeEnvironmentStringsW
0x18005d2d0 SetEnvironmentVariableW
0x18005d2d8 RtlUnwind
USER32.dll
0x18005d2e8 GetGestureInfo
0x18005d2f0 InvalidateRect
0x18005d2f8 ScreenToClient
0x18005d300 CloseGestureInfoHandle
0x18005d308 EndPaint
0x18005d310 BeginPaint
0x18005d318 UpdateWindow
0x18005d320 PostQuitMessage
0x18005d328 LoadCursorW
0x18005d330 GetMessageW
0x18005d338 DefWindowProcW
0x18005d340 DestroyWindow
0x18005d348 CreateWindowExW
0x18005d350 RegisterClassExW
0x18005d358 LoadStringW
0x18005d360 ShowWindow
0x18005d368 DispatchMessageW
0x18005d370 SetGestureConfig
0x18005d378 TranslateAcceleratorW
0x18005d380 TranslateMessage
GDI32.dll
0x18005d000 Polyline
0x18005d008 LineTo
0x18005d010 CreatePen
0x18005d018 MoveToEx
0x18005d020 DeleteObject
0x18005d028 SelectObject
ntdll.dll
0x18005d390 NtQueueApcThread
0x18005d398 ZwOpenSymbolicLinkObject
0x18005d3a0 LdrFindResource_U
0x18005d3a8 NtAllocateVirtualMemory
0x18005d3b0 NtTestAlert
0x18005d3b8 LdrAccessResource
0x18005d3c0 RtlCaptureContext
0x18005d3c8 RtlLookupFunctionEntry
0x18005d3d0 RtlVirtualUnwind
EAT(Export Address Table) Library
0x180001388 ANJHrtqPyoZlLN
0x180001278 AdDIJNyjoaSeKitBSSfvfV
0x1800010ec AiQuYKFP
0x1800013c8 AjCvWu
0x180001274 AveAkeMGsAwFFAhoKdNXhIMFQ
0x18000137c BFNfItOdrItDPYj
0x18000124c BOhuBWDUsCWLiC
0x180001030 BTMFzdgTuyWjiIBHnce
0x1800011f0 CXLyPNN
0x180001400 CoPzTghLuoRCKv
0x1800011e4 CzSCLOcblUEHZbXguBeBKvOsFr
0x1800013c4 DGWnzoUQDuJFITIs
0x1800013f0 DXFnrcWUukvqM
0x180001f48 DllRegisterServer
0x180001190 DtuklXMCytMEOfG
0x180001080 DvvFQBN
0x18000111c EEFTMFWzodeDNgkOokBFbPUM
0x180001060 EZkpQfdxRULajOkDrGLHdLD
0x180001110 EnFJoeQtlzsJDJiJBmbXoBTpwv
0x180001314 EsKEcLa
0x180001230 EtgJryXb
0x180001108 EwUPpnOBjfPxH
0x180001298 EztRXmoFVqjMSateN
0x180001378 FASZSnNRTIVAAaGcgawnKQZyy
0x1800010b8 FGFyHfFIUhGbYBAZSYZbyICNUd
0x180001130 FRjkVJXkyiheeOfN
0x180001150 FYgbRxuhThTqi
0x1800012b0 FkEiXaMMKAdEpLTECJzhaViXI
0x180001214 GFnuqsATNhcsPXZHiVOxZST
0x18000116c GQJmrAwSczpjroAXcGhyqBUdB
0x180001284 GUBjDl
0x1800012bc GVoDrZwwflq
0x1800013e0 GWOPbRQrBekZviftyaAUwXmnh
0x180001038 HIQgMO
0x1800010d8 HUraWDowXZUfxDa
0x180001218 Hjkwbzu
0x1800012ac IVoyuTGXNLCke
0x180001338 IfyOjidHbwvD
0x1800012dc IxFJaPJQRQSzqlajawLBTzlwKo
0x1800013b4 JOLlxrVluAyNHIhUuvAYwypV
0x18000113c JXiDoHIIyrJjEYKuRb
0x1800011b0 JilnPOgZrXMjkwk
0x180001200 JqWanxhQqUNu
0x1800013d4 KCYGkqzzvPgjOGshmaWLW
0x180001028 KEMrlPvHxelUlZ
0x18000122c KMaMkjqMkYYPMAAJPKLOehoPyY
0x180001234 KVtfEbpbmPAlXPj
0x180001290 KpXiawubnkzsXkEtjJO
0x1800010dc KydgpVnbUe
0x1800010ac LZWxaAtECxaSGoAz
0x1800012ec LxlPnmCsAgDIkxMugK
0x180001254 LyTteGzhZhP
0x1800013b8 MEXTEnCNvZXJLhRKiTCyNPih
0x180001090 MRJugro
0x1800012a0 MdqrgqIfjHmjoZkNi
0x1800012cc MgYMlGlGPQTRsI
0x1800011c0 MopbjpmEaxOdYcIcIYZme
0x180001374 NFxEbaQrvHYBkgyyc
0x180001164 NItPsPAfBOUuIBno
0x180001114 NyTYpQnIzVVNhlVibsSjFCZouP
0x180001340 OaAXUXHduoOFLxnDhBJwzh
0x18000130c OeHfob
0x1800012c8 OsrEfsOyNaoWldUmRfDeFahCz
0x1800012f8 OtMYeClSBjKXnqKKcwvkpdT
0x180001268 PTjntzhnCrFsOVRuqb
0x1800011d0 PVEOpmicZObotzmowwdn
0x1800010a0 PYGtAnBuWCkXSFbfJoxh
0x1800010fc PcZbHHwxtObWwsAZucWAfp
0x1800011dc PovPoPHy
0x180001380 QOhtuDwL
0x180001310 QQDxzrvZSfjOUIRPNLzseI
0x1800010e4 QYoBcsmDtr
0x1800010d0 QovzrGvmggJwZxim
0x1800012d4 QqKulRdFVJbBHCVC
0x180001208 RCwLneA
0x1800010c4 RDObJHtrlrola
0x180001054 REzeBPgrPjfqXzIhh
0x1800011e0 RGBOrgfzlFZp
0x180001324 RPKeSSgM
0x180001118 RQdAORfvPvmaIGRy
0x18000139c RVDzjkJLT
0x180001258 RafiraJdsyHhkrUkSUAP
0x18000112c RcHrWmmOLNdIPtRrxeiTpxK
0x180001098 RhyeGxFvoimELogyAKRX
0x180001300 RvnvpmyFXH
0x18000128c RzhyrZRhTaCrkpVzNZWJJ
0x1800012e0 SEroilFvGNniQXnsDWPk
0x1800011cc SHEXiETJtrLmwE
0x180001248 SNSVCapNinLkfSifuUTvNJqIK
0x18000132c SsWXGFlKVgyFd
0x18000105c SyzWFbcj
0x1800012f4 TcVitUgoXGUbhukoktFdkIxOq
0x18000135c TduqHYDmNXrZKV
0x1800010cc TjBTqyHzHhAoLFLfGY
0x18000127c TjVSBhH
0x180001120 TmbOxSPuaCKjTQdkoqzSHfK
0x18000125c TtBNnCgJgTkJFpD
0x180001308 TvIgNdXUSx
0x1800011d4 TzSUzjg
0x180001390 UDJxLlNRqmQe
0x18000119c UDXYauYgPrF
0x180001100 UXpBejlbdzkHUyTyNgpVAvj
0x180001260 UeFAIttikjEeY
0x18000126c UlChAW
0x180001194 UpTkRmx
0x1800013f8 VExNwjlYg
0x18000107c VHRsAFUmmxLxipPJgASx
0x1800010a8 VMvCWROnVZctFyugptbnj
0x1800013a4 VQxedfdc
0x180001088 VlqxGWBobRWpIkhDn
0x180001104 VosqFKRxxmZnGzYyetlsX
0x180001228 VtLPuusknDVnEcknIWi
0x18000138c VzrIgUnYpWiPOpTQCjcOyHOQvL
0x180001250 WDlLIzGpkykTXerOacc
0x1800011b4 WcUhgrfBCksruIktzmEVETQ
0x1800013ac XAaHwBKTdUMIrSofjLRQz
0x18000131c XcugxixKEViEEvdPn
0x1800011bc XdtxldVAdwEdSzeqiiwkRK
0x18000129c XiqabNWaEVacQZPOtBaeZfTQ
0x180001140 XpcpvddS
0x180001318 XvxlaVsfdxPz
0x18000114c YAOdcRkKCt
0x180001034 YTetVZzmNyKvkVveuQfr
0x180001364 YaFMvtETCKDZR
0x1800013a0 ZBNLCJnhpxDSOT
0x18000102c ZElUPADsWwukqBuUFuN
0x1800010b0 ZFxjuU
