分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-2 | 2021-04-21 21:33:41 | 2021-04-21 21:35:52 | 131 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | MEMZ.exe |
|---|---|
| 文件大小 | 132521 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8c6e7141deca32dbfa731091c0cc4c42 |
| SHA1 | 93a783a0c316449905f489e2b3ebb64a1a387411 |
| SHA256 | 0d0241717a66281143f9f356b6cb547ac57b604f3e3e7c0645e179f1db019f52 |
| SHA512 | 52a98411f80620e1a00f630cf8825703a3a5e18112a7660f8d083104097661c9a07d2708d411eed3621f601633d86b4c761906c4b91a4d3d8eacfbecb522cfaf |
| CRC32 | AA0368D2 |
| Ssdeep | 1536:qtEV5iDHXxcxYjyPdiOMu3yUyJCbYQCoPHZ7M1G:qzTXxcCy1kNotJ |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004014c0 |
| 声明校验值 | 0x0002a7e1 |
| 实际校验值 | 0x0002a7e1 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2020-06-28 20:41:32 |
| 载入哈希 | 3c4641ed2b08bf2e336e16915b7bc08c |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00002ab0 | 0x00002c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES | 5.78 |
| .data | 0x00004000 | 0x00000228 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_64BYTES | 2.43 |
| .rdata | 0x00005000 | 0x000012ec | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_64BYTES | 5.37 |
| .bss | 0x00007000 | 0x00000450 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_64BYTES | 0.00 |
| .idata | 0x00008000 | 0x00000cd8 | 0x00000e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES | 4.77 |
| .CRT | 0x00009000 | 0x00000034 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES | 0.27 |
| .tls | 0x0000a000 | 0x00000020 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES | 0.20 |
| /4 | 0x0000b000 | 0x000002d8 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_8BYTES | 1.65 |
| /19 | 0x0000c000 | 0x0000a6d5 | 0x0000a800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES | 6.04 |
| /31 | 0x00017000 | 0x0000199e | 0x00001a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES | 4.61 |
| /45 | 0x00019000 | 0x000018f3 | 0x00001a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES | 5.51 |
| /57 | 0x0001b000 | 0x00000780 | 0x00000800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES | 4.51 |
| /70 | 0x0001c000 | 0x000002f2 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES | 4.15 |
| /81 | 0x0001d000 | 0x00000d1e | 0x00000e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES | 3.14 |
| /92 | 0x0001e000 | 0x00000230 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_1BYTES | 1.62 |
覆盖
| 偏移量 | 0x00015800 |
| 大小 | 0x0000ada9 |
导入
库: ADVAPI32.dll:
• 0x408274 AdjustTokenPrivileges
• 0x408278 CryptAcquireContextA
• 0x40827c CryptGenRandom
• 0x408280 LookupPrivilegeValueA
• 0x408284 OpenProcessToken
库: KERNEL32.dll:
• 0x408298 CloseHandle
• 0x40829c CreateFileA
• 0x4082a0 CreateThread
• 0x4082a4 CreateToolhelp32Snapshot
• 0x4082a8 DeleteCriticalSection
• 0x4082ac EnterCriticalSection
• 0x4082b0 ExitProcess
• 0x4082b4 GetCommandLineW
• 0x4082b8 GetCurrentProcess
• 0x4082bc GetCurrentProcessId
• 0x4082c0 GetCurrentThreadId
• 0x4082c4 GetLastError
• 0x4082c8 GetModuleFileNameA
• 0x4082cc GetModuleHandleA
• 0x4082d0 GetProcAddress
• 0x4082d4 GetStartupInfoA
• 0x4082d8 GetSystemTimeAsFileTime
• 0x4082dc GetTickCount
• 0x4082e0 GlobalAlloc
• 0x4082e4 GlobalFree
• 0x4082e8 InitializeCriticalSection
• 0x4082ec LeaveCriticalSection
• 0x4082f0 LoadLibraryA
• 0x4082f4 LocalAlloc
• 0x4082f8 LocalFree
• 0x4082fc OpenProcess
• 0x408300 Process32First
• 0x408304 Process32Next
• 0x408308 QueryPerformanceCounter
• 0x40830c SetPriorityClass
• 0x408310 SetUnhandledExceptionFilter
• 0x408314 Sleep
• 0x408318 TerminateProcess
• 0x40831c TlsGetValue
• 0x408320 UnhandledExceptionFilter
• 0x408324 VirtualProtect
• 0x408328 VirtualQuery
• 0x40832c WriteFile
• 0x408330 lstrcmpA
• 0x408334 lstrcmpW
• 0x408338 lstrlenW
库: msvcrt.dll:
• 0x408340 __dllonexit
• 0x408344 __getmainargs
• 0x408348 __initenv
• 0x40834c __lconv_init
• 0x408350 __set_app_type
• 0x408354 __setusermatherr
• 0x408358 _acmdln
• 0x40835c _amsg_exit
• 0x408360 _cexit
• 0x408364 _fmode
• 0x408368 _initterm
• 0x40836c _iob
• 0x408370 _lock
• 0x408374 _onexit
• 0x408378 _unlock
• 0x40837c abort
• 0x408380 calloc
• 0x408384 exit
• 0x408388 fprintf
• 0x40838c free
• 0x408390 fwrite
• 0x408394 malloc
• 0x408398 memcpy
• 0x40839c signal
• 0x4083a0 strlen
• 0x4083a4 strncmp
• 0x4083a8 vfprintf
库: PSAPI.DLL:
• 0x4083b0 GetProcessImageFileNameA
库: USER32.dll:
• 0x4083c8 CallNextHookEx
• 0x4083cc CreateWindowExA
• 0x4083d0 DefWindowProcA
• 0x4083d4 DispatchMessageA
• 0x4083d8 DrawIcon
• 0x4083dc EnumChildWindows
• 0x4083e0 ExitWindowsEx
• 0x4083e4 GetCursorPos
• 0x4083e8 GetDesktopWindow
• 0x4083ec GetMessageA
• 0x4083f0 GetSystemMetrics
• 0x4083f4 GetWindowDC
• 0x4083f8 GetWindowRect
• 0x4083fc LoadIconA
• 0x408400 MessageBoxA
• 0x408404 MessageBoxW
• 0x408408 RegisterClassExA
• 0x40840c ReleaseDC
• 0x408410 SendInput
• 0x408414 SendMessageTimeoutW
• 0x408418 SetCursorPos
• 0x40841c SetWindowsHookExA
• 0x408420 TranslateMessage
• 0x408424 UnhookWindowsHookEx
库: WINMM.DLL:
• 0x40842c PlaySoundA
.text
P`.data
.rdata
p@.bss
.idata
@B/19
0B/70
destroyed instantly, so don't try it :D
http://google.co.ck/search?q=best+way+to+kill+yourself
http://google.co.ck/search?q=how+2+remove+a+virus
http://google.co.ck/search?q=mcafee+vs+norton
http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
http://google.co.ck/search?q=minecraft+hax+download+no+virus
http://google.co.ck/search?q=how+to+get+money
http://google.co.ck/search?q=bonzi+buddy+download+free
http://google.co.ck/search?q=how+2+buy+weed
http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
http://google.co.ck/search?q=what+happens+if+you+delete+system32
http://google.co.ck/search?q=g3t+r3kt
http://google.co.ck/search?q=batch+virus+download
http://google.co.ck/search?q=virus.exe
http://google.co.ck/search?q=internet+explorer+is+the+best+browser
http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
http://google.co.ck/search?q=virus+builder+legit+free+download
http://google.co.ck/search?q=how+to+create+your+own+ransomware
http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
http://google.co.ck/search?q=dank+memz
http://google.co.ck/search?q=how+to+download+memz
http://google.co.ck/search?q=half+life+3+release+date
http://google.co.ck/search?q=is+illuminati+real
http://google.co.ck/search?q=montage+parody+making+program+2016
http://google.co.ck/search?q=the+memz+are+real
http://google.co.ck/search?q=stanky+danky+maymays
http://google.co.ck/search?q=john+cena+midi+legit+not+converted
http://google.co.ck/search?q=vinesauce+meme+collection
http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
http://play.clubpenguin.com
http://pcoptimizerpro.com
http://softonic.com
notepad
write
regedit
explorer
taskmgr
msconfig
mspaint
devmgmt.msc
control
Now you are going to die.
REST IN PISS, FOREVER MISS.
I WARNED YOU...
HAHA N00B L2P G3T R3KT
You failed at your 1337 h4x0r skillz.
YOU TRIED SO HARD AND GOT SO FAR, BUT IN THE END, YOUR PC WAS STILL FUCKED!
ENJOY BAN!
GET BETTER HAX NEXT TIME xD
HAVE FUN TRYING TO RESTORE YOUR DATA :D
|\/|3|\/|2
BSOD INCOMING
VIRUS PRANK (GONE WRONG)
ENJOY THE NYAN CAT
Get dank antivirus m9!
HA HA HA HA HA HA HA
#MakeMalwareGreatAgain
SOMEBODY ONCE TOLD ME THE MEMZ ARE GONNA ROLL ME
Your PC is fucked anyway.
SecureBoot sucks.
gr8 m8 i r8 8/8
Have you tried turning it off and on again?
<Insert Joel quote here>
Greetings to all GAiA members!
Well, hello there. I don't believe we've been properly introduced. I'm Bonzi!
- danooct1 2016
- danooct1 2016
SystemHand
SystemQuestion
SystemExclamation
/watchdog
/main
\note.txt
notepad
ntdll
RtlAdjustPrivilege
NtRaiseHardError
SeShutdownPrivilege
Unknown error
Argument domain error (DOMAIN)
Argument singularity (SIGN)
Overflow range error (OVERFLOW)
The result is too small to be represented (UNDERFLOW)
Total loss of significance (TLOSS)
Partial loss of significance (PLOSS)
Address %p has no image-section
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
GCC: (GNU) 4.9.2
AdjustTokenPrivileges
CryptAcquireContextA
CryptGenRandom
LookupPrivilegeValueA
OpenProcessToken
BitBlt
StretchBlt
CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
OpenProcess
Process32First
Process32Next
QueryPerformanceCounter
SetPriorityClass
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WriteFile
lstrcmpA
lstrcmpW
lstrlenW
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_lock
_onexit
_unlock
abort
calloc
fprintf
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf
GetProcessImageFileNameA
CommandLineToArgvW
ShellExecuteA
ShellExecuteExA
CallNextHookEx
CreateWindowExA
DefWindowProcA
DispatchMessageA
DrawIcon
EnumChildWindows
ExitWindowsEx
GetCursorPos
GetDesktopWindow
GetMessageA
GetSystemMetrics
GetWindowDC
GetWindowRect
LoadIconA
MessageBoxA
MessageBoxW
RegisterClassExA
ReleaseDC
SendInput
SendMessageTimeoutW
SetCursorPos
SetWindowsHookExA
TranslateMessage
UnhookWindowsHookEx
PlaySoundA
ADVAPI32.dll
GDI32.dll
KERNEL32.dll
msvcrt.dll
PSAPI.DLL
SHELL32.DLL
USER32.dll
WINMM.DLL
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/crtexe.c
size_t
unsigned int
uintptr_t
wchar_t
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
_EXCEPTION_RECORD
ExceptionCode
ExceptionFlags
ExceptionAddress
NumberParameters
ExceptionInformation
_CONTEXT
ContextFlags
FloatSave
SegGs
SegFs
SegEs
SegDs
SegCs
EFlags
SegSs
ExtendedRegisters
WINBOOL
DWORD
float
LPBYTE
signed char
short int
long long unsigned int
LONG_PTR
ULONG_PTR
PVOID
LPSTR
PLONG
HANDLE
ULONGLONG
EXCEPTION_ROUTINE
PEXCEPTION_ROUTINE
_FLOATING_SAVE_AREA
ControlWord
StatusWord
TagWord
ErrorOffset
ErrorSelector
DataOffset
DataSelector
RegisterArea
Cr0NpxState
FLOATING_SAVE_AREA
CONTEXT
PCONTEXT
EXCEPTION_RECORD
PEXCEPTION_RECORD
_EXCEPTION_POINTERS
ContextRecord
_EXCEPTION_REGISTRATION_RECORD
Handler
handler
FiberData
Version
_NT_TIB
ExceptionList
StackBase
StackLimit
SubSystemTib
ArbitraryUserPointer
NT_TIB
PNT_TIB
_IMAGE_DOS_HEADER
e_magic
e_cblp
e_crlc
e_cparhdr
e_minalloc
e_maxalloc
e_csum
e_lfarlc
e_ovno
e_res
e_oemid
e_oeminfo
e_res2
e_lfanew
IMAGE_DOS_HEADER
PIMAGE_DOS_HEADER
_IMAGE_FILE_HEADER
Machine
NumberOfSections
TimeDateStamp
PointerToSymbolTable
NumberOfSymbols
SizeOfOptionalHeader
Characteristics
IMAGE_FILE_HEADER
_IMAGE_DATA_DIRECTORY
VirtualAddress
IMAGE_DATA_DIRECTORY
_IMAGE_OPTIONAL_HEADER
Magic
BaseOfData
IMAGE_OPTIONAL_HEADER32
PIMAGE_OPTIONAL_HEADER32
_IMAGE_OPTIONAL_HEADER64
Magic
PIMAGE_OPTIONAL_HEADER64
_IMAGE_NT_HEADERS
Signature
FileHeader
OptionalHeader
PIMAGE_NT_HEADERS32
PIMAGE_NT_HEADERS
PIMAGE_TLS_CALLBACK
HINSTANCE__
unused
HINSTANCE
PTOP_LEVEL_EXCEPTION_FILTER
LPTOP_LEVEL_EXCEPTION_FILTER
_STARTUPINFOA
lpReserved
lpDesktop
lpTitle
dwXSize
dwYSize
dwXCountChars
dwYCountChars
dwFillAttribute
dwFlags
wShowWindow
cbReserved2
lpReserved2
hStdInput
hStdOutput
hStdError
STARTUPINFOA
STARTUPINFO
double
long double
_invalid_parameter_handler
tagCOINITBASE
COINITBASE_MULTITHREADED
VARENUM
VT_EMPTY
VT_NULL
VT_I2
VT_I4
VT_R4
VT_R8
VT_CY
VT_DATE
VT_BSTR
VT_DISPATCH
VT_ERROR
VT_BOOL
VT_VARIANT
VT_UNKNOWN
VT_DECIMAL
VT_I1
VT_UI1
VT_UI2
VT_UI4
VT_I8
VT_UI8
VT_INT
VT_UINT
VT_VOID
VT_HRESULT
VT_PTR
VT_SAFEARRAY
VT_CARRAY
VT_USERDEFINED
VT_LPSTR
VT_LPWSTR
VT_RECORD
VT_INT_PTR
VT_UINT_PTR
VT_FILETIME
VT_BLOB
VT_STREAM
VT_STORAGE
VT_STREAMED_OBJECT
VT_STORED_OBJECT
VT_BLOB_OBJECT
VT_CF
VT_CLSID
VT_VERSIONED_STREAM
VT_BSTR_BLOB
VT_VECTOR
VT_ARRAY
VT_BYREF
VT_RESERVED
VT_ILLEGAL
VT_ILLEGALMASKED
VT_TYPEMASK
_PVFV
_PIFV
newmode
_startupinfo
__uninitialized
__initializing
__initialized
_exception
retval
_TCHAR
__readfsdword
!Offset
_InterlockedExchange
!Target
!Value
_InterlockedCompareExchange
!ExChange
%_TEB
&NtCurrentTeb
'InterlockedCompareExchange
)Exchange
'InterlockedExchange
)Target
)Value
*duplicate_ppstrings
,__mingw_invalidParameterHandler
-expression
-function
-file
-line
-pReserved
.check_managed_app
"pDOSHeader
"pPEHeader
"pNTHeader32
"pNTHeader64
/pre_c_init
,pre_cpp_init
/__tmainCRTStartup
9lpszCommandLine
:StartupInfo
9inDoubleQuote
9lock_free
9fiberid
9nested
GWinMainCRTStartup
GmainCRTStartup
:argc
:argv
:envp
:argret
:mainret
:managedapp
:has_cctor
:startinfo
J__globallocalestatus
J_imp___fmode
J_dowildcard
J_newmode
J_imp____initenv
J_imp___acmdln
J__native_startup_state
J__native_startup_lock
KJ_image_base__
J_imp___commode
J_fmode
J__xi_a
J__xi_z
J__xc_a
J__xc_z
J__dyn_tls_init_callback
J__onexitbegin
J__onexitend
Jmingw_app_type
M__mingw_winmain_hInstance
M__mingw_winmain_lpCmdLine
M__mingw_winmain_nShowCmd
J__mingw_oldexcpt_handler
Mmingw_pcinit
Mmingw_pcppinit
J_MINGW_INSTALL_DEBUG_MATHERR
Nmingw_initltsdrot_force
Nmingw_initltsdyn_force
Nmingw_initltssuo_force
Nmingw_initcharmax
O__set_app_type
P_encode_pointer
Q_setargv
O__mingw_setusermatherr
P__getmainargs
Pstrlen
Rmalloc
Smemcpy
T_pei386_runtime_relocator
\P_set_invalid_parameter_handler
T_fpreset
)T__main
LPmain
T_cexit
7O_amsg_exit
O_initterm
Uexit
T__security_init_cookie
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/tlssup.c
unsigned int
uintptr_t
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
ULONG
WINBOOL
DWORD
float
LPVOID
signed char
short int
long long unsigned int
ULONG_PTR
PVOID
HANDLE
PIMAGE_TLS_CALLBACK
_IMAGE_TLS_DIRECTORY32
StartAddressOfRawData
EndAddressOfRawData
AddressOfIndex
AddressOfCallBacks
SizeOfZeroFill
Characteristics
IMAGE_TLS_DIRECTORY32
IMAGE_TLS_DIRECTORY
_PVFV
__dyn_tls_init
pfunc
__dyn_tls_dtor
__dyn_tls_init@12
__tlregdtor
__xd_a
__xd_z
_tls_index
_tls_start
_tls_end
__xl_a
__xl_z
_tls_used
_CRT_MT
__dyn_tls_init_callback
__xl_c
__xl_d
mingw_initltsdrot_force
mingw_initltsdyn_force
mingw_initltssuo_force
__mingw_TLScallback
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/charmax.c
unsigned int
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
float
signed char
short int
long long unsigned int
double
long double
tagCOINITBASE
COINITBASE_MULTITHREADED
VARENUM
VT_EMPTY
VT_NULL
VT_I2
VT_I4
VT_R4
VT_R8
VT_CY
VT_DATE
VT_BSTR
VT_DISPATCH
VT_ERROR
VT_BOOL
VT_VARIANT
VT_UNKNOWN
VT_DECIMAL
VT_I1
VT_UI1
VT_UI2
VT_UI4
VT_I8
VT_UI8
VT_INT
VT_UINT
VT_VOID
VT_HRESULT
VT_PTR
VT_SAFEARRAY
VT_CARRAY
VT_USERDEFINED
VT_LPSTR
VT_LPWSTR
VT_RECORD
VT_INT_PTR
VT_UINT_PTR
VT_FILETIME
VT_BLOB
VT_STREAM
VT_STORAGE
VT_STREAMED_OBJECT
VT_STORED_OBJECT
VT_BLOB_OBJECT
VT_CF
VT_CLSID
VT_VERSIONED_STREAM
VT_BSTR_BLOB
VT_VECTOR
VT_ARRAY
VT_BYREF
VT_RESERVED
VT_ILLEGAL
VT_ILLEGALMASKED
VT_TYPEMASK
_PIFV
my_lconv_init
mingw_initcharmax
_charmax
__mingw_pinit
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/mingw_helpers.c
unsigned int
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
float
signed char
short int
long long unsigned int
double
long double
tagCOINITBASE
COINITBASE_MULTITHREADED
VARENUM
VT_EMPTY
VT_NULL
VT_I2
VT_I4
VT_R4
VT_R8
VT_CY
VT_DATE
VT_BSTR
VT_DISPATCH
VT_ERROR
VT_BOOL
VT_VARIANT
VT_UNKNOWN
VT_DECIMAL
VT_I1
VT_UI1
VT_UI2
VT_UI4
VT_I8
VT_UI8
VT_INT
VT_UINT
VT_VOID
VT_HRESULT
VT_PTR
VT_SAFEARRAY
VT_CARRAY
VT_USERDEFINED
VT_LPSTR
VT_LPWSTR
VT_RECORD
VT_INT_PTR
VT_UINT_PTR
VT_FILETIME
VT_BLOB
VT_STREAM
VT_STORAGE
VT_STREAMED_OBJECT
VT_STORED_OBJECT
VT_BLOB_OBJECT
VT_CF
VT_CLSID
VT_VERSIONED_STREAM
VT_BSTR_BLOB
VT_VECTOR
VT_ARRAY
VT_BYREF
VT_RESERVED
VT_ILLEGAL
VT_ILLEGALMASKED
VT_TYPEMASK
_decode_pointer
codedptr
_encode_pointer
mingw_app_type
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/xtxtmode.c
_fmode
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/atonexit.c
unsigned int
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
float
signed char
short int
long long unsigned int
_onexit_t
double
long double
tagCOINITBASE
COINITBASE_MULTITHREADED
VARENUM
VT_EMPTY
VT_NULL
VT_I2
VT_I4
VT_R4
VT_R8
VT_CY
VT_DATE
VT_BSTR
VT_DISPATCH
VT_ERROR
VT_BOOL
VT_VARIANT
VT_UNKNOWN
VT_DECIMAL
VT_I1
VT_UI1
VT_UI2
VT_UI4
VT_I8
VT_UI8
VT_INT
VT_UINT
VT_VOID
VT_HRESULT
VT_PTR
VT_SAFEARRAY
VT_CARRAY
VT_USERDEFINED
VT_LPSTR
VT_LPWSTR
VT_RECORD
VT_INT_PTR
VT_UINT_PTR
VT_FILETIME
VT_BLOB
VT_STREAM
VT_STORAGE
VT_STREAMED_OBJECT
VT_STORED_OBJECT
VT_BLOB_OBJECT
VT_CF
VT_CLSID
VT_VERSIONED_STREAM
VT_BSTR_BLOB
VT_VECTOR
VT_ARRAY
VT_BYREF
VT_RESERVED
VT_ILLEGAL
VT_ILLEGALMASKED
VT_TYPEMASK
_PVFV
mingw_onexit
onexitbegin
onexitend
retval
atexit
__onexitbegin
__onexitend
_imp___onexit
_decode_pointer
_lock
__dllonexit
_encode_pointer
_unlock
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/_newmode.c
_newmode
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/wildcard.c
_dowildcard
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/natstart.c
unsigned int
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
float
signed char
short int
long long unsigned int
double
long double
tagCOINITBASE
COINITBASE_MULTITHREADED
VARENUM
VT_EMPTY
VT_NULL
VT_I2
VT_I4
VT_R4
VT_R8
VT_CY
VT_DATE
VT_BSTR
VT_DISPATCH
VT_ERROR
VT_BOOL
VT_VARIANT
VT_UNKNOWN
VT_DECIMAL
VT_I1
VT_UI1
VT_UI2
VT_UI4
VT_I8
VT_UI8
VT_INT
VT_UINT
VT_VOID
VT_HRESULT
VT_PTR
VT_SAFEARRAY
VT_CARRAY
VT_USERDEFINED
VT_LPSTR
VT_LPWSTR
VT_RECORD
VT_INT_PTR
VT_UINT_PTR
VT_FILETIME
VT_BLOB
VT_STREAM
VT_STORAGE
VT_STREAMED_OBJECT
VT_STORED_OBJECT
VT_BLOB_OBJECT
VT_CF
VT_CLSID
VT_VERSIONED_STREAM
VT_BSTR_BLOB
VT_VECTOR
VT_ARRAY
VT_BYREF
VT_RESERVED
VT_ILLEGAL
VT_ILLEGALMASKED
VT_TYPEMASK
__uninitialized
__initializing
__initialized
__native_startup_state
__native_startup_lock
__native_dllmain_reason
__native_vcclrit_reason
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/crt_handler.c
unsigned int
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
_EXCEPTION_RECORD
ExceptionCode
ExceptionFlags
ExceptionAddress
NumberParameters
ExceptionInformation
_CONTEXT
ContextFlags
FloatSave
SegGs
SegFs
SegEs
SegDs
SegCs
EFlags
SegSs
ExtendedRegisters
DWORD
float
signed char
short int
long long unsigned int
ULONG_PTR
PVOID
_FLOATING_SAVE_AREA
ControlWord
StatusWord
TagWord
ErrorOffset
ErrorSelector
DataOffset
DataSelector
RegisterArea
Cr0NpxState
FLOATING_SAVE_AREA
CONTEXT
PCONTEXT
EXCEPTION_RECORD
PEXCEPTION_RECORD
_EXCEPTION_POINTERS
ContextRecord
EXCEPTION_POINTERS
PTOP_LEVEL_EXCEPTION_FILTER
LPTOP_LEVEL_EXCEPTION_FILTER
double
long double
tagCOINITBASE
COINITBASE_MULTITHREADED
VARENUM
VT_EMPTY
VT_NULL
VT_I2
VT_I4
VT_R4
VT_R8
VT_CY
VT_DATE
VT_BSTR
VT_DISPATCH
VT_ERROR
VT_BOOL
VT_VARIANT
VT_UNKNOWN
VT_DECIMAL
VT_I1
VT_UI1
VT_UI2
VT_UI4
VT_I8
VT_UI8
VT_INT
VT_UINT
VT_VOID
VT_HRESULT
VT_PTR
VT_SAFEARRAY
VT_CARRAY
VT_USERDEFINED
VT_LPSTR
VT_LPWSTR
VT_RECORD
VT_INT_PTR
VT_UINT_PTR
VT_FILETIME
VT_BLOB
VT_STREAM
VT_STORAGE
VT_STREAMED_OBJECT
VT_STORED_OBJECT
VT_BLOB_OBJECT
VT_CF
VT_CLSID
VT_VERSIONED_STREAM
VT_BSTR_BLOB
VT_VECTOR
VT_ARRAY
VT_BYREF
VT_RESERVED
VT_ILLEGAL
VT_ILLEGALMASKED
VT_TYPEMASK
__p_sig_fn_t
_gnu_exception_handler
_gnu_exception_handler@4
exception_data
old_handler
action
reset_fpu
__mingw_oldexcpt_handler
signal
_fpreset
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/cinitexe.c
unsigned int
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
_PVFV
__xi_a
__xi_z
__xc_a
__xc_z
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/dllargv.c
unsigned int
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
float
signed char
short int
long long unsigned int
double
long double
_setargv
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/merr.c
unsigned int
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
float
signed char
short int
long long unsigned int
double
long double
tagCOINITBASE
COINITBASE_MULTITHREADED
VARENUM
VT_EMPTY
VT_NULL
VT_I2
VT_I4
VT_R4
VT_R8
VT_CY
VT_DATE
VT_BSTR
VT_DISPATCH
VT_ERROR
VT_BOOL
VT_VARIANT
VT_UNKNOWN
VT_DECIMAL
VT_I1
VT_UI1
VT_UI2
VT_UI4
VT_I8
VT_UI8
VT_INT
VT_UINT
VT_VOID
VT_HRESULT
VT_PTR
VT_SAFEARRAY
VT_CARRAY
VT_USERDEFINED
VT_LPSTR
VT_LPWSTR
VT_RECORD
VT_INT_PTR
VT_UINT_PTR
VT_FILETIME
VT_BLOB
VT_STREAM
VT_STORAGE
VT_STREAMED_OBJECT
VT_STORED_OBJECT
VT_BLOB_OBJECT
VT_CF
VT_CLSID
VT_VERSIONED_STREAM
VT_BSTR_BLOB
VT_VECTOR
VT_ARRAY
VT_BYREF
VT_RESERVED
VT_ILLEGAL
VT_ILLEGALMASKED
VT_TYPEMASK
_iobuf
_base
_flag
_file
_charbuf
_bufsiz
_tmpfname
_exception
retval
fUserMathErr
__mingw_raise_matherr
__mingw_setusermatherr
_matherr
pexcept
stUserMathErr
_imp___iob
__setusermatherr
fprintf
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/pseudo-reloc.c
__gnuc_va_list
__builtin_va_list
va_list
size_t
unsigned int
ptrdiff_t
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
DWORD
float
PBYTE
LPBYTE
LPVOID
signed char
short int
long long unsigned int
ULONG_PTR
SIZE_T
PVOID
_MEMORY_BASIC_INFORMATION
BaseAddress
AllocationBase
AllocationProtect
RegionSize
State
Protect
MEMORY_BASIC_INFORMATION
PhysicalAddress
VirtualSize
_IMAGE_SECTION_HEADER
VirtualAddress
SizeOfRawData
PointerToRawData
PointerToRelocations
PointerToLinenumbers
NumberOfRelocations
NumberOfLinenumbers
Characteristics
PIMAGE_SECTION_HEADER
double
long double
tagCOINITBASE
COINITBASE_MULTITHREADED
VARENUM
VT_EMPTY
VT_NULL
VT_I2
VT_I4
VT_R4
VT_R8
VT_CY
VT_DATE
VT_BSTR
VT_DISPATCH
VT_ERROR
VT_BOOL
VT_VARIANT
VT_UNKNOWN
VT_DECIMAL
VT_I1
VT_UI1
VT_UI2
VT_UI4
VT_I8
VT_UI8
VT_INT
VT_UINT
VT_VOID
VT_HRESULT
VT_PTR
VT_SAFEARRAY
VT_CARRAY
VT_USERDEFINED
VT_LPSTR
VT_LPWSTR
VT_RECORD
VT_INT_PTR
VT_UINT_PTR
VT_FILETIME
VT_BLOB
VT_STREAM
VT_STORAGE
VT_STREAMED_OBJECT
VT_STORED_OBJECT
VT_BLOB_OBJECT
VT_CF
VT_CLSID
VT_VERSIONED_STREAM
VT_BSTR_BLOB
VT_VECTOR
VT_ARRAY
VT_BYREF
VT_RESERVED
VT_ILLEGAL
VT_ILLEGALMASKED
VT_TYPEMASK
_iobuf
_base
_flag
_file
_charbuf
_bufsiz
_tmpfname
addend
target
runtime_pseudo_reloc_item_v1
target
flags
runtime_pseudo_reloc_item_v2
magic1
magic2
version
runtime_pseudo_reloc_v2
old_protect
sec_start
__write_memory
do_pseudo_reloc
start
addr_imp
reldata
reloc_target
v2_hdr
newval
__report_error
#mark_section_writable
$addr
(restore_modified_sections
)oldprot
*_pei386_runtime_relocator
+was_init
,mSecs
the_secs
maxSections
7_imp___iob
7__RUNTIME_PSEUDO_RELOC_LIST__
7__RUNTIME_PSEUDO_RELOC_LIST_END__
7_image_base__
8__builtin_fwrite
fwrite
:vfprintf
;abort
<__mingw_GetSectionForAddress
=_GetPEImageBase
=__mingw_GetSectionCount
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/CRT_fp10.c
_fpreset
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/gccmain.c
unsigned int
ptrdiff_t
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
float
signed char
short int
long long unsigned int
double
long double
tagCOINITBASE
COINITBASE_MULTITHREADED
VARENUM
VT_EMPTY
VT_NULL
VT_I2
VT_I4
VT_R4
VT_R8
VT_CY
VT_DATE
VT_BSTR
VT_DISPATCH
VT_ERROR
VT_BOOL
VT_VARIANT
VT_UNKNOWN
VT_DECIMAL
VT_I1
VT_UI1
VT_UI2
VT_UI4
VT_I8
VT_UI8
VT_INT
VT_UINT
VT_VOID
VT_HRESULT
VT_PTR
VT_SAFEARRAY
VT_CARRAY
VT_USERDEFINED
VT_LPSTR
VT_LPWSTR
VT_RECORD
VT_INT_PTR
VT_UINT_PTR
VT_FILETIME
VT_BLOB
VT_STREAM
VT_STORAGE
VT_STREAMED_OBJECT
VT_STORED_OBJECT
VT_BLOB_OBJECT
VT_CF
VT_CLSID
VT_VERSIONED_STREAM
VT_BSTR_BLOB
VT_VECTOR
VT_ARRAY
VT_BYREF
VT_RESERVED
VT_ILLEGAL
VT_ILLEGALMASKED
VT_TYPEMASK
func_ptr
__do_global_dtors
__do_global_ctors
nptrs
__main
initialized
__CTOR_LIST__
__DTOR_LIST__
atexit
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/gs_support.c
unsigned int
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
double
float
long double
_EXCEPTION_RECORD
ExceptionCode
ExceptionFlags
ExceptionAddress
NumberParameters
ExceptionInformation
_CONTEXT
ContextFlags
FloatSave
SegGs
SegFs
SegEs
SegDs
SegCs
EFlags
SegSs
ExtendedRegisters
DWORD
signed char
short int
long long unsigned int
UINT_PTR
ULONG_PTR
PVOID
LONGLONG
LowPart
LowPart
_LARGE_INTEGER
QuadPart
LARGE_INTEGER
_FLOATING_SAVE_AREA
ControlWord
StatusWord
TagWord
ErrorOffset
ErrorSelector
DataOffset
DataSelector
RegisterArea
Cr0NpxState
FLOATING_SAVE_AREA
CONTEXT
PCONTEXT
EXCEPTION_RECORD
PEXCEPTION_RECORD
_EXCEPTION_POINTERS
ContextRecord
EXCEPTION_POINTERS
_FILETIME
dwLowDateTime
dwHighDateTime
FILETIME
NTSTATUS
ft_scalar
ft_struct
__security_init_cookie
cookie
systime
perfctr
__report_gsfailure
StackCookie
cookie
GS_ExceptionRecord
GS_ContextRecord
GS_ExceptionPointers
__security_cookie
__security_cookie_complement
!abort
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/tlsmcrt.c
_CRT_MT
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/tlsthrd.c
size_t
unsigned int
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
WINBOOL
DWORD
float
LPVOID
signed char
short int
long long unsigned int
ULONG_PTR
HANDLE
_LIST_ENTRY
Flink
Blink
LIST_ENTRY
_RTL_CRITICAL_SECTION_DEBUG
CreatorBackTraceIndex
CriticalSection
ProcessLocksList
EntryCount
ContentionCount
Flags
CreatorBackTraceIndexHigh
SpareWORD
_RTL_CRITICAL_SECTION
DebugInfo
LockCount
RecursionCount
OwningThread
LockSemaphore
SpinCount
PRTL_CRITICAL_SECTION_DEBUG
RTL_CRITICAL_SECTION
CRITICAL_SECTION
double
long double
__mingwthr_key_t
__mingwthr_key
__mingwthr_run_key_dtors
value
___w64_mingwthr_add_key_dtor
new_key
___w64_mingwthr_remove_key_dtor
prev_key
cur_key
__mingw_TLScallback
hDllHandle
reason
reserved
__mingwthr_cs
__mingwthr_cs_init
key_dtor_list
calloc
!free
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/pseudo-reloc-list.c
__RUNTIME_PSEUDO_RELOC_LIST_END__
__RUNTIME_PSEUDO_RELOC_LIST__
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt/pesect.c
size_t
unsigned int
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
WINBOOL
DWORD
float
PBYTE
LPVOID
signed char
short int
long long unsigned int
ULONG_PTR
DWORD_PTR
_IMAGE_DOS_HEADER
e_magic
e_cblp
e_crlc
e_cparhdr
e_minalloc
e_maxalloc
e_csum
e_lfarlc
e_ovno
e_res
e_oemid
e_oeminfo
e_res2
e_lfanew
IMAGE_DOS_HEADER
PIMAGE_DOS_HEADER
_IMAGE_FILE_HEADER
Machine
NumberOfSections
PointerToSymbolTable
NumberOfSymbols
SizeOfOptionalHeader
IMAGE_FILE_HEADER
_IMAGE_DATA_DIRECTORY
IMAGE_DATA_DIRECTORY
_IMAGE_OPTIONAL_HEADER
Magic
MajorLinkerVersion
MinorLinkerVersion
SizeOfCode
SizeOfInitializedData
SizeOfUninitializedData
AddressOfEntryPoint
BaseOfCode
BaseOfData
ImageBase
SectionAlignment
FileAlignment
MajorOperatingSystemVersion
MinorOperatingSystemVersion
MajorImageVersion
MinorImageVersion
MajorSubsystemVersion
MinorSubsystemVersion
Win32VersionValue
SizeOfImage
SizeOfHeaders
CheckSum
Subsystem
DllCharacteristics
SizeOfStackReserve
SizeOfStackCommit
SizeOfHeapReserve
SizeOfHeapCommit
LoaderFlags
NumberOfRvaAndSizes
DataDirectory
IMAGE_OPTIONAL_HEADER32
PIMAGE_OPTIONAL_HEADER32
PIMAGE_OPTIONAL_HEADER
_IMAGE_NT_HEADERS
Signature
FileHeader
OptionalHeader
PIMAGE_NT_HEADERS32
PIMAGE_NT_HEADERS
PhysicalAddress
VirtualSize
_IMAGE_SECTION_HEADER
SizeOfRawData
PointerToRawData
PointerToRelocations
PointerToLinenumbers
NumberOfRelocations
NumberOfLinenumbers
PIMAGE_SECTION_HEADER
OriginalFirstThunk
_IMAGE_IMPORT_DESCRIPTOR
ForwarderChain
FirstThunk
IMAGE_IMPORT_DESCRIPTOR
PIMAGE_IMPORT_DESCRIPTOR
double
long double
_ValidateImageBase
pDOSHeader
pOptHeader
_FindPESection
_FindPESectionByName
pName
__mingw_GetSectionForAddress
__mingw_GetSectionCount
_FindPESectionExec
_GetPEImageBase
_IsNonwritableInCurrentImage
pTarget
&rvaTarget
__mingw_enum_import_library_names
&importDesc
&importsStartRVA
)_image_base__
*strlen
,strncmp
../../../../../../src/gcc-4.9.2/libgcc/config/i386/cygwin.S
C:\crossdev\gccmaster\build-tdm64\gcc\x86_64-w64-mingw32\32\libgcc
GNU AS 2.24.51
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -O2 -O2 -fbuilding-libgcc -fno-stack-protector
../../../../../../src/gcc-4.9.2/libgcc/libgcc2.c
C:\crossdev\gccmaster\build-tdm64\gcc\x86_64-w64-mingw32\32\libgcc
unsigned int
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
double
float
long double
short int
ix86_tune_indices
X86_TUNE_SCHEDULE
X86_TUNE_PARTIAL_REG_DEPENDENCY
X86_TUNE_SSE_PARTIAL_REG_DEPENDENCY
X86_TUNE_SSE_SPLIT_REGS
X86_TUNE_PARTIAL_FLAG_REG_STALL
X86_TUNE_MOVX
X86_TUNE_MEMORY_MISMATCH_STALL
X86_TUNE_FUSE_CMP_AND_BRANCH_32
X86_TUNE_FUSE_CMP_AND_BRANCH_64
X86_TUNE_FUSE_CMP_AND_BRANCH_SOFLAGS
X86_TUNE_FUSE_ALU_AND_BRANCH
X86_TUNE_REASSOC_INT_TO_PARALLEL
X86_TUNE_REASSOC_FP_TO_PARALLEL
X86_TUNE_ACCUMULATE_OUTGOING_ARGS
X86_TUNE_PROLOGUE_USING_MOVE
X86_TUNE_EPILOGUE_USING_MOVE
X86_TUNE_USE_LEAVE
X86_TUNE_PUSH_MEMORY
X86_TUNE_SINGLE_PUSH
X86_TUNE_DOUBLE_PUSH
X86_TUNE_SINGLE_POP
X86_TUNE_DOUBLE_POP
X86_TUNE_PAD_SHORT_FUNCTION
X86_TUNE_PAD_RETURNS
X86_TUNE_FOUR_JUMP_LIMIT
X86_TUNE_SOFTWARE_PREFETCHING_BENEFICIAL
X86_TUNE_LCP_STALL
X86_TUNE_READ_MODIFY
X86_TUNE_USE_INCDEC
X86_TUNE_INTEGER_DFMODE_MOVES
X86_TUNE_OPT_AGU
X86_TUNE_AVOID_LEA_FOR_ADDR
X86_TUNE_SLOW_IMUL_IMM32_MEM
X86_TUNE_SLOW_IMUL_IMM8
X86_TUNE_AVOID_MEM_OPND_FOR_CMOVE
X86_TUNE_SINGLE_STRINGOP
X86_TUNE_MISALIGNED_MOVE_STRING_PRO_EPILOGUES
X86_TUNE_USE_SAHF
X86_TUNE_USE_CLTD
X86_TUNE_USE_BT
X86_TUNE_USE_HIMODE_FIOP
X86_TUNE_USE_SIMODE_FIOP
X86_TUNE_USE_FFREEP
X86_TUNE_EXT_80387_CONSTANTS
X86_TUNE_VECTORIZE_DOUBLE
X86_TUNE_GENERAL_REGS_SSE_SPILL
X86_TUNE_SSE_UNALIGNED_LOAD_OPTIMAL
X86_TUNE_SSE_UNALIGNED_STORE_OPTIMAL
X86_TUNE_SSE_PACKED_SINGLE_INSN_OPTIMAL
X86_TUNE_SSE_TYPELESS_STORES
X86_TUNE_SSE_LOAD0_BY_PXOR
X86_TUNE_INTER_UNIT_MOVES_TO_VEC
X86_TUNE_INTER_UNIT_MOVES_FROM_VEC
X86_TUNE_INTER_UNIT_CONVERSIONS
X86_TUNE_SPLIT_MEM_OPND_FOR_FP_CONVERTS
X86_TUNE_USE_VECTOR_FP_CONVERTS
X86_TUNE_USE_VECTOR_CONVERTS
X86_TUNE_AVX256_UNALIGNED_LOAD_OPTIMAL
X86_TUNE_AVX256_UNALIGNED_STORE_OPTIMAL
X86_TUNE_AVX128_OPTIMAL
X86_TUNE_DOUBLE_WITH_ADD
X86_TUNE_ALWAYS_FANCY_MATH_387
X86_TUNE_UNROLL_STRLEN
X86_TUNE_SHIFT1
X86_TUNE_ZERO_EXTEND_WITH_AND
X86_TUNE_PROMOTE_HIMODE_IMUL
X86_TUNE_FAST_PREFIX
X86_TUNE_READ_MODIFY_WRITE
X86_TUNE_MOVE_M1_VIA_OR
X86_TUNE_NOT_UNPAIRABLE
X86_TUNE_PARTIAL_REG_STALL
X86_TUNE_PROMOTE_QIMODE
X86_TUNE_PROMOTE_HI_REGS
X86_TUNE_HIMODE_MATH
X86_TUNE_SPLIT_LONG_MOVES
X86_TUNE_USE_XCHGB
X86_TUNE_USE_MOV0
X86_TUNE_NOT_VECTORMODE
X86_TUNE_AVOID_VECTOR_DECODE
X86_TUNE_AVOID_FALSE_DEP_FOR_BMI
X86_TUNE_BRANCH_PREDICTION_HINTS
X86_TUNE_QIMODE_MATH
X86_TUNE_PROMOTE_QI_REGS
X86_TUNE_ADJUST_UNROLL
X86_TUNE_LAST
ix86_arch_indices
X86_ARCH_CMOV
X86_ARCH_CMPXCHG
X86_ARCH_CMPXCHG8B
X86_ARCH_XADD
X86_ARCH_BSWAP
X86_ARCH_LAST
signed char
long long unsigned int
complex float
complex double
complex long double
__float128
__unknown__
func_ptr
__CTOR_LIST__
__DTOR_LIST__
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/misc/mingw_matherr.c
_MINGW_INSTALL_DEBUG_MATHERR
GNU C 4.9.2 -m32 -mtune=generic -march=x86-64 -g -O2 -std=gnu99
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/misc/invalid_parameter_handler.c
unsigned int
uintptr_t
wchar_t
short unsigned int
long int
long long int
sizetype
long unsigned int
unsigned char
float
signed char
short int
long long unsigned int
LONG_PTR
PVOID
PLONG
double
long double
tagCOINITBASE
COINITBASE_MULTITHREADED
VARENUM
VT_EMPTY
VT_NULL
VT_I2
VT_I4
VT_R4
VT_R8
VT_CY
VT_DATE
VT_BSTR
VT_DISPATCH
VT_ERROR
VT_BOOL
VT_VARIANT
VT_UNKNOWN
VT_DECIMAL
VT_I1
VT_UI1
VT_UI2
VT_UI4
VT_I8
VT_UI8
VT_INT
VT_UINT
VT_VOID
VT_HRESULT
VT_PTR
VT_SAFEARRAY
VT_CARRAY
VT_USERDEFINED
VT_LPSTR
VT_LPWSTR
VT_RECORD
VT_INT_PTR
VT_UINT_PTR
VT_FILETIME
VT_BLOB
VT_STREAM
VT_STORAGE
VT_STREAMED_OBJECT
VT_STORED_OBJECT
VT_BLOB_OBJECT
VT_CF
VT_CLSID
VT_VERSIONED_STREAM
VT_BSTR_BLOB
VT_VECTOR
VT_ARRAY
VT_BYREF
VT_RESERVED
VT_ILLEGAL
VT_ILLEGALMASKED
VT_TYPEMASK
_InterlockedExchange
Target
Value
InterlockedExchange
Target
Value
mingw_get_invalid_parameter_handler
mingw_set_invalid_parameter_handler
new_handler
handler
_imp___set_invalid_parameter_handler
_imp___get_invalid_parameter_handler
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include/psdk_inc
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/include
crtexe.c
intrin-impl.h
crtdefs.h
winnt.h
minwindef.h
basetsd.h
errhandlingapi.h
processthreadsapi.h
stdlib.h
combaseapi.h
wtypes.h
internal.h
math.h
tchar.h
interlockedapi.h
ctype.h
string.h
process.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
tlssup.c
crtdefs.h
minwindef.h
basetsd.h
winnt.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/include
charmax.c
combaseapi.h
wtypes.h
internal.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
mingw_helpers.c
combaseapi.h
wtypes.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
xtxtmode.c
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/include
atonexit.c
combaseapi.h
wtypes.h
stdlib.h
internal.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
_newmode.c
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
wildcard.c
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/include
combaseapi.h
wtypes.h
natstart.c
internal.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
crt_handler.c
winnt.h
minwindef.h
basetsd.h
errhandlingapi.h
combaseapi.h
wtypes.h
signal.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
cinitexe.c
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
dllargv.c
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/include
merr.c
combaseapi.h
wtypes.h
internal.h
math.h
stdio.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
pseudo-reloc.c
vadefs.h
crtdefs.h
minwindef.h
basetsd.h
winnt.h
combaseapi.h
wtypes.h
stdio.h
<built-in>
stdlib.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
CRT_fp10.c
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
gccmain.c
combaseapi.h
wtypes.h
crtdefs.h
stdlib.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
gs_support.c
winnt.h
minwindef.h
basetsd.h
stdlib.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
tlsmcrt.c
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
tlsthrd.c
crtdefs.h
minwindef.h
basetsd.h
winnt.h
minwinbase.h
stdlib.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
pseudo-reloc-list.c
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/crt
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
pesect.c
crtdefs.h
minwindef.h
basetsd.h
winnt.h
string.h
../../../../../../src/gcc-4.9.2/libgcc/config/i386
cygwin.S
../../../../../../src/gcc-4.9.2/libgcc/../gcc/config/i386
../../../../../../src/gcc-4.9.2/libgcc
i386.h
libgcc2.c
gbl-ctors.h
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/misc
mingw_matherr.c
C:/crossdev/src/mingw-w64-v3-git/mingw-w64-crt/misc
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include/psdk_inc
C:/crossdev/gccmaster/host-toolchain-tdm64/x86_64-w64-mingw32/include
invalid_parameter_handler.c
intrin-impl.h
crtdefs.h
basetsd.h
winnt.h
combaseapi.h
wtypes.h
interlockedapi.h
Destination
Subsystem
CheckSum
SizeOfImage
BaseOfCode
SectionAlignment
MinorSubsystemVersion
DataDirectory
SizeOfStackCommit
ImageBase
SizeOfCode
MajorLinkerVersion
Comperand
SizeOfHeapReserve
SizeOfInitializedData
SizeOfStackReserve
SizeOfHeapCommit
MinorLinkerVersion
__enative_startup_state
SizeOfUninitializedData
AddressOfEntryPoint
MajorSubsystemVersion
SizeOfHeaders
MajorOperatingSystemVersion
FileAlignment
NumberOfRvaAndSizes
ExceptionRecord
DllCharacteristics
MinorImageVersion
MinorOperatingSystemVersion
LoaderFlags
Win32VersionValue
MajorImageVersion
hDllHandle
lpreserved
dwReason
__enative_startup_state
ExceptionRecord
sSecInfo
ExceptionRecord
HighPart
pSection
TimeDateStamp
pNTHeader
Characteristics
pImageBase
VirtualAddress
iSection
.file
crtexe.c
_envp
_argv
_argc
_argret
.text
.data
.file
crtbegin.c
.text
.data
.file
data.cpp
.text
.data
.rdata
.file
main.cpp
_main
.text
.data
.rdata
.file
payloads.cpp
.text
.data
.rdata
.file
utils.cpp
.text
.data
.file
.text
.data
.file
hname
fthunk
.text
.data
.file
.text
.data
.text
.data
.file
hname
fthunk
.text
.data
.idata$2P
.file
.text
.data
.file
tlssup.c
___xd_a
___xd_z
.text
.data
.CRT$XLD$
.CRT$XLC
.rdata
.CRT$XDZ0
.CRT$XDA,
.CRT$XLZ(
.tls$AAA
.file
charmax.c
.text
.data
.file
mingw_helpers.c
.text
.data
.file
xtxtmode.c
.text
.data
.file
atonexit.c
_atexit
.text
.data
.file
_newmode.c
.text
.data
.file
wildcard.c
.text
.data
.file
natstart.c
.text
.data
.file
crt_handler.c
.text
.data
.file
cinitexe.c
.text
.data
.CRT$XCA
.file
dllargv.c
.text
.data
.file
merr.c
.text
.data
.rdata
.file
pseudo-reloc.c
.text
.data
.rdata
.file
CRT_fp10.c
_fpreset "
.text
.data
.file
gccmain.c
___main
.text
.data
.file
gs_support.c
.text
.data
.rdata
.file
tlsmcrt.c
.text
.data
.file
tlsthrd.c
.text
.data
.file
.text
.data
.file
pesect.c
.text
.data
.file
.text
.data
.file
libgcc2.c
.text
.data
.file
mingw_matherr.c
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.file
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.idata$7
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.file
hname
fthunk
.text
.data
.idata$2<
.file
.text
.data
.file
hname
fthunk
.text
.data
.file
.text
.data
.file
hname
fthunk
.text
.data
.idata$2
.file
.text
.data
.file
hname
fthunk
.text
.data
.idata$2d
.file
.text
.data
.file
hname
fthunk
.text
.data
.idata$2x
.file
.text
.data
.text
.data
.text
.data
.idata$5
.text
.data
.file
hname
fthunk
.text
.data
.idata$2(
.file
.text
.data
.file
crtend.c
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.idata$4
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.idata$5
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.idata$4
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
.text
.data
_prov
__cexit
___xi_a
_free
_msgs
___xl_c
_scrh
___xl_z
__unlock8*
_scrw
_nMsgs
__dll__
_fwrite
_sounds
___xc_a
_memcpy
___xl_a
___xl_d
_fprintfP*
_calloc
__fmode
__lock
___xc_z
__end__
_nSites
_signal
_malloc
_abort
___xi_z
_sites
_strlen
_exit
_Sleep@4
.debug_aranges
.debug_info
.debug_abbrev
.debug_line
.debug_frame
.debug_str
.debug_loc
.debug_ranges
___mingw_invalidParameterHandler
_pre_c_init
_managedapp
_pre_cpp_init
_startinfo
___tmainCRTStartup
_has_cctor
_WinMainCRTStartup
_mainCRTStartup
.CRT$XCAA
.CRT$XIAA
.debug_info
.debug_abbrev
.debug_loc
.debug_aranges
.debug_ranges
.debug_line
.debug_str
.rdata$zzz
.debug_frame
__Z10WindowProcP6HWND__jjl@16
__Z14watchdogThreadPv@4
__Z11killWindowsv
__Z18killWindowsInstantv
__Z16ripMessageThreadPv@4
__Z13payloadThreadPv@4
__Z14payloadExecuteii
__Z12payloadBlinkii
__Z13payloadCursorii
__Z17payloadMessageBoxii
__Z16messageBoxThreadPv@4
__Z10msgBoxHookijl@12
__Z17payloadChangeTextii
__Z13EnumChildProcP6HWND__l@8
__Z12payloadSoundii
__Z13payloadPuzzleii
__Z15payloadKeyboardii
__Z10payloadPIPii
__Z17payloadDrawErrorsii
__Z6randomv
__Z11strReverseWPw
win32_crt_float.cpp
___dyn_tls_dtor@12
___dyn_tls_init@12
___tlregdtor
_my_lconv_init
__decode_pointer
__encode_pointer
_mingw_onexit
__gnu_exception_handler@4
__setargv
___mingw_raise_matherr
_stUserMathErr
___mingw_setusermatherr
__matherr
_CSWTCH.5
___report_error
_mark_section_writable
_maxSections
_the_secs
__pei386_runtime_relocator
_was_init.60804
__fpreset
___do_global_dtors
___do_global_ctors
_initialized
___security_init_cookie
.data$__security_cookie
.data$__security_cookie_complement
___report_gsfailure
_GS_ExceptionRecord
_GS_ContextRecord
_GS_ExceptionPointers
___mingwthr_run_key_dtors.part.0
___mingwthr_cs
_key_dtor_list
____w64_mingwthr_add_key_dtor
___mingwthr_cs_init
____w64_mingwthr_remove_key_dtor
___mingw_TLScallback
pseudo-reloc-list.c
__ValidateImageBase.part.0
__ValidateImageBase
__FindPESection
__FindPESectionByName
___mingw_GetSectionForAddress
___mingw_GetSectionCount
__FindPESectionExec
__GetPEImageBase
__IsNonwritableInCurrentImage
___mingw_enum_import_library_names
_mingw_get_invalid_parameter_handler
__get_invalid_parameter_handler
_mingw_set_invalid_parameter_handler
__set_invalid_parameter_handler
invalid_parameter_handler.c
_VirtualProtect@16
__imp__lstrcmpW@8
___RUNTIME_PSEUDO_RELOC_LIST__
__imp__MessageBoxW@16
__head_lib32_libuser32_a
__imp__GetProcessImageFileNameA@12
_QueryPerformanceCounter@4
_CreateToolhelp32Snapshot@8
__imp__CloseHandle@4
__data_start__
___DTOR_LIST__
__lib32_libuser32_a_iname
__imp__LocalFree@4
__imp__VirtualProtect@16
__imp___acmdln
___setusermatherr
_UnhandledExceptionFilter@4
__imp___onexit
__imp__GetLastError@0
_SetUnhandledExceptionFilter@4
__imp__VirtualQuery@12
__imp__UnhookWindowsHookEx@4
__imp__ShellExecuteExA@4
_GetModuleFileNameA@12
__imp__CreateWindowExA@48
___tls_start__
___native_startup_lock
__imp__Process32First@8
__lib32_libadvapi32_a_iname
__imp__CreateFileA@28
__imp__TlsGetValue@4
__imp__InitializeCriticalSection@4
_CallNextHookEx@16
_DeleteCriticalSection@4
__rt_psrelocs_start
__imp__abort
__dll_characteristics__
__size_of_stack_commit__
__imp___fmode
_ShellExecuteExA@4
__size_of_stack_reserve__
__major_subsystem_version__
___crt_xl_start__
__newmode
___crt_xi_start__
__imp___amsg_exit
___crt_xi_end__
_ShellExecuteA@24
__imp__CryptGenRandom@12
_MessageBoxW@16
_GetLastError@0
__imp__CommandLineToArgvW@8
__imp__QueryPerformanceCounter@4
_TranslateMessage@4
_VirtualQuery@12
__imp__TranslateMessage@4
_mingw_initltsdrot_force
__head_lib32_libshell32_a
__imp___iob
__dowildcard
__imp__WriteFile@20
_GetModuleHandleA@4
_BitBlt@36
__imp__strncmp
_OpenProcessToken@12
__imp__GlobalFree@4
__imp__OpenProcess@12
_AdjustTokenPrivileges@24
_GetCursorPos@4
__imp__LocalAlloc@8
_Process32Next@8
_DefWindowProcA@16
__bss_start__
___RUNTIME_PSEUDO_RELOC_LIST_END__
__imp__GetSystemMetrics@4
_CreateThread@24
__imp__LookupPrivilegeValueA@12
__lib32_libwinmm_a_iname
__head_lib32_libgdi32_a
__imp__Process32Next@8
__size_of_heap_commit__
__imp__CallNextHookEx@16
_enablePayloads
___onexitend
_MessageBoxA@16
__imp__GetCurrentProcess@0
__imp__DispatchMessageA@4
_DrawIcon@16
__imp__EnumChildWindows@12
_mingw_pcinit
__imp__GetProcAddress@8
_GetProcAddress@8
___crt_xp_start__
__head_lib32_libpsapi_a
__MINGW_INSTALL_DEBUG_MATHERR
__imp__lstrlenW@4
___crt_xp_end__
__imp__signal
__minor_os_version__
__imp__SendInput@12
_LoadIconA@8
_LookupPrivilegeValueA@12
_GetTickCount@0
__image_base__
_SetWindowsHookExA@16
__imp__exit
__imp__GetCursorPos@4
__section_alignment__
__imp__GetWindowDC@4
_LoadLibraryA@4
__lib32_libshell32_a_iname
_StretchBlt@44
__imp__CreateThread@24
__imp__GetStartupInfoA@4
__IAT_end__
__imp____lconv_init
__RUNTIME_PSEUDO_RELOC_LIST__
__imp__GetDesktopWindow@0
__tls_start
_ExitProcess@4
__imp__OpenProcessToken@12
_lstrcmpA@8
___native_startup_state
_nPayloads
_GetWindowDC@4
__data_end__
___getmainargs
_PlaySoundA@12
__CTOR_LIST__
_RegisterClassExA@4
___onexitbegin
___set_app_type
_CryptAcquireContextA@20
__charmax
_GetMessageA@16
___mingw_winmain_lpCmdLine
__bss_end__
_CreateWindowExA@48
__imp__lstrcmpA@8
___security_cookie_complement
___crt_xc_end__
_GetWindowRect@8
__lib32_libpsapi_a_iname
__lib32_libgdi32_a_iname
__tls_index
__imp__GetTickCount@0
_ReleaseDC@8
___crt_xc_start__
__imp__GetMessageA@16
__lib32_libkernel32_a_iname
___CTOR_LIST__
__imp__GetCurrentProcessId@0
__imp__GetCommandLineW@0
_CreateFileA@28
_mingw_app_type
_UnhookWindowsHookEx@4
__initterm
_DispatchMessageA@4
__imp__TerminateProcess@8
__rt_psrelocs_size
__imp__MessageBoxA@16
_GetSystemMetrics@4
_GetStartupInfoA@4
_GlobalAlloc@8
_GetCurrentProcessId@0
__imp____dllonexit
__imp__CryptAcquireContextA@20
__imp__memcpy
__file_alignment__
__imp__StretchBlt@44
__imp___unlock
__head_lib32_libmsvcrt_a
__imp__LeaveCriticalSection@4
_payloads
__imp__malloc
__fltused
___mingw_pinit
_ExitWindowsEx@8
__major_os_version__
__imp__ExitWindowsEx@8
__lib32_libmsvcrt_a_iname
_CloseHandle@4
__imp__AdjustTokenPrivileges@24
__IAT_start__
__imp__SetPriorityClass@8
_LocalFree@4
__tls_end
__imp____initenv
__imp__GetWindowRect@8
__imp___get_invalid_parameter_handler
__imp__GlobalAlloc@8
__imp__GetModuleHandleA@4
___dllonexit
__imp___lock
__DTOR_LIST__
__imp__fprintf
_TerminateProcess@8
__imp__CreateToolhelp32Snapshot@8
_EnterCriticalSection@4
__imp___initterm
_GetCurrentThreadId@0
__size_of_heap_reserve__
___crt_xt_start__
_lstrlenW@4
__imp__SendMessageTimeoutW@28
___ImageBase
__subsystem__
__imp__strlen
_SetCursorPos@8
_OpenProcess@12
___mingw_oldexcpt_handler
__imp__calloc
___native_vcclrit_reason
_EnumChildWindows@12
__imp__GetSystemTimeAsFileTime@4
___lconv_init
_SendInput@12
__amsg_exit
/watchdog
Still using this computer?
进程树
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49178 | 104.18.11.207 maxcdn.bootstrapcdn.com | 443 |
| 192.168.122.202 | 49188 | 104.18.11.207 maxcdn.bootstrapcdn.com | 443 |
| 192.168.122.202 | 49189 | 104.21.234.150 www.jqueryscript.net | 443 |
| 192.168.122.202 | 49185 | 13.107.213.50 www.clarity.ms | 443 |
| 192.168.122.202 | 49190 | 13.225.93.110 static.hotjar.com | 443 |
| 192.168.122.202 | 49175 | 180.163.150.161 fonts.googleapis.com | 443 |
| 192.168.122.202 | 49176 | 180.163.150.161 fonts.googleapis.com | 443 |
| 192.168.122.202 | 49191 | 180.163.150.161 fonts.googleapis.com | 80 |
| 192.168.122.202 | 49179 | 23.111.8.154 oss.maxcdn.com | 443 |
| 192.168.122.202 | 49180 | 23.111.8.154 oss.maxcdn.com | 443 |
| 192.168.122.202 | 49167 | 23.215.99.88 acroipm.adobe.com | 80 |
| 192.168.122.202 | 49168 | 3.20.244.3 pcoptimizerpro.com | 80 |
| 192.168.122.202 | 49170 | 3.20.244.3 pcoptimizerpro.com | 80 |
| 192.168.122.202 | 49171 | 3.20.244.3 pcoptimizerpro.com | 80 |
| 192.168.122.202 | 49172 | 3.20.244.3 pcoptimizerpro.com | 80 |
| 192.168.122.202 | 49173 | 3.20.244.3 pcoptimizerpro.com | 80 |
| 192.168.122.202 | 49174 | 3.20.244.3 pcoptimizerpro.com | 80 |
| 192.168.122.202 | 49181 | 3.20.244.3 pcoptimizerpro.com | 443 |
| 192.168.122.202 | 49182 | 3.20.244.3 pcoptimizerpro.com | 443 |
| 192.168.122.202 | 49186 | 3.20.244.3 pcoptimizerpro.com | 443 |
| 192.168.122.202 | 49192 | 3.20.244.3 pcoptimizerpro.com | 443 |
| 192.168.122.202 | 49183 | 91.199.212.52 crt.usertrust.com | 80 |
| 192.168.122.202 | 49184 | 91.199.212.52 crt.usertrust.com | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 50785 | 192.168.122.1 | 53 |
| 192.168.122.202 | 51349 | 192.168.122.1 | 53 |
| 192.168.122.202 | 51791 | 192.168.122.1 | 53 |
| 192.168.122.202 | 52150 | 192.168.122.1 | 53 |
| 192.168.122.202 | 53310 | 192.168.122.1 | 53 |
| 192.168.122.202 | 53474 | 192.168.122.1 | 53 |
| 192.168.122.202 | 56158 | 192.168.122.1 | 53 |
| 192.168.122.202 | 56767 | 192.168.122.1 | 53 |
| 192.168.122.202 | 56802 | 192.168.122.1 | 53 |
| 192.168.122.202 | 57208 | 192.168.122.1 | 53 |
| 192.168.122.202 | 58495 | 192.168.122.1 | 53 |
| 192.168.122.202 | 61239 | 192.168.122.1 | 53 |
| 192.168.122.202 | 61625 | 192.168.122.1 | 53 |
| 192.168.122.202 | 62960 | 192.168.122.1 | 53 |
| 192.168.122.202 | 64524 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49178 | 104.18.11.207 maxcdn.bootstrapcdn.com | 443 |
| 192.168.122.202 | 49188 | 104.18.11.207 maxcdn.bootstrapcdn.com | 443 |
| 192.168.122.202 | 49189 | 104.21.234.150 www.jqueryscript.net | 443 |
| 192.168.122.202 | 49185 | 13.107.213.50 www.clarity.ms | 443 |
| 192.168.122.202 | 49190 | 13.225.93.110 static.hotjar.com | 443 |
| 192.168.122.202 | 49175 | 180.163.150.161 fonts.googleapis.com | 443 |
| 192.168.122.202 | 49176 | 180.163.150.161 fonts.googleapis.com | 443 |
| 192.168.122.202 | 49191 | 180.163.150.161 fonts.googleapis.com | 80 |
| 192.168.122.202 | 49179 | 23.111.8.154 oss.maxcdn.com | 443 |
| 192.168.122.202 | 49180 | 23.111.8.154 oss.maxcdn.com | 443 |
| 192.168.122.202 | 49167 | 23.215.99.88 acroipm.adobe.com | 80 |
| 192.168.122.202 | 49168 | 3.20.244.3 pcoptimizerpro.com | 80 |
| 192.168.122.202 | 49170 | 3.20.244.3 pcoptimizerpro.com | 80 |
| 192.168.122.202 | 49171 | 3.20.244.3 pcoptimizerpro.com | 80 |
| 192.168.122.202 | 49172 | 3.20.244.3 pcoptimizerpro.com | 80 |
| 192.168.122.202 | 49173 | 3.20.244.3 pcoptimizerpro.com | 80 |
| 192.168.122.202 | 49174 | 3.20.244.3 pcoptimizerpro.com | 80 |
| 192.168.122.202 | 49181 | 3.20.244.3 pcoptimizerpro.com | 443 |
| 192.168.122.202 | 49182 | 3.20.244.3 pcoptimizerpro.com | 443 |
| 192.168.122.202 | 49186 | 3.20.244.3 pcoptimizerpro.com | 443 |
| 192.168.122.202 | 49192 | 3.20.244.3 pcoptimizerpro.com | 443 |
| 192.168.122.202 | 49183 | 91.199.212.52 crt.usertrust.com | 80 |
| 192.168.122.202 | 49184 | 91.199.212.52 crt.usertrust.com | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 50785 | 192.168.122.1 | 53 |
| 192.168.122.202 | 51349 | 192.168.122.1 | 53 |
| 192.168.122.202 | 51791 | 192.168.122.1 | 53 |
| 192.168.122.202 | 52150 | 192.168.122.1 | 53 |
| 192.168.122.202 | 53310 | 192.168.122.1 | 53 |
| 192.168.122.202 | 53474 | 192.168.122.1 | 53 |
| 192.168.122.202 | 56158 | 192.168.122.1 | 53 |
| 192.168.122.202 | 56767 | 192.168.122.1 | 53 |
| 192.168.122.202 | 56802 | 192.168.122.1 | 53 |
| 192.168.122.202 | 57208 | 192.168.122.1 | 53 |
| 192.168.122.202 | 58495 | 192.168.122.1 | 53 |
| 192.168.122.202 | 61239 | 192.168.122.1 | 53 |
| 192.168.122.202 | 61625 | 192.168.122.1 | 53 |
| 192.168.122.202 | 62960 | 192.168.122.1 | 53 |
| 192.168.122.202 | 64524 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/ | GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/include/script/faq.js | GET /include/script/faq.js HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/include/css/PCPRO.css | GET /include/css/PCPRO.css HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/new/css/owl.carousel.css | GET /new/css/owl.carousel.css HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/include/css/tab.css | GET /include/css/tab.css HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/new/css/style.css | GET /new/css/style.css HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/new/css/owl.theme.css | GET /new/css/owl.theme.css HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/new/css/font-awesome.min.css | GET /new/css/font-awesome.min.css HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/new/js/jquery.min.js | GET /new/js/jquery.min.js HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/new/js/bootstrap.min.js | GET /new/js/bootstrap.min.js HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/new/js/owl.carousel.js | GET /new/js/owl.carousel.js HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/new/css/bootstrap.min.css | GET /new/css/bootstrap.min.css HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/inc/css/media.css | GET /inc/css/media.css HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/include/script/supportlicense.js | GET /include/script/supportlicense.js HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/include/script/tabcontent.js | GET /include/script/tabcontent.js HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt | GET /USERTrustRSAAddTrustCA.crt HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: crt.usertrust.com |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/inc/css/style.css | GET /inc/css/style.css HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/new/fonts/glyphicons-halflings-regular.eot? | GET /new/fonts/glyphicons-halflings-regular.eot? HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/new/fonts/fontawesome-webfont.eot? | GET /new/fonts/fontawesome-webfont.eot? HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/new/images/basebghar.gif | GET /new/images/basebghar.gif HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/inc/images/green.png | GET /inc/images/green.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/inc/images/Universal%20Fixer.png | GET /inc/images/Universal%20Fixer.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/inc/images/Manage_Startup.png | GET /inc/images/Manage_Startup.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/inc/images/System%20_Info.png | GET /inc/images/System%20_Info.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/inc/images/blog_img.jpg | GET /inc/images/blog_img.jpg HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/inc/images/blog2.jpg | GET /inc/images/blog2.jpg HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/images/cross.png | GET /images/cross.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/images/maclogo.png | GET /images/maclogo.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/inc/images/arrow_blu.png | GET /inc/images/arrow_blu.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/images/mac.png | GET /images/mac.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/images/button.png | GET /images/button.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/inc/images/File%20_Shredder.png | GET /inc/images/File%20_Shredder.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/images/facebooknew.png | GET /images/facebooknew.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/images/twitternew.png | GET /images/twitternew.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/images/linkedinnew.png | GET /images/linkedinnew.png HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://pcoptimizerpro.com/inc/images/footer_blue.jpg | GET /inc/images/footer_blue.jpg HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pcoptimizerpro.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://www.google-analytics.com/analytics.js | GET /analytics.js HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.google-analytics.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://www.google-analytics.com/collect?v=1&_v=j90&a=361835259&t=pageview&_s=1&dl=http%3A%2F%2Fpcoptimizerpro.com%2F&ul=zh-cn&de=utf-8&dt=PC%20Optimizer%20Pro%20%7C%20Best%20Free%20PC%20Optimizer%20%7C%20Best%20PC%20Booster&sd=24-bit&sr=800x600&vp=772x345&je=0&fl=24.0%20r0&_u=IGBAgE~&jid=986901641&gjid=1542273648&cid=1190291911.1608644059&tid=UA-2880870-1&_gid=826223760.1608644059&z=813516702 | GET /collect?v=1&_v=j90&a=361835259&t=pageview&_s=1&dl=http%3A%2F%2Fpcoptimizerpro.com%2F&ul=zh-cn&de=utf-8&dt=PC%20Optimizer%20Pro%20%7C%20Best%20Free%20PC%20Optimizer%20%7C%20Best%20PC%20Booster&sd=24-bit&sr=800x600&vp=772x345&je=0&fl=24.0%20r0&_u=IGBAgE~&jid=986901641&gjid=1542273648&cid=1190291911.1608644059&tid=UA-2880870-1&_gid=826223760.1608644059&z=813516702 HTTP/1.1 Accept: */* Referer: http://pcoptimizerpro.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.google-analytics.com Connection: Keep-Alive |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2021-04-21 21:35:34.447725+0800 | 13.225.93.110 | 443 | 192.168.122.202 | 49190 | TCP | 2230003 | SURICATA TLS invalid handshake message | Generic Protocol Command Decode |
| 2021-04-21 21:35:34.447725+0800 | 13.225.93.110 | 443 | 192.168.122.202 | 49190 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
| 2021-04-21 21:35:34.447725+0800 | 192.168.122.202 | 49190 | 13.225.93.110 | 443 | TCP | 2230003 | SURICATA TLS invalid handshake message | Generic Protocol Command Decode |
| 2021-04-21 21:35:34.447725+0800 | 192.168.122.202 | 49190 | 13.225.93.110 | 443 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
TLS
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
|---|---|---|---|---|---|---|---|---|
| 2021-04-21 21:34:11.747691+0800 | 192.168.122.202 | 49175 | 180.163.150.161 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | c2:b5:f0:1b:46:55:3f:d3:65:b2:1d:5c:cc:56:a7:41:ac:9c:7a:22 |
| 2021-04-21 21:34:11.680334+0800 | 192.168.122.202 | 49176 | 180.163.150.161 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | c2:b5:f0:1b:46:55:3f:d3:65:b2:1d:5c:cc:56:a7:41:ac:9c:7a:22 |
| 2021-04-21 21:34:12.211112+0800 | 192.168.122.202 | 49180 | 23.111.8.154 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=oss.maxcdn.com | 51:d0:8e:e3:72:a2:41:d0:26:bd:81:5d:fe:22:cb:a6:5d:67:c9:24 |
| 2021-04-21 21:34:13.007385+0800 | 192.168.122.202 | 49178 | 104.18.11.207 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | f3:04:15:0c:b6:79:38:f0:3b:e8:9a:4c:2c:e0:e3:7c:79:ac:e1:57 |
| 2021-04-21 21:34:13.306818+0800 | 192.168.122.202 | 49181 | 3.20.244.3 | 443 | TLS 1.2 | C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA | CN=pcoptimizerpro.com | 7f:01:b3:76:08:57:c2:6f:ab:17:7a:4b:e9:d0:d9:41:09:da:5a:93 |
| 2021-04-21 21:34:13.300683+0800 | 192.168.122.202 | 49182 | 3.20.244.3 | 443 | TLS 1.2 | C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA | CN=pcoptimizerpro.com | 7f:01:b3:76:08:57:c2:6f:ab:17:7a:4b:e9:d0:d9:41:09:da:5a:93 |
| 2021-04-21 21:34:16.884533+0800 | 192.168.122.202 | 49179 | 23.111.8.154 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=oss.maxcdn.com | 51:d0:8e:e3:72:a2:41:d0:26:bd:81:5d:fe:22:cb:a6:5d:67:c9:24 |
| 2021-04-21 21:34:20.747322+0800 | 192.168.122.202 | 49186 | 3.20.244.3 | 443 | TLS 1.2 | C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA | CN=pcoptimizerpro.com | 7f:01:b3:76:08:57:c2:6f:ab:17:7a:4b:e9:d0:d9:41:09:da:5a:93 |
| 2021-04-21 21:35:34.446503+0800 | 192.168.122.202 | 49190 | 13.225.93.110 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.hotjar.com | 73:0c:7e:eb:b1:69:2a:b8:8b:aa:51:b6:9e:b3:e7:c1:34:b5:9d:ce |
| 2021-04-21 21:34:34.111789+0800 | 192.168.122.202 | 49189 | 104.21.234.150 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | ae:2d:54:0d:d4:0d:e1:8f:4b:8b:ee:4b:ab:35:dd:39:43:6b:50:6d |
| 2021-04-21 21:34:42.232556+0800 | 192.168.122.202 | 49192 | 3.20.244.3 | 443 | TLS 1.2 | C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA | CN=pcoptimizerpro.com | 7f:01:b3:76:08:57:c2:6f:ab:17:7a:4b:e9:d0:d9:41:09:da:5a:93 |
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 52.074 seconds )
- 24.711 BehaviorAnalysis
- 11.114 NetworkAnalysis
- 10.496 Suricata
- 4.768 VirusTotal
- 0.401 Static
- 0.298 peid
- 0.264 TargetInfo
- 0.01 AnalysisInfo
- 0.01 Strings
- 0.002 Memory
Signatures ( 78.19 seconds )
- 63.051 network_http
- 2.138 md_url_bl
- 1.663 api_spamming
- 1.359 injection_createremotethread
- 1.285 stealth_timeout
- 1.105 stealth_decoy_document
- 0.774 vawtrak_behavior
- 0.751 injection_runpe
- 0.687 mimics_filetime
- 0.663 process_interest
- 0.632 reads_self
- 0.592 virus
- 0.588 process_needed
- 0.559 stealth_file
- 0.536 antivm_generic_disk
- 0.502 hancitor_behavior
- 0.481 bootkit
- 0.316 injection_explorer
- 0.167 antiav_detectreg
- 0.042 infostealer_ftp
- 0.032 md_domain_bl
- 0.029 antivm_generic_scsi
- 0.025 antianalysis_detectreg
- 0.024 infostealer_im
- 0.018 antivm_generic_services
- 0.016 anormaly_invoke_kills
- 0.014 infostealer_mail
- 0.008 geodo_banking_trojan
- 0.007 antiav_detectfile
- 0.006 kibex_behavior
- 0.006 antivm_parallels_keys
- 0.006 antivm_xen_keys
- 0.006 darkcomet_regkeys
- 0.005 betabot_behavior
- 0.005 anomaly_persistence_autorun
- 0.005 infostealer_bitcoin
- 0.004 antivm_generic_diskreg
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.004 recon_fingerprint
- 0.003 maldun_anomaly_massive_file_ops
- 0.003 antisandbox_productid
- 0.003 antivm_vbox_files
- 0.003 network_torgateway
- 0.002 tinba_behavior
- 0.002 antiemu_wine_func
- 0.002 rat_nanocore
- 0.002 infostealer_browser
- 0.002 antisandbox_sleep
- 0.002 infostealer_browser_password
- 0.002 antidbg_windows
- 0.002 kovter_behavior
- 0.002 bypass_firewall
- 0.002 antivm_xen_keys
- 0.002 antivm_hyperv_keys
- 0.002 antivm_vbox_acpi
- 0.002 antivm_vbox_keys
- 0.002 antivm_vmware_keys
- 0.002 antivm_vpc_keys
- 0.002 disables_browser_warn
- 0.002 maldun_anomaly_invoke_vb_vba
- 0.002 network_cnc_http
- 0.002 packer_armadillo_regkey
- 0.001 network_tor
- 0.001 antivm_vbox_libs
- 0.001 maldun_malicious_write_executeable_under_temp_to_regrun
- 0.001 dridex_behavior
- 0.001 rat_luminosity
- 0.001 maldun_anomaly_write_exe_and_obsfucate_extension
- 0.001 shifu_behavior
- 0.001 maldun_anomaly_write_exe_and_dll_under_winroot_run
- 0.001 exec_crash
- 0.001 cerber_behavior
- 0.001 antidbg_devices
- 0.001 antivm_generic_bios
- 0.001 antivm_generic_cpu
- 0.001 antivm_generic_system
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 md_bad_drop
- 0.001 recon_programs
Reporting ( 0.537 seconds )
- 0.527 ReportHTMLSummary
- 0.01 Malheur
| Task ID | 631860 |
|---|---|
| Mongo ID | 60802af57e769a0f6f495140 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号