ScreenShot
| Created | 2024.07.09 10:11 | Machine | s1_win7_x6403 |
| Filename | install.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows, InstallShield self-extracting archive | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 44 detected (AIDetectMalware, malicious, high confidence, Artemis, Midie, Unsafe, Rugmi, Vq8y, Attribute, HighConfidence, Penguish, zesgb, XWORM, YXEGHZ, Outbreak, Detected, ai score=87, Casdet, ABTrojan, HNCH, Chgt) | ||
| md5 | 7524d560b667b8ed62f16bc59772d81f | ||
| sha256 | e88f233b6925f8bf72e0b89baaa1fc52d5c7fdc52f8018de86af8cb0e902709b | ||
| ssdeep | 98304:tPx1VR1MSpVQJu7ikcXqhKRgGJC1LIrip+M38GEcfNv3SsnFx3ai3i/bgkqf1nnH:dxHR1likZGgv1LH6cBSeqi3idqfVnPLD | ||
| imphash | a23b267d3c27d78228e9d8a9833617e0 | ||
| impfuzzy | 96:Wr+rDrvKk+FXFoteXGYIupccfpehMcOo5IigfahaudBtYO2Q5FKombVL:WSvkFJpszO/fahaQtX5oPVL | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| watch | Drops a binary and executes it |
| notice | Creates (office) documents on the filesystem |
| notice | Creates executable files on the filesystem |
| notice | Queries for potentially installed applications |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (29cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | HermeticWiper_Zero | HermeticWiper | binaries (download) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | PhysicalDrive_20181001 | (no description) | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Obsidium_Zero | Obsidium protector file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | CAB_file_format | CAB archive file | binaries (download) |
| info | CAB_file_format | CAB archive file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14007f1c0 GetUserDefaultUILanguage
0x14007f1c8 GetUserDefaultLangID
0x14007f1d0 GetSystemDefaultLangID
0x14007f1d8 GetStringTypeW
0x14007f1e0 ReadFile
0x14007f1e8 SetFilePointerEx
0x14007f1f0 CreateProcessW
0x14007f1f8 DuplicateHandle
0x14007f200 FreeLibrary
0x14007f208 ProcessIdToSessionId
0x14007f210 ConnectNamedPipe
0x14007f218 SetNamedPipeHandleState
0x14007f220 CreateNamedPipeW
0x14007f228 OpenProcess
0x14007f230 GetProcessId
0x14007f238 SetProcessShutdownParameters
0x14007f240 LocalFileTimeToFileTime
0x14007f248 SetEndOfFile
0x14007f250 SetFileTime
0x14007f258 GetExitCodeThread
0x14007f260 DosDateTimeToFileTime
0x14007f268 CompareStringA
0x14007f270 SetThreadExecutionState
0x14007f278 ReleaseSemaphore
0x14007f280 CreateMutexW
0x14007f288 GetExitCodeProcess
0x14007f290 CreateFileMappingW
0x14007f298 MapViewOfFile
0x14007f2a0 UnmapViewOfFile
0x14007f2a8 RtlCaptureContext
0x14007f2b0 RtlLookupFunctionEntry
0x14007f2b8 RtlVirtualUnwind
0x14007f2c0 UnhandledExceptionFilter
0x14007f2c8 SetUnhandledExceptionFilter
0x14007f2d0 TerminateProcess
0x14007f2d8 IsProcessorFeaturePresent
0x14007f2e0 QueryPerformanceCounter
0x14007f2e8 GetCurrentThreadId
0x14007f2f0 GetSystemTimeAsFileTime
0x14007f2f8 InitializeSListHead
0x14007f300 IsDebuggerPresent
0x14007f308 GetStartupInfoW
0x14007f310 RtlUnwindEx
0x14007f318 InitializeCriticalSectionAndSpinCount
0x14007f320 TlsAlloc
0x14007f328 TlsGetValue
0x14007f330 TlsSetValue
0x14007f338 TlsFree
0x14007f340 EncodePointer
0x14007f348 RaiseException
0x14007f350 RtlPcToFileHeader
0x14007f358 GetStdHandle
0x14007f360 ExitProcess
0x14007f368 GetModuleHandleExW
0x14007f370 VerifyVersionInfoW
0x14007f378 GetFileType
0x14007f380 FindFirstFileExW
0x14007f388 IsValidCodePage
0x14007f390 GetACP
0x14007f398 GetOEMCP
0x14007f3a0 GetCPInfo
0x14007f3a8 GetCommandLineA
0x14007f3b0 GetCommandLineW
0x14007f3b8 GetEnvironmentStringsW
0x14007f3c0 FreeEnvironmentStringsW
0x14007f3c8 SetStdHandle
0x14007f3d0 FlsAlloc
0x14007f3d8 FlsGetValue
0x14007f3e0 FlsSetValue
0x14007f3e8 FlsFree
0x14007f3f0 GetFileSizeEx
0x14007f3f8 FlushFileBuffers
0x14007f400 GetConsoleOutputCP
0x14007f408 GetConsoleMode
0x14007f410 WriteConsoleW
0x14007f418 GetComputerNameW
0x14007f420 GetSystemTime
0x14007f428 VerSetConditionMask
0x14007f430 CompareStringW
0x14007f438 GetNativeSystemInfo
0x14007f440 CreateThread
0x14007f448 GetCurrentProcess
0x14007f450 CreateSemaphoreW
0x14007f458 CreateEventW
0x14007f460 ReleaseMutex
0x14007f468 ResetEvent
0x14007f470 SetEvent
0x14007f478 DeleteCriticalSection
0x14007f480 LeaveCriticalSection
0x14007f488 EnterCriticalSection
0x14007f490 InitializeCriticalSection
0x14007f498 MoveFileExW
0x14007f4a0 SetFileAttributesW
0x14007f4a8 RemoveDirectoryW
0x14007f4b0 GetFileAttributesW
0x14007f4b8 FindNextFileW
0x14007f4c0 FindFirstFileW
0x14007f4c8 FindClose
0x14007f4d0 DeleteFileW
0x14007f4d8 GetCurrentDirectoryW
0x14007f4e0 ExpandEnvironmentStringsW
0x14007f4e8 GetProcessHeap
0x14007f4f0 HeapSize
0x14007f4f8 HeapFree
0x14007f500 GetDateFormatW
0x14007f508 HeapReAlloc
0x14007f510 HeapAlloc
0x14007f518 GetModuleFileNameW
0x14007f520 GetSystemWow64DirectoryW
0x14007f528 GetSystemDirectoryW
0x14007f530 GetLocalTime
0x14007f538 Sleep
0x14007f540 SetLastError
0x14007f548 GetTempPathW
0x14007f550 GetVolumePathNameW
0x14007f558 GetTempFileNameW
0x14007f560 GetFullPathNameW
0x14007f568 CreateDirectoryW
0x14007f570 LCMapStringW
0x14007f578 WideCharToMultiByte
0x14007f580 MultiByteToWideChar
0x14007f588 lstrlenW
0x14007f590 FormatMessageW
0x14007f598 LocalFree
0x14007f5a0 LoadLibraryExW
0x14007f5a8 GetProcAddress
0x14007f5b0 GetModuleHandleW
0x14007f5b8 WaitForMultipleObjects
0x14007f5c0 WaitForSingleObject
0x14007f5c8 HeapSetInformation
0x14007f5d0 GetLastError
0x14007f5d8 lstrlenA
0x14007f5e0 GetCurrentProcessId
0x14007f5e8 GetModuleHandleA
0x14007f5f0 MulDiv
0x14007f5f8 CompareStringOrdinal
0x14007f600 GetSystemWindowsDirectoryW
0x14007f608 GlobalAlloc
0x14007f610 GlobalFree
0x14007f618 CopyFileW
0x14007f620 LoadResource
0x14007f628 LockResource
0x14007f630 SizeofResource
0x14007f638 FindResourceExA
0x14007f640 VirtualAlloc
0x14007f648 VirtualFree
0x14007f650 SystemTimeToTzSpecificLocalTime
0x14007f658 SystemTimeToFileTime
0x14007f660 GetTimeZoneInformation
0x14007f668 GetSystemInfo
0x14007f670 VirtualProtect
0x14007f678 VirtualQuery
0x14007f680 LoadLibraryExA
0x14007f688 WriteFile
0x14007f690 SetFilePointer
0x14007f698 CreateFileA
0x14007f6a0 CloseHandle
0x14007f6a8 CreateFileW
USER32.dll
0x14007f710 GetDC
0x14007f718 ReleaseDC
0x14007f720 MonitorFromPoint
0x14007f728 ShowWindow
0x14007f730 IsDialogMessageW
0x14007f738 LoadBitmapW
0x14007f740 SetWindowLongPtrW
0x14007f748 GetWindowLongPtrW
0x14007f750 GetCursorPos
0x14007f758 MessageBoxW
0x14007f760 SetWindowPos
0x14007f768 CreateWindowExW
0x14007f770 UnregisterClassW
0x14007f778 RegisterClassW
0x14007f780 PostQuitMessage
0x14007f788 DefWindowProcW
0x14007f790 DispatchMessageW
0x14007f798 TranslateMessage
0x14007f7a0 GetMessageW
0x14007f7a8 WaitForInputIdle
0x14007f7b0 IsWindow
0x14007f7b8 PostMessageW
0x14007f7c0 GetMonitorInfoW
0x14007f7c8 LoadCursorW
0x14007f7d0 MonitorFromWindow
GDI32.dll
0x14007f178 DeleteObject
0x14007f180 SelectObject
0x14007f188 StretchBlt
0x14007f190 GetObjectW
0x14007f198 DeleteDC
0x14007f1a0 CreateDCW
0x14007f1a8 CreateCompatibleDC
0x14007f1b0 GetDeviceCaps
ADVAPI32.dll
0x14007f000 GetUserNameW
0x14007f008 CryptAcquireContextW
0x14007f010 QueryServiceConfigW
0x14007f018 CryptReleaseContext
0x14007f020 CryptGetHashParam
0x14007f028 CryptCreateHash
0x14007f030 CryptHashData
0x14007f038 CryptDestroyHash
0x14007f040 OpenProcessToken
0x14007f048 AllocateAndInitializeSid
0x14007f050 CheckTokenMembership
0x14007f058 GetTokenInformation
0x14007f060 AdjustTokenPrivileges
0x14007f068 IsWellKnownSid
0x14007f070 LookupPrivilegeValueW
0x14007f078 RegCreateKeyExW
0x14007f080 QueryServiceStatus
0x14007f088 OpenServiceW
0x14007f090 OpenSCManagerW
0x14007f098 ControlService
0x14007f0a0 CloseServiceHandle
0x14007f0a8 ChangeServiceConfigW
0x14007f0b0 SetEntriesInAclW
0x14007f0b8 DecryptFileW
0x14007f0c0 InitializeAcl
0x14007f0c8 CreateWellKnownSid
0x14007f0d0 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14007f0d8 ReportEventW
0x14007f0e0 OpenEventLogW
0x14007f0e8 CloseEventLog
0x14007f0f0 RegQueryInfoKeyW
0x14007f0f8 RegDeleteValueW
0x14007f100 RegQueryValueExW
0x14007f108 InitiateSystemShutdownExW
0x14007f110 RegOpenKeyExW
0x14007f118 RegCloseKey
0x14007f120 SetNamedSecurityInfoW
0x14007f128 RegDeleteKeyW
0x14007f130 RegEnumKeyExW
0x14007f138 RegEnumValueW
0x14007f140 RegSetValueExW
0x14007f148 InitializeSecurityDescriptor
0x14007f150 SetSecurityDescriptorDacl
0x14007f158 SetSecurityDescriptorGroup
0x14007f160 SetSecurityDescriptorOwner
0x14007f168 SetEntriesInAclA
ole32.dll
0x14007f7e0 CoInitializeEx
0x14007f7e8 CoInitialize
0x14007f7f0 CoInitializeSecurity
0x14007f7f8 CoUninitialize
0x14007f800 CLSIDFromProgID
0x14007f808 CoTaskMemFree
0x14007f810 StringFromGUID2
0x14007f818 CoCreateInstance
OLEAUT32.dll
0x14007f6b8 VariantClear
0x14007f6c0 SysFreeString
0x14007f6c8 VariantInit
0x14007f6d0 SysAllocString
RPCRT4.dll
0x14007f6e0 UuidCreate
SHELL32.dll
0x14007f6f0 CommandLineToArgvW
0x14007f6f8 ShellExecuteExW
0x14007f700 SHGetFolderPathW
EAT(Export Address Table) is none
KERNEL32.dll
0x14007f1c0 GetUserDefaultUILanguage
0x14007f1c8 GetUserDefaultLangID
0x14007f1d0 GetSystemDefaultLangID
0x14007f1d8 GetStringTypeW
0x14007f1e0 ReadFile
0x14007f1e8 SetFilePointerEx
0x14007f1f0 CreateProcessW
0x14007f1f8 DuplicateHandle
0x14007f200 FreeLibrary
0x14007f208 ProcessIdToSessionId
0x14007f210 ConnectNamedPipe
0x14007f218 SetNamedPipeHandleState
0x14007f220 CreateNamedPipeW
0x14007f228 OpenProcess
0x14007f230 GetProcessId
0x14007f238 SetProcessShutdownParameters
0x14007f240 LocalFileTimeToFileTime
0x14007f248 SetEndOfFile
0x14007f250 SetFileTime
0x14007f258 GetExitCodeThread
0x14007f260 DosDateTimeToFileTime
0x14007f268 CompareStringA
0x14007f270 SetThreadExecutionState
0x14007f278 ReleaseSemaphore
0x14007f280 CreateMutexW
0x14007f288 GetExitCodeProcess
0x14007f290 CreateFileMappingW
0x14007f298 MapViewOfFile
0x14007f2a0 UnmapViewOfFile
0x14007f2a8 RtlCaptureContext
0x14007f2b0 RtlLookupFunctionEntry
0x14007f2b8 RtlVirtualUnwind
0x14007f2c0 UnhandledExceptionFilter
0x14007f2c8 SetUnhandledExceptionFilter
0x14007f2d0 TerminateProcess
0x14007f2d8 IsProcessorFeaturePresent
0x14007f2e0 QueryPerformanceCounter
0x14007f2e8 GetCurrentThreadId
0x14007f2f0 GetSystemTimeAsFileTime
0x14007f2f8 InitializeSListHead
0x14007f300 IsDebuggerPresent
0x14007f308 GetStartupInfoW
0x14007f310 RtlUnwindEx
0x14007f318 InitializeCriticalSectionAndSpinCount
0x14007f320 TlsAlloc
0x14007f328 TlsGetValue
0x14007f330 TlsSetValue
0x14007f338 TlsFree
0x14007f340 EncodePointer
0x14007f348 RaiseException
0x14007f350 RtlPcToFileHeader
0x14007f358 GetStdHandle
0x14007f360 ExitProcess
0x14007f368 GetModuleHandleExW
0x14007f370 VerifyVersionInfoW
0x14007f378 GetFileType
0x14007f380 FindFirstFileExW
0x14007f388 IsValidCodePage
0x14007f390 GetACP
0x14007f398 GetOEMCP
0x14007f3a0 GetCPInfo
0x14007f3a8 GetCommandLineA
0x14007f3b0 GetCommandLineW
0x14007f3b8 GetEnvironmentStringsW
0x14007f3c0 FreeEnvironmentStringsW
0x14007f3c8 SetStdHandle
0x14007f3d0 FlsAlloc
0x14007f3d8 FlsGetValue
0x14007f3e0 FlsSetValue
0x14007f3e8 FlsFree
0x14007f3f0 GetFileSizeEx
0x14007f3f8 FlushFileBuffers
0x14007f400 GetConsoleOutputCP
0x14007f408 GetConsoleMode
0x14007f410 WriteConsoleW
0x14007f418 GetComputerNameW
0x14007f420 GetSystemTime
0x14007f428 VerSetConditionMask
0x14007f430 CompareStringW
0x14007f438 GetNativeSystemInfo
0x14007f440 CreateThread
0x14007f448 GetCurrentProcess
0x14007f450 CreateSemaphoreW
0x14007f458 CreateEventW
0x14007f460 ReleaseMutex
0x14007f468 ResetEvent
0x14007f470 SetEvent
0x14007f478 DeleteCriticalSection
0x14007f480 LeaveCriticalSection
0x14007f488 EnterCriticalSection
0x14007f490 InitializeCriticalSection
0x14007f498 MoveFileExW
0x14007f4a0 SetFileAttributesW
0x14007f4a8 RemoveDirectoryW
0x14007f4b0 GetFileAttributesW
0x14007f4b8 FindNextFileW
0x14007f4c0 FindFirstFileW
0x14007f4c8 FindClose
0x14007f4d0 DeleteFileW
0x14007f4d8 GetCurrentDirectoryW
0x14007f4e0 ExpandEnvironmentStringsW
0x14007f4e8 GetProcessHeap
0x14007f4f0 HeapSize
0x14007f4f8 HeapFree
0x14007f500 GetDateFormatW
0x14007f508 HeapReAlloc
0x14007f510 HeapAlloc
0x14007f518 GetModuleFileNameW
0x14007f520 GetSystemWow64DirectoryW
0x14007f528 GetSystemDirectoryW
0x14007f530 GetLocalTime
0x14007f538 Sleep
0x14007f540 SetLastError
0x14007f548 GetTempPathW
0x14007f550 GetVolumePathNameW
0x14007f558 GetTempFileNameW
0x14007f560 GetFullPathNameW
0x14007f568 CreateDirectoryW
0x14007f570 LCMapStringW
0x14007f578 WideCharToMultiByte
0x14007f580 MultiByteToWideChar
0x14007f588 lstrlenW
0x14007f590 FormatMessageW
0x14007f598 LocalFree
0x14007f5a0 LoadLibraryExW
0x14007f5a8 GetProcAddress
0x14007f5b0 GetModuleHandleW
0x14007f5b8 WaitForMultipleObjects
0x14007f5c0 WaitForSingleObject
0x14007f5c8 HeapSetInformation
0x14007f5d0 GetLastError
0x14007f5d8 lstrlenA
0x14007f5e0 GetCurrentProcessId
0x14007f5e8 GetModuleHandleA
0x14007f5f0 MulDiv
0x14007f5f8 CompareStringOrdinal
0x14007f600 GetSystemWindowsDirectoryW
0x14007f608 GlobalAlloc
0x14007f610 GlobalFree
0x14007f618 CopyFileW
0x14007f620 LoadResource
0x14007f628 LockResource
0x14007f630 SizeofResource
0x14007f638 FindResourceExA
0x14007f640 VirtualAlloc
0x14007f648 VirtualFree
0x14007f650 SystemTimeToTzSpecificLocalTime
0x14007f658 SystemTimeToFileTime
0x14007f660 GetTimeZoneInformation
0x14007f668 GetSystemInfo
0x14007f670 VirtualProtect
0x14007f678 VirtualQuery
0x14007f680 LoadLibraryExA
0x14007f688 WriteFile
0x14007f690 SetFilePointer
0x14007f698 CreateFileA
0x14007f6a0 CloseHandle
0x14007f6a8 CreateFileW
USER32.dll
0x14007f710 GetDC
0x14007f718 ReleaseDC
0x14007f720 MonitorFromPoint
0x14007f728 ShowWindow
0x14007f730 IsDialogMessageW
0x14007f738 LoadBitmapW
0x14007f740 SetWindowLongPtrW
0x14007f748 GetWindowLongPtrW
0x14007f750 GetCursorPos
0x14007f758 MessageBoxW
0x14007f760 SetWindowPos
0x14007f768 CreateWindowExW
0x14007f770 UnregisterClassW
0x14007f778 RegisterClassW
0x14007f780 PostQuitMessage
0x14007f788 DefWindowProcW
0x14007f790 DispatchMessageW
0x14007f798 TranslateMessage
0x14007f7a0 GetMessageW
0x14007f7a8 WaitForInputIdle
0x14007f7b0 IsWindow
0x14007f7b8 PostMessageW
0x14007f7c0 GetMonitorInfoW
0x14007f7c8 LoadCursorW
0x14007f7d0 MonitorFromWindow
GDI32.dll
0x14007f178 DeleteObject
0x14007f180 SelectObject
0x14007f188 StretchBlt
0x14007f190 GetObjectW
0x14007f198 DeleteDC
0x14007f1a0 CreateDCW
0x14007f1a8 CreateCompatibleDC
0x14007f1b0 GetDeviceCaps
ADVAPI32.dll
0x14007f000 GetUserNameW
0x14007f008 CryptAcquireContextW
0x14007f010 QueryServiceConfigW
0x14007f018 CryptReleaseContext
0x14007f020 CryptGetHashParam
0x14007f028 CryptCreateHash
0x14007f030 CryptHashData
0x14007f038 CryptDestroyHash
0x14007f040 OpenProcessToken
0x14007f048 AllocateAndInitializeSid
0x14007f050 CheckTokenMembership
0x14007f058 GetTokenInformation
0x14007f060 AdjustTokenPrivileges
0x14007f068 IsWellKnownSid
0x14007f070 LookupPrivilegeValueW
0x14007f078 RegCreateKeyExW
0x14007f080 QueryServiceStatus
0x14007f088 OpenServiceW
0x14007f090 OpenSCManagerW
0x14007f098 ControlService
0x14007f0a0 CloseServiceHandle
0x14007f0a8 ChangeServiceConfigW
0x14007f0b0 SetEntriesInAclW
0x14007f0b8 DecryptFileW
0x14007f0c0 InitializeAcl
0x14007f0c8 CreateWellKnownSid
0x14007f0d0 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14007f0d8 ReportEventW
0x14007f0e0 OpenEventLogW
0x14007f0e8 CloseEventLog
0x14007f0f0 RegQueryInfoKeyW
0x14007f0f8 RegDeleteValueW
0x14007f100 RegQueryValueExW
0x14007f108 InitiateSystemShutdownExW
0x14007f110 RegOpenKeyExW
0x14007f118 RegCloseKey
0x14007f120 SetNamedSecurityInfoW
0x14007f128 RegDeleteKeyW
0x14007f130 RegEnumKeyExW
0x14007f138 RegEnumValueW
0x14007f140 RegSetValueExW
0x14007f148 InitializeSecurityDescriptor
0x14007f150 SetSecurityDescriptorDacl
0x14007f158 SetSecurityDescriptorGroup
0x14007f160 SetSecurityDescriptorOwner
0x14007f168 SetEntriesInAclA
ole32.dll
0x14007f7e0 CoInitializeEx
0x14007f7e8 CoInitialize
0x14007f7f0 CoInitializeSecurity
0x14007f7f8 CoUninitialize
0x14007f800 CLSIDFromProgID
0x14007f808 CoTaskMemFree
0x14007f810 StringFromGUID2
0x14007f818 CoCreateInstance
OLEAUT32.dll
0x14007f6b8 VariantClear
0x14007f6c0 SysFreeString
0x14007f6c8 VariantInit
0x14007f6d0 SysAllocString
RPCRT4.dll
0x14007f6e0 UuidCreate
SHELL32.dll
0x14007f6f0 CommandLineToArgvW
0x14007f6f8 ShellExecuteExW
0x14007f700 SHGetFolderPathW
EAT(Export Address Table) is none