魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2022-05-13 00:12:43 2022-05-13 00:13:40 57 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp02-1 win7-sp1-x64-shaapp02-1 KVM 2022-05-13 00:12:45 2022-05-13 00:13:41
魔盾分数

4.325

可疑的

文件详细信息

文件名 1.exe
文件大小 22240321 字节
文件类型 PE32+ executable (console) x86-64, for MS Windows
CRC32 C7BBA213
MD5 4e75e084c3fe403e1346572b110bedbd
SHA1 2de11cd53a66acd7993a485f4cc6f5071baa63ab
SHA256 940b7f512566f13b3db475954ea5597196ef93a25c862f32145a8e3227164c9e
SHA512 80f36f791d54d61a9d2f83f9367a4b13598901b7a0712e75a02eaf9eb5cccf1e4e6280bb2fa974a872e2cb977aed9ece807864c9f07b87273d8bf948a3f14958
Ssdeep 393216:tZxlHOF7lAg8RVd97Pi4OLFR2wt+QVDtouxq/PmhuOOTMRmOHu2+ryjCmzg1d:tBICgSd97PilLFR39tVq/Pguzddj5mzi
PEiD 无匹配
Yara
  • DebuggerTiming__PerformanceCounter ()
  • DebuggerException__SetConsoleCtrl ()
  • anti_dbg (Detected self protection if being debugged)
  • create_process (Detection function for creating a new process)
  • win_token (Affect system token)
  • win_files_operation (Affect private profile)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • IsPE64 (Detected a 64bit PE sample)
  • IsConsole (Detected a console program sample)
  • IsPacked (Detected Entropy signature)
  • HasOverlay (Detected Overlay signature)
  • HasDebugData (Detected Debug Data)
  • HasRichSignature (Detected Rich Signature)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • with_urls (Detected the presence of an or several urls)
VirusTotal VirusTotal查询失败

特征

魔盾安全Yara规则检测结果 - 安全告警
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
从文件自身的二进制镜像中读取数据
self_read: process: 1.exe, pid: 2408, offset: 0x00051939, length: 0x0000d000
self_read: process: 1.exe, pid: 2408, offset: 0x0005dc87, length: 0x00007000
self_read: process: 1.exe, pid: 2408, offset: 0x00064ab8, length: 0x0000b000
self_read: process: 1.exe, pid: 2408, offset: 0x0006f812, length: 0x00015000
self_read: process: 1.exe, pid: 2408, offset: 0x00083943, length: 0x0000e000
self_read: process: 1.exe, pid: 2408, offset: 0x0009165e, length: 0x00020000
self_read: process: 1.exe, pid: 2408, offset: 0x000b07d9, length: 0x00007000
self_read: process: 1.exe, pid: 2408, offset: 0x000b7567, length: 0x00016000
self_read: process: 1.exe, pid: 2408, offset: 0x000cd106, length: 0x00004000
self_read: process: 1.exe, pid: 2408, offset: 0x000d0ca6, length: 0x00006000
self_read: process: 1.exe, pid: 2408, offset: 0x000d642b, length: 0x00004000
self_read: process: 1.exe, pid: 2408, offset: 0x000d9dff, length: 0x00009000
self_read: process: 1.exe, pid: 2408, offset: 0x000e2c88, length: 0x00010000
self_read: process: 1.exe, pid: 2408, offset: 0x000f1e0b, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x000f3328, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x000f4bbb, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x000f63a1, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x000f7b9b, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x000f93c2, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x000fb00c, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x000fc814, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x000fe09e, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x000ff8ae, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x00101167, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0010297e, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x001042cf, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x00105e40, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x001076eb, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x00108f5b, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0010a861, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0010c362, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0010dc39, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0010f40d, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x00110cca, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x00112506, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x00113f55, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0011584b, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0011717a, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x00118a24, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0011a220, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0011bb6d, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0011d8ea, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0011f193, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x00120cb0, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x001225e9, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x00123ef5, length: 0x00003000
self_read: process: 1.exe, pid: 2408, offset: 0x001263a8, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x00127d13, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x00129b3f, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0012bb16, length: 0x00003000
self_read: process: 1.exe, pid: 2408, offset: 0x0012dba2, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0012f70e, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x0013104b, length: 0x00146000
self_read: process: 1.exe, pid: 2408, offset: 0x00276a63, length: 0x0013e000
self_read: process: 1.exe, pid: 2408, offset: 0x003b3c13, length: 0x00005000
self_read: process: 1.exe, pid: 2408, offset: 0x003b836f, length: 0x008be000
self_read: process: 1.exe, pid: 2408, offset: 0x00c75662, length: 0x0003c000
self_read: process: 1.exe, pid: 2408, offset: 0x00cb07c0, length: 0x0000c000
self_read: process: 1.exe, pid: 2408, offset: 0x00cbb896, length: 0x000d8000
self_read: process: 1.exe, pid: 2408, offset: 0x00d92c98, length: 0x0000d000
self_read: process: 1.exe, pid: 2408, offset: 0x00d9f832, length: 0x0000f000
self_read: process: 1.exe, pid: 2408, offset: 0x00dadfe0, length: 0x00003000
self_read: process: 1.exe, pid: 2408, offset: 0x00db03e0, length: 0x00019000
self_read: process: 1.exe, pid: 2408, offset: 0x00dc88e1, length: 0x00013000
self_read: process: 1.exe, pid: 2408, offset: 0x00ddb4b8, length: 0x0003d000
self_read: process: 1.exe, pid: 2408, offset: 0x00e17800, length: 0x0000a000
self_read: process: 1.exe, pid: 2408, offset: 0x00e2084b, length: 0x00008000
self_read: process: 1.exe, pid: 2408, offset: 0x00e27b20, length: 0x00008000
self_read: process: 1.exe, pid: 2408, offset: 0x00e2f941, length: 0x00006000
self_read: process: 1.exe, pid: 2408, offset: 0x00e357b2, length: 0x00010000
self_read: process: 1.exe, pid: 2408, offset: 0x00e450c4, length: 0x00030000
self_read: process: 1.exe, pid: 2408, offset: 0x00e741ad, length: 0x00017000
self_read: process: 1.exe, pid: 2408, offset: 0x00e8a215, length: 0x00005000
self_read: process: 1.exe, pid: 2408, offset: 0x00e8ea01, length: 0x001e0000
self_read: process: 1.exe, pid: 2408, offset: 0x0106e029, length: 0x0002d000
self_read: process: 1.exe, pid: 2408, offset: 0x0109ae3b, length: 0x0000d000
self_read: process: 1.exe, pid: 2408, offset: 0x010a7824, length: 0x00004000
self_read: process: 1.exe, pid: 2408, offset: 0x010ab22d, length: 0x00073000
self_read: process: 1.exe, pid: 2408, offset: 0x0111dea7, length: 0x00064000
self_read: process: 1.exe, pid: 2408, offset: 0x011810b6, length: 0x00004000
self_read: process: 1.exe, pid: 2408, offset: 0x01184863, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x0118486f, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x01184ad3, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x01185555, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x0118582b, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x01185890, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011858a1, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011858aa, length: 0x00035000
self_read: process: 1.exe, pid: 2408, offset: 0x011ba134, length: 0x00023000
self_read: process: 1.exe, pid: 2408, offset: 0x011dce4e, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011dce5a, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011dcf29, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011dde9e, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011de1be, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011de67d, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011ded1a, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x011e004f, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011e0057, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011e00c1, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011e00e8, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011e00f4, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011e037b, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011e094f, length: 0x00005000
self_read: process: 1.exe, pid: 2408, offset: 0x011e5823, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011e582b, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011e588d, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011e58cf, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011e58db, length: 0x00003000
self_read: process: 1.exe, pid: 2408, offset: 0x011e8171, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011e817d, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011e8c3a, length: 0x00004000
self_read: process: 1.exe, pid: 2408, offset: 0x011ec30f, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011ec317, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011ec37f, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011ec40c, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011ec420, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011ec42c, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011ec6b2, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011ecd5b, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x011eea39, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011eea41, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011eeaa3, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011eeb3f, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011eee09, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x011eee37, length: 0x00001000
self_read: process: 1.exe, pid: 2408, offset: 0x01533c41, length: 0x00002000
self_read: process: 1.exe, pid: 2408, offset: 0x01533cf9, length: 0x00001f48
self_read: process: 1.exe, pid: 2408, offset: 0x01535be9, length: 0x00000058
self_read: process: 1.exe, pid: 3040, offset: 0x01533c41, length: 0x00002000
self_read: process: 1.exe, pid: 3040, offset: 0x01533cf9, length: 0x00001f48
self_read: process: 1.exe, pid: 3040, offset: 0x01535be9, length: 0x00000058
可疑的样本异常终止

运行截图

网络分析

TCP连接

IP地址 端口
104.100.95.27 80

UDP连接

IP地址 端口
192.168.122.1 53

HTTP请求

URL HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

静态分析

PE 信息

初始地址 0x140000000
入口地址 0x14000a170
声明校验值 0x0153eb52
最低操作系统版本要求 5.2
编译时间 2022-04-27 14:52:41
载入哈希 0bbecc8e9f9f17b0ea9cc3899b15e5cf

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000283b0 0x00028400 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.49
.rdata 0x0002a000 0x00011b0a 0x00011c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.74
.data 0x0003c000 0x000103f8 0x00000e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.82
.pdata 0x0004d000 0x000020c4 0x00002200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.30
_RDATA 0x00050000 0x000000f4 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1.99
.rsrc 0x00051000 0x0000f018 0x0000f200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.36
.reloc 0x00061000 0x00000760 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.23

覆盖

偏移量: 0x00061760
大小: 0x014d44e1

导入

库 KERNEL32.dll:
0x14002a028 - GetCommandLineW
0x14002a030 - GetEnvironmentVariableW
0x14002a038 - SetEnvironmentVariableW
0x14002a040 - ExpandEnvironmentStringsW
0x14002a048 - CreateDirectoryW
0x14002a050 - GetTempPathW
0x14002a058 - WaitForSingleObject
0x14002a060 - Sleep
0x14002a068 - GetExitCodeProcess
0x14002a070 - CreateProcessW
0x14002a078 - FreeLibrary
0x14002a080 - LoadLibraryExW
0x14002a088 - FindClose
0x14002a090 - FindFirstFileExW
0x14002a098 - CloseHandle
0x14002a0a0 - GetCurrentProcess
0x14002a0a8 - LocalFree
0x14002a0b0 - FormatMessageW
0x14002a0b8 - MultiByteToWideChar
0x14002a0c0 - WideCharToMultiByte
0x14002a0c8 - SetEndOfFile
0x14002a0d0 - GetProcAddress
0x14002a0d8 - GetModuleFileNameW
0x14002a0e0 - SetDllDirectoryW
0x14002a0e8 - GetStartupInfoW
0x14002a0f0 - GetLastError
0x14002a0f8 - RtlCaptureContext
0x14002a100 - RtlLookupFunctionEntry
0x14002a108 - RtlVirtualUnwind
0x14002a110 - UnhandledExceptionFilter
0x14002a118 - SetUnhandledExceptionFilter
0x14002a120 - TerminateProcess
0x14002a128 - IsProcessorFeaturePresent
0x14002a130 - QueryPerformanceCounter
0x14002a138 - GetCurrentProcessId
0x14002a140 - GetCurrentThreadId
0x14002a148 - GetSystemTimeAsFileTime
0x14002a150 - InitializeSListHead
0x14002a158 - IsDebuggerPresent
0x14002a160 - GetModuleHandleW
0x14002a168 - RtlUnwindEx
0x14002a170 - SetLastError
0x14002a178 - EnterCriticalSection
0x14002a180 - LeaveCriticalSection
0x14002a188 - DeleteCriticalSection
0x14002a190 - InitializeCriticalSectionAndSpinCount
0x14002a198 - TlsAlloc
0x14002a1a0 - TlsGetValue
0x14002a1a8 - TlsSetValue
0x14002a1b0 - TlsFree
0x14002a1b8 - EncodePointer
0x14002a1c0 - RaiseException
0x14002a1c8 - RtlPcToFileHeader
0x14002a1d0 - GetCommandLineA
0x14002a1d8 - CreateFileW
0x14002a1e0 - GetDriveTypeW
0x14002a1e8 - GetFileInformationByHandle
0x14002a1f0 - GetFileType
0x14002a1f8 - PeekNamedPipe
0x14002a200 - SystemTimeToTzSpecificLocalTime
0x14002a208 - FileTimeToSystemTime
0x14002a210 - GetFullPathNameW
0x14002a218 - RemoveDirectoryW
0x14002a220 - FindNextFileW
0x14002a228 - SetStdHandle
0x14002a230 - SetConsoleCtrlHandler
0x14002a238 - DeleteFileW
0x14002a240 - ReadFile
0x14002a248 - GetStdHandle
0x14002a250 - WriteFile
0x14002a258 - ExitProcess
0x14002a260 - GetModuleHandleExW
0x14002a268 - HeapFree
0x14002a270 - GetConsoleMode
0x14002a278 - ReadConsoleW
0x14002a280 - SetFilePointerEx
0x14002a288 - GetConsoleOutputCP
0x14002a290 - GetFileSizeEx
0x14002a298 - HeapAlloc
0x14002a2a0 - FlsAlloc
0x14002a2a8 - FlsGetValue
0x14002a2b0 - FlsSetValue
0x14002a2b8 - FlsFree
0x14002a2c0 - CompareStringW
0x14002a2c8 - LCMapStringW
0x14002a2d0 - GetCurrentDirectoryW
0x14002a2d8 - FlushFileBuffers
0x14002a2e0 - HeapReAlloc
0x14002a2e8 - GetFileAttributesExW
0x14002a2f0 - GetStringTypeW
0x14002a2f8 - IsValidCodePage
0x14002a300 - GetACP
0x14002a308 - GetOEMCP
0x14002a310 - GetCPInfo
0x14002a318 - GetEnvironmentStringsW
0x14002a320 - FreeEnvironmentStringsW
0x14002a328 - GetProcessHeap
0x14002a330 - GetTimeZoneInformation
0x14002a338 - HeapSize
0x14002a340 - WriteConsoleW
库 ADVAPI32.dll:
0x14002a000 - ConvertSidToStringSidW
0x14002a008 - GetTokenInformation
0x14002a010 - OpenProcessToken
0x14002a018 - ConvertStringSecurityDescriptorToSecurityDescriptorW

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令
  • "C:\Users\test\AppData\Local\Temp\1.exe"
创建的服务 无信息
启动的服务 无信息

进程

1.exe PID: 2408, 上一级进程 PID: 2272

1.exe PID: 3040, 上一级进程 PID: 2408

访问的文件
  • C:\Users\test\AppData\Local\Temp\1.exe
  • C:\Users\test\AppData\Local\Temp
  • C:\Users\test\AppData\Local\Temp\_MEI24082
  • C:\Users\test\AppData\Local\Temp\_MEI24082\VCRUNTIME140.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_asyncio.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_bz2.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_cffi_backend.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_ctypes.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_decimal.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_hashlib.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_lzma.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_multiprocessing.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_overlapped.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_queue.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_socket.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_ssl.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_win32sysloader.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-console-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-datetime-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-debug-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-errorhandling-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-file-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-file-l1-2-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-file-l2-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-handle-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-heap-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-interlocked-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-libraryloader-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-localization-l1-2-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-memory-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-namedpipe-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-processenvironment-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-processthreads-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-processthreads-l1-1-1.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-profile-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-rtlsupport-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-string-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-synch-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-synch-l1-2-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-sysinfo-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-timezone-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-util-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-conio-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-convert-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-environment-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-filesystem-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-heap-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-locale-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-math-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-process-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-runtime-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-stdio-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-string-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-time-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-utility-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography\hazmat
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography\hazmat\bindings
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography\hazmat\bindings\_openssl.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\libcrypto-1_1.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\libffi-7.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\libopenblas.GK7GX5KEQ4F6UYO3P26ULGBQYHGQO7J4.gfortran-win_amd64.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\libssl-1_1.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\core
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\core\_multiarray_tests.cp39-win_amd64.pyd
  • C:\Windows\sysnative\tzres.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\core\_multiarray_umath.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\fft
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\fft\_pocketfft_internal.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\linalg
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\linalg\_umath_linalg.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\linalg\lapack_lite.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_bounded_integers.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_common.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_generator.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_mt19937.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_pcg64.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_philox.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_sfc64.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\bit_generator.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\mtrand.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyexpat.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\python3.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\python39.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pythoncom39.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pywintypes39.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\select.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\ucrtbase.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\unicodedata.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\win32pdh.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\LICENSE
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\zip-safe
  • C:\Users\test\AppData\Local\Temp\_MEI24082\base_library.zip
  • C:\Users\test\AppData\Local\Temp\_MEI24082\certifi
  • C:\Users\test\AppData\Local\Temp\_MEI24082\certifi\cacert.pem
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\LICENSE
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\LICENSE.APACHE
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\LICENSE.BSD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\LICENSE.PSF
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\REQUESTED
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\LICENSE.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\REQUESTED
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\entry_points.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\COPYING.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\REQUESTED
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\entry_points.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\LICENSE
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\REQUESTED
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\dependency_links.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\entry_points.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\zip-safe
  • C:\Users\test\AppData\Local\Temp\_MEI24082\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\certifi\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography\hazmat\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography\hazmat\bindings\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\core\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\fft\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\linalg\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\*
  • C:\Users\test\AppData\Local\Temp\_MEI24082\VERSION.dll
  • C:\Windows\sysnative\version.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-path-l1-1-0.dll
  • C:\Windows\sysnative\api-ms-win-core-path-l1-1-0.dll
  • C:\Windows\system\api-ms-win-core-path-l1-1-0.dll
  • C:\Windows\api-ms-win-core-path-l1-1-0.dll
  • C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-path-l1-1-0.dll
  • C:\Windows\sysnative\wbem\api-ms-win-core-path-l1-1-0.dll
  • C:\Windows\sysnative\WindowsPowerShell\v1.0\api-ms-win-core-path-l1-1-0.dll
  • C:\Program Files (x86)\WinRAR\api-ms-win-core-path-l1-1-0.dll
  • C:\Windows\sysnative\zh-CN\KERNELBASE.dll.mui
读取的文件
  • C:\Users\test\AppData\Local\Temp\1.exe
  • C:\Windows\sysnative\tzres.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\ucrtbase.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-localization-l1-2-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-processthreads-l1-1-1.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-file-l1-2-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-timezone-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-file-l2-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\python39.dll
  • C:\Windows\sysnative\version.dll
  • C:\Windows\sysnative\zh-CN\KERNELBASE.dll.mui
修改的文件
  • C:\Users\test\AppData\Local\Temp\_MEI24082\VCRUNTIME140.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_asyncio.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_bz2.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_cffi_backend.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_ctypes.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_decimal.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_hashlib.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_lzma.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_multiprocessing.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_overlapped.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_queue.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_socket.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_ssl.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_win32sysloader.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-console-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-datetime-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-debug-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-errorhandling-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-file-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-file-l1-2-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-file-l2-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-handle-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-heap-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-interlocked-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-libraryloader-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-localization-l1-2-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-memory-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-namedpipe-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-processenvironment-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-processthreads-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-processthreads-l1-1-1.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-profile-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-rtlsupport-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-string-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-synch-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-synch-l1-2-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-sysinfo-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-timezone-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-util-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-conio-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-convert-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-environment-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-filesystem-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-heap-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-locale-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-math-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-process-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-runtime-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-stdio-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-string-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-time-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-utility-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography\hazmat\bindings\_openssl.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\libcrypto-1_1.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\libffi-7.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\libopenblas.GK7GX5KEQ4F6UYO3P26ULGBQYHGQO7J4.gfortran-win_amd64.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\libssl-1_1.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\core\_multiarray_tests.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\core\_multiarray_umath.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\fft\_pocketfft_internal.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\linalg\_umath_linalg.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\linalg\lapack_lite.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_bounded_integers.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_common.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_generator.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_mt19937.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_pcg64.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_philox.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_sfc64.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\bit_generator.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\mtrand.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyexpat.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\python3.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\python39.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pythoncom39.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pywintypes39.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\select.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\ucrtbase.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\unicodedata.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\win32pdh.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\LICENSE
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\zip-safe
  • C:\Users\test\AppData\Local\Temp\_MEI24082\base_library.zip
  • C:\Users\test\AppData\Local\Temp\_MEI24082\certifi\cacert.pem
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\LICENSE
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\LICENSE.APACHE
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\LICENSE.BSD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\LICENSE.PSF
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\REQUESTED
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\LICENSE.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\REQUESTED
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\entry_points.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\COPYING.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\REQUESTED
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\entry_points.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\LICENSE
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\REQUESTED
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\dependency_links.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\entry_points.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\zip-safe
删除的文件
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\LICENSE
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info\zip-safe
  • C:\Users\test\AppData\Local\Temp\_MEI24082\altgraph-0.17.2.dist-info
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-console-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-datetime-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-debug-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-errorhandling-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-file-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-file-l1-2-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-file-l2-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-handle-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-heap-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-interlocked-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-libraryloader-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-localization-l1-2-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-memory-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-namedpipe-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-processenvironment-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-processthreads-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-processthreads-l1-1-1.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-profile-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-rtlsupport-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-string-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-synch-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-synch-l1-2-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-sysinfo-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-timezone-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-core-util-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-conio-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-convert-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-environment-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-filesystem-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-heap-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-locale-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-math-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-process-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-runtime-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-stdio-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-string-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-time-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\api-ms-win-crt-utility-l1-1-0.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\base_library.zip
  • C:\Users\test\AppData\Local\Temp\_MEI24082\certifi\cacert.pem
  • C:\Users\test\AppData\Local\Temp\_MEI24082\certifi
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography\hazmat\bindings\_openssl.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography\hazmat\bindings
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography\hazmat
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\LICENSE
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\LICENSE.APACHE
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\LICENSE.BSD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\LICENSE.PSF
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\REQUESTED
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\cryptography-3.4.7.dist-info
  • C:\Users\test\AppData\Local\Temp\_MEI24082\libcrypto-1_1.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\libffi-7.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\libopenblas.GK7GX5KEQ4F6UYO3P26ULGBQYHGQO7J4.gfortran-win_amd64.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\libssl-1_1.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\core\_multiarray_tests.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\core\_multiarray_umath.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\core
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\fft\_pocketfft_internal.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\fft
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\linalg\lapack_lite.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\linalg\_umath_linalg.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\linalg
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\bit_generator.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\mtrand.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_bounded_integers.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_common.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_generator.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_mt19937.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_pcg64.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_philox.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random\_sfc64.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy\random
  • C:\Users\test\AppData\Local\Temp\_MEI24082\numpy
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\entry_points.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\LICENSE.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\REQUESTED
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pip-21.1.1.dist-info
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyexpat.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\COPYING.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\entry_points.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\REQUESTED
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pyinstaller-5.0.dist-info
  • C:\Users\test\AppData\Local\Temp\_MEI24082\python3.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\python39.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pythoncom39.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\pywintypes39.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\select.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\dependency_links.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\entry_points.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\INSTALLER
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\LICENSE
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\METADATA
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\RECORD
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\REQUESTED
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\top_level.txt
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\WHEEL
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info\zip-safe
  • C:\Users\test\AppData\Local\Temp\_MEI24082\setuptools-49.2.1.dist-info
  • C:\Users\test\AppData\Local\Temp\_MEI24082\ucrtbase.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\unicodedata.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\VCRUNTIME140.dll
  • C:\Users\test\AppData\Local\Temp\_MEI24082\win32pdh.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_asyncio.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_bz2.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_cffi_backend.cp39-win_amd64.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_ctypes.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_decimal.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_hashlib.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_lzma.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_multiprocessing.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_overlapped.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_queue.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_socket.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_ssl.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082\_win32sysloader.pyd
  • C:\Users\test\AppData\Local\Temp\_MEI24082
注册表键
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
读取的注册表键
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
修改的注册表键 无信息
删除的注册表键 无信息
API解析
  • kernel32.dll.InitializeCriticalSectionEx
  • kernel32.dll.FlsAlloc
  • kernel32.dll.FlsSetValue
  • kernel32.dll.LCMapStringEx
  • kernel32.dll.FlsGetValue