Created
October 30, 2018 00:45
-
-
Save malwarezone/b406da290b873d2ae7867ec79029a88e to your computer and use it in GitHub Desktop.
Tags for a TrickBot sample: c3737aaf6b613a7c7d5e0c6d3c0d60a2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 10b4 | ole32.CoInitializeEx | |
|---|---|---|
| 10d3 | ole32.CoInitializeSecurity | |
| 1260 | kernel32.VirtualFreeEx | |
| 1293 | kernel32.MultiByteToWideChar | |
| 12c7 | kernel32.MultiByteToWideChar | |
| 13e6 | msvcrt.memcpy | |
| 141a | OLEAUT32.SysAllocString | |
| 145b | msvcrt._controlfp | |
| 1537 | msvcrt._vsnwprintf | |
| 1609 | kernel32.GetModuleHandleW | |
| 160c | kernel32.GetProcAddress | |
| 163b | kernel32.lstrlenW | |
| 1827 | kernel32.lstrcmpiW | |
| 188b | kernel32.CreateFileW | |
| 18ad | kernel32.WriteFile | |
| 18c5 | kernel32.CloseHandle | |
| 19bf | kernel32.InitializeCriticalSectionAndSpinCount | |
| 1ab0 | msvcrt.??3@YAXPAX@Z | |
| 1b05 | kernel32.lstrlenA | |
| 1d44 | Ncrypt.NCryptOpenStorageProvider | |
| 1d7f | Ncrypt.NCryptImportKey | |
| 1d8a3 | OLEAUT32.SysAllocString | |
| 1d8db | kernel32.GetVersion | |
| 1d913 | taskschd.DllUnregisterServer | |
| 1d932 | taskschd.DllUnregisterServer | |
| 1d97a | taskschd.DllUnregisterServer | |
| 1d982 | OLEAUT32.VariantClear | |
| 1d9a2 | taskschd.DllUnregisterServer | |
| 1d9b4 | taskschd.DllGetClassObject | |
| 1d9cd | SHLWAPI.StrStrIW | |
| 1d9fc | kernel32.lstrcmpW | |
| 1da20 | OLEAUT32.SysFreeString | |
| 1da2e | OLEAUT32.SysFreeString | |
| 1da3d | taskschd.DllGetClassObject | |
| 1da56 | taskschd.DllUnregisterServer | |
| 1da66 | taskschd.DllUnregisterServer | |
| 1da80 | taskschd.DllUnregisterServer | |
| 1dac8 | taskschd.DllUnregisterServer | |
| 1dad0 | OLEAUT32.VariantClear | |
| 1dafc | taskschd.DllGetClassObject | |
| 1db0c | taskschd.DllUnregisterServer | |
| 1db73 | ADVAPI32.AllocateAndInitializeSid | |
| 1dba9 | ADVAPI32.LookupAccountSidW | |
| 1dbc8 | kernel32.GetCurrentProcess | |
| 1dbd6 | ADVAPI32.OpenProcessToken | |
| 1dbff | ADVAPI32.GetTokenInformation | |
| 1dc9 | Ncrypt.NCryptDeleteKey | |
| 1dd2c | msvcrt._time64 | |
| 1dd3e | msvcrt._localtime64 | |
| 1dd68 | msvcrt.wcsftime | |
| 1dd7 | Ncrypt.NCryptFreeObject | |
| 1de63 | ADVAPI32.FreeSid | |
| 1de79 | kernel32.CloseHandle | |
| 1e2e8 | ole32.CoCreateInstance | |
| 1e56e | taskschd.DllGetClassObject | |
| 1e5d5 | taskschd.DllGetClassObject | |
| 1e5e4 | taskschd.DllGetClassObject | |
| 1e611 | taskschd.DllGetClassObject | |
| 1e6df | OLEAUT32.VariantInit | |
| 1e6f7 | OLEAUT32.VariantInit | |
| 1e7e1 | taskschd.DllUnregisterServer | |
| 1e7ff | OLEAUT32.VariantClear | |
| 1e805 | OLEAUT32.VariantClear | |
| 1e80b | OLEAUT32.VariantClear | |
| 1e85d | OLEAUT32.VariantInit | |
| 1e878 | OLEAUT32.VariantInit | |
| 1e896 | OLEAUT32.VariantInit | |
| 1e957 | taskschd.DllUnregisterServer | |
| 1e96f | OLEAUT32.VariantClear | |
| 1e975 | OLEAUT32.VariantClear | |
| 1e97b | OLEAUT32.VariantClear | |
| 1eb20 | ntdll.RtlEnterCriticalSection | |
| 1eb41 | ntdll.RtlLeaveCriticalSection | |
| 1eb54 | kernel32.Sleep | |
| 1ebd | ntdll.RtlEnterCriticalSection | |
| 1ee4 | ntdll.RtlLeaveCriticalSection | |
| 1f02 | msvcrt._time64 | |
| 1f61 | OLEAUT32.SysAllocString | |
| 1f69 | OLEAUT32.SysAllocString | |
| 1f6e2 | SHLWAPI.PathRenameExtensionW | |
| 1f6f6 | kernel32.GetFileAttributesW | |
| 1f933 | kernel32.GetFileAttributesW | |
| 1fd7b | msvcrt.tolower | |
| 204f6 | kernel32.GetVersionExW | |
| 20553 | kernel32.GetFileAttributesW | |
| 206bf | SHLWAPI.StrStrIW | |
| 206f8 | WINHTTP.WinHttpCloseHandle | |
| 20702 | WINHTTP.WinHttpCloseHandle | |
| 2070c | WINHTTP.WinHttpCloseHandle | |
| 2076f | WINHTTP.WinHttpConnect | |
| 20820 | WINHTTP.WinHttpCloseHandle | |
| 20841 | WINHTTP.WinHttpSetTimeouts | |
| 20878 | WINHTTP.WinHttpOpenRequest | |
| 2089a | WINHTTP.WinHttpSetOption | |
| 208ae | WINHTTP.WinHttpSendRequest | |
| 208c8 | kernel32.Sleep | |
| 208d2 | WINHTTP.WinHttpCloseHandle | |
| 208ef | WINHTTP.WinHttpReceiveResponse | |
| 2090c | WINHTTP.WinHttpQueryHeaders | |
| 20960 | WINHTTP.WinHttpCloseHandle | |
| 20981 | WINHTTP.WinHttpSetTimeouts | |
| 209b8 | WINHTTP.WinHttpOpenRequest | |
| 209de | WINHTTP.WinHttpSetOption | |
| 20a01 | WINHTTP.WinHttpSendRequest | |
| 20a10 | WINHTTP.WinHttpReceiveResponse | |
| 20a2d | WINHTTP.WinHttpQueryHeaders | |
| 20aad | WINHTTP.WinHttpQueryDataAvailable | |
| 20af1 | WINHTTP.WinHttpReadData | |
| 21193 | WINHTTP.WinHttpOpen | |
| 21283 | kernel32.GetTickCount | |
| 21637 | kernel32.GetFullPathNameW | |
| 2170f | msvcrt._time64 | |
| 2174b | msvcrt._time64 | |
| 2183d | kernel32.GetFileAttributesW | |
| 21860 | SHLWAPI.PathRemoveBackslashW | |
| 21874 | kernel32.CreateDirectoryW | |
| 21889 | SHLWAPI.PathAddBackslashW | |
| 218b1 | msvcrt._time64 | |
| 21ad | kernel32.GetFullPathNameW | |
| 21c50 | ntdll.KiFastSystemCallRet | |
| 21c53 | ntdll.KiFastSystemCallRet | |
| 21c55 | ntdll.KiFastSystemCallRet | |
| 21c5c | ntdll.KiFastSystemCallRet | |
| 21c5f | ntdll.KiFastSystemCallRet | |
| 21c62 | ntdll.KiFastSystemCallRet | |
| 21ca | SHLWAPI.PathAddBackslashW | |
| 21cc2 | msvcrt.rand | |
| 21e74 | msvcrt.rand | |
| 21ef5 | msvcrt.rand | |
| 21f26 | msvcrt.rand | |
