下载 - 魔盾安全分析

Сomentários

Transcrição

下载 - 魔盾安全分析
魔盾安全分析报告
分析类型
开始时间
结束时间
持续时间
分析引擎版本
FILE
2016-07-26 15:53:08
2016-07-26 15:55:34
146 秒
1.4-Maldun
虚拟机机器名
标签
虚拟机管理
开机时间
关机时间
win7-sp1-x64
win7-sp1-x64
KVM
2016-07-26 15:53:08
2016-07-26 15:55:34
魔盾分数
6.3
恶意的
文件详细信息
文件名
37f87ea4a8011e689710191f5d54e16a
文件大小
2054144 字节
文件类型
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
CRC32
65559312
MD5
37f87ea4a8011e689710191f5d54e16a
SHA1
160c301fe133b52e8417cd73241a2967faf75ce0
SHA256
1ad010b9a68202bc5b03927fda225200ab70a5b702b05fe293960954495f6ee0
SHA512
b9c3fc622e7d1a0bc034d0f5f20e0f313f86082dce4c33787f38aa41857f206aa36c0a6c0d8c4797664ca1811e42993fd08b3ad046be7abb594e55a187f8eb64
Ssdeep
49152:/GHzpRAr8OrM746OltTTv1UflHM3PgmEBvWVM+R39LEiBKIbWfCY:/3r8uM746utXvmflH5mEBvWVMsWuWfL
PEiD
无匹配
Yara
UPXv20MarkusLaszloReiser ()
UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser ()
UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser ()
upx_3 (UPX 3.X)
无此文件扫描结果
VirusTotal
特征
创建RWX内存
从文件自身的二进制镜像中读取数据
self_read: process: 37f87ea4a8011e689710191f5d54e16a.exe, pid: 1332, offset: 0x00000000, length: 0x00000040
self_read: process: 37f87ea4a8011e689710191f5d54e16a.exe, pid: 1332, offset: 0x000000f8, length: 0x00000020
self_read: process: 37f87ea4a8011e689710191f5d54e16a.exe, pid: 1332, offset: 0x0000017b, length: 0x00080000
发起了一些HTTP请求
url: http://www.ipaef.com/xx/banben.txt
二进制文件可能包含加密或压缩数据
section: name: UPX1, entropy: 7.84, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x001e4a00, virtual_size:
0x001e5000
可执行文件被使用UPX压缩
section: name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000,
virtual_size: 0x000b3000
尝试断开连接或更改Cuckoo监控的Windows功能
unhook: function_name: SetWindowLongA, type: modification
unhook: function_name: SetWindowLongW, type: modification
尝试修改代理设置
运行截图
网络分析
访问主机记录
直接访问
IP地址
国家名
否
219.83.164.228
China
域名解析
域名
响应
www.ipaef.com
A 219.83.164.228
TCP连接
IP地址
端口
219.83.164.228
80
UDP连接
IP地址
端口
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.1
53
192.168.122.255
138
224.0.0.252
5355
224.0.0.252
5355
239.255.255.250
1900
40.69.40.157
123
HTTP请求
URL
HTTP数据
http://www.ipaef.com/xx/banben.txt
GET /xx/banben.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: www.ipaef.com
Cache-Control: no-cache
静态分析
PE 信息
初始地址
0x00400000
入口地址
0x00698730
声明校验值
0x00000000
实际校验值
0x001fffd3
最低操作系统版本要求
4.0
编译时间
2016-07-20 16:51:20
图标
图标精确哈希值
854c46df044c3f7c54749dcae8510ca0
图标相似性哈希值
b02d7fc3265bd89057d9a1847d7298f8
版本信息
LegalCopyright:
\x672c\x8f6f\x4ef6\x4e00\x5207\x89e3\x91ca\x6743\x7531\xff1a\x5b9a\x6781\x81ea\x52a8\x5316 www.ipaef.com *\x7248\x6743\x6240\x6709
FileVersion:
1.5.0.0
CompanyName:
GDJ
Comments:
\x5982\x6709\x5176\x4ed6\x4f01\x4e1a\xff0c\x5bf9\x6b64\x6b3e\x8f6f\x4ef6\x6709\x5174\x8da3\xff0c\x6b22\x8fce\x8054\x7cfb\x3002
ProductName:
\x5b9a\x6781\x81ea\x52a8\x5316\x4ea7\x54c1\x9009\x578b\x8f6f\x4ef6
ProductVersion:
1.5.0.0
FileDescription:
\x672c\x8f6f\x4ef6\xff0c\x7531\x5b9a\x6781\x81ea\x52a8\x5316\x8bbe\x5907\x6709\x9650\x516c\x53f8\x6839\x636e\x4ea7\x54c1\xff0c\x53c2\x6570\x7b49\xff0c\x4e3a\x516c\x53f8\x5ba2\x62
Translation:
0x0804 0x04b0
PE数据组成
名称
虚拟地址
虚拟大小
原始数据大小
特征
熵(Entropy)
UPX0
0x00001000
0x000b3000
0x00000000
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
0.00
UPX1
0x000b4000
0x001e5000
0x001e4a00
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
7.84
.rsrc
0x00299000
0x00011000
0x00010a00
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
4.43
资源
名称
偏移量
大小
语言
子语言
熵(Entropy)
文件类型
TEXTINCLUDE
0x00281e58
0x00000151
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.07
data
TEXTINCLUDE
0x00281e58
0x00000151
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.07
data
TEXTINCLUDE
0x00281e58
0x00000151
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.07
data
RT_CURSOR
0x00282348
0x000000b4
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
6.74
data
RT_CURSOR
0x00282348
0x000000b4
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
6.74
data
RT_CURSOR
0x00282348
0x000000b4
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
6.74
data
RT_CURSOR
0x00282348
0x000000b4
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
6.74
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_BITMAP
0x00283bbc
0x00000144
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.08
data
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_ICON
0x002a8c44
0x00000468
LANG_NEUTRAL
SUBLANG_NEUTRAL
3.41
GLS_BINARY_LSB_FIRST
RT_MENU
0x00292f48
0x00000284
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.36
data
RT_MENU
0x00292f48
0x00000284
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.36
data
RT_DIALOG
0x00294190
0x0000018c
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.35
data
RT_DIALOG
0x00294190
0x0000018c
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.35
data
RT_DIALOG
0x00294190
0x0000018c
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.35
data
RT_DIALOG
0x00294190
0x0000018c
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.35
data
RT_DIALOG
0x00294190
0x0000018c
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.35
data
RT_DIALOG
0x00294190
0x0000018c
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.35
data
RT_DIALOG
0x00294190
0x0000018c
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.35
data
RT_DIALOG
0x00294190
0x0000018c
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.35
data
RT_DIALOG
0x00294190
0x0000018c
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.35
data
RT_DIALOG
0x00294190
0x0000018c
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
7.35
data
RT_STRING
0x00294bd8
0x00000024
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
5.11
data
RT_STRING
0x00294bd8
0x00000024
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
5.11
data
RT_STRING
0x00294bd8
0x00000024
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
5.11
data
RT_STRING
0x00294bd8
0x00000024
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
5.11
data
RT_STRING
0x00294bd8
0x00000024
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
5.11
data
RT_STRING
0x00294bd8
0x00000024
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
5.11
data
RT_STRING
0x00294bd8
0x00000024
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
5.11
data
RT_STRING
0x00294bd8
0x00000024
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
5.11
data
RT_STRING
0x00294bd8
0x00000024
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
5.11
data
RT_STRING
0x00294bd8
0x00000024
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
5.11
data
RT_STRING
0x00294bd8
0x00000024
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
5.11
data
RT_GROUP_CURSOR
0x00294c24
0x00000022
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
4.85
data
RT_GROUP_CURSOR
0x00294c24
0x00000022
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
4.85
data
RT_GROUP_CURSOR
0x00294c24
0x00000022
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
4.85
data
RT_GROUP_ICON
0x002a9188
0x00000014
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
2.02
MS Windows icon resource - 1 icon
RT_GROUP_ICON
0x002a9188
0x00000014
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
2.02
MS Windows icon resource - 1 icon
RT_GROUP_ICON
0x002a9188
0x00000014
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
2.02
MS Windows icon resource - 1 icon
RT_VERSION
0x002a91a0
0x00000328
LANG_CHINESE
SUBLANG_CHINESE_SIMPLIFIED
4.90
data
RT_MANIFEST
0x002a94cc
0x000001cd
LANG_NEUTRAL
SUBLANG_NEUTRAL
5.08
XML document text
导入
库 KERNEL32.DLL:
• 0x6a97dc - LoadLibraryA
• 0x6a97e0 - GetProcAddress
• 0x6a97e4 - VirtualProtect
• 0x6a97e8 - ExitProcess
库 ADVAPI32.dll:
• 0x6a97f0 - RegCloseKey
库 COMCTL32.dll:
• 0x6a97f8 - None
库 comdlg32.dll:
• 0x6a9800 - ChooseColorA
库 GDI32.dll:
• 0x6a9808 - SaveDC
库 ole32.dll:
• 0x6a9810 - OleInitialize
库 OLEAUT32.dll:
• 0x6a9818 - None
库 RASAPI32.dll:
• 0x6a9820 - RasHangUpA
库 SHELL32.dll:
• 0x6a9828 - ShellExecuteA
库 USER32.dll:
• 0x6a9830 - GetDC
库 VERSION.dll:
• 0x6a9838 - VerQueryValueA
库 WININET.dll:
• 0x6a9840 - InternetOpenA
库 WINMM.dll:
• 0x6a9848 - waveOutOpen
库 WINSPOOL.DRV:
• 0x6a9850 - OpenPrinterA
库 WS2_32.dll:
• 0x6a9858 - None
投放文件
index.dat
文件名
相关文件
index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
文件大小
232140 bytes
文件类型
Internet Explorer cache file version Ver 5.2
MD5
76faa5e05dea154e501357c15f1cbafc
SHA1
c190209438d8241bcd454a45a95ef3b0716b7e6f
SHA256
01b16d78de1e9504f23fcca19e83e4be5358aebcfbd9090019fb0baaeff7293c
SHA512
dcb08120d6f602fb2fa742794a58e35e985dd3c4feaa2deb8a6a0260eadc2ef58c49cc61caf0456191a02f8cd04799d07ddeffc57e625b5000a97c565cc2b5e0
Ssdeep
1536:XNdW+TE/Qn+iTVHQPjZ1JFE/qO9JCsRb1BLrErwzj3T08NDtlz97gYtB4ljEwxot:LW7m23wzj9gYtB46wxohV34k0I4SPL
Yara
memory_shylock ()
NET ()
VirusTotal
搜索相关分析
index.dat
文件名
相关文件
index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
文件大小
32768 bytes
文件类型
Internet Explorer cache file version Ver 5.2
MD5
4c3187aa05a24bce3db46ccb23bee2f3
SHA1
422681f524461c606a511075c94e2c0c6a400cb8
SHA256
1ce9c281ef19d57aa4a34d74c49af69a5fcd1442bbdd90045c75e4a43422244a
SHA512
2a09d8fe956ef8934f699856c4f572df17a6f972cb4c688d284335293a472e0dd0472ee0273f344792188a759aceea228866a4225ad9b6233d85d7697142efa3
Ssdeep
24:qj85IIoWHbIVsv7LkjAW9H2czx2FskXUnGiiLYxBzGnkL4AoNsR4DYxnU9I:qeggEiMxb4Y4D/I
Yara
无匹配
VirusTotal
搜索相关分析
index.dat
文件名
相关文件
index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
文件大小
32768 bytes
文件类型
Internet Explorer cache file version Ver 5.2
MD5
07cdcbc76d95ccbcf7408e44472514bd
SHA1
1971172c361caf4edd3fcc473badd9729bb8190a
SHA256
176cbf9ad24499f796fc40e0bedcbb8e42d5ea0312061dad4c400249b644ead7
SHA512
478bc8c38e092f41d7411742da51b6523cc2fc4340901baecb923cba39239e7a29abf3836100fb80179763be56e4f77d298cf34da52314a32a4a9b536f608d65
Ssdeep
48:qBpr/jGiBGRx8Xp/llr8jli7MfvFNzoyb10YH1iYnVnChXpu0sCmDdZn/4Syt:qyvXQTwvHo2+YH1N4544T
Yara
无匹配
VirusTotal
搜索相关分析
行为分析
互斥量(Mutexes)
Local\_!MSFTHISTORY!_
Local\c:!users!test!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!test!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!test!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
IESQMMUTEX_0_208
Local\MSCTF.Asm.MutexDefault1
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息
进程
37f87ea4a8011e689710191f5d54e16a.exe
PID: 1332, 上一级进程 PID: 2188
访问的文件
C:\Users\test\AppData\Local\Temp\wininet.dll
C:\Windows\SysWOW64\wininet.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\test\AppData\Local\Microsoft\Windows\History
C:\Users\test\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Users\test\AppData\Local\Temp\dnsapi.DLL
C:\Windows\System32\dnsapi.dll
C:\Users\test\AppData\Local\Temp\iphlpapi.DLL
C:\Windows\System32\IPHLPAPI.DLL
C:\Users\test\AppData\Local\Temp\WINNSI.DLL
C:\Windows\System32\winnsi.dll
C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\System32\ras\*.pbk
C:\Users\test\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\Users\test\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\Fonts\staticcache.dat
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Users\test\AppData\Local\Temp\37f87ea4a8011e689710191f5d54e16a.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
C:\Users\test\AppData\Local\Temp\Kernel32.dll
C:\Users\test\AppData\Local\Temp\37f87ea4a8011e689710191f5d54e16a.exe
C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui
\Device\Afd\Endpoint
\Device\RasAcd
C:\Users\test\AppData\Local\Temp\Update.exe
读取的文件
C:\Windows\SysWOW64\wininet.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Windows\System32\dnsapi.dll
C:\Windows\System32\IPHLPAPI.DLL
C:\Windows\System32\winnsi.dll
C:\Windows\Fonts\staticcache.dat
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Users\test\AppData\Local\Temp\37f87ea4a8011e689710191f5d54e16a.exe
C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui
\Device\Afd\Endpoint
\Device\RasAcd
修改的文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
\Device\Afd\Endpoint
\Device\RasAcd
删除的文件 无信息
注册表键
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePassport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_ClientAuthCertFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\Feature_ClientAuthCertFilter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_LONG_INTERNATIONAL_FILENAMES
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_ALLOW_LONG_INTERNATIONAL_FILENAMES
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\37f87ea4a8011e689710191f5d54e16a.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PerUserCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_KEYS_ON_UNLOAD_KB975619
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_RELEASE_KEYS_ON_UNLOAD_KB975619
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITY_FLAG_IGNORE_REVOCATION_KB2275828
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_SECURITY_FLAG_IGNORE_REVOCATION_KB2275828
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoNetAutodial
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\5D75C44A
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigCustomUA
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AutoProxyTypes
HKEY_LOCAL_MACHINE\Software\Classes\AutoProxyTypes
HKEY_CURRENT_USER\Software\Classes\AutoProxyTypes\Application/x-internet-signup
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\DllFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\FileExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Flags
HKEY_CURRENT_USER\Software\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\DllFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\FileExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Flags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\37f87ea4a8011e689710191f5d54e16a.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\SimSun
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_CURRENT_USER\Software\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CURRENT_USER\Software\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\fe-54-00-43-f2-9a
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fe-54-00-43-f2-9a
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
读取的注册表键
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePassport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_ClientAuthCertFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\Feature_ClientAuthCertFilter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016012420160125\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET
EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\37f87ea4a8011e689710191f5d54e16a.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\INTERNET EXPLORER\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PerUserCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoNetAutodial
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\5D75C44A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigCustomUA
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\DllFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\FileExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-internet-signup\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\DllFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\FileExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoProxyTypes\Application/x-ns-proxy-autoconfig\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\SimSun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B678A52-EAE8-4CE7-983B-7984CC409A1F}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
修改的注册表键
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\37f87ea4a8011e689710191f5d54e16a_RASMANCS\FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
删除的注册表键
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
API解析
kernel32.dll.MultiByteToWideChar
kernel32.dll.SetLastError
kernel32.dll.GetTimeZoneInformation
kernel32.dll.GetVersion
kernel32.dll.FileTimeToSystemTime
kernel32.dll.MulDiv
kernel32.dll.GetProcAddress
kernel32.dll.GetModuleHandleA
kernel32.dll.GetVolumeInformationA
kernel32.dll.InterlockedExchange
kernel32.dll.IsBadCodePtr
kernel32.dll.IsBadReadPtr
kernel32.dll.CompareStringW
kernel32.dll.CompareStringA
kernel32.dll.GetStringTypeW
kernel32.dll.GetStringTypeA
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.IsBadWritePtr
kernel32.dll.VirtualAlloc
kernel32.dll.LCMapStringW
kernel32.dll.LCMapStringA
kernel32.dll.SetEnvironmentVariableA
kernel32.dll.VirtualFree
kernel32.dll.HeapCreate
kernel32.dll.HeapDestroy
kernel32.dll.GetEnvironmentVariableA
kernel32.dll.GetStdHandle
kernel32.dll.SetHandleCount
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.GetEnvironmentStrings
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsA
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.GetFileType
kernel32.dll.SetStdHandle
kernel32.dll.GetACP
kernel32.dll.HeapSize
kernel32.dll.RaiseException
kernel32.dll.GetLocalTime
kernel32.dll.GetSystemTime
kernel32.dll.RtlUnwind
kernel32.dll.GetStartupInfoA
kernel32.dll.GetOEMCP
kernel32.dll.GetCPInfo
kernel32.dll.GetProcessVersion
kernel32.dll.SetErrorMode
kernel32.dll.GlobalFlags
kernel32.dll.GetCurrentThread
kernel32.dll.GetFileTime
kernel32.dll.TlsGetValue
kernel32.dll.LocalReAlloc
kernel32.dll.TlsSetValue
kernel32.dll.TlsFree
kernel32.dll.GlobalHandle
kernel32.dll.TlsAlloc
kernel32.dll.LocalAlloc
kernel32.dll.lstrcmpA
kernel32.dll.GlobalGetAtomNameA
kernel32.dll.GlobalAddAtomA
kernel32.dll.GlobalFindAtomA
kernel32.dll.GlobalDeleteAtom
kernel32.dll.lstrcmpiA
kernel32.dll.SetEndOfFile
kernel32.dll.UnlockFile
kernel32.dll.LockFile
kernel32.dll.FlushFileBuffers
kernel32.dll.DuplicateHandle
kernel32.dll.lstrcpynA
kernel32.dll.FileTimeToLocalFileTime
kernel32.dll.LocalFree
kernel32.dll.WideCharToMultiByte
kernel32.dll.InterlockedDecrement
kernel32.dll.InterlockedIncrement
kernel32.dll.SetCurrentDirectoryA
kernel32.dll.DeleteFileA
kernel32.dll.GetFileAttributesA
kernel32.dll.FindClose
kernel32.dll.FindFirstFileA
kernel32.dll.GetTickCount
kernel32.dll.CreateProcessA
kernel32.dll.GetCommandLineA
kernel32.dll.WaitForSingleObject
kernel32.dll.CloseHandle
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalLock
kernel32.dll.GlobalAlloc
kernel32.dll.Sleep
kernel32.dll.CreateEventA
kernel32.dll.CreateThread
kernel32.dll.WritePrivateProfileStringA
kernel32.dll.GetVersionExA
kernel32.dll.GetLastError
kernel32.dll.LoadLibraryA
kernel32.dll.FreeLibrary
kernel32.dll.TerminateProcess
kernel32.dll.GetCurrentProcess
kernel32.dll.GetFileSize
kernel32.dll.SetFilePointer
kernel32.dll.CreateSemaphoreA
kernel32.dll.ResumeThread
kernel32.dll.ReleaseSemaphore
kernel32.dll.EnterCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.GetProfileStringA
kernel32.dll.WriteFile
kernel32.dll.ReadFile
kernel32.dll.WaitForMultipleObjects
kernel32.dll.CreateFileA
kernel32.dll.SetEvent
kernel32.dll.FindResourceA
kernel32.dll.LoadResource
kernel32.dll.LockResource
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetCurrentThreadId
kernel32.dll.ExitProcess
kernel32.dll.GlobalSize
kernel32.dll.GlobalFree
kernel32.dll.DeleteCriticalSection
kernel32.dll.InitializeCriticalSection
kernel32.dll.lstrcatA
kernel32.dll.lstrlenA
kernel32.dll.WinExec
kernel32.dll.lstrcpyA
kernel32.dll.FindNextFileA
kernel32.dll.GlobalReAlloc
kernel32.dll.HeapFree
kernel32.dll.HeapReAlloc
kernel32.dll.GetProcessHeap
kernel32.dll.HeapAlloc
kernel32.dll.GetFullPathNameA
advapi32.dll.RegCloseKey
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegSetValueExA
advapi32.dll.RegQueryValueA
advapi32.dll.RegCreateKeyExA
comctl32.dll.#17
comctl32.dll.ImageList_Destroy
comdlg32.dll.GetOpenFileNameA
comdlg32.dll.GetSaveFileNameA
comdlg32.dll.GetFileTitleA
comdlg32.dll.ChooseColorA
gdi32.dll.TextOutA
gdi32.dll.RectVisible
gdi32.dll.PtVisible
gdi32.dll.SaveDC
gdi32.dll.RestoreDC
gdi32.dll.SetBkMode
gdi32.dll.SetPolyFillMode
gdi32.dll.SetROP2
gdi32.dll.SetTextColor
gdi32.dll.SetMapMode
gdi32.dll.SetViewportOrgEx
gdi32.dll.OffsetViewportOrgEx
gdi32.dll.SetViewportExtEx
gdi32.dll.ExtTextOutA
gdi32.dll.Escape
gdi32.dll.GetTextMetricsA
gdi32.dll.ScaleViewportExtEx
gdi32.dll.SetWindowOrgEx
gdi32.dll.SetWindowExtEx
gdi32.dll.ScaleWindowExtEx
gdi32.dll.GetClipBox
gdi32.dll.ExcludeClipRect
gdi32.dll.MoveToEx
gdi32.dll.LineTo
gdi32.dll.ExtSelectClipRgn
gdi32.dll.GetViewportExtEx
gdi32.dll.CreateEllipticRgn
gdi32.dll.SetBkColor
gdi32.dll.CreateRectRgnIndirect
gdi32.dll.SetStretchBltMode
gdi32.dll.GetClipRgn
gdi32.dll.CreatePolygonRgn
gdi32.dll.SelectClipRgn
gdi32.dll.DeleteObject
gdi32.dll.CreateDIBitmap
gdi32.dll.GetSystemPaletteEntries
gdi32.dll.CreatePalette
gdi32.dll.StretchBlt
gdi32.dll.SelectPalette
gdi32.dll.RealizePalette
gdi32.dll.GetDIBits
gdi32.dll.GetWindowExtEx
gdi32.dll.GetViewportOrgEx
gdi32.dll.GetWindowOrgEx
gdi32.dll.BeginPath
gdi32.dll.EndPath
gdi32.dll.PathToRegion
gdi32.dll.CreateRoundRectRgn
gdi32.dll.GetTextColor
gdi32.dll.GetBkMode
gdi32.dll.GetBkColor
gdi32.dll.GetROP2
gdi32.dll.GetStretchBltMode
gdi32.dll.GetPolyFillMode
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.CreateDCA
gdi32.dll.CreateBitmap
gdi32.dll.SelectObject
gdi32.dll.GetObjectA
gdi32.dll.CreatePen
gdi32.dll.PatBlt
gdi32.dll.CombineRgn
gdi32.dll.CreateRectRgn
gdi32.dll.FillRgn
gdi32.dll.CreateSolidBrush
gdi32.dll.GetStockObject
gdi32.dll.CreateFontIndirectA
gdi32.dll.EndPage
gdi32.dll.EndDoc
gdi32.dll.DeleteDC
gdi32.dll.StartDocA
gdi32.dll.StartPage
gdi32.dll.BitBlt
gdi32.dll.CreateCompatibleDC
gdi32.dll.Ellipse
gdi32.dll.Rectangle
gdi32.dll.LPtoDP
gdi32.dll.DPtoLP
gdi32.dll.GetCurrentObject
gdi32.dll.RoundRect
gdi32.dll.GetTextExtentPoint32A
gdi32.dll.GetDeviceCaps
ole32.dll.CLSIDFromString
ole32.dll.OleUninitialize
ole32.dll.OleInitialize
oleaut32.dll.#186
oleaut32.dll.#163
oleaut32.dll.#161
rasapi32.dll.RasGetConnectStatusA
rasapi32.dll.RasHangUpA
shell32.dll.Shell_NotifyIconA
shell32.dll.ShellExecuteA
user32.dll.CloseClipboard
user32.dll.WaitForInputIdle
user32.dll.SetScrollRange
user32.dll.wsprintfA
user32.dll.GetClipboardData
user32.dll.OpenClipboard
user32.dll.SetClipboardData
user32.dll.EmptyClipboard
user32.dll.GetSystemMetrics
user32.dll.GetCursorPos
user32.dll.GetSysColorBrush
user32.dll.SetWindowTextA
user32.dll.GetWindowTextA
user32.dll.FindWindowExA
user32.dll.GetDlgItem
user32.dll.GetClassNameA
user32.dll.GetDesktopWindow
user32.dll.LoadIconA
user32.dll.TranslateMessage
user32.dll.DrawFrameControl
user32.dll.DrawEdge
user32.dll.DrawFocusRect
user32.dll.WindowFromPoint
user32.dll.GetMessageA
user32.dll.DispatchMessageA
user32.dll.SetRectEmpty
user32.dll.RegisterClipboardFormatA
user32.dll.CreateIconFromResourceEx
user32.dll.CreateIconFromResource
user32.dll.DrawIconEx
user32.dll.CreatePopupMenu
user32.dll.AppendMenuA
user32.dll.ModifyMenuA
user32.dll.CreateMenu
user32.dll.CreateAcceleratorTableA
user32.dll.GetDlgCtrlID
user32.dll.GetSubMenu
user32.dll.LoadStringA
user32.dll.GetMenuCheckMarkDimensions
user32.dll.GetMenuState
user32.dll.SetMenuItemBitmaps
user32.dll.CheckMenuItem
user32.dll.MoveWindow
user32.dll.IsDialogMessageA
user32.dll.ScrollWindowEx
user32.dll.SendDlgItemMessageA
user32.dll.MapWindowPoints
user32.dll.AdjustWindowRectEx
user32.dll.GetScrollPos
user32.dll.RegisterClassA
user32.dll.GetMenuItemCount
user32.dll.GetMenuItemID
user32.dll.CreateWindowExA
user32.dll.SetWindowsHookExA
user32.dll.CallNextHookEx
user32.dll.GetClassLongA
user32.dll.SetPropA
user32.dll.UnhookWindowsHookEx
user32.dll.EnableMenuItem
user32.dll.ClientToScreen
user32.dll.EnumDisplaySettingsA
user32.dll.LoadImageA
user32.dll.SystemParametersInfoA
user32.dll.ShowWindow
user32.dll.IsWindowEnabled
user32.dll.TranslateAcceleratorA
user32.dll.GetKeyState
user32.dll.CopyAcceleratorTableA
user32.dll.PostQuitMessage
user32.dll.IsZoomed
user32.dll.GetClassInfoA
user32.dll.DefWindowProcA
user32.dll.GetSystemMenu
user32.dll.DeleteMenu
user32.dll.GetMenu
user32.dll.SetMenu
user32.dll.PeekMessageA
user32.dll.IsIconic
user32.dll.SetFocus
user32.dll.GetActiveWindow
user32.dll.GetWindow
user32.dll.DestroyAcceleratorTable
user32.dll.SetWindowRgn
user32.dll.GetMessagePos
user32.dll.ScreenToClient
user32.dll.ChildWindowFromPointEx
user32.dll.CopyRect
user32.dll.LoadBitmapA
user32.dll.WinHelpA
user32.dll.KillTimer
user32.dll.SetTimer
user32.dll.ReleaseCapture
user32.dll.GetCapture
user32.dll.SetCapture
user32.dll.GetScrollRange
user32.dll.UnregisterClassA
user32.dll.SetScrollPos
user32.dll.SetRect
user32.dll.InflateRect
user32.dll.IntersectRect
user32.dll.DestroyIcon
user32.dll.PtInRect
user32.dll.OffsetRect
user32.dll.IsWindowVisible
user32.dll.EnableWindow
user32.dll.RedrawWindow
user32.dll.GetWindowLongA
user32.dll.SetWindowLongA
user32.dll.GetSysColor
user32.dll.SetActiveWindow
user32.dll.SetCursorPos
user32.dll.LoadCursorA
user32.dll.SetCursor
user32.dll.GetDC
user32.dll.FillRect
user32.dll.IsRectEmpty
user32.dll.ReleaseDC
user32.dll.IsChild
user32.dll.DestroyMenu
user32.dll.SetForegroundWindow
user32.dll.GetWindowRect
user32.dll.EqualRect
user32.dll.UpdateWindow
user32.dll.ValidateRect
user32.dll.InvalidateRect
user32.dll.GetClientRect
user32.dll.GetFocus
user32.dll.GetParent
user32.dll.GetTopWindow
user32.dll.PostMessageA
user32.dll.IsWindow
user32.dll.SetParent
user32.dll.DestroyCursor
user32.dll.SendMessageA
user32.dll.SetWindowPos
user32.dll.MessageBoxA
user32.dll.GetWindowTextLengthA
user32.dll.CharUpperA
user32.dll.GetWindowDC
user32.dll.BeginPaint
user32.dll.EndPaint
user32.dll.TabbedTextOutA
user32.dll.DrawTextA
user32.dll.GrayStringA
user32.dll.DestroyWindow
user32.dll.CreateDialogIndirectParamA
user32.dll.EndDialog
user32.dll.GetNextDlgTabItem
user32.dll.GetWindowPlacement
user32.dll.RegisterWindowMessageA
user32.dll.GetForegroundWindow
user32.dll.GetLastActivePopup
user32.dll.GetMessageTime
user32.dll.RemovePropA
user32.dll.CallWindowProcA
user32.dll.GetPropA
version.dll.VerLanguageNameA
version.dll.GetFileVersionInfoA
version.dll.GetFileVersionInfoSizeA
version.dll.VerQueryValueA
wininet.dll.InternetCanonicalizeUrlA
wininet.dll.InternetCrackUrlA
wininet.dll.HttpOpenRequestA
wininet.dll.HttpSendRequestA
wininet.dll.HttpQueryInfoA
wininet.dll.InternetConnectA
wininet.dll.InternetSetOptionA
wininet.dll.InternetOpenA
wininet.dll.InternetCloseHandle
wininet.dll.InternetReadFile
winmm.dll.waveOutUnprepareHeader
winmm.dll.waveOutPrepareHeader
winmm.dll.waveOutWrite
winmm.dll.waveOutPause
winmm.dll.waveOutReset
winmm.dll.waveOutClose
winmm.dll.waveOutGetNumDevs
winmm.dll.waveOutOpen
winmm.dll.midiOutUnprepareHeader
winmm.dll.midiStreamOpen
winmm.dll.midiStreamProperty
winmm.dll.midiOutPrepareHeader
winmm.dll.midiStreamOut
winmm.dll.midiStreamStop
winmm.dll.midiOutReset
winmm.dll.midiStreamClose
winmm.dll.midiStreamRestart
winspool.drv.OpenPrinterA
winspool.drv.DocumentPropertiesA
winspool.drv.ClosePrinter
ws2_32.dll.#5
ws2_32.dll.#1
ws2_32.dll.#10
ws2_32.dll.#12
ws2_32.dll.#17
ws2_32.dll.#101
ws2_32.dll.#3
ws2_32.dll.#115
ws2_32.dll.#16
ws2_32.dll.#116
ws2_32.dll.#18
ws2_32.dll.#19
kernel32.dll.IsProcessorFeaturePresent
cryptbase.dll.SystemFunction036
dwmapi.dll.DwmIsCompositionEnabled
wininet.dll.InternetGetConnectedStateExA
advapi32.dll.EventActivityIdControl
advapi32.dll.EventWriteTransfer
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
kernel32.dll.SetFileInformationByHandle
shell32.dll.SHGetFolderPathW
kernel32.dll.GetModuleHandleW
advapi32.dll.AddMandatoryAce
ntmarta.dll.GetMartaExtensionInterface
ws2_32.dll.accept
ws2_32.dll.bind
ws2_32.dll.closesocket
ws2_32.dll.connect
ws2_32.dll.getpeername
ws2_32.dll.getsockname
ws2_32.dll.getsockopt
ws2_32.dll.ntohl
ws2_32.dll.htonl
ws2_32.dll.htons
ws2_32.dll.inet_addr
ws2_32.dll.inet_ntoa
ws2_32.dll.ioctlsocket
ws2_32.dll.listen
ws2_32.dll.ntohs
ws2_32.dll.recv
ws2_32.dll.recvfrom
ws2_32.dll.select
ws2_32.dll.send
ws2_32.dll.sendto
ws2_32.dll.setsockopt
ws2_32.dll.shutdown
ws2_32.dll.socket
ws2_32.dll.gethostbyname
ws2_32.dll.gethostname
ws2_32.dll.WSAIoctl
ws2_32.dll.WSAGetLastError
ws2_32.dll.WSASetLastError
ws2_32.dll.WSAStartup
ws2_32.dll.WSACleanup
ws2_32.dll.__WSAFDIsSet
ws2_32.dll.getaddrinfo
ws2_32.dll.freeaddrinfo
ws2_32.dll.getnameinfo
ws2_32.dll.WSALookupServiceBeginW
ws2_32.dll.WSALookupServiceNextW
ws2_32.dll.WSALookupServiceEnd
ws2_32.dll.WSANSPIoctl
ws2_32.dll.WSAStringToAddressA
ws2_32.dll.WSAStringToAddressW
ws2_32.dll.WSAAddressToStringA
dnsapi.dll.DnsGetProxyInformation
dnsapi.dll.DnsFreeProxyName
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.FreeMibTable
iphlpapi.dll.GetIfEntry2
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.ResolveIpNetEntry2
iphlpapi.dll.GetIpNetEntry2
shlwapi.dll.#260
rasapi32.dll.RasEnumEntriesW
rtutils.dll.TraceRegisterExA
rtutils.dll.TracePrintfExA
sechost.dll.ConvertSidToStringSidW
profapi.dll.#104
shlwapi.dll.PathCanonicalizeW
shlwapi.dll.PathRemoveFileSpecW
shlwapi.dll.PathFindFileNameW
sensapi.dll.IsNetworkAlive
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall2
rasapi32.dll.RasConnectionNotificationW
rasman.dll.RasPortClearStatistics
rasman.dll.RasBundleClearStatistics
rasman.dll.RasBundleClearStatisticsEx
rasman.dll.RasDeviceEnum
rasman.dll.RasDeviceGetInfo
rasman.dll.RasFreeBuffer
rasman.dll.RasGetBuffer
rasman.dll.RasGetInfo
rasman.dll.RasGetDialMachineEventContext
rasman.dll.RasSetDialMachineEventHandle
rasman.dll.RasGetNdiswanDriverCaps
rasman.dll.RasInitialize
rasman.dll.RasInitializeNoWait
rasman.dll.RasPortCancelReceive
rasman.dll.RasPortEnum
rasman.dll.RasPortGetInfo
rasman.dll.RasPortGetFramingEx
rasman.dll.RasPortGetStatistics
rasman.dll.RasBundleGetStatistics
rasman.dll.RasPortGetStatisticsEx
rasman.dll.RasBundleGetStatisticsEx
rasman.dll.RasPortReceive
rasman.dll.RasPortReceiveEx
rasman.dll.RasPortSend
rasman.dll.RasPortGetBundle
rasman.dll.RasGetDevConfig
rasman.dll.RasGetDevConfigEx
rasman.dll.RasSetDevConfig
rasman.dll.RasPortClose
rasman.dll.RasPortListen
rasman.dll.RasPortConnectComplete
rasman.dll.RasPortDisconnect
rasman.dll.RasRequestNotification
rasman.dll.RasPortEnumProtocols
rasman.dll.RasPortSetFraming
rasman.dll.RasPortSetFramingEx
rasman.dll.RasSetCachedCredentials
rasman.dll.RasGetDialParams
rasman.dll.RasSetDialParams
rasman.dll.RasCreateConnection
rasman.dll.RasDestroyConnection
rasman.dll.RasConnectionEnum
rasman.dll.RasAddConnectionPort
rasman.dll.RasEnumConnectionPorts
rasman.dll.RasGetConnectionParams
rasman.dll.RasSetConnectionParams
rasman.dll.RasGetConnectionUserData
rasman.dll.RasSetConnectionUserData
rasman.dll.RasGetPortUserData
rasman.dll.RasSetPortUserData
rasman.dll.RasAddNotification
rasman.dll.RasSignalNewConnection
rasman.dll.RasApplyPostConnectActions
rasman.dll.RasProtocolStop
rasman.dll.RasProtocolCallback
rasman.dll.RasProtocolChangePassword
rasman.dll.RasProtocolGetInfo
rasman.dll.RasProtocolRetry
rasman.dll.RasProtocolStart
rasman.dll.RasPortOpen
rasman.dll.RasAllocateRoute
rasman.dll.RasActivateRoute
rasman.dll.RasActivateRouteEx
rasman.dll.RasDeviceSetInfo
rasman.dll.RasDeviceSetInfoSafe
rasman.dll.RasDeviceConnect
rasman.dll.RasPortSetInfo
rasman.dll.RasSendProtocolResultToRasman
rasman.dll.RasSetEapInfo
rasman.dll.RasRpcConnect
rasman.dll.RasRpcDisconnect
rasman.dll.RasGetNumPortOpen
rasman.dll.RasRefConnection
rasman.dll.RasSetEapUIData
rasman.dll.RasGetEapUIData
rasman.dll.RasFindPrerequisiteEntry
rasman.dll.RasPortOpenEx
rasman.dll.RasLinkGetStatistics
rasman.dll.RasConnectionGetStatistics
rasman.dll.RasGetHportFromConnection
rasman.dll.RasRPCBind
rasman.dll.RasReferenceCustomCount
rasman.dll.RasGetHConnFromEntry
rasman.dll.RasGetDeviceName
rasman.dll.RasEnableIpSec
rasman.dll.RasSetTunnelEndPoints
rasman.dll.RasStartRasAutoIfRequired
rasman.dll.RasStartProtocolRenegotiation
rasman.dll.RasSendNotification
rasman.dll.RasGetDeviceNameW
rasman.dll.RasGetUnicodeDeviceName
rasman.dll.RasRpcGetVersion
rasman.dll.RasRpcPortEnum
rasman.dll.RasRpcDeviceEnum
rasman.dll.RasRpcGetDevConfig
rasman.dll.RasRpcPortGetInfo
rasman.dll.RasRpcGetInstalledProtocols
rasman.dll.RasRpcGetInstalledProtocolsEx
rasman.dll.RasRpcGetSystemDirectory
rasman.dll.RasRpcGetUserPreferences
rasman.dll.RasRpcDeleteEntry
rasman.dll.RasRpcEnumConnections
rasman.dll.RasRpcGetCountryInfo
rasman.dll.RasRpcGetErrorString
rasman.dll.RasRpcSetUserPreferences
rasman.dll.RasProtocolUpdateConnection
rasman.dll.RasAddNotificationEx
rasman.dll.RasRemoveNotificationEx
rasman.dll.RasGetNotificationEntry
rasman.dll.RasSignalMonitorThreadExit
rasman.dll.RasmanUninitialize
sechost.dll.OpenSCManagerA
sechost.dll.OpenServiceA
sechost.dll.QueryServiceStatus
sechost.dll.CloseServiceHandle
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
gdi32.dll.GdiIsMetaPrintDC
comctl32.dll.RegisterClassNameW
uxtheme.dll.OpenThemeData
uxtheme.dll.IsThemePartDefined
uxtheme.dll.GetThemeFont
uxtheme.dll.GetThemeColor
uxtheme.dll.GetThemeBool
imm32.dll.ImmGetContext
imm32.dll.ImmReleaseContext
imm32.dll.ImmAssociateContext
imm32.dll.ImmIsIME
gdi32.dll.GetTextExtentExPointWPri
sechost.dll.NotifyServiceStatusChangeA
uxtheme.dll.GetThemeMargins
uxtheme.dll.GetThemeInt
comctl32.dll.HIMAGELIST_QueryInterface
comctl32.dll.DrawShadowText
comctl32.dll.DrawSizeBox
comctl32.dll.DrawScrollBar
comctl32.dll.SizeBoxHwnd
comctl32.dll.ScrollBar_MouseMove
comctl32.dll.ScrollBar_Menu
comctl32.dll.HandleScrollCmd
comctl32.dll.DetachScrollBars
comctl32.dll.AttachScrollBars
comctl32.dll.CCSetScrollInfo
comctl32.dll.CCGetScrollInfo
comctl32.dll.CCEnableScrollBar
comctl32.dll.QuerySystemGestureStatus
uxtheme.dll.#49
uxtheme.dll.CloseThemeData
uxtheme.dll.SetWindowTheme
uxtheme.dll.EnableThemeDialogTexture
comctl32.dll.InitCommonControlsEx
uxtheme.dll.GetThemeTextMetrics
uxtheme.dll.GetThemeTextExtent
uxtheme.dll.GetThemeBackgroundExtent
kernel32.dll.OpenEventA
kernel32.dll.RtlMoveMemory
kernel32.dll.VirtualProtect
comctl32.dll.ImageList_Draw
msimg32.dll.TransparentBlt
msvcrt.dll.free
msvfw32.dll.DrawDibOpen
kernel32.dll.FlushInstructionCache
kernel32.dll.VirtualQuery
kernel32.dll.SizeofResource
comctl32.dll.ImageList_GetIcon
comctl32.dll.ImageList_GetImageInfo
comctl32.dll.ImageList_GetIconSize
gdi32.dll.SelectClipPath
gdi32.dll.GetPixel
gdi32.dll.CreatePatternBrush
gdi32.dll.CreateFontA
gdi32.dll.OffsetRgn
gdi32.dll.ExtCreateRegion
gdi32.dll.SetPixel
gdi32.dll.PtInRegion
gdi32.dll.CreateDIBSection
gdi32.dll.GetTextExtentPointA
gdi32.dll.ExtTextOutW
[email protected]@Z
msvcrt.dll.__CxxFrameHandler
[email protected]@Z
msvcrt.dll._ftol
msvcrt.dll._mbsstr
msvcrt.dll._mbscmp
msvcrt.dll.__dllonexit
msvcrt.dll.malloc
msvcrt.dll._initterm
msvcrt.dll._adjust_fdiv
msvcrt.dll._onexit
msvcrt.dll.memcpy
msvfw32.dll.DrawDibDraw
msvfw32.dll.DrawDibClose
user32.dll.EnumThreadWindows
user32.dll.EnumChildWindows
user32.dll.LockWindowUpdate
user32.dll.DrawStateA
user32.dll.GetWindowRgn
user32.dll.TrackPopupMenu
user32.dll.GetWindowInfo
user32.dll.MenuItemFromPoint
user32.dll.GetMenuItemRect
user32.dll.SetMenuItemInfoA
user32.dll.IsMenu
user32.dll.GetUpdateRect
user32.dll.ShowScrollBar
user32.dll.WindowFromDC
user32.dll.EnableScrollBar
user32.dll.GetScrollBarInfo
user32.dll.SetScrollInfo
user32.dll.GetScrollInfo
user32.dll.GetDCEx
user32.dll.GetWindowLongW
user32.dll.SetWindowLongW
user32.dll.GetMenuItemInfoA
user32.dll.GetComboBoxInfo
user32.dll.TrackMouseEvent
user32.dll.GetIconInfo
user32.dll.RegisterClassExA
user32.dll.UpdateLayeredWindow
user32.dll.SetLayeredWindowAttributes
dciman32.dll.DCIOpenProvider
dciman32.dll.DCICloseProvider
dciman32.dll.DCICreatePrimary
dciman32.dll.DCIEndAccess
dciman32.dll.DCIBeginAccess
dciman32.dll.DCIDestroy
ole32.dll.CoInitializeEx
advapi32.dll.RegDeleteTreeA
advapi32.dll.RegDeleteTreeW
napinsp.dll.NSPStartup
sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
pnrpnsp.dll.NSPStartup
mswsock.dll.NSPStartup
winrnr.dll.NSPStartup
ws2_32.dll.#112
ws2_32.dll.#111
dnsapi.dll.DnsApiAlloc
dnsapi.dll.DnsApiFree
ole32.dll.CoCreateInstance
ole32.dll.CoTaskMemAlloc
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.DllGetClassObject
oleaut32.dll.DllCanUnloadNow
advapi32.dll.RegOpenKeyW
ole32.dll.CoTaskMemFree
ole32.dll.StringFromIID
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
©2016 上海魔盾信息科技有限公司

Documentos relacionados

魔盾安全分析报告 文件详细信息 特征

魔盾安全分析报告 文件详细信息 特征 C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\ C:\Users\test\AppData\Roaming\Microsoft\Windows...

Leia mais

魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录

魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录 3eeecfea3772f8b91f6506175fdb11c85bf60da92b8d74d88e966ced4b7876bc66b94b09b49270ea9f6e9aebb266c59ef36dae3ce29efb17c14fc7125d6df62c

Leia mais

魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录

魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Leia mais

下载 - 魔盾安全分析

下载 - 魔盾安全分析 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1 ...

Leia mais

魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录

魔盾安全分析报告 URL信息 特征 运行截图 网络分析 访问主机记录 C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PAPBQ2GR\1020931287_DSC_0078[1].jpg C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content...

Leia mais