ScreenShot
| Created | 2023.05.08 09:29 | Machine | s1_win7_x6401 |
| Filename | rmns.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetectMalware, GenericKD, Artemis, Vwjn, malicious, BadFile, Detected, ZelphiF, zU0@amCYCibi, ai score=88, Generic@AI, RDML, 13w1+JJZKC18sLNW93tFsw, susgen, PossibleThreat, grayware, confidence) | ||
| md5 | dc159d07b8cdde55acebc57c1ca08e45 | ||
| sha256 | 70f051b880fe4c1ba666269ebc42be586904c8147d42355dc33fd0ad82b0a03f | ||
| ssdeep | 24576:TKgCA7Bl3nbpmdT2neHo4Y/fqfbePDDxYqJBUSbz9DuPyQjkbsGMV9Tq:O5A7BJbH7JTxXJeSbz9xQjXLVl | ||
| imphash | 7a407a2f1a899d49895c3da4ca25ebdd | ||
| impfuzzy | 192:ocg8cdRuuNwEUh99KSoIN5TmZgXF9l/k1UmhrPOQHxxJb:/cvN+9OGVrc1UsPOQHx7b | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | Executes one or more WMI queries |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x62ca7c SysFreeString
0x62ca80 SysReAllocStringLen
0x62ca84 SysAllocStringLen
advapi32.dll
0x62ca8c RegQueryValueExW
0x62ca90 RegOpenKeyExW
0x62ca94 RegCloseKey
user32.dll
0x62ca9c MessageBoxA
0x62caa0 CharNextW
0x62caa4 LoadStringW
kernel32.dll
0x62caac Sleep
0x62cab0 VirtualFree
0x62cab4 VirtualAlloc
0x62cab8 lstrlenW
0x62cabc VirtualQuery
0x62cac0 QueryPerformanceCounter
0x62cac4 GetTickCount
0x62cac8 GetSystemInfo
0x62cacc GetVersion
0x62cad0 CompareStringW
0x62cad4 IsDBCSLeadByteEx
0x62cad8 IsValidLocale
0x62cadc SetThreadLocale
0x62cae0 GetSystemDefaultUILanguage
0x62cae4 GetUserDefaultUILanguage
0x62cae8 GetLocaleInfoW
0x62caec WideCharToMultiByte
0x62caf0 MultiByteToWideChar
0x62caf4 GetConsoleOutputCP
0x62caf8 GetConsoleCP
0x62cafc GetACP
0x62cb00 LoadLibraryExW
0x62cb04 GetStartupInfoW
0x62cb08 GetProcAddress
0x62cb0c GetModuleHandleW
0x62cb10 GetModuleFileNameW
0x62cb14 GetCommandLineW
0x62cb18 FreeLibrary
0x62cb1c GetLastError
0x62cb20 UnhandledExceptionFilter
0x62cb24 RtlUnwind
0x62cb28 RaiseException
0x62cb2c ExitProcess
0x62cb30 ExitThread
0x62cb34 SwitchToThread
0x62cb38 GetCurrentThreadId
0x62cb3c CreateThread
0x62cb40 DeleteCriticalSection
0x62cb44 LeaveCriticalSection
0x62cb48 EnterCriticalSection
0x62cb4c InitializeCriticalSection
0x62cb50 FindFirstFileW
0x62cb54 FindClose
0x62cb58 WriteFile
0x62cb5c SetFilePointer
0x62cb60 SetEndOfFile
0x62cb64 ReadFile
0x62cb68 GetFileType
0x62cb6c GetFileSize
0x62cb70 CreateFileW
0x62cb74 GetStdHandle
0x62cb78 CloseHandle
kernel32.dll
0x62cb80 GetProcAddress
0x62cb84 RaiseException
0x62cb88 LoadLibraryA
0x62cb8c GetLastError
0x62cb90 TlsSetValue
0x62cb94 TlsGetValue
0x62cb98 LocalFree
0x62cb9c LocalAlloc
0x62cba0 GetModuleHandleW
0x62cba4 FreeLibrary
user32.dll
0x62cbac SetClassLongW
0x62cbb0 GetClassLongW
0x62cbb4 SetWindowLongW
0x62cbb8 GetWindowLongW
0x62cbbc CreateWindowExW
0x62cbc0 WindowFromPoint
0x62cbc4 WaitMessage
0x62cbc8 UpdateWindow
0x62cbcc UnregisterClassW
0x62cbd0 UnhookWindowsHookEx
0x62cbd4 TranslateMessage
0x62cbd8 TranslateMDISysAccel
0x62cbdc TrackPopupMenu
0x62cbe0 SystemParametersInfoW
0x62cbe4 ShowWindow
0x62cbe8 ShowScrollBar
0x62cbec ShowOwnedPopups
0x62cbf0 ShowCaret
0x62cbf4 SetWindowRgn
0x62cbf8 SetWindowsHookExW
0x62cbfc SetWindowTextW
0x62cc00 SetWindowPos
0x62cc04 SetWindowPlacement
0x62cc08 SetTimer
0x62cc0c SetScrollRange
0x62cc10 SetScrollPos
0x62cc14 SetScrollInfo
0x62cc18 SetRect
0x62cc1c SetPropW
0x62cc20 SetParent
0x62cc24 SetMenuItemInfoW
0x62cc28 SetMenu
0x62cc2c SetForegroundWindow
