ScreenShot
| Created | 2023.04.25 17:56 | Machine | s1_win7_x6403 |
| Filename | mimikatz.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 60 detected (Windows, Hacktool, Mimikatz, Malicious, score, S13719268, HTool, unsafe, Tool, Save, confidence, 100%, Eldorado, GenericKD, jsrqig, HacktoolX, Apteryx, AGEN, HKTL, MIMIKATZ64, HToolMimiKatz, high, ai score=86, Malware@#2e2m06ht3u8w, Detected, R366782, Misc, Neshta, FileInfector, HackingTool, CLASSIC, Static AI, Malicious PE, susgen, NetWalker) | ||
| md5 | 29efd64dd3c7fe1e2b022b7ad73a1ba5 | ||
| sha256 | 61c0810a23580cf492a6ba4f7654566108331e7a4134c968c2d6a05261b2d8a1 | ||
| ssdeep | 24576:0CgjBAeu8iuUHGzkuBhzy2F+yVICFPC27rIlve3NuacODvsG:0CI7XBE2IuF64rIlmdii | ||
| imphash | 55ee500bb4bdfc49f27a98ae456d8edf | ||
| impfuzzy | 192:lUQG990nAxXf5N2RdjuGIO8xWjsl6XTMJIf9qUQRYFXSWBaGZ1G11ji+tv:lSmefL2WruTHtFXSI1G11++l | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1400d1000 CryptSetHashParam
0x1400d1008 CryptGetHashParam
0x1400d1010 CryptExportKey
0x1400d1018 CryptAcquireContextW
0x1400d1020 CryptSetKeyParam
0x1400d1028 CryptGetKeyParam
0x1400d1030 CryptReleaseContext
0x1400d1038 CryptDuplicateKey
0x1400d1040 CryptAcquireContextA
0x1400d1048 CryptGetProvParam
0x1400d1050 CryptImportKey
0x1400d1058 SystemFunction007
0x1400d1060 CryptEncrypt
0x1400d1068 CryptCreateHash
0x1400d1070 CryptGenKey
0x1400d1078 CryptDestroyKey
0x1400d1080 CryptDecrypt
0x1400d1088 CryptDestroyHash
0x1400d1090 CryptHashData
0x1400d1098 CopySid
0x1400d10a0 GetLengthSid
0x1400d10a8 LsaQueryInformationPolicy
0x1400d10b0 LsaOpenPolicy
0x1400d10b8 LsaClose
0x1400d10c0 CreateWellKnownSid
0x1400d10c8 CreateProcessWithLogonW
0x1400d10d0 CreateProcessAsUserW
0x1400d10d8 RegQueryValueExW
0x1400d10e0 RegQueryInfoKeyW
0x1400d10e8 RegEnumValueW
0x1400d10f0 RegOpenKeyExW
0x1400d10f8 RegEnumKeyExW
0x1400d1100 RegCloseKey
0x1400d1108 RegSetValueExW
0x1400d1110 SystemFunction033
0x1400d1118 SystemFunction032
0x1400d1120 ConvertSidToStringSidW
0x1400d1128 CreateServiceW
0x1400d1130 CloseServiceHandle
0x1400d1138 DeleteService
0x1400d1140 OpenSCManagerW
0x1400d1148 SetServiceObjectSecurity
0x1400d1150 OpenServiceW
0x1400d1158 BuildSecurityDescriptorW
0x1400d1160 QueryServiceObjectSecurity
0x1400d1168 StartServiceW
0x1400d1170 AllocateAndInitializeSid
0x1400d1178 QueryServiceStatusEx
0x1400d1180 FreeSid
0x1400d1188 ControlService
0x1400d1190 IsTextUnicode
0x1400d1198 OpenProcessToken
0x1400d11a0 GetTokenInformation
0x1400d11a8 LookupAccountNameW
0x1400d11b0 LookupAccountSidW
0x1400d11b8 DuplicateTokenEx
0x1400d11c0 CheckTokenMembership
0x1400d11c8 CryptSetProvParam
0x1400d11d0 CryptEnumProvidersW
0x1400d11d8 ConvertStringSidToSidW
0x1400d11e0 LsaFreeMemory
0x1400d11e8 GetSidSubAuthority
0x1400d11f0 GetSidSubAuthorityCount
0x1400d11f8 IsValidSid
0x1400d1200 SetThreadToken
0x1400d1208 CryptEnumProviderTypesW
0x1400d1210 SystemFunction006
0x1400d1218 CryptGetUserKey
0x1400d1220 OpenEventLogW
0x1400d1228 GetNumberOfEventLogRecords
0x1400d1230 ClearEventLogW
0x1400d1238 SystemFunction001
0x1400d1240 CryptDeriveKey
0x1400d1248 SystemFunction005
0x1400d1250 LsaQueryTrustedDomainInfoByName
0x1400d1258 CryptSignHashW
0x1400d1260 LsaSetSecret
0x1400d1268 SystemFunction023
0x1400d1270 LsaOpenSecret
0x1400d1278 LsaQuerySecret
0x1400d1280 LsaRetrievePrivateData
0x1400d1288 LsaEnumerateTrustedDomainsEx
0x1400d1290 LookupPrivilegeValueW
0x1400d1298 StartServiceCtrlDispatcherW
0x1400d12a0 SetServiceStatus
0x1400d12a8 RegisterServiceCtrlHandlerW
0x1400d12b0 LookupPrivilegeNameW
0x1400d12b8 OpenThreadToken
0x1400d12c0 EqualSid
0x1400d12c8 CredFree
0x1400d12d0 CredEnumerateW
0x1400d12d8 SystemFunction026
0x1400d12e0 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x1400d12e8 SystemFunction027
0x1400d12f0 SystemFunction041
0x1400d12f8 CredIsMarshaledCredentialW
0x1400d1300 CredUnmarshalCredentialW
Cabinet.dll
0x1400d13e8 None
0x1400d13f0 None
0x1400d13f8 None
0x1400d1400 None
CRYPT32.dll
0x1400d1310 CryptSignAndEncodeCertificate
0x1400d1318 CertEnumSystemStore
0x1400d1320 CertEnumCertificatesInStore
0x1400d1328 CertAddCertificateContextToStore
0x1400d1330 CryptDecodeObjectEx
0x1400d1338 CryptStringToBinaryA
0x1400d1340 CertAddEncodedCertificateToStore
0x1400d1348 CertOpenStore
0x1400d1350 CertFreeCertificateContext
0x1400d1358 CertCloseStore
0x1400d1360 CryptStringToBinaryW
0x1400d1368 CertSetCertificateContextProperty
0x1400d1370 PFXExportCertStoreEx
0x1400d1378 CryptUnprotectData
