winmm.dll

Description: https://github.com/acidicoala/Koaloader

Authors: Fuck the copyright \ud83d\udd95

Version: 2.3.1.0

Architecture: 64-bit

Operating System: Windows NT

SHA256: 0687b079681af26a85058dff8d5cfaba

File Size: 2.2 MB

Uploaded At: May 14, 2026, 9:12 p.m.

Views: 40

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory

Exported Functions

  • CloseDriver (Ordinal: 1, Address: 0x2126d0)
  • DefDriverProc (Ordinal: 2, Address: 0x212704)
  • DllMain (Ordinal: 3, Address: 0x2e360)
  • DriverCallback (Ordinal: 4, Address: 0x212743)
  • DrvGetModuleHandle (Ordinal: 5, Address: 0x21277f)
  • GetDriverModuleHandle (Ordinal: 6, Address: 0x2127c2)
  • OpenDriver (Ordinal: 7, Address: 0x2127fd)
  • PlaySound (Ordinal: 8, Address: 0x21282c)
  • PlaySoundA (Ordinal: 9, Address: 0x21285b)
  • PlaySoundW (Ordinal: 10, Address: 0x21288b)
  • SendDriverMessage (Ordinal: 11, Address: 0x2128c2)
  • WOWAppExit (Ordinal: 12, Address: 0x2128f9)
  • auxGetDevCapsA (Ordinal: 13, Address: 0x21292d)
  • auxGetDevCapsW (Ordinal: 14, Address: 0x212965)
  • auxGetNumDevs (Ordinal: 15, Address: 0x21299c)
  • auxGetVolume (Ordinal: 16, Address: 0x2129d1)
  • auxOutMessage (Ordinal: 17, Address: 0x212a06)
  • auxSetVolume (Ordinal: 18, Address: 0x212a3b)
  • joyConfigChanged (Ordinal: 19, Address: 0x212a73)
  • joyGetDevCapsA (Ordinal: 20, Address: 0x212aad)
  • joyGetDevCapsW (Ordinal: 21, Address: 0x212ae5)
  • joyGetNumDevs (Ordinal: 22, Address: 0x212b1c)
  • joyGetPos (Ordinal: 23, Address: 0x212b4e)
  • joyGetPosEx (Ordinal: 24, Address: 0x212b7e)
  • joyGetThreshold (Ordinal: 25, Address: 0x212bb4)
  • joyReleaseCapture (Ordinal: 26, Address: 0x212bf0)
  • joySetCapture (Ordinal: 27, Address: 0x212c2a)
  • joySetThreshold (Ordinal: 28, Address: 0x212c62)
  • mciDriverNotify (Ordinal: 29, Address: 0x212c9c)
  • mciDriverYield (Ordinal: 30, Address: 0x212cd5)
  • mciExecute (Ordinal: 31, Address: 0x212d09)
  • mciFreeCommandResource (Ordinal: 32, Address: 0x212d45)
  • mciGetCreatorTask (Ordinal: 33, Address: 0x212d88)
  • mciGetDeviceIDA (Ordinal: 34, Address: 0x212dc4)
  • mciGetDeviceIDFromElementIDA (Ordinal: 35, Address: 0x212e0b)
  • mciGetDeviceIDFromElementIDW (Ordinal: 36, Address: 0x212e5f)
  • mciGetDeviceIDW (Ordinal: 37, Address: 0x212ea6)
  • mciGetDriverData (Ordinal: 38, Address: 0x212ee1)
  • mciGetErrorStringA (Ordinal: 39, Address: 0x212f1f)
  • mciGetErrorStringW (Ordinal: 40, Address: 0x212f5f)
  • mciGetYieldProc (Ordinal: 41, Address: 0x212f9c)
  • mciLoadCommandResource (Ordinal: 42, Address: 0x212fdd)
  • mciSendCommandA (Ordinal: 43, Address: 0x21301e)
  • mciSendCommandW (Ordinal: 44, Address: 0x213058)
  • mciSendStringA (Ordinal: 45, Address: 0x213091)
  • mciSendStringW (Ordinal: 46, Address: 0x2130c9)
  • mciSetDriverData (Ordinal: 47, Address: 0x213103)
  • mciSetYieldProc (Ordinal: 48, Address: 0x21313e)
  • midiConnect (Ordinal: 49, Address: 0x213174)
  • midiDisconnect (Ordinal: 50, Address: 0x2131a9)
  • midiInAddBuffer (Ordinal: 51, Address: 0x2131e2)
  • midiInClose (Ordinal: 52, Address: 0x213218)
  • midiInGetDevCapsA (Ordinal: 53, Address: 0x213250)
  • midiInGetDevCapsW (Ordinal: 54, Address: 0x21328e)
  • midiInGetErrorTextA (Ordinal: 55, Address: 0x2132ce)
  • midiInGetErrorTextW (Ordinal: 56, Address: 0x213310)
  • midiInGetID (Ordinal: 57, Address: 0x21334a)
  • midiInGetNumDevs (Ordinal: 58, Address: 0x213381)
  • midiInMessage (Ordinal: 59, Address: 0x2133ba)
  • midiInOpen (Ordinal: 60, Address: 0x2133ed)
  • midiInPrepareHeader (Ordinal: 61, Address: 0x213426)
  • midiInReset (Ordinal: 62, Address: 0x213460)
  • midiInStart (Ordinal: 63, Address: 0x213492)
  • midiInStop (Ordinal: 64, Address: 0x2134c3)
  • midiInUnprepareHeader (Ordinal: 65, Address: 0x2134fe)
  • midiOutCacheDrumPatches (Ordinal: 66, Address: 0x213546)
  • midiOutCachePatches (Ordinal: 67, Address: 0x21358c)
  • midiOutClose (Ordinal: 68, Address: 0x2135c7)
  • midiOutGetDevCapsA (Ordinal: 69, Address: 0x213601)
  • midiOutGetDevCapsW (Ordinal: 70, Address: 0x213641)
  • midiOutGetErrorTextA (Ordinal: 71, Address: 0x213683)
  • midiOutGetErrorTextW (Ordinal: 72, Address: 0x2136c7)
  • midiOutGetID (Ordinal: 73, Address: 0x213703)
  • midiOutGetNumDevs (Ordinal: 74, Address: 0x21373c)
  • midiOutGetVolume (Ordinal: 75, Address: 0x213779)
  • midiOutLongMsg (Ordinal: 76, Address: 0x2137b3)
  • midiOutMessage (Ordinal: 77, Address: 0x2137eb)
  • midiOutOpen (Ordinal: 78, Address: 0x213820)
  • midiOutPrepareHeader (Ordinal: 79, Address: 0x21385b)
  • midiOutReset (Ordinal: 80, Address: 0x213897)
  • midiOutSetVolume (Ordinal: 81, Address: 0x2138cf)
  • midiOutShortMsg (Ordinal: 82, Address: 0x21390a)
  • midiOutUnprepareHeader (Ordinal: 83, Address: 0x21394b)
  • midiStreamClose (Ordinal: 84, Address: 0x21398c)
  • midiStreamOpen (Ordinal: 85, Address: 0x2139c5)
  • midiStreamOut (Ordinal: 86, Address: 0x2139fc)
  • midiStreamPause (Ordinal: 87, Address: 0x213a34)
  • midiStreamPosition (Ordinal: 88, Address: 0x213a71)
  • midiStreamProperty (Ordinal: 89, Address: 0x213ab1)
  • midiStreamRestart (Ordinal: 90, Address: 0x213af0)
  • midiStreamStop (Ordinal: 91, Address: 0x213b2b)
  • mixerClose (Ordinal: 92, Address: 0x213b5f)
  • mixerGetControlDetailsA (Ordinal: 93, Address: 0x213b9c)
  • mixerGetControlDetailsW (Ordinal: 94, Address: 0x213be6)
  • mixerGetDevCapsA (Ordinal: 95, Address: 0x213c29)
  • mixerGetDevCapsW (Ordinal: 96, Address: 0x213c65)
  • mixerGetID (Ordinal: 97, Address: 0x213c9b)
  • mixerGetLineControlsA (Ordinal: 98, Address: 0x213cd6)
  • mixerGetLineControlsW (Ordinal: 99, Address: 0x213d1c)
  • mixerGetLineInfoA (Ordinal: 100, Address: 0x213d5e)
  • mixerGetLineInfoW (Ordinal: 101, Address: 0x213d9c)
  • mixerGetNumDevs (Ordinal: 102, Address: 0x213dd8)
  • mixerMessage (Ordinal: 103, Address: 0x213e0f)
  • mixerOpen (Ordinal: 104, Address: 0x213e40)
  • mixerSetControlDetails (Ordinal: 105, Address: 0x213e7b)
  • mmDrvInstall (Ordinal: 106, Address: 0x213eb9)
  • mmGetCurrentTask (Ordinal: 107, Address: 0x213ef1)
  • mmTaskBlock (Ordinal: 108, Address: 0x213f28)
  • mmTaskCreate (Ordinal: 109, Address: 0x213f5b)
  • mmTaskSignal (Ordinal: 110, Address: 0x213f8f)
  • mmTaskYield (Ordinal: 111, Address: 0x213fc2)
  • mmioAdvance (Ordinal: 112, Address: 0x213ff4)
  • mmioAscend (Ordinal: 113, Address: 0x214025)
  • mmioClose (Ordinal: 114, Address: 0x214054)
  • mmioCreateChunk (Ordinal: 115, Address: 0x214088)
  • mmioDescend (Ordinal: 116, Address: 0x2140be)
  • mmioFlush (Ordinal: 117, Address: 0x2140ee)
  • mmioGetInfo (Ordinal: 118, Address: 0x21411e)
  • mmioInstallIOProcA (Ordinal: 119, Address: 0x214157)
  • mmioInstallIOProcW (Ordinal: 120, Address: 0x214197)
  • mmioOpenA (Ordinal: 121, Address: 0x2141ce)
  • mmioOpenW (Ordinal: 122, Address: 0x2141fc)
  • mmioRead (Ordinal: 123, Address: 0x214229)
  • mmioRenameA (Ordinal: 124, Address: 0x214258)
  • mmioRenameW (Ordinal: 125, Address: 0x21428a)
  • mmioSeek (Ordinal: 126, Address: 0x2142b9)
  • mmioSendMessage (Ordinal: 127, Address: 0x2142ec)
  • mmioSetBuffer (Ordinal: 128, Address: 0x214324)
  • mmioSetInfo (Ordinal: 129, Address: 0x214358)
  • mmioStringToFOURCCA (Ordinal: 130, Address: 0x214392)
  • mmioStringToFOURCCW (Ordinal: 131, Address: 0x2143d4)
  • mmioWrite (Ordinal: 132, Address: 0x21440c)
  • mmsystemGetVersion (Ordinal: 133, Address: 0x214443)
  • sndPlaySoundA (Ordinal: 134, Address: 0x21447e)
  • sndPlaySoundW (Ordinal: 135, Address: 0x2144b4)
  • timeBeginPeriod (Ordinal: 136, Address: 0x2144ec)
  • timeEndPeriod (Ordinal: 137, Address: 0x214524)
  • timeGetDevCaps (Ordinal: 138, Address: 0x21455b)
  • timeGetSystemTime (Ordinal: 139, Address: 0x214596)
  • timeGetTime (Ordinal: 140, Address: 0x2145ce)
  • timeKillEvent (Ordinal: 141, Address: 0x214602)
  • timeSetEvent (Ordinal: 142, Address: 0x214637)
  • waveInAddBuffer (Ordinal: 143, Address: 0x21466e)
  • waveInClose (Ordinal: 144, Address: 0x2146a4)
  • waveInGetDevCapsA (Ordinal: 145, Address: 0x2146dc)
  • waveInGetDevCapsW (Ordinal: 146, Address: 0x21471a)
  • waveInGetErrorTextA (Ordinal: 147, Address: 0x21475a)
  • waveInGetErrorTextW (Ordinal: 148, Address: 0x21479c)
  • waveInGetID (Ordinal: 149, Address: 0x2147d6)
  • waveInGetNumDevs (Ordinal: 150, Address: 0x21480d)
  • waveInGetPosition (Ordinal: 151, Address: 0x21484a)
  • waveInMessage (Ordinal: 152, Address: 0x214884)
  • waveInOpen (Ordinal: 153, Address: 0x2148b7)
  • waveInPrepareHeader (Ordinal: 154, Address: 0x2148f0)
  • waveInReset (Ordinal: 155, Address: 0x21492a)
  • waveInStart (Ordinal: 156, Address: 0x21495c)
  • waveInStop (Ordinal: 157, Address: 0x21498d)
  • waveInUnprepareHeader (Ordinal: 158, Address: 0x2149c8)
  • waveOutBreakLoop (Ordinal: 159, Address: 0x214a09)
  • waveOutClose (Ordinal: 160, Address: 0x214a41)
  • waveOutGetDevCapsA (Ordinal: 161, Address: 0x214a7b)
  • waveOutGetDevCapsW (Ordinal: 162, Address: 0x214abb)
  • waveOutGetErrorTextA (Ordinal: 163, Address: 0x214afd)
  • waveOutGetErrorTextW (Ordinal: 164, Address: 0x214b41)
  • waveOutGetID (Ordinal: 165, Address: 0x214b7d)
  • waveOutGetNumDevs (Ordinal: 166, Address: 0x214bb6)
  • waveOutGetPitch (Ordinal: 167, Address: 0x214bf2)
  • waveOutGetPlaybackRate (Ordinal: 168, Address: 0x214c33)
  • waveOutGetPosition (Ordinal: 169, Address: 0x214c77)
  • waveOutGetVolume (Ordinal: 170, Address: 0x214cb5)
  • waveOutMessage (Ordinal: 171, Address: 0x214cef)
  • waveOutOpen (Ordinal: 172, Address: 0x214d24)
  • waveOutPause (Ordinal: 173, Address: 0x214d57)
  • waveOutPrepareHeader (Ordinal: 174, Address: 0x214d93)
  • waveOutReset (Ordinal: 175, Address: 0x214dcf)
  • waveOutRestart (Ordinal: 176, Address: 0x214e05)
  • waveOutSetPitch (Ordinal: 177, Address: 0x214e3e)
  • waveOutSetPlaybackRate (Ordinal: 178, Address: 0x214e7f)
  • waveOutSetVolume (Ordinal: 179, Address: 0x214ec1)
  • waveOutUnprepareHeader (Ordinal: 180, Address: 0x214f03)
  • waveOutWrite (Ordinal: 181, Address: 0x214f41)

Imported DLLs & Functions

KERNEL32.dll
  • AcquireSRWLockExclusive (Address: 0x180160308)
  • AreFileApisANSI (Address: 0x1801602b8)
  • CloseHandle (Address: 0x1801600b0)
  • CloseThreadpoolTimer (Address: 0x180160408)
  • CloseThreadpoolWait (Address: 0x180160420)
  • CloseThreadpoolWork (Address: 0x1801603e8)
  • CompareStringEx (Address: 0x180160428)
  • CompareStringW (Address: 0x180160508)
  • CopyFileW (Address: 0x1801602d0)
  • CreateDirectoryExW (Address: 0x1801602c8)
  • CreateDirectoryW (Address: 0x180160230)
  • CreateEventExW (Address: 0x1801603a8)
  • CreateEventW (Address: 0x1801601a8)
  • CreateFileMappingW (Address: 0x1801600b8)
  • CreateFileW (Address: 0x180160238)
  • CreateHardLinkW (Address: 0x1801602e0)
  • CreateSemaphoreExW (Address: 0x1801603b0)
  • CreateSymbolicLinkW (Address: 0x1801602f0)
  • CreateThread (Address: 0x1801604c0)
  • CreateThreadpoolTimer (Address: 0x1801603f0)
  • CreateThreadpoolWait (Address: 0x180160410)
  • CreateThreadpoolWork (Address: 0x1801603d8)
  • DecodePointer (Address: 0x180160370)
  • DeleteCriticalSection (Address: 0x1801600e8)
  • DeleteFileW (Address: 0x180160590)
  • DeviceIoControl (Address: 0x1801602c0)
  • DisableThreadLibraryCalls (Address: 0x180160000)
  • EncodePointer (Address: 0x180160368)
  • EnterCriticalSection (Address: 0x1801600d8)
  • EnumSystemLocalesW (Address: 0x180160530)
  • ExitProcess (Address: 0x1801604a0)
  • ExitThread (Address: 0x1801604c8)
  • FindClose (Address: 0x180160240)
  • FindFirstFileExW (Address: 0x180160248)
  • FindNextFileW (Address: 0x180160250)
  • FlsAlloc (Address: 0x180160380)
  • FlsFree (Address: 0x180160398)
  • FlsGetValue (Address: 0x180160388)
  • FlsSetValue (Address: 0x180160390)
  • FlushFileBuffers (Address: 0x180160538)
  • FlushProcessWriteBuffers (Address: 0x1801603b8)
  • FormatMessageA (Address: 0x180160218)
  • FormatMessageW (Address: 0x180160060)
  • FreeEnvironmentStringsW (Address: 0x180160170)
  • FreeLibrary (Address: 0x180160038)
  • FreeLibraryAndExitThread (Address: 0x1801604d8)
  • FreeLibraryWhenCallbackReturns (Address: 0x1801603d0)
  • GetACP (Address: 0x180160570)
  • GetCommandLineA (Address: 0x180160598)
  • GetCommandLineW (Address: 0x180160180)
  • GetConsoleMode (Address: 0x180160130)
  • GetConsoleOutputCP (Address: 0x180160540)
  • GetConsoleScreenBufferInfo (Address: 0x180160140)
  • GetCPInfo (Address: 0x180160430)
  • GetCurrentDirectoryW (Address: 0x180160228)
  • GetCurrentProcess (Address: 0x180160020)
  • GetCurrentProcessId (Address: 0x180160108)
  • GetCurrentProcessorNumber (Address: 0x1801603c0)
  • GetCurrentThread (Address: 0x1801604e0)
  • GetCurrentThreadId (Address: 0x180160110)
  • GetDateFormatW (Address: 0x1801604f8)
  • GetDiskFreeSpaceExW (Address: 0x180160258)
  • GetDynamicTimeZoneInformation (Address: 0x180160118)
  • GetEnvironmentStringsW (Address: 0x180160178)
  • GetExitCodeThread (Address: 0x180160330)
  • GetFileAttributesA (Address: 0x1801600f8)
  • GetFileAttributesExW (Address: 0x180160268)
  • GetFileAttributesW (Address: 0x180160260)
  • GetFileInformationByHandle (Address: 0x180160270)
  • GetFileInformationByHandleEx (Address: 0x1801602e8)
  • GetFileSizeEx (Address: 0x180160550)
  • GetFileType (Address: 0x1801604b8)
  • GetFinalPathNameByHandleW (Address: 0x180160278)
  • GetFullPathNameW (Address: 0x180160280)
  • GetLastError (Address: 0x180160008)
  • GetLocaleInfoEx (Address: 0x180160438)
  • GetLocaleInfoW (Address: 0x180160518)
  • GetModuleFileNameW (Address: 0x180160040)
  • GetModuleHandleExW (Address: 0x1801604a8)
  • GetModuleHandleW (Address: 0x180160048)
  • GetNativeSystemInfo (Address: 0x180160338)
  • GetOEMCP (Address: 0x180160578)
  • GetProcAddress (Address: 0x180160050)
  • GetProcessHeap (Address: 0x180160160)
  • GetStartupInfoW (Address: 0x1801601e0)
  • GetStdHandle (Address: 0x180160120)
  • GetStringTypeW (Address: 0x180160440)
  • GetSystemDirectoryW (Address: 0x180160028)
  • GetSystemInfo (Address: 0x180160080)
  • GetSystemTimeAsFileTime (Address: 0x180160200)
  • GetTempPathW (Address: 0x1801602b0)
  • GetTickCount64 (Address: 0x1801603c8)
  • GetTimeFormatW (Address: 0x180160500)
  • GetTimeZoneInformation (Address: 0x180160588)
  • GetUserDefaultLCID (Address: 0x180160528)
  • HeapAlloc (Address: 0x1801604f0)
  • HeapFree (Address: 0x1801604e8)
  • HeapReAlloc (Address: 0x180160560)
  • HeapSize (Address: 0x180160150)
  • InitializeConditionVariable (Address: 0x180160340)
  • InitializeCriticalSection (Address: 0x1801600d0)
  • InitializeCriticalSectionAndSpinCount (Address: 0x180160188)
  • InitializeCriticalSectionEx (Address: 0x180160310)
  • InitializeSListHead (Address: 0x180160208)
  • InitializeSRWLock (Address: 0x1801602f8)
  • InitOnceExecuteOnce (Address: 0x1801603a0)
  • InterlockedFlushSList (Address: 0x180160468)
  • InterlockedPushEntrySList (Address: 0x180160460)
  • IsDebuggerPresent (Address: 0x1801601c8)
  • IsProcessorFeaturePresent (Address: 0x1801601e8)
  • IsValidCodePage (Address: 0x180160568)
  • IsValidLocale (Address: 0x180160520)
  • K32GetModuleInformation (Address: 0x180160068)
  • LCMapStringEx (Address: 0x180160378)
  • LCMapStringW (Address: 0x180160510)
  • LeaveCriticalSection (Address: 0x1801600e0)
  • LoadLibraryA (Address: 0x1801600a0)
  • LoadLibraryExW (Address: 0x180160498)
  • LoadLibraryW (Address: 0x180160058)
  • LocalFree (Address: 0x180160210)
  • MapViewOfFile (Address: 0x1801600c0)
  • MoveFileExW (Address: 0x1801602d8)
  • MultiByteToWideChar (Address: 0x180160010)
  • OutputDebugStringA (Address: 0x1801600a8)
  • OutputDebugStringW (Address: 0x180160158)
  • QueryPerformanceCounter (Address: 0x1801601f8)
  • QueryPerformanceFrequency (Address: 0x180160320)
  • RaiseException (Address: 0x180160450)
  • ReadConsoleW (Address: 0x180160558)
  • ReadFile (Address: 0x180160548)
  • ReadProcessMemory (Address: 0x180160078)
  • ReleaseSRWLockExclusive (Address: 0x180160300)
  • ResetEvent (Address: 0x180160198)
  • ResumeThread (Address: 0x1801604d0)
  • RtlCaptureContext (Address: 0x1801601b0)
  • RtlLookupFunctionEntry (Address: 0x1801601b8)
  • RtlPcToFileHeader (Address: 0x180160448)
  • RtlUnwind (Address: 0x1801605a0)
  • RtlUnwindEx (Address: 0x180160458)
  • RtlVirtualUnwind (Address: 0x1801601c0)
  • SetConsoleCtrlHandler (Address: 0x180160580)
  • SetConsoleTextAttribute (Address: 0x180160148)
  • SetCurrentDirectoryW (Address: 0x180160220)
  • SetEndOfFile (Address: 0x180160288)
  • SetEnvironmentVariableW (Address: 0x180160168)
  • SetEvent (Address: 0x180160190)
  • SetFileAttributesW (Address: 0x180160290)
  • SetFileInformationByHandle (Address: 0x180160298)
  • SetFilePointerEx (Address: 0x1801602a0)
  • SetFileTime (Address: 0x1801602a8)
  • SetLastError (Address: 0x180160470)
  • SetStdHandle (Address: 0x1801604b0)
  • SetThreadpoolTimer (Address: 0x1801603f8)
  • SetThreadpoolWait (Address: 0x180160418)
  • SetUnhandledExceptionFilter (Address: 0x1801601d8)
  • Sleep (Address: 0x180160100)
  • SleepConditionVariableCS (Address: 0x180160358)
  • SleepConditionVariableSRW (Address: 0x180160360)
  • SubmitThreadpoolWork (Address: 0x1801603e0)
  • SwitchToThread (Address: 0x180160328)
  • TerminateProcess (Address: 0x1801601f0)
  • TlsAlloc (Address: 0x180160478)
  • TlsFree (Address: 0x180160490)
  • TlsGetValue (Address: 0x180160480)
  • TlsSetValue (Address: 0x180160488)
  • TryEnterCriticalSection (Address: 0x180160318)
  • UnhandledExceptionFilter (Address: 0x1801601d0)
  • UnmapViewOfFile (Address: 0x1801600c8)
  • VirtualAlloc (Address: 0x180160088)
  • VirtualFree (Address: 0x180160090)
  • VirtualProtect (Address: 0x180160070)
  • VirtualQuery (Address: 0x180160098)
  • WaitForSingleObjectEx (Address: 0x1801601a0)
  • WaitForThreadpoolTimerCallbacks (Address: 0x180160400)
  • WakeAllConditionVariable (Address: 0x180160350)
  • WakeConditionVariable (Address: 0x180160348)
  • WideCharToMultiByte (Address: 0x180160018)
  • WriteConsoleA (Address: 0x180160138)
  • WriteConsoleW (Address: 0x1801600f0)
  • WriteFile (Address: 0x180160128)
  • WriteProcessMemory (Address: 0x180160030)
USER32.dll
  • MessageBoxW (Address: 0x1801605b0)
VERSION.dll
  • GetFileVersionInfoSizeW (Address: 0x1801605c0)
  • GetFileVersionInfoW (Address: 0x1801605c8)
  • VerQueryValueW (Address: 0x1801605d0)