0x62cc30 SetFocus
0x62cc34 SetCursorPos
0x62cc38 SetCursor
0x62cc3c SetClipboardData
0x62cc40 SetCapture
0x62cc44 SetActiveWindow
0x62cc48 SendMessageA
0x62cc4c SendMessageW
0x62cc50 ScrollWindow
0x62cc54 ScreenToClient
0x62cc58 RemovePropW
0x62cc5c RemoveMenu
0x62cc60 ReleaseDC
0x62cc64 ReleaseCapture
0x62cc68 RegisterWindowMessageW
0x62cc6c RegisterClipboardFormatW
0x62cc70 RegisterClassW
0x62cc74 RedrawWindow
0x62cc78 PostQuitMessage
0x62cc7c PostMessageW
0x62cc80 PeekMessageA
0x62cc84 PeekMessageW
0x62cc88 OpenClipboard
0x62cc8c MsgWaitForMultipleObjectsEx
0x62cc90 MsgWaitForMultipleObjects
0x62cc94 MessageBoxW
0x62cc98 MessageBeep
0x62cc9c MapWindowPoints
0x62cca0 MapVirtualKeyW
0x62cca4 LoadStringW
0x62cca8 LoadKeyboardLayoutW
0x62ccac LoadIconW
0x62ccb0 LoadCursorW
0x62ccb4 LoadBitmapW
0x62ccb8 KillTimer
0x62ccbc IsZoomed
0x62ccc0 IsWindowVisible
0x62ccc4 IsWindowUnicode
0x62ccc8 IsWindowEnabled
0x62cccc IsWindow
0x62ccd0 IsIconic
0x62ccd4 IsDialogMessageA
0x62ccd8 IsDialogMessageW
0x62ccdc IsChild
0x62cce0 InvalidateRect
0x62cce4 InsertMenuItemW
0x62cce8 InsertMenuW
0x62ccec HideCaret
0x62ccf0 GetWindowThreadProcessId
0x62ccf4 GetWindowTextW
0x62ccf8 GetWindowRect
0x62ccfc GetWindowPlacement
0x62cd00 GetWindowDC
0x62cd04 GetTopWindow
0x62cd08 GetSystemMetrics
0x62cd0c GetSystemMenu
0x62cd10 GetSysColorBrush
0x62cd14 GetSysColor
0x62cd18 GetSubMenu
0x62cd1c GetScrollRange
0x62cd20 GetScrollPos
0x62cd24 GetScrollInfo
0x62cd28 GetPropW
0x62cd2c GetParent
0x62cd30 GetWindow
0x62cd34 GetMessagePos
0x62cd38 GetMessageExtraInfo
0x62cd3c GetMenuStringW
0x62cd40 GetMenuState
0x62cd44 GetMenuItemInfoW
0x62cd48 GetMenuItemID
0x62cd4c GetMenuItemCount
0x62cd50 GetMenu
0x62cd54 GetLastActivePopup
0x62cd58 GetKeyboardState
0x62cd5c GetKeyboardLayoutNameW
0x62cd60 GetKeyboardLayoutList
0x62cd64 GetKeyboardLayout
0x62cd68 GetKeyState
0x62cd6c GetKeyNameTextW
0x62cd70 GetIconInfo
0x62cd74 GetForegroundWindow
0x62cd78 GetFocus
0x62cd7c GetDlgCtrlID
0x62cd80 GetDesktopWindow
0x62cd84 GetDCEx
0x62cd88 GetDC
0x62cd8c GetCursorPos
0x62cd90 GetCursor
0x62cd94 GetClipboardData
0x62cd98 GetClientRect
0x62cd9c GetClassNameW
0x62cda0 GetClassInfoExW
0x62cda4 GetClassInfoW
0x62cda8 GetCapture
0x62cdac GetActiveWindow
0x62cdb0 FrameRect
0x62cdb4 FindWindowExW
0x62cdb8 FindWindowW
0x62cdbc FillRect
0x62cdc0 EnumWindows
0x62cdc4 EnumThreadWindows
0x62cdc8 EnumChildWindows
0x62cdcc EndPaint
0x62cdd0 EndMenu
0x62cdd4 EnableWindow
0x62cdd8 EnableScrollBar
0x62cddc EnableMenuItem
0x62cde0 EmptyClipboard
0x62cde4 DrawTextExW
0x62cde8 DrawTextW
0x62cdec DrawMenuBar
0x62cdf0 DrawIconEx
0x62cdf4 DrawIcon
0x62cdf8 DrawFrameControl
0x62cdfc DrawFocusRect
0x62ce00 DrawEdge
0x62ce04 DispatchMessageA
0x62ce08 DispatchMessageW
0x62ce0c DestroyWindow
0x62ce10 DestroyMenu
0x62ce14 DestroyIcon
0x62ce18 DestroyCursor
0x62ce1c DeleteMenu
0x62ce20 DefWindowProcW
0x62ce24 DefMDIChildProcW
0x62ce28 DefFrameProcW
0x62ce2c CreatePopupMenu
0x62ce30 CreateMenu
0x62ce34 CreateIcon
0x62ce38 CreateAcceleratorTableW
0x62ce3c CopyImage
0x62ce40 CopyIcon
0x62ce44 CloseClipboard
0x62ce48 ClientToScreen
0x62ce4c CheckMenuItem
0x62ce50 CharUpperBuffW
0x62ce54 CharUpperW
0x62ce58 CharNextW
0x62ce5c CharLowerBuffW
0x62ce60 CharLowerW
0x62ce64 CallWindowProcW
0x62ce68 CallNextHookEx
0x62ce6c BeginPaint
0x62ce70 AdjustWindowRectEx
0x62ce74 ActivateKeyboardLayout
gdi32.dll
