ScreenShot
| Created | 2025.02.03 10:06 | Machine | s1_win7_x6403 |
| Filename | EmmetPROD.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 48 detected (Malicious, score, Ghanarava, Artemis, Lazy, Unsafe, GenericKD, Vahr, confidence, 100%, high confidence, CLOUD, jftlf, Static AI, Suspicious PE, Detected, Malware@#27vsnd5svvgxt, Casdet, Chgt, R002H0CAT25, Cwnw, susgen) | ||
| md5 | d62a00606fb383476db2c7f057f417f2 | ||
| sha256 | ebe24f9d635e5a1ff23e1b0f41828ffe1b7b0e6de8897eb01ca68fcb0d3b095f | ||
| ssdeep | 12288:3bmxp0YbzIEdxkhZlmlfwaL7LXSkwcs3gv3:rwG4fvLXjKgv | ||
| imphash | 92eb78f6d945527a18aa96447faa9341 | ||
| impfuzzy | 192:9zUnvVYWGy4hrYv95FbJT3mL61/+Py8hrj:9zUmhkxv/+KOrj | ||
Network IP location
Signature (15cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Creates a windows hook that monitors keyboard input (keylogger) |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Creates a suspicious process |
| notice | Executes one or more WMI queries |
| notice | Executes one or more WMI queries which can be used to identify virtual machines |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x465020 IsDebuggerPresent
0x465024 IsProcessorFeaturePresent
0x465028 TerminateProcess
0x46502c GetCurrentProcess
0x465030 SetUnhandledExceptionFilter
0x465034 UnhandledExceptionFilter
0x465038 QueryPerformanceCounter
0x46503c ResetEvent
0x465040 MultiByteToWideChar
0x465044 GetCurrentProcessId
0x465048 GetCurrentThreadId
0x46504c GetSystemTimeAsFileTime
0x465050 SetConsoleTitleW
0x465054 GetModuleHandleW
0x465058 GetConsoleWindow
0x46505c WaitForSingleObjectEx
0x465060 Sleep
0x465064 AreFileApisANSI
0x465068 GetLocaleInfoEx
0x46506c WideCharToMultiByte
0x465070 GetProcAddress
0x465074 GetModuleHandleA
0x465078 VerifyVersionInfoA
0x46507c CreateWaitableTimerA
0x465080 FormatMessageA
0x465084 LocalFree
0x465088 TlsFree
0x46508c TlsSetValue
0x465090 TlsGetValue
0x465094 TlsAlloc
0x465098 TerminateThread
0x46509c QueueUserAPC
0x4650a0 WaitForMultipleObjects
0x4650a4 SetWaitableTimer
0x4650a8 CreateEventW
0x4650ac SleepEx
0x4650b0 WaitForSingleObject
0x4650b4 SetEvent
0x4650b8 DeleteCriticalSection
0x4650bc InitializeCriticalSectionAndSpinCount
0x4650c0 LeaveCriticalSection
0x4650c4 EnterCriticalSection
0x4650c8 PostQueuedCompletionStatus
0x4650cc GetQueuedCompletionStatus
0x4650d0 CreateIoCompletionPort
0x4650d4 SetLastError
0x4650d8 GetLastError
0x4650dc CloseHandle
0x4650e0 VerSetConditionMask
0x4650e4 InitializeSListHead
USER32.dll
0x465290 GetMessageW
0x465294 GetDC
0x465298 SetWindowPos
0x46529c SendMessageW
0x4652a0 SetWindowTextW
0x4652a4 ShowWindow
0x4652a8 GetAsyncKeyState
0x4652ac DispatchMessageW
0x4652b0 UnhookWindowsHookEx
0x4652b4 TranslateMessage
0x4652b8 SetWindowsHookExW
0x4652bc SetWindowLongW
0x4652c0 SendInput
0x4652c4 GetCursorPos
0x4652c8 ReleaseDC
0x4652cc SetCursorPos
0x4652d0 GetDesktopWindow
0x4652d4 GetClientRect
GDI32.dll
0x465008 CreateCompatibleBitmap
0x46500c SelectObject
0x465010 CreateCompatibleDC
0x465014 DeleteObject
0x465018 BitBlt
ADVAPI32.dll
0x465000 GetUserNameA
ole32.dll
0x4654d8 CreateStreamOnHGlobal
0x4654dc CoInitialize
0x4654e0 CoUninitialize
0x4654e4 CoCreateInstance
gdiplus.dll
0x4654ac GdipDisposeImage
0x4654b0 GdipFree
0x4654b4 GdipGetImageEncodersSize
0x4654b8 GdipCloneImage
0x4654bc GdipGetImageThumbnail
0x4654c0 GdipGetImageEncoders
0x4654c4 GdiplusStartup
0x4654c8 GdipSaveImageToStream
0x4654cc GdipAlloc
0x4654d0 GdipCreateBitmapFromHBITMAP
urlmon.dll
0x4654ec URLDownloadToFileW
WINMM.dll
0x465318 mciSendStringW
0x46531c mciSendCommandW
0x465320 mciSendStringA
MSVCP140.dll
0x4650ec ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
0x4650f0 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x4650f4 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
0x4650f8 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
0x4650fc ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
0x465100 ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x465104 ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x465108 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x46510c ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x465110 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x465114 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
0x465118 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x46511c ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x465120 ??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
0x465124 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
0x465128 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
0x46512c ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
0x465130 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
0x465134 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
0x465138 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
0x46513c ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
0x465140 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
0x465144 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
0x465148 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
0x46514c ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
0x465150 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x465154 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
0x465158 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x46515c ??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
0x465160 ??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
0x465164 ?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
0x465168 ?always_noconv@codecvt_base@std@@QBE_NXZ
0x46516c ?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
0x465170 ?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
0x465174 ?_Incref@facet@locale@std@@UAEXXZ
0x465178 ??Bid@locale@std@@QAEIXZ
0x46517c ?__ExceptionPtrCreate@@YAXPAX@Z
0x465180 ?__ExceptionPtrDestroy@@YAXPAX@Z
0x465184 ?__ExceptionPtrCopy@@YAXPAXPBX@Z
0x465188 ?__ExceptionPtrAssign@@YAXPAXPBX@Z
0x46518c ?__ExceptionPtrCurrentException@@YAXPAX@Z
0x465190 ?__ExceptionPtrRethrow@@YAXPBX@Z
0x465194 ?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
0x465198 ?_Xbad_function_call@std@@YAXXZ
0x46519c _Query_perf_counter
0x4651a0 _Query_perf_frequency
0x4651a4 _Mtx_init_in_situ
0x4651a8 _Mtx_destroy_in_situ
0x4651ac _Mtx_lock
0x4651b0 _Mtx_unlock
0x4651b4 ?_Throw_C_error@std@@YAXH@Z
0x4651b8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
0x4651bc ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
0x4651c0 ?classic@locale@std@@SAABV12@XZ
0x4651c4 ?toupper@?$ctype@D@std@@QBEDD@Z
0x4651c8 ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x4651cc ?getloc@ios_base@std@@QBE?AVlocale@2@XZ
0x4651d0 ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
0x4651d4 ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x4651d8 ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
0x4651dc ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
0x4651e0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
0x4651e4 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
0x4651e8 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
0x4651ec ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
0x4651f0 ?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
0x4651f4 ??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x4651f8 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x4651fc ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x465200 ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
0x465204 ?_Random_device@std@@YAIXZ
0x465208 ?id@?$ctype@D@std@@2V0locale@2@A
0x46520c ?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
0x465210 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x465214 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x465218 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
0x46521c ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
0x465220 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x465224 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
0x465228 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x46522c ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x465230 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x465234 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
0x465238 _Thrd_join
0x46523c _Thrd_id
0x465240 _Cnd_do_broadcast_at_thread_exit
0x465244 ?_Syserror_map@std@@YAPBDH@Z
0x465248 ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
0x46524c ?_Xlength_error@std@@YAXPBD@Z
0x465250 ?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
0x465254 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x465258 ?_Winerror_map@std@@YAHH@Z
0x46525c ?_Xout_of_range@std@@YAXPBD@Z
0x465260 ?_Xinvalid_argument@std@@YAXPBD@Z
0x465264 ?_Xbad_alloc@std@@YAXXZ
0x465268 ?uncaught_exception@std@@YA_NXZ
0x46526c ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
0x465270 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x465274 ?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
0x465278 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x46527c ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
0x465280 ?_Throw_Cpp_error@std@@YAXH@Z
0x465284 ??0_Lockit@std@@QAE@H@Z
0x465288 ??1_Lockit@std@@QAE@XZ
WS2_32.dll
0x465328 freeaddrinfo
0x46532c getaddrinfo
0x465330 WSAAddressToStringW
0x465334 WSASocketW
0x465338 WSASend
0x46533c WSARecv
0x465340 WSAIoctl
0x465344 WSAGetLastError
0x465348 WSASetLastError
0x46534c shutdown
0x465350 setsockopt
0x465354 __WSAFDIsSet
0x465358 ntohs
0x46535c ntohl
0x465360 listen
0x465364 htons
0x465368 htonl
0x46536c getsockopt
0x465370 getsockname
0x465374 getpeername
0x465378 ioctlsocket
0x46537c connect
0x465380 closesocket
0x465384 ind
0x465388 accept
0x46538c WSACleanup
0x465390 WSAStartup
0x465394 select
VCRUNTIME140.dll
0x4652dc __CxxFrameHandler3
0x4652e0 _except_handler4_common
0x4652e4 __current_exception_context
0x4652e8 __current_exception
0x4652ec memchr
0x4652f0 memset
0x4652f4 memmove
0x4652f8 memcpy
0x4652fc _CxxThrowException
0x465300 __std_type_info_compare
0x465304 __std_exception_destroy
0x465308 __std_exception_copy
0x46530c __std_terminate
0x465310 _purecall
api-ms-win-crt-stdio-l1-1-0.dll
0x465448 fsetpos
0x46544c ungetc
0x465450 _popen
0x465454 _get_stream_buffer_pointers
0x465458 fgetc
0x46545c fread
0x465460 fclose
0x465464 fgets
0x465468 _set_fmode
0x46546c fflush
0x465470 fwrite
0x465474 _pclose
0x465478 __stdio_common_vsprintf
0x46547c __p__commode
0x465480 fgetpos
0x465484 setvbuf
0x465488 _fseeki64
0x46548c fputc
api-ms-win-crt-heap-l1-1-0.dll
0x4653b8 _callnewh
0x4653bc realloc
0x4653c0 malloc
0x4653c4 free
0x4653c8 _set_new_mode
api-ms-win-crt-string-l1-1-0.dll
0x465494 tolower
0x465498 toupper
api-ms-win-crt-runtime-l1-1-0.dll
0x4653e8 _initterm
0x4653ec exit
0x4653f0 _exit
0x4653f4 _set_app_type
0x4653f8 _controlfp_s
0x4653fc _cexit
0x465400 _crt_atexit
0x465404 _register_onexit_function
0x465408 _initialize_onexit_table
0x46540c _initialize_narrow_environment
0x465410 _configure_narrow_argv
0x465414 _initterm_e
0x465418 _seh_filter_exe
0x46541c _errno
0x465420 terminate
0x465424 _beginthreadex
0x465428 system
0x46542c _register_thread_local_exe_atexit_callback
0x465430 _c_exit
0x465434 __p___argv
0x465438 _get_initial_narrow_environment
0x46543c _invalid_parameter_noinfo_noreturn
0x465440 __p___argc
api-ms-win-crt-filesystem-l1-1-0.dll
0x4653ac _unlock_file
0x4653b0 _lock_file
api-ms-win-crt-convert-l1-1-0.dll
0x46539c strtol
0x4653a0 strtoul
0x4653a4 atoi
api-ms-win-crt-time-l1-1-0.dll
0x4654a0 _time64
0x4654a4 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x4653dc _libm_sse2_pow_precise
0x4653e0 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x4653d0 _configthreadlocale
0x4653d4 ___lc_codepage_func
EAT(Export Address Table) is none
KERNEL32.dll
0x465020 IsDebuggerPresent
0x465024 IsProcessorFeaturePresent
0x465028 TerminateProcess
0x46502c GetCurrentProcess
0x465030 SetUnhandledExceptionFilter
0x465034 UnhandledExceptionFilter
0x465038 QueryPerformanceCounter
0x46503c ResetEvent
0x465040 MultiByteToWideChar
0x465044 GetCurrentProcessId
0x465048 GetCurrentThreadId
0x46504c GetSystemTimeAsFileTime
0x465050 SetConsoleTitleW
0x465054 GetModuleHandleW
0x465058 GetConsoleWindow
0x46505c WaitForSingleObjectEx
0x465060 Sleep
0x465064 AreFileApisANSI
0x465068 GetLocaleInfoEx
0x46506c WideCharToMultiByte
0x465070 GetProcAddress
0x465074 GetModuleHandleA
0x465078 VerifyVersionInfoA
0x46507c CreateWaitableTimerA
0x465080 FormatMessageA
0x465084 LocalFree
0x465088 TlsFree
0x46508c TlsSetValue
0x465090 TlsGetValue
0x465094 TlsAlloc
0x465098 TerminateThread
0x46509c QueueUserAPC
0x4650a0 WaitForMultipleObjects
0x4650a4 SetWaitableTimer
0x4650a8 CreateEventW
0x4650ac SleepEx
0x4650b0 WaitForSingleObject
0x4650b4 SetEvent
0x4650b8 DeleteCriticalSection
0x4650bc InitializeCriticalSectionAndSpinCount
0x4650c0 LeaveCriticalSection
0x4650c4 EnterCriticalSection
0x4650c8 PostQueuedCompletionStatus
0x4650cc GetQueuedCompletionStatus
0x4650d0 CreateIoCompletionPort
0x4650d4 SetLastError
0x4650d8 GetLastError
0x4650dc CloseHandle
0x4650e0 VerSetConditionMask
0x4650e4 InitializeSListHead
USER32.dll
0x465290 GetMessageW
0x465294 GetDC
0x465298 SetWindowPos
0x46529c SendMessageW
0x4652a0 SetWindowTextW
0x4652a4 ShowWindow
0x4652a8 GetAsyncKeyState
0x4652ac DispatchMessageW
0x4652b0 UnhookWindowsHookEx
0x4652b4 TranslateMessage
0x4652b8 SetWindowsHookExW
0x4652bc SetWindowLongW
0x4652c0 SendInput
0x4652c4 GetCursorPos
0x4652c8 ReleaseDC
0x4652cc SetCursorPos
0x4652d0 GetDesktopWindow
0x4652d4 GetClientRect
GDI32.dll
0x465008 CreateCompatibleBitmap
0x46500c SelectObject
0x465010 CreateCompatibleDC
0x465014 DeleteObject
0x465018 BitBlt
ADVAPI32.dll
0x465000 GetUserNameA
ole32.dll
0x4654d8 CreateStreamOnHGlobal
0x4654dc CoInitialize
0x4654e0 CoUninitialize
0x4654e4 CoCreateInstance
gdiplus.dll
0x4654ac GdipDisposeImage
0x4654b0 GdipFree
0x4654b4 GdipGetImageEncodersSize
0x4654b8 GdipCloneImage
0x4654bc GdipGetImageThumbnail
0x4654c0 GdipGetImageEncoders
0x4654c4 GdiplusStartup
0x4654c8 GdipSaveImageToStream
0x4654cc GdipAlloc
0x4654d0 GdipCreateBitmapFromHBITMAP
urlmon.dll
0x4654ec URLDownloadToFileW
WINMM.dll
0x465318 mciSendStringW
0x46531c mciSendCommandW
0x465320 mciSendStringA
MSVCP140.dll
0x4650ec ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
0x4650f0 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x4650f4 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
0x4650f8 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
0x4650fc ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
0x465100 ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x465104 ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x465108 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x46510c ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x465110 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x465114 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
0x465118 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x46511c ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x465120 ??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
0x465124 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
0x465128 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
0x46512c ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
0x465130 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
0x465134 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
0x465138 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
0x46513c ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
0x465140 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
0x465144 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
0x465148 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
0x46514c ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
0x465150 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x465154 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
0x465158 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x46515c ??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
0x465160 ??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
0x465164 ?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
0x465168 ?always_noconv@codecvt_base@std@@QBE_NXZ
0x46516c ?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
0x465170 ?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
0x465174 ?_Incref@facet@locale@std@@UAEXXZ
0x465178 ??Bid@locale@std@@QAEIXZ
0x46517c ?__ExceptionPtrCreate@@YAXPAX@Z
0x465180 ?__ExceptionPtrDestroy@@YAXPAX@Z
0x465184 ?__ExceptionPtrCopy@@YAXPAXPBX@Z
0x465188 ?__ExceptionPtrAssign@@YAXPAXPBX@Z
0x46518c ?__ExceptionPtrCurrentException@@YAXPAX@Z
0x465190 ?__ExceptionPtrRethrow@@YAXPBX@Z
0x465194 ?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
0x465198 ?_Xbad_function_call@std@@YAXXZ
0x46519c _Query_perf_counter
0x4651a0 _Query_perf_frequency
0x4651a4 _Mtx_init_in_situ
0x4651a8 _Mtx_destroy_in_situ
0x4651ac _Mtx_lock
0x4651b0 _Mtx_unlock
0x4651b4 ?_Throw_C_error@std@@YAXH@Z
0x4651b8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
0x4651bc ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
0x4651c0 ?classic@locale@std@@SAABV12@XZ
0x4651c4 ?toupper@?$ctype@D@std@@QBEDD@Z
0x4651c8 ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x4651cc ?getloc@ios_base@std@@QBE?AVlocale@2@XZ
0x4651d0 ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
0x4651d4 ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x4651d8 ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
0x4651dc ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
0x4651e0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
0x4651e4 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
0x4651e8 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
0x4651ec ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
0x4651f0 ?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
0x4651f4 ??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x4651f8 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x4651fc ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x465200 ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
0x465204 ?_Random_device@std@@YAIXZ
0x465208 ?id@?$ctype@D@std@@2V0locale@2@A
0x46520c ?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
0x465210 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x465214 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x465218 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
0x46521c ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
0x465220 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x465224 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
0x465228 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x46522c ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x465230 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x465234 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
0x465238 _Thrd_join
0x46523c _Thrd_id
0x465240 _Cnd_do_broadcast_at_thread_exit
0x465244 ?_Syserror_map@std@@YAPBDH@Z
0x465248 ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
0x46524c ?_Xlength_error@std@@YAXPBD@Z
0x465250 ?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
0x465254 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x465258 ?_Winerror_map@std@@YAHH@Z
0x46525c ?_Xout_of_range@std@@YAXPBD@Z
0x465260 ?_Xinvalid_argument@std@@YAXPBD@Z
0x465264 ?_Xbad_alloc@std@@YAXXZ
0x465268 ?uncaught_exception@std@@YA_NXZ
0x46526c ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
0x465270 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x465274 ?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
0x465278 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x46527c ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
0x465280 ?_Throw_Cpp_error@std@@YAXH@Z
0x465284 ??0_Lockit@std@@QAE@H@Z
0x465288 ??1_Lockit@std@@QAE@XZ
WS2_32.dll
0x465328 freeaddrinfo
0x46532c getaddrinfo
0x465330 WSAAddressToStringW
0x465334 WSASocketW
0x465338 WSASend
0x46533c WSARecv
0x465340 WSAIoctl
0x465344 WSAGetLastError
0x465348 WSASetLastError
0x46534c shutdown
0x465350 setsockopt
0x465354 __WSAFDIsSet
0x465358 ntohs
0x46535c ntohl
0x465360 listen
0x465364 htons
0x465368 htonl
0x46536c getsockopt
0x465370 getsockname
0x465374 getpeername
0x465378 ioctlsocket
0x46537c connect
0x465380 closesocket
0x465384 ind
0x465388 accept
0x46538c WSACleanup
0x465390 WSAStartup
0x465394 select
VCRUNTIME140.dll
0x4652dc __CxxFrameHandler3
0x4652e0 _except_handler4_common
0x4652e4 __current_exception_context
0x4652e8 __current_exception
0x4652ec memchr
0x4652f0 memset
0x4652f4 memmove
0x4652f8 memcpy
0x4652fc _CxxThrowException
0x465300 __std_type_info_compare
0x465304 __std_exception_destroy
0x465308 __std_exception_copy
0x46530c __std_terminate
0x465310 _purecall
api-ms-win-crt-stdio-l1-1-0.dll
0x465448 fsetpos
0x46544c ungetc
0x465450 _popen
0x465454 _get_stream_buffer_pointers
0x465458 fgetc
0x46545c fread
0x465460 fclose
0x465464 fgets
0x465468 _set_fmode
0x46546c fflush
0x465470 fwrite
0x465474 _pclose
0x465478 __stdio_common_vsprintf
0x46547c __p__commode
0x465480 fgetpos
0x465484 setvbuf
0x465488 _fseeki64
0x46548c fputc
api-ms-win-crt-heap-l1-1-0.dll
0x4653b8 _callnewh
0x4653bc realloc
0x4653c0 malloc
0x4653c4 free
0x4653c8 _set_new_mode
api-ms-win-crt-string-l1-1-0.dll
0x465494 tolower
0x465498 toupper
api-ms-win-crt-runtime-l1-1-0.dll
0x4653e8 _initterm
0x4653ec exit
0x4653f0 _exit
0x4653f4 _set_app_type
0x4653f8 _controlfp_s
0x4653fc _cexit
0x465400 _crt_atexit
0x465404 _register_onexit_function
0x465408 _initialize_onexit_table
0x46540c _initialize_narrow_environment
0x465410 _configure_narrow_argv
0x465414 _initterm_e
0x465418 _seh_filter_exe
0x46541c _errno
0x465420 terminate
0x465424 _beginthreadex
0x465428 system
0x46542c _register_thread_local_exe_atexit_callback
0x465430 _c_exit
0x465434 __p___argv
0x465438 _get_initial_narrow_environment
0x46543c _invalid_parameter_noinfo_noreturn
0x465440 __p___argc
api-ms-win-crt-filesystem-l1-1-0.dll
0x4653ac _unlock_file
0x4653b0 _lock_file
api-ms-win-crt-convert-l1-1-0.dll
0x46539c strtol
0x4653a0 strtoul
0x4653a4 atoi
api-ms-win-crt-time-l1-1-0.dll
0x4654a0 _time64
0x4654a4 _localtime64_s
api-ms-win-crt-math-l1-1-0.dll
0x4653dc _libm_sse2_pow_precise
0x4653e0 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x4653d0 _configthreadlocale
0x4653d4 ___lc_codepage_func
EAT(Export Address Table) is none