魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2020-05-03 16:14:11 2020-05-03 16:16:37 146 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-hpdapp01-1 win7-sp1-x64-hpdapp01-1 KVM 2020-05-03 16:14:20 2020-05-03 16:16:38
魔盾分数

10.0

恶意的

文件详细信息

文件名 自动接受对局v2.0.exe
文件大小 2662400 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 585602FA
MD5 42a29459698961760c27c8540b5327a4
SHA1 d2a205cdd1a83134f30d970f351c8021ffef09fd
SHA256 d3cbbfc68b6e2c0eaa2bda7e85128320f36eb12fb46df0322b63976707d458ed
SHA512 c29162ccf73a77e2b271affeadd4189e9603f14b6766ac74952c65b56b9a946867d7d5820b5ec900038106b9255135c7a6ae80418b6cbd259825e528a773e30d
Ssdeep 49152:RShoDQixWhPbWCsVb6KUpZ+hDg1F2d6H7O5oKZenU7CvCqLfqSH4BSbJ1v0:IqDQixWhPb5SbWf+YFCCO7UgCKgSSH4r
PEiD 无匹配
Yara
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • win_mutex (Create or check mutex)
  • screenshot (Detected take screenshot function)
  • create_process (Detection function for creating a new process)
  • keylogger (Detected keylogger function)
  • win_registry (Detected system registries modification function)
  • change_win_registry (Change registries to affect system)
  • win_files_operation (Affect private profile)
  • win_hook (Detected hook table access function)
  • win_private_profile (Detected private profile access function)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • with_images (Detected the presence of an or several images)
  • UPX (Detected UPX. Commonly used by RAT!)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • MD5_Constants (Look for MD5 constants)
  • BASE64_table (Look for Base64 table)
  • UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser ()
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • IsPacked (Detected Entropy signature)
  • HasRichSignature (Detected Rich Signature)
VirusTotal 无此文件扫描结果

特征

创建RWX内存
二进制文件可能包含加密或压缩数据
section: name: .rdata, entropy: 7.66, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x001cf000, virtual_size: 0x001ce8ba
从文件自身的二进制镜像中读取数据
self_read: process: __________________v2.0.exe, pid: 2688, offset: 0x00000000, length: 0x00000040
self_read: process: __________________v2.0.exe, pid: 2688, offset: 0x000000f0, length: 0x00000020
self_read: process: __________________v2.0.exe, pid: 2688, offset: 0x00000173, length: 0x00080000
魔盾安全Yara规则检测结果 - 安全告警
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
Warning: Detected UPX. Commonly used by RAT!
尝试断开连接或更改沙箱进程监控的Windows功能
unhook: function_name: SetWindowLongA, type: modification
unhook: function_name: SetWindowLongW, type: modification
可能是恶意的样本写入可疑的执行文件并混淆扩展名
检测到样本尝试模糊或欺骗文件类型

运行截图

网络分析

无信息

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x00478bd7
声明校验值 0x00000000
实际校验值 0x00294eb4
最低操作系统版本要求 4.0
编译时间 2020-05-03 15:52:05
载入哈希 6c2d4dbf3f2e38f0eb33d7a6e4c27039

版本信息

LegalCopyright: QQ26554431 \u7248\u6743\u6240\u6709
FileVersion: 1.0.0.0
CompanyName: QQ26554431
Comments: \u672c\u7a0b\u5e8f\u4f7f\u7528\u6613\u8bed\u8a00\u7f16\u5199(http://www.eyuyan.com)
ProductName: \u81ea\u52a8\u63a5\u53d7\u5bf9\u5c40
ProductVersion: 1.0.0.0
FileDescription: \u6613\u8bed\u8a00\u7a0b\u5e8f
Translation: 0x0804 0x04b0

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0009b6ba 0x0009c000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.rdata 0x0009d000 0x001ce8ba 0x001cf000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.66
.data 0x0026c000 0x0005040a 0x00013000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.16
.rsrc 0x002bd000 0x0000ab0c 0x0000b000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.59

导入

库 WINMM.dll:
0x49d674 - midiStreamRestart
0x49d678 - midiStreamClose
0x49d67c - midiOutReset
0x49d680 - midiStreamStop
0x49d684 - midiStreamOut
0x49d688 - midiOutPrepareHeader
0x49d68c - midiStreamProperty
0x49d690 - midiStreamOpen
0x49d694 - midiOutUnprepareHeader
0x49d698 - waveOutOpen
0x49d69c - waveOutGetNumDevs
0x49d6a0 - waveOutClose
0x49d6a4 - waveOutReset
0x49d6a8 - waveOutPause
0x49d6ac - waveOutWrite
0x49d6b0 - waveOutPrepareHeader
0x49d6b4 - waveOutUnprepareHeader
库 WS2_32.dll:
0x49d6cc - recvfrom
0x49d6d0 - WSAAsyncSelect
0x49d6d4 - recv
0x49d6d8 - closesocket
0x49d6dc - getpeername
0x49d6e0 - send
0x49d6e4 - select
0x49d6e8 - WSACleanup
0x49d6ec - WSAStartup
0x49d6f0 - accept
0x49d6f4 - ioctlsocket
0x49d6f8 - inet_ntoa
库 VERSION.dll:
0x49d664 - VerLanguageNameA
库 RASAPI32.dll:
0x49d3d4 - RasGetConnectStatusA
0x49d3d8 - RasHangUpA
库 KERNEL32.dll:
0x49d174 - GetCurrentProcess
0x49d178 - SetFilePointer
0x49d17c - GetFileSize
0x49d180 - TerminateProcess
0x49d184 - SetLastError
0x49d188 - GetTimeZoneInformation
0x49d18c - GetSystemDefaultLangID
0x49d190 - GetLocaleInfoA
0x49d194 - GetVersion
0x49d198 - FileTimeToSystemTime
0x49d19c - InterlockedIncrement
0x49d1a0 - InterlockedDecrement
0x49d1a4 - LocalFree
0x49d1a8 - FileTimeToLocalFileTime
0x49d1ac - lstrcpynA
0x49d1b0 - DuplicateHandle
0x49d1b4 - FlushFileBuffers
0x49d1b8 - LockFile
0x49d1bc - UnlockFile
0x49d1c0 - lstrcmpiA
0x49d1c4 - GlobalDeleteAtom
0x49d1c8 - GlobalFindAtomA
0x49d1cc - GlobalAddAtomA
0x49d1d0 - GlobalGetAtomNameA
0x49d1d4 - lstrcmpA
0x49d1d8 - LocalAlloc
0x49d1dc - TlsAlloc
0x49d1e0 - GlobalHandle
0x49d1e4 - TlsFree
0x49d1e8 - TlsSetValue
0x49d1ec - LocalReAlloc
0x49d1f0 - TlsGetValue
0x49d1f4 - GetFileTime
0x49d1f8 - GetCurrentThread
0x49d1fc - GlobalFlags
0x49d200 - SetErrorMode
0x49d204 - GetProcessVersion
0x49d208 - GetCPInfo
0x49d20c - GetOEMCP
0x49d210 - GetStartupInfoA
0x49d214 - RtlUnwind
0x49d218 - GetSystemTime
0x49d21c - GetLocalTime
0x49d220 - RaiseException
0x49d224 - HeapSize
0x49d228 - GetACP
0x49d22c - SetStdHandle
0x49d230 - GetFileType
0x49d234 - UnhandledExceptionFilter
0x49d238 - FreeEnvironmentStringsA
0x49d23c - FreeEnvironmentStringsW
0x49d240 - GetEnvironmentStrings
0x49d244 - GetEnvironmentStringsW
0x49d248 - SetHandleCount
0x49d24c - GetStdHandle
0x49d250 - GetEnvironmentVariableA
0x49d254 - HeapDestroy
0x49d258 - HeapCreate
0x49d25c - VirtualFree
0x49d260 - SetEnvironmentVariableA
0x49d264 - LCMapStringA
0x49d268 - LCMapStringW
0x49d26c - VirtualAlloc
0x49d270 - IsBadWritePtr
0x49d274 - SetUnhandledExceptionFilter
0x49d278 - GetStringTypeA
0x49d27c - GetStringTypeW
0x49d280 - CompareStringA
0x49d284 - CompareStringW
0x49d288 - IsBadReadPtr
0x49d28c - IsBadCodePtr
0x49d290 - IsValidLocale
0x49d294 - IsValidCodePage
0x49d298 - EnumSystemLocalesA
0x49d29c - GetLocaleInfoW
0x49d2a0 - GetWindowsDirectoryA
0x49d2a4 - GetSystemDirectoryA
0x49d2a8 - CreateSemaphoreA
0x49d2ac - ResumeThread
0x49d2b0 - ReleaseSemaphore
0x49d2b4 - EnterCriticalSection
0x49d2b8 - LeaveCriticalSection
0x49d2bc - GetProfileStringA
0x49d2c0 - WriteFile
0x49d2c4 - WaitForMultipleObjects
0x49d2c8 - CreateFileA
0x49d2cc - SetEvent
0x49d2d0 - FindResourceA
0x49d2d4 - LoadResource
0x49d2d8 - LockResource
0x49d2dc - ReadFile
0x49d2e0 - lstrlenW
0x49d2e4 - GetModuleFileNameA
0x49d2e8 - WideCharToMultiByte
0x49d2ec - MultiByteToWideChar
0x49d2f0 - GetCurrentThreadId
0x49d2f4 - ExitProcess
0x49d2f8 - GlobalSize
0x49d2fc - GlobalFree
0x49d300 - DeleteCriticalSection
0x49d304 - InitializeCriticalSection
0x49d308 - lstrcatA
0x49d30c - lstrlenA
0x49d310 - WinExec
0x49d314 - lstrcpyA
0x49d318 - FindNextFileA
0x49d31c - GlobalReAlloc
0x49d320 - HeapFree
0x49d324 - HeapReAlloc
0x49d328 - GetProcessHeap
0x49d32c - HeapAlloc
0x49d330 - GetUserDefaultLCID
0x49d334 - GetFullPathNameA
0x49d338 - FreeLibrary
0x49d33c - LoadLibraryA
0x49d340 - GetLastError
0x49d344 - GetVersionExA
0x49d348 - WritePrivateProfileStringA
0x49d34c - GetPrivateProfileStringA
0x49d350 - CreateThread
0x49d354 - CreateEventA
0x49d358 - Sleep
0x49d35c - GlobalAlloc
0x49d360 - GlobalLock
0x49d364 - GlobalUnlock
0x49d368 - GetTempPathA
0x49d36c - FindFirstFileA
0x49d370 - FindClose
0x49d374 - GetFileAttributesA
0x49d378 - SetCurrentDirectoryA
0x49d37c - GetVolumeInformationA
0x49d380 - GetModuleHandleA
0x49d384 - GetProcAddress
0x49d388 - MulDiv
0x49d38c - GetCommandLineA
0x49d390 - GetTickCount
0x49d394 - CreateProcessA
0x49d398 - WaitForSingleObject
0x49d39c - CloseHandle
0x49d3a0 - InterlockedExchange
0x49d3a4 - SetEndOfFile
库 USER32.dll:
0x49d3f0 - ScrollWindowEx
0x49d3f4 - IsDialogMessageA
0x49d3f8 - MoveWindow
0x49d3fc - CheckMenuItem
0x49d400 - SetMenuItemBitmaps
0x49d404 - GetMenuState
0x49d408 - GetMenuCheckMarkDimensions
0x49d40c - LoadStringA
0x49d410 - GetSysColorBrush
0x49d414 - CreateIconFromResourceEx
0x49d418 - CreateIconFromResource
0x49d41c - DrawIconEx
0x49d420 - CreatePopupMenu
0x49d424 - AppendMenuA
0x49d428 - ModifyMenuA
0x49d42c - CreateMenu
0x49d430 - CreateAcceleratorTableA
0x49d434 - GetDlgCtrlID
0x49d438 - GetSubMenu
0x49d43c - EnableMenuItem
0x49d440 - ClientToScreen
0x49d444 - EnumDisplaySettingsA
0x49d448 - LoadImageA
0x49d44c - SystemParametersInfoA
0x49d450 - ShowWindow
0x49d454 - IsWindowEnabled
0x49d458 - TranslateAcceleratorA
0x49d45c - GetKeyState
0x49d460 - CopyAcceleratorTableA
0x49d464 - PostQuitMessage
0x49d468 - IsZoomed
0x49d46c - GetClassInfoA
0x49d470 - DefWindowProcA
0x49d474 - GetSystemMenu
0x49d478 - DeleteMenu
0x49d47c - GetMenu
0x49d480 - SetMenu
0x49d484 - PeekMessageA
0x49d488 - IsIconic
0x49d48c - SetFocus
0x49d490 - GetActiveWindow
0x49d494 - GetWindow
0x49d498 - DestroyAcceleratorTable
0x49d49c - SetWindowRgn
0x49d4a0 - GetMessagePos
0x49d4a4 - ScreenToClient
0x49d4a8 - ChildWindowFromPointEx
0x49d4ac - CopyRect
0x49d4b0 - KillTimer
0x49d4b4 - SetTimer
0x49d4b8 - ReleaseCapture
0x49d4bc - GetCapture
0x49d4c0 - SetCapture
0x49d4c4 - GetScrollRange
0x49d4c8 - SetScrollRange
0x49d4cc - SetScrollPos
0x49d4d0 - SetRect
0x49d4d4 - InflateRect
0x49d4d8 - IntersectRect
0x49d4dc - DestroyIcon
0x49d4e0 - PtInRect
0x49d4e4 - OffsetRect
0x49d4e8 - EnableWindow
0x49d4ec - RedrawWindow
0x49d4f0 - GetWindowLongA
0x49d4f4 - SetWindowLongA
0x49d4f8 - GetSysColor
0x49d4fc - SetActiveWindow
0x49d500 - SetCursorPos
0x49d504 - LoadCursorA
0x49d508 - SetCursor
0x49d50c - GetDC
0x49d510 - FillRect
0x49d514 - IsRectEmpty
0x49d518 - ReleaseDC
0x49d51c - IsChild
0x49d520 - DestroyMenu
0x49d524 - SetForegroundWindow
0x49d528 - GetWindowRect
0x49d52c - EqualRect
0x49d530 - UpdateWindow
0x49d534 - ValidateRect
0x49d538 - InvalidateRect
0x49d53c - GetClientRect
0x49d540 - GetFocus
0x49d544 - GetParent
0x49d548 - GetTopWindow
0x49d54c - PostMessageA
0x49d550 - IsWindow
0x49d554 - SetParent
0x49d558 - DestroyCursor
0x49d55c - SendMessageA
0x49d560 - SetWindowPos
0x49d564 - MessageBoxA
0x49d568 - GetCursorPos
0x49d56c - GetSystemMetrics
0x49d570 - EmptyClipboard
0x49d574 - SetClipboardData
0x49d578 - OpenClipboard
0x49d57c - GetClipboardData
0x49d580 - CloseClipboard
0x49d584 - wsprintfA
0x49d588 - WaitForInputIdle
0x49d58c - SendDlgItemMessageA
0x49d590 - MapWindowPoints
0x49d594 - AdjustWindowRectEx
0x49d598 - GetScrollPos
0x49d59c - RegisterClassA
0x49d5a0 - GetMenuItemCount
0x49d5a4 - GetMenuItemID
0x49d5a8 - CreateWindowExA
0x49d5ac - SetWindowsHookExA
0x49d5b0 - CallNextHookEx
0x49d5b4 - GetClassLongA
0x49d5b8 - SetPropA
0x49d5bc - UnhookWindowsHookEx
0x49d5c0 - GetPropA
0x49d5c4 - CallWindowProcA
0x49d5c8 - RemovePropA
0x49d5cc - GetMessageTime
0x49d5d0 - GetLastActivePopup
0x49d5d4 - RegisterWindowMessageA
0x49d5d8 - GetWindowPlacement
0x49d5dc - GetNextDlgTabItem
0x49d5e0 - EndDialog
0x49d5e4 - CreateDialogIndirectParamA
0x49d5e8 - DestroyWindow
0x49d5ec - GrayStringA
0x49d5f0 - DrawTextA
0x49d5f4 - TabbedTextOutA
0x49d5f8 - EndPaint
0x49d5fc - BeginPaint
0x49d600 - GetWindowDC
0x49d604 - CharUpperA
0x49d608 - GetWindowTextLengthA
0x49d60c - SetWindowTextA
0x49d610 - GetWindowTextA
0x49d614 - GetDlgItem
0x49d618 - UnregisterClassA
0x49d61c - GetClassNameA
0x49d620 - GetDesktopWindow
0x49d624 - GetKeyboardLayout
0x49d628 - GetForegroundWindow
0x49d62c - LoadIconA
0x49d630 - TranslateMessage
0x49d634 - DrawFrameControl
0x49d638 - DrawEdge
0x49d63c - DrawFocusRect
0x49d640 - WindowFromPoint
0x49d644 - GetMessageA
0x49d648 - DispatchMessageA
0x49d64c - SetRectEmpty
0x49d650 - WinHelpA
0x49d654 - RegisterClipboardFormatA
0x49d658 - LoadBitmapA
0x49d65c - IsWindowVisible
库 GDI32.dll:
0x49d028 - RoundRect
0x49d02c - GetTextMetricsA
0x49d030 - Escape
0x49d034 - ExtTextOutA
0x49d038 - TextOutA
0x49d03c - RectVisible
0x49d040 - PtVisible
0x49d044 - GetViewportExtEx
0x49d048 - ExtSelectClipRgn
0x49d04c - GetCurrentObject
0x49d050 - GetTextExtentPoint32A
0x49d054 - LPtoDP
0x49d058 - Rectangle
0x49d05c - Ellipse
0x49d060 - CreateCompatibleDC
0x49d064 - BitBlt
0x49d068 - StartPage
0x49d06c - StartDocA
0x49d070 - DeleteDC
0x49d074 - EndDoc
0x49d078 - EndPage
0x49d07c - GetObjectA
0x49d080 - GetStockObject
0x49d084 - CreateFontIndirectA
0x49d088 - CreateSolidBrush
0x49d08c - FillRgn
0x49d090 - CreateRectRgn
0x49d094 - CombineRgn
0x49d098 - PatBlt
0x49d09c - CreatePen
0x49d0a0 - SelectObject
0x49d0a4 - CreateBitmap
0x49d0a8 - CreateDCA
0x49d0ac - CreateCompatibleBitmap
0x49d0b0 - GetPolyFillMode
0x49d0b4 - GetStretchBltMode
0x49d0b8 - GetROP2
0x49d0bc - GetBkColor
0x49d0c0 - GetBkMode
0x49d0c4 - GetTextColor
0x49d0c8 - CreateRoundRectRgn
0x49d0cc - CreateEllipticRgn
0x49d0d0 - PathToRegion
0x49d0d4 - EndPath
0x49d0d8 - BeginPath
0x49d0dc - GetWindowOrgEx
0x49d0e0 - GetViewportOrgEx
0x49d0e4 - GetWindowExtEx
0x49d0e8 - GetDIBits
0x49d0ec - RealizePalette
0x49d0f0 - SelectPalette
0x49d0f4 - StretchBlt
0x49d0f8 - DPtoLP
0x49d0fc - CreatePalette
0x49d100 - GetSystemPaletteEntries
0x49d104 - CreateDIBitmap
0x49d108 - DeleteObject
0x49d10c - SelectClipRgn
0x49d110 - CreatePolygonRgn
0x49d114 - GetClipRgn
0x49d118 - SetStretchBltMode
0x49d11c - CreateRectRgnIndirect
0x49d120 - SetBkColor
0x49d124 - SaveDC
0x49d128 - RestoreDC
0x49d12c - SetBkMode
0x49d130 - SetPolyFillMode
0x49d134 - SetROP2
0x49d138 - SetTextColor
0x49d13c - SetMapMode
0x49d140 - SetViewportOrgEx
0x49d144 - OffsetViewportOrgEx
0x49d148 - SetViewportExtEx
0x49d14c - ScaleViewportExtEx
0x49d150 - SetWindowOrgEx
0x49d154 - SetWindowExtEx
0x49d158 - ScaleWindowExtEx
0x49d15c - GetClipBox
0x49d160 - ExcludeClipRect
0x49d164 - MoveToEx
0x49d168 - LineTo
0x49d16c - GetDeviceCaps
库 WINSPOOL.DRV:
0x49d6bc - DocumentPropertiesA
0x49d6c0 - OpenPrinterA
0x49d6c4 - ClosePrinter
库 comdlg32.dll:
0x49d700 - GetFileTitleA
0x49d704 - GetSaveFileNameA
0x49d708 - GetOpenFileNameA
0x49d70c - ChooseColorA
库 ADVAPI32.dll:
0x49d000 - GetUserNameA
0x49d004 - RegQueryValueA
0x49d008 - RegSetValueExA
0x49d00c - RegOpenKeyExA
0x49d010 - RegCloseKey
0x49d014 - RegCreateKeyExA
库 SHELL32.dll:
0x49d3e0 - SHGetSpecialFolderPathA
0x49d3e4 - Shell_NotifyIconA
0x49d3e8 - ShellExecuteA
库 ole32.dll:
0x49d714 - CLSIDFromProgID
0x49d718 - OleInitialize
0x49d71c - OleUninitialize
0x49d720 - CLSIDFromString
0x49d724 - CoCreateInstance
0x49d728 - OleRun
库 OLEAUT32.dll:
0x49d3ac - UnRegisterTypeLib
0x49d3b0 - LoadTypeLib
0x49d3b4 - VariantCopyInd
0x49d3b8 - VariantInit
0x49d3bc - SysAllocString
0x49d3c0 - RegisterTypeLib
0x49d3c4 - LHashValOfNameSys
0x49d3c8 - VariantClear
0x49d3cc - VariantChangeType
库 COMCTL32.dll:
0x49d01c - None
0x49d020 - ImageList_Destroy
库 WININET.dll:
0x49d66c - InternetCloseHandle

投放文件

无信息

行为分析

互斥量(Mutexes)
  • Local\MSCTF.Asm.MutexDefault1
执行的命令
  • regsvr32 C:\Windows\system32\dm.dll /s
  • regsvr32 /s C:\Users\test\Documents\\dm.dll -s
创建的服务 无信息
启动的服务 无信息

进程

__________________v2.0.exe PID: 2688, 上一级进程 PID: 2336

regsvr32.exe PID: 2792, 上一级进程 PID: 2688

regsvr32.exe PID: 2872, 上一级进程 PID: 2688

访问的文件
  • C:\Users\test\AppData\Local\Temp\ole32.dll
  • C:\Users\test\AppData\Local\Temp\psapi.dll
  • C:\Users\test\AppData\Local\Temp\__________________v2.0.exe
  • C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui
  • C:\Windows\System32\tzres.dll
  • C:\Windows\System32\dm.dll
  • C:\
  • C:\Users\test\AppData\Local\Temp\gdiplus.dll
  • C:\Users\test\AppData\Local\Temp\__________________v2.0.exe.Local\
  • C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
  • C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
  • C:\Users\test\AppData\Local\Temp\\xe7\xb0\xab\xe8\xa4\x80\xe6\xa9\x94\x18
  • C:\Users\test\AppData\Local\Temp\user32.dll
  • C:\Users\test\AppData\Local\Temp\kernel32.dll
  • C:\Users\test\Documents\dm.dll
  • C:\Users\test\Documents\1.bmp
  • C:\test_debug.txt
  • C:\test_dx.txt
  • C:\*.log
  • C:\Windows\SysWOW64\dm.dll
  • C:\Windows\SysWOW64\stdole2.tlb
  • C:\Windows\Fonts\staticcache.dat
  • C:\Users\test\AppData\Local\Temp\gdi32.dll
  • C:\Users\test\AppData\Local\Temp\GdiPlus.dll
  • \Device\KsecDD
  • C:\Users\test\Documents\MFC42.DLL
  • C:\Windows\System32\mfc42.dll
  • C:\Users\test\Documents\ODBC32.dll
  • C:\Windows\System32\odbc32.dll
  • C:\Windows\Globalization\Sorting\sortdefault.nls
读取的文件
  • C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui
  • C:\Windows\System32\tzres.dll
  • C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
  • C:\Users\test\AppData\Local\Temp\\xe7\xb0\xab\xe8\xa4\x80\xe6\xa9\x94\x18
  • C:\Users\test\AppData\Local\Temp\__________________v2.0.exe
  • C:\test_debug.txt
  • C:\test_dx.txt
  • C:\Windows\SysWOW64\dm.dll
  • C:\Windows\SysWOW64\stdole2.tlb
  • C:\Windows\Fonts\staticcache.dat
  • \Device\KsecDD
  • C:\Windows\System32\dm.dll
  • C:\Users\test\Documents\dm.dll
  • C:\Windows\System32\mfc42.dll
  • C:\Windows\System32\odbc32.dll
  • C:\Windows\Globalization\Sorting\sortdefault.nls
修改的文件
  • C:\Windows\System32\dm.dll
  • C:\Users\test\Documents\dm.dll
  • C:\Users\test\Documents\1.bmp
删除的文件 无信息
注册表键
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IconServiceLib
  • HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
  • HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
  • HKEY_CLASSES_ROOT\CLSID\{2B46E70F-CDA7-473E-89F6-DC9630A2390B}\Instance
  • HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\__________________v2.0.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_CURRENT_USER
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
  • HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
  • HKEY_CURRENT_USER\Software\Classes
  • HKEY_CURRENT_USER\Software\Classes\TypeLib
  • HKEY_CURRENT_USER\Software\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\804
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\0\win32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\0\win32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot
  • HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
  • HKEY_CLASSES_ROOT\.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\(Default)
  • HKEY_CLASSES_ROOT\dllfile
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\AutoRegister
  • HKEY_CLASSES_ROOT\dm.dmsoft
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dm.dmsoft\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dm.dmsoft\CLSID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dm.dmsoft\CLSID\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dm.dmsoft\CurVer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dm.dmsoft\CurVer\(Default)
  • HKEY_CLASSES_ROOT\CLSID
  • HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32
  • HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\ProgID
  • HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\ProgID
  • HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\ProgID\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\FLAGS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\FLAGS\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\HELPDIR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\HELPDIR\(Default)
  • HKEY_CURRENT_USER\Software\Classes\Interface
  • HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\Version
  • HKEY_CURRENT_USER\Software\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\Version
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\dm.dll
读取的注册表键
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IconServiceLib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\0\win32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\FLAGS\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\HELPDIR\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\dm.dll
修改的注册表键
  • HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
  • HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dm.dmsoft\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dm.dmsoft\CLSID\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dm.dmsoft\CurVer\(Default)
  • HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\ProgID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\ProgID\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\0\win32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\HELPDIR\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\Version
  • HKEY_CLASSES_ROOT\dm.dmsoft
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dm.dmsoft\CLSID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dm.dmsoft\CurVer
  • HKEY_CURRENT_USER\Software\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\FLAGS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\FLAGS\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\0\win32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\HELPDIR
  • HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\Version
删除的注册表键 无信息
API解析
  • kernel32.dll.IsProcessorFeaturePresent
  • cryptbase.dll.SystemFunction036
  • ole32.dll.CoInitialize
  • psapi.dll.GetModuleFileNameExA
  • kernel32.dll.GetVersionExA
  • gdiplus.dll.GdiplusStartup
  • user32.dll.GetWindowInfo
  • user32.dll.GetAncestor
  • user32.dll.GetMonitorInfoA
  • user32.dll.EnumDisplayMonitors
  • user32.dll.EnumDisplayDevicesA
  • gdi32.dll.ExtTextOutW
  • gdi32.dll.GdiIsMetaPrintDC
  • windowscodecs.dll.WICCreateImagingFactory_Proxy
  • ole32.dll.CreateStreamOnHGlobal
  • kernel32.dll.WerRegisterMemoryBlock
  • ole32.dll.GetHGlobalFromStream
  • comctl32.dll.RegisterClassNameW
  • uxtheme.dll.EnableThemeDialogTexture
  • uxtheme.dll.OpenThemeData
  • kernel32.dll.VirtualProtect
  • kernel32.dll.LoadLibraryA
  • kernel32.dll.VirtualAlloc
  • kernel32.dll.VirtualFree
  • kernel32.dll.IsBadReadPtr
  • kernel32.dll.GetProcessHeap
  • kernel32.dll.FreeLibrary
  • kernel32.dll.HeapFree
  • kernel32.dll.HeapAlloc
  • kernel32.dll.HeapReAlloc
  • kernel32.dll.GetProcAddress
  • comctl32.dll.ImageList_Draw
  • gdi32.dll.BitBlt
  • msimg32.dll.TransparentBlt
  • msvcrt.dll.free
  • msvfw32.dll.DrawDibOpen
  • user32.dll.GetDC
  • kernel32.dll.MulDiv
  • kernel32.dll.FlushInstructionCache
  • kernel32.dll.GetCurrentProcess
  • kernel32.dll.GetTickCount
  • kernel32.dll.VirtualQuery
  • kernel32.dll.SetFilePointer
  • kernel32.dll.GlobalAlloc
  • kernel32.dll.GlobalLock
  • kernel32.dll.GlobalUnlock
  • kernel32.dll.GlobalReAlloc
  • kernel32.dll.GlobalFree
  • kernel32.dll.FindResourceA
  • kernel32.dll.LoadResource
  • kernel32.dll.LockResource
  • kernel32.dll.SizeofResource
  • kernel32.dll.GetModuleFileNameA
  • kernel32.dll.GetModuleHandleA
  • kernel32.dll.GetVersion
  • kernel32.dll.GetCurrentThreadId
  • kernel32.dll.CreateFileA
  • kernel32.dll.GetFileSize
  • kernel32.dll.CloseHandle
  • kernel32.dll.ReadFile
  • kernel32.dll.SetLastError
  • comctl32.dll.ImageList_GetIcon
  • comctl32.dll.ImageList_GetImageInfo
  • comctl32.dll.ImageList_GetIconSize
  • gdi32.dll.SetWindowExtEx
  • gdi32.dll.SetWindowOrgEx
  • gdi32.dll.SetMapMode
  • gdi32.dll.SelectClipPath
  • gdi32.dll.EndPath
  • gdi32.dll.BeginPath
  • gdi32.dll.TextOutA
  • gdi32.dll.GetClipRgn
  • gdi32.dll.GetPixel
  • gdi32.dll.CreatePatternBrush
  • gdi32.dll.CreateFontIndirectA
  • gdi32.dll.SetViewportOrgEx
  • gdi32.dll.GetStockObject
  • gdi32.dll.GetTextExtentPoint32A
  • gdi32.dll.CreateRoundRectRgn
  • gdi32.dll.CreateFontA
  • gdi32.dll.SetViewportExtEx
  • gdi32.dll.SelectClipRgn
  • gdi32.dll.SelectObject
  • gdi32.dll.CreateCompatibleDC
  • gdi32.dll.DeleteDC
  • gdi32.dll.OffsetRgn
  • gdi32.dll.CombineRgn
  • gdi32.dll.CreateRectRgn
  • gdi32.dll.CreatePen
  • gdi32.dll.ExtCreateRegion
  • gdi32.dll.DeleteObject
  • gdi32.dll.Rectangle
  • gdi32.dll.SetPixel
  • gdi32.dll.PtInRegion
  • gdi32.dll.SetTextColor
  • gdi32.dll.SetBkMode
  • gdi32.dll.PatBlt
  • gdi32.dll.CreateDIBSection
  • gdi32.dll.GetObjectA
  • gdi32.dll.CreateCompatibleBitmap
  • gdi32.dll.GetTextExtentPointA
  • gdi32.dll.ExtTextOutA
  • gdi32.dll.SetBkColor
  • gdi32.dll.GetTextColor
  • gdi32.dll.CreateSolidBrush
  • msvcrt.dll.??3@YAXPAX@Z
  • msvcrt.dll.__CxxFrameHandler
  • msvcrt.dll.??2@YAPAXI@Z
  • msvcrt.dll._ftol
  • msvcrt.dll._mbsstr
  • msvcrt.dll._mbscmp
  • msvcrt.dll.__dllonexit
  • msvcrt.dll.malloc
  • msvcrt.dll._initterm
  • msvcrt.dll._adjust_fdiv
  • msvcrt.dll._onexit
  • msvcrt.dll.memcpy
  • msvfw32.dll.DrawDibDraw
  • msvfw32.dll.DrawDibClose
  • user32.dll.SetWindowsHookExA
  • user32.dll.UnhookWindowsHookEx
  • user32.dll.CallNextHookEx
  • user32.dll.GetClassNameA
  • user32.dll.IsWindow
  • user32.dll.EnumThreadWindows
  • user32.dll.EnumChildWindows
  • user32.dll.LockWindowUpdate
  • user32.dll.DestroyIcon
  • user32.dll.DrawStateA
  • user32.dll.ShowWindow
  • user32.dll.GetMenuItemID
  • user32.dll.GetWindowRgn
  • user32.dll.SetMenu
  • user32.dll.GetMenu
  • user32.dll.GetSubMenu
  • user32.dll.TrackPopupMenu
  • user32.dll.CreateWindowExA
  • user32.dll.DestroyWindow
  • user32.dll.SetWindowPos
  • user32.dll.GetClassLongA
  • user32.dll.ScreenToClient
  • user32.dll.SystemParametersInfoA
  • user32.dll.GetSystemMetrics
  • user32.dll.MenuItemFromPoint
  • user32.dll.GetMenuItemRect
  • user32.dll.GetMenuItemCount
  • user32.dll.SetMenuItemInfoA
  • user32.dll.IsMenu
  • user32.dll.GetUpdateRect
  • user32.dll.EqualRect
  • user32.dll.ShowScrollBar
  • user32.dll.SetWindowRgn
  • user32.dll.WindowFromDC
  • user32.dll.MoveWindow
  • user32.dll.GetSysColor
  • user32.dll.EnableScrollBar
  • user32.dll.GetScrollBarInfo
  • user32.dll.GetCapture
  • user32.dll.SetScrollPos
  • user32.dll.SetScrollInfo
  • user32.dll.GetScrollRange
  • user32.dll.GetScrollPos
  • user32.dll.GetScrollInfo
  • user32.dll.ReleaseDC
  • user32.dll.GetWindowDC
  • user32.dll.GetDCEx
  • user32.dll.EndPaint
  • user32.dll.BeginPaint
  • user32.dll.GetWindowLongW
  • user32.dll.SetWindowLongW
  • user32.dll.SetWindowLongA
  • user32.dll.ClientToScreen
  • user32.dll.FindWindowExA
  • user32.dll.GetMenuItemInfoA
  • user32.dll.GetParent
  • user32.dll.GetComboBoxInfo
  • user32.dll.TrackMouseEvent
  • user32.dll.GetIconInfo
  • user32.dll.GetClientRect
  • user32.dll.GetFocus
  • user32.dll.InflateRect
  • user32.dll.InvalidateRect
  • user32.dll.SetPropA
  • user32.dll.RemovePropA
  • user32.dll.CallWindowProcA
  • user32.dll.GetPropA
  • user32.dll.SetTimer
  • user32.dll.OffsetRect
  • user32.dll.KillTimer
  • user32.dll.EnableWindow
  • user32.dll.GetWindowLongA
  • user32.dll.SetRectEmpty
  • user32.dll.DrawIconEx
  • user32.dll.GetWindowTextA
  • user32.dll.DrawTextA
  • user32.dll.IsRectEmpty
  • user32.dll.IsIconic
  • user32.dll.IsZoomed
  • user32.dll.GetSystemMenu
  • user32.dll.GetMenuState
  • user32.dll.ReleaseCapture
  • user32.dll.GetMessageA
  • user32.dll.SetScrollRange
  • user32.dll.DispatchMessageA
  • user32.dll.SetRect
  • user32.dll.IsWindowVisible
  • user32.dll.RegisterClassExA
  • user32.dll.DefWindowProcA
  • user32.dll.IsWindowEnabled
  • user32.dll.SendMessageA
  • user32.dll.GetCursorPos
  • user32.dll.LoadCursorA
  • user32.dll.SetCursor
  • user32.dll.GetWindowRect
  • user32.dll.PtInRect
  • user32.dll.SetCapture
  • user32.dll.UpdateLayeredWindow
  • user32.dll.SetLayeredWindowAttributes
  • dciman32.dll.DCIOpenProvider
  • dciman32.dll.DCICloseProvider
  • dciman32.dll.DCICreatePrimary
  • dciman32.dll.DCIEndAccess
  • dciman32.dll.DCIBeginAccess
  • dciman32.dll.DCIDestroy
  • ole32.dll.CoInitializeEx
  • ole32.dll.CoUninitialize
  • ole32.dll.CoRegisterInitializeSpy
  • ole32.dll.CoRevokeInitializeSpy
  • kernel32.dll.FormatMessageA
  • kernel32.dll.LocalFree
  • kernel32.dll.CreateMutexA
  • kernel32.dll.GetSystemInfo
  • kernel32.dll.VirtualQueryEx
  • kernel32.dll.WriteFile
  • kernel32.dll.GetCurrentThread
  • kernel32.dll.WaitForMultipleObjects
  • kernel32.dll.SetEvent
  • kernel32.dll.GetLastError
  • kernel32.dll.ResumeThread
  • kernel32.dll.DeleteFileA
  • kernel32.dll.GetHandleInformation
  • kernel32.dll.GetSystemTime
  • kernel32.dll.TerminateThread
  • kernel32.dll.GetTempPathA
  • kernel32.dll.VirtualFreeEx
  • kernel32.dll.WaitForSingleObject
  • kernel32.dll.GetExitCodeThread
  • kernel32.dll.CreateFileMappingA
  • kernel32.dll.MapViewOfFile
  • kernel32.dll.CreateEventA
  • kernel32.dll.UnmapViewOfFile
  • kernel32.dll.InterlockedExchange
  • kernel32.dll.Sleep
  • kernel32.dll.InterlockedIncrement
  • kernel32.dll.InterlockedDecrement
  • kernel32.dll.InitializeCriticalSection
  • kernel32.dll.DeleteCriticalSection
  • kernel32.dll.HeapDestroy
  • kernel32.dll.WideCharToMultiByte
  • kernel32.dll.lstrcatA
  • kernel32.dll.EnterCriticalSection
  • kernel32.dll.LeaveCriticalSection
  • kernel32.dll.CreateToolhelp32Snapshot
  • kernel32.dll.Module32First
  • kernel32.dll.Module32Next
  • kernel32.dll.GetFileAttributesA
  • kernel32.dll.GetCurrentProcessId
  • kernel32.dll.OpenEventA
  • kernel32.dll.GetSystemDirectoryA
  • kernel32.dll.GetShortPathNameA
  • kernel32.dll.lstrlenA
  • kernel32.dll.MultiByteToWideChar
  • kernel32.dll.lstrlenW
  • kernel32.dll.GetWindowsDirectoryA
  • kernel32.dll.GetCurrentDirectoryA
  • kernel32.dll.WinExec
  • kernel32.dll.MoveFileA
  • kernel32.dll.SetFileAttributesA
  • kernel32.dll.RemoveDirectoryA
  • kernel32.dll.CreateDirectoryA
  • kernel32.dll.SetThreadExecutionState
  • kernel32.dll.OpenProcess
  • kernel32.dll.ReadProcessMemory
  • kernel32.dll.FileTimeToSystemTime
  • kernel32.dll.GetThreadTimes
  • kernel32.dll.GetProcessTimes
  • kernel32.dll.Process32Next
  • kernel32.dll.Process32First
  • kernel32.dll.TerminateProcess
  • kernel32.dll.GetLocalTime
  • kernel32.dll.LoadLibraryExW
  • kernel32.dll.DeviceIoControl
  • kernel32.dll.lstrcpyA
  • kernel32.dll.Beep
  • kernel32.dll.InterlockedCompareExchange
  • kernel32.dll.GetThreadContext
  • kernel32.dll.SetThreadContext
  • kernel32.dll.SuspendThread
  • kernel32.dll.GetPrivateProfileStringA
  • kernel32.dll.WritePrivateProfileStringA
  • kernel32.dll.GetLogicalDriveStringsA
  • kernel32.dll.LocalAlloc
  • kernel32.dll.OpenFileMappingA
  • kernel32.dll.CopyFileA
  • advapi32.dll.AdjustTokenPrivileges
  • advapi32.dll.OpenProcessToken
  • advapi32.dll.RegDeleteKeyA
  • advapi32.dll.RegSetValueExA
  • advapi32.dll.GetTokenInformation
  • advapi32.dll.RegCloseKey
  • advapi32.dll.RegQueryValueExA
  • advapi32.dll.RegOpenKeyA
  • advapi32.dll.RegOpenKeyExA
  • advapi32.dll.RegDeleteValueA
  • advapi32.dll.LookupPrivilegeValueA
  • gdi32.dll.GetDeviceCaps
  • gdi32.dll.EnumFontFamiliesExA
  • gdi32.dll.CreateEllipticRgn
  • gdi32.dll.SelectPalette
  • gdi32.dll.RealizePalette
  • gdi32.dll.GetDIBits
  • gdi32.dll.SetDIBits
  • gdi32.dll.GetClipBox
  • gdi32.dll.MoveToEx
  • gdi32.dll.LineTo
  • gdi32.dll.DPtoLP
  • gdi32.dll.CreateBitmap
  • gdi32.dll.GetMapMode
  • imm32.dll.ImmInstallIMEA
  • mfc42.dll.#3402
  • mfc42.dll.#3721
  • mfc42.dll.#818
  • mfc42.dll.#6880
  • mfc42.dll.#795
  • mfc42.dll.#6241
  • mfc42.dll.#567
  • mfc42.dll.#6453
  • mfc42.dll.#2379
  • mfc42.dll.#6805
  • mfc42.dll.#2864
  • mfc42.dll.#6671
  • mfc42.dll.#6478
  • mfc42.dll.#5265
  • mfc42.dll.#4376
  • mfc42.dll.#4853
  • mfc42.dll.#4998
  • mfc42.dll.#2514
  • mfc42.dll.#6052
  • mfc42.dll.#1775
  • mfc42.dll.#4425
  • mfc42.dll.#3597
  • mfc42.dll.#324
  • mfc42.dll.#2124
  • mfc42.dll.#3005
  • mfc42.dll.#6197
  • mfc42.dll.#3092
  • mfc42.dll.#2863
  • mfc42.dll.#6199
  • mfc42.dll.#4710
  • mfc42.dll.#5280
  • mfc42.dll.#5261
  • mfc42.dll.#1727
  • mfc42.dll.#3749
  • mfc42.dll.#5290
  • mfc42.dll.#5241
  • mfc42.dll.#6055
  • mfc42.dll.#6800
  • mfc42.dll.#6597
  • mfc42.dll.#465
  • mfc42.dll.#860
  • mfc42.dll.#539
  • mfc42.dll.#1601
  • mfc42.dll.#4278
  • mfc42.dll.#6779
  • mfc42.dll.#940
  • mfc42.dll.#355
  • mfc42.dll.#2515
  • mfc42.dll.#3499
  • mfc42.dll.#5683
  • mfc42.dll.#1116
  • mfc42.dll.#1176
  • mfc42.dll.#1575
  • mfc42.dll.#1577
  • mfc42.dll.#1182
  • mfc42.dll.#342
  • mfc42.dll.#1243
  • mfc42.dll.#1197
  • mfc42.dll.#1570
  • mfc42.dll.#1253
  • mfc42.dll.#1255
  • mfc42.dll.#1578
  • mfc42.dll.#600
  • mfc42.dll.#826
  • mfc42.dll.#269
  • mfc42.dll.#356
  • mfc42.dll.#924
  • mfc42.dll.#2770
  • mfc42.dll.#2781
  • mfc42.dll.#3178
  • mfc42.dll.#3181
  • mfc42.dll.#1980
  • mfc42.dll.#668
  • mfc42.dll.#3790
  • mfc42.dll.#5608
  • mfc42.dll.#2859
  • mfc42.dll.#941
  • mfc42.dll.#939
  • mfc42.dll.#535
  • mfc42.dll.#323
  • mfc42.dll.#1640
  • mfc42.dll.#2754
  • mfc42.dll.#2450
  • mfc42.dll.#640
  • mfc42.dll.#6143
  • mfc42.dll.#6883
  • mfc42.dll.#2764
  • mfc42.dll.#4129
  • mfc42.dll.#5710
  • mfc42.dll.#858
  • mfc42.dll.#2086
  • mfc42.dll.#6215
  • mfc42.dll.#6514
  • mfc42.dll.#641
  • mfc42.dll.#4432
  • mfc42.dll.#4627
  • mfc42.dll.#6691
  • mfc42.dll.#5277
  • mfc42.dll.#6614
  • mfc42.dll.#2446
  • mfc42.dll.#5260
  • mfc42.dll.#1725
  • mfc42.dll.#5065
  • mfc42.dll.#3748
  • mfc42.dll.#6376
  • mfc42.dll.#2055
  • mfc42.dll.#2648
  • mfc42.dll.#4441
  • mfc42.dll.#4837
  • mfc42.dll.#3798
  • mfc42.dll.#5281
  • mfc42.dll.#4353
  • mfc42.dll.#6374
  • mfc42.dll.#5163
  • mfc42.dll.#2385
  • mfc42.dll.#4407
  • mfc42.dll.#1776
  • mfc42.dll.#4078
  • mfc42.dll.#6054
  • mfc42.dll.#4108
  • mfc42.dll.#4960
  • mfc42.dll.#4963
  • mfc42.dll.#4524
  • mfc42.dll.#4529
  • mfc42.dll.#4526
  • mfc42.dll.#4543
  • mfc42.dll.#4545
  • mfc42.dll.#4531
  • mfc42.dll.#4889
  • mfc42.dll.#4720
  • mfc42.dll.#4347
  • mfc42.dll.#4340
  • mfc42.dll.#5076
  • mfc42.dll.#6817
  • mfc42.dll.#4892
  • mfc42.dll.#4370
  • mfc42.dll.#4899
  • mfc42.dll.#4588
  • mfc42.dll.#4589
  • mfc42.dll.#6835
  • mfc42.dll.#6856
  • mfc42.dll.#6845
  • mfc42.dll.#6812
  • mfc42.dll.#6815
  • mfc42.dll.#6816
  • mfc42.dll.#6858
  • mfc42.dll.#6846
  • mfc42.dll.#6847
  • mfc42.dll.#6867
  • mfc42.dll.#6859
  • mfc42.dll.#6832
  • mfc42.dll.#6855
  • mfc42.dll.#6823
  • mfc42.dll.#6857
  • mfc42.dll.#6807
  • mfc42.dll.#6591
  • mfc42.dll.#6650
  • mfc42.dll.#6283
  • mfc42.dll.#6282
  • mfc42.dll.#540
  • mfc42.dll.#2818
  • mfc42.dll.#5861
  • mfc42.dll.#537
  • mfc42.dll.#6877
  • mfc42.dll.#389
  • mfc42.dll.#825
  • mfc42.dll.#6059
  • mfc42.dll.#5207
  • mfc42.dll.#5356
  • mfc42.dll.#1988
  • mfc42.dll.#690
  • mfc42.dll.#541
  • mfc42.dll.#801
  • mfc42.dll.#823
  • mfc42.dll.#1168
  • mfc42.dll.#2725
  • mfc42.dll.#6354
  • mfc42.dll.#1131
  • mfc42.dll.#6467
  • mfc42.dll.#1132
  • mfc42.dll.#5500
  • mfc42.dll.#4202
  • mfc42.dll.#800
  • mfc42.dll.#561
  • mfc42.dll.#815
  • mfc42.dll.#3738
  • mfc42.dll.#4424
  • mfc42.dll.#4622
  • mfc42.dll.#4080
  • mfc42.dll.#3079
  • mfc42.dll.#3825
  • mfc42.dll.#3831
  • mfc42.dll.#3830
  • mfc42.dll.#2976
  • mfc42.dll.#3081
  • mfc42.dll.#2985
  • mfc42.dll.#3262
  • mfc42.dll.#3136
  • mfc42.dll.#4465
  • mfc42.dll.#3259
  • mfc42.dll.#3147
  • mfc42.dll.#2982
  • mfc42.dll.#5714
  • mfc42.dll.#5289
  • mfc42.dll.#5307
  • mfc42.dll.#4698
  • mfc42.dll.#4079
  • mfc42.dll.#5302
  • mfc42.dll.#5300
  • mfc42.dll.#3346
  • mfc42.dll.#2396
  • mfc42.dll.#5199
  • mfc42.dll.#1089
  • mfc42.dll.#3922
  • mfc42.dll.#5731
  • mfc42.dll.#2512
  • mfc42.dll.#2554
  • mfc42.dll.#4486
  • mfc42.dll.#6375
  • mfc42.dll.#4274
  • mfc42.dll.#4234
  • msvcp60.dll.??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
  • msvcp60.dll.?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
  • msvcp60.dll.?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
  • msvcp60.dll.?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
  • msvcp60.dll.?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
  • msvcp60.dll.?_Xlen@std@@YAXXZ
  • msvcp60.dll.?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
  • msvcp60.dll.?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
  • msvcp60.dll.?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
  • msvcp60.dll.?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
  • msvcp60.dll.?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
  • msvcp60.dll.?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
  • msvcp60.dll.??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
  • msvcp60.dll.?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
  • msvcp60.dll.?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
  • msvcp60.dll.?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
  • msvcp60.dll.?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
  • msvcp60.dll.?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
  • msvcp60.dll.?_Xran@std@@YAXXZ
  • msvcp60.dll.?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
  • msvcp60.dll.??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
  • msvcp60.dll.??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
  • msvcp60.dll.?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
  • msvcp60.dll.?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
  • msvcrt.dll.strtod
  • msvcrt.dll._iob
  • msvcrt.dll._snprintf
  • msvcrt.dll.abort
  • msvcrt.dll.isprint
  • msvcrt.dll.printf
  • msvcrt.dll._CxxThrowException
  • msvcrt.dll.__CxxLongjmpUnwind
  • msvcrt.dll._setjmp3
  • msvcrt.dll.longjmp
  • msvcrt.dll.floor
  • msvcrt.dll.exit
  • msvcrt.dll._wcsicmp
  • msvcrt.dll._memicmp
  • msvcrt.dll._strnicmp
  • msvcrt.dll._purecall
  • msvcrt.dll._beginthreadex
  • msvcrt.dll.sscanf
  • msvcrt.dll.isspace
  • msvcrt.dll.atoi
  • msvcrt.dll.rand
  • msvcrt.dll.srand
  • msvcrt.dll.fwrite
  • msvcrt.dll.fflush
  • msvcrt.dll.fputc
  • msvcrt.dll.getc
  • msvcrt.dll.fgets
  • msvcrt.dll.fscanf
  • msvcrt.dll.strncpy
  • msvcrt.dll.wcslen
  • msvcrt.dll.wcscpy
  • msvcrt.dll.remove
  • msvcrt.dll.getenv
  • msvcrt.dll._splitpath
  • msvcrt.dll._strlwr
  • msvcrt.dll.fopen
  • msvcrt.dll.fseek
  • msvcrt.dll.ftell
  • msvcrt.dll.fread
  • msvcrt.dll.strstr
  • msvcrt.dll.fclose
  • msvcrt.dll._CIpow
  • msvcrt.dll.isalpha
  • msvcrt.dll.isdigit
  • msvcrt.dll.toupper
  • msvcrt.dll.isxdigit
  • msvcrt.dll.isalnum
  • msvcrt.dll.sprintf
  • msvcrt.dll.swprintf
  • msvcrt.dll.localtime
  • msvcrt.dll._strupr
  • msvcrt.dll._itoa
  • msvcrt.dll.realloc
  • msvcrt.dll._except_handler3
  • msvcrt.dll.?terminate@@YAXXZ
  • msvcrt.dll.__lconv_init
  • msvcrt.dll.??1type_info@@UAE@XZ
  • msvcrt.dll._findfirst
  • msvcrt.dll._findnext
  • msvcrt.dll._findclose
  • msvcrt.dll.strrchr
  • msvcrt.dll.wcsrchr
  • msvcrt.dll.strchr
  • msvcrt.dll.memmove
  • msvcrt.dll.time
  • msvcrt.dll.vsprintf
  • msvcrt.dll.atol
  • msvcrt.dll.strncmp
  • msvcrt.dll.fprintf
  • ole32.dll.CoSetProxyBlanket
  • ole32.dll.CoCreateInstance
  • ole32.dll.CoInitializeSecurity
  • oleaut32.dll.#162
  • oleaut32.dll.#6
  • oleaut32.dll.#163
  • oleaut32.dll.#2
  • oleaut32.dll.#161
  • oleaut32.dll.#7
  • oleaut32.dll.#9
  • oleaut32.dll.#184
  • shell32.dll.SHBrowseForFolderW
  • shell32.dll.SHGetPathFromIDListW
  • user32.dll.CharNextA
  • user32.dll.MessageBoxA
  • user32.dll.GetForegroundWindow
  • user32.dll.GetWindow
  • user32.dll.TranslateMessage
  • user32.dll.UpdateWindow
  • user32.dll.SetClassLongA
  • user32.dll.UnregisterClassA
  • user32.dll.PostMessageA
  • user32.dll.AdjustWindowRectEx
  • user32.dll.EnableMenuItem
  • user32.dll.TranslateAcceleratorA
  • user32.dll.CopyIcon
  • user32.dll.MapVirtualKeyExA
  • user32.dll.GetWindowPlacement
  • user32.dll.GetActiveWindow
  • user32.dll.SetCursorPos
  • user32.dll.UnloadKeyboardLayout
  • user32.dll.FindWindowA
  • user32.dll.SendNotifyMessageA
  • user32.dll.DestroyCursor
  • user32.dll.LoadImageA
  • user32.dll.FillRect
  • user32.dll.SetForegroundWindow
  • user32.dll.WindowFromPoint
  • user32.dll.SetWindowTextA
  • user32.dll.PostQuitMessage
  • user32.dll.EnumWindows
  • user32.dll.MessageBoxW
  • user32.dll.DrawTextW
  • user32.dll.SendMessageTimeoutA
  • user32.dll.GetDlgCtrlID
  • user32.dll.MapVirtualKeyA
  • user32.dll.GetMessageExtraInfo
  • user32.dll.SendInput
  • user32.dll.GetDoubleClickTime
  • user32.dll.RedrawWindow
  • user32.dll.AttachThreadInput
  • user32.dll.IsWindowUnicode
  • user32.dll.GetClassNameW
  • user32.dll.GetDesktopWindow
  • user32.dll.DrawTextExA
  • user32.dll.GetWindowThreadProcessId
  • user32.dll.FindWindowW
  • user32.dll.SetWindowTextW
  • user32.dll.GetClipboardData
  • user32.dll.OpenClipboard
  • user32.dll.EmptyClipboard
  • user32.dll.SetClipboardData
  • user32.dll.CloseClipboard
  • user32.dll.MsgWaitForMultipleObjects
  • user32.dll.DrawIcon
  • user32.dll.ClipCursor
  • user32.dll.GetKeyboardLayout
  • user32.dll.ExitWindowsEx
  • user32.dll.ChangeDisplaySettingsA
  • user32.dll.PostThreadMessageA
  • user32.dll.PeekMessageA
  • user32.dll.GetAsyncKeyState
  • version.dll.GetFileVersionInfoSizeA
  • version.dll.GetFileVersionInfoA
  • version.dll.VerQueryValueA
  • winmm.dll.timeGetTime
  • winmm.dll.mciSendCommandA
  • winmm.dll.timeKillEvent
  • winmm.dll.timeSetEvent
  • ws2_32.dll.#8
  • ws2_32.dll.#16
  • ws2_32.dll.#20
  • ws2_32.dll.#17
  • ws2_32.dll.#14
  • ws2_32.dll.#52
  • ws2_32.dll.#23
  • ws2_32.dll.#11
  • ws2_32.dll.#9
  • ws2_32.dll.#4
  • ws2_32.dll.#111
  • ws2_32.dll.#115
  • ws2_32.dll.#116
  • ws2_32.dll.#3
  • ws2_32.dll.#7
  • ws2_32.dll.#19
  • ws2_32.dll.#21
  • sxs.dll.SxsOleAut32RedirectTypeLibrary
  • advapi32.dll.RegOpenKeyW
  • advapi32.dll.RegQueryValueW
  • sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
  • gdi32.dll.GetLayout
  • gdi32.dll.GdiRealizationInfo
  • gdi32.dll.FontIsLinked
  • advapi32.dll.RegOpenKeyExW
  • advapi32.dll.RegQueryInfoKeyW
  • gdi32.dll.GetTextFaceAliasW
  • advapi32.dll.RegEnumValueW
  • advapi32.dll.RegQueryValueExW
  • gdi32.dll.GetFontAssocStatus
  • advapi32.dll.RegEnumKeyExW
  • gdiplus.dll.GdipCreateFromHDC
  • gdiplus.dll.GdipSetClipHrgn
  • gdiplus.dll.GdipSetSmoothingMode
  • gdiplus.dll.GdipCreatePen1
  • gdiplus.dll.GdipDrawRectangle
  • gdiplus.dll.GdipDrawPath
  • gdiplus.dll.GdipDeletePath
  • gdiplus.dll.GdipDeletePen
  • gdiplus.dll.GdipResetClip
  • gdiplus.dll.GdipDeleteGraphics
  • gdi32.dll.GetTextExtentExPointWPri
  • dm.dll.DllRegisterServer
  • ole32.dll.CoTaskMemAlloc
  • ole32.dll.CoTaskMemFree
  • advapi32.dll.RegSetValueExW
  • kernel32.dll.RegDeleteKeyExW
  • advapi32.dll.RegCreateKeyExW
  • oleaut32.dll.#500
  • kernel32.dll.ExitThread
  • kernel32.dll.SetProcessAffinityMask
  • kernel32.dll.GetProcessAffinityMask
  • msvcrt.dll.??0exception@@QAE@ABQBD@Z
  • msvcrt.dll.??1exception@@UAE@XZ
  • msvcrt.dll.strlen
  • msvcrt.dll.??0exception@@QAE@ABV0@@Z
  • msvcrt.dll.memchr
  • user32.dll.GetKeyState
  • user32.dll.GetClassLongW
  • kernel32.dll.SortGetHandle
  • kernel32.dll.SortCloseHandle