0x62ce7c UnrealizeObject
0x62ce80 StretchDIBits
0x62ce84 StretchBlt
0x62ce88 StartPage
0x62ce8c StartDocW
0x62ce90 SetWindowOrgEx
0x62ce94 SetWinMetaFileBits
0x62ce98 SetViewportOrgEx
0x62ce9c SetTextColor
0x62cea0 SetStretchBltMode
0x62cea4 SetROP2
0x62cea8 SetPixel
0x62ceac SetEnhMetaFileBits
0x62ceb0 SetDIBits
0x62ceb4 SetDIBColorTable
0x62ceb8 SetBrushOrgEx
0x62cebc SetBkMode
0x62cec0 SetBkColor
0x62cec4 SetAbortProc
0x62cec8 SelectPalette
0x62cecc SelectObject
0x62ced0 SaveDC
0x62ced4 RoundRect
0x62ced8 RestoreDC
0x62cedc Rectangle
0x62cee0 RectVisible
0x62cee4 RealizePalette
0x62cee8 Polyline
0x62ceec Polygon
0x62cef0 PolyBezierTo
0x62cef4 PolyBezier
0x62cef8 PlayEnhMetaFile
0x62cefc Pie
0x62cf00 PatBlt
0x62cf04 MoveToEx
0x62cf08 MaskBlt
0x62cf0c LineTo
0x62cf10 IntersectClipRect
0x62cf14 GetWindowOrgEx
0x62cf18 GetWinMetaFileBits
0x62cf1c GetTextMetricsW
0x62cf20 GetTextExtentPointW
0x62cf24 GetTextExtentPoint32W
0x62cf28 GetSystemPaletteEntries
0x62cf2c GetStockObject
0x62cf30 GetRgnBox
0x62cf34 GetPixel
0x62cf38 GetPaletteEntries
0x62cf3c GetObjectW
0x62cf40 GetEnhMetaFilePaletteEntries
0x62cf44 GetEnhMetaFileHeader
0x62cf48 GetEnhMetaFileDescriptionW
0x62cf4c GetEnhMetaFileBits
0x62cf50 GetDeviceCaps
0x62cf54 GetDIBits
0x62cf58 GetDIBColorTable
0x62cf5c GetCurrentPositionEx
0x62cf60 GetClipBox
0x62cf64 GetBrushOrgEx
0x62cf68 GetBitmapBits
0x62cf6c GdiFlush
0x62cf70 FrameRgn
0x62cf74 ExtTextOutW
0x62cf78 ExtFloodFill
0x62cf7c ExcludeClipRect
0x62cf80 EnumFontsW
0x62cf84 EnumFontFamiliesExW
0x62cf88 EndPage
0x62cf8c EndDoc
0x62cf90 Ellipse
0x62cf94 DeleteObject
0x62cf98 DeleteEnhMetaFile
0x62cf9c DeleteDC
0x62cfa0 CreateSolidBrush
0x62cfa4 CreateRectRgn
0x62cfa8 CreatePenIndirect
0x62cfac CreatePalette
0x62cfb0 CreateICW
0x62cfb4 CreateHalftonePalette
0x62cfb8 CreateFontIndirectW
0x62cfbc CreateDIBitmap
0x62cfc0 CreateDIBSection
0x62cfc4 CreateDCW
0x62cfc8 CreateCompatibleDC
0x62cfcc CreateCompatibleBitmap
0x62cfd0 CreateBrushIndirect
0x62cfd4 CreateBitmap
0x62cfd8 CopyEnhMetaFileW
0x62cfdc Chord
0x62cfe0 BitBlt
0x62cfe4 ArcTo
0x62cfe8 Arc
0x62cfec AngleArc
0x62cff0 AbortDoc
version.dll
0x62cff8 VerQueryValueW
0x62cffc GetFileVersionInfoSizeW
0x62d000 GetFileVersionInfoW
kernel32.dll
0x62d008 WriteFile
0x62d00c WideCharToMultiByte
0x62d010 WaitForSingleObject
0x62d014 WaitForMultipleObjectsEx
0x62d018 VirtualQueryEx
0x62d01c VirtualQuery
0x62d020 VirtualProtect
0x62d024 VirtualFree
0x62d028 VirtualAlloc
0x62d02c VerSetConditionMask
0x62d030 VerifyVersionInfoW
0x62d034 TryEnterCriticalSection
0x62d038 SwitchToThread
0x62d03c SuspendThread
0x62d040 Sleep
0x62d044 SizeofResource
0x62d048 SetThreadPriority
0x62d04c SetThreadLocale
0x62d050 SetLastError
0x62d054 SetFilePointer
0x62d058 SetEvent
0x62d05c SetErrorMode
0x62d060 SetEndOfFile
0x62d064 ResumeThread
0x62d068 ResetEvent
0x62d06c ReadFile
0x62d070 RaiseException
0x62d074 IsDebuggerPresent
0x62d078 MulDiv
0x62d07c LockResource
0x62d080 LocalFree
0x62d084 LoadResource
0x62d088 LoadLibraryW
0x62d08c LeaveCriticalSection
0x62d090 IsValidLocale
0x62d094 InitializeCriticalSection
0x62d098 HeapSize
0x62d09c HeapFree
0x62d0a0 HeapDestroy
0x62d0a4 HeapCreate
0x62d0a8 HeapAlloc
0x62d0ac GlobalUnlock
0x62d0b0 GlobalLock
0x62d0b4 GlobalFree
0x62d0b8 GlobalFindAtomW
0x62d0bc GlobalDeleteAtom
0x62d0c0 GlobalAlloc
0x62d0c4 GlobalAddAtomW
0x62d0c8 GetVersionExW
