ScreenShot
| Created | 2024.08.04 13:35 | Machine | s1_win7_x6403 |
| Filename | mimikatz.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 58 detected (AIDetectMalware, Mimikatz, Windows, Hacktool, Malicious, score, S13719268, HToolMimiKatz, Marte, Unsafe, uwccg, Attribute, HighConfidence, HTool, HacktoolX, CLASSIC, AGEN, Tool, HKTL, MIMIKATZ64, Apteryx, hrwuy, Detected, ai score=89, Eldorado, R370574, HackingTool, Static AI, Malicious PE, NetWalker, confidence, 100%) | ||
| md5 | 640ff220dc517b6fda38e45fb575d47e | ||
| sha256 | 149eb8d83339d9dddeac323c22dba33711ca1170b3638359023d5b9633064568 | ||
| ssdeep | 24576:eTsC79cY+rtwvo0bz8ke0Wv4m+8oyoI1BwHflL6HMcG:TzYLL64m+8oy6HflLMG | ||
| imphash | f3efda99c17a4708c4d400ee2eb2b17d | ||
| impfuzzy | 192:y/QSei48ylbqgNcD63UjbwJWnHVfoEul3dw/JeA2N6AanR4:ypXEqgN/QvuqeZ0lR4 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1400e3000 CryptReleaseContext
0x1400e3008 CryptGenKey
0x1400e3010 CryptGetProvParam
0x1400e3018 CryptGetHashParam
0x1400e3020 CryptImportKey
0x1400e3028 CryptSetKeyParam
0x1400e3030 CryptDestroyHash
0x1400e3038 CryptSetHashParam
0x1400e3040 CryptHashData
0x1400e3048 CryptCreateHash
0x1400e3050 CryptExportKey
0x1400e3058 CryptDecrypt
0x1400e3060 SystemFunction007
0x1400e3068 CryptDuplicateKey
0x1400e3070 CryptEncrypt
0x1400e3078 CryptAcquireContextW
0x1400e3080 CryptGetKeyParam
0x1400e3088 CryptAcquireContextA
0x1400e3090 CryptDestroyKey
0x1400e3098 GetLengthSid
0x1400e30a0 CopySid
0x1400e30a8 LsaClose
0x1400e30b0 LsaOpenPolicy
0x1400e30b8 LsaQueryInformationPolicy
0x1400e30c0 CreateWellKnownSid
0x1400e30c8 CreateProcessAsUserW
0x1400e30d0 CreateProcessWithLogonW
0x1400e30d8 RegQueryValueExW
0x1400e30e0 RegEnumValueW
0x1400e30e8 RegOpenKeyExW
0x1400e30f0 RegSetValueExW
0x1400e30f8 RegEnumKeyExW
0x1400e3100 RegQueryInfoKeyW
0x1400e3108 RegCloseKey
0x1400e3110 SystemFunction032
0x1400e3118 ConvertSidToStringSidW
0x1400e3120 SystemFunction033
0x1400e3128 QueryServiceObjectSecurity
0x1400e3130 QueryServiceStatusEx
0x1400e3138 BuildSecurityDescriptorW
0x1400e3140 OpenServiceW
0x1400e3148 StartServiceW
0x1400e3150 FreeSid
0x1400e3158 ControlService
0x1400e3160 SetServiceObjectSecurity
0x1400e3168 DeleteService
0x1400e3170 AllocateAndInitializeSid
0x1400e3178 OpenSCManagerW
0x1400e3180 CloseServiceHandle
0x1400e3188 CreateServiceW
0x1400e3190 IsTextUnicode
0x1400e3198 GetTokenInformation
0x1400e31a0 LookupAccountNameW
0x1400e31a8 LookupAccountSidW
0x1400e31b0 DuplicateTokenEx
0x1400e31b8 CheckTokenMembership
0x1400e31c0 OpenProcessToken
0x1400e31c8 CryptSetProvParam
0x1400e31d0 CryptEnumProvidersW
0x1400e31d8 ConvertStringSidToSidW
0x1400e31e0 LsaFreeMemory
0x1400e31e8 IsValidSid
0x1400e31f0 GetSidSubAuthority
0x1400e31f8 GetSidSubAuthorityCount
0x1400e3200 SetThreadToken
0x1400e3208 SystemFunction006
0x1400e3210 CryptEnumProviderTypesW
0x1400e3218 CryptGetUserKey
0x1400e3220 OpenEventLogW
0x1400e3228 ClearEventLogW
0x1400e3230 GetNumberOfEventLogRecords
0x1400e3238 CryptSignHashW
0x1400e3240 LsaRetrievePrivateData
0x1400e3248 LsaOpenSecret
0x1400e3250 LsaQueryTrustedDomainInfoByName
0x1400e3258 CryptDeriveKey
0x1400e3260 LsaQuerySecret
0x1400e3268 SystemFunction001
0x1400e3270 SystemFunction005
0x1400e3278 LsaSetSecret
0x1400e3280 LsaEnumerateTrustedDomainsEx
0x1400e3288 SystemFunction023
0x1400e3290 LookupPrivilegeValueW
0x1400e3298 StartServiceCtrlDispatcherW
0x1400e32a0 RegisterServiceCtrlHandlerW
0x1400e32a8 SetServiceStatus
0x1400e32b0 OpenThreadToken
0x1400e32b8 LookupPrivilegeNameW
0x1400e32c0 EqualSid
0x1400e32c8 CredFree
0x1400e32d0 CredEnumerateW
0x1400e32d8 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x1400e32e0 SystemFunction027
0x1400e32e8 SystemFunction026
0x1400e32f0 SystemFunction041
0x1400e32f8 CredUnmarshalCredentialW
0x1400e3300 CredIsMarshaledCredentialW
Cabinet.dll
0x1400e33e8 None
0x1400e33f0 None
0x1400e33f8 None
0x1400e3400 None
CRYPT32.dll
0x1400e3310 CertGetNameStringW
0x1400e3318 CryptQueryObject
0x1400e3320 CertEnumCertificatesInStore
0x1400e3328 CertAddCertificateContextToStore
0x1400e3330 CertEnumSystemStore
0x1400e3338 CertAddEncodedCertificateToStore
0x1400e3340 CertFreeCertificateContext
0x1400e3348 CryptStringToBinaryA
0x1400e3350 CertCloseStore
0x1400e3358 PFXExportCertStoreEx
0x1400e3360 CertSetCertificateContextProperty
0x1400e3368 CertOpenStore
0x1400e3370 CryptStringToBinaryW
0x1400e3378 CryptUnprotectData
0x1400e3380 CryptBinaryToStringW
0x1400e3388 CryptBinaryToStringA
0x1400e3390 CryptAcquireCertificatePrivateKey
0x1400e3398 CryptExportPublicKeyInfo
0x1400e33a0 CryptFindOIDInfo
0x1400e33a8 CryptSignAndEncodeCertificate
0x1400e33b0 CertNameToStrW
0x1400e33b8 CryptEncodeObject
0x1400e33c0 CertFindCertificateInStore
0x1400e33c8 CertGetCertificateContextProperty
0x1400e33d0 CryptProtectData
0x1400e33d8 CryptDecodeObjectEx
cryptdll.dll
0x1400e4060 MD5Update
0x1400e4068 MD5Init
0x1400e4070 CDGenerateRandomBits
0x1400e4078 CDLocateCheckSum
0x1400e4080 CDLocateCSystem
0x1400e4088 MD5Final
DNSAPI.dll
0x1400e3410 DnsQuery_A
0x1400e3418 DnsFree
FLTLIB.DLL
0x1400e3428 FilterFindNext
0x1400e3430 FilterFindFirst
MPR.dll
0x1400e3a00 WNetCancelConnection2W
0x1400e3a08 WNetAddConnection2W
NETAPI32.dll
0x1400e3a18 DsGetDcNameW
0x1400e3a20 NetApiBufferFree
0x1400e3a28 NetWkstaUserEnum
0x1400e3a30 NetShareEnum
0x1400e3a38 NetStatisticsGet
0x1400e3a40 NetSessionEnum
0x1400e3a48 NetRemoteTOD
0x1400e3a50 NetServerGetInfo
0x1400e3a58 DsEnumerateDomainTrustsW
ODBC32.dll
0x1400e3a68 None
0x1400e3a70 None
0x1400e3a78 None
0x1400e3a80 None
0x1400e3a88 None
0x1400e3a90 None
0x1400e3a98 None
0x1400e3aa0 None
ole32.dll
0x1400e4218 CoInitializeEx
0x1400e4220 CoSetProxyBlanket
0x1400e4228 CoTaskMemFree
0x1400e4230 CoUninitialize
0x1400e4238 CoCreateInstance
OLEAUT32.dll
0x1400e3ab0 SysFreeString
0x1400e3ab8 VariantInit
0x1400e3ac0 VariantClear
0x1400e3ac8 SysAllocString
RPCRT4.dll
0x1400e3ad8 NdrClientCall2
0x1400e3ae0 RpcBindingInqAuthClientW
0x1400e3ae8 RpcBindingSetOption
0x1400e3af0 RpcBindingFromStringBindingW
0x1400e3af8 RpcStringBindingComposeW
0x1400e3b00 RpcBindingSetAuthInfoExW
0x1400e3b08 RpcStringFreeW
0x1400e3b10 MesHandleFree
0x1400e3b18 RpcImpersonateClient
0x1400e3b20 RpcRevertToSelf
0x1400e3b28 MesEncodeIncrementalHandleCreate
0x1400e3b30 MesDecodeIncrementalHandleCreate
0x1400e3b38 RpcBindingFree
0x1400e3b40 MesIncrementalHandleReset
0x1400e3b48 NdrMesTypeEncode2
0x1400e3b50 NdrMesTypeDecode2
0x1400e3b58 NdrMesTypeFree2
0x1400e3b60 NdrMesTypeAlignSize2
0x1400e3b68 RpcBindingVectorFree
0x1400e3b70 RpcServerUseProtseqEpW
0x1400e3b78 RpcServerUnregisterIfEx
0x1400e3b80 RpcBindingToStringBindingW
0x1400e3b88 UuidToStringW
0x1400e3b90 RpcServerRegisterIf2
0x1400e3b98 RpcMgmtWaitServerListen
0x1400e3ba0 RpcServerListen
0x1400e3ba8 RpcServerRegisterAuthInfoW
0x1400e3bb0 RpcEpUnregister
0x1400e3bb8 RpcEpRegisterW
0x1400e3bc0 RpcServerInqBindings
0x1400e3bc8 RpcMgmtStopServerListening
0x1400e3bd0 I_RpcBindingInqSecurityContext
0x1400e3bd8 I_RpcGetCurrentCallHandle
0x1400e3be0 NdrServerCall2
0x1400e3be8 UuidCreate
0x1400e3bf0 RpcEpResolveBinding
0x1400e3bf8 RpcBindingSetObject
0x1400e3c00 RpcBindingSetAuthInfoW
0x1400e3c08 RpcMgmtEpEltInqBegin
0x1400e3c10 RpcMgmtEpEltInqDone
0x1400e3c18 RpcMgmtEpEltInqNextW
SHLWAPI.dll
0x1400e3d18 PathFindFileNameW
0x1400e3d20 PathIsDirectoryW
0x1400e3d28 PathCombineW
0x1400e3d30 PathCanonicalizeW
0x1400e3d38 PathIsRelativeW
0x1400e3d40 UrlUnescapeW
SAMLIB.dll
0x1400e3c28 SamiChangePasswordUser
0x1400e3c30 SamEnumerateGroupsInDomain
0x1400e3c38 SamGetAliasMembership
0x1400e3c40 SamOpenAlias
0x1400e3c48 SamRidToSid
0x1400e3c50 SamEnumerateAliasesInDomain
0x1400e3c58 SamGetGroupsForUser
0x1400e3c60 SamGetMembersInAlias
0x1400e3c68 SamEnumerateUsersInDomain
0x1400e3c70 SamLookupNamesInDomain
0x1400e3c78 SamOpenDomain
0x1400e3c80 SamEnumerateDomainsInSamServer
0x1400e3c88 SamOpenUser
0x1400e3c90 SamGetMembersInGroup
0x1400e3c98 SamLookupIdsInDomain
0x1400e3ca0 SamConnect
0x1400e3ca8 SamCloseHandle
0x1400e3cb0 SamLookupDomainInSamServer
0x1400e3cb8 SamFreeMemory
0x1400e3cc0 SamQueryInformationUser
0x1400e3cc8 SamSetInformationUser
0x1400e3cd0 SamOpenGroup
Secur32.dll
0x1400e3d50 LsaFreeReturnBuffer
0x1400e3d58 DeleteSecurityContext
0x1400e3d60 LsaCallAuthenticationPackage
0x1400e3d68 LsaDeregisterLogonProcess
0x1400e3d70 LsaConnectUntrusted
0x1400e3d78 QueryContextAttributesW
0x1400e3d80 AcquireCredentialsHandleW
0x1400e3d88 EnumerateSecurityPackagesW
0x1400e3d90 FreeCredentialsHandle
0x1400e3d98 InitializeSecurityContextW
0x1400e3da0 FreeContextBuffer
0x1400e3da8 LsaLookupAuthenticationPackage
SHELL32.dll
0x1400e3d08 CommandLineToArgvW
USER32.dll
0x1400e3db8 GetMessageW
0x1400e3dc0 DefWindowProcW
0x1400e3dc8 PostMessageW
0x1400e3dd0 DestroyWindow
0x1400e3dd8 SetClipboardViewer
0x1400e3de0 CreateWindowExW
0x1400e3de8 SendMessageW
0x1400e3df0 UnregisterClassW
0x1400e3df8 RegisterClassExW
0x1400e3e00 OpenClipboard
0x1400e3e08 DispatchMessageW
0x1400e3e10 ChangeClipboardChain
0x1400e3e18 CloseClipboard
0x1400e3e20 EnumClipboardFormats
0x1400e3e28 TranslateMessage
0x1400e3e30 GetClipboardData
0x1400e3e38 GetClipboardSequenceNumber
0x1400e3e40 GetKeyboardLayout
0x1400e3e48 IsCharAlphaNumericW
USERENV.dll
0x1400e3e58 CreateEnvironmentBlock
0x1400e3e60 DestroyEnvironmentBlock
VERSION.dll
0x1400e3e70 VerQueryValueW
0x1400e3e78 GetFileVersionInfoW
0x1400e3e80 GetFileVersionInfoSizeW
HID.DLL
0x1400e3440 HidD_FreePreparsedData
0x1400e3448 HidD_GetPreparsedData
0x1400e3450 HidD_GetAttributes
0x1400e3458 HidD_GetFeature
0x1400e3460 HidD_SetFeature
0x1400e3468 HidP_GetCaps
0x1400e3470 HidD_GetHidGuid
SETUPAPI.dll
0x1400e3ce0 SetupDiGetClassDevsW
0x1400e3ce8 SetupDiEnumDeviceInterfaces
0x1400e3cf0 SetupDiDestroyDeviceInfoList
0x1400e3cf8 SetupDiGetDeviceInterfaceDetailW
WinSCard.dll
0x1400e3fe0 SCardDisconnect
0x1400e3fe8 SCardConnectW
0x1400e3ff0 SCardControl
0x1400e3ff8 SCardListReadersW
0x1400e4000 SCardGetCardTypeProviderNameW
0x1400e4008 SCardListCardsW
0x1400e4010 SCardReleaseContext
0x1400e4018 SCardEstablishContext
0x1400e4020 SCardGetAttrib
0x1400e4028 SCardFreeMemory
0x1400e4030 SCardTransmit
WINSTA.dll
0x1400e3e90 WinStationQueryInformationW
0x1400e3e98 WinStationCloseServer
0x1400e3ea0 WinStationFreeMemory
0x1400e3ea8 WinStationConnectW
0x1400e3eb0 WinStationEnumerateW
0x1400e3eb8 WinStationOpenServerW
WLDAP32.dll
0x1400e3ec8 None
0x1400e3ed0 None
0x1400e3ed8 None
0x1400e3ee0 None
0x1400e3ee8 None
0x1400e3ef0 None
0x1400e3ef8 None
0x1400e3f00 None
0x1400e3f08 None
0x1400e3f10 None
0x1400e3f18 None
0x1400e3f20 None
0x1400e3f28 None
0x1400e3f30 None
0x1400e3f38 None
0x1400e3f40 None
0x1400e3f48 None
0x1400e3f50 None
0x1400e3f58 None
0x1400e3f60 None
0x1400e3f68 None
0x1400e3f70 None
0x1400e3f78 None
0x1400e3f80 None
0x1400e3f88 None
0x1400e3f90 None
0x1400e3f98 None
0x1400e3fa0 None
0x1400e3fa8 None
0x1400e3fb0 None
0x1400e3fb8 None
0x1400e3fc0 None
0x1400e3fc8 None
0x1400e3fd0 None
advapi32.dll
0x1400e4040 A_SHAInit
0x1400e4048 A_SHAFinal
0x1400e4050 A_SHAUpdate
msasn1.dll
0x1400e4098 ASN1_CloseEncoder
0x1400e40a0 ASN1BERDotVal2Eoid
0x1400e40a8 ASN1_CreateEncoder
0x1400e40b0 ASN1_CloseModule
0x1400e40b8 ASN1_CreateDecoder
0x1400e40c0 ASN1_CloseDecoder
0x1400e40c8 ASN1_CreateModule
0x1400e40d0 ASN1_FreeEncoded
ntdll.dll
0x1400e4100 RtlInitUnicodeString
0x1400e4108 NtQuerySystemEnvironmentValueEx
0x1400e4110 NtQueryObject
0x1400e4118 RtlGetCompressionWorkSpaceSize
0x1400e4120 RtlCompressBuffer
0x1400e4128 NtQuerySystemInformation
0x1400e4130 NtQueryInformationProcess
0x1400e4138 RtlEqualUnicodeString
0x1400e4140 RtlCreateUserThread
0x1400e4148 RtlGUIDFromString
0x1400e4150 NtEnumerateSystemEnvironmentValuesEx
0x1400e4158 NtCompareTokens
0x1400e4160 RtlGetNtVersionNumbers
0x1400e4168 RtlFreeAnsiString
0x1400e4170 RtlIpv4AddressToStringW
0x1400e4178 RtlIpv6AddressToStringW
0x1400e4180 RtlAppendUnicodeStringToString
0x1400e4188 RtlDowncaseUnicodeString
0x1400e4190 RtlFreeUnicodeString
0x1400e4198 RtlGetCurrentPeb
0x1400e41a0 RtlUnicodeStringToAnsiString
0x1400e41a8 RtlUpcaseUnicodeString
0x1400e41b0 RtlAnsiStringToUnicodeString
0x1400e41b8 RtlFreeOemString
0x1400e41c0 RtlUpcaseUnicodeStringToOemString
0x1400e41c8 NtResumeProcess
0x1400e41d0 NtOpenDirectoryObject
0x1400e41d8 NtQueryDirectoryObject
0x1400e41e0 RtlAdjustPrivilege
0x1400e41e8 NtTerminateProcess
0x1400e41f0 NtSuspendProcess
0x1400e41f8 NtSetSystemEnvironmentValueEx
0x1400e4200 RtlEqualString
0x1400e4208 RtlStringFromGUID
netapi32.dll
0x1400e40e0 I_NetServerAuthenticate2
0x1400e40e8 I_NetServerReqChallenge
0x1400e40f0 I_NetServerTrustPasswordsGet
KERNEL32.dll
0x1400e3480 IsValidCodePage
0x1400e3488 FindFirstFileExW
0x1400e3490 GetStringTypeW
0x1400e3498 GetOEMCP
0x1400e34a0 GetConsoleMode
0x1400e34a8 GetConsoleCP
0x1400e34b0 LCMapStringW
0x1400e34b8 CompareStringW
0x1400e34c0 GetFileType
0x1400e34c8 GetACP
0x1400e34d0 GetModuleHandleExW
0x1400e34d8 TerminateProcess
0x1400e34e0 GetModuleFileNameW
0x1400e34e8 GetCommandLineW
0x1400e34f0 GetCommandLineA
0x1400e34f8 LoadLibraryExW
0x1400e3500 TlsFree
0x1400e3508 TlsSetValue
0x1400e3510 TlsGetValue
0x1400e3518 TlsAlloc
0x1400e3520 InitializeCriticalSectionAndSpinCount
0x1400e3528 RtlUnwindEx
0x1400e3530 IsProcessorFeaturePresent
0x1400e3538 GetStartupInfoW
0x1400e3540 SetUnhandledExceptionFilter
0x1400e3548 UnhandledExceptionFilter
0x1400e3550 IsDebuggerPresent
0x1400e3558 RtlVirtualUnwind
0x1400e3560 RtlLookupFunctionEntry
0x1400e3568 RtlCaptureContext
0x1400e3570 InitializeSListHead
0x1400e3578 GetCurrentThreadId
0x1400e3580 LoadLibraryExA
0x1400e3588 SetFilePointerEx
0x1400e3590 GetProcessId
0x1400e3598 GetComputerNameW
0x1400e35a0 IsWow64Process
0x1400e35a8 ProcessIdToSessionId
0x1400e35b0 GetCurrentThread
0x1400e35b8 SetConsoleCursorPosition
0x1400e35c0 SetCurrentDirectoryW
0x1400e35c8 FillConsoleOutputCharacterW
0x1400e35d0 GetTimeZoneInformation
0x1400e35d8 GetSystemDirectoryW
0x1400e35e0 GetStdHandle
0x1400e35e8 GetConsoleScreenBufferInfo
0x1400e35f0 SetEvent
0x1400e35f8 CreateEventW
0x1400e3600 DeleteCriticalSection
0x1400e3608 InitializeCriticalSection
0x1400e3610 LeaveCriticalSection
0x1400e3618 EnterCriticalSection
0x1400e3620 CreatePipe
0x1400e3628 SetHandleInformation
0x1400e3630 GlobalSize
0x1400e3638 SetFileAttributesW
0x1400e3640 SetConsoleTitleW
0x1400e3648 ExitProcess
0x1400e3650 RaiseException
0x1400e3658 ExitThread
0x1400e3660 SetConsoleCtrlHandler
0x1400e3668 GetTickCount
0x1400e3670 QueryPerformanceCounter
0x1400e3678 FormatMessageA
0x1400e3680 GetSystemTime
0x1400e3688 GetProcessHeap
0x1400e3690 GetCurrentProcessId
0x1400e3698 GetFileSize
0x1400e36a0 LockFileEx
0x1400e36a8 CreateFileMappingA
0x1400e36b0 UnlockFile
0x1400e36b8 HeapDestroy
0x1400e36c0 HeapCompact
0x1400e36c8 HeapAlloc
0x1400e36d0 GetSystemInfo
0x1400e36d8 HeapReAlloc
0x1400e36e0 DeleteFileW
0x1400e36e8 GetVersionExA
0x1400e36f0 WaitForSingleObjectEx
0x1400e36f8 LoadLibraryA
0x1400e3700 FlushViewOfFile
0x1400e3708 OutputDebugStringW
0x1400e3710 GetFileAttributesExW
0x1400e3718 GetFileAttributesA
0x1400e3720 GetDiskFreeSpaceA
0x1400e3728 FormatMessageW
0x1400e3730 MultiByteToWideChar
0x1400e3738 HeapSize
0x1400e3740 HeapValidate
0x1400e3748 GetVersionExW
0x1400e3750 CreateMutexW
0x1400e3758 GetTempPathW
0x1400e3760 UnlockFileEx
0x1400e3768 SetEndOfFile
0x1400e3770 GetFullPathNameA
0x1400e3778 LockFile
0x1400e3780 OutputDebugStringA
0x1400e3788 GetDiskFreeSpaceW
0x1400e3790 GetFullPathNameW
0x1400e3798 HeapFree
0x1400e37a0 HeapCreate
0x1400e37a8 AreFileApisANSI
0x1400e37b0 GetDateFormatW
0x1400e37b8 GetSystemTimeAsFileTime
0x1400e37c0 WideCharToMultiByte
0x1400e37c8 SystemTimeToFileTime
0x1400e37d0 GetTimeFormatW
0x1400e37d8 lstrlenA
0x1400e37e0 ClearCommError
0x1400e37e8 PurgeComm
0x1400e37f0 CreateRemoteThread
0x1400e37f8 WaitForSingleObject
0x1400e3800 CreateProcessW
0x1400e3808 SetConsoleOutputCP
0x1400e3810 GetConsoleOutputCP
0x1400e3818 MapViewOfFile
0x1400e3820 CreateFileMappingW
0x1400e3828 UnmapViewOfFile
0x1400e3830 VirtualQueryEx
0x1400e3838 VirtualQuery
0x1400e3840 VirtualFreeEx
0x1400e3848 ReadProcessMemory
0x1400e3850 VirtualAllocEx
0x1400e3858 VirtualProtectEx
0x1400e3860 VirtualAlloc
0x1400e3868 VirtualFree
0x1400e3870 SetLastError
0x1400e3878 VirtualProtect
0x1400e3880 WriteProcessMemory
0x1400e3888 GetComputerNameExW
0x1400e3890 GetCPInfo
0x1400e3898 GetEnvironmentStringsW
0x1400e38a0 FreeEnvironmentStringsW
0x1400e38a8 SetEnvironmentVariableW
0x1400e38b0 WriteConsoleW
0x1400e38b8 ReadConsoleW
0x1400e38c0 SetStdHandle
0x1400e38c8 DeviceIoControl
0x1400e38d0 OpenProcess
0x1400e38d8 DuplicateHandle
0x1400e38e0 GetCurrentProcess
0x1400e38e8 RtlUnwind
0x1400e38f0 FlushFileBuffers
0x1400e38f8 GetCurrentDirectoryW
0x1400e3900 GetFileAttributesW
0x1400e3908 FindClose
0x1400e3910 ExpandEnvironmentStringsW
0x1400e3918 FindNextFileW
0x1400e3920 GetFileSizeEx
0x1400e3928 FindFirstFileW
0x1400e3930 lstrlenW
0x1400e3938 FreeLibrary
0x1400e3940 GetModuleHandleW
0x1400e3948 GetProcAddress
0x1400e3950 LoadLibraryW
0x1400e3958 FileTimeToDosDateTime
0x1400e3960 GetTempFileNameA
0x1400e3968 FileTimeToLocalFileTime
0x1400e3970 DeleteFileA
0x1400e3978 CreateFileA
0x1400e3980 GetTempPathA
0x1400e3988 GetFileInformationByHandle
0x1400e3990 GetCurrentDirectoryA
0x1400e3998 SetFilePointer
0x1400e39a0 LocalFree
0x1400e39a8 CreateThread
0x1400e39b0 CloseHandle
0x1400e39b8 TerminateThread
0x1400e39c0 GetLastError
0x1400e39c8 Sleep
0x1400e39d0 CreateFileW
0x1400e39d8 LocalAlloc
0x1400e39e0 WriteFile
0x1400e39e8 ReadFile
0x1400e39f0 FileTimeToSystemTime
EAT(Export Address Table) is none
ADVAPI32.dll
0x1400e3000 CryptReleaseContext
0x1400e3008 CryptGenKey
0x1400e3010 CryptGetProvParam
0x1400e3018 CryptGetHashParam
0x1400e3020 CryptImportKey
0x1400e3028 CryptSetKeyParam
0x1400e3030 CryptDestroyHash
0x1400e3038 CryptSetHashParam
0x1400e3040 CryptHashData
0x1400e3048 CryptCreateHash
0x1400e3050 CryptExportKey
0x1400e3058 CryptDecrypt
0x1400e3060 SystemFunction007
0x1400e3068 CryptDuplicateKey
0x1400e3070 CryptEncrypt
0x1400e3078 CryptAcquireContextW
0x1400e3080 CryptGetKeyParam
0x1400e3088 CryptAcquireContextA
0x1400e3090 CryptDestroyKey
0x1400e3098 GetLengthSid
0x1400e30a0 CopySid
0x1400e30a8 LsaClose
0x1400e30b0 LsaOpenPolicy
0x1400e30b8 LsaQueryInformationPolicy
0x1400e30c0 CreateWellKnownSid
0x1400e30c8 CreateProcessAsUserW
0x1400e30d0 CreateProcessWithLogonW
0x1400e30d8 RegQueryValueExW
0x1400e30e0 RegEnumValueW
0x1400e30e8 RegOpenKeyExW
0x1400e30f0 RegSetValueExW
0x1400e30f8 RegEnumKeyExW
0x1400e3100 RegQueryInfoKeyW
0x1400e3108 RegCloseKey
0x1400e3110 SystemFunction032
0x1400e3118 ConvertSidToStringSidW
0x1400e3120 SystemFunction033
0x1400e3128 QueryServiceObjectSecurity
0x1400e3130 QueryServiceStatusEx
0x1400e3138 BuildSecurityDescriptorW
0x1400e3140 OpenServiceW
0x1400e3148 StartServiceW
0x1400e3150 FreeSid
0x1400e3158 ControlService
0x1400e3160 SetServiceObjectSecurity
0x1400e3168 DeleteService
0x1400e3170 AllocateAndInitializeSid
0x1400e3178 OpenSCManagerW
0x1400e3180 CloseServiceHandle
0x1400e3188 CreateServiceW
0x1400e3190 IsTextUnicode
0x1400e3198 GetTokenInformation
0x1400e31a0 LookupAccountNameW
0x1400e31a8 LookupAccountSidW
0x1400e31b0 DuplicateTokenEx
0x1400e31b8 CheckTokenMembership
0x1400e31c0 OpenProcessToken
0x1400e31c8 CryptSetProvParam
0x1400e31d0 CryptEnumProvidersW
0x1400e31d8 ConvertStringSidToSidW
0x1400e31e0 LsaFreeMemory
0x1400e31e8 IsValidSid
0x1400e31f0 GetSidSubAuthority
0x1400e31f8 GetSidSubAuthorityCount
0x1400e3200 SetThreadToken
0x1400e3208 SystemFunction006
0x1400e3210 CryptEnumProviderTypesW
0x1400e3218 CryptGetUserKey
0x1400e3220 OpenEventLogW
0x1400e3228 ClearEventLogW
0x1400e3230 GetNumberOfEventLogRecords
0x1400e3238 CryptSignHashW
0x1400e3240 LsaRetrievePrivateData
0x1400e3248 LsaOpenSecret
0x1400e3250 LsaQueryTrustedDomainInfoByName
0x1400e3258 CryptDeriveKey
0x1400e3260 LsaQuerySecret
0x1400e3268 SystemFunction001
0x1400e3270 SystemFunction005
0x1400e3278 LsaSetSecret
0x1400e3280 LsaEnumerateTrustedDomainsEx
0x1400e3288 SystemFunction023
0x1400e3290 LookupPrivilegeValueW
0x1400e3298 StartServiceCtrlDispatcherW
0x1400e32a0 RegisterServiceCtrlHandlerW
0x1400e32a8 SetServiceStatus
0x1400e32b0 OpenThreadToken
0x1400e32b8 LookupPrivilegeNameW
0x1400e32c0 EqualSid
0x1400e32c8 CredFree
0x1400e32d0 CredEnumerateW
0x1400e32d8 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x1400e32e0 SystemFunction027
0x1400e32e8 SystemFunction026
0x1400e32f0 SystemFunction041
0x1400e32f8 CredUnmarshalCredentialW
0x1400e3300 CredIsMarshaledCredentialW
Cabinet.dll
0x1400e33e8 None
0x1400e33f0 None
0x1400e33f8 None
0x1400e3400 None
CRYPT32.dll
0x1400e3310 CertGetNameStringW
0x1400e3318 CryptQueryObject
0x1400e3320 CertEnumCertificatesInStore
0x1400e3328 CertAddCertificateContextToStore
0x1400e3330 CertEnumSystemStore
0x1400e3338 CertAddEncodedCertificateToStore
0x1400e3340 CertFreeCertificateContext
0x1400e3348 CryptStringToBinaryA
0x1400e3350 CertCloseStore
0x1400e3358 PFXExportCertStoreEx
0x1400e3360 CertSetCertificateContextProperty
0x1400e3368 CertOpenStore
0x1400e3370 CryptStringToBinaryW
0x1400e3378 CryptUnprotectData
0x1400e3380 CryptBinaryToStringW
0x1400e3388 CryptBinaryToStringA
0x1400e3390 CryptAcquireCertificatePrivateKey
0x1400e3398 CryptExportPublicKeyInfo
0x1400e33a0 CryptFindOIDInfo
0x1400e33a8 CryptSignAndEncodeCertificate
0x1400e33b0 CertNameToStrW
0x1400e33b8 CryptEncodeObject
0x1400e33c0 CertFindCertificateInStore
0x1400e33c8 CertGetCertificateContextProperty
0x1400e33d0 CryptProtectData
0x1400e33d8 CryptDecodeObjectEx
cryptdll.dll
0x1400e4060 MD5Update
0x1400e4068 MD5Init
0x1400e4070 CDGenerateRandomBits
0x1400e4078 CDLocateCheckSum
0x1400e4080 CDLocateCSystem
0x1400e4088 MD5Final
DNSAPI.dll
0x1400e3410 DnsQuery_A
0x1400e3418 DnsFree
FLTLIB.DLL
0x1400e3428 FilterFindNext
0x1400e3430 FilterFindFirst
MPR.dll
0x1400e3a00 WNetCancelConnection2W
0x1400e3a08 WNetAddConnection2W
NETAPI32.dll
0x1400e3a18 DsGetDcNameW
0x1400e3a20 NetApiBufferFree
0x1400e3a28 NetWkstaUserEnum
0x1400e3a30 NetShareEnum
0x1400e3a38 NetStatisticsGet
0x1400e3a40 NetSessionEnum
0x1400e3a48 NetRemoteTOD
0x1400e3a50 NetServerGetInfo
0x1400e3a58 DsEnumerateDomainTrustsW
ODBC32.dll
0x1400e3a68 None
0x1400e3a70 None
0x1400e3a78 None
0x1400e3a80 None
0x1400e3a88 None
0x1400e3a90 None
0x1400e3a98 None
0x1400e3aa0 None
ole32.dll
0x1400e4218 CoInitializeEx
0x1400e4220 CoSetProxyBlanket
0x1400e4228 CoTaskMemFree
0x1400e4230 CoUninitialize
0x1400e4238 CoCreateInstance
OLEAUT32.dll
0x1400e3ab0 SysFreeString
0x1400e3ab8 VariantInit
0x1400e3ac0 VariantClear
0x1400e3ac8 SysAllocString
RPCRT4.dll
0x1400e3ad8 NdrClientCall2
0x1400e3ae0 RpcBindingInqAuthClientW
0x1400e3ae8 RpcBindingSetOption
0x1400e3af0 RpcBindingFromStringBindingW
0x1400e3af8 RpcStringBindingComposeW
0x1400e3b00 RpcBindingSetAuthInfoExW
0x1400e3b08 RpcStringFreeW
0x1400e3b10 MesHandleFree
0x1400e3b18 RpcImpersonateClient
0x1400e3b20 RpcRevertToSelf
0x1400e3b28 MesEncodeIncrementalHandleCreate
0x1400e3b30 MesDecodeIncrementalHandleCreate
0x1400e3b38 RpcBindingFree
0x1400e3b40 MesIncrementalHandleReset
0x1400e3b48 NdrMesTypeEncode2
0x1400e3b50 NdrMesTypeDecode2
0x1400e3b58 NdrMesTypeFree2
0x1400e3b60 NdrMesTypeAlignSize2
0x1400e3b68 RpcBindingVectorFree
0x1400e3b70 RpcServerUseProtseqEpW
0x1400e3b78 RpcServerUnregisterIfEx
0x1400e3b80 RpcBindingToStringBindingW
0x1400e3b88 UuidToStringW
0x1400e3b90 RpcServerRegisterIf2
0x1400e3b98 RpcMgmtWaitServerListen
0x1400e3ba0 RpcServerListen
0x1400e3ba8 RpcServerRegisterAuthInfoW
0x1400e3bb0 RpcEpUnregister
0x1400e3bb8 RpcEpRegisterW
0x1400e3bc0 RpcServerInqBindings
0x1400e3bc8 RpcMgmtStopServerListening
0x1400e3bd0 I_RpcBindingInqSecurityContext
0x1400e3bd8 I_RpcGetCurrentCallHandle
0x1400e3be0 NdrServerCall2
0x1400e3be8 UuidCreate
0x1400e3bf0 RpcEpResolveBinding
0x1400e3bf8 RpcBindingSetObject
0x1400e3c00 RpcBindingSetAuthInfoW
0x1400e3c08 RpcMgmtEpEltInqBegin
0x1400e3c10 RpcMgmtEpEltInqDone
0x1400e3c18 RpcMgmtEpEltInqNextW
SHLWAPI.dll
0x1400e3d18 PathFindFileNameW
0x1400e3d20 PathIsDirectoryW
0x1400e3d28 PathCombineW
0x1400e3d30 PathCanonicalizeW
0x1400e3d38 PathIsRelativeW
0x1400e3d40 UrlUnescapeW
SAMLIB.dll
0x1400e3c28 SamiChangePasswordUser
0x1400e3c30 SamEnumerateGroupsInDomain
0x1400e3c38 SamGetAliasMembership
0x1400e3c40 SamOpenAlias
0x1400e3c48 SamRidToSid
0x1400e3c50 SamEnumerateAliasesInDomain
0x1400e3c58 SamGetGroupsForUser
0x1400e3c60 SamGetMembersInAlias
0x1400e3c68 SamEnumerateUsersInDomain
0x1400e3c70 SamLookupNamesInDomain
0x1400e3c78 SamOpenDomain
0x1400e3c80 SamEnumerateDomainsInSamServer
0x1400e3c88 SamOpenUser
0x1400e3c90 SamGetMembersInGroup
0x1400e3c98 SamLookupIdsInDomain
0x1400e3ca0 SamConnect
0x1400e3ca8 SamCloseHandle
0x1400e3cb0 SamLookupDomainInSamServer
0x1400e3cb8 SamFreeMemory
0x1400e3cc0 SamQueryInformationUser
0x1400e3cc8 SamSetInformationUser
0x1400e3cd0 SamOpenGroup
Secur32.dll
0x1400e3d50 LsaFreeReturnBuffer
0x1400e3d58 DeleteSecurityContext
0x1400e3d60 LsaCallAuthenticationPackage
0x1400e3d68 LsaDeregisterLogonProcess
0x1400e3d70 LsaConnectUntrusted
0x1400e3d78 QueryContextAttributesW
0x1400e3d80 AcquireCredentialsHandleW
0x1400e3d88 EnumerateSecurityPackagesW
0x1400e3d90 FreeCredentialsHandle
0x1400e3d98 InitializeSecurityContextW
0x1400e3da0 FreeContextBuffer
0x1400e3da8 LsaLookupAuthenticationPackage
SHELL32.dll
0x1400e3d08 CommandLineToArgvW
USER32.dll
0x1400e3db8 GetMessageW
0x1400e3dc0 DefWindowProcW
0x1400e3dc8 PostMessageW
0x1400e3dd0 DestroyWindow
0x1400e3dd8 SetClipboardViewer
0x1400e3de0 CreateWindowExW
0x1400e3de8 SendMessageW
0x1400e3df0 UnregisterClassW
0x1400e3df8 RegisterClassExW
0x1400e3e00 OpenClipboard
0x1400e3e08 DispatchMessageW
0x1400e3e10 ChangeClipboardChain
0x1400e3e18 CloseClipboard
0x1400e3e20 EnumClipboardFormats
0x1400e3e28 TranslateMessage
0x1400e3e30 GetClipboardData
0x1400e3e38 GetClipboardSequenceNumber
0x1400e3e40 GetKeyboardLayout
0x1400e3e48 IsCharAlphaNumericW
USERENV.dll
0x1400e3e58 CreateEnvironmentBlock
0x1400e3e60 DestroyEnvironmentBlock
VERSION.dll
0x1400e3e70 VerQueryValueW
0x1400e3e78 GetFileVersionInfoW
0x1400e3e80 GetFileVersionInfoSizeW
HID.DLL
0x1400e3440 HidD_FreePreparsedData
0x1400e3448 HidD_GetPreparsedData
0x1400e3450 HidD_GetAttributes
0x1400e3458 HidD_GetFeature
0x1400e3460 HidD_SetFeature
0x1400e3468 HidP_GetCaps
0x1400e3470 HidD_GetHidGuid
SETUPAPI.dll
0x1400e3ce0 SetupDiGetClassDevsW
0x1400e3ce8 SetupDiEnumDeviceInterfaces
0x1400e3cf0 SetupDiDestroyDeviceInfoList
0x1400e3cf8 SetupDiGetDeviceInterfaceDetailW
WinSCard.dll
0x1400e3fe0 SCardDisconnect
0x1400e3fe8 SCardConnectW
0x1400e3ff0 SCardControl
0x1400e3ff8 SCardListReadersW
0x1400e4000 SCardGetCardTypeProviderNameW
0x1400e4008 SCardListCardsW
0x1400e4010 SCardReleaseContext
0x1400e4018 SCardEstablishContext
0x1400e4020 SCardGetAttrib
0x1400e4028 SCardFreeMemory
0x1400e4030 SCardTransmit
WINSTA.dll
0x1400e3e90 WinStationQueryInformationW
0x1400e3e98 WinStationCloseServer
0x1400e3ea0 WinStationFreeMemory
0x1400e3ea8 WinStationConnectW
0x1400e3eb0 WinStationEnumerateW
0x1400e3eb8 WinStationOpenServerW
WLDAP32.dll
0x1400e3ec8 None
0x1400e3ed0 None
0x1400e3ed8 None
0x1400e3ee0 None
0x1400e3ee8 None
0x1400e3ef0 None
0x1400e3ef8 None
0x1400e3f00 None
0x1400e3f08 None
0x1400e3f10 None
0x1400e3f18 None
0x1400e3f20 None
0x1400e3f28 None
0x1400e3f30 None
0x1400e3f38 None
0x1400e3f40 None
0x1400e3f48 None
0x1400e3f50 None
0x1400e3f58 None
0x1400e3f60 None
0x1400e3f68 None
0x1400e3f70 None
0x1400e3f78 None
0x1400e3f80 None
0x1400e3f88 None
0x1400e3f90 None
0x1400e3f98 None
0x1400e3fa0 None
0x1400e3fa8 None
0x1400e3fb0 None
0x1400e3fb8 None
0x1400e3fc0 None
0x1400e3fc8 None
0x1400e3fd0 None
advapi32.dll
0x1400e4040 A_SHAInit
0x1400e4048 A_SHAFinal
0x1400e4050 A_SHAUpdate
msasn1.dll
0x1400e4098 ASN1_CloseEncoder
0x1400e40a0 ASN1BERDotVal2Eoid
0x1400e40a8 ASN1_CreateEncoder
0x1400e40b0 ASN1_CloseModule
0x1400e40b8 ASN1_CreateDecoder
0x1400e40c0 ASN1_CloseDecoder
0x1400e40c8 ASN1_CreateModule
0x1400e40d0 ASN1_FreeEncoded
ntdll.dll
0x1400e4100 RtlInitUnicodeString
0x1400e4108 NtQuerySystemEnvironmentValueEx
0x1400e4110 NtQueryObject
0x1400e4118 RtlGetCompressionWorkSpaceSize
0x1400e4120 RtlCompressBuffer
0x1400e4128 NtQuerySystemInformation
0x1400e4130 NtQueryInformationProcess
0x1400e4138 RtlEqualUnicodeString
0x1400e4140 RtlCreateUserThread
0x1400e4148 RtlGUIDFromString
0x1400e4150 NtEnumerateSystemEnvironmentValuesEx
0x1400e4158 NtCompareTokens
0x1400e4160 RtlGetNtVersionNumbers
0x1400e4168 RtlFreeAnsiString
0x1400e4170 RtlIpv4AddressToStringW
0x1400e4178 RtlIpv6AddressToStringW
0x1400e4180 RtlAppendUnicodeStringToString
0x1400e4188 RtlDowncaseUnicodeString
0x1400e4190 RtlFreeUnicodeString
0x1400e4198 RtlGetCurrentPeb
0x1400e41a0 RtlUnicodeStringToAnsiString
0x1400e41a8 RtlUpcaseUnicodeString
0x1400e41b0 RtlAnsiStringToUnicodeString
0x1400e41b8 RtlFreeOemString
0x1400e41c0 RtlUpcaseUnicodeStringToOemString
0x1400e41c8 NtResumeProcess
0x1400e41d0 NtOpenDirectoryObject
0x1400e41d8 NtQueryDirectoryObject
0x1400e41e0 RtlAdjustPrivilege
0x1400e41e8 NtTerminateProcess
0x1400e41f0 NtSuspendProcess
0x1400e41f8 NtSetSystemEnvironmentValueEx
0x1400e4200 RtlEqualString
0x1400e4208 RtlStringFromGUID
netapi32.dll
0x1400e40e0 I_NetServerAuthenticate2
0x1400e40e8 I_NetServerReqChallenge
0x1400e40f0 I_NetServerTrustPasswordsGet
KERNEL32.dll
0x1400e3480 IsValidCodePage
0x1400e3488 FindFirstFileExW
0x1400e3490 GetStringTypeW
0x1400e3498 GetOEMCP
0x1400e34a0 GetConsoleMode
0x1400e34a8 GetConsoleCP
0x1400e34b0 LCMapStringW
0x1400e34b8 CompareStringW
0x1400e34c0 GetFileType
0x1400e34c8 GetACP
0x1400e34d0 GetModuleHandleExW
0x1400e34d8 TerminateProcess
0x1400e34e0 GetModuleFileNameW
0x1400e34e8 GetCommandLineW
0x1400e34f0 GetCommandLineA
0x1400e34f8 LoadLibraryExW
0x1400e3500 TlsFree
0x1400e3508 TlsSetValue
0x1400e3510 TlsGetValue
0x1400e3518 TlsAlloc
0x1400e3520 InitializeCriticalSectionAndSpinCount
0x1400e3528 RtlUnwindEx
0x1400e3530 IsProcessorFeaturePresent
0x1400e3538 GetStartupInfoW
0x1400e3540 SetUnhandledExceptionFilter
0x1400e3548 UnhandledExceptionFilter
0x1400e3550 IsDebuggerPresent
0x1400e3558 RtlVirtualUnwind
0x1400e3560 RtlLookupFunctionEntry
0x1400e3568 RtlCaptureContext
0x1400e3570 InitializeSListHead
0x1400e3578 GetCurrentThreadId
0x1400e3580 LoadLibraryExA
0x1400e3588 SetFilePointerEx
0x1400e3590 GetProcessId
0x1400e3598 GetComputerNameW
0x1400e35a0 IsWow64Process
0x1400e35a8 ProcessIdToSessionId
0x1400e35b0 GetCurrentThread
0x1400e35b8 SetConsoleCursorPosition
0x1400e35c0 SetCurrentDirectoryW
0x1400e35c8 FillConsoleOutputCharacterW
0x1400e35d0 GetTimeZoneInformation
0x1400e35d8 GetSystemDirectoryW
0x1400e35e0 GetStdHandle
0x1400e35e8 GetConsoleScreenBufferInfo
0x1400e35f0 SetEvent
0x1400e35f8 CreateEventW
0x1400e3600 DeleteCriticalSection
0x1400e3608 InitializeCriticalSection
0x1400e3610 LeaveCriticalSection
0x1400e3618 EnterCriticalSection
0x1400e3620 CreatePipe
0x1400e3628 SetHandleInformation
0x1400e3630 GlobalSize
0x1400e3638 SetFileAttributesW
0x1400e3640 SetConsoleTitleW
0x1400e3648 ExitProcess
0x1400e3650 RaiseException
0x1400e3658 ExitThread
0x1400e3660 SetConsoleCtrlHandler
0x1400e3668 GetTickCount
0x1400e3670 QueryPerformanceCounter
0x1400e3678 FormatMessageA
0x1400e3680 GetSystemTime
0x1400e3688 GetProcessHeap
0x1400e3690 GetCurrentProcessId
0x1400e3698 GetFileSize
0x1400e36a0 LockFileEx
0x1400e36a8 CreateFileMappingA
0x1400e36b0 UnlockFile
0x1400e36b8 HeapDestroy
0x1400e36c0 HeapCompact
0x1400e36c8 HeapAlloc
0x1400e36d0 GetSystemInfo
0x1400e36d8 HeapReAlloc
0x1400e36e0 DeleteFileW
0x1400e36e8 GetVersionExA
0x1400e36f0 WaitForSingleObjectEx
0x1400e36f8 LoadLibraryA
0x1400e3700 FlushViewOfFile
0x1400e3708 OutputDebugStringW
0x1400e3710 GetFileAttributesExW
0x1400e3718 GetFileAttributesA
0x1400e3720 GetDiskFreeSpaceA
0x1400e3728 FormatMessageW
0x1400e3730 MultiByteToWideChar
0x1400e3738 HeapSize
0x1400e3740 HeapValidate
0x1400e3748 GetVersionExW
0x1400e3750 CreateMutexW
0x1400e3758 GetTempPathW
0x1400e3760 UnlockFileEx
0x1400e3768 SetEndOfFile
0x1400e3770 GetFullPathNameA
0x1400e3778 LockFile
0x1400e3780 OutputDebugStringA
0x1400e3788 GetDiskFreeSpaceW
0x1400e3790 GetFullPathNameW
0x1400e3798 HeapFree
0x1400e37a0 HeapCreate
0x1400e37a8 AreFileApisANSI
0x1400e37b0 GetDateFormatW
0x1400e37b8 GetSystemTimeAsFileTime
0x1400e37c0 WideCharToMultiByte
0x1400e37c8 SystemTimeToFileTime
0x1400e37d0 GetTimeFormatW
0x1400e37d8 lstrlenA
0x1400e37e0 ClearCommError
0x1400e37e8 PurgeComm
0x1400e37f0 CreateRemoteThread
0x1400e37f8 WaitForSingleObject
0x1400e3800 CreateProcessW
0x1400e3808 SetConsoleOutputCP
0x1400e3810 GetConsoleOutputCP
0x1400e3818 MapViewOfFile
0x1400e3820 CreateFileMappingW
0x1400e3828 UnmapViewOfFile
0x1400e3830 VirtualQueryEx
0x1400e3838 VirtualQuery
0x1400e3840 VirtualFreeEx
0x1400e3848 ReadProcessMemory
0x1400e3850 VirtualAllocEx
0x1400e3858 VirtualProtectEx
0x1400e3860 VirtualAlloc
0x1400e3868 VirtualFree
0x1400e3870 SetLastError
0x1400e3878 VirtualProtect
0x1400e3880 WriteProcessMemory
0x1400e3888 GetComputerNameExW
0x1400e3890 GetCPInfo
0x1400e3898 GetEnvironmentStringsW
0x1400e38a0 FreeEnvironmentStringsW
0x1400e38a8 SetEnvironmentVariableW
0x1400e38b0 WriteConsoleW
0x1400e38b8 ReadConsoleW
0x1400e38c0 SetStdHandle
0x1400e38c8 DeviceIoControl
0x1400e38d0 OpenProcess
0x1400e38d8 DuplicateHandle
0x1400e38e0 GetCurrentProcess
0x1400e38e8 RtlUnwind
0x1400e38f0 FlushFileBuffers
0x1400e38f8 GetCurrentDirectoryW
0x1400e3900 GetFileAttributesW
0x1400e3908 FindClose
0x1400e3910 ExpandEnvironmentStringsW
0x1400e3918 FindNextFileW
0x1400e3920 GetFileSizeEx
0x1400e3928 FindFirstFileW
0x1400e3930 lstrlenW
0x1400e3938 FreeLibrary
0x1400e3940 GetModuleHandleW
0x1400e3948 GetProcAddress
0x1400e3950 LoadLibraryW
0x1400e3958 FileTimeToDosDateTime
0x1400e3960 GetTempFileNameA
0x1400e3968 FileTimeToLocalFileTime
0x1400e3970 DeleteFileA
0x1400e3978 CreateFileA
0x1400e3980 GetTempPathA
0x1400e3988 GetFileInformationByHandle
0x1400e3990 GetCurrentDirectoryA
0x1400e3998 SetFilePointer
0x1400e39a0 LocalFree
0x1400e39a8 CreateThread
0x1400e39b0 CloseHandle
0x1400e39b8 TerminateThread
0x1400e39c0 GetLastError
0x1400e39c8 Sleep
0x1400e39d0 CreateFileW
0x1400e39d8 LocalAlloc
0x1400e39e0 WriteFile
0x1400e39e8 ReadFile
0x1400e39f0 FileTimeToSystemTime
EAT(Export Address Table) is none