魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
FILE	2021-04-21 19:11:52	2021-04-21 19:13:56	124 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-shaapp03-1	win7-sp1-x64-shaapp03-1	KVM	2021-04-21 19:11:52	2021-04-21 19:13:58

魔盾分数
8.95 恶意的

文件详细信息

文件名	superfinger.exe
文件大小	2535000 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
CRC32	4B1035F9
MD5	dcd1b93dedb0093e635b6a4e6f17c5ac
SHA1	ddb19f36afb0b00844514fa60fff7b9fff9f9d12
SHA256	6d2a0c0e395aa30ecc48a8a53b188bf0a15ea9e4924655759d794a32b2a131c1
SHA512	bf18957922b58a09aa3cc3c9218f7e77ca524b629f39bf8d7992778b2ce6310935cd635a6415310aa6aac35048a4d8315842136714357fbd91f0fa4c831915d7
Ssdeep	49152:yI/LhG2T05xF+LmebL/rHNFJP1esYe2PEgHhFtTcDCtlA3NgXJc:9o5xY/b7XJPVY19QDD/
PEiD	无匹配
Yara	with_urls (Detected the presence of an or several urls) IsPE32 (Detected a 32bit PE sample) IsWindowsGUI (Detected a Windows GUI sample) IsPacked (Detected Entropy signature) HasOverlay (Detected Overlay signature) HasDigitalSignature (Detected Digital Signature) HasRichSignature (Detected Rich Signature) UPXv20MarkusLaszloReiser () UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser () UPX293300LZMAMarkusOberhumerLaszloMolnarJohnReiser () screenshot (Detected take screenshot function) win_registry (Detected system registries modification function) UPX (Detected UPX. Commonly used by RAT!)
VirusTotal	VirusTotal查询失败

特征

在加密调用中发现至少一个IP地址，域名，或文件名

ioc: http://www.super-ec.cnhttp

ioc: wghai.com/echttp

ioc: qsyou.com/echttp

ioc: www.wghai.comhttp

ioc: bbs.wghai.com/forum-17-1.html/forum-12-1.html/memcp.php/ip.asp/time.asp/gonggao.txt/ec-user6.php/ec-bd.php/ec-jh.php

ioc: http://www.super-ec.cn

二进制文件可能包含加密或压缩数据

section: name: UPX1, entropy: 8.00, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00252000, virtual_size: 0x00252000

魔盾安全Yara规则检测结果 - 安全告警

Warning: Detected UPX. Commonly used by RAT!

发现包含域名用于钓鱼或其他恶意行为

url: http://time1903.beijing-time.org/time.asp

url: http://upfinger.oss-cn-shanghai.aliyuncs.com/finger_version.txt

可执行文件被使用UPX压缩

section: name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x0031e000

魔盾wping.org 域名信誉系统

Greylist: time1903.beijing-time.org

Badlist: upfinger.oss-cn-shanghai.aliyuncs.com

运行截图

网络分析

域名解析

域名	响应
time1903.beijing-time.org	A 119.23.209.237
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net A 104.116.243.153 CNAME a1983.dscd.akamai.net A 104.116.243.72
upfinger.oss-cn-shanghai.aliyuncs.com	A 106.14.229.122

TCP连接

IP地址	端口
104.116.243.72	80
106.14.229.122	80
119.23.209.237	80
119.23.209.237	80

UDP连接

IP地址	端口
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53

HTTP请求

URL	HTTP数据
http://time1903.beijing-time.org/time.asp	GET /time.asp HTTP/1.1 Accept: / Referer: http://time1903.beijing-time.org/time.asp Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: time1903.beijing-time.org Cache-Control: no-cache
http://time1903.beijing-time.org/time.asp	GET /time.asp HTTP/1.1 Accept: / Referer: http://time1903.beijing-time.org/time.asp Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: time1903.beijing-time.org Cache-Control: no-cache Cookie: ASPSESSIONIDQSQQSDQR=LNLDPGFDMMJFIHDGGLPPDCJJ
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache
http://upfinger.oss-cn-shanghai.aliyuncs.com/finger_version.txt	GET /finger_version.txt HTTP/1.1 Accept: / Referer: http://upfinger.oss-cn-shanghai.aliyuncs.com/finger_version.txt Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: upfinger.oss-cn-shanghai.aliyuncs.com Cache-Control: no-cache

静态分析

PE 信息

初始地址	0x00400000
入口地址	0x00970350
声明校验值	0x00000000
实际校验值	0x00274f1e
最低操作系统版本要求	4.0
编译时间	2021-03-26 22:27:52
载入哈希	a1bbb82ac1178c4d9c0589e88d4df7bb
图标
图标精确哈希值	f29225ed025a4abdb99971d0b1f93066
图标相似性哈希值	3b5d3c7d207e37dceeedd301e35e2e58

PE数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
UPX0	0x00001000	0x0031e000	0x00000000	IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.00
UPX1	0x0031f000	0x00252000	0x00252000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	8.00
.rsrc	0x00571000	0x00018000	0x00017400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.23

覆盖

偏移量:	0x00269800
大小:	0x00001658

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
TEXTINCLUDE	0x00571d28	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
TEXTINCLUDE	0x00571d28	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
TEXTINCLUDE	0x00571d28	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
WAVE	0x00571e80	0x00001448	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.35	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
RT_CURSOR	0x00573864	0x00000134	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.43	AmigaOS bitmap font
RT_CURSOR	0x00573864	0x00000134	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.43	AmigaOS bitmap font
RT_CURSOR	0x00573864	0x00000134	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.43	AmigaOS bitmap font
RT_CURSOR	0x00573864	0x00000134	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.43	AmigaOS bitmap font
RT_CURSOR	0x00573864	0x00000134	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.43	AmigaOS bitmap font
RT_CURSOR	0x00573864	0x00000134	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.43	AmigaOS bitmap font
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x00575024	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_ICON	0x00575584	0x00010828	LANG_NEUTRAL	SUBLANG_NEUTRAL	0.63	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x00575584	0x00010828	LANG_NEUTRAL	SUBLANG_NEUTRAL	0.63	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x00575584	0x00010828	LANG_NEUTRAL	SUBLANG_NEUTRAL	0.63	dBase III DBT, version number 0, next free block index 40
RT_MENU	0x00585dc0	0x00000284	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.28	data
RT_MENU	0x00585dc0	0x00000284	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.28	data
RT_DIALOG	0x00587030	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00587030	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00587030	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00587030	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00587030	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00587030	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00587030	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00587030	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00587030	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00587030	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_STRING	0x00587aa4	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x00587aa4	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x00587aa4	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x00587aa4	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x00587aa4	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x00587aa4	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x00587aa4	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x00587aa4	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x00587aa4	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x00587aa4	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x00587aa4	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_GROUP_CURSOR	0x00587b2c	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x00587b2c	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x00587b2c	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x00587b2c	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x00587b2c	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON	0x00587b84	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x00587b84	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x00587b84	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_MANIFEST	0x00587b9c	0x000002b9	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.02	XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库 KERNEL32.DLL:

• 0x987fe8 - LoadLibraryA

• 0x987fec - GetProcAddress

• 0x987ff0 - VirtualProtect

• 0x987ff4 - VirtualAlloc

• 0x987ff8 - VirtualFree

• 0x987ffc - ExitProcess

库 ADVAPI32.dll:

• 0x988004 - RegCloseKey

库 AVIFIL32.dll:

• 0x98800c - AVIStreamInfoA

库 COMCTL32.dll:

• 0x988014 - None

库 comdlg32.dll:

• 0x98801c - ChooseColorA

库 GDI32.dll:

• 0x988024 - PatBlt

库 iphlpapi.dll:

• 0x98802c - GetAdaptersInfo

库 MSVFW32.dll:

• 0x988034 - DrawDibDraw

库 ole32.dll:

• 0x98803c - OleRun

库 OLEAUT32.dll:

• 0x988044 - LHashValOfNameSys

库 oledlg.dll:

• 0x98804c - None

库 RASAPI32.dll:

• 0x988054 - RasHangUpA

库 SHELL32.dll:

• 0x98805c - DragFinish

库 USER32.dll:

• 0x988064 - GetDC

库 VERSION.dll:

• 0x98806c - VerLanguageNameA

库 WININET.dll:

• 0x988074 - InternetOpenA

库 WINMM.dll:

• 0x98807c - PlaySoundA

库 WINSPOOL.DRV:

• 0x988084 - ClosePrinter

库 WS2_32.dll:

• 0x98808c - select

投放文件

无信息

行为分析

互斥量(Mutexes)

Local\MSCTF.Asm.MutexDefault1

执行的命令 无信息

创建的服务 无信息

启动的服务 无信息

进程

superfinger.exe PID: 2440, 上一级进程 PID: 2168

访问的文件

C:\Windows\win.ini
C:\Users\test\AppData\Local\Temp\ole32.dll
C:\Users\test\AppData\Local\Temp\shlwapi.dll
C:\Users\test\AppData\Local\Temp\sp2b
C:\Users\test\AppData\Local\Temp\wininet.dll
C:\Users\test\AppData\Local\Temp\Kernel32.dll
C:\Users\test\AppData\Local\Temp\pic\
C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui
C:\Windows\System32\tzres.dll
C:\Users\test\AppData\Local\Temp\uselocal
C:\
C:\Users\test\AppData\Local\Temp\ia.dll
C:\Users\test\AppData\Local\Temp\vdll.dll
C:\Users\test\AppData\Local\Temp\superfinger.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\test\AppData\Local\Temp\MSIMG32.dll
C:\Windows\System32\msimg32.dll
C:\Users\test\AppData\Local\Temp\OLEACC.dll
C:\Windows\System32\oleacc.dll
C:\Users\test\AppData\Local\Temp\OLEACCRC.DLL
C:\Windows\System32\oleaccrc.dll
C:\Users\test\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\system\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\api-ms-win-core-fibers-l1-1-1.DLL
C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\wbem\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-fibers-l1-1-1.DLL
C:\Program Files (x86)\WinRAR\api-ms-win-core-fibers-l1-1-1.DLL
C:\Users\test\AppData\Local\Temp\vdllCHS.dll
C:\Users\test\AppData\Local\Temp\vdllCHS.dll.DLL
C:\Users\test\AppData\Local\Temp\vdllENU.dll
C:\Users\test\AppData\Local\Temp\vdllENU.dll.DLL
C:\Users\test\AppData\Local\Temp\vdllLOC.dll
C:\Users\test\AppData\Local\Temp\vdllLOC.dll.DLL
C:\Windows\Fonts\staticcache.dat
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_b7a33d2d3f47b7fb
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_b7a33d2d3f47b7fb\COMCTL32.dll.mui
C:\Users\test\AppData\Local\Temp\record
C:\Windows\SysWOW64\stdole2.tlb

读取的文件

C:\Windows\win.ini
C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui
C:\Windows\System32\tzres.dll
C:\Users\test\AppData\Local\Temp\vdll.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\System32\msimg32.dll
C:\Windows\System32\oleacc.dll
C:\Windows\System32\oleaccrc.dll
C:\Users\test\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\Fonts\staticcache.dat
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_b7a33d2d3f47b7fb\COMCTL32.dll.mui
C:\Windows\SysWOW64\stdole2.tlb

修改的文件

C:\Users\test\AppData\Local\Temp\ia.dll
C:\Users\test\AppData\Local\Temp\vdll.dll

删除的文件

C:\Users\test\AppData\Local\Temp\sp2b
C:\Users\test\AppData\Local\Temp\vdll.dll

注册表键

HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\superfinger.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\superfinger.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_CURRENT_USER\Software\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804

读取的注册表键

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)

修改的注册表键

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\superfinger.exe

删除的注册表键 无信息

API解析

kernel32.dll.IsDBCSLeadByte
kernel32.dll.lstrcmpA
kernel32.dll.lstrcmpiA
kernel32.dll.FileTimeToSystemTime
kernel32.dll.FileTimeToDosDateTime
kernel32.dll.FileTimeToLocalFileTime
kernel32.dll.GetFileInformationByHandle
kernel32.dll.GetFileType
kernel32.dll.MapViewOfFile
kernel32.dll.CreateFileMappingA
kernel32.dll.DuplicateHandle
kernel32.dll.UnmapViewOfFile
kernel32.dll.SystemTimeToFileTime
kernel32.dll.GetLocalTime
kernel32.dll.Beep
kernel32.dll.GetTempFileNameA
kernel32.dll.WideCharToMultiByte
kernel32.dll.InterlockedIncrement
kernel32.dll.InterlockedDecrement
kernel32.dll.LocalFree
kernel32.dll.FormatMessageA
kernel32.dll.FlushFileBuffers
kernel32.dll.LockFile
kernel32.dll.UnlockFile
kernel32.dll.SetEndOfFile
kernel32.dll.GetThreadLocale
kernel32.dll.GlobalDeleteAtom
kernel32.dll.GlobalFindAtomA
kernel32.dll.GlobalAddAtomA
kernel32.dll.GlobalGetAtomNameA
kernel32.dll.LocalAlloc
kernel32.dll.TlsAlloc
kernel32.dll.GlobalHandle
kernel32.dll.TlsFree
kernel32.dll.TlsSetValue
kernel32.dll.LocalReAlloc
kernel32.dll.TlsGetValue
kernel32.dll.GetFileTime
kernel32.dll.GetCurrentThread
kernel32.dll.GlobalFlags
kernel32.dll.SetErrorMode
kernel32.dll.GetProcessVersion
kernel32.dll.GetCPInfo
kernel32.dll.GetOEMCP
kernel32.dll.GetStartupInfoA
kernel32.dll.RtlUnwind
kernel32.dll.GetSystemTime
kernel32.dll.RaiseException
kernel32.dll.HeapSize
kernel32.dll.GetACP
kernel32.dll.SetStdHandle
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.FreeEnvironmentStringsA
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetEnvironmentStrings
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.SetHandleCount
kernel32.dll.GetStdHandle
kernel32.dll.GetEnvironmentVariableA
kernel32.dll.HeapDestroy
kernel32.dll.HeapCreate
kernel32.dll.VirtualFree
kernel32.dll.SetEnvironmentVariableA
kernel32.dll.LCMapStringA
kernel32.dll.LCMapStringW
kernel32.dll.VirtualAlloc
kernel32.dll.IsBadWritePtr
kernel32.dll.GetStringTypeA
kernel32.dll.GetStringTypeW
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.CompareStringA
kernel32.dll.CompareStringW
kernel32.dll.IsBadReadPtr
kernel32.dll.IsBadCodePtr
kernel32.dll.IsValidLocale
kernel32.dll.IsValidCodePage
kernel32.dll.EnumSystemLocalesA
kernel32.dll.GetLocaleInfoW
kernel32.dll.GetVersion
kernel32.dll.GetLocaleInfoA
kernel32.dll.GetSystemDefaultLangID
kernel32.dll.GetTimeZoneInformation
kernel32.dll.SetLastError
kernel32.dll.MultiByteToWideChar
kernel32.dll.GetSystemDirectoryA
kernel32.dll.LoadLibraryExA
kernel32.dll.GetWindowsDirectoryA
kernel32.dll.OpenProcess
kernel32.dll.TerminateProcess
kernel32.dll.GetCurrentProcess
kernel32.dll.GetFileSize
kernel32.dll.SetFilePointer
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Process32First
kernel32.dll.Process32Next
kernel32.dll.CreateSemaphoreA
kernel32.dll.ResumeThread
kernel32.dll.ReleaseSemaphore
kernel32.dll.EnterCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.GetProfileStringA
kernel32.dll.WriteFile
kernel32.dll.WaitForMultipleObjects
kernel32.dll.CreateFileA
kernel32.dll.SetEvent
kernel32.dll.FindResourceA
kernel32.dll.LoadResource
kernel32.dll.LockResource
kernel32.dll.ReadFile
kernel32.dll.lstrlenW
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetCurrentThreadId
kernel32.dll.ExitProcess
kernel32.dll.GlobalSize
kernel32.dll.GlobalFree
kernel32.dll.DeleteCriticalSection
kernel32.dll.InitializeCriticalSection
kernel32.dll.lstrcatA
kernel32.dll.lstrlenA
kernel32.dll.WinExec
kernel32.dll.lstrcpyA
kernel32.dll.FindNextFileA
kernel32.dll.GlobalReAlloc
kernel32.dll.HeapFree
kernel32.dll.HeapReAlloc
kernel32.dll.GetProcessHeap
kernel32.dll.HeapAlloc
kernel32.dll.GetUserDefaultLCID
kernel32.dll.GetFullPathNameA
kernel32.dll.FreeLibrary
kernel32.dll.LoadLibraryA
kernel32.dll.GetLastError
kernel32.dll.GetVersionExA
kernel32.dll.WritePrivateProfileStringA
kernel32.dll.GetPrivateProfileStringA
kernel32.dll.CreateThread
kernel32.dll.CreateEventA
kernel32.dll.Sleep
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalLock
kernel32.dll.GlobalUnlock
kernel32.dll.GetTempPathA
kernel32.dll.FindFirstFileA
kernel32.dll.FindClose
kernel32.dll.GetFileAttributesA
kernel32.dll.DeleteFileA
kernel32.dll.CreateDirectoryA
kernel32.dll.SetCurrentDirectoryA
kernel32.dll.GetVolumeInformationA
kernel32.dll.GetModuleHandleA
kernel32.dll.GetProcAddress
kernel32.dll.MulDiv
kernel32.dll.GetCommandLineA
kernel32.dll.GetTickCount
kernel32.dll.CreateProcessA
kernel32.dll.WaitForSingleObject
kernel32.dll.CloseHandle
kernel32.dll.InterlockedExchange
kernel32.dll.lstrcpynA
advapi32.dll.RegCreateKeyExA
advapi32.dll.GetUserNameA
advapi32.dll.RegQueryValueA
advapi32.dll.RegCreateKeyA
advapi32.dll.RegSetValueExA
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegCloseKey
avifil32.dll.AVIStreamGetFrame
avifil32.dll.AVIStreamInfoA
comctl32.dll.ImageList_DragMove
comctl32.dll.ImageList_DragLeave
comctl32.dll.ImageList_DragEnter
comctl32.dll.ImageList_Destroy
comctl32.dll.ImageList_Create
comctl32.dll.ImageList_BeginDrag
comctl32.dll.ImageList_Add
comctl32.dll.ImageList_DragShowNolock
comctl32.dll.ImageList_GetImageInfo
comctl32.dll.ImageList_GetImageCount
comctl32.dll.ImageList_GetIcon
comctl32.dll.ImageList_EndDrag
comctl32.dll.#17
comctl32.dll.ImageList_Read
comctl32.dll.ImageList_Duplicate
comctl32.dll._TrackMouseEvent
comdlg32.dll.GetFileTitleA
comdlg32.dll.GetSaveFileNameA
comdlg32.dll.GetOpenFileNameA
comdlg32.dll.ChooseColorA
gdi32.dll.CombineRgn
gdi32.dll.PatBlt
gdi32.dll.CreatePen
gdi32.dll.SelectObject
gdi32.dll.CreatePatternBrush
gdi32.dll.CreateBitmap
gdi32.dll.CreateDCA
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.GetPolyFillMode
gdi32.dll.GetStretchBltMode
gdi32.dll.GetROP2
gdi32.dll.GetBkColor
gdi32.dll.GetBkMode
gdi32.dll.GetTextColor
gdi32.dll.CreateRoundRectRgn
gdi32.dll.CreateEllipticRgn
gdi32.dll.PathToRegion
gdi32.dll.EndPath
gdi32.dll.BeginPath
gdi32.dll.GetWindowOrgEx
gdi32.dll.TranslateCharsetInfo
gdi32.dll.FrameRgn
gdi32.dll.OffsetRgn
gdi32.dll.GetTextMetricsA
gdi32.dll.LineTo
gdi32.dll.MoveToEx
gdi32.dll.SaveDC
gdi32.dll.RestoreDC
gdi32.dll.SetROP2
gdi32.dll.SetMapMode
gdi32.dll.SetViewportOrgEx
gdi32.dll.OffsetViewportOrgEx
gdi32.dll.SetViewportExtEx
gdi32.dll.ScaleViewportExtEx
gdi32.dll.SetWindowOrgEx
gdi32.dll.SetWindowExtEx
gdi32.dll.ScaleWindowExtEx
gdi32.dll.GetClipBox
gdi32.dll.ExcludeClipRect
gdi32.dll.CreateRectRgn
gdi32.dll.ExtSelectClipRgn
gdi32.dll.GetViewportExtEx
gdi32.dll.PtVisible
gdi32.dll.RectVisible
gdi32.dll.ExtTextOutA
gdi32.dll.Escape
gdi32.dll.GetMapMode
gdi32.dll.CreateFontA
gdi32.dll.SetDIBitsToDevice
gdi32.dll.SetTextColor
gdi32.dll.SetBkMode
gdi32.dll.TextOutA
gdi32.dll.SetBkColor
gdi32.dll.CreateRectRgnIndirect
gdi32.dll.CreateDIBSection
gdi32.dll.SetStretchBltMode
gdi32.dll.GetClipRgn
gdi32.dll.CreatePolygonRgn
gdi32.dll.SelectClipRgn
gdi32.dll.DeleteObject
gdi32.dll.CreateDIBitmap
gdi32.dll.GetSystemPaletteEntries
gdi32.dll.CreatePalette
gdi32.dll.StretchBlt
gdi32.dll.CreateCompatibleDC
gdi32.dll.Ellipse
gdi32.dll.Rectangle
gdi32.dll.LPtoDP
gdi32.dll.DPtoLP
gdi32.dll.GetCurrentObject
gdi32.dll.RoundRect
gdi32.dll.FillRgn
gdi32.dll.CreateSolidBrush
gdi32.dll.CreateFontIndirectA
gdi32.dll.GetStockObject
gdi32.dll.GetObjectA
gdi32.dll.EndPage
gdi32.dll.EndDoc
gdi32.dll.DeleteDC
gdi32.dll.StartDocA
gdi32.dll.StartPage
gdi32.dll.GetTextExtentPoint32A
gdi32.dll.BitBlt
gdi32.dll.SetPolyFillMode
gdi32.dll.GetDeviceCaps
gdi32.dll.SelectPalette
gdi32.dll.RealizePalette
gdi32.dll.GetDIBits
gdi32.dll.GetWindowExtEx
gdi32.dll.GetViewportOrgEx
iphlpapi.dll.GetAdaptersInfo
msvfw32.dll.DrawDibDraw
ole32.dll.CoFreeUnusedLibraries
ole32.dll.CreateILockBytesOnHGlobal
ole32.dll.StgCreateDocfileOnILockBytes
ole32.dll.StgOpenStorageOnILockBytes
ole32.dll.CoGetClassObject
ole32.dll.CoRegisterMessageFilter
ole32.dll.CoTaskMemFree
ole32.dll.CoTaskMemAlloc
ole32.dll.CLSIDFromProgID
ole32.dll.OleInitialize
ole32.dll.OleUninitialize
ole32.dll.CLSIDFromString
ole32.dll.CoCreateInstance
ole32.dll.OleRun
ole32.dll.CoRevokeClassObject
ole32.dll.OleFlushClipboard
ole32.dll.OleIsCurrentClipboard
oleaut32.dll.#23
oleaut32.dll.#24
oleaut32.dll.#17
oleaut32.dll.#25
oleaut32.dll.#19
oleaut32.dll.#12
oleaut32.dll.#9
oleaut32.dll.#10
oleaut32.dll.#11
oleaut32.dll.#8
oleaut32.dll.#2
oleaut32.dll.#16
oleaut32.dll.#15
oleaut32.dll.#26
oleaut32.dll.#163
oleaut32.dll.#20
oleaut32.dll.#185
oleaut32.dll.#7
oleaut32.dll.#4
oleaut32.dll.#161
oleaut32.dll.#420
oleaut32.dll.#186
oleaut32.dll.#6
oleaut32.dll.#18
oleaut32.dll.#150
oleaut32.dll.#165
oledlg.dll.#8
rasapi32.dll.RasGetConnectStatusA
rasapi32.dll.RasHangUpA
shell32.dll.Shell_NotifyIconA
shell32.dll.ShellExecuteA
shell32.dll.DragAcceptFiles
shell32.dll.DragFinish
shell32.dll.DragQueryFileA
user32.dll.GetSysColorBrush
user32.dll.GetNextDlgGroupItem
user32.dll.PostThreadMessageA
user32.dll.GetMenuCheckMarkDimensions
user32.dll.SetMenuItemBitmaps
user32.dll.CheckMenuItem
user32.dll.MoveWindow
user32.dll.IsDialogMessageA
user32.dll.ScrollWindowEx
user32.dll.SendDlgItemMessageA
user32.dll.MapWindowPoints
user32.dll.AdjustWindowRectEx
user32.dll.GetScrollPos
user32.dll.RegisterClassA
user32.dll.GetClassLongA
user32.dll.SetPropA
user32.dll.GetPropA
user32.dll.RemovePropA
user32.dll.GetMessageTime
user32.dll.GetLastActivePopup
user32.dll.RegisterWindowMessageA
user32.dll.GetWindowPlacement
user32.dll.EndDialog
user32.dll.CreateDialogIndirectParamA
user32.dll.DestroyWindow
user32.dll.GrayStringA
user32.dll.DrawTextA
user32.dll.TabbedTextOutA
user32.dll.EndPaint
user32.dll.BeginPaint
user32.dll.GetWindowDC
user32.dll.GetWindowTextLengthA
user32.dll.GetForegroundWindow
user32.dll.CreateIconIndirect
user32.dll.GetIconInfo
user32.dll.CopyIcon
user32.dll.LoadStringA
user32.dll.UnhookWindowsHookEx
user32.dll.SetWindowsHookExA
user32.dll.CallNextHookEx
user32.dll.GetMenuItemCount
user32.dll.GetMenuItemID
user32.dll.GetMenuState
user32.dll.CharUpperA
user32.dll.SetWindowTextA
user32.dll.UnregisterHotKey
user32.dll.RegisterHotKey
user32.dll.CreateWindowExA
user32.dll.CallWindowProcA
user32.dll.GetWindowTextA
user32.dll.GetDlgItem
user32.dll.FindWindowA
user32.dll.GetWindowThreadProcessId
user32.dll.GetClassNameA
user32.dll.GetDesktopWindow
user32.dll.GetKeyboardLayout
user32.dll.GetNextDlgTabItem
user32.dll.LoadIconA
user32.dll.TranslateMessage
user32.dll.DrawFrameControl
user32.dll.DrawEdge
user32.dll.DrawFocusRect
user32.dll.GetMessageA
user32.dll.DispatchMessageA
user32.dll.SetRectEmpty
user32.dll.RegisterClipboardFormatA
user32.dll.CreateIconFromResourceEx
user32.dll.CreateIconFromResource
user32.dll.DrawIconEx
user32.dll.CreatePopupMenu
user32.dll.AppendMenuA
user32.dll.ModifyMenuA
user32.dll.CreateMenu
user32.dll.CreateAcceleratorTableA
user32.dll.GetDlgCtrlID
user32.dll.GetSubMenu
user32.dll.EnableMenuItem
user32.dll.ClientToScreen
user32.dll.EnumDisplaySettingsA
user32.dll.LoadImageA
user32.dll.SystemParametersInfoA
user32.dll.ShowWindow
user32.dll.IsWindowEnabled
user32.dll.TranslateAcceleratorA
user32.dll.GetKeyState
user32.dll.CopyAcceleratorTableA
user32.dll.PostQuitMessage
user32.dll.IsZoomed
user32.dll.GetClassInfoA
user32.dll.DefWindowProcA
user32.dll.GetSystemMenu
user32.dll.DeleteMenu
user32.dll.GetMenu
user32.dll.SetMenu
user32.dll.PeekMessageA
user32.dll.IsIconic
user32.dll.SetFocus
user32.dll.GetActiveWindow
user32.dll.GetWindow
user32.dll.DestroyAcceleratorTable
user32.dll.SetWindowRgn
user32.dll.GetMessagePos
user32.dll.ScreenToClient
user32.dll.ChildWindowFromPointEx
user32.dll.CopyRect
user32.dll.LoadBitmapA
user32.dll.WinHelpA
user32.dll.KillTimer
user32.dll.SetTimer
user32.dll.GetCapture
user32.dll.SetCapture
user32.dll.GetScrollRange
user32.dll.SetScrollRange
user32.dll.SetScrollPos
user32.dll.SetRect
user32.dll.InflateRect
user32.dll.IntersectRect
user32.dll.DestroyIcon
user32.dll.PtInRect
user32.dll.OffsetRect
user32.dll.IsWindowVisible
user32.dll.EnableWindow
user32.dll.RedrawWindow
user32.dll.GetWindowLongA
user32.dll.SetWindowLongA
user32.dll.GetSysColor
user32.dll.SetActiveWindow
user32.dll.SetCursorPos
user32.dll.LoadCursorA
user32.dll.SetCursor
user32.dll.GetDC
user32.dll.FillRect
user32.dll.IsRectEmpty
user32.dll.ReleaseDC
user32.dll.IsChild
user32.dll.DestroyMenu
user32.dll.SetForegroundWindow
user32.dll.GetWindowRect
user32.dll.EqualRect
user32.dll.UpdateWindow
user32.dll.ValidateRect
user32.dll.InvalidateRect
user32.dll.GetClientRect
user32.dll.GetFocus
user32.dll.GetParent
user32.dll.GetTopWindow
user32.dll.PostMessageA
user32.dll.IsWindow
user32.dll.SetParent
user32.dll.DestroyCursor
user32.dll.SendMessageA
user32.dll.SetWindowPos
user32.dll.MessageBeep
user32.dll.MessageBoxA
user32.dll.GetCursorPos
user32.dll.GetSystemMetrics
user32.dll.EmptyClipboard
user32.dll.SetClipboardData
user32.dll.OpenClipboard
user32.dll.GetClipboardData
user32.dll.CloseClipboard
user32.dll.wsprintfA
user32.dll.WaitForInputIdle
user32.dll.MapDialogRect
user32.dll.SetWindowContextHelpId
user32.dll.WindowFromPoint
user32.dll.CharNextA
user32.dll.ReleaseCapture
user32.dll.UnregisterClassA
version.dll.VerLanguageNameA
wininet.dll.InternetCanonicalizeUrlA
wininet.dll.InternetCrackUrlA
wininet.dll.HttpOpenRequestA
wininet.dll.HttpSendRequestA
wininet.dll.HttpQueryInfoA
wininet.dll.InternetReadFile
wininet.dll.InternetConnectA
wininet.dll.InternetSetOptionA
wininet.dll.InternetOpenA
wininet.dll.InternetCloseHandle
winmm.dll.midiStreamRestart
winmm.dll.PlaySoundA
winmm.dll.waveOutUnprepareHeader
winmm.dll.waveOutPrepareHeader
winmm.dll.midiStreamStop
winmm.dll.midiOutReset
winmm.dll.midiStreamClose
winmm.dll.waveOutWrite
winmm.dll.waveOutPause
winmm.dll.waveOutReset
winmm.dll.waveOutClose
winmm.dll.midiStreamOut
winmm.dll.midiOutPrepareHeader
winmm.dll.midiStreamProperty
winmm.dll.midiStreamOpen
winmm.dll.midiOutUnprepareHeader
winmm.dll.waveOutOpen
winmm.dll.waveOutGetNumDevs
winspool.drv.ClosePrinter
winspool.drv.DocumentPropertiesA
winspool.drv.OpenPrinterA
ws2_32.dll.#12
ws2_32.dll.#11
ws2_32.dll.#57
ws2_32.dll.#52
ws2_32.dll.#115
ws2_32.dll.#116
ws2_32.dll.#19
ws2_32.dll.#3
ws2_32.dll.#101
ws2_32.dll.#9
ws2_32.dll.#23
ws2_32.dll.#17
ws2_32.dll.#10
ws2_32.dll.#4
ws2_32.dll.#16
ws2_32.dll.#5
ws2_32.dll.#1
ws2_32.dll.#18
kernel32.dll.IsProcessorFeaturePresent
cryptbase.dll.SystemFunction036
advapi32.dll.CryptAcquireContextA
cryptsp.dll.CryptAcquireContextA
advapi32.dll.CryptCreateHash
cryptsp.dll.CryptCreateHash
advapi32.dll.CryptHashData
cryptsp.dll.CryptHashData
advapi32.dll.CryptGetHashParam
cryptsp.dll.CryptGetHashParam
advapi32.dll.CryptDestroyHash
cryptsp.dll.CryptDestroyHash
advapi32.dll.CryptReleaseContext
cryptsp.dll.CryptReleaseContext
kernel32.dll.lstrcpyn
comctl32.dll.RegisterClassNameW
uxtheme.dll.EnableThemeDialogTexture
uxtheme.dll.OpenThemeData
ole32.dll.CoInitialize
shlwapi.dll.PathFileExistsA
kernel32.dll.OpenEventA
shlwapi.dll.PathIsDirectoryA
rasapi32.dll.RasConnectionNotificationW
advapi32.dll.EventWrite
advapi32.dll.EventRegister
advapi32.dll.EventUnregister
kernel32.dll.ResetEvent
kernel32.dll.WaitForSingleObjectEx
kernel32.dll.IsDebuggerPresent
kernel32.dll.GetStartupInfoW
kernel32.dll.QueryPerformanceCounter
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.InitializeSListHead
kernel32.dll.WriteConsoleW
kernel32.dll.FindFirstFileExA
kernel32.dll.SetFilePointerEx
kernel32.dll.EnumSystemLocalesW
kernel32.dll.GetConsoleMode
kernel32.dll.GetConsoleCP
kernel32.dll.SizeofResource
kernel32.dll.FindResourceW
kernel32.dll.GetModuleHandleW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.OutputDebugStringW
kernel32.dll.InterlockedFlushSList
kernel32.dll.ExitThread
kernel32.dll.FreeLibraryAndExitThread
kernel32.dll.GetModuleHandleExW
kernel32.dll.HeapQueryInformation
kernel32.dll.QueryPerformanceFrequency
kernel32.dll.GetSystemInfo
kernel32.dll.VirtualQuery
kernel32.dll.SystemTimeToTzSpecificLocalTime
kernel32.dll.GetFileSizeEx
kernel32.dll.GetFileAttributesExW
kernel32.dll.GetFileAttributesW
kernel32.dll.GetProfileIntW
kernel32.dll.SearchPathW
kernel32.dll.GetWindowsDirectoryW
kernel32.dll.FindResourceExW
kernel32.dll.lstrcmpiW
kernel32.dll.GetVolumeInformationW
kernel32.dll.GetFullPathNameW
kernel32.dll.WritePrivateProfileStringW
kernel32.dll.GetTempPathW
kernel32.dll.GetTempFileNameW
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.VirtualProtect
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.GetSystemDefaultUILanguage
kernel32.dll.GlobalGetAtomNameW
kernel32.dll.VerifyVersionInfoW
kernel32.dll.lstrcpyW
kernel32.dll.VerSetConditionMask
kernel32.dll.CopyFileW
kernel32.dll.GlobalFindAtomW
kernel32.dll.GlobalAddAtomW
kernel32.dll.lstrcmpW
kernel32.dll.LoadLibraryExW
kernel32.dll.GetSystemDirectoryW
kernel32.dll.OutputDebugStringA
kernel32.dll.LoadLibraryW
kernel32.dll.CreateEventW
kernel32.dll.GetVersionExW
kernel32.dll.GetModuleFileNameW
kernel32.dll.GetCommandLineW
kernel32.dll.FreeResource
kernel32.dll.GetPrivateProfileIntW
kernel32.dll.SetThreadPriority
kernel32.dll.FormatMessageW
kernel32.dll.GetCurrentProcessId
kernel32.dll.MoveFileW
kernel32.dll.DeleteFileW
kernel32.dll.CreateFileW
kernel32.dll.FindFirstFileW
kernel32.dll.CreateDirectoryW
kernel32.dll.GetPrivateProfileStringW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegQueryValueW
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegEnumKeyW
advapi32.dll.RegDeleteKeyW
advapi32.dll.RegCreateKeyExW
advapi32.dll.RegSetValueExW
advapi32.dll.RegCreateKeyW
advapi32.dll.RegDeleteValueW
advapi32.dll.RegOpenKeyW
advapi32.dll.RegQueryValueExW
gdi32.dll.CreateHatchBrush
gdi32.dll.GetObjectType
gdi32.dll.GetPixel
gdi32.dll.IntersectClipRect
gdi32.dll.SetLayout
gdi32.dll.GetLayout
gdi32.dll.SetTextAlign
gdi32.dll.TextOutW
gdi32.dll.ExtTextOutW
gdi32.dll.OffsetWindowOrgEx
gdi32.dll.CreateDCW
gdi32.dll.CreateFontIndirectW
gdi32.dll.EnumFontFamiliesW
gdi32.dll.GetTextCharsetInfo
gdi32.dll.GetTextMetricsW
gdi32.dll.SetRectRgn
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.Polygon
gdi32.dll.Polyline
gdi32.dll.EnumFontFamiliesExW
gdi32.dll.SetPixel
gdi32.dll.SetDIBColorTable
gdi32.dll.GetRgnBox
gdi32.dll.GetPaletteEntries
gdi32.dll.GetNearestPaletteIndex
gdi32.dll.ExtFloodFill
gdi32.dll.SetPaletteEntries
gdi32.dll.GetBoundsRect
gdi32.dll.PtInRegion
gdi32.dll.SetPixelV
gdi32.dll.GetTextFaceW
gdi32.dll.CopyMetaFileW
gdi32.dll.GetObjectW
gdi32.dll.CreateFontW
gdiplus.dll.GdipDrawImageI
gdiplus.dll.GdipBitmapUnlockBits
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipCreateBitmapFromScan0
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipGetImagePaletteSize
gdiplus.dll.GdipGetImagePalette
gdiplus.dll.GdipGetImagePixelFormat
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageGraphicsContext
gdiplus.dll.GdipDrawImageRectI
gdiplus.dll.GdipSetInterpolationMode
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipCreateBitmapFromHBITMAP
gdiplus.dll.GdipDisposeImage
gdiplus.dll.GdipCloneImage
gdiplus.dll.GdiplusStartup
gdiplus.dll.GdipFree
gdiplus.dll.GdiplusShutdown
gdiplus.dll.GdipAlloc
imm32.dll.ImmReleaseContext
imm32.dll.ImmGetContext
imm32.dll.ImmGetOpenStatus
msimg32.dll.AlphaBlend
msimg32.dll.TransparentBlt
ole32.dll.CoUninitialize
ole32.dll.CoCreateGuid
ole32.dll.CoDisconnectObject
ole32.dll.DoDragDrop
ole32.dll.CreateStreamOnHGlobal
ole32.dll.OleLockRunning
ole32.dll.ReleaseStgMedium
ole32.dll.OleDuplicateData
ole32.dll.OleCreateMenuDescriptor
ole32.dll.OleDestroyMenuDescriptor
ole32.dll.OleTranslateAccelerator
ole32.dll.IsAccelerator
ole32.dll.CoInitializeEx
ole32.dll.OleGetClipboard
ole32.dll.CoLockObjectExternal
ole32.dll.RegisterDragDrop
ole32.dll.RevokeDragDrop
oleacc.dll.CreateStdAccessibleObject
oleacc.dll.AccessibleObjectFromWindow
oleacc.dll.LresultFromObject
oleaut32.dll.#114
oleaut32.dll.#184
shell32.dll.CommandLineToArgvW
shell32.dll.SHGetFileInfoW
shell32.dll.SHGetPathFromIDListW
shell32.dll.SHGetSpecialFolderLocation
shell32.dll.SHBrowseForFolderW
shell32.dll.SHGetSpecialFolderPathW
shell32.dll.DragQueryFileW
shell32.dll.SHAppBarMessage
shell32.dll.ShellExecuteW
shell32.dll.SHGetDesktopFolder
shlwapi.dll.PathFindFileNameW
shlwapi.dll.PathIsUNCW
shlwapi.dll.PathStripToRootW
shlwapi.dll.StrFormatKBSizeW
shlwapi.dll.PathFindExtensionW
shlwapi.dll.PathRemoveFileSpecW
user32.dll.GetDoubleClickTime
user32.dll.PostThreadMessageW
user32.dll.FrameRect
user32.dll.ReuseDDElParam
user32.dll.UnpackDDElParam
user32.dll.InsertMenuItemW
user32.dll.TranslateAcceleratorW
user32.dll.ModifyMenuW
user32.dll.CharUpperBuffW
user32.dll.RegisterClipboardFormatW
user32.dll.LoadImageW
user32.dll.LockWindowUpdate
user32.dll.BringWindowToTop
user32.dll.CopyAcceleratorTableW
user32.dll.CreateAcceleratorTableW
user32.dll.MapVirtualKeyW
user32.dll.GetKeyboardState
user32.dll.WaitMessage
user32.dll.MonitorFromPoint
user32.dll.UnionRect
user32.dll.EnableScrollBar
user32.dll.UpdateLayeredWindow
user32.dll.SetMenuDefaultItem
user32.dll.GetMenuDefaultItem
user32.dll.NotifyWinEvent
user32.dll.LoadMenuW
user32.dll.CharUpperW
user32.dll.TrackMouseEvent
user32.dll.RealChildWindowFromPoint
user32.dll.CopyImage
user32.dll.GetMenuItemInfoW
user32.dll.ShowOwnedPopups
user32.dll.EnumDisplayMonitors
user32.dll.SetLayeredWindowAttributes
user32.dll.TabbedTextOutW
user32.dll.GrayStringW
user32.dll.DrawTextExW
user32.dll.RemoveMenu
user32.dll.AppendMenuW
user32.dll.InsertMenuW
user32.dll.GetMenuStringW
user32.dll.CreateDialogIndirectParamW
user32.dll.DrawStateW
user32.dll.CheckDlgButton
user32.dll.LoadBitmapW
user32.dll.SetMenuItemInfoW
user32.dll.WinHelpW
user32.dll.GetScrollInfo
user32.dll.GetClassNameW
user32.dll.GetClassLongW
user32.dll.MessageBoxW
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.RemovePropW
user32.dll.GetPropW
user32.dll.SetPropW
user32.dll.ScrollWindow
user32.dll.TrackPopupMenu
user32.dll.EndDeferWindowPos
user32.dll.DeferWindowPos
user32.dll.BeginDeferWindowPos
user32.dll.IsMenu
user32.dll.GetClassInfoExW
user32.dll.GetClassInfoW
user32.dll.CallWindowProcW
user32.dll.PeekMessageW
user32.dll.RegisterWindowMessageW
user32.dll.SystemParametersInfoW
user32.dll.SetWindowsHookExW
user32.dll.GetMessageW
user32.dll.DispatchMessageW
user32.dll.IsDialogMessageW
user32.dll.IsCharLowerW
user32.dll.GetKeyNameTextW
user32.dll.MapVirtualKeyExW
user32.dll.DrawMenuBar
user32.dll.DefFrameProcW
user32.dll.DefMDIChildProcW
user32.dll.TranslateMDISysAccel
user32.dll.IsClipboardFormatAvailable
user32.dll.GetUpdateRect
user32.dll.SubtractRect
user32.dll.GetWindowRgn
user32.dll.GetComboBoxInfo
user32.dll.InvertRect
user32.dll.HideCaret
user32.dll.SetClipboardViewer
user32.dll.GetPriorityClipboardFormat
user32.dll.LoadAcceleratorsW
user32.dll.LoadCursorW
user32.dll.GetAsyncKeyState
user32.dll.ToUnicodeEx
user32.dll.CreateWindowExW
user32.dll.SetWindowTextW
user32.dll.SetClassLongW
user32.dll.DrawTextW
user32.dll.SetScrollInfo
user32.dll.ShowScrollBar
user32.dll.SetWindowPlacement
user32.dll.GetMonitorInfoW
user32.dll.MonitorFromWindow
user32.dll.DefWindowProcW
user32.dll.GetWindowLongW
user32.dll.SetWindowLongW
user32.dll.PostMessageW
user32.dll.DrawIcon
user32.dll.SendMessageW
user32.dll.UnregisterClassW
user32.dll.RegisterClassW
user32.dll.LoadIconW
uxtheme.dll.GetThemeColor
uxtheme.dll.GetThemePartSize
uxtheme.dll.IsThemeBackgroundPartiallyTransparent
uxtheme.dll.GetWindowTheme
uxtheme.dll.GetThemeSysColor
uxtheme.dll.GetCurrentThemeName
uxtheme.dll.IsAppThemed
uxtheme.dll.DrawThemeBackground
uxtheme.dll.CloseThemeData
uxtheme.dll.DrawThemeText
uxtheme.dll.DrawThemeParentBackground
winmm.dll.PlaySoundW
winspool.drv.DocumentPropertiesW
winspool.drv.OpenPrinterW
ws2_32.dll.#15
ws2_32.dll.#14
ws2_32.dll.#111
ws2_32.dll.#8
ws2_32.dll.#22
ws2_32.dll.#21
kernel32.dll.FlsAlloc
kernel32.dll.FlsSetValue
kernel32.dll.FlsGetValue
api-ms-win-core-localization-l1-2-1.dll.LCMapStringEx
kernel32.dll.InitializeConditionVariable
kernel32.dll.SleepConditionVariableCS
kernel32.dll.WakeAllConditionVariable
kernel32.dll.FlsFree
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.InitOnceExecuteOnce
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.GetTickCount64
kernel32.dll.GetFileInformationByHandleEx
kernel32.dll.SetFileInformationByHandle
kernel32.dll.WakeConditionVariable
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.TryAcquireSRWLockExclusive
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.SleepConditionVariableSRW
kernel32.dll.CreateThreadpoolWork
kernel32.dll.SubmitThreadpoolWork
kernel32.dll.CloseThreadpoolWork
kernel32.dll.CompareStringEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.LCMapStringEx
kernel32.dll.GetThreadPreferredUILanguages
vdll.dll._mfcviewer_set_parent@4
sechost.dll.NotifyServiceStatusChangeA
vdll.dll._mfcviewer_set_callback@8
imm32.dll.ImmIsIME
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegQueryValueExA
gdi32.dll.GetTextExtentExPointWPri
imm32.dll.ImmAssociateContext
gdi32.dll.GetFontAssocStatus
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
imm32.dll.ImmLockIMC
imm32.dll.ImmUnlockIMC
imm32.dll.ImmSetCompositionFontW
imm32.dll.ImmGetCompositionWindow
imm32.dll.ImmSetCompositionWindow
uxtheme.dll.BufferedPaintInit
uxtheme.dll.BeginBufferedPaint
uxtheme.dll.EndBufferedPaint
kernel32.dll.CreateWaitableTimerA
kernel32.dll.SetWaitableTimer
user32.dll.MsgWaitForMultipleObjects
user32.dll.MonitorFromRect
user32.dll.GetMonitorInfoA
oleaut32.dll.SysAllocString
oleaut32.dll.SysStringLen
oleaut32.dll.SysFreeString