| 21f3d | ntdll.KiFastSystemCallRet | |
| 21fa6 | msvcrt.rand | |
| 222b | kernel32.FindFirstFileW | |
| 227d3 | msvcrt.rand | |
| 228ad | msvcrt.rand | |
| 229aa | ntdll.KiFastSystemCallRet | |
| 229b9 | kernel32.WriteFile | |
| 229d7 | kernel32.WriteFile | |
| 22bd8 | kernel32.CreateFileW | |
| 22bf8 | kernel32.SetFilePointer | |
| 22c14 | kernel32.SetFilePointer | |
| 22c48 | kernel32.ReadFile | |
| 22c5a | kernel32.CloseHandle | |
| 22c91 | kernel32.CloseHandle | |
| 22cd2 | msvcrt.rand | |
| 22da2 | msvcrt.rand | |
| 22de8 | msvcrt.rand | |
| 2303 | kernel32.FindNextFileW | |
| 230d | kernel32.GetLastError | |
| 2313b | kernel32.FindFirstFileW | |
| 23179 | kernel32.lstrcmpiW | |
| 2319a | kernel32.lstrcmpiW | |
| 232b8 | kernel32.Sleep | |
| 232b | kernel32.FindClose | |
| 232ce | kernel32.FindNextFileW | |
| 232e7 | kernel32.FindClose | |
| 2331d | msvcrt.rand | |
| 2338d | kernel32.CreateFileW | |
| 23412 | msvcrt.rand | |
| 2343a | msvcrt.rand | |
| 23458 | msvcrt.rand | |
| 2347a | msvcrt.rand | |
| 235ce | USER32.wsprintfA | |
| 23708 | msvcrt.rand | |
| 2372b | msvcrt.rand | |
| 23762 | kernel32.CloseHandle | |
| 23bdd | SHELL32.SHGetFolderPathW | |
| 23c13 | SHELL32.SHGetFolderPathW | |
| 23c32 | kernel32.lstrcmpiW | |
| 23eee | kernel32.FindFirstFileW | |
| 240ec | kernel32.FindNextFileW | |
| 24106 | kernel32.FindClose | |
| 246b7 | msvcrt.__wgetmainargs | |
| 246c5 | msvcrt._initterm | |
| 246de | kernel32.GetStartupInfoW | |
| 24706 | kernel32.InterlockedCompareExchange | |
| 24799 | kernel32.InterlockedExchange | |
| 24910 | msvcrt.__set_app_type | |
| 24926 | msvcrt.__p__fmode | |
| 24934 | msvcrt.__p__commode | |
| 24c8 | msvcrt._initterm | |
| 2641 | msxml3.DllGetClassObject | |
| 2661 | msxml3..text | |
| 2696 | kernel32.lstrcmpiW | |
| 26ad | msxml3.DllCanUnloadNow | |
| 26cd | OLEAUT32.SysFreeString | |
| 26ef | msxml3.DllRegisterServer | |
| 2706 | msxml3.DllGetClassObject | |
| 2737 | kernel32.lstrcmpiW | |
| 2741 | msvcrt._wtoi | |
| 275a | msxml3.DllCanUnloadNow | |
| 276b | msxml3.DllMain | |
| 278e | OLEAUT32.SysFreeString | |
| 2798 | OLEAUT32.SysFreeString | |
| 27b7 | msxml3.DllGetClassObject | |
| 28e1 | kernel32.GetTickCount | |
| 2b5b | kernel32.GetFileAttributesW | |
| 2ba1 | kernel32.CreateDirectoryW | |
| 2cae | kernel32.lstrcmpiW | |
| 2ce3 | kernel32.lstrcmpiW | |
| 2d1c | kernel32.lstrcmpiW | |
| 2db0 | OLEAUT32.SysFreeString | |
| 2dbe | OLEAUT32.SysFreeString | |
| 2e7c | ADVAPI32.ConvertStringSecurityDescriptorToSecurityDescriptorW | |
| 2ec5 | kernel32.CreateMutexW | |
| 2ede | kernel32.LocalFree | |
| 2eee | kernel32.GetLastError | |
| 31d8 | msxml3.DllRegisterServer | |
| 31f7 | msxml3..text | |
| 320e | msxml3.DllCanUnloadNow | |
| 32b8 | OLEAUT32.SysFreeString | |
| 32cd | OLEAUT32.SysFreeString | |
| 32e8 | msxml3.DllCanUnloadNow | |
| 3302 | msxml3.DllRegisterServer | |
| 3334 | kernel32.lstrcmpiW | |
| 334b | msxml3.DllGetClassObject | |
| 337e | msvcrt._wtoi | |
| 33f0 | msvcrt.rand | |
| 3499 | msxml3.DllMain | |
| 359f | OLEAUT32.SysFreeString | |
| 35ad | OLEAUT32.SysFreeString | |
| 35d2 | msxml3.DllGetClassObject | |
| 363a | ADVAPI32.GetUserNameW | |
| 3849 | ntdll.RtlEnterCriticalSection | |
| 3864 | ntdll.RtlLeaveCriticalSection | |
| 389f | kernel32.lstrcmpiW | |
| 3980 | ntdll.RtlEnterCriticalSection | |
| 3a14 | ntdll.RtlLeaveCriticalSection | |
| 3b2f | kernel32.Sleep | |
| 3bc1 | ntdll.RtlEnterCriticalSection | |
| 3bda | ntdll.RtlLeaveCriticalSection | |
| 3be1 | kernel32.BaseThreadInitThunk | |
| 3da6 | kernel32.GetVersionExW | |
| 3de1 | kernel32.GetModuleHandleW | |
| 3de4 | kernel32.GetProcAddress | |
| 3dfa | kernel32.GetNativeSystemInfo | |
| 403e | kernel32.InitializeCriticalSectionAndSpinCount | |
| 4057 | ntdll.RtlEnterCriticalSection | |
| 4078 | ntdll.RtlLeaveCriticalSection | |
| 40e0 | ntdll.KiFastSystemCallRet | |
| 4129 | bcryptprimitives.GetHashInterface | |
| 4129 | ntdll.KiFastSystemCallRet | |
| 41c2 | bcryptprimitives.GetHashInterface | |
| 4437 | msxml3.DllRegisterServer | |
| 4456 | msxml3..text | |
| 446d | msxml3.DllCanUnloadNow | |
| 44ae | OLEAUT32.SysFreeString | |
| 44bf | OLEAUT32.SysFreeString | |
| 44d6 | msxml3.DllCanUnloadNow | |
| 44f0 | msxml3.DllRegisterServer | |
| 4522 | kernel32.lstrcmpiW | |
| 45cb | msvcrt._wtoi | |
| 45e5 | msxml3.DllMain | |
| 4615 | OLEAUT32.SysFreeString | |
| 4623 | OLEAUT32.SysFreeString | |
| 4648 | msxml3.DllGetClassObject | |
| 4b4e | kernel32.Sleep | |
| 4d57 | ntdll.KiFastSystemCallRet | |
| 4dfe | msvcrt._itow | |
| 4ec7 | kernel32.GetModuleHandleW | |
| 4eca | kernel32.GetProcAddress | |
| 4eee | kernel32.lstrlenA | |
| 4ff8 | ntdll.ZwQueryInformationProcess | |
| 5279 | ntdll.KiFastSystemCallRet | |
| 52e9 | kernel32.ReadProcessMemory | |
| 5356 | kernel32.GetCurrentProcess | |
| 535b | ADVAPI32.OpenProcessToken | |
| 537d | ADVAPI32.GetTokenInformation | |
| 53a2 | ADVAPI32.AllocateAndInitializeSid | |
| 53bb | ADVAPI32.EqualSid | |
| 53d3 | ADVAPI32.FreeSid | |
| 53e9 | kernel32.CloseHandle | |
| 5414 | ntdll.RtlEnterCriticalSection | |
| 5466 | ntdll.RtlLeaveCriticalSection | |
| 54bc | msvcrt._wtoi | |
| 57cb | OLEAUT32.SysAllocString | |
| 57df | OLEAUT32.SysFreeString | |
| 59ae | ADVAPI32.CryptAcquireContextW | |
| 59fb | ADVAPI32.CryptImportKey | |
| 5a1f | ADVAPI32.CryptSetKeyParam | |
| 5a3a | ADVAPI32.CryptSetKeyParam | |
| 5a7e | ADVAPI32.CryptDecrypt | |
| 5aaa | ADVAPI32.CryptDestroyKey | |
| 5ac1 | ADVAPI32.CryptReleaseContext | |
| 5d83 | msxml3.DllMain | |
| 5dfc | kernel32.WriteProcessMemory | |
| 5ec0 | SHLWAPI.StrStrIW | |
| 5f22 | kernel32.lstrcpynW | |
| 5f61 | ntdll.KiFastSystemCallRet | |
| 5f9e | kernel32.InterlockedDecrement | |
| 5fb3 | OLEAUT32.SysFreeString | |
| 60f5 | kernel32.WideCharToMultiByte | |
| 612c | kernel32.WideCharToMultiByte | |
| 61a2 | kernel32.LoadLibraryW | |
| 61d6 | kernel32.GetProcAddress | |
| 620f | SHLWAPI.UrlEscapeW | |
| 62c5 | OLEAUT32.SysAllocString | |
| 631f | kernel32.GetModuleFileNameW | |
| 63fa | msxml3.DllGetClassObject | |
| 6411 | msxml3.DllCanUnloadNow | |
| 642c | OLEAUT32.SysFreeString | |
| 643d | OLEAUT32.SysFreeString | |
| 6456 | msxml3.DllRegisterServer | |
| 646d | msxml3.DllGetClassObject | |
| 649f | kernel32.lstrcmpiW | |
| 64cc | kernel32.lstrcmpiW | |
| 6503 | kernel32.lstrcmpiW | |
| 6567 | kernel32.lstrcmpiW | |
| 65b6 | kernel32.lstrcmpiW | |
| 65f0 | kernel32.lstrcmpiW | |
| 662a | kernel32.lstrcmpiW | |
| 664c | msxml3.DllCanUnloadNow | |
| 665d | msxml3.DllMain | |
| 669c | OLEAUT32.SysFreeString | |
| 66aa | OLEAUT32.SysFreeString | |
| 66cc | msxml3.DllGetClassObject | |
| 6712 | msvcrt._vsnprintf | |
| 6a31 | kernel32.lstrcmpiW | |
| 6ac2 | kernel32.lstrcmpiW | |
| 6b8f | kernel32.lstrcmpiW | |
| 6d60 | kernel32.lstrcmpiW | |
| 71af | ntdll.KiFastSystemCallRet | |
| 764f | kernel32.SetUnhandledExceptionFilter | |
| 7692 | kernel32.WaitForSingleObject | |
| 782b | kernel32.SetEvent | |
| 78f3 | kernel32.GetModuleHandleA | |
| 7953 | ntdll.RtlEnterCriticalSection | |
| 7989 | ntdll.RtlLeaveCriticalSection | |
| 79d0 | SHLWAPI.PathFindFileNameW | |
| 7a6a | WS2_32.WSAStartup | |
| 7acb | WS2_32.FreeAddrInfoW | |
| 7b66 | WS2_32.getaddrinfo | |
| 7bae | WS2_32.FreeAddrInfoW | |
| 7bd4 | WS2_32.WSACleanup | |
| 7cb2 | msxml3.DllGetClassObject | |
| 7ccc | msxml3..text | |
| 7cfe | kernel32.lstrcmpiW | |
| 7d15 | msxml3.DllCanUnloadNow | |
| 7d38 | OLEAUT32.SysFreeString | |
| 7d49 | OLEAUT32.SysFreeString | |
| 7d62 | msxml3.DllRegisterServer | |
| 7d79 | msxml3.DllGetClassObject | |
| 7dab | kernel32.lstrcmpiW | |
| 7db5 | msvcrt._wtoi | |
| 7def | kernel32.lstrcmpiW | |
| 7e11 | msxml3.DllCanUnloadNow | |
| 7e22 | msxml3.DllMain | |
| 7e46 | OLEAUT32.SysFreeString | |
| 7e54 | OLEAUT32.SysFreeString | |
| 7e76 | msxml3.DllGetClassObject | |
| 7ef1 | OLEAUT32.SysFreeString | |
| 7efb | OLEAUT32.SysFreeString | |
| 808b | msxml3.DllGetClassObject | |
| 80a2 | msxml3.DllCanUnloadNow | |
| 80b5 | msxml3.DllRegisterServer | |
| 80fd | msxml3..text | |
| 811b | msxml3.DllRegisterServer | |
| 8131 | msxml3.DllGetClassObject | |
| 8140 | msxml3.DllMain | |
| 817a | msxml3.DllGetClassObject | |
| 82e2 | ntdll.KiFastSystemCallRet | |
| 8368 | msvcrt.??2@YAPAXI@Z | |
| 857f | kernel32.lstrcmpiW | |
| 85bd | kernel32.lstrcmpiW | |
| 85fb | kernel32.lstrcmpiW | |
| 86e1 | kernel32.lstrcmpiW | |
| 8709 | kernel32.lstrcmpiW | |
| 87f1 | kernel32.CreateThread | |
| 89cb | msxml3.DllGetClassObject | |
| 89e5 | msxml3..text | |
| 8a2c | msxml3.DllCanUnloadNow | |
| 8a4e | OLEAUT32.SysFreeString | |
| 8a5b | OLEAUT32.SysFreeString | |
| 8a70 | msxml3.DllRegisterServer | |
| 8a87 | msxml3.DllGetClassObject | |
| 8ab2 | msvcrt._wtoi | |
| 8adc | OLEAUT32.SysAllocString | |
| 8b3c | msxml3.DllCanUnloadNow | |
| 8b4d | msxml3.DllMain | |
| 8b76 | OLEAUT32.SysFreeString | |
| 8b80 | OLEAUT32.SysFreeString | |
| 8b9f | msxml3.DllGetClassObject | |
| 8c47 | msvcrt._wtoi | |
| 8cb3 | kernel32.lstrcmpW | |
| 8f28 | OLEAUT32.SysFreeString | |
| 8f31 | OLEAUT32.SysFreeString | |
| 9589 | kernel32.lstrcmp | |
| 95c2 | kernel32.lstrcmp | |
| 95f8 | kernel32.lstrcmp | |
| 962d | kernel32.lstrcmp | |
| 9783 | kernel32.HeapFree | |
| 9b55 | msxml3.DllRegisterServer | |
| 9b74 | msxml3..text | |
| 9b8b | msxml3.DllCanUnloadNow | |
| 9c09 | OLEAUT32.SysFreeString | |
| 9c1e | OLEAUT32.SysFreeString | |
| 9c39 | msxml3.DllCanUnloadNow | |
| 9c53 | msxml3.DllRegisterServer | |
| 9c85 | kernel32.lstrcmpiW | |
| 9c9c | msxml3.DllGetClassObject | |
| 9cd5 | msvcrt._wtoi | |
| 9d20 | msvcrt.rand | |
| 9d93 | msxml3.DllMain | |
| 9e6e | OLEAUT32.SysFreeString | |
| 9e7c | OLEAUT32.SysFreeString | |
| 9ea0 | msxml3.DllGetClassObject | |
| a3e8 | kernel32.GetFullPathNameW | |
| a58e | ntdll.RtlEnterCriticalSection | |
| a5aa | kernel32.lstrcmpiW | |
| a5d1 | ntdll.RtlLeaveCriticalSection | |
| a6e1 | OLEAUT32.SysFreeString | |
| a956 | msvcrt.memset | |
| a972 | msvcrt._time64 | |
| a9b9 | msvcrt._time64 | |
| a9f2 | ntdll.KiFastSystemCallRet | |
| ad46 | sec: .text (EP) | |
| ae30 | ntdll.RtlEnterCriticalSection | |
| ae6f | ntdll.RtlLeaveCriticalSection | |
| aeb9 | OLEAUT32.SysAllocString | |
| aed6 | msxml3.DllGetClassObject | |
| aeed | OLEAUT32.SysFreeString | |
| b07b | msvcrt._time64 | |
| b128 | kernel32.VirtualProtectEx | |
| b24c | kernel32.GetVersion | |
| b2c2 | bcrypt.BCryptOpenAlgorithmProvider | |
| b2fe | bcrypt.BCryptImportKeyPair | |
| b337 | bcrypt.BCryptGetProperty | |
| b354 | bcrypt.BCryptVerifySignature | |
| b379 | bcrypt.BCryptDestroyKey | |
| b388 | bcrypt.BCryptCloseAlgorithmProvider | |
| b448 | msxml3.DllRegisterServer | |
| b46d | msxml3..text | |
| b484 | msxml3.DllCanUnloadNow | |
| b4a8 | OLEAUT32.SysFreeString | |
| b4b5 | OLEAUT32.SysFreeString | |
| b4c2 | OLEAUT32.SysFreeString | |
| b4dd | msxml3.DllCanUnloadNow | |
| b4f7 | msxml3.DllRegisterServer | |
| b529 | kernel32.lstrcmpiW | |
| b5cb | msxml3.DllMain | |
| b5e9 | OLEAUT32.SysFreeString | |
| b5f3 | OLEAUT32.SysFreeString | |
| b61e | msxml3.DllGetClassObject | |
| b724 | kernel32.CreateEventW | |
| b73b | kernel32.CreateEventW | |
| b755 | kernel32.CreateEventW | |
| b792 | kernel32.GetCurrentProcess | |
| b79a | kernel32.DuplicateHandle | |
| b7ca | kernel32.GetCurrentProcess | |
| b7d2 | kernel32.DuplicateHandle | |
| b802 | kernel32.GetCurrentProcess | |
| b80a | kernel32.DuplicateHandle | |
| b87d | kernel32.GetModuleHandleW | |
| b8a1 | kernel32.GetProcAddress | |
| b8c9 | kernel32.GetProcAddress | |
| b8f1 | kernel32.GetProcAddress | |
| b919 | kernel32.GetProcAddress | |
| b941 | kernel32.GetProcAddress | |
| b969 | kernel32.GetProcAddress | |
| b991 | kernel32.GetProcAddress | |
| b9b9 | kernel32.GetProcAddress | |
| ba98 | kernel32.ResetEvent | |
| baad | kernel32.ResetEvent | |
| babf | kernel32.ResumeThread | |
| bc8c | ole32.CoCreateInstance | |
| bca0 | msxml3.DllGetClassObject | |
| bcb0 | msxml3.DllGetClassObject | |
| bcc0 | msxml3..text | |
| be8f | kernel32.SignalObjectAndWait | |
| c163 | msvcrt.rand | |
| c196 | msvcrt.rand | |
| c20a | kernel32.GetVersion | |
| c232 | kernel32.LoadLibraryW | |
| c259 | kernel32.LoadLibraryW | |
| c287 | kernel32.GetProcAddress | |
| c2af | kernel32.GetProcAddress | |
| c2d7 | kernel32.GetProcAddress | |
| c2ff | kernel32.GetProcAddress | |
| c327 | kernel32.GetProcAddress | |
| c34f | kernel32.GetProcAddress | |
| c377 | kernel32.GetProcAddress | |
| c39b | kernel32.GetProcAddress | |
| c3bf | kernel32.GetProcAddress | |
| c3e3 | kernel32.GetProcAddress | |
| c466 | kernel32.CreateFileW | |
| c484 | kernel32.GetFileTime | |
| c4e4 | kernel32.CloseHandle | |
| c717 | kernel32.GetExitCodeThread | |
| c782 | kernel32.GetWindowsDirectoryW | |
| c7be | kernel32.GetVolumeInformationW | |
| c889 | kernel32.lstrlenA | |
| c896 | ntdll.KiFastSystemCallRet | |
| c899 | ntdll.KiFastSystemCallRet | |
| c89e | ntdll.KiFastSystemCallRet | |
| c8a0 | ntdll.KiFastSystemCallRet | |
| c8a2 | ntdll.KiFastSystemCallRet | |
