魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2019-07-21 16:36:58 | 2019-07-21 16:39:24 | 146 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-hpdapp01-1 | win7-sp1-x64-hpdapp01-1 | KVM | 2019-07-21 16:37:09 | 2019-07-21 16:39:26 |
| 魔盾分数 |
|---|
5.85可疑的 |
文件详细信息
| 文件名 | 6.24日更新多功能盒子.exe |
|---|---|
| 文件大小 | 5377536 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| CRC32 | 94C9A3AC |
| MD5 | f4725c2376ce53c974cd2eec44533efe |
| SHA1 | 7d95bc78569da07ce72dbafec0f89618c97e1c83 |
| SHA256 | ebd83e079974d98d028a62b34b126d097a95d365b0d08f314366fddfce412e72 |
| SHA512 | 9578b753b2d317a52e519dfd18f8aae58db8dc3dac4bb529e7b3f99f0e6cadf427ec8a3bed45627fffa3de1982c985522cc993006e5e7d903f4c16606957cebb |
| Ssdeep | 98304:OFBfYWAvO3NunLjbzxMoCK2bjmYOyLJ+ZbXJMP/ydShHQnJ64j:mNYWAANwWzbSUdSbe/yEwU4 |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal | 无此文件扫描结果 |
特征
创建RWX内存
通过进程尝试延迟分析任务
Process: 6.24________________________.exe tried to sleep 60 seconds, actually delayed analysis time by 0 seconds
生成了一些ICMP流量
二进制文件可能包含加密或压缩数据
section: name: UPX1, entropy: 8.00, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x0050e800, virtual_size: 0x0050f000
从文件自身的二进制镜像中读取数据
self_read: process: 6.24________________________.exe, pid: 2656, offset: 0x00000000, length: 0x00000040
self_read: process: 6.24________________________.exe, pid: 2656, offset: 0x000000f8, length: 0x00000020
self_read: process: 6.24________________________.exe, pid: 2656, offset: 0x0000017b, length: 0x00080000
可执行文件被使用UPX压缩
section: name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x00970000
尝试断开连接或更改沙箱进程监控的Windows功能
unhook: function_name: SetWindowLongA, type: modification
unhook: function_name: SetWindowLongW, type: modification
魔盾安全Yara规则检测结果 - 高危
Informational: Detected Entropy signature
Informational: Detected Rich Signature
Warning: Create a new process
Warning: Detected take screenshot function
Warning: Affect system registries
Critical: Detects malicious behaviors from a small size app
Informational: Detected no presence of any attachment
Critical: Contains an embedded Mach-O file
Informational: Detected no presence of any image
Informational: Detected no presence of any url
Warning: Detected UPX. Commonly used by RAT!
Informational: UPXv20MarkusLaszloReiser
Informational: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 是 | 43.248.186.95 | China |
TCP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.201 | 49160 |
ICMP请求
| 源地址 | 目标地址 | ICMP类型 | ICMP数据 |
|---|---|---|---|
| 192.168.122.201 | 43.248.186.95 | 8 | |
| 43.248.186.95 | 192.168.122.201 | 0 |
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0127eb50 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00525845 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2019-06-24 15:26:42 |
| 载入哈希 | 691ad85fc50a3da7138374b0287205ed |
版本信息
| LegalCopyright: | \u4f5c\u8005\u7248\u6743\u6240\u6709 \u8bf7\u5c0a\u91cd\u5e76\u4f7f\u7528\u6b63\u7248 |
| FileVersion: | 1.0.0.0 |
| Comments: | \u672c\u7a0b\u5e8f\u4f7f\u7528\u6613\u8bed\u8a00\u7f16\u5199(http://www.eyuyan.com) |
| ProductName: | \u6613\u8bed\u8a00\u7a0b\u5e8f |
| ProductVersion: | 1.0.0.0 |
| FileDescription: | M Y\u5e94\u7528\u7a0b\u5e8f |
| Translation: | 0x0804 0x04b0 |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x00970000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| UPX1 | 0x00971000 | 0x0050f000 | 0x0050e800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 8.00 |
| .rsrc | 0x00e80000 | 0x00013000 | 0x00012200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.66 |
导入
库 ADVAPI32.dll:
• 0x1291e28 - RegCloseKey
库 AVIFIL32.dll:
• 0x1291e30 - AVIStreamInfoA
库 COMCTL32.dll:
• 0x1291e38 - None
库 comdlg32.dll:
• 0x1291e40 - ChooseFontA
库 GDI32.dll:
• 0x1291e48 - DPtoLP
库 KERNEL32.DLL:
• 0x1291e50 - LoadLibraryA
• 0x1291e54 - ExitProcess
• 0x1291e58 - GetProcAddress
• 0x1291e5c - VirtualProtect
库 MSIMG32.dll:
• 0x1291e64 - GradientFill
库 MSVFW32.dll:
• 0x1291e6c - DrawDibDraw
库 ole32.dll:
• 0x1291e74 - OleRun
库 OLEAUT32.dll:
• 0x1291e7c - VariantInit
库 oledlg.dll:
• 0x1291e84 - None
库 SHELL32.dll:
• 0x1291e8c - ShellExecuteA
库 USER32.dll:
• 0x1291e94 - GetDC
库 WINMM.dll:
• 0x1291e9c - PlaySoundA
库 WINSPOOL.DRV:
• 0x1291ea4 - ClosePrinter
库 WS2_32.dll:
• 0x1291eac - WSAAsyncSelect
投放文件
行为分析
互斥量(Mutexes)
- Local\MSCTF.Asm.MutexDefault1
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
6.24________________________.exe PID: 2656, 上一级进程 PID: 2300
访问的文件
- C:\Users\test\AppData\Local\Temp\HPSocket4C.dll
- C:\Windows\Fonts\staticcache.dat
- C:\
- C:\Users\test\AppData\Local\Temp\kernel32.DLL
- C:\Users\test\AppData\Local\Temp\Kernel32.DLL
- C:\Users\test\AppData\Local\Temp\ole32.dll
- C:\Users\test\AppData\Local\Temp\.\xe7\x9d\xbaw
- C:\Users\test\AppData\Local\Temp\6.24________________________.exe
- C:\Users\test\AppData\Local\Temp\gdiplus.dll
- C:\Users\test\AppData\Local\Temp\6.24________________________.exe.Local\
- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
- C:\Users\test\AppData\Local\Temp\user32.DLL
- C:\Users\test\AppData\Local\Temp\user32.dll
- C:\Users\test\AppData\Local\Temp\Kernel32.dll
- C:\Users\test\AppData\Local\Temp\kernel32.dll
- C:\Users
- C:\Users\test
- C:\Users\test\AppData
- C:\Users\test\AppData\Local
- C:\Users\test\AppData\Local\Temp
- C:\Users\test\AppData\Local\Temp\{4502EA5A-3C8C-41c0-A9EC-1A5085906CBB}.tmp
- \??\Nsi
- C:\Windows\pz.ini
- C:\Users\test\AppData\Local\Temp\Ole32.dll
- C:\Users\test\AppData\Local\Temp\GdiPlus.dll
- C:\Users\test\AppData\Local\Temp\gdi32.DLL
读取的文件
- C:\Windows\Fonts\staticcache.dat
- C:\Users\test\AppData\Local\Temp\HPSocket4C.dll
- C:\Users\test\AppData\Local\Temp\.\xe7\x9d\xbaw
- C:\Users\test\AppData\Local\Temp\6.24________________________.exe
- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
- C:\Users\test\AppData\Local\Temp\{4502EA5A-3C8C-41c0-A9EC-1A5085906CBB}.tmp
- C:\Windows\pz.ini
修改的文件
- C:\Users\test\AppData\Local\Temp\HPSocket4C.dll
- C:\Users\test\AppData\Local\Temp\{4502EA5A-3C8C-41c0-A9EC-1A5085906CBB}.tmp
删除的文件
- C:\Users\test\AppData\Local\Temp\{4502EA5A-3C8C-41c0-A9EC-1A5085906CBB}.tmp
注册表键
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\6.24________________________.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_CURRENT_USER
- HKEY_CURRENT_USER\Keyboard Layout\Toggle
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
- HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Parameters\Transports
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Winsock\Mapping
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\Mapping
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Setup Migration\Providers\Tcpip
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\MinSockaddrLength
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\HelperDllName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DRIVERS32
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave1
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave2
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave3
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave4
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave5
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave6
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave7
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave8
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave9
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi1
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi2
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi3
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi4
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi5
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi6
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi7
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi8
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi9
- HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm
- HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Multimedia\MIDIMap
- HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
- HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\\xe5\xae\x8b\xe4\xbd\x93
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe9\xbb\x91\xe4\xbd\x93
读取的注册表键
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Parameters\Transports
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Winsock\Mapping
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\Mapping
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\MinSockaddrLength
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\HelperDllName
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave1
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave2
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave3
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave4
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave5
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave6
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave7
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave8
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave9
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi1
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi2
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi3
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi4
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi5
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi6
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi7
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi8
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi9
- HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\\xe5\xae\x8b\xe4\xbd\x93
修改的注册表键
无信息
删除的注册表键
无信息
API解析
- kernel32.dll.SetLastError
- kernel32.dll.GetTimeZoneInformation
- kernel32.dll.GetVersion
- kernel32.dll.IsDBCSLeadByte
- kernel32.dll.lstrcmpA
- kernel32.dll.lstrcmpiA
- kernel32.dll.lstrcpynA
- kernel32.dll.FileTimeToSystemTime
- kernel32.dll.GetFileType
- kernel32.dll.DuplicateHandle
- kernel32.dll.SystemTimeToFileTime
- kernel32.dll.GetLocalTime
- kernel32.dll.DosDateTimeToFileTime
- kernel32.dll.SetFileTime
- kernel32.dll.GetTempFileNameA
- kernel32.dll.CreateMutexA
- kernel32.dll.ReleaseMutex
- kernel32.dll.SuspendThread
- kernel32.dll.InterlockedIncrement
- kernel32.dll.InterlockedDecrement
- kernel32.dll.LocalFree
- kernel32.dll.FormatMessageA
- kernel32.dll.FlushFileBuffers
- kernel32.dll.LockFile
- kernel32.dll.UnlockFile
- kernel32.dll.SetEndOfFile
- kernel32.dll.GetThreadLocale
- kernel32.dll.GlobalDeleteAtom
- kernel32.dll.GlobalFindAtomA
- kernel32.dll.GlobalAddAtomA
- kernel32.dll.GlobalGetAtomNameA
- kernel32.dll.LocalAlloc
- kernel32.dll.TlsAlloc
- kernel32.dll.GlobalHandle
- kernel32.dll.TlsFree
- kernel32.dll.TlsSetValue
- kernel32.dll.LocalReAlloc
- kernel32.dll.TlsGetValue
- kernel32.dll.GetFileTime
- kernel32.dll.GetCurrentThread
- kernel32.dll.GlobalFlags
- kernel32.dll.SetErrorMode
- kernel32.dll.GetProcessVersion
- kernel32.dll.GetCPInfo
- kernel32.dll.GetOEMCP
- kernel32.dll.GetStartupInfoA
- kernel32.dll.RtlUnwind
- kernel32.dll.GetSystemTime
- kernel32.dll.RaiseException
- kernel32.dll.HeapSize
- kernel32.dll.GetACP
- kernel32.dll.UnhandledExceptionFilter
- kernel32.dll.FreeEnvironmentStringsA
- kernel32.dll.FreeEnvironmentStringsW
- kernel32.dll.GetEnvironmentStrings
- kernel32.dll.GetEnvironmentStringsW
- kernel32.dll.SetHandleCount
- kernel32.dll.GetStdHandle
- kernel32.dll.GetEnvironmentVariableA
- kernel32.dll.HeapDestroy
- kernel32.dll.HeapCreate
- kernel32.dll.VirtualFree
- kernel32.dll.SetEnvironmentVariableA
- kernel32.dll.LCMapStringA
- kernel32.dll.LCMapStringW
- kernel32.dll.VirtualAlloc
- kernel32.dll.IsBadWritePtr
- kernel32.dll.GetStringTypeA
- kernel32.dll.GetStringTypeW
- kernel32.dll.SetUnhandledExceptionFilter
- kernel32.dll.CompareStringA
- kernel32.dll.CompareStringW
- kernel32.dll.IsBadReadPtr
- kernel32.dll.IsBadCodePtr
- kernel32.dll.SetStdHandle
- kernel32.dll.TerminateProcess
- kernel32.dll.GetCurrentProcess
- kernel32.dll.GetFileSize
- kernel32.dll.SetFilePointer
- kernel32.dll.TerminateThread
- kernel32.dll.CreateSemaphoreA
- kernel32.dll.ResumeThread
- kernel32.dll.ReleaseSemaphore
- kernel32.dll.EnterCriticalSection
- kernel32.dll.LeaveCriticalSection
- kernel32.dll.GetProfileStringA
- kernel32.dll.WriteFile
- kernel32.dll.WaitForMultipleObjects
- kernel32.dll.CreateFileA
- kernel32.dll.SetEvent
- kernel32.dll.FindResourceA
- kernel32.dll.LoadResource
- kernel32.dll.LockResource
- kernel32.dll.ReadFile
- kernel32.dll.lstrlenW
- kernel32.dll.GetModuleFileNameA
- kernel32.dll.WideCharToMultiByte
- kernel32.dll.MultiByteToWideChar
- kernel32.dll.GetCurrentThreadId
- kernel32.dll.ExitProcess
- kernel32.dll.GlobalSize
- kernel32.dll.GlobalFree
- kernel32.dll.DeleteCriticalSection
- kernel32.dll.InitializeCriticalSection
- kernel32.dll.lstrcatA
- kernel32.dll.lstrlenA
- kernel32.dll.WinExec
- kernel32.dll.lstrcpyA
- kernel32.dll.FindNextFileA
- kernel32.dll.GlobalReAlloc
- kernel32.dll.HeapFree
- kernel32.dll.HeapReAlloc
- kernel32.dll.GetProcessHeap
- kernel32.dll.HeapAlloc
- kernel32.dll.GetUserDefaultLCID
- kernel32.dll.GetFullPathNameA
- kernel32.dll.FreeLibrary
- kernel32.dll.LoadLibraryA
- kernel32.dll.GetLastError
- kernel32.dll.GetVersionExA
- kernel32.dll.WritePrivateProfileStringA
- kernel32.dll.GetPrivateProfileStringA
- kernel32.dll.CreateThread
- kernel32.dll.CreateEventA
- kernel32.dll.Sleep
- kernel32.dll.ExpandEnvironmentStringsA
- kernel32.dll.GlobalAlloc
- kernel32.dll.GlobalLock
- kernel32.dll.GlobalUnlock
- kernel32.dll.GetTempPathA
- kernel32.dll.FindFirstFileA
- kernel32.dll.FindClose
- kernel32.dll.SetFileAttributesA
- kernel32.dll.GetFileAttributesA
- kernel32.dll.DeleteFileA
- kernel32.dll.CreateDirectoryA
- kernel32.dll.SetCurrentDirectoryA
- kernel32.dll.GetVolumeInformationA
- kernel32.dll.GetModuleHandleA
- kernel32.dll.GetProcAddress
- kernel32.dll.MulDiv
- kernel32.dll.GetCommandLineA
- kernel32.dll.GetTickCount
- kernel32.dll.CreateProcessA
- kernel32.dll.WaitForSingleObject
- kernel32.dll.CloseHandle
- kernel32.dll.InterlockedExchange
- kernel32.dll.FileTimeToLocalFileTime
- advapi32.dll.RegCreateKeyExA
- advapi32.dll.RegCloseKey
- advapi32.dll.RegQueryValueExA
- advapi32.dll.RegOpenKeyExA
- advapi32.dll.RegSetValueExA
- advapi32.dll.RegCreateKeyA
- advapi32.dll.RegQueryValueA
- avifil32.dll.AVIStreamGetFrame
- avifil32.dll.AVIStreamInfoA
- comctl32.dll.#17
- comctl32.dll.ImageList_AddMasked
- comctl32.dll.ImageList_Draw
- comctl32.dll.ImageList_SetBkColor
- comctl32.dll.ImageList_GetImageCount
- comctl32.dll.ImageList_GetImageInfo
- comctl32.dll.ImageList_GetIcon
- comctl32.dll.ImageList_ReplaceIcon
- comctl32.dll.ImageList_Destroy
- comctl32.dll.ImageList_LoadImageA
- comctl32.dll.ImageList_Create
- comctl32.dll.ImageList_Read
- comctl32.dll.ImageList_DrawIndirect
- comctl32.dll.ImageList_Duplicate
- comctl32.dll._TrackMouseEvent
- comdlg32.dll.ChooseColorA
- comdlg32.dll.ChooseFontA
- comdlg32.dll.GetOpenFileNameA
- comdlg32.dll.GetSaveFileNameA
- comdlg32.dll.GetFileTitleA
- gdi32.dll.RoundRect
- gdi32.dll.GetCurrentObject
- gdi32.dll.DPtoLP
- gdi32.dll.LPtoDP
- gdi32.dll.Rectangle
- gdi32.dll.Ellipse
- gdi32.dll.CreateCompatibleDC
- gdi32.dll.GetPixel
- gdi32.dll.GetTextExtentPoint32A
- gdi32.dll.StartPage
- gdi32.dll.SetPixelV
- gdi32.dll.BitBlt
- gdi32.dll.StartDocA
- gdi32.dll.DeleteDC
- gdi32.dll.GetMapMode
- gdi32.dll.GetTextMetricsA
- gdi32.dll.EndDoc
- gdi32.dll.EndPage
- gdi32.dll.GetObjectA
- gdi32.dll.GetStockObject
- gdi32.dll.CreateFontIndirectA
- gdi32.dll.CreateSolidBrush
- gdi32.dll.FillRgn
- gdi32.dll.CreateRectRgn
- gdi32.dll.CombineRgn
- gdi32.dll.PatBlt
- gdi32.dll.CreatePen
- gdi32.dll.SelectObject
- gdi32.dll.CreatePatternBrush
- gdi32.dll.CreateBitmap
- gdi32.dll.CreateBrushIndirect
- gdi32.dll.CreateDCA
- gdi32.dll.CreateCompatibleBitmap
- gdi32.dll.GetPolyFillMode
- gdi32.dll.GetStretchBltMode
- gdi32.dll.GetROP2
- gdi32.dll.GetBkColor
- gdi32.dll.GetBkMode
- gdi32.dll.GetTextColor
- gdi32.dll.CreateRoundRectRgn
- gdi32.dll.CreateEllipticRgn
- gdi32.dll.PathToRegion
- gdi32.dll.EndPath
- gdi32.dll.BeginPath
- gdi32.dll.GetWindowOrgEx
- gdi32.dll.GetViewportOrgEx
- gdi32.dll.GetWindowExtEx
- gdi32.dll.GetDIBits
- gdi32.dll.RealizePalette
- gdi32.dll.SelectPalette
- gdi32.dll.StretchBlt
- gdi32.dll.CreatePalette
- gdi32.dll.GetSystemPaletteEntries
- gdi32.dll.CreateDIBitmap
- gdi32.dll.DeleteObject
- gdi32.dll.SelectClipRgn
- gdi32.dll.CreatePolygonRgn
- gdi32.dll.GetClipRgn
- gdi32.dll.SetStretchBltMode
- gdi32.dll.ExtCreateRegion
- gdi32.dll.SetPixel
- gdi32.dll.CreateDIBSection
- gdi32.dll.CreateRectRgnIndirect
- gdi32.dll.SetBkColor
- gdi32.dll.TextOutA
- gdi32.dll.SetBkMode
- gdi32.dll.SetTextColor
- gdi32.dll.SetDIBitsToDevice
- gdi32.dll.SetWindowOrgEx
- gdi32.dll.SaveDC
- gdi32.dll.RestoreDC
- gdi32.dll.CreatePenIndirect
- gdi32.dll.PtVisible
- gdi32.dll.RectVisible
- gdi32.dll.ExtTextOutA
- gdi32.dll.Escape
- gdi32.dll.SetPolyFillMode
- gdi32.dll.SetROP2
- gdi32.dll.SetMapMode
- gdi32.dll.SetViewportOrgEx
- gdi32.dll.OffsetViewportOrgEx
- gdi32.dll.SetViewportExtEx
- gdi32.dll.ScaleViewportExtEx
- gdi32.dll.SetWindowExtEx
- gdi32.dll.ScaleWindowExtEx
- gdi32.dll.GetClipBox
- gdi32.dll.ExcludeClipRect
- gdi32.dll.MoveToEx
- gdi32.dll.LineTo
- gdi32.dll.ExtSelectClipRgn
- gdi32.dll.GetViewportExtEx
- gdi32.dll.GetDeviceCaps
- msimg32.dll.GradientFill
- msvfw32.dll.DrawDibDraw
- ole32.dll.CoTaskMemFree
- ole32.dll.CoTaskMemAlloc
- ole32.dll.CLSIDFromProgID
- ole32.dll.OleInitialize
- ole32.dll.OleUninitialize
- ole32.dll.CLSIDFromString
- ole32.dll.CoGetClassObject
- ole32.dll.CoCreateInstance
- ole32.dll.OleRun
- ole32.dll.StgOpenStorageOnILockBytes
- ole32.dll.StgCreateDocfileOnILockBytes
- ole32.dll.CreateILockBytesOnHGlobal
- ole32.dll.CoFreeUnusedLibraries
- ole32.dll.CoRegisterMessageFilter
- ole32.dll.CoRevokeClassObject
- ole32.dll.OleFlushClipboard
- ole32.dll.OleIsCurrentClipboard
- oleaut32.dll.#24
- oleaut32.dll.#23
- oleaut32.dll.#25
- oleaut32.dll.#11
- oleaut32.dll.#185
- oleaut32.dll.#7
- oleaut32.dll.#4
- oleaut32.dll.#150
- oleaut32.dll.#18
- oleaut32.dll.#6
- oleaut32.dll.#186
- oleaut32.dll.#420
- oleaut32.dll.#2
- oleaut32.dll.#16
- oleaut32.dll.#15
- oleaut32.dll.#26
- oleaut32.dll.#163
- oleaut32.dll.#165
- oleaut32.dll.#161
- oleaut32.dll.#17
- oleaut32.dll.#20
- oleaut32.dll.#19
- oleaut32.dll.#12
- oleaut32.dll.#9
- oleaut32.dll.#10
- oleaut32.dll.#8
- oledlg.dll.#8
- shell32.dll.Shell_NotifyIconA
- shell32.dll.ShellExecuteA
- user32.dll.ScrollWindowEx
- user32.dll.IsDialogMessageA
- user32.dll.CheckMenuItem
- user32.dll.SetMenuItemBitmaps
- user32.dll.GetMenuCheckMarkDimensions
- user32.dll.CharNextA
- user32.dll.SetWindowContextHelpId
- user32.dll.MapDialogRect
- user32.dll.LoadStringA
- user32.dll.GetSysColorBrush
- user32.dll.GetNextDlgGroupItem
- user32.dll.PostThreadMessageA
- user32.dll.GetWindowDC
- user32.dll.UnhookWindowsHookEx
- user32.dll.CallNextHookEx
- user32.dll.SetWindowsHookExA
- user32.dll.GetPropA
- user32.dll.MoveWindow
- user32.dll.CallWindowProcA
- user32.dll.SetPropA
- user32.dll.DrawTextA
- user32.dll.GetCursor
- user32.dll.DrawStateA
- user32.dll.FrameRect
- user32.dll.GetNextDlgTabItem
- user32.dll.LoadIconA
- user32.dll.TranslateMessage
- user32.dll.DrawFrameControl
- user32.dll.DrawEdge
- user32.dll.DrawFocusRect
- user32.dll.WindowFromPoint
- user32.dll.GetMessageA
- user32.dll.DispatchMessageA
- user32.dll.SetRectEmpty
- user32.dll.RegisterClipboardFormatA
- user32.dll.CreateIconFromResourceEx
- user32.dll.CreateIconFromResource
- user32.dll.DrawIconEx
- user32.dll.CreatePopupMenu
- user32.dll.AppendMenuA
- user32.dll.ModifyMenuA
- user32.dll.CreateMenu
- user32.dll.CreateAcceleratorTableA
- user32.dll.GetDlgCtrlID
- user32.dll.GetSubMenu
- user32.dll.EnableMenuItem
- user32.dll.ClientToScreen
- user32.dll.EnumDisplaySettingsA
- user32.dll.LoadImageA
- user32.dll.SystemParametersInfoA
- user32.dll.ShowWindow
- user32.dll.IsWindowEnabled
- user32.dll.TranslateAcceleratorA
- user32.dll.GetKeyState
- user32.dll.CopyAcceleratorTableA
- user32.dll.PostQuitMessage
- user32.dll.IsZoomed
- user32.dll.GetClassInfoA
- user32.dll.DefWindowProcA
- user32.dll.GetSystemMenu
- user32.dll.GetMenu
- user32.dll.SetMenu
- user32.dll.PeekMessageA
- user32.dll.IsIconic
- user32.dll.SetFocus
- user32.dll.GetActiveWindow
- user32.dll.GetWindow
- user32.dll.DestroyAcceleratorTable
- user32.dll.SetWindowRgn
- user32.dll.GetMessagePos
- user32.dll.ScreenToClient
- user32.dll.ChildWindowFromPointEx
- user32.dll.CopyRect
- user32.dll.LoadBitmapA
- user32.dll.WinHelpA
- user32.dll.KillTimer
- user32.dll.SetTimer
- user32.dll.ReleaseCapture
- user32.dll.GetCapture
- user32.dll.SetCapture
- user32.dll.GetScrollRange
- user32.dll.SetScrollRange
- user32.dll.SetScrollPos
- user32.dll.SetRect
- user32.dll.InflateRect
- user32.dll.IntersectRect
- user32.dll.PtInRect
- user32.dll.OffsetRect
- user32.dll.IsWindowVisible
- user32.dll.EnableWindow
- user32.dll.RedrawWindow
- user32.dll.GetWindowLongA
- user32.dll.SetWindowLongA
- user32.dll.GetSysColor
- user32.dll.SetActiveWindow
- user32.dll.SetCursorPos
- user32.dll.LoadCursorA
- user32.dll.SetCursor
- user32.dll.GetDC
- user32.dll.FillRect
- user32.dll.IsRectEmpty
- user32.dll.ReleaseDC
- user32.dll.IsChild
- user32.dll.TrackPopupMenu
- user32.dll.DestroyMenu
- user32.dll.SetForegroundWindow
- user32.dll.GetWindowRect
- user32.dll.EqualRect
- user32.dll.UpdateWindow
- user32.dll.ValidateRect
- user32.dll.InvalidateRect
- user32.dll.GetClientRect
- user32.dll.GetFocus
- user32.dll.GetParent
- user32.dll.GetTopWindow
- user32.dll.PostMessageA
- user32.dll.IsWindow
- user32.dll.SetParent
- user32.dll.DestroyCursor
- user32.dll.SendMessageA
- user32.dll.SetWindowPos
- user32.dll.MessageBeep
- user32.dll.MessageBoxA
- user32.dll.GetCursorPos
- user32.dll.GetSystemMetrics
- user32.dll.EmptyClipboard
- user32.dll.SetClipboardData
- user32.dll.OpenClipboard
- user32.dll.GetClipboardData
- user32.dll.CloseClipboard
- user32.dll.wsprintfA
- user32.dll.WaitForInputIdle
- user32.dll.SendDlgItemMessageA
- user32.dll.MapWindowPoints
- user32.dll.AdjustWindowRectEx
- user32.dll.GetScrollPos
- user32.dll.RegisterClassA
- user32.dll.CreateWindowExA
- user32.dll.GetClassLongA
- user32.dll.RemovePropA
- user32.dll.GetMessageTime
- user32.dll.GetLastActivePopup
- user32.dll.GetForegroundWindow
- user32.dll.RegisterWindowMessageA
- user32.dll.GetWindowPlacement
- user32.dll.EndDialog
- user32.dll.CreateDialogIndirectParamA
- user32.dll.DestroyWindow
- user32.dll.EndPaint
- user32.dll.BeginPaint
- user32.dll.GetWindowTextLengthA
- user32.dll.CharUpperA
- user32.dll.FindWindowExA
- user32.dll.GetDlgItem
- user32.dll.GetClassNameA
- user32.dll.GetDesktopWindow
- user32.dll.GetWindowTextA
- user32.dll.SetWindowTextA
- user32.dll.GetMenuItemCount
- user32.dll.GetMenuItemID
- user32.dll.GetMenuStringA
- user32.dll.GetMenuState
- user32.dll.GetTabbedTextExtentA
- user32.dll.GrayStringA
- user32.dll.TabbedTextOutA
- user32.dll.WindowFromDC
- user32.dll.DeleteMenu
- user32.dll.EnumChildWindows
- user32.dll.DestroyIcon
- user32.dll.UnregisterClassA
- winmm.dll.midiStreamStop
- winmm.dll.waveOutRestart
- winmm.dll.midiOutReset
- winmm.dll.midiStreamClose
- winmm.dll.midiStreamRestart
- winmm.dll.midiStreamOut
- winmm.dll.midiOutPrepareHeader
- winmm.dll.midiStreamProperty
- winmm.dll.midiStreamOpen
- winmm.dll.midiOutUnprepareHeader
- winmm.dll.waveOutOpen
- winmm.dll.waveOutGetNumDevs
- winmm.dll.waveOutClose
- winmm.dll.waveOutReset
- winmm.dll.waveOutPause
- winmm.dll.waveOutPrepareHeader
- winmm.dll.waveOutUnprepareHeader
- winmm.dll.PlaySoundA
- winmm.dll.waveOutWrite
- winspool.drv.ClosePrinter
- winspool.drv.DocumentPropertiesA
- winspool.drv.OpenPrinterA
- ws2_32.dll.#19
- ws2_32.dll.#18
- ws2_32.dll.#116
- ws2_32.dll.#115
- ws2_32.dll.#52
- ws2_32.dll.#12
- ws2_32.dll.#11
- ws2_32.dll.#57
- ws2_32.dll.#3
- ws2_32.dll.#14
- ws2_32.dll.#6
- ws2_32.dll.#15
- ws2_32.dll.#111
- ws2_32.dll.#22
- ws2_32.dll.#151
- ws2_32.dll.#1
- ws2_32.dll.#5
- ws2_32.dll.#13
- ws2_32.dll.#16
- ws2_32.dll.#4
- ws2_32.dll.#10
- ws2_32.dll.#17
- ws2_32.dll.#20
- ws2_32.dll.#23
- ws2_32.dll.#8
- ws2_32.dll.#2
- ws2_32.dll.#9
- ws2_32.dll.#101
- kernel32.dll.IsProcessorFeaturePresent
- cryptbase.dll.SystemFunction036
- gdi32.dll.GetLayout
- gdi32.dll.GdiRealizationInfo
- gdi32.dll.FontIsLinked
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegQueryInfoKeyW
- gdi32.dll.GetTextFaceAliasW
- advapi32.dll.RegEnumValueW
- advapi32.dll.RegQueryValueExW
- advapi32.dll.RegEnumKeyExW
- gdi32.dll.GetTextExtentExPointWPri
- comctl32.dll.RegisterClassNameW
- uxtheme.dll.EnableThemeDialogTexture
- uxtheme.dll.OpenThemeData
- ole32.dll.CoInitializeEx
- ole32.dll.CoUninitialize
- ole32.dll.CoRegisterInitializeSpy
- ole32.dll.CoRevokeInitializeSpy
- user32.dll.MonitorFromWindow
- user32.dll.MonitorFromRect
- user32.dll.MonitorFromPoint
- user32.dll.EnumDisplayMonitors
- user32.dll.GetMonitorInfoA
- gdi32.dll.GetFontAssocStatus
- oleaut32.dll.SysAllocString
- oleaut32.dll.SysStringLen
- oleaut32.dll.SysFreeString
- kernel32.dll.DeleteTimerQueueTimer
- kernel32.dll.CreateTimerQueue
- kernel32.dll.DeleteTimerQueueEx
- kernel32.dll.CreateWaitableTimerA
- kernel32.dll.SizeofResource
- kernel32.dll.FindResourceW
- kernel32.dll.FindResourceExW
- kernel32.dll.GetSystemInfo
- kernel32.dll.GetExitCodeThread
- kernel32.dll.ResetEvent
- kernel32.dll.PostQueuedCompletionStatus
- kernel32.dll.GetQueuedCompletionStatus
- kernel32.dll.CreateIoCompletionPort
- kernel32.dll.UnmapViewOfFile
- kernel32.dll.CreateFileMappingA
- kernel32.dll.MapViewOfFileEx
- kernel32.dll.InterlockedExchangeAdd
- kernel32.dll.SetWaitableTimer
- kernel32.dll.CancelWaitableTimer
- kernel32.dll.GetModuleHandleExW
- kernel32.dll.DeleteFiber
- kernel32.dll.SwitchToFiber
- kernel32.dll.CreateFiber
- kernel32.dll.GetModuleHandleW
- kernel32.dll.FindNextFileW
- kernel32.dll.FindFirstFileW
- kernel32.dll.ConvertFiberToThread
- kernel32.dll.ConvertThreadToFiber
- kernel32.dll.GetSystemTimeAsFileTime
- kernel32.dll.QueryPerformanceCounter
- kernel32.dll.GlobalMemoryStatus
- kernel32.dll.CreateTimerQueueTimer
- kernel32.dll.GetConsoleMode
- kernel32.dll.SetConsoleMode
- kernel32.dll.ReadConsoleA
- kernel32.dll.ReadConsoleW
- kernel32.dll.GetEnvironmentVariableW
- kernel32.dll.GetDriveTypeW
- kernel32.dll.WriteConsoleW
- kernel32.dll.TryEnterCriticalSection
- kernel32.dll.GetNativeSystemInfo
- kernel32.dll.GetCurrentProcessId
- kernel32.dll.SwitchToThread
- kernel32.dll.GetCurrentDirectoryW
- kernel32.dll.PeekNamedPipe
- kernel32.dll.GetFileInformationByHandle
- kernel32.dll.IsValidCodePage
- kernel32.dll.GetConsoleCP
- kernel32.dll.GetStartupInfoW
- kernel32.dll.GetModuleFileNameW
- kernel32.dll.IsDebuggerPresent
- kernel32.dll.FindFirstFileExA
- kernel32.dll.GetDriveTypeA
- kernel32.dll.SetConsoleCtrlHandler
- kernel32.dll.ExitThread
- kernel32.dll.CreateFileW
- kernel32.dll.InterlockedCompareExchange
- kernel32.dll.LoadLibraryW
- kernel32.dll.InitializeCriticalSectionAndSpinCount
- advapi32.dll.CryptSignHashW
- advapi32.dll.ReportEventW
- advapi32.dll.RegisterEventSourceW
- advapi32.dll.CryptEnumProvidersW
- advapi32.dll.CryptReleaseContext
- advapi32.dll.CryptDestroyKey
- advapi32.dll.CryptGetProvParam
- advapi32.dll.CryptGenRandom
- advapi32.dll.CryptDecrypt
- advapi32.dll.CryptCreateHash
- advapi32.dll.CryptSetHashParam
- advapi32.dll.DeregisterEventSource
- advapi32.dll.CryptDestroyHash
- advapi32.dll.CryptExportKey
- advapi32.dll.CryptGetUserKey
- advapi32.dll.CryptAcquireContextW
- crypt32.dll.CertDuplicateCertificateContext
- crypt32.dll.CertCloseStore
- crypt32.dll.CertEnumCertificatesInStore
- crypt32.dll.CertFindCertificateInStore
- crypt32.dll.CertFreeCertificateContext
- crypt32.dll.CertOpenStore
- crypt32.dll.CertGetCertificateContextProperty
- shlwapi.dll.StrPBrkA
- shlwapi.dll.StrChrA
- shlwapi.dll.PathFileExistsA
- shlwapi.dll.PathIsDirectoryA
- user32.dll.GetProcessWindowStation
- user32.dll.GetUserObjectInformationW
- user32.dll.MsgWaitForMultipleObjectsEx
- user32.dll.MessageBoxW
- winmm.dll.timeGetTime
- winmm.dll.timeBeginPeriod
- winmm.dll.timeEndPeriod
- winmm.dll.timeGetDevCaps
- ws2_32.dll.WSARecvFrom
- ws2_32.dll.WSASendTo
- ws2_32.dll.WSARecv
- ws2_32.dll.WSASend
- ws2_32.dll.#21
- ws2_32.dll.WSAAddressToStringA
- ws2_32.dll.freeaddrinfo
- ws2_32.dll.getaddrinfo
- ws2_32.dll.WSAStringToAddressA
- ws2_32.dll.WSAIoctl
- ws2_32.dll.#112
- ws2_32.dll.#7
- ws2_32.dll.WSAGetOverlappedResult
- ws2_32.dll.WSACreateEvent
- ws2_32.dll.WSAEventSelect
- ws2_32.dll.WSAWaitForMultipleEvents
- ws2_32.dll.WSAEnumNetworkEvents
- ws2_32.dll.WSAResetEvent
- ws2_32.dll.WSACloseEvent
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsGetValue
- kernel32.dll.FlsSetValue
- kernel32.dll.FlsFree
- hpsocket4c.dll.Create_HP_ThreadPool
- ole32.dll.CoInitialize
- kernel32.dll.RtlMoveMemory
- kernel32.dll.VirtualProtect
- msimg32.dll.TransparentBlt
- msvcrt.dll.free
- msvfw32.dll.DrawDibOpen
- kernel32.dll.FlushInstructionCache
- kernel32.dll.VirtualQuery
- comctl32.dll.ImageList_GetIconSize
- gdi32.dll.SelectClipPath
- gdi32.dll.CreateFontA
- gdi32.dll.OffsetRgn
- gdi32.dll.PtInRegion
- gdi32.dll.GetTextExtentPointA
- gdi32.dll.ExtTextOutW
- msvcrt.dll.??3@YAXPAX@Z
- msvcrt.dll.__CxxFrameHandler
- msvcrt.dll.??2@YAPAXI@Z
- msvcrt.dll._ftol
- msvcrt.dll._mbsstr
- msvcrt.dll._mbscmp
- msvcrt.dll.__dllonexit
- msvcrt.dll.malloc
- msvcrt.dll._initterm
- msvcrt.dll._adjust_fdiv
- msvcrt.dll._onexit
- msvcrt.dll.memcpy
- msvfw32.dll.DrawDibClose
- user32.dll.EnumThreadWindows
- user32.dll.LockWindowUpdate
- user32.dll.GetWindowRgn
- user32.dll.GetWindowInfo
- user32.dll.MenuItemFromPoint
- user32.dll.GetMenuItemRect
- user32.dll.SetMenuItemInfoA
- user32.dll.IsMenu
- user32.dll.GetUpdateRect
- user32.dll.ShowScrollBar
- user32.dll.EnableScrollBar
- user32.dll.GetScrollBarInfo
- user32.dll.SetScrollInfo
- user32.dll.GetScrollInfo
- user32.dll.GetDCEx
- user32.dll.GetWindowLongW
- user32.dll.SetWindowLongW
- user32.dll.GetMenuItemInfoA
- user32.dll.GetComboBoxInfo
- user32.dll.TrackMouseEvent
- user32.dll.GetIconInfo
- user32.dll.RegisterClassExA
- user32.dll.UpdateLayeredWindow
- user32.dll.SetLayeredWindowAttributes
- dciman32.dll.DCIOpenProvider
- dciman32.dll.DCICloseProvider
- dciman32.dll.DCICreatePrimary
- dciman32.dll.DCIEndAccess
- dciman32.dll.DCIBeginAccess
- dciman32.dll.DCIDestroy
- gdiplus.dll.GdiplusStartup
- user32.dll.GetAncestor
- user32.dll.EnumDisplayDevicesA
- gdi32.dll.GdiIsMetaPrintDC
- imm32.dll.ImmIsIME
- hpsocket4c.dll.Create_HP_TcpPackClientListener
- hpsocket4c.dll.Create_HP_TcpPackClient
- hpsocket4c.dll.HP_Set_FN_Client_OnReceive
- hpsocket4c.dll.HP_Set_FN_Client_OnClose
- hpsocket4c.dll.HP_Set_FN_Client_OnConnect
- hpsocket4c.dll.HP_Client_Start
- mswsock.dll.WSPStartup
- wshtcpip.dll.WSHOpenSocket
- wshtcpip.dll.WSHOpenSocket2
- wshtcpip.dll.WSHJoinLeaf
- wshtcpip.dll.WSHNotify
- wshtcpip.dll.WSHGetSocketInformation
- wshtcpip.dll.WSHSetSocketInformation
- wshtcpip.dll.WSHGetSockaddrType
- wshtcpip.dll.WSHGetWildcardSockaddr
- wshtcpip.dll.WSHGetBroadcastSockaddr
- wshtcpip.dll.WSHAddressToString
- wshtcpip.dll.WSHStringToAddress
- wshtcpip.dll.WSHIoctl
- hpsocket4c.dll.HP_TcpPackClient_SetMaxPackSize
- hpsocket4c.dll.HP_ThreadPool_Start
- ole32.dll.CoCreateGuid
- kernel32.dll.lstrcpyn
- kernel32.dll.SetFilePointerEx
- icmp.dll.IcmpCreateFile
- icmp.dll.IcmpSendEcho
- icmp.dll.IcmpCloseHandle
- kernel32.dll.GetFileSizeEx
- hpsocket4c.dll.HP_ThreadPool_Submit
- kernel32.dll.SetThreadIdealProcessor
- kernel32.dll.SetProcessWorkingSetSize
- sechost.dll.OpenSCManagerW
- sechost.dll.OpenServiceW
- sechost.dll.QueryServiceStatus
- sechost.dll.CloseServiceHandle
- rpcrt4.dll.RpcStringBindingComposeW
- rpcrt4.dll.RpcBindingFromStringBindingW
- rpcrt4.dll.RpcStringFreeW
- mmdevapi.dll.#3
- rpcrt4.dll.NdrClientCall2
- uxtheme.dll.BufferedPaintInit
- uxtheme.dll.BeginBufferedPaint
- uxtheme.dll.EndBufferedPaint
- ole32.dll.CreateStreamOnHGlobal
- gdiplus.dll.GdipLoadImageFromStream
- windowscodecs.dll.DllGetClassObject
- kernel32.dll.WerRegisterMemoryBlock
- gdiplus.dll.GdipGetImageDimension
- gdiplus.dll.GdipCreateFromHDC
- gdiplus.dll.GdipDrawImageRect
- gdiplus.dll.GdipDisposeImage
- gdiplus.dll.GdipDeleteGraphics
- comctl32.dll.InitCommonControlsEx