Created
November 25, 2021 14:46
-
-
Save ghoulgy/4343ce806fc4d1c09817ab26c54c74d0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0x351048: InternetOpenA | |
| 0x351258: InternetConnectA | |
| 0x3512ad: InternetConnectA | |
| 0x351310: InternetCloseHandle | |
| 0x351407: HttpOpenRequestA | |
| 0x3516fd: GetTickCount | |
| 0x351743: GetTickCount | |
| 0x352b64: HttpSendRequestA | |
| 0x352c7f: HttpQueryInfoA | |
| 0x352d78: InternetCloseHandle | |
| 0x352dbd: InternetCloseHandle | |
| 0x352e5e: InternetCloseHandle | |
| 0x352ebc: InternetCloseHandle | |
| 0x352f11: GetTickCount | |
| 0x352f56: GetTickCount | |
| 0x352ff0: InternetCloseHandle | |
| 0x353046: InternetCloseHandle | |
| 0x3530a3: InternetCloseHandle | |
| 0x3530f8: InternetCloseHandle | |
| 0x35335a: InternetCloseHandle | |
| 0x35339f: InternetCloseHandle | |
| 0x354732: HttpSendRequestA | |
| 0x35484a: InternetQueryOptionA | |
| 0x3548b4: InternetQueryOptionA | |
| 0x35493b: InternetSetOptionA | |
| 0x354980: InternetSetOptionA | |
| 0x354a74: GetTickCount | |
| 0x354b5c: GetTickCount | |
| 0x355750: InternetReadFile | |
| 0x35578d: InternetReadFile | |
| 0x355900: InternetReadFile | |
| 0x35593e: InternetReadFile | |
| 0x355afa: InternetCloseHandle | |
| 0x355b49: InternetCloseHandle | |
| 0x355bbf: InternetCloseHandle | |
| 0x355be7: InternetCloseHandle | |
| 0x355c24: InternetCloseHandle | |
| 0x355c81: GetProcessHeap | |
| 0x355d3d: HeapReAlloc | |
| 0x355d7b: HeapReAlloc | |
| 0x35600b: BCryptOpenAlgorithmProvider | |
| 0x35602f: BCryptOpenAlgorithmProvider | |
| 0x3560a2: BCryptOpenAlgorithmProvider | |
| 0x3560c6: BCryptOpenAlgorithmProvider | |
| 0x356158: lstrcpyW | |
| 0x3561a0: lstrcpyW | |
| 0x3562e2: lstrcpyW | |
| 0x35646b: lstrcpyW | |
| 0x356826: lstrcpyW | |
| 0x356ac2: lstrcpyW | |
| 0x356c97: lstrcpyW | |
| 0x356e37: lstrcpyW | |
| 0x3570a2: BCryptCloseAlgorithmProvider | |
| 0x357140: BCryptDestroyKey | |
| 0x35718f: BCryptDestroyKey | |
| 0x357220: BCryptDestroyKey | |
| 0x357278: BCryptDestroyKey | |
| 0x3572b8: BCryptCloseAlgorithmProvider | |
| 0x3572f5: BCryptCloseAlgorithmProvider | |
| 0x357389: BCryptCloseAlgorithmProvider | |
| 0x3573d8: BCryptCloseAlgorithmProvider | |
| 0x35746b: BCryptGetProperty | |
| 0x35758b: BCryptDestroyKey | |
| 0x35762b: BCryptImportKeyPair | |
| 0x357688: BCryptImportKeyPair | |
| 0x357782: BCryptGetProperty | |
| 0x3577c0: BCryptGetProperty | |
| 0x35786f: BCryptGetProperty | |
| 0x357970: BCryptCreateHash | |
| 0x3579eb: BCryptHashData | |
| 0x357a14: BCryptDestroyHash | |
| 0x357ac1: BCryptFinishHash | |
| 0x357aea: BCryptDestroyHash | |
| 0x357b37: BCryptFinishHash | |
| 0x357b5e: BCryptDestroyHash | |
| 0x357d44: BCryptSignHash | |
| 0x357d99: BCryptSignHash | |
| 0x357e74: BCryptSignHash | |
| 0x357ed2: BCryptSignHash | |
| 0x357f25: BCryptSignHash | |
