魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
FILE	2024-04-19 22:45:49	2024-04-19 22:48:13	144 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-shaapp03-1	win7-sp1-x64-shaapp03-1	KVM	2024-04-19 22:45:52	2024-04-19 22:48:16

魔盾分数
9.075 恶意的

文件详细信息

文件名	御风绝-4.19【S驱动】.sp.exe
文件大小	30384128 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
CRC32	6E32BE85
MD5	6cefc21152a78712b8d6a0bf42865191
SHA1	381b9919981271a6fa64d3f27dc89fe61d242881
SHA256	e3018357afc0b3f281b6145d1ad62a73da8c4bd2f83727ee5be07cfb2dbaba75
SHA512	fbf4805fee281483b7f66b8fabe3942e06515705e156de03ebd80171dd97e8ee77a6d3570da6d1cb0a7538711c24f65847f036166827fa69af3dc183cc0e1abd
Ssdeep	786432:Raq+GbaYG5N5ClmAKc+T9laqOPmAXo1i:Raq+hdYLqLs2i
PEiD	无匹配
Yara	CRC32_poly_Constant (Look for CRC32 [poly]) MD5_Constants (Look for MD5 constants) IsPE32 (Detected a 32bit PE sample) IsWindowsGUI (Detected a Windows GUI sample) IsPacked (Detected Entropy signature) HasRichSignature (Detected Rich Signature) win_registry (Detected system registries modification function)
VirusTotal	VirusTotal查询失败

特征

创建RWX内存

wping.org IP地址信誉系统

Greylist: 183.131.79.214

专有的Yara检测结果 - 普通

二进制文件可能包含加密或压缩数据

section: name: .svmp2, entropy: 7.99, characteristics: IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00440000, virtual_size: 0x0043f5da

section: name: .svmp3, entropy: 7.98, characteristics: IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x002e6000, virtual_size: 0x002e5d69

section: name: .svmp4, entropy: 7.77, characteristics: IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x015cb000, virtual_size: 0x015ca69b

创建一个隐藏文件或系统文件

file: C:\Users\test\AppData\Local\Temp\1.mp3

建立TCP连接到一个外部IP地址的非标准端口

Connection: 183.131.79.214:8899

检测到样本尝试模糊或欺骗文件类型

运行截图

网络分析

访问主机记录

直接访问	IP地址	国家名
否	183.131.79.214	China

域名解析

域名	响应
yun.wlspp.com	A 183.131.79.214

TCP连接

IP地址	端口
183.131.79.214	8899
183.131.79.214	8899
184.25.50.112	80

UDP连接

IP地址	端口
192.168.122.1	53
192.168.122.1	53

HTTP请求

URL	HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

静态分析

PE 信息

初始地址	0x00400000
入口地址	0x01025240
声明校验值	0x01d010c2
实际校验值	0x01d010c2
最低操作系统版本要求	4.0
编译时间	2024-04-19 09:34:16
载入哈希	59aa6b52b70a3fa1c1fb32c5a66fccc1
图标
图标精确哈希值	e79dc3d9a17370e7839226ae16aed4ac
图标相似性哈希值	fa153f3c43099f143e468b422799dd03

版本信息

LegalCopyright:	\xe5\xe9\xe5
FileVersion:	1.0.0.0
CompanyName:	\xe5\xe9\xe5
Comments:	\xe5\xe9\xe5
ProductName:	\xe5\xe9\xe5
ProductVersion:	1.0.0.0
FileDescription:	\xe5\xe9\xe5
Translation:	0x0804 0x04b0

PE数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x000c5c0e	0x00000000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	0.00
.rdata	0x000c7000	0x000f65bc	0x00000000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	0.00
.data	0x001be000	0x00069dca	0x00000000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.00
.rsrc	0x00228000	0x0000759c	0x00008000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.62
.svmp1	0x00230000	0x00395a49	0x00000000	IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.00
.svmp2	0x005c6000	0x0043f5da	0x00440000	IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	7.99
.svmp3	0x00a06000	0x002e5d69	0x002e6000	IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	7.98
.svmp4	0x00cec000	0x015ca69b	0x015cb000	IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	7.77

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
TEXTINCLUDE	0x00228c18	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
TEXTINCLUDE	0x00228c18	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
TEXTINCLUDE	0x00228c18	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
RT_CURSOR	0x00229108	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_CURSOR	0x00229108	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_CURSOR	0x00229108	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_CURSOR	0x00229108	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0022a97c	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_ICON	0x0022aed0	0x000025a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.95	data
RT_ICON	0x0022aed0	0x000025a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.95	data
RT_ICON	0x0022aed0	0x000025a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.95	data
RT_MENU	0x0022d484	0x00000284	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.28	data
RT_MENU	0x0022d484	0x00000284	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.28	data
RT_DIALOG	0x0022e6cc	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x0022e6cc	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x0022e6cc	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x0022e6cc	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x0022e6cc	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x0022e6cc	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x0022e6cc	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x0022e6cc	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x0022e6cc	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x0022e6cc	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_STRING	0x0022f114	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0022f114	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0022f114	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0022f114	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0022f114	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0022f114	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0022f114	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0022f114	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0022f114	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0022f114	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0022f114	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_GROUP_CURSOR	0x0022f160	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x0022f160	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x0022f160	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON	0x0022f1ac	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x0022f1ac	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x0022f1ac	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION	0x0022f1c0	0x0000020c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.36	data
RT_MANIFEST	0x0022f3cc	0x000001cd	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.08	XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库 WINMM.dll:

• 0xe053ce - midiStreamOut

库 WS2_32.dll:

• 0xe053d6 - WSAAsyncSelect

库 RASAPI32.dll:

• 0xe053de - RasHangUpA

库 KERNEL32.dll:

• 0xe053e6 - GetSystemDirectoryA

库 USER32.dll:

• 0xe053ee - SetFocus

库 GDI32.dll:

• 0xe053f6 - LineTo

库 WINSPOOL.DRV:

• 0xe053fe - OpenPrinterA

库 ADVAPI32.dll:

• 0xe05406 - RegOpenKeyExA

库 SHELL32.dll:

• 0xe0540e - DragQueryFileA

库 ole32.dll:

• 0xe05416 - CLSIDFromString

库 OLEAUT32.dll:

• 0xe0541e - LoadTypeLib

库 COMCTL32.dll:

• 0xe05426 - ImageList_Add

库 WININET.dll:

• 0xe0542e - InternetCloseHandle

库 comdlg32.dll:

• 0xe05436 - ChooseColorA

投放文件

无信息

行为分析

互斥量(Mutexes)

{8CC3E619-3B95-577D-9F76-2BF1B52B7876}-2748
Local\MSCTF.Asm.MutexDefault1

执行的命令 无信息

创建的服务 无信息

启动的服务 无信息

进程

_______-4.19_S_________.sp.exe PID: 2748, 上一级进程 PID: 2364

访问的文件

C:\Users\test\AppData\Local\Temp\~MachinecodeEx.tmp
C:\Users\test\AppData\Local\Temp\Clientmark.txt
C:\Users\test\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\system\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\api-ms-win-core-fibers-l1-1-1.DLL
C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\wbem\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-fibers-l1-1-1.DLL
C:\Program Files (x86)\WinRAR\api-ms-win-core-fibers-l1-1-1.DLL
C:\Users\test\AppData\Local\Temp\_________-4.19___S_________.sp.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\win.ini
C:\Users\test\AppData\Local\Temp\user32.dll
C:\Users\test\AppData\Local\Temp\dll.dlluser32.dll
C:\Windows\System32\dll.dlluser32.dll
C:\Windows\system\dll.dlluser32.dll
C:\Windows\dll.dlluser32.dll
C:\ProgramData\Oracle\Java\javapath\dll.dlluser32.dll
C:\Windows\System32\wbem\dll.dlluser32.dll
C:\Windows\System32\WindowsPowerShell\v1.0\dll.dlluser32.dll
C:\Program Files (x86)\WinRAR\dll.dlluser32.dll
C:\
C:\Users\test\AppData\Local\Temp\1.mp3
C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\AGENCYR.TTF
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\msyhbd.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\Fonts\simsun.ttc

读取的文件

C:\Users\test\AppData\Local\Temp\~MachinecodeEx.tmp
C:\Users\test\AppData\Local\Temp\Clientmark.txt
C:\Users\test\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\win.ini
C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\msyhbd.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\Fonts\simsun.ttc

修改的文件

C:\Users\test\AppData\Local\Temp\1.mp3
C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT

删除的文件 无信息

注册表键

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\_________-4.19___S_________.sp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91

读取的注册表键

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16

修改的注册表键 无信息

删除的注册表键 无信息

API解析

kernel32.dll.VirtualAlloc
kernel32.dll.LoadLibraryA
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetModuleFileNameW
kernel32.dll.GetModuleHandleA
kernel32.dll.CreateFileA
kernel32.dll.CreateFileW
kernel32.dll.DeleteFileW
kernel32.dll.GetFileSize
kernel32.dll.VirtualFree
kernel32.dll.ReadFile
kernel32.dll.WriteFile
kernel32.dll.SetFilePointer
kernel32.dll.TerminateProcess
kernel32.dll.TerminateThread
kernel32.dll.VirtualProtect
kernel32.dll.Sleep
kernel32.dll.GetTickCount
kernel32.dll.CreateThread
kernel32.dll.CloseHandle
kernel32.dll.MulDiv
kernel32.dll.OutputDebugStringA
kernel32.dll.GetTempPathA
kernel32.dll.CreateProcessA
winmm.dll.timeGetTime
kernel32.dll.InitializeCriticalSection
kernel32.dll.EnterCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.FileTimeToSystemTime
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.GetComputerNameA
shell32.dll.ShellExecuteA
kernel32.dll.GetTempFileNameA
kernel32.dll.HeapFree
kernel32.dll.GetExitCodeThread
kernel32.dll.ExitThread
ws2_32.dll.WSAStartup
ws2_32.dll.socket
ws2_32.dll.inet_addr
ws2_32.dll.inet_ntoa
ws2_32.dll.htons
ws2_32.dll.connect
ws2_32.dll.send
ws2_32.dll.recv
ws2_32.dll.gethostbyname
ws2_32.dll.closesocket
ws2_32.dll.WSACleanup
ws2_32.dll.setsockopt
ws2_32.dll.getpeername
user32.dll.MessageBoxA
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptCreateHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptReleaseContext
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegQueryValueExA
advapi32.dll.RegCloseKey
ole32.dll.CoCreateGuid
iphlpapi.dll.InternalGetTcpTable2
ntdll.dll.sprintf
ntdll.dll._allmul
ntdll.dll.RtlExitUserProcess
msvcrt.dll.malloc
msvcrt.dll.free
msvcrt.dll.memcpy
msvcrt.dll.strcmp
msvcrt.dll.atoi
kernel32.dll.FreeLibrary
kernel32.dll.GetProcessHeap
kernel32.dll.HeapAlloc
kernel32.dll.SetLastError
kernel32.dll.GetNativeSystemInfo
kernel32.dll.IsBadReadPtr
kernel32.dll.OpenMutexA
kernel32.dll.CreateMutexA
msvcrt.dll.realloc
msvcrt.dll.memset
msvcrt.dll.sprintf
ntdll.dll.ZwQueryVirtualMemory
ntdll.dll.RtlGetVersion
winmm.dll.waveOutRestart
winmm.dll.midiStreamRestart
winmm.dll.waveOutUnprepareHeader
winmm.dll.waveOutPrepareHeader
winmm.dll.waveOutWrite
winmm.dll.waveOutPause
winmm.dll.waveOutReset
winmm.dll.midiStreamClose
winmm.dll.midiOutReset
winmm.dll.midiStreamStop
winmm.dll.midiStreamOut
winmm.dll.midiOutPrepareHeader
winmm.dll.midiStreamProperty
winmm.dll.midiStreamOpen
winmm.dll.midiOutUnprepareHeader
winmm.dll.waveOutOpen
winmm.dll.waveOutClose
winmm.dll.waveOutGetNumDevs
ws2_32.dll.#12
ws2_32.dll.#116
ws2_32.dll.#3
ws2_32.dll.#101
ws2_32.dll.#16
ws2_32.dll.#5
ws2_32.dll.#1
ws2_32.dll.#14
ws2_32.dll.#17
ws2_32.dll.#10
kernel32.dll.UnmapViewOfFile
kernel32.dll.CreateFileMappingA
kernel32.dll.MapViewOfFile
kernel32.dll.OpenFileMappingA
kernel32.dll.GetCurrentProcessId
kernel32.dll.GetSystemDirectoryA
kernel32.dll.GetWindowsDirectoryA
kernel32.dll.GetCurrentProcess
kernel32.dll.GetTimeZoneInformation
kernel32.dll.GetVersion
kernel32.dll.ReleaseMutex
kernel32.dll.SuspendThread
kernel32.dll.GetSystemInfo
kernel32.dll.CreateSemaphoreA
kernel32.dll.InterlockedExchange
kernel32.dll.SetStdHandle
kernel32.dll.ResumeThread
kernel32.dll.IsBadCodePtr
kernel32.dll.CompareStringW
kernel32.dll.CompareStringA
kernel32.dll.GetStringTypeW
kernel32.dll.GetStringTypeA
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.IsBadWritePtr
kernel32.dll.LCMapStringW
kernel32.dll.LCMapStringA
kernel32.dll.SetEnvironmentVariableA
kernel32.dll.HeapCreate
kernel32.dll.HeapDestroy
kernel32.dll.GetEnvironmentVariableA
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.GetEnvironmentStrings
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsA
kernel32.dll.GetStartupInfoA
kernel32.dll.GetFileType
kernel32.dll.GetStdHandle
kernel32.dll.SetHandleCount
kernel32.dll.GetACP
kernel32.dll.HeapSize
kernel32.dll.RaiseException
kernel32.dll.GetLocalTime
kernel32.dll.GetSystemTime
kernel32.dll.RtlUnwind
kernel32.dll.GetOEMCP
kernel32.dll.GetCPInfo
kernel32.dll.GetProcessVersion
kernel32.dll.SetErrorMode
kernel32.dll.GlobalFlags
kernel32.dll.GetCurrentThread
kernel32.dll.GetFileTime
kernel32.dll.TlsGetValue
kernel32.dll.LocalReAlloc
kernel32.dll.TlsSetValue
kernel32.dll.TlsFree
kernel32.dll.GlobalHandle
kernel32.dll.TlsAlloc
kernel32.dll.LocalAlloc
kernel32.dll.lstrcmpA
kernel32.dll.GlobalGetAtomNameA
kernel32.dll.GlobalAddAtomA
kernel32.dll.GlobalFindAtomA
kernel32.dll.GlobalDeleteAtom
kernel32.dll.lstrcmpiA
kernel32.dll.SetEndOfFile
kernel32.dll.UnlockFile
kernel32.dll.LockFile
kernel32.dll.FlushFileBuffers
kernel32.dll.DuplicateHandle
kernel32.dll.lstrcpynA
kernel32.dll.FileTimeToLocalFileTime
kernel32.dll.LocalFree
kernel32.dll.InterlockedDecrement
kernel32.dll.InterlockedIncrement
kernel32.dll.ReleaseSemaphore
kernel32.dll.GetProfileStringA
kernel32.dll.WaitForSingleObject
kernel32.dll.GetCommandLineA
kernel32.dll.GetProcAddress
kernel32.dll.GetVolumeInformationA
kernel32.dll.SetCurrentDirectoryA
kernel32.dll.GetFileAttributesA
kernel32.dll.SetFileAttributesA
kernel32.dll.FindClose
kernel32.dll.FindFirstFileA
kernel32.dll.WaitForMultipleObjects
kernel32.dll.SetEvent
kernel32.dll.FindResourceA
kernel32.dll.LoadResource
kernel32.dll.LockResource
kernel32.dll.WideCharToMultiByte
kernel32.dll.MultiByteToWideChar
kernel32.dll.GetCurrentThreadId
kernel32.dll.ExitProcess
kernel32.dll.GlobalSize
kernel32.dll.GlobalFree
kernel32.dll.DeleteCriticalSection
kernel32.dll.lstrcatA
kernel32.dll.lstrlenA
kernel32.dll.WinExec
kernel32.dll.lstrcpyA
kernel32.dll.FindNextFileA
kernel32.dll.GlobalReAlloc
kernel32.dll.HeapReAlloc
kernel32.dll.GetFullPathNameA
kernel32.dll.GetLastError
kernel32.dll.GetVersionExA
kernel32.dll.WritePrivateProfileStringA
kernel32.dll.CreateEventA
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalLock
user32.dll.GetDlgItem
user32.dll.GetClassNameA
user32.dll.GetDesktopWindow
user32.dll.FindWindowExA
user32.dll.GetWindowTextA
user32.dll.GetSysColorBrush
user32.dll.SetClipboardData
user32.dll.OpenClipboard
user32.dll.GetClipboardData
user32.dll.CloseClipboard
user32.dll.wsprintfA
user32.dll.LoadStringA
user32.dll.UnregisterClassA
user32.dll.GetForegroundWindow
user32.dll.RegisterClassA
user32.dll.CreateWindowExA
user32.dll.SetPropA
user32.dll.DefWindowProcW
user32.dll.GetPropA
user32.dll.LoadIconA
user32.dll.TranslateMessage
user32.dll.DrawFrameControl
user32.dll.DrawEdge
user32.dll.DrawFocusRect
user32.dll.WindowFromPoint
user32.dll.GetMessageA
user32.dll.DispatchMessageA
user32.dll.SetRectEmpty
user32.dll.RegisterClipboardFormatA
user32.dll.CreateIconFromResourceEx
user32.dll.CreateIconFromResource
user32.dll.DrawIconEx
user32.dll.CreatePopupMenu
user32.dll.AppendMenuA
user32.dll.ModifyMenuA
user32.dll.CreateMenu
user32.dll.CreateAcceleratorTableA
user32.dll.GetDlgCtrlID
user32.dll.GetSubMenu
user32.dll.EnableMenuItem
user32.dll.ClientToScreen
user32.dll.EnumDisplaySettingsA
user32.dll.LoadImageA
user32.dll.SystemParametersInfoA
user32.dll.GetMenuCheckMarkDimensions
user32.dll.GetMenuState
user32.dll.SetMenuItemBitmaps
user32.dll.CheckMenuItem
user32.dll.MoveWindow
user32.dll.ShowWindow
user32.dll.IsWindowEnabled
user32.dll.TranslateAcceleratorA
user32.dll.GetKeyState
user32.dll.CopyAcceleratorTableA
user32.dll.PostQuitMessage
user32.dll.IsZoomed
user32.dll.GetClassInfoA
user32.dll.DefWindowProcA
user32.dll.GetSystemMenu
user32.dll.DeleteMenu
user32.dll.GetMenu
user32.dll.SetMenu
user32.dll.PeekMessageA
user32.dll.IsIconic
user32.dll.SetFocus
user32.dll.GetActiveWindow
user32.dll.GetWindow
user32.dll.DestroyAcceleratorTable
user32.dll.SetWindowRgn
user32.dll.GetMessagePos
user32.dll.ScreenToClient
user32.dll.ChildWindowFromPointEx
user32.dll.CopyRect
user32.dll.LoadBitmapA
user32.dll.WinHelpA
user32.dll.KillTimer
user32.dll.SetTimer
user32.dll.ReleaseCapture
user32.dll.GetCapture
user32.dll.SetCapture
user32.dll.GetScrollRange
user32.dll.SetScrollRange
user32.dll.SetScrollPos
user32.dll.SetRect
user32.dll.InflateRect
user32.dll.IntersectRect
user32.dll.DestroyIcon
user32.dll.PtInRect
user32.dll.OffsetRect
user32.dll.IsWindowVisible
user32.dll.EnableWindow
user32.dll.RedrawWindow
user32.dll.GetWindowLongA
user32.dll.SetWindowLongA
user32.dll.GetSysColor
user32.dll.SetActiveWindow
user32.dll.SetCursorPos
user32.dll.LoadCursorA
user32.dll.SetCursor
user32.dll.GetDC
user32.dll.FillRect
user32.dll.IsRectEmpty
user32.dll.ReleaseDC
user32.dll.IsChild
user32.dll.DestroyMenu
user32.dll.SetForegroundWindow
user32.dll.GetWindowRect
user32.dll.EqualRect
user32.dll.UpdateWindow
user32.dll.ValidateRect
user32.dll.InvalidateRect
user32.dll.GetClientRect
user32.dll.GetFocus
user32.dll.GetParent
user32.dll.GetTopWindow
user32.dll.PostMessageA
user32.dll.IsWindow
user32.dll.SetParent
user32.dll.DestroyCursor
user32.dll.SendMessageA
user32.dll.SetWindowPos
user32.dll.SetWindowTextA
user32.dll.GetCursorPos
user32.dll.GetSystemMetrics
user32.dll.EmptyClipboard
user32.dll.GetWindowTextLengthA
user32.dll.CharUpperA
user32.dll.GetWindowDC
user32.dll.BeginPaint
user32.dll.EndPaint
user32.dll.TabbedTextOutA
user32.dll.DrawTextA
user32.dll.GrayStringA
user32.dll.DestroyWindow
user32.dll.CreateDialogIndirectParamA
user32.dll.EndDialog
user32.dll.GetNextDlgTabItem
user32.dll.GetWindowPlacement
user32.dll.RegisterWindowMessageA
user32.dll.GetLastActivePopup
user32.dll.GetMessageTime
user32.dll.RemovePropA
user32.dll.CallWindowProcA
user32.dll.UnhookWindowsHookEx
user32.dll.GetClassLongA
user32.dll.CallNextHookEx
user32.dll.SetWindowsHookExA
user32.dll.GetMenuItemID
user32.dll.GetMenuItemCount
user32.dll.GetScrollPos
user32.dll.AdjustWindowRectEx
user32.dll.MapWindowPoints
user32.dll.SendDlgItemMessageA
user32.dll.ScrollWindowEx
user32.dll.IsDialogMessageA
gdi32.dll.ExtSelectClipRgn
gdi32.dll.LineTo
gdi32.dll.MoveToEx
gdi32.dll.ExcludeClipRect
gdi32.dll.GetClipBox
gdi32.dll.ScaleWindowExtEx
gdi32.dll.SetWindowExtEx
gdi32.dll.SetWindowOrgEx
gdi32.dll.ScaleViewportExtEx
gdi32.dll.SetViewportExtEx
gdi32.dll.OffsetViewportOrgEx
gdi32.dll.SetViewportOrgEx
gdi32.dll.SetMapMode
gdi32.dll.CreateRectRgnIndirect
gdi32.dll.SetStretchBltMode
gdi32.dll.GetClipRgn
gdi32.dll.CreatePolygonRgn
gdi32.dll.SelectClipRgn
gdi32.dll.DeleteObject
gdi32.dll.CreateDIBitmap
gdi32.dll.CreatePalette
gdi32.dll.StretchBlt
gdi32.dll.SelectPalette
gdi32.dll.RealizePalette
gdi32.dll.GetDIBits
gdi32.dll.GetWindowExtEx
gdi32.dll.GetViewportOrgEx
gdi32.dll.GetWindowOrgEx
gdi32.dll.BeginPath
gdi32.dll.EndPath
gdi32.dll.PathToRegion
gdi32.dll.CreateEllipticRgn
gdi32.dll.CreateRoundRectRgn
gdi32.dll.GetTextColor
gdi32.dll.GetBkMode
gdi32.dll.GetROP2
gdi32.dll.GetStretchBltMode
gdi32.dll.GetPolyFillMode
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.CreateDCA
gdi32.dll.CreateBitmap
gdi32.dll.SelectObject
gdi32.dll.GetObjectA
gdi32.dll.CreatePen
gdi32.dll.PatBlt
gdi32.dll.CombineRgn
gdi32.dll.CreateRectRgn
gdi32.dll.FillRgn
gdi32.dll.CreateSolidBrush
gdi32.dll.GetStockObject
gdi32.dll.CreateFontIndirectA
gdi32.dll.EndPage
gdi32.dll.EndDoc
gdi32.dll.DeleteDC
gdi32.dll.StartDocA
gdi32.dll.StartPage
gdi32.dll.BitBlt
gdi32.dll.CreateCompatibleDC
gdi32.dll.Ellipse
gdi32.dll.Rectangle
gdi32.dll.LPtoDP
gdi32.dll.DPtoLP
gdi32.dll.GetCurrentObject
gdi32.dll.RoundRect
gdi32.dll.GetTextExtentPoint32A
gdi32.dll.GetDeviceCaps
gdi32.dll.GetViewportExtEx
gdi32.dll.PtVisible
gdi32.dll.RectVisible
gdi32.dll.TextOutA
gdi32.dll.ExtTextOutA
gdi32.dll.Escape
gdi32.dll.GetTextMetricsA
gdi32.dll.SetBkColor
gdi32.dll.GetSystemPaletteEntries
gdi32.dll.GetBkColor
gdi32.dll.SaveDC
gdi32.dll.RestoreDC
gdi32.dll.SetBkMode
gdi32.dll.SetPolyFillMode
gdi32.dll.SetROP2
gdi32.dll.SetTextColor
winspool.drv.OpenPrinterA
winspool.drv.DocumentPropertiesA
winspool.drv.ClosePrinter
advapi32.dll.RegSetValueExA
advapi32.dll.RegQueryValueA
advapi32.dll.RegCreateKeyExA
shell32.dll.Shell_NotifyIconA
shell32.dll.SHGetSpecialFolderPathA
ole32.dll.OleInitialize
ole32.dll.OleUninitialize
ole32.dll.CLSIDFromString
oleaut32.dll.#186
oleaut32.dll.#163
oleaut32.dll.#161
comctl32.dll.#17
comctl32.dll.ImageList_Destroy
comdlg32.dll.GetFileTitleA
comdlg32.dll.ChooseColorA
comdlg32.dll.GetSaveFileNameA
comdlg32.dll.GetOpenFileNameA
kernel32.dll.IsProcessorFeaturePresent
cryptbase.dll.SystemFunction036
kernel32.dll.FreeConsole
kernel32.dll.AddVectoredExceptionHandler
kernel32.dll.FormatMessageA
kernel32.dll.AllocConsole
kernel32.dll.SetConsoleTitleW
kernel32.dll.GetTempPathW
kernel32.dll.ChangeTimerQueueTimer
kernel32.dll.WriteConsoleW
kernel32.dll.GetConsoleCP
kernel32.dll.GetCommandLineW
kernel32.dll.IsValidCodePage
kernel32.dll.FindFirstFileExA
kernel32.dll.ReadConsoleW
kernel32.dll.GetConsoleMode
kernel32.dll.FreeResource
kernel32.dll.GetExitCodeProcess
kernel32.dll.GetModuleHandleExW
kernel32.dll.QueryPerformanceFrequency
kernel32.dll.LoadLibraryExW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.InterlockedFlushSList
kernel32.dll.GetStartupInfoW
kernel32.dll.IsDebuggerPresent
kernel32.dll.InitializeSListHead
kernel32.dll.QueryPerformanceCounter
kernel32.dll.WriteConsoleA
kernel32.dll.GetModuleHandleW
kernel32.dll.GetVersionExW
kernel32.dll.DeleteTimerQueueTimer
kernel32.dll.CreateTimerQueueTimer
kernel32.dll.LoadLibraryW
kernel32.dll.lstrlenW
kernel32.dll.FindResourceW
kernel32.dll.SetFilePointerEx
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.GetFileAttributesExW
kernel32.dll.SizeofResource
user32.dll.SetPropW
user32.dll.PostMessageW
user32.dll.GetAsyncKeyState
user32.dll.SendMessageW
user32.dll.GetWindowTextLengthW
user32.dll.RegisterClassExW
user32.dll.GetDialogBaseUnits
user32.dll.GetWindowTextW
user32.dll.EnumChildWindows
user32.dll.GetMessageW
user32.dll.MonitorFromWindow
user32.dll.GetClassInfoW
user32.dll.DialogBoxIndirectParamW
user32.dll.MonitorFromPoint
user32.dll.GetMonitorInfoW
user32.dll.CreateWindowExW
user32.dll.PeekMessageW
user32.dll.RegisterClassW
user32.dll.LoadIconW
user32.dll.FindWindowW
user32.dll.GetWindowLongW
user32.dll.ShowWindowAsync
user32.dll.CallWindowProcW
user32.dll.SetWindowTextW
user32.dll.SetClassLongW
user32.dll.DispatchMessageW
user32.dll.TrackMouseEvent
user32.dll.LoadCursorW
user32.dll.SetWindowsHookExW
user32.dll.SetWindowLongW
user32.dll.GetClassLongW
user32.dll.UpdateLayeredWindow
user32.dll.PostThreadMessageW
user32.dll.IsWindowUnicode
user32.dll.GetPropW
gdi32.dll.AddFontResourceW
gdi32.dll.SetRectRgn
gdi32.dll.RectInRegion
gdi32.dll.GetRgnBox
gdi32.dll.CreateDIBSection
shell32.dll.Shell_NotifyIconW
shell32.dll.DragAcceptFiles
ole32.dll.PropVariantClear
ole32.dll.CoUninitialize
ole32.dll.CreateStreamOnHGlobal
ole32.dll.CoInitializeEx
ole32.dll.CoCreateInstance
d2d1.dll.#1
d2d1.dll.#2
dwrite.dll.DWriteCreateFactory
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.FlsAlloc
kernel32.dll.FlsSetValue
kernel32.dll.FlsGetValue
api-ms-win-core-localization-l1-2-1.dll.LCMapStringEx
imm32.dll.ImmGetContext
imm32.dll.ImmAssociateContext
imm32.dll.ImmSetCompositionWindow
imm32.dll.ImmGetCompositionStringW
imm32.dll.ImmReleaseContext
imm32.dll.ImmSetCandidateWindow
msimg32.dll.AlphaBlend
gdiplus.dll.GdiplusStartup
gdiplus.dll.GdiplusShutdown
gdiplus.dll.GdipCreatePath
gdiplus.dll.GdipCreatePath2
gdiplus.dll.GdipCreatePath2I
gdiplus.dll.GdipClonePath
gdiplus.dll.GdipDeletePath
gdiplus.dll.GdipResetPath
gdiplus.dll.GdipGetPointCount
gdiplus.dll.GdipGetPathTypes
gdiplus.dll.GdipGetPathPoints
gdiplus.dll.GdipGetPathPointsI
gdiplus.dll.GdipGetPathFillMode
gdiplus.dll.GdipSetPathFillMode
gdiplus.dll.GdipGetPathData
gdiplus.dll.GdipStartPathFigure
gdiplus.dll.GdipClosePathFigure
gdiplus.dll.GdipClosePathFigures
gdiplus.dll.GdipSetPathMarker
gdiplus.dll.GdipClearPathMarkers
gdiplus.dll.GdipReversePath
gdiplus.dll.GdipGetPathLastPoint
gdiplus.dll.GdipAddPathLine
gdiplus.dll.GdipAddPathLine2
gdiplus.dll.GdipAddPathArc
gdiplus.dll.GdipAddPathBezier
gdiplus.dll.GdipAddPathBeziers
gdiplus.dll.GdipAddPathCurve
gdiplus.dll.GdipAddPathCurve2
gdiplus.dll.GdipAddPathCurve3
gdiplus.dll.GdipAddPathClosedCurve
gdiplus.dll.GdipAddPathClosedCurve2
gdiplus.dll.GdipAddPathRectangle
gdiplus.dll.GdipAddPathRectangles
gdiplus.dll.GdipAddPathEllipse
gdiplus.dll.GdipAddPathPie
gdiplus.dll.GdipAddPathPolygon
gdiplus.dll.GdipAddPathPath
gdiplus.dll.GdipAddPathString
gdiplus.dll.GdipAddPathStringI
gdiplus.dll.GdipAddPathLineI
gdiplus.dll.GdipAddPathLine2I
gdiplus.dll.GdipAddPathArcI
gdiplus.dll.GdipAddPathBezierI
gdiplus.dll.GdipAddPathBeziersI
gdiplus.dll.GdipAddPathCurveI
gdiplus.dll.GdipAddPathCurve2I
gdiplus.dll.GdipAddPathCurve3I
gdiplus.dll.GdipAddPathClosedCurveI
gdiplus.dll.GdipAddPathClosedCurve2I
gdiplus.dll.GdipAddPathRectangleI
gdiplus.dll.GdipAddPathRectanglesI
gdiplus.dll.GdipAddPathEllipseI
gdiplus.dll.GdipAddPathPieI
gdiplus.dll.GdipAddPathPolygonI
gdiplus.dll.GdipFlattenPath
gdiplus.dll.GdipWindingModeOutline
gdiplus.dll.GdipWidenPath
gdiplus.dll.GdipWarpPath
gdiplus.dll.GdipTransformPath
gdiplus.dll.GdipGetPathWorldBounds
gdiplus.dll.GdipGetPathWorldBoundsI
gdiplus.dll.GdipIsVisiblePathPoint
gdiplus.dll.GdipIsVisiblePathPointI
gdiplus.dll.GdipIsOutlineVisiblePathPoint
gdiplus.dll.GdipIsOutlineVisiblePathPointI
gdiplus.dll.GdipCreatePathIter
gdiplus.dll.GdipDeletePathIter
gdiplus.dll.GdipPathIterNextSubpath
gdiplus.dll.GdipPathIterNextSubpathPath
gdiplus.dll.GdipPathIterNextPathType
gdiplus.dll.GdipPathIterNextMarker
gdiplus.dll.GdipPathIterNextMarkerPath
gdiplus.dll.GdipPathIterGetCount
gdiplus.dll.GdipPathIterGetSubpathCount
gdiplus.dll.GdipPathIterIsValid
gdiplus.dll.GdipPathIterHasCurve
gdiplus.dll.GdipPathIterRewind
gdiplus.dll.GdipPathIterEnumerate
gdiplus.dll.GdipPathIterCopyData
gdiplus.dll.GdipCreateMatrix
gdiplus.dll.GdipCreateMatrix2
gdiplus.dll.GdipCreateMatrix3
gdiplus.dll.GdipCreateMatrix3I
gdiplus.dll.GdipCloneMatrix
gdiplus.dll.GdipDeleteMatrix
gdiplus.dll.GdipSetMatrixElements
gdiplus.dll.GdipMultiplyMatrix
gdiplus.dll.GdipTranslateMatrix
gdiplus.dll.GdipScaleMatrix
gdiplus.dll.GdipRotateMatrix
gdiplus.dll.GdipShearMatrix
gdiplus.dll.GdipInvertMatrix
gdiplus.dll.GdipTransformMatrixPoints
gdiplus.dll.GdipTransformMatrixPointsI
gdiplus.dll.GdipVectorTransformMatrixPoints
gdiplus.dll.GdipVectorTransformMatrixPointsI
gdiplus.dll.GdipGetMatrixElements
gdiplus.dll.GdipIsMatrixInvertible
gdiplus.dll.GdipIsMatrixIdentity
gdiplus.dll.GdipIsMatrixEqual
gdiplus.dll.GdipCreateRegion
gdiplus.dll.GdipCreateRegionRect
gdiplus.dll.GdipCreateRegionRectI
gdiplus.dll.GdipCreateRegionPath
gdiplus.dll.GdipCreateRegionRgnData
gdiplus.dll.GdipCreateRegionHrgn
gdiplus.dll.GdipCloneRegion
gdiplus.dll.GdipDeleteRegion
gdiplus.dll.GdipSetInfinite
gdiplus.dll.GdipSetEmpty
gdiplus.dll.GdipCombineRegionRect
gdiplus.dll.GdipCombineRegionRectI
gdiplus.dll.GdipCombineRegionPath
gdiplus.dll.GdipCombineRegionRegion
gdiplus.dll.GdipTranslateRegion
gdiplus.dll.GdipTranslateRegionI
gdiplus.dll.GdipTransformRegion
gdiplus.dll.GdipGetRegionBounds
gdiplus.dll.GdipGetRegionBoundsI
gdiplus.dll.GdipGetRegionHRgn
gdiplus.dll.GdipIsEmptyRegion
gdiplus.dll.GdipIsInfiniteRegion
gdiplus.dll.GdipIsEqualRegion
gdiplus.dll.GdipGetRegionDataSize
gdiplus.dll.GdipGetRegionData
gdiplus.dll.GdipIsVisibleRegionPoint
gdiplus.dll.GdipIsVisibleRegionPointI
gdiplus.dll.GdipIsVisibleRegionRect
gdiplus.dll.GdipIsVisibleRegionRectI
gdiplus.dll.GdipGetRegionScansCount
gdiplus.dll.GdipGetRegionScans
gdiplus.dll.GdipGetRegionScansI
gdiplus.dll.GdipCloneBrush
gdiplus.dll.GdipDeleteBrush
gdiplus.dll.GdipGetBrushType
gdiplus.dll.GdipCreateHatchBrush
gdiplus.dll.GdipGetHatchStyle
gdiplus.dll.GdipGetHatchForegroundColor
gdiplus.dll.GdipGetHatchBackgroundColor
gdiplus.dll.GdipCreateTexture
gdiplus.dll.GdipCreateTexture2
gdiplus.dll.GdipCreateTextureIA
gdiplus.dll.GdipCreateTexture2I
gdiplus.dll.GdipCreateTextureIAI
gdiplus.dll.GdipGetTextureTransform
gdiplus.dll.GdipSetTextureTransform
gdiplus.dll.GdipResetTextureTransform
gdiplus.dll.GdipMultiplyTextureTransform
gdiplus.dll.GdipTranslateTextureTransform
gdiplus.dll.GdipScaleTextureTransform
gdiplus.dll.GdipRotateTextureTransform
gdiplus.dll.GdipSetTextureWrapMode
gdiplus.dll.GdipGetTextureWrapMode
gdiplus.dll.GdipGetTextureImage
gdiplus.dll.GdipCreateSolidFill
gdiplus.dll.GdipSetSolidFillColor
gdiplus.dll.GdipGetSolidFillColor
gdiplus.dll.GdipCreateLineBrush
gdiplus.dll.GdipCreateLineBrushI
gdiplus.dll.GdipCreateLineBrushFromRect
gdiplus.dll.GdipCreateLineBrushFromRectI
gdiplus.dll.GdipCreateLineBrushFromRectWithAngle
gdiplus.dll.GdipCreateLineBrushFromRectWithAngleI
gdiplus.dll.GdipSetLineColors
gdiplus.dll.GdipGetLineColors
gdiplus.dll.GdipGetLineRect
gdiplus.dll.GdipGetLineRectI
gdiplus.dll.GdipSetLineGammaCorrection
gdiplus.dll.GdipGetLineGammaCorrection
gdiplus.dll.GdipGetLineBlendCount
gdiplus.dll.GdipGetLineBlend
gdiplus.dll.GdipSetLineBlend
gdiplus.dll.GdipGetLinePresetBlendCount
gdiplus.dll.GdipGetLinePresetBlend
gdiplus.dll.GdipSetLinePresetBlend
gdiplus.dll.GdipSetLineSigmaBlend
gdiplus.dll.GdipSetLineLinearBlend
gdiplus.dll.GdipSetLineWrapMode
gdiplus.dll.GdipGetLineWrapMode
gdiplus.dll.GdipGetLineTransform
gdiplus.dll.GdipSetLineTransform
gdiplus.dll.GdipResetLineTransform
gdiplus.dll.GdipMultiplyLineTransform
gdiplus.dll.GdipTranslateLineTransform
gdiplus.dll.GdipScaleLineTransform
gdiplus.dll.GdipRotateLineTransform
gdiplus.dll.GdipCreatePathGradient
gdiplus.dll.GdipCreatePathGradientI
gdiplus.dll.GdipCreatePathGradientFromPath
gdiplus.dll.GdipGetPathGradientCenterColor
gdiplus.dll.GdipSetPathGradientCenterColor
gdiplus.dll.GdipGetPathGradientSurroundColorsWithCount
gdiplus.dll.GdipSetPathGradientSurroundColorsWithCount
gdiplus.dll.GdipGetPathGradientPath
gdiplus.dll.GdipSetPathGradientPath
gdiplus.dll.GdipGetPathGradientCenterPoint
gdiplus.dll.GdipGetPathGradientCenterPointI
gdiplus.dll.GdipSetPathGradientCenterPoint
gdiplus.dll.GdipSetPathGradientCenterPointI
gdiplus.dll.GdipGetPathGradientRect
gdiplus.dll.GdipGetPathGradientRectI
gdiplus.dll.GdipGetPathGradientPointCount
gdiplus.dll.GdipGetPathGradientSurroundColorCount
gdiplus.dll.GdipSetPathGradientGammaCorrection
gdiplus.dll.GdipGetPathGradientGammaCorrection
gdiplus.dll.GdipGetPathGradientBlendCount
gdiplus.dll.GdipGetPathGradientBlend
gdiplus.dll.GdipSetPathGradientBlend
gdiplus.dll.GdipGetPathGradientPresetBlendCount
gdiplus.dll.GdipGetPathGradientPresetBlend
gdiplus.dll.GdipSetPathGradientPresetBlend
gdiplus.dll.GdipSetPathGradientSigmaBlend
gdiplus.dll.GdipSetPathGradientLinearBlend
gdiplus.dll.GdipGetPathGradientWrapMode
gdiplus.dll.GdipSetPathGradientWrapMode
gdiplus.dll.GdipGetPathGradientTransform
gdiplus.dll.GdipSetPathGradientTransform
gdiplus.dll.GdipResetPathGradientTransform
gdiplus.dll.GdipMultiplyPathGradientTransform
gdiplus.dll.GdipTranslatePathGradientTransform
gdiplus.dll.GdipScalePathGradientTransform
gdiplus.dll.GdipRotatePathGradientTransform
gdiplus.dll.GdipGetPathGradientFocusScales
gdiplus.dll.GdipSetPathGradientFocusScales
gdiplus.dll.GdipCreatePen1
gdiplus.dll.GdipCreatePen2
gdiplus.dll.GdipClonePen
gdiplus.dll.GdipDeletePen
gdiplus.dll.GdipSetPenWidth
gdiplus.dll.GdipGetPenWidth
gdiplus.dll.GdipSetPenUnit
gdiplus.dll.GdipGetPenUnit
gdiplus.dll.GdipSetPenLineCap197819
gdiplus.dll.GdipSetPenStartCap
gdiplus.dll.GdipSetPenEndCap
gdiplus.dll.GdipSetPenDashCap197819
gdiplus.dll.GdipGetPenStartCap
gdiplus.dll.GdipGetPenEndCap
gdiplus.dll.GdipGetPenDashCap197819
gdiplus.dll.GdipSetPenLineJoin
gdiplus.dll.GdipGetPenLineJoin
gdiplus.dll.GdipSetPenCustomStartCap
gdiplus.dll.GdipGetPenCustomStartCap
gdiplus.dll.GdipSetPenCustomEndCap
gdiplus.dll.GdipGetPenCustomEndCap
gdiplus.dll.GdipSetPenMiterLimit
gdiplus.dll.GdipGetPenMiterLimit
gdiplus.dll.GdipSetPenMode
gdiplus.dll.GdipGetPenMode
gdiplus.dll.GdipSetPenTransform
gdiplus.dll.GdipGetPenTransform
gdiplus.dll.GdipResetPenTransform
gdiplus.dll.GdipMultiplyPenTransform
gdiplus.dll.GdipTranslatePenTransform
gdiplus.dll.GdipScalePenTransform
gdiplus.dll.GdipRotatePenTransform
gdiplus.dll.GdipSetPenColor
gdiplus.dll.GdipGetPenColor
gdiplus.dll.GdipSetPenBrushFill
gdiplus.dll.GdipGetPenBrushFill
gdiplus.dll.GdipGetPenFillType
gdiplus.dll.GdipGetPenDashStyle
gdiplus.dll.GdipSetPenDashStyle
gdiplus.dll.GdipGetPenDashOffset
gdiplus.dll.GdipSetPenDashOffset
gdiplus.dll.GdipGetPenDashCount
gdiplus.dll.GdipSetPenDashArray
gdiplus.dll.GdipGetPenDashArray
gdiplus.dll.GdipGetPenCompoundCount
gdiplus.dll.GdipSetPenCompoundArray
gdiplus.dll.GdipGetPenCompoundArray
gdiplus.dll.GdipCreateCustomLineCap
gdiplus.dll.GdipDeleteCustomLineCap
gdiplus.dll.GdipCloneCustomLineCap
gdiplus.dll.GdipGetCustomLineCapType
gdiplus.dll.GdipSetCustomLineCapStrokeCaps
gdiplus.dll.GdipGetCustomLineCapStrokeCaps
gdiplus.dll.GdipSetCustomLineCapStrokeJoin
gdiplus.dll.GdipGetCustomLineCapStrokeJoin
gdiplus.dll.GdipSetCustomLineCapBaseCap
gdiplus.dll.GdipGetCustomLineCapBaseCap
gdiplus.dll.GdipSetCustomLineCapBaseInset
gdiplus.dll.GdipGetCustomLineCapBaseInset
gdiplus.dll.GdipSetCustomLineCapWidthScale
gdiplus.dll.GdipGetCustomLineCapWidthScale
gdiplus.dll.GdipCreateAdjustableArrowCap
gdiplus.dll.GdipSetAdjustableArrowCapHeight
gdiplus.dll.GdipGetAdjustableArrowCapHeight
gdiplus.dll.GdipSetAdjustableArrowCapWidth
gdiplus.dll.GdipGetAdjustableArrowCapWidth
gdiplus.dll.GdipSetAdjustableArrowCapMiddleInset
gdiplus.dll.GdipGetAdjustableArrowCapMiddleInset
gdiplus.dll.GdipSetAdjustableArrowCapFillState
gdiplus.dll.GdipGetAdjustableArrowCapFillState
gdiplus.dll.GdipLoadImageFromStream
gdiplus.dll.GdipLoadImageFromFile
gdiplus.dll.GdipLoadImageFromStreamICM
gdiplus.dll.GdipLoadImageFromFileICM
gdiplus.dll.GdipCloneImage
gdiplus.dll.GdipDisposeImage
gdiplus.dll.GdipSaveImageToFile
gdiplus.dll.GdipSaveImageToStream
gdiplus.dll.GdipSaveAdd
gdiplus.dll.GdipSaveAddImage
gdiplus.dll.GdipGetImageGraphicsContext
gdiplus.dll.GdipGetImageBounds
gdiplus.dll.GdipGetImageDimension
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageHorizontalResolution
gdiplus.dll.GdipGetImageVerticalResolution
gdiplus.dll.GdipGetImageFlags
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImagePixelFormat
gdiplus.dll.GdipGetImageThumbnail
gdiplus.dll.GdipGetEncoderParameterListSize
gdiplus.dll.GdipGetEncoderParameterList
gdiplus.dll.GdipImageGetFrameDimensionsCount
gdiplus.dll.GdipImageGetFrameDimensionsList
gdiplus.dll.GdipImageGetFrameCount
gdiplus.dll.GdipImageSelectActiveFrame
gdiplus.dll.GdipImageRotateFlip
gdiplus.dll.GdipGetImagePalette
gdiplus.dll.GdipSetImagePalette
gdiplus.dll.GdipGetImagePaletteSize
gdiplus.dll.GdipGetPropertyCount
gdiplus.dll.GdipGetPropertyIdList
gdiplus.dll.GdipGetPropertyItemSize
gdiplus.dll.GdipGetPropertyItem
gdiplus.dll.GdipGetPropertySize
gdiplus.dll.GdipGetAllPropertyItems
gdiplus.dll.GdipRemovePropertyItem
gdiplus.dll.GdipSetPropertyItem
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipCreateBitmapFromFile
gdiplus.dll.GdipCreateBitmapFromStreamICM
gdiplus.dll.GdipCreateBitmapFromFileICM
gdiplus.dll.GdipCreateBitmapFromScan0
gdiplus.dll.GdipCreateBitmapFromGraphics
gdiplus.dll.GdipCreateBitmapFromDirectDrawSurface
gdiplus.dll.GdipCreateBitmapFromGdiDib
gdiplus.dll.GdipCreateBitmapFromHBITMAP
gdiplus.dll.GdipCreateHBITMAPFromBitmap
gdiplus.dll.GdipCreateBitmapFromHICON
gdiplus.dll.GdipCreateHICONFromBitmap
gdiplus.dll.GdipCreateBitmapFromResource
gdiplus.dll.GdipCloneBitmapArea
gdiplus.dll.GdipCloneBitmapAreaI
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
gdiplus.dll.GdipBitmapGetPixel
gdiplus.dll.GdipBitmapSetPixel
gdiplus.dll.GdipBitmapSetResolution
gdiplus.dll.GdipCreateImageAttributes
gdiplus.dll.GdipCloneImageAttributes
gdiplus.dll.GdipDisposeImageAttributes
gdiplus.dll.GdipSetImageAttributesToIdentity
gdiplus.dll.GdipResetImageAttributes
gdiplus.dll.GdipSetImageAttributesColorMatrix
gdiplus.dll.GdipSetImageAttributesThreshold
gdiplus.dll.GdipSetImageAttributesGamma
gdiplus.dll.GdipSetImageAttributesNoOp
gdiplus.dll.GdipSetImageAttributesColorKeys
gdiplus.dll.GdipSetImageAttributesOutputChannel
gdiplus.dll.GdipSetImageAttributesOutputChannelColorProfile
gdiplus.dll.GdipSetImageAttributesRemapTable
gdiplus.dll.GdipSetImageAttributesWrapMode
gdiplus.dll.GdipGetImageAttributesAdjustedPalette
gdiplus.dll.GdipFlush
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipCreateFromHDC2
gdiplus.dll.GdipCreateFromHWND
gdiplus.dll.GdipCreateFromHWNDICM
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipGetDC
gdiplus.dll.GdipReleaseDC
gdiplus.dll.GdipSetCompositingMode
gdiplus.dll.GdipGetCompositingMode
gdiplus.dll.GdipSetRenderingOrigin
gdiplus.dll.GdipGetRenderingOrigin
gdiplus.dll.GdipSetCompositingQuality
gdiplus.dll.GdipGetCompositingQuality
gdiplus.dll.GdipSetSmoothingMode
gdiplus.dll.GdipGetSmoothingMode
gdiplus.dll.GdipSetPixelOffsetMode
gdiplus.dll.GdipGetPixelOffsetMode
gdiplus.dll.GdipSetTextRenderingHint
gdiplus.dll.GdipGetTextRenderingHint
gdiplus.dll.GdipSetTextContrast
gdiplus.dll.GdipGetTextContrast
gdiplus.dll.GdipSetInterpolationMode
gdiplus.dll.GdipGetInterpolationMode
gdiplus.dll.GdipSetWorldTransform
gdiplus.dll.GdipResetWorldTransform
gdiplus.dll.GdipMultiplyWorldTransform
gdiplus.dll.GdipTranslateWorldTransform
gdiplus.dll.GdipScaleWorldTransform
gdiplus.dll.GdipRotateWorldTransform
gdiplus.dll.GdipGetWorldTransform
gdiplus.dll.GdipResetPageTransform
gdiplus.dll.GdipGetPageUnit
gdiplus.dll.GdipGetPageScale
gdiplus.dll.GdipSetPageUnit
gdiplus.dll.GdipSetPageScale
gdiplus.dll.GdipGetDpiX
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipTransformPoints
gdiplus.dll.GdipTransformPointsI
gdiplus.dll.GdipGetNearestColor
gdiplus.dll.GdipCreateHalftonePalette
gdiplus.dll.GdipDrawLine
gdiplus.dll.GdipDrawLineI
gdiplus.dll.GdipDrawLines
gdiplus.dll.GdipDrawLinesI
gdiplus.dll.GdipDrawArc
gdiplus.dll.GdipDrawArcI
gdiplus.dll.GdipDrawBezier
gdiplus.dll.GdipDrawBezierI
gdiplus.dll.GdipDrawBeziers
gdiplus.dll.GdipDrawBeziersI
gdiplus.dll.GdipDrawRectangle
gdiplus.dll.GdipDrawRectangleI
gdiplus.dll.GdipDrawRectangles
gdiplus.dll.GdipDrawRectanglesI
gdiplus.dll.GdipDrawEllipse
gdiplus.dll.GdipDrawEllipseI
gdiplus.dll.GdipDrawPie
gdiplus.dll.GdipDrawPieI
gdiplus.dll.GdipDrawPolygon
gdiplus.dll.GdipDrawPolygonI
gdiplus.dll.GdipDrawPath
gdiplus.dll.GdipDrawCurve
gdiplus.dll.GdipDrawCurveI
gdiplus.dll.GdipDrawCurve2
gdiplus.dll.GdipDrawCurve2I
gdiplus.dll.GdipDrawCurve3
gdiplus.dll.GdipDrawCurve3I
gdiplus.dll.GdipDrawClosedCurve
gdiplus.dll.GdipDrawClosedCurveI
gdiplus.dll.GdipDrawClosedCurve2
gdiplus.dll.GdipDrawClosedCurve2I
gdiplus.dll.GdipGraphicsClear
gdiplus.dll.GdipFillRectangle
gdiplus.dll.GdipFillRectangleI
gdiplus.dll.GdipFillRectangles
gdiplus.dll.GdipFillRectanglesI
gdiplus.dll.GdipFillPolygon
gdiplus.dll.GdipFillPolygonI
gdiplus.dll.GdipFillPolygon2
gdiplus.dll.GdipFillPolygon2I
gdiplus.dll.GdipFillEllipse
gdiplus.dll.GdipFillEllipseI
gdiplus.dll.GdipFillPie
gdiplus.dll.GdipFillPieI
gdiplus.dll.GdipFillPath
gdiplus.dll.GdipFillClosedCurve
gdiplus.dll.GdipFillClosedCurveI
gdiplus.dll.GdipFillClosedCurve2
gdiplus.dll.GdipFillClosedCurve2I
gdiplus.dll.GdipFillRegion
gdiplus.dll.GdipDrawImage
gdiplus.dll.GdipDrawImageI
gdiplus.dll.GdipDrawImageRect
gdiplus.dll.GdipDrawImageRectI
gdiplus.dll.GdipDrawImagePoints
gdiplus.dll.GdipDrawImagePointsI
gdiplus.dll.GdipDrawImagePointRect
gdiplus.dll.GdipDrawImagePointRectI
gdiplus.dll.GdipDrawImageRectRect
gdiplus.dll.GdipDrawImageRectRectI
gdiplus.dll.GdipDrawImagePointsRect
gdiplus.dll.GdipDrawImagePointsRectI
gdiplus.dll.GdipEnumerateMetafileDestPoint
gdiplus.dll.GdipEnumerateMetafileDestPointI
gdiplus.dll.GdipEnumerateMetafileDestRect
gdiplus.dll.GdipEnumerateMetafileDestRectI
gdiplus.dll.GdipEnumerateMetafileDestPoints
gdiplus.dll.GdipEnumerateMetafileDestPointsI
gdiplus.dll.GdipEnumerateMetafileSrcRectDestPoint
gdiplus.dll.GdipEnumerateMetafileSrcRectDestPointI
gdiplus.dll.GdipEnumerateMetafileSrcRectDestRect
gdiplus.dll.GdipEnumerateMetafileSrcRectDestRectI
gdiplus.dll.GdipEnumerateMetafileSrcRectDestPoints
gdiplus.dll.GdipEnumerateMetafileSrcRectDestPointsI
gdiplus.dll.GdipPlayMetafileRecord
gdiplus.dll.GdipSetClipGraphics
gdiplus.dll.GdipSetClipRect
gdiplus.dll.GdipSetClipRectI
gdiplus.dll.GdipSetClipPath
gdiplus.dll.GdipSetClipRegion
gdiplus.dll.GdipSetClipHrgn
gdiplus.dll.GdipResetClip
gdiplus.dll.GdipTranslateClip
gdiplus.dll.GdipTranslateClipI
gdiplus.dll.GdipGetClip
gdiplus.dll.GdipGetClipBounds
gdiplus.dll.GdipGetClipBoundsI
gdiplus.dll.GdipIsClipEmpty
gdiplus.dll.GdipGetVisibleClipBounds
gdiplus.dll.GdipGetVisibleClipBoundsI
gdiplus.dll.GdipIsVisibleClipEmpty
gdiplus.dll.GdipIsVisiblePoint
gdiplus.dll.GdipIsVisiblePointI
gdiplus.dll.GdipIsVisibleRect
gdiplus.dll.GdipIsVisibleRectI
gdiplus.dll.GdipSaveGraphics
gdiplus.dll.GdipRestoreGraphics
gdiplus.dll.GdipBeginContainer
gdiplus.dll.GdipBeginContainerI
gdiplus.dll.GdipBeginContainer2
gdiplus.dll.GdipEndContainer
gdiplus.dll.GdipGetMetafileHeaderFromWmf
gdiplus.dll.GdipGetMetafileHeaderFromEmf
gdiplus.dll.GdipGetMetafileHeaderFromFile
gdiplus.dll.GdipGetMetafileHeaderFromStream
gdiplus.dll.GdipGetMetafileHeaderFromMetafile
gdiplus.dll.GdipGetHemfFromMetafile
gdiplus.dll.GdipCreateStreamOnFile
gdiplus.dll.GdipCreateMetafileFromWmf
gdiplus.dll.GdipCreateMetafileFromEmf
gdiplus.dll.GdipCreateMetafileFromFile
gdiplus.dll.GdipCreateMetafileFromWmfFile
gdiplus.dll.GdipCreateMetafileFromStream
gdiplus.dll.GdipRecordMetafile
gdiplus.dll.GdipRecordMetafileI
gdiplus.dll.GdipRecordMetafileFileName
gdiplus.dll.GdipRecordMetafileFileNameI
gdiplus.dll.GdipRecordMetafileStream
gdiplus.dll.GdipRecordMetafileStreamI
gdiplus.dll.GdipSetMetafileDownLevelRasterizationLimit
gdiplus.dll.GdipGetMetafileDownLevelRasterizationLimit
gdiplus.dll.GdipGetImageDecodersSize
gdiplus.dll.GdipGetImageDecoders
gdiplus.dll.GdipGetImageEncodersSize
gdiplus.dll.GdipGetImageEncoders
gdiplus.dll.GdipComment
gdiplus.dll.GdipCreateFontFamilyFromName
gdiplus.dll.GdipDeleteFontFamily
gdiplus.dll.GdipCloneFontFamily
gdiplus.dll.GdipGetGenericFontFamilySansSerif
gdiplus.dll.GdipGetGenericFontFamilySerif
gdiplus.dll.GdipGetGenericFontFamilyMonospace
gdiplus.dll.GdipGetFamilyName
gdiplus.dll.GdipIsStyleAvailable
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetCellAscent
gdiplus.dll.GdipGetCellDescent
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipCreateFontFromDC
gdiplus.dll.GdipCreateFontFromLogfontA
gdiplus.dll.GdipCreateFontFromLogfontW
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipCloneFont
gdiplus.dll.GdipDeleteFont
gdiplus.dll.GdipGetFamily
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetFontHeightGivenDPI
gdiplus.dll.GdipGetLogFontA
gdiplus.dll.GdipGetLogFontW
gdiplus.dll.GdipNewInstalledFontCollection
gdiplus.dll.GdipNewPrivateFontCollection
gdiplus.dll.GdipDeletePrivateFontCollection
gdiplus.dll.GdipGetFontCollectionFamilyCount
gdiplus.dll.GdipGetFontCollectionFamilyList
gdiplus.dll.GdipPrivateAddFontFile
gdiplus.dll.GdipPrivateAddMemoryFont
gdiplus.dll.GdipDrawString
gdiplus.dll.GdipMeasureString
gdiplus.dll.GdipMeasureCharacterRanges
gdiplus.dll.GdipDrawDriverString
gdiplus.dll.GdipMeasureDriverString
gdiplus.dll.GdipCreateStringFormat
gdiplus.dll.GdipStringFormatGetGenericDefault
gdiplus.dll.GdipStringFormatGetGenericTypographic
gdiplus.dll.GdipDeleteStringFormat
gdiplus.dll.GdipCloneStringFormat
gdiplus.dll.GdipSetStringFormatFlags
gdiplus.dll.GdipGetStringFormatFlags
gdiplus.dll.GdipSetStringFormatAlign
gdiplus.dll.GdipGetStringFormatAlign
gdiplus.dll.GdipSetStringFormatLineAlign
gdiplus.dll.GdipGetStringFormatLineAlign
gdiplus.dll.GdipSetStringFormatTrimming
gdiplus.dll.GdipGetStringFormatTrimming
gdiplus.dll.GdipSetStringFormatHotkeyPrefix
gdiplus.dll.GdipGetStringFormatHotkeyPrefix
gdiplus.dll.GdipSetStringFormatTabStops
gdiplus.dll.GdipGetStringFormatTabStops
gdiplus.dll.GdipGetStringFormatTabStopCount
gdiplus.dll.GdipSetStringFormatDigitSubstitution
gdiplus.dll.GdipGetStringFormatDigitSubstitution
gdiplus.dll.GdipGetStringFormatMeasurableCharacterRangeCount
gdiplus.dll.GdipSetStringFormatMeasurableCharacterRanges
gdiplus.dll.GdipCreateCachedBitmap
gdiplus.dll.GdipDeleteCachedBitmap
gdiplus.dll.GdipDrawCachedBitmap
gdiplus.dll.GdipEmfToWmfBits
gdiplus.dll.GdipSetImageAttributesCachedBackground
gdiplus.dll.GdipTestControl
gdiplus.dll.GdiplusNotificationHook
gdiplus.dll.GdiplusNotificationUnhook
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
riched20.dll.CreateTextServices
advapi32.dll.GetUserNameA
advapi32.dll.LookupAccountNameA
advapi32.dll.GetSidIdentifierAuthority
advapi32.dll.GetSidSubAuthorityCount
advapi32.dll.GetSidSubAuthority
iphlpapi.dll.GetAdaptersInfo
kernel32.dll.DeviceIoControl
ole32.dll.CoInitialize
ole32.dll.CoInitializeSecurity
ole32.dll.CoSetProxyBlanket
oleaut32.dll.VariantClear
sechost.dll.LookupAccountNameLocalA
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegEnumKeyExW