evetbeta.exe

First submission 2024-10-16 17:38:03

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	92.0 KB (94208 bytes)
Compile time:	2017-01-05 20:50:13
MD5:	6f6137e6f85dc8dac7ff87ca4c86af4c
SHA1:	fc047ad39f8f2f57fa6049e1883ccab24bea8f82
SHA256:	a370eacabf4af9caa5502c39b40c95eda6be23666231e24da1b56277a222f3e9
Import Hash :	d3a62971944197f0701c7049a9c739d1
Sections 4	.text .rdata .data .rsrc
Directories 2	import resource

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	67/76 VT report date: 2024-04-02 12:02:10
Malware Type 2	trojan dropper
Threat Type 3	remcos rescoms bkdr

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://raw.githubusercontent.com/yusuf216/sshport/main/evetbeta.exe	raw.githubusercontent.com	2024-10-16 17:38:03

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0xefda	61440	8bb80f5671de9d3180e2354597fea3c419e63e09	701ba754ec2c5e6bb59e067ac0f30803
.rdata	0x10000	0x4a92	20480	a7836d88c0aef7598befea45b2b5a61812fb7833	527be05e40065fc92d1f0728c65597a4
.data	0x15000	0xc24	4096	77ed34cba57a21a0d5cab433058c912a6e23b540	fb14ff8d2618a89abfd2ddf3144905c7
.rsrc	0x16000	0xf6c	4096	f70a4edc456141e74e76f594f75b7ab1901c79b5	bf17fa6d1a93df33f6e69b069e7ca925

PE Resources 3

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x160fc	3240	PE Resource: RT_ICON - Data ( @UU{EF02%27\|UU{LL~57#DU%~}0\|UU{qp25" 62S9Wf~0 }&\|UU{SStQQfppy L(U-U2T6Se}0v]]pUU{UU{BD(+$#R'R+R0Q3Oe\|0y^_fccgeeeUU{GH(+/ "#O'NN.M1Kd{0 ~eeeccfeee /7< !#J&J)J,I.Gcz0 ~ssseee~~ $ '.37 "F%E'ED+Cby1 }~~#&(+.2"@$@&@'@'@ay1 \|! $&),. ;";#<#<#<`x1 { ! $'),7889 9_w1z " $') 34555^v1x " $&011/+I^&w ! #&!'<&svv !} , =J[Es;0rv p LMJGS`/-1-l )A?<96t#"&.lO!# 0:FD30-(u)"l{FAA>;85$!45NXpuuH] k~sC1\90-'Jaf}ugJluH[$k"z;6U-"rz%9-PT)^67;Q2#/:O$&5`k.zis4)8^hvvv+5JQgi\|KYNZdo;fhytyqomkihkih~}$ ^bnr0:t Euv}QPO))221`_^Z]r4<~:B{{ztzew+4[Qui~CT>>>KKKTTTXXXJJIZYY]dHUJUf}P_tjjjg{Pe[\gtrq+;^fyyyNj-)%/zyckSSSaaammmrrrsss;&"hl~}_]\EDC555===NNNUUUTTT~ZYXBA@/..**,,,<<<<<<KKJIII...555
RT_RCDATA	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x16da4	435
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x16f58	20

Name

Language

Sublanguage

Offset

Size

Data

RT_ICON

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x160fc

3240

RT_RCDATA

LANG_NEUTRAL

SUBLANG_NEUTRAL

0x16da4

435

RT_GROUP_ICON

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x16f58

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 8

FindWindowA
GetLastError
GetWindowThreadProcessId
Process32First
Process32FirstW
Process32Next
Process32NextW
TerminateProcess

Anti debug functions 2

Virtual Box
VMware trick

Strings analysis - File found

Database
\key3.db
Library
WININET.dll
KERNEL32.dll
ntdll.dll
SHLWAPI.dll
SbieDll.dll
USER32.dll
Powrprof.dll
PSAPI.DLL
WINMM.dll
gdiplus.dll
ADVAPI32.dll
msvcp60.dll
MSVCRT.dll
GDI32.dll
urlmon.dll
SHELL32.dll
WS2_32.dll

Strings analysis - Possible IPs found 1

127.0.0.1

Import functions

MSVCP60.dll 89 gdiplus.dll 11 urlmon.dll 1 WINMM.dll 7 WININET.dll 4 GDI32.dll 10 SHELL32.dll 5 KERNEL32.dll 76 MSVCRT.dll 44 ADVAPI32.dll 15 SHLWAPI.dll 1 WS2_32.dll 9 USER32.dll 35

Function	Address	Souspicious	Anti Debug
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ	0x4101a0
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ	0x4101a4
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z	0x4101a8
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z	0x4101ac
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z	0x4101b0
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z	0x4101b4
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z	0x4101b8
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z	0x4101bc
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z	0x4101c0
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z	0x4101c4
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z	0x4101c8
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z	0x4101cc
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z	0x4101d0
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB	0x4101d4
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z	0x4101d8
??0Init@ios_base@std@@QAE@XZ	0x4101dc
??1Init@ios_base@std@@QAE@XZ	0x4101e0
??0_Winit@std@@QAE@XZ	0x4101e4
??1_Winit@std@@QAE@XZ	0x4101e8
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z	0x4101ec
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z	0x4101f0
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z	0x4101f4
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z	0x4101f8
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z	0x4101fc
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z	0x410200
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z	0x410204
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ	0x410208
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ	0x41020c
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ	0x410210
??Bios_base@std@@QBEPAXXZ	0x410214
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z	0x410218
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z	0x41021c
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z	0x410220
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z	0x410224
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z	0x410228
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z	0x41022c
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ	0x410230
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ	0x410234
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z	0x410238
??0logic_error@std@@QAE@ABV01@@Z	0x41023c
??0out_of_range@std@@QAE@ABV01@@Z	0x410240
??1out_of_range@std@@UAE@XZ	0x410244
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z	0x410248
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z	0x41024c
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z	0x410250
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ	0x410254
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ	0x410258
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z	0x41025c
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z	0x410260
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z	0x410264
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z	0x410268
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z	0x41026c
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z	0x410270
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ	0x410274
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ	0x410278
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z	0x41027c
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z	0x410280
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z	0x410284
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z	0x410288
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z	0x41028c
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ	0x410290
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z	0x410294
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z	0x410298
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB	0x41029c
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ	0x4102a0
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z	0x4102a4
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ	0x4102a8
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z	0x4102ac
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z	0x4102b0
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z	0x4102b4
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z	0x4102b8
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z	0x4102bc
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ	0x4102c0
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ	0x4102c4
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z	0x4102c8
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ	0x4102cc
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ	0x4102d0
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z	0x4102d4
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z	0x4102d8
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ	0x4102dc
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ	0x4102e0
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z	0x4102e4
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z	0x4102e8
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ	0x4102ec
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ	0x4102f0
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z	0x4102f4
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ	0x4102f8
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ	0x4102fc
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z	0x410300

Function	Address	Souspicious	Anti Debug
GdipLoadImageFromStreamICM	0x4104c8
GdipDisposeImage	0x4104cc
GdipCloneImage	0x4104d0
GdipAlloc	0x4104d4
GdipSaveImageToStream	0x4104d8
GdipSaveImageToFile	0x4104dc
GdipLoadImageFromStream	0x4104e0
GdiplusStartup	0x4104e4
GdipGetImageEncoders	0x4104e8
GdipFree	0x4104ec
GdipGetImageEncodersSize	0x4104f0

Function	Address	Souspicious	Anti Debug
URLDownloadToFileA	0x4104f8

Function	Address	Souspicious	Anti Debug
waveInOpen	0x410480
waveInStop	0x410484
waveInClose	0x410488
waveInAddBuffer	0x41048c
waveInPrepareHeader	0x410490
waveInUnprepareHeader	0x410494
waveInStart	0x410498

Function	Address	Souspicious	Anti Debug
InternetCloseHandle	0x41046c
InternetOpenUrlA	0x410470
InternetOpenA	0x410474
InternetReadFile	0x410478

Function	Address	Souspicious	Anti Debug
CreateDCA	0x410040
CreateCompatibleDC	0x410044
GetDeviceCaps	0x410048
CreateCompatibleBitmap	0x41004c
SelectObject	0x410050
StretchBlt	0x410054
GetObjectA	0x410058
GetDIBits	0x41005c
DeleteObject	0x410060
DeleteDC	0x410064

Function	Address	Souspicious	Anti Debug
ShellExecuteA	0x4103bc
ExtractIconA	0x4103c0
Shell_NotifyIconA	0x4103c4
ShellExecuteExA	0x4103c8
ShellExecuteW	0x4103cc

Function	Address	Souspicious	Anti Debug
GetModuleFileNameA	0x41006c
GetLongPathNameA	0x410070
CreateMutexA	0x410074
OpenMutexA	0x410078
Process32Next	0x41007c
Process32First	0x410080
CreateToolhelp32Snapshot	0x410084
SizeofResource	0x410088
LockResource	0x41008c
LoadResource	0x410090
FindResourceA	0x410094
GetLocaleInfoA	0x410098
Process32NextW	0x41009c
Process32FirstW	0x4100a0
lstrlenA	0x4100a4
GetDriveTypeA	0x4100a8
CreateProcessA	0x4100ac
GetTickCount	0x4100b0
GlobalUnlock	0x4100b4
GlobalLock	0x4100b8
GlobalAlloc	0x4100bc
WinExec	0x4100c0
GetCurrentProcessId	0x4100c4
CreateDirectoryW	0x4100c8
CopyFileA	0x4100cc
GetFileAttributesW	0x4100d0
GetLogicalDriveStringsA	0x4100d4
GetCurrentProcess	0x4100d8
ResumeThread	0x4100dc
SetThreadContext	0x4100e0
WriteProcessMemory	0x4100e4
VirtualAllocEx	0x4100e8
ReadProcessMemory	0x4100ec
GetThreadContext	0x4100f0
VirtualAlloc	0x4100f4
GlobalFree	0x4100f8
LocalAlloc	0x4100fc
TerminateProcess	0x410100
ReadFile	0x410104
PeekNamedPipe	0x410108
GetStdHandle	0x41010c
CreatePipe	0x410110
OpenProcess	0x410114
DuplicateHandle	0x410118
GetCurrentThread	0x41011c
lstrcpynA	0x410120
ExitProcess	0x410124
AllocConsole	0x410128
GetStartupInfoA	0x41012c
ExpandEnvironmentStringsA	0x410130
FindFirstFileA	0x410134
FindNextFileA	0x410138
GetLastError	0x41013c
LoadLibraryA	0x410140
GetProcAddress	0x410144
CreateFileMappingA	0x410148
MapViewOfFileEx	0x41014c
DeleteFileA	0x410150
RemoveDirectoryA	0x410154
CloseHandle	0x410158
GetFileAttributesA	0x41015c
SetFileAttributesA	0x410160
SetEvent	0x410164
TerminateThread	0x410168
FindFirstFileW	0x41016c
FindNextFileW	0x410170
FindClose	0x410174
GetLocalTime	0x410178
CreateEventA	0x41017c
WaitForSingleObject	0x410180
CreateDirectoryA	0x410184
ExitThread	0x410188
Sleep	0x41018c
GetModuleHandleA	0x410190
DeleteFileW	0x410194
CreateThread	0x410198

Function	Address	Souspicious	Anti Debug
_wrename	0x410308
_controlfp	0x41030c
__set_app_type	0x410310
__p__fmode	0x410314
__p__commode	0x410318
_adjust_fdiv	0x41031c
__setusermatherr	0x410320
_initterm	0x410324
__getmainargs	0x410328
_acmdln	0x41032c
_XcptFilter	0x410330
_exit	0x410334
_onexit	0x410338
__dllonexit	0x41033c
??1type_info@@UAE@XZ	0x410340
_iob	0x410344
freopen	0x410348
srand	0x41034c
rand	0x410350
mbstowcs	0x410354
realloc	0x410358
_itoa	0x41035c
sprintf	0x410360
getenv	0x410364
toupper	0x410368
tolower	0x41036c
wcscmp	0x410370
printf	0x410374
strncmp	0x410378
malloc	0x41037c
free	0x410380
_EH_prolog	0x410384
__CxxFrameHandler	0x410388
time	0x41038c
localtime	0x410390
strftime	0x410394
puts	0x410398
atoi	0x41039c
_ftol	0x4103a0
??2@YAPAXI@Z	0x4103a4
_except_handler3	0x4103a8
exit	0x4103ac
??0exception@@QAE@ABV0@@Z	0x4103b0
_CxxThrowException	0x4103b4

Function	Address	Souspicious	Anti Debug
OpenProcessToken	0x410000
LookupPrivilegeValueA	0x410004
AdjustTokenPrivileges	0x410008
RegCreateKeyExA	0x41000c
RegQueryInfoKeyA	0x410010
RegEnumKeyExA	0x410014
RegEnumValueA	0x410018
RegDeleteValueA	0x41001c
RegCreateKeyA	0x410020
RegSetValueExA	0x410024
RegOpenKeyExA	0x410028
RegDeleteKeyA	0x41002c
RegCloseKey	0x410030
RegQueryValueExA	0x410034
GetUserNameW	0x410038

Function	Address	Souspicious	Anti Debug
PathFileExistsA	0x4103d4

Function	Address	Souspicious	Anti Debug
htons	0x4104a0
gethostbyname	0x4104a4
closesocket	0x4104a8
socket	0x4104ac
send	0x4104b0
WSAGetLastError	0x4104b4
connect	0x4104b8
recv	0x4104bc
WSAStartup	0x4104c0

Function	Address	Souspicious	Anti Debug
GetWindowTextLengthA	0x4103dc
GetForegroundWindow	0x4103e0
UnhookWindowsHookEx	0x4103e4
CloseClipboard	0x4103e8
GetClipboardData	0x4103ec
OpenClipboard	0x4103f0
SetClipboardData	0x4103f4
EmptyClipboard	0x4103f8
ExitWindowsEx	0x4103fc
MessageBoxA	0x410400
GetKeyboardLayoutNameA	0x410404
GetWindowThreadProcessId	0x410408
ShowWindow	0x41040c
CloseWindow	0x410410
GetWindowTextA	0x410414
GetWindowTextW	0x410418
EnumWindows	0x41041c
SendInput	0x410420
CreateWindowExA	0x410424
RegisterClassExA	0x410428
AppendMenuA	0x41042c
CreatePopupMenu	0x410430
TrackPopupMenu	0x410434
SetForegroundWindow	0x410438
GetCursorPos	0x41043c
DefWindowProcA	0x410440
GetKeyState	0x410444
CallNextHookEx	0x410448
SetWindowsHookExA	0x41044c
GetMessageA	0x410450
TranslateMessage	0x410454
GetKeyboardLayout	0x410458
FindWindowA	0x41045c
DispatchMessageA	0x410460
IsWindowVisible	0x410464

Name	Latest seen	MD5
svchost.exe	2023-03-05 13:50:02	99e19c4a4a8a972005902bf6129867e9