| 0x3583d4: BCryptDecrypt | |
| 0x35842a: BCryptDecrypt | |
| 0x3586e7: CryptBinaryToStringA | |
| 0x358734: CryptBinaryToStringA | |
| 0x358784: CryptBinaryToStringA | |
| 0x35c1be: GetDateFormatA | |
| 0x35c214: GetDateFormatA | |
| 0x35c324: wsprintfA | |
| 0x35cc6f: GetDateFormatA | |
| 0x35ccb4: GetDateFormatA | |
| 0x35e770: GetTickCount | |
| 0x35e9b2: GetModuleFileNameA | |
| 0x35ea0f: GetModuleFileNameA | |
| 0x35f4c1: GetCommandLineW | |
| 0x35f763: GetFullPathNameW | |
| 0x35f93f: GetFileAttributesW | |
| 0x35f97c: GetFileAttributesW | |
| 0x35fa0f: GetFileAttributesW | |
| 0x35fa5f: GetFileAttributesW | |
| 0x35fd85: GetModuleFileNameW | |
| 0x35fdd8: GetModuleFileNameW | |
| 0x35ffe9: GetCommandLineW | |
| 0x360027: GetCommandLineW | |
| 0x360974: GetModuleFileNameW | |
| 0x3609c9: GetModuleFileNameW | |
| 0x360a74: GetModuleFileNameW | |
| 0x360ac1: GetModuleFileNameW | |
| 0x360dce: tan | |
| 0x360e23: tan | |
| 0x361660: ExpandEnvironmentStringsA | |
| 0x3616ae: ExpandEnvironmentStringsA | |
| 0x361720: GetFileAttributesA | |
| 0x361773: GetFileAttributesA | |
| 0x361840: ExpandEnvironmentStringsA | |
| 0x36187d: ExpandEnvironmentStringsA | |
| 0x3618e0: GetFileAttributesA | |
| 0x36192a: GetFileAttributesA | |
| 0x361dc9: CreateToolhelp32Snapshot | |
| 0x361e8f: CreateToolhelp32Snapshot | |
| 0x362047: Process32FirstW | |
| 0x3621a4: Process32NextW | |
| 0x36220b: Process32NextW | |
| 0x3622c6: CloseHandle | |
| 0x362412: GetModuleHandleA | |
| 0x362463: GetModuleHandleA | |
| 0x3626e5: RegOpenKeyExW | |
| 0x362946: GetModuleHandleA | |
| 0x362c4b: GetModuleHandleA | |
| 0x362cbe: GetModuleHandleA | |
| 0x362e76: RegOpenKeyExW | |
| 0x363ae0: ExitProcess | |
| 0x363b0a: RegOpenKeyExW | |
| 0x363e55: GetCommandLineA | |
| 0x363e92: GetCommandLineA | |
| 0x363fc1: ExitProcess | |
| 0x364022: Sleep | |
| 0x36403e: CoInitialize | |
| 0x36407a: Sleep | |
| 0x3640c3: GetTickCount | |
| 0x364113: GetTickCount | |
| 0x3643bd: ExitProcess | |
| 0x36440f: ExitProcess | |
| 0x364a19: HeapAlloc | |
| 0x364a31: GetProcessHeap | |
| 0x364a91: HeapFree | |
| 0x364aa9: GetProcessHeap | |
| 0x364b05: HeapFree | |
| 0x364b1d: GetProcessHeap | |
| 0x364bb4: HeapReAlloc | |
| 0x364c03: HeapReAlloc | |
| 0x364c43: GetProcessHeap | |
| 0x364c91: GetProcessHeap | |
| 0x364d13: HeapReAlloc | |
| 0x364d62: HeapReAlloc | |
| 0x364da2: GetProcessHeap | |
| 0x364ddf: GetProcessHeap | |
| 0x364f15: InitializeProcThreadAttributeList | |
| 0x364f6a: InitializeProcThreadAttributeList | |
| 0x364fb4: InitializeProcThreadAttributeList | |
| 0x365020: UpdateProcThreadAttribute | |
| 0x365075: UpdateProcThreadAttribute | |
| 0x3650c4: GetModuleFileNameA | |
| 0x3650e6: GetCommandLineA | |
| 0x365108: CreateProcessA | |
| 0x36516a: ZwRaiseHardError | |
| 0x365279: WriteProcessMemory | |
| 0x3652b8: ResumeThread | |
| 0x3653dd: InitializeProcThreadAttributeList | |
| 0x365432: InitializeProcThreadAttributeList | |
| 0x36547c: InitializeProcThreadAttributeList | |
| 0x3654f6: UpdateProcThreadAttribute | |
| 0x36553c: UpdateProcThreadAttribute | |
| 0x36558b: GetModuleFileNameA | |
| 0x3655ad: GetCommandLineA | |
| 0x3655cf: CreateProcessA | |
| 0x36562a: ZwRaiseHardError | |
| 0x36570f: WriteProcessMemory | |
| 0x36574b: ResumeThread | |
| 0x365794: ZwRaiseHardError | |
| 0x36581d: ExitProcess | |
| 0x365870: ExitProcess | |
| 0x365930: GetProcAddress | |
| 0x365975: GetProcAddress | |
| 0x365997: LoadLibraryA | |
| 0x365a5a: GetProcAddress | |
| 0x365ab0: GetProcAddress | |
| 0x365ad2: LoadLibraryA | |
| 0x365bc1: SendMessageA | |
| 0x365c17: SendMessageA | |
| 0x365cd1: Sleep | |
| 0x365d52: CreateFileW | |
| 0x365de4: GetModuleFileNameW | |
| 0x365e2a: GetModuleFileNameW | |
| 0x365e62: CreateFileW | |
| 0x365f34: GetModuleFileNameW | |
| 0x365f91: GetModuleFileNameW | |
| 0x365ffb: CloseHandle | |
| 0x366043: CloseHandle | |
| 0x366098: GetFileSize | |
| 0x3660ee: GetFileSize | |
| 0x366128: CreateFileMappingW | |
| 0x3661ca: MapViewOfFile | |
| 0x366210: MapViewOfFile | |
| 0x366350: VirtualProtect | |
| 0x3663a7: VirtualProtect | |
| 0x36680c: SendMessageA | |
| 0x36685a: SendMessageA | |
| 0x366a40: ExitProcess | |
| 0x366e7b: VirtualAlloc | |
| 0x3672ce: VirtualFree | |
| 0x3673ca: NtQueryInformationProcess | |
| 0x36741d: ReadProcessMemory | |
| 0x367499: VirtualAllocEx | |
| 0x3674d7: VirtualAllocEx | |
| 0x3675ae: WriteProcessMemory | |
| 0x3675ee: WriteProcessMemory | |
| 0x3677cf: WriteProcessMemory | |
| 0x367839: WriteProcessMemory | |
| 0x36790c: WriteProcessMemory | |
| 0x367980: WriteProcessMemory | |
| 0x367f31: ReadProcessMemory | |
| 0x367f79: WriteProcessMemory | |
| 0x368159: TerminateProcess | |
| 0x3681ae: CloseHandle | |
| 0x3681fe: CloseHandle | |
| 0x368252: CloseHandle | |
| 0x36828f: CloseHandle | |
| 0x368449: VirtualAllocEx | |
| 0x368601: VirtualAllocEx | |
| 0x3687d1: WriteProcessMemory | |
| 0x36881a: tan | |
| 0x368860: tan | |
| 0x3688dd: WriteProcessMemory | |
| 0x368923: WriteProcessMemory | |
| 0x368c47: OpenProcess | |
| 0x368cad: OpenProcess | |
| 0x368cfb: InitializeProcThreadAttributeList | |
| 0x368d3c: InitializeProcThreadAttributeList | |
| 0x368d8e: UpdateProcThreadAttribute | |
| 0x368ddb: UpdateProcThreadAttribute | |
| 0x368e4f: GetSystemWindowsDirectoryW | |
| 0x36932d: CreateProcessW | |
| 0x36964f: Wow64GetThreadContext | |
| 0x3696a6: Wow64GetThreadContext | |
| 0x3698a2: Wow64SetThreadContext | |
| 0x3698ef: Wow64SetThreadContext | |
| 0x3699a9: ResumeThread | |
| 0x3699fe: ResumeThread | |
| 0x369c0b: GetThreadContext | |
| 0x369c75: GetThreadContext | |
| 0x369cc0: SetThreadContext | |
| 0x369d18: SetThreadContext | |
| 0x369f4d: CreateFileW | |
| 0x369f98: GetFileSize | |
| 0x369fb6: VirtualAlloc | |
| 0x369feb: ReadFile | |
| 0x36a01d: CloseHandle | |
| 0x36a2b2: VirtualFree | |
| 0x36a2f0: VirtualFree | |
| 0x36aa80: lstrlenA | |
| 0x36aabe: lstrlenA | |
| 0x36abd0: lstrlenA | |
| 0x36ac0e: lstrlenA | |
| 0x36ac87: GetTickCount | |
| 0x36ae92: WSAStartup | |
| 0x36aee2: WSAStartup | |
| 0x36af2b: ntohl | |
| 0x36b0b4: inet_ntop | |
| 0x36b0f1: inet_ntop | |
| 0x36b19a: inet_ntop | |
| 0x36b1e9: inet_ntop | |
| 0x36b295: inet_pton | |
| 0x36b2da: lstrlenA | |
| 0x36b440: socket | |
| 0x36b47d: socket | |
| 0x36b615: sendto | |
| 0x36b6d7: sendto | |
| 0x36b774: select | |
| 0x36b7ae: __WSAFDIsSet | |
| 0x36b860: socket | |
| 0x36b8ae: socket | |
| 0x36b920: recvfrom | |
| 0x36b96e: recvfrom | |
| 0x36ba21: lstrlenA | |
| 0x36bce0: recvfrom | |
| 0x36bd1e: recvfrom | |
| 0x36bdb3: shutdown | |
| 0x36bdd2: closesocket | |
| 0x36bf8d: inet_ntop | |
| 0x36c445: GetTickCount | |
| 0x36c482: GetTickCount | |
| 0x36c70b: GetTickCount | |
| 0x36c758: GetTickCount | |
| 0x36d827: HeapFree | |
| 0x36d84a: GetProcessHeap | |
| 0x36d940: HeapFree | |
| 0x36d960: GetProcessHeap | |
| 0x36dea4: HeapFree | |
| 0x36dec8: GetProcessHeap | |
| 0x36dfc4: HeapFree | |
| 0x36dfe4: GetProcessHeap | |
| 0x36e4ff: GetSystemTime | |
| 0x36e545: GetSystemTime | |
| 0x36e56a: GetDateFormatA | |
| 0x36e8ba: GetTimeFormatA | |
| 0x36e903: GetTimeFormatA | |
| 0x371bf2: Sleep | |
| 0x371fcc: GetTickCount | |
| 0x372085: Sleep | |
| 0x3720d3: Sleep | |
| 0x3732f7: Sleep | |
| 0x373abc: lstrcatA | |
| 0x373b17: lstrcatW | |
| 0x373b6c: lstrcatW | |
| 0x374374: MultiByteToWideChar | |
| 0x3743c1: MultiByteToWideChar | |
| 0x374417: MultiByteToWideChar | |
| 0x3753fd: GetComputerNameW | |
| 0x375533: OpenMutexW | |
| 0x375582: OpenMutexW | |
| 0x3755bb: GetComputerNameW | |
| 0x3756cc: CreateMutexW | |
| 0x3756f4: GetLastError | |
| 0x37580c: GetSystemDefaultLangID | |
| 0x3758be: GetKeyboardLayoutList | |
| 0x375904: HeapAlloc | |
| 0x375953: HeapAlloc | |
| 0x3759ac: GetProcessHeap | |
| 0x3759ea: GetProcessHeap | |
| 0x375a3d: GetKeyboardLayoutList | |
| 0x375acf: GetKeyboardLayoutList | |
| 0x375b1d: GetKeyboardLayoutList | |
| 0x375ba6: HeapFree | |
| 0x375bf4: GetProcessHeap | |
| 0x375c41: GetProcessHeap | |
| 0x375c9e: HeapFree | |
| 0x375d22: HeapAlloc | |
| 0x375d63: HeapAlloc | |
| 0x375dbb: GetProcessHeap | |
| 0x375e08: GetProcessHeap | |
| 0x375e30: GetProcessHeap | |
| 0x375e7d: GetProcessHeap | |
| 0x375eed: ExitProcess | |
| 0x375f2a: ExitProcess | |
| 0x375f50: CloseHandle | |
| 0x375fad: ExitProcess | |
| 0x375feb: ExitProcess | |
| 0x376010: CloseHandle | |
| 0x376030: ExitProcess | |
| 351000: restored microcode from idb | |
| 351000: restored pseudocode from idb | |
| 355FA0: restored microcode from idb | |
| 355FA0: restored pseudocode from idb | |
| 3753D0: restored microcode from idb | |
| 3753D0: restored pseudocode from idb | |
| 0x351048: InternetOpenA | |
| 0x351258: InternetConnectA | |
| 0x3512ad: InternetConnectA | |
| 0x351310: InternetCloseHandle | |
| 0x351407: HttpOpenRequestA | |
| 0x3516fd: GetTickCount | |
| 0x351743: GetTickCount | |
| 0x352b64: HttpSendRequestA | |
| 0x352c7f: HttpQueryInfoA | |
| 0x352d78: InternetCloseHandle | |
| 0x352dbd: InternetCloseHandle | |
| 0x352e5e: InternetCloseHandle | |
| 0x352ebc: InternetCloseHandle | |
| 0x352f11: GetTickCount | |
| 0x352f56: GetTickCount | |
| 0x352ff0: InternetCloseHandle | |
| 0x353046: InternetCloseHandle | |
| 0x3530a3: InternetCloseHandle | |
| 0x3530f8: InternetCloseHandle | |
| 0x35335a: InternetCloseHandle | |
| 0x35339f: InternetCloseHandle | |
| 0x354732: HttpSendRequestA | |
| 0x35484a: InternetQueryOptionA | |
| 0x3548b4: InternetQueryOptionA | |
| 0x35493b: InternetSetOptionA | |
| 0x354980: InternetSetOptionA | |
| 0x354a74: GetTickCount | |
| 0x354b5c: GetTickCount | |
| 0x355750: InternetReadFile | |
| 0x35578d: InternetReadFile | |
| 0x355900: InternetReadFile | |
| 0x35593e: InternetReadFile | |
| 0x355afa: InternetCloseHandle | |
| 0x355b49: InternetCloseHandle | |
| 0x355bbf: InternetCloseHandle | |
| 0x355be7: InternetCloseHandle | |
| 0x355c24: InternetCloseHandle | |
| 0x355c81: GetProcessHeap | |
| 0x355d3d: HeapReAlloc | |
| 0x355d7b: HeapReAlloc | |
| 0x35600b: BCryptOpenAlgorithmProvider | |
| 0x35602f: BCryptOpenAlgorithmProvider | |
| 0x3560a2: BCryptOpenAlgorithmProvider | |
| 0x3560c6: BCryptOpenAlgorithmProvider | |
| 0x356158: lstrcpyW | |
| 0x3561a0: lstrcpyW | |
| 0x3562e2: lstrcpyW | |
| 0x35646b: lstrcpyW | |
| 0x356826: lstrcpyW | |
| 0x356ac2: lstrcpyW | |
| 0x356c97: lstrcpyW | |
| 0x356e37: lstrcpyW | |
| 0x3570a2: BCryptCloseAlgorithmProvider | |
| 0x357140: BCryptDestroyKey | |
| 0x35718f: BCryptDestroyKey | |
| 0x357220: BCryptDestroyKey | |
| 0x357278: BCryptDestroyKey | |
| 0x3572b8: BCryptCloseAlgorithmProvider | |
| 0x3572f5: BCryptCloseAlgorithmProvider | |
| 0x357389: BCryptCloseAlgorithmProvider | |
| 0x3573d8: BCryptCloseAlgorithmProvider | |
| 0x35746b: BCryptGetProperty | |
| 0x35758b: BCryptDestroyKey | |
| 0x35762b: BCryptImportKeyPair | |
| 0x357688: BCryptImportKeyPair | |
| 0x357782: BCryptGetProperty | |
| 0x3577c0: BCryptGetProperty | |
| 0x35786f: BCryptGetProperty | |
| 0x357970: BCryptCreateHash | |
| 0x3579eb: BCryptHashData | |
| 0x357a14: BCryptDestroyHash | |
| 0x357ac1: BCryptFinishHash | |
| 0x357aea: BCryptDestroyHash | |
| 0x357b37: BCryptFinishHash | |
| 0x357b5e: BCryptDestroyHash | |
| 0x357d44: BCryptSignHash | |
| 0x357d99: BCryptSignHash | |
| 0x357e74: BCryptSignHash | |
| 0x357ed2: BCryptSignHash | |
| 0x357f25: BCryptSignHash | |
| 0x3583d4: BCryptDecrypt | |
| 0x35842a: BCryptDecrypt | |
| 0x3586e7: CryptBinaryToStringA | |
| 0x358734: CryptBinaryToStringA | |
| 0x358784: CryptBinaryToStringA | |
| 0x35c1be: GetDateFormatA | |
| 0x35c214: GetDateFormatA | |
| 0x35c324: wsprintfA | |
| 0x35cc6f: GetDateFormatA | |
| 0x35ccb4: GetDateFormatA | |
| 0x35e770: GetTickCount | |
| 0x35e9b2: GetModuleFileNameA | |
| 0x35ea0f: GetModuleFileNameA | |
| 0x35f4c1: GetCommandLineW | |
| 0x35f763: GetFullPathNameW | |
| 0x35f93f: GetFileAttributesW | |
| 0x35f97c: GetFileAttributesW | |
| 0x35fa0f: GetFileAttributesW | |
| 0x35fa5f: GetFileAttributesW | |
| 0x35fd85: GetModuleFileNameW | |
| 0x35fdd8: GetModuleFileNameW | |
| 0x35ffe9: GetCommandLineW | |
| 0x360027: GetCommandLineW | |
| 0x360974: GetModuleFileNameW | |
| 0x3609c9: GetModuleFileNameW | |
| 0x360a74: GetModuleFileNameW | |
| 0x360ac1: GetModuleFileNameW | |
| 0x360dce: tan | |
| 0x360e23: tan | |
| 0x361660: ExpandEnvironmentStringsA | |
| 0x3616ae: ExpandEnvironmentStringsA | |
| 0x361720: GetFileAttributesA | |
| 0x361773: GetFileAttributesA | |
| 0x361840: ExpandEnvironmentStringsA | |
| 0x36187d: ExpandEnvironmentStringsA | |
| 0x3618e0: GetFileAttributesA | |
| 0x36192a: GetFileAttributesA | |
| 0x361dc9: CreateToolhelp32Snapshot | |
| 0x361e8f: CreateToolhelp32Snapshot | |
| 0x362047: Process32FirstW | |
| 0x3621a4: Process32NextW | |
| 0x36220b: Process32NextW | |
| 0x3622c6: CloseHandle | |
| 0x362412: GetModuleHandleA | |
| 0x362463: GetModuleHandleA | |
| 0x3626e5: RegOpenKeyExW | |
| 0x362946: GetModuleHandleA | |
| 0x362c4b: GetModuleHandleA | |
| 0x362cbe: GetModuleHandleA | |
| 0x362e76: RegOpenKeyExW | |
| 0x363ae0: ExitProcess | |
| 0x363b0a: RegOpenKeyExW | |
| 0x363e55: GetCommandLineA | |
| 0x363e92: GetCommandLineA | |
| 0x363fc1: ExitProcess | |
| 0x364022: Sleep | |
| 0x36403e: CoInitialize | |
| 0x36407a: Sleep | |
| 0x3640c3: GetTickCount | |
| 0x364113: GetTickCount | |
| 0x3643bd: ExitProcess | |
| 0x36440f: ExitProcess | |
| 0x364a19: HeapAlloc | |
| 0x364a31: GetProcessHeap | |
| 0x364a91: HeapFree | |
| 0x364aa9: GetProcessHeap | |
| 0x364b05: HeapFree | |
| 0x364b1d: GetProcessHeap | |
| 0x364bb4: HeapReAlloc | |
| 0x364c03: HeapReAlloc | |
| 0x364c43: GetProcessHeap | |
| 0x364c91: GetProcessHeap | |
| 0x364d13: HeapReAlloc | |
| 0x364d62: HeapReAlloc | |
| 0x364da2: GetProcessHeap | |
| 0x364ddf: GetProcessHeap | |
| 0x364f15: InitializeProcThreadAttributeList | |
| 0x364f6a: InitializeProcThreadAttributeList | |
| 0x364fb4: InitializeProcThreadAttributeList | |
| 0x365020: UpdateProcThreadAttribute | |
| 0x365075: UpdateProcThreadAttribute | |
| 0x3650c4: GetModuleFileNameA | |
| 0x3650e6: GetCommandLineA | |
| 0x365108: CreateProcessA | |
| 0x36516a: ZwRaiseHardError | |
| 0x365279: WriteProcessMemory | |
| 0x3652b8: ResumeThread | |
| 0x3653dd: InitializeProcThreadAttributeList | |
| 0x365432: InitializeProcThreadAttributeList | |
| 0x36547c: InitializeProcThreadAttributeList | |
| 0x3654f6: UpdateProcThreadAttribute | |
| 0x36553c: UpdateProcThreadAttribute | |
| 0x36558b: GetModuleFileNameA | |
| 0x3655ad: GetCommandLineA | |
| 0x3655cf: CreateProcessA | |
| 0x36562a: ZwRaiseHardError | |
| 0x36570f: WriteProcessMemory | |
| 0x36574b: ResumeThread | |
| 0x365794: ZwRaiseHardError | |
| 0x36581d: ExitProcess | |
| 0x365870: ExitProcess | |
| 0x365930: GetProcAddress | |
| 0x365975: GetProcAddress | |
| 0x365997: LoadLibraryA | |
| 0x365a5a: GetProcAddress | |
| 0x365ab0: GetProcAddress | |
| 0x365ad2: LoadLibraryA | |
| 0x365bc1: SendMessageA | |
| 0x365c17: SendMessageA | |
| 0x365cd1: Sleep | |
| 0x365d52: CreateFileW | |
| 0x365de4: GetModuleFileNameW | |
| 0x365e2a: GetModuleFileNameW | |
| 0x365e62: CreateFileW | |
| 0x365f34: GetModuleFileNameW | |
| 0x365f91: GetModuleFileNameW | |
| 0x365ffb: CloseHandle | |
| 0x366043: CloseHandle | |
| 0x366098: GetFileSize | |
| 0x3660ee: GetFileSize | |
| 0x366128: CreateFileMappingW | |
| 0x3661ca: MapViewOfFile | |
| 0x366210: MapViewOfFile | |
| 0x366350: VirtualProtect | |
| 0x3663a7: VirtualProtect | |
| 0x36680c: SendMessageA | |
| 0x36685a: SendMessageA | |
| 0x366a40: ExitProcess | |
| 0x366e7b: VirtualAlloc | |
| 0x3672ce: VirtualFree | |
| 0x3673ca: NtQueryInformationProcess | |
| 0x36741d: ReadProcessMemory | |
| 0x367499: VirtualAllocEx | |
| 0x3674d7: VirtualAllocEx | |
| 0x3675ae: WriteProcessMemory | |
| 0x3675ee: WriteProcessMemory | |
| 0x3677cf: WriteProcessMemory | |
| 0x367839: WriteProcessMemory | |
| 0x36790c: WriteProcessMemory | |
| 0x367980: WriteProcessMemory | |
| 0x367f31: ReadProcessMemory | |
| 0x367f79: WriteProcessMemory | |
| 0x368159: TerminateProcess | |
| 0x3681ae: CloseHandle | |
| 0x3681fe: CloseHandle | |
| 0x368252: CloseHandle | |
| 0x36828f: CloseHandle | |
| 0x368449: VirtualAllocEx | |
| 0x368601: VirtualAllocEx | |
| 0x3687d1: WriteProcessMemory | |
| 0x36881a: tan | |
| 0x368860: tan | |
| 0x3688dd: WriteProcessMemory | |
| 0x368923: WriteProcessMemory | |
| 0x368c47: OpenProcess | |
| 0x368cad: OpenProcess | |
| 0x368cfb: InitializeProcThreadAttributeList | |
| 0x368d3c: InitializeProcThreadAttributeList | |
| 0x368d8e: UpdateProcThreadAttribute | |
| 0x368ddb: UpdateProcThreadAttribute | |
| 0x368e4f: GetSystemWindowsDirectoryW | |
| 0x36932d: CreateProcessW | |
| 0x36964f: Wow64GetThreadContext | |
| 0x3696a6: Wow64GetThreadContext | |
| 0x3698a2: Wow64SetThreadContext | |
| 0x3698ef: Wow64SetThreadContext | |
| 0x3699a9: ResumeThread | |
| 0x3699fe: ResumeThread | |
| 0x369c0b: GetThreadContext | |
| 0x369c75: GetThreadContext | |
| 0x369cc0: SetThreadContext | |
| 0x369d18: SetThreadContext | |
| 0x369f4d: CreateFileW | |
| 0x369f98: GetFileSize | |
| 0x369fb6: VirtualAlloc | |
| 0x369feb: ReadFile | |
| 0x36a01d: CloseHandle | |
| 0x36a2b2: VirtualFree | |
| 0x36a2f0: VirtualFree | |
| 0x36aa80: lstrlenA | |
| 0x36aabe: lstrlenA | |
| 0x36abd0: lstrlenA | |
| 0x36ac0e: lstrlenA | |
| 0x36ac87: GetTickCount | |
| 0x36ae92: WSAStartup | |
| 0x36aee2: WSAStartup | |
| 0x36af2b: ntohl | |
| 0x36b0b4: inet_ntop | |
| 0x36b0f1: inet_ntop | |
| 0x36b19a: inet_ntop | |
| 0x36b1e9: inet_ntop | |
| 0x36b295: inet_pton | |
| 0x36b2da: lstrlenA | |
| 0x36b440: socket | |
| 0x36b47d: socket | |
| 0x36b615: sendto | |
| 0x36b6d7: sendto | |
| 0x36b774: select | |
| 0x36b7ae: __WSAFDIsSet | |
| 0x36b860: socket | |
| 0x36b8ae: socket | |
| 0x36b920: recvfrom | |
| 0x36b96e: recvfrom | |
| 0x36ba21: lstrlenA | |
| 0x36bce0: recvfrom | |
| 0x36bd1e: recvfrom | |
| 0x36bdb3: shutdown | |
| 0x36bdd2: closesocket | |
| 0x36bf8d: inet_ntop | |
| 0x36c445: GetTickCount | |
| 0x36c482: GetTickCount | |
| 0x36c70b: GetTickCount | |
| 0x36c758: GetTickCount | |
| 0x36d827: HeapFree | |
| 0x36d84a: GetProcessHeap | |
| 0x36d940: HeapFree | |
| 0x36d960: GetProcessHeap | |
| 0x36dea4: HeapFree | |
| 0x36dec8: GetProcessHeap | |
| 0x36dfc4: HeapFree | |
| 0x36dfe4: GetProcessHeap | |
| 0x36e4ff: GetSystemTime | |
| 0x36e545: GetSystemTime | |
| 0x36e56a: GetDateFormatA | |
| 0x36e8ba: GetTimeFormatA | |
| 0x36e903: GetTimeFormatA | |
| 0x371bf2: Sleep | |
| 0x371fcc: GetTickCount | |
| 0x372085: Sleep | |
| 0x3720d3: Sleep | |
| 0x3732f7: Sleep | |
| 0x373abc: lstrcatA | |
| 0x373b17: lstrcatW | |
| 0x373b6c: lstrcatW | |
| 0x374374: MultiByteToWideChar | |
| 0x3743c1: MultiByteToWideChar | |
| 0x374417: MultiByteToWideChar | |
| 0x3753fd: GetComputerNameW | |
| 0x375533: OpenMutexW | |
| 0x375582: OpenMutexW | |
| 0x3755bb: GetComputerNameW | |
| 0x3756cc: CreateMutexW | |
| 0x3756f4: GetLastError | |
| 0x37580c: GetSystemDefaultLangID | |
| 0x3758be: GetKeyboardLayoutList | |
| 0x375904: HeapAlloc | |
| 0x375953: HeapAlloc | |
| 0x3759ac: GetProcessHeap | |
| 0x3759ea: GetProcessHeap | |
| 0x375a3d: GetKeyboardLayoutList | |
| 0x375acf: GetKeyboardLayoutList | |
| 0x375b1d: GetKeyboardLayoutList | |
| 0x375ba6: HeapFree | |
| 0x375bf4: GetProcessHeap | |
| 0x375c41: GetProcessHeap | |
| 0x375c9e: HeapFree | |
| 0x375d22: HeapAlloc | |
| 0x375d63: HeapAlloc | |
| 0x375dbb: GetProcessHeap | |
| 0x375e08: GetProcessHeap | |
| 0x375e30: GetProcessHeap | |
| 0x375e7d: GetProcessHeap | |
| 0x375eed: ExitProcess | |
| 0x375f2a: ExitProcess | |
| 0x375f50: CloseHandle | |
| 0x375fad: ExitProcess | |
| 0x375feb: ExitProcess | |
| 0x376010: CloseHandle | |
| 0x376030: ExitProcess |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment