ScreenShot
| Created | 2024.10.20 09:30 | Machine | s1_win7_x6403 |
| Filename | Renci.SshNet.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 42 detected (AIDetectMalware, Donut, Malicious, score, Lazy, Artemis, V4uc, confidence, Windows, Donutloader, Rozena, CLASSIC, high, Detected, DonutLdr, ABTrojan, GSUG, Chgt, R002H09JA24, susgen, PossibleThreat) | ||
| md5 | 2af177eb2897d2b4b7aaa29bf9438e9c | ||
| sha256 | 2f0924a9b7f0b3bade72e880a5fe16a9c2e3fd1b76ba5d153e5b6d6db5ee0f48 | ||
| ssdeep | 196608:9BtjHHTTyr8r0IrnfoHYqyIZeEGFoekBS7rMy:9BtjHHX7IeQGFoekBxy | ||
| imphash | 09b9688d725b8c5be47b0ad67a485d92 | ||
| impfuzzy | 96:WCzSEYnVQ6lEl4DPDVEEaSEDgrZOIIWRI9ZpzAoFsYhxU3yJSlcJ2Z/7uoI/Rd7f:W04rWIXh/Yp8QYL/aWd+0NkgVxjZS | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
d3d9.dll
0x1800a8918 Direct3DCreate9
d3dx9_43.dll
0x1800a8928 D3DXCreateTextureFromFileInMemory
GDI32.dll
0x1800a8070 DeleteObject
0x1800a8078 BitBlt
0x1800a8080 CreateCompatibleBitmap
0x1800a8088 CreateRoundRectRgn
0x1800a8090 SelectObject
0x1800a8098 CreateCompatibleDC
0x1800a80a0 DeleteDC
0x1800a80a8 GetObjectW
dwmapi.dll
0x1800a8938 DwmExtendFrameIntoClientArea
MSVCP140.dll
0x1800a8288 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1800a8290 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1800a8298 ??Bid@locale@std@@QEAA_KXZ
0x1800a82a0 ?_Xlength_error@std@@YAXPEBD@Z
0x1800a82a8 ?uncaught_exception@std@@YA_NXZ
0x1800a82b0 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1800a82b8 ?_Xbad_function_call@std@@YAXXZ
0x1800a82c0 ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
0x1800a82c8 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1800a82d0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1800a82d8 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x1800a82e0 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1800a82e8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1800a82f0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1800a82f8 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1800a8300 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1800a8308 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1800a8310 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
0x1800a8318 ?good@ios_base@std@@QEBA_NXZ
0x1800a8320 _Query_perf_frequency
0x1800a8328 ??1_Lockit@std@@QEAA@XZ
0x1800a8330 ??0_Lockit@std@@QEAA@H@Z
0x1800a8338 ?_Throw_Cpp_error@std@@YAXH@Z
0x1800a8340 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1800a8348 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1800a8350 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1800a8358 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x1800a8360 _Cnd_do_broadcast_at_thread_exit
0x1800a8368 _Query_perf_counter
0x1800a8370 _Thrd_detach
0x1800a8378 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1800a8380 ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
0x1800a8388 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
0x1800a8390 ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
0x1800a8398 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1800a83a0 ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1800a83a8 ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
0x1800a83b0 ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
0x1800a83b8 ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
0x1800a83c0 ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
0x1800a83c8 ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
0x1800a83d0 ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
0x1800a83d8 ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
0x1800a83e0 ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
0x1800a83e8 ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
0x1800a83f0 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1800a83f8 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1800a8400 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1800a8408 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1800a8410 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x1800a8418 ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
0x1800a8420 ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
0x1800a8428 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
0x1800a8430 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1800a8438 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1800a8440 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1800a8448 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1800a8450 ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
0x1800a8458 ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
0x1800a8460 ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
0x1800a8468 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
0x1800a8470 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x1800a8478 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1800a8480 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1800a8488 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1800a8490 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
USER32.dll
0x1800a84c0 UnregisterClassW
0x1800a84c8 GetWindowLongPtrW
0x1800a84d0 RegisterClassExW
0x1800a84d8 ShowWindow
0x1800a84e0 DispatchMessageW
0x1800a84e8 ExitWindowsEx
0x1800a84f0 PeekMessageW
0x1800a84f8 SetWindowDisplayAffinity
0x1800a8500 RegisterHotKey
0x1800a8508 MoveWindow
0x1800a8510 SetLayeredWindowAttributes
0x1800a8518 TranslateMessage
0x1800a8520 PostQuitMessage
0x1800a8528 UpdateWindow
0x1800a8530 SetForegroundWindow
0x1800a8538 SetWindowPos
0x1800a8540 SetWindowRgn
0x1800a8548 MessageBoxA
0x1800a8550 OpenClipboard
0x1800a8558 GetSystemMetrics
0x1800a8560 EmptyClipboard
0x1800a8568 GetClipboardData
0x1800a8570 SetClipboardData
0x1800a8578 GetKeyState
0x1800a8580 GetDC
0x1800a8588 GetCapture
0x1800a8590 ClientToScreen
0x1800a8598 TrackMouseEvent
0x1800a85a0 GetForegroundWindow
0x1800a85a8 LoadCursorW
0x1800a85b0 SetCapture
0x1800a85b8 SetCursor
0x1800a85c0 GetClientRect
0x1800a85c8 IsWindowUnicode
0x1800a85d0 ReleaseCapture
0x1800a85d8 SetCursorPos
0x1800a85e0 ReleaseDC
0x1800a85e8 GetCursorPos
0x1800a85f0 CreateWindowExW
0x1800a85f8 SetWindowLongPtrW
0x1800a8600 DestroyWindow
0x1800a8608 GetWindowRect
0x1800a8610 UnregisterHotKey
0x1800a8618 CloseClipboard
0x1800a8620 DefWindowProcW
0x1800a8628 ScreenToClient
KERNEL32.dll
0x1800a80e0 InitializeSListHead
0x1800a80e8 GetSystemTimeAsFileTime
0x1800a80f0 GetCurrentThreadId
0x1800a80f8 GetCurrentProcessId
0x1800a8100 IsDebuggerPresent
0x1800a8108 IsProcessorFeaturePresent
0x1800a8110 OutputDebugStringW
0x1800a8118 SetUnhandledExceptionFilter
0x1800a8120 UnhandledExceptionFilter
0x1800a8128 RtlVirtualUnwind
0x1800a8130 RtlLookupFunctionEntry
0x1800a8138 RtlCaptureContext
0x1800a8140 SleepConditionVariableSRW
0x1800a8148 WakeAllConditionVariable
0x1800a8150 AcquireSRWLockExclusive
0x1800a8158 ReleaseSRWLockExclusive
0x1800a8160 GetConsoleWindow
0x1800a8168 GetModuleHandleW
0x1800a8170 DeleteCriticalSection
0x1800a8178 ReadDirectoryChangesW
0x1800a8180 CreateThread
0x1800a8188 DeleteFileW
0x1800a8190 GetLastError
0x1800a8198 Sleep
0x1800a81a0 CreateFileW
0x1800a81a8 InitializeCriticalSectionEx
0x1800a81b0 LeaveCriticalSection
