ScreenShot
| Created | 2024.08.19 15:15 | Machine | s1_win7_x6401 |
| Filename | PowerRun.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 10 detected (Unsafe, PowerRun, B potentially unsafe, CLOUD, Privilegeesc, Igent, b2GsbZ, susgen) | ||
| md5 | 0a4a7f49dd88b8802db5aac1ac5f9483 | ||
| sha256 | da77bc401ef0d7b8e23be3a9387660172aea176cd9d1248034130811d29942c9 | ||
| ssdeep | 24576:gj2DW/xbWX2YIb3Qsu3/PNL3Q7HyRDTpAA+c:gj2EaXSQsW/PNjQLY9ARc | ||
| imphash | 58f9531839fd9806cc1341c1500fe433 | ||
| impfuzzy | 192:utI6w42OyaF3OckWNfrY1Ni8UKdSZ0wENOQn:sI6wHO5FNkm+oowENOQn | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 10 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Checks whether any human activity is being performed by constantly checking whether the foreground window changed |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WSOCK32.dll
0x140097f48 __WSAFDIsSet
0x140097f50 setsockopt
0x140097f58 ntohs
0x140097f60 recvfrom
0x140097f68 sendto
0x140097f70 htons
0x140097f78 select
0x140097f80 listen
0x140097f88 WSAStartup
0x140097f90 ind
0x140097f98 closesocket
0x140097fa0 connect
0x140097fa8 socket
0x140097fb0 send
0x140097fb8 WSACleanup
0x140097fc0 ioctlsocket
0x140097fc8 accept
0x140097fd0 WSAGetLastError
0x140097fd8 inet_addr
0x140097fe0 gethostbyname
0x140097fe8 gethostname
0x140097ff0 recv
VERSION.dll
0x140097e90 VerQueryValueW
0x140097e98 GetFileVersionInfoW
0x140097ea0 GetFileVersionInfoSizeW
WINMM.dll
0x140097f28 timeGetTime
0x140097f30 waveOutSetVolume
0x140097f38 mciSendStringW
COMCTL32.dll
0x140097118 ImageList_Remove
0x140097120 ImageList_SetDragCursorImage
0x140097128 ImageList_BeginDrag
0x140097130 ImageList_DragEnter
0x140097138 ImageList_DragLeave
0x140097140 ImageList_EndDrag
0x140097148 ImageList_DragMove
0x140097150 ImageList_ReplaceIcon
0x140097158 ImageList_Create
0x140097160 InitCommonControlsEx
0x140097168 ImageList_Destroy
MPR.dll
0x140097800 WNetCancelConnection2W
0x140097808 WNetGetConnectionW
0x140097810 WNetAddConnection2W
0x140097818 WNetUseConnectionW
WININET.dll
0x140097eb0 InternetReadFile
0x140097eb8 InternetCloseHandle
0x140097ec0 InternetOpenW
0x140097ec8 InternetSetOptionW
0x140097ed0 InternetCrackUrlW
0x140097ed8 HttpQueryInfoW
0x140097ee0 InternetConnectW
0x140097ee8 HttpOpenRequestW
0x140097ef0 HttpSendRequestW
0x140097ef8 FtpOpenFileW
0x140097f00 FtpGetFileSize
0x140097f08 InternetOpenUrlW
0x140097f10 InternetQueryOptionW
0x140097f18 InternetQueryDataAvailable
PSAPI.DLL
0x1400978b0 EnumProcesses
0x1400978b8 GetModuleBaseNameW
0x1400978c0 GetProcessMemoryInfo
0x1400978c8 EnumProcessModules
USERENV.dll
0x140097e68 CreateEnvironmentBlock
0x140097e70 DestroyEnvironmentBlock
0x140097e78 UnloadUserProfile
0x140097e80 LoadUserProfileW
KERNEL32.dll
0x1400972b0 HeapAlloc
0x1400972b8 Sleep
0x1400972c0 GetCurrentThreadId
0x1400972c8 RaiseException
0x1400972d0 MulDiv
0x1400972d8 GetVersionExW
0x1400972e0 GetSystemInfo
0x1400972e8 MultiByteToWideChar
0x1400972f0 WideCharToMultiByte
0x1400972f8 GetModuleHandleW
0x140097300 QueryPerformanceCounter
0x140097308 VirtualFreeEx
0x140097310 OpenProcess
0x140097318 VirtualAllocEx
0x140097320 WriteProcessMemory
0x140097328 ReadProcessMemory
0x140097330 CreateFileW
0x140097338 SetFilePointerEx
0x140097340 ReadFile
0x140097348 WriteFile
0x140097350 FlushFileBuffers
0x140097358 TerminateProcess
0x140097360 CreateToolhelp32Snapshot
0x140097368 Process32FirstW
0x140097370 Process32NextW
0x140097378 SetFileTime
0x140097380 GetFileAttributesW
0x140097388 FindFirstFileW
0x140097390 FindClose
0x140097398 DeleteFileW
0x1400973a0 FindNextFileW
0x1400973a8 lstrcmpiW
0x1400973b0 MoveFileW
0x1400973b8 CopyFileW
0x1400973c0 CreateDirectoryW
0x1400973c8 RemoveDirectoryW
0x1400973d0 SetSystemPowerState
0x1400973d8 QueryPerformanceFrequency
0x1400973e0 FindResourceW
0x1400973e8 LoadResource
0x1400973f0 LockResource
0x1400973f8 SizeofResource
0x140097400 EnumResourceNamesW
0x140097408 OutputDebugStringW
0x140097410 GetProcessHeap
0x140097418 CompareStringW
0x140097420 CompareStringA
0x140097428 DeleteCriticalSection
0x140097430 EnterCriticalSection
0x140097438 LeaveCriticalSection
0x140097440 InitializeCriticalSectionAndSpinCount
0x140097448 GetStdHandle
0x140097450 CreatePipe
0x140097458 TerminateThread
0x140097460 GetTempPathW
0x140097468 GetTempFileNameW
0x140097470 VirtualFree
0x140097478 FormatMessageW
0x140097480 GetExitCodeProcess
0x140097488 SetErrorMode
0x140097490 GetPrivateProfileStringW
0x140097498 WritePrivateProfileStringW
0x1400974a0 GetPrivateProfileSectionW
0x1400974a8 WritePrivateProfileSectionW
0x1400974b0 GetPrivateProfileSectionNamesW
0x1400974b8 FileTimeToLocalFileTime
0x1400974c0 FileTimeToSystemTime
0x1400974c8 SystemTimeToFileTime
0x1400974d0 LocalFileTimeToFileTime
0x1400974d8 GetDriveTypeW
0x1400974e0 GetDiskFreeSpaceExW
0x1400974e8 GetDiskFreeSpaceW
0x1400974f0 GetVolumeInformationW
0x1400974f8 SetVolumeLabelW
0x140097500 CreateHardLinkW
0x140097508 DeviceIoControl
0x140097510 SetFileAttributesW
0x140097518 GetShortPathNameW
0x140097520 CreateEventW
0x140097528 SetEvent
0x140097530 GetEnvironmentVariableW
0x140097538 SetEnvironmentVariableW
0x140097540 GlobalLock
0x140097548 GlobalUnlock
0x140097550 GlobalAlloc
0x140097558 GetFileSize
0x140097560 GlobalFree
0x140097568 GlobalMemoryStatusEx
0x140097570 Beep
0x140097578 GetComputerNameW
0x140097580 GetWindowsDirectoryW
0x140097588 GetSystemDirectoryW
0x140097590 GetCurrentProcessId
0x140097598 GetCurrentThread
0x1400975a0 GetProcessIoCounters
0x1400975a8 CreateProcessW
0x1400975b0 SetPriorityClass
0x1400975b8 LoadLibraryW
0x1400975c0 VirtualAlloc
0x1400975c8 LoadLibraryExW
0x1400975d0 HeapFree
0x1400975d8 WaitForSingleObject
0x1400975e0 CreateThread
0x1400975e8 DuplicateHandle
0x1400975f0 GetLastError
0x1400975f8 CloseHandle
0x140097600 GetCurrentProcess
0x140097608 GetProcAddress
0x140097610 LoadLibraryA
0x140097618 FreeLibrary
0x140097620 GetModuleFileNameW
0x140097628 GetFullPathNameW
0x140097630 ExitProcess
0x140097638 ExitThread
0x140097640 GetSystemTimeAsFileTime
0x140097648 ResumeThread
0x140097650 GetStartupInfoW
0x140097658 EncodePointer
0x140097660 DecodePointer
0x140097668 FlsGetValue
0x140097670 FlsSetValue
0x140097678 SetCurrentDirectoryW
0x140097680 IsDebuggerPresent
0x140097688 GetCurrentDirectoryW
0x140097690 FlsFree
0x140097698 SetLastError
0x1400976a0 FlsAlloc
0x1400976a8 HeapSize
0x1400976b0 RtlUnwindEx
0x1400976b8 GetCPInfo
0x1400976c0 GetACP
0x1400976c8 GetOEMCP
0x1400976d0 IsValidCodePage
0x1400976d8 UnhandledExceptionFilter
0x1400976e0 SetUnhandledExceptionFilter
0x1400976e8 RtlVirtualUnwind
0x1400976f0 RtlLookupFunctionEntry
0x1400976f8 RtlCaptureContext
0x140097700 RtlPcToFileHeader
0x140097708 GetModuleFileNameA
0x140097710 HeapSetInformation
0x140097718 HeapCreate
0x140097720 SetHandleCount
0x140097728 GetFileType
0x140097730 GetStartupInfoA
0x140097738 SetStdHandle
0x140097740 GetConsoleCP
0x140097748 GetConsoleMode
0x140097750 LCMapStringW
0x140097758 LCMapStringA
0x140097760 SetFilePointer
0x140097768 GetTimeZoneInformation
0x140097770 GetDateFormatA
0x140097778 GetTimeFormatA
0x140097780 FreeEnvironmentStringsW
0x140097788 GetEnvironmentStringsW
0x140097790 GetCommandLineW
0x140097798 GetTickCount
0x1400977a0 HeapReAlloc
0x1400977a8 GetStringTypeA
0x1400977b0 GetStringTypeW
0x1400977b8 GetLocaleInfoA
0x1400977c0 WriteConsoleA
0x1400977c8 GetConsoleOutputCP
0x1400977d0 WriteConsoleW
0x1400977d8 CreateFileA
0x1400977e0 SetEndOfFile