0x180001180 ZVvrlqOgrWGBxu
0x1800011fc ZaQteaKo
0x1800011f8 aDplhXUolLHOzURmU
0x180001238 aWAgnPx
0x180001304 aepkOeJbexISOpjdqpAdO
0x180001174 bFJNSMRqZKkdkGFywUYq
0x18000109c bMRJHPuskMVTiMRk
0x1800012fc bQjWpUzXGsxnGL
0x180001240 bXTTzYOyPvUiRkZRDBLQ
0x180001024 cFcabPH
0x180001050 cHWnwNei
0x180001178 cJroyAaMRGBZKQiVGcdISbSggC
0x1800013dc cMbqWFgcyfYpPAZMQhPxGbRvIf
0x1800010c8 cMzQSsaPjsAIxAT
0x180001394 cNnoAjHMMnxP
0x180001348 cjfdDEwiNRLphqCP
0x1800011c8 cpyRwFAkTmFz
0x180001144 csCqbOPOztzwwwTItbQhz
0x1800010d4 cwcBJrgLIAX
0x18000108c cwooDCMZSQrcQhwIRi
0x18000117c dEaZcujcgCRXOAOMRXxQTIZ
0x1800012a4 dJxKvUrsNpWBXGVRVkIreQSQqZ
0x1800011f4 dSicOjGdxL
0x180001330 dZBdCLap
0x180001204 dfWafIzfvGpooqMBMoU
0x18000110c dqAKlLWQ
0x18000121c eKKnuxXh
0x180001320 eVbZyQXCTiktJKiBmDADAX
0x180001264 ecZQGy
0x180001280 enlXAMolcYy
0x180001094 eujISETblSLrqF
0x180001048 fBvnKziIhpJFeq
0x180001070 fKIxQeZnmHGQnL
0x180001350 fqtJbtxYcCRfgECLRnhmWR
0x180001158 gZayWjppLj
0x1800013e8 ghuFSdAqnu
0x18000133c gsSwireqElZWx
0x1800011ac gugBIaopViEQkYczDNaoFnyi
0x1800010e8 gzrsNWNsgTSMUpIQWlrKnm
0x180001148 hDkDpWJOHJCCUXSkrvc
0x1800012b4 hQoovkWJxJEaqrbVLVjdMnh
0x1800012f0 heHRfdfSXYXqiQKY
0x18000104c htAvvkBrrgKfvpfnB
0x1800013fc hvjEnIWqkkeWugboJdEMs
0x1800011ec iMbESoHmzpeslxmNyvwqIuJLeG
0x180001210 jIrCZFAAWeHMzQLThatCcSjHM
0x180001294 jKVRNrEmbhoqoX
0x180001198 jMOUVQhbSEknoJmYsfi
0x1800010bc jWEhzWfxMMfgt
0x18000136c jdutqps
0x18000123c jgyblXAuFjFBSHvQuIAEBgmFUw
0x1800012d0 jpcSbVeZm
0x1800013c0 kKvKCQBlkfWDgEkMmvlx
0x180001360 kUymmoDkujUdzBEZKqMo
0x1800013cc kntoFS
0x180001124 laOmvwEhvcbMCVW
0x1800011a0 lfbaFpOWKIcHqhuL
0x1800012e4 lnhwlVnmQtOXiYSjqpJuNbpFm
0x180001058 lrClBcQNaiYFKv
0x180001134 lsIVDeHGmROqw
0x180001020 mHKUdmwlXBTmQXUhqFQBbsNnwY
0x180001244 mSxcgyXgxX
0x1800013e4 mZVkAxcmWBHnZUkoIShIqwRfy
0x180001078 mskmGsRnaNDRKO
0x1800013f4 muxjxSqjkEYrFBaTgbu
0x180001270 nbdsVazsO
0x180001074 nuxyLgFeidEmICvCGTt
0x180001044 nxMhktIWgckpoSZJfjxdwiqnam
0x180001328 nyhSVQoDUsIjfhIhMf
0x18000115c oSckiTuVcT
0x18000118c oWWVBuPPxS
0x1800013ec omMKSDwANUfqXfbqm
0x1800011b8 ouagPDsnHqnwWPTUt
0x18000103c pKUINBQfNDmWV
0x180001160 pTItjJiQ
0x1800012a8 pUOiqDAlfISJBIpiScsVUVKqJ
0x1800013d0 pnYMWOlXeFiCHkphGjmCpsA
0x1800010c0 qBYermjVYSGw
0x1800013bc qHXqDHUYcRVMrpmTzxgG
0x1800013d8 qUAJrHD
0x180001358 qVkZzbDaEAnCxDfrfO
0x1800010b4 qoywCUeDro
