魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
FILE	2022-01-29 16:21:36	2022-01-29 16:23:45	129 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-shaapp03-2	win7-sp1-x64-shaapp03-2	KVM	2022-01-29 16:21:37	2022-01-29 16:23:47

魔盾分数
2.9 可疑的

文件详细信息

文件名	wz_zp_protected.dll
文件大小	1343488 字节
文件类型	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
CRC32	FF6C62FA
MD5	99d5a928ef374f3a900daed785c21c4e
SHA1	bfa9771dff51864436c052e6ee0e1bc9acbd77cb
SHA256	1a221be503e5595a5e75b9e6b38e96e0f474125af714140c7d168c70e52ab185
SHA512	af242a7c39a9eb7fdbd96b51dc2ec2060140e5e9716bd5b00e3f4a399d0e9176d6c916a661cecbb4b0a1359febc0733951a0fdaa778fe8c35474139841885cd7
Ssdeep	24576:5bxRF6gjhdwz2AoJ5s1oSB43+et/NVIQb6O1CIQcJETrP:5b3ggjhKu+lB4bpDIQB77I
PEiD	无匹配
Yara	IsPE32 (Detected a 32bit PE sample) IsDLL (Detect a DLL sample) IsWindowsGUI (Detected a Windows GUI sample) IsPacked (Detected Entropy signature) HasRichSignature (Detected Rich Signature) create_process (Detection function for creating a new process) win_registry (Detected system registries modification function) Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
VirusTotal	VirusTotal查询失败

特征

创建RWX内存

二进制文件可能包含加密或压缩数据

section: name: , entropy: 7.96, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00021000, virtual_size: 0x00056000

section: name: , entropy: 7.72, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00005000, virtual_size: 0x0002b000

section: name: , entropy: 6.81, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00004000, virtual_size: 0x0000a000

section: name: , entropy: 7.99, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x0002c000, virtual_size: 0x0027f000

section: name: .data, entropy: 7.98, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x000ef000, virtual_size: 0x000ef000

魔盾安全Yara规则检测结果 - 安全告警

Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files

异常的二进制特征

anomaly: Found duplicated section names

运行截图

网络分析

TCP连接

IP地址	端口
23.63.74.41	80

UDP连接

IP地址	端口
192.168.122.1	53

HTTP请求

URL	HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

静态分析

PE 信息

初始地址	0x10000000
入口地址	0x103fdaa4
声明校验值	0x000762ad
实际校验值	0x00148c0f
最低操作系统版本要求	4.0
编译时间	2022-01-29 16:05:04
载入哈希	897e5fd46b008902238aab2b4dbe58f1
导出DLL库名称	wz_zp.dll

PE数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
	0x00001000	0x00056000	0x00021000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	7.96
	0x00057000	0x00007000	0x00002000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	6.52
	0x0005e000	0x0002b000	0x00005000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	7.72
	0x00089000	0x0000a000	0x00004000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	6.81
	0x00093000	0x0027f000	0x0002c000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	7.99
.data	0x00312000	0x000ef000	0x000ef000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	7.98

导入

库 kernel32.dll:

• 0x103121d0 - GetModuleHandleA

• 0x103121d4 - GetProcAddress

• 0x103121d8 - ExitProcess

• 0x103121dc - LoadLibraryA

库 user32.dll:

• 0x103121e4 - MessageBoxA

库 advapi32.dll:

• 0x103121ec - RegCloseKey

库 oleaut32.dll:

• 0x103121f4 - SysFreeString

库 gdi32.dll:

• 0x103121fc - CreateFontA

库 shell32.dll:

• 0x10312204 - ShellExecuteA

库 version.dll:

• 0x1031220c - GetFileVersionInfoA

库 iphlpapi.dll:

• 0x10312214 - GetAdaptersInfo

库 SHLWAPI.dll:

• 0x1031221c - PathFileExistsA

库 WS2_32.dll:

• 0x10312224 - gethostbyname

库 ole32.dll:

• 0x1031222c - CLSIDFromString

库 PSAPI.DLL:

• 0x10312234 - GetMappedFileNameA

库 gdiplus.dll:

• 0x1031223c - GdipDisposeImage

库 oledlg.dll:

• 0x10312244 - None

库 WINSPOOL.DRV:

• 0x1031224c - DocumentPropertiesA

库 COMCTL32.dll:

• 0x10312254 - None

导出

序列	地址	名称
1	0x100232b2	Init
2	0x100232be	wzAudioCreate

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息

执行的命令 无信息

创建的服务 无信息

启动的服务 无信息

进程

rundll32.exe PID: 2692, 上一级进程 PID: 2292

访问的文件

C:\Users\test\AppData\Local\Temp\wz_zp_protected.dll
C:\Users\test\AppData\Local\Temp\wz_zp_protected.dll.123.Manifest
C:\Users\test\AppData\Local\Temp\wz_zp_protected.dll.124.Manifest
C:\Users\test\AppData\Local\Temp\wz_zp_protected.dll.2.Manifest
C:\Windows\SysWOW64\rundll32.exe
C:\Users\test\AppData\Local\Temp\iphlpapi.dll
C:\Windows\System32\IPHLPAPI.DLL
C:\Users\test\AppData\Local\Temp\WINNSI.DLL
C:\Windows\System32\winnsi.dll
C:\Windows\SysWOW64\rundll32.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\test\AppData\Local\Temp\oledlg.dll
C:\Windows\System32\oledlg.dll
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
C:\Windows
C:\Windows\SysWOW64
C:\Users\test\AppData\Local\Temp\wz_zp_protected.CHS
C:\Users\test\AppData\Local\Temp\wz_zp_protected.CHS.DLL
C:\Users\test\AppData\Local\Temp\wz_zp_protected.CH
C:\Users\test\AppData\Local\Temp\wz_zp_protected.CH.DLL
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\System32\tzres.dll
C:\Users\test\AppData\Local\Temp\E638B46C
C:\Windows\SysWOW64\*.exe
C:\Windows\SysWOW64\data\gate.txt
\??\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}
C:\Windows\SysWOW64\close.bat
C:\Windows\SysWOW64\MuError.log
C:\Windows\SysWOW64\data\world52

读取的文件

C:\Users\test\AppData\Local\Temp\wz_zp_protected.dll
C:\Users\test\AppData\Local\Temp\wz_zp_protected.dll.123.Manifest
C:\Users\test\AppData\Local\Temp\wz_zp_protected.dll.124.Manifest
C:\Users\test\AppData\Local\Temp\wz_zp_protected.dll.2.Manifest
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\IPHLPAPI.DLL
C:\Windows\System32\winnsi.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\System32\oledlg.dll
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\System32\tzres.dll
C:\Users\test\AppData\Local\Temp\E638B46C
C:\Windows\SysWOW64\data\gate.txt
\??\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}

修改的文件

\??\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}

删除的文件

C:\Windows\SysWOW64\close.bat

注册表键

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\wz_zp_protected.dll
HKEY_CURRENT_USER\Software\Borland\Locales
HKEY_CURRENT_USER\Software\Borland\Locales\C:\Windows\SysWOW64\rundll32.exe
HKEY_CURRENT_USER\Software\Borland\Locales\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08040804
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\E0200804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\layout text
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\E0210804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0210804\layout text
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04090409
HKEY_CURRENT_USER\SOFTWARE\EnigmaDevelopers
HKEY_CURRENT_USER\Software\Enigma Protector\21483B54ECAC9B58-BC05126EE8909F86
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\AdapterTroubleshooter.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ARP.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\at.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\AtBroker.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\attrib.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\auditpol.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\autochk.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\autoconv.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\autofmt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\bitsadmin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\bootcfg.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\bthudtask.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cacls.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\calc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\CertEnrollCtrl.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\certreq.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\certutil.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\charmap.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\chkdsk.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\chkntfs.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\choice.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cipher.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cleanmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cliconfg.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\clip.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cmd.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cmdkey.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cmdl32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cmmon32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cmstp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\colorcpl.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\comp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\compact.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ComputerDefaults.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\control.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\convert.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\credwiz.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cscript.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cttune.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cttunesvr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dccw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dcomcnfg.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ddodiag.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\DevicePairingWizard.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\DeviceProperties.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dfrgui.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dialer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\diantz.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\diskpart.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\diskperf.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\diskraid.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\Dism.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\DisplaySwitch.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dllhost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dllhst3g.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dnscacheugc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\doskey.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dpapimig.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\DpiScaling.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dplaysvr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dpnsvr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\driverquery.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\drvinst.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dvdplay.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dvdupgrd.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\DWWIN.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dxdiag.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\efsui.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\EhStorAuthn.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\esentutl.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\eudcedit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\eventcreate.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\eventvwr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\expand.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\explorer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\extrac32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\fc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\find.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\findstr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\finger.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\fixmapi.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\FlashPlayerApp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\fltMC.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\fontview.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\forfiles.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\fsutil.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ftp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\getmac.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\gpresult.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\gpscript.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\gpupdate.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\grpconv.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\hdwwiz.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\help.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\hh.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\HOSTNAME.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\icacls.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\icardagt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\icsunattend.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ie4uinit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ieUnatt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\iexpress.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\InfDefaultInstall.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\instnm.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ipconfig.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\iscsicli.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\iscsicpl.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\isoburn.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ktmutil.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\label.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\LocationNotifications.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\lodctr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\logagent.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\logman.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\Magnify.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\makecab.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mcbuilder.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mfpmp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\MigAutoPlay.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mmc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mobsync.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mountvol.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\MRINFO.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\msdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\msfeedssync.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mshta.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\msiexec.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\msinfo32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mspaint.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\msra.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mstsc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mtstocom.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\MuiUnattend.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\NAPSTAT.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ndadmin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\net.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\net1.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\netbtugc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\netiougc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\Netplwiz.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\netsh.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\NETSTAT.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\newdev.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\notepad.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\nslookup.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ntkrnlpa.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ntoskrnl.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ntprint.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ocsetup.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\odbcad32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\odbcconf.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\openfiles.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\OptionalFeatures.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\osk.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\PATHPING.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\pcaui.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\perfhost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\perfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\PING.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\PkgMgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\poqexec.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\powercfg.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\PresentationHost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\prevhost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\print.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\printui.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\proquota.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\psr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\PushPrinterConnections.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rasautou.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rasdial.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\raserver.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rasphone.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rdrleakdiag.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ReAgentc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\recover.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\reg.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\regedit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\regedt32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\regini.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RegisterIEPKEYs.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\regsvr32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rekeywiz.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\relog.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\replace.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\resmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RMActivate.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RMActivate_isv.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RMActivate_ssp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RmClient.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\Robocopy.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ROUTE.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RpcPing.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rrinstaller.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\runas.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rundll32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RunLegacyCPLElevated.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\runonce.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sbunattend.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\schtasks.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sdbinst.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sdchange.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sdiagnhost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SearchFilterHost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SearchIndexer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SearchProtocolHost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SecEdit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\secinit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sethc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SetIEInstalledDate.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\setup16.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\setupSNK.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\setupugc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\setx.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sfc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\shrpubw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\shutdown.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SndVol.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sort.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\srdelayed.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\subst.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sxstrace.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SyncHost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\syskey.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\systeminfo.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesComputerName.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesHardware.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesPerformance.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesProtection.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesRemote.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\systray.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\takeown.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\TapiUnattend.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\taskeng.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\taskkill.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\tasklist.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\taskmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\tcmsetup.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\TCPSVCS.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\timeout.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\TpmInit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\tracerpt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\TRACERT.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\TSTheme.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\TsWpfWrp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\typeperf.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\tzutil.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\unlodctr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\unregmp2.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\upnpcont.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\user.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\UserAccountControlSettings.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\userinit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\Utilman.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\verclsid.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\verifier.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\vssadmin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\w32tm.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\waitfor.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wecutil.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\WerFault.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\WerFaultSecure.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wermgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wevtutil.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wextract.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\where.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\whoami.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wiaacmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wimserv.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wininit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\winrs.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\winrshost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\winver.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wlanext.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wowreg32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\WPDShextAutoplay.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\write.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wscript.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\WSManHTTPConfig.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wsmprovhost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wuapp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wusa.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\xcopy.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\xpsrchvw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\xwizard.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\EditionID
HKEY_CURRENT_USER\Software\Webzen\Mu\Config
HKEY_CURRENT_USER\Software\Webzen\Mu\Config\Resolution

读取的注册表键

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\wz_zp_protected.dll
HKEY_CURRENT_USER\Software\Borland\Locales\C:\Windows\SysWOW64\rundll32.exe
HKEY_CURRENT_USER\Software\Borland\Locales\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\layout text
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0210804\layout text
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\EditionID

修改的注册表键

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\AdapterTroubleshooter.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ARP.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\at.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\AtBroker.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\attrib.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\auditpol.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\autochk.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\autoconv.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\autofmt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\bitsadmin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\bootcfg.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\bthudtask.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cacls.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\calc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\CertEnrollCtrl.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\certreq.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\certutil.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\charmap.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\chkdsk.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\chkntfs.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\choice.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cipher.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cleanmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cliconfg.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\clip.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cmd.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cmdkey.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cmdl32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cmmon32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cmstp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\colorcpl.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\comp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\compact.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ComputerDefaults.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\control.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\convert.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\credwiz.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cscript.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cttune.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\cttunesvr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dccw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dcomcnfg.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ddodiag.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\DevicePairingWizard.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\DeviceProperties.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dfrgui.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dialer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\diantz.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\diskpart.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\diskperf.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\diskraid.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\Dism.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\DisplaySwitch.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dllhost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dllhst3g.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dnscacheugc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\doskey.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dpapimig.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\DpiScaling.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dplaysvr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dpnsvr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\driverquery.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\drvinst.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dvdplay.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dvdupgrd.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\DWWIN.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\dxdiag.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\efsui.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\EhStorAuthn.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\esentutl.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\eudcedit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\eventcreate.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\eventvwr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\expand.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\explorer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\extrac32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\fc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\find.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\findstr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\finger.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\fixmapi.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\FlashPlayerApp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\fltMC.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\fontview.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\forfiles.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\fsutil.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ftp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\getmac.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\gpresult.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\gpscript.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\gpupdate.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\grpconv.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\hdwwiz.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\help.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\hh.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\HOSTNAME.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\icacls.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\icardagt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\icsunattend.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ie4uinit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ieUnatt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\iexpress.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\InfDefaultInstall.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\instnm.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ipconfig.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\iscsicli.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\iscsicpl.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\isoburn.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ktmutil.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\label.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\LocationNotifications.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\lodctr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\logagent.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\logman.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\Magnify.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\makecab.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mcbuilder.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mfpmp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\MigAutoPlay.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mmc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mobsync.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mountvol.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\MRINFO.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\msdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\msfeedssync.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mshta.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\msiexec.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\msinfo32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mspaint.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\msra.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mstsc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\mtstocom.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\MuiUnattend.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\NAPSTAT.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ndadmin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\net.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\net1.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\netbtugc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\netiougc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\Netplwiz.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\netsh.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\NETSTAT.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\newdev.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\notepad.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\nslookup.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ntkrnlpa.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ntoskrnl.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ntprint.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ocsetup.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\odbcad32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\odbcconf.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\openfiles.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\OptionalFeatures.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\osk.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\PATHPING.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\pcaui.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\perfhost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\perfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\PING.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\PkgMgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\poqexec.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\powercfg.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\PresentationHost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\prevhost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\print.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\printui.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\proquota.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\psr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\PushPrinterConnections.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rasautou.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rasdial.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\raserver.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rasphone.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rdrleakdiag.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ReAgentc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\recover.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\reg.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\regedit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\regedt32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\regini.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RegisterIEPKEYs.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\regsvr32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rekeywiz.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\relog.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\replace.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\resmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RMActivate.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RMActivate_isv.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RMActivate_ssp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RmClient.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\Robocopy.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\ROUTE.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RpcPing.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rrinstaller.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\runas.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\rundll32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\RunLegacyCPLElevated.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\runonce.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sbunattend.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\schtasks.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sdbinst.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sdchange.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sdiagnhost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SearchFilterHost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SearchIndexer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SearchProtocolHost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SecEdit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\secinit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sethc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SetIEInstalledDate.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\setup16.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\setupSNK.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\setupugc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\setx.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sfc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\shrpubw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\shutdown.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SndVol.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sort.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\srdelayed.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\subst.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\sxstrace.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SyncHost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\syskey.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\systeminfo.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesComputerName.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesHardware.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesPerformance.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesProtection.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\SystemPropertiesRemote.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\systray.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\takeown.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\TapiUnattend.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\taskeng.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\taskkill.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\tasklist.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\taskmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\tcmsetup.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\TCPSVCS.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\timeout.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\TpmInit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\tracerpt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\TRACERT.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\TSTheme.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\TsWpfWrp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\typeperf.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\tzutil.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\unlodctr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\unregmp2.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\upnpcont.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\user.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\UserAccountControlSettings.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\userinit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\Utilman.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\verclsid.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\verifier.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\vssadmin.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\w32tm.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\waitfor.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wecutil.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\WerFault.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\WerFaultSecure.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wermgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wevtutil.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wextract.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\where.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\whoami.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wiaacmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wimserv.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wininit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\winrs.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\winrshost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\winver.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wlanext.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wowreg32.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\WPDShextAutoplay.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\write.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wscript.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\WSManHTTPConfig.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wsmprovhost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wuapp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\wusa.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\xcopy.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\xpsrchvw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\SysWOW64\xwizard.exe
HKEY_CURRENT_USER\Software\Webzen\Mu\Config
HKEY_CURRENT_USER\Software\Webzen\Mu\Config\Resolution

删除的注册表键 无信息

API解析

kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernelbase.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.ProcessIdToSessionId
imm32.dll.ImmCreateContext
imm32.dll.ImmDestroyContext
imm32.dll.ImmNotifyIME
imm32.dll.ImmAssociateContext
imm32.dll.ImmReleaseContext
imm32.dll.ImmGetContext
imm32.dll.ImmGetCompositionStringA
imm32.dll.ImmSetCompositionStringA
imm32.dll.ImmGetCompositionStringW
imm32.dll.ImmSetCompositionStringW
imm32.dll.ImmSetCandidateWindow
kernel32.dll.DeleteCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.EnterCriticalSection
kernel32.dll.InitializeCriticalSection
kernel32.dll.VirtualFree
kernel32.dll.VirtualAlloc
kernel32.dll.LocalFree
kernel32.dll.LocalAlloc
kernel32.dll.GetTickCount
kernel32.dll.QueryPerformanceCounter
kernel32.dll.GetVersion
kernel32.dll.GetCurrentThreadId
kernel32.dll.InterlockedDecrement
kernel32.dll.InterlockedIncrement
kernel32.dll.VirtualQuery
kernel32.dll.WideCharToMultiByte
kernel32.dll.MultiByteToWideChar
kernel32.dll.lstrlenA
kernel32.dll.lstrcpynA
kernel32.dll.LoadLibraryExA
kernel32.dll.GetThreadLocale
kernel32.dll.GetStartupInfoA
kernel32.dll.GetProcAddress
kernel32.dll.GetModuleHandleA
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetLocaleInfoA
kernel32.dll.GetCommandLineA
kernel32.dll.FreeLibrary
kernel32.dll.FindFirstFileA
kernel32.dll.FindClose
kernel32.dll.ExitProcess
kernel32.dll.ExitThread
kernel32.dll.CreateThread
kernel32.dll.WriteFile
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.RtlUnwind
kernel32.dll.RaiseException
kernel32.dll.GetStdHandle
kernel32.dll.TlsSetValue
kernel32.dll.TlsGetValue
kernel32.dll.TlsFree
kernel32.dll.TlsAlloc
kernel32.dll.lstrcpyA
kernel32.dll.lstrcmpA
kernel32.dll.WriteProcessMemory
kernel32.dll.WritePrivateProfileStringW
kernel32.dll.WritePrivateProfileStringA
kernel32.dll.WaitForSingleObject
kernel32.dll.VirtualUnlock
kernel32.dll.VirtualProtectEx
kernel32.dll.VirtualProtect
kernel32.dll.VirtualLock
kernel32.dll.VirtualAllocEx
kernel32.dll.UnmapViewOfFile
kernel32.dll.TerminateThread
kernel32.dll.SystemTimeToFileTime
kernel32.dll.SuspendThread
kernel32.dll.Sleep
kernel32.dll.SizeofResource
kernel32.dll.SetThreadPriority
kernel32.dll.SetThreadLocale
kernel32.dll.SetThreadContext
kernel32.dll.SetLastError
kernel32.dll.SetFileTime
kernel32.dll.SetFilePointer
kernel32.dll.SetFileAttributesW
kernel32.dll.SetFileAttributesA
kernel32.dll.SetEvent
kernel32.dll.SetErrorMode
kernel32.dll.SetEnvironmentVariableA
kernel32.dll.SetEndOfFile
kernel32.dll.SetCurrentDirectoryW
kernel32.dll.SetCurrentDirectoryA
kernel32.dll.ResumeThread
kernel32.dll.ResetEvent
kernel32.dll.RemoveDirectoryW
kernel32.dll.RemoveDirectoryA
kernel32.dll.ReadProcessMemory
kernel32.dll.ReadFile
kernel32.dll.QueryDosDeviceW
kernel32.dll.PostQueuedCompletionStatus
kernel32.dll.OpenProcess
kernel32.dll.MulDiv
kernel32.dll.MapViewOfFileEx
kernel32.dll.MapViewOfFile
kernel32.dll.LockResource
kernel32.dll.LoadResource
kernel32.dll.LoadLibraryExW
kernel32.dll.LoadLibraryW
kernel32.dll.LoadLibraryA
kernel32.dll.IsBadWritePtr
kernel32.dll.IsBadStringPtrW
kernel32.dll.IsBadReadPtr
kernel32.dll.HeapDestroy
kernel32.dll.HeapCreate
kernel32.dll.HeapAlloc
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalReAlloc
kernel32.dll.GlobalHandle
kernel32.dll.GlobalLock
kernel32.dll.GlobalFree
kernel32.dll.GlobalFindAtomA
kernel32.dll.GlobalDeleteAtom
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalAddAtomA
kernel32.dll.GetWindowsDirectoryW
kernel32.dll.GetWindowsDirectoryA
kernel32.dll.GetVolumeInformationA
kernel32.dll.GetVersionExA
kernel32.dll.GetTimeZoneInformation
kernel32.dll.GetThreadPriority
kernel32.dll.GetThreadContext
kernel32.dll.GetTempPathW
kernel32.dll.GetTempPathA
kernel32.dll.GetTempFileNameW
kernel32.dll.GetTempFileNameA
kernel32.dll.GetSystemInfo
kernel32.dll.GetSystemDirectoryW
kernel32.dll.GetSystemDirectoryA
kernel32.dll.GetStringTypeExW
kernel32.dll.GetStringTypeExA
kernel32.dll.GetPrivateProfileStringW
kernel32.dll.GetPrivateProfileStringA
kernel32.dll.GetModuleHandleW
kernel32.dll.GetModuleFileNameW
kernel32.dll.GetLogicalDriveStringsW
kernel32.dll.GetLocaleInfoW
kernel32.dll.GetLocalTime
kernel32.dll.GetLastError
kernel32.dll.GetFullPathNameW
kernel32.dll.GetFullPathNameA
kernel32.dll.GetFileSize
kernel32.dll.GetFileAttributesW
kernel32.dll.GetFileAttributesA
kernel32.dll.GetExitCodeThread
kernel32.dll.GetDriveTypeA
kernel32.dll.GetDiskFreeSpaceA
kernel32.dll.GetDateFormatA
kernel32.dll.GetCurrentThread
kernel32.dll.GetCurrentProcessId
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.GetCurrentDirectoryA
kernel32.dll.GetComputerNameW
kernel32.dll.GetComputerNameA
kernel32.dll.GetCommandLineW
kernel32.dll.GetCPInfo
kernel32.dll.GetACP
kernel32.dll.FreeResource
kernel32.dll.InterlockedExchange
kernel32.dll.FormatMessageW
kernel32.dll.FormatMessageA
kernel32.dll.FlushInstructionCache
kernel32.dll.FindResourceW
kernel32.dll.FindResourceA
kernel32.dll.FindNextFileW
kernel32.dll.FindNextFileA
kernel32.dll.FindFirstFileW
kernel32.dll.FileTimeToLocalFileTime
kernel32.dll.FileTimeToDosDateTime
kernel32.dll.EnumCalendarInfoA
kernel32.dll.DeviceIoControl
kernel32.dll.DeleteFileW
kernel32.dll.DeleteFileA
kernel32.dll.CreateMutexA
kernel32.dll.CreateFileMappingW
kernel32.dll.CreateFileMappingA
kernel32.dll.CreateFileW
kernel32.dll.CreateFileA
kernel32.dll.CreateEventA
kernel32.dll.CreateDirectoryW
kernel32.dll.CreateDirectoryA
kernel32.dll.CompareStringW
kernel32.dll.CompareStringA
kernel32.dll.CloseHandle
kernel32.dll.IsBadStringPtrA
user32.dll.GetKeyboardType
user32.dll.LoadStringA
user32.dll.MessageBoxA
user32.dll.CharNextA
user32.dll.CreateWindowExW
user32.dll.CreateWindowExA
user32.dll.WindowFromPoint
user32.dll.WinHelpA
user32.dll.WaitMessage
user32.dll.VkKeyScanW
user32.dll.UpdateWindow
user32.dll.UnregisterClassW
user32.dll.UnregisterClassA
user32.dll.UnhookWindowsHookEx
user32.dll.TranslateMessage
user32.dll.TranslateMDISysAccel
user32.dll.TrackPopupMenu
user32.dll.SystemParametersInfoA
user32.dll.ShowWindow
user32.dll.ShowScrollBar
user32.dll.ShowOwnedPopups
user32.dll.ShowCursor
user32.dll.SetWindowsHookExW
user32.dll.SetWindowsHookExA
user32.dll.SetWindowTextW
user32.dll.SetWindowTextA
user32.dll.SetWindowPos
user32.dll.SetWindowPlacement
user32.dll.SetWindowLongW
user32.dll.SetWindowLongA
user32.dll.SetTimer
user32.dll.SetScrollRange
user32.dll.SetScrollPos
user32.dll.SetScrollInfo
user32.dll.SetRect
user32.dll.SetPropA
user32.dll.SetParent
user32.dll.SetMenuItemInfoW
user32.dll.SetMenuItemInfoA
user32.dll.SetMenu
user32.dll.SetForegroundWindow
user32.dll.SetFocus
user32.dll.SetCursor
user32.dll.SetClassLongA
user32.dll.SetCapture
user32.dll.SetActiveWindow
user32.dll.SendMessageW
user32.dll.SendMessageA
user32.dll.ScrollWindow
user32.dll.ScreenToClient
user32.dll.RemovePropA
user32.dll.RemoveMenu
user32.dll.ReleaseDC
user32.dll.ReleaseCapture
user32.dll.RegisterWindowMessageA
user32.dll.RegisterClipboardFormatA
user32.dll.RegisterClassW
user32.dll.RegisterClassA
user32.dll.RedrawWindow
user32.dll.PtInRect
user32.dll.PostQuitMessage
user32.dll.PostMessageW
user32.dll.PostMessageA
user32.dll.PeekMessageA
user32.dll.OffsetRect
user32.dll.OemToCharA
user32.dll.MsgWaitForMultipleObjects
user32.dll.MessageBoxW
user32.dll.MapWindowPoints
user32.dll.MapVirtualKeyW
user32.dll.MapVirtualKeyA
user32.dll.LoadKeyboardLayoutA
user32.dll.LoadIconA
user32.dll.LoadCursorA
user32.dll.LoadBitmapA
user32.dll.KillTimer
user32.dll.IsZoomed
user32.dll.IsWindowVisible
user32.dll.IsWindowUnicode
user32.dll.IsWindowEnabled
user32.dll.IsWindow
user32.dll.IsRectEmpty
user32.dll.IsIconic
user32.dll.IsDialogMessageW
user32.dll.IsDialogMessageA
user32.dll.IsChild
user32.dll.InvalidateRect
user32.dll.IntersectRect
user32.dll.InsertMenuItemA
user32.dll.InsertMenuA
user32.dll.InflateRect
user32.dll.GetWindowThreadProcessId
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.GetWindowTextA
user32.dll.GetWindowRect
user32.dll.GetWindowPlacement
user32.dll.GetWindowLongW
user32.dll.GetWindowLongA
user32.dll.GetWindowDC
user32.dll.GetTopWindow
user32.dll.GetSystemMetrics
user32.dll.GetSystemMenu
user32.dll.GetSysColorBrush
user32.dll.GetSysColor
user32.dll.GetSubMenu
user32.dll.GetScrollRange
user32.dll.GetScrollPos
user32.dll.GetScrollInfo
user32.dll.GetPropA
user32.dll.GetParent
user32.dll.GetWindow
user32.dll.GetMessagePos
user32.dll.GetMenuStringW
user32.dll.GetMenuStringA
user32.dll.GetMenuState
user32.dll.GetMenuItemInfoW
user32.dll.GetMenuItemInfoA
user32.dll.GetMenuItemID
user32.dll.GetMenuItemCount
user32.dll.GetMenu
user32.dll.GetLastActivePopup
user32.dll.GetKeyboardState
user32.dll.GetKeyboardLayoutList
user32.dll.GetKeyboardLayout
user32.dll.GetKeyState
user32.dll.GetKeyNameTextW
user32.dll.GetKeyNameTextA
user32.dll.GetIconInfo
user32.dll.GetForegroundWindow
user32.dll.GetFocus
user32.dll.GetDesktopWindow
user32.dll.GetDCEx
user32.dll.GetDC
user32.dll.GetCursorPos
user32.dll.GetCursor
user32.dll.GetClipboardData
user32.dll.GetClientRect
user32.dll.GetClassNameW
user32.dll.GetClassNameA
user32.dll.GetClassInfoW
user32.dll.GetClassInfoA
user32.dll.GetCapture
user32.dll.GetActiveWindow
user32.dll.FrameRect
user32.dll.FindWindowW
user32.dll.FindWindowA
user32.dll.FillRect
user32.dll.EqualRect
user32.dll.EnumWindows
user32.dll.EnumThreadWindows
user32.dll.EndPaint
user32.dll.EnableWindow
user32.dll.EnableScrollBar
user32.dll.EnableMenuItem
user32.dll.DrawTextW
user32.dll.DrawTextA
user32.dll.DrawMenuBar
user32.dll.DrawIconEx
user32.dll.DrawIcon
user32.dll.DrawFrameControl
user32.dll.DrawEdge
user32.dll.DispatchMessageW
user32.dll.DispatchMessageA
user32.dll.DestroyWindow
user32.dll.DestroyMenu
user32.dll.DestroyIcon
user32.dll.DestroyCursor
user32.dll.DeleteMenu
user32.dll.DefWindowProcW
user32.dll.DefWindowProcA
user32.dll.DefMDIChildProcW
user32.dll.DefMDIChildProcA
user32.dll.DefFrameProcW
user32.dll.DefFrameProcA
user32.dll.CreatePopupMenu
user32.dll.CreateMenu
user32.dll.CreateMDIWindowW
user32.dll.CreateIcon
user32.dll.ClientToScreen
user32.dll.ChildWindowFromPoint
user32.dll.CheckMenuItem
user32.dll.CharUpperBuffW
user32.dll.CharUpperW
user32.dll.CharLowerBuffW
user32.dll.CharLowerW
user32.dll.CallWindowProcW
user32.dll.CallWindowProcA
user32.dll.CallNextHookEx
user32.dll.BeginPaint
user32.dll.CharLowerBuffA
user32.dll.CharLowerA
user32.dll.CharUpperA
user32.dll.CharToOemA
user32.dll.AdjustWindowRectEx
user32.dll.ActivateKeyboardLayout
advapi32.dll.RegQueryValueExA
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegCloseKey
advapi32.dll.RegSetValueExW
advapi32.dll.RegSetValueExA
advapi32.dll.RegQueryValueExW
advapi32.dll.RegOpenKeyA
advapi32.dll.RegFlushKey
advapi32.dll.RegDeleteValueA
advapi32.dll.RegCreateKeyExA
advapi32.dll.OpenThreadToken
advapi32.dll.OpenProcessToken
advapi32.dll.GetUserNameW
advapi32.dll.GetUserNameA
advapi32.dll.GetTokenInformation
advapi32.dll.FreeSid
advapi32.dll.EqualSid
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenSCManagerA
advapi32.dll.EnumServicesStatusA
advapi32.dll.CloseServiceHandle
oleaut32.dll.SysFreeString
oleaut32.dll.SysReAllocStringLen
oleaut32.dll.SysAllocStringLen
oleaut32.dll.GetErrorInfo
oleaut32.dll.SafeArrayPtrOfIndex
oleaut32.dll.SafeArrayGetUBound
oleaut32.dll.SafeArrayGetLBound
oleaut32.dll.SafeArrayCreate
oleaut32.dll.VariantChangeType
oleaut32.dll.VariantCopy
oleaut32.dll.VariantClear
oleaut32.dll.VariantInit
version.dll.VerQueryValueA
version.dll.GetFileVersionInfoSizeA
version.dll.GetFileVersionInfoA
gdi32.dll.UnrealizeObject
gdi32.dll.StretchDIBits
gdi32.dll.StretchBlt
gdi32.dll.SetWindowOrgEx
gdi32.dll.SetWinMetaFileBits
gdi32.dll.SetViewportOrgEx
gdi32.dll.SetTextColor
gdi32.dll.SetStretchBltMode
gdi32.dll.SetROP2
gdi32.dll.SetPixel
gdi32.dll.SetPaletteEntries
gdi32.dll.SetEnhMetaFileBits
gdi32.dll.SetDIBColorTable
gdi32.dll.SetBrushOrgEx
gdi32.dll.SetBkMode
gdi32.dll.SetBkColor
gdi32.dll.SelectPalette
gdi32.dll.SelectObject
gdi32.dll.SelectClipRgn
gdi32.dll.SaveDC
gdi32.dll.RoundRect
gdi32.dll.RestoreDC
gdi32.dll.ResizePalette
gdi32.dll.Rectangle
gdi32.dll.RectVisible
gdi32.dll.RealizePalette
gdi32.dll.Polyline
gdi32.dll.PlayEnhMetaFile
gdi32.dll.PatBlt
gdi32.dll.MoveToEx
gdi32.dll.MaskBlt
gdi32.dll.LineTo
gdi32.dll.IntersectClipRect
gdi32.dll.GetWindowOrgEx
gdi32.dll.GetWinMetaFileBits
gdi32.dll.GetTextMetricsA
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.GetTextExtentPoint32A
gdi32.dll.GetSystemPaletteEntries
gdi32.dll.GetStockObject
gdi32.dll.GetPixel
gdi32.dll.GetPaletteEntries
gdi32.dll.GetObjectA
gdi32.dll.GetNearestPaletteIndex
gdi32.dll.GetEnhMetaFilePaletteEntries
gdi32.dll.GetEnhMetaFileHeader
gdi32.dll.GetEnhMetaFileBits
gdi32.dll.GetDeviceCaps
gdi32.dll.GetDIBits
gdi32.dll.GetDIBColorTable
gdi32.dll.GetDCOrgEx
gdi32.dll.GetCurrentPositionEx
gdi32.dll.GetClipBox
gdi32.dll.GetBrushOrgEx
gdi32.dll.GetBitmapBits
gdi32.dll.GdiFlush
gdi32.dll.ExtTextOutA
gdi32.dll.ExcludeClipRect
gdi32.dll.Ellipse
gdi32.dll.DeleteObject
gdi32.dll.DeleteEnhMetaFile
gdi32.dll.DeleteDC
gdi32.dll.CreateSolidBrush
gdi32.dll.CreatePenIndirect
gdi32.dll.CreatePalette
gdi32.dll.CreateHalftonePalette
gdi32.dll.CreateFontIndirectA
gdi32.dll.CreateDIBitmap
gdi32.dll.CreateDIBSection
gdi32.dll.CreateCompatibleDC
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.CreateBrushIndirect
gdi32.dll.CreateBitmap
gdi32.dll.CopyEnhMetaFileA
gdi32.dll.BitBlt
shell32.dll.ShellExecuteW
shell32.dll.ShellExecuteA
shell32.dll.ExtractAssociatedIconW
shell32.dll.ExtractAssociatedIconA
ole32.dll.CreateStreamOnHGlobal
ole32.dll.CoTaskMemAlloc
ole32.dll.CoCreateInstance
ole32.dll.CoUninitialize
ole32.dll.CoInitialize
comctl32.dll.ImageList_SetIconSize
comctl32.dll.ImageList_GetIconSize
comctl32.dll.ImageList_Write
comctl32.dll.ImageList_Read
comctl32.dll.ImageList_GetDragImage
comctl32.dll.ImageList_DragShowNolock
comctl32.dll.ImageList_SetDragCursorImage
comctl32.dll.ImageList_DragMove
comctl32.dll.ImageList_DragLeave
comctl32.dll.ImageList_DragEnter
comctl32.dll.ImageList_EndDrag
comctl32.dll.ImageList_BeginDrag
comctl32.dll.ImageList_Remove
comctl32.dll.ImageList_DrawEx
comctl32.dll.ImageList_Replace
comctl32.dll.ImageList_Draw
comctl32.dll.ImageList_GetBkColor
comctl32.dll.ImageList_SetBkColor
comctl32.dll.ImageList_ReplaceIcon
comctl32.dll.ImageList_Add
comctl32.dll.ImageList_GetImageCount
comctl32.dll.ImageList_Destroy
comctl32.dll.ImageList_Create
comctl32.dll.InitCommonControls
ntdll.dll.RtlInitUnicodeString
ntdll.dll.RtlInitString
ntdll.dll.RtlFreeUnicodeString
ntdll.dll.RtlFormatCurrentUserKeyPath
ntdll.dll.RtlDosPathNameToNtPathName_U
ntdll.dll.ZwProtectVirtualMemory
ntdll.dll.NtOpenSection
ntdll.dll.RtlInitAnsiString
ntdll.dll.RtlAnsiStringToUnicodeString
ntdll.dll.LdrGetProcedureAddress
shfolder.dll.SHGetFolderPathW
shfolder.dll.SHGetFolderPathA
shlwapi.dll.PathMatchSpecW
kernel32.dll.GetLongPathNameA
kernel32.dll.GetDiskFreeSpaceExA
oleaut32.dll.VariantChangeTypeEx
oleaut32.dll.VarNeg
oleaut32.dll.VarNot
oleaut32.dll.VarAdd
oleaut32.dll.VarSub
oleaut32.dll.VarMul
oleaut32.dll.VarDiv
oleaut32.dll.VarIdiv
oleaut32.dll.VarMod
oleaut32.dll.VarAnd
oleaut32.dll.VarOr
oleaut32.dll.VarXor
oleaut32.dll.VarCmp
oleaut32.dll.VarI4FromStr
oleaut32.dll.VarR4FromStr
oleaut32.dll.VarR8FromStr
oleaut32.dll.VarDateFromStr
oleaut32.dll.VarCyFromStr
oleaut32.dll.VarBoolFromStr
oleaut32.dll.VarBstrFromCy
oleaut32.dll.VarBstrFromDate
oleaut32.dll.VarBstrFromBool
ole32.dll.CoCreateInstanceEx
ole32.dll.CoInitializeEx
ole32.dll.CoAddRefServerProcess
ole32.dll.CoReleaseServerProcess
ole32.dll.CoResumeClassObjects
ole32.dll.CoSuspendClassObjects
ntdll.dll.ZwClose
ntdll.dll.ZwSetInformationFile
ntdll.dll.ZwQueryInformationFile
ntdll.dll.ZwReadFile
ntdll.dll.ZwCreateFile
ntdll.dll.ZwOpenFile
ntdll.dll.ZwQueryAttributesFile
ntdll.dll.ZwCreateSection
ntdll.dll.ZwMapViewOfSection
ntdll.dll.ZwQuerySection
ntdll.dll.ZwUnmapViewOfSection
ntdll.dll.ZwQueryFullAttributesFile
ntdll.dll.ZwWriteFile
ntdll.dll.ZwQueryObject
ntdll.dll.ZwQueryDirectoryFile
ntdll.dll.ZwOpenSection
ntdll.dll.ZwDuplicateObject
ntdll.dll.ZwQueryVolumeInformationFile
ntdll.dll.ZwDeleteFile
ntdll.dll.ZwLockFile
ntdll.dll.ZwUnlockFile
ntdll.dll.ZwTerminateProcess
ntdll.dll.ZwOpenKey
ntdll.dll.ZwEnumerateValueKey
ntdll.dll.ZwQueryKey
ntdll.dll.ZwQueryValueKey
ntdll.dll.ZwCreateKey
ntdll.dll.ZwEnumerateKey
ntdll.dll.ZwSetValueKey
ntdll.dll.ZwDeleteKey
ntdll.dll.ZwDeleteValueKey
ntdll.dll.ZwFlushKey
ntdll.dll.ZwLoadKey
ntdll.dll.ZwLoadKey2
ntdll.dll.ZwNotifyChangeKey
ntdll.dll.ZwQueryMultipleValueKey
ntdll.dll.ZwReplaceKey
ntdll.dll.ZwRestoreKey
ntdll.dll.ZwSaveKey
ntdll.dll.ZwSetInformationKey
ntdll.dll.ZwUnloadKey
ntdll.dll.ZwAccessCheck
ntdll.dll.ZwExtendSection
ntdll.dll.ZwFlushBuffersFile
ntdll.dll.ZwFsControlFile
ntdll.dll.ZwNotifyChangeDirectoryFile
ntdll.dll.ZwQuerySecurityObject
ntdll.dll.ZwSetSecurityObject
ntdll.dll.ZwSetVolumeInformationFile
ntdll.dll.ZwOpenKeyEx
ntdll.dll.ZwCreateProcess
ntdll.dll.ZwCreateProcessEx
ntdll.dll.ZwCreateUserProcess
ntdll.dll.ZwResumeThread
ntdll.dll.ZwCreateThread
ntdll.dll.ZwQueryInformationProcess
ntdll.dll.ZwQueryVirtualMemory
ntdll.dll.ZwDeviceIoControlFile
comctl32.dll.InitializeFlatSB
comctl32.dll.UninitializeFlatSB
comctl32.dll.FlatSB_GetScrollProp
comctl32.dll.FlatSB_SetScrollProp
comctl32.dll.FlatSB_EnableScrollBar
comctl32.dll.FlatSB_ShowScrollBar
comctl32.dll.FlatSB_GetScrollRange
comctl32.dll.FlatSB_GetScrollInfo
comctl32.dll.FlatSB_GetScrollPos
comctl32.dll.FlatSB_SetScrollPos
comctl32.dll.FlatSB_SetScrollInfo
comctl32.dll.FlatSB_SetScrollRange
user32.dll.SetLayeredWindowAttributes
user32.dll.WINNLSEnableIME
imm32.dll.ImmGetConversionStatus
imm32.dll.ImmSetConversionStatus
imm32.dll.ImmSetOpenStatus
imm32.dll.ImmSetCompositionWindow
imm32.dll.ImmSetCompositionFontA
imm32.dll.ImmIsIME
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
user32.dll.AnimateWindow
kernel32.dll.DebugBreak
kernel32.dll.FatalAppExitA
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Heap32ListFirst
kernel32.dll.Heap32ListNext
kernel32.dll.Heap32First
kernel32.dll.Heap32Next
kernel32.dll.Toolhelp32ReadProcessMemory
kernel32.dll.Process32First
kernel32.dll.Process32Next
kernel32.dll.Process32FirstW
kernel32.dll.Process32NextW
kernel32.dll.Thread32First
kernel32.dll.Thread32Next
kernel32.dll.Module32First
kernel32.dll.Module32Next
kernel32.dll.Module32FirstW
kernel32.dll.Module32NextW
kernel32.dll.LCMapStringA
kernel32.dll.GetEnvironmentVariableA
kernel32.dll.FileTimeToSystemTime
kernel32.dll.CreateProcessA
kernel32.dll.HeapFree
kernel32.dll.HeapReAlloc
kernel32.dll.GetProcessHeap
kernel32.dll.VirtualQueryEx
kernel32.dll.IsWow64Process
kernel32.dll.QueryDosDeviceA
kernel32.dll.GetLogicalDriveStringsA
kernel32.dll.LocalSize
kernel32.dll.OpenThread
kernel32.dll.GlobalSize
kernel32.dll.TerminateProcess
kernel32.dll.lstrlenW
kernel32.dll.RtlMoveMemory
kernel32.dll.GetNativeSystemInfo
kernel32.dll.lstrcpyn
kernel32.dll.SetStdHandle
kernel32.dll.IsBadCodePtr
kernel32.dll.GetStringTypeW
kernel32.dll.GetStringTypeA
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.LCMapStringW
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.GetEnvironmentStrings
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.lstrcatA
kernel32.dll.lstrcmpiA
kernel32.dll.FlushFileBuffers
kernel32.dll.LocalReAlloc
kernel32.dll.GlobalFlags
kernel32.dll.GlobalGetAtomNameA
kernel32.dll.GetProcessVersion
kernel32.dll.GetOEMCP
kernel32.dll.HeapSize
kernel32.dll.SetHandleCount
kernel32.dll.GetFileType
kernel32.dll.FreeEnvironmentStringsA
user32.dll.SetMenuItemBitmaps
user32.dll.ModifyMenuA
user32.dll.GetMenuCheckMarkDimensions
user32.dll.TabbedTextOutA
user32.dll.GrayStringA
user32.dll.CreateDialogIndirectParamA
user32.dll.EndDialog
user32.dll.GetDlgCtrlID
user32.dll.SendDlgItemMessageA
user32.dll.GetMessageTime
user32.dll.GetClassLongA
user32.dll.CopyRect
user32.dll.PostThreadMessageA
user32.dll.SetThreadDesktop
user32.dll.CloseDesktop
user32.dll.wsprintfA
user32.dll.GetNextDlgTabItem
user32.dll.ValidateRect
user32.dll.GetMessageA
user32.dll.GetDlgItem
user32.dll.GetInputState
user32.dll.keybd_event
user32.dll.GetAncestor
user32.dll.EnumChildWindows
user32.dll.OpenWindowStationA
user32.dll.GetThreadDesktop
user32.dll.SetProcessWindowStation
user32.dll.wvsprintfA
user32.dll.GetCursorInfo
user32.dll.OpenInputDesktop
iphlpapi.dll.GetAdaptersInfo
iphlpapi.dll.SetTcpEntry
iphlpapi.dll.GetExtendedTcpTable
shlwapi.dll.PathFileExistsA
ws2_32.dll.#52
ws2_32.dll.#116
ws2_32.dll.#12
ws2_32.dll.#115
gdi32.dll.ScaleWindowExtEx
gdi32.dll.SetWindowExtEx
gdi32.dll.ScaleViewportExtEx
gdi32.dll.SetViewportExtEx
gdi32.dll.OffsetViewportOrgEx
gdi32.dll.SetMapMode
gdi32.dll.Escape
gdi32.dll.TextOutA
gdi32.dll.PtVisible
advapi32.dll.LookupPrivilegeValueA
advapi32.dll.AdjustTokenPrivileges
advapi32.dll.RegCreateKeyA
advapi32.dll.RegEnumKeyA
advapi32.dll.LookupAccountSidA
shell32.dll.SHGetDiskFreeSpaceA
ole32.dll.CLSIDFromString
ole32.dll.OleInitialize
ole32.dll.OleUninitialize
ole32.dll.CoFreeUnusedLibraries
ole32.dll.CoRegisterMessageFilter
ole32.dll.CoRevokeClassObject
ole32.dll.OleFlushClipboard
ole32.dll.OleIsCurrentClipboard
ole32.dll.GetHGlobalFromStream
psapi.dll.GetMappedFileNameA
psapi.dll.GetProcessImageFileNameA
psapi.dll.GetProcessMemoryInfo
psapi.dll.GetProcessImageFileNameW
gdiplus.dll.GdipDisposeImage
gdiplus.dll.GdiplusShutdown
gdiplus.dll.GdipSaveImageToStream
gdiplus.dll.GdiplusStartup
gdiplus.dll.GdipCreateBitmapFromStream
oledlg.dll.#8
winspool.drv.DocumentPropertiesA
winspool.drv.OpenPrinterA
winspool.drv.ClosePrinter
comctl32.dll.#17
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll.free
ws2_32.dll.#19
kernel32.dll.GetQueuedCompletionStatus
kernel32.dll.CreateIoCompletionPort
kernel32.dll.IsDebuggerPresent
msvcrt.dll.memcpy
msvcrt.dll._adjust_fdiv
msvcrt.dll.malloc
msvcrt.dll._initterm
msvcrt.dll.memset
msvcrt.dll.??2@YAPAXI@Z
msvcrt.dll.??3@YAXPAX@Z
msvcrt.dll._beginthreadex
ws2_32.dll.#4
ws2_32.dll.WSASend
ws2_32.dll.WSARecv
ws2_32.dll.#13
ws2_32.dll.#2
ws2_32.dll.#16
ws2_32.dll.#11
ws2_32.dll.WSASocketW
ws2_32.dll.#5
ws2_32.dll.#21
ws2_32.dll.#3
ws2_32.dll.#111
ws2_32.dll.#9
ws2_32.dll.WSAIoctl
user32.dll.GetWindowInfo
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
ntdll.dll.RtlGetVersion
kernel32.dll.GetSystemDEPPolicy
kernel32.dll.SetProcessDEPPolicy
ntdll.dll.ZwQuerySystemInformation
msvcrt.dll.strlen
wz_zp_protected.dll.#1
kernel32.dll.FreeLibraryAndExitThread