ScreenShot
| Created | 2025.03.30 19:06 | Machine | s1_win7_x6401 |
| Filename | AAservices.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 30 detected (AIDetectMalware, Malicious, score, TrojanAitInject, Unsafe, Save, confidence, Attribute, HighConfidence, Windows, Threat, GenKryptik, HCUG, PWSX, Phemedrone, CLASSIC, AGEN, Static AI, Suspicious PE, Detected, foqx, Wacapew, R689226, Krypt, PE04C9V, Orcus, susgen) | ||
| md5 | a5afaac697fab2c766051607ae273134 | ||
| sha256 | 291977390ed9da8791a2395429c6040ba437de103c6215d80052d583221db9d2 | ||
| ssdeep | 196608:LVWcUXnQ6xnIswB3ys2uypSZ4JCaqcwB3ys2uypSZ4JC7q:LVWcUXnQ6xnIp9zyS4JCaqZ9zyS4JC7q | ||
| imphash | ba7ea63af7a7301d263e3a8b2813b978 | ||
| impfuzzy | 96:btqLap7WvDpO1btp+pmp/eBt9maixUQZopoogoOUqELrBPkfTqu4+2yl3SLCBrs4:TWvKp9pEtQQkE/jzympVrij+uY8v | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | detect_Redline_Stealer_V2 | (no description) | binaries (upload) |
| danger | RedLine_Stealer_b_Zero | RedLine stealer | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | Win32_Trojan_PWS_Net_1_Zero | Win32 Trojan PWS .NET Azorult | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Name_Check_Zero | OS Name Check Signature | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400b3130 QueryPerformanceCounter
0x1400b3138 GetTickCount
0x1400b3140 MultiByteToWideChar
0x1400b3148 WideCharToMultiByte
0x1400b3150 MoveFileExW
0x1400b3158 WaitForSingleObjectEx
0x1400b3160 GetEnvironmentVariableA
0x1400b3168 GetFileType
0x1400b3170 ReadFile
0x1400b3178 PeekNamedPipe
0x1400b3180 WaitForMultipleObjects
0x1400b3188 GetCurrentProcessId
0x1400b3190 VerSetConditionMask
0x1400b3198 VerifyVersionInfoW
0x1400b31a0 GetFileSizeEx
0x1400b31a8 OutputDebugStringW
0x1400b31b0 InitializeSListHead
0x1400b31b8 GetSystemTimeAsFileTime
0x1400b31c0 IsDebuggerPresent
0x1400b31c8 IsProcessorFeaturePresent
0x1400b31d0 TerminateProcess
0x1400b31d8 SetUnhandledExceptionFilter
0x1400b31e0 UnhandledExceptionFilter
0x1400b31e8 RtlVirtualUnwind
0x1400b31f0 RtlLookupFunctionEntry
0x1400b31f8 RtlCaptureContext
0x1400b3200 WakeAllConditionVariable
0x1400b3208 EnterCriticalSection
0x1400b3210 InitializeCriticalSection
0x1400b3218 AcquireSRWLockExclusive
0x1400b3220 ReleaseSRWLockExclusive
0x1400b3228 FormatMessageW
0x1400b3230 SetLastError
0x1400b3238 QueryFullProcessImageNameW
0x1400b3240 GetModuleHandleW
0x1400b3248 GetModuleHandleA
0x1400b3250 GetModuleFileNameW
0x1400b3258 UnmapViewOfFile
0x1400b3260 GetSystemInfo
0x1400b3268 CreateFileMappingW
0x1400b3270 VirtualProtect
0x1400b3278 CreateThread
0x1400b3280 GetCurrentProcess
0x1400b3288 DeleteCriticalSection
0x1400b3290 InitializeCriticalSectionEx
0x1400b3298 GetProcessHeap
0x1400b32a0 HeapSize
0x1400b32a8 HeapFree
0x1400b32b0 HeapReAlloc
0x1400b32b8 GetCurrentThreadId
0x1400b32c0 SleepConditionVariableSRW
0x1400b32c8 GetFileInformationByHandleEx
0x1400b32d0 AreFileApisANSI
0x1400b32d8 GetFileAttributesExW
0x1400b32e0 FindFirstFileW
0x1400b32e8 FindClose
0x1400b32f0 CreateDirectoryW
0x1400b32f8 GetCurrentDirectoryW
0x1400b3300 GetLocaleInfoEx
0x1400b3308 FormatMessageA
0x1400b3310 SleepEx
0x1400b3318 LoadLibraryW
0x1400b3320 GetProcAddress
0x1400b3328 FreeLibrary
0x1400b3330 GetSystemDirectoryW
0x1400b3338 QueryPerformanceFrequency
0x1400b3340 LocalFree
0x1400b3348 MapViewOfFile