0x180001220 rMFFWOflKRbMBv
0x1800011a4 rmfDtpFEoXWtrZkTrHAGsfb
0x18000134c rpBNTKlbsgWBXp
0x1800010f0 rqCzTizydtlxpNwNvIVB
0x1800012d8 sJqfQmnpRWvPYN
0x180001334 sLTJMxHNTBCWaeuK
0x180001138 sNddOhNNlpJooXDSmrqomweEyb
0x1800012b8 sYczWompbTLVMcDVfQWjE
0x180001344 ssMfBMmJVeRcCEryMgAotBxq
0x1800012c4 swmFqyYoRBDt
0x18000106c syjPtRjVfKvrlmKme
0x180001404 tAZqcTPu
0x180001084 tLObNMeow
0x1800010f8 tPGInxfQgwmbCkK
0x1800010a4 tYjYaOlNpAMKPsdIJbxa
0x1800011e8 talGBbhFPcANuGmAUChpTuGsIy
0x180001170 thfeauoAtfXxPLViMYWsBoDdqV
0x180001128 twadnPlg
0x18000120c vQcHtuYLcUrFMsMeCCrYkmnP
0x1800011a8 vfUVslmruvmv
0x180001068 vrHpumSUKOBzGixd
0x1800010e0 vxcyYOQbsKS
0x180001184 wSFvLHaYLmba
0x1800013a8 wncEgjgOpbrBsd
0x1800011d8 wntdgED
0x180001370 wtNKTWdFIlWGoXAHXr
0x180001040 wwjidNCzUUonAjiSI
0x1800011c4 xIlbPMwupdO
0x1800012c0 xPTOxuuZIgkAUAjgxhOsJpO
0x180001154 xTVzxwbkX
0x180001224 xWungYWZheXhtrQkvbg
0x180001288 xcFOrjCYPXHADvRAkdBAqe
0x180001354 xfUxGkaKadKiAljPAj
0x180001168 xkRBIjZqsTeSh
0x180001188 xtUorZwwkOUIHJGbfewize
0x180001398 xzAcvLPRqyZRvzhsxvrruZM
0x180001368 yQLgQuejrSRiTPqPajDVRBxl
0x1800012e8 ydhGxAriWO
0x1800010f4 yghnTUVScRjThMokCsG
0x180001384 yySxtCijueEHi
0x180001064 zDtEomuatAEChTt
0x1800013b0 zqcRfhzIKDkY
KERNEL32.dll
0x18005d038 SetFilePointerEx
0x18005d040 GetFileSizeEx
0x18005d048 GetConsoleMode
0x18005d050 GetConsoleOutputCP
0x18005d058 WriteFile
0x18005d060 FlushFileBuffers
0x18005d068 SetStdHandle
0x18005d070 ReadFile
0x18005d078 HeapSize
0x18005d080 GetStringTypeW
0x18005d088 SetConsoleCtrlHandler
0x18005d090 GetFileType
0x18005d098 GetStdHandle
0x18005d0a0 GetProcessHeap
0x18005d0a8 EnumSystemLocalesW
0x18005d0b0 GetUserDefaultLCID
0x18005d0b8 ReadConsoleW
0x18005d0c0 OutputDebugStringW
0x18005d0c8 CreateFileW
0x18005d0d0 CloseHandle
0x18005d0d8 WriteConsoleW
0x18005d0e0 HeapReAlloc
0x18005d0e8 ExitProcess
0x18005d0f0 IsValidLocale
0x18005d0f8 GetLocaleInfoW
0x18005d100 LCMapStringW
0x18005d108 CompareStringW
0x18005d110 GetTimeFormatW
0x18005d118 GetDateFormatW
0x18005d120 FlsFree
0x18005d128 FlsSetValue
0x18005d130 FlsGetValue
0x18005d138 FlsAlloc
0x18005d140 UnhandledExceptionFilter
0x18005d148 SetUnhandledExceptionFilter
0x18005d150 GetCurrentProcess
0x18005d158 TerminateProcess
0x18005d160 IsProcessorFeaturePresent
0x18005d168 IsDebuggerPresent
0x18005d170 GetStartupInfoW
0x18005d178 GetModuleHandleW
0x18005d180 QueryPerformanceCounter
