Created
October 30, 2018 00:45
-
-
Save malwarezone/b406da290b873d2ae7867ec79029a88e to your computer and use it in GitHub Desktop.
Tags for a TrickBot sample: c3737aaf6b613a7c7d5e0c6d3c0d60a2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10b4 | ole32.CoInitializeEx | |
---|---|---|
10d3 | ole32.CoInitializeSecurity | |
1260 | kernel32.VirtualFreeEx | |
1293 | kernel32.MultiByteToWideChar | |
12c7 | kernel32.MultiByteToWideChar | |
13e6 | msvcrt.memcpy | |
141a | OLEAUT32.SysAllocString | |
145b | msvcrt._controlfp | |
1537 | msvcrt._vsnwprintf | |
1609 | kernel32.GetModuleHandleW | |
160c | kernel32.GetProcAddress | |
163b | kernel32.lstrlenW | |
1827 | kernel32.lstrcmpiW | |
188b | kernel32.CreateFileW | |
18ad | kernel32.WriteFile | |
18c5 | kernel32.CloseHandle | |
19bf | kernel32.InitializeCriticalSectionAndSpinCount | |
1ab0 | msvcrt.??3@YAXPAX@Z | |
1b05 | kernel32.lstrlenA | |
1d44 | Ncrypt.NCryptOpenStorageProvider | |
1d7f | Ncrypt.NCryptImportKey | |
1d8a3 | OLEAUT32.SysAllocString | |
1d8db | kernel32.GetVersion | |
1d913 | taskschd.DllUnregisterServer | |
1d932 | taskschd.DllUnregisterServer | |
1d97a | taskschd.DllUnregisterServer | |
1d982 | OLEAUT32.VariantClear | |
1d9a2 | taskschd.DllUnregisterServer | |
1d9b4 | taskschd.DllGetClassObject | |
1d9cd | SHLWAPI.StrStrIW | |
1d9fc | kernel32.lstrcmpW | |
1da20 | OLEAUT32.SysFreeString | |
1da2e | OLEAUT32.SysFreeString | |
1da3d | taskschd.DllGetClassObject | |
1da56 | taskschd.DllUnregisterServer | |
1da66 | taskschd.DllUnregisterServer | |
1da80 | taskschd.DllUnregisterServer | |
1dac8 | taskschd.DllUnregisterServer | |
1dad0 | OLEAUT32.VariantClear | |
1dafc | taskschd.DllGetClassObject | |
1db0c | taskschd.DllUnregisterServer | |
1db73 | ADVAPI32.AllocateAndInitializeSid | |
1dba9 | ADVAPI32.LookupAccountSidW | |
1dbc8 | kernel32.GetCurrentProcess | |
1dbd6 | ADVAPI32.OpenProcessToken | |
1dbff | ADVAPI32.GetTokenInformation | |
1dc9 | Ncrypt.NCryptDeleteKey | |
1dd2c | msvcrt._time64 | |
1dd3e | msvcrt._localtime64 | |
1dd68 | msvcrt.wcsftime | |
1dd7 | Ncrypt.NCryptFreeObject | |
1de63 | ADVAPI32.FreeSid | |
1de79 | kernel32.CloseHandle | |
1e2e8 | ole32.CoCreateInstance | |
1e56e | taskschd.DllGetClassObject | |
1e5d5 | taskschd.DllGetClassObject | |
1e5e4 | taskschd.DllGetClassObject | |
1e611 | taskschd.DllGetClassObject | |
1e6df | OLEAUT32.VariantInit | |
1e6f7 | OLEAUT32.VariantInit | |
1e7e1 | taskschd.DllUnregisterServer | |
1e7ff | OLEAUT32.VariantClear | |
1e805 | OLEAUT32.VariantClear | |
1e80b | OLEAUT32.VariantClear | |
1e85d | OLEAUT32.VariantInit | |
1e878 | OLEAUT32.VariantInit | |
1e896 | OLEAUT32.VariantInit | |
1e957 | taskschd.DllUnregisterServer | |
1e96f | OLEAUT32.VariantClear | |
1e975 | OLEAUT32.VariantClear | |
1e97b | OLEAUT32.VariantClear | |
