ScreenShot
| Created | 2024.08.04 14:12 | Machine | s1_win7_x6401 |
| Filename | mimikatz.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 63 detected (AIDetectMalware, Mimikatz, Windows, Hacktool, Malicious, score, S13719268, HTool, Marte, Unsafe, Vrvo, Attribute, HighConfidence, TrojanPSW, ensmum, Tool, CLASSIC, HKTL, MIMIKATZ64, SMGK, moderate, Apteryx, Detected, ai score=100, Malware@#12ayoseu6bn1d, Eldorado, R559345, GenAsa, cSwfETufE4E, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 482780a54542c89b59b83fc39febe95c | ||
| sha256 | 884fce7b68e6028ec1dedc0936b64588451c5b8568ceb5338f4dc468f1c73e09 | ||
| ssdeep | 12288:/o04pWvpwAIj8Jl/kzzLOrUyVG7K3XDu7FEMIohz6N2:/ipWvpLIwuzLGG+3ik | ||
| imphash | b24c5eddaea4fe50c6a96a2a133521e4 | ||
| impfuzzy | 192:lUQG9vVv8KFe6dGpGI8ZvdJUQMhcaZMeFBaPESjJwv6x:lsVpeycc0MeiESjJSO | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 63 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140076000 CryptSetHashParam
0x140076008 CryptGetHashParam
0x140076010 CryptExportKey
0x140076018 CryptAcquireContextW
0x140076020 CryptSetKeyParam
0x140076028 CryptGetKeyParam
0x140076030 CryptReleaseContext
0x140076038 CryptDuplicateKey
0x140076040 CryptAcquireContextA
0x140076048 CryptGetProvParam
0x140076050 CryptImportKey
0x140076058 SystemFunction007
0x140076060 CryptEncrypt
0x140076068 CryptCreateHash
0x140076070 CryptGenKey
0x140076078 CryptDestroyKey
0x140076080 CryptDecrypt
0x140076088 CryptDestroyHash
0x140076090 CryptHashData
0x140076098 CopySid
0x1400760a0 GetLengthSid
0x1400760a8 LsaQueryInformationPolicy
0x1400760b0 LsaOpenPolicy
0x1400760b8 LsaClose
0x1400760c0 CreateWellKnownSid
0x1400760c8 CreateProcessWithLogonW
0x1400760d0 CreateProcessAsUserW
0x1400760d8 RegQueryValueExW
0x1400760e0 RegQueryInfoKeyW
0x1400760e8 RegEnumValueW
0x1400760f0 RegOpenKeyExW
0x1400760f8 RegEnumKeyExW
0x140076100 RegCloseKey
0x140076108 RegSetValueExW
0x140076110 SystemFunction032
0x140076118 CreateServiceW
0x140076120 CloseServiceHandle
0x140076128 DeleteService
0x140076130 OpenSCManagerW
0x140076138 SetServiceObjectSecurity
0x140076140 OpenServiceW
0x140076148 BuildSecurityDescriptorW
0x140076150 QueryServiceObjectSecurity
0x140076158 StartServiceW
0x140076160 AllocateAndInitializeSid
0x140076168 QueryServiceStatusEx
0x140076170 FreeSid
0x140076178 ControlService
0x140076180 IsTextUnicode
0x140076188 ConvertSidToStringSidW
0x140076190 OpenProcessToken
0x140076198 GetTokenInformation
0x1400761a0 LookupAccountNameW
0x1400761a8 LookupAccountSidW
0x1400761b0 DuplicateTokenEx
0x1400761b8 CheckTokenMembership
0x1400761c0 ConvertStringSidToSidW
0x1400761c8 LsaFreeMemory
0x1400761d0 CryptSetProvParam
0x1400761d8 CryptEnumProvidersW
0x1400761e0 CryptEnumProviderTypesW
0x1400761e8 SystemFunction006
0x1400761f0 CryptGetUserKey
0x1400761f8 OpenEventLogW
0x140076200 GetNumberOfEventLogRecords
0x140076208 ClearEventLogW
0x140076210 GetSidSubAuthority
0x140076218 SystemFunction001
0x140076220 GetSidSubAuthorityCount
0x140076228 SystemFunction005
0x140076230 LsaQueryTrustedDomainInfoByName
0x140076238 SystemFunction025
0x140076240 LsaOpenSecret
0x140076248 LsaQuerySecret
0x140076250 SystemFunction013
0x140076258 LsaRetrievePrivateData
0x140076260 LsaEnumerateTrustedDomainsEx
0x140076268 LookupPrivilegeValueW
0x140076270 StartServiceCtrlDispatcherW
0x140076278 SetServiceStatus
0x140076280 RegisterServiceCtrlHandlerW
0x140076288 IsValidSid
0x140076290 LookupPrivilegeNameW
0x140076298 OpenThreadToken
0x1400762a0 SetThreadToken
0x1400762a8 CredFree
0x1400762b0 CredEnumerateW
CRYPT32.dll
0x1400762c0 CertAddEncodedCertificateToStore
0x1400762c8 CertOpenStore
0x1400762d0 CertFreeCertificateContext
0x1400762d8 CertCloseStore
0x1400762e0 CertSetCertificateContextProperty
0x1400762e8 PFXExportCertStoreEx
0x1400762f0 CryptUnprotectData
0x1400762f8 CryptBinaryToStringW
0x140076300 CryptStringToBinaryW
0x140076308 CryptProtectData
0x140076310 CryptExportPublicKeyInfo
0x140076318 CryptAcquireCertificatePrivateKey
0x140076320 CertGetNameStringW
0x140076328 CertAddCertificateContextToStore
0x140076330 CertFindCertificateInStore
0x140076338 CertGetCertificateContextProperty
0x140076340 CertEnumCertificatesInStore
0x140076348 CryptSignAndEncodeCertificate
0x140076350 CertEnumSystemStore
0x140076358 CryptEncodeObject
cryptdll.dll
0x140076bc8 CDLocateCheckSum
0x140076bd0 MD5Update
0x140076bd8 MD5Init
0x140076be0 CDLocateCSystem
0x140076be8 CDGenerateRandomBits
0x140076bf0 MD5Final
NETAPI32.dll
0x140076790 DsGetDcNameW
0x140076798 NetApiBufferFree
0x1400767a0 NetRemoteTOD
0x1400767a8 NetSessionEnum
0x1400767b0 NetStatisticsGet
0x1400767b8 NetWkstaUserEnum
ole32.dll
0x140076f98 CoCreateInstance
0x140076fa0 CoUninitialize
0x140076fa8 CoInitializeEx
OLEAUT32.dll
0x1400767c8 SysAllocString
0x1400767d0 VariantInit
0x1400767d8 SysFreeString
RPCRT4.dll
0x1400767e8 RpcServerUseProtseqEpW
0x1400767f0 RpcBindingFromStringBindingW
0x1400767f8 RpcStringBindingComposeW
0x140076800 MesEncodeIncrementalHandleCreate
0x140076808 RpcBindingSetAuthInfoExW
0x140076810 RpcBindingInqAuthClientW
0x140076818 RpcBindingSetOption
0x140076820 RpcImpersonateClient
0x140076828 RpcBindingFree
0x140076830 RpcStringFreeW
0x140076838 RpcRevertToSelf
0x140076840 MesDecodeIncrementalHandleCreate
0x140076848 MesHandleFree
0x140076850 MesIncrementalHandleReset
0x140076858 NdrMesTypeDecode2
0x140076860 NdrMesTypeAlignSize2
0x140076868 NdrMesTypeFree2
0x140076870 NdrMesTypeEncode2
0x140076878 I_RpcBindingInqSecurityContext
0x140076880 NdrServerCall2
0x140076888 NdrClientCall2
0x140076890 UuidCreate
0x140076898 RpcEpResolveBinding
0x1400768a0 RpcServerUnregisterIfEx
0x1400768a8 RpcMgmtEpEltInqDone
0x1400768b0 RpcServerInqBindings
0x1400768b8 RpcServerListen
0x1400768c0 RpcEpRegisterW
0x1400768c8 RpcMgmtStopServerListening
0x1400768d0 RpcBindingToStringBindingW
0x1400768d8 RpcServerRegisterIf2
0x1400768e0 RpcServerRegisterAuthInfoW
0x1400768e8 RpcBindingVectorFree
0x1400768f0 RpcMgmtEpEltInqNextW
0x1400768f8 RpcEpUnregister
0x140076900 RpcMgmtEpEltInqBegin
SHLWAPI.dll
0x1400769f0 PathIsRelativeW
0x1400769f8 PathCanonicalizeW
0x140076a00 PathFindFileNameW
0x140076a08 PathIsDirectoryW
0x140076a10 PathCombineW
SAMLIB.dll
0x140076910 SamLookupDomainInSamServer
0x140076918 SamEnumerateUsersInDomain
0x140076920 SamOpenUser
0x140076928 SamLookupNamesInDomain
0x140076930 SamLookupIdsInDomain
0x140076938 SamOpenDomain
0x140076940 SamConnect
0x140076948 SamEnumerateGroupsInDomain
0x140076950 SamEnumerateDomainsInSamServer
0x140076958 SamGetGroupsForUser
0x140076960 SamGetMembersInGroup
0x140076968 SamRidToSid
0x140076970 SamQueryInformationUser
0x140076978 SamCloseHandle
0x140076980 SamGetMembersInAlias
0x140076988 SamEnumerateAliasesInDomain
0x140076990 SamGetAliasMembership
0x140076998 SamOpenGroup
0x1400769a0 SamOpenAlias
0x1400769a8 SamFreeMemory
Secur32.dll
0x140076a20 LsaCallAuthenticationPackage
0x140076a28 LsaConnectUntrusted
0x140076a30 LsaDeregisterLogonProcess
0x140076a38 QueryContextAttributesW
0x140076a40 FreeContextBuffer
0x140076a48 LsaLookupAuthenticationPackage
0x140076a50 LsaFreeReturnBuffer
SHELL32.dll
0x1400769e0 CommandLineToArgvW
USER32.dll
0x140076a60 IsCharAlphaNumericW
0x140076a68 GetKeyboardLayout
USERENV.dll
0x140076a78 DestroyEnvironmentBlock
0x140076a80 CreateEnvironmentBlock
HID.DLL
0x140076368 HidD_GetPreparsedData
0x140076370 HidD_GetHidGuid
0x140076378 HidD_GetAttributes
0x140076380 HidD_FreePreparsedData
0x140076388 HidP_GetCaps
SETUPAPI.dll
0x1400769b8 SetupDiDestroyDeviceInfoList
0x1400769c0 SetupDiGetDeviceInterfaceDetailW
0x1400769c8 SetupDiEnumDeviceInterfaces
0x1400769d0 SetupDiGetClassDevsW
WinSCard.dll
0x140076b78 SCardDisconnect
0x140076b80 SCardGetAttrib
0x140076b88 SCardEstablishContext
0x140076b90 SCardFreeMemory
0x140076b98 SCardConnectW
0x140076ba0 SCardListReadersW
0x140076ba8 SCardReleaseContext
0x140076bb0 SCardGetCardTypeProviderNameW
0x140076bb8 SCardListCardsW
WINSTA.dll
0x140076a90 WinStationQueryInformationW
0x140076a98 WinStationConnectW
0x140076aa0 WinStationFreeMemory
0x140076aa8 WinStationOpenServerW
0x140076ab0 WinStationEnumerateW
0x140076ab8 WinStationCloseServer
WLDAP32.dll
0x140076ac8 None
0x140076ad0 None
0x140076ad8 None
0x140076ae0 None
0x140076ae8 None
0x140076af0 None
0x140076af8 None
0x140076b00 None
0x140076b08 None
0x140076b10 None
0x140076b18 None
0x140076b20 None
0x140076b28 None
0x140076b30 None
0x140076b38 None
0x140076b40 None
0x140076b48 None
0x140076b50 None
0x140076b58 None
0x140076b60 None
0x140076b68 None
msasn1.dll
0x140076c00 ASN1_CloseEncoder
0x140076c08 ASN1_CreateDecoder
0x140076c10 ASN1_CreateModule
0x140076c18 ASN1_CloseModule
0x140076c20 ASN1BERDotVal2Eoid
0x140076c28 ASN1_CreateEncoder
0x140076c30 ASN1_CloseDecoder
0x140076c38 ASN1_FreeEncoded
ntdll.dll
0x140076e28 towupper
0x140076e30 wcstol
0x140076e38 wcstoul
0x140076e40 memmove
0x140076e48 wcsstr
0x140076e50 _wcsnicmp
0x140076e58 strtoul
0x140076e60 strrchr
0x140076e68 _stricmp
0x140076e70 wcschr
0x140076e78 wcsrchr
0x140076e80 _vscwprintf
0x140076e88 _wcsicmp
0x140076e90 RtlInitUnicodeString
0x140076e98 RtlEqualUnicodeString
0x140076ea0 NtQueryObject
0x140076ea8 RtlCompressBuffer
0x140076eb0 RtlGetCompressionWorkSpaceSize
0x140076eb8 NtQuerySystemInformation
0x140076ec0 RtlGetCurrentPeb
0x140076ec8 NtQueryInformationProcess
0x140076ed0 RtlCreateUserThread
0x140076ed8 RtlGUIDFromString
0x140076ee0 RtlStringFromGUID
0x140076ee8 NtCompareTokens
0x140076ef0 RtlGetNtVersionNumbers
0x140076ef8 RtlUpcaseUnicodeString
0x140076f00 RtlAppendUnicodeStringToString
0x140076f08 RtlAnsiStringToUnicodeString
0x140076f10 NtResumeProcess
0x140076f18 RtlAdjustPrivilege
0x140076f20 NtSuspendProcess
0x140076f28 NtTerminateProcess
0x140076f30 NtQuerySystemEnvironmentValueEx
0x140076f38 NtSetSystemEnvironmentValueEx
0x140076f40 NtEnumerateSystemEnvironmentValuesEx
0x140076f48 RtlIpv4AddressToStringW
0x140076f50 RtlIpv6AddressToStringW
0x140076f58 RtlEqualString
0x140076f60 RtlFreeUnicodeString
0x140076f68 RtlDowncaseUnicodeString
0x140076f70 RtlFreeAnsiString
0x140076f78 RtlUnicodeStringToAnsiString
0x140076f80 memcmp
0x140076f88 __chkstk
netapi32.dll
0x140076e08 I_NetServerTrustPasswordsGet
0x140076e10 I_NetServerAuthenticate2
0x140076e18 I_NetServerReqChallenge
KERNEL32.dll
0x140076398 GetTempPathW
0x1400763a0 MultiByteToWideChar
0x1400763a8 HeapValidate
0x1400763b0 HeapCreate
0x1400763b8 GetFileAttributesA
0x1400763c0 LeaveCriticalSection
0x1400763c8 HeapDestroy
0x1400763d0 GetVersionExW
0x1400763d8 GetCurrentThreadId
0x1400763e0 SetUnhandledExceptionFilter
0x1400763e8 UnhandledExceptionFilter
0x1400763f0 TerminateProcess
0x1400763f8 FormatMessageW
0x140076400 InitializeCriticalSection
0x140076408 FormatMessageA
0x140076410 GetSystemTimeAsFileTime
0x140076418 GetProcessHeap
0x140076420 UnlockFileEx
0x140076428 GetTickCount
0x140076430 OutputDebugStringW
0x140076438 WaitForSingleObjectEx
0x140076440 LockFile
0x140076448 FlushViewOfFile
0x140076450 UnlockFile
0x140076458 HeapFree
0x140076460 QueryPerformanceCounter
0x140076468 SystemTimeToFileTime
0x140076470 HeapAlloc
0x140076478 SetEndOfFile
0x140076480 TryEnterCriticalSection
0x140076488 HeapCompact
0x140076490 CreateMutexW
0x140076498 GetFileSize
0x1400764a0 CreateFileA
0x1400764a8 HeapReAlloc
0x1400764b0 GetFullPathNameA
0x1400764b8 GetFullPathNameW
0x1400764c0 FileTimeToLocalFileTime
0x1400764c8 GetTimeFormatW
0x1400764d0 WideCharToMultiByte
0x1400764d8 GetDateFormatW
0x1400764e0 lstrlenW
0x1400764e8 CreateRemoteThread
0x1400764f0 WaitForSingleObject
0x1400764f8 SetLastError
0x140076500 CreateProcessW
0x140076508 SetConsoleOutputCP
0x140076510 GetConsoleOutputCP
0x140076518 CreateFileMappingW
0x140076520 UnmapViewOfFile
0x140076528 MapViewOfFile
0x140076530 WriteProcessMemory
0x140076538 VirtualAllocEx
0x140076540 VirtualProtectEx
0x140076548 VirtualAlloc
0x140076550 ReadProcessMemory
0x140076558 VirtualFreeEx
0x140076560 VirtualQueryEx
0x140076568 VirtualFree
0x140076570 VirtualQuery
0x140076578 SetFilePointer
0x140076580 DeviceIoControl
0x140076588 DuplicateHandle
0x140076590 OpenProcess
0x140076598 GetCurrentProcess
0x1400765a0 ExpandEnvironmentStringsW
0x1400765a8 FindNextFileW
0x1400765b0 FindClose
0x1400765b8 GetCurrentDirectoryW
0x1400765c0 GetFileSizeEx
0x1400765c8 FlushFileBuffers
0x1400765d0 GetFileAttributesW
0x1400765d8 FindFirstFileW
0x1400765e0 CreateThread
0x1400765e8 LocalFree
0x1400765f0 CloseHandle
0x1400765f8 LocalAlloc
0x140076600 GetLastError
0x140076608 CreateFileW
0x140076610 ReadFile
0x140076618 TerminateThread
0x140076620 WriteFile
0x140076628 FileTimeToSystemTime
0x140076630 GetSystemInfo
0x140076638 Sleep
0x140076640 VirtualProtect
0x140076648 GetFileAttributesExW
0x140076650 DeleteCriticalSection
0x140076658 OutputDebugStringA
0x140076660 GetVersionExA
0x140076668 DeleteFileW
0x140076670 GetCurrentProcessId
0x140076678 GetTempPathA
0x140076680 GetSystemTime
0x140076688 AreFileApisANSI
0x140076690 DeleteFileA
0x140076698 ExitProcess
0x1400766a0 HeapSize
0x1400766a8 LockFileEx
0x1400766b0 EnterCriticalSection
0x1400766b8 GetDiskFreeSpaceW
0x1400766c0 CreateFileMappingA
0x1400766c8 GetDiskFreeSpaceA
0x1400766d0 SetConsoleCtrlHandler
0x1400766d8 SetConsoleTitleW
0x1400766e0 FreeLibrary
0x1400766e8 LoadLibraryW
0x1400766f0 GetProcAddress
0x1400766f8 GetModuleHandleW
0x140076700 SetHandleInformation
0x140076708 CreatePipe
0x140076710 SetEvent
0x140076718 CreateEventW
0x140076720 SetConsoleCursorPosition
0x140076728 GetTimeZoneInformation
0x140076730 GetStdHandle
0x140076738 FillConsoleOutputCharacterW
0x140076740 GetComputerNameExW
0x140076748 GetConsoleScreenBufferInfo
0x140076750 SetCurrentDirectoryW
0x140076758 GetCurrentThread
0x140076760 ProcessIdToSessionId
0x140076768 GetProcessId
0x140076770 RtlVirtualUnwind
0x140076778 RtlLookupFunctionEntry
0x140076780 RtlCaptureContext
msvcrt.dll
0x140076c48 malloc
0x140076c50 __C_specific_handler
0x140076c58 memset
0x140076c60 ungetc
0x140076c68 _isatty
0x140076c70 _write
0x140076c78 _lseeki64
0x140076c80 _read
0x140076c88 __pioinfo
0x140076c90 __badioinfo
0x140076c98 ?terminate@@YAXXZ
0x140076ca0 wcstombs
0x140076ca8 iswctype
0x140076cb0 ferror
0x140076cb8 wctomb
0x140076cc0 _itoa
0x140076cc8 _snprintf
0x140076cd0 localeconv
0x140076cd8 isxdigit
0x140076ce0 isleadbyte
0x140076ce8 __mb_cur_max
0x140076cf0 mbtowc
0x140076cf8 isspace
0x140076d00 isdigit
0x140076d08 calloc
0x140076d10 __set_app_type
0x140076d18 _fmode
0x140076d20 _commode
0x140076d28 __setusermatherr
0x140076d30 _amsg_exit
0x140076d38 _initterm
0x140076d40 exit
0x140076d48 _cexit
0x140076d50 _exit
0x140076d58 _XcptFilter
0x140076d60 __wgetmainargs
0x140076d68 _errno
0x140076d70 free
0x140076d78 _wcsdup
0x140076d80 vfwprintf
0x140076d88 fflush
0x140076d90 _wfopen
0x140076d98 wprintf
0x140076da0 _fileno
0x140076da8 _iob
0x140076db0 vwprintf
0x140076db8 _setmode
0x140076dc0 fclose
0x140076dc8 gmtime
0x140076dd0 memcpy
0x140076dd8 _msize
0x140076de0 strftime
0x140076de8 realloc
0x140076df0 fgetws
0x140076df8 _wpgmptr
EAT(Export Address Table) is none
ADVAPI32.dll
0x140076000 CryptSetHashParam
0x140076008 CryptGetHashParam
0x140076010 CryptExportKey
0x140076018 CryptAcquireContextW
0x140076020 CryptSetKeyParam
0x140076028 CryptGetKeyParam
0x140076030 CryptReleaseContext
0x140076038 CryptDuplicateKey
0x140076040 CryptAcquireContextA
0x140076048 CryptGetProvParam
0x140076050 CryptImportKey
0x140076058 SystemFunction007
0x140076060 CryptEncrypt
0x140076068 CryptCreateHash
0x140076070 CryptGenKey
0x140076078 CryptDestroyKey
0x140076080 CryptDecrypt
0x140076088 CryptDestroyHash
0x140076090 CryptHashData
0x140076098 CopySid
0x1400760a0 GetLengthSid
0x1400760a8 LsaQueryInformationPolicy
0x1400760b0 LsaOpenPolicy
0x1400760b8 LsaClose
0x1400760c0 CreateWellKnownSid
0x1400760c8 CreateProcessWithLogonW
0x1400760d0 CreateProcessAsUserW
0x1400760d8 RegQueryValueExW
0x1400760e0 RegQueryInfoKeyW
0x1400760e8 RegEnumValueW
0x1400760f0 RegOpenKeyExW
0x1400760f8 RegEnumKeyExW
0x140076100 RegCloseKey
0x140076108 RegSetValueExW
0x140076110 SystemFunction032
0x140076118 CreateServiceW
0x140076120 CloseServiceHandle
0x140076128 DeleteService
0x140076130 OpenSCManagerW
0x140076138 SetServiceObjectSecurity
0x140076140 OpenServiceW
0x140076148 BuildSecurityDescriptorW
0x140076150 QueryServiceObjectSecurity
0x140076158 StartServiceW
0x140076160 AllocateAndInitializeSid
0x140076168 QueryServiceStatusEx
0x140076170 FreeSid
0x140076178 ControlService
0x140076180 IsTextUnicode
0x140076188 ConvertSidToStringSidW
0x140076190 OpenProcessToken
0x140076198 GetTokenInformation
0x1400761a0 LookupAccountNameW
0x1400761a8 LookupAccountSidW
0x1400761b0 DuplicateTokenEx
0x1400761b8 CheckTokenMembership
0x1400761c0 ConvertStringSidToSidW
0x1400761c8 LsaFreeMemory
0x1400761d0 CryptSetProvParam
0x1400761d8 CryptEnumProvidersW
0x1400761e0 CryptEnumProviderTypesW
0x1400761e8 SystemFunction006
0x1400761f0 CryptGetUserKey
0x1400761f8 OpenEventLogW
0x140076200 GetNumberOfEventLogRecords
0x140076208 ClearEventLogW
0x140076210 GetSidSubAuthority
0x140076218 SystemFunction001
0x140076220 GetSidSubAuthorityCount
0x140076228 SystemFunction005
0x140076230 LsaQueryTrustedDomainInfoByName
0x140076238 SystemFunction025
0x140076240 LsaOpenSecret
0x140076248 LsaQuerySecret
0x140076250 SystemFunction013
0x140076258 LsaRetrievePrivateData
0x140076260 LsaEnumerateTrustedDomainsEx
0x140076268 LookupPrivilegeValueW
0x140076270 StartServiceCtrlDispatcherW
0x140076278 SetServiceStatus
0x140076280 RegisterServiceCtrlHandlerW
0x140076288 IsValidSid
0x140076290 LookupPrivilegeNameW
0x140076298 OpenThreadToken
0x1400762a0 SetThreadToken
0x1400762a8 CredFree
0x1400762b0 CredEnumerateW
CRYPT32.dll
0x1400762c0 CertAddEncodedCertificateToStore
0x1400762c8 CertOpenStore
0x1400762d0 CertFreeCertificateContext
0x1400762d8 CertCloseStore
0x1400762e0 CertSetCertificateContextProperty
0x1400762e8 PFXExportCertStoreEx
0x1400762f0 CryptUnprotectData
0x1400762f8 CryptBinaryToStringW
0x140076300 CryptStringToBinaryW
0x140076308 CryptProtectData
0x140076310 CryptExportPublicKeyInfo
0x140076318 CryptAcquireCertificatePrivateKey
0x140076320 CertGetNameStringW
0x140076328 CertAddCertificateContextToStore
0x140076330 CertFindCertificateInStore
0x140076338 CertGetCertificateContextProperty
0x140076340 CertEnumCertificatesInStore
0x140076348 CryptSignAndEncodeCertificate
0x140076350 CertEnumSystemStore
0x140076358 CryptEncodeObject
cryptdll.dll
0x140076bc8 CDLocateCheckSum
0x140076bd0 MD5Update
0x140076bd8 MD5Init
0x140076be0 CDLocateCSystem
0x140076be8 CDGenerateRandomBits
0x140076bf0 MD5Final
NETAPI32.dll
0x140076790 DsGetDcNameW
0x140076798 NetApiBufferFree
0x1400767a0 NetRemoteTOD
0x1400767a8 NetSessionEnum
0x1400767b0 NetStatisticsGet
0x1400767b8 NetWkstaUserEnum
ole32.dll
0x140076f98 CoCreateInstance
0x140076fa0 CoUninitialize
0x140076fa8 CoInitializeEx
OLEAUT32.dll
0x1400767c8 SysAllocString
0x1400767d0 VariantInit
0x1400767d8 SysFreeString
RPCRT4.dll
0x1400767e8 RpcServerUseProtseqEpW
0x1400767f0 RpcBindingFromStringBindingW
0x1400767f8 RpcStringBindingComposeW
0x140076800 MesEncodeIncrementalHandleCreate
0x140076808 RpcBindingSetAuthInfoExW
0x140076810 RpcBindingInqAuthClientW
0x140076818 RpcBindingSetOption
0x140076820 RpcImpersonateClient
0x140076828 RpcBindingFree
0x140076830 RpcStringFreeW
0x140076838 RpcRevertToSelf
0x140076840 MesDecodeIncrementalHandleCreate
0x140076848 MesHandleFree
0x140076850 MesIncrementalHandleReset
0x140076858 NdrMesTypeDecode2
0x140076860 NdrMesTypeAlignSize2
0x140076868 NdrMesTypeFree2
0x140076870 NdrMesTypeEncode2
0x140076878 I_RpcBindingInqSecurityContext
0x140076880 NdrServerCall2
0x140076888 NdrClientCall2
0x140076890 UuidCreate
0x140076898 RpcEpResolveBinding
0x1400768a0 RpcServerUnregisterIfEx
0x1400768a8 RpcMgmtEpEltInqDone
0x1400768b0 RpcServerInqBindings
0x1400768b8 RpcServerListen
0x1400768c0 RpcEpRegisterW
0x1400768c8 RpcMgmtStopServerListening
0x1400768d0 RpcBindingToStringBindingW
0x1400768d8 RpcServerRegisterIf2
0x1400768e0 RpcServerRegisterAuthInfoW
0x1400768e8 RpcBindingVectorFree
0x1400768f0 RpcMgmtEpEltInqNextW
0x1400768f8 RpcEpUnregister
0x140076900 RpcMgmtEpEltInqBegin
SHLWAPI.dll
0x1400769f0 PathIsRelativeW
0x1400769f8 PathCanonicalizeW
0x140076a00 PathFindFileNameW
0x140076a08 PathIsDirectoryW
0x140076a10 PathCombineW
SAMLIB.dll
0x140076910 SamLookupDomainInSamServer
0x140076918 SamEnumerateUsersInDomain
0x140076920 SamOpenUser
0x140076928 SamLookupNamesInDomain
0x140076930 SamLookupIdsInDomain
0x140076938 SamOpenDomain
0x140076940 SamConnect
0x140076948 SamEnumerateGroupsInDomain
0x140076950 SamEnumerateDomainsInSamServer
0x140076958 SamGetGroupsForUser
0x140076960 SamGetMembersInGroup
0x140076968 SamRidToSid
0x140076970 SamQueryInformationUser
0x140076978 SamCloseHandle
0x140076980 SamGetMembersInAlias
0x140076988 SamEnumerateAliasesInDomain
0x140076990 SamGetAliasMembership
0x140076998 SamOpenGroup
0x1400769a0 SamOpenAlias
0x1400769a8 SamFreeMemory
Secur32.dll
0x140076a20 LsaCallAuthenticationPackage
0x140076a28 LsaConnectUntrusted
0x140076a30 LsaDeregisterLogonProcess
0x140076a38 QueryContextAttributesW
0x140076a40 FreeContextBuffer
0x140076a48 LsaLookupAuthenticationPackage
0x140076a50 LsaFreeReturnBuffer
SHELL32.dll
0x1400769e0 CommandLineToArgvW
USER32.dll
0x140076a60 IsCharAlphaNumericW
0x140076a68 GetKeyboardLayout
USERENV.dll
0x140076a78 DestroyEnvironmentBlock
0x140076a80 CreateEnvironmentBlock
HID.DLL
0x140076368 HidD_GetPreparsedData
0x140076370 HidD_GetHidGuid
0x140076378 HidD_GetAttributes
0x140076380 HidD_FreePreparsedData
0x140076388 HidP_GetCaps
SETUPAPI.dll
0x1400769b8 SetupDiDestroyDeviceInfoList
0x1400769c0 SetupDiGetDeviceInterfaceDetailW
0x1400769c8 SetupDiEnumDeviceInterfaces
0x1400769d0 SetupDiGetClassDevsW
WinSCard.dll
0x140076b78 SCardDisconnect
0x140076b80 SCardGetAttrib
0x140076b88 SCardEstablishContext
0x140076b90 SCardFreeMemory
0x140076b98 SCardConnectW
0x140076ba0 SCardListReadersW
0x140076ba8 SCardReleaseContext
0x140076bb0 SCardGetCardTypeProviderNameW
0x140076bb8 SCardListCardsW
WINSTA.dll
0x140076a90 WinStationQueryInformationW
0x140076a98 WinStationConnectW
0x140076aa0 WinStationFreeMemory
0x140076aa8 WinStationOpenServerW
0x140076ab0 WinStationEnumerateW
0x140076ab8 WinStationCloseServer
WLDAP32.dll
0x140076ac8 None
0x140076ad0 None
0x140076ad8 None
0x140076ae0 None
0x140076ae8 None
0x140076af0 None
0x140076af8 None
0x140076b00 None
0x140076b08 None
0x140076b10 None
0x140076b18 None
0x140076b20 None
0x140076b28 None
0x140076b30 None
0x140076b38 None
0x140076b40 None
0x140076b48 None
0x140076b50 None
0x140076b58 None
0x140076b60 None
0x140076b68 None
msasn1.dll
0x140076c00 ASN1_CloseEncoder
0x140076c08 ASN1_CreateDecoder
0x140076c10 ASN1_CreateModule
0x140076c18 ASN1_CloseModule
0x140076c20 ASN1BERDotVal2Eoid
0x140076c28 ASN1_CreateEncoder
0x140076c30 ASN1_CloseDecoder
0x140076c38 ASN1_FreeEncoded
ntdll.dll
0x140076e28 towupper
0x140076e30 wcstol
0x140076e38 wcstoul
0x140076e40 memmove
0x140076e48 wcsstr
0x140076e50 _wcsnicmp
0x140076e58 strtoul
0x140076e60 strrchr
0x140076e68 _stricmp
0x140076e70 wcschr
0x140076e78 wcsrchr
0x140076e80 _vscwprintf
0x140076e88 _wcsicmp
0x140076e90 RtlInitUnicodeString
0x140076e98 RtlEqualUnicodeString
0x140076ea0 NtQueryObject
0x140076ea8 RtlCompressBuffer
0x140076eb0 RtlGetCompressionWorkSpaceSize
0x140076eb8 NtQuerySystemInformation
0x140076ec0 RtlGetCurrentPeb
0x140076ec8 NtQueryInformationProcess
0x140076ed0 RtlCreateUserThread
0x140076ed8 RtlGUIDFromString
0x140076ee0 RtlStringFromGUID
0x140076ee8 NtCompareTokens
0x140076ef0 RtlGetNtVersionNumbers
0x140076ef8 RtlUpcaseUnicodeString
0x140076f00 RtlAppendUnicodeStringToString
0x140076f08 RtlAnsiStringToUnicodeString
0x140076f10 NtResumeProcess
0x140076f18 RtlAdjustPrivilege
0x140076f20 NtSuspendProcess
0x140076f28 NtTerminateProcess
0x140076f30 NtQuerySystemEnvironmentValueEx
0x140076f38 NtSetSystemEnvironmentValueEx
0x140076f40 NtEnumerateSystemEnvironmentValuesEx
0x140076f48 RtlIpv4AddressToStringW
0x140076f50 RtlIpv6AddressToStringW
0x140076f58 RtlEqualString
0x140076f60 RtlFreeUnicodeString
0x140076f68 RtlDowncaseUnicodeString
0x140076f70 RtlFreeAnsiString
0x140076f78 RtlUnicodeStringToAnsiString
0x140076f80 memcmp
0x140076f88 __chkstk
netapi32.dll
0x140076e08 I_NetServerTrustPasswordsGet
0x140076e10 I_NetServerAuthenticate2
0x140076e18 I_NetServerReqChallenge
KERNEL32.dll
0x140076398 GetTempPathW
0x1400763a0 MultiByteToWideChar
0x1400763a8 HeapValidate
0x1400763b0 HeapCreate
0x1400763b8 GetFileAttributesA
0x1400763c0 LeaveCriticalSection
0x1400763c8 HeapDestroy
0x1400763d0 GetVersionExW
0x1400763d8 GetCurrentThreadId
0x1400763e0 SetUnhandledExceptionFilter
0x1400763e8 UnhandledExceptionFilter
0x1400763f0 TerminateProcess
0x1400763f8 FormatMessageW
0x140076400 InitializeCriticalSection
0x140076408 FormatMessageA
0x140076410 GetSystemTimeAsFileTime
0x140076418 GetProcessHeap
0x140076420 UnlockFileEx
0x140076428 GetTickCount
0x140076430 OutputDebugStringW
0x140076438 WaitForSingleObjectEx
0x140076440 LockFile
0x140076448 FlushViewOfFile
0x140076450 UnlockFile
0x140076458 HeapFree
0x140076460 QueryPerformanceCounter
0x140076468 SystemTimeToFileTime
0x140076470 HeapAlloc
0x140076478 SetEndOfFile
0x140076480 TryEnterCriticalSection
0x140076488 HeapCompact
0x140076490 CreateMutexW
0x140076498 GetFileSize
0x1400764a0 CreateFileA
0x1400764a8 HeapReAlloc
0x1400764b0 GetFullPathNameA
0x1400764b8 GetFullPathNameW
0x1400764c0 FileTimeToLocalFileTime
0x1400764c8 GetTimeFormatW
0x1400764d0 WideCharToMultiByte
0x1400764d8 GetDateFormatW
0x1400764e0 lstrlenW
0x1400764e8 CreateRemoteThread
0x1400764f0 WaitForSingleObject
0x1400764f8 SetLastError
0x140076500 CreateProcessW
0x140076508 SetConsoleOutputCP
0x140076510 GetConsoleOutputCP
0x140076518 CreateFileMappingW
0x140076520 UnmapViewOfFile
0x140076528 MapViewOfFile
0x140076530 WriteProcessMemory
0x140076538 VirtualAllocEx
0x140076540 VirtualProtectEx
0x140076548 VirtualAlloc
0x140076550 ReadProcessMemory
0x140076558 VirtualFreeEx
0x140076560 VirtualQueryEx
0x140076568 VirtualFree
0x140076570 VirtualQuery
0x140076578 SetFilePointer
0x140076580 DeviceIoControl
0x140076588 DuplicateHandle
0x140076590 OpenProcess
0x140076598 GetCurrentProcess
0x1400765a0 ExpandEnvironmentStringsW
0x1400765a8 FindNextFileW
0x1400765b0 FindClose
0x1400765b8 GetCurrentDirectoryW
0x1400765c0 GetFileSizeEx
0x1400765c8 FlushFileBuffers
0x1400765d0 GetFileAttributesW
0x1400765d8 FindFirstFileW
0x1400765e0 CreateThread
0x1400765e8 LocalFree
0x1400765f0 CloseHandle
0x1400765f8 LocalAlloc
0x140076600 GetLastError
0x140076608 CreateFileW
0x140076610 ReadFile
0x140076618 TerminateThread
0x140076620 WriteFile
0x140076628 FileTimeToSystemTime
0x140076630 GetSystemInfo
0x140076638 Sleep
0x140076640 VirtualProtect
0x140076648 GetFileAttributesExW
0x140076650 DeleteCriticalSection
0x140076658 OutputDebugStringA
0x140076660 GetVersionExA
0x140076668 DeleteFileW
0x140076670 GetCurrentProcessId
0x140076678 GetTempPathA
0x140076680 GetSystemTime
0x140076688 AreFileApisANSI
0x140076690 DeleteFileA
0x140076698 ExitProcess
0x1400766a0 HeapSize
0x1400766a8 LockFileEx
0x1400766b0 EnterCriticalSection
0x1400766b8 GetDiskFreeSpaceW
0x1400766c0 CreateFileMappingA
0x1400766c8 GetDiskFreeSpaceA
0x1400766d0 SetConsoleCtrlHandler
0x1400766d8 SetConsoleTitleW
0x1400766e0 FreeLibrary
0x1400766e8 LoadLibraryW
0x1400766f0 GetProcAddress
0x1400766f8 GetModuleHandleW
0x140076700 SetHandleInformation
0x140076708 CreatePipe
0x140076710 SetEvent
0x140076718 CreateEventW
0x140076720 SetConsoleCursorPosition
0x140076728 GetTimeZoneInformation
0x140076730 GetStdHandle
0x140076738 FillConsoleOutputCharacterW
0x140076740 GetComputerNameExW
0x140076748 GetConsoleScreenBufferInfo
0x140076750 SetCurrentDirectoryW
0x140076758 GetCurrentThread
0x140076760 ProcessIdToSessionId
0x140076768 GetProcessId
0x140076770 RtlVirtualUnwind
0x140076778 RtlLookupFunctionEntry
0x140076780 RtlCaptureContext
msvcrt.dll
0x140076c48 malloc
0x140076c50 __C_specific_handler
0x140076c58 memset
0x140076c60 ungetc
0x140076c68 _isatty
0x140076c70 _write
0x140076c78 _lseeki64
0x140076c80 _read
0x140076c88 __pioinfo
0x140076c90 __badioinfo
0x140076c98 ?terminate@@YAXXZ
0x140076ca0 wcstombs
0x140076ca8 iswctype
0x140076cb0 ferror
0x140076cb8 wctomb
0x140076cc0 _itoa
0x140076cc8 _snprintf
0x140076cd0 localeconv
0x140076cd8 isxdigit
0x140076ce0 isleadbyte
0x140076ce8 __mb_cur_max
0x140076cf0 mbtowc
0x140076cf8 isspace
0x140076d00 isdigit
0x140076d08 calloc
0x140076d10 __set_app_type
0x140076d18 _fmode
0x140076d20 _commode
0x140076d28 __setusermatherr
0x140076d30 _amsg_exit
0x140076d38 _initterm
0x140076d40 exit
0x140076d48 _cexit
0x140076d50 _exit
0x140076d58 _XcptFilter
0x140076d60 __wgetmainargs
0x140076d68 _errno
0x140076d70 free
0x140076d78 _wcsdup
0x140076d80 vfwprintf
0x140076d88 fflush
0x140076d90 _wfopen
0x140076d98 wprintf
0x140076da0 _fileno
0x140076da8 _iob
0x140076db0 vwprintf
0x140076db8 _setmode
0x140076dc0 fclose
0x140076dc8 gmtime
0x140076dd0 memcpy
0x140076dd8 _msize
0x140076de0 strftime
0x140076de8 realloc
0x140076df0 fgetws
0x140076df8 _wpgmptr
EAT(Export Address Table) is none