0x18005d188 GetCurrentProcessId
0x18005d190 GetCurrentThreadId
0x18005d198 GetSystemTimeAsFileTime
0x18005d1a0 InitializeSListHead
0x18005d1a8 RtlUnwindEx
0x18005d1b0 InterlockedPushEntrySList
0x18005d1b8 InterlockedFlushSList
0x18005d1c0 GetLastError
0x18005d1c8 SetLastError
0x18005d1d0 EncodePointer
0x18005d1d8 RaiseException
0x18005d1e0 EnterCriticalSection
0x18005d1e8 LeaveCriticalSection
0x18005d1f0 DeleteCriticalSection
0x18005d1f8 InitializeCriticalSectionAndSpinCount
0x18005d200 TlsAlloc
0x18005d208 TlsGetValue
0x18005d210 TlsSetValue
0x18005d218 TlsFree
0x18005d220 FreeLibrary
0x18005d228 GetProcAddress
0x18005d230 LoadLibraryExW
0x18005d238 RtlPcToFileHeader
0x18005d240 GetModuleHandleExW
0x18005d248 GetModuleFileNameW
0x18005d250 GetCurrentThread
0x18005d258 HeapAlloc
0x18005d260 HeapFree
0x18005d268 FindClose
0x18005d270 FindFirstFileExW
0x18005d278 FindNextFileW
0x18005d280 IsValidCodePage
0x18005d288 GetACP
0x18005d290 GetOEMCP
0x18005d298 GetCPInfo
0x18005d2a0 GetCommandLineA
0x18005d2a8 GetCommandLineW
0x18005d2b0 MultiByteToWideChar
0x18005d2b8 WideCharToMultiByte
0x18005d2c0 GetEnvironmentStringsW
0x18005d2c8 FreeEnvironmentStringsW
0x18005d2d0 SetEnvironmentVariableW
0x18005d2d8 RtlUnwind
USER32.dll
0x18005d2e8 GetGestureInfo
0x18005d2f0 InvalidateRect
0x18005d2f8 ScreenToClient
0x18005d300 CloseGestureInfoHandle
0x18005d308 EndPaint
0x18005d310 BeginPaint
0x18005d318 UpdateWindow
0x18005d320 PostQuitMessage
0x18005d328 LoadCursorW
0x18005d330 GetMessageW
0x18005d338 DefWindowProcW
0x18005d340 DestroyWindow
0x18005d348 CreateWindowExW
0x18005d350 RegisterClassExW
0x18005d358 LoadStringW
0x18005d360 ShowWindow
0x18005d368 DispatchMessageW
0x18005d370 SetGestureConfig
0x18005d378 TranslateAcceleratorW
0x18005d380 TranslateMessage
GDI32.dll
0x18005d000 Polyline
0x18005d008 LineTo
0x18005d010 CreatePen
0x18005d018 MoveToEx
0x18005d020 DeleteObject
0x18005d028 SelectObject
ntdll.dll
0x18005d390 NtQueueApcThread
0x18005d398 ZwOpenSymbolicLinkObject
0x18005d3a0 LdrFindResource_U
0x18005d3a8 NtAllocateVirtualMemory
0x18005d3b0 NtTestAlert
0x18005d3b8 LdrAccessResource
0x18005d3c0 RtlCaptureContext
0x18005d3c8 RtlLookupFunctionEntry
0x18005d3d0 RtlVirtualUnwind
EAT(Export Address Table) Library
0x180001388 ANJHrtqPyoZlLN
0x180001278 AdDIJNyjoaSeKitBSSfvfV
0x1800010ec AiQuYKFP
0x1800013c8 AjCvWu
0x180001274 AveAkeMGsAwFFAhoKdNXhIMFQ