0x62d0cc GetVersion
0x62d0d0 GetTickCount
0x62d0d4 GetThreadPriority
0x62d0d8 GetThreadLocale
0x62d0dc GetSystemTimes
0x62d0e0 GetStdHandle
0x62d0e4 GetProcAddress
0x62d0e8 GetModuleHandleW
0x62d0ec GetModuleFileNameW
0x62d0f0 GetLocaleInfoW
0x62d0f4 GetLocalTime
0x62d0f8 GetLastError
0x62d0fc GetFullPathNameW
0x62d100 GetFileAttributesW
0x62d104 GetExitCodeThread
0x62d108 GetEnvironmentVariableW
0x62d10c GetDiskFreeSpaceW
0x62d110 GetDateFormatW
0x62d114 GetCurrentThreadId
0x62d118 GetCurrentThread
0x62d11c GetCurrentProcessId
0x62d120 GetCurrentProcess
0x62d124 GetCPInfoExW
0x62d128 GetCPInfo
0x62d12c GetACP
0x62d130 FreeResource
0x62d134 InterlockedExchange
0x62d138 InterlockedCompareExchange
0x62d13c FreeLibrary
0x62d140 FormatMessageW
0x62d144 FindResourceW
0x62d148 FindFirstFileW
0x62d14c FindClose
0x62d150 ExpandEnvironmentStringsW
0x62d154 ExitProcess
0x62d158 EnumSystemLocalesW
0x62d15c EnumResourceNamesW
0x62d160 EnumCalendarInfoW
0x62d164 EnterCriticalSection
0x62d168 DeleteCriticalSection
0x62d16c CreateThread
0x62d170 CreateFileW
0x62d174 CreateEventW
0x62d178 CreateDirectoryW
0x62d17c CopyFileW
0x62d180 CompareStringW
0x62d184 CloseHandle
advapi32.dll
0x62d18c RegUnLoadKeyW
0x62d190 RegSetValueExW
0x62d194 RegSaveKeyW
0x62d198 RegRestoreKeyW
0x62d19c RegReplaceKeyW
0x62d1a0 RegQueryValueExW
0x62d1a4 RegQueryInfoKeyW
0x62d1a8 RegOpenKeyExW
0x62d1ac RegLoadKeyW
0x62d1b0 RegFlushKey
0x62d1b4 RegEnumValueW
0x62d1b8 RegEnumKeyExW
0x62d1bc RegDeleteValueW
0x62d1c0 RegDeleteKeyW
0x62d1c4 RegCreateKeyExW
0x62d1c8 RegConnectRegistryW
0x62d1cc RegCloseKey
0x62d1d0 OpenProcessToken
0x62d1d4 LookupPrivilegeValueW
0x62d1d8 AdjustTokenPrivileges
kernel32.dll
0x62d1e0 Sleep
oleaut32.dll
0x62d1e8 SafeArrayPtrOfIndex
0x62d1ec SafeArrayGetUBound
0x62d1f0 SafeArrayGetLBound
0x62d1f4 SafeArrayCreate
0x62d1f8 VariantChangeType
0x62d1fc VariantCopy
0x62d200 VariantClear
0x62d204 VariantInit
oleaut32.dll
0x62d20c GetErrorInfo
0x62d210 SysFreeString
ole32.dll
0x62d218 OleUninitialize
0x62d21c OleInitialize
0x62d220 CoTaskMemFree
0x62d224 CoTaskMemAlloc
0x62d228 CoCreateInstance
0x62d22c CoUninitialize
0x62d230 CoInitialize
0x62d234 IsEqualGUID
comctl32.dll
0x62d23c InitializeFlatSB
0x62d240 FlatSB_SetScrollProp
0x62d244 FlatSB_SetScrollPos
0x62d248 FlatSB_SetScrollInfo
0x62d24c FlatSB_GetScrollPos
0x62d250 FlatSB_GetScrollInfo
0x62d254 _TrackMouseEvent
0x62d258 ImageList_GetImageInfo
0x62d25c ImageList_SetIconSize
0x62d260 ImageList_GetIconSize
0x62d264 ImageList_Write
0x62d268 ImageList_Read
0x62d26c ImageList_GetDragImage
0x62d270 ImageList_DragShowNolock
0x62d274 ImageList_DragMove
0x62d278 ImageList_DragLeave
0x62d27c ImageList_DragEnter
0x62d280 ImageList_EndDrag
0x62d284 ImageList_BeginDrag
0x62d288 ImageList_Copy
0x62d28c ImageList_LoadImageW
0x62d290 ImageList_GetIcon
0x62d294 ImageList_Remove
0x62d298 ImageList_DrawEx
0x62d29c ImageList_Replace
0x62d2a0 ImageList_Draw
0x62d2a4 ImageList_SetOverlayImage
0x62d2a8 ImageList_GetBkColor
0x62d2ac ImageList_SetBkColor
0x62d2b0 ImageList_ReplaceIcon
0x62d2b4 ImageList_Add
0x62d2b8 ImageList_SetImageCount
0x62d2bc ImageList_GetImageCount
0x62d2c0 ImageList_Destroy
0x62d2c4 ImageList_Create
user32.dll
0x62d2cc EnumDisplayMonitors
0x62d2d0 GetMonitorInfoW
0x62d2d4 MonitorFromPoint
0x62d2d8 MonitorFromRect
0x62d2dc MonitorFromWindow
shell32.dll
0x62d2e4 Shell_NotifyIconW
winspool.drv
