下载 - 魔盾安全分析
Transcrição
魔盾安全分析报告 分析类型 开始时间 结束时间 持续时间 分析引擎版本 FILE 2016-07-26 15:53:08 2016-07-26 15:55:34 146 秒 1.4-Maldun 虚拟机机器名 标签 虚拟机管理 开机时间 关机时间 win7-sp1-x64 win7-sp1-x64 KVM 2016-07-26 15:53:08 2016-07-26 15:55:34 魔盾分数 6.3 恶意的 文件详细信息 文件名 37f87ea4a8011e689710191f5d54e16a 文件大小 2054144 字节 文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed CRC32 65559312 MD5 37f87ea4a8011e689710191f5d54e16a SHA1 160c301fe133b52e8417cd73241a2967faf75ce0 SHA256 1ad010b9a68202bc5b03927fda225200ab70a5b702b05fe293960954495f6ee0 SHA512 b9c3fc622e7d1a0bc034d0f5f20e0f313f86082dce4c33787f38aa41857f206aa36c0a6c0d8c4797664ca1811e42993fd08b3ad046be7abb594e55a187f8eb64 Ssdeep 49152:/GHzpRAr8OrM746OltTTv1UflHM3PgmEBvWVM+R39LEiBKIbWfCY:/3r8uM746utXvmflH5mEBvWVMsWuWfL PEiD 无匹配 Yara UPXv20MarkusLaszloReiser () UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser () UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser () upx_3 (UPX 3.X) 无此文件扫描结果 VirusTotal 特征 创建RWX内存 从文件自身的二进制镜像中读取数据 self_read: process: 37f87ea4a8011e689710191f5d54e16a.exe, pid: 1332, offset: 0x00000000, length: 0x00000040 self_read: process: 37f87ea4a8011e689710191f5d54e16a.exe, pid: 1332, offset: 0x000000f8, length: 0x00000020 self_read: process: 37f87ea4a8011e689710191f5d54e16a.exe, pid: 1332, offset: 0x0000017b, length: 0x00080000 发起了一些HTTP请求 url: http://www.ipaef.com/xx/banben.txt 二进制文件可能包含加密或压缩数据 section: name: UPX1, entropy: 7.84, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x001e4a00, virtual_size: 0x001e5000 可执行文件被使用UPX压缩 section: name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x000b3000 尝试断开连接或更改Cuckoo监控的Windows功能 unhook: function_name: SetWindowLongA, type: modification unhook: function_name: SetWindowLongW, type: modification 尝试修改代理设置 运行截图 网络分析 访问主机记录 直接访问 IP地址 国家名 否 219.83.164.228 China 域名解析 域名 响应 www.ipaef.com A 219.83.164.228 TCP连接 IP地址 端口 219.83.164.228 80 UDP连接 IP地址 端口 192.168.122.1 53 192.168.122.1 53 192.168.122.1 53 192.168.122.1 53 192.168.122.1 53 192.168.122.1 53 192.168.122.1 53 192.168.122.255 138 224.0.0.252 5355 224.0.0.252 5355 239.255.255.250 1900 40.69.40.157 123 HTTP请求 URL HTTP数据 http://www.ipaef.com/xx/banben.txt GET /xx/banben.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: www.ipaef.com Cache-Control: no-cache 静态分析 PE 信息 初始地址 0x00400000 入口地址 0x00698730 声明校验值 0x00000000 实际校验值 0x001fffd3 最低操作系统版本要求 4.0 编译时间 2016-07-20 16:51:20 图标 图标精确哈希值 854c46df044c3f7c54749dcae8510ca0 图标相似性哈希值 b02d7fc3265bd89057d9a1847d7298f8 版本信息 LegalCopyright: \x672c\x8f6f\x4ef6\x4e00\x5207\x89e3\x91ca\x6743\x7531\xff1a\x5b9a\x6781\x81ea\x52a8\x5316 www.ipaef.com *\x7248\x6743\x6240\x6709 FileVersion: 1.5.0.0 CompanyName: GDJ Comments: \x5982\x6709\x5176\x4ed6\x4f01\x4e1a\xff0c\x5bf9\x6b64\x6b3e\x8f6f\x4ef6\x6709\x5174\x8da3\xff0c\x6b22\x8fce\x8054\x7cfb\x3002 ProductName: \x5b9a\x6781\x81ea\x52a8\x5316\x4ea7\x54c1\x9009\x578b\x8f6f\x4ef6 ProductVersion: 1.5.0.0 FileDescription: \x672c\x8f6f\x4ef6\xff0c\x7531\x5b9a\x6781\x81ea\x52a8\x5316\x8bbe\x5907\x6709\x9650\x516c\x53f8\x6839\x636e\x4ea7\x54c1\xff0c\x53c2\x6570\x7b49\xff0c\x4e3a\x516c\x53f8\x5ba2\x62 Translation: 0x0804 0x04b0 PE数据组成 名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy) UPX0 0x00001000 0x000b3000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00 UPX1 0x000b4000 0x001e5000 0x001e4a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.84 .rsrc 0x00299000 0x00011000 0x00010a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.43 资源 名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型 TEXTINCLUDE 0x00281e58 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.07 data TEXTINCLUDE 0x00281e58 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.07 data TEXTINCLUDE 0x00281e58 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.07 data RT_CURSOR 0x00282348 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 data RT_CURSOR 0x00282348 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 data RT_CURSOR 0x00282348 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 data RT_CURSOR 0x00282348 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_BITMAP 0x00283bbc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.08 data RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_ICON 0x002a8c44 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.41 GLS_BINARY_LSB_FIRST RT_MENU 0x00292f48 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.36 data RT_MENU 0x00292f48 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.36 data RT_DIALOG 0x00294190 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.35 data RT_DIALOG 0x00294190 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.35 data RT_DIALOG 0x00294190 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.35 data RT_DIALOG 0x00294190 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.35 data RT_DIALOG 0x00294190 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.35 data RT_DIALOG 0x00294190 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.35 data RT_DIALOG 0x00294190 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.35 data RT_DIALOG 0x00294190 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.35 data RT_DIALOG 0x00294190 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.35 data RT_DIALOG 0x00294190 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.35 data RT_STRING 0x00294bd8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.11 data RT_STRING 0x00294bd8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.11 data RT_STRING 0x00294bd8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.11 data RT_STRING 0x00294bd8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.11 data RT_STRING 0x00294bd8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.11 data RT_STRING 0x00294bd8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.11 data RT_STRING 0x00294bd8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.11 data RT_STRING 0x00294bd8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.11 data RT_STRING 0x00294bd8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.11 data RT_STRING 0x00294bd8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.11 data RT_STRING 0x00294bd8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.11 data RT_GROUP_CURSOR 0x00294c24 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.85 data RT_GROUP_CURSOR 0x00294c24 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.85 data RT_GROUP_CURSOR 0x00294c24 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.85 data RT_GROUP_ICON 0x002a9188 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon RT_GROUP_ICON 0x002a9188 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon RT_GROUP_ICON 0x002a9188 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon RT_VERSION 0x002a91a0 0x00000328 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.90 data RT_MANIFEST 0x002a94cc 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML document text 导入 库 KERNEL32.DLL: • 0x6a97dc - LoadLibraryA • 0x6a97e0 - GetProcAddress • 0x6a97e4 - VirtualProtect • 0x6a97e8 - ExitProcess 库 ADVAPI32.dll: • 0x6a97f0 - RegCloseKey 库 COMCTL32.dll: • 0x6a97f8 - None 库 comdlg32.dll: • 0x6a9800 - ChooseColorA 库 GDI32.dll: • 0x6a9808 - SaveDC 库 ole32.dll: • 0x6a9810 - OleInitialize 库 OLEAUT32.dll: • 0x6a9818 - None 库 RASAPI32.dll: • 0x6a9820 - RasHangUpA 库 SHELL32.dll: • 0x6a9828 - ShellExecuteA 库 USER32.dll: • 0x6a9830 - GetDC 库 VERSION.dll: • 0x6a9838 - VerQueryValueA 库 WININET.dll: • 0x6a9840 - InternetOpenA 库 WINMM.dll: • 0x6a9848 - waveOutOpen 库 WINSPOOL.DRV: • 0x6a9850 - OpenPrinterA 库 WS2_32.dll: • 0x6a9858 - None 投放文件 index.dat 文件名 相关文件 index.dat C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 文件大小 232140 bytes 文件类型 Internet Explorer cache file version Ver 5.2 MD5 76faa5e05dea154e501357c15f1cbafc SHA1 c190209438d8241bcd454a45a95ef3b0716b7e6f SHA256 01b16d78de1e9504f23fcca19e83e4be5358aebcfbd9090019fb0baaeff7293c SHA512 dcb08120d6f602fb2fa742794a58e35e985dd3c4feaa2deb8a6a0260eadc2ef58c49cc61caf0456191a02f8cd04799d07ddeffc57e625b5000a97c565cc2b5e0 Ssdeep 1536:XNdW+TE/Qn+iTVHQPjZ1JFE/qO9JCsRb1BLrErwzj3T08NDtlz97gYtB4ljEwxot:LW7m23wzj9gYtB46wxohV34k0I4SPL Yara memory_shylock () NET () VirusTotal 搜索相关分析 index.dat 文件名 相关文件 index.dat C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 文件大小 32768 bytes 文件类型 Internet Explorer cache file version Ver 5.2 MD5 4c3187aa05a24bce3db46ccb23bee2f3 SHA1 422681f524461c606a511075c94e2c0c6a400cb8 SHA256 1ce9c281ef19d57aa4a34d74c49af69a5fcd1442bbdd90045c75e4a43422244a SHA512 2a09d8fe956ef8934f699856c4f572df17a6f972cb4c688d284335293a472e0dd0472ee0273f344792188a759aceea228866a4225ad9b6233d85d7697142efa3 Ssdeep 24:qj85IIoWHbIVsv7LkjAW9H2czx2FskXUnGiiLYxBzGnkL4AoNsR4DYxnU9I:qeggEiMxb4Y4D/I Yara 无匹配 VirusTotal 搜索相关分析 index.dat 文件名 相关文件 index.dat C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 文件大小 32768 bytes 文件类型 Internet Explorer cache file version Ver 5.2 MD5 07cdcbc76d95ccbcf7408e44472514bd SHA1 1971172c361caf4edd3fcc473badd9729bb8190a SHA256 176cbf9ad24499f796fc40e0bedcbb8e42d5ea0312061dad4c400249b644ead7 SHA512 478bc8c38e092f41d7411742da51b6523cc2fc4340901baecb923cba39239e7a29abf3836100fb80179763be56e4f77d298cf34da52314a32a4a9b536f608d65 Ssdeep 48:qBpr/jGiBGRx8Xp/llr8jli7MfvFNzoyb10YH1iYnVnChXpu0sCmDdZn/4Syt:qyvXQTwvHo2+YH1N4544T Yara 无匹配 VirusTotal 搜索相关分析 行为分析 互斥量(Mutexes) Local\_!MSFTHISTORY!_ Local\c:!users!test!appdata!local!microsoft!windows!temporary internet files!content.ie5! Local\c:!users!test!appdata!roaming!microsoft!windows!cookies! Local\c:!users!test!appdata!local!microsoft!windows!history!history.ie5! Local\WininetStartupMutex Local\WininetConnectionMutex Local\WininetProxyRegistryMutex IESQMMUTEX_0_208 Local\MSCTF.Asm.MutexDefault1 执行的命令 无信息 创建的服务 无信息 启动的服务 无信息 进程 37f87ea4a8011e689710191f5d54e16a.exe PID: 1332, 上一级进程 PID: 2188 访问的文件 C:\Users\test\AppData\Local\Temp\wininet.dll C:\Windows\SysWOW64\wininet.dll C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies C:\Users\test\AppData\Local\Microsoft\Windows\History C:\Users\test\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5 C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\ C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\ C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat C:\Users\test\AppData\Local\Temp\dnsapi.DLL C:\Windows\System32\dnsapi.dll C:\Users\test\AppData\Local\Temp\iphlpapi.DLL C:\Windows\System32\IPHLPAPI.DLL C:\Users\test\AppData\Local\Temp\WINNSI.DLL C:\Windows\System32\winnsi.dll C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk C:\Windows\System32\ras\*.pbk C:\Users\test\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk C:\Users\test\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk C:\Windows\Fonts\staticcache.dat C:\Windows\System32\uxtheme.dll.Config C:\Windows\System32\uxtheme.dll C:\Users\test\AppData\Local\Temp\37f87ea4a8011e689710191f5d54e16a.exe.Local\ C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2 C:\Users\test\AppData\Local\Temp\Kernel32.dll C:\Users\test\AppData\Local\Temp\37f87ea4a8011e689710191f5d54e16a.exe C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui \Device\Afd\Endpoint \Device\RasAcd C:\Users\test\AppData\Local\Temp\Update.exe 读取的文件 C:\Windows\SysWOW64\wininet.dll C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat C:\Windows\System32\dnsapi.dll C:\Windows\System32\IPHLPAPI.DLL C:\Windows\System32\winnsi.dll C:\Windows\Fonts\staticcache.dat C:\Windows\System32\uxtheme.dll.Config C:\Windows\System32\uxtheme.dll C:\Users\test\AppData\Local\Temp\37f87ea4a8011e689710191f5d54e16a.exe C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui \Device\Afd\Endpoint \Device\RasAcd 修改的文件 C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat \Device\Afd\Endpoint \Device\RasAcd 删除的文件 无信息 注册表键 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols HKEY_LOCAL_MACHINE\Software\Policies HKEY_CURRENT_USER\Software\Policies HKEY_CURRENT_USER\Software HKEY_LOCAL_MACHINE\Software HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePassport HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1 HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_ClientAuthCertFilter HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\Feature_ClientAuthCertFilter HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_BUFFERBREAKING_818408 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954 HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_LONG_INTERNATIONAL_FILENAMES HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_ALLOW_LONG_INTERNATIONAL_FILENAMES HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\37f87ea4a8011e689710191f5d54e16a.exe HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PerUserCookies HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_KEYS_ON_UNLOAD_KB975619 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_RELEASE_KEYS_ON_UNLOAD_KB975619 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITY_FLAG_IGNORE_REVOCATION_KB2275828 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_SECURITY_FLAG_IGNORE_REVOCATION_KB2275828 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoNetAutodial HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\FileDirectory HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\5D75C44A HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\FileDirectory HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000 HKEY_LOCAL_MACHINE\System\Setup HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigCustomUA HKEY_CURRENT_USER\Software\Classes HKEY_CURRENT_USER\Software\Classes\AutoProxyTypes HKEY_LOCAL_MACHINE\Software\Classes\AutoProxyTypes HKEY_CURRENT_USER\Software\Classes\AutoProxyTypes\Application/x-internet-signup HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\DllFile HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\FileExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Default HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Flags HKEY_CURRENT_USER\Software\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\DllFile HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\FileExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Default HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Flags HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\37f87ea4a8011e689710191f5d54e16a.exe HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\SimSun HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname HKEY_CURRENT_USER\Software\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default) HKEY_CURRENT_USER\Software\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default) HKEY_CURRENT_USER\Software\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default) HKEY_CURRENT_USER\Software\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut HKEY_CURRENT_USER\Software\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default) HKEY_CURRENT_USER\Software\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecision HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecisionTime HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecisionReason HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\fe-54-00-43-f2-9a HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-43-f2-9a HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0) HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} HKEY_CURRENT_USER HKEY_CURRENT_USER\Keyboard Layout\Toggle HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses 读取的注册表键 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePassport HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1 HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_ClientAuthCertFilter HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\Feature_ClientAuthCertFilter HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\37f87ea4a8011e689710191f5d54e16a.exe HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PerUserCookies HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoNetAutodial HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\FileDirectory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\5D75C44A HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\FileDirectory HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigCustomUA HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\DllFile HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\FileExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Default HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Flags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\DllFile HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\FileExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Default HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Flags HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\SimSun HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecision HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecisionTime HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecisionReason HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext 修改的注册表键 HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\FileDirectory HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\FileDirectory HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0) 删除的注册表键 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL API解析 kernel32.dll.MultiByteToWideChar kernel32.dll.SetLastError kernel32.dll.GetTimeZoneInformation kernel32.dll.GetVersion kernel32.dll.FileTimeToSystemTime kernel32.dll.MulDiv kernel32.dll.GetProcAddress kernel32.dll.GetModuleHandleA kernel32.dll.GetVolumeInformationA kernel32.dll.InterlockedExchange kernel32.dll.IsBadCodePtr kernel32.dll.IsBadReadPtr kernel32.dll.CompareStringW kernel32.dll.CompareStringA kernel32.dll.GetStringTypeW kernel32.dll.GetStringTypeA kernel32.dll.SetUnhandledExceptionFilter kernel32.dll.IsBadWritePtr kernel32.dll.VirtualAlloc kernel32.dll.LCMapStringW kernel32.dll.LCMapStringA kernel32.dll.SetEnvironmentVariableA kernel32.dll.VirtualFree kernel32.dll.HeapCreate kernel32.dll.HeapDestroy kernel32.dll.GetEnvironmentVariableA kernel32.dll.GetStdHandle kernel32.dll.SetHandleCount kernel32.dll.GetEnvironmentStringsW kernel32.dll.GetEnvironmentStrings kernel32.dll.FreeEnvironmentStringsW kernel32.dll.FreeEnvironmentStringsA kernel32.dll.UnhandledExceptionFilter kernel32.dll.GetFileType kernel32.dll.SetStdHandle kernel32.dll.GetACP kernel32.dll.HeapSize kernel32.dll.RaiseException kernel32.dll.GetLocalTime kernel32.dll.GetSystemTime kernel32.dll.RtlUnwind kernel32.dll.GetStartupInfoA kernel32.dll.GetOEMCP kernel32.dll.GetCPInfo kernel32.dll.GetProcessVersion kernel32.dll.SetErrorMode kernel32.dll.GlobalFlags kernel32.dll.GetCurrentThread kernel32.dll.GetFileTime kernel32.dll.TlsGetValue kernel32.dll.LocalReAlloc kernel32.dll.TlsSetValue kernel32.dll.TlsFree kernel32.dll.GlobalHandle kernel32.dll.TlsAlloc kernel32.dll.LocalAlloc kernel32.dll.lstrcmpA kernel32.dll.GlobalGetAtomNameA kernel32.dll.GlobalAddAtomA kernel32.dll.GlobalFindAtomA kernel32.dll.GlobalDeleteAtom kernel32.dll.lstrcmpiA kernel32.dll.SetEndOfFile kernel32.dll.UnlockFile kernel32.dll.LockFile kernel32.dll.FlushFileBuffers kernel32.dll.DuplicateHandle kernel32.dll.lstrcpynA kernel32.dll.FileTimeToLocalFileTime kernel32.dll.LocalFree kernel32.dll.WideCharToMultiByte kernel32.dll.InterlockedDecrement kernel32.dll.InterlockedIncrement kernel32.dll.SetCurrentDirectoryA kernel32.dll.DeleteFileA kernel32.dll.GetFileAttributesA kernel32.dll.FindClose kernel32.dll.FindFirstFileA kernel32.dll.GetTickCount kernel32.dll.CreateProcessA kernel32.dll.GetCommandLineA kernel32.dll.WaitForSingleObject kernel32.dll.CloseHandle kernel32.dll.GlobalUnlock kernel32.dll.GlobalLock kernel32.dll.GlobalAlloc kernel32.dll.Sleep kernel32.dll.CreateEventA kernel32.dll.CreateThread kernel32.dll.WritePrivateProfileStringA kernel32.dll.GetVersionExA kernel32.dll.GetLastError kernel32.dll.LoadLibraryA kernel32.dll.FreeLibrary kernel32.dll.TerminateProcess kernel32.dll.GetCurrentProcess kernel32.dll.GetFileSize kernel32.dll.SetFilePointer kernel32.dll.CreateSemaphoreA kernel32.dll.ResumeThread kernel32.dll.ReleaseSemaphore kernel32.dll.EnterCriticalSection kernel32.dll.LeaveCriticalSection kernel32.dll.GetProfileStringA kernel32.dll.WriteFile kernel32.dll.ReadFile kernel32.dll.WaitForMultipleObjects kernel32.dll.CreateFileA kernel32.dll.SetEvent kernel32.dll.FindResourceA kernel32.dll.LoadResource kernel32.dll.LockResource kernel32.dll.GetModuleFileNameA kernel32.dll.GetCurrentThreadId kernel32.dll.ExitProcess kernel32.dll.GlobalSize kernel32.dll.GlobalFree kernel32.dll.DeleteCriticalSection kernel32.dll.InitializeCriticalSection kernel32.dll.lstrcatA kernel32.dll.lstrlenA kernel32.dll.WinExec kernel32.dll.lstrcpyA kernel32.dll.FindNextFileA kernel32.dll.GlobalReAlloc kernel32.dll.HeapFree kernel32.dll.HeapReAlloc kernel32.dll.GetProcessHeap kernel32.dll.HeapAlloc kernel32.dll.GetFullPathNameA advapi32.dll.RegCloseKey advapi32.dll.RegOpenKeyExA advapi32.dll.RegSetValueExA advapi32.dll.RegQueryValueA advapi32.dll.RegCreateKeyExA comctl32.dll.#17 comctl32.dll.ImageList_Destroy comdlg32.dll.GetOpenFileNameA comdlg32.dll.GetSaveFileNameA comdlg32.dll.GetFileTitleA comdlg32.dll.ChooseColorA gdi32.dll.TextOutA gdi32.dll.RectVisible gdi32.dll.PtVisible gdi32.dll.SaveDC gdi32.dll.RestoreDC gdi32.dll.SetBkMode gdi32.dll.SetPolyFillMode gdi32.dll.SetROP2 gdi32.dll.SetTextColor gdi32.dll.SetMapMode gdi32.dll.SetViewportOrgEx gdi32.dll.OffsetViewportOrgEx gdi32.dll.SetViewportExtEx gdi32.dll.ExtTextOutA gdi32.dll.Escape gdi32.dll.GetTextMetricsA gdi32.dll.ScaleViewportExtEx gdi32.dll.SetWindowOrgEx gdi32.dll.SetWindowExtEx gdi32.dll.ScaleWindowExtEx gdi32.dll.GetClipBox gdi32.dll.ExcludeClipRect gdi32.dll.MoveToEx gdi32.dll.LineTo gdi32.dll.ExtSelectClipRgn gdi32.dll.GetViewportExtEx gdi32.dll.CreateEllipticRgn gdi32.dll.SetBkColor gdi32.dll.CreateRectRgnIndirect gdi32.dll.SetStretchBltMode gdi32.dll.GetClipRgn gdi32.dll.CreatePolygonRgn gdi32.dll.SelectClipRgn gdi32.dll.DeleteObject gdi32.dll.CreateDIBitmap gdi32.dll.GetSystemPaletteEntries gdi32.dll.CreatePalette gdi32.dll.StretchBlt gdi32.dll.SelectPalette gdi32.dll.RealizePalette gdi32.dll.GetDIBits gdi32.dll.GetWindowExtEx gdi32.dll.GetViewportOrgEx gdi32.dll.GetWindowOrgEx gdi32.dll.BeginPath gdi32.dll.EndPath gdi32.dll.PathToRegion gdi32.dll.CreateRoundRectRgn gdi32.dll.GetTextColor gdi32.dll.GetBkMode gdi32.dll.GetBkColor gdi32.dll.GetROP2 gdi32.dll.GetStretchBltMode gdi32.dll.GetPolyFillMode gdi32.dll.CreateCompatibleBitmap gdi32.dll.CreateDCA gdi32.dll.CreateBitmap gdi32.dll.SelectObject gdi32.dll.GetObjectA gdi32.dll.CreatePen gdi32.dll.PatBlt gdi32.dll.CombineRgn gdi32.dll.CreateRectRgn gdi32.dll.FillRgn gdi32.dll.CreateSolidBrush gdi32.dll.GetStockObject gdi32.dll.CreateFontIndirectA gdi32.dll.EndPage gdi32.dll.EndDoc gdi32.dll.DeleteDC gdi32.dll.StartDocA gdi32.dll.StartPage gdi32.dll.BitBlt gdi32.dll.CreateCompatibleDC gdi32.dll.Ellipse gdi32.dll.Rectangle gdi32.dll.LPtoDP gdi32.dll.DPtoLP gdi32.dll.GetCurrentObject gdi32.dll.RoundRect gdi32.dll.GetTextExtentPoint32A gdi32.dll.GetDeviceCaps ole32.dll.CLSIDFromString ole32.dll.OleUninitialize ole32.dll.OleInitialize oleaut32.dll.#186 oleaut32.dll.#163 oleaut32.dll.#161 rasapi32.dll.RasGetConnectStatusA rasapi32.dll.RasHangUpA shell32.dll.Shell_NotifyIconA shell32.dll.ShellExecuteA user32.dll.CloseClipboard user32.dll.WaitForInputIdle user32.dll.SetScrollRange user32.dll.wsprintfA user32.dll.GetClipboardData user32.dll.OpenClipboard user32.dll.SetClipboardData user32.dll.EmptyClipboard user32.dll.GetSystemMetrics user32.dll.GetCursorPos user32.dll.GetSysColorBrush user32.dll.SetWindowTextA user32.dll.GetWindowTextA user32.dll.FindWindowExA user32.dll.GetDlgItem user32.dll.GetClassNameA user32.dll.GetDesktopWindow user32.dll.LoadIconA user32.dll.TranslateMessage user32.dll.DrawFrameControl user32.dll.DrawEdge user32.dll.DrawFocusRect user32.dll.WindowFromPoint user32.dll.GetMessageA user32.dll.DispatchMessageA user32.dll.SetRectEmpty user32.dll.RegisterClipboardFormatA user32.dll.CreateIconFromResourceEx user32.dll.CreateIconFromResource user32.dll.DrawIconEx user32.dll.CreatePopupMenu user32.dll.AppendMenuA user32.dll.ModifyMenuA user32.dll.CreateMenu user32.dll.CreateAcceleratorTableA user32.dll.GetDlgCtrlID user32.dll.GetSubMenu user32.dll.LoadStringA user32.dll.GetMenuCheckMarkDimensions user32.dll.GetMenuState user32.dll.SetMenuItemBitmaps user32.dll.CheckMenuItem user32.dll.MoveWindow user32.dll.IsDialogMessageA user32.dll.ScrollWindowEx user32.dll.SendDlgItemMessageA user32.dll.MapWindowPoints user32.dll.AdjustWindowRectEx user32.dll.GetScrollPos user32.dll.RegisterClassA user32.dll.GetMenuItemCount user32.dll.GetMenuItemID user32.dll.CreateWindowExA user32.dll.SetWindowsHookExA user32.dll.CallNextHookEx user32.dll.GetClassLongA user32.dll.SetPropA user32.dll.UnhookWindowsHookEx user32.dll.EnableMenuItem user32.dll.ClientToScreen user32.dll.EnumDisplaySettingsA user32.dll.LoadImageA user32.dll.SystemParametersInfoA user32.dll.ShowWindow user32.dll.IsWindowEnabled user32.dll.TranslateAcceleratorA user32.dll.GetKeyState user32.dll.CopyAcceleratorTableA user32.dll.PostQuitMessage user32.dll.IsZoomed user32.dll.GetClassInfoA user32.dll.DefWindowProcA user32.dll.GetSystemMenu user32.dll.DeleteMenu user32.dll.GetMenu user32.dll.SetMenu user32.dll.PeekMessageA user32.dll.IsIconic user32.dll.SetFocus user32.dll.GetActiveWindow user32.dll.GetWindow user32.dll.DestroyAcceleratorTable user32.dll.SetWindowRgn user32.dll.GetMessagePos user32.dll.ScreenToClient user32.dll.ChildWindowFromPointEx user32.dll.CopyRect user32.dll.LoadBitmapA user32.dll.WinHelpA user32.dll.KillTimer user32.dll.SetTimer user32.dll.ReleaseCapture user32.dll.GetCapture user32.dll.SetCapture user32.dll.GetScrollRange user32.dll.UnregisterClassA user32.dll.SetScrollPos user32.dll.SetRect user32.dll.InflateRect user32.dll.IntersectRect user32.dll.DestroyIcon user32.dll.PtInRect user32.dll.OffsetRect user32.dll.IsWindowVisible user32.dll.EnableWindow user32.dll.RedrawWindow user32.dll.GetWindowLongA user32.dll.SetWindowLongA user32.dll.GetSysColor user32.dll.SetActiveWindow user32.dll.SetCursorPos user32.dll.LoadCursorA user32.dll.SetCursor user32.dll.GetDC user32.dll.FillRect user32.dll.IsRectEmpty user32.dll.ReleaseDC user32.dll.IsChild user32.dll.DestroyMenu user32.dll.SetForegroundWindow user32.dll.GetWindowRect user32.dll.EqualRect user32.dll.UpdateWindow user32.dll.ValidateRect user32.dll.InvalidateRect user32.dll.GetClientRect user32.dll.GetFocus user32.dll.GetParent user32.dll.GetTopWindow user32.dll.PostMessageA user32.dll.IsWindow user32.dll.SetParent user32.dll.DestroyCursor user32.dll.SendMessageA user32.dll.SetWindowPos user32.dll.MessageBoxA user32.dll.GetWindowTextLengthA user32.dll.CharUpperA user32.dll.GetWindowDC user32.dll.BeginPaint user32.dll.EndPaint user32.dll.TabbedTextOutA user32.dll.DrawTextA user32.dll.GrayStringA user32.dll.DestroyWindow user32.dll.CreateDialogIndirectParamA user32.dll.EndDialog user32.dll.GetNextDlgTabItem user32.dll.GetWindowPlacement user32.dll.RegisterWindowMessageA user32.dll.GetForegroundWindow user32.dll.GetLastActivePopup user32.dll.GetMessageTime user32.dll.RemovePropA user32.dll.CallWindowProcA user32.dll.GetPropA version.dll.VerLanguageNameA version.dll.GetFileVersionInfoA version.dll.GetFileVersionInfoSizeA version.dll.VerQueryValueA wininet.dll.InternetCanonicalizeUrlA wininet.dll.InternetCrackUrlA wininet.dll.HttpOpenRequestA wininet.dll.HttpSendRequestA wininet.dll.HttpQueryInfoA wininet.dll.InternetConnectA wininet.dll.InternetSetOptionA wininet.dll.InternetOpenA wininet.dll.InternetCloseHandle wininet.dll.InternetReadFile winmm.dll.waveOutUnprepareHeader winmm.dll.waveOutPrepareHeader winmm.dll.waveOutWrite winmm.dll.waveOutPause winmm.dll.waveOutReset winmm.dll.waveOutClose winmm.dll.waveOutGetNumDevs winmm.dll.waveOutOpen winmm.dll.midiOutUnprepareHeader winmm.dll.midiStreamOpen winmm.dll.midiStreamProperty winmm.dll.midiOutPrepareHeader winmm.dll.midiStreamOut winmm.dll.midiStreamStop winmm.dll.midiOutReset winmm.dll.midiStreamClose winmm.dll.midiStreamRestart winspool.drv.OpenPrinterA winspool.drv.DocumentPropertiesA winspool.drv.ClosePrinter ws2_32.dll.#5 ws2_32.dll.#1 ws2_32.dll.#10 ws2_32.dll.#12 ws2_32.dll.#17 ws2_32.dll.#101 ws2_32.dll.#3 ws2_32.dll.#115 ws2_32.dll.#16 ws2_32.dll.#116 ws2_32.dll.#18 ws2_32.dll.#19 kernel32.dll.IsProcessorFeaturePresent cryptbase.dll.SystemFunction036 dwmapi.dll.DwmIsCompositionEnabled wininet.dll.InternetGetConnectedStateExA advapi32.dll.EventActivityIdControl advapi32.dll.EventWriteTransfer kernel32.dll.InitializeSRWLock kernel32.dll.AcquireSRWLockExclusive kernel32.dll.AcquireSRWLockShared kernel32.dll.ReleaseSRWLockExclusive kernel32.dll.ReleaseSRWLockShared kernel32.dll.SetFileInformationByHandle shell32.dll.SHGetFolderPathW kernel32.dll.GetModuleHandleW advapi32.dll.AddMandatoryAce ntmarta.dll.GetMartaExtensionInterface ws2_32.dll.accept ws2_32.dll.bind ws2_32.dll.closesocket ws2_32.dll.connect ws2_32.dll.getpeername ws2_32.dll.getsockname ws2_32.dll.getsockopt ws2_32.dll.ntohl ws2_32.dll.htonl ws2_32.dll.htons ws2_32.dll.inet_addr ws2_32.dll.inet_ntoa ws2_32.dll.ioctlsocket ws2_32.dll.listen ws2_32.dll.ntohs ws2_32.dll.recv ws2_32.dll.recvfrom ws2_32.dll.select ws2_32.dll.send ws2_32.dll.sendto ws2_32.dll.setsockopt ws2_32.dll.shutdown ws2_32.dll.socket ws2_32.dll.gethostbyname ws2_32.dll.gethostname ws2_32.dll.WSAIoctl ws2_32.dll.WSAGetLastError ws2_32.dll.WSASetLastError ws2_32.dll.WSAStartup ws2_32.dll.WSACleanup ws2_32.dll.__WSAFDIsSet ws2_32.dll.getaddrinfo ws2_32.dll.freeaddrinfo ws2_32.dll.getnameinfo ws2_32.dll.WSALookupServiceBeginW ws2_32.dll.WSALookupServiceNextW ws2_32.dll.WSALookupServiceEnd ws2_32.dll.WSANSPIoctl ws2_32.dll.WSAStringToAddressA ws2_32.dll.WSAStringToAddressW ws2_32.dll.WSAAddressToStringA dnsapi.dll.DnsGetProxyInformation dnsapi.dll.DnsFreeProxyName iphlpapi.dll.GetIpForwardTable2 iphlpapi.dll.FreeMibTable iphlpapi.dll.GetIfEntry2 iphlpapi.dll.ConvertInterfaceGuidToLuid iphlpapi.dll.ResolveIpNetEntry2 iphlpapi.dll.GetIpNetEntry2 shlwapi.dll.#260 rasapi32.dll.RasEnumEntriesW rtutils.dll.TraceRegisterExA rtutils.dll.TracePrintfExA sechost.dll.ConvertSidToStringSidW profapi.dll.#104 shlwapi.dll.PathCanonicalizeW shlwapi.dll.PathRemoveFileSpecW shlwapi.dll.PathFindFileNameW sensapi.dll.IsNetworkAlive rpcrt4.dll.RpcBindingFromStringBindingW rpcrt4.dll.RpcBindingSetAuthInfoExW rpcrt4.dll.NdrClientCall2 rasapi32.dll.RasConnectionNotificationW rasman.dll.RasPortClearStatistics rasman.dll.RasBundleClearStatistics rasman.dll.RasBundleClearStatisticsEx rasman.dll.RasDeviceEnum rasman.dll.RasDeviceGetInfo rasman.dll.RasFreeBuffer rasman.dll.RasGetBuffer rasman.dll.RasGetInfo rasman.dll.RasGetDialMachineEventContext rasman.dll.RasSetDialMachineEventHandle rasman.dll.RasGetNdiswanDriverCaps rasman.dll.RasInitialize rasman.dll.RasInitializeNoWait rasman.dll.RasPortCancelReceive rasman.dll.RasPortEnum rasman.dll.RasPortGetInfo rasman.dll.RasPortGetFramingEx rasman.dll.RasPortGetStatistics rasman.dll.RasBundleGetStatistics rasman.dll.RasPortGetStatisticsEx rasman.dll.RasBundleGetStatisticsEx rasman.dll.RasPortReceive rasman.dll.RasPortReceiveEx rasman.dll.RasPortSend rasman.dll.RasPortGetBundle rasman.dll.RasGetDevConfig rasman.dll.RasGetDevConfigEx rasman.dll.RasSetDevConfig rasman.dll.RasPortClose rasman.dll.RasPortListen rasman.dll.RasPortConnectComplete rasman.dll.RasPortDisconnect rasman.dll.RasRequestNotification rasman.dll.RasPortEnumProtocols rasman.dll.RasPortSetFraming rasman.dll.RasPortSetFramingEx rasman.dll.RasSetCachedCredentials rasman.dll.RasGetDialParams rasman.dll.RasSetDialParams rasman.dll.RasCreateConnection rasman.dll.RasDestroyConnection rasman.dll.RasConnectionEnum rasman.dll.RasAddConnectionPort rasman.dll.RasEnumConnectionPorts rasman.dll.RasGetConnectionParams rasman.dll.RasSetConnectionParams rasman.dll.RasGetConnectionUserData rasman.dll.RasSetConnectionUserData rasman.dll.RasGetPortUserData rasman.dll.RasSetPortUserData rasman.dll.RasAddNotification rasman.dll.RasSignalNewConnection rasman.dll.RasApplyPostConnectActions rasman.dll.RasProtocolStop rasman.dll.RasProtocolCallback rasman.dll.RasProtocolChangePassword rasman.dll.RasProtocolGetInfo rasman.dll.RasProtocolRetry rasman.dll.RasProtocolStart rasman.dll.RasPortOpen rasman.dll.RasAllocateRoute rasman.dll.RasActivateRoute rasman.dll.RasActivateRouteEx rasman.dll.RasDeviceSetInfo rasman.dll.RasDeviceSetInfoSafe rasman.dll.RasDeviceConnect rasman.dll.RasPortSetInfo rasman.dll.RasSendProtocolResultToRasman rasman.dll.RasSetEapInfo rasman.dll.RasRpcConnect rasman.dll.RasRpcDisconnect rasman.dll.RasGetNumPortOpen rasman.dll.RasRefConnection rasman.dll.RasSetEapUIData rasman.dll.RasGetEapUIData rasman.dll.RasFindPrerequisiteEntry rasman.dll.RasPortOpenEx rasman.dll.RasLinkGetStatistics rasman.dll.RasConnectionGetStatistics rasman.dll.RasGetHportFromConnection rasman.dll.RasRPCBind rasman.dll.RasReferenceCustomCount rasman.dll.RasGetHConnFromEntry rasman.dll.RasGetDeviceName rasman.dll.RasEnableIpSec rasman.dll.RasSetTunnelEndPoints rasman.dll.RasStartRasAutoIfRequired rasman.dll.RasStartProtocolRenegotiation rasman.dll.RasSendNotification rasman.dll.RasGetDeviceNameW rasman.dll.RasGetUnicodeDeviceName rasman.dll.RasRpcGetVersion rasman.dll.RasRpcPortEnum rasman.dll.RasRpcDeviceEnum rasman.dll.RasRpcGetDevConfig rasman.dll.RasRpcPortGetInfo rasman.dll.RasRpcGetInstalledProtocols rasman.dll.RasRpcGetInstalledProtocolsEx rasman.dll.RasRpcGetSystemDirectory rasman.dll.RasRpcGetUserPreferences rasman.dll.RasRpcDeleteEntry rasman.dll.RasRpcEnumConnections rasman.dll.RasRpcGetCountryInfo rasman.dll.RasRpcGetErrorString rasman.dll.RasRpcSetUserPreferences rasman.dll.RasProtocolUpdateConnection rasman.dll.RasAddNotificationEx rasman.dll.RasRemoveNotificationEx rasman.dll.RasGetNotificationEntry rasman.dll.RasSignalMonitorThreadExit rasman.dll.RasmanUninitialize sechost.dll.OpenSCManagerA sechost.dll.OpenServiceA sechost.dll.QueryServiceStatus sechost.dll.CloseServiceHandle gdi32.dll.GetLayout gdi32.dll.GdiRealizationInfo gdi32.dll.FontIsLinked advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW gdi32.dll.GetTextFaceAliasW advapi32.dll.RegEnumValueW advapi32.dll.RegQueryValueExW advapi32.dll.RegQueryValueExA advapi32.dll.RegEnumKeyExW gdi32.dll.GdiIsMetaPrintDC comctl32.dll.RegisterClassNameW uxtheme.dll.OpenThemeData uxtheme.dll.IsThemePartDefined uxtheme.dll.GetThemeFont uxtheme.dll.GetThemeColor uxtheme.dll.GetThemeBool imm32.dll.ImmGetContext imm32.dll.ImmReleaseContext imm32.dll.ImmAssociateContext imm32.dll.ImmIsIME gdi32.dll.GetTextExtentExPointWPri sechost.dll.NotifyServiceStatusChangeA uxtheme.dll.GetThemeMargins uxtheme.dll.GetThemeInt comctl32.dll.HIMAGELIST_QueryInterface comctl32.dll.DrawShadowText comctl32.dll.DrawSizeBox comctl32.dll.DrawScrollBar comctl32.dll.SizeBoxHwnd comctl32.dll.ScrollBar_MouseMove comctl32.dll.ScrollBar_Menu comctl32.dll.HandleScrollCmd comctl32.dll.DetachScrollBars comctl32.dll.AttachScrollBars comctl32.dll.CCSetScrollInfo comctl32.dll.CCGetScrollInfo comctl32.dll.CCEnableScrollBar comctl32.dll.QuerySystemGestureStatus uxtheme.dll.#49 uxtheme.dll.CloseThemeData uxtheme.dll.SetWindowTheme uxtheme.dll.EnableThemeDialogTexture comctl32.dll.InitCommonControlsEx uxtheme.dll.GetThemeTextMetrics uxtheme.dll.GetThemeTextExtent uxtheme.dll.GetThemeBackgroundExtent kernel32.dll.OpenEventA kernel32.dll.RtlMoveMemory kernel32.dll.VirtualProtect comctl32.dll.ImageList_Draw msimg32.dll.TransparentBlt msvcrt.dll.free msvfw32.dll.DrawDibOpen kernel32.dll.FlushInstructionCache kernel32.dll.VirtualQuery kernel32.dll.SizeofResource comctl32.dll.ImageList_GetIcon comctl32.dll.ImageList_GetImageInfo comctl32.dll.ImageList_GetIconSize gdi32.dll.SelectClipPath gdi32.dll.GetPixel gdi32.dll.CreatePatternBrush gdi32.dll.CreateFontA gdi32.dll.OffsetRgn gdi32.dll.ExtCreateRegion gdi32.dll.SetPixel gdi32.dll.PtInRegion gdi32.dll.CreateDIBSection gdi32.dll.GetTextExtentPointA gdi32.dll.ExtTextOutW msvcrt.dll.??3@YAXPAX@Z msvcrt.dll.__CxxFrameHandler msvcrt.dll.??2@YAPAXI@Z msvcrt.dll._ftol msvcrt.dll._mbsstr msvcrt.dll._mbscmp msvcrt.dll.__dllonexit msvcrt.dll.malloc msvcrt.dll._initterm msvcrt.dll._adjust_fdiv msvcrt.dll._onexit msvcrt.dll.memcpy msvfw32.dll.DrawDibDraw msvfw32.dll.DrawDibClose user32.dll.EnumThreadWindows user32.dll.EnumChildWindows user32.dll.LockWindowUpdate user32.dll.DrawStateA user32.dll.GetWindowRgn user32.dll.TrackPopupMenu user32.dll.GetWindowInfo user32.dll.MenuItemFromPoint user32.dll.GetMenuItemRect user32.dll.SetMenuItemInfoA user32.dll.IsMenu user32.dll.GetUpdateRect user32.dll.ShowScrollBar user32.dll.WindowFromDC user32.dll.EnableScrollBar user32.dll.GetScrollBarInfo user32.dll.SetScrollInfo user32.dll.GetScrollInfo user32.dll.GetDCEx user32.dll.GetWindowLongW user32.dll.SetWindowLongW user32.dll.GetMenuItemInfoA user32.dll.GetComboBoxInfo user32.dll.TrackMouseEvent user32.dll.GetIconInfo user32.dll.RegisterClassExA user32.dll.UpdateLayeredWindow user32.dll.SetLayeredWindowAttributes dciman32.dll.DCIOpenProvider dciman32.dll.DCICloseProvider dciman32.dll.DCICreatePrimary dciman32.dll.DCIEndAccess dciman32.dll.DCIBeginAccess dciman32.dll.DCIDestroy ole32.dll.CoInitializeEx advapi32.dll.RegDeleteTreeA advapi32.dll.RegDeleteTreeW napinsp.dll.NSPStartup sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW pnrpnsp.dll.NSPStartup mswsock.dll.NSPStartup winrnr.dll.NSPStartup ws2_32.dll.#112 ws2_32.dll.#111 dnsapi.dll.DnsApiAlloc dnsapi.dll.DnsApiFree ole32.dll.CoCreateInstance ole32.dll.CoTaskMemAlloc oleaut32.dll.#8 oleaut32.dll.#9 oleaut32.dll.DllGetClassObject oleaut32.dll.DllCanUnloadNow advapi32.dll.RegOpenKeyW ole32.dll.CoTaskMemFree ole32.dll.StringFromIID ole32.dll.CoUninitialize ole32.dll.CoRegisterInitializeSpy ole32.dll.CoRevokeInitializeSpy ©2016 上海魔盾信息科技有限公司
Documentos relacionados
魔盾安全分析报告 文件详细信息 特征
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\ C:\Users\test\AppData\Roaming\Microsoft\Windows...
Leia mais魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录
3eeecfea3772f8b91f6506175fdb11c85bf60da92b8d74d88e966ced4b7876bc66b94b09b49270ea9f6e9aebb266c59ef36dae3ce29efb17c14fc7125d6df62c
Leia mais魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc
Leia mais下载 - 魔盾安全分析
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1 ...
Leia mais魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PAPBQ2GR\1020931287_DSC_0078[1].jpg C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content...
Leia mais