ScreenShot
Created | 2021.06.03 07:37 | Machine | s1_win7_x6402 |
Filename | mimikatz.exe | ||
Type | PE32+ executable (console) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 40 detected (malicious, high confidence, Mimikatz, HackTool, S13719268, Eldorado, MiscX, Mimkatz, HKTL, MIMIKATZ64, HTool, AGEN, score, R348743, ai score=88, CLOUD, Static AI, Malicious PE, HackingTool, confidence) | ||
md5 | 8d0a0f482090df08b986c7389c1401c2 | ||
sha256 | 3e02e94e3ecb5d77415c25ee7ecece24953b4d7bd21bf9f9e3413ffbdad472d2 | ||
ssdeep | 24576:mAyji7jTOAINRX6b0kKJIPn7DLHbJkejwtsMn+0UHbwW1FzRkUNpXg:mAyjiKOK6nHhfstsuEHhFzR/Dg | ||
imphash | c6431e6f73792143e85707738705ec33 | ||
impfuzzy | 192:lUQG990nAxXLi2gdguGIOVWLPWGXbc2oQJqUQI/F/S2BaGZ1/yW6uiqv:lSmeLi2vA9/ffF/So1/yW6Bo |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
watch | Communicates with host for which no DNS query was performed |
info | Checks amount of memory in system |
info | Command line console output was observed |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsPE64 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1400cd000 CryptSetHashParam
0x1400cd008 CryptGetHashParam
0x1400cd010 CryptExportKey
0x1400cd018 CryptAcquireContextW
0x1400cd020 CryptSetKeyParam
0x1400cd028 CryptGetKeyParam
0x1400cd030 CryptReleaseContext
0x1400cd038 CryptDuplicateKey
0x1400cd040 CryptAcquireContextA
0x1400cd048 CryptGetProvParam
0x1400cd050 CryptImportKey
0x1400cd058 SystemFunction007
0x1400cd060 CryptEncrypt
0x1400cd068 CryptCreateHash
0x1400cd070 CryptGenKey
0x1400cd078 CryptDestroyKey
0x1400cd080 CryptDecrypt
0x1400cd088 CryptDestroyHash
0x1400cd090 CryptHashData
0x1400cd098 CopySid
0x1400cd0a0 GetLengthSid
0x1400cd0a8 LsaQueryInformationPolicy
0x1400cd0b0 LsaOpenPolicy
0x1400cd0b8 LsaClose
0x1400cd0c0 CreateWellKnownSid
0x1400cd0c8 CreateProcessWithLogonW
0x1400cd0d0 CreateProcessAsUserW
0x1400cd0d8 RegQueryValueExW
0x1400cd0e0 RegQueryInfoKeyW
0x1400cd0e8 RegEnumValueW
0x1400cd0f0 RegOpenKeyExW
0x1400cd0f8 RegEnumKeyExW
0x1400cd100 RegCloseKey
0x1400cd108 RegSetValueExW
0x1400cd110 SystemFunction033
0x1400cd118 SystemFunction032
0x1400cd120 ConvertSidToStringSidW
0x1400cd128 CreateServiceW
0x1400cd130 CloseServiceHandle
0x1400cd138 DeleteService
0x1400cd140 OpenSCManagerW
0x1400cd148 SetServiceObjectSecurity
0x1400cd150 OpenServiceW
0x1400cd158 BuildSecurityDescriptorW
0x1400cd160 QueryServiceObjectSecurity
0x1400cd168 StartServiceW
0x1400cd170 AllocateAndInitializeSid
0x1400cd178 QueryServiceStatusEx
0x1400cd180 FreeSid
0x1400cd188 ControlService
0x1400cd190 IsTextUnicode
0x1400cd198 OpenProcessToken
0x1400cd1a0 GetTokenInformation
0x1400cd1a8 LookupAccountNameW
0x1400cd1b0 LookupAccountSidW
0x1400cd1b8 DuplicateTokenEx
0x1400cd1c0 CheckTokenMembership
0x1400cd1c8 CryptSetProvParam
0x1400cd1d0 CryptEnumProvidersW
0x1400cd1d8 ConvertStringSidToSidW
0x1400cd1e0 LsaFreeMemory
0x1400cd1e8 GetSidSubAuthority
0x1400cd1f0 GetSidSubAuthorityCount
0x1400cd1f8 IsValidSid
0x1400cd200 SetThreadToken
0x1400cd208 CryptEnumProviderTypesW
0x1400cd210 SystemFunction006
0x1400cd218 CryptGetUserKey
0x1400cd220 OpenEventLogW
0x1400cd228 GetNumberOfEventLogRecords
0x1400cd230 ClearEventLogW
0x1400cd238 SystemFunction001
0x1400cd240 CryptDeriveKey
0x1400cd248 SystemFunction005
0x1400cd250 LsaQueryTrustedDomainInfoByName
0x1400cd258 CryptSignHashW
0x1400cd260 LsaSetSecret
0x1400cd268 SystemFunction023
0x1400cd270 LsaOpenSecret
0x1400cd278 LsaQuerySecret
0x1400cd280 LsaRetrievePrivateData
0x1400cd288 LsaEnumerateTrustedDomainsEx
0x1400cd290 LookupPrivilegeValueW
0x1400cd298 StartServiceCtrlDispatcherW
0x1400cd2a0 SetServiceStatus
0x1400cd2a8 RegisterServiceCtrlHandlerW
0x1400cd2b0 LookupPrivilegeNameW
0x1400cd2b8 OpenThreadToken
0x1400cd2c0 EqualSid
0x1400cd2c8 CredFree
0x1400cd2d0 CredEnumerateW
0x1400cd2d8 SystemFunction026
0x1400cd2e0 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x1400cd2e8 SystemFunction027
0x1400cd2f0 CredIsMarshaledCredentialW
0x1400cd2f8 CredUnmarshalCredentialW
Cabinet.dll
0x1400cd3e0 None
0x1400cd3e8 None
0x1400cd3f0 None
0x1400cd3f8 None
CRYPT32.dll
0x1400cd308 CryptSignAndEncodeCertificate
0x1400cd310 CertEnumSystemStore
0x1400cd318 CertEnumCertificatesInStore
0x1400cd320 CertAddCertificateContextToStore
0x1400cd328 CryptDecodeObjectEx
0x1400cd330 CryptStringToBinaryA
0x1400cd338 CertAddEncodedCertificateToStore
0x1400cd340 CertOpenStore
0x1400cd348 CertFreeCertificateContext
0x1400cd350 CertCloseStore
0x1400cd358 CryptStringToBinaryW
0x1400cd360 CertSetCertificateContextProperty
0x1400cd368 PFXExportCertStoreEx
0x1400cd370 CryptUnprotectData
0x1400cd378 CryptBinaryToStringW
0x1400cd380 CryptBinaryToStringA
0x1400cd388 CryptExportPublicKeyInfo
0x1400cd390 CryptFindOIDInfo
0x1400cd398 CryptAcquireCertificatePrivateKey
0x1400cd3a0 CertNameToStrW
0x1400cd3a8 CertFindCertificateInStore
0x1400cd3b0 CertGetCertificateContextProperty
0x1400cd3b8 CertGetNameStringW
0x1400cd3c0 CryptEncodeObject
0x1400cd3c8 CryptProtectData
0x1400cd3d0 CryptQueryObject
cryptdll.dll
0x1400cdf20 CDLocateCSystem
0x1400cdf28 MD5Final
0x1400cdf30 MD5Init
0x1400cdf38 CDGenerateRandomBits
0x1400cdf40 CDLocateCheckSum
0x1400cdf48 MD5Update
DNSAPI.dll
0x1400cd408 DnsFree
0x1400cd410 DnsQuery_A
FLTLIB.DLL
0x1400cd420 FilterFindFirst
0x1400cd428 FilterFindNext
NETAPI32.dll
0x1400cd8e8 DsGetDcNameW
0x1400cd8f0 NetApiBufferFree
0x1400cd8f8 NetRemoteTOD
0x1400cd900 NetSessionEnum
0x1400cd908 NetServerGetInfo
0x1400cd910 DsEnumerateDomainTrustsW
0x1400cd918 NetShareEnum
0x1400cd920 NetStatisticsGet
0x1400cd928 NetWkstaUserEnum
ODBC32.dll
0x1400cd938 None
0x1400cd940 None
0x1400cd948 None
0x1400cd950 None
0x1400cd958 None
0x1400cd960 None
0x1400cd968 None
0x1400cd970 None
ole32.dll
0x1400ce348 CoInitializeEx
0x1400ce350 CoSetProxyBlanket
0x1400ce358 CoTaskMemFree
0x1400ce360 CoUninitialize
0x1400ce368 CoCreateInstance
OLEAUT32.dll
0x1400cd980 SysAllocString
0x1400cd988 VariantInit
0x1400cd990 SysFreeString
0x1400cd998 VariantClear
RPCRT4.dll
0x1400cd9a8 RpcStringFreeW
0x1400cd9b0 RpcBindingFromStringBindingW
0x1400cd9b8 RpcStringBindingComposeW
0x1400cd9c0 MesEncodeIncrementalHandleCreate
0x1400cd9c8 RpcBindingSetAuthInfoExW
0x1400cd9d0 RpcBindingInqAuthClientW
0x1400cd9d8 RpcBindingSetOption
0x1400cd9e0 RpcImpersonateClient
0x1400cd9e8 RpcBindingFree
0x1400cd9f0 RpcRevertToSelf
0x1400cd9f8 MesDecodeIncrementalHandleCreate
0x1400cda00 MesHandleFree
0x1400cda08 MesIncrementalHandleReset
0x1400cda10 NdrMesTypeDecode2
0x1400cda18 NdrMesTypeAlignSize2
0x1400cda20 NdrMesTypeFree2
0x1400cda28 NdrMesTypeEncode2
0x1400cda30 RpcServerUnregisterIfEx
0x1400cda38 I_RpcBindingInqSecurityContext
0x1400cda40 RpcServerInqBindings
0x1400cda48 RpcServerListen
0x1400cda50 RpcMgmtWaitServerListen
0x1400cda58 RpcEpRegisterW
0x1400cda60 RpcMgmtStopServerListening
0x1400cda68 RpcBindingToStringBindingW
0x1400cda70 RpcServerRegisterIf2
0x1400cda78 RpcServerRegisterAuthInfoW
0x1400cda80 RpcBindingVectorFree
0x1400cda88 UuidToStringW
0x1400cda90 RpcServerUseProtseqEpW
0x1400cda98 RpcEpUnregister
0x1400cdaa0 NdrServerCall2
0x1400cdaa8 NdrClientCall2
0x1400cdab0 UuidCreate
0x1400cdab8 RpcEpResolveBinding
0x1400cdac0 RpcBindingSetAuthInfoW
0x1400cdac8 RpcMgmtEpEltInqDone
0x1400cdad0 RpcMgmtEpEltInqNextW
0x1400cdad8 RpcMgmtEpEltInqBegin
0x1400cdae0 I_RpcGetCurrentCallHandle
SHLWAPI.dll
0x1400cdbe0 PathIsDirectoryW
0x1400cdbe8 PathCanonicalizeW
0x1400cdbf0 PathIsRelativeW
0x1400cdbf8 PathCombineW
0x1400cdc00 PathFindFileNameW
SAMLIB.dll
0x1400cdaf0 SamOpenGroup
0x1400cdaf8 SamQueryInformationUser
0x1400cdb00 SamCloseHandle
0x1400cdb08 SamEnumerateDomainsInSamServer
0x1400cdb10 SamFreeMemory
0x1400cdb18 SamEnumerateUsersInDomain
0x1400cdb20 SamOpenUser
0x1400cdb28 SamLookupDomainInSamServer
0x1400cdb30 SamLookupNamesInDomain
0x1400cdb38 SamLookupIdsInDomain
0x1400cdb40 SamOpenDomain
0x1400cdb48 SamConnect
0x1400cdb50 SamSetInformationUser
0x1400cdb58 SamiChangePasswordUser
0x1400cdb60 SamEnumerateGroupsInDomain
0x1400cdb68 SamGetGroupsForUser
0x1400cdb70 SamGetMembersInGroup
0x1400cdb78 SamRidToSid
0x1400cdb80 SamGetMembersInAlias
0x1400cdb88 SamEnumerateAliasesInDomain
0x1400cdb90 SamGetAliasMembership
0x1400cdb98 SamOpenAlias
Secur32.dll
0x1400cdc10 InitializeSecurityContextW
0x1400cdc18 AcquireCredentialsHandleW
0x1400cdc20 EnumerateSecurityPackagesW
0x1400cdc28 FreeCredentialsHandle
0x1400cdc30 DeleteSecurityContext
0x1400cdc38 LsaCallAuthenticationPackage
0x1400cdc40 LsaConnectUntrusted
0x1400cdc48 LsaDeregisterLogonProcess
0x1400cdc50 LsaFreeReturnBuffer
0x1400cdc58 FreeContextBuffer
0x1400cdc60 LsaLookupAuthenticationPackage
0x1400cdc68 QueryContextAttributesW
SHELL32.dll
0x1400cdbd0 CommandLineToArgvW
USER32.dll
0x1400cdc78 OpenClipboard
0x1400cdc80 GetClipboardSequenceNumber
0x1400cdc88 SendMessageW
0x1400cdc90 SetClipboardViewer
0x1400cdc98 CreateWindowExW
0x1400cdca0 ChangeClipboardChain
0x1400cdca8 GetClipboardData
0x1400cdcb0 RegisterClassExW
0x1400cdcb8 TranslateMessage
0x1400cdcc0 EnumClipboardFormats
0x1400cdcc8 DefWindowProcW
0x1400cdcd0 DispatchMessageW
0x1400cdcd8 GetKeyboardLayout
0x1400cdce0 IsCharAlphaNumericW
0x1400cdce8 UnregisterClassW
0x1400cdcf0 GetMessageW
0x1400cdcf8 CloseClipboard
0x1400cdd00 DestroyWindow
0x1400cdd08 PostMessageW
USERENV.dll
0x1400cdd18 DestroyEnvironmentBlock
0x1400cdd20 CreateEnvironmentBlock
VERSION.dll
0x1400cdd30 VerQueryValueW
0x1400cdd38 GetFileVersionInfoSizeW
0x1400cdd40 GetFileVersionInfoW
HID.DLL
0x1400cd438 HidD_FreePreparsedData
0x1400cd440 HidD_GetAttributes
0x1400cd448 HidD_GetHidGuid
0x1400cd450 HidD_GetPreparsedData
0x1400cd458 HidP_GetCaps
0x1400cd460 HidD_GetFeature
0x1400cd468 HidD_SetFeature
SETUPAPI.dll
0x1400cdba8 SetupDiGetDeviceInterfaceDetailW
0x1400cdbb0 SetupDiEnumDeviceInterfaces
0x1400cdbb8 SetupDiGetClassDevsW
0x1400cdbc0 SetupDiDestroyDeviceInfoList
WinSCard.dll
0x1400cdea0 SCardFreeMemory
0x1400cdea8 SCardListCardsW
0x1400cdeb0 SCardGetCardTypeProviderNameW
0x1400cdeb8 SCardReleaseContext
0x1400cdec0 SCardListReadersW
0x1400cdec8 SCardEstablishContext
0x1400cded0 SCardControl
0x1400cded8 SCardConnectW
0x1400cdee0 SCardTransmit
0x1400cdee8 SCardDisconnect
0x1400cdef0 SCardGetAttrib
WINSTA.dll
0x1400cdd50 WinStationOpenServerW
0x1400cdd58 WinStationEnumerateW
0x1400cdd60 WinStationFreeMemory
0x1400cdd68 WinStationConnectW
0x1400cdd70 WinStationQueryInformationW
0x1400cdd78 WinStationCloseServer
WLDAP32.dll
0x1400cdd88 None
0x1400cdd90 None
0x1400cdd98 None
0x1400cdda0 None
0x1400cdda8 None
0x1400cddb0 None
0x1400cddb8 None
0x1400cddc0 None
0x1400cddc8 None
0x1400cddd0 None
0x1400cddd8 None
0x1400cdde0 None
0x1400cdde8 None
0x1400cddf0 None
0x1400cddf8 None
0x1400cde00 None
0x1400cde08 None
0x1400cde10 None
0x1400cde18 None
0x1400cde20 None
0x1400cde28 None
0x1400cde30 None
0x1400cde38 None
0x1400cde40 None
0x1400cde48 None
0x1400cde50 None
0x1400cde58 None
0x1400cde60 None
0x1400cde68 None
0x1400cde70 None
0x1400cde78 None
0x1400cde80 None
0x1400cde88 None
0x1400cde90 None
advapi32.dll
0x1400cdf00 A_SHAFinal
0x1400cdf08 A_SHAInit
0x1400cdf10 A_SHAUpdate
msasn1.dll
0x1400cdf58 ASN1_CreateModule
0x1400cdf60 ASN1_CloseEncoder
0x1400cdf68 ASN1_CreateDecoder
0x1400cdf70 ASN1_FreeEncoded
0x1400cdf78 ASN1_CloseModule
0x1400cdf80 ASN1_CreateEncoder
0x1400cdf88 ASN1_CloseDecoder
0x1400cdf90 ASN1BERDotVal2Eoid
ntdll.dll
0x1400ce180 _strcmpi
0x1400ce188 strstr
0x1400ce190 towupper
0x1400ce198 _wcstoui64
0x1400ce1a0 wcsncmp
0x1400ce1a8 wcstol
0x1400ce1b0 wcstoul
0x1400ce1b8 strcspn
0x1400ce1c0 strncmp
0x1400ce1c8 memmove
0x1400ce1d0 _wcsnicmp
0x1400ce1d8 strtoul
0x1400ce1e0 wcsstr
0x1400ce1e8 wcschr
0x1400ce1f0 wcsrchr
0x1400ce1f8 _stricmp
0x1400ce200 _vscwprintf
0x1400ce208 _wcsicmp
0x1400ce210 strrchr
0x1400ce218 _vsnprintf
0x1400ce220 log
0x1400ce228 memcmp
0x1400ce230 RtlUnicodeStringToAnsiString
0x1400ce238 RtlFreeAnsiString
0x1400ce240 RtlDowncaseUnicodeString
0x1400ce248 RtlFreeUnicodeString
0x1400ce250 RtlInitUnicodeString
0x1400ce258 RtlEqualUnicodeString
0x1400ce260 NtQueryObject
0x1400ce268 RtlCompressBuffer
0x1400ce270 RtlGetCompressionWorkSpaceSize
0x1400ce278 NtQuerySystemInformation
0x1400ce280 RtlGetCurrentPeb
0x1400ce288 NtQueryInformationProcess
0x1400ce290 RtlCreateUserThread
0x1400ce298 RtlGUIDFromString
0x1400ce2a0 RtlStringFromGUID
0x1400ce2a8 NtCompareTokens
0x1400ce2b0 RtlGetNtVersionNumbers
0x1400ce2b8 RtlEqualString
0x1400ce2c0 RtlUpcaseUnicodeString
0x1400ce2c8 RtlAppendUnicodeStringToString
0x1400ce2d0 RtlAnsiStringToUnicodeString
0x1400ce2d8 RtlFreeOemString
0x1400ce2e0 RtlUpcaseUnicodeStringToOemString
0x1400ce2e8 NtResumeProcess
0x1400ce2f0 RtlAdjustPrivilege
0x1400ce2f8 NtSuspendProcess
0x1400ce300 NtTerminateProcess
0x1400ce308 NtQuerySystemEnvironmentValueEx
0x1400ce310 NtSetSystemEnvironmentValueEx
0x1400ce318 NtEnumerateSystemEnvironmentValuesEx
0x1400ce320 RtlIpv4AddressToStringW
0x1400ce328 RtlIpv6AddressToStringW
0x1400ce330 strchr
0x1400ce338 __chkstk
netapi32.dll
0x1400ce160 I_NetServerTrustPasswordsGet
0x1400ce168 I_NetServerReqChallenge
0x1400ce170 I_NetServerAuthenticate2
KERNEL32.dll
0x1400cd478 GetSystemTimeAsFileTime
0x1400cd480 SystemTimeToFileTime
0x1400cd488 lstrlenA
0x1400cd490 WideCharToMultiByte
0x1400cd498 PurgeComm
0x1400cd4a0 ClearCommError
0x1400cd4a8 CreateRemoteThread
0x1400cd4b0 WaitForSingleObject
0x1400cd4b8 SetLastError
0x1400cd4c0 CreateProcessW
0x1400cd4c8 SetConsoleOutputCP
0x1400cd4d0 GetConsoleOutputCP
0x1400cd4d8 RtlVirtualUnwind
0x1400cd4e0 SetFilePointerEx
0x1400cd4e8 GetProcessId
0x1400cd4f0 GetComputerNameW
0x1400cd4f8 IsWow64Process
0x1400cd500 CreateFileMappingW
0x1400cd508 UnmapViewOfFile
0x1400cd510 MapViewOfFile
0x1400cd518 WriteProcessMemory
0x1400cd520 VirtualAllocEx
0x1400cd528 VirtualProtectEx
0x1400cd530 VirtualAlloc
0x1400cd538 ReadProcessMemory
0x1400cd540 VirtualFreeEx
0x1400cd548 VirtualQueryEx
0x1400cd550 VirtualFree
0x1400cd558 VirtualQuery
0x1400cd560 GetComputerNameExW
0x1400cd568 DeviceIoControl
0x1400cd570 DuplicateHandle
0x1400cd578 OpenProcess
0x1400cd580 GetCurrentProcess
0x1400cd588 ExpandEnvironmentStringsW
0x1400cd590 FindNextFileW
0x1400cd598 FindClose
0x1400cd5a0 GetCurrentDirectoryW
0x1400cd5a8 GetFileSizeEx
0x1400cd5b0 FlushFileBuffers
0x1400cd5b8 GetFileAttributesW
0x1400cd5c0 FindFirstFileW
0x1400cd5c8 lstrlenW
0x1400cd5d0 GetProcAddress
0x1400cd5d8 LoadLibraryW
0x1400cd5e0 GetModuleHandleW
0x1400cd5e8 FreeLibrary
0x1400cd5f0 DeleteFileA
0x1400cd5f8 GetTempPathA
0x1400cd600 GetFileInformationByHandle
0x1400cd608 FileTimeToLocalFileTime
0x1400cd610 GetCurrentDirectoryA
0x1400cd618 GetTempFileNameA
0x1400cd620 SetFilePointer
0x1400cd628 CreateFileA
0x1400cd630 FileTimeToDosDateTime
0x1400cd638 CreateThread
0x1400cd640 LocalFree
0x1400cd648 CloseHandle
0x1400cd650 LocalAlloc
0x1400cd658 GetLastError
0x1400cd660 CreateFileW
0x1400cd668 ReadFile
0x1400cd670 TerminateThread
0x1400cd678 WriteFile
0x1400cd680 FileTimeToSystemTime
0x1400cd688 Sleep
0x1400cd690 VirtualProtect
0x1400cd698 GetFullPathNameW
0x1400cd6a0 GetFullPathNameA
0x1400cd6a8 HeapReAlloc
0x1400cd6b0 GetFileSize
0x1400cd6b8 CreateMutexW
0x1400cd6c0 HeapCompact
0x1400cd6c8 SetEndOfFile
0x1400cd6d0 HeapAlloc
0x1400cd6d8 QueryPerformanceCounter
0x1400cd6e0 HeapFree
0x1400cd6e8 UnlockFile
0x1400cd6f0 FlushViewOfFile
0x1400cd6f8 LockFile
0x1400cd700 WaitForSingleObjectEx
0x1400cd708 OutputDebugStringW
0x1400cd710 GetTickCount
0x1400cd718 UnlockFileEx
0x1400cd720 GetProcessHeap
0x1400cd728 FormatMessageA
0x1400cd730 FormatMessageW
0x1400cd738 GetTimeFormatW
0x1400cd740 GetVersionExW
0x1400cd748 HeapDestroy
0x1400cd750 GetFileAttributesA
0x1400cd758 HeapCreate
0x1400cd760 HeapValidate
0x1400cd768 MultiByteToWideChar
0x1400cd770 GetTempPathW
0x1400cd778 HeapSize
0x1400cd780 LockFileEx
0x1400cd788 GetDiskFreeSpaceW
0x1400cd790 LoadLibraryA
0x1400cd798 CreateFileMappingA
0x1400cd7a0 GetDiskFreeSpaceA
0x1400cd7a8 GetSystemInfo
0x1400cd7b0 GetFileAttributesExW
0x1400cd7b8 OutputDebugStringA
0x1400cd7c0 GetVersionExA
0x1400cd7c8 DeleteFileW
0x1400cd7d0 GetCurrentProcessId
0x1400cd7d8 GetSystemTime
0x1400cd7e0 AreFileApisANSI
0x1400cd7e8 ExitProcess
0x1400cd7f0 ExitThread
0x1400cd7f8 RaiseException
0x1400cd800 SetConsoleCtrlHandler
0x1400cd808 SetConsoleTitleW
0x1400cd810 SetFileAttributesW
0x1400cd818 GlobalSize
0x1400cd820 SetHandleInformation
0x1400cd828 CreatePipe
0x1400cd830 InitializeCriticalSection
0x1400cd838 LeaveCriticalSection
0x1400cd840 EnterCriticalSection
0x1400cd848 DeleteCriticalSection
0x1400cd850 SetEvent
0x1400cd858 CreateEventW
0x1400cd860 GetSystemDirectoryW
0x1400cd868 SetConsoleCursorPosition
0x1400cd870 GetTimeZoneInformation
0x1400cd878 GetStdHandle
0x1400cd880 FillConsoleOutputCharacterW
0x1400cd888 GetConsoleScreenBufferInfo
0x1400cd890 SetCurrentDirectoryW
0x1400cd898 GetCurrentThread
0x1400cd8a0 ProcessIdToSessionId
0x1400cd8a8 RtlLookupFunctionEntry
0x1400cd8b0 RtlCaptureContext
0x1400cd8b8 TerminateProcess
0x1400cd8c0 UnhandledExceptionFilter
0x1400cd8c8 SetUnhandledExceptionFilter
0x1400cd8d0 GetCurrentThreadId
0x1400cd8d8 GetDateFormatW
msvcrt.dll
0x1400cdfa0 calloc
0x1400cdfa8 isdigit
0x1400cdfb0 __set_app_type
0x1400cdfb8 _fmode
0x1400cdfc0 isspace
0x1400cdfc8 mbtowc
0x1400cdfd0 __mb_cur_max
0x1400cdfd8 isleadbyte
0x1400cdfe0 isxdigit
0x1400cdfe8 localeconv
0x1400cdff0 _snprintf
0x1400cdff8 _itoa
0x1400ce000 wctomb
0x1400ce008 ferror
0x1400ce010 iswctype
0x1400ce018 wcstombs
0x1400ce020 ?terminate@@YAXXZ
0x1400ce028 __badioinfo
0x1400ce030 __pioinfo
0x1400ce038 _read
0x1400ce040 _lseeki64
0x1400ce048 _write
0x1400ce050 _isatty
0x1400ce058 ungetc
0x1400ce060 _commode
0x1400ce068 __setusermatherr
0x1400ce070 malloc
0x1400ce078 _vscprintf
0x1400ce080 _msize
0x1400ce088 _amsg_exit
0x1400ce090 _initterm
0x1400ce098 exit
0x1400ce0a0 _cexit
0x1400ce0a8 _exit
0x1400ce0b0 _XcptFilter
0x1400ce0b8 __wgetmainargs
0x1400ce0c0 __C_specific_handler
0x1400ce0c8 memset
0x1400ce0d0 memcpy
0x1400ce0d8 fclose
0x1400ce0e0 getchar
0x1400ce0e8 _wpgmptr
0x1400ce0f0 fgetws
0x1400ce0f8 realloc
0x1400ce100 _errno
0x1400ce108 free
0x1400ce110 _wcsdup
0x1400ce118 vfwprintf
0x1400ce120 fflush
0x1400ce128 _wfopen
0x1400ce130 wprintf
0x1400ce138 _fileno
0x1400ce140 _iob
0x1400ce148 vwprintf
0x1400ce150 _setmode
EAT(Export Address Table) is none
ADVAPI32.dll
0x1400cd000 CryptSetHashParam
0x1400cd008 CryptGetHashParam
0x1400cd010 CryptExportKey
0x1400cd018 CryptAcquireContextW
0x1400cd020 CryptSetKeyParam
0x1400cd028 CryptGetKeyParam
0x1400cd030 CryptReleaseContext
0x1400cd038 CryptDuplicateKey
0x1400cd040 CryptAcquireContextA
0x1400cd048 CryptGetProvParam
0x1400cd050 CryptImportKey
0x1400cd058 SystemFunction007
0x1400cd060 CryptEncrypt
0x1400cd068 CryptCreateHash
0x1400cd070 CryptGenKey
0x1400cd078 CryptDestroyKey
0x1400cd080 CryptDecrypt
0x1400cd088 CryptDestroyHash
0x1400cd090 CryptHashData
0x1400cd098 CopySid
0x1400cd0a0 GetLengthSid
0x1400cd0a8 LsaQueryInformationPolicy
0x1400cd0b0 LsaOpenPolicy
0x1400cd0b8 LsaClose
0x1400cd0c0 CreateWellKnownSid
0x1400cd0c8 CreateProcessWithLogonW
0x1400cd0d0 CreateProcessAsUserW
0x1400cd0d8 RegQueryValueExW
0x1400cd0e0 RegQueryInfoKeyW
0x1400cd0e8 RegEnumValueW
0x1400cd0f0 RegOpenKeyExW
0x1400cd0f8 RegEnumKeyExW
0x1400cd100 RegCloseKey
0x1400cd108 RegSetValueExW
0x1400cd110 SystemFunction033
0x1400cd118 SystemFunction032
0x1400cd120 ConvertSidToStringSidW
0x1400cd128 CreateServiceW
0x1400cd130 CloseServiceHandle
0x1400cd138 DeleteService
0x1400cd140 OpenSCManagerW
0x1400cd148 SetServiceObjectSecurity
0x1400cd150 OpenServiceW
0x1400cd158 BuildSecurityDescriptorW
0x1400cd160 QueryServiceObjectSecurity
0x1400cd168 StartServiceW
0x1400cd170 AllocateAndInitializeSid
0x1400cd178 QueryServiceStatusEx
0x1400cd180 FreeSid
0x1400cd188 ControlService
0x1400cd190 IsTextUnicode
0x1400cd198 OpenProcessToken
0x1400cd1a0 GetTokenInformation
0x1400cd1a8 LookupAccountNameW
0x1400cd1b0 LookupAccountSidW
0x1400cd1b8 DuplicateTokenEx
0x1400cd1c0 CheckTokenMembership
0x1400cd1c8 CryptSetProvParam
0x1400cd1d0 CryptEnumProvidersW
0x1400cd1d8 ConvertStringSidToSidW
0x1400cd1e0 LsaFreeMemory
0x1400cd1e8 GetSidSubAuthority
0x1400cd1f0 GetSidSubAuthorityCount
0x1400cd1f8 IsValidSid
0x1400cd200 SetThreadToken
0x1400cd208 CryptEnumProviderTypesW
0x1400cd210 SystemFunction006
0x1400cd218 CryptGetUserKey
0x1400cd220 OpenEventLogW
0x1400cd228 GetNumberOfEventLogRecords
0x1400cd230 ClearEventLogW
0x1400cd238 SystemFunction001
0x1400cd240 CryptDeriveKey
0x1400cd248 SystemFunction005
0x1400cd250 LsaQueryTrustedDomainInfoByName
0x1400cd258 CryptSignHashW
0x1400cd260 LsaSetSecret
0x1400cd268 SystemFunction023
0x1400cd270 LsaOpenSecret
0x1400cd278 LsaQuerySecret
0x1400cd280 LsaRetrievePrivateData
0x1400cd288 LsaEnumerateTrustedDomainsEx
0x1400cd290 LookupPrivilegeValueW
0x1400cd298 StartServiceCtrlDispatcherW
0x1400cd2a0 SetServiceStatus
0x1400cd2a8 RegisterServiceCtrlHandlerW
0x1400cd2b0 LookupPrivilegeNameW
0x1400cd2b8 OpenThreadToken
0x1400cd2c0 EqualSid
0x1400cd2c8 CredFree
0x1400cd2d0 CredEnumerateW
0x1400cd2d8 SystemFunction026
0x1400cd2e0 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x1400cd2e8 SystemFunction027
0x1400cd2f0 CredIsMarshaledCredentialW
0x1400cd2f8 CredUnmarshalCredentialW
Cabinet.dll
0x1400cd3e0 None
0x1400cd3e8 None
0x1400cd3f0 None
0x1400cd3f8 None
CRYPT32.dll
0x1400cd308 CryptSignAndEncodeCertificate
0x1400cd310 CertEnumSystemStore
0x1400cd318 CertEnumCertificatesInStore
0x1400cd320 CertAddCertificateContextToStore
0x1400cd328 CryptDecodeObjectEx
0x1400cd330 CryptStringToBinaryA
0x1400cd338 CertAddEncodedCertificateToStore
0x1400cd340 CertOpenStore
0x1400cd348 CertFreeCertificateContext
0x1400cd350 CertCloseStore
0x1400cd358 CryptStringToBinaryW
0x1400cd360 CertSetCertificateContextProperty
0x1400cd368 PFXExportCertStoreEx
0x1400cd370 CryptUnprotectData
0x1400cd378 CryptBinaryToStringW
0x1400cd380 CryptBinaryToStringA
0x1400cd388 CryptExportPublicKeyInfo
0x1400cd390 CryptFindOIDInfo
0x1400cd398 CryptAcquireCertificatePrivateKey
0x1400cd3a0 CertNameToStrW
0x1400cd3a8 CertFindCertificateInStore
0x1400cd3b0 CertGetCertificateContextProperty
0x1400cd3b8 CertGetNameStringW
0x1400cd3c0 CryptEncodeObject
0x1400cd3c8 CryptProtectData
0x1400cd3d0 CryptQueryObject
cryptdll.dll
0x1400cdf20 CDLocateCSystem
0x1400cdf28 MD5Final
0x1400cdf30 MD5Init
0x1400cdf38 CDGenerateRandomBits
0x1400cdf40 CDLocateCheckSum
0x1400cdf48 MD5Update
DNSAPI.dll
0x1400cd408 DnsFree
0x1400cd410 DnsQuery_A
FLTLIB.DLL
0x1400cd420 FilterFindFirst
0x1400cd428 FilterFindNext
NETAPI32.dll
0x1400cd8e8 DsGetDcNameW
0x1400cd8f0 NetApiBufferFree
0x1400cd8f8 NetRemoteTOD
0x1400cd900 NetSessionEnum
0x1400cd908 NetServerGetInfo
0x1400cd910 DsEnumerateDomainTrustsW
0x1400cd918 NetShareEnum
0x1400cd920 NetStatisticsGet
0x1400cd928 NetWkstaUserEnum
ODBC32.dll
0x1400cd938 None
0x1400cd940 None
0x1400cd948 None
0x1400cd950 None
0x1400cd958 None
0x1400cd960 None
0x1400cd968 None
0x1400cd970 None
ole32.dll
0x1400ce348 CoInitializeEx
0x1400ce350 CoSetProxyBlanket
0x1400ce358 CoTaskMemFree
0x1400ce360 CoUninitialize
0x1400ce368 CoCreateInstance
OLEAUT32.dll
0x1400cd980 SysAllocString
0x1400cd988 VariantInit
0x1400cd990 SysFreeString
0x1400cd998 VariantClear
RPCRT4.dll
0x1400cd9a8 RpcStringFreeW
0x1400cd9b0 RpcBindingFromStringBindingW
0x1400cd9b8 RpcStringBindingComposeW
0x1400cd9c0 MesEncodeIncrementalHandleCreate
0x1400cd9c8 RpcBindingSetAuthInfoExW
0x1400cd9d0 RpcBindingInqAuthClientW
0x1400cd9d8 RpcBindingSetOption
0x1400cd9e0 RpcImpersonateClient
0x1400cd9e8 RpcBindingFree
0x1400cd9f0 RpcRevertToSelf
0x1400cd9f8 MesDecodeIncrementalHandleCreate
0x1400cda00 MesHandleFree
0x1400cda08 MesIncrementalHandleReset
0x1400cda10 NdrMesTypeDecode2
0x1400cda18 NdrMesTypeAlignSize2
0x1400cda20 NdrMesTypeFree2
0x1400cda28 NdrMesTypeEncode2
0x1400cda30 RpcServerUnregisterIfEx
0x1400cda38 I_RpcBindingInqSecurityContext
0x1400cda40 RpcServerInqBindings
0x1400cda48 RpcServerListen
0x1400cda50 RpcMgmtWaitServerListen
0x1400cda58 RpcEpRegisterW
0x1400cda60 RpcMgmtStopServerListening
0x1400cda68 RpcBindingToStringBindingW
0x1400cda70 RpcServerRegisterIf2
0x1400cda78 RpcServerRegisterAuthInfoW
0x1400cda80 RpcBindingVectorFree
0x1400cda88 UuidToStringW
0x1400cda90 RpcServerUseProtseqEpW
0x1400cda98 RpcEpUnregister
0x1400cdaa0 NdrServerCall2
0x1400cdaa8 NdrClientCall2
0x1400cdab0 UuidCreate
0x1400cdab8 RpcEpResolveBinding
0x1400cdac0 RpcBindingSetAuthInfoW
0x1400cdac8 RpcMgmtEpEltInqDone
0x1400cdad0 RpcMgmtEpEltInqNextW
0x1400cdad8 RpcMgmtEpEltInqBegin
0x1400cdae0 I_RpcGetCurrentCallHandle
SHLWAPI.dll
0x1400cdbe0 PathIsDirectoryW
0x1400cdbe8 PathCanonicalizeW
0x1400cdbf0 PathIsRelativeW
0x1400cdbf8 PathCombineW
0x1400cdc00 PathFindFileNameW
SAMLIB.dll
0x1400cdaf0 SamOpenGroup
0x1400cdaf8 SamQueryInformationUser
0x1400cdb00 SamCloseHandle
0x1400cdb08 SamEnumerateDomainsInSamServer
0x1400cdb10 SamFreeMemory
0x1400cdb18 SamEnumerateUsersInDomain
0x1400cdb20 SamOpenUser
0x1400cdb28 SamLookupDomainInSamServer
0x1400cdb30 SamLookupNamesInDomain
0x1400cdb38 SamLookupIdsInDomain
0x1400cdb40 SamOpenDomain
0x1400cdb48 SamConnect
0x1400cdb50 SamSetInformationUser
0x1400cdb58 SamiChangePasswordUser
0x1400cdb60 SamEnumerateGroupsInDomain
0x1400cdb68 SamGetGroupsForUser
0x1400cdb70 SamGetMembersInGroup
0x1400cdb78 SamRidToSid
0x1400cdb80 SamGetMembersInAlias
0x1400cdb88 SamEnumerateAliasesInDomain
0x1400cdb90 SamGetAliasMembership
0x1400cdb98 SamOpenAlias
Secur32.dll
0x1400cdc10 InitializeSecurityContextW
0x1400cdc18 AcquireCredentialsHandleW
0x1400cdc20 EnumerateSecurityPackagesW
0x1400cdc28 FreeCredentialsHandle
0x1400cdc30 DeleteSecurityContext
0x1400cdc38 LsaCallAuthenticationPackage
0x1400cdc40 LsaConnectUntrusted
0x1400cdc48 LsaDeregisterLogonProcess
0x1400cdc50 LsaFreeReturnBuffer
0x1400cdc58 FreeContextBuffer
0x1400cdc60 LsaLookupAuthenticationPackage
0x1400cdc68 QueryContextAttributesW
SHELL32.dll
0x1400cdbd0 CommandLineToArgvW
USER32.dll
0x1400cdc78 OpenClipboard
0x1400cdc80 GetClipboardSequenceNumber
0x1400cdc88 SendMessageW
0x1400cdc90 SetClipboardViewer
0x1400cdc98 CreateWindowExW
0x1400cdca0 ChangeClipboardChain
0x1400cdca8 GetClipboardData
0x1400cdcb0 RegisterClassExW
0x1400cdcb8 TranslateMessage
0x1400cdcc0 EnumClipboardFormats
0x1400cdcc8 DefWindowProcW
0x1400cdcd0 DispatchMessageW
0x1400cdcd8 GetKeyboardLayout
0x1400cdce0 IsCharAlphaNumericW
0x1400cdce8 UnregisterClassW
0x1400cdcf0 GetMessageW
0x1400cdcf8 CloseClipboard
0x1400cdd00 DestroyWindow
0x1400cdd08 PostMessageW
USERENV.dll
0x1400cdd18 DestroyEnvironmentBlock
0x1400cdd20 CreateEnvironmentBlock
VERSION.dll
0x1400cdd30 VerQueryValueW
0x1400cdd38 GetFileVersionInfoSizeW
0x1400cdd40 GetFileVersionInfoW
HID.DLL
0x1400cd438 HidD_FreePreparsedData
0x1400cd440 HidD_GetAttributes
0x1400cd448 HidD_GetHidGuid
0x1400cd450 HidD_GetPreparsedData
0x1400cd458 HidP_GetCaps
0x1400cd460 HidD_GetFeature
0x1400cd468 HidD_SetFeature
SETUPAPI.dll
0x1400cdba8 SetupDiGetDeviceInterfaceDetailW
0x1400cdbb0 SetupDiEnumDeviceInterfaces
0x1400cdbb8 SetupDiGetClassDevsW
0x1400cdbc0 SetupDiDestroyDeviceInfoList
WinSCard.dll
0x1400cdea0 SCardFreeMemory
0x1400cdea8 SCardListCardsW
0x1400cdeb0 SCardGetCardTypeProviderNameW
0x1400cdeb8 SCardReleaseContext
0x1400cdec0 SCardListReadersW
0x1400cdec8 SCardEstablishContext
0x1400cded0 SCardControl
0x1400cded8 SCardConnectW
0x1400cdee0 SCardTransmit
0x1400cdee8 SCardDisconnect
0x1400cdef0 SCardGetAttrib
WINSTA.dll
0x1400cdd50 WinStationOpenServerW
0x1400cdd58 WinStationEnumerateW
0x1400cdd60 WinStationFreeMemory
0x1400cdd68 WinStationConnectW
0x1400cdd70 WinStationQueryInformationW
0x1400cdd78 WinStationCloseServer
WLDAP32.dll
0x1400cdd88 None
0x1400cdd90 None
0x1400cdd98 None
0x1400cdda0 None
0x1400cdda8 None
0x1400cddb0 None
0x1400cddb8 None
0x1400cddc0 None
0x1400cddc8 None
0x1400cddd0 None
0x1400cddd8 None
0x1400cdde0 None
0x1400cdde8 None
0x1400cddf0 None
0x1400cddf8 None
0x1400cde00 None
0x1400cde08 None
0x1400cde10 None
0x1400cde18 None
0x1400cde20 None
0x1400cde28 None
0x1400cde30 None
0x1400cde38 None
0x1400cde40 None
0x1400cde48 None
0x1400cde50 None
0x1400cde58 None
0x1400cde60 None
0x1400cde68 None
0x1400cde70 None
0x1400cde78 None
0x1400cde80 None
0x1400cde88 None
0x1400cde90 None
advapi32.dll
0x1400cdf00 A_SHAFinal
0x1400cdf08 A_SHAInit
0x1400cdf10 A_SHAUpdate
msasn1.dll
0x1400cdf58 ASN1_CreateModule
0x1400cdf60 ASN1_CloseEncoder
0x1400cdf68 ASN1_CreateDecoder
0x1400cdf70 ASN1_FreeEncoded
0x1400cdf78 ASN1_CloseModule
0x1400cdf80 ASN1_CreateEncoder
0x1400cdf88 ASN1_CloseDecoder
0x1400cdf90 ASN1BERDotVal2Eoid
ntdll.dll
0x1400ce180 _strcmpi
0x1400ce188 strstr
0x1400ce190 towupper
0x1400ce198 _wcstoui64
0x1400ce1a0 wcsncmp
0x1400ce1a8 wcstol
0x1400ce1b0 wcstoul
0x1400ce1b8 strcspn
0x1400ce1c0 strncmp
0x1400ce1c8 memmove
0x1400ce1d0 _wcsnicmp
0x1400ce1d8 strtoul
0x1400ce1e0 wcsstr
0x1400ce1e8 wcschr
0x1400ce1f0 wcsrchr
0x1400ce1f8 _stricmp
0x1400ce200 _vscwprintf
0x1400ce208 _wcsicmp
0x1400ce210 strrchr
0x1400ce218 _vsnprintf
0x1400ce220 log
0x1400ce228 memcmp
0x1400ce230 RtlUnicodeStringToAnsiString
0x1400ce238 RtlFreeAnsiString
0x1400ce240 RtlDowncaseUnicodeString
0x1400ce248 RtlFreeUnicodeString
0x1400ce250 RtlInitUnicodeString
0x1400ce258 RtlEqualUnicodeString
0x1400ce260 NtQueryObject
0x1400ce268 RtlCompressBuffer
0x1400ce270 RtlGetCompressionWorkSpaceSize
0x1400ce278 NtQuerySystemInformation
0x1400ce280 RtlGetCurrentPeb
0x1400ce288 NtQueryInformationProcess
0x1400ce290 RtlCreateUserThread
0x1400ce298 RtlGUIDFromString
0x1400ce2a0 RtlStringFromGUID
0x1400ce2a8 NtCompareTokens
0x1400ce2b0 RtlGetNtVersionNumbers
0x1400ce2b8 RtlEqualString
0x1400ce2c0 RtlUpcaseUnicodeString
0x1400ce2c8 RtlAppendUnicodeStringToString
0x1400ce2d0 RtlAnsiStringToUnicodeString
0x1400ce2d8 RtlFreeOemString
0x1400ce2e0 RtlUpcaseUnicodeStringToOemString
0x1400ce2e8 NtResumeProcess
0x1400ce2f0 RtlAdjustPrivilege
0x1400ce2f8 NtSuspendProcess
0x1400ce300 NtTerminateProcess
0x1400ce308 NtQuerySystemEnvironmentValueEx
0x1400ce310 NtSetSystemEnvironmentValueEx
0x1400ce318 NtEnumerateSystemEnvironmentValuesEx
0x1400ce320 RtlIpv4AddressToStringW
0x1400ce328 RtlIpv6AddressToStringW
0x1400ce330 strchr
0x1400ce338 __chkstk
netapi32.dll
0x1400ce160 I_NetServerTrustPasswordsGet
0x1400ce168 I_NetServerReqChallenge
0x1400ce170 I_NetServerAuthenticate2
KERNEL32.dll
0x1400cd478 GetSystemTimeAsFileTime
0x1400cd480 SystemTimeToFileTime
0x1400cd488 lstrlenA
0x1400cd490 WideCharToMultiByte
0x1400cd498 PurgeComm
0x1400cd4a0 ClearCommError
0x1400cd4a8 CreateRemoteThread
0x1400cd4b0 WaitForSingleObject
0x1400cd4b8 SetLastError
0x1400cd4c0 CreateProcessW
0x1400cd4c8 SetConsoleOutputCP
0x1400cd4d0 GetConsoleOutputCP
0x1400cd4d8 RtlVirtualUnwind
0x1400cd4e0 SetFilePointerEx
0x1400cd4e8 GetProcessId
0x1400cd4f0 GetComputerNameW
0x1400cd4f8 IsWow64Process
0x1400cd500 CreateFileMappingW
0x1400cd508 UnmapViewOfFile
0x1400cd510 MapViewOfFile
0x1400cd518 WriteProcessMemory
0x1400cd520 VirtualAllocEx
0x1400cd528 VirtualProtectEx
0x1400cd530 VirtualAlloc
0x1400cd538 ReadProcessMemory
0x1400cd540 VirtualFreeEx
0x1400cd548 VirtualQueryEx
0x1400cd550 VirtualFree
0x1400cd558 VirtualQuery
0x1400cd560 GetComputerNameExW
0x1400cd568 DeviceIoControl
0x1400cd570 DuplicateHandle
0x1400cd578 OpenProcess
0x1400cd580 GetCurrentProcess
0x1400cd588 ExpandEnvironmentStringsW
0x1400cd590 FindNextFileW
0x1400cd598 FindClose
0x1400cd5a0 GetCurrentDirectoryW
0x1400cd5a8 GetFileSizeEx
0x1400cd5b0 FlushFileBuffers
0x1400cd5b8 GetFileAttributesW
0x1400cd5c0 FindFirstFileW
0x1400cd5c8 lstrlenW
0x1400cd5d0 GetProcAddress
0x1400cd5d8 LoadLibraryW
0x1400cd5e0 GetModuleHandleW
0x1400cd5e8 FreeLibrary
0x1400cd5f0 DeleteFileA
0x1400cd5f8 GetTempPathA
0x1400cd600 GetFileInformationByHandle
0x1400cd608 FileTimeToLocalFileTime
0x1400cd610 GetCurrentDirectoryA
0x1400cd618 GetTempFileNameA
0x1400cd620 SetFilePointer
0x1400cd628 CreateFileA
0x1400cd630 FileTimeToDosDateTime
0x1400cd638 CreateThread
0x1400cd640 LocalFree
0x1400cd648 CloseHandle
0x1400cd650 LocalAlloc
0x1400cd658 GetLastError
0x1400cd660 CreateFileW
0x1400cd668 ReadFile
0x1400cd670 TerminateThread
0x1400cd678 WriteFile
0x1400cd680 FileTimeToSystemTime
0x1400cd688 Sleep
0x1400cd690 VirtualProtect
0x1400cd698 GetFullPathNameW
0x1400cd6a0 GetFullPathNameA
0x1400cd6a8 HeapReAlloc
0x1400cd6b0 GetFileSize
0x1400cd6b8 CreateMutexW
0x1400cd6c0 HeapCompact
0x1400cd6c8 SetEndOfFile
0x1400cd6d0 HeapAlloc
0x1400cd6d8 QueryPerformanceCounter
0x1400cd6e0 HeapFree
0x1400cd6e8 UnlockFile
0x1400cd6f0 FlushViewOfFile
0x1400cd6f8 LockFile
0x1400cd700 WaitForSingleObjectEx
0x1400cd708 OutputDebugStringW
0x1400cd710 GetTickCount
0x1400cd718 UnlockFileEx
0x1400cd720 GetProcessHeap
0x1400cd728 FormatMessageA
0x1400cd730 FormatMessageW
0x1400cd738 GetTimeFormatW
0x1400cd740 GetVersionExW
0x1400cd748 HeapDestroy
0x1400cd750 GetFileAttributesA
0x1400cd758 HeapCreate
0x1400cd760 HeapValidate
0x1400cd768 MultiByteToWideChar
0x1400cd770 GetTempPathW
0x1400cd778 HeapSize
0x1400cd780 LockFileEx
0x1400cd788 GetDiskFreeSpaceW
0x1400cd790 LoadLibraryA
0x1400cd798 CreateFileMappingA
0x1400cd7a0 GetDiskFreeSpaceA
0x1400cd7a8 GetSystemInfo
0x1400cd7b0 GetFileAttributesExW
0x1400cd7b8 OutputDebugStringA
0x1400cd7c0 GetVersionExA
0x1400cd7c8 DeleteFileW
0x1400cd7d0 GetCurrentProcessId
0x1400cd7d8 GetSystemTime
0x1400cd7e0 AreFileApisANSI
0x1400cd7e8 ExitProcess
0x1400cd7f0 ExitThread
0x1400cd7f8 RaiseException
0x1400cd800 SetConsoleCtrlHandler
0x1400cd808 SetConsoleTitleW
0x1400cd810 SetFileAttributesW
0x1400cd818 GlobalSize
0x1400cd820 SetHandleInformation
0x1400cd828 CreatePipe
0x1400cd830 InitializeCriticalSection
0x1400cd838 LeaveCriticalSection
0x1400cd840 EnterCriticalSection
0x1400cd848 DeleteCriticalSection
0x1400cd850 SetEvent
0x1400cd858 CreateEventW
0x1400cd860 GetSystemDirectoryW
0x1400cd868 SetConsoleCursorPosition
0x1400cd870 GetTimeZoneInformation
0x1400cd878 GetStdHandle
0x1400cd880 FillConsoleOutputCharacterW
0x1400cd888 GetConsoleScreenBufferInfo
0x1400cd890 SetCurrentDirectoryW
0x1400cd898 GetCurrentThread
0x1400cd8a0 ProcessIdToSessionId
0x1400cd8a8 RtlLookupFunctionEntry
0x1400cd8b0 RtlCaptureContext
0x1400cd8b8 TerminateProcess
0x1400cd8c0 UnhandledExceptionFilter
0x1400cd8c8 SetUnhandledExceptionFilter
0x1400cd8d0 GetCurrentThreadId
0x1400cd8d8 GetDateFormatW
msvcrt.dll
0x1400cdfa0 calloc
0x1400cdfa8 isdigit
0x1400cdfb0 __set_app_type
0x1400cdfb8 _fmode
0x1400cdfc0 isspace
0x1400cdfc8 mbtowc
0x1400cdfd0 __mb_cur_max
0x1400cdfd8 isleadbyte
0x1400cdfe0 isxdigit
0x1400cdfe8 localeconv
0x1400cdff0 _snprintf
0x1400cdff8 _itoa
0x1400ce000 wctomb
0x1400ce008 ferror
0x1400ce010 iswctype
0x1400ce018 wcstombs
0x1400ce020 ?terminate@@YAXXZ
0x1400ce028 __badioinfo
0x1400ce030 __pioinfo
0x1400ce038 _read
0x1400ce040 _lseeki64
0x1400ce048 _write
0x1400ce050 _isatty
0x1400ce058 ungetc
0x1400ce060 _commode
0x1400ce068 __setusermatherr
0x1400ce070 malloc
0x1400ce078 _vscprintf
0x1400ce080 _msize
0x1400ce088 _amsg_exit
0x1400ce090 _initterm
0x1400ce098 exit
0x1400ce0a0 _cexit
0x1400ce0a8 _exit
0x1400ce0b0 _XcptFilter
0x1400ce0b8 __wgetmainargs
0x1400ce0c0 __C_specific_handler
0x1400ce0c8 memset
0x1400ce0d0 memcpy
0x1400ce0d8 fclose
0x1400ce0e0 getchar
0x1400ce0e8 _wpgmptr
0x1400ce0f0 fgetws
0x1400ce0f8 realloc
0x1400ce100 _errno
0x1400ce108 free
0x1400ce110 _wcsdup
0x1400ce118 vfwprintf
0x1400ce120 fflush
0x1400ce128 _wfopen
0x1400ce130 wprintf
0x1400ce138 _fileno
0x1400ce140 _iob
0x1400ce148 vwprintf
0x1400ce150 _setmode
EAT(Export Address Table) is none