分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-06-12 10:53:31 2019-06-12 10:55:52 141 秒

魔盾分数

6.81

危险的

文件详细信息

文件名 修改硬件信息【去掉时区】.exe
文件大小 1429612 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ccee0912e79d434f0d2c1e11274f23c0
SHA1 9a34cd426601ace88dcb91b3820dc98ebe29ed96
SHA256 679b9af0def4dbbe2e179ac05f9a7ab4c2ffc28a71964a9e9edf2986bdc1b1a2
SHA512 b87212cc683f2df362e11f1b509d29b482a9560e04e562e580bd58755f6fe25c0bbf4cb525e793f205656f16ad32c7b909fc53e9c137e8a5f4415baa5ff0977e
CRC32 46B22E3D
Ssdeep 24576:GvbBARGCfE5TVUUCql3jpomr6RTmBfOKpf37Q+zAV9/NaCWxI7IPBRiAY:WARGEvqlzpomr6RTmBfOKpf37Q+zAV92
Yara
  • Detected 32bit PE signature
  • Detected Overlay signature
  • Detected Debug Data
  • Detected Rich Signature
  • Possibly employs anti-virtualization techniques
  • Create a new process
  • Install itself for autorun at Windows startup
  • Listen for incoming communication
  • Communications over RAW socket
  • Detected escalate priviledges function
  • Detected take screenshot function
  • Run a keylogger
  • Malware can spread east-west file
  • Affect system registries
  • Change registries to affect system
  • Affect system token
  • Affect private profile
  • Affect private profile
  • Affect hook table
  • Following Rule is referenced from AlienVault's Yara rule repository.This rule contains additional processes and driver names.
  • Detects abnormal behaviors all together
  • Detects mallicious behaviors
  • Detects malicious behaviors from a small size app
  • Detected no presence of any attachment
  • Detected no presence of any image
  • Detected no presence of any url
  • Looks for big numbers 32:sized
  • Look for Random function
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

C:\Users\test\AppData\Local\Temp\____________________________________CHS.dll
C:\Users\test\AppData\Local\Temp\____________________________________LOC.dll
C:\Windows\System32\winbws.bat
C:\
C:\Windows\System32\pSysp.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Fonts\staticcache.dat
C:\Users\test\AppData\Local\Temp\____________________________________.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_b7a33d2d3f47b7fb
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_b7a33d2d3f47b7fb\COMCTL32.dll.mui
C:\Windows\System32\tzres.dll
C:\Windows\System32\pSysp.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Fonts\staticcache.dat
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_b7a33d2d3f47b7fb\COMCTL32.dll.mui
C:\Windows\System32\tzres.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetConnectDisconnect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SystemRoot
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\____________________________________.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\____________________________________.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\NV Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\CSDVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\BuildLab
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DigitalProductId
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001401
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00003C01
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000C01
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000801
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00002C01
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00003401
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00003001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001801
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00002001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00004001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000401
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00002801
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001C01
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00003801
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00002401
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000423
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000402
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000C04
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001404
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000804
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001004
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000404
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000405
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000406
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000465
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000813
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000413
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000C09
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00002809
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001009
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00002409
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001809
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00002009
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001409
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00003409
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001C09
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00002C09
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000809
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000409
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00003009
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000425
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000429
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000040B
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000080C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000C0C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000040C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000140C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000180C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000100C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000C07
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000407
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001407
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001007
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000807
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000408
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000040D
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000439
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000040E
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000421
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000410
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000810
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000411
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000044B
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000043F
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000412
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000440
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000426
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000427
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000083E
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000043E
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000450
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000414
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000415
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000416
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000816
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000418
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000419
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000C1A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000081A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041B
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000424
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00002C0A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000400A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000340A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000240A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000140A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001C0A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000300A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000440A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000100A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000480A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000080A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00004C0A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000180A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00003C0A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000280A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000500A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000C0A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000380A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000200A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000441
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000081D
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041D
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000045A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041E
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041F
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000422
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000042A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Registration\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg 2
HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetConnectDisconnect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SystemRoot
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\NV Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\CSDVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\BuildLab
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DigitalProductId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Registration\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernel32.dll.IsProcessorFeaturePresent
user32.dll.NotifyWinEvent
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.GetSystemDefaultUILanguage
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
comctl32.dll.InitCommonControlsEx
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
gdi32.dll.GetTextExtentExPointWPri
gdi32.dll.GetFontAssocStatus
uxtheme.dll.OpenThemeData
imm32.dll.ImmAssociateContext
comctl32.dll.RegisterClassNameW
uxtheme.dll.EnableThemeDialogTexture
imm32.dll.ImmIsIME
cryptbase.dll.SystemFunction036
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
kernel32.dll.GetThreadPreferredUILanguages
kernel32.dll.SetThreadPreferredUILanguages
kernel32.dll.LocaleNameToLCID
kernel32.dll.GetLocaleInfoEx
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetSystemDefaultLocaleName
oleaut32.dll.#283
oleaut32.dll.#284
ntdll.dll.EtwUnregisterTraceGuids
oleaut32.dll.#500
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
uxtheme.dll.SetWindowTheme
imm32.dll.ImmGetContext
imm32.dll.ImmReleaseContext
user32.dll.GetSystemMetrics
user32.dll.MonitorFromWindow
user32.dll.MonitorFromRect
user32.dll.MonitorFromPoint
user32.dll.EnumDisplayMonitors
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayDevicesA
gdi32.dll.GdiIsMetaPrintDC
uxtheme.dll.BufferedPaintInit
uxtheme.dll.BeginBufferedPaint
uxtheme.dll.EndBufferedPaint
uxtheme.dll.BufferedPaintRenderAnimation
uxtheme.dll.BeginBufferedAnimation
uxtheme.dll.EndBufferedAnimation
oleaut32.dll.SysAllocString
oleaut32.dll.SysStringLen
oleaut32.dll.SysFreeString
Local\MSCTF.Asm.MutexDefault1

PE 信息

初始地址 0x00400000
入口地址 0x0044810f
声明校验值 0x00000000
实际校验值 0x00164d5d
最低操作系统版本要求 4.0
PDB路径 f:\SystemTool Eng 19\SystemTool Eng 16\SystemTool Eng 52\SystemTool\Release\SystemTool.pdb
编译时间 2008-09-22 10:53:29
载入哈希 caf305b68aad926d2599f8ceb251d421

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00063e7e 0x00064000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.51
.rdata 0x00065000 0x0006f0fc 0x00070000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.42
.data 0x000d5000 0x00005c74 0x00003000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.58
.rsrc 0x000db000 0x000842c0 0x00085008 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.62

覆盖

偏移量 0x0015d008
大小 0x00000064

导入

库: KERNEL32.dll:
0x465124 LCMapStringW
0x46512c GetCurrentProcessId
0x465130 GetStringTypeA
0x465134 GetStringTypeW
0x465138 HeapDestroy
0x46513c HeapCreate
0x465140 VirtualFree
0x465144 IsBadWritePtr
0x465148 GetStdHandle
0x46515c LCMapStringA
0x465160 SetHandleCount
0x465168 IsBadReadPtr
0x46516c IsBadCodePtr
0x465174 HeapSize
0x465178 TerminateProcess
0x46517c GetFileType
0x465180 SetStdHandle
0x465184 HeapReAlloc
0x465188 InterlockedExchange
0x46518c GetCommandLineA
0x465190 GetStartupInfoA
0x465194 VirtualQuery
0x465198 GetSystemInfo
0x46519c VirtualAlloc
0x4651a0 VirtualProtect
0x4651a4 RtlUnwind
0x4651ac ExitProcess
0x4651b0 GetTickCount
0x4651b4 SetErrorMode
0x4651b8 GetFileTime
0x4651bc GetOEMCP
0x4651c0 GetCPInfo
0x4651c8 TlsFree
0x4651cc LocalReAlloc
0x4651d0 TlsSetValue
0x4651d4 TlsAlloc
0x4651d8 TlsGetValue
0x4651e0 GlobalHandle
0x4651e4 GlobalReAlloc
0x4651ec LocalAlloc
0x4651f0 GlobalFlags
0x4651f8 GetFullPathNameA
0x4651fc DuplicateHandle
0x465200 SetEndOfFile
0x465204 UnlockFile
0x465208 LockFile
0x46520c FlushFileBuffers
0x465210 GetCurrentThread
0x465214 lstrcmpA
0x465220 lstrcpyA
0x465224 SetLastError
0x465228 MulDiv
0x46522c GlobalAlloc
0x465230 LocalFree
0x465234 GetCurrentThreadId
0x465238 GlobalGetAtomNameA
0x46523c GlobalAddAtomA
0x465240 GlobalFindAtomA
0x465244 GlobalDeleteAtom
0x465248 lstrcatA
0x46524c lstrcmpW
0x465250 lstrcpynA
0x465254 GetModuleHandleA
0x465258 GlobalLock
0x46525c GlobalUnlock
0x465260 GlobalFree
0x465264 FreeResource
0x465268 GetModuleFileNameA
0x465274 CompareStringW
0x465278 CompareStringA
0x46527c lstrlenA
0x465280 lstrcmpiA
0x46528c RaiseException
0x465290 CopyFileA
0x465294 LoadLibraryA
0x465298 GetProcAddress
0x46529c FreeLibrary
0x4652a0 GetVersion
0x4652a4 DeviceIoControl
0x4652a8 GetDriveTypeA
0x4652ac ReadFile
0x4652b0 GetLogicalDrives
0x4652b8 FormatMessageA
0x4652c0 MultiByteToWideChar
0x4652c8 GetTempPathA
0x4652cc FindFirstFileA
0x4652d0 GetFileAttributesA
0x4652d4 SetFileAttributesA
0x4652d8 RemoveDirectoryA
0x4652dc DeleteFileA
0x4652e0 FindNextFileA
0x4652e4 FindClose
0x4652e8 CreateFileA
0x4652ec GetFileSize