0x62d2ec OpenPrinterW
0x62d2f0 EnumPrintersW
0x62d2f4 DocumentPropertiesW
0x62d2f8 ClosePrinter
winspool.drv
0x62d300 GetDefaultPrinterW
advapi32.dll
0x62d308 QueryServiceStatus
0x62d30c OpenServiceW
0x62d310 OpenSCManagerW
0x62d314 CloseServiceHandle
shell32.dll
0x62d31c ShellExecuteW
kernel32.dll
0x62d324 Wow64DisableWow64FsRedirection
EAT(Export Address Table) Library
0x45ea20 TMethodImplementationIntercept
oleaut32.dll
0x62ca7c SysFreeString
0x62ca80 SysReAllocStringLen
0x62ca84 SysAllocStringLen
advapi32.dll
0x62ca8c RegQueryValueExW
0x62ca90 RegOpenKeyExW
0x62ca94 RegCloseKey
user32.dll
0x62ca9c MessageBoxA
0x62caa0 CharNextW
0x62caa4 LoadStringW
kernel32.dll
0x62caac Sleep
0x62cab0 VirtualFree
0x62cab4 VirtualAlloc
0x62cab8 lstrlenW
0x62cabc VirtualQuery
0x62cac0 QueryPerformanceCounter
0x62cac4 GetTickCount
0x62cac8 GetSystemInfo
0x62cacc GetVersion
0x62cad0 CompareStringW
0x62cad4 IsDBCSLeadByteEx
0x62cad8 IsValidLocale
0x62cadc SetThreadLocale
0x62cae0 GetSystemDefaultUILanguage
0x62cae4 GetUserDefaultUILanguage
0x62cae8 GetLocaleInfoW
0x62caec WideCharToMultiByte
0x62caf0 MultiByteToWideChar
0x62caf4 GetConsoleOutputCP
0x62caf8 GetConsoleCP
0x62cafc GetACP
0x62cb00 LoadLibraryExW
0x62cb04 GetStartupInfoW
0x62cb08 GetProcAddress
0x62cb0c GetModuleHandleW
0x62cb10 GetModuleFileNameW
0x62cb14 GetCommandLineW
0x62cb18 FreeLibrary
0x62cb1c GetLastError
0x62cb20 UnhandledExceptionFilter
0x62cb24 RtlUnwind
0x62cb28 RaiseException
0x62cb2c ExitProcess
0x62cb30 ExitThread
0x62cb34 SwitchToThread
0x62cb38 GetCurrentThreadId
0x62cb3c CreateThread
0x62cb40 DeleteCriticalSection
0x62cb44 LeaveCriticalSection
0x62cb48 EnterCriticalSection
0x62cb4c InitializeCriticalSection
0x62cb50 FindFirstFileW
0x62cb54 FindClose
0x62cb58 WriteFile
0x62cb5c SetFilePointer
0x62cb60 SetEndOfFile
0x62cb64 ReadFile
0x62cb68 GetFileType
0x62cb6c GetFileSize
0x62cb70 CreateFileW
0x62cb74 GetStdHandle
0x62cb78 CloseHandle
kernel32.dll
0x62cb80 GetProcAddress
0x62cb84 RaiseException
0x62cb88 LoadLibraryA
0x62cb8c GetLastError
0x62cb90 TlsSetValue
0x62cb94 TlsGetValue
0x62cb98 LocalFree
0x62cb9c LocalAlloc
0x62cba0 GetModuleHandleW
0x62cba4 FreeLibrary
user32.dll
0x62cbac SetClassLongW
0x62cbb0 GetClassLongW
0x62cbb4 SetWindowLongW
0x62cbb8 GetWindowLongW
0x62cbbc CreateWindowExW
0x62cbc0 WindowFromPoint
0x62cbc4 WaitMessage
0x62cbc8 UpdateWindow
0x62cbcc UnregisterClassW
0x62cbd0 UnhookWindowsHookEx
0x62cbd4 TranslateMessage
0x62cbd8 TranslateMDISysAccel
0x62cbdc TrackPopupMenu
0x62cbe0 SystemParametersInfoW
0x62cbe4 ShowWindow
0x62cbe8 ShowScrollBar
0x62cbec ShowOwnedPopups
0x62cbf0 ShowCaret
0x62cbf4 SetWindowRgn
0x62cbf8 SetWindowsHookExW
0x62cbfc SetWindowTextW
0x62cc00 SetWindowPos
0x62cc04 SetWindowPlacement
0x62cc08 SetTimer
0x62cc0c SetScrollRange
0x62cc10 SetScrollPos
0x62cc14 SetScrollInfo
0x62cc18 SetRect
0x62cc1c SetPropW
0x62cc20 SetParent
0x62cc24 SetMenuItemInfoW
0x62cc28 SetMenu
0x62cc2c SetForegroundWindow
0x62cc30 SetFocus
0x62cc34 SetCursorPos
0x62cc38 SetCursor
0x62cc3c SetClipboardData
0x62cc40 SetCapture
0x62cc44 SetActiveWindow
0x62cc48 SendMessageA
0x62cc4c SendMessageW
0x62cc50 ScrollWindow
0x62cc54 ScreenToClient
0x62cc58 RemovePropW
0x62cc5c RemoveMenu
0x62cc60 ReleaseDC
0x62cc64 ReleaseCapture
0x62cc68 RegisterWindowMessageW
0x62cc6c RegisterClipboardFormatW
0x62cc70 RegisterClassW
0x62cc74 RedrawWindow
