taskhostws.exe

First submission 2024-10-17 16:48:04

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	938.35 KB (960873 bytes)
Compile time:	2010-03-07 17:08:39
MD5:	b47e4f366b08fe509c2a8f9ee7251f51
SHA1:	3338dd3e335d1e8e6ee0d4c0c607248d333c25c1
SHA256:	03461c2a07431aed5ff68bbcf42d7ef82f32190b44ba140befd3f474614b5f3d
Import Hash :	aaaa8913c89c8aa4a5d93f06853894da
Sections 4	.text .rdata .data .rsrc
Directories 2	import resource

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	26/76 VT report date: 2024-10-17 16:27:44
Malware Type 1	trojan
Threat Type 2	autoit filerepmalware

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://172.245.123.25/302/taskhostws.exe	172.245.123.25	2024-10-17 16:48:04

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x80017	524800	2313df023bb305e4aac83f1d250066be138dba7a	6c20c6bf686768b6f134f5bd508171bc
.rdata	0x82000	0xd95c	55808	98dac5ef8e9c23a80b31f1a09e01a56a882ca283	f979966509a93083729d23cdfd2a6f2d
.data	0x90000	0x1a518	26624	9286d86740e16cc5e1190d8435f272bfab8a2f90	e5d77411f751d28c6eee48a743606795
.rsrc	0xab000	0x9298	37888	a484de0e400909d276cd544fce4341f65566b415	f6be76de0ef2c68f397158bf01bdef3e

PE Resources 7

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_UK	0xb16c0	1128	PE Resource: RT_ICON - Data ( @[?){^D(_I)^H)]B'Z@+C,3 L5`J'[F$9&.G1B1"->"dAn9RM{_1R5% /H8#'D(h>[0~Okk}NW.U4'+M3!0! 0nK'6(:/ :/!5)." 8H3#b AAAIII111GGG<<<111000111111CCC+++ TA2rD1!:$///vvv((( F2"A-I.1cccZYY ##"wwweee% 8#:(C/M1V-2# a> >(=+VA/[> `=~^DffffffmR;kM1>(J6&fRAfbH/zZ@lfUFBBBRRR\M@x^lW=;)nZIo\I8r_EjXPH~~~PHAo\UE2VD5bQ?wgmmmwwwlaTC4(jXJdXG}v{tsnjlc\J?4m\Pl]Psi`xrl^UMeWKyhYmsf[ui`ncYnaX}j[l
RT_MENU	LANG_ENGLISH	SUBLANG_ENGLISH_UK	0xb1b28	80
RT_DIALOG	LANG_ENGLISH	SUBLANG_ENGLISH_UK	0xb1b78	252
RT_STRING	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xb3c60	344
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_UK	0xb3e70	20
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_UK	0xb3e88	412
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xb4028	620	PE Resource: RT_MANIFEST - Data <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> </requestedPrivileges> </security> </trustInfo> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="" processorArchitecture="" publicKeyToken="6595b64144ccf1df"></assemblyIdentity> </dependentAssembly> </dependency> </assembly>

Meta infos 4

CompiledScript:	AutoIt v3 Script: 3, 3, 6, 0
Translation:	0x0809 0x04b0
FileVersion:	3, 3, 6, 0
FileDescription:

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 11

FindWindowExW
FindWindowW
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
OutputDebugStringW
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll
ADVAPI32.dll
OLEAUT32.dll
VERSION.dll
WSOCK32.dll
SHELL32.dll
UxTheme.dll
ICMP.DLL
PSAPI.DLL
COMCTL32.dll
ole32.dll
WININET.dll
USER32.dll
USERENV.dll
WINMM.dll
GDI32.dll
MPR.dll
COMDLG32.dll

Strings analysis - Possible IPs found 1

255.255.255.255

Import functions

MPR.dll 4 COMDLG32.dll 2 VERSION.dll 3 OLEAUT32.dll 16 WINMM.dll 3 WININET.dll 14 GDI32.dll 35 SHELL32.dll 14 KERNEL32.dll 166 WSOCK32.dll 22 ADVAPI32.dll 34 PSAPI.DLL 4 USERENV.dll 4 ole32.dll 20 USER32.dll 160 COMCTL32.dll 11

Function	Address	Souspicious	Anti Debug
WNetCancelConnection2W	0x4823f4
WNetGetConnectionW	0x4823f8
WNetAddConnection2W	0x4823fc
WNetUseConnectionW	0x482400

Function	Address	Souspicious	Anti Debug
GetSaveFileNameW	0x4820bc
GetOpenFileNameW	0x4820c0

Function	Address	Souspicious	Anti Debug
VerQueryValueW	0x482734
GetFileVersionInfoW	0x482738
GetFileVersionInfoSizeW	0x48273c

Function	Address	Souspicious	Anti Debug
SafeArrayAllocData	0x482408
SafeArrayAllocDescriptorEx	0x48240c
SysAllocString	0x482410
OleLoadPicture	0x482414
SafeArrayGetVartype	0x482418
SafeArrayDestroyData	0x48241c
SafeArrayAccessData	0x482420
VarR8FromDec	0x482424
VariantTimeToSystemTime	0x482428
VariantClear	0x48242c
VariantCopy	0x482430
VariantInit	0x482434
SafeArrayDestroyDescriptor	0x482438
LoadRegTypeLib	0x48243c
GetActiveObject	0x482440
SafeArrayUnaccessData	0x482444

Function	Address	Souspicious	Anti Debug
timeGetTime	0x482780
waveOutSetVolume	0x482784
mciSendStringW	0x482788

Function	Address	Souspicious	Anti Debug
InternetReadFile	0x482744
InternetCloseHandle	0x482748
InternetOpenW	0x48274c
InternetSetOptionW	0x482750
InternetCrackUrlW	0x482754
HttpQueryInfoW	0x482758
InternetConnectW	0x48275c
HttpOpenRequestW	0x482760
HttpSendRequestW	0x482764
FtpOpenFileW	0x482768
FtpGetFileSize	0x48276c
InternetOpenUrlW	0x482770
InternetQueryOptionW	0x482774
InternetQueryDataAvailable	0x482778

Function	Address	Souspicious	Anti Debug
DeleteObject	0x4820c8
GetObjectW	0x4820cc
GetTextExtentPoint32W	0x4820d0
ExtCreatePen	0x4820d4
StrokeAndFillPath	0x4820d8
StrokePath	0x4820dc
EndPath	0x4820e0
SetPixel	0x4820e4
CloseFigure	0x4820e8
CreateCompatibleBitmap	0x4820ec
CreateCompatibleDC	0x4820f0
SelectObject	0x4820f4
StretchBlt	0x4820f8
GetDIBits	0x4820fc
LineTo	0x482100
AngleArc	0x482104
MoveToEx	0x482108
Ellipse	0x48210c
PolyDraw	0x482110
BeginPath	0x482114
Rectangle	0x482118
GetDeviceCaps	0x48211c
SetBkMode	0x482120
RoundRect	0x482124
SetBkColor	0x482128
CreatePen	0x48212c
CreateSolidBrush	0x482130
SetTextColor	0x482134
CreateFontW	0x482138
GetTextFaceW	0x48213c
GetStockObject	0x482140
CreateDCW	0x482144
GetPixel	0x482148
DeleteDC	0x48214c
SetViewportOrgEx	0x482150

Function	Address	Souspicious	Anti Debug
DragQueryPoint	0x482460
ShellExecuteExW	0x482464
SHGetFolderPathW	0x482468
DragQueryFileW	0x48246c
SHEmptyRecycleBinW	0x482470
SHBrowseForFolderW	0x482474
SHFileOperationW	0x482478
SHGetPathFromIDListW	0x48247c
SHGetDesktopFolder	0x482480
SHGetMalloc	0x482484
ExtractIconExW	0x482488
Shell_NotifyIconW	0x48248c
ShellExecuteW	0x482490
DragFinish	0x482494