1eb20 | ntdll.RtlEnterCriticalSection | |
1eb41 | ntdll.RtlLeaveCriticalSection | |
1eb54 | kernel32.Sleep | |
1ebd | ntdll.RtlEnterCriticalSection | |
1ee4 | ntdll.RtlLeaveCriticalSection | |
1f02 | msvcrt._time64 | |
1f61 | OLEAUT32.SysAllocString | |
1f69 | OLEAUT32.SysAllocString | |
1f6e2 | SHLWAPI.PathRenameExtensionW | |
1f6f6 | kernel32.GetFileAttributesW | |
1f933 | kernel32.GetFileAttributesW | |
1fd7b | msvcrt.tolower | |
204f6 | kernel32.GetVersionExW | |
20553 | kernel32.GetFileAttributesW | |
206bf | SHLWAPI.StrStrIW | |
206f8 | WINHTTP.WinHttpCloseHandle | |
20702 | WINHTTP.WinHttpCloseHandle | |
2070c | WINHTTP.WinHttpCloseHandle | |
2076f | WINHTTP.WinHttpConnect | |
20820 | WINHTTP.WinHttpCloseHandle | |
20841 | WINHTTP.WinHttpSetTimeouts | |
20878 | WINHTTP.WinHttpOpenRequest | |
2089a | WINHTTP.WinHttpSetOption | |
208ae | WINHTTP.WinHttpSendRequest | |
208c8 | kernel32.Sleep | |
208d2 | WINHTTP.WinHttpCloseHandle | |
208ef | WINHTTP.WinHttpReceiveResponse | |
2090c | WINHTTP.WinHttpQueryHeaders | |
20960 | WINHTTP.WinHttpCloseHandle | |
20981 | WINHTTP.WinHttpSetTimeouts | |
209b8 | WINHTTP.WinHttpOpenRequest | |
209de | WINHTTP.WinHttpSetOption | |
20a01 | WINHTTP.WinHttpSendRequest | |
20a10 | WINHTTP.WinHttpReceiveResponse | |
20a2d | WINHTTP.WinHttpQueryHeaders | |
20aad | WINHTTP.WinHttpQueryDataAvailable | |
20af1 | WINHTTP.WinHttpReadData | |
21193 | WINHTTP.WinHttpOpen | |
21283 | kernel32.GetTickCount | |
21637 | kernel32.GetFullPathNameW | |
2170f | msvcrt._time64 | |
2174b | msvcrt._time64 | |
2183d | kernel32.GetFileAttributesW | |
21860 | SHLWAPI.PathRemoveBackslashW | |
21874 | kernel32.CreateDirectoryW | |
21889 | SHLWAPI.PathAddBackslashW | |
218b1 | msvcrt._time64 | |
21ad | kernel32.GetFullPathNameW | |
21c50 | ntdll.KiFastSystemCallRet | |
21c53 | ntdll.KiFastSystemCallRet | |
21c55 | ntdll.KiFastSystemCallRet | |
21c5c | ntdll.KiFastSystemCallRet | |
21c5f | ntdll.KiFastSystemCallRet | |
21c62 | ntdll.KiFastSystemCallRet | |
21ca | SHLWAPI.PathAddBackslashW | |
21cc2 | msvcrt.rand | |
21e74 | msvcrt.rand | |
21ef5 | msvcrt.rand | |
21f26 | msvcrt.rand | |
21f3d | ntdll.KiFastSystemCallRet | |
21fa6 | msvcrt.rand | |
222b | kernel32.FindFirstFileW | |
227d3 | msvcrt.rand | |
228ad | msvcrt.rand | |
229aa | ntdll.KiFastSystemCallRet | |
229b9 | kernel32.WriteFile | |
229d7 | kernel32.WriteFile | |
22bd8 | kernel32.CreateFileW | |
22bf8 | kernel32.SetFilePointer | |
22c14 | kernel32.SetFilePointer | |
22c48 | kernel32.ReadFile | |
22c5a | kernel32.CloseHandle | |
22c91 | kernel32.CloseHandle | |
22cd2 | msvcrt.rand | |
22da2 | msvcrt.rand | |
22de8 | msvcrt.rand | |
2303 | kernel32.FindNextFileW | |
230d | kernel32.GetLastError | |
2313b | kernel32.FindFirstFileW | |
23179 | kernel32.lstrcmpiW | |
2319a | kernel32.lstrcmpiW | |
232b8 | kernel32.Sleep | |
232b | kernel32.FindClose | |
232ce | kernel32.FindNextFileW | |
232e7 | kernel32.FindClose | |
2331d | msvcrt.rand | |
2338d | kernel32.CreateFileW | |
23412 | msvcrt.rand | |
2343a | msvcrt.rand | |
23458 | msvcrt.rand | |
2347a | msvcrt.rand | |
235ce | USER32.wsprintfA | |
23708 | msvcrt.rand | |
2372b | msvcrt.rand | |
23762 | kernel32.CloseHandle | |
23bdd | SHELL32.SHGetFolderPathW | |
23c13 | SHELL32.SHGetFolderPathW | |
23c32 | kernel32.lstrcmpiW | |
23eee | kernel32.FindFirstFileW | |
240ec | kernel32.FindNextFileW | |
24106 | kernel32.FindClose | |
246b7 | msvcrt.__wgetmainargs | |
246c5 | msvcrt._initterm | |
246de | kernel32.GetStartupInfoW | |
24706 | kernel32.InterlockedCompareExchange | |
24799 | kernel32.InterlockedExchange | |
24910 | msvcrt.__set_app_type | |
24926 | msvcrt.__p__fmode | |
24934 | msvcrt.__p__commode | |
24c8 | msvcrt._initterm | |
2641 | msxml3.DllGetClassObject | |
2661 | msxml3..text | |
2696 | kernel32.lstrcmpiW | |
26ad | msxml3.DllCanUnloadNow | |
26cd | OLEAUT32.SysFreeString | |
26ef | msxml3.DllRegisterServer | |
2706 | msxml3.DllGetClassObject | |
2737 | kernel32.lstrcmpiW | |
2741 | msvcrt._wtoi | |
275a | msxml3.DllCanUnloadNow | |
276b | msxml3.DllMain | |
278e | OLEAUT32.SysFreeString | |
2798 | OLEAUT32.SysFreeString | |
27b7 | msxml3.DllGetClassObject | |
28e1 | kernel32.GetTickCount | |
2b5b | kernel32.GetFileAttributesW | |
2ba1 | kernel32.CreateDirectoryW | |
2cae | kernel32.lstrcmpiW | |
2ce3 | kernel32.lstrcmpiW | |
2d1c | kernel32.lstrcmpiW | |
2db0 | OLEAUT32.SysFreeString | |
2dbe | OLEAUT32.SysFreeString | |
2e7c | ADVAPI32.ConvertStringSecurityDescriptorToSecurityDescriptorW | |
2ec5 | kernel32.CreateMutexW | |
2ede | kernel32.LocalFree | |
2eee | kernel32.GetLastError | |
31d8 | msxml3.DllRegisterServer | |
31f7 | msxml3..text | |
320e | msxml3.DllCanUnloadNow | |
32b8 | OLEAUT32.SysFreeString | |
32cd | OLEAUT32.SysFreeString | |
32e8 | msxml3.DllCanUnloadNow | |
3302 | msxml3.DllRegisterServer | |
3334 | kernel32.lstrcmpiW | |
334b | msxml3.DllGetClassObject | |
337e | msvcrt._wtoi | |
33f0 | msvcrt.rand | |
3499 | msxml3.DllMain | |
359f | OLEAUT32.SysFreeString | |
35ad | OLEAUT32.SysFreeString | |
35d2 | msxml3.DllGetClassObject | |
363a | ADVAPI32.GetUserNameW | |
3849 | ntdll.RtlEnterCriticalSection | |
3864 | ntdll.RtlLeaveCriticalSection | |
389f | kernel32.lstrcmpiW | |
3980 | ntdll.RtlEnterCriticalSection | |
3a14 | ntdll.RtlLeaveCriticalSection | |
3b2f | kernel32.Sleep | |
3bc1 | ntdll.RtlEnterCriticalSection | |
3bda | ntdll.RtlLeaveCriticalSection | |
3be1 | kernel32.BaseThreadInitThunk | |
3da6 | kernel32.GetVersionExW | |
3de1 | kernel32.GetModuleHandleW | |
3de4 | kernel32.GetProcAddress | |
3dfa | kernel32.GetNativeSystemInfo | |
403e | kernel32.InitializeCriticalSectionAndSpinCount | |
4057 | ntdll.RtlEnterCriticalSection | |
4078 | ntdll.RtlLeaveCriticalSection | |
40e0 | ntdll.KiFastSystemCallRet | |
4129 | bcryptprimitives.GetHashInterface | |
4129 | ntdll.KiFastSystemCallRet | |
41c2 | bcryptprimitives.GetHashInterface | |
4437 | msxml3.DllRegisterServer | |
4456 | msxml3..text | |
446d | msxml3.DllCanUnloadNow | |
44ae | OLEAUT32.SysFreeString | |
44bf | OLEAUT32.SysFreeString | |
44d6 | msxml3.DllCanUnloadNow | |
44f0 | msxml3.DllRegisterServer | |
4522 | kernel32.lstrcmpiW | |
45cb | msvcrt._wtoi | |
45e5 | msxml3.DllMain | |
4615 | OLEAUT32.SysFreeString | |
4623 | OLEAUT32.SysFreeString | |
4648 | msxml3.DllGetClassObject | |
4b4e | kernel32.Sleep | |
4d57 | ntdll.KiFastSystemCallRet | |
4dfe | msvcrt._itow | |
4ec7 | kernel32.GetModuleHandleW | |
4eca | kernel32.GetProcAddress | |
4eee | kernel32.lstrlenA | |
4ff8 | ntdll.ZwQueryInformationProcess | |
5279 | ntdll.KiFastSystemCallRet | |
52e9 | kernel32.ReadProcessMemory | |
5356 | kernel32.GetCurrentProcess | |
535b | ADVAPI32.OpenProcessToken | |
537d | ADVAPI32.GetTokenInformation | |
53a2 | ADVAPI32.AllocateAndInitializeSid | |
53bb | ADVAPI32.EqualSid | |
53d3 | ADVAPI32.FreeSid | |
53e9 | kernel32.CloseHandle | |
5414 | ntdll.RtlEnterCriticalSection | |
5466 | ntdll.RtlLeaveCriticalSection | |
54bc | msvcrt._wtoi | |
57cb | OLEAUT32.SysAllocString | |
57df | OLEAUT32.SysFreeString | |
59ae | ADVAPI32.CryptAcquireContextW | |
59fb | ADVAPI32.CryptImportKey | |
5a1f | ADVAPI32.CryptSetKeyParam | |
5a3a | ADVAPI32.CryptSetKeyParam | |
5a7e | ADVAPI32.CryptDecrypt | |
5aaa | ADVAPI32.CryptDestroyKey | |
5ac1 | ADVAPI32.CryptReleaseContext | |
5d83 | msxml3.DllMain | |
5dfc | kernel32.WriteProcessMemory | |
5ec0 | SHLWAPI.StrStrIW | |
5f22 | kernel32.lstrcpynW | |
5f61 | ntdll.KiFastSystemCallRet | |
5f9e | kernel32.InterlockedDecrement | |
5fb3 | OLEAUT32.SysFreeString | |
60f5 | kernel32.WideCharToMultiByte | |
612c | kernel32.WideCharToMultiByte | |
61a2 | kernel32.LoadLibraryW | |
61d6 | kernel32.GetProcAddress | |
620f | SHLWAPI.UrlEscapeW | |
62c5 | OLEAUT32.SysAllocString | |
631f | kernel32.GetModuleFileNameW | |
63fa | msxml3.DllGetClassObject | |
6411 | msxml3.DllCanUnloadNow | |
642c | OLEAUT32.SysFreeString | |
643d | OLEAUT32.SysFreeString | |
6456 | msxml3.DllRegisterServer | |
646d | msxml3.DllGetClassObject | |
649f | kernel32.lstrcmpiW | |
64cc | kernel32.lstrcmpiW | |
6503 | kernel32.lstrcmpiW | |
6567 | kernel32.lstrcmpiW | |
65b6 | kernel32.lstrcmpiW | |
65f0 | kernel32.lstrcmpiW | |
662a | kernel32.lstrcmpiW | |
664c | msxml3.DllCanUnloadNow | |
665d | msxml3.DllMain | |
669c | OLEAUT32.SysFreeString | |
66aa | OLEAUT32.SysFreeString | |
66cc | msxml3.DllGetClassObject | |
6712 | msvcrt._vsnprintf | |
6a31 | kernel32.lstrcmpiW | |
6ac2 | kernel32.lstrcmpiW | |
6b8f | kernel32.lstrcmpiW | |
6d60 | kernel32.lstrcmpiW | |
71af | ntdll.KiFastSystemCallRet | |
764f | kernel32.SetUnhandledExceptionFilter | |
7692 | kernel32.WaitForSingleObject | |
782b | kernel32.SetEvent | |
78f3 | kernel32.GetModuleHandleA | |
7953 | ntdll.RtlEnterCriticalSection | |
7989 | ntdll.RtlLeaveCriticalSection | |
79d0 | SHLWAPI.PathFindFileNameW | |
7a6a | WS2_32.WSAStartup | |
7acb | WS2_32.FreeAddrInfoW | |
7b66 | WS2_32.getaddrinfo | |
7bae | WS2_32.FreeAddrInfoW | |
7bd4 | WS2_32.WSACleanup | |
7cb2 | msxml3.DllGetClassObject | |
7ccc | msxml3..text | |
7cfe | kernel32.lstrcmpiW | |
7d15 | msxml3.DllCanUnloadNow | |
7d38 | OLEAUT32.SysFreeString | |
7d49 | OLEAUT32.SysFreeString | |
7d62 | msxml3.DllRegisterServer | |
7d79 | msxml3.DllGetClassObject | |
7dab | kernel32.lstrcmpiW | |
7db5 | msvcrt._wtoi | |
7def | kernel32.lstrcmpiW | |
7e11 | msxml3.DllCanUnloadNow | |
7e22 | msxml3.DllMain | |
7e46 | OLEAUT32.SysFreeString | |
7e54 | OLEAUT32.SysFreeString | |
7e76 | msxml3.DllGetClassObject | |
7ef1 | OLEAUT32.SysFreeString | |
7efb | OLEAUT32.SysFreeString | |
808b | msxml3.DllGetClassObject | |
80a2 | msxml3.DllCanUnloadNow | |
80b5 | msxml3.DllRegisterServer | |
80fd | msxml3..text | |
811b | msxml3.DllRegisterServer | |
8131 | msxml3.DllGetClassObject | |
8140 | msxml3.DllMain | |
817a | msxml3.DllGetClassObject | |
82e2 | ntdll.KiFastSystemCallRet | |
8368 | msvcrt.??2@YAPAXI@Z | |
857f | kernel32.lstrcmpiW | |
85bd | kernel32.lstrcmpiW | |
85fb | kernel32.lstrcmpiW | |
86e1 | kernel32.lstrcmpiW | |
8709 | kernel32.lstrcmpiW | |
87f1 | kernel32.CreateThread | |
89cb | msxml3.DllGetClassObject | |
89e5 | msxml3..text | |
8a2c | msxml3.DllCanUnloadNow | |
8a4e | OLEAUT32.SysFreeString | |
8a5b | OLEAUT32.SysFreeString | |
8a70 | msxml3.DllRegisterServer | |
8a87 | msxml3.DllGetClassObject | |
8ab2 | msvcrt._wtoi | |
8adc | OLEAUT32.SysAllocString | |
8b3c | msxml3.DllCanUnloadNow | |
8b4d | msxml3.DllMain | |
8b76 | OLEAUT32.SysFreeString | |
8b80 | OLEAUT32.SysFreeString | |
8b9f | msxml3.DllGetClassObject | |
8c47 | msvcrt._wtoi | |
8cb3 | kernel32.lstrcmpW | |
8f28 | OLEAUT32.SysFreeString | |
8f31 | OLEAUT32.SysFreeString | |
9589 | kernel32.lstrcmp | |
95c2 | kernel32.lstrcmp | |
95f8 | kernel32.lstrcmp | |
962d | kernel32.lstrcmp | |
9783 | kernel32.HeapFree | |
9b55 | msxml3.DllRegisterServer | |
9b74 | msxml3..text | |
9b8b | msxml3.DllCanUnloadNow | |
9c09 | OLEAUT32.SysFreeString | |
9c1e | OLEAUT32.SysFreeString | |
9c39 | msxml3.DllCanUnloadNow | |
9c53 | msxml3.DllRegisterServer | |
9c85 | kernel32.lstrcmpiW | |
9c9c | msxml3.DllGetClassObject | |
9cd5 | msvcrt._wtoi | |
9d20 | msvcrt.rand | |
9d93 | msxml3.DllMain | |
9e6e | OLEAUT32.SysFreeString | |
9e7c | OLEAUT32.SysFreeString | |
9ea0 | msxml3.DllGetClassObject | |
a3e8 | kernel32.GetFullPathNameW | |
a58e | ntdll.RtlEnterCriticalSection | |
a5aa | kernel32.lstrcmpiW | |
a5d1 | ntdll.RtlLeaveCriticalSection | |
a6e1 | OLEAUT32.SysFreeString | |
a956 | msvcrt.memset | |
a972 | msvcrt._time64 | |
a9b9 | msvcrt._time64 | |
a9f2 | ntdll.KiFastSystemCallRet | |
ad46 | sec: .text (EP) | |
ae30 | ntdll.RtlEnterCriticalSection | |
ae6f | ntdll.RtlLeaveCriticalSection | |
aeb9 | OLEAUT32.SysAllocString | |
aed6 | msxml3.DllGetClassObject | |
aeed | OLEAUT32.SysFreeString | |
b07b | msvcrt._time64 | |
b128 | kernel32.VirtualProtectEx | |
b24c | kernel32.GetVersion | |
b2c2 | bcrypt.BCryptOpenAlgorithmProvider | |
b2fe | bcrypt.BCryptImportKeyPair | |
b337 | bcrypt.BCryptGetProperty | |
b354 | bcrypt.BCryptVerifySignature | |
b379 | bcrypt.BCryptDestroyKey | |
b388 | bcrypt.BCryptCloseAlgorithmProvider | |
b448 | msxml3.DllRegisterServer | |
b46d | msxml3..text | |
b484 | msxml3.DllCanUnloadNow | |
b4a8 | OLEAUT32.SysFreeString | |
b4b5 | OLEAUT32.SysFreeString | |
b4c2 | OLEAUT32.SysFreeString | |
b4dd | msxml3.DllCanUnloadNow | |
b4f7 | msxml3.DllRegisterServer | |
b529 | kernel32.lstrcmpiW | |
b5cb | msxml3.DllMain | |
b5e9 | OLEAUT32.SysFreeString | |
b5f3 | OLEAUT32.SysFreeString | |
b61e | msxml3.DllGetClassObject | |
b724 | kernel32.CreateEventW | |
b73b | kernel32.CreateEventW | |
b755 | kernel32.CreateEventW | |
b792 | kernel32.GetCurrentProcess | |
b79a | kernel32.DuplicateHandle | |
b7ca | kernel32.GetCurrentProcess | |
b7d2 | kernel32.DuplicateHandle | |
b802 | kernel32.GetCurrentProcess | |
b80a | kernel32.DuplicateHandle | |
b87d | kernel32.GetModuleHandleW | |
b8a1 | kernel32.GetProcAddress | |
b8c9 | kernel32.GetProcAddress | |
b8f1 | kernel32.GetProcAddress | |
b919 | kernel32.GetProcAddress | |
b941 | kernel32.GetProcAddress | |
b969 | kernel32.GetProcAddress | |
b991 | kernel32.GetProcAddress | |
b9b9 | kernel32.GetProcAddress | |
ba98 | kernel32.ResetEvent | |
baad | kernel32.ResetEvent | |
babf | kernel32.ResumeThread | |
bc8c | ole32.CoCreateInstance | |
bca0 | msxml3.DllGetClassObject | |
bcb0 | msxml3.DllGetClassObject | |
bcc0 | msxml3..text | |
be8f | kernel32.SignalObjectAndWait | |
c163 | msvcrt.rand | |
c196 | msvcrt.rand | |
c20a | kernel32.GetVersion | |
c232 | kernel32.LoadLibraryW | |
c259 | kernel32.LoadLibraryW | |
c287 | kernel32.GetProcAddress | |
c2af | kernel32.GetProcAddress | |
c2d7 | kernel32.GetProcAddress | |
c2ff | kernel32.GetProcAddress | |
c327 | kernel32.GetProcAddress | |
c34f | kernel32.GetProcAddress | |
c377 | kernel32.GetProcAddress | |
c39b | kernel32.GetProcAddress | |
c3bf | kernel32.GetProcAddress | |
c3e3 | kernel32.GetProcAddress | |
c466 | kernel32.CreateFileW | |
c484 | kernel32.GetFileTime | |
c4e4 | kernel32.CloseHandle | |
c717 | kernel32.GetExitCodeThread | |
c782 | kernel32.GetWindowsDirectoryW | |
c7be | kernel32.GetVolumeInformationW | |
c889 | kernel32.lstrlenA | |
c896 | ntdll.KiFastSystemCallRet | |
c899 | ntdll.KiFastSystemCallRet | |
c89e | ntdll.KiFastSystemCallRet | |
c8a0 | ntdll.KiFastSystemCallRet | |
c8a2 | ntdll.KiFastSystemCallRet | |
c8a6 | ntdll.KiFastSystemCallRet | |
c8b8 | ntdll.KiFastSystemCallRet | |
c8ba | ntdll.KiFastSystemCallRet | |
c918 | kernel32.LoadLibraryW | |
c94d | kernel32.GetProcAddress | |
c994 | OLEAUT32.SysAllocString | |
c9e2 | CRYPT32.CryptBinaryToStringW | |
ca1e | CRYPT32.CryptBinaryToStringW | |
caf2 | msvcrt._wtoi | |
cb2f | kernel32.lstrlenW | |
cbd1 | ntdll.KiFastSystemCallRet | |
cc10 | kernel32.FindResourceW | |
cc21 | kernel32.LoadResource | |
cc30 | kernel32.LockResource | |
cd04 | ADVAPI32.CryptAcquireContextW | |
cd27 | ADVAPI32.CryptCreateHash | |
cd4a | ADVAPI32.CryptHashData | |
cd72 | ADVAPI32.CryptGetHashParam | |
cda2 | ADVAPI32.CryptGetHashParam | |
cdca | ADVAPI32.CryptDestroyHash | |
cde1 | ADVAPI32.CryptReleaseContext | |
ceac | ntdll.RtlEnterCriticalSection | |
ceed | ntdll.RtlLeaveCriticalSection | |
cf1e | ntdll.RtlEnterCriticalSection | |
cf36 | ntdll.RtlLeaveCriticalSection | |
d1de | kernel32.Sleep | |
d1e8 | kernel32.GetLastError | |
d227 | kernel32.GetModuleFileNameW | |
d23b | SHLWAPI.PathRemoveFileSpecW | |
d24f | SHLWAPI.PathAddBackslashW | |
d263 | kernel32.SetCurrentDirectoryW | |
d271 | kernel32.GetTickCount | |
d274 | msvcrt.srand | |
d499 | kernel32.CreateThread | |
d4ed | msvcrt._time64 | |
d757 | msvcrt._time64 | |
d8ed | msvcrt._time64 | |
d99b | kernel32.Sleep | |
db24 | kernel32.lstrlenA | |
de4e | kernel32.ResetEvent | |
e11f | msvcrt._time64 | |
e1d3 | OLEAUT32.SysAllocString | |
e222 | msvcrt._vsnwprintf | |
e2b5 | IPHLPAPI.GetAdaptersInfo | |
e5ce | msvcrt._wtoi | |
e5d9 | msvcrt._wtoi | |
e60f | kernel32.lstrlenW | |
e6b4 | msvcrt._wtoi | |
e972 | WS2_32.WSAStartup | |
e992 | WS2_32.gethostname | |
e9b2 | WS2_32.getaddrinfo | |
ea10 | WS2_32.FreeAddrInfoW | |
ea16 | WS2_32.WSACleanup | |
eb70 | kernel32.GetVersionExW | |
eba1 | kernel32.GetComputerNameW | |
ec27 | USER32.wsprintfW | |
ec70 | msvcrt.rand | |
ed06 | kernel32.GetStartupInfoW | |
eda5 | kernel32.CreateProcessW | |
f1b0 | msvcrt._time64 | |
f2c8 | msvcrt.rand | |
f2f1 | msvcrt.rand | |
f377 | kernel32.LoadLibraryA | |
f398 | kernel32.GetProcAddress | |
f3be | kernel32.GetProcAddress | |
f3dc | kernel32.GetProcAddress | |
f3fa | kernel32.GetProcAddress | |
f405 | kernel32.GetProcessHeap | |
f41f | ntdll.RtlReAllocateHeap | |
f432 | ntdll.RtlAllocateHeap | |
f43d | WINHTTP.WinHttpQueryDataAvailable | |
f44d | kernel32.VirtualAllocEx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment