ScreenShot
| Created | 2022.11.10 08:08 | Machine | s1_win7_x6403 |
| Filename | 1.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 58 detected (Mimikatz, Tool, FUUJ, HackTool, S13719268, Misc, Malicious, Save, Delpy, Eldorado, Windows, CLASSIC, ApplicUnwnt@#n8us1xaciy0v, ZTJA, HTool, R + ATK, Apteryx, Detected, AGEN, ai score=100, ASMalwS, score, R366782, TrojanPSW, Unsafe, Static AI, Suspicious PE, susgen, HackingTool, confidence, 100%) | ||
| md5 | bb8bdb3e8c92e97e2f63626bc3b254c4 | ||
| sha256 | 912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9 | ||
| ssdeep | 24576:APOLHP7+a2HVvM0UyYG7SbQbcaXjn4Gy5+aYoNEVJEjA3e:APO/4UgOLaz4FQdoNEVmMe | ||
| imphash | 9528a0e91e28fbb88ad433feabca2456 | ||
| impfuzzy | 192:lUQG990nAxXL5N2RdjuGIORgWjslYkXTMbNzqUQRKFXSWBaGZ1+11Ei+qP:lSmeLL2ir1TWZFXSI1+11j+w | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1400cf000 CryptSetHashParam
0x1400cf008 CryptGetHashParam
0x1400cf010 CryptExportKey
0x1400cf018 CryptAcquireContextW
0x1400cf020 CryptSetKeyParam
0x1400cf028 CryptGetKeyParam
0x1400cf030 CryptReleaseContext
0x1400cf038 CryptDuplicateKey
0x1400cf040 CryptAcquireContextA
0x1400cf048 CryptGetProvParam
0x1400cf050 CryptImportKey
0x1400cf058 SystemFunction007
0x1400cf060 CryptEncrypt
0x1400cf068 CryptCreateHash
0x1400cf070 CryptGenKey
0x1400cf078 CryptDestroyKey
0x1400cf080 CryptDecrypt
0x1400cf088 CryptDestroyHash
0x1400cf090 CryptHashData
0x1400cf098 CopySid
0x1400cf0a0 GetLengthSid
0x1400cf0a8 LsaQueryInformationPolicy
0x1400cf0b0 LsaOpenPolicy
0x1400cf0b8 LsaClose
0x1400cf0c0 CreateWellKnownSid
0x1400cf0c8 CreateProcessWithLogonW
0x1400cf0d0 CreateProcessAsUserW
0x1400cf0d8 RegQueryValueExW
0x1400cf0e0 RegQueryInfoKeyW
0x1400cf0e8 RegEnumValueW
0x1400cf0f0 RegOpenKeyExW
0x1400cf0f8 RegEnumKeyExW
0x1400cf100 RegCloseKey
0x1400cf108 RegSetValueExW
0x1400cf110 SystemFunction033
0x1400cf118 SystemFunction032
0x1400cf120 ConvertSidToStringSidW
0x1400cf128 CreateServiceW
0x1400cf130 CloseServiceHandle
0x1400cf138 DeleteService
0x1400cf140 OpenSCManagerW
0x1400cf148 SetServiceObjectSecurity
0x1400cf150 OpenServiceW
0x1400cf158 BuildSecurityDescriptorW
0x1400cf160 QueryServiceObjectSecurity
0x1400cf168 StartServiceW
0x1400cf170 AllocateAndInitializeSid
0x1400cf178 QueryServiceStatusEx
0x1400cf180 FreeSid
0x1400cf188 ControlService
0x1400cf190 IsTextUnicode
0x1400cf198 OpenProcessToken
0x1400cf1a0 GetTokenInformation
0x1400cf1a8 LookupAccountNameW
0x1400cf1b0 LookupAccountSidW
0x1400cf1b8 DuplicateTokenEx
0x1400cf1c0 CheckTokenMembership
0x1400cf1c8 CryptSetProvParam
0x1400cf1d0 CryptEnumProvidersW
0x1400cf1d8 ConvertStringSidToSidW
0x1400cf1e0 LsaFreeMemory
0x1400cf1e8 GetSidSubAuthority
0x1400cf1f0 GetSidSubAuthorityCount
0x1400cf1f8 IsValidSid
0x1400cf200 SetThreadToken
0x1400cf208 CryptEnumProviderTypesW
0x1400cf210 SystemFunction006
0x1400cf218 CryptGetUserKey
0x1400cf220 OpenEventLogW
0x1400cf228 GetNumberOfEventLogRecords
0x1400cf230 ClearEventLogW
0x1400cf238 SystemFunction001
0x1400cf240 CryptDeriveKey
0x1400cf248 SystemFunction005
0x1400cf250 LsaQueryTrustedDomainInfoByName
0x1400cf258 CryptSignHashW
0x1400cf260 LsaSetSecret
0x1400cf268 SystemFunction023
0x1400cf270 LsaOpenSecret
0x1400cf278 LsaQuerySecret
0x1400cf280 LsaRetrievePrivateData
0x1400cf288 LsaEnumerateTrustedDomainsEx
0x1400cf290 LookupPrivilegeValueW
0x1400cf298 StartServiceCtrlDispatcherW
0x1400cf2a0 SetServiceStatus
0x1400cf2a8 RegisterServiceCtrlHandlerW
0x1400cf2b0 LookupPrivilegeNameW
0x1400cf2b8 OpenThreadToken
0x1400cf2c0 EqualSid
0x1400cf2c8 CredFree
0x1400cf2d0 CredEnumerateW
0x1400cf2d8 SystemFunction026
0x1400cf2e0 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x1400cf2e8 SystemFunction027
0x1400cf2f0 CredIsMarshaledCredentialW
0x1400cf2f8 CredUnmarshalCredentialW
Cabinet.dll
0x1400cf3e0 None
0x1400cf3e8 None
0x1400cf3f0 None
0x1400cf3f8 None
CRYPT32.dll
0x1400cf308 CryptSignAndEncodeCertificate
0x1400cf310 CertEnumSystemStore
0x1400cf318 CertEnumCertificatesInStore
0x1400cf320 CertAddCertificateContextToStore
0x1400cf328 CryptDecodeObjectEx
0x1400cf330 CryptStringToBinaryA
0x1400cf338 CertAddEncodedCertificateToStore
0x1400cf340 CertOpenStore
0x1400cf348 CertFreeCertificateContext
0x1400cf350 CertCloseStore
0x1400cf358 CryptStringToBinaryW
0x1400cf360 CertSetCertificateContextProperty
0x1400cf368 PFXExportCertStoreEx
0x1400cf370 CryptUnprotectData
0x1400cf378 CryptBinaryToStringW
0x1400cf380 CryptBinaryToStringA
0x1400cf388 CryptExportPublicKeyInfo
0x1400cf390 CryptFindOIDInfo
0x1400cf398 CryptAcquireCertificatePrivateKey
0x1400cf3a0 CertNameToStrW
0x1400cf3a8 CertFindCertificateInStore
0x1400cf3b0 CertGetCertificateContextProperty
0x1400cf3b8 CertGetNameStringW
0x1400cf3c0 CryptEncodeObject
0x1400cf3c8 CryptProtectData
0x1400cf3d0 CryptQueryObject
cryptdll.dll
0x1400cff40 MD5Init
0x1400cff48 MD5Final
0x1400cff50 CDLocateCSystem
0x1400cff58 CDGenerateRandomBits
0x1400cff60 CDLocateCheckSum
0x1400cff68 MD5Update
DNSAPI.dll
0x1400cf408 DnsFree
0x1400cf410 DnsQuery_A
FLTLIB.DLL
0x1400cf420 FilterFindFirst
0x1400cf428 FilterFindNext
MPR.dll
0x1400cf8e8 WNetCancelConnection2W
0x1400cf8f0 WNetAddConnection2W
NETAPI32.dll
0x1400cf900 NetStatisticsGet
0x1400cf908 DsGetDcNameW
0x1400cf910 NetApiBufferFree
0x1400cf918 NetRemoteTOD
0x1400cf920 NetSessionEnum
0x1400cf928 NetServerGetInfo
0x1400cf930 DsEnumerateDomainTrustsW
0x1400cf938 NetShareEnum
0x1400cf940 NetWkstaUserEnum
ODBC32.dll
0x1400cf950 None
0x1400cf958 None
0x1400cf960 None
0x1400cf968 None
0x1400cf970 None
0x1400cf978 None
0x1400cf980 None
0x1400cf988 None
ole32.dll
0x1400d0378 CoInitializeEx
0x1400d0380 CoSetProxyBlanket
0x1400d0388 CoTaskMemFree
0x1400d0390 CoUninitialize
0x1400d0398 CoCreateInstance
OLEAUT32.dll
0x1400cf998 SysAllocString
0x1400cf9a0 VariantInit
0x1400cf9a8 SysFreeString
0x1400cf9b0 VariantClear
RPCRT4.dll
0x1400cf9c0 RpcBindingFree
0x1400cf9c8 RpcBindingFromStringBindingW
0x1400cf9d0 RpcStringBindingComposeW
0x1400cf9d8 MesEncodeIncrementalHandleCreate
0x1400cf9e0 RpcBindingSetAuthInfoExW
0x1400cf9e8 RpcBindingInqAuthClientW
0x1400cf9f0 RpcBindingSetOption
0x1400cf9f8 RpcImpersonateClient
0x1400cfa00 RpcStringFreeW
0x1400cfa08 RpcRevertToSelf
0x1400cfa10 MesDecodeIncrementalHandleCreate
0x1400cfa18 MesHandleFree
0x1400cfa20 MesIncrementalHandleReset
0x1400cfa28 NdrMesTypeDecode2
0x1400cfa30 NdrMesTypeAlignSize2
0x1400cfa38 NdrMesTypeFree2
0x1400cfa40 NdrMesTypeEncode2
0x1400cfa48 RpcServerUnregisterIfEx
0x1400cfa50 I_RpcBindingInqSecurityContext
0x1400cfa58 RpcServerInqBindings
0x1400cfa60 RpcServerListen
0x1400cfa68 RpcMgmtWaitServerListen
0x1400cfa70 RpcEpRegisterW
0x1400cfa78 RpcMgmtStopServerListening
0x1400cfa80 RpcBindingToStringBindingW
0x1400cfa88 RpcServerRegisterIf2
0x1400cfa90 RpcServerRegisterAuthInfoW
0x1400cfa98 RpcBindingVectorFree
0x1400cfaa0 UuidToStringW
0x1400cfaa8 RpcServerUseProtseqEpW
0x1400cfab0 RpcEpUnregister
0x1400cfab8 NdrServerCall2
0x1400cfac0 NdrClientCall2
0x1400cfac8 UuidCreate
0x1400cfad0 RpcEpResolveBinding
0x1400cfad8 RpcBindingSetObject
0x1400cfae0 RpcBindingSetAuthInfoW
0x1400cfae8 RpcMgmtEpEltInqDone
0x1400cfaf0 RpcMgmtEpEltInqNextW
0x1400cfaf8 RpcMgmtEpEltInqBegin
0x1400cfb00 I_RpcGetCurrentCallHandle
SHLWAPI.dll
0x1400cfc00 PathIsDirectoryW
0x1400cfc08 PathFindFileNameW
0x1400cfc10 PathIsRelativeW
0x1400cfc18 PathCanonicalizeW
0x1400cfc20 PathCombineW
SAMLIB.dll
0x1400cfb10 SamEnumerateAliasesInDomain
0x1400cfb18 SamQueryInformationUser
0x1400cfb20 SamCloseHandle
0x1400cfb28 SamEnumerateDomainsInSamServer
0x1400cfb30 SamFreeMemory
0x1400cfb38 SamEnumerateUsersInDomain
0x1400cfb40 SamOpenUser
0x1400cfb48 SamLookupDomainInSamServer
0x1400cfb50 SamLookupNamesInDomain
0x1400cfb58 SamLookupIdsInDomain
0x1400cfb60 SamOpenDomain
0x1400cfb68 SamConnect
0x1400cfb70 SamSetInformationUser
0x1400cfb78 SamiChangePasswordUser
0x1400cfb80 SamEnumerateGroupsInDomain
0x1400cfb88 SamGetGroupsForUser
0x1400cfb90 SamGetMembersInGroup
0x1400cfb98 SamRidToSid
0x1400cfba0 SamGetMembersInAlias
0x1400cfba8 SamGetAliasMembership
0x1400cfbb0 SamOpenGroup
0x1400cfbb8 SamOpenAlias
Secur32.dll
0x1400cfc30 InitializeSecurityContextW
0x1400cfc38 FreeContextBuffer
0x1400cfc40 LsaLookupAuthenticationPackage
0x1400cfc48 LsaFreeReturnBuffer
0x1400cfc50 LsaDeregisterLogonProcess
0x1400cfc58 QueryContextAttributesW
0x1400cfc60 AcquireCredentialsHandleW
0x1400cfc68 EnumerateSecurityPackagesW
0x1400cfc70 FreeCredentialsHandle
0x1400cfc78 DeleteSecurityContext
0x1400cfc80 LsaCallAuthenticationPackage
0x1400cfc88 LsaConnectUntrusted
SHELL32.dll
0x1400cfbf0 CommandLineToArgvW
USER32.dll
0x1400cfc98 SetClipboardViewer
0x1400cfca0 DefWindowProcW
0x1400cfca8 GetClipboardSequenceNumber
0x1400cfcb0 OpenClipboard
0x1400cfcb8 CreateWindowExW
0x1400cfcc0 ChangeClipboardChain
0x1400cfcc8 RegisterClassExW
0x1400cfcd0 TranslateMessage
0x1400cfcd8 EnumClipboardFormats
0x1400cfce0 PostMessageW
0x1400cfce8 DispatchMessageW
0x1400cfcf0 GetKeyboardLayout
0x1400cfcf8 IsCharAlphaNumericW
0x1400cfd00 SendMessageW
0x1400cfd08 UnregisterClassW
0x1400cfd10 GetMessageW
0x1400cfd18 DestroyWindow
0x1400cfd20 CloseClipboard
0x1400cfd28 GetClipboardData
USERENV.dll
0x1400cfd38 DestroyEnvironmentBlock
0x1400cfd40 CreateEnvironmentBlock
VERSION.dll
0x1400cfd50 VerQueryValueW
0x1400cfd58 GetFileVersionInfoSizeW
0x1400cfd60 GetFileVersionInfoW
HID.DLL
0x1400cf438 HidD_GetFeature
0x1400cf440 HidD_GetPreparsedData
0x1400cf448 HidD_GetHidGuid
0x1400cf450 HidP_GetCaps
0x1400cf458 HidD_SetFeature
0x1400cf460 HidD_FreePreparsedData
0x1400cf468 HidD_GetAttributes
SETUPAPI.dll
0x1400cfbc8 SetupDiGetDeviceInterfaceDetailW
0x1400cfbd0 SetupDiEnumDeviceInterfaces
0x1400cfbd8 SetupDiGetClassDevsW
0x1400cfbe0 SetupDiDestroyDeviceInfoList
WinSCard.dll
0x1400cfec0 SCardReleaseContext
0x1400cfec8 SCardListCardsW
0x1400cfed0 SCardGetCardTypeProviderNameW
0x1400cfed8 SCardListReadersW
0x1400cfee0 SCardFreeMemory
0x1400cfee8 SCardEstablishContext
0x1400cfef0 SCardControl
0x1400cfef8 SCardConnectW
0x1400cff00 SCardTransmit
0x1400cff08 SCardDisconnect
0x1400cff10 SCardGetAttrib
WINSTA.dll
0x1400cfd70 WinStationCloseServer
0x1400cfd78 WinStationOpenServerW
0x1400cfd80 WinStationFreeMemory
0x1400cfd88 WinStationConnectW
0x1400cfd90 WinStationQueryInformationW
0x1400cfd98 WinStationEnumerateW
WLDAP32.dll
0x1400cfda8 None
0x1400cfdb0 None
0x1400cfdb8 None
0x1400cfdc0 None
0x1400cfdc8 None
0x1400cfdd0 None
0x1400cfdd8 None
0x1400cfde0 None
0x1400cfde8 None
0x1400cfdf0 None
0x1400cfdf8 None
0x1400cfe00 None
0x1400cfe08 None
0x1400cfe10 None
0x1400cfe18 None
0x1400cfe20 None
0x1400cfe28 None
0x1400cfe30 None
0x1400cfe38 None
0x1400cfe40 None
0x1400cfe48 None
0x1400cfe50 None
0x1400cfe58 None
0x1400cfe60 None
0x1400cfe68 None
0x1400cfe70 None
0x1400cfe78 None
0x1400cfe80 None
0x1400cfe88 None
0x1400cfe90 None
0x1400cfe98 None
0x1400cfea0 None
0x1400cfea8 None
0x1400cfeb0 None
advapi32.dll
0x1400cff20 A_SHAFinal
0x1400cff28 A_SHAInit
0x1400cff30 A_SHAUpdate
msasn1.dll
0x1400cff78 ASN1_CreateModule
0x1400cff80 ASN1_CloseEncoder
0x1400cff88 ASN1_CreateDecoder
0x1400cff90 ASN1_FreeEncoded
0x1400cff98 ASN1_CloseModule
0x1400cffa0 ASN1_CreateEncoder
0x1400cffa8 ASN1_CloseDecoder
0x1400cffb0 ASN1BERDotVal2Eoid
ntdll.dll
0x1400d01a0 _strcmpi
0x1400d01a8 strstr
0x1400d01b0 towupper
0x1400d01b8 _wcstoui64
0x1400d01c0 wcsncmp
0x1400d01c8 wcstol
0x1400d01d0 strchr
0x1400d01d8 strcspn
0x1400d01e0 strncmp
0x1400d01e8 memmove
0x1400d01f0 _wcsnicmp
0x1400d01f8 strtoul
0x1400d0200 wcsstr
0x1400d0208 wcschr
0x1400d0210 wcsrchr
0x1400d0218 _stricmp
0x1400d0220 _vscwprintf
0x1400d0228 _wcsicmp
0x1400d0230 strrchr
0x1400d0238 _vsnprintf
0x1400d0240 log
0x1400d0248 memcmp
0x1400d0250 RtlUnicodeStringToAnsiString
0x1400d0258 RtlFreeAnsiString
0x1400d0260 RtlDowncaseUnicodeString
0x1400d0268 RtlFreeUnicodeString
0x1400d0270 RtlInitUnicodeString
0x1400d0278 RtlEqualUnicodeString
0x1400d0280 NtQueryObject
0x1400d0288 RtlCompressBuffer
0x1400d0290 RtlGetCompressionWorkSpaceSize
0x1400d0298 NtQuerySystemInformation
0x1400d02a0 RtlGetCurrentPeb
0x1400d02a8 NtQueryInformationProcess
0x1400d02b0 RtlCreateUserThread
0x1400d02b8 RtlGUIDFromString
0x1400d02c0 RtlStringFromGUID
0x1400d02c8 NtCompareTokens
0x1400d02d0 RtlGetNtVersionNumbers
0x1400d02d8 RtlEqualString
0x1400d02e0 RtlUpcaseUnicodeString
0x1400d02e8 RtlAppendUnicodeStringToString
0x1400d02f0 RtlAnsiStringToUnicodeString
0x1400d02f8 RtlFreeOemString
0x1400d0300 RtlUpcaseUnicodeStringToOemString
0x1400d0308 NtQueryDirectoryObject
0x1400d0310 NtResumeProcess
0x1400d0318 NtOpenDirectoryObject
0x1400d0320 RtlAdjustPrivilege
0x1400d0328 NtSuspendProcess
0x1400d0330 NtTerminateProcess
0x1400d0338 NtQuerySystemEnvironmentValueEx
0x1400d0340 NtSetSystemEnvironmentValueEx
0x1400d0348 NtEnumerateSystemEnvironmentValuesEx
0x1400d0350 RtlIpv4AddressToStringW
0x1400d0358 RtlIpv6AddressToStringW
0x1400d0360 wcstoul
0x1400d0368 __chkstk
netapi32.dll
0x1400d0180 I_NetServerAuthenticate2
0x1400d0188 I_NetServerTrustPasswordsGet
0x1400d0190 I_NetServerReqChallenge
KERNEL32.dll
0x1400cf478 lstrlenA
0x1400cf480 GetDateFormatW
0x1400cf488 PurgeComm
0x1400cf490 SystemTimeToFileTime
0x1400cf498 CreateRemoteThread
0x1400cf4a0 WaitForSingleObject
0x1400cf4a8 CreateProcessW
0x1400cf4b0 SetConsoleOutputCP
0x1400cf4b8 GetConsoleOutputCP
0x1400cf4c0 CreateFileMappingW
0x1400cf4c8 UnmapViewOfFile
0x1400cf4d0 MapViewOfFile
0x1400cf4d8 WriteProcessMemory
0x1400cf4e0 VirtualAllocEx
0x1400cf4e8 VirtualProtectEx
0x1400cf4f0 RtlVirtualUnwind
0x1400cf4f8 SetFilePointerEx
0x1400cf500 GetProcessId
0x1400cf508 GetComputerNameW
0x1400cf510 IsWow64Process
0x1400cf518 VirtualAlloc
0x1400cf520 SetLastError
0x1400cf528 ReadProcessMemory
0x1400cf530 VirtualFreeEx
0x1400cf538 VirtualQueryEx
0x1400cf540 VirtualFree
0x1400cf548 VirtualQuery
0x1400cf550 GetComputerNameExW
0x1400cf558 DeviceIoControl
0x1400cf560 DuplicateHandle
0x1400cf568 OpenProcess
0x1400cf570 GetCurrentProcess
0x1400cf578 ExpandEnvironmentStringsW
0x1400cf580 FindNextFileW
0x1400cf588 FindClose
0x1400cf590 GetCurrentDirectoryW
0x1400cf598 GetFileSizeEx
0x1400cf5a0 FlushFileBuffers
0x1400cf5a8 GetFileAttributesW
0x1400cf5b0 FindFirstFileW
0x1400cf5b8 lstrlenW
0x1400cf5c0 GetProcAddress
0x1400cf5c8 LoadLibraryW
0x1400cf5d0 GetModuleHandleW
0x1400cf5d8 FreeLibrary
0x1400cf5e0 DeleteFileA
0x1400cf5e8 GetTempPathA
0x1400cf5f0 GetFileInformationByHandle
0x1400cf5f8 FileTimeToLocalFileTime
0x1400cf600 GetCurrentDirectoryA
0x1400cf608 GetTempFileNameA
0x1400cf610 SetFilePointer
0x1400cf618 CreateFileA
0x1400cf620 FileTimeToDosDateTime
0x1400cf628 CreateThread
0x1400cf630 LocalFree
0x1400cf638 CloseHandle
0x1400cf640 LocalAlloc
0x1400cf648 GetLastError
0x1400cf650 CreateFileW
0x1400cf658 ReadFile
0x1400cf660 TerminateThread
0x1400cf668 WriteFile
0x1400cf670 FileTimeToSystemTime
0x1400cf678 Sleep
0x1400cf680 VirtualProtect
0x1400cf688 WideCharToMultiByte
0x1400cf690 GetTimeFormatW
0x1400cf698 GetFullPathNameW
0x1400cf6a0 GetFullPathNameA
0x1400cf6a8 HeapReAlloc
0x1400cf6b0 GetFileSize
0x1400cf6b8 CreateMutexW
0x1400cf6c0 HeapCompact
0x1400cf6c8 SetEndOfFile
0x1400cf6d0 HeapAlloc
0x1400cf6d8 QueryPerformanceCounter
0x1400cf6e0 HeapFree
0x1400cf6e8 UnlockFile
0x1400cf6f0 FlushViewOfFile
0x1400cf6f8 LockFile
0x1400cf700 WaitForSingleObjectEx
0x1400cf708 OutputDebugStringW
0x1400cf710 GetTickCount
0x1400cf718 UnlockFileEx
0x1400cf720 GetProcessHeap
0x1400cf728 FormatMessageA
0x1400cf730 FormatMessageW
0x1400cf738 GetVersionExW
0x1400cf740 HeapDestroy
0x1400cf748 GetSystemTimeAsFileTime
0x1400cf750 GetFileAttributesA
0x1400cf758 HeapCreate
0x1400cf760 HeapValidate
0x1400cf768 MultiByteToWideChar
0x1400cf770 GetTempPathW
0x1400cf778 HeapSize
0x1400cf780 LockFileEx
0x1400cf788 GetDiskFreeSpaceW
0x1400cf790 LoadLibraryA
0x1400cf798 CreateFileMappingA
0x1400cf7a0 GetDiskFreeSpaceA
0x1400cf7a8 GetSystemInfo
0x1400cf7b0 GetFileAttributesExW
0x1400cf7b8 OutputDebugStringA
0x1400cf7c0 GetVersionExA
0x1400cf7c8 DeleteFileW
0x1400cf7d0 GetCurrentProcessId
0x1400cf7d8 GetSystemTime
0x1400cf7e0 AreFileApisANSI
0x1400cf7e8 ExitProcess
0x1400cf7f0 ExitThread
0x1400cf7f8 RaiseException
0x1400cf800 SetConsoleCtrlHandler
0x1400cf808 SetConsoleTitleW
0x1400cf810 SetFileAttributesW
0x1400cf818 GlobalSize
0x1400cf820 SetHandleInformation
0x1400cf828 CreatePipe
0x1400cf830 InitializeCriticalSection
0x1400cf838 LeaveCriticalSection
0x1400cf840 EnterCriticalSection
0x1400cf848 DeleteCriticalSection
0x1400cf850 SetEvent
0x1400cf858 CreateEventW
0x1400cf860 GetSystemDirectoryW
0x1400cf868 SetConsoleCursorPosition
0x1400cf870 GetTimeZoneInformation
0x1400cf878 GetStdHandle
0x1400cf880 FillConsoleOutputCharacterW
0x1400cf888 GetConsoleScreenBufferInfo
0x1400cf890 SetCurrentDirectoryW
0x1400cf898 GetCurrentThread
0x1400cf8a0 ProcessIdToSessionId
0x1400cf8a8 RtlLookupFunctionEntry
0x1400cf8b0 RtlCaptureContext
0x1400cf8b8 TerminateProcess
0x1400cf8c0 UnhandledExceptionFilter
0x1400cf8c8 SetUnhandledExceptionFilter
0x1400cf8d0 GetCurrentThreadId
0x1400cf8d8 ClearCommError
msvcrt.dll
0x1400cffc0 calloc
0x1400cffc8 isdigit
0x1400cffd0 _fmode
0x1400cffd8 _commode
0x1400cffe0 __setusermatherr
0x1400cffe8 isspace
0x1400cfff0 mbtowc
0x1400cfff8 __mb_cur_max
0x1400d0000 isleadbyte
0x1400d0008 isxdigit
0x1400d0010 localeconv
0x1400d0018 _snprintf
0x1400d0020 __set_app_type
0x1400d0028 _itoa
0x1400d0030 wctomb
0x1400d0038 ferror
0x1400d0040 iswctype
0x1400d0048 wcstombs
0x1400d0050 ?terminate@@YAXXZ
0x1400d0058 __badioinfo
0x1400d0060 __pioinfo
0x1400d0068 _read
0x1400d0070 _lseeki64
0x1400d0078 _write
0x1400d0080 _isatty
0x1400d0088 ungetc
0x1400d0090 _amsg_exit
0x1400d0098 _initterm
0x1400d00a0 _vscprintf
0x1400d00a8 fclose
0x1400d00b0 _setmode
0x1400d00b8 exit
0x1400d00c0 _cexit
0x1400d00c8 _exit
0x1400d00d0 _XcptFilter
0x1400d00d8 __wgetmainargs
0x1400d00e0 __C_specific_handler
0x1400d00e8 memset
0x1400d00f0 memcpy
0x1400d00f8 vwprintf
0x1400d0100 getchar
0x1400d0108 _wpgmptr
0x1400d0110 fgetws
0x1400d0118 realloc
0x1400d0120 _msize
0x1400d0128 malloc
0x1400d0130 _errno
0x1400d0138 free
0x1400d0140 _wcsdup
0x1400d0148 vfwprintf
0x1400d0150 fflush
0x1400d0158 _wfopen
0x1400d0160 wprintf
0x1400d0168 _fileno
0x1400d0170 _iob
EAT(Export Address Table) is none
ADVAPI32.dll
0x1400cf000 CryptSetHashParam
0x1400cf008 CryptGetHashParam
0x1400cf010 CryptExportKey
0x1400cf018 CryptAcquireContextW
0x1400cf020 CryptSetKeyParam
0x1400cf028 CryptGetKeyParam
0x1400cf030 CryptReleaseContext
0x1400cf038 CryptDuplicateKey
0x1400cf040 CryptAcquireContextA
0x1400cf048 CryptGetProvParam
0x1400cf050 CryptImportKey
0x1400cf058 SystemFunction007
0x1400cf060 CryptEncrypt
0x1400cf068 CryptCreateHash
0x1400cf070 CryptGenKey
0x1400cf078 CryptDestroyKey
0x1400cf080 CryptDecrypt
0x1400cf088 CryptDestroyHash
0x1400cf090 CryptHashData
0x1400cf098 CopySid
0x1400cf0a0 GetLengthSid
0x1400cf0a8 LsaQueryInformationPolicy
0x1400cf0b0 LsaOpenPolicy
0x1400cf0b8 LsaClose
0x1400cf0c0 CreateWellKnownSid
0x1400cf0c8 CreateProcessWithLogonW
0x1400cf0d0 CreateProcessAsUserW
0x1400cf0d8 RegQueryValueExW
0x1400cf0e0 RegQueryInfoKeyW
0x1400cf0e8 RegEnumValueW
0x1400cf0f0 RegOpenKeyExW
0x1400cf0f8 RegEnumKeyExW
0x1400cf100 RegCloseKey
0x1400cf108 RegSetValueExW
0x1400cf110 SystemFunction033
0x1400cf118 SystemFunction032
0x1400cf120 ConvertSidToStringSidW
0x1400cf128 CreateServiceW
0x1400cf130 CloseServiceHandle
0x1400cf138 DeleteService
0x1400cf140 OpenSCManagerW
0x1400cf148 SetServiceObjectSecurity
0x1400cf150 OpenServiceW
0x1400cf158 BuildSecurityDescriptorW
0x1400cf160 QueryServiceObjectSecurity
0x1400cf168 StartServiceW
0x1400cf170 AllocateAndInitializeSid
0x1400cf178 QueryServiceStatusEx
0x1400cf180 FreeSid
0x1400cf188 ControlService
0x1400cf190 IsTextUnicode
0x1400cf198 OpenProcessToken
0x1400cf1a0 GetTokenInformation
0x1400cf1a8 LookupAccountNameW
0x1400cf1b0 LookupAccountSidW
0x1400cf1b8 DuplicateTokenEx
0x1400cf1c0 CheckTokenMembership
0x1400cf1c8 CryptSetProvParam
0x1400cf1d0 CryptEnumProvidersW
0x1400cf1d8 ConvertStringSidToSidW
0x1400cf1e0 LsaFreeMemory
0x1400cf1e8 GetSidSubAuthority
0x1400cf1f0 GetSidSubAuthorityCount
0x1400cf1f8 IsValidSid
0x1400cf200 SetThreadToken
0x1400cf208 CryptEnumProviderTypesW
0x1400cf210 SystemFunction006
0x1400cf218 CryptGetUserKey
0x1400cf220 OpenEventLogW
0x1400cf228 GetNumberOfEventLogRecords
0x1400cf230 ClearEventLogW
0x1400cf238 SystemFunction001
0x1400cf240 CryptDeriveKey
0x1400cf248 SystemFunction005
0x1400cf250 LsaQueryTrustedDomainInfoByName
0x1400cf258 CryptSignHashW
0x1400cf260 LsaSetSecret
0x1400cf268 SystemFunction023
0x1400cf270 LsaOpenSecret
0x1400cf278 LsaQuerySecret
0x1400cf280 LsaRetrievePrivateData
0x1400cf288 LsaEnumerateTrustedDomainsEx
0x1400cf290 LookupPrivilegeValueW
0x1400cf298 StartServiceCtrlDispatcherW
0x1400cf2a0 SetServiceStatus
0x1400cf2a8 RegisterServiceCtrlHandlerW
0x1400cf2b0 LookupPrivilegeNameW
0x1400cf2b8 OpenThreadToken
0x1400cf2c0 EqualSid
0x1400cf2c8 CredFree
0x1400cf2d0 CredEnumerateW
0x1400cf2d8 SystemFunction026
0x1400cf2e0 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x1400cf2e8 SystemFunction027
0x1400cf2f0 CredIsMarshaledCredentialW
0x1400cf2f8 CredUnmarshalCredentialW
Cabinet.dll
0x1400cf3e0 None
0x1400cf3e8 None
0x1400cf3f0 None
0x1400cf3f8 None
CRYPT32.dll
0x1400cf308 CryptSignAndEncodeCertificate
0x1400cf310 CertEnumSystemStore
0x1400cf318 CertEnumCertificatesInStore
0x1400cf320 CertAddCertificateContextToStore
0x1400cf328 CryptDecodeObjectEx
0x1400cf330 CryptStringToBinaryA
0x1400cf338 CertAddEncodedCertificateToStore
0x1400cf340 CertOpenStore
0x1400cf348 CertFreeCertificateContext
0x1400cf350 CertCloseStore
0x1400cf358 CryptStringToBinaryW
0x1400cf360 CertSetCertificateContextProperty
0x1400cf368 PFXExportCertStoreEx
0x1400cf370 CryptUnprotectData
0x1400cf378 CryptBinaryToStringW
0x1400cf380 CryptBinaryToStringA
0x1400cf388 CryptExportPublicKeyInfo
0x1400cf390 CryptFindOIDInfo
0x1400cf398 CryptAcquireCertificatePrivateKey
0x1400cf3a0 CertNameToStrW
0x1400cf3a8 CertFindCertificateInStore
0x1400cf3b0 CertGetCertificateContextProperty
0x1400cf3b8 CertGetNameStringW
0x1400cf3c0 CryptEncodeObject
0x1400cf3c8 CryptProtectData
0x1400cf3d0 CryptQueryObject
cryptdll.dll
0x1400cff40 MD5Init
0x1400cff48 MD5Final
0x1400cff50 CDLocateCSystem
0x1400cff58 CDGenerateRandomBits
0x1400cff60 CDLocateCheckSum
0x1400cff68 MD5Update
DNSAPI.dll
0x1400cf408 DnsFree
0x1400cf410 DnsQuery_A
FLTLIB.DLL
0x1400cf420 FilterFindFirst
0x1400cf428 FilterFindNext
MPR.dll
0x1400cf8e8 WNetCancelConnection2W
0x1400cf8f0 WNetAddConnection2W
NETAPI32.dll
0x1400cf900 NetStatisticsGet
0x1400cf908 DsGetDcNameW
0x1400cf910 NetApiBufferFree
0x1400cf918 NetRemoteTOD
0x1400cf920 NetSessionEnum
0x1400cf928 NetServerGetInfo
0x1400cf930 DsEnumerateDomainTrustsW
0x1400cf938 NetShareEnum
0x1400cf940 NetWkstaUserEnum
ODBC32.dll
0x1400cf950 None
0x1400cf958 None
0x1400cf960 None
0x1400cf968 None
0x1400cf970 None
0x1400cf978 None
0x1400cf980 None
0x1400cf988 None
ole32.dll
0x1400d0378 CoInitializeEx
0x1400d0380 CoSetProxyBlanket
0x1400d0388 CoTaskMemFree
0x1400d0390 CoUninitialize
0x1400d0398 CoCreateInstance
OLEAUT32.dll
0x1400cf998 SysAllocString
0x1400cf9a0 VariantInit
0x1400cf9a8 SysFreeString
0x1400cf9b0 VariantClear
RPCRT4.dll
0x1400cf9c0 RpcBindingFree
0x1400cf9c8 RpcBindingFromStringBindingW
0x1400cf9d0 RpcStringBindingComposeW
0x1400cf9d8 MesEncodeIncrementalHandleCreate
0x1400cf9e0 RpcBindingSetAuthInfoExW
0x1400cf9e8 RpcBindingInqAuthClientW
0x1400cf9f0 RpcBindingSetOption
0x1400cf9f8 RpcImpersonateClient
0x1400cfa00 RpcStringFreeW
0x1400cfa08 RpcRevertToSelf
0x1400cfa10 MesDecodeIncrementalHandleCreate
0x1400cfa18 MesHandleFree
0x1400cfa20 MesIncrementalHandleReset
0x1400cfa28 NdrMesTypeDecode2
0x1400cfa30 NdrMesTypeAlignSize2
0x1400cfa38 NdrMesTypeFree2
0x1400cfa40 NdrMesTypeEncode2
0x1400cfa48 RpcServerUnregisterIfEx
0x1400cfa50 I_RpcBindingInqSecurityContext
0x1400cfa58 RpcServerInqBindings
0x1400cfa60 RpcServerListen
0x1400cfa68 RpcMgmtWaitServerListen
0x1400cfa70 RpcEpRegisterW
0x1400cfa78 RpcMgmtStopServerListening
0x1400cfa80 RpcBindingToStringBindingW
0x1400cfa88 RpcServerRegisterIf2
0x1400cfa90 RpcServerRegisterAuthInfoW
0x1400cfa98 RpcBindingVectorFree
0x1400cfaa0 UuidToStringW
0x1400cfaa8 RpcServerUseProtseqEpW
0x1400cfab0 RpcEpUnregister
0x1400cfab8 NdrServerCall2
0x1400cfac0 NdrClientCall2
0x1400cfac8 UuidCreate
0x1400cfad0 RpcEpResolveBinding
0x1400cfad8 RpcBindingSetObject
0x1400cfae0 RpcBindingSetAuthInfoW
0x1400cfae8 RpcMgmtEpEltInqDone
0x1400cfaf0 RpcMgmtEpEltInqNextW
0x1400cfaf8 RpcMgmtEpEltInqBegin
0x1400cfb00 I_RpcGetCurrentCallHandle
SHLWAPI.dll
0x1400cfc00 PathIsDirectoryW
0x1400cfc08 PathFindFileNameW
0x1400cfc10 PathIsRelativeW
0x1400cfc18 PathCanonicalizeW
0x1400cfc20 PathCombineW
SAMLIB.dll
0x1400cfb10 SamEnumerateAliasesInDomain
0x1400cfb18 SamQueryInformationUser
0x1400cfb20 SamCloseHandle
0x1400cfb28 SamEnumerateDomainsInSamServer
0x1400cfb30 SamFreeMemory
0x1400cfb38 SamEnumerateUsersInDomain
0x1400cfb40 SamOpenUser
0x1400cfb48 SamLookupDomainInSamServer
0x1400cfb50 SamLookupNamesInDomain
0x1400cfb58 SamLookupIdsInDomain
0x1400cfb60 SamOpenDomain
0x1400cfb68 SamConnect
0x1400cfb70 SamSetInformationUser
0x1400cfb78 SamiChangePasswordUser
0x1400cfb80 SamEnumerateGroupsInDomain
0x1400cfb88 SamGetGroupsForUser
0x1400cfb90 SamGetMembersInGroup
0x1400cfb98 SamRidToSid
0x1400cfba0 SamGetMembersInAlias
0x1400cfba8 SamGetAliasMembership
0x1400cfbb0 SamOpenGroup
0x1400cfbb8 SamOpenAlias
Secur32.dll
0x1400cfc30 InitializeSecurityContextW
0x1400cfc38 FreeContextBuffer
0x1400cfc40 LsaLookupAuthenticationPackage
0x1400cfc48 LsaFreeReturnBuffer
0x1400cfc50 LsaDeregisterLogonProcess
0x1400cfc58 QueryContextAttributesW
0x1400cfc60 AcquireCredentialsHandleW
0x1400cfc68 EnumerateSecurityPackagesW
0x1400cfc70 FreeCredentialsHandle
0x1400cfc78 DeleteSecurityContext
0x1400cfc80 LsaCallAuthenticationPackage
0x1400cfc88 LsaConnectUntrusted
SHELL32.dll
0x1400cfbf0 CommandLineToArgvW
USER32.dll
0x1400cfc98 SetClipboardViewer
0x1400cfca0 DefWindowProcW
0x1400cfca8 GetClipboardSequenceNumber
0x1400cfcb0 OpenClipboard
0x1400cfcb8 CreateWindowExW
0x1400cfcc0 ChangeClipboardChain
0x1400cfcc8 RegisterClassExW
0x1400cfcd0 TranslateMessage
0x1400cfcd8 EnumClipboardFormats
0x1400cfce0 PostMessageW
0x1400cfce8 DispatchMessageW
0x1400cfcf0 GetKeyboardLayout
0x1400cfcf8 IsCharAlphaNumericW
0x1400cfd00 SendMessageW
0x1400cfd08 UnregisterClassW
0x1400cfd10 GetMessageW
0x1400cfd18 DestroyWindow
0x1400cfd20 CloseClipboard
0x1400cfd28 GetClipboardData
USERENV.dll
0x1400cfd38 DestroyEnvironmentBlock
0x1400cfd40 CreateEnvironmentBlock
VERSION.dll
0x1400cfd50 VerQueryValueW
0x1400cfd58 GetFileVersionInfoSizeW
0x1400cfd60 GetFileVersionInfoW
HID.DLL
0x1400cf438 HidD_GetFeature
0x1400cf440 HidD_GetPreparsedData
0x1400cf448 HidD_GetHidGuid
0x1400cf450 HidP_GetCaps
0x1400cf458 HidD_SetFeature
0x1400cf460 HidD_FreePreparsedData
0x1400cf468 HidD_GetAttributes
SETUPAPI.dll
0x1400cfbc8 SetupDiGetDeviceInterfaceDetailW
0x1400cfbd0 SetupDiEnumDeviceInterfaces
0x1400cfbd8 SetupDiGetClassDevsW
0x1400cfbe0 SetupDiDestroyDeviceInfoList
WinSCard.dll
0x1400cfec0 SCardReleaseContext
0x1400cfec8 SCardListCardsW
0x1400cfed0 SCardGetCardTypeProviderNameW
0x1400cfed8 SCardListReadersW
0x1400cfee0 SCardFreeMemory
0x1400cfee8 SCardEstablishContext
0x1400cfef0 SCardControl
0x1400cfef8 SCardConnectW
0x1400cff00 SCardTransmit
0x1400cff08 SCardDisconnect
0x1400cff10 SCardGetAttrib
WINSTA.dll
0x1400cfd70 WinStationCloseServer
0x1400cfd78 WinStationOpenServerW
0x1400cfd80 WinStationFreeMemory
0x1400cfd88 WinStationConnectW
0x1400cfd90 WinStationQueryInformationW
0x1400cfd98 WinStationEnumerateW
WLDAP32.dll
0x1400cfda8 None
0x1400cfdb0 None
0x1400cfdb8 None
0x1400cfdc0 None
0x1400cfdc8 None
0x1400cfdd0 None
0x1400cfdd8 None
0x1400cfde0 None
0x1400cfde8 None
0x1400cfdf0 None
0x1400cfdf8 None
0x1400cfe00 None
0x1400cfe08 None
0x1400cfe10 None
0x1400cfe18 None
0x1400cfe20 None
0x1400cfe28 None
0x1400cfe30 None
0x1400cfe38 None
0x1400cfe40 None
0x1400cfe48 None
0x1400cfe50 None
0x1400cfe58 None
0x1400cfe60 None
0x1400cfe68 None
0x1400cfe70 None
0x1400cfe78 None
0x1400cfe80 None
0x1400cfe88 None
0x1400cfe90 None
0x1400cfe98 None
0x1400cfea0 None
0x1400cfea8 None
0x1400cfeb0 None
advapi32.dll
0x1400cff20 A_SHAFinal
0x1400cff28 A_SHAInit
0x1400cff30 A_SHAUpdate
msasn1.dll
0x1400cff78 ASN1_CreateModule
0x1400cff80 ASN1_CloseEncoder
0x1400cff88 ASN1_CreateDecoder
0x1400cff90 ASN1_FreeEncoded
0x1400cff98 ASN1_CloseModule
0x1400cffa0 ASN1_CreateEncoder
0x1400cffa8 ASN1_CloseDecoder
0x1400cffb0 ASN1BERDotVal2Eoid
ntdll.dll
0x1400d01a0 _strcmpi
0x1400d01a8 strstr
0x1400d01b0 towupper
0x1400d01b8 _wcstoui64
0x1400d01c0 wcsncmp
0x1400d01c8 wcstol
0x1400d01d0 strchr
0x1400d01d8 strcspn
0x1400d01e0 strncmp
0x1400d01e8 memmove
0x1400d01f0 _wcsnicmp
0x1400d01f8 strtoul
0x1400d0200 wcsstr
0x1400d0208 wcschr
0x1400d0210 wcsrchr
0x1400d0218 _stricmp
0x1400d0220 _vscwprintf
0x1400d0228 _wcsicmp
0x1400d0230 strrchr
0x1400d0238 _vsnprintf
0x1400d0240 log
0x1400d0248 memcmp
0x1400d0250 RtlUnicodeStringToAnsiString
0x1400d0258 RtlFreeAnsiString
0x1400d0260 RtlDowncaseUnicodeString
0x1400d0268 RtlFreeUnicodeString
0x1400d0270 RtlInitUnicodeString
0x1400d0278 RtlEqualUnicodeString
0x1400d0280 NtQueryObject
0x1400d0288 RtlCompressBuffer
0x1400d0290 RtlGetCompressionWorkSpaceSize
0x1400d0298 NtQuerySystemInformation
0x1400d02a0 RtlGetCurrentPeb
0x1400d02a8 NtQueryInformationProcess
0x1400d02b0 RtlCreateUserThread
0x1400d02b8 RtlGUIDFromString
0x1400d02c0 RtlStringFromGUID
0x1400d02c8 NtCompareTokens
0x1400d02d0 RtlGetNtVersionNumbers
0x1400d02d8 RtlEqualString
0x1400d02e0 RtlUpcaseUnicodeString
0x1400d02e8 RtlAppendUnicodeStringToString
0x1400d02f0 RtlAnsiStringToUnicodeString
0x1400d02f8 RtlFreeOemString
0x1400d0300 RtlUpcaseUnicodeStringToOemString
0x1400d0308 NtQueryDirectoryObject
0x1400d0310 NtResumeProcess
0x1400d0318 NtOpenDirectoryObject
0x1400d0320 RtlAdjustPrivilege
0x1400d0328 NtSuspendProcess
0x1400d0330 NtTerminateProcess
0x1400d0338 NtQuerySystemEnvironmentValueEx
0x1400d0340 NtSetSystemEnvironmentValueEx
0x1400d0348 NtEnumerateSystemEnvironmentValuesEx
0x1400d0350 RtlIpv4AddressToStringW
0x1400d0358 RtlIpv6AddressToStringW
0x1400d0360 wcstoul
0x1400d0368 __chkstk
netapi32.dll
0x1400d0180 I_NetServerAuthenticate2
0x1400d0188 I_NetServerTrustPasswordsGet
0x1400d0190 I_NetServerReqChallenge
KERNEL32.dll
0x1400cf478 lstrlenA
0x1400cf480 GetDateFormatW
0x1400cf488 PurgeComm
0x1400cf490 SystemTimeToFileTime
0x1400cf498 CreateRemoteThread
0x1400cf4a0 WaitForSingleObject
0x1400cf4a8 CreateProcessW
0x1400cf4b0 SetConsoleOutputCP
0x1400cf4b8 GetConsoleOutputCP
0x1400cf4c0 CreateFileMappingW
0x1400cf4c8 UnmapViewOfFile
0x1400cf4d0 MapViewOfFile
0x1400cf4d8 WriteProcessMemory
0x1400cf4e0 VirtualAllocEx
0x1400cf4e8 VirtualProtectEx
0x1400cf4f0 RtlVirtualUnwind
0x1400cf4f8 SetFilePointerEx
0x1400cf500 GetProcessId
0x1400cf508 GetComputerNameW
0x1400cf510 IsWow64Process
0x1400cf518 VirtualAlloc
0x1400cf520 SetLastError
0x1400cf528 ReadProcessMemory
0x1400cf530 VirtualFreeEx
0x1400cf538 VirtualQueryEx
0x1400cf540 VirtualFree
0x1400cf548 VirtualQuery
0x1400cf550 GetComputerNameExW
0x1400cf558 DeviceIoControl
0x1400cf560 DuplicateHandle
0x1400cf568 OpenProcess
0x1400cf570 GetCurrentProcess
0x1400cf578 ExpandEnvironmentStringsW
0x1400cf580 FindNextFileW
0x1400cf588 FindClose
0x1400cf590 GetCurrentDirectoryW
0x1400cf598 GetFileSizeEx
0x1400cf5a0 FlushFileBuffers
0x1400cf5a8 GetFileAttributesW
0x1400cf5b0 FindFirstFileW
0x1400cf5b8 lstrlenW
0x1400cf5c0 GetProcAddress
0x1400cf5c8 LoadLibraryW
0x1400cf5d0 GetModuleHandleW
0x1400cf5d8 FreeLibrary
0x1400cf5e0 DeleteFileA
0x1400cf5e8 GetTempPathA
0x1400cf5f0 GetFileInformationByHandle
0x1400cf5f8 FileTimeToLocalFileTime
0x1400cf600 GetCurrentDirectoryA
0x1400cf608 GetTempFileNameA
0x1400cf610 SetFilePointer
0x1400cf618 CreateFileA
0x1400cf620 FileTimeToDosDateTime
0x1400cf628 CreateThread
0x1400cf630 LocalFree
0x1400cf638 CloseHandle
0x1400cf640 LocalAlloc
0x1400cf648 GetLastError
0x1400cf650 CreateFileW
0x1400cf658 ReadFile
0x1400cf660 TerminateThread
0x1400cf668 WriteFile
0x1400cf670 FileTimeToSystemTime
0x1400cf678 Sleep
0x1400cf680 VirtualProtect
0x1400cf688 WideCharToMultiByte
0x1400cf690 GetTimeFormatW
0x1400cf698 GetFullPathNameW
0x1400cf6a0 GetFullPathNameA
0x1400cf6a8 HeapReAlloc
0x1400cf6b0 GetFileSize
0x1400cf6b8 CreateMutexW
0x1400cf6c0 HeapCompact
0x1400cf6c8 SetEndOfFile
0x1400cf6d0 HeapAlloc
0x1400cf6d8 QueryPerformanceCounter
0x1400cf6e0 HeapFree
0x1400cf6e8 UnlockFile
0x1400cf6f0 FlushViewOfFile
0x1400cf6f8 LockFile
0x1400cf700 WaitForSingleObjectEx
0x1400cf708 OutputDebugStringW
0x1400cf710 GetTickCount
0x1400cf718 UnlockFileEx
0x1400cf720 GetProcessHeap
0x1400cf728 FormatMessageA
0x1400cf730 FormatMessageW
0x1400cf738 GetVersionExW
0x1400cf740 HeapDestroy
0x1400cf748 GetSystemTimeAsFileTime
0x1400cf750 GetFileAttributesA
0x1400cf758 HeapCreate
0x1400cf760 HeapValidate
0x1400cf768 MultiByteToWideChar
0x1400cf770 GetTempPathW
0x1400cf778 HeapSize
0x1400cf780 LockFileEx
0x1400cf788 GetDiskFreeSpaceW
0x1400cf790 LoadLibraryA
0x1400cf798 CreateFileMappingA
0x1400cf7a0 GetDiskFreeSpaceA
0x1400cf7a8 GetSystemInfo
0x1400cf7b0 GetFileAttributesExW
0x1400cf7b8 OutputDebugStringA
0x1400cf7c0 GetVersionExA
0x1400cf7c8 DeleteFileW
0x1400cf7d0 GetCurrentProcessId
0x1400cf7d8 GetSystemTime
0x1400cf7e0 AreFileApisANSI
0x1400cf7e8 ExitProcess
0x1400cf7f0 ExitThread
0x1400cf7f8 RaiseException
0x1400cf800 SetConsoleCtrlHandler
0x1400cf808 SetConsoleTitleW
0x1400cf810 SetFileAttributesW
0x1400cf818 GlobalSize
0x1400cf820 SetHandleInformation
0x1400cf828 CreatePipe
0x1400cf830 InitializeCriticalSection
0x1400cf838 LeaveCriticalSection
0x1400cf840 EnterCriticalSection
0x1400cf848 DeleteCriticalSection
0x1400cf850 SetEvent
0x1400cf858 CreateEventW
0x1400cf860 GetSystemDirectoryW
0x1400cf868 SetConsoleCursorPosition
0x1400cf870 GetTimeZoneInformation
0x1400cf878 GetStdHandle
0x1400cf880 FillConsoleOutputCharacterW
0x1400cf888 GetConsoleScreenBufferInfo
0x1400cf890 SetCurrentDirectoryW
0x1400cf898 GetCurrentThread
0x1400cf8a0 ProcessIdToSessionId
0x1400cf8a8 RtlLookupFunctionEntry
0x1400cf8b0 RtlCaptureContext
0x1400cf8b8 TerminateProcess
0x1400cf8c0 UnhandledExceptionFilter
0x1400cf8c8 SetUnhandledExceptionFilter
0x1400cf8d0 GetCurrentThreadId
0x1400cf8d8 ClearCommError
msvcrt.dll
0x1400cffc0 calloc
0x1400cffc8 isdigit
0x1400cffd0 _fmode
0x1400cffd8 _commode
0x1400cffe0 __setusermatherr
0x1400cffe8 isspace
0x1400cfff0 mbtowc
0x1400cfff8 __mb_cur_max
0x1400d0000 isleadbyte
0x1400d0008 isxdigit
0x1400d0010 localeconv
0x1400d0018 _snprintf
0x1400d0020 __set_app_type
0x1400d0028 _itoa
0x1400d0030 wctomb
0x1400d0038 ferror
0x1400d0040 iswctype
0x1400d0048 wcstombs
0x1400d0050 ?terminate@@YAXXZ
0x1400d0058 __badioinfo
0x1400d0060 __pioinfo
0x1400d0068 _read
0x1400d0070 _lseeki64
0x1400d0078 _write
0x1400d0080 _isatty
0x1400d0088 ungetc
0x1400d0090 _amsg_exit
0x1400d0098 _initterm
0x1400d00a0 _vscprintf
0x1400d00a8 fclose
0x1400d00b0 _setmode
0x1400d00b8 exit
0x1400d00c0 _cexit
0x1400d00c8 _exit
0x1400d00d0 _XcptFilter
0x1400d00d8 __wgetmainargs
0x1400d00e0 __C_specific_handler
0x1400d00e8 memset
0x1400d00f0 memcpy
0x1400d00f8 vwprintf
0x1400d0100 getchar
0x1400d0108 _wpgmptr
0x1400d0110 fgetws
0x1400d0118 realloc
0x1400d0120 _msize
0x1400d0128 malloc
0x1400d0130 _errno
0x1400d0138 free
0x1400d0140 _wcsdup
0x1400d0148 vfwprintf
0x1400d0150 fflush
0x1400d0158 _wfopen
0x1400d0160 wprintf
0x1400d0168 _fileno
0x1400d0170 _iob
EAT(Export Address Table) is none