0x62cc78 PostQuitMessage
0x62cc7c PostMessageW
0x62cc80 PeekMessageA
0x62cc84 PeekMessageW
0x62cc88 OpenClipboard
0x62cc8c MsgWaitForMultipleObjectsEx
0x62cc90 MsgWaitForMultipleObjects
0x62cc94 MessageBoxW
0x62cc98 MessageBeep
0x62cc9c MapWindowPoints
0x62cca0 MapVirtualKeyW
0x62cca4 LoadStringW
0x62cca8 LoadKeyboardLayoutW
0x62ccac LoadIconW
0x62ccb0 LoadCursorW
0x62ccb4 LoadBitmapW
0x62ccb8 KillTimer
0x62ccbc IsZoomed
0x62ccc0 IsWindowVisible
0x62ccc4 IsWindowUnicode
0x62ccc8 IsWindowEnabled
0x62cccc IsWindow
0x62ccd0 IsIconic
0x62ccd4 IsDialogMessageA
0x62ccd8 IsDialogMessageW
0x62ccdc IsChild
0x62cce0 InvalidateRect
0x62cce4 InsertMenuItemW
0x62cce8 InsertMenuW
0x62ccec HideCaret
0x62ccf0 GetWindowThreadProcessId
0x62ccf4 GetWindowTextW
0x62ccf8 GetWindowRect
0x62ccfc GetWindowPlacement
0x62cd00 GetWindowDC
0x62cd04 GetTopWindow
0x62cd08 GetSystemMetrics
0x62cd0c GetSystemMenu
0x62cd10 GetSysColorBrush
0x62cd14 GetSysColor
0x62cd18 GetSubMenu
0x62cd1c GetScrollRange
0x62cd20 GetScrollPos
0x62cd24 GetScrollInfo
0x62cd28 GetPropW
0x62cd2c GetParent
0x62cd30 GetWindow
0x62cd34 GetMessagePos
0x62cd38 GetMessageExtraInfo
0x62cd3c GetMenuStringW
0x62cd40 GetMenuState
0x62cd44 GetMenuItemInfoW
0x62cd48 GetMenuItemID
0x62cd4c GetMenuItemCount
0x62cd50 GetMenu
0x62cd54 GetLastActivePopup
0x62cd58 GetKeyboardState
0x62cd5c GetKeyboardLayoutNameW
0x62cd60 GetKeyboardLayoutList
0x62cd64 GetKeyboardLayout
0x62cd68 GetKeyState
0x62cd6c GetKeyNameTextW
0x62cd70 GetIconInfo
0x62cd74 GetForegroundWindow
0x62cd78 GetFocus
0x62cd7c GetDlgCtrlID
0x62cd80 GetDesktopWindow
0x62cd84 GetDCEx
0x62cd88 GetDC
0x62cd8c GetCursorPos
0x62cd90 GetCursor
0x62cd94 GetClipboardData
0x62cd98 GetClientRect
0x62cd9c GetClassNameW
0x62cda0 GetClassInfoExW
0x62cda4 GetClassInfoW
0x62cda8 GetCapture
0x62cdac GetActiveWindow
0x62cdb0 FrameRect
0x62cdb4 FindWindowExW
0x62cdb8 FindWindowW
0x62cdbc FillRect
0x62cdc0 EnumWindows
0x62cdc4 EnumThreadWindows
0x62cdc8 EnumChildWindows
0x62cdcc EndPaint
0x62cdd0 EndMenu
0x62cdd4 EnableWindow
0x62cdd8 EnableScrollBar
0x62cddc EnableMenuItem
0x62cde0 EmptyClipboard
0x62cde4 DrawTextExW
0x62cde8 DrawTextW
0x62cdec DrawMenuBar
0x62cdf0 DrawIconEx
0x62cdf4 DrawIcon
0x62cdf8 DrawFrameControl
0x62cdfc DrawFocusRect
0x62ce00 DrawEdge
0x62ce04 DispatchMessageA
0x62ce08 DispatchMessageW
0x62ce0c DestroyWindow
0x62ce10 DestroyMenu
0x62ce14 DestroyIcon
0x62ce18 DestroyCursor
0x62ce1c DeleteMenu
0x62ce20 DefWindowProcW
0x62ce24 DefMDIChildProcW
0x62ce28 DefFrameProcW
0x62ce2c CreatePopupMenu
0x62ce30 CreateMenu
0x62ce34 CreateIcon
0x62ce38 CreateAcceleratorTableW
0x62ce3c CopyImage
0x62ce40 CopyIcon
0x62ce44 CloseClipboard
0x62ce48 ClientToScreen
0x62ce4c CheckMenuItem
0x62ce50 CharUpperBuffW
0x62ce54 CharUpperW
0x62ce58 CharNextW
0x62ce5c CharLowerBuffW
0x62ce60 CharLowerW
0x62ce64 CallWindowProcW
0x62ce68 CallNextHookEx
0x62ce6c BeginPaint
0x62ce70 AdjustWindowRectEx
0x62ce74 ActivateKeyboardLayout
gdi32.dll
0x62ce7c UnrealizeObject
0x62ce80 StretchDIBits
0x62ce84 StretchBlt
0x62ce88 StartPage
0x62ce8c StartDocW
0x62ce90 SetWindowOrgEx
0x62ce94 SetWinMetaFileBits
0x62ce98 SetViewportOrgEx
0x62ce9c SetTextColor
0x62cea0 SetStretchBltMode
0x62cea4 SetROP2
0x62cea8 SetPixel
0x62ceac SetEnhMetaFileBits
0x62ceb0 SetDIBits
0x62ceb4 SetDIBColorTable
0x62ceb8 SetBrushOrgEx
0x62cebc SetBkMode
0x62cec0 SetBkColor
0x62cec4 SetAbortProc
0x62cec8 SelectPalette
0x62cecc SelectObject
0x62ced0 SaveDC
0x62ced4 RoundRect
0x62ced8 RestoreDC
0x62cedc Rectangle
0x62cee0 RectVisible
0x62cee4 RealizePalette
0x62cee8 Polyline
0x62ceec Polygon
0x62cef0 PolyBezierTo
0x62cef4 PolyBezier
0x62cef8 PlayEnhMetaFile
0x62cefc Pie
0x62cf00 PatBlt
0x62cf04 MoveToEx
0x62cf08 MaskBlt
0x62cf0c LineTo
0x62cf10 IntersectClipRect
0x62cf14 GetWindowOrgEx
0x62cf18 GetWinMetaFileBits
0x62cf1c GetTextMetricsW
0x62cf20 GetTextExtentPointW
0x62cf24 GetTextExtentPoint32W
0x62cf28 GetSystemPaletteEntries
0x62cf2c GetStockObject
0x62cf30 GetRgnBox
0x62cf34 GetPixel
0x62cf38 GetPaletteEntries
0x62cf3c GetObjectW
0x62cf40 GetEnhMetaFilePaletteEntries
0x62cf44 GetEnhMetaFileHeader
0x62cf48 GetEnhMetaFileDescriptionW
0x62cf4c GetEnhMetaFileBits
0x62cf50 GetDeviceCaps
0x62cf54 GetDIBits
0x62cf58 GetDIBColorTable
0x62cf5c GetCurrentPositionEx
0x62cf60 GetClipBox
0x62cf64 GetBrushOrgEx
0x62cf68 GetBitmapBits
0x62cf6c GdiFlush
0x62cf70 FrameRgn
0x62cf74 ExtTextOutW
0x62cf78 ExtFloodFill
0x62cf7c ExcludeClipRect
0x62cf80 EnumFontsW
0x62cf84 EnumFontFamiliesExW
0x62cf88 EndPage
0x62cf8c EndDoc
0x62cf90 Ellipse
0x62cf94 DeleteObject
0x62cf98 DeleteEnhMetaFile
0x62cf9c DeleteDC
0x62cfa0 CreateSolidBrush
0x62cfa4 CreateRectRgn
0x62cfa8 CreatePenIndirect
0x62cfac CreatePalette
0x62cfb0 CreateICW
0x62cfb4 CreateHalftonePalette
0x62cfb8 CreateFontIndirectW
0x62cfbc CreateDIBitmap
0x62cfc0 CreateDIBSection
0x62cfc4 CreateDCW
0x62cfc8 CreateCompatibleDC
0x62cfcc CreateCompatibleBitmap
0x62cfd0 CreateBrushIndirect
0x62cfd4 CreateBitmap
0x62cfd8 CopyEnhMetaFileW
0x62cfdc Chord
0x62cfe0 BitBlt
0x62cfe4 ArcTo
0x62cfe8 Arc
0x62cfec AngleArc
0x62cff0 AbortDoc
version.dll
0x62cff8 VerQueryValueW
0x62cffc GetFileVersionInfoSizeW
0x62d000 GetFileVersionInfoW
kernel32.dll
0x62d008 WriteFile
0x62d00c WideCharToMultiByte
0x62d010 WaitForSingleObject
0x62d014 WaitForMultipleObjectsEx
0x62d018 VirtualQueryEx
0x62d01c VirtualQuery
0x62d020 VirtualProtect
0x62d024 VirtualFree
0x62d028 VirtualAlloc
0x62d02c VerSetConditionMask
0x62d030 VerifyVersionInfoW
0x62d034 TryEnterCriticalSection
0x62d038 SwitchToThread
0x62d03c SuspendThread
0x62d040 Sleep
0x62d044 SizeofResource
0x62d048 SetThreadPriority
0x62d04c SetThreadLocale
0x62d050 SetLastError
0x62d054 SetFilePointer
0x62d058 SetEvent
0x62d05c SetErrorMode
0x62d060 SetEndOfFile
0x62d064 ResumeThread
0x62d068 ResetEvent
0x62d06c ReadFile
0x62d070 RaiseException
0x62d074 IsDebuggerPresent
0x62d078 MulDiv
0x62d07c LockResource
0x62d080 LocalFree
0x62d084 LoadResource
0x62d088 LoadLibraryW
0x62d08c LeaveCriticalSection
0x62d090 IsValidLocale
0x62d094 InitializeCriticalSection
0x62d098 HeapSize
0x62d09c HeapFree
0x62d0a0 HeapDestroy
0x62d0a4 HeapCreate
0x62d0a8 HeapAlloc
0x62d0ac GlobalUnlock
0x62d0b0 GlobalLock
0x62d0b4 GlobalFree
0x62d0b8 GlobalFindAtomW
0x62d0bc GlobalDeleteAtom
0x62d0c0 GlobalAlloc
0x62d0c4 GlobalAddAtomW
0x62d0c8 GetVersionExW
0x62d0cc GetVersion
0x62d0d0 GetTickCount
0x62d0d4 GetThreadPriority
0x62d0d8 GetThreadLocale
0x62d0dc GetSystemTimes
0x62d0e0 GetStdHandle
0x62d0e4 GetProcAddress
0x62d0e8 GetModuleHandleW
0x62d0ec GetModuleFileNameW
0x62d0f0 GetLocaleInfoW
0x62d0f4 GetLocalTime
0x62d0f8 GetLastError
0x62d0fc GetFullPathNameW
0x62d100 GetFileAttributesW
0x62d104 GetExitCodeThread
0x62d108 GetEnvironmentVariableW
0x62d10c GetDiskFreeSpaceW
0x62d110 GetDateFormatW
0x62d114 GetCurrentThreadId
0x62d118 GetCurrentThread
0x62d11c GetCurrentProcessId
0x62d120 GetCurrentProcess
0x62d124 GetCPInfoExW
0x62d128 GetCPInfo
0x62d12c GetACP
0x62d130 FreeResource
0x62d134 InterlockedExchange
0x62d138 InterlockedCompareExchange
0x62d13c FreeLibrary
0x62d140 FormatMessageW
0x62d144 FindResourceW
0x62d148 FindFirstFileW
0x62d14c FindClose
0x62d150 ExpandEnvironmentStringsW
0x62d154 ExitProcess
0x62d158 EnumSystemLocalesW
0x62d15c EnumResourceNamesW
0x62d160 EnumCalendarInfoW
0x62d164 EnterCriticalSection
0x62d168 DeleteCriticalSection
0x62d16c CreateThread
0x62d170 CreateFileW
0x62d174 CreateEventW
0x62d178 CreateDirectoryW
0x62d17c CopyFileW
0x62d180 CompareStringW
0x62d184 CloseHandle
advapi32.dll
0x62d18c RegUnLoadKeyW
0x62d190 RegSetValueExW
0x62d194 RegSaveKeyW
0x62d198 RegRestoreKeyW
0x62d19c RegReplaceKeyW
0x62d1a0 RegQueryValueExW
0x62d1a4 RegQueryInfoKeyW
0x62d1a8 RegOpenKeyExW
0x62d1ac RegLoadKeyW
0x62d1b0 RegFlushKey
0x62d1b4 RegEnumValueW
0x62d1b8 RegEnumKeyExW
0x62d1bc RegDeleteValueW
0x62d1c0 RegDeleteKeyW
0x62d1c4 RegCreateKeyExW
0x62d1c8 RegConnectRegistryW
0x62d1cc RegCloseKey
0x62d1d0 OpenProcessToken
0x62d1d4 LookupPrivilegeValueW
0x62d1d8 AdjustTokenPrivileges
kernel32.dll
0x62d1e0 Sleep
oleaut32.dll
0x62d1e8 SafeArrayPtrOfIndex
0x62d1ec SafeArrayGetUBound
0x62d1f0 SafeArrayGetLBound
0x62d1f4 SafeArrayCreate
0x62d1f8 VariantChangeType
0x62d1fc VariantCopy
0x62d200 VariantClear
0x62d204 VariantInit
oleaut32.dll
0x62d20c GetErrorInfo
0x62d210 SysFreeString
ole32.dll
0x62d218 OleUninitialize
0x62d21c OleInitialize
0x62d220 CoTaskMemFree
0x62d224 CoTaskMemAlloc
0x62d228 CoCreateInstance
0x62d22c CoUninitialize
0x62d230 CoInitialize
0x62d234 IsEqualGUID
comctl32.dll
0x62d23c InitializeFlatSB
0x62d240 FlatSB_SetScrollProp
0x62d244 FlatSB_SetScrollPos
0x62d248 FlatSB_SetScrollInfo
0x62d24c FlatSB_GetScrollPos
0x62d250 FlatSB_GetScrollInfo
0x62d254 _TrackMouseEvent
0x62d258 ImageList_GetImageInfo
0x62d25c ImageList_SetIconSize
0x62d260 ImageList_GetIconSize
0x62d264 ImageList_Write
0x62d268 ImageList_Read
0x62d26c ImageList_GetDragImage
0x62d270 ImageList_DragShowNolock
0x62d274 ImageList_DragMove
0x62d278 ImageList_DragLeave
0x62d27c ImageList_DragEnter
0x62d280 ImageList_EndDrag
0x62d284 ImageList_BeginDrag
0x62d288 ImageList_Copy
0x62d28c ImageList_LoadImageW
0x62d290 ImageList_GetIcon
0x62d294 ImageList_Remove
0x62d298 ImageList_DrawEx
0x62d29c ImageList_Replace
0x62d2a0 ImageList_Draw
0x62d2a4 ImageList_SetOverlayImage
0x62d2a8 ImageList_GetBkColor
0x62d2ac ImageList_SetBkColor
0x62d2b0 ImageList_ReplaceIcon
0x62d2b4 ImageList_Add
0x62d2b8 ImageList_SetImageCount
0x62d2bc ImageList_GetImageCount
0x62d2c0 ImageList_Destroy
0x62d2c4 ImageList_Create
user32.dll
0x62d2cc EnumDisplayMonitors
0x62d2d0 GetMonitorInfoW
0x62d2d4 MonitorFromPoint
0x62d2d8 MonitorFromRect
0x62d2dc MonitorFromWindow
shell32.dll
0x62d2e4 Shell_NotifyIconW
winspool.drv
0x62d2ec OpenPrinterW
0x62d2f0 EnumPrintersW
0x62d2f4 DocumentPropertiesW
0x62d2f8 ClosePrinter
winspool.drv
0x62d300 GetDefaultPrinterW
advapi32.dll
0x62d308 QueryServiceStatus
0x62d30c OpenServiceW
0x62d310 OpenSCManagerW
0x62d314 CloseServiceHandle
shell32.dll
0x62d31c ShellExecuteW
kernel32.dll
0x62d324 Wow64DisableWow64FsRedirection
EAT(Export Address Table) Library
0x45ea20 TMethodImplementationIntercept