ScreenShot
| Created | 2023.12.04 15:37 | Machine | s1_win7_x6401 |
| Filename | xmrig.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | edbbe60d5fc43c859be7363de9eb5798 | ||
| sha256 | cbc0c90dfd9f0a4c60d50b18802a3b62724706d819a6cb7940c73f4f6cb7b319 | ||
| ssdeep | 49152:UI3SAT1kBuJ+ybYpqYOBFOpTqj9l2WjGoWjymlhvCjPyFkbyPFLFZWZ:PMybY6QymlhGPyKeLFZE | ||
| imphash | 84c9afe62381050c8e60fdde0555e7e2 | ||
| impfuzzy | 96:VAl5DvGUJiL0cpeP5wgfT9kZ+r8DejCarPivWa1L+VG6loih8grbnshXP:I5Lp9wo9kwPDivWTE+rb2XP | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | XMRig_Miner_IN | XMRig Miner | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x1401f7790 getpeername
0x1401f7798 htons
0x1401f77a0 ntohs
0x1401f77a8 select
0x1401f77b0 WSARecvFrom
0x1401f77b8 WSASocketW
0x1401f77c0 WSASend
0x1401f77c8 WSARecv
0x1401f77d0 WSAIoctl
0x1401f77d8 WSADuplicateSocketW
0x1401f77e0 shutdown
0x1401f77e8 gethostname
0x1401f77f0 FreeAddrInfoW
0x1401f77f8 GetAddrInfoW
0x1401f7800 htonl
0x1401f7808 socket
0x1401f7810 setsockopt
0x1401f7818 listen
0x1401f7820 closesocket
0x1401f7828 ind
0x1401f7830 WSACleanup
0x1401f7838 WSAStartup
0x1401f7840 getsockopt
0x1401f7848 getsockname
0x1401f7850 ioctlsocket
0x1401f7858 WSAGetLastError
0x1401f7860 WSASetLastError
0x1401f7868 send
0x1401f7870 recv
IPHLPAPI.DLL
0x1401f70d8 GetAdaptersAddresses
USERENV.dll
0x1401f7780 GetUserProfileDirectoryW
CRYPT32.dll
0x1401f7098 CertGetCertificateContextProperty
0x1401f70a0 CertFreeCertificateContext
0x1401f70a8 CertDuplicateCertificateContext
0x1401f70b0 CertFindCertificateInStore
0x1401f70b8 CertEnumCertificatesInStore
0x1401f70c0 CertCloseStore
0x1401f70c8 CertOpenStore
KERNEL32.dll
0x1401f70e8 RtlPcToFileHeader
0x1401f70f0 RtlUnwindEx
0x1401f70f8 InitializeSListHead
0x1401f7100 IsDebuggerPresent
0x1401f7108 RaiseException
0x1401f7110 LoadLibraryExW
0x1401f7118 SetStdHandle
0x1401f7120 GetCommandLineA
0x1401f7128 GetCommandLineW
0x1401f7130 GetDriveTypeW
0x1401f7138 WriteConsoleW
0x1401f7140 SetConsoleTitleA
0x1401f7148 GetStdHandle
0x1401f7150 SetConsoleMode
0x1401f7158 GetConsoleMode
0x1401f7160 QueryPerformanceFrequency
0x1401f7168 QueryPerformanceCounter
0x1401f7170 SizeofResource
0x1401f7178 LockResource
0x1401f7180 LoadResource
0x1401f7188 FindResourceW
0x1401f7190 MultiByteToWideChar
0x1401f7198 GetCurrentProcess
0x1401f71a0 Sleep
0x1401f71a8 GetCurrentThread
0x1401f71b0 GetProcAddress
0x1401f71b8 GetModuleHandleW
0x1401f71c0 CloseHandle
0x1401f71c8 FreeConsole
0x1401f71d0 GetConsoleWindow
0x1401f71d8 SetLastError
0x1401f71e0 GetLastError
0x1401f71e8 GetSystemTime
0x1401f71f0 SystemTimeToFileTime
0x1401f71f8 GetModuleHandleExW
0x1401f7200 EnterCriticalSection
0x1401f7208 LeaveCriticalSection
0x1401f7210 InitializeCriticalSectionAndSpinCount
0x1401f7218 DeleteCriticalSection
0x1401f7220 GetCurrentThreadId
0x1401f7228 TlsAlloc
0x1401f7230 TlsGetValue
0x1401f7238 TlsSetValue
0x1401f7240 TlsFree
0x1401f7248 SwitchToFiber
0x1401f7250 DeleteFiber
0x1401f7258 CreateFiber
0x1401f7260 FindClose
0x1401f7268 FindFirstFileW
0x1401f7270 FindNextFileW
0x1401f7278 WideCharToMultiByte
0x1401f7280 GetFileType
0x1401f7288 WriteFile
0x1401f7290 ConvertFiberToThread
0x1401f7298 ConvertThreadToFiber
0x1401f72a0 GetCurrentProcessId
0x1401f72a8 GetSystemTimeAsFileTime
0x1401f72b0 FreeLibrary
0x1401f72b8 LoadLibraryA
0x1401f72c0 LoadLibraryW
0x1401f72c8 GetEnvironmentVariableW
0x1401f72d0 ReadConsoleA
0x1401f72d8 ReadConsoleW
0x1401f72e0 PostQueuedCompletionStatus
0x1401f72e8 CreateFileA
0x1401f72f0 CreateFileW
0x1401f72f8 DuplicateHandle
0x1401f7300 SetEvent
0x1401f7308 ResetEvent
0x1401f7310 WaitForSingleObject
0x1401f7318 CreateEventA
0x1401f7320 QueueUserWorkItem
0x1401f7328 RegisterWaitForSingleObject
0x1401f7330 UnregisterWait
0x1401f7338 GetNumberOfConsoleInputEvents
0x1401f7340 ReadConsoleInputW
0x1401f7348 FillConsoleOutputCharacterW
0x1401f7350 FillConsoleOutputAttribute
0x1401f7358 GetConsoleCursorInfo
0x1401f7360 SetConsoleCursorInfo
0x1401f7368 GetConsoleScreenBufferInfo
0x1401f7370 SetConsoleCursorPosition
0x1401f7378 SetConsoleTextAttribute
0x1401f7380 WriteConsoleInputW
0x1401f7388 CreateDirectoryW
0x1401f7390 FlushFileBuffers
0x1401f7398 SystemTimeToTzSpecificLocalTime
0x1401f73a0 GetFileAttributesW
0x1401f73a8 GetFileInformationByHandle
0x1401f73b0 GetFileSizeEx
0x1401f73b8 GetFinalPathNameByHandleW
0x1401f73c0 GetFullPathNameW
0x1401f73c8 ReadFile
0x1401f73d0 RemoveDirectoryW
0x1401f73d8 SetFilePointerEx
0x1401f73e0 SetFileTime
0x1401f73e8 DeviceIoControl
0x1401f73f0 GetSystemInfo
0x1401f73f8 MapViewOfFile
0x1401f7400 FlushViewOfFile
0x1401f7408 UnmapViewOfFile
0x1401f7410 CreateFileMappingA
0x1401f7418 ReOpenFile
0x1401f7420 CopyFileW
0x1401f7428 MoveFileExW
0x1401f7430 CreateHardLinkW
0x1401f7438 GetFileInformationByHandleEx
0x1401f7440 CreateSymbolicLinkW
0x1401f7448 InitializeCriticalSection
0x1401f7450 SetConsoleCtrlHandler
0x1401f7458 GetCurrentDirectoryW
0x1401f7460 GetLongPathNameW
0x1401f7468 GetShortPathNameW
0x1401f7470 CreateIoCompletionPort
0x1401f7478 ReadDirectoryChangesW
0x1401f7480 VerSetConditionMask
0x1401f7488 GetEnvironmentStringsW
0x1401f7490 FreeEnvironmentStringsW
0x1401f7498 SetEnvironmentVariableW
0x1401f74a0 SetCurrentDirectoryW
0x1401f74a8 GetTempPathW
0x1401f74b0 GlobalMemoryStatusEx
0x1401f74b8 RtlUnwind
0x1401f74c0 VerifyVersionInfoA
0x1401f74c8 FileTimeToSystemTime
0x1401f74d0 K32GetProcessMemoryInfo
0x1401f74d8 SetHandleInformation
0x1401f74e0 CancelIoEx
0x1401f74e8 CancelIo
0x1401f74f0 SwitchToThread
0x1401f74f8 SetFileCompletionNotificationModes
0x1401f7500 SetErrorMode
0x1401f7508 GetQueuedCompletionStatus
0x1401f7510 ConnectNamedPipe
0x1401f7518 SetNamedPipeHandleState
0x1401f7520 PeekNamedPipe
0x1401f7528 CreateNamedPipeW
0x1401f7530 CancelSynchronousIo
0x1401f7538 LocalFree
0x1401f7540 GetNamedPipeHandleStateA
0x1401f7548 TerminateProcess
0x1401f7550 GetExitCodeProcess
0x1401f7558 UnregisterWaitEx
0x1401f7560 LCMapStringW
0x1401f7568 DebugBreak
0x1401f7570 FormatMessageA
0x1401f7578 InitializeSRWLock
0x1401f7580 ReleaseSRWLockExclusive
0x1401f7588 AcquireSRWLockExclusive
0x1401f7590 TryEnterCriticalSection
0x1401f7598 InitializeConditionVariable
0x1401f75a0 WakeConditionVariable
0x1401f75a8 SleepConditionVariableCS
0x1401f75b0 ReleaseSemaphore
0x1401f75b8 ResumeThread
0x1401f75c0 GetNativeSystemInfo
0x1401f75c8 CreateSemaphoreA
0x1401f75d0 GetModuleHandleA
0x1401f75d8 LoadLibraryExA
0x1401f75e0 GetStartupInfoW
0x1401f75e8 IsProcessorFeaturePresent
0x1401f75f0 SetUnhandledExceptionFilter
0x1401f75f8 UnhandledExceptionFilter
0x1401f7600 RtlVirtualUnwind
0x1401f7608 RtlLookupFunctionEntry
0x1401f7610 RtlCaptureContext
0x1401f7618 CreateEventW
0x1401f7620 GetStringTypeW
0x1401f7628 ExitProcess
0x1401f7630 GetFileAttributesExW
0x1401f7638 SetFileAttributesW
0x1401f7640 GetConsoleCP
0x1401f7648 CreateThread
0x1401f7650 ExitThread
0x1401f7658 FreeLibraryAndExitThread
0x1401f7660 HeapAlloc
0x1401f7668 HeapFree
0x1401f7670 CompareStringW
0x1401f7678 GetLocaleInfoW
0x1401f7680 IsValidLocale
0x1401f7688 GetUserDefaultLCID
0x1401f7690 EnumSystemLocalesW
0x1401f7698 HeapReAlloc
0x1401f76a0 GetTimeZoneInformation
0x1401f76a8 FindFirstFileExW
0x1401f76b0 IsValidCodePage
0x1401f76b8 GetACP
0x1401f76c0 GetOEMCP
0x1401f76c8 GetProcessHeap
0x1401f76d0 HeapSize
0x1401f76d8 SetEndOfFile
0x1401f76e0 GetDiskFreeSpaceW
0x1401f76e8 GetModuleFileNameW
0x1401f76f0 InitializeCriticalSectionEx
0x1401f76f8 WaitForSingleObjectEx
0x1401f7700 EncodePointer
0x1401f7708 DecodePointer
0x1401f7710 LCMapStringEx
0x1401f7718 CompareStringEx
0x1401f7720 GetCPInfo
USER32.dll
0x1401f7730 MessageBoxW
0x1401f7738 ShowWindow
0x1401f7740 GetSystemMetrics
0x1401f7748 MapVirtualKeyW
0x1401f7750 DispatchMessageA
0x1401f7758 TranslateMessage
0x1401f7760 GetMessageA
0x1401f7768 GetProcessWindowStation
0x1401f7770 GetUserObjectInformationW
ADVAPI32.dll
0x1401f7000 SystemFunction036
0x1401f7008 GetUserNameW
0x1401f7010 OpenProcessToken
0x1401f7018 CryptEnumProvidersW
0x1401f7020 CryptSignHashW
0x1401f7028 CryptDestroyHash
0x1401f7030 CryptCreateHash
0x1401f7038 CryptDecrypt
0x1401f7040 CryptExportKey
0x1401f7048 CryptGetUserKey
0x1401f7050 CryptGetProvParam
0x1401f7058 CryptSetHashParam
0x1401f7060 CryptDestroyKey
0x1401f7068 CryptReleaseContext
0x1401f7070 CryptAcquireContextW
0x1401f7078 ReportEventW
0x1401f7080 RegisterEventSourceW
0x1401f7088 DeregisterEventSource
crypt.dll
0x1401f7880 BCryptGenRandom
EAT(Export Address Table) is none
WS2_32.dll
0x1401f7790 getpeername
0x1401f7798 htons
0x1401f77a0 ntohs
0x1401f77a8 select
0x1401f77b0 WSARecvFrom
0x1401f77b8 WSASocketW
0x1401f77c0 WSASend
0x1401f77c8 WSARecv
0x1401f77d0 WSAIoctl
0x1401f77d8 WSADuplicateSocketW
0x1401f77e0 shutdown
0x1401f77e8 gethostname
0x1401f77f0 FreeAddrInfoW
0x1401f77f8 GetAddrInfoW
0x1401f7800 htonl
0x1401f7808 socket
0x1401f7810 setsockopt
0x1401f7818 listen
0x1401f7820 closesocket
0x1401f7828 ind
0x1401f7830 WSACleanup
0x1401f7838 WSAStartup
0x1401f7840 getsockopt
0x1401f7848 getsockname
0x1401f7850 ioctlsocket
0x1401f7858 WSAGetLastError
0x1401f7860 WSASetLastError
0x1401f7868 send
0x1401f7870 recv
IPHLPAPI.DLL
0x1401f70d8 GetAdaptersAddresses
USERENV.dll
0x1401f7780 GetUserProfileDirectoryW
CRYPT32.dll
0x1401f7098 CertGetCertificateContextProperty
0x1401f70a0 CertFreeCertificateContext
0x1401f70a8 CertDuplicateCertificateContext
0x1401f70b0 CertFindCertificateInStore
0x1401f70b8 CertEnumCertificatesInStore
0x1401f70c0 CertCloseStore
0x1401f70c8 CertOpenStore
KERNEL32.dll
0x1401f70e8 RtlPcToFileHeader
0x1401f70f0 RtlUnwindEx
0x1401f70f8 InitializeSListHead
0x1401f7100 IsDebuggerPresent
0x1401f7108 RaiseException
0x1401f7110 LoadLibraryExW
0x1401f7118 SetStdHandle
0x1401f7120 GetCommandLineA
0x1401f7128 GetCommandLineW
0x1401f7130 GetDriveTypeW
0x1401f7138 WriteConsoleW
0x1401f7140 SetConsoleTitleA
0x1401f7148 GetStdHandle
0x1401f7150 SetConsoleMode
0x1401f7158 GetConsoleMode
0x1401f7160 QueryPerformanceFrequency
0x1401f7168 QueryPerformanceCounter
0x1401f7170 SizeofResource
0x1401f7178 LockResource
0x1401f7180 LoadResource
0x1401f7188 FindResourceW
0x1401f7190 MultiByteToWideChar
0x1401f7198 GetCurrentProcess
0x1401f71a0 Sleep
0x1401f71a8 GetCurrentThread
0x1401f71b0 GetProcAddress
0x1401f71b8 GetModuleHandleW
0x1401f71c0 CloseHandle
0x1401f71c8 FreeConsole
0x1401f71d0 GetConsoleWindow
0x1401f71d8 SetLastError
0x1401f71e0 GetLastError
0x1401f71e8 GetSystemTime
0x1401f71f0 SystemTimeToFileTime
0x1401f71f8 GetModuleHandleExW
0x1401f7200 EnterCriticalSection
0x1401f7208 LeaveCriticalSection
0x1401f7210 InitializeCriticalSectionAndSpinCount
0x1401f7218 DeleteCriticalSection
0x1401f7220 GetCurrentThreadId
0x1401f7228 TlsAlloc
0x1401f7230 TlsGetValue
0x1401f7238 TlsSetValue
0x1401f7240 TlsFree
0x1401f7248 SwitchToFiber
0x1401f7250 DeleteFiber
0x1401f7258 CreateFiber
0x1401f7260 FindClose
0x1401f7268 FindFirstFileW
0x1401f7270 FindNextFileW
0x1401f7278 WideCharToMultiByte
0x1401f7280 GetFileType
0x1401f7288 WriteFile
0x1401f7290 ConvertFiberToThread
0x1401f7298 ConvertThreadToFiber
0x1401f72a0 GetCurrentProcessId
0x1401f72a8 GetSystemTimeAsFileTime
0x1401f72b0 FreeLibrary
0x1401f72b8 LoadLibraryA
0x1401f72c0 LoadLibraryW
0x1401f72c8 GetEnvironmentVariableW
0x1401f72d0 ReadConsoleA
0x1401f72d8 ReadConsoleW
0x1401f72e0 PostQueuedCompletionStatus
0x1401f72e8 CreateFileA
0x1401f72f0 CreateFileW
0x1401f72f8 DuplicateHandle
0x1401f7300 SetEvent
0x1401f7308 ResetEvent
0x1401f7310 WaitForSingleObject
0x1401f7318 CreateEventA
0x1401f7320 QueueUserWorkItem
0x1401f7328 RegisterWaitForSingleObject
0x1401f7330 UnregisterWait
0x1401f7338 GetNumberOfConsoleInputEvents
0x1401f7340 ReadConsoleInputW
0x1401f7348 FillConsoleOutputCharacterW
0x1401f7350 FillConsoleOutputAttribute
0x1401f7358 GetConsoleCursorInfo
0x1401f7360 SetConsoleCursorInfo
0x1401f7368 GetConsoleScreenBufferInfo
0x1401f7370 SetConsoleCursorPosition
0x1401f7378 SetConsoleTextAttribute
0x1401f7380 WriteConsoleInputW
0x1401f7388 CreateDirectoryW
0x1401f7390 FlushFileBuffers
0x1401f7398 SystemTimeToTzSpecificLocalTime
0x1401f73a0 GetFileAttributesW
0x1401f73a8 GetFileInformationByHandle
0x1401f73b0 GetFileSizeEx
0x1401f73b8 GetFinalPathNameByHandleW
0x1401f73c0 GetFullPathNameW
0x1401f73c8 ReadFile
0x1401f73d0 RemoveDirectoryW
0x1401f73d8 SetFilePointerEx
0x1401f73e0 SetFileTime
0x1401f73e8 DeviceIoControl
0x1401f73f0 GetSystemInfo
0x1401f73f8 MapViewOfFile
0x1401f7400 FlushViewOfFile
0x1401f7408 UnmapViewOfFile
0x1401f7410 CreateFileMappingA
0x1401f7418 ReOpenFile
0x1401f7420 CopyFileW
0x1401f7428 MoveFileExW
0x1401f7430 CreateHardLinkW
0x1401f7438 GetFileInformationByHandleEx
0x1401f7440 CreateSymbolicLinkW
0x1401f7448 InitializeCriticalSection
0x1401f7450 SetConsoleCtrlHandler
0x1401f7458 GetCurrentDirectoryW
0x1401f7460 GetLongPathNameW
0x1401f7468 GetShortPathNameW
0x1401f7470 CreateIoCompletionPort
0x1401f7478 ReadDirectoryChangesW
0x1401f7480 VerSetConditionMask
0x1401f7488 GetEnvironmentStringsW
0x1401f7490 FreeEnvironmentStringsW
0x1401f7498 SetEnvironmentVariableW
0x1401f74a0 SetCurrentDirectoryW
0x1401f74a8 GetTempPathW
0x1401f74b0 GlobalMemoryStatusEx
0x1401f74b8 RtlUnwind
0x1401f74c0 VerifyVersionInfoA
0x1401f74c8 FileTimeToSystemTime
0x1401f74d0 K32GetProcessMemoryInfo
0x1401f74d8 SetHandleInformation
0x1401f74e0 CancelIoEx
0x1401f74e8 CancelIo
0x1401f74f0 SwitchToThread
0x1401f74f8 SetFileCompletionNotificationModes
0x1401f7500 SetErrorMode
0x1401f7508 GetQueuedCompletionStatus
0x1401f7510 ConnectNamedPipe
0x1401f7518 SetNamedPipeHandleState
0x1401f7520 PeekNamedPipe
0x1401f7528 CreateNamedPipeW
0x1401f7530 CancelSynchronousIo
0x1401f7538 LocalFree
0x1401f7540 GetNamedPipeHandleStateA
0x1401f7548 TerminateProcess
0x1401f7550 GetExitCodeProcess
0x1401f7558 UnregisterWaitEx
0x1401f7560 LCMapStringW
0x1401f7568 DebugBreak
0x1401f7570 FormatMessageA
0x1401f7578 InitializeSRWLock
0x1401f7580 ReleaseSRWLockExclusive
0x1401f7588 AcquireSRWLockExclusive
0x1401f7590 TryEnterCriticalSection
0x1401f7598 InitializeConditionVariable
0x1401f75a0 WakeConditionVariable
0x1401f75a8 SleepConditionVariableCS
0x1401f75b0 ReleaseSemaphore
0x1401f75b8 ResumeThread
0x1401f75c0 GetNativeSystemInfo
0x1401f75c8 CreateSemaphoreA
0x1401f75d0 GetModuleHandleA
0x1401f75d8 LoadLibraryExA
0x1401f75e0 GetStartupInfoW
0x1401f75e8 IsProcessorFeaturePresent
0x1401f75f0 SetUnhandledExceptionFilter
0x1401f75f8 UnhandledExceptionFilter
0x1401f7600 RtlVirtualUnwind
0x1401f7608 RtlLookupFunctionEntry
0x1401f7610 RtlCaptureContext
0x1401f7618 CreateEventW
0x1401f7620 GetStringTypeW
0x1401f7628 ExitProcess
0x1401f7630 GetFileAttributesExW
0x1401f7638 SetFileAttributesW
0x1401f7640 GetConsoleCP
0x1401f7648 CreateThread
0x1401f7650 ExitThread
0x1401f7658 FreeLibraryAndExitThread
0x1401f7660 HeapAlloc
0x1401f7668 HeapFree
0x1401f7670 CompareStringW
0x1401f7678 GetLocaleInfoW
0x1401f7680 IsValidLocale
0x1401f7688 GetUserDefaultLCID
0x1401f7690 EnumSystemLocalesW
0x1401f7698 HeapReAlloc
0x1401f76a0 GetTimeZoneInformation
0x1401f76a8 FindFirstFileExW
0x1401f76b0 IsValidCodePage
0x1401f76b8 GetACP
0x1401f76c0 GetOEMCP
0x1401f76c8 GetProcessHeap
0x1401f76d0 HeapSize
0x1401f76d8 SetEndOfFile
0x1401f76e0 GetDiskFreeSpaceW
0x1401f76e8 GetModuleFileNameW
0x1401f76f0 InitializeCriticalSectionEx
0x1401f76f8 WaitForSingleObjectEx
0x1401f7700 EncodePointer
0x1401f7708 DecodePointer
0x1401f7710 LCMapStringEx
0x1401f7718 CompareStringEx
0x1401f7720 GetCPInfo
USER32.dll
0x1401f7730 MessageBoxW
0x1401f7738 ShowWindow
0x1401f7740 GetSystemMetrics
0x1401f7748 MapVirtualKeyW
0x1401f7750 DispatchMessageA
0x1401f7758 TranslateMessage
0x1401f7760 GetMessageA
0x1401f7768 GetProcessWindowStation
0x1401f7770 GetUserObjectInformationW
ADVAPI32.dll
0x1401f7000 SystemFunction036
0x1401f7008 GetUserNameW
0x1401f7010 OpenProcessToken
0x1401f7018 CryptEnumProvidersW
0x1401f7020 CryptSignHashW
0x1401f7028 CryptDestroyHash
0x1401f7030 CryptCreateHash
0x1401f7038 CryptDecrypt
0x1401f7040 CryptExportKey
0x1401f7048 CryptGetUserKey
0x1401f7050 CryptGetProvParam
0x1401f7058 CryptSetHashParam
0x1401f7060 CryptDestroyKey
0x1401f7068 CryptReleaseContext
0x1401f7070 CryptAcquireContextW
0x1401f7078 ReportEventW
0x1401f7080 RegisterEventSourceW
0x1401f7088 DeregisterEventSource
crypt.dll
0x1401f7880 BCryptGenRandom
EAT(Export Address Table) is none