0x1400977e8 GetLocalTime
0x1400977f0 SetEnvironmentVariableA
USER32.dll
0x140097950 IsCharLowerW
0x140097958 IsCharUpperW
0x140097960 GetMenuStringW
0x140097968 GetSubMenu
0x140097970 GetCaretPos
0x140097978 IsZoomed
0x140097980 GetWindowLongW
0x140097988 MonitorFromPoint
0x140097990 GetMonitorInfoW
0x140097998 SetWindowLongW
0x1400979a0 SetLayeredWindowAttributes
0x1400979a8 FlashWindow
0x1400979b0 GetClassLongPtrW
0x1400979b8 TranslateAcceleratorW
0x1400979c0 IsDialogMessageW
0x1400979c8 GetSysColor
0x1400979d0 InflateRect
0x1400979d8 DrawFocusRect
0x1400979e0 DrawTextW
0x1400979e8 FrameRect
0x1400979f0 DrawFrameControl
0x1400979f8 FillRect
0x140097a00 PtInRect
0x140097a08 DestroyAcceleratorTable
0x140097a10 CreateAcceleratorTableW
0x140097a18 SetCursor
0x140097a20 GetWindowDC
0x140097a28 GetSystemMetrics
0x140097a30 SetWindowLongPtrW
0x140097a38 GetActiveWindow
0x140097a40 CharNextW
0x140097a48 wsprintfW
0x140097a50 RedrawWindow
0x140097a58 DrawMenuBar
0x140097a60 DestroyMenu
0x140097a68 SetMenu
0x140097a70 GetWindowTextLengthW
0x140097a78 CreateMenu
0x140097a80 IsDlgButtonChecked
0x140097a88 DefDlgProcW
0x140097a90 ReleaseCapture
0x140097a98 SetCapture
0x140097aa0 WindowFromPoint
0x140097aa8 DispatchMessageW
0x140097ab0 TranslateMessage
0x140097ab8 PeekMessageW
0x140097ac0 UnregisterHotKey
0x140097ac8 CharLowerBuffW
0x140097ad0 MonitorFromRect
0x140097ad8 LoadImageW
0x140097ae0 CreateIconFromResourceEx
0x140097ae8 mouse_event
0x140097af0 ExitWindowsEx
0x140097af8 SetActiveWindow
0x140097b00 FindWindowExW
0x140097b08 EnumThreadWindows
0x140097b10 SetMenuDefaultItem
0x140097b18 InsertMenuItemW
0x140097b20 IsMenu
0x140097b28 IsCharAlphaNumericW
0x140097b30 GetCursorPos
0x140097b38 DeleteMenu
0x140097b40 CheckMenuRadioItem
0x140097b48 GetMenuItemID
0x140097b50 GetMenuItemCount
0x140097b58 SetMenuItemInfoW
0x140097b60 GetMenuItemInfoW
0x140097b68 SetForegroundWindow
0x140097b70 IsIconic
0x140097b78 FindWindowW
0x140097b80 IsClipboardFormatAvailable
0x140097b88 keybd_event
0x140097b90 SendInput
0x140097b98 GetAsyncKeyState
0x140097ba0 SetKeyboardState
0x140097ba8 GetKeyboardState
0x140097bb0 GetKeyState
0x140097bb8 VkKeyScanW
0x140097bc0 LoadStringW
0x140097bc8 DialogBoxParamW
0x140097bd0 MessageBeep
0x140097bd8 EndDialog
0x140097be0 SendDlgItemMessageW
0x140097be8 GetDlgItem
0x140097bf0 SetWindowTextW
0x140097bf8 CopyRect
0x140097c00 ReleaseDC
0x140097c08 GetDC
0x140097c10 EndPaint
0x140097c18 BeginPaint
0x140097c20 GetClientRect
0x140097c28 GetMenu
0x140097c30 DestroyWindow
0x140097c38 EnumWindows
0x140097c40 IsWindow
0x140097c48 IsWindowEnabled
0x140097c50 IsWindowVisible
0x140097c58 EnableWindow
0x140097c60 InvalidateRect
0x140097c68 GetWindowLongPtrW
0x140097c70 GetWindowThreadProcessId
0x140097c78 AttachThreadInput
0x140097c80 GetFocus
0x140097c88 GetWindowTextW
0x140097c90 ScreenToClient
0x140097c98 SendMessageTimeoutW
0x140097ca0 EnumChildWindows
0x140097ca8 CharUpperBuffW
0x140097cb0 GetClassNameW
0x140097cb8 GetParent
0x140097cc0 GetDlgCtrlID
0x140097cc8 SendMessageW
0x140097cd0 MapVirtualKeyW
0x140097cd8 PostMessageW
0x140097ce0 GetWindowRect
0x140097ce8 SetUserObjectSecurity
0x140097cf0 GetUserObjectSecurity
0x140097cf8 CloseDesktop
0x140097d00 CloseWindowStation
0x140097d08 IsCharAlphaW
0x140097d10 GetKeyboardLayoutNameW
0x140097d18 ClientToScreen
0x140097d20 RegisterHotKey
0x140097d28 GetCursorInfo
0x140097d30 SetWindowPos
0x140097d38 CopyImage
0x140097d40 AdjustWindowRectEx
0x140097d48 SetRect
0x140097d50 SetClipboardData
0x140097d58 EmptyClipboard
0x140097d60 CountClipboardFormats
0x140097d68 CloseClipboard
0x140097d70 TrackPopupMenuEx
0x140097d78 GetClipboardData
0x140097d80 OpenDesktopW
0x140097d88 SetProcessWindowStation
