魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
FILE	2021-04-21 19:39:29	2021-04-21 19:41:33	124 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-shaapp03-1	win7-sp1-x64-shaapp03-1	KVM	2021-04-21 19:39:29	2021-04-21 19:41:34

魔盾分数
10.0 Malicious

文件详细信息

文件名	Steam一键上号V3.2.exe
文件大小	1519616 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
CRC32	C7B7624F
MD5	a517789a09f26f330e498f10508176dd
SHA1	8265172b269fec69e2a6fc52dd553219135862ba
SHA256	5b2225e438cc32515e060cdfb0cf7e09e4b3acf43ee4e73d92bf88e6763b4208
SHA512	bf628f009f41bae6fe792cae823266d327628e8e0c7bcf85a3fccc2db8e7fe1c9422a5e9f02fd8e30100a0389af530a84dca1c9cbeb82d4c272b699c381fcd6c
Ssdeep	24576:QMYmc/0puetykeaVLgVlXY9+G3U1fLJOOqTLnRyAjbDMO7QCC9+kXwjpXGks4VPv:QM9c/Su0ygLgTIJIfdEngo7QCCMpXGkr
PEiD	无匹配
Yara	MD5_Constants (Look for MD5 constants) RijnDael_AES (Look for RijnDael AES) IsPE32 (Detected a 32bit PE sample) IsWindowsGUI (Detected a Windows GUI sample) IsPacked (Detected Entropy signature) HasRichSignature (Detected Rich Signature) DebuggerCheck__RemoteAPI () DebuggerHiding__Thread () DebuggerTiming__Ticks (Detected timing ticks function) ThreadControl__Context () vmdetect (Possibly employs anti-virtualization techniques) anti_dbg (Detected self protection if being debugged) network_http (Detected communications function over HTTP) win_mutex (Create or check mutex) screenshot (Detected take screenshot function) create_process (Detection function for creating a new process) keylogger (Detected keylogger function) win_registry (Detected system registries modification function) change_win_registry (Change registries to affect system) win_files_operation (Affect private profile) win_hook (Detected hook table access function) win_private_profile (Detected private profile access function) Maldun_Anomoly_Combined_Activities_Network_Logging (Spotted potential abnormal behaviors, like logging and network communications) Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
VirusTotal	VirusTotal链接 VirusTotal扫描时间: 2021-02-16 21:04:33 扫描结果: 46/71

特征

创建RWX内存

魔盾wping.org 域名信誉系统

Greylist: meun-1300764759.cos.ap-nanjing.myqcloud.com

二进制文件可能包含加密或压缩数据

section: name: .text, entropy: 8.00, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00072000, virtual_size: 0x00129000

section: name: .sedata, entropy: 7.50, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x000fa000, virtual_size: 0x000fa000

section: name: .sedata, entropy: 7.98, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00001000, virtual_size: 0x00001000

异常的二进制特征

anomaly: Found duplicated section names

魔盾安全Yara规则检测结果 - 高危

Informational: Possibly employs anti-virtualization techniques

Critical: Spotted potential abnormal behaviors, like logging and network communications

Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files

检测到样本尝试模糊或欺骗文件类型

文件已被至少一个VirusTotal上的反病毒引擎检测为病毒

Elastic: malicious (high confidence)

MicroWorld-eScan: Gen:Variant.Mikey.113531

FireEye: Generic.mg.a517789a09f26f33

CAT-QuickHeal: Trojan.Mikey

ALYac: Gen:Variant.Mikey.113531

Cylance: Unsafe

Zillya: Trojan.Nimnul.Win32.4182

Sangfor: Trojan.Win32.Save.a

K7AntiVirus: Trojan ( 005239691 )

Alibaba: Packed:Win32/NoobyProtect.e003e00e

K7GW: Trojan ( 004b8a501 )

Cybereason: malicious.a09f26

BitDefenderTheta: Gen:NN.ZexaF.34574.Cv0@auMcwvmb

Cyren: W32/S-e743b39f!Eldorado

Symantec: ML.Attribute.HighConfidence

ESET-NOD32: a variant of Win32/Packed.NoobyProtect.G suspicious

APEX: Malicious

Avast: Win32:Malware-gen

BitDefender: Gen:Variant.Mikey.113531

Paloalto: generic.ml

Ad-Aware: Gen:Variant.Mikey.113531

Emsisoft: Gen:Variant.Mikey.113531 (B)

Comodo: TrojWare.Win32.Amtar.KNB@4wlm66

VIPRE: Trojan.Win32.Generic!BT

McAfee-GW-Edition: BehavesLike.Win32.Generic.tc

Sophos: Mal/Generic-S

Ikarus: PUA.NoobyProtect

eGambit: Unsafe.AI_Score_100%

Kingsoft: Win32.Troj.Banker.(kcloud)

Microsoft: PUA:Win32/Puasson.A!ac

Gridinsoft: Trojan.Heur!.03010021

Arcabit: Trojan.Mikey.D1BB7B

AegisLab: Hacktool.Win32.Generic.lvTx

GData: Win32.Application.PUPStudio.B

Cynet: Malicious (score: 100)

Acronis: suspicious

McAfee: Artemis!A517789A09F2

MAX: malware (ai score=87)

Malwarebytes: Malware.Heuristic.1003

TrendMicro-HouseCall: TROJ_GEN.R002H0CB521

Rising: Malware.Heuristic!ET#99% (RDMK:cmRtazqMi9OVgs3A6BCKMvH/d4RY)

SentinelOne: Static AI - Malicious PE

Fortinet: Riskware/Application

AVG: Win32:Malware-gen

CrowdStrike: win/malicious_confidence_100% (W)

Qihoo-360: Win32/Trojan.Generic.HxIB6F8A

运行截图

网络分析

域名解析

域名	响应
acroipm.adobe.com	CNAME a1983.dscd.akamai.net CNAME acroipm.adobe.com.edgesuite.net A 23.63.74.41 A 23.63.74.64
meun-1300764759.cos.ap-nanjing.myqcloud.com	CNAME cos.ap-nanjing.myqcloud.com A 58.217.250.93 A 58.217.246.14 A 58.217.250.92

TCP连接

IP地址	端口
23.63.74.41	80
58.217.250.93	443

UDP连接

IP地址	端口
192.168.122.1	53
192.168.122.1	53

HTTP请求

URL	HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

静态分析

PE 信息

初始地址	0x00400000
入口地址	0x00621f61
声明校验值	0x00173cac
实际校验值	0x00173cac
最低操作系统版本要求	4.0
编译时间	2021-01-29 00:40:31
载入哈希	b59603bc2546704db6802e1f0558b2a4
图标
图标精确哈希值	9d1b3a7ede4c8ee146dd19f802a3e5f8
图标相似性哈希值	dc4ae2ec7c3a24a5627ca70e6bda914f

版本信息

LegalCopyright:	\xe4\xe8\xe7\xe6\xe6\xe6 \xe8\xe5\xe9\xe5\xe4\xe7\xe6\xe7
FileVersion:	3.2.0.0
Comments:	\xe6\xe7\xe5\xe4\xe7\xe6\xe8\xe8\xe7\xe5(http://www.dywt.com.cn)
ProductName:	\xe6\xe8\xe8\xe7\xe5
ProductVersion:	3.2.0.0
FileDescription:	\xe6\xe8\xe8\xe7\xe5
Translation:	0x0804 0x04b0

PE数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00129000	0x00072000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	8.00
.sedata	0x0012a000	0x000fa000	0x000fa000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_NOT_PAGED\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	7.50
.idata	0x00224000	0x00001000	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_NOT_PAGED\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	1.50
.rsrc	0x00225000	0x00004000	0x00004000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.68
.sedata	0x00229000	0x00001000	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.98

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_GROUP_ICON	0x00227e64	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x00227e64	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x00227e64	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION	0x00227e78	0x00000244	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.87	data

导入

库 WINMM.dll:

• 0x624327 - midiStreamOut

库 WS2_32.dll:

• 0x624333 - WSAAsyncSelect

库 RASAPI32.dll:

• 0x62433f - RasHangUpA

库 KERNEL32.dll:

• 0x62434b - MultiByteToWideChar

库 USER32.dll:

• 0x624357 - ScreenToClient

库 GDI32.dll:

• 0x624363 - ExtTextOutA

库 WINSPOOL.DRV:

• 0x62436f - OpenPrinterA

库 ADVAPI32.dll:

• 0x62437b - RegQueryValueExA

库 SHELL32.dll:

• 0x624387 - Shell_NotifyIconA

库 ole32.dll:

• 0x624393 - CLSIDFromProgID

库 OLEAUT32.dll:

• 0x62439f - VariantChangeType

库 COMCTL32.dll:

• 0x6243ab - None

库 WININET.dll:

• 0x6243b7 - InternetCanonicalizeUrlA

库 comdlg32.dll:

• 0x6243c3 - ChooseColorA

库 MSVCRT.dll:

• 0x6243cf - strncpy

库 IPHLPAPI.DLL:

• 0x6243db - GetInterfaceInfo

库 PSAPI.DLL:

• 0x6243e7 - GetMappedFileNameW

投放文件

无信息

行为分析

互斥量(Mutexes)

Local\MSCTF.Asm.MutexDefault1

执行的命令 无信息

创建的服务 无信息

启动的服务 无信息

进程

Steam____________V3.2.exe PID: 2432, 上一级进程 PID: 2172

访问的文件

C:\Windows\SysWOW64\ntdll.dll
C:\Windows\SysWOW64\KernelBase.dll
C:\Windows\SysWOW64\kernel32.dll
C:\Windows\SysWOW64\user32.dll
C:\Windows\SysWOW64\advapi32.dll
C:\Windows\SysWOW64\IPHLPAPI.DLL
\Device\KsecDD
C:\Windows\Fonts\staticcache.dat

读取的文件

C:\Windows\SysWOW64\ntdll.dll
C:\Windows\SysWOW64\KernelBase.dll
C:\Windows\SysWOW64\kernel32.dll
C:\Windows\SysWOW64\user32.dll
C:\Windows\SysWOW64\advapi32.dll
C:\Windows\SysWOW64\IPHLPAPI.DLL
\Device\KsecDD
C:\Windows\Fonts\staticcache.dat

修改的文件 无信息

删除的文件 无信息

注册表键

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\Steam____________V3.2.exe
HKEY_CURRENT_USER\SOFTWARE\Valve\Steam
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses

读取的注册表键

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext

修改的注册表键 无信息

删除的注册表键 无信息

API解析

ntdll.dll.RtlUnicodeStringToAnsiString
ntdll.dll.RtlAnsiStringToUnicodeString
ntdll.dll._vsnwprintf
ntdll.dll.memset
ntdll.dll.RtlFreeAnsiString
ntdll.dll.RtlFreeHeap
ntdll.dll.RtlDeleteCriticalSection
ntdll.dll.RtlInitializeCriticalSection
ntdll.dll.RtlAllocateHeap
ntdll.dll.CsrVerifyRegion
ntdll.dll.RtlGetNativeSystemInformation
ntdll.dll.NtQuerySystemInformation
ntdll.dll.RtlCreateTagHeap
ntdll.dll.NtQueryInformationProcess
ntdll.dll.NtSetInformationProcess
ntdll.dll.NtClose
ntdll.dll.NtSetInformationFile
ntdll.dll.NtCreateIoCompletion
ntdll.dll.NtSetIoCompletion
ntdll.dll.RtlSetLastWin32Error
ntdll.dll.SbSelectProcedure
ntdll.dll.NtRemoveIoCompletion
ntdll.dll.RtlDeactivateActivationContextUnsafeFast
ntdll.dll.NtRemoveIoCompletionEx
ntdll.dll.RtlActivateActivationContextUnsafeFast
ntdll.dll.NtCreateNamedPipeFile
ntdll.dll.NtOpenFile
ntdll.dll.NtWaitForSingleObject
ntdll.dll.NtFsControlFile
ntdll.dll.NtCreateEvent
ntdll.dll.NtQueryInformationFile
ntdll.dll._allmul
ntdll.dll.RtlSetDaclSecurityDescriptor
ntdll.dll.RtlCreateSecurityDescriptor
ntdll.dll.RtlDefaultNpAcl
ntdll.dll.RtlDosPathNameToNtPathName_U
ntdll.dll.RtlAppendUnicodeStringToString
ntdll.dll._wcsnicmp
ntdll.dll.RtlPrefixString
ntdll.dll.RtlInitUnicodeString
ntdll.dll.RtlFreeUnicodeString
ntdll.dll.RtlDetermineDosPathNameType_U
ntdll.dll.RtlCreateUnicodeString
ntdll.dll.memcpy
ntdll.dll.NtDeviceIoControlFile
ntdll.dll.NtCreateFile
ntdll.dll.RtlTimeToTimeFields
ntdll.dll.RtlTimeFieldsToTime
ntdll.dll.RtlAcquirePrivilege
ntdll.dll.RtlInitializeSRWLock
ntdll.dll.RtlReleaseSRWLockExclusive
ntdll.dll.RtlAcquireSRWLockExclusive
ntdll.dll.RtlCutoverTimeToSystemTime
ntdll.dll.RtlReleaseSRWLockShared
ntdll.dll.RtlAcquireSRWLockShared
ntdll.dll.RtlReleasePrivilege
ntdll.dll.NtSetSystemTime
ntdll.dll.RtlUnicodeStringToInteger
ntdll.dll.wcschr
ntdll.dll.wcscpy_s
ntdll.dll.RtlpCheckDynamicTimeZoneInformation
ntdll.dll._stricmp
ntdll.dll._wcsicmp
ntdll.dll.RtlDeregisterWaitEx
ntdll.dll.RtlCreateTimerQueue
ntdll.dll.NtDelayExecution
ntdll.dll.RtlCreateTimer
ntdll.dll.RtlUpdateTimer
ntdll.dll.RtlDeleteTimer
ntdll.dll.RtlDeleteTimerQueueEx
ntdll.dll.RtlRegisterWait
ntdll.dll.wcsrchr
ntdll.dll.NtQueryValueKey
ntdll.dll.NtOpenKey
ntdll.dll.RtlxAnsiStringToUnicodeSize
ntdll.dll.NlsMbCodePageTag
ntdll.dll.RtlxOemStringToUnicodeSize
ntdll.dll.NlsMbOemCodePageTag
ntdll.dll.RtlxUnicodeStringToOemSize
ntdll.dll.RtlxUnicodeStringToAnsiSize
ntdll.dll.LdrEnumerateLoadedModules
ntdll.dll.NtAllocateVirtualMemory
ntdll.dll._alloca_probe
ntdll.dll.RtlReleasePebLock
ntdll.dll.RtlQueryEnvironmentVariable
ntdll.dll.RtlAcquirePebLock
ntdll.dll.RtlLeaveCriticalSection
ntdll.dll.RtlEnterCriticalSection
ntdll.dll.wcsncmp
ntdll.dll.RtlUnicodeStringToOemString
ntdll.dll.RtlOemStringToUnicodeString
ntdll.dll.RtlRaiseException
ntdll.dll.NtDuplicateObject
ntdll.dll.NtQueryObject
ntdll.dll.NtSetInformationObject
ntdll.dll.NtQueryVolumeInformationFile
ntdll.dll.NtLockFile
ntdll.dll.NtUnlockFile
ntdll.dll.RtlNtStatusToDosError
ntdll.dll.NtReadFile
ntdll.dll.NtWriteFile
ntdll.dll.NtCancelIoFileEx
ntdll.dll.NtReadFileScatter
ntdll.dll.NtWriteFileGather
ntdll.dll.RtlWow64EnableFsRedirectionEx
ntdll.dll.memmove
ntdll.dll.NtFlushBuffersFile
ntdll.dll.NtCreateSection
ntdll.dll.NtOpenSection
ntdll.dll.NtMapViewOfSection
ntdll.dll.NtFlushVirtualMemory
ntdll.dll.RtlFlushSecureMemoryCache
ntdll.dll.NtUnmapViewOfSection
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtFlushInstructionCache
ntdll.dll.NtWriteVirtualMemory
ntdll.dll.NtProtectVirtualMemory
ntdll.dll.NtFreeVirtualMemory
ntdll.dll.NtQueryVirtualMemory
ntdll.dll.NtQuerySystemInformationEx
ntdll.dll.RtlGetCurrentProcessorNumberEx
ntdll.dll.NtOpenProcess
ntdll.dll.RtlExitUserProcess
ntdll.dll.NtTerminateProcess
ntdll.dll.RtlReportSilentProcessExit
ntdll.dll.NtRaiseHardError
ntdll.dll.RtlRaiseStatus
ntdll.dll.RtlInitUnicodeStringEx
ntdll.dll.RtlQueryEnvironmentVariable_U
ntdll.dll.strchr
ntdll.dll.RtlInitAnsiStringEx
ntdll.dll.RtlUpcaseUnicodeChar
ntdll.dll.RtlEqualUnicodeString
ntdll.dll.RtlCompareMemory
ntdll.dll.NtQueryDirectoryObject
ntdll.dll.NtQuerySymbolicLinkObject
ntdll.dll.NtOpenSymbolicLinkObject
ntdll.dll.NtOpenDirectoryObject
ntdll.dll.RtlSetEnvironmentStrings
ntdll.dll.RtlSetEnvironmentVariable
ntdll.dll.RtlSetEnvironmentVar
ntdll.dll.RtlExpandEnvironmentStrings
ntdll.dll.RtlUnicodeToOemN
ntdll.dll.RtlUnicodeToMultiByteSize
ntdll.dll.RtlExpandEnvironmentStrings_U
ntdll.dll.RtlInitializeCriticalSectionAndSpinCount
ntdll.dll.RtlInitializeCriticalSectionEx
ntdll.dll.NtSetEvent
ntdll.dll.NtClearEvent
ntdll.dll.NtPulseEvent
ntdll.dll.NtCreateSemaphore
ntdll.dll.NtReleaseSemaphore
ntdll.dll.NtCreateMutant
ntdll.dll.NtReleaseMutant
ntdll.dll.NtCreateTimer
ntdll.dll.NtSetTimerEx
ntdll.dll.NtCancelTimer
ntdll.dll.NtOpenEvent
ntdll.dll.NtOpenSemaphore
ntdll.dll.NtOpenMutant
ntdll.dll.NtWaitForMultipleObjects
ntdll.dll.NtOpenTimer
ntdll.dll.RtlExitUserThread
ntdll.dll.LdrUnloadAlternateResourceModule
ntdll.dll.LdrRemoveLoadAsDataTable
ntdll.dll.RtlImageNtHeader
ntdll.dll.LdrUnloadDll
ntdll.dll.LdrDisableThreadCalloutsForDll
ntdll.dll.LdrUnlockLoaderLock
ntdll.dll.LdrLockLoaderLock
ntdll.dll.LdrGetDllHandle
ntdll.dll.LdrAddRefDll
ntdll.dll.RtlComputePrivatizedDllName_U
ntdll.dll.RtlPcToFileHeader
ntdll.dll.LdrGetProcedureAddress
ntdll.dll.RtlInitString
ntdll.dll.RtlGetVersion
ntdll.dll.LdrAccessResource
ntdll.dll.RtlReAllocateHeap
ntdll.dll.LdrAddLoadAsDataTable
ntdll.dll.RtlGetActiveActivationContext
ntdll.dll.LdrWx86FormatVirtualImage
ntdll.dll.NtQuerySection
ntdll.dll.LdrGetDllHandleByMapping
ntdll.dll.RtlImageNtHeaderEx
ntdll.dll.RtlDosSearchPath_Ustr
ntdll.dll.LdrGetDllHandleByName
ntdll.dll.RtlDosApplyFileIsolationRedirection_Ustr
ntdll.dll.LdrLoadDll
ntdll.dll.LdrFindResource_U
ntdll.dll.RtlFreeSid
ntdll.dll.RtlSetSaclSecurityDescriptor
ntdll.dll.RtlAddMandatoryAce
ntdll.dll.RtlAddAccessAllowedAce
ntdll.dll.RtlCreateAcl
ntdll.dll.RtlLengthSid
ntdll.dll.RtlAllocateAndInitializeSid
ntdll.dll.DbgPrint
ntdll.dll.NtOpenThread
ntdll.dll.NtSetInformationThread
ntdll.dll.NtQueryInformationThread
ntdll.dll.NtTerminateThread
ntdll.dll.TpCheckTerminateWorker
ntdll.dll.RtlCaptureStackBackTrace
ntdll.dll.NtSuspendThread
ntdll.dll.NtResumeThread
ntdll.dll.RtlClearBits
ntdll.dll.RtlAreBitsSet
ntdll.dll.NtQueueApcThread
ntdll.dll.#8
ntdll.dll.RtlQueryInformationActivationContext
ntdll.dll.RtlFlsAlloc
ntdll.dll.RtlProcessFlsData
ntdll.dll.RtlFlsFree
ntdll.dll.NtYieldExecution
ntdll.dll.RtlFreeActivationContextStack
ntdll.dll.RtlReleaseActivationContext
ntdll.dll.RtlActivateActivationContextEx
ntdll.dll.RtlAllocateActivationContextStack
ntdll.dll.NtCreateThreadEx
ntdll.dll.TpCaptureCaller
ntdll.dll.RtlFindClearBitsAndSet
ntdll.dll.RtlFormatMessageEx
ntdll.dll.RtlInitAnsiString
ntdll.dll.RtlFindMessage
ntdll.dll.RtlLoadString
ntdll.dll.RtlUnicodeToMultiByteN
ntdll.dll.RtlUnlockHeap
ntdll.dll.RtlFreeHandle
ntdll.dll.RtlIsValidHandle
ntdll.dll.RtlLockHeap
ntdll.dll.RtlSetUserValueHeap
ntdll.dll.RtlAllocateHandle
ntdll.dll._aulldiv
ntdll.dll.RtlCreateHeap
ntdll.dll.RtlDestroyHeap
ntdll.dll.RtlQueryHeapInformation
ntdll.dll.RtlValidateHeap
ntdll.dll.RtlGetProcessHeaps
ntdll.dll.RtlCompactHeap
ntdll.dll.RtlWalkHeap
ntdll.dll.RtlSetHeapInformation
ntdll.dll.RtlInitializeHandleTable
ntdll.dll.RtlIsDosDeviceName_U
ntdll.dll.RtlAnsiCharToUnicodeChar
ntdll.dll.RtlIntegerToChar
ntdll.dll.wcsncpy_s
ntdll.dll.RtlGetCurrentDirectory_U
ntdll.dll.RtlSetThreadErrorMode
ntdll.dll.toupper
ntdll.dll.RtlReleaseRelativeName
ntdll.dll.RtlDosPathNameToRelativeNtPathName_U
