- C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
- C:\Users\user\AppData\Local\Temp\netmsg.dll
- C:\Windows\System32\netmsg.dll
- C:\Users\user\AppData\Local\Temp\c596d3996b782414fa812a12d91ac6a23e393efd.exe
- C:\Windows\Fonts\staticcache.dat
-
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Users\user\AppData\Local\Temp\imageres.dll
- C:\Windows\System32\imageres.dll
- \Device\KsecDD
- Show More 4
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
-
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
- Show More 21
- kernel32.dll.SetDllDirectoryW
- kernel32.dll.SetSearchPathMode
- kernel32.dll.SetProcessDEPPolicy
- kernel32.dll.Wow64DisableWow64FsRedirection
- kernel32.dll.Wow64RevertWow64FsRedirection
-
- kernel32.dll.GetCommandLineW
- kernel32.dll.AreFileApisANSI
- kernel32.dll.GetModuleFileNameW
- kernel32.dll.CreateFileW
- kernel32.dll.VirtualAlloc
- kernel32.dll.LoadLibraryA
- kernel32.dll.VirtualProtect
- kernel32.dll.VirtualFree
- kernel32.dll.FreeLibrary
- kernel32.dll.DeleteCriticalSection
- kernel32.dll.LeaveCriticalSection
- kernel32.dll.EnterCriticalSection
- kernel32.dll.InitializeCriticalSection
- kernel32.dll.LocalFree
- kernel32.dll.LocalAlloc
- kernel32.dll.GetCurrentThreadId
- kernel32.dll.WideCharToMultiByte
- kernel32.dll.lstrlenA
- kernel32.dll.lstrcpynA
- kernel32.dll.LoadLibraryExA
- kernel32.dll.GetThreadLocale
- kernel32.dll.GetStartupInfoA
- kernel32.dll.GetProcAddress
- kernel32.dll.GetModuleHandleA
- kernel32.dll.GetModuleFileNameA
- kernel32.dll.GetLocaleInfoA
- kernel32.dll.GetCommandLineA
- kernel32.dll.FindFirstFileA
- kernel32.dll.FindClose
- kernel32.dll.ExitProcess
- kernel32.dll.WriteFile
- kernel32.dll.UnhandledExceptionFilter
- kernel32.dll.RtlUnwind
- kernel32.dll.RaiseException
- kernel32.dll.GetStdHandle
- user32.dll.GetKeyboardType
- user32.dll.LoadStringA
- user32.dll.MessageBoxA
- user32.dll.CharNextA
- advapi32.dll.RegQueryValueExA
- advapi32.dll.RegOpenKeyExA
- advapi32.dll.RegCloseKey
- oleaut32.dll.SysFreeString
- oleaut32.dll.SysReAllocStringLen
- kernel32.dll.TlsSetValue
- kernel32.dll.TlsGetValue
- kernel32.dll.TlsFree
- kernel32.dll.TlsAlloc
- kernel32.dll.VirtualQueryEx
- kernel32.dll.VirtualQuery
- kernel32.dll.ReadProcessMemory
- kernel32.dll.OpenProcess
- kernel32.dll.MoveFileExA
- kernel32.dll.GetVersionExW
- kernel32.dll.GetVersionExA
- kernel32.dll.GetTickCount
- kernel32.dll.GetSystemInfo
- kernel32.dll.GetStringTypeExA
- kernel32.dll.GetDiskFreeSpaceA
- kernel32.dll.GetCurrentProcessId
- kernel32.dll.GetCPInfo
- kernel32.dll.GetACP
- kernel32.dll.EnumCalendarInfoA
- kernel32.dll.CreateSemaphoreW
- kernel32.dll.CloseHandle
- kernel32.dll.BuildCommDCBAndTimeoutsA
- user32.dll.RegisterClipboardFormatA
- user32.dll.GetSystemMetrics
- user32.dll.GetLastInputInfo
- user32.dll.DlgDirListComboBoxA
- kernel32.dll.GetDiskFreeSpaceExA
- gdi32.dll.GetLayout
- gdi32.dll.GdiRealizationInfo
- gdi32.dll.FontIsLinked
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegQueryInfoKeyW
- gdi32.dll.GetTextFaceAliasW
- advapi32.dll.RegEnumValueW
- advapi32.dll.RegQueryValueExW
- gdi32.dll.GetFontAssocStatus
- advapi32.dll.RegEnumKeyExW
- uxtheme.dll.ThemeInitApiHook
- user32.dll.IsProcessDPIAware
- dwmapi.dll.DwmIsCompositionEnabled
- comctl32.dll.RegisterClassNameW
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- uxtheme.dll.EnableThemeDialogTexture
- uxtheme.dll.OpenThemeData
- uxtheme.dll.GetThemeBool
- gdi32.dll.GdiIsMetaPrintDC
- ole32.dll.CoInitializeEx
- ole32.dll.CoUninitialize
- cryptbase.dll.SystemFunction036
- ole32.dll.CoRegisterInitializeSpy
- ole32.dll.CoRevokeInitializeSpy
- uxtheme.dll.BufferedPaintInit
- uxtheme.dll.BufferedPaintRenderAnimation
- uxtheme.dll.BeginBufferedAnimation
- uxtheme.dll.IsThemeBackgroundPartiallyTransparent
- uxtheme.dll.DrawThemeParentBackground
- uxtheme.dll.DrawThemeBackground
- uxtheme.dll.GetThemeBackgroundContentRect
- uxtheme.dll.DrawThemeText
- uxtheme.dll.EndBufferedAnimation
- oleaut32.dll.#500
- uxtheme.dll.CloseThemeData
- uxtheme.dll.BufferedPaintStopAllAnimations
- uxtheme.dll.BufferedPaintUnInit
- Show More 109
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
-
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_CURRENT_USER\Software\Borland\Locales
- HKEY_LOCAL_MACHINE\Software\Borland\Locales
- HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\c596d3996b782414fa812a12d91ac6a23e393efd.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
- Show More 39
- C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
- C:\Windows\System32\netmsg.dll
- C:\Users\user\AppData\Local\Temp\c596d3996b782414fa812a12d91ac6a23e393efd.exe
- C:\Windows\Fonts\staticcache.dat
- C:\Windows\Globalization\Sorting\sortdefault.nls
-
- C:\Windows\System32\imageres.dll
- \Device\KsecDD
- Show More 2
- CicLoadWinStaWinSta0
- Local\MSCTF.CtfMonitorInstMutexDefault1