魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2019-01-21 22:56:07 | 2019-01-21 22:56:59 | 52 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-hpdapp01-1 | win7-sp1-x64-hpdapp01-1 | KVM | 2019-01-21 22:56:13 | 2019-01-21 22:57:01 |
| 魔盾分数 |
|---|
10.0恶意的 |
文件详细信息
| 文件名 | 雷电过检测1.22.exe |
|---|---|
| 文件大小 | 2932736 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| CRC32 | B2E4CE52 |
| MD5 | 65f2c1e945feaade31a4a22a058be389 |
| SHA1 | 07820c6867a33412a06241ef1f20c302874a40b5 |
| SHA256 | 22164e8ff90b13978d7d45fa84c1d9d56ec9af95ca7ef47f2dcfa25a0205e527 |
| SHA512 | a6e24daac8af8575482f7cb1f48c68b8a5474f96351d8dfc72f94dfb4a2c5940947d96374dc27089a583bcdf0a43c4c348988cce7e5c604bf3266bc147c6132b |
| Ssdeep | 49152:RY1hcjArKqRRdWCJTxUVfsK0qdjNuE4EUA6/0Ev8eZp3s4NGBBn:u1hcgX3TxUN2EjmA6ZVz41 |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal | VirusTotal查询失败 |
特征
创建RWX内存
二进制文件可能包含加密或压缩数据
section: name: .text, entropy: 8.00, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x0015e000, virtual_size: 0x002c9000
section: name: .sedata, entropy: 7.12, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00140000, virtual_size: 0x00140000
section: name: .sedata, entropy: 7.98, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00001000, virtual_size: 0x00001000
从文件自身的二进制镜像中读取数据
self_read: process: _______________1.22.exe, pid: 2448, offset: 0x00000000, length: 0x00000040
self_read: process: _______________1.22.exe, pid: 2448, offset: 0x000000f8, length: 0x00000020
self_read: process: _______________1.22.exe, pid: 2448, offset: 0x0000017b, length: 0x00080000
建立TCP连接到一个外部IP地址的非标准端口
异常的二进制特征
anomaly: Found duplicated section names
查询磁盘信息,可能被用来实现反虚拟机
尝试断开连接或更改沙箱进程监控的Windows功能
unhook: function_name: SetWindowLongA, type: modification
unhook: function_name: SetWindowLongW, type: modification
魔盾安全Yara规则检测结果 - 高危
Informational: Detected Entropy signature
Informational: Detected Overlay signature
Informational: Detected Taggant Signature
Informational: Detected Rich Signature
Informational: Create a new process
Warning: Detected take screenshot function
Warning: Run a keylogger
Warning: Affect system registries
Warning: Affect private profile
Warning: Affect hook table
Critical: Detects malicious behaviors from a small size app
Informational: Detected no presence of any attachment
Critical: maldoc_find_kernel32_base_method_1
Critical: maldoc_getEIP_method_1
Informational: Detected no presence of any image
Informational: Detected the presence of an or several urls
Informational: Looks for big numbers 32:sized
Warning: Look for RijnDael AES
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 是 | 119.188.248.105 | China |
TCP连接
| IP地址 | 端口 |
|---|---|
| 119.188.248.105 | 2000 |
| 119.188.248.105 | 2000 |
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x008080ab |
| 声明校验值 | 0x002d302a |
| 实际校验值 | 0x002d302a |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2019-01-21 21:47:40 |
| 载入哈希 | 3058b37a38148500aac77a16e06b2d32 |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x002c9000 | 0x0015e000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 8.00 |
| .sedata | 0x002ca000 | 0x00140000 | 0x00140000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.12 |
| .idata | 0x0040a000 | 0x00001000 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.33 |
| .rsrc | 0x0040b000 | 0x00029000 | 0x00029000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.97 |
| .sedata | 0x00434000 | 0x00001000 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.98 |
覆盖
| 偏移量: | 0x002ca000 |
| 大小: | 0x00002000 |
导入
库 WINMM.dll:
• 0x80a2bd - midiStreamOut
库 WS2_32.dll:
• 0x80a2c9 - WSACleanup
库 KERNEL32.dll:
• 0x80a2d5 - GetSystemDirectoryA
库 USER32.dll:
• 0x80a2e1 - PeekMessageA
库 GDI32.dll:
• 0x80a2ed - ExtSelectClipRgn
库 WINSPOOL.DRV:
• 0x80a2f9 - OpenPrinterA
库 ADVAPI32.dll:
• 0x80a305 - RegQueryValueExA
库 SHELL32.dll:
• 0x80a311 - ShellExecuteA
库 ole32.dll:
• 0x80a31d - CLSIDFromProgID
库 OLEAUT32.dll:
• 0x80a329 - UnRegisterTypeLib
库 COMCTL32.dll:
• 0x80a335 - None
库 comdlg32.dll:
• 0x80a341 - ChooseColorA
库 MSVCRT.dll:
• 0x80a34d - strncpy
库 IPHLPAPI.DLL:
• 0x80a359 - GetInterfaceInfo
库 PSAPI.DLL:
• 0x80a365 - GetMappedFileNameW
投放文件
行为分析
互斥量(Mutexes)
- Local\MSCTF.Asm.MutexDefault1
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
_______________1.22.exe PID: 2448, 上一级进程 PID: 2296
访问的文件
- C:\Windows\SysWOW64\ntdll.dll
- C:\Windows\SysWOW64\KernelBase.dll
- C:\Windows\SysWOW64\kernel32.dll
- C:\Windows\SysWOW64\user32.dll
- C:\Windows\SysWOW64\advapi32.dll
- C:\Windows\SysWOW64\IPHLPAPI.DLL
- \Device\KsecDD
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Users\test\Desktop\\xe9\x9b\xb7\xe7\x94\xb5\xe6\xa8\xa1\xe6\x8b\x9f\xe5\x99\xa8.lnk
- C:\Users\test\Desktop\\xe9\x9b\xb7\xe7\x94\xb5\xe6\xa8\xa1\xe6\x8b\x9f\xe5\x99\xa82.0.lnk
- C:\Users\test\AppData\Local\Temp\\xe8\xbc\xabTw
- C:\Users\test\AppData\Local\Temp\_______________1.22.exe
- C:\Windows\Fonts\staticcache.dat
- C:\
- D:
- E:
- \??\PhysicalDrive0
- C:\tsz
- C:\Users\test\AppData\Local\Temp\imageres.dll
- C:\Windows\System32\imageres.dll
- C:\Windows\System32\zh-CN\imageres.dll.mui
- C:\Windows\sysnative\zh-CN\imageres.dll.mui
- C:\Windows\System32\zh-Hans\imageres.dll.mui
- C:\Windows\System32\zh\imageres.dll.mui
- C:\Windows\System32\en-US\imageres.dll.mui
读取的文件
- C:\Windows\SysWOW64\ntdll.dll
- C:\Windows\SysWOW64\KernelBase.dll
- C:\Windows\SysWOW64\kernel32.dll
- C:\Windows\SysWOW64\user32.dll
- C:\Windows\SysWOW64\advapi32.dll
- C:\Windows\SysWOW64\IPHLPAPI.DLL
- \Device\KsecDD
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Users\test\AppData\Local\Temp\\xe8\xbc\xabTw
- C:\Users\test\AppData\Local\Temp\_______________1.22.exe
- C:\Windows\Fonts\staticcache.dat
- C:\Windows\System32\imageres.dll
- C:\Windows\System32\zh-CN\imageres.dll.mui
- C:\Windows\sysnative\zh-CN\imageres.dll.mui
- C:\Windows\System32\zh-Hans\imageres.dll.mui
- C:\Windows\System32\zh\imageres.dll.mui
- C:\Windows\System32\en-US\imageres.dll.mui
修改的文件
无信息
删除的文件
无信息
注册表键
- HKEY_CURRENT_USER
- HKEY_CURRENT_USER\Software\ChangZhi\dnplayer
- HKEY_CURRENT_USER\Software\ChangZhi2\dnplayer
- HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\NetworkProvider\HwOrder
- HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\_______________1.22.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_CURRENT_USER\Keyboard Layout\Toggle
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot
- HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
- HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
读取的注册表键
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
修改的注册表键
- HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
- HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
删除的注册表键
无信息
API解析
- ntdll.dll.RtlUnicodeStringToAnsiString
- ntdll.dll.RtlAnsiStringToUnicodeString
- ntdll.dll._vsnwprintf
- ntdll.dll.memset
- ntdll.dll.RtlFreeAnsiString
- ntdll.dll.RtlFreeHeap
- ntdll.dll.RtlDeleteCriticalSection
- ntdll.dll.RtlInitializeCriticalSection
- ntdll.dll.RtlAllocateHeap
- ntdll.dll.CsrVerifyRegion
- ntdll.dll.RtlGetNativeSystemInformation
- ntdll.dll.NtQuerySystemInformation
- ntdll.dll.RtlCreateTagHeap
- ntdll.dll.NtQueryInformationProcess
- ntdll.dll.NtSetInformationProcess
- ntdll.dll.NtClose
- ntdll.dll.NtSetInformationFile
- ntdll.dll.NtCreateIoCompletion
- ntdll.dll.NtSetIoCompletion
- ntdll.dll.RtlSetLastWin32Error
- ntdll.dll.SbSelectProcedure
- ntdll.dll.NtRemoveIoCompletion
- ntdll.dll.RtlDeactivateActivationContextUnsafeFast
- ntdll.dll.NtRemoveIoCompletionEx
- ntdll.dll.RtlActivateActivationContextUnsafeFast
- ntdll.dll.NtCreateNamedPipeFile
- ntdll.dll.NtOpenFile
- ntdll.dll.NtWaitForSingleObject
- ntdll.dll.NtFsControlFile
- ntdll.dll.NtCreateEvent
- ntdll.dll.NtQueryInformationFile
- ntdll.dll._allmul
- ntdll.dll.RtlSetDaclSecurityDescriptor
- ntdll.dll.RtlCreateSecurityDescriptor
- ntdll.dll.RtlDefaultNpAcl
- ntdll.dll.RtlDosPathNameToNtPathName_U
- ntdll.dll.RtlAppendUnicodeStringToString
- ntdll.dll._wcsnicmp
- ntdll.dll.RtlPrefixString
- ntdll.dll.RtlInitUnicodeString
- ntdll.dll.RtlFreeUnicodeString
- ntdll.dll.RtlDetermineDosPathNameType_U
- ntdll.dll.RtlCreateUnicodeString
- ntdll.dll.memcpy
- ntdll.dll.NtDeviceIoControlFile
- ntdll.dll.NtCreateFile
- ntdll.dll.RtlTimeToTimeFields
- ntdll.dll.RtlTimeFieldsToTime
- ntdll.dll.RtlAcquirePrivilege
- ntdll.dll.RtlInitializeSRWLock
- ntdll.dll.RtlReleaseSRWLockExclusive
- ntdll.dll.RtlAcquireSRWLockExclusive
- ntdll.dll.RtlCutoverTimeToSystemTime
