魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2020-04-08 23:47:13 | 2020-04-08 23:49:18 | 125 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp01-1 | win7-sp1-x64-shaapp01-1 | KVM | 2020-04-08 23:47:14 | 2020-04-08 23:49:19 |
| 魔盾分数 |
|---|
9.575恶意的 |
文件详细信息
| 文件名 | icve2.7.7z |
|---|---|
| 文件大小 | 1878528 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| CRC32 | C35378B0 |
| MD5 | b05d1cd40e811be39b8f1841b436d1c7 |
| SHA1 | f0fc1fb8d94f020306cc650637709165b32b7b26 |
| SHA256 | 8aab28f1a474a5815f25d6666dba9c5d6c8421d609c7f2cf30497736542fa8b2 |
| SHA512 | b05c947e67dfc42ad2d6f6fa91b2ff9b41db519fcf6421490772ead5b258269816c8f9061a1e9411aff35cf7c6d7cfc7ca1b70b50a143f1a60edefc86f660dc0 |
| Ssdeep | 24576:WMxtRzbvbvbvbIK0q77L87bqREjUt99FUXmLZiFXWFS6mMfEBi0M:WMxnUK0qXL8/fm/e2FiFXcSkfE2 |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal | 无此文件扫描结果 |
特征
在加密调用中发现至少一个IP地址,域名,或文件名
ioc: ochs20110101000000.000000
ioc: 35718711292556.1.7600.16385
通过进程尝试延迟分析任务
Process: ICVE2.exe tried to sleep 120 seconds, actually delayed analysis time by 0 seconds
魔盾wping.org 域名信誉系统
Greylist: pan.minedeed.com
发起了一些HTTP请求
url: http://pan.minedeed.com/icve/appConfig2.do
魔盾安全Yara规则检测结果 - 安全告警
Informational: Possibly employs anti-virtualization techniques
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
HTTP数据流中包含可疑的恶意软件数据
post_no_referer: HTTP traffic contains a POST request with no referer header
post_no_useragent: HTTP traffic contains a POST request with no user-agent header
suspicious_request: http://pan.minedeed.com/icve/appConfig2.do
检测到样本尝试模糊或欺骗文件类型
运行截图
网络分析
域名解析
| 域名 | 响应 |
|---|---|
| pan.minedeed.com | A 139.196.140.208 |
TCP连接
| IP地址 | 端口 |
|---|---|
| 139.196.140.208 | 80 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://pan.minedeed.com/icve/appConfig2.do | POST /icve/appConfig2.do HTTP/1.1 Content-Type: application/x-www-form-urlencoded Cookie: ;verifycode=860842FEDE38A03ABBBC39302AECCA0E@637065720794756857 NewAppId: de28769106c0cf8fe8d5ebaf97f6b8a1 Host: pan.minedeed.com Content-Length: 38 Expect: 100-continue Connection: Keep-Alive |
静态分析
投放文件
ICVE2.exe
| 文件名 | ICVE2.exe |
|---|---|
| 相关文件 |
|
| 文件大小 | 1878528 bytes |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b05d1cd40e811be39b8f1841b436d1c7 |
| SHA1 | f0fc1fb8d94f020306cc650637709165b32b7b26 |
| SHA256 | 8aab28f1a474a5815f25d6666dba9c5d6c8421d609c7f2cf30497736542fa8b2 |
| SHA512 | b05c947e67dfc42ad2d6f6fa91b2ff9b41db519fcf6421490772ead5b258269816c8f9061a1e9411aff35cf7c6d7cfc7ca1b70b50a143f1a60edefc86f660dc0 |
| Ssdeep | 24576:WMxtRzbvbvbvbIK0q77L87bqREjUt99FUXmLZiFXWFS6mMfEBi0M:WMxnUK0qXL8/fm/e2FiFXcSkfE2 |
| VirusTotal | 搜索相关分析 |
行为分析
互斥量(Mutexes)
- Local\MSCTF.Asm.MutexDefault1
- RasPbFile
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
cmd.exe PID: 2816, 上一级进程 PID: 2320
ICVE2.exe PID: 3004, 上一级进程 PID: 2816
访问的文件
- C:\Windows\SysWOW64\ntdll.dll
- C:\Windows\SysWOW64\KernelBase.dll
- C:\Windows\SysWOW64\kernel32.dll
- C:\Windows\SysWOW64\user32.dll
- C:\Windows\SysWOW64\advapi32.dll
- C:\Windows\SysWOW64\IPHLPAPI.DLL
- C:\Windows\System32\mscoree.dll.local
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
- C:\Windows\Microsoft.NET\Framework\*
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\ICVE2.exe
- C:\Users
- C:\Users\test
- C:\Users\test\AppData
- C:\Users\test\AppData\Local
- C:\Users\test\AppData\Local\Temp
- C:\Users\test\AppData\Local\Temp\7z-tmp
- \Device\KsecDD
- C:\Users\test\AppData\Local\Temp\7z-tmp\ICVE2.exe.Config
- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICVE2\*
- C:\Users\test\AppData\Local\Temp\7z-tmp\ICVE2.INI
- C:\Windows\assembly\GAC\PublisherPolicy.tme
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
- C:\Windows\Microsoft.Net\assembly\GAC_32\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\fb06ad4bc55b9c3ca68a3f9259d826cd\System.Windows.Forms.ni.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
- C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\1be7a15b1f33bf22e4f53aaf45518c77\System.ni.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
- C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\1d52bd4ac5e0a6422058a5d62c9f6d9d\System.Drawing.ni.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
- C:\Users\test\AppData\Local\Temp\7z-tmp\ICVE2.exe.Local\
- C:\Windows\WindowsShell.Manifest
- C:\Windows\Microsoft.Net\assembly\GAC_32\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\*
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\98d3949f9ba1a384939805aa5e47e933\System.Management.ni.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- C:\Windows\assembly\GAC_64
- C:\Windows\assembly\GAC_64\mscorlib.resources
- C:\Windows\assembly\GAC_32
- C:\Windows\assembly\GAC_32\mscorlib.resources
- C:\Windows\assembly\GAC_MSIL
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHS_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\assembly\GAC
- C:\Windows\assembly\GAC\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_64
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_32
- C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC
- C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.INI
- C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
- C:\Windows\Fonts\AGENCYR.TTF
- C:\Windows\Fonts\msyh.ttf
- C:\Windows\Fonts\msyhbd.ttf
- C:\Windows\Fonts\simsun.ttc
- C:\Windows\Fonts\staticcache.dat
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\eb4cca4f06a15158c3f7e2c56516729b\System.Core.ni.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\fe4b221b4109f0c78f57a792500699b5\System.Configuration.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\*
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\4fbda26d781323081b45526da6e87b35\System.Xml.ni.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- C:\Windows\assembly\GAC_64\System.resources
- C:\Windows\assembly\GAC_32\System.resources
- C:\Windows\assembly\GAC_MSIL\System.resources
- C:\Windows\assembly\GAC_MSIL\System.resources\*
- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_zh-CHS_b77a5c561934e089\System.resources.dll
- C:\Windows\assembly\GAC\System.resources
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.resources
- C:\Windows\Microsoft.Net\assembly\GAC_32\System.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_32\System.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.resources.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.resources.INI
- C:\Windows\Microsoft.Net\assembly\GAC_32\Newtonsoft.Json\v4.0_12.0.0.0__30ad4fe6b2a6aeed\Newtonsoft.Json.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Newtonsoft.Json\v4.0_12.0.0.0__30ad4fe6b2a6aeed\Newtonsoft.Json.dll
- C:\Windows\Microsoft.Net\assembly\GAC\Newtonsoft.Json\v4.0_12.0.0.0__30ad4fe6b2a6aeed\Newtonsoft.Json.dll
- C:\Windows\assembly\GAC_32\Newtonsoft.Json\12.0.0.0__30ad4fe6b2a6aeed\Newtonsoft.Json.dll
- C:\Windows\assembly\GAC_MSIL\Newtonsoft.Json\12.0.0.0__30ad4fe6b2a6aeed\Newtonsoft.Json.dll
- C:\Windows\assembly\GAC\Newtonsoft.Json\12.0.0.0__30ad4fe6b2a6aeed\Newtonsoft.Json.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\Newtonsoft.Json.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\*
- C:\Users\test\AppData\Local\Temp\7z-tmp\Newtonsoft.Json.INI
- C:\Windows\Microsoft.Net\assembly\GAC_32\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\*
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\9b0d0cb232dec8e57df49678532cb923\System.Runtime.Serialization.ni.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\*
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\d3d95e1e349be37505587e7fee918881\System.Numerics.ni.dll
- C:\Windows\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\*
- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6e322d1b2e3358fa90494bffbe32cbf2\System.Data.ni.dll
- C:\Windows\Microsoft.Net\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\HZH_Controls.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\HZH_Controls\*
- C:\Users\test\AppData\Local\Temp\7z-tmp\HZH_Controls.INI
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CN\HZH_Controls.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CN\HZH_Controls.resources\HZH_Controls.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CN\HZH_Controls.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CN\HZH_Controls.resources\HZH_Controls.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CHS\HZH_Controls.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CHS\HZH_Controls.resources\HZH_Controls.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CHS\HZH_Controls.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CHS\HZH_Controls.resources\HZH_Controls.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-Hans\HZH_Controls.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-Hans\HZH_Controls.resources\HZH_Controls.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-Hans\HZH_Controls.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-Hans\HZH_Controls.resources\HZH_Controls.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh\HZH_Controls.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh\HZH_Controls.resources\HZH_Controls.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh\HZH_Controls.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh\HZH_Controls.resources\HZH_Controls.resources.exe
- C:\Windows\Fonts\ARIALUNI.TTF
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CN\ICVE2.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CN\ICVE2.resources\ICVE2.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CN\ICVE2.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CN\ICVE2.resources\ICVE2.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CHS\ICVE2.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CHS\ICVE2.resources\ICVE2.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CHS\ICVE2.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-CHS\ICVE2.resources\ICVE2.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-Hans\ICVE2.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-Hans\ICVE2.resources\ICVE2.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-Hans\ICVE2.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh-Hans\ICVE2.resources\ICVE2.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh\ICVE2.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh\ICVE2.resources\ICVE2.resources.dll
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh\ICVE2.resources.exe
- C:\Users\test\AppData\Local\Temp\7z-tmp\zh\ICVE2.resources\ICVE2.resources.exe
读取的文件
- C:\Windows\SysWOW64\ntdll.dll
- C:\Windows\SysWOW64\KernelBase.dll
- C:\Windows\SysWOW64\kernel32.dll
- C:\Windows\SysWOW64\user32.dll
- C:\Windows\SysWOW64\advapi32.dll
- C:\Windows\SysWOW64\IPHLPAPI.DLL
- C:\Windows\Globalization\Sorting\sortdefault.nls
- \Device\KsecDD
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
- C:\Windows\WindowsShell.Manifest
- C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
- C:\Windows\Fonts\msyh.ttf
- C:\Windows\Fonts\msyhbd.ttf
- C:\Windows\Fonts\simsun.ttc
- C:\Windows\Fonts\staticcache.dat
- C:\Windows\Fonts\ARIALUNI.TTF
修改的文件
- \Device\KsecDD
- C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
删除的文件
无信息
注册表键
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
- HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
- Policy\Standards
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\.NETFramework,Version=v4.5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICVE2.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
- HKEY_CURRENT_USER\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
- HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index49
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
- HKEY_CURRENT_USER
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a
- HKEY_CURRENT_USER\Software\Classes
- HKEY_CURRENT_USER\Software\Classes\AppID\ICVE2.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
- HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32\(Default)
- HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\4D51D951
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
- HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32\(Default)
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
- HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
- HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
- HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\EnableObjectValidation
- HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
- HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.mscorlib.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.mscorlib.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
- HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
- HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\ICVE2.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_CURRENT_USER\Keyboard Layout\Toggle
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ICVE2_RASAPI32
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\EnableFileTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\FileTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\ConsoleTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\MaxFileSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\FileDirectory
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableMulticast
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
- HKEY_LOCAL_MACHINE\System\Setup
- HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\QueryAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\DisableAdapterDomainName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\RegistrationEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\RegisterAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\RegistrationMaxAddressCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\MaxNumberOfAddressesToRegister
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\EnableMulticast
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\Domain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\DhcpDomain
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableMulticast
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33e35b0a-d1f6-4ab1-a1ae-56b8a256b787}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\EnableDhcp
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableDhcp
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8bb24b7c-5816-43fa-bc6b-2a34ea626337}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{2acec519-4569-4382-bab4-a34676e64263}
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.12.0.Newtonsoft.Json__30ad4fe6b2a6aeed
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.12.0.Newtonsoft.Json__30ad4fe6b2a6aeed
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.ServiceModel.Internals__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.ServiceModel.Internals__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.SMDiagnostics__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.SMDiagnostics__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Transactions__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Transactions__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Caching__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Caching__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.EnterpriseServices__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.EnterpriseServices__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\BidInterface\Loader
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2280033686-3172497658-3481507381-1000\Installer\Assemblies\C:|Users|test|AppData|Local|Temp|7z-tmp|ICVE2.exe.Config
- HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|test|AppData|Local|Temp|7z-tmp|ICVE2.exe.Config
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|test|AppData|Local|Temp|7z-tmp|ICVE2.exe.Config
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2280033686-3172497658-3481507381-1000\Installer\Assemblies\Global
- HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
- HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
- HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
读取的注册表键
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index49
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\4D51D951
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32\(Default)
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\EnableObjectValidation
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
- HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\EnableFileTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\FileTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\ConsoleTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\MaxFileSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\FileDirectory
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableMulticast
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
- HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\QueryAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\DisableAdapterDomainName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\RegistrationEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\RegisterAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\RegistrationMaxAddressCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\MaxNumberOfAddressesToRegister
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\EnableMulticast
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\Domain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\DhcpDomain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableMulticast
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\EnableDhcp
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableDhcp
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
修改的注册表键
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ICVE2_RASAPI32
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\EnableFileTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\FileTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\ConsoleTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\MaxFileSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ICVE2_RASAPI32\FileDirectory
删除的注册表键
无信息
API解析
- ntdll.dll.RtlUnicodeStringToAnsiString
- ntdll.dll.RtlAnsiStringToUnicodeString
- ntdll.dll._vsnwprintf
- ntdll.dll.memset
- ntdll.dll.RtlFreeAnsiString
- ntdll.dll.RtlFreeHeap
- ntdll.dll.RtlDeleteCriticalSection
- ntdll.dll.RtlInitializeCriticalSection
- ntdll.dll.RtlAllocateHeap
- ntdll.dll.CsrVerifyRegion
- ntdll.dll.RtlGetNativeSystemInformation
- ntdll.dll.NtQuerySystemInformation
- ntdll.dll.RtlCreateTagHeap
- ntdll.dll.NtQueryInformationProcess
- ntdll.dll.NtSetInformationProcess
- ntdll.dll.NtClose
- ntdll.dll.NtSetInformationFile
- ntdll.dll.NtCreateIoCompletion
- ntdll.dll.NtSetIoCompletion
- ntdll.dll.RtlSetLastWin32Error
- ntdll.dll.SbSelectProcedure
- ntdll.dll.NtRemoveIoCompletion
- ntdll.dll.RtlDeactivateActivationContextUnsafeFast
- ntdll.dll.NtRemoveIoCompletionEx
- ntdll.dll.RtlActivateActivationContextUnsafeFast
- ntdll.dll.NtCreateNamedPipeFile
- ntdll.dll.NtOpenFile
- ntdll.dll.NtWaitForSingleObject
- ntdll.dll.NtFsControlFile
- ntdll.dll.NtCreateEvent
- ntdll.dll.NtQueryInformationFile
- ntdll.dll._allmul
- ntdll.dll.RtlSetDaclSecurityDescriptor
- ntdll.dll.RtlCreateSecurityDescriptor
- ntdll.dll.RtlDefaultNpAcl
- ntdll.dll.RtlDosPathNameToNtPathName_U
- ntdll.dll.RtlAppendUnicodeStringToString
- ntdll.dll._wcsnicmp
- ntdll.dll.RtlPrefixString
- ntdll.dll.RtlInitUnicodeString
- ntdll.dll.RtlFreeUnicodeString
- ntdll.dll.RtlDetermineDosPathNameType_U
- ntdll.dll.RtlCreateUnicodeString
- ntdll.dll.memcpy
- ntdll.dll.NtDeviceIoControlFile
- ntdll.dll.NtCreateFile
- ntdll.dll.RtlTimeToTimeFields
- ntdll.dll.RtlTimeFieldsToTime
- ntdll.dll.RtlAcquirePrivilege
- ntdll.dll.RtlInitializeSRWLock
- ntdll.dll.RtlReleaseSRWLockExclusive
- ntdll.dll.RtlAcquireSRWLockExclusive
- ntdll.dll.RtlCutoverTimeToSystemTime
- ntdll.dll.RtlReleaseSRWLockShared
- ntdll.dll.RtlAcquireSRWLockShared
- ntdll.dll.RtlReleasePrivilege
- ntdll.dll.NtSetSystemTime
- ntdll.dll.RtlUnicodeStringToInteger
- ntdll.dll.wcschr
- ntdll.dll.wcscpy_s
- ntdll.dll.RtlpCheckDynamicTimeZoneInformation
- ntdll.dll._stricmp
- ntdll.dll._wcsicmp
- ntdll.dll.RtlDeregisterWaitEx
- ntdll.dll.RtlCreateTimerQueue
- ntdll.dll.NtDelayExecution
- ntdll.dll.RtlCreateTimer
- ntdll.dll.RtlUpdateTimer
- ntdll.dll.RtlDeleteTimer
- ntdll.dll.RtlDeleteTimerQueueEx
- ntdll.dll.RtlRegisterWait
- ntdll.dll.wcsrchr
- ntdll.dll.NtQueryValueKey
- ntdll.dll.NtOpenKey
- ntdll.dll.RtlxAnsiStringToUnicodeSize
- ntdll.dll.NlsMbCodePageTag
- ntdll.dll.RtlxOemStringToUnicodeSize
- ntdll.dll.NlsMbOemCodePageTag
- ntdll.dll.RtlxUnicodeStringToOemSize
- ntdll.dll.RtlxUnicodeStringToAnsiSize
- ntdll.dll.LdrEnumerateLoadedModules
- ntdll.dll.NtAllocateVirtualMemory
- ntdll.dll._alloca_probe
- ntdll.dll.RtlReleasePebLock
- ntdll.dll.RtlQueryEnvironmentVariable
- ntdll.dll.RtlAcquirePebLock
- ntdll.dll.RtlLeaveCriticalSection
- ntdll.dll.RtlEnterCriticalSection
- ntdll.dll.wcsncmp
- ntdll.dll.RtlUnicodeStringToOemString
- ntdll.dll.RtlOemStringToUnicodeString
- ntdll.dll.RtlRaiseException
- ntdll.dll.NtDuplicateObject
- ntdll.dll.NtQueryObject
- ntdll.dll.NtSetInformationObject
- ntdll.dll.NtQueryVolumeInformationFile
- ntdll.dll.NtLockFile
- ntdll.dll.NtUnlockFile
- ntdll.dll.RtlNtStatusToDosError
- ntdll.dll.NtReadFile
- ntdll.dll.NtWriteFile
- ntdll.dll.NtCancelIoFileEx
- ntdll.dll.NtReadFileScatter
- ntdll.dll.NtWriteFileGather
- ntdll.dll.RtlWow64EnableFsRedirectionEx
- ntdll.dll.memmove
- ntdll.dll.NtFlushBuffersFile
- ntdll.dll.NtCreateSection
- ntdll.dll.NtOpenSection
- ntdll.dll.NtMapViewOfSection
- ntdll.dll.NtFlushVirtualMemory
- ntdll.dll.RtlFlushSecureMemoryCache
- ntdll.dll.NtUnmapViewOfSection
- ntdll.dll.NtReadVirtualMemory
- ntdll.dll.NtFlushInstructionCache
- ntdll.dll.NtWriteVirtualMemory
- ntdll.dll.NtProtectVirtualMemory
- ntdll.dll.NtFreeVirtualMemory
- ntdll.dll.NtQueryVirtualMemory
- ntdll.dll.NtQuerySystemInformationEx
- ntdll.dll.RtlGetCurrentProcessorNumberEx
- ntdll.dll.NtOpenProcess
- ntdll.dll.RtlExitUserProcess
- ntdll.dll.NtTerminateProcess
- ntdll.dll.RtlReportSilentProcessExit
- ntdll.dll.NtRaiseHardError
- ntdll.dll.RtlRaiseStatus
- ntdll.dll.RtlInitUnicodeStringEx
- ntdll.dll.RtlQueryEnvironmentVariable_U
- ntdll.dll.strchr
- ntdll.dll.RtlInitAnsiStringEx
- ntdll.dll.RtlUpcaseUnicodeChar
- ntdll.dll.RtlEqualUnicodeString
- ntdll.dll.RtlCompareMemory
- ntdll.dll.NtQueryDirectoryObject
- ntdll.dll.NtQuerySymbolicLinkObject
- ntdll.dll.NtOpenSymbolicLinkObject
- ntdll.dll.NtOpenDirectoryObject
- ntdll.dll.RtlSetEnvironmentStrings
- ntdll.dll.RtlSetEnvironmentVariable
- ntdll.dll.RtlSetEnvironmentVar
- ntdll.dll.RtlExpandEnvironmentStrings
- ntdll.dll.RtlUnicodeToOemN
- ntdll.dll.RtlUnicodeToMultiByteSize
- ntdll.dll.RtlExpandEnvironmentStrings_U
- ntdll.dll.RtlInitializeCriticalSectionAndSpinCount
- ntdll.dll.RtlInitializeCriticalSectionEx
- ntdll.dll.NtSetEvent
- ntdll.dll.NtClearEvent
- ntdll.dll.NtPulseEvent
- ntdll.dll.NtCreateSemaphore
- ntdll.dll.NtReleaseSemaphore
- ntdll.dll.NtCreateMutant
- ntdll.dll.NtReleaseMutant
- ntdll.dll.NtCreateTimer
- ntdll.dll.NtSetTimerEx
- ntdll.dll.NtCancelTimer
- ntdll.dll.NtOpenEvent
- ntdll.dll.NtOpenSemaphore
- ntdll.dll.NtOpenMutant
- ntdll.dll.NtWaitForMultipleObjects
- ntdll.dll.NtOpenTimer
- ntdll.dll.RtlExitUserThread
- ntdll.dll.LdrUnloadAlternateResourceModule
- ntdll.dll.LdrRemoveLoadAsDataTable
- ntdll.dll.RtlImageNtHeader
- ntdll.dll.LdrUnloadDll
- ntdll.dll.LdrDisableThreadCalloutsForDll
- ntdll.dll.LdrUnlockLoaderLock
- ntdll.dll.LdrLockLoaderLock
- ntdll.dll.LdrGetDllHandle
- ntdll.dll.LdrAddRefDll
- ntdll.dll.RtlComputePrivatizedDllName_U
- ntdll.dll.RtlPcToFileHeader
- ntdll.dll.LdrGetProcedureAddress
- ntdll.dll.RtlInitString
- ntdll.dll.RtlGetVersion
- ntdll.dll.LdrAccessResource
- ntdll.dll.RtlReAllocateHeap
- ntdll.dll.LdrAddLoadAsDataTable
- ntdll.dll.RtlGetActiveActivationContext
- ntdll.dll.LdrWx86FormatVirtualImage
- ntdll.dll.NtQuerySection
- ntdll.dll.LdrGetDllHandleByMapping
- ntdll.dll.RtlImageNtHeaderEx
- ntdll.dll.RtlDosSearchPath_Ustr
- ntdll.dll.LdrGetDllHandleByName
- ntdll.dll.RtlDosApplyFileIsolationRedirection_Ustr
- ntdll.dll.LdrLoadDll
- ntdll.dll.LdrFindResource_U
- ntdll.dll.RtlFreeSid
- ntdll.dll.RtlSetSaclSecurityDescriptor
- ntdll.dll.RtlAddMandatoryAce
- ntdll.dll.RtlAddAccessAllowedAce
- ntdll.dll.RtlCreateAcl
- ntdll.dll.RtlLengthSid
- ntdll.dll.RtlAllocateAndInitializeSid
- ntdll.dll.DbgPrint
- ntdll.dll.NtOpenThread
- ntdll.dll.NtSetInformationThread
- ntdll.dll.NtQueryInformationThread
- ntdll.dll.NtTerminateThread
- ntdll.dll.TpCheckTerminateWorker
- ntdll.dll.RtlCaptureStackBackTrace
- ntdll.dll.NtSuspendThread
- ntdll.dll.NtResumeThread
- ntdll.dll.RtlClearBits
- ntdll.dll.RtlAreBitsSet
- ntdll.dll.NtQueueApcThread
- ntdll.dll.#8
- ntdll.dll.RtlQueryInformationActivationContext
- ntdll.dll.RtlFlsAlloc
- ntdll.dll.RtlProcessFlsData
- ntdll.dll.RtlFlsFree
- ntdll.dll.NtYieldExecution
- ntdll.dll.RtlFreeActivationContextStack
- ntdll.dll.RtlReleaseActivationContext
- ntdll.dll.RtlActivateActivationContextEx
- ntdll.dll.RtlAllocateActivationContextStack
- ntdll.dll.NtCreateThreadEx
- ntdll.dll.TpCaptureCaller
- ntdll.dll.RtlFindClearBitsAndSet
- ntdll.dll.RtlFormatMessageEx
- ntdll.dll.RtlInitAnsiString
- ntdll.dll.RtlFindMessage
- ntdll.dll.RtlLoadString
- ntdll.dll.RtlUnicodeToMultiByteN
- ntdll.dll.RtlUnlockHeap
- ntdll.dll.RtlFreeHandle
- ntdll.dll.RtlIsValidHandle
- ntdll.dll.RtlLockHeap
- ntdll.dll.RtlSetUserValueHeap
- ntdll.dll.RtlAllocateHandle
- ntdll.dll._aulldiv
- ntdll.dll.RtlCreateHeap
- ntdll.dll.RtlDestroyHeap
- ntdll.dll.RtlQueryHeapInformation
- ntdll.dll.RtlValidateHeap
- ntdll.dll.RtlGetProcessHeaps
- ntdll.dll.RtlCompactHeap
- ntdll.dll.RtlWalkHeap
- ntdll.dll.RtlSetHeapInformation
- ntdll.dll.RtlInitializeHandleTable
- ntdll.dll.RtlIsDosDeviceName_U
- ntdll.dll.RtlAnsiCharToUnicodeChar
- ntdll.dll.RtlIntegerToChar
- ntdll.dll.wcsncpy_s
- ntdll.dll.RtlGetCurrentDirectory_U
- ntdll.dll.RtlSetThreadErrorMode
- ntdll.dll.toupper
- ntdll.dll.RtlReleaseRelativeName
- ntdll.dll.RtlDosPathNameToRelativeNtPathName_U
- ntdll.dll.RtlDosPathNameToRelativeNtPathName_U_WithStatus
- ntdll.dll.NtQueryAttributesFile
- ntdll.dll.RtlDosPathNameToNtPathName_U_WithStatus
- ntdll.dll.NtQueryFullAttributesFile
- ntdll.dll.NtNotifyChangeDirectoryFile
- ntdll.dll.NtQueryDirectoryFile
- ntdll.dll.RtlGetFullPathName_UEx
- ntdll.dll.RtlSetCurrentDirectory_U
- ntdll.dll.#1
- ntdll.dll.NtQueryEaFile
- ntdll.dll.NtIsProcessInJob
- ntdll.dll.NtDuplicateToken
- ntdll.dll.NtAllocateLocallyUniqueId
- ntdll.dll.NtAccessCheck
- ntdll.dll.NtAccessCheckByType
- ntdll.dll.NtAccessCheckByTypeResultList
- ntdll.dll.NtOpenProcessToken
- ntdll.dll.NtOpenThreadToken
- ntdll.dll.NtQueryInformationToken
- ntdll.dll.NtSetInformationToken
- ntdll.dll.NtAdjustPrivilegesToken
- ntdll.dll.NtAdjustGroupsToken
- ntdll.dll.NtPrivilegeCheck
- ntdll.dll.NtAccessCheckAndAuditAlarm
- ntdll.dll.NtAccessCheckByTypeAndAuditAlarm
- ntdll.dll.NtAccessCheckByTypeResultListAndAuditAlarm
- ntdll.dll.NtAccessCheckByTypeResultListAndAuditAlarmByHandle
- ntdll.dll.NtOpenObjectAuditAlarm
- ntdll.dll.NtPrivilegeObjectAuditAlarm
- ntdll.dll.NtCloseObjectAuditAlarm
- ntdll.dll.NtDeleteObjectAuditAlarm
- ntdll.dll.NtPrivilegedServiceAuditAlarm
- ntdll.dll.RtlValidSid
- ntdll.dll.RtlEqualSid
- ntdll.dll.RtlEqualPrefixSid
- ntdll.dll.RtlLengthRequiredSid
- ntdll.dll.RtlInitializeSid
- ntdll.dll.RtlIdentifierAuthoritySid
- ntdll.dll.RtlSubAuthoritySid
- ntdll.dll.RtlSubAuthorityCountSid
- ntdll.dll.RtlCopySid
- ntdll.dll.RtlAreAllAccessesGranted
- ntdll.dll.RtlAreAnyAccessesGranted
- ntdll.dll.RtlMapGenericMask
- ntdll.dll.RtlValidAcl
- ntdll.dll.RtlQueryInformationAcl
- ntdll.dll.RtlSetInformationAcl
- ntdll.dll.RtlAddAce
- ntdll.dll.RtlDeleteAce
- ntdll.dll.RtlGetAce
- ntdll.dll.RtlAddAccessAllowedAceEx
- ntdll.dll.RtlAddAccessDeniedAce
- ntdll.dll.RtlAddAccessDeniedAceEx
- ntdll.dll.RtlAddAuditAccessAce
- ntdll.dll.RtlAddAuditAccessAceEx
- ntdll.dll.RtlAddAccessAllowedObjectAce
- ntdll.dll.RtlAddAccessDeniedObjectAce
- ntdll.dll.RtlAddAuditAccessObjectAce
- ntdll.dll.RtlFirstFreeAce
- ntdll.dll.RtlValidSecurityDescriptor
- ntdll.dll.RtlValidRelativeSecurityDescriptor
- ntdll.dll.RtlLengthSecurityDescriptor
- ntdll.dll.RtlGetControlSecurityDescriptor
- ntdll.dll.RtlSetControlSecurityDescriptor
- ntdll.dll.RtlGetDaclSecurityDescriptor
- ntdll.dll.RtlGetSaclSecurityDescriptor
- ntdll.dll.RtlSetOwnerSecurityDescriptor
- ntdll.dll.RtlGetOwnerSecurityDescriptor
- ntdll.dll.RtlSetGroupSecurityDescriptor
- ntdll.dll.RtlGetGroupSecurityDescriptor
- ntdll.dll.RtlNewSecurityObject
- ntdll.dll.RtlConvertToAutoInheritSecurityObject
- ntdll.dll.RtlNewSecurityObjectEx
- ntdll.dll.RtlNewSecurityObjectWithMultipleInheritance
- ntdll.dll.RtlSetSecurityObject
- ntdll.dll.RtlSetSecurityObjectEx
- ntdll.dll.RtlQuerySecurityObject
- ntdll.dll.RtlDeleteSecurityObject
- ntdll.dll.RtlAbsoluteToSelfRelativeSD
- ntdll.dll.RtlSelfRelativeToAbsoluteSD
- ntdll.dll.NtSetSecurityObject
- ntdll.dll.NtQuerySecurityObject
- ntdll.dll.RtlImpersonateSelf
- ntdll.dll.NtImpersonateAnonymousToken
- ntdll.dll.NtFilterToken
- ntdll.dll.RtlSelfRelativeToAbsoluteSD2
- ntdll.dll.RtlGetSecurityDescriptorRMControl
- ntdll.dll.RtlSetSecurityDescriptorRMControl
- ntdll.dll.CsrClientConnectToServer
- ntdll.dll.RtlUnhandledExceptionFilter
- ntdll.dll.RtlGetLocaleFileMappingAddress
- ntdll.dll.NtGetNlsSectionPtr
- ntdll.dll.RtlNormalizeString
- ntdll.dll.wcspbrk
- ntdll.dll.RtlLcidToLocaleName
- ntdll.dll.EtwEventUnregister
- ntdll.dll.EtwEventEnabled
- ntdll.dll.EtwEventRegister
- ntdll.dll.NtSetDefaultLocale
- ntdll.dll.RtlLocaleNameToLcid
- ntdll.dll.NtEnumerateValueKey
- ntdll.dll.RtlpMuiFreeLangRegistryInfo
- ntdll.dll.RtlCultureNameToLCID
- ntdll.dll.qsort
- ntdll.dll.RtlpIsQualifiedLanguage
- ntdll.dll.RtlpGetLCIDFromLangInfoNode
- ntdll.dll.RtlpGetNameFromLangInfoNode
- ntdll.dll.NtQueryInstallUILanguage
- ntdll.dll.RtlLCIDToCultureName
- ntdll.dll.RtlpLoadUserUIByPolicy
- ntdll.dll.RtlpLoadMachineUIByPolicy
- ntdll.dll.RtlpCreateProcessRegistryInfo
- ntdll.dll.RtlpInitializeLangRegistryInfo
- ntdll.dll.LdrFindResourceEx_U
- ntdll.dll.RtlGetFileMUIPath
- ntdll.dll.RtlGetUILanguageInfo
- ntdll.dll.RtlpGetSystemDefaultUILanguage
- ntdll.dll.RtlGetThreadPreferredUILanguages
- ntdll.dll.RtlGetProcessPreferredUILanguages
- ntdll.dll.RtlpQueryDefaultUILanguage
- ntdll.dll.RtlGetSystemPreferredUILanguages
- ntdll.dll.RtlGetUserPreferredUILanguages
- ntdll.dll.NtCreateKey
- ntdll.dll.NtSetValueKey
- ntdll.dll.NtDeleteKey
- ntdll.dll.NtEnumerateKey
- ntdll.dll.RtlIntegerToUnicodeString
- ntdll.dll.RtlAppendUnicodeToString
- ntdll.dll.RtlCopyUnicodeString
- ntdll.dll.EtwEventWrite
- ntdll.dll.RtlOpenCurrentUser
- ntdll.dll.NtQueryDefaultLocale
- ntdll.dll.NtNotifyChangeKey
- ntdll.dll.swprintf_s
- ntdll.dll.RtlUTF8ToUnicodeN
- ntdll.dll.RtlUnicodeToUTF8N
- ntdll.dll.NtDeleteValueKey
- ntdll.dll.RtlUnwind
- ntdll.dll.DbgPrintEx
- ntdll.dll.RtlSetLastWin32ErrorAndNtStatusFromNtStatus
- ntdll.dll.TpAllocPool
- ntdll.dll.TpSetPoolMinThreads
- ntdll.dll.TpSetPoolStackInformation
- ntdll.dll.TpQueryPoolStackInformation
- ntdll.dll.TpAllocCleanupGroup
- ntdll.dll.TpSimpleTryPost
- ntdll.dll.TpAllocWork
- ntdll.dll.TpAllocTimer
- ntdll.dll.TpAllocWait
- ntdll.dll.TpAllocIoCompletion
- ntdll.dll.TpCallbackMayRunLong
- ntdll.dll.NtQueryMultipleValueKey
- ntdll.dll.RtlCaptureContext
- ntdll.dll.RtlConvertSidToUnicodeString
- ntdll.dll.RtlRunOnceInitialize
- ntdll.dll.NtResetEvent
- ntdll.dll.strncat
- ntdll.dll._strlwr
- ntdll.dll.RtlpConvertCultureNamesToLCIDs
- ntdll.dll.RtlpConvertLCIDsToCultureNames
- ntdll.dll.RtlSetProcessPreferredUILanguages
- ntdll.dll.RtlIdnToUnicode
- ntdll.dll.RtlIdnToNameprepUnicode
- ntdll.dll.RtlIdnToAscii
- ntdll.dll.RtlIsNormalizedString
- ntdll.dll._ui64tow
- ntdll.dll._wtol
- ntdll.dll._wcslwr
- ntdll.dll.wcsncpy
- ntdll.dll.RtlReadThreadProfilingData
- ntdll.dll.RtlQueryThreadProfiling
- ntdll.dll.RtlDisableThreadProfiling
- ntdll.dll.RtlEnableThreadProfiling
- ntdll.dll.RtlSetExtendedFeaturesMask
- ntdll.dll.RtlGetExtendedFeaturesMask
- ntdll.dll.RtlLocateExtendedFeature
- ntdll.dll.RtlCopyContext
- ntdll.dll.RtlGetEnabledExtendedFeatures
- ntdll.dll.RtlGetExtendedContextLength
- ntdll.dll.RtlInitializeExtendedContext
- ntdll.dll.RtlLocateLegacyContext
- ntdll.dll.NtRaiseException
- ntdll.dll.EtwEventWriteNoRegistration
- ntdll.dll.RtlSetIoCompletionCallback
- ntdll.dll.RtlQueueWorkItem
- ntdll.dll.RtlDeregisterWait
- ntdll.dll.NtResetWriteWatch
- ntdll.dll.NtGetWriteWatch
- ntdll.dll.NtMapUserPhysicalPagesScatter
- ntdll.dll.NtMapUserPhysicalPages
- ntdll.dll.NtFreeUserPhysicalPages
- ntdll.dll.NtAllocateUserPhysicalPages
- ntdll.dll.NtUnlockVirtualMemory
- ntdll.dll.NtLockVirtualMemory
- ntdll.dll.RtlComputeImportTableHash
- ntdll.dll.bsearch
- ntdll.dll.RtlEncodeSystemPointer
- ntdll.dll.RtlFindCharInUnicodeString
- ntdll.dll.RtlNtPathNameToDosPathName
- ntdll.dll.NtApphelpCacheControl
- ntdll.dll.RtlRandom
- ntdll.dll.RtlFindActivationContextSectionGuid
- ntdll.dll.RtlFindActivationContextSectionString
- ntdll.dll.RtlDoesFileExists_U
- ntdll.dll.RtlCreateActivationContext
- ntdll.dll.RtlSetThreadPreferredUILanguages
- ntdll.dll.RtlQueryActivationContextApplicationSettings
- ntdll.dll.RtlMultiAppendUnicodeStringBuffer
- ntdll.dll.RtlpEnsureBufferSize
- ntdll.dll.RtlGetLengthWithoutLastFullDosOrNtPathElement
- ntdll.dll.RtlpApplyLengthFunction
- ntdll.dll.RtlDeactivateActivationContext
- ntdll.dll.RtlActivateActivationContext
- ntdll.dll.RtlZombifyActivationContext
- ntdll.dll.RtlAddRefActivationContext
- ntdll.dll.NtSetInformationJobObject
- ntdll.dll.NtCreateJobSet
- ntdll.dll.NtQueryInformationJobObject
- ntdll.dll.NtTerminateJobObject
- ntdll.dll.NtAssignProcessToJobObject
- ntdll.dll.NtOpenJobObject
- ntdll.dll.NtCreateJobObject
- ntdll.dll.tolower
- ntdll.dll.atol
- ntdll.dll.isdigit
- ntdll.dll.RtlCopyLuid
- ntdll.dll.RtlFreeOemString
- ntdll.dll.RtlCreateEnvironment
- ntdll.dll.RtlCreateEnvironmentEx
- ntdll.dll.RtlDestroyEnvironment
- ntdll.dll.NtQueryEvent
- ntdll.dll.CsrClientCallServer
- ntdll.dll.CsrAllocateCaptureBuffer
- ntdll.dll.CsrAllocateMessagePointer
- ntdll.dll.CsrFreeCaptureBuffer
- ntdll.dll.RtlCreateQueryDebugBuffer
- ntdll.dll.RtlQueryProcessDebugInformation
- ntdll.dll.RtlDestroyQueryDebugBuffer
- ntdll.dll.RtlFreeUserStack
- ntdll.dll.RtlCreateUserStack
- ntdll.dll.NtSetContextThread
- ntdll.dll.NtGetContextThread
- ntdll.dll.NtSignalAndWaitForSingleObject
- ntdll.dll.RtlRunOnceComplete
- ntdll.dll.RtlRunOnceBeginInitialize
- ntdll.dll.RtlRunOnceExecuteOnce
- ntdll.dll.RtlSleepConditionVariableSRW
- ntdll.dll.RtlSleepConditionVariableCS
- ntdll.dll.NtOpenPrivateNamespace
- ntdll.dll.NtCreatePrivateNamespace
- ntdll.dll.NtDeletePrivateNamespace
- ntdll.dll.RtlAddIntegrityLabelToBoundaryDescriptor
- ntdll.dll.RtlAddSIDToBoundaryDescriptor
- ntdll.dll.RtlCreateBoundaryDescriptor
- ntdll.dll.strcpy_s
- ntdll.dll.NtReplacePartitionUnit
- ntdll.dll.RtlCompareUnicodeString
- ntdll.dll.RtlQueryRegistryValues
- ntdll.dll.RtlDecodeSystemPointer
- ntdll.dll.RtlWow64LogMessageInEventLogger
- ntdll.dll.NtIsSystemResumeAutomatic
- ntdll.dll.NtGetDevicePowerState
- ntdll.dll.NtSetThreadExecutionState
- ntdll.dll.NtInitiatePowerAction
- ntdll.dll.NtPowerInformation
- ntdll.dll.NtSetVolumeInformationFile
- ntdll.dll.RtlGetFullPathName_U
- ntdll.dll.RtlIsNameLegalDOS8Dot3
- ntdll.dll._allshl
- ntdll.dll.LdrLoadAlternateResourceModuleEx
- ntdll.dll.LdrLoadAlternateResourceModule
- ntdll.dll.LdrpResGetMappingSize
- ntdll.dll.LdrRscIsTypeExist
- ntdll.dll._strcmpi
- ntdll.dll.strncat_s
- ntdll.dll.wcstoul
- ntdll.dll.LdrGetFileNameFromLoadAsDataTable
- ntdll.dll.LdrResFindResourceDirectory
- ntdll.dll.LdrResFindResource
- ntdll.dll.LdrpResGetResourceDirectory
- ntdll.dll.RtlImageDirectoryEntryToData
- ntdll.dll.LdrResGetRCConfig
- ntdll.dll.RtlVerifyVersionInfo
- ntdll.dll.RtlGetProductInfo
- ntdll.dll.NtCreateMailslotFile
- ntdll.dll.RtlExtendedLargeIntegerDivide
- ntdll.dll.RtlCleanUpTEBLangLists
- ntdll.dll.RtlSetThreadPoolStartFunc
- ntdll.dll.LdrSetDllManifestProber
- ntdll.dll.RtlSetUserCallbackExceptionFilter
- ntdll.dll.RtlSetUnhandledExceptionFilter
- ntdll.dll.RtlEncodePointer
- ntdll.dll.LdrQueryImageFileExecutionOptions
- ntdll.dll.RtlDeregisterSecureMemoryCacheCallback
- ntdll.dll.RtlRegisterSecureMemoryCacheCallback
- ntdll.dll.RtlSizeHeap
- ntdll.dll.RtlGetUserInfoHeap
- ntdll.dll.NtSetSystemEnvironmentValueEx
- ntdll.dll.RtlGUIDFromString
- ntdll.dll.NtQuerySystemEnvironmentValueEx
- ntdll.dll._alldiv
- ntdll.dll.RtlGetLastNtStatus
- ntdll.dll.NtCreateKeyTransacted
- ntdll.dll.RtlWow64EnableFsRedirection
- ntdll.dll.NtCancelIoFile
- ntdll.dll.NtCancelSynchronousIoFile
- ntdll.dll.RtlGetThreadErrorMode
- ntdll.dll.RtlNtStatusToDosErrorNoTeb
- ntdll.dll.RtlQueryElevationFlags
- ntdll.dll.RtlCharToInteger
- ntdll.dll.strncpy_s
- ntdll.dll.RtlGetLongestNtPathLength
- ntdll.dll.RtlEqualString
- ntdll.dll.RtlIsTextUnicode
- ntdll.dll.RtlFormatCurrentUserKeyPath
- ntdll.dll.RtlPrefixUnicodeString
- ntdll.dll.RtlMultiByteToUnicodeSize
- ntdll.dll.RtlMultiByteToUnicodeN
- ntdll.dll.RtlQueryAtomInAtomTable
- ntdll.dll.NtQueryInformationAtom
- ntdll.dll.RtlDeleteAtomFromAtomTable
- ntdll.dll.NtDeleteAtom
- ntdll.dll.RtlLookupAtomInAtomTable
- ntdll.dll.NtFindAtom
- ntdll.dll.RtlAddAtomToAtomTable
- ntdll.dll.NtAddAtom
- ntdll.dll.RtlCreateAtomTable
- ntdll.dll.RtlDestroyAtomTable
- ntdll.dll.DbgUiStopDebugging
- ntdll.dll.DbgUiContinue
- ntdll.dll.DbgUiWaitStateChange
- ntdll.dll.DbgUiConvertStateChangeStructure
- ntdll.dll.DbgUiGetThreadDebugObject
- ntdll.dll.NtSetInformationDebugObject
- ntdll.dll.DbgUiIssueRemoteBreakin
- ntdll.dll.DbgUiConnectToDbg
- ntdll.dll.DbgUiDebugActiveProcess
- ntdll.dll.CsrGetProcessId
- ntdll.dll.NtSetSystemInformation
- ntdll.dll.RtlGetCurrentTransaction
- ntdll.dll.RtlSetCurrentTransaction
- ntdll.dll.wcscat_s
- ntdll.dll.wcsstr
- ntdll.dll.RtlCreateUnicodeStringFromAsciiz
- ntdll.dll.RtlDnsHostNameToComputerName
- ntdll.dll.wcscspn
- ntdll.dll._memicmp
- ntdll.dll.NtFlushKey
- ntdll.dll.NtSetEaFile
- ntdll.dll.RtlInitializeExceptionChain
- ntdll.dll.NtWow64WriteVirtualMemory64
- ntdll.dll.RtlDestroyProcessParameters
- ntdll.dll.RtlCreateProcessParametersEx
- ntdll.dll.NtRemoveProcessDebug
- ntdll.dll.LdrQueryImageFileKeyOption
- ntdll.dll.NtCreateUserProcess
- ntdll.dll.RtlGetFullPathName_UstrEx
- ntdll.dll.RtlDecodePointer
- ntdll.dll.RtlKnownExceptionFilter
- ntdll.dll.NtRequestWaitReplyPort
- ntdll.dll.NtOpenKeyTransacted
- ntdll.dll.NtQueryKey
- ntdll.dll.NtOpenKeyEx
- ntdll.dll.NtOpenKeyTransactedEx
- ntdll.dll.NtLoadKey
- ntdll.dll.NtUnloadKey
- ntdll.dll.NtNotifyChangeMultipleKeys
- ntdll.dll.NtRestoreKey
- ntdll.dll.NtSaveKeyEx
- ntdll.dll.RtlMakeSelfRelativeSD
- ntdll.dll._strnicmp
- ntdll.dll.strncmp
- ntdll.dll.RtlTryAcquirePebLock
- ntdll.dll._vsnprintf
- ntdll.dll.RtlWerpReportException
- ntdll.dll.LdrResSearchResource
- ntdll.dll.NtWow64ReadVirtualMemory64
- ntdll.dll.NtWow64QueryInformationProcess64
- ntdll.dll.WerReportSQMEvent
- ntdll.dll.VerSetConditionMask
- ntdll.dll.WinSqmIsOptedIn
- ntdll.dll.strcat_s
- ntdll.dll._aullrem
- kernelbase.dll.BaseReleaseProcessDllPath
- kernelbase.dll.BaseGetProcessExePath
- kernelbase.dll.BaseGetProcessDllPath
- kernelbase.dll.LoadStringByReference
- kernelbase.dll.InternalLcidToName
- kernelbase.dll.NlsIsUserDefaultLocale
- kernelbase.dll.GetUserInfo
- kernelbase.dll.GetPtrCalDataArray
- kernelbase.dll.GetPtrCalData
- kernelbase.dll.GetStringTableEntry
- kernelbase.dll.CheckGroupPolicyEnabled
- kernelbase.dll.OpenRegKey
- kernelbase.dll.GetCPHashNode
- kernelbase.dll.Internal_EnumSystemCodePages
- kernelbase.dll.Internal_EnumUILanguages
- kernelbase.dll.Internal_EnumLanguageGroupLocales
- kernelbase.dll.Internal_EnumSystemLanguageGroups
- kernelbase.dll.Internal_EnumDateFormats
- kernelbase.dll.Internal_EnumTimeFormats
- kernelbase.dll.KernelBaseGetGlobalData
- kernelbase.dll.InvalidateTzSpecificCache
- kernelbase.dll.IsDBCSLeadByte
- kernelbase.dll.CreateFileMappingNumaW
- kernelbase.dll.CompareStringA
- kernelbase.dll.LoadStringBaseExW
- kernelbase.dll.BaseInvalidateDllSearchPathCache
- kernelbase.dll.BaseInvalidateProcessSearchPathCache
- kernelbase.dll.BaseDllFreeResourceId
- kernelbase.dll.BaseDllMapResourceIdW
- kernelbase.dll.GetUserDefaultUILanguage
- kernelbase.dll.EnumUILanguagesW
- kernelbase.dll.AreFileApisANSI
- kernelbase.dll.EnumCalendarInfoExW
- kernelbase.dll.EnumCalendarInfoW
- kernelbase.dll.EnumDateFormatsExW
- kernelbase.dll.EnumDateFormatsW
- kernelbase.dll.EnumLanguageGroupLocalesW
- kernelbase.dll.EnumSystemCodePagesW
- kernelbase.dll.EnumSystemLanguageGroupsW
- kernelbase.dll.EnumSystemLocalesEx
- kernelbase.dll.EnumSystemLocalesW
- kernelbase.dll.EnumTimeFormatsW
- kernelbase.dll.GetLocaleInfoA
- kernelbase.dll.GetStringTypeA
- kernelbase.dll.GetSystemDefaultUILanguage
- kernelbase.dll.IsDBCSLeadByteEx
- kernelbase.dll.MapViewOfFileExNuma
- kernelbase.dll.SetFileApisToANSI
- kernelbase.dll.SetFileApisToOEM
- kernelbase.dll.VirtualAllocExNuma
- kernelbase.dll.EnumCalendarInfoExEx
- kernelbase.dll.EnumDateFormatsExEx
- kernelbase.dll.EnumTimeFormatsEx
- kernelbase.dll.GetCurrencyFormatEx
- kernelbase.dll.GetEraNameCountedString
- kernelbase.dll.GetNumberFormatEx
- kernelbase.dll.GetSystemDefaultLocaleName
- kernelbase.dll.GetUserDefaultLocaleName
- kernelbase.dll.LCIDToLocaleName
- kernelbase.dll.GetNamedLocaleHashNode
- kernelbase.dll.GetLocaleInfoHelper
- kernelbase.dll.GetUserInfoWord
- kernelbase.dll.GetCalendar
- kernelbase.dll.SpecialMBToWC
- kernelbase.dll.Internal_EnumCalendarInfo
- kernelbase.dll.NlsValidateLocale
- kernelbase.dll.BaseReleaseProcessExePath
- kernelbase.dll.TlsGetValue
- kernelbase.dll.SetThreadPriority
- kernelbase.dll.SetProcessShutdownParameters
- kernelbase.dll.SetPriorityClass
- kernelbase.dll.ResumeThread
- kernelbase.dll.QueueUserAPC
- kernelbase.dll.ProcessIdToSessionId
- kernelbase.dll.OpenThread
- kernelbase.dll.GetThreadPriorityBoost
- kernelbase.dll.GetThreadPriority
- kernelbase.dll.GetStartupInfoW
- kernelbase.dll.GetProcessTimes
- kernelbase.dll.GetPriorityClass
- kernelbase.dll.GetExitCodeThread
- kernelbase.dll.GetCurrentThreadId
- kernelbase.dll.GetCurrentThread
- kernelbase.dll.GetProcessId
- kernelbase.dll.GetProcessIdOfThread
- kernelbase.dll.GetThreadId
- kernelbase.dll.GetCurrentProcessId
- kernelbase.dll.CreateRemoteThreadEx
- kernelbase.dll.GetExitCodeProcess
- kernelbase.dll.TlsFree
- kernelbase.dll.TlsAlloc
- kernelbase.dll.TerminateThread
- kernelbase.dll.TerminateProcess
- kernelbase.dll.SwitchToThread
- kernelbase.dll.SuspendThread
- kernelbase.dll.SetThreadStackGuarantee
- kernelbase.dll.SetThreadPriorityBoost
- kernelbase.dll.OpenProcessToken
- kernelbase.dll.TlsSetValue
- kernelbase.dll.SetProcessAffinityUpdateMode
- kernelbase.dll.QueryProcessAffinityUpdateMode
- kernelbase.dll.GetProcessVersion
- kernelbase.dll.CreateRemoteThread
- kernelbase.dll.InitializeProcThreadAttributeList
- kernelbase.dll.UpdateProcThreadAttribute
- kernelbase.dll.DeleteProcThreadAttributeList
- kernelbase.dll.GetCurrentProcess
- kernelbase.dll.HeapCreate
- kernelbase.dll.HeapSetInformation
- kernelbase.dll.HeapQueryInformation
- kernelbase.dll.HeapLock
- kernelbase.dll.HeapDestroy
- kernelbase.dll.GetProcessHeap
- kernelbase.dll.GetProcessHeaps
- kernelbase.dll.HeapWalk
- kernelbase.dll.HeapValidate
- kernelbase.dll.HeapUnlock
- kernelbase.dll.HeapCompact
- kernelbase.dll.HeapSummary
- kernelbase.dll.MapViewOfFileEx
- kernelbase.dll.ReadProcessMemory
- kernelbase.dll.UnmapViewOfFile
- kernelbase.dll.VirtualAlloc
- kernelbase.dll.VirtualAllocEx
- kernelbase.dll.VirtualFree
- kernelbase.dll.VirtualFreeEx
- kernelbase.dll.VirtualProtect
- kernelbase.dll.WriteProcessMemory
- kernelbase.dll.VirtualQueryEx
- kernelbase.dll.VirtualQuery
- kernelbase.dll.VirtualProtectEx
- kernelbase.dll.FlushViewOfFile
- kernelbase.dll.CreateFileMappingW
- kernelbase.dll.OpenFileMappingW
- kernelbase.dll.MapViewOfFile
- kernelbase.dll.DuplicateHandle
- kernelbase.dll.GetHandleInformation
- kernelbase.dll.SetHandleInformation
- kernelbase.dll.CloseHandle
- kernelbase.dll.OpenProcess
- kernelbase.dll.OpenSemaphoreW
- kernelbase.dll.OpenWaitableTimerW
- kernelbase.dll.ReleaseMutex
- kernelbase.dll.ReleaseSemaphore
- kernelbase.dll.OpenMutexW
- kernelbase.dll.SetEvent
- kernelbase.dll.SetWaitableTimer
- kernelbase.dll.SleepEx
- kernelbase.dll.WaitForMultipleObjectsEx
- kernelbase.dll.WaitForSingleObjectEx
- kernelbase.dll.OpenEventW
- kernelbase.dll.OpenEventA
- kernelbase.dll.InitializeCriticalSectionEx
- kernelbase.dll.InitializeCriticalSectionAndSpinCount
- kernelbase.dll.CreateWaitableTimerExW
- kernelbase.dll.CreateSemaphoreExW
- kernelbase.dll.CreateEventA
- kernelbase.dll.CreateEventW
- kernelbase.dll.CancelWaitableTimer
- kernelbase.dll.CreateEventExA
- kernelbase.dll.CreateEventExW
- kernelbase.dll.CreateMutexA
- kernelbase.dll.CreateMutexExA
- kernelbase.dll.CreateMutexExW
- kernelbase.dll.ResetEvent
- kernelbase.dll.CreateMutexW
- kernelbase.dll.GetFullPathNameW
- kernelbase.dll.GetFullPathNameA
- kernelbase.dll.SetFileTime
- kernelbase.dll.QueryDosDeviceW
- kernelbase.dll.CreateFileW
- kernelbase.dll.LockFile
- kernelbase.dll.GetFileSize
- kernelbase.dll.SetEndOfFile
- kernelbase.dll.WriteFile
- kernelbase.dll.SetFilePointer
- kernelbase.dll.ReadFile
- kernelbase.dll.WriteFileEx
- kernelbase.dll.WriteFileGather
- kernelbase.dll.GetFinalPathNameByHandleA
- kernelbase.dll.GetFinalPathNameByHandleW
- kernelbase.dll.RemoveDirectoryW
- kernelbase.dll.GetDiskFreeSpaceW
- kernelbase.dll.CreateDirectoryW
- kernelbase.dll.DefineDosDeviceW
- kernelbase.dll.FindFirstFileExA
- kernelbase.dll.FindFirstFileExW
- kernelbase.dll.FindClose
- kernelbase.dll.GetFileType
- kernelbase.dll.FlushFileBuffers
- kernelbase.dll.SetFileAttributesW
- kernelbase.dll.GetFileAttributesExW
- kernelbase.dll.DeleteFileW
- kernelbase.dll.GetFileTime
- kernelbase.dll.DeleteFileA
- kernelbase.dll.GetFileAttributesA
- kernelbase.dll.FindNextFileW
- kernelbase.dll.FindFirstFileW
- kernelbase.dll.GetLogicalDriveStringsW
- kernelbase.dll.GetTempFileNameW
- kernelbase.dll.GetVolumeInformationW
- kernelbase.dll.CompareFileTime
- kernelbase.dll.CreateDirectoryA
- kernelbase.dll.FileTimeToLocalFileTime
- kernelbase.dll.FileTimeToSystemTime
- kernelbase.dll.FindCloseChangeNotification
- kernelbase.dll.FindFirstFileA
- kernelbase.dll.FindFirstChangeNotificationA
- kernelbase.dll.FindFirstChangeNotificationW
- kernelbase.dll.FindNextChangeNotification
- kernelbase.dll.FindNextFileA
- kernelbase.dll.GetDiskFreeSpaceA
- kernelbase.dll.GetDiskFreeSpaceExA
- kernelbase.dll.GetDiskFreeSpaceExW
- kernelbase.dll.UnlockFileEx
- kernelbase.dll.GetDriveTypeA
- kernelbase.dll.GetDriveTypeW
- kernelbase.dll.GetFileAttributesExA
- kernelbase.dll.GetFileAttributesW
- kernelbase.dll.GetFileInformationByHandle
- kernelbase.dll.GetFileSizeEx
- kernelbase.dll.GetVolumeInformationByHandleW
- kernelbase.dll.LocalFileTimeToFileTime
- kernelbase.dll.LockFileEx
- kernelbase.dll.ReadFileScatter
- kernelbase.dll.ReadFileEx
- kernelbase.dll.RemoveDirectoryA
- kernelbase.dll.SetFileAttributesA
- kernelbase.dll.SetFileInformationByHandle
- kernelbase.dll.SetFilePointerEx
- kernelbase.dll.SetFileValidData
- kernelbase.dll.UnlockFile
- kernelbase.dll.PostQueuedCompletionStatus
- kernelbase.dll.GetQueuedCompletionStatusEx
- kernelbase.dll.GetQueuedCompletionStatus
- kernelbase.dll.CreateIoCompletionPort
- kernelbase.dll.CancelIoEx
- kernelbase.dll.GetOverlappedResult
- kernelbase.dll.DeviceIoControl
- kernelbase.dll.ChangeTimerQueueTimer
- kernelbase.dll.CreateTimerQueue
- kernelbase.dll.UnregisterWaitEx
- kernelbase.dll.DeleteTimerQueueTimer
- kernelbase.dll.DeleteTimerQueueEx
- kernelbase.dll.CreateTimerQueueTimer
- kernelbase.dll.GetModuleHandleA
- kernelbase.dll.GetModuleHandleW
- kernelbase.dll.GetModuleHandleExA
- kernelbase.dll.GetModuleHandleExW
- kernelbase.dll.LoadResource
- kernelbase.dll.LockResource
- kernelbase.dll.SizeofResource
- kernelbase.dll.GetProcAddress
- kernelbase.dll.GetModuleFileNameA
- kernelbase.dll.FreeLibraryAndExitThread
- kernelbase.dll.FindStringOrdinal
- kernelbase.dll.DisableThreadLibraryCalls
- kernelbase.dll.LoadLibraryExA
- kernelbase.dll.GetModuleFileNameW
- kernelbase.dll.FindResourceExW
- kernelbase.dll.FreeLibrary
- kernelbase.dll.LoadLibraryExW
- kernelbase.dll.FreeResource
- kernelbase.dll.PeekNamedPipe
- kernelbase.dll.DisconnectNamedPipe
- kernelbase.dll.CreatePipe
- kernelbase.dll.ConnectNamedPipe
- kernelbase.dll.GetNamedPipeAttribute
- kernelbase.dll.GetNamedPipeClientComputerNameW
- kernelbase.dll.WaitNamedPipeW
- kernelbase.dll.SetNamedPipeHandleState
- kernelbase.dll.CreateNamedPipeW
- kernelbase.dll.TransactNamedPipe
- kernelbase.dll.IsWow64Process
- kernelbase.dll.LCMapStringA
- kernelbase.dll.LocalLock
- kernelbase.dll.LocalReAlloc
- kernelbase.dll.LocalUnlock
- kernelbase.dll.GlobalAlloc
- kernelbase.dll.FormatMessageW
- kernelbase.dll.FormatMessageA
- kernelbase.dll.NeedCurrentDirectoryForExePathA
- kernelbase.dll.EnumSystemLocalesA
- kernelbase.dll.PulseEvent
- kernelbase.dll.Sleep
- kernelbase.dll.Wow64DisableWow64FsRedirection
- kernelbase.dll.Wow64RevertWow64FsRedirection
- kernelbase.dll.lstrcmpW
- kernelbase.dll.lstrcmpiW
- kernelbase.dll.lstrcpynA
- kernelbase.dll.lstrcpynW
- kernelbase.dll.lstrlenA
- kernelbase.dll.FatalAppExitA
- kernelbase.dll.NeedCurrentDirectoryForExePathW
- kernelbase.dll.FatalAppExitW
- kernelbase.dll.LocalAlloc
- kernelbase.dll.GlobalFree
- kernelbase.dll.lstrlenW
- kernelbase.dll.LocalFree
- kernelbase.dll.IsProcessInJob
- kernelbase.dll.GetLocalTime
- kernelbase.dll.GetSystemTimeAdjustment
- kernelbase.dll.GetSystemTimeAsFileTime
- kernelbase.dll.GetTickCount64
- kernelbase.dll.GetTimeZoneInformation
- kernelbase.dll.GetTimeZoneInformationForYear
- kernelbase.dll.GetVersion
- kernelbase.dll.GetVersionExA
- kernelbase.dll.GetVersionExW
- kernelbase.dll.GetWindowsDirectoryW
- kernelbase.dll.SetLocalTime
- kernelbase.dll.SystemTimeToTzSpecificLocalTime
- kernelbase.dll.TzSpecificLocalTimeToSystemTime
- kernelbase.dll.GetDynamicTimeZoneInformation
- kernelbase.dll.GetLogicalProcessorInformation
- kernelbase.dll.GetSystemInfo
- kernelbase.dll.GetLogicalProcessorInformationEx
- kernelbase.dll.GetWindowsDirectoryA
- kernelbase.dll.GlobalMemoryStatusEx
- kernelbase.dll.GetTickCount
- kernelbase.dll.GetSystemTime
- kernelbase.dll.SystemTimeToFileTime
- kernelbase.dll.GetComputerNameExW
- kernelbase.dll.GetComputerNameExA
- kernelbase.dll.VerLanguageNameA
- kernelbase.dll.FindNLSStringEx
- kernelbase.dll.SetThreadLocale
- kernelbase.dll.NlsWriteEtwEvent
- kernelbase.dll.NlsEventDataDescCreate
- kernelbase.dll.ConvertDefaultLocale
- kernelbase.dll.VerLanguageNameW
- kernelbase.dll.SetLocaleInfoW
- kernelbase.dll.SetCalendarInfoW
- kernelbase.dll.LCMapStringW
- kernelbase.dll.IsValidLocale
- kernelbase.dll.IsValidLanguageGroup
- kernelbase.dll.IsValidCodePage
- kernelbase.dll.IsNLSDefinedString
- kernelbase.dll.GetUserDefaultLCID
- kernelbase.dll.GetUserDefaultLangID
- kernelbase.dll.GetThreadLocale
- kernelbase.dll.GetSystemDefaultLCID
- kernelbase.dll.GetSystemDefaultLangID
- kernelbase.dll.GetProcessPreferredUILanguages
- kernelbase.dll.GetOEMCP
- kernelbase.dll.GetLocaleInfoW
- kernelbase.dll.GetCPInfoExW
- kernelbase.dll.GetCPInfo
- kernelbase.dll.GetACP
- kernelbase.dll.GetFileMUIPath
- kernelbase.dll.FindNLSString
- kernelbase.dll.NlsUpdateSystemLocale
- kernelbase.dll.NlsUpdateLocale
- kernelbase.dll.NlsGetCacheUpdateCount
- kernelbase.dll.NlsCheckPolicy
- kernelbase.dll.GetCalendarInfoW
- kernelbase.dll.GetCalendarInfoEx
- kernelbase.dll.GetLocaleInfoEx
- kernelbase.dll.GetSystemPreferredUILanguages
- kernelbase.dll.GetThreadPreferredUILanguages
- kernelbase.dll.GetThreadUILanguage
- kernelbase.dll.GetUILanguageInfo
- kernelbase.dll.GetUserPreferredUILanguages
- kernelbase.dll.IsValidLocaleName
- kernelbase.dll.LCMapStringEx
- kernelbase.dll.LocaleNameToLCID
- kernelbase.dll.ResolveLocaleName
- kernelbase.dll.GetFileMUIInfo
- kernelbase.dll.GetEnvironmentStrings
- kernelbase.dll.GetEnvironmentVariableW
- kernelbase.dll.SearchPathW
- kernelbase.dll.SetStdHandleEx
- kernelbase.dll.ExpandEnvironmentStringsA
- kernelbase.dll.ExpandEnvironmentStringsW
- kernelbase.dll.FreeEnvironmentStringsA
- kernelbase.dll.FreeEnvironmentStringsW
- kernelbase.dll.GetCommandLineA
- kernelbase.dll.GetCommandLineW
- kernelbase.dll.GetCurrentDirectoryA
- kernelbase.dll.GetCurrentDirectoryW
- kernelbase.dll.GetEnvironmentStringsW
- kernelbase.dll.SetEnvironmentStringsW
- kernelbase.dll.GetEnvironmentVariableA
- kernelbase.dll.GetStdHandle
- kernelbase.dll.SetCurrentDirectoryA
- kernelbase.dll.SetCurrentDirectoryW
- kernelbase.dll.SetEnvironmentVariableA
- kernelbase.dll.SetEnvironmentVariableW
- kernelbase.dll.SetStdHandle
- kernelbase.dll.GetStringTypeW
- kernelbase.dll.GetStringTypeExW
- kernelbase.dll.FoldStringW
- kernelbase.dll.CompareStringW
- kernelbase.dll.WideCharToMultiByte
- kernelbase.dll.CompareStringOrdinal
- kernelbase.dll.CompareStringEx
- kernelbase.dll.MultiByteToWideChar
- kernelbase.dll.DebugBreak
- kernelbase.dll.OutputDebugStringA
- kernelbase.dll.OutputDebugStringW
- kernelbase.dll.IsDebuggerPresent
- kernelbase.dll.GetLastError
- kernelbase.dll.GetErrorMode
- kernelbase.dll.RaiseException
- kernelbase.dll.SetErrorMode
- kernelbase.dll.SetLastError
- kernelbase.dll.FlsAlloc
- kernelbase.dll.FlsFree
- kernelbase.dll.FlsGetValue
- kernelbase.dll.FlsSetValue
- kernelbase.dll.Beep
- kernelbase.dll.QueryPerformanceFrequency
- kernelbase.dll.QueryPerformanceCounter
- kernelbase.dll.AllocateAndInitializeSid
- kernelbase.dll.FreeSid
- kernelbase.dll.DuplicateToken
- kernelbase.dll.AccessCheck
- ntdll.dll.wcstol
- ntdll.dll.RtlQueryInformationActiveActivationContext
- ntdll.dll.NtVdmControl
- ntdll.dll.RtlIsThreadWithinLoaderCallout
- ntdll.dll.RtlGetIntegerAtom
- ntdll.dll.RtlRetrieveNtUserPfn
- ntdll.dll.RtlInitializeNtUserPfn
- ntdll.dll._allshr
- ntdll.dll.NtCallbackReturn
- ntdll.dll._chkstk
- ntdll.dll.CsrCaptureMessageBuffer
- ntdll.dll.RtlRunDecodeUnicodeString
- ntdll.dll.RtlRunEncodeUnicodeString
- ntdll.dll.RtlGetThreadLangIdByIndex
- ntdll.dll.sscanf_s
- ntdll.dll.strrchr
- ntdll.dll.wcsncat_s
- ntdll.dll.RtlCheckRegistryKey
- ntdll.dll.LdrFlushAlternateResourceModules
- ntdll.dll.iswspace
- ntdll.dll._wtoi
- ntdll.dll._aulldvrm
- ntdll.dll.NlsAnsiCodePage
- gdi32.dll.GetClipRgn
- gdi32.dll.ExtSelectClipRgn
- gdi32.dll.GetHFONT
- gdi32.dll.GetMapMode
- gdi32.dll.SetGraphicsMode
- gdi32.dll.GetClipBox
- gdi32.dll.CreateRectRgn
- gdi32.dll.CreateRectRgnIndirect
- gdi32.dll.SetLayout
- gdi32.dll.GetBoundsRect
- gdi32.dll.ExcludeClipRect
- gdi32.dll.PlayEnhMetaFile
- gdi32.dll.Ellipse
- gdi32.dll.CreateEllipticRgn
- gdi32.dll.GdiFixUpHandle
- gdi32.dll.CreatePen
- gdi32.dll.Rectangle
- gdi32.dll.GetTextCharacterExtra
- gdi32.dll.SetTextCharacterExtra
- gdi32.dll.GetCurrentObject
- gdi32.dll.GetViewportOrgEx
- gdi32.dll.SetViewportOrgEx
- gdi32.dll.PolyPatBlt
- gdi32.dll.CreateBrushIndirect
- gdi32.dll.SetBoundsRect
- gdi32.dll.CopyEnhMetaFileW
- gdi32.dll.CopyMetaFileW
- gdi32.dll.GetPaletteEntries
- gdi32.dll.CreatePalette
- gdi32.dll.SetPaletteEntries
- gdi32.dll.GetPixel
- gdi32.dll.ExtTextOutA
- gdi32.dll.GetTextCharsetInfo
- gdi32.dll.QueryFontAssocStatus
- gdi32.dll.GetCharWidthInfo
- gdi32.dll.GetCharWidthA
- gdi32.dll.GetTextFaceW
- gdi32.dll.GetCharABCWidthsA
- gdi32.dll.GetCharABCWidthsW
- gdi32.dll.SetBrushOrgEx
- gdi32.dll.CreateFontIndirectW
- gdi32.dll.EnumFontsW
- gdi32.dll.GetTextFaceAliasW
- gdi32.dll.GetTextMetricsW
- gdi32.dll.GetTextColor
- gdi32.dll.GdiGetCodePage
- gdi32.dll.GetTextCharset
- gdi32.dll.GetBkMode
- gdi32.dll.GetViewportExtEx
- gdi32.dll.GetWindowExtEx
- gdi32.dll.GdiGetCharDimensions
- gdi32.dll.GdiPrinterThunk
- gdi32.dll.GdiLoadType1Fonts
- gdi32.dll.GdiAddFontResourceW
- gdi32.dll.TranslateCharsetInfo
- gdi32.dll.SaveDC
- gdi32.dll.OffsetWindowOrgEx
- gdi32.dll.RestoreDC
- gdi32.dll.ExtTextOutW
- gdi32.dll.GetDIBits
- gdi32.dll.CreateDIBSection
- gdi32.dll.SetStretchBltMode
- gdi32.dll.SelectPalette
- gdi32.dll.RealizePalette
- gdi32.dll.SetDIBits
- gdi32.dll.CreateDCW
- gdi32.dll.CreateDIBitmap
- gdi32.dll.CreateCompatibleBitmap
- gdi32.dll.SetBitmapBits
- gdi32.dll.DeleteDC
- gdi32.dll.GdiValidateHandle
- gdi32.dll.GdiDllInitialize
- gdi32.dll.GdiProcessSetup
- gdi32.dll.GetStockObject
- gdi32.dll.CreateSolidBrush
- gdi32.dll.CreateCompatibleDC
- gdi32.dll.GdiConvertBitmapV5
- gdi32.dll.GdiCreateLocalEnhMetaFile
- gdi32.dll.GdiCreateLocalMetaFilePict
- gdi32.dll.GetRgnBox
- gdi32.dll.CombineRgn
- gdi32.dll.OffsetRgn
- gdi32.dll.MirrorRgn
- gdi32.dll.EnableEUDC
- gdi32.dll.GdiConvertToDevmodeW
- gdi32.dll.GetTextExtentPointA
- gdi32.dll.GetTextExtentPointW
- gdi32.dll.CreateBitmap
- gdi32.dll.SetTextAlign
- gdi32.dll.GetTextAlign
- gdi32.dll.IntersectClipRect
- gdi32.dll.SelectObject
- gdi32.dll.SetBkMode
- gdi32.dll.GetBkColor
- gdi32.dll.GetObjectW
- gdi32.dll.SetTextColor
- gdi32.dll.SetBkColor
- gdi32.dll.GetLayout
- gdi32.dll.StretchDIBits
- gdi32.dll.GetDeviceCaps
- gdi32.dll.GetDIBColorTable
- gdi32.dll.GdiGetBitmapBitsSize
- gdi32.dll.DeleteObject
- gdi32.dll.DeleteMetaFile
- gdi32.dll.DeleteEnhMetaFile
- gdi32.dll.GdiConvertMetaFilePict
- gdi32.dll.GdiConvertEnhMetaFile
- gdi32.dll.GdiReleaseDC
- gdi32.dll.StretchBlt
- gdi32.dll.GetObjectType
- gdi32.dll.GdiConvertAndCheckDC
- gdi32.dll.SetRectRgn
- gdi32.dll.BitBlt
- gdi32.dll.TextOutW
- gdi32.dll.TextOutA
- gdi32.dll.PatBlt
- gdi32.dll.SetLayoutWidth
- kernel32.dll.GetLocaleInfoW
- kernel32.dll.SetUnhandledExceptionFilter
- kernel32.dll.UnhandledExceptionFilter
- kernel32.dll.TerminateProcess
- kernel32.dll.GetSystemTimeAsFileTime
- kernel32.dll.LoadLibraryExA
- kernel32.dll.InterlockedCompareExchange
- kernel32.dll.DelayLoadFailureHook
- kernel32.dll.GlobalAddAtomA
- kernel32.dll.GetModuleHandleA
- kernel32.dll.GetModuleFileNameA
- kernel32.dll.GlobalFindAtomA
- kernel32.dll.lstrlenA
- kernel32.dll.GetTickCount
- kernel32.dll.QueryPerformanceFrequency
- kernel32.dll.QueryPerformanceCounter
- kernel32.dll.LCMapStringW
- kernel32.dll.CreateFileMappingW
- kernel32.dll.MapViewOfFile
- kernel32.dll.GetFileSize
- kernel32.dll.UnmapViewOfFile
- kernel32.dll.WerpNotifyLoadStringResource
- kernel32.dll.GetSystemDefaultLangID
- kernel32.dll.RegQueryInfoKeyW
- kernel32.dll.RegEnumValueW
- kernel32.dll.RegOpenKeyExW
- kernel32.dll.RegQueryValueExW
- kernel32.dll.GetVersionExW
- kernel32.dll.IsDBCSLeadByte
- kernel32.dll.WerpNotifyUseStringResource
- kernel32.dll.GetCurrentProcessId
- kernel32.dll.ProcessIdToSessionId
- kernel32.dll.MulDiv
- kernel32.dll.GetThreadLocale
- kernel32.dll.FindFirstFileW
- kernel32.dll.FindNextFileW
- kernel32.dll.FindClose
- kernel32.dll.GetLogicalDrives
- kernel32.dll.lstrlenW
- kernel32.dll.SetCurrentDirectoryW
- kernel32.dll.GetCurrentDirectoryW
- kernel32.dll.ConvertDefaultLocale
- kernel32.dll.IsValidLocale
- kernel32.dll.GetAtomNameW
- kernel32.dll.GetAtomNameA
- kernel32.dll.AddAtomW
- kernel32.dll.AddAtomA
- kernel32.dll.GetSystemWindowsDirectoryW
- kernel32.dll.CreateProcessW
- kernel32.dll.EnumResourceNamesExW
- kernel32.dll.SetFileTime
- kernel32.dll.ReadFile
- kernel32.dll.CloseHandle
- kernel32.dll.FindResourceW
- kernel32.dll.CompareStringW
- kernel32.dll.GetCPInfo
- kernel32.dll.GetStringTypeA
- kernel32.dll.GetStringTypeW
- kernel32.dll.Sleep
- kernel32.dll.FoldStringW
- kernel32.dll.GlobalHandle
- kernel32.dll.CreateThread
- kernel32.dll.GetExitCodeThread
- kernel32.dll.ExitThread
- kernel32.dll.GetCurrentThread
- kernel32.dll.GetCurrentProcess
- kernel32.dll.GlobalAddAtomW
- kernel32.dll.LoadLibraryExW
- kernel32.dll.ExpandEnvironmentStringsW
- kernel32.dll.SearchPathW
- kernel32.dll.GetSystemDirectoryW
- kernel32.dll.IsDBCSLeadByteEx
- kernel32.dll.DisableThreadLibraryCalls
- kernel32.dll.FindResourceExA
- kernel32.dll.FindResourceExW
- kernel32.dll.LoadStringBaseExW
- kernel32.dll.LoadResource
- kernel32.dll.SizeofResource
- kernel32.dll.RegisterWaitForInputIdle
- kernel32.dll.QueryActCtxSettingsW
- kernel32.dll.GetModuleHandleW
- kernel32.dll.GetCurrentThreadId
- kernel32.dll.LoadAppInitDlls
- kernel32.dll.LocalSize
- kernel32.dll.LocalUnlock
- kernel32.dll.LocalLock
- kernel32.dll.LocalReAlloc
- kernel32.dll.GetACP
- kernel32.dll.InterlockedIncrement
- kernel32.dll.GetPrivateProfileStringW
- kernel32.dll.RegSetValueExW
- kernel32.dll.RegCloseKey
- kernel32.dll.RegCreateKeyExW
- kernel32.dll.RegDeleteKeyExW
- kernel32.dll.GetUserDefaultLCID
- kernel32.dll.GlobalUnlock
- kernel32.dll.GlobalLock
- kernel32.dll.GlobalSize
- kernel32.dll.LocalFree
- kernel32.dll.GlobalDeleteAtom
- kernel32.dll.LocalAlloc
- kernel32.dll.DeleteAtom
- kernel32.dll.FreeLibrary
- kernel32.dll.GetProcAddress
- kernel32.dll.LoadLibraryW
- kernel32.dll.InterlockedExchange
- kernel32.dll.GlobalGetAtomNameA
- kernel32.dll.GlobalGetAtomNameW
- kernel32.dll.GetModuleFileNameW
- kernel32.dll.GlobalFree
- kernel32.dll.InterlockedDecrement
- kernel32.dll.GlobalFlags
- kernel32.dll.WideCharToMultiByte
- kernel32.dll.GetLastError
- kernel32.dll.GetOEMCP
- kernel32.dll.GlobalReAlloc
- kernel32.dll.MultiByteToWideChar
- kernel32.dll.GlobalAlloc
- kernel32.dll.WaitForMultipleObjectsEx
- kernel32.dll.SetEvent
- kernel32.dll.CreateFileW
- kernel32.dll.lstrcmpiW
- kernel32.dll.WritePrivateProfileStringW
- kernel32.dll.GlobalFindAtomW
- kernel32.dll.SetLastError
- advapi32.dll.CheckTokenMembership
- msvcrt.dll.iswctype
- msvcrt.dll._wcstoui64
- msvcrt.dll._ftol2
- msvcrt.dll.tolower
- msvcrt.dll._ultow
- msvcrt.dll.wcstok
- msvcrt.dll.isalnum
- msvcrt.dll.isspace
- msvcrt.dll._errno
- msvcrt.dll.mbstowcs
- msvcrt.dll._except_handler4_common
- msvcrt.dll.wcschr
- msvcrt.dll.wcsrchr
- msvcrt.dll.memset
- msvcrt.dll.memmove
- msvcrt.dll._wcsicmp
- msvcrt.dll._vsnwprintf
- msvcrt.dll.memcpy
- msvcrt.dll.wcscpy_s
- msvcrt.dll._stricmp
- msvcrt.dll.strchr
- msvcrt.dll.strrchr
- msvcrt.dll.strstr
- msvcrt.dll._vsnprintf
- msvcrt.dll.wcstombs
- msvcrt.dll.wcsstr
- msvcrt.dll.swprintf_s
- msvcrt.dll.wcsncpy_s
- msvcrt.dll.wcsncmp
- msvcrt.dll.swscanf_s
- msvcrt.dll._wcsnicmp
- msvcrt.dll.wcstoul
- msvcrt.dll.wcscat_s
- ntdll.dll.EtwEventWriteEx
- ntdll.dll.NtQuerySystemTime
- ntdll.dll.RtlGetNtProductType
- ntdll.dll.RtlIsValidIndexHandle
- ntdll.dll.NtCompareTokens
- ntdll.dll.RtlEnumerateGenericTableWithoutSplaying
- ntdll.dll.RtlIsGenericTableEmpty
- ntdll.dll.RtlDuplicateUnicodeString
- ntdll.dll.RtlDeleteElementGenericTable
- ntdll.dll.RtlInsertElementGenericTable
- ntdll.dll.RtlDestroyHandleTable
- ntdll.dll.RtlStringFromGUID
- ntdll.dll.RtlInitializeGenericTable
- ntdll.dll.RtlLookupElementGenericTable
- ntdll.dll.RtlNumberGenericTableElements
- ntdll.dll.RtlDllShutdownInProgress
- ntdll.dll.RtlRegisterThreadWithCsrss
- ntdll.dll.NtTraceControl
- ntdll.dll.EtwSendNotification
- ntdll.dll.EtwDeliverDataBlock
- ntdll.dll.EtwEnumerateProcessRegGuids
- ntdll.dll.RtlQueryTimeZoneInformation
- ntdll.dll.RtlQueryPerformanceFrequency
- ntdll.dll.EtwpGetCpuSpeed
- ntdll.dll.NtQueryPerformanceCounter
- ntdll.dll.RtlInitializeBitMap
- ntdll.dll.RtlInterlockedClearBitRun
- ntdll.dll.NtTraceEvent
- ntdll.dll.RtlAdjustPrivilege
- ntdll.dll.EtwProcessPrivateLoggerRequest
- ntdll.dll.RtlIpv4AddressToStringW
- ntdll.dll.RtlIpv6AddressToStringW
- ntdll.dll.NtRenameKey
- ntdll.dll.NtLoadKeyEx
- ntdll.dll.RtlCopyString
- ntdll.dll.RtlTimeToSecondsSince1970
- ntdll.dll.NtQueryMutant
- ntdll.dll.NtAlpcQueryInformation
- ntdll.dll.NtReplaceKey
- ntdll.dll.NtSaveKey
- ntdll.dll.NtSaveMergedKeys
- ntdll.dll.EtwLogTraceEvent
- sechost.dll.RegisterServiceCtrlHandlerExW
- sechost.dll.StartServiceCtrlDispatcherW
- sechost.dll.SetServiceStatus
- sechost.dll.I_ScRpcBindW
- sechost.dll.StartServiceCtrlDispatcherA
- sechost.dll.StartServiceA
- sechost.dll.RegisterServiceCtrlHandlerW
- sechost.dll.RegisterServiceCtrlHandlerExA
- sechost.dll.RegisterServiceCtrlHandlerA
- sechost.dll.QueryServiceStatus
- sechost.dll.QueryServiceConfigA
- sechost.dll.QueryServiceConfig2A
- sechost.dll.OpenServiceA
- sechost.dll.OpenSCManagerA
- sechost.dll.NotifyServiceStatusChangeA
- sechost.dll.CreateServiceA
- sechost.dll.ControlServiceExA
- sechost.dll.ControlService
- sechost.dll.ChangeServiceConfigA
- sechost.dll.ChangeServiceConfig2A
- sechost.dll.I_ScRpcBindA
- sechost.dll.ControlServiceExW
- sechost.dll.OpenSCManagerW
- sechost.dll.OpenServiceW
- sechost.dll.CreateServiceW
- sechost.dll.DeleteService
- sechost.dll.CloseServiceHandle
- sechost.dll.StartServiceW
- sechost.dll.QueryServiceConfig2W
- sechost.dll.NotifyServiceStatusChangeW
- sechost.dll.ChangeServiceConfig2W
- sechost.dll.ChangeServiceConfigW
- sechost.dll.QueryServiceConfigW
- sechost.dll.QueryServiceObjectSecurity
- sechost.dll.QueryServiceStatusEx
- sechost.dll.SetServiceObjectSecurity
- kernel32.dll.RegSaveKeyExW
- kernel32.dll.RegNotifyChangeKeyValue
- kernel32.dll.RegQueryInfoKeyA
- kernel32.dll.RegQueryValueExA
- kernel32.dll.RegLoadMUIStringA
- kernel32.dll.RegSaveKeyExA
- kernel32.dll.RegGetKeySecurity
- kernel32.dll.RegSetKeySecurity
- kernel32.dll.RegRestoreKeyA
- kernel32.dll.RegRestoreKeyW
- kernel32.dll.RegLoadKeyA
- kernel32.dll.RegLoadKeyW
- kernel32.dll.RegDeleteKeyExA
- kernel32.dll.RegDeleteValueA
- kernel32.dll.RegDeleteValueW
- kernel32.dll.RegEnumKeyExA
- kernel32.dll.RegEnumKeyExW
- kernel32.dll.RegEnumValueA
- kernel32.dll.RegGetValueA
- kernel32.dll.RegGetValueW
- kernel32.dll.RegCreateKeyExA
- kernel32.dll.RegFlushKey
- kernel32.dll.RegOpenCurrentUser
- kernel32.dll.RegOpenKeyExA
- kernel32.dll.RegDisablePredefinedCacheEx
- kernel32.dll.RegLoadMUIStringW
- kernel32.dll.RegOpenUserClassesRoot
- kernel32.dll.RegSetValueExA
- kernel32.dll.RegUnLoadKeyA
- kernel32.dll.RegUnLoadKeyW
- kernel32.dll.RegDeleteTreeW
- kernel32.dll.RegDeleteTreeA
- kernelbase.dll.ImpersonateNamedPipeClient
- kernel32.dll.GetPriorityClass
- kernel32.dll.OpenThread
- kernel32.dll.SetThreadToken
- kernel32.dll.OpenThreadToken
- kernel32.dll.OpenProcessToken
- kernel32.dll.CreateProcessAsUserW
- kernel32.dll.GetProcessId
- kernelbase.dll.GetSidLengthRequired
- kernelbase.dll.GetSidSubAuthority
- kernelbase.dll.GetSidSubAuthorityCount
- kernelbase.dll.GetWindowsAccountDomainSid
- kernelbase.dll.ImpersonateAnonymousToken
- kernelbase.dll.ImpersonateLoggedOnUser
- kernelbase.dll.ImpersonateSelf
- kernelbase.dll.InitializeAcl
- kernelbase.dll.InitializeSecurityDescriptor
- kernelbase.dll.InitializeSid
- kernelbase.dll.IsTokenRestricted
- kernelbase.dll.IsValidAcl
- kernelbase.dll.IsValidRelativeSecurityDescriptor
- kernelbase.dll.IsValidSecurityDescriptor
- kernelbase.dll.IsWellKnownSid
- kernelbase.dll.MakeAbsoluteSD
- kernelbase.dll.MakeAbsoluteSD2
- kernelbase.dll.GetSidIdentifierAuthority
- kernelbase.dll.MapGenericMask
- kernelbase.dll.PrivilegeCheck
- kernelbase.dll.QuerySecurityAccessMask
- kernelbase.dll.RevertToSelf
- kernelbase.dll.SetAclInformation
- kernelbase.dll.SetKernelObjectSecurity
- kernelbase.dll.SetPrivateObjectSecurity
- kernelbase.dll.SetPrivateObjectSecurityEx
- kernelbase.dll.EqualDomainSid
- kernelbase.dll.SetSecurityAccessMask
- kernelbase.dll.SetSecurityDescriptorControl
- kernelbase.dll.SetSecurityDescriptorDacl
- kernelbase.dll.SetSecurityDescriptorGroup
- kernelbase.dll.SetSecurityDescriptorOwner
- kernelbase.dll.SetSecurityDescriptorRMControl
- kernelbase.dll.SetSecurityDescriptorSacl
- kernelbase.dll.SetTokenInformation
- kernelbase.dll.GetSecurityDescriptorSacl
- kernelbase.dll.GetSecurityDescriptorRMControl
- kernelbase.dll.GetSecurityDescriptorOwner
- kernelbase.dll.GetSecurityDescriptorLength
- kernelbase.dll.GetSecurityDescriptorGroup
- kernelbase.dll.GetSecurityDescriptorDacl
- kernelbase.dll.GetSecurityDescriptorControl
- kernelbase.dll.GetPrivateObjectSecurity
- kernelbase.dll.GetLengthSid
- kernelbase.dll.GetKernelObjectSecurity
- kernelbase.dll.GetAclInformation
- kernelbase.dll.GetAce
- kernelbase.dll.FindFirstFreeAce
- kernelbase.dll.MakeSelfRelativeSD
- kernelbase.dll.EqualSid
- kernelbase.dll.IsValidSid
- kernelbase.dll.AccessCheckAndAuditAlarmW
- kernelbase.dll.AccessCheckByTypeAndAuditAlarmW
- kernelbase.dll.AccessCheckByTypeResultListAndAuditAlarmW
- kernelbase.dll.AccessCheckByTypeResultListAndAuditAlarmByHandleW
- kernelbase.dll.ObjectOpenAuditAlarmW
- kernelbase.dll.ObjectPrivilegeAuditAlarmW
- kernelbase.dll.ObjectCloseAuditAlarmW
- kernelbase.dll.ObjectDeleteAuditAlarmW
- kernelbase.dll.PrivilegedServiceAuditAlarmW
- kernelbase.dll.SetFileSecurityW
- kernelbase.dll.GetFileSecurityW
- kernelbase.dll.CopySid
- kernelbase.dll.GetTokenInformation
- kernelbase.dll.AccessCheckByType
- kernelbase.dll.AccessCheckByTypeResultList
- kernelbase.dll.AddAccessAllowedAce
- kernelbase.dll.AddAccessAllowedAceEx
- kernelbase.dll.AddAccessAllowedObjectAce
- kernelbase.dll.AddAccessDeniedAce
- kernelbase.dll.AddAccessDeniedAceEx
- kernelbase.dll.AddAccessDeniedObjectAce
- kernelbase.dll.AddAce
- kernelbase.dll.AddAuditAccessAce
- kernelbase.dll.AddAuditAccessAceEx
- kernelbase.dll.AddAuditAccessObjectAce
- kernelbase.dll.AdjustTokenGroups
- kernelbase.dll.AdjustTokenPrivileges
- kernelbase.dll.AllocateLocallyUniqueId
- kernelbase.dll.AreAllAccessesGranted
- kernelbase.dll.AreAnyAccessesGranted
- kernelbase.dll.CheckTokenMembership
- kernelbase.dll.ConvertToAutoInheritPrivateObjectSecurity
- kernelbase.dll.CreatePrivateObjectSecurity
- kernelbase.dll.CreatePrivateObjectSecurityEx
- kernelbase.dll.CreatePrivateObjectSecurityWithMultipleInheritance
- kernelbase.dll.CreateRestrictedToken
- kernelbase.dll.CreateWellKnownSid
- kernelbase.dll.DeleteAce
- kernelbase.dll.DestroyPrivateObjectSecurity
- kernelbase.dll.DuplicateTokenEx
- kernelbase.dll.EqualPrefixSid
- kernel32.dll.VirtualAllocEx
- kernel32.dll.VirtualFree
- kernel32.dll.OpenProcess
- kernel32.dll.GlobalMemoryStatusEx
- kernel32.dll.GetActiveProcessorCount
- kernel32.dll.GetSystemInfo
- kernel32.dll.DeviceIoControl
- kernel32.dll.GetVolumeInformationW
- kernel32.dll.GetDriveTypeW
- kernel32.dll.GetLogicalDriveStringsW
- kernel32.dll.ReleaseMutex
- kernel32.dll.HeapSize
- kernel32.dll.GetComputerNameW
- kernel32.dll.ExpandEnvironmentStringsA
- kernel32.dll.RegKrnInitialize
- kernel32.dll.GetComputerNameA
- kernel32.dll.DuplicateHandle
- kernel32.dll.CreateMutexW
- kernel32.dll.ReadProcessMemory
- kernel32.dll.FreeLibraryAndExitThread
- kernel32.dll.IsWow64Process
- kernel32.dll.GetPrivateProfileIntW
- kernel32.dll.ResetEvent
- kernel32.dll.HeapReAlloc
- kernel32.dll.GetSystemTime
- kernel32.dll.CreateMutexA
- kernel32.dll.InitializeCriticalSection
- kernel32.dll.Wow64RevertWow64FsRedirection
- kernel32.dll.LockResource
- kernel32.dll.Wow64DisableWow64FsRedirection
- kernel32.dll.DosDateTimeToFileTime
- kernel32.dll.FileTimeToDosDateTime
- kernel32.dll.GetFileTime
- kernel32.dll.SetErrorMode
- kernel32.dll.FindFirstFileExW
- kernel32.dll.SetFileInformationByHandle
- kernel32.dll.CopyFileW
- kernel32.dll.lstrcmpiA
- kernel32.dll.GetFileSizeEx
- kernel32.dll.GetComputerNameExW
- kernel32.dll.LoadLibraryA
- kernel32.dll.CreateProcessInternalA
- kernel32.dll.LeaveCriticalSection
- kernel32.dll.EnterCriticalSection
- kernel32.dll.RegKrnGetGlobalState
- kernel32.dll.SleepEx
- kernel32.dll.HeapAlloc
- kernel32.dll.GetProcessHeap
- kernel32.dll.GetFullPathNameW
- kernel32.dll.HeapFree
- kernel32.dll.GetFileAttributesW
- kernel32.dll.CreateEventW
- kernel32.dll.GetThreadUILanguage
- kernel32.dll.GetCommandLineW
- kernel32.dll.lstrcmpW
- kernel32.dll.GetModuleHandleExW
- kernel32.dll.WriteFile
- kernel32.dll.MoveFileW
- kernel32.dll.DeleteFileW
- kernel32.dll.GetFileAttributesExW
- kernel32.dll.SetFilePointer
- kernel32.dll.OutputDebugStringW
- kernel32.dll.GetLocalTime
- kernel32.dll.FormatMessageW
- kernel32.dll.CompareFileTime
- kernel32.dll.GetLongPathNameW
- kernel32.dll.GetVolumePathNameW
- kernel32.dll.DeleteCriticalSection
- kernel32.dll.WaitForSingleObject
- kernel32.dll.GetFileMUIPath
- kernel32.dll.VirtualFreeEx
- kernel32.dll.GetDiskFreeSpaceExW
- kernel32.dll.GetFullPathNameA
- kernel32.dll.GetOverlappedResult
- rpcrt4.dll.RpcBindingCreateW
- rpcrt4.dll.UuidCreate
- rpcrt4.dll.RpcBindingSetAuthInfoA
- rpcrt4.dll.RpcEpResolveBinding
- rpcrt4.dll.I_RpcSNCHOption
- rpcrt4.dll.UuidFromStringW
- rpcrt4.dll.UuidToStringW
- rpcrt4.dll.RpcExceptionFilter
- rpcrt4.dll.RpcBindingSetAuthInfoW
- rpcrt4.dll.RpcSsDestroyClientContext
- rpcrt4.dll.I_RpcMapWin32Status
- rpcrt4.dll.I_RpcExceptionFilter
- rpcrt4.dll.NdrClientCall2
- rpcrt4.dll.RpcBindingSetAuthInfoExW
- rpcrt4.dll.RpcStringBindingComposeW
- rpcrt4.dll.RpcBindingFromStringBindingW
- rpcrt4.dll.RpcStringFreeW
- rpcrt4.dll.RpcBindingFree
- rpcrt4.dll.RpcBindingSetAuthInfoExA
- rpcrt4.dll.RpcRaiseException
- rpcrt4.dll.RpcBindingBind
- msvcrt.dll.qsort
- msvcrt.dll.gmtime
- msvcrt.dll.iswdigit
- msvcrt.dll.free
- msvcrt.dll.malloc
- msvcrt.dll._wtoi
- msvcrt.dll._XcptFilter
- msvcrt.dll._initterm
- msvcrt.dll._amsg_exit
- ntdll.dll.RtlIpv4AddressToStringA
- ntdll.dll.RtlIpv6StringToAddressA
- ntdll.dll.RtlIpv4StringToAddressA
- ntdll.dll.RtlIpv6StringToAddressExW
- ntdll.dll.RtlIpv4StringToAddressExW
- nsi.dll.NsiSetAllPersistentParametersWithMask
- nsi.dll.NsiCancelChangeNotification
- nsi.dll.NsiRequestChangeNotification
- nsi.dll.NsiSetAllParameters
- nsi.dll.NsiGetParameter
- nsi.dll.NsiSetParameter
- nsi.dll.NsiEnumerateObjectsAllParameters
- nsi.dll.NsiAllocateAndGetTable
- nsi.dll.NsiGetAllParameters
- nsi.dll.NsiFreeTable
- winnsi.dll.NsiConnectToServer
- winnsi.dll.NsiRpcRegisterChangeNotification
- winnsi.dll.NsiRpcDeregisterChangeNotification
- winnsi.dll.NsiRpcGetParameter
- winnsi.dll.NsiDisconnectFromServer
- rpcrt4.dll.NdrAsyncServerCall
- rpcrt4.dll.RpcServerUnregisterIf
- rpcrt4.dll.RpcServerUseProtseqEpW
- rpcrt4.dll.RpcServerRegisterIf2
- rpcrt4.dll.RpcServerInqCallAttributesW
- rpcrt4.dll.RpcBindingUnbind
- rpcrt4.dll.RpcAsyncCompleteCall
- kernelbase.dll.HeapFree
- kernelbase.dll.HeapReAlloc
- kernelbase.dll.HeapAlloc
- kernelbase.dll.InterlockedIncrement
- kernelbase.dll.InterlockedCompareExchange
- kernelbase.dll.InterlockedExchangeAdd
- kernelbase.dll.InterlockedExchange
- kernelbase.dll.InterlockedDecrement
- kernel32.dll.QueueUserAPC
- kernelbase.dll.GetSystemDirectoryW
- mscoree.dll._CorExeMain
- msvcrt.dll.strncpy
- iphlpapi.dll.GetInterfaceInfo
- psapi.dll.GetMappedFileNameW
- user32.dll.GetWindow
- advapi32.dll.RegDeleteKeyA
- shell32.dll.SHGetFolderPathW
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsFree
- kernel32.dll.FlsGetValue
- kernel32.dll.FlsSetValue
- kernel32.dll.InitializeCriticalSectionEx
- kernel32.dll.CreateEventExW
- kernel32.dll.CreateSemaphoreExW
- kernel32.dll.SetThreadStackGuarantee
- kernel32.dll.CreateThreadpoolTimer
- kernel32.dll.SetThreadpoolTimer
- kernel32.dll.WaitForThreadpoolTimerCallbacks
- kernel32.dll.CloseThreadpoolTimer
- kernel32.dll.CreateThreadpoolWait
- kernel32.dll.SetThreadpoolWait
- kernel32.dll.CloseThreadpoolWait
- kernel32.dll.FlushProcessWriteBuffers
- kernel32.dll.FreeLibraryWhenCallbackReturns
- kernel32.dll.GetCurrentProcessorNumber
- kernel32.dll.GetLogicalProcessorInformation
- kernel32.dll.CreateSymbolicLinkW
- kernel32.dll.EnumSystemLocalesEx
- kernel32.dll.CompareStringEx
- kernel32.dll.GetDateFormatEx
- kernel32.dll.GetLocaleInfoEx
- kernel32.dll.GetTimeFormatEx
- kernel32.dll.GetUserDefaultLocaleName
- kernel32.dll.IsValidLocaleName
- kernel32.dll.LCMapStringEx
- kernel32.dll.GetTickCount64
- kernel32.dll.AcquireSRWLockExclusive
- kernel32.dll.ReleaseSRWLockExclusive
- advapi32.dll.EventRegister
- mscoree.dll.#142
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegQueryValueExW
- advapi32.dll.RegCloseKey
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- cryptbase.dll.SystemFunction036
- imm32.dll.ImmCreateContext
- imm32.dll.ImmDestroyContext
- imm32.dll.ImmNotifyIME
- imm32.dll.ImmAssociateContext
- imm32.dll.ImmReleaseContext
- imm32.dll.ImmGetContext
- imm32.dll.ImmGetCompositionStringA
- imm32.dll.ImmSetCompositionStringA
- imm32.dll.ImmGetCompositionStringW
- imm32.dll.ImmSetCompositionStringW
- imm32.dll.ImmSetCandidateWindow
- lpk.dll.LpkEditControl
- sechost.dll.LookupAccountNameLocalW
- advapi32.dll.LookupAccountSidW
- sechost.dll.LookupAccountSidLocalW
- cryptsp.dll.CryptAcquireContextW
- ole32.dll.CoCreateFreeThreadedMarshaler
- cryptsp.dll.CryptGenRandom
- ole32.dll.NdrOleInitializeExtension
- ole32.dll.CoGetClassObject
- ole32.dll.CoGetMarshalSizeMax
- ole32.dll.CoMarshalInterface
- ole32.dll.CoUnmarshalInterface
- ole32.dll.StringFromIID
- ole32.dll.CoGetPSClsid
- ole32.dll.CoTaskMemAlloc
- ole32.dll.CoTaskMemFree
- ole32.dll.CoCreateInstance
- ole32.dll.CoReleaseMarshalData
- ole32.dll.DcomChannelSetHResult
- rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
- oleaut32.dll.#2
- oleaut32.dll.#6
- kernel32.dll.GetThreadPreferredUILanguages
- kernel32.dll.SetThreadPreferredUILanguages
- kernel32.dll.LocaleNameToLCID
- kernel32.dll.LCIDToLocaleName
- kernel32.dll.GetSystemDefaultLocaleName
- oleaut32.dll.#500
- oleaut32.dll.#283
- oleaut32.dll.#284
- cryptsp.dll.CryptGetDefaultProviderW
- cryptsp.dll.CryptCreateHash
- cryptsp.dll.CryptHashData
- cryptsp.dll.CryptGetHashParam
- cryptsp.dll.CryptDestroyHash
- kernel32.dll.IsProcessorFeaturePresent
- user32.dll.GetWindowInfo
- user32.dll.GetAncestor
- user32.dll.GetMonitorInfoA
- user32.dll.EnumDisplayMonitors
- user32.dll.EnumDisplayDevicesA
- gdi32.dll.GdiIsMetaPrintDC
- gdi32.dll.GdiRealizationInfo
- gdi32.dll.FontIsLinked
- advapi32.dll.RegQueryInfoKeyW
- advapi32.dll.RegEnumValueW
- advapi32.dll.RegQueryValueExA
- advapi32.dll.RegEnumKeyExW
- uxtheme.dll.EnableThemeDialogTexture
- gdi32.dll.GetTextExtentExPointWPri
- gdi32.dll.GetFontAssocStatus
- ole32.dll.CoInitializeEx
- ole32.dll.CoUninitialize
- ole32.dll.CoRegisterInitializeSpy
- ole32.dll.CoRevokeInitializeSpy
- rasapi32.dll.RasConnectionNotificationW
- rasapi32.dll.RasDeleteEntryW
- rasapi32.dll.RasDialW
- rasapi32.dll.RasEnumEntriesW
- rasapi32.dll.RasEnumConnectionsW
- rasapi32.dll.RasGetAutodialEnableW
- rasapi32.dll.RasGetAutodialParamW
- rasapi32.dll.RasGetConnectStatusW
- rasapi32.dll.RasGetCredentialsW
- rasapi32.dll.RasGetEntryDialParamsW
- rasapi32.dll.RasGetErrorStringW
- rasapi32.dll.RasGetHport
- rasapi32.dll.RasGetProjectionInfoW
- rasapi32.dll.RasGetSubEntryHandleW
- rasapi32.dll.RasHangUpW
- rasapi32.dll.RasSetAutodialEnableW
- rasapi32.dll.RasSetAutodialParamW
- rasapi32.dll.RasSetCredentialsW
- rasapi32.dll.RasSetOldPassword
- rasapi32.dll.RasGetCountryInfoW
- rasapi32.dll.RasInvokeEapUI
- rasapi32.dll.RasSetEapUserDataW
- rasapi32.dll.RasGetEntryPropertiesW
- rasapi32.dll.RasValidateEntryNameW
- rasapi32.dll.RasWriteSharedPbkOptions
- rasapi32.dll.RasGetAutodialAddressW
- rasapi32.dll.DwEnumEntryDetails
- rtutils.dll.TraceRegisterExA
- rtutils.dll.TracePrintfExA
- dnsapi.dll.DnsQueryConfig
- iphlpapi.dll.GetAdaptersAddresses
- iphlpapi.dll.GetIpInterfaceEntry
- iphlpapi.dll.GetBestInterfaceEx
- cryptsp.dll.CryptImportKey
- cryptsp.dll.CryptExportKey
- cryptsp.dll.CryptDestroyKey
- windowscodecs.dll.DllGetClassObject
- kernel32.dll.WerRegisterMemoryBlock
- uxtheme.dll.OpenThemeData
- imm32.dll.ImmIsIME
- imm32.dll.ImmLockIMC
- imm32.dll.ImmUnlockIMC
- imm32.dll.ImmSetCompositionFontW
- imm32.dll.ImmGetCompositionWindow
- imm32.dll.ImmSetCompositionWindow
- uxtheme.dll.BufferedPaintInit
- uxtheme.dll.BeginBufferedPaint
- cryptsp.dll.CryptReleaseContext