ntdll.dll.RtlDosPathNameToRelativeNtPathName_U_WithStatus
ntdll.dll.NtQueryAttributesFile
ntdll.dll.RtlDosPathNameToNtPathName_U_WithStatus
ntdll.dll.NtQueryFullAttributesFile
ntdll.dll.NtNotifyChangeDirectoryFile
ntdll.dll.NtQueryDirectoryFile
ntdll.dll.RtlGetFullPathName_UEx
ntdll.dll.RtlSetCurrentDirectory_U
ntdll.dll.#1
ntdll.dll.NtQueryEaFile
ntdll.dll.NtIsProcessInJob
ntdll.dll.NtDuplicateToken
ntdll.dll.NtAllocateLocallyUniqueId
ntdll.dll.NtAccessCheck
ntdll.dll.NtAccessCheckByType
ntdll.dll.NtAccessCheckByTypeResultList
ntdll.dll.NtOpenProcessToken
ntdll.dll.NtOpenThreadToken
ntdll.dll.NtQueryInformationToken
ntdll.dll.NtSetInformationToken
ntdll.dll.NtAdjustPrivilegesToken
ntdll.dll.NtAdjustGroupsToken
ntdll.dll.NtPrivilegeCheck
ntdll.dll.NtAccessCheckAndAuditAlarm
ntdll.dll.NtAccessCheckByTypeAndAuditAlarm
ntdll.dll.NtAccessCheckByTypeResultListAndAuditAlarm
ntdll.dll.NtAccessCheckByTypeResultListAndAuditAlarmByHandle
ntdll.dll.NtOpenObjectAuditAlarm
ntdll.dll.NtPrivilegeObjectAuditAlarm
ntdll.dll.NtCloseObjectAuditAlarm
ntdll.dll.NtDeleteObjectAuditAlarm
ntdll.dll.NtPrivilegedServiceAuditAlarm
ntdll.dll.RtlValidSid
ntdll.dll.RtlEqualSid
ntdll.dll.RtlEqualPrefixSid
ntdll.dll.RtlLengthRequiredSid
ntdll.dll.RtlInitializeSid
ntdll.dll.RtlIdentifierAuthoritySid
ntdll.dll.RtlSubAuthoritySid
ntdll.dll.RtlSubAuthorityCountSid
ntdll.dll.RtlCopySid
ntdll.dll.RtlAreAllAccessesGranted
ntdll.dll.RtlAreAnyAccessesGranted
ntdll.dll.RtlMapGenericMask
ntdll.dll.RtlValidAcl
ntdll.dll.RtlQueryInformationAcl
ntdll.dll.RtlSetInformationAcl
ntdll.dll.RtlAddAce
ntdll.dll.RtlDeleteAce
ntdll.dll.RtlGetAce
ntdll.dll.RtlAddAccessAllowedAceEx
ntdll.dll.RtlAddAccessDeniedAce
ntdll.dll.RtlAddAccessDeniedAceEx
ntdll.dll.RtlAddAuditAccessAce
ntdll.dll.RtlAddAuditAccessAceEx
ntdll.dll.RtlAddAccessAllowedObjectAce
ntdll.dll.RtlAddAccessDeniedObjectAce
ntdll.dll.RtlAddAuditAccessObjectAce
ntdll.dll.RtlFirstFreeAce
ntdll.dll.RtlValidSecurityDescriptor
ntdll.dll.RtlValidRelativeSecurityDescriptor
ntdll.dll.RtlLengthSecurityDescriptor
ntdll.dll.RtlGetControlSecurityDescriptor
ntdll.dll.RtlSetControlSecurityDescriptor
ntdll.dll.RtlGetDaclSecurityDescriptor
ntdll.dll.RtlGetSaclSecurityDescriptor
ntdll.dll.RtlSetOwnerSecurityDescriptor
ntdll.dll.RtlGetOwnerSecurityDescriptor
ntdll.dll.RtlSetGroupSecurityDescriptor
ntdll.dll.RtlGetGroupSecurityDescriptor
ntdll.dll.RtlNewSecurityObject
ntdll.dll.RtlConvertToAutoInheritSecurityObject
ntdll.dll.RtlNewSecurityObjectEx
ntdll.dll.RtlNewSecurityObjectWithMultipleInheritance
ntdll.dll.RtlSetSecurityObject
ntdll.dll.RtlSetSecurityObjectEx
ntdll.dll.RtlQuerySecurityObject
ntdll.dll.RtlDeleteSecurityObject
ntdll.dll.RtlAbsoluteToSelfRelativeSD
ntdll.dll.RtlSelfRelativeToAbsoluteSD
ntdll.dll.NtSetSecurityObject
ntdll.dll.NtQuerySecurityObject
ntdll.dll.RtlImpersonateSelf
ntdll.dll.NtImpersonateAnonymousToken
ntdll.dll.NtFilterToken
ntdll.dll.RtlSelfRelativeToAbsoluteSD2
ntdll.dll.RtlGetSecurityDescriptorRMControl
ntdll.dll.RtlSetSecurityDescriptorRMControl
ntdll.dll.CsrClientConnectToServer
ntdll.dll.RtlUnhandledExceptionFilter
ntdll.dll.RtlGetLocaleFileMappingAddress
ntdll.dll.NtGetNlsSectionPtr
ntdll.dll.RtlNormalizeString
ntdll.dll.wcspbrk
ntdll.dll.RtlLcidToLocaleName
ntdll.dll.EtwEventUnregister
ntdll.dll.EtwEventEnabled
ntdll.dll.EtwEventRegister
ntdll.dll.NtSetDefaultLocale
ntdll.dll.RtlLocaleNameToLcid
ntdll.dll.NtEnumerateValueKey
ntdll.dll.RtlpMuiFreeLangRegistryInfo
ntdll.dll.RtlCultureNameToLCID
ntdll.dll.qsort
ntdll.dll.RtlpIsQualifiedLanguage
ntdll.dll.RtlpGetLCIDFromLangInfoNode
ntdll.dll.RtlpGetNameFromLangInfoNode
ntdll.dll.NtQueryInstallUILanguage
ntdll.dll.RtlLCIDToCultureName
ntdll.dll.RtlpLoadUserUIByPolicy
ntdll.dll.RtlpLoadMachineUIByPolicy
ntdll.dll.RtlpCreateProcessRegistryInfo
ntdll.dll.RtlpInitializeLangRegistryInfo
ntdll.dll.LdrFindResourceEx_U
ntdll.dll.RtlGetFileMUIPath
ntdll.dll.RtlGetUILanguageInfo
ntdll.dll.RtlpGetSystemDefaultUILanguage
ntdll.dll.RtlGetThreadPreferredUILanguages
ntdll.dll.RtlGetProcessPreferredUILanguages
ntdll.dll.RtlpQueryDefaultUILanguage
ntdll.dll.RtlGetSystemPreferredUILanguages
ntdll.dll.RtlGetUserPreferredUILanguages
ntdll.dll.NtCreateKey
ntdll.dll.NtSetValueKey
ntdll.dll.NtDeleteKey
ntdll.dll.NtEnumerateKey
ntdll.dll.RtlIntegerToUnicodeString
ntdll.dll.RtlAppendUnicodeToString
ntdll.dll.RtlCopyUnicodeString
ntdll.dll.EtwEventWrite
ntdll.dll.RtlOpenCurrentUser
ntdll.dll.NtQueryDefaultLocale
ntdll.dll.NtNotifyChangeKey
ntdll.dll.swprintf_s
ntdll.dll.RtlUTF8ToUnicodeN
ntdll.dll.RtlUnicodeToUTF8N
ntdll.dll.NtDeleteValueKey
ntdll.dll.RtlUnwind
ntdll.dll.DbgPrintEx
ntdll.dll.RtlSetLastWin32ErrorAndNtStatusFromNtStatus
ntdll.dll.TpAllocPool
ntdll.dll.TpSetPoolMinThreads
ntdll.dll.TpSetPoolStackInformation
ntdll.dll.TpQueryPoolStackInformation
ntdll.dll.TpAllocCleanupGroup
ntdll.dll.TpSimpleTryPost
ntdll.dll.TpAllocWork
ntdll.dll.TpAllocTimer
ntdll.dll.TpAllocWait
ntdll.dll.TpAllocIoCompletion
ntdll.dll.TpCallbackMayRunLong
ntdll.dll.NtQueryMultipleValueKey
ntdll.dll.RtlCaptureContext
ntdll.dll.RtlConvertSidToUnicodeString
ntdll.dll.RtlRunOnceInitialize
ntdll.dll.NtResetEvent
ntdll.dll.strncat
ntdll.dll._strlwr
ntdll.dll.RtlpConvertCultureNamesToLCIDs
ntdll.dll.RtlpConvertLCIDsToCultureNames
ntdll.dll.RtlSetProcessPreferredUILanguages
ntdll.dll.RtlIdnToUnicode
ntdll.dll.RtlIdnToNameprepUnicode
ntdll.dll.RtlIdnToAscii
ntdll.dll.RtlIsNormalizedString
ntdll.dll._ui64tow
ntdll.dll._wtol
ntdll.dll._wcslwr
ntdll.dll.wcsncpy
ntdll.dll.RtlReadThreadProfilingData
ntdll.dll.RtlQueryThreadProfiling
ntdll.dll.RtlDisableThreadProfiling
ntdll.dll.RtlEnableThreadProfiling
ntdll.dll.RtlSetExtendedFeaturesMask
ntdll.dll.RtlGetExtendedFeaturesMask
ntdll.dll.RtlLocateExtendedFeature
ntdll.dll.RtlCopyContext
ntdll.dll.RtlGetEnabledExtendedFeatures
ntdll.dll.RtlGetExtendedContextLength
ntdll.dll.RtlInitializeExtendedContext
ntdll.dll.RtlLocateLegacyContext
ntdll.dll.NtRaiseException
ntdll.dll.EtwEventWriteNoRegistration
ntdll.dll.RtlSetIoCompletionCallback
ntdll.dll.RtlQueueWorkItem
ntdll.dll.RtlDeregisterWait
ntdll.dll.NtResetWriteWatch
ntdll.dll.NtGetWriteWatch
ntdll.dll.NtMapUserPhysicalPagesScatter
ntdll.dll.NtMapUserPhysicalPages
ntdll.dll.NtFreeUserPhysicalPages
ntdll.dll.NtAllocateUserPhysicalPages
ntdll.dll.NtUnlockVirtualMemory
ntdll.dll.NtLockVirtualMemory
ntdll.dll.RtlComputeImportTableHash
ntdll.dll.bsearch
ntdll.dll.RtlEncodeSystemPointer
ntdll.dll.RtlFindCharInUnicodeString
ntdll.dll.RtlNtPathNameToDosPathName
ntdll.dll.NtApphelpCacheControl
ntdll.dll.RtlRandom
ntdll.dll.RtlFindActivationContextSectionGuid
ntdll.dll.RtlFindActivationContextSectionString
ntdll.dll.RtlDoesFileExists_U
ntdll.dll.RtlCreateActivationContext
ntdll.dll.RtlSetThreadPreferredUILanguages
ntdll.dll.RtlQueryActivationContextApplicationSettings
ntdll.dll.RtlMultiAppendUnicodeStringBuffer
ntdll.dll.RtlpEnsureBufferSize
ntdll.dll.RtlGetLengthWithoutLastFullDosOrNtPathElement
ntdll.dll.RtlpApplyLengthFunction
ntdll.dll.RtlDeactivateActivationContext
ntdll.dll.RtlActivateActivationContext
ntdll.dll.RtlZombifyActivationContext
ntdll.dll.RtlAddRefActivationContext
ntdll.dll.NtSetInformationJobObject
ntdll.dll.NtCreateJobSet
ntdll.dll.NtQueryInformationJobObject
ntdll.dll.NtTerminateJobObject
ntdll.dll.NtAssignProcessToJobObject
ntdll.dll.NtOpenJobObject
ntdll.dll.NtCreateJobObject
ntdll.dll.tolower
ntdll.dll.atol
ntdll.dll.isdigit
ntdll.dll.RtlCopyLuid
ntdll.dll.RtlFreeOemString
ntdll.dll.RtlCreateEnvironment
ntdll.dll.RtlCreateEnvironmentEx
ntdll.dll.RtlDestroyEnvironment
ntdll.dll.NtQueryEvent
ntdll.dll.CsrClientCallServer
ntdll.dll.CsrAllocateCaptureBuffer
ntdll.dll.CsrAllocateMessagePointer
ntdll.dll.CsrFreeCaptureBuffer
ntdll.dll.RtlCreateQueryDebugBuffer
ntdll.dll.RtlQueryProcessDebugInformation
ntdll.dll.RtlDestroyQueryDebugBuffer
ntdll.dll.RtlFreeUserStack
ntdll.dll.RtlCreateUserStack
ntdll.dll.NtSetContextThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtSignalAndWaitForSingleObject
ntdll.dll.RtlRunOnceComplete
ntdll.dll.RtlRunOnceBeginInitialize
ntdll.dll.RtlRunOnceExecuteOnce
ntdll.dll.RtlSleepConditionVariableSRW
ntdll.dll.RtlSleepConditionVariableCS
ntdll.dll.NtOpenPrivateNamespace
ntdll.dll.NtCreatePrivateNamespace
ntdll.dll.NtDeletePrivateNamespace
ntdll.dll.RtlAddIntegrityLabelToBoundaryDescriptor
ntdll.dll.RtlAddSIDToBoundaryDescriptor
ntdll.dll.RtlCreateBoundaryDescriptor
ntdll.dll.strcpy_s
ntdll.dll.NtReplacePartitionUnit
ntdll.dll.RtlCompareUnicodeString
ntdll.dll.RtlQueryRegistryValues
ntdll.dll.RtlDecodeSystemPointer
ntdll.dll.RtlWow64LogMessageInEventLogger
ntdll.dll.NtIsSystemResumeAutomatic
ntdll.dll.NtGetDevicePowerState
ntdll.dll.NtSetThreadExecutionState
ntdll.dll.NtInitiatePowerAction
ntdll.dll.NtPowerInformation
ntdll.dll.NtSetVolumeInformationFile
ntdll.dll.RtlGetFullPathName_U
ntdll.dll.RtlIsNameLegalDOS8Dot3
ntdll.dll._allshl
ntdll.dll.LdrLoadAlternateResourceModuleEx
ntdll.dll.LdrLoadAlternateResourceModule
ntdll.dll.LdrpResGetMappingSize
ntdll.dll.LdrRscIsTypeExist
ntdll.dll._strcmpi
ntdll.dll.strncat_s
ntdll.dll.wcstoul
ntdll.dll.LdrGetFileNameFromLoadAsDataTable
ntdll.dll.LdrResFindResourceDirectory
ntdll.dll.LdrResFindResource
ntdll.dll.LdrpResGetResourceDirectory
ntdll.dll.RtlImageDirectoryEntryToData
ntdll.dll.LdrResGetRCConfig
ntdll.dll.RtlVerifyVersionInfo
ntdll.dll.RtlGetProductInfo
ntdll.dll.NtCreateMailslotFile
ntdll.dll.RtlExtendedLargeIntegerDivide
ntdll.dll.RtlCleanUpTEBLangLists
ntdll.dll.RtlSetThreadPoolStartFunc
ntdll.dll.LdrSetDllManifestProber
ntdll.dll.RtlSetUserCallbackExceptionFilter
ntdll.dll.RtlSetUnhandledExceptionFilter
ntdll.dll.RtlEncodePointer
ntdll.dll.LdrQueryImageFileExecutionOptions
ntdll.dll.RtlDeregisterSecureMemoryCacheCallback
ntdll.dll.RtlRegisterSecureMemoryCacheCallback
ntdll.dll.RtlSizeHeap
ntdll.dll.RtlGetUserInfoHeap
ntdll.dll.NtSetSystemEnvironmentValueEx
ntdll.dll.RtlGUIDFromString
ntdll.dll.NtQuerySystemEnvironmentValueEx
ntdll.dll._alldiv
ntdll.dll.RtlGetLastNtStatus
ntdll.dll.NtCreateKeyTransacted
ntdll.dll.RtlWow64EnableFsRedirection
ntdll.dll.NtCancelIoFile
ntdll.dll.NtCancelSynchronousIoFile
ntdll.dll.RtlGetThreadErrorMode
ntdll.dll.RtlNtStatusToDosErrorNoTeb
ntdll.dll.RtlQueryElevationFlags
ntdll.dll.RtlCharToInteger
ntdll.dll.strncpy_s
ntdll.dll.RtlGetLongestNtPathLength
ntdll.dll.RtlEqualString
ntdll.dll.RtlIsTextUnicode
ntdll.dll.RtlFormatCurrentUserKeyPath
ntdll.dll.RtlPrefixUnicodeString
ntdll.dll.RtlMultiByteToUnicodeSize
ntdll.dll.RtlMultiByteToUnicodeN
ntdll.dll.RtlQueryAtomInAtomTable
ntdll.dll.NtQueryInformationAtom
ntdll.dll.RtlDeleteAtomFromAtomTable
ntdll.dll.NtDeleteAtom
ntdll.dll.RtlLookupAtomInAtomTable
ntdll.dll.NtFindAtom
ntdll.dll.RtlAddAtomToAtomTable
ntdll.dll.NtAddAtom
ntdll.dll.RtlCreateAtomTable
ntdll.dll.RtlDestroyAtomTable
ntdll.dll.DbgUiStopDebugging
ntdll.dll.DbgUiContinue
ntdll.dll.DbgUiWaitStateChange
ntdll.dll.DbgUiConvertStateChangeStructure
ntdll.dll.DbgUiGetThreadDebugObject
ntdll.dll.NtSetInformationDebugObject
ntdll.dll.DbgUiIssueRemoteBreakin
ntdll.dll.DbgUiConnectToDbg
ntdll.dll.DbgUiDebugActiveProcess
ntdll.dll.CsrGetProcessId
ntdll.dll.NtSetSystemInformation
ntdll.dll.RtlGetCurrentTransaction
ntdll.dll.RtlSetCurrentTransaction
ntdll.dll.wcscat_s
ntdll.dll.wcsstr
ntdll.dll.RtlCreateUnicodeStringFromAsciiz
ntdll.dll.RtlDnsHostNameToComputerName
ntdll.dll.wcscspn
ntdll.dll._memicmp
ntdll.dll.NtFlushKey
ntdll.dll.NtSetEaFile
ntdll.dll.RtlInitializeExceptionChain
ntdll.dll.NtWow64WriteVirtualMemory64
ntdll.dll.RtlDestroyProcessParameters
ntdll.dll.RtlCreateProcessParametersEx
ntdll.dll.NtRemoveProcessDebug
ntdll.dll.LdrQueryImageFileKeyOption
ntdll.dll.NtCreateUserProcess
ntdll.dll.RtlGetFullPathName_UstrEx
ntdll.dll.RtlDecodePointer
ntdll.dll.RtlKnownExceptionFilter
ntdll.dll.NtRequestWaitReplyPort
ntdll.dll.NtOpenKeyTransacted
ntdll.dll.NtQueryKey
ntdll.dll.NtOpenKeyEx
ntdll.dll.NtOpenKeyTransactedEx
ntdll.dll.NtLoadKey
ntdll.dll.NtUnloadKey
ntdll.dll.NtNotifyChangeMultipleKeys
ntdll.dll.NtRestoreKey
ntdll.dll.NtSaveKeyEx
ntdll.dll.RtlMakeSelfRelativeSD
ntdll.dll._strnicmp
ntdll.dll.strncmp
ntdll.dll.RtlTryAcquirePebLock
ntdll.dll._vsnprintf
ntdll.dll.RtlWerpReportException
ntdll.dll.LdrResSearchResource
ntdll.dll.NtWow64ReadVirtualMemory64
ntdll.dll.NtWow64QueryInformationProcess64
ntdll.dll.WerReportSQMEvent
ntdll.dll.VerSetConditionMask
ntdll.dll.WinSqmIsOptedIn
ntdll.dll.strcat_s
ntdll.dll._aullrem
kernelbase.dll.BaseReleaseProcessDllPath
kernelbase.dll.BaseGetProcessExePath
kernelbase.dll.BaseGetProcessDllPath
kernelbase.dll.LoadStringByReference
kernelbase.dll.InternalLcidToName
kernelbase.dll.NlsIsUserDefaultLocale
kernelbase.dll.GetUserInfo
kernelbase.dll.GetPtrCalDataArray
kernelbase.dll.GetPtrCalData
kernelbase.dll.GetStringTableEntry
kernelbase.dll.CheckGroupPolicyEnabled
kernelbase.dll.OpenRegKey
kernelbase.dll.GetCPHashNode
kernelbase.dll.Internal_EnumSystemCodePages
kernelbase.dll.Internal_EnumUILanguages
kernelbase.dll.Internal_EnumLanguageGroupLocales
kernelbase.dll.Internal_EnumSystemLanguageGroups
kernelbase.dll.Internal_EnumDateFormats
kernelbase.dll.Internal_EnumTimeFormats
kernelbase.dll.KernelBaseGetGlobalData
kernelbase.dll.InvalidateTzSpecificCache
kernelbase.dll.IsDBCSLeadByte
kernelbase.dll.CreateFileMappingNumaW
kernelbase.dll.CompareStringA
kernelbase.dll.LoadStringBaseExW
kernelbase.dll.BaseInvalidateDllSearchPathCache
kernelbase.dll.BaseInvalidateProcessSearchPathCache
kernelbase.dll.BaseDllFreeResourceId
kernelbase.dll.BaseDllMapResourceIdW
kernelbase.dll.GetUserDefaultUILanguage
kernelbase.dll.EnumUILanguagesW
kernelbase.dll.AreFileApisANSI
kernelbase.dll.EnumCalendarInfoExW
kernelbase.dll.EnumCalendarInfoW
kernelbase.dll.EnumDateFormatsExW
kernelbase.dll.EnumDateFormatsW
kernelbase.dll.EnumLanguageGroupLocalesW
kernelbase.dll.EnumSystemCodePagesW
kernelbase.dll.EnumSystemLanguageGroupsW
kernelbase.dll.EnumSystemLocalesEx
kernelbase.dll.EnumSystemLocalesW
kernelbase.dll.EnumTimeFormatsW
kernelbase.dll.GetLocaleInfoA
kernelbase.dll.GetStringTypeA
kernelbase.dll.GetSystemDefaultUILanguage
kernelbase.dll.IsDBCSLeadByteEx
kernelbase.dll.MapViewOfFileExNuma
kernelbase.dll.SetFileApisToANSI
kernelbase.dll.SetFileApisToOEM
kernelbase.dll.VirtualAllocExNuma
kernelbase.dll.EnumCalendarInfoExEx
kernelbase.dll.EnumDateFormatsExEx
kernelbase.dll.EnumTimeFormatsEx
kernelbase.dll.GetCurrencyFormatEx
kernelbase.dll.GetEraNameCountedString
kernelbase.dll.GetNumberFormatEx
kernelbase.dll.GetSystemDefaultLocaleName
kernelbase.dll.GetUserDefaultLocaleName
kernelbase.dll.LCIDToLocaleName
kernelbase.dll.GetNamedLocaleHashNode
kernelbase.dll.GetLocaleInfoHelper
kernelbase.dll.GetUserInfoWord
kernelbase.dll.GetCalendar
kernelbase.dll.SpecialMBToWC
kernelbase.dll.Internal_EnumCalendarInfo
kernelbase.dll.NlsValidateLocale
kernelbase.dll.BaseReleaseProcessExePath
kernelbase.dll.TlsGetValue
kernelbase.dll.SetThreadPriority
kernelbase.dll.SetProcessShutdownParameters
kernelbase.dll.SetPriorityClass
kernelbase.dll.ResumeThread
kernelbase.dll.QueueUserAPC
kernelbase.dll.ProcessIdToSessionId
kernelbase.dll.OpenThread
kernelbase.dll.GetThreadPriorityBoost
kernelbase.dll.GetThreadPriority
kernelbase.dll.GetStartupInfoW
kernelbase.dll.GetProcessTimes
kernelbase.dll.GetPriorityClass
kernelbase.dll.GetExitCodeThread
kernelbase.dll.GetCurrentThreadId
kernelbase.dll.GetCurrentThread
kernelbase.dll.GetProcessId
kernelbase.dll.GetProcessIdOfThread
kernelbase.dll.GetThreadId
kernelbase.dll.GetCurrentProcessId
kernelbase.dll.CreateRemoteThreadEx
kernelbase.dll.GetExitCodeProcess
kernelbase.dll.TlsFree
kernelbase.dll.TlsAlloc
kernelbase.dll.TerminateThread
kernelbase.dll.TerminateProcess
kernelbase.dll.SwitchToThread
kernelbase.dll.SuspendThread
kernelbase.dll.SetThreadStackGuarantee
kernelbase.dll.SetThreadPriorityBoost
kernelbase.dll.OpenProcessToken
kernelbase.dll.TlsSetValue
kernelbase.dll.SetProcessAffinityUpdateMode
kernelbase.dll.QueryProcessAffinityUpdateMode
kernelbase.dll.GetProcessVersion
kernelbase.dll.CreateRemoteThread
kernelbase.dll.InitializeProcThreadAttributeList
kernelbase.dll.UpdateProcThreadAttribute
kernelbase.dll.DeleteProcThreadAttributeList
kernelbase.dll.GetCurrentProcess
kernelbase.dll.HeapCreate
kernelbase.dll.HeapSetInformation
kernelbase.dll.HeapQueryInformation
kernelbase.dll.HeapLock
kernelbase.dll.HeapDestroy
kernelbase.dll.GetProcessHeap
kernelbase.dll.GetProcessHeaps
kernelbase.dll.HeapWalk
kernelbase.dll.HeapValidate
kernelbase.dll.HeapUnlock
kernelbase.dll.HeapCompact
kernelbase.dll.HeapSummary
kernelbase.dll.MapViewOfFileEx
kernelbase.dll.ReadProcessMemory
kernelbase.dll.UnmapViewOfFile
kernelbase.dll.VirtualAlloc
kernelbase.dll.VirtualAllocEx
kernelbase.dll.VirtualFree
kernelbase.dll.VirtualFreeEx
kernelbase.dll.VirtualProtect
kernelbase.dll.WriteProcessMemory
kernelbase.dll.VirtualQueryEx
kernelbase.dll.VirtualQuery
kernelbase.dll.VirtualProtectEx
kernelbase.dll.FlushViewOfFile
kernelbase.dll.CreateFileMappingW
kernelbase.dll.OpenFileMappingW
kernelbase.dll.MapViewOfFile
kernelbase.dll.DuplicateHandle
kernelbase.dll.GetHandleInformation
kernelbase.dll.SetHandleInformation
kernelbase.dll.CloseHandle
kernelbase.dll.OpenProcess
kernelbase.dll.OpenSemaphoreW
kernelbase.dll.OpenWaitableTimerW
kernelbase.dll.ReleaseMutex
kernelbase.dll.ReleaseSemaphore
kernelbase.dll.OpenMutexW
kernelbase.dll.SetEvent
kernelbase.dll.SetWaitableTimer
kernelbase.dll.SleepEx
kernelbase.dll.WaitForMultipleObjectsEx
kernelbase.dll.WaitForSingleObjectEx
kernelbase.dll.OpenEventW
kernelbase.dll.OpenEventA
kernelbase.dll.InitializeCriticalSectionEx
kernelbase.dll.InitializeCriticalSectionAndSpinCount
kernelbase.dll.CreateWaitableTimerExW
kernelbase.dll.CreateSemaphoreExW
kernelbase.dll.CreateEventA
kernelbase.dll.CreateEventW
kernelbase.dll.CancelWaitableTimer
kernelbase.dll.CreateEventExA
kernelbase.dll.CreateEventExW
kernelbase.dll.CreateMutexA
kernelbase.dll.CreateMutexExA
kernelbase.dll.CreateMutexExW
kernelbase.dll.ResetEvent
kernelbase.dll.CreateMutexW
kernelbase.dll.GetFullPathNameW
kernelbase.dll.GetFullPathNameA
kernelbase.dll.SetFileTime
kernelbase.dll.QueryDosDeviceW
kernelbase.dll.CreateFileW
kernelbase.dll.LockFile
kernelbase.dll.GetFileSize
kernelbase.dll.SetEndOfFile
kernelbase.dll.WriteFile
kernelbase.dll.SetFilePointer
kernelbase.dll.ReadFile
kernelbase.dll.WriteFileEx
kernelbase.dll.WriteFileGather
kernelbase.dll.GetFinalPathNameByHandleA
kernelbase.dll.GetFinalPathNameByHandleW
kernelbase.dll.RemoveDirectoryW
kernelbase.dll.GetDiskFreeSpaceW
kernelbase.dll.CreateDirectoryW
kernelbase.dll.DefineDosDeviceW
kernelbase.dll.FindFirstFileExA
kernelbase.dll.FindFirstFileExW
kernelbase.dll.FindClose
kernelbase.dll.GetFileType
kernelbase.dll.FlushFileBuffers
kernelbase.dll.SetFileAttributesW
kernelbase.dll.GetFileAttributesExW
kernelbase.dll.DeleteFileW
kernelbase.dll.GetFileTime
kernelbase.dll.DeleteFileA
kernelbase.dll.GetFileAttributesA
kernelbase.dll.FindNextFileW
kernelbase.dll.FindFirstFileW
kernelbase.dll.GetLogicalDriveStringsW
kernelbase.dll.GetTempFileNameW
kernelbase.dll.GetVolumeInformationW
kernelbase.dll.CompareFileTime
kernelbase.dll.CreateDirectoryA
kernelbase.dll.FileTimeToLocalFileTime
kernelbase.dll.FileTimeToSystemTime
kernelbase.dll.FindCloseChangeNotification
kernelbase.dll.FindFirstFileA
kernelbase.dll.FindFirstChangeNotificationA
kernelbase.dll.FindFirstChangeNotificationW
kernelbase.dll.FindNextChangeNotification
kernelbase.dll.FindNextFileA
kernelbase.dll.GetDiskFreeSpaceA
kernelbase.dll.GetDiskFreeSpaceExA
kernelbase.dll.GetDiskFreeSpaceExW
kernelbase.dll.UnlockFileEx
kernelbase.dll.GetDriveTypeA
kernelbase.dll.GetDriveTypeW
kernelbase.dll.GetFileAttributesExA
kernelbase.dll.GetFileAttributesW
kernelbase.dll.GetFileInformationByHandle
kernelbase.dll.GetFileSizeEx
kernelbase.dll.GetVolumeInformationByHandleW
kernelbase.dll.LocalFileTimeToFileTime
kernelbase.dll.LockFileEx
kernelbase.dll.ReadFileScatter
kernelbase.dll.ReadFileEx
kernelbase.dll.RemoveDirectoryA
kernelbase.dll.SetFileAttributesA
kernelbase.dll.SetFileInformationByHandle
kernelbase.dll.SetFilePointerEx
kernelbase.dll.SetFileValidData
kernelbase.dll.UnlockFile
kernelbase.dll.PostQueuedCompletionStatus
kernelbase.dll.GetQueuedCompletionStatusEx
kernelbase.dll.GetQueuedCompletionStatus
kernelbase.dll.CreateIoCompletionPort
kernelbase.dll.CancelIoEx
kernelbase.dll.GetOverlappedResult
kernelbase.dll.DeviceIoControl
kernelbase.dll.ChangeTimerQueueTimer
kernelbase.dll.CreateTimerQueue
kernelbase.dll.UnregisterWaitEx
kernelbase.dll.DeleteTimerQueueTimer
kernelbase.dll.DeleteTimerQueueEx
kernelbase.dll.CreateTimerQueueTimer
kernelbase.dll.GetModuleHandleA
kernelbase.dll.GetModuleHandleW
kernelbase.dll.GetModuleHandleExA
kernelbase.dll.GetModuleHandleExW
kernelbase.dll.LoadResource
kernelbase.dll.LockResource
kernelbase.dll.SizeofResource
kernelbase.dll.GetProcAddress
kernelbase.dll.GetModuleFileNameA
kernelbase.dll.FreeLibraryAndExitThread
kernelbase.dll.FindStringOrdinal
kernelbase.dll.DisableThreadLibraryCalls
kernelbase.dll.LoadLibraryExA
kernelbase.dll.GetModuleFileNameW
kernelbase.dll.FindResourceExW
kernelbase.dll.FreeLibrary
kernelbase.dll.LoadLibraryExW
kernelbase.dll.FreeResource
kernelbase.dll.PeekNamedPipe
kernelbase.dll.DisconnectNamedPipe
kernelbase.dll.CreatePipe
kernelbase.dll.ConnectNamedPipe
kernelbase.dll.GetNamedPipeAttribute
kernelbase.dll.GetNamedPipeClientComputerNameW
kernelbase.dll.WaitNamedPipeW
kernelbase.dll.SetNamedPipeHandleState
kernelbase.dll.CreateNamedPipeW
kernelbase.dll.TransactNamedPipe
kernelbase.dll.IsWow64Process
kernelbase.dll.LCMapStringA
kernelbase.dll.LocalLock
kernelbase.dll.LocalReAlloc
kernelbase.dll.LocalUnlock
kernelbase.dll.GlobalAlloc
kernelbase.dll.FormatMessageW
kernelbase.dll.FormatMessageA
kernelbase.dll.NeedCurrentDirectoryForExePathA
kernelbase.dll.EnumSystemLocalesA
kernelbase.dll.PulseEvent
kernelbase.dll.Sleep
kernelbase.dll.Wow64DisableWow64FsRedirection
kernelbase.dll.Wow64RevertWow64FsRedirection
kernelbase.dll.lstrcmpW
kernelbase.dll.lstrcmpiW
kernelbase.dll.lstrcpynA
kernelbase.dll.lstrcpynW
kernelbase.dll.lstrlenA
kernelbase.dll.FatalAppExitA
kernelbase.dll.NeedCurrentDirectoryForExePathW
kernelbase.dll.FatalAppExitW
kernelbase.dll.LocalAlloc
kernelbase.dll.GlobalFree
kernelbase.dll.lstrlenW
kernelbase.dll.LocalFree
kernelbase.dll.IsProcessInJob
kernelbase.dll.GetLocalTime
kernelbase.dll.GetSystemTimeAdjustment
kernelbase.dll.GetSystemTimeAsFileTime
kernelbase.dll.GetTickCount64
kernelbase.dll.GetTimeZoneInformation
kernelbase.dll.GetTimeZoneInformationForYear
kernelbase.dll.GetVersion
kernelbase.dll.GetVersionExA
kernelbase.dll.GetVersionExW
kernelbase.dll.GetWindowsDirectoryW
kernelbase.dll.SetLocalTime
kernelbase.dll.SystemTimeToTzSpecificLocalTime
kernelbase.dll.TzSpecificLocalTimeToSystemTime
kernelbase.dll.GetDynamicTimeZoneInformation
kernelbase.dll.GetLogicalProcessorInformation
kernelbase.dll.GetSystemInfo
kernelbase.dll.GetLogicalProcessorInformationEx
kernelbase.dll.GetWindowsDirectoryA
kernelbase.dll.GlobalMemoryStatusEx
kernelbase.dll.GetTickCount
kernelbase.dll.GetSystemTime
kernelbase.dll.SystemTimeToFileTime
kernelbase.dll.GetComputerNameExW
kernelbase.dll.GetComputerNameExA
kernelbase.dll.VerLanguageNameA
kernelbase.dll.FindNLSStringEx
kernelbase.dll.SetThreadLocale
kernelbase.dll.NlsWriteEtwEvent
kernelbase.dll.NlsEventDataDescCreate
kernelbase.dll.ConvertDefaultLocale
kernelbase.dll.VerLanguageNameW
kernelbase.dll.SetLocaleInfoW
kernelbase.dll.SetCalendarInfoW
kernelbase.dll.LCMapStringW
kernelbase.dll.IsValidLocale
kernelbase.dll.IsValidLanguageGroup
kernelbase.dll.IsValidCodePage
kernelbase.dll.IsNLSDefinedString
kernelbase.dll.GetUserDefaultLCID
kernelbase.dll.GetUserDefaultLangID
kernelbase.dll.GetThreadLocale
kernelbase.dll.GetSystemDefaultLCID
kernelbase.dll.GetSystemDefaultLangID
kernelbase.dll.GetProcessPreferredUILanguages
kernelbase.dll.GetOEMCP
kernelbase.dll.GetLocaleInfoW
kernelbase.dll.GetCPInfoExW
kernelbase.dll.GetCPInfo
kernelbase.dll.GetACP
kernelbase.dll.GetFileMUIPath
kernelbase.dll.FindNLSString
kernelbase.dll.NlsUpdateSystemLocale
kernelbase.dll.NlsUpdateLocale
kernelbase.dll.NlsGetCacheUpdateCount
kernelbase.dll.NlsCheckPolicy
kernelbase.dll.GetCalendarInfoW
kernelbase.dll.GetCalendarInfoEx
kernelbase.dll.GetLocaleInfoEx
kernelbase.dll.GetSystemPreferredUILanguages
kernelbase.dll.GetThreadPreferredUILanguages
kernelbase.dll.GetThreadUILanguage
kernelbase.dll.GetUILanguageInfo
kernelbase.dll.GetUserPreferredUILanguages
kernelbase.dll.IsValidLocaleName
kernelbase.dll.LCMapStringEx
kernelbase.dll.LocaleNameToLCID
kernelbase.dll.ResolveLocaleName
kernelbase.dll.GetFileMUIInfo
kernelbase.dll.GetEnvironmentStrings
kernelbase.dll.GetEnvironmentVariableW
kernelbase.dll.SearchPathW
kernelbase.dll.SetStdHandleEx
kernelbase.dll.ExpandEnvironmentStringsA
kernelbase.dll.ExpandEnvironmentStringsW
kernelbase.dll.FreeEnvironmentStringsA
kernelbase.dll.FreeEnvironmentStringsW
kernelbase.dll.GetCommandLineA
kernelbase.dll.GetCommandLineW
kernelbase.dll.GetCurrentDirectoryA
kernelbase.dll.GetCurrentDirectoryW
kernelbase.dll.GetEnvironmentStringsW
kernelbase.dll.SetEnvironmentStringsW
kernelbase.dll.GetEnvironmentVariableA
kernelbase.dll.GetStdHandle
kernelbase.dll.SetCurrentDirectoryA
kernelbase.dll.SetCurrentDirectoryW
kernelbase.dll.SetEnvironmentVariableA
kernelbase.dll.SetEnvironmentVariableW
kernelbase.dll.SetStdHandle
kernelbase.dll.GetStringTypeW
kernelbase.dll.GetStringTypeExW
kernelbase.dll.FoldStringW
kernelbase.dll.CompareStringW
kernelbase.dll.WideCharToMultiByte
kernelbase.dll.CompareStringOrdinal
kernelbase.dll.CompareStringEx
kernelbase.dll.MultiByteToWideChar
kernelbase.dll.DebugBreak
kernelbase.dll.OutputDebugStringA
kernelbase.dll.OutputDebugStringW
kernelbase.dll.IsDebuggerPresent
kernelbase.dll.GetLastError
kernelbase.dll.GetErrorMode
kernelbase.dll.RaiseException
kernelbase.dll.SetErrorMode
kernelbase.dll.SetLastError
kernelbase.dll.FlsAlloc
kernelbase.dll.FlsFree
kernelbase.dll.FlsGetValue
kernelbase.dll.FlsSetValue
kernelbase.dll.Beep
kernelbase.dll.QueryPerformanceFrequency
kernelbase.dll.QueryPerformanceCounter
kernelbase.dll.AllocateAndInitializeSid
kernelbase.dll.FreeSid
kernelbase.dll.DuplicateToken
kernelbase.dll.AccessCheck
ntdll.dll.wcstol
ntdll.dll.RtlQueryInformationActiveActivationContext
ntdll.dll.NtVdmControl
ntdll.dll.RtlIsThreadWithinLoaderCallout
ntdll.dll.RtlGetIntegerAtom
ntdll.dll.RtlRetrieveNtUserPfn
ntdll.dll.RtlInitializeNtUserPfn
ntdll.dll._allshr
ntdll.dll.NtCallbackReturn
ntdll.dll._chkstk
ntdll.dll.CsrCaptureMessageBuffer
ntdll.dll.RtlRunDecodeUnicodeString
ntdll.dll.RtlRunEncodeUnicodeString
ntdll.dll.RtlGetThreadLangIdByIndex
ntdll.dll.sscanf_s
ntdll.dll.strrchr
ntdll.dll.wcsncat_s
ntdll.dll.RtlCheckRegistryKey
ntdll.dll.LdrFlushAlternateResourceModules
ntdll.dll.iswspace
ntdll.dll._wtoi
ntdll.dll._aulldvrm
ntdll.dll.NlsAnsiCodePage
gdi32.dll.GetClipRgn
gdi32.dll.ExtSelectClipRgn
gdi32.dll.GetHFONT
gdi32.dll.GetMapMode
gdi32.dll.SetGraphicsMode
gdi32.dll.GetClipBox
gdi32.dll.CreateRectRgn
gdi32.dll.CreateRectRgnIndirect
gdi32.dll.SetLayout
gdi32.dll.GetBoundsRect
gdi32.dll.ExcludeClipRect
gdi32.dll.PlayEnhMetaFile
gdi32.dll.Ellipse
gdi32.dll.CreateEllipticRgn
gdi32.dll.GdiFixUpHandle
gdi32.dll.CreatePen
gdi32.dll.Rectangle
gdi32.dll.GetTextCharacterExtra
gdi32.dll.SetTextCharacterExtra
gdi32.dll.GetCurrentObject
gdi32.dll.GetViewportOrgEx
gdi32.dll.SetViewportOrgEx
gdi32.dll.PolyPatBlt
gdi32.dll.CreateBrushIndirect
gdi32.dll.SetBoundsRect
gdi32.dll.CopyEnhMetaFileW
gdi32.dll.CopyMetaFileW
gdi32.dll.GetPaletteEntries
gdi32.dll.CreatePalette
gdi32.dll.SetPaletteEntries
gdi32.dll.GetPixel
gdi32.dll.ExtTextOutA
gdi32.dll.GetTextCharsetInfo
gdi32.dll.QueryFontAssocStatus
gdi32.dll.GetCharWidthInfo
gdi32.dll.GetCharWidthA
gdi32.dll.GetTextFaceW
gdi32.dll.GetCharABCWidthsA
gdi32.dll.GetCharABCWidthsW
gdi32.dll.SetBrushOrgEx
gdi32.dll.CreateFontIndirectW
gdi32.dll.EnumFontsW
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetTextMetricsW
gdi32.dll.GetTextColor
gdi32.dll.GdiGetCodePage
gdi32.dll.GetTextCharset
gdi32.dll.GetBkMode
gdi32.dll.GetViewportExtEx
gdi32.dll.GetWindowExtEx
gdi32.dll.GdiGetCharDimensions
gdi32.dll.GdiPrinterThunk
gdi32.dll.GdiLoadType1Fonts
gdi32.dll.GdiAddFontResourceW
gdi32.dll.TranslateCharsetInfo
gdi32.dll.SaveDC
gdi32.dll.OffsetWindowOrgEx
gdi32.dll.RestoreDC
gdi32.dll.ExtTextOutW
gdi32.dll.GetDIBits
gdi32.dll.CreateDIBSection
gdi32.dll.SetStretchBltMode
gdi32.dll.SelectPalette
gdi32.dll.RealizePalette
gdi32.dll.SetDIBits
gdi32.dll.CreateDCW
gdi32.dll.CreateDIBitmap
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.SetBitmapBits
gdi32.dll.DeleteDC
gdi32.dll.GdiValidateHandle
gdi32.dll.GdiDllInitialize
gdi32.dll.GdiProcessSetup
gdi32.dll.GetStockObject
gdi32.dll.CreateSolidBrush
gdi32.dll.CreateCompatibleDC
gdi32.dll.GdiConvertBitmapV5
gdi32.dll.GdiCreateLocalEnhMetaFile
gdi32.dll.GdiCreateLocalMetaFilePict
gdi32.dll.GetRgnBox
gdi32.dll.CombineRgn
gdi32.dll.OffsetRgn
gdi32.dll.MirrorRgn
gdi32.dll.EnableEUDC
gdi32.dll.GdiConvertToDevmodeW
gdi32.dll.GetTextExtentPointA
gdi32.dll.GetTextExtentPointW
gdi32.dll.CreateBitmap
gdi32.dll.SetTextAlign
gdi32.dll.GetTextAlign
gdi32.dll.IntersectClipRect
gdi32.dll.SelectObject
gdi32.dll.SetBkMode
gdi32.dll.GetBkColor
gdi32.dll.GetObjectW
gdi32.dll.SetTextColor
gdi32.dll.SetBkColor
gdi32.dll.GetLayout
gdi32.dll.StretchDIBits
gdi32.dll.GetDeviceCaps
gdi32.dll.GetDIBColorTable
gdi32.dll.GdiGetBitmapBitsSize
gdi32.dll.DeleteObject
gdi32.dll.DeleteMetaFile
gdi32.dll.DeleteEnhMetaFile
gdi32.dll.GdiConvertMetaFilePict
gdi32.dll.GdiConvertEnhMetaFile
gdi32.dll.GdiReleaseDC
gdi32.dll.StretchBlt
gdi32.dll.GetObjectType
gdi32.dll.GdiConvertAndCheckDC
gdi32.dll.SetRectRgn
gdi32.dll.BitBlt
gdi32.dll.TextOutW
gdi32.dll.TextOutA
gdi32.dll.PatBlt
gdi32.dll.SetLayoutWidth
kernel32.dll.GetLocaleInfoW
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.TerminateProcess
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.LoadLibraryExA
kernel32.dll.InterlockedCompareExchange
kernel32.dll.DelayLoadFailureHook
kernel32.dll.GlobalAddAtomA
kernel32.dll.GetModuleHandleA
kernel32.dll.GetModuleFileNameA
kernel32.dll.GlobalFindAtomA
kernel32.dll.lstrlenA
kernel32.dll.GetTickCount
kernel32.dll.QueryPerformanceFrequency
kernel32.dll.QueryPerformanceCounter
kernel32.dll.LCMapStringW
kernel32.dll.CreateFileMappingW
kernel32.dll.MapViewOfFile
kernel32.dll.GetFileSize
kernel32.dll.UnmapViewOfFile
kernel32.dll.WerpNotifyLoadStringResource
kernel32.dll.GetSystemDefaultLangID
kernel32.dll.RegQueryInfoKeyW
kernel32.dll.RegEnumValueW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.GetVersionExW
kernel32.dll.IsDBCSLeadByte
kernel32.dll.WerpNotifyUseStringResource
kernel32.dll.GetCurrentProcessId
kernel32.dll.ProcessIdToSessionId
kernel32.dll.MulDiv
kernel32.dll.GetThreadLocale
kernel32.dll.FindFirstFileW
kernel32.dll.FindNextFileW
kernel32.dll.FindClose
kernel32.dll.GetLogicalDrives
kernel32.dll.lstrlenW
kernel32.dll.SetCurrentDirectoryW
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.ConvertDefaultLocale
kernel32.dll.IsValidLocale
kernel32.dll.GetAtomNameW
kernel32.dll.GetAtomNameA
kernel32.dll.AddAtomW
kernel32.dll.AddAtomA
kernel32.dll.GetSystemWindowsDirectoryW
kernel32.dll.CreateProcessW
kernel32.dll.EnumResourceNamesExW
kernel32.dll.SetFileTime
kernel32.dll.ReadFile
kernel32.dll.CloseHandle
kernel32.dll.FindResourceW
kernel32.dll.CompareStringW
kernel32.dll.GetCPInfo
kernel32.dll.GetStringTypeA
kernel32.dll.GetStringTypeW
kernel32.dll.Sleep
kernel32.dll.FoldStringW
kernel32.dll.GlobalHandle
kernel32.dll.CreateThread
kernel32.dll.GetExitCodeThread
kernel32.dll.ExitThread
kernel32.dll.GetCurrentThread
kernel32.dll.GetCurrentProcess
kernel32.dll.GlobalAddAtomW
kernel32.dll.LoadLibraryExW
kernel32.dll.ExpandEnvironmentStringsW
kernel32.dll.SearchPathW
kernel32.dll.GetSystemDirectoryW
kernel32.dll.IsDBCSLeadByteEx
kernel32.dll.DisableThreadLibraryCalls
kernel32.dll.FindResourceExA
kernel32.dll.FindResourceExW
kernel32.dll.LoadStringBaseExW
kernel32.dll.LoadResource
kernel32.dll.SizeofResource
kernel32.dll.RegisterWaitForInputIdle
kernel32.dll.QueryActCtxSettingsW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetCurrentThreadId
kernel32.dll.LoadAppInitDlls
kernel32.dll.LocalSize
kernel32.dll.LocalUnlock
kernel32.dll.LocalLock
kernel32.dll.LocalReAlloc
kernel32.dll.GetACP
kernel32.dll.InterlockedIncrement
kernel32.dll.GetPrivateProfileStringW
kernel32.dll.RegSetValueExW
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegDeleteKeyExW
kernel32.dll.GetUserDefaultLCID
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalLock
kernel32.dll.GlobalSize
kernel32.dll.LocalFree
kernel32.dll.GlobalDeleteAtom
kernel32.dll.LocalAlloc
kernel32.dll.DeleteAtom
kernel32.dll.FreeLibrary
kernel32.dll.GetProcAddress
kernel32.dll.LoadLibraryW
kernel32.dll.InterlockedExchange
kernel32.dll.GlobalGetAtomNameA
kernel32.dll.GlobalGetAtomNameW
kernel32.dll.GetModuleFileNameW
kernel32.dll.GlobalFree
kernel32.dll.InterlockedDecrement
kernel32.dll.GlobalFlags
kernel32.dll.WideCharToMultiByte
kernel32.dll.GetLastError
kernel32.dll.GetOEMCP
kernel32.dll.GlobalReAlloc
kernel32.dll.MultiByteToWideChar
kernel32.dll.GlobalAlloc
kernel32.dll.WaitForMultipleObjectsEx
kernel32.dll.SetEvent
kernel32.dll.CreateFileW
kernel32.dll.lstrcmpiW
kernel32.dll.WritePrivateProfileStringW
kernel32.dll.GlobalFindAtomW
kernel32.dll.SetLastError
advapi32.dll.CheckTokenMembership
msvcrt.dll.iswctype
msvcrt.dll._wcstoui64
msvcrt.dll._ftol2
msvcrt.dll.tolower
msvcrt.dll._ultow
msvcrt.dll.wcstok
msvcrt.dll.isalnum
msvcrt.dll.isspace
msvcrt.dll._errno
msvcrt.dll.mbstowcs
msvcrt.dll._except_handler4_common
msvcrt.dll.wcschr
msvcrt.dll.wcsrchr
msvcrt.dll.memset
msvcrt.dll.memmove
msvcrt.dll._wcsicmp
msvcrt.dll._vsnwprintf
msvcrt.dll.memcpy
msvcrt.dll.wcscpy_s
msvcrt.dll._stricmp
msvcrt.dll.strchr
msvcrt.dll.strrchr
msvcrt.dll.strstr
msvcrt.dll._vsnprintf
msvcrt.dll.wcstombs
msvcrt.dll.wcsstr
msvcrt.dll.swprintf_s
msvcrt.dll.wcsncpy_s
msvcrt.dll.wcsncmp
msvcrt.dll.swscanf_s
msvcrt.dll._wcsnicmp
msvcrt.dll.wcstoul
msvcrt.dll.wcscat_s
ntdll.dll.EtwEventWriteEx
ntdll.dll.NtQuerySystemTime
ntdll.dll.RtlGetNtProductType
ntdll.dll.RtlIsValidIndexHandle
ntdll.dll.NtCompareTokens
ntdll.dll.RtlEnumerateGenericTableWithoutSplaying
ntdll.dll.RtlIsGenericTableEmpty
ntdll.dll.RtlDuplicateUnicodeString
ntdll.dll.RtlDeleteElementGenericTable
ntdll.dll.RtlInsertElementGenericTable
ntdll.dll.RtlDestroyHandleTable
ntdll.dll.RtlStringFromGUID
ntdll.dll.RtlInitializeGenericTable
ntdll.dll.RtlLookupElementGenericTable
ntdll.dll.RtlNumberGenericTableElements
ntdll.dll.RtlDllShutdownInProgress
ntdll.dll.RtlRegisterThreadWithCsrss
ntdll.dll.NtTraceControl
ntdll.dll.EtwSendNotification
ntdll.dll.EtwDeliverDataBlock
ntdll.dll.EtwEnumerateProcessRegGuids
ntdll.dll.RtlQueryTimeZoneInformation
ntdll.dll.RtlQueryPerformanceFrequency
ntdll.dll.EtwpGetCpuSpeed
ntdll.dll.NtQueryPerformanceCounter
ntdll.dll.RtlInitializeBitMap
ntdll.dll.RtlInterlockedClearBitRun
ntdll.dll.NtTraceEvent
ntdll.dll.RtlAdjustPrivilege
ntdll.dll.EtwProcessPrivateLoggerRequest
ntdll.dll.RtlIpv4AddressToStringW
ntdll.dll.RtlIpv6AddressToStringW
ntdll.dll.NtRenameKey
ntdll.dll.NtLoadKeyEx
ntdll.dll.RtlCopyString
ntdll.dll.RtlTimeToSecondsSince1970
ntdll.dll.NtQueryMutant
ntdll.dll.NtAlpcQueryInformation
ntdll.dll.NtReplaceKey
ntdll.dll.NtSaveKey
ntdll.dll.NtSaveMergedKeys
ntdll.dll.EtwLogTraceEvent
sechost.dll.RegisterServiceCtrlHandlerExW
sechost.dll.StartServiceCtrlDispatcherW
sechost.dll.SetServiceStatus
sechost.dll.I_ScRpcBindW
sechost.dll.StartServiceCtrlDispatcherA
sechost.dll.StartServiceA
sechost.dll.RegisterServiceCtrlHandlerW
sechost.dll.RegisterServiceCtrlHandlerExA
sechost.dll.RegisterServiceCtrlHandlerA
sechost.dll.QueryServiceStatus
sechost.dll.QueryServiceConfigA
sechost.dll.QueryServiceConfig2A
sechost.dll.OpenServiceA
sechost.dll.OpenSCManagerA
sechost.dll.NotifyServiceStatusChangeA
sechost.dll.CreateServiceA
sechost.dll.ControlServiceExA
sechost.dll.ControlService
sechost.dll.ChangeServiceConfigA
sechost.dll.ChangeServiceConfig2A
sechost.dll.I_ScRpcBindA
sechost.dll.ControlServiceExW
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.CreateServiceW
sechost.dll.DeleteService
sechost.dll.CloseServiceHandle
sechost.dll.StartServiceW
sechost.dll.QueryServiceConfig2W
sechost.dll.NotifyServiceStatusChangeW
sechost.dll.ChangeServiceConfig2W
sechost.dll.ChangeServiceConfigW
sechost.dll.QueryServiceConfigW
sechost.dll.QueryServiceObjectSecurity
sechost.dll.QueryServiceStatusEx
sechost.dll.SetServiceObjectSecurity
kernel32.dll.RegSaveKeyExW
kernel32.dll.RegNotifyChangeKeyValue
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegQueryValueExA
kernel32.dll.RegLoadMUIStringA
kernel32.dll.RegSaveKeyExA
kernel32.dll.RegGetKeySecurity
kernel32.dll.RegSetKeySecurity
kernel32.dll.RegRestoreKeyA
kernel32.dll.RegRestoreKeyW
kernel32.dll.RegLoadKeyA
kernel32.dll.RegLoadKeyW
kernel32.dll.RegDeleteKeyExA
kernel32.dll.RegDeleteValueA
kernel32.dll.RegDeleteValueW
kernel32.dll.RegEnumKeyExA
kernel32.dll.RegEnumKeyExW
kernel32.dll.RegEnumValueA
kernel32.dll.RegGetValueA
kernel32.dll.RegGetValueW
kernel32.dll.RegCreateKeyExA
kernel32.dll.RegFlushKey
kernel32.dll.RegOpenCurrentUser
kernel32.dll.RegOpenKeyExA
kernel32.dll.RegDisablePredefinedCacheEx
kernel32.dll.RegLoadMUIStringW
kernel32.dll.RegOpenUserClassesRoot
kernel32.dll.RegSetValueExA
kernel32.dll.RegUnLoadKeyA
kernel32.dll.RegUnLoadKeyW
kernel32.dll.RegDeleteTreeW
kernel32.dll.RegDeleteTreeA
kernelbase.dll.ImpersonateNamedPipeClient
kernel32.dll.GetPriorityClass
kernel32.dll.OpenThread
kernel32.dll.SetThreadToken
kernel32.dll.OpenThreadToken
kernel32.dll.OpenProcessToken
kernel32.dll.CreateProcessAsUserW
kernel32.dll.GetProcessId
kernelbase.dll.GetSidLengthRequired
kernelbase.dll.GetSidSubAuthority
kernelbase.dll.GetSidSubAuthorityCount
kernelbase.dll.GetWindowsAccountDomainSid
kernelbase.dll.ImpersonateAnonymousToken
kernelbase.dll.ImpersonateLoggedOnUser
kernelbase.dll.ImpersonateSelf
kernelbase.dll.InitializeAcl
kernelbase.dll.InitializeSecurityDescriptor
kernelbase.dll.InitializeSid
kernelbase.dll.IsTokenRestricted
kernelbase.dll.IsValidAcl
kernelbase.dll.IsValidRelativeSecurityDescriptor
kernelbase.dll.IsValidSecurityDescriptor
kernelbase.dll.IsWellKnownSid
kernelbase.dll.MakeAbsoluteSD
kernelbase.dll.MakeAbsoluteSD2
kernelbase.dll.GetSidIdentifierAuthority
kernelbase.dll.MapGenericMask
kernelbase.dll.PrivilegeCheck
kernelbase.dll.QuerySecurityAccessMask
kernelbase.dll.RevertToSelf
kernelbase.dll.SetAclInformation
kernelbase.dll.SetKernelObjectSecurity
kernelbase.dll.SetPrivateObjectSecurity
kernelbase.dll.SetPrivateObjectSecurityEx
kernelbase.dll.EqualDomainSid
kernelbase.dll.SetSecurityAccessMask
kernelbase.dll.SetSecurityDescriptorControl
kernelbase.dll.SetSecurityDescriptorDacl
kernelbase.dll.SetSecurityDescriptorGroup
kernelbase.dll.SetSecurityDescriptorOwner
kernelbase.dll.SetSecurityDescriptorRMControl
kernelbase.dll.SetSecurityDescriptorSacl
kernelbase.dll.SetTokenInformation
kernelbase.dll.GetSecurityDescriptorSacl
kernelbase.dll.GetSecurityDescriptorRMControl
kernelbase.dll.GetSecurityDescriptorOwner
kernelbase.dll.GetSecurityDescriptorLength
kernelbase.dll.GetSecurityDescriptorGroup
kernelbase.dll.GetSecurityDescriptorDacl
kernelbase.dll.GetSecurityDescriptorControl
kernelbase.dll.GetPrivateObjectSecurity
kernelbase.dll.GetLengthSid
kernelbase.dll.GetKernelObjectSecurity
kernelbase.dll.GetAclInformation
kernelbase.dll.GetAce
kernelbase.dll.FindFirstFreeAce
kernelbase.dll.MakeSelfRelativeSD
kernelbase.dll.EqualSid
kernelbase.dll.IsValidSid
kernelbase.dll.AccessCheckAndAuditAlarmW
kernelbase.dll.AccessCheckByTypeAndAuditAlarmW
kernelbase.dll.AccessCheckByTypeResultListAndAuditAlarmW
kernelbase.dll.AccessCheckByTypeResultListAndAuditAlarmByHandleW
kernelbase.dll.ObjectOpenAuditAlarmW
kernelbase.dll.ObjectPrivilegeAuditAlarmW
kernelbase.dll.ObjectCloseAuditAlarmW
kernelbase.dll.ObjectDeleteAuditAlarmW
kernelbase.dll.PrivilegedServiceAuditAlarmW
kernelbase.dll.SetFileSecurityW
kernelbase.dll.GetFileSecurityW
kernelbase.dll.CopySid
kernelbase.dll.GetTokenInformation
kernelbase.dll.AccessCheckByType
kernelbase.dll.AccessCheckByTypeResultList
kernelbase.dll.AddAccessAllowedAce
kernelbase.dll.AddAccessAllowedAceEx
kernelbase.dll.AddAccessAllowedObjectAce
kernelbase.dll.AddAccessDeniedAce
kernelbase.dll.AddAccessDeniedAceEx
kernelbase.dll.AddAccessDeniedObjectAce
kernelbase.dll.AddAce
kernelbase.dll.AddAuditAccessAce
kernelbase.dll.AddAuditAccessAceEx
kernelbase.dll.AddAuditAccessObjectAce
kernelbase.dll.AdjustTokenGroups
kernelbase.dll.AdjustTokenPrivileges
kernelbase.dll.AllocateLocallyUniqueId
kernelbase.dll.AreAllAccessesGranted
kernelbase.dll.AreAnyAccessesGranted
kernelbase.dll.CheckTokenMembership
kernelbase.dll.ConvertToAutoInheritPrivateObjectSecurity
kernelbase.dll.CreatePrivateObjectSecurity
kernelbase.dll.CreatePrivateObjectSecurityEx
kernelbase.dll.CreatePrivateObjectSecurityWithMultipleInheritance
kernelbase.dll.CreateRestrictedToken
kernelbase.dll.CreateWellKnownSid
kernelbase.dll.DeleteAce
kernelbase.dll.DestroyPrivateObjectSecurity
kernelbase.dll.DuplicateTokenEx
kernelbase.dll.EqualPrefixSid
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFree
kernel32.dll.OpenProcess
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.GetActiveProcessorCount
kernel32.dll.GetSystemInfo
kernel32.dll.DeviceIoControl
kernel32.dll.GetVolumeInformationW
kernel32.dll.GetDriveTypeW
kernel32.dll.GetLogicalDriveStringsW
kernel32.dll.ReleaseMutex
kernel32.dll.HeapSize
kernel32.dll.GetComputerNameW
kernel32.dll.ExpandEnvironmentStringsA
kernel32.dll.RegKrnInitialize
kernel32.dll.GetComputerNameA
kernel32.dll.DuplicateHandle
kernel32.dll.CreateMutexW
kernel32.dll.ReadProcessMemory
kernel32.dll.FreeLibraryAndExitThread
kernel32.dll.IsWow64Process
kernel32.dll.GetPrivateProfileIntW
kernel32.dll.ResetEvent
kernel32.dll.HeapReAlloc
kernel32.dll.GetSystemTime
kernel32.dll.CreateMutexA
kernel32.dll.InitializeCriticalSection
kernel32.dll.Wow64RevertWow64FsRedirection
kernel32.dll.LockResource
kernel32.dll.Wow64DisableWow64FsRedirection
kernel32.dll.DosDateTimeToFileTime
kernel32.dll.FileTimeToDosDateTime
kernel32.dll.GetFileTime
kernel32.dll.SetErrorMode
kernel32.dll.FindFirstFileExW
kernel32.dll.SetFileInformationByHandle
kernel32.dll.CopyFileW
kernel32.dll.lstrcmpiA
kernel32.dll.GetFileSizeEx
kernel32.dll.GetComputerNameExW
kernel32.dll.LoadLibraryA
kernel32.dll.CreateProcessInternalA
kernel32.dll.LeaveCriticalSection
kernel32.dll.EnterCriticalSection
kernel32.dll.RegKrnGetGlobalState
kernel32.dll.SleepEx
kernel32.dll.HeapAlloc
kernel32.dll.GetProcessHeap
kernel32.dll.GetFullPathNameW
kernel32.dll.HeapFree
kernel32.dll.GetFileAttributesW
kernel32.dll.CreateEventW
kernel32.dll.GetThreadUILanguage
kernel32.dll.GetCommandLineW
kernel32.dll.lstrcmpW
kernel32.dll.GetModuleHandleExW
kernel32.dll.WriteFile
kernel32.dll.MoveFileW
kernel32.dll.DeleteFileW
kernel32.dll.GetFileAttributesExW
kernel32.dll.SetFilePointer
kernel32.dll.OutputDebugStringW
kernel32.dll.GetLocalTime
kernel32.dll.FormatMessageW
kernel32.dll.CompareFileTime
kernel32.dll.GetLongPathNameW
kernel32.dll.GetVolumePathNameW
kernel32.dll.DeleteCriticalSection
kernel32.dll.WaitForSingleObject
kernel32.dll.GetFileMUIPath
kernel32.dll.VirtualFreeEx
kernel32.dll.GetDiskFreeSpaceExW
kernel32.dll.GetFullPathNameA
kernel32.dll.GetOverlappedResult
rpcrt4.dll.RpcBindingCreateW
rpcrt4.dll.UuidCreate
rpcrt4.dll.RpcBindingSetAuthInfoA
rpcrt4.dll.RpcEpResolveBinding
rpcrt4.dll.I_RpcSNCHOption
rpcrt4.dll.UuidFromStringW
rpcrt4.dll.UuidToStringW
rpcrt4.dll.RpcExceptionFilter
rpcrt4.dll.RpcBindingSetAuthInfoW
rpcrt4.dll.RpcSsDestroyClientContext
rpcrt4.dll.I_RpcMapWin32Status
rpcrt4.dll.I_RpcExceptionFilter
rpcrt4.dll.NdrClientCall2
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingFree
rpcrt4.dll.RpcBindingSetAuthInfoExA
rpcrt4.dll.RpcRaiseException
rpcrt4.dll.RpcBindingBind
msvcrt.dll.qsort
msvcrt.dll.gmtime
msvcrt.dll.iswdigit
msvcrt.dll.free
msvcrt.dll.malloc
msvcrt.dll._wtoi
msvcrt.dll._XcptFilter
msvcrt.dll._initterm
msvcrt.dll._amsg_exit
ntdll.dll.RtlIpv4AddressToStringA
ntdll.dll.RtlIpv6StringToAddressA
ntdll.dll.RtlIpv4StringToAddressA
ntdll.dll.RtlIpv6StringToAddressExW
ntdll.dll.RtlIpv4StringToAddressExW
nsi.dll.NsiSetAllPersistentParametersWithMask
nsi.dll.NsiCancelChangeNotification
nsi.dll.NsiRequestChangeNotification
nsi.dll.NsiSetAllParameters
nsi.dll.NsiGetParameter
nsi.dll.NsiSetParameter
nsi.dll.NsiEnumerateObjectsAllParameters
nsi.dll.NsiAllocateAndGetTable
nsi.dll.NsiGetAllParameters
nsi.dll.NsiFreeTable
winnsi.dll.NsiConnectToServer
winnsi.dll.NsiRpcRegisterChangeNotification
winnsi.dll.NsiRpcDeregisterChangeNotification
winnsi.dll.NsiRpcGetParameter
winnsi.dll.NsiDisconnectFromServer
rpcrt4.dll.NdrAsyncServerCall
rpcrt4.dll.RpcServerUnregisterIf
rpcrt4.dll.RpcServerUseProtseqEpW
rpcrt4.dll.RpcServerRegisterIf2
rpcrt4.dll.RpcServerInqCallAttributesW
rpcrt4.dll.RpcBindingUnbind
rpcrt4.dll.RpcAsyncCompleteCall
kernelbase.dll.HeapFree
kernelbase.dll.HeapReAlloc
kernelbase.dll.HeapAlloc
kernelbase.dll.InterlockedIncrement
kernelbase.dll.InterlockedCompareExchange
kernelbase.dll.InterlockedExchangeAdd
kernelbase.dll.InterlockedExchange
kernelbase.dll.InterlockedDecrement
kernel32.dll.QueueUserAPC
kernelbase.dll.GetSystemDirectoryW
winmm.dll.midiStreamOut
ws2_32.dll.#101
rasapi32.dll.RasHangUpA
user32.dll.ScreenToClient
winspool.drv.OpenPrinterA
advapi32.dll.RegQueryValueExA
shell32.dll.Shell_NotifyIconA
ole32.dll.CLSIDFromProgID
oleaut32.dll.#12
comctl32.dll.#17
wininet.dll.InternetCanonicalizeUrlA
comdlg32.dll.ChooseColorA
msvcrt.dll.strncpy
iphlpapi.dll.GetInterfaceInfo
psapi.dll.GetMappedFileNameW
cryptbase.dll.SystemFunction036
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
advapi32.dll.RegEnumKeyExW
gdi32.dll.GetTextExtentExPointWPri
rasapi32.dll.RasConnectionNotificationW
gdi32.dll.GetFontAssocStatus
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy