魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2018-07-13 16:40:16 | 2018-07-13 16:42:44 | 148 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-hpdapp03-1 | win7-sp1-x64-hpdapp03-1 | KVM | 2018-07-13 16:40:25 | 2018-07-13 16:42:43 |
| 魔盾分数 |
|---|
10.0Razy |
文件详细信息
| 文件名 | LilyMain.exe |
|---|---|
| 文件大小 | 2587648 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| CRC32 | 07BCCE90 |
| MD5 | 04a0e3b330eec4dcd203fa5a55aacbf8 |
| SHA1 | 7c1bbfea8870db313b97fea4911f13122b004ebc |
| SHA256 | 7e8644f05585bed1b78773921118e2452c9cdfbc5243aa2710142f59cc0ea654 |
| SHA512 | 2c65063b7f80ea689f03685042e2782056c40e20c5297b3a4ae55404e3cda997cc9c3da78d83400c170afc50c09b30a24852d90c23f67e1a6da56c4b287a328d |
| Ssdeep | 24576:ehaiA3AQHwVRDsxPRjGPyfZDERmvk2qGEuFtvruF4nc+iWAy+Cp/kI07kxqa8tTl:Yo4TygyCmRHm7M/knPaKgvn/JWQQ |
| PEiD | 无匹配 |
| Yara | 无Yara规则匹配 |
| VirusTotal |
VirusTotal链接 VirusTotal扫描时间: 2018-07-10 08:14:45 扫描结果: 28/67 |
特征
创建RWX内存
二进制文件可能包含加密或压缩数据
section: name: .tskanda, entropy: 7.82, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x000c1600, virtual_size: 0x000c2000
section: name: .tskanda, entropy: 7.99, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00002000, virtual_size: 0x00002000
异常的二进制特征
anomaly: Found duplicated section names
文件已被至少十个VirusTotal上的反病毒引擎检测为病毒
MicroWorld-eScan: Gen:Variant.Razy.348847
McAfee: Packed-LF!04A0E3B330EE
Cylance: Unsafe
Arcabit: Trojan.Razy.D552AF
Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9998
Symantec: ML.Attribute.HighConfidence
ESET-NOD32: a variant of Win32/Packed.NoobyProtect.G suspicious
Avast: Win32:Evo-gen [Susp]
GData: Gen:Variant.Razy.348847
Kaspersky: HEUR:Packed.Win32.Blackv.gen
BitDefender: Gen:Variant.Razy.348847
NANO-Antivirus: Trojan.Win32.NobodyProtect.eviakq
Ad-Aware: Gen:Variant.Razy.348847
Emsisoft: Gen:Variant.Razy.348847 (B)
F-Secure: Gen:Variant.Razy.348847
Invincea: heuristic
McAfee-GW-Edition: BehavesLike.Win32.Injector.vm
SentinelOne: static engine - malicious
MAX: malware (ai score=80)
Endgame: malicious (high confidence)
ZoneAlarm: HEUR:Packed.Win32.Blackv.gen
ALYac: Gen:Variant.Razy.348847
Rising: Malware.Heuristic!ET#99% (RDM+:cmRtazoBFfdYjEne10hlQ8V3/t3a)
Ikarus: PUA.NoobyProtect
AVG: Win32:Evo-gen [Susp]
Cybereason: malicious.a8870d
CrowdStrike: malicious_confidence_100% (D)
Qihoo-360: Win32/Trojan.314
运行截图
网络分析
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x006741b4 |
| 声明校验值 | 0x00285339 |
| 实际校验值 | 0x00285339 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2018-07-10 14:52:22 |
| 载入哈希 | 32c5de998b5f069b26c94c8143b13c06 |
| 图标 |  |
| 图标精确哈希值 | c163dd75beb29e10693e26ca4dbcd6ca |
| 图标相似性哈希值 | 39379a825cad6d638219f0e346a7bf5e |
版本信息
| Translation: | 0x0000 0x04b0 |
| LegalCopyright: | Copyright \xa9 2018 |
| Assembly Version: | 3.8.2.0 |
| InternalName: | LilyMain.exe |
| FileVersion: | 3.8.2.0 |
| CompanyName: | |
| LegalTrademarks: | |
| Comments: | \x4e00\x6b3e\x754c\x9762\x6781\x901f\x7b80\x6d01,\x529f\x80fd\x5f3a\x5927\x7684\x5feb\x6377\x65b9\x5f0f\x7ba1\x7406\x5de5\x5177 |
| ProductName: | Lily |
| ProductVersion: | 3.8.2.0 |
| FileDescription: | Lily\x4e3b\x7a0b\x5e8f |
| OriginalFilename: | LilyMain.exe |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00002000 | 0x001b2000 | 0x001b2000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.32 |
| .tskanda | 0x001b4000 | 0x000c2000 | 0x000c1600 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.82 |
| .idata | 0x00276000 | 0x00002000 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.22 |
| .tskanda | 0x00278000 | 0x00002000 | 0x00002000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.99 |
覆盖
| 偏移量: | 0x00275c00 |
| 大小: | 0x00002000 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x001ae100 | 0x000025a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.08 | data |
| RT_GROUP_ICON | 0x001b06b8 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 1.92 | MS Windows icon resource - 1 icon, 48x48 |
| RT_VERSION | 0x001b06dc | 0x0000033c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.68 | data |
| RT_MANIFEST | 0x001b0a28 | 0x0000043a | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.25 | XML 1.0 document, UTF-8 Unicode (with BOM) text |
导入
库 mscoree.dll:
• 0x676197 - _CorExeMain
库 MSVCRT.dll:
• 0x6761a3 - strncpy
库 IPHLPAPI.DLL:
• 0x6761af - GetInterfaceInfo
库 PSAPI.DLL:
• 0x6761bb - GetMappedFileNameW
库 KERNEL32.dll:
• 0x6761c7 - GetModuleFileNameW
库 USER32.dll:
• 0x6761d3 - GetWindow
库 ADVAPI32.dll:
• 0x6761df - RegDeleteKeyA
库 SHELL32.dll:
• 0x6761eb - SHGetFolderPathW
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
LilyMain.exe PID: 1780, 上一级进程 PID: 1896
访问的文件
- C:\Windows\SysWOW64\ntdll.dll
- C:\Windows\SysWOW64\KernelBase.dll
- C:\Windows\SysWOW64\kernel32.dll
- C:\Windows\SysWOW64\user32.dll
- C:\Windows\SysWOW64\advapi32.dll
- C:\Windows\SysWOW64\IPHLPAPI.DLL
- C:\Windows\System32\mscoree.dll.local
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
- C:\Windows\Microsoft.NET\Framework\*
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
- C:\Users\test\AppData\Local\Temp\LilyMain.exe
- C:\Users
- C:\Users\test
- C:\Users\test\AppData
- C:\Users\test\AppData\Local
- C:\Users\test\AppData\Local\Temp
- \Device\KsecDD
- C:\Users\test\AppData\Local\Temp\LilyMain.exe.config
- C:\Windows\assembly\NativeImages_v4.0.30319_32\LilyMain\*
- C:\Users\test\AppData\Local\Temp\LilyMain.INI
- C:\Windows\assembly\GAC\PublisherPolicy.tme
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
- C:\Users\test\AppData\Local\Temp\DSkin.dll
- C:\Users\test\AppData\Local\Temp\DSkin\DSkin.dll
- C:\Users\test\AppData\Local\Temp\DSkin.exe
- C:\Users\test\AppData\Local\Temp\DSkin\DSkin.exe
- C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui
读取的文件
- C:\Windows\SysWOW64\ntdll.dll
- C:\Windows\SysWOW64\KernelBase.dll
- C:\Windows\SysWOW64\kernel32.dll
- C:\Windows\SysWOW64\user32.dll
- C:\Windows\SysWOW64\advapi32.dll
- C:\Windows\SysWOW64\IPHLPAPI.DLL
- C:\Windows\Globalization\Sorting\sortdefault.nls
- \Device\KsecDD
- C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui
修改的文件
无信息
删除的文件
无信息
注册表键
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
- HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
- Policy\Standards
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LilyMain.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
- HKEY_CURRENT_USER\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
- HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index49
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2280033686-3172497658-3481507381-1000\Installer\Assemblies\C:|Users|test|AppData|Local|Temp|LilyMain.exe
- HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|test|AppData|Local|Temp|LilyMain.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|test|AppData|Local|Temp|LilyMain.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2280033686-3172497658-3481507381-1000\Installer\Assemblies\Global
- HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
读取的注册表键
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index49
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
修改的注册表键
无信息
删除的注册表键
无信息
API解析
- ntdll.dll.RtlUnicodeStringToAnsiString
- ntdll.dll.RtlAnsiStringToUnicodeString
- ntdll.dll._vsnwprintf
- ntdll.dll.memset
- ntdll.dll.RtlFreeAnsiString
- ntdll.dll.RtlFreeHeap
- ntdll.dll.RtlDeleteCriticalSection
- ntdll.dll.RtlInitializeCriticalSection
- ntdll.dll.RtlAllocateHeap
- ntdll.dll.CsrVerifyRegion
- ntdll.dll.RtlGetNativeSystemInformation
- ntdll.dll.NtQuerySystemInformation
- ntdll.dll.RtlCreateTagHeap
- ntdll.dll.NtQueryInformationProcess
- ntdll.dll.NtSetInformationProcess
- ntdll.dll.NtClose
- ntdll.dll.NtSetInformationFile
- ntdll.dll.NtCreateIoCompletion
- ntdll.dll.NtSetIoCompletion
- ntdll.dll.RtlSetLastWin32Error
- ntdll.dll.SbSelectProcedure
- ntdll.dll.NtRemoveIoCompletion
- ntdll.dll.RtlDeactivateActivationContextUnsafeFast
- ntdll.dll.NtRemoveIoCompletionEx
- ntdll.dll.RtlActivateActivationContextUnsafeFast
- ntdll.dll.NtCreateNamedPipeFile
- ntdll.dll.NtOpenFile
- ntdll.dll.NtWaitForSingleObject
- ntdll.dll.NtFsControlFile
- ntdll.dll.NtCreateEvent
- ntdll.dll.NtQueryInformationFile
- ntdll.dll._allmul
- ntdll.dll.RtlSetDaclSecurityDescriptor
- ntdll.dll.RtlCreateSecurityDescriptor
- ntdll.dll.RtlDefaultNpAcl
- ntdll.dll.RtlDosPathNameToNtPathName_U
- ntdll.dll.RtlAppendUnicodeStringToString
- ntdll.dll._wcsnicmp
- ntdll.dll.RtlPrefixString
- ntdll.dll.RtlInitUnicodeString
- ntdll.dll.RtlFreeUnicodeString
- ntdll.dll.RtlDetermineDosPathNameType_U
- ntdll.dll.RtlCreateUnicodeString
- ntdll.dll.memcpy
- ntdll.dll.NtDeviceIoControlFile
- ntdll.dll.NtCreateFile
- ntdll.dll.RtlTimeToTimeFields
- ntdll.dll.RtlTimeFieldsToTime
- ntdll.dll.RtlAcquirePrivilege
- ntdll.dll.RtlInitializeSRWLock
- ntdll.dll.RtlReleaseSRWLockExclusive
- ntdll.dll.RtlAcquireSRWLockExclusive
- ntdll.dll.RtlCutoverTimeToSystemTime
- ntdll.dll.RtlReleaseSRWLockShared
- ntdll.dll.RtlAcquireSRWLockShared
- ntdll.dll.RtlReleasePrivilege
- ntdll.dll.NtSetSystemTime
- ntdll.dll.RtlUnicodeStringToInteger
- ntdll.dll.wcschr
- ntdll.dll.wcscpy_s
- ntdll.dll.RtlpCheckDynamicTimeZoneInformation
- ntdll.dll._stricmp
- ntdll.dll._wcsicmp
- ntdll.dll.RtlDeregisterWaitEx
- ntdll.dll.RtlCreateTimerQueue
- ntdll.dll.NtDelayExecution
- ntdll.dll.RtlCreateTimer
- ntdll.dll.RtlUpdateTimer
- ntdll.dll.RtlDeleteTimer
- ntdll.dll.RtlDeleteTimerQueueEx
- ntdll.dll.RtlRegisterWait
- ntdll.dll.wcsrchr
- ntdll.dll.NtQueryValueKey
- ntdll.dll.NtOpenKey
- ntdll.dll.RtlxAnsiStringToUnicodeSize
- ntdll.dll.NlsMbCodePageTag
- ntdll.dll.RtlxOemStringToUnicodeSize
- ntdll.dll.NlsMbOemCodePageTag
- ntdll.dll.RtlxUnicodeStringToOemSize
- ntdll.dll.RtlxUnicodeStringToAnsiSize
- ntdll.dll.LdrEnumerateLoadedModules
- ntdll.dll.NtAllocateVirtualMemory
- ntdll.dll._alloca_probe
- ntdll.dll.RtlReleasePebLock
- ntdll.dll.RtlQueryEnvironmentVariable
- ntdll.dll.RtlAcquirePebLock
- ntdll.dll.RtlLeaveCriticalSection
- ntdll.dll.RtlEnterCriticalSection
- ntdll.dll.wcsncmp
- ntdll.dll.RtlUnicodeStringToOemString
- ntdll.dll.RtlOemStringToUnicodeString
- ntdll.dll.RtlRaiseException
- ntdll.dll.NtDuplicateObject
- ntdll.dll.NtQueryObject
- ntdll.dll.NtSetInformationObject
- ntdll.dll.NtQueryVolumeInformationFile
- ntdll.dll.NtLockFile
- ntdll.dll.NtUnlockFile
- ntdll.dll.RtlNtStatusToDosError
- ntdll.dll.NtReadFile
- ntdll.dll.NtWriteFile
- ntdll.dll.NtCancelIoFileEx
- ntdll.dll.NtReadFileScatter
- ntdll.dll.NtWriteFileGather
- ntdll.dll.RtlWow64EnableFsRedirectionEx
- ntdll.dll.memmove
- ntdll.dll.NtFlushBuffersFile
- ntdll.dll.NtCreateSection
- ntdll.dll.NtOpenSection
- ntdll.dll.NtMapViewOfSection
- ntdll.dll.NtFlushVirtualMemory
- ntdll.dll.RtlFlushSecureMemoryCache
- ntdll.dll.NtUnmapViewOfSection
- ntdll.dll.NtReadVirtualMemory
- ntdll.dll.NtFlushInstructionCache
- ntdll.dll.NtWriteVirtualMemory
- ntdll.dll.NtProtectVirtualMemory
- ntdll.dll.NtFreeVirtualMemory
- ntdll.dll.NtQueryVirtualMemory
- ntdll.dll.NtQuerySystemInformationEx
- ntdll.dll.RtlGetCurrentProcessorNumberEx
- ntdll.dll.NtOpenProcess
- ntdll.dll.RtlExitUserProcess
- ntdll.dll.NtTerminateProcess
- ntdll.dll.RtlReportSilentProcessExit
- ntdll.dll.NtRaiseHardError
- ntdll.dll.RtlRaiseStatus
- ntdll.dll.RtlInitUnicodeStringEx
- ntdll.dll.RtlQueryEnvironmentVariable_U
- ntdll.dll.strchr
- ntdll.dll.RtlInitAnsiStringEx
- ntdll.dll.RtlUpcaseUnicodeChar
- ntdll.dll.RtlEqualUnicodeString
- ntdll.dll.RtlCompareMemory
- ntdll.dll.NtQueryDirectoryObject
- ntdll.dll.NtQuerySymbolicLinkObject
- ntdll.dll.NtOpenSymbolicLinkObject
- ntdll.dll.NtOpenDirectoryObject
- ntdll.dll.RtlSetEnvironmentStrings
- ntdll.dll.RtlSetEnvironmentVariable
- ntdll.dll.RtlSetEnvironmentVar
- ntdll.dll.RtlExpandEnvironmentStrings
- ntdll.dll.RtlUnicodeToOemN
- ntdll.dll.RtlUnicodeToMultiByteSize
- ntdll.dll.RtlExpandEnvironmentStrings_U
- ntdll.dll.RtlInitializeCriticalSectionAndSpinCount
- ntdll.dll.RtlInitializeCriticalSectionEx
- ntdll.dll.NtSetEvent
- ntdll.dll.NtClearEvent
- ntdll.dll.NtPulseEvent
- ntdll.dll.NtCreateSemaphore
- ntdll.dll.NtReleaseSemaphore
- ntdll.dll.NtCreateMutant
- ntdll.dll.NtReleaseMutant
- ntdll.dll.NtCreateTimer
- ntdll.dll.NtSetTimerEx
- ntdll.dll.NtCancelTimer
- ntdll.dll.NtOpenEvent
- ntdll.dll.NtOpenSemaphore
- ntdll.dll.NtOpenMutant
- ntdll.dll.NtWaitForMultipleObjects
- ntdll.dll.NtOpenTimer
- ntdll.dll.RtlExitUserThread
- ntdll.dll.LdrUnloadAlternateResourceModule
- ntdll.dll.LdrRemoveLoadAsDataTable
- ntdll.dll.RtlImageNtHeader
- ntdll.dll.LdrUnloadDll
- ntdll.dll.LdrDisableThreadCalloutsForDll
- ntdll.dll.LdrUnlockLoaderLock
- ntdll.dll.LdrLockLoaderLock
- ntdll.dll.LdrGetDllHandle
- ntdll.dll.LdrAddRefDll
- ntdll.dll.RtlComputePrivatizedDllName_U
- ntdll.dll.RtlPcToFileHeader
- ntdll.dll.LdrGetProcedureAddress
- ntdll.dll.RtlInitString
- ntdll.dll.RtlGetVersion
- ntdll.dll.LdrAccessResource
- ntdll.dll.RtlReAllocateHeap
- ntdll.dll.LdrAddLoadAsDataTable
- ntdll.dll.RtlGetActiveActivationContext
- ntdll.dll.LdrWx86FormatVirtualImage
- ntdll.dll.NtQuerySection
- ntdll.dll.LdrGetDllHandleByMapping
- ntdll.dll.RtlImageNtHeaderEx
- ntdll.dll.RtlDosSearchPath_Ustr
- ntdll.dll.LdrGetDllHandleByName
- ntdll.dll.RtlDosApplyFileIsolationRedirection_Ustr
- ntdll.dll.LdrLoadDll
- ntdll.dll.LdrFindResource_U
- ntdll.dll.RtlFreeSid
- ntdll.dll.RtlSetSaclSecurityDescriptor
- ntdll.dll.RtlAddMandatoryAce
- ntdll.dll.RtlAddAccessAllowedAce
- ntdll.dll.RtlCreateAcl
- ntdll.dll.RtlLengthSid
- ntdll.dll.RtlAllocateAndInitializeSid
- ntdll.dll.DbgPrint
- ntdll.dll.NtOpenThread
- ntdll.dll.NtSetInformationThread
- ntdll.dll.NtQueryInformationThread
- ntdll.dll.NtTerminateThread
- ntdll.dll.TpCheckTerminateWorker
- ntdll.dll.RtlCaptureStackBackTrace
- ntdll.dll.NtSuspendThread
- ntdll.dll.NtResumeThread
- ntdll.dll.RtlClearBits
- ntdll.dll.RtlAreBitsSet
- ntdll.dll.NtQueueApcThread
- ntdll.dll.#8
- ntdll.dll.RtlQueryInformationActivationContext
- ntdll.dll.RtlFlsAlloc
- ntdll.dll.RtlProcessFlsData
- ntdll.dll.RtlFlsFree
- ntdll.dll.NtYieldExecution
- ntdll.dll.RtlFreeActivationContextStack
- ntdll.dll.RtlReleaseActivationContext
- ntdll.dll.RtlActivateActivationContextEx
- ntdll.dll.RtlAllocateActivationContextStack
- ntdll.dll.NtCreateThreadEx
- ntdll.dll.TpCaptureCaller
- ntdll.dll.RtlFindClearBitsAndSet
- ntdll.dll.RtlFormatMessageEx
- ntdll.dll.RtlInitAnsiString
- ntdll.dll.RtlFindMessage
- ntdll.dll.RtlLoadString
- ntdll.dll.RtlUnicodeToMultiByteN
- ntdll.dll.RtlUnlockHeap
- ntdll.dll.RtlFreeHandle
- ntdll.dll.RtlIsValidHandle
- ntdll.dll.RtlLockHeap
- ntdll.dll.RtlSetUserValueHeap
- ntdll.dll.RtlAllocateHandle
- ntdll.dll._aulldiv
- ntdll.dll.RtlCreateHeap
- ntdll.dll.RtlDestroyHeap
- ntdll.dll.RtlQueryHeapInformation
- ntdll.dll.RtlValidateHeap
- ntdll.dll.RtlGetProcessHeaps
- ntdll.dll.RtlCompactHeap
- ntdll.dll.RtlWalkHeap
- ntdll.dll.RtlSetHeapInformation
- ntdll.dll.RtlInitializeHandleTable
- ntdll.dll.RtlIsDosDeviceName_U
- ntdll.dll.RtlAnsiCharToUnicodeChar
- ntdll.dll.RtlIntegerToChar
- ntdll.dll.wcsncpy_s
- ntdll.dll.RtlGetCurrentDirectory_U
- ntdll.dll.RtlSetThreadErrorMode
- ntdll.dll.toupper
- ntdll.dll.RtlReleaseRelativeName
- ntdll.dll.RtlDosPathNameToRelativeNtPathName_U
- ntdll.dll.RtlDosPathNameToRelativeNtPathName_U_WithStatus
- ntdll.dll.NtQueryAttributesFile
- ntdll.dll.RtlDosPathNameToNtPathName_U_WithStatus
- ntdll.dll.NtQueryFullAttributesFile
- ntdll.dll.NtNotifyChangeDirectoryFile
- ntdll.dll.NtQueryDirectoryFile
- ntdll.dll.RtlGetFullPathName_UEx
- ntdll.dll.RtlSetCurrentDirectory_U
- ntdll.dll.#1
- ntdll.dll.NtQueryEaFile
- ntdll.dll.NtIsProcessInJob
- ntdll.dll.NtDuplicateToken
- ntdll.dll.NtAllocateLocallyUniqueId
- ntdll.dll.NtAccessCheck
- ntdll.dll.NtAccessCheckByType
- ntdll.dll.NtAccessCheckByTypeResultList
- ntdll.dll.NtOpenProcessToken
- ntdll.dll.NtOpenThreadToken
- ntdll.dll.NtQueryInformationToken
- ntdll.dll.NtSetInformationToken
- ntdll.dll.NtAdjustPrivilegesToken
- ntdll.dll.NtAdjustGroupsToken
- ntdll.dll.NtPrivilegeCheck
- ntdll.dll.NtAccessCheckAndAuditAlarm
- ntdll.dll.NtAccessCheckByTypeAndAuditAlarm
- ntdll.dll.NtAccessCheckByTypeResultListAndAuditAlarm
- ntdll.dll.NtAccessCheckByTypeResultListAndAuditAlarmByHandle
- ntdll.dll.NtOpenObjectAuditAlarm
- ntdll.dll.NtPrivilegeObjectAuditAlarm
- ntdll.dll.NtCloseObjectAuditAlarm
- ntdll.dll.NtDeleteObjectAuditAlarm
- ntdll.dll.NtPrivilegedServiceAuditAlarm
- ntdll.dll.RtlValidSid
- ntdll.dll.RtlEqualSid
- ntdll.dll.RtlEqualPrefixSid
- ntdll.dll.RtlLengthRequiredSid
- ntdll.dll.RtlInitializeSid
- ntdll.dll.RtlIdentifierAuthoritySid
- ntdll.dll.RtlSubAuthoritySid
- ntdll.dll.RtlSubAuthorityCountSid
- ntdll.dll.RtlCopySid
- ntdll.dll.RtlAreAllAccessesGranted
- ntdll.dll.RtlAreAnyAccessesGranted
- ntdll.dll.RtlMapGenericMask
- ntdll.dll.RtlValidAcl
- ntdll.dll.RtlQueryInformationAcl
- ntdll.dll.RtlSetInformationAcl
- ntdll.dll.RtlAddAce
- ntdll.dll.RtlDeleteAce
- ntdll.dll.RtlGetAce
- ntdll.dll.RtlAddAccessAllowedAceEx
- ntdll.dll.RtlAddAccessDeniedAce
- ntdll.dll.RtlAddAccessDeniedAceEx
- ntdll.dll.RtlAddAuditAccessAce
- ntdll.dll.RtlAddAuditAccessAceEx
- ntdll.dll.RtlAddAccessAllowedObjectAce
- ntdll.dll.RtlAddAccessDeniedObjectAce
- ntdll.dll.RtlAddAuditAccessObjectAce
- ntdll.dll.RtlFirstFreeAce
- ntdll.dll.RtlValidSecurityDescriptor
- ntdll.dll.RtlValidRelativeSecurityDescriptor
- ntdll.dll.RtlLengthSecurityDescriptor
- ntdll.dll.RtlGetControlSecurityDescriptor
- ntdll.dll.RtlSetControlSecurityDescriptor
- ntdll.dll.RtlGetDaclSecurityDescriptor
- ntdll.dll.RtlGetSaclSecurityDescriptor
- ntdll.dll.RtlSetOwnerSecurityDescriptor
- ntdll.dll.RtlGetOwnerSecurityDescriptor
- ntdll.dll.RtlSetGroupSecurityDescriptor
- ntdll.dll.RtlGetGroupSecurityDescriptor
- ntdll.dll.RtlNewSecurityObject
- ntdll.dll.RtlConvertToAutoInheritSecurityObject
- ntdll.dll.RtlNewSecurityObjectEx
- ntdll.dll.RtlNewSecurityObjectWithMultipleInheritance
- ntdll.dll.RtlSetSecurityObject
- ntdll.dll.RtlSetSecurityObjectEx
- ntdll.dll.RtlQuerySecurityObject
- ntdll.dll.RtlDeleteSecurityObject
- ntdll.dll.RtlAbsoluteToSelfRelativeSD
- ntdll.dll.RtlSelfRelativeToAbsoluteSD
- ntdll.dll.NtSetSecurityObject
- ntdll.dll.NtQuerySecurityObject
- ntdll.dll.RtlImpersonateSelf
- ntdll.dll.NtImpersonateAnonymousToken
- ntdll.dll.NtFilterToken
- ntdll.dll.RtlSelfRelativeToAbsoluteSD2
- ntdll.dll.RtlGetSecurityDescriptorRMControl
- ntdll.dll.RtlSetSecurityDescriptorRMControl
- ntdll.dll.CsrClientConnectToServer
- ntdll.dll.RtlUnhandledExceptionFilter
- ntdll.dll.RtlGetLocaleFileMappingAddress
- ntdll.dll.NtGetNlsSectionPtr
- ntdll.dll.RtlNormalizeString
- ntdll.dll.wcspbrk
- ntdll.dll.RtlLcidToLocaleName
- ntdll.dll.EtwEventUnregister
- ntdll.dll.EtwEventEnabled
- ntdll.dll.EtwEventRegister
- ntdll.dll.NtSetDefaultLocale
- ntdll.dll.RtlLocaleNameToLcid
- ntdll.dll.NtEnumerateValueKey
- ntdll.dll.RtlpMuiFreeLangRegistryInfo
- ntdll.dll.RtlCultureNameToLCID
- ntdll.dll.qsort
- ntdll.dll.RtlpIsQualifiedLanguage
- ntdll.dll.RtlpGetLCIDFromLangInfoNode
- ntdll.dll.RtlpGetNameFromLangInfoNode
- ntdll.dll.NtQueryInstallUILanguage
- ntdll.dll.RtlLCIDToCultureName
- ntdll.dll.RtlpLoadUserUIByPolicy
- ntdll.dll.RtlpLoadMachineUIByPolicy
- ntdll.dll.RtlpCreateProcessRegistryInfo
- ntdll.dll.RtlpInitializeLangRegistryInfo
- ntdll.dll.LdrFindResourceEx_U
- ntdll.dll.RtlGetFileMUIPath
- ntdll.dll.RtlGetUILanguageInfo
- ntdll.dll.RtlpGetSystemDefaultUILanguage
- ntdll.dll.RtlGetThreadPreferredUILanguages
- ntdll.dll.RtlGetProcessPreferredUILanguages
- ntdll.dll.RtlpQueryDefaultUILanguage
- ntdll.dll.RtlGetSystemPreferredUILanguages
- ntdll.dll.RtlGetUserPreferredUILanguages
- ntdll.dll.NtCreateKey
- ntdll.dll.NtSetValueKey
- ntdll.dll.NtDeleteKey
- ntdll.dll.NtEnumerateKey
- ntdll.dll.RtlIntegerToUnicodeString
- ntdll.dll.RtlAppendUnicodeToString
- ntdll.dll.RtlCopyUnicodeString
- ntdll.dll.EtwEventWrite
- ntdll.dll.RtlOpenCurrentUser
- ntdll.dll.NtQueryDefaultLocale
- ntdll.dll.NtNotifyChangeKey
- ntdll.dll.swprintf_s
- ntdll.dll.RtlUTF8ToUnicodeN
- ntdll.dll.RtlUnicodeToUTF8N
- ntdll.dll.NtDeleteValueKey
- ntdll.dll.RtlUnwind
- ntdll.dll.DbgPrintEx
- ntdll.dll.RtlSetLastWin32ErrorAndNtStatusFromNtStatus
- ntdll.dll.TpAllocPool
- ntdll.dll.TpSetPoolMinThreads
- ntdll.dll.TpSetPoolStackInformation
- ntdll.dll.TpQueryPoolStackInformation
- ntdll.dll.TpAllocCleanupGroup
- ntdll.dll.TpSimpleTryPost
- ntdll.dll.TpAllocWork
- ntdll.dll.TpAllocTimer
- ntdll.dll.TpAllocWait
- ntdll.dll.TpAllocIoCompletion
- ntdll.dll.TpCallbackMayRunLong
- ntdll.dll.NtQueryMultipleValueKey
- ntdll.dll.RtlCaptureContext
- ntdll.dll.RtlConvertSidToUnicodeString
- ntdll.dll.RtlRunOnceInitialize
- ntdll.dll.NtResetEvent
- ntdll.dll.strncat
- ntdll.dll._strlwr
- ntdll.dll.RtlpConvertCultureNamesToLCIDs
- ntdll.dll.RtlpConvertLCIDsToCultureNames
- ntdll.dll.RtlSetProcessPreferredUILanguages
- ntdll.dll.RtlIdnToUnicode
- ntdll.dll.RtlIdnToNameprepUnicode
- ntdll.dll.RtlIdnToAscii
- ntdll.dll.RtlIsNormalizedString
- ntdll.dll._ui64tow
- ntdll.dll._wtol
- ntdll.dll._wcslwr
- ntdll.dll.wcsncpy
- ntdll.dll.RtlReadThreadProfilingData
- ntdll.dll.RtlQueryThreadProfiling
- ntdll.dll.RtlDisableThreadProfiling
- ntdll.dll.RtlEnableThreadProfiling
- ntdll.dll.RtlSetExtendedFeaturesMask
- ntdll.dll.RtlGetExtendedFeaturesMask
- ntdll.dll.RtlLocateExtendedFeature
- ntdll.dll.RtlCopyContext
- ntdll.dll.RtlGetEnabledExtendedFeatures
- ntdll.dll.RtlGetExtendedContextLength
- ntdll.dll.RtlInitializeExtendedContext
- ntdll.dll.RtlLocateLegacyContext
- ntdll.dll.NtRaiseException
- ntdll.dll.EtwEventWriteNoRegistration
- ntdll.dll.RtlSetIoCompletionCallback
- ntdll.dll.RtlQueueWorkItem
- ntdll.dll.RtlDeregisterWait
- ntdll.dll.NtResetWriteWatch
- ntdll.dll.NtGetWriteWatch
- ntdll.dll.NtMapUserPhysicalPagesScatter
- ntdll.dll.NtMapUserPhysicalPages
- ntdll.dll.NtFreeUserPhysicalPages
- ntdll.dll.NtAllocateUserPhysicalPages
- ntdll.dll.NtUnlockVirtualMemory
- ntdll.dll.NtLockVirtualMemory
- ntdll.dll.RtlComputeImportTableHash
- ntdll.dll.bsearch
- ntdll.dll.RtlEncodeSystemPointer
- ntdll.dll.RtlFindCharInUnicodeString
- ntdll.dll.RtlNtPathNameToDosPathName
- ntdll.dll.NtApphelpCacheControl
- ntdll.dll.RtlRandom
- ntdll.dll.RtlFindActivationContextSectionGuid
- ntdll.dll.RtlFindActivationContextSectionString
- ntdll.dll.RtlDoesFileExists_U
- ntdll.dll.RtlCreateActivationContext
- ntdll.dll.RtlSetThreadPreferredUILanguages
- ntdll.dll.RtlQueryActivationContextApplicationSettings
- ntdll.dll.RtlMultiAppendUnicodeStringBuffer
- ntdll.dll.RtlpEnsureBufferSize
- ntdll.dll.RtlGetLengthWithoutLastFullDosOrNtPathElement
- ntdll.dll.RtlpApplyLengthFunction
- ntdll.dll.RtlDeactivateActivationContext
- ntdll.dll.RtlActivateActivationContext
- ntdll.dll.RtlZombifyActivationContext
- ntdll.dll.RtlAddRefActivationContext
- ntdll.dll.NtSetInformationJobObject
- ntdll.dll.NtCreateJobSet
- ntdll.dll.NtQueryInformationJobObject
- ntdll.dll.NtTerminateJobObject
- ntdll.dll.NtAssignProcessToJobObject
- ntdll.dll.NtOpenJobObject
- ntdll.dll.NtCreateJobObject
- ntdll.dll.tolower
- ntdll.dll.atol
- ntdll.dll.isdigit
- ntdll.dll.RtlCopyLuid
- ntdll.dll.RtlFreeOemString
- ntdll.dll.RtlCreateEnvironment
- ntdll.dll.RtlCreateEnvironmentEx
- ntdll.dll.RtlDestroyEnvironment
- ntdll.dll.NtQueryEvent
- ntdll.dll.CsrClientCallServer
- ntdll.dll.CsrAllocateCaptureBuffer
- ntdll.dll.CsrAllocateMessagePointer
- ntdll.dll.CsrFreeCaptureBuffer
- ntdll.dll.RtlCreateQueryDebugBuffer
- ntdll.dll.RtlQueryProcessDebugInformation
- ntdll.dll.RtlDestroyQueryDebugBuffer
- ntdll.dll.RtlFreeUserStack
- ntdll.dll.RtlCreateUserStack
- ntdll.dll.NtSetContextThread
- ntdll.dll.NtGetContextThread
- ntdll.dll.NtSignalAndWaitForSingleObject
- ntdll.dll.RtlRunOnceComplete
- ntdll.dll.RtlRunOnceBeginInitialize
- ntdll.dll.RtlRunOnceExecuteOnce
- ntdll.dll.RtlSleepConditionVariableSRW
- ntdll.dll.RtlSleepConditionVariableCS
- ntdll.dll.NtOpenPrivateNamespace
- ntdll.dll.NtCreatePrivateNamespace
- ntdll.dll.NtDeletePrivateNamespace
- ntdll.dll.RtlAddIntegrityLabelToBoundaryDescriptor
- ntdll.dll.RtlAddSIDToBoundaryDescriptor
- ntdll.dll.RtlCreateBoundaryDescriptor
- ntdll.dll.strcpy_s
- ntdll.dll.NtReplacePartitionUnit
- ntdll.dll.RtlCompareUnicodeString
- ntdll.dll.RtlQueryRegistryValues
- ntdll.dll.RtlDecodeSystemPointer
- ntdll.dll.RtlWow64LogMessageInEventLogger
- ntdll.dll.NtIsSystemResumeAutomatic
- ntdll.dll.NtGetDevicePowerState
- ntdll.dll.NtSetThreadExecutionState
- ntdll.dll.NtInitiatePowerAction
- ntdll.dll.NtPowerInformation
- ntdll.dll.NtSetVolumeInformationFile
- ntdll.dll.RtlGetFullPathName_U
- ntdll.dll.RtlIsNameLegalDOS8Dot3
- ntdll.dll._allshl
- ntdll.dll.LdrLoadAlternateResourceModuleEx
- ntdll.dll.LdrLoadAlternateResourceModule
- ntdll.dll.LdrpResGetMappingSize
- ntdll.dll.LdrRscIsTypeExist
- ntdll.dll._strcmpi
- ntdll.dll.strncat_s
- ntdll.dll.wcstoul
- ntdll.dll.LdrGetFileNameFromLoadAsDataTable
- ntdll.dll.LdrResFindResourceDirectory
- ntdll.dll.LdrResFindResource
- ntdll.dll.LdrpResGetResourceDirectory
- ntdll.dll.RtlImageDirectoryEntryToData
- ntdll.dll.LdrResGetRCConfig
- ntdll.dll.RtlVerifyVersionInfo
- ntdll.dll.RtlGetProductInfo
- ntdll.dll.NtCreateMailslotFile
- ntdll.dll.RtlExtendedLargeIntegerDivide
- ntdll.dll.RtlCleanUpTEBLangLists
- ntdll.dll.RtlSetThreadPoolStartFunc
- ntdll.dll.LdrSetDllManifestProber
- ntdll.dll.RtlSetUserCallbackExceptionFilter
- ntdll.dll.RtlSetUnhandledExceptionFilter
- ntdll.dll.RtlEncodePointer
- ntdll.dll.LdrQueryImageFileExecutionOptions
- ntdll.dll.RtlDeregisterSecureMemoryCacheCallback
- ntdll.dll.RtlRegisterSecureMemoryCacheCallback
- ntdll.dll.RtlSizeHeap
- ntdll.dll.RtlGetUserInfoHeap
- ntdll.dll.NtSetSystemEnvironmentValueEx
- ntdll.dll.RtlGUIDFromString
- ntdll.dll.NtQuerySystemEnvironmentValueEx
- ntdll.dll._alldiv
- ntdll.dll.RtlGetLastNtStatus
- ntdll.dll.NtCreateKeyTransacted
- ntdll.dll.RtlWow64EnableFsRedirection
- ntdll.dll.NtCancelIoFile
- ntdll.dll.NtCancelSynchronousIoFile
- ntdll.dll.RtlGetThreadErrorMode
- ntdll.dll.RtlNtStatusToDosErrorNoTeb
- ntdll.dll.RtlQueryElevationFlags
- ntdll.dll.RtlCharToInteger
- ntdll.dll.strncpy_s
- ntdll.dll.RtlGetLongestNtPathLength
- ntdll.dll.RtlEqualString
- ntdll.dll.RtlIsTextUnicode
- ntdll.dll.RtlFormatCurrentUserKeyPath
- ntdll.dll.RtlPrefixUnicodeString
- ntdll.dll.RtlMultiByteToUnicodeSize
- ntdll.dll.RtlMultiByteToUnicodeN
- ntdll.dll.RtlQueryAtomInAtomTable
- ntdll.dll.NtQueryInformationAtom
- ntdll.dll.RtlDeleteAtomFromAtomTable
- ntdll.dll.NtDeleteAtom
- ntdll.dll.RtlLookupAtomInAtomTable
- ntdll.dll.NtFindAtom
- ntdll.dll.RtlAddAtomToAtomTable
- ntdll.dll.NtAddAtom
- ntdll.dll.RtlCreateAtomTable
- ntdll.dll.RtlDestroyAtomTable
- ntdll.dll.DbgUiStopDebugging
- ntdll.dll.DbgUiContinue
- ntdll.dll.DbgUiWaitStateChange
- ntdll.dll.DbgUiConvertStateChangeStructure
- ntdll.dll.DbgUiGetThreadDebugObject
- ntdll.dll.NtSetInformationDebugObject
- ntdll.dll.DbgUiIssueRemoteBreakin
- ntdll.dll.DbgUiConnectToDbg
- ntdll.dll.DbgUiDebugActiveProcess
- ntdll.dll.CsrGetProcessId
- ntdll.dll.NtSetSystemInformation
- ntdll.dll.RtlGetCurrentTransaction
- ntdll.dll.RtlSetCurrentTransaction
- ntdll.dll.wcscat_s
- ntdll.dll.wcsstr
- ntdll.dll.RtlCreateUnicodeStringFromAsciiz
- ntdll.dll.RtlDnsHostNameToComputerName
- ntdll.dll.wcscspn
- ntdll.dll._memicmp
- ntdll.dll.NtFlushKey
- ntdll.dll.NtSetEaFile
- ntdll.dll.RtlInitializeExceptionChain
- ntdll.dll.NtWow64WriteVirtualMemory64
- ntdll.dll.RtlDestroyProcessParameters
- ntdll.dll.RtlCreateProcessParametersEx
- ntdll.dll.NtRemoveProcessDebug
- ntdll.dll.LdrQueryImageFileKeyOption
- ntdll.dll.NtCreateUserProcess
- ntdll.dll.RtlGetFullPathName_UstrEx
- ntdll.dll.RtlDecodePointer
- ntdll.dll.RtlKnownExceptionFilter
- ntdll.dll.NtRequestWaitReplyPort
- ntdll.dll.NtOpenKeyTransacted
- ntdll.dll.NtQueryKey
- ntdll.dll.NtOpenKeyEx
- ntdll.dll.NtOpenKeyTransactedEx
- ntdll.dll.NtLoadKey
- ntdll.dll.NtUnloadKey
- ntdll.dll.NtNotifyChangeMultipleKeys
- ntdll.dll.NtRestoreKey
- ntdll.dll.NtSaveKeyEx
- ntdll.dll.RtlMakeSelfRelativeSD
- ntdll.dll._strnicmp
- ntdll.dll.strncmp
- ntdll.dll.RtlTryAcquirePebLock
- ntdll.dll._vsnprintf
- ntdll.dll.RtlWerpReportException
- ntdll.dll.LdrResSearchResource
- ntdll.dll.NtWow64ReadVirtualMemory64
- ntdll.dll.NtWow64QueryInformationProcess64
- ntdll.dll.WerReportSQMEvent
- ntdll.dll.VerSetConditionMask
- ntdll.dll.WinSqmIsOptedIn
- ntdll.dll.strcat_s
- ntdll.dll._aullrem
- kernelbase.dll.BaseReleaseProcessDllPath
- kernelbase.dll.BaseGetProcessExePath
- kernelbase.dll.BaseGetProcessDllPath
- kernelbase.dll.LoadStringByReference
- kernelbase.dll.InternalLcidToName
- kernelbase.dll.NlsIsUserDefaultLocale
- kernelbase.dll.GetUserInfo
- kernelbase.dll.GetPtrCalDataArray
- kernelbase.dll.GetPtrCalData
- kernelbase.dll.GetStringTableEntry
- kernelbase.dll.CheckGroupPolicyEnabled
- kernelbase.dll.OpenRegKey
- kernelbase.dll.GetCPHashNode
- kernelbase.dll.Internal_EnumSystemCodePages
- kernelbase.dll.Internal_EnumUILanguages
- kernelbase.dll.Internal_EnumLanguageGroupLocales
- kernelbase.dll.Internal_EnumSystemLanguageGroups
- kernelbase.dll.Internal_EnumDateFormats
- kernelbase.dll.Internal_EnumTimeFormats
- kernelbase.dll.KernelBaseGetGlobalData
- kernelbase.dll.InvalidateTzSpecificCache
- kernelbase.dll.IsDBCSLeadByte
- kernelbase.dll.CreateFileMappingNumaW
- kernelbase.dll.CompareStringA
- kernelbase.dll.LoadStringBaseExW
- kernelbase.dll.BaseInvalidateDllSearchPathCache
- kernelbase.dll.BaseInvalidateProcessSearchPathCache
- kernelbase.dll.BaseDllFreeResourceId
- kernelbase.dll.BaseDllMapResourceIdW
- kernelbase.dll.GetUserDefaultUILanguage
- kernelbase.dll.EnumUILanguagesW
- kernelbase.dll.AreFileApisANSI
- kernelbase.dll.EnumCalendarInfoExW
- kernelbase.dll.EnumCalendarInfoW
- kernelbase.dll.EnumDateFormatsExW
- kernelbase.dll.EnumDateFormatsW
- kernelbase.dll.EnumLanguageGroupLocalesW
- kernelbase.dll.EnumSystemCodePagesW
- kernelbase.dll.EnumSystemLanguageGroupsW
- kernelbase.dll.EnumSystemLocalesEx
- kernelbase.dll.EnumSystemLocalesW
- kernelbase.dll.EnumTimeFormatsW
- kernelbase.dll.GetLocaleInfoA
- kernelbase.dll.GetStringTypeA
- kernelbase.dll.GetSystemDefaultUILanguage
- kernelbase.dll.IsDBCSLeadByteEx
- kernelbase.dll.MapViewOfFileExNuma
- kernelbase.dll.SetFileApisToANSI
- kernelbase.dll.SetFileApisToOEM
- kernelbase.dll.VirtualAllocExNuma
- kernelbase.dll.EnumCalendarInfoExEx
- kernelbase.dll.EnumDateFormatsExEx
- kernelbase.dll.EnumTimeFormatsEx
- kernelbase.dll.GetCurrencyFormatEx
- kernelbase.dll.GetEraNameCountedString
- kernelbase.dll.GetNumberFormatEx
- kernelbase.dll.GetSystemDefaultLocaleName
- kernelbase.dll.GetUserDefaultLocaleName
- kernelbase.dll.LCIDToLocaleName
- kernelbase.dll.GetNamedLocaleHashNode
- kernelbase.dll.GetLocaleInfoHelper
- kernelbase.dll.GetUserInfoWord
- kernelbase.dll.GetCalendar
- kernelbase.dll.SpecialMBToWC
- kernelbase.dll.Internal_EnumCalendarInfo
- kernelbase.dll.NlsValidateLocale
- kernelbase.dll.BaseReleaseProcessExePath
- kernelbase.dll.TlsGetValue
- kernelbase.dll.SetThreadPriority
- kernelbase.dll.SetProcessShutdownParameters
- kernelbase.dll.SetPriorityClass
- kernelbase.dll.ResumeThread
- kernelbase.dll.QueueUserAPC
- kernelbase.dll.ProcessIdToSessionId
- kernelbase.dll.OpenThread
- kernelbase.dll.GetThreadPriorityBoost
- kernelbase.dll.GetThreadPriority
- kernelbase.dll.GetStartupInfoW
- kernelbase.dll.GetProcessTimes
- kernelbase.dll.GetPriorityClass
- kernelbase.dll.GetExitCodeThread
- kernelbase.dll.GetCurrentThreadId
- kernelbase.dll.GetCurrentThread
- kernelbase.dll.GetProcessId
- kernelbase.dll.GetProcessIdOfThread
- kernelbase.dll.GetThreadId
- kernelbase.dll.GetCurrentProcessId
- kernelbase.dll.CreateRemoteThreadEx
- kernelbase.dll.GetExitCodeProcess
- kernelbase.dll.TlsFree
- kernelbase.dll.TlsAlloc
- kernelbase.dll.TerminateThread
- kernelbase.dll.TerminateProcess
- kernelbase.dll.SwitchToThread
- kernelbase.dll.SuspendThread
- kernelbase.dll.SetThreadStackGuarantee
- kernelbase.dll.SetThreadPriorityBoost
- kernelbase.dll.OpenProcessToken
- kernelbase.dll.TlsSetValue
- kernelbase.dll.SetProcessAffinityUpdateMode
- kernelbase.dll.QueryProcessAffinityUpdateMode
- kernelbase.dll.GetProcessVersion
- kernelbase.dll.CreateRemoteThread
- kernelbase.dll.InitializeProcThreadAttributeList
- kernelbase.dll.UpdateProcThreadAttribute
- kernelbase.dll.DeleteProcThreadAttributeList
- kernelbase.dll.GetCurrentProcess
- kernelbase.dll.HeapCreate
- kernelbase.dll.HeapSetInformation
- kernelbase.dll.HeapQueryInformation
- kernelbase.dll.HeapLock
- kernelbase.dll.HeapDestroy
- kernelbase.dll.GetProcessHeap
- kernelbase.dll.GetProcessHeaps
- kernelbase.dll.HeapWalk
- kernelbase.dll.HeapValidate
- kernelbase.dll.HeapUnlock
- kernelbase.dll.HeapCompact
- kernelbase.dll.HeapSummary
- kernelbase.dll.MapViewOfFileEx
- kernelbase.dll.ReadProcessMemory
- kernelbase.dll.UnmapViewOfFile
- kernelbase.dll.VirtualAlloc
- kernelbase.dll.VirtualAllocEx
- kernelbase.dll.VirtualFree
- kernelbase.dll.VirtualFreeEx
- kernelbase.dll.VirtualProtect
- kernelbase.dll.WriteProcessMemory
- kernelbase.dll.VirtualQueryEx
- kernelbase.dll.VirtualQuery
- kernelbase.dll.VirtualProtectEx
- kernelbase.dll.FlushViewOfFile
- kernelbase.dll.CreateFileMappingW
- kernelbase.dll.OpenFileMappingW
- kernelbase.dll.MapViewOfFile
- kernelbase.dll.DuplicateHandle
- kernelbase.dll.GetHandleInformation
- kernelbase.dll.SetHandleInformation
- kernelbase.dll.CloseHandle
- kernelbase.dll.OpenProcess
- kernelbase.dll.OpenSemaphoreW
- kernelbase.dll.OpenWaitableTimerW
- kernelbase.dll.ReleaseMutex
- kernelbase.dll.ReleaseSemaphore
- kernelbase.dll.OpenMutexW
- kernelbase.dll.SetEvent
- kernelbase.dll.SetWaitableTimer
- kernelbase.dll.SleepEx
- kernelbase.dll.WaitForMultipleObjectsEx
- kernelbase.dll.WaitForSingleObjectEx
- kernelbase.dll.OpenEventW
- kernelbase.dll.OpenEventA
- kernelbase.dll.InitializeCriticalSectionEx
- kernelbase.dll.InitializeCriticalSectionAndSpinCount
- kernelbase.dll.CreateWaitableTimerExW
- kernelbase.dll.CreateSemaphoreExW
- kernelbase.dll.CreateEventA
- kernelbase.dll.CreateEventW
- kernelbase.dll.CancelWaitableTimer
- kernelbase.dll.CreateEventExA
- kernelbase.dll.CreateEventExW
- kernelbase.dll.CreateMutexA
- kernelbase.dll.CreateMutexExA
- kernelbase.dll.CreateMutexExW
- kernelbase.dll.ResetEvent
- kernelbase.dll.CreateMutexW
- kernelbase.dll.GetFullPathNameW
- kernelbase.dll.GetFullPathNameA
- kernelbase.dll.SetFileTime
- kernelbase.dll.QueryDosDeviceW
- kernelbase.dll.CreateFileW
- kernelbase.dll.LockFile
- kernelbase.dll.GetFileSize
- kernelbase.dll.SetEndOfFile
- kernelbase.dll.WriteFile
- kernelbase.dll.SetFilePointer
- kernelbase.dll.ReadFile
- kernelbase.dll.WriteFileEx
- kernelbase.dll.WriteFileGather
- kernelbase.dll.GetFinalPathNameByHandleA
- kernelbase.dll.GetFinalPathNameByHandleW
- kernelbase.dll.RemoveDirectoryW
- kernelbase.dll.GetDiskFreeSpaceW
- kernelbase.dll.CreateDirectoryW
- kernelbase.dll.DefineDosDeviceW
- kernelbase.dll.FindFirstFileExA
- kernelbase.dll.FindFirstFileExW
- kernelbase.dll.FindClose
- kernelbase.dll.GetFileType
- kernelbase.dll.FlushFileBuffers
- kernelbase.dll.SetFileAttributesW
- kernelbase.dll.GetFileAttributesExW
- kernelbase.dll.DeleteFileW
- kernelbase.dll.GetFileTime
- kernelbase.dll.DeleteFileA
- kernelbase.dll.GetFileAttributesA
- kernelbase.dll.FindNextFileW
- kernelbase.dll.FindFirstFileW
- kernelbase.dll.GetLogicalDriveStringsW
- kernelbase.dll.GetTempFileNameW
- kernelbase.dll.GetVolumeInformationW
- kernelbase.dll.CompareFileTime
- kernelbase.dll.CreateDirectoryA
- kernelbase.dll.FileTimeToLocalFileTime
- kernelbase.dll.FileTimeToSystemTime
- kernelbase.dll.FindCloseChangeNotification
- kernelbase.dll.FindFirstFileA
- kernelbase.dll.FindFirstChangeNotificationA
- kernelbase.dll.FindFirstChangeNotificationW
- kernelbase.dll.FindNextChangeNotification
- kernelbase.dll.FindNextFileA
- kernelbase.dll.GetDiskFreeSpaceA
- kernelbase.dll.GetDiskFreeSpaceExA
- kernelbase.dll.GetDiskFreeSpaceExW
- kernelbase.dll.UnlockFileEx
- kernelbase.dll.GetDriveTypeA
- kernelbase.dll.GetDriveTypeW
- kernelbase.dll.GetFileAttributesExA
- kernelbase.dll.GetFileAttributesW
- kernelbase.dll.GetFileInformationByHandle
- kernelbase.dll.GetFileSizeEx
- kernelbase.dll.GetVolumeInformationByHandleW
- kernelbase.dll.LocalFileTimeToFileTime
- kernelbase.dll.LockFileEx
- kernelbase.dll.ReadFileScatter
- kernelbase.dll.ReadFileEx
- kernelbase.dll.RemoveDirectoryA
- kernelbase.dll.SetFileAttributesA
- kernelbase.dll.SetFileInformationByHandle
- kernelbase.dll.SetFilePointerEx
- kernelbase.dll.SetFileValidData
- kernelbase.dll.UnlockFile
- kernelbase.dll.PostQueuedCompletionStatus
- kernelbase.dll.GetQueuedCompletionStatusEx
- kernelbase.dll.GetQueuedCompletionStatus
- kernelbase.dll.CreateIoCompletionPort
- kernelbase.dll.CancelIoEx
- kernelbase.dll.GetOverlappedResult
- kernelbase.dll.DeviceIoControl
- kernelbase.dll.ChangeTimerQueueTimer
- kernelbase.dll.CreateTimerQueue
- kernelbase.dll.UnregisterWaitEx
- kernelbase.dll.DeleteTimerQueueTimer
- kernelbase.dll.DeleteTimerQueueEx
- kernelbase.dll.CreateTimerQueueTimer
- kernelbase.dll.GetModuleHandleA
- kernelbase.dll.GetModuleHandleW
- kernelbase.dll.GetModuleHandleExA
- kernelbase.dll.GetModuleHandleExW
- kernelbase.dll.LoadResource
- kernelbase.dll.LockResource
- kernelbase.dll.SizeofResource
- kernelbase.dll.GetProcAddress
- kernelbase.dll.GetModuleFileNameA
- kernelbase.dll.FreeLibraryAndExitThread
- kernelbase.dll.FindStringOrdinal
- kernelbase.dll.DisableThreadLibraryCalls
- kernelbase.dll.LoadLibraryExA
- kernelbase.dll.GetModuleFileNameW
- kernelbase.dll.FindResourceExW
- kernelbase.dll.FreeLibrary
- kernelbase.dll.LoadLibraryExW
- kernelbase.dll.FreeResource
- kernelbase.dll.PeekNamedPipe
- kernelbase.dll.DisconnectNamedPipe
- kernelbase.dll.CreatePipe
- kernelbase.dll.ConnectNamedPipe
- kernelbase.dll.GetNamedPipeAttribute
- kernelbase.dll.GetNamedPipeClientComputerNameW
- kernelbase.dll.WaitNamedPipeW
- kernelbase.dll.SetNamedPipeHandleState
- kernelbase.dll.CreateNamedPipeW
- kernelbase.dll.TransactNamedPipe
- kernelbase.dll.IsWow64Process
- kernelbase.dll.LCMapStringA
- kernelbase.dll.LocalLock
- kernelbase.dll.LocalReAlloc
- kernelbase.dll.LocalUnlock
- kernelbase.dll.GlobalAlloc
- kernelbase.dll.FormatMessageW
- kernelbase.dll.FormatMessageA
- kernelbase.dll.NeedCurrentDirectoryForExePathA
- kernelbase.dll.EnumSystemLocalesA
- kernelbase.dll.PulseEvent
- kernelbase.dll.Sleep
- kernelbase.dll.Wow64DisableWow64FsRedirection
- kernelbase.dll.Wow64RevertWow64FsRedirection
- kernelbase.dll.lstrcmpW
- kernelbase.dll.lstrcmpiW
- kernelbase.dll.lstrcpynA
- kernelbase.dll.lstrcpynW
- kernelbase.dll.lstrlenA
- kernelbase.dll.FatalAppExitA
- kernelbase.dll.NeedCurrentDirectoryForExePathW
- kernelbase.dll.FatalAppExitW
- kernelbase.dll.LocalAlloc
- kernelbase.dll.GlobalFree
- kernelbase.dll.lstrlenW
- kernelbase.dll.LocalFree
- kernelbase.dll.IsProcessInJob
- kernelbase.dll.GetLocalTime
- kernelbase.dll.GetSystemTimeAdjustment
- kernelbase.dll.GetSystemTimeAsFileTime
- kernelbase.dll.GetTickCount64
- kernelbase.dll.GetTimeZoneInformation
- kernelbase.dll.GetTimeZoneInformationForYear
- kernelbase.dll.GetVersion
- kernelbase.dll.GetVersionExA
- kernelbase.dll.GetVersionExW
- kernelbase.dll.GetWindowsDirectoryW
- kernelbase.dll.SetLocalTime
- kernelbase.dll.SystemTimeToTzSpecificLocalTime
- kernelbase.dll.TzSpecificLocalTimeToSystemTime
- kernelbase.dll.GetDynamicTimeZoneInformation
- kernelbase.dll.GetLogicalProcessorInformation
- kernelbase.dll.GetSystemInfo
- kernelbase.dll.GetLogicalProcessorInformationEx
- kernelbase.dll.GetWindowsDirectoryA
- kernelbase.dll.GlobalMemoryStatusEx
- kernelbase.dll.GetTickCount
- kernelbase.dll.GetSystemTime
- kernelbase.dll.SystemTimeToFileTime
- kernelbase.dll.GetComputerNameExW
- kernelbase.dll.GetComputerNameExA
- kernelbase.dll.VerLanguageNameA
- kernelbase.dll.FindNLSStringEx
- kernelbase.dll.SetThreadLocale
- kernelbase.dll.NlsWriteEtwEvent
- kernelbase.dll.NlsEventDataDescCreate
- kernelbase.dll.ConvertDefaultLocale
- kernelbase.dll.VerLanguageNameW
- kernelbase.dll.SetLocaleInfoW
- kernelbase.dll.SetCalendarInfoW
- kernelbase.dll.LCMapStringW
- kernelbase.dll.IsValidLocale
- kernelbase.dll.IsValidLanguageGroup
- kernelbase.dll.IsValidCodePage
- kernelbase.dll.IsNLSDefinedString
- kernelbase.dll.GetUserDefaultLCID
- kernelbase.dll.GetUserDefaultLangID
- kernelbase.dll.GetThreadLocale
- kernelbase.dll.GetSystemDefaultLCID
- kernelbase.dll.GetSystemDefaultLangID
- kernelbase.dll.GetProcessPreferredUILanguages
- kernelbase.dll.GetOEMCP
- kernelbase.dll.GetLocaleInfoW
- kernelbase.dll.GetCPInfoExW
- kernelbase.dll.GetCPInfo
- kernelbase.dll.GetACP
- kernelbase.dll.GetFileMUIPath
- kernelbase.dll.FindNLSString
- kernelbase.dll.NlsUpdateSystemLocale
- kernelbase.dll.NlsUpdateLocale
- kernelbase.dll.NlsGetCacheUpdateCount
- kernelbase.dll.NlsCheckPolicy
- kernelbase.dll.GetCalendarInfoW
- kernelbase.dll.GetCalendarInfoEx
- kernelbase.dll.GetLocaleInfoEx
- kernelbase.dll.GetSystemPreferredUILanguages
- kernelbase.dll.GetThreadPreferredUILanguages
- kernelbase.dll.GetThreadUILanguage
- kernelbase.dll.GetUILanguageInfo
- kernelbase.dll.GetUserPreferredUILanguages
- kernelbase.dll.IsValidLocaleName
- kernelbase.dll.LCMapStringEx
- kernelbase.dll.LocaleNameToLCID
- kernelbase.dll.ResolveLocaleName
- kernelbase.dll.GetFileMUIInfo
- kernelbase.dll.GetEnvironmentStrings
- kernelbase.dll.GetEnvironmentVariableW
- kernelbase.dll.SearchPathW
- kernelbase.dll.SetStdHandleEx
- kernelbase.dll.ExpandEnvironmentStringsA
- kernelbase.dll.ExpandEnvironmentStringsW
- kernelbase.dll.FreeEnvironmentStringsA
- kernelbase.dll.FreeEnvironmentStringsW
- kernelbase.dll.GetCommandLineA
- kernelbase.dll.GetCommandLineW
- kernelbase.dll.GetCurrentDirectoryA
- kernelbase.dll.GetCurrentDirectoryW
- kernelbase.dll.GetEnvironmentStringsW
- kernelbase.dll.SetEnvironmentStringsW
- kernelbase.dll.GetEnvironmentVariableA
- kernelbase.dll.GetStdHandle
- kernelbase.dll.SetCurrentDirectoryA
- kernelbase.dll.SetCurrentDirectoryW
- kernelbase.dll.SetEnvironmentVariableA
- kernelbase.dll.SetEnvironmentVariableW
- kernelbase.dll.SetStdHandle
- kernelbase.dll.GetStringTypeW
- kernelbase.dll.GetStringTypeExW
- kernelbase.dll.FoldStringW
- kernelbase.dll.CompareStringW
- kernelbase.dll.WideCharToMultiByte
- kernelbase.dll.CompareStringOrdinal
- kernelbase.dll.CompareStringEx
- kernelbase.dll.MultiByteToWideChar
- kernelbase.dll.DebugBreak
- kernelbase.dll.OutputDebugStringA
- kernelbase.dll.OutputDebugStringW
- kernelbase.dll.IsDebuggerPresent
- kernelbase.dll.GetLastError
- kernelbase.dll.GetErrorMode
- kernelbase.dll.RaiseException
- kernelbase.dll.SetErrorMode
- kernelbase.dll.SetLastError
- kernelbase.dll.FlsAlloc
- kernelbase.dll.FlsFree
- kernelbase.dll.FlsGetValue
- kernelbase.dll.FlsSetValue
- kernelbase.dll.Beep
- kernelbase.dll.QueryPerformanceFrequency
- kernelbase.dll.QueryPerformanceCounter
- kernelbase.dll.AllocateAndInitializeSid
- kernelbase.dll.FreeSid
- kernelbase.dll.DuplicateToken
- kernelbase.dll.AccessCheck
- ntdll.dll.wcstol
- ntdll.dll.RtlQueryInformationActiveActivationContext
- ntdll.dll.NtVdmControl
- ntdll.dll.RtlIsThreadWithinLoaderCallout
- ntdll.dll.RtlGetIntegerAtom
- ntdll.dll.RtlRetrieveNtUserPfn
- ntdll.dll.RtlInitializeNtUserPfn
- ntdll.dll._allshr
- ntdll.dll.NtCallbackReturn
- ntdll.dll._chkstk
- ntdll.dll.CsrCaptureMessageBuffer
- ntdll.dll.RtlRunDecodeUnicodeString
- ntdll.dll.RtlRunEncodeUnicodeString
- ntdll.dll.RtlGetThreadLangIdByIndex
- ntdll.dll.sscanf_s
- ntdll.dll.strrchr
- ntdll.dll.wcsncat_s
- ntdll.dll.RtlCheckRegistryKey
- ntdll.dll.LdrFlushAlternateResourceModules
- ntdll.dll.iswspace
- ntdll.dll._wtoi
- ntdll.dll._aulldvrm
- ntdll.dll.NlsAnsiCodePage
- gdi32.dll.GetClipRgn
- gdi32.dll.ExtSelectClipRgn
- gdi32.dll.GetHFONT
- gdi32.dll.GetMapMode
- gdi32.dll.SetGraphicsMode
- gdi32.dll.GetClipBox
- gdi32.dll.CreateRectRgn
- gdi32.dll.CreateRectRgnIndirect
- gdi32.dll.SetLayout
- gdi32.dll.GetBoundsRect
- gdi32.dll.ExcludeClipRect
- gdi32.dll.PlayEnhMetaFile
- gdi32.dll.Ellipse
- gdi32.dll.CreateEllipticRgn
- gdi32.dll.GdiFixUpHandle
- gdi32.dll.CreatePen
- gdi32.dll.Rectangle
- gdi32.dll.GetTextCharacterExtra
- gdi32.dll.SetTextCharacterExtra
- gdi32.dll.GetCurrentObject
- gdi32.dll.GetViewportOrgEx
- gdi32.dll.SetViewportOrgEx
- gdi32.dll.PolyPatBlt
- gdi32.dll.CreateBrushIndirect
- gdi32.dll.SetBoundsRect
- gdi32.dll.CopyEnhMetaFileW
- gdi32.dll.CopyMetaFileW
- gdi32.dll.GetPaletteEntries
- gdi32.dll.CreatePalette
- gdi32.dll.SetPaletteEntries
- gdi32.dll.GetPixel
- gdi32.dll.ExtTextOutA
- gdi32.dll.GetTextCharsetInfo
- gdi32.dll.QueryFontAssocStatus
- gdi32.dll.GetCharWidthInfo
- gdi32.dll.GetCharWidthA
- gdi32.dll.GetTextFaceW
- gdi32.dll.GetCharABCWidthsA
- gdi32.dll.GetCharABCWidthsW
- gdi32.dll.SetBrushOrgEx
- gdi32.dll.CreateFontIndirectW
- gdi32.dll.EnumFontsW
- gdi32.dll.GetTextFaceAliasW
- gdi32.dll.GetTextMetricsW
- gdi32.dll.GetTextColor
- gdi32.dll.GdiGetCodePage
- gdi32.dll.GetTextCharset
- gdi32.dll.GetBkMode
- gdi32.dll.GetViewportExtEx
- gdi32.dll.GetWindowExtEx
- gdi32.dll.GdiGetCharDimensions
- gdi32.dll.GdiPrinterThunk
- gdi32.dll.GdiLoadType1Fonts
- gdi32.dll.GdiAddFontResourceW
- gdi32.dll.TranslateCharsetInfo
- gdi32.dll.SaveDC
- gdi32.dll.OffsetWindowOrgEx
- gdi32.dll.RestoreDC
- gdi32.dll.ExtTextOutW
- gdi32.dll.GetDIBits
- gdi32.dll.CreateDIBSection
- gdi32.dll.SetStretchBltMode
- gdi32.dll.SelectPalette
- gdi32.dll.RealizePalette
- gdi32.dll.SetDIBits
- gdi32.dll.CreateDCW
- gdi32.dll.CreateDIBitmap
- gdi32.dll.CreateCompatibleBitmap
- gdi32.dll.SetBitmapBits
- gdi32.dll.DeleteDC
- gdi32.dll.GdiValidateHandle
- gdi32.dll.GdiDllInitialize
- gdi32.dll.GdiProcessSetup
- gdi32.dll.GetStockObject
- gdi32.dll.CreateSolidBrush
- gdi32.dll.CreateCompatibleDC
- gdi32.dll.GdiConvertBitmapV5
- gdi32.dll.GdiCreateLocalEnhMetaFile
- gdi32.dll.GdiCreateLocalMetaFilePict
- gdi32.dll.GetRgnBox
- gdi32.dll.CombineRgn
- gdi32.dll.OffsetRgn
- gdi32.dll.MirrorRgn
- gdi32.dll.EnableEUDC
- gdi32.dll.GdiConvertToDevmodeW
- gdi32.dll.GetTextExtentPointA
- gdi32.dll.GetTextExtentPointW
- gdi32.dll.CreateBitmap
- gdi32.dll.SetTextAlign
- gdi32.dll.GetTextAlign
- gdi32.dll.IntersectClipRect
- gdi32.dll.SelectObject
- gdi32.dll.SetBkMode
- gdi32.dll.GetBkColor
- gdi32.dll.GetObjectW
- gdi32.dll.SetTextColor
- gdi32.dll.SetBkColor
- gdi32.dll.GetLayout
- gdi32.dll.StretchDIBits
- gdi32.dll.GetDeviceCaps
- gdi32.dll.GetDIBColorTable
- gdi32.dll.GdiGetBitmapBitsSize
- gdi32.dll.DeleteObject
- gdi32.dll.DeleteMetaFile
- gdi32.dll.DeleteEnhMetaFile
- gdi32.dll.GdiConvertMetaFilePict
- gdi32.dll.GdiConvertEnhMetaFile
- gdi32.dll.GdiReleaseDC
- gdi32.dll.StretchBlt
- gdi32.dll.GetObjectType
- gdi32.dll.GdiConvertAndCheckDC
- gdi32.dll.SetRectRgn
- gdi32.dll.BitBlt
- gdi32.dll.TextOutW
- gdi32.dll.TextOutA
- gdi32.dll.PatBlt
- gdi32.dll.SetLayoutWidth
- kernel32.dll.GetLocaleInfoW
- kernel32.dll.SetUnhandledExceptionFilter
- kernel32.dll.UnhandledExceptionFilter
- kernel32.dll.TerminateProcess
- kernel32.dll.GetSystemTimeAsFileTime
- kernel32.dll.LoadLibraryExA
- kernel32.dll.InterlockedCompareExchange
- kernel32.dll.DelayLoadFailureHook
- kernel32.dll.GlobalAddAtomA
- kernel32.dll.GetModuleHandleA
- kernel32.dll.GetModuleFileNameA
- kernel32.dll.GlobalFindAtomA
- kernel32.dll.lstrlenA
- kernel32.dll.GetTickCount
- kernel32.dll.QueryPerformanceFrequency
- kernel32.dll.QueryPerformanceCounter
- kernel32.dll.LCMapStringW
- kernel32.dll.CreateFileMappingW
- kernel32.dll.MapViewOfFile
- kernel32.dll.GetFileSize
- kernel32.dll.UnmapViewOfFile
- kernel32.dll.WerpNotifyLoadStringResource
- kernel32.dll.GetSystemDefaultLangID
- kernel32.dll.RegQueryInfoKeyW
- kernel32.dll.RegEnumValueW
- kernel32.dll.RegOpenKeyExW
- kernel32.dll.RegQueryValueExW
- kernel32.dll.GetVersionExW
- kernel32.dll.IsDBCSLeadByte
- kernel32.dll.WerpNotifyUseStringResource
- kernel32.dll.GetCurrentProcessId
- kernel32.dll.ProcessIdToSessionId
- kernel32.dll.MulDiv
- kernel32.dll.GetThreadLocale
- kernel32.dll.FindFirstFileW
- kernel32.dll.FindNextFileW
- kernel32.dll.FindClose
- kernel32.dll.GetLogicalDrives
- kernel32.dll.lstrlenW
- kernel32.dll.SetCurrentDirectoryW
- kernel32.dll.GetCurrentDirectoryW
- kernel32.dll.ConvertDefaultLocale
- kernel32.dll.IsValidLocale
- kernel32.dll.GetAtomNameW
- kernel32.dll.GetAtomNameA
- kernel32.dll.AddAtomW
- kernel32.dll.AddAtomA
- kernel32.dll.GetSystemWindowsDirectoryW
- kernel32.dll.CreateProcessW
- kernel32.dll.EnumResourceNamesExW
- kernel32.dll.SetFileTime
- kernel32.dll.ReadFile
- kernel32.dll.CloseHandle
- kernel32.dll.FindResourceW
- kernel32.dll.CompareStringW
- kernel32.dll.GetCPInfo
- kernel32.dll.GetStringTypeA
- kernel32.dll.GetStringTypeW
- kernel32.dll.Sleep
- kernel32.dll.FoldStringW
- kernel32.dll.GlobalHandle
- kernel32.dll.CreateThread
- kernel32.dll.GetExitCodeThread
- kernel32.dll.ExitThread
- kernel32.dll.GetCurrentThread
- kernel32.dll.GetCurrentProcess
- kernel32.dll.GlobalAddAtomW
- kernel32.dll.LoadLibraryExW
- kernel32.dll.ExpandEnvironmentStringsW
- kernel32.dll.SearchPathW
- kernel32.dll.GetSystemDirectoryW
- kernel32.dll.IsDBCSLeadByteEx
- kernel32.dll.DisableThreadLibraryCalls
- kernel32.dll.FindResourceExA
- kernel32.dll.FindResourceExW
- kernel32.dll.LoadStringBaseExW
- kernel32.dll.LoadResource
- kernel32.dll.SizeofResource
- kernel32.dll.RegisterWaitForInputIdle
- kernel32.dll.QueryActCtxSettingsW
- kernel32.dll.GetModuleHandleW
- kernel32.dll.GetCurrentThreadId
- kernel32.dll.LoadAppInitDlls
- kernel32.dll.LocalSize
- kernel32.dll.LocalUnlock
- kernel32.dll.LocalLock
- kernel32.dll.LocalReAlloc
- kernel32.dll.GetACP
- kernel32.dll.InterlockedIncrement
- kernel32.dll.GetPrivateProfileStringW
- kernel32.dll.RegSetValueExW
- kernel32.dll.RegCloseKey
- kernel32.dll.RegCreateKeyExW
- kernel32.dll.RegDeleteKeyExW
- kernel32.dll.GetUserDefaultLCID
- kernel32.dll.GlobalUnlock
- kernel32.dll.GlobalLock
- kernel32.dll.GlobalSize
- kernel32.dll.LocalFree
- kernel32.dll.GlobalDeleteAtom
- kernel32.dll.LocalAlloc
- kernel32.dll.DeleteAtom
- kernel32.dll.FreeLibrary
- kernel32.dll.GetProcAddress
- kernel32.dll.LoadLibraryW
- kernel32.dll.InterlockedExchange
- kernel32.dll.GlobalGetAtomNameA
- kernel32.dll.GlobalGetAtomNameW
- kernel32.dll.GetModuleFileNameW
- kernel32.dll.GlobalFree
- kernel32.dll.InterlockedDecrement
- kernel32.dll.GlobalFlags
- kernel32.dll.WideCharToMultiByte
- kernel32.dll.GetLastError
- kernel32.dll.GetOEMCP
- kernel32.dll.GlobalReAlloc
- kernel32.dll.MultiByteToWideChar
- kernel32.dll.GlobalAlloc
- kernel32.dll.WaitForMultipleObjectsEx
- kernel32.dll.SetEvent
- kernel32.dll.CreateFileW
- kernel32.dll.lstrcmpiW
- kernel32.dll.WritePrivateProfileStringW
- kernel32.dll.GlobalFindAtomW
- kernel32.dll.SetLastError
- advapi32.dll.CheckTokenMembership
- msvcrt.dll.iswctype
- msvcrt.dll._wcstoui64
- msvcrt.dll._ftol2
- msvcrt.dll.tolower
- msvcrt.dll._ultow
- msvcrt.dll.wcstok
- msvcrt.dll.isalnum
- msvcrt.dll.isspace
- msvcrt.dll._errno
- msvcrt.dll.mbstowcs
- msvcrt.dll._except_handler4_common
- msvcrt.dll.wcschr
- msvcrt.dll.wcsrchr
- msvcrt.dll.memset
- msvcrt.dll.memmove
- msvcrt.dll._wcsicmp
- msvcrt.dll._vsnwprintf
- msvcrt.dll.memcpy
- msvcrt.dll.wcscpy_s
- msvcrt.dll._stricmp
- msvcrt.dll.strchr
- msvcrt.dll.strrchr
- msvcrt.dll.strstr
- msvcrt.dll._vsnprintf
- msvcrt.dll.wcstombs
- msvcrt.dll.wcsstr
- msvcrt.dll.swprintf_s
- msvcrt.dll.wcsncpy_s
- msvcrt.dll.wcsncmp
- msvcrt.dll.swscanf_s
- msvcrt.dll._wcsnicmp
- msvcrt.dll.wcstoul
- msvcrt.dll.wcscat_s
- ntdll.dll.EtwEventWriteEx
- ntdll.dll.NtQuerySystemTime
- ntdll.dll.RtlGetNtProductType
- ntdll.dll.RtlIsValidIndexHandle
- ntdll.dll.NtCompareTokens
- ntdll.dll.RtlEnumerateGenericTableWithoutSplaying
- ntdll.dll.RtlIsGenericTableEmpty
- ntdll.dll.RtlDuplicateUnicodeString
- ntdll.dll.RtlDeleteElementGenericTable
- ntdll.dll.RtlInsertElementGenericTable
- ntdll.dll.RtlDestroyHandleTable
- ntdll.dll.RtlStringFromGUID
- ntdll.dll.RtlInitializeGenericTable
- ntdll.dll.RtlLookupElementGenericTable
- ntdll.dll.RtlNumberGenericTableElements
- ntdll.dll.RtlDllShutdownInProgress
- ntdll.dll.RtlRegisterThreadWithCsrss
- ntdll.dll.NtTraceControl
- ntdll.dll.EtwSendNotification
- ntdll.dll.EtwDeliverDataBlock
- ntdll.dll.EtwEnumerateProcessRegGuids
- ntdll.dll.RtlQueryTimeZoneInformation
- ntdll.dll.RtlQueryPerformanceFrequency
- ntdll.dll.EtwpGetCpuSpeed
- ntdll.dll.NtQueryPerformanceCounter
- ntdll.dll.RtlInitializeBitMap
- ntdll.dll.RtlInterlockedClearBitRun
- ntdll.dll.NtTraceEvent
- ntdll.dll.RtlAdjustPrivilege
- ntdll.dll.EtwProcessPrivateLoggerRequest
- ntdll.dll.RtlIpv4AddressToStringW
- ntdll.dll.RtlIpv6AddressToStringW
- ntdll.dll.NtRenameKey
- ntdll.dll.NtLoadKeyEx
- ntdll.dll.RtlCopyString
- ntdll.dll.RtlTimeToSecondsSince1970
- ntdll.dll.NtQueryMutant
- ntdll.dll.NtAlpcQueryInformation
- ntdll.dll.NtReplaceKey
- ntdll.dll.NtSaveKey
- ntdll.dll.NtSaveMergedKeys
- ntdll.dll.EtwLogTraceEvent
- sechost.dll.RegisterServiceCtrlHandlerExW
- sechost.dll.StartServiceCtrlDispatcherW
- sechost.dll.SetServiceStatus
- sechost.dll.I_ScRpcBindW
- sechost.dll.StartServiceCtrlDispatcherA
- sechost.dll.StartServiceA
- sechost.dll.RegisterServiceCtrlHandlerW
- sechost.dll.RegisterServiceCtrlHandlerExA
- sechost.dll.RegisterServiceCtrlHandlerA
- sechost.dll.QueryServiceStatus
- sechost.dll.QueryServiceConfigA
- sechost.dll.QueryServiceConfig2A
- sechost.dll.OpenServiceA
- sechost.dll.OpenSCManagerA
- sechost.dll.NotifyServiceStatusChangeA
- sechost.dll.CreateServiceA
- sechost.dll.ControlServiceExA
- sechost.dll.ControlService
- sechost.dll.ChangeServiceConfigA
- sechost.dll.ChangeServiceConfig2A
- sechost.dll.I_ScRpcBindA
- sechost.dll.ControlServiceExW
- sechost.dll.OpenSCManagerW
- sechost.dll.OpenServiceW
- sechost.dll.CreateServiceW
- sechost.dll.DeleteService
- sechost.dll.CloseServiceHandle
- sechost.dll.StartServiceW
- sechost.dll.QueryServiceConfig2W
- sechost.dll.NotifyServiceStatusChangeW
- sechost.dll.ChangeServiceConfig2W
- sechost.dll.ChangeServiceConfigW
- sechost.dll.QueryServiceConfigW
- sechost.dll.QueryServiceObjectSecurity
- sechost.dll.QueryServiceStatusEx
- sechost.dll.SetServiceObjectSecurity
- kernel32.dll.RegSaveKeyExW
- kernel32.dll.RegNotifyChangeKeyValue
- kernel32.dll.RegQueryInfoKeyA
- kernel32.dll.RegQueryValueExA
- kernel32.dll.RegLoadMUIStringA
- kernel32.dll.RegSaveKeyExA
- kernel32.dll.RegGetKeySecurity
- kernel32.dll.RegSetKeySecurity
- kernel32.dll.RegRestoreKeyA
- kernel32.dll.RegRestoreKeyW
- kernel32.dll.RegLoadKeyA
- kernel32.dll.RegLoadKeyW
- kernel32.dll.RegDeleteKeyExA
- kernel32.dll.RegDeleteValueA
- kernel32.dll.RegDeleteValueW
- kernel32.dll.RegEnumKeyExA
- kernel32.dll.RegEnumKeyExW
- kernel32.dll.RegEnumValueA
- kernel32.dll.RegGetValueA
- kernel32.dll.RegGetValueW
- kernel32.dll.RegCreateKeyExA
- kernel32.dll.RegFlushKey
- kernel32.dll.RegOpenCurrentUser
- kernel32.dll.RegOpenKeyExA
- kernel32.dll.RegDisablePredefinedCacheEx
- kernel32.dll.RegLoadMUIStringW
- kernel32.dll.RegOpenUserClassesRoot
- kernel32.dll.RegSetValueExA
- kernel32.dll.RegUnLoadKeyA
- kernel32.dll.RegUnLoadKeyW
- kernel32.dll.RegDeleteTreeW
- kernel32.dll.RegDeleteTreeA
- kernelbase.dll.ImpersonateNamedPipeClient
- kernel32.dll.GetPriorityClass
- kernel32.dll.OpenThread
- kernel32.dll.SetThreadToken
- kernel32.dll.OpenThreadToken
- kernel32.dll.OpenProcessToken
- kernel32.dll.CreateProcessAsUserW
- kernel32.dll.GetProcessId
- kernelbase.dll.GetSidLengthRequired
- kernelbase.dll.GetSidSubAuthority
- kernelbase.dll.GetSidSubAuthorityCount
- kernelbase.dll.GetWindowsAccountDomainSid
- kernelbase.dll.ImpersonateAnonymousToken
- kernelbase.dll.ImpersonateLoggedOnUser
- kernelbase.dll.ImpersonateSelf
- kernelbase.dll.InitializeAcl
- kernelbase.dll.InitializeSecurityDescriptor
- kernelbase.dll.InitializeSid
- kernelbase.dll.IsTokenRestricted
- kernelbase.dll.IsValidAcl
- kernelbase.dll.IsValidRelativeSecurityDescriptor
- kernelbase.dll.IsValidSecurityDescriptor
- kernelbase.dll.IsWellKnownSid
- kernelbase.dll.MakeAbsoluteSD
- kernelbase.dll.MakeAbsoluteSD2
- kernelbase.dll.GetSidIdentifierAuthority
- kernelbase.dll.MapGenericMask
- kernelbase.dll.PrivilegeCheck
- kernelbase.dll.QuerySecurityAccessMask
- kernelbase.dll.RevertToSelf
- kernelbase.dll.SetAclInformation
- kernelbase.dll.SetKernelObjectSecurity
- kernelbase.dll.SetPrivateObjectSecurity
- kernelbase.dll.SetPrivateObjectSecurityEx
- kernelbase.dll.EqualDomainSid
- kernelbase.dll.SetSecurityAccessMask
- kernelbase.dll.SetSecurityDescriptorControl
- kernelbase.dll.SetSecurityDescriptorDacl
- kernelbase.dll.SetSecurityDescriptorGroup
- kernelbase.dll.SetSecurityDescriptorOwner
- kernelbase.dll.SetSecurityDescriptorRMControl
- kernelbase.dll.SetSecurityDescriptorSacl
- kernelbase.dll.SetTokenInformation
- kernelbase.dll.GetSecurityDescriptorSacl
- kernelbase.dll.GetSecurityDescriptorRMControl
- kernelbase.dll.GetSecurityDescriptorOwner
- kernelbase.dll.GetSecurityDescriptorLength
- kernelbase.dll.GetSecurityDescriptorGroup
- kernelbase.dll.GetSecurityDescriptorDacl
- kernelbase.dll.GetSecurityDescriptorControl
- kernelbase.dll.GetPrivateObjectSecurity
- kernelbase.dll.GetLengthSid
- kernelbase.dll.GetKernelObjectSecurity
- kernelbase.dll.GetAclInformation
- kernelbase.dll.GetAce
- kernelbase.dll.FindFirstFreeAce
- kernelbase.dll.MakeSelfRelativeSD
- kernelbase.dll.EqualSid
- kernelbase.dll.IsValidSid
- kernelbase.dll.AccessCheckAndAuditAlarmW
- kernelbase.dll.AccessCheckByTypeAndAuditAlarmW
- kernelbase.dll.AccessCheckByTypeResultListAndAuditAlarmW
- kernelbase.dll.AccessCheckByTypeResultListAndAuditAlarmByHandleW
- kernelbase.dll.ObjectOpenAuditAlarmW
- kernelbase.dll.ObjectPrivilegeAuditAlarmW
- kernelbase.dll.ObjectCloseAuditAlarmW
- kernelbase.dll.ObjectDeleteAuditAlarmW
- kernelbase.dll.PrivilegedServiceAuditAlarmW
- kernelbase.dll.SetFileSecurityW
- kernelbase.dll.GetFileSecurityW
- kernelbase.dll.CopySid
- kernelbase.dll.GetTokenInformation
- kernelbase.dll.AccessCheckByType
- kernelbase.dll.AccessCheckByTypeResultList
- kernelbase.dll.AddAccessAllowedAce
- kernelbase.dll.AddAccessAllowedAceEx
- kernelbase.dll.AddAccessAllowedObjectAce
- kernelbase.dll.AddAccessDeniedAce
- kernelbase.dll.AddAccessDeniedAceEx
- kernelbase.dll.AddAccessDeniedObjectAce
- kernelbase.dll.AddAce
- kernelbase.dll.AddAuditAccessAce
- kernelbase.dll.AddAuditAccessAceEx
- kernelbase.dll.AddAuditAccessObjectAce
- kernelbase.dll.AdjustTokenGroups
- kernelbase.dll.AdjustTokenPrivileges
- kernelbase.dll.AllocateLocallyUniqueId
- kernelbase.dll.AreAllAccessesGranted
- kernelbase.dll.AreAnyAccessesGranted
- kernelbase.dll.CheckTokenMembership
- kernelbase.dll.ConvertToAutoInheritPrivateObjectSecurity
- kernelbase.dll.CreatePrivateObjectSecurity
- kernelbase.dll.CreatePrivateObjectSecurityEx
- kernelbase.dll.CreatePrivateObjectSecurityWithMultipleInheritance
- kernelbase.dll.CreateRestrictedToken
- kernelbase.dll.CreateWellKnownSid
- kernelbase.dll.DeleteAce
- kernelbase.dll.DestroyPrivateObjectSecurity
- kernelbase.dll.DuplicateTokenEx
- kernelbase.dll.EqualPrefixSid
- kernel32.dll.VirtualAllocEx
- kernel32.dll.VirtualFree
- kernel32.dll.OpenProcess
- kernel32.dll.GlobalMemoryStatusEx
- kernel32.dll.GetActiveProcessorCount
- kernel32.dll.GetSystemInfo
- kernel32.dll.DeviceIoControl
- kernel32.dll.GetVolumeInformationW
- kernel32.dll.GetDriveTypeW
- kernel32.dll.GetLogicalDriveStringsW
- kernel32.dll.ReleaseMutex
- kernel32.dll.HeapSize
- kernel32.dll.GetComputerNameW
- kernel32.dll.ExpandEnvironmentStringsA
- kernel32.dll.RegKrnInitialize
- kernel32.dll.GetComputerNameA
- kernel32.dll.DuplicateHandle
- kernel32.dll.CreateMutexW
- kernel32.dll.ReadProcessMemory
- kernel32.dll.FreeLibraryAndExitThread
- kernel32.dll.IsWow64Process
- kernel32.dll.GetPrivateProfileIntW
- kernel32.dll.ResetEvent
- kernel32.dll.HeapReAlloc
- kernel32.dll.GetSystemTime
- kernel32.dll.CreateMutexA
- kernel32.dll.InitializeCriticalSection
- kernel32.dll.Wow64RevertWow64FsRedirection
- kernel32.dll.LockResource
- kernel32.dll.Wow64DisableWow64FsRedirection
- kernel32.dll.DosDateTimeToFileTime
- kernel32.dll.FileTimeToDosDateTime
- kernel32.dll.GetFileTime
- kernel32.dll.SetErrorMode
- kernel32.dll.FindFirstFileExW
- kernel32.dll.SetFileInformationByHandle
- kernel32.dll.CopyFileW
- kernel32.dll.lstrcmpiA
- kernel32.dll.GetFileSizeEx
- kernel32.dll.GetComputerNameExW
- kernel32.dll.LoadLibraryA
- kernel32.dll.CreateProcessInternalA
- kernel32.dll.LeaveCriticalSection
- kernel32.dll.EnterCriticalSection
- kernel32.dll.RegKrnGetGlobalState
- kernel32.dll.SleepEx
- kernel32.dll.HeapAlloc
- kernel32.dll.GetProcessHeap
- kernel32.dll.GetFullPathNameW
- kernel32.dll.HeapFree
- kernel32.dll.GetFileAttributesW
- kernel32.dll.CreateEventW
- kernel32.dll.GetThreadUILanguage
- kernel32.dll.GetCommandLineW
- kernel32.dll.lstrcmpW
- kernel32.dll.GetModuleHandleExW
- kernel32.dll.WriteFile
- kernel32.dll.MoveFileW
- kernel32.dll.DeleteFileW
- kernel32.dll.GetFileAttributesExW
- kernel32.dll.SetFilePointer
- kernel32.dll.OutputDebugStringW
- kernel32.dll.GetLocalTime
- kernel32.dll.FormatMessageW
- kernel32.dll.CompareFileTime
- kernel32.dll.GetLongPathNameW
- kernel32.dll.GetVolumePathNameW
- kernel32.dll.DeleteCriticalSection
- kernel32.dll.WaitForSingleObject
- kernel32.dll.GetFileMUIPath
- kernel32.dll.VirtualFreeEx
- kernel32.dll.GetDiskFreeSpaceExW
- kernel32.dll.GetFullPathNameA
- kernel32.dll.GetOverlappedResult
- rpcrt4.dll.RpcBindingCreateW
- rpcrt4.dll.UuidCreate
- rpcrt4.dll.RpcBindingSetAuthInfoA
- rpcrt4.dll.RpcEpResolveBinding
- rpcrt4.dll.I_RpcSNCHOption
- rpcrt4.dll.UuidFromStringW
- rpcrt4.dll.UuidToStringW
- rpcrt4.dll.RpcExceptionFilter
- rpcrt4.dll.RpcBindingSetAuthInfoW
- rpcrt4.dll.RpcSsDestroyClientContext
- rpcrt4.dll.I_RpcMapWin32Status
- rpcrt4.dll.I_RpcExceptionFilter
- rpcrt4.dll.NdrClientCall2
- rpcrt4.dll.RpcBindingSetAuthInfoExW
- rpcrt4.dll.RpcStringBindingComposeW
- rpcrt4.dll.RpcBindingFromStringBindingW
- rpcrt4.dll.RpcStringFreeW
- rpcrt4.dll.RpcBindingFree
- rpcrt4.dll.RpcBindingSetAuthInfoExA
- rpcrt4.dll.RpcRaiseException
- rpcrt4.dll.RpcBindingBind
- msvcrt.dll.qsort
- msvcrt.dll.gmtime
- msvcrt.dll.iswdigit
- msvcrt.dll.free
- msvcrt.dll.malloc
- msvcrt.dll._wtoi
- msvcrt.dll._XcptFilter
- msvcrt.dll._initterm
- msvcrt.dll._amsg_exit
- ntdll.dll.RtlIpv4AddressToStringA
- ntdll.dll.RtlIpv6StringToAddressA
- ntdll.dll.RtlIpv4StringToAddressA
- ntdll.dll.RtlIpv6StringToAddressExW
- ntdll.dll.RtlIpv4StringToAddressExW
- nsi.dll.NsiSetAllPersistentParametersWithMask
- nsi.dll.NsiCancelChangeNotification
- nsi.dll.NsiRequestChangeNotification
- nsi.dll.NsiSetAllParameters
- nsi.dll.NsiGetParameter
- nsi.dll.NsiSetParameter
- nsi.dll.NsiEnumerateObjectsAllParameters
- nsi.dll.NsiAllocateAndGetTable
- nsi.dll.NsiGetAllParameters
- nsi.dll.NsiFreeTable
- winnsi.dll.NsiConnectToServer
- winnsi.dll.NsiRpcRegisterChangeNotification
- winnsi.dll.NsiRpcDeregisterChangeNotification
- winnsi.dll.NsiRpcGetParameter
- winnsi.dll.NsiDisconnectFromServer
- rpcrt4.dll.NdrAsyncServerCall
- rpcrt4.dll.RpcServerUnregisterIf
- rpcrt4.dll.RpcServerUseProtseqEpW
- rpcrt4.dll.RpcServerRegisterIf2
- rpcrt4.dll.RpcServerInqCallAttributesW
- rpcrt4.dll.RpcBindingUnbind
- rpcrt4.dll.RpcAsyncCompleteCall
- kernelbase.dll.HeapFree
- kernelbase.dll.HeapReAlloc
- kernelbase.dll.HeapAlloc
- kernelbase.dll.InterlockedIncrement
- kernelbase.dll.InterlockedCompareExchange
- kernelbase.dll.InterlockedExchangeAdd
- kernelbase.dll.InterlockedExchange
- kernelbase.dll.InterlockedDecrement
- kernel32.dll.QueueUserAPC
- kernelbase.dll.GetSystemDirectoryW
- mscoree.dll._CorExeMain
- msvcrt.dll.strncpy
- iphlpapi.dll.GetInterfaceInfo
- psapi.dll.GetMappedFileNameW
- user32.dll.GetWindow
- advapi32.dll.RegDeleteKeyA
- shell32.dll.SHGetFolderPathW
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsFree
- kernel32.dll.FlsGetValue
- kernel32.dll.FlsSetValue
- kernel32.dll.InitializeCriticalSectionEx
- kernel32.dll.CreateEventExW
- kernel32.dll.CreateSemaphoreExW
- kernel32.dll.SetThreadStackGuarantee
- kernel32.dll.CreateThreadpoolTimer
- kernel32.dll.SetThreadpoolTimer
- kernel32.dll.WaitForThreadpoolTimerCallbacks
- kernel32.dll.CloseThreadpoolTimer
- kernel32.dll.CreateThreadpoolWait
- kernel32.dll.SetThreadpoolWait
- kernel32.dll.CloseThreadpoolWait
- kernel32.dll.FlushProcessWriteBuffers
- kernel32.dll.FreeLibraryWhenCallbackReturns
- kernel32.dll.GetCurrentProcessorNumber
- kernel32.dll.GetLogicalProcessorInformation
- kernel32.dll.CreateSymbolicLinkW
- kernel32.dll.EnumSystemLocalesEx
- kernel32.dll.CompareStringEx
- kernel32.dll.GetDateFormatEx
- kernel32.dll.GetLocaleInfoEx
- kernel32.dll.GetTimeFormatEx
- kernel32.dll.GetUserDefaultLocaleName
- kernel32.dll.IsValidLocaleName
- kernel32.dll.LCMapStringEx
- kernel32.dll.GetTickCount64
- kernel32.dll.AcquireSRWLockExclusive
- kernel32.dll.ReleaseSRWLockExclusive
- advapi32.dll.EventRegister
- mscoree.dll.#142
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegQueryValueExW
- advapi32.dll.RegCloseKey
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- cryptbase.dll.SystemFunction036