| c8a6 | ntdll.KiFastSystemCallRet | |
| c8b8 | ntdll.KiFastSystemCallRet | |
| c8ba | ntdll.KiFastSystemCallRet | |
| c918 | kernel32.LoadLibraryW | |
| c94d | kernel32.GetProcAddress | |
| c994 | OLEAUT32.SysAllocString | |
| c9e2 | CRYPT32.CryptBinaryToStringW | |
| ca1e | CRYPT32.CryptBinaryToStringW | |
| caf2 | msvcrt._wtoi | |
| cb2f | kernel32.lstrlenW | |
| cbd1 | ntdll.KiFastSystemCallRet | |
| cc10 | kernel32.FindResourceW | |
| cc21 | kernel32.LoadResource | |
| cc30 | kernel32.LockResource | |
| cd04 | ADVAPI32.CryptAcquireContextW | |
| cd27 | ADVAPI32.CryptCreateHash | |
| cd4a | ADVAPI32.CryptHashData | |
| cd72 | ADVAPI32.CryptGetHashParam | |
| cda2 | ADVAPI32.CryptGetHashParam | |
| cdca | ADVAPI32.CryptDestroyHash | |
| cde1 | ADVAPI32.CryptReleaseContext | |
| ceac | ntdll.RtlEnterCriticalSection | |
| ceed | ntdll.RtlLeaveCriticalSection | |
| cf1e | ntdll.RtlEnterCriticalSection | |
| cf36 | ntdll.RtlLeaveCriticalSection | |
| d1de | kernel32.Sleep | |
| d1e8 | kernel32.GetLastError | |
| d227 | kernel32.GetModuleFileNameW | |
| d23b | SHLWAPI.PathRemoveFileSpecW | |
| d24f | SHLWAPI.PathAddBackslashW | |
| d263 | kernel32.SetCurrentDirectoryW | |
| d271 | kernel32.GetTickCount | |
| d274 | msvcrt.srand | |
| d499 | kernel32.CreateThread | |
| d4ed | msvcrt._time64 | |
| d757 | msvcrt._time64 | |
| d8ed | msvcrt._time64 | |
| d99b | kernel32.Sleep | |
| db24 | kernel32.lstrlenA | |
| de4e | kernel32.ResetEvent | |
| e11f | msvcrt._time64 | |
| e1d3 | OLEAUT32.SysAllocString | |
| e222 | msvcrt._vsnwprintf | |
| e2b5 | IPHLPAPI.GetAdaptersInfo | |
| e5ce | msvcrt._wtoi | |
| e5d9 | msvcrt._wtoi | |
| e60f | kernel32.lstrlenW | |
| e6b4 | msvcrt._wtoi | |
| e972 | WS2_32.WSAStartup | |
| e992 | WS2_32.gethostname | |
| e9b2 | WS2_32.getaddrinfo | |
| ea10 | WS2_32.FreeAddrInfoW | |
| ea16 | WS2_32.WSACleanup | |
| eb70 | kernel32.GetVersionExW | |
| eba1 | kernel32.GetComputerNameW | |
| ec27 | USER32.wsprintfW | |
| ec70 | msvcrt.rand | |
| ed06 | kernel32.GetStartupInfoW | |
| eda5 | kernel32.CreateProcessW | |
| f1b0 | msvcrt._time64 | |
| f2c8 | msvcrt.rand | |
| f2f1 | msvcrt.rand | |
| f377 | kernel32.LoadLibraryA | |
| f398 | kernel32.GetProcAddress | |
| f3be | kernel32.GetProcAddress | |
| f3dc | kernel32.GetProcAddress | |
| f3fa | kernel32.GetProcAddress | |
| f405 | kernel32.GetProcessHeap | |
| f41f | ntdll.RtlReAllocateHeap | |
| f432 | ntdll.RtlAllocateHeap | |
| f43d | WINHTTP.WinHttpQueryDataAvailable | |
| f44d | kernel32.VirtualAllocEx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment