分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2021-04-08 22:55:37 2021-04-08 22:57:43 126 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 王卡助手20210310.exe
文件大小 4534272 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6907cec51859b238c2b0225dcea38765
SHA1 4eaec64ed91407053a0cb14d7a6d5fc6cfeebeba
SHA256 166b82cd380506e97d7de60bda5744c24216ae7812849b750ab2bbf278bd0b57
SHA512 fde5dd79363846a0c3ddc346337d6933bc3b4a85ee1a9163eea0bbfe3fa5a848840c919050e8fc51166869d9b89f630d4e70af664cea7b3956e433a6f6f87b40
CRC32 E199F0AB
Ssdeep 49152:nEzuCLMLhzoHMRkHsVfPkOQ1mxVFy42XFSBFjPBFjAu1qr6O0qr6OTqr6Obis:5nVfPkOQcjFxkORZRAu1qr67qr6Kqr6s
Yara
  • Looks for advapi API functions
  • Look for RijnDael AES
  • Detects a chinese hacktool with unknown use
  • Detect SMTP ability in RAW
  • Create or check mutex
  • Spotted potential abnormal behaviors, like logging and network communications
  • Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
  • Detected UPX. Commonly used by RAT!
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.iwzh.cn CNAME 557fff94dda76e14.cdn.jiashule.com
A 39.106.132.118
api.freeyun.net A 43.248.201.145
ss3.baidu.com CNAME sslbaidu.jomodns.com
A 180.163.198.33
acroipm.adobe.com CNAME a1983.dscd.akamai.net
CNAME acroipm.adobe.com.edgesuite.net
A 104.91.68.27
A 104.91.68.75

摘要

C:\Users\test\AppData\Local\Temp\kernel32.dll
C:\Users\test\AppData\Local\Temp\Kernel32.dll
C:\Users\test\AppData\Local\Temp\kernel32.DLL
C:\Users\test\AppData\Local\Temp\msvcrt.dll
C:\Users\test\AppData\Local\Temp\ntdll.dll
C:\Users\test\AppData\Local\Temp\?\xe9\x9d\xaa
C:\Users\test\AppData\Local\Temp\____________20210310.exe
C:\Users\test\AppData\Local\Temp\Psapi.dll
C:\Users\test\AppData\Local\Temp\ole32.dll
C:\Users\test\AppData\Local\Temp\Winhttp.dll
C:\Windows\SysWOW64\stdole2.tlb
C:\Program Files (x86)\Common Files\System\ado\msado15.dll
C:\Users\test\AppData\Local\Temp\iphlpapi.dll
\??\PhysicalDrive0
C:\Users\test\AppData\Local\Temp\ntdll.DLL
C:\Windows\Fonts\staticcache.dat
C:\Windows\System32\tzres.dll
C:\Users\test\AppData\Local\Temp\advapi32.dll
C:\Windows\System32\p2pcollab.dll
C:\Windows\System32\qagentrt.dll
C:\Windows\System32\dnsapi.dll
C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Users\test\AppData\Local\Temp\config.conf
C:\Windows\SysWOW64\msscript.ocx
C:\Windows\System32\winhttp.dll
C:\Users\test\AppData\Local\Temp\\xe9\x85\x8d\xe7\xbd\xae.ini
C:\
C:\Users\test\AppData\Local\Temp\*.dat
C:\Users\test\AppData\Local\Temp\pid_2464.dat
C:\Users\test\AppData\Local\Temp\shlwapi.dll
C:\Users\test\Documents\
C:\Windows\winhlp32.exe
C:\Users\test\AppData\Local\Temp\user32.DLL
C:\Users\test\AppData\Local\Temp\oleaut32.dll
C:\Users\test\AppData\Local\Temp\\xe8\xbd\xaf\xe4\xbb\xb6\xe6\x97\xa5\xe5\xbf\x97
C:\Users\test\AppData\Local\Temp\\xe8\xbd\xaf\xe4\xbb\xb6\xe6\x97\xa5\xe5\xbf\x97\[ 12-10 \xe4\xb8\x8a\xe5\x8d\x88]Lizhi.20201210072307.Log
C:\Users\test\AppData\Local\Temp\?\xe9\x9d\xaa
C:\Users\test\AppData\Local\Temp\____________20210310.exe
C:\Windows\SysWOW64\stdole2.tlb
C:\Program Files (x86)\Common Files\System\ado\msado15.dll
C:\Windows\Fonts\staticcache.dat
C:\Windows\System32\tzres.dll
C:\Users\test\AppData\Local\Temp\config.conf
C:\Windows\SysWOW64\msscript.ocx
C:\Windows\System32\winhttp.dll
C:\Users\test\AppData\Local\Temp\pid_2464.dat
C:\Windows\winhlp32.exe
C:\Users\test\AppData\Local\Temp\\xe9\x85\x8d\xe7\xbd\xae.ini
C:\Users\test\AppData\Local\Temp\____________20210310.exe
C:\Users\test\AppData\Local\Temp\pid_2464.dat
C:\Users\test\AppData\Local\Temp\config.conf
C:\Users\test\AppData\Local\Temp\\xe8\xbd\xaf\xe4\xbb\xb6\xe6\x97\xa5\xe5\xbf\x97\[ 12-10 \xe4\xb8\x8a\xe5\x8d\x88]Lizhi.20201210072307.Log
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_CURRENT_USER\Software\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4b\AAF68885
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Keys
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\475BA6DA2AFD5AE3ADAE78A261CA0E3E548B9532
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\475BA6DA2AFD5AE3ADAE78A261CA0E3E548B9532\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\039EEDB80BE7A03C6953893B20D2D9323A4C2AFD
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\039EEDB80BE7A03C6953893B20D2D9323A4C2AFD\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\03A5B14663EB12023091B84A6D6A68BC871DE66B
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\03A5B14663EB12023091B84A6D6A68BC871DE66B\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\58E8ABB0361533FB80F79B1B6D29D3FF8D5F00F0
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\58E8ABB0361533FB80F79B1B6D29D3FF8D5F00F0\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\9F744E9F2B4DBAEC0F312C50B6563B8E2D93C311
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\9F744E9F2B4DBAEC0F312C50B6563B8E2D93C311\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\D69B561148F01C77C54578C10926DF5B856976AD
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7217F919843199C958C128449DD52D2723B0A8A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7217F919843199C958C128449DD52D2723B0A8A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D85213E038F309D02A40917B59E142368AE6B1C0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D85213E038F309D02A40917B59E142368AE6B1C0\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DBB84423C928ABE889D0E368FC3191D151DDB1AB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DBB84423C928ABE889D0E368FC3191D151DDB1AB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllVerifyEncodedSignature
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllVerifyEncodedSignature
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllImportPublicKeyInfoEx2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllImportPublicKeyInfoEx2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyCertificateChainPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyCertificateChainPolicy
HKEY_CURRENT_USER\Software\Classes\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}\1.0\0\win32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings\JITDebug
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\\xe5\xae\x8b\xe4\xbd\x93
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\\xe7\xad\x89\xe7\xba\xbf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\____________20210310.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\475BA6DA2AFD5AE3ADAE78A261CA0E3E548B9532\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\039EEDB80BE7A03C6953893B20D2D9323A4C2AFD\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\03A5B14663EB12023091B84A6D6A68BC871DE66B\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\58E8ABB0361533FB80F79B1B6D29D3FF8D5F00F0\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\9F744E9F2B4DBAEC0F312C50B6563B8E2D93C311\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7217F919843199C958C128449DD52D2723B0A8A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D85213E038F309D02A40917B59E142368AE6B1C0\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DBB84423C928ABE889D0E368FC3191D151DDB1AB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}\1.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings\JITDebug
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\\xe5\xae\x8b\xe4\xbd\x93
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\\xe7\xad\x89\xe7\xba\xbf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\LanguageList
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
kernel32.dll.IsProcessorFeaturePresent
cryptbase.dll.SystemFunction036
kernel32.dll.GetProcessHeap
kernel32.dll.HeapAlloc
kernel32.dll.InitializeCriticalSection
msvcrt.dll.time
ntdll.dll.NtQuerySystemTime
kernel32.dll.VirtualAlloc
kernel32.dll.RtlMoveMemory
kernel32.dll.lstrcpynA
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.VirtualProtect
kernel32.dll.VirtualFree
comctl32.dll.ImageList_Draw
gdi32.dll.BitBlt
msimg32.dll.TransparentBlt
msvcrt.dll.free
msvfw32.dll.DrawDibOpen
user32.dll.GetDC
kernel32.dll.MulDiv
kernel32.dll.FlushInstructionCache
kernel32.dll.GetCurrentProcess
kernel32.dll.GetTickCount
kernel32.dll.VirtualQuery
kernel32.dll.SetFilePointer
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalLock
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalReAlloc
kernel32.dll.GlobalFree
kernel32.dll.FindResourceA
kernel32.dll.LoadResource
kernel32.dll.LockResource
kernel32.dll.SizeofResource
kernel32.dll.FreeLibrary
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetModuleHandleA
kernel32.dll.GetVersion
kernel32.dll.GetCurrentThreadId
kernel32.dll.CreateFileA
kernel32.dll.GetFileSize
kernel32.dll.CloseHandle
kernel32.dll.ReadFile
kernel32.dll.SetLastError
comctl32.dll.ImageList_GetIcon
comctl32.dll.ImageList_GetImageInfo
comctl32.dll.ImageList_GetIconSize
gdi32.dll.SetWindowExtEx
gdi32.dll.SetWindowOrgEx
gdi32.dll.SetMapMode
gdi32.dll.SelectClipPath
gdi32.dll.EndPath
gdi32.dll.BeginPath
gdi32.dll.TextOutA
gdi32.dll.GetClipRgn
gdi32.dll.GetPixel
gdi32.dll.CreatePatternBrush
gdi32.dll.CreateFontIndirectA
gdi32.dll.SetViewportOrgEx
gdi32.dll.GetStockObject
gdi32.dll.GetTextExtentPoint32A
gdi32.dll.CreateRoundRectRgn
gdi32.dll.CreateFontA
gdi32.dll.SetViewportExtEx
gdi32.dll.SelectClipRgn
gdi32.dll.SelectObject
gdi32.dll.CreateCompatibleDC
gdi32.dll.DeleteDC
gdi32.dll.OffsetRgn
gdi32.dll.CombineRgn
gdi32.dll.CreateRectRgn
gdi32.dll.CreatePen
gdi32.dll.ExtCreateRegion
gdi32.dll.DeleteObject
gdi32.dll.Rectangle
gdi32.dll.SetPixel
gdi32.dll.PtInRegion
gdi32.dll.SetTextColor
gdi32.dll.SetBkMode
gdi32.dll.PatBlt
gdi32.dll.CreateDIBSection
gdi32.dll.GetObjectA
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.GetTextExtentPointA
gdi32.dll.ExtTextOutA
gdi32.dll.ExtTextOutW
gdi32.dll.SetBkColor
gdi32.dll.GetTextColor
gdi32.dll.CreateSolidBrush
msvcrt.dll.??3@YAXPAX@Z
msvcrt.dll.__CxxFrameHandler
msvcrt.dll.??2@YAPAXI@Z
msvcrt.dll._ftol
msvcrt.dll._mbsstr
msvcrt.dll._mbscmp
msvcrt.dll.__dllonexit
msvcrt.dll.malloc
msvcrt.dll._initterm
msvcrt.dll._adjust_fdiv
msvcrt.dll._onexit
msvcrt.dll.memcpy
msvfw32.dll.DrawDibDraw
msvfw32.dll.DrawDibClose
user32.dll.SetWindowsHookExA
user32.dll.UnhookWindowsHookEx
user32.dll.CallNextHookEx
user32.dll.GetClassNameA
user32.dll.IsWindow
user32.dll.EnumThreadWindows
user32.dll.EnumChildWindows
user32.dll.LockWindowUpdate
user32.dll.DestroyIcon
user32.dll.DrawStateA
user32.dll.ShowWindow
user32.dll.GetMenuItemID
user32.dll.GetWindowRgn
user32.dll.SetMenu
user32.dll.GetMenu
user32.dll.GetSubMenu
user32.dll.TrackPopupMenu
user32.dll.CreateWindowExA
user32.dll.DestroyWindow
user32.dll.GetWindowInfo
user32.dll.SetWindowPos
user32.dll.GetClassLongA
user32.dll.ScreenToClient
user32.dll.SystemParametersInfoA
user32.dll.GetSystemMetrics
user32.dll.MenuItemFromPoint
user32.dll.GetMenuItemRect
user32.dll.GetMenuItemCount
user32.dll.SetMenuItemInfoA
user32.dll.IsMenu
user32.dll.GetUpdateRect
user32.dll.EqualRect
user32.dll.ShowScrollBar
user32.dll.SetWindowRgn
user32.dll.WindowFromDC
user32.dll.MoveWindow
user32.dll.GetSysColor
user32.dll.EnableScrollBar
user32.dll.GetScrollBarInfo
user32.dll.GetCapture
user32.dll.SetScrollPos
user32.dll.SetScrollInfo
user32.dll.GetScrollRange
user32.dll.GetScrollPos
user32.dll.GetScrollInfo
user32.dll.ReleaseDC
user32.dll.GetWindowDC
user32.dll.GetDCEx
user32.dll.EndPaint
user32.dll.BeginPaint
user32.dll.GetWindowLongW
user32.dll.SetWindowLongW
user32.dll.SetWindowLongA
user32.dll.ClientToScreen
user32.dll.FindWindowExA
user32.dll.GetMenuItemInfoA
user32.dll.GetParent
user32.dll.GetComboBoxInfo
user32.dll.TrackMouseEvent
user32.dll.GetIconInfo
user32.dll.GetClientRect
user32.dll.GetFocus
user32.dll.InflateRect
user32.dll.InvalidateRect
user32.dll.SetPropA
user32.dll.RemovePropA
user32.dll.CallWindowProcA
user32.dll.GetPropA
user32.dll.SetTimer
user32.dll.OffsetRect
user32.dll.KillTimer
user32.dll.EnableWindow
user32.dll.GetWindowLongA
user32.dll.SetRectEmpty
user32.dll.DrawIconEx
user32.dll.GetWindowTextA
user32.dll.DrawTextA
user32.dll.IsRectEmpty
user32.dll.IsIconic
user32.dll.IsZoomed
user32.dll.GetSystemMenu
user32.dll.GetMenuState
user32.dll.ReleaseCapture
user32.dll.GetMessageA
user32.dll.SetScrollRange
user32.dll.DispatchMessageA
user32.dll.SetRect
user32.dll.IsWindowVisible
user32.dll.RegisterClassExA
user32.dll.DefWindowProcA
user32.dll.IsWindowEnabled
user32.dll.SendMessageA
user32.dll.GetCursorPos
user32.dll.LoadCursorA
user32.dll.SetCursor
user32.dll.GetWindowRect
user32.dll.PtInRect
user32.dll.SetCapture
user32.dll.UpdateLayeredWindow
user32.dll.SetLayeredWindowAttributes
dciman32.dll.DCIOpenProvider
dciman32.dll.DCICloseProvider
dciman32.dll.DCICreatePrimary
dciman32.dll.DCIEndAccess
dciman32.dll.DCIBeginAccess
dciman32.dll.DCIDestroy
kernel32.dll.GetCurrentProcessId
psapi.dll.GetModuleFileNameExA
ole32.dll.CoInitialize
winhttp.dll.WinHttpCheckPlatform
kernel32.dll.MultiByteToWideChar
ntdll.dll.RtlMoveMemory
kernel32.dll.HeapFree
winhttp.dll.WinHttpCrackUrl
shlwapi.dll.StrCmpNW
kernel32.dll.lstrlenW
kernel32.dll.WideCharToMultiByte
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpSetTimeouts
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpAddRequestHeaders
shlwapi.dll.#153
winhttp.dll.WinHttpSendRequest
ws2_32.dll.GetAddrInfoW
ws2_32.dll.WSASocketW
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.WSAIoctl
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
ws2_32.dll.WSARecv
ws2_32.dll.WSASend
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpQueryDataAvailable
winhttp.dll.WinHttpReadData
winhttp.dll.WinHttpQueryHeaders
ole32.dll.CoUninitialize
winhttp.dll.WinHttpCloseHandle
rpcrt4.dll.RpcBindingFree
iphlpapi.dll.GetAdaptersAddresses
kernel32.dll.HeapReAlloc
kernel32.dll.GlobalSize
kernel32.dll.DeviceIoControl
ntdll.dll.RtlGetNtVersionNumbers
comctl32.dll.RegisterClassNameW
uxtheme.dll.OpenThemeData
imm32.dll.ImmIsIME
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
uxtheme.dll.EnableThemeDialogTexture
comctl32.dll.InitCommonControlsEx
gdi32.dll.GetTextExtentExPointWPri
kernel32.dll.GetLocalTime
advapi32.dll.CryptAcquireContextA
cryptsp.dll.CryptAcquireContextA
advapi32.dll.CryptHashData
cryptsp.dll.CryptHashData
advapi32.dll.CryptCreateHash
cryptsp.dll.CryptCreateHash
advapi32.dll.CryptGetHashParam
cryptsp.dll.CryptGetHashParam
advapi32.dll.CryptDestroyHash
cryptsp.dll.CryptDestroyHash
advapi32.dll.CryptReleaseContext
cryptsp.dll.CryptReleaseContext
kernel32.dll.SetHandleCount
schannel.dll.SpUserModeInitialize
advapi32.dll.RegCreateKeyExW
secur32.dll.FreeContextBuffer
ncrypt.dll.SslOpenProvider
ncrypt.dll.GetSChannelInterface
bcryptprimitives.dll.GetHashInterface
ncrypt.dll.SslIncrementProviderReferenceCount
ncrypt.dll.SslImportKey
bcryptprimitives.dll.GetCipherInterface
ncrypt.dll.SslLookupCipherSuiteInfo
user32.dll.LoadStringW
ncrypt.dll.BCryptOpenAlgorithmProvider
ncrypt.dll.BCryptGetProperty
ncrypt.dll.BCryptCreateHash
ncrypt.dll.BCryptHashData
ncrypt.dll.BCryptFinishHash
ncrypt.dll.BCryptDestroyHash
crypt32.dll.CertGetCertificateChain
userenv.dll.GetUserProfileDirectoryW
sechost.dll.ConvertSidToStringSidW
sechost.dll.ConvertStringSidToSidW
userenv.dll.RegisterGPNotification
gpapi.dll.RegisterGPNotificationInternal
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.CloseServiceHandle
sechost.dll.QueryServiceConfigW
cryptsp.dll.CryptVerifySignatureA
cryptsp.dll.CryptDestroyKey
bcryptprimitives.dll.GetAsymmetricEncryptionInterface
ncrypt.dll.BCryptImportKeyPair
ncrypt.dll.BCryptVerifySignature
ncrypt.dll.BCryptDestroyKey
crypt32.dll.CertVerifyCertificateChainPolicy
crypt32.dll.CertFreeCertificateChain
crypt32.dll.CertDuplicateCertificateContext
ncrypt.dll.SslEncryptPacket
ncrypt.dll.SslDecryptPacket
ws2_32.dll.#22
crypt32.dll.CertFreeCertificateContext
ncrypt.dll.SslDecrementProviderReferenceCount
ncrypt.dll.SslFreeObject
ws2_32.dll.#3
ole32.dll.CoGetObjectContext
ole32.dll.CoCreateInstance
advapi32.dll.RegCreateKeyA
oleaut32.dll.#161
oleaut32.dll.#8
oleaut32.dll.#28
oleaut32.dll.#9
oleaut32.dll.#12
oleaut32.dll.#4
oleaut32.dll.#6
oleaut32.dll.#2
ole32.dll.CreateStreamOnHGlobal
ole32.dll.GetHGlobalFromStream
oleaut32.dll.#411
oleaut32.dll.#23
oleaut32.dll.#24
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Module32First
kernel32.dll.OpenFile
kernel32.dll.EnterCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.WriteFile
rasapi32.dll.RasConnectionNotificationW
sechost.dll.NotifyServiceStatusChangeA
shlwapi.dll.PathIsDirectoryA
uxtheme.dll.SetWindowTheme
urlmon.dll.#414
kernel32.dll.lstrcpyn
ole32.dll.CoInitializeEx
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
gdi32.dll.GdiIsMetaPrintDC
kernel32.dll.CreateWaitableTimerA
kernel32.dll.SetWaitableTimer
user32.dll.MsgWaitForMultipleObjects
user32.dll.GetInputState
kernel32.dll.CreateThread
oleaut32.dll.#500
kernel32.dll.GetLocaleInfoA
oleaut32.dll.VariantTimeToSystemTime
kernel32.dll.GetDateFormatA
kernel32.dll.GetTimeFormatA
kernel32.dll.InterlockedCompareExchange
kernel32.dll.InterlockedExchange
msvcrt.dll.localtime
msvcrt.dll._snprintf
msvcrt.dll._open
msvcrt.dll._filelengthi64
msvcrt.dll._write
kernel32.dll.InterlockedExchangeAdd
gdi32.dll.GetFontAssocStatus
ws2_32.dll.#116
Local\MSCTF.Asm.MutexDefault1

PE 信息

初始地址 0x00400000
入口地址 0x005b8fa0
声明校验值 0x00000000
实际校验值 0x004542de
最低操作系统版本要求 4.0
编译时间 2021-03-10 17:18:19
载入哈希 6f57a1bd79769bacc80f4df1abb834b9
图标
图标精确哈希值 1bca88d3f61fc22108bfeca5dc5a84cd
图标相似性哈希值 d2a275ade2a7e584a484dd6146324137

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x001e73d5 0x001e8000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.41
.rdata 0x001e9000 0x0023b46a 0x0023c000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.51
.data 0x00425000 0x000a74d6 0x00025000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.53
.rsrc 0x004cd000 0x00008ef8 0x00009000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.62

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x004cdfac 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x004cdfac 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x004cdfac 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
WAVE 0x004ce100 0x00001448 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.35 RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
RT_CURSOR 0x004cfe68 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x004cfe68 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x004cfe68 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x004cfe68 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x004cfe68 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x004cfe68 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x004cfe68 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x004cfe68 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x004cfe68 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004d2760 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x004d2cb4 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL 5.05 dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
RT_ICON 0x004d2cb4 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL 5.05 dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
RT_ICON 0x004d2cb4 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL 5.05 dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
RT_MENU 0x004d3d68 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x004d3d68 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x004d4fb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x004d4fb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x004d4fb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x004d4fb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x004d4fb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x004d4fb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x004d4fb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x004d4fb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x004d4fb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x004d4fb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x004d59f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x004d59f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x004d59f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x004d59f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x004d59f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x004d59f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x004d59f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x004d59f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x004d59f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x004d59f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x004d59f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x004d5aa8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x004d5aa8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x004d5aa8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x004d5aa8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x004d5aa8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x004d5aa8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x004d5aa8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x004d5aa8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x004d5af4 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x004d5af4 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x004d5af4 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x004d5b08 0x00000220 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.38 data
RT_MANIFEST 0x004d5d28 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: MSVFW32.dll:
0x5e9454 DrawDibDraw
库: AVIFIL32.dll:
0x5e9018 AVIStreamGetFrame
0x5e901c AVIStreamInfoA
库: WINMM.dll:
0x5e97f0 midiStreamRestart
0x5e97f4 midiStreamClose
0x5e97f8 midiOutReset
0x5e97fc midiStreamStop
0x5e9800 midiStreamOut
0x5e9808 midiStreamProperty
0x5e980c midiStreamOpen
0x5e9814 waveOutOpen
0x5e9818 waveOutGetNumDevs
0x5e981c waveOutClose
0x5e9820 waveOutReset
0x5e9824 waveOutPause
0x5e9828 waveOutWrite
0x5e9834 PlaySoundA
0x5e9838 mciSendStringA
0x5e983c mciSendCommandA
0x5e9840 waveOutRestart
库: WS2_32.dll:
0x5e9860 socket
0x5e9864 setsockopt
0x5e9868 recvfrom
0x5e986c ioctlsocket
0x5e9870 connect
0x5e9874 htons
0x5e9878 WSAAsyncSelect
0x5e987c closesocket
0x5e9880 send
0x5e9884 select
0x5e9888 WSACleanup
0x5e988c ntohl
0x5e9890 WSASetLastError
0x5e9894 accept
0x5e9898 getpeername
0x5e989c recv
0x5e98a0 inet_addr
0x5e98a4 inet_ntoa
0x5e98a8 gethostbyname
0x5e98ac WSAStartup
0x5e98b0 gethostname
库: RPCRT4.dll:
0x5e94d8 RpcStringFreeA
0x5e94dc UuidToStringA
库: RASAPI32.dll:
0x5e94cc RasHangUpA
库: KERNEL32.dll:
0x5e9204 ReleaseSemaphore
0x5e9208 ResumeThread
0x5e920c CreateSemaphoreA
0x5e9210 SetFilePointer
0x5e9214 GetFileSize
0x5e9218 GetCurrentProcess
0x5e921c TerminateProcess
0x5e9224 LoadLibraryExA
0x5e9228 GetSystemDirectoryA
0x5e922c MultiByteToWideChar
0x5e9230 SetLastError
0x5e9238 GetVersion
0x5e923c Beep
0x5e9240 GetTempFileNameA
0x5e924c lstrcmpiA
0x5e9250 TerminateThread
0x5e9258 WideCharToMultiByte
0x5e925c CreateMutexA
0x5e9260 ReleaseMutex
0x5e9264 SuspendThread
0x5e9268 LocalFree
0x5e926c FormatMessageA
0x5e9274 lstrcpynA
0x5e9278 DuplicateHandle
0x5e927c FlushFileBuffers
0x5e9280 LockFile
0x5e9284 UnlockFile
0x5e9288 SetEndOfFile
0x5e928c GetThreadLocale
0x5e9290 GlobalDeleteAtom
0x5e9294 GlobalFindAtomA
0x5e9298 GlobalAddAtomA
0x5e929c GlobalGetAtomNameA
0x5e92a0 lstrcmpA
0x5e92a4 LocalAlloc
0x5e92a8 TlsAlloc
0x5e92ac GlobalHandle
0x5e92b0 TlsFree
0x5e92b4 TlsSetValue
0x5e92b8 LocalReAlloc
0x5e92bc TlsGetValue
0x5e92c0 GetFileTime
0x5e92c4 GetCurrentThread
0x5e92c8 GlobalFlags
0x5e92cc SetErrorMode
0x5e92d0 GetProcessVersion
0x5e92d4 GetCPInfo
0x5e92d8 GetOEMCP
0x5e92dc GetStartupInfoA
0x5e92e0 RtlUnwind
0x5e92e4 GetSystemTime
0x5e92e8 GetLocalTime
0x5e92ec RaiseException
0x5e92f0 HeapSize
0x5e92f4 GetACP
0x5e92f8 SetStdHandle
0x5e92fc GetFileType
0x5e9314 SetHandleCount
0x5e9318 GetStdHandle
0x5e9320 HeapDestroy
0x5e9324 HeapCreate
0x5e9328 VirtualFree
0x5e9330 LCMapStringA
0x5e9334 LCMapStringW
0x5e9338 VirtualAlloc
0x5e933c IsBadWritePtr
0x5e9344 GetStringTypeA
0x5e9348 GetStringTypeW
0x5e934c CompareStringA
0x5e9350 CompareStringW
0x5e9354 IsBadReadPtr
0x5e9358 IsBadCodePtr
0x5e935c WriteFile
0x5e9364 CreateFileA
0x5e9368 SetEvent
0x5e936c FindResourceA
0x5e9370 LoadResource
0x5e9374 LockResource
0x5e9378 ReadFile
0x5e937c lstrlenW
0x5e9380 GetModuleFileNameA
0x5e9384 GetCurrentThreadId
0x5e9388 ExitProcess
0x5e938c GlobalSize
0x5e9390 GlobalFree
0x5e939c lstrcatA
0x5e93a0 lstrlenA
0x5e93a4 WinExec
0x5e93a8 lstrcpyA
0x5e93ac FindNextFileA
0x5e93b0 GlobalReAlloc
0x5e93b4 HeapFree
0x5e93b8 HeapReAlloc
0x5e93bc GetProcessHeap
0x5e93c0 HeapAlloc
0x5e93c4 GetUserDefaultLCID
0x5e93c8 GetFullPathNameA
0x5e93cc FreeLibrary
0x5e93d0 LoadLibraryA
0x5e93d4 GetLastError
0x5e93d8 GetVersionExA
0x5e93e4 CreateThread
0x5e93e8 CreateEventA
0x5e93ec Sleep
0x5e93f0 GlobalAlloc
0x5e93f4 GlobalLock
0x5e93f8 GlobalUnlock
0x5e93fc GetTempPathA
0x5e9400 FindFirstFileA
0x5e9404 FindClose
0x5e9408 SetFileAttributesA
0x5e940c GetFileAttributesA
0x5e9410 DeleteFileA
0x5e9414 CreateDirectoryA
0x5e9420 GetModuleHandleA
0x5e9424 GetProcAddress
0x5e9428 MulDiv
0x5e942c GetCommandLineA
0x5e9430 GetTickCount
0x5e9434 CreateProcessA
0x5e9438 WaitForSingleObject
0x5e943c CloseHandle
0x5e9440 InterlockedExchange
0x5e9444 GetProfileStringA
库: USER32.dll:
0x5e9500 AdjustWindowRectEx
0x5e9504 MapWindowPoints
0x5e9508 SendDlgItemMessageA
0x5e950c ScrollWindowEx
0x5e9510 IsDialogMessageA
0x5e9514 CheckMenuItem
0x5e9518 SetMenuItemBitmaps
0x5e9520 CharNextA
0x5e9528 MapDialogRect
0x5e952c GetSysColorBrush
0x5e9530 GetNextDlgGroupItem
0x5e9534 PostThreadMessageA
0x5e9538 GetPropA
0x5e953c MoveWindow
0x5e9540 CallWindowProcA
0x5e9544 SetPropA
0x5e9548 DrawTextA
0x5e954c GetCursor
0x5e9550 CreateIconIndirect
0x5e9554 GetIconInfo
0x5e9558 CopyIcon
0x5e955c LoadStringA
0x5e9560 SetWindowTextA
0x5e9564 UnhookWindowsHookEx
0x5e9568 SetWindowsHookExA
0x5e956c CallNextHookEx
0x5e9570 GetMenuItemCount
0x5e9574 GetMenuItemID
0x5e9578 GetMenuState
0x5e957c GetWindowTextA
0x5e9580 FindWindowExA
0x5e9584 GetDlgItem
0x5e9588 GetClassNameA
0x5e958c GetDesktopWindow
0x5e9594 DrawStateA
0x5e9598 FrameRect
0x5e959c GetNextDlgTabItem
0x5e95a0 LoadIconA
0x5e95a4 TranslateMessage
0x5e95a8 DrawFrameControl
0x5e95ac DrawEdge
0x5e95b0 DrawFocusRect
0x5e95b4 WindowFromPoint
0x5e95b8 GetMessageA
0x5e95bc DispatchMessageA
0x5e95c0 SetRectEmpty
0x5e95d0 DrawIconEx
0x5e95d4 CreatePopupMenu
0x5e95d8 AppendMenuA
0x5e95dc RegisterClassA
0x5e95e4 GetDlgCtrlID
0x5e95e8 GetSubMenu
0x5e95ec RegisterHotKey
0x5e95f0 ClientToScreen
0x5e95f8 LoadImageA
0x5e9600 ShowWindow
0x5e9604 IsWindowEnabled
0x5e960c GetKeyState
0x5e9614 PostQuitMessage
0x5e9618 IsZoomed
0x5e961c GetClassInfoA
0x5e9620 DefWindowProcA
0x5e9624 GetSystemMenu
0x5e9628 DeleteMenu
0x5e962c GetMenu
0x5e9630 SetMenu
0x5e9634 PeekMessageA
0x5e9638 IsIconic
0x5e963c SetFocus
0x5e9640 GetActiveWindow
0x5e9644 GetWindow
0x5e964c SetWindowRgn
0x5e9650 GetMessagePos
0x5e9654 ScreenToClient
0x5e965c CopyRect
0x5e9660 LoadBitmapA
0x5e9664 WinHelpA
0x5e9668 KillTimer
0x5e966c SetTimer
0x5e9670 ReleaseCapture
0x5e9674 GetCapture
0x5e9678 SetCapture
0x5e967c GetScrollRange
0x5e9680 SetScrollRange
0x5e9684 SetScrollPos
0x5e9688 SetRect
0x5e968c InflateRect
0x5e9690 IntersectRect
0x5e9694 DestroyIcon
0x5e9698 PtInRect
0x5e969c OffsetRect
0x5e96a0 IsWindowVisible
0x5e96a4 EnableWindow
0x5e96a8 RedrawWindow
0x5e96ac GetWindowLongA
0x5e96b0 SetWindowLongA
0x5e96b4 GetSysColor
0x5e96b8 SetActiveWindow
0x5e96bc SetCursorPos
0x5e96c0 LoadCursorA
0x5e96c4 SetCursor
0x5e96c8 GetDC
0x5e96cc FillRect
0x5e96d0 IsRectEmpty
0x5e96d4 ReleaseDC
0x5e96d8 IsChild
0x5e96dc TrackPopupMenu
0x5e96e0 DestroyMenu
0x5e96e4 SetForegroundWindow
0x5e96e8 GetWindowRect
0x5e96ec EqualRect
0x5e96f0 UpdateWindow
0x5e96f4 ValidateRect
0x5e96f8 InvalidateRect
0x5e96fc GetClientRect
0x5e9700 GetFocus
0x5e9704 GetParent
0x5e9708 GetTopWindow
0x5e970c PostMessageA
0x5e9710 IsWindow
0x5e9714 SetParent
0x5e9718 DestroyCursor
0x5e971c SendMessageA
0x5e9720 SetWindowPos
0x5e9724 MessageBeep
0x5e9728 MessageBoxA
0x5e972c GetCursorPos
0x5e9730 GetSystemMetrics
0x5e9734 UnregisterClassA
0x5e9738 ModifyMenuA
0x5e973c GetScrollPos
0x5e9740 GetClassLongA
0x5e9744 RemovePropA
0x5e9748 GetMessageTime
0x5e974c GetLastActivePopup
0x5e9754 GetWindowPlacement
0x5e9758 EndDialog
0x5e9760 DestroyWindow
0x5e9764 EndPaint
0x5e9768 BeginPaint
0x5e976c CharUpperA
0x5e9774 CreateMenu
0x5e9778 UnregisterHotKey
0x5e977c EmptyClipboard
0x5e9780 SetClipboardData
0x5e9784 OpenClipboard
0x5e9788 GetClipboardData
0x5e978c CloseClipboard
0x5e9790 wsprintfA
0x5e9794 WaitForInputIdle
0x5e9798 CreateWindowExA
0x5e979c GetForegroundWindow
0x5e97a0 GetMenuStringA
0x5e97a8 GrayStringA
0x5e97ac TabbedTextOutA
0x5e97b0 WindowFromDC
0x5e97b4 EnumChildWindows
0x5e97b8 EnableMenuItem
0x5e97bc GetWindowDC
库: GDI32.dll:
0x5e9078 CombineRgn
0x5e907c PatBlt
0x5e9080 CreatePen
0x5e9084 SelectObject
0x5e9088 CreatePatternBrush
0x5e908c CreateBitmap
0x5e9090 CreateBrushIndirect
0x5e9094 CreateDCA
0x5e909c GetPolyFillMode
0x5e90a0 GetStretchBltMode
0x5e90a4 GetROP2
0x5e90a8 GetBkColor
0x5e90ac GetBkMode
0x5e90b0 GetTextColor
0x5e90b4 CreateRoundRectRgn
0x5e90b8 CreateEllipticRgn
0x5e90bc PathToRegion
0x5e90c0 EndPath
0x5e90c4 BeginPath
0x5e90c8 GetWindowOrgEx
0x5e90cc GetViewportOrgEx
0x5e90d0 GetWindowExtEx
0x5e90d4 GetDIBits
0x5e90d8 RealizePalette
0x5e90dc SelectPalette
0x5e90e0 StretchBlt
0x5e90e4 CreatePalette
0x5e90ec CreateRectRgn
0x5e90f0 FillRgn
0x5e90f4 CreateSolidBrush
0x5e90fc Ellipse
0x5e9100 Rectangle
0x5e9104 LPtoDP
0x5e9108 DPtoLP
0x5e910c GetCurrentObject
0x5e9110 RoundRect
0x5e9114 CreateDIBSection
0x5e9118 SetPixel
0x5e911c ExtCreateRegion
0x5e9120 SetStretchBltMode
0x5e9124 GetClipRgn
0x5e9128 CreatePolygonRgn
0x5e912c CreateFontIndirectA
0x5e9130 GetStockObject
0x5e9134 GetObjectA
0x5e9138 EndPage
0x5e913c EndDoc
0x5e9140 DeleteDC
0x5e9144 SetBkColor
0x5e9148 TextOutA
0x5e914c SetBkMode
0x5e9150 SetTextColor
0x5e9154 SetDIBitsToDevice
0x5e9158 CreateFontA
0x5e915c FrameRgn
0x5e9160 OffsetRgn
0x5e9164 GetTextMetricsA
0x5e9168 LineTo
0x5e916c MoveToEx
0x5e9170 SetWindowOrgEx
0x5e9174 SaveDC
0x5e9178 RestoreDC
0x5e917c CreatePenIndirect
0x5e9180 PtVisible
0x5e9184 RectVisible
0x5e9188 ExtTextOutA
0x5e918c Escape
0x5e9194 SetPolyFillMode
0x5e9198 SetROP2
0x5e919c SetMapMode
0x5e91a0 SetViewportOrgEx
0x5e91a4 OffsetViewportOrgEx
0x5e91a8 SetViewportExtEx
0x5e91ac ScaleViewportExtEx
0x5e91b0 SetWindowExtEx
0x5e91b4 ScaleWindowExtEx
0x5e91b8 GetClipBox
0x5e91bc ExcludeClipRect
0x5e91c0 ExtSelectClipRgn
0x5e91c4 GetViewportExtEx
0x5e91c8 GetMapMode
0x5e91cc DeleteObject
0x5e91d0 CreateDIBitmap
0x5e91d4 StartDocA
0x5e91d8 StartPage
0x5e91dc BitBlt
0x5e91e0 GetPixel
0x5e91e8 CreateCompatibleDC
0x5e91ec SetPixelV
0x5e91f0 GetDeviceCaps
0x5e91f4 SelectClipRgn
库: MSIMG32.dll:
0x5e944c GradientFill
库: WINSPOOL.DRV:
0x5e9848 DocumentPropertiesA
0x5e984c ClosePrinter
0x5e9850 OpenPrinterA
库: comdlg32.dll:
0x5e98b8 GetOpenFileNameA
0x5e98bc GetSaveFileNameA
0x5e98c0 GetFileTitleA
0x5e98c4 ChooseFontA
0x5e98c8 ChooseColorA
库: ADVAPI32.dll:
0x5e9000 RegSetValueExA
0x5e9004 RegOpenKeyExA
0x5e9008 RegCloseKey
0x5e900c RegCreateKeyExA
0x5e9010 RegQueryValueA
库: SHELL32.dll:
0x5e94e4 ShellExecuteA
0x5e94ec DragQueryFileA
0x5e94f0 DragAcceptFiles
0x5e94f4 DragFinish
0x5e94f8 Shell_NotifyIconA
库: ole32.dll:
0x5e98d0 CLSIDFromString
0x5e98d4 OleUninitialize
0x5e98d8 OleInitialize
0x5e98dc CoCreateGuid
0x5e98e0 CoTaskMemFree
0x5e98e4 ReleaseStgMedium
0x5e98e8 CLSIDFromProgID
0x5e98ec CoTaskMemAlloc
0x5e98f0 OleRun
0x5e98f4 CoCreateInstance
0x5e98f8 CoGetClassObject
0x5e9910 CoRevokeClassObject
0x5e9914 OleFlushClipboard
0x5e991c RevokeDragDrop
库: OLEAUT32.dll:
0x5e945c VariantInit
0x5e9460 SysAllocString
0x5e9464 SafeArrayDestroy
0x5e9468 SafeArrayCreate
0x5e946c SafeArrayPutElement
0x5e9470 RegisterTypeLib
0x5e9474 LHashValOfNameSys
0x5e9478 LoadTypeLib
0x5e9480 UnRegisterTypeLib
0x5e9484 SysFreeString
0x5e9488 SysStringLen
0x5e9490 VariantCopyInd
0x5e9494 SysAllocStringLen
0x5e949c SafeArrayGetElement
0x5e94a0 SafeArrayAccessData
0x5e94a8 SafeArrayGetDim
0x5e94ac SafeArrayGetLBound
0x5e94b0 SafeArrayGetUBound
0x5e94b4 GetErrorInfo
0x5e94b8 VariantChangeType
0x5e94bc VariantClear
0x5e94c0 VariantCopy
库: COMCTL32.dll:
0x5e9024 ImageList_Destroy
0x5e9028 ImageList_Create
0x5e902c ImageList_BeginDrag
0x5e9030 ImageList_Add
0x5e9034 ImageList_Draw
0x5e9038 ImageList_AddMasked
0x5e903c ImageList_DragEnter
0x5e904c ImageList_GetIcon
0x5e9050 ImageList_DragLeave
0x5e9054 ImageList_DragMove
0x5e905c ImageList_EndDrag
0x5e9060 None
0x5e9064 ImageList_Read
0x5e9068 _TrackMouseEvent
0x5e906c ImageList_Duplicate
库: oledlg.dll:
0x5e9924 None
库: WININET.dll:
0x5e97c8 InternetCrackUrlA
0x5e97cc HttpOpenRequestA
0x5e97d0 HttpSendRequestA
0x5e97d4 HttpQueryInfoA
0x5e97d8 InternetReadFile
0x5e97dc InternetConnectA
0x5e97e0 InternetSetOptionA
0x5e97e4 InternetOpenA
0x5e97e8 InternetCloseHandle
库: WLDAP32.dll:
0x5e9858 None

.text
`.rdata
@.data
.rsrc
VMProtect end
VMProtect end
3h)o`
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
3h,k`
3h,k`
3h,k`
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
没有防病毒引擎扫描信息!

进程树


____________20210310.exe, PID: 2464, 上一级进程 PID: 2168

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49164 104.91.68.27 acroipm.adobe.com 80
192.168.122.201 49163 180.163.198.33 ss3.baidu.com 443
192.168.122.201 49160 39.106.132.118 www.iwzh.cn 80
192.168.122.201 49161 43.248.201.145 api.freeyun.net 443
192.168.122.201 49162 43.248.201.145 api.freeyun.net 443
192.168.122.201 49165 43.248.201.145 api.freeyun.net 443
192.168.122.201 49166 43.248.201.145 api.freeyun.net 443
192.168.122.201 49167 43.248.201.145 api.freeyun.net 443
192.168.122.201 49168 43.248.201.145 api.freeyun.net 443
192.168.122.201 49169 43.248.201.145 api.freeyun.net 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.iwzh.cn CNAME 557fff94dda76e14.cdn.jiashule.com
A 39.106.132.118
api.freeyun.net A 43.248.201.145
ss3.baidu.com CNAME sslbaidu.jomodns.com
A 180.163.198.33
acroipm.adobe.com CNAME a1983.dscd.akamai.net
CNAME acroipm.adobe.com.edgesuite.net
A 104.91.68.27
A 104.91.68.75

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49164 104.91.68.27 acroipm.adobe.com 80
192.168.122.201 49163 180.163.198.33 ss3.baidu.com 443
192.168.122.201 49160 39.106.132.118 www.iwzh.cn 80
192.168.122.201 49161 43.248.201.145 api.freeyun.net 443
192.168.122.201 49162 43.248.201.145 api.freeyun.net 443
192.168.122.201 49165 43.248.201.145 api.freeyun.net 443
192.168.122.201 49166 43.248.201.145 api.freeyun.net 443
192.168.122.201 49167 43.248.201.145 api.freeyun.net 443
192.168.122.201 49168 43.248.201.145 api.freeyun.net 443
192.168.122.201 49169 43.248.201.145 api.freeyun.net 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.iwzh.cn/api/updata/wkzsjbb/
GET /api/updata/wkzsjbb/ HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: www.iwzh.cn

URL专业沙箱检测 -> http://www.iwzh.cn/api/wangkazhushou.php
GET /api/wangkazhushou.php HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Language: zh-cn
Referer: http://www.iwzh.cn/api/wangkazhushou.php
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: www.iwzh.cn

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2021-04-08 22:55:57.343976+0800 192.168.122.201 49161 43.248.201.145 443 TLSv1 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=api.freeyun.net 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce
2021-04-08 22:55:57.941727+0800 192.168.122.201 49162 43.248.201.145 443 TLSv1 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=api.freeyun.net 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce
2021-04-08 22:56:07.135131+0800 192.168.122.201 49167 43.248.201.145 443 TLSv1 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=api.freeyun.net 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce
2021-04-08 22:55:58.290888+0800 192.168.122.201 49163 180.163.198.33 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2021-04-08 22:56:06.959295+0800 192.168.122.201 49166 43.248.201.145 443 TLSv1 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=api.freeyun.net 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce
2021-04-08 22:56:07.761646+0800 192.168.122.201 49169 43.248.201.145 443 TLSv1 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=api.freeyun.net 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce
2021-04-08 22:56:02.269113+0800 192.168.122.201 49165 43.248.201.145 443 TLSv1 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=api.freeyun.net 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce
2021-04-08 22:56:07.607522+0800 192.168.122.201 49168 43.248.201.145 443 TLSv1 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=api.freeyun.net 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 30.256 seconds )

  • 11.188 Suricata
  • 7.419 TargetInfo
  • 3.468 BehaviorAnalysis
  • 3.163 Static
  • 2.652 VirusTotal
  • 1.877 NetworkAnalysis
  • 0.455 peid
  • 0.011 config_decoder
  • 0.011 Strings
  • 0.01 AnalysisInfo
  • 0.002 Memory

Signatures ( 22.258 seconds )

  • 19.675 network_http
  • 1.513 md_url_bl
  • 0.223 api_spamming
  • 0.186 stealth_decoy_document
  • 0.169 stealth_timeout
  • 0.085 antidbg_windows
  • 0.051 antiav_detectreg
  • 0.022 antivm_generic_scsi
  • 0.02 infostealer_ftp
  • 0.019 antivm_vbox_window
  • 0.016 md_domain_bl
  • 0.015 antivm_generic_services
  • 0.013 ransomeware_modifies_desktop_wallpaper
  • 0.013 anormaly_invoke_kills
  • 0.013 antisandbox_script_timer
  • 0.012 infostealer_im
  • 0.011 antivm_vbox_libs
  • 0.01 reads_self
  • 0.01 antianalysis_detectreg
  • 0.009 mimics_filetime
  • 0.007 bootkit
  • 0.007 stealth_file
  • 0.007 exec_crash
  • 0.007 antiav_detectfile
  • 0.007 infostealer_mail
  • 0.006 antiemu_wine_func
  • 0.006 infostealer_browser_password
  • 0.006 kovter_behavior
  • 0.006 ransomware_extensions
  • 0.005 anomaly_persistence_autorun
  • 0.005 virus
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_bitcoin
  • 0.005 ransomware_files
  • 0.004 antiav_avast_libs
  • 0.004 maldun_anomaly_massive_file_ops
  • 0.004 antisandbox_sunbelt_libs
  • 0.004 shifu_behavior
  • 0.004 network_torgateway
  • 0.003 antivm_vmware_libs
  • 0.003 betabot_behavior
  • 0.003 antisandbox_sboxie_libs
  • 0.003 antiav_bitdefender_libs
  • 0.003 dyre_behavior
  • 0.003 kibex_behavior
  • 0.003 encrypted_ioc
  • 0.003 hancitor_behavior
  • 0.003 antivm_vbox_files
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 infostealer_browser
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_xen_keys
  • 0.002 disables_browser_warn
  • 0.002 darkcomet_regkeys
  • 0.001 network_tor
  • 0.001 dridex_behavior
  • 0.001 rat_luminosity
  • 0.001 injection_createremotethread
  • 0.001 injection_explorer
  • 0.001 browser_needed
  • 0.001 stealth_network
  • 0.001 ipc_namedpipe
  • 0.001 cerber_behavior
  • 0.001 injection_runpe
  • 0.001 cryptowall_behavior
  • 0.001 bypass_firewall
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vpc_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 office_security
  • 0.001 packer_armadillo_regkey
  • 0.001 recon_fingerprint
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 0.734 seconds )

  • 0.62 ReportHTMLSummary
  • 0.114 Malheur
Task ID 628806
Mongo ID 606f1a2c7e769a06adeb36f0
Cuckoo release 1.4-Maldun