Function	Address	Souspicious	Anti Debug
HeapAlloc	0x482158
Sleep	0x48215c
GetCurrentThreadId	0x482160
RaiseException	0x482164
MulDiv	0x482168
GetVersionExW	0x48216c
GetSystemInfo	0x482170
MultiByteToWideChar	0x482174
WideCharToMultiByte	0x482178
GetModuleHandleW	0x48217c
QueryPerformanceCounter	0x482180
VirtualFreeEx	0x482184
OpenProcess	0x482188
VirtualAllocEx	0x48218c
WriteProcessMemory	0x482190
ReadProcessMemory	0x482194
CreateFileW	0x482198
SetFilePointerEx	0x48219c
ReadFile	0x4821a0
WriteFile	0x4821a4
FlushFileBuffers	0x4821a8
TerminateProcess	0x4821ac
CreateToolhelp32Snapshot	0x4821b0
Process32FirstW	0x4821b4
Process32NextW	0x4821b8
SetFileTime	0x4821bc
GetFileAttributesW	0x4821c0
FindFirstFileW	0x4821c4
FindClose	0x4821c8
DeleteFileW	0x4821cc
FindNextFileW	0x4821d0
lstrcmpiW	0x4821d4
MoveFileW	0x4821d8
CopyFileW	0x4821dc
CreateDirectoryW	0x4821e0
RemoveDirectoryW	0x4821e4
SetSystemPowerState	0x4821e8
QueryPerformanceFrequency	0x4821ec
FindResourceW	0x4821f0
LoadResource	0x4821f4
LockResource	0x4821f8
SizeofResource	0x4821fc
GetProcessHeap	0x482200
OutputDebugStringW	0x482204
GetLocalTime	0x482208
CompareStringW	0x48220c
CompareStringA	0x482210
InterlockedIncrement	0x482214
InterlockedDecrement	0x482218
DeleteCriticalSection	0x48221c
EnterCriticalSection	0x482220
LeaveCriticalSection	0x482224
InitializeCriticalSectionAndSpinCount	0x482228
GetStdHandle	0x48222c
CreatePipe	0x482230
InterlockedExchange	0x482234
TerminateThread	0x482238
GetTempPathW	0x48223c
GetTempFileNameW	0x482240
VirtualFree	0x482244
FormatMessageW	0x482248
GetExitCodeProcess	0x48224c
SetErrorMode	0x482250
GetPrivateProfileStringW	0x482254
WritePrivateProfileStringW	0x482258
GetPrivateProfileSectionW	0x48225c
WritePrivateProfileSectionW	0x482260
GetPrivateProfileSectionNamesW	0x482264
FileTimeToLocalFileTime	0x482268
FileTimeToSystemTime	0x48226c
SystemTimeToFileTime	0x482270
LocalFileTimeToFileTime	0x482274
GetDriveTypeW	0x482278
GetDiskFreeSpaceExW	0x48227c
GetDiskFreeSpaceW	0x482280
GetVolumeInformationW	0x482284
SetVolumeLabelW	0x482288
CreateHardLinkW	0x48228c
DeviceIoControl	0x482290
SetFileAttributesW	0x482294
GetShortPathNameW	0x482298
CreateEventW	0x48229c
SetEvent	0x4822a0
GetEnvironmentVariableW	0x4822a4
SetEnvironmentVariableW	0x4822a8
GlobalLock	0x4822ac
GlobalUnlock	0x4822b0
GlobalAlloc	0x4822b4
GetFileSize	0x4822b8
GlobalFree	0x4822bc
GlobalMemoryStatusEx	0x4822c0
Beep	0x4822c4
GetComputerNameW	0x4822c8
GetWindowsDirectoryW	0x4822cc
GetSystemDirectoryW	0x4822d0
GetCurrentProcessId	0x4822d4
GetCurrentThread	0x4822d8
GetProcessIoCounters	0x4822dc
CreateProcessW	0x4822e0
SetPriorityClass	0x4822e4
LoadLibraryW	0x4822e8
VirtualAlloc	0x4822ec
LoadLibraryExW	0x4822f0
HeapFree	0x4822f4
WaitForSingleObject	0x4822f8
CreateThread	0x4822fc
DuplicateHandle	0x482300
GetLastError	0x482304
CloseHandle	0x482308
GetCurrentProcess	0x48230c
GetProcAddress	0x482310
LoadLibraryA	0x482314
FreeLibrary	0x482318
GetModuleFileNameW	0x48231c
GetFullPathNameW	0x482320
ExitProcess	0x482324
ExitThread	0x482328
GetSystemTimeAsFileTime	0x48232c
SetCurrentDirectoryW	0x482330
IsDebuggerPresent	0x482334
GetCurrentDirectoryW	0x482338
ResumeThread	0x48233c
GetStartupInfoW	0x482340
TlsGetValue	0x482344
TlsAlloc	0x482348
TlsSetValue	0x48234c
TlsFree	0x482350
SetLastError	0x482354
HeapSize	0x482358
GetCPInfo	0x48235c
GetACP	0x482360
GetOEMCP	0x482364
IsValidCodePage	0x482368
UnhandledExceptionFilter	0x48236c
SetUnhandledExceptionFilter	0x482370
GetModuleFileNameA	0x482374
HeapReAlloc	0x482378
HeapCreate	0x48237c
SetHandleCount	0x482380
GetFileType	0x482384
GetStartupInfoA	0x482388
SetStdHandle	0x48238c
GetConsoleCP	0x482390
GetConsoleMode	0x482394
LCMapStringW	0x482398
LCMapStringA	0x48239c
RtlUnwind	0x4823a0
SetFilePointer	0x4823a4
GetTimeZoneInformation	0x4823a8
GetTimeFormatA	0x4823ac
GetDateFormatA	0x4823b0
FreeEnvironmentStringsW	0x4823b4
GetEnvironmentStringsW	0x4823b8
GetCommandLineW	0x4823bc
GetTickCount	0x4823c0
GetStringTypeA	0x4823c4
GetStringTypeW	0x4823c8
GetLocaleInfoA	0x4823cc
GetModuleHandleA	0x4823d0
WriteConsoleA	0x4823d4
GetConsoleOutputCP	0x4823d8
WriteConsoleW	0x4823dc
CreateFileA	0x4823e0
SetEndOfFile	0x4823e4
EnumResourceNamesW	0x4823e8
SetEnvironmentVariableA	0x4823ec

Function	Address	Souspicious	Anti Debug
__WSAFDIsSet	0x482790
setsockopt	0x482794
ntohs	0x482798
recvfrom	0x48279c
sendto	0x4827a0
htons	0x4827a4
select	0x4827a8
listen	0x4827ac
WSAStartup	0x4827b0
bind	0x4827b4
closesocket	0x4827b8
connect	0x4827bc
socket	0x4827c0
send	0x4827c4
WSACleanup	0x4827c8
ioctlsocket	0x4827cc
accept	0x4827d0
WSAGetLastError	0x4827d4
inet_addr	0x4827d8
gethostbyname	0x4827dc
gethostname	0x4827e0
recv	0x4827e4

Function	Address	Souspicious	Anti Debug
RegEnumValueW	0x482000
RegDeleteValueW	0x482004
RegDeleteKeyW	0x482008
RegSetValueExW	0x48200c
RegCreateKeyExW	0x482010
GetUserNameW	0x482014
RegConnectRegistryW	0x482018
RegEnumKeyExW	0x48201c
CloseServiceHandle	0x482020
UnlockServiceDatabase	0x482024
LockServiceDatabase	0x482028
OpenSCManagerW	0x48202c
InitiateSystemShutdownExW	0x482030
AdjustTokenPrivileges	0x482034
RegCloseKey	0x482038
RegQueryValueExW	0x48203c
RegOpenKeyExW	0x482040
OpenThreadToken	0x482044
OpenProcessToken	0x482048
LookupPrivilegeValueW	0x48204c
DuplicateTokenEx	0x482050
CreateProcessAsUserW	0x482054
CreateProcessWithLogonW	0x482058
InitializeSecurityDescriptor	0x48205c
InitializeAcl	0x482060
GetLengthSid	0x482064
SetSecurityDescriptorDacl	0x482068
CopySid	0x48206c
LogonUserW	0x482070
GetTokenInformation	0x482074
GetAclInformation	0x482078
GetAce	0x48207c
AddAce	0x482080
GetSecurityDescriptorDacl	0x482084

Function	Address	Souspicious	Anti Debug
EnumProcesses	0x48244c
GetModuleBaseNameW	0x482450
GetProcessMemoryInfo	0x482454
EnumProcessModules	0x482458

Function	Address	Souspicious	Anti Debug
CreateEnvironmentBlock	0x482720
DestroyEnvironmentBlock	0x482724
UnloadUserProfile	0x482728
LoadUserProfileW	0x48272c

Function	Address	Souspicious	Anti Debug
OleSetMenuDescriptor	0x4827ec
MkParseDisplayName	0x4827f0
OleSetContainedObject	0x4827f4
CoInitialize	0x4827f8
CoUninitialize	0x4827fc
CoCreateInstance	0x482800
CreateStreamOnHGlobal	0x482804
CoTaskMemAlloc	0x482808
CoTaskMemFree	0x48280c
CLSIDFromString	0x482810
StringFromCLSID	0x482814
IIDFromString	0x482818
StringFromIID	0x48281c
OleInitialize	0x482820
CreateBindCtx	0x482824
CLSIDFromProgID	0x482828
CoInitializeSecurity	0x48282c
CoCreateInstanceEx	0x482830
CoSetProxyBlanket	0x482834
OleUninitialize	0x482838

Function	Address	Souspicious	Anti Debug
SetWindowPos	0x48249c
GetCursorInfo	0x4824a0
RegisterHotKey	0x4824a4
ClientToScreen	0x4824a8
GetKeyboardLayoutNameW	0x4824ac
IsCharAlphaW	0x4824b0
IsCharAlphaNumericW	0x4824b4
IsCharLowerW	0x4824b8
IsCharUpperW	0x4824bc
GetMenuStringW	0x4824c0
GetSubMenu	0x4824c4
GetCaretPos	0x4824c8
IsZoomed	0x4824cc
MonitorFromPoint	0x4824d0
GetMonitorInfoW	0x4824d4
SetWindowLongW	0x4824d8
SetLayeredWindowAttributes	0x4824dc
FlashWindow	0x4824e0
GetClassLongW	0x4824e4
TranslateAcceleratorW	0x4824e8
IsDialogMessageW	0x4824ec
GetSysColor	0x4824f0
InflateRect	0x4824f4
DrawFocusRect	0x4824f8
DrawTextW	0x4824fc
FrameRect	0x482500
DrawFrameControl	0x482504
FillRect	0x482508
PtInRect	0x48250c
DestroyAcceleratorTable	0x482510
CreateAcceleratorTableW	0x482514
SetCursor	0x482518
GetWindowDC	0x48251c
GetSystemMetrics	0x482520
GetActiveWindow	0x482524
CharNextW	0x482528
wsprintfW	0x48252c
RedrawWindow	0x482530
DrawMenuBar	0x482534
DestroyMenu	0x482538
SetMenu	0x48253c
GetWindowTextLengthW	0x482540
CreateMenu	0x482544
IsDlgButtonChecked	0x482548
DefDlgProcW	0x48254c
ReleaseCapture	0x482550
SetCapture	0x482554
WindowFromPoint	0x482558
CreateIconFromResourceEx	0x48255c
mouse_event	0x482560
ExitWindowsEx	0x482564
SetActiveWindow	0x482568
FindWindowExW	0x48256c
EnumThreadWindows	0x482570
SetMenuDefaultItem	0x482574
InsertMenuItemW	0x482578
IsMenu	0x48257c
TrackPopupMenuEx	0x482580
GetCursorPos	0x482584
DeleteMenu	0x482588
CheckMenuRadioItem	0x48258c
CopyImage	0x482590
GetMenuItemCount	0x482594
SetMenuItemInfoW	0x482598
GetMenuItemInfoW	0x48259c
SetForegroundWindow	0x4825a0
IsIconic	0x4825a4
FindWindowW	0x4825a8
SystemParametersInfoW	0x4825ac
PeekMessageW	0x4825b0
SendInput	0x4825b4
GetAsyncKeyState	0x4825b8
SetKeyboardState	0x4825bc
GetKeyboardState	0x4825c0
GetKeyState	0x4825c4
VkKeyScanW	0x4825c8
LoadStringW	0x4825cc
DialogBoxParamW	0x4825d0
MessageBeep	0x4825d4
EndDialog	0x4825d8
SendDlgItemMessageW	0x4825dc
GetDlgItem	0x4825e0
SetWindowTextW	0x4825e4
CopyRect	0x4825e8
ReleaseDC	0x4825ec
GetDC	0x4825f0
EndPaint	0x4825f4
BeginPaint	0x4825f8
GetClientRect	0x4825fc
GetMenu	0x482600
DestroyWindow	0x482604
EnumWindows	0x482608
GetDesktopWindow	0x48260c
IsWindow	0x482610
IsWindowEnabled	0x482614
IsWindowVisible	0x482618
EnableWindow	0x48261c
InvalidateRect	0x482620
GetWindowThreadProcessId	0x482624
AttachThreadInput	0x482628
GetFocus	0x48262c
GetWindowTextW	0x482630
ScreenToClient	0x482634
SendMessageTimeoutW	0x482638
EnumChildWindows	0x48263c
CharUpperBuffW	0x482640
GetClassNameW	0x482644
GetParent	0x482648
GetDlgCtrlID	0x48264c
SendMessageW	0x482650
MapVirtualKeyW	0x482654
PostMessageW	0x482658
GetWindowRect	0x48265c
SetUserObjectSecurity	0x482660
GetUserObjectSecurity	0x482664
CloseDesktop	0x482668
CloseWindowStation	0x48266c
OpenDesktopW	0x482670
SetProcessWindowStation	0x482674
GetProcessWindowStation	0x482678
OpenWindowStationW	0x48267c
MessageBoxW	0x482680
DefWindowProcW	0x482684
MoveWindow	0x482688
AdjustWindowRectEx	0x48268c
SetRect	0x482690
SetClipboardData	0x482694
EmptyClipboard	0x482698
CountClipboardFormats	0x48269c
CloseClipboard	0x4826a0
GetClipboardData	0x4826a4
IsClipboardFormatAvailable	0x4826a8
OpenClipboard	0x4826ac
BlockInput	0x4826b0
GetMessageW	0x4826b4
LockWindowUpdate	0x4826b8
DispatchMessageW	0x4826bc
GetMenuItemID	0x4826c0
TranslateMessage	0x4826c4
SetFocus	0x4826c8
PostQuitMessage	0x4826cc
KillTimer	0x4826d0
CreatePopupMenu	0x4826d4
RegisterWindowMessageW	0x4826d8
SetTimer	0x4826dc
ShowWindow	0x4826e0
CreateWindowExW	0x4826e4
RegisterClassExW	0x4826e8
LoadIconW	0x4826ec
LoadCursorW	0x4826f0
GetSysColorBrush	0x4826f4
GetForegroundWindow	0x4826f8
MessageBoxA	0x4826fc
DestroyIcon	0x482700
UnregisterHotKey	0x482704
CharLowerBuffW	0x482708
MonitorFromRect	0x48270c
keybd_event	0x482710
LoadImageW	0x482714
GetWindowLongW	0x482718

Function	Address	Souspicious	Anti Debug
ImageList_Remove	0x48208c
ImageList_SetDragCursorImage	0x482090
ImageList_BeginDrag	0x482094
ImageList_DragEnter	0x482098
ImageList_DragLeave	0x48209c
ImageList_EndDrag	0x4820a0
ImageList_DragMove	0x4820a4
ImageList_ReplaceIcon	0x4820a8
ImageList_Create	0x4820ac
InitCommonControlsEx	0x4820b0
ImageList_Destroy	0x4820b4

Name	Latest seen	MD5
taskhostw.exe	2024-10-06 21:37:03	d515411b9a3c0d9fb13b9c6a928a7fd0
taskhostw.exe	2024-10-07 06:33:04	822a424b469a4aec464f209d49dd072f
taskhostw.exe	2024-10-07 16:57:05	58ff14d476f2bbaab31b12587c09559e
nggeejan22.exe	2024-10-09 15:26:02	40a93e64a968a16b5139e7a5e4836353
ngown.exe	2024-10-09 15:28:02	1ea3b00d00461c1ee3c576e21dcda173
GSAutoClicker.exe?ex=670c8e24&is=670b3ca4&hm=51be56320789350c63b80ba15ac4b60b6b739c1094dae83636c4b1e5bb776c07&	2024-10-13 19:43:01	6862f65be14fd3ce88086ec79777db6e
taskhostsw.exe	2024-10-14 21:13:03	b072f78321c660283d46e104ae677220
taskhostw.exe	2024-10-15 10:34:03	3e2f27edd3deacd8f08f6ed1133b2040
taskhostw.exe	2024-10-16 23:06:03	daaa8ac3995fb610eda2e52a639d191f