- ntdll.dll.RtlReleaseSRWLockShared
- ntdll.dll.RtlAcquireSRWLockShared
- ntdll.dll.RtlReleasePrivilege
- ntdll.dll.NtSetSystemTime
- ntdll.dll.RtlUnicodeStringToInteger
- ntdll.dll.wcschr
- ntdll.dll.wcscpy_s
- ntdll.dll.RtlpCheckDynamicTimeZoneInformation
- ntdll.dll._stricmp
- ntdll.dll._wcsicmp
- ntdll.dll.RtlDeregisterWaitEx
- ntdll.dll.RtlCreateTimerQueue
- ntdll.dll.NtDelayExecution
- ntdll.dll.RtlCreateTimer
- ntdll.dll.RtlUpdateTimer
- ntdll.dll.RtlDeleteTimer
- ntdll.dll.RtlDeleteTimerQueueEx
- ntdll.dll.RtlRegisterWait
- ntdll.dll.wcsrchr
- ntdll.dll.NtQueryValueKey
- ntdll.dll.NtOpenKey
- ntdll.dll.RtlxAnsiStringToUnicodeSize
- ntdll.dll.NlsMbCodePageTag
- ntdll.dll.RtlxOemStringToUnicodeSize
- ntdll.dll.NlsMbOemCodePageTag
- ntdll.dll.RtlxUnicodeStringToOemSize
- ntdll.dll.RtlxUnicodeStringToAnsiSize
- ntdll.dll.LdrEnumerateLoadedModules
- ntdll.dll.NtAllocateVirtualMemory
- ntdll.dll._alloca_probe
- ntdll.dll.RtlReleasePebLock
- ntdll.dll.RtlQueryEnvironmentVariable
- ntdll.dll.RtlAcquirePebLock
- ntdll.dll.RtlLeaveCriticalSection
- ntdll.dll.RtlEnterCriticalSection
- ntdll.dll.wcsncmp
- ntdll.dll.RtlUnicodeStringToOemString
- ntdll.dll.RtlOemStringToUnicodeString
- ntdll.dll.RtlRaiseException
- ntdll.dll.NtDuplicateObject
- ntdll.dll.NtQueryObject
- ntdll.dll.NtSetInformationObject
- ntdll.dll.NtQueryVolumeInformationFile
- ntdll.dll.NtLockFile
- ntdll.dll.NtUnlockFile
- ntdll.dll.RtlNtStatusToDosError
- ntdll.dll.NtReadFile
- ntdll.dll.NtWriteFile
- ntdll.dll.NtCancelIoFileEx
- ntdll.dll.NtReadFileScatter
- ntdll.dll.NtWriteFileGather
- ntdll.dll.RtlWow64EnableFsRedirectionEx
- ntdll.dll.memmove
- ntdll.dll.NtFlushBuffersFile
- ntdll.dll.NtCreateSection
- ntdll.dll.NtOpenSection
- ntdll.dll.NtMapViewOfSection
- ntdll.dll.NtFlushVirtualMemory
- ntdll.dll.RtlFlushSecureMemoryCache
- ntdll.dll.NtUnmapViewOfSection
- ntdll.dll.NtReadVirtualMemory
- ntdll.dll.NtFlushInstructionCache
- ntdll.dll.NtWriteVirtualMemory
- ntdll.dll.NtProtectVirtualMemory
- ntdll.dll.NtFreeVirtualMemory
- ntdll.dll.NtQueryVirtualMemory
- ntdll.dll.NtQuerySystemInformationEx
- ntdll.dll.RtlGetCurrentProcessorNumberEx
- ntdll.dll.NtOpenProcess
- ntdll.dll.RtlExitUserProcess
- ntdll.dll.NtTerminateProcess
- ntdll.dll.RtlReportSilentProcessExit
- ntdll.dll.NtRaiseHardError
- ntdll.dll.RtlRaiseStatus
- ntdll.dll.RtlInitUnicodeStringEx
- ntdll.dll.RtlQueryEnvironmentVariable_U
- ntdll.dll.strchr
- ntdll.dll.RtlInitAnsiStringEx
- ntdll.dll.RtlUpcaseUnicodeChar
- ntdll.dll.RtlEqualUnicodeString
- ntdll.dll.RtlCompareMemory
- ntdll.dll.NtQueryDirectoryObject
- ntdll.dll.NtQuerySymbolicLinkObject
- ntdll.dll.NtOpenSymbolicLinkObject
- ntdll.dll.NtOpenDirectoryObject
- ntdll.dll.RtlSetEnvironmentStrings
- ntdll.dll.RtlSetEnvironmentVariable
- ntdll.dll.RtlSetEnvironmentVar
- ntdll.dll.RtlExpandEnvironmentStrings
- ntdll.dll.RtlUnicodeToOemN
- ntdll.dll.RtlUnicodeToMultiByteSize
- ntdll.dll.RtlExpandEnvironmentStrings_U
- ntdll.dll.RtlInitializeCriticalSectionAndSpinCount
- ntdll.dll.RtlInitializeCriticalSectionEx
- ntdll.dll.NtSetEvent
- ntdll.dll.NtClearEvent
- ntdll.dll.NtPulseEvent
- ntdll.dll.NtCreateSemaphore
- ntdll.dll.NtReleaseSemaphore
- ntdll.dll.NtCreateMutant
- ntdll.dll.NtReleaseMutant
- ntdll.dll.NtCreateTimer
- ntdll.dll.NtSetTimerEx
- ntdll.dll.NtCancelTimer
- ntdll.dll.NtOpenEvent
- ntdll.dll.NtOpenSemaphore
- ntdll.dll.NtOpenMutant
- ntdll.dll.NtWaitForMultipleObjects
- ntdll.dll.NtOpenTimer
- ntdll.dll.RtlExitUserThread
- ntdll.dll.LdrUnloadAlternateResourceModule
- ntdll.dll.LdrRemoveLoadAsDataTable
- ntdll.dll.RtlImageNtHeader
- ntdll.dll.LdrUnloadDll
- ntdll.dll.LdrDisableThreadCalloutsForDll
- ntdll.dll.LdrUnlockLoaderLock
- ntdll.dll.LdrLockLoaderLock
- ntdll.dll.LdrGetDllHandle
- ntdll.dll.LdrAddRefDll
- ntdll.dll.RtlComputePrivatizedDllName_U
- ntdll.dll.RtlPcToFileHeader
- ntdll.dll.LdrGetProcedureAddress
- ntdll.dll.RtlInitString
- ntdll.dll.RtlGetVersion
- ntdll.dll.LdrAccessResource
- ntdll.dll.RtlReAllocateHeap
- ntdll.dll.LdrAddLoadAsDataTable
- ntdll.dll.RtlGetActiveActivationContext
- ntdll.dll.LdrWx86FormatVirtualImage
- ntdll.dll.NtQuerySection
- ntdll.dll.LdrGetDllHandleByMapping
- ntdll.dll.RtlImageNtHeaderEx
- ntdll.dll.RtlDosSearchPath_Ustr
- ntdll.dll.LdrGetDllHandleByName
- ntdll.dll.RtlDosApplyFileIsolationRedirection_Ustr
- ntdll.dll.LdrLoadDll
- ntdll.dll.LdrFindResource_U
- ntdll.dll.RtlFreeSid
- ntdll.dll.RtlSetSaclSecurityDescriptor
- ntdll.dll.RtlAddMandatoryAce
- ntdll.dll.RtlAddAccessAllowedAce
- ntdll.dll.RtlCreateAcl
- ntdll.dll.RtlLengthSid
- ntdll.dll.RtlAllocateAndInitializeSid
- ntdll.dll.DbgPrint
- ntdll.dll.NtOpenThread
- ntdll.dll.NtSetInformationThread
- ntdll.dll.NtQueryInformationThread
- ntdll.dll.NtTerminateThread
- ntdll.dll.TpCheckTerminateWorker
- ntdll.dll.RtlCaptureStackBackTrace
- ntdll.dll.NtSuspendThread
- ntdll.dll.NtResumeThread
- ntdll.dll.RtlClearBits
- ntdll.dll.RtlAreBitsSet
- ntdll.dll.NtQueueApcThread
- ntdll.dll.#8
- ntdll.dll.RtlQueryInformationActivationContext
- ntdll.dll.RtlFlsAlloc
- ntdll.dll.RtlProcessFlsData
- ntdll.dll.RtlFlsFree
- ntdll.dll.NtYieldExecution
- ntdll.dll.RtlFreeActivationContextStack
- ntdll.dll.RtlReleaseActivationContext
- ntdll.dll.RtlActivateActivationContextEx
- ntdll.dll.RtlAllocateActivationContextStack
- ntdll.dll.NtCreateThreadEx
- ntdll.dll.TpCaptureCaller
- ntdll.dll.RtlFindClearBitsAndSet
- ntdll.dll.RtlFormatMessageEx
- ntdll.dll.RtlInitAnsiString
- ntdll.dll.RtlFindMessage
- ntdll.dll.RtlLoadString
- ntdll.dll.RtlUnicodeToMultiByteN
- ntdll.dll.RtlUnlockHeap
- ntdll.dll.RtlFreeHandle
- ntdll.dll.RtlIsValidHandle
- ntdll.dll.RtlLockHeap
- ntdll.dll.RtlSetUserValueHeap
- ntdll.dll.RtlAllocateHandle
- ntdll.dll._aulldiv
- ntdll.dll.RtlCreateHeap
- ntdll.dll.RtlDestroyHeap
- ntdll.dll.RtlQueryHeapInformation
- ntdll.dll.RtlValidateHeap
- ntdll.dll.RtlGetProcessHeaps
- ntdll.dll.RtlCompactHeap
- ntdll.dll.RtlWalkHeap
- ntdll.dll.RtlSetHeapInformation
- ntdll.dll.RtlInitializeHandleTable
- ntdll.dll.RtlIsDosDeviceName_U
- ntdll.dll.RtlAnsiCharToUnicodeChar
- ntdll.dll.RtlIntegerToChar
- ntdll.dll.wcsncpy_s
- ntdll.dll.RtlGetCurrentDirectory_U
- ntdll.dll.RtlSetThreadErrorMode
- ntdll.dll.toupper
- ntdll.dll.RtlReleaseRelativeName
- ntdll.dll.RtlDosPathNameToRelativeNtPathName_U
- ntdll.dll.RtlDosPathNameToRelativeNtPathName_U_WithStatus
- ntdll.dll.NtQueryAttributesFile
- ntdll.dll.RtlDosPathNameToNtPathName_U_WithStatus
- ntdll.dll.NtQueryFullAttributesFile
- ntdll.dll.NtNotifyChangeDirectoryFile
- ntdll.dll.NtQueryDirectoryFile
- ntdll.dll.RtlGetFullPathName_UEx
- ntdll.dll.RtlSetCurrentDirectory_U
- ntdll.dll.#1
- ntdll.dll.NtQueryEaFile
- ntdll.dll.NtIsProcessInJob
- ntdll.dll.NtDuplicateToken
- ntdll.dll.NtAllocateLocallyUniqueId
- ntdll.dll.NtAccessCheck
- ntdll.dll.NtAccessCheckByType
- ntdll.dll.NtAccessCheckByTypeResultList
- ntdll.dll.NtOpenProcessToken
- ntdll.dll.NtOpenThreadToken
- ntdll.dll.NtQueryInformationToken
- ntdll.dll.NtSetInformationToken
- ntdll.dll.NtAdjustPrivilegesToken
- ntdll.dll.NtAdjustGroupsToken
- ntdll.dll.NtPrivilegeCheck
- ntdll.dll.NtAccessCheckAndAuditAlarm
- ntdll.dll.NtAccessCheckByTypeAndAuditAlarm
- ntdll.dll.NtAccessCheckByTypeResultListAndAuditAlarm
- ntdll.dll.NtAccessCheckByTypeResultListAndAuditAlarmByHandle
- ntdll.dll.NtOpenObjectAuditAlarm
- ntdll.dll.NtPrivilegeObjectAuditAlarm
- ntdll.dll.NtCloseObjectAuditAlarm
- ntdll.dll.NtDeleteObjectAuditAlarm
- ntdll.dll.NtPrivilegedServiceAuditAlarm
- ntdll.dll.RtlValidSid
- ntdll.dll.RtlEqualSid
- ntdll.dll.RtlEqualPrefixSid
- ntdll.dll.RtlLengthRequiredSid
- ntdll.dll.RtlInitializeSid
- ntdll.dll.RtlIdentifierAuthoritySid
- ntdll.dll.RtlSubAuthoritySid
- ntdll.dll.RtlSubAuthorityCountSid
- ntdll.dll.RtlCopySid
- ntdll.dll.RtlAreAllAccessesGranted
- ntdll.dll.RtlAreAnyAccessesGranted
- ntdll.dll.RtlMapGenericMask
- ntdll.dll.RtlValidAcl
- ntdll.dll.RtlQueryInformationAcl
- ntdll.dll.RtlSetInformationAcl
- ntdll.dll.RtlAddAce
- ntdll.dll.RtlDeleteAce
- ntdll.dll.RtlGetAce
- ntdll.dll.RtlAddAccessAllowedAceEx
- ntdll.dll.RtlAddAccessDeniedAce
- ntdll.dll.RtlAddAccessDeniedAceEx
- ntdll.dll.RtlAddAuditAccessAce
- ntdll.dll.RtlAddAuditAccessAceEx
- ntdll.dll.RtlAddAccessAllowedObjectAce
- ntdll.dll.RtlAddAccessDeniedObjectAce
- ntdll.dll.RtlAddAuditAccessObjectAce
- ntdll.dll.RtlFirstFreeAce
- ntdll.dll.RtlValidSecurityDescriptor
- ntdll.dll.RtlValidRelativeSecurityDescriptor
- ntdll.dll.RtlLengthSecurityDescriptor
- ntdll.dll.RtlGetControlSecurityDescriptor
- ntdll.dll.RtlSetControlSecurityDescriptor
- ntdll.dll.RtlGetDaclSecurityDescriptor
- ntdll.dll.RtlGetSaclSecurityDescriptor
- ntdll.dll.RtlSetOwnerSecurityDescriptor
- ntdll.dll.RtlGetOwnerSecurityDescriptor
- ntdll.dll.RtlSetGroupSecurityDescriptor
- ntdll.dll.RtlGetGroupSecurityDescriptor
- ntdll.dll.RtlNewSecurityObject
- ntdll.dll.RtlConvertToAutoInheritSecurityObject
- ntdll.dll.RtlNewSecurityObjectEx
- ntdll.dll.RtlNewSecurityObjectWithMultipleInheritance
- ntdll.dll.RtlSetSecurityObject
- ntdll.dll.RtlSetSecurityObjectEx
- ntdll.dll.RtlQuerySecurityObject
- ntdll.dll.RtlDeleteSecurityObject
- ntdll.dll.RtlAbsoluteToSelfRelativeSD
- ntdll.dll.RtlSelfRelativeToAbsoluteSD
- ntdll.dll.NtSetSecurityObject
- ntdll.dll.NtQuerySecurityObject
- ntdll.dll.RtlImpersonateSelf
- ntdll.dll.NtImpersonateAnonymousToken
- ntdll.dll.NtFilterToken
- ntdll.dll.RtlSelfRelativeToAbsoluteSD2
- ntdll.dll.RtlGetSecurityDescriptorRMControl
- ntdll.dll.RtlSetSecurityDescriptorRMControl
- ntdll.dll.CsrClientConnectToServer
- ntdll.dll.RtlUnhandledExceptionFilter
- ntdll.dll.RtlGetLocaleFileMappingAddress
- ntdll.dll.NtGetNlsSectionPtr
- ntdll.dll.RtlNormalizeString
- ntdll.dll.wcspbrk
- ntdll.dll.RtlLcidToLocaleName
- ntdll.dll.EtwEventUnregister
- ntdll.dll.EtwEventEnabled
- ntdll.dll.EtwEventRegister
- ntdll.dll.NtSetDefaultLocale
- ntdll.dll.RtlLocaleNameToLcid
- ntdll.dll.NtEnumerateValueKey
- ntdll.dll.RtlpMuiFreeLangRegistryInfo
- ntdll.dll.RtlCultureNameToLCID
- ntdll.dll.qsort
- ntdll.dll.RtlpIsQualifiedLanguage
- ntdll.dll.RtlpGetLCIDFromLangInfoNode
- ntdll.dll.RtlpGetNameFromLangInfoNode
- ntdll.dll.NtQueryInstallUILanguage
- ntdll.dll.RtlLCIDToCultureName
- ntdll.dll.RtlpLoadUserUIByPolicy
- ntdll.dll.RtlpLoadMachineUIByPolicy
- ntdll.dll.RtlpCreateProcessRegistryInfo
- ntdll.dll.RtlpInitializeLangRegistryInfo
- ntdll.dll.LdrFindResourceEx_U
- ntdll.dll.RtlGetFileMUIPath
- ntdll.dll.RtlGetUILanguageInfo
- ntdll.dll.RtlpGetSystemDefaultUILanguage
- ntdll.dll.RtlGetThreadPreferredUILanguages
- ntdll.dll.RtlGetProcessPreferredUILanguages
- ntdll.dll.RtlpQueryDefaultUILanguage
- ntdll.dll.RtlGetSystemPreferredUILanguages
- ntdll.dll.RtlGetUserPreferredUILanguages
- ntdll.dll.NtCreateKey
- ntdll.dll.NtSetValueKey
- ntdll.dll.NtDeleteKey
- ntdll.dll.NtEnumerateKey
- ntdll.dll.RtlIntegerToUnicodeString
- ntdll.dll.RtlAppendUnicodeToString
- ntdll.dll.RtlCopyUnicodeString
- ntdll.dll.EtwEventWrite
- ntdll.dll.RtlOpenCurrentUser
- ntdll.dll.NtQueryDefaultLocale
- ntdll.dll.NtNotifyChangeKey
- ntdll.dll.swprintf_s
- ntdll.dll.RtlUTF8ToUnicodeN
- ntdll.dll.RtlUnicodeToUTF8N
- ntdll.dll.NtDeleteValueKey
- ntdll.dll.RtlUnwind
- ntdll.dll.DbgPrintEx
- ntdll.dll.RtlSetLastWin32ErrorAndNtStatusFromNtStatus
- ntdll.dll.TpAllocPool
- ntdll.dll.TpSetPoolMinThreads
- ntdll.dll.TpSetPoolStackInformation
- ntdll.dll.TpQueryPoolStackInformation
- ntdll.dll.TpAllocCleanupGroup
- ntdll.dll.TpSimpleTryPost
- ntdll.dll.TpAllocWork
- ntdll.dll.TpAllocTimer
- ntdll.dll.TpAllocWait
- ntdll.dll.TpAllocIoCompletion
- ntdll.dll.TpCallbackMayRunLong
- ntdll.dll.NtQueryMultipleValueKey
- ntdll.dll.RtlCaptureContext
- ntdll.dll.RtlConvertSidToUnicodeString
- ntdll.dll.RtlRunOnceInitialize
- ntdll.dll.NtResetEvent
- ntdll.dll.strncat
- ntdll.dll._strlwr
- ntdll.dll.RtlpConvertCultureNamesToLCIDs
- ntdll.dll.RtlpConvertLCIDsToCultureNames
- ntdll.dll.RtlSetProcessPreferredUILanguages
- ntdll.dll.RtlIdnToUnicode
- ntdll.dll.RtlIdnToNameprepUnicode
- ntdll.dll.RtlIdnToAscii
- ntdll.dll.RtlIsNormalizedString
- ntdll.dll._ui64tow
- ntdll.dll._wtol
- ntdll.dll._wcslwr
- ntdll.dll.wcsncpy
- ntdll.dll.RtlReadThreadProfilingData
- ntdll.dll.RtlQueryThreadProfiling
- ntdll.dll.RtlDisableThreadProfiling
- ntdll.dll.RtlEnableThreadProfiling
- ntdll.dll.RtlSetExtendedFeaturesMask
- ntdll.dll.RtlGetExtendedFeaturesMask
- ntdll.dll.RtlLocateExtendedFeature
- ntdll.dll.RtlCopyContext
- ntdll.dll.RtlGetEnabledExtendedFeatures
- ntdll.dll.RtlGetExtendedContextLength
- ntdll.dll.RtlInitializeExtendedContext
- ntdll.dll.RtlLocateLegacyContext
- ntdll.dll.NtRaiseException
- ntdll.dll.EtwEventWriteNoRegistration
- ntdll.dll.RtlSetIoCompletionCallback
- ntdll.dll.RtlQueueWorkItem
- ntdll.dll.RtlDeregisterWait
- ntdll.dll.NtResetWriteWatch
- ntdll.dll.NtGetWriteWatch
- ntdll.dll.NtMapUserPhysicalPagesScatter
- ntdll.dll.NtMapUserPhysicalPages
- ntdll.dll.NtFreeUserPhysicalPages
- ntdll.dll.NtAllocateUserPhysicalPages
- ntdll.dll.NtUnlockVirtualMemory
- ntdll.dll.NtLockVirtualMemory
- ntdll.dll.RtlComputeImportTableHash
- ntdll.dll.bsearch
- ntdll.dll.RtlEncodeSystemPointer
- ntdll.dll.RtlFindCharInUnicodeString
- ntdll.dll.RtlNtPathNameToDosPathName
- ntdll.dll.NtApphelpCacheControl
- ntdll.dll.RtlRandom
- ntdll.dll.RtlFindActivationContextSectionGuid
- ntdll.dll.RtlFindActivationContextSectionString
- ntdll.dll.RtlDoesFileExists_U
- ntdll.dll.RtlCreateActivationContext
- ntdll.dll.RtlSetThreadPreferredUILanguages
- ntdll.dll.RtlQueryActivationContextApplicationSettings
- ntdll.dll.RtlMultiAppendUnicodeStringBuffer
- ntdll.dll.RtlpEnsureBufferSize
- ntdll.dll.RtlGetLengthWithoutLastFullDosOrNtPathElement
- ntdll.dll.RtlpApplyLengthFunction
- ntdll.dll.RtlDeactivateActivationContext
- ntdll.dll.RtlActivateActivationContext
- ntdll.dll.RtlZombifyActivationContext
- ntdll.dll.RtlAddRefActivationContext
- ntdll.dll.NtSetInformationJobObject
- ntdll.dll.NtCreateJobSet
- ntdll.dll.NtQueryInformationJobObject
- ntdll.dll.NtTerminateJobObject
- ntdll.dll.NtAssignProcessToJobObject
- ntdll.dll.NtOpenJobObject
- ntdll.dll.NtCreateJobObject
- ntdll.dll.tolower
- ntdll.dll.atol
- ntdll.dll.isdigit
- ntdll.dll.RtlCopyLuid
- ntdll.dll.RtlFreeOemString
- ntdll.dll.RtlCreateEnvironment
- ntdll.dll.RtlCreateEnvironmentEx
- ntdll.dll.RtlDestroyEnvironment
- ntdll.dll.NtQueryEvent
- ntdll.dll.CsrClientCallServer
- ntdll.dll.CsrAllocateCaptureBuffer
- ntdll.dll.CsrAllocateMessagePointer
- ntdll.dll.CsrFreeCaptureBuffer
- ntdll.dll.RtlCreateQueryDebugBuffer
- ntdll.dll.RtlQueryProcessDebugInformation
- ntdll.dll.RtlDestroyQueryDebugBuffer
- ntdll.dll.RtlFreeUserStack
- ntdll.dll.RtlCreateUserStack
- ntdll.dll.NtSetContextThread
- ntdll.dll.NtGetContextThread
- ntdll.dll.NtSignalAndWaitForSingleObject
- ntdll.dll.RtlRunOnceComplete
- ntdll.dll.RtlRunOnceBeginInitialize
- ntdll.dll.RtlRunOnceExecuteOnce
- ntdll.dll.RtlSleepConditionVariableSRW
- ntdll.dll.RtlSleepConditionVariableCS
- ntdll.dll.NtOpenPrivateNamespace
- ntdll.dll.NtCreatePrivateNamespace
- ntdll.dll.NtDeletePrivateNamespace
- ntdll.dll.RtlAddIntegrityLabelToBoundaryDescriptor
- ntdll.dll.RtlAddSIDToBoundaryDescriptor
- ntdll.dll.RtlCreateBoundaryDescriptor
- ntdll.dll.strcpy_s
- ntdll.dll.NtReplacePartitionUnit
- ntdll.dll.RtlCompareUnicodeString
- ntdll.dll.RtlQueryRegistryValues
- ntdll.dll.RtlDecodeSystemPointer
- ntdll.dll.RtlWow64LogMessageInEventLogger
- ntdll.dll.NtIsSystemResumeAutomatic
- ntdll.dll.NtGetDevicePowerState
- ntdll.dll.NtSetThreadExecutionState
- ntdll.dll.NtInitiatePowerAction
- ntdll.dll.NtPowerInformation
- ntdll.dll.NtSetVolumeInformationFile
- ntdll.dll.RtlGetFullPathName_U
- ntdll.dll.RtlIsNameLegalDOS8Dot3
- ntdll.dll._allshl
- ntdll.dll.LdrLoadAlternateResourceModuleEx
- ntdll.dll.LdrLoadAlternateResourceModule
- ntdll.dll.LdrpResGetMappingSize
- ntdll.dll.LdrRscIsTypeExist
- ntdll.dll._strcmpi
- ntdll.dll.strncat_s
- ntdll.dll.wcstoul
- ntdll.dll.LdrGetFileNameFromLoadAsDataTable
- ntdll.dll.LdrResFindResourceDirectory
- ntdll.dll.LdrResFindResource
- ntdll.dll.LdrpResGetResourceDirectory
- ntdll.dll.RtlImageDirectoryEntryToData
- ntdll.dll.LdrResGetRCConfig
- ntdll.dll.RtlVerifyVersionInfo
- ntdll.dll.RtlGetProductInfo
- ntdll.dll.NtCreateMailslotFile
- ntdll.dll.RtlExtendedLargeIntegerDivide
- ntdll.dll.RtlCleanUpTEBLangLists
- ntdll.dll.RtlSetThreadPoolStartFunc
- ntdll.dll.LdrSetDllManifestProber
- ntdll.dll.RtlSetUserCallbackExceptionFilter
- ntdll.dll.RtlSetUnhandledExceptionFilter
- ntdll.dll.RtlEncodePointer
- ntdll.dll.LdrQueryImageFileExecutionOptions
- ntdll.dll.RtlDeregisterSecureMemoryCacheCallback
- ntdll.dll.RtlRegisterSecureMemoryCacheCallback
- ntdll.dll.RtlSizeHeap
- ntdll.dll.RtlGetUserInfoHeap
- ntdll.dll.NtSetSystemEnvironmentValueEx
- ntdll.dll.RtlGUIDFromString
- ntdll.dll.NtQuerySystemEnvironmentValueEx
- ntdll.dll._alldiv
- ntdll.dll.RtlGetLastNtStatus
- ntdll.dll.NtCreateKeyTransacted
- ntdll.dll.RtlWow64EnableFsRedirection
- ntdll.dll.NtCancelIoFile
- ntdll.dll.NtCancelSynchronousIoFile
- ntdll.dll.RtlGetThreadErrorMode
- ntdll.dll.RtlNtStatusToDosErrorNoTeb
- ntdll.dll.RtlQueryElevationFlags
- ntdll.dll.RtlCharToInteger
- ntdll.dll.strncpy_s
- ntdll.dll.RtlGetLongestNtPathLength
- ntdll.dll.RtlEqualString
- ntdll.dll.RtlIsTextUnicode
- ntdll.dll.RtlFormatCurrentUserKeyPath
- ntdll.dll.RtlPrefixUnicodeString
- ntdll.dll.RtlMultiByteToUnicodeSize
- ntdll.dll.RtlMultiByteToUnicodeN
- ntdll.dll.RtlQueryAtomInAtomTable
- ntdll.dll.NtQueryInformationAtom
- ntdll.dll.RtlDeleteAtomFromAtomTable
- ntdll.dll.NtDeleteAtom
- ntdll.dll.RtlLookupAtomInAtomTable
- ntdll.dll.NtFindAtom
- ntdll.dll.RtlAddAtomToAtomTable
- ntdll.dll.NtAddAtom
- ntdll.dll.RtlCreateAtomTable
- ntdll.dll.RtlDestroyAtomTable
- ntdll.dll.DbgUiStopDebugging
- ntdll.dll.DbgUiContinue
- ntdll.dll.DbgUiWaitStateChange
- ntdll.dll.DbgUiConvertStateChangeStructure
- ntdll.dll.DbgUiGetThreadDebugObject
- ntdll.dll.NtSetInformationDebugObject
- ntdll.dll.DbgUiIssueRemoteBreakin
- ntdll.dll.DbgUiConnectToDbg
- ntdll.dll.DbgUiDebugActiveProcess
- ntdll.dll.CsrGetProcessId
- ntdll.dll.NtSetSystemInformation
- ntdll.dll.RtlGetCurrentTransaction
- ntdll.dll.RtlSetCurrentTransaction
- ntdll.dll.wcscat_s
- ntdll.dll.wcsstr
- ntdll.dll.RtlCreateUnicodeStringFromAsciiz
- ntdll.dll.RtlDnsHostNameToComputerName
- ntdll.dll.wcscspn
- ntdll.dll._memicmp
- ntdll.dll.NtFlushKey
- ntdll.dll.NtSetEaFile
- ntdll.dll.RtlInitializeExceptionChain
- ntdll.dll.NtWow64WriteVirtualMemory64
- ntdll.dll.RtlDestroyProcessParameters
- ntdll.dll.RtlCreateProcessParametersEx
- ntdll.dll.NtRemoveProcessDebug
- ntdll.dll.LdrQueryImageFileKeyOption
- ntdll.dll.NtCreateUserProcess
- ntdll.dll.RtlGetFullPathName_UstrEx
- ntdll.dll.RtlDecodePointer
- ntdll.dll.RtlKnownExceptionFilter
- ntdll.dll.NtRequestWaitReplyPort
- ntdll.dll.NtOpenKeyTransacted
- ntdll.dll.NtQueryKey
- ntdll.dll.NtOpenKeyEx
- ntdll.dll.NtOpenKeyTransactedEx
- ntdll.dll.NtLoadKey
- ntdll.dll.NtUnloadKey
- ntdll.dll.NtNotifyChangeMultipleKeys
- ntdll.dll.NtRestoreKey
- ntdll.dll.NtSaveKeyEx
- ntdll.dll.RtlMakeSelfRelativeSD
- ntdll.dll._strnicmp
- ntdll.dll.strncmp
- ntdll.dll.RtlTryAcquirePebLock
- ntdll.dll._vsnprintf
- ntdll.dll.RtlWerpReportException
- ntdll.dll.LdrResSearchResource
- ntdll.dll.NtWow64ReadVirtualMemory64
- ntdll.dll.NtWow64QueryInformationProcess64
- ntdll.dll.WerReportSQMEvent
- ntdll.dll.VerSetConditionMask
- ntdll.dll.WinSqmIsOptedIn
- ntdll.dll.strcat_s
- ntdll.dll._aullrem
- kernelbase.dll.BaseReleaseProcessDllPath
- kernelbase.dll.BaseGetProcessExePath
- kernelbase.dll.BaseGetProcessDllPath
- kernelbase.dll.LoadStringByReference
- kernelbase.dll.InternalLcidToName
- kernelbase.dll.NlsIsUserDefaultLocale
- kernelbase.dll.GetUserInfo
- kernelbase.dll.GetPtrCalDataArray
- kernelbase.dll.GetPtrCalData
- kernelbase.dll.GetStringTableEntry
- kernelbase.dll.CheckGroupPolicyEnabled
- kernelbase.dll.OpenRegKey
- kernelbase.dll.GetCPHashNode
- kernelbase.dll.Internal_EnumSystemCodePages
- kernelbase.dll.Internal_EnumUILanguages
- kernelbase.dll.Internal_EnumLanguageGroupLocales
- kernelbase.dll.Internal_EnumSystemLanguageGroups
- kernelbase.dll.Internal_EnumDateFormats
- kernelbase.dll.Internal_EnumTimeFormats
- kernelbase.dll.KernelBaseGetGlobalData
- kernelbase.dll.InvalidateTzSpecificCache
- kernelbase.dll.IsDBCSLeadByte
- kernelbase.dll.CreateFileMappingNumaW
- kernelbase.dll.CompareStringA
- kernelbase.dll.LoadStringBaseExW
- kernelbase.dll.BaseInvalidateDllSearchPathCache
- kernelbase.dll.BaseInvalidateProcessSearchPathCache
- kernelbase.dll.BaseDllFreeResourceId
- kernelbase.dll.BaseDllMapResourceIdW
- kernelbase.dll.GetUserDefaultUILanguage
- kernelbase.dll.EnumUILanguagesW
- kernelbase.dll.AreFileApisANSI
- kernelbase.dll.EnumCalendarInfoExW
- kernelbase.dll.EnumCalendarInfoW
- kernelbase.dll.EnumDateFormatsExW
- kernelbase.dll.EnumDateFormatsW
- kernelbase.dll.EnumLanguageGroupLocalesW
- kernelbase.dll.EnumSystemCodePagesW
- kernelbase.dll.EnumSystemLanguageGroupsW
- kernelbase.dll.EnumSystemLocalesEx
- kernelbase.dll.EnumSystemLocalesW
- kernelbase.dll.EnumTimeFormatsW
- kernelbase.dll.GetLocaleInfoA
- kernelbase.dll.GetStringTypeA
- kernelbase.dll.GetSystemDefaultUILanguage
- kernelbase.dll.IsDBCSLeadByteEx
- kernelbase.dll.MapViewOfFileExNuma
- kernelbase.dll.SetFileApisToANSI
- kernelbase.dll.SetFileApisToOEM
- kernelbase.dll.VirtualAllocExNuma
- kernelbase.dll.EnumCalendarInfoExEx
- kernelbase.dll.EnumDateFormatsExEx
- kernelbase.dll.EnumTimeFormatsEx
- kernelbase.dll.GetCurrencyFormatEx
- kernelbase.dll.GetEraNameCountedString
- kernelbase.dll.GetNumberFormatEx
- kernelbase.dll.GetSystemDefaultLocaleName
- kernelbase.dll.GetUserDefaultLocaleName
- kernelbase.dll.LCIDToLocaleName
- kernelbase.dll.GetNamedLocaleHashNode
- kernelbase.dll.GetLocaleInfoHelper
- kernelbase.dll.GetUserInfoWord
- kernelbase.dll.GetCalendar
- kernelbase.dll.SpecialMBToWC
- kernelbase.dll.Internal_EnumCalendarInfo
- kernelbase.dll.NlsValidateLocale
- kernelbase.dll.BaseReleaseProcessExePath
- kernelbase.dll.TlsGetValue
- kernelbase.dll.SetThreadPriority
- kernelbase.dll.SetProcessShutdownParameters
- kernelbase.dll.SetPriorityClass
- kernelbase.dll.ResumeThread
- kernelbase.dll.QueueUserAPC
- kernelbase.dll.ProcessIdToSessionId
- kernelbase.dll.OpenThread
- kernelbase.dll.GetThreadPriorityBoost
- kernelbase.dll.GetThreadPriority
- kernelbase.dll.GetStartupInfoW
- kernelbase.dll.GetProcessTimes
- kernelbase.dll.GetPriorityClass
- kernelbase.dll.GetExitCodeThread
- kernelbase.dll.GetCurrentThreadId
- kernelbase.dll.GetCurrentThread
- kernelbase.dll.GetProcessId
- kernelbase.dll.GetProcessIdOfThread
- kernelbase.dll.GetThreadId
- kernelbase.dll.GetCurrentProcessId
- kernelbase.dll.CreateRemoteThreadEx
- kernelbase.dll.GetExitCodeProcess
- kernelbase.dll.TlsFree
- kernelbase.dll.TlsAlloc
- kernelbase.dll.TerminateThread
- kernelbase.dll.TerminateProcess
- kernelbase.dll.SwitchToThread
- kernelbase.dll.SuspendThread
- kernelbase.dll.SetThreadStackGuarantee
- kernelbase.dll.SetThreadPriorityBoost
- kernelbase.dll.OpenProcessToken
- kernelbase.dll.TlsSetValue
- kernelbase.dll.SetProcessAffinityUpdateMode
- kernelbase.dll.QueryProcessAffinityUpdateMode
- kernelbase.dll.GetProcessVersion
- kernelbase.dll.CreateRemoteThread
- kernelbase.dll.InitializeProcThreadAttributeList
- kernelbase.dll.UpdateProcThreadAttribute
- kernelbase.dll.DeleteProcThreadAttributeList
- kernelbase.dll.GetCurrentProcess
- kernelbase.dll.HeapCreate
- kernelbase.dll.HeapSetInformation
- kernelbase.dll.HeapQueryInformation
- kernelbase.dll.HeapLock
- kernelbase.dll.HeapDestroy
- kernelbase.dll.GetProcessHeap
- kernelbase.dll.GetProcessHeaps
- kernelbase.dll.HeapWalk
- kernelbase.dll.HeapValidate
- kernelbase.dll.HeapUnlock
- kernelbase.dll.HeapCompact
- kernelbase.dll.HeapSummary
- kernelbase.dll.MapViewOfFileEx
- kernelbase.dll.ReadProcessMemory
- kernelbase.dll.UnmapViewOfFile
- kernelbase.dll.VirtualAlloc
- kernelbase.dll.VirtualAllocEx
- kernelbase.dll.VirtualFree
- kernelbase.dll.VirtualFreeEx
- kernelbase.dll.VirtualProtect
- kernelbase.dll.WriteProcessMemory
- kernelbase.dll.VirtualQueryEx
- kernelbase.dll.VirtualQuery
- kernelbase.dll.VirtualProtectEx
- kernelbase.dll.FlushViewOfFile
- kernelbase.dll.CreateFileMappingW
- kernelbase.dll.OpenFileMappingW
- kernelbase.dll.MapViewOfFile
- kernelbase.dll.DuplicateHandle
- kernelbase.dll.GetHandleInformation
- kernelbase.dll.SetHandleInformation
- kernelbase.dll.CloseHandle
- kernelbase.dll.OpenProcess
- kernelbase.dll.OpenSemaphoreW
- kernelbase.dll.OpenWaitableTimerW
- kernelbase.dll.ReleaseMutex
- kernelbase.dll.ReleaseSemaphore
- kernelbase.dll.OpenMutexW
- kernelbase.dll.SetEvent
- kernelbase.dll.SetWaitableTimer
- kernelbase.dll.SleepEx
- kernelbase.dll.WaitForMultipleObjectsEx
- kernelbase.dll.WaitForSingleObjectEx
- kernelbase.dll.OpenEventW
- kernelbase.dll.OpenEventA
- kernelbase.dll.InitializeCriticalSectionEx
- kernelbase.dll.InitializeCriticalSectionAndSpinCount
- kernelbase.dll.CreateWaitableTimerExW
- kernelbase.dll.CreateSemaphoreExW
- kernelbase.dll.CreateEventA
- kernelbase.dll.CreateEventW
- kernelbase.dll.CancelWaitableTimer
- kernelbase.dll.CreateEventExA
- kernelbase.dll.CreateEventExW
- kernelbase.dll.CreateMutexA
- kernelbase.dll.CreateMutexExA
- kernelbase.dll.CreateMutexExW
- kernelbase.dll.ResetEvent
- kernelbase.dll.CreateMutexW
- kernelbase.dll.GetFullPathNameW
- kernelbase.dll.GetFullPathNameA
- kernelbase.dll.SetFileTime
- kernelbase.dll.QueryDosDeviceW
- kernelbase.dll.CreateFileW
- kernelbase.dll.LockFile
- kernelbase.dll.GetFileSize
- kernelbase.dll.SetEndOfFile
- kernelbase.dll.WriteFile
- kernelbase.dll.SetFilePointer
- kernelbase.dll.ReadFile
- kernelbase.dll.WriteFileEx
- kernelbase.dll.WriteFileGather
- kernelbase.dll.GetFinalPathNameByHandleA
- kernelbase.dll.GetFinalPathNameByHandleW
- kernelbase.dll.RemoveDirectoryW
- kernelbase.dll.GetDiskFreeSpaceW
- kernelbase.dll.CreateDirectoryW
- kernelbase.dll.DefineDosDeviceW
- kernelbase.dll.FindFirstFileExA
- kernelbase.dll.FindFirstFileExW
- kernelbase.dll.FindClose
- kernelbase.dll.GetFileType
- kernelbase.dll.FlushFileBuffers
- kernelbase.dll.SetFileAttributesW
- kernelbase.dll.GetFileAttributesExW
- kernelbase.dll.DeleteFileW
- kernelbase.dll.GetFileTime
- kernelbase.dll.DeleteFileA
- kernelbase.dll.GetFileAttributesA
- kernelbase.dll.FindNextFileW
- kernelbase.dll.FindFirstFileW
- kernelbase.dll.GetLogicalDriveStringsW
- kernelbase.dll.GetTempFileNameW
- kernelbase.dll.GetVolumeInformationW
- kernelbase.dll.CompareFileTime
- kernelbase.dll.CreateDirectoryA
- kernelbase.dll.FileTimeToLocalFileTime
- kernelbase.dll.FileTimeToSystemTime
- kernelbase.dll.FindCloseChangeNotification
- kernelbase.dll.FindFirstFileA
- kernelbase.dll.FindFirstChangeNotificationA
- kernelbase.dll.FindFirstChangeNotificationW
- kernelbase.dll.FindNextChangeNotification
- kernelbase.dll.FindNextFileA
- kernelbase.dll.GetDiskFreeSpaceA
- kernelbase.dll.GetDiskFreeSpaceExA
- kernelbase.dll.GetDiskFreeSpaceExW
- kernelbase.dll.UnlockFileEx
- kernelbase.dll.GetDriveTypeA
- kernelbase.dll.GetDriveTypeW
- kernelbase.dll.GetFileAttributesExA
- kernelbase.dll.GetFileAttributesW
- kernelbase.dll.GetFileInformationByHandle
- kernelbase.dll.GetFileSizeEx
- kernelbase.dll.GetVolumeInformationByHandleW
- kernelbase.dll.LocalFileTimeToFileTime
- kernelbase.dll.LockFileEx
- kernelbase.dll.ReadFileScatter
- kernelbase.dll.ReadFileEx
- kernelbase.dll.RemoveDirectoryA
- kernelbase.dll.SetFileAttributesA
- kernelbase.dll.SetFileInformationByHandle
- kernelbase.dll.SetFilePointerEx
- kernelbase.dll.SetFileValidData
- kernelbase.dll.UnlockFile
- kernelbase.dll.PostQueuedCompletionStatus
- kernelbase.dll.GetQueuedCompletionStatusEx
- kernelbase.dll.GetQueuedCompletionStatus
- kernelbase.dll.CreateIoCompletionPort
- kernelbase.dll.CancelIoEx
- kernelbase.dll.GetOverlappedResult
- kernelbase.dll.DeviceIoControl
- kernelbase.dll.ChangeTimerQueueTimer
- kernelbase.dll.CreateTimerQueue
- kernelbase.dll.UnregisterWaitEx
- kernelbase.dll.DeleteTimerQueueTimer
- kernelbase.dll.DeleteTimerQueueEx
- kernelbase.dll.CreateTimerQueueTimer
- kernelbase.dll.GetModuleHandleA
- kernelbase.dll.GetModuleHandleW
- kernelbase.dll.GetModuleHandleExA
- kernelbase.dll.GetModuleHandleExW
- kernelbase.dll.LoadResource
- kernelbase.dll.LockResource
- kernelbase.dll.SizeofResource
- kernelbase.dll.GetProcAddress
- kernelbase.dll.GetModuleFileNameA
- kernelbase.dll.FreeLibraryAndExitThread
- kernelbase.dll.FindStringOrdinal
- kernelbase.dll.DisableThreadLibraryCalls
- kernelbase.dll.LoadLibraryExA
- kernelbase.dll.GetModuleFileNameW
- kernelbase.dll.FindResourceExW
- kernelbase.dll.FreeLibrary
- kernelbase.dll.LoadLibraryExW
- kernelbase.dll.FreeResource
- kernelbase.dll.PeekNamedPipe
- kernelbase.dll.DisconnectNamedPipe
- kernelbase.dll.CreatePipe
- kernelbase.dll.ConnectNamedPipe
- kernelbase.dll.GetNamedPipeAttribute
- kernelbase.dll.GetNamedPipeClientComputerNameW
- kernelbase.dll.WaitNamedPipeW
- kernelbase.dll.SetNamedPipeHandleState
- kernelbase.dll.CreateNamedPipeW
- kernelbase.dll.TransactNamedPipe
- kernelbase.dll.IsWow64Process
- kernelbase.dll.LCMapStringA
- kernelbase.dll.LocalLock
- kernelbase.dll.LocalReAlloc
- kernelbase.dll.LocalUnlock
- kernelbase.dll.GlobalAlloc
- kernelbase.dll.FormatMessageW
- kernelbase.dll.FormatMessageA
- kernelbase.dll.NeedCurrentDirectoryForExePathA
- kernelbase.dll.EnumSystemLocalesA
- kernelbase.dll.PulseEvent
- kernelbase.dll.Sleep
- kernelbase.dll.Wow64DisableWow64FsRedirection
- kernelbase.dll.Wow64RevertWow64FsRedirection
- kernelbase.dll.lstrcmpW
- kernelbase.dll.lstrcmpiW
- kernelbase.dll.lstrcpynA
- kernelbase.dll.lstrcpynW
- kernelbase.dll.lstrlenA
- kernelbase.dll.FatalAppExitA
- kernelbase.dll.NeedCurrentDirectoryForExePathW
- kernelbase.dll.FatalAppExitW
- kernelbase.dll.LocalAlloc
- kernelbase.dll.GlobalFree
- kernelbase.dll.lstrlenW
- kernelbase.dll.LocalFree
- kernelbase.dll.IsProcessInJob
- kernelbase.dll.GetLocalTime
- kernelbase.dll.GetSystemTimeAdjustment
- kernelbase.dll.GetSystemTimeAsFileTime
- kernelbase.dll.GetTickCount64
- kernelbase.dll.GetTimeZoneInformation
- kernelbase.dll.GetTimeZoneInformationForYear
- kernelbase.dll.GetVersion
- kernelbase.dll.GetVersionExA
- kernelbase.dll.GetVersionExW
- kernelbase.dll.GetWindowsDirectoryW
- kernelbase.dll.SetLocalTime
- kernelbase.dll.SystemTimeToTzSpecificLocalTime
- kernelbase.dll.TzSpecificLocalTimeToSystemTime
- kernelbase.dll.GetDynamicTimeZoneInformation
- kernelbase.dll.GetLogicalProcessorInformation
- kernelbase.dll.GetSystemInfo
- kernelbase.dll.GetLogicalProcessorInformationEx
- kernelbase.dll.GetWindowsDirectoryA
- kernelbase.dll.GlobalMemoryStatusEx
- kernelbase.dll.GetTickCount
- kernelbase.dll.GetSystemTime
- kernelbase.dll.SystemTimeToFileTime
- kernelbase.dll.GetComputerNameExW
- kernelbase.dll.GetComputerNameExA
- kernelbase.dll.VerLanguageNameA
- kernelbase.dll.FindNLSStringEx
- kernelbase.dll.SetThreadLocale
- kernelbase.dll.NlsWriteEtwEvent
- kernelbase.dll.NlsEventDataDescCreate
- kernelbase.dll.ConvertDefaultLocale
- kernelbase.dll.VerLanguageNameW
- kernelbase.dll.SetLocaleInfoW
- kernelbase.dll.SetCalendarInfoW
- kernelbase.dll.LCMapStringW
- kernelbase.dll.IsValidLocale
- kernelbase.dll.IsValidLanguageGroup
- kernelbase.dll.IsValidCodePage
- kernelbase.dll.IsNLSDefinedString
- kernelbase.dll.GetUserDefaultLCID
- kernelbase.dll.GetUserDefaultLangID
- kernelbase.dll.GetThreadLocale
- kernelbase.dll.GetSystemDefaultLCID
- kernelbase.dll.GetSystemDefaultLangID
- kernelbase.dll.GetProcessPreferredUILanguages
- kernelbase.dll.GetOEMCP
- kernelbase.dll.GetLocaleInfoW
- kernelbase.dll.GetCPInfoExW
- kernelbase.dll.GetCPInfo
- kernelbase.dll.GetACP
- kernelbase.dll.GetFileMUIPath
- kernelbase.dll.FindNLSString
- kernelbase.dll.NlsUpdateSystemLocale
- kernelbase.dll.NlsUpdateLocale
- kernelbase.dll.NlsGetCacheUpdateCount
- kernelbase.dll.NlsCheckPolicy
- kernelbase.dll.GetCalendarInfoW
- kernelbase.dll.GetCalendarInfoEx
- kernelbase.dll.GetLocaleInfoEx
- kernelbase.dll.GetSystemPreferredUILanguages
- kernelbase.dll.GetThreadPreferredUILanguages
- kernelbase.dll.GetThreadUILanguage
- kernelbase.dll.GetUILanguageInfo
- kernelbase.dll.GetUserPreferredUILanguages
- kernelbase.dll.IsValidLocaleName
- kernelbase.dll.LCMapStringEx
- kernelbase.dll.LocaleNameToLCID
- kernelbase.dll.ResolveLocaleName
- kernelbase.dll.GetFileMUIInfo
- kernelbase.dll.GetEnvironmentStrings
- kernelbase.dll.GetEnvironmentVariableW
- kernelbase.dll.SearchPathW
- kernelbase.dll.SetStdHandleEx
- kernelbase.dll.ExpandEnvironmentStringsA
- kernelbase.dll.ExpandEnvironmentStringsW
- kernelbase.dll.FreeEnvironmentStringsA
- kernelbase.dll.FreeEnvironmentStringsW
- kernelbase.dll.GetCommandLineA
- kernelbase.dll.GetCommandLineW
- kernelbase.dll.GetCurrentDirectoryA
- kernelbase.dll.GetCurrentDirectoryW
- kernelbase.dll.GetEnvironmentStringsW
- kernelbase.dll.SetEnvironmentStringsW
- kernelbase.dll.GetEnvironmentVariableA
- kernelbase.dll.GetStdHandle
- kernelbase.dll.SetCurrentDirectoryA
- kernelbase.dll.SetCurrentDirectoryW
- kernelbase.dll.SetEnvironmentVariableA
- kernelbase.dll.SetEnvironmentVariableW
- kernelbase.dll.SetStdHandle
- kernelbase.dll.GetStringTypeW
- kernelbase.dll.GetStringTypeExW
- kernelbase.dll.FoldStringW
- kernelbase.dll.CompareStringW
- kernelbase.dll.WideCharToMultiByte
- kernelbase.dll.CompareStringOrdinal
- kernelbase.dll.CompareStringEx
- kernelbase.dll.MultiByteToWideChar
- kernelbase.dll.DebugBreak
- kernelbase.dll.OutputDebugStringA
- kernelbase.dll.OutputDebugStringW
- kernelbase.dll.IsDebuggerPresent
- kernelbase.dll.GetLastError
- kernelbase.dll.GetErrorMode
- kernelbase.dll.RaiseException
- kernelbase.dll.SetErrorMode
- kernelbase.dll.SetLastError
- kernelbase.dll.FlsAlloc
- kernelbase.dll.FlsFree
- kernelbase.dll.FlsGetValue
- kernelbase.dll.FlsSetValue
- kernelbase.dll.Beep
- kernelbase.dll.QueryPerformanceFrequency
- kernelbase.dll.QueryPerformanceCounter
- kernelbase.dll.AllocateAndInitializeSid
- kernelbase.dll.FreeSid
- kernelbase.dll.DuplicateToken
- kernelbase.dll.AccessCheck
- ntdll.dll.wcstol
- ntdll.dll.RtlQueryInformationActiveActivationContext
- ntdll.dll.NtVdmControl
- ntdll.dll.RtlIsThreadWithinLoaderCallout
- ntdll.dll.RtlGetIntegerAtom
- ntdll.dll.RtlRetrieveNtUserPfn
- ntdll.dll.RtlInitializeNtUserPfn
- ntdll.dll._allshr
- ntdll.dll.NtCallbackReturn
- ntdll.dll._chkstk
- ntdll.dll.CsrCaptureMessageBuffer
- ntdll.dll.RtlRunDecodeUnicodeString
- ntdll.dll.RtlRunEncodeUnicodeString
- ntdll.dll.RtlGetThreadLangIdByIndex
- ntdll.dll.sscanf_s
- ntdll.dll.strrchr
- ntdll.dll.wcsncat_s
- ntdll.dll.RtlCheckRegistryKey
- ntdll.dll.LdrFlushAlternateResourceModules
- ntdll.dll.iswspace
- ntdll.dll._wtoi
- ntdll.dll._aulldvrm
- ntdll.dll.NlsAnsiCodePage
- gdi32.dll.GetClipRgn
- gdi32.dll.ExtSelectClipRgn
- gdi32.dll.GetHFONT
- gdi32.dll.GetMapMode
- gdi32.dll.SetGraphicsMode
- gdi32.dll.GetClipBox
- gdi32.dll.CreateRectRgn
- gdi32.dll.CreateRectRgnIndirect
- gdi32.dll.SetLayout
- gdi32.dll.GetBoundsRect
- gdi32.dll.ExcludeClipRect
- gdi32.dll.PlayEnhMetaFile
- gdi32.dll.Ellipse
- gdi32.dll.CreateEllipticRgn
- gdi32.dll.GdiFixUpHandle
- gdi32.dll.CreatePen
- gdi32.dll.Rectangle
- gdi32.dll.GetTextCharacterExtra
- gdi32.dll.SetTextCharacterExtra
- gdi32.dll.GetCurrentObject
- gdi32.dll.GetViewportOrgEx
- gdi32.dll.SetViewportOrgEx
- gdi32.dll.PolyPatBlt
- gdi32.dll.CreateBrushIndirect
- gdi32.dll.SetBoundsRect
- gdi32.dll.CopyEnhMetaFileW
- gdi32.dll.CopyMetaFileW
- gdi32.dll.GetPaletteEntries
- gdi32.dll.CreatePalette
- gdi32.dll.SetPaletteEntries
- gdi32.dll.GetPixel
- gdi32.dll.ExtTextOutA
- gdi32.dll.GetTextCharsetInfo
- gdi32.dll.QueryFontAssocStatus
- gdi32.dll.GetCharWidthInfo
- gdi32.dll.GetCharWidthA
- gdi32.dll.GetTextFaceW
- gdi32.dll.GetCharABCWidthsA
- gdi32.dll.GetCharABCWidthsW
- gdi32.dll.SetBrushOrgEx
- gdi32.dll.CreateFontIndirectW
- gdi32.dll.EnumFontsW
- gdi32.dll.GetTextFaceAliasW
- gdi32.dll.GetTextMetricsW
- gdi32.dll.GetTextColor
- gdi32.dll.GdiGetCodePage
- gdi32.dll.GetTextCharset
- gdi32.dll.GetBkMode
- gdi32.dll.GetViewportExtEx
- gdi32.dll.GetWindowExtEx
- gdi32.dll.GdiGetCharDimensions
- gdi32.dll.GdiPrinterThunk
- gdi32.dll.GdiLoadType1Fonts
- gdi32.dll.GdiAddFontResourceW
- gdi32.dll.TranslateCharsetInfo
- gdi32.dll.SaveDC
- gdi32.dll.OffsetWindowOrgEx
- gdi32.dll.RestoreDC
- gdi32.dll.ExtTextOutW
- gdi32.dll.GetDIBits
- gdi32.dll.CreateDIBSection
- gdi32.dll.SetStretchBltMode
- gdi32.dll.SelectPalette
- gdi32.dll.RealizePalette
- gdi32.dll.SetDIBits
- gdi32.dll.CreateDCW
- gdi32.dll.CreateDIBitmap
- gdi32.dll.CreateCompatibleBitmap
- gdi32.dll.SetBitmapBits
- gdi32.dll.DeleteDC
- gdi32.dll.GdiValidateHandle
- gdi32.dll.GdiDllInitialize
- gdi32.dll.GdiProcessSetup
- gdi32.dll.GetStockObject
- gdi32.dll.CreateSolidBrush
- gdi32.dll.CreateCompatibleDC
- gdi32.dll.GdiConvertBitmapV5
- gdi32.dll.GdiCreateLocalEnhMetaFile
- gdi32.dll.GdiCreateLocalMetaFilePict
- gdi32.dll.GetRgnBox
- gdi32.dll.CombineRgn
- gdi32.dll.OffsetRgn
- gdi32.dll.MirrorRgn
- gdi32.dll.EnableEUDC
- gdi32.dll.GdiConvertToDevmodeW
- gdi32.dll.GetTextExtentPointA
- gdi32.dll.GetTextExtentPointW
- gdi32.dll.CreateBitmap
- gdi32.dll.SetTextAlign
- gdi32.dll.GetTextAlign
- gdi32.dll.IntersectClipRect
- gdi32.dll.SelectObject
- gdi32.dll.SetBkMode
- gdi32.dll.GetBkColor
- gdi32.dll.GetObjectW
- gdi32.dll.SetTextColor
- gdi32.dll.SetBkColor
- gdi32.dll.GetLayout
- gdi32.dll.StretchDIBits
- gdi32.dll.GetDeviceCaps
- gdi32.dll.GetDIBColorTable
- gdi32.dll.GdiGetBitmapBitsSize
- gdi32.dll.DeleteObject
- gdi32.dll.DeleteMetaFile
- gdi32.dll.DeleteEnhMetaFile
- gdi32.dll.GdiConvertMetaFilePict
- gdi32.dll.GdiConvertEnhMetaFile
- gdi32.dll.GdiReleaseDC
- gdi32.dll.StretchBlt
- gdi32.dll.GetObjectType
- gdi32.dll.GdiConvertAndCheckDC
- gdi32.dll.SetRectRgn
- gdi32.dll.BitBlt
- gdi32.dll.TextOutW
- gdi32.dll.TextOutA
- gdi32.dll.PatBlt
- gdi32.dll.SetLayoutWidth
- kernel32.dll.GetLocaleInfoW
- kernel32.dll.SetUnhandledExceptionFilter
- kernel32.dll.UnhandledExceptionFilter
- kernel32.dll.TerminateProcess
- kernel32.dll.GetSystemTimeAsFileTime
- kernel32.dll.LoadLibraryExA
- kernel32.dll.InterlockedCompareExchange
- kernel32.dll.DelayLoadFailureHook
- kernel32.dll.GlobalAddAtomA
- kernel32.dll.GetModuleHandleA
- kernel32.dll.GetModuleFileNameA
- kernel32.dll.GlobalFindAtomA
- kernel32.dll.lstrlenA
- kernel32.dll.GetTickCount
- kernel32.dll.QueryPerformanceFrequency
- kernel32.dll.QueryPerformanceCounter
- kernel32.dll.LCMapStringW
- kernel32.dll.CreateFileMappingW
- kernel32.dll.MapViewOfFile
- kernel32.dll.GetFileSize
- kernel32.dll.UnmapViewOfFile
- kernel32.dll.WerpNotifyLoadStringResource
- kernel32.dll.GetSystemDefaultLangID
- kernel32.dll.RegQueryInfoKeyW
- kernel32.dll.RegEnumValueW
- kernel32.dll.RegOpenKeyExW
- kernel32.dll.RegQueryValueExW
- kernel32.dll.GetVersionExW
- kernel32.dll.IsDBCSLeadByte
- kernel32.dll.WerpNotifyUseStringResource
- kernel32.dll.GetCurrentProcessId
- kernel32.dll.ProcessIdToSessionId
- kernel32.dll.MulDiv
- kernel32.dll.GetThreadLocale
- kernel32.dll.FindFirstFileW
- kernel32.dll.FindNextFileW
- kernel32.dll.FindClose
- kernel32.dll.GetLogicalDrives
- kernel32.dll.lstrlenW
- kernel32.dll.SetCurrentDirectoryW
- kernel32.dll.GetCurrentDirectoryW
- kernel32.dll.ConvertDefaultLocale
- kernel32.dll.IsValidLocale
- kernel32.dll.GetAtomNameW
- kernel32.dll.GetAtomNameA
- kernel32.dll.AddAtomW
- kernel32.dll.AddAtomA
- kernel32.dll.GetSystemWindowsDirectoryW
- kernel32.dll.CreateProcessW
- kernel32.dll.EnumResourceNamesExW
- kernel32.dll.SetFileTime
- kernel32.dll.ReadFile
- kernel32.dll.CloseHandle
- kernel32.dll.FindResourceW
- kernel32.dll.CompareStringW
- kernel32.dll.GetCPInfo
- kernel32.dll.GetStringTypeA
- kernel32.dll.GetStringTypeW
- kernel32.dll.Sleep
- kernel32.dll.FoldStringW
- kernel32.dll.GlobalHandle
- kernel32.dll.CreateThread
- kernel32.dll.GetExitCodeThread
- kernel32.dll.ExitThread
- kernel32.dll.GetCurrentThread
- kernel32.dll.GetCurrentProcess
- kernel32.dll.GlobalAddAtomW
- kernel32.dll.LoadLibraryExW
- kernel32.dll.ExpandEnvironmentStringsW
- kernel32.dll.SearchPathW
- kernel32.dll.GetSystemDirectoryW
- kernel32.dll.IsDBCSLeadByteEx
- kernel32.dll.DisableThreadLibraryCalls
- kernel32.dll.FindResourceExA
- kernel32.dll.FindResourceExW
- kernel32.dll.LoadStringBaseExW
- kernel32.dll.LoadResource
- kernel32.dll.SizeofResource
- kernel32.dll.RegisterWaitForInputIdle
- kernel32.dll.QueryActCtxSettingsW
- kernel32.dll.GetModuleHandleW
- kernel32.dll.GetCurrentThreadId
- kernel32.dll.LoadAppInitDlls
- kernel32.dll.LocalSize
- kernel32.dll.LocalUnlock
- kernel32.dll.LocalLock
- kernel32.dll.LocalReAlloc
- kernel32.dll.GetACP
- kernel32.dll.InterlockedIncrement
- kernel32.dll.GetPrivateProfileStringW
- kernel32.dll.RegSetValueExW
- kernel32.dll.RegCloseKey
- kernel32.dll.RegCreateKeyExW
- kernel32.dll.RegDeleteKeyExW
- kernel32.dll.GetUserDefaultLCID
- kernel32.dll.GlobalUnlock
- kernel32.dll.GlobalLock
- kernel32.dll.GlobalSize
- kernel32.dll.LocalFree
- kernel32.dll.GlobalDeleteAtom
- kernel32.dll.LocalAlloc
- kernel32.dll.DeleteAtom
- kernel32.dll.FreeLibrary
- kernel32.dll.GetProcAddress
- kernel32.dll.LoadLibraryW
- kernel32.dll.InterlockedExchange
- kernel32.dll.GlobalGetAtomNameA
- kernel32.dll.GlobalGetAtomNameW
- kernel32.dll.GetModuleFileNameW
- kernel32.dll.GlobalFree
- kernel32.dll.InterlockedDecrement
- kernel32.dll.GlobalFlags
- kernel32.dll.WideCharToMultiByte
- kernel32.dll.GetLastError
- kernel32.dll.GetOEMCP
- kernel32.dll.GlobalReAlloc
- kernel32.dll.MultiByteToWideChar
- kernel32.dll.GlobalAlloc
- kernel32.dll.WaitForMultipleObjectsEx
- kernel32.dll.SetEvent
- kernel32.dll.CreateFileW
- kernel32.dll.lstrcmpiW
- kernel32.dll.WritePrivateProfileStringW
- kernel32.dll.GlobalFindAtomW
- kernel32.dll.SetLastError
- advapi32.dll.CheckTokenMembership
- msvcrt.dll.iswctype
- msvcrt.dll._wcstoui64
- msvcrt.dll._ftol2
- msvcrt.dll.tolower
- msvcrt.dll._ultow
- msvcrt.dll.wcstok
- msvcrt.dll.isalnum
- msvcrt.dll.isspace
- msvcrt.dll._errno
- msvcrt.dll.mbstowcs
- msvcrt.dll._except_handler4_common
- msvcrt.dll.wcschr
- msvcrt.dll.wcsrchr
- msvcrt.dll.memset
- msvcrt.dll.memmove
- msvcrt.dll._wcsicmp
- msvcrt.dll._vsnwprintf
- msvcrt.dll.memcpy
- msvcrt.dll.wcscpy_s
- msvcrt.dll._stricmp
- msvcrt.dll.strchr
- msvcrt.dll.strrchr
- msvcrt.dll.strstr
- msvcrt.dll._vsnprintf
- msvcrt.dll.wcstombs
- msvcrt.dll.wcsstr
- msvcrt.dll.swprintf_s
- msvcrt.dll.wcsncpy_s
- msvcrt.dll.wcsncmp
- msvcrt.dll.swscanf_s
- msvcrt.dll._wcsnicmp
- msvcrt.dll.wcstoul
- msvcrt.dll.wcscat_s
- ntdll.dll.EtwEventWriteEx
- ntdll.dll.NtQuerySystemTime
- ntdll.dll.RtlGetNtProductType
- ntdll.dll.RtlIsValidIndexHandle
- ntdll.dll.NtCompareTokens
- ntdll.dll.RtlEnumerateGenericTableWithoutSplaying
- ntdll.dll.RtlIsGenericTableEmpty
- ntdll.dll.RtlDuplicateUnicodeString
- ntdll.dll.RtlDeleteElementGenericTable
- ntdll.dll.RtlInsertElementGenericTable
- ntdll.dll.RtlDestroyHandleTable
- ntdll.dll.RtlStringFromGUID
- ntdll.dll.RtlInitializeGenericTable
- ntdll.dll.RtlLookupElementGenericTable
- ntdll.dll.RtlNumberGenericTableElements
- ntdll.dll.RtlDllShutdownInProgress
- ntdll.dll.RtlRegisterThreadWithCsrss
- ntdll.dll.NtTraceControl
- ntdll.dll.EtwSendNotification
- ntdll.dll.EtwDeliverDataBlock
- ntdll.dll.EtwEnumerateProcessRegGuids
- ntdll.dll.RtlQueryTimeZoneInformation
- ntdll.dll.RtlQueryPerformanceFrequency
- ntdll.dll.EtwpGetCpuSpeed
- ntdll.dll.NtQueryPerformanceCounter
- ntdll.dll.RtlInitializeBitMap
- ntdll.dll.RtlInterlockedClearBitRun
- ntdll.dll.NtTraceEvent
- ntdll.dll.RtlAdjustPrivilege
- ntdll.dll.EtwProcessPrivateLoggerRequest
- ntdll.dll.RtlIpv4AddressToStringW
- ntdll.dll.RtlIpv6AddressToStringW
- ntdll.dll.NtRenameKey
- ntdll.dll.NtLoadKeyEx
- ntdll.dll.RtlCopyString
- ntdll.dll.RtlTimeToSecondsSince1970
- ntdll.dll.NtQueryMutant
- ntdll.dll.NtAlpcQueryInformation
- ntdll.dll.NtReplaceKey
- ntdll.dll.NtSaveKey
- ntdll.dll.NtSaveMergedKeys
- ntdll.dll.EtwLogTraceEvent
- sechost.dll.RegisterServiceCtrlHandlerExW
- sechost.dll.StartServiceCtrlDispatcherW
- sechost.dll.SetServiceStatus
- sechost.dll.I_ScRpcBindW
- sechost.dll.StartServiceCtrlDispatcherA
- sechost.dll.StartServiceA
- sechost.dll.RegisterServiceCtrlHandlerW
- sechost.dll.RegisterServiceCtrlHandlerExA
- sechost.dll.RegisterServiceCtrlHandlerA
- sechost.dll.QueryServiceStatus
- sechost.dll.QueryServiceConfigA
- sechost.dll.QueryServiceConfig2A
- sechost.dll.OpenServiceA
- sechost.dll.OpenSCManagerA
- sechost.dll.NotifyServiceStatusChangeA
- sechost.dll.CreateServiceA
- sechost.dll.ControlServiceExA
- sechost.dll.ControlService
- sechost.dll.ChangeServiceConfigA
- sechost.dll.ChangeServiceConfig2A
- sechost.dll.I_ScRpcBindA
- sechost.dll.ControlServiceExW
- sechost.dll.OpenSCManagerW
- sechost.dll.OpenServiceW
- sechost.dll.CreateServiceW
- sechost.dll.DeleteService
- sechost.dll.CloseServiceHandle
- sechost.dll.StartServiceW
- sechost.dll.QueryServiceConfig2W
- sechost.dll.NotifyServiceStatusChangeW
- sechost.dll.ChangeServiceConfig2W
- sechost.dll.ChangeServiceConfigW
- sechost.dll.QueryServiceConfigW
- sechost.dll.QueryServiceObjectSecurity
- sechost.dll.QueryServiceStatusEx
- sechost.dll.SetServiceObjectSecurity
- kernel32.dll.RegSaveKeyExW
- kernel32.dll.RegNotifyChangeKeyValue
- kernel32.dll.RegQueryInfoKeyA
- kernel32.dll.RegQueryValueExA
- kernel32.dll.RegLoadMUIStringA
- kernel32.dll.RegSaveKeyExA
- kernel32.dll.RegGetKeySecurity
- kernel32.dll.RegSetKeySecurity
- kernel32.dll.RegRestoreKeyA
- kernel32.dll.RegRestoreKeyW
- kernel32.dll.RegLoadKeyA
- kernel32.dll.RegLoadKeyW
- kernel32.dll.RegDeleteKeyExA
- kernel32.dll.RegDeleteValueA
- kernel32.dll.RegDeleteValueW
- kernel32.dll.RegEnumKeyExA
- kernel32.dll.RegEnumKeyExW
- kernel32.dll.RegEnumValueA
- kernel32.dll.RegGetValueA
- kernel32.dll.RegGetValueW
- kernel32.dll.RegCreateKeyExA
- kernel32.dll.RegFlushKey
- kernel32.dll.RegOpenCurrentUser
- kernel32.dll.RegOpenKeyExA
- kernel32.dll.RegDisablePredefinedCacheEx
- kernel32.dll.RegLoadMUIStringW
- kernel32.dll.RegOpenUserClassesRoot
- kernel32.dll.RegSetValueExA
- kernel32.dll.RegUnLoadKeyA
- kernel32.dll.RegUnLoadKeyW
- kernel32.dll.RegDeleteTreeW
- kernel32.dll.RegDeleteTreeA
- kernelbase.dll.ImpersonateNamedPipeClient
- kernel32.dll.GetPriorityClass
- kernel32.dll.OpenThread
- kernel32.dll.SetThreadToken
- kernel32.dll.OpenThreadToken
- kernel32.dll.OpenProcessToken
- kernel32.dll.CreateProcessAsUserW
- kernel32.dll.GetProcessId
- kernelbase.dll.GetSidLengthRequired
- kernelbase.dll.GetSidSubAuthority
- kernelbase.dll.GetSidSubAuthorityCount
- kernelbase.dll.GetWindowsAccountDomainSid
- kernelbase.dll.ImpersonateAnonymousToken
- kernelbase.dll.ImpersonateLoggedOnUser
- kernelbase.dll.ImpersonateSelf
- kernelbase.dll.InitializeAcl
- kernelbase.dll.InitializeSecurityDescriptor
- kernelbase.dll.InitializeSid
- kernelbase.dll.IsTokenRestricted
- kernelbase.dll.IsValidAcl
- kernelbase.dll.IsValidRelativeSecurityDescriptor
- kernelbase.dll.IsValidSecurityDescriptor
- kernelbase.dll.IsWellKnownSid
- kernelbase.dll.MakeAbsoluteSD
- kernelbase.dll.MakeAbsoluteSD2
- kernelbase.dll.GetSidIdentifierAuthority
- kernelbase.dll.MapGenericMask
- kernelbase.dll.PrivilegeCheck
- kernelbase.dll.QuerySecurityAccessMask
- kernelbase.dll.RevertToSelf
- kernelbase.dll.SetAclInformation
- kernelbase.dll.SetKernelObjectSecurity
- kernelbase.dll.SetPrivateObjectSecurity
- kernelbase.dll.SetPrivateObjectSecurityEx
- kernelbase.dll.EqualDomainSid
- kernelbase.dll.SetSecurityAccessMask
- kernelbase.dll.SetSecurityDescriptorControl
- kernelbase.dll.SetSecurityDescriptorDacl
- kernelbase.dll.SetSecurityDescriptorGroup
- kernelbase.dll.SetSecurityDescriptorOwner
- kernelbase.dll.SetSecurityDescriptorRMControl
- kernelbase.dll.SetSecurityDescriptorSacl
- kernelbase.dll.SetTokenInformation
- kernelbase.dll.GetSecurityDescriptorSacl
- kernelbase.dll.GetSecurityDescriptorRMControl
- kernelbase.dll.GetSecurityDescriptorOwner
- kernelbase.dll.GetSecurityDescriptorLength
- kernelbase.dll.GetSecurityDescriptorGroup
- kernelbase.dll.GetSecurityDescriptorDacl
- kernelbase.dll.GetSecurityDescriptorControl
- kernelbase.dll.GetPrivateObjectSecurity
- kernelbase.dll.GetLengthSid
- kernelbase.dll.GetKernelObjectSecurity
- kernelbase.dll.GetAclInformation
- kernelbase.dll.GetAce
- kernelbase.dll.FindFirstFreeAce
- kernelbase.dll.MakeSelfRelativeSD
- kernelbase.dll.EqualSid
- kernelbase.dll.IsValidSid
- kernelbase.dll.AccessCheckAndAuditAlarmW
- kernelbase.dll.AccessCheckByTypeAndAuditAlarmW
- kernelbase.dll.AccessCheckByTypeResultListAndAuditAlarmW
- kernelbase.dll.AccessCheckByTypeResultListAndAuditAlarmByHandleW
- kernelbase.dll.ObjectOpenAuditAlarmW
- kernelbase.dll.ObjectPrivilegeAuditAlarmW
- kernelbase.dll.ObjectCloseAuditAlarmW
- kernelbase.dll.ObjectDeleteAuditAlarmW
- kernelbase.dll.PrivilegedServiceAuditAlarmW
- kernelbase.dll.SetFileSecurityW
- kernelbase.dll.GetFileSecurityW
- kernelbase.dll.CopySid
- kernelbase.dll.GetTokenInformation
- kernelbase.dll.AccessCheckByType
- kernelbase.dll.AccessCheckByTypeResultList
- kernelbase.dll.AddAccessAllowedAce
- kernelbase.dll.AddAccessAllowedAceEx
- kernelbase.dll.AddAccessAllowedObjectAce
- kernelbase.dll.AddAccessDeniedAce
- kernelbase.dll.AddAccessDeniedAceEx
- kernelbase.dll.AddAccessDeniedObjectAce
- kernelbase.dll.AddAce
- kernelbase.dll.AddAuditAccessAce
- kernelbase.dll.AddAuditAccessAceEx
- kernelbase.dll.AddAuditAccessObjectAce
- kernelbase.dll.AdjustTokenGroups
- kernelbase.dll.AdjustTokenPrivileges
- kernelbase.dll.AllocateLocallyUniqueId
- kernelbase.dll.AreAllAccessesGranted
- kernelbase.dll.AreAnyAccessesGranted
- kernelbase.dll.CheckTokenMembership
- kernelbase.dll.ConvertToAutoInheritPrivateObjectSecurity
- kernelbase.dll.CreatePrivateObjectSecurity
- kernelbase.dll.CreatePrivateObjectSecurityEx
- kernelbase.dll.CreatePrivateObjectSecurityWithMultipleInheritance
- kernelbase.dll.CreateRestrictedToken
- kernelbase.dll.CreateWellKnownSid
- kernelbase.dll.DeleteAce
- kernelbase.dll.DestroyPrivateObjectSecurity
- kernelbase.dll.DuplicateTokenEx
- kernelbase.dll.EqualPrefixSid
- kernel32.dll.VirtualAllocEx
- kernel32.dll.VirtualFree
- kernel32.dll.OpenProcess
- kernel32.dll.GlobalMemoryStatusEx
- kernel32.dll.GetActiveProcessorCount
- kernel32.dll.GetSystemInfo
- kernel32.dll.DeviceIoControl
- kernel32.dll.GetVolumeInformationW
- kernel32.dll.GetDriveTypeW
- kernel32.dll.GetLogicalDriveStringsW
- kernel32.dll.ReleaseMutex
- kernel32.dll.HeapSize
- kernel32.dll.GetComputerNameW
- kernel32.dll.ExpandEnvironmentStringsA
- kernel32.dll.RegKrnInitialize
- kernel32.dll.GetComputerNameA
- kernel32.dll.DuplicateHandle
- kernel32.dll.CreateMutexW
- kernel32.dll.ReadProcessMemory
- kernel32.dll.FreeLibraryAndExitThread
- kernel32.dll.IsWow64Process
- kernel32.dll.GetPrivateProfileIntW
- kernel32.dll.ResetEvent
- kernel32.dll.HeapReAlloc
- kernel32.dll.GetSystemTime
- kernel32.dll.CreateMutexA
- kernel32.dll.InitializeCriticalSection
- kernel32.dll.Wow64RevertWow64FsRedirection
- kernel32.dll.LockResource
- kernel32.dll.Wow64DisableWow64FsRedirection
- kernel32.dll.DosDateTimeToFileTime
- kernel32.dll.FileTimeToDosDateTime
- kernel32.dll.GetFileTime
- kernel32.dll.SetErrorMode
- kernel32.dll.FindFirstFileExW
- kernel32.dll.SetFileInformationByHandle
- kernel32.dll.CopyFileW
- kernel32.dll.lstrcmpiA
- kernel32.dll.GetFileSizeEx
- kernel32.dll.GetComputerNameExW
- kernel32.dll.LoadLibraryA
- kernel32.dll.CreateProcessInternalA
- kernel32.dll.LeaveCriticalSection
- kernel32.dll.EnterCriticalSection
- kernel32.dll.RegKrnGetGlobalState
- kernel32.dll.SleepEx
- kernel32.dll.HeapAlloc
- kernel32.dll.GetProcessHeap
- kernel32.dll.GetFullPathNameW
- kernel32.dll.HeapFree
- kernel32.dll.GetFileAttributesW
- kernel32.dll.CreateEventW
- kernel32.dll.GetThreadUILanguage
- kernel32.dll.GetCommandLineW
- kernel32.dll.lstrcmpW
- kernel32.dll.GetModuleHandleExW
- kernel32.dll.WriteFile
- kernel32.dll.MoveFileW
- kernel32.dll.DeleteFileW
- kernel32.dll.GetFileAttributesExW
- kernel32.dll.SetFilePointer
- kernel32.dll.OutputDebugStringW
- kernel32.dll.GetLocalTime
- kernel32.dll.FormatMessageW
- kernel32.dll.CompareFileTime
- kernel32.dll.GetLongPathNameW
- kernel32.dll.GetVolumePathNameW
- kernel32.dll.DeleteCriticalSection
- kernel32.dll.WaitForSingleObject
- kernel32.dll.GetFileMUIPath
- kernel32.dll.VirtualFreeEx
- kernel32.dll.GetDiskFreeSpaceExW
- kernel32.dll.GetFullPathNameA
- kernel32.dll.GetOverlappedResult
- rpcrt4.dll.RpcBindingCreateW
- rpcrt4.dll.UuidCreate
- rpcrt4.dll.RpcBindingSetAuthInfoA
- rpcrt4.dll.RpcEpResolveBinding
- rpcrt4.dll.I_RpcSNCHOption
- rpcrt4.dll.UuidFromStringW
- rpcrt4.dll.UuidToStringW
- rpcrt4.dll.RpcExceptionFilter
- rpcrt4.dll.RpcBindingSetAuthInfoW
- rpcrt4.dll.RpcSsDestroyClientContext
- rpcrt4.dll.I_RpcMapWin32Status
- rpcrt4.dll.I_RpcExceptionFilter
- rpcrt4.dll.NdrClientCall2
- rpcrt4.dll.RpcBindingSetAuthInfoExW
- rpcrt4.dll.RpcStringBindingComposeW
- rpcrt4.dll.RpcBindingFromStringBindingW
- rpcrt4.dll.RpcStringFreeW
- rpcrt4.dll.RpcBindingFree
- rpcrt4.dll.RpcBindingSetAuthInfoExA
- rpcrt4.dll.RpcRaiseException
- rpcrt4.dll.RpcBindingBind
- msvcrt.dll.qsort
- msvcrt.dll.gmtime
- msvcrt.dll.iswdigit
- msvcrt.dll.free
- msvcrt.dll.malloc
- msvcrt.dll._wtoi
- msvcrt.dll._XcptFilter
- msvcrt.dll._initterm
- msvcrt.dll._amsg_exit
- ntdll.dll.RtlIpv4AddressToStringA
- ntdll.dll.RtlIpv6StringToAddressA
- ntdll.dll.RtlIpv4StringToAddressA
- ntdll.dll.RtlIpv6StringToAddressExW
- ntdll.dll.RtlIpv4StringToAddressExW
- nsi.dll.NsiSetAllPersistentParametersWithMask
- nsi.dll.NsiCancelChangeNotification
- nsi.dll.NsiRequestChangeNotification
- nsi.dll.NsiSetAllParameters
- nsi.dll.NsiGetParameter
- nsi.dll.NsiSetParameter
- nsi.dll.NsiEnumerateObjectsAllParameters
- nsi.dll.NsiAllocateAndGetTable
- nsi.dll.NsiGetAllParameters
- nsi.dll.NsiFreeTable
- winnsi.dll.NsiConnectToServer
- winnsi.dll.NsiRpcRegisterChangeNotification
- winnsi.dll.NsiRpcDeregisterChangeNotification
- winnsi.dll.NsiRpcGetParameter
- winnsi.dll.NsiDisconnectFromServer
- rpcrt4.dll.NdrAsyncServerCall
- rpcrt4.dll.RpcServerUnregisterIf
- rpcrt4.dll.RpcServerUseProtseqEpW
- rpcrt4.dll.RpcServerRegisterIf2
- rpcrt4.dll.RpcServerInqCallAttributesW
- rpcrt4.dll.RpcBindingUnbind
- rpcrt4.dll.RpcAsyncCompleteCall
- kernelbase.dll.HeapFree
- kernelbase.dll.HeapReAlloc
- kernelbase.dll.HeapAlloc
- kernelbase.dll.InterlockedIncrement
- kernelbase.dll.InterlockedCompareExchange
- kernelbase.dll.InterlockedExchangeAdd
- kernelbase.dll.InterlockedExchange
- kernelbase.dll.InterlockedDecrement
- kernel32.dll.QueueUserAPC
- kernelbase.dll.GetSystemDirectoryW
- winmm.dll.midiStreamOut
- ws2_32.dll.#116
- kernel32.dll.GetSystemDirectoryA
- user32.dll.PeekMessageA
- winspool.drv.OpenPrinterA
- advapi32.dll.RegQueryValueExA
- shell32.dll.ShellExecuteA
- ole32.dll.CLSIDFromProgID
- oleaut32.dll.#186
- comctl32.dll.#17
- comdlg32.dll.ChooseColorA
- msvcrt.dll.strncpy
- iphlpapi.dll.GetInterfaceInfo
- psapi.dll.GetMappedFileNameW
- cryptbase.dll.SystemFunction036
- kernel32.dll.VirtualProtect
- kernel32.dll.VirtualAlloc
- comctl32.dll.ImageList_Draw
- msimg32.dll.TransparentBlt
- msvfw32.dll.DrawDibOpen
- user32.dll.GetDC
- kernel32.dll.FlushInstructionCache
- kernel32.dll.VirtualQuery
- kernel32.dll.FindResourceA
- kernel32.dll.GetVersion
- kernel32.dll.CreateFileA
- comctl32.dll.ImageList_GetIcon
- comctl32.dll.ImageList_GetImageInfo
- comctl32.dll.ImageList_GetIconSize
- gdi32.dll.SetWindowExtEx
- gdi32.dll.SetWindowOrgEx
- gdi32.dll.SetMapMode
- gdi32.dll.SelectClipPath
- gdi32.dll.EndPath
- gdi32.dll.BeginPath
- gdi32.dll.CreatePatternBrush
- gdi32.dll.CreateFontIndirectA
- gdi32.dll.GetTextExtentPoint32A
- gdi32.dll.CreateRoundRectRgn
- gdi32.dll.CreateFontA
- gdi32.dll.SetViewportExtEx
- gdi32.dll.SelectClipRgn
- gdi32.dll.ExtCreateRegion
- gdi32.dll.SetPixel
- gdi32.dll.PtInRegion
- gdi32.dll.GetObjectA
- msvcrt.dll.??3@YAXPAX@Z
- msvcrt.dll.__CxxFrameHandler
- msvcrt.dll.??2@YAPAXI@Z
- msvcrt.dll._ftol
- msvcrt.dll._mbsstr
- msvcrt.dll._mbscmp
- msvcrt.dll.__dllonexit
- msvcrt.dll._adjust_fdiv
- msvcrt.dll._onexit
- msvfw32.dll.DrawDibDraw
- msvfw32.dll.DrawDibClose
- user32.dll.SetWindowsHookExA
- user32.dll.UnhookWindowsHookEx
- user32.dll.CallNextHookEx
- user32.dll.GetClassNameA
- user32.dll.IsWindow
- user32.dll.EnumThreadWindows
- user32.dll.EnumChildWindows
- user32.dll.LockWindowUpdate
- user32.dll.DestroyIcon
- user32.dll.DrawStateA
- user32.dll.ShowWindow
- user32.dll.GetMenuItemID
- user32.dll.GetWindowRgn
- user32.dll.SetMenu
- user32.dll.GetMenu
- user32.dll.GetSubMenu
- user32.dll.TrackPopupMenu
- user32.dll.CreateWindowExA
- user32.dll.DestroyWindow
- user32.dll.GetWindowInfo
- user32.dll.SetWindowPos
- user32.dll.GetClassLongA
- user32.dll.ScreenToClient
- user32.dll.SystemParametersInfoA
- user32.dll.GetSystemMetrics
- user32.dll.MenuItemFromPoint
- user32.dll.GetMenuItemRect
- user32.dll.GetMenuItemCount
- user32.dll.SetMenuItemInfoA
- user32.dll.IsMenu
- user32.dll.GetUpdateRect
- user32.dll.EqualRect
- user32.dll.ShowScrollBar
- user32.dll.SetWindowRgn
- user32.dll.WindowFromDC
- user32.dll.MoveWindow
- user32.dll.GetSysColor
- user32.dll.EnableScrollBar
- user32.dll.GetScrollBarInfo
- user32.dll.GetCapture
- user32.dll.SetScrollPos
- user32.dll.SetScrollInfo
- user32.dll.GetScrollRange
- user32.dll.GetScrollPos
- user32.dll.GetScrollInfo
- user32.dll.ReleaseDC
- user32.dll.GetWindowDC
- user32.dll.GetDCEx
- user32.dll.EndPaint
- user32.dll.BeginPaint
- user32.dll.GetWindowLongW
- user32.dll.SetWindowLongW
- user32.dll.SetWindowLongA
- user32.dll.ClientToScreen
- user32.dll.FindWindowExA
- user32.dll.GetMenuItemInfoA
- user32.dll.GetParent
- user32.dll.GetComboBoxInfo
- user32.dll.TrackMouseEvent
- user32.dll.GetIconInfo
- user32.dll.GetClientRect
- user32.dll.GetFocus
- user32.dll.InflateRect
- user32.dll.InvalidateRect
- user32.dll.SetPropA
- user32.dll.RemovePropA
- user32.dll.CallWindowProcA
- user32.dll.GetPropA
- user32.dll.SetTimer
- user32.dll.OffsetRect
- user32.dll.KillTimer
- user32.dll.EnableWindow
- user32.dll.GetWindowLongA
- user32.dll.SetRectEmpty
- user32.dll.DrawIconEx
- user32.dll.GetWindowTextA
- user32.dll.DrawTextA
- user32.dll.IsRectEmpty
- user32.dll.IsIconic
- user32.dll.IsZoomed
- user32.dll.GetSystemMenu
- user32.dll.GetMenuState
- user32.dll.ReleaseCapture
- user32.dll.GetMessageA
- user32.dll.SetScrollRange
- user32.dll.DispatchMessageA
- user32.dll.SetRect
- user32.dll.IsWindowVisible
- user32.dll.RegisterClassExA
- user32.dll.DefWindowProcA
- user32.dll.IsWindowEnabled
- user32.dll.SendMessageA
- user32.dll.GetCursorPos
- user32.dll.LoadCursorA
- user32.dll.SetCursor
- user32.dll.GetWindowRect
- user32.dll.PtInRect
- user32.dll.SetCapture
- user32.dll.UpdateLayeredWindow
- user32.dll.SetLayeredWindowAttributes
- dciman32.dll.DCIOpenProvider
- dciman32.dll.DCICloseProvider
- dciman32.dll.DCICreatePrimary
- dciman32.dll.DCIEndAccess
- dciman32.dll.DCIBeginAccess
- dciman32.dll.DCIDestroy
- uxtheme.dll.EnableThemeDialogTexture
- uxtheme.dll.OpenThemeData
- imm32.dll.ImmIsIME
- gdi32.dll.GdiRealizationInfo
- gdi32.dll.FontIsLinked
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegQueryInfoKeyW
- advapi32.dll.RegEnumValueW
- advapi32.dll.RegCloseKey
- advapi32.dll.RegQueryValueExW
- advapi32.dll.RegEnumKeyExW
- gdi32.dll.GetTextExtentExPointWPri
- ole32.dll.CoInitializeEx
- ole32.dll.CoUninitialize
- ole32.dll.CoRegisterInitializeSpy
- ole32.dll.CoRevokeInitializeSpy
- oleaut32.dll.SysAllocString
- oleaut32.dll.SysStringLen
- oleaut32.dll.SysFreeString
- uxtheme.dll.BufferedPaintInit
- uxtheme.dll.BeginBufferedPaint
- uxtheme.dll.BufferedPaintUnInit