ScreenShot
| Created | 2023.10.09 12:41 | Machine | s1_win7_x6403 |
| Filename | AIMP2.eXe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 4 detected (AIDetectMalware, Athena, Detected) | ||
| md5 | 62b71a7a5a313f5144b7bf45b7fcf87a | ||
| sha256 | 1318828fdc81a052de87b9907ff279a4626dd13731bba9596d3f7d4c34695e89 | ||
| ssdeep | 786432:Sddgao43f/IPpNiW8t3IMvcfZtq6oIYKcekU:qdSykiWI3HcxtEoX | ||
| imphash | 7878e4daa75d8a1f8fa3237b352d715d | ||
| impfuzzy | 192:PGlF7J8zfusaWP+0xTEWh0vFA4z1NQezpYjByWhA:P07uM/j1NQezuMWhA | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 4 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1405f50a8 RaiseException
0x1405f50b0 FreeLibrary
0x1405f50b8 RaiseFailFastException
0x1405f50c0 GetExitCodeProcess
0x1405f50c8 TerminateProcess
0x1405f50d0 UnhandledExceptionFilter
0x1405f50d8 SetUnhandledExceptionFilter
0x1405f50e0 AddVectoredExceptionHandler
0x1405f50e8 MultiByteToWideChar
0x1405f50f0 GetTickCount
0x1405f50f8 GetCurrentProcessId
0x1405f5100 FlushInstructionCache
0x1405f5108 QueryPerformanceFrequency
0x1405f5110 QueryPerformanceCounter
0x1405f5118 RtlLookupFunctionEntry
0x1405f5120 LocateXStateFeature
0x1405f5128 RtlDeleteFunctionTable
0x1405f5130 InterlockedPushEntrySList
0x1405f5138 InterlockedFlushSList
0x1405f5140 InitializeSListHead
0x1405f5148 GetTickCount64
0x1405f5150 DuplicateHandle
0x1405f5158 QueueUserAPC
0x1405f5160 WaitForSingleObjectEx
0x1405f5168 SetThreadPriority
0x1405f5170 GetThreadPriority
0x1405f5178 ResumeThread
0x1405f5180 GetCurrentThreadId
0x1405f5188 TlsAlloc
0x1405f5190 GetCurrentThread
0x1405f5198 CreateThread
0x1405f51a0 GetModuleHandleW
0x1405f51a8 WaitForMultipleObjectsEx
0x1405f51b0 SignalObjectAndWait
0x1405f51b8 RtlCaptureContext
0x1405f51c0 SetThreadStackGuarantee
0x1405f51c8 VirtualQuery
0x1405f51d0 WriteFile
0x1405f51d8 GetStdHandle
0x1405f51e0 GetConsoleOutputCP
0x1405f51e8 MapViewOfFileEx
0x1405f51f0 UnmapViewOfFile
0x1405f51f8 GetStringTypeExW
0x1405f5200 SetEvent
0x1405f5208 GetCurrentProcessorNumber
0x1405f5210 GlobalMemoryStatusEx
0x1405f5218 CreateIoCompletionPort
0x1405f5220 PostQueuedCompletionStatus
0x1405f5228 GetQueuedCompletionStatus
0x1405f5230 InterlockedPopEntrySList
0x1405f5238 GetCurrentProcessorNumberEx
0x1405f5240 ExitProcess
0x1405f5248 Sleep
0x1405f5250 CreateMemoryResourceNotification
0x1405f5258 GetProcessAffinityMask
0x1405f5260 SetThreadIdealProcessorEx
0x1405f5268 GetThreadIdealProcessorEx
0x1405f5270 GetLargePageMinimum
0x1405f5278 VirtualUnlock
0x1405f5280 GetLogicalProcessorInformation
0x1405f5288 SetThreadGroupAffinity
0x1405f5290 SetThreadAffinityMask
0x1405f5298 IsProcessInJob
0x1405f52a0 QueryInformationJobObject
0x1405f52a8 K32GetProcessMemoryInfo
0x1405f52b0 VirtualAlloc
0x1405f52b8 VirtualFree
0x1405f52c0 VirtualProtect
0x1405f52c8 SleepEx
0x1405f52d0 SwitchToThread
0x1405f52d8 InitializeContext
0x1405f52e0 SetXStateFeaturesMask
0x1405f52e8 RtlRestoreContext
0x1405f52f0 CloseThreadpoolTimer
0x1405f52f8 CreateThreadpoolTimer
0x1405f5300 SetThreadpoolTimer
0x1405f5308 ReadFile
0x1405f5310 GetFileSize
0x1405f5318 GetEnvironmentVariableW
0x1405f5320 SetEnvironmentVariableW
0x1405f5328 CreateEventW
0x1405f5330 ResetEvent
0x1405f5338 CreateSemaphoreExW
0x1405f5340 ReleaseSemaphore
0x1405f5348 WaitForSingleObject
0x1405f5350 ReleaseMutex
0x1405f5358 GetThreadContext
0x1405f5360 SuspendThread
0x1405f5368 SetThreadContext
0x1405f5370 GetEnabledXStateFeatures
0x1405f5378 CopyContext
0x1405f5380 WerRegisterRuntimeExceptionModule
0x1405f5388 RtlInstallFunctionTableCallback
0x1405f5390 GetSystemDefaultLCID
0x1405f5398 GetUserDefaultLCID
0x1405f53a0 RtlUnwind
0x1405f53a8 LoadLibraryExW
0x1405f53b0 HeapAlloc
0x1405f53b8 HeapFree
0x1405f53c0 GetProcessHeap
0x1405f53c8 HeapCreate
0x1405f53d0 HeapDestroy
0x1405f53d8 GetEnvironmentStringsW
0x1405f53e0 FreeEnvironmentStringsW
0x1405f53e8 FormatMessageW
0x1405f53f0 GetACP
0x1405f53f8 LCMapStringEx
0x1405f5400 LocalFree
0x1405f5408 VerSetConditionMask
0x1405f5410 VerifyVersionInfoW
0x1405f5418 QueryThreadCycleTime
0x1405f5420 VirtualAllocExNuma
0x1405f5428 GetNumaProcessorNodeEx
0x1405f5430 GetNumaHighestNodeNumber
0x1405f5438 GetLogicalProcessorInformationEx
0x1405f5440 GetThreadGroupAffinity
0x1405f5448 GetSystemTimes
0x1405f5450 GetProcessGroupAffinity
0x1405f5458 CreateFileMappingW
0x1405f5460 GetSystemTimeAsFileTime
0x1405f5468 GetModuleFileNameW
0x1405f5470 CreateProcessW
0x1405f5478 GetCPInfo
0x1405f5480 CreateFileW
0x1405f5488 GetFileAttributesExW
0x1405f5490 GetTempPathW
0x1405f5498 GetCurrentDirectoryW
0x1405f54a0 GetFullPathNameW
0x1405f54a8 LoadLibraryExA
0x1405f54b0 OutputDebugStringA
0x1405f54b8 OpenEventW
0x1405f54c0 ExitThread
0x1405f54c8 HeapReAlloc
0x1405f54d0 CreateNamedPipeA
0x1405f54d8 WaitForMultipleObjects
0x1405f54e0 DisconnectNamedPipe
0x1405f54e8 CreateFileA
0x1405f54f0 CancelIoEx
0x1405f54f8 GetOverlappedResult
0x1405f5500 ConnectNamedPipe
0x1405f5508 FlushFileBuffers
0x1405f5510 SetFilePointer
0x1405f5518 MapViewOfFile
0x1405f5520 GetActiveProcessorGroupCount
0x1405f5528 GetSystemTime
0x1405f5530 SetConsoleCtrlHandler
0x1405f5538 GetLocaleInfoEx
0x1405f5540 GetUserDefaultLocaleName
0x1405f5548 RtlAddFunctionTable
0x1405f5550 LoadLibraryW
0x1405f5558 CreateDirectoryW
0x1405f5560 RemoveDirectoryW
0x1405f5568 GetFileSizeEx
0x1405f5570 FindFirstFileExW
0x1405f5578 FindNextFileW
0x1405f5580 FindClose
0x1405f5588 LoadLibraryA
0x1405f5590 IsWow64Process
0x1405f5598 EncodePointer
0x1405f55a0 GetEnvironmentVariableA
0x1405f55a8 DecodePointer
0x1405f55b0 InitializeCriticalSectionAndSpinCount
0x1405f55b8 CloseHandle
0x1405f55c0 TlsSetValue
0x1405f55c8 TlsGetValue
0x1405f55d0 GetSystemInfo
0x1405f55d8 GetCurrentProcess
0x1405f55e0 OutputDebugStringW
0x1405f55e8 IsDebuggerPresent
0x1405f55f0 LeaveCriticalSection
0x1405f55f8 EnterCriticalSection
0x1405f5600 DeleteCriticalSection
0x1405f5608 InitializeCriticalSection
0x1405f5610 GetCommandLineW
0x1405f5618 GetProcAddress
0x1405f5620 GetModuleHandleExW
0x1405f5628 SetErrorMode
0x1405f5630 FlushProcessWriteBuffers
0x1405f5638 SetLastError
0x1405f5640 GetLastError
0x1405f5648 WideCharToMultiByte
0x1405f5650 CreateMutexW
0x1405f5658 DebugBreak
0x1405f5660 InitializeCriticalSectionEx
0x1405f5668 GetStringTypeW
0x1405f5670 RtlVirtualUnwind
0x1405f5678 IsProcessorFeaturePresent
0x1405f5680 RtlUnwindEx
0x1405f5688 TlsFree
0x1405f5690 RtlPcToFileHeader
0x1405f5698 InitializeConditionVariable
0x1405f56a0 WakeConditionVariable
0x1405f56a8 WakeAllConditionVariable
0x1405f56b0 SleepConditionVariableSRW
0x1405f56b8 InitializeSRWLock
0x1405f56c0 ReleaseSRWLockExclusive
0x1405f56c8 AcquireSRWLockExclusive
