魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2020-07-05 20:29:19 2020-07-05 20:31:43 144 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-hpdapp01-1 win7-sp1-x64-hpdapp01-1 KVM 2020-07-05 20:29:26 2020-07-05 20:31:44
魔盾分数

1.975

正常的

文件详细信息

文件名 油耗计算器.exe
文件大小 884736 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 09A7DDB6
MD5 df9e358006ebfe6ae73f04331c777f35
SHA1 96b81364691a9d51cb761480957009224863b594
SHA256 706c913b819590d0792eb080bf639c353c42ed8c1ed2f451e2067257a661edb5
SHA512 0856c8bf27a64d60c9b9e9525281522e82a689d737102b872785503e81348e680b576f642cc994ee8bdf00996d271618bdaf5c3cc32fc58f863f5a338e2de6e5
Ssdeep 24576:mhjDyJfoUi0JEIOG7lrsP5IxE6JbXmKWgiOj:mhjDyJfoUT77l5E6hmXgiq
PEiD 无匹配
Yara
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • win_mutex (Create or check mutex)
  • screenshot (Detected take screenshot function)
  • create_process (Detection function for creating a new process)
  • keylogger (Detected keylogger function)
  • win_registry (Detected system registries modification function)
  • change_win_registry (Change registries to affect system)
  • win_files_operation (Affect private profile)
  • win_hook (Detected hook table access function)
  • win_private_profile (Detected private profile access function)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • with_images (Detected the presence of an or several images)
  • with_urls (Detected the presence of an or several urls)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • MD5_Constants (Look for MD5 constants)
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • HasRichSignature (Detected Rich Signature)
VirusTotal 无此文件扫描结果

特征

魔盾wping.org 域名信誉系统
Greylist: winscp-static-746341.c.cdn77.org
发起了一些HTTP请求
url: http://youjia.chemcp.com/index.asp
url: http://winscp.net/eng/upgrade.php?v=5.7.3.5438&lang=0804&isinstalled=1&beta=0&to=5.13.4&utm_source=winscp&utm_medium=app&utm_campaign=5.7.3
魔盾安全Yara规则检测结果 - 安全告警
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files

运行截图

网络分析

域名解析

域名 响应
youjia.chemcp.com A 219.156.123.204
winscp.net A 87.106.181.237
winscp-static-746341.c.cdn77.org CNAME 1578389079.rsc.cdn77.org
A 89.187.187.12
www.googletagmanager.com CNAME www-googletagmanager.l.google.com
A 203.208.50.169
pagead2.googlesyndication.com A 203.208.43.102
CNAME pagead46.l.doubleclick.net

TCP连接

IP地址 端口
203.208.43.102 443
203.208.50.169 443
219.156.123.204 80
87.106.181.237 443
87.106.181.237 80
87.106.181.237 443
89.187.187.12 443
89.187.187.12 443
89.187.187.12 443
89.187.187.12 443
89.187.187.12 443
89.187.187.12 443
89.187.187.12 443
89.187.187.12 443
89.187.187.12 443
89.187.187.12 443
89.187.187.12 443

UDP连接

IP地址 端口
192.168.122.1 53
192.168.122.1 53
192.168.122.1 53
192.168.122.1 53
192.168.122.1 53

HTTP请求

URL HTTP数据
http://youjia.chemcp.com/index.asp 
GET /index.asp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: youjia.chemcp.com
http://winscp.net/eng/upgrade.php?v=5.7.3.5438&lang=0804&isinstalled=1&beta=0&to=5.13.4&utm_source=winscp&utm_medium=app&utm_campaign=5.7.3 
GET /eng/upgrade.php?v=5.7.3.5438&lang=0804&isinstalled=1&beta=0&to=5.13.4&utm_source=winscp&utm_medium=app&utm_campaign=5.7.3 HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: winscp.net
Connection: Keep-Alive

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x004837fc
声明校验值 0x00000000
实际校验值 0x000e5b8a
最低操作系统版本要求 4.0
编译时间 2020-07-05 20:08:57
载入哈希 cc951e32effaa3a551eae33a21b8c7b9

版本信息

LegalCopyright: \u6cb9\u8017\u8ba1\u7b97\u5668 \u7248\u6743\u6240\u6709
FileVersion: 2.0.0.0
CompanyName: \u6cb9\u8017\u8ba1\u7b97\u5668
Comments: \u6cb9\u8017\u8ba1\u7b97\u56682.0
ProductName: \u6cb9\u8017\u8ba1\u7b97\u56682.0
ProductVersion: 2.0.0.0
FileDescription: \u6cb9\u8017\u8ba1\u7b97\u56682.0
Translation: 0x0804 0x04b0

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000a274e 0x000a3000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.59
.rdata 0x000a4000 0x00015d00 0x00016000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.51
.data 0x000ba000 0x0004a44b 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.05
.rsrc 0x00105000 0x0000595c 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.82

导入

库 KERNEL32.dll:
0x4a4170 - SetEndOfFile
0x4a4174 - UnlockFile
0x4a4178 - LockFile
0x4a417c - FlushFileBuffers
0x4a4180 - SetFilePointer
0x4a4184 - GetCurrentProcess
0x4a4188 - DuplicateHandle
0x4a418c - lstrcpynA
0x4a4190 - SetLastError
0x4a4194 - FileTimeToLocalFileTime
0x4a4198 - FileTimeToSystemTime
0x4a419c - LocalFree
0x4a41a0 - MultiByteToWideChar
0x4a41a4 - WideCharToMultiByte
0x4a41a8 - InterlockedDecrement
0x4a41ac - SuspendThread
0x4a41b0 - TerminateThread
0x4a41b4 - ReleaseMutex
0x4a41b8 - CreateMutexA
0x4a41bc - CreateSemaphoreA
0x4a41c0 - SetStdHandle
0x4a41c4 - IsBadCodePtr
0x4a41c8 - IsBadReadPtr
0x4a41cc - CompareStringW
0x4a41d0 - CompareStringA
0x4a41d4 - GetStringTypeW
0x4a41d8 - GetStringTypeA
0x4a41dc - SetUnhandledExceptionFilter
0x4a41e0 - IsBadWritePtr
0x4a41e4 - VirtualAlloc
0x4a41e8 - LCMapStringW
0x4a41ec - LCMapStringA
0x4a41f0 - SetEnvironmentVariableA
0x4a41f4 - VirtualFree
0x4a41f8 - HeapCreate
0x4a41fc - HeapDestroy
0x4a4200 - GetEnvironmentVariableA
0x4a4204 - GetFileType
0x4a4208 - GetStdHandle
0x4a420c - SetHandleCount
0x4a4210 - GetEnvironmentStringsW
0x4a4214 - ResumeThread
0x4a4218 - ReleaseSemaphore
0x4a421c - EnterCriticalSection
0x4a4220 - LeaveCriticalSection
0x4a4224 - GetProfileStringA
0x4a4228 - WriteFile
0x4a422c - ReadFile
0x4a4230 - WaitForMultipleObjects
0x4a4234 - CreateFileA
0x4a4238 - SetEvent
0x4a423c - FindResourceA
0x4a4240 - LoadResource
0x4a4244 - LockResource
0x4a4248 - lstrlenW
0x4a424c - GetModuleFileNameA
0x4a4250 - GetCurrentThreadId
0x4a4254 - ExitProcess
0x4a4258 - GlobalSize
0x4a425c - GlobalFree
0x4a4260 - DeleteCriticalSection
0x4a4264 - InitializeCriticalSection
0x4a4268 - lstrcatA
0x4a426c - lstrlenA
0x4a4270 - WinExec
0x4a4274 - lstrcpyA
0x4a4278 - FindNextFileA
0x4a427c - GlobalReAlloc
0x4a4280 - HeapFree
0x4a4284 - HeapReAlloc
0x4a4288 - GetProcessHeap
0x4a428c - HeapAlloc
0x4a4290 - GetUserDefaultLCID
0x4a4294 - GetFullPathNameA
0x4a4298 - FreeLibrary
0x4a429c - LoadLibraryA
0x4a42a0 - GetLastError
0x4a42a4 - GetVersionExA
0x4a42a8 - WritePrivateProfileStringA
0x4a42ac - CreateThread
0x4a42b0 - CreateEventA
0x4a42b4 - Sleep
0x4a42b8 - GlobalAlloc
0x4a42bc - GlobalLock
0x4a42c0 - GlobalUnlock
0x4a42c4 - FindFirstFileA
0x4a42c8 - FindClose
0x4a42cc - GetEnvironmentStrings
0x4a42d0 - FreeEnvironmentStringsW
0x4a42d4 - FreeEnvironmentStringsA
0x4a42d8 - UnhandledExceptionFilter
0x4a42dc - GetACP
0x4a42e0 - HeapSize
0x4a42e4 - TerminateProcess
0x4a42e8 - GetLocalTime
0x4a42ec - GetSystemTime
0x4a42f0 - GetTimeZoneInformation
0x4a42f4 - RaiseException
0x4a42f8 - RtlUnwind
0x4a42fc - GetStartupInfoA
0x4a4300 - GetOEMCP
0x4a4304 - GetCPInfo
0x4a4308 - GetProcessVersion
0x4a430c - SetErrorMode
0x4a4310 - GlobalFlags
0x4a4314 - GetCurrentThread
0x4a4318 - GetFileTime
0x4a431c - GetFileSize
0x4a4320 - TlsGetValue
0x4a4324 - LocalReAlloc
0x4a4328 - TlsSetValue
0x4a432c - TlsFree
0x4a4330 - GlobalHandle
0x4a4334 - GetFileAttributesA
0x4a4338 - SetCurrentDirectoryA
0x4a433c - GetVolumeInformationA
0x4a4340 - TlsAlloc
0x4a4344 - LocalAlloc
0x4a4348 - lstrcmpA
0x4a434c - GetVersion
0x4a4350 - GlobalGetAtomNameA
0x4a4354 - GlobalAddAtomA
0x4a4358 - GlobalFindAtomA
0x4a435c - GlobalDeleteAtom
0x4a4360 - lstrcmpiA
0x4a4364 - GetModuleHandleA
0x4a4368 - GetProcAddress
0x4a436c - MulDiv
0x4a4370 - GetCommandLineA
0x4a4374 - GetTickCount
0x4a4378 - WaitForSingleObject
0x4a437c - CloseHandle
0x4a4380 - InterlockedIncrement
库 USER32.dll:
0x4a43e4 - OpenClipboard
0x4a43e8 - SetClipboardData
0x4a43ec - EmptyClipboard
0x4a43f0 - GetSystemMetrics
0x4a43f4 - GetCursorPos
0x4a43f8 - MessageBoxA
0x4a43fc - SetWindowPos
0x4a4400 - SendMessageA
0x4a4404 - DestroyCursor
0x4a4408 - SetParent
0x4a440c - GetClipboardData
0x4a4410 - PostMessageA
0x4a4414 - GetTopWindow
0x4a4418 - GetParent
0x4a441c - GetFocus
0x4a4420 - GetClientRect
0x4a4424 - InvalidateRect
0x4a4428 - ValidateRect
0x4a442c - UpdateWindow
0x4a4430 - CloseClipboard
0x4a4434 - wsprintfA
0x4a4438 - EqualRect
0x4a443c - GetWindowRect
0x4a4440 - SetForegroundWindow
0x4a4444 - DestroyMenu
0x4a4448 - IsWindow
0x4a444c - IsChild
0x4a4450 - ReleaseDC
0x4a4454 - IsRectEmpty
0x4a4458 - FillRect
0x4a445c - GetDC
0x4a4460 - SetCursor
0x4a4464 - LoadCursorA
0x4a4468 - SetCursorPos
0x4a446c - SetActiveWindow
0x4a4470 - GetSysColor
0x4a4474 - SetWindowLongA
0x4a4478 - GetWindowLongA
0x4a447c - RedrawWindow
0x4a4480 - EnableWindow
0x4a4484 - IsWindowVisible
0x4a4488 - OffsetRect
0x4a448c - PtInRect
0x4a4490 - DestroyIcon
0x4a4494 - IntersectRect
0x4a4498 - InflateRect
0x4a449c - SetRect
0x4a44a0 - SetScrollPos
0x4a44a4 - SetScrollRange
0x4a44a8 - GetScrollRange
0x4a44ac - SetCapture
0x4a44b0 - GetCapture
0x4a44b4 - ReleaseCapture
0x4a44b8 - SetTimer
0x4a44bc - KillTimer
0x4a44c0 - TranslateMessage
0x4a44c4 - LoadIconA
0x4a44c8 - DrawFrameControl
0x4a44cc - DrawEdge
0x4a44d0 - DrawFocusRect
0x4a44d4 - WindowFromPoint
0x4a44d8 - GetMessageA
0x4a44dc - DispatchMessageA
0x4a44e0 - SetRectEmpty
0x4a44e4 - RegisterClipboardFormatA
0x4a44e8 - CreateIconFromResourceEx
0x4a44ec - CreateIconFromResource
0x4a44f0 - DrawIconEx
0x4a44f4 - CreatePopupMenu
0x4a44f8 - AppendMenuA
0x4a44fc - ModifyMenuA
0x4a4500 - CreateMenu
0x4a4504 - CreateAcceleratorTableA
0x4a4508 - GetDlgCtrlID
0x4a450c - GetSubMenu
0x4a4510 - EnableMenuItem
0x4a4514 - ClientToScreen
0x4a4518 - EnumDisplaySettingsA
0x4a451c - LoadImageA
0x4a4520 - SystemParametersInfoA
0x4a4524 - ShowWindow
0x4a4528 - IsWindowEnabled
0x4a452c - TranslateAcceleratorA
0x4a4530 - GetKeyState
0x4a4534 - CopyAcceleratorTableA
0x4a4538 - PostQuitMessage
0x4a453c - IsZoomed
0x4a4540 - GetClassInfoA
0x4a4544 - GetWindowTextA
0x4a4548 - GetWindowTextLengthA
0x4a454c - CharUpperA
0x4a4550 - GetWindowDC
0x4a4554 - BeginPaint
0x4a4558 - EndPaint
0x4a455c - TabbedTextOutA
0x4a4560 - DrawTextA
0x4a4564 - GrayStringA
0x4a4568 - GetDlgItem
0x4a456c - DestroyWindow
0x4a4570 - CreateDialogIndirectParamA
0x4a4574 - EndDialog
0x4a4578 - GetNextDlgTabItem
0x4a457c - GetWindowPlacement
0x4a4580 - RegisterWindowMessageA
0x4a4584 - GetForegroundWindow
0x4a4588 - GetLastActivePopup
0x4a458c - GetMessageTime
0x4a4590 - RemovePropA
0x4a4594 - CallWindowProcA
0x4a4598 - GetPropA
0x4a459c - UnhookWindowsHookEx
0x4a45a0 - SetPropA
0x4a45a4 - GetClassLongA
0x4a45a8 - CallNextHookEx
0x4a45ac - SetWindowsHookExA
0x4a45b0 - CreateWindowExA
0x4a45b4 - GetMenuItemID
0x4a45b8 - GetMenuItemCount
0x4a45bc - RegisterClassA
0x4a45c0 - GetScrollPos
0x4a45c4 - UnregisterClassA
0x4a45c8 - AdjustWindowRectEx
0x4a45cc - MapWindowPoints
0x4a45d0 - SendDlgItemMessageA
0x4a45d4 - ScrollWindowEx
0x4a45d8 - IsDialogMessageA
0x4a45dc - SetWindowTextA
0x4a45e0 - MoveWindow
0x4a45e4 - CheckMenuItem
0x4a45e8 - SetMenuItemBitmaps
0x4a45ec - GetMenuState
0x4a45f0 - GetMenuCheckMarkDimensions
0x4a45f4 - GetClassNameA
0x4a45f8 - GetDesktopWindow
0x4a45fc - LoadStringA
0x4a4600 - GetSysColorBrush
0x4a4604 - DefWindowProcA
0x4a4608 - GetSystemMenu
0x4a460c - DeleteMenu
0x4a4610 - GetMenu
0x4a4614 - SetMenu
0x4a4618 - PeekMessageA
0x4a461c - IsIconic
0x4a4620 - SetFocus
0x4a4624 - GetActiveWindow
0x4a4628 - GetWindow
0x4a462c - DestroyAcceleratorTable
0x4a4630 - SetWindowRgn
0x4a4634 - GetMessagePos
0x4a4638 - ScreenToClient
0x4a463c - ChildWindowFromPointEx
0x4a4640 - CopyRect
0x4a4644 - LoadBitmapA
0x4a4648 - WinHelpA
库 GDI32.dll:
0x4a4024 - SetStretchBltMode
0x4a4028 - GetClipRgn
0x4a402c - CreatePolygonRgn
0x4a4030 - SelectClipRgn
0x4a4034 - DeleteObject
0x4a4038 - CreateDIBitmap
0x4a403c - GetSystemPaletteEntries
0x4a4040 - CreatePalette
0x4a4044 - StretchBlt
0x4a4048 - SelectPalette
0x4a404c - RealizePalette
0x4a4050 - GetDIBits
0x4a4054 - GetWindowExtEx
0x4a4058 - GetViewportOrgEx
0x4a405c - GetWindowOrgEx
0x4a4060 - BeginPath
0x4a4064 - EndPath
0x4a4068 - PathToRegion
0x4a406c - CreateEllipticRgn
0x4a4070 - CreateRoundRectRgn
0x4a4074 - GetTextColor
0x4a4078 - GetBkMode
0x4a407c - GetBkColor
0x4a4080 - GetROP2
0x4a4084 - GetStretchBltMode
0x4a4088 - GetPolyFillMode
0x4a408c - CreateCompatibleBitmap
0x4a4090 - CreateDCA
0x4a4094 - CreateBitmap
0x4a4098 - SelectObject
0x4a409c - CreatePen
0x4a40a0 - PatBlt
0x4a40a4 - CombineRgn
0x4a40a8 - FillRgn
0x4a40ac - CreateSolidBrush
0x4a40b0 - CreateFontIndirectA
0x4a40b4 - GetStockObject
0x4a40b8 - GetObjectA
0x4a40bc - EndPage
0x4a40c0 - EndDoc
0x4a40c4 - DeleteDC
0x4a40c8 - StartDocA
0x4a40cc - StartPage
0x4a40d0 - BitBlt
0x4a40d4 - CreateCompatibleDC
0x4a40d8 - Ellipse
0x4a40dc - Rectangle
0x4a40e0 - LPtoDP
0x4a40e4 - DPtoLP
0x4a40e8 - GetCurrentObject
0x4a40ec - RoundRect
0x4a40f0 - GetTextExtentPoint32A
0x4a40f4 - GetDeviceCaps
0x4a40f8 - SaveDC
0x4a40fc - RestoreDC
0x4a4100 - SetBkMode
0x4a4104 - SetPolyFillMode
0x4a4108 - SetROP2
0x4a410c - SetTextColor
0x4a4110 - SetMapMode
0x4a4114 - SetViewportOrgEx
0x4a4118 - OffsetViewportOrgEx
0x4a411c - SetViewportExtEx
0x4a4120 - ScaleViewportExtEx
0x4a4124 - SetWindowOrgEx
0x4a4128 - SetWindowExtEx
0x4a412c - ScaleWindowExtEx
0x4a4130 - GetClipBox
0x4a4134 - ExcludeClipRect
0x4a4138 - MoveToEx
0x4a413c - LineTo
0x4a4140 - CreateRectRgnIndirect
0x4a4144 - SetBkColor
0x4a4148 - CreateRectRgn
0x4a414c - GetTextMetricsA
0x4a4150 - Escape
0x4a4154 - ExtTextOutA
0x4a4158 - TextOutA
0x4a415c - RectVisible
0x4a4160 - PtVisible
0x4a4164 - GetViewportExtEx
0x4a4168 - ExtSelectClipRgn
库 WINMM.dll:
0x4a4650 - midiStreamRestart
0x4a4654 - midiStreamClose
0x4a4658 - midiOutReset
0x4a465c - midiStreamStop
0x4a4660 - midiStreamOut
0x4a4664 - midiOutPrepareHeader
0x4a4668 - midiStreamProperty
0x4a466c - midiStreamOpen
0x4a4670 - midiOutUnprepareHeader
0x4a4674 - waveOutOpen
0x4a4678 - waveOutGetNumDevs
0x4a467c - waveOutClose
0x4a4680 - waveOutReset
0x4a4684 - waveOutPause
0x4a4688 - waveOutWrite
0x4a468c - waveOutPrepareHeader
0x4a4690 - waveOutUnprepareHeader
0x4a4694 - waveOutRestart
库 WINSPOOL.DRV:
0x4a469c - ClosePrinter
0x4a46a0 - DocumentPropertiesA
0x4a46a4 - OpenPrinterA
库 ADVAPI32.dll:
0x4a4000 - RegCloseKey
0x4a4004 - RegOpenKeyExA
0x4a4008 - RegSetValueExA
0x4a400c - RegQueryValueA
0x4a4010 - RegCreateKeyExA
库 SHELL32.dll:
0x4a43d8 - ShellExecuteA
0x4a43dc - Shell_NotifyIconA
库 ole32.dll:
0x4a46ec - CLSIDFromProgID
0x4a46f0 - OleInitialize
0x4a46f4 - OleUninitialize
0x4a46f8 - CoCreateInstance
0x4a46fc - OleRun
0x4a4700 - CLSIDFromString
库 OLEAUT32.dll:
0x4a4388 - SysAllocString
0x4a438c - SafeArrayDestroy
0x4a4390 - SafeArrayCreate
0x4a4394 - SafeArrayPutElement
0x4a4398 - RegisterTypeLib
0x4a439c - LHashValOfNameSys
0x4a43a0 - LoadTypeLib
0x4a43a4 - UnRegisterTypeLib
0x4a43a8 - VariantCopyInd
0x4a43ac - SafeArrayGetElement
0x4a43b0 - SafeArrayAccessData
0x4a43b4 - SafeArrayUnaccessData
0x4a43b8 - SafeArrayGetDim
0x4a43bc - SafeArrayGetLBound
0x4a43c0 - SafeArrayGetUBound
0x4a43c4 - VariantChangeType
0x4a43c8 - VariantClear
0x4a43cc - VariantCopy
0x4a43d0 - VariantInit
库 COMCTL32.dll:
0x4a4018 - ImageList_Destroy
0x4a401c - None
库 WS2_32.dll:
0x4a46ac - recv
0x4a46b0 - getpeername
0x4a46b4 - accept
0x4a46b8 - ntohl
0x4a46bc - ioctlsocket
0x4a46c0 - recvfrom
0x4a46c4 - WSAAsyncSelect
0x4a46c8 - closesocket
0x4a46cc - WSACleanup
0x4a46d0 - inet_ntoa
库 comdlg32.dll:
0x4a46d8 - GetFileTitleA
0x4a46dc - GetSaveFileNameA
0x4a46e0 - GetOpenFileNameA
0x4a46e4 - ChooseColorA

投放文件

无信息

行为分析

互斥量(Mutexes)
  • Local\MSCTF.Asm.MutexDefault1
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

_______________.exe PID: 2688, 上一级进程 PID: 2332

访问的文件
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Windows\Fonts\staticcache.dat
  • C:\Users\test\AppData\Local\Temp\ole32.dll
  • C:\Users\test\AppData\Local\Temp\Winhttp.dll
  • C:\Users\test\AppData\Local\Temp\Kernel32.dll
  • C:\Users\test\AppData\Local\Temp\kernel32.dll
  • C:\Windows\SysWOW64\stdole2.tlb
  • C:\Program Files (x86)\Common Files\System\ado\msado15.dll
读取的文件
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Windows\Fonts\staticcache.dat
  • C:\Windows\SysWOW64\stdole2.tlb
  • C:\Program Files (x86)\Common Files\System\ado\msado15.dll
修改的文件 无信息
删除的文件 无信息
注册表键
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
  • HKEY_CURRENT_USER\Software\Classes
  • HKEY_CURRENT_USER\Software\Classes\TypeLib
  • HKEY_CURRENT_USER\Software\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\_______________.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_CURRENT_USER
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
  • HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
读取的注册表键
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
修改的注册表键 无信息
删除的注册表键 无信息
API解析
  • kernel32.dll.IsProcessorFeaturePresent
  • cryptbase.dll.SystemFunction036
  • kernel32.dll.SortGetHandle
  • kernel32.dll.SortCloseHandle
  • comctl32.dll.RegisterClassNameW
  • uxtheme.dll.EnableThemeDialogTexture
  • uxtheme.dll.OpenThemeData
  • imm32.dll.ImmIsIME
  • gdi32.dll.GetLayout
  • gdi32.dll.GdiRealizationInfo
  • gdi32.dll.FontIsLinked
  • advapi32.dll.RegOpenKeyExW
  • advapi32.dll.RegQueryInfoKeyW
  • gdi32.dll.GetTextFaceAliasW
  • advapi32.dll.RegEnumValueW
  • advapi32.dll.RegCloseKey
  • advapi32.dll.RegQueryValueExW
  • advapi32.dll.RegQueryValueExA
  • advapi32.dll.RegEnumKeyExW
  • gdi32.dll.GetTextExtentExPointWPri
  • uxtheme.dll.SetWindowTheme
  • ole32.dll.CoInitialize
  • winhttp.dll.WinHttpCheckPlatform
  • kernel32.dll.MultiByteToWideChar
  • winhttp.dll.WinHttpCrackUrl
  • shlwapi.dll.StrCmpNW
  • kernel32.dll.WideCharToMultiByte
  • winhttp.dll.WinHttpOpen
  • winhttp.dll.WinHttpSetTimeouts
  • winhttp.dll.WinHttpConnect
  • winhttp.dll.WinHttpOpenRequest
  • winhttp.dll.WinHttpSetOption
  • winhttp.dll.WinHttpAddRequestHeaders
  • shlwapi.dll.#153
  • winhttp.dll.WinHttpSendRequest
  • ws2_32.dll.GetAddrInfoW
  • ws2_32.dll.WSASocketW
  • ws2_32.dll.#2
  • ws2_32.dll.#21
  • ws2_32.dll.#9
  • ws2_32.dll.WSAIoctl
  • ws2_32.dll.FreeAddrInfoW
  • ws2_32.dll.#6
  • ws2_32.dll.#5
  • ws2_32.dll.WSARecv
  • ws2_32.dll.WSASend
  • winhttp.dll.WinHttpReceiveResponse
  • winhttp.dll.WinHttpQueryDataAvailable
  • winhttp.dll.WinHttpReadData
  • winhttp.dll.WinHttpQueryHeaders
  • ole32.dll.CoUninitialize
  • winhttp.dll.WinHttpCloseHandle
  • rpcrt4.dll.RpcBindingFree
  • gdi32.dll.GetFontAssocStatus
  • ole32.dll.CoInitializeEx
  • ole32.dll.CoRegisterInitializeSpy
  • ole32.dll.CoRevokeInitializeSpy
  • uxtheme.dll.BufferedPaintInit
  • uxtheme.dll.BufferedPaintRenderAnimation
  • uxtheme.dll.BeginBufferedAnimation
  • uxtheme.dll.EndBufferedAnimation
  • uxtheme.dll.BeginBufferedPaint
  • ws2_32.dll.#3
  • ws2_32.dll.#116