ScreenShot
| Created | 2024.09.17 14:30 | Machine | s1_win7_x6403 |
| Filename | 66c62b70f281e_tz4j.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 49 detected (Common, PMax, Unsafe, Vbmh, Attribute, HighConfidence, avxu, BlackWidow, CLOUD, pwihj, MulDrop28, R06BC0DHT24, Detected, ABRisk, CYYZ, Artemis, MALICIOUS, Chgt, Icnw, susgen, amvx) | ||
| md5 | 9fb83bee6ff97065c498f48fc094f848 | ||
| sha256 | f01b02a08c1953e7db9ce61207b121c6efbe986181ba0df1ec205b5909bd856c | ||
| ssdeep | 49152:YMLtHPldWW5afLAUCweyFI0ZBAFCGLcRe2xTIYLEs:j5aMUzRe2M | ||
| imphash | 6d8ae0d2e04c00f81a9b4bcd9a56d1d6 | ||
| impfuzzy | 96:KbSx0fcXg4sLzopxjrWxYwsJp1VQyh1DLoX7GKRTTM4pQOGnED1hC:Kkg4TXWS3xbq7RRTgqQgDnC | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | Deletes executed files from disk |
| notice | A process attempted to delay the analysis task. |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (22cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | HermeticWiper_Zero | HermeticWiper | binaries (download) |
| danger | HermeticWiper_Zero | HermeticWiper | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | PhysicalDrive_20181001 | (no description) | binaries (download) |
| warning | PhysicalDrive_20181001 | (no description) | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (download) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x14018e870 ShellExecuteExW
0x14018e878 SHGetFolderPathW
VERSION.dll
0x14018e8b8 GetFileVersionInfoSizeW
0x14018e8c0 VerQueryValueW
0x14018e8c8 GetFileVersionInfoW
ntdll.dll
0x14018e9f8 RtlPcToFileHeader
0x14018ea00 NtDeleteKey
0x14018ea08 NtQueryKey
0x14018ea10 NtOpenKey
0x14018ea18 NtClose
0x14018ea20 RtlVirtualUnwind
0x14018ea28 RtlNtStatusToDosError
0x14018ea30 VerSetConditionMask
0x14018ea38 RtlCaptureContext
0x14018ea40 RtlLookupFunctionEntry
0x14018ea48 RtlUnwindEx
0x14018ea50 RtlUnwind
KERNEL32.dll
0x14018e208 CreateProcessW
0x14018e210 ReadFile
0x14018e218 VerifyVersionInfoW
0x14018e220 FileTimeToSystemTime
0x14018e228 GetSystemTimeAsFileTime
0x14018e230 InitializeCriticalSection
0x14018e238 EnterCriticalSection
0x14018e240 LeaveCriticalSection
0x14018e248 DeleteFileW
0x14018e250 GetFileInformationByHandle
0x14018e258 GetFullPathNameW
0x14018e260 OutputDebugStringA
0x14018e268 TlsAlloc
0x14018e270 TlsGetValue
0x14018e278 TlsSetValue
0x14018e280 FreeLibrary
0x14018e288 CreateEventW
0x14018e290 SetEvent
0x14018e298 ResetEvent
0x14018e2a0 CreateSemaphoreW
0x14018e2a8 ReleaseSemaphore
0x14018e2b0 GetSystemInfo
0x14018e2b8 GetTickCount
0x14018e2c0 QueryPerformanceFrequency
0x14018e2c8 QueryPerformanceCounter
0x14018e2d0 ExpandEnvironmentStringsW
0x14018e2d8 GetModuleFileNameW
0x14018e2e0 GetFileAttributesW
0x14018e2e8 LoadLibraryExW
0x14018e2f0 GetWindowsDirectoryW
0x14018e2f8 GetSystemDirectoryW
0x14018e300 VirtualAlloc
0x14018e308 VirtualFree
0x14018e310 GlobalMemoryStatusEx
0x14018e318 GetExitCodeThread
0x14018e320 TlsFree
0x14018e328 GetDriveTypeW
0x14018e330 SetFilePointer
0x14018e338 K32GetProcessImageFileNameW
0x14018e340 LockFileEx
0x14018e348 CreateFileMappingW
0x14018e350 MapViewOfFile
0x14018e358 UnmapViewOfFile
0x14018e360 GetFileAttributesExW
0x14018e368 FindClose
0x14018e370 CreateDirectoryW
0x14018e378 GetCurrentDirectoryW
0x14018e380 FindFirstFileExW
0x14018e388 GetCurrentThread
0x14018e390 QueryDosDeviceW
0x14018e398 GetVolumePathNameW
0x14018e3a0 GetVolumeNameForVolumeMountPointW
0x14018e3a8 GetEnvironmentVariableW
0x14018e3b0 GetDateFormatW
0x14018e3b8 GetTimeFormatW
0x14018e3c0 InitializeCriticalSectionAndSpinCount
0x14018e3c8 GetVersion
0x14018e3d0 LockResource
0x14018e3d8 FindResourceExW
0x14018e3e0 SetEnvironmentVariableW
0x14018e3e8 UnlockFileEx
0x14018e3f0 K32GetMappedFileNameW
0x14018e3f8 FindFirstVolumeW
0x14018e400 FindNextVolumeW
0x14018e408 GetVolumePathNamesForVolumeNameW
0x14018e410 FindVolumeClose
0x14018e418 GetSystemTimes
0x14018e420 RaiseException
0x14018e428 ReleaseSRWLockExclusive
0x14018e430 AcquireSRWLockExclusive
0x14018e438 GetSystemDirectoryA
0x14018e440 GetModuleHandleA
0x14018e448 LoadLibraryA
0x14018e450 MoveFileExA
0x14018e458 GetEnvironmentVariableA
0x14018e460 SleepEx
0x14018e468 CreateFileA
0x14018e470 ExpandEnvironmentStringsA
0x14018e478 GetWindowsDirectoryA
0x14018e480 GetVersionExA
0x14018e488 WakeConditionVariable
0x14018e490 WakeAllConditionVariable
0x14018e498 SleepConditionVariableSRW
0x14018e4a0 IsProcessorFeaturePresent
0x14018e4a8 InitOnceBeginInitialize
0x14018e4b0 CompareStringW
0x14018e4b8 UpdateProcThreadAttribute
0x14018e4c0 DeleteProcThreadAttributeList
0x14018e4c8 InitializeProcThreadAttributeList
0x14018e4d0 InitOnceComplete
0x14018e4d8 FreeLibraryWhenCallbackReturns
0x14018e4e0 SetFileAttributesW
0x14018e4e8 GetFileSizeEx
0x14018e4f0 SetFilePointerEx
0x14018e4f8 WriteFile
0x14018e500 SetEndOfFile
0x14018e508 GetExitCodeProcess
0x14018e510 WaitForSingleObject
0x14018e518 FormatMessageW
0x14018e520 GetModuleHandleExW
0x14018e528 GetProcessHeap
0x14018e530 DeleteCriticalSection
0x14018e538 HeapDestroy
0x14018e540 DecodePointer
0x14018e548 HeapAlloc
0x14018e550 HeapReAlloc
0x14018e558 HeapSize
0x14018e560 InitializeCriticalSectionEx
0x14018e568 HeapFree
0x14018e570 GetCommandLineW
0x14018e578 OpenMutexW
0x14018e580 GetComputerNameW
0x14018e588 GetLocaleInfoA
0x14018e590 GetDiskFreeSpaceExW
0x14018e598 GetNativeSystemInfo
0x14018e5a0 GetVersionExW
0x14018e5a8 SetLastError
0x14018e5b0 ReleaseMutex
0x14018e5b8 MultiByteToWideChar
0x14018e5c0 OutputDebugStringW
0x14018e5c8 GetCurrentProcessId
0x14018e5d0 GetCurrentThreadId
0x14018e5d8 DeviceIoControl
0x14018e5e0 CopyFileW
0x14018e5e8 MoveFileExW
0x14018e5f0 FlushFileBuffers
0x14018e5f8 CreateFileW
0x14018e600 GetCurrentProcess
0x14018e608 SetPriorityClass
0x14018e610 HeapSetInformation
0x14018e618 CreateMutexW
0x14018e620 LocalFree
0x14018e628 GetProcAddress
0x14018e630 SetDllDirectoryW
0x14018e638 GetSystemPowerStatus
0x14018e640 QueryUnbiasedInterruptTime
0x14018e648 SizeofResource
0x14018e650 LoadResource
0x14018e658 FindResourceW
0x14018e660 GetModuleHandleW
0x14018e668 Process32NextW
0x14018e670 Process32FirstW
0x14018e678 CreateToolhelp32Snapshot
0x14018e680 GetProcessTimes
0x14018e688 WideCharToMultiByte
0x14018e690 TerminateProcess
0x14018e698 CloseHandle
0x14018e6a0 OpenProcess
0x14018e6a8 GetLastError
0x14018e6b0 Sleep
0x14018e6b8 GetTickCount64
0x14018e6c0 FlsGetValue
0x14018e6c8 FlsSetValue
0x14018e6d0 FlsFree
0x14018e6d8 LCMapStringW
0x14018e6e0 GetLocaleInfoW
0x14018e6e8 IsValidLocale
0x14018e6f0 GetUserDefaultLCID
0x14018e6f8 EnumSystemLocalesW
0x14018e700 GetTimeZoneInformation
0x14018e708 IsValidCodePage
0x14018e710 GetACP
0x14018e718 GetOEMCP
0x14018e720 GetCommandLineA
0x14018e728 GetEnvironmentStringsW
0x14018e730 FormatMessageA
0x14018e738 FlsAlloc
0x14018e740 GetConsoleOutputCP
0x14018e748 ReadConsoleW
0x14018e750 GetConsoleMode
0x14018e758 SystemTimeToTzSpecificLocalTime
0x14018e760 TryAcquireSRWLockExclusive
0x14018e768 GetStringTypeW
0x14018e770 FreeEnvironmentStringsW
0x14018e778 SetStdHandle
0x14018e780 WriteConsoleW
0x14018e788 PeekNamedPipe
0x14018e790 GetFileType
0x14018e798 ExitProcess
0x14018e7a0 GetStdHandle
0x14018e7a8 FreeLibraryAndExitThread
0x14018e7b0 ExitThread
0x14018e7b8 CreateThread
0x14018e7c0 InterlockedPushEntrySList
0x14018e7c8 GetStartupInfoW
0x14018e7d0 SetUnhandledExceptionFilter
0x14018e7d8 UnhandledExceptionFilter
0x14018e7e0 InitializeSListHead
0x14018e7e8 IsDebuggerPresent
0x14018e7f0 GetCPInfo
0x14018e7f8 LCMapStringEx
0x14018e800 EncodePointer
0x14018e808 GetLocaleInfoEx
0x14018e810 WaitForSingleObjectEx
0x14018e818 CloseThreadpoolWork
0x14018e820 SubmitThreadpoolWork
0x14018e828 CreateThreadpoolWork
0x14018e830 FindNextFileW
0x14018e838 SetFileInformationByHandle
USER32.dll
0x14018e898 LoadStringW
0x14018e8a0 RegisterClassExW
0x14018e8a8 GetClassInfoExW
ADVAPI32.dll
0x14018e000 ConvertStringSidToSidW
0x14018e008 OpenServiceW
0x14018e010 QueryServiceStatusEx
0x14018e018 CloseServiceHandle
0x14018e020 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14018e028 RegCreateKeyExW
0x14018e030 RegSetValueExW
0x14018e038 RegCloseKey
0x14018e040 QueryServiceStatus
0x14018e048 ControlService
0x14018e050 StartServiceW
0x14018e058 SystemFunction036
0x14018e060 RegQueryValueExA
0x14018e068 RegOpenKeyExA
0x14018e070 RegEnumKeyExA
0x14018e078 CryptDestroyHash
0x14018e080 CryptHashData
0x14018e088 CryptCreateHash
0x14018e090 CryptGetHashParam
0x14018e098 CryptAcquireContextA
0x14018e0a0 CryptReleaseContext
0x14018e0a8 CryptGenRandom
0x14018e0b0 CryptAcquireContextW
0x14018e0b8 RegDeleteTreeW
0x14018e0c0 RegDeleteKeyExW
0x14018e0c8 RegEnumKeyW
0x14018e0d0 RegQueryInfoKeyW
0x14018e0d8 RegDeleteValueW
0x14018e0e0 RegQueryValueExW
0x14018e0e8 RegOpenKeyExW
0x14018e0f0 OpenSCManagerW
0x14018e0f8 FreeSid
0x14018e100 EqualSid
0x14018e108 LookupAccountSidW
0x14018e110 AllocateAndInitializeSid
0x14018e118 RevertToSelf
0x14018e120 ImpersonateSelf
0x14018e128 AdjustTokenPrivileges
0x14018e130 LookupPrivilegeValueW
0x14018e138 OpenThreadToken
0x14018e140 GetTokenInformation
0x14018e148 OpenProcessToken
ole32.dll
0x14018ea60 CoCreateInstance
0x14018ea68 CoUninitialize
0x14018ea70 CoInitializeEx
OLEAUT32.dll
0x14018e848 VariantClear
0x14018e850 VariantInit
0x14018e858 SysAllocString
0x14018e860 SysFreeString
crypt.dll
0x14018e9e8 BCryptGenRandom
WS2_32.dll
0x14018e8e8 getsockopt
0x14018e8f0 WSAResetEvent
0x14018e8f8 send
0x14018e900 getservbyname
0x14018e908 recvfrom
0x14018e910 gethostname
0x14018e918 ioctlsocket
0x14018e920 recv
0x14018e928 getsockname
0x14018e930 getpeername
0x14018e938 connect
0x14018e940 ind
0x14018e948 htonl
0x14018e950 WSAGetLastError
0x14018e958 select
0x14018e960 __WSAFDIsSet
0x14018e968 WSAIoctl
0x14018e970 setsockopt
0x14018e978 socket
0x14018e980 htons
0x14018e988 closesocket
0x14018e990 WSACleanup
0x14018e998 WSAStartup
0x14018e9a0 WSASetLastError
0x14018e9a8 ntohs
0x14018e9b0 ntohl
0x14018e9b8 WSAWaitForMultipleEvents
0x14018e9c0 WSACloseEvent
0x14018e9c8 WSAEventSelect
0x14018e9d0 WSAEnumNetworkEvents
0x14018e9d8 WSACreateEvent
CRYPT32.dll
0x14018e158 CryptQueryObject
0x14018e160 CertGetNameStringA
0x14018e168 CertFindExtension
0x14018e170 CertAddCertificateContextToStore
0x14018e178 CryptDecodeObjectEx
0x14018e180 PFXImportCertStore
0x14018e188 CryptStringToBinaryA
0x14018e190 CertOpenStore
0x14018e198 CertCloseStore
0x14018e1a0 CertEnumCertificatesInStore
0x14018e1a8 CertFreeCertificateContext
0x14018e1b0 CertCreateCertificateChainEngine
0x14018e1b8 CertFreeCertificateChainEngine
0x14018e1c0 CertGetCertificateChain
0x14018e1c8 CertFreeCertificateChain
0x14018e1d0 CertFindCertificateInStore
WINHTTP.dll
0x14018e8d8 WinHttpCrackUrl
IPHLPAPI.DLL
0x14018e1e0 GetBestRoute2
0x14018e1e8 GetUnicastIpAddressTable
0x14018e1f0 FreeMibTable
0x14018e1f8 GetAdaptersAddresses
SHLWAPI.dll
0x14018e888 PathMatchSpecW
EAT(Export Address Table) Library
0x1400947b0 asw_process_storage_allocate_connector
0x1400947e0 asw_process_storage_deallocate_connector
0x140085620 on_avast_dll_unload
0x1400945b0 onexit_register_connector_avast_2
SHELL32.dll
0x14018e870 ShellExecuteExW
0x14018e878 SHGetFolderPathW
VERSION.dll
0x14018e8b8 GetFileVersionInfoSizeW
0x14018e8c0 VerQueryValueW
0x14018e8c8 GetFileVersionInfoW
ntdll.dll
0x14018e9f8 RtlPcToFileHeader
0x14018ea00 NtDeleteKey
0x14018ea08 NtQueryKey
0x14018ea10 NtOpenKey
0x14018ea18 NtClose
0x14018ea20 RtlVirtualUnwind
0x14018ea28 RtlNtStatusToDosError
0x14018ea30 VerSetConditionMask
0x14018ea38 RtlCaptureContext
0x14018ea40 RtlLookupFunctionEntry
0x14018ea48 RtlUnwindEx
0x14018ea50 RtlUnwind
KERNEL32.dll
0x14018e208 CreateProcessW
0x14018e210 ReadFile
0x14018e218 VerifyVersionInfoW
0x14018e220 FileTimeToSystemTime
0x14018e228 GetSystemTimeAsFileTime
0x14018e230 InitializeCriticalSection
0x14018e238 EnterCriticalSection
0x14018e240 LeaveCriticalSection
0x14018e248 DeleteFileW
0x14018e250 GetFileInformationByHandle
0x14018e258 GetFullPathNameW
0x14018e260 OutputDebugStringA
0x14018e268 TlsAlloc
0x14018e270 TlsGetValue
0x14018e278 TlsSetValue
0x14018e280 FreeLibrary
0x14018e288 CreateEventW
0x14018e290 SetEvent
0x14018e298 ResetEvent
0x14018e2a0 CreateSemaphoreW
0x14018e2a8 ReleaseSemaphore
0x14018e2b0 GetSystemInfo
0x14018e2b8 GetTickCount
0x14018e2c0 QueryPerformanceFrequency
0x14018e2c8 QueryPerformanceCounter
0x14018e2d0 ExpandEnvironmentStringsW
0x14018e2d8 GetModuleFileNameW
0x14018e2e0 GetFileAttributesW
0x14018e2e8 LoadLibraryExW
0x14018e2f0 GetWindowsDirectoryW
0x14018e2f8 GetSystemDirectoryW
0x14018e300 VirtualAlloc
0x14018e308 VirtualFree
0x14018e310 GlobalMemoryStatusEx
0x14018e318 GetExitCodeThread
0x14018e320 TlsFree
0x14018e328 GetDriveTypeW
0x14018e330 SetFilePointer
0x14018e338 K32GetProcessImageFileNameW
0x14018e340 LockFileEx
0x14018e348 CreateFileMappingW
0x14018e350 MapViewOfFile
0x14018e358 UnmapViewOfFile
0x14018e360 GetFileAttributesExW
0x14018e368 FindClose
0x14018e370 CreateDirectoryW
0x14018e378 GetCurrentDirectoryW
0x14018e380 FindFirstFileExW
0x14018e388 GetCurrentThread
0x14018e390 QueryDosDeviceW
0x14018e398 GetVolumePathNameW
0x14018e3a0 GetVolumeNameForVolumeMountPointW
0x14018e3a8 GetEnvironmentVariableW
0x14018e3b0 GetDateFormatW
0x14018e3b8 GetTimeFormatW
0x14018e3c0 InitializeCriticalSectionAndSpinCount
0x14018e3c8 GetVersion
0x14018e3d0 LockResource
0x14018e3d8 FindResourceExW
0x14018e3e0 SetEnvironmentVariableW
0x14018e3e8 UnlockFileEx
0x14018e3f0 K32GetMappedFileNameW
0x14018e3f8 FindFirstVolumeW
0x14018e400 FindNextVolumeW
0x14018e408 GetVolumePathNamesForVolumeNameW
0x14018e410 FindVolumeClose
0x14018e418 GetSystemTimes
0x14018e420 RaiseException
0x14018e428 ReleaseSRWLockExclusive
0x14018e430 AcquireSRWLockExclusive
0x14018e438 GetSystemDirectoryA
0x14018e440 GetModuleHandleA
0x14018e448 LoadLibraryA
0x14018e450 MoveFileExA
0x14018e458 GetEnvironmentVariableA
0x14018e460 SleepEx
0x14018e468 CreateFileA
0x14018e470 ExpandEnvironmentStringsA
0x14018e478 GetWindowsDirectoryA
0x14018e480 GetVersionExA
0x14018e488 WakeConditionVariable
0x14018e490 WakeAllConditionVariable
0x14018e498 SleepConditionVariableSRW
0x14018e4a0 IsProcessorFeaturePresent
0x14018e4a8 InitOnceBeginInitialize
0x14018e4b0 CompareStringW
0x14018e4b8 UpdateProcThreadAttribute
0x14018e4c0 DeleteProcThreadAttributeList
0x14018e4c8 InitializeProcThreadAttributeList
0x14018e4d0 InitOnceComplete
0x14018e4d8 FreeLibraryWhenCallbackReturns
0x14018e4e0 SetFileAttributesW
0x14018e4e8 GetFileSizeEx
0x14018e4f0 SetFilePointerEx
0x14018e4f8 WriteFile
0x14018e500 SetEndOfFile
0x14018e508 GetExitCodeProcess
0x14018e510 WaitForSingleObject
0x14018e518 FormatMessageW
0x14018e520 GetModuleHandleExW
0x14018e528 GetProcessHeap
0x14018e530 DeleteCriticalSection
0x14018e538 HeapDestroy
0x14018e540 DecodePointer
0x14018e548 HeapAlloc
0x14018e550 HeapReAlloc
0x14018e558 HeapSize
0x14018e560 InitializeCriticalSectionEx
0x14018e568 HeapFree
0x14018e570 GetCommandLineW
0x14018e578 OpenMutexW
0x14018e580 GetComputerNameW
0x14018e588 GetLocaleInfoA
0x14018e590 GetDiskFreeSpaceExW
0x14018e598 GetNativeSystemInfo
0x14018e5a0 GetVersionExW
0x14018e5a8 SetLastError
0x14018e5b0 ReleaseMutex
0x14018e5b8 MultiByteToWideChar
0x14018e5c0 OutputDebugStringW
0x14018e5c8 GetCurrentProcessId
0x14018e5d0 GetCurrentThreadId
0x14018e5d8 DeviceIoControl
0x14018e5e0 CopyFileW
0x14018e5e8 MoveFileExW
0x14018e5f0 FlushFileBuffers
0x14018e5f8 CreateFileW
0x14018e600 GetCurrentProcess
0x14018e608 SetPriorityClass
0x14018e610 HeapSetInformation
0x14018e618 CreateMutexW
0x14018e620 LocalFree
0x14018e628 GetProcAddress
0x14018e630 SetDllDirectoryW
0x14018e638 GetSystemPowerStatus
0x14018e640 QueryUnbiasedInterruptTime
0x14018e648 SizeofResource
0x14018e650 LoadResource
0x14018e658 FindResourceW
0x14018e660 GetModuleHandleW
0x14018e668 Process32NextW
0x14018e670 Process32FirstW
0x14018e678 CreateToolhelp32Snapshot
0x14018e680 GetProcessTimes
0x14018e688 WideCharToMultiByte
0x14018e690 TerminateProcess
0x14018e698 CloseHandle
0x14018e6a0 OpenProcess
0x14018e6a8 GetLastError
0x14018e6b0 Sleep
0x14018e6b8 GetTickCount64
0x14018e6c0 FlsGetValue
0x14018e6c8 FlsSetValue
0x14018e6d0 FlsFree
0x14018e6d8 LCMapStringW
0x14018e6e0 GetLocaleInfoW
0x14018e6e8 IsValidLocale
0x14018e6f0 GetUserDefaultLCID
0x14018e6f8 EnumSystemLocalesW
0x14018e700 GetTimeZoneInformation
0x14018e708 IsValidCodePage
0x14018e710 GetACP
0x14018e718 GetOEMCP
0x14018e720 GetCommandLineA
0x14018e728 GetEnvironmentStringsW
0x14018e730 FormatMessageA
0x14018e738 FlsAlloc
0x14018e740 GetConsoleOutputCP
0x14018e748 ReadConsoleW
0x14018e750 GetConsoleMode
0x14018e758 SystemTimeToTzSpecificLocalTime
0x14018e760 TryAcquireSRWLockExclusive
0x14018e768 GetStringTypeW
0x14018e770 FreeEnvironmentStringsW
0x14018e778 SetStdHandle
0x14018e780 WriteConsoleW
0x14018e788 PeekNamedPipe
0x14018e790 GetFileType
0x14018e798 ExitProcess
0x14018e7a0 GetStdHandle
0x14018e7a8 FreeLibraryAndExitThread
0x14018e7b0 ExitThread
0x14018e7b8 CreateThread
0x14018e7c0 InterlockedPushEntrySList
0x14018e7c8 GetStartupInfoW
0x14018e7d0 SetUnhandledExceptionFilter
0x14018e7d8 UnhandledExceptionFilter
0x14018e7e0 InitializeSListHead
0x14018e7e8 IsDebuggerPresent
0x14018e7f0 GetCPInfo
0x14018e7f8 LCMapStringEx
0x14018e800 EncodePointer
0x14018e808 GetLocaleInfoEx
0x14018e810 WaitForSingleObjectEx
0x14018e818 CloseThreadpoolWork
0x14018e820 SubmitThreadpoolWork
0x14018e828 CreateThreadpoolWork
0x14018e830 FindNextFileW
0x14018e838 SetFileInformationByHandle
USER32.dll
0x14018e898 LoadStringW
0x14018e8a0 RegisterClassExW
0x14018e8a8 GetClassInfoExW
ADVAPI32.dll
0x14018e000 ConvertStringSidToSidW
0x14018e008 OpenServiceW
0x14018e010 QueryServiceStatusEx
0x14018e018 CloseServiceHandle
0x14018e020 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14018e028 RegCreateKeyExW
0x14018e030 RegSetValueExW
0x14018e038 RegCloseKey
0x14018e040 QueryServiceStatus
0x14018e048 ControlService
0x14018e050 StartServiceW
0x14018e058 SystemFunction036
0x14018e060 RegQueryValueExA
0x14018e068 RegOpenKeyExA
0x14018e070 RegEnumKeyExA
0x14018e078 CryptDestroyHash
0x14018e080 CryptHashData
0x14018e088 CryptCreateHash
0x14018e090 CryptGetHashParam
0x14018e098 CryptAcquireContextA
0x14018e0a0 CryptReleaseContext
0x14018e0a8 CryptGenRandom
0x14018e0b0 CryptAcquireContextW
0x14018e0b8 RegDeleteTreeW
0x14018e0c0 RegDeleteKeyExW
0x14018e0c8 RegEnumKeyW
0x14018e0d0 RegQueryInfoKeyW
0x14018e0d8 RegDeleteValueW
0x14018e0e0 RegQueryValueExW
0x14018e0e8 RegOpenKeyExW
0x14018e0f0 OpenSCManagerW
0x14018e0f8 FreeSid
0x14018e100 EqualSid
0x14018e108 LookupAccountSidW
0x14018e110 AllocateAndInitializeSid
0x14018e118 RevertToSelf
0x14018e120 ImpersonateSelf
0x14018e128 AdjustTokenPrivileges
0x14018e130 LookupPrivilegeValueW
0x14018e138 OpenThreadToken
0x14018e140 GetTokenInformation
0x14018e148 OpenProcessToken
ole32.dll
0x14018ea60 CoCreateInstance
0x14018ea68 CoUninitialize
0x14018ea70 CoInitializeEx
OLEAUT32.dll
0x14018e848 VariantClear
0x14018e850 VariantInit
0x14018e858 SysAllocString
0x14018e860 SysFreeString
crypt.dll
0x14018e9e8 BCryptGenRandom
WS2_32.dll
0x14018e8e8 getsockopt
0x14018e8f0 WSAResetEvent
0x14018e8f8 send
0x14018e900 getservbyname
0x14018e908 recvfrom
0x14018e910 gethostname
0x14018e918 ioctlsocket
0x14018e920 recv
0x14018e928 getsockname
0x14018e930 getpeername
0x14018e938 connect
0x14018e940 ind
0x14018e948 htonl
0x14018e950 WSAGetLastError
0x14018e958 select
0x14018e960 __WSAFDIsSet
0x14018e968 WSAIoctl
0x14018e970 setsockopt
0x14018e978 socket
0x14018e980 htons
0x14018e988 closesocket
0x14018e990 WSACleanup
0x14018e998 WSAStartup
0x14018e9a0 WSASetLastError
0x14018e9a8 ntohs
0x14018e9b0 ntohl
0x14018e9b8 WSAWaitForMultipleEvents
0x14018e9c0 WSACloseEvent
0x14018e9c8 WSAEventSelect
0x14018e9d0 WSAEnumNetworkEvents
0x14018e9d8 WSACreateEvent
CRYPT32.dll
0x14018e158 CryptQueryObject
0x14018e160 CertGetNameStringA
0x14018e168 CertFindExtension
0x14018e170 CertAddCertificateContextToStore
0x14018e178 CryptDecodeObjectEx
0x14018e180 PFXImportCertStore
0x14018e188 CryptStringToBinaryA
0x14018e190 CertOpenStore
0x14018e198 CertCloseStore
0x14018e1a0 CertEnumCertificatesInStore
0x14018e1a8 CertFreeCertificateContext
0x14018e1b0 CertCreateCertificateChainEngine
0x14018e1b8 CertFreeCertificateChainEngine
0x14018e1c0 CertGetCertificateChain
0x14018e1c8 CertFreeCertificateChain
0x14018e1d0 CertFindCertificateInStore
WINHTTP.dll
0x14018e8d8 WinHttpCrackUrl
IPHLPAPI.DLL
0x14018e1e0 GetBestRoute2
0x14018e1e8 GetUnicastIpAddressTable
0x14018e1f0 FreeMibTable
0x14018e1f8 GetAdaptersAddresses
SHLWAPI.dll
0x14018e888 PathMatchSpecW
EAT(Export Address Table) Library
0x1400947b0 asw_process_storage_allocate_connector
0x1400947e0 asw_process_storage_deallocate_connector
0x140085620 on_avast_dll_unload
0x1400945b0 onexit_register_connector_avast_2