0x1405f56d0 TryAcquireSRWLockExclusive
0x1405f56d8 GetExitCodeThread
0x1405f56e0 CreateFileMappingA
ADVAPI32.dll
0x1405f5000 RegGetValueW
0x1405f5008 SetKernelObjectSecurity
0x1405f5010 GetSidSubAuthorityCount
0x1405f5018 GetSidSubAuthority
0x1405f5020 GetTokenInformation
0x1405f5028 DeregisterEventSource
0x1405f5030 ReportEventW
0x1405f5038 RegisterEventSourceW
0x1405f5040 RegQueryValueExW
0x1405f5048 RegOpenKeyExW
0x1405f5050 RegCloseKey
0x1405f5058 EventRegister
0x1405f5060 AdjustTokenPrivileges
0x1405f5068 OpenProcessToken
0x1405f5070 LookupPrivilegeValueW
0x1405f5078 SetThreadToken
0x1405f5080 RevertToSelf
0x1405f5088 OpenThreadToken
0x1405f5090 EventWriteTransfer
0x1405f5098 EventWrite
ole32.dll
0x1405f5e48 CreateStreamOnHGlobal
0x1405f5e50 CoCreateFreeThreadedMarshaler
0x1405f5e58 CoGetClassObject
0x1405f5e60 CoGetContextToken
0x1405f5e68 CoGetObjectContext
0x1405f5e70 CoUnmarshalInterface
0x1405f5e78 StringFromGUID2
0x1405f5e80 CoRevokeInitializeSpy
0x1405f5e88 CoGetMarshalSizeMax
0x1405f5e90 CoWaitForMultipleHandles
0x1405f5e98 CoRegisterInitializeSpy
0x1405f5ea0 CoInitializeEx
0x1405f5ea8 CoCreateGuid
0x1405f5eb0 CoTaskMemAlloc
0x1405f5eb8 CoTaskMemFree
0x1405f5ec0 CoReleaseMarshalData
0x1405f5ec8 IIDFromString
0x1405f5ed0 CLSIDFromProgID
0x1405f5ed8 CoUninitialize
0x1405f5ee0 CoMarshalInterface
OLEAUT32.dll
0x1405f56f0 GetRecordInfoFromTypeInfo
0x1405f56f8 SafeArraySetRecordInfo
0x1405f5700 SafeArrayAllocData
0x1405f5708 SafeArrayGetElemsize
0x1405f5710 SafeArrayAllocDescriptorEx
0x1405f5718 SysAllocStringByteLen
0x1405f5720 SafeArrayCreateVector
0x1405f5728 SafeArrayPutElement
0x1405f5730 LoadRegTypeLib
0x1405f5738 CreateErrorInfo
0x1405f5740 SysStringByteLen
0x1405f5748 SysFreeString
0x1405f5750 GetErrorInfo
0x1405f5758 SetErrorInfo
0x1405f5760 SysStringLen
0x1405f5768 VariantInit
0x1405f5770 VariantClear
0x1405f5778 VariantChangeTypeEx
0x1405f5780 VariantChangeType
0x1405f5788 SafeArrayGetVartype
0x1405f5790 LoadTypeLibEx
0x1405f5798 QueryPathOfRegTypeLib
0x1405f57a0 SafeArrayDestroy
0x1405f57a8 SafeArrayGetLBound
0x1405f57b0 SafeArrayGetDim
0x1405f57b8 SysAllocStringLen
0x1405f57c0 SysAllocString
0x1405f57c8 VarCyFromDec
USER32.dll
0x1405f57e8 LoadStringW
0x1405f57f0 MessageBoxW
SHELL32.dll
0x1405f57d8 ShellExecuteW
api-ms-win-crt-string-l1-1-0.dll
0x1405f5cf0 wcsncmp
0x1405f5cf8 iswupper
0x1405f5d00 towlower
0x1405f5d08 isalpha
0x1405f5d10 isdigit
0x1405f5d18 wcstok_s
0x1405f5d20 strnlen
0x1405f5d28 iswascii
0x1405f5d30 towupper
0x1405f5d38 wcscat_s
0x1405f5d40 wcsncat_s
0x1405f5d48 strncat_s
0x1405f5d50 iswspace
0x1405f5d58 _strnicmp
0x1405f5d60 isupper
0x1405f5d68 wcsnlen
0x1405f5d70 _wcsdup
0x1405f5d78 strncmp
0x1405f5d80 strcmp
0x1405f5d88 islower
0x1405f5d90 _wcsnicmp
0x1405f5d98 strlen
0x1405f5da0 wcscpy_s
0x1405f5da8 wcsncpy_s
0x1405f5db0 _wcsicmp
0x1405f5db8 __strncnt
0x1405f5dc0 strcspn
0x1405f5dc8 toupper
0x1405f5dd0 tolower
0x1405f5dd8 _stricmp
0x1405f5de0 isspace
0x1405f5de8 _strdup
0x1405f5df0 strncpy_s
0x1405f5df8 strcpy_s
0x1405f5e00 strcat_s
0x1405f5e08 strtok_s
api-ms-win-crt-stdio-l1-1-0.dll
0x1405f5bd0 fsetpos
0x1405f5bd8 ungetc
0x1405f5be0 fgetpos
0x1405f5be8 __p__commode
0x1405f5bf0 fgetc
0x1405f5bf8 fread
0x1405f5c00 fputc
0x1405f5c08 _wfsopen
0x1405f5c10 _fseeki64
0x1405f5c18 _set_fmode
0x1405f5c20 _get_stream_buffer_pointers
0x1405f5c28 setvbuf
0x1405f5c30 _setmode
0x1405f5c38 _dup
0x1405f5c40 _fileno
0x1405f5c48 ftell
0x1405f5c50 fseek
0x1405f5c58 __stdio_common_vfprintf
0x1405f5c60 _flushall
0x1405f5c68 fopen
0x1405f5c70 fwrite
0x1405f5c78 __stdio_common_vsprintf_s
0x1405f5c80 fputwc
0x1405f5c88 __acrt_iob_func
0x1405f5c90 fflush
0x1405f5c98 __stdio_common_vsnwprintf_s
0x1405f5ca0 fputs
0x1405f5ca8 __stdio_common_vsnprintf_s
0x1405f5cb0 fputws
0x1405f5cb8 __stdio_common_vfwprintf
0x1405f5cc0 __stdio_common_vsscanf
0x1405f5cc8 fgets
0x1405f5cd0 _wfopen
0x1405f5cd8 __stdio_common_vswprintf
0x1405f5ce0 fclose
api-ms-win-crt-runtime-l1-1-0.dll
0x1405f5b00 _invalid_parameter_noinfo
0x1405f5b08 _controlfp_s
0x1405f5b10 _errno
0x1405f5b18 abort
0x1405f5b20 exit
0x1405f5b28 _initialize_onexit_table
0x1405f5b30 _register_onexit_function
0x1405f5b38 _crt_atexit
0x1405f5b40 _cexit
0x1405f5b48 _seh_filter_exe
0x1405f5b50 _set_app_type
0x1405f5b58 _invalid_parameter_noinfo_noreturn
0x1405f5b60 _configure_wide_argv
0x1405f5b68 _initialize_wide_environment
0x1405f5b70 _get_initial_wide_environment
0x1405f5b78 _initterm
0x1405f5b80 _initterm_e
0x1405f5b88 _exit
0x1405f5b90 _beginthreadex
0x1405f5b98 __p___argc
0x1405f5ba0 __p___wargv
0x1405f5ba8 _c_exit
0x1405f5bb0 _register_thread_local_exe_atexit_callback
0x1405f5bb8 terminate
0x1405f5bc0 _wcserror_s
api-ms-win-crt-convert-l1-1-0.dll
0x1405f5800 strtoull
0x1405f5808 _wtoi
0x1405f5810 _itow_s
0x1405f5818 _atoi64
0x1405f5820 atol
0x1405f5828 strtoul
0x1405f5830 wcstoul
0x1405f5838 _wcstoui64
0x1405f5840 _ltow_s
api-ms-win-crt-heap-l1-1-0.dll
0x1405f5888 calloc
0x1405f5890 malloc
0x1405f5898 _set_new_mode
0x1405f58a0 free
0x1405f58a8 realloc
api-ms-win-crt-utility-l1-1-0.dll
0x1405f5e38 qsort
api-ms-win-crt-math-l1-1-0.dll
0x1405f5908 log10
0x1405f5910 log
0x1405f5918 fmodf
0x1405f5920 fmod
0x1405f5928 fmaf
0x1405f5930 fma
0x1405f5938 floorf
0x1405f5940 log10f
0x1405f5948 floor
0x1405f5950 log2
0x1405f5958 log2f
0x1405f5960 atanh
0x1405f5968 acosh
0x1405f5970 cbrt
0x1405f5978 asinh
0x1405f5980 asinhf
0x1405f5988 atanhf
0x1405f5990 cbrtf
0x1405f5998 acoshf
0x1405f59a0 expf
0x1405f59a8 logf
0x1405f59b0 exp
0x1405f59b8 coshf
0x1405f59c0 sin
0x1405f59c8 powf
0x1405f59d0 sinf
0x1405f59d8 sinh
0x1405f59e0 acos
0x1405f59e8 acosf
0x1405f59f0 _fdopen
0x1405f59f8 sinhf
0x1405f5a00 cosh
0x1405f5a08 _copysignf
0x1405f5a10 _isnanf
0x1405f5a18 trunc
0x1405f5a20 truncf
0x1405f5a28 ilogb
0x1405f5a30 ilogbf
0x1405f5a38 asin
0x1405f5a40 _copysign
0x1405f5a48 cosf
0x1405f5a50 _isnan
0x1405f5a58 frexp
0x1405f5a60 _finite
0x1405f5a68 modf
0x1405f5a70 modff
0x1405f5a78 asinf
0x1405f5a80 tanhf
0x1405f5a88 atan
0x1405f5a90 sqrt
0x1405f5a98 sqrtf
0x1405f5aa0 tan
0x1405f5aa8 tanf
0x1405f5ab0 atan2
0x1405f5ab8 atan2f
0x1405f5ac0 tanh
0x1405f5ac8 pow
0x1405f5ad0 __setusermatherr
0x1405f5ad8 atanf
0x1405f5ae0 ceil
0x1405f5ae8 ceilf
0x1405f5af0 cos
api-ms-win-crt-time-l1-1-0.dll
0x1405f5e18 wcsftime
0x1405f5e20 _gmtime64_s
0x1405f5e28 _time64
api-ms-win-crt-environment-l1-1-0.dll
0x1405f5850 getenv
api-ms-win-crt-locale-l1-1-0.dll
0x1405f58b8 __pctype_func
0x1405f58c0 localeconv
0x1405f58c8 ___lc_locale_name_func
0x1405f58d0 setlocale
0x1405f58d8 ___mb_cur_max_func
0x1405f58e0 _unlock_locales
0x1405f58e8 _configthreadlocale
0x1405f58f0 ___lc_codepage_func
0x1405f58f8 _lock_locales
api-ms-win-crt-filesystem-l1-1-0.dll
0x1405f5860 _wremove
0x1405f5868 _wrename
0x1405f5870 _lock_file
0x1405f5878 _unlock_file
EAT(Export Address Table) Library
0x140785a90 CLRJitAttachState
0x140774470 DotNetRuntimeInfo
0x140541290 MetaDataGetDispenser
0x140773c90 g_CLREngineMetrics
0x14061dcb0 g_dacTable
KERNEL32.dll
0x1405f50a8 RaiseException
0x1405f50b0 FreeLibrary
0x1405f50b8 RaiseFailFastException
0x1405f50c0 GetExitCodeProcess
0x1405f50c8 TerminateProcess
0x1405f50d0 UnhandledExceptionFilter
0x1405f50d8 SetUnhandledExceptionFilter
0x1405f50e0 AddVectoredExceptionHandler
0x1405f50e8 MultiByteToWideChar
0x1405f50f0 GetTickCount
0x1405f50f8 GetCurrentProcessId
0x1405f5100 FlushInstructionCache
0x1405f5108 QueryPerformanceFrequency
0x1405f5110 QueryPerformanceCounter
0x1405f5118 RtlLookupFunctionEntry
0x1405f5120 LocateXStateFeature
0x1405f5128 RtlDeleteFunctionTable
0x1405f5130 InterlockedPushEntrySList
0x1405f5138 InterlockedFlushSList
0x1405f5140 InitializeSListHead
0x1405f5148 GetTickCount64
0x1405f5150 DuplicateHandle
0x1405f5158 QueueUserAPC
0x1405f5160 WaitForSingleObjectEx
0x1405f5168 SetThreadPriority
0x1405f5170 GetThreadPriority
0x1405f5178 ResumeThread
0x1405f5180 GetCurrentThreadId
0x1405f5188 TlsAlloc
0x1405f5190 GetCurrentThread
0x1405f5198 CreateThread
0x1405f51a0 GetModuleHandleW
0x1405f51a8 WaitForMultipleObjectsEx
0x1405f51b0 SignalObjectAndWait
0x1405f51b8 RtlCaptureContext
0x1405f51c0 SetThreadStackGuarantee
0x1405f51c8 VirtualQuery
0x1405f51d0 WriteFile
0x1405f51d8 GetStdHandle
0x1405f51e0 GetConsoleOutputCP
0x1405f51e8 MapViewOfFileEx
0x1405f51f0 UnmapViewOfFile
0x1405f51f8 GetStringTypeExW
0x1405f5200 SetEvent
0x1405f5208 GetCurrentProcessorNumber
0x1405f5210 GlobalMemoryStatusEx
0x1405f5218 CreateIoCompletionPort
0x1405f5220 PostQueuedCompletionStatus
0x1405f5228 GetQueuedCompletionStatus
0x1405f5230 InterlockedPopEntrySList
0x1405f5238 GetCurrentProcessorNumberEx
0x1405f5240 ExitProcess
0x1405f5248 Sleep
0x1405f5250 CreateMemoryResourceNotification
0x1405f5258 GetProcessAffinityMask
0x1405f5260 SetThreadIdealProcessorEx
0x1405f5268 GetThreadIdealProcessorEx
0x1405f5270 GetLargePageMinimum
0x1405f5278 VirtualUnlock
0x1405f5280 GetLogicalProcessorInformation
0x1405f5288 SetThreadGroupAffinity
0x1405f5290 SetThreadAffinityMask
0x1405f5298 IsProcessInJob
0x1405f52a0 QueryInformationJobObject
0x1405f52a8 K32GetProcessMemoryInfo
0x1405f52b0 VirtualAlloc
0x1405f52b8 VirtualFree
0x1405f52c0 VirtualProtect
0x1405f52c8 SleepEx
0x1405f52d0 SwitchToThread
0x1405f52d8 InitializeContext
0x1405f52e0 SetXStateFeaturesMask
0x1405f52e8 RtlRestoreContext
0x1405f52f0 CloseThreadpoolTimer
0x1405f52f8 CreateThreadpoolTimer
0x1405f5300 SetThreadpoolTimer
0x1405f5308 ReadFile
0x1405f5310 GetFileSize
0x1405f5318 GetEnvironmentVariableW
0x1405f5320 SetEnvironmentVariableW
0x1405f5328 CreateEventW
0x1405f5330 ResetEvent
0x1405f5338 CreateSemaphoreExW
0x1405f5340 ReleaseSemaphore
0x1405f5348 WaitForSingleObject
0x1405f5350 ReleaseMutex
0x1405f5358 GetThreadContext
0x1405f5360 SuspendThread
0x1405f5368 SetThreadContext
0x1405f5370 GetEnabledXStateFeatures
0x1405f5378 CopyContext
0x1405f5380 WerRegisterRuntimeExceptionModule
0x1405f5388 RtlInstallFunctionTableCallback
0x1405f5390 GetSystemDefaultLCID
0x1405f5398 GetUserDefaultLCID
0x1405f53a0 RtlUnwind
0x1405f53a8 LoadLibraryExW
0x1405f53b0 HeapAlloc
0x1405f53b8 HeapFree
0x1405f53c0 GetProcessHeap
0x1405f53c8 HeapCreate
0x1405f53d0 HeapDestroy
0x1405f53d8 GetEnvironmentStringsW
0x1405f53e0 FreeEnvironmentStringsW
0x1405f53e8 FormatMessageW
0x1405f53f0 GetACP
0x1405f53f8 LCMapStringEx
0x1405f5400 LocalFree
0x1405f5408 VerSetConditionMask
0x1405f5410 VerifyVersionInfoW
0x1405f5418 QueryThreadCycleTime
0x1405f5420 VirtualAllocExNuma
0x1405f5428 GetNumaProcessorNodeEx
0x1405f5430 GetNumaHighestNodeNumber
0x1405f5438 GetLogicalProcessorInformationEx
0x1405f5440 GetThreadGroupAffinity
0x1405f5448 GetSystemTimes
0x1405f5450 GetProcessGroupAffinity
0x1405f5458 CreateFileMappingW
0x1405f5460 GetSystemTimeAsFileTime
0x1405f5468 GetModuleFileNameW
0x1405f5470 CreateProcessW
0x1405f5478 GetCPInfo
0x1405f5480 CreateFileW
0x1405f5488 GetFileAttributesExW
0x1405f5490 GetTempPathW
0x1405f5498 GetCurrentDirectoryW
0x1405f54a0 GetFullPathNameW
0x1405f54a8 LoadLibraryExA
0x1405f54b0 OutputDebugStringA
0x1405f54b8 OpenEventW
0x1405f54c0 ExitThread
0x1405f54c8 HeapReAlloc
0x1405f54d0 CreateNamedPipeA
0x1405f54d8 WaitForMultipleObjects
0x1405f54e0 DisconnectNamedPipe
0x1405f54e8 CreateFileA
0x1405f54f0 CancelIoEx
0x1405f54f8 GetOverlappedResult
0x1405f5500 ConnectNamedPipe
0x1405f5508 FlushFileBuffers
0x1405f5510 SetFilePointer
0x1405f5518 MapViewOfFile
0x1405f5520 GetActiveProcessorGroupCount
0x1405f5528 GetSystemTime
0x1405f5530 SetConsoleCtrlHandler
0x1405f5538 GetLocaleInfoEx
0x1405f5540 GetUserDefaultLocaleName
0x1405f5548 RtlAddFunctionTable
0x1405f5550 LoadLibraryW
0x1405f5558 CreateDirectoryW
0x1405f5560 RemoveDirectoryW
0x1405f5568 GetFileSizeEx
0x1405f5570 FindFirstFileExW
0x1405f5578 FindNextFileW
0x1405f5580 FindClose
0x1405f5588 LoadLibraryA
0x1405f5590 IsWow64Process
0x1405f5598 EncodePointer
0x1405f55a0 GetEnvironmentVariableA
0x1405f55a8 DecodePointer
0x1405f55b0 InitializeCriticalSectionAndSpinCount
0x1405f55b8 CloseHandle
0x1405f55c0 TlsSetValue
0x1405f55c8 TlsGetValue
0x1405f55d0 GetSystemInfo
0x1405f55d8 GetCurrentProcess
0x1405f55e0 OutputDebugStringW
0x1405f55e8 IsDebuggerPresent
0x1405f55f0 LeaveCriticalSection
0x1405f55f8 EnterCriticalSection
0x1405f5600 DeleteCriticalSection
0x1405f5608 InitializeCriticalSection
0x1405f5610 GetCommandLineW
0x1405f5618 GetProcAddress
0x1405f5620 GetModuleHandleExW
0x1405f5628 SetErrorMode
0x1405f5630 FlushProcessWriteBuffers
0x1405f5638 SetLastError
0x1405f5640 GetLastError
0x1405f5648 WideCharToMultiByte
0x1405f5650 CreateMutexW
0x1405f5658 DebugBreak
0x1405f5660 InitializeCriticalSectionEx
0x1405f5668 GetStringTypeW
0x1405f5670 RtlVirtualUnwind
0x1405f5678 IsProcessorFeaturePresent
0x1405f5680 RtlUnwindEx
0x1405f5688 TlsFree
0x1405f5690 RtlPcToFileHeader
0x1405f5698 InitializeConditionVariable
0x1405f56a0 WakeConditionVariable
0x1405f56a8 WakeAllConditionVariable
0x1405f56b0 SleepConditionVariableSRW
0x1405f56b8 InitializeSRWLock
0x1405f56c0 ReleaseSRWLockExclusive
0x1405f56c8 AcquireSRWLockExclusive
0x1405f56d0 TryAcquireSRWLockExclusive
0x1405f56d8 GetExitCodeThread
0x1405f56e0 CreateFileMappingA
ADVAPI32.dll
0x1405f5000 RegGetValueW
0x1405f5008 SetKernelObjectSecurity
0x1405f5010 GetSidSubAuthorityCount
0x1405f5018 GetSidSubAuthority
0x1405f5020 GetTokenInformation
0x1405f5028 DeregisterEventSource
0x1405f5030 ReportEventW
0x1405f5038 RegisterEventSourceW
0x1405f5040 RegQueryValueExW
0x1405f5048 RegOpenKeyExW
0x1405f5050 RegCloseKey
0x1405f5058 EventRegister
0x1405f5060 AdjustTokenPrivileges
0x1405f5068 OpenProcessToken
0x1405f5070 LookupPrivilegeValueW
0x1405f5078 SetThreadToken
0x1405f5080 RevertToSelf
0x1405f5088 OpenThreadToken
0x1405f5090 EventWriteTransfer
0x1405f5098 EventWrite
ole32.dll
0x1405f5e48 CreateStreamOnHGlobal
0x1405f5e50 CoCreateFreeThreadedMarshaler
0x1405f5e58 CoGetClassObject
0x1405f5e60 CoGetContextToken
0x1405f5e68 CoGetObjectContext
0x1405f5e70 CoUnmarshalInterface
0x1405f5e78 StringFromGUID2
0x1405f5e80 CoRevokeInitializeSpy
0x1405f5e88 CoGetMarshalSizeMax
0x1405f5e90 CoWaitForMultipleHandles
0x1405f5e98 CoRegisterInitializeSpy
0x1405f5ea0 CoInitializeEx
0x1405f5ea8 CoCreateGuid
0x1405f5eb0 CoTaskMemAlloc
0x1405f5eb8 CoTaskMemFree
0x1405f5ec0 CoReleaseMarshalData
0x1405f5ec8 IIDFromString
0x1405f5ed0 CLSIDFromProgID
0x1405f5ed8 CoUninitialize
0x1405f5ee0 CoMarshalInterface
OLEAUT32.dll
0x1405f56f0 GetRecordInfoFromTypeInfo
0x1405f56f8 SafeArraySetRecordInfo
0x1405f5700 SafeArrayAllocData
0x1405f5708 SafeArrayGetElemsize
0x1405f5710 SafeArrayAllocDescriptorEx
0x1405f5718 SysAllocStringByteLen
0x1405f5720 SafeArrayCreateVector
0x1405f5728 SafeArrayPutElement
0x1405f5730 LoadRegTypeLib
0x1405f5738 CreateErrorInfo
0x1405f5740 SysStringByteLen
0x1405f5748 SysFreeString
0x1405f5750 GetErrorInfo
0x1405f5758 SetErrorInfo
0x1405f5760 SysStringLen
0x1405f5768 VariantInit
0x1405f5770 VariantClear
0x1405f5778 VariantChangeTypeEx
0x1405f5780 VariantChangeType
0x1405f5788 SafeArrayGetVartype
0x1405f5790 LoadTypeLibEx
0x1405f5798 QueryPathOfRegTypeLib
0x1405f57a0 SafeArrayDestroy
0x1405f57a8 SafeArrayGetLBound
0x1405f57b0 SafeArrayGetDim
0x1405f57b8 SysAllocStringLen
0x1405f57c0 SysAllocString
0x1405f57c8 VarCyFromDec
USER32.dll
0x1405f57e8 LoadStringW
0x1405f57f0 MessageBoxW
SHELL32.dll
0x1405f57d8 ShellExecuteW
api-ms-win-crt-string-l1-1-0.dll
0x1405f5cf0 wcsncmp
0x1405f5cf8 iswupper
0x1405f5d00 towlower
0x1405f5d08 isalpha
0x1405f5d10 isdigit
0x1405f5d18 wcstok_s
0x1405f5d20 strnlen
0x1405f5d28 iswascii
0x1405f5d30 towupper
0x1405f5d38 wcscat_s
0x1405f5d40 wcsncat_s
0x1405f5d48 strncat_s
0x1405f5d50 iswspace
0x1405f5d58 _strnicmp
0x1405f5d60 isupper
0x1405f5d68 wcsnlen
0x1405f5d70 _wcsdup
0x1405f5d78 strncmp
0x1405f5d80 strcmp
0x1405f5d88 islower
0x1405f5d90 _wcsnicmp
0x1405f5d98 strlen
0x1405f5da0 wcscpy_s
0x1405f5da8 wcsncpy_s
0x1405f5db0 _wcsicmp
0x1405f5db8 __strncnt
0x1405f5dc0 strcspn
0x1405f5dc8 toupper
0x1405f5dd0 tolower
0x1405f5dd8 _stricmp
0x1405f5de0 isspace
0x1405f5de8 _strdup
0x1405f5df0 strncpy_s
0x1405f5df8 strcpy_s
0x1405f5e00 strcat_s
0x1405f5e08 strtok_s
api-ms-win-crt-stdio-l1-1-0.dll
0x1405f5bd0 fsetpos
0x1405f5bd8 ungetc
0x1405f5be0 fgetpos
0x1405f5be8 __p__commode
0x1405f5bf0 fgetc
0x1405f5bf8 fread
0x1405f5c00 fputc
0x1405f5c08 _wfsopen
0x1405f5c10 _fseeki64
0x1405f5c18 _set_fmode
0x1405f5c20 _get_stream_buffer_pointers
0x1405f5c28 setvbuf
0x1405f5c30 _setmode
0x1405f5c38 _dup
0x1405f5c40 _fileno
0x1405f5c48 ftell
0x1405f5c50 fseek
0x1405f5c58 __stdio_common_vfprintf
0x1405f5c60 _flushall
0x1405f5c68 fopen
0x1405f5c70 fwrite
0x1405f5c78 __stdio_common_vsprintf_s
0x1405f5c80 fputwc
0x1405f5c88 __acrt_iob_func
0x1405f5c90 fflush
0x1405f5c98 __stdio_common_vsnwprintf_s
0x1405f5ca0 fputs
0x1405f5ca8 __stdio_common_vsnprintf_s
0x1405f5cb0 fputws
0x1405f5cb8 __stdio_common_vfwprintf
0x1405f5cc0 __stdio_common_vsscanf
0x1405f5cc8 fgets
0x1405f5cd0 _wfopen
0x1405f5cd8 __stdio_common_vswprintf
0x1405f5ce0 fclose
api-ms-win-crt-runtime-l1-1-0.dll
0x1405f5b00 _invalid_parameter_noinfo
0x1405f5b08 _controlfp_s
0x1405f5b10 _errno
0x1405f5b18 abort
0x1405f5b20 exit
0x1405f5b28 _initialize_onexit_table
0x1405f5b30 _register_onexit_function
0x1405f5b38 _crt_atexit
0x1405f5b40 _cexit
0x1405f5b48 _seh_filter_exe
0x1405f5b50 _set_app_type
0x1405f5b58 _invalid_parameter_noinfo_noreturn
0x1405f5b60 _configure_wide_argv
0x1405f5b68 _initialize_wide_environment
0x1405f5b70 _get_initial_wide_environment
0x1405f5b78 _initterm
0x1405f5b80 _initterm_e
0x1405f5b88 _exit
0x1405f5b90 _beginthreadex
0x1405f5b98 __p___argc
0x1405f5ba0 __p___wargv
0x1405f5ba8 _c_exit
0x1405f5bb0 _register_thread_local_exe_atexit_callback
0x1405f5bb8 terminate
0x1405f5bc0 _wcserror_s
api-ms-win-crt-convert-l1-1-0.dll
0x1405f5800 strtoull
0x1405f5808 _wtoi
0x1405f5810 _itow_s
0x1405f5818 _atoi64
0x1405f5820 atol
0x1405f5828 strtoul
0x1405f5830 wcstoul
0x1405f5838 _wcstoui64
0x1405f5840 _ltow_s
api-ms-win-crt-heap-l1-1-0.dll
0x1405f5888 calloc
0x1405f5890 malloc
0x1405f5898 _set_new_mode
0x1405f58a0 free
0x1405f58a8 realloc
api-ms-win-crt-utility-l1-1-0.dll
0x1405f5e38 qsort
api-ms-win-crt-math-l1-1-0.dll
0x1405f5908 log10
0x1405f5910 log
0x1405f5918 fmodf
0x1405f5920 fmod
0x1405f5928 fmaf
0x1405f5930 fma
0x1405f5938 floorf
0x1405f5940 log10f
0x1405f5948 floor
0x1405f5950 log2
0x1405f5958 log2f
0x1405f5960 atanh
0x1405f5968 acosh
0x1405f5970 cbrt
0x1405f5978 asinh
0x1405f5980 asinhf
0x1405f5988 atanhf
0x1405f5990 cbrtf
0x1405f5998 acoshf
0x1405f59a0 expf
0x1405f59a8 logf
0x1405f59b0 exp
0x1405f59b8 coshf
0x1405f59c0 sin
0x1405f59c8 powf
0x1405f59d0 sinf
0x1405f59d8 sinh
0x1405f59e0 acos
0x1405f59e8 acosf
0x1405f59f0 _fdopen
0x1405f59f8 sinhf
0x1405f5a00 cosh
0x1405f5a08 _copysignf
0x1405f5a10 _isnanf
0x1405f5a18 trunc
0x1405f5a20 truncf
0x1405f5a28 ilogb
0x1405f5a30 ilogbf
0x1405f5a38 asin
0x1405f5a40 _copysign
0x1405f5a48 cosf
0x1405f5a50 _isnan
0x1405f5a58 frexp
0x1405f5a60 _finite
0x1405f5a68 modf
0x1405f5a70 modff
0x1405f5a78 asinf
0x1405f5a80 tanhf
0x1405f5a88 atan
0x1405f5a90 sqrt
0x1405f5a98 sqrtf
0x1405f5aa0 tan
0x1405f5aa8 tanf
0x1405f5ab0 atan2
0x1405f5ab8 atan2f
0x1405f5ac0 tanh
0x1405f5ac8 pow
0x1405f5ad0 __setusermatherr
0x1405f5ad8 atanf
0x1405f5ae0 ceil
0x1405f5ae8 ceilf
0x1405f5af0 cos
api-ms-win-crt-time-l1-1-0.dll
0x1405f5e18 wcsftime
0x1405f5e20 _gmtime64_s
0x1405f5e28 _time64
api-ms-win-crt-environment-l1-1-0.dll
0x1405f5850 getenv
api-ms-win-crt-locale-l1-1-0.dll
0x1405f58b8 __pctype_func
0x1405f58c0 localeconv
0x1405f58c8 ___lc_locale_name_func
0x1405f58d0 setlocale
0x1405f58d8 ___mb_cur_max_func
0x1405f58e0 _unlock_locales
0x1405f58e8 _configthreadlocale
0x1405f58f0 ___lc_codepage_func
0x1405f58f8 _lock_locales
api-ms-win-crt-filesystem-l1-1-0.dll
0x1405f5860 _wremove
0x1405f5868 _wrename
0x1405f5870 _lock_file
0x1405f5878 _unlock_file
EAT(Export Address Table) Library
0x140785a90 CLRJitAttachState
0x140774470 DotNetRuntimeInfo
0x140541290 MetaDataGetDispenser
0x140773c90 g_CLREngineMetrics
0x14061dcb0 g_dacTable