0x1400d1380 CryptBinaryToStringW
0x1400d1388 CryptBinaryToStringA
0x1400d1390 CryptExportPublicKeyInfo
0x1400d1398 CryptFindOIDInfo
0x1400d13a0 CryptAcquireCertificatePrivateKey
0x1400d13a8 CertNameToStrW
0x1400d13b0 CertFindCertificateInStore
0x1400d13b8 CertGetCertificateContextProperty
0x1400d13c0 CertGetNameStringW
0x1400d13c8 CryptEncodeObject
0x1400d13d0 CryptProtectData
0x1400d13d8 CryptQueryObject
cryptdll.dll
0x1400d1f50 MD5Init
0x1400d1f58 MD5Final
0x1400d1f60 CDLocateCSystem
0x1400d1f68 CDGenerateRandomBits
0x1400d1f70 CDLocateCheckSum
0x1400d1f78 MD5Update
DNSAPI.dll
0x1400d1410 DnsFree
0x1400d1418 DnsQuery_A
FLTLIB.DLL
0x1400d1428 FilterFindFirst
0x1400d1430 FilterFindNext
MPR.dll
0x1400d18f0 WNetCancelConnection2W
0x1400d18f8 WNetAddConnection2W
NETAPI32.dll
0x1400d1908 NetStatisticsGet
0x1400d1910 DsGetDcNameW
0x1400d1918 NetApiBufferFree
0x1400d1920 NetRemoteTOD
0x1400d1928 NetSessionEnum
0x1400d1930 NetServerGetInfo
0x1400d1938 DsEnumerateDomainTrustsW
0x1400d1940 NetShareEnum
0x1400d1948 NetWkstaUserEnum
ODBC32.dll
0x1400d1958 None
0x1400d1960 None
0x1400d1968 None
0x1400d1970 None
0x1400d1978 None
0x1400d1980 None
0x1400d1988 None
0x1400d1990 None
ole32.dll
0x1400d2390 CoInitializeEx
0x1400d2398 CoSetProxyBlanket
0x1400d23a0 CoTaskMemFree
0x1400d23a8 CoUninitialize
0x1400d23b0 CoCreateInstance
OLEAUT32.dll
0x1400d19a0 SysAllocString
0x1400d19a8 VariantInit
0x1400d19b0 SysFreeString
0x1400d19b8 VariantClear
RPCRT4.dll
0x1400d19c8 RpcBindingFree
0x1400d19d0 RpcBindingFromStringBindingW
0x1400d19d8 RpcStringBindingComposeW
0x1400d19e0 MesEncodeIncrementalHandleCreate
0x1400d19e8 RpcBindingSetAuthInfoExW
0x1400d19f0 RpcBindingInqAuthClientW
0x1400d19f8 RpcBindingSetOption
0x1400d1a00 RpcImpersonateClient
0x1400d1a08 RpcStringFreeW
0x1400d1a10 RpcRevertToSelf
0x1400d1a18 MesDecodeIncrementalHandleCreate
0x1400d1a20 MesHandleFree
0x1400d1a28 MesIncrementalHandleReset
0x1400d1a30 NdrMesTypeDecode2
0x1400d1a38 NdrMesTypeAlignSize2
0x1400d1a40 NdrMesTypeFree2
0x1400d1a48 NdrMesTypeEncode2
0x1400d1a50 RpcServerUnregisterIfEx
0x1400d1a58 I_RpcBindingInqSecurityContext
0x1400d1a60 RpcServerInqBindings
0x1400d1a68 RpcServerListen
0x1400d1a70 RpcMgmtWaitServerListen
0x1400d1a78 RpcEpRegisterW
0x1400d1a80 RpcMgmtStopServerListening
0x1400d1a88 RpcBindingToStringBindingW
0x1400d1a90 RpcServerRegisterIf2
0x1400d1a98 RpcServerRegisterAuthInfoW
0x1400d1aa0 RpcBindingVectorFree
0x1400d1aa8 UuidToStringW
0x1400d1ab0 RpcServerUseProtseqEpW
0x1400d1ab8 RpcEpUnregister
0x1400d1ac0 NdrServerCall2
0x1400d1ac8 NdrClientCall2
0x1400d1ad0 UuidCreate
0x1400d1ad8 RpcEpResolveBinding
0x1400d1ae0 RpcBindingSetObject
0x1400d1ae8 RpcBindingSetAuthInfoW
0x1400d1af0 RpcMgmtEpEltInqDone
0x1400d1af8 RpcMgmtEpEltInqNextW
0x1400d1b00 RpcMgmtEpEltInqBegin
0x1400d1b08 I_RpcGetCurrentCallHandle
SHLWAPI.dll
0x1400d1c08 UrlUnescapeW
0x1400d1c10 PathIsDirectoryW
0x1400d1c18 PathFindFileNameW
0x1400d1c20 PathIsRelativeW
0x1400d1c28 PathCombineW
0x1400d1c30 PathCanonicalizeW
SAMLIB.dll
0x1400d1b18 SamEnumerateAliasesInDomain
0x1400d1b20 SamQueryInformationUser
0x1400d1b28 SamCloseHandle
0x1400d1b30 SamEnumerateDomainsInSamServer
0x1400d1b38 SamFreeMemory
0x1400d1b40 SamEnumerateUsersInDomain
0x1400d1b48 SamOpenUser
0x1400d1b50 SamLookupDomainInSamServer
0x1400d1b58 SamLookupNamesInDomain
0x1400d1b60 SamLookupIdsInDomain
0x1400d1b68 SamOpenDomain
0x1400d1b70 SamConnect
0x1400d1b78 SamSetInformationUser
0x1400d1b80 SamiChangePasswordUser
0x1400d1b88 SamEnumerateGroupsInDomain
0x1400d1b90 SamGetGroupsForUser
0x1400d1b98 SamGetMembersInGroup
0x1400d1ba0 SamGetMembersInAlias
0x1400d1ba8 SamRidToSid
0x1400d1bb0 SamGetAliasMembership
0x1400d1bb8 SamOpenGroup
0x1400d1bc0 SamOpenAlias
Secur32.dll
0x1400d1c40 FreeContextBuffer
0x1400d1c48 LsaLookupAuthenticationPackage
0x1400d1c50 LsaFreeReturnBuffer
0x1400d1c58 LsaDeregisterLogonProcess
0x1400d1c60 QueryContextAttributesW
0x1400d1c68 InitializeSecurityContextW
0x1400d1c70 AcquireCredentialsHandleW
0x1400d1c78 EnumerateSecurityPackagesW
0x1400d1c80 FreeCredentialsHandle
0x1400d1c88 DeleteSecurityContext
0x1400d1c90 LsaCallAuthenticationPackage
0x1400d1c98 LsaConnectUntrusted
SHELL32.dll
0x1400d1bf8 CommandLineToArgvW
USER32.dll
0x1400d1ca8 SetClipboardViewer
0x1400d1cb0 DefWindowProcW
0x1400d1cb8 GetClipboardSequenceNumber
0x1400d1cc0 OpenClipboard
0x1400d1cc8 CreateWindowExW
0x1400d1cd0 GetClipboardData
0x1400d1cd8 RegisterClassExW
0x1400d1ce0 TranslateMessage
0x1400d1ce8 EnumClipboardFormats
0x1400d1cf0 PostMessageW
0x1400d1cf8 DispatchMessageW
0x1400d1d00 GetKeyboardLayout
0x1400d1d08 IsCharAlphaNumericW
0x1400d1d10 SendMessageW
0x1400d1d18 UnregisterClassW
0x1400d1d20 DestroyWindow
0x1400d1d28 CloseClipboard
0x1400d1d30 GetMessageW
0x1400d1d38 ChangeClipboardChain
USERENV.dll
0x1400d1d48 DestroyEnvironmentBlock
0x1400d1d50 CreateEnvironmentBlock
VERSION.dll
0x1400d1d60 VerQueryValueW
0x1400d1d68 GetFileVersionInfoSizeW
0x1400d1d70 GetFileVersionInfoW
HID.DLL
0x1400d1440 HidD_GetFeature
0x1400d1448 HidD_GetPreparsedData
0x1400d1450 HidD_GetHidGuid
0x1400d1458 HidD_GetAttributes
0x1400d1460 HidD_SetFeature
0x1400d1468 HidP_GetCaps
0x1400d1470 HidD_FreePreparsedData
SETUPAPI.dll
0x1400d1bd0 SetupDiGetDeviceInterfaceDetailW
0x1400d1bd8 SetupDiEnumDeviceInterfaces
0x1400d1be0 SetupDiGetClassDevsW
0x1400d1be8 SetupDiDestroyDeviceInfoList
WinSCard.dll
0x1400d1ed0 SCardReleaseContext
0x1400d1ed8 SCardListCardsW
0x1400d1ee0 SCardGetCardTypeProviderNameW
0x1400d1ee8 SCardListReadersW
0x1400d1ef0 SCardFreeMemory
0x1400d1ef8 SCardEstablishContext
0x1400d1f00 SCardControl
0x1400d1f08 SCardConnectW
0x1400d1f10 SCardTransmit
0x1400d1f18 SCardDisconnect
0x1400d1f20 SCardGetAttrib
WINSTA.dll
0x1400d1d80 WinStationCloseServer
0x1400d1d88 WinStationOpenServerW
0x1400d1d90 WinStationFreeMemory
0x1400d1d98 WinStationConnectW
0x1400d1da0 WinStationQueryInformationW
0x1400d1da8 WinStationEnumerateW
WLDAP32.dll
0x1400d1db8 None
0x1400d1dc0 None
0x1400d1dc8 None
0x1400d1dd0 None
0x1400d1dd8 None
0x1400d1de0 None
0x1400d1de8 None
0x1400d1df0 None
0x1400d1df8 None
0x1400d1e00 None
0x1400d1e08 None
0x1400d1e10 None
0x1400d1e18 None
0x1400d1e20 None
0x1400d1e28 None
0x1400d1e30 None
0x1400d1e38 None
0x1400d1e40 None
0x1400d1e48 None
0x1400d1e50 None
0x1400d1e58 None
0x1400d1e60 None
0x1400d1e68 None
0x1400d1e70 None
0x1400d1e78 None
0x1400d1e80 None
0x1400d1e88 None
0x1400d1e90 None
0x1400d1e98 None
0x1400d1ea0 None
0x1400d1ea8 None
0x1400d1eb0 None
0x1400d1eb8 None
0x1400d1ec0 None
advapi32.dll
0x1400d1f30 A_SHAFinal
0x1400d1f38 A_SHAInit
0x1400d1f40 A_SHAUpdate
msasn1.dll
0x1400d1f88 ASN1_CreateModule
0x1400d1f90 ASN1_CloseEncoder
0x1400d1f98 ASN1_CreateDecoder
0x1400d1fa0 ASN1_FreeEncoded
0x1400d1fa8 ASN1_CloseModule
0x1400d1fb0 ASN1_CreateEncoder
0x1400d1fb8 ASN1_CloseDecoder
0x1400d1fc0 ASN1BERDotVal2Eoid
ntdll.dll
0x1400d21b0 strtol
0x1400d21b8 _strcmpi
0x1400d21c0 strstr
0x1400d21c8 towupper
0x1400d21d0 _wcstoui64
0x1400d21d8 wcsncmp
0x1400d21e0 wcstol
0x1400d21e8 strchr
0x1400d21f0 strcspn
0x1400d21f8 strncmp
0x1400d2200 memmove
0x1400d2208 _wcsnicmp
0x1400d2210 strtoul
0x1400d2218 wcsstr
0x1400d2220 wcschr
0x1400d2228 wcsrchr
0x1400d2230 _stricmp
0x1400d2238 _vscwprintf
0x1400d2240 _wcsicmp
0x1400d2248 strrchr
0x1400d2250 _vsnprintf
0x1400d2258 log
0x1400d2260 memcmp
0x1400d2268 RtlUnicodeStringToAnsiString
0x1400d2270 RtlFreeAnsiString
0x1400d2278 RtlDowncaseUnicodeString
0x1400d2280 RtlFreeUnicodeString
0x1400d2288 RtlInitUnicodeString
0x1400d2290 RtlEqualUnicodeString
0x1400d2298 NtQueryObject
0x1400d22a0 RtlCompressBuffer
0x1400d22a8 RtlGetCompressionWorkSpaceSize
0x1400d22b0 NtQuerySystemInformation
0x1400d22b8 RtlGetCurrentPeb
0x1400d22c0 NtQueryInformationProcess
0x1400d22c8 RtlCreateUserThread
0x1400d22d0 RtlGUIDFromString
0x1400d22d8 RtlStringFromGUID
0x1400d22e0 NtCompareTokens
0x1400d22e8 RtlGetNtVersionNumbers
0x1400d22f0 RtlEqualString
0x1400d22f8 RtlUpcaseUnicodeString
0x1400d2300 RtlAppendUnicodeStringToString
0x1400d2308 RtlAnsiStringToUnicodeString
0x1400d2310 RtlFreeOemString
0x1400d2318 RtlUpcaseUnicodeStringToOemString
0x1400d2320 NtQueryDirectoryObject
0x1400d2328 NtResumeProcess
0x1400d2330 NtOpenDirectoryObject
0x1400d2338 RtlAdjustPrivilege
0x1400d2340 NtSuspendProcess
0x1400d2348 NtTerminateProcess
0x1400d2350 NtQuerySystemEnvironmentValueEx
0x1400d2358 NtSetSystemEnvironmentValueEx
0x1400d2360 NtEnumerateSystemEnvironmentValuesEx
0x1400d2368 RtlIpv4AddressToStringW
0x1400d2370 RtlIpv6AddressToStringW
0x1400d2378 wcstoul
0x1400d2380 __chkstk
netapi32.dll
0x1400d2190 I_NetServerAuthenticate2
0x1400d2198 I_NetServerTrustPasswordsGet
0x1400d21a0 I_NetServerReqChallenge
KERNEL32.dll
0x1400d1480 lstrlenA
0x1400d1488 GetDateFormatW
0x1400d1490 SystemTimeToFileTime
0x1400d1498 ClearCommError
0x1400d14a0 CreateRemoteThread
0x1400d14a8 WaitForSingleObject
0x1400d14b0 CreateProcessW
0x1400d14b8 SetConsoleOutputCP
0x1400d14c0 GetConsoleOutputCP
0x1400d14c8 CreateFileMappingW
0x1400d14d0 UnmapViewOfFile
0x1400d14d8 MapViewOfFile
0x1400d14e0 WriteProcessMemory
0x1400d14e8 VirtualAllocEx
0x1400d14f0 VirtualProtectEx
0x1400d14f8 RtlVirtualUnwind
0x1400d1500 SetFilePointerEx
0x1400d1508 GetProcessId
0x1400d1510 GetComputerNameW
0x1400d1518 IsWow64Process
0x1400d1520 VirtualAlloc
0x1400d1528 SetLastError
0x1400d1530 ReadProcessMemory
0x1400d1538 VirtualFreeEx
0x1400d1540 VirtualQueryEx
0x1400d1548 VirtualFree
0x1400d1550 VirtualQuery
0x1400d1558 GetComputerNameExW
0x1400d1560 DeviceIoControl
0x1400d1568 DuplicateHandle
0x1400d1570 OpenProcess
0x1400d1578 GetCurrentProcess
0x1400d1580 ExpandEnvironmentStringsW
0x1400d1588 FindNextFileW
0x1400d1590 FindClose
0x1400d1598 GetCurrentDirectoryW
0x1400d15a0 GetFileSizeEx
0x1400d15a8 FlushFileBuffers
0x1400d15b0 GetFileAttributesW
0x1400d15b8 FindFirstFileW
0x1400d15c0 lstrlenW
0x1400d15c8 GetProcAddress
0x1400d15d0 LoadLibraryW
0x1400d15d8 GetModuleHandleW
0x1400d15e0 FreeLibrary
0x1400d15e8 DeleteFileA
0x1400d15f0 GetTempPathA
0x1400d15f8 GetFileInformationByHandle
0x1400d1600 FileTimeToLocalFileTime
0x1400d1608 GetCurrentDirectoryA
0x1400d1610 GetTempFileNameA
0x1400d1618 SetFilePointer
0x1400d1620 CreateFileA
0x1400d1628 FileTimeToDosDateTime
0x1400d1630 CreateThread
0x1400d1638 LocalFree
0x1400d1640 CloseHandle
0x1400d1648 LocalAlloc
0x1400d1650 GetLastError
0x1400d1658 CreateFileW
0x1400d1660 ReadFile
0x1400d1668 TerminateThread
0x1400d1670 WriteFile
0x1400d1678 FileTimeToSystemTime
0x1400d1680 Sleep
0x1400d1688 VirtualProtect
0x1400d1690 WideCharToMultiByte
0x1400d1698 GetTimeFormatW
0x1400d16a0 GetFullPathNameW
0x1400d16a8 GetFullPathNameA
0x1400d16b0 HeapReAlloc
0x1400d16b8 GetFileSize
0x1400d16c0 CreateMutexW
0x1400d16c8 HeapCompact
0x1400d16d0 SetEndOfFile
0x1400d16d8 HeapAlloc
0x1400d16e0 QueryPerformanceCounter
0x1400d16e8 HeapFree
0x1400d16f0 UnlockFile
0x1400d16f8 FlushViewOfFile
0x1400d1700 LockFile
0x1400d1708 WaitForSingleObjectEx
0x1400d1710 OutputDebugStringW
0x1400d1718 GetTickCount
0x1400d1720 UnlockFileEx
0x1400d1728 GetProcessHeap
0x1400d1730 FormatMessageA
0x1400d1738 FormatMessageW
0x1400d1740 GetVersionExW
0x1400d1748 HeapDestroy
0x1400d1750 GetSystemTimeAsFileTime
0x1400d1758 GetFileAttributesA
0x1400d1760 HeapCreate
0x1400d1768 HeapValidate
0x1400d1770 MultiByteToWideChar
0x1400d1778 GetTempPathW
0x1400d1780 HeapSize
0x1400d1788 LockFileEx
0x1400d1790 GetDiskFreeSpaceW
0x1400d1798 LoadLibraryA
0x1400d17a0 CreateFileMappingA
0x1400d17a8 GetDiskFreeSpaceA
0x1400d17b0 GetSystemInfo
0x1400d17b8 GetFileAttributesExW
0x1400d17c0 OutputDebugStringA
0x1400d17c8 GetVersionExA
0x1400d17d0 DeleteFileW
0x1400d17d8 GetCurrentProcessId
0x1400d17e0 GetSystemTime
0x1400d17e8 AreFileApisANSI
0x1400d17f0 ExitProcess
0x1400d17f8 ExitThread
0x1400d1800 RaiseException
0x1400d1808 SetConsoleCtrlHandler
0x1400d1810 SetConsoleTitleW
0x1400d1818 SetFileAttributesW
0x1400d1820 GlobalSize
0x1400d1828 SetHandleInformation
0x1400d1830 CreatePipe
0x1400d1838 InitializeCriticalSection
0x1400d1840 LeaveCriticalSection
0x1400d1848 EnterCriticalSection
0x1400d1850 DeleteCriticalSection
0x1400d1858 SetEvent
0x1400d1860 CreateEventW
0x1400d1868 GetSystemDirectoryW
0x1400d1870 SetConsoleCursorPosition
0x1400d1878 GetTimeZoneInformation
0x1400d1880 GetStdHandle
0x1400d1888 FillConsoleOutputCharacterW
0x1400d1890 GetConsoleScreenBufferInfo
0x1400d1898 SetCurrentDirectoryW
0x1400d18a0 GetCurrentThread
0x1400d18a8 ProcessIdToSessionId
0x1400d18b0 RtlLookupFunctionEntry
0x1400d18b8 RtlCaptureContext
0x1400d18c0 TerminateProcess
0x1400d18c8 UnhandledExceptionFilter
0x1400d18d0 SetUnhandledExceptionFilter
0x1400d18d8 GetCurrentThreadId
0x1400d18e0 PurgeComm
msvcrt.dll
0x1400d1fd0 calloc
0x1400d1fd8 isdigit
0x1400d1fe0 _fmode
0x1400d1fe8 _commode
0x1400d1ff0 __setusermatherr
0x1400d1ff8 isspace
0x1400d2000 mbtowc
0x1400d2008 __mb_cur_max
0x1400d2010 isleadbyte
0x1400d2018 isxdigit
0x1400d2020 localeconv
0x1400d2028 _snprintf
0x1400d2030 __set_app_type
0x1400d2038 _itoa
0x1400d2040 wctomb
0x1400d2048 ferror
0x1400d2050 iswctype
0x1400d2058 wcstombs
0x1400d2060 ?terminate@@YAXXZ
0x1400d2068 __badioinfo
0x1400d2070 __pioinfo
0x1400d2078 _read
0x1400d2080 _lseeki64
0x1400d2088 _write
0x1400d2090 _isatty
0x1400d2098 ungetc
0x1400d20a0 _amsg_exit
0x1400d20a8 _initterm
0x1400d20b0 fclose
0x1400d20b8 _setmode
0x1400d20c0 vwprintf
0x1400d20c8 exit
0x1400d20d0 _cexit
0x1400d20d8 _exit
0x1400d20e0 _XcptFilter
0x1400d20e8 __wgetmainargs
0x1400d20f0 __C_specific_handler
0x1400d20f8 memset
0x1400d2100 memcpy
0x1400d2108 _iob
0x1400d2110 getchar
0x1400d2118 _wpgmptr
0x1400d2120 fgetws
0x1400d2128 realloc
0x1400d2130 _msize
0x1400d2138 malloc
0x1400d2140 _vscprintf
0x1400d2148 _errno
0x1400d2150 free
0x1400d2158 _wcsdup
0x1400d2160 vfwprintf
0x1400d2168 fflush
0x1400d2170 _wfopen
0x1400d2178 wprintf
0x1400d2180 _fileno
EAT(Export Address Table) is none
ADVAPI32.dll
0x1400d1000 CryptSetHashParam
0x1400d1008 CryptGetHashParam
0x1400d1010 CryptExportKey
0x1400d1018 CryptAcquireContextW
0x1400d1020 CryptSetKeyParam
0x1400d1028 CryptGetKeyParam
0x1400d1030 CryptReleaseContext
0x1400d1038 CryptDuplicateKey
0x1400d1040 CryptAcquireContextA
0x1400d1048 CryptGetProvParam
0x1400d1050 CryptImportKey
0x1400d1058 SystemFunction007
0x1400d1060 CryptEncrypt
0x1400d1068 CryptCreateHash
0x1400d1070 CryptGenKey
0x1400d1078 CryptDestroyKey
0x1400d1080 CryptDecrypt
0x1400d1088 CryptDestroyHash
0x1400d1090 CryptHashData
0x1400d1098 CopySid
0x1400d10a0 GetLengthSid
0x1400d10a8 LsaQueryInformationPolicy
0x1400d10b0 LsaOpenPolicy
0x1400d10b8 LsaClose
0x1400d10c0 CreateWellKnownSid
0x1400d10c8 CreateProcessWithLogonW
0x1400d10d0 CreateProcessAsUserW
0x1400d10d8 RegQueryValueExW
0x1400d10e0 RegQueryInfoKeyW
0x1400d10e8 RegEnumValueW
0x1400d10f0 RegOpenKeyExW
0x1400d10f8 RegEnumKeyExW
0x1400d1100 RegCloseKey
0x1400d1108 RegSetValueExW
0x1400d1110 SystemFunction033
0x1400d1118 SystemFunction032
0x1400d1120 ConvertSidToStringSidW
0x1400d1128 CreateServiceW
0x1400d1130 CloseServiceHandle
0x1400d1138 DeleteService
0x1400d1140 OpenSCManagerW
0x1400d1148 SetServiceObjectSecurity
0x1400d1150 OpenServiceW
0x1400d1158 BuildSecurityDescriptorW
0x1400d1160 QueryServiceObjectSecurity
0x1400d1168 StartServiceW
0x1400d1170 AllocateAndInitializeSid
0x1400d1178 QueryServiceStatusEx
0x1400d1180 FreeSid
0x1400d1188 ControlService
0x1400d1190 IsTextUnicode
0x1400d1198 OpenProcessToken
0x1400d11a0 GetTokenInformation
0x1400d11a8 LookupAccountNameW
0x1400d11b0 LookupAccountSidW
0x1400d11b8 DuplicateTokenEx
0x1400d11c0 CheckTokenMembership
0x1400d11c8 CryptSetProvParam
0x1400d11d0 CryptEnumProvidersW
0x1400d11d8 ConvertStringSidToSidW
0x1400d11e0 LsaFreeMemory
0x1400d11e8 GetSidSubAuthority
0x1400d11f0 GetSidSubAuthorityCount
0x1400d11f8 IsValidSid
0x1400d1200 SetThreadToken
0x1400d1208 CryptEnumProviderTypesW
0x1400d1210 SystemFunction006
0x1400d1218 CryptGetUserKey
0x1400d1220 OpenEventLogW
0x1400d1228 GetNumberOfEventLogRecords
0x1400d1230 ClearEventLogW
0x1400d1238 SystemFunction001
0x1400d1240 CryptDeriveKey
0x1400d1248 SystemFunction005
0x1400d1250 LsaQueryTrustedDomainInfoByName
0x1400d1258 CryptSignHashW
0x1400d1260 LsaSetSecret
0x1400d1268 SystemFunction023
0x1400d1270 LsaOpenSecret
0x1400d1278 LsaQuerySecret
0x1400d1280 LsaRetrievePrivateData
0x1400d1288 LsaEnumerateTrustedDomainsEx
0x1400d1290 LookupPrivilegeValueW
0x1400d1298 StartServiceCtrlDispatcherW
0x1400d12a0 SetServiceStatus
0x1400d12a8 RegisterServiceCtrlHandlerW
0x1400d12b0 LookupPrivilegeNameW
0x1400d12b8 OpenThreadToken
0x1400d12c0 EqualSid
0x1400d12c8 CredFree
0x1400d12d0 CredEnumerateW
0x1400d12d8 SystemFunction026
0x1400d12e0 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x1400d12e8 SystemFunction027
0x1400d12f0 SystemFunction041
0x1400d12f8 CredIsMarshaledCredentialW
0x1400d1300 CredUnmarshalCredentialW
Cabinet.dll
0x1400d13e8 None
0x1400d13f0 None
0x1400d13f8 None
0x1400d1400 None
CRYPT32.dll
0x1400d1310 CryptSignAndEncodeCertificate
0x1400d1318 CertEnumSystemStore
0x1400d1320 CertEnumCertificatesInStore
0x1400d1328 CertAddCertificateContextToStore
0x1400d1330 CryptDecodeObjectEx
0x1400d1338 CryptStringToBinaryA
0x1400d1340 CertAddEncodedCertificateToStore
0x1400d1348 CertOpenStore
0x1400d1350 CertFreeCertificateContext
0x1400d1358 CertCloseStore
0x1400d1360 CryptStringToBinaryW
0x1400d1368 CertSetCertificateContextProperty
0x1400d1370 PFXExportCertStoreEx
0x1400d1378 CryptUnprotectData
0x1400d1380 CryptBinaryToStringW
0x1400d1388 CryptBinaryToStringA
0x1400d1390 CryptExportPublicKeyInfo
0x1400d1398 CryptFindOIDInfo
0x1400d13a0 CryptAcquireCertificatePrivateKey
0x1400d13a8 CertNameToStrW
0x1400d13b0 CertFindCertificateInStore
0x1400d13b8 CertGetCertificateContextProperty
0x1400d13c0 CertGetNameStringW
0x1400d13c8 CryptEncodeObject
0x1400d13d0 CryptProtectData
0x1400d13d8 CryptQueryObject
cryptdll.dll
0x1400d1f50 MD5Init
0x1400d1f58 MD5Final
0x1400d1f60 CDLocateCSystem
0x1400d1f68 CDGenerateRandomBits
0x1400d1f70 CDLocateCheckSum
0x1400d1f78 MD5Update
DNSAPI.dll
0x1400d1410 DnsFree
0x1400d1418 DnsQuery_A
FLTLIB.DLL
0x1400d1428 FilterFindFirst
0x1400d1430 FilterFindNext
MPR.dll
0x1400d18f0 WNetCancelConnection2W
0x1400d18f8 WNetAddConnection2W
NETAPI32.dll
0x1400d1908 NetStatisticsGet
0x1400d1910 DsGetDcNameW
0x1400d1918 NetApiBufferFree
0x1400d1920 NetRemoteTOD
0x1400d1928 NetSessionEnum
0x1400d1930 NetServerGetInfo
0x1400d1938 DsEnumerateDomainTrustsW
0x1400d1940 NetShareEnum
0x1400d1948 NetWkstaUserEnum
ODBC32.dll
0x1400d1958 None
0x1400d1960 None
0x1400d1968 None
0x1400d1970 None
0x1400d1978 None
0x1400d1980 None
0x1400d1988 None
0x1400d1990 None
ole32.dll
0x1400d2390 CoInitializeEx
0x1400d2398 CoSetProxyBlanket
0x1400d23a0 CoTaskMemFree
0x1400d23a8 CoUninitialize
0x1400d23b0 CoCreateInstance
OLEAUT32.dll
0x1400d19a0 SysAllocString
0x1400d19a8 VariantInit
0x1400d19b0 SysFreeString
0x1400d19b8 VariantClear
RPCRT4.dll
0x1400d19c8 RpcBindingFree
0x1400d19d0 RpcBindingFromStringBindingW
0x1400d19d8 RpcStringBindingComposeW
0x1400d19e0 MesEncodeIncrementalHandleCreate
0x1400d19e8 RpcBindingSetAuthInfoExW
0x1400d19f0 RpcBindingInqAuthClientW
0x1400d19f8 RpcBindingSetOption
0x1400d1a00 RpcImpersonateClient
0x1400d1a08 RpcStringFreeW
0x1400d1a10 RpcRevertToSelf
0x1400d1a18 MesDecodeIncrementalHandleCreate
0x1400d1a20 MesHandleFree
0x1400d1a28 MesIncrementalHandleReset
0x1400d1a30 NdrMesTypeDecode2
0x1400d1a38 NdrMesTypeAlignSize2
0x1400d1a40 NdrMesTypeFree2
0x1400d1a48 NdrMesTypeEncode2
0x1400d1a50 RpcServerUnregisterIfEx
0x1400d1a58 I_RpcBindingInqSecurityContext
0x1400d1a60 RpcServerInqBindings
0x1400d1a68 RpcServerListen
0x1400d1a70 RpcMgmtWaitServerListen
0x1400d1a78 RpcEpRegisterW
0x1400d1a80 RpcMgmtStopServerListening
0x1400d1a88 RpcBindingToStringBindingW
0x1400d1a90 RpcServerRegisterIf2
0x1400d1a98 RpcServerRegisterAuthInfoW
0x1400d1aa0 RpcBindingVectorFree
0x1400d1aa8 UuidToStringW
0x1400d1ab0 RpcServerUseProtseqEpW
0x1400d1ab8 RpcEpUnregister
0x1400d1ac0 NdrServerCall2
0x1400d1ac8 NdrClientCall2
0x1400d1ad0 UuidCreate
0x1400d1ad8 RpcEpResolveBinding
0x1400d1ae0 RpcBindingSetObject
0x1400d1ae8 RpcBindingSetAuthInfoW
0x1400d1af0 RpcMgmtEpEltInqDone
0x1400d1af8 RpcMgmtEpEltInqNextW
0x1400d1b00 RpcMgmtEpEltInqBegin
0x1400d1b08 I_RpcGetCurrentCallHandle
SHLWAPI.dll
0x1400d1c08 UrlUnescapeW
0x1400d1c10 PathIsDirectoryW
0x1400d1c18 PathFindFileNameW
0x1400d1c20 PathIsRelativeW
0x1400d1c28 PathCombineW
0x1400d1c30 PathCanonicalizeW
SAMLIB.dll
0x1400d1b18 SamEnumerateAliasesInDomain
0x1400d1b20 SamQueryInformationUser
0x1400d1b28 SamCloseHandle
0x1400d1b30 SamEnumerateDomainsInSamServer
0x1400d1b38 SamFreeMemory
0x1400d1b40 SamEnumerateUsersInDomain
0x1400d1b48 SamOpenUser
0x1400d1b50 SamLookupDomainInSamServer
0x1400d1b58 SamLookupNamesInDomain
0x1400d1b60 SamLookupIdsInDomain
0x1400d1b68 SamOpenDomain
0x1400d1b70 SamConnect
0x1400d1b78 SamSetInformationUser
0x1400d1b80 SamiChangePasswordUser
0x1400d1b88 SamEnumerateGroupsInDomain
0x1400d1b90 SamGetGroupsForUser
0x1400d1b98 SamGetMembersInGroup
0x1400d1ba0 SamGetMembersInAlias
0x1400d1ba8 SamRidToSid
0x1400d1bb0 SamGetAliasMembership
0x1400d1bb8 SamOpenGroup
0x1400d1bc0 SamOpenAlias
Secur32.dll
0x1400d1c40 FreeContextBuffer
0x1400d1c48 LsaLookupAuthenticationPackage
0x1400d1c50 LsaFreeReturnBuffer
0x1400d1c58 LsaDeregisterLogonProcess
0x1400d1c60 QueryContextAttributesW
0x1400d1c68 InitializeSecurityContextW
0x1400d1c70 AcquireCredentialsHandleW
0x1400d1c78 EnumerateSecurityPackagesW
0x1400d1c80 FreeCredentialsHandle
0x1400d1c88 DeleteSecurityContext
0x1400d1c90 LsaCallAuthenticationPackage
0x1400d1c98 LsaConnectUntrusted
SHELL32.dll
0x1400d1bf8 CommandLineToArgvW
USER32.dll
0x1400d1ca8 SetClipboardViewer
0x1400d1cb0 DefWindowProcW
0x1400d1cb8 GetClipboardSequenceNumber
0x1400d1cc0 OpenClipboard
0x1400d1cc8 CreateWindowExW
0x1400d1cd0 GetClipboardData
0x1400d1cd8 RegisterClassExW
0x1400d1ce0 TranslateMessage
0x1400d1ce8 EnumClipboardFormats
0x1400d1cf0 PostMessageW
0x1400d1cf8 DispatchMessageW
0x1400d1d00 GetKeyboardLayout
0x1400d1d08 IsCharAlphaNumericW
0x1400d1d10 SendMessageW
0x1400d1d18 UnregisterClassW
0x1400d1d20 DestroyWindow
0x1400d1d28 CloseClipboard
0x1400d1d30 GetMessageW
0x1400d1d38 ChangeClipboardChain
USERENV.dll
0x1400d1d48 DestroyEnvironmentBlock
0x1400d1d50 CreateEnvironmentBlock
VERSION.dll
0x1400d1d60 VerQueryValueW
0x1400d1d68 GetFileVersionInfoSizeW
0x1400d1d70 GetFileVersionInfoW
HID.DLL
0x1400d1440 HidD_GetFeature
0x1400d1448 HidD_GetPreparsedData
0x1400d1450 HidD_GetHidGuid
0x1400d1458 HidD_GetAttributes
0x1400d1460 HidD_SetFeature
0x1400d1468 HidP_GetCaps
0x1400d1470 HidD_FreePreparsedData
SETUPAPI.dll
0x1400d1bd0 SetupDiGetDeviceInterfaceDetailW
0x1400d1bd8 SetupDiEnumDeviceInterfaces
0x1400d1be0 SetupDiGetClassDevsW
0x1400d1be8 SetupDiDestroyDeviceInfoList
WinSCard.dll
0x1400d1ed0 SCardReleaseContext
0x1400d1ed8 SCardListCardsW
0x1400d1ee0 SCardGetCardTypeProviderNameW
0x1400d1ee8 SCardListReadersW
0x1400d1ef0 SCardFreeMemory
0x1400d1ef8 SCardEstablishContext
0x1400d1f00 SCardControl
0x1400d1f08 SCardConnectW
0x1400d1f10 SCardTransmit
0x1400d1f18 SCardDisconnect
0x1400d1f20 SCardGetAttrib
WINSTA.dll
0x1400d1d80 WinStationCloseServer
0x1400d1d88 WinStationOpenServerW
0x1400d1d90 WinStationFreeMemory
0x1400d1d98 WinStationConnectW
0x1400d1da0 WinStationQueryInformationW
0x1400d1da8 WinStationEnumerateW
WLDAP32.dll
0x1400d1db8 None
0x1400d1dc0 None
0x1400d1dc8 None
0x1400d1dd0 None
0x1400d1dd8 None
0x1400d1de0 None
0x1400d1de8 None
0x1400d1df0 None
0x1400d1df8 None
0x1400d1e00 None
0x1400d1e08 None
0x1400d1e10 None
0x1400d1e18 None
0x1400d1e20 None
0x1400d1e28 None
0x1400d1e30 None
0x1400d1e38 None
0x1400d1e40 None
0x1400d1e48 None
0x1400d1e50 None
0x1400d1e58 None
0x1400d1e60 None
0x1400d1e68 None
0x1400d1e70 None
0x1400d1e78 None
0x1400d1e80 None
0x1400d1e88 None
0x1400d1e90 None
0x1400d1e98 None
0x1400d1ea0 None
0x1400d1ea8 None
0x1400d1eb0 None
0x1400d1eb8 None
0x1400d1ec0 None
advapi32.dll
0x1400d1f30 A_SHAFinal
0x1400d1f38 A_SHAInit
0x1400d1f40 A_SHAUpdate
msasn1.dll
0x1400d1f88 ASN1_CreateModule
0x1400d1f90 ASN1_CloseEncoder
0x1400d1f98 ASN1_CreateDecoder
0x1400d1fa0 ASN1_FreeEncoded
0x1400d1fa8 ASN1_CloseModule
0x1400d1fb0 ASN1_CreateEncoder
0x1400d1fb8 ASN1_CloseDecoder
0x1400d1fc0 ASN1BERDotVal2Eoid
ntdll.dll
0x1400d21b0 strtol
0x1400d21b8 _strcmpi
0x1400d21c0 strstr
0x1400d21c8 towupper
0x1400d21d0 _wcstoui64
0x1400d21d8 wcsncmp
0x1400d21e0 wcstol
0x1400d21e8 strchr
0x1400d21f0 strcspn
0x1400d21f8 strncmp
0x1400d2200 memmove
0x1400d2208 _wcsnicmp
0x1400d2210 strtoul
0x1400d2218 wcsstr
0x1400d2220 wcschr
0x1400d2228 wcsrchr
0x1400d2230 _stricmp
0x1400d2238 _vscwprintf
0x1400d2240 _wcsicmp
0x1400d2248 strrchr
0x1400d2250 _vsnprintf
0x1400d2258 log
0x1400d2260 memcmp
0x1400d2268 RtlUnicodeStringToAnsiString
0x1400d2270 RtlFreeAnsiString
0x1400d2278 RtlDowncaseUnicodeString
0x1400d2280 RtlFreeUnicodeString
0x1400d2288 RtlInitUnicodeString
0x1400d2290 RtlEqualUnicodeString
0x1400d2298 NtQueryObject
0x1400d22a0 RtlCompressBuffer
0x1400d22a8 RtlGetCompressionWorkSpaceSize
0x1400d22b0 NtQuerySystemInformation
0x1400d22b8 RtlGetCurrentPeb
0x1400d22c0 NtQueryInformationProcess
0x1400d22c8 RtlCreateUserThread
0x1400d22d0 RtlGUIDFromString
0x1400d22d8 RtlStringFromGUID
0x1400d22e0 NtCompareTokens
0x1400d22e8 RtlGetNtVersionNumbers
0x1400d22f0 RtlEqualString
0x1400d22f8 RtlUpcaseUnicodeString
0x1400d2300 RtlAppendUnicodeStringToString
0x1400d2308 RtlAnsiStringToUnicodeString
0x1400d2310 RtlFreeOemString
0x1400d2318 RtlUpcaseUnicodeStringToOemString
0x1400d2320 NtQueryDirectoryObject
0x1400d2328 NtResumeProcess
0x1400d2330 NtOpenDirectoryObject
0x1400d2338 RtlAdjustPrivilege
0x1400d2340 NtSuspendProcess
0x1400d2348 NtTerminateProcess
0x1400d2350 NtQuerySystemEnvironmentValueEx
0x1400d2358 NtSetSystemEnvironmentValueEx
0x1400d2360 NtEnumerateSystemEnvironmentValuesEx
0x1400d2368 RtlIpv4AddressToStringW
0x1400d2370 RtlIpv6AddressToStringW
0x1400d2378 wcstoul
0x1400d2380 __chkstk
netapi32.dll
0x1400d2190 I_NetServerAuthenticate2
0x1400d2198 I_NetServerTrustPasswordsGet
0x1400d21a0 I_NetServerReqChallenge
KERNEL32.dll
0x1400d1480 lstrlenA
0x1400d1488 GetDateFormatW
0x1400d1490 SystemTimeToFileTime
0x1400d1498 ClearCommError
0x1400d14a0 CreateRemoteThread
0x1400d14a8 WaitForSingleObject
0x1400d14b0 CreateProcessW
0x1400d14b8 SetConsoleOutputCP
0x1400d14c0 GetConsoleOutputCP
0x1400d14c8 CreateFileMappingW
0x1400d14d0 UnmapViewOfFile
0x1400d14d8 MapViewOfFile
0x1400d14e0 WriteProcessMemory
0x1400d14e8 VirtualAllocEx
0x1400d14f0 VirtualProtectEx
0x1400d14f8 RtlVirtualUnwind
0x1400d1500 SetFilePointerEx
0x1400d1508 GetProcessId
0x1400d1510 GetComputerNameW
0x1400d1518 IsWow64Process
0x1400d1520 VirtualAlloc
0x1400d1528 SetLastError
0x1400d1530 ReadProcessMemory
0x1400d1538 VirtualFreeEx
0x1400d1540 VirtualQueryEx
0x1400d1548 VirtualFree
0x1400d1550 VirtualQuery
0x1400d1558 GetComputerNameExW
0x1400d1560 DeviceIoControl
0x1400d1568 DuplicateHandle
0x1400d1570 OpenProcess
0x1400d1578 GetCurrentProcess
0x1400d1580 ExpandEnvironmentStringsW
0x1400d1588 FindNextFileW
0x1400d1590 FindClose
0x1400d1598 GetCurrentDirectoryW
0x1400d15a0 GetFileSizeEx
0x1400d15a8 FlushFileBuffers
0x1400d15b0 GetFileAttributesW
0x1400d15b8 FindFirstFileW
0x1400d15c0 lstrlenW
0x1400d15c8 GetProcAddress
0x1400d15d0 LoadLibraryW
0x1400d15d8 GetModuleHandleW
0x1400d15e0 FreeLibrary
0x1400d15e8 DeleteFileA
0x1400d15f0 GetTempPathA
0x1400d15f8 GetFileInformationByHandle
0x1400d1600 FileTimeToLocalFileTime
0x1400d1608 GetCurrentDirectoryA
0x1400d1610 GetTempFileNameA
0x1400d1618 SetFilePointer
0x1400d1620 CreateFileA
0x1400d1628 FileTimeToDosDateTime
0x1400d1630 CreateThread
0x1400d1638 LocalFree
0x1400d1640 CloseHandle
0x1400d1648 LocalAlloc
0x1400d1650 GetLastError
0x1400d1658 CreateFileW
0x1400d1660 ReadFile
0x1400d1668 TerminateThread
0x1400d1670 WriteFile
0x1400d1678 FileTimeToSystemTime
0x1400d1680 Sleep
0x1400d1688 VirtualProtect
0x1400d1690 WideCharToMultiByte
0x1400d1698 GetTimeFormatW
0x1400d16a0 GetFullPathNameW
0x1400d16a8 GetFullPathNameA
0x1400d16b0 HeapReAlloc
0x1400d16b8 GetFileSize
0x1400d16c0 CreateMutexW
0x1400d16c8 HeapCompact
0x1400d16d0 SetEndOfFile
0x1400d16d8 HeapAlloc
0x1400d16e0 QueryPerformanceCounter
0x1400d16e8 HeapFree
0x1400d16f0 UnlockFile
0x1400d16f8 FlushViewOfFile
0x1400d1700 LockFile
0x1400d1708 WaitForSingleObjectEx
0x1400d1710 OutputDebugStringW
0x1400d1718 GetTickCount
0x1400d1720 UnlockFileEx
0x1400d1728 GetProcessHeap
0x1400d1730 FormatMessageA
0x1400d1738 FormatMessageW
0x1400d1740 GetVersionExW
0x1400d1748 HeapDestroy
0x1400d1750 GetSystemTimeAsFileTime
0x1400d1758 GetFileAttributesA
0x1400d1760 HeapCreate
0x1400d1768 HeapValidate
0x1400d1770 MultiByteToWideChar
0x1400d1778 GetTempPathW
0x1400d1780 HeapSize
0x1400d1788 LockFileEx
0x1400d1790 GetDiskFreeSpaceW
0x1400d1798 LoadLibraryA
0x1400d17a0 CreateFileMappingA
0x1400d17a8 GetDiskFreeSpaceA
0x1400d17b0 GetSystemInfo
0x1400d17b8 GetFileAttributesExW
0x1400d17c0 OutputDebugStringA
0x1400d17c8 GetVersionExA
0x1400d17d0 DeleteFileW
0x1400d17d8 GetCurrentProcessId
0x1400d17e0 GetSystemTime
0x1400d17e8 AreFileApisANSI
0x1400d17f0 ExitProcess
0x1400d17f8 ExitThread
0x1400d1800 RaiseException
0x1400d1808 SetConsoleCtrlHandler
0x1400d1810 SetConsoleTitleW
0x1400d1818 SetFileAttributesW
0x1400d1820 GlobalSize
0x1400d1828 SetHandleInformation
0x1400d1830 CreatePipe
0x1400d1838 InitializeCriticalSection
0x1400d1840 LeaveCriticalSection
0x1400d1848 EnterCriticalSection
0x1400d1850 DeleteCriticalSection
0x1400d1858 SetEvent
0x1400d1860 CreateEventW
0x1400d1868 GetSystemDirectoryW
0x1400d1870 SetConsoleCursorPosition
0x1400d1878 GetTimeZoneInformation
0x1400d1880 GetStdHandle
0x1400d1888 FillConsoleOutputCharacterW
0x1400d1890 GetConsoleScreenBufferInfo
0x1400d1898 SetCurrentDirectoryW
0x1400d18a0 GetCurrentThread
0x1400d18a8 ProcessIdToSessionId
0x1400d18b0 RtlLookupFunctionEntry
0x1400d18b8 RtlCaptureContext
0x1400d18c0 TerminateProcess
0x1400d18c8 UnhandledExceptionFilter
0x1400d18d0 SetUnhandledExceptionFilter
0x1400d18d8 GetCurrentThreadId
0x1400d18e0 PurgeComm
msvcrt.dll
0x1400d1fd0 calloc
0x1400d1fd8 isdigit
0x1400d1fe0 _fmode
0x1400d1fe8 _commode
0x1400d1ff0 __setusermatherr
0x1400d1ff8 isspace
0x1400d2000 mbtowc
0x1400d2008 __mb_cur_max
0x1400d2010 isleadbyte
0x1400d2018 isxdigit
0x1400d2020 localeconv
0x1400d2028 _snprintf
0x1400d2030 __set_app_type
0x1400d2038 _itoa
0x1400d2040 wctomb
0x1400d2048 ferror
0x1400d2050 iswctype
0x1400d2058 wcstombs
0x1400d2060 ?terminate@@YAXXZ
0x1400d2068 __badioinfo
0x1400d2070 __pioinfo
0x1400d2078 _read
0x1400d2080 _lseeki64
0x1400d2088 _write
0x1400d2090 _isatty
0x1400d2098 ungetc
0x1400d20a0 _amsg_exit
0x1400d20a8 _initterm
0x1400d20b0 fclose
0x1400d20b8 _setmode
0x1400d20c0 vwprintf
0x1400d20c8 exit
0x1400d20d0 _cexit
0x1400d20d8 _exit
0x1400d20e0 _XcptFilter
0x1400d20e8 __wgetmainargs
0x1400d20f0 __C_specific_handler
0x1400d20f8 memset
0x1400d2100 memcpy
0x1400d2108 _iob
0x1400d2110 getchar
0x1400d2118 _wpgmptr
0x1400d2120 fgetws
0x1400d2128 realloc
0x1400d2130 _msize
0x1400d2138 malloc
0x1400d2140 _vscprintf
0x1400d2148 _errno
0x1400d2150 free
0x1400d2158 _wcsdup
0x1400d2160 vfwprintf
0x1400d2168 fflush
0x1400d2170 _wfopen
0x1400d2178 wprintf
0x1400d2180 _fileno
EAT(Export Address Table) is none