ScreenShot
| Created | 2024.07.04 09:41 | Machine | s1_win7_x6401 |
| Filename | Bitwarden-Installer-2024.6.3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 10 detected (FileRepMalware, Lumma, VIDAR, YXEGDZ, score, Stealc, Wacapew) | ||
| md5 | 06e9439beabd1813ff13295adbba48ff | ||
| sha256 | 47eb2e1f94933fc6da9cf436804c0a303c539de3ce93c7dfaa6b427625447a22 | ||
| ssdeep | 98304:a84BwyMWieDN4+F/8njOyiiqTdAGlucxG3:aAEwnjOy5qzlucE3 | ||
| imphash | 79dbe573912bfd2d08a3c01a29dfeaed | ||
| impfuzzy | 192:YEfHOkw4gB2+/GmW0nFGyCuuSS2p9H73Nq142TmKU9GG:5Rk2iGmXFGyCuumH7jbKUwG | ||
Network IP location
Signature (26cnts)
| Level | Description |
|---|---|
| watch | Checks the CPU name from registry |
| watch | Collects information about installed applications |
| watch | Communicates with host for which no DNS query was performed |
| watch | Deletes executed files from disk |
| watch | Executes one or more WMI queries |
| watch | File has been identified by 10 AntiVirus engines on VirusTotal as malicious |
| watch | Harvests credentials from local FTP client softwares |
| watch | Network activity contains more than one unique useragent |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | Drops an executable to the user AppData folder |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Queries for potentially installed applications |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
| info | Tries to locate where the browsers are installed |
Rules (25cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | ftp_command | ftp command | binaries (download) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (6cnts) ?
Suricata ids
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
PE API
IAT(Import Address Table) Library
UIAutomationCore.DLL
0x6cd544 UiaHostProviderFromHwnd
0x6cd548 UiaReturnRawElementProvider
0x6cd54c UiaRaiseAutomationPropertyChangedEvent
0x6cd550 UiaRaiseAutomationEvent
0x6cd554 UiaClientsAreListening
MSIMG32.dll
0x6cd4f4 AlphaBlend
RPCRT4.dll
0x6cd510 UuidToStringA
0x6cd514 RpcStringFreeA
0x6cd518 UuidCreate
WS2_32.dll
0x6cd684 ind
0x6cd688 socket
0x6cd68c freeaddrinfo
0x6cd690 getaddrinfo
0x6cd694 WSASetLastError
0x6cd698 htons
0x6cd69c WSACleanup
0x6cd6a0 WSAStartup
0x6cd6a4 connect
0x6cd6a8 htonl
0x6cd6ac WSAGetLastError
0x6cd6b0 gethostname
0x6cd6b4 closesocket
0x6cd6b8 shutdown
0x6cd6bc ntohl
0x6cd6c0 getpeername
0x6cd6c4 getsockname
0x6cd6c8 getsockopt
0x6cd6cc ntohs
0x6cd6d0 setsockopt
0x6cd6d4 WSAIoctl
0x6cd6d8 recvfrom
0x6cd6dc sendto
0x6cd6e0 accept
0x6cd6e4 listen
0x6cd6e8 __WSAFDIsSet
0x6cd6ec select
0x6cd6f0 ioctlsocket
0x6cd6f4 send
0x6cd6f8 recv
VERSION.dll
0x6cd628 GetFileVersionInfoSizeW
0x6cd62c VerQueryValueW
0x6cd630 GetFileVersionInfoW
KERNEL32.dll
0x6cd170 GetThreadPriority
0x6cd174 GetLogicalProcessorInformation
0x6cd178 CreateTimerQueueTimer
0x6cd17c ChangeTimerQueueTimer
0x6cd180 DeleteTimerQueueTimer
0x6cd184 GetNumaHighestNodeNumber
0x6cd188 GetProcessAffinityMask
0x6cd18c SetThreadAffinityMask
0x6cd190 RegisterWaitForSingleObject
0x6cd194 UnregisterWait
0x6cd198 GetThreadTimes
0x6cd19c FreeLibraryAndExitThread
0x6cd1a0 GetModuleFileNameW
0x6cd1a4 GetModuleHandleA
0x6cd1a8 LoadLibraryExW
0x6cd1ac VirtualAlloc
0x6cd1b0 VirtualProtect
0x6cd1b4 VirtualFree
0x6cd1b8 ReleaseSemaphore
0x6cd1bc InterlockedPopEntrySList
0x6cd1c0 InterlockedPushEntrySList
0x6cd1c4 InterlockedFlushSList
0x6cd1c8 QueryDepthSList
0x6cd1cc UnregisterWaitEx
0x6cd1d0 WaitForSingleObject
0x6cd1d4 RtlUnwind
0x6cd1d8 ExitProcess
0x6cd1dc GetModuleHandleExW
0x6cd1e0 GetStdHandle
0x6cd1e4 GetFileType
0x6cd1e8 GetModuleFileNameA
0x6cd1ec WriteConsoleW
0x6cd1f0 ExitThread
0x6cd1f4 ResumeThread
0x6cd1f8 WriteFile
0x6cd1fc GetACP
0x6cd200 SetConsoleCtrlHandler
0x6cd204 HeapReAlloc
0x6cd208 FlushFileBuffers
0x6cd20c GetConsoleCP
0x6cd210 GetConsoleMode
0x6cd214 OutputDebugStringA
0x6cd218 GetDateFormatW
0x6cd21c GetTimeFormatW
0x6cd220 IsValidLocale
0x6cd224 GetUserDefaultLCID
0x6cd228 EnumSystemLocalesW
0x6cd22c ReadFile
0x6cd230 ReadConsoleW
0x6cd234 SetFilePointerEx
0x6cd238 GetTimeZoneInformation
0x6cd23c FindClose
0x6cd240 FindFirstFileExW
0x6cd244 FindNextFileW
0x6cd248 IsValidCodePage
0x6cd24c CreateThread
0x6cd250 GetCommandLineA
0x6cd254 GetCommandLineW
0x6cd258 GetEnvironmentStringsW
0x6cd25c FreeEnvironmentStringsW
0x6cd260 SetEnvironmentVariableA
0x6cd264 SetStdHandle
0x6cd268 HeapSize
0x6cd26c CreateFileW
0x6cd270 SetEndOfFile
0x6cd274 GetTickCount64
0x6cd278 SleepEx
0x6cd27c PeekNamedPipe
0x6cd280 WaitForMultipleObjects
0x6cd284 ExpandEnvironmentStringsA
0x6cd288 FormatMessageA
0x6cd28c VerSetConditionMask
0x6cd290 GetSystemDirectoryA
0x6cd294 LoadLibraryA
0x6cd298 VerifyVersionInfoA
0x6cd29c CreateFileA
0x6cd2a0 GetFileSizeEx
0x6cd2a4 InitializeCriticalSection
0x6cd2a8 GetEnvironmentVariableW
0x6cd2ac SetCurrentDirectoryW
0x6cd2b0 GetCurrentDirectoryW
0x6cd2b4 CreateDirectoryW
0x6cd2b8 DeleteFileW
0x6cd2bc FindFirstFileW
0x6cd2c0 GetDiskFreeSpaceExW
0x6cd2c4 GetFileAttributesW
0x6cd2c8 GetFileAttributesExW
0x6cd2cc GetFileInformationByHandle
0x6cd2d0 GetFileTime
0x6cd2d4 GetFullPathNameW
0x6cd2d8 RemoveDirectoryW
0x6cd2dc SetFileAttributesW
0x6cd2e0 SetFileTime
0x6cd2e4 DeviceIoControl
0x6cd2e8 MoveFileExW
0x6cd2ec AreFileApisANSI
0x6cd2f0 OpenEventA
0x6cd2f4 SetWaitableTimer
0x6cd2f8 GetSystemInfo
0x6cd2fc CreateWaitableTimerA
0x6cd300 DeactivateActCtx
0x6cd304 ActivateActCtx
0x6cd308 CreateActCtxW
0x6cd30c AcquireSRWLockExclusive
0x6cd310 ReleaseSRWLockExclusive
0x6cd314 SystemTimeToTzSpecificLocalTime
0x6cd318 GetDriveTypeW
0x6cd31c lstrlenW
0x6cd320 VirtualUnlock
0x6cd324 ReleaseMutex
0x6cd328 CreateMutexA
0x6cd32c GlobalFree
0x6cd330 GetExitCodeProcess
0x6cd334 OpenThread
0x6cd338 CreateFiber
0x6cd33c VirtualQuery
0x6cd340 MoveFileW
0x6cd344 ConvertThreadToFiber
0x6cd348 CreateFiberEx
0x6cd34c WaitNamedPipeW
0x6cd350 SetFileValidData
0x6cd354 IsBadReadPtr
0x6cd358 GlobalMemoryStatus
0x6cd35c Module32NextW
0x6cd360 VerifyVersionInfoW
0x6cd364 SignalObjectAndWait
0x6cd368 CreateTimerQueue
0x6cd36c OutputDebugStringW
0x6cd370 TerminateProcess
0x6cd374 IsProcessorFeaturePresent
0x6cd378 GetStartupInfoW
0x6cd37c SetUnhandledExceptionFilter
0x6cd380 UnhandledExceptionFilter
0x6cd384 IsDebuggerPresent
0x6cd388 InitializeSListHead
0x6cd38c GetCurrentProcessId
0x6cd390 ResetEvent
0x6cd394 GetStringTypeW
0x6cd398 GetLocaleInfoW
0x6cd39c LCMapStringW
0x6cd3a0 CompareStringW
0x6cd3a4 GetCPInfo
0x6cd3a8 SetThreadPriority
0x6cd3ac MultiByteToWideChar
0x6cd3b0 GetSystemTimeAsFileTime
0x6cd3b4 TlsFree
0x6cd3b8 TlsSetValue
0x6cd3bc TlsGetValue
0x6cd3c0 TlsAlloc
0x6cd3c4 CreateEventW
0x6cd3c8 InitializeCriticalSectionAndSpinCount
0x6cd3cc SetLastError
0x6cd3d0 EncodePointer
0x6cd3d4 GetExitCodeThread
0x6cd3d8 SwitchToThread
0x6cd3dc Sleep
0x6cd3e0 WaitForSingleObjectEx
0x6cd3e4 DuplicateHandle
0x6cd3e8 GetCurrentThreadId
0x6cd3ec TryEnterCriticalSection
0x6cd3f0 LeaveCriticalSection
0x6cd3f4 EnterCriticalSection
0x6cd3f8 QueryPerformanceFrequency
0x6cd3fc QueryPerformanceCounter
0x6cd400 WideCharToMultiByte
0x6cd404 GetCurrentThread
0x6cd408 GetCurrentProcess
0x6cd40c LocalFree
0x6cd410 OpenProcess
0x6cd414 GetVersionExW
0x6cd418 LocalAlloc
0x6cd41c FindResourceW
0x6cd420 LoadResource
0x6cd424 LockResource
0x6cd428 SizeofResource
0x6cd42c CreateEventA
0x6cd430 GetProcessHeap
0x6cd434 HeapAlloc
0x6cd438 CloseHandle
0x6cd43c SetEvent
0x6cd440 SystemTimeToFileTime
0x6cd444 GetComputerNameW
0x6cd448 lstrcpynA
0x6cd44c GetFileSize
0x6cd450 GetThreadContext
0x6cd454 GetLocalTime
0x6cd458 HeapFree
0x6cd45c GetUserDefaultLangID
0x6cd460 GetTickCount
0x6cd464 FreeLibrary
0x6cd468 GetModuleHandleW
0x6cd46c DeleteCriticalSection
0x6cd470 GetProcAddress
0x6cd474 DecodePointer
0x6cd478 LoadLibraryW
0x6cd47c RaiseException
0x6cd480 GetLastError
0x6cd484 InitializeCriticalSectionEx
0x6cd488 ConvertFiberToThread
0x6cd48c ReadConsoleA
0x6cd490 SetConsoleMode
0x6cd494 GetOEMCP
0x6cd498 Module32FirstW
0x6cd49c Process32Next
0x6cd4a0 DeleteFileA
0x6cd4a4 FileTimeToSystemTime
0x6cd4a8 GetTempPathA
0x6cd4ac CreateToolhelp32Snapshot
0x6cd4b0 SwitchToFiber
0x6cd4b4 SuspendThread
0x6cd4b8 IsBadStringPtrA
0x6cd4bc Thread32First
0x6cd4c0 GetCompressedFileSizeW
0x6cd4c4 SetFilePointer
0x6cd4c8 Thread32Next
0x6cd4cc GetProcessId
0x6cd4d0 DeleteFiber
0x6cd4d4 GetVolumeInformationW
0x6cd4d8 SetNamedPipeHandleState
0x6cd4dc Process32First
0x6cd4e0 IsBadWritePtr
0x6cd4e4 RtlCaptureContext
0x6cd4e8 GetShortPathNameW
0x6cd4ec GetDiskFreeSpaceW
USER32.dll
0x6cd55c AllowSetForegroundWindow
0x6cd560 GetDesktopWindow
0x6cd564 MessageBoxA
0x6cd568 GetDC
0x6cd56c DrawTextW
0x6cd570 GetWindowLongW
0x6cd574 DefWindowProcW
0x6cd578 AdjustWindowRectEx
0x6cd57c GetWindowRect
0x6cd580 DestroyWindow
0x6cd584 SetWindowPos
0x6cd588 MessageBoxW
0x6cd58c CreateWindowExW
0x6cd590 SendMessageW
0x6cd594 GetSystemMetrics
0x6cd598 SetWindowTextW
0x6cd59c RegisterClassExW
0x6cd5a0 ShowWindow
0x6cd5a4 DispatchMessageW
0x6cd5a8 SetTimer
0x6cd5ac PeekMessageW
0x6cd5b0 TrackMouseEvent
0x6cd5b4 TranslateMessage
0x6cd5b8 LoadIconW
0x6cd5bc LoadCursorW
0x6cd5c0 SetCapture
0x6cd5c4 GetWindowDC
0x6cd5c8 SetWindowLongW
0x6cd5cc UpdateLayeredWindow
0x6cd5d0 PostQuitMessage
0x6cd5d4 ReleaseCapture
0x6cd5d8 InvalidateRect
0x6cd5dc IsIconic
0x6cd5e0 ReleaseDC
0x6cd5e4 GetCursorPos
0x6cd5e8 BeginPaint
0x6cd5ec EndPaint
0x6cd5f0 GetKeyState
0x6cd5f4 GetUserObjectInformationW
0x6cd5f8 ClientToScreen
0x6cd5fc PostMessageW
0x6cd600 GetForegroundWindow
0x6cd604 GetActiveWindow
0x6cd608 GetShellWindow
0x6cd60c GetWindowThreadProcessId
0x6cd610 CharLowerA
0x6cd614 SetFocus
0x6cd618 MoveWindow
0x6cd61c ScreenToClient
0x6cd620 GetProcessWindowStation
GDI32.dll
0x6cd124 CreateDIBSection
0x6cd128 GetObjectW
0x6cd12c DeleteObject
0x6cd130 AddFontMemResourceEx
0x6cd134 EnumFontFamiliesExW
0x6cd138 CreateFontW
0x6cd13c GetStockObject
0x6cd140 SetBkColor
0x6cd144 RoundRect
0x6cd148 SelectObject
0x6cd14c GetLayout
0x6cd150 SetLayout
0x6cd154 DeleteDC
0x6cd158 SetTextColor
0x6cd15c SetBkMode
0x6cd160 SetMapMode
0x6cd164 SetTextAlign
0x6cd168 CreateCompatibleDC
ADVAPI32.dll
0x6cd000 GetTokenInformation
0x6cd004 RegDeleteValueA
0x6cd008 OpenServiceW
0x6cd00c QueryServiceConfigW
0x6cd010 OpenProcessToken
0x6cd014 RegSetValueExA
0x6cd018 RegCreateKeyExA
0x6cd01c CryptEnumProvidersA
0x6cd020 CryptSignHashA
0x6cd024 CryptDecrypt
0x6cd028 CryptExportKey
0x6cd02c CryptGetUserKey
0x6cd030 CryptGetProvParam
0x6cd034 CryptSetHashParam
0x6cd038 CryptAcquireContextW
0x6cd03c ReportEventA
0x6cd040 RegisterEventSourceA
0x6cd044 DeregisterEventSource
0x6cd048 RegGetValueW
0x6cd04c RegSetValueExW
0x6cd050 SetEntriesInAclW
0x6cd054 ConvertSecurityDescriptorToStringSecurityDescriptorW
0x6cd058 SetNamedSecurityInfoW
0x6cd05c GetNamedSecurityInfoW
0x6cd060 GetFileSecurityW
0x6cd064 MapGenericMask
0x6cd068 BuildTrusteeWithSidW
0x6cd06c RegQueryValueExW
0x6cd070 LookupPrivilegeValueW
0x6cd074 AdjustTokenPrivileges
0x6cd078 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x6cd07c GetUserNameW
0x6cd080 DuplicateTokenEx
0x6cd084 OpenSCManagerW
0x6cd088 RegQueryValueExA
0x6cd08c CloseServiceHandle
0x6cd090 ConvertSidToStringSidA
0x6cd094 RegCloseKey
0x6cd098 RegOpenKeyExA
0x6cd09c OpenThreadToken
0x6cd0a0 DuplicateToken
0x6cd0a4 CryptEncrypt
0x6cd0a8 CryptImportKey
0x6cd0ac CryptDestroyKey
0x6cd0b0 CryptDestroyHash
0x6cd0b4 CryptHashData
0x6cd0b8 CryptCreateHash
0x6cd0bc CryptGenRandom
0x6cd0c0 CryptGetHashParam
0x6cd0c4 CryptReleaseContext
0x6cd0c8 CryptAcquireContextA
0x6cd0cc AccessCheck
0x6cd0d0 AllocateAndInitializeSid
SHELL32.dll
0x6cd520 SHGetFolderPathW
0x6cd524 ShellExecuteExA
0x6cd528 SHGetMalloc
0x6cd52c SHGetPathFromIDListW
0x6cd530 SHBrowseForFolderW
0x6cd534 ShellExecuteExW
0x6cd538 CommandLineToArgvW
0x6cd53c FindExecutableA
ole32.dll
0x6cd700 CoTaskMemFree
0x6cd704 CoCreateInstance
WINTRUST.dll
0x6cd67c WinVerifyTrust
CRYPT32.dll
0x6cd0d8 CertOpenStore
0x6cd0dc CertCloseStore
0x6cd0e0 CertFindCertificateInStore
0x6cd0e4 CertFreeCertificateContext
0x6cd0e8 CryptStringToBinaryA
0x6cd0ec CertAddCertificateContextToStore
0x6cd0f0 CertGetNameStringA
0x6cd0f4 CryptQueryObject
0x6cd0f8 CertCreateCertificateChainEngine
0x6cd0fc CertGetCertificateChain
0x6cd100 CertFreeCertificateChain
0x6cd104 CryptMsgClose
0x6cd108 CryptMsgGetParam
0x6cd10c CertGetNameStringW
0x6cd110 CertEnumCertificatesInStore
0x6cd114 CertDuplicateCertificateContext
0x6cd118 CertGetCertificateContextProperty
0x6cd11c CertFreeCertificateChainEngine
WININET.dll
0x6cd64c HttpSendRequestA
0x6cd650 InternetCloseHandle
0x6cd654 InternetSetStatusCallbackA
0x6cd658 InternetOpenA
0x6cd65c InternetReadFileExA
0x6cd660 InternetSetCookieW
0x6cd664 InternetSetOptionA
0x6cd668 InternetCrackUrlA
0x6cd66c HttpOpenRequestA
0x6cd670 HttpQueryInfoA
0x6cd674 InternetConnectA
WINHTTP.dll
0x6cd638 WinHttpCloseHandle
0x6cd63c WinHttpGetIEProxyConfigForCurrentUser
0x6cd640 WinHttpGetProxyForUrl
0x6cd644 WinHttpOpen
OLEAUT32.dll
0x6cd4fc VariantClear
0x6cd500 SysAllocString
0x6cd504 SafeArrayCreateVector
0x6cd508 SafeArrayPutElement
EAT(Export Address Table) is none
UIAutomationCore.DLL
0x6cd544 UiaHostProviderFromHwnd
0x6cd548 UiaReturnRawElementProvider
0x6cd54c UiaRaiseAutomationPropertyChangedEvent
0x6cd550 UiaRaiseAutomationEvent
0x6cd554 UiaClientsAreListening
MSIMG32.dll
0x6cd4f4 AlphaBlend
RPCRT4.dll
0x6cd510 UuidToStringA
0x6cd514 RpcStringFreeA
0x6cd518 UuidCreate
WS2_32.dll
0x6cd684 ind
0x6cd688 socket
0x6cd68c freeaddrinfo
0x6cd690 getaddrinfo
0x6cd694 WSASetLastError
0x6cd698 htons
0x6cd69c WSACleanup
0x6cd6a0 WSAStartup
0x6cd6a4 connect
0x6cd6a8 htonl
0x6cd6ac WSAGetLastError
0x6cd6b0 gethostname
0x6cd6b4 closesocket
0x6cd6b8 shutdown
0x6cd6bc ntohl
0x6cd6c0 getpeername
0x6cd6c4 getsockname
0x6cd6c8 getsockopt
0x6cd6cc ntohs
0x6cd6d0 setsockopt
0x6cd6d4 WSAIoctl
0x6cd6d8 recvfrom
0x6cd6dc sendto
0x6cd6e0 accept
0x6cd6e4 listen
0x6cd6e8 __WSAFDIsSet
0x6cd6ec select
0x6cd6f0 ioctlsocket
0x6cd6f4 send
0x6cd6f8 recv
VERSION.dll
0x6cd628 GetFileVersionInfoSizeW
0x6cd62c VerQueryValueW
0x6cd630 GetFileVersionInfoW
KERNEL32.dll
0x6cd170 GetThreadPriority
0x6cd174 GetLogicalProcessorInformation
0x6cd178 CreateTimerQueueTimer
0x6cd17c ChangeTimerQueueTimer
0x6cd180 DeleteTimerQueueTimer
0x6cd184 GetNumaHighestNodeNumber
0x6cd188 GetProcessAffinityMask
0x6cd18c SetThreadAffinityMask
0x6cd190 RegisterWaitForSingleObject
0x6cd194 UnregisterWait
0x6cd198 GetThreadTimes
0x6cd19c FreeLibraryAndExitThread
0x6cd1a0 GetModuleFileNameW
0x6cd1a4 GetModuleHandleA
0x6cd1a8 LoadLibraryExW
0x6cd1ac VirtualAlloc
0x6cd1b0 VirtualProtect
0x6cd1b4 VirtualFree
0x6cd1b8 ReleaseSemaphore
0x6cd1bc InterlockedPopEntrySList
0x6cd1c0 InterlockedPushEntrySList
0x6cd1c4 InterlockedFlushSList
0x6cd1c8 QueryDepthSList
0x6cd1cc UnregisterWaitEx
0x6cd1d0 WaitForSingleObject
0x6cd1d4 RtlUnwind
0x6cd1d8 ExitProcess
0x6cd1dc GetModuleHandleExW
0x6cd1e0 GetStdHandle
0x6cd1e4 GetFileType
0x6cd1e8 GetModuleFileNameA
0x6cd1ec WriteConsoleW
0x6cd1f0 ExitThread
0x6cd1f4 ResumeThread
0x6cd1f8 WriteFile
0x6cd1fc GetACP
0x6cd200 SetConsoleCtrlHandler
0x6cd204 HeapReAlloc
0x6cd208 FlushFileBuffers
0x6cd20c GetConsoleCP
0x6cd210 GetConsoleMode
0x6cd214 OutputDebugStringA
0x6cd218 GetDateFormatW
0x6cd21c GetTimeFormatW
0x6cd220 IsValidLocale
0x6cd224 GetUserDefaultLCID
0x6cd228 EnumSystemLocalesW
0x6cd22c ReadFile
0x6cd230 ReadConsoleW
0x6cd234 SetFilePointerEx
0x6cd238 GetTimeZoneInformation
0x6cd23c FindClose
0x6cd240 FindFirstFileExW
0x6cd244 FindNextFileW
0x6cd248 IsValidCodePage
0x6cd24c CreateThread
0x6cd250 GetCommandLineA
0x6cd254 GetCommandLineW
0x6cd258 GetEnvironmentStringsW
0x6cd25c FreeEnvironmentStringsW
0x6cd260 SetEnvironmentVariableA
0x6cd264 SetStdHandle
0x6cd268 HeapSize
0x6cd26c CreateFileW
0x6cd270 SetEndOfFile
0x6cd274 GetTickCount64
0x6cd278 SleepEx
0x6cd27c PeekNamedPipe
0x6cd280 WaitForMultipleObjects
0x6cd284 ExpandEnvironmentStringsA
0x6cd288 FormatMessageA
0x6cd28c VerSetConditionMask
0x6cd290 GetSystemDirectoryA
0x6cd294 LoadLibraryA
0x6cd298 VerifyVersionInfoA
0x6cd29c CreateFileA
0x6cd2a0 GetFileSizeEx
0x6cd2a4 InitializeCriticalSection
0x6cd2a8 GetEnvironmentVariableW
0x6cd2ac SetCurrentDirectoryW
0x6cd2b0 GetCurrentDirectoryW
0x6cd2b4 CreateDirectoryW
0x6cd2b8 DeleteFileW
0x6cd2bc FindFirstFileW
0x6cd2c0 GetDiskFreeSpaceExW
0x6cd2c4 GetFileAttributesW
0x6cd2c8 GetFileAttributesExW
0x6cd2cc GetFileInformationByHandle
0x6cd2d0 GetFileTime
0x6cd2d4 GetFullPathNameW
0x6cd2d8 RemoveDirectoryW
0x6cd2dc SetFileAttributesW
0x6cd2e0 SetFileTime
0x6cd2e4 DeviceIoControl
0x6cd2e8 MoveFileExW
0x6cd2ec AreFileApisANSI
0x6cd2f0 OpenEventA
0x6cd2f4 SetWaitableTimer
0x6cd2f8 GetSystemInfo
0x6cd2fc CreateWaitableTimerA
0x6cd300 DeactivateActCtx
0x6cd304 ActivateActCtx
0x6cd308 CreateActCtxW
0x6cd30c AcquireSRWLockExclusive
0x6cd310 ReleaseSRWLockExclusive
0x6cd314 SystemTimeToTzSpecificLocalTime
0x6cd318 GetDriveTypeW
0x6cd31c lstrlenW
0x6cd320 VirtualUnlock
0x6cd324 ReleaseMutex
0x6cd328 CreateMutexA
0x6cd32c GlobalFree
0x6cd330 GetExitCodeProcess
0x6cd334 OpenThread
0x6cd338 CreateFiber
0x6cd33c VirtualQuery
0x6cd340 MoveFileW
0x6cd344 ConvertThreadToFiber
0x6cd348 CreateFiberEx
0x6cd34c WaitNamedPipeW
0x6cd350 SetFileValidData
0x6cd354 IsBadReadPtr
0x6cd358 GlobalMemoryStatus
0x6cd35c Module32NextW
0x6cd360 VerifyVersionInfoW
0x6cd364 SignalObjectAndWait
0x6cd368 CreateTimerQueue
0x6cd36c OutputDebugStringW
0x6cd370 TerminateProcess
0x6cd374 IsProcessorFeaturePresent
0x6cd378 GetStartupInfoW
0x6cd37c SetUnhandledExceptionFilter
0x6cd380 UnhandledExceptionFilter
0x6cd384 IsDebuggerPresent
0x6cd388 InitializeSListHead
0x6cd38c GetCurrentProcessId
0x6cd390 ResetEvent
0x6cd394 GetStringTypeW
0x6cd398 GetLocaleInfoW
0x6cd39c LCMapStringW
0x6cd3a0 CompareStringW
0x6cd3a4 GetCPInfo
0x6cd3a8 SetThreadPriority
0x6cd3ac MultiByteToWideChar
0x6cd3b0 GetSystemTimeAsFileTime
0x6cd3b4 TlsFree
0x6cd3b8 TlsSetValue
0x6cd3bc TlsGetValue
0x6cd3c0 TlsAlloc
0x6cd3c4 CreateEventW
0x6cd3c8 InitializeCriticalSectionAndSpinCount
0x6cd3cc SetLastError
0x6cd3d0 EncodePointer
0x6cd3d4 GetExitCodeThread
0x6cd3d8 SwitchToThread
0x6cd3dc Sleep
0x6cd3e0 WaitForSingleObjectEx
0x6cd3e4 DuplicateHandle
0x6cd3e8 GetCurrentThreadId
0x6cd3ec TryEnterCriticalSection
0x6cd3f0 LeaveCriticalSection
0x6cd3f4 EnterCriticalSection
0x6cd3f8 QueryPerformanceFrequency
0x6cd3fc QueryPerformanceCounter
0x6cd400 WideCharToMultiByte
0x6cd404 GetCurrentThread
0x6cd408 GetCurrentProcess
0x6cd40c LocalFree
0x6cd410 OpenProcess
0x6cd414 GetVersionExW
0x6cd418 LocalAlloc
0x6cd41c FindResourceW
0x6cd420 LoadResource
0x6cd424 LockResource
0x6cd428 SizeofResource
0x6cd42c CreateEventA
0x6cd430 GetProcessHeap
0x6cd434 HeapAlloc
0x6cd438 CloseHandle
0x6cd43c SetEvent
0x6cd440 SystemTimeToFileTime
0x6cd444 GetComputerNameW
0x6cd448 lstrcpynA
0x6cd44c GetFileSize
0x6cd450 GetThreadContext
0x6cd454 GetLocalTime
0x6cd458 HeapFree
0x6cd45c GetUserDefaultLangID
0x6cd460 GetTickCount
0x6cd464 FreeLibrary
0x6cd468 GetModuleHandleW
0x6cd46c DeleteCriticalSection
0x6cd470 GetProcAddress
0x6cd474 DecodePointer
0x6cd478 LoadLibraryW
0x6cd47c RaiseException
0x6cd480 GetLastError
0x6cd484 InitializeCriticalSectionEx
0x6cd488 ConvertFiberToThread
0x6cd48c ReadConsoleA
0x6cd490 SetConsoleMode
0x6cd494 GetOEMCP
0x6cd498 Module32FirstW
0x6cd49c Process32Next
0x6cd4a0 DeleteFileA
0x6cd4a4 FileTimeToSystemTime
0x6cd4a8 GetTempPathA
0x6cd4ac CreateToolhelp32Snapshot
0x6cd4b0 SwitchToFiber
0x6cd4b4 SuspendThread
0x6cd4b8 IsBadStringPtrA
0x6cd4bc Thread32First
0x6cd4c0 GetCompressedFileSizeW
0x6cd4c4 SetFilePointer
0x6cd4c8 Thread32Next
0x6cd4cc GetProcessId
0x6cd4d0 DeleteFiber
0x6cd4d4 GetVolumeInformationW
0x6cd4d8 SetNamedPipeHandleState
0x6cd4dc Process32First
0x6cd4e0 IsBadWritePtr
0x6cd4e4 RtlCaptureContext
0x6cd4e8 GetShortPathNameW
0x6cd4ec GetDiskFreeSpaceW
USER32.dll
0x6cd55c AllowSetForegroundWindow
0x6cd560 GetDesktopWindow
0x6cd564 MessageBoxA
0x6cd568 GetDC
0x6cd56c DrawTextW
0x6cd570 GetWindowLongW
0x6cd574 DefWindowProcW
0x6cd578 AdjustWindowRectEx
0x6cd57c GetWindowRect
0x6cd580 DestroyWindow
0x6cd584 SetWindowPos
0x6cd588 MessageBoxW
0x6cd58c CreateWindowExW
0x6cd590 SendMessageW
0x6cd594 GetSystemMetrics
0x6cd598 SetWindowTextW
0x6cd59c RegisterClassExW
0x6cd5a0 ShowWindow
0x6cd5a4 DispatchMessageW
0x6cd5a8 SetTimer
0x6cd5ac PeekMessageW
0x6cd5b0 TrackMouseEvent
0x6cd5b4 TranslateMessage
0x6cd5b8 LoadIconW
0x6cd5bc LoadCursorW
0x6cd5c0 SetCapture
0x6cd5c4 GetWindowDC
0x6cd5c8 SetWindowLongW
0x6cd5cc UpdateLayeredWindow
0x6cd5d0 PostQuitMessage
0x6cd5d4 ReleaseCapture
0x6cd5d8 InvalidateRect
0x6cd5dc IsIconic
0x6cd5e0 ReleaseDC
0x6cd5e4 GetCursorPos
0x6cd5e8 BeginPaint
0x6cd5ec EndPaint
0x6cd5f0 GetKeyState
0x6cd5f4 GetUserObjectInformationW
0x6cd5f8 ClientToScreen
0x6cd5fc PostMessageW
0x6cd600 GetForegroundWindow
0x6cd604 GetActiveWindow
0x6cd608 GetShellWindow
0x6cd60c GetWindowThreadProcessId
0x6cd610 CharLowerA
0x6cd614 SetFocus
0x6cd618 MoveWindow
0x6cd61c ScreenToClient
0x6cd620 GetProcessWindowStation
GDI32.dll
0x6cd124 CreateDIBSection
0x6cd128 GetObjectW
0x6cd12c DeleteObject
0x6cd130 AddFontMemResourceEx
0x6cd134 EnumFontFamiliesExW
0x6cd138 CreateFontW
0x6cd13c GetStockObject
0x6cd140 SetBkColor
0x6cd144 RoundRect
0x6cd148 SelectObject
0x6cd14c GetLayout
0x6cd150 SetLayout
0x6cd154 DeleteDC
0x6cd158 SetTextColor
0x6cd15c SetBkMode
0x6cd160 SetMapMode
0x6cd164 SetTextAlign
0x6cd168 CreateCompatibleDC
ADVAPI32.dll
0x6cd000 GetTokenInformation
0x6cd004 RegDeleteValueA
0x6cd008 OpenServiceW
0x6cd00c QueryServiceConfigW
0x6cd010 OpenProcessToken
0x6cd014 RegSetValueExA
0x6cd018 RegCreateKeyExA
0x6cd01c CryptEnumProvidersA
0x6cd020 CryptSignHashA
0x6cd024 CryptDecrypt
0x6cd028 CryptExportKey
0x6cd02c CryptGetUserKey
0x6cd030 CryptGetProvParam
0x6cd034 CryptSetHashParam
0x6cd038 CryptAcquireContextW
0x6cd03c ReportEventA
0x6cd040 RegisterEventSourceA
0x6cd044 DeregisterEventSource
0x6cd048 RegGetValueW
0x6cd04c RegSetValueExW
0x6cd050 SetEntriesInAclW
0x6cd054 ConvertSecurityDescriptorToStringSecurityDescriptorW
0x6cd058 SetNamedSecurityInfoW
0x6cd05c GetNamedSecurityInfoW
0x6cd060 GetFileSecurityW
0x6cd064 MapGenericMask
0x6cd068 BuildTrusteeWithSidW
0x6cd06c RegQueryValueExW
0x6cd070 LookupPrivilegeValueW
0x6cd074 AdjustTokenPrivileges
0x6cd078 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x6cd07c GetUserNameW
0x6cd080 DuplicateTokenEx
0x6cd084 OpenSCManagerW
0x6cd088 RegQueryValueExA
0x6cd08c CloseServiceHandle
0x6cd090 ConvertSidToStringSidA
0x6cd094 RegCloseKey
0x6cd098 RegOpenKeyExA
0x6cd09c OpenThreadToken
0x6cd0a0 DuplicateToken
0x6cd0a4 CryptEncrypt
0x6cd0a8 CryptImportKey
0x6cd0ac CryptDestroyKey
0x6cd0b0 CryptDestroyHash
0x6cd0b4 CryptHashData
0x6cd0b8 CryptCreateHash
0x6cd0bc CryptGenRandom
0x6cd0c0 CryptGetHashParam
0x6cd0c4 CryptReleaseContext
0x6cd0c8 CryptAcquireContextA
0x6cd0cc AccessCheck
0x6cd0d0 AllocateAndInitializeSid
SHELL32.dll
0x6cd520 SHGetFolderPathW
0x6cd524 ShellExecuteExA
0x6cd528 SHGetMalloc
0x6cd52c SHGetPathFromIDListW
0x6cd530 SHBrowseForFolderW
0x6cd534 ShellExecuteExW
0x6cd538 CommandLineToArgvW
0x6cd53c FindExecutableA
ole32.dll
0x6cd700 CoTaskMemFree
0x6cd704 CoCreateInstance
WINTRUST.dll
0x6cd67c WinVerifyTrust
CRYPT32.dll
0x6cd0d8 CertOpenStore
0x6cd0dc CertCloseStore
0x6cd0e0 CertFindCertificateInStore
0x6cd0e4 CertFreeCertificateContext
0x6cd0e8 CryptStringToBinaryA
0x6cd0ec CertAddCertificateContextToStore
0x6cd0f0 CertGetNameStringA
0x6cd0f4 CryptQueryObject
0x6cd0f8 CertCreateCertificateChainEngine
0x6cd0fc CertGetCertificateChain
0x6cd100 CertFreeCertificateChain
0x6cd104 CryptMsgClose
0x6cd108 CryptMsgGetParam
0x6cd10c CertGetNameStringW
0x6cd110 CertEnumCertificatesInStore
0x6cd114 CertDuplicateCertificateContext
0x6cd118 CertGetCertificateContextProperty
0x6cd11c CertFreeCertificateChainEngine
WININET.dll
0x6cd64c HttpSendRequestA
0x6cd650 InternetCloseHandle
0x6cd654 InternetSetStatusCallbackA
0x6cd658 InternetOpenA
0x6cd65c InternetReadFileExA
0x6cd660 InternetSetCookieW
0x6cd664 InternetSetOptionA
0x6cd668 InternetCrackUrlA
0x6cd66c HttpOpenRequestA
0x6cd670 HttpQueryInfoA
0x6cd674 InternetConnectA
WINHTTP.dll
0x6cd638 WinHttpCloseHandle
0x6cd63c WinHttpGetIEProxyConfigForCurrentUser
0x6cd640 WinHttpGetProxyForUrl
0x6cd644 WinHttpOpen
OLEAUT32.dll
0x6cd4fc VariantClear
0x6cd500 SysAllocString
0x6cd504 SafeArrayCreateVector
0x6cd508 SafeArrayPutElement
EAT(Export Address Table) is none