0x1400b3350 LeaveCriticalSection
0x1400b3358 HeapAlloc
0x1400b3360 HeapDestroy
0x1400b3368 AddVectoredExceptionHandler
0x1400b3370 GetLastError
0x1400b3378 CloseHandle
0x1400b3380 CreateFileW
0x1400b3388 GlobalFindAtomA
0x1400b3390 GetConsoleWindow
0x1400b3398 Sleep
0x1400b33a0 SetCurrentConsoleFontEx
0x1400b33a8 GetStdHandle
0x1400b33b0 SetConsoleTitleA
0x1400b33b8 SetConsoleTextAttribute
0x1400b33c0 GetConsoleScreenBufferInfo
0x1400b33c8 GetModuleFileNameA
USER32.dll
0x1400b3680 ShowWindow
0x1400b3688 MoveWindow
0x1400b3690 GetWindowRect
0x1400b3698 MessageBoxA
0x1400b36a0 SetLayeredWindowAttributes
0x1400b36a8 GetClientRect
0x1400b36b0 SetWindowLongPtrA
0x1400b36b8 GetWindowLongPtrA
ADVAPI32.dll
0x1400b3000 AddAccessAllowedAce
0x1400b3008 GetLengthSid
0x1400b3010 GetTokenInformation
0x1400b3018 InitializeAcl
0x1400b3020 IsValidSid
0x1400b3028 RegCreateKeyExA
0x1400b3030 SetSecurityInfo
0x1400b3038 CopySid
0x1400b3040 ConvertSidToStringSidA
0x1400b3048 CryptAcquireContextW
0x1400b3050 CryptReleaseContext
0x1400b3058 CryptGetHashParam
0x1400b3060 CryptCreateHash
0x1400b3068 CryptHashData
0x1400b3070 CryptDestroyHash
0x1400b3078 SystemFunction036
0x1400b3080 CryptEncrypt
0x1400b3088 CryptImportKey
0x1400b3090 CryptDestroyKey
0x1400b3098 OpenProcessToken
SHELL32.dll
0x1400b3660 ShellExecuteA
ole32.dll
0x1400b3c28 CoCreateInstance
0x1400b3c30 CoUninitialize
0x1400b3c38 CoInitialize
MSVCP140.dll
0x1400b33d8 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400b33e0 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400b33e8 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b33f0 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400b33f8 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400b3400 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1400b3408 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1400b3410 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b3418 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
0x1400b3420 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b3428 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400b3430 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x1400b3438 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b3440 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
0x1400b3448 ?iword@ios_base@std@@QEAAAEAJH@Z
0x1400b3450 ?xalloc@ios_base@std@@SAHXZ
0x1400b3458 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1400b3460 ??7ios_base@std@@QEBA_NXZ
0x1400b3468 ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400b3470 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1400b3478 ?_Xinvalid_argument@std@@YAXPEBD@Z
0x1400b3480 _Xtime_get_ticks
0x1400b3488 ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
0x1400b3490 ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x1400b3498 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400b34a0 ?_Random_device@std@@YAIXZ
0x1400b34a8 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1400b34b0 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400b34b8 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x1400b34c0 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400b34c8 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400b34d0 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400b34d8 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400b34e0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400b34e8 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400b34f0 ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b34f8 ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x1400b3500 ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b3508 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b3510 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b3518 ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b3520 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400b3528 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400b3530 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400b3538 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400b3540 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400b3548 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400b3550 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x1400b3558 _Query_perf_counter
0x1400b3560 _Cnd_do_broadcast_at_thread_exit
0x1400b3568 ?_Syserror_map@std@@YAPEBDH@Z
0x1400b3570 ?_Xlength_error@std@@YAXPEBD@Z
0x1400b3578 ?id@?$ctype@D@std@@2V0locale@2@A
0x1400b3580 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400b3588 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x1400b3590 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400b3598 ?_Xbad_function_call@std@@YAXXZ
0x1400b35a0 ?_Winerror_map@std@@YAHH@Z
0x1400b35a8 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400b35b0 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400b35b8 ?_Id_cnt@id@locale@std@@0HA
0x1400b35c0 ?_Xbad_alloc@std@@YAXXZ
0x1400b35c8 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x1400b35d0 ?uncaught_exception@std@@YA_NXZ
0x1400b35d8 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1400b35e0 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400b35e8 ?_Throw_Cpp_error@std@@YAXH@Z
0x1400b35f0 ?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400b35f8 ??0_Lockit@std@@QEAA@H@Z
0x1400b3600 ??1_Lockit@std@@QEAA@XZ
0x1400b3608 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400b3610 _Query_perf_frequency
0x1400b3618 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1400b3620 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400b3628 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1400b3630 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x1400b3638 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x1400b3640 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
CRYPT32.dll
0x1400b30a8 CertGetCertificateChain
0x1400b30b0 CertFreeCertificateChainEngine
0x1400b30b8 CertCreateCertificateChainEngine
0x1400b30c0 CryptQueryObject
0x1400b30c8 CertGetNameStringW
0x1400b30d0 CertFindExtension
0x1400b30d8 CertAddCertificateContextToStore
0x1400b30e0 CertFreeCertificateChain
0x1400b30e8 PFXImportCertStore
0x1400b30f0 CryptStringToBinaryW
0x1400b30f8 CertFreeCertificateContext
0x1400b3100 CertFindCertificateInStore
0x1400b3108 CertEnumCertificatesInStore
0x1400b3110 CertCloseStore
0x1400b3118 CertOpenStore
0x1400b3120 CryptDecodeObjectEx
WS2_32.dll
0x1400b3770 htonl
0x1400b3778 listen
0x1400b3780 getaddrinfo
0x1400b3788 freeaddrinfo
0x1400b3790 recvfrom
0x1400b3798 accept
0x1400b37a0 select
0x1400b37a8 sendto
0x1400b37b0 ioctlsocket
0x1400b37b8 WSAWaitForMultipleEvents
0x1400b37c0 __WSAFDIsSet
0x1400b37c8 socket
0x1400b37d0 setsockopt
0x1400b37d8 recv
0x1400b37e0 htons
0x1400b37e8 getsockname
0x1400b37f0 getpeername
0x1400b37f8 connect
0x1400b3800 ind
0x1400b3808 WSACleanup
0x1400b3810 WSAStartup
0x1400b3818 inet_ntop
0x1400b3820 WSASetLastError
0x1400b3828 ntohs
0x1400b3830 inet_pton
0x1400b3838 WSAGetLastError
0x1400b3840 closesocket
0x1400b3848 WSAResetEvent
0x1400b3850 WSAEventSelect
0x1400b3858 WSAEnumNetworkEvents
0x1400b3860 WSACreateEvent
0x1400b3868 WSACloseEvent
0x1400b3870 send
0x1400b3878 getsockopt
0x1400b3880 gethostname
0x1400b3888 WSAIoctl
SHLWAPI.dll
0x1400b3670 PathFindFileNameW
PSAPI.DLL
0x1400b3650 GetModuleInformation
USERENV.dll
0x1400b36c8 UnloadUserProfile
crypt.dll
0x1400b3c18 BCryptGenRandom
VCRUNTIME140_1.dll
0x1400b3760 __CxxFrameHandler4
VCRUNTIME140.dll
0x1400b36d8 __std_terminate
0x1400b36e0 _CxxThrowException
0x1400b36e8 memchr
0x1400b36f0 memcmp
0x1400b36f8 memcpy
0x1400b3700 memmove
0x1400b3708 memset
0x1400b3710 __std_exception_destroy
0x1400b3718 strrchr
0x1400b3720 strstr
0x1400b3728 wcschr
0x1400b3730 __current_exception
0x1400b3738 __current_exception_context
0x1400b3740 __C_specific_handler
0x1400b3748 __std_exception_copy
0x1400b3750 strchr
api-ms-win-crt-runtime-l1-1-0.dll
0x1400b39a0 system
0x1400b39a8 __sys_errlist
0x1400b39b0 __sys_nerr
0x1400b39b8 _configure_narrow_argv
0x1400b39c0 terminate
0x1400b39c8 _initialize_onexit_table
0x1400b39d0 _register_onexit_function
0x1400b39d8 _crt_atexit
0x1400b39e0 _cexit
0x1400b39e8 _seh_filter_exe
0x1400b39f0 _set_app_type
0x1400b39f8 _invalid_parameter_noinfo_noreturn
0x1400b3a00 _get_initial_narrow_environment
0x1400b3a08 _initterm
0x1400b3a10 _initterm_e
0x1400b3a18 _exit
0x1400b3a20 _beginthreadex
0x1400b3a28 __p___argc
0x1400b3a30 __p___argv
0x1400b3a38 _c_exit
0x1400b3a40 _register_thread_local_exe_atexit_callback
0x1400b3a48 _invalid_parameter_noinfo
0x1400b3a50 _resetstkoflw
0x1400b3a58 exit
0x1400b3a60 _errno
0x1400b3a68 _initialize_narrow_environment
0x1400b3a70 abort
api-ms-win-crt-stdio-l1-1-0.dll
0x1400b3a80 _close
0x1400b3a88 _read
0x1400b3a90 _write
0x1400b3a98 fgets
0x1400b3aa0 fclose
0x1400b3aa8 __acrt_iob_func
0x1400b3ab0 __p__commode
0x1400b3ab8 _pclose
0x1400b3ac0 _lseeki64
0x1400b3ac8 fgetc
0x1400b3ad0 _popen
0x1400b3ad8 _wfopen
0x1400b3ae0 fflush
0x1400b3ae8 _wopen
0x1400b3af0 _isatty
0x1400b3af8 __stdio_common_vsscanf
0x1400b3b00 fputs
0x1400b3b08 _get_stream_buffer_pointers
0x1400b3b10 fputc
0x1400b3b18 _fseeki64
0x1400b3b20 fread
0x1400b3b28 fsetpos
0x1400b3b30 ungetc
0x1400b3b38 ftell
0x1400b3b40 setvbuf
0x1400b3b48 fgetpos
0x1400b3b50 fseek
0x1400b3b58 __stdio_common_vsprintf
0x1400b3b60 feof
0x1400b3b68 fwrite
0x1400b3b70 _fileno
0x1400b3b78 _set_fmode
api-ms-win-crt-heap-l1-1-0.dll
0x1400b3920 _callnewh
0x1400b3928 realloc
0x1400b3930 _set_new_mode
0x1400b3938 calloc
0x1400b3940 malloc
0x1400b3948 free
api-ms-win-crt-utility-l1-1-0.dll
0x1400b3c08 qsort
api-ms-win-crt-math-l1-1-0.dll
0x1400b3978 _dclass
0x1400b3980 __setusermatherr
0x1400b3988 _dsign
0x1400b3990 _fdopen
api-ms-win-crt-convert-l1-1-0.dll
0x1400b3898 strtoll
0x1400b38a0 strtol
0x1400b38a8 strtod
0x1400b38b0 strtoull
0x1400b38b8 strtoul
0x1400b38c0 atoi
0x1400b38c8 wcstombs
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400b38e8 _unlink
0x1400b38f0 remove
0x1400b38f8 _wstat64
0x1400b3900 _fstat64
0x1400b3908 _lock_file
0x1400b3910 _unlock_file
api-ms-win-crt-locale-l1-1-0.dll
0x1400b3958 _configthreadlocale
0x1400b3960 localeconv
0x1400b3968 ___lc_codepage_func
api-ms-win-crt-time-l1-1-0.dll
0x1400b3be0 _localtime64
0x1400b3be8 strftime
0x1400b3bf0 _time64
0x1400b3bf8 _gmtime64
api-ms-win-crt-environment-l1-1-0.dll
0x1400b38d8 getenv
api-ms-win-crt-string-l1-1-0.dll
0x1400b3b88 strncmp
0x1400b3b90 strcspn
0x1400b3b98 _wcsdup
0x1400b3ba0 strspn
0x1400b3ba8 wcsncmp
0x1400b3bb0 strpbrk
0x1400b3bb8 wcsncpy
0x1400b3bc0 _strdup
0x1400b3bc8 strcmp
0x1400b3bd0 wcspbrk
EAT(Export Address Table) is none
KERNEL32.dll
0x1400b3130 QueryPerformanceCounter
0x1400b3138 GetTickCount
0x1400b3140 MultiByteToWideChar
0x1400b3148 WideCharToMultiByte
0x1400b3150 MoveFileExW
0x1400b3158 WaitForSingleObjectEx
0x1400b3160 GetEnvironmentVariableA
0x1400b3168 GetFileType
0x1400b3170 ReadFile
0x1400b3178 PeekNamedPipe
0x1400b3180 WaitForMultipleObjects
0x1400b3188 GetCurrentProcessId
0x1400b3190 VerSetConditionMask
0x1400b3198 VerifyVersionInfoW
0x1400b31a0 GetFileSizeEx
0x1400b31a8 OutputDebugStringW
0x1400b31b0 InitializeSListHead
0x1400b31b8 GetSystemTimeAsFileTime
0x1400b31c0 IsDebuggerPresent
0x1400b31c8 IsProcessorFeaturePresent
0x1400b31d0 TerminateProcess
0x1400b31d8 SetUnhandledExceptionFilter
0x1400b31e0 UnhandledExceptionFilter
0x1400b31e8 RtlVirtualUnwind
0x1400b31f0 RtlLookupFunctionEntry
0x1400b31f8 RtlCaptureContext
0x1400b3200 WakeAllConditionVariable
0x1400b3208 EnterCriticalSection
0x1400b3210 InitializeCriticalSection
0x1400b3218 AcquireSRWLockExclusive
0x1400b3220 ReleaseSRWLockExclusive
0x1400b3228 FormatMessageW
0x1400b3230 SetLastError
0x1400b3238 QueryFullProcessImageNameW
0x1400b3240 GetModuleHandleW
0x1400b3248 GetModuleHandleA
0x1400b3250 GetModuleFileNameW
0x1400b3258 UnmapViewOfFile
0x1400b3260 GetSystemInfo
0x1400b3268 CreateFileMappingW
0x1400b3270 VirtualProtect
0x1400b3278 CreateThread
0x1400b3280 GetCurrentProcess
0x1400b3288 DeleteCriticalSection
0x1400b3290 InitializeCriticalSectionEx
0x1400b3298 GetProcessHeap
0x1400b32a0 HeapSize
0x1400b32a8 HeapFree
0x1400b32b0 HeapReAlloc
0x1400b32b8 GetCurrentThreadId
0x1400b32c0 SleepConditionVariableSRW
0x1400b32c8 GetFileInformationByHandleEx
0x1400b32d0 AreFileApisANSI
0x1400b32d8 GetFileAttributesExW
0x1400b32e0 FindFirstFileW
0x1400b32e8 FindClose
0x1400b32f0 CreateDirectoryW
0x1400b32f8 GetCurrentDirectoryW
0x1400b3300 GetLocaleInfoEx
0x1400b3308 FormatMessageA
0x1400b3310 SleepEx
0x1400b3318 LoadLibraryW
0x1400b3320 GetProcAddress
0x1400b3328 FreeLibrary
0x1400b3330 GetSystemDirectoryW
0x1400b3338 QueryPerformanceFrequency
0x1400b3340 LocalFree
0x1400b3348 MapViewOfFile
0x1400b3350 LeaveCriticalSection
0x1400b3358 HeapAlloc
0x1400b3360 HeapDestroy
0x1400b3368 AddVectoredExceptionHandler
0x1400b3370 GetLastError
0x1400b3378 CloseHandle
0x1400b3380 CreateFileW
0x1400b3388 GlobalFindAtomA
0x1400b3390 GetConsoleWindow
0x1400b3398 Sleep
0x1400b33a0 SetCurrentConsoleFontEx
0x1400b33a8 GetStdHandle
0x1400b33b0 SetConsoleTitleA
0x1400b33b8 SetConsoleTextAttribute
0x1400b33c0 GetConsoleScreenBufferInfo
0x1400b33c8 GetModuleFileNameA
USER32.dll
0x1400b3680 ShowWindow
0x1400b3688 MoveWindow
0x1400b3690 GetWindowRect
0x1400b3698 MessageBoxA
0x1400b36a0 SetLayeredWindowAttributes
0x1400b36a8 GetClientRect
0x1400b36b0 SetWindowLongPtrA
0x1400b36b8 GetWindowLongPtrA
ADVAPI32.dll
0x1400b3000 AddAccessAllowedAce
0x1400b3008 GetLengthSid
0x1400b3010 GetTokenInformation
0x1400b3018 InitializeAcl
0x1400b3020 IsValidSid
0x1400b3028 RegCreateKeyExA
0x1400b3030 SetSecurityInfo
0x1400b3038 CopySid
0x1400b3040 ConvertSidToStringSidA
0x1400b3048 CryptAcquireContextW
0x1400b3050 CryptReleaseContext
0x1400b3058 CryptGetHashParam
0x1400b3060 CryptCreateHash
0x1400b3068 CryptHashData
0x1400b3070 CryptDestroyHash
0x1400b3078 SystemFunction036
0x1400b3080 CryptEncrypt
0x1400b3088 CryptImportKey
0x1400b3090 CryptDestroyKey
0x1400b3098 OpenProcessToken
SHELL32.dll
0x1400b3660 ShellExecuteA
ole32.dll
0x1400b3c28 CoCreateInstance
0x1400b3c30 CoUninitialize
0x1400b3c38 CoInitialize
MSVCP140.dll
0x1400b33d8 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400b33e0 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400b33e8 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b33f0 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400b33f8 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400b3400 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1400b3408 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1400b3410 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b3418 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
0x1400b3420 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b3428 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400b3430 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x1400b3438 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b3440 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
0x1400b3448 ?iword@ios_base@std@@QEAAAEAJH@Z
0x1400b3450 ?xalloc@ios_base@std@@SAHXZ
0x1400b3458 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1400b3460 ??7ios_base@std@@QEBA_NXZ
0x1400b3468 ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400b3470 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1400b3478 ?_Xinvalid_argument@std@@YAXPEBD@Z
0x1400b3480 _Xtime_get_ticks
0x1400b3488 ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
0x1400b3490 ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x1400b3498 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400b34a0 ?_Random_device@std@@YAIXZ
0x1400b34a8 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1400b34b0 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400b34b8 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x1400b34c0 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400b34c8 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400b34d0 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400b34d8 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400b34e0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400b34e8 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400b34f0 ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b34f8 ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x1400b3500 ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b3508 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b3510 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b3518 ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b3520 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400b3528 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400b3530 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400b3538 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400b3540 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400b3548 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400b3550 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x1400b3558 _Query_perf_counter
0x1400b3560 _Cnd_do_broadcast_at_thread_exit
0x1400b3568 ?_Syserror_map@std@@YAPEBDH@Z
0x1400b3570 ?_Xlength_error@std@@YAXPEBD@Z
0x1400b3578 ?id@?$ctype@D@std@@2V0locale@2@A
0x1400b3580 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400b3588 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x1400b3590 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400b3598 ?_Xbad_function_call@std@@YAXXZ
0x1400b35a0 ?_Winerror_map@std@@YAHH@Z
0x1400b35a8 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400b35b0 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400b35b8 ?_Id_cnt@id@locale@std@@0HA
0x1400b35c0 ?_Xbad_alloc@std@@YAXXZ
0x1400b35c8 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x1400b35d0 ?uncaught_exception@std@@YA_NXZ
0x1400b35d8 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1400b35e0 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400b35e8 ?_Throw_Cpp_error@std@@YAXH@Z
0x1400b35f0 ?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400b35f8 ??0_Lockit@std@@QEAA@H@Z
0x1400b3600 ??1_Lockit@std@@QEAA@XZ
0x1400b3608 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400b3610 _Query_perf_frequency
0x1400b3618 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1400b3620 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400b3628 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1400b3630 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x1400b3638 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x1400b3640 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
CRYPT32.dll
0x1400b30a8 CertGetCertificateChain
0x1400b30b0 CertFreeCertificateChainEngine
0x1400b30b8 CertCreateCertificateChainEngine
0x1400b30c0 CryptQueryObject
0x1400b30c8 CertGetNameStringW
0x1400b30d0 CertFindExtension
0x1400b30d8 CertAddCertificateContextToStore
0x1400b30e0 CertFreeCertificateChain
0x1400b30e8 PFXImportCertStore
0x1400b30f0 CryptStringToBinaryW
0x1400b30f8 CertFreeCertificateContext
0x1400b3100 CertFindCertificateInStore
0x1400b3108 CertEnumCertificatesInStore
0x1400b3110 CertCloseStore
0x1400b3118 CertOpenStore
0x1400b3120 CryptDecodeObjectEx
WS2_32.dll
0x1400b3770 htonl
0x1400b3778 listen
0x1400b3780 getaddrinfo
0x1400b3788 freeaddrinfo
0x1400b3790 recvfrom
0x1400b3798 accept
0x1400b37a0 select
0x1400b37a8 sendto
0x1400b37b0 ioctlsocket
0x1400b37b8 WSAWaitForMultipleEvents
0x1400b37c0 __WSAFDIsSet
0x1400b37c8 socket
0x1400b37d0 setsockopt
0x1400b37d8 recv
0x1400b37e0 htons
0x1400b37e8 getsockname
0x1400b37f0 getpeername
0x1400b37f8 connect
0x1400b3800 ind
0x1400b3808 WSACleanup
0x1400b3810 WSAStartup
0x1400b3818 inet_ntop
0x1400b3820 WSASetLastError
0x1400b3828 ntohs
0x1400b3830 inet_pton
0x1400b3838 WSAGetLastError
0x1400b3840 closesocket
0x1400b3848 WSAResetEvent
0x1400b3850 WSAEventSelect
0x1400b3858 WSAEnumNetworkEvents
0x1400b3860 WSACreateEvent
0x1400b3868 WSACloseEvent
0x1400b3870 send
0x1400b3878 getsockopt
0x1400b3880 gethostname
0x1400b3888 WSAIoctl
SHLWAPI.dll
0x1400b3670 PathFindFileNameW
PSAPI.DLL
0x1400b3650 GetModuleInformation
USERENV.dll
0x1400b36c8 UnloadUserProfile
crypt.dll
0x1400b3c18 BCryptGenRandom
VCRUNTIME140_1.dll
0x1400b3760 __CxxFrameHandler4
VCRUNTIME140.dll
0x1400b36d8 __std_terminate
0x1400b36e0 _CxxThrowException
0x1400b36e8 memchr
0x1400b36f0 memcmp
0x1400b36f8 memcpy
0x1400b3700 memmove
0x1400b3708 memset
0x1400b3710 __std_exception_destroy
0x1400b3718 strrchr
0x1400b3720 strstr
0x1400b3728 wcschr
0x1400b3730 __current_exception
0x1400b3738 __current_exception_context
0x1400b3740 __C_specific_handler
0x1400b3748 __std_exception_copy
0x1400b3750 strchr
api-ms-win-crt-runtime-l1-1-0.dll
0x1400b39a0 system
0x1400b39a8 __sys_errlist
0x1400b39b0 __sys_nerr
0x1400b39b8 _configure_narrow_argv
0x1400b39c0 terminate
0x1400b39c8 _initialize_onexit_table
0x1400b39d0 _register_onexit_function
0x1400b39d8 _crt_atexit
0x1400b39e0 _cexit
0x1400b39e8 _seh_filter_exe
0x1400b39f0 _set_app_type
0x1400b39f8 _invalid_parameter_noinfo_noreturn
0x1400b3a00 _get_initial_narrow_environment
0x1400b3a08 _initterm
0x1400b3a10 _initterm_e
0x1400b3a18 _exit
0x1400b3a20 _beginthreadex
0x1400b3a28 __p___argc
0x1400b3a30 __p___argv
0x1400b3a38 _c_exit
0x1400b3a40 _register_thread_local_exe_atexit_callback
0x1400b3a48 _invalid_parameter_noinfo
0x1400b3a50 _resetstkoflw
0x1400b3a58 exit
0x1400b3a60 _errno
0x1400b3a68 _initialize_narrow_environment
0x1400b3a70 abort
api-ms-win-crt-stdio-l1-1-0.dll
0x1400b3a80 _close
0x1400b3a88 _read
0x1400b3a90 _write
0x1400b3a98 fgets
0x1400b3aa0 fclose
0x1400b3aa8 __acrt_iob_func
0x1400b3ab0 __p__commode
0x1400b3ab8 _pclose
0x1400b3ac0 _lseeki64
0x1400b3ac8 fgetc
0x1400b3ad0 _popen
0x1400b3ad8 _wfopen
0x1400b3ae0 fflush
0x1400b3ae8 _wopen
0x1400b3af0 _isatty
0x1400b3af8 __stdio_common_vsscanf
0x1400b3b00 fputs
0x1400b3b08 _get_stream_buffer_pointers
0x1400b3b10 fputc
0x1400b3b18 _fseeki64
0x1400b3b20 fread
0x1400b3b28 fsetpos
0x1400b3b30 ungetc
0x1400b3b38 ftell
0x1400b3b40 setvbuf
0x1400b3b48 fgetpos
0x1400b3b50 fseek
0x1400b3b58 __stdio_common_vsprintf
0x1400b3b60 feof
0x1400b3b68 fwrite
0x1400b3b70 _fileno
0x1400b3b78 _set_fmode
api-ms-win-crt-heap-l1-1-0.dll
0x1400b3920 _callnewh
0x1400b3928 realloc
0x1400b3930 _set_new_mode
0x1400b3938 calloc
0x1400b3940 malloc
0x1400b3948 free
api-ms-win-crt-utility-l1-1-0.dll
0x1400b3c08 qsort
api-ms-win-crt-math-l1-1-0.dll
0x1400b3978 _dclass
0x1400b3980 __setusermatherr
0x1400b3988 _dsign
0x1400b3990 _fdopen
api-ms-win-crt-convert-l1-1-0.dll
0x1400b3898 strtoll
0x1400b38a0 strtol
0x1400b38a8 strtod
0x1400b38b0 strtoull
0x1400b38b8 strtoul
0x1400b38c0 atoi
0x1400b38c8 wcstombs
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400b38e8 _unlink
0x1400b38f0 remove
0x1400b38f8 _wstat64
0x1400b3900 _fstat64
0x1400b3908 _lock_file
0x1400b3910 _unlock_file
api-ms-win-crt-locale-l1-1-0.dll
0x1400b3958 _configthreadlocale
0x1400b3960 localeconv
0x1400b3968 ___lc_codepage_func
api-ms-win-crt-time-l1-1-0.dll
0x1400b3be0 _localtime64
0x1400b3be8 strftime
0x1400b3bf0 _time64
0x1400b3bf8 _gmtime64
api-ms-win-crt-environment-l1-1-0.dll
0x1400b38d8 getenv
api-ms-win-crt-string-l1-1-0.dll
0x1400b3b88 strncmp
0x1400b3b90 strcspn
0x1400b3b98 _wcsdup
0x1400b3ba0 strspn
0x1400b3ba8 wcsncmp
0x1400b3bb0 strpbrk
0x1400b3bb8 wcsncpy
0x1400b3bc0 _strdup
0x1400b3bc8 strcmp
0x1400b3bd0 wcspbrk
EAT(Export Address Table) is none