魔盾安全分析报告 文件详细信息 特征

Сomentários

Transcrição

魔盾安全分析报告 文件详细信息 特征
魔盾安全分析报告
分析类型
开始时间
结束时间
持续时间
分析引擎版本
FILE
2016-05-17 15:52:24
2016-05-17 15:54:57
153 秒
1.4-Maldun
虚拟机机器名
标签
虚拟机管理
开机时间
关机时间
win7-sp1-x64
win7-sp1-x64
KVM
2016-05-17 15:52:25
2016-05-17 15:54:57
魔盾分数
10.0
Zeus
文件详细信息
文件名
SCAN002pdf.scr
文件大小
245760 字节
文件类型
PE32 executable (GUI) Intel 80386, for MS Windows
CRC32
B9DD3B74
MD5
0768e51d04cf33fa25de25f9dad30d54
SHA1
a65df169247f519d843bd2159ecbf5775fd07615
SHA256
b2eb341060d589eb493b1abad633f38db4b4d1900c938f8d085dae02471f0995
SHA512
da247e6012831df1237e93c6f1c1e455491de156ac1dc8bf0e64dcf087ff8653a7ae87bbd31973198e777fc181b7d9086a811c60c69ee1be972e7ec2270ecdb1
Ssdeep
3072:sfwE7Doe0aUVooJ9tTfSe3MzVXjVsIiZK6KjJPVGCvItI4qJ7+PqE2vDDi5mR486:soamFLtT73OXJiZS5VGCvqg7xOm01bC
PEiD
无匹配
Yara
VirusTotal
SEH__vba ()
VirusTotal链接
VirusTotal扫描时间: 2016-05-16 11:20:51
扫描结果: 34/57
特征
创建RWX内存
在加密调用中发现至少一个IP地址,域名,或文件名
ioc:
ioc:
ioc:
ioc:
ioc:
ioc:
ioc:
ioc:
http://www.chrischapmanhair.co.uk/wp-content/themes/chris.exe
http://www.chrischapmanhair.co.uk/wp-content/themes/chris_vnc.bin
http://www.chrischapmanhair.co.uk/wp-content/themes/chris_spm.bin
http://www.chrischapmanhair.co.uk/wp-content/themes/gate.php
.microsoft.com/
der.es5
brows.cap
fe.js
开始系统监听0.0.0.0:30502, :0
从文件自身的二进制镜像中读取数据
self_read: process: SCAN002pdf.scr, pid: 1216, offset: 0x00000000, length: 0x0003c000
self_read: process: woyw.exe, pid: 1744, offset: 0x00000000, length: 0x0003c000
投放出一个二进制文件并执行它
binary: C:\Users\test\AppData\Roaming\Ikefx\woyw.exe
发起了一些HTTP请求
url: http://www.msftncsi.com/ncsi.txt
url: http://www.chrischapmanhair.co.uk/wp-content/themes/chris.jpg
url: http://yandex.ru/
url: http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAS9O4UUM
url: http://crl.globalsign.net/root.crl
url:
http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEh9O0pdwi5WDlZKpAMpibwgA%3D%3D
url: http://crl.globalsign.com/gs/gsorganizationvalg2.crl
url: http://www.chrischapmanhair.co.uk/wp-content/themes/gate.php
url: http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYsTGl7at%2BFjHRU%2BpXehLM%3D
url: http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D
url: http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAN43VPPQBXGCMiwAAQAA3jc%3D
url: http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D
url: http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D
url: http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQLqIKj6Gi5thHaqKC1ECU9aXsCRQQUmvMr2s%2BtT7YvuypISCoStxtCwSQCEQD0gtB5WgsdpjrFZePtaJt6
url: http://sd.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEFzeRE%2FrSZRDaFn%2BzErlAWw%3D
url:
http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhyNkSBZL0u2zY4jc9udsWFw%3D%3D
url: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAIwaX55BLru0bCAsau57vM%3D
url: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
url: http://sd.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEFulHELau99g31whfW%2B6uJI%3D
url: http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D
url:
http://ocsp2.globalsign.com/gsorganizationvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCEhEhGuAGlWtDRHAtLRzCaILaCA%3D%3D
url: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAnmWtgHuEl7B0nUFWjWJtA%3D
url: http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEC7Ss3YcBffkpx9UsN1ZWpU%3D
url: http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEDWXMYfzhzoHMn7OWAybfto%3D
url: http://sd.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEEFCgu%2BPi31bRFHjEF28KVI%3D
url: http://sd.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEAnFEJszjkYJ9wRJuZvcynI%3D
url: http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEG7MeqWnAyAJuM689OlS1JE%3D
url: http://tl.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEFV%2F%2FzzjA%2F6oY6Vtno9bzTU%3D
url: http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH
url:
url:
url:
url:
url:
http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYLnHjjHwADjD39iRSceNk%3D
http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE%2FuXQ4cLc0QEGNMJMGmf8%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
http://t2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEHGgtzaV3bGvwjsrmhjuVMs%3D
二进制文件可能包含加密或压缩数据
section: name: .text, entropy: 7.69, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00039000, virtual_size: 0x00038fd0
执行了一个进程并在其中注入代码(可能是在解包过程中)
在一个远程进程中注入代码(CreateRemoteThread)
从磁盘上删除自身的原始二进制
尝试断开连接或更改Cuckoo监控的Windows功能
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
unhook:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
function_name:
CryptImportPublicKeyInfo, type: removal
HttpEndRequestA, type: removal
GetFileVersionInfoSizeW, type: removal
WSARecv, type: modification
HttpSendRequestExW, type: modification
InternetSetOptionA, type: removal
InternetOpenA, type: removal
NtCreateUserProcess, type: modification
HttpOpenRequestW, type: modification
GetFileVersionInfoW, type: removal
InternetCrackUrlW, type: removal
HttpOpenRequestA, type: modification
InternetWriteFile, type: modification
InternetOpenUrlA, type: removal
HttpSendRequestA, type: modification
closesocket, type: modification
InternetReadFile, type: modification
WSASend, type: modification
InternetGetConnectedState, type: removal
HttpAddRequestHeadersA, type: removal
HttpEndRequestW, type: removal
send, type: modification
InternetConnectA, type: modification
CoInternetSetFeatureEnabled, type: removal
recv, type: modification
ObtainUserAgentString, type: removal
InternetCrackUrlA, type: removal
CryptDecodeObjectEx, type: removal
URLDownloadToFileW, type: removal
InternetConnectW, type: modification
HttpSendRequestW, type: modification
InternetOpenW, type: removal
InternetOpenUrlW, type: removal
HttpSendRequestExA, type: modification
HttpAddRequestHeadersW, type: removal
InternetCloseHandle, type: modification
文件已被至少十个VirusTotal上的反病毒引擎检测为病毒
MicroWorld-eScan: Trojan.GenericKD.3222659
nProtect: Trojan.GenericKD.3222659
McAfee: Artemis!0768E51D04CF
K7GW: Trojan ( 004ef01c1 )
K7AntiVirus: Trojan ( 004ef01c1 )
Symantec: Trojan.Zbot
ESET-NOD32: a variant of Win32/Injector.CYFZ
Avast: Win32:Malware-gen
GData: Trojan.GenericKD.3222659
Kaspersky: Trojan-Spy.Win32.Zbot.wnuh
BitDefender: Trojan.GenericKD.3222659
AegisLab: Uds.Dangerousobject.Multi!c
Tencent: Win32.Trojan.Bp-qqthief.Iqpl
Ad-Aware: Trojan.GenericKD.3222659
Emsisoft: Trojan.GenericKD.3222659 (B)
F-Secure: Trojan.GenericKD.3222659
DrWeb: Trojan.Siggen6.32796
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: TROJ_GEN.R00XC0DEE16
McAfee-GW-Edition: BehavesLike.Win32.PWSZbot.dc
Sophos: Mal/Generic-S
Jiangmin: TrojanSpy.Zbot.fcsr
Avira: TR/Dropper.VB.zyqq
Antiy-AVL: Trojan[Spy]/Win32.Zbot
Arcabit: Trojan.Generic.D312C83
Microsoft: PWS:Win32/Zbot!VM
ALYac: Trojan.GenericKD.3222659
Rising: Malware.XPACK-HIE/Heur!1.9C48-o8xIxDbHAfO (Cloud)
Yandex: TrojanSpy.Zbot!OS1pwEpW1pU
Ikarus: Trojan.Win32.Injector
Fortinet: Malicious_Behavior.VEX.94
AVG: Inject3.APLX
Panda: Trj/GdSda.A
Qihoo-360: Win32/Trojan.Multi.daf
生成Zeus (Banking 木马)互斥量 mutexes
联系C&C服务器HTTP接入(Banking 木马)
url: http://www.chrischapmanhair.co.uk/wp-content/themes/gate.php
尝试修改代理设置
尝试更改浏览器安全设置
尝试禁止浏览器安全报警
key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnonBadCertRecving
从本地FTP客户端软件中盗取账号密码数据
key:
key:
key:
key:
HKEY_CURRENT_USER\SOFTWARE\Far\Plugins\ftp\hosts
HKEY_CURRENT_USER\SOFTWARE\Far2\Plugins\ftp\hosts
HKEY_CURRENT_USER\SOFTWARE\Ghisler\Total Commander
HKEY_CURRENT_USER\SOFTWARE\ftpware\coreftp\sites
创建了一个轻微改动过的自身拷贝
file: C:\Users\test\AppData\Roaming\Ikefx\woyw.exe
percent_match: 99
运行截图
网络分析
访问主机记录
直接访问
IP地址
国家名
否
77.88.55.55
Russian Federation
否
61.130.25.242
China
否
58.211.137.192
China
否
23.7.139.27
United States
否
23.32.241.32
United States
否
208.109.181.62
United States
否
198.41.215.182
United States
否
198.41.214.187
United States
否
198.41.214.184
United States
否
117.18.237.29
Asia/Pacific Region
域名解析
域名
响应
www.msftncsi.com
CNAME a1961.g2.akamai.net
A 23.32.241.25
A 23.32.241.32
CNAME www.msftncsi.com.edgesuite.net
www.chrischapmanhair.co.uk
A 208.109.181.62
CNAME chrischapmanhair.co.uk
yandex.ru
A
A
A
A
ocsp.globalsign.com
CNAME cdn.globalsigncdn.com
A 58.211.137.192
crl.globalsign.net
A
A
A
A
A
A
A
A
A
A
77.88.55.66
5.255.255.5
77.88.55.55
5.255.255.55
198.41.214.185
198.41.214.186
198.41.214.187
198.41.215.183
198.41.215.182
198.41.215.185
198.41.214.183
198.41.215.184
198.41.215.186
198.41.214.184
ocsp2.globalsign.com
crl.globalsign.com
ss.symcd.com
A 23.7.139.27
CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
ocsp.msocsp.com
CNAME hostedocsp.globalsign.com
ocsp.verisign.com
sd.symcd.com
ocsp.digicert.com
CNAME cs9.wac.phicdn.net
A 117.18.237.29
s.symcd.com
ocsp.omniroot.com
A 243.185.187.39
CNAME wac.BFDD.edgecastcdn.net
tl.symcd.com
s2.symcb.com
www.download.windowsupdate.com
t2.symcb.com
TCP连接
A 183.131.119.99
CNAME fg.download.windowsupdate.com.mwcname.com
A 115.239.253.110
A 122.228.24.179
CNAME nor1100.dlmix.ourdvs.com
A 221.235.205.200
CNAME 2-01-3cf7-0009.cdx.cedexis.net
A 61.130.25.237
A 122.228.233.200
A 117.27.241.104
A 61.130.25.242
A 183.131.168.144
A 183.131.124.99
A 218.75.225.60
A 115.231.158.74
IP地址
端口
117.18.237.29
80
178.255.83.1
80
178.255.83.1
80
178.255.83.1
80
192.168.122.1
53
198.41.214.184
80
198.41.214.187
80
198.41.215.182
80
208.109.181.62
80
208.109.181.62
80
208.109.181.62
80
208.109.181.62
80
23.32.241.32
80
23.7.139.27
80
23.7.139.27
80
23.7.139.27
80
23.7.139.27
80
23.7.139.27
80
23.7.139.27
80
23.7.139.27
80
58.211.137.192
80
58.211.137.192
80
58.211.137.192
80
58.211.137.192
80
58.211.137.192
80
58.211.137.192
80
61.130.25.242
80
63.243.244.43
80
65.118.123.138
80
77.88.55.55
80
77.88.55.55
443
UDP连接
IP地址
端口
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.255
137
192.168.122.255
138
224.0.0.252
5355
224.0.0.252
5355
239.255.255.250
1900
40.69.40.157
123
HTTP请求
URL
http://www.msftncsi.com/ncsi.txt
http://www.chrischapmanhair.co.uk/wp-content/themes/chris.jpg
http://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl
http://yandex.ru/
http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAS9O4UUM
http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAS9O4UUM
http://crl.globalsign.net/root.crl
http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEh9O0pdwi5WDlZKpAMpibwgA%3D%3D
http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEh9O0pdwi5WDlZKpAMpibwgA%3D%3D
http://crl.globalsign.com/gs/gsorganizationvalg2.crl
http://www.chrischapmanhair.co.uk/wp-content/themes/gate.php
http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYsTGl7at%2BFjHRU%2BpXehLM%3D
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D
http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAN43VPPQBXGCMiwAAQAA3jc%3D
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D
http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQLqIKj6Gi5thHaqKC1ECU9aXsCRQQUmvMr2s%2BtT7YvuypISCoStxtCwSQCEQD0gtB5WgsdpjrFZePtaJt6
http://sd.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEFzeRE%2FrSZRDaFn%2BzErlAWw%3D
http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhyNkSBZL0u2zY4jc9udsWFw%3D%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAIwaX55BLru0bCAsau57vM%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
http://sd.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEFulHELau99g31whfW%2B6uJI%3D
http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D
http://ocsp2.globalsign.com/gsorganizationvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCEhEhGuAGlWtDRHAtLRzCaILaCA%3D%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAnmWtgHuEl7B0nUFWjWJtA%3D
http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEC7Ss3YcBffkpx9UsN1ZWpU%3D
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEDWXMYfzhzoHMn7OWAybfto%3D
http://sd.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEEFCgu%2BPi31bRFHjEF28KVI%3D
http://sd.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEAnFEJszjkYJ9wRJuZvcynI%3D
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEG7MeqWnAyAJuM689OlS1JE%3D
http://tl.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEFV%2F%2FzzjA%2F6oY6Vtno9bzTU%3D
http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH
http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYLnHjjHwADjD39iRSceNk%3D
http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE%2FuXQ4cLc0QEGNMJMGmf8%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
http://t2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEHGgtzaV3bGvwjsrmhjuVMs%3D
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
http://www.chrischapmanhair.co.uk/wp-content/themes/chris.jpg
http://www.chrischapmanhair.co.uk/wp-content/themes/gate.php
静态分析
PE 信息
初始地址
0x00400000
入口地址
0x00401b8c
声明校验值
0x00048d63
实际校验值
0x00048d63
最低操作系统版本要求
4.0
编译时间
2016-05-12 01:28:45
图标
图标精确哈希值
165e0997a29f5a2d41c17742c6487767
图标相似性哈希值
5c980ec27a298dc9e4af724cc4a0f9c2
版本信息
Translation:
0x0804 0x04b0
InternalName:
Gonial
FileVersion:
1.00
CompanyName:
Anderson Inc.
Comments:
Chiasmatic
ProductName:
Arrogances
ProductVersion:
1.00
FileDescription:
Overstig
OriginalFilename:
Gonial.exe
PE数据组成
名称
虚拟地址
虚拟大小
原始数据大小
特征
熵(Entropy)
.text
0x00001000
0x00038fd0
0x00039000
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
7.69
.data
0x0003a000
0x00002fe8
0x00001000
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
0.00
.rsrc
0x0003d000
0x00000d9e
0x00001000
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
4.72
资源
名称
偏移量
大小
语言
子语言
熵(Entropy)
文件类型
RT_ICON
0x0003d3ce
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
5.81
GLS_BINARY_LSB_FIRST
RT_ICON
0x0003d3ce
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
5.81
GLS_BINARY_LSB_FIRST
RT_GROUP_ICON
0x0003d3ac
0x00000022
LANG_NEUTRAL
SUBLANG_NEUTRAL
2.71
MS Windows icon resource - 2 icons, 16x16, 256-colors
RT_VERSION
0x0003d120
0x0000028c
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
3.17
DOS executable (COM)
导入
库 MSVBVM60.DLL:
• 0x401000 - __vbaStrI2
• 0x401004 - _CIcos
• 0x401008 - _adj_fptan
• 0x40100c - __vbaFreeVar
• 0x401010 - __vbaEnd
• 0x401014 - _adj_fdiv_m64
• 0x401018 - _adj_fprem1
• 0x40101c - __vbaSetSystemError
• 0x401020 - __vbaHresultCheckObj
• 0x401024 - __vbaLenBstrB
• 0x401028 - _adj_fdiv_m32
• 0x40102c - _adj_fdiv_m16i
• 0x401030 - _adj_fdivr_m16i
• 0x401034 - _CIsin
• 0x401038 - __vbaChkstk
• 0x40103c - EVENT_SINK_AddRef
• 0x401040 - DllFunctionCall
• 0x401044 - _adj_fpatan
• 0x401048 - __vbaLateIdCallLd
• 0x40104c - EVENT_SINK_Release
• 0x401050 - _CIsqrt
• 0x401054 - EVENT_SINK_QueryInterface
• 0x401058 - __vbaExceptHandler
• 0x40105c - _adj_fprem
• 0x401060 - _adj_fdivr_m64
• 0x401064 - None
• 0x401068 - __vbaFPException
• 0x40106c - _CIlog
• 0x401070 - __vbaErrorOverflow
• 0x401074 - None
• 0x401078 - _adj_fdiv_m32i
• 0x40107c - _adj_fdivr_m32i
• 0x401080 - __vbaStrCopy
• 0x401084 - __vbaFreeStrList
• 0x401088 - _adj_fdivr_m32
• 0x40108c - _adj_fdiv_r
• 0x401090 - None
• 0x401094 - __vbaI4Var
• 0x401098 - __vbaStrToAnsi
• 0x40109c - __vbaVarDup
• 0x4010a0 - _CIatan
• 0x4010a4 - __vbaStrMove
• 0x4010a8 - _allmul
• 0x4010ac - _CItan
• 0x4010b0 - _CIexp
• 0x4010b4 - __vbaFreeObj
• 0x4010b8 - __vbaFreeStr
投放文件
chris[1].jpg
文件名
相关文件
chris[1].jpg
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TAGI4AC\chris[1].jpg
文件大小
98313 bytes
文件类型
JPEG image data, JFIF standard 1.01
MD5
b2ce0846342d9ddfe23d1d31c85cf123
SHA1
0254db117e2d79a522241e884a3cf16cd6a73ea3
SHA256
cfc2a599c392bae1ba83f6ebe9da022a8588962d17604fe9736610b04776a979
SHA512
2cbd5127b816b90981146f670b33b30ed7c5996d55f1de813b6979a688af21179a684d161d06e80a5f0d9001049ab5cbd97ab453ee3320638b90f21c3c62feba
Ssdeep
1536:16cD1yV9wbjFmJIgU9WH5fmr9ra89bdl3vRaeHn/F0Dj4SrPN73+5oCRi:16cD1yVqwHmUfu02aefe/rPN73ooCc
Yara
无匹配
VirusTotal
搜索相关分析
944E5B697BC46FE14AB888AE8A1EBB99_35CE7FF26E4619B89646E67F42E0038E
文件名
相关文件
944E5B697BC46FE14AB888AE8A1EBB99_35CE7FF26E4619B89646E67F42E0038E
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\944E5B697BC46FE14AB888AE8A1EBB99_35CE7FF26E4619B89646E67F42E0038E
文件大小
1558 bytes
文件类型
data
MD5
efbec8daddc073780bae627a0f571ef4
SHA1
6c638981f8432ea0b03bc2b7fa07a48b1b2a8f78
SHA256
08b6a405963a75f29467436041ce76ad74d3d8f90ebe38d4c585baf6cb0759b7
SHA512
c0d74ac2ab92a699020294d0bcf0e36327d8e08adebf44905242dea88ce4c65c611ae4ecaa2af0d0035834ad30ebaaac5d11d588e5b9b037195e2fe3f0953f8c
Ssdeep
24:QC1RpvhxhFHlGBu2mTb3ELsAZz9KQAyJK7GPpSebh0La7gEEX7nhMrIrXI7A8R9K:L1RhRGBu+3KeCGPpSE0LZhwIyR9K
Yara
无匹配
VirusTotal
搜索相关分析
ACF244F1A10D4DBED0D88EBA0C43A9B5_EE1C98F0DB5A340329CFBF08DA0DFEC3
文件名
相关文件
ACF244F1A10D4DBED0D88EBA0C43A9B5_EE1C98F0DB5A340329CFBF08DA0DFEC3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_EE1C98F0DB5A340329CFBF08DA0DFEC3
文件大小
1518 bytes
文件类型
data
MD5
7a1342a048ea25c4b97655755f141a83
SHA1
05732e5b519a53d75acceb2f592f63a1ead69b47
SHA256
2e8bde9ef9f5a4dcfe84360c692dff17f3e6bf7ea1a3b2eb20de9d35cf9121e9
SHA512
7b40668ae1f16e5fa4dfa3455986bd04f8e21984f2b6be628860ee4039883f79233151f10ef98927d0152e0eb6790b06875fbe9ee2a6d4065916ec15948ba978
Ssdeep
24:hdHqTrwOLkPIQcu/NcK7NnlswFcnS+ruWVyVD/ByuukDcOz:hor/2cu/NZNnDFcnSCujDJyuLcOz
Yara
无匹配
VirusTotal
搜索相关分析
AFA2A5744430E65F42D3175FABFBE3E8
文件名
相关文件
AFA2A5744430E65F42D3175FABFBE3E8
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AFA2A5744430E65F42D3175FABFBE3E8
文件大小
222 bytes
文件类型
data
MD5
45c0579e595e3a703c8427799aa6fa81
SHA1
edbe5441f88f0fd71acf8da441b1fd1df04cb9f8
SHA256
1c6d8f69262d944e0ed3f8be339dcdbf0ef7bc34c0dc8d4dcdbda584bd14c98f
SHA512
81f372119196d041e1111e2ce5464ce7f8036b9c22dc69afa4a9d6292adc8928d50018d83ad98f539240304fef9d0540d2e98db166a0e0ad1405484b4b489162
Ssdeep
6:kKRnfNkSqMts3sS3DpWhliKxlCPiRxElL1j:xNBqM0H1WzfVClZj
Yara
无匹配
VirusTotal
搜索相关分析
index.dat
文件名
相关文件
index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
文件大小
32768 bytes
文件类型
Internet Explorer cache file version Ver 5.2
MD5
43cff0a7daab9da8c39b74eb19a4684c
SHA1
d36cb0698d5c1996d411c9a64d4104f602b2f977
SHA256
7c769c22b7e8e2c26819d56368344c87c6b2776a1dc360704f01727689843f16
SHA512
887e4b98e0924e15d3d66904ced9fc2498501dd10556aa9b0171d1270d80170ef3267c14b55dad8676eb3c4dc1356afb17ac12ee32af518b4941cd20a3f9ce82
Ssdeep
48:qsw+ir/jGiBGRx8Xp/llr8jli7MfvFNzoyb10YH1iYnVnChXpu0sCmDdZn/4SyBY:qAnvXQTwvHo2+YH1N4544ryuy
Yara
无匹配
VirusTotal
搜索相关分析
AFA2A5744430E65F42D3175FABFBE3E8
文件名
相关文件
AFA2A5744430E65F42D3175FABFBE3E8
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AFA2A5744430E65F42D3175FABFBE3E8
文件大小
4985569 bytes
文件类型
data
MD5
63badee99ab5eabb3dc99f6b4224c727
SHA1
0aae5f1371213a34fa0b727f830a911c038ba608
SHA256
d87354b842e16d2744a71068ef7426762f4b7e1113a17b8c953b0f9a21bc75bb
SHA512
df56f52012700efa4a0a28dd59c7f1464e1ed4a4da09fa37c7d6817fdc601f04bc51b966cabfe2451b1c675c76eb31ab3aa0987ea68edb3e2ca5a8720cf99017
Ssdeep
49152:cqR9R4lmMUC/VxY7BqMTFZmiRndVu9czxSaCOafAZb0Q8fj:+jTYtjTFZZhLuSVSMawbar
Yara
VirusTotal
vmdetect (Possibly employs anti-virtualization techniques)
搜索相关分析
woyw.exe
文件名
相关文件
woyw.exe
C:\Users\test\AppData\Roaming\Ikefx\woyw.exe
文件大小
245760 bytes
文件类型
PE32 executable (GUI) Intel 80386, for MS Windows
MD5
2a157f35e828461509efd43f2d213789
SHA1
96686827d9305cccdca5e94aee190471f001e9cd
SHA256
07a793e2cef8c1252de153dacdd9bc274ed3fc81a33f12e23666b41dc7126b29
SHA512
813d24dfd7aba1b18b7bac695191e6c5fad7a46ca7795a34fbde10c9bffe2ff64fa6dfe6988e682fa7fb56ecf825453a6cbcff64f5a80fce2ddc229733c85d3e
Ssdeep
3072:sfwE7Doe0aUVooJ9tTfSe3MzVXjVsIiZK6KjJPVGCvItI4qJ7+PqE2vDDi5mR48X:soamFLtT73OXJiZS5VGCvqg7xOm01GC
Yara
VirusTotal
SEH__vba ()
搜索相关分析
C8E7EC0C85688F4738F3BE49B104BA67
文件名
相关文件
C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
文件大小
693 bytes
文件类型
data
MD5
9a88fbf5192b07319ec24ee4efbf7810
SHA1
c35f21b6cb99f31fab6e596e381b0c3cc2715993
SHA256
5eeaabc35dc6e82db54c4e0a92331b0f89123ad73b2952fa4439d3e74eca8469
SHA512
dc069448c3b98bc970f76f844f0817a073af1d067472125deabbf36e93a0d0738239f256ccd76e3126430e67764576edbffa3f66285846677e95e626b9ef5ab3
Ssdeep
12:SSKD81n9E1GR2FJ2bMAHGAeHJRIDIIeVsPPBB9HjVvXeEgs5ywGPP9t:qcunH2bMAHGAuJy2e79HBRgRZ9t
Yara
无匹配
VirusTotal
搜索相关分析
gate[1].htm
文件名
相关文件
gate[1].htm
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TAGI4AC\gate[1].htm
文件大小
44 bytes
文件类型
data
MD5
a05e0b399cb1860768d8680ac5efa11b
SHA1
2625e19a98ff078f14277312a0c5bc1f560b53c7
SHA256
68a22bf749e930617490f5c955774877b14550dbbe0e67aaacdaa55d788e85f4
SHA512
1a8444a13b717bff08eaf180560e652761cfdc2a3045b78ccea8e8098c3aa2806e4c3b637f1284f6e8ac14693d65f0774ec97509b02ce41b67ab42b5eb3247f1
Ssdeep
3:1dNIcnjdX1VEW:fNIwRsW
Yara
无匹配
VirusTotal
搜索相关分析
tmp45473f32.bat
文件名
相关文件
tmp45473f32.bat
C:\Users\test\AppData\Local\Temp\tmp45473f32.bat
文件大小
196 bytes
文件类型
DOS batch file, ASCII text, with CRLF line terminators
MD5
455e6720aa3ab237e4980e59c7b31972
SHA1
2514a656760ee5d6810121c8899fdeb5b6cf0d07
SHA256
9a4afb91873afe41f6dc2d6ccb61c7b7715ea3b1fccf0871dc3a361dc20d771f
SHA512
3e677b3eb3b206c66a99b2c04f1cbe79db9a8a2b60460a914c2cc1d51da058eb8da96219ebd73441bb671417a53064ed11580866c3501ea5a25cfde1459f79da
Ssdeep
6:hHm+kn23ffUm+kn23fuRf/Hm1m+kn23f2n:Xw2f/HmfOn
Yara
无匹配
VirusTotal
搜索相关分析
C8E7EC0C85688F4738F3BE49B104BA67
文件名
相关文件
C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
文件大小
186 bytes
文件类型
data
MD5
6a1083cfbda507923bea698508e4226e
SHA1
0f273a97dd0a56713a6a83304563ebc5bbe18f7e
SHA256
732b07c8c1e2206140d2975b9035c1f2f4cebc2fefc48011b62d55b203d1ad11
SHA512
8d962a7a1551729a69ce8af97f33f1c9ac12d1b006809d611052679619dc8bdfe083d7d1b894e6772d2b9b4fe2a24c7389f812b5348ed48e2d33f1f4c163c0a4
Ssdeep
3:kkFkl7eDYS9tXXwnoMvllAMlEl/tIp/o//ll8DR8rHelJlWlLltDBQkRlGl1j:kK9ES9vMgMiIRotqDpWhlQeGl1j
Yara
无匹配
VirusTotal
搜索相关分析
gate[1].htm
文件名
相关文件
gate[1].htm
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TAGI4AC\gate[1].htm
文件大小
44 bytes
文件类型
data
MD5
a5f3e970cacbc8da31bf88c8667ffc8c
SHA1
4b3387e4741fdc775524e7749d576c4e7d8e540e
SHA256
9f58aaa782c2318ccf271ec5c88c40bb89ecb4a57cc12753eb132da495b3a78c
SHA512
64dd21c16ed51bdfafc8a9cf059ffba66322385803e0eeb28387a10b9d54f7c413f0cc92e1a7f1d1c3228b84ca5353b0d9a14279cb197fa5e34a31b4bf950b0f
Ssdeep
3:Vvid0iFIHUIhyi26A:VvidJF6UIhyig
Yara
无匹配
VirusTotal
搜索相关分析
ACF244F1A10D4DBED0D88EBA0C43A9B5_EE1C98F0DB5A340329CFBF08DA0DFEC3
文件名
相关文件
文件大小
ACF244F1A10D4DBED0D88EBA0C43A9B5_EE1C98F0DB5A340329CFBF08DA0DFEC3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_EE1C98F0DB5A340329CFBF08DA0DFEC3
492 bytes
文件类型
data
MD5
ad83af41e42b3c7e11af761df171c24d
SHA1
2000b60c683d59bf4f9409bdae1088896a3264ed
SHA256
4420abef0e194d03135ee988004a0805180d507566d4ace397f6b7b67c1fc685
SHA512
ca4f710c0fc4b571f81339f670ce0dcb7dfad2d38361429ad8cb15f3de06f1197c7be5bd8f0da107539727277ef6e04ab894c7144a44c1fd7ed55a6ba049b168
Ssdeep
12:LnDWzF0Y1oOkksFyR7uE9SsAUOlJCmoUYHlMjQiJZZKN:LnDgF0WoLnYRd8JUKYmoUYH6jQSZZ0
Yara
无匹配
VirusTotal
搜索相关分析
[email protected][1].txt
文件名
相关文件
[email protected][1].txt
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
文件大小
238 bytes
文件类型
ASCII text
MD5
57a6d1642092e52b09991c2db2d654ed
SHA1
53955c026f3a58d6e103058986f356bd8cbfa11c
SHA256
e93c527841c287963978eaf01b94a28a35972aa625bb26be219d4e428bc3dbf3
SHA512
421786de9f019de1718c7f8fef064e74ab5d213322505ec41f26b1fd560553e7cf9401d6e43e0bb4f96cfe86dddea27b47fede046c583328aeac6bbac4ef2e53
Ssdeep
6:ehyNnRJACp6Vd6/oNCpV/D/BBsFqQgtOVH/n:RNnROhzNgrsFqUf
Yara
无匹配
VirusTotal
搜索相关分析
[email protected][1].txt
文件名
相关文件
[email protected][1].txt
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
文件大小
87 bytes
文件类型
ASCII text
MD5
4e72a8402494cba87c74d96fefa8169d
SHA1
d3625df592cf6396c24e089cc273cb46d6116eed
SHA256
bbd567d06aae4d92afff94bbd63fb14ff51be909594656b6c55cee390c803017
SHA512
12ec056910473c96e098d9366566486c0360f3b52895ff8cc7c307d60381bc96ccb295acefa9a589697ebc40e7f5de168364429c3f66c696f46d312a7a2440f5
Ssdeep
3:1sZryCanRTSiA+vX0QbeVd9EJWuB/n:ehyNnRJACp6Vd6/n
Yara
无匹配
VirusTotal
搜索相关分析
[email protected][2].txt
文件名
相关文件
[email protected][2].txt
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
文件大小
164 bytes
文件类型
ASCII text
MD5
1c6fb4065f95a16a07dddbefcdf99f4a
SHA1
c418f6495c75c511e0caee2b6cc98347ff570409
SHA256
6e1fce788b7612ec5607d83d414db6641c92519289d3a48b1b0f79dbe4539c2a
SHA512
fcff72108060d6b525f087e4c0a0d40b3e590b5c5ccb011ff67e5bad116d5080e9d29adf91f55e66a0fb06635f98e407eaffbd32c3b3554b2bbd796f7189fd23
Ssdeep
3:1sZryCanRTSiA+vX0QbeVd9EJWuB/vQN+vXJUcueVcUVUEYuB/n:ehyNnRJACp6Vd6/oNCpV/D/n
Yara
无匹配
VirusTotal
搜索相关分析
944E5B697BC46FE14AB888AE8A1EBB99_35CE7FF26E4619B89646E67F42E0038E
文件名
相关文件
944E5B697BC46FE14AB888AE8A1EBB99_35CE7FF26E4619B89646E67F42E0038E
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\944E5B697BC46FE14AB888AE8A1EBB99_35CE7FF26E4619B89646E67F42E0038E
文件大小
552 bytes
文件类型
data
MD5
5d63f3983ebf3bcc7c06a37b34078bda
SHA1
4e50f010dbe56238fcd838f766a87b1c5dc80e78
SHA256
258d22b94c073bd449d4ac03be66fe5c0f04eea641e910f42a7c82aa6c3b5512
SHA512
98dca6e8560f0309e353e8e2903db5d28ccf6f1eb64e14113785a72cfe013e9f0ecfe8dccec3efb08a16e7fe63c13b4f0ebd518775f8f25b273eec1bbc2aa20a
Ssdeep
12:sBJWzf8ClxhsFB20qq0iqlTrMliM8CzE68y:oJgEmx2TBq5oB8CzV
Yara
无匹配
VirusTotal
搜索相关分析
index.dat
文件名
相关文件
index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
文件大小
32768 bytes
文件类型
Internet Explorer cache file version Ver 5.2
MD5
4c3187aa05a24bce3db46ccb23bee2f3
SHA1
422681f524461c606a511075c94e2c0c6a400cb8
SHA256
1ce9c281ef19d57aa4a34d74c49af69a5fcd1442bbdd90045c75e4a43422244a
SHA512
2a09d8fe956ef8934f699856c4f572df17a6f972cb4c688d284335293a472e0dd0472ee0273f344792188a759aceea228866a4225ad9b6233d85d7697142efa3
Ssdeep
24:qj85IIoWHbIVsv7LkjAW9H2czx2FskXUnGiiLYxBzGnkL4AoNsR4DYxnU9I:qeggEiMxb4Y4D/I
Yara
无匹配
VirusTotal
搜索相关分析
index.dat
文件名
相关文件
index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
文件大小
245760 bytes
文件类型
Internet Explorer cache file version Ver 5.2
MD5
a4f0bee0854a0d55504b2ff72369c2b0
SHA1
f74b9cc00b9e2774e0680692df483af69587e8a8
SHA256
d0eee8e3f39840f25fe4d2399e3065d75548103a8c86d0cdb87f516e20147951
SHA512
d098880465274583962a6b19be474b1f160a3d7d97125865452c39746999a69514fd6a2fd7bdcb567ab5122410e94b9ffaf047ee4bd4eaf6e2858c7bfff2eb43
Ssdeep
1536:XvdW+TE/Qn+iTVHQPjZ1JFE/qO9JCsRb1BLrErwzj3T08NDtlz97gYtB4ljEwxo8:lW7m23wzj9gYtB46wxohV34k0I4SP
Yara
VirusTotal
memory_shylock ()
NET ()
搜索相关分析
index.dat
文件名
相关文件
index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
文件大小
262144 bytes
文件类型
Internet Explorer cache file version Ver 5.2
MD5
fbe6ba880d1f6cadfd771536120f2c73
SHA1
34b1a30160c6c7675a5c69b62d98661ab7a494bb
SHA256
a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01
SHA512
6a28d50bc6feeee26b35f014de7c8462d584bea98e9d6c97ebcedd2f22af71c4006cac55583161f4b6e25ad6e7f44f067b3f983113e078104f27ec02b1a4d0ab
Ssdeep
768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi
Yara
无匹配
VirusTotal
搜索相关分析
行为分析
互斥量(Mutexes)
Global\{D939A032-5B2B-0F11-3B0B-3B1D319636EA}
Global\{5B461908-E211-8D6E-3B0B-3B1D319636EA}
Local\{5E8AB66D-4D74-88A2-3B0B-3B1D319636EA}
Local\{37491DFC-E6E5-E161-3B0B-3B1D319636EA}
Local\{32F570EE-8BF7-E4DD-3B0B-3B1D319636EA}
Global\{FCAE87FF-7CE6-2A86-A3BA-3B60A9273697}
Global\{FCAE87FF-7CE6-2A86-2FBB-3B6025263697}
Global\{FCAE87FF-7CE6-2A86-A7BB-3B60AD263697}
Global\{FCAE87FF-7CE6-2A86-FBB8-3B60F1253697}
Global\{FCAE87FF-7CE6-2A86-E3B9-3B60E9243697}
Global\{FCAE87FF-7CE6-2A86-8FB5-3B6085283697}
Global\{FCAE87FF-7CE6-2A86-23B4-3B6029293697}
Global\{FCAE87FF-7CE6-2A86-03B5-3B6009283697}
Global\{34865B69-A070-E2AE-3B0B-3B1D319636EA}
Global\{C586A9CB-52D2-13AE-3B0B-3B1D319636EA}
Global\{FD4328AD-D3B4-2B6B-3B0B-3B1D319636EA}
Global\{2D8262DD-99C4-FBAA-3B0B-3B1D319636EA}
Local\_!MSFTHISTORY!_
Local\c:!users!test!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\{0B8CDFDE-24C7-DDA4-3B0B-3B1D319636EA}
Global\{FCAE87FF-7CE6-2A86-67BA-3B606D273697}
Local\{44E0B3A1-48B8-92C8-3B0B-3B1D319636EA}
Local\c:!users!test!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!test!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
IESQMMUTEX_0_208
Local\ZonesCounterMutex
Local\!IETld!Mutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\c:!users!test!appdata!roaming!microsoft!windows!ietldcache!
Global\{4D19DC11-2708-9B31-3B0B-3B1D319636EA}
执行的命令
"C:\Users\test\AppData\Local\Temp\SCAN002pdf.scr"
"C:\Users\test\AppData\Roaming\Ikefx\woyw.exe"
"C:\Windows\system32\cmd.exe" /c "C:\Users\test\AppData\Local\Temp\tmp45473f32.bat"
创建的服务 无信息
启动的服务 无信息
进程
SCAN002pdf.scr
PID: 1532, 上一级进程 PID: 2900
SCAN002pdf.scr
PID: 1216, 上一级进程 PID: 1532
woyw.exe
PID: 2544, 上一级进程 PID: 1216
woyw.exe
PID: 1744, 上一级进程 PID: 2544
cmd.exe
PID: 1984, 上一级进程 PID: 1216
explorer.exe
aliwssv.exe
PID: 1156, 上一级进程 PID: 1744
PID: 2984, 上一级进程 PID: 2956
访问的文件
C:\Users\test\AppData\Local\Temp\IMM32.DLL
C:\Windows\System32\imm32.dll
\Device\KsecDD
C:\Users\test\AppData\Local\Temp\SCAN002pdf.scr.cfg
C:\Windows\sysnative\C_932.NLS
C:\Windows\sysnative\C_949.NLS
C:\Windows\sysnative\C_950.NLS
C:\Windows\Fonts\staticcache.dat
C:\
C:\Users\test\AppData\Local\Temp\SCAN002pdf.scr
C:\Users\test\AppData\Roaming
C:\Users\test\AppData\Roaming\Ikefx
C:\Users\test\AppData\Roaming\Ikefx\woyw.exe
C:\Users\test\AppData\Roaming\Epboa
C:\Users\test\AppData\Roaming\
C:\Users\test\AppData\Roaming\Epboa\zeudx.qou
C:\Users\test\AppData\Local\Temp\tmp45473f32.bat
C:\Users\test\AppData\Roaming\Ikefx\IMM32.DLL
C:\Users\test\AppData\Roaming\IMM32.DLL
C:\Users\test\AppData\Roaming\Ikefx\woyw.exe.cfg
C:\Users\test\AppData\Local\Temp
C:\Users
C:\Users\test
C:\Users\test\AppData
C:\Users\test\AppData\Local
C:\Users\test\AppData\Local\Temp\tmp45473f32.bat\
C:\Users\test\AppData\Local\Temp\
C:\Users\test\AppData\Local\
C:\Users\test\AppData\
C:\Users\test\
C:\Users\
C:
\??\MountPointManager
C:\Users\test\AppData\Roaming\Epboa\zeudx.dat
C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\ProgramData\*
C:\Users\test\AppData\Roaming\*
C:\Program Files (x86)\*
C:\Windows\*
C:\*
C:\Users\test\AppData\Local\Microsoft\Windows Mail\*
C:\Users\test\AppData\Local\Microsoft\Windows Mail\account{460216F4-D051-48D6-9826-18AD00B85143}.oeaccount
C:\Users\test\AppData\Local\Microsoft\Windows Mail\account{51F7AADA-756F-4F7A-BEED-9153296D5F6B}.oeaccount
C:\Users\test\AppData\Local\Microsoft\Windows Mail\account{681D48DA-6F54-46E5-AC0E-F227F4F59036}.oeaccount
C:\Users\test\AppData\Local\Microsoft\Windows Mail\Backup\*
C:\Users\test\AppData\Local\Microsoft\Windows Mail\Backup\new\*
C:\Users\test\AppData\Local\Microsoft\Windows Mail\Stationery\*
C:\Users\test\Contacts
C:\Users\test\Contacts\*
C:\Users\test\Contacts\*.contact
C:\Users\test\Contacts\test.contact
C:\Windows\SysWOW64\wininet.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\test\AppData\Local\Microsoft\Windows\History
C:\Users\test\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Windows\SysWOW64\dnsapi.dll
C:\Windows\SysWOW64\IPHLPAPI.DLL
C:\Windows\SysWOW64\winnsi.dll
C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\System32\ras\*.pbk
C:\Users\test\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\Users\test\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
\??\Nsi
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TAGI4AC\chris[1].jpg
C:\Users\test\AppData\Roaming\Epboa\zeudx.tmp
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\schannel.dll
C:\Users\test\AppData\LocalLow
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_EE1C98F0DB5A340329CFBF08DA0DFEC3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_EE1C98F0DB5A340329CFBF08DA0DFEC3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\944E5B697BC46FE14AB888AE8A1EBB99_35CE7FF26E4619B89646E67F42E0038E
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\944E5B697BC46FE14AB888AE8A1EBB99_35CE7FF26E4619B89646E67F42E0038E
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AFA2A5744430E65F42D3175FABFBE3E8
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AFA2A5744430E65F42D3175FABFBE3E8
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\System32\tzres.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TAGI4AC\gate[1].htm
读取的文件
\Device\KsecDD
C:\Windows\Fonts\staticcache.dat
C:\Users\test\AppData\Local\Temp\SCAN002pdf.scr
C:\Users\test\AppData\Roaming\Ikefx\woyw.exe
C:\Users\test\AppData\Roaming\Epboa
C:\Users\test\AppData\Roaming\Epboa\zeudx.qou
C:\Users\test\AppData\Roaming
C:\Users\test\AppData\Local\Temp\tmp45473f32.bat
C:\Users\test\AppData\Roaming\Epboa\zeudx.dat
C:\Users\test\AppData\Local\Microsoft\Windows Mail\account{460216F4-D051-48D6-9826-18AD00B85143}.oeaccount
C:\Users\test\AppData\Local\Microsoft\Windows Mail\account{51F7AADA-756F-4F7A-BEED-9153296D5F6B}.oeaccount
C:\Users\test\AppData\Local\Microsoft\Windows Mail\account{681D48DA-6F54-46E5-AC0E-F227F4F59036}.oeaccount
C:\Users\test\Contacts
C:\Users\test\Contacts\test.contact
C:\Windows\SysWOW64\wininet.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Windows\SysWOW64\dnsapi.dll
C:\Windows\SysWOW64\IPHLPAPI.DLL
C:\Windows\SysWOW64\winnsi.dll
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\test\AppData\Roaming\Epboa\zeudx.tmp
C:\Windows\SysWOW64\schannel.dll
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_EE1C98F0DB5A340329CFBF08DA0DFEC3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_EE1C98F0DB5A340329CFBF08DA0DFEC3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\944E5B697BC46FE14AB888AE8A1EBB99_35CE7FF26E4619B89646E67F42E0038E
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\944E5B697BC46FE14AB888AE8A1EBB99_35CE7FF26E4619B89646E67F42E0038E
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AFA2A5744430E65F42D3175FABFBE3E8
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AFA2A5744430E65F42D3175FABFBE3E8
C:\Windows\System32\tzres.dll
修改的文件
C:\Users\test\AppData\Roaming\Ikefx\woyw.exe
C:\Users\test\AppData\Roaming\Epboa\zeudx.qou
C:\Users\test\AppData\Local\Temp\tmp45473f32.bat
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TAGI4AC\chris[1].jpg
C:\Users\test\AppData\Roaming\Epboa\zeudx.tmp
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_EE1C98F0DB5A340329CFBF08DA0DFEC3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_EE1C98F0DB5A340329CFBF08DA0DFEC3
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\944E5B697BC46FE14AB888AE8A1EBB99_35CE7FF26E4619B89646E67F42E0038E
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\944E5B697BC46FE14AB888AE8A1EBB99_35CE7FF26E4619B89646E67F42E0038E
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AFA2A5744430E65F42D3175FABFBE3E8
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AFA2A5744430E65F42D3175FABFBE3E8
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TAGI4AC\gate[1].htm
删除的文件
C:\Users\test\AppData\Local\Temp\SCAN002pdf.scr
C:\Users\test\AppData\Local\Temp\tmp45473f32.bat
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TAGI4AC\chris[1].jpg
C:\Users\test\AppData\Roaming\Epboa\zeudx.qou
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TAGI4AC\gate[1].htm
C:\Users\test\AppData\Roaming\Epboa\zeudx.tmp
注册表键
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DigitalProductId
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\(Default)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_CURRENT_USER\SOFTWARE\Microsoft
HKEY_CURRENT_USER\Software\Microsoft\Infam
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Infam
HKEY_CURRENT_USER\Software\Microsoft\Infam\Coupiquf
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\LevelObjects
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\Levels
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\DefaultLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\SaferFlags
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Srp\\GP\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Srp\GP\RuleCount
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\PolicyScope
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\LogFileName
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV9
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1406
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1609
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\CurrentLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A02
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A03
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A05
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A06
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A06
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A06
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A06
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A06
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A06
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnonBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSPDY3_0
HKEY_CURRENT_USER\Software\Microsoft\Infam\Afgoak
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\Keys
HKEY_LOCAL_MACHINE\SOFTWARE\FlashFXP\3
HKEY_CURRENT_USER\SOFTWARE\Ghisler\Total Commander
HKEY_CURRENT_USER\SOFTWARE\ipswitch\ws_ftp
HKEY_CURRENT_USER\SOFTWARE\Far\Plugins\ftp\hosts
HKEY_CURRENT_USER\SOFTWARE\Far2\Plugins\ftp\hosts
HKEY_CURRENT_USER\SOFTWARE\martin prikryl\winscp 2\sessions
HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\[email protected]
HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\[email protected]\hostname
HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\[email protected]\username
HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\[email protected]\password
HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\Default%20Settings
HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\Default%20Settings\hostname
HKEY_LOCAL_MACHINE\SOFTWARE\martin prikryl\winscp 2\sessions
HKEY_CURRENT_USER\SOFTWARE\ftpware\coreftp\sites
HKEY_CURRENT_USER\SOFTWARE\smartftp\client 2.0\settings\general\favorites
HKEY_CURRENT_USER\SOFTWARE\smartftp\client 2.0\settings\backup
HKEY_CURRENT_USER\Software\Microsoft\Windows Mail
HKEY_CURRENT_USER\Software\Microsoft\Windows Mail\Store Root
HKEY_CURRENT_USER\Software\Microsoft\Windows Mail\Salt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{56784854-C6CB-462B-8169-88E350ACB882}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PropertyBag\FoldersDependentOn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePassport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_ClientAuthCertFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\Feature_ClientAuthCertFilter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\explorer.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\A4CAE9E1
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\woyw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_LONG_INTERNATIONAL_FILENAMES
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_ALLOW_LONG_INTERNATIONAL_FILENAMES
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PerUserCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_KEYS_ON_UNLOAD_KB975619
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_RELEASE_KEYS_ON_UNLOAD_KB975619
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITY_FLAG_IGNORE_REVOCATION_KB2275828
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_SECURITY_FLAG_IGNORE_REVOCATION_KB2275828
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoNetAutodial
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PeerDist\Service
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\PeerDist\Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service\Enable
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_MIME_HANDLING\explorer.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\explorer_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\explorer_RASMANCS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigCustomUA
HKEY_CURRENT_USER\Software\Classes\AutoProxyTypes
HKEY_LOCAL_MACHINE\Software\Classes\AutoProxyTypes
HKEY_CURRENT_USER\Software\Classes\AutoProxyTypes\Application/x-internet-signup
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\DllFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\FileExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Flags
HKEY_CURRENT_USER\Software\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\DllFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\FileExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Flags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\WinSock_Registry_Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AutodialDLL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_CURRENT_USER\Software\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CURRENT_USER\Software\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\fe-54-00-3f-32-f9
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alipay.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alisoft.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taobao.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\Security\DisableSecuritySettingsCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\explorer.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\explorer.exe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CLASSES_ROOT\MIME\Database\Content Type\image/jpeg
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/jpeg\Extension
HKEY_CURRENT_USER\Software\Classes\Interface\{E70C92AA-4BFD-11D1-8A95-00C04FB951F3}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{E70C92AA-4BFD-11D1-8A95-00C04FB951F3}
HKEY_CURRENT_USER\Software\Classes\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\Progid
HKEY_CURRENT_USER\Software\Classes\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{E70C92AC-4BFD-11D1-8A95-00C04FB951F3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E70C92AC-4BFD-11D1-8A95-00C04FB951F3}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E70C92AC-4BFD-11D1-8A95-00C04FB951F3}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Infam\Loakp
HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\explorer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\my\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\my
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LsaExtensionConfig\SspiCli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllDecodeObjectEx
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.11
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.12
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.3
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.4
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html\Extension
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1406
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1609
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\CurrentLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A02
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A03
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A05
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A06
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A06
读取的注册表键
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DigitalProductId
HKEY_CURRENT_USER\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Microsoft\Infam\Coupiquf
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\Levels
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\DefaultLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\SaferFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Srp\GP\RuleCount
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\PolicyScope
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\LogFileName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV9
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1406
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1609
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\CurrentLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A02
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A03
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A05
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A06
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1A06
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A06
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A06
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A06
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A06
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_CURRENT_USER\Software\Microsoft\Infam\Afgoak
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\[email protected]\hostname
HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\[email protected]\username
HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\[email protected]\password
HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\Default%20Settings\hostname
HKEY_CURRENT_USER\Software\Microsoft\Windows Mail\Store Root
HKEY_CURRENT_USER\Software\Microsoft\Windows Mail\Salt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{56784854-C6CB-462B-8169-88E350ACB882}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PropertyBag\FoldersDependentOn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePassport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_ClientAuthCertFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\Feature_ClientAuthCertFilter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\A4CAE9E1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PerUserCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoNetAutodial
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_MIME_HANDLING\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigCustomUA
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\DllFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\FileExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\DllFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\FileExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Flags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\WinSock_Registry_Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AutodialDLL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\Security\DisableSecuritySettingsCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\explorer.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/jpeg\Extension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BD40F38-DE45-429D-9D04-24F7C24C78FD}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E70C92AC-4BFD-11D1-8A95-00C04FB951F3}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Infam\Loakp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\explorer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html\Extension
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1406
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1609
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\CurrentLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A02
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A03
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A05
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A06
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1A06
修改的注册表键
HKEY_CURRENT_USER\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Infam
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1609
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A02
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A03
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A06
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnonBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSPDY3_0
HKEY_CURRENT_USER\Software\Microsoft\Infam\Afgoak
HKEY_CURRENT_USER\Software\Microsoft\Infam\Coupiquf
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\explorer_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\explorer_RASMANCS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\explorer_RASMANCS\FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\fe-54-00-3f-32-f9
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-3f-32-f9\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Infam\Loakp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1609
删除的注册表键
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\woyw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
API解析
imm32.dll.ImmCreateContext
imm32.dll.ImmDestroyContext
imm32.dll.ImmGetContext
imm32.dll.ImmReleaseContext
imm32.dll.ImmAssociateContext
imm32.dll.ImmGetConversionStatus
imm32.dll.ImmSetConversionStatus
imm32.dll.ImmGetOpenStatus
imm32.dll.ImmSetOpenStatus
imm32.dll.ImmSetCompositionFontA
imm32.dll.ImmSetCompositionStringA
imm32.dll.ImmGetCompositionStringA
imm32.dll.ImmSetCompositionWindow
imm32.dll.ImmEscapeA
imm32.dll.ImmIsIME
imm32.dll.ImmSetCandidateWindow
imm32.dll.ImmNotifyIME
imm32.dll.ImmSimulateHotKey
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
oleaut32.dll.OleLoadPictureEx
oleaut32.dll.DispCallFunc
oleaut32.dll.LoadTypeLibEx
oleaut32.dll.UnRegisterTypeLib
oleaut32.dll.CreateTypeLib2
oleaut32.dll.VarDateFromUdate
oleaut32.dll.VarUdateFromDate
oleaut32.dll.GetAltMonthNames
oleaut32.dll.VarNumFromParseNum
oleaut32.dll.VarParseNumFromStr
oleaut32.dll.VarDecFromR4
oleaut32.dll.VarDecFromR8
oleaut32.dll.VarDecFromDate
oleaut32.dll.VarDecFromI4
oleaut32.dll.VarDecFromCy
oleaut32.dll.VarR4FromDec
oleaut32.dll.GetRecordInfoFromTypeInfo
oleaut32.dll.GetRecordInfoFromGuids
oleaut32.dll.SafeArrayGetRecordInfo
oleaut32.dll.SafeArraySetRecordInfo
oleaut32.dll.SafeArrayGetIID
oleaut32.dll.SafeArraySetIID
oleaut32.dll.SafeArrayCopyData
oleaut32.dll.SafeArrayAllocDescriptorEx
oleaut32.dll.SafeArrayCreateEx
oleaut32.dll.VarFormat
oleaut32.dll.VarFormatDateTime
oleaut32.dll.VarFormatNumber
oleaut32.dll.VarFormatPercent
oleaut32.dll.VarFormatCurrency
oleaut32.dll.VarWeekdayName
oleaut32.dll.VarMonthName
oleaut32.dll.VarAdd
oleaut32.dll.VarAnd
oleaut32.dll.VarCat
oleaut32.dll.VarDiv
oleaut32.dll.VarEqv
oleaut32.dll.VarIdiv
oleaut32.dll.VarImp
oleaut32.dll.VarMod
oleaut32.dll.VarMul
oleaut32.dll.VarOr
oleaut32.dll.VarPow
oleaut32.dll.VarSub
oleaut32.dll.VarXor
oleaut32.dll.VarAbs
oleaut32.dll.VarFix
oleaut32.dll.VarInt
oleaut32.dll.VarNeg
oleaut32.dll.VarNot
oleaut32.dll.VarRound
oleaut32.dll.VarCmp
oleaut32.dll.VarDecAdd
oleaut32.dll.VarDecCmp
oleaut32.dll.VarBstrCat
oleaut32.dll.VarCyMulI4
oleaut32.dll.VarBstrCmp
ole32.dll.CoCreateInstanceEx
ole32.dll.CLSIDFromProgIDEx
sxs.dll.SxsOleAut32MapIIDOrCLSIDToTypeLibrary
user32.dll.GetSystemMetrics
user32.dll.MonitorFromWindow
user32.dll.MonitorFromRect
user32.dll.MonitorFromPoint
user32.dll.EnumDisplayMonitors
user32.dll.GetMonitorInfoA
imm32.dll.ImmGetDefaultIMEWnd
dwmapi.dll.DwmIsCompositionEnabled
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
gdi32.dll.GdiIsMetaPrintDC
advapi32.dll.GetServiceKeyNameA
user32.dll.EnumChildWindows
kernel32.dll.CreateFileMappingW
kernel32.dll.MapViewOfFileEx
kernel32.dll.VirtualAllocEx
advapi32.dll.RegOpenKeyExA
kernel32.dll.CreateFileA
kernel32.dll.WriteFile
kernel32.dll.CloseHandle
kernel32.dll.ReadFile
kernel32.dll.GetFileSize
kernel32.dll.UnmapViewOfFile
kernel32.dll.VirtualProtectEx
kernel32.dll.GetLongPathNameA
kernel32.dll.TerminateProcess
kernel32.dll.Sleep
shell32.dll.ShellExecuteA
user32.dll.EnumWindows
kernel32.dll.GetCommandLineW
kernel32.dll.CreateProcessW
ntdll.dll.NtWriteVirtualMemory
ntdll.dll.NtGetContextThread
ntdll.dll.NtSetContextThread
ntdll.dll.NtResumeThread
kernel32.dll.GetExitCodeProcess
cryptsp.dll.CryptAcquireContextW
ntdll.dll.RtlInitializeCriticalSection
ntdll.dll.RtlAllocateHeap
kernel32.dll.IsWow64Process
ntmarta.dll.GetMartaExtensionInterface
kernel32.dll.SetThreadUILanguage
kernel32.dll.CopyFileExW
kernel32.dll.IsDebuggerPresent
kernel32.dll.SetConsoleInputExeNameW
advapi32.dll.SaferIdentifyLevel
advapi32.dll.SaferComputeTokenFromLevel
advapi32.dll.SaferCloseLevel
kernel32.dll.SetEvent
kernel32.dll.GetProcessHeap
kernel32.dll.GetProcAddress
kernel32.dll.LoadLibraryA
kernel32.dll.AddVectoredExceptionHandler
kernel32.dll.HeapAlloc
kernel32.dll.InterlockedDecrement
kernel32.dll.InterlockedExchange
kernel32.dll.HeapCreate
kernel32.dll.GetModuleHandleA
kernel32.dll.InterlockedIncrement
user32.dll.DestroyWindow
user32.dll.CharLowerW
user32.dll.DefWindowProcW
user32.dll.UnregisterClassW
user32.dll.GetWindowLongA
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
oleaut32.dll.#500
userenv.dll.GetUserProfileDirectoryW
sechost.dll.ConvertSidToStringSidW
propsys.dll.PSPropertyBag_ReadStrAlloc
oleaut32.dll.#8
advapi32.dll.EventActivityIdControl
advapi32.dll.EventWriteTransfer
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
kernel32.dll.SetFileInformationByHandle
shell32.dll.SHGetFolderPathW
ntdll.dll.ZwWow64QueryInformationProcess64
ntdll.dll.ZwWow64ReadVirtualMemory64
advapi32.dll.LookupAccountSidW
cryptsp.dll.CryptGenRandom
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
ntdll.dll.ZwWow64WriteVirtualMemory64
kernel32.dll.GetModuleHandleW
advapi32.dll.AddMandatoryAce
ws2_32.dll.accept
ws2_32.dll.bind
ws2_32.dll.closesocket
ws2_32.dll.connect
ws2_32.dll.getpeername
ws2_32.dll.getsockname
ws2_32.dll.getsockopt
ws2_32.dll.ntohl
ws2_32.dll.htonl
ws2_32.dll.htons
ws2_32.dll.inet_addr
ws2_32.dll.inet_ntoa
ws2_32.dll.ioctlsocket
ws2_32.dll.listen
ws2_32.dll.ntohs
ws2_32.dll.recv
ws2_32.dll.recvfrom
ws2_32.dll.select
ws2_32.dll.send
ws2_32.dll.sendto
ws2_32.dll.setsockopt
ws2_32.dll.shutdown
ws2_32.dll.socket
ws2_32.dll.gethostbyname
ws2_32.dll.gethostname
ws2_32.dll.WSAIoctl
ws2_32.dll.WSAGetLastError
ws2_32.dll.WSASetLastError
ws2_32.dll.WSAStartup
ws2_32.dll.WSACleanup
ws2_32.dll.__WSAFDIsSet
ws2_32.dll.getaddrinfo
ws2_32.dll.freeaddrinfo
ws2_32.dll.getnameinfo
ws2_32.dll.WSALookupServiceBeginW
ws2_32.dll.WSALookupServiceNextW
ws2_32.dll.WSALookupServiceEnd
ws2_32.dll.WSANSPIoctl
ws2_32.dll.WSAStringToAddressA
ws2_32.dll.WSAStringToAddressW
ws2_32.dll.WSAAddressToStringA
dnsapi.dll.DnsGetProxyInformation
dnsapi.dll.DnsFreeProxyName
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.FreeMibTable
iphlpapi.dll.GetIfEntry2
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.ResolveIpNetEntry2
iphlpapi.dll.GetIpNetEntry2
shlwapi.dll.#260
kernel32.dll.GetProductInfo
rasapi32.dll.RasEnumEntriesW
rtutils.dll.TraceRegisterExA
rtutils.dll.TracePrintfExA
profapi.dll.#104
shlwapi.dll.PathCanonicalizeW
shlwapi.dll.PathRemoveFileSpecW
shlwapi.dll.PathFindFileNameW
sensapi.dll.IsNetworkAlive
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall2
rasapi32.dll.RasConnectionNotificationW
rasman.dll.RasPortClearStatistics
rasman.dll.RasBundleClearStatistics
rasman.dll.RasBundleClearStatisticsEx
rasman.dll.RasDeviceEnum
rasman.dll.RasDeviceGetInfo
rasman.dll.RasFreeBuffer
rasman.dll.RasGetBuffer
rasman.dll.RasGetInfo
rasman.dll.RasGetDialMachineEventContext
rasman.dll.RasSetDialMachineEventHandle
rasman.dll.RasGetNdiswanDriverCaps
rasman.dll.RasInitialize
rasman.dll.RasInitializeNoWait
rasman.dll.RasPortCancelReceive
rasman.dll.RasPortEnum
rasman.dll.RasPortGetInfo
rasman.dll.RasPortGetFramingEx
rasman.dll.RasPortGetStatistics
rasman.dll.RasBundleGetStatistics
rasman.dll.RasPortGetStatisticsEx
rasman.dll.RasBundleGetStatisticsEx
rasman.dll.RasPortReceive
rasman.dll.RasPortReceiveEx
rasman.dll.RasPortSend
rasman.dll.RasPortGetBundle
rasman.dll.RasGetDevConfig
rasman.dll.RasGetDevConfigEx
rasman.dll.RasSetDevConfig
rasman.dll.RasPortClose
rasman.dll.RasPortListen
rasman.dll.RasPortConnectComplete
rasman.dll.RasPortDisconnect
rasman.dll.RasRequestNotification
rasman.dll.RasPortEnumProtocols
rasman.dll.RasPortSetFraming
rasman.dll.RasPortSetFramingEx
rasman.dll.RasSetCachedCredentials
rasman.dll.RasGetDialParams
rasman.dll.RasSetDialParams
rasman.dll.RasCreateConnection
rasman.dll.RasDestroyConnection
rasman.dll.RasConnectionEnum
rasman.dll.RasAddConnectionPort
rasman.dll.RasEnumConnectionPorts
rasman.dll.RasGetConnectionParams
rasman.dll.RasSetConnectionParams
rasman.dll.RasGetConnectionUserData
rasman.dll.RasSetConnectionUserData
rasman.dll.RasGetPortUserData
rasman.dll.RasSetPortUserData
rasman.dll.RasAddNotification
rasman.dll.RasSignalNewConnection
rasman.dll.RasApplyPostConnectActions
rasman.dll.RasProtocolStop
rasman.dll.RasProtocolCallback
rasman.dll.RasProtocolChangePassword
rasman.dll.RasProtocolGetInfo
rasman.dll.RasProtocolRetry
rasman.dll.RasProtocolStart
rasman.dll.RasPortOpen
rasman.dll.RasAllocateRoute
rasman.dll.RasActivateRoute
rasman.dll.RasActivateRouteEx
rasman.dll.RasDeviceSetInfo
rasman.dll.RasDeviceSetInfoSafe
rasman.dll.RasDeviceConnect
rasman.dll.RasPortSetInfo
rasman.dll.RasSendProtocolResultToRasman
rasman.dll.RasSetEapInfo
rasman.dll.RasRpcConnect
rasman.dll.RasRpcDisconnect
rasman.dll.RasGetNumPortOpen
rasman.dll.RasRefConnection
rasman.dll.RasSetEapUIData
rasman.dll.RasGetEapUIData
rasman.dll.RasFindPrerequisiteEntry
rasman.dll.RasPortOpenEx
rasman.dll.RasLinkGetStatistics
rasman.dll.RasConnectionGetStatistics
rasman.dll.RasGetHportFromConnection
rasman.dll.RasRPCBind
rasman.dll.RasReferenceCustomCount
rasman.dll.RasGetHConnFromEntry
rasman.dll.RasGetDeviceName
rasman.dll.RasEnableIpSec
rasman.dll.RasSetTunnelEndPoints
rasman.dll.RasStartRasAutoIfRequired
rasman.dll.RasStartProtocolRenegotiation
rasman.dll.RasSendNotification
rasman.dll.RasGetDeviceNameW
rasman.dll.RasGetUnicodeDeviceName
rasman.dll.RasRpcGetVersion
rasman.dll.RasRpcPortEnum
rasman.dll.RasRpcDeviceEnum
rasman.dll.RasRpcGetDevConfig
rasman.dll.RasRpcPortGetInfo
rasman.dll.RasRpcGetInstalledProtocols
rasman.dll.RasRpcGetInstalledProtocolsEx
rasman.dll.RasRpcGetSystemDirectory
rasman.dll.RasRpcGetUserPreferences
rasman.dll.RasRpcDeleteEntry
rasman.dll.RasRpcEnumConnections
rasman.dll.RasRpcGetCountryInfo
rasman.dll.RasRpcGetErrorString
rasman.dll.RasRpcSetUserPreferences
rasman.dll.RasProtocolUpdateConnection
rasman.dll.RasAddNotificationEx
rasman.dll.RasRemoveNotificationEx
rasman.dll.RasGetNotificationEntry
rasman.dll.RasSignalMonitorThreadExit
rasman.dll.RasmanUninitialize
sechost.dll.OpenSCManagerA
sechost.dll.OpenServiceA
sechost.dll.QueryServiceStatus
sechost.dll.CloseServiceHandle
nlaapi.dll.NSPStartup
sechost.dll.NotifyServiceStatusChangeA
iphlpapi.dll.GetAdapterIndex
rasadhlp.dll.WSAttemptAutodialAddr
rasadhlp.dll.WSAttemptAutodialName
rasadhlp.dll.WSNoteSuccessfulHostentLookup
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingFree
ole32.dll.CoInitializeEx
advapi32.dll.RegDeleteTreeA
advapi32.dll.RegDeleteTreeW
napinsp.dll.NSPStartup
sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
pnrpnsp.dll.NSPStartup
mswsock.dll.NSPStartup
winrnr.dll.NSPStartup
ws2_32.dll.#112
ws2_32.dll.#111
dnsapi.dll.DnsApiAlloc
dnsapi.dll.DnsApiFree
ntdll.dll.RtlEnterCriticalSection
ntdll.dll.RtlLeaveCriticalSection
oleaut32.dll.#9
oleaut32.dll.DllGetClassObject
oleaut32.dll.DllCanUnloadNow
advapi32.dll.RegOpenKeyW
urlmon.dll.CoInternetCreateSecurityManager
urlmon.dll.CoInternetCreateZoneManager
urlmon.dll.CoInternetIsFeatureEnabledForUrl
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
ntdll.dll.RtlReAllocateHeap
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptVerifySignatureW
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptDestroyKey
crypt32.dll.CertOpenStore
wintrust.dll.WinVerifyTrust
wintrust.dll.WTHelperProvDataFromStateData
wintrust.dll.WTHelperGetProvSignerFromChain
schannel.dll.InitSecurityInterfaceA
crypt32.dll.CertSelectCertificateChains
crypt32.dll.CertFreeCertificateChainList
cryptsp.dll.SystemFunction035
schannel.dll.SpUserModeInitialize
advapi32.dll.RegCreateKeyExW
crypt32.dll.CertDuplicateStore
crypt32.dll.CertControlStore
crypt32.dll.CertCloseStore
secur32.dll.FreeContextBuffer
ncrypt.dll.SslOpenProvider
ncrypt.dll.GetSChannelInterface
bcryptprimitives.dll.GetHashInterface
ncrypt.dll.SslIncrementProviderReferenceCount
ncrypt.dll.SslImportKey
bcryptprimitives.dll.GetCipherInterface
ncrypt.dll.SslLookupCipherSuiteInfo
crypt32.dll.CertDuplicateCertificateContext
wintrust.dll.HTTPSCertificateTrust
wintrust.dll.HTTPSFinalProv
wintrust.dll.SoftpubInitialize
wintrust.dll.SoftpubLoadMessage
wintrust.dll.SoftpubLoadSignature
wintrust.dll.SoftpubCheckCert
wintrust.dll.SoftpubCleanup
cryptsp.dll.CryptAcquireContextA
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpSetTimeouts
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpCrackUrl
shlwapi.dll.StrCmpNW
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpGetDefaultProxyConfiguration
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
nsi.dll.NsiAllocateAndGetTable
cfgmgr32.dll.CM_Open_Class_Key_ExW
nsi.dll.NsiFreeTable
ole32.dll.CoUninitialize
winhttp.dll.WinHttpTimeFromSystemTime
winhttp.dll.WinHttpSendRequest
ws2_32.dll.GetAddrInfoW
ws2_32.dll.WSASocketW
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
ws2_32.dll.WSARecv
ws2_32.dll.WSASend
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpQueryHeaders
shlwapi.dll.StrStrIW
winhttp.dll.WinHttpQueryDataAvailable
winhttp.dll.WinHttpReadData
winhttp.dll.WinHttpCloseHandle
crypt32.dll.CertDuplicateCertificateChain
crypt32.dll.CertGetCertificateContextProperty
cryptsp.dll.CryptReleaseContext
crypt32.dll.CertFreeCertificateChain
crypt32.dll.CertFreeCertificateContext
ncrypt.dll.SslEncryptPacket
ncrypt.dll.SslDecryptPacket
ncrypt.dll.SslDecrementProviderReferenceCount
ncrypt.dll.SslFreeObject
ws2_32.dll.#22
ws2_32.dll.#116
©2016 上海魔盾信息科技有限公司

Documentos relacionados

魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录

魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录 http://tl.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEFV%2F%2FzzjA%2F6oY6Vtno9bzTU%3D

Leia mais

魔盾安全分析报告 文件详细信息 特征

魔盾安全分析报告 文件详细信息 特征 https://volafile.io/get/pUdLP3Rpw64zZA/doc_PO-0930.scr

Leia mais

下载 - 魔盾安全分析

下载 - 魔盾安全分析 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive HK...

Leia mais

下载 - 魔盾安全分析

下载 - 魔盾安全分析 CryptImportPublicKeyInfo, type: removal HttpEndRequestA, type: removal InternetConnectW, type: removal InternetReadFile, type: removal HttpSendRequestA, type: removal InternetSetOptionA, type: remo...

Leia mais

下载 - 魔盾安全分析

下载 - 魔盾安全分析 BitDefender: Gen:Variant.Bodius.3 Ad-Aware: Gen:Variant.Bodius.3 F-Secure: Gen:Variant.Bodius.3 Emsisoft: Gen:Variant.Bodius.3 (B) Arcabit: Trojan.Bodius.3 GData: Gen:Variant.Bodius.3 ALYac: Gen:Va...

Leia mais

魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录

魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录 http://tl.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEFV%2F%2FzzjA%2F6oY6Vtno9bzTU%3D

Leia mais

魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录

魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录 http://tl.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEFV%2F%2FzzjA%2F6oY6Vtno9bzTU%3D

Leia mais