ScreenShot
| Created | 2023.04.10 21:47 | Machine | s1_win7_x6401 |
| Filename | fcon.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 7ce957f22b7f412ab41de9604aa9c674 | ||
| sha256 | 7d0d7e3df2fdf261585d0491c1d4b7d47ae9d6a9562a8ac372d8d37036d8b363 | ||
| ssdeep | 6144:MyA+a/5f7IRdAjeR62njOnxsfC9lHoCfdoC2SKC:e+a/5f7IzAjeR6SjS8ClaqK | ||
| imphash | b237d8f62519a8eea449d577a2a175fc | ||
| impfuzzy | 96:y4B4QR1J6vz15M1mK4ytSdmugtMbGHW1/9YUJzYvBeSQ4UJu26N1iBHBi8a2NNVy:dE6ayNwi8np1Ht486L1mCOvCqslkkR | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcp_win.dll
0x180036d68 ?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
0x180036d70 ?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
0x180036d78 ?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
0x180036d80 ?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
0x180036d88 ?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
0x180036d90 ?flags@ios_base@std@@QEBAHXZ
0x180036d98 ?uncaught_exception@std@@YA_NXZ
0x180036da0 ?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
0x180036da8 ?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
0x180036db0 ?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
0x180036db8 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x180036dc0 ?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
0x180036dc8 ?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
0x180036dd0 ?width@ios_base@std@@QEAA_J_J@Z
0x180036dd8 ?width@ios_base@std@@QEBA_JXZ
0x180036de0 ??1_Lockit@std@@QEAA@XZ
0x180036de8 ??0_Lockit@std@@QEAA@H@Z
0x180036df0 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x180036df8 ??Bid@locale@std@@QEAA_KXZ
0x180036e00 ?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x180036e08 ?id@?$ctype@G@std@@2V0locale@2@A
0x180036e10 ?widen@?$ctype@G@std@@QEBAGD@Z
0x180036e18 ??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
0x180036e20 ?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
0x180036e28 ?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
0x180036e30 ?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
0x180036e38 ?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
0x180036e40 ?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
0x180036e48 ?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
0x180036e50 ??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
0x180036e58 ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
0x180036e60 ?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
0x180036e68 ?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
0x180036e70 ?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
0x180036e78 ?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
0x180036e80 ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
0x180036e88 ??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
0x180036e90 ??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
0x180036e98 ??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
0x180036ea0 ??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
0x180036ea8 ?_Xbad_function_call@std@@YAXXZ
0x180036eb0 ??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
0x180036eb8 ?_Xbad_alloc@std@@YAXXZ
0x180036ec0 ?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
0x180036ec8 ?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
0x180036ed0 ?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
0x180036ed8 ?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
0x180036ee0 ??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
0x180036ee8 ??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
0x180036ef0 ?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
0x180036ef8 ?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
0x180036f00 ?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
0x180036f08 ?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
0x180036f10 ??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
0x180036f18 ?_Xinvalid_argument@std@@YAXPEBD@Z
0x180036f20 ?_Xout_of_range@std@@YAXPEBD@Z
0x180036f28 ?good@ios_base@std@@QEBA_NXZ
0x180036f30 ?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
0x180036f38 ?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-runtime-l1-1-0.dll
0x180036d00 _initterm_e
0x180036d08 _initterm
api-ms-win-crt-private-l1-1-0.dll
0x180036ba8 _o__get_errno
0x180036bb0 _o__initialize_narrow_environment
0x180036bb8 _o__initialize_onexit_table
0x180036bc0 _o__invalid_parameter_noinfo
0x180036bc8 _o__invalid_parameter_noinfo_noreturn
0x180036bd0 _o__purecall
0x180036bd8 _o__register_onexit_function
0x180036be0 _o__seh_filter_dll
0x180036be8 _o__set_errno
0x180036bf0 memmove
0x180036bf8 _o__wcsdup
0x180036c00 _o__wcsicmp
0x180036c08 _o_abort
0x180036c10 _o_ceilf
0x180036c18 _o_free
0x180036c20 _o_iswspace
0x180036c28 _o_malloc
0x180036c30 _o_qsort
0x180036c38 _o_realloc
0x180036c40 _o_terminate
0x180036c48 _o_wcscpy_s
0x180036c50 _o_wcstoul
0x180036c58 __C_specific_handler
0x180036c60 __current_exception
0x180036c68 __current_exception_context
0x180036c70 _o__cexit
0x180036c78 _CxxThrowException
0x180036c80 _o__callnewh
0x180036c88 _o__crt_atexit
0x180036c90 _o__execute_onexit_table
0x180036c98 _o__errno
0x180036ca0 _o___stdio_common_vswprintf
0x180036ca8 _o__configure_narrow_argv
0x180036cb0 _o___stdio_common_vsnprintf_s
0x180036cb8 _o___std_type_info_destroy_list
0x180036cc0 _o___std_exception_destroy
0x180036cc8 _o___std_exception_copy
0x180036cd0 __CxxFrameHandler3
0x180036cd8 __std_terminate
0x180036ce0 __CxxFrameHandler4
0x180036ce8 memcmp
0x180036cf0 memcpy
api-ms-win-crt-string-l1-1-0.dll
0x180036d18 memset
api-ms-win-core-libraryloader-l1-2-0.dll
0x1800368b0 FreeLibraryAndExitThread
0x1800368b8 FreeLibrary
0x1800368c0 GetModuleFileNameA
0x1800368c8 GetProcAddress
0x1800368d0 GetModuleHandleExW
0x1800368d8 GetModuleHandleW
api-ms-win-core-synch-l1-1-0.dll
0x180036a18 InitializeSRWLock
0x180036a20 EnterCriticalSection
0x180036a28 ReleaseSemaphore
0x180036a30 InitializeCriticalSectionAndSpinCount
0x180036a38 SetEvent
0x180036a40 ResetEvent
0x180036a48 CreateEventW
0x180036a50 LeaveCriticalSection
0x180036a58 InitializeCriticalSectionEx
0x180036a60 WaitForSingleObject
0x180036a68 ReleaseMutex
0x180036a70 ReleaseSRWLockExclusive
0x180036a78 AcquireSRWLockExclusive
0x180036a80 WaitForSingleObjectEx
0x180036a88 OpenSemaphoreW
0x180036a90 ReleaseSRWLockShared
0x180036a98 CreateMutexExW
0x180036aa0 AcquireSRWLockShared
0x180036aa8 DeleteCriticalSection
0x180036ab0 CreateSemaphoreExW
api-ms-win-core-heap-l1-1-0.dll
0x180036878 HeapAlloc
0x180036880 HeapFree
0x180036888 GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0.dll
0x180036838 GetLastError
0x180036840 SetLastError
0x180036848 UnhandledExceptionFilter
0x180036850 RaiseException
0x180036858 SetUnhandledExceptionFilter
api-ms-win-core-threadpool-l1-2-0.dll
0x180036af0 CloseThreadpoolTimer
0x180036af8 CreateThreadpoolTimer
0x180036b00 SetThreadpoolTimer
0x180036b08 WaitForThreadpoolTimerCallbacks
api-ms-win-core-processthreads-l1-1-0.dll
0x180036918 GetCurrentProcess
0x180036920 GetCurrentProcessId
0x180036928 CreateThread
0x180036930 GetCurrentThreadId
0x180036938 TerminateProcess
0x180036940 ResumeThread
api-ms-win-core-localization-l1-2-0.dll
0x1800368f8 FormatMessageW
api-ms-win-core-debug-l1-1-0.dll
0x1800367f8 DebugBreak
0x180036800 OutputDebugStringW
0x180036808 IsDebuggerPresent
api-ms-win-core-handle-l1-1-0.dll
0x180036868 CloseHandle
api-ms-win-eventing-provider-l1-1-0.dll
0x180036d28 EventActivityIdControl
0x180036d30 EventUnregister
0x180036d38 EventRegister
0x180036d40 EventWriteTransfer
0x180036d48 EventSetInformation
api-ms-win-core-winrt-string-l1-1-0.dll
0x180036b68 WindowsIsStringEmpty
0x180036b70 WindowsCreateStringReference
0x180036b78 WindowsStringHasEmbeddedNull
0x180036b80 WindowsCreateString
0x180036b88 WindowsGetStringRawBuffer
0x180036b90 WindowsDeleteString
0x180036b98 WindowsCompareStringOrdinal
api-ms-win-core-com-l1-1-0.dll
0x1800367b0 StringFromGUID2
0x1800367b8 CoTaskMemFree
0x1800367c0 CoCreateFreeThreadedMarshaler
0x1800367c8 CoCreateGuid
0x1800367d0 CoCreateInstance
0x1800367d8 CoTaskMemRealloc
0x1800367e0 CoGetApartmentType
0x1800367e8 CoTaskMemAlloc
api-ms-win-core-winrt-error-l1-1-0.dll
0x180036b30 RoOriginateError
0x180036b38 RoOriginateErrorW
0x180036b40 RoTransformError
api-ms-win-core-util-l1-1-0.dll
0x180036b18 DecodePointer
0x180036b20 EncodePointer
api-ms-win-core-synch-l1-2-0.dll
0x180036ac0 InitOnceExecuteOnce
0x180036ac8 InitOnceComplete
0x180036ad0 InitOnceBeginInitialize
api-ms-win-core-winrt-l1-1-0.dll
0x180036b50 RoActivateInstance
0x180036b58 RoGetActivationFactory
api-ms-win-core-rtlsupport-l1-1-0.dll
0x1800369e0 RtlCaptureContext
0x1800369e8 RtlLookupFunctionEntry
0x1800369f0 RtlVirtualUnwind
api-ms-win-core-processthreads-l1-1-1.dll
0x180036950 IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0.dll
0x180036960 QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll
0x180036ae0 GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0.dll
0x180036898 InitializeSListHead
0x1800368a0 InterlockedPushEntrySList
ntdll.dll
0x180036f48 ZwQueryKey
0x180036f50 ZwOpenKeyEx
0x180036f58 RtlAllocateHeap
0x180036f60 ZwEnumerateValueKey
0x180036f68 ZwEnumerateKey
0x180036f70 RtlFreeHeap
0x180036f78 ZwClose
0x180036f80 RtlIntegerToUnicodeString
0x180036f88 RtlPublishWnfStateData
0x180036f90 RtlGetSystemBootStatus
0x180036f98 RtlSetSystemBootStatus
0x180036fa0 RtlQueryAllFeatureConfigurations
0x180036fa8 RtlQueryFeatureUsageNotificationSubscriptions
0x180036fb0 RtlSetFeatureConfigurations
0x180036fb8 RtlSubscribeForFeatureUsageNotification
0x180036fc0 RtlUnsubscribeFromFeatureUsageNotifications
0x180036fc8 RtlIsStateSeparationEnabled
0x180036fd0 RtlQueryFeatureConfigurationChangeStamp
0x180036fd8 RtlEqualUnicodeString
RPCRT4.dll
0x180036768 RpcBindingFromStringBindingW
0x180036770 NdrClientCall3
0x180036778 RpcStringBindingComposeW
0x180036780 RpcStringFreeW
0x180036788 RpcExceptionFilter
0x180036790 RpcBindingFree
api-ms-win-core-string-l1-1-0.dll
0x180036a00 MultiByteToWideChar
0x180036a08 CompareStringOrdinal
api-ms-win-core-registry-l1-1-0.dll
0x180036970 RegDeleteKeyExW
0x180036978 RegEnumKeyExW
0x180036980 RegEnumValueW
0x180036988 RegOpenKeyExW
0x180036990 RegQueryInfoKeyW
0x180036998 RegFlushKey
0x1800369a0 RegCreateKeyExW
0x1800369a8 RegCloseKey
0x1800369b0 RegDeleteValueW
0x1800369b8 RegGetValueW
0x1800369c0 RegSetValueExW
api-ms-win-core-path-l1-1-0.dll
0x180036908 PathAllocCombine
api-ms-win-core-registry-l2-1-0.dll
0x1800369d0 RegEnumKeyW
api-ms-win-stateseparation-helpers-l1-1-0.dll
0x180036d58 GetPersistedRegistryLocationW
api-ms-win-core-apiquery-l1-1-0.dll
0x1800367a0 ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1.dll
0x180036828 ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dll
0x180036818 DelayLoadFailureHook
OLEAUT32.dll
0x180036738 SetErrorInfo
0x180036740 GetErrorInfo
0x180036748 SysFreeString
0x180036750 SysAllocString
0x180036758 SysStringLen
api-ms-win-core-libraryloader-l1-2-1.dll
0x1800368e8 LoadLibraryW
EAT(Export Address Table) Library
0x18000d7a0 DllCanUnloadNow
0x18000d7f0 DllGetActivationFactory
0x18000d830 DllGetClassObject
0x18000d990 GetCtacPropertyAlloc
0x18000cc80 ModifyStagingControlVariants
0x18000ccf0 ModifyStagingControls
0x18000df70 SubscribeFeatureReporting
0x18000e020 UnsubscribeFeatureReporting
msvcp_win.dll
0x180036d68 ?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
0x180036d70 ?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
0x180036d78 ?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
0x180036d80 ?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
0x180036d88 ?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
0x180036d90 ?flags@ios_base@std@@QEBAHXZ
0x180036d98 ?uncaught_exception@std@@YA_NXZ
0x180036da0 ?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
0x180036da8 ?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
0x180036db0 ?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
0x180036db8 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x180036dc0 ?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
0x180036dc8 ?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
0x180036dd0 ?width@ios_base@std@@QEAA_J_J@Z
0x180036dd8 ?width@ios_base@std@@QEBA_JXZ
0x180036de0 ??1_Lockit@std@@QEAA@XZ
0x180036de8 ??0_Lockit@std@@QEAA@H@Z
0x180036df0 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x180036df8 ??Bid@locale@std@@QEAA_KXZ
0x180036e00 ?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x180036e08 ?id@?$ctype@G@std@@2V0locale@2@A
0x180036e10 ?widen@?$ctype@G@std@@QEBAGD@Z
0x180036e18 ??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
0x180036e20 ?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
0x180036e28 ?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
0x180036e30 ?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
0x180036e38 ?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
0x180036e40 ?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
0x180036e48 ?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
0x180036e50 ??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
0x180036e58 ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
0x180036e60 ?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
0x180036e68 ?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
0x180036e70 ?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
0x180036e78 ?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
0x180036e80 ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
0x180036e88 ??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
0x180036e90 ??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
0x180036e98 ??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
0x180036ea0 ??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
0x180036ea8 ?_Xbad_function_call@std@@YAXXZ
0x180036eb0 ??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
0x180036eb8 ?_Xbad_alloc@std@@YAXXZ
0x180036ec0 ?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
0x180036ec8 ?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
0x180036ed0 ?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
0x180036ed8 ?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
0x180036ee0 ??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
0x180036ee8 ??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
0x180036ef0 ?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
0x180036ef8 ?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
0x180036f00 ?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
0x180036f08 ?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
0x180036f10 ??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
0x180036f18 ?_Xinvalid_argument@std@@YAXPEBD@Z
0x180036f20 ?_Xout_of_range@std@@YAXPEBD@Z
0x180036f28 ?good@ios_base@std@@QEBA_NXZ
0x180036f30 ?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
0x180036f38 ?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-runtime-l1-1-0.dll
0x180036d00 _initterm_e
0x180036d08 _initterm
api-ms-win-crt-private-l1-1-0.dll
0x180036ba8 _o__get_errno
0x180036bb0 _o__initialize_narrow_environment
0x180036bb8 _o__initialize_onexit_table
0x180036bc0 _o__invalid_parameter_noinfo
0x180036bc8 _o__invalid_parameter_noinfo_noreturn
0x180036bd0 _o__purecall
0x180036bd8 _o__register_onexit_function
0x180036be0 _o__seh_filter_dll
0x180036be8 _o__set_errno
0x180036bf0 memmove
0x180036bf8 _o__wcsdup
0x180036c00 _o__wcsicmp
0x180036c08 _o_abort
0x180036c10 _o_ceilf
0x180036c18 _o_free
0x180036c20 _o_iswspace
0x180036c28 _o_malloc
0x180036c30 _o_qsort
0x180036c38 _o_realloc
0x180036c40 _o_terminate
0x180036c48 _o_wcscpy_s
0x180036c50 _o_wcstoul
0x180036c58 __C_specific_handler
0x180036c60 __current_exception
0x180036c68 __current_exception_context
0x180036c70 _o__cexit
0x180036c78 _CxxThrowException
0x180036c80 _o__callnewh
0x180036c88 _o__crt_atexit
0x180036c90 _o__execute_onexit_table
0x180036c98 _o__errno
0x180036ca0 _o___stdio_common_vswprintf
0x180036ca8 _o__configure_narrow_argv
0x180036cb0 _o___stdio_common_vsnprintf_s
0x180036cb8 _o___std_type_info_destroy_list
0x180036cc0 _o___std_exception_destroy
0x180036cc8 _o___std_exception_copy
0x180036cd0 __CxxFrameHandler3
0x180036cd8 __std_terminate
0x180036ce0 __CxxFrameHandler4
0x180036ce8 memcmp
0x180036cf0 memcpy
api-ms-win-crt-string-l1-1-0.dll
0x180036d18 memset
api-ms-win-core-libraryloader-l1-2-0.dll
0x1800368b0 FreeLibraryAndExitThread
0x1800368b8 FreeLibrary
0x1800368c0 GetModuleFileNameA
0x1800368c8 GetProcAddress
0x1800368d0 GetModuleHandleExW
0x1800368d8 GetModuleHandleW
api-ms-win-core-synch-l1-1-0.dll
0x180036a18 InitializeSRWLock
0x180036a20 EnterCriticalSection
0x180036a28 ReleaseSemaphore
0x180036a30 InitializeCriticalSectionAndSpinCount
0x180036a38 SetEvent
0x180036a40 ResetEvent
0x180036a48 CreateEventW
0x180036a50 LeaveCriticalSection
0x180036a58 InitializeCriticalSectionEx
0x180036a60 WaitForSingleObject
0x180036a68 ReleaseMutex
0x180036a70 ReleaseSRWLockExclusive
0x180036a78 AcquireSRWLockExclusive
0x180036a80 WaitForSingleObjectEx
0x180036a88 OpenSemaphoreW
0x180036a90 ReleaseSRWLockShared
0x180036a98 CreateMutexExW
0x180036aa0 AcquireSRWLockShared
0x180036aa8 DeleteCriticalSection
0x180036ab0 CreateSemaphoreExW
api-ms-win-core-heap-l1-1-0.dll
0x180036878 HeapAlloc
0x180036880 HeapFree
0x180036888 GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0.dll
0x180036838 GetLastError
0x180036840 SetLastError
0x180036848 UnhandledExceptionFilter
0x180036850 RaiseException
0x180036858 SetUnhandledExceptionFilter
api-ms-win-core-threadpool-l1-2-0.dll
0x180036af0 CloseThreadpoolTimer
0x180036af8 CreateThreadpoolTimer
0x180036b00 SetThreadpoolTimer
0x180036b08 WaitForThreadpoolTimerCallbacks
api-ms-win-core-processthreads-l1-1-0.dll
0x180036918 GetCurrentProcess
0x180036920 GetCurrentProcessId
0x180036928 CreateThread
0x180036930 GetCurrentThreadId
0x180036938 TerminateProcess
0x180036940 ResumeThread
api-ms-win-core-localization-l1-2-0.dll
0x1800368f8 FormatMessageW
api-ms-win-core-debug-l1-1-0.dll
0x1800367f8 DebugBreak
0x180036800 OutputDebugStringW
0x180036808 IsDebuggerPresent
api-ms-win-core-handle-l1-1-0.dll
0x180036868 CloseHandle
api-ms-win-eventing-provider-l1-1-0.dll
0x180036d28 EventActivityIdControl
0x180036d30 EventUnregister
0x180036d38 EventRegister
0x180036d40 EventWriteTransfer
0x180036d48 EventSetInformation
api-ms-win-core-winrt-string-l1-1-0.dll
0x180036b68 WindowsIsStringEmpty
0x180036b70 WindowsCreateStringReference
0x180036b78 WindowsStringHasEmbeddedNull
0x180036b80 WindowsCreateString
0x180036b88 WindowsGetStringRawBuffer
0x180036b90 WindowsDeleteString
0x180036b98 WindowsCompareStringOrdinal
api-ms-win-core-com-l1-1-0.dll
0x1800367b0 StringFromGUID2
0x1800367b8 CoTaskMemFree
0x1800367c0 CoCreateFreeThreadedMarshaler
0x1800367c8 CoCreateGuid
0x1800367d0 CoCreateInstance
0x1800367d8 CoTaskMemRealloc
0x1800367e0 CoGetApartmentType
0x1800367e8 CoTaskMemAlloc
api-ms-win-core-winrt-error-l1-1-0.dll
0x180036b30 RoOriginateError
0x180036b38 RoOriginateErrorW
0x180036b40 RoTransformError
api-ms-win-core-util-l1-1-0.dll
0x180036b18 DecodePointer
0x180036b20 EncodePointer
api-ms-win-core-synch-l1-2-0.dll
0x180036ac0 InitOnceExecuteOnce
0x180036ac8 InitOnceComplete
0x180036ad0 InitOnceBeginInitialize
api-ms-win-core-winrt-l1-1-0.dll
0x180036b50 RoActivateInstance
0x180036b58 RoGetActivationFactory
api-ms-win-core-rtlsupport-l1-1-0.dll
0x1800369e0 RtlCaptureContext
0x1800369e8 RtlLookupFunctionEntry
0x1800369f0 RtlVirtualUnwind
api-ms-win-core-processthreads-l1-1-1.dll
0x180036950 IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0.dll
0x180036960 QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll
0x180036ae0 GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0.dll
0x180036898 InitializeSListHead
0x1800368a0 InterlockedPushEntrySList
ntdll.dll
0x180036f48 ZwQueryKey
0x180036f50 ZwOpenKeyEx
0x180036f58 RtlAllocateHeap
0x180036f60 ZwEnumerateValueKey
0x180036f68 ZwEnumerateKey
0x180036f70 RtlFreeHeap
0x180036f78 ZwClose
0x180036f80 RtlIntegerToUnicodeString
0x180036f88 RtlPublishWnfStateData
0x180036f90 RtlGetSystemBootStatus
0x180036f98 RtlSetSystemBootStatus
0x180036fa0 RtlQueryAllFeatureConfigurations
0x180036fa8 RtlQueryFeatureUsageNotificationSubscriptions
0x180036fb0 RtlSetFeatureConfigurations
0x180036fb8 RtlSubscribeForFeatureUsageNotification
0x180036fc0 RtlUnsubscribeFromFeatureUsageNotifications
0x180036fc8 RtlIsStateSeparationEnabled
0x180036fd0 RtlQueryFeatureConfigurationChangeStamp
0x180036fd8 RtlEqualUnicodeString
RPCRT4.dll
0x180036768 RpcBindingFromStringBindingW
0x180036770 NdrClientCall3
0x180036778 RpcStringBindingComposeW
0x180036780 RpcStringFreeW
0x180036788 RpcExceptionFilter
0x180036790 RpcBindingFree
api-ms-win-core-string-l1-1-0.dll
0x180036a00 MultiByteToWideChar
0x180036a08 CompareStringOrdinal
api-ms-win-core-registry-l1-1-0.dll
0x180036970 RegDeleteKeyExW
0x180036978 RegEnumKeyExW
0x180036980 RegEnumValueW
0x180036988 RegOpenKeyExW
0x180036990 RegQueryInfoKeyW
0x180036998 RegFlushKey
0x1800369a0 RegCreateKeyExW
0x1800369a8 RegCloseKey
0x1800369b0 RegDeleteValueW
0x1800369b8 RegGetValueW
0x1800369c0 RegSetValueExW
api-ms-win-core-path-l1-1-0.dll
0x180036908 PathAllocCombine
api-ms-win-core-registry-l2-1-0.dll
0x1800369d0 RegEnumKeyW
api-ms-win-stateseparation-helpers-l1-1-0.dll
0x180036d58 GetPersistedRegistryLocationW
api-ms-win-core-apiquery-l1-1-0.dll
0x1800367a0 ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1.dll
0x180036828 ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dll
0x180036818 DelayLoadFailureHook
OLEAUT32.dll
0x180036738 SetErrorInfo
0x180036740 GetErrorInfo
0x180036748 SysFreeString
0x180036750 SysAllocString
0x180036758 SysStringLen
api-ms-win-core-libraryloader-l1-2-1.dll
0x1800368e8 LoadLibraryW
EAT(Export Address Table) Library
0x18000d7a0 DllCanUnloadNow
0x18000d7f0 DllGetActivationFactory
0x18000d830 DllGetClassObject
0x18000d990 GetCtacPropertyAlloc
0x18000cc80 ModifyStagingControlVariants
0x18000ccf0 ModifyStagingControls
0x18000df70 SubscribeFeatureReporting
0x18000e020 UnsubscribeFeatureReporting