0x4652f0 SetFilePointer
0x4652f4 WriteFile
0x4652f8 CloseHandle
0x4652fc WideCharToMultiByte
0x465308 GetCurrentProcess
0x46530c GetLastError
0x465310 GetProcessHeap
0x465314 HeapAlloc
0x465318 HeapFree
0x46531c FindResourceA
0x465320 LoadResource
0x465324 LockResource
0x465328 SizeofResource
0x46532c GetVersionExA
0x465330 GetThreadLocale
0x465334 GetLocaleInfoA
0x465338 GetACP
库: USER32.dll:
0x4653b0 MessageBeep
0x4653b4 GetNextDlgGroupItem
0x4653b8 InvalidateRgn
0x4653c0 SetRect
0x4653c4 IsRectEmpty
0x4653c8 CharNextA
0x4653cc GetSysColorBrush
0x4653d0 DestroyMenu
0x4653d8 MapDialogRect
0x4653dc GetMessageA
0x4653e0 TranslateMessage
0x4653e4 GetCursorPos
0x4653e8 ValidateRect
0x4653ec SetCursor
0x4653f0 PostQuitMessage
0x4653f4 EndPaint
0x4653f8 GetWindowDC
0x4653fc ClientToScreen
0x465400 GrayStringA
0x465404 DrawTextExA
0x465408 DrawTextA
0x46540c TabbedTextOutA
0x465410 wsprintfA
0x465414 SetMenuItemBitmaps
0x465418 ModifyMenuA
0x46541c EnableMenuItem
0x465420 CheckMenuItem
0x465428 LoadBitmapA
0x46542c ShowWindow
0x465430 MoveWindow
0x465434 SetWindowTextA
0x465438 IsDialogMessageA
0x46543c GetMenuState
0x465444 WinHelpA
0x465448 CreateWindowExA
0x46544c SetWindowsHookExA
0x465450 CallNextHookEx
0x465454 GetClassLongA
0x465458 GetClassInfoExA
0x46545c GetClassNameA
0x465460 SetPropA
0x465464 GetPropA
0x465468 SendDlgItemMessageA
0x46546c SetFocus
0x465470 IsChild
0x465478 GetWindowTextA
0x46547c GetForegroundWindow
0x465480 GetLastActivePopup
0x465484 GetParent
0x465488 EnableWindow
0x46548c SendMessageA
0x465490 GetFocus
0x465494 SetTimer
0x465498 KillTimer
0x46549c GetWindowRect
0x4654a0 InvalidateRect
0x4654a4 UnregisterClassA
0x4654a8 DispatchMessageA
0x4654ac GetTopWindow
0x4654b0 UnhookWindowsHookEx
0x4654b4 GetMessageTime
0x4654b8 GetMessagePos
0x4654bc PeekMessageA
0x4654c0 MapWindowPoints
0x4654c4 GetKeyState
0x4654c8 SetForegroundWindow
0x4654cc UpdateWindow
0x4654d0 GetMenu
0x4654d4 PostMessageA
0x4654d8 GetSubMenu
0x4654dc GetMenuItemID
0x4654e0 GetMenuItemCount
0x4654e4 AdjustWindowRectEx
0x4654e8 EqualRect
0x4654ec GetClassInfoA
0x4654f0 RegisterClassA
0x4654f4 GetDlgCtrlID
0x4654f8 DefWindowProcA
0x4654fc SetWindowPos
0x465500 OffsetRect
0x465504 IntersectRect
0x465508 GetWindowPlacement
0x46550c GetWindow
0x465510 GetDesktopWindow
0x465514 GetActiveWindow
0x465518 SetActiveWindow
0x465520 DestroyWindow
0x465524 GetWindowLongA
0x465528 GetDlgItem
0x46552c IsWindowEnabled
0x465534 PostThreadMessageA
0x465538 RemovePropA
0x46553c CharUpperA
0x465540 ExitWindowsEx
0x465544 DrawIcon
0x465548 AppendMenuA
0x46554c GetSystemMenu
0x465550 IsIconic
0x465554 GetClientRect
0x465558 LoadIconA
0x46555c GetSystemMetrics
0x465560 MessageBoxA
0x465564 IsWindow
0x465568 PtInRect
0x46556c InflateRect
0x465570 CopyRect
0x465574 FillRect
0x465578 FrameRect
0x46557c GetDC
0x465580 IsWindowVisible
0x465584 GetCapture
0x465588 SetCapture
0x46558c LoadCursorA
0x465590 ReleaseCapture
0x465594 ReleaseDC
0x465598 GetSysColor
0x46559c CallWindowProcA
0x4655a0 SetWindowLongA
0x4655a4 GetComboBoxInfo
0x4655ac EndDialog
0x4655b0 GetNextDlgTabItem
0x4655b4 BeginPaint
库: GDI32.dll:
0x465094 GetRgnBox
0x465098 GetMapMode
0x46509c CreateSolidBrush
0x4650a0 GetStockObject
0x4650a4 DeleteDC
0x4650a8 ExtSelectClipRgn
0x4650ac ScaleWindowExtEx
0x4650b0 SetWindowExtEx
0x4650b4 ScaleViewportExtEx
0x4650b8 SetViewportExtEx
0x4650bc OffsetViewportOrgEx
0x4650c0 SetViewportOrgEx
0x4650c4 SelectObject
0x4650c8 Escape
0x4650cc ExtTextOutA
0x4650d0 TextOutA
0x4650d4 RectVisible
0x4650d8 GetObjectA
0x4650dc GetWindowExtEx
0x4650e0 GetViewportExtEx
0x4650e4 DeleteObject
0x4650e8 SetMapMode
0x4650ec SetBkMode
0x4650f0 RestoreDC
0x4650f4 SaveDC
0x4650fc CreateBitmap
0x465100 GetDeviceCaps
0x465104 SetBkColor
0x465108 SetTextColor
0x46510c GetClipBox
0x465110 GetTextColor
0x465114 GetBkColor
0x465118 CreateFontIndirectA
0x46511c PtVisible
库: comdlg32.dll:
0x4655e0 GetFileTitleA
库: WINSPOOL.DRV:
0x4655d0 ClosePrinter
0x4655d4 DocumentPropertiesA
0x4655d8 OpenPrinterA
库: ADVAPI32.dll:
0x465000 GetUserNameA
0x465004 GetLengthSid
0x465008 GetTokenInformation
0x46500c OpenProcessToken
0x465010 GetSidSubAuthority
0x46501c RegCloseKey
0x465020 RegGetKeySecurity
0x465024 RegOpenKeyExA
0x465028 FreeSid
0x465030 RegQueryValueA
0x465034 RegOpenKeyA
0x465044 RegDeleteKeyA
0x465048 RegCreateKeyExA
0x46504c RegEnumKeyExA
0x465050 CopySid
0x465054 RegCreateKeyA
0x465058 RegDeleteValueA
0x46505c RegSetValueExA
0x465060 RegQueryValueExA
0x465064 RegSetKeySecurity
0x465068 RegQueryInfoKeyA
0x46506c RegEnumKeyA
0x465074 InitializeAcl
0x465078 AddAce
库: SHELL32.dll:
0x465384 SHEmptyRecycleBinA
0x46538c ShellExecuteA
库: COMCTL32.dll:
0x465084 None
0x465088 _TrackMouseEvent
0x46508c ImageList_Destroy
库: SHLWAPI.dll:
0x465394 SHDeleteValueA
0x465398 PathFindExtensionA
0x46539c PathStripToRootA
0x4653a0 PathIsUNCA
0x4653a4 SHDeleteKeyA
0x4653a8 PathFindFileNameA
库: oledlg.dll:
0x465644 None
库: ole32.dll:
0x4655f4 CoTaskMemFree
0x4655f8 CoInitialize
0x4655fc CoInitializeEx
0x465600 CoUninitialize
0x465604 CoCreateInstance
0x465608 OleUninitialize
0x465610 CLSIDFromString
0x465614 CoGetClassObject
0x465620 OleFlushClipboard
0x465628 CoRevokeClassObject
0x46562c CLSIDFromProgID
0x465630 CoTaskMemAlloc
0x46563c OleInitialize
库: OLEAUT32.dll:
0x465344 SysAllocString
0x465348 SysStringLen
0x46534c SysFreeString
0x465350 VariantInit
0x465354 VariantCopy
0x465358 VariantChangeType
0x46535c VariantClear
0x465360 SysAllocStringLen
0x465370 SafeArrayDestroy
库: WININET.dll:
0x4655bc DeleteUrlCacheEntry
0x4655c0 FindCloseUrlCache
库: iphlpapi.dll:
0x4655e8 GetAdaptersInfo
库: RPCRT4.dll:
0x46537c UuidFromStringW

.text
`.rdata
@.data
.rsrc
UVWPj
VPQUj
T$<Rj
T$(h4^F
L$<h0^F
hl`F
jXhP_F
ShTbF
D$Lh0^F
9^tu)j
9^xu)j
9^|u)j
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20190308
MicroWorld-eScan 未发现病毒 20190310
CMC 未发现病毒 20190310
CAT-QuickHeal 未发现病毒 20190309
McAfee 未发现病毒 20190310
Cylance 未发现病毒 20190310
VIPRE 未发现病毒 20190310
TheHacker 未发现病毒 20190308
BitDefender 未发现病毒 20190310
K7GW 未发现病毒 20190310
K7AntiVirus 未发现病毒 20190310
Invincea 未发现病毒 20181128
Baidu 未发现病毒 20190306
NANO-Antivirus 未发现病毒 20190310
Cyren 未发现病毒 20190310
Symantec 未发现病毒 20190309
TotalDefense 未发现病毒 20190310
TrendMicro-HouseCall 未发现病毒 20190310
Paloalto 未发现病毒 20190310
ClamAV 未发现病毒 20190310
Kaspersky 未发现病毒 20190310
Alibaba 未发现病毒 20190306
Babable 未发现病毒 20180918
ViRobot 未发现病毒 20190309
SUPERAntiSpyware 未发现病毒 20190307
Rising 未发现病毒 20190310
Ad-Aware 未发现病毒 20190310
Trustlook 未发现病毒 20190310
Emsisoft 未发现病毒 20190310
Comodo 未发现病毒 20190310
F-Secure 未发现病毒 20190309
DrWeb 未发现病毒 20190310
Zillya Backdoor.Bot.Win32.68 20190307
TrendMicro 未发现病毒 20190310
McAfee-GW-Edition 未发现病毒 20190310
Trapmine 未发现病毒 20190301
Sophos 未发现病毒 20190310
Ikarus 未发现病毒 20190309
F-Prot 未发现病毒 20190310
Jiangmin 未发现病毒 20190310
Webroot 未发现病毒 20190310
Avira 未发现病毒 20190309
MAX 未发现病毒 20190310
Antiy-AVL 未发现病毒 20190310
Kingsoft 未发现病毒 20190310
Microsoft 未发现病毒 20190307
Endgame 未发现病毒 20190215
Arcabit 未发现病毒 20190309
AegisLab 未发现病毒 20190310
ZoneAlarm 未发现病毒 20190310
Avast-Mobile 未发现病毒 20190310
GData 未发现病毒 20190310
AhnLab-V3 未发现病毒 20190309
Acronis 未发现病毒 20190222
VBA32 未发现病毒 20190307
ALYac 未发现病毒 20190310
TACHYON 未发现病毒 20190310
Malwarebytes 未发现病毒 20190310
Panda 未发现病毒 20190310
Zoner 未发现病毒 20190310
ESET-NOD32 未发现病毒 20190310
Tencent 未发现病毒 20190310
Yandex 未发现病毒 20190310
SentinelOne 未发现病毒 20190203
eGambit 未发现病毒 20190310
Fortinet 未发现病毒 20190310
AVG 未发现病毒 20190310
Cybereason 未发现病毒 20190109
Avast 未发现病毒 20190310
CrowdStrike 未发现病毒 20190212
Qihoo-360 未发现病毒 20190310

进程树


____________________________________.exe, PID: 2644, 上一级进程 PID: 2296

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 24.994 seconds )

  • 15.508 Suricata
  • 5.728 Static
  • 2.167 TargetInfo
  • 0.571 peid
  • 0.362 VirusTotal
  • 0.353 NetworkAnalysis
  • 0.228 BehaviorAnalysis
  • 0.056 AnalysisInfo
  • 0.014 Strings
  • 0.004 config_decoder
  • 0.003 Memory

Signatures ( 0.29 seconds )

  • 0.053 antiav_detectreg
  • 0.022 md_url_bl
  • 0.021 md_domain_bl
  • 0.02 infostealer_ftp
  • 0.012 infostealer_im
  • 0.011 antianalysis_detectreg
  • 0.01 api_spamming
  • 0.008 stealth_timeout
  • 0.008 antiav_detectfile
  • 0.008 ransomware_files
  • 0.007 stealth_decoy_document
  • 0.007 anomaly_persistence_autorun
  • 0.007 infostealer_mail
  • 0.007 ransomware_extensions
  • 0.005 infostealer_bitcoin
  • 0.004 geodo_banking_trojan
  • 0.003 tinba_behavior
  • 0.003 antivm_generic_services
  • 0.003 betabot_behavior
  • 0.003 kibex_behavior
  • 0.003 antivm_generic_scsi
  • 0.003 antivm_parallels_keys
  • 0.003 antivm_vbox_files
  • 0.003 antivm_xen_keys
  • 0.003 disables_browser_warn
  • 0.002 rat_nanocore
  • 0.002 anormaly_invoke_kills
  • 0.002 cerber_behavior
  • 0.002 antivm_generic_diskreg
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 darkcomet_regkeys
  • 0.002 md_bad_drop
  • 0.001 antiemu_wine_func
  • 0.001 network_tor
  • 0.001 antivm_vbox_libs
  • 0.001 bootkit
  • 0.001 mimics_filetime
  • 0.001 dridex_behavior
  • 0.001 stealth_file
  • 0.001 reads_self
  • 0.001 ursnif_behavior
  • 0.001 shifu_behavior
  • 0.001 antivm_generic_disk
  • 0.001 infostealer_browser_password
  • 0.001 antidbg_windows
  • 0.001 virus
  • 0.001 kovter_behavior
  • 0.001 bypass_firewall
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vpc_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 office_security
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.158 seconds )

  • 0.827 ReportHTMLSummary
  • 0.331 Malheur
Task ID 306132
Mongo ID 5d0069d82f8f2e06aa328dfb
Cuckoo release 1.4-Maldun