0x140097d90 GetProcessWindowStation
0x140097d98 OpenWindowStationW
0x140097da0 MessageBoxW
0x140097da8 DefWindowProcW
0x140097db0 MoveWindow
0x140097db8 SetFocus
0x140097dc0 PostQuitMessage
0x140097dc8 KillTimer
0x140097dd0 CreatePopupMenu
0x140097dd8 RegisterWindowMessageW
0x140097de0 SetTimer
0x140097de8 ShowWindow
0x140097df0 CreateWindowExW
0x140097df8 RegisterClassExW
0x140097e00 LoadIconW
0x140097e08 LoadCursorW
0x140097e10 GetSysColorBrush
0x140097e18 GetForegroundWindow
0x140097e20 MessageBoxA
0x140097e28 DestroyIcon
0x140097e30 OpenClipboard
0x140097e38 BlockInput
0x140097e40 GetMessageW
0x140097e48 SystemParametersInfoW
0x140097e50 LockWindowUpdate
0x140097e58 GetDesktopWindow
GDI32.dll
0x140097190 DeleteObject
0x140097198 GetObjectW
0x1400971a0 GetTextExtentPoint32W
0x1400971a8 ExtCreatePen
0x1400971b0 StrokeAndFillPath
0x1400971b8 StrokePath
0x1400971c0 EndPath
0x1400971c8 SetPixel
0x1400971d0 CloseFigure
0x1400971d8 CreateCompatibleBitmap
0x1400971e0 CreateCompatibleDC
0x1400971e8 SelectObject
0x1400971f0 StretchBlt
0x1400971f8 GetDIBits
0x140097200 LineTo
0x140097208 AngleArc
0x140097210 MoveToEx
0x140097218 Ellipse
0x140097220 PolyDraw
0x140097228 BeginPath
0x140097230 Rectangle
0x140097238 GetDeviceCaps
0x140097240 SetBkMode
0x140097248 RoundRect
0x140097250 SetBkColor
0x140097258 CreatePen
0x140097260 CreateSolidBrush
0x140097268 SetTextColor
0x140097270 CreateFontW
0x140097278 GetTextFaceW
0x140097280 GetStockObject
0x140097288 CreateDCW
0x140097290 GetPixel
0x140097298 DeleteDC
0x1400972a0 SetViewportOrgEx
COMDLG32.dll
0x140097178 GetSaveFileNameW
0x140097180 GetOpenFileNameW
ADVAPI32.dll
0x140097000 RegEnumValueW
0x140097008 RegDeleteValueW
0x140097010 RegDeleteKeyW
0x140097018 RegSetValueExW
0x140097020 RegCreateKeyExW
0x140097028 GetUserNameW
0x140097030 RegConnectRegistryW
0x140097038 RegEnumKeyExW
0x140097040 CloseServiceHandle
0x140097048 UnlockServiceDatabase
0x140097050 LockServiceDatabase
0x140097058 OpenSCManagerW
0x140097060 InitiateSystemShutdownExW
0x140097068 AdjustTokenPrivileges
0x140097070 RegCloseKey
0x140097078 RegQueryValueExW
0x140097080 RegOpenKeyExW
0x140097088 OpenThreadToken
0x140097090 OpenProcessToken
0x140097098 LookupPrivilegeValueW
0x1400970a0 DuplicateTokenEx
0x1400970a8 CreateProcessAsUserW
0x1400970b0 CreateProcessWithLogonW
0x1400970b8 InitializeSecurityDescriptor
0x1400970c0 InitializeAcl
0x1400970c8 GetLengthSid
0x1400970d0 CopySid
0x1400970d8 SetSecurityDescriptorDacl
0x1400970e0 LogonUserW
0x1400970e8 GetTokenInformation
0x1400970f0 GetAclInformation
0x1400970f8 GetAce
0x140097100 AddAce
0x140097108 GetSecurityDescriptorDacl
SHELL32.dll
0x1400978d8 DragQueryPoint
0x1400978e0 ShellExecuteExW
0x1400978e8 SHGetFolderPathW
0x1400978f0 DragQueryFileW
0x1400978f8 SHEmptyRecycleBinW
0x140097900 SHBrowseForFolderW
0x140097908 SHFileOperationW
0x140097910 SHGetPathFromIDListW
0x140097918 SHGetDesktopFolder
0x140097920 SHGetMalloc
0x140097928 ExtractIconExW
0x140097930 Shell_NotifyIconW
0x140097938 ShellExecuteW
0x140097940 DragFinish
ole32.dll
0x140098000 OleSetMenuDescriptor
0x140098008 MkParseDisplayName
0x140098010 OleSetContainedObject
0x140098018 CoInitialize
0x140098020 CoUninitialize
0x140098028 CoCreateInstance
0x140098030 CreateStreamOnHGlobal
0x140098038 CoTaskMemAlloc
0x140098040 CoTaskMemFree
0x140098048 CLSIDFromString
0x140098050 StringFromCLSID
0x140098058 IIDFromString
0x140098060 StringFromIID
0x140098068 OleInitialize
0x140098070 CreateBindCtx
0x140098078 CLSIDFromProgID
0x140098080 CoInitializeSecurity
0x140098088 CoCreateInstanceEx
0x140098090 CoSetProxyBlanket
0x140098098 OleUninitialize
OLEAUT32.dll
0x140097828 SafeArrayAllocData
0x140097830 SafeArrayAllocDescriptorEx
0x140097838 SysAllocString
0x140097840 OleLoadPicture
0x140097848 SafeArrayGetVartype
0x140097850 SafeArrayDestroyData
0x140097858 SafeArrayAccessData
0x140097860 VariantInit
0x140097868 VariantCopy
0x140097870 VariantClear
0x140097878 VariantTimeToSystemTime
0x140097880 SafeArrayDestroyDescriptor
0x140097888 LoadRegTypeLib
0x140097890 GetActiveObject
0x140097898 SafeArrayUnaccessData
0x1400978a0 VarR8FromDec
EAT(Export Address Table) is none
WSOCK32.dll
0x140097f48 __WSAFDIsSet
0x140097f50 setsockopt
0x140097f58 ntohs
0x140097f60 recvfrom
0x140097f68 sendto
0x140097f70 htons
0x140097f78 select
0x140097f80 listen
0x140097f88 WSAStartup
0x140097f90 ind
0x140097f98 closesocket
0x140097fa0 connect
0x140097fa8 socket
0x140097fb0 send
0x140097fb8 WSACleanup
0x140097fc0 ioctlsocket
0x140097fc8 accept
0x140097fd0 WSAGetLastError
0x140097fd8 inet_addr
0x140097fe0 gethostbyname
0x140097fe8 gethostname
0x140097ff0 recv
VERSION.dll
0x140097e90 VerQueryValueW
0x140097e98 GetFileVersionInfoW
0x140097ea0 GetFileVersionInfoSizeW
WINMM.dll
0x140097f28 timeGetTime
0x140097f30 waveOutSetVolume
0x140097f38 mciSendStringW
COMCTL32.dll
0x140097118 ImageList_Remove
0x140097120 ImageList_SetDragCursorImage
0x140097128 ImageList_BeginDrag
0x140097130 ImageList_DragEnter
0x140097138 ImageList_DragLeave
0x140097140 ImageList_EndDrag
0x140097148 ImageList_DragMove
0x140097150 ImageList_ReplaceIcon
0x140097158 ImageList_Create
0x140097160 InitCommonControlsEx
0x140097168 ImageList_Destroy
MPR.dll
0x140097800 WNetCancelConnection2W
0x140097808 WNetGetConnectionW
0x140097810 WNetAddConnection2W
0x140097818 WNetUseConnectionW
WININET.dll
0x140097eb0 InternetReadFile
0x140097eb8 InternetCloseHandle
0x140097ec0 InternetOpenW
0x140097ec8 InternetSetOptionW
0x140097ed0 InternetCrackUrlW
0x140097ed8 HttpQueryInfoW
0x140097ee0 InternetConnectW
0x140097ee8 HttpOpenRequestW
0x140097ef0 HttpSendRequestW
0x140097ef8 FtpOpenFileW
0x140097f00 FtpGetFileSize
0x140097f08 InternetOpenUrlW
0x140097f10 InternetQueryOptionW
0x140097f18 InternetQueryDataAvailable
PSAPI.DLL
0x1400978b0 EnumProcesses
0x1400978b8 GetModuleBaseNameW
0x1400978c0 GetProcessMemoryInfo
0x1400978c8 EnumProcessModules
USERENV.dll
0x140097e68 CreateEnvironmentBlock
0x140097e70 DestroyEnvironmentBlock
0x140097e78 UnloadUserProfile
0x140097e80 LoadUserProfileW
KERNEL32.dll
0x1400972b0 HeapAlloc
0x1400972b8 Sleep
0x1400972c0 GetCurrentThreadId
0x1400972c8 RaiseException
0x1400972d0 MulDiv
0x1400972d8 GetVersionExW
0x1400972e0 GetSystemInfo
0x1400972e8 MultiByteToWideChar
0x1400972f0 WideCharToMultiByte
0x1400972f8 GetModuleHandleW
0x140097300 QueryPerformanceCounter
0x140097308 VirtualFreeEx
0x140097310 OpenProcess
0x140097318 VirtualAllocEx
0x140097320 WriteProcessMemory
0x140097328 ReadProcessMemory
0x140097330 CreateFileW
0x140097338 SetFilePointerEx
0x140097340 ReadFile
0x140097348 WriteFile
0x140097350 FlushFileBuffers
0x140097358 TerminateProcess
0x140097360 CreateToolhelp32Snapshot
0x140097368 Process32FirstW
0x140097370 Process32NextW
0x140097378 SetFileTime
0x140097380 GetFileAttributesW
0x140097388 FindFirstFileW
0x140097390 FindClose
0x140097398 DeleteFileW
0x1400973a0 FindNextFileW
0x1400973a8 lstrcmpiW
0x1400973b0 MoveFileW
0x1400973b8 CopyFileW
0x1400973c0 CreateDirectoryW
0x1400973c8 RemoveDirectoryW
0x1400973d0 SetSystemPowerState
0x1400973d8 QueryPerformanceFrequency
0x1400973e0 FindResourceW
0x1400973e8 LoadResource
0x1400973f0 LockResource
0x1400973f8 SizeofResource
0x140097400 EnumResourceNamesW
0x140097408 OutputDebugStringW
0x140097410 GetProcessHeap
0x140097418 CompareStringW
0x140097420 CompareStringA
0x140097428 DeleteCriticalSection
0x140097430 EnterCriticalSection
0x140097438 LeaveCriticalSection
0x140097440 InitializeCriticalSectionAndSpinCount
0x140097448 GetStdHandle
0x140097450 CreatePipe
0x140097458 TerminateThread
0x140097460 GetTempPathW
0x140097468 GetTempFileNameW
0x140097470 VirtualFree
0x140097478 FormatMessageW
0x140097480 GetExitCodeProcess
0x140097488 SetErrorMode
0x140097490 GetPrivateProfileStringW
0x140097498 WritePrivateProfileStringW
0x1400974a0 GetPrivateProfileSectionW
0x1400974a8 WritePrivateProfileSectionW
0x1400974b0 GetPrivateProfileSectionNamesW
0x1400974b8 FileTimeToLocalFileTime
0x1400974c0 FileTimeToSystemTime
0x1400974c8 SystemTimeToFileTime
0x1400974d0 LocalFileTimeToFileTime
0x1400974d8 GetDriveTypeW
0x1400974e0 GetDiskFreeSpaceExW
0x1400974e8 GetDiskFreeSpaceW
0x1400974f0 GetVolumeInformationW
0x1400974f8 SetVolumeLabelW
0x140097500 CreateHardLinkW
0x140097508 DeviceIoControl
0x140097510 SetFileAttributesW
0x140097518 GetShortPathNameW
0x140097520 CreateEventW
0x140097528 SetEvent
0x140097530 GetEnvironmentVariableW
0x140097538 SetEnvironmentVariableW
0x140097540 GlobalLock
0x140097548 GlobalUnlock
0x140097550 GlobalAlloc
0x140097558 GetFileSize
0x140097560 GlobalFree
0x140097568 GlobalMemoryStatusEx
0x140097570 Beep
0x140097578 GetComputerNameW
0x140097580 GetWindowsDirectoryW
0x140097588 GetSystemDirectoryW
0x140097590 GetCurrentProcessId
0x140097598 GetCurrentThread
0x1400975a0 GetProcessIoCounters
0x1400975a8 CreateProcessW
0x1400975b0 SetPriorityClass
0x1400975b8 LoadLibraryW
0x1400975c0 VirtualAlloc
0x1400975c8 LoadLibraryExW
0x1400975d0 HeapFree
0x1400975d8 WaitForSingleObject
0x1400975e0 CreateThread
0x1400975e8 DuplicateHandle
0x1400975f0 GetLastError
0x1400975f8 CloseHandle
0x140097600 GetCurrentProcess
0x140097608 GetProcAddress
0x140097610 LoadLibraryA
0x140097618 FreeLibrary
0x140097620 GetModuleFileNameW
0x140097628 GetFullPathNameW
0x140097630 ExitProcess
0x140097638 ExitThread
0x140097640 GetSystemTimeAsFileTime
0x140097648 ResumeThread
0x140097650 GetStartupInfoW
0x140097658 EncodePointer
0x140097660 DecodePointer
0x140097668 FlsGetValue
0x140097670 FlsSetValue
0x140097678 SetCurrentDirectoryW
0x140097680 IsDebuggerPresent
0x140097688 GetCurrentDirectoryW
0x140097690 FlsFree
0x140097698 SetLastError
0x1400976a0 FlsAlloc
0x1400976a8 HeapSize
0x1400976b0 RtlUnwindEx
0x1400976b8 GetCPInfo
0x1400976c0 GetACP
0x1400976c8 GetOEMCP
0x1400976d0 IsValidCodePage
0x1400976d8 UnhandledExceptionFilter
0x1400976e0 SetUnhandledExceptionFilter
0x1400976e8 RtlVirtualUnwind
0x1400976f0 RtlLookupFunctionEntry
0x1400976f8 RtlCaptureContext
0x140097700 RtlPcToFileHeader
0x140097708 GetModuleFileNameA
0x140097710 HeapSetInformation
0x140097718 HeapCreate
0x140097720 SetHandleCount
0x140097728 GetFileType
0x140097730 GetStartupInfoA
0x140097738 SetStdHandle
0x140097740 GetConsoleCP
0x140097748 GetConsoleMode
0x140097750 LCMapStringW
0x140097758 LCMapStringA
0x140097760 SetFilePointer
0x140097768 GetTimeZoneInformation
0x140097770 GetDateFormatA
0x140097778 GetTimeFormatA
0x140097780 FreeEnvironmentStringsW
0x140097788 GetEnvironmentStringsW
0x140097790 GetCommandLineW
0x140097798 GetTickCount
0x1400977a0 HeapReAlloc
0x1400977a8 GetStringTypeA
0x1400977b0 GetStringTypeW
0x1400977b8 GetLocaleInfoA
0x1400977c0 WriteConsoleA
0x1400977c8 GetConsoleOutputCP
0x1400977d0 WriteConsoleW
0x1400977d8 CreateFileA
0x1400977e0 SetEndOfFile
0x1400977e8 GetLocalTime
0x1400977f0 SetEnvironmentVariableA
USER32.dll
0x140097950 IsCharLowerW
0x140097958 IsCharUpperW
0x140097960 GetMenuStringW
0x140097968 GetSubMenu
0x140097970 GetCaretPos
0x140097978 IsZoomed
0x140097980 GetWindowLongW
0x140097988 MonitorFromPoint
0x140097990 GetMonitorInfoW
0x140097998 SetWindowLongW
0x1400979a0 SetLayeredWindowAttributes
0x1400979a8 FlashWindow
0x1400979b0 GetClassLongPtrW
0x1400979b8 TranslateAcceleratorW
0x1400979c0 IsDialogMessageW
0x1400979c8 GetSysColor
0x1400979d0 InflateRect
0x1400979d8 DrawFocusRect
0x1400979e0 DrawTextW
0x1400979e8 FrameRect
0x1400979f0 DrawFrameControl
0x1400979f8 FillRect
0x140097a00 PtInRect
0x140097a08 DestroyAcceleratorTable
0x140097a10 CreateAcceleratorTableW
0x140097a18 SetCursor
0x140097a20 GetWindowDC
0x140097a28 GetSystemMetrics
0x140097a30 SetWindowLongPtrW
0x140097a38 GetActiveWindow
0x140097a40 CharNextW
0x140097a48 wsprintfW
0x140097a50 RedrawWindow
0x140097a58 DrawMenuBar
0x140097a60 DestroyMenu
0x140097a68 SetMenu
0x140097a70 GetWindowTextLengthW
0x140097a78 CreateMenu
0x140097a80 IsDlgButtonChecked
0x140097a88 DefDlgProcW
0x140097a90 ReleaseCapture
0x140097a98 SetCapture
0x140097aa0 WindowFromPoint
0x140097aa8 DispatchMessageW
0x140097ab0 TranslateMessage
0x140097ab8 PeekMessageW
0x140097ac0 UnregisterHotKey
0x140097ac8 CharLowerBuffW
0x140097ad0 MonitorFromRect
0x140097ad8 LoadImageW
0x140097ae0 CreateIconFromResourceEx
0x140097ae8 mouse_event
0x140097af0 ExitWindowsEx
0x140097af8 SetActiveWindow
0x140097b00 FindWindowExW
0x140097b08 EnumThreadWindows
0x140097b10 SetMenuDefaultItem
0x140097b18 InsertMenuItemW
0x140097b20 IsMenu
0x140097b28 IsCharAlphaNumericW
0x140097b30 GetCursorPos
0x140097b38 DeleteMenu
0x140097b40 CheckMenuRadioItem
0x140097b48 GetMenuItemID
0x140097b50 GetMenuItemCount
0x140097b58 SetMenuItemInfoW
0x140097b60 GetMenuItemInfoW
0x140097b68 SetForegroundWindow
0x140097b70 IsIconic
0x140097b78 FindWindowW
0x140097b80 IsClipboardFormatAvailable
0x140097b88 keybd_event
0x140097b90 SendInput
0x140097b98 GetAsyncKeyState
0x140097ba0 SetKeyboardState
0x140097ba8 GetKeyboardState
0x140097bb0 GetKeyState
0x140097bb8 VkKeyScanW
0x140097bc0 LoadStringW
0x140097bc8 DialogBoxParamW
0x140097bd0 MessageBeep
0x140097bd8 EndDialog
0x140097be0 SendDlgItemMessageW
0x140097be8 GetDlgItem
0x140097bf0 SetWindowTextW
0x140097bf8 CopyRect
0x140097c00 ReleaseDC
0x140097c08 GetDC
0x140097c10 EndPaint
0x140097c18 BeginPaint
0x140097c20 GetClientRect
0x140097c28 GetMenu
0x140097c30 DestroyWindow
0x140097c38 EnumWindows
0x140097c40 IsWindow
0x140097c48 IsWindowEnabled
0x140097c50 IsWindowVisible
0x140097c58 EnableWindow
0x140097c60 InvalidateRect
0x140097c68 GetWindowLongPtrW
0x140097c70 GetWindowThreadProcessId
0x140097c78 AttachThreadInput
0x140097c80 GetFocus
0x140097c88 GetWindowTextW
0x140097c90 ScreenToClient
0x140097c98 SendMessageTimeoutW
0x140097ca0 EnumChildWindows
0x140097ca8 CharUpperBuffW
0x140097cb0 GetClassNameW
0x140097cb8 GetParent
0x140097cc0 GetDlgCtrlID
0x140097cc8 SendMessageW
0x140097cd0 MapVirtualKeyW
0x140097cd8 PostMessageW
0x140097ce0 GetWindowRect
0x140097ce8 SetUserObjectSecurity
0x140097cf0 GetUserObjectSecurity
0x140097cf8 CloseDesktop
0x140097d00 CloseWindowStation
0x140097d08 IsCharAlphaW
0x140097d10 GetKeyboardLayoutNameW
0x140097d18 ClientToScreen
0x140097d20 RegisterHotKey
0x140097d28 GetCursorInfo
0x140097d30 SetWindowPos
0x140097d38 CopyImage
0x140097d40 AdjustWindowRectEx
0x140097d48 SetRect
0x140097d50 SetClipboardData
0x140097d58 EmptyClipboard
0x140097d60 CountClipboardFormats
0x140097d68 CloseClipboard
0x140097d70 TrackPopupMenuEx
0x140097d78 GetClipboardData
0x140097d80 OpenDesktopW
0x140097d88 SetProcessWindowStation
0x140097d90 GetProcessWindowStation
0x140097d98 OpenWindowStationW
0x140097da0 MessageBoxW
0x140097da8 DefWindowProcW
0x140097db0 MoveWindow
0x140097db8 SetFocus
0x140097dc0 PostQuitMessage
0x140097dc8 KillTimer
0x140097dd0 CreatePopupMenu
0x140097dd8 RegisterWindowMessageW
0x140097de0 SetTimer
0x140097de8 ShowWindow
0x140097df0 CreateWindowExW
0x140097df8 RegisterClassExW
0x140097e00 LoadIconW
0x140097e08 LoadCursorW
0x140097e10 GetSysColorBrush
0x140097e18 GetForegroundWindow
0x140097e20 MessageBoxA
0x140097e28 DestroyIcon
0x140097e30 OpenClipboard
0x140097e38 BlockInput
0x140097e40 GetMessageW
0x140097e48 SystemParametersInfoW
0x140097e50 LockWindowUpdate
0x140097e58 GetDesktopWindow
GDI32.dll
0x140097190 DeleteObject
0x140097198 GetObjectW
0x1400971a0 GetTextExtentPoint32W
0x1400971a8 ExtCreatePen
0x1400971b0 StrokeAndFillPath
0x1400971b8 StrokePath
0x1400971c0 EndPath
0x1400971c8 SetPixel
0x1400971d0 CloseFigure
0x1400971d8 CreateCompatibleBitmap
0x1400971e0 CreateCompatibleDC
0x1400971e8 SelectObject
0x1400971f0 StretchBlt
0x1400971f8 GetDIBits
0x140097200 LineTo
0x140097208 AngleArc
0x140097210 MoveToEx
0x140097218 Ellipse
0x140097220 PolyDraw
0x140097228 BeginPath
0x140097230 Rectangle
0x140097238 GetDeviceCaps
0x140097240 SetBkMode
0x140097248 RoundRect
0x140097250 SetBkColor
0x140097258 CreatePen
0x140097260 CreateSolidBrush
0x140097268 SetTextColor
0x140097270 CreateFontW
0x140097278 GetTextFaceW
0x140097280 GetStockObject
0x140097288 CreateDCW
0x140097290 GetPixel
0x140097298 DeleteDC
0x1400972a0 SetViewportOrgEx
COMDLG32.dll
0x140097178 GetSaveFileNameW
0x140097180 GetOpenFileNameW
ADVAPI32.dll
0x140097000 RegEnumValueW
0x140097008 RegDeleteValueW
0x140097010 RegDeleteKeyW
0x140097018 RegSetValueExW
0x140097020 RegCreateKeyExW
0x140097028 GetUserNameW
0x140097030 RegConnectRegistryW
0x140097038 RegEnumKeyExW
0x140097040 CloseServiceHandle
0x140097048 UnlockServiceDatabase
0x140097050 LockServiceDatabase
0x140097058 OpenSCManagerW
0x140097060 InitiateSystemShutdownExW
0x140097068 AdjustTokenPrivileges
0x140097070 RegCloseKey
0x140097078 RegQueryValueExW
0x140097080 RegOpenKeyExW
0x140097088 OpenThreadToken
0x140097090 OpenProcessToken
0x140097098 LookupPrivilegeValueW
0x1400970a0 DuplicateTokenEx
0x1400970a8 CreateProcessAsUserW
0x1400970b0 CreateProcessWithLogonW
0x1400970b8 InitializeSecurityDescriptor
0x1400970c0 InitializeAcl
0x1400970c8 GetLengthSid
0x1400970d0 CopySid
0x1400970d8 SetSecurityDescriptorDacl
0x1400970e0 LogonUserW
0x1400970e8 GetTokenInformation
0x1400970f0 GetAclInformation
0x1400970f8 GetAce
0x140097100 AddAce
0x140097108 GetSecurityDescriptorDacl
SHELL32.dll
0x1400978d8 DragQueryPoint
0x1400978e0 ShellExecuteExW
0x1400978e8 SHGetFolderPathW
0x1400978f0 DragQueryFileW
0x1400978f8 SHEmptyRecycleBinW
0x140097900 SHBrowseForFolderW
0x140097908 SHFileOperationW
0x140097910 SHGetPathFromIDListW
0x140097918 SHGetDesktopFolder
0x140097920 SHGetMalloc
0x140097928 ExtractIconExW
0x140097930 Shell_NotifyIconW
0x140097938 ShellExecuteW
0x140097940 DragFinish
ole32.dll
0x140098000 OleSetMenuDescriptor
0x140098008 MkParseDisplayName
0x140098010 OleSetContainedObject
0x140098018 CoInitialize
0x140098020 CoUninitialize
0x140098028 CoCreateInstance
0x140098030 CreateStreamOnHGlobal
0x140098038 CoTaskMemAlloc
0x140098040 CoTaskMemFree
0x140098048 CLSIDFromString
0x140098050 StringFromCLSID
0x140098058 IIDFromString
0x140098060 StringFromIID
0x140098068 OleInitialize
0x140098070 CreateBindCtx
0x140098078 CLSIDFromProgID
0x140098080 CoInitializeSecurity
0x140098088 CoCreateInstanceEx
0x140098090 CoSetProxyBlanket
0x140098098 OleUninitialize
OLEAUT32.dll
0x140097828 SafeArrayAllocData
0x140097830 SafeArrayAllocDescriptorEx
0x140097838 SysAllocString
0x140097840 OleLoadPicture
0x140097848 SafeArrayGetVartype
0x140097850 SafeArrayDestroyData
0x140097858 SafeArrayAccessData
0x140097860 VariantInit
0x140097868 VariantCopy
0x140097870 VariantClear
0x140097878 VariantTimeToSystemTime
0x140097880 SafeArrayDestroyDescriptor
0x140097888 LoadRegTypeLib
0x140097890 GetActiveObject
0x140097898 SafeArrayUnaccessData
0x1400978a0 VarR8FromDec
EAT(Export Address Table) is none