0x18000137c BFNfItOdrItDPYj
0x18000124c BOhuBWDUsCWLiC
0x180001030 BTMFzdgTuyWjiIBHnce
0x1800011f0 CXLyPNN
0x180001400 CoPzTghLuoRCKv
0x1800011e4 CzSCLOcblUEHZbXguBeBKvOsFr
0x1800013c4 DGWnzoUQDuJFITIs
0x1800013f0 DXFnrcWUukvqM
0x180001f48 DllRegisterServer
0x180001190 DtuklXMCytMEOfG
0x180001080 DvvFQBN
0x18000111c EEFTMFWzodeDNgkOokBFbPUM
0x180001060 EZkpQfdxRULajOkDrGLHdLD
0x180001110 EnFJoeQtlzsJDJiJBmbXoBTpwv
0x180001314 EsKEcLa
0x180001230 EtgJryXb
0x180001108 EwUPpnOBjfPxH
0x180001298 EztRXmoFVqjMSateN
0x180001378 FASZSnNRTIVAAaGcgawnKQZyy
0x1800010b8 FGFyHfFIUhGbYBAZSYZbyICNUd
0x180001130 FRjkVJXkyiheeOfN
0x180001150 FYgbRxuhThTqi
0x1800012b0 FkEiXaMMKAdEpLTECJzhaViXI
0x180001214 GFnuqsATNhcsPXZHiVOxZST
0x18000116c GQJmrAwSczpjroAXcGhyqBUdB
0x180001284 GUBjDl
0x1800012bc GVoDrZwwflq
0x1800013e0 GWOPbRQrBekZviftyaAUwXmnh
0x180001038 HIQgMO
0x1800010d8 HUraWDowXZUfxDa
0x180001218 Hjkwbzu
0x1800012ac IVoyuTGXNLCke
0x180001338 IfyOjidHbwvD
0x1800012dc IxFJaPJQRQSzqlajawLBTzlwKo
0x1800013b4 JOLlxrVluAyNHIhUuvAYwypV
0x18000113c JXiDoHIIyrJjEYKuRb
0x1800011b0 JilnPOgZrXMjkwk
0x180001200 JqWanxhQqUNu
0x1800013d4 KCYGkqzzvPgjOGshmaWLW
0x180001028 KEMrlPvHxelUlZ
0x18000122c KMaMkjqMkYYPMAAJPKLOehoPyY
0x180001234 KVtfEbpbmPAlXPj
0x180001290 KpXiawubnkzsXkEtjJO
0x1800010dc KydgpVnbUe
0x1800010ac LZWxaAtECxaSGoAz
0x1800012ec LxlPnmCsAgDIkxMugK
0x180001254 LyTteGzhZhP
0x1800013b8 MEXTEnCNvZXJLhRKiTCyNPih
0x180001090 MRJugro
0x1800012a0 MdqrgqIfjHmjoZkNi
0x1800012cc MgYMlGlGPQTRsI
0x1800011c0 MopbjpmEaxOdYcIcIYZme
0x180001374 NFxEbaQrvHYBkgyyc
0x180001164 NItPsPAfBOUuIBno
0x180001114 NyTYpQnIzVVNhlVibsSjFCZouP
0x180001340 OaAXUXHduoOFLxnDhBJwzh
0x18000130c OeHfob
0x1800012c8 OsrEfsOyNaoWldUmRfDeFahCz
0x1800012f8 OtMYeClSBjKXnqKKcwvkpdT
0x180001268 PTjntzhnCrFsOVRuqb
0x1800011d0 PVEOpmicZObotzmowwdn
0x1800010a0 PYGtAnBuWCkXSFbfJoxh
0x1800010fc PcZbHHwxtObWwsAZucWAfp
0x1800011dc PovPoPHy
0x180001380 QOhtuDwL
0x180001310 QQDxzrvZSfjOUIRPNLzseI
0x1800010e4 QYoBcsmDtr
0x1800010d0 QovzrGvmggJwZxim
0x1800012d4 QqKulRdFVJbBHCVC
0x180001208 RCwLneA
0x1800010c4 RDObJHtrlrola
0x180001054 REzeBPgrPjfqXzIhh
0x1800011e0 RGBOrgfzlFZp
0x180001324 RPKeSSgM
0x180001118 RQdAORfvPvmaIGRy
0x18000139c RVDzjkJLT
0x180001258 RafiraJdsyHhkrUkSUAP
0x18000112c RcHrWmmOLNdIPtRrxeiTpxK
0x180001098 RhyeGxFvoimELogyAKRX
0x180001300 RvnvpmyFXH
0x18000128c RzhyrZRhTaCrkpVzNZWJJ
0x1800012e0 SEroilFvGNniQXnsDWPk
0x1800011cc SHEXiETJtrLmwE
0x180001248 SNSVCapNinLkfSifuUTvNJqIK
0x18000132c SsWXGFlKVgyFd
0x18000105c SyzWFbcj
0x1800012f4 TcVitUgoXGUbhukoktFdkIxOq
0x18000135c TduqHYDmNXrZKV
0x1800010cc TjBTqyHzHhAoLFLfGY
0x18000127c TjVSBhH
0x180001120 TmbOxSPuaCKjTQdkoqzSHfK
0x18000125c TtBNnCgJgTkJFpD
0x180001308 TvIgNdXUSx
0x1800011d4 TzSUzjg
0x180001390 UDJxLlNRqmQe
0x18000119c UDXYauYgPrF
0x180001100 UXpBejlbdzkHUyTyNgpVAvj
0x180001260 UeFAIttikjEeY
0x18000126c UlChAW
0x180001194 UpTkRmx
0x1800013f8 VExNwjlYg
0x18000107c VHRsAFUmmxLxipPJgASx
0x1800010a8 VMvCWROnVZctFyugptbnj
0x1800013a4 VQxedfdc
0x180001088 VlqxGWBobRWpIkhDn
0x180001104 VosqFKRxxmZnGzYyetlsX
0x180001228 VtLPuusknDVnEcknIWi
0x18000138c VzrIgUnYpWiPOpTQCjcOyHOQvL
0x180001250 WDlLIzGpkykTXerOacc
0x1800011b4 WcUhgrfBCksruIktzmEVETQ
0x1800013ac XAaHwBKTdUMIrSofjLRQz
0x18000131c XcugxixKEViEEvdPn
0x1800011bc XdtxldVAdwEdSzeqiiwkRK
0x18000129c XiqabNWaEVacQZPOtBaeZfTQ
0x180001140 XpcpvddS
0x180001318 XvxlaVsfdxPz
0x18000114c YAOdcRkKCt
0x180001034 YTetVZzmNyKvkVveuQfr
0x180001364 YaFMvtETCKDZR
0x1800013a0 ZBNLCJnhpxDSOT
0x18000102c ZElUPADsWwukqBuUFuN
0x1800010b0 ZFxjuU
0x180001180 ZVvrlqOgrWGBxu
0x1800011fc ZaQteaKo
0x1800011f8 aDplhXUolLHOzURmU
0x180001238 aWAgnPx
0x180001304 aepkOeJbexISOpjdqpAdO
0x180001174 bFJNSMRqZKkdkGFywUYq
0x18000109c bMRJHPuskMVTiMRk
0x1800012fc bQjWpUzXGsxnGL
0x180001240 bXTTzYOyPvUiRkZRDBLQ
0x180001024 cFcabPH
0x180001050 cHWnwNei
0x180001178 cJroyAaMRGBZKQiVGcdISbSggC
0x1800013dc cMbqWFgcyfYpPAZMQhPxGbRvIf
0x1800010c8 cMzQSsaPjsAIxAT
0x180001394 cNnoAjHMMnxP
0x180001348 cjfdDEwiNRLphqCP
0x1800011c8 cpyRwFAkTmFz
0x180001144 csCqbOPOztzwwwTItbQhz
0x1800010d4 cwcBJrgLIAX
0x18000108c cwooDCMZSQrcQhwIRi
0x18000117c dEaZcujcgCRXOAOMRXxQTIZ
0x1800012a4 dJxKvUrsNpWBXGVRVkIreQSQqZ
0x1800011f4 dSicOjGdxL
0x180001330 dZBdCLap
0x180001204 dfWafIzfvGpooqMBMoU
0x18000110c dqAKlLWQ
0x18000121c eKKnuxXh
0x180001320 eVbZyQXCTiktJKiBmDADAX
0x180001264 ecZQGy
0x180001280 enlXAMolcYy
0x180001094 eujISETblSLrqF
0x180001048 fBvnKziIhpJFeq
0x180001070 fKIxQeZnmHGQnL
0x180001350 fqtJbtxYcCRfgECLRnhmWR
0x180001158 gZayWjppLj
0x1800013e8 ghuFSdAqnu
0x18000133c gsSwireqElZWx
0x1800011ac gugBIaopViEQkYczDNaoFnyi
0x1800010e8 gzrsNWNsgTSMUpIQWlrKnm
0x180001148 hDkDpWJOHJCCUXSkrvc
0x1800012b4 hQoovkWJxJEaqrbVLVjdMnh
0x1800012f0 heHRfdfSXYXqiQKY
0x18000104c htAvvkBrrgKfvpfnB
0x1800013fc hvjEnIWqkkeWugboJdEMs
0x1800011ec iMbESoHmzpeslxmNyvwqIuJLeG
0x180001210 jIrCZFAAWeHMzQLThatCcSjHM
0x180001294 jKVRNrEmbhoqoX
0x180001198 jMOUVQhbSEknoJmYsfi
0x1800010bc jWEhzWfxMMfgt
0x18000136c jdutqps
0x18000123c jgyblXAuFjFBSHvQuIAEBgmFUw
0x1800012d0 jpcSbVeZm
0x1800013c0 kKvKCQBlkfWDgEkMmvlx
0x180001360 kUymmoDkujUdzBEZKqMo
0x1800013cc kntoFS
0x180001124 laOmvwEhvcbMCVW
0x1800011a0 lfbaFpOWKIcHqhuL
0x1800012e4 lnhwlVnmQtOXiYSjqpJuNbpFm
0x180001058 lrClBcQNaiYFKv
0x180001134 lsIVDeHGmROqw
0x180001020 mHKUdmwlXBTmQXUhqFQBbsNnwY
0x180001244 mSxcgyXgxX
0x1800013e4 mZVkAxcmWBHnZUkoIShIqwRfy
0x180001078 mskmGsRnaNDRKO
0x1800013f4 muxjxSqjkEYrFBaTgbu
0x180001270 nbdsVazsO
0x180001074 nuxyLgFeidEmICvCGTt
0x180001044 nxMhktIWgckpoSZJfjxdwiqnam
0x180001328 nyhSVQoDUsIjfhIhMf
0x18000115c oSckiTuVcT
0x18000118c oWWVBuPPxS
0x1800013ec omMKSDwANUfqXfbqm
0x1800011b8 ouagPDsnHqnwWPTUt
0x18000103c pKUINBQfNDmWV
0x180001160 pTItjJiQ
0x1800012a8 pUOiqDAlfISJBIpiScsVUVKqJ
0x1800013d0 pnYMWOlXeFiCHkphGjmCpsA
0x1800010c0 qBYermjVYSGw
0x1800013bc qHXqDHUYcRVMrpmTzxgG
0x1800013d8 qUAJrHD
0x180001358 qVkZzbDaEAnCxDfrfO
0x1800010b4 qoywCUeDro
0x180001220 rMFFWOflKRbMBv
0x1800011a4 rmfDtpFEoXWtrZkTrHAGsfb
0x18000134c rpBNTKlbsgWBXp
0x1800010f0 rqCzTizydtlxpNwNvIVB
0x1800012d8 sJqfQmnpRWvPYN
0x180001334 sLTJMxHNTBCWaeuK
0x180001138 sNddOhNNlpJooXDSmrqomweEyb
0x1800012b8 sYczWompbTLVMcDVfQWjE
0x180001344 ssMfBMmJVeRcCEryMgAotBxq
0x1800012c4 swmFqyYoRBDt
0x18000106c syjPtRjVfKvrlmKme
0x180001404 tAZqcTPu
0x180001084 tLObNMeow
0x1800010f8 tPGInxfQgwmbCkK
0x1800010a4 tYjYaOlNpAMKPsdIJbxa
0x1800011e8 talGBbhFPcANuGmAUChpTuGsIy
0x180001170 thfeauoAtfXxPLViMYWsBoDdqV
0x180001128 twadnPlg
0x18000120c vQcHtuYLcUrFMsMeCCrYkmnP
0x1800011a8 vfUVslmruvmv
0x180001068 vrHpumSUKOBzGixd
0x1800010e0 vxcyYOQbsKS
0x180001184 wSFvLHaYLmba
0x1800013a8 wncEgjgOpbrBsd
0x1800011d8 wntdgED
0x180001370 wtNKTWdFIlWGoXAHXr
0x180001040 wwjidNCzUUonAjiSI
0x1800011c4 xIlbPMwupdO
0x1800012c0 xPTOxuuZIgkAUAjgxhOsJpO
0x180001154 xTVzxwbkX
0x180001224 xWungYWZheXhtrQkvbg
0x180001288 xcFOrjCYPXHADvRAkdBAqe
0x180001354 xfUxGkaKadKiAljPAj
0x180001168 xkRBIjZqsTeSh
0x180001188 xtUorZwwkOUIHJGbfewize
0x180001398 xzAcvLPRqyZRvzhsxvrruZM
0x180001368 yQLgQuejrSRiTPqPajDVRBxl
0x1800012e8 ydhGxAriWO
0x1800010f4 yghnTUVScRjThMokCsG
0x180001384 yySxtCijueEHi
0x180001064 zDtEomuatAEChTt
0x1800013b0 zqcRfhzIKDkY