ScreenShot
Created | 2024.07.25 08:51 | Machine | s1_win7_x6403 |
Filename | csrss.exe | ||
Type | PE32+ executable (console) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 50 detected (AIDetectMalware, Dacic, malicious, high confidence, score, Unsafe, Remcos, Vsz7, Lazy, Genus, Attribute, HighConfidence, GenKryptik, GZWY, Artemis, PWSX, Stealerc, CLOUD, bqqid, DownLoader47, YXEGXZ, Krypt, Detected, ai score=81, CAGPNH, R658964, GdSda, Gencirc, susgen, MAGC) | ||
md5 | f6bf8ada032d17192526ffebb48aed79 | ||
sha256 | 153e11471f85de3df5135b0445014698333ff40a9d6c488d291d6517eb19800d | ||
ssdeep | 49152:sB1BRf3rOSzOzrFNj8e1KbWF8K7Vk3SZTH4OWOEkw/R8wDYWg1vpb67RMGFmDwk9:MaRrFCI767R0Dwk | ||
imphash | 23682184df099986ebd41d63cd7803a7 | ||
impfuzzy | 96:e5adwKrVXbLC9uyAXWSXt7uix9FSCPjXxm9xFXAX1dHsXZQAzyqOLyDQOAo:ecprVLLdRvX0ix9qwFdMpNLQOAo |
Network IP location
Signature (12cnts)
Level | Description |
---|---|
danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
danger | Executed a process and injected code into it |
watch | Allocates execute permission to another process indicative of possible code injection |
watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
notice | A process attempted to delay the analysis task. |
notice | One or more potentially interesting buffers were extracted |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
notice | Yara rule detected in process memory |
info | Checks amount of memory in system |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (30cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Client_SW_User_Data_Stealer | Client_SW_User_Data_Stealer | memory |
danger | Win_Backdoor_RemcosRAT | Win Backdoor RemcosRAT | memory |
warning | infoStealer_browser_Zero | browser info stealer | memory |
watch | Antivirus | Contains references to security software | binaries (upload) |
watch | Chrome_User_Data_Check_Zero | Google Chrome User Data Check | memory |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | Network_Downloader | File Downloader | memory |
watch | UPX_Zero | UPX packed file | binaries (upload) |
notice | Create_Service | Create a windows service | memory |
notice | Escalate_priviledges | Escalate priviledges | memory |
notice | Generic_PWS_Memory_Zero | PWS Memory | memory |
notice | KeyLogger | Run a KeyLogger | memory |
notice | Network_DNS | Communications use DNS | memory |
notice | Network_TCP_Socket | Communications over RAW Socket | memory |
notice | ScreenShot | Take ScreenShot | memory |
notice | Sniff_Audio | Record Audio | memory |
notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
info | anti_dbg | Checks if being debugged | memory |
info | DebuggerCheck__GlobalFlags | (no description) | memory |
info | DebuggerCheck__QueryInfo | (no description) | memory |
info | DebuggerHiding__Active | (no description) | memory |
info | DebuggerHiding__Thread | (no description) | memory |
info | disable_dep | Bypass DEP | memory |
info | IsPE64 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | SEH__vectored | (no description) | memory |
info | ThreadControl__Context | (no description) | memory |
info | win_hook | Affect hook table | memory |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14015c000 AdjustTokenPrivileges
0x14015c008 CreateWellKnownSid
0x14015c010 DeregisterEventSource
0x14015c018 DuplicateTokenEx
0x14015c020 GetSecurityDescriptorLength
0x14015c028 GetWindowsAccountDomainSid
0x14015c030 LookupPrivilegeValueW
0x14015c038 OpenProcessToken
0x14015c040 OpenThreadToken
0x14015c048 RegCloseKey
0x14015c050 RegCreateKeyExW
0x14015c058 RegDeleteKeyExW
0x14015c060 RegDeleteTreeW
0x14015c068 RegDeleteValueW
0x14015c070 RegEnumKeyExW
0x14015c078 RegEnumValueW
0x14015c080 RegFlushKey
0x14015c088 RegOpenKeyExW
0x14015c090 RegQueryInfoKeyW
0x14015c098 RegQueryValueExW
0x14015c0a0 RegSetValueExA
0x14015c0a8 RegSetValueExW
0x14015c0b0 RegisterEventSourceW
0x14015c0b8 ReportEventW
0x14015c0c0 RevertToSelf
0x14015c0c8 SetThreadToken
crypt.dll
0x14015c788 BCryptDestroyKey
0x14015c790 BCryptEncrypt
0x14015c798 BCryptGenRandom
0x14015c7a0 BCryptOpenAlgorithmProvider
0x14015c7a8 BCryptSetProperty
0x14015c7b0 BCryptDecrypt
0x14015c7b8 BCryptCloseAlgorithmProvider
0x14015c7c0 BCryptImportKey
KERNEL32.dll
0x14015c0d8 TlsFree
0x14015c0e0 TlsSetValue
0x14015c0e8 TlsGetValue
0x14015c0f0 TlsAlloc
0x14015c0f8 InitializeCriticalSectionAndSpinCount
0x14015c100 EncodePointer
0x14015c108 RaiseException
0x14015c110 RtlPcToFileHeader
0x14015c118 AllocConsole
0x14015c120 CancelThreadpoolIo
0x14015c128 CloseHandle
0x14015c130 CloseThreadpoolIo
0x14015c138 CompareStringEx
0x14015c140 CompareStringOrdinal
0x14015c148 CopyFileExW
0x14015c150 CreateDirectoryW
0x14015c158 CreateEventExW
0x14015c160 CreateFileW
0x14015c168 CreateProcessA
0x14015c170 CreateProcessW
0x14015c178 CreateSymbolicLinkW
0x14015c180 CreateThreadpoolIo
0x14015c188 DeleteCriticalSection
0x14015c190 DeleteFileW
0x14015c198 DeleteVolumeMountPointW
0x14015c1a0 DeviceIoControl
0x14015c1a8 DuplicateHandle
0x14015c1b0 EnterCriticalSection
0x14015c1b8 EnumCalendarInfoExEx
0x14015c1c0 EnumTimeFormatsEx
0x14015c1c8 ExitProcess
0x14015c1d0 ExpandEnvironmentStringsW
0x14015c1d8 FileTimeToSystemTime
0x14015c1e0 FindClose
0x14015c1e8 FindFirstFileExW
0x14015c1f0 FindNLSStringEx
0x14015c1f8 FindNextFileW
0x14015c200 FindStringOrdinal
0x14015c208 FlushFileBuffers
0x14015c210 FormatMessageW
0x14015c218 FreeConsole
0x14015c220 FreeLibrary
0x14015c228 GetCalendarInfoEx
0x14015c230 GetConsoleOutputCP
0x14015c238 GetConsoleWindow
0x14015c240 GetCurrentProcess
0x14015c248 GetCurrentProcessorNumberEx
0x14015c250 GetCurrentThread
0x14015c258 GetDynamicTimeZoneInformation
0x14015c260 GetEnvironmentVariableW
0x14015c268 GetFileAttributesExW
0x14015c270 GetFileInformationByHandle
0x14015c278 GetFileInformationByHandleEx
0x14015c280 GetFileType
0x14015c288 GetFinalPathNameByHandleW
0x14015c290 GetFullPathNameW
0x14015c298 GetLastError
0x14015c2a0 GetLocaleInfoEx
0x14015c2a8 GetLogicalDrives
0x14015c2b0 GetLongPathNameW
0x14015c2b8 GetModuleFileNameW
0x14015c2c0 GetModuleHandleA
0x14015c2c8 GetOverlappedResult
0x14015c2d0 GetProcAddress
0x14015c2d8 GetStdHandle
0x14015c2e0 GetSystemDirectoryW
0x14015c2e8 GetSystemTime
0x14015c2f0 GetThreadContext
0x14015c2f8 GetThreadPriority
0x14015c300 GetTickCount64
0x14015c308 GetTimeZoneInformation
0x14015c310 GetUserPreferredUILanguages
0x14015c318 GetVolumeInformationW
0x14015c320 InitializeConditionVariable
0x14015c328 InitializeCriticalSection
0x14015c330 IsDebuggerPresent
0x14015c338 LCMapStringEx
0x14015c340 LeaveCriticalSection
0x14015c348 LoadLibraryExW
0x14015c350 LocalAlloc
0x14015c358 LocalFree
0x14015c360 LocaleNameToLCID
0x14015c368 MoveFileExW
0x14015c370 MultiByteToWideChar
0x14015c378 QueryPerformanceCounter
0x14015c380 QueryPerformanceFrequency
0x14015c388 RaiseFailFastException
0x14015c390 ReadFile
0x14015c398 RemoveDirectoryW
0x14015c3a0 ReplaceFileW
0x14015c3a8 ResetEvent
0x14015c3b0 ResolveLocaleName
0x14015c3b8 SetEvent
0x14015c3c0 SetFileAttributesW
0x14015c3c8 SetFileInformationByHandle
0x14015c3d0 SetLastError
0x14015c3d8 SetThreadErrorMode
0x14015c3e0 SetThreadPriority
0x14015c3e8 Sleep
0x14015c3f0 SleepConditionVariableCS
0x14015c3f8 StartThreadpoolIo
0x14015c400 SystemTimeToFileTime
0x14015c408 TzSpecificLocalTimeToSystemTime
0x14015c410 VirtualAlloc
0x14015c418 VirtualFree
0x14015c420 WaitForMultipleObjectsEx
0x14015c428 WakeConditionVariable
0x14015c430 WideCharToMultiByte
0x14015c438 WriteFile
0x14015c440 FlushProcessWriteBuffers
0x14015c448 WaitForSingleObjectEx
0x14015c450 RtlVirtualUnwind
0x14015c458 RtlCaptureContext
0x14015c460 RtlRestoreContext
0x14015c468 VerSetConditionMask
0x14015c470 AddVectoredExceptionHandler
0x14015c478 FlsAlloc
0x14015c480 FlsGetValue
0x14015c488 FlsSetValue
0x14015c490 CreateEventW
0x14015c498 SwitchToThread
0x14015c4a0 CreateThread
0x14015c4a8 GetCurrentThreadId
0x14015c4b0 SuspendThread
0x14015c4b8 ResumeThread
0x14015c4c0 SetThreadContext
0x14015c4c8 QueryInformationJobObject
0x14015c4d0 GetModuleHandleW
0x14015c4d8 GetModuleHandleExW
0x14015c4e0 GetProcessAffinityMask
0x14015c4e8 VerifyVersionInfoW
0x14015c4f0 InitializeContext
0x14015c4f8 GetEnabledXStateFeatures
0x14015c500 SetXStateFeaturesMask
0x14015c508 VirtualQuery
0x14015c510 GetSystemTimeAsFileTime
0x14015c518 InitializeCriticalSectionEx
0x14015c520 DebugBreak
0x14015c528 WaitForSingleObject
0x14015c530 SleepEx
0x14015c538 GetCurrentProcessId
0x14015c540 GlobalMemoryStatusEx
0x14015c548 GetSystemInfo
0x14015c550 GetLogicalProcessorInformation
0x14015c558 GetLogicalProcessorInformationEx
0x14015c560 GetLargePageMinimum
0x14015c568 VirtualUnlock
0x14015c570 VirtualAllocExNuma
0x14015c578 IsProcessInJob
0x14015c580 GetNumaHighestNodeNumber
0x14015c588 GetProcessGroupAffinity
0x14015c590 K32GetProcessMemoryInfo
0x14015c598 RtlUnwindEx
0x14015c5a0 InitializeSListHead
0x14015c5a8 IsProcessorFeaturePresent
0x14015c5b0 TerminateProcess
0x14015c5b8 SetUnhandledExceptionFilter
0x14015c5c0 UnhandledExceptionFilter
0x14015c5c8 RtlLookupFunctionEntry
ole32.dll
0x14015c7d0 CoTaskMemAlloc
0x14015c7d8 CoTaskMemFree
0x14015c7e0 CoUninitialize
0x14015c7e8 CoWaitForMultipleHandles
0x14015c7f0 CoInitializeEx
0x14015c7f8 CoCreateGuid
0x14015c800 CoGetApartmentType
USER32.dll
0x14015c5d8 LoadStringW
api-ms-win-crt-math-l1-1-0.dll
0x14015c638 __setusermatherr
0x14015c640 floor
0x14015c648 pow
0x14015c650 modf
0x14015c658 sin
0x14015c660 cos
0x14015c668 ceil
0x14015c670 tan
api-ms-win-crt-heap-l1-1-0.dll
0x14015c5f8 free
0x14015c600 calloc
0x14015c608 _set_new_mode
0x14015c610 malloc
0x14015c618 _callnewh
api-ms-win-crt-string-l1-1-0.dll
0x14015c758 strncpy_s
0x14015c760 strcpy_s
0x14015c768 _stricmp
0x14015c770 wcsncmp
0x14015c778 strcmp
api-ms-win-crt-convert-l1-1-0.dll
0x14015c5e8 strtoull
api-ms-win-crt-runtime-l1-1-0.dll
0x14015c680 _register_thread_local_exe_atexit_callback
0x14015c688 _c_exit
0x14015c690 _cexit
0x14015c698 __p___wargv
0x14015c6a0 __p___argc
0x14015c6a8 _exit
0x14015c6b0 exit
0x14015c6b8 _initterm_e
0x14015c6c0 terminate
0x14015c6c8 _crt_atexit
0x14015c6d0 _initterm
0x14015c6d8 _register_onexit_function
0x14015c6e0 _get_initial_wide_environment
0x14015c6e8 abort
0x14015c6f0 _initialize_onexit_table
0x14015c6f8 _initialize_wide_environment
0x14015c700 _configure_wide_argv
0x14015c708 _seh_filter_exe
0x14015c710 _set_app_type
api-ms-win-crt-stdio-l1-1-0.dll
0x14015c720 __stdio_common_vsscanf
0x14015c728 __p__commode
0x14015c730 __acrt_iob_func
0x14015c738 __stdio_common_vfprintf
0x14015c740 __stdio_common_vsprintf_s
0x14015c748 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x14015c628 _configthreadlocale
EAT(Export Address Table) Library
ADVAPI32.dll
0x14015c000 AdjustTokenPrivileges
0x14015c008 CreateWellKnownSid
0x14015c010 DeregisterEventSource
0x14015c018 DuplicateTokenEx
0x14015c020 GetSecurityDescriptorLength
0x14015c028 GetWindowsAccountDomainSid
0x14015c030 LookupPrivilegeValueW
0x14015c038 OpenProcessToken
0x14015c040 OpenThreadToken
0x14015c048 RegCloseKey
0x14015c050 RegCreateKeyExW
0x14015c058 RegDeleteKeyExW
0x14015c060 RegDeleteTreeW
0x14015c068 RegDeleteValueW
0x14015c070 RegEnumKeyExW
0x14015c078 RegEnumValueW
0x14015c080 RegFlushKey
0x14015c088 RegOpenKeyExW
0x14015c090 RegQueryInfoKeyW
0x14015c098 RegQueryValueExW
0x14015c0a0 RegSetValueExA
0x14015c0a8 RegSetValueExW
0x14015c0b0 RegisterEventSourceW
0x14015c0b8 ReportEventW
0x14015c0c0 RevertToSelf
0x14015c0c8 SetThreadToken
crypt.dll
0x14015c788 BCryptDestroyKey
0x14015c790 BCryptEncrypt
0x14015c798 BCryptGenRandom
0x14015c7a0 BCryptOpenAlgorithmProvider
0x14015c7a8 BCryptSetProperty
0x14015c7b0 BCryptDecrypt
0x14015c7b8 BCryptCloseAlgorithmProvider
0x14015c7c0 BCryptImportKey
KERNEL32.dll
0x14015c0d8 TlsFree
0x14015c0e0 TlsSetValue
0x14015c0e8 TlsGetValue
0x14015c0f0 TlsAlloc
0x14015c0f8 InitializeCriticalSectionAndSpinCount
0x14015c100 EncodePointer
0x14015c108 RaiseException
0x14015c110 RtlPcToFileHeader
0x14015c118 AllocConsole
0x14015c120 CancelThreadpoolIo
0x14015c128 CloseHandle
0x14015c130 CloseThreadpoolIo
0x14015c138 CompareStringEx
0x14015c140 CompareStringOrdinal
0x14015c148 CopyFileExW
0x14015c150 CreateDirectoryW
0x14015c158 CreateEventExW
0x14015c160 CreateFileW
0x14015c168 CreateProcessA
0x14015c170 CreateProcessW
0x14015c178 CreateSymbolicLinkW
0x14015c180 CreateThreadpoolIo
0x14015c188 DeleteCriticalSection
0x14015c190 DeleteFileW
0x14015c198 DeleteVolumeMountPointW
0x14015c1a0 DeviceIoControl
0x14015c1a8 DuplicateHandle
0x14015c1b0 EnterCriticalSection
0x14015c1b8 EnumCalendarInfoExEx
0x14015c1c0 EnumTimeFormatsEx
0x14015c1c8 ExitProcess
0x14015c1d0 ExpandEnvironmentStringsW
0x14015c1d8 FileTimeToSystemTime
0x14015c1e0 FindClose
0x14015c1e8 FindFirstFileExW
0x14015c1f0 FindNLSStringEx
0x14015c1f8 FindNextFileW
0x14015c200 FindStringOrdinal
0x14015c208 FlushFileBuffers
0x14015c210 FormatMessageW
0x14015c218 FreeConsole
0x14015c220 FreeLibrary
0x14015c228 GetCalendarInfoEx
0x14015c230 GetConsoleOutputCP
0x14015c238 GetConsoleWindow
0x14015c240 GetCurrentProcess
0x14015c248 GetCurrentProcessorNumberEx
0x14015c250 GetCurrentThread
0x14015c258 GetDynamicTimeZoneInformation
0x14015c260 GetEnvironmentVariableW
0x14015c268 GetFileAttributesExW
0x14015c270 GetFileInformationByHandle
0x14015c278 GetFileInformationByHandleEx
0x14015c280 GetFileType
0x14015c288 GetFinalPathNameByHandleW
0x14015c290 GetFullPathNameW
0x14015c298 GetLastError
0x14015c2a0 GetLocaleInfoEx
0x14015c2a8 GetLogicalDrives
0x14015c2b0 GetLongPathNameW
0x14015c2b8 GetModuleFileNameW
0x14015c2c0 GetModuleHandleA
0x14015c2c8 GetOverlappedResult
0x14015c2d0 GetProcAddress
0x14015c2d8 GetStdHandle
0x14015c2e0 GetSystemDirectoryW
0x14015c2e8 GetSystemTime
0x14015c2f0 GetThreadContext
0x14015c2f8 GetThreadPriority
0x14015c300 GetTickCount64
0x14015c308 GetTimeZoneInformation
0x14015c310 GetUserPreferredUILanguages
0x14015c318 GetVolumeInformationW
0x14015c320 InitializeConditionVariable
0x14015c328 InitializeCriticalSection
0x14015c330 IsDebuggerPresent
0x14015c338 LCMapStringEx
0x14015c340 LeaveCriticalSection
0x14015c348 LoadLibraryExW
0x14015c350 LocalAlloc
0x14015c358 LocalFree
0x14015c360 LocaleNameToLCID
0x14015c368 MoveFileExW
0x14015c370 MultiByteToWideChar
0x14015c378 QueryPerformanceCounter
0x14015c380 QueryPerformanceFrequency
0x14015c388 RaiseFailFastException
0x14015c390 ReadFile
0x14015c398 RemoveDirectoryW
0x14015c3a0 ReplaceFileW
0x14015c3a8 ResetEvent
0x14015c3b0 ResolveLocaleName
0x14015c3b8 SetEvent
0x14015c3c0 SetFileAttributesW
0x14015c3c8 SetFileInformationByHandle
0x14015c3d0 SetLastError
0x14015c3d8 SetThreadErrorMode
0x14015c3e0 SetThreadPriority
0x14015c3e8 Sleep
0x14015c3f0 SleepConditionVariableCS
0x14015c3f8 StartThreadpoolIo
0x14015c400 SystemTimeToFileTime
0x14015c408 TzSpecificLocalTimeToSystemTime
0x14015c410 VirtualAlloc
0x14015c418 VirtualFree
0x14015c420 WaitForMultipleObjectsEx
0x14015c428 WakeConditionVariable
0x14015c430 WideCharToMultiByte
0x14015c438 WriteFile
0x14015c440 FlushProcessWriteBuffers
0x14015c448 WaitForSingleObjectEx
0x14015c450 RtlVirtualUnwind
0x14015c458 RtlCaptureContext
0x14015c460 RtlRestoreContext
0x14015c468 VerSetConditionMask
0x14015c470 AddVectoredExceptionHandler
0x14015c478 FlsAlloc
0x14015c480 FlsGetValue
0x14015c488 FlsSetValue
0x14015c490 CreateEventW
0x14015c498 SwitchToThread
0x14015c4a0 CreateThread
0x14015c4a8 GetCurrentThreadId
0x14015c4b0 SuspendThread
0x14015c4b8 ResumeThread
0x14015c4c0 SetThreadContext
0x14015c4c8 QueryInformationJobObject
0x14015c4d0 GetModuleHandleW
0x14015c4d8 GetModuleHandleExW
0x14015c4e0 GetProcessAffinityMask
0x14015c4e8 VerifyVersionInfoW
0x14015c4f0 InitializeContext
0x14015c4f8 GetEnabledXStateFeatures
0x14015c500 SetXStateFeaturesMask
0x14015c508 VirtualQuery
0x14015c510 GetSystemTimeAsFileTime
0x14015c518 InitializeCriticalSectionEx
0x14015c520 DebugBreak
0x14015c528 WaitForSingleObject
0x14015c530 SleepEx
0x14015c538 GetCurrentProcessId
0x14015c540 GlobalMemoryStatusEx
0x14015c548 GetSystemInfo
0x14015c550 GetLogicalProcessorInformation
0x14015c558 GetLogicalProcessorInformationEx
0x14015c560 GetLargePageMinimum
0x14015c568 VirtualUnlock
0x14015c570 VirtualAllocExNuma
0x14015c578 IsProcessInJob
0x14015c580 GetNumaHighestNodeNumber
0x14015c588 GetProcessGroupAffinity
0x14015c590 K32GetProcessMemoryInfo
0x14015c598 RtlUnwindEx
0x14015c5a0 InitializeSListHead
0x14015c5a8 IsProcessorFeaturePresent
0x14015c5b0 TerminateProcess
0x14015c5b8 SetUnhandledExceptionFilter
0x14015c5c0 UnhandledExceptionFilter
0x14015c5c8 RtlLookupFunctionEntry
ole32.dll
0x14015c7d0 CoTaskMemAlloc
0x14015c7d8 CoTaskMemFree
0x14015c7e0 CoUninitialize
0x14015c7e8 CoWaitForMultipleHandles
0x14015c7f0 CoInitializeEx
0x14015c7f8 CoCreateGuid
0x14015c800 CoGetApartmentType
USER32.dll
0x14015c5d8 LoadStringW
api-ms-win-crt-math-l1-1-0.dll
0x14015c638 __setusermatherr
0x14015c640 floor
0x14015c648 pow
0x14015c650 modf
0x14015c658 sin
0x14015c660 cos
0x14015c668 ceil
0x14015c670 tan
api-ms-win-crt-heap-l1-1-0.dll
0x14015c5f8 free
0x14015c600 calloc
0x14015c608 _set_new_mode
0x14015c610 malloc
0x14015c618 _callnewh
api-ms-win-crt-string-l1-1-0.dll
0x14015c758 strncpy_s
0x14015c760 strcpy_s
0x14015c768 _stricmp
0x14015c770 wcsncmp
0x14015c778 strcmp
api-ms-win-crt-convert-l1-1-0.dll
0x14015c5e8 strtoull
api-ms-win-crt-runtime-l1-1-0.dll
0x14015c680 _register_thread_local_exe_atexit_callback
0x14015c688 _c_exit
0x14015c690 _cexit
0x14015c698 __p___wargv
0x14015c6a0 __p___argc
0x14015c6a8 _exit
0x14015c6b0 exit
0x14015c6b8 _initterm_e
0x14015c6c0 terminate
0x14015c6c8 _crt_atexit
0x14015c6d0 _initterm
0x14015c6d8 _register_onexit_function
0x14015c6e0 _get_initial_wide_environment
0x14015c6e8 abort
0x14015c6f0 _initialize_onexit_table
0x14015c6f8 _initialize_wide_environment
0x14015c700 _configure_wide_argv
0x14015c708 _seh_filter_exe
0x14015c710 _set_app_type
api-ms-win-crt-stdio-l1-1-0.dll
0x14015c720 __stdio_common_vsscanf
0x14015c728 __p__commode
0x14015c730 __acrt_iob_func
0x14015c738 __stdio_common_vfprintf
0x14015c740 __stdio_common_vsprintf_s
0x14015c748 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x14015c628 _configthreadlocale
EAT(Export Address Table) Library