0x1800a81b8 EnterCriticalSection
0x1800a81c0 VirtualFreeEx
0x1800a81c8 CreateRemoteThread
0x1800a81d0 CreateProcessW
0x1800a81d8 VirtualAllocEx
0x1800a81e0 CloseHandle
0x1800a81e8 Process32FirstW
0x1800a81f0 Process32NextW
0x1800a81f8 CreateToolhelp32Snapshot
0x1800a8200 OpenProcess
0x1800a8208 WaitForSingleObject
0x1800a8210 GetCurrentProcess
0x1800a8218 WriteProcessMemory
0x1800a8220 GlobalUnlock
0x1800a8228 WideCharToMultiByte
0x1800a8230 GlobalLock
0x1800a8238 GlobalFree
0x1800a8240 GlobalAlloc
0x1800a8248 QueryPerformanceCounter
0x1800a8250 FreeLibrary
0x1800a8258 GetProcAddress
0x1800a8260 QueryPerformanceFrequency
0x1800a8268 LoadLibraryA
0x1800a8270 MultiByteToWideChar
0x1800a8278 TerminateProcess
IMM32.dll
0x1800a80b8 ImmGetContext
0x1800a80c0 ImmReleaseContext
0x1800a80c8 ImmSetCompositionWindow
0x1800a80d0 ImmSetCandidateWindow
ADVAPI32.dll
0x1800a8000 OpenSCManagerW
0x1800a8008 GetUserNameA
0x1800a8010 ControlService
0x1800a8018 RegOpenKeyExA
0x1800a8020 LookupPrivilegeValueW
0x1800a8028 GetUserNameW
0x1800a8030 AdjustTokenPrivileges
0x1800a8038 RegCloseKey
0x1800a8040 QueryServiceStatus
0x1800a8048 CloseServiceHandle
0x1800a8050 RegQueryValueExA
0x1800a8058 OpenProcessToken
0x1800a8060 OpenServiceW
ole32.dll
0x1800a8990 CreateStreamOnHGlobal
SHLWAPI.dll
0x1800a84a0 None
0x1800a84a8 None
0x1800a84b0 None
gdiplus.dll
0x1800a8948 GdiplusShutdown
0x1800a8950 GdipCreateBitmapFromScan0
0x1800a8958 GdiplusStartup
0x1800a8960 GdipGetImageEncoders
0x1800a8968 GdipGetImageEncodersSize
0x1800a8970 GdipDisposeImage
0x1800a8978 GdipCreateBitmapFromHBITMAP
0x1800a8980 GdipSaveImageToStream
WINHTTP.dll
0x1800a86d8 WinHttpReadData
0x1800a86e0 WinHttpOpen
0x1800a86e8 WinHttpReceiveResponse
0x1800a86f0 WinHttpCloseHandle
0x1800a86f8 WinHttpOpenRequest
0x1800a8700 WinHttpQueryDataAvailable
0x1800a8708 WinHttpConnect
0x1800a8710 WinHttpSendRequest
VCRUNTIME140_1.dll
0x1800a86c8 __CxxFrameHandler4
VCRUNTIME140.dll
0x1800a8638 __std_exception_destroy
0x1800a8640 __std_exception_copy
0x1800a8648 strstr
0x1800a8650 __std_terminate
0x1800a8658 __current_exception_context
0x1800a8660 __C_specific_handler
0x1800a8668 __intrinsic_setjmp
0x1800a8670 memcmp
0x1800a8678 memmove
0x1800a8680 longjmp
0x1800a8688 strrchr
0x1800a8690 memcpy
0x1800a8698 memchr
0x1800a86a0 __std_type_info_destroy_list
0x1800a86a8 memset
0x1800a86b0 _CxxThrowException
0x1800a86b8 __current_exception
api-ms-win-crt-stdio-l1-1-0.dll
0x1800a8828 fopen
0x1800a8830 fflush
0x1800a8838 __stdio_common_vsscanf
0x1800a8840 fgetc
0x1800a8848 fread
0x1800a8850 ftell
0x1800a8858 fclose
0x1800a8860 fputc
0x1800a8868 setvbuf
0x1800a8870 ungetc
0x1800a8878 fsetpos
0x1800a8880 _fseeki64
0x1800a8888 _get_stream_buffer_pointers
0x1800a8890 __stdio_common_vsprintf
0x1800a8898 _wfopen
0x1800a88a0 fwrite
0x1800a88a8 fgetpos
0x1800a88b0 fseek
0x1800a88b8 __stdio_common_vfprintf
0x1800a88c0 __acrt_iob_func
api-ms-win-crt-heap-l1-1-0.dll
0x1800a8748 malloc
0x1800a8750 _callnewh
0x1800a8758 free
api-ms-win-crt-utility-l1-1-0.dll
0x1800a8900 rand
0x1800a8908 qsort
api-ms-win-crt-string-l1-1-0.dll
0x1800a88d0 _wcsicmp
0x1800a88d8 isprint
0x1800a88e0 strncmp
0x1800a88e8 strcmp
0x1800a88f0 strncpy
api-ms-win-crt-runtime-l1-1-0.dll
0x1800a87a8 _initialize_onexit_table
0x1800a87b0 _register_onexit_function
0x1800a87b8 _initialize_narrow_environment
0x1800a87c0 _configure_narrow_argv
0x1800a87c8 _seh_filter_dll
0x1800a87d0 _crt_atexit
0x1800a87d8 terminate
0x1800a87e0 _beginthreadex
0x1800a87e8 _invalid_parameter_noinfo_noreturn
0x1800a87f0 _cexit
0x1800a87f8 _initterm
0x1800a8800 _resetstkoflw
0x1800a8808 exit
0x1800a8810 _initterm_e
0x1800a8818 _execute_onexit_table
api-ms-win-crt-convert-l1-1-0.dll
0x1800a8720 strtol
api-ms-win-crt-filesystem-l1-1-0.dll
0x1800a8730 _lock_file
0x1800a8738 _unlock_file
api-ms-win-crt-math-l1-1-0.dll
0x1800a8768 acosf
0x1800a8770 sinf
0x1800a8778 sqrtf
0x1800a8780 ceilf
0x1800a8788 _hypotf
0x1800a8790 cosf
0x1800a8798 fmodf
EAT(Export Address Table) is none
d3d9.dll
0x1800a8918 Direct3DCreate9
d3dx9_43.dll
0x1800a8928 D3DXCreateTextureFromFileInMemory
GDI32.dll
0x1800a8070 DeleteObject
0x1800a8078 BitBlt
0x1800a8080 CreateCompatibleBitmap
0x1800a8088 CreateRoundRectRgn
0x1800a8090 SelectObject
0x1800a8098 CreateCompatibleDC
0x1800a80a0 DeleteDC
0x1800a80a8 GetObjectW
dwmapi.dll
0x1800a8938 DwmExtendFrameIntoClientArea
MSVCP140.dll
0x1800a8288 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1800a8290 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1800a8298 ??Bid@locale@std@@QEAA_KXZ
0x1800a82a0 ?_Xlength_error@std@@YAXPEBD@Z
0x1800a82a8 ?uncaught_exception@std@@YA_NXZ
0x1800a82b0 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1800a82b8 ?_Xbad_function_call@std@@YAXXZ
0x1800a82c0 ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
0x1800a82c8 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1800a82d0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1800a82d8 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x1800a82e0 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1800a82e8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1800a82f0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1800a82f8 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1800a8300 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1800a8308 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1800a8310 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
0x1800a8318 ?good@ios_base@std@@QEBA_NXZ
0x1800a8320 _Query_perf_frequency
0x1800a8328 ??1_Lockit@std@@QEAA@XZ
0x1800a8330 ??0_Lockit@std@@QEAA@H@Z
0x1800a8338 ?_Throw_Cpp_error@std@@YAXH@Z
0x1800a8340 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1800a8348 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1800a8350 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1800a8358 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x1800a8360 _Cnd_do_broadcast_at_thread_exit
0x1800a8368 _Query_perf_counter
0x1800a8370 _Thrd_detach
0x1800a8378 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1800a8380 ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
0x1800a8388 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
0x1800a8390 ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
0x1800a8398 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1800a83a0 ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1800a83a8 ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
0x1800a83b0 ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
0x1800a83b8 ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
0x1800a83c0 ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
0x1800a83c8 ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
0x1800a83d0 ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
0x1800a83d8 ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
0x1800a83e0 ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
0x1800a83e8 ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
0x1800a83f0 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1800a83f8 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1800a8400 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1800a8408 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1800a8410 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x1800a8418 ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
0x1800a8420 ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
0x1800a8428 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
0x1800a8430 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1800a8438 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1800a8440 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1800a8448 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1800a8450 ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
0x1800a8458 ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
0x1800a8460 ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
0x1800a8468 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
0x1800a8470 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x1800a8478 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1800a8480 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1800a8488 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1800a8490 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
USER32.dll
0x1800a84c0 UnregisterClassW
0x1800a84c8 GetWindowLongPtrW
0x1800a84d0 RegisterClassExW
0x1800a84d8 ShowWindow
0x1800a84e0 DispatchMessageW
0x1800a84e8 ExitWindowsEx
0x1800a84f0 PeekMessageW
0x1800a84f8 SetWindowDisplayAffinity
0x1800a8500 RegisterHotKey
0x1800a8508 MoveWindow
0x1800a8510 SetLayeredWindowAttributes
0x1800a8518 TranslateMessage
0x1800a8520 PostQuitMessage
0x1800a8528 UpdateWindow
0x1800a8530 SetForegroundWindow
0x1800a8538 SetWindowPos
0x1800a8540 SetWindowRgn
0x1800a8548 MessageBoxA
0x1800a8550 OpenClipboard
0x1800a8558 GetSystemMetrics
0x1800a8560 EmptyClipboard
0x1800a8568 GetClipboardData
0x1800a8570 SetClipboardData
0x1800a8578 GetKeyState
0x1800a8580 GetDC
0x1800a8588 GetCapture
0x1800a8590 ClientToScreen
0x1800a8598 TrackMouseEvent
0x1800a85a0 GetForegroundWindow
0x1800a85a8 LoadCursorW
0x1800a85b0 SetCapture
0x1800a85b8 SetCursor
0x1800a85c0 GetClientRect
0x1800a85c8 IsWindowUnicode
0x1800a85d0 ReleaseCapture
0x1800a85d8 SetCursorPos
0x1800a85e0 ReleaseDC
0x1800a85e8 GetCursorPos
0x1800a85f0 CreateWindowExW
0x1800a85f8 SetWindowLongPtrW
0x1800a8600 DestroyWindow
0x1800a8608 GetWindowRect
0x1800a8610 UnregisterHotKey
0x1800a8618 CloseClipboard
0x1800a8620 DefWindowProcW
0x1800a8628 ScreenToClient
KERNEL32.dll
0x1800a80e0 InitializeSListHead
0x1800a80e8 GetSystemTimeAsFileTime
0x1800a80f0 GetCurrentThreadId
0x1800a80f8 GetCurrentProcessId
0x1800a8100 IsDebuggerPresent
0x1800a8108 IsProcessorFeaturePresent
0x1800a8110 OutputDebugStringW
0x1800a8118 SetUnhandledExceptionFilter
0x1800a8120 UnhandledExceptionFilter
0x1800a8128 RtlVirtualUnwind
0x1800a8130 RtlLookupFunctionEntry
0x1800a8138 RtlCaptureContext
0x1800a8140 SleepConditionVariableSRW
0x1800a8148 WakeAllConditionVariable
0x1800a8150 AcquireSRWLockExclusive
0x1800a8158 ReleaseSRWLockExclusive
0x1800a8160 GetConsoleWindow
0x1800a8168 GetModuleHandleW
0x1800a8170 DeleteCriticalSection
0x1800a8178 ReadDirectoryChangesW
0x1800a8180 CreateThread
0x1800a8188 DeleteFileW
0x1800a8190 GetLastError
0x1800a8198 Sleep
0x1800a81a0 CreateFileW
0x1800a81a8 InitializeCriticalSectionEx
0x1800a81b0 LeaveCriticalSection
0x1800a81b8 EnterCriticalSection
0x1800a81c0 VirtualFreeEx
0x1800a81c8 CreateRemoteThread
0x1800a81d0 CreateProcessW
0x1800a81d8 VirtualAllocEx
0x1800a81e0 CloseHandle
0x1800a81e8 Process32FirstW
0x1800a81f0 Process32NextW
0x1800a81f8 CreateToolhelp32Snapshot
0x1800a8200 OpenProcess
0x1800a8208 WaitForSingleObject
0x1800a8210 GetCurrentProcess
0x1800a8218 WriteProcessMemory
0x1800a8220 GlobalUnlock
0x1800a8228 WideCharToMultiByte
0x1800a8230 GlobalLock
0x1800a8238 GlobalFree
0x1800a8240 GlobalAlloc
0x1800a8248 QueryPerformanceCounter
0x1800a8250 FreeLibrary
0x1800a8258 GetProcAddress
0x1800a8260 QueryPerformanceFrequency
0x1800a8268 LoadLibraryA
0x1800a8270 MultiByteToWideChar
0x1800a8278 TerminateProcess
IMM32.dll
0x1800a80b8 ImmGetContext
0x1800a80c0 ImmReleaseContext
0x1800a80c8 ImmSetCompositionWindow
0x1800a80d0 ImmSetCandidateWindow
ADVAPI32.dll
0x1800a8000 OpenSCManagerW
0x1800a8008 GetUserNameA
0x1800a8010 ControlService
0x1800a8018 RegOpenKeyExA
0x1800a8020 LookupPrivilegeValueW
0x1800a8028 GetUserNameW
0x1800a8030 AdjustTokenPrivileges
0x1800a8038 RegCloseKey
0x1800a8040 QueryServiceStatus
0x1800a8048 CloseServiceHandle
0x1800a8050 RegQueryValueExA
0x1800a8058 OpenProcessToken
0x1800a8060 OpenServiceW
ole32.dll
0x1800a8990 CreateStreamOnHGlobal
SHLWAPI.dll
0x1800a84a0 None
0x1800a84a8 None
0x1800a84b0 None
gdiplus.dll
0x1800a8948 GdiplusShutdown
0x1800a8950 GdipCreateBitmapFromScan0
0x1800a8958 GdiplusStartup
0x1800a8960 GdipGetImageEncoders
0x1800a8968 GdipGetImageEncodersSize
0x1800a8970 GdipDisposeImage
0x1800a8978 GdipCreateBitmapFromHBITMAP
0x1800a8980 GdipSaveImageToStream
WINHTTP.dll
0x1800a86d8 WinHttpReadData
0x1800a86e0 WinHttpOpen
0x1800a86e8 WinHttpReceiveResponse
0x1800a86f0 WinHttpCloseHandle
0x1800a86f8 WinHttpOpenRequest
0x1800a8700 WinHttpQueryDataAvailable
0x1800a8708 WinHttpConnect
0x1800a8710 WinHttpSendRequest
VCRUNTIME140_1.dll
0x1800a86c8 __CxxFrameHandler4
VCRUNTIME140.dll
0x1800a8638 __std_exception_destroy
0x1800a8640 __std_exception_copy
0x1800a8648 strstr
0x1800a8650 __std_terminate
0x1800a8658 __current_exception_context
0x1800a8660 __C_specific_handler
0x1800a8668 __intrinsic_setjmp
0x1800a8670 memcmp
0x1800a8678 memmove
0x1800a8680 longjmp
0x1800a8688 strrchr
0x1800a8690 memcpy
0x1800a8698 memchr
0x1800a86a0 __std_type_info_destroy_list
0x1800a86a8 memset
0x1800a86b0 _CxxThrowException
0x1800a86b8 __current_exception
api-ms-win-crt-stdio-l1-1-0.dll
0x1800a8828 fopen
0x1800a8830 fflush
0x1800a8838 __stdio_common_vsscanf
0x1800a8840 fgetc
0x1800a8848 fread
0x1800a8850 ftell
0x1800a8858 fclose
0x1800a8860 fputc
0x1800a8868 setvbuf
0x1800a8870 ungetc
0x1800a8878 fsetpos
0x1800a8880 _fseeki64
0x1800a8888 _get_stream_buffer_pointers
0x1800a8890 __stdio_common_vsprintf
0x1800a8898 _wfopen
0x1800a88a0 fwrite
0x1800a88a8 fgetpos
0x1800a88b0 fseek
0x1800a88b8 __stdio_common_vfprintf
0x1800a88c0 __acrt_iob_func
api-ms-win-crt-heap-l1-1-0.dll
0x1800a8748 malloc
0x1800a8750 _callnewh
0x1800a8758 free
api-ms-win-crt-utility-l1-1-0.dll
0x1800a8900 rand
0x1800a8908 qsort
api-ms-win-crt-string-l1-1-0.dll
0x1800a88d0 _wcsicmp
0x1800a88d8 isprint
0x1800a88e0 strncmp
0x1800a88e8 strcmp
0x1800a88f0 strncpy
api-ms-win-crt-runtime-l1-1-0.dll
0x1800a87a8 _initialize_onexit_table
0x1800a87b0 _register_onexit_function
0x1800a87b8 _initialize_narrow_environment
0x1800a87c0 _configure_narrow_argv
0x1800a87c8 _seh_filter_dll
0x1800a87d0 _crt_atexit
0x1800a87d8 terminate
0x1800a87e0 _beginthreadex
0x1800a87e8 _invalid_parameter_noinfo_noreturn
0x1800a87f0 _cexit
0x1800a87f8 _initterm
0x1800a8800 _resetstkoflw
0x1800a8808 exit
0x1800a8810 _initterm_e
0x1800a8818 _execute_onexit_table
api-ms-win-crt-convert-l1-1-0.dll
0x1800a8720 strtol
api-ms-win-crt-filesystem-l1-1-0.dll
0x1800a8730 _lock_file
0x1800a8738 _unlock_file
api-ms-win-crt-math-l1-1-0.dll
0x1800a8768 acosf
0x1800a8770 sinf
0x1800a8778 sqrtf
0x1800a8780 ceilf
0x1800a8788 _hypotf
0x1800a8790 cosf
0x1800a8798 fmodf
EAT(Export Address Table) is none