比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64 2016-05-28 15:04:59 2016-05-28 15:07:32 153 秒

魔盾分数

2.8

可疑的

文件详细信息

文件名 msvcr71.dll
文件大小 348160 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 ca2f560921b7b8be1cf555a5a18d54c3
SHA1 432dbcf54b6f1142058b413a9d52668a2bde011d
SHA256 c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb
SHA512 23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e
CRC32 F83AD7CD
Ssdeep 6144:cPlV59g81QWguohIP/siMbo8Crn2zzwRFMciFMNrb3YgxS3bCAO5kkG:OlVvN1QWguohInJDrn8zwNF7eCr
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
23.7.139.27 未知 美国
125.56.218.24 未知 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.msftncsi.com 未知 A 125.56.218.24
CNAME www.msftncsi.com.edgesuite.net
A 125.56.201.97
CNAME a1961.g2.akamai.net

摘要

登录查看详细行为信息

PE 信息

初始地址 0x7c360000
入口地址 0x7c36191a
声明校验值 0x0005bf56
实际校验值 0x0005bf56
最低操作系统版本要求 4.0
PDB路径 msvcr71.pdb
编译时间 2006-07-12 09:35:36
导出DLL库名称 MSVCR71.dll

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00038ff8 0x00039000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.78
.rdata 0x0003a000 0x00010060 0x00011000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.01
.data 0x0004b000 0x00006810 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.48
.rsrc 0x00052000 0x000003b8 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1.02
.reloc 0x00053000 0x00002b68 0x00003000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.45

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_VERSION 0x00052060 0x00000358 LANG_ENGLISH SUBLANG_ENGLISH_US 3.51 data

导入

库: KERNEL32.dll:
0x7c39a000 GetModuleFileNameA
0x7c39a004 GetModuleFileNameW
0x7c39a008 ExitProcess
0x7c39a00c GetProcAddress
0x7c39a010 GetModuleHandleA
0x7c39a014 TerminateProcess
0x7c39a018 GetCurrentProcess
0x7c39a01c WriteFile
0x7c39a020 GetStdHandle
0x7c39a024 GetCurrentThreadId
0x7c39a028 GetCommandLineA
0x7c39a02c GetVersionExA
0x7c39a030 DeleteCriticalSection
0x7c39a034 LeaveCriticalSection
0x7c39a038 EnterCriticalSection
0x7c39a03c ExitThread
0x7c39a040 CloseHandle
0x7c39a044 GetLastError
0x7c39a048 ResumeThread
0x7c39a04c CreateThread
0x7c39a050 TlsAlloc
0x7c39a054 SetLastError
0x7c39a058 GetCurrentThread
0x7c39a05c TlsFree
0x7c39a060 TlsSetValue
0x7c39a064 TlsGetValue
0x7c39a068 FindNextFileA
0x7c39a06c FindFirstFileA
0x7c39a070 FindClose
0x7c39a074 FindNextFileW
0x7c39a078 FindFirstFileW
0x7c39a07c HeapAlloc
0x7c39a080 HeapFree
0x7c39a088 HeapDestroy
0x7c39a08c HeapCreate
0x7c39a090 VirtualFree
0x7c39a094 VirtualAlloc
0x7c39a098 HeapReAlloc
0x7c39a09c IsBadWritePtr
0x7c39a0a0 SetHandleCount
0x7c39a0a4 GetFileType
0x7c39a0a8 GetStartupInfoA
0x7c39a0ac GetACP
0x7c39a0b0 GetOEMCP
0x7c39a0b4 GetCPInfo
0x7c39a0b8 LoadLibraryA
0x7c39a0bc MultiByteToWideChar
0x7c39a0c0 GetCommandLineW
0x7c39a0c8 GetEnvironmentStrings
0x7c39a0d0 WideCharToMultiByte
0x7c39a0d4 GetEnvironmentStringsW
0x7c39a0dc RtlUnwind
0x7c39a0e4 LCMapStringA
0x7c39a0e8 LCMapStringW
0x7c39a0ec GetStringTypeA
0x7c39a0f0 GetStringTypeW
0x7c39a0f4 SetConsoleCtrlHandler
0x7c39a0f8 InterlockedExchange
0x7c39a0fc VirtualQuery
0x7c39a104 GetTickCount
0x7c39a108 GetCurrentProcessId
0x7c39a118 GetUserDefaultLCID
0x7c39a11c GetLocaleInfoA
0x7c39a120 EnumSystemLocalesA
0x7c39a124 IsValidLocale
0x7c39a128 IsValidCodePage
0x7c39a12c GetLocaleInfoW
0x7c39a130 GetTimeFormatA
0x7c39a134 GetDateFormatA
0x7c39a138 GetTimeZoneInformation
0x7c39a13c HeapSize
0x7c39a140 VirtualProtect
0x7c39a144 GetSystemInfo
0x7c39a148 FlushFileBuffers
0x7c39a14c SetFilePointer
0x7c39a150 SetStdHandle
0x7c39a154 CompareStringA
0x7c39a158 CompareStringW
0x7c39a15c Sleep
0x7c39a160 Beep
0x7c39a164 FileTimeToSystemTime
0x7c39a16c GetDiskFreeSpaceA
0x7c39a170 GetLogicalDrives
0x7c39a174 SetErrorMode
0x7c39a178 GetFileAttributesA
0x7c39a17c GetCurrentDirectoryA
0x7c39a180 SetCurrentDirectoryA
0x7c39a184 SetFileAttributesA
0x7c39a188 GetFullPathNameA
0x7c39a18c GetDriveTypeA
0x7c39a190 CreateDirectoryA
0x7c39a194 RemoveDirectoryA
0x7c39a198 DeleteFileA
0x7c39a19c GetFileAttributesW
0x7c39a1a0 GetCurrentDirectoryW
0x7c39a1a4 SetCurrentDirectoryW
0x7c39a1a8 SetFileAttributesW
0x7c39a1ac GetFullPathNameW
0x7c39a1b0 CreateDirectoryW
0x7c39a1b4 DeleteFileW
0x7c39a1b8 MoveFileW
0x7c39a1bc RemoveDirectoryW
0x7c39a1c0 GetDriveTypeW
0x7c39a1c4 MoveFileA
0x7c39a1c8 RaiseException
0x7c39a1cc IsBadReadPtr
0x7c39a1d4 IsBadCodePtr
0x7c39a1d8 GetExitCodeProcess
0x7c39a1dc WaitForSingleObject
0x7c39a1e0 FreeLibrary
0x7c39a1e4 CreateProcessA
0x7c39a1e8 CreateProcessW
0x7c39a1ec HeapValidate
0x7c39a1f0 HeapCompact
0x7c39a1f4 HeapWalk
0x7c39a1f8 ReadConsoleA
0x7c39a1fc SetConsoleMode
0x7c39a200 GetConsoleMode
0x7c39a204 IsDBCSLeadByteEx
0x7c39a208 GetConsoleCP
0x7c39a20c ReadConsoleW
0x7c39a210 SetEndOfFile
0x7c39a214 WriteConsoleA
0x7c39a218 GetConsoleOutputCP
0x7c39a21c WriteConsoleW
0x7c39a220 DuplicateHandle
0x7c39a228 PeekNamedPipe
0x7c39a22c ReadConsoleInputA
0x7c39a230 PeekConsoleInputA
0x7c39a238 ReadConsoleInputW
0x7c39a23c LockFile
0x7c39a240 UnlockFile
0x7c39a244 CreateFileA
0x7c39a248 CreatePipe
0x7c39a24c ReadFile
0x7c39a250 CreateFileW
0x7c39a254 SetFileTime
0x7c39a25c SystemTimeToFileTime
0x7c39a260 GetLocalTime
0x7c39a264 SetLocalTime

导出

序列 地址 名称
52 0x7c39220f $I10_OUTPUT
1 0x7c379835 ??0__non_rtti_object@@QAE@ABV0@@Z
2 0x7c37981d ??0__non_rtti_object@@QAE@PBD@Z
3 0x7c3797c9 ??0bad_cast@@AAE@PBQBD@Z
4 0x7c3797c9 ??0bad_cast@@QAE@ABQBD@Z
5 0x7c3797a9 ??0bad_cast@@QAE@ABV0@@Z
6 0x7c379790 ??0bad_cast@@QAE@PBD@Z
7 0x7c3797fa ??0bad_typeid@@QAE@ABV0@@Z
8 0x7c3797e1 ??0bad_typeid@@QAE@PBD@Z
9 0x7c3796d3 ??0exception@@QAE@ABQBD@Z
10 0x7c37971b ??0exception@@QAE@ABV0@@Z
11 0x7c3796c2 ??0exception@@QAE@XZ
12 0x7c379812 ??1__non_rtti_object@@UAE@XZ
13 0x7c3797c1 ??1bad_cast@@UAE@XZ
14 0x7c379812 ??1bad_typeid@@UAE@XZ
15 0x7c37976d ??1exception@@UAE@XZ
16 0x7c379975 ??1type_info@@UAE@XZ
17 0x7c381620 ??2@YAPAXI@Z
18 0x7c38162e ??3@YAXPAX@Z
19 0x7c379963 ??4__non_rtti_object@@QAEAAV0@ABV0@@Z
20 0x7c379963 ??4bad_cast@@QAEAAV0@ABV0@@Z
21 0x7c379963 ??4bad_typeid@@QAEAAV0@ABV0@@Z
22 0x7c379944 ??4exception@@QAEAAV0@ABV0@@Z
23 0x7c3799bb ??8type_info@@QBEHABV0@@Z
24 0x7c3799d6 ??9type_info@@QBEHABV0@@Z
25 0x7c39f130 ??_7__non_rtti_object@@6B@
26 0x7c39a9d8 ??_7bad_cast@@6B@
27 0x7c39a9f8 ??_7bad_typeid@@6B@
28 0x7c39a9b8 ??_7exception@@6B@
29 0x7c379898 ??_Fbad_cast@@QAEXXZ
30 0x7c3798ee ??_Fbad_typeid@@QAEXXZ
31 0x7c381633 ??_U@YAPAXI@Z
32 0x7c381635 ??_V@YAXPAX@Z
34 0x7c36a882 ?_query_new_handler@@YAP6AHI@ZXZ
35 0x7c36a8e6 ?_query_new_mode@@YAHXZ
36 0x7c36a85e ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
37 0x7c36a8c9 ?_set_new_mode@@YAHH@Z
38 0x7c37a655 ?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
39 0x7c3799f2 ?before@type_info@@QBEHABV1@@Z
40 0x7c37a66e ?name@type_info@@QBEPBDXZ
41 0x7c379a11 ?raw_name@type_info@@QBEPBDXZ
42 0x7c36a8a3 ?set_new_handler@@YAP6AXXZP6AXXZ@Z
43 0x7c37a623 ?set_terminate@@YAP6AXXZP6AXXZ@Z
44 0x7c37a63c ?set_unexpected@@YAP6AXXZP6AXXZ@Z
45 0x7c387bde ?swprintf@@YAHPAGIPBGZZ
46 0x7c362ae6 ?swprintf@@YAHPA_WIPB_WZZ
47 0x7c37a710 ?terminate@@YAXXZ
48 0x7c37a749 ?unexpected@@YAXXZ
49 0x7c3633df ?vswprintf@@YAHPAGIPBGPAD@Z
50 0x7c3633df ?vswprintf@@YAHPA_WIPB_WPAD@Z
51 0x7c379783 ?what@exception@@UBEPBDXZ
53 0x7c364c45 _CIacos
54 0x7c364d10 _CIasin
55 0x7c364e1a _CIatan
56 0x7c364ef8 _CIatan2
57 0x7c364f02 _CIcos
58 0x7c364fd8 _CIcosh
59 0x7c365027 _CIexp
60 0x7c365080 _CIfmod
61 0x7c3650e7 _CIlog
62 0x7c365235 _CIlog10
63 0x7c365383 _CIpow
64 0x7c3655cc _CIsin
65 0x7c364fce _CIsinh
66 0x7c36567a _CIsqrt
67 0x7c365734 _CItan
68 0x7c364fe2 _CItanh
69 0x7c396be2 _CRT_RTC_INIT
70 0x7c37a788 _CxxThrowException
71 0x7c36476f _EH_prolog
72 0x7c372299 _Getdays
73 0x7c372318 _Getmonths
74 0x7c3723ad _Gettnames
75 0x7c3aca0c _HUGE
76 0x7c372e2c _Strftime
77 0x7c36e12a _XcptFilter
78 0x7c36e28e __CppXcptFilter
79 0x7c379d8f __CxxCallUnwindDtor
80 0x7c379dbd __CxxCallUnwindVecDtor
81 0x7c379cb5 __CxxDetectRethrow
82 0x7c37a134 __CxxExceptionFilter
83 0x7c37a846 __CxxFrameHandler
84 0x7c37a87c __CxxLongjmpUnwind
85 0x7c379d8b __CxxQueryExceptionSize
86 0x7c379c12 __CxxRegisterExceptionObject
87 0x7c379ced __CxxUnregisterExceptionObject
88 0x7c379b9b __DestructExceptionObject
89 0x7c37acd4 __RTCastToVoid
90 0x7c37af5e __RTDynamicCast
91 0x7c37abaf __RTtypeid
92 0x7c3928ea __STRINGTOLD
93 0x7c37047c ___lc_codepage_func
94 0x7c370495 ___lc_collate_cp_func
95 0x7c3704ae ___lc_handle_func
96 0x7c370476 ___mb_cur_max_func
97 0x7c36e2a9 ___setlc_active_func
98 0x7c36e2af ___unguarded_readlc_active_add_func
99 0x7c3aca28 __argc
100 0x7c3aca2c __argv
101 0x7c3ab5fc __badioinfo
102 0x7c36f44b __buffer_overrun
103 0x7c362bc0 __crtCompareStringA
104 0x7c3749fa __crtCompareStringW
105 0x7c371120 __crtGetLocaleInfoW
106 0x7c374ea5 __crtGetStringTypeW
107 0x7c36141a __crtLCMapStringA
108 0x7c374c4c __crtLCMapStringW
109 0x7c3628ae __dllonexit
110 0x7c36be03 __doserrno
111 0x7c36edac __fpecode
112 0x7c36249d __getmainargs
113 0x7c3aca38 __initenv
114 0x7c36b038 __iob_func
115 0x7c373a39 __isascii
116 0x7c373a68 __iscsym
117 0x7c373a4e __iscsymf
118 0x7c3ab630 __lc_clike
119 0x7c3aca70 __lc_codepage
120 0x7c3aca74 __lc_collate_cp
121 0x7c3aca58 __lc_handle
122 0x7c3866c0 __lconv_init
123 0x7c3ab624 __mb_cur_max
124 0x7c36affc __p___argc
125 0x7c36b002 __p___argv
126 0x7c36b02c __p___initenv
127 0x7c36b04a __p___mb_cur_max
128 0x7c36b008 __p___wargv
129 0x7c36b032 __p___winitenv
130 0x7c36afea __p__acmdln
131 0x7c36aff6 __p__amblksiz
132 0x7c361230 __p__commode
133 0x7c36b00e __p__daylight
134 0x7c36b014 __p__dstbias
135 0x7c36b01a __p__environ
136 0x7c36b026 __p__fileinfo
137 0x7c36122a __p__fmode
138 0x7c36b038 __p__iob
139 0x7c36b044 __p__mbcasemap
140 0x7c36b03e __p__mbctype
141 0x7c36b050 __p__osver
142 0x7c36b056 __p__pctype
143 0x7c36b062 __p__pgmptr
144 0x7c36b05c __p__pwctype
145 0x7c36b06e __p__timezone
146 0x7c36b074 __p__tzname
147 0x7c36aff0 __p__wcmdln
148 0x7c36b020 __p__wenviron
149 0x7c36b07a __p__winmajor
150 0x7c36b080 __p__winminor
151 0x7c36b086 __p__winver
152 0x7c36b068 __p__wpgmptr
153 0x7c36e114 __pctype_func
154 0x7c3acaa0 __pioinfo
155 0x7c36e10e __pwctype_func
156 0x7c36edb5 __pxcptinfoptrs
157 0x7c36f301 __security_error_handler
158 0x7c36120d __set_app_type
159 0x7c36f457 __set_buffer_overrun_handler
160 0x7c3acdc0 __setlc_active
161 0x7c36a914 __setusermatherr
162 0x7c36b5d7 __threadhandle
163 0x7c36b5d1 __threadid
164 0x7c373a46 __toascii
165 0x7c37f5b0 __unDName
166 0x7c37f650 __unDNameEx
33 0x7c379bff __uncaught_exception
167 0x7c3acdc4 __unguarded_readlc_active
168 0x7c3aca30 __wargv
169 0x7c3866ed __wcserror
170 0x7c36af5d __wgetmainargs
171 0x7c3aca40 __winitenv
172 0x7c362b5d _abnormal_termination
173 0x7c3777ff _access
174 0x7c3aca50 _acmdln
175 0x7c365e5a _adj_fdiv_m16i
176 0x7c365dc2 _adj_fdiv_m32
177 0x7c365e8e _adj_fdiv_m32i
178 0x7c365e0e _adj_fdiv_m64
179 0x7c3658fd _adj_fdiv_r
180 0x7c365f5a _adj_fdivr_m16i
181 0x7c365ec2 _adj_fdivr_m32
182 0x7c365f8e _adj_fdivr_m32i
183 0x7c365f0e _adj_fdivr_m64
184 0x7c36656b _adj_fpatan
185 0x7c3661f2 _adj_fprem
186 0x7c3664aa _adj_fprem1
187 0x7c36656e _adj_fptan
188 0x7c3aca7c _adjust_fdiv
189 0x7c3ab4d4 _aexit_rtn
190 0x7c3816cb _aligned_free
191 0x7c3816e0 _aligned_malloc
192 0x7c38163a _aligned_offset_malloc
193 0x7c3816f3 _aligned_offset_realloc
194 0x7c38185a _aligned_realloc
195 0x7c36afb7 _amsg_exit
196 0x7c36db77 _assert
197 0x7c392ce0 _atodbl
198 0x7c3736fb _atoi64
199 0x7c392d25 _atoldbl
200 0x7c376b13 _beep
201 0x7c36b250 _beginthread
202 0x7c36b3a6 _beginthreadex
203 0x7c36ad94 _c_exit
204 0x7c393aad _cabs
205 0x7c36a888 _callnewh
206 0x7c36ad85 _cexit
207 0x7c381c61 _cgets
208 0x7c381d5a _cgetws
209 0x7c377845 _chdir
210 0x7c377a76 _chdrive
211 0x7c393aeb _chgsign
212 0x7c3866a8 _chkesp
213 0x7c377b04 _chmod
214 0x7c382162 _chsize
215 0x7c373593 _clearfp
216 0x7c3742a0 _close
217 0x7c374137 _commit
218 0x7c3aca78 _commode
219 0x7c3623bf _control87
220 0x7c3623f1 _controlfp
221 0x7c393aca _copysign
222 0x7c3883bb _cprintf
223 0x7c3821f9 _cputs
224 0x7c382312 _cputws
225 0x7c3823ba _creat
226 0x7c389099 _cscanf
227 0x7c3907fd _ctime64
228 0x7c37fe0c _cwait
229 0x7c3898c9 _cwprintf
230 0x7c38a671 _cwscanf
231 0x7c3ac8c4 _daylight
232 0x7c3ac8c8 _dstbias
233 0x7c3824bc _dup
234 0x7c3826b0 _dup2
235 0x7c3754fd _ecvt
236 0x7c36b181 _endthread
237 0x7c36b2e1 _endthreadex
238 0x7c3aca34 _environ
239 0x7c382779 _eof
240 0x7c36bdfa _errno
241 0x7c364817 _except_handler2
242 0x7c3638e2 _except_handler3
243 0x7c37fe9b _execl
244 0x7c37feaf _execle
245 0x7c37fed0 _execlp
246 0x7c37fee1 _execlpe
247 0x7c37ff02 _execv
248 0x7c37ff67 _execve
249 0x7c3800a7 _execvp
250 0x7c3800ba _execvpe
251 0x7c36ad74 _exit
252 0x7c381871 _expand
253 0x7c371572 _fcloseall
254 0x7c3754b2 _fcvt
255 0x7c38a682 _fdopen
256 0x7c38a781 _fgetchar
257 0x7c38a78f _fgetwchar
258 0x7c38a79d _filbuf
259 0x7c3ab5f8 _fileinfo
260 0x7c382879 _filelength
261 0x7c38294d _filelengthi64
262 0x7c38a87e _fileno
263 0x7c376b22 _findclose
264 0x7c376ba6 _findfirst
265 0x7c376dcb _findfirst64
266 0x7c376fd6 _findfirsti64
267 0x7c376c88 _findnext
268 0x7c376ed3 _findnext64
269 0x7c3770d2 _findnexti64
270 0x7c393eb5 _finite
271 0x7c362598 _flsbuf
272 0x7c363736 _flushall
273 0x7c3aca54 _fmode
274 0x7c393ef8 _fpclass
275 0x7c39448a _fpieee_flt
276 0x7c37351f _fpreset
277 0x7c38a886 _fputchar
278 0x7c38a899 _fputwchar
279 0x7c38a8ac _fsopen
280 0x7c382a41 _fstat
281 0x7c382cfd _fstat64
282 0x7c382ffd _fstati64
283 0x7c390816 _ftime
284 0x7c390911 _ftime64
285 0x7c366571 _ftol
286 0x7c377b45 _fullpath
287 0x7c390a22 _futime
288 0x7c390b9f _futime64
289 0x7c375552 _gcvt
290 0x7c36bf55 _get_heap_handle
291 0x7c374696 _get_osfhandle
292 0x7c36bf5b _get_sbh_threshold
293 0x7c383607 _getch
294 0x7c383642 _getche
295 0x7c377d2d _getcwd
296 0x7c377d73 _getdcwd
297 0x7c3771c9 _getdiskfree
298 0x7c380225 _getdllprocaddr
299 0x7c37798d _getdrive
300 0x7c37721b _getdrives
301 0x7c38aa16 _getmaxstdio
302 0x7c36d803 _getmbcp
303 0x7c377dba _getpid
304 0x7c390d22 _getsystime
305 0x7c38aa1c _getw
306 0x7c383887 _getwch
307 0x7c3838c3 _getwche
308 0x7c38aa99 _getws
309 0x7c3639e3 _global_unwind2
310 0x7c390de6 _gmtime64
311 0x7c3819b6 _heapadd
312 0x7c3819c5 _heapchk
313 0x7c381a92 _heapmin
314 0x7c381a8d _heapset
315 0x7c381b39 _heapused
316 0x7c381b47 _heapwalk
317 0x7c393a90 _hypot
318 0x7c362f07 _i64toa
319 0x7c362e5d _i64tow
320 0x7c36348d _initterm
321 0x7c3647da _inp
322 0x7c3647eb _inpd
323 0x7c3647e3 _inpw
324 0x7c3ab638 _iob
325 0x7c3741f3 _isatty
326 0x7c373d1d _isctype
327 0x7c384a29 _ismbbalnum
328 0x7c384a3d _ismbbalpha
329 0x7c384a51 _ismbbgraph
330 0x7c3849f6 _ismbbkalnum
331 0x7c384aac _ismbbkana
332 0x7c384a07 _ismbbkprint
333 0x7c384a18 _ismbbkpunct
334 0x7c384a8a _ismbblead
335 0x7c384a65 _ismbbprint
336 0x7c384a79 _ismbbpunct
337 0x7c384a9b _ismbbtrail
338 0x7c384ad3 _ismbcalnum
339 0x7c384b68 _ismbcalpha
340 0x7c384bfd _ismbcdigit
341 0x7c384c81 _ismbcgraph
342 0x7c384d16 _ismbchira
343 0x7c384d3d _ismbckata
344 0x7c384d95 _ismbcl0
345 0x7c384ddf _ismbcl1
346 0x7c384e31 _ismbcl2
347 0x7c384e83 _ismbclegal
348 0x7c384ebc _ismbclower
349 0x7c384f46 _ismbcprint
350 0x7c384fdb _ismbcpunct
351 0x7c38506c _ismbcspace
352 0x7c384d69 _ismbcsymbol
353 0x7c3850f0 _ismbcupper
354 0x7c3851b7 _ismbslead
355 0x7c3851de _ismbstrail
356 0x7c393eca _isnan
357 0x7c3735e8 _itoa
358 0x7c3755ff _itow
359 0x7c394aea _j0
360 0x7c394bdd _j1
361 0x7c394cf0 _jn
362 0x7c38367d _kbhit
363 0x7c3867a1 _lfind
364 0x7c380254 _loaddll
365 0x7c363a25 _local_unwind2
366 0x7c39100b _localtime64
367 0x7c3630f0 _lock
368 0x7c3839fc _locking
369 0x7c393b27 _logb
370 0x7c3648c5 _longjmpex
371 0x7c3867d3 _lrotl
372 0x7c3867f0 _lrotr
373 0x7c38680d _lsearch
374 0x7c3743af _lseek
375 0x7c3744dd _lseeki64
376 0x7c373612 _ltoa
377 0x7c375640 _ltow
378 0x7c38684c _makepath
379 0x7c385229 _mbbtombc
380 0x7c385358 _mbbtype
381 0x7c3accc0 _mbcasemap
382 0x7c38537f _mbccpy
383 0x7c3853a2 _mbcjistojms
384 0x7c385404 _mbcjmstojis
385 0x7c3854ae _mbclen
386 0x7c3854cc _mbctohira
387 0x7c3854fe _mbctokata
388 0x7c385521 _mbctolower
389 0x7c38528e _mbctombb
390 0x7c3855a6 _mbctoupper
391 0x7c3acba0 _mbctype
392 0x7c38566a _mbsbtype
393 0x7c363ac7 _mbscat
394 0x7c3753da _mbschr
395 0x7c36d9f1 _mbscmp
396 0x7c385691 _mbscoll
397 0x7c361356 _mbscpy
398 0x7c385747 _mbscspn
399 0x7c36da85 _mbsdec
400 0x7c372007 _mbsdup
401 0x7c36d813 _mbsicmp
402 0x7c38576e _mbsicoll
403 0x7c3857ad _mbsinc
404 0x7c3857c9 _mbslen
405 0x7c38580d _mbslwr
406 0x7c385892 _mbsnbcat
407 0x7c385962 _mbsnbcmp
408 0x7c385a6f _mbsnbcnt
409 0x7c385a96 _mbsnbcoll
410 0x7c36d95e _mbsnbcpy
411 0x7c385ae4 _mbsnbicmp
412 0x7c362d68 _mbsnbicoll
413 0x7c385c53 _mbsnbset
414 0x7c385ccf _mbsncat
415 0x7c385d8b _mbsnccnt
416 0x7c385dd9 _mbsncmp
417 0x7c385e7e _mbsncoll
418 0x7c385ee8 _mbsncpy
419 0x7c385f70 _mbsnextc
420 0x7c385f99 _mbsnicmp
421 0x7c3860df _mbsnicoll
422 0x7c386149 _mbsninc
423 0x7c386167 _mbsnset
424 0x7c36db50 _mbspbrk
425 0x7c386249 _mbsrchr
426 0x7c3862b4 _mbsrev
427 0x7c386323 _mbsset
428 0x7c3863f3 _mbsspn
429 0x7c38649f _mbsspnp
430 0x7c3864c6 _mbsstr
431 0x7c386578 _mbstok
432 0x7c375706 _mbstrlen
433 0x7c386623 _mbsupr
434 0x7c3649f5 _memccpy
435 0x7c38fa80 _memicmp
436 0x7c377dc0 _mkdir
437 0x7c383aa7 _mktemp
438 0x7c391469 _mktime64
439 0x7c362903 _msize
440 0x7c393c12 _nextafter
441 0x7c361e50 _onexit
442 0x7c383e52 _open
443 0x7c374915 _open_osfhandle
444 0x7c3aca14 _osplatform
445 0x7c3aca18 _osver
446 0x7c3647f2 _outp
447 0x7c36480c _outpd
448 0x7c3647ff _outpw
449 0x7c38af32 _pclose
450 0x7c3ab628 _pctype
451 0x7c3aca44 _pgmptr
452 0x7c383efc _pipe
453 0x7c38ab66 _popen
454 0x7c3868dc _purecall
455 0x7c38413a _putch
456 0x7c3869bf _putenv
457 0x7c38afc1 _putw
458 0x7c38237a _putwch
459 0x7c38b041 _putws
460 0x7c3ab62c _pwctype
461 0x7c384356 _read
462 0x7c373ded _resetstkoflw
463 0x7c377dec _rmdir
464 0x7c36362e _rmtmp
465 0x7c3867d3 _rotl
466 0x7c3867f0 _rotr
467 0x7c365fc2 _safe_fdiv
468 0x7c365fd7 _safe_fdivr
469 0x7c36655f _safe_fprem
470 0x7c366565 _safe_fprem1
471 0x7c393b11 _scalb
472 0x7c38b128 _scprintf
473 0x7c38b1c8 _scwprintf
474 0x7c3869fe _searchenv
475 0x7c3639c8 _seh_longjmp_unwind
476 0x7c3951f8 _set_SSE2_enable
477 0x7c36a8ec _set_error_mode
478 0x7c3868f0 _set_purecall_handler
479 0x7c36d1b3 _set_sbh_threshold
480 0x7c36f457 _set_security_error_handler
481 0x7c377221 _seterrormode
482 0x7c3648ca _setjmp
483 0x7c364902 _setjmp3
484 0x7c38a91b _setmaxstdio
485 0x7c361cf7 _setmbcp
486 0x7c38446d _setmode
487 0x7c390d7d _setsystime
488 0x7c376b02 _sleep
489 0x7c38b1f9 _snprintf
490 0x7c38b250 _snscanf
491 0x7c362ae6 _snwprintf
492 0x7c38b281 _snwscanf
493 0x7c383ea7 _sopen
494 0x7c380276 _spawnl
495 0x7c38028e _spawnle
496 0x7c3802b3 _spawnlp
497 0x7c3802c9 _spawnlpe
498 0x7c3802ee _spawnv
499 0x7c380358 _spawnve
500 0x7c3804a1 _spawnvp
501 0x7c3804b8 _spawnvpe
502 0x7c386b17 _splitpath
503 0x7c377ed3 _stat
504 0x7c3781fa _stat64
505 0x7c3784f8 _stati64
506 0x7c373583 _statusfp
507 0x7c3720d2 _strcmpi
508 0x7c391476 _strdate
509 0x7c372007 _strdup
510 0x7c386c5f _strerror
511 0x7c3720d2 _stricmp
512 0x7c38faff _stricoll
513 0x7c38fb55 _strlwr
514 0x7c38fc69 _strncoll
515 0x7c37221a _strnicmp
516 0x7c38fce2 _strnicoll
517 0x7c364a50 _strnset
518 0x7c364a7b _strrev
519 0x7c364ab0 _strset
520 0x7c3914e6 _strtime
521 0x7c3759d0 _strtoi64
522 0x7c3759e7 _strtoui64
523 0x7c38fd5b _strupr
524 0x7c3759fe _swab
525 0x7c3ac958 _sys_errlist
526 0x7c3aca08 _sys_nerr
527 0x7c384504 _tell
528 0x7c384515 _telli64
529 0x7c38b2fe _tempnam
530 0x7c39154d _time64
531 0x7c3ac8c0 _timezone
532 0x7c373bb4 _tolower
533 0x7c375a29 _toupper
534 0x7c3ac8d0 _tzname
535 0x7c3734ac _tzset
536 0x7c373653 _ui64toa
537 0x7c3756c2 _ui64tow
538 0x7c373639 _ultoa
539 0x7c375681 _ultow
540 0x7c386d03 _umask
541 0x7c3835c6 _ungetch
542 0x7c3838ff _ungetwch
543 0x7c3787f5 _unlink
544 0x7c38025f _unloaddll
545 0x7c363112 _unlock
546 0x7c390b68 _utime
547 0x7c390ceb _utime64
548 0x7c38b522 _vscprintf
549 0x7c38b5c0 _vscwprintf
550 0x7c38b5f0 _vsnprintf
551 0x7c3633df _vsnwprintf
552 0x7c3787f7 _waccess
553 0x7c3915a3 _wasctime
554 0x7c37883d _wchdir
555 0x7c378986 _wchmod
556 0x7c3aca4c _wcmdln
557 0x7c384528 _wcreat
558 0x7c372032 _wcsdup
559 0x7c386d19 _wcserror
560 0x7c362f2d _wcsicmp
561 0x7c38fe6f _wcsicoll
562 0x7c38ff0c _wcslwr
563 0x7c39002b _wcsncoll
564 0x7c3900a4 _wcsnicmp
565 0x7c37213b _wcsnicoll
566 0x7c390164 _wcsnset
567 0x7c39018d _wcsrev
568 0x7c3901bf _wcsset
569 0x7c375d6f _wcstoi64
570 0x7c375d86 _wcstoui64
571 0x7c3901d8 _wcsupr
572 0x7c39167f _wctime
573 0x7c391698 _wctime64
574 0x7c39a750 _wctype
575 0x7c3aca3c _wenviron
576 0x7c380621 _wexecl
577 0x7c380635 _wexecle
578 0x7c380656 _wexeclp
579 0x7c380667 _wexeclpe
580 0x7c380688 _wexecv
581 0x7c3806ed _wexecve
582 0x7c38082a _wexecvp
583 0x7c38083d _wexecvpe
584 0x7c38b646 _wfdopen
585 0x7c37722c _wfindfirst
586 0x7c3773eb _wfindfirst64
587 0x7c3775fe _wfindfirsti64
588 0x7c37730e _wfindnext
589 0x7c3774f7 _wfindnext64
590 0x7c377701 _wfindnexti64
591 0x7c38b7a8 _wfopen
592 0x7c38b7bb _wfreopen
593 0x7c38b74c _wfsopen
594 0x7c3789c7 _wfullpath
595 0x7c378b6f _wgetcwd
596 0x7c378bb5 _wgetdcwd
597 0x7c386de4 _wgetenv
598 0x7c3aca20 _winmajor
599 0x7c3aca24 _winminor
600 0x7c3aca1c _winver
601 0x7c386e23 _wmakepath
602 0x7c378bfc _wmkdir
603 0x7c38453e _wmktemp
604 0x7c3848db _wopen
605 0x7c386ed4 _wperror
606 0x7c3aca48 _wpgmptr
607 0x7c38b821 _wpopen
608 0x7c387093 _wputenv
609 0x7c378c28 _wremove
610 0x7c378c54 _wrename
611 0x7c37408c _write
612 0x7c378c82 _wrmdir
613 0x7c3870d2 _wsearchenv
614 0x7c3871f0 _wsetlocale
615 0x7c384930 _wsopen
616 0x7c38098e _wspawnl
617 0x7c3809a6 _wspawnle
618 0x7c3809cb _wspawnlp
619 0x7c3809e1 _wspawnlpe
620 0x7c380a06 _wspawnv
621 0x7c380a70 _wspawnve
622 0x7c380bb3 _wspawnvp
623 0x7c380bca _wspawnvpe
624 0x7c387321 _wsplitpath
625 0x7c378dfa _wstat
626 0x7c3790b9 _wstat64
627 0x7c3793bc _wstati64
628 0x7c3916b1 _wstrdate
629 0x7c39172e _wstrtime
630 0x7c380d0b _wsystem
631 0x7c38bc41 _wtempnam
632 0x7c38becf _wtmpnam
633 0x7c375d9d _wtof
634 0x7c375ed3 _wtoi
635 0x7c375ed5 _wtoi64
636 0x7c375e74 _wtol
637 0x7c378c52 _wunlink
638 0x7c3917a5 _wutime
639 0x7c3917dc _wutime64
640 0x7c394ea6 _y0
641 0x7c394fd2 _y1
642 0x7c39510e _yn
643 0x7c36ecd8 abort
644 0x7c387508 abs
645 0x7c364c59 acos
646 0x7c391813 asctime
647 0x7c364d24 asin
648 0x7c364ddb atan
649 0x7c364eee atan2
650 0x7c361e82 atexit
651 0x7c375f63 atof
652 0x7c3736f6 atoi
653 0x7c37366e atol
654 0x7c38747c bsearch
655 0x7c361844 calloc
656 0x7c366598 ceil
657 0x7c38bf8a clearerr
658 0x7c39191e clock
659 0x7c364f16 cos
660 0x7c364fba cosh
661 0x7c391961 ctime
662 0x7c39197a difftime
663 0x7c387513 div
664 0x7c363810 exit
665 0x7c364fec exp
666 0x7c39520c fabs
667 0x7c371f78 fclose
668 0x7c38bfef feof
669 0x7c38bffa ferror
670 0x7c3713ee fflush
671 0x7c38c005 fgetc
672 0x7c38c055 fgetpos
673 0x7c38c077 fgets
674 0x7c38c1f1 fgetwc
675 0x7c38c235 fgetws
676 0x7c3666b3 floor
677 0x7c365076 fmod
678 0x7c38a908 fopen
679 0x7c37143e fprintf
680 0x7c38c2b5 fputc
681 0x7c38c30d fputs
682 0x7c38c37e fputwc
683 0x7c38c3c8 fputws
684 0x7c38c51f fread
685 0x7c36355a free
686 0x7c38c56b freopen
687 0x7c3952bd frexp
688 0x7c38c5d1 fscanf
689 0x7c38c6aa fseek
690 0x7c38c6f3 fsetpos
691 0x7c38c86d ftell
692 0x7c38c8ae fwprintf
693 0x7c38ca13 fwrite
694 0x7c38ca5f fwscanf
695 0x7c38c005 getc
696 0x7c38a78d getchar
697 0x7c362fde getenv
698 0x7c38caa9 gets
699 0x7c38c233 getwc
700 0x7c38a79b getwchar
701 0x7c39198b gmtime
702 0x7c373deb is_wctype
703 0x7c373942 isalnum
704 0x7c3737a2 isalpha
705 0x7c3739ff iscntrl
706 0x7c373855 isdigit
707 0x7c3739c0 isgraph
708 0x7c375f9b isleadbyte
709 0x7c37381b islower
710 0x7c373981 isprint
711 0x7c373908 ispunct
712 0x7c3738ce isspace
713 0x7c3737e1 isupper
714 0x7c376018 iswalnum
715 0x7c375fb0 iswalpha
716 0x7c376059 iswascii
717 0x7c37604b iswcntrl
718 0x7c373d9a iswctype
719 0x7c375fdd iswdigit
720 0x7c37603a iswgraph
721 0x7c375fcf iswlower
722 0x7c376029 iswprint
723 0x7c37600a iswpunct
724 0x7c375ffc iswspace
725 0x7c375fc1 iswupper
726 0x7c375feb iswxdigit
727 0x7c37388f isxdigit
728 0x7c387508 labs
729 0x7c395369 ldexp
730 0x7c387513 ldiv
731 0x7c36f7e8 localeconv
732 0x7c391a92 localtime
733 0x7c3650a8 log
734 0x7c3651f6 log10
735 0x7c36497d longjmp
736 0x7c36281a malloc
737 0x7c376065 mblen
738 0x7c362e33 mbstowcs
739 0x7c362a39 mbtowc
740 0x7c364ad1 memchr
741 0x7c3645b4 memcmp
742 0x7c36423b memcpy
743 0x7c3634d0 memmove
744 0x7c361fed memset
745 0x7c391dd2 mktime
746 0x7c3667d2 modf
747 0x7c38752d perror
748 0x7c365344 pow
749 0x7c38cb33 printf
750 0x7c38c2b5 putc
751 0x7c38a897 putchar
752 0x7c38cb99 puts
753 0x7c38c3c6 putwc
754 0x7c38a8aa putwchar
755 0x7c38763e qsort
756 0x7c36ef5f raise
757 0x7c3878c8 rand
758 0x7c3625f4 realloc
759 0x7c3787cb remove
760 0x7c379694 rename
761 0x7c38cc3a rewind
762 0x7c38ccc3 scanf
763 0x7c38cd17 setbuf
764 0x7c36eb7e setlocale
765 0x7c37149c setvbuf
766 0x7c36edbe signal
767 0x7c3655e0 sin
768 0x7c364fb0 sinh
769 0x7c38b0d0 sprintf
770 0x7c36568e sqrt
771 0x7c3878bb srand
772 0x7c38cd3c sscanf
773 0x7c363ac7 strcat
774 0x7c363c86 strchr
775 0x7c364040 strcmp
776 0x7c3902f7 strcoll
777 0x7c361356 strcpy
778 0x7c364570 strcspn
779 0x7c3878ea strerror
780 0x7c372e5e strftime
781 0x7c36283d strlen
782 0x7c364106 strncat
783 0x7c362247 strncmp
784 0x7c363b38 strncpy
785 0x7c3640c7 strpbrk
786 0x7c364b7c strrchr
787 0x7c364ba9 strspn
788 0x7c363d44 strstr
789 0x7c3760ee strtod
790 0x7c390355 strtok
791 0x7c37633b strtol
792 0x7c376352 strtoul
793 0x7c390414 strxfrm
794 0x7c38b159 swprintf
795 0x7c38cd70 swscanf
796 0x7c380dad system
797 0x7c365748 tan
798 0x7c364fc4 tanh
799 0x7c391ddf time
800 0x7c38cf08 tmpfile
801 0x7c38ce4e tmpnam
802 0x7c373c84 tolower
803 0x7c375afa toupper
804 0x7c373b6a towlower
805 0x7c362b74 towupper
806 0x7c38d08e ungetc
807 0x7c38d1e9 ungetwc
808 0x7c38d22f vfprintf
809 0x7c38d28c vfwprintf
810 0x7c38d2e9 vprintf
811 0x7c38b4cb vsprintf
812 0x7c38b552 vswprintf
813 0x7c38d348 vwprintf
814 0x7c362679 wcscat
815 0x7c3721f8 wcschr
816 0x7c372060 wcscmp
817 0x7c3904c0 wcscoll
818 0x7c36265d wcscpy
819 0x7c390516 wcscspn
820 0x7c391e18 wcsftime
821 0x7c363127 wcslen
822 0x7c390559 wcsncat
823 0x7c390596 wcsncmp
824 0x7c362f9f wcsncpy
825 0x7c372092 wcspbrk
826 0x7c3905cb wcsrchr
827 0x7c3905fb wcsspn
828 0x7c390641 wcsstr
829 0x7c3763ca wcstod
830 0x7c39069f wcstok
831 0x7c376712 wcstol
832 0x7c3768ea wcstombs
833 0x7c376729 wcstoul
834 0x7c390744 wcsxfrm
835 0x7c373ae2 wctomb
836 0x7c38d3a7 wprintf
837 0x7c38d40d wscanf
.text
`.rdata
@.data
.rsrc
@.reloc
SVWUj
t*f%
t-f=:
t'f=/
C*PjTVj
C+PjUVj
C,PjVVj
C-PjWVj
C.PjRVj
C/PjSVj
YYt'j
YYt-j
YYt'j
YYt*j
taf=/
FFf=-
j FFj
GGf=-
c9|/d9|
QQSVWj
msvcr71.pdb
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
kernel32.dll
6|__MSVCRT_HEAP_SELECT
6|InitializeCriticalSectionAndSpinCount
6|AuthenticAMD
IsProcessorFeaturePresent
KERNEL32
`h````
:|Illegal byte sequence
Directory not empty
Function not implemented
No locks available
Filename too long
Resource deadlock avoided
Result too large
Domain error
Broken pipe
Too many links
Read-only file system
Invalid seek
No space left on device
File too large
Inappropriate I/O control operation
Too many open files
Too many open files in system
Invalid argument
Is a directory
Not a directory
No such device
Improper link
File exists
Resource device
Unknown error
Bad address
Permission denied
Not enough space
Resource temporarily unavailable
No child processes
Bad file descriptor
Exec format error
Arg list too long
No such device or address
Input/output error
Interrupted function call
No such process
No such file or directory
Operation not permitted
No error
MSVCR71.dll
$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@AAE@PBQBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_Fbad_cast@@QAEXXZ
??_Fbad_typeid@@QAEXXZ
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPAGIPBGPAD@Z
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CppXcptFilter
__CxxCallUnwindDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__buffer_overrun
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__security_error_handler
__set_app_type
__set_buffer_overrun_handler
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__uncaught_exception
__unguarded_readlc_active
__wargv
__wcserror
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_realloc
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_cgetws
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_cputws
_creat
_cscanf
_ctime64
_cwait
_cwprintf
_cwscanf
_daylight
_dstbias
_dup2
_ecvt
_endthread
_endthreadex
_environ
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_heap_handle
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwch
_getwche
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inpd
_inpw
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putwch
_putws
_pwctype
_read
_resetstkoflw
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_scprintf
_scwprintf
_searchenv
_seh_longjmp_unwind
_set_SSE2_enable
_set_error_mode
_set_purecall_handler
_set_sbh_threshold
_set_security_error_handler
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snscanf
_snwprintf
_snwscanf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stat64
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strtoi64
_strtoui64
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_time64
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_ungetwch
_unlink
_unloaddll
_unlock
_utime
_utime64
_vscprintf
_vscwprintf
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcserror
_wcsicmp
_wcsicoll
_wcslwr
_wcsncoll
_wcsnicmp
_wcsnicoll
_wcsnset
_wcsrev
_wcsset
_wcstoi64
_wcstoui64
_wcsupr
_wctime
_wctime64
_wctype
_wenviron
_wexecl
_wexecle
_wexeclp
_wexeclpe
_wexecv
_wexecve
_wexecvp
_wexecvpe
_wfdopen
_wfindfirst
_wfindfirst64
_wfindfirsti64
_wfindnext
_wfindnext64
_wfindnexti64
_wfopen
_wfreopen
_wfsopen
_wfullpath
_wgetcwd
_wgetdcwd
_wgetenv
_winmajor
_winminor
_winver
_wmakepath
_wmkdir
_wmktemp
_wopen
_wperror
_wpgmptr
_wpopen
_wputenv
_wremove
_wrename
_write
_wrmdir
_wsearchenv
_wsetlocale
_wsopen
_wspawnl
_wspawnle
_wspawnlp
_wspawnlpe
_wspawnv
_wspawnve
_wspawnvp
_wspawnvpe
_wsplitpath
_wstat
_wstat64
_wstati64
_wstrdate
_wstrtime
_wsystem
_wtempnam
_wtmpnam
_wtof
_wtoi
_wtoi64
_wtol
_wunlink
_wutime
_wutime64
abort
asctime
atan2
atexit
bsearch
calloc
clearerr
clock
ctime
difftime
fclose
ferror
fflush
fgetc
fgetpos
fgets
fgetwc
fgetws
floor
fopen
fprintf
fputc
fputs
fputwc
fputws
fread
freopen
frexp
fscanf
fseek
fsetpos
ftell
fwprintf
fwrite
fwscanf
getchar
getenv
getwc
getwchar
gmtime
is_wctype
isalnum
isalpha
iscntrl
isdigit
isgraph
isleadbyte
islower
isprint
ispunct
isspace
isupper
iswalnum
iswalpha
iswascii
iswcntrl
iswctype
iswdigit
iswgraph
iswlower
iswprint
iswpunct
iswspace
iswupper
iswxdigit
isxdigit
ldexp
localeconv
localtime
log10
longjmp
malloc
mblen
mbstowcs
mbtowc
memchr
memcmp
memcpy
memmove
memset
mktime
perror
printf
putchar
putwc
putwchar
qsort
raise
realloc
remove
rename
rewind
scanf
setbuf
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtod
strtok
strtol
strtoul
strxfrm
swprintf
swscanf
system
tmpfile
tmpnam
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
vfwprintf
vprintf
vsprintf
vswprintf
vwprintf
wcscat
wcschr
wcscmp
wcscoll
wcscpy
wcscspn
wcsftime
wcslen
wcsncat
wcsncmp
wcsncpy
wcspbrk
wcsrchr
wcsspn
wcsstr
wcstod
wcstok
wcstol
wcstombs
wcstoul
wcsxfrm
wctomb
wprintf
wscanf
6|mscoree.dll
new_p == 0
setnewh.cpp
CorExitProcess
runtime error
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
__GLOBAL_HEAP_SELECTED
(Press Retry to debug the application - JIT must be enabled)
failure, see the Visual C++ documentation on asserts
Expression:
Line:
File:
Program:
Assertion failed!
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
Buffer overrun detected!
Unknown security failure detected!
:|ESP
:|ESP
:|FIN
:|FIN
:|FRA
:|FRA
:|ISL
:|ISL
:|SVE
:|SWE
:|EUQ
:|ESP
:|ESM
:|MEX
:|FRB
:|BEL
:|DEA
:|AUT
:|ENA
:|AUS
:|ESN
:|ESP
:|FRC
:|CAN
:|ESG
:|GTM
:|FRS
:|CHE
:|ESC
:|CRI
:|FRL
:|LUX
:|ESA
:|PAN
:|ENS
:|ZAF
:|ESD
:|DOM
:|ESV
:|VEN
:|ESO
:|COL
:|ESR
:|PER
:|ESS
:|ARG
:|ESF
:|ECU
:|ESL
:|CHL
:|ESY
:|URY
:|ESZ
:|PRY
Paraguay
Uruguay
Chile
Ecuador
Argentina
Colombia
Venezuela
Dominican Republic
South Africa
Panama
Luxembourg
Costa Rica
Switzerland
Guatemala
Canada
Spanish - Modern Sort
Australia
English
Austria
German
Belgium
Mexico
Spanish
Basque
Sweden
Swedish
Iceland
Icelandic
France
French
Finland
Finnish
Spain
Spanish - Traditional Sort
:|USA
:|GBR
:|CHN
:|CZE
:|GBR
:|GBR
:|NLD
:|HKG
:|NZL
:|NZL
:|CHN
:|CHN
:|PRI
:|SVK
:|ZAF
:|KOR
:|ZAF
:|KOR
:|TTO
:|GBR
:|GBR
:|USA
:|USA
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
czech
china
britain
america
:|ENU
:|ENU
:|ENU
:|ENA
:|NLB
:|ENC
:|ZHH
:|ZHI
:|CHS
:|ZHH
:|CHS
:|ZHI
:|CHT
:|NLB
:|ENU
:|ENA
:|ENL
:|ENC
:|ENB
:|ENI
:|ENJ
:|ENZ
:|ENS
:|ENT
:|ENG
:|ENU
:|ENU
:|FRB
:|FRC
:|FRL
:|FRS
:|DEA
:|DEC
:|DEL
:|DES
:|ENI
:|ITS
:|NOR
:|NOR
:|NON
:|PTB
:|ESS
:|ESB
:|ESL
:|ESO
:|ESC
:|ESD
:|ESF
:|ESE
:|ESG
:|ESH
:|ESM
:|ESN
:|ESI
:|ESA
:|ESZ
:|ESR
:|ESU
:|ESY
:|ESV
:|SVF
:|DES
:|ENG
:|ENU
:|ENU
swiss
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
(null)
7|SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
am/pm
)7|TZ
4d7|8d7|
}7|.com
Unknown exception
bad cast
bad typeid
Access violation - no RTTI data!
Bad read pointer - no RTTI data!
Attempted a typeid of NULL pointer!
7|Bad dynamic_cast!
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
:| Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
7| ??
{flat}
{for
`non-type-template-parameter
unsigned
long
short
char
throw(
`template-parameter
__box
void
`anonymous namespace'
generic-type-
template-parameter-
`unknown ecsu'
union
struct
class
enum
coclass
cointerface
[thunk]:
public:
protected:
private:
virtual
static
`template static data member destructor helper'
`template static data member constructor helper'
`local static destructor helper'
`adjustor{
`vtordisp{
const
volatile
__gc
__pin
__gc[
7|volatile
volatile
const
signed
double
wchar_t
UNKNOWN
__int128
__int32
__int64
__int16
__w64
__int8
float
short
cmd.exe
command.com
COMSPEC
58|#58|
uI8|CONIN$
CONOUT$
i8|:
8| /c
8|TMP
9|1#QNAN
1#INF
1#IND
1#SNAN
e+000
?Dj0Q:W$=
Lyc>=
?C;0=
?4j<=
Nl,"=
5s3R6=
BC .=
"B <1=
#.X'=
=\uI=
Eb2]A=
2ieO=
|W8A=
V%A+=
>,'1D=
?g)([|X>=
r7Yr7=
.K="=
_nextafter
_logb
frexp
_hypot
_cabs
ldexp
floor
atan2
log10
!t9|(t9|exp2
exp10
i^^?(>
Y:/(A6>
MVx:>
[j&,>
F\IE>
B'=>>
in]D>
F"VM>
30}->
0)LK>
KERNEL32.dll
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapAlloc
HeapFree
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
InitializeCriticalSection
RtlUnwind
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
InterlockedExchange
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapSize
VirtualProtect
GetSystemInfo
FlushFileBuffers
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
Sleep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
IsDBCSLeadByteEx
GetConsoleCP
ReadConsoleW
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime
:|PST
56|.66|
.?AVexception@@
.?AVbad_cast@@
.?AVbad_typeid@@
.?AV__non_rtti_object@@
.?AVtype_info@@
?)9|?)9|
j6|log
log10
atan2
4x:|!
*Sp3.
=h>n>
=F>v?}?
?%?q?
\8`8h8l8
4(6,686@6
0 0$0(0,0
(null)
cmd.exe
command.com
COMSPEC
;T^h<U_i=V`j>Wak?Xbl@YcmAZdnB[eoC\fpD]gq
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
C Runtime Library
FileVersion
7.10.6030.0
InternalName
MSVCR71.DLL
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
MSVCR71.DLL
ProductName
Visual Studio .NET
ProductVersion
7.10.6030.0
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20160527
MicroWorld-eScan 未发现病毒 20160528
nProtect 未发现病毒 20160527
CMC 未发现病毒 20160523
CAT-QuickHeal 未发现病毒 20160527
McAfee 未发现病毒 20160528
Malwarebytes 未发现病毒 20160528
Zillya 未发现病毒 20160527
AegisLab 未发现病毒 20160528
K7AntiVirus 未发现病毒 20160527
Alibaba 未发现病毒 20160527
K7GW 未发现病毒 20160528
TheHacker 未发现病毒 20160527
Baidu 未发现病毒 20160527
F-Prot 未发现病毒 20160528
Symantec 未发现病毒 20160528
ESET-NOD32 未发现病毒 20160528
TrendMicro-HouseCall 未发现病毒 20160528
Avast 未发现病毒 20160528
ClamAV 未发现病毒 20160528
GData 未发现病毒 20160528
Kaspersky 未发现病毒 20160528
BitDefender 未发现病毒 20160528
NANO-Antivirus 未发现病毒 20160528
ViRobot 未发现病毒 20160528
Rising 未发现病毒 20160527
Ad-Aware 未发现病毒 20160528
Emsisoft 未发现病毒 20160528
Comodo 未发现病毒 20160528
F-Secure 未发现病毒 20160528
DrWeb 未发现病毒 20160528
VIPRE 未发现病毒 20160528
TrendMicro 未发现病毒 20160528
McAfee-GW-Edition 未发现病毒 20160527
Sophos 未发现病毒 20160528
Cyren 未发现病毒 20160528
Jiangmin 未发现病毒 20160528
Avira 未发现病毒 20160527
Antiy-AVL 未发现病毒 20160528
Kingsoft 未发现病毒 20160528
Arcabit 未发现病毒 20160528
SUPERAntiSpyware 未发现病毒 20160528
Microsoft 未发现病毒 20160528
AhnLab-V3 未发现病毒 20160527
ALYac 未发现病毒 20160528
AVware 未发现病毒 20160527
VBA32 未发现病毒 20160527
Panda 未发现病毒 20160527
Zoner 未发现病毒 20160528
Tencent 未发现病毒 20160528
Yandex 未发现病毒 20160526
Ikarus 未发现病毒 20160528
Fortinet 未发现病毒 20160528
AVG 未发现病毒 20160528
Baidu-International 未发现病毒 20160527
Qihoo-360 未发现病毒 20160528

进程树

rundll32.exe, PID: 2824, 上一级进程 PID: 444
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
23.7.139.27 未知 美国
125.56.218.24 未知 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 53444 125.56.218.24 www.msftncsi.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 53197 192.168.122.1 53
192.168.122.69 57129 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 59674 192.168.122.1 53
192.168.122.69 137 192.168.122.255 137
192.168.122.69 138 192.168.122.255 138
192.168.122.69 52766 224.0.0.252 5355
192.168.122.69 64810 224.0.0.252 5355
192.168.122.69 50619 239.255.255.250 1900
192.168.122.69 123 52.169.179.91 123
192.168.122.70 5355 192.168.122.69 52766

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.msftncsi.com 未知 A 125.56.218.24
CNAME www.msftncsi.com.edgesuite.net
A 125.56.201.97
CNAME a1961.g2.akamai.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 53444 125.56.218.24 www.msftncsi.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 53197 192.168.122.1 53
192.168.122.69 57129 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 59674 192.168.122.1 53
192.168.122.69 137 192.168.122.255 137
192.168.122.69 138 192.168.122.255 138
192.168.122.69 52766 224.0.0.252 5355
192.168.122.69 64810 224.0.0.252 5355
192.168.122.69 50619 239.255.255.250 1900
192.168.122.69 123 52.169.179.91 123
192.168.122.70 5355 192.168.122.69 52766

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.msftncsi.com/ncsi.txt 
GET /ncsi.txt HTTP/1.1
Connection: Close
User-Agent: Microsoft NCSI
Host: www.msftncsi.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 9.828 seconds )

  • 3.894 Static
  • 3.241 VirusTotal
  • 1.484 peid
  • 0.621 TargetInfo
  • 0.23 BehaviorAnalysis
  • 0.139 NetworkAnalysis
  • 0.117 Strings
  • 0.077 AnalysisInfo
  • 0.01 config_decoder
  • 0.008 Debug
  • 0.006 Dropped
  • 0.001 ProcessMemory

Signatures ( 0.498 seconds )

  • 0.108 antiav_detectreg
  • 0.072 geodo_banking_trojan
  • 0.062 infostealer_ftp
  • 0.035 infostealer_bitcoin
  • 0.023 antiav_detectfile
  • 0.023 antivm_vbox_files
  • 0.023 disables_uac
  • 0.014 bot_drive2
  • 0.014 infostealer_im
  • 0.013 mimics_filetime
  • 0.011 persistence_autorun
  • 0.009 antianalysis_detectreg
  • 0.007 bot_athenahttp
  • 0.007 browser_security
  • 0.006 stealth_timeout
  • 0.006 disables_browser_warn
  • 0.005 tinba_behavior
  • 0.005 infostealer_mail
  • 0.005 network_torgateway
  • 0.004 bot_drive
  • 0.003 betabot_behavior
  • 0.003 modify_proxy
  • 0.003 ransomware_files
  • 0.002 bootkit
  • 0.002 kibex_behavior
  • 0.002 antivm_generic_disk
  • 0.002 banker_zeus_mutex
  • 0.002 disables_system_restore
  • 0.002 modify_uac_prompt
  • 0.002 recon_checkip
  • 0.001 antiemu_wine_func
  • 0.001 network_tor
  • 0.001 injection_createremotethread
  • 0.001 kazybot_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 vawtrak_behavior
  • 0.001 virus
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 banker_zeus_p2p
  • 0.001 bot_madness
  • 0.001 browser_addon
  • 0.001 darkcomet_regkeys
  • 0.001 modify_security_center_warnings
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 targeted_flame

Reporting ( 776.999 seconds )

  • 764.959 Malheur
  • 8.653 ReportPDF
  • 3.387 ReportHTMLSummary
Task ID 12752
Mongo ID 574946cb4d3bd00ca56a3708
Cuckoo release 1.4-Maldun