魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2017-12-01 19:25:31 | 2017-12-01 19:28:04 | 153 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-hpdapp01-1 | win7-sp1-x64-hpdapp01-1 | KVM | 2017-12-01 19:25:40 | 2017-12-01 19:28:04 |
| 魔盾分数 |
|---|
10.0Hackkms |
文件详细信息
| 文件名 | oem8.exe |
|---|---|
| 文件大小 | 1287680 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| CRC32 | AC99A36B |
| MD5 | 13d25a51b50204fed71bc37f428f8c91 |
| SHA1 | b4f9a4ef3f25b1f78730ca289ef2a1a69d646cd8 |
| SHA256 | d74706b32d5e6c925613898b90d6f21ca02aea19a0e45317e35683c596ec78d0 |
| SHA512 | 59852d5d1168aba602f190af7432fa19a68c9f5f9de88974a39c8a3d2a1eac86ef69b8fa130caa372b0705d258d9792bc5d5ffc8e499934f7635e17d58c1959e |
| Ssdeep | 24576:Fmqi5owsG8K8IGMaoZOexByLVLTIV1dw4Ut020KBuUEwqpuX0msXXHt:FgRZnZO7IzBUt0xK9EwqpuX0VXXN |
| PEiD | 无匹配 |
| Yara | 无Yara规则匹配 |
| VirusTotal |
VirusTotal链接 VirusTotal扫描时间: 2017-11-06 04:01:40 扫描结果: 30/67 |
特征
创建RWX内存
文件已被至少十个VirusTotal上的反病毒引擎检测为病毒
CAT-QuickHeal: Risktool.Procpatcher
McAfee: Artemis!13D25A51B502
VIPRE: Trojan.Win32.Generic!BT
SUPERAntiSpyware: Trojan.Agent/Generic
K7GW: Unwanted-Program ( 004bf4e51 )
K7AntiVirus: Unwanted-Program ( 004bf4e51 )
Invincea: heuristic
Symantec: Trojan.Gen.2
TrendMicro-HouseCall: TROJ_GEN.R08JC0OFK17
Avast: Win32:Malware-gen
Kaspersky: not-a-virus:RiskTool.Win64.ProcPatcher.a
NANO-Antivirus: Riskware.Win64.HackKMS.eaczdd
Paloalto: generic.ml
Sophos: KMS Activator (PUA)
TrendMicro: TROJ_GEN.R08JC0OFK17
McAfee-GW-Edition: RDN/Generic PUP.x
Cyren: W32/Trojan.VQDJ-4931
Webroot: W32.Malware.Heur
Endgame: malicious (high confidence)
ZoneAlarm: not-a-virus:RiskTool.Win64.ProcPatcher.a
AhnLab-V3: Trojan/Win32.Gen.R99303
AVware: Trojan.Win32.Generic!BT
Cylance: Unsafe
ESET-NOD32: a variant of Win32/HackKMS.J potentially unsafe
Yandex: PUP.Agent!
SentinelOne: static engine - malicious
Fortinet: W32/HackKMS.J
AVG: Win32:Malware-gen
CrowdStrike: malicious_confidence_70% (D)
Qihoo-360: Win32/Trojan.d54
运行截图
网络分析
静态分析
投放文件
行为分析
互斥量(Mutexes)
- ArmStrong
- Local\MSCTF.Asm.MutexDefault1
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
oem8.exe PID: 2224, 上一级进程 PID: 2080
访问的文件
- C:\Users\test\AppData\Local\Temp\oem8.zh-CN
- C:\Users\test\AppData\Local\Temp\oem8.zh-Hans
- C:\Users\test\AppData\Local\Temp\oem8.zh
- C:\Users\test\AppData\Local\Temp\oem8.en-US
- C:\Users\test\AppData\Local\Temp\oem8.en
- C:\Users\test\AppData\Local\Temp\oem8.CHS
- C:\Users\test\AppData\Local\Temp\oem8.CH
- C:\Windows\System32\tzres.dll
- \Device\KsecDD
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\Fonts\staticcache.dat
读取的文件
- C:\Windows\System32\tzres.dll
- \Device\KsecDD
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\Fonts\staticcache.dat
修改的文件
无信息
删除的文件
无信息
注册表键
- HKEY_CURRENT_USER\Software\Embarcadero\Locales
- HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales
- HKEY_CURRENT_USER\Software\CodeGear\Locales
- HKEY_LOCAL_MACHINE\Software\CodeGear\Locales
- HKEY_CURRENT_USER\Software\Borland\Locales
- HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08040804
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\E0200804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\layout text
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\E0210804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0210804\layout text
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04090409
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\oem8.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_CURRENT_USER
- HKEY_CURRENT_USER\Keyboard Layout\Toggle
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
- HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
读取的注册表键
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\layout text
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0210804\layout text
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
修改的注册表键
无信息
删除的注册表键
无信息
API解析
- kernel32.dll.VirtualAlloc
- kernel32.dll.VirtualFree
- kernel32.dll.VirtualProtect
- oleaut32.dll.SysFreeString
- oleaut32.dll.SysReAllocStringLen
- oleaut32.dll.SysAllocStringLen
- advapi32.dll.RegQueryValueExW
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegCloseKey
- user32.dll.MessageBoxA
- user32.dll.CharNextW
- user32.dll.LoadStringW
- kernel32.dll.Sleep
- kernel32.dll.lstrlenW
- kernel32.dll.VirtualQuery
- kernel32.dll.QueryPerformanceCounter
- kernel32.dll.GetTickCount
- kernel32.dll.GetSystemInfo
- kernel32.dll.GetVersion
- kernel32.dll.CompareStringW
- kernel32.dll.IsDBCSLeadByteEx
- kernel32.dll.IsValidLocale
- kernel32.dll.SetThreadLocale
- kernel32.dll.GetSystemDefaultUILanguage
- kernel32.dll.GetUserDefaultUILanguage
- kernel32.dll.GetLocaleInfoW
- kernel32.dll.WideCharToMultiByte
- kernel32.dll.MultiByteToWideChar
- kernel32.dll.GetConsoleOutputCP
- kernel32.dll.GetConsoleCP
- kernel32.dll.GetACP
- kernel32.dll.LoadLibraryExW
- kernel32.dll.GetStartupInfoW
- kernel32.dll.GetProcAddress
- kernel32.dll.GetModuleHandleW
- kernel32.dll.GetModuleFileNameW
- kernel32.dll.GetCommandLineW
- kernel32.dll.FreeLibrary
- kernel32.dll.GetLastError
- kernel32.dll.UnhandledExceptionFilter
- kernel32.dll.RtlUnwind
- kernel32.dll.RaiseException
- kernel32.dll.ExitProcess
- kernel32.dll.ExitThread
- kernel32.dll.SwitchToThread
- kernel32.dll.GetCurrentThreadId
- kernel32.dll.CreateThread
- kernel32.dll.DeleteCriticalSection
- kernel32.dll.LeaveCriticalSection
- kernel32.dll.EnterCriticalSection
- kernel32.dll.InitializeCriticalSection
- kernel32.dll.FindFirstFileW
- kernel32.dll.FindClose
- kernel32.dll.WriteFile
- kernel32.dll.SetFilePointer
- kernel32.dll.SetEndOfFile
- kernel32.dll.ReadFile
- kernel32.dll.GetFileType
- kernel32.dll.GetFileSize
- kernel32.dll.CreateFileW
- kernel32.dll.GetStdHandle
- kernel32.dll.CloseHandle
- kernel32.dll.LoadLibraryA
- kernel32.dll.TlsSetValue
- kernel32.dll.TlsGetValue
- kernel32.dll.LocalFree
- kernel32.dll.LocalAlloc
- user32.dll.SetClassLongW
- user32.dll.GetClassLongW
- user32.dll.SetWindowLongW
- user32.dll.GetWindowLongW
- user32.dll.CreateWindowExW
- user32.dll.WindowFromPoint
- user32.dll.WaitMessage
- user32.dll.UpdateWindow
- user32.dll.UnregisterClassW
- user32.dll.UnhookWindowsHookEx
- user32.dll.TranslateMessage
- user32.dll.TranslateMDISysAccel
- user32.dll.TrackPopupMenu
- user32.dll.SystemParametersInfoW
- user32.dll.ShowWindow
- user32.dll.ShowScrollBar
- user32.dll.ShowOwnedPopups
- user32.dll.ShowCaret
- user32.dll.SetWindowRgn
- user32.dll.SetWindowsHookExW
- user32.dll.SetWindowTextW
- user32.dll.SetWindowPos
- user32.dll.SetWindowPlacement
- user32.dll.SetTimer
- user32.dll.SetScrollRange
- user32.dll.SetScrollPos
- user32.dll.SetScrollInfo
- user32.dll.SetRect
- user32.dll.SetPropW
- user32.dll.SetParent
- user32.dll.SetMenuItemInfoW
- user32.dll.SetMenu
- user32.dll.SetForegroundWindow
- user32.dll.SetFocus
- user32.dll.SetCursorPos
- user32.dll.SetCursor
- user32.dll.SetClipboardData
- user32.dll.SetCapture
- user32.dll.SetActiveWindow
- user32.dll.SendMessageA
- user32.dll.SendMessageW
- user32.dll.ScrollWindow
- user32.dll.ScreenToClient
- user32.dll.RemovePropW
- user32.dll.RemoveMenu
- user32.dll.ReleaseDC
- user32.dll.ReleaseCapture
- user32.dll.RegisterWindowMessageW
- user32.dll.RegisterClipboardFormatW
- user32.dll.RegisterClassW
- user32.dll.RedrawWindow
- user32.dll.PostQuitMessage
- user32.dll.PostMessageW
- user32.dll.PeekMessageA
- user32.dll.PeekMessageW
- user32.dll.OpenClipboard
- user32.dll.MsgWaitForMultipleObjectsEx
- user32.dll.MsgWaitForMultipleObjects
- user32.dll.MessageBoxW
- user32.dll.MessageBeep
- user32.dll.MapWindowPoints
- user32.dll.MapVirtualKeyW
- user32.dll.LoadKeyboardLayoutW
- user32.dll.LoadIconW
- user32.dll.LoadCursorW
- user32.dll.LoadBitmapW
- user32.dll.KillTimer
- user32.dll.IsZoomed
- user32.dll.IsWindowVisible
- user32.dll.IsWindowUnicode
- user32.dll.IsWindowEnabled
- user32.dll.IsWindow
- user32.dll.IsIconic
- user32.dll.IsDialogMessageA
- user32.dll.IsDialogMessageW
- user32.dll.IsChild
- user32.dll.InvalidateRect
- user32.dll.InsertMenuItemW
- user32.dll.InsertMenuW
- user32.dll.HideCaret
- user32.dll.GetWindowThreadProcessId
- user32.dll.GetWindowTextW
- user32.dll.GetWindowRect
- user32.dll.GetWindowPlacement
- user32.dll.GetWindowDC
- user32.dll.GetTopWindow
- user32.dll.GetSystemMetrics
- user32.dll.GetSystemMenu
- user32.dll.GetSysColorBrush
- user32.dll.GetSysColor
- user32.dll.GetSubMenu
- user32.dll.GetScrollRange
- user32.dll.GetScrollPos
- user32.dll.GetScrollInfo
- user32.dll.GetPropW
- user32.dll.GetParent
- user32.dll.GetWindow
- user32.dll.GetMessagePos
- user32.dll.GetMessageExtraInfo
- user32.dll.GetMenuStringW
- user32.dll.GetMenuState
- user32.dll.GetMenuItemInfoW
- user32.dll.GetMenuItemID
- user32.dll.GetMenuItemCount
- user32.dll.GetMenu
- user32.dll.GetLastActivePopup
- user32.dll.GetKeyboardState
- user32.dll.GetKeyboardLayoutNameW
- user32.dll.GetKeyboardLayoutList
- user32.dll.GetKeyboardLayout
- user32.dll.GetKeyState
- user32.dll.GetKeyNameTextW
- user32.dll.GetIconInfo
- user32.dll.GetForegroundWindow
- user32.dll.GetFocus
- user32.dll.GetDlgCtrlID
- user32.dll.GetDesktopWindow
- user32.dll.GetDCEx
- user32.dll.GetDC
- user32.dll.GetCursorPos
- user32.dll.GetCursor
- user32.dll.GetClipboardData
- user32.dll.GetClientRect
- user32.dll.GetClassNameW
- user32.dll.GetClassInfoExW
- user32.dll.GetClassInfoW
- user32.dll.GetCapture
- user32.dll.GetActiveWindow
- user32.dll.FrameRect
- user32.dll.FindWindowExW
- user32.dll.FindWindowW
- user32.dll.FillRect
- user32.dll.EnumWindows
- user32.dll.EnumThreadWindows
- user32.dll.EnumChildWindows
- user32.dll.EndPaint
- user32.dll.EndMenu
- user32.dll.EnableWindow
- user32.dll.EnableScrollBar
- user32.dll.EnableMenuItem
- user32.dll.EmptyClipboard
- user32.dll.DrawTextExW
- user32.dll.DrawTextW
- user32.dll.DrawMenuBar
- user32.dll.DrawIconEx
- user32.dll.DrawIcon
- user32.dll.DrawFrameControl
- user32.dll.DrawFocusRect
- user32.dll.DrawEdge
- user32.dll.DispatchMessageA
- user32.dll.DispatchMessageW
- user32.dll.DestroyWindow
- user32.dll.DestroyMenu
- user32.dll.DestroyIcon
- user32.dll.DestroyCursor
- user32.dll.DeleteMenu
- user32.dll.DefWindowProcW
- user32.dll.DefMDIChildProcW
- user32.dll.DefFrameProcW
- user32.dll.CreatePopupMenu
- user32.dll.CreateMenu
- user32.dll.CreateIcon
- user32.dll.CreateAcceleratorTableW
- user32.dll.CopyImage
- user32.dll.CopyIcon
- user32.dll.CloseClipboard
- user32.dll.ClientToScreen
- user32.dll.CheckMenuItem
- user32.dll.CharUpperBuffW
- user32.dll.CharUpperW
- user32.dll.CharLowerBuffW
- user32.dll.CharLowerW
- user32.dll.CallWindowProcW
- user32.dll.CallNextHookEx
- user32.dll.BeginPaint
- user32.dll.AdjustWindowRectEx
- user32.dll.ActivateKeyboardLayout
- gdi32.dll.UnrealizeObject
- gdi32.dll.StretchDIBits
- gdi32.dll.StretchBlt
- gdi32.dll.StartPage
- gdi32.dll.StartDocW
- gdi32.dll.SetWindowOrgEx
- gdi32.dll.SetWinMetaFileBits
- gdi32.dll.SetViewportOrgEx
- gdi32.dll.SetTextColor
- gdi32.dll.SetStretchBltMode
- gdi32.dll.SetROP2
- gdi32.dll.SetPixel
- gdi32.dll.SetEnhMetaFileBits
- gdi32.dll.SetDIBits
- gdi32.dll.SetDIBColorTable
- gdi32.dll.SetBrushOrgEx
- gdi32.dll.SetBkMode
- gdi32.dll.SetBkColor
- gdi32.dll.SetAbortProc
- gdi32.dll.SelectPalette
- gdi32.dll.SelectObject
- gdi32.dll.SelectClipRgn
- gdi32.dll.SaveDC
- gdi32.dll.RoundRect
- gdi32.dll.RestoreDC
- gdi32.dll.Rectangle
- gdi32.dll.RectVisible
- gdi32.dll.RealizePalette
- gdi32.dll.Polyline
- gdi32.dll.Polygon
- gdi32.dll.PolyBezierTo
- gdi32.dll.PolyBezier
- gdi32.dll.PlayEnhMetaFile
- gdi32.dll.Pie
- gdi32.dll.PatBlt
- gdi32.dll.MoveToEx
- gdi32.dll.MaskBlt
- gdi32.dll.LineTo
- gdi32.dll.IntersectClipRect
- gdi32.dll.GetWindowOrgEx
- gdi32.dll.GetWinMetaFileBits
- gdi32.dll.GetTextMetricsW
- gdi32.dll.GetTextExtentPointW
- gdi32.dll.GetTextExtentPoint32W
- gdi32.dll.GetSystemPaletteEntries
- gdi32.dll.GetStockObject
- gdi32.dll.GetRgnBox
- gdi32.dll.GetPixel
- gdi32.dll.GetPaletteEntries
- gdi32.dll.GetObjectW
- gdi32.dll.GetEnhMetaFilePaletteEntries
- gdi32.dll.GetEnhMetaFileHeader
- gdi32.dll.GetEnhMetaFileDescriptionW
- gdi32.dll.GetEnhMetaFileBits
- gdi32.dll.GetDeviceCaps
- gdi32.dll.GetDIBits
- gdi32.dll.GetDIBColorTable
- gdi32.dll.GetCurrentPositionEx
- gdi32.dll.GetClipBox
- gdi32.dll.GetBrushOrgEx
- gdi32.dll.GetBitmapBits
- gdi32.dll.GdiFlush
- gdi32.dll.FrameRgn
- gdi32.dll.ExtTextOutW
- gdi32.dll.ExtFloodFill
- gdi32.dll.ExcludeClipRect
- gdi32.dll.EnumFontsW
- gdi32.dll.EnumFontFamiliesExW
- gdi32.dll.EndPage
- gdi32.dll.EndDoc
- gdi32.dll.Ellipse
- gdi32.dll.DeleteObject
- gdi32.dll.DeleteEnhMetaFile
- gdi32.dll.DeleteDC
- gdi32.dll.CreateSolidBrush
- gdi32.dll.CreateRectRgn
- gdi32.dll.CreatePenIndirect
- gdi32.dll.CreatePalette
- gdi32.dll.CreateICW
- gdi32.dll.CreateHalftonePalette
- gdi32.dll.CreateFontIndirectW
- gdi32.dll.CreateDIBitmap
- gdi32.dll.CreateDIBSection
- gdi32.dll.CreateDCW
- gdi32.dll.CreateCompatibleDC
- gdi32.dll.CreateCompatibleBitmap
- gdi32.dll.CreateBrushIndirect
- gdi32.dll.CreateBitmap
- gdi32.dll.CopyEnhMetaFileW
- gdi32.dll.Chord
- gdi32.dll.BitBlt
- gdi32.dll.ArcTo
- gdi32.dll.Arc
- gdi32.dll.AngleArc
- gdi32.dll.AbortDoc
- version.dll.VerQueryValueW
- version.dll.GetFileVersionInfoSizeW
- version.dll.GetFileVersionInfoW
- kernel32.dll.WaitForSingleObject
- kernel32.dll.WaitForMultipleObjectsEx
- kernel32.dll.VirtualQueryEx
- kernel32.dll.TryEnterCriticalSection
- kernel32.dll.SuspendThread
- kernel32.dll.SizeofResource
- kernel32.dll.SetThreadPriority
- kernel32.dll.SetLastError
- kernel32.dll.SetEvent
- kernel32.dll.SetErrorMode
- kernel32.dll.ResumeThread
- kernel32.dll.ResetEvent
- kernel32.dll.RemoveDirectoryW
- kernel32.dll.IsDebuggerPresent
- kernel32.dll.MulDiv
- kernel32.dll.LockResource
- kernel32.dll.LoadResource
- kernel32.dll.LoadLibraryW
- kernel32.dll.LCMapStringW
- kernel32.dll.HeapSize
- kernel32.dll.HeapFree
- kernel32.dll.HeapDestroy
- kernel32.dll.HeapCreate
- kernel32.dll.HeapAlloc
- kernel32.dll.GlobalUnlock
- kernel32.dll.GlobalLock
- kernel32.dll.GlobalFree
- kernel32.dll.GlobalFindAtomW
- kernel32.dll.GlobalDeleteAtom
- kernel32.dll.GlobalAlloc
- kernel32.dll.GlobalAddAtomW
- kernel32.dll.GetVersionExW
- kernel32.dll.GetTimeZoneInformation
- kernel32.dll.GetThreadPriority
- kernel32.dll.GetThreadLocale
- kernel32.dll.GetTempPathW
- kernel32.dll.GetSystemTimes
- kernel32.dll.GetSystemDefaultLangID
- kernel32.dll.GetLocalTime
- kernel32.dll.GetFullPathNameW
- kernel32.dll.GetFileAttributesW
- kernel32.dll.GetExitCodeThread
- kernel32.dll.GetEnvironmentVariableW
- kernel32.dll.GetDiskFreeSpaceW
- kernel32.dll.GetDateFormatW
- kernel32.dll.GetCurrentThread
- kernel32.dll.GetCurrentProcessId
- kernel32.dll.GetCurrentProcess
- kernel32.dll.GetComputerNameW
- kernel32.dll.GetCPInfoExW
- kernel32.dll.GetCPInfo
- kernel32.dll.FreeResource
- kernel32.dll.InterlockedExchange
- kernel32.dll.InterlockedCompareExchange
- kernel32.dll.FormatMessageW
- kernel32.dll.FindResourceW
- kernel32.dll.EnumSystemLocalesW
- kernel32.dll.EnumResourceNamesW
- kernel32.dll.EnumCalendarInfoW
- kernel32.dll.DeleteFileW
- kernel32.dll.CreateProcessW
- kernel32.dll.CreatePipe
- kernel32.dll.CreateMutexW
- kernel32.dll.CreateEventW
- kernel32.dll.CreateDirectoryW
- kernel32.dll.CopyFileW
- advapi32.dll.RegUnLoadKeyW
- advapi32.dll.RegSetValueExW
- advapi32.dll.RegSaveKeyW
- advapi32.dll.RegRestoreKeyW
- advapi32.dll.RegReplaceKeyW
- advapi32.dll.RegQueryInfoKeyW
- advapi32.dll.RegLoadKeyW
- advapi32.dll.RegFlushKey
- advapi32.dll.RegEnumValueW
- advapi32.dll.RegEnumKeyExW
- advapi32.dll.RegDeleteValueW
- advapi32.dll.RegDeleteKeyW
- advapi32.dll.RegCreateKeyExW
- advapi32.dll.RegConnectRegistryW
- oleaut32.dll.SafeArrayGetElemsize
- oleaut32.dll.SafeArrayPtrOfIndex
- oleaut32.dll.SafeArrayPutElement
- oleaut32.dll.SafeArrayGetElement
- oleaut32.dll.SafeArrayUnaccessData
- oleaut32.dll.SafeArrayAccessData
- oleaut32.dll.SafeArrayGetUBound
- oleaut32.dll.SafeArrayGetLBound
- oleaut32.dll.SafeArrayCreate
- oleaut32.dll.VariantChangeType
- oleaut32.dll.VariantCopyInd
- oleaut32.dll.VariantCopy
- oleaut32.dll.VariantClear
- oleaut32.dll.VariantInit
- oleaut32.dll.GetErrorInfo
- ole32.dll.OleUninitialize
- ole32.dll.OleInitialize
- ole32.dll.CoTaskMemFree
- ole32.dll.CoTaskMemAlloc
- ole32.dll.CoCreateInstance
- ole32.dll.CoUninitialize
- ole32.dll.CoInitialize
- ole32.dll.IsEqualGUID
- comctl32.dll.InitializeFlatSB
- comctl32.dll.FlatSB_SetScrollProp
- comctl32.dll.FlatSB_SetScrollPos
- comctl32.dll.FlatSB_SetScrollInfo
- comctl32.dll.FlatSB_GetScrollPos
- comctl32.dll.FlatSB_GetScrollInfo
- comctl32.dll._TrackMouseEvent
- comctl32.dll.ImageList_GetImageInfo
- comctl32.dll.ImageList_SetIconSize
- comctl32.dll.ImageList_GetIconSize
- comctl32.dll.ImageList_Write
- comctl32.dll.ImageList_Read
- comctl32.dll.ImageList_GetDragImage
- comctl32.dll.ImageList_DragShowNolock
- comctl32.dll.ImageList_DragMove
- comctl32.dll.ImageList_DragLeave
- comctl32.dll.ImageList_DragEnter
- comctl32.dll.ImageList_EndDrag
- comctl32.dll.ImageList_BeginDrag
- comctl32.dll.ImageList_Copy
- comctl32.dll.ImageList_LoadImageW
- comctl32.dll.ImageList_GetIcon
- comctl32.dll.ImageList_Remove
- comctl32.dll.ImageList_DrawEx
- comctl32.dll.ImageList_Replace
- comctl32.dll.ImageList_Draw
- comctl32.dll.ImageList_SetOverlayImage
- comctl32.dll.ImageList_GetBkColor
- comctl32.dll.ImageList_SetBkColor
- comctl32.dll.ImageList_ReplaceIcon
- comctl32.dll.ImageList_Add
- comctl32.dll.ImageList_SetImageCount
- comctl32.dll.ImageList_GetImageCount
- comctl32.dll.ImageList_Destroy
- comctl32.dll.ImageList_Create
- user32.dll.EnumDisplayMonitors
- user32.dll.GetMonitorInfoW
- user32.dll.MonitorFromPoint
- user32.dll.MonitorFromRect
- user32.dll.MonitorFromWindow
- msvcrt.dll.isxdigit
- msvcrt.dll.isupper
- msvcrt.dll.isspace
- msvcrt.dll.ispunct
- msvcrt.dll.isprint
- msvcrt.dll.islower
- msvcrt.dll.isgraph
- msvcrt.dll.isdigit
- msvcrt.dll.iscntrl
- msvcrt.dll.isalpha
- msvcrt.dll.isalnum
- msvcrt.dll.toupper
- msvcrt.dll.tolower
- msvcrt.dll.strchr
- msvcrt.dll.strlen
- msvcrt.dll.strncmp
- msvcrt.dll.memset
- msvcrt.dll.memmove
- msvcrt.dll.memcpy
- msvcrt.dll.memcmp
- shell32.dll.Shell_NotifyIconW
- winspool.drv.OpenPrinterW
- winspool.drv.EnumPrintersW
- winspool.drv.DocumentPropertiesW
- winspool.drv.ClosePrinter
- winspool.drv.GetDefaultPrinterW
- kernel32.dll.GetThreadPreferredUILanguages
- kernel32.dll.SetThreadPreferredUILanguages
- kernel32.dll.GetThreadUILanguage
- kernel32.dll.GetNativeSystemInfo
- kernel32.dll.GetDiskFreeSpaceExW
- kernel32.dll.GetLogicalProcessorInformation
- oleaut32.dll.VariantChangeTypeEx
- oleaut32.dll.VarNeg
- oleaut32.dll.VarNot
- oleaut32.dll.VarAdd
- oleaut32.dll.VarSub
- oleaut32.dll.VarMul
- oleaut32.dll.VarDiv
- oleaut32.dll.VarIdiv
- oleaut32.dll.VarMod
- oleaut32.dll.VarAnd
- oleaut32.dll.VarOr
- oleaut32.dll.VarXor
- oleaut32.dll.VarCmp
- oleaut32.dll.VarI4FromStr
- oleaut32.dll.VarR4FromStr
- oleaut32.dll.VarR8FromStr
- oleaut32.dll.VarDateFromStr
- oleaut32.dll.VarCyFromStr
- oleaut32.dll.VarBoolFromStr
- oleaut32.dll.VarBstrFromCy
- oleaut32.dll.VarBstrFromDate
- oleaut32.dll.VarBstrFromBool
- kernel32.dll.InitializeConditionVariable
- kernel32.dll.WakeConditionVariable
- kernel32.dll.WakeAllConditionVariable
- kernel32.dll.SleepConditionVariableCS
- ole32.dll.CoCreateInstanceEx
- ole32.dll.CoInitializeEx
- ole32.dll.CoAddRefServerProcess
- ole32.dll.CoReleaseServerProcess
- ole32.dll.CoResumeClassObjects
- ole32.dll.CoSuspendClassObjects
- cryptbase.dll.SystemFunction036
- wtsapi32.dll.WTSRegisterSessionNotification
- winsta.dll.WinStationRegisterConsoleNotification
- advapi32.dll.LookupAccountSidW
- sechost.dll.LookupAccountSidLocalW
- advapi32.dll.CreateWellKnownSid
- rpcrt4.dll.RpcStringBindingComposeW
- rpcrt4.dll.RpcBindingFromStringBindingW
- rpcrt4.dll.RpcStringFreeW
- rpcrt4.dll.RpcBindingSetAuthInfoExW
- sechost.dll.LookupAccountNameLocalW
- rpcrt4.dll.RpcAsyncInitializeHandle
- rpcrt4.dll.NdrClientCall2
- rpcrt4.dll.NdrAsyncClientCall
- uxtheme.dll.BufferedPaintInit
- imm32.dll.ImmIsIME
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- user32.dll.AnimateWindow
- comctl32.dll.UninitializeFlatSB
- comctl32.dll.FlatSB_GetScrollProp
- comctl32.dll.FlatSB_EnableScrollBar
- comctl32.dll.FlatSB_ShowScrollBar
- comctl32.dll.FlatSB_GetScrollRange
- comctl32.dll.FlatSB_SetScrollRange
- user32.dll.SetLayeredWindowAttributes
- kernel32.dll.GetFileSizeEx
- security.dll.InitSecurityInterfaceW
- uxtheme.dll.OpenThemeData
- uxtheme.dll.CloseThemeData
- uxtheme.dll.DrawThemeBackground
- uxtheme.dll.DrawThemeText
- uxtheme.dll.GetThemeBackgroundContentRect
- uxtheme.dll.GetThemeBackgroundExtent
- uxtheme.dll.GetThemePartSize
- uxtheme.dll.GetThemeTextExtent
- uxtheme.dll.GetThemeTextMetrics
- uxtheme.dll.GetThemeBackgroundRegion
- uxtheme.dll.HitTestThemeBackground
- uxtheme.dll.DrawThemeEdge
- uxtheme.dll.DrawThemeIcon
- uxtheme.dll.IsThemePartDefined
- uxtheme.dll.IsThemeBackgroundPartiallyTransparent
- uxtheme.dll.GetThemeColor
- uxtheme.dll.GetThemeMetric
- uxtheme.dll.GetThemeString
- uxtheme.dll.GetThemeBool
- uxtheme.dll.GetThemeInt
- uxtheme.dll.GetThemeEnumValue
- uxtheme.dll.GetThemePosition
- uxtheme.dll.GetThemeFont
- uxtheme.dll.GetThemeRect
- uxtheme.dll.GetThemeMargins
- uxtheme.dll.GetThemeIntList
- uxtheme.dll.GetThemePropertyOrigin
- uxtheme.dll.SetWindowTheme
- uxtheme.dll.GetThemeFilename
- uxtheme.dll.GetThemeSysColor
- uxtheme.dll.GetThemeSysColorBrush
- uxtheme.dll.GetThemeSysBool
- uxtheme.dll.GetThemeSysSize
- uxtheme.dll.GetThemeSysFont
- uxtheme.dll.GetThemeSysString
- uxtheme.dll.GetThemeSysInt
- uxtheme.dll.IsThemeActive
- uxtheme.dll.IsAppThemed
- uxtheme.dll.GetWindowTheme
- uxtheme.dll.EnableThemeDialogTexture
- uxtheme.dll.IsThemeDialogTextureEnabled
- uxtheme.dll.GetThemeAppProperties
- uxtheme.dll.SetThemeAppProperties
- uxtheme.dll.GetCurrentThemeName
- uxtheme.dll.GetThemeDocumentationProperty
- uxtheme.dll.DrawThemeParentBackground
- uxtheme.dll.EnableTheming
- gdi32.dll.GetLayout
- gdi32.dll.GdiRealizationInfo
- gdi32.dll.FontIsLinked
- gdi32.dll.GetTextFaceAliasW
- advapi32.dll.RegQueryValueExA
- comctl32.dll.RegisterClassNameW
- gdi32.dll.GetTextExtentExPointWPri
- gdi32.dll.GetFontAssocStatus
- ole32.dll.CoRegisterInitializeSpy
- ole32.dll.CoRevokeInitializeSpy
- imm32.dll.ImmAssociateContext
- kernel32.dll.IsWow64Process
- gdi32.dll.GdiIsMetaPrintDC
- dwmapi.dll.DwmIsCompositionEnabled
- oleaut32.dll.SysAllocString
- oleaut32.dll.SysStringLen
- user32.dll.WINNLSEnableIME